Zurück   Trojaner-Board > Malware entfernen > Plagegeister aller Art und deren Bekämpfung
Probleme mit verschiedenen Funden

Probleme mit verschiedenen Funden


Plagegeister aller Art und deren Bekämpfung: Probleme mit verschiedenen Funden

Windows 7 Wenn Du nicht sicher bist, ob Du dir Malware oder Trojaner eingefangen hast, erstelle hier ein Thema. Ein Experte wird sich mit weiteren Anweisungen melden und Dir helfen die Malware zu entfernen oder Unerwünschte Software zu deinstallieren bzw. zu löschen. Bitte schildere dein Problem so genau wie möglich. Sollte es ein Trojaner oder Viren Problem sein wird ein Experte Dir bei der Beseitigug der Infektion helfen.

Antwort
Seite 1 von 3 1 23
Alt 19.10.2011, 19:24   #1
JasonVorhees
 
Probleme mit verschiedenen Funden - Standard

Probleme mit verschiedenen Funden


Hi

habe ein problem und zwar hat heute mein secuna gemeckert das java nicht mehr aktuell ist. habe dann die neueste version herunter geladen und alles war ok.

dann hab ich routinemäßig mal den eset onlinescannter laufen lassen was 2 funde ergab die ich eigentlich für fehler halte da sie von einem programm kommen wo ich denke dass es sicher ist. Aber es ist natürlich nichts unmöglich.

habe dann avira durchlaufen lassen was nicht mehr die funde von eset ergab dafür aber neue die sich auf java bezogen.

habe dann noch malewarebyte durchlaufen lassen, was dann den vogel komplett mit vielen ( wieder neue, die anderen wurden wider nicht gefunden) funden abgeschossen hat, durchlaufen lassen.

ich hoffe ihr könnt mir helfen

mit freundlichen grüßen

hier die 3 logs:



Avira Free Antivirus
Erstellungsdatum der Reportdatei: Mittwoch, 19. Oktober 2011 17:41

Es wird nach 3414164 Virenstämmen gesucht.

Das Programm läuft als uneingeschränkte Vollversion.
Online-Dienste stehen zur Verfügung.

Lizenznehmer : Avira AntiVir Personal - Free Antivirus
Seriennummer : 0000149996-ADJIE-0000001
Plattform : Windows 7
Windowsversion : (Service Pack 1) [6.1.7601]
Boot Modus : Normal gebootet
Benutzername : SYSTEM
Computername : XXX-PC

Versionsinformationen:
BUILD.DAT : 12.0.0.855 41827 Bytes 12.10.2011 16:36:00
AVSCAN.EXE : 12.1.0.17 490448 Bytes 11.10.2011 12:59:38
AVSCAN.DLL : 12.1.0.17 65744 Bytes 11.10.2011 12:59:58
LUKE.DLL : 12.1.0.17 68304 Bytes 11.10.2011 12:59:47
AVSCPLR.DLL : 12.1.0.19 99536 Bytes 11.10.2011 12:59:38
AVREG.DLL : 12.1.0.20 227024 Bytes 11.10.2011 12:59:38
VBASE000.VDF : 7.10.0.0 19875328 Bytes 06.11.2009 18:18:34
VBASE001.VDF : 7.11.0.0 13342208 Bytes 14.12.2010 09:07:39
VBASE002.VDF : 7.11.3.0 1950720 Bytes 09.02.2011 15:08:51
VBASE003.VDF : 7.11.5.225 1980416 Bytes 07.04.2011 10:00:55
VBASE004.VDF : 7.11.8.178 2354176 Bytes 31.05.2011 10:18:22
VBASE005.VDF : 7.11.10.251 1788416 Bytes 07.07.2011 12:12:53
VBASE006.VDF : 7.11.13.60 6411776 Bytes 16.08.2011 07:26:09
VBASE007.VDF : 7.11.15.106 2389504 Bytes 05.10.2011 12:59:54
VBASE008.VDF : 7.11.15.107 2048 Bytes 05.10.2011 12:59:54
VBASE009.VDF : 7.11.15.108 2048 Bytes 05.10.2011 12:59:54
VBASE010.VDF : 7.11.15.109 2048 Bytes 05.10.2011 12:59:54
VBASE011.VDF : 7.11.15.110 2048 Bytes 05.10.2011 12:59:54
VBASE012.VDF : 7.11.15.111 2048 Bytes 05.10.2011 12:59:54
VBASE013.VDF : 7.11.15.144 161792 Bytes 07.10.2011 12:59:54
VBASE014.VDF : 7.11.15.177 130048 Bytes 10.10.2011 12:59:54
VBASE015.VDF : 7.11.15.213 113664 Bytes 11.10.2011 13:35:57
VBASE016.VDF : 7.11.16.1 163328 Bytes 14.10.2011 15:24:04
VBASE017.VDF : 7.11.16.34 187904 Bytes 18.10.2011 17:10:15
VBASE018.VDF : 7.11.16.35 2048 Bytes 18.10.2011 17:10:15
VBASE019.VDF : 7.11.16.36 2048 Bytes 18.10.2011 17:10:16
VBASE020.VDF : 7.11.16.37 2048 Bytes 18.10.2011 17:10:16
VBASE021.VDF : 7.11.16.38 2048 Bytes 18.10.2011 17:10:16
VBASE022.VDF : 7.11.16.39 2048 Bytes 18.10.2011 17:10:16
VBASE023.VDF : 7.11.16.40 2048 Bytes 18.10.2011 17:10:16
VBASE024.VDF : 7.11.16.41 2048 Bytes 18.10.2011 17:10:16
VBASE025.VDF : 7.11.16.42 2048 Bytes 18.10.2011 17:10:16
VBASE026.VDF : 7.11.16.43 2048 Bytes 18.10.2011 17:10:16
VBASE027.VDF : 7.11.16.44 2048 Bytes 18.10.2011 17:10:16
VBASE028.VDF : 7.11.16.45 2048 Bytes 18.10.2011 17:10:16
VBASE029.VDF : 7.11.16.46 2048 Bytes 18.10.2011 17:10:16
VBASE030.VDF : 7.11.16.47 2048 Bytes 18.10.2011 17:10:16
VBASE031.VDF : 7.11.16.66 100864 Bytes 19.10.2011 15:40:29
Engineversion : 8.2.6.84
AEVDF.DLL : 8.1.2.1 106868 Bytes 01.09.2011 21:46:02
AESCRIPT.DLL : 8.1.3.81 467322 Bytes 11.10.2011 12:59:35
AESCN.DLL : 8.1.7.2 127349 Bytes 01.09.2011 21:46:02
AESBX.DLL : 8.2.1.34 323957 Bytes 01.09.2011 21:46:02
AERDL.DLL : 8.1.9.15 639348 Bytes 08.09.2011 21:16:06
AEPACK.DLL : 8.2.10.11 684408 Bytes 22.09.2011 14:18:45
AEOFFICE.DLL : 8.1.2.15 201083 Bytes 15.09.2011 23:17:25
AEHEUR.DLL : 8.1.2.180 3748217 Bytes 12.10.2011 11:41:59
AEHELP.DLL : 8.1.17.7 254327 Bytes 01.09.2011 21:46:01
AEGEN.DLL : 8.1.5.9 401780 Bytes 01.09.2011 21:46:01
AEEMU.DLL : 8.1.3.0 393589 Bytes 01.09.2011 21:46:01
AECORE.DLL : 8.1.23.0 196983 Bytes 01.09.2011 21:46:01
AEBB.DLL : 8.1.1.0 53618 Bytes 01.09.2011 21:46:01
AVWINLL.DLL : 12.1.0.17 27344 Bytes 11.10.2011 12:59:41
AVPREF.DLL : 12.1.0.17 51920 Bytes 11.10.2011 12:59:38
AVREP.DLL : 12.1.0.17 179408 Bytes 11.10.2011 12:59:38
AVARKT.DLL : 12.1.0.17 223184 Bytes 11.10.2011 12:59:36
AVEVTLOG.DLL : 12.1.0.17 169168 Bytes 11.10.2011 12:59:37
SQLITE3.DLL : 3.7.0.0 398288 Bytes 11.10.2011 12:59:51
AVSMTP.DLL : 12.1.0.17 62928 Bytes 11.10.2011 12:59:39
NETNT.DLL : 12.1.0.17 17104 Bytes 11.10.2011 12:59:47
RCIMAGE.DLL : 12.1.0.17 4447952 Bytes 11.10.2011 13:00:00
RCTEXT.DLL : 12.1.0.16 98512 Bytes 11.10.2011 13:00:00

Konfiguration für den aktuellen Suchlauf:
Job Name..............................: Vollständige Systemprüfung
Konfigurationsdatei...................: C:\program files\avira\antivir desktop\sysscan.avp
Protokollierung.......................: standard
Primäre Aktion........................: interaktiv
Sekundäre Aktion......................: ignorieren
Durchsuche Masterbootsektoren.........: ein
Durchsuche Bootsektoren...............: ein
Bootsektoren..........................: C:,
Durchsuche aktive Programme...........: ein
Laufende Programme erweitert..........: ein
Durchsuche Registrierung..............: ein
Suche nach Rootkits...................: ein
Integritätsprüfung von Systemdateien..: aus
Datei Suchmodus.......................: Alle Dateien
Durchsuche Archive....................: ein
Rekursionstiefe einschränken..........: 20
Archiv Smart Extensions...............: ein
Makrovirenheuristik...................: ein
Dateiheuristik........................: erweitert

Beginn des Suchlaufs: Mittwoch, 19. Oktober 2011 17:41

Der Suchlauf über die Masterbootsektoren wird begonnen:
Masterbootsektor HD0
[INFO] Es wurde kein Virus gefunden!

Der Suchlauf über die Bootsektoren wird begonnen:
Bootsektor 'C:\'
[INFO] Es wurde kein Virus gefunden!

Der Suchlauf nach versteckten Objekten wird begonnen.

Der Suchlauf über gestartete Prozesse wird begonnen:
Durchsuche Prozess 'svchost.exe' - '28' Modul(e) wurden durchsucht
Durchsuche Prozess 'vssvc.exe' - '47' Modul(e) wurden durchsucht
Durchsuche Prozess 'avscan.exe' - '83' Modul(e) wurden durchsucht
Durchsuche Prozess 'mbam.exe' - '87' Modul(e) wurden durchsucht
Durchsuche Prozess 'taskhost.exe' - '27' Modul(e) wurden durchsucht
Durchsuche Prozess 'svchost.exe' - '37' Modul(e) wurden durchsucht
Durchsuche Prozess 'svchost.exe' - '59' Modul(e) wurden durchsucht
Durchsuche Prozess 'hpqgpc01.exe' - '51' Modul(e) wurden durchsucht
Durchsuche Prozess 'hpqbam08.exe' - '29' Modul(e) wurden durchsucht
Durchsuche Prozess 'hpqSTE08.exe' - '58' Modul(e) wurden durchsucht
Durchsuche Prozess 'svchost.exe' - '35' Modul(e) wurden durchsucht
Durchsuche Prozess 'psi_tray.exe' - '35' Modul(e) wurden durchsucht
Durchsuche Prozess 'hpqtra08.exe' - '81' Modul(e) wurden durchsucht
Durchsuche Prozess 'TeaTimer.exe' - '44' Modul(e) wurden durchsucht
Durchsuche Prozess 'avgnt.exe' - '75' Modul(e) wurden durchsucht
Durchsuche Prozess 'hpwuschd2.exe' - '18' Modul(e) wurden durchsucht
Durchsuche Prozess 'PLFSetI.exe' - '27' Modul(e) wurden durchsucht
Durchsuche Prozess 'wmdc.exe' - '42' Modul(e) wurden durchsucht
Durchsuche Prozess 'GrooveMonitor.exe' - '47' Modul(e) wurden durchsucht
Durchsuche Prozess 'taskhost.exe' - '40' Modul(e) wurden durchsucht
Durchsuche Prozess 'Explorer.EXE' - '192' Modul(e) wurden durchsucht
Durchsuche Prozess 'Dwm.exe' - '28' Modul(e) wurden durchsucht
Durchsuche Prozess 'SearchIndexer.exe' - '59' Modul(e) wurden durchsucht
Durchsuche Prozess 'wmpnetwk.exe' - '111' Modul(e) wurden durchsucht
Durchsuche Prozess 'svchost.exe' - '55' Modul(e) wurden durchsucht
Durchsuche Prozess 'svchost.exe' - '57' Modul(e) wurden durchsucht
Durchsuche Prozess 'sua.exe' - '18' Modul(e) wurden durchsucht
Durchsuche Prozess 'svchost.exe' - '44' Modul(e) wurden durchsucht
Durchsuche Prozess 'conhost.exe' - '14' Modul(e) wurden durchsucht
Durchsuche Prozess 'avshadow.exe' - '31' Modul(e) wurden durchsucht
Durchsuche Prozess 'SDWinSec.exe' - '47' Modul(e) wurden durchsucht
Durchsuche Prozess 'PSIA.exe' - '79' Modul(e) wurden durchsucht
Durchsuche Prozess 'svchost.exe' - '21' Modul(e) wurden durchsucht
Durchsuche Prozess 'SchedulerSvc.exe' - '35' Modul(e) wurden durchsucht
Durchsuche Prozess 'svchost.exe' - '21' Modul(e) wurden durchsucht
Durchsuche Prozess 'svchost.exe' - '45' Modul(e) wurden durchsucht
Durchsuche Prozess 'svchost.exe' - '62' Modul(e) wurden durchsucht
Durchsuche Prozess 'avguard.exe' - '67' Modul(e) wurden durchsucht
Durchsuche Prozess 'armsvc.exe' - '24' Modul(e) wurden durchsucht
Durchsuche Prozess 'svchost.exe' - '63' Modul(e) wurden durchsucht
Durchsuche Prozess 'sched.exe' - '40' Modul(e) wurden durchsucht
Durchsuche Prozess 'spoolsv.exe' - '93' Modul(e) wurden durchsucht
Durchsuche Prozess 'svchost.exe' - '96' Modul(e) wurden durchsucht
Durchsuche Prozess 'nvvsvc.exe' - '36' Modul(e) wurden durchsucht
Durchsuche Prozess 'svchost.exe' - '80' Modul(e) wurden durchsucht
Durchsuche Prozess 'svchost.exe' - '162' Modul(e) wurden durchsucht
Durchsuche Prozess 'svchost.exe' - '125' Modul(e) wurden durchsucht
Durchsuche Prozess 'svchost.exe' - '88' Modul(e) wurden durchsucht
Durchsuche Prozess 'svchost.exe' - '42' Modul(e) wurden durchsucht
Durchsuche Prozess 'nvvsvc.exe' - '20' Modul(e) wurden durchsucht
Durchsuche Prozess 'svchost.exe' - '59' Modul(e) wurden durchsucht
Durchsuche Prozess 'winlogon.exe' - '31' Modul(e) wurden durchsucht
Durchsuche Prozess 'lsm.exe' - '16' Modul(e) wurden durchsucht
Durchsuche Prozess 'lsass.exe' - '63' Modul(e) wurden durchsucht
Durchsuche Prozess 'services.exe' - '33' Modul(e) wurden durchsucht
Durchsuche Prozess 'csrss.exe' - '18' Modul(e) wurden durchsucht
Durchsuche Prozess 'wininit.exe' - '26' Modul(e) wurden durchsucht
Durchsuche Prozess 'csrss.exe' - '18' Modul(e) wurden durchsucht
Durchsuche Prozess 'smss.exe' - '2' Modul(e) wurden durchsucht

Der Suchlauf auf Verweise zu ausführbaren Dateien (Registry) wird begonnen:
Die Registry wurde durchsucht ( '2164' Dateien ).


Der Suchlauf über die ausgewählten Dateien wird begonnen:

Beginne mit der Suche in 'C:\' <ACER>
C:\Users\standard\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\34\2cd3e362-4576165b
[0] Archivtyp: ZIP
--> bingo/finger.class
[FUND] Enthält Erkennungsmuster des Exploits EXP/Java.AC
--> bingo/nigertak.class
[FUND] Enthält Erkennungsmuster des Exploits EXP/Java.AE
--> bingo/nikon.class
[FUND] Enthält Erkennungsmuster des Exploits EXP/CVE-2010-0840.AM
--> bingo/pensil.class
[FUND] Enthält Erkennungsmuster des Exploits EXP/2010-0840.AN
--> bingo/vedrona.class
[FUND] Enthält Erkennungsmuster des Exploits EXP/Java.AF

Beginne mit der Desinfektion:
C:\Users\standard\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\34\2cd3e362-4576165b
[FUND] Enthält Erkennungsmuster des Exploits EXP/Java.AF
[HINWEIS] Die Datei wurde ins Quarantäneverzeichnis unter dem Namen '4aa6ad89.qua' verschoben!


Ende des Suchlaufs: Mittwoch, 19. Oktober 2011 19:44
Benötigte Zeit: 2:02:02 Stunde(n)

Der Suchlauf wurde vollständig durchgeführt.

21550 Verzeichnisse wurden überprüft
384325 Dateien wurden geprüft
5 Viren bzw. unerwünschte Programme wurden gefunden
0 Dateien wurden als verdächtig eingestuft
0 Dateien wurden gelöscht
0 Viren bzw. unerwünschte Programme wurden repariert
1 Dateien wurden in die Quarantäne verschoben
0 Dateien wurden umbenannt
0 Dateien konnten nicht durchsucht werden
384320 Dateien ohne Befall
4777 Archive wurden durchsucht
0 Warnungen
1 Hinweise
727126 Objekte wurden beim Rootkitscan durchsucht
0 Versteckte Objekte wurden gefunden



ESETSmartInstaller@High as downloader log:
all ok
ESETSmartInstaller@High as downloader log:
all ok
ESETSmartInstaller@High as downloader log:
all ok
# version=7
# OnlineScannerApp.exe=1.0.0.1
# OnlineScanner.ocx=1.0.0.6528
# api_version=3.0.2
# EOSSerial=4bb2ef35dbcdf84da7465ebfa3c7e687
# end=finished
# remove_checked=false
# archives_checked=false
# unwanted_checked=true
# unsafe_checked=false
# antistealth_checked=true
# utc_time=2011-07-30 06:11:52
# local_time=2011-07-30 08:11:52 (+0100, Mitteleuropäische Sommerzeit)
# country="Germany"
# lang=1033
# osver=6.1.7601 NT Service Pack 1
# compatibility_mode=1797 16775165 100 94 28156 48579616 20948 0
# compatibility_mode=5893 16776573 100 94 28044 63673986 0 0
# compatibility_mode=8192 67108863 100 0 5085925 5085925 0 0
# scanned=295181
# found=13
# cleaned=0
# scan_time=6737
C:\Windows.old\ProgramData\Microsoft\Windows\Start Menu\Programme\eBay.url Win32/Adware.ADON application (unable to clean) 00000000000000000000000000000000 I
C:\Windows.old\ProgramData\Microsoft\Windows\Start Menu\Programs\eBay.url Win32/Adware.ADON application (unable to clean) 00000000000000000000000000000000 I
C:\Windows.old\ProgramData\Startmenü\Programme\eBay.url Win32/Adware.ADON application (unable to clean) 00000000000000000000000000000000 I
C:\Windows.old\ProgramData\Startmenü\Programs\eBay.url Win32/Adware.ADON application (unable to clean) 00000000000000000000000000000000 I
C:\Windows.old\Users\All Users\Anwendungsdaten\Microsoft\Windows\Start Menu\Programme\eBay.url Win32/Adware.ADON application (unable to clean) 00000000000000000000000000000000 I
C:\Windows.old\Users\All Users\Anwendungsdaten\Microsoft\Windows\Start Menu\Programs\eBay.url Win32/Adware.ADON application (unable to clean) 00000000000000000000000000000000 I
C:\Windows.old\Users\All Users\Anwendungsdaten\Startmenü\Programme\eBay.url Win32/Adware.ADON application (unable to clean) 00000000000000000000000000000000 I
C:\Windows.old\Users\All Users\Anwendungsdaten\Startmenü\Programs\eBay.url Win32/Adware.ADON application (unable to clean) 00000000000000000000000000000000 I
C:\Windows.old\Users\All Users\Microsoft\Windows\Start Menu\Programme\eBay.url Win32/Adware.ADON application (unable to clean) 00000000000000000000000000000000 I
C:\Windows.old\Users\All Users\Microsoft\Windows\Start Menu\Programs\eBay.url Win32/Adware.ADON application (unable to clean) 00000000000000000000000000000000 I
C:\Windows.old\Users\All Users\Startmenü\Programme\eBay.url Win32/Adware.ADON application (unable to clean) 00000000000000000000000000000000 I
C:\Windows.old\Users\All Users\Startmenü\Programs\eBay.url Win32/Adware.ADON application (unable to clean) 00000000000000000000000000000000 I
F:\Toolz\Video converter\installer_youtube_flv_to_avi_converter_pro_5_9_80_Deutsch.exe Win32/Hoax.ArchSMS.KC application (unable to clean) 00000000000000000000000000000000 I
ESETSmartInstaller@High as downloader log:
all ok
# version=7
# OnlineScannerApp.exe=1.0.0.1
# OnlineScanner.ocx=1.0.0.6528
# api_version=3.0.2
# EOSSerial=4bb2ef35dbcdf84da7465ebfa3c7e687
# end=finished
# remove_checked=false
# archives_checked=false
# unwanted_checked=true
# unsafe_checked=false
# antistealth_checked=true
# utc_time=2011-08-06 11:52:36
# local_time=2011-08-06 01:52:36 (+0100, Mitteleuropäische Sommerzeit)
# country="Germany"
# lang=1033
# osver=6.1.7601 NT Service Pack 1
# compatibility_mode=1797 16775165 100 94 524007 49165194 93118 0
# compatibility_mode=5893 16776573 100 94 100166 64259564 0 0
# compatibility_mode=8192 67108863 100 0 5671503 5671503 0 0
# scanned=134031
# found=0
# cleaned=0
# scan_time=3204
ESETSmartInstaller@High as downloader log:
all ok
esets_scanner_update returned -1 esets_gle=53251
# version=7
# OnlineScannerApp.exe=1.0.0.1
# OnlineScanner.ocx=1.0.0.6528
# api_version=3.0.2
# EOSSerial=4bb2ef35dbcdf84da7465ebfa3c7e687
# end=finished
# remove_checked=false
# archives_checked=false
# unwanted_checked=true
# unsafe_checked=false
# antistealth_checked=true
# utc_time=2011-08-06 12:58:48
# local_time=2011-08-06 02:58:48 (+0100, Mitteleuropäische Sommerzeit)
# country="Germany"
# lang=1033
# osver=6.1.7601 NT Service Pack 1
# compatibility_mode=1797 16775165 100 94 528477 49169664 97588 0
# compatibility_mode=5893 16776573 100 94 104636 64264034 0 0
# compatibility_mode=8192 67108863 100 0 5675973 5675973 0 0
# scanned=133969
# found=0
# cleaned=0
# scan_time=2706
ESETSmartInstaller@High as downloader log:
all ok
# version=7
# OnlineScannerApp.exe=1.0.0.1
# OnlineScanner.ocx=1.0.0.6528
# api_version=3.0.2
# EOSSerial=4bb2ef35dbcdf84da7465ebfa3c7e687
# end=stopped
# remove_checked=false
# archives_checked=false
# unwanted_checked=true
# unsafe_checked=false
# antistealth_checked=true
# utc_time=2011-08-17 06:48:16
# local_time=2011-08-17 08:48:16 (+0100, Mitteleuropäische Sommerzeit)
# country="Germany"
# lang=1033
# osver=6.1.7601 NT Service Pack 1
# compatibility_mode=1797 16775165 100 94 451777 50143717 96676 0
# compatibility_mode=5893 16776574 100 94 40662 65238087 0 0
# compatibility_mode=8192 67108863 100 0 6650026 6650026 0 0
# scanned=78
# found=0
# cleaned=0
# scan_time=4
ESETSmartInstaller@High as downloader log:
all ok
esets_scanner_update returned -1 esets_gle=53251
# version=7
# OnlineScannerApp.exe=1.0.0.1
# OnlineScanner.ocx=1.0.0.6528
# api_version=3.0.2
# EOSSerial=4bb2ef35dbcdf84da7465ebfa3c7e687
# end=stopped
# remove_checked=false
# archives_checked=false
# unwanted_checked=true
# unsafe_checked=false
# antistealth_checked=true
# utc_time=2011-08-17 07:39:03
# local_time=2011-08-17 09:39:03 (+0100, Mitteleuropäische Sommerzeit)
# country="Germany"
# lang=1033
# osver=6.1.7601 NT Service Pack 1
# compatibility_mode=1797 16775165 100 94 451859 50143799 96758 0
# compatibility_mode=5893 16776573 100 94 40744 65238169 0 0
# compatibility_mode=8192 67108863 100 0 6650108 6650108 0 0
# scanned=150728
# found=2
# cleaned=0
# scan_time=2985
C:\Users\standard\AppData\Local\Mozilla\Firefox\Profiles\8aczhzn9.default\Cache\2\89\6B676d01 JS/Kryptik.BT trojan (unable to clean) 00000000000000000000000000000000 I
C:\Users\standard\AppData\Local\Mozilla\Firefox\Profiles\8aczhzn9.default\Cache\6\33\9E305d01 JS/Kryptik.BY trojan (unable to clean) 00000000000000000000000000000000 I
ESETSmartInstaller@High as downloader log:
all ok
esets_scanner_update returned -1 esets_gle=12
ESETSmartInstaller@High as downloader log:
all ok
esets_scanner_update returned -1 esets_gle=12
ESETSmartInstaller@High as downloader log:
all ok
esets_scanner_update returned -1 esets_gle=12
esets_scanner_update returned -1 esets_gle=12
# version=7
# OnlineScannerApp.exe=1.0.0.1
# OnlineScanner.ocx=1.0.0.6528
# api_version=3.0.2
# EOSSerial=4bb2ef35dbcdf84da7465ebfa3c7e687
# end=finished
# remove_checked=false
# archives_checked=false
# unwanted_checked=true
# unsafe_checked=false
# antistealth_checked=true
# utc_time=2011-08-18 09:06:47
# local_time=2011-08-18 11:06:47 (+0100, Mitteleuropäische Sommerzeit)
# country="Germany"
# lang=1033
# osver=6.1.7601 NT Service Pack 1
# compatibility_mode=1797 16775165 100 94 8626 50192679 38647 0
# compatibility_mode=5893 16776573 100 94 89624 65287049 0 0
# compatibility_mode=8192 67108863 100 0 6698988 6698988 0 0
# scanned=106550
# found=0
# cleaned=0
# scan_time=2569
ESETSmartInstaller@High as downloader log:
all ok
ESETSmartInstaller@High as downloader log:
all ok
# version=7
# OnlineScannerApp.exe=1.0.0.1
# OnlineScanner.ocx=1.0.0.6528
# api_version=3.0.2
# EOSSerial=4bb2ef35dbcdf84da7465ebfa3c7e687
# end=finished
# remove_checked=false
# archives_checked=false
# unwanted_checked=true
# unsafe_checked=false
# antistealth_checked=true
# utc_time=2011-08-31 10:57:46
# local_time=2011-08-31 12:57:46 (+0100, Mitteleuropäische Sommerzeit)
# country="Germany"
# lang=1033
# osver=6.1.7601 NT Service Pack 1
# compatibility_mode=1797 16775165 100 94 5669 51322609 5091 0
# compatibility_mode=5893 16776573 100 94 12227 66416979 0 0
# compatibility_mode=8192 67108863 100 0 7828918 7828918 0 0
# scanned=111663
# found=1
# cleaned=0
# scan_time=2499
C:\Program Files\FoxTabPDFConverter\Uninstall\Uninstall.exe a variant of Win32/InstallCore.B application (unable to clean) 00000000000000000000000000000000 I
ESETSmartInstaller@High as downloader log:
all ok
ESETSmartInstaller@High as downloader log:
all ok
ESETSmartInstaller@High as downloader log:
all ok
# version=7
# OnlineScannerApp.exe=1.0.0.1
# OnlineScanner.ocx=1.0.0.6528
# api_version=3.0.2
# EOSSerial=4bb2ef35dbcdf84da7465ebfa3c7e687
# end=stopped
# remove_checked=true
# archives_checked=false
# unwanted_checked=true
# unsafe_checked=false
# antistealth_checked=true
# utc_time=2011-09-01 11:52:54
# local_time=2011-09-01 01:52:54 (+0100, Mitteleuropäische Sommerzeit)
# country="Germany"
# lang=1033
# osver=6.1.7601 NT Service Pack 1
# compatibility_mode=1797 16775165 100 94 95835 51412775 0 0
# compatibility_mode=5893 16776573 100 94 102393 66507145 0 0
# compatibility_mode=8192 67108863 100 0 7919084 7919084 0 0
# scanned=100092
# found=1
# cleaned=1
# scan_time=2020
C:\Program Files\FoxTabPDFConverter\Uninstall\Uninstall.exe a variant of Win32/InstallCore.C application (cleaned by deleting - quarantined) 00000000000000000000000000000000 C
ESETSmartInstaller@High as downloader log:
all ok
# version=7
# OnlineScannerApp.exe=1.0.0.1
# OnlineScanner.ocx=1.0.0.6528
# api_version=3.0.2
# EOSSerial=4bb2ef35dbcdf84da7465ebfa3c7e687
# end=finished
# remove_checked=true
# archives_checked=false
# unwanted_checked=true
# unsafe_checked=false
# antistealth_checked=true
# utc_time=2011-09-02 12:12:52
# local_time=2011-09-02 02:12:52 (+0100, Mitteleuropäische Sommerzeit)
# country="Germany"
# lang=1033
# osver=6.1.7601 NT Service Pack 1
# compatibility_mode=1797 16775165 100 94 10749 51499452 3543 0
# compatibility_mode=5893 16776573 100 94 10639 66593822 0 0
# compatibility_mode=8192 67108863 100 0 8005761 8005761 0 0
# scanned=143485
# found=0
# cleaned=0
# scan_time=2962
ESETSmartInstaller@High as downloader log:
all ok
ESETSmartInstaller@High as downloader log:
all ok
# version=7
# OnlineScannerApp.exe=1.0.0.1
# OnlineScanner.ocx=1.0.0.6528
# api_version=3.0.2
# EOSSerial=4bb2ef35dbcdf84da7465ebfa3c7e687
# end=stopped
# remove_checked=false
# archives_checked=false
# unwanted_checked=true
# unsafe_checked=false
# antistealth_checked=true
# utc_time=2011-09-18 04:00:27
# local_time=2011-09-18 06:00:27 (+0100, Mitteleuropäische Sommerzeit)
# country="Germany"
# lang=1033
# osver=6.1.7601 NT Service Pack 1
# compatibility_mode=1797 16775165 100 94 22318 52898442 68768 0
# compatibility_mode=5893 16776573 100 94 75768 67992812 0 0
# compatibility_mode=8192 67108863 100 0 9404751 9404751 0 0
# scanned=275
# found=0
# cleaned=0
# scan_time=6
ESETSmartInstaller@High as downloader log:
all ok
esets_scanner_update returned -1 esets_gle=53251
# version=7
# OnlineScannerApp.exe=1.0.0.1
# OnlineScanner.ocx=1.0.0.6528
# api_version=3.0.2
# EOSSerial=4bb2ef35dbcdf84da7465ebfa3c7e687
# end=finished
# remove_checked=false
# archives_checked=false
# unwanted_checked=true
# unsafe_checked=false
# antistealth_checked=true
# utc_time=2011-09-18 04:56:35
# local_time=2011-09-18 06:56:35 (+0100, Mitteleuropäische Sommerzeit)
# country="Germany"
# lang=1033
# osver=6.1.7601 NT Service Pack 1
# compatibility_mode=1797 16775165 100 94 22393 52898517 68843 0
# compatibility_mode=5893 16776573 100 94 75843 67992887 0 0
# compatibility_mode=8192 67108863 100 0 9404826 9404826 0 0
# scanned=142259
# found=0
# cleaned=0
# scan_time=3299
ESETSmartInstaller@High as downloader log:
all ok
# version=7
# OnlineScannerApp.exe=1.0.0.1
# OnlineScanner.ocx=1.0.0.6528
# api_version=3.0.2
# EOSSerial=4bb2ef35dbcdf84da7465ebfa3c7e687
# end=finished
# remove_checked=false
# archives_checked=false
# unwanted_checked=true
# unsafe_checked=false
# antistealth_checked=true
# utc_time=2011-10-19 03:24:12
# local_time=2011-10-19 05:24:12 (+0100, Mitteleuropäische Sommerzeit)
# country="Germany"
# lang=1033
# osver=6.1.7601 NT Service Pack 1
# compatibility_mode=1792 16777215 100 0 429339 429339 0 0
# compatibility_mode=5893 16776573 100 94 2811 70666322 0 0
# compatibility_mode=8192 67108863 100 0 12078261 12078261 0 0
# scanned=119709
# found=2
# cleaned=0
# scan_time=2742
C:\Users\standard\AppData\Local\temp\ICReinstall\cnet_V-REP EVALUATION V2_5_9 Setup_exe.exe a variant of Win32/InstallCore.D application (unable to clean) 00000000000000000000000000000000 I
C:\Users\standard\Desktop\cnet_V-REP EVALUATION V2_5_9 Setup_exe.exe a variant of Win32/InstallCore.D application (unable to clean) 00000000000000000000000000000000 I



Malwarebytes' Anti-Malware 1.51.2.1300
www.malwarebytes.org

Datenbank Version: 7982

Windows 6.1.7601 Service Pack 1
Internet Explorer 9.0.8112.16421

19.10.2011 20:13:43
mbam-log-2011-10-19 (20-13-15).txt

Art des Suchlaufs: Vollständiger Suchlauf (C:\|)
Durchsuchte Objekte: 299992
Laufzeit: 2 Stunde(n), 19 Minute(n), 17 Sekunde(n)

Infizierte Speicherprozesse: 0
Infizierte Speichermodule: 0
Infizierte Registrierungsschlüssel: 2
Infizierte Registrierungswerte: 0
Infizierte Dateiobjekte der Registrierung: 0
Infizierte Verzeichnisse: 9
Infizierte Dateien: 30

Infizierte Speicherprozesse:
(Keine bösartigen Objekte gefunden)

Infizierte Speichermodule:
(Keine bösartigen Objekte gefunden)

Infizierte Registrierungsschlüssel:
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\facetheme (PUP.FCTPlugin) -> No action taken.
HKEY_LOCAL_MACHINE\SOFTWARE\Google\Chrome\Extensions\kincjchfokkeneeofpeefomkikfkiedl (PUP.FCTPlugin) -> No action taken.

Infizierte Registrierungswerte:
(Keine bösartigen Objekte gefunden)

Infizierte Dateiobjekte der Registrierung:
(Keine bösartigen Objekte gefunden)

Infizierte Verzeichnisse:
c:\program files\Object (PUP.FCTPlugin) -> No action taken.
c:\program files\Object\chromeaddon (PUP.FCTPlugin) -> No action taken.
c:\program files\Object\facetheme (PUP.FCTPlugin) -> No action taken.
c:\program files\Object\facetheme\content (PUP.FCTPlugin) -> No action taken.
c:\program files\Object\facetheme\defaults (PUP.FCTPlugin) -> No action taken.
c:\program files\Object\facetheme\defaults\preferences (PUP.FCTPlugin) -> No action taken.
c:\program files\Object\facetheme\locale (PUP.FCTPlugin) -> No action taken.
c:\program files\Object\facetheme\locale\en-US (PUP.FCTPlugin) -> No action taken.
c:\program files\Object\facetheme\skin (PUP.FCTPlugin) -> No action taken.

Infizierte Dateien:
c:\program files\Object\status.txt (PUP.FCTPlugin) -> No action taken.
c:\program files\Object\chromeaddon.pem (PUP.FCTPlugin) -> No action taken.
c:\program files\Object\config.ini (PUP.FCTPlugin) -> No action taken.
c:\program files\Object\enable.txt (PUP.FCTPlugin) -> No action taken.
c:\program files\Object\facetheme_uninstall.exe (PUP.FCTPlugin) -> No action taken.
c:\program files\Object\status2.txt (PUP.FCTPlugin) -> No action taken.
c:\program files\Object\chromeaddon\._included.js (PUP.FCTPlugin) -> No action taken.
c:\program files\Object\chromeaddon\background.html (PUP.FCTPlugin) -> No action taken.
c:\program files\Object\chromeaddon\included.js (PUP.FCTPlugin) -> No action taken.
c:\program files\Object\chromeaddon\manifest.json (PUP.FCTPlugin) -> No action taken.
c:\program files\Object\facetheme\build.sh (PUP.FCTPlugin) -> No action taken.
c:\program files\Object\facetheme\chrome.manifest (PUP.FCTPlugin) -> No action taken.
c:\program files\Object\facetheme\config_build.sh (PUP.FCTPlugin) -> No action taken.
c:\program files\Object\facetheme\files (PUP.FCTPlugin) -> No action taken.
c:\program files\Object\facetheme\install.rdf (PUP.FCTPlugin) -> No action taken.
c:\program files\Object\facetheme\readme.txt (PUP.FCTPlugin) -> No action taken.
c:\program files\Object\facetheme\content\.ds_store (PUP.FCTPlugin) -> No action taken.
c:\program files\Object\facetheme\content\firefoxoverlay.xul (PUP.FCTPlugin) -> No action taken.
c:\program files\Object\facetheme\content\installid.js (PUP.FCTPlugin) -> No action taken.
c:\program files\Object\facetheme\content\overlay.js (PUP.FCTPlugin) -> No action taken.
c:\program files\Object\facetheme\content\sudoku.js (PUP.FCTPlugin) -> No action taken.
c:\program files\Object\facetheme\defaults\.ds_store (PUP.FCTPlugin) -> No action taken.
c:\program files\Object\facetheme\defaults\preferences\.ds_store (PUP.FCTPlugin) -> No action taken.
c:\program files\Object\facetheme\defaults\preferences\._sudoku.js (PUP.FCTPlugin) -> No action taken.
c:\program files\Object\facetheme\defaults\preferences\sudoku.js (PUP.FCTPlugin) -> No action taken.
c:\program files\Object\facetheme\locale\.ds_store (PUP.FCTPlugin) -> No action taken.
c:\program files\Object\facetheme\locale\en-US\.ds_store (PUP.FCTPlugin) -> No action taken.
c:\program files\Object\facetheme\locale\en-US\sudoku.dtd (PUP.FCTPlugin) -> No action taken.
c:\program files\Object\facetheme\locale\en-US\sudoku.properties (PUP.FCTPlugin) -> No action taken.
c:\program files\Object\facetheme\skin\overlay.css (PUP.FCTPlugin) -> No action taken.

Alt 20.10.2011, 13:24   #2
cosinus
/// Winkelfunktion
/// TB-Süch-Tiger™
 
Probleme mit verschiedenen Funden - Standard

Probleme mit verschiedenen Funden


Zitat:
-> No action taken.
Die Funde müssen mit Malwarebytes entfernt waren! Bitte nachholen falls noch nicht getan!
__________________

__________________
Alt 20.10.2011, 17:22   #3
JasonVorhees
 
Probleme mit verschiedenen Funden - Standard

Probleme mit verschiedenen Funden


ok, ist erledigt



Malwarebytes' Anti-Malware 1.51.2.1300
www.malwarebytes.org

Datenbank Version: 7987

Windows 6.1.7601 Service Pack 1
Internet Explorer 9.0.8112.16421

20.10.2011 18:15:30
mbam-log-2011-10-20 (18-15-30).txt

Art des Suchlaufs: Vollständiger Suchlauf (C:\|F:\|G:\|P:\|)
Durchsuchte Objekte: 327368
Laufzeit: 1 Stunde(n), 35 Minute(n), 51 Sekunde(n)

Infizierte Speicherprozesse: 0
Infizierte Speichermodule: 0
Infizierte Registrierungsschlüssel: 2
Infizierte Registrierungswerte: 0
Infizierte Dateiobjekte der Registrierung: 0
Infizierte Verzeichnisse: 9
Infizierte Dateien: 30

Infizierte Speicherprozesse:
(Keine bösartigen Objekte gefunden)

Infizierte Speichermodule:
(Keine bösartigen Objekte gefunden)

Infizierte Registrierungsschlüssel:
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\facetheme (PUP.FCTPlugin) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Google\Chrome\Extensions\kincjchfokkeneeofpeefomkikfkiedl (PUP.FCTPlugin) -> Quarantined and deleted successfully.

Infizierte Registrierungswerte:
(Keine bösartigen Objekte gefunden)

Infizierte Dateiobjekte der Registrierung:
(Keine bösartigen Objekte gefunden)

Infizierte Verzeichnisse:
c:\program files\Object (PUP.FCTPlugin) -> Quarantined and deleted successfully.
c:\program files\Object\chromeaddon (PUP.FCTPlugin) -> Quarantined and deleted successfully.
c:\program files\Object\facetheme (PUP.FCTPlugin) -> Quarantined and deleted successfully.
c:\program files\Object\facetheme\content (PUP.FCTPlugin) -> Quarantined and deleted successfully.
c:\program files\Object\facetheme\defaults (PUP.FCTPlugin) -> Quarantined and deleted successfully.
c:\program files\Object\facetheme\defaults\preferences (PUP.FCTPlugin) -> Quarantined and deleted successfully.
c:\program files\Object\facetheme\locale (PUP.FCTPlugin) -> Quarantined and deleted successfully.
c:\program files\Object\facetheme\locale\en-US (PUP.FCTPlugin) -> Quarantined and deleted successfully.
c:\program files\Object\facetheme\skin (PUP.FCTPlugin) -> Quarantined and deleted successfully.

Infizierte Dateien:
c:\program files\Object\status.txt (PUP.FCTPlugin) -> Quarantined and deleted successfully.
c:\program files\Object\chromeaddon.pem (PUP.FCTPlugin) -> Quarantined and deleted successfully.
c:\program files\Object\config.ini (PUP.FCTPlugin) -> Quarantined and deleted successfully.
c:\program files\Object\enable.txt (PUP.FCTPlugin) -> Quarantined and deleted successfully.
c:\program files\Object\facetheme_uninstall.exe (PUP.FCTPlugin) -> Quarantined and deleted successfully.
c:\program files\Object\status2.txt (PUP.FCTPlugin) -> Quarantined and deleted successfully.
c:\program files\Object\chromeaddon\._included.js (PUP.FCTPlugin) -> Quarantined and deleted successfully.
c:\program files\Object\chromeaddon\background.html (PUP.FCTPlugin) -> Quarantined and deleted successfully.
c:\program files\Object\chromeaddon\included.js (PUP.FCTPlugin) -> Quarantined and deleted successfully.
c:\program files\Object\chromeaddon\manifest.json (PUP.FCTPlugin) -> Quarantined and deleted successfully.
c:\program files\Object\facetheme\build.sh (PUP.FCTPlugin) -> Quarantined and deleted successfully.
c:\program files\Object\facetheme\chrome.manifest (PUP.FCTPlugin) -> Quarantined and deleted successfully.
c:\program files\Object\facetheme\config_build.sh (PUP.FCTPlugin) -> Quarantined and deleted successfully.
c:\program files\Object\facetheme\files (PUP.FCTPlugin) -> Quarantined and deleted successfully.
c:\program files\Object\facetheme\install.rdf (PUP.FCTPlugin) -> Quarantined and deleted successfully.
c:\program files\Object\facetheme\readme.txt (PUP.FCTPlugin) -> Quarantined and deleted successfully.
c:\program files\Object\facetheme\content\.ds_store (PUP.FCTPlugin) -> Quarantined and deleted successfully.
c:\program files\Object\facetheme\content\firefoxoverlay.xul (PUP.FCTPlugin) -> Quarantined and deleted successfully.
c:\program files\Object\facetheme\content\installid.js (PUP.FCTPlugin) -> Quarantined and deleted successfully.
c:\program files\Object\facetheme\content\overlay.js (PUP.FCTPlugin) -> Quarantined and deleted successfully.
c:\program files\Object\facetheme\content\sudoku.js (PUP.FCTPlugin) -> Quarantined and deleted successfully.
c:\program files\Object\facetheme\defaults\.ds_store (PUP.FCTPlugin) -> Quarantined and deleted successfully.
c:\program files\Object\facetheme\defaults\preferences\.ds_store (PUP.FCTPlugin) -> Quarantined and deleted successfully.
c:\program files\Object\facetheme\defaults\preferences\._sudoku.js (PUP.FCTPlugin) -> Quarantined and deleted successfully.
c:\program files\Object\facetheme\defaults\preferences\sudoku.js (PUP.FCTPlugin) -> Quarantined and deleted successfully.
c:\program files\Object\facetheme\locale\.ds_store (PUP.FCTPlugin) -> Quarantined and deleted successfully.
c:\program files\Object\facetheme\locale\en-US\.ds_store (PUP.FCTPlugin) -> Quarantined and deleted successfully.
c:\program files\Object\facetheme\locale\en-US\sudoku.dtd (PUP.FCTPlugin) -> Quarantined and deleted successfully.
c:\program files\Object\facetheme\locale\en-US\sudoku.properties (PUP.FCTPlugin) -> Quarantined and deleted successfully.
c:\program files\Object\facetheme\skin\overlay.css (PUP.FCTPlugin) -> Quarantined and deleted successfully.
__________________
Alt 20.10.2011, 17:40   #4
cosinus
/// Winkelfunktion
/// TB-Süch-Tiger™
 
Probleme mit verschiedenen Funden - Standard

Probleme mit verschiedenen Funden


CustomScan mit OTL

Falls noch nicht vorhanden, lade Dir bitte OTL von Oldtimer herunter und speichere es auf Deinem Desktop
  • Starte bitte die OTL.exe.
    Vista und Win7 User mit Rechtsklick "als Administrator starten"
  • Kopiere nun den kompletten Inhalt aus der untenstehenden Codebox in die Textbox von OTL - wenn OTL auf deutsch ist wird sie mit beschriftet
Code:
ATTFilter
netsvcs
msconfig
safebootminimal
safebootnetwork
activex
drivers32
%ALLUSERSPROFILE%\Application Data\*.
%ALLUSERSPROFILE%\Application Data\*.exe /s
%APPDATA%\*.
%APPDATA%\*.exe /s
%SYSTEMDRIVE%\*.exe
/md5start
wininit.exe
userinit.exe
eventlog.dll
scecli.dll
netlogon.dll
cngaudit.dll
ws2ifsl.sys
sceclt.dll
ntelogon.dll
winlogon.exe
logevent.dll
user32.DLL
iaStor.sys
nvstor.sys
atapi.sys
IdeChnDr.sys
viasraid.sys
AGP440.sys
vaxscsi.sys
nvatabus.sys
viamraid.sys
nvata.sys
nvgts.sys
iastorv.sys
ViPrt.sys
eNetHook.dll
ahcix86.sys
KR10N.sys
nvstor32.sys
ahcix86s.sys
/md5stop
%systemroot%\system32\drivers\*.sys /lockedfiles
%systemroot%\System32\config\*.sav
%systemroot%\*. /mp /s
%systemroot%\system32\*.dll /lockedfiles
CREATERESTOREPOINT
  • Schliesse bitte nun alle Programme. (Wichtig)
  • Klicke nun bitte auf den Quick Scan Button.
  • Klick auf .
  • Kopiere nun den Inhalt aus OTL.txt hier in Deinen Thread
__________________
Logfiles bitte immer in CODE-Tags posten

Alt 20.10.2011, 18:09   #5
JasonVorhees
 
Probleme mit verschiedenen Funden - Standard

Probleme mit verschiedenen Funden


hier der log:OTL Logfile:
Code:
ATTFilter
OTL logfile created on: 20.10.2011 18:48:46 - Run 3
OTL by OldTimer - Version 3.2.31.0     Folder = C:\Users\standard\Desktop
 Professional Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
 
2,99 Gb Total Physical Memory | 2,08 Gb Available Physical Memory | 69,58% Memory free
5,99 Gb Paging File | 5,05 Gb Available in Paging File | 84,39% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 452,99 Gb Total Space | 413,29 Gb Free Space | 91,23% Space Free | Partition Type: NTFS
 
Computer Name: XXX-PC | User Name: xxx | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Quick Scan
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days
 
========== Processes (SafeList) ==========
 
PRC - [2011.10.20 18:46:40 | 000,584,192 | ---- | M] (OldTimer Tools) -- C:\Users\standard\Desktop\OTL.exe
PRC - [2011.10.11 15:00:02 | 000,080,336 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\Programme\Avira\AntiVir Desktop\avshadow.exe
PRC - [2011.10.11 14:59:49 | 000,086,224 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\Programme\Avira\AntiVir Desktop\sched.exe
PRC - [2011.10.11 14:59:37 | 000,258,512 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\Programme\Avira\AntiVir Desktop\avgnt.exe
PRC - [2011.10.11 14:59:37 | 000,110,032 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\Programme\Avira\AntiVir Desktop\avguard.exe
PRC - [2011.08.05 09:29:30 | 000,200,704 | ---- | M] () -- C:\Windows\PLFSetI.exe
PRC - [2011.06.24 06:22:20 | 000,271,360 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\conhost.exe
PRC - [2011.06.06 12:55:28 | 000,064,952 | ---- | M] (Adobe Systems Incorporated) -- C:\Programme\Common Files\Adobe\ARM\1.0\armsvc.exe
PRC - [2011.04.19 08:44:40 | 000,993,848 | ---- | M] (Secunia) -- C:\Programme\Secunia\PSI\psia.exe
PRC - [2011.04.19 08:44:40 | 000,399,416 | ---- | M] (Secunia) -- C:\Programme\Secunia\PSI\sua.exe
PRC - [2011.02.25 07:30:54 | 002,616,320 | ---- | M] (Microsoft Corporation) -- C:\Windows\explorer.exe
PRC - [2010.11.20 14:17:56 | 001,121,792 | ---- | M] (Microsoft Corporation) -- C:\Programme\Windows Media Player\wmpnetwk.exe
PRC - [2010.11.20 14:17:47 | 000,049,152 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\taskhost.exe
PRC - [2009.03.05 16:07:20 | 002,260,480 | RHS- | M] (Safer-Networking Ltd.) -- C:\Programme\Spybot - Search & Destroy\TeaTimer.exe
PRC - [2009.01.26 15:31:10 | 001,153,368 | ---- | M] (Safer Networking Ltd.) -- C:\Programme\Spybot - Search & Destroy\SDWinSec.exe
PRC - [2008.10.25 11:44:34 | 000,031,072 | ---- | M] (Microsoft Corporation) -- C:\Programme\Microsoft Office\Office12\GrooveMonitor.exe
 
 
========== Modules (No Company Name) ==========
 
MOD - [2011.08.05 09:29:30 | 000,200,704 | ---- | M] () -- C:\Windows\PLFSetI.exe
MOD - [2011.05.28 22:04:56 | 000,140,288 | ---- | M] () -- C:\Programme\WinRAR\RarExt.dll
 
 
========== Win32 Services (SafeList) ==========
 
SRV - [2011.10.11 14:59:49 | 000,086,224 | ---- | M] (Avira Operations GmbH & Co. KG) [Auto | Running] -- C:\Program Files\Avira\AntiVir Desktop\sched.exe -- (AntiVirSchedulerService)
SRV - [2011.10.11 14:59:37 | 000,110,032 | ---- | M] (Avira Operations GmbH & Co. KG) [Auto | Running] -- C:\Program Files\Avira\AntiVir Desktop\avguard.exe -- (AntiVirService)
SRV - [2011.06.06 12:55:28 | 000,064,952 | ---- | M] (Adobe Systems Incorporated) [Auto | Running] -- C:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe -- (AdobeARMservice)
SRV - [2011.04.19 08:44:40 | 000,993,848 | ---- | M] (Secunia) [Auto | Running] -- C:\Program Files\Secunia\PSI\PSIA.exe -- (Secunia PSI Agent)
SRV - [2011.04.19 08:44:40 | 000,399,416 | ---- | M] (Secunia) [Auto | Running] -- C:\Program Files\Secunia\PSI\sua.exe -- (Secunia Update Agent)
SRV - [2009.07.14 03:16:15 | 000,016,384 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\StorSvc.dll -- (StorSvc)
SRV - [2009.07.14 03:16:13 | 000,025,088 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\sensrsvc.dll -- (SensrSvc)
SRV - [2009.07.14 03:16:12 | 001,004,544 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\PeerDistSvc.dll -- (PeerDistSvc)
SRV - [2009.07.14 03:15:41 | 000,680,960 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Programme\Windows Defender\MpSvc.dll -- (WinDefend)
SRV - [2009.01.26 15:31:10 | 001,153,368 | ---- | M] (Safer Networking Ltd.) [Auto | Running] -- C:\Programme\Spybot - Search & Destroy\SDWinSec.exe -- (SBSDWSCService)
SRV - [2007.05.31 16:21:24 | 000,379,784 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\WindowsMobile\wcescomm.dll -- (WcesComm)
SRV - [2007.05.31 16:21:18 | 000,183,688 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\WindowsMobile\rapimgr.dll -- (RapiMgr)
 
 
========== Driver Services (SafeList) ==========
 
DRV - [2011.10.11 15:00:01 | 000,134,344 | ---- | M] (Avira GmbH) [Kernel | System | Running] -- C:\Windows\System32\drivers\avipbb.sys -- (avipbb)
DRV - [2011.10.11 15:00:01 | 000,074,640 | ---- | M] (Avira GmbH) [File_System | Auto | Running] -- C:\Windows\System32\drivers\avgntflt.sys -- (avgntflt)
DRV - [2011.10.11 15:00:01 | 000,036,000 | ---- | M] (Avira GmbH) [Kernel | System | Running] -- C:\Windows\System32\drivers\avkmgr.sys -- (avkmgr)
DRV - [2010.11.20 14:30:15 | 000,175,360 | ---- | M] (Microsoft Corporation) [Kernel | Boot | Running] -- C:\Windows\system32\drivers\vmbus.sys -- (vmbus)
DRV - [2010.11.20 14:30:15 | 000,040,704 | ---- | M] (Microsoft Corporation) [Kernel | Boot | Running] -- C:\Windows\system32\drivers\vmstorfl.sys -- (storflt)
DRV - [2010.11.20 14:30:15 | 000,028,032 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\drivers\storvsc.sys -- (storvsc)
DRV - [2010.11.20 12:24:41 | 000,052,224 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\TsUsbFlt.sys -- (TsUsbFlt)
DRV - [2010.11.20 11:59:44 | 000,035,968 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\winusb.sys -- (WINUSB)
DRV - [2010.11.20 11:14:45 | 000,017,920 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\drivers\VMBusHID.sys -- (VMBusHID)
DRV - [2010.11.20 11:14:41 | 000,005,632 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\drivers\vms3cap.sys -- (s3cap)
DRV - [2010.09.01 10:30:58 | 000,015,544 | ---- | M] (Secunia) [File_System | On_Demand | Running] -- C:\Windows\System32\drivers\psi_mf.sys -- (PSI)
DRV - [2010.06.17 15:14:27 | 000,028,520 | ---- | M] (Avira GmbH) [Kernel | System | Running] -- C:\Windows\System32\drivers\ssmdrv.sys -- (ssmdrv)
DRV - [2010.05.10 20:41:30 | 000,067,656 | ---- | M] (SUPERAdBlocker.com and SUPERAntiSpyware.com) [Kernel | System | Running] -- C:\Programme\SUPERAntiSpyware\SASKUTIL.SYS -- (SASKUTIL)
DRV - [2010.02.17 20:25:48 | 000,012,872 | ---- | M] (SUPERAdBlocker.com and SUPERAntiSpyware.com) [Kernel | System | Running] -- C:\Programme\SUPERAntiSpyware\sasdifsv.sys -- (SASDIFSV)
DRV - [2009.09.15 19:40:18 | 006,114,816 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\NETw5s32.sys -- (NETw5s32) Intel(R)
DRV - [2009.07.28 07:56:00 | 009,791,552 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\nvlddmkm.sys -- (nvlddmkm)
DRV - [2009.07.14 00:13:48 | 001,035,776 | ---- | M] (LSI Corp) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\AGRSM.sys -- (AgereSoftModem)
DRV - [2009.07.14 00:02:51 | 004,231,168 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\netw5v32.sys -- (netw5v32) Intel(R)
DRV - [2009.07.14 00:02:49 | 000,229,888 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\k57nd60x.sys -- (k57nd60x) Broadcom NetLink (TM)
 
 
========== Standard Registry (SafeList) ==========
 
 
========== Internet Explorer ==========
 
 
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = de
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = CA 6B BF 7B 84 20 CC 01  [binary data]
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
 
========== FireFox ==========
 
FF - prefs.js..browser.search.selectedEngine: "Search the web (Babylon)"
FF - prefs.js..browser.startup.homepage: "hxxp://search.babylon.com/?babsrc=HP_ss&affID=100471&mntrId=c40826c8000000000000001f16a7ec87"
FF - prefs.js..keyword.URL: "hxxp://search.babylon.com/?babsrc=SP_ss&mntrId=c40826c8000000000000001f16a7ec87&tlver=1.4.31.2&instlRef=sst&affID=100471&q="
 
FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF32.dll ()
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files\Java\jre7\bin\new_plugin\npjp2.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files\Microsoft Silverlight\4.0.60831.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeAuthz,version=14.0: C:\PROGRA~1\MICROS~1\Office14\NPAUTHZ.DLL (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/SharePoint,version=14.0: C:\PROGRA~1\MICROS~1\Office14\NPSPWRAP.DLL (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
 
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\smartwebprinting@hp.com: C:\Program Files\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3 [2011.06.04 09:46:40 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{EB132DB0-A4CA-11DF-9732-0E29E0D72085}: C:\Program Files\Object\facetheme
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 7.0.1\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2011.09.30 18:04:13 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 7.0.1\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2011.10.19 16:35:23 | 000,000,000 | ---D | M]
FF - HKEY_CURRENT_USER\software\mozilla\Firefox\Extensions\\smartwebprinting@hp.com: C:\Program Files\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3 [2011.06.04 09:46:40 | 000,000,000 | ---D | M]
FF - HKEY_CURRENT_USER\software\mozilla\Firefox\Extensions\\{EB132DB0-A4CA-11DF-9732-0E29E0D72085}: C:\Program Files\Object\facetheme
 
[2011.06.01 20:14:31 | 000,000,000 | ---D | M] (No name found) -- C:\Users\xxx\AppData\Roaming\mozilla\Extensions
[2011.08.15 13:10:10 | 000,000,000 | ---D | M] (No name found) -- C:\Users\xxx\AppData\Roaming\mozilla\Firefox\Profiles\ds8wnvyu.default\extensions
[2011.08.15 13:10:14 | 000,000,000 | ---D | M] (Babylon) -- C:\Users\xxx\AppData\Roaming\mozilla\Firefox\Profiles\ds8wnvyu.default\extensions\ffxtlbr@babylon.com
[2011.10.19 16:35:23 | 000,000,000 | ---D | M] (No name found) -- C:\Programme\Mozilla Firefox\extensions
[2011.06.01 21:30:57 | 000,000,000 | ---D | M] (Java Console) -- C:\Programme\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0025-ABCDEFFEDCBA}
[2011.10.19 16:35:23 | 000,000,000 | ---D | M] (Java Console) -- C:\Programme\Mozilla Firefox\extensions\{CAFEEFAC-0017-0000-0001-ABCDEFFEDCBA}
File not found (No name found) -- C:\PROGRAM FILES\OBJECT\FACETHEME
[2011.09.29 09:09:46 | 000,134,104 | ---- | M] (Mozilla Foundation) -- C:\Program Files\mozilla firefox\components\browsercomps.dll
[2011.10.03 02:53:41 | 000,611,224 | ---- | M] (Oracle Corporation) -- C:\Program Files\mozilla firefox\plugins\npdeployJava1.dll
[2011.07.11 23:48:12 | 000,012,800 | ---- | M] (Nullsoft, Inc.) -- C:\Program Files\mozilla firefox\plugins\npwachk.dll
[2011.09.29 03:30:22 | 000,001,538 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\amazon-en-GB.xml
[2011.08.15 13:10:10 | 000,002,288 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\babylon.xml
[2011.09.29 03:16:42 | 000,002,252 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\bing.xml
[2011.09.29 03:30:22 | 000,000,947 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\chambers-en-GB.xml
[2011.09.29 03:30:22 | 000,001,180 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\eBay-en-GB.xml
[2011.09.29 03:30:22 | 000,001,135 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\yahoo-en-GB.xml
 
O1 HOSTS File: ([2011.09.30 18:12:33 | 000,436,898 | ---- | M]) - C:\Windows\System32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1       localhost
O1 - Hosts: 127.0.0.1	www.007guard.com
O1 - Hosts: 127.0.0.1	007guard.com
O1 - Hosts: 127.0.0.1	008i.com
O1 - Hosts: 127.0.0.1	www.008k.com
O1 - Hosts: 127.0.0.1	008k.com
O1 - Hosts: 127.0.0.1	www.00hq.com
O1 - Hosts: 127.0.0.1	00hq.com
O1 - Hosts: 127.0.0.1	010402.com
O1 - Hosts: 127.0.0.1	www.032439.com
O1 - Hosts: 127.0.0.1	032439.com
O1 - Hosts: 127.0.0.1	www.0scan.com
O1 - Hosts: 127.0.0.1	0scan.com
O1 - Hosts: 127.0.0.1	1000gratisproben.com
O1 - Hosts: 127.0.0.1	www.1000gratisproben.com
O1 - Hosts: 127.0.0.1	1001namen.com
O1 - Hosts: 127.0.0.1	www.1001namen.com
O1 - Hosts: 127.0.0.1	100888290cs.com
O1 - Hosts: 127.0.0.1	www.100888290cs.com
O1 - Hosts: 127.0.0.1	www.100sexlinks.com
O1 - Hosts: 127.0.0.1	100sexlinks.com
O1 - Hosts: 127.0.0.1	10sek.com
O1 - Hosts: 127.0.0.1	www.10sek.com
O1 - Hosts: 127.0.0.1	www.1-2005-search.com
O1 - Hosts: 127.0.0.1	1-2005-search.com
O1 - Hosts: 15053 more lines...
O2 - BHO: (Babylon toolbar helper) - {2EECD738-5844-4a99-B4B6-146BF802613B} - C:\Programme\BabylonToolbar\BabylonToolbar\1.4.31.2\bh\BabylonToolbar.dll (Babylon BHO)
O2 - BHO: (Spybot-S&D IE Protection) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Programme\Spybot - Search & Destroy\SDHelper.dll (Safer Networking Limited)
O2 - BHO: (Groove GFS Browser Helper) - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Programme\Microsoft Office\Office12\GrooveShellExtensions.dll (Microsoft Corporation)
O2 - BHO: (Office Document Cache Handler) - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\Programme\Microsoft Office\Office14\URLREDIR.DLL (Microsoft Corporation)
O2 - BHO: (Java(tm) Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Programme\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
O3 - HKLM\..\Toolbar: (Babylon Toolbar) - {98889811-442D-49dd-99D7-DC866BE87DBC} - C:\Programme\BabylonToolbar\BabylonToolbar\1.4.31.2\BabylonToolbarTlbr.dll (Babylon Ltd.)
O4 - HKLM..\Run: []  File not found
O4 - HKLM..\Run: [avgnt] C:\Program Files\Avira\AntiVir Desktop\avgnt.exe (Avira Operations GmbH & Co. KG)
O4 - HKLM..\Run: [Malwarebytes' Anti-Malware (reboot)] C:\Program Files\Malwarebytes' Anti-Malware\mbam.exe (Malwarebytes Corporation)
O4 - HKLM..\Run: [NvCplDaemon] C:\Windows\System32\NvCpl.dll (NVIDIA Corporation)
O4 - HKLM..\Run: [PLFSetI] C:\Windows\PLFSetI.exe ()
O4 - HKCU..\Run: [SpybotSD TeaTimer] C:\Programme\Spybot - Search & Destroy\TeaTimer.exe (Safer-Networking Ltd.)
O4 - HKCU..\Run: [SUPERAntiSpyware] C:\Programme\SUPERAntiSpyware\SUPERANTISPYWARE.EXE (SUPERAntiSpyware.com)
O4 - HKCU..\RunOnce: [FlashPlayerUpdate] C:\Windows\system32\Macromed\Flash\FlashUtil10v_Plugin.exe -update plugin File not found
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
O7 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O9 - Extra Button: An OneNote senden - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Programme\Microsoft Office\Office12\ONBttnIE.dll (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : An OneNote s&enden - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Programme\Microsoft Office\Office12\ONBttnIE.dll (Microsoft Corporation)
O9 - Extra Button: @C:\Windows\WindowsMobile\INetRepl.dll,-222 - {2EAF5BB1-070F-11D3-9307-00C04FAE2D4F} - C:\Windows\WindowsMobile\INetRepl.dll (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : @C:\Windows\WindowsMobile\INetRepl.dll,-223 - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\Windows\WindowsMobile\INetRepl.dll (Microsoft Corporation)
O9 - Extra Button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\Programme\Microsoft Office\Office12\REFIEBAR.DLL (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Programme\Spybot - Search & Destroy\SDHelper.dll (Safer Networking Limited)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.7.0/jinstall-1_7_0_01-windows-i586.cab (Java Plug-in 1.7.0_01)
O16 - DPF: {CAFEEFAC-0017-0000-0001-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.7.0/jinstall-1_7_0_01-windows-i586.cab (Java Plug-in 1.7.0_01)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.7.0/jinstall-1_7_0_01-windows-i586.cab (Java Plug-in 1.7.0_01)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.2.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{1EDC4998-C384-40AA-8981-4F1B09150A09}: DhcpNameServer = 192.168.2.1
O18 - Protocol\Handler\grooveLocalGWS {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\Programme\Microsoft Office\Office12\GrooveSystemServices.dll (Microsoft Corporation)
O18 - Protocol\Handler\ms-help {314111c7-a502-11d2-bbca-00c04f8ec294} - C:\Programme\Common Files\microsoft shared\Help\hxds.dll (Microsoft Corporation)
O18 - Protocol\Filter\text/xml {807573E5-5146-11D5-A672-00B0D022E945} - C:\Programme\Common Files\microsoft shared\OFFICE14\MSOXMLMF.DLL (Microsoft Corporation)
O20 - HKLM Winlogon: Shell - (Explorer.exe) -C:\Windows\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) -C:\Windows\System32\userinit.exe (Microsoft Corporation)
O20 - HKLM Winlogon: VMApplet - (SystemPropertiesPerformance.exe) -C:\Windows\System32\SystemPropertiesPerformance.exe (Microsoft Corporation)
O20 - HKLM Winlogon: VMApplet - (/pagefile) - File not found
O28 - HKLM ShellExecuteHooks: {B5A7F190-DDA6-4420-B3BA-52453494E6CD} - C:\Programme\Microsoft Office\Office12\GrooveShellExtensions.dll (Microsoft Corporation)
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2009.06.10 23:42:20 | 000,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ]
O34 - HKLM BootExecute: (autocheck autochk *)
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
 
NetSvcs: FastUserSwitchingCompatibility -  File not found
NetSvcs: Ias - C:\Windows\System32\ias.dll (Microsoft Corporation)
NetSvcs: Nla -  File not found
NetSvcs: Ntmssvc -  File not found
NetSvcs: NWCWorkstation -  File not found
NetSvcs: Nwsapagent -  File not found
NetSvcs: SRService -  File not found
NetSvcs: WmdmPmSp -  File not found
NetSvcs: LogonHours -  File not found
NetSvcs: PCAudit -  File not found
NetSvcs: helpsvc -  File not found
NetSvcs: uploadmgr -  File not found
 
 
SafeBootMin: Base - Driver Group
SafeBootMin: Boot Bus Extender - Driver Group
SafeBootMin: Boot file system - Driver Group
SafeBootMin: File system - Driver Group
SafeBootMin: Filter - Driver Group
SafeBootMin: HelpSvc - Service
SafeBootMin: NTDS -  File not found
SafeBootMin: PCI Configuration - Driver Group
SafeBootMin: PNP Filter - Driver Group
SafeBootMin: Primary disk - Driver Group
SafeBootMin: sacsvr - Service
SafeBootMin: SCSI Class - Driver Group
SafeBootMin: System Bus Extender - Driver Group
SafeBootMin: vmms - Service
SafeBootMin: WinDefend - C:\Programme\Windows Defender\MpSvc.dll (Microsoft Corporation)
SafeBootMin: {36FC9E60-C465-11CF-8056-444553540000} - Universal Serial Bus controllers
SafeBootMin: {4D36E965-E325-11CE-BFC1-08002BE10318} - CD-ROM Drive
SafeBootMin: {4D36E967-E325-11CE-BFC1-08002BE10318} - DiskDrive
SafeBootMin: {4D36E969-E325-11CE-BFC1-08002BE10318} - Standard floppy disk controller
SafeBootMin: {4D36E96A-E325-11CE-BFC1-08002BE10318} - Hdc
SafeBootMin: {4D36E96B-E325-11CE-BFC1-08002BE10318} - Keyboard
SafeBootMin: {4D36E96F-E325-11CE-BFC1-08002BE10318} - Mouse
SafeBootMin: {4D36E977-E325-11CE-BFC1-08002BE10318} - PCMCIA Adapters
SafeBootMin: {4D36E97B-E325-11CE-BFC1-08002BE10318} - SCSIAdapter
SafeBootMin: {4D36E97D-E325-11CE-BFC1-08002BE10318} - System
SafeBootMin: {4D36E980-E325-11CE-BFC1-08002BE10318} - Floppy disk drive
SafeBootMin: {533C5B84-EC70-11D2-9505-00C04F79DEAF} - Volume shadow copy
SafeBootMin: {6BDD1FC1-810F-11D0-BEC7-08002BE2092F} - IEEE 1394 Bus host controllers
SafeBootMin: {71A27CDD-812A-11D0-BEC7-08002BE2092F} - Volume
SafeBootMin: {745A17A0-74D3-11D0-B6FE-00A0C90F57DA} - Human Interface Devices
SafeBootMin: {D48179BE-EC20-11D1-B6B8-00C04FA372A7} - SBP2 IEEE 1394 Devices
SafeBootMin: {D94EE5D8-D189-4994-83D2-F68D7D41B0E6} - SecurityDevices
 
SafeBootNet: Base - Driver Group
SafeBootNet: Boot Bus Extender - Driver Group
SafeBootNet: Boot file system - Driver Group
SafeBootNet: File system - Driver Group
SafeBootNet: Filter - Driver Group
SafeBootNet: HelpSvc - Service
SafeBootNet: Messenger - Service
SafeBootNet: NDIS Wrapper - Driver Group
SafeBootNet: NetBIOSGroup - Driver Group
SafeBootNet: NetDDEGroup - Driver Group
SafeBootNet: Network - Driver Group
SafeBootNet: NetworkProvider - Driver Group
SafeBootNet: NTDS -  File not found
SafeBootNet: PCI Configuration - Driver Group
SafeBootNet: PNP Filter - Driver Group
SafeBootNet: PNP_TDI - Driver Group
SafeBootNet: Primary disk - Driver Group
SafeBootNet: rdsessmgr - Service
SafeBootNet: sacsvr - Service
SafeBootNet: SCSI Class - Driver Group
SafeBootNet: Streams Drivers - Driver Group
SafeBootNet: System Bus Extender - Driver Group
SafeBootNet: TDI - Driver Group
SafeBootNet: vmms - Service
SafeBootNet: WinDefend - C:\Programme\Windows Defender\MpSvc.dll (Microsoft Corporation)
SafeBootNet: WudfUsbccidDriver - Driver
SafeBootNet: {36FC9E60-C465-11CF-8056-444553540000} - Universal Serial Bus controllers
SafeBootNet: {4D36E965-E325-11CE-BFC1-08002BE10318} - CD-ROM Drive
SafeBootNet: {4D36E967-E325-11CE-BFC1-08002BE10318} - DiskDrive
SafeBootNet: {4D36E969-E325-11CE-BFC1-08002BE10318} - Standard floppy disk controller
SafeBootNet: {4D36E96A-E325-11CE-BFC1-08002BE10318} - Hdc
SafeBootNet: {4D36E96B-E325-11CE-BFC1-08002BE10318} - Keyboard
SafeBootNet: {4D36E96F-E325-11CE-BFC1-08002BE10318} - Mouse
SafeBootNet: {4D36E972-E325-11CE-BFC1-08002BE10318} - Net
SafeBootNet: {4D36E973-E325-11CE-BFC1-08002BE10318} - NetClient
SafeBootNet: {4D36E974-E325-11CE-BFC1-08002BE10318} - NetService
SafeBootNet: {4D36E975-E325-11CE-BFC1-08002BE10318} - NetTrans
SafeBootNet: {4D36E977-E325-11CE-BFC1-08002BE10318} - PCMCIA Adapters
SafeBootNet: {4D36E97B-E325-11CE-BFC1-08002BE10318} - SCSIAdapter
SafeBootNet: {4D36E97D-E325-11CE-BFC1-08002BE10318} - System
SafeBootNet: {4D36E980-E325-11CE-BFC1-08002BE10318} - Floppy disk drive
SafeBootNet: {50DD5230-BA8A-11D1-BF5D-0000F805F530} - Smart card readers
SafeBootNet: {533C5B84-EC70-11D2-9505-00C04F79DEAF} - Volume shadow copy
SafeBootNet: {6BDD1FC1-810F-11D0-BEC7-08002BE2092F} - IEEE 1394 Bus host controllers
SafeBootNet: {71A27CDD-812A-11D0-BEC7-08002BE2092F} - Volume
SafeBootNet: {745A17A0-74D3-11D0-B6FE-00A0C90F57DA} - Human Interface Devices
SafeBootNet: {D48179BE-EC20-11D1-B6B8-00C04FA372A7} - SBP2 IEEE 1394 Devices
SafeBootNet: {D94EE5D8-D189-4994-83D2-F68D7D41B0E6} - SecurityDevices
 
ActiveX: {08B0E5C0-4FCB-11CF-AAA5-00401C608500} - Java (Sun)
ActiveX: {22d6f312-b0f6-11d0-94ab-0080c74c7e95} - Microsoft Windows Media Player 12.0
ActiveX: {25FFAAD0-F4A3-4164-95FF-4461E9F35D51} - .NET Framework
ActiveX: {2C7339CF-2B09-4501-B3F3-F3508C9228ED} - %SystemRoot%\system32\regsvr32.exe /s /n /i:/UserInstall %SystemRoot%\system32\themeui.dll
ActiveX: {3af36230-a269-11d1-b5bf-0000f8051515} - Offline Browsing Pack
ActiveX: {3C3901C5-3455-3E0A-A214-0B093A5070A6} - .NET Framework
ActiveX: {44BBA840-CC51-11CF-AAFA-00AA00B6015C} - "%ProgramFiles%\Windows Mail\WinMail.exe" OCInstallUserConfigOE
ActiveX: {44BBA855-CC51-11CF-AAFA-00AA00B6015F} - DirectDrawEx
ActiveX: {45ea75a0-a269-11d1-b5bf-0000f8051515} - Internet Explorer Help
ActiveX: {4f645220-306d-11d2-995d-00c04f98bbc9} - Microsoft Windows Script 5.6
ActiveX: {5fd399c0-a70a-11d1-9948-00c04f98bbc9} - Internet Explorer Setup Tools
ActiveX: {630b1da0-b465-11d1-9948-00c04f98bbc9} - Browsing Enhancements
ActiveX: {6BF52A52-394A-11d3-B153-00C04F79FAA6} - Microsoft Windows Media Player
ActiveX: {6fab99d0-bab8-11d1-994a-00c04f98bbc9} - MSN Site Access
ActiveX: {7790769C-0471-11d2-AF11-00C04FA35D02} - Address Book 7
ActiveX: {7C028AF8-F614-47B3-82DA-BA94E41B1089} - .NET Framework
ActiveX: {89820200-ECBD-11cf-8B85-00AA005B4340} - regsvr32.exe /s /n /i:U shell32.dll
ActiveX: {89820200-ECBD-11cf-8B85-00AA005B4383} - C:\Windows\System32\ie4uinit.exe -BaseSettings
ActiveX: {89B4C1CD-B018-4511-B0A1-5476DBF70820} - C:\Windows\system32\Rundll32.exe C:\Windows\system32\mscories.dll,Install
ActiveX: {9381D8F2-0288-11D0-9501-00AA00B911A5} - Dynamic HTML Data Binding
ActiveX: {C9E9A340-D1F1-11D0-821E-444553540600} - Internet Explorer Core Fonts
ActiveX: {D27CDB6E-AE6D-11CF-96B8-444553540000} - Adobe Flash Player
ActiveX: {de5aed00-a4bf-11d1-9948-00c04f98bbc9} - HTML Help
ActiveX: {E92B03AB-B707-11d2-9CBD-0000F87A369E} - Active Directory Service Interface
ActiveX: >{22d6f312-b0f6-11d0-94ab-0080c74c7e95} - %SystemRoot%\system32\unregmp2.exe /ShowWMP
ActiveX: >{26923b43-4d38-484f-9b9e-de460746276c} - C:\Windows\System32\ie4uinit.exe -UserIconConfig
ActiveX: >{60B49E34-C7CC-11D0-8953-00A0C90347FF} - "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\iedkcs32.dll",BrandIEActiveSetup SIGNUP
 
Drivers32: msacm.ac3filter - C:\Windows\System32\ac3filter.acm ()
Drivers32: msacm.l3acm - C:\Windows\System32\l3codeca.acm (Fraunhofer Institut Integrierte Schaltungen IIS)
Drivers32: MSVideo8 - C:\Windows\System32\vfwwdm32.dll (Microsoft Corporation)
Drivers32: vidc.cvid - C:\Windows\System32\iccvid.dll (Radius Inc.)
Drivers32: VIDC.FFDS - C:\Windows\System32\ff_vfw.dll ()
Drivers32: vidc.i420 - C:\Windows\System32\i420vfw.dll (www.helixcommunity.org)
Drivers32: vidc.MP42 - MPG4C32.dll File not found
Drivers32: vidc.yv12 - C:\Windows\System32\yv12vfw.dll (www.helixcommunity.org)
 
CREATERESTOREPOINT
Restore point Set: OTL Restore Point
 
========== Files/Folders - Created Within 30 Days ==========
 
[2011.10.14 17:23:33 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Avira
[2011.10.14 17:23:18 | 000,134,344 | ---- | C] (Avira GmbH) -- C:\Windows\System32\drivers\avipbb.sys
[2011.10.14 17:23:18 | 000,074,640 | ---- | C] (Avira GmbH) -- C:\Windows\System32\drivers\avgntflt.sys
[2011.10.14 17:23:18 | 000,036,000 | ---- | C] (Avira GmbH) -- C:\Windows\System32\drivers\avkmgr.sys
[2011.10.14 17:23:18 | 000,028,520 | ---- | C] (Avira GmbH) -- C:\Windows\System32\drivers\ssmdrv.sys
[2011.10.14 17:23:12 | 000,000,000 | ---D | C] -- C:\ProgramData\Avira
[2011.10.14 17:23:12 | 000,000,000 | ---D | C] -- C:\Program Files\Avira
[2011.09.30 17:55:26 | 000,000,000 | ---D | C] -- C:\Users\xxx\AppData\Roaming\Skype
[2011.09.23 13:21:34 | 000,000,000 | ---D | C] -- C:\ProgramData\vrep
[2011.09.23 13:21:21 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\V-REP EVALUATION
[2011.09.23 13:20:31 | 000,000,000 | ---D | C] -- C:\Program Files\V-REP
 
========== Files - Modified Within 30 Days ==========
 
[2011.10.20 18:52:46 | 000,016,704 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
[2011.10.20 18:52:46 | 000,016,704 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
[2011.10.20 18:45:18 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2011.10.20 18:45:09 | 2411,859,968 | -HS- | M] () -- C:\hiberfil.sys
[2011.10.18 20:21:06 | 000,654,166 | ---- | M] () -- C:\Windows\System32\perfh007.dat
[2011.10.18 20:21:06 | 000,616,008 | ---- | M] () -- C:\Windows\System32\perfh009.dat
[2011.10.18 20:21:06 | 000,130,006 | ---- | M] () -- C:\Windows\System32\perfc007.dat
[2011.10.18 20:21:06 | 000,106,388 | ---- | M] () -- C:\Windows\System32\perfc009.dat
[2011.10.14 17:23:33 | 000,001,944 | ---- | M] () -- C:\Users\Public\Desktop\Avira Control Center.lnk
[2011.10.14 17:11:56 | 000,437,008 | ---- | M] () -- C:\Windows\System32\FNTCACHE.DAT
[2011.10.11 15:00:01 | 000,134,344 | ---- | M] (Avira GmbH) -- C:\Windows\System32\drivers\avipbb.sys
[2011.10.11 15:00:01 | 000,074,640 | ---- | M] (Avira GmbH) -- C:\Windows\System32\drivers\avgntflt.sys
[2011.10.11 15:00:01 | 000,036,000 | ---- | M] (Avira GmbH) -- C:\Windows\System32\drivers\avkmgr.sys
[2011.09.30 18:12:33 | 000,436,898 | R--- | M] () -- C:\Windows\System32\drivers\etc\hosts.20111014-172610.backup
[2011.09.30 18:12:33 | 000,436,898 | ---- | M] () -- C:\Windows\System32\drivers\etc\hosts.20111014-172923.backup
[2011.09.30 18:12:33 | 000,436,898 | ---- | M] () -- C:\Windows\System32\drivers\etc\hosts.20111014-172704.backup
[2011.09.30 18:12:33 | 000,436,898 | ---- | M] () -- C:\Windows\System32\drivers\etc\hosts
[2011.09.30 18:03:27 | 000,436,898 | R--- | M] () -- C:\Windows\System32\drivers\etc\hosts.20110930-181233.backup
[2011.09.25 18:01:04 | 000,001,075 | ---- | M] () -- C:\Users\Public\Desktop\Malwarebytes' Anti-Malware.lnk
[2011.09.23 13:21:21 | 000,001,111 | ---- | M] () -- C:\Users\Public\Desktop\V-REP EVALUATION.lnk
 
========== Files Created - No Company Name ==========
 
[2011.10.14 17:23:33 | 000,001,944 | ---- | C] () -- C:\Users\Public\Desktop\Avira Control Center.lnk
[2011.09.30 18:04:14 | 000,001,116 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Mozilla Firefox.lnk
[2011.09.23 13:21:21 | 000,001,111 | ---- | C] () -- C:\Users\Public\Desktop\V-REP EVALUATION.lnk
[2011.08.15 13:10:16 | 000,098,304 | ---- | C] () -- C:\Windows\System32\redmonnt.dll
[2011.08.05 09:29:48 | 000,200,704 | ---- | C] () -- C:\Windows\PLFSetI.exe
[2011.08.05 09:29:48 | 000,000,074 | ---- | C] () -- C:\Windows\PidList.ini
[2011.08.05 09:29:47 | 000,106,496 | ---- | C] () -- C:\Windows\FixUVC.exe
[2011.07.15 16:24:23 | 000,032,256 | ---- | C] () -- C:\Windows\System32\AVSredirect.dll
[2011.07.15 16:09:46 | 000,107,520 | RHS- | C] () -- C:\Windows\System32\TAKDSDecoder.dll
[2011.06.28 19:28:11 | 000,578,560 | ---- | C] () -- C:\Windows\System32\DLL_MHJProperties.dll
[2011.06.28 19:28:03 | 000,804,864 | ---- | C] () -- C:\Windows\System32\WS7_S7AG.dll
[2011.06.17 14:28:06 | 000,085,504 | ---- | C] () -- C:\Windows\System32\ff_vfw.dll
[2011.06.04 09:42:15 | 000,226,417 | ---- | C] () -- C:\Windows\hpoins18.dat
[2011.06.04 09:42:15 | 000,005,355 | ---- | C] () -- C:\Windows\hpomdl18.dat
[2011.06.01 23:37:20 | 000,066,048 | ---- | C] () -- C:\Windows\System32\PrintBrmUi.exe
[2009.07.14 10:47:43 | 000,654,166 | ---- | C] () -- C:\Windows\System32\perfh007.dat
[2009.07.14 10:47:43 | 000,295,922 | ---- | C] () -- C:\Windows\System32\perfi007.dat
[2009.07.14 10:47:43 | 000,130,006 | ---- | C] () -- C:\Windows\System32\perfc007.dat
[2009.07.14 10:47:43 | 000,038,104 | ---- | C] () -- C:\Windows\System32\perfd007.dat
[2009.07.14 06:57:37 | 000,067,584 | --S- | C] () -- C:\Windows\bootstat.dat
[2009.07.14 06:33:53 | 000,437,008 | ---- | C] () -- C:\Windows\System32\FNTCACHE.DAT
[2009.07.14 04:05:48 | 000,616,008 | ---- | C] () -- C:\Windows\System32\perfh009.dat
[2009.07.14 04:05:48 | 000,291,294 | ---- | C] () -- C:\Windows\System32\perfi009.dat
[2009.07.14 04:05:48 | 000,106,388 | ---- | C] () -- C:\Windows\System32\perfc009.dat
[2009.07.14 04:05:48 | 000,031,548 | ---- | C] () -- C:\Windows\System32\perfd009.dat
[2009.07.14 04:05:05 | 000,000,741 | ---- | C] () -- C:\Windows\System32\NOISE.DAT
[2009.07.14 04:04:11 | 000,215,943 | ---- | C] () -- C:\Windows\System32\dssec.dat
[2009.07.14 01:55:01 | 000,043,131 | ---- | C] () -- C:\Windows\mib.bin
[2009.07.14 01:51:43 | 000,073,728 | ---- | C] () -- C:\Windows\System32\BthpanContextHandler.dll
[2009.07.14 01:42:10 | 000,064,000 | ---- | C] () -- C:\Windows\System32\BWContextHandler.dll
[2009.06.10 23:26:10 | 000,673,088 | ---- | C] () -- C:\Windows\System32\mlang.dat
 
========== LOP Check ==========
 
[2011.08.15 13:10:07 | 000,000,000 | ---D | M] -- C:\Users\xxx\AppData\Roaming\Babylon
[2011.06.19 09:54:01 | 000,000,000 | ---D | M] -- C:\Users\xxx\AppData\Roaming\GoPal Assistant
[2011.08.16 10:11:35 | 000,000,000 | ---D | M] -- C:\Users\xxx\AppData\Roaming\IrfanView
[2011.07.15 16:09:31 | 000,000,000 | ---D | M] -- C:\Users\xxx\AppData\Roaming\OpenCandy
[2011.08.05 15:22:53 | 000,000,000 | ---D | M] -- C:\Users\xxx\AppData\Roaming\Unigraphics Solutions
[2011.08.26 08:35:43 | 000,032,630 | ---- | M] () -- C:\Windows\Tasks\SCHEDLGU.TXT
 
========== Purity Check ==========
 
 
 
========== Custom Scans ==========
 
 
< %ALLUSERSPROFILE%\Application Data\*. >
 
< %ALLUSERSPROFILE%\Application Data\*.exe /s >
 
< %APPDATA%\*. >
[2011.06.04 09:48:42 | 000,000,000 | ---D | M] -- C:\Users\xxx\AppData\Roaming\Adobe
[2011.08.15 13:10:07 | 000,000,000 | ---D | M] -- C:\Users\xxx\AppData\Roaming\Babylon
[2011.06.19 09:54:01 | 000,000,000 | ---D | M] -- C:\Users\xxx\AppData\Roaming\GoPal Assistant
[2011.06.04 09:48:40 | 000,000,000 | ---D | M] -- C:\Users\xxx\AppData\Roaming\HP
[2011.08.08 10:46:51 | 000,000,000 | ---D | M] -- C:\Users\xxx\AppData\Roaming\HpUpdate
[2011.06.01 19:44:03 | 000,000,000 | ---D | M] -- C:\Users\xxx\AppData\Roaming\Identities
[2011.08.05 09:29:33 | 000,000,000 | ---D | M] -- C:\Users\xxx\AppData\Roaming\InstallShield
[2011.08.16 10:11:35 | 000,000,000 | ---D | M] -- C:\Users\xxx\AppData\Roaming\IrfanView
[2011.06.15 11:52:58 | 000,000,000 | ---D | M] -- C:\Users\xxx\AppData\Roaming\Macromedia
[2011.06.01 20:37:44 | 000,000,000 | ---D | M] -- C:\Users\xxx\AppData\Roaming\Malwarebytes
[2009.07.14 10:56:56 | 000,000,000 | ---D | M] -- C:\Users\xxx\AppData\Roaming\Media Center Programs
[2011.08.31 08:55:51 | 000,000,000 | --SD | M] -- C:\Users\xxx\AppData\Roaming\Microsoft
[2011.06.01 20:14:31 | 000,000,000 | ---D | M] -- C:\Users\xxx\AppData\Roaming\Mozilla
[2011.07.15 16:09:31 | 000,000,000 | ---D | M] -- C:\Users\xxx\AppData\Roaming\OpenCandy
[2011.09.30 17:55:38 | 000,000,000 | ---D | M] -- C:\Users\xxx\AppData\Roaming\Skype
[2011.06.01 20:33:28 | 000,000,000 | ---D | M] -- C:\Users\xxx\AppData\Roaming\SUPERAntiSpyware.com
[2011.08.05 15:22:53 | 000,000,000 | ---D | M] -- C:\Users\xxx\AppData\Roaming\Unigraphics Solutions
[2011.07.22 14:29:23 | 000,000,000 | ---D | M] -- C:\Users\xxx\AppData\Roaming\Winamp
[2011.06.01 21:46:20 | 000,000,000 | ---D | M] -- C:\Users\xxx\AppData\Roaming\WinRAR
 
< %APPDATA%\*.exe /s >
[2011.06.19 10:00:42 | 000,028,672 | ---- | M] (Elektrobit Automotive GmbH) -- C:\Users\xxx\AppData\Roaming\GoPal Assistant\Library\01624285-A532-406B-97C6-3B29AFEC0D2F\AutoRunCE.exe
[2011.06.19 10:00:42 | 000,057,856 | ---- | M] () -- C:\Users\xxx\AppData\Roaming\GoPal Assistant\Library\01624285-A532-406B-97C6-3B29AFEC0D2F\1\module.exe
[2011.06.19 10:00:41 | 000,028,672 | ---- | M] (Elektrobit Automotive GmbH) -- C:\Users\xxx\AppData\Roaming\GoPal Assistant\Library\0FC9CF9D-1249-4670-A1E1-0286A5EC7FF3\AutoRunCE.exe
[2011.06.19 10:00:41 | 000,057,856 | ---- | M] () -- C:\Users\xxx\AppData\Roaming\GoPal Assistant\Library\0FC9CF9D-1249-4670-A1E1-0286A5EC7FF3\1\module.exe
[2011.06.19 10:00:43 | 000,028,672 | ---- | M] (Elektrobit Automotive GmbH) -- C:\Users\xxx\AppData\Roaming\GoPal Assistant\Library\19855CEF-6EBB-4C78-8B64-A22AF32F8CED\AutoRunCE.exe
[2011.06.19 10:00:44 | 000,057,856 | ---- | M] () -- C:\Users\xxx\AppData\Roaming\GoPal Assistant\Library\19855CEF-6EBB-4C78-8B64-A22AF32F8CED\1\module.exe
[2011.06.19 10:00:51 | 000,028,672 | ---- | M] (Elektrobit Automotive GmbH) -- C:\Users\xxx\AppData\Roaming\GoPal Assistant\Library\1D7F2C53-014F-4E8C-87D1-9158ADE49F72\AutoRunCE.exe
[2011.06.19 10:00:52 | 000,057,856 | ---- | M] () -- C:\Users\xxx\AppData\Roaming\GoPal Assistant\Library\1D7F2C53-014F-4E8C-87D1-9158ADE49F72\1\module.exe
[2011.06.19 10:00:55 | 000,028,672 | ---- | M] (Elektrobit Automotive GmbH) -- C:\Users\xxx\AppData\Roaming\GoPal Assistant\Library\29FBD32B-DFBE-40BE-BBBE-BC998233B8AC\AutoRunCE.exe
[2011.06.19 10:00:55 | 000,057,856 | ---- | M] () -- C:\Users\xxx\AppData\Roaming\GoPal Assistant\Library\29FBD32B-DFBE-40BE-BBBE-BC998233B8AC\1\module.exe
[2011.06.19 10:00:55 | 000,028,672 | ---- | M] (Elektrobit Automotive GmbH) -- C:\Users\xxx\AppData\Roaming\GoPal Assistant\Library\2FB25332-7065-42B6-B936-3508CAE5B163\AutoRunCE.exe
[2011.06.19 10:00:55 | 000,057,856 | ---- | M] () -- C:\Users\xxx\AppData\Roaming\GoPal Assistant\Library\2FB25332-7065-42B6-B936-3508CAE5B163\1\module.exe
[2011.06.19 10:00:53 | 000,028,672 | ---- | M] (Elektrobit Automotive GmbH) -- C:\Users\xxx\AppData\Roaming\GoPal Assistant\Library\444BACED-FD20-49F4-9220-5971E3C13A7D\AutoRunCE.exe
[2011.06.19 10:00:54 | 000,057,856 | ---- | M] () -- C:\Users\xxx\AppData\Roaming\GoPal Assistant\Library\444BACED-FD20-49F4-9220-5971E3C13A7D\1\module.exe
[2011.06.19 10:00:41 | 000,028,672 | ---- | M] (Elektrobit Automotive GmbH) -- C:\Users\xxx\AppData\Roaming\GoPal Assistant\Library\6754AD48-1263-4F9C-A9A8-FB63B683B0C3\AutoRunCE.exe
[2011.06.19 10:00:41 | 000,057,856 | ---- | M] () -- C:\Users\xxx\AppData\Roaming\GoPal Assistant\Library\6754AD48-1263-4F9C-A9A8-FB63B683B0C3\1\module.exe
[2011.06.19 10:00:45 | 000,028,672 | ---- | M] (Elektrobit Automotive GmbH) -- C:\Users\xxx\AppData\Roaming\GoPal Assistant\Library\6801B145-4BB6-4229-AE7D-04440D36E511\AutoRunCE.exe
[2011.06.19 10:00:46 | 000,057,856 | ---- | M] () -- C:\Users\xxx\AppData\Roaming\GoPal Assistant\Library\6801B145-4BB6-4229-AE7D-04440D36E511\1\module.exe
[2011.06.19 10:00:40 | 000,028,672 | ---- | M] (Elektrobit Automotive GmbH) -- C:\Users\xxx\AppData\Roaming\GoPal Assistant\Library\70FE1BD6-4CC4-4D9C-BA0D-5E72E4D13A1F\AutoRunCE.exe
[2011.06.19 10:00:41 | 000,057,856 | ---- | M] () -- C:\Users\xxx\AppData\Roaming\GoPal Assistant\Library\70FE1BD6-4CC4-4D9C-BA0D-5E72E4D13A1F\1\module.exe
[2011.06.19 10:00:55 | 000,028,672 | ---- | M] (Elektrobit Automotive GmbH) -- C:\Users\xxx\AppData\Roaming\GoPal Assistant\Library\757E790A-3AFD-4590-BC1F-45CA37014939\AutoRunCE.exe
[2011.06.19 10:00:56 | 000,057,856 | ---- | M] () -- C:\Users\xxx\AppData\Roaming\GoPal Assistant\Library\757E790A-3AFD-4590-BC1F-45CA37014939\1\module.exe
[2011.06.19 10:00:42 | 000,028,672 | ---- | M] (Elektrobit Automotive GmbH) -- C:\Users\xxx\AppData\Roaming\GoPal Assistant\Library\95823167-37E5-43E0-9ACA-6EE820FFFFEA\AutoRunCE.exe
[2011.06.19 10:00:42 | 000,057,856 | ---- | M] () -- C:\Users\xxx\AppData\Roaming\GoPal Assistant\Library\95823167-37E5-43E0-9ACA-6EE820FFFFEA\1\module.exe
[2011.06.19 10:00:59 | 000,028,672 | ---- | M] (Elektrobit Automotive GmbH) -- C:\Users\xxx\AppData\Roaming\GoPal Assistant\Library\C0B102C6-1CE2-4F82-A409-9DBB4FB4503F\AutoRunCE.exe
[2011.06.19 10:00:59 | 000,057,856 | ---- | M] () -- C:\Users\xxx\AppData\Roaming\GoPal Assistant\Library\C0B102C6-1CE2-4F82-A409-9DBB4FB4503F\1\module.exe
[2011.06.19 10:00:40 | 000,028,672 | ---- | M] (Elektrobit Automotive GmbH) -- C:\Users\xxx\AppData\Roaming\GoPal Assistant\Library\E0B74F54-97CE-4719-BF40-2BC4297B6414\AutoRunCE.exe
[2011.06.19 10:00:40 | 000,057,856 | ---- | M] () -- C:\Users\xxx\AppData\Roaming\GoPal Assistant\Library\E0B74F54-97CE-4719-BF40-2BC4297B6414\1\module.exe
[2011.06.19 10:00:42 | 000,028,672 | ---- | M] (Elektrobit Automotive GmbH) -- C:\Users\xxx\AppData\Roaming\GoPal Assistant\Library\EF853D38-8B7E-4913-BD92-4A8BA0859394\AutoRunCE.exe
[2011.06.19 10:00:42 | 000,057,856 | ---- | M] () -- C:\Users\xxx\AppData\Roaming\GoPal Assistant\Library\EF853D38-8B7E-4913-BD92-4A8BA0859394\1\module.exe
[2011.06.19 10:00:22 | 000,028,672 | ---- | M] (Elektrobit Automotive GmbH) -- C:\Users\xxx\AppData\Roaming\GoPal Assistant\Library\FAFBC901-5AAF-4315-857E-5159FFE7C750\AutoRunCE.exe
[2011.06.19 10:00:37 | 000,057,856 | ---- | M] () -- C:\Users\xxx\AppData\Roaming\GoPal Assistant\Library\FAFBC901-5AAF-4315-857E-5159FFE7C750\1\module.exe
[2011.06.19 10:00:48 | 000,028,672 | ---- | M] (Elektrobit Automotive GmbH) -- C:\Users\xxx\AppData\Roaming\GoPal Assistant\Library\FCBC3D1D-4056-4FDA-AB72-5978E9F7A210\AutoRunCE.exe
[2011.06.19 10:00:49 | 000,057,856 | ---- | M] () -- C:\Users\xxx\AppData\Roaming\GoPal Assistant\Library\FCBC3D1D-4056-4FDA-AB72-5978E9F7A210\1\module.exe
[2011.06.19 10:00:57 | 000,028,672 | ---- | M] (Elektrobit Automotive GmbH) -- C:\Users\xxx\AppData\Roaming\GoPal Assistant\Library\FE93A262-C76D-4EB8-9B08-F3492CEC58A8\AutoRunCE.exe
[2011.06.19 10:00:58 | 000,057,856 | ---- | M] () -- C:\Users\xxx\AppData\Roaming\GoPal Assistant\Library\FE93A262-C76D-4EB8-9B08-F3492CEC58A8\1\module.exe
[2011.08.31 08:55:51 | 000,010,134 | R--- | M] () -- C:\Users\xxx\AppData\Roaming\Microsoft\Installer\{846B5DED-DC8C-4E1A-B5B4-9F5B39A0CACE}\ARPPRODUCTICON.exe
[2011.06.07 20:58:20 | 005,845,432 | ---- | M] (Uniblue Systems Ltd                                         ) -- C:\Users\xxx\AppData\Roaming\OpenCandy\OpenCandy_5B8605A2DBB74B5BA4E771E4A0654E21\driverscanner (9).exe
[2011.07.15 16:09:32 | 000,416,160 | ---- | M] () -- C:\Users\xxx\AppData\Roaming\OpenCandy\OpenCandy_5B8605A2DBB74B5BA4E771E4A0654E21\LatestDLMgr.exe
 
< %SYSTEMDRIVE%\*.exe >
 
 
< MD5 for: AGP440.SYS  >
[2009.07.14 03:26:15 | 000,053,312 | ---- | M] (Microsoft Corporation) MD5=507812C3054C21CEF746B6EE3D04DD6E -- C:\Windows\ERDNT\cache\AGP440.sys
[2009.07.14 03:26:15 | 000,053,312 | ---- | M] (Microsoft Corporation) MD5=507812C3054C21CEF746B6EE3D04DD6E -- C:\Windows\System32\drivers\AGP440.sys
[2009.07.14 03:26:15 | 000,053,312 | ---- | M] (Microsoft Corporation) MD5=507812C3054C21CEF746B6EE3D04DD6E -- C:\Windows\System32\DriverStore\FileRepository\machine.inf_x86_neutral_a97a2a0d0fbc6696\AGP440.sys
[2009.07.14 03:26:15 | 000,053,312 | ---- | M] (Microsoft Corporation) MD5=507812C3054C21CEF746B6EE3D04DD6E -- C:\Windows\winsxs\x86_machine.inf_31bf3856ad364e35_6.1.7600.16385_none_b9e9435f20046eeb\AGP440.sys
[2009.07.14 03:26:15 | 000,053,312 | ---- | M] (Microsoft Corporation) MD5=507812C3054C21CEF746B6EE3D04DD6E -- C:\Windows\winsxs\x86_machine.inf_31bf3856ad364e35_6.1.7601.17514_none_bc1a57271cf2f285\AGP440.sys
 
< MD5 for: ATAPI.SYS  >
[2009.07.14 03:26:15 | 000,021,584 | ---- | M] (Microsoft Corporation) MD5=338C86357871C167A96AB976519BF59E -- C:\Windows\ERDNT\cache\atapi.sys
[2009.07.14 03:26:15 | 000,021,584 | ---- | M] (Microsoft Corporation) MD5=338C86357871C167A96AB976519BF59E -- C:\Windows\System32\drivers\atapi.sys
[2009.07.14 03:26:15 | 000,021,584 | ---- | M] (Microsoft Corporation) MD5=338C86357871C167A96AB976519BF59E -- C:\Windows\System32\DriverStore\FileRepository\mshdc.inf_x86_neutral_fab873f3e8a3315c\atapi.sys
[2009.07.14 03:26:15 | 000,021,584 | ---- | M] (Microsoft Corporation) MD5=338C86357871C167A96AB976519BF59E -- C:\Windows\winsxs\x86_mshdc.inf_31bf3856ad364e35_6.1.7600.16385_none_dd0e7e3d82dd640d\atapi.sys
[2009.07.14 03:26:15 | 000,021,584 | ---- | M] (Microsoft Corporation) MD5=338C86357871C167A96AB976519BF59E -- C:\Windows\winsxs\x86_mshdc.inf_31bf3856ad364e35_6.1.7601.17514_none_df3f92057fcbe7a7\atapi.sys
 
< MD5 for: CNGAUDIT.DLL  >
[2009.07.14 03:15:06 | 000,012,288 | ---- | M] (Microsoft Corporation) MD5=50BA656134F78AF64E4DD3C8B6FEFD7E -- C:\Windows\ERDNT\cache\cngaudit.dll
[2009.07.14 03:15:06 | 000,012,288 | ---- | M] (Microsoft Corporation) MD5=50BA656134F78AF64E4DD3C8B6FEFD7E -- C:\Windows\System32\cngaudit.dll
[2009.07.14 03:15:06 | 000,012,288 | ---- | M] (Microsoft Corporation) MD5=50BA656134F78AF64E4DD3C8B6FEFD7E -- C:\Windows\winsxs\x86_microsoft-windows-cngaudit-dll_31bf3856ad364e35_6.1.7600.16385_none_e83a414890e8132b\cngaudit.dll
 
< MD5 for: IASTOR.SYS  >
[2009.02.12 03:26:18 | 000,407,576 | ---- | M] (Intel Corporation) MD5=1ADAA4F16073FD0C7270F451FD024E97 -- C:\Acer\Preload\Autorun\DRV\AHCI\Driver64\IaStor.sys
[2009.02.12 03:11:50 | 000,329,752 | ---- | M] (Intel Corporation) MD5=71ECC07BC7C5E24C3DD01D8A29A24054 -- C:\Acer\Preload\Autorun\DRV\AHCI\Driver\IaStor.sys
 
< MD5 for: IASTORV.SYS  >
[2011.03.11 07:38:51 | 000,332,160 | ---- | M] (Intel Corporation) MD5=5CD5F9A5444E6CDCB0AC89BD62D8B76E -- C:\Windows\System32\drivers\iaStorV.sys
[2011.03.11 07:38:51 | 000,332,160 | ---- | M] (Intel Corporation) MD5=5CD5F9A5444E6CDCB0AC89BD62D8B76E -- C:\Windows\System32\DriverStore\FileRepository\iastorv.inf_x86_neutral_0bcee2057afcc090\iaStorV.sys
[2011.03.11 07:38:51 | 000,332,160 | ---- | M] (Intel Corporation) MD5=5CD5F9A5444E6CDCB0AC89BD62D8B76E -- C:\Windows\winsxs\x86_iastorv.inf_31bf3856ad364e35_6.1.7601.17577_none_b0daddb9e6380745\iaStorV.sys
[2011.03.11 07:43:55 | 000,332,160 | ---- | M] (Intel Corporation) MD5=71F1A494FEDF4B33C02C4A6A28D6D9E9 -- C:\Windows\winsxs\x86_iastorv.inf_31bf3856ad364e35_6.1.7600.16778_none_aef580fde910b4b0\iaStorV.sys
[2011.03.11 07:28:00 | 000,332,160 | ---- | M] (Intel Corporation) MD5=778D0E6D7D9EBA0C403BADBAAD41DB20 -- C:\Windows\winsxs\x86_iastorv.inf_31bf3856ad364e35_6.1.7601.21680_none_b152a892ff64119f\iaStorV.sys
[2009.07.14 03:20:36 | 000,332,352 | ---- | M] (Intel Corporation) MD5=934AF4D7C5F457B9F0743F4299B77B67 -- C:\Windows\winsxs\x86_iastorv.inf_31bf3856ad364e35_6.1.7600.16385_none_aee7a89be91b9000\iaStorV.sys
[2010.11.20 14:29:54 | 000,332,160 | ---- | M] (Intel Corporation) MD5=A3CAE5D281DB4CFF7CFF8233507EE5AD -- C:\Windows\System32\DriverStore\FileRepository\iastorv.inf_x86_neutral_668286aa35d55928\iaStorV.sys
[2010.11.20 14:29:54 | 000,332,160 | ---- | M] (Intel Corporation) MD5=A3CAE5D281DB4CFF7CFF8233507EE5AD -- C:\Windows\winsxs\x86_iastorv.inf_31bf3856ad364e35_6.1.7601.17514_none_b118bc63e60a139a\iaStorV.sys
[2011.03.11 07:52:21 | 000,332,160 | ---- | M] (Intel Corporation) MD5=B9039A34C2F8769490DCC494E2402445 -- C:\Windows\winsxs\x86_iastorv.inf_31bf3856ad364e35_6.1.7600.20921_none_afae2d45020c148b\iaStorV.sys
 
< MD5 for: NETLOGON.DLL  >
[2010.11.20 14:20:28 | 000,563,712 | ---- | M] (Microsoft Corporation) MD5=C1809B9907ADEDAF16F50C894100883B -- C:\Windows\ERDNT\cache\netlogon.dll
[2010.11.20 14:20:28 | 000,563,712 | ---- | M] (Microsoft Corporation) MD5=C1809B9907ADEDAF16F50C894100883B -- C:\Windows\System32\netlogon.dll
[2010.11.20 14:20:28 | 000,563,712 | ---- | M] (Microsoft Corporation) MD5=C1809B9907ADEDAF16F50C894100883B -- C:\Windows\winsxs\x86_microsoft-windows-security-netlogon_31bf3856ad364e35_6.1.7601.17514_none_ffbf212e963c0162\netlogon.dll
[2009.07.14 03:16:02 | 000,563,712 | ---- | M] (Microsoft Corporation) MD5=EAA75D9000B71F10EEC04D2AE6C60E81 -- C:\Windows\winsxs\x86_microsoft-windows-security-netlogon_31bf3856ad364e35_6.1.7600.16385_none_fd8e0d66994d7dc8\netlogon.dll
 
< MD5 for: NVSTOR.SYS  >
[2011.03.11 07:39:00 | 000,143,744 | ---- | M] (NVIDIA Corporation) MD5=4380E59A170D88C4F1022EFF6719A8A4 -- C:\Windows\System32\drivers\nvstor.sys
[2011.03.11 07:39:00 | 000,143,744 | ---- | M] (NVIDIA Corporation) MD5=4380E59A170D88C4F1022EFF6719A8A4 -- C:\Windows\System32\DriverStore\FileRepository\nvraid.inf_x86_neutral_0276fc3b3ea60d41\nvstor.sys
[2011.03.11 07:39:00 | 000,143,744 | ---- | M] (NVIDIA Corporation) MD5=4380E59A170D88C4F1022EFF6719A8A4 -- C:\Windows\winsxs\x86_nvraid.inf_31bf3856ad364e35_6.1.7601.17577_none_3ba44e691d6eb11d\nvstor.sys
[2011.03.11 07:44:01 | 000,143,744 | ---- | M] (NVIDIA Corporation) MD5=4520B63899E867F354EE012D34E11536 -- C:\Windows\winsxs\x86_nvraid.inf_31bf3856ad364e35_6.1.7600.16778_none_39bef1ad20475e88\nvstor.sys
[2011.03.11 07:28:10 | 000,143,744 | ---- | M] (NVIDIA Corporation) MD5=66D468654A58594F5F3BA63D5AD5B1AF -- C:\Windows\winsxs\x86_nvraid.inf_31bf3856ad364e35_6.1.7601.21680_none_3c1c1942369abb77\nvstor.sys
[2011.03.11 07:52:25 | 000,143,744 | ---- | M] (NVIDIA Corporation) MD5=8A7583A3B58D3EEB28BB26626526BC91 -- C:\Windows\winsxs\x86_nvraid.inf_31bf3856ad364e35_6.1.7600.20921_none_3a779df43942be63\nvstor.sys
[2010.11.20 14:30:06 | 000,143,744 | ---- | M] (NVIDIA Corporation) MD5=9283C58EBAA2618F93482EB5DABCEC82 -- C:\Windows\System32\DriverStore\FileRepository\nvraid.inf_x86_neutral_dd659ed032d28a14\nvstor.sys
[2010.11.20 14:30:06 | 000,143,744 | ---- | M] (NVIDIA Corporation) MD5=9283C58EBAA2618F93482EB5DABCEC82 -- C:\Windows\winsxs\x86_nvraid.inf_31bf3856ad364e35_6.1.7601.17514_none_3be22d131d40bd72\nvstor.sys
[2009.07.14 03:20:44 | 000,142,416 | ---- | M] (NVIDIA Corporation) MD5=C99F251A5DE63C6F129CF71933ACED0F -- C:\Windows\winsxs\x86_nvraid.inf_31bf3856ad364e35_6.1.7600.16385_none_39b1194b205239d8\nvstor.sys
 
< MD5 for: SCECLI.DLL  >
[2009.07.14 03:16:13 | 000,175,616 | ---- | M] (Microsoft Corporation) MD5=26073302DAEA83CC5B944C546D6B47D2 -- C:\Windows\winsxs\x86_microsoft-windows-s..urationengineclient_31bf3856ad364e35_6.1.7600.16385_none_37e4387f3a6f0483\scecli.dll
[2010.11.20 14:21:04 | 000,175,616 | ---- | M] (Microsoft Corporation) MD5=8124944EC89D6A1815E4E53F5B96AAF4 -- C:\Windows\ERDNT\cache\scecli.dll
[2010.11.20 14:21:04 | 000,175,616 | ---- | M] (Microsoft Corporation) MD5=8124944EC89D6A1815E4E53F5B96AAF4 -- C:\Windows\System32\scecli.dll
[2010.11.20 14:21:04 | 000,175,616 | ---- | M] (Microsoft Corporation) MD5=8124944EC89D6A1815E4E53F5B96AAF4 -- C:\Windows\winsxs\x86_microsoft-windows-s..urationengineclient_31bf3856ad364e35_6.1.7601.17514_none_3a154c47375d881d\scecli.dll
 
< MD5 for: USER32.DLL  >
[2009.07.14 03:16:17 | 000,811,520 | ---- | M] (Microsoft Corporation) MD5=34B7E222E81FAFA885F0C5F2CFA56861 -- C:\Windows\winsxs\x86_microsoft-windows-user32_31bf3856ad364e35_6.1.7600.16385_none_cd0ec264ceb014a3\user32.dll
[2010.11.20 14:21:33 | 000,811,520 | ---- | M] (Microsoft Corporation) MD5=F1DD3ACAEE5E6B4BBC69BC6DF75CEF66 -- C:\Windows\ERDNT\cache\user32.dll
[2010.11.20 14:21:33 | 000,811,520 | ---- | M] (Microsoft Corporation) MD5=F1DD3ACAEE5E6B4BBC69BC6DF75CEF66 -- C:\Windows\System32\user32.dll
[2010.11.20 14:21:33 | 000,811,520 | ---- | M] (Microsoft Corporation) MD5=F1DD3ACAEE5E6B4BBC69BC6DF75CEF66 -- C:\Windows\winsxs\x86_microsoft-windows-user32_31bf3856ad364e35_6.1.7601.17514_none_cf3fd62ccb9e983d\user32.dll
 
< MD5 for: USERINIT.EXE  >
[2010.11.20 14:17:48 | 000,026,624 | ---- | M] (Microsoft Corporation) MD5=61AC3EFDFACFDD3F0F11DD4FD4044223 -- C:\Windows\ERDNT\cache\userinit.exe
[2010.11.20 14:17:48 | 000,026,624 | ---- | M] (Microsoft Corporation) MD5=61AC3EFDFACFDD3F0F11DD4FD4044223 -- C:\Windows\System32\userinit.exe
[2010.11.20 14:17:48 | 000,026,624 | ---- | M] (Microsoft Corporation) MD5=61AC3EFDFACFDD3F0F11DD4FD4044223 -- C:\Windows\winsxs\x86_microsoft-windows-userinit_31bf3856ad364e35_6.1.7601.17514_none_de3024012ff21116\userinit.exe
[2009.07.14 03:14:43 | 000,026,112 | ---- | M] (Microsoft Corporation) MD5=6DE80F60D7DE9CE6B8C2DDFDF79EF175 -- C:\Windows\winsxs\x86_microsoft-windows-userinit_31bf3856ad364e35_6.1.7600.16385_none_dbff103933038d7c\userinit.exe
 
< MD5 for: WININIT.EXE  >
[2009.07.14 03:14:45 | 000,096,256 | ---- | M] (Microsoft Corporation) MD5=B5C5DCAD3899512020D135600129D665 -- C:\Windows\ERDNT\cache\wininit.exe
[2009.07.14 03:14:45 | 000,096,256 | ---- | M] (Microsoft Corporation) MD5=B5C5DCAD3899512020D135600129D665 -- C:\Windows\System32\wininit.exe
[2009.07.14 03:14:45 | 000,096,256 | ---- | M] (Microsoft Corporation) MD5=B5C5DCAD3899512020D135600129D665 -- C:\Windows\winsxs\x86_microsoft-windows-wininit_31bf3856ad364e35_6.1.7600.16385_none_30c90ef265a43c13\wininit.exe
 
< MD5 for: WINLOGON.EXE  >
[2009.10.28 08:17:59 | 000,285,696 | ---- | M] (Microsoft Corporation) MD5=37CDB7E72EB66BA85A87CBE37E7F03FD -- C:\Windows\winsxs\x86_microsoft-windows-winlogon_31bf3856ad364e35_6.1.7600.16447_none_6fc699643622d177\winlogon.exe
[2009.10.28 07:52:08 | 000,285,696 | ---- | M] (Microsoft Corporation) MD5=3BABE6767C78FBF5FB8435FEED187F30 -- C:\Windows\winsxs\x86_microsoft-windows-winlogon_31bf3856ad364e35_6.1.7600.20560_none_703394514f56f7c2\winlogon.exe
[2010.11.20 14:17:54 | 000,286,720 | ---- | M] (Microsoft Corporation) MD5=6D13E1406F50C66E2A95D97F22C47560 -- C:\Windows\ERDNT\cache\winlogon.exe
[2010.11.20 14:17:54 | 000,286,720 | ---- | M] (Microsoft Corporation) MD5=6D13E1406F50C66E2A95D97F22C47560 -- C:\Windows\System32\winlogon.exe
[2010.11.20 14:17:54 | 000,286,720 | ---- | M] (Microsoft Corporation) MD5=6D13E1406F50C66E2A95D97F22C47560 -- C:\Windows\winsxs\x86_microsoft-windows-winlogon_31bf3856ad364e35_6.1.7601.17514_none_71ca6b0233339500\winlogon.exe
[2009.07.14 03:14:45 | 000,285,696 | ---- | M] (Microsoft Corporation) MD5=8EC6A4AB12B8F3759E21F8E3A388F2CF -- C:\Windows\winsxs\x86_microsoft-windows-winlogon_31bf3856ad364e35_6.1.7600.16385_none_6f99573a36451166\winlogon.exe
 
< MD5 for: WS2IFSL.SYS  >
[2009.07.14 01:55:02 | 000,016,384 | ---- | M] (Microsoft Corporation) MD5=6DB3276587B853BF886B69528FDB048C -- C:\Windows\System32\drivers\ws2ifsl.sys
[2009.07.14 01:55:02 | 000,016,384 | ---- | M] (Microsoft Corporation) MD5=6DB3276587B853BF886B69528FDB048C -- C:\Windows\winsxs\x86_microsoft-windows-w..rastructure-ws2ifsl_31bf3856ad364e35_6.1.7600.16385_none_4f5cf6f829213bb2\ws2ifsl.sys
 
< %systemroot%\system32\drivers\*.sys /lockedfiles >
 
< %systemroot%\System32\config\*.sav >
 
< %systemroot%\*. /mp /s >
 
< %systemroot%\system32\*.dll /lockedfiles >
 
<           >
 
========== Alternate Data Streams ==========
 
@Alternate Data Stream - 95 bytes -> C:\ProgramData\TEMP:5C321E34

< End of report >
--- --- ---


Alt 20.10.2011, 18:14   #6
cosinus
/// Winkelfunktion
/// TB-Süch-Tiger™
 
Probleme mit verschiedenen Funden - Standard

Probleme mit verschiedenen Funden


Mach einen OTL-Fix, beende alle evtl. geöffneten Programme, auch Virenscanner deaktivieren (!), starte OTL und kopiere folgenden Text in die "Custom Scan/Fixes" Box (unten in OTL): (das ":OTL" muss mitkopiert werden!!!)

Hinweis: Falls Du Deinen Benutzernamen unkenntlich gemacht hast, musst Du das Ausgesternte in Deinen richtigen Benutzernamen wieder verwandeln, sonst funktioniert das Script nicht!!

Code:
ATTFilter
:OTL
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = de
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = CA 6B BF 7B 84 20 CC 01  [binary data]
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
FF - prefs.js..browser.search.selectedEngine: "Search the web (Babylon)"
FF - prefs.js..browser.startup.homepage: "http://search.babylon.com/?babsrc=HP_ss&affID=100471&mntrId=c40826c8000000000000001f16a7ec87"
FF - prefs.js..keyword.URL: "http://search.babylon.com/?babsrc=SP_ss&mntrId=c40826c8000000000000001f16a7ec87&tlver=1.4.31.2&instlRef=sst&affID=100471&q="
[2011.08.15 13:10:14 | 000,000,000 | ---D | M] (Babylon) -- C:\Users\xxx\AppData\Roaming\mozilla\Firefox\Profiles\ds8wnvyu.default\extensions\ffxtlbr@babylon.com
O2 - BHO: (Babylon toolbar helper) - {2EECD738-5844-4a99-B4B6-146BF802613B} - C:\Programme\BabylonToolbar\BabylonToolbar\1.4.31.2\bh\BabylonToolbar.dll (Babylon BHO)
O3 - HKLM\..\Toolbar: (Babylon Toolbar) - {98889811-442D-49dd-99D7-DC866BE87DBC} - C:\Programme\BabylonToolbar\BabylonToolbar\1.4.31.2\BabylonToolbarTlbr.dll (Babylon Ltd.)
O4 - HKLM..\Run: []  File not found
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2009.06.10 23:42:20 | 000,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ]
[2011.08.15 13:10:07 | 000,000,000 | ---D | M] -- C:\Users\xxx\AppData\Roaming\Babylon
@Alternate Data Stream - 95 bytes -> C:\ProgramData\TEMP:5C321E34
:Commands
[emptytemp]
[resethosts]
Klick dann oben links auf den Button Fix!
Das Logfile müsste geöffnet werden, wenn Du nach dem Fixen auf ok klickst, poste das bitte. Evtl. wird der Rechner neu gestartet.

Die mit diesem Script gefixten Einträge, Dateien und Ordner werden zur Sicherheit nicht vollständig gelöscht, es wird eine Sicherheitskopie auf der Systempartition im Ordner "_OTL" erstellt.

Hinweis: Das obige Script ist nur für diesen einen User in dieser Situtation erstellt worden. Es ist auf keinen anderen Rechner portierbar und darf nicht anderweitig verwandt werden, da es das System nachhaltig schädigen kann!
__________________
--> Probleme mit verschiedenen Funden

Alt 20.10.2011, 19:08   #7
JasonVorhees
 
Probleme mit verschiedenen Funden - Standard

Probleme mit verschiedenen Funden


hi

hab alles gemacht aber leider kam kein log...

Alt 20.10.2011, 19:36   #8
cosinus
/// Winkelfunktion
/// TB-Süch-Tiger™
 
Probleme mit verschiedenen Funden - Standard

Probleme mit verschiedenen Funden


Ich brauch den Quarantäneordner von OTL. Bitte folgendes machen:

1.) GANZ WICHTIG!! Virenscanner deaktivieren, der darf das Packen nicht beeinflussen!
2.) Ordner MovedFiles in C:\_OTL in eine Datei zippen
3.) Die erstellte ZIP-Datei hier hochladen => http://www.trojaner-board.de/54791-a...ner-board.html

Hinweis: Die Datei bitte wie in der Anleitung zum UpChannel angegeben auch da hochladen. Bitte NICHT die ZIP-Datei hier als Anhang in den Thread posten!

4.) Wenns erfolgreich war Bescheid sagen
5.) Erst dann wieder den Virenscanner einschalten
__________________
Logfiles bitte immer in CODE-Tags posten

Alt 20.10.2011, 20:03   #9
JasonVorhees
 
Probleme mit verschiedenen Funden - Standard

Probleme mit verschiedenen Funden


ist hochgeladen...

Alt 20.10.2011, 20:05   #10
cosinus
/// Winkelfunktion
/// TB-Süch-Tiger™
 
Probleme mit verschiedenen Funden - Standard

Probleme mit verschiedenen Funden


Ok. Mach bitte ein neues OTL-Log:

CustomScan mit OTL

Falls noch nicht vorhanden, lade Dir bitte OTL von Oldtimer herunter und speichere es auf Deinem Desktop
  • Starte bitte die OTL.exe.
    Vista und Win7 User mit Rechtsklick "als Administrator starten"
  • Kopiere nun den kompletten Inhalt aus der untenstehenden Codebox in die Textbox von OTL - wenn OTL auf deutsch ist wird sie mit beschriftet
Code:
ATTFilter
netsvcs
msconfig
safebootminimal
safebootnetwork
activex
drivers32
%ALLUSERSPROFILE%\Application Data\*.
%ALLUSERSPROFILE%\Application Data\*.exe /s
%APPDATA%\*.
%APPDATA%\*.exe /s
%SYSTEMDRIVE%\*.exe
/md5start
wininit.exe
userinit.exe
eventlog.dll
scecli.dll
netlogon.dll
cngaudit.dll
ws2ifsl.sys
sceclt.dll
ntelogon.dll
winlogon.exe
logevent.dll
user32.DLL
iaStor.sys
nvstor.sys
atapi.sys
IdeChnDr.sys
viasraid.sys
AGP440.sys
vaxscsi.sys
nvatabus.sys
viamraid.sys
nvata.sys
nvgts.sys
iastorv.sys
ViPrt.sys
eNetHook.dll
ahcix86.sys
KR10N.sys
nvstor32.sys
ahcix86s.sys
/md5stop
%systemroot%\system32\drivers\*.sys /lockedfiles
%systemroot%\System32\config\*.sav
%systemroot%\*. /mp /s
%systemroot%\system32\*.dll /lockedfiles
CREATERESTOREPOINT
  • Schliesse bitte nun alle Programme. (Wichtig)
  • Klicke nun bitte auf den Quick Scan Button.
  • Klick auf .
  • Kopiere nun den Inhalt aus OTL.txt hier in Deinen Thread
__________________
Logfiles bitte immer in CODE-Tags posten

Alt 20.10.2011, 20:09   #11
JasonVorhees
 
Probleme mit verschiedenen Funden - Standard

Probleme mit verschiedenen Funden


als ich otl geöffnet habe kam doch noch die log datei:

All processes killed
========== OTL ==========
HKCU\SOFTWARE\Microsoft\Internet Explorer\Main\\Start Page Redirect Cache AcceptLangs| /E : value set successfully!
HKCU\SOFTWARE\Microsoft\Internet Explorer\Main\\Start Page Redirect Cache_TIMESTAMP| /E : value set successfully!
HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\\ProxyEnable|dword:0 /E : value set successfully!
Prefs.js: "Search the web (Babylon)" removed from browser.search.selectedEngine
Prefs.js: "hxxp://search.babylon.com/?babsrc=HP_ss&affID=100471&mntrId=c40826c8000000000000001f16a7ec87" removed from browser.startup.homepage
Prefs.js: "hxxp://search.babylon.com/?babsrc=SP_ss&mntrId=c40826c8000000000000001f16a7ec87&tlver=1.4.31.2&instlRef=sst&affID=100471&q=" removed from keyword.URL
C:\Users\xxx\AppData\Roaming\mozilla\Firefox\Profiles\ds8wnvyu.default\extensions\ffxtlbr@babylon.com\defaults\preferences folder moved successfully.
C:\Users\xxx\AppData\Roaming\mozilla\Firefox\Profiles\ds8wnvyu.default\extensions\ffxtlbr@babylon.com\defaults folder moved successfully.
C:\Users\xxx\AppData\Roaming\mozilla\Firefox\Profiles\ds8wnvyu.default\extensions\ffxtlbr@babylon.com\content\imgs\mnRadio folder moved successfully.
C:\Users\xxx\AppData\Roaming\mozilla\Firefox\Profiles\ds8wnvyu.default\extensions\ffxtlbr@babylon.com\content\imgs\flgs folder moved successfully.
C:\Users\xxx\AppData\Roaming\mozilla\Firefox\Profiles\ds8wnvyu.default\extensions\ffxtlbr@babylon.com\content\imgs folder moved successfully.
C:\Users\xxx\AppData\Roaming\mozilla\Firefox\Profiles\ds8wnvyu.default\extensions\ffxtlbr@babylon.com\content folder moved successfully.
C:\Users\xxx\AppData\Roaming\mozilla\Firefox\Profiles\ds8wnvyu.default\extensions\ffxtlbr@babylon.com\components folder moved successfully.
C:\Users\xxx\AppData\Roaming\mozilla\Firefox\Profiles\ds8wnvyu.default\extensions\ffxtlbr@babylon.com folder moved successfully.
Registry key HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{2EECD738-5844-4a99-B4B6-146BF802613B}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{2EECD738-5844-4a99-B4B6-146BF802613B}\ deleted successfully.
C:\Programme\BabylonToolbar\BabylonToolbar\1.4.31.2\bh\BabylonToolbar.dll moved successfully.
Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Toolbar\\{98889811-442D-49dd-99D7-DC866BE87DBC} deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{98889811-442D-49dd-99D7-DC866BE87DBC}\ deleted successfully.
C:\Programme\BabylonToolbar\BabylonToolbar\1.4.31.2\BabylonToolbarTlbr.dll moved successfully.
Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run\\ deleted successfully.
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Cdrom\\AutoRun|DWORD:1 /E : value set successfully!
C:\autoexec.bat moved successfully.
C:\Users\xxx\AppData\Roaming\Babylon folder moved successfully.
ADS C:\ProgramData\TEMP:5C321E34 deleted successfully.
========== COMMANDS ==========

[EMPTYTEMP]

User: Administrator
->Temp folder emptied: 0 bytes

User: All Users

User: Default
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 33170 bytes

User: Default User
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes

User: Public
->Temp folder emptied: 0 bytes

User: standard
->Temp folder emptied: 53652081 bytes
->Temporary Internet Files folder emptied: 26449408 bytes
->Java cache emptied: 4420075 bytes
->FireFox cache emptied: 432851486 bytes
->Flash cache emptied: 4368 bytes

User: xxx
->Temp folder emptied: 65047005 bytes
->Temporary Internet Files folder emptied: 16623611 bytes
->Java cache emptied: 0 bytes
->FireFox cache emptied: 33988378 bytes
->Flash cache emptied: 923 bytes

%systemdrive% .tmp files removed: 0 bytes
%systemroot% .tmp files removed: 0 bytes
%systemroot%\System32 .tmp files removed: 0 bytes
%systemroot%\System32\drivers .tmp files removed: 0 bytes
Windows Temp folder emptied: 28282731 bytes
RecycleBin emptied: 939240 bytes

Total Files Cleaned = 632,00 mb

C:\Windows\System32\drivers\etc\Hosts moved successfully.
HOSTS file reset successfully

OTL by OldTimer - Version 3.2.31.0 log created on 10202011_200216

Files\Folders moved on Reboot...

Registry entries deleted on Reboot...

Alt 20.10.2011, 20:20   #12
cosinus
/// Winkelfunktion
/// TB-Süch-Tiger™
 
Probleme mit verschiedenen Funden - Standard

Probleme mit verschiedenen Funden


Dann brauchst du kein neues OTL-Log zu machen.

Bitte nun dieses Tool von Kaspersky ausführen und das Log posten => http://www.trojaner-board.de/82358-t...entfernen.html

Das Tool so einstellen wie unten im Bild angegeben - klick auf change parameters und setze die Haken wie im folgenden Screenshot abgebildet,
Dann auf Start Scan klicken und wenn es durch ist auf den Button Report klicken um das Log anzuzeigen. Dieses bitte komplett posten.

Hinweis: Bitte nichts voreilig mit dem TDSS-Killer löschen! Falls Objekte vom TDSS-Killer bemängelt werden, alle mit der Aktion "skip" behandeln und hier nur das Log posten!




Falls du durch die Infektion auf deine Dokumente/Eigenen Dateien nicht zugreifen kannst, Verknüpfungen auf dem Desktop oder im Startmenü unter "alle Programme" fehlen, bitte unhide ausführen:
Downloade dir bitte unhide.exe und speichere diese Datei auf deinem Desktop.
Starte das Tool und es sollten alle Dateien und Ordner wieder sichtbar sein. ( Könnte eine Weile dauern )
Windows-Vista und Windows-7-User müssen das Tool per Rechtsklick als Administrator ausführen!
__________________
Logfiles bitte immer in CODE-Tags posten

Alt 20.10.2011, 20:22   #13
JasonVorhees
 
Probleme mit verschiedenen Funden - Standard

Probleme mit verschiedenen Funden


hier der log:OTL Logfile:
Code:
ATTFilter
OTL logfile created on: 20.10.2011 21:10:54 - Run 4
OTL by OldTimer - Version 3.2.31.0     Folder = C:\Users\standard\Desktop
 Professional Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
 
2,99 Gb Total Physical Memory | 2,23 Gb Available Physical Memory | 74,34% Memory free
5,99 Gb Paging File | 5,06 Gb Available in Paging File | 84,55% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 452,99 Gb Total Space | 413,74 Gb Free Space | 91,33% Space Free | Partition Type: NTFS
 
Computer Name: XXX-PC | User Name: xxx | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Quick Scan
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days
 
========== Processes (SafeList) ==========
 
PRC - [2011.10.20 18:46:40 | 000,584,192 | ---- | M] (OldTimer Tools) -- C:\Users\standard\Desktop\OTL.exe
PRC - [2011.10.11 15:00:02 | 000,080,336 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\Programme\Avira\AntiVir Desktop\avshadow.exe
PRC - [2011.10.11 14:59:49 | 000,086,224 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\Programme\Avira\AntiVir Desktop\sched.exe
PRC - [2011.10.11 14:59:37 | 000,258,512 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\Programme\Avira\AntiVir Desktop\avgnt.exe
PRC - [2011.10.11 14:59:37 | 000,110,032 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\Programme\Avira\AntiVir Desktop\avguard.exe
PRC - [2011.08.05 09:29:30 | 000,200,704 | ---- | M] () -- C:\Windows\PLFSetI.exe
PRC - [2011.06.24 06:22:20 | 000,271,360 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\conhost.exe
PRC - [2011.06.06 12:55:28 | 000,064,952 | ---- | M] (Adobe Systems Incorporated) -- C:\Programme\Common Files\Adobe\ARM\1.0\armsvc.exe
PRC - [2011.04.19 08:44:40 | 000,993,848 | ---- | M] (Secunia) -- C:\Programme\Secunia\PSI\psia.exe
PRC - [2011.04.19 08:44:40 | 000,399,416 | ---- | M] (Secunia) -- C:\Programme\Secunia\PSI\sua.exe
PRC - [2011.04.19 08:44:40 | 000,291,896 | ---- | M] (Secunia) -- C:\Programme\Secunia\PSI\psi_tray.exe
PRC - [2011.02.25 07:30:54 | 002,616,320 | ---- | M] (Microsoft Corporation) -- C:\Windows\explorer.exe
PRC - [2010.11.20 14:17:56 | 001,121,792 | ---- | M] (Microsoft Corporation) -- C:\Programme\Windows Media Player\wmpnetwk.exe
PRC - [2010.11.20 14:17:47 | 000,049,152 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\taskhost.exe
PRC - [2009.01.26 15:31:10 | 001,153,368 | ---- | M] (Safer Networking Ltd.) -- C:\Programme\Spybot - Search & Destroy\SDWinSec.exe
PRC - [2008.10.25 11:44:34 | 000,031,072 | ---- | M] (Microsoft Corporation) -- C:\Programme\Microsoft Office\Office12\GrooveMonitor.exe
 
 
========== Modules (No Company Name) ==========
 
MOD - [2011.08.05 09:29:30 | 000,200,704 | ---- | M] () -- C:\Windows\PLFSetI.exe
MOD - [2011.05.28 22:04:56 | 000,140,288 | ---- | M] () -- C:\Programme\WinRAR\RarExt.dll
 
 
========== Win32 Services (SafeList) ==========
 
SRV - [2011.10.11 14:59:49 | 000,086,224 | ---- | M] (Avira Operations GmbH & Co. KG) [Auto | Running] -- C:\Program Files\Avira\AntiVir Desktop\sched.exe -- (AntiVirSchedulerService)
SRV - [2011.10.11 14:59:37 | 000,110,032 | ---- | M] (Avira Operations GmbH & Co. KG) [Auto | Running] -- C:\Program Files\Avira\AntiVir Desktop\avguard.exe -- (AntiVirService)
SRV - [2011.06.06 12:55:28 | 000,064,952 | ---- | M] (Adobe Systems Incorporated) [Auto | Running] -- C:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe -- (AdobeARMservice)
SRV - [2011.04.19 08:44:40 | 000,993,848 | ---- | M] (Secunia) [Auto | Running] -- C:\Program Files\Secunia\PSI\PSIA.exe -- (Secunia PSI Agent)
SRV - [2011.04.19 08:44:40 | 000,399,416 | ---- | M] (Secunia) [Auto | Running] -- C:\Program Files\Secunia\PSI\sua.exe -- (Secunia Update Agent)
SRV - [2009.07.14 03:16:15 | 000,016,384 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\StorSvc.dll -- (StorSvc)
SRV - [2009.07.14 03:16:13 | 000,025,088 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\sensrsvc.dll -- (SensrSvc)
SRV - [2009.07.14 03:16:12 | 001,004,544 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\PeerDistSvc.dll -- (PeerDistSvc)
SRV - [2009.07.14 03:15:41 | 000,680,960 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Programme\Windows Defender\MpSvc.dll -- (WinDefend)
SRV - [2009.01.26 15:31:10 | 001,153,368 | ---- | M] (Safer Networking Ltd.) [Auto | Running] -- C:\Programme\Spybot - Search & Destroy\SDWinSec.exe -- (SBSDWSCService)
SRV - [2007.05.31 16:21:24 | 000,379,784 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\WindowsMobile\wcescomm.dll -- (WcesComm)
SRV - [2007.05.31 16:21:18 | 000,183,688 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\WindowsMobile\rapimgr.dll -- (RapiMgr)
 
 
========== Driver Services (SafeList) ==========
 
DRV - [2011.10.11 15:00:01 | 000,134,344 | ---- | M] (Avira GmbH) [Kernel | System | Running] -- C:\Windows\System32\drivers\avipbb.sys -- (avipbb)
DRV - [2011.10.11 15:00:01 | 000,074,640 | ---- | M] (Avira GmbH) [File_System | Auto | Running] -- C:\Windows\System32\drivers\avgntflt.sys -- (avgntflt)
DRV - [2011.10.11 15:00:01 | 000,036,000 | ---- | M] (Avira GmbH) [Kernel | System | Running] -- C:\Windows\System32\drivers\avkmgr.sys -- (avkmgr)
DRV - [2010.11.20 14:30:15 | 000,175,360 | ---- | M] (Microsoft Corporation) [Kernel | Boot | Running] -- C:\Windows\system32\drivers\vmbus.sys -- (vmbus)
DRV - [2010.11.20 14:30:15 | 000,040,704 | ---- | M] (Microsoft Corporation) [Kernel | Boot | Running] -- C:\Windows\system32\drivers\vmstorfl.sys -- (storflt)
DRV - [2010.11.20 14:30:15 | 000,028,032 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\drivers\storvsc.sys -- (storvsc)
DRV - [2010.11.20 12:24:41 | 000,052,224 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\TsUsbFlt.sys -- (TsUsbFlt)
DRV - [2010.11.20 11:59:44 | 000,035,968 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\winusb.sys -- (WINUSB)
DRV - [2010.11.20 11:14:45 | 000,017,920 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\drivers\VMBusHID.sys -- (VMBusHID)
DRV - [2010.11.20 11:14:41 | 000,005,632 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\drivers\vms3cap.sys -- (s3cap)
DRV - [2010.09.01 10:30:58 | 000,015,544 | ---- | M] (Secunia) [File_System | On_Demand | Running] -- C:\Windows\System32\drivers\psi_mf.sys -- (PSI)
DRV - [2010.06.17 15:14:27 | 000,028,520 | ---- | M] (Avira GmbH) [Kernel | System | Running] -- C:\Windows\System32\drivers\ssmdrv.sys -- (ssmdrv)
DRV - [2010.05.10 20:41:30 | 000,067,656 | ---- | M] (SUPERAdBlocker.com and SUPERAntiSpyware.com) [Kernel | System | Running] -- C:\Programme\SUPERAntiSpyware\SASKUTIL.SYS -- (SASKUTIL)
DRV - [2010.02.17 20:25:48 | 000,012,872 | ---- | M] (SUPERAdBlocker.com and SUPERAntiSpyware.com) [Kernel | System | Running] -- C:\Programme\SUPERAntiSpyware\sasdifsv.sys -- (SASDIFSV)
DRV - [2009.09.15 19:40:18 | 006,114,816 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\NETw5s32.sys -- (NETw5s32) Intel(R)
DRV - [2009.07.28 07:56:00 | 009,791,552 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\nvlddmkm.sys -- (nvlddmkm)
DRV - [2009.07.14 00:13:48 | 001,035,776 | ---- | M] (LSI Corp) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\AGRSM.sys -- (AgereSoftModem)
DRV - [2009.07.14 00:02:51 | 004,231,168 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\netw5v32.sys -- (netw5v32) Intel(R)
DRV - [2009.07.14 00:02:49 | 000,229,888 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\k57nd60x.sys -- (k57nd60x) Broadcom NetLink (TM)
 
 
========== Standard Registry (SafeList) ==========
 
 
========== Internet Explorer ==========
 
 
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = 
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = 
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
 
========== FireFox ==========
 
FF - prefs.js..browser.search.selectedEngine: ""
FF - prefs.js..browser.startup.homepage: ""
 
FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF32.dll ()
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files\Java\jre7\bin\new_plugin\npjp2.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files\Microsoft Silverlight\4.0.60831.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeAuthz,version=14.0: C:\PROGRA~1\MICROS~1\Office14\NPAUTHZ.DLL (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/SharePoint,version=14.0: C:\PROGRA~1\MICROS~1\Office14\NPSPWRAP.DLL (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
 
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\smartwebprinting@hp.com: C:\Program Files\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3 [2011.06.04 09:46:40 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{EB132DB0-A4CA-11DF-9732-0E29E0D72085}: C:\Program Files\Object\facetheme
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 7.0.1\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2011.09.30 18:04:13 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 7.0.1\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2011.10.19 16:35:23 | 000,000,000 | ---D | M]
FF - HKEY_CURRENT_USER\software\mozilla\Firefox\Extensions\\smartwebprinting@hp.com: C:\Program Files\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3 [2011.06.04 09:46:40 | 000,000,000 | ---D | M]
FF - HKEY_CURRENT_USER\software\mozilla\Firefox\Extensions\\{EB132DB0-A4CA-11DF-9732-0E29E0D72085}: C:\Program Files\Object\facetheme
 
[2011.06.01 20:14:31 | 000,000,000 | ---D | M] (No name found) -- C:\Users\xxx\AppData\Roaming\mozilla\Extensions
[2011.10.20 20:02:17 | 000,000,000 | ---D | M] (No name found) -- C:\Users\xxx\AppData\Roaming\mozilla\Firefox\Profiles\ds8wnvyu.default\extensions
[2011.10.19 16:35:23 | 000,000,000 | ---D | M] (No name found) -- C:\Programme\Mozilla Firefox\extensions
[2011.06.01 21:30:57 | 000,000,000 | ---D | M] (Java Console) -- C:\Programme\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0025-ABCDEFFEDCBA}
[2011.10.19 16:35:23 | 000,000,000 | ---D | M] (Java Console) -- C:\Programme\Mozilla Firefox\extensions\{CAFEEFAC-0017-0000-0001-ABCDEFFEDCBA}
File not found (No name found) -- C:\PROGRAM FILES\OBJECT\FACETHEME
[2011.09.29 09:09:46 | 000,134,104 | ---- | M] (Mozilla Foundation) -- C:\Program Files\mozilla firefox\components\browsercomps.dll
[2011.10.03 02:53:41 | 000,611,224 | ---- | M] (Oracle Corporation) -- C:\Program Files\mozilla firefox\plugins\npdeployJava1.dll
[2011.07.11 23:48:12 | 000,012,800 | ---- | M] (Nullsoft, Inc.) -- C:\Program Files\mozilla firefox\plugins\npwachk.dll
[2011.09.29 03:30:22 | 000,001,538 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\amazon-en-GB.xml
[2011.08.15 13:10:10 | 000,002,288 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\babylon.xml
[2011.09.29 03:16:42 | 000,002,252 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\bing.xml
[2011.09.29 03:30:22 | 000,000,947 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\chambers-en-GB.xml
[2011.09.29 03:30:22 | 000,001,180 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\eBay-en-GB.xml
[2011.09.29 03:30:22 | 000,001,135 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\yahoo-en-GB.xml
 
O1 HOSTS File: ([2011.10.20 20:04:35 | 000,000,098 | ---- | M]) - C:\Windows\System32\drivers\etc\Hosts
O1 - Hosts: 127.0.0.1       localhost
O1 - Hosts: ::1       localhost
O2 - BHO: (no name) - {2EECD738-5844-4a99-B4B6-146BF802613B} - No CLSID value found.
O2 - BHO: (Spybot-S&D IE Protection) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Programme\Spybot - Search & Destroy\SDHelper.dll (Safer Networking Limited)
O2 - BHO: (Groove GFS Browser Helper) - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Programme\Microsoft Office\Office12\GrooveShellExtensions.dll (Microsoft Corporation)
O2 - BHO: (Office Document Cache Handler) - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\Programme\Microsoft Office\Office14\URLREDIR.DLL (Microsoft Corporation)
O2 - BHO: (Java(tm) Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Programme\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
O4 - HKLM..\Run: [avgnt] C:\Program Files\Avira\AntiVir Desktop\avgnt.exe (Avira Operations GmbH & Co. KG)
O4 - HKLM..\Run: [Malwarebytes' Anti-Malware (reboot)] C:\Program Files\Malwarebytes' Anti-Malware\mbam.exe (Malwarebytes Corporation)
O4 - HKLM..\Run: [NvCplDaemon] C:\Windows\System32\NvCpl.dll (NVIDIA Corporation)
O4 - HKLM..\Run: [PLFSetI] C:\Windows\PLFSetI.exe ()
O4 - HKCU..\Run: [SpybotSD TeaTimer] C:\Programme\Spybot - Search & Destroy\TeaTimer.exe (Safer-Networking Ltd.)
O4 - HKCU..\Run: [SUPERAntiSpyware] C:\Programme\SUPERAntiSpyware\SUPERANTISPYWARE.EXE (SUPERAntiSpyware.com)
O4 - HKCU..\RunOnce: [FlashPlayerUpdate] C:\Windows\system32\Macromed\Flash\FlashUtil10v_Plugin.exe -update plugin File not found
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
O7 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O9 - Extra Button: An OneNote senden - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Programme\Microsoft Office\Office12\ONBttnIE.dll (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : An OneNote s&enden - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Programme\Microsoft Office\Office12\ONBttnIE.dll (Microsoft Corporation)
O9 - Extra Button: @C:\Windows\WindowsMobile\INetRepl.dll,-222 - {2EAF5BB1-070F-11D3-9307-00C04FAE2D4F} - C:\Windows\WindowsMobile\INetRepl.dll (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : @C:\Windows\WindowsMobile\INetRepl.dll,-223 - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\Windows\WindowsMobile\INetRepl.dll (Microsoft Corporation)
O9 - Extra Button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\Programme\Microsoft Office\Office12\REFIEBAR.DLL (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Programme\Spybot - Search & Destroy\SDHelper.dll (Safer Networking Limited)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.7.0/jinstall-1_7_0_01-windows-i586.cab (Java Plug-in 1.7.0_01)
O16 - DPF: {CAFEEFAC-0017-0000-0001-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.7.0/jinstall-1_7_0_01-windows-i586.cab (Java Plug-in 1.7.0_01)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.7.0/jinstall-1_7_0_01-windows-i586.cab (Java Plug-in 1.7.0_01)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.2.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{1EDC4998-C384-40AA-8981-4F1B09150A09}: DhcpNameServer = 192.168.2.1
O18 - Protocol\Handler\grooveLocalGWS {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\Programme\Microsoft Office\Office12\GrooveSystemServices.dll (Microsoft Corporation)
O18 - Protocol\Handler\ms-help {314111c7-a502-11d2-bbca-00c04f8ec294} - C:\Programme\Common Files\microsoft shared\Help\hxds.dll (Microsoft Corporation)
O18 - Protocol\Filter\text/xml {807573E5-5146-11D5-A672-00B0D022E945} - C:\Programme\Common Files\microsoft shared\OFFICE14\MSOXMLMF.DLL (Microsoft Corporation)
O20 - HKLM Winlogon: Shell - (Explorer.exe) -C:\Windows\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) -C:\Windows\System32\userinit.exe (Microsoft Corporation)
O20 - HKLM Winlogon: VMApplet - (SystemPropertiesPerformance.exe) -C:\Windows\System32\SystemPropertiesPerformance.exe (Microsoft Corporation)
O20 - HKLM Winlogon: VMApplet - (/pagefile) - File not found
O28 - HKLM ShellExecuteHooks: {B5A7F190-DDA6-4420-B3BA-52453494E6CD} - C:\Programme\Microsoft Office\Office12\GrooveShellExtensions.dll (Microsoft Corporation)
O32 - HKLM CDRom: AutoRun - 1
O34 - HKLM BootExecute: (autocheck autochk *)
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
 
NetSvcs: FastUserSwitchingCompatibility -  File not found
NetSvcs: Ias - C:\Windows\System32\ias.dll (Microsoft Corporation)
NetSvcs: Nla -  File not found
NetSvcs: Ntmssvc -  File not found
NetSvcs: NWCWorkstation -  File not found
NetSvcs: Nwsapagent -  File not found
NetSvcs: SRService -  File not found
NetSvcs: WmdmPmSp -  File not found
NetSvcs: LogonHours -  File not found
NetSvcs: PCAudit -  File not found
NetSvcs: helpsvc -  File not found
NetSvcs: uploadmgr -  File not found
 
 
SafeBootMin: Base - Driver Group
SafeBootMin: Boot Bus Extender - Driver Group
SafeBootMin: Boot file system - Driver Group
SafeBootMin: File system - Driver Group
SafeBootMin: Filter - Driver Group
SafeBootMin: HelpSvc - Service
SafeBootMin: NTDS -  File not found
SafeBootMin: PCI Configuration - Driver Group
SafeBootMin: PNP Filter - Driver Group
SafeBootMin: Primary disk - Driver Group
SafeBootMin: sacsvr - Service
SafeBootMin: SCSI Class - Driver Group
SafeBootMin: System Bus Extender - Driver Group
SafeBootMin: vmms - Service
SafeBootMin: WinDefend - C:\Programme\Windows Defender\MpSvc.dll (Microsoft Corporation)
SafeBootMin: {36FC9E60-C465-11CF-8056-444553540000} - Universal Serial Bus controllers
SafeBootMin: {4D36E965-E325-11CE-BFC1-08002BE10318} - CD-ROM Drive
SafeBootMin: {4D36E967-E325-11CE-BFC1-08002BE10318} - DiskDrive
SafeBootMin: {4D36E969-E325-11CE-BFC1-08002BE10318} - Standard floppy disk controller
SafeBootMin: {4D36E96A-E325-11CE-BFC1-08002BE10318} - Hdc
SafeBootMin: {4D36E96B-E325-11CE-BFC1-08002BE10318} - Keyboard
SafeBootMin: {4D36E96F-E325-11CE-BFC1-08002BE10318} - Mouse
SafeBootMin: {4D36E977-E325-11CE-BFC1-08002BE10318} - PCMCIA Adapters
SafeBootMin: {4D36E97B-E325-11CE-BFC1-08002BE10318} - SCSIAdapter
SafeBootMin: {4D36E97D-E325-11CE-BFC1-08002BE10318} - System
SafeBootMin: {4D36E980-E325-11CE-BFC1-08002BE10318} - Floppy disk drive
SafeBootMin: {533C5B84-EC70-11D2-9505-00C04F79DEAF} - Volume shadow copy
SafeBootMin: {6BDD1FC1-810F-11D0-BEC7-08002BE2092F} - IEEE 1394 Bus host controllers
SafeBootMin: {71A27CDD-812A-11D0-BEC7-08002BE2092F} - Volume
SafeBootMin: {745A17A0-74D3-11D0-B6FE-00A0C90F57DA} - Human Interface Devices
SafeBootMin: {D48179BE-EC20-11D1-B6B8-00C04FA372A7} - SBP2 IEEE 1394 Devices
SafeBootMin: {D94EE5D8-D189-4994-83D2-F68D7D41B0E6} - SecurityDevices
 
SafeBootNet: Base - Driver Group
SafeBootNet: Boot Bus Extender - Driver Group
SafeBootNet: Boot file system - Driver Group
SafeBootNet: File system - Driver Group
SafeBootNet: Filter - Driver Group
SafeBootNet: HelpSvc - Service
SafeBootNet: Messenger - Service
SafeBootNet: NDIS Wrapper - Driver Group
SafeBootNet: NetBIOSGroup - Driver Group
SafeBootNet: NetDDEGroup - Driver Group
SafeBootNet: Network - Driver Group
SafeBootNet: NetworkProvider - Driver Group
SafeBootNet: NTDS -  File not found
SafeBootNet: PCI Configuration - Driver Group
SafeBootNet: PNP Filter - Driver Group
SafeBootNet: PNP_TDI - Driver Group
SafeBootNet: Primary disk - Driver Group
SafeBootNet: rdsessmgr - Service
SafeBootNet: sacsvr - Service
SafeBootNet: SCSI Class - Driver Group
SafeBootNet: Streams Drivers - Driver Group
SafeBootNet: System Bus Extender - Driver Group
SafeBootNet: TDI - Driver Group
SafeBootNet: vmms - Service
SafeBootNet: WinDefend - C:\Programme\Windows Defender\MpSvc.dll (Microsoft Corporation)
SafeBootNet: WudfUsbccidDriver - Driver
SafeBootNet: {36FC9E60-C465-11CF-8056-444553540000} - Universal Serial Bus controllers
SafeBootNet: {4D36E965-E325-11CE-BFC1-08002BE10318} - CD-ROM Drive
SafeBootNet: {4D36E967-E325-11CE-BFC1-08002BE10318} - DiskDrive
SafeBootNet: {4D36E969-E325-11CE-BFC1-08002BE10318} - Standard floppy disk controller
SafeBootNet: {4D36E96A-E325-11CE-BFC1-08002BE10318} - Hdc
SafeBootNet: {4D36E96B-E325-11CE-BFC1-08002BE10318} - Keyboard
SafeBootNet: {4D36E96F-E325-11CE-BFC1-08002BE10318} - Mouse
SafeBootNet: {4D36E972-E325-11CE-BFC1-08002BE10318} - Net
SafeBootNet: {4D36E973-E325-11CE-BFC1-08002BE10318} - NetClient
SafeBootNet: {4D36E974-E325-11CE-BFC1-08002BE10318} - NetService
SafeBootNet: {4D36E975-E325-11CE-BFC1-08002BE10318} - NetTrans
SafeBootNet: {4D36E977-E325-11CE-BFC1-08002BE10318} - PCMCIA Adapters
SafeBootNet: {4D36E97B-E325-11CE-BFC1-08002BE10318} - SCSIAdapter
SafeBootNet: {4D36E97D-E325-11CE-BFC1-08002BE10318} - System
SafeBootNet: {4D36E980-E325-11CE-BFC1-08002BE10318} - Floppy disk drive
SafeBootNet: {50DD5230-BA8A-11D1-BF5D-0000F805F530} - Smart card readers
SafeBootNet: {533C5B84-EC70-11D2-9505-00C04F79DEAF} - Volume shadow copy
SafeBootNet: {6BDD1FC1-810F-11D0-BEC7-08002BE2092F} - IEEE 1394 Bus host controllers
SafeBootNet: {71A27CDD-812A-11D0-BEC7-08002BE2092F} - Volume
SafeBootNet: {745A17A0-74D3-11D0-B6FE-00A0C90F57DA} - Human Interface Devices
SafeBootNet: {D48179BE-EC20-11D1-B6B8-00C04FA372A7} - SBP2 IEEE 1394 Devices
SafeBootNet: {D94EE5D8-D189-4994-83D2-F68D7D41B0E6} - SecurityDevices
 
ActiveX: {08B0E5C0-4FCB-11CF-AAA5-00401C608500} - Java (Sun)
ActiveX: {22d6f312-b0f6-11d0-94ab-0080c74c7e95} - Microsoft Windows Media Player 12.0
ActiveX: {25FFAAD0-F4A3-4164-95FF-4461E9F35D51} - .NET Framework
ActiveX: {2C7339CF-2B09-4501-B3F3-F3508C9228ED} - %SystemRoot%\system32\regsvr32.exe /s /n /i:/UserInstall %SystemRoot%\system32\themeui.dll
ActiveX: {3af36230-a269-11d1-b5bf-0000f8051515} - Offline Browsing Pack
ActiveX: {3C3901C5-3455-3E0A-A214-0B093A5070A6} - .NET Framework
ActiveX: {44BBA840-CC51-11CF-AAFA-00AA00B6015C} - "%ProgramFiles%\Windows Mail\WinMail.exe" OCInstallUserConfigOE
ActiveX: {44BBA855-CC51-11CF-AAFA-00AA00B6015F} - DirectDrawEx
ActiveX: {45ea75a0-a269-11d1-b5bf-0000f8051515} - Internet Explorer Help
ActiveX: {4f645220-306d-11d2-995d-00c04f98bbc9} - Microsoft Windows Script 5.6
ActiveX: {5fd399c0-a70a-11d1-9948-00c04f98bbc9} - Internet Explorer Setup Tools
ActiveX: {630b1da0-b465-11d1-9948-00c04f98bbc9} - Browsing Enhancements
ActiveX: {6BF52A52-394A-11d3-B153-00C04F79FAA6} - Microsoft Windows Media Player
ActiveX: {6fab99d0-bab8-11d1-994a-00c04f98bbc9} - MSN Site Access
ActiveX: {7790769C-0471-11d2-AF11-00C04FA35D02} - Address Book 7
ActiveX: {7C028AF8-F614-47B3-82DA-BA94E41B1089} - .NET Framework
ActiveX: {89820200-ECBD-11cf-8B85-00AA005B4340} - regsvr32.exe /s /n /i:U shell32.dll
ActiveX: {89820200-ECBD-11cf-8B85-00AA005B4383} - C:\Windows\System32\ie4uinit.exe -BaseSettings
ActiveX: {89B4C1CD-B018-4511-B0A1-5476DBF70820} - C:\Windows\system32\Rundll32.exe C:\Windows\system32\mscories.dll,Install
ActiveX: {9381D8F2-0288-11D0-9501-00AA00B911A5} - Dynamic HTML Data Binding
ActiveX: {C9E9A340-D1F1-11D0-821E-444553540600} - Internet Explorer Core Fonts
ActiveX: {D27CDB6E-AE6D-11CF-96B8-444553540000} - Adobe Flash Player
ActiveX: {de5aed00-a4bf-11d1-9948-00c04f98bbc9} - HTML Help
ActiveX: {E92B03AB-B707-11d2-9CBD-0000F87A369E} - Active Directory Service Interface
ActiveX: >{22d6f312-b0f6-11d0-94ab-0080c74c7e95} - %SystemRoot%\system32\unregmp2.exe /ShowWMP
ActiveX: >{26923b43-4d38-484f-9b9e-de460746276c} - C:\Windows\System32\ie4uinit.exe -UserIconConfig
ActiveX: >{60B49E34-C7CC-11D0-8953-00A0C90347FF} - "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\iedkcs32.dll",BrandIEActiveSetup SIGNUP
 
Drivers32: msacm.ac3filter - C:\Windows\System32\ac3filter.acm ()
Drivers32: msacm.l3acm - C:\Windows\System32\l3codeca.acm (Fraunhofer Institut Integrierte Schaltungen IIS)
Drivers32: MSVideo8 - C:\Windows\System32\vfwwdm32.dll (Microsoft Corporation)
Drivers32: vidc.cvid - C:\Windows\System32\iccvid.dll (Radius Inc.)
Drivers32: VIDC.FFDS - C:\Windows\System32\ff_vfw.dll ()
Drivers32: vidc.i420 - C:\Windows\System32\i420vfw.dll (www.helixcommunity.org)
Drivers32: vidc.MP42 - MPG4C32.dll File not found
Drivers32: vidc.yv12 - C:\Windows\System32\yv12vfw.dll (www.helixcommunity.org)
 
CREATERESTOREPOINT
Restore point Set: OTL Restore Point
 
========== Files/Folders - Created Within 30 Days ==========
 
[2011.10.20 20:02:16 | 000,000,000 | ---D | C] -- C:\_OTL
[2011.10.14 17:23:33 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Avira
[2011.10.14 17:23:18 | 000,134,344 | ---- | C] (Avira GmbH) -- C:\Windows\System32\drivers\avipbb.sys
[2011.10.14 17:23:18 | 000,074,640 | ---- | C] (Avira GmbH) -- C:\Windows\System32\drivers\avgntflt.sys
[2011.10.14 17:23:18 | 000,036,000 | ---- | C] (Avira GmbH) -- C:\Windows\System32\drivers\avkmgr.sys
[2011.10.14 17:23:18 | 000,028,520 | ---- | C] (Avira GmbH) -- C:\Windows\System32\drivers\ssmdrv.sys
[2011.10.14 17:23:12 | 000,000,000 | ---D | C] -- C:\ProgramData\Avira
[2011.10.14 17:23:12 | 000,000,000 | ---D | C] -- C:\Program Files\Avira
[2011.09.30 17:55:26 | 000,000,000 | ---D | C] -- C:\Users\xxx\AppData\Roaming\Skype
[2011.09.23 13:21:34 | 000,000,000 | ---D | C] -- C:\ProgramData\vrep
[2011.09.23 13:21:21 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\V-REP EVALUATION
[2011.09.23 13:20:31 | 000,000,000 | ---D | C] -- C:\Program Files\V-REP
 
========== Files - Modified Within 30 Days ==========
 
[2011.10.20 20:57:06 | 000,016,704 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
[2011.10.20 20:57:06 | 000,016,704 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
[2011.10.20 20:53:06 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2011.10.20 20:05:32 | 2411,859,968 | -HS- | M] () -- C:\hiberfil.sys
[2011.10.20 20:04:35 | 000,000,098 | ---- | M] () -- C:\Windows\System32\drivers\etc\Hosts
[2011.10.18 20:21:06 | 000,654,166 | ---- | M] () -- C:\Windows\System32\perfh007.dat
[2011.10.18 20:21:06 | 000,616,008 | ---- | M] () -- C:\Windows\System32\perfh009.dat
[2011.10.18 20:21:06 | 000,130,006 | ---- | M] () -- C:\Windows\System32\perfc007.dat
[2011.10.18 20:21:06 | 000,106,388 | ---- | M] () -- C:\Windows\System32\perfc009.dat
[2011.10.14 17:23:33 | 000,001,944 | ---- | M] () -- C:\Users\Public\Desktop\Avira Control Center.lnk
[2011.10.14 17:11:56 | 000,437,008 | ---- | M] () -- C:\Windows\System32\FNTCACHE.DAT
[2011.10.11 15:00:01 | 000,134,344 | ---- | M] (Avira GmbH) -- C:\Windows\System32\drivers\avipbb.sys
[2011.10.11 15:00:01 | 000,074,640 | ---- | M] (Avira GmbH) -- C:\Windows\System32\drivers\avgntflt.sys
[2011.10.11 15:00:01 | 000,036,000 | ---- | M] (Avira GmbH) -- C:\Windows\System32\drivers\avkmgr.sys
[2011.09.30 18:12:33 | 000,436,898 | R--- | M] () -- C:\Windows\System32\drivers\etc\hosts.20111014-172610.backup
[2011.09.30 18:12:33 | 000,436,898 | ---- | M] () -- C:\Windows\System32\drivers\etc\hosts.20111014-172923.backup
[2011.09.30 18:12:33 | 000,436,898 | ---- | M] () -- C:\Windows\System32\drivers\etc\hosts.20111014-172704.backup
[2011.09.30 18:03:27 | 000,436,898 | R--- | M] () -- C:\Windows\System32\drivers\etc\hosts.20110930-181233.backup
[2011.09.25 18:01:04 | 000,001,075 | ---- | M] () -- C:\Users\Public\Desktop\Malwarebytes' Anti-Malware.lnk
[2011.09.23 13:21:21 | 000,001,111 | ---- | M] () -- C:\Users\Public\Desktop\V-REP EVALUATION.lnk
 
========== Files Created - No Company Name ==========
 
[2011.10.14 17:23:33 | 000,001,944 | ---- | C] () -- C:\Users\Public\Desktop\Avira Control Center.lnk
[2011.09.30 18:04:14 | 000,001,116 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Mozilla Firefox.lnk
[2011.09.23 13:21:21 | 000,001,111 | ---- | C] () -- C:\Users\Public\Desktop\V-REP EVALUATION.lnk
[2011.08.15 13:10:16 | 000,098,304 | ---- | C] () -- C:\Windows\System32\redmonnt.dll
[2011.08.05 09:29:48 | 000,200,704 | ---- | C] () -- C:\Windows\PLFSetI.exe
[2011.08.05 09:29:48 | 000,000,074 | ---- | C] () -- C:\Windows\PidList.ini
[2011.08.05 09:29:47 | 000,106,496 | ---- | C] () -- C:\Windows\FixUVC.exe
[2011.07.15 16:24:23 | 000,032,256 | ---- | C] () -- C:\Windows\System32\AVSredirect.dll
[2011.07.15 16:09:46 | 000,107,520 | RHS- | C] () -- C:\Windows\System32\TAKDSDecoder.dll
[2011.06.28 19:28:11 | 000,578,560 | ---- | C] () -- C:\Windows\System32\DLL_MHJProperties.dll
[2011.06.28 19:28:03 | 000,804,864 | ---- | C] () -- C:\Windows\System32\WS7_S7AG.dll
[2011.06.17 14:28:06 | 000,085,504 | ---- | C] () -- C:\Windows\System32\ff_vfw.dll
[2011.06.04 09:42:15 | 000,226,417 | ---- | C] () -- C:\Windows\hpoins18.dat
[2011.06.04 09:42:15 | 000,005,355 | ---- | C] () -- C:\Windows\hpomdl18.dat
[2011.06.01 23:37:20 | 000,066,048 | ---- | C] () -- C:\Windows\System32\PrintBrmUi.exe
[2009.07.14 10:47:43 | 000,654,166 | ---- | C] () -- C:\Windows\System32\perfh007.dat
[2009.07.14 10:47:43 | 000,295,922 | ---- | C] () -- C:\Windows\System32\perfi007.dat
[2009.07.14 10:47:43 | 000,130,006 | ---- | C] () -- C:\Windows\System32\perfc007.dat
[2009.07.14 10:47:43 | 000,038,104 | ---- | C] () -- C:\Windows\System32\perfd007.dat
[2009.07.14 06:57:37 | 000,067,584 | --S- | C] () -- C:\Windows\bootstat.dat
[2009.07.14 06:33:53 | 000,437,008 | ---- | C] () -- C:\Windows\System32\FNTCACHE.DAT
[2009.07.14 04:05:48 | 000,616,008 | ---- | C] () -- C:\Windows\System32\perfh009.dat
[2009.07.14 04:05:48 | 000,291,294 | ---- | C] () -- C:\Windows\System32\perfi009.dat
[2009.07.14 04:05:48 | 000,106,388 | ---- | C] () -- C:\Windows\System32\perfc009.dat
[2009.07.14 04:05:48 | 000,031,548 | ---- | C] () -- C:\Windows\System32\perfd009.dat
[2009.07.14 04:05:05 | 000,000,741 | ---- | C] () -- C:\Windows\System32\NOISE.DAT
[2009.07.14 04:04:11 | 000,215,943 | ---- | C] () -- C:\Windows\System32\dssec.dat
[2009.07.14 01:55:01 | 000,043,131 | ---- | C] () -- C:\Windows\mib.bin
[2009.07.14 01:51:43 | 000,073,728 | ---- | C] () -- C:\Windows\System32\BthpanContextHandler.dll
[2009.07.14 01:42:10 | 000,064,000 | ---- | C] () -- C:\Windows\System32\BWContextHandler.dll
[2009.06.10 23:26:10 | 000,673,088 | ---- | C] () -- C:\Windows\System32\mlang.dat
 
========== LOP Check ==========
 
[2011.06.19 09:54:01 | 000,000,000 | ---D | M] -- C:\Users\xxx\AppData\Roaming\GoPal Assistant
[2011.08.16 10:11:35 | 000,000,000 | ---D | M] -- C:\Users\xxx\AppData\Roaming\IrfanView
[2011.07.15 16:09:31 | 000,000,000 | ---D | M] -- C:\Users\xxx\AppData\Roaming\OpenCandy
[2011.08.05 15:22:53 | 000,000,000 | ---D | M] -- C:\Users\xxx\AppData\Roaming\Unigraphics Solutions
[2011.08.26 08:35:43 | 000,032,630 | ---- | M] () -- C:\Windows\Tasks\SCHEDLGU.TXT
 
========== Purity Check ==========
 
 
 
========== Custom Scans ==========
 
 
< %ALLUSERSPROFILE%\Application Data\*. >
 
< %ALLUSERSPROFILE%\Application Data\*.exe /s >
 
< %APPDATA%\*. >
[2011.06.04 09:48:42 | 000,000,000 | ---D | M] -- C:\Users\xxx\AppData\Roaming\Adobe
[2011.06.19 09:54:01 | 000,000,000 | ---D | M] -- C:\Users\xxx\AppData\Roaming\GoPal Assistant
[2011.06.04 09:48:40 | 000,000,000 | ---D | M] -- C:\Users\xxx\AppData\Roaming\HP
[2011.08.08 10:46:51 | 000,000,000 | ---D | M] -- C:\Users\xxx\AppData\Roaming\HpUpdate
[2011.06.01 19:44:03 | 000,000,000 | ---D | M] -- C:\Users\xxx\AppData\Roaming\Identities
[2011.08.05 09:29:33 | 000,000,000 | ---D | M] -- C:\Users\xxx\AppData\Roaming\InstallShield
[2011.08.16 10:11:35 | 000,000,000 | ---D | M] -- C:\Users\xxx\AppData\Roaming\IrfanView
[2011.06.15 11:52:58 | 000,000,000 | ---D | M] -- C:\Users\xxx\AppData\Roaming\Macromedia
[2011.06.01 20:37:44 | 000,000,000 | ---D | M] -- C:\Users\xxx\AppData\Roaming\Malwarebytes
[2009.07.14 10:56:56 | 000,000,000 | ---D | M] -- C:\Users\xxx\AppData\Roaming\Media Center Programs
[2011.08.31 08:55:51 | 000,000,000 | --SD | M] -- C:\Users\xxx\AppData\Roaming\Microsoft
[2011.06.01 20:14:31 | 000,000,000 | ---D | M] -- C:\Users\xxx\AppData\Roaming\Mozilla
[2011.07.15 16:09:31 | 000,000,000 | ---D | M] -- C:\Users\xxx\AppData\Roaming\OpenCandy
[2011.09.30 17:55:38 | 000,000,000 | ---D | M] -- C:\Users\xxx\AppData\Roaming\Skype
[2011.06.01 20:33:28 | 000,000,000 | ---D | M] -- C:\Users\xxx\AppData\Roaming\SUPERAntiSpyware.com
[2011.08.05 15:22:53 | 000,000,000 | ---D | M] -- C:\Users\xxx\AppData\Roaming\Unigraphics Solutions
[2011.07.22 14:29:23 | 000,000,000 | ---D | M] -- C:\Users\xxx\AppData\Roaming\Winamp
[2011.06.01 21:46:20 | 000,000,000 | ---D | M] -- C:\Users\xxx\AppData\Roaming\WinRAR
 
< %APPDATA%\*.exe /s >
[2011.06.19 10:00:42 | 000,028,672 | ---- | M] (Elektrobit Automotive GmbH) -- C:\Users\xxx\AppData\Roaming\GoPal Assistant\Library\01624285-A532-406B-97C6-3B29AFEC0D2F\AutoRunCE.exe
[2011.06.19 10:00:42 | 000,057,856 | ---- | M] () -- C:\Users\xxx\AppData\Roaming\GoPal Assistant\Library\01624285-A532-406B-97C6-3B29AFEC0D2F\1\module.exe
[2011.06.19 10:00:41 | 000,028,672 | ---- | M] (Elektrobit Automotive GmbH) -- C:\Users\xxx\AppData\Roaming\GoPal Assistant\Library\0FC9CF9D-1249-4670-A1E1-0286A5EC7FF3\AutoRunCE.exe
[2011.06.19 10:00:41 | 000,057,856 | ---- | M] () -- C:\Users\xxx\AppData\Roaming\GoPal Assistant\Library\0FC9CF9D-1249-4670-A1E1-0286A5EC7FF3\1\module.exe
[2011.06.19 10:00:43 | 000,028,672 | ---- | M] (Elektrobit Automotive GmbH) -- C:\Users\xxx\AppData\Roaming\GoPal Assistant\Library\19855CEF-6EBB-4C78-8B64-A22AF32F8CED\AutoRunCE.exe
[2011.06.19 10:00:44 | 000,057,856 | ---- | M] () -- C:\Users\xxx\AppData\Roaming\GoPal Assistant\Library\19855CEF-6EBB-4C78-8B64-A22AF32F8CED\1\module.exe
[2011.06.19 10:00:51 | 000,028,672 | ---- | M] (Elektrobit Automotive GmbH) -- C:\Users\xxx\AppData\Roaming\GoPal Assistant\Library\1D7F2C53-014F-4E8C-87D1-9158ADE49F72\AutoRunCE.exe
[2011.06.19 10:00:52 | 000,057,856 | ---- | M] () -- C:\Users\xxx\AppData\Roaming\GoPal Assistant\Library\1D7F2C53-014F-4E8C-87D1-9158ADE49F72\1\module.exe
[2011.06.19 10:00:55 | 000,028,672 | ---- | M] (Elektrobit Automotive GmbH) -- C:\Users\xxx\AppData\Roaming\GoPal Assistant\Library\29FBD32B-DFBE-40BE-BBBE-BC998233B8AC\AutoRunCE.exe
[2011.06.19 10:00:55 | 000,057,856 | ---- | M] () -- C:\Users\xxx\AppData\Roaming\GoPal Assistant\Library\29FBD32B-DFBE-40BE-BBBE-BC998233B8AC\1\module.exe
[2011.06.19 10:00:55 | 000,028,672 | ---- | M] (Elektrobit Automotive GmbH) -- C:\Users\xxx\AppData\Roaming\GoPal Assistant\Library\2FB25332-7065-42B6-B936-3508CAE5B163\AutoRunCE.exe
[2011.06.19 10:00:55 | 000,057,856 | ---- | M] () -- C:\Users\xxx\AppData\Roaming\GoPal Assistant\Library\2FB25332-7065-42B6-B936-3508CAE5B163\1\module.exe
[2011.06.19 10:00:53 | 000,028,672 | ---- | M] (Elektrobit Automotive GmbH) -- C:\Users\xxx\AppData\Roaming\GoPal Assistant\Library\444BACED-FD20-49F4-9220-5971E3C13A7D\AutoRunCE.exe
[2011.06.19 10:00:54 | 000,057,856 | ---- | M] () -- C:\Users\xxx\AppData\Roaming\GoPal Assistant\Library\444BACED-FD20-49F4-9220-5971E3C13A7D\1\module.exe
[2011.06.19 10:00:41 | 000,028,672 | ---- | M] (Elektrobit Automotive GmbH) -- C:\Users\xxx\AppData\Roaming\GoPal Assistant\Library\6754AD48-1263-4F9C-A9A8-FB63B683B0C3\AutoRunCE.exe
[2011.06.19 10:00:41 | 000,057,856 | ---- | M] () -- C:\Users\xxx\AppData\Roaming\GoPal Assistant\Library\6754AD48-1263-4F9C-A9A8-FB63B683B0C3\1\module.exe
[2011.06.19 10:00:45 | 000,028,672 | ---- | M] (Elektrobit Automotive GmbH) -- C:\Users\xxx\AppData\Roaming\GoPal Assistant\Library\6801B145-4BB6-4229-AE7D-04440D36E511\AutoRunCE.exe
[2011.06.19 10:00:46 | 000,057,856 | ---- | M] () -- C:\Users\xxx\AppData\Roaming\GoPal Assistant\Library\6801B145-4BB6-4229-AE7D-04440D36E511\1\module.exe
[2011.06.19 10:00:40 | 000,028,672 | ---- | M] (Elektrobit Automotive GmbH) -- C:\Users\xxx\AppData\Roaming\GoPal Assistant\Library\70FE1BD6-4CC4-4D9C-BA0D-5E72E4D13A1F\AutoRunCE.exe
[2011.06.19 10:00:41 | 000,057,856 | ---- | M] () -- C:\Users\xxx\AppData\Roaming\GoPal Assistant\Library\70FE1BD6-4CC4-4D9C-BA0D-5E72E4D13A1F\1\module.exe
[2011.06.19 10:00:55 | 000,028,672 | ---- | M] (Elektrobit Automotive GmbH) -- C:\Users\xxx\AppData\Roaming\GoPal Assistant\Library\757E790A-3AFD-4590-BC1F-45CA37014939\AutoRunCE.exe
[2011.06.19 10:00:56 | 000,057,856 | ---- | M] () -- C:\Users\xxx\AppData\Roaming\GoPal Assistant\Library\757E790A-3AFD-4590-BC1F-45CA37014939\1\module.exe
[2011.06.19 10:00:42 | 000,028,672 | ---- | M] (Elektrobit Automotive GmbH) -- C:\Users\xxx\AppData\Roaming\GoPal Assistant\Library\95823167-37E5-43E0-9ACA-6EE820FFFFEA\AutoRunCE.exe
[2011.06.19 10:00:42 | 000,057,856 | ---- | M] () -- C:\Users\xxx\AppData\Roaming\GoPal Assistant\Library\95823167-37E5-43E0-9ACA-6EE820FFFFEA\1\module.exe
[2011.06.19 10:00:59 | 000,028,672 | ---- | M] (Elektrobit Automotive GmbH) -- C:\Users\xxx\AppData\Roaming\GoPal Assistant\Library\C0B102C6-1CE2-4F82-A409-9DBB4FB4503F\AutoRunCE.exe
[2011.06.19 10:00:59 | 000,057,856 | ---- | M] () -- C:\Users\xxx\AppData\Roaming\GoPal Assistant\Library\C0B102C6-1CE2-4F82-A409-9DBB4FB4503F\1\module.exe
[2011.06.19 10:00:40 | 000,028,672 | ---- | M] (Elektrobit Automotive GmbH) -- C:\Users\xxx\AppData\Roaming\GoPal Assistant\Library\E0B74F54-97CE-4719-BF40-2BC4297B6414\AutoRunCE.exe
[2011.06.19 10:00:40 | 000,057,856 | ---- | M] () -- C:\Users\xxx\AppData\Roaming\GoPal Assistant\Library\E0B74F54-97CE-4719-BF40-2BC4297B6414\1\module.exe
[2011.06.19 10:00:42 | 000,028,672 | ---- | M] (Elektrobit Automotive GmbH) -- C:\Users\xxx\AppData\Roaming\GoPal Assistant\Library\EF853D38-8B7E-4913-BD92-4A8BA0859394\AutoRunCE.exe
[2011.06.19 10:00:42 | 000,057,856 | ---- | M] () -- C:\Users\xxx\AppData\Roaming\GoPal Assistant\Library\EF853D38-8B7E-4913-BD92-4A8BA0859394\1\module.exe
[2011.06.19 10:00:22 | 000,028,672 | ---- | M] (Elektrobit Automotive GmbH) -- C:\Users\xxx\AppData\Roaming\GoPal Assistant\Library\FAFBC901-5AAF-4315-857E-5159FFE7C750\AutoRunCE.exe
[2011.06.19 10:00:37 | 000,057,856 | ---- | M] () -- C:\Users\xxx\AppData\Roaming\GoPal Assistant\Library\FAFBC901-5AAF-4315-857E-5159FFE7C750\1\module.exe
[2011.06.19 10:00:48 | 000,028,672 | ---- | M] (Elektrobit Automotive GmbH) -- C:\Users\xxx\AppData\Roaming\GoPal Assistant\Library\FCBC3D1D-4056-4FDA-AB72-5978E9F7A210\AutoRunCE.exe
[2011.06.19 10:00:49 | 000,057,856 | ---- | M] () -- C:\Users\xxx\AppData\Roaming\GoPal Assistant\Library\FCBC3D1D-4056-4FDA-AB72-5978E9F7A210\1\module.exe
[2011.06.19 10:00:57 | 000,028,672 | ---- | M] (Elektrobit Automotive GmbH) -- C:\Users\xxx\AppData\Roaming\GoPal Assistant\Library\FE93A262-C76D-4EB8-9B08-F3492CEC58A8\AutoRunCE.exe
[2011.06.19 10:00:58 | 000,057,856 | ---- | M] () -- C:\Users\xxx\AppData\Roaming\GoPal Assistant\Library\FE93A262-C76D-4EB8-9B08-F3492CEC58A8\1\module.exe
[2011.08.31 08:55:51 | 000,010,134 | R--- | M] () -- C:\Users\xxx\AppData\Roaming\Microsoft\Installer\{846B5DED-DC8C-4E1A-B5B4-9F5B39A0CACE}\ARPPRODUCTICON.exe
[2011.06.07 20:58:20 | 005,845,432 | ---- | M] (Uniblue Systems Ltd                                         ) -- C:\Users\xxx\AppData\Roaming\OpenCandy\OpenCandy_5B8605A2DBB74B5BA4E771E4A0654E21\driverscanner (9).exe
[2011.07.15 16:09:32 | 000,416,160 | ---- | M] () -- C:\Users\xxx\AppData\Roaming\OpenCandy\OpenCandy_5B8605A2DBB74B5BA4E771E4A0654E21\LatestDLMgr.exe
 
< %SYSTEMDRIVE%\*.exe >
 
 
< MD5 for: AGP440.SYS  >
[2009.07.14 03:26:15 | 000,053,312 | ---- | M] (Microsoft Corporation) MD5=507812C3054C21CEF746B6EE3D04DD6E -- C:\Windows\ERDNT\cache\AGP440.sys
[2009.07.14 03:26:15 | 000,053,312 | ---- | M] (Microsoft Corporation) MD5=507812C3054C21CEF746B6EE3D04DD6E -- C:\Windows\System32\drivers\AGP440.sys
[2009.07.14 03:26:15 | 000,053,312 | ---- | M] (Microsoft Corporation) MD5=507812C3054C21CEF746B6EE3D04DD6E -- C:\Windows\System32\DriverStore\FileRepository\machine.inf_x86_neutral_a97a2a0d0fbc6696\AGP440.sys
[2009.07.14 03:26:15 | 000,053,312 | ---- | M] (Microsoft Corporation) MD5=507812C3054C21CEF746B6EE3D04DD6E -- C:\Windows\winsxs\x86_machine.inf_31bf3856ad364e35_6.1.7600.16385_none_b9e9435f20046eeb\AGP440.sys
[2009.07.14 03:26:15 | 000,053,312 | ---- | M] (Microsoft Corporation) MD5=507812C3054C21CEF746B6EE3D04DD6E -- C:\Windows\winsxs\x86_machine.inf_31bf3856ad364e35_6.1.7601.17514_none_bc1a57271cf2f285\AGP440.sys
 
< MD5 for: ATAPI.SYS  >
[2009.07.14 03:26:15 | 000,021,584 | ---- | M] (Microsoft Corporation) MD5=338C86357871C167A96AB976519BF59E -- C:\Windows\ERDNT\cache\atapi.sys
[2009.07.14 03:26:15 | 000,021,584 | ---- | M] (Microsoft Corporation) MD5=338C86357871C167A96AB976519BF59E -- C:\Windows\System32\drivers\atapi.sys
[2009.07.14 03:26:15 | 000,021,584 | ---- | M] (Microsoft Corporation) MD5=338C86357871C167A96AB976519BF59E -- C:\Windows\System32\DriverStore\FileRepository\mshdc.inf_x86_neutral_fab873f3e8a3315c\atapi.sys
[2009.07.14 03:26:15 | 000,021,584 | ---- | M] (Microsoft Corporation) MD5=338C86357871C167A96AB976519BF59E -- C:\Windows\winsxs\x86_mshdc.inf_31bf3856ad364e35_6.1.7600.16385_none_dd0e7e3d82dd640d\atapi.sys
[2009.07.14 03:26:15 | 000,021,584 | ---- | M] (Microsoft Corporation) MD5=338C86357871C167A96AB976519BF59E -- C:\Windows\winsxs\x86_mshdc.inf_31bf3856ad364e35_6.1.7601.17514_none_df3f92057fcbe7a7\atapi.sys
 
< MD5 for: CNGAUDIT.DLL  >
[2009.07.14 03:15:06 | 000,012,288 | ---- | M] (Microsoft Corporation) MD5=50BA656134F78AF64E4DD3C8B6FEFD7E -- C:\Windows\ERDNT\cache\cngaudit.dll
[2009.07.14 03:15:06 | 000,012,288 | ---- | M] (Microsoft Corporation) MD5=50BA656134F78AF64E4DD3C8B6FEFD7E -- C:\Windows\System32\cngaudit.dll
[2009.07.14 03:15:06 | 000,012,288 | ---- | M] (Microsoft Corporation) MD5=50BA656134F78AF64E4DD3C8B6FEFD7E -- C:\Windows\winsxs\x86_microsoft-windows-cngaudit-dll_31bf3856ad364e35_6.1.7600.16385_none_e83a414890e8132b\cngaudit.dll
 
< MD5 for: IASTOR.SYS  >
[2009.02.12 03:26:18 | 000,407,576 | ---- | M] (Intel Corporation) MD5=1ADAA4F16073FD0C7270F451FD024E97 -- C:\Acer\Preload\Autorun\DRV\AHCI\Driver64\IaStor.sys
[2009.02.12 03:11:50 | 000,329,752 | ---- | M] (Intel Corporation) MD5=71ECC07BC7C5E24C3DD01D8A29A24054 -- C:\Acer\Preload\Autorun\DRV\AHCI\Driver\IaStor.sys
 
< MD5 for: IASTORV.SYS  >
[2011.03.11 07:38:51 | 000,332,160 | ---- | M] (Intel Corporation) MD5=5CD5F9A5444E6CDCB0AC89BD62D8B76E -- C:\Windows\System32\drivers\iaStorV.sys
[2011.03.11 07:38:51 | 000,332,160 | ---- | M] (Intel Corporation) MD5=5CD5F9A5444E6CDCB0AC89BD62D8B76E -- C:\Windows\System32\DriverStore\FileRepository\iastorv.inf_x86_neutral_0bcee2057afcc090\iaStorV.sys
[2011.03.11 07:38:51 | 000,332,160 | ---- | M] (Intel Corporation) MD5=5CD5F9A5444E6CDCB0AC89BD62D8B76E -- C:\Windows\winsxs\x86_iastorv.inf_31bf3856ad364e35_6.1.7601.17577_none_b0daddb9e6380745\iaStorV.sys
[2011.03.11 07:43:55 | 000,332,160 | ---- | M] (Intel Corporation) MD5=71F1A494FEDF4B33C02C4A6A28D6D9E9 -- C:\Windows\winsxs\x86_iastorv.inf_31bf3856ad364e35_6.1.7600.16778_none_aef580fde910b4b0\iaStorV.sys
[2011.03.11 07:28:00 | 000,332,160 | ---- | M] (Intel Corporation) MD5=778D0E6D7D9EBA0C403BADBAAD41DB20 -- C:\Windows\winsxs\x86_iastorv.inf_31bf3856ad364e35_6.1.7601.21680_none_b152a892ff64119f\iaStorV.sys
[2009.07.14 03:20:36 | 000,332,352 | ---- | M] (Intel Corporation) MD5=934AF4D7C5F457B9F0743F4299B77B67 -- C:\Windows\winsxs\x86_iastorv.inf_31bf3856ad364e35_6.1.7600.16385_none_aee7a89be91b9000\iaStorV.sys
[2010.11.20 14:29:54 | 000,332,160 | ---- | M] (Intel Corporation) MD5=A3CAE5D281DB4CFF7CFF8233507EE5AD -- C:\Windows\System32\DriverStore\FileRepository\iastorv.inf_x86_neutral_668286aa35d55928\iaStorV.sys
[2010.11.20 14:29:54 | 000,332,160 | ---- | M] (Intel Corporation) MD5=A3CAE5D281DB4CFF7CFF8233507EE5AD -- C:\Windows\winsxs\x86_iastorv.inf_31bf3856ad364e35_6.1.7601.17514_none_b118bc63e60a139a\iaStorV.sys
[2011.03.11 07:52:21 | 000,332,160 | ---- | M] (Intel Corporation) MD5=B9039A34C2F8769490DCC494E2402445 -- C:\Windows\winsxs\x86_iastorv.inf_31bf3856ad364e35_6.1.7600.20921_none_afae2d45020c148b\iaStorV.sys
 
< MD5 for: NETLOGON.DLL  >
[2010.11.20 14:20:28 | 000,563,712 | ---- | M] (Microsoft Corporation) MD5=C1809B9907ADEDAF16F50C894100883B -- C:\Windows\ERDNT\cache\netlogon.dll
[2010.11.20 14:20:28 | 000,563,712 | ---- | M] (Microsoft Corporation) MD5=C1809B9907ADEDAF16F50C894100883B -- C:\Windows\System32\netlogon.dll
[2010.11.20 14:20:28 | 000,563,712 | ---- | M] (Microsoft Corporation) MD5=C1809B9907ADEDAF16F50C894100883B -- C:\Windows\winsxs\x86_microsoft-windows-security-netlogon_31bf3856ad364e35_6.1.7601.17514_none_ffbf212e963c0162\netlogon.dll
[2009.07.14 03:16:02 | 000,563,712 | ---- | M] (Microsoft Corporation) MD5=EAA75D9000B71F10EEC04D2AE6C60E81 -- C:\Windows\winsxs\x86_microsoft-windows-security-netlogon_31bf3856ad364e35_6.1.7600.16385_none_fd8e0d66994d7dc8\netlogon.dll
 
< MD5 for: NVSTOR.SYS  >
[2011.03.11 07:39:00 | 000,143,744 | ---- | M] (NVIDIA Corporation) MD5=4380E59A170D88C4F1022EFF6719A8A4 -- C:\Windows\System32\drivers\nvstor.sys
[2011.03.11 07:39:00 | 000,143,744 | ---- | M] (NVIDIA Corporation) MD5=4380E59A170D88C4F1022EFF6719A8A4 -- C:\Windows\System32\DriverStore\FileRepository\nvraid.inf_x86_neutral_0276fc3b3ea60d41\nvstor.sys
[2011.03.11 07:39:00 | 000,143,744 | ---- | M] (NVIDIA Corporation) MD5=4380E59A170D88C4F1022EFF6719A8A4 -- C:\Windows\winsxs\x86_nvraid.inf_31bf3856ad364e35_6.1.7601.17577_none_3ba44e691d6eb11d\nvstor.sys
[2011.03.11 07:44:01 | 000,143,744 | ---- | M] (NVIDIA Corporation) MD5=4520B63899E867F354EE012D34E11536 -- C:\Windows\winsxs\x86_nvraid.inf_31bf3856ad364e35_6.1.7600.16778_none_39bef1ad20475e88\nvstor.sys
[2011.03.11 07:28:10 | 000,143,744 | ---- | M] (NVIDIA Corporation) MD5=66D468654A58594F5F3BA63D5AD5B1AF -- C:\Windows\winsxs\x86_nvraid.inf_31bf3856ad364e35_6.1.7601.21680_none_3c1c1942369abb77\nvstor.sys
[2011.03.11 07:52:25 | 000,143,744 | ---- | M] (NVIDIA Corporation) MD5=8A7583A3B58D3EEB28BB26626526BC91 -- C:\Windows\winsxs\x86_nvraid.inf_31bf3856ad364e35_6.1.7600.20921_none_3a779df43942be63\nvstor.sys
[2010.11.20 14:30:06 | 000,143,744 | ---- | M] (NVIDIA Corporation) MD5=9283C58EBAA2618F93482EB5DABCEC82 -- C:\Windows\System32\DriverStore\FileRepository\nvraid.inf_x86_neutral_dd659ed032d28a14\nvstor.sys
[2010.11.20 14:30:06 | 000,143,744 | ---- | M] (NVIDIA Corporation) MD5=9283C58EBAA2618F93482EB5DABCEC82 -- C:\Windows\winsxs\x86_nvraid.inf_31bf3856ad364e35_6.1.7601.17514_none_3be22d131d40bd72\nvstor.sys
[2009.07.14 03:20:44 | 000,142,416 | ---- | M] (NVIDIA Corporation) MD5=C99F251A5DE63C6F129CF71933ACED0F -- C:\Windows\winsxs\x86_nvraid.inf_31bf3856ad364e35_6.1.7600.16385_none_39b1194b205239d8\nvstor.sys
 
< MD5 for: SCECLI.DLL  >
[2009.07.14 03:16:13 | 000,175,616 | ---- | M] (Microsoft Corporation) MD5=26073302DAEA83CC5B944C546D6B47D2 -- C:\Windows\winsxs\x86_microsoft-windows-s..urationengineclient_31bf3856ad364e35_6.1.7600.16385_none_37e4387f3a6f0483\scecli.dll
[2010.11.20 14:21:04 | 000,175,616 | ---- | M] (Microsoft Corporation) MD5=8124944EC89D6A1815E4E53F5B96AAF4 -- C:\Windows\ERDNT\cache\scecli.dll
[2010.11.20 14:21:04 | 000,175,616 | ---- | M] (Microsoft Corporation) MD5=8124944EC89D6A1815E4E53F5B96AAF4 -- C:\Windows\System32\scecli.dll
[2010.11.20 14:21:04 | 000,175,616 | ---- | M] (Microsoft Corporation) MD5=8124944EC89D6A1815E4E53F5B96AAF4 -- C:\Windows\winsxs\x86_microsoft-windows-s..urationengineclient_31bf3856ad364e35_6.1.7601.17514_none_3a154c47375d881d\scecli.dll
 
< MD5 for: USER32.DLL  >
[2009.07.14 03:16:17 | 000,811,520 | ---- | M] (Microsoft Corporation) MD5=34B7E222E81FAFA885F0C5F2CFA56861 -- C:\Windows\winsxs\x86_microsoft-windows-user32_31bf3856ad364e35_6.1.7600.16385_none_cd0ec264ceb014a3\user32.dll
[2010.11.20 14:21:33 | 000,811,520 | ---- | M] (Microsoft Corporation) MD5=F1DD3ACAEE5E6B4BBC69BC6DF75CEF66 -- C:\Windows\ERDNT\cache\user32.dll
[2010.11.20 14:21:33 | 000,811,520 | ---- | M] (Microsoft Corporation) MD5=F1DD3ACAEE5E6B4BBC69BC6DF75CEF66 -- C:\Windows\System32\user32.dll
[2010.11.20 14:21:33 | 000,811,520 | ---- | M] (Microsoft Corporation) MD5=F1DD3ACAEE5E6B4BBC69BC6DF75CEF66 -- C:\Windows\winsxs\x86_microsoft-windows-user32_31bf3856ad364e35_6.1.7601.17514_none_cf3fd62ccb9e983d\user32.dll
 
< MD5 for: USERINIT.EXE  >
[2010.11.20 14:17:48 | 000,026,624 | ---- | M] (Microsoft Corporation) MD5=61AC3EFDFACFDD3F0F11DD4FD4044223 -- C:\Windows\ERDNT\cache\userinit.exe
[2010.11.20 14:17:48 | 000,026,624 | ---- | M] (Microsoft Corporation) MD5=61AC3EFDFACFDD3F0F11DD4FD4044223 -- C:\Windows\System32\userinit.exe
[2010.11.20 14:17:48 | 000,026,624 | ---- | M] (Microsoft Corporation) MD5=61AC3EFDFACFDD3F0F11DD4FD4044223 -- C:\Windows\winsxs\x86_microsoft-windows-userinit_31bf3856ad364e35_6.1.7601.17514_none_de3024012ff21116\userinit.exe
[2009.07.14 03:14:43 | 000,026,112 | ---- | M] (Microsoft Corporation) MD5=6DE80F60D7DE9CE6B8C2DDFDF79EF175 -- C:\Windows\winsxs\x86_microsoft-windows-userinit_31bf3856ad364e35_6.1.7600.16385_none_dbff103933038d7c\userinit.exe
 
< MD5 for: WININIT.EXE  >
[2009.07.14 03:14:45 | 000,096,256 | ---- | M] (Microsoft Corporation) MD5=B5C5DCAD3899512020D135600129D665 -- C:\Windows\ERDNT\cache\wininit.exe
[2009.07.14 03:14:45 | 000,096,256 | ---- | M] (Microsoft Corporation) MD5=B5C5DCAD3899512020D135600129D665 -- C:\Windows\System32\wininit.exe
[2009.07.14 03:14:45 | 000,096,256 | ---- | M] (Microsoft Corporation) MD5=B5C5DCAD3899512020D135600129D665 -- C:\Windows\winsxs\x86_microsoft-windows-wininit_31bf3856ad364e35_6.1.7600.16385_none_30c90ef265a43c13\wininit.exe
 
< MD5 for: WINLOGON.EXE  >
[2009.10.28 08:17:59 | 000,285,696 | ---- | M] (Microsoft Corporation) MD5=37CDB7E72EB66BA85A87CBE37E7F03FD -- C:\Windows\winsxs\x86_microsoft-windows-winlogon_31bf3856ad364e35_6.1.7600.16447_none_6fc699643622d177\winlogon.exe
[2009.10.28 07:52:08 | 000,285,696 | ---- | M] (Microsoft Corporation) MD5=3BABE6767C78FBF5FB8435FEED187F30 -- C:\Windows\winsxs\x86_microsoft-windows-winlogon_31bf3856ad364e35_6.1.7600.20560_none_703394514f56f7c2\winlogon.exe
[2010.11.20 14:17:54 | 000,286,720 | ---- | M] (Microsoft Corporation) MD5=6D13E1406F50C66E2A95D97F22C47560 -- C:\Windows\ERDNT\cache\winlogon.exe
[2010.11.20 14:17:54 | 000,286,720 | ---- | M] (Microsoft Corporation) MD5=6D13E1406F50C66E2A95D97F22C47560 -- C:\Windows\System32\winlogon.exe
[2010.11.20 14:17:54 | 000,286,720 | ---- | M] (Microsoft Corporation) MD5=6D13E1406F50C66E2A95D97F22C47560 -- C:\Windows\winsxs\x86_microsoft-windows-winlogon_31bf3856ad364e35_6.1.7601.17514_none_71ca6b0233339500\winlogon.exe
[2009.07.14 03:14:45 | 000,285,696 | ---- | M] (Microsoft Corporation) MD5=8EC6A4AB12B8F3759E21F8E3A388F2CF -- C:\Windows\winsxs\x86_microsoft-windows-winlogon_31bf3856ad364e35_6.1.7600.16385_none_6f99573a36451166\winlogon.exe
 
< MD5 for: WS2IFSL.SYS  >
[2009.07.14 01:55:02 | 000,016,384 | ---- | M] (Microsoft Corporation) MD5=6DB3276587B853BF886B69528FDB048C -- C:\Windows\System32\drivers\ws2ifsl.sys
[2009.07.14 01:55:02 | 000,016,384 | ---- | M] (Microsoft Corporation) MD5=6DB3276587B853BF886B69528FDB048C -- C:\Windows\winsxs\x86_microsoft-windows-w..rastructure-ws2ifsl_31bf3856ad364e35_6.1.7600.16385_none_4f5cf6f829213bb2\ws2ifsl.sys
 
< %systemroot%\system32\drivers\*.sys /lockedfiles >
 
< %systemroot%\System32\config\*.sav >
 
< %systemroot%\*. /mp /s >
 
< %systemroot%\system32\*.dll /lockedfiles >
 
<           >

< End of report >
--- --- ---

Alt 20.10.2011, 20:23   #14
JasonVorhees
 
Probleme mit verschiedenen Funden - Standard

Probleme mit verschiedenen Funden


sorry zu spät gelesen

Alt 20.10.2011, 20:28   #15
JasonVorhees
 
Probleme mit verschiedenen Funden - Standard

Probleme mit verschiedenen Funden


hier der neue log:

21:25:06.0883 1552 TDSS rootkit removing tool 2.6.11.0 Oct 19 2011 13:50:27
21:25:06.0992 1552 ============================================================
21:25:06.0992 1552 Current date / time: 2011/10/20 21:25:06.0992
21:25:06.0992 1552 SystemInfo:
21:25:06.0992 1552
21:25:06.0992 1552 OS Version: 6.1.7601 ServicePack: 1.0
21:25:06.0992 1552 Product type: Workstation
21:25:06.0992 1552 ComputerName: XXX-PC
21:25:06.0992 1552 UserName: xxx
21:25:06.0992 1552 Windows directory: C:\Windows
21:25:06.0992 1552 System windows directory: C:\Windows
21:25:06.0992 1552 Processor architecture: Intel x86
21:25:06.0992 1552 Number of processors: 2
21:25:06.0992 1552 Page size: 0x1000
21:25:06.0992 1552 Boot type: Normal boot
21:25:06.0992 1552 ============================================================
21:25:08.0147 1552 Initialize success
21:26:21.0451 2780 ============================================================
21:26:21.0451 2780 Scan started
21:26:21.0451 2780 Mode: Manual; SigCheck; TDLFS;
21:26:21.0451 2780 ============================================================
21:26:21.0966 2780 1394ohci (1b133875b8aa8ac48969bd3458afe9f5) C:\Windows\system32\drivers\1394ohci.sys
21:26:22.0107 2780 1394ohci - ok
21:26:22.0138 2780 ACPI (cea80c80bed809aa0da6febc04733349) C:\Windows\system32\drivers\ACPI.sys
21:26:22.0169 2780 ACPI - ok
21:26:22.0278 2780 AcpiPmi (1efbc664abff416d1d07db115dcb264f) C:\Windows\system32\drivers\acpipmi.sys
21:26:22.0341 2780 AcpiPmi - ok
21:26:22.0512 2780 adp94xx (21e785ebd7dc90a06391141aac7892fb) C:\Windows\system32\DRIVERS\adp94xx.sys
21:26:22.0543 2780 adp94xx - ok
21:26:22.0684 2780 adpahci (0c676bc278d5b59ff5abd57bbe9123f2) C:\Windows\system32\DRIVERS\adpahci.sys
21:26:22.0699 2780 adpahci - ok
21:26:22.0746 2780 adpu320 (7c7b5ee4b7b822ec85321fe23a27db33) C:\Windows\system32\DRIVERS\adpu320.sys
21:26:22.0762 2780 adpu320 - ok
21:26:22.0902 2780 AFD (9ebbba55060f786f0fcaa3893bfa2806) C:\Windows\system32\drivers\afd.sys
21:26:22.0965 2780 AFD - ok
21:26:23.0105 2780 AgereSoftModem (7e10e3bb9b258ad8a9300f91214d67b9) C:\Windows\system32\DRIVERS\AGRSM.sys
21:26:23.0152 2780 AgereSoftModem - ok
21:26:23.0386 2780 agp440 (507812c3054c21cef746b6ee3d04dd6e) C:\Windows\system32\drivers\agp440.sys
21:26:23.0401 2780 agp440 - ok
21:26:23.0604 2780 aic78xx (8b30250d573a8f6b4bd23195160d8707) C:\Windows\system32\DRIVERS\djsvs.sys
21:26:23.0620 2780 aic78xx - ok
21:26:23.0760 2780 aliide (0d40bcf52ea90fc7df2aeab6503dea44) C:\Windows\system32\drivers\aliide.sys
21:26:23.0776 2780 aliide - ok
21:26:23.0791 2780 amdagp (3c6600a0696e90a463771c7422e23ab5) C:\Windows\system32\drivers\amdagp.sys
21:26:23.0807 2780 amdagp - ok
21:26:23.0823 2780 amdide (cd5914170297126b6266860198d1d4f0) C:\Windows\system32\drivers\amdide.sys
21:26:23.0838 2780 amdide - ok
21:26:23.0916 2780 AmdK8 (00dda200d71bac534bf56a9db5dfd666) C:\Windows\system32\DRIVERS\amdk8.sys
21:26:23.0979 2780 AmdK8 - ok
21:26:24.0025 2780 AmdPPM (3cbf30f5370fda40dd3e87df38ea53b6) C:\Windows\system32\DRIVERS\amdppm.sys
21:26:24.0088 2780 AmdPPM - ok
21:26:24.0197 2780 amdsata (d320bf87125326f996d4904fe24300fc) C:\Windows\system32\drivers\amdsata.sys
21:26:24.0213 2780 amdsata - ok
21:26:24.0275 2780 amdsbs (ea43af0c423ff267355f74e7a53bdaba) C:\Windows\system32\DRIVERS\amdsbs.sys
21:26:24.0291 2780 amdsbs - ok
21:26:24.0337 2780 amdxata (46387fb17b086d16dea267d5be23a2f2) C:\Windows\system32\drivers\amdxata.sys
21:26:24.0353 2780 amdxata - ok
21:26:24.0478 2780 AppID (aea177f783e20150ace5383ee368da19) C:\Windows\system32\drivers\appid.sys
21:26:24.0540 2780 AppID - ok
21:26:24.0696 2780 arc (2932004f49677bd84dbc72edb754ffb3) C:\Windows\system32\DRIVERS\arc.sys
21:26:24.0727 2780 arc - ok
21:26:24.0727 2780 arcsas (5d6f36c46fd283ae1b57bd2e9feb0bc7) C:\Windows\system32\DRIVERS\arcsas.sys
21:26:24.0743 2780 arcsas - ok
21:26:24.0774 2780 AsyncMac (add2ade1c2b285ab8378d2daaf991481) C:\Windows\system32\DRIVERS\asyncmac.sys
21:26:24.0837 2780 AsyncMac - ok
21:26:24.0946 2780 atapi (338c86357871c167a96ab976519bf59e) C:\Windows\system32\drivers\atapi.sys
21:26:24.0961 2780 atapi - ok
21:26:25.0102 2780 avgntflt (7713e4eb0276702faa08e52a6e23f2a6) C:\Windows\system32\DRIVERS\avgntflt.sys
21:26:25.0523 2780 avgntflt - ok
21:26:25.0632 2780 avipbb (912d23140cd05980f6cdae790ddafc8d) C:\Windows\system32\DRIVERS\avipbb.sys
21:26:25.0648 2780 avipbb - ok
21:26:25.0726 2780 avkmgr (271cfd1a989209b1964e24d969552bf7) C:\Windows\system32\DRIVERS\avkmgr.sys
21:26:25.0741 2780 avkmgr - ok
21:26:25.0851 2780 b06bdrv (1a231abec60fd316ec54c66715543cec) C:\Windows\system32\DRIVERS\bxvbdx.sys
21:26:25.0897 2780 b06bdrv - ok
21:26:26.0038 2780 b57nd60x (bd8869eb9cde6bbe4508d869929869ee) C:\Windows\system32\DRIVERS\b57nd60x.sys
21:26:26.0069 2780 b57nd60x - ok
21:26:26.0116 2780 Beep (505506526a9d467307b3c393dedaf858) C:\Windows\system32\drivers\Beep.sys
21:26:26.0163 2780 Beep - ok
21:26:26.0287 2780 blbdrive (2287078ed48fcfc477b05b20cf38f36f) C:\Windows\system32\DRIVERS\blbdrive.sys
21:26:26.0334 2780 blbdrive - ok
21:26:26.0381 2780 bowser (8f2da3028d5fcbd1a060a3de64cd6506) C:\Windows\system32\DRIVERS\bowser.sys
21:26:26.0412 2780 bowser - ok
21:26:26.0537 2780 BrFiltLo (9f9acc7f7ccde8a15c282d3f88b43309) C:\Windows\system32\DRIVERS\BrFiltLo.sys
21:26:26.0584 2780 BrFiltLo - ok
21:26:26.0615 2780 BrFiltUp (56801ad62213a41f6497f96dee83755a) C:\Windows\system32\DRIVERS\BrFiltUp.sys
21:26:26.0646 2780 BrFiltUp - ok
21:26:26.0771 2780 Brserid (845b8ce732e67f3b4133164868c666ea) C:\Windows\System32\Drivers\Brserid.sys
21:26:26.0818 2780 Brserid - ok
21:26:26.0833 2780 BrSerWdm (203f0b1e73adadbbb7b7b1fabd901f6b) C:\Windows\System32\Drivers\BrSerWdm.sys
21:26:26.0865 2780 BrSerWdm - ok
21:26:26.0989 2780 BrUsbMdm (bd456606156ba17e60a04e18016ae54b) C:\Windows\System32\Drivers\BrUsbMdm.sys
21:26:27.0036 2780 BrUsbMdm - ok
21:26:27.0052 2780 BrUsbSer (af72ed54503f717a43268b3cc5faec2e) C:\Windows\System32\Drivers\BrUsbSer.sys
21:26:27.0099 2780 BrUsbSer - ok
21:26:27.0208 2780 BTHMODEM (ed3df7c56ce0084eb2034432fc56565a) C:\Windows\system32\DRIVERS\bthmodem.sys
21:26:27.0255 2780 BTHMODEM - ok
21:26:27.0395 2780 catchme - ok
21:26:27.0489 2780 cdfs (77ea11b065e0a8ab902d78145ca51e10) C:\Windows\system32\DRIVERS\cdfs.sys
21:26:27.0551 2780 cdfs - ok
21:26:27.0676 2780 cdrom (be167ed0fdb9c1fa1133953c18d5a6c9) C:\Windows\system32\drivers\cdrom.sys
21:26:27.0707 2780 cdrom - ok
21:26:27.0801 2780 circlass (3fe3fe94a34df6fb06e6418d0f6a0060) C:\Windows\system32\DRIVERS\circlass.sys
21:26:27.0863 2780 circlass - ok
21:26:27.0941 2780 CLFS (635181e0e9bbf16871bf5380d71db02d) C:\Windows\system32\CLFS.sys
21:26:27.0957 2780 CLFS - ok
21:26:28.0035 2780 CmBatt (dea805815e587dad1dd2c502220b5616) C:\Windows\system32\DRIVERS\CmBatt.sys
21:26:28.0066 2780 CmBatt - ok
21:26:28.0128 2780 cmdide (c537b1db64d495b9b4717b4d6d9edbf2) C:\Windows\system32\drivers\cmdide.sys
21:26:28.0144 2780 cmdide - ok
21:26:28.0175 2780 CNG (1b675691ed940766149c93e8f4488d68) C:\Windows\system32\Drivers\cng.sys
21:26:28.0222 2780 CNG - ok
21:26:28.0284 2780 Compbatt (a6023d3823c37043986713f118a89bee) C:\Windows\system32\DRIVERS\compbatt.sys
21:26:28.0300 2780 Compbatt - ok
21:26:28.0393 2780 CompositeBus (cbe8c58a8579cfe5fccf809e6f114e89) C:\Windows\system32\drivers\CompositeBus.sys
21:26:28.0425 2780 CompositeBus - ok
21:26:28.0518 2780 crcdisk (2c4ebcfc84a9b44f209dff6c6e6c61d1) C:\Windows\system32\DRIVERS\crcdisk.sys
21:26:28.0534 2780 crcdisk - ok
21:26:28.0768 2780 CSC (3c2177a897b4ca2788c6fb0c3fd81d4b) C:\Windows\system32\drivers\csc.sys
21:26:28.0815 2780 CSC - ok
21:26:28.0908 2780 DfsC (f024449c97ec1e464aaffda18593db88) C:\Windows\system32\Drivers\dfsc.sys
21:26:28.0971 2780 DfsC - ok
21:26:29.0049 2780 discache (1a050b0274bfb3890703d490f330c0da) C:\Windows\system32\drivers\discache.sys
21:26:29.0111 2780 discache - ok
21:26:29.0220 2780 Disk (565003f326f99802e68ca78f2a68e9ff) C:\Windows\system32\DRIVERS\disk.sys
21:26:29.0236 2780 Disk - ok
21:26:29.0329 2780 Dot4 (b5e479eb83707dd698f66953e922042c) C:\Windows\system32\DRIVERS\Dot4.sys
21:26:29.0361 2780 Dot4 - ok
21:26:29.0439 2780 Dot4Print (caefd09b6a6249c53a67d55a9a9fcabf) C:\Windows\system32\DRIVERS\Dot4Prt.sys
21:26:29.0501 2780 Dot4Print - ok
21:26:29.0595 2780 dot4usb (cf491ff38d62143203c065260567e2f7) C:\Windows\system32\DRIVERS\dot4usb.sys
21:26:29.0626 2780 dot4usb - ok
21:26:29.0704 2780 drmkaud (b918e7c5f9bf77202f89e1a9539f2eb4) C:\Windows\system32\drivers\drmkaud.sys
21:26:29.0751 2780 drmkaud - ok
21:26:29.0829 2780 DXGKrnl (23f5d28378a160352ba8f817bd8c71cb) C:\Windows\System32\drivers\dxgkrnl.sys
21:26:29.0875 2780 DXGKrnl - ok
21:26:30.0063 2780 ebdrv (024e1b5cac09731e4d868e64dbfb4ab0) C:\Windows\system32\DRIVERS\evbdx.sys
21:26:30.0125 2780 ebdrv - ok
21:26:30.0281 2780 elxstor (0ed67910c8c326796faa00b2bf6d9d3c) C:\Windows\system32\DRIVERS\elxstor.sys
21:26:30.0297 2780 elxstor - ok
21:26:30.0406 2780 ErrDev (8fc3208352dd3912c94367a206ab3f11) C:\Windows\system32\drivers\errdev.sys
21:26:30.0453 2780 ErrDev - ok
21:26:30.0515 2780 exfat (2dc9108d74081149cc8b651d3a26207f) C:\Windows\system32\drivers\exfat.sys
21:26:30.0562 2780 exfat - ok
21:26:30.0687 2780 fastfat (7e0ab74553476622fb6ae36f73d97d35) C:\Windows\system32\drivers\fastfat.sys
21:26:30.0749 2780 fastfat - ok
21:26:30.0874 2780 fdc (e817a017f82df2a1f8cfdbda29388b29) C:\Windows\system32\DRIVERS\fdc.sys
21:26:30.0921 2780 fdc - ok
21:26:30.0967 2780 FileInfo (6cf00369c97f3cf563be99be983d13d8) C:\Windows\system32\drivers\fileinfo.sys
21:26:30.0983 2780 FileInfo - ok
21:26:31.0077 2780 Filetrace (42c51dc94c91da21cb9196eb64c45db9) C:\Windows\system32\drivers\filetrace.sys
21:26:31.0155 2780 Filetrace - ok
21:26:31.0186 2780 flpydisk (87907aa70cb3c56600f1c2fb8841579b) C:\Windows\system32\DRIVERS\flpydisk.sys
21:26:31.0217 2780 flpydisk - ok
21:26:31.0373 2780 FltMgr (7520ec808e0c35e0ee6f841294316653) C:\Windows\system32\drivers\fltmgr.sys
21:26:31.0389 2780 FltMgr - ok
21:26:31.0513 2780 FsDepends (1a16b57943853e598cff37fe2b8cbf1d) C:\Windows\system32\drivers\FsDepends.sys
21:26:31.0529 2780 FsDepends - ok
21:26:31.0576 2780 Fs_Rec (a574b4360e438977038aae4bf60d79a2) C:\Windows\system32\drivers\Fs_Rec.sys
21:26:31.0607 2780 Fs_Rec - ok
21:26:31.0747 2780 fvevol (8a73e79089b282100b9393b644cb853b) C:\Windows\system32\DRIVERS\fvevol.sys
21:26:31.0779 2780 fvevol - ok
21:26:31.0841 2780 gagp30kx (65ee0c7a58b65e74ae05637418153938) C:\Windows\system32\DRIVERS\gagp30kx.sys
21:26:31.0857 2780 gagp30kx - ok
21:26:31.0950 2780 hcw85cir (c44e3c2bab6837db337ddee7544736db) C:\Windows\system32\drivers\hcw85cir.sys
21:26:32.0013 2780 hcw85cir - ok
21:26:32.0153 2780 HdAudAddService (a5ef29d5315111c80a5c1abad14c8972) C:\Windows\system32\drivers\HdAudio.sys
21:26:32.0215 2780 HdAudAddService - ok
21:26:32.0293 2780 HDAudBus (9036377b8a6c15dc2eec53e489d159b5) C:\Windows\system32\drivers\HDAudBus.sys
21:26:32.0356 2780 HDAudBus - ok
21:26:32.0418 2780 HidBatt (1d58a7f3e11a9731d0eaaaa8405acc36) C:\Windows\system32\DRIVERS\HidBatt.sys
21:26:32.0465 2780 HidBatt - ok
21:26:32.0527 2780 HidBth (89448f40e6df260c206a193a4683ba78) C:\Windows\system32\DRIVERS\hidbth.sys
21:26:32.0574 2780 HidBth - ok
21:26:32.0652 2780 HidIr (cf50b4cf4a4f229b9f3c08351f99ca5e) C:\Windows\system32\DRIVERS\hidir.sys
21:26:32.0715 2780 HidIr - ok
21:26:32.0839 2780 HidUsb (10c19f8290891af023eaec0832e1eb4d) C:\Windows\system32\drivers\hidusb.sys
21:26:32.0871 2780 HidUsb - ok
21:26:32.0917 2780 HpSAMD (295fdc419039090eb8b49ffdbb374549) C:\Windows\system32\drivers\HpSAMD.sys
21:26:32.0933 2780 HpSAMD - ok
21:26:33.0058 2780 HTTP (871917b07a141bff43d76d8844d48106) C:\Windows\system32\drivers\HTTP.sys
21:26:33.0120 2780 HTTP - ok
21:26:33.0245 2780 hwpolicy (0c4e035c7f105f1299258c90886c64c5) C:\Windows\system32\drivers\hwpolicy.sys
21:26:33.0261 2780 hwpolicy - ok
21:26:33.0292 2780 i8042prt (f151f0bdc47f4a28b1b20a0818ea36d6) C:\Windows\system32\drivers\i8042prt.sys
21:26:33.0339 2780 i8042prt - ok
21:26:33.0495 2780 iaStorV (5cd5f9a5444e6cdcb0ac89bd62d8b76e) C:\Windows\system32\drivers\iaStorV.sys
21:26:33.0526 2780 iaStorV - ok
21:26:33.0573 2780 iirsp (4173ff5708f3236cf25195fecd742915) C:\Windows\system32\DRIVERS\iirsp.sys
21:26:33.0588 2780 iirsp - ok
21:26:33.0666 2780 intelide (a0f12f2c9ba6c72f3987ce780e77c130) C:\Windows\system32\drivers\intelide.sys
21:26:33.0682 2780 intelide - ok
21:26:33.0729 2780 intelppm (3b514d27bfc4accb4037bc6685f766e0) C:\Windows\system32\DRIVERS\intelppm.sys
21:26:33.0760 2780 intelppm - ok
21:26:33.0869 2780 IpFilterDriver (709d1761d3b19a932ff0238ea6d50200) C:\Windows\system32\DRIVERS\ipfltdrv.sys
21:26:33.0931 2780 IpFilterDriver - ok
21:26:33.0994 2780 IPMIDRV (4bd7134618c1d2a27466a099062547bf) C:\Windows\system32\drivers\IPMIDrv.sys
21:26:34.0041 2780 IPMIDRV - ok
21:26:34.0134 2780 IPNAT (a5fa468d67abcdaa36264e463a7bb0cd) C:\Windows\system32\drivers\ipnat.sys
21:26:34.0197 2780 IPNAT - ok
21:26:34.0275 2780 IRENUM (42996cff20a3084a56017b7902307e9f) C:\Windows\system32\drivers\irenum.sys
21:26:34.0306 2780 IRENUM - ok
21:26:34.0368 2780 isapnp (1f32bb6b38f62f7df1a7ab7292638a35) C:\Windows\system32\drivers\isapnp.sys
21:26:34.0384 2780 isapnp - ok
21:26:34.0399 2780 iScsiPrt (cb7a9abb12b8415bce5d74994c7ba3ae) C:\Windows\system32\drivers\msiscsi.sys
21:26:34.0431 2780 iScsiPrt - ok
21:26:34.0524 2780 k57nd60x (c4c95805b85bce1eb9d20f4a02fc5f9b) C:\Windows\system32\DRIVERS\k57nd60x.sys
21:26:34.0555 2780 k57nd60x - ok
21:26:34.0633 2780 kbdclass (adef52ca1aeae82b50df86b56413107e) C:\Windows\system32\drivers\kbdclass.sys
21:26:34.0649 2780 kbdclass - ok
21:26:34.0743 2780 kbdhid (9e3ced91863e6ee98c24794d05e27a71) C:\Windows\system32\drivers\kbdhid.sys
21:26:34.0789 2780 kbdhid - ok
21:26:34.0836 2780 KSecDD (412cea1aa78cc02a447f5c9e62b32ff1) C:\Windows\system32\Drivers\ksecdd.sys
21:26:34.0852 2780 KSecDD - ok
21:26:34.0914 2780 KSecPkg (26c046977e85b95036453d7b88ba1820) C:\Windows\system32\Drivers\ksecpkg.sys
21:26:34.0945 2780 KSecPkg - ok
21:26:35.0070 2780 lltdio (f7611ec07349979da9b0ae1f18ccc7a6) C:\Windows\system32\DRIVERS\lltdio.sys
21:26:35.0148 2780 lltdio - ok
21:26:35.0289 2780 LSI_FC (eb119a53ccf2acc000ac71b065b78fef) C:\Windows\system32\DRIVERS\lsi_fc.sys
21:26:35.0304 2780 LSI_FC - ok
21:26:35.0320 2780 LSI_SAS (8ade1c877256a22e49b75d1cc9161f9c) C:\Windows\system32\DRIVERS\lsi_sas.sys
21:26:35.0335 2780 LSI_SAS - ok
21:26:35.0335 2780 LSI_SAS2 (dc9dc3d3daa0e276fd2ec262e38b11e9) C:\Windows\system32\DRIVERS\lsi_sas2.sys
21:26:35.0351 2780 LSI_SAS2 - ok
21:26:35.0367 2780 LSI_SCSI (0a036c7d7cab643a7f07135ac47e0524) C:\Windows\system32\DRIVERS\lsi_scsi.sys
21:26:35.0382 2780 LSI_SCSI - ok
21:26:35.0398 2780 luafv (6703e366cc18d3b6e534f5cf7df39cee) C:\Windows\system32\drivers\luafv.sys
21:26:35.0445 2780 luafv - ok
21:26:35.0569 2780 MBAMSwissArmy - ok
21:26:35.0616 2780 megasas (0fff5b045293002ab38eb1fd1fc2fb74) C:\Windows\system32\DRIVERS\megasas.sys
21:26:35.0632 2780 megasas - ok
21:26:35.0647 2780 MegaSR (dcbab2920c75f390caf1d29f675d03d6) C:\Windows\system32\DRIVERS\MegaSR.sys
21:26:35.0663 2780 MegaSR - ok
21:26:35.0694 2780 Modem (f001861e5700ee84e2d4e52c712f4964) C:\Windows\system32\drivers\modem.sys
21:26:35.0757 2780 Modem - ok
21:26:35.0881 2780 monitor (79d10964de86b292320e9dfe02282a23) C:\Windows\system32\DRIVERS\monitor.sys
21:26:35.0928 2780 monitor - ok
21:26:35.0991 2780 mouclass (fb18cc1d4c2e716b6b903b0ac0cc0609) C:\Windows\system32\drivers\mouclass.sys
21:26:36.0006 2780 mouclass - ok
21:26:36.0131 2780 mouhid (2c388d2cd01c9042596cf3c8f3c7b24d) C:\Windows\system32\DRIVERS\mouhid.sys
21:26:36.0147 2780 mouhid - ok
21:26:36.0193 2780 mountmgr (fc8771f45ecccfd89684e38842539b9b) C:\Windows\system32\drivers\mountmgr.sys
21:26:36.0209 2780 mountmgr - ok
21:26:36.0256 2780 mpio (2d699fb6e89ce0d8da14ecc03b3edfe0) C:\Windows\system32\drivers\mpio.sys
21:26:36.0271 2780 mpio - ok
21:26:36.0381 2780 mpsdrv (ad2723a7b53dd1aacae6ad8c0bfbf4d0) C:\Windows\system32\drivers\mpsdrv.sys
21:26:36.0443 2780 mpsdrv - ok
21:26:36.0474 2780 MRxDAV (ceb46ab7c01c9f825f8cc6babc18166a) C:\Windows\system32\drivers\mrxdav.sys
21:26:36.0521 2780 MRxDAV - ok
21:26:36.0630 2780 mrxsmb (5d16c921e3671636c0eba3bbaac5fd25) C:\Windows\system32\DRIVERS\mrxsmb.sys
21:26:36.0677 2780 mrxsmb - ok
21:26:36.0739 2780 mrxsmb10 (6d17a4791aca19328c685d256349fefc) C:\Windows\system32\DRIVERS\mrxsmb10.sys
21:26:36.0786 2780 mrxsmb10 - ok
21:26:36.0895 2780 mrxsmb20 (b81f204d146000be76651a50670a5e9e) C:\Windows\system32\DRIVERS\mrxsmb20.sys
21:26:36.0942 2780 mrxsmb20 - ok
21:26:36.0973 2780 msahci (012c5f4e9349e711e11e0f19a8589f0a) C:\Windows\system32\drivers\msahci.sys
21:26:37.0005 2780 msahci - ok
21:26:37.0114 2780 msdsm (55055f8ad8be27a64c831322a780a228) C:\Windows\system32\drivers\msdsm.sys
21:26:37.0129 2780 msdsm - ok
21:26:37.0176 2780 Msfs (daefb28e3af5a76abcc2c3078c07327f) C:\Windows\system32\drivers\Msfs.sys
21:26:37.0207 2780 Msfs - ok
21:26:37.0301 2780 mshidkmdf (3e1e5767043c5af9367f0056295e9f84) C:\Windows\System32\drivers\mshidkmdf.sys
21:26:37.0379 2780 mshidkmdf - ok
21:26:37.0410 2780 msisadrv (0a4e5757ae09fa9622e3158cc1aef114) C:\Windows\system32\drivers\msisadrv.sys
21:26:37.0441 2780 msisadrv - ok
21:26:37.0566 2780 MSKSSRV (8c0860d6366aaffb6c5bb9df9448e631) C:\Windows\system32\drivers\MSKSSRV.sys
21:26:37.0629 2780 MSKSSRV - ok
21:26:37.0660 2780 MSPCLOCK (3ea8b949f963562cedbb549eac0c11ce) C:\Windows\system32\drivers\MSPCLOCK.sys
21:26:37.0722 2780 MSPCLOCK - ok
21:26:37.0847 2780 MSPQM (f456e973590d663b1073e9c463b40932) C:\Windows\system32\drivers\MSPQM.sys
21:26:37.0909 2780 MSPQM - ok
21:26:37.0941 2780 MsRPC (0e008fc4819d238c51d7c93e7b41e560) C:\Windows\system32\drivers\MsRPC.sys
21:26:37.0956 2780 MsRPC - ok
21:26:38.0050 2780 mssmbios (fc6b9ff600cc585ea38b12589bd4e246) C:\Windows\system32\drivers\mssmbios.sys
21:26:38.0065 2780 mssmbios - ok
21:26:38.0097 2780 MSTEE (b42c6b921f61a6e55159b8be6cd54a36) C:\Windows\system32\drivers\MSTEE.sys
21:26:38.0159 2780 MSTEE - ok
21:26:38.0268 2780 MTConfig (33599130f44e1f34631cea241de8ac84) C:\Windows\system32\DRIVERS\MTConfig.sys
21:26:38.0315 2780 MTConfig - ok
21:26:38.0331 2780 Mup (159fad02f64e6381758c990f753bcc80) C:\Windows\system32\Drivers\mup.sys
21:26:38.0346 2780 Mup - ok
21:26:38.0455 2780 NativeWifiP (26384429fcd85d83746f63e798ab1480) C:\Windows\system32\DRIVERS\nwifi.sys
21:26:38.0487 2780 NativeWifiP - ok
21:26:38.0518 2780 NDIS (e7c54812a2aaf43316eb6930c1ffa108) C:\Windows\system32\drivers\ndis.sys
21:26:38.0549 2780 NDIS - ok
21:26:38.0674 2780 NdisCap (0e1787aa6c9191d3d319e8bafe86f80c) C:\Windows\system32\DRIVERS\ndiscap.sys
21:26:38.0736 2780 NdisCap - ok
21:26:39.0033 2780 NdisTapi (e4a8aec125a2e43a9e32afeea7c9c888) C:\Windows\system32\DRIVERS\ndistapi.sys
21:26:39.0126 2780 NdisTapi - ok
21:26:39.0251 2780 Ndisuio (d8a65dafb3eb41cbb622745676fcd072) C:\Windows\system32\DRIVERS\ndisuio.sys
21:26:39.0329 2780 Ndisuio - ok
21:26:39.0360 2780 NdisWan (38fbe267e7e6983311179230facb1017) C:\Windows\system32\DRIVERS\ndiswan.sys
21:26:39.0423 2780 NdisWan - ok
21:26:39.0547 2780 NDProxy (a4bdc541e69674fbff1a8ff00be913f2) C:\Windows\system32\drivers\NDProxy.sys
21:26:39.0610 2780 NDProxy - ok
21:26:39.0766 2780 NetBIOS (80b275b1ce3b0e79909db7b39af74d51) C:\Windows\system32\DRIVERS\netbios.sys
21:26:39.0844 2780 NetBIOS - ok
21:26:39.0891 2780 NetBT (280122ddcf04b378edd1ad54d71c1e54) C:\Windows\system32\DRIVERS\netbt.sys
21:26:39.0922 2780 NetBT - ok
21:26:40.0203 2780 NETw5s32 (ef51b405ad8acaae6f0231290d20f516) C:\Windows\system32\DRIVERS\NETw5s32.sys
21:26:40.0281 2780 NETw5s32 - ok
21:26:40.0499 2780 netw5v32 (58218ec6b61b1169cf54aab0d00f5fe2) C:\Windows\system32\DRIVERS\netw5v32.sys
21:26:40.0577 2780 netw5v32 - ok
21:26:40.0717 2780 nfrd960 (1d85c4b390b0ee09c7a46b91efb2c097) C:\Windows\system32\DRIVERS\nfrd960.sys
21:26:40.0733 2780 nfrd960 - ok
21:26:40.0858 2780 Npfs (1db262a9f8c087e8153d89bef3d2235f) C:\Windows\system32\drivers\Npfs.sys
21:26:40.0936 2780 Npfs - ok
21:26:40.0967 2780 nsiproxy (e9a0a4d07e53d8fea2bb8387a3293c58) C:\Windows\system32\drivers\nsiproxy.sys
21:26:41.0029 2780 nsiproxy - ok
21:26:41.0170 2780 Ntfs (81189c3d7763838e55c397759d49007a) C:\Windows\system32\drivers\Ntfs.sys
21:26:41.0201 2780 Ntfs - ok
21:26:41.0310 2780 NTIDrvr (2757d2ba59aee155209e24942ab127c9) C:\Windows\system32\DRIVERS\NTIDrvr.sys
21:26:41.0326 2780 NTIDrvr - ok
21:26:41.0388 2780 Null (f9756a98d69098dca8945d62858a812c) C:\Windows\system32\drivers\Null.sys
21:26:41.0451 2780 Null - ok
21:26:41.0794 2780 nvlddmkm (9a55250a7edc9ea12dc3495f5e9f8703) C:\Windows\system32\DRIVERS\nvlddmkm.sys
21:26:41.0950 2780 nvlddmkm - ok
21:26:42.0075 2780 nvraid (b3e25ee28883877076e0e1ff877d02e0) C:\Windows\system32\drivers\nvraid.sys
21:26:42.0090 2780 nvraid - ok
21:26:42.0106 2780 nvstor (4380e59a170d88c4f1022eff6719a8a4) C:\Windows\system32\drivers\nvstor.sys
21:26:42.0121 2780 nvstor - ok
21:26:42.0231 2780 nv_agp (5a0983915f02bae73267cc2a041f717d) C:\Windows\system32\drivers\nv_agp.sys
21:26:42.0262 2780 nv_agp - ok
21:26:42.0293 2780 ohci1394 (08a70a1f2cdde9bb49b885cb817a66eb) C:\Windows\system32\drivers\ohci1394.sys
21:26:42.0340 2780 ohci1394 - ok
21:26:42.0480 2780 Parport (2ea877ed5dd9713c5ac74e8ea7348d14) C:\Windows\system32\DRIVERS\parport.sys
21:26:42.0527 2780 Parport - ok
21:26:42.0574 2780 partmgr (bf8f6af06da75b336f07e23aef97d93b) C:\Windows\system32\drivers\partmgr.sys
21:26:42.0589 2780 partmgr - ok
21:26:42.0699 2780 Parvdm (eb0a59f29c19b86479d36b35983daadc) C:\Windows\system32\DRIVERS\parvdm.sys
21:26:42.0745 2780 Parvdm - ok
21:26:42.0792 2780 pci (673e55c3498eb970088e812ea820aa8f) C:\Windows\system32\drivers\pci.sys
21:26:42.0808 2780 pci - ok
21:26:42.0917 2780 pciide (afe86f419014db4e5593f69ffe26ce0a) C:\Windows\system32\drivers\pciide.sys
21:26:42.0933 2780 pciide - ok
21:26:42.0948 2780 pcmcia (f396431b31693e71e8a80687ef523506) C:\Windows\system32\DRIVERS\pcmcia.sys
21:26:42.0964 2780 pcmcia - ok
21:26:42.0979 2780 pcw (250f6b43d2b613172035c6747aeeb19f) C:\Windows\system32\drivers\pcw.sys
21:26:42.0995 2780 pcw - ok
21:26:43.0011 2780 PEAUTH (9e0104ba49f4e6973749a02bf41344ed) C:\Windows\system32\drivers\peauth.sys
21:26:43.0073 2780 PEAUTH - ok
21:26:43.0245 2780 PptpMiniport (631e3e205ad6d86f2aed6a4a8e69f2db) C:\Windows\system32\DRIVERS\raspptp.sys
21:26:43.0307 2780 PptpMiniport - ok
21:26:43.0323 2780 Processor (85b1e3a0c7585bc4aae6899ec6fcf011) C:\Windows\system32\DRIVERS\processr.sys
21:26:43.0369 2780 Processor - ok
21:26:43.0510 2780 Psched (6270ccae2a86de6d146529fe55b3246a) C:\Windows\system32\DRIVERS\pacer.sys
21:26:43.0588 2780 Psched - ok
21:26:43.0728 2780 PSI (d24dfd16a1e2a76034df5aa18125c35d) C:\Windows\system32\DRIVERS\psi_mf.sys
21:26:43.0728 2780 PSI - ok
21:26:43.0791 2780 ql2300 (ab95ecf1f6659a60ddc166d8315b0751) C:\Windows\system32\DRIVERS\ql2300.sys
21:26:43.0837 2780 ql2300 - ok
21:26:43.0947 2780 ql40xx (b4dd51dd25182244b86737dc51af2270) C:\Windows\system32\DRIVERS\ql40xx.sys
21:26:43.0962 2780 ql40xx - ok
21:26:43.0993 2780 QWAVEdrv (584078ca1b95ca72df2a27c336f9719d) C:\Windows\system32\drivers\qwavedrv.sys
21:26:44.0009 2780 QWAVEdrv - ok
21:26:44.0118 2780 RasAcd (30a81b53c766d0133bb86d234e5556ab) C:\Windows\system32\DRIVERS\rasacd.sys
21:26:44.0196 2780 RasAcd - ok
21:26:44.0243 2780 RasAgileVpn (57ec4aef73660166074d8f7f31c0d4fd) C:\Windows\system32\DRIVERS\AgileVpn.sys
21:26:44.0305 2780 RasAgileVpn - ok
21:26:44.0430 2780 Rasl2tp (d9f91eafec2815365cbe6d167e4e332a) C:\Windows\system32\DRIVERS\rasl2tp.sys
21:26:44.0477 2780 Rasl2tp - ok
21:26:44.0617 2780 RasPppoe (0fe8b15916307a6ac12bfb6a63e45507) C:\Windows\system32\DRIVERS\raspppoe.sys
21:26:44.0664 2780 RasPppoe - ok
21:26:44.0789 2780 RasSstp (44101f495a83ea6401d886e7fd70096b) C:\Windows\system32\DRIVERS\rassstp.sys
21:26:44.0851 2780 RasSstp - ok
21:26:44.0898 2780 rdbss (d528bc58a489409ba40334ebf96a311b) C:\Windows\system32\DRIVERS\rdbss.sys
21:26:44.0961 2780 rdbss - ok
21:26:45.0085 2780 rdpbus (0d8f05481cb76e70e1da06ee9f0da9df) C:\Windows\system32\DRIVERS\rdpbus.sys
21:26:45.0117 2780 rdpbus - ok
21:26:45.0163 2780 RDPCDD (23dae03f29d253ae74c44f99e515f9a1) C:\Windows\system32\DRIVERS\RDPCDD.sys
21:26:45.0226 2780 RDPCDD - ok
21:26:45.0351 2780 RDPDR (b973fcfc50dc1434e1970a146f7e3885) C:\Windows\system32\drivers\rdpdr.sys
21:26:45.0382 2780 RDPDR - ok
21:26:45.0507 2780 RDPENCDD (5a53ca1598dd4156d44196d200c94b8a) C:\Windows\system32\drivers\rdpencdd.sys
21:26:45.0569 2780 RDPENCDD - ok
21:26:45.0600 2780 RDPREFMP (44b0a53cd4f27d50ed461dae0c0b4e1f) C:\Windows\system32\drivers\rdprefmp.sys
21:26:45.0647 2780 RDPREFMP - ok
21:26:45.0756 2780 RDPWD (288b06960d78428ff89e811632684e20) C:\Windows\system32\drivers\RDPWD.sys
21:26:45.0803 2780 RDPWD - ok
21:26:45.0850 2780 rdyboost (518395321dc96fe2c9f0e96ac743b656) C:\Windows\system32\drivers\rdyboost.sys
21:26:45.0865 2780 rdyboost - ok
21:26:46.0006 2780 rspndr (032b0d36ad92b582d869879f5af5b928) C:\Windows\system32\DRIVERS\rspndr.sys
21:26:46.0068 2780 rspndr - ok
21:26:46.0099 2780 s3cap (7fa7f2e249a5dcbb7970630e15e1f482) C:\Windows\system32\drivers\vms3cap.sys
21:26:46.0162 2780 s3cap - ok
21:26:46.0240 2780 SASDIFSV (a3281aec37e0720a2bc28034c2df2a56) C:\Program Files\SUPERAntiSpyware\SASDIFSV.SYS
21:26:46.0240 2780 SASDIFSV - ok
21:26:46.0287 2780 SASKUTIL (61db0d0756a99506207fd724e3692b25) C:\Program Files\SUPERAntiSpyware\SASKUTIL.SYS
21:26:46.0302 2780 SASKUTIL - ok
21:26:46.0396 2780 sbp2port (05d860da1040f111503ac416ccef2bca) C:\Windows\system32\drivers\sbp2port.sys
21:26:46.0411 2780 sbp2port - ok
21:26:46.0458 2780 scfilter (0693b5ec673e34dc147e195779a4dcf6) C:\Windows\system32\DRIVERS\scfilter.sys
21:26:46.0521 2780 scfilter - ok
21:26:46.0630 2780 secdrv (90a3935d05b494a5a39d37e71f09a677) C:\Windows\system32\drivers\secdrv.sys
21:26:46.0692 2780 secdrv - ok
21:26:46.0879 2780 Serenum (9ad8b8b515e3df6acd4212ef465de2d1) C:\Windows\system32\DRIVERS\serenum.sys
21:26:46.0911 2780 Serenum - ok
21:26:46.0911 2780 Serial (5fb7fcea0490d821f26f39cc5ea3d1e2) C:\Windows\system32\DRIVERS\serial.sys
21:26:46.0957 2780 Serial - ok
21:26:46.0989 2780 sermouse (79bffb520327ff916a582dfea17aa813) C:\Windows\system32\DRIVERS\sermouse.sys
21:26:47.0035 2780 sermouse - ok
21:26:47.0176 2780 sffdisk (9f976e1eb233df46fce808d9dea3eb9c) C:\Windows\system32\drivers\sffdisk.sys
21:26:47.0238 2780 sffdisk - ok
21:26:47.0254 2780 sffp_mmc (932a68ee27833cfd57c1639d375f2731) C:\Windows\system32\drivers\sffp_mmc.sys
21:26:47.0285 2780 sffp_mmc - ok
21:26:47.0425 2780 sffp_sd (6d4ccaedc018f1cf52866bbbaa235982) C:\Windows\system32\drivers\sffp_sd.sys
21:26:47.0457 2780 sffp_sd - ok
21:26:47.0503 2780 sfloppy (db96666cc8312ebc45032f30b007a547) C:\Windows\system32\DRIVERS\sfloppy.sys
21:26:47.0550 2780 sfloppy - ok
21:26:47.0659 2780 sisagp (2565cac0dc9fe0371bdce60832582b2e) C:\Windows\system32\drivers\sisagp.sys
21:26:47.0675 2780 sisagp - ok
21:26:47.0706 2780 SiSRaid2 (a9f0486851becb6dda1d89d381e71055) C:\Windows\system32\DRIVERS\SiSRaid2.sys
21:26:47.0722 2780 SiSRaid2 - ok
21:26:47.0722 2780 SiSRaid4 (3727097b55738e2f554972c3be5bc1aa) C:\Windows\system32\DRIVERS\sisraid4.sys
21:26:47.0737 2780 SiSRaid4 - ok
21:26:47.0847 2780 Smb (3e21c083b8a01cb70ba1f09303010fce) C:\Windows\system32\DRIVERS\smb.sys
21:26:47.0893 2780 Smb - ok
21:26:47.0925 2780 spldr (95cf1ae7527fb70f7816563cbc09d942) C:\Windows\system32\drivers\spldr.sys
21:26:47.0940 2780 spldr - ok
21:26:48.0065 2780 srv (e4c2764065d66ea1d2d3ebc28fe99c46) C:\Windows\system32\DRIVERS\srv.sys
21:26:48.0112 2780 srv - ok
21:26:48.0159 2780 srv2 (03f0545bd8d4c77fa0ae1ceedfcc71ab) C:\Windows\system32\DRIVERS\srv2.sys
21:26:48.0205 2780 srv2 - ok
21:26:48.0330 2780 srvnet (be6bd660caa6f291ae06a718a4fa8abc) C:\Windows\system32\DRIVERS\srvnet.sys
21:26:48.0346 2780 srvnet - ok
21:26:48.0486 2780 ssmdrv (a36ee93698802cd899f98bfd553d8185) C:\Windows\system32\DRIVERS\ssmdrv.sys
21:26:48.0486 2780 ssmdrv - ok
21:26:48.0533 2780 stexstor (db32d325c192b801df274bfd12a7e72b) C:\Windows\system32\DRIVERS\stexstor.sys
21:26:48.0549 2780 stexstor - ok
21:26:48.0658 2780 storflt (472af0311073dceceaa8fa18ba2bdf89) C:\Windows\system32\drivers\vmstorfl.sys
21:26:48.0689 2780 storflt - ok
21:26:48.0705 2780 storvsc (dcaffd62259e0bdb433dd67b5bb37619) C:\Windows\system32\drivers\storvsc.sys
21:26:48.0720 2780 storvsc - ok
21:26:48.0736 2780 swenum (e58c78a848add9610a4db6d214af5224) C:\Windows\system32\drivers\swenum.sys
21:26:48.0751 2780 swenum - ok
21:26:48.0814 2780 Tcpip (04e4a7d53a7ace02e8c55b17a498f631) C:\Windows\system32\drivers\tcpip.sys
21:26:48.0845 2780 Tcpip - ok
21:26:48.0985 2780 TCPIP6 (04e4a7d53a7ace02e8c55b17a498f631) C:\Windows\system32\DRIVERS\tcpip.sys
21:26:49.0017 2780 TCPIP6 - ok
21:26:49.0126 2780 tcpipreg (cca24162e055c3714ce5a88b100c64ed) C:\Windows\system32\drivers\tcpipreg.sys
21:26:49.0188 2780 tcpipreg - ok
21:26:49.0219 2780 TDPIPE (1cb91b2bd8f6dd367dfc2ef26fd751b2) C:\Windows\system32\drivers\tdpipe.sys
21:26:49.0282 2780 TDPIPE - ok
21:26:49.0391 2780 TDTCP (2c10395baa4847f83042813c515cc289) C:\Windows\system32\drivers\tdtcp.sys
21:26:49.0469 2780 TDTCP - ok
21:26:49.0500 2780 tdx (b459575348c20e8121d6039da063c704) C:\Windows\system32\DRIVERS\tdx.sys
21:26:49.0563 2780 tdx - ok
21:26:49.0672 2780 TermDD (04dbf4b01ea4bf25a9a3e84affac9b20) C:\Windows\system32\drivers\termdd.sys
21:26:49.0687 2780 TermDD - ok
21:26:49.0750 2780 tssecsrv (254bb140eee3c59d6114c1a86b636877) C:\Windows\system32\DRIVERS\tssecsrv.sys
21:26:49.0797 2780 tssecsrv - ok
21:26:49.0937 2780 TsUsbFlt (fd1d6c73e6333be727cbcc6054247654) C:\Windows\system32\drivers\tsusbflt.sys
21:26:49.0984 2780 TsUsbFlt - ok
21:26:50.0124 2780 tunnel (b2fa25d9b17a68bb93d58b0556e8c90d) C:\Windows\system32\DRIVERS\tunnel.sys
21:26:50.0187 2780 tunnel - ok
21:26:50.0233 2780 uagp35 (750fbcb269f4d7dd2e420c56b795db6d) C:\Windows\system32\DRIVERS\uagp35.sys
21:26:50.0249 2780 uagp35 - ok
21:26:50.0358 2780 UBHelper (f763e070843ee2803de1395002b42938) C:\Windows\system32\drivers\UBHelper.sys
21:26:50.0374 2780 UBHelper - ok
21:26:50.0405 2780 udfs (ee43346c7e4b5e63e54f927babbb32ff) C:\Windows\system32\DRIVERS\udfs.sys
21:26:50.0467 2780 udfs - ok
21:26:50.0623 2780 uliagpkx (44e8048ace47befbfdc2e9be4cbc8880) C:\Windows\system32\drivers\uliagpkx.sys
21:26:50.0639 2780 uliagpkx - ok
21:26:50.0670 2780 umbus (d295bed4b898f0fd999fcfa9b32b071b) C:\Windows\system32\DRIVERS\umbus.sys
21:26:50.0701 2780 umbus - ok
21:26:50.0826 2780 UmPass (7550ad0c6998ba1cb4843e920ee0feac) C:\Windows\system32\DRIVERS\umpass.sys
21:26:50.0842 2780 UmPass - ok
21:26:50.0889 2780 usbccgp (bd9c55d7023c5de374507acc7a14e2ac) C:\Windows\system32\DRIVERS\usbccgp.sys
21:26:50.0967 2780 usbccgp - ok
21:26:51.0091 2780 usbcir (04ec7cec62ec3b6d9354eee93327fc82) C:\Windows\system32\drivers\usbcir.sys
21:26:51.0138 2780 usbcir - ok
21:26:51.0185 2780 usbehci (f92de757e4b7ce9c07c5e65423f3ae3b) C:\Windows\system32\DRIVERS\usbehci.sys
21:26:51.0216 2780 usbehci - ok
21:26:51.0357 2780 usbhub (8dc94aec6a7e644a06135ae7506dc2e9) C:\Windows\system32\DRIVERS\usbhub.sys
21:26:51.0403 2780 usbhub - ok
21:26:51.0435 2780 usbohci (e185d44fac515a18d9deddc23c2cdf44) C:\Windows\system32\drivers\usbohci.sys
21:26:51.0466 2780 usbohci - ok
21:26:51.0606 2780 usbprint (797d862fe0875e75c7cc4c1ad7b30252) C:\Windows\system32\DRIVERS\usbprint.sys
21:26:51.0653 2780 usbprint - ok
21:26:51.0684 2780 usbscan (576096ccbc07e7c4ea4f5e6686d6888f) C:\Windows\system32\DRIVERS\usbscan.sys
21:26:51.0715 2780 usbscan - ok
21:26:51.0809 2780 USBSTOR (f991ab9cc6b908db552166768176896a) C:\Windows\system32\DRIVERS\USBSTOR.SYS
21:26:51.0871 2780 USBSTOR - ok
21:26:51.0903 2780 usbuhci (68df884cf41cdada664beb01daf67e3d) C:\Windows\system32\DRIVERS\usbuhci.sys
21:26:51.0949 2780 usbuhci - ok
21:26:52.0090 2780 usbvideo (45f4e7bf43db40a6c6b4d92c76cbc3f2) C:\Windows\System32\Drivers\usbvideo.sys
21:26:52.0152 2780 usbvideo - ok
21:26:52.0246 2780 vdrvroot (a059c4c3edb09e07d21a8e5c0aabd3cb) C:\Windows\system32\drivers\vdrvroot.sys
21:26:52.0261 2780 vdrvroot - ok
21:26:52.0324 2780 vga (17c408214ea61696cec9c66e388b14f3) C:\Windows\system32\DRIVERS\vgapnp.sys
21:26:52.0339 2780 vga - ok
21:26:52.0371 2780 VgaSave (8e38096ad5c8570a6f1570a61e251561) C:\Windows\System32\drivers\vga.sys
21:26:52.0386 2780 VgaSave - ok
21:26:52.0464 2780 vhdmp (5461686cca2fda57b024547733ab42e3) C:\Windows\system32\drivers\vhdmp.sys
21:26:52.0495 2780 vhdmp - ok
21:26:52.0558 2780 viaagp (c829317a37b4bea8f39735d4b076e923) C:\Windows\system32\drivers\viaagp.sys
21:26:52.0573 2780 viaagp - ok
21:26:52.0651 2780 ViaC7 (e02f079a6aa107f06b16549c6e5c7b74) C:\Windows\system32\DRIVERS\viac7.sys
21:26:52.0683 2780 ViaC7 - ok
21:26:52.0698 2780 viaide (e43574f6a56a0ee11809b48c09e4fd3c) C:\Windows\system32\drivers\viaide.sys
21:26:52.0698 2780 viaide - ok
21:26:52.0745 2780 vmbus (c2f2911156fdc7817c52829c86da494e) C:\Windows\system32\drivers\vmbus.sys
21:26:52.0761 2780 vmbus - ok
21:26:52.0807 2780 VMBusHID (d4d77455211e204f370d08f4963063ce) C:\Windows\system32\drivers\VMBusHID.sys
21:26:52.0854 2780 VMBusHID - ok
21:26:52.0917 2780 volmgr (4c63e00f2f4b5f86ab48a58cd990f212) C:\Windows\system32\drivers\volmgr.sys
21:26:52.0932 2780 volmgr - ok
21:26:52.0979 2780 volmgrx (b5bb72067ddddbbfb04b2f89ff8c3c87) C:\Windows\system32\drivers\volmgrx.sys
21:26:52.0995 2780 volmgrx - ok
21:26:53.0057 2780 volsnap (f497f67932c6fa693d7de2780631cfe7) C:\Windows\system32\drivers\volsnap.sys
21:26:53.0088 2780 volsnap - ok
21:26:53.0151 2780 vsmraid (9dfa0cc2f8855a04816729651175b631) C:\Windows\system32\DRIVERS\vsmraid.sys
21:26:53.0166 2780 vsmraid - ok
21:26:53.0197 2780 vwifibus (90567b1e658001e79d7c8bbd3dde5aa6) C:\Windows\System32\drivers\vwifibus.sys
21:26:53.0244 2780 vwifibus - ok
21:26:53.0322 2780 vwififlt (7090d3436eeb4e7da3373090a23448f7) C:\Windows\system32\DRIVERS\vwififlt.sys
21:26:53.0353 2780 vwififlt - ok
21:26:53.0416 2780 WacomPen (de3721e89c653aa281428c8a69745d90) C:\Windows\system32\DRIVERS\wacompen.sys
21:26:53.0463 2780 WacomPen - ok
21:26:53.0556 2780 WANARP (3c3c78515f5ab448b022bdf5b8ffdd2e) C:\Windows\system32\DRIVERS\wanarp.sys
21:26:53.0603 2780 WANARP - ok
21:26:53.0603 2780 Wanarpv6 (3c3c78515f5ab448b022bdf5b8ffdd2e) C:\Windows\system32\DRIVERS\wanarp.sys
21:26:53.0634 2780 Wanarpv6 - ok
21:26:53.0728 2780 Wd (1112a9badacb47b7c0bb0392e3158dff) C:\Windows\system32\DRIVERS\wd.sys
21:26:53.0743 2780 Wd - ok
21:26:53.0790 2780 Wdf01000 (9950e3d0f08141c7e89e64456ae7dc73) C:\Windows\system32\drivers\Wdf01000.sys
21:26:53.0821 2780 Wdf01000 - ok
21:26:53.0962 2780 WfpLwf (8b9a943f3b53861f2bfaf6c186168f79) C:\Windows\system32\DRIVERS\wfplwf.sys
21:26:54.0024 2780 WfpLwf - ok
21:26:54.0055 2780 WIMMount (5cf95b35e59e2a38023836fff31be64c) C:\Windows\system32\drivers\wimmount.sys
21:26:54.0055 2780 WIMMount - ok
21:26:54.0211 2780 WINUSB (a67e5f9a400f3bd1be3d80613b45f708) C:\Windows\system32\DRIVERS\WinUSB.SYS
21:26:54.0258 2780 WINUSB - ok
21:26:54.0352 2780 WmiAcpi (0217679b8fca58714c3bf2726d2ca84e) C:\Windows\system32\drivers\wmiacpi.sys
21:26:54.0399 2780 WmiAcpi - ok
21:26:54.0492 2780 ws2ifsl (6db3276587b853bf886b69528fdb048c) C:\Windows\system32\drivers\ws2ifsl.sys
21:26:54.0555 2780 ws2ifsl - ok
21:26:54.0633 2780 WudfPf (e714a1c0354636837e20ccbf00888ee7) C:\Windows\system32\drivers\WudfPf.sys
21:26:54.0711 2780 WudfPf - ok
21:26:54.0820 2780 WUDFRd (1023ee888c9b47178c5293ed5336ab69) C:\Windows\system32\DRIVERS\WUDFRd.sys
21:26:54.0867 2780 WUDFRd - ok
21:26:54.0898 2780 MBR (0x1B8) (a36c5e4f47e84449ff07ed3517b43a31) \Device\Harddisk0\DR0
21:26:54.0976 2780 \Device\Harddisk0\DR0 - ok
21:26:54.0991 2780 Boot (0x1200) (ad30e644c9909c7503047370a33b315c) \Device\Harddisk0\DR0\Partition0
21:26:54.0991 2780 \Device\Harddisk0\DR0\Partition0 - ok
21:26:54.0991 2780 ============================================================
21:26:54.0991 2780 Scan finished
21:26:54.0991 2780 ============================================================
21:26:55.0007 2980 Detected object count: 0
21:26:55.0007 2980 Actual detected object count: 0

Antwort
Seite 1 von 3 1 23

Themen zu Probleme mit verschiedenen Funden
.dll, avg, avira, converter, desktop, downloader, escan, fehler, firefox, google, icreinstall, microsoft, modul, mozilla, nicht gefunden, nt.dll, object, preferences, problem, programm, prozesse, pup.fctplugin, registry, sched.exe, services.exe, software, svchost.exe, taskhost.exe, trojan, verweise, video converter, virus gefunden, win32/installcore.b, win32/installcore.c, win32/installcore.d, windows, windows.old, winlogon.exe, wmp


« Trojaner win32/sirefef.O | wpbt0.dll Fenster beim Hochfahren??? »


Ähnliche Themen: Probleme mit verschiedenen Funden


  1. Avast mit 2 Funden
    Plagegeister aller Art und deren Bekämpfung - 06.10.2014 (3)
  2. Probleme mit der Grafik bei verschiedenen Spielen
    Alles rund um Windows - 01.08.2014 (2)
  3. Komplette Adware und Toolbarverseuchung mit ca. 2000 Funden beim ersten Check...
    Log-Analyse und Auswertung - 01.08.2014 (18)
  4. Virenbefall mit bisher unbekannt vielen Funden
    Plagegeister aller Art und deren Bekämpfung - 14.01.2014 (19)
  5. Malwarebytes mit extrem vielen Funden
    Log-Analyse und Auswertung - 10.09.2013 (3)
  6. Firefox und IE funktionieren nach Kaspersky-Funden nicht mehr.
    Plagegeister aller Art und deren Bekämpfung - 30.11.2012 (37)
  7. Entdeckung von zwei Funden SecurityHijack und Trojaner
    Plagegeister aller Art und deren Bekämpfung - 18.10.2012 (2)
  8. LEGACY - Wichtig: Bitte alle Logs mit Funden posten
    Mülltonne - 06.10.2012 (4)
  9. malewarebytes scan mit vielen funden
    Log-Analyse und Auswertung - 19.05.2012 (20)
  10. OTL.exe mit diversen Funden - konfuse Situation
    Log-Analyse und Auswertung - 28.12.2011 (50)
  11. AntiVir mit 35 Funden, Trojaner in C:\WINDOWS\system32\ *.dll
    Plagegeister aller Art und deren Bekämpfung - 05.10.2010 (25)
  12. Probleme mit scheinbar verschiedenen Vieren
    Plagegeister aller Art und deren Bekämpfung - 01.09.2010 (43)
  13. mas.exe & a/b/c.exe entfernt, HJT clean, wie mit Funden von MWB Anti-Malware umgehen?
    Plagegeister aller Art und deren Bekämpfung - 11.08.2009 (12)
  14. Probleme mit MSN und verschiedenen Seiten - Virus???
    Log-Analyse und Auswertung - 03.03.2009 (1)
  15. escan mit wiederkehrenden funden?
    Log-Analyse und Auswertung - 30.09.2007 (6)
  16. Probleme bei der Darstellung von verschiedenen Internetseiten
    Alles rund um Windows - 02.03.2006 (7)
  17. bluescreen mit verschiedenen fehlermeldungen
    Alles rund um Windows - 23.02.2005 (1)
Anleitungen und Tipps

- Für alle Hilfesuchenden! Was beachten?

- Anleitung: MyStartSearch.com entfernen

- Anleitung: WebSearches löschen

- Hilfe: iStartSurf entfernen – so gehts!

- Anleitung: Omiga Plus richtig entfernen

- Browser Viren entfernen


Zum Thema Probleme mit verschiedenen Funden - Hi habe ein problem und zwar hat heute mein secuna gemeckert das java nicht mehr aktuell ist. habe dann die neueste version herunter geladen und alles war ok. dann hab - Probleme mit verschiedenen Funden...
Archiv
Du betrachtest: Probleme mit verschiedenen Funden auf Trojaner-Board

Search Engine Optimization by vBSEO ©2011, Crawlability, Inc.

1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28 29 30 31 32 33 34 35 36 37 38 39 40 41 42 43 44 45 46 47 48 49 50 51 52 53 54 55 56 57 58 59 60 61 62 63 64 65 66 67 68 69 70 71 72 73 74 75 76 77 78 79 80 81 82 83 84 85 86 87 88 89 90 91 92 93 94 95 96 97 98 99 100 101 102 103 104 105 106 107 108 109 110 111 112 113 114 115 116 117 118 119 120 121 122 123 124 125 126 127 128 129