Zurück   Trojaner-Board > Malware entfernen > Plagegeister aller Art und deren Bekämpfung

Plagegeister aller Art und deren Bekämpfung: Trojan/Win32.VBKrypt "hrt54is56ijfgte"

Windows 7 Wenn Du nicht sicher bist, ob Du dir Malware oder Trojaner eingefangen hast, erstelle hier ein Thema. Ein Experte wird sich mit weiteren Anweisungen melden und Dir helfen die Malware zu entfernen oder Unerwünschte Software zu deinstallieren bzw. zu löschen. Bitte schildere dein Problem so genau wie möglich. Sollte es ein Trojaner oder Viren Problem sein wird ein Experte Dir bei der Beseitigug der Infektion helfen.

Antwort
Alt 06.12.2011, 16:36   #1
rara
 
Trojan/Win32.VBKrypt "hrt54is56ijfgte" - Standard

Trojan/Win32.VBKrypt "hrt54is56ijfgte"



Hallo an alle,

ich habe in meinem System(Win7) den Trojaner hrt54is56ijfgte ausfindig gemacht. Nach dem Hochfahren wird das System mit einem weissen Fenster mit der Meldung "Es besteht noch keine INternetverbindung, bitte warten." blockiert, auch im normalen abgesicherten Modus.
Auf dieser Seite wird der Trojaner näher beschrieben:
hxxp://reports.antivirus-lab.com/12047/trojanwin32-vbkrypt-118/#more-12047
Bei "Continue reading" findet man auch eine Befehlskette unter Execution.

Wenn ich über mein Gastkonto(Standard eingeschränkte Rechte) anmelde, kann ich über den Taskmanager neue Tasks ausführen. Ich komme da auch in die Registry(dort ist Trojaner auch als dilani disse benannt), kann aber dort nichts verändern. Die Explorer.exe wurde dort wie bei den anderen Fällen von Ukash verändert und verweist auf die hrt54is56ijfgte.exe.

Ich habe ausserdem noch auf einer anderen Partition noch Windows XP, kann also als Admin auch von dort aus operieren.

Welche Möglichkeiten habe ich, um diesen Trojaner zu entfernen?
Kann man diese Befehlskette zur "Execution" von Antivirus-Lab irgendwie verwenden?

Ich würde mich über jede Hilfe freuen

Rara

Edit: Für OTL-Scan habe ich erst ab Donnerstag Zeit.

Alt 07.12.2011, 19:05   #2
cosinus
/// Winkelfunktion
/// TB-Süch-Tiger™
 
Trojan/Win32.VBKrypt "hrt54is56ijfgte" - Standard

Trojan/Win32.VBKrypt "hrt54is56ijfgte"



Mit einem sauberen 2. Rechner eine OTLPE-CD erstellen und den infizierten Rechner dann von dieser CD booten:

Falls Du kein Brennprogramm installiert hast, lade dir bitte ISOBurner herunter. Das Programm wird Dir erlauben, OTLPE auf eine CD zu brennen und sie bootfähig zu machen. Du brauchst das Tool nur zu installieren, der Rest läuft automatisch => Wie brenne ich eine ISO Datei auf CD/DVD.
  • Lade OTLPENet.exe von OldTimer herunter und speichere sie auf Deinem Desktop. Anmerkung: Die Datei ist ca. 120 MB groß und es wird bei langsamer Internet-Verbindung ein wenig dauern, bis Du sie runtergeladen hast.
  • Wenn der Download fertig ist, mache einen Doppelklick auf die Datei und beantworte die Frage "Do you want to burn the CD?" mit Yes.
  • Lege eine leere CD in Deinen Brenner.
  • ImgBurn (oder Dein Brennprogramm) wird das Archiv extrahieren und OTLPE Network auf die CD brennen.
  • Wenn der Brenn-Vorgang abgeschlossen ist, wirst Du eine Dialogbox sehen => "Operation successfully completed".
  • Du kannst nun die Fenster des Brennprogramms schließen.
Nun boote von der OTLPE CD. Hinweis: Wie boote ich von CD
  • Dein System sollte nach einigen Minuten den REATOGO-X-PE Desktop anzeigen.
  • Mache einen Doppelklick auf das OTLPE Icon.
  • Hinweis: Damit OTLPE auch das richtige installierte Windows scant, musst du den Windows-Ordner des auf der Platte installierten Windows auswählen, einfach nur C: auswählen gibt einen Fehler!
  • Wenn Du gefragt wirst "Do you wish to load the remote registry", dann wähle Yes.
  • Wenn Du gefragt wirst "Do you wish to load remote user profile(s) for scanning", dann wähle Yes.
  • Vergewissere Dich, dass die Box "Automatically Load All Remaining Users" gewählt ist und drücke OK.
  • OTLpe sollte nun starten.
  • Drücke Run Scan, um den Scan zu starten.
  • Wenn der Scan fertig ist, werden die Dateien C:\OTL.Txt und C:\Extras.Txt erstellt
  • Kopiere diese Datei auf Deinen USB-Stick, wenn Du keine Internetverbindung auf diesem System hast.
  • Bitte poste den Inhalt von C:\OTL.Txt und Extras.Txt.
__________________

__________________

Alt 08.12.2011, 17:34   #3
rara
 
Trojan/Win32.VBKrypt "hrt54is56ijfgte" - Standard

Trojan/Win32.VBKrypt "hrt54is56ijfgte"



Hallo cosinus,

ich glaub ich habs jetzt selbst hinbekommen. Ich benutzte die Anleitung von botfrei und hab im abgesicherten Modus mit Eingabeaufforderung die Registry bearbeitet. Die Registry war auch erst vom "Admin deaktiviert", habe sie aber per Script "Disableregistytools.vbs" aufbekommen. Ich habe dort "Winlogon" repariert und danach noch die Registry nach hrt54... durchsucht. Ich habe noch einige Einträge(u.a. bei Zusatzprogramme) gefunden und gelöscht.
Wäre vielleicht für lukasm interessant, der anscheinend dasselbe Problem gehabt hat.
Malwarebytes, Spybot, Tdsskiller und Avira DE Cleaner fanden nichts mehr, AntivirPersonal fand noch ein paar wahrscheinlich ältere harmlose Sachen.
Ich glaube der Fall ist jetzt erledigt.

Gruss
rara
__________________

Alt 08.12.2011, 20:48   #4
cosinus
/// Winkelfunktion
/// TB-Süch-Tiger™
 
Trojan/Win32.VBKrypt "hrt54is56ijfgte" - Standard

Trojan/Win32.VBKrypt "hrt54is56ijfgte"



Zitat:
Ich glaube der Fall ist jetzt erledigt.
Nee so einfach ist das nicht. Man muss schon weitere Bereiche abklopfen.

Bitte nun routinemäßig einen Vollscan mit Malwarebytes machen und Log posten.
Denk daran, dass Malwarebytes vor jedem Scan manuell aktualisiert werden muss!

Falls Logs aus älteren Scans mit Malwarebytes vorhanden sind, bitte auch davon alle posten!



ESET Online Scanner

  • Hier findest du eine bebilderte Anleitung zu ESET Online Scanner
  • Lade und starte Eset Online Scanner
  • Setze einen Haken bei Ja, ich bin mit den Nutzungsbedingungen einverstanden und klicke auf Starten.
  • Aktiviere die "Erkennung von eventuell unerwünschten Anwendungen" und wähle folgende Einstellungen.
  • Klicke auf Starten.
  • Die Signaturen werden heruntergeladen, der Scan beginnt automatisch.
  • Klicke am Ende des Suchlaufs auf Fertig stellen.
  • Schließe das Fenster von ESET.
  • Explorer öffnen.
  • C:\Programme\Eset\EsetOnlineScanner\log.txt (bei 64 Bit auch C:\Programme (x86)\Eset\EsetOnlineScanner\log.txt) suchen und mit Deinem Editor öffnen (bebildert).
  • Logfile hier posten.
  • Deinstallation: Systemsteuerung => Software / Programme deinstallieren => Eset Online Scanner V3 entfernen.
  • Manuell folgenden Ordner löschen und Papierkorb leeren => C:\Programme\Eset

__________________
"Die Wahrheit ist normalerweise nur eine Entschuldigung für einen Mangel an Fantasie." (Elim Garak)

Das Trojaner-Board unterstützen
Warum Linux besser als Windows ist!

Alt 09.12.2011, 15:12   #5
rara
 
Trojan/Win32.VBKrypt "hrt54is56ijfgte" - Standard

Trojan/Win32.VBKrypt "hrt54is56ijfgte"



Hallo cosinus,

ich habe jetzt erst Malwarebytes durchlaufen lassen, dann Eset.
Malwarebytes hat nichts gefunden, Eset 3(1 auf Partition C, 2 auf D; wahrscheinlich was altes, harmloses)

Ich poste erst mal die Reports von Avira Antivir(hat als einziges was gefunden), die am 06. und 08. was gefunden haben:
Zitat:
Beginne mit der Suche in 'C:\Users\Rainer\AppData\Local\Temp\0.9822716582184313.exe'
C:\Users\Rainer\AppData\Local\Temp\0.9822716582184313.exe
[FUND] Ist das Trojanische Pferd TR/Ransom.BP
[HINWEIS] Die Datei wurde ins Quarantäneverzeichnis unter dem Namen '4a8532c0.qua' verschoben!
Zitat:
Beginne mit der Suche in 'C:\'
C:\System Volume Information\_restore{D01D3B98-AFDB-4804-8C21-4975C6A2B124}\RP118\A0051318.exe
[FUND] Ist das Trojanische Pferd TR/Trash.Gen
C:\System Volume Information\_restore{D01D3B98-AFDB-4804-8C21-4975C6A2B124}\RP118\A0051344.exe
[FUND] Ist das Trojanische Pferd TR/Ransom.BP
C:\Users\Rainer\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\1\618d3b81-69b67907
[FUND] Ist das Trojanische Pferd TR/Ransom.BP
C:\Users\Rainer\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\57\14da3279-56cb9258
[0] Archivtyp: ZIP
--> v1.class
[FUND] Enthält Erkennungsmuster des Java-Virus JAVA/Tharra.B

Beginne mit der Desinfektion:
C:\Users\Rainer\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\57\14da3279-56cb9258
[FUND] Enthält Erkennungsmuster des Java-Virus JAVA/Tharra.B
[HINWEIS] Die Datei wurde ins Quarantäneverzeichnis unter dem Namen '4a9e4a2b.qua' verschoben!
C:\Users\Rainer\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\1\618d3b81-69b67907
[FUND] Ist das Trojanische Pferd TR/Ransom.BP
[HINWEIS] Die Datei wurde ins Quarantäneverzeichnis unter dem Namen '52556581.qua' verschoben!
C:\System Volume Information\_restore{D01D3B98-AFDB-4804-8C21-4975C6A2B124}\RP118\A0051344.exe
[FUND] Ist das Trojanische Pferd TR/Ransom.BP
[HINWEIS] Die Datei wurde ins Quarantäneverzeichnis unter dem Namen '00023f69.qua' verschoben!
C:\System Volume Information\_restore{D01D3B98-AFDB-4804-8C21-4975C6A2B124}\RP118\A0051318.exe
[FUND] Ist das Trojanische Pferd TR/Trash.Gen
[HINWEIS] Die Datei wurde ins Quarantäneverzeichnis unter dem Namen '663570ab.qua' verschoben!
Die Log von Malwarebytes:
Zitat:
Malwarebytes' Anti-Malware 1.51.2.1300
www.malwarebytes.org

Datenbank Version: 8340

Windows 6.1.7600
Internet Explorer 8.0.7600.16385

09.12.2011 12:21:24
mbam-log-2011-12-09 (12-21-24).txt

Art des Suchlaufs: Vollständiger Suchlauf (C:\|)
Durchsuchte Objekte: 326388
Laufzeit: 53 Minute(n), 42 Sekunde(n)

Infizierte Speicherprozesse: 0
Infizierte Speichermodule: 0
Infizierte Registrierungsschlüssel: 0
Infizierte Registrierungswerte: 0
Infizierte Dateiobjekte der Registrierung: 0
Infizierte Verzeichnisse: 0
Infizierte Dateien: 0

Infizierte Speicherprozesse:
(Keine bösartigen Objekte gefunden)

Infizierte Speichermodule:
(Keine bösartigen Objekte gefunden)

Infizierte Registrierungsschlüssel:
(Keine bösartigen Objekte gefunden)

Infizierte Registrierungswerte:
(Keine bösartigen Objekte gefunden)

Infizierte Dateiobjekte der Registrierung:
(Keine bösartigen Objekte gefunden)

Infizierte Verzeichnisse:
(Keine bösartigen Objekte gefunden)

Infizierte Dateien:
(Keine bösartigen Objekte gefunden)
und von Eset(Befehl über "Ausführen funktionierte nicht, dies ist "export to text file):
Zitat:
C:\Users\Rainer\Downloads\SoftonicDownloader_fuer_gpl-mpeg-1-2-directshow-decoder-filter.exe a variant of Win32/SoftonicDownloader.A application
D:\Dokumente und Einstellungen\Rainer\Lokale Einstellungen\Temp\NERO13716\Toolbar.exe Win32/Toolbar.AskSBar application
D:\RECYCLER\S-1-5-21-1606980848-412668190-682003330-1003\Dc5.exe Win32/Toggle application


Alt 09.12.2011, 15:36   #6
cosinus
/// Winkelfunktion
/// TB-Süch-Tiger™
 
Trojan/Win32.VBKrypt "hrt54is56ijfgte" - Standard

Trojan/Win32.VBKrypt "hrt54is56ijfgte"



CustomScan mit OTL

Falls noch nicht vorhanden, lade Dir bitte OTL von Oldtimer herunter und speichere es auf Deinem Desktop
  • Starte bitte die OTL.exe.
    Vista und Win7 User mit Rechtsklick "als Administrator starten"
  • Kopiere nun den kompletten Inhalt aus der untenstehenden Codebox in die Textbox von OTL - wenn OTL auf deutsch ist wird sie mit beschriftet
Code:
ATTFilter
netsvcs
msconfig
safebootminimal
safebootnetwork
activex
drivers32
%ALLUSERSPROFILE%\Application Data\*.
%ALLUSERSPROFILE%\Application Data\*.exe /s
%APPDATA%\*.
%APPDATA%\*.exe /s
%SYSTEMDRIVE%\*.exe
/md5start
wininit.exe
userinit.exe
eventlog.dll
scecli.dll
netlogon.dll
cngaudit.dll
ws2ifsl.sys
sceclt.dll
ntelogon.dll
winlogon.exe
logevent.dll
user32.DLL
iaStor.sys
nvstor.sys
atapi.sys
IdeChnDr.sys
viasraid.sys
AGP440.sys
vaxscsi.sys
nvatabus.sys
viamraid.sys
nvata.sys
nvgts.sys
iastorv.sys
ViPrt.sys
eNetHook.dll
ahcix86.sys
KR10N.sys
nvstor32.sys
ahcix86s.sys
/md5stop
%systemroot%\system32\drivers\*.sys /lockedfiles
%systemroot%\System32\config\*.sav
%systemroot%\*. /mp /s
%systemroot%\system32\*.dll /lockedfiles
CREATERESTOREPOINT
         
  • Schliesse bitte nun alle Programme. (Wichtig)
  • Klicke nun bitte auf den Quick Scan Button.
  • Klick auf .
  • Kopiere nun den Inhalt aus OTL.txt hier in Deinen Thread
__________________
--> Trojan/Win32.VBKrypt "hrt54is56ijfgte"

Alt 10.12.2011, 13:40   #7
rara
 
Trojan/Win32.VBKrypt "hrt54is56ijfgte" - Standard

Trojan/Win32.VBKrypt "hrt54is56ijfgte"



Hallo cosinus,
sorry für die Wartezeit, aber jetzt hab ich die OTL. Bin gespannt auf deine Antwort.

Code:
ATTFilter
OTL logfile created on: 12/10/2011 1:22:33 PM - Run 1
OTL by OldTimer - Version 3.2.31.0     Folder = C:\Users\Rainer\Desktop
 Ultimate Edition N  (Version = 6.1.7600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.7600.16385)
Locale: 00000409 | Country: Germany | Language: DEU | Date Format: dd.MM.yyyy
 
3.25 Gb Total Physical Memory | 2.42 Gb Available Physical Memory | 74.56% Memory free
6.50 Gb Paging File | 5.39 Gb Available in Paging File | 83.00% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 400.86 Gb Total Space | 334.72 Gb Free Space | 83.50% Space Free | Partition Type: NTFS
Drive D: | 195.31 Gb Total Space | 128.82 Gb Free Space | 65.95% Space Free | Partition Type: NTFS
Drive G: | 15.05 Gb Total Space | 13.93 Gb Free Space | 92.52% Space Free | Partition Type: FAT32
 
Computer Name: RAINER-PC | User Name: Rainer | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Quick Scan
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days
 
========== Processes (SafeList) ==========
 
PRC - [2011/12/10 13:16:42 | 000,584,192 | ---- | M] (OldTimer Tools) -- C:\Users\Rainer\Desktop\OTL.exe
PRC - [2011/07/28 14:41:05 | 000,273,544 | ---- | M] (RealNetworks, Inc.) -- C:\Programme\Real\RealPlayer\Update\realsched.exe
PRC - [2011/07/21 11:07:01 | 000,269,480 | ---- | M] (Avira GmbH) -- C:\Programme\Avira\AntiVir Desktop\avguard.exe
PRC - [2011/05/17 16:43:27 | 000,136,360 | ---- | M] (Avira GmbH) -- C:\Programme\Avira\AntiVir Desktop\sched.exe
PRC - [2011/03/21 19:56:16 | 001,230,704 | ---- | M] () -- C:\Programme\DivX\DivX Update\DivXUpdate.exe
PRC - [2011/02/18 17:30:32 | 002,435,592 | ---- | M] (Check Point Software Technologies LTD) -- C:\Windows\System32\ZoneLabs\vsmon.exe
PRC - [2011/02/18 17:28:38 | 001,043,968 | ---- | M] (Check Point Software Technologies LTD) -- C:\Programme\Zone Labs\ZoneAlarm\zlclient.exe
PRC - [2010/11/05 19:59:48 | 000,281,768 | ---- | M] (Avira GmbH) -- C:\Programme\Avira\AntiVir Desktop\avgnt.exe
PRC - [2010/06/15 16:49:54 | 000,493,048 | ---- | M] (Check Point Software Technologies) -- C:\Programme\CheckPoint\ZAForceField\ISWSVC.exe
PRC - [2010/06/15 16:49:50 | 000,738,808 | ---- | M] (Check Point Software Technologies) -- C:\Programme\CheckPoint\ZAForceField\ForceField.exe
PRC - [2010/05/05 03:15:32 | 000,372,736 | ---- | M] (AMD) -- C:\Windows\System32\atieclxx.exe
PRC - [2010/05/05 03:14:56 | 000,172,032 | ---- | M] (AMD) -- C:\Windows\System32\atiesrxx.exe
PRC - [2010/03/22 15:40:22 | 000,009,728 | ---- | M] (Deutsche Telekom AG) -- C:\Programme\Netzmanager\NMInfraIS2\Netzmanager_Service.exe
PRC - [2010/03/04 22:38:00 | 000,071,096 | ---- | M] () -- C:\Programme\CDBurnerXP\NMSAccessU.exe
PRC - [2010/01/14 20:10:53 | 000,076,968 | ---- | M] (Avira GmbH) -- C:\Programme\Avira\AntiVir Desktop\avshadow.exe
PRC - [2009/10/31 06:45:39 | 002,614,272 | ---- | M] (Microsoft Corporation) -- C:\Windows\explorer.exe
PRC - [2009/07/14 02:14:42 | 000,049,152 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\taskhost.exe
PRC - [2009/07/14 02:14:15 | 000,271,360 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\conhost.exe
PRC - [2009/01/26 15:31:10 | 001,153,368 | ---- | M] (Safer Networking Ltd.) -- C:\Programme\Spybot - Search & Destroy\SDWinSec.exe
 
 
========== Modules (No Company Name) ==========
 
MOD - [2011/04/13 15:53:13 | 011,807,744 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Web\b867fbc0d573ac5e5fe71143d9caf43b\System.Web.ni.dll
MOD - [2011/04/13 15:53:08 | 000,771,584 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Runtime.Remo#\adc8998d96ca331d17cef00b1ef95a5f\System.Runtime.Remoting.ni.dll
MOD - [2011/04/13 15:52:49 | 012,430,848 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\e4ea95056046fdf87f06ae807308b627\System.Windows.Forms.ni.dll
MOD - [2011/04/13 15:52:44 | 001,586,688 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Drawing\2a34e74599686e7383ae90670a994cdf\System.Drawing.ni.dll
MOD - [2011/04/13 15:52:29 | 005,452,800 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Xml\167c8c3817ba1f48fe7396cc56f557e3\System.Xml.ni.dll
MOD - [2011/04/13 15:52:26 | 007,949,312 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System\50c67f851ae3df2d0ab7d86fd1c5c7e0\System.ni.dll
MOD - [2011/04/13 15:52:26 | 000,971,264 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Configuration\9d054fc9618b81d5703af1662cd11135\System.Configuration.ni.dll
MOD - [2011/04/13 15:52:16 | 011,490,304 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\ebdaeaeb9f66c9035b5f11431f10cda4\mscorlib.ni.dll
MOD - [2011/03/21 19:57:34 | 000,096,112 | ---- | M] () -- C:\Programme\DivX\DivX Update\DivXUpdateCheck.dll
MOD - [2011/03/21 19:56:16 | 001,230,704 | ---- | M] () -- C:\Programme\DivX\DivX Update\DivXUpdate.exe
MOD - [2010/05/27 11:40:48 | 000,270,336 | ---- | M] () -- C:\Programme\ATI Technologies\ATI.ACE\Core-Static\CLI.Aspect.CrossDisplay.Graphics.Dashboard.dll
MOD - [2010/04/16 13:20:06 | 000,016,384 | R--- | M] () -- C:\Programme\ATI Technologies\ATI.ACE\Branding\Branding.dll
MOD - [2010/03/15 10:28:22 | 000,141,824 | ---- | M] () -- C:\Programme\WinRAR\RarExt.dll
MOD - [2009/06/10 13:14:08 | 000,434,176 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\System.Windows.Forms.resources\2.0.0.0_de_b77a5c561934e089\System.Windows.Forms.resources.dll
MOD - [2009/06/10 13:14:06 | 000,315,392 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\mscorlib.resources\2.0.0.0_de_b77a5c561934e089\mscorlib.resources.dll
 
 
========== Win32 Services (SafeList) ==========
 
SRV - [2011/12/08 18:56:57 | 000,419,624 | ---- | M] (Valve Corporation) [On_Demand | Stopped] -- C:\Program Files\Common Files\Steam\SteamService.exe -- (Steam Client Service)
SRV - [2011/07/21 11:07:01 | 000,269,480 | ---- | M] (Avira GmbH) [Auto | Running] -- C:\Program Files\Avira\AntiVir Desktop\avguard.exe -- (AntiVirService)
SRV - [2011/05/17 16:43:27 | 000,136,360 | ---- | M] (Avira GmbH) [Auto | Running] -- C:\Program Files\Avira\AntiVir Desktop\sched.exe -- (AntiVirSchedulerService)
SRV - [2011/02/18 17:30:32 | 002,435,592 | ---- | M] (Check Point Software Technologies LTD) [Auto | Running] -- C:\Windows\System32\ZoneLabs\vsmon.exe -- (vsmon)
SRV - [2010/07/26 15:00:24 | 000,066,112 | ---- | M] (NOS Microsystems Ltd.) [On_Demand | Stopped] -- C:\Programme\NOS\bin\getPlus_Helper_3004.dll -- (nosGetPlusHelper) getPlus(R)
SRV - [2010/06/15 16:49:54 | 000,493,048 | ---- | M] (Check Point Software Technologies) [Auto | Running] -- C:\Program Files\CheckPoint\ZAForceField\IswSvc.exe -- (IswSvc)
SRV - [2010/05/05 03:14:56 | 000,172,032 | ---- | M] (AMD) [Auto | Running] -- C:\Windows\System32\atiesrxx.exe -- (AMD External Events Utility)
SRV - [2010/03/22 15:40:22 | 000,009,728 | ---- | M] (Deutsche Telekom AG) [Auto | Running] -- C:\Program Files\Netzmanager\NMInfraIS2\Netzmanager_Service.exe -- (Netzmanager Service)
SRV - [2010/03/04 22:38:00 | 000,071,096 | ---- | M] () [Auto | Running] -- C:\Programme\CDBurnerXP\NMSAccessU.exe -- (NMSAccess)
SRV - [2009/12/15 21:07:16 | 000,025,832 | ---- | M] (BioWare) [On_Demand | Stopped] -- D:\Games\Dragon Age\bin_ship\daupdatersvc.service.exe -- (DAUpdaterSvc)
SRV - [2009/07/14 02:16:13 | 000,025,088 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\sensrsvc.dll -- (SensrSvc)
SRV - [2009/07/14 02:16:12 | 001,004,544 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\PeerDistSvc.dll -- (PeerDistSvc)
SRV - [2009/07/14 02:15:41 | 000,680,960 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Programme\Windows Defender\MpSvc.dll -- (WinDefend)
SRV - [2009/01/26 15:31:10 | 001,153,368 | ---- | M] (Safer Networking Ltd.) [Auto | Running] -- C:\Programme\Spybot - Search & Destroy\SDWinSec.exe -- (SBSDWSCService)
SRV - [2003/02/21 14:07:48 | 000,196,691 | ---- | M] (AVM Berlin) [On_Demand | Stopped] -- C:\Programme\Common Files\AVM\De_serv.exe -- (de_serv)
 
 
========== Driver Services (SafeList) ==========
 
DRV - [2011/10/25 20:51:35 | 000,083,872 | ---- | M] () [Kernel | Auto | Running] -- C:\Windows\System32\drivers\atksgt.sys -- (atksgt)
DRV - [2011/10/25 20:51:35 | 000,025,888 | ---- | M] () [Kernel | Auto | Running] -- C:\Windows\System32\drivers\lirsgt.sys -- (lirsgt)
DRV - [2011/07/21 11:07:01 | 000,138,192 | ---- | M] (Avira GmbH) [Kernel | System | Running] -- C:\Windows\System32\drivers\avipbb.sys -- (avipbb)
DRV - [2011/07/21 11:07:01 | 000,066,616 | ---- | M] (Avira GmbH) [File_System | Auto | Running] -- C:\Windows\System32\drivers\avgntflt.sys -- (avgntflt)
DRV - [2010/08/12 13:15:20 | 000,064,288 | ---- | M] (Lavasoft AB) [File_System | Boot | Running] -- C:\Windows\system32\DRIVERS\Lbd.sys -- (Lbd)
DRV - [2010/06/15 16:49:46 | 000,026,872 | ---- | M] (Check Point Software Technologies) [Kernel | Auto | Running] -- C:\Programme\CheckPoint\ZAForceField\ISWKL.sys -- (ISWKL)
DRV - [2010/05/15 16:30:50 | 000,461,400 | ---- | M] (Check Point Software Technologies LTD) [Kernel | System | Running] -- C:\Windows\System32\drivers\vsdatant.sys -- (Vsdatant)
DRV - [2010/05/05 03:46:22 | 005,550,592 | ---- | M] (ATI Technologies Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\atikmdag.sys -- (atikmdag)
DRV - [2010/05/05 03:46:22 | 005,550,592 | ---- | M] (ATI Technologies Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\atikmdag.sys -- (amdkmdag)
DRV - [2010/05/05 02:23:00 | 000,176,128 | ---- | M] (Advanced Micro Devices, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\atikmpag.sys -- (amdkmdap)
DRV - [2010/02/24 11:22:10 | 000,185,472 | ---- | M] (Protect Software GmbH) [Kernel | Auto | Running] -- C:\Windows\System32\drivers\acedrv11.sys -- (acedrv11)
DRV - [2009/11/12 13:48:56 | 000,007,168 | ---- | M] () [File_System | On_Demand | Stopped] -- C:\Windows\System32\drivers\StarOpen.sys -- (StarOpen)
DRV - [2009/08/13 09:10:36 | 000,096,368 | ---- | M] (JMicron Technology Corp.) [Kernel | Boot | Running] -- C:\Windows\system32\DRIVERS\jraid.sys -- (JRAID)
DRV - [2009/07/17 19:52:00 | 000,155,648 | ---- | M] (Realtek Semiconductor Corp.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\RtHDMIV.sys -- (RTHDMIAzAudService)
DRV - [2009/07/14 02:19:10 | 000,175,824 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\vmbus.sys -- (vmbus)
DRV - [2009/07/14 02:19:10 | 000,040,896 | ---- | M] (Microsoft Corporation) [Kernel | Boot | Running] -- C:\Windows\system32\DRIVERS\vmstorfl.sys -- (storflt)
DRV - [2009/07/14 02:19:10 | 000,028,224 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\storvsc.sys -- (storvsc)
DRV - [2009/07/14 00:28:47 | 000,005,632 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\vms3cap.sys -- (s3cap)
DRV - [2009/07/14 00:28:45 | 000,017,920 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\VMBusHID.sys -- (VMBusHID)
DRV - [2009/05/11 08:12:49 | 000,028,520 | ---- | M] (Avira GmbH) [Kernel | System | Running] -- C:\Windows\System32\drivers\ssmdrv.sys -- (ssmdrv)
DRV - [2006/09/12 01:07:00 | 000,715,264 | ---- | M] (AVM Berlin) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\fdssbase.sys -- (FDSSBASE) AVM FRITZ!Card DSL SL (WinXP/2000)
DRV - [2006/09/12 01:07:00 | 000,045,952 | ---- | M] (AVM GmbH) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\avmdsloe.sys -- (AVMDSLPPPOE)
DRV - [2006/09/12 01:07:00 | 000,039,440 | ---- | M] (AVM GmbH) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\avmndsl.sys -- (AVMNDSL)
DRV - [2003/02/21 14:07:48 | 000,027,648 | ---- | M] (AVM Berlin) [Kernel | Auto | Running] -- C:\Windows\System32\drivers\Aadev.sys -- (aadev)
 
 
========== Standard Registry (SafeList) ==========
 
 
========== Internet Explorer ==========
 
IE - HKLM\..\URLSearchHook: {8dbb6d8e-e4a6-4e3b-9753-af78b226441c} - C:\Programme\Softonic_Deutsch\tbSoft.dll (Conduit Ltd.)
IE - HKLM\..\URLSearchHook: {fc2b76fc-2132-4d80-a9a3-1f5c6e49066b} - C:\Programme\ZoneAlarm-Sicherheit\tbZone.dll (Conduit Ltd.)
 
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = hxxp://de.msn.com/?ocid=iehp
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = de
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = 4D 79 A3 C3 A7 2D CC 01  [binary data]
IE - HKCU\..\URLSearchHook: {8dbb6d8e-e4a6-4e3b-9753-af78b226441c} - C:\Programme\Softonic_Deutsch\tbSoft.dll (Conduit Ltd.)
IE - HKCU\..\URLSearchHook: {fc2b76fc-2132-4d80-a9a3-1f5c6e49066b} - C:\Programme\ZoneAlarm-Sicherheit\tbZone.dll (Conduit Ltd.)
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
 
========== FireFox ==========
 
FF - prefs.js..browser.startup.homepage: "hxxp://www.google.de/"
FF - prefs.js..extensions.enabledItems: {FFB96CC1-7EB3-449D-B827-DB661701C6BB}:1.5.232.0
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA}:6.0.21
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA}:6.0.22
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA}:6.0.23
FF - prefs.js..extensions.enabledItems: {b9db16a4-6edc-47ec-a1f4-b86292ed211d}:4.9.5
FF - prefs.js..extensions.enabledItems: {c50ca3c4-5656-43c2-a061-13e717f73fc8}:4.1.3
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA}:6.0.24
FF - prefs.js..extensions.enabledItems: {ABDE892B-13A8-4d1b-88E6-365A6E755758}:14.0.5
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0026-ABCDEFFEDCBA}:6.0.26
 
FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF32.dll ()
FF - HKLM\Software\MozillaPlugins\@checkpoint.com/FFApi: C:\Program Files\CheckPoint\ZAForceField\TrustChecker\bin\npFFApi.dll ()
FF - HKLM\Software\MozillaPlugins\@divx.com/DivX Browser Plugin,version=1.0.0: C:\Program Files\DivX\DivX Plus Web Player\npdivx32.dll (DivX,Inc.)
FF - HKLM\Software\MozillaPlugins\@divx.com/DivX VOD Helper,version=1.0.0: C:\Program Files\DivX\DivX OVS Helper\npovshelper.dll (DivX, LLC.)
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files\Java\jre6\bin\new_plugin\npjp2.dll (Sun Microsystems, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nppl3260;version=12.0.1.647: c:\program files\real\realplayer\Netscape6\nppl3260.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nprjplug;version=12.0.1.647: c:\program files\real\realplayer\Netscape6\nprjplug.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nprpchromebrowserrecordext;version=12.0.1.660: C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\MozillaPlugins\nprpchromebrowserrecordext.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nprphtml5videoshim;version=12.0.1.660: C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\MozillaPlugins\nprphtml5videoshim.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nprpjplug;version=12.0.1.660: c:\program files\real\realplayer\Netscape6\nprpjplug.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nsJSRealPlayerPlugin;version=:  File not found
FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files\Adobe\Reader 9.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
 
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{FFB96CC1-7EB3-449D-B827-DB661701C6BB}: C:\Program Files\CheckPoint\ZAForceField\TrustChecker [2011/02/07 12:40:37 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{ABDE892B-13A8-4d1b-88E6-365A6E755758}: C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\Firefox\Ext [2011/07/28 14:41:24 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 8.0.1\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2011/12/02 16:33:25 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 8.0.1\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2011/12/02 16:33:25 | 000,000,000 | ---D | M]
 
[2010/05/28 12:12:07 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Rainer\AppData\Roaming\mozilla\Extensions
[2011/12/02 16:33:49 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Rainer\AppData\Roaming\mozilla\Firefox\Profiles\u268tl1a.default\extensions
[2011/12/02 16:33:49 | 000,000,000 | ---D | M] (DownloadHelper) -- C:\Users\Rainer\AppData\Roaming\mozilla\Firefox\Profiles\u268tl1a.default\extensions\{b9db16a4-6edc-47ec-a1f4-b86292ed211d}
[2011/08/26 19:46:14 | 000,000,000 | ---D | M] (Fast Video Download (with SearchMenu)) -- C:\Users\Rainer\AppData\Roaming\mozilla\Firefox\Profiles\u268tl1a.default\extensions\{c50ca3c4-5656-43c2-a061-13e717f73fc8}
[2011/12/08 16:41:33 | 000,000,000 | ---D | M] (No name found) -- C:\Programme\Mozilla Firefox\extensions
[2011/12/08 16:41:33 | 000,000,000 | ---D | M] (Java Console) -- C:\Programme\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0029-ABCDEFFEDCBA}
[2011/12/02 16:33:24 | 000,134,104 | ---- | M] (Mozilla Foundation) -- C:\Program Files\mozilla firefox\components\browsercomps.dll
[2011/10/03 05:06:04 | 000,476,904 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files\mozilla firefox\plugins\npdeployJava1.dll
[2011/12/02 16:33:23 | 000,001,392 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\amazondotcom-de.xml
[2011/12/02 16:33:23 | 000,002,252 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\bing.xml
[2011/12/02 16:33:23 | 000,001,153 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\eBay-de.xml
[2011/12/02 16:33:23 | 000,006,805 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\leo_ende_de.xml
[2011/12/02 16:33:23 | 000,001,178 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\wikipedia-de.xml
[2011/12/02 16:33:23 | 000,001,105 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\yahoo-de.xml
 
O1 HOSTS File: ([2009/06/10 22:39:37 | 000,000,824 | ---- | M]) - C:\Windows\System32\drivers\etc\hosts
O2 - BHO: (RealPlayer Download and Record Plugin for Internet Explorer) - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\IE\rpbrowserrecordplugin.dll (RealPlayer)
O2 - BHO: (Spybot-S&D IE Protection) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Programme\Spybot - Search & Destroy\SDHelper.dll (Safer Networking Limited)
O2 - BHO: (ZoneAlarm Security Engine Registrar) - {8A4A36C2-0535-4D2C-BD3D-496CB7EED6E3} - C:\Programme\CheckPoint\ZAForceField\Trustchecker\bin\TrustCheckerIEPlugin.dll (Check Point Software Technologies)
O2 - BHO: (Softonic Deutsch Toolbar) - {8dbb6d8e-e4a6-4e3b-9753-af78b226441c} - C:\Programme\Softonic_Deutsch\tbSoft.dll (Conduit Ltd.)
O2 - BHO: (ZoneAlarm-Sicherheit Toolbar) - {fc2b76fc-2132-4d80-a9a3-1f5c6e49066b} - C:\Programme\ZoneAlarm-Sicherheit\tbZone.dll (Conduit Ltd.)
O3 - HKLM\..\Toolbar: (Softonic Deutsch Toolbar) - {8dbb6d8e-e4a6-4e3b-9753-af78b226441c} - C:\Programme\Softonic_Deutsch\tbSoft.dll (Conduit Ltd.)
O3 - HKLM\..\Toolbar: (ZoneAlarm Security Engine) - {EE2AC4E5-B0B0-4EC6-88A9-BCA1A32AB107} - C:\Programme\CheckPoint\ZAForceField\Trustchecker\bin\TrustCheckerIEPlugin.dll (Check Point Software Technologies)
O3 - HKLM\..\Toolbar: (ZoneAlarm-Sicherheit Toolbar) - {fc2b76fc-2132-4d80-a9a3-1f5c6e49066b} - C:\Programme\ZoneAlarm-Sicherheit\tbZone.dll (Conduit Ltd.)
O3 - HKCU\..\Toolbar\WebBrowser: (Softonic Deutsch Toolbar) - {8DBB6D8E-E4A6-4E3B-9753-AF78B226441C} - C:\Programme\Softonic_Deutsch\tbSoft.dll (Conduit Ltd.)
O3 - HKCU\..\Toolbar\WebBrowser: (ZoneAlarm Security Engine) - {EE2AC4E5-B0B0-4EC6-88A9-BCA1A32AB107} - C:\Programme\CheckPoint\ZAForceField\Trustchecker\bin\TrustCheckerIEPlugin.dll (Check Point Software Technologies)
O3 - HKCU\..\Toolbar\WebBrowser: (ZoneAlarm-Sicherheit Toolbar) - {FC2B76FC-2132-4D80-A9A3-1F5C6E49066B} - C:\Programme\ZoneAlarm-Sicherheit\tbZone.dll (Conduit Ltd.)
O4 - HKLM..\Run: [avgnt] C:\Program Files\Avira\AntiVir Desktop\avgnt.exe (Avira GmbH)
O4 - HKLM..\Run: [AWatch] C:\Program Files\Teledat 320\Awatch.exe (AVM Berlin)
O4 - HKLM..\Run: [DivXUpdate] C:\Program Files\DivX\DivX Update\DivXUpdate.exe ()
O4 - HKLM..\Run: [ISW] C:\Program Files\CheckPoint\ZAForceField\ForceField.exe (Check Point Software Technologies)
O4 - HKLM..\Run: [Malwarebytes' Anti-Malware (reboot)] C:\Program Files\Malwarebytes' Anti-Malware\mbam.exe (Malwarebytes Corporation)
O4 - HKLM..\Run: [StartCCC] C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe (Advanced Micro Devices, Inc.)
O4 - HKLM..\Run: [TkBellExe] c:\program files\real\realplayer\Update\realsched.exe (RealNetworks, Inc.)
O4 - HKLM..\Run: [ZoneAlarm Client] C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe (Check Point Software Technologies LTD)
O4 - HKCU..\Run: [SpybotSD TeaTimer] C:\Programme\Spybot - Search & Destroy\TeaTimer.exe (Safer-Networking Ltd.)
O4 - HKCU..\Run: [Steam] C:\Program Files\Steam\Steam.exe (Valve Corporation)
O4 - Startup: C:\Users\Rainer\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Netzmanager.lnk = C:\Programme\Netzmanager\netzmanager.exe (Deutsche Telekom AG)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDesktop = 0
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O9 - Extra 'Tools' menuitem : Spybot - Search && Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Programme\Spybot - Search & Destroy\SDHelper.dll (Safer Networking Limited)
O13 - gopher Prefix: missing
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} hxxp://download.microsoft.com/download/E/5/6/E5611B10-0D6D-4117-8430-A67417AA88CD/LegitCheckControl.cab (Windows Genuine Advantage Validation Tool)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_29-windows-i586.cab (Java Plug-in 1.6.0_29)
O16 - DPF: {CAFEEFAC-0016-0000-0029-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_29-windows-i586.cab (Java Plug-in 1.6.0_29)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_29-windows-i586.cab (Java Plug-in 1.6.0_29)
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} hxxp://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab (get_atlcom Class)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{149AA515-96D9-4A7A-8C9D-300BC27D0B89}: NameServer = 217.0.43.161 217.0.43.177
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{A8BE80C4-B5DA-4C17-BB44-9AC5D0DD54D8}: NameServer = 217.0.43.161 217.0.43.177
O20 - HKLM Winlogon: Shell - (Explorer.exe) -C:\Windows\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) -C:\Windows\System32\userinit.exe (Microsoft Corporation)
O20 - HKLM Winlogon: VMApplet - (SystemPropertiesPerformance.exe) -C:\Windows\System32\SystemPropertiesPerformance.exe (Microsoft Corporation)
O20 - HKLM Winlogon: VMApplet - (/pagefile) - File not found
O20 - HKCU Winlogon: Shell - (Explorer.exe) -C:\Windows\explorer.exe (Microsoft Corporation)
O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2009/06/10 22:42:20 | 000,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ]
O32 - AutoRun File - [2009/05/19 22:28:59 | 000,000,000 | ---- | M] () - D:\AUTOEXEC.BAT -- [ NTFS ]
O33 - MountPoints2\{d92abe36-795c-11e0-80de-806e6f6e6963}\Shell - "" = AutoRun
O33 - MountPoints2\{d92abe36-795c-11e0-80de-806e6f6e6963}\Shell\AutoRun\command - "" = E:\SETUP.EXE
O34 - HKLM BootExecute: (autocheck autochk *)
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
 
NetSvcs: FastUserSwitchingCompatibility -  File not found
NetSvcs: Ias - C:\Windows\System32\ias.dll (Microsoft Corporation)
NetSvcs: Nla -  File not found
NetSvcs: Ntmssvc -  File not found
NetSvcs: NWCWorkstation -  File not found
NetSvcs: Nwsapagent -  File not found
NetSvcs: SRService -  File not found
NetSvcs: WmdmPmSp -  File not found
NetSvcs: LogonHours -  File not found
NetSvcs: PCAudit -  File not found
NetSvcs: helpsvc -  File not found
NetSvcs: uploadmgr -  File not found
 
MsConfig - StartUpReg: APSDaemon - hkey= - key= - C:\Program Files\Common Files\Apple\Apple Application Support\APSDaemon.exe (Apple Inc.)
MsConfig - StartUpReg: JMB36X IDE Setup - hkey= - key= - C:\Windows\RaidTool\xInsIDE.exe ()
MsConfig - State: "startup" - 2
 
SafeBootMin: Base - Driver Group
SafeBootMin: Boot Bus Extender - Driver Group
SafeBootMin: Boot file system - Driver Group
SafeBootMin: File system - Driver Group
SafeBootMin: Filter - Driver Group
SafeBootMin: HelpSvc - Service
SafeBootMin: NTDS -  File not found
SafeBootMin: PCI Configuration - Driver Group
SafeBootMin: PNP Filter - Driver Group
SafeBootMin: Primary disk - Driver Group
SafeBootMin: sacsvr - Service
SafeBootMin: SCSI Class - Driver Group
SafeBootMin: System Bus Extender - Driver Group
SafeBootMin: vmms - Service
SafeBootMin: WinDefend - C:\Programme\Windows Defender\MpSvc.dll (Microsoft Corporation)
SafeBootMin: WudfRd - Driver
SafeBootMin: {36FC9E60-C465-11CF-8056-444553540000} - Universal Serial Bus controllers
SafeBootMin: {4D36E965-E325-11CE-BFC1-08002BE10318} - CD-ROM Drive
SafeBootMin: {4D36E967-E325-11CE-BFC1-08002BE10318} - DiskDrive
SafeBootMin: {4D36E969-E325-11CE-BFC1-08002BE10318} - Standard floppy disk controller
SafeBootMin: {4D36E96A-E325-11CE-BFC1-08002BE10318} - Hdc
SafeBootMin: {4D36E96B-E325-11CE-BFC1-08002BE10318} - Keyboard
SafeBootMin: {4D36E96F-E325-11CE-BFC1-08002BE10318} - Mouse
SafeBootMin: {4D36E977-E325-11CE-BFC1-08002BE10318} - PCMCIA Adapters
SafeBootMin: {4D36E97B-E325-11CE-BFC1-08002BE10318} - SCSIAdapter
SafeBootMin: {4D36E97D-E325-11CE-BFC1-08002BE10318} - System
SafeBootMin: {4D36E980-E325-11CE-BFC1-08002BE10318} - Floppy disk drive
SafeBootMin: {533C5B84-EC70-11D2-9505-00C04F79DEAF} - Volume shadow copy
SafeBootMin: {6BDD1FC1-810F-11D0-BEC7-08002BE2092F} - IEEE 1394 Bus host controllers
SafeBootMin: {71A27CDD-812A-11D0-BEC7-08002BE2092F} - Volume
SafeBootMin: {745A17A0-74D3-11D0-B6FE-00A0C90F57DA} - Human Interface Devices
SafeBootMin: {D48179BE-EC20-11D1-B6B8-00C04FA372A7} - SBP2 IEEE 1394 Devices
SafeBootMin: {D94EE5D8-D189-4994-83D2-F68D7D41B0E6} - SecurityDevices
 
SafeBootNet: Base - Driver Group
SafeBootNet: Boot Bus Extender - Driver Group
SafeBootNet: Boot file system - Driver Group
SafeBootNet: File system - Driver Group
SafeBootNet: Filter - Driver Group
SafeBootNet: HelpSvc - Service
SafeBootNet: Messenger - Service
SafeBootNet: NDIS Wrapper - Driver Group
SafeBootNet: NetBIOSGroup - Driver Group
SafeBootNet: NetDDEGroup - Driver Group
SafeBootNet: Network - Driver Group
SafeBootNet: NetworkProvider - Driver Group
SafeBootNet: NTDS -  File not found
SafeBootNet: PCI Configuration - Driver Group
SafeBootNet: PNP Filter - Driver Group
SafeBootNet: PNP_TDI - Driver Group
SafeBootNet: Primary disk - Driver Group
SafeBootNet: rdsessmgr - Service
SafeBootNet: sacsvr - Service
SafeBootNet: SCSI Class - Driver Group
SafeBootNet: Streams Drivers - Driver Group
SafeBootNet: System Bus Extender - Driver Group
SafeBootNet: TDI - Driver Group
SafeBootNet: vmms - Service
SafeBootNet: vsmon - C:\Windows\System32\ZoneLabs\vsmon.exe (Check Point Software Technologies LTD)
SafeBootNet: WinDefend - C:\Programme\Windows Defender\MpSvc.dll (Microsoft Corporation)
SafeBootNet: WudfRd - Driver
SafeBootNet: WudfUsbccidDriver - Driver
SafeBootNet: {36FC9E60-C465-11CF-8056-444553540000} - Universal Serial Bus controllers
SafeBootNet: {4D36E965-E325-11CE-BFC1-08002BE10318} - CD-ROM Drive
SafeBootNet: {4D36E967-E325-11CE-BFC1-08002BE10318} - DiskDrive
SafeBootNet: {4D36E969-E325-11CE-BFC1-08002BE10318} - Standard floppy disk controller
SafeBootNet: {4D36E96A-E325-11CE-BFC1-08002BE10318} - Hdc
SafeBootNet: {4D36E96B-E325-11CE-BFC1-08002BE10318} - Keyboard
SafeBootNet: {4D36E96F-E325-11CE-BFC1-08002BE10318} - Mouse
SafeBootNet: {4D36E972-E325-11CE-BFC1-08002BE10318} - Net
SafeBootNet: {4D36E973-E325-11CE-BFC1-08002BE10318} - NetClient
SafeBootNet: {4D36E974-E325-11CE-BFC1-08002BE10318} - NetService
SafeBootNet: {4D36E975-E325-11CE-BFC1-08002BE10318} - NetTrans
SafeBootNet: {4D36E977-E325-11CE-BFC1-08002BE10318} - PCMCIA Adapters
SafeBootNet: {4D36E97B-E325-11CE-BFC1-08002BE10318} - SCSIAdapter
SafeBootNet: {4D36E97D-E325-11CE-BFC1-08002BE10318} - System
SafeBootNet: {4D36E980-E325-11CE-BFC1-08002BE10318} - Floppy disk drive
SafeBootNet: {50DD5230-BA8A-11D1-BF5D-0000F805F530} - Smart card readers
SafeBootNet: {533C5B84-EC70-11D2-9505-00C04F79DEAF} - Volume shadow copy
SafeBootNet: {6BDD1FC1-810F-11D0-BEC7-08002BE2092F} - IEEE 1394 Bus host controllers
SafeBootNet: {71A27CDD-812A-11D0-BEC7-08002BE2092F} - Volume
SafeBootNet: {745A17A0-74D3-11D0-B6FE-00A0C90F57DA} - Human Interface Devices
SafeBootNet: {D48179BE-EC20-11D1-B6B8-00C04FA372A7} - SBP2 IEEE 1394 Devices
SafeBootNet: {D94EE5D8-D189-4994-83D2-F68D7D41B0E6} - SecurityDevices
 
ActiveX: {08B0E5C0-4FCB-11CF-AAA5-00401C608500} - Java (Sun)
ActiveX: {25FFAAD0-F4A3-4164-95FF-4461E9F35D51} - .NET Framework
ActiveX: {2C7339CF-2B09-4501-B3F3-F3508C9228ED} - %SystemRoot%\system32\regsvr32.exe /s /n /i:/UserInstall %SystemRoot%\system32\themeui.dll
ActiveX: {3af36230-a269-11d1-b5bf-0000f8051515} - Offline Browsing Pack
ActiveX: {3C3901C5-3455-3E0A-A214-0B093A5070A6} - .NET Framework
ActiveX: {411EDCF7-755D-414E-A74B-3DCD6583F589} - Microsoft .NET Framework 1.1 Service Pack 1 (KB867460)
ActiveX: {44BBA840-CC51-11CF-AAFA-00AA00B6015C} - "%ProgramFiles%\Windows Mail\WinMail.exe" OCInstallUserConfigOE
ActiveX: {44BBA855-CC51-11CF-AAFA-00AA00B6015F} - DirectDrawEx
ActiveX: {45ea75a0-a269-11d1-b5bf-0000f8051515} - Internet Explorer Help
ActiveX: {4f645220-306d-11d2-995d-00c04f98bbc9} - Microsoft Windows Script 5.6
ActiveX: {5fd399c0-a70a-11d1-9948-00c04f98bbc9} - Internet Explorer Setup Tools
ActiveX: {630b1da0-b465-11d1-9948-00c04f98bbc9} - Browsing Enhancements
ActiveX: {6fab99d0-bab8-11d1-994a-00c04f98bbc9} - MSN Site Access
ActiveX: {7790769C-0471-11d2-AF11-00C04FA35D02} - Address Book 7
ActiveX: {7C028AF8-F614-47B3-82DA-BA94E41B1089} - .NET Framework
ActiveX: {89820200-ECBD-11cf-8B85-00AA005B4340} - regsvr32.exe /s /n /i:U shell32.dll
ActiveX: {89820200-ECBD-11cf-8B85-00AA005B4383} - C:\Windows\System32\ie4uinit.exe -BaseSettings
ActiveX: {89B4C1CD-B018-4511-B0A1-5476DBF70820} - C:\Windows\system32\Rundll32.exe C:\Windows\system32\mscories.dll,Install
ActiveX: {9381D8F2-0288-11D0-9501-00AA00B911A5} - Dynamic HTML Data Binding
ActiveX: {C9E9A340-D1F1-11D0-821E-444553540600} - Internet Explorer Core Fonts
ActiveX: {CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1} - .NET Framework
ActiveX: {D27CDB6E-AE6D-11CF-96B8-444553540000} - Shockwave Flash
ActiveX: {DAA94A2A-2A8D-4D3B-9DB8-56FBECED082D} - Microsoft .NET Framework 1.1 Security Update (KB953297)
ActiveX: {de5aed00-a4bf-11d1-9948-00c04f98bbc9} - HTML Help
ActiveX: {E78BFA60-5393-4C38-82AB-E8019E464EB4} - .NET Framework
ActiveX: {E92B03AB-B707-11d2-9CBD-0000F87A369E} - Active Directory Service Interface
ActiveX: >{26923b43-4d38-484f-9b9e-de460746276c} - C:\Windows\System32\ie4uinit.exe -UserIconConfig
ActiveX: >{60B49E34-C7CC-11D0-8953-00A0C90347FF} - "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\iedkcs32.dll",BrandIEActiveSetup SIGNUP
 
Drivers32: msacm.ac3filter - C:\Windows\System32\ac3filter.acm ()
Drivers32: msacm.lameacm - C:\Windows\System32\LameACM.acm (hxxp://www.mp3dev.org/)
Drivers32: vidc.cvid - C:\Windows\System32\iccvid.dll (Radius Inc.)
Drivers32: vidc.DIVX - C:\Windows\System32\DivX.dll (DivX, Inc.)
Drivers32: vidc.ffds - C:\Windows\System32\ffdshow.ax ()
Drivers32: vidc.yv12 - C:\Windows\System32\DivX.dll (DivX, Inc.)
 
CREATERESTOREPOINT
Restore point Set: OTL Restore Point
 
========== Files/Folders - Created Within 30 Days ==========
 
[2011/12/10 13:16:40 | 000,584,192 | ---- | C] (OldTimer Tools) -- C:\Users\Rainer\Desktop\OTL.exe
[2011/12/09 14:46:48 | 000,000,000 | ---D | C] -- C:\Eset
[2011/12/09 12:44:55 | 000,000,000 | ---D | C] -- C:\Program Files\ESET
[2011/12/09 11:54:11 | 000,000,000 | ---D | C] -- C:\Games
[2011/12/08 16:48:49 | 000,000,000 | ---D | C] -- C:\tdsskiller
[2011/12/08 16:41:40 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Java
[2011/12/06 23:43:41 | 000,000,000 | ---D | C] -- C:\Users\Rainer\AppData\Roaming\Malwarebytes
[2011/12/06 23:42:52 | 000,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes
[2011/12/06 23:42:48 | 000,022,216 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbam.sys
[2011/12/06 23:42:48 | 000,000,000 | ---D | C] -- C:\Program Files\Malwarebytes' Anti-Malware
[2011/12/06 21:48:40 | 000,000,000 | ---D | C] -- C:\Antibundestrojaner
[2011/12/06 21:35:24 | 000,000,000 | ---D | C] -- C:\Reg entsperren
[2011/12/04 21:47:51 | 000,000,000 | ---D | C] -- C:\Users\Rainer\dwhelper
[2011/11/24 22:37:23 | 000,000,000 | ---D | C] -- C:\Jagdfieber.2.German.2008.DVDRip.XviD-SiGHT
[2011/11/19 16:07:59 | 000,000,000 | ---D | C] -- C:\Users\Rainer\AppData\Local\Skyrim
[2011/11/19 16:06:55 | 000,000,000 | ---D | C] -- C:\Users\Rainer\Documents\My Games
[2011/11/19 14:54:49 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Steam
[2011/11/19 14:54:48 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Steam
[2011/11/19 14:54:47 | 000,000,000 | ---D | C] -- C:\Program Files\Steam
[2004/11/24 20:25:52 | 000,335,872 | ---- | C] ( ) -- C:\Windows\System32\drvc.dll
 
========== Files - Modified Within 30 Days ==========
 
[2011/12/10 13:16:42 | 000,584,192 | ---- | M] (OldTimer Tools) -- C:\Users\Rainer\Desktop\OTL.exe
[2011/12/10 13:15:08 | 000,662,236 | ---- | M] () -- C:\Windows\System32\perfh007.dat
[2011/12/10 13:15:08 | 000,624,578 | ---- | M] () -- C:\Windows\System32\perfh009.dat
[2011/12/10 13:15:08 | 000,134,232 | ---- | M] () -- C:\Windows\System32\perfc007.dat
[2011/12/10 13:15:08 | 000,110,216 | ---- | M] () -- C:\Windows\System32\perfc009.dat
[2011/12/10 13:10:34 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2011/12/10 13:10:27 | 2616,057,856 | -HS- | M] () -- C:\hiberfil.sys
[2011/12/09 11:54:39 | 000,001,664 | ---- | M] () -- C:\Users\Rainer\Desktop\Ski Challenge 12 (AT) starten.lnk
[2011/12/09 01:52:25 | 000,009,600 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
[2011/12/09 01:52:24 | 000,009,600 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
[2011/12/08 16:55:13 | 000,002,029 | ---- | M] () -- C:\Users\Rainer\Desktop\Entfernen des Avira DE-Cleaners.lnk
[2011/12/08 16:55:13 | 000,001,958 | ---- | M] () -- C:\Users\Rainer\Desktop\Avira DE-Cleaner.lnk
[2011/12/07 00:05:48 | 000,000,008 | RHS- | M] () -- C:\Users\Rainer\ntuser.pol
[2011/12/06 23:42:52 | 000,001,071 | ---- | M] () -- C:\Users\Public\Desktop\Malwarebytes' Anti-Malware.lnk
[2011/12/06 22:49:53 | 000,000,105 | ---- | M] () -- C:\reg
[2011/12/02 16:33:53 | 000,002,002 | ---- | M] () -- C:\Users\Rainer\Application Data\Microsoft\Internet Explorer\Quick Launch\Mozilla Firefox.lnk
[2011/11/30 20:42:26 | 000,000,215 | ---- | M] () -- C:\Users\Rainer\Desktop\The Elder Scrolls V Skyrim.url
[2011/11/26 01:12:49 | 293,097,791 | ---- | M] () -- C:\Windows\MEMORY.DMP
[2011/11/20 12:08:33 | 000,001,841 | ---- | M] () -- C:\Users\Rainer\Desktop\SkyrimLauncher.exe - Verknüpfung.lnk
[2011/11/19 14:54:51 | 000,000,875 | ---- | M] () -- C:\Users\Public\Desktop\Steam.lnk
 
========== Files Created - No Company Name ==========
 
[2011/12/09 11:54:39 | 000,001,664 | ---- | C] () -- C:\Users\Rainer\Desktop\Ski Challenge 12 (AT) starten.lnk
[2011/12/08 16:55:13 | 000,002,029 | ---- | C] () -- C:\Users\Rainer\Desktop\Entfernen des Avira DE-Cleaners.lnk
[2011/12/08 16:55:13 | 000,001,958 | ---- | C] () -- C:\Users\Rainer\Desktop\Avira DE-Cleaner.lnk
[2011/12/07 00:01:55 | 000,000,008 | RHS- | C] () -- C:\Users\Rainer\ntuser.pol
[2011/12/06 23:42:52 | 000,001,071 | ---- | C] () -- C:\Users\Public\Desktop\Malwarebytes' Anti-Malware.lnk
[2011/12/06 22:49:29 | 000,000,105 | ---- | C] () -- C:\reg
[2011/11/30 20:42:26 | 000,000,215 | ---- | C] () -- C:\Users\Rainer\Desktop\The Elder Scrolls V Skyrim.url
[2011/11/26 01:12:49 | 293,097,791 | ---- | C] () -- C:\Windows\MEMORY.DMP
[2011/11/20 12:08:33 | 000,001,841 | ---- | C] () -- C:\Users\Rainer\Desktop\SkyrimLauncher.exe - Verknüpfung.lnk
[2011/11/19 14:54:51 | 000,000,875 | ---- | C] () -- C:\Users\Public\Desktop\Steam.lnk
[2011/10/25 18:45:20 | 000,083,872 | ---- | C] () -- C:\Windows\System32\drivers\atksgt.sys
[2011/10/25 18:45:19 | 000,025,888 | ---- | C] () -- C:\Windows\System32\drivers\lirsgt.sys
[2010/08/29 21:23:59 | 000,007,168 | ---- | C] () -- C:\Windows\System32\drivers\StarOpen.sys
[2010/08/26 15:47:15 | 000,008,704 | ---- | C] () -- C:\Windows\System32\CNMVS78.DLL
[2010/07/31 01:01:34 | 000,007,680 | ---- | C] () -- C:\Users\Rainer\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2010/05/27 16:18:16 | 000,662,236 | ---- | C] () -- C:\Windows\System32\perfh007.dat
[2010/05/27 16:18:16 | 000,295,922 | ---- | C] () -- C:\Windows\System32\perfi007.dat
[2010/05/27 16:18:16 | 000,134,232 | ---- | C] () -- C:\Windows\System32\perfc007.dat
[2010/05/27 16:18:16 | 000,038,104 | ---- | C] () -- C:\Windows\System32\perfd007.dat
[2010/05/22 00:55:22 | 000,000,000 | ---- | C] () -- C:\Windows\ativpsrm.bin
[2010/05/21 16:26:02 | 000,073,728 | ---- | C] () -- C:\Windows\System32\RtNicProp32.dll
[2010/05/21 16:21:03 | 000,000,010 | ---- | C] () -- C:\Windows\GSetup.ini
[2010/05/05 02:21:48 | 000,023,040 | ---- | C] () -- C:\Windows\System32\atitmpxx.dll
[2010/04/28 22:17:50 | 000,002,110 | ---- | C] () -- C:\Windows\System32\atipblag.dat
[2010/03/25 16:56:00 | 000,203,331 | ---- | C] () -- C:\Windows\System32\atiicdxx.dat
[2009/08/27 08:04:12 | 000,207,400 | R--- | C] () -- C:\Windows\GSetup.exe
[2009/07/14 05:55:27 | 000,067,584 | --S- | C] () -- C:\Windows\bootstat.dat
[2009/07/14 05:02:04 | 000,257,880 | ---- | C] () -- C:\Windows\System32\FNTCACHE.DAT
[2009/07/14 03:05:48 | 000,624,578 | ---- | C] () -- C:\Windows\System32\perfh009.dat
[2009/07/14 03:05:48 | 000,291,294 | ---- | C] () -- C:\Windows\System32\perfi009.dat
[2009/07/14 03:05:48 | 000,110,216 | ---- | C] () -- C:\Windows\System32\perfc009.dat
[2009/07/14 03:05:48 | 000,031,548 | ---- | C] () -- C:\Windows\System32\perfd009.dat
[2009/07/14 03:05:05 | 000,000,741 | ---- | C] () -- C:\Windows\System32\NOISE.DAT
[2009/07/14 03:04:11 | 000,215,943 | ---- | C] () -- C:\Windows\System32\dssec.dat
[2009/07/14 01:19:49 | 000,066,048 | ---- | C] () -- C:\Windows\System32\PrintBrmUi.exe
[2009/07/14 00:55:01 | 000,043,131 | ---- | C] () -- C:\Windows\mib.bin
[2009/07/14 00:51:43 | 000,073,728 | ---- | C] () -- C:\Windows\System32\BthpanContextHandler.dll
[2009/07/14 00:42:10 | 000,064,000 | ---- | C] () -- C:\Windows\System32\BWContextHandler.dll
[2009/07/14 00:36:08 | 000,193,024 | ---- | C] () -- C:\Windows\System32\sppcomapi.dll
[2009/06/10 22:26:10 | 000,673,088 | ---- | C] () -- C:\Windows\System32\mlang.dat
[2009/02/18 16:55:22 | 000,294,912 | ---- | C] () -- C:\Windows\System32\ATIODE.exe
[2009/02/03 19:52:04 | 000,045,056 | ---- | C] () -- C:\Windows\System32\ATIODCLI.exe
[2008/12/19 16:15:58 | 004,338,246 | ---- | C] () -- C:\Windows\System32\libavcodec.dll
[2008/12/17 18:41:18 | 000,884,237 | ---- | C] () -- C:\Windows\System32\ff_x264.dll
[2008/12/17 18:22:58 | 000,093,184 | ---- | C] () -- C:\Windows\System32\ff_wmv9.dll
[2008/12/17 18:22:48 | 000,057,344 | ---- | C] () -- C:\Windows\System32\ff_vfw.dll
[2008/12/17 18:17:34 | 000,239,247 | ---- | C] () -- C:\Windows\System32\ff_theora.dll
[2008/12/17 17:59:54 | 000,560,802 | ---- | C] () -- C:\Windows\System32\libmplayer.dll
[2006/11/02 17:10:16 | 000,080,912 | ---- | C] () -- C:\Windows\System32\sherlock2.exe
[2006/09/12 01:07:00 | 000,199,112 | ---- | C] () -- C:\Windows\System32\fdssbase.bin
[2004/10/03 18:50:54 | 000,129,024 | ---- | C] () -- C:\Windows\System32\ff_mpeg2enc.dll
 
========== LOP Check ==========
 
[2011/10/12 19:35:03 | 000,000,000 | ---D | M] -- C:\Users\Rainer\AppData\Roaming\Audacity
[2010/08/28 12:39:33 | 000,000,000 | ---D | M] -- C:\Users\Rainer\AppData\Roaming\Auslogics
[2010/08/29 21:24:04 | 000,000,000 | ---D | M] -- C:\Users\Rainer\AppData\Roaming\Canneverbe Limited
[2010/05/28 11:53:53 | 000,000,000 | ---D | M] -- C:\Users\Rainer\AppData\Roaming\CheckPoint
[2011/03/19 13:02:45 | 000,000,000 | ---D | M] -- C:\Users\Rainer\AppData\Roaming\FreeFLVConverter
[2010/12/15 19:29:56 | 000,000,000 | ---D | M] -- C:\Users\Rainer\AppData\Roaming\IrfanView
[2010/09/14 21:35:39 | 000,000,000 | ---D | M] -- C:\Users\Rainer\AppData\Roaming\ProtectDISC
[2010/05/25 17:57:38 | 000,000,000 | ---D | M] -- C:\Users\Rainer\AppData\Roaming\T-Online
[2011/03/17 10:50:37 | 000,000,370 | ---- | M] () -- C:\Windows\Tasks\Ad-Aware Update (Weekly).job
[2011/10/27 17:07:46 | 000,032,608 | ---- | M] () -- C:\Windows\Tasks\SCHEDLGU.TXT
 
========== Purity Check ==========
 
 
 
========== Custom Scans ==========
 
 
< %ALLUSERSPROFILE%\Application Data\*. >
 
< %ALLUSERSPROFILE%\Application Data\*.exe /s >
 
< %APPDATA%\*. >
[2010/08/13 11:13:27 | 000,000,000 | ---D | M] -- C:\Users\Rainer\AppData\Roaming\Adobe
[2011/11/10 11:53:28 | 000,000,000 | ---D | M] -- C:\Users\Rainer\AppData\Roaming\Apple Computer
[2010/06/20 10:53:33 | 000,000,000 | ---D | M] -- C:\Users\Rainer\AppData\Roaming\ATI
[2011/10/12 19:35:03 | 000,000,000 | ---D | M] -- C:\Users\Rainer\AppData\Roaming\Audacity
[2010/08/28 12:39:33 | 000,000,000 | ---D | M] -- C:\Users\Rainer\AppData\Roaming\Auslogics
[2010/10/31 20:57:40 | 000,000,000 | ---D | M] -- C:\Users\Rainer\AppData\Roaming\Avira
[2010/08/29 21:24:04 | 000,000,000 | ---D | M] -- C:\Users\Rainer\AppData\Roaming\Canneverbe Limited
[2010/05/28 11:53:53 | 000,000,000 | ---D | M] -- C:\Users\Rainer\AppData\Roaming\CheckPoint
[2010/11/30 19:52:02 | 000,000,000 | ---D | M] -- C:\Users\Rainer\AppData\Roaming\DivX
[2011/03/19 13:02:45 | 000,000,000 | ---D | M] -- C:\Users\Rainer\AppData\Roaming\FreeFLVConverter
[2010/05/21 16:13:24 | 000,000,000 | ---D | M] -- C:\Users\Rainer\AppData\Roaming\Identities
[2010/12/15 19:29:56 | 000,000,000 | ---D | M] -- C:\Users\Rainer\AppData\Roaming\IrfanView
[2010/05/27 15:46:40 | 000,000,000 | ---D | M] -- C:\Users\Rainer\AppData\Roaming\Macromedia
[2011/12/06 23:43:41 | 000,000,000 | ---D | M] -- C:\Users\Rainer\AppData\Roaming\Malwarebytes
[2011/09/12 12:33:18 | 000,000,000 | ---D | M] -- C:\Users\Rainer\AppData\Roaming\Media Player Classic
[2011/11/26 11:19:02 | 000,000,000 | --SD | M] -- C:\Users\Rainer\AppData\Roaming\Microsoft
[2010/05/28 12:12:07 | 000,000,000 | ---D | M] -- C:\Users\Rainer\AppData\Roaming\Mozilla
[2010/08/29 21:20:19 | 000,000,000 | ---D | M] -- C:\Users\Rainer\AppData\Roaming\Nero
[2010/09/14 21:35:39 | 000,000,000 | ---D | M] -- C:\Users\Rainer\AppData\Roaming\ProtectDISC
[2011/07/28 14:41:47 | 000,000,000 | ---D | M] -- C:\Users\Rainer\AppData\Roaming\Real
[2010/05/25 17:57:38 | 000,000,000 | ---D | M] -- C:\Users\Rainer\AppData\Roaming\T-Online
[2011/08/18 17:13:13 | 000,000,000 | ---D | M] -- C:\Users\Rainer\AppData\Roaming\vlc
[2010/06/24 23:00:11 | 000,000,000 | ---D | M] -- C:\Users\Rainer\AppData\Roaming\WinRAR
 
< %APPDATA%\*.exe /s >
[2011/01/24 19:43:45 | 000,510,120 | ---- | M] (RealNetworks, Inc.) -- C:\Users\Rainer\AppData\Roaming\Real\Update\setup3.13\setup.exe
[2011/11/20 21:18:22 | 000,317,048 | ---- | M] (RealNetworks, Inc.) -- C:\Users\Rainer\AppData\Roaming\Real\Update\UpgradeHelper\RealPlayer\9.00\rnupgagent.exe
 
< %SYSTEMDRIVE%\*.exe >
[2010/05/27 11:50:07 | 001,631,736 | ---- | M] (AVM GmbH) -- C:\avm_fritzcard_dsl_sl_xp_2000_build_060912.exe
[2010/05/23 10:37:52 | 024,812,656 | ---- | M] (AVM Berlin                                                  ) -- C:\FRITZ!_UP_030704.exe
[2009/05/22 10:32:22 | 006,772,608 | ---- | M] (Microsoft Corporation) -- C:\IP32Deu.exe
[2010/05/23 10:08:27 | 005,080,112 | ---- | M] (Deutsche Telekom AG, Marmiko IT-Solutions GmbH                                                                                                                                                                                                                                                              ) -- C:\netzmanager_setup.exe
 
 
< MD5 for: AGP440.SYS  >
[2009/07/14 02:26:15 | 000,053,312 | ---- | M] (Microsoft Corporation) MD5=507812C3054C21CEF746B6EE3D04DD6E -- C:\Windows\System32\drivers\AGP440.sys
[2009/07/14 02:26:15 | 000,053,312 | ---- | M] (Microsoft Corporation) MD5=507812C3054C21CEF746B6EE3D04DD6E -- C:\Windows\System32\DriverStore\FileRepository\machine.inf_x86_neutral_65848c2d7375a720\AGP440.sys
[2009/07/14 02:26:15 | 000,053,312 | ---- | M] (Microsoft Corporation) MD5=507812C3054C21CEF746B6EE3D04DD6E -- C:\Windows\winsxs\x86_machine.inf_31bf3856ad364e35_6.1.7600.16385_none_b9e9435f20046eeb\AGP440.sys
 
< MD5 for: ATAPI.SYS  >
[2009/07/14 02:26:15 | 000,021,584 | ---- | M] (Microsoft Corporation) MD5=338C86357871C167A96AB976519BF59E -- C:\Windows\System32\drivers\atapi.sys
[2009/07/14 02:26:15 | 000,021,584 | ---- | M] (Microsoft Corporation) MD5=338C86357871C167A96AB976519BF59E -- C:\Windows\System32\DriverStore\FileRepository\mshdc.inf_x86_neutral_f64b9c35a3a5be81\atapi.sys
[2009/07/14 02:26:15 | 000,021,584 | ---- | M] (Microsoft Corporation) MD5=338C86357871C167A96AB976519BF59E -- C:\Windows\winsxs\x86_mshdc.inf_31bf3856ad364e35_6.1.7600.16385_none_dd0e7e3d82dd640d\atapi.sys
 
< MD5 for: CNGAUDIT.DLL  >
[2009/07/14 02:15:06 | 000,012,288 | ---- | M] (Microsoft Corporation) MD5=50BA656134F78AF64E4DD3C8B6FEFD7E -- C:\Windows\System32\cngaudit.dll
[2009/07/14 02:15:06 | 000,012,288 | ---- | M] (Microsoft Corporation) MD5=50BA656134F78AF64E4DD3C8B6FEFD7E -- C:\Windows\winsxs\x86_microsoft-windows-cngaudit-dll_31bf3856ad364e35_6.1.7600.16385_none_e83a414890e8132b\cngaudit.dll
 
< MD5 for: IASTORV.SYS  >
[2009/07/14 02:20:36 | 000,332,352 | ---- | M] (Intel Corporation) MD5=934AF4D7C5F457B9F0743F4299B77B67 -- C:\Windows\System32\drivers\iaStorV.sys
[2009/07/14 02:20:36 | 000,332,352 | ---- | M] (Intel Corporation) MD5=934AF4D7C5F457B9F0743F4299B77B67 -- C:\Windows\System32\DriverStore\FileRepository\iastorv.inf_x86_neutral_18cccb83b34e1453\iaStorV.sys
[2009/07/14 02:20:36 | 000,332,352 | ---- | M] (Intel Corporation) MD5=934AF4D7C5F457B9F0743F4299B77B67 -- C:\Windows\winsxs\x86_iastorv.inf_31bf3856ad364e35_6.1.7600.16385_none_aee7a89be91b9000\iaStorV.sys
 
< MD5 for: NETLOGON.DLL  >
[2009/07/14 02:16:02 | 000,563,712 | ---- | M] (Microsoft Corporation) MD5=EAA75D9000B71F10EEC04D2AE6C60E81 -- C:\Windows\System32\netlogon.dll
[2009/07/14 02:16:02 | 000,563,712 | ---- | M] (Microsoft Corporation) MD5=EAA75D9000B71F10EEC04D2AE6C60E81 -- C:\Windows\winsxs\x86_microsoft-windows-security-netlogon_31bf3856ad364e35_6.1.7600.16385_none_fd8e0d66994d7dc8\netlogon.dll
 
< MD5 for: NVSTOR.SYS  >
[2009/07/14 02:20:44 | 000,142,416 | ---- | M] (NVIDIA Corporation) MD5=C99F251A5DE63C6F129CF71933ACED0F -- C:\Windows\System32\drivers\nvstor.sys
[2009/07/14 02:20:44 | 000,142,416 | ---- | M] (NVIDIA Corporation) MD5=C99F251A5DE63C6F129CF71933ACED0F -- C:\Windows\System32\DriverStore\FileRepository\nvraid.inf_x86_neutral_5bde3fe2945bce9e\nvstor.sys
[2009/07/14 02:20:44 | 000,142,416 | ---- | M] (NVIDIA Corporation) MD5=C99F251A5DE63C6F129CF71933ACED0F -- C:\Windows\winsxs\x86_nvraid.inf_31bf3856ad364e35_6.1.7600.16385_none_39b1194b205239d8\nvstor.sys
 
< MD5 for: SCECLI.DLL  >
[2009/07/14 02:16:13 | 000,175,616 | ---- | M] (Microsoft Corporation) MD5=26073302DAEA83CC5B944C546D6B47D2 -- C:\Windows\System32\scecli.dll
[2009/07/14 02:16:13 | 000,175,616 | ---- | M] (Microsoft Corporation) MD5=26073302DAEA83CC5B944C546D6B47D2 -- C:\Windows\winsxs\x86_microsoft-windows-s..urationengineclient_31bf3856ad364e35_6.1.7600.16385_none_37e4387f3a6f0483\scecli.dll
 
< MD5 for: USER32.DLL  >
[2009/07/14 02:16:17 | 000,811,520 | ---- | M] (Microsoft Corporation) MD5=34B7E222E81FAFA885F0C5F2CFA56861 -- C:\Windows\System32\user32.dll
[2009/07/14 02:16:17 | 000,811,520 | ---- | M] (Microsoft Corporation) MD5=34B7E222E81FAFA885F0C5F2CFA56861 -- C:\Windows\winsxs\x86_microsoft-windows-user32_31bf3856ad364e35_6.1.7600.16385_none_cd0ec264ceb014a3\user32.dll
 
< MD5 for: USERINIT.EXE  >
[2009/07/14 02:14:43 | 000,026,112 | ---- | M] (Microsoft Corporation) MD5=6DE80F60D7DE9CE6B8C2DDFDF79EF175 -- C:\Windows\System32\userinit.exe
[2009/07/14 02:14:43 | 000,026,112 | ---- | M] (Microsoft Corporation) MD5=6DE80F60D7DE9CE6B8C2DDFDF79EF175 -- C:\Windows\winsxs\x86_microsoft-windows-userinit_31bf3856ad364e35_6.1.7600.16385_none_dbff103933038d7c\userinit.exe
 
< MD5 for: WININIT.EXE  >
[2009/07/14 02:14:45 | 000,096,256 | ---- | M] (Microsoft Corporation) MD5=B5C5DCAD3899512020D135600129D665 -- C:\Windows\System32\wininit.exe
[2009/07/14 02:14:45 | 000,096,256 | ---- | M] (Microsoft Corporation) MD5=B5C5DCAD3899512020D135600129D665 -- C:\Windows\winsxs\x86_microsoft-windows-wininit_31bf3856ad364e35_6.1.7600.16385_none_30c90ef265a43c13\wininit.exe
 
< MD5 for: WINLOGON.EXE  >
[2009/10/28 07:17:59 | 000,285,696 | ---- | M] (Microsoft Corporation) MD5=37CDB7E72EB66BA85A87CBE37E7F03FD -- C:\Windows\System32\winlogon.exe
[2009/10/28 07:17:59 | 000,285,696 | ---- | M] (Microsoft Corporation) MD5=37CDB7E72EB66BA85A87CBE37E7F03FD -- C:\Windows\winsxs\x86_microsoft-windows-winlogon_31bf3856ad364e35_6.1.7600.16447_none_6fc699643622d177\winlogon.exe
[2009/10/28 06:52:08 | 000,285,696 | ---- | M] (Microsoft Corporation) MD5=3BABE6767C78FBF5FB8435FEED187F30 -- C:\Windows\winsxs\x86_microsoft-windows-winlogon_31bf3856ad364e35_6.1.7600.20560_none_703394514f56f7c2\winlogon.exe
[2009/07/14 02:14:45 | 000,285,696 | ---- | M] (Microsoft Corporation) MD5=8EC6A4AB12B8F3759E21F8E3A388F2CF -- C:\Windows\winsxs\x86_microsoft-windows-winlogon_31bf3856ad364e35_6.1.7600.16385_none_6f99573a36451166\winlogon.exe
 
< MD5 for: WS2IFSL.SYS  >
[2009/07/14 00:55:02 | 000,016,384 | ---- | M] (Microsoft Corporation) MD5=6DB3276587B853BF886B69528FDB048C -- C:\Windows\System32\drivers\ws2ifsl.sys
[2009/07/14 00:55:02 | 000,016,384 | ---- | M] (Microsoft Corporation) MD5=6DB3276587B853BF886B69528FDB048C -- C:\Windows\winsxs\x86_microsoft-windows-w..rastructure-ws2ifsl_31bf3856ad364e35_6.1.7600.16385_none_4f5cf6f829213bb2\ws2ifsl.sys
 
< %systemroot%\system32\drivers\*.sys /lockedfiles >
[2010/05/15 16:30:50 | 000,461,400 | ---- | M] (Check Point Software Technologies LTD) Unable to obtain MD5 -- C:\Windows\system32\drivers\vsdatant.sys
 
< %systemroot%\System32\config\*.sav >
 
< %systemroot%\*. /mp /s >
 
< %systemroot%\system32\*.dll /lockedfiles >
[2009/07/14 02:16:15 | 000,193,024 | ---- | M] () Unable to obtain MD5 -- C:\Windows\system32\sppcomapi.dll

< End of report >
         

Alt 12.12.2011, 09:44   #8
cosinus
/// Winkelfunktion
/// TB-Süch-Tiger™
 
Trojan/Win32.VBKrypt "hrt54is56ijfgte" - Standard

Trojan/Win32.VBKrypt "hrt54is56ijfgte"



Zitat:
(Check Point Software Technologies LTD) -- C:\Windows\System32\ZoneLabs\vsmon.exe
(Check Point Software Technologies LTD) -- C:\Programme\Zone Labs\ZoneAlarm\zlclient.exe
ZoneAlarm ist kontraproduktiver Müll, bitte umgehend deinstallieren und die Windows-Firewall einschalten!
Mach danach ein neues OTL wie oben.
__________________
"Die Wahrheit ist normalerweise nur eine Entschuldigung für einen Mangel an Fantasie." (Elim Garak)

Das Trojaner-Board unterstützen
Warum Linux besser als Windows ist!

Alt 13.12.2011, 13:50   #9
rara
 
Trojan/Win32.VBKrypt "hrt54is56ijfgte" - Standard

Trojan/Win32.VBKrypt "hrt54is56ijfgte"



Zitat:
ZoneAlarm ist kontraproduktiver Müll, bitte umgehend deinstallieren und die Windows-Firewall einschalten!
Mach danach ein neues OTL wie oben.
Du machst mir Spass. ;-)
Darfst du mir eine andere(kostenlose) Firewall empfehlen?

Hier nochmal die neue OTL:
Code:
ATTFilter
OTL logfile created on: 12/13/2011 1:24:56 PM - Run 2
OTL by OldTimer - Version 3.2.31.0     Folder = C:\Users\Rainer\Desktop
 Ultimate Edition N  (Version = 6.1.7600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.7600.16385)
Locale: 00000409 | Country: Germany | Language: DEU | Date Format: dd.MM.yyyy
 
3.25 Gb Total Physical Memory | 2.34 Gb Available Physical Memory | 72.13% Memory free
6.50 Gb Paging File | 5.45 Gb Available in Paging File | 83.96% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 400.86 Gb Total Space | 332.35 Gb Free Space | 82.91% Space Free | Partition Type: NTFS
Drive D: | 195.31 Gb Total Space | 128.82 Gb Free Space | 65.95% Space Free | Partition Type: NTFS
 
Computer Name: RAINER-PC | User Name: Rainer | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Quick Scan
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days
 
========== Processes (SafeList) ==========
 
PRC - [2011/12/10 13:16:42 | 000,584,192 | ---- | M] (OldTimer Tools) -- C:\Users\Rainer\Desktop\OTL.exe
PRC - [2011/07/28 14:41:05 | 000,273,544 | ---- | M] (RealNetworks, Inc.) -- C:\Programme\Real\RealPlayer\Update\realsched.exe
PRC - [2011/07/21 11:07:01 | 000,269,480 | ---- | M] (Avira GmbH) -- C:\Programme\Avira\AntiVir Desktop\avguard.exe
PRC - [2011/05/17 16:43:27 | 000,136,360 | ---- | M] (Avira GmbH) -- C:\Programme\Avira\AntiVir Desktop\sched.exe
PRC - [2011/03/21 19:56:16 | 001,230,704 | ---- | M] () -- C:\Programme\DivX\DivX Update\DivXUpdate.exe
PRC - [2010/11/05 19:59:48 | 000,281,768 | ---- | M] (Avira GmbH) -- C:\Programme\Avira\AntiVir Desktop\avgnt.exe
PRC - [2010/05/05 03:15:32 | 000,372,736 | ---- | M] (AMD) -- C:\Windows\System32\atieclxx.exe
PRC - [2010/05/05 03:14:56 | 000,172,032 | ---- | M] (AMD) -- C:\Windows\System32\atiesrxx.exe
PRC - [2010/03/22 15:40:22 | 000,009,728 | ---- | M] (Deutsche Telekom AG) -- C:\Programme\Netzmanager\NMInfraIS2\Netzmanager_Service.exe
PRC - [2010/03/04 22:38:00 | 000,071,096 | ---- | M] () -- C:\Programme\CDBurnerXP\NMSAccessU.exe
PRC - [2010/01/14 20:10:53 | 000,076,968 | ---- | M] (Avira GmbH) -- C:\Programme\Avira\AntiVir Desktop\avshadow.exe
PRC - [2009/10/31 06:45:39 | 002,614,272 | ---- | M] (Microsoft Corporation) -- C:\Windows\explorer.exe
PRC - [2009/07/14 02:14:46 | 000,115,200 | ---- | M] () -- \\?\C:\Windows\System32\wbem\WMIADAP.EXE
PRC - [2009/07/14 02:14:42 | 000,049,152 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\taskhost.exe
PRC - [2009/07/14 02:14:15 | 000,271,360 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\conhost.exe
PRC - [2009/01/26 15:31:10 | 001,153,368 | ---- | M] (Safer Networking Ltd.) -- C:\Programme\Spybot - Search & Destroy\SDWinSec.exe
 
 
========== Modules (No Company Name) ==========
 
MOD - [2011/04/13 15:53:13 | 011,807,744 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Web\b867fbc0d573ac5e5fe71143d9caf43b\System.Web.ni.dll
MOD - [2011/04/13 15:53:08 | 000,771,584 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Runtime.Remo#\adc8998d96ca331d17cef00b1ef95a5f\System.Runtime.Remoting.ni.dll
MOD - [2011/04/13 15:52:49 | 012,430,848 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\e4ea95056046fdf87f06ae807308b627\System.Windows.Forms.ni.dll
MOD - [2011/04/13 15:52:44 | 001,586,688 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Drawing\2a34e74599686e7383ae90670a994cdf\System.Drawing.ni.dll
MOD - [2011/04/13 15:52:29 | 005,452,800 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Xml\167c8c3817ba1f48fe7396cc56f557e3\System.Xml.ni.dll
MOD - [2011/04/13 15:52:26 | 007,949,312 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System\50c67f851ae3df2d0ab7d86fd1c5c7e0\System.ni.dll
MOD - [2011/04/13 15:52:26 | 000,971,264 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Configuration\9d054fc9618b81d5703af1662cd11135\System.Configuration.ni.dll
MOD - [2011/04/13 15:52:16 | 011,490,304 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\ebdaeaeb9f66c9035b5f11431f10cda4\mscorlib.ni.dll
MOD - [2011/03/21 19:57:34 | 000,096,112 | ---- | M] () -- C:\Programme\DivX\DivX Update\DivXUpdateCheck.dll
MOD - [2011/03/21 19:56:16 | 001,230,704 | ---- | M] () -- C:\Programme\DivX\DivX Update\DivXUpdate.exe
MOD - [2010/05/27 11:40:48 | 000,270,336 | ---- | M] () -- C:\Programme\ATI Technologies\ATI.ACE\Core-Static\CLI.Aspect.CrossDisplay.Graphics.Dashboard.dll
MOD - [2010/04/16 13:20:06 | 000,016,384 | R--- | M] () -- C:\Programme\ATI Technologies\ATI.ACE\Branding\Branding.dll
MOD - [2010/03/15 10:28:22 | 000,141,824 | ---- | M] () -- C:\Programme\WinRAR\RarExt.dll
MOD - [2009/06/10 13:14:08 | 000,434,176 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\System.Windows.Forms.resources\2.0.0.0_de_b77a5c561934e089\System.Windows.Forms.resources.dll
MOD - [2009/06/10 13:14:06 | 000,315,392 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\mscorlib.resources\2.0.0.0_de_b77a5c561934e089\mscorlib.resources.dll
 
 
========== Win32 Services (SafeList) ==========
 
SRV - [2011/12/08 18:56:57 | 000,419,624 | ---- | M] (Valve Corporation) [On_Demand | Stopped] -- C:\Program Files\Common Files\Steam\SteamService.exe -- (Steam Client Service)
SRV - [2011/07/21 11:07:01 | 000,269,480 | ---- | M] (Avira GmbH) [Auto | Running] -- C:\Program Files\Avira\AntiVir Desktop\avguard.exe -- (AntiVirService)
SRV - [2011/05/17 16:43:27 | 000,136,360 | ---- | M] (Avira GmbH) [Auto | Running] -- C:\Program Files\Avira\AntiVir Desktop\sched.exe -- (AntiVirSchedulerService)
SRV - [2010/07/26 15:00:24 | 000,066,112 | ---- | M] (NOS Microsystems Ltd.) [On_Demand | Stopped] -- C:\Programme\NOS\bin\getPlus_Helper_3004.dll -- (nosGetPlusHelper) getPlus(R)
SRV - [2010/05/05 03:14:56 | 000,172,032 | ---- | M] (AMD) [Auto | Running] -- C:\Windows\System32\atiesrxx.exe -- (AMD External Events Utility)
SRV - [2010/03/22 15:40:22 | 000,009,728 | ---- | M] (Deutsche Telekom AG) [Auto | Running] -- C:\Program Files\Netzmanager\NMInfraIS2\Netzmanager_Service.exe -- (Netzmanager Service)
SRV - [2010/03/04 22:38:00 | 000,071,096 | ---- | M] () [Auto | Running] -- C:\Programme\CDBurnerXP\NMSAccessU.exe -- (NMSAccess)
SRV - [2009/12/15 21:07:16 | 000,025,832 | ---- | M] (BioWare) [On_Demand | Stopped] -- D:\Games\Dragon Age\bin_ship\daupdatersvc.service.exe -- (DAUpdaterSvc)
SRV - [2009/07/14 02:16:13 | 000,025,088 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\sensrsvc.dll -- (SensrSvc)
SRV - [2009/07/14 02:16:12 | 001,004,544 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\PeerDistSvc.dll -- (PeerDistSvc)
SRV - [2009/07/14 02:15:41 | 000,680,960 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Programme\Windows Defender\MpSvc.dll -- (WinDefend)
SRV - [2009/01/26 15:31:10 | 001,153,368 | ---- | M] (Safer Networking Ltd.) [Auto | Running] -- C:\Programme\Spybot - Search & Destroy\SDWinSec.exe -- (SBSDWSCService)
SRV - [2003/02/21 14:07:48 | 000,196,691 | ---- | M] (AVM Berlin) [On_Demand | Stopped] -- C:\Programme\Common Files\AVM\De_serv.exe -- (de_serv)
 
 
========== Driver Services (SafeList) ==========
 
DRV - [2011/10/25 20:51:35 | 000,083,872 | ---- | M] () [Kernel | Auto | Running] -- C:\Windows\System32\drivers\atksgt.sys -- (atksgt)
DRV - [2011/10/25 20:51:35 | 000,025,888 | ---- | M] () [Kernel | Auto | Running] -- C:\Windows\System32\drivers\lirsgt.sys -- (lirsgt)
DRV - [2011/07/21 11:07:01 | 000,138,192 | ---- | M] (Avira GmbH) [Kernel | System | Running] -- C:\Windows\System32\drivers\avipbb.sys -- (avipbb)
DRV - [2011/07/21 11:07:01 | 000,066,616 | ---- | M] (Avira GmbH) [File_System | Auto | Running] -- C:\Windows\System32\drivers\avgntflt.sys -- (avgntflt)
DRV - [2010/08/12 13:15:20 | 000,064,288 | ---- | M] (Lavasoft AB) [File_System | Boot | Running] -- C:\Windows\system32\DRIVERS\Lbd.sys -- (Lbd)
DRV - [2010/05/05 03:46:22 | 005,550,592 | ---- | M] (ATI Technologies Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\atikmdag.sys -- (atikmdag)
DRV - [2010/05/05 03:46:22 | 005,550,592 | ---- | M] (ATI Technologies Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\atikmdag.sys -- (amdkmdag)
DRV - [2010/05/05 02:23:00 | 000,176,128 | ---- | M] (Advanced Micro Devices, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\atikmpag.sys -- (amdkmdap)
DRV - [2010/02/24 11:22:10 | 000,185,472 | ---- | M] (Protect Software GmbH) [Kernel | Auto | Running] -- C:\Windows\System32\drivers\acedrv11.sys -- (acedrv11)
DRV - [2009/11/12 13:48:56 | 000,007,168 | ---- | M] () [File_System | On_Demand | Stopped] -- C:\Windows\System32\drivers\StarOpen.sys -- (StarOpen)
DRV - [2009/08/13 09:10:36 | 000,096,368 | ---- | M] (JMicron Technology Corp.) [Kernel | Boot | Running] -- C:\Windows\system32\DRIVERS\jraid.sys -- (JRAID)
DRV - [2009/07/17 19:52:00 | 000,155,648 | ---- | M] (Realtek Semiconductor Corp.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\RtHDMIV.sys -- (RTHDMIAzAudService)
DRV - [2009/07/14 02:19:10 | 000,175,824 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\vmbus.sys -- (vmbus)
DRV - [2009/07/14 02:19:10 | 000,040,896 | ---- | M] (Microsoft Corporation) [Kernel | Boot | Running] -- C:\Windows\system32\DRIVERS\vmstorfl.sys -- (storflt)
DRV - [2009/07/14 02:19:10 | 000,028,224 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\storvsc.sys -- (storvsc)
DRV - [2009/07/14 00:28:47 | 000,005,632 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\vms3cap.sys -- (s3cap)
DRV - [2009/07/14 00:28:45 | 000,017,920 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\VMBusHID.sys -- (VMBusHID)
DRV - [2009/05/11 08:12:49 | 000,028,520 | ---- | M] (Avira GmbH) [Kernel | System | Running] -- C:\Windows\System32\drivers\ssmdrv.sys -- (ssmdrv)
DRV - [2006/09/12 01:07:00 | 000,715,264 | ---- | M] (AVM Berlin) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\fdssbase.sys -- (FDSSBASE) AVM FRITZ!Card DSL SL (WinXP/2000)
DRV - [2006/09/12 01:07:00 | 000,045,952 | ---- | M] (AVM GmbH) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\avmdsloe.sys -- (AVMDSLPPPOE)
DRV - [2006/09/12 01:07:00 | 000,039,440 | ---- | M] (AVM GmbH) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\avmndsl.sys -- (AVMNDSL)
DRV - [2003/02/21 14:07:48 | 000,027,648 | ---- | M] (AVM Berlin) [Kernel | Auto | Running] -- C:\Windows\System32\drivers\Aadev.sys -- (aadev)
 
 
========== Standard Registry (SafeList) ==========
 
 
========== Internet Explorer ==========
 
IE - HKLM\..\URLSearchHook: {8dbb6d8e-e4a6-4e3b-9753-af78b226441c} - C:\Programme\Softonic_Deutsch\tbSoft.dll (Conduit Ltd.)
 
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = hxxp://de.msn.com/?ocid=iehp
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = de
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = 4D 79 A3 C3 A7 2D CC 01  [binary data]
IE - HKCU\..\URLSearchHook: {8dbb6d8e-e4a6-4e3b-9753-af78b226441c} - C:\Programme\Softonic_Deutsch\tbSoft.dll (Conduit Ltd.)
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
 
========== FireFox ==========
 
FF - prefs.js..browser.startup.homepage: "hxxp://www.google.de/"
FF - prefs.js..extensions.enabledItems: {FFB96CC1-7EB3-449D-B827-DB661701C6BB}:1.5.232.0
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA}:6.0.21
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA}:6.0.22
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA}:6.0.23
FF - prefs.js..extensions.enabledItems: {b9db16a4-6edc-47ec-a1f4-b86292ed211d}:4.9.5
FF - prefs.js..extensions.enabledItems: {c50ca3c4-5656-43c2-a061-13e717f73fc8}:4.1.3
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA}:6.0.24
FF - prefs.js..extensions.enabledItems: {ABDE892B-13A8-4d1b-88E6-365A6E755758}:14.0.5
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0026-ABCDEFFEDCBA}:6.0.26
 
FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF32.dll ()
FF - HKLM\Software\MozillaPlugins\@checkpoint.com/FFApi: C:\Program Files\CheckPoint\ZAForceField\TrustChecker\bin\npFFApi.dll File not found
FF - HKLM\Software\MozillaPlugins\@divx.com/DivX Browser Plugin,version=1.0.0: C:\Program Files\DivX\DivX Plus Web Player\npdivx32.dll (DivX,Inc.)
FF - HKLM\Software\MozillaPlugins\@divx.com/DivX VOD Helper,version=1.0.0: C:\Program Files\DivX\DivX OVS Helper\npovshelper.dll (DivX, LLC.)
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files\Java\jre6\bin\new_plugin\npjp2.dll (Sun Microsystems, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nppl3260;version=12.0.1.647: c:\program files\real\realplayer\Netscape6\nppl3260.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nprjplug;version=12.0.1.647: c:\program files\real\realplayer\Netscape6\nprjplug.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nprpchromebrowserrecordext;version=12.0.1.660: C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\MozillaPlugins\nprpchromebrowserrecordext.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nprphtml5videoshim;version=12.0.1.660: C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\MozillaPlugins\nprphtml5videoshim.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nprpjplug;version=12.0.1.660: c:\program files\real\realplayer\Netscape6\nprpjplug.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nsJSRealPlayerPlugin;version=:  File not found
FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files\Adobe\Reader 9.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
 
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{ABDE892B-13A8-4d1b-88E6-365A6E755758}: C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\Firefox\Ext [2011/07/28 14:41:24 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 8.0.1\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2011/12/02 16:33:25 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 8.0.1\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2011/12/02 16:33:25 | 000,000,000 | ---D | M]
 
[2010/05/28 12:12:07 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Rainer\AppData\Roaming\mozilla\Extensions
[2011/12/02 16:33:49 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Rainer\AppData\Roaming\mozilla\Firefox\Profiles\u268tl1a.default\extensions
[2011/12/02 16:33:49 | 000,000,000 | ---D | M] (DownloadHelper) -- C:\Users\Rainer\AppData\Roaming\mozilla\Firefox\Profiles\u268tl1a.default\extensions\{b9db16a4-6edc-47ec-a1f4-b86292ed211d}
[2011/08/26 19:46:14 | 000,000,000 | ---D | M] (Fast Video Download (with SearchMenu)) -- C:\Users\Rainer\AppData\Roaming\mozilla\Firefox\Profiles\u268tl1a.default\extensions\{c50ca3c4-5656-43c2-a061-13e717f73fc8}
[2011/12/08 16:41:33 | 000,000,000 | ---D | M] (No name found) -- C:\Programme\Mozilla Firefox\extensions
[2011/12/08 16:41:33 | 000,000,000 | ---D | M] (Java Console) -- C:\Programme\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0029-ABCDEFFEDCBA}
[2011/12/02 16:33:24 | 000,134,104 | ---- | M] (Mozilla Foundation) -- C:\Program Files\mozilla firefox\components\browsercomps.dll
[2011/10/03 05:06:04 | 000,476,904 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files\mozilla firefox\plugins\npdeployJava1.dll
[2011/12/02 16:33:23 | 000,001,392 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\amazondotcom-de.xml
[2011/12/02 16:33:23 | 000,002,252 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\bing.xml
[2011/12/02 16:33:23 | 000,001,153 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\eBay-de.xml
[2011/12/02 16:33:23 | 000,006,805 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\leo_ende_de.xml
[2011/12/02 16:33:23 | 000,001,178 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\wikipedia-de.xml
[2011/12/02 16:33:23 | 000,001,105 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\yahoo-de.xml
 
O1 HOSTS File: ([2009/06/10 22:39:37 | 000,000,824 | ---- | M]) - C:\Windows\System32\drivers\etc\hosts
O2 - BHO: (RealPlayer Download and Record Plugin for Internet Explorer) - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\IE\rpbrowserrecordplugin.dll (RealPlayer)
O2 - BHO: (Spybot-S&D IE Protection) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Programme\Spybot - Search & Destroy\SDHelper.dll (Safer Networking Limited)
O2 - BHO: (Softonic Deutsch Toolbar) - {8dbb6d8e-e4a6-4e3b-9753-af78b226441c} - C:\Programme\Softonic_Deutsch\tbSoft.dll (Conduit Ltd.)
O3 - HKLM\..\Toolbar: (Softonic Deutsch Toolbar) - {8dbb6d8e-e4a6-4e3b-9753-af78b226441c} - C:\Programme\Softonic_Deutsch\tbSoft.dll (Conduit Ltd.)
O3 - HKCU\..\Toolbar\WebBrowser: (Softonic Deutsch Toolbar) - {8DBB6D8E-E4A6-4E3B-9753-AF78B226441C} - C:\Programme\Softonic_Deutsch\tbSoft.dll (Conduit Ltd.)
O4 - HKLM..\Run: [avgnt] C:\Program Files\Avira\AntiVir Desktop\avgnt.exe (Avira GmbH)
O4 - HKLM..\Run: [AWatch] C:\Program Files\Teledat 320\Awatch.exe (AVM Berlin)
O4 - HKLM..\Run: [DivXUpdate] C:\Program Files\DivX\DivX Update\DivXUpdate.exe ()
O4 - HKLM..\Run: [Malwarebytes' Anti-Malware (reboot)] C:\Program Files\Malwarebytes' Anti-Malware\mbam.exe (Malwarebytes Corporation)
O4 - HKLM..\Run: [StartCCC] C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe (Advanced Micro Devices, Inc.)
O4 - HKLM..\Run: [TkBellExe] c:\program files\real\realplayer\Update\realsched.exe (RealNetworks, Inc.)
O4 - HKCU..\Run: [SpybotSD TeaTimer] C:\Programme\Spybot - Search & Destroy\TeaTimer.exe (Safer-Networking Ltd.)
O4 - HKCU..\Run: [Steam] C:\Program Files\Steam\Steam.exe (Valve Corporation)
O4 - Startup: C:\Users\Rainer\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Netzmanager.lnk = C:\Programme\Netzmanager\netzmanager.exe (Deutsche Telekom AG)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDesktop = 0
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O9 - Extra 'Tools' menuitem : Spybot - Search && Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Programme\Spybot - Search & Destroy\SDHelper.dll (Safer Networking Limited)
O13 - gopher Prefix: missing
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} hxxp://download.microsoft.com/download/E/5/6/E5611B10-0D6D-4117-8430-A67417AA88CD/LegitCheckControl.cab (Windows Genuine Advantage Validation Tool)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_29-windows-i586.cab (Java Plug-in 1.6.0_29)
O16 - DPF: {CAFEEFAC-0016-0000-0029-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_29-windows-i586.cab (Java Plug-in 1.6.0_29)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_29-windows-i586.cab (Java Plug-in 1.6.0_29)
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} hxxp://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab (get_atlcom Class)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{149AA515-96D9-4A7A-8C9D-300BC27D0B89}: NameServer = 217.0.43.161 217.0.43.177
O20 - HKLM Winlogon: Shell - (Explorer.exe) -C:\Windows\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) -C:\Windows\System32\userinit.exe (Microsoft Corporation)
O20 - HKLM Winlogon: VMApplet - (SystemPropertiesPerformance.exe) -C:\Windows\System32\SystemPropertiesPerformance.exe (Microsoft Corporation)
O20 - HKLM Winlogon: VMApplet - (/pagefile) - File not found
O20 - HKCU Winlogon: Shell - (Explorer.exe) -C:\Windows\explorer.exe (Microsoft Corporation)
O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2009/06/10 22:42:20 | 000,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ]
O32 - AutoRun File - [2009/05/19 22:28:59 | 000,000,000 | ---- | M] () - D:\AUTOEXEC.BAT -- [ NTFS ]
O33 - MountPoints2\{d92abe36-795c-11e0-80de-806e6f6e6963}\Shell - "" = AutoRun
O33 - MountPoints2\{d92abe36-795c-11e0-80de-806e6f6e6963}\Shell\AutoRun\command - "" = E:\SETUP.EXE
O34 - HKLM BootExecute: (autocheck autochk *)
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
 
NetSvcs: FastUserSwitchingCompatibility -  File not found
NetSvcs: Ias - C:\Windows\System32\ias.dll (Microsoft Corporation)
NetSvcs: Nla -  File not found
NetSvcs: Ntmssvc -  File not found
NetSvcs: NWCWorkstation -  File not found
NetSvcs: Nwsapagent -  File not found
NetSvcs: SRService -  File not found
NetSvcs: WmdmPmSp -  File not found
NetSvcs: LogonHours -  File not found
NetSvcs: PCAudit -  File not found
NetSvcs: helpsvc -  File not found
NetSvcs: uploadmgr -  File not found
 
MsConfig - StartUpReg: APSDaemon - hkey= - key= - C:\Program Files\Common Files\Apple\Apple Application Support\APSDaemon.exe (Apple Inc.)
MsConfig - StartUpReg: JMB36X IDE Setup - hkey= - key= - C:\Windows\RaidTool\xInsIDE.exe ()
MsConfig - State: "startup" - 2
 
SafeBootMin: Base - Driver Group
SafeBootMin: Boot Bus Extender - Driver Group
SafeBootMin: Boot file system - Driver Group
SafeBootMin: File system - Driver Group
SafeBootMin: Filter - Driver Group
SafeBootMin: HelpSvc - Service
SafeBootMin: NTDS -  File not found
SafeBootMin: PCI Configuration - Driver Group
SafeBootMin: PNP Filter - Driver Group
SafeBootMin: Primary disk - Driver Group
SafeBootMin: sacsvr - Service
SafeBootMin: SCSI Class - Driver Group
SafeBootMin: System Bus Extender - Driver Group
SafeBootMin: vmms - Service
SafeBootMin: WinDefend - C:\Programme\Windows Defender\MpSvc.dll (Microsoft Corporation)
SafeBootMin: WudfRd - Driver
SafeBootMin: {36FC9E60-C465-11CF-8056-444553540000} - Universal Serial Bus controllers
SafeBootMin: {4D36E965-E325-11CE-BFC1-08002BE10318} - CD-ROM Drive
SafeBootMin: {4D36E967-E325-11CE-BFC1-08002BE10318} - DiskDrive
SafeBootMin: {4D36E969-E325-11CE-BFC1-08002BE10318} - Standard floppy disk controller
SafeBootMin: {4D36E96A-E325-11CE-BFC1-08002BE10318} - Hdc
SafeBootMin: {4D36E96B-E325-11CE-BFC1-08002BE10318} - Keyboard
SafeBootMin: {4D36E96F-E325-11CE-BFC1-08002BE10318} - Mouse
SafeBootMin: {4D36E977-E325-11CE-BFC1-08002BE10318} - PCMCIA Adapters
SafeBootMin: {4D36E97B-E325-11CE-BFC1-08002BE10318} - SCSIAdapter
SafeBootMin: {4D36E97D-E325-11CE-BFC1-08002BE10318} - System
SafeBootMin: {4D36E980-E325-11CE-BFC1-08002BE10318} - Floppy disk drive
SafeBootMin: {533C5B84-EC70-11D2-9505-00C04F79DEAF} - Volume shadow copy
SafeBootMin: {6BDD1FC1-810F-11D0-BEC7-08002BE2092F} - IEEE 1394 Bus host controllers
SafeBootMin: {71A27CDD-812A-11D0-BEC7-08002BE2092F} - Volume
SafeBootMin: {745A17A0-74D3-11D0-B6FE-00A0C90F57DA} - Human Interface Devices
SafeBootMin: {D48179BE-EC20-11D1-B6B8-00C04FA372A7} - SBP2 IEEE 1394 Devices
SafeBootMin: {D94EE5D8-D189-4994-83D2-F68D7D41B0E6} - SecurityDevices
 
SafeBootNet: Base - Driver Group
SafeBootNet: Boot Bus Extender - Driver Group
SafeBootNet: Boot file system - Driver Group
SafeBootNet: File system - Driver Group
SafeBootNet: Filter - Driver Group
SafeBootNet: HelpSvc - Service
SafeBootNet: Messenger - Service
SafeBootNet: NDIS Wrapper - Driver Group
SafeBootNet: NetBIOSGroup - Driver Group
SafeBootNet: NetDDEGroup - Driver Group
SafeBootNet: Network - Driver Group
SafeBootNet: NetworkProvider - Driver Group
SafeBootNet: NTDS -  File not found
SafeBootNet: PCI Configuration - Driver Group
SafeBootNet: PNP Filter - Driver Group
SafeBootNet: PNP_TDI - Driver Group
SafeBootNet: Primary disk - Driver Group
SafeBootNet: rdsessmgr - Service
SafeBootNet: sacsvr - Service
SafeBootNet: SCSI Class - Driver Group
SafeBootNet: Streams Drivers - Driver Group
SafeBootNet: System Bus Extender - Driver Group
SafeBootNet: TDI - Driver Group
SafeBootNet: vmms - Service
SafeBootNet: vsmon - Service
SafeBootNet: WinDefend - C:\Programme\Windows Defender\MpSvc.dll (Microsoft Corporation)
SafeBootNet: WudfRd - Driver
SafeBootNet: WudfUsbccidDriver - Driver
SafeBootNet: {36FC9E60-C465-11CF-8056-444553540000} - Universal Serial Bus controllers
SafeBootNet: {4D36E965-E325-11CE-BFC1-08002BE10318} - CD-ROM Drive
SafeBootNet: {4D36E967-E325-11CE-BFC1-08002BE10318} - DiskDrive
SafeBootNet: {4D36E969-E325-11CE-BFC1-08002BE10318} - Standard floppy disk controller
SafeBootNet: {4D36E96A-E325-11CE-BFC1-08002BE10318} - Hdc
SafeBootNet: {4D36E96B-E325-11CE-BFC1-08002BE10318} - Keyboard
SafeBootNet: {4D36E96F-E325-11CE-BFC1-08002BE10318} - Mouse
SafeBootNet: {4D36E972-E325-11CE-BFC1-08002BE10318} - Net
SafeBootNet: {4D36E973-E325-11CE-BFC1-08002BE10318} - NetClient
SafeBootNet: {4D36E974-E325-11CE-BFC1-08002BE10318} - NetService
SafeBootNet: {4D36E975-E325-11CE-BFC1-08002BE10318} - NetTrans
SafeBootNet: {4D36E977-E325-11CE-BFC1-08002BE10318} - PCMCIA Adapters
SafeBootNet: {4D36E97B-E325-11CE-BFC1-08002BE10318} - SCSIAdapter
SafeBootNet: {4D36E97D-E325-11CE-BFC1-08002BE10318} - System
SafeBootNet: {4D36E980-E325-11CE-BFC1-08002BE10318} - Floppy disk drive
SafeBootNet: {50DD5230-BA8A-11D1-BF5D-0000F805F530} - Smart card readers
SafeBootNet: {533C5B84-EC70-11D2-9505-00C04F79DEAF} - Volume shadow copy
SafeBootNet: {6BDD1FC1-810F-11D0-BEC7-08002BE2092F} - IEEE 1394 Bus host controllers
SafeBootNet: {71A27CDD-812A-11D0-BEC7-08002BE2092F} - Volume
SafeBootNet: {745A17A0-74D3-11D0-B6FE-00A0C90F57DA} - Human Interface Devices
SafeBootNet: {D48179BE-EC20-11D1-B6B8-00C04FA372A7} - SBP2 IEEE 1394 Devices
SafeBootNet: {D94EE5D8-D189-4994-83D2-F68D7D41B0E6} - SecurityDevices
 
ActiveX: {08B0E5C0-4FCB-11CF-AAA5-00401C608500} - Java (Sun)
ActiveX: {25FFAAD0-F4A3-4164-95FF-4461E9F35D51} - .NET Framework
ActiveX: {2C7339CF-2B09-4501-B3F3-F3508C9228ED} - %SystemRoot%\system32\regsvr32.exe /s /n /i:/UserInstall %SystemRoot%\system32\themeui.dll
ActiveX: {3af36230-a269-11d1-b5bf-0000f8051515} - Offline Browsing Pack
ActiveX: {3C3901C5-3455-3E0A-A214-0B093A5070A6} - .NET Framework
ActiveX: {411EDCF7-755D-414E-A74B-3DCD6583F589} - Microsoft .NET Framework 1.1 Service Pack 1 (KB867460)
ActiveX: {44BBA840-CC51-11CF-AAFA-00AA00B6015C} - "%ProgramFiles%\Windows Mail\WinMail.exe" OCInstallUserConfigOE
ActiveX: {44BBA855-CC51-11CF-AAFA-00AA00B6015F} - DirectDrawEx
ActiveX: {45ea75a0-a269-11d1-b5bf-0000f8051515} - Internet Explorer Help
ActiveX: {4f645220-306d-11d2-995d-00c04f98bbc9} - Microsoft Windows Script 5.6
ActiveX: {5fd399c0-a70a-11d1-9948-00c04f98bbc9} - Internet Explorer Setup Tools
ActiveX: {630b1da0-b465-11d1-9948-00c04f98bbc9} - Browsing Enhancements
ActiveX: {6fab99d0-bab8-11d1-994a-00c04f98bbc9} - MSN Site Access
ActiveX: {7790769C-0471-11d2-AF11-00C04FA35D02} - Address Book 7
ActiveX: {7C028AF8-F614-47B3-82DA-BA94E41B1089} - .NET Framework
ActiveX: {89820200-ECBD-11cf-8B85-00AA005B4340} - regsvr32.exe /s /n /i:U shell32.dll
ActiveX: {89820200-ECBD-11cf-8B85-00AA005B4383} - C:\Windows\System32\ie4uinit.exe -BaseSettings
ActiveX: {89B4C1CD-B018-4511-B0A1-5476DBF70820} - C:\Windows\system32\Rundll32.exe C:\Windows\system32\mscories.dll,Install
ActiveX: {9381D8F2-0288-11D0-9501-00AA00B911A5} - Dynamic HTML Data Binding
ActiveX: {C9E9A340-D1F1-11D0-821E-444553540600} - Internet Explorer Core Fonts
ActiveX: {CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1} - .NET Framework
ActiveX: {D27CDB6E-AE6D-11CF-96B8-444553540000} - Shockwave Flash
ActiveX: {DAA94A2A-2A8D-4D3B-9DB8-56FBECED082D} - Microsoft .NET Framework 1.1 Security Update (KB953297)
ActiveX: {de5aed00-a4bf-11d1-9948-00c04f98bbc9} - HTML Help
ActiveX: {E78BFA60-5393-4C38-82AB-E8019E464EB4} - .NET Framework
ActiveX: {E92B03AB-B707-11d2-9CBD-0000F87A369E} - Active Directory Service Interface
ActiveX: >{26923b43-4d38-484f-9b9e-de460746276c} - C:\Windows\System32\ie4uinit.exe -UserIconConfig
ActiveX: >{60B49E34-C7CC-11D0-8953-00A0C90347FF} - "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\iedkcs32.dll",BrandIEActiveSetup SIGNUP
 
Drivers32: msacm.ac3filter - C:\Windows\System32\ac3filter.acm ()
Drivers32: msacm.lameacm - C:\Windows\System32\LameACM.acm (hxxp://www.mp3dev.org/)
Drivers32: vidc.cvid - C:\Windows\System32\iccvid.dll (Radius Inc.)
Drivers32: vidc.DIVX - C:\Windows\System32\DivX.dll (DivX, Inc.)
Drivers32: vidc.ffds - C:\Windows\System32\ffdshow.ax ()
Drivers32: vidc.yv12 - C:\Windows\System32\DivX.dll (DivX, Inc.)
 
CREATERESTOREPOINT
Restore point Set: OTL Restore Point
 
========== Files/Folders - Created Within 30 Days ==========
 
[2011/12/13 13:21:25 | 000,000,000 | ---D | C] -- C:\Windows\Internet Logs
[2011/12/10 13:46:23 | 000,000,000 | ---D | C] -- C:\OTL
[2011/12/10 13:16:40 | 000,584,192 | ---- | C] (OldTimer Tools) -- C:\Users\Rainer\Desktop\OTL.exe
[2011/12/09 14:46:48 | 000,000,000 | ---D | C] -- C:\Eset
[2011/12/09 12:44:55 | 000,000,000 | ---D | C] -- C:\Program Files\ESET
[2011/12/09 11:54:11 | 000,000,000 | ---D | C] -- C:\Games
[2011/12/08 16:48:49 | 000,000,000 | ---D | C] -- C:\tdsskiller
[2011/12/08 16:41:40 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Java
[2011/12/06 23:43:41 | 000,000,000 | ---D | C] -- C:\Users\Rainer\AppData\Roaming\Malwarebytes
[2011/12/06 23:42:52 | 000,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes
[2011/12/06 23:42:48 | 000,022,216 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbam.sys
[2011/12/06 23:42:48 | 000,000,000 | ---D | C] -- C:\Program Files\Malwarebytes' Anti-Malware
[2011/12/06 21:48:40 | 000,000,000 | ---D | C] -- C:\Antibundestrojaner
[2011/12/06 21:35:24 | 000,000,000 | ---D | C] -- C:\Reg entsperren
[2011/12/04 21:47:51 | 000,000,000 | ---D | C] -- C:\Users\Rainer\dwhelper
[2011/11/19 16:07:59 | 000,000,000 | ---D | C] -- C:\Users\Rainer\AppData\Local\Skyrim
[2011/11/19 16:06:55 | 000,000,000 | ---D | C] -- C:\Users\Rainer\Documents\My Games
[2011/11/19 14:54:49 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Steam
[2011/11/19 14:54:48 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Steam
[2011/11/19 14:54:47 | 000,000,000 | ---D | C] -- C:\Program Files\Steam
[2004/11/24 20:25:52 | 000,335,872 | ---- | C] ( ) -- C:\Windows\System32\drvc.dll
 
========== Files - Modified Within 30 Days ==========
 
[2011/12/13 13:25:47 | 000,662,236 | ---- | M] () -- C:\Windows\System32\perfh007.dat
[2011/12/13 13:25:47 | 000,624,578 | ---- | M] () -- C:\Windows\System32\perfh009.dat
[2011/12/13 13:25:47 | 000,134,232 | ---- | M] () -- C:\Windows\System32\perfc007.dat
[2011/12/13 13:25:47 | 000,110,216 | ---- | M] () -- C:\Windows\System32\perfc009.dat
[2011/12/13 13:20:50 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2011/12/13 13:20:47 | 2616,057,856 | -HS- | M] () -- C:\hiberfil.sys
[2011/12/13 13:19:56 | 000,002,560 | ---- | M] () -- C:\Windows\_MSRSTRT.EXE
[2011/12/10 13:16:42 | 000,584,192 | ---- | M] (OldTimer Tools) -- C:\Users\Rainer\Desktop\OTL.exe
[2011/12/09 11:54:39 | 000,001,664 | ---- | M] () -- C:\Users\Rainer\Desktop\Ski Challenge 12 (AT) starten.lnk
[2011/12/09 01:52:25 | 000,009,600 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
[2011/12/09 01:52:24 | 000,009,600 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
[2011/12/08 16:55:13 | 000,002,029 | ---- | M] () -- C:\Users\Rainer\Desktop\Entfernen des Avira DE-Cleaners.lnk
[2011/12/08 16:55:13 | 000,001,958 | ---- | M] () -- C:\Users\Rainer\Desktop\Avira DE-Cleaner.lnk
[2011/12/07 00:05:48 | 000,000,008 | RHS- | M] () -- C:\Users\Rainer\ntuser.pol
[2011/12/06 23:42:52 | 000,001,071 | ---- | M] () -- C:\Users\Public\Desktop\Malwarebytes' Anti-Malware.lnk
[2011/12/06 22:49:53 | 000,000,105 | ---- | M] () -- C:\reg
[2011/12/02 16:33:53 | 000,002,002 | ---- | M] () -- C:\Users\Rainer\Application Data\Microsoft\Internet Explorer\Quick Launch\Mozilla Firefox.lnk
[2011/11/30 20:42:26 | 000,000,215 | ---- | M] () -- C:\Users\Rainer\Desktop\The Elder Scrolls V Skyrim.url
[2011/11/26 01:12:49 | 293,097,791 | ---- | M] () -- C:\Windows\MEMORY.DMP
[2011/11/20 12:08:33 | 000,001,841 | ---- | M] () -- C:\Users\Rainer\Desktop\SkyrimLauncher.exe - Verknüpfung.lnk
[2011/11/19 14:54:51 | 000,000,875 | ---- | M] () -- C:\Users\Public\Desktop\Steam.lnk
 
========== Files Created - No Company Name ==========
 
[2011/12/13 13:19:55 | 000,002,560 | ---- | C] () -- C:\Windows\_MSRSTRT.EXE
[2011/12/09 11:54:39 | 000,001,664 | ---- | C] () -- C:\Users\Rainer\Desktop\Ski Challenge 12 (AT) starten.lnk
[2011/12/08 16:55:13 | 000,002,029 | ---- | C] () -- C:\Users\Rainer\Desktop\Entfernen des Avira DE-Cleaners.lnk
[2011/12/08 16:55:13 | 000,001,958 | ---- | C] () -- C:\Users\Rainer\Desktop\Avira DE-Cleaner.lnk
[2011/12/07 00:01:55 | 000,000,008 | RHS- | C] () -- C:\Users\Rainer\ntuser.pol
[2011/12/06 23:42:52 | 000,001,071 | ---- | C] () -- C:\Users\Public\Desktop\Malwarebytes' Anti-Malware.lnk
[2011/12/06 22:49:29 | 000,000,105 | ---- | C] () -- C:\reg
[2011/11/30 20:42:26 | 000,000,215 | ---- | C] () -- C:\Users\Rainer\Desktop\The Elder Scrolls V Skyrim.url
[2011/11/26 01:12:49 | 293,097,791 | ---- | C] () -- C:\Windows\MEMORY.DMP
[2011/11/20 12:08:33 | 000,001,841 | ---- | C] () -- C:\Users\Rainer\Desktop\SkyrimLauncher.exe - Verknüpfung.lnk
[2011/11/19 14:54:51 | 000,000,875 | ---- | C] () -- C:\Users\Public\Desktop\Steam.lnk
[2011/10/25 18:45:20 | 000,083,872 | ---- | C] () -- C:\Windows\System32\drivers\atksgt.sys
[2011/10/25 18:45:19 | 000,025,888 | ---- | C] () -- C:\Windows\System32\drivers\lirsgt.sys
[2010/08/29 21:23:59 | 000,007,168 | ---- | C] () -- C:\Windows\System32\drivers\StarOpen.sys
[2010/08/26 15:47:15 | 000,008,704 | ---- | C] () -- C:\Windows\System32\CNMVS78.DLL
[2010/07/31 01:01:34 | 000,007,680 | ---- | C] () -- C:\Users\Rainer\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2010/05/27 16:18:16 | 000,662,236 | ---- | C] () -- C:\Windows\System32\perfh007.dat
[2010/05/27 16:18:16 | 000,295,922 | ---- | C] () -- C:\Windows\System32\perfi007.dat
[2010/05/27 16:18:16 | 000,134,232 | ---- | C] () -- C:\Windows\System32\perfc007.dat
[2010/05/27 16:18:16 | 000,038,104 | ---- | C] () -- C:\Windows\System32\perfd007.dat
[2010/05/22 00:55:22 | 000,000,000 | ---- | C] () -- C:\Windows\ativpsrm.bin
[2010/05/21 16:26:02 | 000,073,728 | ---- | C] () -- C:\Windows\System32\RtNicProp32.dll
[2010/05/21 16:21:03 | 000,000,010 | ---- | C] () -- C:\Windows\GSetup.ini
[2010/05/05 02:21:48 | 000,023,040 | ---- | C] () -- C:\Windows\System32\atitmpxx.dll
[2010/04/28 22:17:50 | 000,002,110 | ---- | C] () -- C:\Windows\System32\atipblag.dat
[2010/03/25 16:56:00 | 000,203,331 | ---- | C] () -- C:\Windows\System32\atiicdxx.dat
[2009/08/27 08:04:12 | 000,207,400 | R--- | C] () -- C:\Windows\GSetup.exe
[2009/07/14 05:55:27 | 000,067,584 | --S- | C] () -- C:\Windows\bootstat.dat
[2009/07/14 05:02:04 | 000,257,880 | ---- | C] () -- C:\Windows\System32\FNTCACHE.DAT
[2009/07/14 03:05:48 | 000,624,578 | ---- | C] () -- C:\Windows\System32\perfh009.dat
[2009/07/14 03:05:48 | 000,291,294 | ---- | C] () -- C:\Windows\System32\perfi009.dat
[2009/07/14 03:05:48 | 000,110,216 | ---- | C] () -- C:\Windows\System32\perfc009.dat
[2009/07/14 03:05:48 | 000,031,548 | ---- | C] () -- C:\Windows\System32\perfd009.dat
[2009/07/14 03:05:05 | 000,000,741 | ---- | C] () -- C:\Windows\System32\NOISE.DAT
[2009/07/14 03:04:11 | 000,215,943 | ---- | C] () -- C:\Windows\System32\dssec.dat
[2009/07/14 01:19:49 | 000,066,048 | ---- | C] () -- C:\Windows\System32\PrintBrmUi.exe
[2009/07/14 00:55:01 | 000,043,131 | ---- | C] () -- C:\Windows\mib.bin
[2009/07/14 00:51:43 | 000,073,728 | ---- | C] () -- C:\Windows\System32\BthpanContextHandler.dll
[2009/07/14 00:42:10 | 000,064,000 | ---- | C] () -- C:\Windows\System32\BWContextHandler.dll
[2009/07/14 00:36:08 | 000,193,024 | ---- | C] () -- C:\Windows\System32\sppcomapi.dll
[2009/06/10 22:26:10 | 000,673,088 | ---- | C] () -- C:\Windows\System32\mlang.dat
[2009/02/18 16:55:22 | 000,294,912 | ---- | C] () -- C:\Windows\System32\ATIODE.exe
[2009/02/03 19:52:04 | 000,045,056 | ---- | C] () -- C:\Windows\System32\ATIODCLI.exe
[2008/12/19 16:15:58 | 004,338,246 | ---- | C] () -- C:\Windows\System32\libavcodec.dll
[2008/12/17 18:41:18 | 000,884,237 | ---- | C] () -- C:\Windows\System32\ff_x264.dll
[2008/12/17 18:22:58 | 000,093,184 | ---- | C] () -- C:\Windows\System32\ff_wmv9.dll
[2008/12/17 18:22:48 | 000,057,344 | ---- | C] () -- C:\Windows\System32\ff_vfw.dll
[2008/12/17 18:17:34 | 000,239,247 | ---- | C] () -- C:\Windows\System32\ff_theora.dll
[2008/12/17 17:59:54 | 000,560,802 | ---- | C] () -- C:\Windows\System32\libmplayer.dll
[2006/11/02 17:10:16 | 000,080,912 | ---- | C] () -- C:\Windows\System32\sherlock2.exe
[2006/09/12 01:07:00 | 000,199,112 | ---- | C] () -- C:\Windows\System32\fdssbase.bin
[2004/10/03 18:50:54 | 000,129,024 | ---- | C] () -- C:\Windows\System32\ff_mpeg2enc.dll
 
========== LOP Check ==========
 
[2011/10/12 19:35:03 | 000,000,000 | ---D | M] -- C:\Users\Rainer\AppData\Roaming\Audacity
[2010/08/28 12:39:33 | 000,000,000 | ---D | M] -- C:\Users\Rainer\AppData\Roaming\Auslogics
[2010/08/29 21:24:04 | 000,000,000 | ---D | M] -- C:\Users\Rainer\AppData\Roaming\Canneverbe Limited
[2010/05/28 11:53:53 | 000,000,000 | ---D | M] -- C:\Users\Rainer\AppData\Roaming\CheckPoint
[2011/03/19 13:02:45 | 000,000,000 | ---D | M] -- C:\Users\Rainer\AppData\Roaming\FreeFLVConverter
[2010/12/15 19:29:56 | 000,000,000 | ---D | M] -- C:\Users\Rainer\AppData\Roaming\IrfanView
[2010/09/14 21:35:39 | 000,000,000 | ---D | M] -- C:\Users\Rainer\AppData\Roaming\ProtectDISC
[2010/05/25 17:57:38 | 000,000,000 | ---D | M] -- C:\Users\Rainer\AppData\Roaming\T-Online
[2011/03/17 10:50:37 | 000,000,370 | ---- | M] () -- C:\Windows\Tasks\Ad-Aware Update (Weekly).job
[2011/10/27 17:07:46 | 000,032,608 | ---- | M] () -- C:\Windows\Tasks\SCHEDLGU.TXT
 
========== Purity Check ==========
 
 
 
========== Custom Scans ==========
 
 
< %ALLUSERSPROFILE%\Application Data\*. >
 
< %ALLUSERSPROFILE%\Application Data\*.exe /s >
 
< %APPDATA%\*. >
[2010/08/13 11:13:27 | 000,000,000 | ---D | M] -- C:\Users\Rainer\AppData\Roaming\Adobe
[2011/11/10 11:53:28 | 000,000,000 | ---D | M] -- C:\Users\Rainer\AppData\Roaming\Apple Computer
[2010/06/20 10:53:33 | 000,000,000 | ---D | M] -- C:\Users\Rainer\AppData\Roaming\ATI
[2011/10/12 19:35:03 | 000,000,000 | ---D | M] -- C:\Users\Rainer\AppData\Roaming\Audacity
[2010/08/28 12:39:33 | 000,000,000 | ---D | M] -- C:\Users\Rainer\AppData\Roaming\Auslogics
[2010/10/31 20:57:40 | 000,000,000 | ---D | M] -- C:\Users\Rainer\AppData\Roaming\Avira
[2010/08/29 21:24:04 | 000,000,000 | ---D | M] -- C:\Users\Rainer\AppData\Roaming\Canneverbe Limited
[2010/05/28 11:53:53 | 000,000,000 | ---D | M] -- C:\Users\Rainer\AppData\Roaming\CheckPoint
[2010/11/30 19:52:02 | 000,000,000 | ---D | M] -- C:\Users\Rainer\AppData\Roaming\DivX
[2011/03/19 13:02:45 | 000,000,000 | ---D | M] -- C:\Users\Rainer\AppData\Roaming\FreeFLVConverter
[2010/05/21 16:13:24 | 000,000,000 | ---D | M] -- C:\Users\Rainer\AppData\Roaming\Identities
[2010/12/15 19:29:56 | 000,000,000 | ---D | M] -- C:\Users\Rainer\AppData\Roaming\IrfanView
[2010/05/27 15:46:40 | 000,000,000 | ---D | M] -- C:\Users\Rainer\AppData\Roaming\Macromedia
[2011/12/06 23:43:41 | 000,000,000 | ---D | M] -- C:\Users\Rainer\AppData\Roaming\Malwarebytes
[2011/09/12 12:33:18 | 000,000,000 | ---D | M] -- C:\Users\Rainer\AppData\Roaming\Media Player Classic
[2011/11/26 11:19:02 | 000,000,000 | --SD | M] -- C:\Users\Rainer\AppData\Roaming\Microsoft
[2010/05/28 12:12:07 | 000,000,000 | ---D | M] -- C:\Users\Rainer\AppData\Roaming\Mozilla
[2010/08/29 21:20:19 | 000,000,000 | ---D | M] -- C:\Users\Rainer\AppData\Roaming\Nero
[2010/09/14 21:35:39 | 000,000,000 | ---D | M] -- C:\Users\Rainer\AppData\Roaming\ProtectDISC
[2011/07/28 14:41:47 | 000,000,000 | ---D | M] -- C:\Users\Rainer\AppData\Roaming\Real
[2010/05/25 17:57:38 | 000,000,000 | ---D | M] -- C:\Users\Rainer\AppData\Roaming\T-Online
[2011/08/18 17:13:13 | 000,000,000 | ---D | M] -- C:\Users\Rainer\AppData\Roaming\vlc
[2010/06/24 23:00:11 | 000,000,000 | ---D | M] -- C:\Users\Rainer\AppData\Roaming\WinRAR
 
< %APPDATA%\*.exe /s >
[2011/01/24 19:43:45 | 000,510,120 | ---- | M] (RealNetworks, Inc.) -- C:\Users\Rainer\AppData\Roaming\Real\Update\setup3.13\setup.exe
[2011/11/20 21:18:22 | 000,317,048 | ---- | M] (RealNetworks, Inc.) -- C:\Users\Rainer\AppData\Roaming\Real\Update\UpgradeHelper\RealPlayer\9.00\rnupgagent.exe
 
< %SYSTEMDRIVE%\*.exe >
[2010/05/27 11:50:07 | 001,631,736 | ---- | M] (AVM GmbH) -- C:\avm_fritzcard_dsl_sl_xp_2000_build_060912.exe
[2010/05/23 10:37:52 | 024,812,656 | ---- | M] (AVM Berlin                                                  ) -- C:\FRITZ!_UP_030704.exe
[2009/05/22 10:32:22 | 006,772,608 | ---- | M] (Microsoft Corporation) -- C:\IP32Deu.exe
[2010/05/23 10:08:27 | 005,080,112 | ---- | M] (Deutsche Telekom AG, Marmiko IT-Solutions GmbH                                                                                                                                                                                                                                                              ) -- C:\netzmanager_setup.exe
 
 
< MD5 for: AGP440.SYS  >
[2009/07/14 02:26:15 | 000,053,312 | ---- | M] (Microsoft Corporation) MD5=507812C3054C21CEF746B6EE3D04DD6E -- C:\Windows\System32\drivers\AGP440.sys
[2009/07/14 02:26:15 | 000,053,312 | ---- | M] (Microsoft Corporation) MD5=507812C3054C21CEF746B6EE3D04DD6E -- C:\Windows\System32\DriverStore\FileRepository\machine.inf_x86_neutral_65848c2d7375a720\AGP440.sys
[2009/07/14 02:26:15 | 000,053,312 | ---- | M] (Microsoft Corporation) MD5=507812C3054C21CEF746B6EE3D04DD6E -- C:\Windows\winsxs\x86_machine.inf_31bf3856ad364e35_6.1.7600.16385_none_b9e9435f20046eeb\AGP440.sys
 
< MD5 for: ATAPI.SYS  >
[2009/07/14 02:26:15 | 000,021,584 | ---- | M] (Microsoft Corporation) MD5=338C86357871C167A96AB976519BF59E -- C:\Windows\System32\drivers\atapi.sys
[2009/07/14 02:26:15 | 000,021,584 | ---- | M] (Microsoft Corporation) MD5=338C86357871C167A96AB976519BF59E -- C:\Windows\System32\DriverStore\FileRepository\mshdc.inf_x86_neutral_f64b9c35a3a5be81\atapi.sys
[2009/07/14 02:26:15 | 000,021,584 | ---- | M] (Microsoft Corporation) MD5=338C86357871C167A96AB976519BF59E -- C:\Windows\winsxs\x86_mshdc.inf_31bf3856ad364e35_6.1.7600.16385_none_dd0e7e3d82dd640d\atapi.sys
 
< MD5 for: CNGAUDIT.DLL  >
[2009/07/14 02:15:06 | 000,012,288 | ---- | M] (Microsoft Corporation) MD5=50BA656134F78AF64E4DD3C8B6FEFD7E -- C:\Windows\System32\cngaudit.dll
[2009/07/14 02:15:06 | 000,012,288 | ---- | M] (Microsoft Corporation) MD5=50BA656134F78AF64E4DD3C8B6FEFD7E -- C:\Windows\winsxs\x86_microsoft-windows-cngaudit-dll_31bf3856ad364e35_6.1.7600.16385_none_e83a414890e8132b\cngaudit.dll
 
< MD5 for: IASTORV.SYS  >
[2009/07/14 02:20:36 | 000,332,352 | ---- | M] (Intel Corporation) MD5=934AF4D7C5F457B9F0743F4299B77B67 -- C:\Windows\System32\drivers\iaStorV.sys
[2009/07/14 02:20:36 | 000,332,352 | ---- | M] (Intel Corporation) MD5=934AF4D7C5F457B9F0743F4299B77B67 -- C:\Windows\System32\DriverStore\FileRepository\iastorv.inf_x86_neutral_18cccb83b34e1453\iaStorV.sys
[2009/07/14 02:20:36 | 000,332,352 | ---- | M] (Intel Corporation) MD5=934AF4D7C5F457B9F0743F4299B77B67 -- C:\Windows\winsxs\x86_iastorv.inf_31bf3856ad364e35_6.1.7600.16385_none_aee7a89be91b9000\iaStorV.sys
 
< MD5 for: NETLOGON.DLL  >
[2009/07/14 02:16:02 | 000,563,712 | ---- | M] (Microsoft Corporation) MD5=EAA75D9000B71F10EEC04D2AE6C60E81 -- C:\Windows\System32\netlogon.dll
[2009/07/14 02:16:02 | 000,563,712 | ---- | M] (Microsoft Corporation) MD5=EAA75D9000B71F10EEC04D2AE6C60E81 -- C:\Windows\winsxs\x86_microsoft-windows-security-netlogon_31bf3856ad364e35_6.1.7600.16385_none_fd8e0d66994d7dc8\netlogon.dll
 
< MD5 for: NVSTOR.SYS  >
[2009/07/14 02:20:44 | 000,142,416 | ---- | M] (NVIDIA Corporation) MD5=C99F251A5DE63C6F129CF71933ACED0F -- C:\Windows\System32\drivers\nvstor.sys
[2009/07/14 02:20:44 | 000,142,416 | ---- | M] (NVIDIA Corporation) MD5=C99F251A5DE63C6F129CF71933ACED0F -- C:\Windows\System32\DriverStore\FileRepository\nvraid.inf_x86_neutral_5bde3fe2945bce9e\nvstor.sys
[2009/07/14 02:20:44 | 000,142,416 | ---- | M] (NVIDIA Corporation) MD5=C99F251A5DE63C6F129CF71933ACED0F -- C:\Windows\winsxs\x86_nvraid.inf_31bf3856ad364e35_6.1.7600.16385_none_39b1194b205239d8\nvstor.sys
 
< MD5 for: SCECLI.DLL  >
[2009/07/14 02:16:13 | 000,175,616 | ---- | M] (Microsoft Corporation) MD5=26073302DAEA83CC5B944C546D6B47D2 -- C:\Windows\System32\scecli.dll
[2009/07/14 02:16:13 | 000,175,616 | ---- | M] (Microsoft Corporation) MD5=26073302DAEA83CC5B944C546D6B47D2 -- C:\Windows\winsxs\x86_microsoft-windows-s..urationengineclient_31bf3856ad364e35_6.1.7600.16385_none_37e4387f3a6f0483\scecli.dll
 
< MD5 for: USER32.DLL  >
[2009/07/14 02:16:17 | 000,811,520 | ---- | M] (Microsoft Corporation) MD5=34B7E222E81FAFA885F0C5F2CFA56861 -- C:\Windows\System32\user32.dll
[2009/07/14 02:16:17 | 000,811,520 | ---- | M] (Microsoft Corporation) MD5=34B7E222E81FAFA885F0C5F2CFA56861 -- C:\Windows\winsxs\x86_microsoft-windows-user32_31bf3856ad364e35_6.1.7600.16385_none_cd0ec264ceb014a3\user32.dll
 
< MD5 for: USERINIT.EXE  >
[2009/07/14 02:14:43 | 000,026,112 | ---- | M] (Microsoft Corporation) MD5=6DE80F60D7DE9CE6B8C2DDFDF79EF175 -- C:\Windows\System32\userinit.exe
[2009/07/14 02:14:43 | 000,026,112 | ---- | M] (Microsoft Corporation) MD5=6DE80F60D7DE9CE6B8C2DDFDF79EF175 -- C:\Windows\winsxs\x86_microsoft-windows-userinit_31bf3856ad364e35_6.1.7600.16385_none_dbff103933038d7c\userinit.exe
 
< MD5 for: WININIT.EXE  >
[2009/07/14 02:14:45 | 000,096,256 | ---- | M] (Microsoft Corporation) MD5=B5C5DCAD3899512020D135600129D665 -- C:\Windows\System32\wininit.exe
[2009/07/14 02:14:45 | 000,096,256 | ---- | M] (Microsoft Corporation) MD5=B5C5DCAD3899512020D135600129D665 -- C:\Windows\winsxs\x86_microsoft-windows-wininit_31bf3856ad364e35_6.1.7600.16385_none_30c90ef265a43c13\wininit.exe
 
< MD5 for: WINLOGON.EXE  >
[2009/10/28 07:17:59 | 000,285,696 | ---- | M] (Microsoft Corporation) MD5=37CDB7E72EB66BA85A87CBE37E7F03FD -- C:\Windows\System32\winlogon.exe
[2009/10/28 07:17:59 | 000,285,696 | ---- | M] (Microsoft Corporation) MD5=37CDB7E72EB66BA85A87CBE37E7F03FD -- C:\Windows\winsxs\x86_microsoft-windows-winlogon_31bf3856ad364e35_6.1.7600.16447_none_6fc699643622d177\winlogon.exe
[2009/10/28 06:52:08 | 000,285,696 | ---- | M] (Microsoft Corporation) MD5=3BABE6767C78FBF5FB8435FEED187F30 -- C:\Windows\winsxs\x86_microsoft-windows-winlogon_31bf3856ad364e35_6.1.7600.20560_none_703394514f56f7c2\winlogon.exe
[2009/07/14 02:14:45 | 000,285,696 | ---- | M] (Microsoft Corporation) MD5=8EC6A4AB12B8F3759E21F8E3A388F2CF -- C:\Windows\winsxs\x86_microsoft-windows-winlogon_31bf3856ad364e35_6.1.7600.16385_none_6f99573a36451166\winlogon.exe
 
< MD5 for: WS2IFSL.SYS  >
[2009/07/14 00:55:02 | 000,016,384 | ---- | M] (Microsoft Corporation) MD5=6DB3276587B853BF886B69528FDB048C -- C:\Windows\System32\drivers\ws2ifsl.sys
[2009/07/14 00:55:02 | 000,016,384 | ---- | M] (Microsoft Corporation) MD5=6DB3276587B853BF886B69528FDB048C -- C:\Windows\winsxs\x86_microsoft-windows-w..rastructure-ws2ifsl_31bf3856ad364e35_6.1.7600.16385_none_4f5cf6f829213bb2\ws2ifsl.sys
 
< %systemroot%\system32\drivers\*.sys /lockedfiles >
 
< %systemroot%\System32\config\*.sav >
 
< %systemroot%\*. /mp /s >
 
< %systemroot%\system32\*.dll /lockedfiles >
[2009/07/14 02:16:15 | 000,193,024 | ---- | M] () Unable to obtain MD5 -- C:\Windows\system32\sppcomapi.dll

< End of report >
         

Alt 13.12.2011, 14:58   #10
cosinus
/// Winkelfunktion
/// TB-Süch-Tiger™
 
Trojan/Win32.VBKrypt "hrt54is56ijfgte" - Standard

Trojan/Win32.VBKrypt "hrt54is56ijfgte"



Zitat:
Darfst du mir eine andere(kostenlose) Firewall empfehlen?
Wurde schon erwähnt. Windows-Firewall.
Alles andere ist kontraproduktiver Nonsens, aber die Software-Industrie will nunmal jeden so einen Mist andrehen.


Mach einen OTL-Fix, beende alle evtl. geöffneten Programme, auch Virenscanner deaktivieren (!), starte OTL und kopiere folgenden Text in die "Custom Scan/Fixes" Box (unten in OTL): (das ":OTL" muss mitkopiert werden!!!)


Code:
ATTFilter
:OTL
IE - HKLM\..\URLSearchHook: {8dbb6d8e-e4a6-4e3b-9753-af78b226441c} - C:\Programme\Softonic_Deutsch\tbSoft.dll (Conduit Ltd.)
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = http://de.msn.com/?ocid=iehp
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = de
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = 4D 79 A3 C3 A7 2D CC 01  [binary data]
IE - HKCU\..\URLSearchHook: {8dbb6d8e-e4a6-4e3b-9753-af78b226441c} - C:\Programme\Softonic_Deutsch\tbSoft.dll (Conduit Ltd.)
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
O2 - BHO: (Softonic Deutsch Toolbar) - {8dbb6d8e-e4a6-4e3b-9753-af78b226441c} - C:\Programme\Softonic_Deutsch\tbSoft.dll (Conduit Ltd.)
O3 - HKLM\..\Toolbar: (Softonic Deutsch Toolbar) - {8dbb6d8e-e4a6-4e3b-9753-af78b226441c} - C:\Programme\Softonic_Deutsch\tbSoft.dll (Conduit Ltd.)
O3 - HKCU\..\Toolbar\WebBrowser: (Softonic Deutsch Toolbar) - {8DBB6D8E-E4A6-4E3B-9753-AF78B226441C} - C:\Programme\Softonic_Deutsch\tbSoft.dll (Conduit Ltd.)
O4 - HKCU..\Run: [SpybotSD TeaTimer] C:\Programme\Spybot - Search & Destroy\TeaTimer.exe (Safer-Networking Ltd.)
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2009/06/10 22:42:20 | 000,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ]
O32 - AutoRun File - [2009/05/19 22:28:59 | 000,000,000 | ---- | M] () - D:\AUTOEXEC.BAT -- [ NTFS ]
O33 - MountPoints2\{d92abe36-795c-11e0-80de-806e6f6e6963}\Shell - "" = AutoRun
O33 - MountPoints2\{d92abe36-795c-11e0-80de-806e6f6e6963}\Shell\AutoRun\command - "" = E:\SETUP.EXE
:Commands
[emptytemp]
[resethosts]
         
Klick dann oben links auf den Button Fix!
Das Logfile müsste geöffnet werden, wenn Du nach dem Fixen auf ok klickst, poste das bitte. Evtl. wird der Rechner neu gestartet.

Die mit diesem Script gefixten Einträge, Dateien und Ordner werden zur Sicherheit nicht vollständig gelöscht, es wird eine Sicherheitskopie auf der Systempartition im Ordner "_OTL" erstellt.

Hinweis: Das obige Script ist nur für diesen einen User in dieser Situtation erstellt worden. Es ist auf keinen anderen Rechner portierbar und darf nicht anderweitig verwandt werden, da es das System nachhaltig schädigen kann!
__________________
"Die Wahrheit ist normalerweise nur eine Entschuldigung für einen Mangel an Fantasie." (Elim Garak)

Das Trojaner-Board unterstützen
Warum Linux besser als Windows ist!

Alt 13.12.2011, 20:19   #11
rara
 
Trojan/Win32.VBKrypt "hrt54is56ijfgte" - Standard

Trojan/Win32.VBKrypt "hrt54is56ijfgte"



Voila(nach Neustart):
Code:
ATTFilter
All processes killed
========== OTL ==========
Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\URLSearchHooks\\{8dbb6d8e-e4a6-4e3b-9753-af78b226441c} deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{8dbb6d8e-e4a6-4e3b-9753-af78b226441c}\ deleted successfully.
C:\Programme\Softonic_Deutsch\tbSoft.dll moved successfully.
HKCU\SOFTWARE\Microsoft\Internet Explorer\Main\\Start Page Redirect Cache| /E : value set successfully!
HKCU\SOFTWARE\Microsoft\Internet Explorer\Main\\Start Page Redirect Cache AcceptLangs| /E : value set successfully!
HKCU\SOFTWARE\Microsoft\Internet Explorer\Main\\Start Page Redirect Cache_TIMESTAMP| /E : value set successfully!
Registry value HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\URLSearchHooks\\{8dbb6d8e-e4a6-4e3b-9753-af78b226441c} deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{8dbb6d8e-e4a6-4e3b-9753-af78b226441c}\ not found.
File C:\Programme\Softonic_Deutsch\tbSoft.dll not found.
HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\\ProxyEnable|dword:0 /E : value set successfully!
Registry key HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{8dbb6d8e-e4a6-4e3b-9753-af78b226441c}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{8dbb6d8e-e4a6-4e3b-9753-af78b226441c}\ not found.
File C:\Programme\Softonic_Deutsch\tbSoft.dll not found.
Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Toolbar\\{8dbb6d8e-e4a6-4e3b-9753-af78b226441c} deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{8dbb6d8e-e4a6-4e3b-9753-af78b226441c}\ not found.
File C:\Programme\Softonic_Deutsch\tbSoft.dll not found.
Registry value HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\\{8DBB6D8E-E4A6-4E3B-9753-AF78B226441C} deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{8DBB6D8E-E4A6-4E3B-9753-AF78B226441C}\ not found.
File C:\Programme\Softonic_Deutsch\tbSoft.dll not found.
Registry value HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run\\SpybotSD TeaTimer deleted successfully.
C:\Programme\Spybot - Search & Destroy\TeaTimer.exe moved successfully.
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Cdrom\\AutoRun|DWORD:1 /E : value set successfully!
C:\autoexec.bat moved successfully.
D:\AUTOEXEC.BAT moved successfully.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{d92abe36-795c-11e0-80de-806e6f6e6963}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{d92abe36-795c-11e0-80de-806e6f6e6963}\ not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{d92abe36-795c-11e0-80de-806e6f6e6963}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{d92abe36-795c-11e0-80de-806e6f6e6963}\ not found.
File E:\SETUP.EXE not found.
========== COMMANDS ==========
 
[EMPTYTEMP]
 
User: All Users
 
User: Default
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
 
User: Default User
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
 
User: Guest
->Temp folder emptied: 3297456 bytes
->Temporary Internet Files folder emptied: 33170 bytes
->Java cache emptied: 0 bytes
->FireFox cache emptied: 3493241 bytes
 
User: Public
 
User: Rainer
->Temp folder emptied: 89131019 bytes
->Temporary Internet Files folder emptied: 50265887 bytes
->Java cache emptied: 633481 bytes
->FireFox cache emptied: 212225775 bytes
->Flash cache emptied: 38896 bytes
 
%systemdrive% .tmp files removed: 0 bytes
%systemroot% .tmp files removed: 0 bytes
%systemroot%\System32 .tmp files removed: 0 bytes
%systemroot%\System32\drivers .tmp files removed: 0 bytes
Windows Temp folder emptied: 267348 bytes
RecycleBin emptied: 63074103 bytes
 
Total Files Cleaned = 403.00 mb
 
C:\Windows\System32\drivers\etc\Hosts moved successfully.
HOSTS file reset successfully
 
OTL by OldTimer - Version 3.2.31.0 log created on 12132011_200712

Files\Folders moved on Reboot...

Registry entries deleted on Reboot...
         
Das u .a. mit "autoexec.bat moved" hört sich irgendwie nicht gut an. Kannst du mir bitte kurz erklären, was mit diesem Fix passiert ist?
Vorab schon mal Danke für deine Mühe.

Alt 13.12.2011, 20:37   #12
cosinus
/// Winkelfunktion
/// TB-Süch-Tiger™
 
Trojan/Win32.VBKrypt "hrt54is56ijfgte" - Standard

Trojan/Win32.VBKrypt "hrt54is56ijfgte"



Das ist ein ganz normaler Fix wie die anderen Einträge (Zeilen) im Grunde auch. Nichts mit "nicht gut" oder gar gefährlich.

Bitte nun (im normalen Windows-Modus) dieses Tool von Kaspersky (TDSS-Killer) ausführen und das Log posten => http://www.trojaner-board.de/82358-t...entfernen.html

Das Tool so einstellen wie unten im Bild angegeben - klick auf change parameters und setze die Haken wie im folgenden Screenshot abgebildet,
Dann auf Start Scan klicken und wenn es durch ist auf den Button Report klicken um das Log anzuzeigen. Dieses bitte komplett posten.
Wenn du das Log nicht findest oder den Inhalt kopieren und in dein Posting übertragen kannst, dann schau bitte direkt auf deiner Windows-Systempartition nach, da speichert der TDSS-Killer seine Logs.

Hinweis: Bitte nichts voreilig mit dem TDSS-Killer löschen! Falls Objekte vom TDSS-Killer bemängelt werden, alle mit der Aktion "skip" behandeln und hier nur das Log posten!




Falls du durch die Infektion auf deine Dokumente/Eigenen Dateien nicht zugreifen kannst, Verknüpfungen auf dem Desktop oder im Startmenü unter "alle Programme" fehlen, bitte unhide ausführen:
Downloade dir bitte unhide.exe und speichere diese Datei auf deinem Desktop.
Starte das Tool und es sollten alle Dateien und Ordner wieder sichtbar sein. ( Könnte eine Weile dauern )
Windows-Vista und Windows-7-User müssen das Tool per Rechtsklick als Administrator ausführen!
__________________
"Die Wahrheit ist normalerweise nur eine Entschuldigung für einen Mangel an Fantasie." (Elim Garak)

Das Trojaner-Board unterstützen
Warum Linux besser als Windows ist!

Alt 13.12.2011, 23:54   #13
rara
 
Trojan/Win32.VBKrypt "hrt54is56ijfgte" - Standard

Trojan/Win32.VBKrypt "hrt54is56ijfgte"



Das sind die Dateien vom "Report". Habe sont nichts vom TDSS-Killer gefunden(Pfad bei Win7?)
Code:
ATTFilter
23:31:22.0615 1328	TDSS rootkit removing tool 2.6.22.0 Dec  7 2011 13:21:06
23:32:36.0155 1328	============================================================
23:32:36.0155 1328	Current date / time: 2011/12/13 23:32:36.0155
23:32:36.0155 1328	SystemInfo:
23:32:36.0155 1328	
23:32:36.0165 1328	OS Version: 6.1.7600 ServicePack: 0.0
23:32:36.0165 1328	Product type: Workstation
23:32:36.0165 1328	ComputerName: RAINER-PC
23:32:36.0165 1328	UserName: Rainer
23:32:36.0165 1328	Windows directory: C:\Windows
23:32:36.0165 1328	System windows directory: C:\Windows
23:32:36.0165 1328	Processor architecture: Intel x86
23:32:36.0165 1328	Number of processors: 4
23:32:36.0165 1328	Page size: 0x1000
23:32:36.0165 1328	Boot type: Normal boot
23:32:36.0165 1328	============================================================
23:32:37.0065 1328	Initialize success
23:33:42.0595 0752	============================================================
23:33:42.0595 0752	Scan started
23:33:42.0595 0752	Mode: Manual; SigCheck; TDLFS; 
23:33:42.0595 0752	============================================================
23:33:43.0175 0752	1394ohci        (6d2aca41739bfe8cb86ee8e85f29697d) C:\Windows\system32\DRIVERS\1394ohci.sys
23:33:43.0265 0752	1394ohci - ok
23:33:43.0305 0752	aadev           (e6fb5ddbbd1f30ccac950465b0d710ff) C:\Windows\system32\DRIVERS\aadev.sys
23:33:43.0325 0752	aadev ( UnsignedFile.Multi.Generic ) - warning
23:33:43.0325 0752	aadev - detected UnsignedFile.Multi.Generic (1)
23:33:43.0385 0752	acedrv11        (e6f53d6c0dea3d375362265e175ca638) C:\Windows\system32\drivers\acedrv11.sys
23:33:43.0405 0752	acedrv11 - ok
23:33:43.0435 0752	ACPI            (f0e07d144c8685b8774bc32fc8da4df0) C:\Windows\system32\DRIVERS\ACPI.sys
23:33:43.0445 0752	ACPI - ok
23:33:43.0475 0752	AcpiPmi         (98d81ca942d19f7d9153b095162ac013) C:\Windows\system32\DRIVERS\acpipmi.sys
23:33:43.0515 0752	AcpiPmi - ok
23:33:43.0555 0752	adp94xx         (21e785ebd7dc90a06391141aac7892fb) C:\Windows\system32\DRIVERS\adp94xx.sys
23:33:43.0575 0752	adp94xx - ok
23:33:43.0605 0752	adpahci         (0c676bc278d5b59ff5abd57bbe9123f2) C:\Windows\system32\DRIVERS\adpahci.sys
23:33:43.0615 0752	adpahci - ok
23:33:43.0635 0752	adpu320         (7c7b5ee4b7b822ec85321fe23a27db33) C:\Windows\system32\DRIVERS\adpu320.sys
23:33:43.0645 0752	adpu320 - ok
23:33:43.0685 0752	AFD             (ddc040fdb01ef1712a6b13e52afb104c) C:\Windows\system32\drivers\afd.sys
23:33:43.0795 0752	AFD - ok
23:33:43.0815 0752	agp440          (507812c3054c21cef746b6ee3d04dd6e) C:\Windows\system32\DRIVERS\agp440.sys
23:33:43.0825 0752	agp440 - ok
23:33:43.0845 0752	aic78xx         (8b30250d573a8f6b4bd23195160d8707) C:\Windows\system32\DRIVERS\djsvs.sys
23:33:43.0855 0752	aic78xx - ok
23:33:43.0875 0752	aliide          (0d40bcf52ea90fc7df2aeab6503dea44) C:\Windows\system32\DRIVERS\aliide.sys
23:33:43.0885 0752	aliide - ok
23:33:43.0915 0752	amdagp          (3c6600a0696e90a463771c7422e23ab5) C:\Windows\system32\DRIVERS\amdagp.sys
23:33:43.0925 0752	amdagp - ok
23:33:43.0945 0752	amdide          (cd5914170297126b6266860198d1d4f0) C:\Windows\system32\DRIVERS\amdide.sys
23:33:43.0955 0752	amdide - ok
23:33:43.0975 0752	AmdK8           (00dda200d71bac534bf56a9db5dfd666) C:\Windows\system32\DRIVERS\amdk8.sys
23:33:44.0005 0752	AmdK8 - ok
23:33:44.0185 0752	amdkmdag        (19529728442d4794b96d1b8a9a63eca1) C:\Windows\system32\DRIVERS\atikmdag.sys
23:33:44.0305 0752	amdkmdag - ok
23:33:44.0345 0752	amdkmdap        (b44737ff566b5888d15fdb66849f34e5) C:\Windows\system32\DRIVERS\atikmpag.sys
23:33:44.0385 0752	amdkmdap - ok
23:33:44.0415 0752	AmdPPM          (3cbf30f5370fda40dd3e87df38ea53b6) C:\Windows\system32\DRIVERS\amdppm.sys
23:33:44.0435 0752	AmdPPM - ok
23:33:44.0455 0752	amdsata         (2101a86c25c154f8314b24ef49d7fbc2) C:\Windows\system32\DRIVERS\amdsata.sys
23:33:44.0485 0752	amdsata - ok
23:33:44.0515 0752	amdsbs          (ea43af0c423ff267355f74e7a53bdaba) C:\Windows\system32\DRIVERS\amdsbs.sys
23:33:44.0525 0752	amdsbs - ok
23:33:44.0545 0752	amdxata         (b81c2b5616f6420a9941ea093a92b150) C:\Windows\system32\DRIVERS\amdxata.sys
23:33:44.0555 0752	amdxata - ok
23:33:44.0595 0752	AppID           (feb834c02ce1e84b6a38f953ca067706) C:\Windows\system32\drivers\appid.sys
23:33:44.0635 0752	AppID - ok
23:33:44.0725 0752	arc             (2932004f49677bd84dbc72edb754ffb3) C:\Windows\system32\DRIVERS\arc.sys
23:33:44.0755 0752	arc - ok
23:33:44.0775 0752	arcsas          (5d6f36c46fd283ae1b57bd2e9feb0bc7) C:\Windows\system32\DRIVERS\arcsas.sys
23:33:44.0795 0752	arcsas - ok
23:33:44.0825 0752	AsyncMac        (add2ade1c2b285ab8378d2daaf991481) C:\Windows\system32\DRIVERS\asyncmac.sys
23:33:44.0875 0752	AsyncMac - ok
23:33:44.0885 0752	atapi           (338c86357871c167a96ab976519bf59e) C:\Windows\system32\DRIVERS\atapi.sys
23:33:44.0895 0752	atapi - ok
23:33:45.0015 0752	atikmdag        (19529728442d4794b96d1b8a9a63eca1) C:\Windows\system32\DRIVERS\atikmdag.sys
23:33:45.0065 0752	atikmdag - ok
23:33:45.0115 0752	atksgt          (547f07839f71a4357a5e503646cac2b0) C:\Windows\system32\DRIVERS\atksgt.sys
23:33:45.0125 0752	atksgt - ok
23:33:45.0155 0752	avgntflt        (1e4114685de1ffa9675e09c6a1fb3f4b) C:\Windows\system32\DRIVERS\avgntflt.sys
23:33:45.0165 0752	avgntflt - ok
23:33:45.0185 0752	avipbb          (0f78d3dae6dedd99ae54c9491c62adf2) C:\Windows\system32\DRIVERS\avipbb.sys
23:33:45.0185 0752	avipbb - ok
23:33:45.0215 0752	AVMDSLPPPOE     (588124fffc48ab597852c8f6ef98e5ba) C:\Windows\system32\DRIVERS\avmdsloe.sys
23:33:45.0235 0752	AVMDSLPPPOE - ok
23:33:45.0255 0752	AVMNDSL         (61ae58c70c2ccef558d1f411570a9b60) C:\Windows\system32\DRIVERS\avmndsl.sys
23:33:45.0275 0752	AVMNDSL - ok
23:33:45.0325 0752	b06bdrv         (1a231abec60fd316ec54c66715543cec) C:\Windows\system32\DRIVERS\bxvbdx.sys
23:33:45.0395 0752	b06bdrv - ok
23:33:45.0425 0752	b57nd60x        (bd8869eb9cde6bbe4508d869929869ee) C:\Windows\system32\DRIVERS\b57nd60x.sys
23:33:45.0465 0752	b57nd60x - ok
23:33:45.0495 0752	Beep            (505506526a9d467307b3c393dedaf858) C:\Windows\system32\drivers\Beep.sys
23:33:45.0545 0752	Beep - ok
23:33:45.0565 0752	blbdrive        (2287078ed48fcfc477b05b20cf38f36f) C:\Windows\system32\DRIVERS\blbdrive.sys
23:33:45.0575 0752	blbdrive - ok
23:33:45.0605 0752	bowser          (9a5c671b7fbae4865149bb11f59b91b2) C:\Windows\system32\DRIVERS\bowser.sys
23:33:45.0645 0752	bowser - ok
23:33:45.0665 0752	BrFiltLo        (9f9acc7f7ccde8a15c282d3f88b43309) C:\Windows\system32\DRIVERS\BrFiltLo.sys
23:33:45.0685 0752	BrFiltLo - ok
23:33:45.0705 0752	BrFiltUp        (56801ad62213a41f6497f96dee83755a) C:\Windows\system32\DRIVERS\BrFiltUp.sys
23:33:45.0725 0752	BrFiltUp - ok
23:33:45.0755 0752	Brserid         (845b8ce732e67f3b4133164868c666ea) C:\Windows\System32\Drivers\Brserid.sys
23:33:45.0785 0752	Brserid - ok
23:33:45.0805 0752	BrSerWdm        (203f0b1e73adadbbb7b7b1fabd901f6b) C:\Windows\System32\Drivers\BrSerWdm.sys
23:33:45.0835 0752	BrSerWdm - ok
23:33:45.0855 0752	BrUsbMdm        (bd456606156ba17e60a04e18016ae54b) C:\Windows\System32\Drivers\BrUsbMdm.sys
23:33:45.0885 0752	BrUsbMdm - ok
23:33:45.0905 0752	BrUsbSer        (af72ed54503f717a43268b3cc5faec2e) C:\Windows\System32\Drivers\BrUsbSer.sys
23:33:45.0915 0752	BrUsbSer - ok
23:33:45.0945 0752	BTHMODEM        (ed3df7c56ce0084eb2034432fc56565a) C:\Windows\system32\DRIVERS\bthmodem.sys
23:33:45.0965 0752	BTHMODEM - ok
23:33:45.0995 0752	cdfs            (77ea11b065e0a8ab902d78145ca51e10) C:\Windows\system32\DRIVERS\cdfs.sys
23:33:46.0025 0752	cdfs - ok
23:33:46.0055 0752	cdrom           (ba6e70aa0e6091bc39de29477d866a77) C:\Windows\system32\DRIVERS\cdrom.sys
23:33:46.0075 0752	cdrom - ok
23:33:46.0095 0752	circlass        (3fe3fe94a34df6fb06e6418d0f6a0060) C:\Windows\system32\DRIVERS\circlass.sys
23:33:46.0105 0752	circlass - ok
23:33:46.0155 0752	CLFS            (635181e0e9bbf16871bf5380d71db02d) C:\Windows\system32\CLFS.sys
23:33:46.0165 0752	CLFS - ok
23:33:46.0205 0752	CmBatt          (dea805815e587dad1dd2c502220b5616) C:\Windows\system32\DRIVERS\CmBatt.sys
23:33:46.0225 0752	CmBatt - ok
23:33:46.0245 0752	cmdide          (c537b1db64d495b9b4717b4d6d9edbf2) C:\Windows\system32\DRIVERS\cmdide.sys
23:33:46.0255 0752	cmdide - ok
23:33:46.0275 0752	CNG             (1b675691ed940766149c93e8f4488d68) C:\Windows\system32\Drivers\cng.sys
23:33:46.0305 0752	CNG - ok
23:33:46.0325 0752	Compbatt        (a6023d3823c37043986713f118a89bee) C:\Windows\system32\DRIVERS\compbatt.sys
23:33:46.0335 0752	Compbatt - ok
23:33:46.0355 0752	CompositeBus    (f1724ba27e97d627f808fb0ba77a28a6) C:\Windows\system32\DRIVERS\CompositeBus.sys
23:33:46.0375 0752	CompositeBus - ok
23:33:46.0405 0752	crcdisk         (2c4ebcfc84a9b44f209dff6c6e6c61d1) C:\Windows\system32\DRIVERS\crcdisk.sys
23:33:46.0415 0752	crcdisk - ok
23:33:46.0465 0752	CSC             (27c9490bdd0ae48911ab8cf1932591ed) C:\Windows\system32\drivers\csc.sys
23:33:46.0485 0752	CSC - ok
23:33:46.0515 0752	DfsC            (8e09e52ee2e3ceb199ef3dd99cf9e3fb) C:\Windows\system32\Drivers\dfsc.sys
23:33:46.0545 0752	DfsC - ok
23:33:46.0565 0752	discache        (1a050b0274bfb3890703d490f330c0da) C:\Windows\system32\drivers\discache.sys
23:33:46.0625 0752	discache - ok
23:33:46.0645 0752	Disk            (565003f326f99802e68ca78f2a68e9ff) C:\Windows\system32\DRIVERS\disk.sys
23:33:46.0655 0752	Disk - ok
23:33:46.0715 0752	drmkaud         (b918e7c5f9bf77202f89e1a9539f2eb4) C:\Windows\system32\drivers\drmkaud.sys
23:33:46.0745 0752	drmkaud - ok
23:33:46.0805 0752	DXGKrnl         (1679a4669326cb1a67cc95658d273234) C:\Windows\System32\drivers\dxgkrnl.sys
23:33:46.0825 0752	DXGKrnl - ok
23:33:46.0915 0752	ebdrv           (024e1b5cac09731e4d868e64dbfb4ab0) C:\Windows\system32\DRIVERS\evbdx.sys
23:33:46.0985 0752	ebdrv - ok
23:33:47.0015 0752	elxstor         (0ed67910c8c326796faa00b2bf6d9d3c) C:\Windows\system32\DRIVERS\elxstor.sys
23:33:47.0035 0752	elxstor - ok
23:33:47.0055 0752	ErrDev          (8fc3208352dd3912c94367a206ab3f11) C:\Windows\system32\DRIVERS\errdev.sys
23:33:47.0085 0752	ErrDev - ok
23:33:47.0115 0752	exfat           (2dc9108d74081149cc8b651d3a26207f) C:\Windows\system32\drivers\exfat.sys
23:33:47.0145 0752	exfat - ok
23:33:47.0165 0752	fastfat         (7e0ab74553476622fb6ae36f73d97d35) C:\Windows\system32\drivers\fastfat.sys
23:33:47.0185 0752	fastfat - ok
23:33:47.0205 0752	fdc             (e817a017f82df2a1f8cfdbda29388b29) C:\Windows\system32\DRIVERS\fdc.sys
23:33:47.0215 0752	fdc - ok
23:33:47.0265 0752	FDSSBASE        (7b6287db392d3f17a2a1cfd69346ab36) C:\Windows\system32\DRIVERS\fdssbase.sys
23:33:47.0315 0752	FDSSBASE - ok
23:33:47.0325 0752	FileInfo        (6cf00369c97f3cf563be99be983d13d8) C:\Windows\system32\drivers\fileinfo.sys
23:33:47.0335 0752	FileInfo - ok
23:33:47.0355 0752	Filetrace       (42c51dc94c91da21cb9196eb64c45db9) C:\Windows\system32\drivers\filetrace.sys
23:33:47.0385 0752	Filetrace - ok
23:33:47.0395 0752	flpydisk        (87907aa70cb3c56600f1c2fb8841579b) C:\Windows\system32\DRIVERS\flpydisk.sys
23:33:47.0415 0752	flpydisk - ok
23:33:47.0435 0752	FltMgr          (7520ec808e0c35e0ee6f841294316653) C:\Windows\system32\drivers\fltmgr.sys
23:33:47.0445 0752	FltMgr - ok
23:33:47.0455 0752	FsDepends       (1a16b57943853e598cff37fe2b8cbf1d) C:\Windows\system32\drivers\FsDepends.sys
23:33:47.0465 0752	FsDepends - ok
23:33:47.0475 0752	Fs_Rec          (a574b4360e438977038aae4bf60d79a2) C:\Windows\system32\drivers\Fs_Rec.sys
23:33:47.0485 0752	Fs_Rec - ok
23:33:47.0515 0752	fvevol          (dafbd9fe39197495aed6d51f3b85b5d2) C:\Windows\system32\DRIVERS\fvevol.sys
23:33:47.0525 0752	fvevol - ok
23:33:47.0535 0752	gagp30kx        (65ee0c7a58b65e74ae05637418153938) C:\Windows\system32\DRIVERS\gagp30kx.sys
23:33:47.0545 0752	gagp30kx - ok
23:33:47.0555 0752	gdrv - ok
23:33:47.0575 0752	hcw85cir        (c44e3c2bab6837db337ddee7544736db) C:\Windows\system32\drivers\hcw85cir.sys
23:33:47.0615 0752	hcw85cir - ok
23:33:47.0675 0752	HdAudAddService (3530cad25deba7dc7de8bb51632cbc5f) C:\Windows\system32\drivers\HdAudio.sys
23:33:47.0755 0752	HdAudAddService - ok
23:33:47.0795 0752	HDAudBus        (717a2207fd6f13ad3e664c7d5a43c7bf) C:\Windows\system32\DRIVERS\HDAudBus.sys
23:33:47.0835 0752	HDAudBus - ok
23:33:47.0865 0752	HidBatt         (1d58a7f3e11a9731d0eaaaa8405acc36) C:\Windows\system32\DRIVERS\HidBatt.sys
23:33:47.0885 0752	HidBatt - ok
23:33:47.0905 0752	HidBth          (89448f40e6df260c206a193a4683ba78) C:\Windows\system32\DRIVERS\hidbth.sys
23:33:47.0955 0752	HidBth - ok
23:33:47.0975 0752	HidIr           (cf50b4cf4a4f229b9f3c08351f99ca5e) C:\Windows\system32\DRIVERS\hidir.sys
23:33:47.0985 0752	HidIr - ok
23:33:48.0015 0752	HidUsb          (25072fb35ac90b25f9e4e3bacf774102) C:\Windows\system32\DRIVERS\hidusb.sys
23:33:48.0045 0752	HidUsb - ok
23:33:48.0075 0752	HpSAMD          (295fdc419039090eb8b49ffdbb374549) C:\Windows\system32\DRIVERS\HpSAMD.sys
23:33:48.0085 0752	HpSAMD - ok
23:33:48.0115 0752	HTTP            (c531c7fd9e8b62021112787c4e2c5a5a) C:\Windows\system32\drivers\HTTP.sys
23:33:48.0145 0752	HTTP - ok
23:33:48.0165 0752	hwpolicy        (8305f33cde89ad6c7a0763ed0b5a8d42) C:\Windows\system32\drivers\hwpolicy.sys
23:33:48.0165 0752	hwpolicy - ok
23:33:48.0225 0752	i8042prt        (f151f0bdc47f4a28b1b20a0818ea36d6) C:\Windows\system32\DRIVERS\i8042prt.sys
23:33:48.0265 0752	i8042prt - ok
23:33:48.0295 0752	iaStorV         (934af4d7c5f457b9f0743f4299b77b67) C:\Windows\system32\DRIVERS\iaStorV.sys
23:33:48.0305 0752	iaStorV - ok
23:33:48.0335 0752	iirsp           (4173ff5708f3236cf25195fecd742915) C:\Windows\system32\DRIVERS\iirsp.sys
23:33:48.0345 0752	iirsp - ok
23:33:48.0445 0752	IntcAzAudAddService (5ceef2cccb4fe00d3ffbfeb12bcfa07f) C:\Windows\system32\drivers\RTKVHDA.sys
23:33:48.0485 0752	IntcAzAudAddService - ok
23:33:48.0505 0752	intelide        (a0f12f2c9ba6c72f3987ce780e77c130) C:\Windows\system32\DRIVERS\intelide.sys
23:33:48.0515 0752	intelide - ok
23:33:48.0545 0752	intelppm        (3b514d27bfc4accb4037bc6685f766e0) C:\Windows\system32\DRIVERS\intelppm.sys
23:33:48.0555 0752	intelppm - ok
23:33:48.0585 0752	IpFilterDriver  (709d1761d3b19a932ff0238ea6d50200) C:\Windows\system32\DRIVERS\ipfltdrv.sys
23:33:48.0595 0752	IpFilterDriver - ok
23:33:48.0615 0752	IPMIDRV         (e4454b6c37d7ffd5649611f6496308a7) C:\Windows\system32\DRIVERS\IPMIDrv.sys
23:33:48.0635 0752	IPMIDRV - ok
23:33:48.0655 0752	IPNAT           (a5fa468d67abcdaa36264e463a7bb0cd) C:\Windows\system32\drivers\ipnat.sys
23:33:48.0675 0752	IPNAT - ok
23:33:48.0695 0752	IRENUM          (42996cff20a3084a56017b7902307e9f) C:\Windows\system32\drivers\irenum.sys
23:33:48.0735 0752	IRENUM - ok
23:33:48.0755 0752	isapnp          (1f32bb6b38f62f7df1a7ab7292638a35) C:\Windows\system32\DRIVERS\isapnp.sys
23:33:48.0765 0752	isapnp - ok
23:33:48.0805 0752	iScsiPrt        (ed46c223ae46c6866ab77cdc41c404b7) C:\Windows\system32\DRIVERS\msiscsi.sys
23:33:48.0815 0752	iScsiPrt - ok
23:33:48.0845 0752	JRAID           (7d5053a827ff5be3a7d0ae5dd5dba308) C:\Windows\system32\DRIVERS\jraid.sys
23:33:48.0855 0752	JRAID - ok
23:33:48.0865 0752	kbdclass        (adef52ca1aeae82b50df86b56413107e) C:\Windows\system32\DRIVERS\kbdclass.sys
23:33:48.0875 0752	kbdclass - ok
23:33:48.0905 0752	kbdhid          (3d9f0ebf350edcfd6498057301455964) C:\Windows\system32\DRIVERS\kbdhid.sys
23:33:48.0935 0752	kbdhid - ok
23:33:48.0965 0752	KSecDD          (e36a061ec11b373826905b21be10948f) C:\Windows\system32\Drivers\ksecdd.sys
23:33:48.0985 0752	KSecDD - ok
23:33:49.0005 0752	KSecPkg         (365c6154bbbc5377173f1ca7bfb6cc59) C:\Windows\system32\Drivers\ksecpkg.sys
23:33:49.0025 0752	KSecPkg - ok
23:33:49.0075 0752	Lavasoft Kernexplorer - ok
23:33:49.0145 0752	Lbd             (b7c19ec8b0dd7efa58ad41ffeb8b8cda) C:\Windows\system32\DRIVERS\Lbd.sys
23:33:49.0145 0752	Lbd - ok
23:33:49.0185 0752	lirsgt          (f8a7212d0864ef5e9185fb95e6623f4d) C:\Windows\system32\DRIVERS\lirsgt.sys
23:33:49.0195 0752	lirsgt - ok
23:33:49.0225 0752	lltdio          (f7611ec07349979da9b0ae1f18ccc7a6) C:\Windows\system32\DRIVERS\lltdio.sys
23:33:49.0285 0752	lltdio - ok
23:33:49.0315 0752	LSI_FC          (eb119a53ccf2acc000ac71b065b78fef) C:\Windows\system32\DRIVERS\lsi_fc.sys
23:33:49.0325 0752	LSI_FC - ok
23:33:49.0345 0752	LSI_SAS         (8ade1c877256a22e49b75d1cc9161f9c) C:\Windows\system32\DRIVERS\lsi_sas.sys
23:33:49.0355 0752	LSI_SAS - ok
23:33:49.0385 0752	LSI_SAS2        (dc9dc3d3daa0e276fd2ec262e38b11e9) C:\Windows\system32\DRIVERS\lsi_sas2.sys
23:33:49.0385 0752	LSI_SAS2 - ok
23:33:49.0415 0752	LSI_SCSI        (0a036c7d7cab643a7f07135ac47e0524) C:\Windows\system32\DRIVERS\lsi_scsi.sys
23:33:49.0425 0752	LSI_SCSI - ok
23:33:49.0445 0752	luafv           (6703e366cc18d3b6e534f5cf7df39cee) C:\Windows\system32\drivers\luafv.sys
23:33:49.0505 0752	luafv - ok
23:33:49.0525 0752	megasas         (0fff5b045293002ab38eb1fd1fc2fb74) C:\Windows\system32\DRIVERS\megasas.sys
23:33:49.0535 0752	megasas - ok
23:33:49.0565 0752	MegaSR          (dcbab2920c75f390caf1d29f675d03d6) C:\Windows\system32\DRIVERS\MegaSR.sys
23:33:49.0575 0752	MegaSR - ok
23:33:49.0595 0752	Modem           (f001861e5700ee84e2d4e52c712f4964) C:\Windows\system32\drivers\modem.sys
23:33:49.0635 0752	Modem - ok
23:33:49.0665 0752	monitor         (79d10964de86b292320e9dfe02282a23) C:\Windows\system32\DRIVERS\monitor.sys
23:33:49.0685 0752	monitor - ok
23:33:49.0705 0752	mouclass        (fb18cc1d4c2e716b6b903b0ac0cc0609) C:\Windows\system32\DRIVERS\mouclass.sys
23:33:49.0715 0752	mouclass - ok
23:33:49.0745 0752	mouhid          (2c388d2cd01c9042596cf3c8f3c7b24d) C:\Windows\system32\DRIVERS\mouhid.sys
23:33:49.0755 0752	mouhid - ok
23:33:49.0775 0752	mountmgr        (921c18727c5920d6c0300736646931c2) C:\Windows\system32\drivers\mountmgr.sys
23:33:49.0785 0752	mountmgr - ok
23:33:49.0805 0752	mpio            (2af5997438c55fb79d33d015c30e1974) C:\Windows\system32\DRIVERS\mpio.sys
23:33:49.0815 0752	mpio - ok
23:33:49.0835 0752	mpsdrv          (ad2723a7b53dd1aacae6ad8c0bfbf4d0) C:\Windows\system32\drivers\mpsdrv.sys
23:33:49.0875 0752	mpsdrv - ok
23:33:49.0905 0752	MRxDAV          (b1be47008d20e43da3adc37c24cdb89d) C:\Windows\system32\drivers\mrxdav.sys
23:33:49.0915 0752	MRxDAV - ok
23:33:49.0965 0752	mrxsmb          (b4c76ef46322a9711c7b0f4e21ef6ea5) C:\Windows\system32\DRIVERS\mrxsmb.sys
23:33:49.0995 0752	mrxsmb - ok
23:33:50.0015 0752	mrxsmb10        (e593d45024a3fdd11e93cc4a6ca91101) C:\Windows\system32\DRIVERS\mrxsmb10.sys
23:33:50.0045 0752	mrxsmb10 - ok
23:33:50.0065 0752	mrxsmb20        (a9f86c82c9cc3b679cc3957e1183a30f) C:\Windows\system32\DRIVERS\mrxsmb20.sys
23:33:50.0075 0752	mrxsmb20 - ok
23:33:50.0105 0752	msahci          (4326d168944123f38dd3b2d9c37a0b12) C:\Windows\system32\DRIVERS\msahci.sys
23:33:50.0115 0752	msahci - ok
23:33:50.0135 0752	msdsm           (455029c7174a2dbb03dba8a0d8bddd9a) C:\Windows\system32\DRIVERS\msdsm.sys
23:33:50.0145 0752	msdsm - ok
23:33:50.0185 0752	Msfs            (daefb28e3af5a76abcc2c3078c07327f) C:\Windows\system32\drivers\Msfs.sys
23:33:50.0205 0752	Msfs - ok
23:33:50.0225 0752	mshidkmdf       (3e1e5767043c5af9367f0056295e9f84) C:\Windows\System32\drivers\mshidkmdf.sys
23:33:50.0255 0752	mshidkmdf - ok
23:33:50.0275 0752	msisadrv        (0a4e5757ae09fa9622e3158cc1aef114) C:\Windows\system32\DRIVERS\msisadrv.sys
23:33:50.0285 0752	msisadrv - ok
23:33:50.0315 0752	MSKSSRV         (8c0860d6366aaffb6c5bb9df9448e631) C:\Windows\system32\drivers\MSKSSRV.sys
23:33:50.0335 0752	MSKSSRV - ok
23:33:50.0355 0752	MSPCLOCK        (3ea8b949f963562cedbb549eac0c11ce) C:\Windows\system32\drivers\MSPCLOCK.sys
23:33:50.0395 0752	MSPCLOCK - ok
23:33:50.0415 0752	MSPQM           (f456e973590d663b1073e9c463b40932) C:\Windows\system32\drivers\MSPQM.sys
23:33:50.0435 0752	MSPQM - ok
23:33:50.0455 0752	MsRPC           (0e008fc4819d238c51d7c93e7b41e560) C:\Windows\system32\drivers\MsRPC.sys
23:33:50.0465 0752	MsRPC - ok
23:33:50.0475 0752	mssmbios        (fc6b9ff600cc585ea38b12589bd4e246) C:\Windows\system32\DRIVERS\mssmbios.sys
23:33:50.0485 0752	mssmbios - ok
23:33:50.0495 0752	MSTEE           (b42c6b921f61a6e55159b8be6cd54a36) C:\Windows\system32\drivers\MSTEE.sys
23:33:50.0515 0752	MSTEE - ok
23:33:50.0535 0752	MTConfig        (33599130f44e1f34631cea241de8ac84) C:\Windows\system32\DRIVERS\MTConfig.sys
23:33:50.0555 0752	MTConfig - ok
23:33:50.0575 0752	Mup             (159fad02f64e6381758c990f753bcc80) C:\Windows\system32\Drivers\mup.sys
23:33:50.0575 0752	Mup - ok
23:33:50.0605 0752	NativeWifiP     (26384429fcd85d83746f63e798ab1480) C:\Windows\system32\DRIVERS\nwifi.sys
23:33:50.0625 0752	NativeWifiP - ok
23:33:50.0655 0752	NDIS            (23759d175a0a9baaf04d05047bc135a8) C:\Windows\system32\drivers\ndis.sys
23:33:50.0695 0752	NDIS - ok
23:33:50.0715 0752	NdisCap         (0e1787aa6c9191d3d319e8bafe86f80c) C:\Windows\system32\DRIVERS\ndiscap.sys
23:33:50.0745 0752	NdisCap - ok
23:33:50.0785 0752	NdisTapi        (e4a8aec125a2e43a9e32afeea7c9c888) C:\Windows\system32\DRIVERS\ndistapi.sys
23:33:50.0815 0752	NdisTapi - ok
23:33:50.0845 0752	Ndisuio         (b30ae7f2b6d7e343b0df32e6c08fce75) C:\Windows\system32\DRIVERS\ndisuio.sys
23:33:50.0865 0752	Ndisuio - ok
23:33:50.0885 0752	NdisWan         (267c415eadcbe53c9ca873dee39cf3a4) C:\Windows\system32\DRIVERS\ndiswan.sys
23:33:50.0915 0752	NdisWan - ok
23:33:50.0935 0752	NDProxy         (af7e7c63dcef3f8772726f86039d6eb4) C:\Windows\system32\drivers\NDProxy.sys
23:33:50.0955 0752	NDProxy - ok
23:33:50.0965 0752	NetBIOS         (80b275b1ce3b0e79909db7b39af74d51) C:\Windows\system32\DRIVERS\netbios.sys
23:33:50.0995 0752	NetBIOS - ok
23:33:51.0025 0752	NetBT           (dd52a733bf4ca5af84562a5e2f963b91) C:\Windows\system32\DRIVERS\netbt.sys
23:33:51.0045 0752	NetBT - ok
23:33:51.0085 0752	nfrd960         (1d85c4b390b0ee09c7a46b91efb2c097) C:\Windows\system32\DRIVERS\nfrd960.sys
23:33:51.0095 0752	nfrd960 - ok
23:33:51.0155 0752	Npfs            (1db262a9f8c087e8153d89bef3d2235f) C:\Windows\system32\drivers\Npfs.sys
23:33:51.0175 0752	Npfs - ok
23:33:51.0185 0752	nsiproxy        (e9a0a4d07e53d8fea2bb8387a3293c58) C:\Windows\system32\drivers\nsiproxy.sys
23:33:51.0205 0752	nsiproxy - ok
23:33:51.0245 0752	Ntfs            (3795dcd21f740ee799fb7223234215af) C:\Windows\system32\drivers\Ntfs.sys
23:33:51.0265 0752	Ntfs - ok
23:33:51.0285 0752	Null            (f9756a98d69098dca8945d62858a812c) C:\Windows\system32\drivers\Null.sys
23:33:51.0305 0752	Null - ok
23:33:51.0335 0752	nvraid          (3f3d04b1d08d43c16ea7963954ec768d) C:\Windows\system32\DRIVERS\nvraid.sys
23:33:51.0335 0752	nvraid - ok
23:33:51.0365 0752	nvstor          (c99f251a5de63c6f129cf71933aced0f) C:\Windows\system32\DRIVERS\nvstor.sys
23:33:51.0365 0752	nvstor - ok
23:33:51.0395 0752	nv_agp          (5a0983915f02bae73267cc2a041f717d) C:\Windows\system32\DRIVERS\nv_agp.sys
23:33:51.0405 0752	nv_agp - ok
23:33:51.0425 0752	ohci1394        (08a70a1f2cdde9bb49b885cb817a66eb) C:\Windows\system32\DRIVERS\ohci1394.sys
23:33:51.0425 0752	ohci1394 - ok
23:33:51.0445 0752	Parport         (2ea877ed5dd9713c5ac74e8ea7348d14) C:\Windows\system32\DRIVERS\parport.sys
23:33:51.0455 0752	Parport - ok
23:33:51.0465 0752	partmgr         (ff4218952b51de44fe910953a3e686b9) C:\Windows\system32\drivers\partmgr.sys
23:33:51.0475 0752	partmgr - ok
23:33:51.0495 0752	Parvdm          (eb0a59f29c19b86479d36b35983daadc) C:\Windows\system32\DRIVERS\parvdm.sys
23:33:51.0515 0752	Parvdm - ok
23:33:51.0545 0752	pci             (c858cb77c577780ecc456a892e7e7d0f) C:\Windows\system32\DRIVERS\pci.sys
23:33:51.0545 0752	pci - ok
23:33:51.0565 0752	pciide          (afe86f419014db4e5593f69ffe26ce0a) C:\Windows\system32\DRIVERS\pciide.sys
23:33:51.0575 0752	pciide - ok
23:33:51.0595 0752	pcmcia          (f396431b31693e71e8a80687ef523506) C:\Windows\system32\DRIVERS\pcmcia.sys
23:33:51.0605 0752	pcmcia - ok
23:33:51.0625 0752	pcw             (250f6b43d2b613172035c6747aeeb19f) C:\Windows\system32\drivers\pcw.sys
23:33:51.0635 0752	pcw - ok
23:33:51.0665 0752	PEAUTH          (9e0104ba49f4e6973749a02bf41344ed) C:\Windows\system32\drivers\peauth.sys
23:33:51.0695 0752	PEAUTH - ok
23:33:51.0755 0752	PptpMiniport    (631e3e205ad6d86f2aed6a4a8e69f2db) C:\Windows\system32\DRIVERS\raspptp.sys
23:33:51.0775 0752	PptpMiniport - ok
23:33:51.0795 0752	Processor       (85b1e3a0c7585bc4aae6899ec6fcf011) C:\Windows\system32\DRIVERS\processr.sys
23:33:51.0815 0752	Processor - ok
23:33:51.0835 0752	Psched          (6270ccae2a86de6d146529fe55b3246a) C:\Windows\system32\DRIVERS\pacer.sys
23:33:51.0855 0752	Psched - ok
23:33:51.0915 0752	ql2300          (ab95ecf1f6659a60ddc166d8315b0751) C:\Windows\system32\DRIVERS\ql2300.sys
23:33:51.0955 0752	ql2300 - ok
23:33:51.0975 0752	ql40xx          (b4dd51dd25182244b86737dc51af2270) C:\Windows\system32\DRIVERS\ql40xx.sys
23:33:51.0985 0752	ql40xx - ok
23:33:52.0005 0752	QWAVEdrv        (584078ca1b95ca72df2a27c336f9719d) C:\Windows\system32\drivers\qwavedrv.sys
23:33:52.0035 0752	QWAVEdrv - ok
23:33:52.0055 0752	RasAcd          (30a81b53c766d0133bb86d234e5556ab) C:\Windows\system32\DRIVERS\rasacd.sys
23:33:52.0075 0752	RasAcd - ok
23:33:52.0125 0752	RasAgileVpn     (57ec4aef73660166074d8f7f31c0d4fd) C:\Windows\system32\DRIVERS\AgileVpn.sys
23:33:52.0175 0752	RasAgileVpn - ok
23:33:52.0195 0752	Rasl2tp         (d9f91eafec2815365cbe6d167e4e332a) C:\Windows\system32\DRIVERS\rasl2tp.sys
23:33:52.0215 0752	Rasl2tp - ok
23:33:52.0235 0752	RasPppoe        (0fe8b15916307a6ac12bfb6a63e45507) C:\Windows\system32\DRIVERS\raspppoe.sys
23:33:52.0275 0752	RasPppoe - ok
23:33:52.0295 0752	RasSstp         (44101f495a83ea6401d886e7fd70096b) C:\Windows\system32\DRIVERS\rassstp.sys
23:33:52.0315 0752	RasSstp - ok
23:33:52.0335 0752	rdbss           (835d7e81bf517a3b72384bdcc85e1ce6) C:\Windows\system32\DRIVERS\rdbss.sys
23:33:52.0405 0752	rdbss - ok
23:33:52.0425 0752	rdpbus          (0d8f05481cb76e70e1da06ee9f0da9df) C:\Windows\system32\DRIVERS\rdpbus.sys
23:33:52.0435 0752	rdpbus - ok
23:33:52.0455 0752	RDPCDD          (1e016846895b15a99f9a176a05029075) C:\Windows\system32\DRIVERS\RDPCDD.sys
23:33:52.0485 0752	RDPCDD - ok
23:33:52.0525 0752	RDPDR           (c5ff95883ffef704d50c40d21cfb3ab5) C:\Windows\system32\drivers\rdpdr.sys
23:33:52.0565 0752	RDPDR - ok
23:33:52.0585 0752	RDPENCDD        (5a53ca1598dd4156d44196d200c94b8a) C:\Windows\system32\drivers\rdpencdd.sys
23:33:52.0615 0752	RDPENCDD - ok
23:33:52.0635 0752	RDPREFMP        (44b0a53cd4f27d50ed461dae0c0b4e1f) C:\Windows\system32\drivers\rdprefmp.sys
23:33:52.0655 0752	RDPREFMP - ok
23:33:52.0675 0752	RDPWD           (801371ba9782282892d00aadb08ee367) C:\Windows\system32\drivers\RDPWD.sys
23:33:52.0695 0752	RDPWD - ok
23:33:52.0715 0752	rdyboost        (4ea225bf1cf05e158853f30a99ca29a7) C:\Windows\system32\drivers\rdyboost.sys
23:33:52.0715 0752	rdyboost - ok
23:33:52.0745 0752	rspndr          (032b0d36ad92b582d869879f5af5b928) C:\Windows\system32\DRIVERS\rspndr.sys
23:33:52.0795 0752	rspndr - ok
23:33:52.0825 0752	RTHDMIAzAudService (3f521ee3308fe66bcfe688dbbc7acf7f) C:\Windows\system32\drivers\RtHDMIV.sys
23:33:52.0875 0752	RTHDMIAzAudService - ok
23:33:52.0905 0752	RTL8167         (6465166dd9b2f841dabad16abdadbe98) C:\Windows\system32\DRIVERS\Rt86win7.sys
23:33:52.0965 0752	RTL8167 - ok
23:33:53.0015 0752	s3cap           (5423d8437051e89dd34749f242c98648) C:\Windows\system32\DRIVERS\vms3cap.sys
23:33:53.0045 0752	s3cap - ok
23:33:53.0075 0752	sbp2port        (34ee0c44b724e3e4ce2eff29126de5b5) C:\Windows\system32\DRIVERS\sbp2port.sys
23:33:53.0085 0752	sbp2port - ok
23:33:53.0135 0752	scfilter        (a95c54b2ac3cc9c73fcdf9e51a1d6b51) C:\Windows\system32\DRIVERS\scfilter.sys
23:33:53.0165 0752	scfilter - ok
23:33:53.0205 0752	secdrv          (90a3935d05b494a5a39d37e71f09a677) C:\Windows\system32\drivers\secdrv.sys
23:33:53.0255 0752	secdrv - ok
23:33:53.0295 0752	Serenum         (9ad8b8b515e3df6acd4212ef465de2d1) C:\Windows\system32\DRIVERS\serenum.sys
23:33:53.0315 0752	Serenum - ok
23:33:53.0345 0752	Serial          (5fb7fcea0490d821f26f39cc5ea3d1e2) C:\Windows\system32\DRIVERS\serial.sys
23:33:53.0375 0752	Serial - ok
23:33:53.0395 0752	sermouse        (79bffb520327ff916a582dfea17aa813) C:\Windows\system32\DRIVERS\sermouse.sys
23:33:53.0415 0752	sermouse - ok
23:33:53.0445 0752	sffdisk         (9f976e1eb233df46fce808d9dea3eb9c) C:\Windows\system32\DRIVERS\sffdisk.sys
23:33:53.0475 0752	sffdisk - ok
23:33:53.0495 0752	sffp_mmc        (932a68ee27833cfd57c1639d375f2731) C:\Windows\system32\DRIVERS\sffp_mmc.sys
23:33:53.0505 0752	sffp_mmc - ok
23:33:53.0535 0752	sffp_sd         (4f1e5b0fe7c8050668dbfade8999aefb) C:\Windows\system32\DRIVERS\sffp_sd.sys
23:33:53.0545 0752	sffp_sd - ok
23:33:53.0565 0752	sfloppy         (db96666cc8312ebc45032f30b007a547) C:\Windows\system32\DRIVERS\sfloppy.sys
23:33:53.0585 0752	sfloppy - ok
23:33:53.0605 0752	sisagp          (2565cac0dc9fe0371bdce60832582b2e) C:\Windows\system32\DRIVERS\sisagp.sys
23:33:53.0615 0752	sisagp - ok
23:33:53.0635 0752	SiSRaid2        (a9f0486851becb6dda1d89d381e71055) C:\Windows\system32\DRIVERS\SiSRaid2.sys
23:33:53.0645 0752	SiSRaid2 - ok
23:33:53.0665 0752	SiSRaid4        (3727097b55738e2f554972c3be5bc1aa) C:\Windows\system32\DRIVERS\sisraid4.sys
23:33:53.0665 0752	SiSRaid4 - ok
23:33:53.0725 0752	Smb             (3e21c083b8a01cb70ba1f09303010fce) C:\Windows\system32\DRIVERS\smb.sys
23:33:53.0765 0752	Smb - ok
23:33:53.0785 0752	spldr           (95cf1ae7527fb70f7816563cbc09d942) C:\Windows\system32\drivers\spldr.sys
23:33:53.0795 0752	spldr - ok
23:33:53.0835 0752	srv             (4a9b0f215de2519e2363f91df25c1e97) C:\Windows\system32\DRIVERS\srv.sys
23:33:53.0895 0752	srv - ok
23:33:53.0925 0752	srv2            (14c44875518ae1c982e54ea8c5f7fe28) C:\Windows\system32\DRIVERS\srv2.sys
23:33:53.0955 0752	srv2 - ok
23:33:53.0975 0752	srvnet          (07a14223b0a50e76ade003fdf95d4fec) C:\Windows\system32\DRIVERS\srvnet.sys
23:33:53.0995 0752	srvnet - ok
23:33:54.0025 0752	ssmdrv          (a36ee93698802cd899f98bfd553d8185) C:\Windows\system32\DRIVERS\ssmdrv.sys
23:33:54.0035 0752	ssmdrv - ok
23:33:54.0075 0752	StarOpen        (f92254b0bcfcd10caac7bccc7cb7f467) C:\Windows\system32\drivers\StarOpen.sys
23:33:54.0095 0752	StarOpen ( UnsignedFile.Multi.Generic ) - warning
23:33:54.0095 0752	StarOpen - detected UnsignedFile.Multi.Generic (1)
23:33:54.0145 0752	stexstor        (db32d325c192b801df274bfd12a7e72b) C:\Windows\system32\DRIVERS\stexstor.sys
23:33:54.0165 0752	stexstor - ok
23:33:54.0205 0752	storflt         (957e346ca948668f2496a6ccf6ff82cc) C:\Windows\system32\DRIVERS\vmstorfl.sys
23:33:54.0215 0752	storflt - ok
23:33:54.0225 0752	storvsc         (d5751969dc3e4b88bf482ac8ec9fe019) C:\Windows\system32\DRIVERS\storvsc.sys
23:33:54.0235 0752	storvsc - ok
23:33:54.0255 0752	swenum          (e58c78a848add9610a4db6d214af5224) C:\Windows\system32\DRIVERS\swenum.sys
23:33:54.0265 0752	swenum - ok
23:33:54.0345 0752	Tcpip           (bb7f39c31c4a4417fd318e7cd184e225) C:\Windows\system32\drivers\tcpip.sys
23:33:54.0395 0752	Tcpip - ok
23:33:54.0425 0752	TCPIP6          (bb7f39c31c4a4417fd318e7cd184e225) C:\Windows\system32\DRIVERS\tcpip.sys
23:33:54.0455 0752	TCPIP6 - ok
23:33:54.0465 0752	tcpipreg        (e64444523add154f86567c469bc0b17f) C:\Windows\system32\drivers\tcpipreg.sys
23:33:54.0485 0752	tcpipreg - ok
23:33:54.0515 0752	TDPIPE          (1875c1490d99e70e449e3afae9fcbadf) C:\Windows\system32\drivers\tdpipe.sys
23:33:54.0525 0752	TDPIPE - ok
23:33:54.0555 0752	TDTCP           (7551e91ea999ee9a8e9c331d5a9c31f3) C:\Windows\system32\drivers\tdtcp.sys
23:33:54.0595 0752	TDTCP - ok
23:33:54.0615 0752	tdx             (cb39e896a2a83702d1737bfd402b3542) C:\Windows\system32\DRIVERS\tdx.sys
23:33:54.0655 0752	tdx - ok
23:33:54.0675 0752	TermDD          (c36f41ee20e6999dbf4b0425963268a5) C:\Windows\system32\DRIVERS\termdd.sys
23:33:54.0675 0752	TermDD - ok
23:33:54.0725 0752	tssecsrv        (98ae6fa07d12cb4ec5cf4a9bfa5f4242) C:\Windows\system32\DRIVERS\tssecsrv.sys
23:33:54.0775 0752	tssecsrv - ok
23:33:54.0805 0752	tunnel          (3e461d890a97f9d4c168f5fda36e1d00) C:\Windows\system32\DRIVERS\tunnel.sys
23:33:54.0825 0752	tunnel - ok
23:33:54.0855 0752	uagp35          (750fbcb269f4d7dd2e420c56b795db6d) C:\Windows\system32\DRIVERS\uagp35.sys
23:33:54.0855 0752	uagp35 - ok
23:33:54.0885 0752	udfs            (09cc3e16f8e5ee7168e01cf8fcbe061a) C:\Windows\system32\DRIVERS\udfs.sys
23:33:54.0925 0752	udfs - ok
23:33:54.0965 0752	uliagpkx        (44e8048ace47befbfdc2e9be4cbc8880) C:\Windows\system32\DRIVERS\uliagpkx.sys
23:33:54.0965 0752	uliagpkx - ok
23:33:54.0995 0752	umbus           (049b3a50b3d646baeeee9eec9b0668dc) C:\Windows\system32\DRIVERS\umbus.sys
23:33:55.0005 0752	umbus - ok
23:33:55.0025 0752	UmPass          (7550ad0c6998ba1cb4843e920ee0feac) C:\Windows\system32\DRIVERS\umpass.sys
23:33:55.0045 0752	UmPass - ok
23:33:55.0095 0752	usbccgp         (8455c4ed038efd09e99327f9d2d48ffa) C:\Windows\system32\DRIVERS\usbccgp.sys
23:33:55.0115 0752	usbccgp - ok
23:33:55.0135 0752	usbcir          (04ec7cec62ec3b6d9354eee93327fc82) C:\Windows\system32\DRIVERS\usbcir.sys
23:33:55.0145 0752	usbcir - ok
23:33:55.0165 0752	usbehci         (1c333bfd60f2fed2c7ad5daf533cb742) C:\Windows\system32\DRIVERS\usbehci.sys
23:33:55.0175 0752	usbehci - ok
23:33:55.0195 0752	usbhub          (ee6ef93ccfa94fae8c6ab298273d8ae2) C:\Windows\system32\DRIVERS\usbhub.sys
23:33:55.0225 0752	usbhub - ok
23:33:55.0245 0752	usbohci         (a6fb7957ea7afb1165991e54ce934b74) C:\Windows\system32\DRIVERS\usbohci.sys
23:33:55.0245 0752	usbohci - ok
23:33:55.0275 0752	usbprint        (797d862fe0875e75c7cc4c1ad7b30252) C:\Windows\system32\DRIVERS\usbprint.sys
23:33:55.0285 0752	usbprint - ok
23:33:55.0315 0752	USBSTOR         (d8889d56e0d27e57ed4591837fe71d27) C:\Windows\system32\DRIVERS\USBSTOR.SYS
23:33:55.0325 0752	USBSTOR - ok
23:33:55.0355 0752	usbuhci         (78780c3ebce17405b1ccd07a3a8a7d72) C:\Windows\system32\DRIVERS\usbuhci.sys
23:33:55.0365 0752	usbuhci - ok
23:33:55.0385 0752	vdrvroot        (a059c4c3edb09e07d21a8e5c0aabd3cb) C:\Windows\system32\DRIVERS\vdrvroot.sys
23:33:55.0395 0752	vdrvroot - ok
23:33:55.0405 0752	vga             (17c408214ea61696cec9c66e388b14f3) C:\Windows\system32\DRIVERS\vgapnp.sys
23:33:55.0415 0752	vga - ok
23:33:55.0435 0752	VgaSave         (8e38096ad5c8570a6f1570a61e251561) C:\Windows\System32\drivers\vga.sys
23:33:55.0455 0752	VgaSave - ok
23:33:55.0475 0752	vhdmp           (3be6e1f3a4f1afec8cee0d7883f93583) C:\Windows\system32\DRIVERS\vhdmp.sys
23:33:55.0485 0752	vhdmp - ok
23:33:55.0505 0752	viaagp          (c829317a37b4bea8f39735d4b076e923) C:\Windows\system32\DRIVERS\viaagp.sys
23:33:55.0515 0752	viaagp - ok
23:33:55.0535 0752	ViaC7           (e02f079a6aa107f06b16549c6e5c7b74) C:\Windows\system32\DRIVERS\viac7.sys
23:33:55.0545 0752	ViaC7 - ok
23:33:55.0555 0752	viaide          (e43574f6a56a0ee11809b48c09e4fd3c) C:\Windows\system32\DRIVERS\viaide.sys
23:33:55.0565 0752	viaide - ok
23:33:55.0595 0752	vmbus           (379b349f65f453d2a6e75ea6b7448e49) C:\Windows\system32\DRIVERS\vmbus.sys
23:33:55.0605 0752	vmbus - ok
23:33:55.0625 0752	VMBusHID        (ec2bbab4b84d0738c6c83d2234dc36fe) C:\Windows\system32\DRIVERS\VMBusHID.sys
23:33:55.0655 0752	VMBusHID - ok
23:33:55.0685 0752	volmgr          (384e5a2aa49934295171e499f86ba6f3) C:\Windows\system32\DRIVERS\volmgr.sys
23:33:55.0705 0752	volmgr - ok
23:33:55.0725 0752	volmgrx         (b5bb72067ddddbbfb04b2f89ff8c3c87) C:\Windows\system32\drivers\volmgrx.sys
23:33:55.0735 0752	volmgrx - ok
23:33:55.0765 0752	volsnap         (58df9d2481a56edde167e51b334d44fd) C:\Windows\system32\DRIVERS\volsnap.sys
23:33:55.0775 0752	volsnap - ok
23:33:55.0805 0752	vsmraid         (9dfa0cc2f8855a04816729651175b631) C:\Windows\system32\DRIVERS\vsmraid.sys
23:33:55.0815 0752	vsmraid - ok
23:33:55.0835 0752	vwifibus        (90567b1e658001e79d7c8bbd3dde5aa6) C:\Windows\System32\drivers\vwifibus.sys
23:33:55.0865 0752	vwifibus - ok
23:33:55.0885 0752	WacomPen        (de3721e89c653aa281428c8a69745d90) C:\Windows\system32\DRIVERS\wacompen.sys
23:33:55.0895 0752	WacomPen - ok
23:33:55.0915 0752	WANARP          (692a712062146e96d28ba0b7d75de31b) C:\Windows\system32\DRIVERS\wanarp.sys
23:33:55.0945 0752	WANARP - ok
23:33:55.0945 0752	Wanarpv6        (692a712062146e96d28ba0b7d75de31b) C:\Windows\system32\DRIVERS\wanarp.sys
23:33:55.0965 0752	Wanarpv6 - ok
23:33:55.0985 0752	Wd              (1112a9badacb47b7c0bb0392e3158dff) C:\Windows\system32\DRIVERS\wd.sys
23:33:55.0985 0752	Wd - ok
23:33:56.0015 0752	Wdf01000        (9950e3d0f08141c7e89e64456ae7dc73) C:\Windows\system32\drivers\Wdf01000.sys
23:33:56.0025 0752	Wdf01000 - ok
23:33:56.0065 0752	WfpLwf          (8b9a943f3b53861f2bfaf6c186168f79) C:\Windows\system32\DRIVERS\wfplwf.sys
23:33:56.0075 0752	WfpLwf - ok
23:33:56.0105 0752	WIMMount        (5cf95b35e59e2a38023836fff31be64c) C:\Windows\system32\drivers\wimmount.sys
23:33:56.0105 0752	WIMMount - ok
23:33:56.0135 0752	WmiAcpi         (0217679b8fca58714c3bf2726d2ca84e) C:\Windows\system32\DRIVERS\wmiacpi.sys
23:33:56.0175 0752	WmiAcpi - ok
23:33:56.0195 0752	ws2ifsl         (6db3276587b853bf886b69528fdb048c) C:\Windows\system32\drivers\ws2ifsl.sys
23:33:56.0235 0752	ws2ifsl - ok
23:33:56.0255 0752	WudfPf          (6f9b6c0c93232cff47d0f72d6db1d21e) C:\Windows\system32\drivers\WudfPf.sys
23:33:56.0285 0752	WudfPf - ok
23:33:56.0325 0752	MBR (0x1B8)     (a36c5e4f47e84449ff07ed3517b43a31) \Device\Harddisk0\DR0
23:33:56.0405 0752	\Device\Harddisk0\DR0 - ok
23:33:56.0415 0752	Boot (0x1200)   (8c856c6f5782a7ca9a4f1454e652c9e6) \Device\Harddisk0\DR0\Partition0
23:33:56.0415 0752	\Device\Harddisk0\DR0\Partition0 - ok
23:33:56.0445 0752	Boot (0x1200)   (acd48db454ce996123cbaa8cbbf897be) \Device\Harddisk0\DR0\Partition1
23:33:56.0445 0752	\Device\Harddisk0\DR0\Partition1 - ok
23:33:56.0445 0752	============================================================
23:33:56.0445 0752	Scan finished
23:33:56.0445 0752	============================================================
23:33:56.0465 2044	Detected object count: 2
23:33:56.0465 2044	Actual detected object count: 2
23:34:41.0485 2044	aadev ( UnsignedFile.Multi.Generic ) - skipped by user
23:34:41.0485 2044	aadev ( UnsignedFile.Multi.Generic ) - User select action: Skip 
23:34:41.0485 2044	StarOpen ( UnsignedFile.Multi.Generic ) - skipped by user
23:34:41.0485 2044	StarOpen ( UnsignedFile.Multi.Generic ) - User select action: Skip 
23:36:05.0015 3872	============================================================
23:36:05.0015 3872	Scan started
23:36:05.0015 3872	Mode: Manual; SigCheck; TDLFS; 
23:36:05.0015 3872	============================================================
23:36:05.0275 3872	1394ohci        (6d2aca41739bfe8cb86ee8e85f29697d) C:\Windows\system32\DRIVERS\1394ohci.sys
23:36:05.0295 3872	1394ohci - ok
23:36:05.0315 3872	aadev           (e6fb5ddbbd1f30ccac950465b0d710ff) C:\Windows\system32\DRIVERS\aadev.sys
23:36:05.0315 3872	aadev ( UnsignedFile.Multi.Generic ) - warning
23:36:05.0315 3872	aadev - detected UnsignedFile.Multi.Generic (1)
23:36:05.0355 3872	acedrv11        (e6f53d6c0dea3d375362265e175ca638) C:\Windows\system32\drivers\acedrv11.sys
23:36:05.0365 3872	acedrv11 - ok
23:36:05.0385 3872	ACPI            (f0e07d144c8685b8774bc32fc8da4df0) C:\Windows\system32\DRIVERS\ACPI.sys
23:36:05.0405 3872	ACPI - ok
23:36:05.0425 3872	AcpiPmi         (98d81ca942d19f7d9153b095162ac013) C:\Windows\system32\DRIVERS\acpipmi.sys
23:36:05.0435 3872	AcpiPmi - ok
23:36:05.0465 3872	adp94xx         (21e785ebd7dc90a06391141aac7892fb) C:\Windows\system32\DRIVERS\adp94xx.sys
23:36:05.0485 3872	adp94xx - ok
23:36:05.0505 3872	adpahci         (0c676bc278d5b59ff5abd57bbe9123f2) C:\Windows\system32\DRIVERS\adpahci.sys
23:36:05.0525 3872	adpahci - ok
23:36:05.0545 3872	adpu320         (7c7b5ee4b7b822ec85321fe23a27db33) C:\Windows\system32\DRIVERS\adpu320.sys
23:36:05.0555 3872	adpu320 - ok
23:36:05.0595 3872	AFD             (ddc040fdb01ef1712a6b13e52afb104c) C:\Windows\system32\drivers\afd.sys
23:36:05.0625 3872	AFD - ok
23:36:05.0645 3872	agp440          (507812c3054c21cef746b6ee3d04dd6e) C:\Windows\system32\DRIVERS\agp440.sys
23:36:05.0645 3872	agp440 - ok
23:36:05.0695 3872	aic78xx         (8b30250d573a8f6b4bd23195160d8707) C:\Windows\system32\DRIVERS\djsvs.sys
23:36:05.0695 3872	aic78xx - ok
23:36:05.0745 3872	aliide          (0d40bcf52ea90fc7df2aeab6503dea44) C:\Windows\system32\DRIVERS\aliide.sys
23:36:05.0745 3872	aliide - ok
23:36:05.0765 3872	amdagp          (3c6600a0696e90a463771c7422e23ab5) C:\Windows\system32\DRIVERS\amdagp.sys
23:36:05.0785 3872	amdagp - ok
23:36:05.0795 3872	amdide          (cd5914170297126b6266860198d1d4f0) C:\Windows\system32\DRIVERS\amdide.sys
23:36:05.0805 3872	amdide - ok
23:36:05.0815 3872	AmdK8           (00dda200d71bac534bf56a9db5dfd666) C:\Windows\system32\DRIVERS\amdk8.sys
23:36:05.0825 3872	AmdK8 - ok
23:36:05.0975 3872	amdkmdag        (19529728442d4794b96d1b8a9a63eca1) C:\Windows\system32\DRIVERS\atikmdag.sys
23:36:06.0035 3872	amdkmdag - ok
23:36:06.0055 3872	amdkmdap        (b44737ff566b5888d15fdb66849f34e5) C:\Windows\system32\DRIVERS\atikmpag.sys
23:36:06.0065 3872	amdkmdap - ok
23:36:06.0085 3872	AmdPPM          (3cbf30f5370fda40dd3e87df38ea53b6) C:\Windows\system32\DRIVERS\amdppm.sys
23:36:06.0095 3872	AmdPPM - ok
23:36:06.0115 3872	amdsata         (2101a86c25c154f8314b24ef49d7fbc2) C:\Windows\system32\DRIVERS\amdsata.sys
23:36:06.0115 3872	amdsata - ok
23:36:06.0135 3872	amdsbs          (ea43af0c423ff267355f74e7a53bdaba) C:\Windows\system32\DRIVERS\amdsbs.sys
23:36:06.0145 3872	amdsbs - ok
23:36:06.0155 3872	amdxata         (b81c2b5616f6420a9941ea093a92b150) C:\Windows\system32\DRIVERS\amdxata.sys
23:36:06.0165 3872	amdxata - ok
23:36:06.0185 3872	AppID           (feb834c02ce1e84b6a38f953ca067706) C:\Windows\system32\drivers\appid.sys
23:36:06.0185 3872	AppID - ok
23:36:06.0215 3872	arc             (2932004f49677bd84dbc72edb754ffb3) C:\Windows\system32\DRIVERS\arc.sys
23:36:06.0215 3872	arc - ok
23:36:06.0235 3872	arcsas          (5d6f36c46fd283ae1b57bd2e9feb0bc7) C:\Windows\system32\DRIVERS\arcsas.sys
23:36:06.0245 3872	arcsas - ok
23:36:06.0265 3872	AsyncMac        (add2ade1c2b285ab8378d2daaf991481) C:\Windows\system32\DRIVERS\asyncmac.sys
23:36:06.0285 3872	AsyncMac - ok
23:36:06.0305 3872	atapi           (338c86357871c167a96ab976519bf59e) C:\Windows\system32\DRIVERS\atapi.sys
23:36:06.0305 3872	atapi - ok
23:36:06.0395 3872	atikmdag        (19529728442d4794b96d1b8a9a63eca1) C:\Windows\system32\DRIVERS\atikmdag.sys
23:36:06.0455 3872	atikmdag - ok
23:36:06.0485 3872	atksgt          (547f07839f71a4357a5e503646cac2b0) C:\Windows\system32\DRIVERS\atksgt.sys
23:36:06.0495 3872	atksgt - ok
23:36:06.0525 3872	avgntflt        (1e4114685de1ffa9675e09c6a1fb3f4b) C:\Windows\system32\DRIVERS\avgntflt.sys
23:36:06.0535 3872	avgntflt - ok
23:36:06.0555 3872	avipbb          (0f78d3dae6dedd99ae54c9491c62adf2) C:\Windows\system32\DRIVERS\avipbb.sys
23:36:06.0565 3872	avipbb - ok
23:36:06.0595 3872	AVMDSLPPPOE     (588124fffc48ab597852c8f6ef98e5ba) C:\Windows\system32\DRIVERS\avmdsloe.sys
23:36:06.0615 3872	AVMDSLPPPOE - ok
23:36:06.0625 3872	AVMNDSL         (61ae58c70c2ccef558d1f411570a9b60) C:\Windows\system32\DRIVERS\avmndsl.sys
23:36:06.0635 3872	AVMNDSL - ok
23:36:06.0665 3872	b06bdrv         (1a231abec60fd316ec54c66715543cec) C:\Windows\system32\DRIVERS\bxvbdx.sys
23:36:06.0675 3872	b06bdrv - ok
23:36:06.0695 3872	b57nd60x        (bd8869eb9cde6bbe4508d869929869ee) C:\Windows\system32\DRIVERS\b57nd60x.sys
23:36:06.0715 3872	b57nd60x - ok
23:36:06.0735 3872	Beep            (505506526a9d467307b3c393dedaf858) C:\Windows\system32\drivers\Beep.sys
23:36:06.0755 3872	Beep - ok
23:36:06.0775 3872	blbdrive        (2287078ed48fcfc477b05b20cf38f36f) C:\Windows\system32\DRIVERS\blbdrive.sys
23:36:06.0795 3872	blbdrive - ok
23:36:06.0825 3872	bowser          (9a5c671b7fbae4865149bb11f59b91b2) C:\Windows\system32\DRIVERS\bowser.sys
23:36:06.0835 3872	bowser - ok
23:36:06.0855 3872	BrFiltLo        (9f9acc7f7ccde8a15c282d3f88b43309) C:\Windows\system32\DRIVERS\BrFiltLo.sys
23:36:06.0885 3872	BrFiltLo - ok
23:36:06.0905 3872	BrFiltUp        (56801ad62213a41f6497f96dee83755a) C:\Windows\system32\DRIVERS\BrFiltUp.sys
23:36:06.0915 3872	BrFiltUp - ok
23:36:06.0945 3872	Brserid         (845b8ce732e67f3b4133164868c666ea) C:\Windows\System32\Drivers\Brserid.sys
23:36:06.0955 3872	Brserid - ok
23:36:06.0975 3872	BrSerWdm        (203f0b1e73adadbbb7b7b1fabd901f6b) C:\Windows\System32\Drivers\BrSerWdm.sys
23:36:06.0985 3872	BrSerWdm - ok
23:36:07.0015 3872	BrUsbMdm        (bd456606156ba17e60a04e18016ae54b) C:\Windows\System32\Drivers\BrUsbMdm.sys
23:36:07.0035 3872	BrUsbMdm - ok
23:36:07.0045 3872	BrUsbSer        (af72ed54503f717a43268b3cc5faec2e) C:\Windows\System32\Drivers\BrUsbSer.sys
23:36:07.0055 3872	BrUsbSer - ok
23:36:07.0075 3872	BTHMODEM        (ed3df7c56ce0084eb2034432fc56565a) C:\Windows\system32\DRIVERS\bthmodem.sys
23:36:07.0085 3872	BTHMODEM - ok
23:36:07.0115 3872	cdfs            (77ea11b065e0a8ab902d78145ca51e10) C:\Windows\system32\DRIVERS\cdfs.sys
23:36:07.0135 3872	cdfs - ok
23:36:07.0155 3872	cdrom           (ba6e70aa0e6091bc39de29477d866a77) C:\Windows\system32\DRIVERS\cdrom.sys
23:36:07.0155 3872	cdrom - ok
23:36:07.0175 3872	circlass        (3fe3fe94a34df6fb06e6418d0f6a0060) C:\Windows\system32\DRIVERS\circlass.sys
23:36:07.0185 3872	circlass - ok
23:36:07.0235 3872	CLFS            (635181e0e9bbf16871bf5380d71db02d) C:\Windows\system32\CLFS.sys
23:36:07.0255 3872	CLFS - ok
23:36:07.0275 3872	CmBatt          (dea805815e587dad1dd2c502220b5616) C:\Windows\system32\DRIVERS\CmBatt.sys
23:36:07.0285 3872	CmBatt - ok
23:36:07.0305 3872	cmdide          (c537b1db64d495b9b4717b4d6d9edbf2) C:\Windows\system32\DRIVERS\cmdide.sys
23:36:07.0315 3872	cmdide - ok
23:36:07.0335 3872	CNG             (1b675691ed940766149c93e8f4488d68) C:\Windows\system32\Drivers\cng.sys
23:36:07.0355 3872	CNG - ok
23:36:07.0365 3872	Compbatt        (a6023d3823c37043986713f118a89bee) C:\Windows\system32\DRIVERS\compbatt.sys
23:36:07.0375 3872	Compbatt - ok
23:36:07.0395 3872	CompositeBus    (f1724ba27e97d627f808fb0ba77a28a6) C:\Windows\system32\DRIVERS\CompositeBus.sys
23:36:07.0405 3872	CompositeBus - ok
23:36:07.0425 3872	crcdisk         (2c4ebcfc84a9b44f209dff6c6e6c61d1) C:\Windows\system32\DRIVERS\crcdisk.sys
23:36:07.0435 3872	crcdisk - ok
23:36:07.0485 3872	CSC             (27c9490bdd0ae48911ab8cf1932591ed) C:\Windows\system32\drivers\csc.sys
23:36:07.0505 3872	CSC - ok
23:36:07.0525 3872	DfsC            (8e09e52ee2e3ceb199ef3dd99cf9e3fb) C:\Windows\system32\Drivers\dfsc.sys
23:36:07.0545 3872	DfsC - ok
23:36:07.0565 3872	discache        (1a050b0274bfb3890703d490f330c0da) C:\Windows\system32\drivers\discache.sys
23:36:07.0575 3872	discache - ok
23:36:07.0595 3872	Disk            (565003f326f99802e68ca78f2a68e9ff) C:\Windows\system32\DRIVERS\disk.sys
23:36:07.0595 3872	Disk - ok
23:36:07.0635 3872	drmkaud         (b918e7c5f9bf77202f89e1a9539f2eb4) C:\Windows\system32\drivers\drmkaud.sys
23:36:07.0665 3872	drmkaud - ok
23:36:07.0725 3872	DXGKrnl         (1679a4669326cb1a67cc95658d273234) C:\Windows\System32\drivers\dxgkrnl.sys
23:36:07.0745 3872	DXGKrnl - ok
23:36:07.0845 3872	ebdrv           (024e1b5cac09731e4d868e64dbfb4ab0) C:\Windows\system32\DRIVERS\evbdx.sys
23:36:07.0885 3872	ebdrv - ok
23:36:07.0915 3872	elxstor         (0ed67910c8c326796faa00b2bf6d9d3c) C:\Windows\system32\DRIVERS\elxstor.sys
23:36:07.0925 3872	elxstor - ok
23:36:07.0945 3872	ErrDev          (8fc3208352dd3912c94367a206ab3f11) C:\Windows\system32\DRIVERS\errdev.sys
23:36:07.0955 3872	ErrDev - ok
23:36:07.0985 3872	exfat           (2dc9108d74081149cc8b651d3a26207f) C:\Windows\system32\drivers\exfat.sys
23:36:08.0005 3872	exfat - ok
23:36:08.0025 3872	fastfat         (7e0ab74553476622fb6ae36f73d97d35) C:\Windows\system32\drivers\fastfat.sys
23:36:08.0045 3872	fastfat - ok
23:36:08.0065 3872	fdc             (e817a017f82df2a1f8cfdbda29388b29) C:\Windows\system32\DRIVERS\fdc.sys
23:36:08.0075 3872	fdc - ok
23:36:08.0115 3872	FDSSBASE        (7b6287db392d3f17a2a1cfd69346ab36) C:\Windows\system32\DRIVERS\fdssbase.sys
23:36:08.0155 3872	FDSSBASE - ok
23:36:08.0175 3872	FileInfo        (6cf00369c97f3cf563be99be983d13d8) C:\Windows\system32\drivers\fileinfo.sys
23:36:08.0175 3872	FileInfo - ok
23:36:08.0195 3872	Filetrace       (42c51dc94c91da21cb9196eb64c45db9) C:\Windows\system32\drivers\filetrace.sys
23:36:08.0215 3872	Filetrace - ok
23:36:08.0235 3872	flpydisk        (87907aa70cb3c56600f1c2fb8841579b) C:\Windows\system32\DRIVERS\flpydisk.sys
23:36:08.0245 3872	flpydisk - ok
23:36:08.0265 3872	FltMgr          (7520ec808e0c35e0ee6f841294316653) C:\Windows\system32\drivers\fltmgr.sys
23:36:08.0275 3872	FltMgr - ok
23:36:08.0295 3872	FsDepends       (1a16b57943853e598cff37fe2b8cbf1d) C:\Windows\system32\drivers\FsDepends.sys
23:36:08.0305 3872	FsDepends - ok
23:36:08.0325 3872	Fs_Rec          (a574b4360e438977038aae4bf60d79a2) C:\Windows\system32\drivers\Fs_Rec.sys
23:36:08.0325 3872	Fs_Rec - ok
23:36:08.0355 3872	fvevol          (dafbd9fe39197495aed6d51f3b85b5d2) C:\Windows\system32\DRIVERS\fvevol.sys
23:36:08.0365 3872	fvevol - ok
23:36:08.0385 3872	gagp30kx        (65ee0c7a58b65e74ae05637418153938) C:\Windows\system32\DRIVERS\gagp30kx.sys
23:36:08.0395 3872	gagp30kx - ok
23:36:08.0395 3872	gdrv - ok
23:36:08.0415 3872	hcw85cir        (c44e3c2bab6837db337ddee7544736db) C:\Windows\system32\drivers\hcw85cir.sys
23:36:08.0425 3872	hcw85cir - ok
23:36:08.0455 3872	HdAudAddService (3530cad25deba7dc7de8bb51632cbc5f) C:\Windows\system32\drivers\HdAudio.sys
23:36:08.0465 3872	HdAudAddService - ok
23:36:08.0485 3872	HDAudBus        (717a2207fd6f13ad3e664c7d5a43c7bf) C:\Windows\system32\DRIVERS\HDAudBus.sys
23:36:08.0495 3872	HDAudBus - ok
23:36:08.0505 3872	HidBatt         (1d58a7f3e11a9731d0eaaaa8405acc36) C:\Windows\system32\DRIVERS\HidBatt.sys
23:36:08.0516 3872	HidBatt - ok
23:36:08.0536 3872	HidBth          (89448f40e6df260c206a193a4683ba78) C:\Windows\system32\DRIVERS\hidbth.sys
23:36:08.0546 3872	HidBth - ok
23:36:08.0566 3872	HidIr           (cf50b4cf4a4f229b9f3c08351f99ca5e) C:\Windows\system32\DRIVERS\hidir.sys
23:36:08.0576 3872	HidIr - ok
23:36:08.0586 3872	HidUsb          (25072fb35ac90b25f9e4e3bacf774102) C:\Windows\system32\DRIVERS\hidusb.sys
23:36:08.0596 3872	HidUsb - ok
23:36:08.0626 3872	HpSAMD          (295fdc419039090eb8b49ffdbb374549) C:\Windows\system32\DRIVERS\HpSAMD.sys
23:36:08.0636 3872	HpSAMD - ok
23:36:08.0656 3872	HTTP            (c531c7fd9e8b62021112787c4e2c5a5a) C:\Windows\system32\drivers\HTTP.sys
23:36:08.0686 3872	HTTP - ok
23:36:08.0696 3872	hwpolicy        (8305f33cde89ad6c7a0763ed0b5a8d42) C:\Windows\system32\drivers\hwpolicy.sys
23:36:08.0706 3872	hwpolicy - ok
23:36:08.0716 3872	i8042prt        (f151f0bdc47f4a28b1b20a0818ea36d6) C:\Windows\system32\DRIVERS\i8042prt.sys
23:36:08.0726 3872	i8042prt - ok
23:36:08.0756 3872	iaStorV         (934af4d7c5f457b9f0743f4299b77b67) C:\Windows\system32\DRIVERS\iaStorV.sys
23:36:08.0766 3872	iaStorV - ok
23:36:08.0786 3872	iirsp           (4173ff5708f3236cf25195fecd742915) C:\Windows\system32\DRIVERS\iirsp.sys
23:36:08.0796 3872	iirsp - ok
23:36:08.0886 3872	IntcAzAudAddService (5ceef2cccb4fe00d3ffbfeb12bcfa07f) C:\Windows\system32\drivers\RTKVHDA.sys
23:36:08.0936 3872	IntcAzAudAddService - ok
23:36:08.0956 3872	intelide        (a0f12f2c9ba6c72f3987ce780e77c130) C:\Windows\system32\DRIVERS\intelide.sys
23:36:08.0956 3872	intelide - ok
23:36:08.0976 3872	intelppm        (3b514d27bfc4accb4037bc6685f766e0) C:\Windows\system32\DRIVERS\intelppm.sys
23:36:08.0986 3872	intelppm - ok
23:36:09.0006 3872	IpFilterDriver  (709d1761d3b19a932ff0238ea6d50200) C:\Windows\system32\DRIVERS\ipfltdrv.sys
23:36:09.0016 3872	IpFilterDriver - ok
23:36:09.0036 3872	IPMIDRV         (e4454b6c37d7ffd5649611f6496308a7) C:\Windows\system32\DRIVERS\IPMIDrv.sys
23:36:09.0046 3872	IPMIDRV - ok
23:36:09.0066 3872	IPNAT           (a5fa468d67abcdaa36264e463a7bb0cd) C:\Windows\system32\drivers\ipnat.sys
23:36:09.0086 3872	IPNAT - ok
23:36:09.0106 3872	IRENUM          (42996cff20a3084a56017b7902307e9f) C:\Windows\system32\drivers\irenum.sys
23:36:09.0116 3872	IRENUM - ok
23:36:09.0126 3872	isapnp          (1f32bb6b38f62f7df1a7ab7292638a35) C:\Windows\system32\DRIVERS\isapnp.sys
23:36:09.0136 3872	isapnp - ok
23:36:09.0156 3872	iScsiPrt        (ed46c223ae46c6866ab77cdc41c404b7) C:\Windows\system32\DRIVERS\msiscsi.sys
23:36:09.0156 3872	iScsiPrt - ok
23:36:09.0176 3872	JRAID           (7d5053a827ff5be3a7d0ae5dd5dba308) C:\Windows\system32\DRIVERS\jraid.sys
23:36:09.0176 3872	JRAID - ok
23:36:09.0196 3872	kbdclass        (adef52ca1aeae82b50df86b56413107e) C:\Windows\system32\DRIVERS\kbdclass.sys
23:36:09.0206 3872	kbdclass - ok
23:36:09.0226 3872	kbdhid          (3d9f0ebf350edcfd6498057301455964) C:\Windows\system32\DRIVERS\kbdhid.sys
23:36:09.0226 3872	kbdhid - ok
23:36:09.0256 3872	KSecDD          (e36a061ec11b373826905b21be10948f) C:\Windows\system32\Drivers\ksecdd.sys
23:36:09.0256 3872	KSecDD - ok
23:36:09.0276 3872	KSecPkg         (365c6154bbbc5377173f1ca7bfb6cc59) C:\Windows\system32\Drivers\ksecpkg.sys
23:36:09.0286 3872	KSecPkg - ok
23:36:09.0306 3872	Lavasoft Kernexplorer - ok
23:36:09.0346 3872	Lbd             (b7c19ec8b0dd7efa58ad41ffeb8b8cda) C:\Windows\system32\DRIVERS\Lbd.sys
23:36:09.0346 3872	Lbd - ok
23:36:09.0386 3872	lirsgt          (f8a7212d0864ef5e9185fb95e6623f4d) C:\Windows\system32\DRIVERS\lirsgt.sys
23:36:09.0396 3872	lirsgt - ok
23:36:09.0416 3872	lltdio          (f7611ec07349979da9b0ae1f18ccc7a6) C:\Windows\system32\DRIVERS\lltdio.sys
23:36:09.0446 3872	lltdio - ok
23:36:09.0476 3872	LSI_FC          (eb119a53ccf2acc000ac71b065b78fef) C:\Windows\system32\DRIVERS\lsi_fc.sys
23:36:09.0486 3872	LSI_FC - ok
23:36:09.0506 3872	LSI_SAS         (8ade1c877256a22e49b75d1cc9161f9c) C:\Windows\system32\DRIVERS\lsi_sas.sys
23:36:09.0516 3872	LSI_SAS - ok
23:36:09.0536 3872	LSI_SAS2        (dc9dc3d3daa0e276fd2ec262e38b11e9) C:\Windows\system32\DRIVERS\lsi_sas2.sys
23:36:09.0546 3872	LSI_SAS2 - ok
23:36:09.0576 3872	LSI_SCSI        (0a036c7d7cab643a7f07135ac47e0524) C:\Windows\system32\DRIVERS\lsi_scsi.sys
23:36:09.0586 3872	LSI_SCSI - ok
23:36:09.0606 3872	luafv           (6703e366cc18d3b6e534f5cf7df39cee) C:\Windows\system32\drivers\luafv.sys
23:36:09.0636 3872	luafv - ok
23:36:09.0656 3872	megasas         (0fff5b045293002ab38eb1fd1fc2fb74) C:\Windows\system32\DRIVERS\megasas.sys
23:36:09.0666 3872	megasas - ok
23:36:09.0696 3872	MegaSR          (dcbab2920c75f390caf1d29f675d03d6) C:\Windows\system32\DRIVERS\MegaSR.sys
23:36:09.0706 3872	MegaSR - ok
23:36:09.0726 3872	Modem           (f001861e5700ee84e2d4e52c712f4964) C:\Windows\system32\drivers\modem.sys
23:36:09.0756 3872	Modem - ok
23:36:09.0776 3872	monitor         (79d10964de86b292320e9dfe02282a23) C:\Windows\system32\DRIVERS\monitor.sys
23:36:09.0786 3872	monitor - ok
23:36:09.0806 3872	mouclass        (fb18cc1d4c2e716b6b903b0ac0cc0609) C:\Windows\system32\DRIVERS\mouclass.sys
23:36:09.0816 3872	mouclass - ok
23:36:09.0836 3872	mouhid          (2c388d2cd01c9042596cf3c8f3c7b24d) C:\Windows\system32\DRIVERS\mouhid.sys
23:36:09.0846 3872	mouhid - ok
23:36:09.0866 3872	mountmgr        (921c18727c5920d6c0300736646931c2) C:\Windows\system32\drivers\mountmgr.sys
23:36:09.0876 3872	mountmgr - ok
23:36:09.0896 3872	mpio            (2af5997438c55fb79d33d015c30e1974) C:\Windows\system32\DRIVERS\mpio.sys
23:36:09.0906 3872	mpio - ok
23:36:09.0916 3872	mpsdrv          (ad2723a7b53dd1aacae6ad8c0bfbf4d0) C:\Windows\system32\drivers\mpsdrv.sys
23:36:09.0946 3872	mpsdrv - ok
23:36:09.0976 3872	MRxDAV          (b1be47008d20e43da3adc37c24cdb89d) C:\Windows\system32\drivers\mrxdav.sys
23:36:09.0986 3872	MRxDAV - ok
23:36:10.0026 3872	mrxsmb          (b4c76ef46322a9711c7b0f4e21ef6ea5) C:\Windows\system32\DRIVERS\mrxsmb.sys
23:36:10.0046 3872	mrxsmb - ok
23:36:10.0076 3872	mrxsmb10        (e593d45024a3fdd11e93cc4a6ca91101) C:\Windows\system32\DRIVERS\mrxsmb10.sys
23:36:10.0086 3872	mrxsmb10 - ok
23:36:10.0106 3872	mrxsmb20        (a9f86c82c9cc3b679cc3957e1183a30f) C:\Windows\system32\DRIVERS\mrxsmb20.sys
23:36:10.0116 3872	mrxsmb20 - ok
23:36:10.0136 3872	msahci          (4326d168944123f38dd3b2d9c37a0b12) C:\Windows\system32\DRIVERS\msahci.sys
23:36:10.0136 3872	msahci - ok
23:36:10.0156 3872	msdsm           (455029c7174a2dbb03dba8a0d8bddd9a) C:\Windows\system32\DRIVERS\msdsm.sys
23:36:10.0166 3872	msdsm - ok
23:36:10.0186 3872	Msfs            (daefb28e3af5a76abcc2c3078c07327f) C:\Windows\system32\drivers\Msfs.sys
23:36:10.0206 3872	Msfs - ok
23:36:10.0216 3872	mshidkmdf       (3e1e5767043c5af9367f0056295e9f84) C:\Windows\System32\drivers\mshidkmdf.sys
23:36:10.0236 3872	mshidkmdf - ok
23:36:10.0246 3872	msisadrv        (0a4e5757ae09fa9622e3158cc1aef114) C:\Windows\system32\DRIVERS\msisadrv.sys
23:36:10.0256 3872	msisadrv - ok
23:36:10.0266 3872	MSKSSRV         (8c0860d6366aaffb6c5bb9df9448e631) C:\Windows\system32\drivers\MSKSSRV.sys
23:36:10.0286 3872	MSKSSRV - ok
23:36:10.0296 3872	MSPCLOCK        (3ea8b949f963562cedbb549eac0c11ce) C:\Windows\system32\drivers\MSPCLOCK.sys
23:36:10.0316 3872	MSPCLOCK - ok
23:36:10.0336 3872	MSPQM           (f456e973590d663b1073e9c463b40932) C:\Windows\system32\drivers\MSPQM.sys
23:36:10.0346 3872	MSPQM - ok
23:36:10.0366 3872	MsRPC           (0e008fc4819d238c51d7c93e7b41e560) C:\Windows\system32\drivers\MsRPC.sys
23:36:10.0376 3872	MsRPC - ok
23:36:10.0396 3872	mssmbios        (fc6b9ff600cc585ea38b12589bd4e246) C:\Windows\system32\DRIVERS\mssmbios.sys
23:36:10.0396 3872	mssmbios - ok
23:36:10.0416 3872	MSTEE           (b42c6b921f61a6e55159b8be6cd54a36) C:\Windows\system32\drivers\MSTEE.sys
23:36:10.0426 3872	MSTEE - ok
23:36:10.0446 3872	MTConfig        (33599130f44e1f34631cea241de8ac84) C:\Windows\system32\DRIVERS\MTConfig.sys
23:36:10.0456 3872	MTConfig - ok
23:36:10.0466 3872	Mup             (159fad02f64e6381758c990f753bcc80) C:\Windows\system32\Drivers\mup.sys
23:36:10.0476 3872	Mup - ok
23:36:10.0506 3872	NativeWifiP     (26384429fcd85d83746f63e798ab1480) C:\Windows\system32\DRIVERS\nwifi.sys
23:36:10.0516 3872	NativeWifiP - ok
23:36:10.0546 3872	NDIS            (23759d175a0a9baaf04d05047bc135a8) C:\Windows\system32\drivers\ndis.sys
23:36:10.0556 3872	NDIS - ok
23:36:10.0576 3872	NdisCap         (0e1787aa6c9191d3d319e8bafe86f80c) C:\Windows\system32\DRIVERS\ndiscap.sys
23:36:10.0596 3872	NdisCap - ok
23:36:10.0616 3872	NdisTapi        (e4a8aec125a2e43a9e32afeea7c9c888) C:\Windows\system32\DRIVERS\ndistapi.sys
23:36:10.0636 3872	NdisTapi - ok
23:36:10.0656 3872	Ndisuio         (b30ae7f2b6d7e343b0df32e6c08fce75) C:\Windows\system32\DRIVERS\ndisuio.sys
23:36:10.0666 3872	Ndisuio - ok
23:36:10.0696 3872	NdisWan         (267c415eadcbe53c9ca873dee39cf3a4) C:\Windows\system32\DRIVERS\ndiswan.sys
23:36:10.0736 3872	NdisWan - ok
23:36:10.0756 3872	NDProxy         (af7e7c63dcef3f8772726f86039d6eb4) C:\Windows\system32\drivers\NDProxy.sys
23:36:10.0776 3872	NDProxy - ok
23:36:10.0796 3872	NetBIOS         (80b275b1ce3b0e79909db7b39af74d51) C:\Windows\system32\DRIVERS\netbios.sys
23:36:10.0806 3872	NetBIOS - ok
23:36:10.0826 3872	NetBT           (dd52a733bf4ca5af84562a5e2f963b91) C:\Windows\system32\DRIVERS\netbt.sys
23:36:10.0846 3872	NetBT - ok
23:36:10.0866 3872	nfrd960         (1d85c4b390b0ee09c7a46b91efb2c097) C:\Windows\system32\DRIVERS\nfrd960.sys
23:36:10.0876 3872	nfrd960 - ok
23:36:10.0896 3872	Npfs            (1db262a9f8c087e8153d89bef3d2235f) C:\Windows\system32\drivers\Npfs.sys
23:36:10.0916 3872	Npfs - ok
23:36:10.0926 3872	nsiproxy        (e9a0a4d07e53d8fea2bb8387a3293c58) C:\Windows\system32\drivers\nsiproxy.sys
23:36:10.0946 3872	nsiproxy - ok
23:36:10.0986 3872	Ntfs            (3795dcd21f740ee799fb7223234215af) C:\Windows\system32\drivers\Ntfs.sys
23:36:11.0006 3872	Ntfs - ok
23:36:11.0026 3872	Null            (f9756a98d69098dca8945d62858a812c) C:\Windows\system32\drivers\Null.sys
23:36:11.0036 3872	Null - ok
23:36:11.0056 3872	nvraid          (3f3d04b1d08d43c16ea7963954ec768d) C:\Windows\system32\DRIVERS\nvraid.sys
23:36:11.0066 3872	nvraid - ok
23:36:11.0086 3872	nvstor          (c99f251a5de63c6f129cf71933aced0f) C:\Windows\system32\DRIVERS\nvstor.sys
23:36:11.0096 3872	nvstor - ok
23:36:11.0116 3872	nv_agp          (5a0983915f02bae73267cc2a041f717d) C:\Windows\system32\DRIVERS\nv_agp.sys
23:36:11.0136 3872	nv_agp - ok
23:36:11.0166 3872	ohci1394        (08a70a1f2cdde9bb49b885cb817a66eb) C:\Windows\system32\DRIVERS\ohci1394.sys
23:36:11.0186 3872	ohci1394 - ok
23:36:11.0226 3872	Parport         (2ea877ed5dd9713c5ac74e8ea7348d14) C:\Windows\system32\DRIVERS\parport.sys
23:36:11.0246 3872	Parport - ok
23:36:11.0266 3872	partmgr         (ff4218952b51de44fe910953a3e686b9) C:\Windows\system32\drivers\partmgr.sys
23:36:11.0276 3872	partmgr - ok
23:36:11.0306 3872	Parvdm          (eb0a59f29c19b86479d36b35983daadc) C:\Windows\system32\DRIVERS\parvdm.sys
23:36:11.0316 3872	Parvdm - ok
23:36:11.0336 3872	pci             (c858cb77c577780ecc456a892e7e7d0f) C:\Windows\system32\DRIVERS\pci.sys
23:36:11.0346 3872	pci - ok
23:36:11.0356 3872	pciide          (afe86f419014db4e5593f69ffe26ce0a) C:\Windows\system32\DRIVERS\pciide.sys
23:36:11.0366 3872	pciide - ok
23:36:11.0386 3872	pcmcia          (f396431b31693e71e8a80687ef523506) C:\Windows\system32\DRIVERS\pcmcia.sys
23:36:11.0396 3872	pcmcia - ok
23:36:11.0416 3872	pcw             (250f6b43d2b613172035c6747aeeb19f) C:\Windows\system32\drivers\pcw.sys
23:36:11.0426 3872	pcw - ok
23:36:11.0456 3872	PEAUTH          (9e0104ba49f4e6973749a02bf41344ed) C:\Windows\system32\drivers\peauth.sys
23:36:11.0486 3872	PEAUTH - ok
23:36:11.0526 3872	PptpMiniport    (631e3e205ad6d86f2aed6a4a8e69f2db) C:\Windows\system32\DRIVERS\raspptp.sys
23:36:11.0546 3872	PptpMiniport - ok
23:36:11.0566 3872	Processor       (85b1e3a0c7585bc4aae6899ec6fcf011) C:\Windows\system32\DRIVERS\processr.sys
23:36:11.0576 3872	Processor - ok
23:36:11.0596 3872	Psched          (6270ccae2a86de6d146529fe55b3246a) C:\Windows\system32\DRIVERS\pacer.sys
23:36:11.0616 3872	Psched - ok
23:36:11.0656 3872	ql2300          (ab95ecf1f6659a60ddc166d8315b0751) C:\Windows\system32\DRIVERS\ql2300.sys
23:36:11.0676 3872	ql2300 - ok
23:36:11.0706 3872	ql40xx          (b4dd51dd25182244b86737dc51af2270) C:\Windows\system32\DRIVERS\ql40xx.sys
23:36:11.0716 3872	ql40xx - ok
23:36:11.0736 3872	QWAVEdrv        (584078ca1b95ca72df2a27c336f9719d) C:\Windows\system32\drivers\qwavedrv.sys
23:36:11.0746 3872	QWAVEdrv - ok
23:36:11.0756 3872	RasAcd          (30a81b53c766d0133bb86d234e5556ab) C:\Windows\system32\DRIVERS\rasacd.sys
23:36:11.0776 3872	RasAcd - ok
23:36:11.0816 3872	RasAgileVpn     (57ec4aef73660166074d8f7f31c0d4fd) C:\Windows\system32\DRIVERS\AgileVpn.sys
23:36:11.0856 3872	RasAgileVpn - ok
23:36:11.0876 3872	Rasl2tp         (d9f91eafec2815365cbe6d167e4e332a) C:\Windows\system32\DRIVERS\rasl2tp.sys
23:36:11.0896 3872	Rasl2tp - ok
23:36:11.0906 3872	RasPppoe        (0fe8b15916307a6ac12bfb6a63e45507) C:\Windows\system32\DRIVERS\raspppoe.sys
23:36:11.0926 3872	RasPppoe - ok
23:36:11.0936 3872	RasSstp         (44101f495a83ea6401d886e7fd70096b) C:\Windows\system32\DRIVERS\rassstp.sys
23:36:11.0956 3872	RasSstp - ok
23:36:11.0976 3872	rdbss           (835d7e81bf517a3b72384bdcc85e1ce6) C:\Windows\system32\DRIVERS\rdbss.sys
23:36:11.0996 3872	rdbss - ok
23:36:12.0016 3872	rdpbus          (0d8f05481cb76e70e1da06ee9f0da9df) C:\Windows\system32\DRIVERS\rdpbus.sys
23:36:12.0026 3872	rdpbus - ok
23:36:12.0046 3872	RDPCDD          (1e016846895b15a99f9a176a05029075) C:\Windows\system32\DRIVERS\RDPCDD.sys
23:36:12.0056 3872	RDPCDD - ok
23:36:12.0106 3872	RDPDR           (c5ff95883ffef704d50c40d21cfb3ab5) C:\Windows\system32\drivers\rdpdr.sys
23:36:12.0106 3872	RDPDR - ok
23:36:12.0126 3872	RDPENCDD        (5a53ca1598dd4156d44196d200c94b8a) C:\Windows\system32\drivers\rdpencdd.sys
23:36:12.0146 3872	RDPENCDD - ok
23:36:12.0166 3872	RDPREFMP        (44b0a53cd4f27d50ed461dae0c0b4e1f) C:\Windows\system32\drivers\rdprefmp.sys
23:36:12.0186 3872	RDPREFMP - ok
23:36:12.0206 3872	RDPWD           (801371ba9782282892d00aadb08ee367) C:\Windows\system32\drivers\RDPWD.sys
23:36:12.0226 3872	RDPWD - ok
23:36:12.0246 3872	rdyboost        (4ea225bf1cf05e158853f30a99ca29a7) C:\Windows\system32\drivers\rdyboost.sys
23:36:12.0256 3872	rdyboost - ok
23:36:12.0276 3872	rspndr          (032b0d36ad92b582d869879f5af5b928) C:\Windows\system32\DRIVERS\rspndr.sys
23:36:12.0296 3872	rspndr - ok
23:36:12.0316 3872	RTHDMIAzAudService (3f521ee3308fe66bcfe688dbbc7acf7f) C:\Windows\system32\drivers\RtHDMIV.sys
23:36:12.0316 3872	RTHDMIAzAudService - ok
23:36:12.0336 3872	RTL8167         (6465166dd9b2f841dabad16abdadbe98) C:\Windows\system32\DRIVERS\Rt86win7.sys
23:36:12.0346 3872	RTL8167 - ok
23:36:12.0386 3872	s3cap           (5423d8437051e89dd34749f242c98648) C:\Windows\system32\DRIVERS\vms3cap.sys
23:36:12.0416 3872	s3cap - ok
23:36:12.0436 3872	sbp2port        (34ee0c44b724e3e4ce2eff29126de5b5) C:\Windows\system32\DRIVERS\sbp2port.sys
23:36:12.0446 3872	sbp2port - ok
23:36:12.0466 3872	scfilter        (a95c54b2ac3cc9c73fcdf9e51a1d6b51) C:\Windows\system32\DRIVERS\scfilter.sys
23:36:12.0496 3872	scfilter - ok
23:36:12.0526 3872	secdrv          (90a3935d05b494a5a39d37e71f09a677) C:\Windows\system32\drivers\secdrv.sys
23:36:12.0556 3872	secdrv - ok
23:36:12.0576 3872	Serenum         (9ad8b8b515e3df6acd4212ef465de2d1) C:\Windows\system32\DRIVERS\serenum.sys
23:36:12.0586 3872	Serenum - ok
23:36:12.0606 3872	Serial          (5fb7fcea0490d821f26f39cc5ea3d1e2) C:\Windows\system32\DRIVERS\serial.sys
23:36:12.0616 3872	Serial - ok
23:36:12.0626 3872	sermouse        (79bffb520327ff916a582dfea17aa813) C:\Windows\system32\DRIVERS\sermouse.sys
23:36:12.0636 3872	sermouse - ok
23:36:12.0666 3872	sffdisk         (9f976e1eb233df46fce808d9dea3eb9c) C:\Windows\system32\DRIVERS\sffdisk.sys
23:36:12.0676 3872	sffdisk - ok
23:36:12.0696 3872	sffp_mmc        (932a68ee27833cfd57c1639d375f2731) C:\Windows\system32\DRIVERS\sffp_mmc.sys
23:36:12.0706 3872	sffp_mmc - ok
23:36:12.0726 3872	sffp_sd         (4f1e5b0fe7c8050668dbfade8999aefb) C:\Windows\system32\DRIVERS\sffp_sd.sys
23:36:12.0736 3872	sffp_sd - ok
23:36:12.0756 3872	sfloppy         (db96666cc8312ebc45032f30b007a547) C:\Windows\system32\DRIVERS\sfloppy.sys
23:36:12.0756 3872	sfloppy - ok
23:36:12.0786 3872	sisagp          (2565cac0dc9fe0371bdce60832582b2e) C:\Windows\system32\DRIVERS\sisagp.sys
23:36:12.0786 3872	sisagp - ok
23:36:12.0806 3872	SiSRaid2        (a9f0486851becb6dda1d89d381e71055) C:\Windows\system32\DRIVERS\SiSRaid2.sys
23:36:12.0806 3872	SiSRaid2 - ok
23:36:12.0826 3872	SiSRaid4        (3727097b55738e2f554972c3be5bc1aa) C:\Windows\system32\DRIVERS\sisraid4.sys
23:36:12.0826 3872	SiSRaid4 - ok
23:36:12.0846 3872	Smb             (3e21c083b8a01cb70ba1f09303010fce) C:\Windows\system32\DRIVERS\smb.sys
23:36:12.0866 3872	Smb - ok
23:36:12.0896 3872	spldr           (95cf1ae7527fb70f7816563cbc09d942) C:\Windows\system32\drivers\spldr.sys
23:36:12.0896 3872	spldr - ok
23:36:12.0946 3872	srv             (4a9b0f215de2519e2363f91df25c1e97) C:\Windows\system32\DRIVERS\srv.sys
23:36:12.0956 3872	srv - ok
23:36:12.0976 3872	srv2            (14c44875518ae1c982e54ea8c5f7fe28) C:\Windows\system32\DRIVERS\srv2.sys
23:36:12.0986 3872	srv2 - ok
23:36:12.0996 3872	srvnet          (07a14223b0a50e76ade003fdf95d4fec) C:\Windows\system32\DRIVERS\srvnet.sys
23:36:13.0006 3872	srvnet - ok
23:36:13.0026 3872	ssmdrv          (a36ee93698802cd899f98bfd553d8185) C:\Windows\system32\DRIVERS\ssmdrv.sys
23:36:13.0026 3872	ssmdrv - ok
23:36:13.0066 3872	StarOpen        (f92254b0bcfcd10caac7bccc7cb7f467) C:\Windows\system32\drivers\StarOpen.sys
23:36:13.0066 3872	StarOpen ( UnsignedFile.Multi.Generic ) - warning
23:36:13.0066 3872	StarOpen - detected UnsignedFile.Multi.Generic (1)
23:36:13.0086 3872	stexstor        (db32d325c192b801df274bfd12a7e72b) C:\Windows\system32\DRIVERS\stexstor.sys
23:36:13.0096 3872	stexstor - ok
23:36:13.0106 3872	storflt         (957e346ca948668f2496a6ccf6ff82cc) C:\Windows\system32\DRIVERS\vmstorfl.sys
23:36:13.0116 3872	storflt - ok
23:36:13.0136 3872	storvsc         (d5751969dc3e4b88bf482ac8ec9fe019) C:\Windows\system32\DRIVERS\storvsc.sys
23:36:13.0136 3872	storvsc - ok
23:36:13.0156 3872	swenum          (e58c78a848add9610a4db6d214af5224) C:\Windows\system32\DRIVERS\swenum.sys
23:36:13.0166 3872	swenum - ok
23:36:13.0236 3872	Tcpip           (bb7f39c31c4a4417fd318e7cd184e225) C:\Windows\system32\drivers\tcpip.sys
23:36:13.0296 3872	Tcpip - ok
23:36:13.0316 3872	TCPIP6          (bb7f39c31c4a4417fd318e7cd184e225) C:\Windows\system32\DRIVERS\tcpip.sys
23:36:13.0346 3872	TCPIP6 - ok
23:36:13.0366 3872	tcpipreg        (e64444523add154f86567c469bc0b17f) C:\Windows\system32\drivers\tcpipreg.sys
23:36:13.0386 3872	tcpipreg - ok
23:36:13.0406 3872	TDPIPE          (1875c1490d99e70e449e3afae9fcbadf) C:\Windows\system32\drivers\tdpipe.sys
23:36:13.0426 3872	TDPIPE - ok
23:36:13.0446 3872	TDTCP           (7551e91ea999ee9a8e9c331d5a9c31f3) C:\Windows\system32\drivers\tdtcp.sys
23:36:13.0466 3872	TDTCP - ok
23:36:13.0486 3872	tdx             (cb39e896a2a83702d1737bfd402b3542) C:\Windows\system32\DRIVERS\tdx.sys
23:36:13.0506 3872	tdx - ok
23:36:13.0516 3872	TermDD          (c36f41ee20e6999dbf4b0425963268a5) C:\Windows\system32\DRIVERS\termdd.sys
23:36:13.0526 3872	TermDD - ok
23:36:13.0556 3872	tssecsrv        (98ae6fa07d12cb4ec5cf4a9bfa5f4242) C:\Windows\system32\DRIVERS\tssecsrv.sys
23:36:13.0566 3872	tssecsrv - ok
23:36:13.0586 3872	tunnel          (3e461d890a97f9d4c168f5fda36e1d00) C:\Windows\system32\DRIVERS\tunnel.sys
23:36:13.0606 3872	tunnel - ok
23:36:13.0626 3872	uagp35          (750fbcb269f4d7dd2e420c56b795db6d) C:\Windows\system32\DRIVERS\uagp35.sys
23:36:13.0626 3872	uagp35 - ok
23:36:13.0656 3872	udfs            (09cc3e16f8e5ee7168e01cf8fcbe061a) C:\Windows\system32\DRIVERS\udfs.sys
23:36:13.0676 3872	udfs - ok
23:36:13.0706 3872	uliagpkx        (44e8048ace47befbfdc2e9be4cbc8880) C:\Windows\system32\DRIVERS\uliagpkx.sys
23:36:13.0716 3872	uliagpkx - ok
23:36:13.0736 3872	umbus           (049b3a50b3d646baeeee9eec9b0668dc) C:\Windows\system32\DRIVERS\umbus.sys
23:36:13.0736 3872	umbus - ok
23:36:13.0756 3872	UmPass          (7550ad0c6998ba1cb4843e920ee0feac) C:\Windows\system32\DRIVERS\umpass.sys
23:36:13.0766 3872	UmPass - ok
23:36:13.0806 3872	usbccgp         (8455c4ed038efd09e99327f9d2d48ffa) C:\Windows\system32\DRIVERS\usbccgp.sys
23:36:13.0806 3872	usbccgp - ok
23:36:13.0836 3872	usbcir          (04ec7cec62ec3b6d9354eee93327fc82) C:\Windows\system32\DRIVERS\usbcir.sys
23:36:13.0846 3872	usbcir - ok
23:36:13.0866 3872	usbehci         (1c333bfd60f2fed2c7ad5daf533cb742) C:\Windows\system32\DRIVERS\usbehci.sys
23:36:13.0876 3872	usbehci - ok
23:36:13.0896 3872	usbhub          (ee6ef93ccfa94fae8c6ab298273d8ae2) C:\Windows\system32\DRIVERS\usbhub.sys
23:36:13.0896 3872	usbhub - ok
23:36:13.0916 3872	usbohci         (a6fb7957ea7afb1165991e54ce934b74) C:\Windows\system32\DRIVERS\usbohci.sys
23:36:13.0926 3872	usbohci - ok
23:36:13.0946 3872	usbprint        (797d862fe0875e75c7cc4c1ad7b30252) C:\Windows\system32\DRIVERS\usbprint.sys
23:36:13.0956 3872	usbprint - ok
23:36:13.0986 3872	USBSTOR         (d8889d56e0d27e57ed4591837fe71d27) C:\Windows\system32\DRIVERS\USBSTOR.SYS
23:36:13.0986 3872	USBSTOR - ok
23:36:14.0006 3872	usbuhci         (78780c3ebce17405b1ccd07a3a8a7d72) C:\Windows\system32\DRIVERS\usbuhci.sys
23:36:14.0016 3872	usbuhci - ok
23:36:14.0036 3872	vdrvroot        (a059c4c3edb09e07d21a8e5c0aabd3cb) C:\Windows\system32\DRIVERS\vdrvroot.sys
23:36:14.0046 3872	vdrvroot - ok
23:36:14.0066 3872	vga             (17c408214ea61696cec9c66e388b14f3) C:\Windows\system32\DRIVERS\vgapnp.sys
23:36:14.0066 3872	vga - ok
23:36:14.0086 3872	VgaSave         (8e38096ad5c8570a6f1570a61e251561) C:\Windows\System32\drivers\vga.sys
23:36:14.0106 3872	VgaSave - ok
23:36:14.0126 3872	vhdmp           (3be6e1f3a4f1afec8cee0d7883f93583) C:\Windows\system32\DRIVERS\vhdmp.sys
23:36:14.0126 3872	vhdmp - ok
23:36:14.0156 3872	viaagp          (c829317a37b4bea8f39735d4b076e923) C:\Windows\system32\DRIVERS\viaagp.sys
23:36:14.0156 3872	viaagp - ok
23:36:14.0176 3872	ViaC7           (e02f079a6aa107f06b16549c6e5c7b74) C:\Windows\system32\DRIVERS\viac7.sys
23:36:14.0186 3872	ViaC7 - ok
23:36:14.0206 3872	viaide          (e43574f6a56a0ee11809b48c09e4fd3c) C:\Windows\system32\DRIVERS\viaide.sys
23:36:14.0206 3872	viaide - ok
23:36:14.0246 3872	vmbus           (379b349f65f453d2a6e75ea6b7448e49) C:\Windows\system32\DRIVERS\vmbus.sys
23:36:14.0276 3872	vmbus - ok
23:36:14.0296 3872	VMBusHID        (ec2bbab4b84d0738c6c83d2234dc36fe) C:\Windows\system32\DRIVERS\VMBusHID.sys
23:36:14.0306 3872	VMBusHID - ok
23:36:14.0326 3872	volmgr          (384e5a2aa49934295171e499f86ba6f3) C:\Windows\system32\DRIVERS\volmgr.sys
23:36:14.0336 3872	volmgr - ok
23:36:14.0366 3872	volmgrx         (b5bb72067ddddbbfb04b2f89ff8c3c87) C:\Windows\system32\drivers\volmgrx.sys
23:36:14.0376 3872	volmgrx - ok
23:36:14.0396 3872	volsnap         (58df9d2481a56edde167e51b334d44fd) C:\Windows\system32\DRIVERS\volsnap.sys
23:36:14.0416 3872	volsnap - ok
23:36:14.0436 3872	vsmraid         (9dfa0cc2f8855a04816729651175b631) C:\Windows\system32\DRIVERS\vsmraid.sys
23:36:14.0446 3872	vsmraid - ok
23:36:14.0476 3872	vwifibus        (90567b1e658001e79d7c8bbd3dde5aa6) C:\Windows\System32\drivers\vwifibus.sys
23:36:14.0486 3872	vwifibus - ok
23:36:14.0506 3872	WacomPen        (de3721e89c653aa281428c8a69745d90) C:\Windows\system32\DRIVERS\wacompen.sys
23:36:14.0516 3872	WacomPen - ok
23:36:14.0536 3872	WANARP          (692a712062146e96d28ba0b7d75de31b) C:\Windows\system32\DRIVERS\wanarp.sys
23:36:14.0566 3872	WANARP - ok
23:36:14.0566 3872	Wanarpv6        (692a712062146e96d28ba0b7d75de31b) C:\Windows\system32\DRIVERS\wanarp.sys
23:36:14.0596 3872	Wanarpv6 - ok
23:36:14.0626 3872	Wd              (1112a9badacb47b7c0bb0392e3158dff) C:\Windows\system32\DRIVERS\wd.sys
23:36:14.0626 3872	Wd - ok
23:36:14.0656 3872	Wdf01000        (9950e3d0f08141c7e89e64456ae7dc73) C:\Windows\system32\drivers\Wdf01000.sys
23:36:14.0666 3872	Wdf01000 - ok
23:36:14.0696 3872	WfpLwf          (8b9a943f3b53861f2bfaf6c186168f79) C:\Windows\system32\DRIVERS\wfplwf.sys
23:36:14.0706 3872	WfpLwf - ok
23:36:14.0736 3872	WIMMount        (5cf95b35e59e2a38023836fff31be64c) C:\Windows\system32\drivers\wimmount.sys
23:36:14.0736 3872	WIMMount - ok
23:36:14.0766 3872	WmiAcpi         (0217679b8fca58714c3bf2726d2ca84e) C:\Windows\system32\DRIVERS\wmiacpi.sys
23:36:14.0776 3872	WmiAcpi - ok
23:36:14.0786 3872	ws2ifsl         (6db3276587b853bf886b69528fdb048c) C:\Windows\system32\drivers\ws2ifsl.sys
23:36:14.0806 3872	ws2ifsl - ok
23:36:14.0836 3872	WudfPf          (6f9b6c0c93232cff47d0f72d6db1d21e) C:\Windows\system32\drivers\WudfPf.sys
23:36:14.0846 3872	WudfPf - ok
23:36:14.0866 3872	MBR (0x1B8)     (a36c5e4f47e84449ff07ed3517b43a31) \Device\Harddisk0\DR0
23:36:14.0956 3872	\Device\Harddisk0\DR0 - ok
23:36:14.0956 3872	Boot (0x1200)   (8c856c6f5782a7ca9a4f1454e652c9e6) \Device\Harddisk0\DR0\Partition0
23:36:14.0956 3872	\Device\Harddisk0\DR0\Partition0 - ok
23:36:14.0986 3872	Boot (0x1200)   (acd48db454ce996123cbaa8cbbf897be) \Device\Harddisk0\DR0\Partition1
23:36:14.0986 3872	\Device\Harddisk0\DR0\Partition1 - ok
23:36:14.0996 3872	============================================================
23:36:14.0996 3872	Scan finished
23:36:14.0996 3872	============================================================
23:36:15.0006 3344	Detected object count: 2
23:36:15.0006 3344	Actual detected object count: 2
23:37:46.0076 3344	aadev ( UnsignedFile.Multi.Generic ) - skipped by user
23:37:46.0076 3344	aadev ( UnsignedFile.Multi.Generic ) - User select action: Skip 
23:37:46.0076 3344	StarOpen ( UnsignedFile.Multi.Generic ) - skipped by user
23:37:46.0076 3344	StarOpen ( UnsignedFile.Multi.Generic ) - User select action: Skip
         

Alt 14.12.2011, 11:36   #14
cosinus
/// Winkelfunktion
/// TB-Süch-Tiger™
 
Trojan/Win32.VBKrypt "hrt54is56ijfgte" - Standard

Trojan/Win32.VBKrypt "hrt54is56ijfgte"



Dann bitte jetzt CF ausführen:

ComboFix

Ein Leitfaden und Tutorium zur Nutzung von ComboFix
  • Schliesse alle Programme, vor allem dein Antivirenprogramm und andere Hintergrundwächter sowie deinen Internetbrowser.
  • Starte cofi.exe von deinem Desktop aus, bestätige die Warnmeldungen, führe die Updates durch (falls vorgeschlagen), installiere die Wiederherstellungskonsole (falls vorgeschlagen) und lass dein System durchsuchen.
    Vermeide es auch während Combofix läuft die Maus und Tastatur zu benutzen.
  • Im Anschluss öffnet sich automatisch eine combofix.txt, diesen Inhalt bitte kopieren ([Strg]a, [Strg]c) und in deinen Beitrag einfügen ([Strg]v). Die Datei findest du außerdem unter: C:\ComboFix.txt.
Wichtiger Hinweis:
Combofix darf ausschließlich ausgeführt werden, wenn ein Kompetenzler dies ausdrücklich empfohlen hat!

Es sollte nie auf eigene Initiative hin ausgeführt werden! Eine falsche Benutzung kann ernsthafte Computerprobleme nach sich ziehen und eine Bereinigung der Infektion noch erschweren.

Solltest du nach der Ausführung von Combofix Probleme beim Starten von Anwendungen haben und Meldungen erhalten wie

Zitat:
Es wurde versucht, einen Registrierungsschlüssel einem ungültigen Vorgang zu unterziehen, der zum Löschen markiert wurde.
startest du Windows dann manuell neu und die Fehlermeldungen sollten nicht mehr auftauchen.
__________________
"Die Wahrheit ist normalerweise nur eine Entschuldigung für einen Mangel an Fantasie." (Elim Garak)

Das Trojaner-Board unterstützen
Warum Linux besser als Windows ist!

Alt 14.12.2011, 22:36   #15
rara
 
Trojan/Win32.VBKrypt "hrt54is56ijfgte" - Standard

Trojan/Win32.VBKrypt "hrt54is56ijfgte"



Hallo Cosinus,

hier ist die Log-Datei von ComboFix:
Code:
ATTFilter
ComboFix 11-12-13.03 - Rainer 14.12.2011  22:20:55.1.4 - x86
Microsoft Windows 7 Ultimate N   6.1.7600.0.1252.49.1033.18.3326.2335 [GMT 1:00]
ausgeführt von:: c:\users\Rainer\Desktop\ComboFix.exe
AV: AntiVir Desktop *Disabled/Outdated* {090F9C29-64CE-6C6F-379C-5901B49A85B7}
SP: AntiVir Desktop *Disabled/Outdated* {B26E7DCD-42F4-63E1-0D2C-6273CF1DCF0A}
SP: Windows Defender *Enabled/Outdated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
.
((((((((((((((((((((((((((((((((((((   Weitere Löschungen   ))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\windows\IsUn0407.exe
.
.
(((((((((((((((((((((((   Dateien erstellt von 2011-11-14 bis 2011-12-14  ))))))))))))))))))))))))))))))
.
.
2011-12-14 21:24 . 2011-12-14 21:24	--------	d-----w-	c:\users\Rainer\AppData\Local\temp
2011-12-14 21:24 . 2011-12-14 21:24	--------	d-----w-	c:\users\Default\AppData\Local\temp
2011-12-13 22:41 . 2011-12-13 22:41	684297	----a-w-	C:\unhide.exe
2011-12-13 19:07 . 2011-12-13 19:07	--------	d-----w-	C:\_OTL
2011-12-13 12:21 . 2011-12-13 12:21	--------	d-----w-	c:\windows\Internet Logs
2011-12-13 12:19 . 2011-12-13 12:19	2560	----a-w-	c:\windows\_MSRSTRT.EXE
2011-12-10 12:46 . 2011-12-10 12:46	--------	d-----w-	C:\OTL
2011-12-09 13:46 . 2011-12-09 13:47	--------	d-----w-	C:\Eset
2011-12-09 11:44 . 2011-12-09 11:44	--------	d-----w-	c:\program files\ESET
2011-12-09 10:54 . 2011-12-09 10:54	--------	d-----w-	C:\Games
2011-12-08 15:48 . 2011-12-08 15:48	--------	d-----w-	C:\tdsskiller
2011-12-08 15:41 . 2011-12-08 15:41	--------	d-----w-	c:\program files\Common Files\Java
2011-12-06 22:43 . 2011-12-06 22:43	--------	d-----w-	c:\users\Rainer\AppData\Roaming\Malwarebytes
2011-12-06 22:42 . 2011-12-06 22:42	--------	d-----w-	c:\programdata\Malwarebytes
2011-12-06 22:42 . 2011-12-06 22:42	--------	d-----w-	c:\program files\Malwarebytes' Anti-Malware
2011-12-06 22:42 . 2011-08-31 16:00	22216	----a-w-	c:\windows\system32\drivers\mbam.sys
2011-12-06 20:48 . 2011-12-06 20:48	--------	d-----w-	C:\Antibundestrojaner
2011-12-06 20:35 . 2011-12-06 20:35	--------	d-----w-	C:\Reg entsperren
2011-12-04 20:47 . 2011-12-04 20:47	--------	d-----w-	c:\users\Rainer\dwhelper
2011-12-02 15:33 . 2011-12-02 15:33	89048	----a-w-	c:\program files\Mozilla Firefox\libEGL.dll
2011-12-02 15:33 . 2011-12-02 15:33	478168	----a-w-	c:\program files\Mozilla Firefox\libGLESv2.dll
2011-12-02 15:33 . 2011-12-02 15:33	2106216	----a-w-	c:\program files\Mozilla Firefox\D3DCompiler_43.dll
2011-12-02 15:33 . 2011-12-02 15:33	1998168	----a-w-	c:\program files\Mozilla Firefox\d3dx9_43.dll
2011-12-02 15:33 . 2011-12-02 15:33	1989592	----a-w-	c:\program files\Mozilla Firefox\mozjs.dll
2011-12-02 15:33 . 2011-12-02 15:33	15832	----a-w-	c:\program files\Mozilla Firefox\mozalloc.dll
2011-12-02 15:33 . 2011-12-02 15:33	134104	----a-w-	c:\program files\Mozilla Firefox\components\browsercomps.dll
2011-12-02 15:33 . 2011-12-02 15:33	801752	----a-w-	c:\program files\Mozilla Firefox\mozsqlite3.dll
2011-11-26 23:42 . 2011-11-26 23:42	--------	d-----w-	c:\users\Guest
2011-11-19 15:07 . 2011-11-19 15:07	--------	d-----w-	c:\users\Rainer\AppData\Local\Skyrim
2011-11-19 13:54 . 2011-12-08 17:57	--------	d-----w-	c:\program files\Common Files\Steam
2011-11-19 13:54 . 2011-12-14 21:12	--------	d-----w-	c:\program files\Steam
.
.
.
((((((((((((((((((((((((((((((((((((   Find3M Bericht   ))))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2011-10-25 19:51 . 2011-10-25 17:45	83872	----a-w-	c:\windows\system32\drivers\atksgt.sys
2011-10-25 19:51 . 2011-10-25 17:45	25888	----a-w-	c:\windows\system32\drivers\lirsgt.sys
2011-10-24 13:29 . 2011-10-24 13:29	94208	----a-w-	c:\windows\system32\QuickTimeVR.qtx
2011-10-24 13:29 . 2011-10-24 13:29	69632	----a-w-	c:\windows\system32\QuickTime.qts
2011-10-03 04:06 . 2010-08-18 12:47	472808	----a-w-	c:\windows\system32\deployJava1.dll
2011-12-02 15:33 . 2011-12-02 15:33	134104	----a-w-	c:\program files\mozilla firefox\components\browsercomps.dll
.
.
((((((((((((((((((((((((((((   Autostartpunkte der Registrierung   ))))))))))))))))))))))))))))))))))))))))
.
.
*Hinweis* leere Einträge & legitime Standardeinträge werden nicht angezeigt. 
REGEDIT4
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Steam"="c:\program files\Steam\Steam.exe" [2011-11-19 1242448]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"RtHDVCpl"="c:\program files\Realtek\Audio\HDA\RtHDVCpl.exe" [2009-08-18 7711264]
"AWatch"="c:\program files\Teledat 320\Awatch.exe" [2003-03-05 495616]
"avgnt"="c:\program files\Avira\AntiVir Desktop\avgnt.exe" [2010-11-05 281768]
"StartCCC"="c:\program files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" [2010-05-27 98304]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2011-06-08 37296]
"Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2011-03-30 937920]
"DivXUpdate"="c:\program files\DivX\DivX Update\DivXUpdate.exe" [2011-03-21 1230704]
"TkBellExe"="c:\program files\real\realplayer\Update\realsched.exe" [2011-07-28 273544]
"QuickTime Task"="c:\program files\QuickTime\QTTask.exe" [2011-10-24 421888]
"Malwarebytes' Anti-Malware (reboot)"="c:\program files\Malwarebytes' Anti-Malware\mbam.exe" [2011-08-31 1047208]
"SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2011-06-09 254696]
.
c:\users\Guest\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
Netzmanager.lnk - c:\program files\Netzmanager\netzmanager.exe [2010-3-22 1540096]
.
c:\users\Rainer\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
Netzmanager.lnk - c:\program files\Netzmanager\netzmanager.exe [2010-3-22 1540096]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 5 (0x5)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableUIADesktopToggle"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"aux1"=wdmaud.drv
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\APSDaemon]
2011-09-27 06:22	59240	----a-w-	c:\program files\Common Files\Apple\Apple Application Support\APSDaemon.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\JMB36X IDE Setup]
2007-03-20 06:36	36864	------r-	c:\windows\RaidTool\xInsIDE.exe
.
R2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-03-18 130384]
R3 DAUpdaterSvc;Dragon Age: Origins - Content Updater;d:\games\Dragon Age\bin_ship\DAUpdaterSvc.Service.exe [2009-12-15 25832]
R3 Lavasoft Kernexplorer;Lavasoft helper driver;c:\program files\Lavasoft\Ad-Aware\KernExplorer.sys [x]
R3 nosGetPlusHelper;getPlus(R) Helper 3004;c:\windows\System32\svchost.exe [2009-07-14 20992]
S0 Lbd;Lbd;c:\windows\system32\DRIVERS\Lbd.sys [2010-08-12 64288]
S2 aadev;AVM ADSL Adapter Device;c:\windows\system32\DRIVERS\aadev.sys [2003-02-21 27648]
S2 acedrv11;acedrv11;c:\windows\system32\drivers\acedrv11.sys [2010-02-24 185472]
S2 AMD External Events Utility;AMD External Events Utility;c:\windows\system32\atiesrxx.exe [2010-05-05 172032]
S2 AntiVirSchedulerService;Avira AntiVir Planer;c:\program files\Avira\AntiVir Desktop\sched.exe [2011-05-17 136360]
S2 SBSDWSCService;SBSD Security Center Service;c:\program files\Spybot - Search & Destroy\SDWinSec.exe [2009-01-26 1153368]
S3 amdkmdag;amdkmdag;c:\windows\system32\DRIVERS\atikmdag.sys [2010-05-05 5550592]
S3 amdkmdap;amdkmdap;c:\windows\system32\DRIVERS\atikmpag.sys [2010-05-05 176128]
S3 AVMDSLPPPOE;AVM DSL PPPoE CAPI Driver;c:\windows\system32\DRIVERS\avmdsloe.sys [2006-09-12 45952]
S3 AVMNDSL;AVM DSL NDIS WAN CAPI Driver;c:\windows\system32\DRIVERS\avmndsl.sys [2006-09-12 39440]
S3 FDSSBASE;AVM FRITZ!Card DSL SL (WinXP/2000);c:\windows\system32\DRIVERS\fdssbase.sys [2006-09-12 715264]
S3 RTL8167;Realtek 8167 NT Driver;c:\windows\system32\DRIVERS\Rt86win7.sys [2009-07-30 187392]
.
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
LocalServiceAndNoImpersonation	REG_MULTI_SZ   	SSDPSRV upnphost SCardSvr TBS FontCache fdrespub AppIDSvc QWAVE wcncsvc SensrSvc
nosGetPlusHelper	REG_MULTI_SZ   	nosGetPlusHelper
.
Inhalt des "geplante Tasks" Ordners
.
.
------- Zusätzlicher Suchlauf -------
.
TCP: Interfaces\{149AA515-96D9-4A7A-8C9D-300BC27D0B89}: NameServer = 217.0.43.161 217.0.43.177
TCP: Interfaces\{A8BE80C4-B5DA-4C17-BB44-9AC5D0DD54D8}: NameServer = 217.0.43.161 217.0.43.177
FF - ProfilePath - c:\users\Rainer\AppData\Roaming\Mozilla\Firefox\Profiles\u268tl1a.default\
FF - prefs.js: browser.startup.homepage - hxxp://www.google.de/
.
- - - - Entfernte verwaiste Registrierungseinträge - - - -
.
AddRemove-Top50 V4 - c:\windows\IsUn0407.exe
AddRemove-Teledat 320 - c:\windows\IsUn0407.exe
.
.
.
--------------------- Gesperrte Registrierungsschluessel ---------------------
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
Zeit der Fertigstellung: 2011-12-14  22:27:49
ComboFix-quarantined-files.txt  2011-12-14 21:27
.
Vor Suchlauf: 57 Verzeichnis(se), 356.721.078.272 Bytes frei
Nach Suchlauf: 59 Verzeichnis(se), 356.626.657.280 Bytes frei
.
- - End Of File - - 9ABB9DCB812C13929B96E7B1AD391983
         
Ich habe keine Warnmeldungen erhalten und nichts bestätigen müssen. Das war doch (hoffentlich) der letzte Scan?

Antwort

Themen zu Trojan/Win32.VBKrypt "hrt54is56ijfgte"
abgesicherten, anderen, blockiert, continue, entfernen, explorer.exe, fenster, hochfahren, hrt54is56ijfgte, internetverbindung, keine internetverbindung, konto, meldung, neue, nichts, registry, seite, standard, system, taskmanager, trojaner, verbindung, verändert, win, win7, windows, windows xp



Ähnliche Themen: Trojan/Win32.VBKrypt "hrt54is56ijfgte"


  1. Eset findet "Win32/Bundled.Toolbar.Google.D" und "Win32/OpenCandy.C"
    Plagegeister aller Art und deren Bekämpfung - 22.09.2015 (10)
  2. ZoneAlarm meldet Fund: "Trojan-Spy.Win32.Zbot.nesk"
    Log-Analyse und Auswertung - 18.07.2013 (11)
  3. "Licensevalidator.exe" u.A.: ESET meldet "Win32/Kryptik.ADPW trojan" sowie "Win32/Gataka.A trojan"
    Log-Analyse und Auswertung - 12.04.2012 (21)
  4. "Trojan-Spy.Win32.Zbot.dnei" in "C:\Users\Default.Default-PC\AppData\Roaming"
    Plagegeister aller Art und deren Bekämpfung - 12.03.2012 (11)
  5. Trojaner "hrt54is56ijfgte"
    Log-Analyse und Auswertung - 12.01.2012 (24)
  6. Trojaner "hrt54is56ijfgte"
    Plagegeister aller Art und deren Bekämpfung - 11.12.2011 (11)
  7. Generelle Frage zu bestimmten Trojaner "Trojan.Win32.Agent"
    Log-Analyse und Auswertung - 06.12.2011 (9)
  8. viren "Trojan:Win32/Bumat!rts" und "Exploit Java/CVE-2010-0840.ew" auf Laptop
    Plagegeister aller Art und deren Bekämpfung - 05.10.2011 (8)
  9. Malwarereinigung: "TR/Kazy.25747.40", "Trojan.Downloader..." und "Backdoor: Win32Cycbot.B"
    Log-Analyse und Auswertung - 09.06.2011 (1)
  10. "trojan-dropper.win32.Agent.dglg" und "trojan.Win32.Autohit.wh"
    Log-Analyse und Auswertung - 03.02.2011 (10)
  11. "0.05870814618642739.exe" ("Win32:Trojan-gen") in "C:\Users\***\AppData\Local\Temp\"
    Plagegeister aller Art und deren Bekämpfung - 02.01.2011 (25)
  12. AVG findet "Trojan horse Generic15.EAM", Antimalware "Trojan.Agent" + "Rootkit.Agent"
    Plagegeister aller Art und deren Bekämpfung - 03.11.2009 (13)
  13. "Trojan-Spy.Win32.Zbot.ikh" hat Rechner lahm gelegt! Hilfe!
    Plagegeister aller Art und deren Bekämpfung - 23.07.2009 (1)
  14. Firefox öffnet neue Fenster. "trojan.win32.generic"
    Log-Analyse und Auswertung - 17.12.2008 (1)
  15. "Trojan.clicker.win32.tiny.h" in meinem System
    Plagegeister aller Art und deren Bekämpfung - 07.10.2008 (4)
  16. Brauche dringend Hilfe bei "Trojan.Win32.Monder.gen"
    Log-Analyse und Auswertung - 22.06.2008 (21)
  17. HILFE: "Win32:HLLW.Gavir:5" und "Trojan.Proxy.Ranky
    Log-Analyse und Auswertung - 12.01.2007 (4)

Zum Thema Trojan/Win32.VBKrypt "hrt54is56ijfgte" - Hallo an alle, ich habe in meinem System(Win7) den Trojaner hrt54is56ijfgte ausfindig gemacht. Nach dem Hochfahren wird das System mit einem weissen Fenster mit der Meldung "Es besteht noch keine - Trojan/Win32.VBKrypt "hrt54is56ijfgte"...
Archiv
Du betrachtest: Trojan/Win32.VBKrypt "hrt54is56ijfgte" auf Trojaner-Board

Search Engine Optimization by vBSEO ©2011, Crawlability, Inc.