Zurück   Trojaner-Board > Malware entfernen > Log-Analyse und Auswertung

Log-Analyse und Auswertung: vermeintlicher BKA-Trojaner - wirklich weg?

Windows 7 Wenn Du Dir einen Trojaner eingefangen hast oder ständig Viren Warnungen bekommst, kannst Du hier die Logs unserer Diagnose Tools zwecks Auswertung durch unsere Experten posten. Um Viren und Trojaner entfernen zu können, muss das infizierte System zuerst untersucht werden: Erste Schritte zur Hilfe. Beachte dass ein infiziertes System nicht vertrauenswürdig ist und bis zur vollständigen Entfernung der Malware nicht verwendet werden sollte.

Antwort
Alt 29.03.2012, 17:03   #1
micha-sdh
 
vermeintlicher BKA-Trojaner - wirklich weg? - Standard

vermeintlicher BKA-Trojaner - wirklich weg?



Hallo Leute,

vor 3 Tagen hab ich mir bei ner stinknormalen Google-Bildersuche den Trojaner eingefangen. Es erschien eine Fehlermeldung mit: "Ihr System wurde gesperrt" oder so ähnlich. Nach einer 50€-Gebühr sollte angeblich alles wieder funktionieren. Habs natürlich nicht gemacht. Konnte kein anderes Progeamm mehr ausführen, weil die Meldung immer im Vordergrund war. Ein Ab- und Anmelden des Users hat auch nichts gebracht. Hab dann die Verbindung zum Inet getrennt, dann konnte ich wieder rein. Hab Avira und Malwarebytes drüber laufen lassen, wonach Malwarebytes ein Fund hatte, den ich gelöscht hab, und anschließend hab ich eine OTL-Logfile erstellt. Irgendwie steht in der ersten log aber nichts von dem Fund.

Hier die erste Malwarebytes Log und OTL Log:
Code:
ATTFilter
 Malwarebytes Anti-Malware  (Test) 1.60.1.1000
www.malwarebytes.org

Datenbank Version: v2012.03.27.02

Windows 7 x64 NTFS
Internet Explorer 9.0.8112.16421
S :: SCHWEDE [Administrator]

Schutz: Deaktiviert

27.03.2012 11:07:10
mbam-log-2012-03-27 (11-07-10).txt

Art des Suchlaufs: Vollständiger Suchlauf
Aktivierte Suchlaufeinstellungen: Speicher | Autostart | Registrierung | Dateisystem | Heuristiks/Extra | HeuristiKs/Shuriken | PUP | PUM
Deaktivierte Suchlaufeinstellungen: P2P
Durchsuchte Objekte: 384702
Laufzeit: 2 Stunde(n), 49 Minute(n), 24 Sekunde(n)

Infizierte Speicherprozesse: 0
(Keine bösartigen Objekte gefunden)

Infizierte Speichermodule: 0
(Keine bösartigen Objekte gefunden)

Infizierte Registrierungsschlüssel: 0
(Keine bösartigen Objekte gefunden)

Infizierte Registrierungswerte: 0
(Keine bösartigen Objekte gefunden)

Infizierte Dateiobjekte der Registrierung: 0
(Keine bösartigen Objekte gefunden)

Infizierte Verzeichnisse: 0
(Keine bösartigen Objekte gefunden)

Infizierte Dateien: 0
(Keine bösartigen Objekte gefunden)

(Ende)
         
Code:
ATTFilter
OTL logfile created on: 27.03.2012 11:10:32 - Run 1
OTL by OldTimer - Version 3.2.39.2     Folder = C:\Users\S\Desktop
64bit- Home Premium Edition  (Version = 6.1.7600) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
 
3,86 Gb Total Physical Memory | 2,24 Gb Available Physical Memory | 57,96% Memory free
7,71 Gb Paging File | 5,74 Gb Available in Paging File | 74,44% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 236,56 Gb Total Space | 156,88 Gb Free Space | 66,32% Space Free | Partition Type: NTFS
Drive E: | 215,77 Gb Total Space | 112,50 Gb Free Space | 52,14% Space Free | Partition Type: NTFS
 
Computer Name: SCHWEDE | User Name: S | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Include 64bit Scans
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days
 
========== Processes (SafeList) ==========
 
PRC - C:\Users\S\Desktop\OTL.exe (OldTimer Tools)
PRC - C:\Program Files (x86)\Avira\AntiVir Desktop\avscan.exe (Avira Operations GmbH & Co. KG)
PRC - C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbam.exe (Malwarebytes Corporation)
PRC - C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe (Adobe Systems Incorporated)
PRC - C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe (Avira Operations GmbH & Co. KG)
PRC - C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe (Avira Operations GmbH & Co. KG)
PRC - C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe (Avira Operations GmbH & Co. KG)
PRC - C:\program files (x86)\avira\antivir desktop\avcenter.exe (Avira Operations GmbH & Co. KG)
PRC - C:\Programme\Sony\VAIO Care\VCService.exe (Sony Corporation)
PRC - C:\Program Files (x86)\Sony\VAIO Event Service\VESMgr.exe (Sony Corporation)
PRC - C:\Program Files (x86)\Sony\VAIO Event Service\VESMgrSub.exe (Sony Corporation)
PRC - C:\Program Files (x86)\Sony\ISB Utility\ISBMgr.exe (Sony Corporation)
PRC - C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe (Intel Corporation)
PRC - C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe (Intel Corporation)
PRC - C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe (Intel Corporation)
PRC - C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe (Intel Corporation)
PRC - C:\Program Files (x86)\ArcSoft\Magic-i Visual Effects 2\uCamMonitor.exe (ArcSoft, Inc.)
PRC - C:\Program Files (x86)\RocketDock\RocketDock.exe ()
 
 
========== Modules (No Company Name) ==========
 
MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\IAStorUtil\966a138f3aed60400472ac415bd16bc8\IAStorUtil.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Runtime.Remo#\0a894f77b9aa64acbd3ce791916357d8\System.Runtime.Remoting.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\ff30db6905f8ec024fc808ed8779c0f3\System.Windows.Forms.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Drawing\a09ee392fa90849f2e9313a1ebbe0279\System.Drawing.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\WindowsBase\585ac5899ab444221c8b41df13b194bc\WindowsBase.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Xml\d49f4cb0755ccc34cd35ff96dc2ef9e3\System.Xml.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Configuration\15742b3597258ce67cbe219005c197e5\System.Configuration.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\System\1f14b3e1ee0847f8662f513e67f92547\System.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\1b31ced9bb880d94fff1c6d47c16a81e\mscorlib.ni.dll ()
MOD - C:\Program Files (x86)\Common Files\Microsoft Shared\OFFICE12\MSPTLS.DLL ()
MOD - C:\Windows\assembly\GAC_MSIL\mscorlib.resources\2.0.0.0_de_b77a5c561934e089\mscorlib.resources.dll ()
MOD - C:\Windows\assembly\GAC_MSIL\System.Runtime.Remoting.resources\2.0.0.0_de_b77a5c561934e089\System.Runtime.Remoting.resources.dll ()
MOD - C:\Program Files (x86)\RocketDock\Docklets\StackDocklet\StackDocklet.dll ()
MOD - C:\Program Files (x86)\RocketDock\RocketDock.exe ()
MOD - C:\Program Files (x86)\RocketDock\RocketDock.dll ()
 
 
========== Win32 Services (SafeList) ==========
 
SRV:64bit: - (SampleCollector) -- C:\Program Files\Sony\VAIO Care\VCPerfService.exe (Sony Corporation)
SRV:64bit: - (AMD External Events Utility) -- C:\Windows\SysNative\atiesrxx.exe (AMD)
SRV - (AdobeARMservice) -- C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe (Adobe Systems Incorporated)
SRV - (VUAgent) -- C:\Programme\Sony\VAIO Update Common\VUAgent.exe (Sony Corporation)
SRV - (AntiVirSchedulerService) -- C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe (Avira Operations GmbH & Co. KG)
SRV - (AntiVirService) -- C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe (Avira Operations GmbH & Co. KG)
SRV - (Steam Client Service) -- C:\Program Files (x86)\Common Files\Steam\SteamService.exe (Valve Corporation)
SRV - (VCService) -- C:\Programme\Sony\VAIO Care\VCService.exe (Sony Corporation)
SRV - (FLEXnet Licensing Service) -- C:\Program Files (x86)\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe (Acresso Software Inc.)
SRV - (VAIO Power Management) -- C:\Programme\Sony\VAIO Power Management\SPMService.exe (Sony Corporation)
SRV - (btwdins) -- C:\Programme\WIDCOMM\Bluetooth Software\btwdins.exe (Broadcom Corporation.)
SRV - (VSNService) -- C:\Programme\Sony\VAIO Smart Network\VSNService.exe (Sony Corporation)
SRV - (PMBDeviceInfoProvider) -- C:\Program Files (x86)\Sony\PMB\PMBDeviceInfoProvider.exe (Sony Corporation)
SRV - (VAIO Event Service) -- C:\Program Files (x86)\Sony\VAIO Event Service\VESMgr.exe (Sony Corporation)
SRV - (UNS) Intel(R) -- C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe (Intel Corporation)
SRV - (LMS) Intel(R) -- C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe (Intel Corporation)
SRV - (CVPND) -- C:\Program Files (x86)\Cisco Systems\VPN Client\cvpnd.exe (Cisco Systems, Inc.)
SRV - (clr_optimization_v4.0.30319_32) -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe (Microsoft Corporation)
SRV - (ACDaemon) -- C:\Program Files (x86)\Common Files\ArcSoft\Connection Service\Bin\ACService.exe (ArcSoft Inc.)
SRV - (IAStorDataMgrSvc) Intel(R) -- C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe (Intel Corporation)
SRV - (AdobeActiveFileMonitor8.0) -- C:\Program Files (x86)\Adobe\Elements Organizer 8.0\PhotoshopElementsFileAgent.exe (Adobe Systems Incorporated)
SRV - (clr_optimization_v2.0.50727_32) -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe (Microsoft Corporation)
SRV - (uCamMonitor) -- C:\Program Files (x86)\ArcSoft\Magic-i Visual Effects 2\uCamMonitor.exe (ArcSoft, Inc.)
 
 
========== Driver Services (SafeList) ==========
 
DRV:64bit: - (avipbb) -- C:\Windows\SysNative\drivers\avipbb.sys (Avira GmbH)
DRV:64bit: - (avgntflt) -- C:\Windows\SysNative\drivers\avgntflt.sys (Avira GmbH)
DRV:64bit: - (avkmgr) -- C:\Windows\SysNative\drivers\avkmgr.sys (Avira GmbH)
DRV:64bit: - (amdsata) -- C:\Windows\SysNative\drivers\amdsata.sys (Advanced Micro Devices)
DRV:64bit: - (amdxata) -- C:\Windows\SysNative\drivers\amdxata.sys (Advanced Micro Devices)
DRV:64bit: - (dtsoftbus01) -- C:\Windows\SysNative\drivers\dtsoftbus01.sys (DT Soft Ltd)
DRV:64bit: - (atikmdag) -- C:\Windows\SysNative\drivers\atikmdag.sys (ATI Technologies Inc.)
DRV:64bit: - (amdkmdag) -- C:\Windows\SysNative\drivers\atikmdag.sys (ATI Technologies Inc.)
DRV:64bit: - (amdkmdap) -- C:\Windows\SysNative\drivers\atikmpag.sys (Advanced Micro Devices, Inc.)
DRV:64bit: - (IntcDAud) Intel(R) -- C:\Windows\SysNative\drivers\IntcDAud.sys (Intel(R) Corporation)
DRV:64bit: - (igfx) -- C:\Windows\SysNative\drivers\igdkmd64.sys (Intel Corporation)
DRV:64bit: - (btwrchid) -- C:\Windows\SysNative\drivers\btwrchid.sys (Broadcom Corporation.)
DRV:64bit: - (btwampfl) -- C:\Windows\SysNative\drivers\btwampfl.sys (Broadcom Corporation.)
DRV:64bit: - (btwavdt) -- C:\Windows\SysNative\drivers\btwavdt.sys (Broadcom Corporation.)
DRV:64bit: - (btwaudio) -- C:\Windows\SysNative\drivers\btwaudio.sys (Broadcom Corporation.)
DRV:64bit: - (btwl2cap) -- C:\Windows\SysNative\drivers\btwl2cap.sys (Broadcom Corporation.)
DRV:64bit: - (risdsnpe) -- C:\Windows\SysNative\drivers\risdsne64.sys (REDC)
DRV:64bit: - (rimspci) -- C:\Windows\SysNative\drivers\rimssne64.sys (REDC)
DRV:64bit: - (ApfiltrService) -- C:\Windows\SysNative\drivers\Apfiltr.sys (Alps Electric Co., Ltd.)
DRV:64bit: - (yukonw7) -- C:\Windows\SysNative\drivers\yk62x64.sys (Marvell)
DRV:64bit: - (athr) -- C:\Windows\SysNative\drivers\athrx.sys (Atheros Communications, Inc.)
DRV:64bit: - (RTHDMIAzAudService) -- C:\Windows\SysNative\drivers\RtHDMIVX.sys (Realtek Semiconductor Corp.)
DRV:64bit: - (Impcd) -- C:\Windows\SysNative\drivers\Impcd.sys (Intel Corporation)
DRV:64bit: - (HECIx64) Intel(R) -- C:\Windows\SysNative\drivers\HECIx64.sys (Intel Corporation)
DRV:64bit: - (SFEP) -- C:\Windows\SysNative\drivers\SFEP.sys (Sony Corporation)
DRV:64bit: - (CVPNDRVA) -- C:\Windows\SysNative\drivers\CVPNDRVA.sys ()
DRV:64bit: - (iaStor) -- C:\Windows\SysNative\drivers\iaStor.sys (Intel Corporation)
DRV:64bit: - (CVirtA) -- C:\Windows\SysNative\drivers\CVirtA64.sys (Cisco Systems, Inc.)
DRV:64bit: - (sdbus) -- C:\Windows\SysNative\drivers\sdbus.sys (Microsoft Corporation)
DRV:64bit: - (amdsbs) -- C:\Windows\SysNative\drivers\amdsbs.sys (AMD Technologies Inc.)
DRV:64bit: - (LSI_SAS2) -- C:\Windows\SysNative\drivers\lsi_sas2.sys (LSI Corporation)
DRV:64bit: - (HpSAMD) -- C:\Windows\SysNative\drivers\HpSAMD.sys (Hewlett-Packard Company)
DRV:64bit: - (Fs_Rec) -- C:\Windows\SysNative\drivers\fs_rec.sys (Microsoft Corporation)
DRV:64bit: - (stexstor) -- C:\Windows\SysNative\drivers\stexstor.sys (Promise Technology)
DRV:64bit: - (StillCam) -- C:\Windows\SysNative\drivers\serscan.sys (Microsoft Corporation)
DRV:64bit: - (irda) -- C:\Windows\SysNative\drivers\irda.sys (Microsoft Corporation)
DRV:64bit: - (Dot4Scan) -- C:\Windows\SysNative\drivers\Dot4Scan.sys (Microsoft Corporation)
DRV:64bit: - (ebdrv) -- C:\Windows\SysNative\drivers\evbda.sys (Broadcom Corporation)
DRV:64bit: - (b06bdrv) -- C:\Windows\SysNative\drivers\bxvbda.sys (Broadcom Corporation)
DRV:64bit: - (b57nd60a) -- C:\Windows\SysNative\drivers\b57nd60a.sys (Broadcom Corporation)
DRV:64bit: - (hcw85cir) -- C:\Windows\SysNative\drivers\hcw85cir.sys (Hauppauge Computer Works, Inc.)
DRV:64bit: - (ArcSoftKsUFilter) -- C:\Windows\SysNative\drivers\ArcSoftKsUFilter.sys (ArcSoft, Inc.)
DRV:64bit: - (FTDIBUS) -- C:\Windows\SysNative\drivers\ftdibus.sys (FTDI Ltd.)
DRV:64bit: - (FTSER2K) -- C:\Windows\SysNative\drivers\ftser2k.sys (FTDI Ltd.)
DRV:64bit: - (DNE) -- C:\Windows\SysNative\drivers\dne64x.sys (Deterministic Networks, Inc.)
DRV:64bit: - (PxHlpa64) -- C:\Windows\SysNative\drivers\PxHlpa64.sys (Sonic Solutions)
DRV:64bit: - (STIrUsb) -- C:\Windows\SysNative\drivers\irstusb.sys (SigmaTel, Inc.)
DRV - (WinRing0_1_2_0) -- C:\Users\S\AppData\Local\Microsoft\Windows Sidebar\Gadgets\IntelCoreSeries24.gadget\WinRing0x64.sys (OpenLibSys.org)
DRV - (WIMMount) -- C:\Windows\SysWOW64\drivers\wimmount.sys (Microsoft Corporation)
DRV - (PolarUSB) -- C:\Windows\SysWOW64\drivers\PolarUSB.sys (Polar Electro)
 
 
========== Standard Registry (SafeList) ==========
 
 
========== Internet Explorer ==========
 
IE:64bit: - HKLM\..\SearchScopes,DefaultScope = {6A1806CD-94D4-4689-BA73-E35EA1EA9990}
IE:64bit: - HKLM\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = hxxp://www.google.com/search?q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&sourceid=ie7
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
IE - HKLM\..\SearchScopes,DefaultScope = {6A1806CD-94D4-4689-BA73-E35EA1EA9990}
IE - HKLM\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = hxxp://www.google.com/search?q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&sourceid=ie7
 
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Default Download Directory = C:\Users\S\Desktop
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://www.google.com/ig/redirectdomain?brand=SVEE&bmod=SVEE
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.spox.com/de/index.html
IE - HKCU\..\URLSearchHook:  - No CLSID value found
IE - HKCU\..\SearchScopes,DefaultScope = {6A1806CD-94D4-4689-BA73-E35EA1EA9990}
IE - HKCU\..\SearchScopes\{6552C7DD-90A4-4387-B795-F8F96747DE19}: "URL" = hxxp://search.icq.com/search/results.php?q={searchTerms}&ch_id=osd
IE - HKCU\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = hxxp://www.google.com/search?q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&sourceid=ie7&rlz=1I7SVEE_deDE413DE413
IE - HKCU\..\SearchScopes\{89616134-0458-4972-B851-E92B7D44C4C7}: "URL" = hxxp://rover.ebay.com/rover/1/707-37276-16609-9/4?satitle={searchTerms}
IE - HKCU\..\SearchScopes\{ADD2E8FB-7284-4AAB-B53D-B9A38F70BB3F}: "URL" = hxxp://de.shopping.com/?linkin_id=8056363
IE - HKCU\..\SearchScopes\{CA0BD1B5-A06D-4B17-B78F-31373DF84432}: "URL" = hxxp://services.zinio.com/search?s={searchTerms}&rf=sonyslices
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = <local>
 
========== FireFox ==========
 
FF - prefs.js..browser.search.defaultenginename: "ICQ Search"
FF - prefs.js..browser.search.selectedEngine: "Google"
FF - prefs.js..browser.search.useDBForOrder: true
FF - prefs.js..browser.startup.homepage: "hxxp://www.zeit.de/index"
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA}:6.0.23
FF - prefs.js..extensions.enabledItems: {e4a8a97b-f2ed-450b-b12d-ee082ba24781}:0.9.1
FF - prefs.js..extensions.enabledItems: {20cc25e2-48c9-45e1-9a1f-1ccc1882b81b}:1.9
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA}:6.0.24
FF - prefs.js..keyword.URL: "hxxp://search.icq.com/search/afe_results.php?ch_id=afex&tb_ver=1.1.9&q="
FF - user.js - File not found
 
FF:64bit: - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF64_11_1_102.dll File not found
FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32.dll ()
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files (x86)\Java\jre6\bin\new_plugin\npjp2.dll (Sun Microsystems, Inc.)
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files (x86)\Microsoft Silverlight\4.1.10111.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3502.0922: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll File not found
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files (x86)\Google\Update\1.3.21.99\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files (x86)\Google\Update\1.3.21.99\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files (x86)\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
 
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 11.0\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components [2012.03.19 09:59:44 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 11.0\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins [2012.01.11 21:33:33 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Thunderbird 10.0.2\extensions\\Components: C:\Program Files (x86)\Mozilla Thunderbird\components [2011.08.20 12:28:55 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Thunderbird 10.0.2\extensions\\Plugins: C:\Program Files (x86)\Mozilla Thunderbird\plugins
 
[2011.01.06 01:52:33 | 000,000,000 | ---D | M] (No name found) -- C:\Users\S\AppData\Roaming\mozilla\Extensions
[2011.01.06 01:52:33 | 000,000,000 | ---D | M] (No name found) -- C:\Users\S\AppData\Roaming\mozilla\Extensions\{3550f703-e582-4d05-9a08-453d09bdfdc6}
[2012.03.12 22:44:13 | 000,000,000 | ---D | M] (No name found) -- C:\Users\S\AppData\Roaming\mozilla\Firefox\Profiles\l062mb0m.default\extensions
[2011.01.04 23:15:03 | 000,000,000 | ---D | M] ("Facebook PhotoZoom") -- C:\Users\S\AppData\Roaming\mozilla\Firefox\Profiles\l062mb0m.default\extensions\{20cc25e2-48c9-45e1-9a1f-1ccc1882b81b}
[2011.10.15 13:31:06 | 000,000,000 | ---D | M] ("Free YouTube Download (Free Studio) Menu") -- C:\Users\S\AppData\Roaming\mozilla\Firefox\Profiles\l062mb0m.default\extensions\{ACAA314B-EEBA-48e4-AD47-84E31C44796C}
[2011.12.25 12:11:11 | 000,000,000 | ---D | M] (DownloadHelper) -- C:\Users\S\AppData\Roaming\mozilla\Firefox\Profiles\l062mb0m.default\extensions\{b9db16a4-6edc-47ec-a1f4-b86292ed211d}
[2012.03.01 18:00:21 | 000,000,000 | ---D | M] (Greasemonkey) -- C:\Users\S\AppData\Roaming\mozilla\Firefox\Profiles\l062mb0m.default\extensions\{e4a8a97b-f2ed-450b-b12d-ee082ba24781}
[2012.03.25 15:22:51 | 000,001,056 | ---- | M] () -- C:\Users\S\AppData\Roaming\Mozilla\Firefox\Profiles\l062mb0m.default\searchplugins\icqplugin.xml
[2011.03.05 16:34:09 | 000,001,583 | ---- | M] () -- C:\Users\S\AppData\Roaming\Mozilla\Firefox\Profiles\l062mb0m.default\searchplugins\web-search.xml
[2012.01.06 13:41:32 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files (x86)\mozilla firefox\extensions
() (No name found) -- C:\USERS\S\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\L062MB0M.DEFAULT\EXTENSIONS\{C45C406E-AB73-11D8-BE73-000A95BE3B12}.XPI
() (No name found) -- C:\USERS\S\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\L062MB0M.DEFAULT\EXTENSIONS\{D10D0BF8-F5B5-C8B4-A8B2-2B9879E08C5D}.XPI
() (No name found) -- C:\USERS\S\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\L062MB0M.DEFAULT\EXTENSIONS\{E9AD55AB-4D1C-42D2-A40C-A5563A9AD5E6}.XPI
() (No name found) -- C:\USERS\S\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\L062MB0M.DEFAULT\EXTENSIONS\FIREBUG@SOFTWARE.JOEHEWITT.COM.XPI
[2012.03.19 09:59:44 | 000,097,208 | ---- | M] (Mozilla Foundation) -- C:\Program Files (x86)\mozilla firefox\components\browsercomps.dll
[2011.10.03 05:06:04 | 000,476,904 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files (x86)\mozilla firefox\plugins\npdeployJava1.dll
[2010.12.09 12:47:06 | 000,012,800 | ---- | M] (Nullsoft, Inc.) -- C:\Program Files (x86)\mozilla firefox\plugins\npwachk.dll
[2011.11.05 05:38:54 | 000,001,392 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\amazondotcom-de.xml
[2011.11.05 05:32:18 | 000,002,252 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\bing.xml
[2011.11.05 05:38:54 | 000,001,153 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\eBay-de.xml
[2011.11.05 05:38:54 | 000,006,805 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\leo_ende_de.xml
[2011.11.05 05:38:54 | 000,001,178 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\wikipedia-de.xml
[2011.11.05 05:38:54 | 000,001,105 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\yahoo-de.xml
 
O1 HOSTS File: ([2009.06.10 23:00:26 | 000,000,824 | ---- | M]) - C:\Windows\SysNative\drivers\etc\hosts
O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - No CLSID value found.
O4:64bit: - HKLM..\Run: [Apoint] C:\Programme\Apoint\Apoint.exe (Alps Electric Co., Ltd.)
O4 - HKLM..\Run: []  File not found
O4 - HKLM..\Run: [avgnt] C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe (Avira Operations GmbH & Co. KG)
O4 - HKLM..\Run: [IAStorIcon] C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe (Intel Corporation)
O4 - HKLM..\Run: [ISBMgr.exe] C:\Program Files (x86)\Sony\ISB Utility\ISBMgr.exe (Sony Corporation)
O4 - HKLM..\Run: [StartCCC] C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe (Advanced Micro Devices, Inc.)
O4 - HKCU..\Run: [RocketDock] C:\Program Files (x86)\RocketDock\RocketDock.exe ()
O4 - HKLM..\RunOnce: [ Malwarebytes Anti-Malware ] C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe (Malwarebytes Corporation)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktop = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktopChanges = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableLUA = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: PromptOnSecureDesktop = 0
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108860
O8:64bit: - Extra context menu item: Free YouTube Download - C:\Users\S\AppData\Roaming\DVDVideoSoftIEHelpers\freeyoutubedownload.htm ()
O8:64bit: - Extra context menu item: Free YouTube to MP3 Converter - C:\Users\S\AppData\Roaming\DVDVideoSoftIEHelpers\freeyoutubetomp3converter.htm ()
O8:64bit: - Extra context menu item: Google Sidewiki... - res://C:\Program Files (x86)\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_E11712C84EA7E12B.dll/cmsidewiki.html File not found
O8:64bit: - Extra context menu item: Nach Microsoft E&xel exportieren - res://C:\PROGRA~2\MICROS~1\Office12\EXCEL.EXE/3000 File not found
O8 - Extra context menu item: Free YouTube Download - C:\Users\S\AppData\Roaming\DVDVideoSoftIEHelpers\freeyoutubedownload.htm ()
O8 - Extra context menu item: Free YouTube to MP3 Converter - C:\Users\S\AppData\Roaming\DVDVideoSoftIEHelpers\freeyoutubetomp3converter.htm ()
O8 - Extra context menu item: Google Sidewiki... - res://C:\Program Files (x86)\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_E11712C84EA7E12B.dll/cmsidewiki.html File not found
O8 - Extra context menu item: Nach Microsoft E&xel exportieren - res://C:\PROGRA~2\MICROS~1\Office12\EXCEL.EXE/3000 File not found
O9 - Extra Button: An OneNote senden - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~2\MICROS~1\Office12\ONBttnIE.dll (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : An OneNote s&enden - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~2\MICROS~1\Office12\ONBttnIE.dll (Microsoft Corporation)
O9 - Extra Button: PokerStars - {3AD14F0C-ED16-4e43-B6D8-661B03F6A1EF} - C:\Program Files (x86)\PokerStars\PokerStarsUpdate.exe (PokerStars)
O9 - Extra Button: ICQ7.5 - {7578ADEA-D65F-4C89-A249-B1C88B6FFC20} - C:\Program Files (x86)\ICQ7.5\ICQ.exe (ICQ, LLC.)
O9 - Extra 'Tools' menuitem : ICQ7.5 - {7578ADEA-D65F-4C89-A249-B1C88B6FFC20} - C:\Program Files (x86)\ICQ7.5\ICQ.exe (ICQ, LLC.)
O9 - Extra Button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~2\MICROS~1\Office12\REFIEBAR.DLL (Microsoft Corporation)
O9 - Extra Button: PartyPoker.com - {B7FE5D70-9AA2-40F1-9C6B-12A255F085E1} - C:\Users\S\Desktop\PartyPoker.lnk File not found
O9 - Extra 'Tools' menuitem : PartyPoker.com - {B7FE5D70-9AA2-40F1-9C6B-12A255F085E1} - C:\Users\S\Desktop\PartyPoker.lnk File not found
O1364bit: - gopher Prefix: missing
O13 - gopher Prefix: missing
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_20-windows-i586.cab (Java Plug-in 1.6.0_20)
O16 - DPF: {CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_20-windows-i586.cab (Java Plug-in 1.6.0_20)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_20-windows-i586.cab (Reg Error: Key error.)
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} hxxp://fpdownload2.macromedia.com/pub/shockwave/cabs/flash/swflash.cab (Shockwave Flash Object)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_29-windows-i586.cab (Java Plug-in 1.6.0_29)
O16 - DPF: {CAFEEFAC-0016-0000-0029-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_29-windows-i586.cab (Java Plug-in 1.6.0_29)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_29-windows-i586.cab (Java Plug-in 1.6.0_29)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.0.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{BC863AAA-54E2-4F05-A57B-5B003D0368DB}: DhcpNameServer = 192.168.0.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{C3FA99C0-6D20-46D3-A571-87208C430CB4}: DhcpNameServer = 192.168.0.1
O18:64bit: - Protocol\Handler\grooveLocalGWS - No CLSID value found
O18:64bit: - Protocol\Handler\ms-help - No CLSID value found
O18:64bit: - Protocol\Handler\skype4com - No CLSID value found
O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~2\COMMON~1\Skype\SKYPE4~1.DLL (Skype Technologies)
O18:64bit: - Protocol\Filter\text/xml {807563E5-5146-11D5-A672-00B0D022E945} - C:\Programme\Common Files\Microsoft Shared\OFFICE12\MSOXMLMF.DLL (Microsoft Corporation)
O18 - Protocol\Filter\text/xml {807563E5-5146-11D5-A672-00B0D022E945} - C:\PROGRA~2\COMMON~1\MICROS~1\OFFICE12\MSOXMLMF.DLL (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysNative\userinit.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: VMApplet - (SystemPropertiesPerformance.exe) - C:\Windows\SysNative\SystemPropertiesPerformance.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: VMApplet - (/pagefile) -  File not found
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\SysWow64\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (userinit.exe) - C:\Windows\SysWow64\userinit.exe (Microsoft Corporation)
O20 - HKLM Winlogon: VMApplet - (/pagefile) -  File not found
O20:64bit: - Winlogon\Notify\igfxcui: DllName - (igfxdev.dll) - C:\Windows\SysNative\igfxdev.dll (Intel Corporation)
O21:64bit: - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O32 - HKLM CDRom: AutoRun - 1
O33 - MountPoints2\{54b0a060-3ae6-11e1-a9a2-544249ef1016}\Shell - "" = AutoRun
O33 - MountPoints2\{54b0a060-3ae6-11e1-a9a2-544249ef1016}\Shell\AutoRun\command - "" = J:\KODAK_Camera_Setup_App.exe
O34 - HKLM BootExecute: (autocheck autochk *)
O35:64bit: - HKLM\..comfile [open] -- "%1" %*
O35:64bit: - HKLM\..exefile [open] -- "%1" %*
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37:64bit: - HKLM\...com [@ = comfile] -- "%1" %*
O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
 
========== Files/Folders - Created Within 30 Days ==========
 
[2012.03.27 11:05:49 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes' Anti-Malware
[2012.03.27 11:05:47 | 000,023,152 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\SysNative\drivers\mbam.sys
[2012.03.27 11:05:21 | 000,593,920 | ---- | C] (OldTimer Tools) -- C:\Users\S\Desktop\OTL.exe
[2012.03.27 11:04:58 | 009,502,424 | ---- | C] (Malwarebytes Corporation                                    ) -- C:\Users\S\Desktop\mbam--setup-1.60.1.1000.exe
[2012.03.26 23:00:59 | 000,000,000 | ---D | C] -- C:\Users\S\AppData\Roaming\Malwarebytes
[2012.03.26 23:00:47 | 000,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes
[2012.03.26 23:00:46 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Malwarebytes' Anti-Malware
[2012.03.18 19:52:32 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\PokerTH-0.9.3
[2012.03.17 21:52:57 | 000,000,000 | ---D | C] -- C:\Users\S\AppData\Local\PokerStars
[2012.03.17 21:52:55 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\PokerStars
[2012.03.17 21:52:33 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\PokerStars
[2012.03.14 13:04:55 | 005,504,880 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ntoskrnl.exe
[2012.03.14 13:04:55 | 003,957,616 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ntkrnlpa.exe
[2012.03.14 13:04:54 | 003,902,320 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ntoskrnl.exe
[2012.03.14 11:33:03 | 001,541,120 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\DWrite.dll
[2012.03.14 11:33:02 | 001,837,568 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\d3d10warp.dll
[2012.03.14 11:33:02 | 000,902,656 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\d2d1.dll
[2012.03.14 11:33:02 | 000,320,512 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\d3d10_1core.dll
[2012.03.14 11:33:02 | 000,197,120 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\d3d10_1.dll
[2012.03.14 11:32:27 | 001,031,680 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\rdpcore.dll
[2012.03.14 11:32:26 | 000,826,368 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\rdpcore.dll
[2012.03.14 11:32:25 | 000,149,504 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\rdpcorekmts.dll
[2012.03.14 11:32:25 | 000,076,288 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\rdpwsx.dll
[2012.03.14 11:32:25 | 000,009,216 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\rdrmemptylst.exe
[1 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ]
 
========== Files - Modified Within 30 Days ==========
 
[2012.03.27 12:01:35 | 000,013,664 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
[2012.03.27 12:01:35 | 000,013,664 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
[2012.03.27 11:59:01 | 001,613,412 | ---- | M] () -- C:\Windows\SysNative\PerfStringBackup.INI
[2012.03.27 11:59:01 | 000,697,098 | ---- | M] () -- C:\Windows\SysNative\perfh007.dat
[2012.03.27 11:59:01 | 000,652,376 | ---- | M] () -- C:\Windows\SysNative\perfh009.dat
[2012.03.27 11:59:01 | 000,148,362 | ---- | M] () -- C:\Windows\SysNative\perfc007.dat
[2012.03.27 11:59:01 | 000,121,308 | ---- | M] () -- C:\Windows\SysNative\perfc009.dat
[2012.03.27 11:53:33 | 000,001,120 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job
[2012.03.27 11:53:22 | 000,065,536 | ---- | M] () -- C:\Windows\SysNative\Ikeext.etl
[2012.03.27 11:53:12 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2012.03.27 11:53:05 | 3106,480,128 | -HS- | M] () -- C:\hiberfil.sys
[2012.03.27 11:26:00 | 000,001,124 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job
[2012.03.27 11:21:48 | 000,000,162 | -H-- | M] () -- C:\Users\S\Desktop\~$rmatvorlage_Leipzig.dot
[2012.03.27 11:05:49 | 000,001,109 | ---- | M] () -- C:\Users\Public\Desktop\ Malwarebytes Anti-Malware .lnk
[2012.03.27 11:05:23 | 000,593,920 | ---- | M] (OldTimer Tools) -- C:\Users\S\Desktop\OTL.exe
[2012.03.27 11:05:04 | 009,502,424 | ---- | M] (Malwarebytes Corporation                                    ) -- C:\Users\S\Desktop\mbam--setup-1.60.1.1000.exe
[2012.03.22 14:29:48 | 003,334,095 | ---- | M] () -- C:\Users\S\Desktop\BTA-59628780.pdf
[2012.03.20 20:37:55 | 002,031,429 | ---- | M] () -- C:\Users\S\Desktop\faltblatt_honky_lpz_2012_12s-web.pdf
[2012.03.19 18:42:44 | 000,572,207 | ---- | M] () -- C:\Users\S\Desktop\leistungsstruktur.jpg
[2012.03.18 21:21:02 | 000,717,605 | ---- | M] () -- C:\Users\S\Desktop\Unbenannt-1 Kopie.jpg
[2012.03.16 13:37:52 | 000,334,900 | ---- | M] () -- C:\Users\S\Desktop\fulltext.pdf
[2012.03.14 15:32:45 | 000,590,555 | ---- | M] () -- C:\Users\S\Desktop\vortragkamenalfermann_289945_2007.pdf
[2012.03.14 14:35:45 | 000,017,408 | ---- | M] () -- C:\Users\S\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2012.03.14 14:13:22 | 002,840,800 | ---- | M] () -- C:\Windows\SysNative\FNTCACHE.DAT
[2012.03.13 16:22:26 | 003,025,220 | ---- | M] () -- C:\Users\S\Desktop\Ben l Oncle Soul - 'Seven Nation Army' [cover] + transcript lyrics.mp3
[2012.03.13 16:20:21 | 002,044,769 | ---- | M] () -- C:\Users\S\Desktop\Ben l'oncle Soul - Seven Nation Army.mp3
[2012.03.13 16:07:41 | 000,039,319 | ---- | M] () -- C:\Users\S\Desktop\DFB-Mitglieder-Statistik-2011.pdf
[2012.03.11 12:36:45 | 863,472,378 | ---- | M] () -- C:\Users\S\Desktop\KONY_2012.mp4
[2012.02.29 20:08:19 | 000,035,266 | ---- | M] () -- C:\Users\S\Desktop\Youtube_logo.png
[2012.02.29 12:47:16 | 000,025,600 | ---- | M] () -- C:\Users\S\Desktop\Formatvorlage_Leipzig.dot
[2012.02.28 14:23:46 | 001,591,306 | ---- | M] () -- C:\Windows\SysWow64\PerfStringBackup.INI
[1 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ]
 
========== Files Created - No Company Name ==========
 
[2012.03.27 11:21:48 | 000,000,162 | -H-- | C] () -- C:\Users\S\Desktop\~$rmatvorlage_Leipzig.dot
[2012.03.27 11:05:49 | 000,001,109 | ---- | C] () -- C:\Users\Public\Desktop\ Malwarebytes Anti-Malware .lnk
[2012.03.22 14:29:48 | 003,334,095 | ---- | C] () -- C:\Users\S\Desktop\BTA-59628780.pdf
[2012.03.20 20:37:55 | 002,031,429 | ---- | C] () -- C:\Users\S\Desktop\faltblatt_honky_lpz_2012_12s-web.pdf
[2012.03.19 18:42:44 | 000,572,207 | ---- | C] () -- C:\Users\S\Desktop\leistungsstruktur.jpg
[2012.03.18 21:21:00 | 000,717,605 | ---- | C] () -- C:\Users\S\Desktop\Unbenannt-1 Kopie.jpg
[2012.03.16 13:37:52 | 000,334,900 | ---- | C] () -- C:\Users\S\Desktop\fulltext.pdf
[2012.03.14 15:32:45 | 000,590,555 | ---- | C] () -- C:\Users\S\Desktop\vortragkamenalfermann_289945_2007.pdf
[2012.03.13 16:22:14 | 003,025,220 | ---- | C] () -- C:\Users\S\Desktop\Ben l Oncle Soul - 'Seven Nation Army' [cover] + transcript lyrics.mp3
[2012.03.13 16:20:11 | 002,044,769 | ---- | C] () -- C:\Users\S\Desktop\Ben l'oncle Soul - Seven Nation Army.mp3
[2012.03.13 16:07:41 | 000,039,319 | ---- | C] () -- C:\Users\S\Desktop\DFB-Mitglieder-Statistik-2011.pdf
[2012.03.11 12:32:58 | 863,472,378 | ---- | C] () -- C:\Users\S\Desktop\KONY_2012.mp4
[2012.02.29 20:08:19 | 000,035,266 | ---- | C] () -- C:\Users\S\Desktop\Youtube_logo.png
[2012.02.29 12:47:15 | 000,025,600 | ---- | C] () -- C:\Users\S\Desktop\Formatvorlage_Leipzig.dot
[2012.01.21 15:38:23 | 001,591,306 | ---- | C] () -- C:\Windows\SysWow64\PerfStringBackup.INI
[2012.01.06 17:33:12 | 000,000,057 | ---- | C] () -- C:\ProgramData\Ament.ini
[2011.11.17 19:53:22 | 000,000,600 | ---- | C] () -- C:\Users\S\AppData\Local\PUTTY.RND
[2011.06.25 16:58:23 | 000,001,025 | ---- | C] () -- C:\Windows\SysWow64\sysprs7.dll
[2011.06.25 16:58:23 | 000,000,205 | ---- | C] () -- C:\Windows\SysWow64\lsprst7.dll
[2011.03.18 15:01:05 | 000,007,615 | ---- | C] () -- C:\Users\S\AppData\Local\resmon.resmoncfg
[2011.02.19 23:21:47 | 000,005,642 | -HS- | C] () -- C:\ProgramData\KGyGaAvL.sys
[2011.02.19 23:21:47 | 000,000,088 | RHS- | C] () -- C:\ProgramData\24C97DD5D8.sys
[2011.01.11 14:20:06 | 000,027,648 | ---- | C] () -- C:\Windows\SysWow64\AVSredirect.dll
[2011.01.08 20:59:13 | 000,000,032 | ---- | C] () -- C:\Windows\Menu.INI
[2011.01.06 22:02:23 | 000,017,408 | ---- | C] () -- C:\Users\S\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2011.01.06 02:37:05 | 000,540,178 | ---- | C] () -- C:\Windows\SysWow64\x264vfw.dll
[2011.01.06 02:37:04 | 003,596,288 | ---- | C] () -- C:\Windows\SysWow64\qt-dx331.dll
[2011.01.06 02:37:04 | 000,761,856 | ---- | C] () -- C:\Windows\SysWow64\xvidcore.dll
[2011.01.06 02:37:04 | 000,180,224 | ---- | C] () -- C:\Windows\SysWow64\xvidvfw.dll
[2011.01.06 02:37:01 | 000,019,968 | ---- | C] () -- C:\Windows\SysWow64\cpuinf32.dll
[2011.01.06 01:52:33 | 000,000,000 | ---- | C] () -- C:\Windows\nsreg.dat
[2011.01.04 01:43:14 | 000,000,056 | -H-- | C] () -- C:\Windows\SysWow64\ezsidmv.dat
[2010.10.08 08:55:10 | 000,002,023 | ---- | C] () -- C:\Windows\SysWow64\atipblag.dat
[2010.07.13 00:11:37 | 000,000,000 | ---- | C] () -- C:\Windows\ativpsrm.bin
[2010.07.12 22:27:34 | 000,870,560 | ---- | C] () -- C:\Windows\SysWow64\igkrng575.bin
[2010.07.12 22:27:34 | 000,208,896 | ---- | C] () -- C:\Windows\SysWow64\iglhsip32.dll
[2010.07.12 22:27:34 | 000,143,360 | ---- | C] () -- C:\Windows\SysWow64\iglhcp32.dll
[2010.07.12 22:27:33 | 000,104,636 | ---- | C] () -- C:\Windows\SysWow64\igfcg575m.bin
[2010.07.12 22:27:32 | 000,127,868 | ---- | C] () -- C:\Windows\SysWow64\igcompkrng575.bin
[2010.07.12 22:27:25 | 000,028,732 | ---- | C] () -- C:\Windows\SysWow64\ativvsny.dat
[2010.07.12 22:27:25 | 000,026,936 | ---- | C] () -- C:\Windows\SysWow64\ativvsnl.dat

< End of report >
         
Hab aber irgendwie Bedenken, ob das Virus weg ist. Seitdem gehts wieder alles. Hab jetzt nochmal Malwarebytes drüber laufen lassen und dann noch eine ESET Log erstellt. In einem anderen Thread hab ich das gelesen. Hier die Logs:

Code:
ATTFilter
 Malwarebytes Anti-Malware  (Test) 1.60.1.1000
www.malwarebytes.org

Datenbank Version: v2012.03.29.03

Windows 7 x64 NTFS
Internet Explorer 9.0.8112.16421
S :: SCHWEDE [Administrator]

Schutz: Deaktiviert

29.03.2012 11:57:18
mbam-log-2012-03-29 (11-57-18).txt

Art des Suchlaufs: Vollständiger Suchlauf
Aktivierte Suchlaufeinstellungen: Speicher | Autostart | Registrierung | Dateisystem | Heuristiks/Extra | HeuristiKs/Shuriken | PUP | PUM
Deaktivierte Suchlaufeinstellungen: P2P
Durchsuchte Objekte: 366095
Laufzeit: 1 Stunde(n), 13 Minute(n), 26 Sekunde(n)

Infizierte Speicherprozesse: 0
(Keine bösartigen Objekte gefunden)

Infizierte Speichermodule: 0
(Keine bösartigen Objekte gefunden)

Infizierte Registrierungsschlüssel: 0
(Keine bösartigen Objekte gefunden)

Infizierte Registrierungswerte: 0
(Keine bösartigen Objekte gefunden)

Infizierte Dateiobjekte der Registrierung: 0
(Keine bösartigen Objekte gefunden)

Infizierte Verzeichnisse: 0
(Keine bösartigen Objekte gefunden)

Infizierte Dateien: 0
(Keine bösartigen Objekte gefunden)

(Ende)
         
Code:
ATTFilter
ESETSmartInstaller@High as downloader log:
all ok
# version=7
# OnlineScannerApp.exe=1.0.0.1
# OnlineScanner.ocx=1.0.0.6583
# api_version=3.0.2
# EOSSerial=306476dcc9229040be0b1a929e2bd6b4
# end=finished
# remove_checked=false
# archives_checked=true
# unwanted_checked=true
# unsafe_checked=false
# antistealth_checked=true
# utc_time=2012-03-29 03:47:53
# local_time=2012-03-29 05:47:53 (+0100, Mitteleuropäische Sommerzeit)
# country="Germany"
# lang=1033
# osver=6.1.7600 NT 
# compatibility_mode=512 16777215 100 0 0 0 0 0
# compatibility_mode=1792 16777215 100 0 13996196 13996196 0 0
# compatibility_mode=5893 16776573 100 94 180610 84652803 0 0
# compatibility_mode=8192 67108863 100 0 105 105 0 0
# scanned=306285
# found=1
# cleaned=0
# scan_time=13120
E:\Dreckszeug\Nero_Setup7.8.5.0_Demo.exe	Win32/Toolbar.AskSBar application (unable to clean)	00000000000000000000000000000000	I
         
Ich wüsste jetzt gern, ob der Trojaner, oder was das auch immer war, weg ist. Vielen Dank schonmal für eure Hilfe!!!

Liebe Grüße
Micha

Alt 29.03.2012, 22:15   #2
cosinus
/// Winkelfunktion
/// TB-Süch-Tiger™
 
vermeintlicher BKA-Trojaner - wirklich weg? - Standard

vermeintlicher BKA-Trojaner - wirklich weg?



Malwarebytes erstellt bei jedem Scanvorgang genau ein Log. Hast du in der Vergangenheit schonmal mit Malwarebytes gescannt?
Wenn ja dann stehen auch alle Logs zu jedem Scanvorgang im Reiter Logdateien. Bitte alle posten, die dort sichtbar sind.
__________________

__________________

Alt 30.03.2012, 23:07   #3
micha-sdh
 
vermeintlicher BKA-Trojaner - wirklich weg? - Standard

vermeintlicher BKA-Trojaner - wirklich weg?



Leider hab ich Malwarebytes erst eingesetzt, als ich das Ding schon drauf hatte. Diese beiden Logs oben sind alle, die ich hab.
__________________

Alt 30.03.2012, 23:18   #4
cosinus
/// Winkelfunktion
/// TB-Süch-Tiger™
 
vermeintlicher BKA-Trojaner - wirklich weg? - Standard

vermeintlicher BKA-Trojaner - wirklich weg?



Mach bitte ein neues OTL-Log. Bitte alles nach Möglichkeit hier in CODE-Tags posten.

Wird so gemacht:

[code] hier steht das Log [/code]

Und das ganze sieht dann so aus:

Code:
ATTFilter
 hier steht das Log
         
CustomScan mit OTL

Falls noch nicht vorhanden, lade Dir bitte OTL von Oldtimer herunter und speichere es auf Deinem Desktop
  • Starte bitte die OTL.exe.
    Vista und Win7 User mit Rechtsklick "als Administrator starten"
  • Setze oben mittig den Haken bei Scanne alle Benutzer
  • Kopiere nun den kompletten Inhalt aus der untenstehenden Codebox in die Textbox von OTL - wenn OTL auf deutsch ist wird sie mit beschriftet
Code:
ATTFilter
netsvcs
msconfig
safebootminimal
safebootnetwork
activex
drivers32
%ALLUSERSPROFILE%\Application Data\*.
%ALLUSERSPROFILE%\Application Data\*.exe /s
%APPDATA%\*.
%APPDATA%\*.exe /s
%SYSTEMDRIVE%\*.exe
/md5start
wininit.exe
userinit.exe
eventlog.dll
scecli.dll
netlogon.dll
cngaudit.dll
ws2ifsl.sys
sceclt.dll
ntelogon.dll
winlogon.exe
logevent.dll
user32.DLL
iaStor.sys
nvstor.sys
atapi.sys
IdeChnDr.sys
viasraid.sys
AGP440.sys
vaxscsi.sys
nvatabus.sys
viamraid.sys
nvata.sys
nvgts.sys
iastorv.sys
ViPrt.sys
eNetHook.dll
ahcix86.sys
KR10N.sys
nvstor32.sys
ahcix86s.sys
/md5stop
%systemroot%\system32\drivers\*.sys /lockedfiles
%systemroot%\System32\config\*.sav
%systemroot%\*. /mp /s
%systemroot%\system32\*.dll /lockedfiles
CREATERESTOREPOINT
         
  • Schliesse bitte nun alle Programme. (Wichtig)
  • Klicke nun bitte auf den Quick Scan Button.
  • Klick auf .
  • Kopiere nun den Inhalt aus OTL.txt hier in Deinen Thread
__________________
"Die Wahrheit ist normalerweise nur eine Entschuldigung für einen Mangel an Fantasie." (Elim Garak)

Das Trojaner-Board unterstützen
Warum Linux besser als Windows ist!

Alt 01.04.2012, 16:24   #5
micha-sdh
 
vermeintlicher BKA-Trojaner - wirklich weg? - Standard

vermeintlicher BKA-Trojaner - wirklich weg?



Ok. Hab ich gemacht. Hier die Log:
OTL Logfile:
Code:
ATTFilter
OTL logfile created on: 01.04.2012 16:29:02 - Run 2
OTL by OldTimer - Version 3.2.39.2     Folder = C:\Users\S\Desktop
64bit- Home Premium Edition  (Version = 6.1.7600) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
 
3,86 Gb Total Physical Memory | 2,59 Gb Available Physical Memory | 67,21% Memory free
7,71 Gb Paging File | 5,99 Gb Available in Paging File | 77,65% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 236,56 Gb Total Space | 154,67 Gb Free Space | 65,38% Space Free | Partition Type: NTFS
Drive E: | 215,77 Gb Total Space | 112,45 Gb Free Space | 52,11% Space Free | Partition Type: NTFS
 
Computer Name: SCHWEDE | User Name: S | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users | Quick Scan | Include 64bit Scans
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days
 
========== Processes (SafeList) ==========
 
PRC - C:\Users\S\Desktop\OTL.exe (OldTimer Tools)
PRC - C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe (Malwarebytes Corporation)
PRC - C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe (Adobe Systems Incorporated)
PRC - C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe (Avira Operations GmbH & Co. KG)
PRC - C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe (Avira Operations GmbH & Co. KG)
PRC - C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe (Avira Operations GmbH & Co. KG)
PRC - C:\Programme\Sony\VAIO Care\VCService.exe (Sony Corporation)
PRC - C:\Program Files (x86)\Sony\VAIO Event Service\VESMgr.exe (Sony Corporation)
PRC - C:\Program Files (x86)\Sony\VAIO Event Service\VESMgrSub.exe (Sony Corporation)
PRC - C:\Program Files (x86)\Sony\ISB Utility\ISBMgr.exe (Sony Corporation)
PRC - C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe (Intel Corporation)
PRC - C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe (Intel Corporation)
PRC - C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe (Intel Corporation)
PRC - C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe (Intel Corporation)
PRC - C:\Program Files (x86)\ArcSoft\Magic-i Visual Effects 2\uCamMonitor.exe (ArcSoft, Inc.)
PRC - C:\Program Files (x86)\RocketDock\RocketDock.exe ()
 
 
========== Modules (No Company Name) ==========
 
MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\IAStorUtil\966a138f3aed60400472ac415bd16bc8\IAStorUtil.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Runtime.Remo#\0a894f77b9aa64acbd3ce791916357d8\System.Runtime.Remoting.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\ff30db6905f8ec024fc808ed8779c0f3\System.Windows.Forms.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Drawing\a09ee392fa90849f2e9313a1ebbe0279\System.Drawing.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\WindowsBase\585ac5899ab444221c8b41df13b194bc\WindowsBase.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Xml\d49f4cb0755ccc34cd35ff96dc2ef9e3\System.Xml.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Configuration\15742b3597258ce67cbe219005c197e5\System.Configuration.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\System\1f14b3e1ee0847f8662f513e67f92547\System.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\1b31ced9bb880d94fff1c6d47c16a81e\mscorlib.ni.dll ()
MOD - C:\Windows\assembly\GAC_MSIL\mscorlib.resources\2.0.0.0_de_b77a5c561934e089\mscorlib.resources.dll ()
MOD - C:\Windows\assembly\GAC_MSIL\System.Runtime.Remoting.resources\2.0.0.0_de_b77a5c561934e089\System.Runtime.Remoting.resources.dll ()
MOD - C:\Program Files (x86)\RocketDock\Docklets\StackDocklet\StackDocklet.dll ()
MOD - C:\Program Files (x86)\RocketDock\RocketDock.exe ()
MOD - C:\Program Files (x86)\RocketDock\RocketDock.dll ()
 
 
========== Win32 Services (SafeList) ==========
 
SRV:64bit: - (SampleCollector) -- C:\Program Files\Sony\VAIO Care\VCPerfService.exe (Sony Corporation)
SRV:64bit: - (AMD External Events Utility) -- C:\Windows\SysNative\atiesrxx.exe (AMD)
SRV - (MBAMService) -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe (Malwarebytes Corporation)
SRV - (AdobeARMservice) -- C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe (Adobe Systems Incorporated)
SRV - (VUAgent) -- C:\Programme\Sony\VAIO Update Common\VUAgent.exe (Sony Corporation)
SRV - (AntiVirSchedulerService) -- C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe (Avira Operations GmbH & Co. KG)
SRV - (AntiVirService) -- C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe (Avira Operations GmbH & Co. KG)
SRV - (Steam Client Service) -- C:\Program Files (x86)\Common Files\Steam\SteamService.exe (Valve Corporation)
SRV - (VCService) -- C:\Programme\Sony\VAIO Care\VCService.exe (Sony Corporation)
SRV - (FLEXnet Licensing Service) -- C:\Program Files (x86)\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe (Acresso Software Inc.)
SRV - (VAIO Power Management) -- C:\Programme\Sony\VAIO Power Management\SPMService.exe (Sony Corporation)
SRV - (btwdins) -- C:\Programme\WIDCOMM\Bluetooth Software\btwdins.exe (Broadcom Corporation.)
SRV - (VSNService) -- C:\Programme\Sony\VAIO Smart Network\VSNService.exe (Sony Corporation)
SRV - (PMBDeviceInfoProvider) -- C:\Program Files (x86)\Sony\PMB\PMBDeviceInfoProvider.exe (Sony Corporation)
SRV - (VAIO Event Service) -- C:\Program Files (x86)\Sony\VAIO Event Service\VESMgr.exe (Sony Corporation)
SRV - (UNS) Intel(R) -- C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe (Intel Corporation)
SRV - (LMS) Intel(R) -- C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe (Intel Corporation)
SRV - (CVPND) -- C:\Program Files (x86)\Cisco Systems\VPN Client\cvpnd.exe (Cisco Systems, Inc.)
SRV - (clr_optimization_v4.0.30319_32) -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe (Microsoft Corporation)
SRV - (ACDaemon) -- C:\Program Files (x86)\Common Files\ArcSoft\Connection Service\Bin\ACService.exe (ArcSoft Inc.)
SRV - (IAStorDataMgrSvc) Intel(R) -- C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe (Intel Corporation)
SRV - (AdobeActiveFileMonitor8.0) -- C:\Program Files (x86)\Adobe\Elements Organizer 8.0\PhotoshopElementsFileAgent.exe (Adobe Systems Incorporated)
SRV - (clr_optimization_v2.0.50727_32) -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe (Microsoft Corporation)
SRV - (uCamMonitor) -- C:\Program Files (x86)\ArcSoft\Magic-i Visual Effects 2\uCamMonitor.exe (ArcSoft, Inc.)
 
 
========== Driver Services (SafeList) ==========
 
DRV:64bit: - (avipbb) -- C:\Windows\SysNative\drivers\avipbb.sys (Avira GmbH)
DRV:64bit: - (MBAMProtector) -- C:\Windows\SysNative\drivers\mbam.sys (Malwarebytes Corporation)
DRV:64bit: - (avgntflt) -- C:\Windows\SysNative\drivers\avgntflt.sys (Avira GmbH)
DRV:64bit: - (avkmgr) -- C:\Windows\SysNative\drivers\avkmgr.sys (Avira GmbH)
DRV:64bit: - (amdsata) -- C:\Windows\SysNative\drivers\amdsata.sys (Advanced Micro Devices)
DRV:64bit: - (amdxata) -- C:\Windows\SysNative\drivers\amdxata.sys (Advanced Micro Devices)
DRV:64bit: - (dtsoftbus01) -- C:\Windows\SysNative\drivers\dtsoftbus01.sys (DT Soft Ltd)
DRV:64bit: - (atikmdag) -- C:\Windows\SysNative\drivers\atikmdag.sys (ATI Technologies Inc.)
DRV:64bit: - (amdkmdag) -- C:\Windows\SysNative\drivers\atikmdag.sys (ATI Technologies Inc.)
DRV:64bit: - (amdkmdap) -- C:\Windows\SysNative\drivers\atikmpag.sys (Advanced Micro Devices, Inc.)
DRV:64bit: - (IntcDAud) Intel(R) -- C:\Windows\SysNative\drivers\IntcDAud.sys (Intel(R) Corporation)
DRV:64bit: - (igfx) -- C:\Windows\SysNative\drivers\igdkmd64.sys (Intel Corporation)
DRV:64bit: - (btwrchid) -- C:\Windows\SysNative\drivers\btwrchid.sys (Broadcom Corporation.)
DRV:64bit: - (btwampfl) -- C:\Windows\SysNative\drivers\btwampfl.sys (Broadcom Corporation.)
DRV:64bit: - (btwavdt) -- C:\Windows\SysNative\drivers\btwavdt.sys (Broadcom Corporation.)
DRV:64bit: - (btwaudio) -- C:\Windows\SysNative\drivers\btwaudio.sys (Broadcom Corporation.)
DRV:64bit: - (btwl2cap) -- C:\Windows\SysNative\drivers\btwl2cap.sys (Broadcom Corporation.)
DRV:64bit: - (risdsnpe) -- C:\Windows\SysNative\drivers\risdsne64.sys (REDC)
DRV:64bit: - (rimspci) -- C:\Windows\SysNative\drivers\rimssne64.sys (REDC)
DRV:64bit: - (ApfiltrService) -- C:\Windows\SysNative\drivers\Apfiltr.sys (Alps Electric Co., Ltd.)
DRV:64bit: - (yukonw7) -- C:\Windows\SysNative\drivers\yk62x64.sys (Marvell)
DRV:64bit: - (athr) -- C:\Windows\SysNative\drivers\athrx.sys (Atheros Communications, Inc.)
DRV:64bit: - (RTHDMIAzAudService) -- C:\Windows\SysNative\drivers\RtHDMIVX.sys (Realtek Semiconductor Corp.)
DRV:64bit: - (Impcd) -- C:\Windows\SysNative\drivers\Impcd.sys (Intel Corporation)
DRV:64bit: - (HECIx64) Intel(R) -- C:\Windows\SysNative\drivers\HECIx64.sys (Intel Corporation)
DRV:64bit: - (SFEP) -- C:\Windows\SysNative\drivers\SFEP.sys (Sony Corporation)
DRV:64bit: - (CVPNDRVA) -- C:\Windows\SysNative\drivers\CVPNDRVA.sys ()
DRV:64bit: - (iaStor) -- C:\Windows\SysNative\drivers\iaStor.sys (Intel Corporation)
DRV:64bit: - (CVirtA) -- C:\Windows\SysNative\drivers\CVirtA64.sys (Cisco Systems, Inc.)
DRV:64bit: - (sdbus) -- C:\Windows\SysNative\drivers\sdbus.sys (Microsoft Corporation)
DRV:64bit: - (amdsbs) -- C:\Windows\SysNative\drivers\amdsbs.sys (AMD Technologies Inc.)
DRV:64bit: - (LSI_SAS2) -- C:\Windows\SysNative\drivers\lsi_sas2.sys (LSI Corporation)
DRV:64bit: - (HpSAMD) -- C:\Windows\SysNative\drivers\HpSAMD.sys (Hewlett-Packard Company)
DRV:64bit: - (Fs_Rec) -- C:\Windows\SysNative\drivers\fs_rec.sys (Microsoft Corporation)
DRV:64bit: - (stexstor) -- C:\Windows\SysNative\drivers\stexstor.sys (Promise Technology)
DRV:64bit: - (StillCam) -- C:\Windows\SysNative\drivers\serscan.sys (Microsoft Corporation)
DRV:64bit: - (irda) -- C:\Windows\SysNative\drivers\irda.sys (Microsoft Corporation)
DRV:64bit: - (Dot4Scan) -- C:\Windows\SysNative\drivers\Dot4Scan.sys (Microsoft Corporation)
DRV:64bit: - (ebdrv) -- C:\Windows\SysNative\drivers\evbda.sys (Broadcom Corporation)
DRV:64bit: - (b06bdrv) -- C:\Windows\SysNative\drivers\bxvbda.sys (Broadcom Corporation)
DRV:64bit: - (b57nd60a) -- C:\Windows\SysNative\drivers\b57nd60a.sys (Broadcom Corporation)
DRV:64bit: - (hcw85cir) -- C:\Windows\SysNative\drivers\hcw85cir.sys (Hauppauge Computer Works, Inc.)
DRV:64bit: - (ArcSoftKsUFilter) -- C:\Windows\SysNative\drivers\ArcSoftKsUFilter.sys (ArcSoft, Inc.)
DRV:64bit: - (FTDIBUS) -- C:\Windows\SysNative\drivers\ftdibus.sys (FTDI Ltd.)
DRV:64bit: - (FTSER2K) -- C:\Windows\SysNative\drivers\ftser2k.sys (FTDI Ltd.)
DRV:64bit: - (DNE) -- C:\Windows\SysNative\drivers\dne64x.sys (Deterministic Networks, Inc.)
DRV:64bit: - (PxHlpa64) -- C:\Windows\SysNative\drivers\PxHlpa64.sys (Sonic Solutions)
DRV:64bit: - (STIrUsb) -- C:\Windows\SysNative\drivers\irstusb.sys (SigmaTel, Inc.)
DRV - (WinRing0_1_2_0) -- C:\Users\S\AppData\Local\Microsoft\Windows Sidebar\Gadgets\IntelCoreSeries24.gadget\WinRing0x64.sys (OpenLibSys.org)
DRV - (WIMMount) -- C:\Windows\SysWOW64\drivers\wimmount.sys (Microsoft Corporation)
DRV - (PolarUSB) -- C:\Windows\SysWOW64\drivers\PolarUSB.sys (Polar Electro)
 
 
========== Standard Registry (SafeList) ==========
 
 
========== Internet Explorer ==========
 
IE:64bit: - HKLM\..\SearchScopes,DefaultScope = {6A1806CD-94D4-4689-BA73-E35EA1EA9990}
IE:64bit: - HKLM\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = hxxp://www.google.com/search?q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&sourceid=ie7
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
IE - HKLM\..\SearchScopes,DefaultScope = {6A1806CD-94D4-4689-BA73-E35EA1EA9990}
IE - HKLM\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = hxxp://www.google.com/search?q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&sourceid=ie7
 
 
IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
 
IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
 
 
 
IE - HKU\S-1-5-21-2356455393-4161031106-362288086-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Default Download Directory = C:\Users\S\Desktop
IE - HKU\S-1-5-21-2356455393-4161031106-362288086-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://www.google.com/ig/redirectdomain?brand=SVEE&bmod=SVEE
IE - HKU\S-1-5-21-2356455393-4161031106-362288086-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.spox.com/de/index.html
IE - HKU\S-1-5-21-2356455393-4161031106-362288086-1000\..\URLSearchHook:  - No CLSID value found
IE - HKU\S-1-5-21-2356455393-4161031106-362288086-1000\..\SearchScopes,DefaultScope = {6A1806CD-94D4-4689-BA73-E35EA1EA9990}
IE - HKU\S-1-5-21-2356455393-4161031106-362288086-1000\..\SearchScopes\{6552C7DD-90A4-4387-B795-F8F96747DE19}: "URL" = hxxp://search.icq.com/search/results.php?q={searchTerms}&ch_id=osd
IE - HKU\S-1-5-21-2356455393-4161031106-362288086-1000\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = hxxp://www.google.com/search?q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&sourceid=ie7&rlz=1I7SVEE_deDE413DE413
IE - HKU\S-1-5-21-2356455393-4161031106-362288086-1000\..\SearchScopes\{89616134-0458-4972-B851-E92B7D44C4C7}: "URL" = hxxp://rover.ebay.com/rover/1/707-37276-16609-9/4?satitle={searchTerms}
IE - HKU\S-1-5-21-2356455393-4161031106-362288086-1000\..\SearchScopes\{ADD2E8FB-7284-4AAB-B53D-B9A38F70BB3F}: "URL" = hxxp://de.shopping.com/?linkin_id=8056363
IE - HKU\S-1-5-21-2356455393-4161031106-362288086-1000\..\SearchScopes\{CA0BD1B5-A06D-4B17-B78F-31373DF84432}: "URL" = hxxp://services.zinio.com/search?s={searchTerms}&rf=sonyslices
IE - HKU\S-1-5-21-2356455393-4161031106-362288086-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKU\S-1-5-21-2356455393-4161031106-362288086-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = <local>
 
========== FireFox ==========
 
FF - prefs.js..browser.search.defaultenginename: "ICQ Search"
FF - prefs.js..browser.search.selectedEngine: "Google"
FF - prefs.js..browser.search.useDBForOrder: true
FF - prefs.js..browser.startup.homepage: "hxxp://www.zeit.de/index"
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA}:6.0.23
FF - prefs.js..extensions.enabledItems: {e4a8a97b-f2ed-450b-b12d-ee082ba24781}:0.9.1
FF - prefs.js..extensions.enabledItems: {20cc25e2-48c9-45e1-9a1f-1ccc1882b81b}:1.9
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA}:6.0.24
FF - prefs.js..keyword.URL: "hxxp://search.icq.com/search/afe_results.php?ch_id=afex&tb_ver=1.1.9&q="
FF - user.js - File not found
 
FF:64bit: - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF64_11_1_102.dll File not found
FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32.dll ()
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files (x86)\Java\jre6\bin\new_plugin\npjp2.dll (Sun Microsystems, Inc.)
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files (x86)\Microsoft Silverlight\4.1.10111.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3502.0922: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll File not found
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files (x86)\Google\Update\1.3.21.111\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files (x86)\Google\Update\1.3.21.111\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files (x86)\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
 
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 11.0\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components [2012.03.19 09:59:44 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 11.0\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins [2012.01.11 21:33:33 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Thunderbird 10.0.2\extensions\\Components: C:\Program Files (x86)\Mozilla Thunderbird\components [2011.08.20 12:28:55 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Thunderbird 10.0.2\extensions\\Plugins: C:\Program Files (x86)\Mozilla Thunderbird\plugins
 
[2011.01.06 01:52:33 | 000,000,000 | ---D | M] (No name found) -- C:\Users\S\AppData\Roaming\mozilla\Extensions
[2011.01.06 01:52:33 | 000,000,000 | ---D | M] (No name found) -- C:\Users\S\AppData\Roaming\mozilla\Extensions\{3550f703-e582-4d05-9a08-453d09bdfdc6}
[2012.03.30 16:04:19 | 000,000,000 | ---D | M] (No name found) -- C:\Users\S\AppData\Roaming\mozilla\Firefox\Profiles\l062mb0m.default\extensions
[2011.01.04 23:15:03 | 000,000,000 | ---D | M] ("Facebook PhotoZoom") -- C:\Users\S\AppData\Roaming\mozilla\Firefox\Profiles\l062mb0m.default\extensions\{20cc25e2-48c9-45e1-9a1f-1ccc1882b81b}
[2011.10.15 13:31:06 | 000,000,000 | ---D | M] ("Free YouTube Download (Free Studio) Menu") -- C:\Users\S\AppData\Roaming\mozilla\Firefox\Profiles\l062mb0m.default\extensions\{ACAA314B-EEBA-48e4-AD47-84E31C44796C}
[2012.03.30 16:04:19 | 000,000,000 | ---D | M] (DownloadHelper) -- C:\Users\S\AppData\Roaming\mozilla\Firefox\Profiles\l062mb0m.default\extensions\{b9db16a4-6edc-47ec-a1f4-b86292ed211d}
[2012.03.01 18:00:21 | 000,000,000 | ---D | M] (Greasemonkey) -- C:\Users\S\AppData\Roaming\mozilla\Firefox\Profiles\l062mb0m.default\extensions\{e4a8a97b-f2ed-450b-b12d-ee082ba24781}
[2012.03.25 15:22:51 | 000,001,056 | ---- | M] () -- C:\Users\S\AppData\Roaming\Mozilla\Firefox\Profiles\l062mb0m.default\searchplugins\icqplugin.xml
[2011.03.05 16:34:09 | 000,001,583 | ---- | M] () -- C:\Users\S\AppData\Roaming\Mozilla\Firefox\Profiles\l062mb0m.default\searchplugins\web-search.xml
[2012.01.06 13:41:32 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files (x86)\mozilla firefox\extensions
() (No name found) -- C:\USERS\S\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\L062MB0M.DEFAULT\EXTENSIONS\{C45C406E-AB73-11D8-BE73-000A95BE3B12}.XPI
() (No name found) -- C:\USERS\S\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\L062MB0M.DEFAULT\EXTENSIONS\{D10D0BF8-F5B5-C8B4-A8B2-2B9879E08C5D}.XPI
() (No name found) -- C:\USERS\S\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\L062MB0M.DEFAULT\EXTENSIONS\{E9AD55AB-4D1C-42D2-A40C-A5563A9AD5E6}.XPI
() (No name found) -- C:\USERS\S\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\L062MB0M.DEFAULT\EXTENSIONS\FIREBUG@SOFTWARE.JOEHEWITT.COM.XPI
[2012.03.19 09:59:44 | 000,097,208 | ---- | M] (Mozilla Foundation) -- C:\Program Files (x86)\mozilla firefox\components\browsercomps.dll
[2011.10.03 05:06:04 | 000,476,904 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files (x86)\mozilla firefox\plugins\npdeployJava1.dll
[2010.12.09 12:47:06 | 000,012,800 | ---- | M] (Nullsoft, Inc.) -- C:\Program Files (x86)\mozilla firefox\plugins\npwachk.dll
[2011.11.05 05:38:54 | 000,001,392 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\amazondotcom-de.xml
[2011.11.05 05:32:18 | 000,002,252 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\bing.xml
[2011.11.05 05:38:54 | 000,001,153 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\eBay-de.xml
[2011.11.05 05:38:54 | 000,006,805 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\leo_ende_de.xml
[2011.11.05 05:38:54 | 000,001,178 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\wikipedia-de.xml
[2011.11.05 05:38:54 | 000,001,105 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\yahoo-de.xml
 
O1 HOSTS File: ([2009.06.10 23:00:26 | 000,000,824 | ---- | M]) - C:\Windows\SysNative\drivers\etc\hosts
O3 - HKU\S-1-5-21-2356455393-4161031106-362288086-1000\..\Toolbar\WebBrowser: (no name) - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - No CLSID value found.
O4:64bit: - HKLM..\Run: [Apoint] C:\Programme\Apoint\Apoint.exe (Alps Electric Co., Ltd.)
O4 - HKLM..\Run: []  File not found
O4 - HKLM..\Run: [avgnt] C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe (Avira Operations GmbH & Co. KG)
O4 - HKLM..\Run: [IAStorIcon] C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe (Intel Corporation)
O4 - HKLM..\Run: [ISBMgr.exe] C:\Program Files (x86)\Sony\ISB Utility\ISBMgr.exe (Sony Corporation)
O4 - HKLM..\Run: [Malwarebytes' Anti-Malware] C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe (Malwarebytes Corporation)
O4 - HKLM..\Run: [StartCCC] C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe (Advanced Micro Devices, Inc.)
O4 - HKU\S-1-5-19..\Run: [Sidebar] C:\Program Files (x86)\Windows Sidebar\Sidebar.exe (Microsoft Corporation)
O4 - HKU\S-1-5-20..\Run: [Sidebar] C:\Program Files (x86)\Windows Sidebar\Sidebar.exe (Microsoft Corporation)
O4 - HKU\S-1-5-21-2356455393-4161031106-362288086-1000..\Run: [RocketDock] C:\Program Files (x86)\RocketDock\RocketDock.exe ()
O4 - HKU\S-1-5-19..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe File not found
O4 - HKU\S-1-5-20..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe File not found
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktop = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktopChanges = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableLUA = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: PromptOnSecureDesktop = 0
O7 - HKU\S-1-5-21-2356455393-4161031106-362288086-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-21-2356455393-4161031106-362288086-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108860
O8:64bit: - Extra context menu item: Free YouTube Download - C:\Users\S\AppData\Roaming\DVDVideoSoftIEHelpers\freeyoutubedownload.htm ()
O8:64bit: - Extra context menu item: Free YouTube to MP3 Converter - C:\Users\S\AppData\Roaming\DVDVideoSoftIEHelpers\freeyoutubetomp3converter.htm ()
O8:64bit: - Extra context menu item: Google Sidewiki... - res://C:\Program Files (x86)\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_E11712C84EA7E12B.dll/cmsidewiki.html File not found
O8:64bit: - Extra context menu item: Nach Microsoft E&xel exportieren - res://C:\PROGRA~2\MICROS~1\Office12\EXCEL.EXE/3000 File not found
O8 - Extra context menu item: Free YouTube Download - C:\Users\S\AppData\Roaming\DVDVideoSoftIEHelpers\freeyoutubedownload.htm ()
O8 - Extra context menu item: Free YouTube to MP3 Converter - C:\Users\S\AppData\Roaming\DVDVideoSoftIEHelpers\freeyoutubetomp3converter.htm ()
O8 - Extra context menu item: Google Sidewiki... - res://C:\Program Files (x86)\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_E11712C84EA7E12B.dll/cmsidewiki.html File not found
O8 - Extra context menu item: Nach Microsoft E&xel exportieren - res://C:\PROGRA~2\MICROS~1\Office12\EXCEL.EXE/3000 File not found
O9 - Extra Button: An OneNote senden - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~2\MICROS~1\Office12\ONBttnIE.dll (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : An OneNote s&enden - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~2\MICROS~1\Office12\ONBttnIE.dll (Microsoft Corporation)
O9 - Extra Button: PokerStars - {3AD14F0C-ED16-4e43-B6D8-661B03F6A1EF} - C:\Program Files (x86)\PokerStars\PokerStarsUpdate.exe (PokerStars)
O9 - Extra Button: ICQ7.5 - {7578ADEA-D65F-4C89-A249-B1C88B6FFC20} - C:\Program Files (x86)\ICQ7.5\ICQ.exe (ICQ, LLC.)
O9 - Extra 'Tools' menuitem : ICQ7.5 - {7578ADEA-D65F-4C89-A249-B1C88B6FFC20} - C:\Program Files (x86)\ICQ7.5\ICQ.exe (ICQ, LLC.)
O9 - Extra Button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~2\MICROS~1\Office12\REFIEBAR.DLL (Microsoft Corporation)
O9 - Extra Button: PartyPoker.com - {B7FE5D70-9AA2-40F1-9C6B-12A255F085E1} - C:\Users\S\Desktop\PartyPoker.lnk File not found
O9 - Extra 'Tools' menuitem : PartyPoker.com - {B7FE5D70-9AA2-40F1-9C6B-12A255F085E1} - C:\Users\S\Desktop\PartyPoker.lnk File not found
O1364bit: - gopher Prefix: missing
O13 - gopher Prefix: missing
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_20-windows-i586.cab (Java Plug-in 1.6.0_20)
O16 - DPF: {CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_20-windows-i586.cab (Java Plug-in 1.6.0_20)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_20-windows-i586.cab (Reg Error: Key error.)
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} hxxp://fpdownload2.macromedia.com/pub/shockwave/cabs/flash/swflash.cab (Shockwave Flash Object)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_29-windows-i586.cab (Java Plug-in 1.6.0_29)
O16 - DPF: {CAFEEFAC-0016-0000-0029-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_29-windows-i586.cab (Java Plug-in 1.6.0_29)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_29-windows-i586.cab (Java Plug-in 1.6.0_29)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.0.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{C3FA99C0-6D20-46D3-A571-87208C430CB4}: DhcpNameServer = 192.168.0.1
O18:64bit: - Protocol\Handler\grooveLocalGWS - No CLSID value found
O18:64bit: - Protocol\Handler\ms-help - No CLSID value found
O18:64bit: - Protocol\Handler\skype4com - No CLSID value found
O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~2\COMMON~1\Skype\SKYPE4~1.DLL (Skype Technologies)
O18:64bit: - Protocol\Filter\text/xml {807563E5-5146-11D5-A672-00B0D022E945} - C:\Programme\Common Files\Microsoft Shared\OFFICE12\MSOXMLMF.DLL (Microsoft Corporation)
O18 - Protocol\Filter\text/xml {807563E5-5146-11D5-A672-00B0D022E945} - C:\PROGRA~2\COMMON~1\MICROS~1\OFFICE12\MSOXMLMF.DLL (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysNative\userinit.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: VMApplet - (SystemPropertiesPerformance.exe) - C:\Windows\SysNative\SystemPropertiesPerformance.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: VMApplet - (/pagefile) -  File not found
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\SysWow64\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (userinit.exe) - C:\Windows\SysWow64\userinit.exe (Microsoft Corporation)
O20 - HKLM Winlogon: VMApplet - (/pagefile) -  File not found
O20:64bit: - Winlogon\Notify\igfxcui: DllName - (igfxdev.dll) - C:\Windows\SysNative\igfxdev.dll (Intel Corporation)
O21:64bit: - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O32 - HKLM CDRom: AutoRun - 1
O33 - MountPoints2\{54b0a060-3ae6-11e1-a9a2-544249ef1016}\Shell - "" = AutoRun
O33 - MountPoints2\{54b0a060-3ae6-11e1-a9a2-544249ef1016}\Shell\AutoRun\command - "" = J:\KODAK_Camera_Setup_App.exe
O34 - HKLM BootExecute: (autocheck autochk *)
O35:64bit: - HKLM\..comfile [open] -- "%1" %*
O35:64bit: - HKLM\..exefile [open] -- "%1" %*
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37:64bit: - HKLM\...com [@ = comfile] -- "%1" %*
O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
 
 
MsConfig:64bit - StartUpReg: Adobe ARM - hkey= - key= - C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe (Adobe Systems Incorporated)
MsConfig:64bit - StartUpReg: Akamai NetSession Interface - hkey= - key= -  File not found
MsConfig:64bit - StartUpReg: DAEMON Tools Lite - hkey= - key= - C:\Program Files (x86)\DAEMON Tools Lite\DTLite.exe (DT Soft Ltd)
MsConfig:64bit - StartUpReg: HP Deskjet 3070 B611 series (NET) - hkey= - key= - C:\Program Files\HP\HP Deskjet 3070 B611 series\Bin\ScanToPCActivationApp.exe (Hewlett-Packard Co.)
MsConfig:64bit - StartUpReg: HP Software Update - hkey= - key= - C:\Program Files (x86)\Hp\HP Software Update\HPWuSchd2.exe (Hewlett-Packard)
MsConfig:64bit - StartUpReg: ICQ - hkey= - key= -  File not found
MsConfig:64bit - StartUpReg: PMBVolumeWatcher - hkey= - key= - C:\Program Files (x86)\Sony\PMB\PMBVolumeWatcher.exe (Sony Corporation)
MsConfig:64bit - StartUpReg: Standby - hkey= - key= -  File not found
MsConfig:64bit - StartUpReg: Steam - hkey= - key= - C:\Program Files (x86)\Steam\Steam.exe (Valve Corporation)
MsConfig:64bit - StartUpReg: swg - hkey= - key= -  File not found
MsConfig:64bit - State: "startup" - Reg Error: Key error.
MsConfig:64bit - State: "services" - Reg Error: Key error.
 
SafeBootMin:64bit: AppMgmt - Service
SafeBootMin:64bit: Base - Driver Group
SafeBootMin:64bit: Boot Bus Extender - Driver Group
SafeBootMin:64bit: Boot file system - Driver Group
SafeBootMin:64bit: File system - Driver Group
SafeBootMin:64bit: Filter - Driver Group
SafeBootMin:64bit: HelpSvc - Service
SafeBootMin:64bit: MCODS - Reg Error: Value error.
SafeBootMin:64bit: PCI Configuration - Driver Group
SafeBootMin:64bit: PNP Filter - Driver Group
SafeBootMin:64bit: Primary disk - Driver Group
SafeBootMin:64bit: sacsvr - Service
SafeBootMin:64bit: SCSI Class - Driver Group
SafeBootMin:64bit: System Bus Extender - Driver Group
SafeBootMin:64bit: vmms - Service
SafeBootMin:64bit: {36FC9E60-C465-11CF-8056-444553540000} - Universal Serial Bus controllers
SafeBootMin:64bit: {4D36E965-E325-11CE-BFC1-08002BE10318} - CD-ROM Drive
SafeBootMin:64bit: {4D36E967-E325-11CE-BFC1-08002BE10318} - DiskDrive
SafeBootMin:64bit: {4D36E969-E325-11CE-BFC1-08002BE10318} - Standard floppy disk controller
SafeBootMin:64bit: {4D36E96A-E325-11CE-BFC1-08002BE10318} - Hdc
SafeBootMin:64bit: {4D36E96B-E325-11CE-BFC1-08002BE10318} - Keyboard
SafeBootMin:64bit: {4D36E96F-E325-11CE-BFC1-08002BE10318} - Mouse
SafeBootMin:64bit: {4D36E977-E325-11CE-BFC1-08002BE10318} - PCMCIA Adapters
SafeBootMin:64bit: {4D36E97B-E325-11CE-BFC1-08002BE10318} - SCSIAdapter
SafeBootMin:64bit: {4D36E97D-E325-11CE-BFC1-08002BE10318} - System
SafeBootMin:64bit: {4D36E980-E325-11CE-BFC1-08002BE10318} - Floppy disk drive
SafeBootMin:64bit: {533C5B84-EC70-11D2-9505-00C04F79DEAF} - Volume shadow copy
SafeBootMin:64bit: {6BDD1FC1-810F-11D0-BEC7-08002BE2092F} - IEEE 1394 Bus host controllers
SafeBootMin:64bit: {71A27CDD-812A-11D0-BEC7-08002BE2092F} - Volume
SafeBootMin:64bit: {745A17A0-74D3-11D0-B6FE-00A0C90F57DA} - Human Interface Devices
SafeBootMin:64bit: {D48179BE-EC20-11D1-B6B8-00C04FA372A7} - SBP2 IEEE 1394 Devices
SafeBootMin:64bit: {D94EE5D8-D189-4994-83D2-F68D7D41B0E6} - SecurityDevices
SafeBootMin: AppMgmt - Service
SafeBootMin: Base - Driver Group
SafeBootMin: Boot Bus Extender - Driver Group
SafeBootMin: Boot file system - Driver Group
SafeBootMin: File system - Driver Group
SafeBootMin: Filter - Driver Group
SafeBootMin: HelpSvc - Service
SafeBootMin: MCODS - Reg Error: Value error.
SafeBootMin: PCI Configuration - Driver Group
SafeBootMin: PNP Filter - Driver Group
SafeBootMin: Primary disk - Driver Group
SafeBootMin: sacsvr - Service
SafeBootMin: SCSI Class - Driver Group
SafeBootMin: System Bus Extender - Driver Group
SafeBootMin: vmms - Service
SafeBootMin: {36FC9E60-C465-11CF-8056-444553540000} - Universal Serial Bus controllers
SafeBootMin: {4D36E965-E325-11CE-BFC1-08002BE10318} - CD-ROM Drive
SafeBootMin: {4D36E967-E325-11CE-BFC1-08002BE10318} - DiskDrive
SafeBootMin: {4D36E969-E325-11CE-BFC1-08002BE10318} - Standard floppy disk controller
SafeBootMin: {4D36E96A-E325-11CE-BFC1-08002BE10318} - Hdc
SafeBootMin: {4D36E96B-E325-11CE-BFC1-08002BE10318} - Keyboard
SafeBootMin: {4D36E96F-E325-11CE-BFC1-08002BE10318} - Mouse
SafeBootMin: {4D36E977-E325-11CE-BFC1-08002BE10318} - PCMCIA Adapters
SafeBootMin: {4D36E97B-E325-11CE-BFC1-08002BE10318} - SCSIAdapter
SafeBootMin: {4D36E97D-E325-11CE-BFC1-08002BE10318} - System
SafeBootMin: {4D36E980-E325-11CE-BFC1-08002BE10318} - Floppy disk drive
SafeBootMin: {533C5B84-EC70-11D2-9505-00C04F79DEAF} - Volume shadow copy
SafeBootMin: {6BDD1FC1-810F-11D0-BEC7-08002BE2092F} - IEEE 1394 Bus host controllers
SafeBootMin: {71A27CDD-812A-11D0-BEC7-08002BE2092F} - Volume
SafeBootMin: {745A17A0-74D3-11D0-B6FE-00A0C90F57DA} - Human Interface Devices
SafeBootMin: {D48179BE-EC20-11D1-B6B8-00C04FA372A7} - SBP2 IEEE 1394 Devices
SafeBootMin: {D94EE5D8-D189-4994-83D2-F68D7D41B0E6} - SecurityDevices
 
SafeBootNet:64bit: AppMgmt - Service
SafeBootNet:64bit: Base - Driver Group
SafeBootNet:64bit: Boot Bus Extender - Driver Group
SafeBootNet:64bit: Boot file system - Driver Group
SafeBootNet:64bit: File system - Driver Group
SafeBootNet:64bit: Filter - Driver Group
SafeBootNet:64bit: HelpSvc - Service
SafeBootNet:64bit: Messenger - Service
SafeBootNet:64bit: NDIS Wrapper - Driver Group
SafeBootNet:64bit: NetBIOSGroup - Driver Group
SafeBootNet:64bit: NetDDEGroup - Driver Group
SafeBootNet:64bit: Network - Driver Group
SafeBootNet:64bit: NetworkProvider - Driver Group
SafeBootNet:64bit: PCI Configuration - Driver Group
SafeBootNet:64bit: PNP Filter - Driver Group
SafeBootNet:64bit: PNP_TDI - Driver Group
SafeBootNet:64bit: Primary disk - Driver Group
SafeBootNet:64bit: rdsessmgr - Service
SafeBootNet:64bit: sacsvr - Service
SafeBootNet:64bit: SCSI Class - Driver Group
SafeBootNet:64bit: Streams Drivers - Driver Group
SafeBootNet:64bit: System Bus Extender - Driver Group
SafeBootNet:64bit: TDI - Driver Group
SafeBootNet:64bit: vmms - Service
SafeBootNet:64bit: WudfUsbccidDriver - Driver
SafeBootNet:64bit: {36FC9E60-C465-11CF-8056-444553540000} - Universal Serial Bus controllers
SafeBootNet:64bit: {4D36E965-E325-11CE-BFC1-08002BE10318} - CD-ROM Drive
SafeBootNet:64bit: {4D36E967-E325-11CE-BFC1-08002BE10318} - DiskDrive
SafeBootNet:64bit: {4D36E969-E325-11CE-BFC1-08002BE10318} - Standard floppy disk controller
SafeBootNet:64bit: {4D36E96A-E325-11CE-BFC1-08002BE10318} - Hdc
SafeBootNet:64bit: {4D36E96B-E325-11CE-BFC1-08002BE10318} - Keyboard
SafeBootNet:64bit: {4D36E96F-E325-11CE-BFC1-08002BE10318} - Mouse
SafeBootNet:64bit: {4D36E972-E325-11CE-BFC1-08002BE10318} - Net
SafeBootNet:64bit: {4D36E973-E325-11CE-BFC1-08002BE10318} - NetClient
SafeBootNet:64bit: {4D36E974-E325-11CE-BFC1-08002BE10318} - NetService
SafeBootNet:64bit: {4D36E975-E325-11CE-BFC1-08002BE10318} - NetTrans
SafeBootNet:64bit: {4D36E977-E325-11CE-BFC1-08002BE10318} - PCMCIA Adapters
SafeBootNet:64bit: {4D36E97B-E325-11CE-BFC1-08002BE10318} - SCSIAdapter
SafeBootNet:64bit: {4D36E97D-E325-11CE-BFC1-08002BE10318} - System
SafeBootNet:64bit: {4D36E980-E325-11CE-BFC1-08002BE10318} - Floppy disk drive
SafeBootNet:64bit: {50DD5230-BA8A-11D1-BF5D-0000F805F530} - Smart card readers
SafeBootNet:64bit: {533C5B84-EC70-11D2-9505-00C04F79DEAF} - Volume shadow copy
SafeBootNet:64bit: {6BDD1FC1-810F-11D0-BEC7-08002BE2092F} - IEEE 1394 Bus host controllers
SafeBootNet:64bit: {71A27CDD-812A-11D0-BEC7-08002BE2092F} - Volume
SafeBootNet:64bit: {745A17A0-74D3-11D0-B6FE-00A0C90F57DA} - Human Interface Devices
SafeBootNet:64bit: {D48179BE-EC20-11D1-B6B8-00C04FA372A7} - SBP2 IEEE 1394 Devices
SafeBootNet:64bit: {D94EE5D8-D189-4994-83D2-F68D7D41B0E6} - SecurityDevices
SafeBootNet: AppMgmt - Service
SafeBootNet: Base - Driver Group
SafeBootNet: Boot Bus Extender - Driver Group
SafeBootNet: Boot file system - Driver Group
SafeBootNet: File system - Driver Group
SafeBootNet: Filter - Driver Group
SafeBootNet: HelpSvc - Service
SafeBootNet: Messenger - Service
SafeBootNet: NDIS Wrapper - Driver Group
SafeBootNet: NetBIOSGroup - Driver Group
SafeBootNet: NetDDEGroup - Driver Group
SafeBootNet: Network - Driver Group
SafeBootNet: NetworkProvider - Driver Group
SafeBootNet: PCI Configuration - Driver Group
SafeBootNet: PNP Filter - Driver Group
SafeBootNet: PNP_TDI - Driver Group
SafeBootNet: Primary disk - Driver Group
SafeBootNet: rdsessmgr - Service
SafeBootNet: sacsvr - Service
SafeBootNet: SCSI Class - Driver Group
SafeBootNet: Streams Drivers - Driver Group
SafeBootNet: System Bus Extender - Driver Group
SafeBootNet: TDI - Driver Group
SafeBootNet: vmms - Service
SafeBootNet: WudfUsbccidDriver - Driver
SafeBootNet: {36FC9E60-C465-11CF-8056-444553540000} - Universal Serial Bus controllers
SafeBootNet: {4D36E965-E325-11CE-BFC1-08002BE10318} - CD-ROM Drive
SafeBootNet: {4D36E967-E325-11CE-BFC1-08002BE10318} - DiskDrive
SafeBootNet: {4D36E969-E325-11CE-BFC1-08002BE10318} - Standard floppy disk controller
SafeBootNet: {4D36E96A-E325-11CE-BFC1-08002BE10318} - Hdc
SafeBootNet: {4D36E96B-E325-11CE-BFC1-08002BE10318} - Keyboard
SafeBootNet: {4D36E96F-E325-11CE-BFC1-08002BE10318} - Mouse
SafeBootNet: {4D36E972-E325-11CE-BFC1-08002BE10318} - Net
SafeBootNet: {4D36E973-E325-11CE-BFC1-08002BE10318} - NetClient
SafeBootNet: {4D36E974-E325-11CE-BFC1-08002BE10318} - NetService
SafeBootNet: {4D36E975-E325-11CE-BFC1-08002BE10318} - NetTrans
SafeBootNet: {4D36E977-E325-11CE-BFC1-08002BE10318} - PCMCIA Adapters
SafeBootNet: {4D36E97B-E325-11CE-BFC1-08002BE10318} - SCSIAdapter
SafeBootNet: {4D36E97D-E325-11CE-BFC1-08002BE10318} - System
SafeBootNet: {4D36E980-E325-11CE-BFC1-08002BE10318} - Floppy disk drive
SafeBootNet: {50DD5230-BA8A-11D1-BF5D-0000F805F530} - Smart card readers
SafeBootNet: {533C5B84-EC70-11D2-9505-00C04F79DEAF} - Volume shadow copy
SafeBootNet: {6BDD1FC1-810F-11D0-BEC7-08002BE2092F} - IEEE 1394 Bus host controllers
SafeBootNet: {71A27CDD-812A-11D0-BEC7-08002BE2092F} - Volume
SafeBootNet: {745A17A0-74D3-11D0-B6FE-00A0C90F57DA} - Human Interface Devices
SafeBootNet: {D48179BE-EC20-11D1-B6B8-00C04FA372A7} - SBP2 IEEE 1394 Devices
SafeBootNet: {D94EE5D8-D189-4994-83D2-F68D7D41B0E6} - SecurityDevices
 
ActiveX:64bit: {08B0E5C0-4FCB-11CF-AAA5-00401C608500} - Java (Sun)
ActiveX:64bit: {22d6f312-b0f6-11d0-94ab-0080c74c7e95} - Microsoft Windows Media Player 12.0
ActiveX:64bit: {2C7339CF-2B09-4501-B3F3-F3508C9228ED} - %SystemRoot%\system32\regsvr32.exe /s /n /i:/UserInstall %SystemRoot%\system32\themeui.dll
ActiveX:64bit: {3af36230-a269-11d1-b5bf-0000f8051515} - Offline Browsing Pack
ActiveX:64bit: {44BBA840-CC51-11CF-AAFA-00AA00B6015C} - "%ProgramFiles%\Windows Mail\WinMail.exe" OCInstallUserConfigOE
ActiveX:64bit: {44BBA855-CC51-11CF-AAFA-00AA00B6015F} - DirectDrawEx
ActiveX:64bit: {45ea75a0-a269-11d1-b5bf-0000f8051515} - Internet Explorer Help
ActiveX:64bit: {4f645220-306d-11d2-995d-00c04f98bbc9} - Microsoft Windows Script 5.6
ActiveX:64bit: {5fd399c0-a70a-11d1-9948-00c04f98bbc9} - Internet Explorer Setup Tools
ActiveX:64bit: {630b1da0-b465-11d1-9948-00c04f98bbc9} - Browsing Enhancements
ActiveX:64bit: {6BF52A52-394A-11d3-B153-00C04F79FAA6} - Microsoft Windows Media Player
ActiveX:64bit: {6fab99d0-bab8-11d1-994a-00c04f98bbc9} - MSN Site Access
ActiveX:64bit: {7790769C-0471-11d2-AF11-00C04FA35D02} - Address Book 7
ActiveX:64bit: {89820200-ECBD-11cf-8B85-00AA005B4340} - regsvr32.exe /s /n /i:U shell32.dll
ActiveX:64bit: {89820200-ECBD-11cf-8B85-00AA005B4383} - C:\Windows\System32\ie4uinit.exe -BaseSettings
ActiveX:64bit: {89B4C1CD-B018-4511-B0A1-5476DBF70820} - C:\Windows\system32\Rundll32.exe C:\Windows\system32\mscories.dll,Install
ActiveX:64bit: {9381D8F2-0288-11D0-9501-00AA00B911A5} - Dynamic HTML Data Binding
ActiveX:64bit: {C9E9A340-D1F1-11D0-821E-444553540600} - Internet Explorer Core Fonts
ActiveX:64bit: {de5aed00-a4bf-11d1-9948-00c04f98bbc9} - HTML Help
ActiveX:64bit: {E92B03AB-B707-11d2-9CBD-0000F87A369E} - Active Directory Service Interface
ActiveX:64bit: {F5B09CFD-F0B2-36AF-8DF4-1DF6B63FC7B4} - .NET Framework
ActiveX:64bit: {FEBEF00C-046D-438D-8A88-BF94A6C9E703} - .NET Framework
ActiveX:64bit: >{22d6f312-b0f6-11d0-94ab-0080c74c7e95} - %SystemRoot%\system32\unregmp2.exe /ShowWMP
ActiveX:64bit: >{26923b43-4d38-484f-9b9e-de460746276c} - C:\Windows\System32\ie4uinit.exe -UserIconConfig
ActiveX:64bit: >{60B49E34-C7CC-11D0-8953-00A0C90347FF} - 
ActiveX:64bit: >{F65A5BD6-CBD5-44BB-92EE-7CD500DC5948} - RunDLL32 IEDKCS32.DLL,BrandIE4 CUSTOM
ActiveX: {08B0E5C0-4FCB-11CF-AAA5-00401C608500} - Java (Sun)
ActiveX: {22d6f312-b0f6-11d0-94ab-0080c74c7e95} - Microsoft Windows Media Player 12.0
ActiveX: {25FFAAD0-F4A3-4164-95FF-4461E9F35D51} - .NET Framework
ActiveX: {2C7339CF-2B09-4501-B3F3-F3508C9228ED} - %SystemRoot%\system32\regsvr32.exe /s /n /i:/UserInstall %SystemRoot%\system32\themeui.dll
ActiveX: {3af36230-a269-11d1-b5bf-0000f8051515} - Offline Browsing Pack
ActiveX: {44BBA840-CC51-11CF-AAFA-00AA00B6015C} - "%ProgramFiles(x86)%\Windows Mail\WinMail.exe" OCInstallUserConfigOE
ActiveX: {44BBA855-CC51-11CF-AAFA-00AA00B6015F} - DirectDrawEx
ActiveX: {45ea75a0-a269-11d1-b5bf-0000f8051515} - Internet Explorer Help
ActiveX: {4f645220-306d-11d2-995d-00c04f98bbc9} - Microsoft Windows Script 5.6
ActiveX: {5fd399c0-a70a-11d1-9948-00c04f98bbc9} - Internet Explorer Setup Tools
ActiveX: {630b1da0-b465-11d1-9948-00c04f98bbc9} - Browsing Enhancements
ActiveX: {6BF52A52-394A-11d3-B153-00C04F79FAA6} - Microsoft Windows Media Player
ActiveX: {6fab99d0-bab8-11d1-994a-00c04f98bbc9} - MSN Site Access
ActiveX: {7790769C-0471-11d2-AF11-00C04FA35D02} - Address Book 7
ActiveX: {7C028AF8-F614-47B3-82DA-BA94E41B1089} - .NET Framework
ActiveX: {89820200-ECBD-11cf-8B85-00AA005B4340} - regsvr32.exe /s /n /i:U shell32.dll
ActiveX: {89820200-ECBD-11cf-8B85-00AA005B4383} - C:\Windows\SysWOW64\ie4uinit.exe -BaseSettings
ActiveX: {89B4C1CD-B018-4511-B0A1-5476DBF70820} - C:\Windows\SysWOW64\Rundll32.exe C:\Windows\SysWOW64\mscories.dll,Install
ActiveX: {9381D8F2-0288-11D0-9501-00AA00B911A5} - Dynamic HTML Data Binding
ActiveX: {C9E9A340-D1F1-11D0-821E-444553540600} - Internet Explorer Core Fonts
ActiveX: {CDD7975E-60F8-41d5-8149-19E51D6F71D0} - Windows Movie Maker 2.6
ActiveX: {D27CDB6E-AE6D-11CF-96B8-444553540000} - Adobe Flash Player
ActiveX: {de5aed00-a4bf-11d1-9948-00c04f98bbc9} - HTML Help
ActiveX: {E92B03AB-B707-11d2-9CBD-0000F87A369E} - Active Directory Service Interface
ActiveX: {F5B09CFD-F0B2-36AF-8DF4-1DF6B63FC7B4} - .NET Framework
ActiveX: >{22d6f312-b0f6-11d0-94ab-0080c74c7e95} - %SystemRoot%\system32\unregmp2.exe /ShowWMP
ActiveX: >{26923b43-4d38-484f-9b9e-de460746276c} - C:\Windows\SysWOW64\ie4uinit.exe -UserIconConfig
ActiveX: >{60B49E34-C7CC-11D0-8953-00A0C90347FF} - "C:\Windows\SysWOW64\rundll32.exe" "C:\Windows\SysWOW64\iedkcs32.dll",BrandIEActiveSetup SIGNUP
 
Drivers32:64bit: msacm.l3acm - C:\Windows\System32\l3codeca.acm (Fraunhofer Institut Integrierte Schaltungen IIS)
Drivers32: msacm.ac3acm - C:\Windows\SysWow64\ac3acm.acm (fccHandler)
Drivers32: msacm.divxa32 - C:\Windows\SysWow64\divxa32.acm (Kristal StudioDFileDescription)
Drivers32: msacm.l3acm - C:\Windows\SysWOW64\l3codeca.acm (Fraunhofer Institut Integrierte Schaltungen IIS)
Drivers32: msacm.l3fhg - C:\Windows\SysWow64\mp3fhg.acm (Fraunhofer Institut Integrierte Schaltungen IIS)
Drivers32: msacm.lameacm - C:\Windows\SysWow64\lameACM.acm (hxxp://www.mp3dev.org/)
Drivers32: VIDC.3iv2 - C:\Windows\SysWow64\3ivxVfWCodec.dll (3ivx.com)
Drivers32: vidc.cvid - C:\Windows\SysWow64\iccvid.dll (Radius Inc.)
Drivers32: VIDC.DIV3 - C:\Windows\SysWow64\DivXc32.dll (Hacked with Joy !)
Drivers32: VIDC.DIV4 - C:\Windows\SysWow64\DivXc32f.dll (Hacked with Joy !)
Drivers32: VIDC.DIVX - C:\Windows\SysWow64\divx.dll (DivX, Inc.)
Drivers32: vidc.i420 - C:\Windows\SysWow64\i420vfw.dll (www.helixcommunity.org)
Drivers32: VIDC.MP42 - MPG4C32.dll File not found
Drivers32: VIDC.MP43 - C:\Windows\SysWow64\msmpeg4.dll (Microsoft Corporation)
Drivers32: VIDC.MPG4 - C:\Windows\SysWow64\msmpeg4.dll (Microsoft Corporation)
Drivers32: VIDC.VP31 - C:\Windows\SysWow64\vp31vfw.dll (On2.com)
Drivers32: VIDC.VP60 - C:\Windows\SysWow64\vp6vfw.dll (On2.com)
Drivers32: VIDC.VP61 - C:\Windows\SysWow64\vp6vfw.dll (On2.com)
Drivers32: VIDC.VP62 - C:\Windows\SysWow64\vp6vfw.dll (On2.com)
Drivers32: VIDC.VP70 - C:\Windows\SysWow64\vp7vfw.dll (On2.com)
Drivers32: VIDC.wmv3 - C:\Windows\SysWow64\WMV9VCM.dll (Microsoft Corporation)
Drivers32: VIDC.X264 - C:\Windows\SysWow64\x264vfw.dll ()
Drivers32: VIDC.XVID - C:\Windows\SysWow64\xvidvfw.dll ()
Drivers32: vidc.yv12 - C:\Windows\SysWow64\yv12vfw.dll (www.helixcommunity.org)
 
CREATERESTOREPOINT
Restore point Set: OTL Restore Point
 
========== Files/Folders - Created Within 30 Days ==========
 
[2012.04.01 16:26:16 | 000,593,920 | ---- | C] (OldTimer Tools) -- C:\Users\S\Desktop\OTL.exe
[2012.03.29 14:07:28 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\ESET
[2012.03.29 11:55:55 | 002,322,184 | ---- | C] (ESET) -- C:\Users\S\Desktop\esetsmartinstaller_enu.exe
[2012.03.29 11:49:56 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes' Anti-Malware
[2012.03.29 11:49:55 | 000,023,152 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\SysNative\drivers\mbam.sys
[2012.03.29 11:49:55 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Malwarebytes' Anti-Malware
[2012.03.29 11:49:32 | 009,502,424 | ---- | C] (Malwarebytes Corporation                                    ) -- C:\Users\S\Desktop\mbam--setup-1.60.1.1000.exe
[2012.03.29 11:35:26 | 000,388,608 | ---- | C] (Trend Micro Inc.) -- C:\Users\S\Desktop\HiJackThis204.exe
[2012.03.28 18:42:47 | 000,000,000 | ---D | C] -- C:\Users\S\Desktop\Neuer Ordner
[2012.03.27 14:08:41 | 003,645,304 | ---- | C] (Piriform Ltd) -- C:\Users\S\Desktop\ccsetup317.exe
[2012.03.26 23:00:59 | 000,000,000 | ---D | C] -- C:\Users\S\AppData\Roaming\Malwarebytes
[2012.03.26 23:00:47 | 000,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes
[2012.03.18 19:52:32 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\PokerTH-0.9.3
[2012.03.17 21:52:57 | 000,000,000 | ---D | C] -- C:\Users\S\AppData\Local\PokerStars
[2012.03.17 21:52:55 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\PokerStars
[2012.03.17 21:52:33 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\PokerStars
[1 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ]
 
========== Files - Modified Within 30 Days ==========
 
[2012.04.01 16:31:00 | 000,001,124 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job
[2012.04.01 16:26:18 | 000,593,920 | ---- | M] (OldTimer Tools) -- C:\Users\S\Desktop\OTL.exe
[2012.04.01 16:19:41 | 001,613,412 | ---- | M] () -- C:\Windows\SysNative\PerfStringBackup.INI
[2012.04.01 16:19:41 | 000,697,098 | ---- | M] () -- C:\Windows\SysNative\perfh007.dat
[2012.04.01 16:19:41 | 000,652,376 | ---- | M] () -- C:\Windows\SysNative\perfh009.dat
[2012.04.01 16:19:41 | 000,148,362 | ---- | M] () -- C:\Windows\SysNative\perfc007.dat
[2012.04.01 16:19:41 | 000,121,308 | ---- | M] () -- C:\Windows\SysNative\perfc009.dat
[2012.04.01 16:18:56 | 000,013,664 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
[2012.04.01 16:18:56 | 000,013,664 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
[2012.04.01 16:18:15 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2012.04.01 15:47:08 | 000,001,120 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job
[2012.04.01 15:46:57 | 000,065,536 | ---- | M] () -- C:\Windows\SysNative\Ikeext.etl
[2012.04.01 15:46:43 | 3106,480,128 | -HS- | M] () -- C:\hiberfil.sys
[2012.03.29 17:22:25 | 001,128,441 | ---- | M] () -- C:\Users\S\Desktop\com_akeeba-3.4.3-core.zip
[2012.03.29 15:25:24 | 000,195,055 | ---- | M] () -- C:\Users\S\Desktop\Getraenkekarte.pdf
[2012.03.29 11:55:57 | 002,322,184 | ---- | M] (ESET) -- C:\Users\S\Desktop\esetsmartinstaller_enu.exe
[2012.03.29 11:49:36 | 009,502,424 | ---- | M] (Malwarebytes Corporation                                    ) -- C:\Users\S\Desktop\mbam--setup-1.60.1.1000.exe
[2012.03.29 11:35:27 | 000,388,608 | ---- | M] (Trend Micro Inc.) -- C:\Users\S\Desktop\HiJackThis204.exe
[2012.03.27 14:09:38 | 003,645,304 | ---- | M] (Piriform Ltd) -- C:\Users\S\Desktop\ccsetup317.exe
[2012.03.22 14:29:48 | 003,334,095 | ---- | M] () -- C:\Users\S\Desktop\BTA-59628780.pdf
[2012.03.20 20:37:55 | 002,031,429 | ---- | M] () -- C:\Users\S\Desktop\faltblatt_honky_lpz_2012_12s-web.pdf
[2012.03.19 18:42:44 | 000,572,207 | ---- | M] () -- C:\Users\S\Desktop\leistungsstruktur.jpg
[2012.03.18 21:21:02 | 000,717,605 | ---- | M] () -- C:\Users\S\Desktop\Unbenannt-1 Kopie.jpg
[2012.03.16 13:37:52 | 000,334,900 | ---- | M] () -- C:\Users\S\Desktop\fulltext.pdf
[2012.03.14 15:32:45 | 000,590,555 | ---- | M] () -- C:\Users\S\Desktop\vortragkamenalfermann_289945_2007.pdf
[2012.03.14 14:35:45 | 000,017,408 | ---- | M] () -- C:\Users\S\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2012.03.14 14:13:22 | 002,840,800 | ---- | M] () -- C:\Windows\SysNative\FNTCACHE.DAT
[2012.03.13 16:22:26 | 003,025,220 | ---- | M] () -- C:\Users\S\Desktop\Ben l Oncle Soul - 'Seven Nation Army' [cover] + transcript lyrics.mp3
[2012.03.13 16:20:21 | 002,044,769 | ---- | M] () -- C:\Users\S\Desktop\Ben l'oncle Soul - Seven Nation Army.mp3
[2012.03.13 16:07:41 | 000,039,319 | ---- | M] () -- C:\Users\S\Desktop\DFB-Mitglieder-Statistik-2011.pdf
[2012.03.11 12:36:45 | 863,472,378 | ---- | M] () -- C:\Users\S\Desktop\KONY_2012.mp4
[1 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ]
 
========== Files Created - No Company Name ==========
 
[2012.03.29 17:22:20 | 001,128,441 | ---- | C] () -- C:\Users\S\Desktop\com_akeeba-3.4.3-core.zip
[2012.03.29 15:25:20 | 000,195,055 | ---- | C] () -- C:\Users\S\Desktop\Getraenkekarte.pdf
[2012.03.22 14:29:48 | 003,334,095 | ---- | C] () -- C:\Users\S\Desktop\BTA-59628780.pdf
[2012.03.20 20:37:55 | 002,031,429 | ---- | C] () -- C:\Users\S\Desktop\faltblatt_honky_lpz_2012_12s-web.pdf
[2012.03.19 18:42:44 | 000,572,207 | ---- | C] () -- C:\Users\S\Desktop\leistungsstruktur.jpg
[2012.03.18 21:21:00 | 000,717,605 | ---- | C] () -- C:\Users\S\Desktop\Unbenannt-1 Kopie.jpg
[2012.03.16 13:37:52 | 000,334,900 | ---- | C] () -- C:\Users\S\Desktop\fulltext.pdf
[2012.03.14 15:32:45 | 000,590,555 | ---- | C] () -- C:\Users\S\Desktop\vortragkamenalfermann_289945_2007.pdf
[2012.03.13 16:22:14 | 003,025,220 | ---- | C] () -- C:\Users\S\Desktop\Ben l Oncle Soul - 'Seven Nation Army' [cover] + transcript lyrics.mp3
[2012.03.13 16:20:11 | 002,044,769 | ---- | C] () -- C:\Users\S\Desktop\Ben l'oncle Soul - Seven Nation Army.mp3
[2012.03.13 16:07:41 | 000,039,319 | ---- | C] () -- C:\Users\S\Desktop\DFB-Mitglieder-Statistik-2011.pdf
[2012.03.11 12:32:58 | 863,472,378 | ---- | C] () -- C:\Users\S\Desktop\KONY_2012.mp4
[2012.01.21 15:38:23 | 001,591,306 | ---- | C] () -- C:\Windows\SysWow64\PerfStringBackup.INI
[2012.01.06 17:33:12 | 000,000,057 | ---- | C] () -- C:\ProgramData\Ament.ini
[2011.11.17 19:53:22 | 000,000,600 | ---- | C] () -- C:\Users\S\AppData\Local\PUTTY.RND
[2011.06.25 16:58:23 | 000,001,025 | ---- | C] () -- C:\Windows\SysWow64\sysprs7.dll
[2011.06.25 16:58:23 | 000,000,205 | ---- | C] () -- C:\Windows\SysWow64\lsprst7.dll
[2011.03.18 15:01:05 | 000,007,615 | ---- | C] () -- C:\Users\S\AppData\Local\resmon.resmoncfg
[2011.02.19 23:21:47 | 000,005,642 | -HS- | C] () -- C:\ProgramData\KGyGaAvL.sys
[2011.02.19 23:21:47 | 000,000,088 | RHS- | C] () -- C:\ProgramData\24C97DD5D8.sys
[2011.01.11 14:20:06 | 000,027,648 | ---- | C] () -- C:\Windows\SysWow64\AVSredirect.dll
[2011.01.08 20:59:13 | 000,000,032 | ---- | C] () -- C:\Windows\Menu.INI
[2011.01.06 22:02:23 | 000,017,408 | ---- | C] () -- C:\Users\S\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2011.01.06 02:37:05 | 000,540,178 | ---- | C] () -- C:\Windows\SysWow64\x264vfw.dll
[2011.01.06 02:37:04 | 003,596,288 | ---- | C] () -- C:\Windows\SysWow64\qt-dx331.dll
[2011.01.06 02:37:04 | 000,761,856 | ---- | C] () -- C:\Windows\SysWow64\xvidcore.dll
[2011.01.06 02:37:04 | 000,180,224 | ---- | C] () -- C:\Windows\SysWow64\xvidvfw.dll
[2011.01.06 02:37:01 | 000,019,968 | ---- | C] () -- C:\Windows\SysWow64\cpuinf32.dll
[2011.01.06 01:52:33 | 000,000,000 | ---- | C] () -- C:\Windows\nsreg.dat
[2011.01.04 01:43:14 | 000,000,056 | -H-- | C] () -- C:\Windows\SysWow64\ezsidmv.dat
[2010.10.08 08:55:10 | 000,002,023 | ---- | C] () -- C:\Windows\SysWow64\atipblag.dat
[2010.07.13 00:11:37 | 000,000,000 | ---- | C] () -- C:\Windows\ativpsrm.bin
[2010.07.12 22:27:34 | 000,870,560 | ---- | C] () -- C:\Windows\SysWow64\igkrng575.bin
[2010.07.12 22:27:34 | 000,208,896 | ---- | C] () -- C:\Windows\SysWow64\iglhsip32.dll
[2010.07.12 22:27:34 | 000,143,360 | ---- | C] () -- C:\Windows\SysWow64\iglhcp32.dll
[2010.07.12 22:27:33 | 000,104,636 | ---- | C] () -- C:\Windows\SysWow64\igfcg575m.bin
[2010.07.12 22:27:32 | 000,127,868 | ---- | C] () -- C:\Windows\SysWow64\igcompkrng575.bin
[2010.07.12 22:27:25 | 000,028,732 | ---- | C] () -- C:\Windows\SysWow64\ativvsny.dat
[2010.07.12 22:27:25 | 000,026,936 | ---- | C] () -- C:\Windows\SysWow64\ativvsnl.dat
 
========== LOP Check ==========
 
[2011.03.20 12:52:31 | 000,000,000 | ---D | M] -- C:\Users\S\AppData\Roaming\AniTuner
[2011.03.31 00:11:31 | 000,000,000 | ---D | M] -- C:\Users\S\AppData\Roaming\Auslogics
[2011.01.14 23:46:31 | 000,000,000 | ---D | M] -- C:\Users\S\AppData\Roaming\Command & Conquer 3 Tiberium Wars
[2012.02.24 20:23:34 | 000,000,000 | ---D | M] -- C:\Users\S\AppData\Roaming\DAEMON Tools Lite
[2012.01.02 14:39:02 | 000,000,000 | ---D | M] -- C:\Users\S\AppData\Roaming\DVDVideoSoft
[2011.05.15 22:49:03 | 000,000,000 | ---D | M] -- C:\Users\S\AppData\Roaming\DVDVideoSoftIEHelpers
[2012.03.29 17:57:39 | 000,000,000 | ---D | M] -- C:\Users\S\AppData\Roaming\FileZilla
[2011.05.15 22:41:37 | 000,000,000 | ---D | M] -- C:\Users\S\AppData\Roaming\HandBrake
[2011.07.18 20:30:03 | 000,000,000 | ---D | M] -- C:\Users\S\AppData\Roaming\ICQ
[2011.05.19 21:26:03 | 000,000,000 | ---D | M] -- C:\Users\S\AppData\Roaming\ImgBurn
[2011.04.17 22:49:19 | 000,000,000 | ---D | M] -- C:\Users\S\AppData\Roaming\Notepad++
[2011.08.03 21:07:56 | 000,000,000 | ---D | M] -- C:\Users\S\AppData\Roaming\pokerth
[2012.03.27 10:52:24 | 000,000,000 | ---D | M] -- C:\Users\S\AppData\Roaming\streamripper
[2011.01.06 01:52:33 | 000,000,000 | ---D | M] -- C:\Users\S\AppData\Roaming\Thunderbird
[2012.03.27 14:14:41 | 000,000,000 | ---D | M] -- C:\Users\S\AppData\Roaming\TS3Client
[2012.03.27 10:52:25 | 000,000,000 | ---D | M] -- C:\Users\S\AppData\Roaming\ts3overlay
[2012.01.19 18:02:00 | 000,032,632 | ---- | M] () -- C:\Windows\Tasks\SCHEDLGU.TXT
 
========== Purity Check ==========
 
 
 
========== Custom Scans ==========
 
< %ALLUSERSPROFILE%\Application Data\*. >
 
< %ALLUSERSPROFILE%\Application Data\*.exe /s >
 
< %APPDATA%\*. >
[2011.09.10 19:27:40 | 000,000,000 | ---D | M] -- C:\Users\S\AppData\Roaming\Adobe
[2011.03.20 12:52:31 | 000,000,000 | ---D | M] -- C:\Users\S\AppData\Roaming\AniTuner
[2011.03.27 09:39:01 | 000,000,000 | ---D | M] -- C:\Users\S\AppData\Roaming\Apple Computer
[2011.04.17 22:49:19 | 000,000,000 | ---D | M] -- C:\Users\S\AppData\Roaming\ArcSoft
[2011.01.03 16:52:59 | 000,000,000 | ---D | M] -- C:\Users\S\AppData\Roaming\ATI
[2011.03.31 00:11:31 | 000,000,000 | ---D | M] -- C:\Users\S\AppData\Roaming\Auslogics
[2011.10.19 14:19:44 | 000,000,000 | ---D | M] -- C:\Users\S\AppData\Roaming\Avira
[2012.01.11 15:36:58 | 000,000,000 | ---D | M] -- C:\Users\S\AppData\Roaming\AVS4YOU
[2011.01.14 23:46:31 | 000,000,000 | ---D | M] -- C:\Users\S\AppData\Roaming\Command & Conquer 3 Tiberium Wars
[2012.02.24 20:23:34 | 000,000,000 | ---D | M] -- C:\Users\S\AppData\Roaming\DAEMON Tools Lite
[2012.01.02 14:39:02 | 000,000,000 | ---D | M] -- C:\Users\S\AppData\Roaming\DVDVideoSoft
[2011.05.15 22:49:03 | 000,000,000 | ---D | M] -- C:\Users\S\AppData\Roaming\DVDVideoSoftIEHelpers
[2012.03.29 17:57:39 | 000,000,000 | ---D | M] -- C:\Users\S\AppData\Roaming\FileZilla
[2011.01.03 17:16:53 | 000,000,000 | ---D | M] -- C:\Users\S\AppData\Roaming\Google
[2011.05.15 22:41:37 | 000,000,000 | ---D | M] -- C:\Users\S\AppData\Roaming\HandBrake
[2012.01.06 17:34:30 | 000,000,000 | ---D | M] -- C:\Users\S\AppData\Roaming\HpUpdate
[2011.07.18 20:30:03 | 000,000,000 | ---D | M] -- C:\Users\S\AppData\Roaming\ICQ
[2011.01.03 16:52:28 | 000,000,000 | ---D | M] -- C:\Users\S\AppData\Roaming\Identities
[2011.05.19 21:26:03 | 000,000,000 | ---D | M] -- C:\Users\S\AppData\Roaming\ImgBurn
[2011.01.03 16:53:11 | 000,000,000 | ---D | M] -- C:\Users\S\AppData\Roaming\Intel Corporation
[2010.07.28 13:24:28 | 000,000,000 | ---D | M] -- C:\Users\S\AppData\Roaming\Macromedia
[2012.03.26 23:00:59 | 000,000,000 | ---D | M] -- C:\Users\S\AppData\Roaming\Malwarebytes
[2010.07.13 20:20:19 | 000,000,000 | ---D | M] -- C:\Users\S\AppData\Roaming\Media Center Programs
[2011.05.15 22:45:56 | 000,000,000 | ---D | M] -- C:\Users\S\AppData\Roaming\Media Player Classic
[2012.01.09 22:52:24 | 000,000,000 | --SD | M] -- C:\Users\S\AppData\Roaming\Microsoft
[2011.01.03 17:18:25 | 000,000,000 | ---D | M] -- C:\Users\S\AppData\Roaming\Mozilla
[2011.01.21 19:18:27 | 000,000,000 | ---D | M] -- C:\Users\S\AppData\Roaming\Mozilla-Cache
[2011.04.17 22:49:19 | 000,000,000 | ---D | M] -- C:\Users\S\AppData\Roaming\Notepad++
[2011.08.03 21:07:56 | 000,000,000 | ---D | M] -- C:\Users\S\AppData\Roaming\pokerth
[2011.01.14 23:39:22 | 000,000,000 | RH-D | M] -- C:\Users\S\AppData\Roaming\SecuROM
[2012.03.27 15:25:29 | 000,000,000 | ---D | M] -- C:\Users\S\AppData\Roaming\Skype
[2012.03.27 14:43:53 | 000,000,000 | ---D | M] -- C:\Users\S\AppData\Roaming\skypePM
[2011.01.03 18:04:26 | 000,000,000 | ---D | M] -- C:\Users\S\AppData\Roaming\Sony Corporation
[2012.03.27 10:52:24 | 000,000,000 | ---D | M] -- C:\Users\S\AppData\Roaming\streamripper
[2011.01.06 01:52:33 | 000,000,000 | ---D | M] -- C:\Users\S\AppData\Roaming\Thunderbird
[2012.03.27 14:14:41 | 000,000,000 | ---D | M] -- C:\Users\S\AppData\Roaming\TS3Client
[2012.03.27 10:52:25 | 000,000,000 | ---D | M] -- C:\Users\S\AppData\Roaming\ts3overlay
[2012.03.27 14:14:43 | 000,000,000 | ---D | M] -- C:\Users\S\AppData\Roaming\Winamp
[2011.01.04 16:14:49 | 000,000,000 | ---D | M] -- C:\Users\S\AppData\Roaming\WinRAR
 
< %APPDATA%\*.exe /s >
[2010.07.28 13:24:05 | 000,038,784 | ---- | M] () -- C:\Users\S\AppData\Roaming\Macromedia\Flash Player\www.macromedia.com\bin\airappinstaller\airappinstaller.exe
[2011.03.20 12:35:29 | 000,290,182 | R--- | M] () -- C:\Users\S\AppData\Roaming\Microsoft\Installer\{69A05CAD-B0AA-4586-8FDD-D4827B2652DC}\AniTunerShortcutIcon.exe
 
< %SYSTEMDRIVE%\*.exe >
[2007.11.07 08:03:18 | 000,562,688 | ---- | M] (Microsoft Corporation) -- C:\install.exe
 
< MD5 for: AGP440.SYS  >
[2009.07.14 03:52:21 | 000,061,008 | ---- | M] (Microsoft Corporation) MD5=608C14DBA7299D8CB6ED035A68A15799 -- C:\Windows\SysNative\drivers\AGP440.sys
[2009.07.14 03:52:21 | 000,061,008 | ---- | M] (Microsoft Corporation) MD5=608C14DBA7299D8CB6ED035A68A15799 -- C:\Windows\SysNative\DriverStore\FileRepository\machine.inf_amd64_neutral_9e6bb86c3b39a3e9\AGP440.sys
[2009.07.14 03:52:21 | 000,061,008 | ---- | M] (Microsoft Corporation) MD5=608C14DBA7299D8CB6ED035A68A15799 -- C:\Windows\winsxs\amd64_machine.inf_31bf3856ad364e35_6.1.7600.16385_none_1607dee2d861e021\AGP440.sys
 
< MD5 for: ATAPI.SYS  >
[2009.07.14 03:52:21 | 000,024,128 | ---- | M] (Microsoft Corporation) MD5=02062C0B390B7729EDC9E69C680A6F3C -- C:\Windows\SysNative\drivers\atapi.sys
[2009.07.14 03:52:21 | 000,024,128 | ---- | M] (Microsoft Corporation) MD5=02062C0B390B7729EDC9E69C680A6F3C -- C:\Windows\SysNative\DriverStore\FileRepository\mshdc.inf_amd64_neutral_a69a58a4286f0b22\atapi.sys
[2009.07.14 03:52:21 | 000,024,128 | ---- | M] (Microsoft Corporation) MD5=02062C0B390B7729EDC9E69C680A6F3C -- C:\Windows\winsxs\amd64_mshdc.inf_31bf3856ad364e35_6.1.7600.16385_none_392d19c13b3ad543\atapi.sys
 
< MD5 for: CNGAUDIT.DLL  >
[2009.07.14 03:15:06 | 000,012,288 | ---- | M] (Microsoft Corporation) MD5=50BA656134F78AF64E4DD3C8B6FEFD7E -- C:\Windows\SysWOW64\cngaudit.dll
[2009.07.14 03:15:06 | 000,012,288 | ---- | M] (Microsoft Corporation) MD5=50BA656134F78AF64E4DD3C8B6FEFD7E -- C:\Windows\winsxs\x86_microsoft-windows-cngaudit-dll_31bf3856ad364e35_6.1.7600.16385_none_e83a414890e8132b\cngaudit.dll
[2009.07.14 03:40:20 | 000,018,944 | ---- | M] (Microsoft Corporation) MD5=86FE1B1F8FD42CD0DB641AB1CDB13093 -- C:\Windows\SysNative\cngaudit.dll
[2009.07.14 03:40:20 | 000,018,944 | ---- | M] (Microsoft Corporation) MD5=86FE1B1F8FD42CD0DB641AB1CDB13093 -- C:\Windows\winsxs\amd64_microsoft-windows-cngaudit-dll_31bf3856ad364e35_6.1.7600.16385_none_4458dccc49458461\cngaudit.dll
 
< MD5 for: IASTOR.SYS  >
[2010.03.04 04:51:40 | 000,540,696 | ---- | M] (Intel Corporation) MD5=ABBF174CB394F5C437410A788B7E404A -- C:\Windows\SysNative\drivers\iaStor.sys
[2010.03.04 04:51:40 | 000,540,696 | ---- | M] (Intel Corporation) MD5=ABBF174CB394F5C437410A788B7E404A -- C:\Windows\SysNative\DriverStore\FileRepository\iaahci.inf_amd64_neutral_78ebae21a80aa2b4\iaStor.sys
 
< MD5 for: IASTORV.SYS  >
[2011.03.11 08:19:16 | 000,410,496 | ---- | M] (Intel Corporation) MD5=5B3DE7208E5000D5B451B9D290D2579C -- C:\Windows\winsxs\amd64_iastorv.inf_31bf3856ad364e35_6.1.7601.21680_none_0d714416b7c182d5\iaStorV.sys
[2011.03.11 08:41:26 | 000,410,496 | ---- | M] (Intel Corporation) MD5=AAAF44DB3BD0B9D1FB6969B23ECC8366 -- C:\Windows\winsxs\amd64_iastorv.inf_31bf3856ad364e35_6.1.7601.17577_none_0cf9793d9e95787b\iaStorV.sys
[2011.03.11 08:23:00 | 000,410,496 | ---- | M] (Intel Corporation) MD5=B75E45C564E944A2657167D197AB29DA -- C:\Windows\SysNative\drivers\iaStorV.sys
[2011.03.11 08:23:00 | 000,410,496 | ---- | M] (Intel Corporation) MD5=B75E45C564E944A2657167D197AB29DA -- C:\Windows\SysNative\DriverStore\FileRepository\iastorv.inf_amd64_neutral_0033117673c16921\iaStorV.sys
[2011.03.11 08:23:00 | 000,410,496 | ---- | M] (Intel Corporation) MD5=B75E45C564E944A2657167D197AB29DA -- C:\Windows\winsxs\amd64_iastorv.inf_31bf3856ad364e35_6.1.7600.16778_none_0b141c81a16e25e6\iaStorV.sys
[2011.03.11 08:25:49 | 000,410,496 | ---- | M] (Intel Corporation) MD5=BFDC9D75698800CFE4D1698BF2750EA2 -- C:\Windows\winsxs\amd64_iastorv.inf_31bf3856ad364e35_6.1.7600.20921_none_0bccc8c8ba6985c1\iaStorV.sys
[2009.07.14 03:48:04 | 000,410,688 | ---- | M] (Intel Corporation) MD5=D83EFB6FD45DF9D55E9A1AFC63640D50 -- C:\Windows\SysNative\DriverStore\FileRepository\iastorv.inf_amd64_neutral_18cccb83b34e1453\iaStorV.sys
[2009.07.14 03:48:04 | 000,410,688 | ---- | M] (Intel Corporation) MD5=D83EFB6FD45DF9D55E9A1AFC63640D50 -- C:\Windows\winsxs\amd64_iastorv.inf_31bf3856ad364e35_6.1.7600.16385_none_0b06441fa1790136\iaStorV.sys
 
< MD5 for: NETLOGON.DLL  >
[2009.07.14 03:41:52 | 000,692,736 | ---- | M] (Microsoft Corporation) MD5=956D030D375F207B22FB111E06EF9C35 -- C:\Windows\SysNative\netlogon.dll
[2009.07.14 03:41:52 | 000,692,736 | ---- | M] (Microsoft Corporation) MD5=956D030D375F207B22FB111E06EF9C35 -- C:\Windows\winsxs\amd64_microsoft-windows-security-netlogon_31bf3856ad364e35_6.1.7600.16385_none_59aca8ea51aaeefe\netlogon.dll
[2009.07.14 03:16:02 | 000,563,712 | ---- | M] (Microsoft Corporation) MD5=EAA75D9000B71F10EEC04D2AE6C60E81 -- C:\Windows\SysWOW64\netlogon.dll
[2009.07.14 03:16:02 | 000,563,712 | ---- | M] (Microsoft Corporation) MD5=EAA75D9000B71F10EEC04D2AE6C60E81 -- C:\Windows\winsxs\wow64_microsoft-windows-security-netlogon_31bf3856ad364e35_6.1.7600.16385_none_6401533c860bb0f9\netlogon.dll
 
< MD5 for: NVSTOR.SYS  >
[2009.07.14 03:45:45 | 000,167,488 | ---- | M] (NVIDIA Corporation) MD5=477DC4D6DEB99BE37084C9AC6D013DA1 -- C:\Windows\SysNative\DriverStore\FileRepository\nvraid.inf_amd64_neutral_5bde3fe2945bce9e\nvstor.sys
[2009.07.14 03:45:45 | 000,167,488 | ---- | M] (NVIDIA Corporation) MD5=477DC4D6DEB99BE37084C9AC6D013DA1 -- C:\Windows\winsxs\amd64_nvraid.inf_31bf3856ad364e35_6.1.7600.16385_none_95cfb4ced8afab0e\nvstor.sys
[2011.03.11 08:23:06 | 000,166,272 | ---- | M] (NVIDIA Corporation) MD5=6C1D5F70E7A6A3FD1C90D840EDC048B9 -- C:\Windows\SysNative\drivers\nvstor.sys
[2011.03.11 08:23:06 | 000,166,272 | ---- | M] (NVIDIA Corporation) MD5=6C1D5F70E7A6A3FD1C90D840EDC048B9 -- C:\Windows\SysNative\DriverStore\FileRepository\nvraid.inf_amd64_neutral_38e464dbe521cc7f\nvstor.sys
[2011.03.11 08:23:06 | 000,166,272 | ---- | M] (NVIDIA Corporation) MD5=6C1D5F70E7A6A3FD1C90D840EDC048B9 -- C:\Windows\winsxs\amd64_nvraid.inf_31bf3856ad364e35_6.1.7600.16778_none_95dd8d30d8a4cfbe\nvstor.sys
[2011.03.11 08:25:53 | 000,166,272 | ---- | M] (NVIDIA Corporation) MD5=AE274836BA56518E279087363A781214 -- C:\Windows\winsxs\amd64_nvraid.inf_31bf3856ad364e35_6.1.7600.20921_none_96963977f1a02f99\nvstor.sys
[2011.03.11 08:19:21 | 000,166,272 | ---- | M] (NVIDIA Corporation) MD5=D23C7E8566DA2B8A7C0DBBB761D54888 -- C:\Windows\winsxs\amd64_nvraid.inf_31bf3856ad364e35_6.1.7601.21680_none_983ab4c5eef82cad\nvstor.sys
[2011.03.11 08:41:34 | 000,166,272 | ---- | M] (NVIDIA Corporation) MD5=DAB0E87525C10052BF65F06152F37E4A -- C:\Windows\winsxs\amd64_nvraid.inf_31bf3856ad364e35_6.1.7601.17577_none_97c2e9ecd5cc2253\nvstor.sys
 
< MD5 for: SCECLI.DLL  >
[2009.07.14 03:16:13 | 000,175,616 | ---- | M] (Microsoft Corporation) MD5=26073302DAEA83CC5B944C546D6B47D2 -- C:\Windows\SysWOW64\scecli.dll
[2009.07.14 03:16:13 | 000,175,616 | ---- | M] (Microsoft Corporation) MD5=26073302DAEA83CC5B944C546D6B47D2 -- C:\Windows\winsxs\wow64_microsoft-windows-s..urationengineclient_31bf3856ad364e35_6.1.7600.16385_none_9e577e55272d37b4\scecli.dll
[2009.07.14 03:41:53 | 000,232,448 | ---- | M] (Microsoft Corporation) MD5=398712DDDAEFB85EDF61DF6A07B65C79 -- C:\Windows\SysNative\scecli.dll
[2009.07.14 03:41:53 | 000,232,448 | ---- | M] (Microsoft Corporation) MD5=398712DDDAEFB85EDF61DF6A07B65C79 -- C:\Windows\winsxs\amd64_microsoft-windows-s..urationengineclient_31bf3856ad364e35_6.1.7600.16385_none_9402d402f2cc75b9\scecli.dll
 
< MD5 for: USER32.DLL  >
[2009.07.14 03:41:56 | 001,008,640 | ---- | M] (Microsoft Corporation) MD5=72D7B3EA16946E8F0CF7458150031CC6 -- C:\Windows\SysNative\user32.dll
[2009.07.14 03:41:56 | 001,008,640 | ---- | M] (Microsoft Corporation) MD5=72D7B3EA16946E8F0CF7458150031CC6 -- C:\Windows\winsxs\amd64_microsoft-windows-user32_31bf3856ad364e35_6.1.7600.16385_none_292d5de8870d85d9\user32.dll
[2009.07.14 03:11:24 | 000,833,024 | ---- | M] (Microsoft Corporation) MD5=E8B0FFC209E504CB7E79FC24E6C085F0 -- C:\Windows\SysWOW64\user32.dll
[2009.07.14 03:11:24 | 000,833,024 | ---- | M] (Microsoft Corporation) MD5=E8B0FFC209E504CB7E79FC24E6C085F0 -- C:\Windows\winsxs\wow64_microsoft-windows-user32_31bf3856ad364e35_6.1.7600.16385_none_3382083abb6e47d4\user32.dll
 
< MD5 for: USERINIT.EXE  >
[2009.07.14 03:14:43 | 000,026,112 | ---- | M] (Microsoft Corporation) MD5=6DE80F60D7DE9CE6B8C2DDFDF79EF175 -- C:\Windows\SysWOW64\userinit.exe
[2009.07.14 03:14:43 | 000,026,112 | ---- | M] (Microsoft Corporation) MD5=6DE80F60D7DE9CE6B8C2DDFDF79EF175 -- C:\Windows\winsxs\x86_microsoft-windows-userinit_31bf3856ad364e35_6.1.7600.16385_none_dbff103933038d7c\userinit.exe
[2009.07.14 03:39:48 | 000,030,208 | ---- | M] (Microsoft Corporation) MD5=6F8F1376A13114CC10C0E69274F5A4DE -- C:\Windows\SysNative\userinit.exe
[2009.07.14 03:39:48 | 000,030,208 | ---- | M] (Microsoft Corporation) MD5=6F8F1376A13114CC10C0E69274F5A4DE -- C:\Windows\winsxs\amd64_microsoft-windows-userinit_31bf3856ad364e35_6.1.7600.16385_none_381dabbceb60feb2\userinit.exe
 
< MD5 for: WININIT.EXE  >
[2009.07.14 03:39:52 | 000,129,024 | ---- | M] (Microsoft Corporation) MD5=94355C28C1970635A31B3FE52EB7CEBA -- C:\Windows\SysNative\wininit.exe
[2009.07.14 03:39:52 | 000,129,024 | ---- | M] (Microsoft Corporation) MD5=94355C28C1970635A31B3FE52EB7CEBA -- C:\Windows\winsxs\amd64_microsoft-windows-wininit_31bf3856ad364e35_6.1.7600.16385_none_8ce7aa761e01ad49\wininit.exe
[2009.07.14 03:14:45 | 000,096,256 | ---- | M] (Microsoft Corporation) MD5=B5C5DCAD3899512020D135600129D665 -- C:\Windows\SysWOW64\wininit.exe
[2009.07.14 03:14:45 | 000,096,256 | ---- | M] (Microsoft Corporation) MD5=B5C5DCAD3899512020D135600129D665 -- C:\Windows\winsxs\x86_microsoft-windows-wininit_31bf3856ad364e35_6.1.7600.16385_none_30c90ef265a43c13\wininit.exe
 
< MD5 for: WINLOGON.EXE  >
[2009.07.14 03:39:52 | 000,389,120 | ---- | M] (Microsoft Corporation) MD5=132328DF455B0028F13BF0ABEE51A63A -- C:\Windows\winsxs\amd64_microsoft-windows-winlogon_31bf3856ad364e35_6.1.7600.16385_none_cbb7f2bdeea2829c\winlogon.exe
[2012.01.13 14:53:20 | 000,182,856 | ---- | M] () MD5=63EEC8A8B221AB79045E776E5F592868 -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\Chameleon\winlogon.exe
[2009.10.28 09:01:57 | 000,389,632 | ---- | M] (Microsoft Corporation) MD5=A93D41A4D4B0D91C072D11DD8AF266DE -- C:\Windows\winsxs\amd64_microsoft-windows-winlogon_31bf3856ad364e35_6.1.7600.20560_none_cc522fd507b468f8\winlogon.exe
[2009.10.28 08:24:40 | 000,389,632 | ---- | M] (Microsoft Corporation) MD5=DA3E2A6FA9660CC75B471530CE88453A -- C:\Windows\SysNative\winlogon.exe
[2009.10.28 08:24:40 | 000,389,632 | ---- | M] (Microsoft Corporation) MD5=DA3E2A6FA9660CC75B471530CE88453A -- C:\Windows\winsxs\amd64_microsoft-windows-winlogon_31bf3856ad364e35_6.1.7600.16447_none_cbe534e7ee8042ad\winlogon.exe
 
< MD5 for: WS2IFSL.SYS  >
[2009.07.14 02:10:33 | 000,021,504 | ---- | M] (Microsoft Corporation) MD5=6BCC1D7D2FD2453957C5479A32364E52 -- C:\Windows\SysNative\drivers\ws2ifsl.sys
[2009.07.14 02:10:33 | 000,021,504 | ---- | M] (Microsoft Corporation) MD5=6BCC1D7D2FD2453957C5479A32364E52 -- C:\Windows\winsxs\amd64_microsoft-windows-w..rastructure-ws2ifsl_31bf3856ad364e35_6.1.7600.16385_none_ab7b927be17eace8\ws2ifsl.sys
 
< %systemroot%\system32\drivers\*.sys /lockedfiles >
 
< %systemroot%\System32\config\*.sav >
 
< %systemroot%\*. /mp /s >
 
< %systemroot%\system32\*.dll /lockedfiles >

< End of report >
         
--- --- ---


Alt 02.04.2012, 11:14   #6
cosinus
/// Winkelfunktion
/// TB-Süch-Tiger™
 
vermeintlicher BKA-Trojaner - wirklich weg? - Standard

vermeintlicher BKA-Trojaner - wirklich weg?



Mach einen OTL-Fix, beende alle evtl. geöffneten Programme, auch Virenscanner deaktivieren (!), starte OTL und kopiere folgenden Text in die "Custom Scan/Fixes" Box (unten in OTL): (das ":OTL" muss mitkopiert werden!!!)

Hinweis: Falls Du Deinen Benutzernamen unkenntlich gemacht hast, musst Du das Ausgesternte in Deinen richtigen Benutzernamen wieder verwandeln, sonst funktioniert das Script nicht!!

Code:
ATTFilter
:OTL
FF - prefs.js..browser.search.defaultenginename: "ICQ Search"
FF - prefs.js..keyword.URL: "http://search.icq.com/search/afe_results.php?ch_id=afex&tb_ver=1.1.9&q="
FF - user.js - File not found
[2012.03.25 15:22:51 | 000,001,056 | ---- | M] () -- C:\Users\S\AppData\Roaming\Mozilla\Firefox\Profiles\l062mb0m.default\searchplugins\icqplugin.xml
[2011.03.05 16:34:09 | 000,001,583 | ---- | M] () -- C:\Users\S\AppData\Roaming\Mozilla\Firefox\Profiles\l062mb0m.default\searchplugins\web-search.xml
O3 - HKU\S-1-5-21-2356455393-4161031106-362288086-1000\..\Toolbar\WebBrowser: (no name) - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - No CLSID value found.
O4 - HKLM..\Run: []  File not found
O4 - HKU\S-1-5-19..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe File not found
O4 - HKU\S-1-5-20..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe File not found
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktop = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktopChanges = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableLUA = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: PromptOnSecureDesktop = 0
O7 - HKU\S-1-5-21-2356455393-4161031106-362288086-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-21-2356455393-4161031106-362288086-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108860
O32 - HKLM CDRom: AutoRun - 1
O33 - MountPoints2\{54b0a060-3ae6-11e1-a9a2-544249ef1016}\Shell - "" = AutoRun
O33 - MountPoints2\{54b0a060-3ae6-11e1-a9a2-544249ef1016}\Shell\AutoRun\command - "" = J:\KODAK_Camera_Setup_App.exe
:Commands
[purity]
[emptytemp]
[emptyflash]
[resethosts]
         
Klick dann oben links auf den Button Fix!
Das Logfile müsste geöffnet werden, wenn Du nach dem Fixen auf ok klickst, poste das bitte. Evtl. wird der Rechner neu gestartet.

Die mit diesem Script gefixten Einträge, Dateien und Ordner werden zur Sicherheit nicht vollständig gelöscht, es wird eine Sicherheitskopie auf der Systempartition im Ordner "_OTL" erstellt.

Hinweis: Das obige Script ist nur für diesen einen User in dieser Situtation erstellt worden. Es ist auf keinen anderen Rechner portierbar und darf nicht anderweitig verwandt werden, da es das System nachhaltig schädigen kann!
__________________
--> vermeintlicher BKA-Trojaner - wirklich weg?

Alt 02.04.2012, 16:03   #7
micha-sdh
 
vermeintlicher BKA-Trojaner - wirklich weg? - Standard

vermeintlicher BKA-Trojaner - wirklich weg?



ok habs so gemacht, hier die log:
Code:
ATTFilter
All processes killed
========== OTL ==========
Prefs.js: "ICQ Search" removed from browser.search.defaultenginename
Prefs.js: "hxxp://search.icq.com/search/afe_results.php?ch_id=afex&tb_ver=1.1.9&q=" removed from keyword.URL
C:\Users\S\AppData\Roaming\Mozilla\Firefox\Profiles\l062mb0m.default\searchplugins\icqplugin.xml moved successfully.
C:\Users\S\AppData\Roaming\Mozilla\Firefox\Profiles\l062mb0m.default\searchplugins\web-search.xml moved successfully.
Registry value HKEY_USERS\S-1-5-21-2356455393-4161031106-362288086-1000\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\\{2318C2B1-4965-11D4-9B18-009027A5CD4F} deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{2318C2B1-4965-11D4-9B18-009027A5CD4F}\ not found.
Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run\\ deleted successfully.
Registry value HKEY_USERS\S-1-5-19\Software\Microsoft\Windows\CurrentVersion\RunOnce\\mctadmin deleted successfully.
Registry value HKEY_USERS\S-1-5-20\Software\Microsoft\Windows\CurrentVersion\RunOnce\\mctadmin deleted successfully.
Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\\NoActiveDesktop deleted successfully.
Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\\NoActiveDesktopChanges deleted successfully.
Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\\ConsentPromptBehaviorAdmin deleted successfully.
Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\\ConsentPromptBehaviorUser deleted successfully.
Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\\EnableLUA deleted successfully.
Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\\PromptOnSecureDesktop deleted successfully.
Registry value HKEY_USERS\S-1-5-21-2356455393-4161031106-362288086-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\\NoDriveTypeAutoRun deleted successfully.
Registry value HKEY_USERS\S-1-5-21-2356455393-4161031106-362288086-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\\NoDriveAutoRun deleted successfully.
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Cdrom\\AutoRun|DWORD:1 /E : value set successfully!
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{54b0a060-3ae6-11e1-a9a2-544249ef1016}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{54b0a060-3ae6-11e1-a9a2-544249ef1016}\ not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{54b0a060-3ae6-11e1-a9a2-544249ef1016}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{54b0a060-3ae6-11e1-a9a2-544249ef1016}\ not found.
File J:\KODAK_Camera_Setup_App.exe not found.
========== COMMANDS ==========
 
[EMPTYTEMP]
 
User: All Users
 
User: Default
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 33170 bytes
->Flash cache emptied: 41620 bytes
 
User: Default User
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
->Flash cache emptied: 0 bytes
 
User: Public
 
User: S
->Temp folder emptied: 1196446 bytes
->Temporary Internet Files folder emptied: 876705038 bytes
->Java cache emptied: 366691 bytes
->FireFox cache emptied: 1087150568 bytes
->Flash cache emptied: 47848 bytes
 
%systemdrive% .tmp files removed: 0 bytes
%systemroot% .tmp files removed: 0 bytes
%systemroot%\System32 .tmp files removed: 0 bytes
%systemroot%\System32 (64bit) .tmp files removed: 0 bytes
%systemroot%\System32\drivers .tmp files removed: 0 bytes
Windows Temp folder emptied: 82160 bytes
%systemroot%\sysnative\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files folder emptied: 465047 bytes
RecycleBin emptied: 152875337 bytes
 
Total Files Cleaned = 2.021,00 mb
 
 
[EMPTYFLASH]
 
User: All Users
 
User: Default
->Flash cache emptied: 0 bytes
 
User: Default User
->Flash cache emptied: 0 bytes
 
User: Public
 
User: S
->Flash cache emptied: 0 bytes
 
Total Flash Files Cleaned = 0,00 mb
 
C:\Windows\System32\drivers\etc\Hosts moved successfully.
HOSTS file reset successfully
 
OTL by OldTimer - Version 3.2.39.2 log created on 04022012_165725

Files\Folders moved on Reboot...
C:\Users\S\AppData\Local\Temp\FXSAPIDebugLogFile.txt moved successfully.

Registry entries deleted on Reboot...
         

Alt 02.04.2012, 16:19   #8
cosinus
/// Winkelfunktion
/// TB-Süch-Tiger™
 
vermeintlicher BKA-Trojaner - wirklich weg? - Standard

vermeintlicher BKA-Trojaner - wirklich weg?



Bitte nun (im normalen Windows-Modus) dieses Tool von Kaspersky (TDSS-Killer) ausführen und das Log posten, Anleitung und Downloadlink hier => http://www.trojaner-board.de/82358-t...entfernen.html

Hinweis: Bitte den Virenscanner abstellen bevor du den TDSS-Killer ausführst, denn v.a. Avira meldet im TDSS-Tool oft einen Fehalalrm!

Das Tool so einstellen wie unten im Bild angegeben - klick auf change parameters und setze die Haken wie im folgenden Screenshot abgebildet,
Dann auf Start Scan klicken und wenn es durch ist auf den Button Report klicken um das Log anzuzeigen. Dieses bitte komplett posten.
Wenn du das Log nicht findest oder den Inhalt kopieren und in dein Posting übertragen kannst, dann schau bitte direkt auf deiner Windows-Systempartition (meistens Laufwerk C nach, da speichert der TDSS-Killer seine Logs.

Hinweis: Bitte nichts voreilig mit dem TDSS-Killer löschen! Falls Objekte vom TDSS-Killer bemängelt werden, alle mit der Aktion "skip" behandeln und hier nur das Log posten!

__________________
"Die Wahrheit ist normalerweise nur eine Entschuldigung für einen Mangel an Fantasie." (Elim Garak)

Das Trojaner-Board unterstützen
Warum Linux besser als Windows ist!

Alt 02.04.2012, 17:44   #9
micha-sdh
 
vermeintlicher BKA-Trojaner - wirklich weg? - Standard

vermeintlicher BKA-Trojaner - wirklich weg?



erledigt:
Code:
ATTFilter
18:39:50.0884 3864	TDSS rootkit removing tool 2.7.24.0 Apr  2 2012 10:31:48
18:39:51.0371 3864	============================================================
18:39:51.0371 3864	Current date / time: 2012/04/02 18:39:51.0371
18:39:51.0371 3864	SystemInfo:
18:39:51.0371 3864	
18:39:51.0371 3864	OS Version: 6.1.7600 ServicePack: 0.0
18:39:51.0371 3864	Product type: Workstation
18:39:51.0371 3864	ComputerName: SCHWEDE
18:39:51.0371 3864	UserName: S
18:39:51.0371 3864	Windows directory: C:\Windows
18:39:51.0371 3864	System windows directory: C:\Windows
18:39:51.0371 3864	Running under WOW64
18:39:51.0371 3864	Processor architecture: Intel x64
18:39:51.0371 3864	Number of processors: 4
18:39:51.0371 3864	Page size: 0x1000
18:39:51.0371 3864	Boot type: Normal boot
18:39:51.0371 3864	============================================================
18:39:51.0798 3864	Drive \Device\Harddisk0\DR0 - Size: 0x7470C06000 (465.76 Gb), SectorSize: 0x200, Cylinders: 0xED81, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000040
18:39:51.0802 3864	\Device\Harddisk0\DR0:
18:39:51.0803 3864	MBR used
18:39:51.0803 3864	\Device\Harddisk0\DR0\Partition0: MBR, Type 0x7, StartLBA 0x1AA7000, BlocksNum 0x32000
18:39:51.0803 3864	\Device\Harddisk0\DR0\Partition1: MBR, Type 0x7, StartLBA 0x1AD9000, BlocksNum 0x1D91F830
18:39:51.0832 3864	\Device\Harddisk0\DR0\Partition2: MBR, Type 0x7, StartLBA 0x1F3F9800, BlocksNum 0x1AF8C000
18:39:51.0912 3864	Initialize success
18:39:51.0912 3864	============================================================
18:41:09.0803 6012	============================================================
18:41:09.0803 6012	Scan started
18:41:09.0803 6012	Mode: Manual; SigCheck; TDLFS; 
18:41:09.0803 6012	============================================================
18:41:10.0131 6012	1394ohci        (1b00662092f9f9568b995902f0cc40d5) C:\Windows\system32\drivers\1394ohci.sys
18:41:10.0256 6012	1394ohci - ok
18:41:10.0349 6012	ACDaemon        (adc420616c501b45d26c0fd3ef1e54e4) C:\Program Files (x86)\Common Files\ArcSoft\Connection Service\Bin\ACService.exe
18:41:10.0412 6012	ACDaemon - ok
18:41:10.0474 6012	ACPI            (6f11e88748cdefd2f76aa215f97ddfe5) C:\Windows\system32\drivers\ACPI.sys
18:41:10.0505 6012	ACPI - ok
18:41:10.0552 6012	AcpiPmi         (63b05a0420ce4bf0e4af6dcc7cada254) C:\Windows\system32\drivers\acpipmi.sys
18:41:10.0615 6012	AcpiPmi - ok
18:41:10.0739 6012	AdobeActiveFileMonitor8.0 (34400005de52842c4d6d4ee978b4d7ce) C:\Program Files (x86)\Adobe\Elements Organizer 8.0\PhotoshopElementsFileAgent.exe
18:41:10.0771 6012	AdobeActiveFileMonitor8.0 - ok
18:41:10.0895 6012	AdobeARMservice (62b7936f9036dd6ed36e6a7efa805dc0) C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
18:41:10.0895 6012	AdobeARMservice - ok
18:41:11.0020 6012	adp94xx         (2f6b34b83843f0c5118b63ac634f5bf4) C:\Windows\system32\drivers\adp94xx.sys
18:41:11.0051 6012	adp94xx - ok
18:41:11.0129 6012	adpahci         (597f78224ee9224ea1a13d6350ced962) C:\Windows\system32\drivers\adpahci.sys
18:41:11.0161 6012	adpahci - ok
18:41:11.0207 6012	adpu320         (e109549c90f62fb570b9540c4b148e54) C:\Windows\system32\drivers\adpu320.sys
18:41:11.0223 6012	adpu320 - ok
18:41:11.0270 6012	AeLookupSvc     (4b78b431f225fd8624c5655cb1de7b61) C:\Windows\System32\aelupsvc.dll
18:41:11.0317 6012	AeLookupSvc - ok
18:41:11.0379 6012	AFD             (db9d6c6b2cd95a9ca414d045b627422e) C:\Windows\system32\drivers\afd.sys
18:41:11.0441 6012	AFD - ok
18:41:11.0488 6012	agp440          (608c14dba7299d8cb6ed035a68a15799) C:\Windows\system32\drivers\agp440.sys
18:41:11.0519 6012	agp440 - ok
18:41:11.0551 6012	ALG             (3290d6946b5e30e70414990574883ddb) C:\Windows\System32\alg.exe
18:41:11.0613 6012	ALG - ok
18:41:11.0660 6012	aliide          (5812713a477a3ad7363c7438ca2ee038) C:\Windows\system32\drivers\aliide.sys
18:41:11.0675 6012	aliide - ok
18:41:11.0722 6012	AMD External Events Utility (3f9b03b72577a6a7405bf30801cbd159) C:\Windows\system32\atiesrxx.exe
18:41:11.0769 6012	AMD External Events Utility - ok
18:41:11.0800 6012	amdide          (1ff8b4431c353ce385c875f194924c0c) C:\Windows\system32\drivers\amdide.sys
18:41:11.0816 6012	amdide - ok
18:41:11.0831 6012	AmdK8           (7024f087cff1833a806193ef9d22cda9) C:\Windows\system32\drivers\amdk8.sys
18:41:11.0863 6012	AmdK8 - ok
18:41:12.0003 6012	amdkmdag        (ea244a8b88de8b5986bf3b7903b063af) C:\Windows\system32\DRIVERS\atikmdag.sys
18:41:12.0284 6012	amdkmdag - ok
18:41:12.0377 6012	amdkmdap        (dca6e341a4a7c31ea8a14c6166c9b249) C:\Windows\system32\DRIVERS\atikmpag.sys
18:41:12.0424 6012	amdkmdap - ok
18:41:12.0455 6012	AmdPPM          (1e56388b3fe0d031c44144eb8c4d6217) C:\Windows\system32\drivers\amdppm.sys
18:41:12.0502 6012	AmdPPM - ok
18:41:12.0549 6012	amdsata         (ec7ebab00a4d8448bab68d1e49b4beb9) C:\Windows\system32\drivers\amdsata.sys
18:41:12.0580 6012	amdsata - ok
18:41:12.0611 6012	amdsbs          (f67f933e79241ed32ff46a4f29b5120b) C:\Windows\system32\drivers\amdsbs.sys
18:41:12.0643 6012	amdsbs - ok
18:41:12.0674 6012	amdxata         (db27766102c7bf7e95140a2aa81d042e) C:\Windows\system32\drivers\amdxata.sys
18:41:12.0689 6012	amdxata - ok
18:41:12.0814 6012	AntiVirSchedulerService (a122d68ea2541453f787f341877cb40b) C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe
18:41:12.0830 6012	AntiVirSchedulerService - ok
18:41:12.0908 6012	AntiVirService  (2fe359edeb34efcf42574752f8aebd3f) C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe
18:41:12.0908 6012	AntiVirService - ok
18:41:13.0048 6012	ApfiltrService  (2d45f2dfbc3d8f53df7ebeffa8c9bc38) C:\Windows\system32\drivers\Apfiltr.sys
18:41:13.0079 6012	ApfiltrService - ok
18:41:13.0142 6012	AppID           (42fd751b27fa0e9c69bb39f39e409594) C:\Windows\system32\drivers\appid.sys
18:41:13.0251 6012	AppID - ok
18:41:13.0282 6012	AppIDSvc        (0bc381a15355a3982216f7172f545de1) C:\Windows\System32\appidsvc.dll
18:41:13.0360 6012	AppIDSvc - ok
18:41:13.0391 6012	Appinfo         (d065be66822847b7f127d1f90158376e) C:\Windows\System32\appinfo.dll
18:41:13.0423 6012	Appinfo - ok
18:41:13.0485 6012	arc             (c484f8ceb1717c540242531db7845c4e) C:\Windows\system32\drivers\arc.sys
18:41:13.0516 6012	arc - ok
18:41:13.0547 6012	arcsas          (019af6924aefe7839f61c830227fe79c) C:\Windows\system32\drivers\arcsas.sys
18:41:13.0579 6012	arcsas - ok
18:41:13.0625 6012	ArcSoftKsUFilter (c130bc4a51b1382b2be8e44579ec4c0a) C:\Windows\system32\DRIVERS\ArcSoftKsUFilter.sys
18:41:13.0625 6012	ArcSoftKsUFilter - ok
18:41:13.0735 6012	aspnet_state    (9217d874131ae6ff8f642f124f00a555) C:\Windows\Microsoft.NET\Framework64\v4.0.30319\aspnet_state.exe
18:41:13.0766 6012	aspnet_state - ok
18:41:13.0797 6012	AsyncMac        (769765ce2cc62867468cea93969b2242) C:\Windows\system32\DRIVERS\asyncmac.sys
18:41:13.0859 6012	AsyncMac - ok
18:41:13.0891 6012	atapi           (02062c0b390b7729edc9e69c680a6f3c) C:\Windows\system32\drivers\atapi.sys
18:41:13.0906 6012	atapi - ok
18:41:13.0984 6012	athr            (cca705cdf038d5bc243203ce4416b345) C:\Windows\system32\DRIVERS\athrx.sys
18:41:14.0047 6012	athr - ok
18:41:14.0234 6012	atikmdag        (ea244a8b88de8b5986bf3b7903b063af) C:\Windows\system32\DRIVERS\atikmdag.sys
18:41:14.0327 6012	atikmdag - ok
18:41:14.0421 6012	AudioEndpointBuilder (07721a77180edd4d39ccb865bf63c7fd) C:\Windows\System32\Audiosrv.dll
18:41:14.0515 6012	AudioEndpointBuilder - ok
18:41:14.0515 6012	AudioSrv        (07721a77180edd4d39ccb865bf63c7fd) C:\Windows\System32\Audiosrv.dll
18:41:14.0577 6012	AudioSrv - ok
18:41:14.0655 6012	avgntflt        (aa8f79a1bdfc03b3bc70c44ab00589b4) C:\Windows\system32\DRIVERS\avgntflt.sys
18:41:14.0671 6012	avgntflt - ok
18:41:14.0717 6012	avipbb          (852e3c0a60d368c487949e55ad52a47f) C:\Windows\system32\DRIVERS\avipbb.sys
18:41:14.0733 6012	avipbb - ok
18:41:14.0764 6012	avkmgr          (248db59fc86de44d2779f4c7fb1a567d) C:\Windows\system32\DRIVERS\avkmgr.sys
18:41:14.0764 6012	avkmgr - ok
18:41:14.0842 6012	AxInstSV        (b20b5fa5ca050e9926e4d1db81501b32) C:\Windows\System32\AxInstSV.dll
18:41:14.0889 6012	AxInstSV - ok
18:41:14.0967 6012	b06bdrv         (3e5b191307609f7514148c6832bb0842) C:\Windows\system32\drivers\bxvbda.sys
18:41:15.0014 6012	b06bdrv - ok
18:41:15.0061 6012	b57nd60a        (b5ace6968304a3900eeb1ebfd9622df2) C:\Windows\system32\DRIVERS\b57nd60a.sys
18:41:15.0107 6012	b57nd60a - ok
18:41:15.0170 6012	BDESVC          (fde360167101b4e45a96f939f388aeb0) C:\Windows\System32\bdesvc.dll
18:41:15.0201 6012	BDESVC - ok
18:41:15.0217 6012	Beep            (16a47ce2decc9b099349a5f840654746) C:\Windows\system32\drivers\Beep.sys
18:41:15.0279 6012	Beep - ok
18:41:15.0326 6012	BFE             (4992c609a6315671463e30f6512bc022) C:\Windows\System32\bfe.dll
18:41:15.0404 6012	BFE - ok
18:41:15.0466 6012	BITS            (7f0c323fe3da28aa4aa1bda3f575707f) C:\Windows\System32\qmgr.dll
18:41:15.0544 6012	BITS - ok
18:41:15.0622 6012	blbdrive        (61583ee3c3a17003c4acd0475646b4d3) C:\Windows\system32\drivers\blbdrive.sys
18:41:15.0669 6012	blbdrive - ok
18:41:15.0716 6012	bowser          (19d20159708e152267e53b66677a4995) C:\Windows\system32\DRIVERS\bowser.sys
18:41:15.0763 6012	bowser - ok
18:41:15.0794 6012	BrFiltLo        (f09eee9edc320b5e1501f749fde686c8) C:\Windows\system32\drivers\BrFiltLo.sys
18:41:15.0825 6012	BrFiltLo - ok
18:41:15.0872 6012	BrFiltUp        (b114d3098e9bdb8bea8b053685831be6) C:\Windows\system32\drivers\BrFiltUp.sys
18:41:15.0887 6012	BrFiltUp - ok
18:41:15.0934 6012	Browser         (94fbc06f294d58d02361918418f996e3) C:\Windows\System32\browser.dll
18:41:15.0997 6012	Browser - ok
18:41:16.0028 6012	Brserid         (43bea8d483bf1870f018e2d02e06a5bd) C:\Windows\System32\Drivers\Brserid.sys
18:41:16.0059 6012	Brserid - ok
18:41:16.0090 6012	BrSerWdm        (a6eca2151b08a09caceca35c07f05b42) C:\Windows\System32\Drivers\BrSerWdm.sys
18:41:16.0121 6012	BrSerWdm - ok
18:41:16.0153 6012	BrUsbMdm        (b79968002c277e869cf38bd22cd61524) C:\Windows\System32\Drivers\BrUsbMdm.sys
18:41:16.0199 6012	BrUsbMdm - ok
18:41:16.0215 6012	BrUsbSer        (a87528880231c54e75ea7a44943b38bf) C:\Windows\System32\Drivers\BrUsbSer.sys
18:41:16.0246 6012	BrUsbSer - ok
18:41:16.0293 6012	BthEnum         (cf98190a94f62e405c8cb255018b2315) C:\Windows\system32\drivers\BthEnum.sys
18:41:16.0340 6012	BthEnum - ok
18:41:16.0371 6012	BTHMODEM        (9da669f11d1f894ab4eb69bf546a42e8) C:\Windows\system32\DRIVERS\bthmodem.sys
18:41:16.0402 6012	BTHMODEM - ok
18:41:16.0433 6012	BthPan          (02dd601b708dd0667e1331fa8518e9ff) C:\Windows\system32\DRIVERS\bthpan.sys
18:41:16.0480 6012	BthPan - ok
18:41:16.0511 6012	BTHPORT         (21084ceb85280468c9aca3c805c0f8cf) C:\Windows\System32\Drivers\BTHport.sys
18:41:16.0543 6012	BTHPORT - ok
18:41:16.0589 6012	bthserv         (95f9c2976059462cbbf227f7aab10de9) C:\Windows\system32\bthserv.dll
18:41:16.0667 6012	bthserv - ok
18:41:16.0699 6012	BTHUSB          (8504842634dd144c075b6b0c982ccec4) C:\Windows\System32\Drivers\BTHUSB.sys
18:41:16.0699 6012	BTHUSB - ok
18:41:16.0792 6012	btwampfl        (59e3510784548c6939c1b3b985c232e3) C:\Windows\system32\drivers\btwampfl.sys
18:41:16.0808 6012	btwampfl - ok
18:41:16.0839 6012	btwaudio        (1872074ed0a3fb22e3f1e3197b984bfa) C:\Windows\system32\drivers\btwaudio.sys
18:41:16.0855 6012	btwaudio - ok
18:41:16.0917 6012	btwavdt         (691cf076c33ab1c3a5b2fd5450300733) C:\Windows\system32\drivers\btwavdt.sys
18:41:16.0933 6012	btwavdt - ok
18:41:17.0042 6012	btwdins         (8ba6e93a182126781952a7895ec1e4b2) C:\Program Files\WIDCOMM\Bluetooth Software\btwdins.exe
18:41:17.0089 6012	btwdins - ok
18:41:17.0104 6012	btwl2cap        (07096d2bc22ccb6cea5a532df0be8a75) C:\Windows\system32\DRIVERS\btwl2cap.sys
18:41:17.0151 6012	btwl2cap - ok
18:41:17.0167 6012	btwrchid        (c9273b20dec8ce38dbce5d29de63c907) C:\Windows\system32\DRIVERS\btwrchid.sys
18:41:17.0167 6012	btwrchid - ok
18:41:17.0198 6012	cdfs            (b8bd2bb284668c84865658c77574381a) C:\Windows\system32\DRIVERS\cdfs.sys
18:41:17.0291 6012	cdfs - ok
18:41:17.0401 6012	cdrom           (83d2d75e1efb81b3450c18131443f7db) C:\Windows\system32\DRIVERS\cdrom.sys
18:41:17.0447 6012	cdrom - ok
18:41:17.0525 6012	CertPropSvc     (312e2f82af11e79906898ac3e3d58a1f) C:\Windows\System32\certprop.dll
18:41:17.0603 6012	CertPropSvc - ok
18:41:17.0650 6012	circlass        (d7cd5c4e1b71fa62050515314cfb52cf) C:\Windows\system32\drivers\circlass.sys
18:41:17.0681 6012	circlass - ok
18:41:17.0697 6012	CLFS            (fe1ec06f2253f691fe36217c592a0206) C:\Windows\system32\CLFS.sys
18:41:17.0713 6012	CLFS - ok
18:41:17.0791 6012	clr_optimization_v2.0.50727_32 (d88040f816fda31c3b466f0fa0918f29) C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe
18:41:17.0791 6012	clr_optimization_v2.0.50727_32 - ok
18:41:17.0853 6012	clr_optimization_v2.0.50727_64 (d1ceea2b47cb998321c579651ce3e4f8) C:\Windows\Microsoft.NET\Framework64\v2.0.50727\mscorsvw.exe
18:41:17.0869 6012	clr_optimization_v2.0.50727_64 - ok
18:41:17.0947 6012	clr_optimization_v4.0.30319_32 (c5a75eb48e2344abdc162bda79e16841) C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe
18:41:17.0978 6012	clr_optimization_v4.0.30319_32 - ok
18:41:18.0025 6012	clr_optimization_v4.0.30319_64 (c6f9af94dcd58122a4d7e89db6bed29d) C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe
18:41:18.0025 6012	clr_optimization_v4.0.30319_64 - ok
18:41:18.0103 6012	CmBatt          (0840155d0bddf1190f84a663c284bd33) C:\Windows\system32\drivers\CmBatt.sys
18:41:18.0134 6012	CmBatt - ok
18:41:18.0165 6012	cmdide          (e19d3f095812725d88f9001985b94edd) C:\Windows\system32\drivers\cmdide.sys
18:41:18.0165 6012	cmdide - ok
18:41:18.0212 6012	CNG             (937beb186a735aca91d717044a49d17e) C:\Windows\system32\Drivers\cng.sys
18:41:18.0243 6012	CNG - ok
18:41:18.0290 6012	Compbatt        (102de219c3f61415f964c88e9085ad14) C:\Windows\system32\drivers\compbatt.sys
18:41:18.0305 6012	Compbatt - ok
18:41:18.0352 6012	CompositeBus    (f26b3a86f6fa87ca360b879581ab4123) C:\Windows\system32\drivers\CompositeBus.sys
18:41:18.0368 6012	CompositeBus - ok
18:41:18.0415 6012	COMSysApp - ok
18:41:18.0446 6012	crcdisk         (1c827878a998c18847245fe1f34ee597) C:\Windows\system32\drivers\crcdisk.sys
18:41:18.0461 6012	crcdisk - ok
18:41:18.0508 6012	CryptSvc        (8c57411b66282c01533cb776f98ad384) C:\Windows\system32\cryptsvc.dll
18:41:18.0586 6012	CryptSvc - ok
18:41:18.0633 6012	CVirtA          (44bddeb03c84a1c993c992ffb5700357) C:\Windows\system32\DRIVERS\CVirtA64.sys
18:41:18.0680 6012	CVirtA - ok
18:41:18.0773 6012	CVPND           (66257cb4e4fb69887cddc71663741435) C:\Program Files (x86)\Cisco Systems\VPN Client\cvpnd.exe
18:41:18.0820 6012	CVPND - ok
18:41:18.0961 6012	CVPNDRVA        (cc8e52daa9826064ba464dbe531f2bb5) C:\Windows\system32\Drivers\CVPNDRVA.sys
18:41:19.0023 6012	CVPNDRVA - ok
18:41:19.0085 6012	DcomLaunch      (7266972e86890e2b30c0c322e906b027) C:\Windows\system32\rpcss.dll
18:41:19.0163 6012	DcomLaunch - ok
18:41:19.0210 6012	defragsvc       (3cec7631a84943677aa8fa8ee5b6b43d) C:\Windows\System32\defragsvc.dll
18:41:19.0273 6012	defragsvc - ok
18:41:19.0319 6012	DfsC            (9c253ce7311ca60fc11c774692a13208) C:\Windows\system32\Drivers\dfsc.sys
18:41:19.0366 6012	DfsC - ok
18:41:19.0413 6012	Dhcp            (ce3b9562d997f69b330d181a8875960f) C:\Windows\system32\dhcpcore.dll
18:41:19.0460 6012	Dhcp - ok
18:41:19.0491 6012	discache        (13096b05847ec78f0977f2c0f79e9ab3) C:\Windows\system32\drivers\discache.sys
18:41:19.0569 6012	discache - ok
18:41:19.0631 6012	Disk            (9819eee8b5ea3784ec4af3b137a5244c) C:\Windows\system32\drivers\disk.sys
18:41:19.0647 6012	Disk - ok
18:41:19.0709 6012	DNE             (05cb5910b3ca6019fc3cca815ee06ffb) C:\Windows\system32\DRIVERS\dne64x.sys
18:41:19.0725 6012	DNE - ok
18:41:19.0772 6012	Dnscache        (85cf424c74a1d5ec33533e1dbff9920a) C:\Windows\System32\dnsrslvr.dll
18:41:19.0834 6012	Dnscache - ok
18:41:19.0865 6012	dot3svc         (14452acdb09b70964c8c21bf80a13acb) C:\Windows\System32\dot3svc.dll
18:41:19.0928 6012	dot3svc - ok
18:41:20.0006 6012	dot4            (b42ed0320c6e41102fde0005154849bb) C:\Windows\system32\DRIVERS\Dot4.sys
18:41:20.0037 6012	dot4 - ok
18:41:20.0068 6012	Dot4Print       (85135ad27e79b689335c08167d917cde) C:\Windows\system32\DRIVERS\Dot4Prt.sys
18:41:20.0115 6012	Dot4Print - ok
18:41:20.0146 6012	Dot4Scan        (488669cd1cd3bdcfdd9a5fda72209069) C:\Windows\system32\DRIVERS\Dot4Scan.sys
18:41:20.0177 6012	Dot4Scan - ok
18:41:20.0209 6012	dot4usb         (fd05a02b0370bc3000f402e543ca5814) C:\Windows\system32\DRIVERS\dot4usb.sys
18:41:20.0240 6012	dot4usb - ok
18:41:20.0271 6012	DPS             (8c2ba6bea949ee6e68385f5692bafb94) C:\Windows\system32\dps.dll
18:41:20.0333 6012	DPS - ok
18:41:20.0380 6012	drmkaud         (9b19f34400d24df84c858a421c205754) C:\Windows\system32\drivers\drmkaud.sys
18:41:20.0396 6012	drmkaud - ok
18:41:20.0443 6012	dtsoftbus01     (9f98d7afa293947a0dfc6ffd4671fe70) C:\Windows\system32\DRIVERS\dtsoftbus01.sys
18:41:20.0489 6012	dtsoftbus01 - ok
18:41:20.0552 6012	DXGKrnl         (1633b9abf52784a1331476397a48cbef) C:\Windows\System32\drivers\dxgkrnl.sys
18:41:20.0583 6012	DXGKrnl - ok
18:41:20.0630 6012	EapHost         (e2dda8726da9cb5b2c4000c9018a9633) C:\Windows\System32\eapsvc.dll
18:41:20.0708 6012	EapHost - ok
18:41:20.0801 6012	ebdrv           (dc5d737f51be844d8c82c695eb17372f) C:\Windows\system32\drivers\evbda.sys
18:41:20.0879 6012	ebdrv - ok
18:41:20.0973 6012	EFS             (156f6159457d0aa7e59b62681b56eb90) C:\Windows\System32\lsass.exe
18:41:21.0004 6012	EFS - ok
18:41:21.0082 6012	ehRecvr         (47c071994c3f649f23d9cd075ac9304a) C:\Windows\ehome\ehRecvr.exe
18:41:21.0129 6012	ehRecvr - ok
18:41:21.0160 6012	ehSched         (4705e8ef9934482c5bb488ce28afc681) C:\Windows\ehome\ehsched.exe
18:41:21.0223 6012	ehSched - ok
18:41:21.0316 6012	elxstor         (0e5da5369a0fcaea12456dd852545184) C:\Windows\system32\drivers\elxstor.sys
18:41:21.0332 6012	elxstor - ok
18:41:21.0379 6012	ErrDev          (34a3c54752046e79a126e15c51db409b) C:\Windows\system32\drivers\errdev.sys
18:41:21.0410 6012	ErrDev - ok
18:41:21.0441 6012	EventSystem     (4166f82be4d24938977dd1746be9b8a0) C:\Windows\system32\es.dll
18:41:21.0503 6012	EventSystem - ok
18:41:21.0535 6012	exfat           (a510c654ec00c1e9bdd91eeb3a59823b) C:\Windows\system32\drivers\exfat.sys
18:41:21.0597 6012	exfat - ok
18:41:21.0613 6012	fastfat         (0adc83218b66a6db380c330836f3e36d) C:\Windows\system32\drivers\fastfat.sys
18:41:21.0659 6012	fastfat - ok
18:41:21.0706 6012	Fax             (d607b2f1bee3992aa6c2c92c0a2f0855) C:\Windows\system32\fxssvc.exe
18:41:21.0769 6012	Fax - ok
18:41:21.0815 6012	fdc             (d765d19cd8ef61f650c384f62fac00ab) C:\Windows\system32\drivers\fdc.sys
18:41:21.0847 6012	fdc - ok
18:41:21.0878 6012	fdPHost         (0438cab2e03f4fb61455a7956026fe86) C:\Windows\system32\fdPHost.dll
18:41:21.0940 6012	fdPHost - ok
18:41:21.0956 6012	FDResPub        (802496cb59a30349f9a6dd22d6947644) C:\Windows\system32\fdrespub.dll
18:41:21.0987 6012	FDResPub - ok
18:41:22.0034 6012	FileInfo        (655661be46b5f5f3fd454e2c3095b930) C:\Windows\system32\drivers\fileinfo.sys
18:41:22.0065 6012	FileInfo - ok
18:41:22.0096 6012	Filetrace       (5f671ab5bc87eea04ec38a6cd5962a47) C:\Windows\system32\drivers\filetrace.sys
18:41:22.0143 6012	Filetrace - ok
18:41:22.0330 6012	FLEXnet Licensing Service (abedfd48ac042c6aaad32452e77217a1) C:\Program Files (x86)\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
18:41:22.0361 6012	FLEXnet Licensing Service - ok
18:41:22.0393 6012	flpydisk        (c172a0f53008eaeb8ea33fe10e177af5) C:\Windows\system32\drivers\flpydisk.sys
18:41:22.0408 6012	flpydisk - ok
18:41:22.0439 6012	FltMgr          (f7866af72abbaf84b1fa5aa195378c59) C:\Windows\system32\drivers\fltmgr.sys
18:41:22.0455 6012	FltMgr - ok
18:41:22.0611 6012	FontCache       (cb5e4b9c319e3c6bb363eb7e58a4a051) C:\Windows\system32\FntCache.dll
18:41:22.0689 6012	FontCache - ok
18:41:22.0814 6012	FontCache3.0.0.0 (8d89e3131c27fdd6932189cb785e1b7a) C:\Windows\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe
18:41:22.0829 6012	FontCache3.0.0.0 - ok
18:41:22.0876 6012	FsDepends       (d43703496149971890703b4b1b723eac) C:\Windows\system32\drivers\FsDepends.sys
18:41:22.0876 6012	FsDepends - ok
18:41:22.0907 6012	Fs_Rec          (e95ef8547de20cf0603557c0cf7a9462) C:\Windows\system32\drivers\Fs_Rec.sys
18:41:22.0907 6012	Fs_Rec - ok
18:41:22.0954 6012	FTDIBUS         (82d4bd620f7e27ea268ea0e2f701a7ae) C:\Windows\system32\drivers\ftdibus.sys
18:41:22.0970 6012	FTDIBUS - ok
18:41:23.0017 6012	FTSER2K         (1fa21ff2d7b50b528d8b73db34ad06bc) C:\Windows\system32\drivers\ftser2k.sys
18:41:23.0032 6012	FTSER2K - ok
18:41:23.0079 6012	fvevol          (ae87ba80d0ec3b57126ed2cdc15b24ed) C:\Windows\system32\DRIVERS\fvevol.sys
18:41:23.0095 6012	fvevol - ok
18:41:23.0157 6012	gagp30kx        (8c778d335c9d272cfd3298ab02abe3b6) C:\Windows\system32\drivers\gagp30kx.sys
18:41:23.0157 6012	gagp30kx - ok
18:41:23.0219 6012	gpsvc           (fe5ab4525bc2ec68b9119a6e5d40128b) C:\Windows\System32\gpsvc.dll
18:41:23.0282 6012	gpsvc - ok
18:41:23.0391 6012	gupdate         (f02a533f517eb38333cb12a9e8963773) C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
18:41:23.0407 6012	gupdate - ok
18:41:23.0453 6012	gupdatem        (f02a533f517eb38333cb12a9e8963773) C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
18:41:23.0469 6012	gupdatem - ok
18:41:23.0547 6012	hcw85cir        (f2523ef6460fc42405b12248338ab2f0) C:\Windows\system32\drivers\hcw85cir.sys
18:41:23.0594 6012	hcw85cir - ok
18:41:23.0656 6012	HdAudAddService (6410f6f415b2a5a9037224c41da8bf12) C:\Windows\system32\drivers\HdAudio.sys
18:41:23.0703 6012	HdAudAddService - ok
18:41:23.0734 6012	HDAudBus        (0a49913402747a0b67de940fb42cbdbb) C:\Windows\system32\drivers\HDAudBus.sys
18:41:23.0797 6012	HDAudBus - ok
18:41:23.0828 6012	HECIx64         (b6ac71aaa2b10848f57fc49d55a651af) C:\Windows\system32\drivers\HECIx64.sys
18:41:23.0859 6012	HECIx64 - ok
18:41:23.0890 6012	HidBatt         (78e86380454a7b10a5eb255dc44a355f) C:\Windows\system32\drivers\HidBatt.sys
18:41:23.0906 6012	HidBatt - ok
18:41:23.0937 6012	HidBth          (7fd2a313f7afe5c4dab14798c48dd104) C:\Windows\system32\drivers\hidbth.sys
18:41:23.0984 6012	HidBth - ok
18:41:24.0031 6012	HidIr           (0a77d29f311b88cfae3b13f9c1a73825) C:\Windows\system32\drivers\hidir.sys
18:41:24.0046 6012	HidIr - ok
18:41:24.0093 6012	hidserv         (bd9eb3958f213f96b97b1d897dee006d) C:\Windows\system32\hidserv.dll
18:41:24.0155 6012	hidserv - ok
18:41:24.0218 6012	HidUsb          (b3bf6b5b50006def50b66306d99fcf6f) C:\Windows\system32\DRIVERS\hidusb.sys
18:41:24.0249 6012	HidUsb - ok
18:41:24.0280 6012	hkmsvc          (efa58ede58dd74388ffd04cb32681518) C:\Windows\system32\kmsvc.dll
18:41:24.0358 6012	hkmsvc - ok
18:41:24.0389 6012	HomeGroupListener (046b2673767ca626e2cfb7fdf735e9e8) C:\Windows\system32\ListSvc.dll
18:41:24.0436 6012	HomeGroupListener - ok
18:41:24.0483 6012	HomeGroupProvider (06a7422224d9865a5613710a089987df) C:\Windows\system32\provsvc.dll
18:41:24.0514 6012	HomeGroupProvider - ok
18:41:24.0592 6012	HpSAMD          (0886d440058f203eba0e1825e4355914) C:\Windows\system32\drivers\HpSAMD.sys
18:41:24.0608 6012	HpSAMD - ok
18:41:24.0670 6012	HTTP            (cee049cac4efa7f4e1e4ad014414a5d4) C:\Windows\system32\drivers\HTTP.sys
18:41:24.0717 6012	HTTP - ok
18:41:24.0733 6012	hwpolicy        (f17766a19145f111856378df337a5d79) C:\Windows\system32\drivers\hwpolicy.sys
18:41:24.0748 6012	hwpolicy - ok
18:41:24.0795 6012	i8042prt        (fa55c73d4affa7ee23ac4be53b4592d3) C:\Windows\system32\drivers\i8042prt.sys
18:41:24.0811 6012	i8042prt - ok
18:41:24.0857 6012	iaStor          (abbf174cb394f5c437410a788b7e404a) C:\Windows\system32\drivers\iaStor.sys
18:41:24.0889 6012	iaStor - ok
18:41:24.0982 6012	IAStorDataMgrSvc (31a0e93cdf29007d6c6fffb632f375ed) C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe
18:41:25.0013 6012	IAStorDataMgrSvc - ok
18:41:25.0060 6012	iaStorV         (b75e45c564e944a2657167d197ab29da) C:\Windows\system32\drivers\iaStorV.sys
18:41:25.0076 6012	iaStorV - ok
18:41:25.0185 6012	idsvc           (2f2be70d3e02b6fa877921ab9516d43c) C:\Windows\Microsoft.NET\Framework64\v3.0\Windows Communication Foundation\infocard.exe
18:41:25.0216 6012	idsvc - ok
18:41:25.0481 6012	igfx            (2a22ab054f4630d2ef4bab2853f6d5f6) C:\Windows\system32\DRIVERS\igdkmd64.sys
18:41:25.0762 6012	igfx ( UnsignedFile.Multi.Generic ) - warning
18:41:25.0762 6012	igfx - detected UnsignedFile.Multi.Generic (1)
18:41:25.0871 6012	iirsp           (5c18831c61933628f5bb0ea2675b9d21) C:\Windows\system32\drivers\iirsp.sys
18:41:25.0887 6012	iirsp - ok
18:41:25.0949 6012	IKEEXT          (c5b4683680df085b57bc53e5ef34861f) C:\Windows\System32\ikeext.dll
18:41:26.0027 6012	IKEEXT - ok
18:41:26.0059 6012	Impcd           (dd587a55390ed2295bce6d36ad567da9) C:\Windows\system32\DRIVERS\Impcd.sys
18:41:26.0090 6012	Impcd - ok
18:41:26.0199 6012	IntcAzAudAddService (526e482afb586cb1cdd687869decf686) C:\Windows\system32\drivers\RTKVHD64.sys
18:41:26.0308 6012	IntcAzAudAddService - ok
18:41:26.0402 6012	IntcDAud        (58cf58dee26c909bd6f977b61d246295) C:\Windows\system32\DRIVERS\IntcDAud.sys
18:41:26.0417 6012	IntcDAud ( UnsignedFile.Multi.Generic ) - warning
18:41:26.0417 6012	IntcDAud - detected UnsignedFile.Multi.Generic (1)
18:41:26.0449 6012	intelide        (f00f20e70c6ec3aa366910083a0518aa) C:\Windows\system32\drivers\intelide.sys
18:41:26.0464 6012	intelide - ok
18:41:26.0511 6012	intelppm        (ada036632c664caa754079041cf1f8c1) C:\Windows\system32\drivers\intelppm.sys
18:41:26.0527 6012	intelppm - ok
18:41:26.0589 6012	IPBusEnum       (098a91c54546a3b878dad6a7e90a455b) C:\Windows\system32\ipbusenum.dll
18:41:26.0667 6012	IPBusEnum - ok
18:41:26.0714 6012	IpFilterDriver  (722dd294df62483cecaae6e094b4d695) C:\Windows\system32\DRIVERS\ipfltdrv.sys
18:41:26.0776 6012	IpFilterDriver - ok
18:41:26.0823 6012	iphlpsvc        (f8e058d17363ec580e4b7232778b6cb5) C:\Windows\System32\iphlpsvc.dll
18:41:26.0901 6012	iphlpsvc - ok
18:41:26.0917 6012	IPMIDRV         (e2b4a4494db7cb9b89b55ca268c337c5) C:\Windows\system32\drivers\IPMIDrv.sys
18:41:26.0948 6012	IPMIDRV - ok
18:41:26.0979 6012	IPNAT           (af9b39a7e7b6caa203b3862582e9f2d0) C:\Windows\system32\drivers\ipnat.sys
18:41:27.0041 6012	IPNAT - ok
18:41:27.0073 6012	irda            (05360b1ea5a2abf620d1d96ebd8bd8f1) C:\Windows\system32\DRIVERS\irda.sys
18:41:27.0119 6012	irda - ok
18:41:27.0166 6012	IRENUM          (3abf5e7213eb28966d55d58b515d5ce9) C:\Windows\system32\drivers\irenum.sys
18:41:27.0182 6012	IRENUM - ok
18:41:27.0229 6012	Irmon           (3848384ab383f0a8f506c4370635c1f9) C:\Windows\System32\irmon.dll
18:41:27.0275 6012	Irmon - ok
18:41:27.0307 6012	isapnp          (2f7b28dc3e1183e5eb418df55c204f38) C:\Windows\system32\drivers\isapnp.sys
18:41:27.0322 6012	isapnp - ok
18:41:27.0369 6012	iScsiPrt        (fa4d2557de56d45b0a346f93564be6e1) C:\Windows\system32\drivers\msiscsi.sys
18:41:27.0385 6012	iScsiPrt - ok
18:41:27.0431 6012	kbdclass        (bc02336f1cba7dcc7d1213bb588a68a5) C:\Windows\system32\DRIVERS\kbdclass.sys
18:41:27.0431 6012	kbdclass - ok
18:41:27.0478 6012	kbdhid          (6def98f8541e1b5dceb2c822a11f7323) C:\Windows\system32\DRIVERS\kbdhid.sys
18:41:27.0509 6012	kbdhid - ok
18:41:27.0541 6012	KeyIso          (156f6159457d0aa7e59b62681b56eb90) C:\Windows\system32\lsass.exe
18:41:27.0572 6012	KeyIso - ok
18:41:27.0587 6012	KSecDD          (16c1b906fc5ead84769f90b736b6bf0e) C:\Windows\system32\Drivers\ksecdd.sys
18:41:27.0619 6012	KSecDD - ok
18:41:27.0650 6012	KSecPkg         (0b711550c56444879d71c7daabda6c83) C:\Windows\system32\Drivers\ksecpkg.sys
18:41:27.0650 6012	KSecPkg - ok
18:41:27.0697 6012	ksthunk         (6869281e78cb31a43e969f06b57347c4) C:\Windows\system32\drivers\ksthunk.sys
18:41:27.0759 6012	ksthunk - ok
18:41:27.0806 6012	KtmRm           (6ab66e16aa859232f64deb66887a8c9c) C:\Windows\system32\msdtckrm.dll
18:41:27.0884 6012	KtmRm - ok
18:41:27.0946 6012	LanmanServer    (81f1d04d4d0e433099365127375fd501) C:\Windows\system32\srvsvc.dll
18:41:27.0993 6012	LanmanServer - ok
18:41:28.0040 6012	LanmanWorkstation (27026eac8818e8a6c00a1cad2f11d29a) C:\Windows\System32\wkssvc.dll
18:41:28.0118 6012	LanmanWorkstation - ok
18:41:28.0196 6012	lltdio          (1538831cf8ad2979a04c423779465827) C:\Windows\system32\DRIVERS\lltdio.sys
18:41:28.0258 6012	lltdio - ok
18:41:28.0289 6012	lltdsvc         (c1185803384ab3feed115f79f109427f) C:\Windows\System32\lltdsvc.dll
18:41:28.0352 6012	lltdsvc - ok
18:41:28.0383 6012	lmhosts         (f993a32249b66c9d622ea5592a8b76b8) C:\Windows\System32\lmhsvc.dll
18:41:28.0430 6012	lmhosts - ok
18:41:28.0508 6012	LMS             (3d23191672d83e90d1cf63927ee98136) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe
18:41:28.0570 6012	LMS - ok
18:41:28.0633 6012	LSI_FC          (1a93e54eb0ece102495a51266dcdb6a6) C:\Windows\system32\drivers\lsi_fc.sys
18:41:28.0648 6012	LSI_FC - ok
18:41:28.0695 6012	LSI_SAS         (1047184a9fdc8bdbff857175875ee810) C:\Windows\system32\drivers\lsi_sas.sys
18:41:28.0695 6012	LSI_SAS - ok
18:41:28.0742 6012	LSI_SAS2        (30f5c0de1ee8b5bc9306c1f0e4a75f93) C:\Windows\system32\drivers\lsi_sas2.sys
18:41:28.0773 6012	LSI_SAS2 - ok
18:41:28.0804 6012	LSI_SCSI        (0504eacaff0d3c8aed161c4b0d369d4a) C:\Windows\system32\drivers\lsi_scsi.sys
18:41:28.0820 6012	LSI_SCSI - ok
18:41:28.0867 6012	luafv           (43d0f98e1d56ccddb0d5254cff7b356e) C:\Windows\system32\drivers\luafv.sys
18:41:28.0929 6012	luafv - ok
18:41:28.0991 6012	MBAMProtector   (79da94b35371b9e7104460c7693dcb2c) C:\Windows\system32\drivers\mbam.sys
18:41:29.0038 6012	MBAMProtector - ok
18:41:29.0116 6012	MBAMService     (056b19651bd7b7ce5f89a3ac46dbdc08) C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe
18:41:29.0147 6012	MBAMService - ok
18:41:29.0194 6012	Mcx2Svc         (f84c8f1000bc11e3b7b23cbd3baff111) C:\Windows\system32\Mcx2Svc.dll
18:41:29.0225 6012	Mcx2Svc - ok
18:41:29.0257 6012	megasas         (a55805f747c6edb6a9080d7c633bd0f4) C:\Windows\system32\drivers\megasas.sys
18:41:29.0272 6012	megasas - ok
18:41:29.0319 6012	MegaSR          (baf74ce0072480c3b6b7c13b2a94d6b3) C:\Windows\system32\drivers\MegaSR.sys
18:41:29.0350 6012	MegaSR - ok
18:41:29.0428 6012	Microsoft Office Groove Audit Service (123271bd5237ab991dc5c21fdf8835eb) C:\Program Files (x86)\Microsoft Office\Office12\GrooveAuditService.exe
18:41:29.0444 6012	Microsoft Office Groove Audit Service - ok
18:41:29.0475 6012	MMCSS           (e40e80d0304a73e8d269f7141d77250b) C:\Windows\system32\mmcss.dll
18:41:29.0537 6012	MMCSS - ok
18:41:29.0569 6012	Modem           (800ba92f7010378b09f9ed9270f07137) C:\Windows\system32\drivers\modem.sys
18:41:29.0678 6012	Modem - ok
18:41:29.0693 6012	monitor         (b03d591dc7da45ece20b3b467e6aadaa) C:\Windows\system32\DRIVERS\monitor.sys
18:41:29.0725 6012	monitor - ok
18:41:29.0756 6012	mouclass        (7d27ea49f3c1f687d357e77a470aea99) C:\Windows\system32\DRIVERS\mouclass.sys
18:41:29.0771 6012	mouclass - ok
18:41:29.0803 6012	mouhid          (d3bf052c40b0c4166d9fd86a4288c1e6) C:\Windows\system32\DRIVERS\mouhid.sys
18:41:29.0818 6012	mouhid - ok
18:41:29.0834 6012	mountmgr        (791af66c4d0e7c90a3646066386fb571) C:\Windows\system32\drivers\mountmgr.sys
18:41:29.0849 6012	mountmgr - ok
18:41:29.0881 6012	mpio            (609d1d87649ecc19796f4d76d4c15cea) C:\Windows\system32\drivers\mpio.sys
18:41:29.0896 6012	mpio - ok
18:41:29.0943 6012	mpsdrv          (6c38c9e45ae0ea2fa5e551f2ed5e978f) C:\Windows\system32\drivers\mpsdrv.sys
18:41:30.0005 6012	mpsdrv - ok
18:41:30.0052 6012	MpsSvc          (aecab449567d1846dad63ece49e893e3) C:\Windows\system32\mpssvc.dll
18:41:30.0115 6012	MpsSvc - ok
18:41:30.0146 6012	MRxDAV          (30524261bb51d96d6fcbac20c810183c) C:\Windows\system32\drivers\mrxdav.sys
18:41:30.0177 6012	MRxDAV - ok
18:41:30.0208 6012	mrxsmb          (040d62a9d8ad28922632137acdd984f2) C:\Windows\system32\DRIVERS\mrxsmb.sys
18:41:30.0224 6012	mrxsmb - ok
18:41:30.0271 6012	mrxsmb10        (f0067552f8f9b33d7c59403ab808a3cb) C:\Windows\system32\DRIVERS\mrxsmb10.sys
18:41:30.0302 6012	mrxsmb10 - ok
18:41:30.0333 6012	mrxsmb20        (3c142d31de9f2f193218a53fe2632051) C:\Windows\system32\DRIVERS\mrxsmb20.sys
18:41:30.0380 6012	mrxsmb20 - ok
18:41:30.0411 6012	msahci          (5c37497276e3b3a5488b23a326a754b7) C:\Windows\system32\drivers\msahci.sys
18:41:30.0427 6012	msahci - ok
18:41:30.0473 6012	msdsm           (8d27b597229aed79430fb9db3bcbfbd0) C:\Windows\system32\drivers\msdsm.sys
18:41:30.0473 6012	msdsm - ok
18:41:30.0520 6012	MSDTC           (de0ece52236cfa3ed2dbfc03f28253a8) C:\Windows\System32\msdtc.exe
18:41:30.0536 6012	MSDTC - ok
18:41:30.0583 6012	Msfs            (aa3fb40e17ce1388fa1bedab50ea8f96) C:\Windows\system32\drivers\Msfs.sys
18:41:30.0614 6012	Msfs - ok
18:41:30.0645 6012	mshidkmdf       (f9d215a46a8b9753f61767fa72a20326) C:\Windows\System32\drivers\mshidkmdf.sys
18:41:30.0676 6012	mshidkmdf - ok
18:41:30.0707 6012	msisadrv        (d916874bbd4f8b07bfb7fa9b3ccae29d) C:\Windows\system32\drivers\msisadrv.sys
18:41:30.0723 6012	msisadrv - ok
18:41:30.0754 6012	MSiSCSI         (808e98ff49b155c522e6400953177b08) C:\Windows\system32\iscsiexe.dll
18:41:30.0801 6012	MSiSCSI - ok
18:41:30.0817 6012	msiserver - ok
18:41:30.0848 6012	MSKSSRV         (49ccf2c4fea34ffad8b1b59d49439366) C:\Windows\system32\drivers\MSKSSRV.sys
18:41:30.0895 6012	MSKSSRV - ok
18:41:30.0910 6012	MSPCLOCK        (bdd71ace35a232104ddd349ee70e1ab3) C:\Windows\system32\drivers\MSPCLOCK.sys
18:41:30.0973 6012	MSPCLOCK - ok
18:41:30.0988 6012	MSPQM           (4ed981241db27c3383d72092b618a1d0) C:\Windows\system32\drivers\MSPQM.sys
18:41:31.0035 6012	MSPQM - ok
18:41:31.0066 6012	MsRPC           (89cb141aa8616d8c6a4610fa26c60964) C:\Windows\system32\drivers\MsRPC.sys
18:41:31.0082 6012	MsRPC - ok
18:41:31.0113 6012	mssmbios        (0eed230e37515a0eaee3c2e1bc97b288) C:\Windows\system32\drivers\mssmbios.sys
18:41:31.0129 6012	mssmbios - ok
18:41:31.0160 6012	MSTEE           (2e66f9ecb30b4221a318c92ac2250779) C:\Windows\system32\drivers\MSTEE.sys
18:41:31.0222 6012	MSTEE - ok
18:41:31.0238 6012	MTConfig        (7ea404308934e675bffde8edf0757bcd) C:\Windows\system32\drivers\MTConfig.sys
18:41:31.0269 6012	MTConfig - ok
18:41:31.0316 6012	Mup             (f9a18612fd3526fe473c1bda678d61c8) C:\Windows\system32\Drivers\mup.sys
18:41:31.0331 6012	Mup - ok
18:41:31.0378 6012	napagent        (4987e079a4530fa737a128be54b63b12) C:\Windows\system32\qagentRT.dll
18:41:31.0441 6012	napagent - ok
18:41:31.0503 6012	NativeWifiP     (1ea3749c4114db3e3161156ffffa6b33) C:\Windows\system32\DRIVERS\nwifi.sys
18:41:31.0565 6012	NativeWifiP - ok
18:41:31.0597 6012	NDIS            (cad515dbd07d082bb317d9928ce8962c) C:\Windows\system32\drivers\ndis.sys
18:41:31.0643 6012	NDIS - ok
18:41:31.0659 6012	NdisCap         (9f9a1f53aad7da4d6fef5bb73ab811ac) C:\Windows\system32\DRIVERS\ndiscap.sys
18:41:31.0706 6012	NdisCap - ok
18:41:31.0737 6012	NdisTapi        (30639c932d9fef22b31268fe25a1b6e5) C:\Windows\system32\DRIVERS\ndistapi.sys
18:41:31.0799 6012	NdisTapi - ok
18:41:31.0846 6012	Ndisuio         (f105ba1e22bf1f2ee8f005d4305e4bec) C:\Windows\system32\DRIVERS\ndisuio.sys
18:41:31.0893 6012	Ndisuio - ok
18:41:31.0924 6012	NdisWan         (557dfab9ca1fcb036ac77564c010dad3) C:\Windows\system32\DRIVERS\ndiswan.sys
18:41:31.0971 6012	NdisWan - ok
18:41:31.0987 6012	NDProxy         (659b74fb74b86228d6338d643cd3e3cf) C:\Windows\system32\drivers\NDProxy.sys
18:41:32.0033 6012	NDProxy - ok
18:41:32.0065 6012	NetBIOS         (86743d9f5d2b1048062b14b1d84501c4) C:\Windows\system32\DRIVERS\netbios.sys
18:41:32.0096 6012	NetBIOS - ok
18:41:32.0127 6012	NetBT           (9162b273a44ab9dce5b44362731d062a) C:\Windows\system32\DRIVERS\netbt.sys
18:41:32.0189 6012	NetBT - ok
18:41:32.0221 6012	Netlogon        (156f6159457d0aa7e59b62681b56eb90) C:\Windows\system32\lsass.exe
18:41:32.0252 6012	Netlogon - ok
18:41:32.0299 6012	Netman          (847d3ae376c0817161a14a82c8922a9e) C:\Windows\System32\netman.dll
18:41:32.0392 6012	Netman - ok
18:41:32.0501 6012	NetMsmqActivator (d22cd77d4f0d63d1169bb35911bff12d) C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe
18:41:32.0517 6012	NetMsmqActivator - ok
18:41:32.0548 6012	NetPipeActivator (d22cd77d4f0d63d1169bb35911bff12d) C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe
18:41:32.0564 6012	NetPipeActivator - ok
18:41:32.0579 6012	netprofm        (5f28111c648f1e24f7dbc87cdeb091b8) C:\Windows\System32\netprofm.dll
18:41:32.0673 6012	netprofm - ok
18:41:32.0689 6012	NetTcpActivator (d22cd77d4f0d63d1169bb35911bff12d) C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe
18:41:32.0689 6012	NetTcpActivator - ok
18:41:32.0704 6012	NetTcpPortSharing (d22cd77d4f0d63d1169bb35911bff12d) C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe
18:41:32.0704 6012	NetTcpPortSharing - ok
18:41:32.0767 6012	nfrd960         (77889813be4d166cdab78ddba990da92) C:\Windows\system32\drivers\nfrd960.sys
18:41:32.0798 6012	nfrd960 - ok
18:41:32.0845 6012	NlaSvc          (d9a0ce66046d6efa0c61baa885cba0a8) C:\Windows\System32\nlasvc.dll
18:41:32.0923 6012	NlaSvc - ok
18:41:32.0954 6012	Npfs            (1e4c4ab5c9b8dd13179bbdc75a2a01f7) C:\Windows\system32\drivers\Npfs.sys
18:41:33.0032 6012	Npfs - ok
18:41:33.0063 6012	nsi             (d54bfdf3e0c953f823b3d0bfe4732528) C:\Windows\system32\nsisvc.dll
18:41:33.0110 6012	nsi - ok
18:41:33.0125 6012	nsiproxy        (e7f5ae18af4168178a642a9247c63001) C:\Windows\system32\drivers\nsiproxy.sys
18:41:33.0172 6012	nsiproxy - ok
18:41:33.0219 6012	Ntfs            (378e0e0dfea67d98ae6ea53adbbd76bc) C:\Windows\system32\drivers\Ntfs.sys
18:41:33.0266 6012	Ntfs - ok
18:41:33.0297 6012	Null            (9899284589f75fa8724ff3d16aed75c1) C:\Windows\system32\drivers\Null.sys
18:41:33.0328 6012	Null - ok
18:41:33.0375 6012	nvraid          (a4d9c9a608a97f59307c2f2600edc6a4) C:\Windows\system32\drivers\nvraid.sys
18:41:33.0422 6012	nvraid - ok
18:41:33.0469 6012	nvstor          (6c1d5f70e7a6a3fd1c90d840edc048b9) C:\Windows\system32\drivers\nvstor.sys
18:41:33.0484 6012	nvstor - ok
18:41:33.0515 6012	nv_agp          (270d7cd42d6e3979f6dd0146650f0e05) C:\Windows\system32\drivers\nv_agp.sys
18:41:33.0531 6012	nv_agp - ok
18:41:33.0625 6012	odserv          (785f487a64950f3cb8e9f16253ba3b7b) C:\Program Files (x86)\Common Files\Microsoft Shared\OFFICE12\ODSERV.EXE
18:41:33.0656 6012	odserv - ok
18:41:33.0687 6012	ohci1394        (3589478e4b22ce21b41fa1bfc0b8b8a0) C:\Windows\system32\drivers\ohci1394.sys
18:41:33.0703 6012	ohci1394 - ok
18:41:33.0749 6012	ose             (5a432a042dae460abe7199b758e8606c) C:\Program Files (x86)\Common Files\Microsoft Shared\Source Engine\OSE.EXE
18:41:33.0765 6012	ose - ok
18:41:33.0812 6012	p2pimsvc        (3eac4455472cc2c97107b5291e0dcafe) C:\Windows\system32\pnrpsvc.dll
18:41:33.0859 6012	p2pimsvc - ok
18:41:33.0905 6012	p2psvc          (927463ecb02179f88e4b9a17568c63c3) C:\Windows\system32\p2psvc.dll
18:41:33.0937 6012	p2psvc - ok
18:41:33.0983 6012	Parport         (0086431c29c35be1dbc43f52cc273887) C:\Windows\system32\drivers\parport.sys
18:41:33.0999 6012	Parport - ok
18:41:34.0046 6012	partmgr         (7daa117143316c4a1537e074a5a9eaf0) C:\Windows\system32\drivers\partmgr.sys
18:41:34.0061 6012	partmgr - ok
18:41:34.0093 6012	PcaSvc          (3aeaa8b561e63452c655dc0584922257) C:\Windows\System32\pcasvc.dll
18:41:34.0139 6012	PcaSvc - ok
18:41:34.0171 6012	pci             (f36f6504009f2fb0dfd1b17a116ad74b) C:\Windows\system32\drivers\pci.sys
18:41:34.0186 6012	pci - ok
18:41:34.0217 6012	pciide          (b5b8b5ef2e5cb34df8dcf8831e3534fa) C:\Windows\system32\drivers\pciide.sys
18:41:34.0217 6012	pciide - ok
18:41:34.0249 6012	pcmcia          (b2e81d4e87ce48589f98cb8c05b01f2f) C:\Windows\system32\drivers\pcmcia.sys
18:41:34.0264 6012	pcmcia - ok
18:41:34.0280 6012	pcw             (d6b9c2e1a11a3a4b26a182ffef18f603) C:\Windows\system32\drivers\pcw.sys
18:41:34.0295 6012	pcw - ok
18:41:34.0327 6012	PEAUTH          (68769c3356b3be5d1c732c97b9a80d6e) C:\Windows\system32\drivers\peauth.sys
18:41:34.0389 6012	PEAUTH - ok
18:41:34.0451 6012	PerfHost        (e495e408c93141e8fc72dc0c6046ddfa) C:\Windows\SysWow64\perfhost.exe
18:41:34.0483 6012	PerfHost - ok
18:41:34.0561 6012	pla             (557e9a86f65f0de18c9b6751dfe9d3f1) C:\Windows\system32\pla.dll
18:41:34.0654 6012	pla - ok
18:41:34.0701 6012	PlugPlay        (98b1721b8718164293b9701b98c52d77) C:\Windows\system32\umpnpmgr.dll
18:41:34.0748 6012	PlugPlay - ok
18:41:34.0841 6012	PMBDeviceInfoProvider (80e85394d8cd7f84340b1c6f4b9d698f) C:\Program Files (x86)\Sony\PMB\PMBDeviceInfoProvider.exe
18:41:34.0857 6012	PMBDeviceInfoProvider - ok
18:41:34.0904 6012	PNRPAutoReg     (7195581cec9bb7d12abe54036acc2e38) C:\Windows\system32\pnrpauto.dll
18:41:34.0919 6012	PNRPAutoReg - ok
18:41:34.0951 6012	PNRPsvc         (3eac4455472cc2c97107b5291e0dcafe) C:\Windows\system32\pnrpsvc.dll
18:41:34.0966 6012	PNRPsvc - ok
18:41:35.0029 6012	PolarUSB - ok
18:41:35.0075 6012	PolicyAgent     (166eb40d1f5b47e615de3d0fffe5f243) C:\Windows\System32\ipsecsvc.dll
18:41:35.0122 6012	PolicyAgent - ok
18:41:35.0169 6012	Power           (6ba9d927dded70bd1a9caded45f8b184) C:\Windows\system32\umpo.dll
18:41:35.0231 6012	Power - ok
18:41:35.0278 6012	PptpMiniport    (27cc19e81ba5e3403c48302127bda717) C:\Windows\system32\DRIVERS\raspptp.sys
18:41:35.0387 6012	PptpMiniport - ok
18:41:35.0403 6012	Processor       (0d922e23c041efb1c3fac2a6f943c9bf) C:\Windows\system32\drivers\processr.sys
18:41:35.0434 6012	Processor - ok
18:41:35.0481 6012	ProfSvc         (f381975e1f4346de875cb07339ce8d3a) C:\Windows\system32\profsvc.dll
18:41:35.0528 6012	ProfSvc - ok
18:41:35.0559 6012	ProtectedStorage (156f6159457d0aa7e59b62681b56eb90) C:\Windows\system32\lsass.exe
18:41:35.0590 6012	ProtectedStorage - ok
18:41:35.0699 6012	Psched          (ee992183bd8eaefd9973f352e587a299) C:\Windows\system32\DRIVERS\pacer.sys
18:41:35.0762 6012	Psched - ok
18:41:35.0809 6012	PxHlpa64        (fbf4db6d53585437e41a113300002a2b) C:\Windows\system32\Drivers\PxHlpa64.sys
18:41:35.0855 6012	PxHlpa64 - ok
18:41:35.0996 6012	ql2300          (a53a15a11ebfd21077463ee2c7afeef0) C:\Windows\system32\drivers\ql2300.sys
18:41:36.0058 6012	ql2300 - ok
18:41:36.0089 6012	ql40xx          (4f6d12b51de1aaeff7dc58c4d75423c8) C:\Windows\system32\drivers\ql40xx.sys
18:41:36.0105 6012	ql40xx - ok
18:41:36.0152 6012	QWAVE           (906191634e99aea92c4816150bda3732) C:\Windows\system32\qwave.dll
18:41:36.0183 6012	QWAVE - ok
18:41:36.0230 6012	QWAVEdrv        (76707bb36430888d9ce9d705398adb6c) C:\Windows\system32\drivers\qwavedrv.sys
18:41:36.0261 6012	QWAVEdrv - ok
18:41:36.0277 6012	RasAcd          (5a0da8ad5762fa2d91678a8a01311704) C:\Windows\system32\DRIVERS\rasacd.sys
18:41:36.0355 6012	RasAcd - ok
18:41:36.0386 6012	RasAgileVpn     (7ecff9b22276b73f43a99a15a6094e90) C:\Windows\system32\DRIVERS\AgileVpn.sys
18:41:36.0464 6012	RasAgileVpn - ok
18:41:36.0495 6012	RasAuto         (8f26510c5383b8dbe976de1cd00fc8c7) C:\Windows\System32\rasauto.dll
18:41:36.0557 6012	RasAuto - ok
18:41:36.0573 6012	Rasl2tp         (87a6e852a22991580d6d39adc4790463) C:\Windows\system32\DRIVERS\rasl2tp.sys
18:41:36.0620 6012	Rasl2tp - ok
18:41:36.0682 6012	RasMan          (47394ed3d16d053f5906efe5ab51cc83) C:\Windows\System32\rasmans.dll
18:41:36.0745 6012	RasMan - ok
18:41:36.0807 6012	RasPppoe        (855c9b1cd4756c5e9a2aa58a15f58c25) C:\Windows\system32\DRIVERS\raspppoe.sys
18:41:36.0869 6012	RasPppoe - ok
18:41:36.0901 6012	RasSstp         (e8b1e447b008d07ff47d016c2b0eeecb) C:\Windows\system32\DRIVERS\rassstp.sys
18:41:36.0947 6012	RasSstp - ok
18:41:36.0979 6012	rdbss           (3bac8142102c15d59a87757c1d41dce5) C:\Windows\system32\DRIVERS\rdbss.sys
18:41:37.0025 6012	rdbss - ok
18:41:37.0057 6012	rdpbus          (302da2a0539f2cf54d7c6cc30c1f2d8d) C:\Windows\system32\drivers\rdpbus.sys
18:41:37.0088 6012	rdpbus - ok
18:41:37.0119 6012	RDPCDD          (cea6cc257fc9b7715f1c2b4849286d24) C:\Windows\system32\DRIVERS\RDPCDD.sys
18:41:37.0166 6012	RDPCDD - ok
18:41:37.0181 6012	RDPENCDD        (bb5971a4f00659529a5c44831af22365) C:\Windows\system32\drivers\rdpencdd.sys
18:41:37.0244 6012	RDPENCDD - ok
18:41:37.0259 6012	RDPREFMP        (216f3fa57533d98e1f74ded70113177a) C:\Windows\system32\drivers\rdprefmp.sys
18:41:37.0306 6012	RDPREFMP - ok
18:41:37.0353 6012	RDPWD           (074ac702d8b8b660b0e1371555995386) C:\Windows\system32\drivers\RDPWD.sys
18:41:37.0400 6012	RDPWD - ok
18:41:37.0447 6012	rdyboost        (e5dc9ba9e439d6dbdd79f8caacb5bf01) C:\Windows\system32\drivers\rdyboost.sys
18:41:37.0478 6012	rdyboost - ok
18:41:37.0525 6012	RemoteAccess    (254fb7a22d74e5511c73a3f6d802f192) C:\Windows\System32\mprdim.dll
18:41:37.0571 6012	RemoteAccess - ok
18:41:37.0618 6012	RemoteRegistry  (e4d94f24081440b5fc5aa556c7c62702) C:\Windows\system32\regsvc.dll
18:41:37.0696 6012	RemoteRegistry - ok
18:41:37.0727 6012	RFCOMM          (3dd798846e2c28102b922c56e71b7932) C:\Windows\system32\DRIVERS\rfcomm.sys
18:41:37.0774 6012	RFCOMM - ok
18:41:37.0821 6012	rimspci         (fa6abc06b629da29634d31f1fe0347bd) C:\Windows\system32\drivers\rimssne64.sys
18:41:37.0837 6012	rimspci - ok
18:41:37.0883 6012	risdsnpe        (8f8539a7f5c117d4407b2985995671f2) C:\Windows\system32\drivers\risdsne64.sys
18:41:37.0899 6012	risdsnpe - ok
18:41:37.0930 6012	RpcEptMapper    (e4dc58cf7b3ea515ae917ff0d402a7bb) C:\Windows\System32\RpcEpMap.dll
18:41:37.0993 6012	RpcEptMapper - ok
18:41:38.0024 6012	RpcLocator      (d5ba242d4cf8e384db90e6a8ed850b8c) C:\Windows\system32\locator.exe
18:41:38.0024 6012	RpcLocator - ok
18:41:38.0071 6012	RpcSs           (7266972e86890e2b30c0c322e906b027) C:\Windows\system32\rpcss.dll
18:41:38.0117 6012	RpcSs - ok
18:41:38.0149 6012	rspndr          (ddc86e4f8e7456261e637e3552e804ff) C:\Windows\system32\DRIVERS\rspndr.sys
18:41:38.0227 6012	rspndr - ok
18:41:38.0305 6012	RTHDMIAzAudService (d6d381b76056c668679723938f06f16c) C:\Windows\system32\drivers\RtHDMIVX.sys
18:41:38.0351 6012	RTHDMIAzAudService - ok
18:41:38.0414 6012	SamSs           (156f6159457d0aa7e59b62681b56eb90) C:\Windows\system32\lsass.exe
18:41:38.0429 6012	SamSs - ok
18:41:38.0476 6012	sbp2port        (e3bbb89983daf5622c1d50cf49f28227) C:\Windows\system32\drivers\sbp2port.sys
18:41:38.0492 6012	sbp2port - ok
18:41:38.0539 6012	SCardSvr        (9b7395789e3791a3b6d000fe6f8b131e) C:\Windows\System32\SCardSvr.dll
18:41:38.0601 6012	SCardSvr - ok
18:41:38.0632 6012	scfilter        (c94da20c7e3ba1dca269bc8460d98387) C:\Windows\system32\DRIVERS\scfilter.sys
18:41:38.0695 6012	scfilter - ok
18:41:38.0741 6012	Schedule        (624d0f5ff99428bb90a5b8a4123e918e) C:\Windows\system32\schedsvc.dll
18:41:38.0804 6012	Schedule - ok
18:41:38.0851 6012	SCPolicySvc     (312e2f82af11e79906898ac3e3d58a1f) C:\Windows\System32\certprop.dll
18:41:38.0913 6012	SCPolicySvc - ok
18:41:38.0991 6012	sdbus           (2c8d162efaf73abd36d8bcbb6340cae7) C:\Windows\system32\DRIVERS\sdbus.sys
18:41:39.0022 6012	sdbus - ok
18:41:39.0069 6012	SDRSVC          (765a27c3279ce11d14cb9e4f5869fca5) C:\Windows\System32\SDRSVC.dll
18:41:39.0131 6012	SDRSVC - ok
18:41:39.0163 6012	secdrv          (3ea8a16169c26afbeb544e0e48421186) C:\Windows\system32\drivers\secdrv.sys
18:41:39.0225 6012	secdrv - ok
18:41:39.0256 6012	seclogon        (463b386ebc70f98da5dff85f7e654346) C:\Windows\system32\seclogon.dll
18:41:39.0303 6012	seclogon - ok
18:41:39.0334 6012	SENS            (c32ab8fa018ef34c0f113bd501436d21) C:\Windows\System32\sens.dll
18:41:39.0428 6012	SENS - ok
18:41:39.0459 6012	SensrSvc        (0336cffafaab87a11541f1cf1594b2b2) C:\Windows\system32\sensrsvc.dll
18:41:39.0506 6012	SensrSvc - ok
18:41:39.0553 6012	Serenum         (cb624c0035412af0debec78c41f5ca1b) C:\Windows\system32\DRIVERS\serenum.sys
18:41:39.0584 6012	Serenum - ok
18:41:39.0615 6012	Serial          (c1d8e28b2c2adfaec4ba89e9fda69bd6) C:\Windows\system32\drivers\serial.sys
18:41:39.0646 6012	Serial - ok
18:41:39.0693 6012	sermouse        (1c545a7d0691cc4a027396535691c3e3) C:\Windows\system32\drivers\sermouse.sys
18:41:39.0724 6012	sermouse - ok
18:41:39.0771 6012	SessionEnv      (c3bc61ce47ff6f4e88ab8a3b429a36af) C:\Windows\system32\sessenv.dll
18:41:39.0833 6012	SessionEnv - ok
18:41:39.0865 6012	SFEP            (286d3889e6ab5589646ff8a63cb928ae) C:\Windows\system32\drivers\SFEP.sys
18:41:39.0896 6012	SFEP - ok
18:41:39.0911 6012	sffdisk         (a554811bcd09279536440c964ae35bbf) C:\Windows\system32\drivers\sffdisk.sys
18:41:39.0958 6012	sffdisk - ok
18:41:39.0989 6012	sffp_mmc        (ff414f0baefeba59bc6c04b3db0b87bf) C:\Windows\system32\drivers\sffp_mmc.sys
18:41:40.0005 6012	sffp_mmc - ok
18:41:40.0036 6012	sffp_sd         (178298f767fe638c9fedcbdef58bb5e4) C:\Windows\system32\drivers\sffp_sd.sys
18:41:40.0067 6012	sffp_sd - ok
18:41:40.0114 6012	sfloppy         (a9d601643a1647211a1ee2ec4e433ff4) C:\Windows\system32\drivers\sfloppy.sys
18:41:40.0130 6012	sfloppy - ok
18:41:40.0177 6012	SharedAccess    (b95f6501a2f8b2e78c697fec401970ce) C:\Windows\System32\ipnathlp.dll
18:41:40.0239 6012	SharedAccess - ok
18:41:40.0286 6012	ShellHWDetection (0298ac45d0efffb2db4baa7dd186e7bf) C:\Windows\System32\shsvcs.dll
18:41:40.0333 6012	ShellHWDetection - ok
18:41:40.0379 6012	SiSRaid2        (843caf1e5fde1ffd5ff768f23a51e2e1) C:\Windows\system32\drivers\SiSRaid2.sys
18:41:40.0395 6012	SiSRaid2 - ok
18:41:40.0411 6012	SiSRaid4        (6a6c106d42e9ffff8b9fcb4f754f6da4) C:\Windows\system32\drivers\sisraid4.sys
18:41:40.0426 6012	SiSRaid4 - ok
18:41:40.0473 6012	Smb             (548260a7b8654e024dc30bf8a7c5baa4) C:\Windows\system32\DRIVERS\smb.sys
18:41:40.0535 6012	Smb - ok
18:41:40.0551 6012	SNMPTRAP        (6313f223e817cc09aa41811daa7f541d) C:\Windows\System32\snmptrap.exe
18:41:40.0582 6012	SNMPTRAP - ok
18:41:40.0598 6012	spldr           (b9e31e5cacdfe584f34f730a677803f9) C:\Windows\system32\drivers\spldr.sys
18:41:40.0613 6012	spldr - ok
18:41:40.0660 6012	Spooler         (f8e1fa03cb70d54a9892ac88b91d1e7b) C:\Windows\System32\spoolsv.exe
18:41:40.0691 6012	Spooler - ok
18:41:40.0801 6012	sppsvc          (913d843498553a1bc8f8dbad6358e49f) C:\Windows\system32\sppsvc.exe
18:41:40.0879 6012	sppsvc - ok
18:41:40.0957 6012	sppuinotify     (93d7d61317f3d4bc4f4e9f8a96a7de45) C:\Windows\system32\sppuinotify.dll
18:41:41.0019 6012	sppuinotify - ok
18:41:41.0066 6012	srv             (2408c0366d96bcdf63e8f1c78e4a29c5) C:\Windows\system32\DRIVERS\srv.sys
18:41:41.0113 6012	srv - ok
18:41:41.0128 6012	srv2            (76548f7b818881b47d8d1ae1be9c11f8) C:\Windows\system32\DRIVERS\srv2.sys
18:41:41.0159 6012	srv2 - ok
18:41:41.0191 6012	srvnet          (0af6e19d39c70844c5caa8fb0183c36e) C:\Windows\system32\DRIVERS\srvnet.sys
18:41:41.0222 6012	srvnet - ok
18:41:41.0269 6012	SSDPSRV         (51b52fbd583cde8aa9ba62b8b4298f33) C:\Windows\System32\ssdpsrv.dll
18:41:41.0331 6012	SSDPSRV - ok
18:41:41.0347 6012	SstpSvc         (ab7aebf58dad8daab7a6c45e6a8885cb) C:\Windows\system32\sstpsvc.dll
18:41:41.0393 6012	SstpSvc - ok
18:41:41.0456 6012	Steam Client Service - ok
18:41:41.0518 6012	stexstor        (f3817967ed533d08327dc73bc4d5542a) C:\Windows\system32\drivers\stexstor.sys
18:41:41.0534 6012	stexstor - ok
18:41:41.0596 6012	StillCam        (decacb6921ded1a38642642685d77dac) C:\Windows\system32\DRIVERS\serscan.sys
18:41:41.0627 6012	StillCam - ok
18:41:41.0705 6012	STIrUsb         (1a807a037503b285016e61100d04614a) C:\Windows\system32\DRIVERS\irstusb.sys
18:41:41.0737 6012	STIrUsb - ok
18:41:41.0799 6012	stisvc          (52d0e33b681bd0f33fdc08812fee4f7d) C:\Windows\System32\wiaservc.dll
18:41:41.0830 6012	stisvc - ok
18:41:41.0877 6012	swenum          (d01ec09b6711a5f8e7e6564a4d0fbc90) C:\Windows\system32\drivers\swenum.sys
18:41:41.0893 6012	swenum - ok
18:41:41.0924 6012	swprv           (e08e46fdd841b7184194011ca1955a0b) C:\Windows\System32\swprv.dll
18:41:42.0002 6012	swprv - ok
18:41:42.0064 6012	SysMain         (3c1284516a62078fb68f768de4f1a7be) C:\Windows\system32\sysmain.dll
18:41:42.0127 6012	SysMain - ok
18:41:42.0158 6012	TabletInputService (238935c3cf2854886dc7cbb2a0e2cc66) C:\Windows\System32\TabSvc.dll
18:41:42.0189 6012	TabletInputService - ok
18:41:42.0220 6012	TapiSrv         (884264ac597b690c5707c89723bb8e7b) C:\Windows\System32\tapisrv.dll
18:41:42.0283 6012	TapiSrv - ok
18:41:42.0298 6012	TBS             (1be03ac720f4d302ea01d40f588162f6) C:\Windows\System32\tbssvc.dll
18:41:42.0345 6012	TBS - ok
18:41:42.0423 6012	Tcpip           (f18f56efc0bfb9c87ba01c37b27f4da5) C:\Windows\system32\drivers\tcpip.sys
18:41:42.0501 6012	Tcpip - ok
18:41:42.0563 6012	TCPIP6          (f18f56efc0bfb9c87ba01c37b27f4da5) C:\Windows\system32\DRIVERS\tcpip.sys
18:41:42.0595 6012	TCPIP6 - ok
18:41:42.0626 6012	tcpipreg        (76d078af6f587b162d50210f761eb9ed) C:\Windows\system32\drivers\tcpipreg.sys
18:41:42.0657 6012	tcpipreg - ok
18:41:42.0688 6012	TDPIPE          (3371d21011695b16333a3934340c4e7c) C:\Windows\system32\drivers\tdpipe.sys
18:41:42.0719 6012	TDPIPE - ok
18:41:42.0751 6012	TDTCP           (7518f7bcfd4b308abc9192bacaf6c970) C:\Windows\system32\drivers\tdtcp.sys
18:41:42.0766 6012	TDTCP - ok
18:41:42.0797 6012	tdx             (079125c4b17b01fcaeebce0bcb290c0f) C:\Windows\system32\DRIVERS\tdx.sys
18:41:42.0860 6012	tdx - ok
18:41:42.0922 6012	TermDD          (c448651339196c0e869a355171875522) C:\Windows\system32\drivers\termdd.sys
18:41:42.0938 6012	TermDD - ok
18:41:42.0985 6012	TermService     (0f05ec2887bfe197ad82a13287d2f404) C:\Windows\System32\termsrv.dll
18:41:43.0063 6012	TermService - ok
18:41:43.0094 6012	Themes          (f0344071948d1a1fa732231785a0664c) C:\Windows\system32\themeservice.dll
18:41:43.0109 6012	Themes - ok
18:41:43.0156 6012	THREADORDER     (e40e80d0304a73e8d269f7141d77250b) C:\Windows\system32\mmcss.dll
18:41:43.0187 6012	THREADORDER - ok
18:41:43.0219 6012	TrkWks          (7e7afd841694f6ac397e99d75cead49d) C:\Windows\System32\trkwks.dll
18:41:43.0265 6012	TrkWks - ok
18:41:43.0328 6012	TrustedInstaller (840f7fb849f5887a49ba18c13b2da920) C:\Windows\servicing\TrustedInstaller.exe
18:41:43.0343 6012	TrustedInstaller - ok
18:41:43.0421 6012	tssecsrv        (61b96c26131e37b24e93327a0bd1fb95) C:\Windows\system32\DRIVERS\tssecsrv.sys
18:41:43.0499 6012	tssecsrv - ok
18:41:43.0531 6012	tunnel          (3836171a2cdf3af8ef10856db9835a70) C:\Windows\system32\DRIVERS\tunnel.sys
18:41:43.0593 6012	tunnel - ok
18:41:43.0609 6012	uagp35          (b4dd609bd7e282bfc683cec7eaaaad67) C:\Windows\system32\drivers\uagp35.sys
18:41:43.0624 6012	uagp35 - ok
18:41:43.0671 6012	uCamMonitor     (63f6d08c54d5b3c1b12a6172032055c7) C:\Program Files (x86)\ArcSoft\Magic-i Visual Effects 2\uCamMonitor.exe
18:41:43.0718 6012	uCamMonitor - ok
18:41:43.0749 6012	udfs            (0e5e962b5649d544be54e8c90761ea2b) C:\Windows\system32\DRIVERS\udfs.sys
18:41:43.0796 6012	udfs - ok
18:41:43.0843 6012	UI0Detect       (3cbdec8d06b9968aba702eba076364a1) C:\Windows\system32\UI0Detect.exe
18:41:43.0858 6012	UI0Detect - ok
18:41:43.0905 6012	uliagpkx        (4bfe1bc28391222894cbf1e7d0e42320) C:\Windows\system32\drivers\uliagpkx.sys
18:41:43.0905 6012	uliagpkx - ok
18:41:43.0952 6012	umbus           (eab6c35e62b1b0db0d1b48b671d3a117) C:\Windows\system32\DRIVERS\umbus.sys
18:41:43.0967 6012	umbus - ok
18:41:44.0014 6012	UmPass          (b2e8e8cb557b156da5493bbddcc1474d) C:\Windows\system32\drivers\umpass.sys
18:41:44.0030 6012	UmPass - ok
18:41:44.0186 6012	UNS             (11a559e0f10cc5e788984023df400a6f) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe
18:41:44.0248 6012	UNS - ok
18:41:44.0326 6012	upnphost        (d47ec6a8e81633dd18d2436b19baf6de) C:\Windows\System32\upnphost.dll
18:41:44.0389 6012	upnphost - ok
18:41:44.0467 6012	usbaudio        (77b01bc848298223a95d4ec23e1785a1) C:\Windows\system32\drivers\usbaudio.sys
18:41:44.0498 6012	usbaudio - ok
18:41:44.0545 6012	usbccgp         (7b6a127c93ee590e4d79a5f2a76fe46f) C:\Windows\system32\DRIVERS\usbccgp.sys
18:41:44.0591 6012	usbccgp - ok
18:41:44.0638 6012	usbcir          (af0892a803fdda7492f595368e3b68e7) C:\Windows\system32\drivers\usbcir.sys
18:41:44.0669 6012	usbcir - ok
18:41:44.0701 6012	usbehci         (92969ba5ac44e229c55a332864f79677) C:\Windows\system32\drivers\usbehci.sys
18:41:44.0716 6012	usbehci - ok
18:41:44.0747 6012	usbhub          (e7df1cfd28ca86b35ef5add0735ceef3) C:\Windows\system32\DRIVERS\usbhub.sys
18:41:44.0779 6012	usbhub - ok
18:41:44.0810 6012	usbohci         (f1bb1e55f1e7a65c5839ccc7b36d773e) C:\Windows\system32\drivers\usbohci.sys
18:41:44.0825 6012	usbohci - ok
18:41:44.0888 6012	usbprint        (73188f58fb384e75c4063d29413cee3d) C:\Windows\system32\DRIVERS\usbprint.sys
18:41:44.0919 6012	usbprint - ok
18:41:44.0966 6012	usbscan         (aaa2513c8aed8b54b189fd0c6b1634c0) C:\Windows\system32\DRIVERS\usbscan.sys
18:41:44.0997 6012	usbscan - ok
18:41:45.0028 6012	USBSTOR         (f39983647bc1f3e6100778ddfe9dce29) C:\Windows\system32\DRIVERS\USBSTOR.SYS
18:41:45.0075 6012	USBSTOR - ok
18:41:45.0106 6012	usbuhci         (bc3070350a491d84b518d7cca9abd36f) C:\Windows\system32\drivers\usbuhci.sys
18:41:45.0122 6012	usbuhci - ok
18:41:45.0184 6012	usbvideo        (7cb8c573c6e4a2714402cc0a36eab4fe) C:\Windows\system32\Drivers\usbvideo.sys
18:41:45.0200 6012	usbvideo - ok
18:41:45.0231 6012	UxSms           (edbb23cbcf2cdf727d64ff9b51a6070e) C:\Windows\System32\uxsms.dll
18:41:45.0293 6012	UxSms - ok
18:41:45.0387 6012	VAIO Event Service (a60605fc66552b421ee1f3d4ebb9a4e0) C:\Program Files (x86)\Sony\VAIO Event Service\VESMgr.exe
18:41:45.0403 6012	VAIO Event Service - ok
18:41:45.0496 6012	VAIO Power Management (d469be2723f79cf4b384680b1fdc577d) C:\Program Files\Sony\VAIO Power Management\SPMService.exe
18:41:45.0527 6012	VAIO Power Management - ok
18:41:45.0559 6012	VaultSvc        (156f6159457d0aa7e59b62681b56eb90) C:\Windows\system32\lsass.exe
18:41:45.0590 6012	VaultSvc - ok
18:41:45.0652 6012	VCService       (d347d3abe070aa09c22fc37121555d52) C:\Program Files\Sony\VAIO Care\VCService.exe
18:41:45.0668 6012	VCService - ok
18:41:45.0730 6012	vdrvroot        (c5c876ccfc083ff3b128f933823e87bd) C:\Windows\system32\drivers\vdrvroot.sys
18:41:45.0746 6012	vdrvroot - ok
18:41:45.0793 6012	vds             (44d73e0bbc1d3c8981304ba15135c2f2) C:\Windows\System32\vds.exe
18:41:45.0824 6012	vds - ok
18:41:45.0855 6012	vga             (da4da3f5e02943c2dc8c6ed875de68dd) C:\Windows\system32\DRIVERS\vgapnp.sys
18:41:45.0871 6012	vga - ok
18:41:45.0886 6012	VgaSave         (53e92a310193cb3c03bea963de7d9cfc) C:\Windows\System32\drivers\vga.sys
18:41:45.0949 6012	VgaSave - ok
18:41:45.0980 6012	vhdmp           (c82e748660f62a242b2dfac1442f22a4) C:\Windows\system32\drivers\vhdmp.sys
18:41:46.0011 6012	vhdmp - ok
18:41:46.0042 6012	viaide          (e5689d93ffe4e5d66c0178761240dd54) C:\Windows\system32\drivers\viaide.sys
18:41:46.0073 6012	viaide - ok
18:41:46.0089 6012	volmgr          (2b1a3dae2b4e70dbba822b7a03fbd4a3) C:\Windows\system32\drivers\volmgr.sys
18:41:46.0105 6012	volmgr - ok
18:41:46.0151 6012	volmgrx         (99b0cbb569ca79acaed8c91461d765fb) C:\Windows\system32\drivers\volmgrx.sys
18:41:46.0167 6012	volmgrx - ok
18:41:46.0214 6012	volsnap         (58f82eed8ca24b461441f9c3e4f0bf5c) C:\Windows\system32\drivers\volsnap.sys
18:41:46.0229 6012	volsnap - ok
18:41:46.0276 6012	vsmraid         (5e2016ea6ebaca03c04feac5f330d997) C:\Windows\system32\drivers\vsmraid.sys
18:41:46.0307 6012	vsmraid - ok
18:41:46.0448 6012	VSNService      (a7eb62c664a03901165290a714bd48d0) C:\Program Files\Sony\VAIO Smart Network\VSNService.exe
18:41:46.0479 6012	VSNService ( UnsignedFile.Multi.Generic ) - warning
18:41:46.0479 6012	VSNService - detected UnsignedFile.Multi.Generic (1)
18:41:46.0557 6012	VSS             (787898bf9fb6d7bd87a36e2d95c899ba) C:\Windows\system32\vssvc.exe
18:41:46.0619 6012	VSS - ok
18:41:46.0760 6012	VUAgent         (d62d16e057be87f5b84a54d1b83822c4) C:\Program Files\Sony\VAIO Update Common\VUAgent.exe
18:41:46.0791 6012	VUAgent - ok
18:41:46.0885 6012	vwifibus        (36d4720b72b5c5d9cb2b9c29e9df67a1) C:\Windows\system32\DRIVERS\vwifibus.sys
18:41:46.0916 6012	vwifibus - ok
18:41:46.0947 6012	vwififlt        (6a3d66263414ff0d6fa754c646612f3f) C:\Windows\system32\DRIVERS\vwififlt.sys
18:41:46.0963 6012	vwififlt - ok
18:41:46.0994 6012	W32Time         (1c9d80cc3849b3788048078c26486e1a) C:\Windows\system32\w32time.dll
18:41:47.0041 6012	W32Time - ok
18:41:47.0072 6012	WacomPen        (4e9440f4f152a7b944cb1663d3935a3e) C:\Windows\system32\drivers\wacompen.sys
18:41:47.0103 6012	WacomPen - ok
18:41:47.0134 6012	WANARP          (47ca49400643effd3f1c9a27e1d69324) C:\Windows\system32\DRIVERS\wanarp.sys
18:41:47.0181 6012	WANARP - ok
18:41:47.0197 6012	Wanarpv6        (47ca49400643effd3f1c9a27e1d69324) C:\Windows\system32\DRIVERS\wanarp.sys
18:41:47.0228 6012	Wanarpv6 - ok
18:41:47.0290 6012	wbengine        (5ab1bb85bd8b5089cc5d64200dedae68) C:\Windows\system32\wbengine.exe
18:41:47.0353 6012	wbengine - ok
18:41:47.0384 6012	WbioSrvc        (3aa101e8edab2db4131333f4325c76a3) C:\Windows\System32\wbiosrvc.dll
18:41:47.0399 6012	WbioSrvc - ok
18:41:47.0431 6012	wcncsvc         (dd1bae8ebfc653824d29ccf8c9054d68) C:\Windows\System32\wcncsvc.dll
18:41:47.0477 6012	wcncsvc - ok
18:41:47.0509 6012	WcsPlugInService (20f7441334b18cee52027661df4a6129) C:\Windows\System32\WcsPlugInService.dll
18:41:47.0540 6012	WcsPlugInService - ok
18:41:47.0587 6012	Wd              (72889e16ff12ba0f235467d6091b17dc) C:\Windows\system32\drivers\wd.sys
18:41:47.0602 6012	Wd - ok
18:41:47.0649 6012	Wdf01000        (441bd2d7b4f98134c3a4f9fa570fd250) C:\Windows\system32\drivers\Wdf01000.sys
18:41:47.0696 6012	Wdf01000 - ok
18:41:47.0711 6012	WdiServiceHost  (bf1fc3f79b863c914687a737c2f3d681) C:\Windows\system32\wdi.dll
18:41:47.0743 6012	WdiServiceHost - ok
18:41:47.0758 6012	WdiSystemHost   (bf1fc3f79b863c914687a737c2f3d681) C:\Windows\system32\wdi.dll
18:41:47.0774 6012	WdiSystemHost - ok
18:41:47.0821 6012	WebClient       (733006127f235be7c35354ebee7b9a7b) C:\Windows\System32\webclnt.dll
18:41:47.0852 6012	WebClient - ok
18:41:47.0899 6012	Wecsvc          (c749025a679c5103e575e3b48e092c43) C:\Windows\system32\wecsvc.dll
18:41:47.0977 6012	Wecsvc - ok
18:41:47.0992 6012	wercplsupport   (7e591867422dc788b9e5bd337a669a08) C:\Windows\System32\wercplsupport.dll
18:41:48.0055 6012	wercplsupport - ok
18:41:48.0070 6012	WerSvc          (6d137963730144698cbd10f202e9f251) C:\Windows\System32\WerSvc.dll
18:41:48.0133 6012	WerSvc - ok
18:41:48.0195 6012	WfpLwf          (611b23304bf067451a9fdee01fbdd725) C:\Windows\system32\DRIVERS\wfplwf.sys
18:41:48.0273 6012	WfpLwf - ok
18:41:48.0304 6012	WIMMount        (05ecaec3e4529a7153b3136ceb49f0ec) C:\Windows\system32\drivers\wimmount.sys
18:41:48.0320 6012	WIMMount - ok
18:41:48.0351 6012	WinDefend - ok
18:41:48.0351 6012	WinHttpAutoProxySvc - ok
18:41:48.0429 6012	Winmgmt         (19b07e7e8915d701225da41cb3877306) C:\Windows\system32\wbem\WMIsvc.dll
18:41:48.0507 6012	Winmgmt - ok
18:41:48.0601 6012	WinRing0_1_2_0  (0c0195c48b6b8582fa6f6373032118da) C:\Users\S\AppData\Local\Microsoft\Windows Sidebar\Gadgets\IntelCoreSeries24.gadget\WinRing0x64.sys
18:41:48.0679 6012	WinRing0_1_2_0 - ok
18:41:48.0741 6012	WinRM           (41fbb751936b387f9179e7f03a74fe29) C:\Windows\system32\WsmSvc.dll
18:41:48.0835 6012	WinRM - ok
18:41:48.0944 6012	WinUsb          (817eaff5d38674edd7713b9dfb8e9791) C:\Windows\system32\DRIVERS\WinUsb.sys
18:41:48.0975 6012	WinUsb - ok
18:41:49.0022 6012	Wlansvc         (4fada86e62f18a1b2f42ba18ae24e6aa) C:\Windows\System32\wlansvc.dll
18:41:49.0069 6012	Wlansvc - ok
18:41:49.0100 6012	WmiAcpi         (f6ff8944478594d0e414d3f048f0d778) C:\Windows\system32\drivers\wmiacpi.sys
18:41:49.0131 6012	WmiAcpi - ok
18:41:49.0193 6012	wmiApSrv        (38b84c94c5a8af291adfea478ae54f93) C:\Windows\system32\wbem\WmiApSrv.exe
18:41:49.0240 6012	wmiApSrv - ok
18:41:49.0303 6012	WMPNetworkSvc - ok
18:41:49.0334 6012	WPCSvc          (96c6e7100d724c69fcf9e7bf590d1dca) C:\Windows\System32\wpcsvc.dll
18:41:49.0365 6012	WPCSvc - ok
18:41:49.0396 6012	WPDBusEnum      (2e57ddf2880a7e52e76f41c7e96d327b) C:\Windows\system32\wpdbusenum.dll
18:41:49.0427 6012	WPDBusEnum - ok
18:41:49.0490 6012	ws2ifsl         (6bcc1d7d2fd2453957c5479a32364e52) C:\Windows\system32\drivers\ws2ifsl.sys
18:41:49.0552 6012	ws2ifsl - ok
18:41:49.0583 6012	wscsvc          (8f9f3969933c02da96eb0f84576db43e) C:\Windows\System32\wscsvc.dll
18:41:49.0630 6012	wscsvc - ok
18:41:49.0646 6012	WSearch - ok
18:41:49.0739 6012	wuauserv        (38340204a2d0228f1e87740fc5e554a7) C:\Windows\system32\wuaueng.dll
18:41:49.0817 6012	wuauserv - ok
18:41:49.0895 6012	WudfPf          (7cadc74271dd6461c452c271b30bd378) C:\Windows\system32\drivers\WudfPf.sys
18:41:49.0958 6012	WudfPf - ok
18:41:49.0989 6012	WUDFRd          (3b197af0fff08aa66b6b2241ca538d64) C:\Windows\system32\DRIVERS\WUDFRd.sys
18:41:50.0083 6012	WUDFRd - ok
18:41:50.0114 6012	wudfsvc         (b551d6637aa0e132c18ac6e504f7b79b) C:\Windows\System32\WUDFSvc.dll
18:41:50.0161 6012	wudfsvc - ok
18:41:50.0192 6012	WwanSvc         (9a3452b3c2a46c073166c5cf49fad1ae) C:\Windows\System32\wwansvc.dll
18:41:50.0223 6012	WwanSvc - ok
18:41:50.0270 6012	yukonw7         (5250193ef8e173aa7491250f00eb367f) C:\Windows\system32\DRIVERS\yk62x64.sys
18:41:50.0285 6012	yukonw7 - ok
18:41:50.0332 6012	MBR (0x1B8)     (a36c5e4f47e84449ff07ed3517b43a31) \Device\Harddisk0\DR0
18:41:50.0519 6012	\Device\Harddisk0\DR0 - ok
18:41:50.0519 6012	Boot (0x1200)   (166f3974c1b00ef8ad1c2a6bdfafab78) \Device\Harddisk0\DR0\Partition0
18:41:50.0519 6012	\Device\Harddisk0\DR0\Partition0 - ok
18:41:50.0551 6012	Boot (0x1200)   (fdc314447f484821d0381c1e21131669) \Device\Harddisk0\DR0\Partition1
18:41:50.0551 6012	\Device\Harddisk0\DR0\Partition1 - ok
18:41:50.0566 6012	Boot (0x1200)   (c4ebd99878f2d197e8b0dc163cf881c4) \Device\Harddisk0\DR0\Partition2
18:41:50.0582 6012	\Device\Harddisk0\DR0\Partition2 - ok
18:41:50.0582 6012	============================================================
18:41:50.0582 6012	Scan finished
18:41:50.0582 6012	============================================================
18:41:50.0597 5804	Detected object count: 3
18:41:50.0597 5804	Actual detected object count: 3
18:41:59.0957 5804	igfx ( UnsignedFile.Multi.Generic ) - skipped by user
18:41:59.0957 5804	igfx ( UnsignedFile.Multi.Generic ) - User select action: Skip 
18:41:59.0957 5804	IntcDAud ( UnsignedFile.Multi.Generic ) - skipped by user
18:41:59.0957 5804	IntcDAud ( UnsignedFile.Multi.Generic ) - User select action: Skip 
18:41:59.0957 5804	VSNService ( UnsignedFile.Multi.Generic ) - skipped by user
18:41:59.0957 5804	VSNService ( UnsignedFile.Multi.Generic ) - User select action: Skip
         

Alt 02.04.2012, 20:10   #10
cosinus
/// Winkelfunktion
/// TB-Süch-Tiger™
 
vermeintlicher BKA-Trojaner - wirklich weg? - Standard

vermeintlicher BKA-Trojaner - wirklich weg?



Dann bitte jetzt CF ausführen:

ComboFix

Ein Leitfaden und Tutorium zur Nutzung von ComboFix
  • Schliesse alle Programme, vor allem dein Antivirenprogramm und andere Hintergrundwächter sowie deinen Internetbrowser.
  • Starte combofix.exe von deinem Desktop aus, bestätige die Warnmeldungen, führe die Updates durch (falls vorgeschlagen), installiere die Wiederherstellungskonsole (falls vorgeschlagen) und lass dein System durchsuchen.
    Vermeide es auch während Combofix läuft die Maus und Tastatur zu benutzen.
  • Im Anschluss öffnet sich automatisch eine combofix.txt, diesen Inhalt bitte kopieren ([Strg]a, [Strg]c) und in deinen Beitrag einfügen ([Strg]v). Die Datei findest du außerdem unter: C:\ComboFix.txt.
Wichtiger Hinweis:
Combofix darf ausschließlich ausgeführt werden, wenn ein Kompetenzler dies ausdrücklich empfohlen hat!

Es sollte nie auf eigene Initiative hin ausgeführt werden! Eine falsche Benutzung kann ernsthafte Computerprobleme nach sich ziehen und eine Bereinigung der Infektion noch erschweren.

Solltest du nach der Ausführung von Combofix Probleme beim Starten von Anwendungen haben und Meldungen erhalten wie

Zitat:
Es wurde versucht, einen Registrierungsschlüssel einem ungültigen Vorgang zu unterziehen, der zum Löschen markiert wurde.
startest du Windows dann manuell neu und die Fehlermeldungen sollten nicht mehr auftauchen.
__________________
"Die Wahrheit ist normalerweise nur eine Entschuldigung für einen Mangel an Fantasie." (Elim Garak)

Das Trojaner-Board unterstützen
Warum Linux besser als Windows ist!

Alt 02.04.2012, 20:29   #11
micha-sdh
 
vermeintlicher BKA-Trojaner - wirklich weg? - Standard

vermeintlicher BKA-Trojaner - wirklich weg?



auch das hab ich erledigt:
[code]
Combofix Logfile:
Code:
ATTFilter
ComboFix 12-04-01.03 - S 02.04.2012  21:19:21.1.4 - x64
Microsoft Windows 7 Home Premium   6.1.7600.0.1252.49.1031.18.3950.2591 [GMT 2:00]
ausgeführt von:: c:\users\S\Desktop\ComboFix.exe
AV: Avira Desktop *Disabled/Updated* {F67B4DE5-C0B4-6C3F-0EFF-6C83BD5D0C2C}
SP: Avira Desktop *Disabled/Updated* {4D1AAC01-E68E-63B1-344F-57F1C6DA4691}
SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
.
((((((((((((((((((((((((((((((((((((   Weitere Löschungen   ))))))))))))))))))))))))))))))))))))))))))))))))
.
.
C:\Install.exe
.
.
(((((((((((((((((((((((   Dateien erstellt von 2012-03-02 bis 2012-04-02  ))))))))))))))))))))))))))))))
.
.
2012-04-02 19:25 . 2012-04-02 19:25	--------	d-----w-	c:\users\Default\AppData\Local\temp
2012-04-02 19:23 . 2012-04-02 19:23	69000	----a-w-	c:\programdata\Microsoft\Windows Defender\Definition Updates\{88814F36-05F7-4673-A7FB-ABA3D5F84D0C}\offreg.dll
2012-04-02 14:57 . 2012-04-02 14:57	--------	d-----w-	C:\_OTL
2012-03-30 11:38 . 2012-03-14 03:27	8669240	----a-w-	c:\programdata\Microsoft\Windows Defender\Definition Updates\{88814F36-05F7-4673-A7FB-ABA3D5F84D0C}\mpengine.dll
2012-03-29 12:07 . 2012-03-29 12:07	--------	d-----w-	c:\program files (x86)\ESET
2012-03-29 09:49 . 2012-03-29 09:49	--------	d-----w-	c:\program files (x86)\Malwarebytes' Anti-Malware
2012-03-29 09:49 . 2011-12-10 13:24	23152	----a-w-	c:\windows\system32\drivers\mbam.sys
2012-03-26 21:00 . 2012-03-26 21:00	--------	d-----w-	c:\users\S\AppData\Roaming\Malwarebytes
2012-03-26 21:00 . 2012-03-26 21:00	--------	d-----w-	c:\programdata\Malwarebytes
2012-03-19 07:59 . 2012-03-19 07:59	592824	----a-w-	c:\program files (x86)\Mozilla Firefox\gkmedias.dll
2012-03-19 07:59 . 2012-03-19 07:59	44472	----a-w-	c:\program files (x86)\Mozilla Firefox\mozglue.dll
2012-03-18 17:52 . 2012-03-18 17:52	--------	d-----w-	c:\program files (x86)\PokerTH-0.9.3
2012-03-17 19:52 . 2012-03-17 19:53	--------	d-----w-	c:\users\S\AppData\Local\PokerStars
2012-03-17 19:52 . 2012-03-17 19:53	--------	d-----w-	c:\program files (x86)\PokerStars
2012-03-14 11:04 . 2011-11-19 18:30	5504880	----a-w-	c:\windows\system32\ntoskrnl.exe
2012-03-14 11:04 . 2011-11-19 14:25	3957616	----a-w-	c:\windows\SysWow64\ntkrnlpa.exe
2012-03-14 11:04 . 2011-11-19 14:25	3902320	----a-w-	c:\windows\SysWow64\ntoskrnl.exe
2012-03-14 09:33 . 2012-02-03 04:16	3143168	----a-w-	c:\windows\system32\win32k.sys
2012-03-14 09:33 . 2012-02-10 06:18	1541120	----a-w-	c:\windows\system32\DWrite.dll
2012-03-14 09:33 . 2012-02-10 05:41	1074176	----a-w-	c:\windows\SysWow64\DWrite.dll
2012-03-14 09:33 . 2012-02-10 06:17	1837568	----a-w-	c:\windows\system32\d3d10warp.dll
2012-03-14 09:33 . 2012-02-10 06:17	902656	----a-w-	c:\windows\system32\d2d1.dll
2012-03-14 09:33 . 2012-02-10 06:17	320512	----a-w-	c:\windows\system32\d3d10_1core.dll
2012-03-14 09:33 . 2012-02-10 06:17	197120	----a-w-	c:\windows\system32\d3d10_1.dll
2012-03-14 09:33 . 2012-02-10 05:41	218624	----a-w-	c:\windows\SysWow64\d3d10_1core.dll
2012-03-14 09:33 . 2012-02-10 05:41	161792	----a-w-	c:\windows\SysWow64\d3d10_1.dll
2012-03-14 09:33 . 2012-02-10 05:41	1170944	----a-w-	c:\windows\SysWow64\d3d10warp.dll
2012-03-14 09:33 . 2012-02-10 05:41	739840	----a-w-	c:\windows\SysWow64\d2d1.dll
2012-03-14 09:32 . 2012-02-15 06:27	1031680	----a-w-	c:\windows\system32\rdpcore.dll
2012-03-14 09:32 . 2012-02-15 05:44	826368	----a-w-	c:\windows\SysWow64\rdpcore.dll
2012-03-14 09:32 . 2012-02-15 04:47	204800	----a-w-	c:\windows\system32\drivers\rdpwd.sys
2012-03-14 09:32 . 2012-02-15 04:46	23552	----a-w-	c:\windows\system32\drivers\tdtcp.sys
2012-03-14 09:32 . 2012-01-25 06:27	76288	----a-w-	c:\windows\system32\rdpwsx.dll
2012-03-14 09:32 . 2012-01-25 06:27	149504	----a-w-	c:\windows\system32\rdpcorekmts.dll
2012-03-14 09:32 . 2012-01-25 06:20	9216	----a-w-	c:\windows\system32\rdrmemptylst.exe
.
.
.
((((((((((((((((((((((((((((((((((((   Find3M Bericht   ))))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2012-02-23 07:18 . 2011-01-03 16:14	279656	------w-	c:\windows\system32\MpSigStub.exe
2012-02-22 09:00 . 2011-05-19 19:40	414368	----a-w-	c:\windows\SysWow64\FlashPlayerCPLApp.cpl
2012-02-15 18:51 . 2011-10-19 12:19	132320	----a-w-	c:\windows\system32\drivers\avipbb.sys
2012-01-04 09:58 . 2012-02-15 18:37	509952	----a-w-	c:\windows\system32\ntshrui.dll
2012-01-04 09:03 . 2012-02-15 18:37	442880	----a-w-	c:\windows\SysWow64\ntshrui.dll
2006-05-03 10:06	163328	--sh--r-	c:\windows\SysWOW64\flvDX.dll
2007-02-21 11:47	31232	--sh--r-	c:\windows\SysWOW64\msfDX.dll
2008-03-16 13:30	216064	--sh--r-	c:\windows\SysWOW64\nbDX.dll
.
.
((((((((((((((((((((((((((((   Autostartpunkte der Registrierung   ))))))))))))))))))))))))))))))))))))))))
.
.
*Hinweis* leere Einträge & legitime Standardeinträge werden nicht angezeigt. 
REGEDIT4
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Sidebar"="c:\program files\Windows Sidebar\sidebar.exe" [2009-07-14 1475072]
"RocketDock"="c:\program files (x86)\RocketDock\RocketDock.exe" [2007-09-02 495616]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
"IAStorIcon"="c:\program files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe" [2010-03-04 284696]
"ISBMgr.exe"="c:\program files (x86)\Sony\ISB Utility\ISBMgr.exe" [2010-05-31 673136]
"StartCCC"="c:\program files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" [2010-09-20 102400]
"GrooveMonitor"="c:\program files (x86)\Microsoft Office\Office12\GrooveMonitor.exe" [2009-02-26 30040]
"avgnt"="c:\program files (x86)\Avira\AntiVir Desktop\avgnt.exe" [2011-10-11 258512]
"SunJavaUpdateSched"="c:\program files (x86)\Common Files\Java\Java Update\jusched.exe" [2011-06-09 254696]
"Adobe ARM"="c:\program files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2012-01-03 843712]
"Malwarebytes' Anti-Malware"="c:\program files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe" [2012-01-13 460872]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"EnableUIADesktopToggle"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MCODS]
@=""
.
R2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-03-18 130384]
R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-03-18 138576]
R2 gupdate;Google Update Service (gupdate);c:\program files (x86)\Google\Update\GoogleUpdate.exe [2010-07-28 136176]
R3 AdobeActiveFileMonitor8.0;Adobe Active File Monitor V8;c:\program files (x86)\Adobe\Elements Organizer 8.0\PhotoshopElementsFileAgent.exe [2009-10-09 169312]
R3 btwampfl;Bluetooth AMP USB Filter;c:\windows\system32\drivers\btwampfl.sys [x]
R3 btwl2cap;Bluetooth L2CAP Service;c:\windows\system32\DRIVERS\btwl2cap.sys [x]
R3 gupdatem;Google Update-Dienst (gupdatem);c:\program files (x86)\Google\Update\GoogleUpdate.exe [2010-07-28 136176]
R3 Impcd;Impcd;c:\windows\system32\DRIVERS\Impcd.sys [x]
R3 IntcDAud;Intel(R) Display Audio;c:\windows\system32\DRIVERS\IntcDAud.sys [x]
R3 SampleCollector;VAIO Care Performance Service;c:\program files\Sony\VAIO Care\VCPerfService.exe [2011-01-29 259192]
R3 VAIO Power Management;VAIO Power Management;c:\program files\Sony\VAIO Power Management\SPMService.exe [2010-06-21 575856]
R3 VSNService;VSNService;c:\program files\Sony\VAIO Smart Network\VSNService.exe [2010-06-08 836608]
R4 PMBDeviceInfoProvider;PMBDeviceInfoProvider;c:\program files (x86)\Sony\PMB\PMBDeviceInfoProvider.exe [2010-06-01 367456]
S0 PxHlpa64;PxHlpa64;c:\windows\System32\Drivers\PxHlpa64.sys [x]
S1 avkmgr;avkmgr;c:\windows\system32\DRIVERS\avkmgr.sys [x]
S1 vwififlt;Virtual WiFi Filter Driver;c:\windows\system32\DRIVERS\vwififlt.sys [x]
S2 AdobeARMservice;Adobe Acrobat Update Service;c:\program files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe [2012-01-03 63928]
S2 AMD External Events Utility;AMD External Events Utility;c:\windows\system32\atiesrxx.exe [x]
S2 AntiVirSchedulerService;Avira Planer;c:\program files (x86)\Avira\AntiVir Desktop\sched.exe [2011-10-11 86224]
S2 IAStorDataMgrSvc;Intel(R) Rapid Storage Technology;c:\program files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe [2010-03-04 13336]
S2 MBAMService;MBAMService;c:\program files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe [2012-01-13 652360]
S2 rimspci;rimspci;c:\windows\system32\drivers\rimssne64.sys [x]
S2 risdsnpe;risdsnpe;c:\windows\system32\drivers\risdsne64.sys [x]
S2 uCamMonitor;CamMonitor;c:\program files (x86)\ArcSoft\Magic-i Visual Effects 2\uCamMonitor.exe [2008-09-18 104960]
S2 UNS;Intel(R) Management & Security Application User Notification Service;c:\program files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe [2010-05-28 2320920]
S2 WinRing0_1_2_0;WinRing0_1_2_0;c:\users\S\AppData\Local\Microsoft\Windows Sidebar\Gadgets\IntelCoreSeries24.gadget\WinRing0x64.sys [2011-01-04 14544]
S3 amdkmdag;amdkmdag;c:\windows\system32\DRIVERS\atikmdag.sys [x]
S3 amdkmdap;amdkmdap;c:\windows\system32\DRIVERS\atikmpag.sys [x]
S3 ArcSoftKsUFilter;ArcSoft Magic-I Visual Effect;c:\windows\system32\DRIVERS\ArcSoftKsUFilter.sys [x]
S3 dtsoftbus01;DAEMON Tools Virtual Bus Driver;c:\windows\system32\DRIVERS\dtsoftbus01.sys [x]
S3 HECIx64;Intel(R) Management Engine Interface;c:\windows\system32\drivers\HECIx64.sys [x]
S3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [x]
S3 SFEP;Sony Firmware Extension Parser;c:\windows\system32\drivers\SFEP.sys [x]
S3 VCService;VCService;c:\program files\Sony\VAIO Care\VCService.exe [2011-02-14 44736]
S3 VUAgent;VUAgent;c:\program files\Sony\VAIO Update Common\VUAgent.exe [2011-10-27 1429608]
S3 yukonw7;NDIS6.2 Miniport Driver for Marvell Yukon Ethernet Controller;c:\windows\system32\DRIVERS\yk62x64.sys [x]
.
.
--- Andere Dienste/Treiber im Speicher ---
.
*NewlyCreated* - 53445547
*Deregistered* - 53445547
.
Inhalt des "geplante Tasks" Ordners
.
2012-04-02 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2010-07-28 11:35]
.
2012-04-02 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2010-07-28 11:35]
.
.
--------- x86-64 -----------
.
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows]
"LoadAppInit_DLLs"=0x0
.
------- Zusätzlicher Suchlauf -------
.
uLocal Page = c:\windows\system32\blank.htm
uStart Page = hxxp://www.spox.com/de/index.html
mLocal Page = c:\windows\SysWOW64\blank.htm
uInternet Settings,ProxyOverride = <local>
IE: Free YouTube Download - c:\users\S\AppData\Roaming\DVDVideoSoftIEHelpers\freeyoutubedownload.htm
IE: Free YouTube to MP3 Converter - c:\users\S\AppData\Roaming\DVDVideoSoftIEHelpers\freeyoutubetomp3converter.htm
IE: Google Sidewiki... - c:\program files (x86)\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_E11712C84EA7E12B.dll/cmsidewiki.html
IE: Nach Microsoft E&xel exportieren - c:\progra~2\MICROS~1\Office12\EXCEL.EXE/3000
IE: {{7578ADEA-D65F-4C89-A249-B1C88B6FFC20} - c:\program files (x86)\ICQ7.5\ICQ.exe
TCP: DhcpNameServer = 192.168.0.1
FF - ProfilePath - c:\users\S\AppData\Roaming\Mozilla\Firefox\Profiles\l062mb0m.default\
FF - prefs.js: browser.search.selectedEngine - Google
FF - prefs.js: browser.startup.homepage - hxxp://www.zeit.de/index
.
- - - - Entfernte verwaiste Registrierungseinträge - - - -
.
HKLM-Run-Apoint - c:\program files (x86)\Apoint\Apoint.exe
.
.
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\SampleCollector]
"ImagePath"="\"c:\program files\Sony\VAIO Care\VCPerfService.exe\" \"/service\" \"/sstates\" \"/sampleinterval=5000\" \"/procinterval=5\" \"/dllinterval=120\" \"/counter=\Processor(_Total)\% Processor Time:1/counter=\PhysicalDisk(_Total)\Disk Bytes/sec:1\" \"/counter=\Network Interface(*)\Bytes Total/sec:1\" \"/expandcounter=\Processor Information(*)\Processor Frequency:1\" \"/expandcounter=\Processor(*)\% Idle Time:1\" \"/expandcounter=\Processor(*)\% C1 Time:1\" \"/expandcounter=\Processor(*)\% C2 Time:1\" \"/expandcounter=\Processor(*)\% C3 Time:1\" \"/expandcounter=\Processor(*)\% Processor Time:1\" \"/directory=c:\programdata\Sony Corporation\VAIO Care\inteldata\""
.
--------------------- Gesperrte Registrierungsschluessel ---------------------
.
[HKEY_USERS\S-1-5-21-2356455393-4161031106-362288086-1000\Software\SecuROM\!CAUTION! NEVER A OR CHANGE ANY KEY*]
@Allowed: (Read) (RestrictedCode)
"??"=hex:97,06,98,7d,da,cc,42,48,1f,51,73,a2,7d,c1,12,c8,19,3e,40,e0,67,6d,fe,
   e9,0f,57,42,99,f8,b0,3e,94,84,4b,5b,95,42,6f,6e,b0,31,14,90,22,b3,73,3f,fa,\
"??"=hex:9e,1f,10,d0,08,67,e4,8b,6c,b9,b1,20,00,45,74,e2
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil11e_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\LocalServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil11e_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Shockwave Flash Object"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash11e.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]
@="0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]
@="ShockwaveFlash.ShockwaveFlash.10"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash11e.ocx, 1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="ShockwaveFlash.ShockwaveFlash"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Macromedia Flash Factory Object"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash11e.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]
@="FlashFactory.FlashFactory.1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash11e.ocx, 1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="FlashFactory.FlashFactory"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}]
@Denied: (A 2) (Everyone)
@="IFlashBroker4"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
Zeit der Fertigstellung: 2012-04-02  21:27:22
ComboFix-quarantined-files.txt  2012-04-02 19:27
.
Vor Suchlauf: 18 Verzeichnis(se), 168.344.805.376 Bytes frei
Nach Suchlauf: 23 Verzeichnis(se), 167.957.467.136 Bytes frei
.
- - End Of File - - 44ECF12291758C9EB31F3FDDF1F42D2A
         
--- --- ---

Alt 03.04.2012, 12:39   #12
cosinus
/// Winkelfunktion
/// TB-Süch-Tiger™
 
vermeintlicher BKA-Trojaner - wirklich weg? - Standard

vermeintlicher BKA-Trojaner - wirklich weg?



Downloade dir bitte aswMBR.exe und speichere die Datei auf deinem Desktop.

Hinweis: Bitte den Virenscanner abstellen bevor du aswMBR ausführst, denn v.a. Avira meldet darin oft einen Fehalalrm!
  • Starte die aswMBR.exe Vista und Win7 User aswMBR per Rechtsklick "als Administrator ausführen"
  • Das Tool wird dich fragen, ob Du mit der aktuellen Virendefinition von AVAST! dein System scannen willst. Beantworte diese Frage bitte mit Ja. (Sollte deine Firewall fragen, bitte den Zugriff auf das Internet zulassen) Der Download der Definitionen kann je nach Verbindung eine Weile dauern.
  • Klicke auf Scan.
  • Warte bitte bis Scan finished successfully im DOS Fenster steht.
  • Drücke auf Save Log und speichere diese auf dem Desktop.
Poste mir die aswMBR.txt in deiner nächsten Antwort. Wichtig: Drücke keinesfalls einen der Fix Buttons ohne Anweisung Hinweis: Sollte der Scan Button ausgeblendet sein, schließe das Tool und starte es erneut. Sollte es erneut nicht klappen teile mir das bitte mit.

Noch ein Hinweis: Sollte aswMBR abstürzen und es kommt eine Meldung wie "aswMBR.exe funktioniert nicht mehr", dann mach Folgendes:
Starte aswMBR neu, wähle unten links im Drop-Down-Menü (unten links im Fenster von aswMBR) bei "AV scan" (none) aus und klick nochmal auf den Scan-Button.
__________________
"Die Wahrheit ist normalerweise nur eine Entschuldigung für einen Mangel an Fantasie." (Elim Garak)

Das Trojaner-Board unterstützen
Warum Linux besser als Windows ist!

Alt 03.04.2012, 15:39   #13
micha-sdh
 
vermeintlicher BKA-Trojaner - wirklich weg? - Standard

vermeintlicher BKA-Trojaner - wirklich weg?



ok hier das ergebnis:
Code:
ATTFilter
aswMBR version 0.9.9.1665 Copyright(c) 2011 AVAST Software
Run date: 2012-04-03 16:36:01
-----------------------------
16:36:01.497    OS Version: Windows x64 6.1.7600 
16:36:01.497    Number of processors: 4 586 0x2505
16:36:01.498    ComputerName: S  UserName: S
16:36:02.471    Initialize success
16:36:35.803    AVAST engine download error: 0
16:36:49.896    Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\Ide\IAAStorageDevice-1
16:36:49.901    Disk 0 Vendor: SAMSUNG_ 2AC1 Size: 476940MB BusType: 3
16:36:49.925    Disk 0 MBR read successfully
16:36:49.930    Disk 0 MBR scan
16:36:49.934    Disk 0 Windows 7 default MBR code
16:36:49.946    Disk 0 Partition 1 00     27 Hidden NTFS WinRE NTFS        13645 MB offset 2048
16:36:49.961    Disk 0 Partition 2 80 (A) 07    HPFS/NTFS NTFS          100 MB offset 27947008
16:36:49.973    Disk 0 Partition 3 00     07    HPFS/NTFS NTFS       242239 MB offset 28151808
16:36:49.979    Disk 0 Partition - 00     0F Extended LBA            220953 MB offset 524259328
16:36:50.003    Disk 0 Partition 4 00     07    HPFS/NTFS NTFS       220952 MB offset 524261376
16:36:50.030    Disk 0 scanning C:\Windows\system32\drivers
16:36:57.035    Service scanning
16:37:13.757    Modules scanning
16:37:14.101    Disk 0 trace - called modules:
16:37:14.133    ntoskrnl.exe CLASSPNP.SYS disk.sys ACPI.sys iaStor.sys hal.dll 
16:37:14.142    1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0xfffffa800636a060]
16:37:14.150    3 CLASSPNP.SYS[fffff88001afa43f] -> nt!IofCallDriver -> [0xfffffa8003572760]
16:37:14.158    5 ACPI.sys[fffff88000eca781] -> nt!IofCallDriver -> \Device\Ide\IAAStorageDevice-1[0xfffffa800432b050]
16:37:14.165    Scan finished successfully
16:37:29.622    Disk 0 MBR has been saved successfully to "C:\Users\S\Desktop\MBR.dat"
16:37:29.627    The log file has been saved successfully to "C:\Users\S\Desktop\aswMBR.txt"
         

Alt 03.04.2012, 18:25   #14
cosinus
/// Winkelfunktion
/// TB-Süch-Tiger™
 
vermeintlicher BKA-Trojaner - wirklich weg? - Standard

vermeintlicher BKA-Trojaner - wirklich weg?



Sieht ok aus. Mach bitte zur Kontrolle Vollscans mit Malwarebytes und SUPERAntiSpyware und poste die Logs.
Denk dran beide Tools zu updaten vor dem Scan!!
__________________
"Die Wahrheit ist normalerweise nur eine Entschuldigung für einen Mangel an Fantasie." (Elim Garak)

Das Trojaner-Board unterstützen
Warum Linux besser als Windows ist!

Alt 07.04.2012, 10:35   #15
micha-sdh
 
vermeintlicher BKA-Trojaner - wirklich weg? - Standard

vermeintlicher BKA-Trojaner - wirklich weg?



ok. das beruhigt mich schonmal. hab die scans gemacht. kannst du vielleicht noch kurz schreiben, was der OTL-Fix bewirkt hat?

Code:
ATTFilter
SUPERAntiSpyware Scan Log
hxxp://www.superantispyware.com

Generated 04/05/2012 at 05:36 PM

Application Version : 5.0.1146

Core Rules Database Version : 8418
Trace Rules Database Version: 6230

Scan type       : Complete Scan
Total Scan Time : 02:09:49

Operating System Information
Windows 7 Home Premium 64-bit (Build 6.01.7600)
UAC On - Administrator

Memory items scanned      : 821
Memory threats detected   : 0
Registry items scanned    : 67810
Registry threats detected : 0
File items scanned        : 309417
File threats detected     : 79

Adware.Tracking Cookie
	C:\Users\S\AppData\Roaming\Microsoft\Windows\Cookies\CQX5AYNW.txt [ /adtech.de ]
	C:\Users\S\AppData\Roaming\Microsoft\Windows\Cookies\GKKOC3MH.txt [ /adbrite.com ]
	C:\Users\S\AppData\Roaming\Microsoft\Windows\Cookies\VTSVLW2E.txt [ /www.pornhub.com ]
	C:\Users\S\AppData\Roaming\Microsoft\Windows\Cookies\0YNGTJA4.txt [ /pornhub.com ]
	C:\Users\S\AppData\Roaming\Microsoft\Windows\Cookies\JM1K9BGO.txt [ /revsci.net ]
	C:\Users\S\AppData\Roaming\Microsoft\Windows\Cookies\K6SF26JU.txt [ /ad3.adfarm1.adition.com ]
	C:\Users\S\AppData\Roaming\Microsoft\Windows\Cookies\44ASRTUU.txt [ /mediaplex.com ]
	C:\Users\S\AppData\Roaming\Microsoft\Windows\Cookies\DK7M55J2.txt [ /doubleclick.net ]
	C:\Users\S\AppData\Roaming\Microsoft\Windows\Cookies\IM1AA08L.txt [ /sextracker.com ]
	C:\Users\S\AppData\Roaming\Microsoft\Windows\Cookies\U60L62KD.txt [ /atdmt.com ]
	C:\Users\S\AppData\Roaming\Microsoft\Windows\Cookies\LTVHI0PE.txt [ /ad.yieldmanager.com ]
	C:\Users\S\AppData\Roaming\Microsoft\Windows\Cookies\NC5IIPG2.txt [ /dyntracker.com ]
	C:\Users\S\AppData\Roaming\Microsoft\Windows\Cookies\7WP7J8SC.txt [ /ad.zanox.com ]
	C:\Users\S\AppData\Roaming\Microsoft\Windows\Cookies\MFVGW0RZ.txt [ /adviva.net ]
	C:\Users\S\AppData\Roaming\Microsoft\Windows\Cookies\BLJ1B1II.txt [ /specificclick.net ]
	C:\Users\S\AppData\Roaming\Microsoft\Windows\Cookies\2U83LI7H.txt [ /adfarm1.adition.com ]
	C:\Users\S\AppData\Roaming\Microsoft\Windows\Cookies\YBPWS30N.txt [ /smartadserver.com ]
	C:\Users\S\AppData\Roaming\Microsoft\Windows\Cookies\19OORGQL.txt [ /im.banner.t-online.de ]
	C:\Users\S\AppData\Roaming\Microsoft\Windows\Cookies\BTU65H3B.txt [ /invitemedia.com ]
	C:\Users\S\AppData\Roaming\Microsoft\Windows\Cookies\YD7W3ZAC.txt [ /zanox.com ]
	C:\Users\S\AppData\Roaming\Microsoft\Windows\Cookies\22P5RGUX.txt [ /fastclick.net ]
	C:\Users\S\AppData\Roaming\Microsoft\Windows\Cookies\23MKVTC9.txt [ /apmebf.com ]
	C:\Users\S\AppData\Roaming\Microsoft\Windows\Cookies\65OKUZ14.txt [ /tracking.quisma.com ]
	C:\Users\S\AppData\Roaming\Microsoft\Windows\Cookies\Y0S52TF1.txt [ /counter8.sextracker.com ]
	C:\USERS\S\Cookies\CQX5AYNW.txt [ Cookie:s@adtech.de/ ]
	C:\USERS\S\Cookies\GKKOC3MH.txt [ Cookie:s@adbrite.com/ ]
	C:\USERS\S\Cookies\VTSVLW2E.txt [ Cookie:s@www.pornhub.com/ ]
	C:\USERS\S\Cookies\0YNGTJA4.txt [ Cookie:s@pornhub.com/ ]
	C:\USERS\S\Cookies\JM1K9BGO.txt [ Cookie:s@revsci.net/ ]
	C:\USERS\S\Cookies\K6SF26JU.txt [ Cookie:s@ad3.adfarm1.adition.com/ ]
	C:\USERS\S\Cookies\44ASRTUU.txt [ Cookie:s@mediaplex.com/ ]
	C:\USERS\S\Cookies\IM1AA08L.txt [ Cookie:s@sextracker.com/ ]
	C:\USERS\S\Cookies\U60L62KD.txt [ Cookie:s@atdmt.com/ ]
	C:\USERS\S\Cookies\LTVHI0PE.txt [ Cookie:s@ad.yieldmanager.com/ ]
	C:\USERS\S\Cookies\NC5IIPG2.txt [ Cookie:s@dyntracker.com/ ]
	C:\USERS\S\Cookies\7WP7J8SC.txt [ Cookie:s@ad.zanox.com/ ]
	C:\USERS\S\Cookies\MFVGW0RZ.txt [ Cookie:s@adviva.net/ ]
	C:\USERS\S\Cookies\BLJ1B1II.txt [ Cookie:s@specificclick.net/ ]
	C:\USERS\S\Cookies\2U83LI7H.txt [ Cookie:s@adfarm1.adition.com/ ]
	C:\USERS\S\Cookies\YBPWS30N.txt [ Cookie:s@smartadserver.com/ ]
	C:\USERS\S\Cookies\19OORGQL.txt [ Cookie:s@im.banner.t-online.de/ ]
	C:\USERS\S\Cookies\22P5RGUX.txt [ Cookie:s@fastclick.net/ ]
	C:\USERS\S\Cookies\23MKVTC9.txt [ Cookie:s@apmebf.com/ ]
	C:\USERS\S\Cookies\65OKUZ14.txt [ Cookie:s@tracking.quisma.com/ ]
	secure-uk.imrworldwide.com [ C:\USERS\S\APPDATA\ROAMING\MACROMEDIA\FLASH PLAYER\#SHAREDOBJECTS\N9LY6MSS ]
	terrashop.traffective-tracking.com [ C:\USERS\S\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\L062MB0M.DEFAULT\COOKIES.SQLITE ]
	terrashop.traffective-tracking.com [ C:\USERS\S\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\L062MB0M.DEFAULT\COOKIES.SQLITE ]
	terrashop.traffective-tracking.com [ C:\USERS\S\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\L062MB0M.DEFAULT\COOKIES.SQLITE ]
	terrashop.traffective-tracking.com [ C:\USERS\S\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\L062MB0M.DEFAULT\COOKIES.SQLITE ]
	terrashop.traffective-tracking.com [ C:\USERS\S\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\L062MB0M.DEFAULT\COOKIES.SQLITE ]
	.histats.com [ C:\USERS\S\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\L062MB0M.DEFAULT\COOKIES.SQLITE ]
	.histats.com [ C:\USERS\S\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\L062MB0M.DEFAULT\COOKIES.SQLITE ]
	.yadro.ru [ C:\USERS\S\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\L062MB0M.DEFAULT\COOKIES.SQLITE ]
	.rambler.ru [ C:\USERS\S\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\L062MB0M.DEFAULT\COOKIES.SQLITE ]
	.rambler.ru [ C:\USERS\S\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\L062MB0M.DEFAULT\COOKIES.SQLITE ]
	.xiti.com [ C:\USERS\S\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\L062MB0M.DEFAULT\COOKIES.SQLITE ]
	www.etracker.de [ C:\USERS\S\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\L062MB0M.DEFAULT\COOKIES.SQLITE ]
	.imrworldwide.com [ C:\USERS\S\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\L062MB0M.DEFAULT\COOKIES.SQLITE ]
	.imrworldwide.com [ C:\USERS\S\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\L062MB0M.DEFAULT\COOKIES.SQLITE ]
	de.sitestat.com [ C:\USERS\S\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\L062MB0M.DEFAULT\COOKIES.SQLITE ]
	.premiumtv.122.2o7.net [ C:\USERS\S\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\L062MB0M.DEFAULT\COOKIES.SQLITE ]
	.guj.122.2o7.net [ C:\USERS\S\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\L062MB0M.DEFAULT\COOKIES.SQLITE ]
	de.sitestat.com [ C:\USERS\S\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\L062MB0M.DEFAULT\COOKIES.SQLITE ]
	.getclicky.com [ C:\USERS\S\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\L062MB0M.DEFAULT\COOKIES.SQLITE ]
	.static.getclicky.com [ C:\USERS\S\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\L062MB0M.DEFAULT\COOKIES.SQLITE ]
	in.getclicky.com [ C:\USERS\S\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\L062MB0M.DEFAULT\COOKIES.SQLITE ]
	de.sitestat.com [ C:\USERS\S\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\L062MB0M.DEFAULT\COOKIES.SQLITE ]
	de.sitestat.com [ C:\USERS\S\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\L062MB0M.DEFAULT\COOKIES.SQLITE ]
	statse.webtrendslive.com [ C:\USERS\S\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\L062MB0M.DEFAULT\COOKIES.SQLITE ]
	.deutschepostag.112.2o7.net [ C:\USERS\S\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\L062MB0M.DEFAULT\COOKIES.SQLITE ]
	.invitemedia.com [ C:\USERS\S\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\L062MB0M.DEFAULT\COOKIES.SQLITE ]
	.invitemedia.com [ C:\USERS\S\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\L062MB0M.DEFAULT\COOKIES.SQLITE ]
	.4stats.de [ C:\USERS\S\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\L062MB0M.DEFAULT\COOKIES.SQLITE ]
	.4stats.de [ C:\USERS\S\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\L062MB0M.DEFAULT\COOKIES.SQLITE ]
	.4stats.de [ C:\USERS\S\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\L062MB0M.DEFAULT\COOKIES.SQLITE ]
	.vogelservices.122.2o7.net [ C:\USERS\S\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\L062MB0M.DEFAULT\COOKIES.SQLITE ]
	www.etracker.de [ C:\USERS\S\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\L062MB0M.DEFAULT\COOKIES.SQLITE ]
	www.etracker.de [ C:\USERS\S\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\L062MB0M.DEFAULT\COOKIES.SQLITE ]
	.skydeutschland.122.2o7.net [ C:\USERS\S\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\L062MB0M.DEFAULT\COOKIES.SQLITE ]
         
Code:
ATTFilter
 Malwarebytes Anti-Malware  (Test) 1.60.1.1000
www.malwarebytes.org

Datenbank Version: v2012.04.07.02

Windows 7 x64 NTFS
Internet Explorer 9.0.8112.16421
S :: SCHWEDE [Administrator]

Schutz: Aktiviert

07.04.2012 10:17:59
mbam-log-2012-04-07 (10-17-59).txt

Art des Suchlaufs: Vollständiger Suchlauf
Aktivierte Suchlaufeinstellungen: Speicher | Autostart | Registrierung | Dateisystem | Heuristiks/Extra | HeuristiKs/Shuriken | PUP | PUM
Deaktivierte Suchlaufeinstellungen: P2P
Durchsuchte Objekte: 486268
Laufzeit: 1 Stunde(n), 43 Sekunde(n)

Infizierte Speicherprozesse: 0
(Keine bösartigen Objekte gefunden)

Infizierte Speichermodule: 0
(Keine bösartigen Objekte gefunden)

Infizierte Registrierungsschlüssel: 0
(Keine bösartigen Objekte gefunden)

Infizierte Registrierungswerte: 0
(Keine bösartigen Objekte gefunden)

Infizierte Dateiobjekte der Registrierung: 0
(Keine bösartigen Objekte gefunden)

Infizierte Verzeichnisse: 0
(Keine bösartigen Objekte gefunden)

Infizierte Dateien: 0
(Keine bösartigen Objekte gefunden)

(Ende)
         

Antwort

Themen zu vermeintlicher BKA-Trojaner - wirklich weg?
administrator, adobe, antivir, avg, avira, converter, dateisystem, downloader, error, explorer, fehlermeldung, firefox, format, gesperrt, heuristiks/extra, heuristiks/shuriken, hilfe!!, home, mozilla thunderbird, mp3, object, realtek, registry, scan, searchscopes, senden, software, system, trojaner, version=1.0, virus



Ähnliche Themen: vermeintlicher BKA-Trojaner - wirklich weg?


  1. AVG wirklich Trojaner entfernt (WIRKLICH DRINGEND!)
    Plagegeister aller Art und deren Bekämpfung - 16.01.2015 (19)
  2. Falsche Telekom E-Mail mit vermeintlicher Rechnung geöffnet. Virenscanner Kaspersky findet Trojaner
    Plagegeister aller Art und deren Bekämpfung - 28.11.2014 (12)
  3. Vista Home Premium: Email mit vermeintlicher Pay-Pal Mahnung geöffnet
    Log-Analyse und Auswertung - 07.09.2014 (17)
  4. Infektion nach Download vermeintlicher Vodafone Rechnung
    Plagegeister aller Art und deren Bekämpfung - 30.06.2014 (17)
  5. Anhang vermeintlicher Mahnungsmail geöffnet und evtl. Trojaner eingefangen - was nun?
    Plagegeister aller Art und deren Bekämpfung - 13.07.2013 (14)
  6. Vermeintlicher Zero-Day-Exploit für Plesk
    Nachrichten - 06.06.2013 (0)
  7. vermeintlicher GVU-Trojaner, Laptop gesperrt, 100€ innerhalb von 48
    Plagegeister aller Art und deren Bekämpfung - 24.02.2013 (6)
  8. Neuer GVU-Trojaner erpresst mit vermeintlicher Kinderpornografie
    Plagegeister aller Art und deren Bekämpfung - 30.01.2013 (6)
  9. GVU/BSI-Trojaner wirklich weg?
    Plagegeister aller Art und deren Bekämpfung - 04.01.2013 (5)
  10. vermeintlicher Bundestrojaner, wpbt0.dll[.ink]
    Log-Analyse und Auswertung - 29.12.2011 (11)
  11. nach vermeintlicher entfernung des BKA Trojaners jetzt anderes Problem
    Plagegeister aller Art und deren Bekämpfung - 28.12.2011 (8)
  12. Kein WLAN nach vermeintlicher Virenentfernung (Win XP)
    Plagegeister aller Art und deren Bekämpfung - 02.12.2011 (15)
  13. Vermeintlicher Patch für Internet Explorer enthielt Trojaner
    Nachrichten - 12.11.2010 (0)
  14. Vermeintlicher MBR RootKit (F-Secure)
    Plagegeister aller Art und deren Bekämpfung - 28.02.2009 (5)
  15. Nach vermeintlicher Desinfizierung PC sehr langsam --> noch Befallen?
    Log-Analyse und Auswertung - 26.12.2008 (2)
  16. PC nach vermeintlicher Reinigung langsam-> noch befallen?
    Mülltonne - 25.12.2008 (0)
  17. Wifi Sniff -> ein vermeintlicher Bot???
    Plagegeister aller Art und deren Bekämpfung - 19.07.2008 (4)

Zum Thema vermeintlicher BKA-Trojaner - wirklich weg? - Hallo Leute, vor 3 Tagen hab ich mir bei ner stinknormalen Google-Bildersuche den Trojaner eingefangen. Es erschien eine Fehlermeldung mit: "Ihr System wurde gesperrt" oder so ähnlich. Nach einer 50€-Gebühr - vermeintlicher BKA-Trojaner - wirklich weg?...
Archiv
Du betrachtest: vermeintlicher BKA-Trojaner - wirklich weg? auf Trojaner-Board

Search Engine Optimization by vBSEO ©2011, Crawlability, Inc.