Zurück   Trojaner-Board > Malware entfernen > Plagegeister aller Art und deren Bekämpfung

Plagegeister aller Art und deren Bekämpfung: Nach system security Virus nun Trojan.sirefef und trojan.small in windows/installer

Windows 7 Wenn Du nicht sicher bist, ob Du dir Malware oder Trojaner eingefangen hast, erstelle hier ein Thema. Ein Experte wird sich mit weiteren Anweisungen melden und Dir helfen die Malware zu entfernen oder Unerwünschte Software zu deinstallieren bzw. zu löschen. Bitte schildere dein Problem so genau wie möglich. Sollte es ein Trojaner oder Viren Problem sein wird ein Experte Dir bei der Beseitigug der Infektion helfen.

Antwort
Alt 15.06.2012, 16:24   #1
Ladybird
 
Nach system security Virus nun Trojan.sirefef und trojan.small in windows/installer - Pfeil

Nach system security Virus nun Trojan.sirefef und trojan.small in windows/installer



Hallo Leute,

Ich hoffe ihr könnt mir helfen.
Ich hatte vor einigen Tagen einen Virus auf meinem PC, der das erste mal auftrat nachdem ich Adobe Updates heruntergeladen habe (könnte das damit zusammenhängen, dass der Update-download vllt nur als solcher getarnt war?).
Der Virus war ein Programm namens System Security, welches sämtliche funktionen (Antivirenprogramme, Firefox, Systemwiederherstellung etc.) lahmlegte und mich aufforderte eine Software zu kaufen, die den PC angeblich wieder in ordnung bringen würde. Ich habe natürlich nichts gemacht.

Den Rechner habe ich zu einem Bekannten gegeben, der ihn angeblich wieder "Bereinigt" hat.

Der System Security Virus ist auch weg, zumindest läuft wieder alles normal.
Jetzt fängt aber mein Antivir sobald ich den Rechner einschalte wie wild zu piepen und meldet den Trojaner sirefef und small. Ich habe schon mehrere Virenscans durchgeführt aber alles hat nichts genützt.
Die Meldungen kommen immer wieder (das akustische signal von antivir habe ich jetzt ausgestellt).

Hier mal das log von Malwarebytes

Malwarebytes Anti-Malware (Test) 1.61.0.1400
www.malwarebytes.org

Datenbank Version: v2012.06.15.02

Windows Vista Service Pack 2 x86 NTFS
Internet Explorer 9.0.8112.16421
XXX :: XXX-PC [Administrator]

Schutz: Aktiviert

15.06.2012 10:02:33
mbam-log-2012-06-15 (13-59-01).txt

Art des Suchlaufs: Vollständiger Suchlauf
Aktivierte Suchlaufeinstellungen: Speicher | Autostart | Registrierung | Dateisystem | Heuristiks/Extra | HeuristiKs/Shuriken | PUP | PUM
Deaktivierte Suchlaufeinstellungen: P2P
Durchsuchte Objekte: 412706
Laufzeit: 3 Stunde(n), 50 Minute(n), 52 Sekunde(n)

Infizierte Speicherprozesse: 0
(Keine bösartigen Objekte gefunden)

Infizierte Speichermodule: 0
(Keine bösartigen Objekte gefunden)

Infizierte Registrierungsschlüssel: 0
(Keine bösartigen Objekte gefunden)

Infizierte Registrierungswerte: 0
(Keine bösartigen Objekte gefunden)

Infizierte Dateiobjekte der Registrierung: 0
(Keine bösartigen Objekte gefunden)

Infizierte Verzeichnisse: 0
(Keine bösartigen Objekte gefunden)

Infizierte Dateien: 4
C:\Users\XXX\AppData\Local\{04801163-c298-65bf-33d3-7ede2f924c70}\n (Rootkit.0Access) -> Keine Aktion durchgeführt.
C:\Windows\Installer\{04801163-c298-65bf-33d3-7ede2f924c70}\U\00000001.@ (Trojan.Small) -> Keine Aktion durchgeführt.
C:\Windows\Installer\{04801163-c298-65bf-33d3-7ede2f924c70}\U\80000000.@ (Trojan.Sirefef) -> Keine Aktion durchgeführt.
C:\Windows\Installer\{04801163-c298-65bf-33d3-7ede2f924c70}\U\800000cb.@ (Rootkit.0Access) -> Keine Aktion durchgeführt.

(Ende)


Und hier der GMER log, weil der das nicht anhängen will...
GMER Logfile:
Code:
ATTFilter
GMER 1.0.15.15641 - hxxp://www.gmer.net
Rootkit scan 2012-06-15 16:48:29
Windows 6.0.6002 Service Pack 2 Harddisk0\DR0 -> \Device\Ide\IAAStorageDevice-0 WDC_WD16 rev.04.0
Running: kzj0dl6w.exe; Driver: C:\Users\XXX\AppData\Local\Temp\uxdcakow.sys
 
 
---- System - GMER 1.0.15 ----
 
SSDT 8E54FFC6 ZwCreateSection
SSDT 8E54FFD0 ZwRequestWaitReplyPort
SSDT 8E54FFCB ZwSetContextThread
SSDT 8E54FFD5 ZwSetSecurityObject
SSDT 8E54FFDA ZwSystemDebugControl
SSDT 8E54FF67 ZwTerminateProcess
 
---- Kernel code sections - GMER 1.0.15 ----
 
.text ntkrnlpa.exe!KeSetEvent + 215 822F48D8 4 Bytes [C6, FF, 54, 8E]
.text ntkrnlpa.exe!KeSetEvent + 539 822F4BFC 4 Bytes [D0, FF, 54, 8E]
.text ntkrnlpa.exe!KeSetEvent + 56D 822F4C30 4 Bytes [CB, FF, 54, 8E]
.text ntkrnlpa.exe!KeSetEvent + 5D1 822F4C94 4 Bytes [D5, FF, 54, 8E]
.text ntkrnlpa.exe!KeSetEvent + 619 822F4CDC 4 Bytes [DA, FF, 54, 8E]
.text ... 
? System32\drivers\gxhjwci.sys Das System kann den angegebenen Pfad nicht finden. !
 
---- User code sections - GMER 1.0.15 ----
 
? C:\Windows\system32\services.exe[696] C:\Windows\system32\smss.exe image checksum mismatch; time/date stamp mismatch; unknown module: MSWSOCK.dll
 
---- Devices - GMER 1.0.15 ----
 
AttachedDevice \FileSystem\Ntfs \Ntfs SiWinAcc.sys (Windows Accelerator Driver/Silicon Image, Inc.)
AttachedDevice \Driver\kbdclass \Device\KeyboardClass0 Wdf01000.sys (WDF Dynamic/Microsoft Corporation)
AttachedDevice \FileSystem\fastfat \Fat fltmgr.sys (Microsoft Dateisystem-Filter-Manager/Microsoft Corporation)
 
---- Registry - GMER 1.0.15 ----
 
Reg HKLM\SYSTEM\CurrentControlSet\Services\BTHPORT\Parameters\Keys\0009dd50893a 
Reg HKLM\SYSTEM\CurrentControlSet\Services\BTHPORT\Parameters\Keys\0009dd50893a@00234529b845 0x9C 0x3E 0x57 0xCF ...
Reg HKLM\SYSTEM\CurrentControlSet\Services\BTHPORT\Parameters\Keys\0011f6052ef3 
Reg HKLM\SYSTEM\CurrentControlSet\Services\BTHPORT\Parameters\Keys\0011f6052ef3@0012ee23ce55 0x24 0x51 0xA8 0xFA ...
Reg HKLM\SYSTEM\ControlSet002\Services\BTHPORT\Parameters\Keys\0009dd50893a (not active ControlSet) 
Reg HKLM\SYSTEM\ControlSet002\Services\BTHPORT\Parameters\Keys\0009dd50893a@00234529b845 0x9C 0x3E 0x57 0xCF ...
Reg HKLM\SYSTEM\ControlSet002\Services\BTHPORT\Parameters\Keys\0011f6052ef3 (not active ControlSet) 
Reg HKLM\SYSTEM\ControlSet002\Services\BTHPORT\Parameters\Keys\0011f6052ef3@0012ee23ce55 0x24 0x51 0xA8 0xFA ...
Reg HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Media Center\Service\Scheduler@Heartbeat 0xA0 0x06 0x06 0x4F ...
Reg HKLM\SOFTWARE\Classes\CLSID\{B6A930A0-A4F5-43A5-9B4E-6189A6C2B9E8}@c!s!f!`!j!`!m!`!\22!t!t!r!j!r!s!f! 19583823
 
---- EOF - GMER 1.0.15 ----
         
--- --- ---




Die anderen logs sind angehängt. defogger funktioniert übrigens nicht.
Nachdem er fertig ist kommt keine Aufforderung zum Neustart und ein Logfile kann ich auch nicht finden.

kann mir denn niemand helfen? oder fehlt noch irgendwas (informationen)?
Angehängte Dateien
Dateityp: txt OTL.Txt (87,7 KB, 186x aufgerufen)
Dateityp: txt Extras.Txt (37,8 KB, 175x aufgerufen)

Alt 18.06.2012, 12:55   #2
cosinus
/// Winkelfunktion
/// TB-Süch-Tiger™
 
Nach system security Virus nun Trojan.sirefef und trojan.small in windows/installer - Standard

Nach system security Virus nun Trojan.sirefef und trojan.small in windows/installer



Zitat:
Keine Aktion durchgeführt.
-> No action taken.
Die Funde müssen mit Malwarebytes entfernt waren! Bitte nachholen falls noch nicht getan!
__________________

__________________

Alt 19.06.2012, 12:51   #3
Ladybird
 
Nach system security Virus nun Trojan.sirefef und trojan.small in windows/installer - Standard

Nach system security Virus nun Trojan.sirefef und trojan.small in windows/installer



doch, natürlich habe ich das dann gemacht einige Male sogar. Aber sie ließen sich leider nicht löschen und auch die Quarantäne bei Antivir funzt nicht bzw. bringt nichts. Antivir piept ununterbrochen weiter und zeigt immer wieder die Funde an.
__________________

Alt 19.06.2012, 13:00   #4
cosinus
/// Winkelfunktion
/// TB-Süch-Tiger™
 
Nach system security Virus nun Trojan.sirefef und trojan.small in windows/installer - Standard

Nach system security Virus nun Trojan.sirefef und trojan.small in windows/installer



Dann poste bitte auch die Logs dazu!
Von Malwarebytes und AntiVir
__________________
"Die Wahrheit ist normalerweise nur eine Entschuldigung für einen Mangel an Fantasie." (Elim Garak)

Das Trojaner-Board unterstützen
Warum Linux besser als Windows ist!

Alt 19.06.2012, 13:03   #5
Ladybird
 
Nach system security Virus nun Trojan.sirefef und trojan.small in windows/installer - Standard

Nach system security Virus nun Trojan.sirefef und trojan.small in windows/installer



kann ich leider erst Donnerstag machen, weil ich dann erst wieder an den Rechner komme. Aber wird gemacht


Alt 22.06.2012, 11:45   #6
Ladybird
 
Nach system security Virus nun Trojan.sirefef und trojan.small in windows/installer - Standard

Nach system security Virus nun Trojan.sirefef und trojan.small in windows/installer



sooo ich habe jetzt alles über Malwasrebytes entfernt, aber die Meldungen kommen nach wie vor. Hier der log:

Datenbank Version: v2012.06.21.08

Windows Vista Service Pack 2 x86 NTFS
Internet Explorer 9.0.8112.16421
XXX :: XXX-PC [Administrator]

Schutz: Aktiviert

22.06.2012 08:08:07
mbam-log-2012-06-22 (08-08-07).txt

Art des Suchlaufs: Vollständiger Suchlauf
Aktivierte Suchlaufeinstellungen: Speicher | Autostart | Registrierung | Dateisystem | Heuristiks/Extra | HeuristiKs/Shuriken | PUP | PUM
Deaktivierte Suchlaufeinstellungen: P2P
Durchsuchte Objekte: 418432
Laufzeit: 3 Stunde(n), 47 Minute(n), 48 Sekunde(n)

Infizierte Speicherprozesse: 0
(Keine bösartigen Objekte gefunden)

Infizierte Speichermodule: 0
(Keine bösartigen Objekte gefunden)

Infizierte Registrierungsschlüssel: 0
(Keine bösartigen Objekte gefunden)

Infizierte Registrierungswerte: 0
(Keine bösartigen Objekte gefunden)

Infizierte Dateiobjekte der Registrierung: 0
(Keine bösartigen Objekte gefunden)

Infizierte Verzeichnisse: 0
(Keine bösartigen Objekte gefunden)

Infizierte Dateien: 3
C:\Windows\Installer\{04801163-c298-65bf-33d3-7ede2f924c70}\U\00000001.@ (Trojan.Small) -> Erfolgreich gelöscht und in Quarantäne gestellt.
C:\Windows\Installer\{04801163-c298-65bf-33d3-7ede2f924c70}\U\80000000.@ (Trojan.Sirefef) -> Erfolgreich gelöscht und in Quarantäne gestellt.
C:\Windows\Installer\{04801163-c298-65bf-33d3-7ede2f924c70}\U\800000cb.@ (Rootkit.0Access) -> Erfolgreich gelöscht und in Quarantäne gestellt.

(Ende)



Antivir scannt grade noch...

Hier nochmal der protection log von MB, falls ihr damit auch was anfangen könnt


2012/06/22 08:04:03 +0200 XXX-PC XXX MESSAGE Starting protection
2012/06/22 08:04:10 +0200 XXX-PC XXX MESSAGE Protection started successfully
2012/06/22 08:04:13 +0200 XXX-PC XXX MESSAGE Starting IP protection
2012/06/22 08:04:13 +0200 XXX-PC XXX ERROR IP protection failed: FwpmEngineOpen0 failed with error code 1753
2012/06/22 08:10:13 +0200 XXX-PC XXX DETECTION C:\Windows\Installer\{04801163-c298-65bf-33d3-7ede2f924c70}\U\80000000.@ Trojan.Sirefef QUARANTINE
2012/06/22 08:10:18 +0200 XXX-PC XXX DETECTION C:\Windows\Installer\{04801163-c298-65bf-33d3-7ede2f924c70}\U\800000cb.@ Rootkit.0Access QUARANTINE
2012/06/22 08:14:08 +0200 XXX-PC XXX DETECTION C:\Windows\Installer\{04801163-c298-65bf-33d3-7ede2f924c70}\U\80000000.@ Trojan.Sirefef DENY
2012/06/22 08:14:09 +0200 XXX-PC XXX DETECTION C:\Windows\Installer\{04801163-c298-65bf-33d3-7ede2f924c70}\U\800000cb.@ Rootkit.0Access DENY
2012/06/22 10:36:57 +0200 XXX-PC XXX DETECTION C:\Windows\Installer\{04801163-c298-65bf-33d3-7ede2f924c70}\U\800000cb.@ Rootkit.0Access DENY
2012/06/22 12:35:42 +0200 XXX-PC XXX MESSAGE Starting protection
2012/06/22 12:35:43 +0200 XXX-PC XXX MESSAGE Executing scheduled update: Daily
2012/06/22 12:35:49 +0200 XXX-PC XXX MESSAGE Protection started successfully
2012/06/22 12:35:52 +0200 XXX-PC XXX MESSAGE Starting IP protection
2012/06/22 12:35:52 +0200 XXX-PC XXX ERROR IP protection failed: FwpmEngineOpen0 failed with error code 1753
2012/06/22 12:36:09 +0200 XXX-PC XXX MESSAGE Starting database refresh
2012/06/22 12:36:09 +0200 XXX-PC XXX MESSAGE Scheduled update executed successfully: database updated from version v2012.06.21.08 to version v2012.06.22.04
2012/06/22 12:36:16 +0200 XXX-PC XXX MESSAGE Database refreshed successfully
2012/06/22 12:37:48 +0200 XXX-PC XXX DETECTION C:\Windows\Installer\{04801163-c298-65bf-33d3-7ede2f924c70}\U\00000001.@ Trojan.Small QUARANTINE
2012/06/22 12:42:21 +0200 XXX-PC XXX DETECTION C:\Windows\Installer\{04801163-c298-65bf-33d3-7ede2f924c70}\U\00000001.@ Trojan.Small DENY
2012/06/22 12:42:26 +0200 XXX-PC XXX DETECTION C:\Windows\Installer\{04801163-c298-65bf-33d3-7ede2f924c70}\U\800000cb.@ Rootkit.0Access QUARANTINE
2012/06/22 12:42:49 +0200 XXX-PC XXX DETECTION C:\Windows\Installer\{04801163-c298-65bf-33d3-7ede2f924c70}\U\00000001.@ Trojan.Small DENY
2012/06/22 12:42:49 +0200 XXX-PC XXX DETECTION C:\Windows\Installer\{04801163-c298-65bf-33d3-7ede2f924c70}\U\00000001.@ Trojan.Small DENY
2012/06/22 12:46:47 +0200 XXX-PC XXX DETECTION C:\Windows\Installer\{04801163-c298-65bf-33d3-7ede2f924c70}\U\800000cb.@ Rootkit.0Access DENY

Geändert von Ladybird (22.06.2012 um 11:53 Uhr)

Alt 22.06.2012, 12:39   #7
cosinus
/// Winkelfunktion
/// TB-Süch-Tiger™
 
Nach system security Virus nun Trojan.sirefef und trojan.small in windows/installer - Standard

Nach system security Virus nun Trojan.sirefef und trojan.small in windows/installer



Führ bitte auch ESET aus, danach sehen wir weiter:

Hinweis: ESET zeigt durchaus öfter ein paar Fehlalarme. Deswegen soll auch von ESET immer nur erst das Log gepostet und nichts entfernt werden.

ESET Online Scanner


Bitte während der Online-Scans evtl. vorhandene externe Festplatten einschalten! Bitte während der Scans alle Hintergrundwächter (Anti-Virus-Programm, Firewall, Skriptblocking und ähnliches) abstellen und nicht vergessen, alles hinterher wieder einzuschalten.
  • Anmerkung für Vista und Win7 User: Bitte den Browser unbedingt so öffnen: per Rechtsklick => als Administrator ausführen
  • Dein Anti-Virus-Programm während des Scans deaktivieren.

    Button (<< klick) drücken.
    • Firefox-User:
      Bitte esetsmartinstaller_enu.exe downloaden.Das Firefox-Addon auf dem Desktop speichern und dann installieren.
    • IE-User:
      müssen das Installieren eines ActiveX Elements erlauben.
  • Setze den einen Haken bei Yes, i accept the Terms of Use.
  • Drücke den Button.
  • Warte bis die Komponenten herunter geladen wurden.
  • Setze einen Haken bei "Scan archives".
  • Gehe sicher das bei Remove Found Threats kein Hacken gesetzt ist.
  • drücken.
  • Die Signaturen werden herunter geladen.Der Scan beginnt automatisch.
Wenn der Scan beendet wurde
  • Klicke Finish.
  • Browser schließen.
Drücke bitte die + R Taste und kopiere folgenden Text in das Ausführen Fenster.
Code:
ATTFilter
"%PROGRAMFILES%\Eset\Eset Online Scanner\log.txt"
         
Hinweis: Falls du ein 64-Bit-Windows einsetzt, lautet der Pfad so:

Code:
ATTFilter
"%PROGRAMFILES(X86)%\Eset\Eset Online Scanner\log.txt"
         
Poste nun den Inhalt der log.txt.
__________________
"Die Wahrheit ist normalerweise nur eine Entschuldigung für einen Mangel an Fantasie." (Elim Garak)

Das Trojaner-Board unterstützen
Warum Linux besser als Windows ist!

Alt 22.06.2012, 14:37   #8
Ladybird
 
Nach system security Virus nun Trojan.sirefef und trojan.small in windows/installer - Standard

Nach system security Virus nun Trojan.sirefef und trojan.small in windows/installer



Hier erstmal der Antivir log:

Avira Free Antivirus
Erstellungsdatum der Reportdatei: Freitag, 22. Juni 2012 12:40

Es wird nach 3858896 Virenstämmen gesucht.

Das Programm läuft als uneingeschränkte Vollversion.
Online-Dienste stehen zur Verfügung.

Lizenznehmer : Avira AntiVir Personal - Free Antivirus
Seriennummer : 0000149996-ADJIE-0000001
Plattform : Windows Vista (TM) Home Premium
Windowsversion : (Service Pack 2) [6.0.6002]
Boot Modus : Normal gebootet
Benutzername : XXX
Computername : XXX-PC

Versionsinformationen:
BUILD.DAT : 12.0.0.1125 Bytes 02.05.2012 16:34:00
AVSCAN.EXE : 12.3.0.15 466896 Bytes 01.05.2012 22:48:48
AVSCAN.DLL : 12.3.0.15 66256 Bytes 02.05.2012 00:02:50
LUKE.DLL : 12.3.0.15 68304 Bytes 01.05.2012 23:31:47
AVSCPLR.DLL : 12.3.0.14 97032 Bytes 01.05.2012 22:13:36
AVREG.DLL : 12.3.0.17 232200 Bytes 15.06.2012 06:46:36
VBASE000.VDF : 7.10.0.0 19875328 Bytes 06.11.2009 18:18:34
VBASE001.VDF : 7.11.0.0 13342208 Bytes 14.12.2010 23:22:12
VBASE002.VDF : 7.11.19.170 14374912 Bytes 20.12.2011 23:31:36
VBASE003.VDF : 7.11.21.238 4472832 Bytes 01.02.2012 09:58:50
VBASE004.VDF : 7.11.26.44 4329472 Bytes 28.03.2012 10:43:53
VBASE005.VDF : 7.11.29.136 2166272 Bytes 10.05.2012 06:45:59
VBASE006.VDF : 7.11.29.137 2048 Bytes 10.05.2012 06:45:59
VBASE007.VDF : 7.11.29.138 2048 Bytes 10.05.2012 06:46:00
VBASE008.VDF : 7.11.29.139 2048 Bytes 10.05.2012 06:46:00
VBASE009.VDF : 7.11.29.140 2048 Bytes 10.05.2012 06:46:00
VBASE010.VDF : 7.11.29.141 2048 Bytes 10.05.2012 06:46:00
VBASE011.VDF : 7.11.29.142 2048 Bytes 10.05.2012 06:46:00
VBASE012.VDF : 7.11.29.143 2048 Bytes 10.05.2012 06:46:00
VBASE013.VDF : 7.11.29.144 2048 Bytes 10.05.2012 06:46:00
VBASE014.VDF : 7.11.30.3 198144 Bytes 14.05.2012 06:46:00
VBASE015.VDF : 7.11.30.69 186368 Bytes 17.05.2012 06:46:02
VBASE016.VDF : 7.11.30.143 223744 Bytes 21.05.2012 06:46:04
VBASE017.VDF : 7.11.30.207 287744 Bytes 23.05.2012 06:46:06
VBASE018.VDF : 7.11.31.57 188416 Bytes 28.05.2012 06:46:08
VBASE019.VDF : 7.11.31.111 214528 Bytes 30.05.2012 06:46:08
VBASE020.VDF : 7.11.31.151 116736 Bytes 31.05.2012 06:46:09
VBASE021.VDF : 7.11.31.205 134144 Bytes 03.06.2012 06:46:10
VBASE022.VDF : 7.11.32.9 169472 Bytes 05.06.2012 06:46:10
VBASE023.VDF : 7.11.32.85 155648 Bytes 08.06.2012 06:46:11
VBASE024.VDF : 7.11.32.133 127488 Bytes 11.06.2012 06:46:12
VBASE025.VDF : 7.11.32.171 182784 Bytes 12.06.2012 06:46:12
VBASE026.VDF : 7.11.32.251 119296 Bytes 14.06.2012 06:46:13
VBASE027.VDF : 7.11.33.83 159232 Bytes 18.06.2012 18:34:33
VBASE028.VDF : 7.11.33.84 2048 Bytes 18.06.2012 18:34:35
VBASE029.VDF : 7.11.33.85 2048 Bytes 18.06.2012 18:34:35
VBASE030.VDF : 7.11.33.86 2048 Bytes 18.06.2012 18:34:35
VBASE031.VDF : 7.11.33.166 159744 Bytes 21.06.2012 18:34:56
Engineversion : 8.2.10.96
AEVDF.DLL : 8.1.2.8 106867 Bytes 15.06.2012 06:46:33
AESCRIPT.DLL : 8.1.4.28 455035 Bytes 21.06.2012 18:37:06
AESCN.DLL : 8.1.8.2 131444 Bytes 16.02.2012 16:11:36
AESBX.DLL : 8.2.5.12 606578 Bytes 15.06.2012 06:46:34
AERDL.DLL : 8.1.9.15 639348 Bytes 20.01.2012 23:21:32
AEPACK.DLL : 8.2.16.22 807288 Bytes 21.06.2012 18:37:02
AEOFFICE.DLL : 8.1.2.38 201083 Bytes 21.06.2012 18:36:45
AEHEUR.DLL : 8.1.4.52 4923767 Bytes 21.06.2012 18:36:38
AEHELP.DLL : 8.1.21.0 254326 Bytes 15.06.2012 06:46:16
AEGEN.DLL : 8.1.5.30 422261 Bytes 15.06.2012 06:46:16
AEEXP.DLL : 8.1.0.54 82293 Bytes 21.06.2012 18:37:07
AEEMU.DLL : 8.1.3.0 393589 Bytes 20.01.2012 23:21:29
AECORE.DLL : 8.1.25.10 201080 Bytes 15.06.2012 06:46:15
AEBB.DLL : 8.1.1.0 53618 Bytes 20.01.2012 23:21:28
AVWINLL.DLL : 12.3.0.15 27344 Bytes 01.05.2012 22:59:21
AVPREF.DLL : 12.3.0.15 51920 Bytes 01.05.2012 22:44:31
AVREP.DLL : 12.3.0.15 179208 Bytes 01.05.2012 22:13:35
AVARKT.DLL : 12.3.0.15 211408 Bytes 01.05.2012 22:21:32
AVEVTLOG.DLL : 12.3.0.15 169168 Bytes 01.05.2012 22:28:49
SQLITE3.DLL : 3.7.0.1 398288 Bytes 16.04.2012 21:11:02
AVSMTP.DLL : 12.3.0.15 63440 Bytes 01.05.2012 22:51:35
NETNT.DLL : 12.3.0.15 17104 Bytes 01.05.2012 23:33:29
RCIMAGE.DLL : 12.3.0.15 4447952 Bytes 02.05.2012 00:03:51
RCTEXT.DLL : 12.3.0.15 98512 Bytes 02.05.2012 00:03:51

Konfiguration für den aktuellen Suchlauf:
Job Name..............................: Schnelle Systemprüfung
Konfigurationsdatei...................: C:\Program Files\Avira\AntiVir Desktop\quicksysscan.avp
Protokollierung.......................: standard
Primäre Aktion........................: interaktiv
Sekundäre Aktion......................: ignorieren
Durchsuche Masterbootsektoren.........: ein
Durchsuche Bootsektoren...............: ein
Bootsektoren..........................: C:,
Durchsuche aktive Programme...........: ein
Durchsuche Registrierung..............: ein
Suche nach Rootkits...................: aus
Integritätsprüfung von Systemdateien..: aus
Datei Suchmodus.......................: Intelligente Dateiauswahl
Durchsuche Archive....................: ein
Rekursionstiefe einschränken..........: 20
Archiv Smart Extensions...............: ein
Makrovirenheuristik...................: ein
Dateiheuristik........................: erweitert

Beginn des Suchlaufs: Freitag, 22. Juni 2012 12:40

Der Suchlauf über die Masterbootsektoren wird begonnen:
Masterbootsektor HD0
[INFO] Es wurde kein Virus gefunden!
[INFO] Bitte starten Sie den Suchlauf erneut mit Administratorrechten
Masterbootsektor HD1
[INFO] Es wurde kein Virus gefunden!

Der Suchlauf über die Bootsektoren wird begonnen:
Bootsektor 'C:\'
[INFO] Es wurde kein Virus gefunden!
[INFO] Bitte starten Sie den Suchlauf erneut mit Administratorrechten

Der Suchlauf über gestartete Prozesse wird begonnen:
Durchsuche Prozess 'firefox.exe' - '1' Modul(e) wurden durchsucht
Durchsuche Prozess 'avscan.exe' - '1' Modul(e) wurden durchsucht
Durchsuche Prozess 'wuauclt.exe' - '1' Modul(e) wurden durchsucht
Durchsuche Prozess 'epmworker.exe' - '1' Modul(e) wurden durchsucht
Durchsuche Prozess 'Generic.exe' - '1' Modul(e) wurden durchsucht
Durchsuche Prozess 'ehmsas.exe' - '1' Modul(e) wurden durchsucht
Durchsuche Prozess 'soffice.bin' - '1' Modul(e) wurden durchsucht
Durchsuche Prozess 'soffice.exe' - '1' Modul(e) wurden durchsucht
Durchsuche Prozess 'ehtray.exe' - '1' Modul(e) wurden durchsucht
Durchsuche Prozess 'sidebar.exe' - '1' Modul(e) wurden durchsucht
Durchsuche Prozess 'mbamgui.exe' - '1' Modul(e) wurden durchsucht
Durchsuche Prozess 'avgnt.exe' - '1' Modul(e) wurden durchsucht
Durchsuche Prozess 'jusched.exe' - '1' Modul(e) wurden durchsucht
Durchsuche Prozess 'GrooveMonitor.exe' - '1' Modul(e) wurden durchsucht
Durchsuche Prozess 'wmdSync.exe' - '1' Modul(e) wurden durchsucht
Durchsuche Prozess 'Application Launcher.exe' - '1' Modul(e) wurden durchsucht
Durchsuche Prozess 'igfxsrvc.exe' - '1' Modul(e) wurden durchsucht
Durchsuche Prozess 'igfxpers.exe' - '1' Modul(e) wurden durchsucht
Durchsuche Prozess 'hkcmd.exe' - '1' Modul(e) wurden durchsucht
Durchsuche Prozess 'igfxtray.exe' - '1' Modul(e) wurden durchsucht
Durchsuche Prozess 'WButton.exe' - '1' Modul(e) wurden durchsucht
Durchsuche Prozess 'OSD.exe' - '1' Modul(e) wurden durchsucht
Durchsuche Prozess 'HotkeyApp.exe' - '1' Modul(e) wurden durchsucht
Durchsuche Prozess 'LaunchAp.exe' - '1' Modul(e) wurden durchsucht
Durchsuche Prozess 'SynTPStart.exe' - '1' Modul(e) wurden durchsucht
Durchsuche Prozess 'IAAnotif.exe' - '1' Modul(e) wurden durchsucht
Durchsuche Prozess 'mobsync.exe' - '1' Modul(e) wurden durchsucht
Durchsuche Prozess 'Explorer.EXE' - '1' Modul(e) wurden durchsucht
Durchsuche Prozess 'taskeng.exe' - '1' Modul(e) wurden durchsucht
Durchsuche Prozess 'Dwm.exe' - '1' Modul(e) wurden durchsucht

Der Suchlauf auf Verweise zu ausführbaren Dateien (Registry) wird begonnen:
Die Registry wurde durchsucht ( '4543' Dateien ).


Der Suchlauf über die ausgewählten Dateien wird begonnen:

Beginne mit der Suche in 'C:\Users\XXX'
C:\Users\XXX\AppData\Local\Temp\OCS\Downloads\7359c314ded3778c6ecc815e86a1b6f3\060afc8a563aaccd288f98b7c8723b61\icq_status_checker.zip
[WARNUNG] Die komprimierten Daten sind fehlerhaft
C:\Users\XXX\AppData\Local\Temp\OCS\Downloads\7359c314ded3778c6ecc815e86a1b6f3\060afc8a563aaccd288f98b7c8723b61\icq_status_checker\ICQ Status Checker 1.8 Setup.exe
[WARNUNG] Die komprimierten Daten sind fehlerhaft
C:\Users\XXX\AppData\Local\Temp\OCS\Downloads\7359c314ded3778c6ecc815e86a1b6f3\3ac48664b7886cf4e4ab4aba7e6b6bc9\icq_contact_revealer.zip
[WARNUNG] Die komprimierten Daten sind fehlerhaft
C:\Users\XXX\AppData\Local\Temp\OCS\Downloads\7359c314ded3778c6ecc815e86a1b6f3\3ac48664b7886cf4e4ab4aba7e6b6bc9\icq_contact_revealer\ICQ Contact Revealer 1.1 Setup.exe
[WARNUNG] Die komprimierten Daten sind fehlerhaft
C:\Users\XXX\Documents\Mein Geld\MeinGeld.mgz
[WARNUNG] Die Datei ist kennwortgeschützt
C:\Users\XXX\Documents\Mein Geld\Backup\MeinGeld~1.mgz
[WARNUNG] Die Datei ist kennwortgeschützt
C:\Users\XXX\Documents\Mein Geld\Backup\MeinGeld~2.mgz
[WARNUNG] Die Datei ist kennwortgeschützt
C:\Users\XXX\Documents\Mein Geld\Backup\MeinGeld~3.mgz
[WARNUNG] Die Datei ist kennwortgeschützt
C:\Users\XXX\Downloads\avira_free_antivirus_de.exe
[WARNUNG] Die Datei ist kennwortgeschützt
C:\Users\XXX\Downloads\CL_CL_M_OM.rar
[WARNUNG] Das gesamte Archiv ist kennwortgeschützt
C:\Users\XXX\Downloads\CMF_Boes_IN.part1.rar
[WARNUNG] Das gesamte Archiv ist kennwortgeschützt
C:\Users\XXX\Downloads\CMF_Boes_IN.part2.rar
[WARNUNG] Einige Dateien dieses Archives sind auf mehrere Teilarchive verteilt (multiple volume)
C:\Users\XXX\Downloads\W8uI0clNyU.rar
[WARNUNG] Die Datei ist kennwortgeschützt
C:\Users\XXX\Downloads\kirstis musik\025_-_Crazy_Loop_-_Crazy_Loop.rar
[WARNUNG] Das gesamte Archiv ist kennwortgeschützt
Beginne mit der Suche in 'C:\Windows'
C:\Windows\Installer\{04801163-c298-65bf-33d3-7ede2f924c70}\U\00000001.@
[FUND] Ist das Trojanische Pferd TR/Small.FI
C:\Windows\Installer\{04801163-c298-65bf-33d3-7ede2f924c70}\U\80000000.@
[FUND] Ist das Trojanische Pferd TR/Sirefef.AG.35
C:\Windows\Installer\{04801163-c298-65bf-33d3-7ede2f924c70}\U\800000cb.@
[FUND] Ist das Trojanische Pferd TR/ATRAPS.Gen2
C:\Windows\SoftwareDistribution\Download\ec2cc6ab7853f7f87c73b2f137bf7916\BITFDF7.tmp
[WARNUNG] Der Archivheader ist defekt
Beginne mit der Suche in 'C:\Users\'
C:\Users\XXX\AppData\Local\Temp\OCS\Downloads\7359c314ded3778c6ecc815e86a1b6f3\060afc8a563aaccd288f98b7c8723b61\icq_status_checker.zip
[WARNUNG] Die komprimierten Daten sind fehlerhaft
C:\Users\XXX\AppData\Local\Temp\OCS\Downloads\7359c314ded3778c6ecc815e86a1b6f3\060afc8a563aaccd288f98b7c8723b61\icq_status_checker\ICQ Status Checker 1.8 Setup.exe
[WARNUNG] Die komprimierten Daten sind fehlerhaft
C:\Users\XXX\AppData\Local\Temp\OCS\Downloads\7359c314ded3778c6ecc815e86a1b6f3\3ac48664b7886cf4e4ab4aba7e6b6bc9\icq_contact_revealer.zip
[WARNUNG] Die komprimierten Daten sind fehlerhaft
C:\Users\XXX\AppData\Local\Temp\OCS\Downloads\7359c314ded3778c6ecc815e86a1b6f3\3ac48664b7886cf4e4ab4aba7e6b6bc9\icq_contact_revealer\ICQ Contact Revealer 1.1 Setup.exe
[WARNUNG] Die komprimierten Daten sind fehlerhaft
C:\Users\XXX\Documents\Mein Geld\MeinGeld.mgz
[WARNUNG] Die Datei ist kennwortgeschützt
C:\Users\XXX\Documents\Mein Geld\Backup\MeinGeld~1.mgz
[WARNUNG] Die Datei ist kennwortgeschützt
C:\Users\XXX\Documents\Mein Geld\Backup\MeinGeld~2.mgz
[WARNUNG] Die Datei ist kennwortgeschützt
C:\Users\XXX\Documents\Mein Geld\Backup\MeinGeld~3.mgz
[WARNUNG] Die Datei ist kennwortgeschützt
C:\Users\XXX\Downloads\avira_free_antivirus_de.exe
[WARNUNG] Die Datei ist kennwortgeschützt
C:\Users\XXX\Downloads\CL_CL_M_OM.rar
[WARNUNG] Das gesamte Archiv ist kennwortgeschützt
C:\Users\XXX\Downloads\CMF_Boes_IN.part1.rar
[WARNUNG] Das gesamte Archiv ist kennwortgeschützt
C:\Users\XXX\Downloads\CMF_Boes_IN.part2.rar
[WARNUNG] Die Datei ist kennwortgeschützt
C:\Users\XXX\Downloads\kirstis musik\025_-_Crazy_Loop_-_Crazy_Loop.rar
[WARNUNG] Das gesamte Archiv ist kennwortgeschützt
Beginne mit der Suche in 'C:\Program Files'
C:\Program Files\ALDI Foto Service Nord\ALDI_Foto_Service\FotoBuch\FotobuchDS.exe
[WARNUNG] Der Archivheader ist defekt
C:\Program Files\T-Online\T-Online_Software_6\Fotoservice\Resources.zip
[WARNUNG] Der Archivheader ist defekt
C:\Program Files\T-Online\T-Online_Software_6\Fotoservice\Data\al1326.dat
[WARNUNG] Der Archivheader ist defekt
C:\Program Files\T-Online\T-Online_Software_6\Fotoservice\Data\al1376.dat
[WARNUNG] Der Archivheader ist defekt
C:\Program Files\T-Online\T-Online_Software_6\Fotoservice\Data\al1380.dat
[WARNUNG] Der Archivheader ist defekt
C:\Program Files\T-Online\T-Online_Software_6\Fotoservice\Data\AppIni.dat
[WARNUNG] Der Archivheader ist defekt
C:\Program Files\T-Online\T-Online_Software_6\Fotoservice\Data\AppRgn.dat
[WARNUNG] Der Archivheader ist defekt
C:\Program Files\T-Online\T-Online_Software_6\Fotoservice\Data\Backgrounds.dat
[WARNUNG] Der Archivheader ist defekt
C:\Program Files\T-Online\T-Online_Software_6\Fotoservice\Data\Calendars.xnf
[WARNUNG] Der Archivheader ist defekt
C:\Program Files\T-Online\T-Online_Software_6\Fotoservice\Data\CollageLayouts.pbl
[WARNUNG] Der Archivheader ist defekt
C:\Program Files\T-Online\T-Online_Software_6\Fotoservice\Data\Effects.dat
[WARNUNG] Der Archivheader ist defekt
C:\Program Files\T-Online\T-Online_Software_6\Fotoservice\Data\Hardcover.xnf
[WARNUNG] Der Archivheader ist defekt
C:\Program Files\T-Online\T-Online_Software_6\Fotoservice\Data\Leinencover.xnf
[WARNUNG] Der Archivheader ist defekt
C:\Program Files\T-Online\T-Online_Software_6\Fotoservice\Data\Navigation.xnf
[WARNUNG] Der Archivheader ist defekt
C:\Program Files\T-Online\T-Online_Software_6\Fotoservice\Data\Overview.xnf
[WARNUNG] Der Archivheader ist defekt
C:\Program Files\T-Online\T-Online_Software_6\Fotoservice\Data\PBFonts.dat
[WARNUNG] Der Archivheader ist defekt
C:\Program Files\T-Online\T-Online_Software_6\Fotoservice\Data\Photobooks.xnf
[WARNUNG] Der Archivheader ist defekt
C:\Program Files\T-Online\T-Online_Software_6\Fotoservice\Data\Photobooks_DS.xnf
[WARNUNG] Der Archivheader ist defekt
C:\Program Files\T-Online\T-Online_Software_6\Fotoservice\Data\PhotoFun.xnf
[WARNUNG] Der Archivheader ist defekt
C:\Program Files\T-Online\T-Online_Software_6\Fotoservice\Data\Products.dat
[WARNUNG] Der Archivheader ist defekt
C:\Program Files\T-Online\T-Online_Software_6\Fotoservice\Data\Rubrik1.xnf
[WARNUNG] Der Archivheader ist defekt
C:\Program Files\T-Online\T-Online_Software_6\Fotoservice\Data\Rubrik2.xnf
[WARNUNG] Der Archivheader ist defekt
C:\Program Files\T-Online\T-Online_Software_6\Fotoservice\Data\Rubrik3.xnf
[WARNUNG] Der Archivheader ist defekt
C:\Program Files\T-Online\T-Online_Software_6\Fotoservice\Data\Rubrik4.xnf
[WARNUNG] Der Archivheader ist defekt
C:\Program Files\T-Online\T-Online_Software_6\Fotoservice\Data\Rubrik5.xnf
[WARNUNG] Der Archivheader ist defekt
C:\Program Files\T-Online\T-Online_Software_6\Fotoservice\Data\Rubrik6.xnf
[WARNUNG] Der Archivheader ist defekt
C:\Program Files\T-Online\T-Online_Software_6\Fotoservice\Data\Softcover.xnf
[WARNUNG] Der Archivheader ist defekt
C:\Program Files\T-Online\T-Online_Software_6\Fotoservice\Data\Texts.dat
[WARNUNG] Der Archivheader ist defekt
C:\Program Files\T-Online\T-Online_Software_6\Fotoservice\Data\tl1326.dat
[WARNUNG] Der Archivheader ist defekt
C:\Program Files\T-Online\T-Online_Software_6\Fotoservice\Data\tl1376.dat
[WARNUNG] Der Archivheader ist defekt
C:\Program Files\T-Online\T-Online_Software_6\Fotoservice\Data\tl1380.dat
[WARNUNG] Der Archivheader ist defekt
C:\Program Files\T-Online\T-Online_Software_6\Fotoservice\Data\WizFinish.xnf
[WARNUNG] Der Archivheader ist defekt
C:\Program Files\T-Online\T-Online_Software_6\Fotoservice\Data\WizIntro.xnf
[WARNUNG] Der Archivheader ist defekt
C:\Program Files\T-Online\T-Online_Software_6\Fotoservice\Data\Xchg.dat
[WARNUNG] Der Archivheader ist defekt
C:\Program Files\T-Online\T-Online_Software_6\Fotoservice\Data\PBA4\CoverBkgnds.pbc
[WARNUNG] Der Archivheader ist defekt
C:\Program Files\T-Online\T-Online_Software_6\Fotoservice\Data\PBA4\CoverLayouts.pbl
[WARNUNG] Der Archivheader ist defekt
C:\Program Files\T-Online\T-Online_Software_6\Fotoservice\Data\PBA4\Default.pbd
[WARNUNG] Der Archivheader ist defekt
C:\Program Files\T-Online\T-Online_Software_6\Fotoservice\Data\PBA4\Layouts.pbl
[WARNUNG] Der Archivheader ist defekt
C:\Program Files\T-Online\T-Online_Software_6\Fotoservice\Data\PBA4H\CoverLayouts.pbl
[WARNUNG] Der Archivheader ist defekt
C:\Program Files\T-Online\T-Online_Software_6\Fotoservice\Data\PBA4H\Default.pbd
[WARNUNG] Der Archivheader ist defekt
C:\Program Files\T-Online\T-Online_Software_6\Fotoservice\Data\PBA4H\Layouts.pbl
[WARNUNG] Der Archivheader ist defekt
C:\Program Files\T-Online\T-Online_Software_6\Fotoservice\Data\PBA4S\CoverLayouts.pbl
[WARNUNG] Der Archivheader ist defekt
C:\Program Files\T-Online\T-Online_Software_6\Fotoservice\Data\PBA4S\Default.pbd
[WARNUNG] Der Archivheader ist defekt
C:\Program Files\T-Online\T-Online_Software_6\Fotoservice\Data\PBA4S\Layouts.pbl
[WARNUNG] Der Archivheader ist defekt
C:\Program Files\T-Online\T-Online_Software_6\Fotoservice\Data\PBA6\CoverLayouts.pbl
[WARNUNG] Der Archivheader ist defekt
C:\Program Files\T-Online\T-Online_Software_6\Fotoservice\Data\PBA6\Default.pbd
[WARNUNG] Der Archivheader ist defekt
C:\Program Files\T-Online\T-Online_Software_6\Fotoservice\Data\PBA6\Layouts.pbl
[WARNUNG] Der Archivheader ist defekt
C:\Program Files\T-Online\T-Online_Software_6\Fotoservice\Data\PBooklet\CoverBkgnds.pbc
[WARNUNG] Der Archivheader ist defekt
C:\Program Files\T-Online\T-Online_Software_6\Fotoservice\Data\PBooklet\CoverLayouts.pbl
[WARNUNG] Der Archivheader ist defekt
C:\Program Files\T-Online\T-Online_Software_6\Fotoservice\Data\PBooklet\Default.pbd
[WARNUNG] Der Archivheader ist defekt
C:\Program Files\T-Online\T-Online_Software_6\Fotoservice\Data\PBooklet\Layouts.pbl
[WARNUNG] Der Archivheader ist defekt
C:\Program Files\T-Online\T-Online_Software_6\Fotoservice\Data\PBSqr21\CoverBkgnds.pbc
[WARNUNG] Der Archivheader ist defekt
C:\Program Files\T-Online\T-Online_Software_6\Fotoservice\Data\PBSqr21\CoverLayouts.pbl
[WARNUNG] Der Archivheader ist defekt
C:\Program Files\T-Online\T-Online_Software_6\Fotoservice\Data\PBSqr21\Default.pbd
[WARNUNG] Der Archivheader ist defekt
C:\Program Files\T-Online\T-Online_Software_6\Fotoservice\Data\PBSqr21\Layouts.pbl
[WARNUNG] Der Archivheader ist defekt
C:\Program Files\T-Online\T-Online_Software_6\Fotoservice\Data\PBSqr21H\CoverLayouts.pbl
[WARNUNG] Der Archivheader ist defekt
C:\Program Files\T-Online\T-Online_Software_6\Fotoservice\Data\PBSqr21H\Default.pbd
[WARNUNG] Der Archivheader ist defekt
C:\Program Files\T-Online\T-Online_Software_6\Fotoservice\Data\PBSqr21H\Layouts.pbl
[WARNUNG] Der Archivheader ist defekt
C:\Program Files\T-Online\T-Online_Software_6\Fotoservice\Data\PBSqr21S\CoverLayouts.pbl
[WARNUNG] Der Archivheader ist defekt
C:\Program Files\T-Online\T-Online_Software_6\Fotoservice\Data\PBSqr21S\Default.pbd
[WARNUNG] Der Archivheader ist defekt
C:\Program Files\T-Online\T-Online_Software_6\Fotoservice\Data\PBSqr21S\Layouts.pbl
[WARNUNG] Der Archivheader ist defekt

Beginne mit der Desinfektion:
C:\Windows\Installer\{04801163-c298-65bf-33d3-7ede2f924c70}\U\800000cb.@
[FUND] Ist das Trojanische Pferd TR/ATRAPS.Gen2
[HINWEIS] Die Datei wurde ins Quarantäneverzeichnis unter dem Namen '55f8dd80.qua' verschoben!
C:\Windows\Installer\{04801163-c298-65bf-33d3-7ede2f924c70}\U\80000000.@
[FUND] Ist das Trojanische Pferd TR/Sirefef.AG.35
[HINWEIS] Die Datei wurde ins Quarantäneverzeichnis unter dem Namen '4d6ff227.qua' verschoben!
C:\Windows\Installer\{04801163-c298-65bf-33d3-7ede2f924c70}\U\00000001.@
[FUND] Ist das Trojanische Pferd TR/Small.FI
[HINWEIS] Die Datei wurde ins Quarantäneverzeichnis unter dem Namen '1f30a8cf.qua' verschoben!


Ende des Suchlaufs: Freitag, 22. Juni 2012 15:25
Benötigte Zeit: 2:38:34 Stunde(n)

Der Suchlauf wurde vollständig durchgeführt.

32058 Verzeichnisse wurden überprüft
697690 Dateien wurden geprüft
3 Viren bzw. unerwünschte Programme wurden gefunden
0 Dateien wurden als verdächtig eingestuft
0 Dateien wurden gelöscht
0 Viren bzw. unerwünschte Programme wurden repariert
3 Dateien wurden in die Quarantäne verschoben
0 Dateien wurden umbenannt
0 Dateien konnten nicht durchsucht werden
697687 Dateien ohne Befall
8590 Archive wurden durchsucht
94 Warnungen
3 Hinweise

Alt 24.06.2012, 14:28   #9
Ladybird
 
Nach system security Virus nun Trojan.sirefef und trojan.small in windows/installer - Standard

Nach system security Virus nun Trojan.sirefef und trojan.small in windows/installer



Hier der log von ESET:
Angehängte Dateien
Dateityp: txt log.txt (8,7 KB, 225x aufgerufen)

Alt 24.06.2012, 16:48   #10
cosinus
/// Winkelfunktion
/// TB-Süch-Tiger™
 
Nach system security Virus nun Trojan.sirefef und trojan.small in windows/installer - Standard

Nach system security Virus nun Trojan.sirefef und trojan.small in windows/installer



Mach bitte ein neues OTL-Log. Bitte alles nach Möglichkeit hier in CODE-Tags posten.

Wird so gemacht:

[code] hier steht das Log [/code]

Und das ganze sieht dann so aus:

Code:
ATTFilter
 hier steht das Log
         
CustomScan mit OTL

Falls noch nicht vorhanden, lade Dir bitte OTL von Oldtimer herunter und speichere es auf Deinem Desktop
  • Starte bitte die OTL.exe.
    Vista und Win7 User mit Rechtsklick "als Administrator starten"
  • Setze oben mittig den Haken bei Scanne alle Benutzer
  • Kopiere nun den kompletten Inhalt aus der untenstehenden Codebox in die Textbox von OTL - wenn OTL auf deutsch ist wird sie mit beschriftet
Code:
ATTFilter
netsvcs
msconfig
safebootminimal
safebootnetwork
activex
drivers32
%ALLUSERSPROFILE%\Application Data\*.
%ALLUSERSPROFILE%\Application Data\*.exe /s
%APPDATA%\*.
%APPDATA%\*.exe /s
%SYSTEMDRIVE%\*.exe
/md5start
wininit.exe
userinit.exe
eventlog.dll
scecli.dll
netlogon.dll
cngaudit.dll
ws2ifsl.sys
sceclt.dll
ntelogon.dll
winlogon.exe
logevent.dll
user32.DLL
iaStor.sys
nvstor.sys
atapi.sys
IdeChnDr.sys
viasraid.sys
AGP440.sys
vaxscsi.sys
nvatabus.sys
viamraid.sys
nvata.sys
nvgts.sys
iastorv.sys
ViPrt.sys
eNetHook.dll
ahcix86.sys
KR10N.sys
nvstor32.sys
ahcix86s.sys
/md5stop
%systemroot%\system32\drivers\*.sys /lockedfiles
%systemroot%\System32\config\*.sav
%systemroot%\*. /mp /s
%systemroot%\system32\*.dll /lockedfiles
CREATERESTOREPOINT
         
  • Schliesse bitte nun alle Programme. (Wichtig)
  • Klicke nun bitte auf den Quick Scan Button.
  • Klick auf .
  • Kopiere nun den Inhalt aus OTL.txt hier in Deinen Thread
__________________
"Die Wahrheit ist normalerweise nur eine Entschuldigung für einen Mangel an Fantasie." (Elim Garak)

Das Trojaner-Board unterstützen
Warum Linux besser als Windows ist!

Alt 29.06.2012, 13:17   #11
Ladybird
 
Nach system security Virus nun Trojan.sirefef und trojan.small in windows/installer - Standard

Nach system security Virus nun Trojan.sirefef und trojan.small in windows/installer



Sooo...hier das OTL log

OTL Logfile:
Code:
ATTFilter
OTL logfile created on: 29.06.2012 13:31:22 - Run 2
OTL by OldTimer - Version 3.2.53.0     Folder = C:\Users\XXX\Downloads
Windows Vista Home Premium Edition Service Pack 2 (Version = 6.0.6002) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
 
1,99 Gb Total Physical Memory | 0,83 Gb Available Physical Memory | 41,94% Memory free
4,21 Gb Paging File | 2,71 Gb Available in Paging File | 64,35% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 122,59 Gb Total Space | 12,30 Gb Free Space | 10,03% Space Free | Partition Type: NTFS
Drive D: | 26,45 Gb Total Space | 17,17 Gb Free Space | 64,91% Space Free | Partition Type: FAT32
 
Computer Name: XXX-PC | User Name: XXX | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users | Quick Scan
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days
 
========== Processes (SafeList) ==========
 
PRC - [2012.06.29 13:28:30 | 000,596,992 | ---- | M] (OldTimer Tools) -- C:\Users\XXX\Downloads\OTL(1).exe
PRC - [2012.05.11 03:21:50 | 000,040,960 | ---- | M] () -- C:\Users\XXX\AppData\Roaming\OCS\SM\SearchAnonymizerHelper.exe
PRC - [2012.05.02 01:52:12 | 000,047,824 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\Program Files\Avira\AntiVir Desktop\updrgui.exe
PRC - [2012.05.02 01:48:57 | 000,613,328 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\Program Files\Avira\AntiVir Desktop\update.exe
PRC - [2012.05.02 01:42:28 | 000,086,224 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\Program Files\Avira\AntiVir Desktop\sched.exe
PRC - [2012.05.02 00:34:34 | 000,110,032 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\Program Files\Avira\AntiVir Desktop\avguard.exe
PRC - [2012.05.02 00:31:35 | 000,348,624 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\Program Files\Avira\AntiVir Desktop\avgnt.exe
PRC - [2012.04.24 02:11:55 | 000,080,336 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\Program Files\Avira\AntiVir Desktop\avshadow.exe
PRC - [2012.04.04 15:56:40 | 000,654,408 | ---- | M] (Malwarebytes Corporation) -- C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe
PRC - [2012.04.04 15:56:38 | 000,462,408 | ---- | M] (Malwarebytes Corporation) -- C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe
PRC - [2011.06.09 14:06:06 | 000,507,624 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files\Common Files\Java\Java Update\jucheck.exe
PRC - [2011.01.17 18:50:34 | 011,322,880 | ---- | M] (OpenOffice.org) -- C:\Program Files\OpenOffice.org 3\program\soffice.exe
PRC - [2011.01.17 18:50:34 | 011,314,688 | ---- | M] (OpenOffice.org) -- C:\Program Files\OpenOffice.org 3\program\soffice.bin
PRC - [2009.04.11 08:27:59 | 000,279,552 | ---- | M] () -- C:\Windows\System32\services.exe
PRC - [2009.04.11 08:27:36 | 002,926,592 | ---- | M] (Microsoft Corporation) -- C:\Windows\explorer.exe
PRC - [2007.09.11 15:37:58 | 000,118,784 | ---- | M] (Wistron Corp.) -- C:\Program Files\Launch Manager\WisLMSvc.exe
PRC - [2007.09.07 09:26:54 | 000,086,016 | ---- | M] (Wistron) -- C:\Program Files\Launch Manager\WButton.exe
PRC - [2007.09.06 11:23:36 | 000,188,416 | ---- | M] (Wistron) -- C:\Program Files\Launch Manager\HotkeyApp.exe
PRC - [2007.09.04 12:41:00 | 000,069,632 | ---- | M] () -- C:\Program Files\Softex\OmniPass\opvapp.exe
PRC - [2007.09.01 14:03:50 | 000,032,768 | ---- | M] () -- C:\Program Files\Launch Manager\LaunchAp.exe
PRC - [2007.08.31 11:04:26 | 000,102,400 | ---- | M] (Synaptics, Inc.) -- C:\Program Files\Synaptics\SynTP\SynTPStart.exe
PRC - [2007.08.16 10:31:40 | 001,681,408 | ---- | M] (Buhl Data Service GmbH) -- C:\Program Files\Sceneo\AbsolutTV\Services\PVR\pvrservice.exe
PRC - [2007.07.12 16:36:12 | 000,354,840 | ---- | M] (Intel Corporation) -- C:\Program Files\Intel\Intel Matrix Storage Manager\IAANTmon.exe
PRC - [2007.07.12 16:36:10 | 000,178,712 | ---- | M] (Intel Corporation) -- C:\Program Files\Intel\Intel Matrix Storage Manager\IAAnotif.exe
PRC - [2007.07.11 15:57:42 | 000,880,640 | R--- | M] (Sony Ericsson Mobile Communications AB) -- C:\Program Files\Sony Ericsson\Mobile2\Mobile Phone Monitor\epmworker.exe
PRC - [2007.06.13 08:16:02 | 000,528,384 | R--- | M] () -- C:\Program Files\Sony Ericsson\Mobile2\Application Launcher\Application Launcher.exe
PRC - [2007.04.13 18:14:28 | 000,016,384 | ---- | M] (Empolis GmbH) -- C:\Program Files\Medion\MEDIONbox\Program\GCS.exe
PRC - [2007.04.13 18:14:26 | 000,036,864 | ---- | M] (Empolis GmbH) -- c:\Program Files\Common Files\Gnab\Service\ServiceController.exe
PRC - [2007.03.16 03:23:20 | 000,983,040 | R--- | M] (Teleca AB) -- C:\Program Files\Common Files\Teleca Shared\Generic.exe
PRC - [2006.12.26 11:23:34 | 000,180,224 | ---- | M] (Wistron Corp.) -- C:\Program Files\Launch Manager\OSD.exe
PRC - [2006.11.02 11:45:59 | 000,215,552 | ---- | M] (Microsoft Corporation) -- C:\Windows\WindowsMobile\wmdSync.exe
PRC - [2006.10.05 12:10:12 | 000,009,216 | ---- | M] (Agere Systems) -- C:\Windows\System32\agrsmsvc.exe
PRC - [2001.11.12 13:31:48 | 000,020,480 | ---- | M] (X10) -- C:\Program Files\Common Files\X10\Common\X10nets.exe
 
 
========== Modules (No Company Name) ==========
 
MOD - [2011.10.24 06:23:18 | 000,985,088 | ---- | M] () -- C:\Program Files\OpenOffice.org 3\program\libxml2.dll
MOD - [2007.09.04 12:36:48 | 000,016,896 | ---- | M] () -- C:\Program Files\Softex\OmniPass\cryptodll.dll
MOD - [2007.09.01 14:03:50 | 000,032,768 | ---- | M] () -- C:\Program Files\Launch Manager\LaunchAp.exe
MOD - [2007.06.13 08:16:02 | 000,528,384 | R--- | M] () -- C:\Program Files\Sony Ericsson\Mobile2\Application Launcher\Application Launcher.exe
MOD - [2007.05.23 08:23:34 | 004,591,616 | R--- | M] () -- C:\Program Files\Sony Ericsson\Mobile2\Application Launcher\Application LauncherBmp.dll
MOD - [2007.05.22 16:09:20 | 000,025,600 | R--- | M] () -- C:\Program Files\Sony Ericsson\Mobile2\Application Launcher\Application LauncherLg.dll
MOD - [2006.03.09 18:45:36 | 000,081,920 | R--- | M] () -- C:\Program Files\Common Files\Teleca Shared\boost_log-vc71-mt-1_33.dll
 
 
========== Win32 Services (SafeList) ==========
 
SRV - File not found [On_Demand | Stopped] -- C:\Windows\system32\ipdll2k.exe -- (ipdll2k)
SRV - [2012.06.23 17:35:19 | 000,113,120 | ---- | M] (Mozilla Foundation) [On_Demand | Stopped] -- C:\Program Files\Mozilla Maintenance Service\maintenanceservice.exe -- (MozillaMaintenance)
SRV - [2012.06.22 12:38:47 | 000,250,056 | ---- | M] (Adobe Systems Incorporated) [On_Demand | Stopped] -- C:\Windows\System32\Macromed\Flash\FlashPlayerUpdateService.exe -- (AdobeFlashPlayerUpdateSvc)
SRV - [2012.05.11 03:21:50 | 000,040,960 | ---- | M] () [Auto | Running] -- C:\Users\XXX\AppData\Roaming\OCS\SM\SearchAnonymizerHelper.exe -- (SearchAnonymizer)
SRV - [2012.05.02 01:42:28 | 000,086,224 | ---- | M] (Avira Operations GmbH & Co. KG) [Auto | Running] -- C:\Program Files\Avira\AntiVir Desktop\sched.exe -- (AntiVirSchedulerService)
SRV - [2012.05.02 00:34:34 | 000,110,032 | ---- | M] (Avira Operations GmbH & Co. KG) [Auto | Running] -- C:\Program Files\Avira\AntiVir Desktop\avguard.exe -- (AntiVirService)
SRV - [2012.04.04 15:56:40 | 000,654,408 | ---- | M] (Malwarebytes Corporation) [Auto | Running] -- C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe -- (MBAMService)
SRV - [2011.07.08 08:54:50 | 002,428,968 | ---- | M] (mobile concepts GmbH) [On_Demand | Stopped] -- C:\Program Files\S.A.D\CyberGhost VPN\CGVPNCliService.exe -- (CGVPNCliSrvc)
SRV - [2010.06.25 19:07:20 | 000,117,264 | ---- | M] (CACE Technologies, Inc.) [On_Demand | Stopped] -- C:\Program Files\WinPcap\rpcapd.exe -- (rpcapd) Remote Packet Capture Protocol v.0 (experimental)
SRV - [2008.01.19 09:36:49 | 000,365,568 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\WindowsMobile\wcescomm.dll -- (WcesComm)
SRV - [2008.01.19 09:36:15 | 000,167,936 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\WindowsMobile\rapimgr.dll -- (RapiMgr)
SRV - [2007.09.11 15:37:58 | 000,118,784 | ---- | M] (Wistron Corp.) [On_Demand | Running] -- C:\Program Files\Launch Manager\WisLMSvc.exe -- (WisLMSvc)
SRV - [2007.09.04 12:39:54 | 000,040,960 | ---- | M] (Softex Inc.) [On_Demand | Stopped] -- C:\Program Files\Softex\OmniPass\OmniServ.exe -- (omniserv)
SRV - [2007.08.16 10:31:40 | 001,681,408 | ---- | M] (Buhl Data Service GmbH) [Auto | Running] -- C:\Program Files\Sceneo\AbsolutTV\Services\PVR\pvrservice.exe -- (srvcPVR)
SRV - [2007.07.12 16:36:12 | 000,354,840 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\Program Files\Intel\Intel Matrix Storage Manager\IAANTmon.exe -- (IAANTMON) Intel(R)
SRV - [2007.04.13 18:14:26 | 000,036,864 | ---- | M] (Empolis GmbH) [Auto | Running] -- c:\Program Files\Common Files\Gnab\Service\ServiceController.exe -- (GnabService)
SRV - [2006.10.05 12:10:12 | 000,009,216 | ---- | M] (Agere Systems) [Auto | Running] -- C:\Windows\System32\agrsmsvc.exe -- (AgereModemAudio)
SRV - [2005.11.17 14:18:52 | 001,527,900 | ---- | M] (MAGIX®) [On_Demand | Stopped] -- C:\Program Files\ALDI Foto Service Nord\Common\Database\bin\fbserver.exe -- (FirebirdServerMAGIXInstance)
SRV - [2001.11.12 13:31:48 | 000,020,480 | ---- | M] (X10) [Auto | Running] -- C:\Program Files\Common Files\X10\Common\X10nets.exe -- (x10nets)
 
 
========== Driver Services (SafeList) ==========
 
DRV - File not found [Kernel | On_Demand | Stopped] -- system32\DRIVERS\nwlnkfwd.sys -- (NwlnkFwd)
DRV - File not found [Kernel | On_Demand | Stopped] -- system32\DRIVERS\nwlnkflt.sys -- (NwlnkFlt)
DRV - File not found [Kernel | On_Demand | Stopped] -- system32\DRIVERS\ipinip.sys -- (IpInIp)
DRV - File not found [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\blbdrive.sys -- (blbdrive)
DRV - [2012.04.27 10:20:04 | 000,137,928 | ---- | M] (Avira GmbH) [Kernel | System | Running] -- C:\Windows\System32\drivers\avipbb.sys -- (avipbb)
DRV - [2012.04.25 00:32:27 | 000,083,392 | ---- | M] (Avira GmbH) [File_System | Auto | Running] -- C:\Windows\System32\drivers\avgntflt.sys -- (avgntflt)
DRV - [2012.04.16 21:17:40 | 000,036,000 | ---- | M] (Avira GmbH) [Kernel | System | Running] -- C:\Windows\System32\drivers\avkmgr.sys -- (avkmgr)
DRV - [2012.04.04 15:56:40 | 000,022,344 | ---- | M] (Malwarebytes Corporation) [File_System | On_Demand | Running] -- C:\Windows\System32\drivers\mbam.sys -- (MBAMProtector)
DRV - [2010.06.25 19:07:14 | 000,035,088 | ---- | M] (CACE Technologies, Inc.) [Kernel | Auto | Running] -- C:\Windows\System32\drivers\npf.sys -- (NPF)
DRV - [2010.06.17 15:14:27 | 000,028,520 | ---- | M] (Avira GmbH) [Kernel | System | Running] -- C:\Windows\System32\drivers\ssmdrv.sys -- (ssmdrv)
DRV - [2010.02.25 16:51:02 | 000,025,216 | ---- | M] (The OpenVPN Project) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\tap0901.sys -- (tap0901)
DRV - [2009.04.11 06:42:52 | 000,031,616 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\winusb.sys -- (winusb)
DRV - [2007.08.30 20:24:24 | 000,805,416 | ---- | M] (Bison Electronics. Inc. ) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\BisonC07.sys -- (Cam5607)
DRV - [2007.08.28 15:47:36 | 000,146,560 | ---- | M] (AuthenTec, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\atswpdrv.sys -- (ATSWPDRV) AuthenTec TruePrint USB Driver (SwipeSensor)
DRV - [2007.08.08 08:26:06 | 002,226,688 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\NETw4v32.sys -- (NETw4v32) Intel(R)
DRV - [2007.07.31 11:58:18 | 000,908,896 | ---- | M] (NXP Semiconductors Germany GmbH) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\PhilCap.sys -- (PhilCap)
DRV - [2007.06.19 09:51:20 | 000,107,304 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\s816mdm.sys -- (s816mdm)
DRV - [2007.06.19 09:51:18 | 000,099,112 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\s816mgmt.sys -- (s816mgmt) Sony Ericsson Device 816 USB WMC Device Management Drivers (WDM)
DRV - [2007.06.19 09:51:18 | 000,097,704 | ---- | M] (MCCI) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\s816unic.sys -- (s816unic) Sony Ericsson Device 816 USB Ethernet Emulation SEMCMR7 (WDM)
DRV - [2007.06.19 09:51:18 | 000,097,320 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\s816obex.sys -- (s816obex)
DRV - [2007.06.19 09:51:18 | 000,021,928 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\s816nd5.sys -- (s816nd5) Sony Ericsson Device 816 USB Ethernet Emulation SEMCMR7 (NDIS)
DRV - [2007.06.19 09:51:18 | 000,013,864 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\s816mdfl.sys -- (s816mdfl)
DRV - [2007.06.19 09:51:16 | 000,081,832 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\s816bus.sys -- (s816bus) Sony Ericsson Device 816 driver (WDM)
DRV - [2007.06.01 10:29:04 | 000,210,736 | ---- | M] (Silicon Image, Inc) [Kernel | Boot | Running] -- C:\Windows\System32\drivers\Si3531.sys -- (Si3531)
DRV - [2007.05.25 09:41:00 | 000,017,328 | ---- | M] (Silicon Image, Inc.) [Kernel | Boot | Running] -- C:\Windows\System32\drivers\SiWinAcc.sys -- (SiFilter)
DRV - [2007.05.25 09:40:58 | 000,012,464 | ---- | M] (Silicon Image, Inc.) [Kernel | Boot | Running] -- C:\Windows\System32\drivers\SiRemFil.sys -- (SiRemFil)
DRV - [2007.04.30 13:42:14 | 000,081,408 | ---- | M] (Realtek Corporation                                            ) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\Rtlh86.sys -- (RTL8169)
DRV - [2006.11.30 15:18:18 | 000,027,416 | ---- | M] (X10 Wireless Technology, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\x10ufx2.sys -- (XUIF)
DRV - [2006.11.28 15:11:00 | 001,161,888 | ---- | M] (Agere Systems) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\AGRSM.sys -- (AgereSoftModem)
DRV - [2006.11.17 10:31:04 | 000,013,976 | ---- | M] (X10 Wireless Technology, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\x10hid.sys -- (X10Hid)
DRV - [2006.11.02 09:36:43 | 002,028,032 | ---- | M] (ATI Technologies Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\atikmdag.sys -- (R300)
DRV - [2006.11.02 09:30:54 | 001,781,760 | ---- | M] (Intel® Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\NETw3v32.sys -- (NETw3v32) Intel(R)
DRV - [2006.10.09 15:46:44 | 000,017,536 | ---- | M] (Deutsche Telekom AG AG, Marmiko IT-Solutions GmbH) [Kernel | On_Demand | Stopped] -- C:\Program Files\T-Online\T-Online_Software_6\Basis-Software\Basis1\MTOnlPktAlyx.sys -- (MTOnlPktAlyX)
DRV - [2003.04.28 11:27:06 | 000,009,867 | ---- | M] () [Kernel | System | Running] -- C:\Windows\System32\drivers\HOTKEY.sys -- (Hotkey)
 
 
========== Standard Registry (SafeList) ==========
 
 
========== Internet Explorer ==========
 
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://www.aldi.com/
IE - HKLM\..\SearchScopes,DefaultScope = {67A2568C-7A0A-4EED-AECC-B5405DE63B64}
IE - HKLM\..\SearchScopes,DefaultScope /d {67A2568C-7A0A-4EED-AECC-B5405DE63B64} /f >Nul 2>Nul = 
IE - HKLM\..\SearchScopes\{67A2568C-7A0A-4EED-AECC-B5405DE63B64}: "URL" = hxxp://www.google.com/search?q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&sourceid=ie7&rlz=1I7MEDA
 
 
IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
 
IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
 
 
 
IE - HKU\S-1-5-21-2820265406-3513511694-1269570180-1003\SOFTWARE\Microsoft\Internet Explorer\Main,Search Bar = hxxp://www.google.com/ie
IE - HKU\S-1-5-21-2820265406-3513511694-1269570180-1003\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.google.com
IE - HKU\S-1-5-21-2820265406-3513511694-1269570180-1003\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://search.babylon.com/?AF=109718&babsrc=HP_ss&mntrId=86571b6300000000000000ffb43162c0
IE - HKU\S-1-5-21-2820265406-3513511694-1269570180-1003\SOFTWARE\Microsoft\Internet Explorer\Main,StartPageCache = 1
IE - HKU\S-1-5-21-2820265406-3513511694-1269570180-1003\..\URLSearchHook:  - No CLSID value found
IE - HKU\S-1-5-21-2820265406-3513511694-1269570180-1003\..\SearchScopes,DefaultScope = {67A2568C-7A0A-4EED-AECC-B5405DE63B64}
IE - HKU\S-1-5-21-2820265406-3513511694-1269570180-1003\..\SearchScopes,DefaultScope /d {67A2568C-7A0A-4EED-AECC-B5405DE63B64} /f >Nul 2>Nul = 
IE - HKU\S-1-5-21-2820265406-3513511694-1269570180-1003\..\SearchScopes\{0C0F4F3C-7477-4523-97B5-054933C03A8F}: "URL" = hxxp://search.ebay.de.anonymize-me.de/?to=656261792E6465&st={searchTerms}&clid=f8d958b8-54fe-4366-96e8-43de064623fe&pid=murb&mode=bounce&k=0
IE - HKU\S-1-5-21-2820265406-3513511694-1269570180-1003\..\SearchScopes\{0ECDF796-C2DC-4d79-A620-CCE0C0A66CC9}: "URL" = hxxp://search.babylon.com.anonymize-me.de/?anonymto=687474703A2F2F7365617263682E626162796C6F6E2E636F6D2F3F713D7B7365617263685465726D737D2641463D313039373138266261627372633D53505F7373266D6E747249643D3836353731623633303030303030303030303030303066666234333136326330&st={searchTerms}&clid=f8d958b8-54fe-4366-96e8-43de064623fe&pid=murb&k=0
IE - HKU\S-1-5-21-2820265406-3513511694-1269570180-1003\..\SearchScopes\{10DD77FC-4286-4EDC-A7E5-2A05AC84E414}: "URL" = hxxp://www.otto.de.anonymize-me.de/?to=6F74746F2E6465&st={searchTerms}&clid=f8d958b8-54fe-4366-96e8-43de064623fe&pid=murb&mode=bounce&k=0
IE - HKU\S-1-5-21-2820265406-3513511694-1269570180-1003\..\SearchScopes\{40DF4D83-7A8D-43EB-9A7E-EAC7EF6D5966}: "URL" = hxxp://www.amazon.de.anonymize-me.de/?to=616D617A6F6E2E6465&st={searchTerms}&clid=f8d958b8-54fe-4366-96e8-43de064623fe&pid=murb&mode=bounce&k=0
IE - HKU\S-1-5-21-2820265406-3513511694-1269570180-1003\..\SearchScopes\{6552C7DD-90A4-4387-B795-F8F96747DE19}: "URL" = hxxp://search.icq.com.anonymize-me.de/?anonymto=687474703A2F2F7365617263682E6963712E636F6D2F7365617263682F726573756C74732E7068703F713D7B7365617263685465726D737D2663685F69643D6F7364&st={searchTerms}&clid=f8d958b8-54fe-4366-96e8-43de064623fe&pid=murb&k=0
IE - HKU\S-1-5-21-2820265406-3513511694-1269570180-1003\..\SearchScopes\{67A2568C-7A0A-4EED-AECC-B5405DE63B64}: "URL" = hxxp://www.google.com/search?q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&sourceid=ie7&rlz=1I7GGLL_de
IE - HKU\S-1-5-21-2820265406-3513511694-1269570180-1003\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = hxxp://www.google.com/search?q={searchTerms}&rlz=1I7GGLL_de&ie={inputEncoding}&oe={outputEncoding}&sourceid=ie7
IE - HKU\S-1-5-21-2820265406-3513511694-1269570180-1003\..\SearchScopes\{70D46D94-BF1E-45ED-B567-48701376298E}: "URL" = hxxp://127.0.0.1:4664.anonymize-me.de/?anonymto=687474703A2F2F3132372E302E302E313A343636342F73656172636826733D61376A56315A484E31357466354B753768706378384B62424E4C303F713D7B7365617263685465726D737D&st={searchTerms}&clid=f8d958b8-54fe-4366-96e8-43de064623fe&pid=murb&k=0
IE - HKU\S-1-5-21-2820265406-3513511694-1269570180-1003\..\SearchScopes\{7FE36259-6E1A-4A7B-8721-2DF6850CE19E}: "URL" = hxxp://de.wikipedia.org.anonymize-me.de/?to=64652E77696B6970656469612E6F7267&st={searchTerms}&clid=f8d958b8-54fe-4366-96e8-43de064623fe&pid=murb&mode=bounce&k=0
IE - HKU\S-1-5-21-2820265406-3513511694-1269570180-1003\..\SearchScopes\{811E845D-FAC5-40B6-8E97-B747B34B5216}: "URL" = hxxp://www.myvideo.de.anonymize-me.de/?to=6D79766964656F2E6465&st={searchTerms}&clid=f8d958b8-54fe-4366-96e8-43de064623fe&pid=murb&mode=bounce&k=0
IE - HKU\S-1-5-21-2820265406-3513511694-1269570180-1003\..\SearchScopes\{8561F07E-667E-46B2-9029-6E3F6A3FCE5C}: "URL" = hxxp://www.bing.com.anonymize-me.de/?anonymto=687474703A2F2F7777772E62696E672E636F6D2F7365617263683F464F524D3D56453344303126713D7B7365617263685465726D737D267372633D7B72656665727265723A736F757263653F7D&st={searchTerms}&clid=f8d958b8-54fe-4366-96e8-43de064623fe&pid=murb&k=0
IE - HKU\S-1-5-21-2820265406-3513511694-1269570180-1003\..\SearchScopes\{BCE9B97D-AF91-434A-8004-8027F6ADF033}: "URL" = hxxp://www.pricerunner.de.anonymize-me.de/?to=707269636572756E6E65722E6465&st={searchTerms}&clid=f8d958b8-54fe-4366-96e8-43de064623fe&pid=murb&mode=bounce&k=0
IE - HKU\S-1-5-21-2820265406-3513511694-1269570180-1003\..\SearchScopes\{BE9654C9-9D79-42ec-B55A-3CAEB12DBF58}: "URL" = hxxp://www.icq.com.anonymize-me.de/?anonymto=687474703A2F2F7777772E6963712E636F6D2F7365617263682F726573756C74732E7068703F713D7B7365617263685465726D737D2663685F69643D6F7364&st={searchTerms}&clid=f8d958b8-54fe-4366-96e8-43de064623fe&pid=murb&k=0
IE - HKU\S-1-5-21-2820265406-3513511694-1269570180-1003\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
 
========== FireFox ==========
 
FF - prefs.js..browser.startup.homepage: "google.de"
 
 
FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF32_11_3_300_262.dll ()
FF - HKLM\Software\MozillaPlugins\@Google.com/GoogleEarthPlugin: C:\Program Files\Google\Google Earth\plugin\npgeplugin.dll (Google)
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files\Java\jre6\bin\new_plugin\npjp2.dll (Sun Microsystems, Inc.)
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: C:\Program Files\Microsoft Silverlight\4.1.10329.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeLive,version=1.5: C:\Program Files\Microsoft\Office Live\npOLW.dll (Microsoft Corp.)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/VirtualEarth3D,version=4.0: C:\Program Files\Virtual Earth 3D\ [2010.11.19 20:33:26 | 000,000,000 | ---D | M]
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WPF,version=3.5: C:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@pack.google.com/Google Updater;version=14: C:\Program Files\Google\Google Updater\2.4.2432.1652\npCIDetect14.dll (Google)
FF - HKLM\Software\MozillaPlugins\@real.com/nppl3260;version=6.0.11.3088: C:\Program Files\Real\RealPlayer\Netscape6\nppl3260.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nprjplug;version=1.0.2.3146: C:\Program Files\Real\RealPlayer\Netscape6\nprjplug.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nprpjplug;version=6.0.11.3006: C:\Program Files\Real\RealPlayer\Netscape6\nprpjplug.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nsJSRealPlayerPlugin;version=:  File not found
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files\Google\Update\1.3.21.111\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files\Google\Update\1.3.21.111\npGoogleUpdate3.dll (Google Inc.)
 
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 13.0.1\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2012.06.23 17:35:20 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 13.0.1\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2012.01.23 19:18:57 | 000,000,000 | ---D | M]
FF - HKEY_CURRENT_USER\software\mozilla\Firefox\Extensions\\mail@shopping-preise.de: C:\Users\XXX\AppData\Roaming\Mozilla\Firefox\Profiles\z8xl961m.default\extensions\mail@shopping-preise.de [2012.04.02 02:17:45 | 000,000,000 | ---D | M]
FF - HKEY_CURRENT_USER\software\mozilla\Firefox\Extensions\\firejump@firejump.net: C:\Users\XXX\AppData\Roaming\Mozilla\Firefox\Profiles\z8xl961m.default\extensions\firejump@firejump.net [2012.05.11 03:21:48 | 000,000,000 | ---D | M]
FF - HKEY_CURRENT_USER\software\mozilla\Mozilla Firefox 13.0.1\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2012.06.23 17:35:20 | 000,000,000 | ---D | M]
FF - HKEY_CURRENT_USER\software\mozilla\Mozilla Firefox 13.0.1\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2012.01.23 19:18:57 | 000,000,000 | ---D | M]
 
[2010.04.21 23:32:57 | 000,000,000 | ---D | M] (No name found) -- C:\Users\XXX\AppData\Roaming\mozilla\Extensions
[2012.05.03 20:06:35 | 000,000,000 | ---D | M] (No name found) -- C:\Users\XXX\AppData\Roaming\mozilla\Firefox\Profiles\z8xl961m.default\extensions
[2011.03.31 10:55:15 | 000,000,000 | ---D | M] (Microsoft .NET Framework Assistant) -- C:\Users\XXX\AppData\Roaming\mozilla\Firefox\Profiles\z8xl961m.default\extensions\{20a82645-c095-46ed-80e3-08825760534b}
[2012.03.28 14:20:11 | 000,000,000 | ---D | M] ("ICQ Toolbar") -- C:\Users\XXX\AppData\Roaming\mozilla\Firefox\Profiles\z8xl961m.default\extensions\{800b5000-a755-47e1-992b-48a1c1357f07}
[2012.03.30 21:42:02 | 000,000,000 | ---D | M] (DownloadHelper) -- C:\Users\XXX\AppData\Roaming\mozilla\Firefox\Profiles\z8xl961m.default\extensions\{b9db16a4-6edc-47ec-a1f4-b86292ed211d}
[2012.05.11 03:21:48 | 000,000,000 | ---D | M] (FireJump) -- C:\Users\XXX\AppData\Roaming\mozilla\Firefox\Profiles\z8xl961m.default\extensions\firejump@firejump.net
[2012.04.02 02:17:45 | 000,000,000 | ---D | M] (Shopping-preise.de) -- C:\Users\XXX\AppData\Roaming\mozilla\Firefox\Profiles\z8xl961m.default\extensions\mail@shopping-preise.de
[2011.03.23 01:55:48 | 000,001,987 | ---- | M] () -- C:\Users\XXX\AppData\Roaming\Mozilla\Firefox\Profiles\z8xl961m.default\searchplugins\bing.xml
[2011.03.23 01:55:48 | 000,001,097 | ---- | M] () -- C:\Users\XXX\AppData\Roaming\Mozilla\Firefox\Profiles\z8xl961m.default\searchplugins\icqplugin-1.xml
[2012.03.19 03:47:28 | 000,001,097 | ---- | M] () -- C:\Users\XXX\AppData\Roaming\Mozilla\Firefox\Profiles\z8xl961m.default\searchplugins\icqplugin-10.xml
[2012.03.19 03:47:28 | 000,001,097 | ---- | M] () -- C:\Users\XXX\AppData\Roaming\Mozilla\Firefox\Profiles\z8xl961m.default\searchplugins\icqplugin-11.xml
[2012.03.19 03:47:28 | 000,001,097 | ---- | M] () -- C:\Users\XXX\AppData\Roaming\Mozilla\Firefox\Profiles\z8xl961m.default\searchplugins\icqplugin-12.xml
[2011.06.19 22:05:52 | 000,001,097 | ---- | M] () -- C:\Users\XXX\AppData\Roaming\Mozilla\Firefox\Profiles\z8xl961m.default\searchplugins\icqplugin-2.xml
[2011.06.19 22:05:52 | 000,001,097 | ---- | M] () -- C:\Users\XXX\AppData\Roaming\Mozilla\Firefox\Profiles\z8xl961m.default\searchplugins\icqplugin-3.xml
[2011.06.19 22:05:52 | 000,001,097 | ---- | M] () -- C:\Users\XXX\AppData\Roaming\Mozilla\Firefox\Profiles\z8xl961m.default\searchplugins\icqplugin-4.xml
[2012.03.19 03:47:28 | 000,001,097 | ---- | M] () -- C:\Users\XXX\AppData\Roaming\Mozilla\Firefox\Profiles\z8xl961m.default\searchplugins\icqplugin-5.xml
[2012.03.19 03:47:28 | 000,001,097 | ---- | M] () -- C:\Users\XXX\AppData\Roaming\Mozilla\Firefox\Profiles\z8xl961m.default\searchplugins\icqplugin-6.xml
[2012.03.19 03:47:28 | 000,001,097 | ---- | M] () -- C:\Users\XXX\AppData\Roaming\Mozilla\Firefox\Profiles\z8xl961m.default\searchplugins\icqplugin-7.xml
[2012.03.19 03:47:28 | 000,001,097 | ---- | M] () -- C:\Users\XXX\AppData\Roaming\Mozilla\Firefox\Profiles\z8xl961m.default\searchplugins\icqplugin-8.xml
[2012.03.19 03:47:28 | 000,001,097 | ---- | M] () -- C:\Users\XXX\AppData\Roaming\Mozilla\Firefox\Profiles\z8xl961m.default\searchplugins\icqplugin-9.xml
[2011.03.23 01:55:48 | 000,001,114 | ---- | M] () -- C:\Users\XXX\AppData\Roaming\Mozilla\Firefox\Profiles\z8xl961m.default\searchplugins\icqplugin.xml
[2011.03.23 01:55:48 | 000,002,071 | ---- | M] () -- C:\Users\XXX\AppData\Roaming\Mozilla\Firefox\Profiles\z8xl961m.default\searchplugins\{391DA46B-68E9-4FD3-87C4-49E42ECCB4D4}.xml
[2011.03.23 01:55:48 | 000,001,864 | ---- | M] () -- C:\Users\XXX\AppData\Roaming\Mozilla\Firefox\Profiles\z8xl961m.default\searchplugins\{87A9ACC5-B1BF-48DE-A127-B0EF30315290}.xml
[2011.03.23 01:55:48 | 000,002,182 | ---- | M] () -- C:\Users\XXX\AppData\Roaming\Mozilla\Firefox\Profiles\z8xl961m.default\searchplugins\{9926AA3C-7A75-438E-B505-E27BF0038CE8}.xml
[2011.06.19 22:05:52 | 000,001,088 | ---- | M] () -- C:\Users\XXX\AppData\Roaming\Mozilla\Firefox\Profiles\z8xl961m.default\searchplugins\{B4346541-F498-4F66-99A2-4C89E06C72CE}.xml
[2012.01.23 19:19:01 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files\Mozilla Firefox\extensions
[2010.11.29 00:58:53 | 000,000,000 | ---D | M] (Skype extension) -- C:\Program Files\Mozilla Firefox\extensions\{AB2CE124-6272-4b12-94A9-7303C7397BD1}
[2012.01.23 19:20:54 | 000,634,964 | ---- | M] () (No name found) -- C:\USERS\XXX\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\Z8XL961M.DEFAULT\EXTENSIONS\{D10D0BF8-F5B5-C8B4-A8B2-2B9879E08C5D}.XPI
[2012.06.23 17:35:20 | 000,085,472 | ---- | M] (Mozilla Foundation) -- C:\Program Files\mozilla firefox\components\browsercomps.dll
[2011.11.10 06:54:13 | 000,476,904 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files\mozilla firefox\plugins\npdeployJava1.dll
[2012.06.23 17:35:15 | 000,001,392 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\amazondotcom-de.xml
[2012.03.19 03:47:28 | 000,002,389 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\babylon.xml
[2012.06.23 17:35:15 | 000,002,252 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\bing.xml
[2012.06.23 17:35:15 | 000,001,153 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\eBay-de.xml
[2012.06.23 17:35:15 | 000,006,805 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\leo_ende_de.xml
[2012.06.23 17:35:15 | 000,001,178 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\wikipedia-de.xml
[2012.06.23 17:35:15 | 000,001,105 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\yahoo-de.xml
 
========== Chrome  ==========
 
CHR - default_search_provider: Google ()
CHR - default_search_provider: search_url = {google:baseURL}search?{google:RLZ}{google:acceptedSuggestion}{google:originalQueryForSuggestion}sourceid=chrome&ie={inputEncoding}&q={searchTerms}
CHR - default_search_provider: suggest_url = {google:baseSuggestURL}search?client=chrome&output=chrome&hl={language}&q={searchTerms}
 
O1 HOSTS File: ([2006.09.18 23:41:30 | 000,000,761 | ---- | M]) - C:\Windows\System32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1       localhost
O1 - Hosts: ::1             localhost
O2 - BHO: (Adobe PDF Reader) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll (Adobe Systems Incorporated)
O2 - BHO: (Babylon toolbar helper) - {2EECD738-5844-4a99-B4B6-146BF802613B} - C:\Program Files\BabylonToolbar\BabylonToolbar\1.5.3.17\bh\BabylonToolbar.dll (Babylon BHO)
O2 - BHO: (Java(tm) Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre6\bin\ssv.dll (Sun Microsystems, Inc.)
O2 - BHO: (Skype Plug-In) - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O3 - HKLM\..\Toolbar: (Veoh Video Compass) - {52836EB0-631A-47B1-94A6-61F9D9112DAE} - C:\Program Files\Veoh Networks\Veoh Video Compass\SearchRecsPlugin.dll (Veoh Networks)
O3 - HKLM\..\Toolbar: (Babylon Toolbar) - {98889811-442D-49dd-99D7-DC866BE87DBC} - C:\Program Files\BabylonToolbar\BabylonToolbar\1.5.3.17\BabylonToolbarTlbr.dll (Babylon Ltd.)
O3 - HKU\S-1-5-21-2820265406-3513511694-1269570180-1003\..\Toolbar\WebBrowser: (no name) - {855F3B16-6D32-4FE6-8A56-BBB695989046} - No CLSID value found.
O4 - HKLM..\Run: [avgnt] C:\Program Files\Avira\AntiVir Desktop\avgnt.exe (Avira Operations GmbH & Co. KG)
O4 - HKLM..\Run: [CtrlVol] "C:\Program Files\Launch Manager\CtrlVol.exe" File not found
O4 - HKLM..\Run: [HotkeyApp] C:\Program Files\Launch Manager\HotkeyApp.exe (Wistron)
O4 - HKLM..\Run: [IAAnotif] C:\Program Files\Intel\Intel Matrix Storage Manager\Iaanotif.exe (Intel Corporation)
O4 - HKLM..\Run: [LanguageShortcut] C:\Program Files\Home Cinema\PowerDVD\Language\Language.exe ()
O4 - HKLM..\Run: [LaunchAp] C:\Program Files\Launch Manager\LaunchAp.exe ()
O4 - HKLM..\Run: [LMgrOSD] C:\Program Files\Launch Manager\OSD.exe (Wistron Corp.)
O4 - HKLM..\Run: [Malwarebytes' Anti-Malware] C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe (Malwarebytes Corporation)
O4 - HKLM..\Run: [Ocs_SM] C:\Users\XXX\AppData\Roaming\OCS\SM\SearchAnonymizer.exe (OCS)
O4 - HKLM..\Run: [Sony Ericsson PC Suite] C:\Program Files\Sony Ericsson\Mobile2\Application Launcher\Application Launcher.exe ()
O4 - HKLM..\Run: [SynTPStart] C:\Program Files\Synaptics\SynTP\SynTPStart.exe (Synaptics, Inc.)
O4 - HKLM..\Run: [Wbutton] C:\Program Files\Launch Manager\Wbutton.exe (Wistron)
O4 - HKLM..\Run: [Windows Mobile-based device management] C:\Windows\WindowsMobile\wmdSync.exe (Microsoft Corporation)
O4 - HKU\.DEFAULT..\Run: [InfoCockpit] C:\Program Files\T-Online\T-Online_Software_6\Info-Cockpit\IC_START.EXE (Deutsche Telekom AG, T-Com)
O4 - HKU\S-1-5-18..\Run: [InfoCockpit] C:\Program Files\T-Online\T-Online_Software_6\Info-Cockpit\IC_START.EXE (Deutsche Telekom AG, T-Com)
O4 - HKU\S-1-5-19..\Run: [InfoCockpit] C:\Program Files\T-Online\T-Online_Software_6\Info-Cockpit\IC_START.EXE (Deutsche Telekom AG, T-Com)
O4 - HKU\S-1-5-19..\Run: [WindowsWelcomeCenter] C:\Windows\System32\oobefldr.dll (Microsoft Corporation)
O4 - HKU\S-1-5-20..\Run: [InfoCockpit] C:\Program Files\T-Online\T-Online_Software_6\Info-Cockpit\IC_START.EXE (Deutsche Telekom AG, T-Com)
O4 - HKU\S-1-5-20..\Run: [WindowsWelcomeCenter] C:\Windows\System32\oobefldr.dll (Microsoft Corporation)
O4 - Startup: C:\Users\XXX\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\OpenOffice.org 3.3.lnk = C:\Program Files\OpenOffice.org 3\program\quickstart.exe ()
O7 - HKU\S-1-5-21-2820265406-3513511694-1269570180-1003\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 157
O9 - Extra Button: eBay - Der weltweite Online-Marktplatz - {0B65DCC9-1740-43dc-B19C-4F309FB6A6CA} - hxxp://rover.ebay.com/rover/1/707-37276-17534-5/4 File not found
O9 - Extra 'Tools' menuitem : eBay - {0B65DCC9-1740-43dc-B19C-4F309FB6A6CA} - hxxp://rover.ebay.com/rover/1/707-37276-17534-5/4 File not found
O9 - Extra Button: ICQ7.4 - {73C6DCFB-B606-47F3-BDFA-9A4FBF931E37} - C:\Program Files\ICQ7.4\ICQ.exe (ICQ, LLC.)
O9 - Extra 'Tools' menuitem : ICQ7.4 - {73C6DCFB-B606-47F3-BDFA-9A4FBF931E37} - C:\Program Files\ICQ7.4\ICQ.exe (ICQ, LLC.)
O9 - Extra Button: Skype Plug-In - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O9 - Extra 'Tools' menuitem : Skype Plug-In - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O13 - gopher Prefix: missing
O15 - HKU\S-1-5-21-2820265406-3513511694-1269570180-1003\..Trusted Domains: brese.de ([]http in Trusted sites)
O15 - HKU\S-1-5-21-2820265406-3513511694-1269570180-1003\..Trusted Domains: localhost ([]http in Local intranet)
O15 - HKU\S-1-5-21-2820265406-3513511694-1269570180-1003\..Trusted Ranges: GD ([http] in Local intranet)
O16 - DPF: {02BF25D5-8C17-4B23-BC80-D3488ABDDC6B} hxxp://appldnld.apple.com.edgesuite.net/content.info.apple.com/QuickTime/qtactivex/qtplugin.cab (QuickTime Plugin Control)
O16 - DPF: {166B1BCA-3F9C-11CF-8075-444553540000} hxxp://fpdownload.macromedia.com/get/shockwave/cabs/director/sw.cab (Shockwave ActiveX Control)
O16 - DPF: {6E5E167B-1566-4316-B27F-0DDAB3484CF7} hxxp://static.pe.schuelervz.net/photouploader/ImageUploader4.cab?nocache=1204033759 (Image Uploader Control)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_30-windows-i586.cab (Java Plug-in 1.6.0_30)
O16 - DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} hxxp://fpdownload.macromedia.com/get/flashplayer/current/ultrashim.cab (Reg Error: Key error.)
O16 - DPF: {CAFEEFAC-0016-0000-0002-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_02-windows-i586.cab (Java Plug-in 1.6.0_02)
O16 - DPF: {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_22-windows-i586.cab (Java Plug-in 1.6.0_22)
O16 - DPF: {CAFEEFAC-0016-0000-0030-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_30-windows-i586.cab (Java Plug-in 1.6.0_30)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_30-windows-i586.cab (Java Plug-in 1.6.0_30)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.2.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{6C395699-C9E9-4033-BBF3-620ECC9DDFB9}: DhcpNameServer = 80.69.100.206 8.8.8.8 4.2.2.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{B1BD1AFE-2142-4FF3-B8B0-AE088816908A}: DhcpNameServer = 192.168.2.1
O18 - Protocol\Handler\skype-ie-addon-data {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O20 - AppInit_DLLs: (C:\PROGRA~1\Google\GOOGLE~2\GOEC62~1.DLL) - C:\Program Files\Google\Google Desktop Search\GoogleDesktopNetwork3.dll (Google)
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\System32\userinit.exe (Microsoft Corporation)
O20 - Winlogon\Notify\ipdll2k: DllName - (ipdll2k.dll) -  File not found
O24 - Desktop WallPaper: C:\Users\XXX\AppData\Roaming\Microsoft\Windows Photo Gallery\Hintergrundbild der Windows-Fotogalerie.jpg
O24 - Desktop BackupWallPaper: C:\Users\XXX\AppData\Roaming\Microsoft\Windows Photo Gallery\Hintergrundbild der Windows-Fotogalerie.jpg
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2006.09.18 23:43:36 | 000,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ]
O33 - MountPoints2\{14a78d53-e72b-11de-a352-0016d3863386}\Shell - "" = AutoRun
O33 - MountPoints2\{14a78d53-e72b-11de-a352-0016d3863386}\Shell\AutoRun\command - "" = F:\LaunchU3.exe -a
O33 - MountPoints2\{632bb4f7-a52f-11de-97a0-0016d3863386}\Shell - "" = AutoRun
O33 - MountPoints2\{632bb4f7-a52f-11de-97a0-0016d3863386}\Shell\AutoRun\command - "" = F:\LaunchU3.exe -a
O33 - MountPoints2\G\Shell - "" = AutoRun
O33 - MountPoints2\G\Shell\AutoRun\command - "" = G:\LaunchU3.exe -a
O33 - MountPoints2\I\Shell - "" = AutoRun
O33 - MountPoints2\I\Shell\AutoRun\command - "" = I:\LaunchU3.exe -a
O34 - HKLM BootExecute: (autocheck autochk *)
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)
 
NetSvcs: FastUserSwitchingCompatibility -  File not found
NetSvcs: Ias - C:\Windows\System32\ias.dll (Microsoft Corporation)
NetSvcs: Nla -  File not found
NetSvcs: Ntmssvc -  File not found
NetSvcs: NWCWorkstation -  File not found
NetSvcs: Nwsapagent -  File not found
NetSvcs: Sharedaccess -  File not found
NetSvcs: SRService -  File not found
NetSvcs: WmdmPmSp -  File not found
NetSvcs: LogonHours -  File not found
NetSvcs: PCAudit -  File not found
NetSvcs: helpsvc -  File not found
NetSvcs: uploadmgr -  File not found
 
MsConfig - StartUpFolder: C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^Exif Launcher S.lnk - C:\Programme\FinePixViewerS\QuickDCF2.exe - (FUJIFILM Corporation)
MsConfig - StartUpReg: Adobe Reader Speed Launcher - hkey= - key= - C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe (Adobe Systems Incorporated)
MsConfig - StartUpReg: BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA} - hkey= - key= - C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe (Nero AG)
MsConfig - StartUpReg: BrMfcWnd - hkey= - key= - C:\Program Files\Brother\Brmfcmon\BrMfcWnd.exe (Brother Industries, Ltd.)
MsConfig - StartUpReg: ControlCenter3 - hkey= - key= - C:\Program Files\Brother\ControlCenter3\brctrcen.exe (Brother Industries, Ltd.)
MsConfig - StartUpReg: Google Desktop Search - hkey= - key= - C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe (Google)
MsConfig - StartUpReg: GrooveMonitor - hkey= - key= - C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe (Microsoft Corporation)
MsConfig - StartUpReg: ICQ - hkey= - key= - C:\Program Files\ICQ7.4\ICQ.exe (ICQ, LLC.)
MsConfig - StartUpReg: IndexSearch - hkey= - key= - C:\Program Files\ScanSoft\PaperPort\IndexSearch.exe (Nuance Communications, Inc.)
MsConfig - StartUpReg: NeroFilterCheck - hkey= - key= - C:\Program Files\Common Files\Ahead\Lib\NeroCheck.exe (Nero AG)
MsConfig - StartUpReg: Ocs_SM - hkey= - key= - C:\Users\XXX\AppData\Roaming\OCS\SM\SearchAnonymizer.exe (OCS)
MsConfig - StartUpReg: OmniPass - hkey= - key= - C:\Program Files\Softex\OmniPass\scureapp.exe ()
MsConfig - StartUpReg: PaperPort PTD - hkey= - key= - C:\Program Files\ScanSoft\PaperPort\pptd40nt.exe (Nuance Communications, Inc.)
MsConfig - StartUpReg: PPort11reminder - hkey= - key= - C:\Program Files\ScanSoft\PaperPort\Ereg\Ereg.exe (Nuance Communications, Inc.)
MsConfig - StartUpReg: RemoteControl - hkey= - key= - C:\Program Files\Home Cinema\PowerDVD\PDVDServ.exe (Cyberlink Corp.)
MsConfig - StartUpReg: RtHDVCpl - hkey= - key= - C:\Windows\RtHDVCpl.exe (Realtek Semiconductor)
MsConfig - StartUpReg: Skype - hkey= - key= - C:\Program Files\Skype\Phone\Skype.exe (Skype Technologies S.A.)
MsConfig - StartUpReg: Skytel - hkey= - key= - C:\Windows\SkyTel.exe (Realtek Semiconductor Corp.)
MsConfig - StartUpReg: SSBkgdUpdate - hkey= - key= - C:\Program Files\Common Files\Scansoft Shared\SSBkgdUpdate\SSBkgdupdate.exe (Nuance Communications, Inc.)
MsConfig - StartUpReg: swg - hkey= - key= - C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe (Google Inc.)
MsConfig - StartUpReg: T-Online_Software_6 - hkey= - key= - Reg Error: Value error. File not found
MsConfig - StartUpReg: TkBellExe - hkey= - key= - C:\Program Files\Common Files\Real\Update_OB\realsched.exe (RealNetworks, Inc.)
MsConfig - StartUpReg: ToADiMon.exe - hkey= - key= - C:\Program Files\T-Online\T-Online_Software_6\Basis-Software\Basis1\ToADiMon.exe (Deutsche Telekom AG, Marmiko IT-Solutions GmbH)
MsConfig - StartUpReg: toolbar_eula_launcher - hkey= - key= - C:\Program Files\GoogleEULA\EULALauncher.exe ( )
MsConfig - StartUpReg: VeohPlugin - hkey= - key= - C:\Program Files\Veoh Networks\VeohWebPlayer\veohwebplayer.exe (Veoh Networks)
MsConfig - State: "startup" - 2
 
SafeBootMin: AppMgmt - Service
SafeBootMin: Base - Driver Group
SafeBootMin: Boot Bus Extender - Driver Group
SafeBootMin: Boot file system - Driver Group
SafeBootMin: File system - Driver Group
SafeBootMin: Filter - Driver Group
SafeBootMin: HelpSvc - Service
SafeBootMin: NTDS -  File not found
SafeBootMin: PCI Configuration - Driver Group
SafeBootMin: PNP Filter - Driver Group
SafeBootMin: Primary disk - Driver Group
SafeBootMin: sacsvr - Service
SafeBootMin: SCSI Class - Driver Group
SafeBootMin: System Bus Extender - Driver Group
SafeBootMin: WinDefend - Service
SafeBootMin: {36FC9E60-C465-11CF-8056-444553540000} - Universal Serial Bus controllers
SafeBootMin: {4D36E965-E325-11CE-BFC1-08002BE10318} - CD-ROM Drive
SafeBootMin: {4D36E967-E325-11CE-BFC1-08002BE10318} - DiskDrive
SafeBootMin: {4D36E969-E325-11CE-BFC1-08002BE10318} - Standard floppy disk controller
SafeBootMin: {4D36E96A-E325-11CE-BFC1-08002BE10318} - Hdc
SafeBootMin: {4D36E96B-E325-11CE-BFC1-08002BE10318} - Keyboard
SafeBootMin: {4D36E96F-E325-11CE-BFC1-08002BE10318} - Mouse
SafeBootMin: {4D36E977-E325-11CE-BFC1-08002BE10318} - PCMCIA Adapters
SafeBootMin: {4D36E97B-E325-11CE-BFC1-08002BE10318} - SCSIAdapter
SafeBootMin: {4D36E97D-E325-11CE-BFC1-08002BE10318} - System
SafeBootMin: {4D36E980-E325-11CE-BFC1-08002BE10318} - Floppy disk drive
SafeBootMin: {533C5B84-EC70-11D2-9505-00C04F79DEAF} - Volume shadow copy
SafeBootMin: {6BDD1FC1-810F-11D0-BEC7-08002BE2092F} - IEEE 1394 Bus host controllers
SafeBootMin: {71A27CDD-812A-11D0-BEC7-08002BE2092F} - Volume
SafeBootMin: {745A17A0-74D3-11D0-B6FE-00A0C90F57DA} - Human Interface Devices
SafeBootMin: {D48179BE-EC20-11D1-B6B8-00C04FA372A7} - SBP2 IEEE 1394 Devices
SafeBootMin: {D94EE5D8-D189-4994-83D2-F68D7D41B0E6} - SecurityDevices
 
SafeBootNet: AppMgmt - Service
SafeBootNet: Base - Driver Group
SafeBootNet: BFE - Service
SafeBootNet: Boot Bus Extender - Driver Group
SafeBootNet: Boot file system - Driver Group
SafeBootNet: File system - Driver Group
SafeBootNet: Filter - Driver Group
SafeBootNet: HelpSvc - Service
SafeBootNet: Messenger - Service
SafeBootNet: MPSSvc - Service
SafeBootNet: NDIS Wrapper - Driver Group
SafeBootNet: NetBIOSGroup - Driver Group
SafeBootNet: NetDDEGroup - Driver Group
SafeBootNet: Network - Driver Group
SafeBootNet: NetworkProvider - Driver Group
SafeBootNet: NTDS -  File not found
SafeBootNet: PCI Configuration - Driver Group
SafeBootNet: PNP Filter - Driver Group
SafeBootNet: PNP_TDI - Driver Group
SafeBootNet: Primary disk - Driver Group
SafeBootNet: rdsessmgr - Service
SafeBootNet: sacsvr - Service
SafeBootNet: SCSI Class - Driver Group
SafeBootNet: SharedAccess -  File not found
SafeBootNet: Streams Drivers - Driver Group
SafeBootNet: System Bus Extender - Driver Group
SafeBootNet: TDI - Driver Group
SafeBootNet: WinDefend - Service
SafeBootNet: WudfPf - Driver
SafeBootNet: WudfUsbccidDriver - Driver
SafeBootNet: {36FC9E60-C465-11CF-8056-444553540000} - Universal Serial Bus controllers
SafeBootNet: {4D36E965-E325-11CE-BFC1-08002BE10318} - CD-ROM Drive
SafeBootNet: {4D36E967-E325-11CE-BFC1-08002BE10318} - DiskDrive
SafeBootNet: {4D36E969-E325-11CE-BFC1-08002BE10318} - Standard floppy disk controller
SafeBootNet: {4D36E96A-E325-11CE-BFC1-08002BE10318} - Hdc
SafeBootNet: {4D36E96B-E325-11CE-BFC1-08002BE10318} - Keyboard
SafeBootNet: {4D36E96F-E325-11CE-BFC1-08002BE10318} - Mouse
SafeBootNet: {4D36E972-E325-11CE-BFC1-08002BE10318} - Net
SafeBootNet: {4D36E973-E325-11CE-BFC1-08002BE10318} - NetClient
SafeBootNet: {4D36E974-E325-11CE-BFC1-08002BE10318} - NetService
SafeBootNet: {4D36E975-E325-11CE-BFC1-08002BE10318} - NetTrans
SafeBootNet: {4D36E977-E325-11CE-BFC1-08002BE10318} - PCMCIA Adapters
SafeBootNet: {4D36E97B-E325-11CE-BFC1-08002BE10318} - SCSIAdapter
SafeBootNet: {4D36E97D-E325-11CE-BFC1-08002BE10318} - System
SafeBootNet: {4D36E980-E325-11CE-BFC1-08002BE10318} - Floppy disk drive
SafeBootNet: {50DD5230-BA8A-11D1-BF5D-0000F805F530} - Smart card readers
SafeBootNet: {533C5B84-EC70-11D2-9505-00C04F79DEAF} - Volume shadow copy
SafeBootNet: {6BDD1FC1-810F-11D0-BEC7-08002BE2092F} - IEEE 1394 Bus host controllers
SafeBootNet: {71A27CDD-812A-11D0-BEC7-08002BE2092F} - Volume
SafeBootNet: {745A17A0-74D3-11D0-B6FE-00A0C90F57DA} - Human Interface Devices
SafeBootNet: {D48179BE-EC20-11D1-B6B8-00C04FA372A7} - SBP2 IEEE 1394 Devices
SafeBootNet: {D94EE5D8-D189-4994-83D2-F68D7D41B0E6} - SecurityDevices
 
ActiveX: {0213C6AF-5562-4D09-884C-2ADCFC8C2F35} - Microsoft .NET Framework 1.1 Security Update (KB2656353)
ActiveX: {08B0E5C0-4FCB-11CF-AAA5-00401C608500} - Java (Sun)
ActiveX: {2179C5D3-EBFF-11CF-B6FD-00AA00B4E220} - NetShow
ActiveX: {22d6f312-b0f6-11d0-94ab-0080c74c7e95} - Windows Media Player 5.2
ActiveX: {233C1507-6A77-46A4-9443-F871F945D258} - Adobe Shockwave Director 10.2
ActiveX: {25FFAAD0-F4A3-4164-95FF-4461E9F35D51} - .NET Framework
ActiveX: {2A202491-F00D-11cf-87CC-0020AFEECF20} - Adobe Shockwave Director 10.2
ActiveX: {2A3320D6-C805-4280-B423-B665BDE33D8F} - Microsoft .NET Framework 1.1 Security Update (KB979906)
ActiveX: {2C7339CF-2B09-4501-B3F3-F3508C9228ED} - %SystemRoot%\system32\regsvr32.exe /s /n /i:/UserInstall %SystemRoot%\system32\themeui.dll
ActiveX: {3af36230-a269-11d1-b5bf-0000f8051515} - Offline Browsing Pack
ActiveX: {3C3901C5-3455-3E0A-A214-0B093A5070A6} - .NET Framework
ActiveX: {411EDCF7-755D-414E-A74B-3DCD6583F589} - Microsoft .NET Framework 1.1 Service Pack 1 (KB867460)
ActiveX: {44BBA840-CC51-11CF-AAFA-00AA00B6015C} - "%ProgramFiles%\Windows Mail\WinMail.exe" OCInstallUserConfigOE
ActiveX: {44BBA848-CC51-11CF-AAFA-00AA00B6015C} - DirectShow
ActiveX: {44BBA855-CC51-11CF-AAFA-00AA00B6015F} - DirectDrawEx
ActiveX: {45ea75a0-a269-11d1-b5bf-0000f8051515} - Internet Explorer Help
ActiveX: {4f645220-306d-11d2-995d-00c04f98bbc9} - Microsoft Windows Script 5.6
ActiveX: {5fd399c0-a70a-11d1-9948-00c04f98bbc9} - Internet Explorer Setup Tools
ActiveX: {630b1da0-b465-11d1-9948-00c04f98bbc9} - Browsing Enhancements
ActiveX: {6A203B1E-8D0D-A5BA-F68F-AE8DE2977BF8} - Adobe Shockwave Director 10.2
ActiveX: {6BF52A52-394A-11d3-B153-00C04F79FAA6} - Microsoft Windows Media Player
ActiveX: {6fab99d0-bab8-11d1-994a-00c04f98bbc9} - MSN Site Access
ActiveX: {7790769C-0471-11d2-AF11-00C04FA35D02} - Address Book 7
ActiveX: {7C028AF8-F614-47B3-82DA-BA94E41B1089} - .NET Framework
ActiveX: {89820200-ECBD-11cf-8B85-00AA005B4340} - regsvr32.exe /s /n /i:U shell32.dll
ActiveX: {89820200-ECBD-11cf-8B85-00AA005B4383} - C:\Windows\system32\ie4uinit.exe -BaseSettings
ActiveX: {89B4C1CD-B018-4511-B0A1-5476DBF70820} - C:\Windows\system32\Rundll32.exe C:\Windows\system32\mscories.dll,Install
ActiveX: {8D85D132-BA87-1A8E-CDC2-BF640D55CD9C} - .NET Framework
ActiveX: {9381D8F2-0288-11D0-9501-00AA00B911A5} - Dynamic HTML Data Binding
ActiveX: {A38B334A-A0A2-436D-BAA0-34FE5E517E44} - Microsoft .NET Framework 1.1 Security Update (KB2656370)
ActiveX: {C9E9A340-D1F1-11D0-821E-444553540600} - Internet Explorer Core Fonts
ActiveX: {CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1} - .NET Framework
ActiveX: {CDD7975E-60F8-41d5-8149-19E51D6F71D0} - Windows Movie Maker v2.1
ActiveX: {D27CDB6E-AE6D-11CF-96B8-444553540000} - Adobe Flash Player
ActiveX: {D82397C7-4540-C6D5-DABA-11D701B05AC3} - .NET Framework
ActiveX: {de5aed00-a4bf-11d1-9948-00c04f98bbc9} - HTML Help
ActiveX: {E78BFA60-5393-4C38-82AB-E8019E464EB4} - .NET Framework
ActiveX: {E92B03AB-B707-11d2-9CBD-0000F87A369E} - Active Directory Service Interface
ActiveX: >{22d6f312-b0f6-11d0-94ab-0080c74c7e95} - C:\Windows\system32\unregmp2.exe /ShowWMP
ActiveX: >{26923b43-4d38-484f-9b9e-de460746276c} - C:\Windows\system32\ie4uinit.exe -UserIconConfig
ActiveX: >{60B49E34-C7CC-11D0-8953-00A0C90347FF} - "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\iedkcs32.dll",BrandIEActiveSetup SIGNUP
 
Drivers32: msacm.l3acm - C:\Windows\System32\l3codeca.acm (Fraunhofer Institut Integrierte Schaltungen IIS)
Drivers32: msacm.mkdmp3enc - C:\PROGRA~1\CYBERL~1\PowerDV\Kernel\Burner\MKDMP3Enc.ACM File not found
Drivers32: MSVideo8 - C:\Windows\System32\vfwwdm32.dll (Microsoft Corporation)
Drivers32: vidc.cvid - C:\Windows\System32\iccvid.dll (Radius Inc.)
Drivers32: vidc.i420 - C:\Windows\System32\i420vfw.dll (www.helixcommunity.org)
Drivers32: vidc.VP60 - C:\Windows\System32\vp6vfw.dll (EA.com/On2.com)
Drivers32: vidc.VP61 - C:\Windows\System32\vp6vfw.dll (EA.com/On2.com)
Drivers32: vidc.VP62 - C:\Windows\System32\vp6vfw.dll (EA.com/On2.com)
Drivers32: vidc.XVID - C:\Windows\System32\xvidvfw.dll ()
Drivers32: vidc.yv12 - C:\Windows\System32\yv12vfw.dll (www.helixcommunity.org)
 
CREATERESTOREPOINT
Restore point Set: OTL Restore Point
 
========== Files/Folders - Created Within 30 Days ==========
 
[2012.06.25 18:07:52 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Office Live Add-in
[2012.06.25 18:07:52 | 000,000,000 | ---D | C] -- C:\Program Files\Microsoft
[2012.06.22 15:33:44 | 000,000,000 | -HSD | C] -- C:\Windows\System32\%APPDATA%
[2012.06.22 14:52:13 | 000,000,000 | ---D | C] -- C:\Program Files\ESET
[2012.06.22 12:41:03 | 000,000,000 | ---D | C] -- C:\Users\XXX\AppData\Local\Macromedia
[2012.06.15 09:23:18 | 000,000,000 | ---D | C] -- C:\Users\XXX\AppData\Roaming\Malwarebytes
[2012.06.15 09:23:07 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes' Anti-Malware
[2012.06.15 09:23:06 | 000,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes
[2012.06.15 09:23:05 | 000,022,344 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbam.sys
[2012.06.15 09:23:05 | 000,000,000 | ---D | C] -- C:\Program Files\Malwarebytes' Anti-Malware
[2012.06.15 08:50:35 | 000,000,000 | ---D | C] -- C:\Users\XXX\AppData\Roaming\Avira
[2012.06.15 08:44:42 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Avira
[2012.06.15 08:44:05 | 000,028,520 | ---- | C] (Avira GmbH) -- C:\Windows\System32\drivers\ssmdrv.sys
[2012.06.15 08:43:59 | 000,137,928 | ---- | C] (Avira GmbH) -- C:\Windows\System32\drivers\avipbb.sys
[2012.06.15 08:43:59 | 000,083,392 | ---- | C] (Avira GmbH) -- C:\Windows\System32\drivers\avgntflt.sys
[2012.06.15 08:43:59 | 000,036,000 | ---- | C] (Avira GmbH) -- C:\Windows\System32\drivers\avkmgr.sys
[2012.06.15 08:43:28 | 000,000,000 | ---D | C] -- C:\ProgramData\Avira
[2012.06.15 08:43:28 | 000,000,000 | ---D | C] -- C:\Program Files\Avira
[2012.06.09 13:54:45 | 000,000,000 | ---D | C] -- C:\Users\XXX\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Live Security Platinum
[2012.06.09 13:51:11 | 000,000,000 | ---D | C] -- C:\ProgramData\F4D55F3E00315D8C013A9844570F1C8B
 
========== Files - Modified Within 30 Days ==========
 
[2012.06.29 13:11:25 | 000,001,098 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job
[2012.06.29 13:10:17 | 000,001,094 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job
[2012.06.29 13:10:15 | 000,000,884 | ---- | M] () -- C:\Windows\tasks\Adobe Flash Player Updater.job
[2012.06.29 13:09:52 | 000,003,168 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0
[2012.06.29 13:09:52 | 000,003,168 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0
[2012.06.29 13:09:39 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2012.06.25 20:54:51 | 000,000,012 | ---- | M] () -- C:\Windows\bthservsdp.dat
[2012.06.25 20:51:19 | 000,000,124 | ---- | M] () -- C:\Users\XXX\Desktop\Sony Ericsson Datei-Manager - Verknüpfung.lnk
[2012.06.25 20:37:48 | 000,101,888 | ---- | M] () -- C:\Users\XXX\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2012.06.25 18:04:51 | 001,899,060 | ---- | M] () -- C:\Windows\System32\perfh007.dat
[2012.06.25 18:04:51 | 000,997,752 | ---- | M] () -- C:\Windows\System32\perfh009.dat
[2012.06.25 18:04:51 | 000,543,720 | ---- | M] () -- C:\Windows\System32\perfc007.dat
[2012.06.25 18:04:51 | 000,485,636 | ---- | M] () -- C:\Windows\System32\perfc009.dat
[2012.06.24 15:18:27 | 000,000,974 | ---- | M] () -- C:\Windows\tasks\Google Software Updater.job
[2012.06.17 15:09:48 | 000,335,504 | ---- | M] (BitDefender S.R.L.) -- C:\Windows\System32\drivers\TrufosAlt.sys
[2012.06.15 10:09:26 | 000,000,000 | ---- | M] () -- C:\Users\XXX\defogger_reenable
[2012.06.15 08:44:41 | 000,001,811 | ---- | M] () -- C:\Users\Public\Desktop\Avira Control Center.lnk
[2012.06.15 08:39:58 | 000,489,888 | ---- | M] () -- C:\Windows\System32\FNTCACHE.DAT
[2012.06.10 15:02:25 | 000,006,648 | ---- | M] () -- C:\Users\XXX\AppData\Local\d3d9caps.dat
[2012.06.03 18:24:28 | 000,000,947 | ---- | M] () -- C:\Users\XXX\Desktop\Launch Internet Explorer Browser.lnk
[2012.06.02 21:29:45 | 000,429,746 | ---- | M] () -- C:\Users\XXX\Documents\drainbacksystem.pdf
 
========== Files Created - No Company Name ==========
 
[2012.06.25 20:51:19 | 000,000,124 | ---- | C] () -- C:\Users\XXX\Desktop\Sony Ericsson Datei-Manager - Verknüpfung.lnk
[2012.06.22 15:32:50 | 000,012,288 | ---- | C] () -- C:\Windows\Installer\{04801163-c298-65bf-33d3-7ede2f924c70}\U\80000000.@
[2012.06.22 15:28:47 | 000,018,944 | ---- | C] () -- C:\Windows\Installer\{04801163-c298-65bf-33d3-7ede2f924c70}\U\800000cb.@
[2012.06.15 10:09:26 | 000,000,000 | ---- | C] () -- C:\Users\XXX\defogger_reenable
[2012.06.15 08:44:41 | 000,001,811 | ---- | C] () -- C:\Users\Public\Desktop\Avira Control Center.lnk
[2012.06.09 13:53:03 | 000,000,884 | ---- | C] () -- C:\Windows\tasks\Adobe Flash Player Updater.job
[2012.06.03 18:24:28 | 000,000,947 | ---- | C] () -- C:\Users\XXX\Desktop\Launch Internet Explorer Browser.lnk
[2012.06.02 21:29:45 | 000,429,746 | ---- | C] () -- C:\Users\XXX\Documents\drainbacksystem.pdf
[2012.05.04 03:09:12 | 000,000,057 | ---- | C] () -- C:\Windows\vms.dll
[2012.04.02 02:17:22 | 000,338,432 | ---- | C] () -- C:\Windows\System32\sqlite36_engine.dll
[2012.03.27 15:50:50 | 000,002,160 | ---- | C] () -- C:\Users\XXX\.recently-used.xbel
[2012.03.26 23:01:05 | 000,170,928 | ---- | C] () -- C:\Users\XXX\pspbrwse.jbf
[2012.03.26 13:55:56 | 000,000,952 | -HS- | C] () -- C:\Windows\System32\KGyGaAvL.sys
[2012.01.11 21:04:20 | 000,002,048 | -HS- | C] () -- C:\Windows\Installer\{04801163-c298-65bf-33d3-7ede2f924c70}\@
[2012.01.11 21:04:20 | 000,002,048 | -HS- | C] () -- C:\Users\XXX\AppData\Local\{04801163-c298-65bf-33d3-7ede2f924c70}\@
[2011.12.19 16:48:43 | 000,114,816 | ---- | C] () -- C:\Windows\System32\MSMT4232.DLL
[2011.10.21 03:23:12 | 000,001,210 | ---- | C] () -- C:\Users\XXX\Dokument.rtf
[2011.09.20 02:31:12 | 000,000,386 | ---- | C] () -- C:\Users\XXX\torstatistik.rtf
[2011.09.20 01:34:56 | 000,000,178 | ---- | C] () -- C:\Users\XXX\nummer papa.rtf
[2011.09.09 15:52:41 | 000,000,300 | ---- | C] () -- C:\Users\XXX\XXX - Verknüpfung.lnk
[2011.04.09 14:44:56 | 000,003,072 | ---- | C] () -- C:\Users\XXX\fbchathistory.dat
[2011.02.21 20:50:17 | 012,414,043 | ---- | C] () -- C:\Users\XXX\Petrodorado_Aug10.pdf
[2010.11.29 00:59:57 | 000,000,056 | -H-- | C] () -- C:\ProgramData\ezsidmv.dat
[2010.10.30 23:14:15 | 000,007,556 | ---- | C] () -- C:\Users\XXX\250px-Mandel_entzuendung02.jpg
[2010.10.30 23:12:47 | 000,006,452 | ---- | C] () -- C:\Users\XXX\angina.jpg
[2009.11.19 20:14:50 | 001,835,008 | -HS- | C] () -- C:\Users\XXX\ehthumbs_vista.db
[2009.05.10 10:48:06 | 000,000,179 | ---- | C] () -- C:\Users\XXX\SD-MMC (H) - Verknüpfung.lnk
[2009.04.18 20:54:16 | 007,039,212 | ---- | C] () -- C:\Users\XXX\DSCF0565.AVI
[2009.04.18 20:54:09 | 001,819,627 | ---- | C] () -- C:\Users\XXX\DSCF0564.JPG
[2009.04.18 20:54:02 | 001,491,171 | ---- | C] () -- C:\Users\XXX\DSCF0563.JPG
[2009.04.18 20:53:54 | 001,298,336 | ---- | C] () -- C:\Users\XXX\DSCF0562.JPG
[2009.04.18 20:53:22 | 001,991,207 | ---- | C] () -- C:\Users\XXX\DSCF0561.JPG
[2009.04.18 20:53:12 | 001,972,023 | ---- | C] () -- C:\Users\XXX\DSCF0560.JPG
[2009.04.18 20:52:31 | 001,229,763 | ---- | C] () -- C:\Users\XXX\DSCF0559.JPG
[2009.01.13 21:29:46 | 000,006,648 | ---- | C] () -- C:\Users\XXX\AppData\Local\d3d9caps.dat
[2008.09.22 22:29:38 | 000,015,872 | ---- | C] () -- C:\Users\XXX\protokoll.wps
[2008.09.22 22:29:20 | 000,012,800 | ---- | C] () -- C:\Users\XXX\Unbenanntes Dokument.wps
[2008.08.01 11:44:53 | 000,000,104 | ---- | C] () -- C:\Users\XXX\Computer - Verknüpfung.lnk
[2008.06.08 20:08:27 | 000,000,000 | ---- | C] () -- C:\Users\XXX\AppData\Roaming\Default.PLS
[2008.04.23 21:52:32 | 002,452,166 | ---- | C] () -- C:\Users\XXX\Hard.FM - Live, 29-04-2008, 10 Uhr 43.mp3
[2007.11.27 21:20:13 | 000,002,642 | ---- | C] () -- C:\Users\XXX\AppData\Roaming\wklnhst.dat
[2007.11.08 19:50:38 | 000,000,552 | ---- | C] () -- C:\Users\XXX\AppData\Local\d3d8caps.dat
[2007.11.06 21:04:36 | 000,101,888 | ---- | C] () -- C:\Users\XXX\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2007.11.06 19:52:30 | 000,000,096 | ---- | C] () -- C:\Users\XXX\AppData\Local\fusioncache.dat
[2007.10.26 17:05:04 | 000,000,022 | ---- | C] () -- C:\ProgramData\60a7806a-0eea-424c-a464-20f4730cd631
 
========== LOP Check ==========
 
[2011.09.12 22:18:23 | 000,000,000 | ---D | M] -- C:\Users\XXX\AppData\Roaming\Autodesk
[2012.03.19 03:47:16 | 000,000,000 | ---D | M] -- C:\Users\XXX\AppData\Roaming\Babylon
[2010.03.07 20:40:49 | 000,000,000 | ---D | M] -- C:\Users\XXX\AppData\Roaming\DataDesign
[2011.12.19 16:47:40 | 000,000,000 | ---D | M] -- C:\Users\XXX\AppData\Roaming\DesktopIconForAmazon
[2010.02.25 17:42:50 | 000,000,000 | ---D | M] -- C:\Users\XXX\AppData\Roaming\FUJIFILM
[2008.02.10 17:23:33 | 000,000,000 | ---D | M] -- C:\Users\XXX\AppData\Roaming\GitarreroMDemo
[2012.03.27 15:50:50 | 000,000,000 | ---D | M] -- C:\Users\XXX\AppData\Roaming\gtk-2.0
[2012.06.07 23:32:07 | 000,000,000 | ---D | M] -- C:\Users\XXX\AppData\Roaming\ICQ
[2007.12.18 18:31:47 | 000,000,000 | ---D | M] -- C:\Users\XXX\AppData\Roaming\ICQ Toolbar
[2009.05.31 02:41:14 | 000,000,000 | ---D | M] -- C:\Users\XXX\AppData\Roaming\Leadertech
[2007.11.06 20:59:28 | 000,000,000 | ---D | M] -- C:\Users\XXX\AppData\Roaming\MAGIX
[2011.03.23 01:55:39 | 000,000,000 | ---D | M] -- C:\Users\XXX\AppData\Roaming\OCS
[2011.10.24 06:46:42 | 000,000,000 | ---D | M] -- C:\Users\XXX\AppData\Roaming\OpenOffice.org
[2011.03.23 01:55:48 | 000,000,000 | ---D | M] -- C:\Users\XXX\AppData\Roaming\Opera
[2009.02.11 17:14:07 | 000,000,000 | ---D | M] -- C:\Users\XXX\AppData\Roaming\ScanSoft
[2007.11.06 20:13:48 | 000,000,000 | ---D | M] -- C:\Users\XXX\AppData\Roaming\Sonavis
[2007.11.27 18:10:26 | 000,000,000 | ---D | M] -- C:\Users\XXX\AppData\Roaming\T-Online
[2009.05.16 15:55:56 | 000,000,000 | ---D | M] -- C:\Users\XXX\AppData\Roaming\Teleca
[2007.11.27 21:25:03 | 000,000,000 | ---D | M] -- C:\Users\XXX\AppData\Roaming\Template
[2007.11.08 20:46:20 | 000,000,000 | ---D | M] -- C:\Users\XXX\AppData\Roaming\TVcentral-Core
[2007.11.06 20:12:13 | 000,000,000 | ---D | M] -- C:\Users\XXX\AppData\Roaming\Ulead Systems
[2008.06.08 19:58:14 | 000,000,000 | ---D | M] -- C:\Users\XXX\AppData\Roaming\VMedia
[2012.03.26 15:02:11 | 000,000,000 | ---D | M] -- C:\Users\XXX\AppData\Roaming\XnView
[2012.06.25 20:54:56 | 000,032,514 | ---- | M] () -- C:\Windows\Tasks\SCHEDLGU.TXT
[2010.12.20 05:55:51 | 000,000,424 | -H-- | M] () -- C:\Windows\Tasks\User_Feed_Synchronization-{4B2B9178-2917-44F6-8181-85102914ADE1}.job
 
========== Purity Check ==========
 
 
 
========== Custom Scans ==========
 
< %ALLUSERSPROFILE%\Application Data\*. >
 
< %ALLUSERSPROFILE%\Application Data\*.exe /s >
 
< %APPDATA%\*. >
[2009.08.02 17:45:57 | 000,000,000 | ---D | M] -- C:\Users\XXX\AppData\Roaming\Adobe
[2007.12.20 00:01:23 | 000,000,000 | ---D | M] -- C:\Users\XXX\AppData\Roaming\Ahead
[2010.02.24 23:54:07 | 000,000,000 | ---D | M] -- C:\Users\XXX\AppData\Roaming\Apple Computer
[2008.03.21 14:27:29 | 000,000,000 | ---D | M] -- C:\Users\XXX\AppData\Roaming\ArcSoft
[2011.09.12 22:18:23 | 000,000,000 | ---D | M] -- C:\Users\XXX\AppData\Roaming\Autodesk
[2012.06.15 08:50:35 | 000,000,000 | ---D | M] -- C:\Users\XXX\AppData\Roaming\Avira
[2012.03.19 03:47:16 | 000,000,000 | ---D | M] -- C:\Users\XXX\AppData\Roaming\Babylon
[2009.03.31 03:49:22 | 000,000,000 | R--D | M] -- C:\Users\XXX\AppData\Roaming\Brother
[2012.03.26 13:54:54 | 000,000,000 | ---D | M] -- C:\Users\XXX\AppData\Roaming\Corel
[2008.06.08 20:08:04 | 000,000,000 | ---D | M] -- C:\Users\XXX\AppData\Roaming\CyberLink
[2010.03.07 20:40:49 | 000,000,000 | ---D | M] -- C:\Users\XXX\AppData\Roaming\DataDesign
[2011.12.19 16:47:40 | 000,000,000 | ---D | M] -- C:\Users\XXX\AppData\Roaming\DesktopIconForAmazon
[2010.02.25 17:42:50 | 000,000,000 | ---D | M] -- C:\Users\XXX\AppData\Roaming\FUJIFILM
[2008.02.10 17:23:33 | 000,000,000 | ---D | M] -- C:\Users\XXX\AppData\Roaming\GitarreroMDemo
[2007.11.27 20:19:11 | 000,000,000 | ---D | M] -- C:\Users\XXX\AppData\Roaming\Google
[2012.03.27 15:50:50 | 000,000,000 | ---D | M] -- C:\Users\XXX\AppData\Roaming\gtk-2.0
[2012.06.07 23:32:07 | 000,000,000 | ---D | M] -- C:\Users\XXX\AppData\Roaming\ICQ
[2007.12.18 18:31:47 | 000,000,000 | ---D | M] -- C:\Users\XXX\AppData\Roaming\ICQ Toolbar
[2007.11.06 19:52:06 | 000,000,000 | ---D | M] -- C:\Users\XXX\AppData\Roaming\Identities
[2008.09.07 16:35:41 | 000,000,000 | ---D | M] -- C:\Users\XXX\AppData\Roaming\InstallShield
[2009.05.31 02:41:14 | 000,000,000 | ---D | M] -- C:\Users\XXX\AppData\Roaming\Leadertech
[2007.11.27 18:57:12 | 000,000,000 | ---D | M] -- C:\Users\XXX\AppData\Roaming\Macromedia
[2007.11.06 20:59:28 | 000,000,000 | ---D | M] -- C:\Users\XXX\AppData\Roaming\MAGIX
[2012.06.15 09:23:18 | 000,000,000 | ---D | M] -- C:\Users\XXX\AppData\Roaming\Malwarebytes
[2006.11.02 14:37:34 | 000,000,000 | ---D | M] -- C:\Users\XXX\AppData\Roaming\Media Center Programs
[2012.06.22 12:41:03 | 000,000,000 | --SD | M] -- C:\Users\XXX\AppData\Roaming\Microsoft
[2010.04.21 23:32:57 | 000,000,000 | ---D | M] -- C:\Users\XXX\AppData\Roaming\Mozilla
[2011.03.23 01:55:39 | 000,000,000 | ---D | M] -- C:\Users\XXX\AppData\Roaming\OCS
[2011.10.24 06:46:42 | 000,000,000 | ---D | M] -- C:\Users\XXX\AppData\Roaming\OpenOffice.org
[2011.03.23 01:55:48 | 000,000,000 | ---D | M] -- C:\Users\XXX\AppData\Roaming\Opera
[2009.12.07 22:22:25 | 000,000,000 | ---D | M] -- C:\Users\XXX\AppData\Roaming\Real
[2009.02.11 17:14:07 | 000,000,000 | ---D | M] -- C:\Users\XXX\AppData\Roaming\ScanSoft
[2011.10.29 18:27:53 | 000,000,000 | ---D | M] -- C:\Users\XXX\AppData\Roaming\Skype
[2011.02.28 09:46:14 | 000,000,000 | ---D | M] -- C:\Users\XXX\AppData\Roaming\skypePM
[2007.11.06 20:13:48 | 000,000,000 | ---D | M] -- C:\Users\XXX\AppData\Roaming\Sonavis
[2009.05.16 14:17:26 | 000,000,000 | ---D | M] -- C:\Users\XXX\AppData\Roaming\Sony Ericsson
[2007.11.27 18:10:26 | 000,000,000 | ---D | M] -- C:\Users\XXX\AppData\Roaming\T-Online
[2009.05.16 15:55:56 | 000,000,000 | ---D | M] -- C:\Users\XXX\AppData\Roaming\Teleca
[2007.11.27 21:25:03 | 000,000,000 | ---D | M] -- C:\Users\XXX\AppData\Roaming\Template
[2007.11.08 20:46:20 | 000,000,000 | ---D | M] -- C:\Users\XXX\AppData\Roaming\TVcentral-Core
[2011.03.08 00:14:58 | 000,000,000 | ---D | M] -- C:\Users\XXX\AppData\Roaming\U3
[2007.11.06 20:12:13 | 000,000,000 | ---D | M] -- C:\Users\XXX\AppData\Roaming\Ulead Systems
[2008.06.08 19:58:14 | 000,000,000 | ---D | M] -- C:\Users\XXX\AppData\Roaming\VMedia
[2012.03.26 15:02:11 | 000,000,000 | ---D | M] -- C:\Users\XXX\AppData\Roaming\XnView
 
< %APPDATA%\*.exe /s >
[2011.12.19 16:47:39 | 000,753,664 | ---- | M] (Microsoft) -- C:\Users\XXX\AppData\Roaming\DesktopIconForAmazon\IconForAmazon.exe
[2008.03.06 14:08:37 | 000,010,134 | R--- | M] () -- C:\Users\XXX\AppData\Roaming\Microsoft\Installer\{E3E71D07-CD27-46CB-8448-16D4FB29AA13}\ARPPRODUCTICON.exe
[2012.05.11 03:21:50 | 000,106,496 | ---- | M] (OCS) -- C:\Users\XXX\AppData\Roaming\OCS\SM\SearchAnonymizer.exe
[2012.05.11 03:21:50 | 000,040,960 | ---- | M] () -- C:\Users\XXX\AppData\Roaming\OCS\SM\SearchAnonymizerHelper.exe
[2010.02.22 09:26:51 | 000,439,816 | ---- | M] (RealNetworks, Inc.) -- C:\Users\XXX\AppData\Roaming\Real\Update\setup3.09\setup.exe
[2010.05.27 20:09:42 | 000,443,912 | ---- | M] (RealNetworks, Inc.) -- C:\Users\XXX\AppData\Roaming\Real\Update\setup3.10\setup.exe
[2010.09.17 18:31:51 | 000,456,200 | ---- | M] (RealNetworks, Inc.) -- C:\Users\XXX\AppData\Roaming\Real\Update\setup3.12\setup.exe
[2011.09.11 20:55:40 | 000,310,400 | ---- | M] (RealNetworks, Inc.) -- C:\Users\XXX\AppData\Roaming\Real\Update\UpgradeHelper\RealPlayer\8.00\rnupgagent.exe
[2011.09.12 18:31:03 | 026,529,744 | ---- | M] (RealNetworks, Inc.) -- C:\Users\XXX\AppData\Roaming\Real\Update\UpgradeHelper\RealPlayer\8.00\stub_data\RealPlayer_de.exe
[2011.09.12 18:29:29 | 000,676,624 | ---- | M] (RealNetworks, Inc.) -- C:\Users\XXX\AppData\Roaming\Real\Update\UpgradeHelper\RealPlayer\8.00\stub_exe\RealPlayer_de.exe
[2006.12.14 10:00:02 | 000,110,592 | ---- | M] () -- C:\Users\XXX\AppData\Roaming\U3\00016A7142C23B8C\cleanup.exe
[2007.02.12 17:46:54 | 003,096,576 | ---- | M] (SanDisk Corporation) -- C:\Users\XXX\AppData\Roaming\U3\00016A7142C23B8C\Launchpad Removal.exe
[2007.02.09 16:47:20 | 004,603,904 | ---- | M] () -- C:\Users\XXX\AppData\Roaming\U3\00016A7142C23B8C\LaunchPad.exe
[2006.12.14 10:00:02 | 000,049,152 | ---- | M] () -- C:\Users\XXX\AppData\Roaming\U3\00016A7142C23B8C\U3AccessGrant.exe
[2007.10.23 10:27:20 | 000,110,592 | ---- | M] () -- C:\Users\XXX\AppData\Roaming\U3\temp\cleanup.exe
[2007.02.12 17:46:54 | 003,096,576 | -H-- | M] (SanDisk Corporation) -- C:\Users\XXX\AppData\Roaming\U3\temp\Launchpad Removal.exe
 
< %SYSTEMDRIVE%\*.exe >
 
< MD5 for: AGP440.SYS  >
[2008.01.19 09:42:25 | 000,056,376 | ---- | M] (Microsoft Corporation) MD5=13F9E33747E6B41A3FF305C37DB0D360 -- C:\Windows\SoftwareDistribution\Download\b2ee164db645e6bc8d77bb51f082e3b3\x86_machine.inf_31bf3856ad364e35_6.0.6001.18000_none_ba12ed3bbeb0d97a\AGP440.sys
[2008.01.19 09:42:25 | 000,056,376 | ---- | M] (Microsoft Corporation) MD5=13F9E33747E6B41A3FF305C37DB0D360 -- C:\Windows\System32\DriverStore\FileRepository\machine.inf_51b95d75\AGP440.sys
[2008.01.19 09:42:25 | 000,056,376 | ---- | M] (Microsoft Corporation) MD5=13F9E33747E6B41A3FF305C37DB0D360 -- C:\Windows\System32\DriverStore\FileRepository\machine.inf_f750e484\AGP440.sys
[2008.01.19 09:42:25 | 000,056,376 | ---- | M] (Microsoft Corporation) MD5=13F9E33747E6B41A3FF305C37DB0D360 -- C:\Windows\winsxs\x86_machine.inf_31bf3856ad364e35_6.0.6001.18000_none_ba12ed3bbeb0d97a\AGP440.sys
[2008.01.19 09:42:25 | 000,056,376 | ---- | M] (Microsoft Corporation) MD5=13F9E33747E6B41A3FF305C37DB0D360 -- C:\Windows\winsxs\x86_machine.inf_31bf3856ad364e35_6.0.6002.18005_none_bbfe6647bbd2a4c6\AGP440.sys
[2006.11.02 11:49:52 | 000,053,864 | ---- | M] (Microsoft Corporation) MD5=EF23439CDD587F64C2C1B8825CEAD7D8 -- C:\Windows\System32\drivers\AGP440.sys
[2006.11.02 11:49:52 | 000,053,864 | ---- | M] (Microsoft Corporation) MD5=EF23439CDD587F64C2C1B8825CEAD7D8 -- C:\Windows\System32\DriverStore\FileRepository\machine.inf_920a2c1f\AGP440.sys
 
< MD5 for: ATAPI.SYS  >
[2009.04.11 08:32:26 | 000,019,944 | ---- | M] (Microsoft Corporation) MD5=1F05B78AB91C9075565A9D8A4B880BC4 -- C:\Windows\System32\drivers\atapi.sys
[2009.04.11 08:32:26 | 000,019,944 | ---- | M] (Microsoft Corporation) MD5=1F05B78AB91C9075565A9D8A4B880BC4 -- C:\Windows\System32\DriverStore\FileRepository\mshdc.inf_b12d8e84\atapi.sys
[2009.04.11 08:32:26 | 000,019,944 | ---- | M] (Microsoft Corporation) MD5=1F05B78AB91C9075565A9D8A4B880BC4 -- C:\Windows\winsxs\x86_mshdc.inf_31bf3856ad364e35_6.0.6002.18005_none_df23a1261eab99e8\atapi.sys
[2008.01.19 09:41:30 | 000,021,560 | ---- | M] (Microsoft Corporation) MD5=2D9C903DC76A66813D350A562DE40ED9 -- C:\Windows\SoftwareDistribution\Download\b2ee164db645e6bc8d77bb51f082e3b3\x86_mshdc.inf_31bf3856ad364e35_6.0.6001.18000_none_dd38281a2189ce9c\atapi.sys
[2008.01.19 09:41:30 | 000,021,560 | ---- | M] (Microsoft Corporation) MD5=2D9C903DC76A66813D350A562DE40ED9 -- C:\Windows\System32\DriverStore\FileRepository\mshdc.inf_cc18792d\atapi.sys
[2008.01.19 09:41:30 | 000,021,560 | ---- | M] (Microsoft Corporation) MD5=2D9C903DC76A66813D350A562DE40ED9 -- C:\Windows\winsxs\x86_mshdc.inf_31bf3856ad364e35_6.0.6001.18000_none_dd38281a2189ce9c\atapi.sys
[2006.11.02 11:49:36 | 000,019,048 | ---- | M] (Microsoft Corporation) MD5=4F4FCB8B6EA06784FB6D475B7EC7300F -- C:\Windows\System32\DriverStore\FileRepository\mshdc.inf_c6c2e699\atapi.sys
[2007.04.17 10:30:38 | 000,021,688 | ---- | M] (Microsoft Corporation) MD5=78620BDA3EC87816E5D1FA86F920BC3A -- C:\Windows\System32\DriverStore\FileRepository\mshdc.inf_c2a1b5ae\atapi.sys
[2007.04.17 10:30:38 | 000,021,688 | ---- | M] (Microsoft Corporation) MD5=78620BDA3EC87816E5D1FA86F920BC3A -- C:\Windows\winsxs\x86_mshdc.inf_31bf3856ad364e35_6.0.6000.20518_none_dbd8b4d73d81c9d0\atapi.sys
[2008.02.14 20:11:50 | 000,021,560 | ---- | M] (Microsoft Corporation) MD5=B35CFCEF838382AB6490B321C87EDF17 -- C:\Windows\System32\DriverStore\FileRepository\mshdc.inf_7de13c21\atapi.sys
[2008.02.14 20:11:50 | 000,021,560 | ---- | M] (Microsoft Corporation) MD5=B35CFCEF838382AB6490B321C87EDF17 -- C:\Windows\winsxs\x86_mshdc.inf_31bf3856ad364e35_6.0.6000.16632_none_db337a442479c42c\atapi.sys
[2008.02.14 20:11:50 | 000,021,560 | ---- | M] (Microsoft Corporation) MD5=E03E8C99D15D0381E02743C36AFC7C6F -- C:\Windows\System32\DriverStore\FileRepository\mshdc.inf_64dfd8ea\atapi.sys
[2008.02.14 20:11:50 | 000,021,560 | ---- | M] (Microsoft Corporation) MD5=E03E8C99D15D0381E02743C36AFC7C6F -- C:\Windows\winsxs\x86_mshdc.inf_31bf3856ad364e35_6.0.6000.20757_none_dbac78a93da31a8b\atapi.sys
 
< MD5 for: CNGAUDIT.DLL  >
[2006.11.02 11:46:03 | 000,011,776 | ---- | M] (Microsoft Corporation) MD5=7F15B4953378C8B5161D65C26D5FED4D -- C:\Windows\System32\cngaudit.dll
[2006.11.02 11:46:03 | 000,011,776 | ---- | M] (Microsoft Corporation) MD5=7F15B4953378C8B5161D65C26D5FED4D -- C:\Windows\winsxs\x86_microsoft-windows-cngaudit-dll_31bf3856ad364e35_6.0.6000.16386_none_e62d292932a96ce6\cngaudit.dll
 
< MD5 for: IASTOR.SYS  >
[2007.07.12 16:35:02 | 000,305,176 | ---- | M] (Intel Corporation) MD5=2358C53F30CB9DCD1D3843C4E2F299B2 -- C:\Program Files\Intel\Intel Matrix Storage Manager\Driver\IaStor.sys
[2007.07.12 16:35:02 | 000,305,176 | ---- | M] (Intel Corporation) MD5=2358C53F30CB9DCD1D3843C4E2F299B2 -- C:\Windows\System32\drivers\iaStor.sys
[2007.07.12 16:35:02 | 000,305,176 | ---- | M] (Intel Corporation) MD5=2358C53F30CB9DCD1D3843C4E2F299B2 -- C:\Windows\System32\DriverStore\FileRepository\iaahci.inf_cfa1dde4\iaStor.sys
[2007.07.12 16:35:44 | 000,381,976 | ---- | M] (Intel Corporation) MD5=CEB53BB804B41C52AB0782505C8E2994 -- C:\Program Files\Intel\Intel Matrix Storage Manager\Driver64\IaStor.sys
 
< MD5 for: IASTORV.SYS  >
[2008.01.19 09:42:51 | 000,235,064 | ---- | M] (Intel Corporation) MD5=54155EA1B0DF185878E0FC9EC3AC3A14 -- C:\Windows\SoftwareDistribution\Download\b2ee164db645e6bc8d77bb51f082e3b3\x86_iastorv.inf_31bf3856ad364e35_6.0.6001.18000_none_af11527887c7fa8f\iaStorV.sys
[2008.01.19 09:42:51 | 000,235,064 | ---- | M] (Intel Corporation) MD5=54155EA1B0DF185878E0FC9EC3AC3A14 -- C:\Windows\System32\DriverStore\FileRepository\iastorv.inf_c9df7691\iaStorV.sys
[2008.01.19 09:42:51 | 000,235,064 | ---- | M] (Intel Corporation) MD5=54155EA1B0DF185878E0FC9EC3AC3A14 -- C:\Windows\winsxs\x86_iastorv.inf_31bf3856ad364e35_6.0.6001.18000_none_af11527887c7fa8f\iaStorV.sys
[2006.11.02 11:51:25 | 000,232,040 | ---- | M] (Intel Corporation) MD5=C957BF4B5D80B46C5017BF0101E6C906 -- C:\Windows\System32\drivers\iaStorV.sys
[2006.11.02 11:51:25 | 000,232,040 | ---- | M] (Intel Corporation) MD5=C957BF4B5D80B46C5017BF0101E6C906 -- C:\Windows\System32\DriverStore\FileRepository\iastorv.inf_37cdafa4\iaStorV.sys
 
< MD5 for: NETLOGON.DLL  >
[2006.11.02 11:46:11 | 000,559,616 | ---- | M] (Microsoft Corporation) MD5=889A2C9F2AACCD8F64EF50AC0B3D553B -- C:\Windows\winsxs\x86_microsoft-windows-security-netlogon_31bf3856ad364e35_6.0.6000.16386_none_fb80f5473b0ed783\netlogon.dll
[2009.04.11 08:28:23 | 000,592,896 | ---- | M] (Microsoft Corporation) MD5=95DAECF0FB120A7B5DA679CC54E37DDE -- C:\Windows\System32\netlogon.dll
[2009.04.11 08:28:23 | 000,592,896 | ---- | M] (Microsoft Corporation) MD5=95DAECF0FB120A7B5DA679CC54E37DDE -- C:\Windows\winsxs\x86_microsoft-windows-security-netlogon_31bf3856ad364e35_6.0.6002.18005_none_ffa3304f351bb3a3\netlogon.dll
[2008.01.19 09:35:36 | 000,592,384 | ---- | M] (Microsoft Corporation) MD5=A8EFC0B6E75B789F7FD3BA5025D4E37F -- C:\Windows\SoftwareDistribution\Download\b2ee164db645e6bc8d77bb51f082e3b3\x86_microsoft-windows-security-netlogon_31bf3856ad364e35_6.0.6001.18000_none_fdb7b74337f9e857\netlogon.dll
[2008.01.19 09:35:36 | 000,592,384 | ---- | M] (Microsoft Corporation) MD5=A8EFC0B6E75B789F7FD3BA5025D4E37F -- C:\Windows\winsxs\x86_microsoft-windows-security-netlogon_31bf3856ad364e35_6.0.6001.18000_none_fdb7b74337f9e857\netlogon.dll
 
< MD5 for: NVSTOR.SYS  >
[2006.11.02 11:50:13 | 000,040,040 | ---- | M] (NVIDIA Corporation) MD5=9E0BA19A28C498A6D323D065DB76DFFC -- C:\Windows\System32\drivers\nvstor.sys
[2006.11.02 11:50:13 | 000,040,040 | ---- | M] (NVIDIA Corporation) MD5=9E0BA19A28C498A6D323D065DB76DFFC -- C:\Windows\System32\DriverStore\FileRepository\nvraid.inf_733654ff\nvstor.sys
[2008.01.19 09:42:09 | 000,045,112 | ---- | M] (NVIDIA Corporation) MD5=ABED0C09758D1D97DB0042DBB2688177 -- C:\Windows\SoftwareDistribution\Download\b2ee164db645e6bc8d77bb51f082e3b3\x86_nvraid.inf_31bf3856ad364e35_6.0.6001.18000_none_39dac327befea467\nvstor.sys
[2008.01.19 09:42:09 | 000,045,112 | ---- | M] (NVIDIA Corporation) MD5=ABED0C09758D1D97DB0042DBB2688177 -- C:\Windows\System32\DriverStore\FileRepository\nvraid.inf_31c3d71d\nvstor.sys
[2008.01.19 09:42:09 | 000,045,112 | ---- | M] (NVIDIA Corporation) MD5=ABED0C09758D1D97DB0042DBB2688177 -- C:\Windows\winsxs\x86_nvraid.inf_31bf3856ad364e35_6.0.6001.18000_none_39dac327befea467\nvstor.sys
 
< MD5 for: SCECLI.DLL  >
[2008.01.19 09:36:19 | 000,177,152 | ---- | M] (Microsoft Corporation) MD5=28B84EB538F7E8A0FE8B9299D591E0B9 -- C:\Windows\SoftwareDistribution\Download\b2ee164db645e6bc8d77bb51f082e3b3\x86_microsoft-windows-s..urationengineclient_31bf3856ad364e35_6.0.6001.18000_none_380de25bd91b6f12\scecli.dll
[2008.01.19 09:36:19 | 000,177,152 | ---- | M] (Microsoft Corporation) MD5=28B84EB538F7E8A0FE8B9299D591E0B9 -- C:\Windows\winsxs\x86_microsoft-windows-s..urationengineclient_31bf3856ad364e35_6.0.6001.18000_none_380de25bd91b6f12\scecli.dll
[2006.11.02 11:46:12 | 000,176,640 | ---- | M] (Microsoft Corporation) MD5=80E2839D05CA5970A86D7BE2A08BFF61 -- C:\Windows\winsxs\x86_microsoft-windows-s..urationengineclient_31bf3856ad364e35_6.0.6000.16386_none_35d7205fdc305e3e\scecli.dll
[2009.04.11 08:28:24 | 000,177,152 | ---- | M] (Microsoft Corporation) MD5=8FC182167381E9915651267044105EE1 -- C:\Windows\System32\scecli.dll
[2009.04.11 08:28:24 | 000,177,152 | ---- | M] (Microsoft Corporation) MD5=8FC182167381E9915651267044105EE1 -- C:\Windows\winsxs\x86_microsoft-windows-s..urationengineclient_31bf3856ad364e35_6.0.6002.18005_none_39f95b67d63d3a5e\scecli.dll
 
< MD5 for: USER32.DLL  >
[2007.09.18 12:09:52 | 000,633,856 | ---- | M] (Microsoft Corporation) MD5=63B4F59D7C89B1BF5277F1FFEFD491CD -- C:\Windows\winsxs\x86_microsoft-windows-user32_31bf3856ad364e35_6.0.6000.16438_none_cb39bc5b7047127e\user32.dll
[2007.09.18 12:09:52 | 000,633,856 | ---- | M] (Microsoft Corporation) MD5=9D9F061EDA75425FC67F0365E3467C86 -- C:\Windows\winsxs\x86_microsoft-windows-user32_31bf3856ad364e35_6.0.6000.20537_none_cbc258dc896598f1\user32.dll
[2008.01.19 09:36:46 | 000,627,200 | ---- | M] (Microsoft Corporation) MD5=B974D9F06DC7D1908E825DC201681269 -- C:\Windows\SoftwareDistribution\Download\b2ee164db645e6bc8d77bb51f082e3b3\x86_microsoft-windows-user32_31bf3856ad364e35_6.0.6001.18000_none_cd386c416d5c7f32\user32.dll
[2008.01.19 09:36:46 | 000,627,200 | ---- | M] (Microsoft Corporation) MD5=B974D9F06DC7D1908E825DC201681269 -- C:\Windows\winsxs\x86_microsoft-windows-user32_31bf3856ad364e35_6.0.6001.18000_none_cd386c416d5c7f32\user32.dll
[2006.11.02 11:46:13 | 000,633,856 | ---- | M] (Microsoft Corporation) MD5=E698A5437B89A285ACA3FF022356810A -- C:\Windows\winsxs\x86_microsoft-windows-user32_31bf3856ad364e35_6.0.6000.16386_none_cb01aa4570716e5e\user32.dll
[2009.04.11 08:28:25 | 000,627,712 | ---- | M] (Microsoft Corporation) Unable to obtain MD5 -- C:\Windows\System32\user32.dll
[2009.04.11 08:28:25 | 000,627,712 | ---- | M] (Microsoft Corporation) Unable to obtain MD5 -- C:\Windows\winsxs\x86_microsoft-windows-user32_31bf3856ad364e35_6.0.6002.18005_none_cf23e54d6a7e4a7e\user32.dll
 
< MD5 for: USERINIT.EXE  >
[2008.01.19 09:33:33 | 000,025,088 | ---- | M] (Microsoft Corporation) MD5=0E135526E9785D085BCD9AEDE6FBCBF9 -- C:\Windows\SoftwareDistribution\Download\b2ee164db645e6bc8d77bb51f082e3b3\x86_microsoft-windows-userinit_31bf3856ad364e35_6.0.6001.18000_none_dc28ba15d1aff80b\userinit.exe
[2008.01.19 09:33:33 | 000,025,088 | ---- | M] (Microsoft Corporation) MD5=0E135526E9785D085BCD9AEDE6FBCBF9 -- C:\Windows\System32\userinit.exe
[2008.01.19 09:33:33 | 000,025,088 | ---- | M] (Microsoft Corporation) MD5=0E135526E9785D085BCD9AEDE6FBCBF9 -- C:\Windows\winsxs\x86_microsoft-windows-userinit_31bf3856ad364e35_6.0.6001.18000_none_dc28ba15d1aff80b\userinit.exe
[2006.11.02 11:45:50 | 000,024,576 | ---- | M] (Microsoft Corporation) MD5=22027835939F86C3E47AD8E3FBDE3D11 -- C:\Windows\winsxs\x86_microsoft-windows-userinit_31bf3856ad364e35_6.0.6000.16386_none_d9f1f819d4c4e737\userinit.exe
 
< MD5 for: WININIT.EXE  >
[2008.01.19 09:33:37 | 000,096,768 | ---- | M] (Microsoft Corporation) MD5=101BA3EA053480BB5D957EF37C06B5ED -- C:\Windows\SoftwareDistribution\Download\b2ee164db645e6bc8d77bb51f082e3b3\x86_microsoft-windows-wininit_31bf3856ad364e35_6.0.6001.18000_none_30f2b8cf0450a6a2\wininit.exe
[2008.01.19 09:33:37 | 000,096,768 | ---- | M] (Microsoft Corporation) MD5=101BA3EA053480BB5D957EF37C06B5ED -- C:\Windows\System32\wininit.exe
[2008.01.19 09:33:37 | 000,096,768 | ---- | M] (Microsoft Corporation) MD5=101BA3EA053480BB5D957EF37C06B5ED -- C:\Windows\winsxs\x86_microsoft-windows-wininit_31bf3856ad364e35_6.0.6001.18000_none_30f2b8cf0450a6a2\wininit.exe
[2006.11.02 11:45:57 | 000,095,744 | ---- | M] (Microsoft Corporation) MD5=D4385B03E8CCCEE6F0EE249F827C1F3E -- C:\Windows\winsxs\x86_microsoft-windows-wininit_31bf3856ad364e35_6.0.6000.16386_none_2ebbf6d3076595ce\wininit.exe
 
< MD5 for: WINLOGON.EXE  >
[2012.04.04 15:56:38 | 000,199,240 | ---- | M] () MD5=097D0E812D7A9A3101CE46CB2BE0474D -- C:\Program Files\Malwarebytes' Anti-Malware\Chameleon\winlogon.exe
[2009.04.11 08:28:13 | 000,314,368 | ---- | M] (Microsoft Corporation) MD5=898E7C06A350D4A1A64A9EA264D55452 -- C:\Windows\System32\winlogon.exe
[2009.04.11 08:28:13 | 000,314,368 | ---- | M] (Microsoft Corporation) MD5=898E7C06A350D4A1A64A9EA264D55452 -- C:\Windows\winsxs\x86_microsoft-windows-winlogon_31bf3856ad364e35_6.0.6002.18005_none_71ae7a22d2134741\winlogon.exe
[2006.11.02 11:45:57 | 000,308,224 | ---- | M] (Microsoft Corporation) MD5=9F75392B9128A91ABAFB044EA350BAAD -- C:\Windows\winsxs\x86_microsoft-windows-winlogon_31bf3856ad364e35_6.0.6000.16386_none_6d8c3f1ad8066b21\winlogon.exe
[2008.01.19 09:33:37 | 000,314,880 | ---- | M] (Microsoft Corporation) MD5=C2610B6BDBEFC053BBDAB4F1B965CB24 -- C:\Windows\SoftwareDistribution\Download\b2ee164db645e6bc8d77bb51f082e3b3\x86_microsoft-windows-winlogon_31bf3856ad364e35_6.0.6001.18000_none_6fc30116d4f17bf5\winlogon.exe
[2008.01.19 09:33:37 | 000,314,880 | ---- | M] (Microsoft Corporation) MD5=C2610B6BDBEFC053BBDAB4F1B965CB24 -- C:\Windows\winsxs\x86_microsoft-windows-winlogon_31bf3856ad364e35_6.0.6001.18000_none_6fc30116d4f17bf5\winlogon.exe
 
< MD5 for: WS2IFSL.SYS  >
[2006.11.02 10:58:26 | 000,015,872 | ---- | M] (Microsoft Corporation) MD5=84620AECDCFD2A7A14E6263927D8C0ED -- C:\Windows\winsxs\x86_microsoft-windows-w..rastructure-ws2ifsl_31bf3856ad364e35_6.0.6000.16386_none_4d4fded8cae2956d\ws2ifsl.sys
[2008.01.19 07:56:49 | 000,015,872 | ---- | M] (Microsoft Corporation) MD5=E3A3CB253C0EC2494D4A61F5E43A389C -- C:\Windows\SoftwareDistribution\Download\b2ee164db645e6bc8d77bb51f082e3b3\x86_microsoft-windows-w..rastructure-ws2ifsl_31bf3856ad364e35_6.0.6001.18000_none_4f86a0d4c7cda641\ws2ifsl.sys
[2008.01.19 07:56:49 | 000,015,872 | ---- | M] (Microsoft Corporation) MD5=E3A3CB253C0EC2494D4A61F5E43A389C -- C:\Windows\System32\drivers\ws2ifsl.sys
[2008.01.19 07:56:49 | 000,015,872 | ---- | M] (Microsoft Corporation) MD5=E3A3CB253C0EC2494D4A61F5E43A389C -- C:\Windows\winsxs\x86_microsoft-windows-w..rastructure-ws2ifsl_31bf3856ad364e35_6.0.6001.18000_none_4f86a0d4c7cda641\ws2ifsl.sys
 
< %systemroot%\system32\drivers\*.sys /lockedfiles >
 
< %systemroot%\System32\config\*.sav >
[2006.11.02 12:34:05 | 000,008,192 | ---- | M] () -- C:\Windows\System32\config\COMPONENTS.SAV
[2006.11.02 12:34:05 | 000,020,480 | ---- | M] () -- C:\Windows\System32\config\DEFAULT.SAV
[2006.11.02 12:34:05 | 000,008,192 | ---- | M] () -- C:\Windows\System32\config\SECURITY.SAV
[2006.11.02 12:34:08 | 010,133,504 | ---- | M] () -- C:\Windows\System32\config\SOFTWARE.SAV
[2006.11.02 12:34:08 | 001,826,816 | ---- | M] () -- C:\Windows\System32\config\SYSTEM.SAV
 
< %systemroot%\*. /mp /s >
 
< %systemroot%\system32\*.dll /lockedfiles >
 
========== Alternate Data Streams ==========
 
@Alternate Data Stream - 64 bytes -> C:\Users\XXX\DSCF0565.AVI:TOC.WMV

< End of report >
         
--- --- ---

Alt 29.06.2012, 14:27   #12
cosinus
/// Winkelfunktion
/// TB-Süch-Tiger™
 
Nach system security Virus nun Trojan.sirefef und trojan.small in windows/installer - Standard

Nach system security Virus nun Trojan.sirefef und trojan.small in windows/installer



Mach einen OTL-Fix, beende alle evtl. geöffneten Programme, auch Virenscanner deaktivieren (!), starte OTL und kopiere folgenden Text in die "Custom Scan/Fixes" Box (unten in OTL): (das ":OTL" muss mitkopiert werden!!!)

Hinweis: Falls Du Deinen Benutzernamen unkenntlich gemacht hast, musst Du das Ausgesternte in Deinen richtigen Benutzernamen wieder verwandeln, sonst funktioniert das Script nicht!!

Code:
ATTFilter
:OTL
IE - HKU\S-1-5-21-2820265406-3513511694-1269570180-1003\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://search.babylon.com/?AF=109718&babsrc=HP_ss&mntrId=86571b6300000000000000ffb43162c0
IE - HKU\S-1-5-21-2820265406-3513511694-1269570180-1003\SOFTWARE\Microsoft\Internet Explorer\Main,StartPageCache = 1
IE - HKU\S-1-5-21-2820265406-3513511694-1269570180-1003\..\URLSearchHook:  - No CLSID value found
IE - HKU\S-1-5-21-2820265406-3513511694-1269570180-1003\..\SearchScopes,DefaultScope = {67A2568C-7A0A-4EED-AECC-B5405DE63B64}
IE - HKU\S-1-5-21-2820265406-3513511694-1269570180-1003\..\SearchScopes,DefaultScope /d {67A2568C-7A0A-4EED-AECC-B5405DE63B64} /f >Nul 2>Nul = 
IE - HKU\S-1-5-21-2820265406-3513511694-1269570180-1003\..\SearchScopes\{0C0F4F3C-7477-4523-97B5-054933C03A8F}: "URL" = http://search.ebay.de.anonymize-me.de/?to=656261792E6465&st={searchTerms}&clid=f8d958b8-54fe-4366-96e8-43de064623fe&pid=murb&mode=bounce&k=0
IE - HKU\S-1-5-21-2820265406-3513511694-1269570180-1003\..\SearchScopes\{0ECDF796-C2DC-4d79-A620-CCE0C0A66CC9}: "URL" = http://search.babylon.com.anonymize-me.de/?anonymto=687474703A2F2F7365617263682E626162796C6F6E2E636F6D2F3F713D7B7365617263685465726D737D2641463D313039373138266261627372633D53505F7373266D6E747249643D3836353731623633303030303030303030303030303066666234333136326330&st={searchTerms}&clid=f8d958b8-54fe-4366-96e8-43de064623fe&pid=murb&k=0
IE - HKU\S-1-5-21-2820265406-3513511694-1269570180-1003\..\SearchScopes\{10DD77FC-4286-4EDC-A7E5-2A05AC84E414}: "URL" = http://www.otto.de.anonymize-me.de/?to=6F74746F2E6465&st={searchTerms}&clid=f8d958b8-54fe-4366-96e8-43de064623fe&pid=murb&mode=bounce&k=0
IE - HKU\S-1-5-21-2820265406-3513511694-1269570180-1003\..\SearchScopes\{40DF4D83-7A8D-43EB-9A7E-EAC7EF6D5966}: "URL" = http://www.amazon.de.anonymize-me.de/?to=616D617A6F6E2E6465&st={searchTerms}&clid=f8d958b8-54fe-4366-96e8-43de064623fe&pid=murb&mode=bounce&k=0
IE - HKU\S-1-5-21-2820265406-3513511694-1269570180-1003\..\SearchScopes\{6552C7DD-90A4-4387-B795-F8F96747DE19}: "URL" = http://search.icq.com.anonymize-me.de/?anonymto=687474703A2F2F7365617263682E6963712E636F6D2F7365617263682F726573756C74732E7068703F713D7B7365617263685465726D737D2663685F69643D6F7364&st={searchTerms}&clid=f8d958b8-54fe-4366-96e8-43de064623fe&pid=murb&k=0
IE - HKU\S-1-5-21-2820265406-3513511694-1269570180-1003\..\SearchScopes\{70D46D94-BF1E-45ED-B567-48701376298E}: "URL" = http://127.0.0.1:4664.anonymize-me.de/?anonymto=687474703A2F2F3132372E302E302E313A343636342F73656172636826733D61376A56315A484E31357466354B753768706378384B62424E4C303F713D7B7365617263685465726D737D&st={searchTerms}&clid=f8d958b8-54fe-4366-96e8-43de064623fe&pid=murb&k=0
IE - HKU\S-1-5-21-2820265406-3513511694-1269570180-1003\..\SearchScopes\{7FE36259-6E1A-4A7B-8721-2DF6850CE19E}: "URL" = http://de.wikipedia.org.anonymize-me.de/?to=64652E77696B6970656469612E6F7267&st={searchTerms}&clid=f8d958b8-54fe-4366-96e8-43de064623fe&pid=murb&mode=bounce&k=0
IE - HKU\S-1-5-21-2820265406-3513511694-1269570180-1003\..\SearchScopes\{811E845D-FAC5-40B6-8E97-B747B34B5216}: "URL" = http://www.myvideo.de.anonymize-me.de/?to=6D79766964656F2E6465&st={searchTerms}&clid=f8d958b8-54fe-4366-96e8-43de064623fe&pid=murb&mode=bounce&k=0
IE - HKU\S-1-5-21-2820265406-3513511694-1269570180-1003\..\SearchScopes\{8561F07E-667E-46B2-9029-6E3F6A3FCE5C}: "URL" = http://www.bing.com.anonymize-me.de/?anonymto=687474703A2F2F7777772E62696E672E636F6D2F7365617263683F464F524D3D56453344303126713D7B7365617263685465726D737D267372633D7B72656665727265723A736F757263653F7D&st={searchTerms}&clid=f8d958b8-54fe-4366-96e8-43de064623fe&pid=murb&k=0
IE - HKU\S-1-5-21-2820265406-3513511694-1269570180-1003\..\SearchScopes\{BCE9B97D-AF91-434A-8004-8027F6ADF033}: "URL" = http://www.pricerunner.de.anonymize-me.de/?to=707269636572756E6E65722E6465&st={searchTerms}&clid=f8d958b8-54fe-4366-96e8-43de064623fe&pid=murb&mode=bounce&k=0
IE - HKU\S-1-5-21-2820265406-3513511694-1269570180-1003\..\SearchScopes\{BE9654C9-9D79-42ec-B55A-3CAEB12DBF58}: "URL" = http://www.icq.com.anonymize-me.de/?anonymto=687474703A2F2F7777772E6963712E636F6D2F7365617263682F726573756C74732E7068703F713D7B7365617263685465726D737D2663685F69643D6F7364&st={searchTerms}&clid=f8d958b8-54fe-4366-96e8-43de064623fe&pid=murb&k=0
[2011.03.31 10:55:15 | 000,000,000 | ---D | M] (Microsoft .NET Framework Assistant) -- C:\Users\XXX\AppData\Roaming\mozilla\Firefox\Profiles\z8xl961m.default\extensions\{20a82645-c095-46ed-80e3-08825760534b}
[2012.03.28 14:20:11 | 000,000,000 | ---D | M] ("ICQ Toolbar") -- C:\Users\XXX\AppData\Roaming\mozilla\Firefox\Profiles\z8xl961m.default\extensions\{800b5000-a755-47e1-992b-48a1c1357f07}
[2011.03.23 01:55:48 | 000,001,987 | ---- | M] () -- C:\Users\XXX\AppData\Roaming\Mozilla\Firefox\Profiles\z8xl961m.default\searchplugins\bing.xml
[2011.03.23 01:55:48 | 000,001,097 | ---- | M] () -- C:\Users\XXX\AppData\Roaming\Mozilla\Firefox\Profiles\z8xl961m.default\searchplugins\icqplugin-1.xml
[2012.03.19 03:47:28 | 000,001,097 | ---- | M] () -- C:\Users\XXX\AppData\Roaming\Mozilla\Firefox\Profiles\z8xl961m.default\searchplugins\icqplugin-10.xml
[2012.03.19 03:47:28 | 000,001,097 | ---- | M] () -- C:\Users\XXX\AppData\Roaming\Mozilla\Firefox\Profiles\z8xl961m.default\searchplugins\icqplugin-11.xml
[2012.03.19 03:47:28 | 000,001,097 | ---- | M] () -- C:\Users\XXX\AppData\Roaming\Mozilla\Firefox\Profiles\z8xl961m.default\searchplugins\icqplugin-12.xml
[2011.06.19 22:05:52 | 000,001,097 | ---- | M] () -- C:\Users\XXX\AppData\Roaming\Mozilla\Firefox\Profiles\z8xl961m.default\searchplugins\icqplugin-2.xml
[2011.06.19 22:05:52 | 000,001,097 | ---- | M] () -- C:\Users\XXX\AppData\Roaming\Mozilla\Firefox\Profiles\z8xl961m.default\searchplugins\icqplugin-3.xml
[2011.06.19 22:05:52 | 000,001,097 | ---- | M] () -- C:\Users\XXX\AppData\Roaming\Mozilla\Firefox\Profiles\z8xl961m.default\searchplugins\icqplugin-4.xml
[2012.03.19 03:47:28 | 000,001,097 | ---- | M] () -- C:\Users\XXX\AppData\Roaming\Mozilla\Firefox\Profiles\z8xl961m.default\searchplugins\icqplugin-5.xml
[2012.03.19 03:47:28 | 000,001,097 | ---- | M] () -- C:\Users\XXX\AppData\Roaming\Mozilla\Firefox\Profiles\z8xl961m.default\searchplugins\icqplugin-6.xml
[2012.03.19 03:47:28 | 000,001,097 | ---- | M] () -- C:\Users\XXX\AppData\Roaming\Mozilla\Firefox\Profiles\z8xl961m.default\searchplugins\icqplugin-7.xml
[2012.03.19 03:47:28 | 000,001,097 | ---- | M] () -- C:\Users\XXX\AppData\Roaming\Mozilla\Firefox\Profiles\z8xl961m.default\searchplugins\icqplugin-8.xml
[2012.03.19 03:47:28 | 000,001,097 | ---- | M] () -- C:\Users\XXX\AppData\Roaming\Mozilla\Firefox\Profiles\z8xl961m.default\searchplugins\icqplugin-9.xml
[2011.03.23 01:55:48 | 000,001,114 | ---- | M] () -- C:\Users\XXX\AppData\Roaming\Mozilla\Firefox\Profiles\z8xl961m.default\searchplugins\icqplugin.xml
[2011.03.23 01:55:48 | 000,002,071 | ---- | M] () -- C:\Users\XXX\AppData\Roaming\Mozilla\Firefox\Profiles\z8xl961m.default\searchplugins\{391DA46B-68E9-4FD3-87C4-49E42ECCB4D4}.xml
[2011.03.23 01:55:48 | 000,001,864 | ---- | M] () -- C:\Users\XXX\AppData\Roaming\Mozilla\Firefox\Profiles\z8xl961m.default\searchplugins\{87A9ACC5-B1BF-48DE-A127-B0EF30315290}.xml
[2011.03.23 01:55:48 | 000,002,182 | ---- | M] () -- C:\Users\XXX\AppData\Roaming\Mozilla\Firefox\Profiles\z8xl961m.default\searchplugins\{9926AA3C-7A75-438E-B505-E27BF0038CE8}.xml
[2011.06.19 22:05:52 | 000,001,088 | ---- | M] () -- C:\Users\XXX\AppData\Roaming\Mozilla\Firefox\Profiles\z8xl961m.default\searchplugins\{B4346541-F498-4F66-99A2-4C89E06C72CE}.xml
[2012.04.02 02:17:45 | 000,000,000 | ---D | M] (Shopping-preise.de) -- C:\Users\XXX\AppData\Roaming\mozilla\Firefox\Profiles\z8xl961m.default\extensions\mail@shopping-preise.de
[2012.03.19 03:47:28 | 000,002,389 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\babylon.xml
O2 - BHO: (Babylon toolbar helper) - {2EECD738-5844-4a99-B4B6-146BF802613B} - C:\Program Files\BabylonToolbar\BabylonToolbar\1.5.3.17\bh\BabylonToolbar.dll (Babylon BHO)
O3 - HKLM\..\Toolbar: (Babylon Toolbar) - {98889811-442D-49dd-99D7-DC866BE87DBC} - C:\Program Files\BabylonToolbar\BabylonToolbar\1.5.3.17\BabylonToolbarTlbr.dll (Babylon Ltd.)
O3 - HKU\S-1-5-21-2820265406-3513511694-1269570180-1003\..\Toolbar\WebBrowser: (no name) - {855F3B16-6D32-4FE6-8A56-BBB695989046} - No CLSID value found.
O7 - HKU\S-1-5-21-2820265406-3513511694-1269570180-1003\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 157
O9 - Extra Button: eBay - Der weltweite Online-Marktplatz - {0B65DCC9-1740-43dc-B19C-4F309FB6A6CA} - http://rover.ebay.com/rover/1/707-37276-17534-5/4 File not found
O9 - Extra 'Tools' menuitem : eBay - {0B65DCC9-1740-43dc-B19C-4F309FB6A6CA} - http://rover.ebay.com/rover/1/707-37276-17534-5/4 File not found
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2006.09.18 23:43:36 | 000,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ]
O33 - MountPoints2\{14a78d53-e72b-11de-a352-0016d3863386}\Shell - "" = AutoRun
O33 - MountPoints2\{14a78d53-e72b-11de-a352-0016d3863386}\Shell\AutoRun\command - "" = F:\LaunchU3.exe -a
O33 - MountPoints2\{632bb4f7-a52f-11de-97a0-0016d3863386}\Shell - "" = AutoRun
O33 - MountPoints2\{632bb4f7-a52f-11de-97a0-0016d3863386}\Shell\AutoRun\command - "" = F:\LaunchU3.exe -a
O33 - MountPoints2\G\Shell - "" = AutoRun
O33 - MountPoints2\G\Shell\AutoRun\command - "" = G:\LaunchU3.exe -a
O33 - MountPoints2\I\Shell - "" = AutoRun
O33 - MountPoints2\I\Shell\AutoRun\command - "" = I:\LaunchU3.exe -a
@Alternate Data Stream - 64 bytes -> C:\Users\XXX\DSCF0565.AVI:TOC.WMV
:Files
C:\Program Files\BabylonToolbar
C:\Windows\Installer\{04801163-c298-65bf-33d3-7ede2f924c70}\@
C:\Users\XXX\AppData\Local\{04801163-c298-65bf-33d3-7ede2f924c70}\@
C:\Users\XXX\AppData\Roaming\Babylon
C:\Windows\Installer\{04801163-c298-65bf-33d3-7ede2f924c70}\U
C:\Windows\System32\%APPDATA%
C:\ProgramData\F4D55F3E00315D8C013A9844570F1C8B
:Commands
[purity]
[emptytemp]
[emptyflash]
[resethosts]
         
Klick dann oben links auf den Button Fix!
Das Logfile müsste geöffnet werden, wenn Du nach dem Fixen auf ok klickst, poste das bitte. Evtl. wird der Rechner neu gestartet.

Die mit diesem Script gefixten Einträge, Dateien und Ordner werden zur Sicherheit nicht vollständig gelöscht, es wird eine Sicherheitskopie auf der Systempartition im Ordner "_OTL" erstellt.

Hinweis: Das obige Script ist nur für diesen einen User in dieser Situtation erstellt worden. Es ist auf keinen anderen Rechner portierbar und darf nicht anderweitig verwandt werden, da es das System nachhaltig schädigen kann!
__________________
"Die Wahrheit ist normalerweise nur eine Entschuldigung für einen Mangel an Fantasie." (Elim Garak)

Das Trojaner-Board unterstützen
Warum Linux besser als Windows ist!

Alt 29.06.2012, 20:55   #13
Ladybird
 
Nach system security Virus nun Trojan.sirefef und trojan.small in windows/installer - Standard

Nach system security Virus nun Trojan.sirefef und trojan.small in windows/installer



Hier das log


Code:
ATTFilter
 All processes killed
========== OTL ==========
HKU\S-1-5-21-2820265406-3513511694-1269570180-1003\SOFTWARE\Microsoft\Internet Explorer\Main\\Start Page| /E : value set successfully!
HKU\S-1-5-21-2820265406-3513511694-1269570180-1003\SOFTWARE\Microsoft\Internet Explorer\Main\\StartPageCache| /E : value set successfully!
Registry value HKEY_USERS\S-1-5-21-2820265406-3513511694-1269570180-1003\Software\Microsoft\Internet Explorer\URLSearchHooks\\ not found.
HKEY_USERS\S-1-5-21-2820265406-3513511694-1269570180-1003\Software\Microsoft\Internet Explorer\SearchScopes\\DefaultScope| /E : value set successfully!
HKEY_USERS\S-1-5-21-2820265406-3513511694-1269570180-1003\Software\Microsoft\Internet Explorer\SearchScopes\\DefaultScope| /E : value set successfully!
Registry key HKEY_USERS\S-1-5-21-2820265406-3513511694-1269570180-1003\Software\Microsoft\Internet Explorer\SearchScopes\{0C0F4F3C-7477-4523-97B5-054933C03A8F}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{0C0F4F3C-7477-4523-97B5-054933C03A8F}\ not found.
Registry key HKEY_USERS\S-1-5-21-2820265406-3513511694-1269570180-1003\Software\Microsoft\Internet Explorer\SearchScopes\{0ECDF796-C2DC-4d79-A620-CCE0C0A66CC9}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{0ECDF796-C2DC-4d79-A620-CCE0C0A66CC9}\ not found.
Registry key HKEY_USERS\S-1-5-21-2820265406-3513511694-1269570180-1003\Software\Microsoft\Internet Explorer\SearchScopes\{10DD77FC-4286-4EDC-A7E5-2A05AC84E414}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{10DD77FC-4286-4EDC-A7E5-2A05AC84E414}\ not found.
Registry key HKEY_USERS\S-1-5-21-2820265406-3513511694-1269570180-1003\Software\Microsoft\Internet Explorer\SearchScopes\{40DF4D83-7A8D-43EB-9A7E-EAC7EF6D5966}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{40DF4D83-7A8D-43EB-9A7E-EAC7EF6D5966}\ not found.
Registry key HKEY_USERS\S-1-5-21-2820265406-3513511694-1269570180-1003\Software\Microsoft\Internet Explorer\SearchScopes\{6552C7DD-90A4-4387-B795-F8F96747DE19}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{6552C7DD-90A4-4387-B795-F8F96747DE19}\ not found.
Registry key HKEY_USERS\S-1-5-21-2820265406-3513511694-1269570180-1003\Software\Microsoft\Internet Explorer\SearchScopes\{70D46D94-BF1E-45ED-B567-48701376298E}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{70D46D94-BF1E-45ED-B567-48701376298E}\ not found.
Registry key HKEY_USERS\S-1-5-21-2820265406-3513511694-1269570180-1003\Software\Microsoft\Internet Explorer\SearchScopes\{7FE36259-6E1A-4A7B-8721-2DF6850CE19E}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{7FE36259-6E1A-4A7B-8721-2DF6850CE19E}\ not found.
Registry key HKEY_USERS\S-1-5-21-2820265406-3513511694-1269570180-1003\Software\Microsoft\Internet Explorer\SearchScopes\{811E845D-FAC5-40B6-8E97-B747B34B5216}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{811E845D-FAC5-40B6-8E97-B747B34B5216}\ not found.
Registry key HKEY_USERS\S-1-5-21-2820265406-3513511694-1269570180-1003\Software\Microsoft\Internet Explorer\SearchScopes\{8561F07E-667E-46B2-9029-6E3F6A3FCE5C}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{8561F07E-667E-46B2-9029-6E3F6A3FCE5C}\ not found.
Registry key HKEY_USERS\S-1-5-21-2820265406-3513511694-1269570180-1003\Software\Microsoft\Internet Explorer\SearchScopes\{BCE9B97D-AF91-434A-8004-8027F6ADF033}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{BCE9B97D-AF91-434A-8004-8027F6ADF033}\ not found.
Registry key HKEY_USERS\S-1-5-21-2820265406-3513511694-1269570180-1003\Software\Microsoft\Internet Explorer\SearchScopes\{BE9654C9-9D79-42ec-B55A-3CAEB12DBF58}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{BE9654C9-9D79-42ec-B55A-3CAEB12DBF58}\ not found.
C:\Users\XXX\AppData\Roaming\mozilla\Firefox\Profiles\z8xl961m.default\extensions\{20a82645-c095-46ed-80e3-08825760534b}\defaults\preferences folder moved successfully.
C:\Users\XXX\AppData\Roaming\mozilla\Firefox\Profiles\z8xl961m.default\extensions\{20a82645-c095-46ed-80e3-08825760534b}\defaults folder moved successfully.
C:\Users\XXX\AppData\Roaming\mozilla\Firefox\Profiles\z8xl961m.default\extensions\{20a82645-c095-46ed-80e3-08825760534b}\chrome folder moved successfully.
C:\Users\XXX\AppData\Roaming\mozilla\Firefox\Profiles\z8xl961m.default\extensions\{20a82645-c095-46ed-80e3-08825760534b} folder moved successfully.
C:\Users\XXX\AppData\Roaming\mozilla\Firefox\Profiles\z8xl961m.default\extensions\{800b5000-a755-47e1-992b-48a1c1357f07}\search_engine folder moved successfully.
C:\Users\XXX\AppData\Roaming\mozilla\Firefox\Profiles\z8xl961m.default\extensions\{800b5000-a755-47e1-992b-48a1c1357f07}\META-INF folder moved successfully.
C:\Users\XXX\AppData\Roaming\mozilla\Firefox\Profiles\z8xl961m.default\extensions\{800b5000-a755-47e1-992b-48a1c1357f07}\defaults\preferences folder moved successfully.
C:\Users\XXX\AppData\Roaming\mozilla\Firefox\Profiles\z8xl961m.default\extensions\{800b5000-a755-47e1-992b-48a1c1357f07}\defaults folder moved successfully.
C:\Users\XXX\AppData\Roaming\mozilla\Firefox\Profiles\z8xl961m.default\extensions\{800b5000-a755-47e1-992b-48a1c1357f07}\components folder moved successfully.
C:\Users\XXX\AppData\Roaming\mozilla\Firefox\Profiles\z8xl961m.default\extensions\{800b5000-a755-47e1-992b-48a1c1357f07}\chrome\skin folder moved successfully.
C:\Users\XXX\AppData\Roaming\mozilla\Firefox\Profiles\z8xl961m.default\extensions\{800b5000-a755-47e1-992b-48a1c1357f07}\chrome\locale\tr folder moved successfully.
C:\Users\XXX\AppData\Roaming\mozilla\Firefox\Profiles\z8xl961m.default\extensions\{800b5000-a755-47e1-992b-48a1c1357f07}\chrome\locale\sk folder moved successfully.
C:\Users\XXX\AppData\Roaming\mozilla\Firefox\Profiles\z8xl961m.default\extensions\{800b5000-a755-47e1-992b-48a1c1357f07}\chrome\locale\ru folder moved successfully.
C:\Users\XXX\AppData\Roaming\mozilla\Firefox\Profiles\z8xl961m.default\extensions\{800b5000-a755-47e1-992b-48a1c1357f07}\chrome\locale\it folder moved successfully.
C:\Users\XXX\AppData\Roaming\mozilla\Firefox\Profiles\z8xl961m.default\extensions\{800b5000-a755-47e1-992b-48a1c1357f07}\chrome\locale\he folder moved successfully.
C:\Users\XXX\AppData\Roaming\mozilla\Firefox\Profiles\z8xl961m.default\extensions\{800b5000-a755-47e1-992b-48a1c1357f07}\chrome\locale\fr folder moved successfully.
C:\Users\XXX\AppData\Roaming\mozilla\Firefox\Profiles\z8xl961m.default\extensions\{800b5000-a755-47e1-992b-48a1c1357f07}\chrome\locale\es folder moved successfully.
C:\Users\XXX\AppData\Roaming\mozilla\Firefox\Profiles\z8xl961m.default\extensions\{800b5000-a755-47e1-992b-48a1c1357f07}\chrome\locale\en-US folder moved successfully.
C:\Users\XXX\AppData\Roaming\mozilla\Firefox\Profiles\z8xl961m.default\extensions\{800b5000-a755-47e1-992b-48a1c1357f07}\chrome\locale\de folder moved successfully.
C:\Users\XXX\AppData\Roaming\mozilla\Firefox\Profiles\z8xl961m.default\extensions\{800b5000-a755-47e1-992b-48a1c1357f07}\chrome\locale\cs folder moved successfully.
C:\Users\XXX\AppData\Roaming\mozilla\Firefox\Profiles\z8xl961m.default\extensions\{800b5000-a755-47e1-992b-48a1c1357f07}\chrome\locale\bg folder moved successfully.
C:\Users\XXX\AppData\Roaming\mozilla\Firefox\Profiles\z8xl961m.default\extensions\{800b5000-a755-47e1-992b-48a1c1357f07}\chrome\locale folder moved successfully.
C:\Users\XXX\AppData\Roaming\mozilla\Firefox\Profiles\z8xl961m.default\extensions\{800b5000-a755-47e1-992b-48a1c1357f07}\chrome\content\img folder moved successfully.
C:\Users\XXX\AppData\Roaming\mozilla\Firefox\Profiles\z8xl961m.default\extensions\{800b5000-a755-47e1-992b-48a1c1357f07}\chrome\content folder moved successfully.
C:\Users\XXX\AppData\Roaming\mozilla\Firefox\Profiles\z8xl961m.default\extensions\{800b5000-a755-47e1-992b-48a1c1357f07}\chrome folder moved successfully.
C:\Users\XXX\AppData\Roaming\mozilla\Firefox\Profiles\z8xl961m.default\extensions\{800b5000-a755-47e1-992b-48a1c1357f07} folder moved successfully.
C:\Users\XXX\AppData\Roaming\Mozilla\Firefox\Profiles\z8xl961m.default\searchplugins\bing.xml moved successfully.
C:\Users\XXX\AppData\Roaming\Mozilla\Firefox\Profiles\z8xl961m.default\searchplugins\icqplugin-1.xml moved successfully.
C:\Users\XXX\AppData\Roaming\Mozilla\Firefox\Profiles\z8xl961m.default\searchplugins\icqplugin-10.xml moved successfully.
C:\Users\XXX\AppData\Roaming\Mozilla\Firefox\Profiles\z8xl961m.default\searchplugins\icqplugin-11.xml moved successfully.
C:\Users\XXX\AppData\Roaming\Mozilla\Firefox\Profiles\z8xl961m.default\searchplugins\icqplugin-12.xml moved successfully.
C:\Users\XXX\AppData\Roaming\Mozilla\Firefox\Profiles\z8xl961m.default\searchplugins\icqplugin-2.xml moved successfully.
C:\Users\XXX\AppData\Roaming\Mozilla\Firefox\Profiles\z8xl961m.default\searchplugins\icqplugin-3.xml moved successfully.
C:\Users\XXX\AppData\Roaming\Mozilla\Firefox\Profiles\z8xl961m.default\searchplugins\icqplugin-4.xml moved successfully.
C:\Users\XXX\AppData\Roaming\Mozilla\Firefox\Profiles\z8xl961m.default\searchplugins\icqplugin-5.xml moved successfully.
C:\Users\XXX\AppData\Roaming\Mozilla\Firefox\Profiles\z8xl961m.default\searchplugins\icqplugin-6.xml moved successfully.
C:\Users\XXX\AppData\Roaming\Mozilla\Firefox\Profiles\z8xl961m.default\searchplugins\icqplugin-7.xml moved successfully.
C:\Users\XXX\AppData\Roaming\Mozilla\Firefox\Profiles\z8xl961m.default\searchplugins\icqplugin-8.xml moved successfully.
C:\Users\XXX\AppData\Roaming\Mozilla\Firefox\Profiles\z8xl961m.default\searchplugins\icqplugin-9.xml moved successfully.
C:\Users\XXX\AppData\Roaming\Mozilla\Firefox\Profiles\z8xl961m.default\searchplugins\icqplugin.xml moved successfully.
C:\Users\XXX\AppData\Roaming\Mozilla\Firefox\Profiles\z8xl961m.default\searchplugins\{391DA46B-68E9-4FD3-87C4-49E42ECCB4D4}.xml moved successfully.
C:\Users\XXX\AppData\Roaming\Mozilla\Firefox\Profiles\z8xl961m.default\searchplugins\{87A9ACC5-B1BF-48DE-A127-B0EF30315290}.xml moved successfully.
C:\Users\XXX\AppData\Roaming\Mozilla\Firefox\Profiles\z8xl961m.default\searchplugins\{9926AA3C-7A75-438E-B505-E27BF0038CE8}.xml moved successfully.
C:\Users\XXX\AppData\Roaming\Mozilla\Firefox\Profiles\z8xl961m.default\searchplugins\{B4346541-F498-4F66-99A2-4C89E06C72CE}.xml moved successfully.
C:\Users\XXX\AppData\Roaming\mozilla\Firefox\Profiles\z8xl961m.default\extensions\mail@shopping-preise.de\chrome\content\skin folder moved successfully.
C:\Users\XXX\AppData\Roaming\mozilla\Firefox\Profiles\z8xl961m.default\extensions\mail@shopping-preise.de\chrome\content folder moved successfully.
C:\Users\XXX\AppData\Roaming\mozilla\Firefox\Profiles\z8xl961m.default\extensions\mail@shopping-preise.de\chrome folder moved successfully.
C:\Users\XXX\AppData\Roaming\mozilla\Firefox\Profiles\z8xl961m.default\extensions\mail@shopping-preise.de folder moved successfully.
File C:\Program Files\mozilla firefox\searchplugins\babylon.xml not found.
Registry key HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{2EECD738-5844-4a99-B4B6-146BF802613B}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{2EECD738-5844-4a99-B4B6-146BF802613B}\ not found.
File C:\Program Files\BabylonToolbar\BabylonToolbar\1.5.3.17\bh\BabylonToolbar.dll not found.
Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Toolbar\\{98889811-442D-49dd-99D7-DC866BE87DBC} not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{98889811-442D-49dd-99D7-DC866BE87DBC}\ not found.
File C:\Program Files\BabylonToolbar\BabylonToolbar\1.5.3.17\BabylonToolbarTlbr.dll not found.
Registry value HKEY_USERS\S-1-5-21-2820265406-3513511694-1269570180-1003\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\\{855F3B16-6D32-4FE6-8A56-BBB695989046} not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{855F3B16-6D32-4FE6-8A56-BBB695989046}\ not found.
Registry value HKEY_USERS\S-1-5-21-2820265406-3513511694-1269570180-1003\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\\NoDriveTypeAutoRun not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Extensions\{0B65DCC9-1740-43dc-B19C-4F309FB6A6CA}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{0B65DCC9-1740-43dc-B19C-4F309FB6A6CA}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Extensions\{0B65DCC9-1740-43dc-B19C-4F309FB6A6CA}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{0B65DCC9-1740-43dc-B19C-4F309FB6A6CA}\ not found.
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Cdrom\\AutoRun|DWORD:1 /E : value set successfully!
File C:\autoexec.bat not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{14a78d53-e72b-11de-a352-0016d3863386}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{14a78d53-e72b-11de-a352-0016d3863386}\ not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{14a78d53-e72b-11de-a352-0016d3863386}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{14a78d53-e72b-11de-a352-0016d3863386}\ not found.
File F:\LaunchU3.exe -a not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{632bb4f7-a52f-11de-97a0-0016d3863386}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{632bb4f7-a52f-11de-97a0-0016d3863386}\ not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{632bb4f7-a52f-11de-97a0-0016d3863386}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{632bb4f7-a52f-11de-97a0-0016d3863386}\ not found.
File F:\LaunchU3.exe -a not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\G\ not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\G\ not found.
File G:\LaunchU3.exe -a not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\I\ not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\I\ not found.
File I:\LaunchU3.exe -a not found.
ADS C:\Users\XXX\DSCF0565.AVI:TOC.WMV deleted successfully.
========== FILES ==========
File\Folder C:\Program Files\BabylonToolbar not found.
File\Folder C:\Windows\Installer\{04801163-c298-65bf-33d3-7ede2f924c70}\@ not found.
C:\Users\XXX\AppData\Local\{04801163-c298-65bf-33d3-7ede2f924c70}\@ moved successfully.
C:\Users\XXX\AppData\Roaming\Babylon folder moved successfully.
File\Folder C:\Windows\Installer\{04801163-c298-65bf-33d3-7ede2f924c70}\U not found.
File\Folder C:\Windows\System32\%APPDATA% not found.
File\Folder C:\ProgramData\F4D55F3E00315D8C013A9844570F1C8B not found.
========== COMMANDS ==========
 
[EMPTYTEMP]
 
User: All Users
 
User: Default
->Temp folder emptied: 0 bytes
->Flash cache emptied: 0 bytes
 
User: Default User
->Temp folder emptied: 0 bytes
->Flash cache emptied: 0 bytes
 
User: XXX
->Temp folder emptied: 33524 bytes
->Java cache emptied: 0 bytes
->FireFox cache emptied: 8985719 bytes
->Google Chrome cache emptied: 0 bytes
->Flash cache emptied: 0 bytes
 
User: Public
 
%systemdrive% .tmp files removed: 0 bytes
%systemroot% .tmp files removed: 0 bytes
%systemroot%\System32 .tmp files removed: 0 bytes
%systemroot%\System32\drivers .tmp files removed: 0 bytes
Windows Temp folder emptied: 175050665 bytes
RecycleBin emptied: 181065660 bytes
 
Total Files Cleaned = 348,00 mb
 
 
[EMPTYFLASH]
 
User: All Users
 
User: Default
->Flash cache emptied: 0 bytes
 
User: Default User
->Flash cache emptied: 0 bytes
 
User: XXX
->Flash cache emptied: 0 bytes
 
User: Public
 
Total Flash Files Cleaned = 0,00 mb
 
C:\Windows\System32\drivers\etc\Hosts moved successfully.
HOSTS file reset successfully
 
OTL by OldTimer - Version 3.2.48.0 log created on 06292012_214710

Files\Folders moved on Reboot...
C:\Windows\temp\JET274E.tmp moved successfully.
File\Folder C:\Windows\temp\JET956B.tmp not found!

Registry entries deleted on Reboot...
         
und vielen vielen Dank schonmal für die Mühe

Geändert von Ladybird (29.06.2012 um 21:01 Uhr)

Alt 01.07.2012, 14:37   #14
cosinus
/// Winkelfunktion
/// TB-Süch-Tiger™
 
Nach system security Virus nun Trojan.sirefef und trojan.small in windows/installer - Standard

Nach system security Virus nun Trojan.sirefef und trojan.small in windows/installer



Bitte nun (im normalen Windows-Modus) dieses Tool von Kaspersky (TDSS-Killer) ausführen und das Log posten Anleitung und Downloadlink hier => http://www.trojaner-board.de/82358-t...entfernen.html

Hinweis: Bitte den Virenscanner abstellen bevor du den TDSS-Killer ausführst, denn v.a. Avira meldet im TDSS-Tool oft einen Fehalalrm!

Das Tool so einstellen wie unten im Bild angegeben - klick auf change parameters und setze die Haken wie im folgenden Screenshot abgebildet,
Dann auf Start Scan klicken und wenn es durch ist auf den Button Report klicken um das Log anzuzeigen. Dieses bitte komplett posten.
Wenn du das Log nicht findest oder den Inhalt kopieren und in dein Posting übertragen kannst, dann schau bitte direkt auf deiner Windows-Systempartition (meistens Laufwerk C nach, da speichert der TDSS-Killer seine Logs.

Hinweis: Bitte nichts voreilig mit dem TDSS-Killer löschen! Falls Objekte vom TDSS-Killer bemängelt werden, alle mit der Aktion "skip" behandeln und hier nur das Log posten!

__________________
"Die Wahrheit ist normalerweise nur eine Entschuldigung für einen Mangel an Fantasie." (Elim Garak)

Das Trojaner-Board unterstützen
Warum Linux besser als Windows ist!

Alt 02.07.2012, 09:46   #15
Ladybird
 
Nach system security Virus nun Trojan.sirefef und trojan.small in windows/installer - Standard

Nach system security Virus nun Trojan.sirefef und trojan.small in windows/installer



Code:
ATTFilter
10:42:56.0594 4080	TDSS rootkit removing tool 2.7.43.0 Jun 29 2012 17:54:22
10:42:57.0201 4080	============================================================
10:42:57.0201 4080	Current date / time: 2012/07/02 10:42:57.0201
10:42:57.0201 4080	SystemInfo:
10:42:57.0201 4080	
10:42:57.0201 4080	OS Version: 6.0.6002 ServicePack: 2.0
10:42:57.0202 4080	Product type: Workstation
10:42:57.0202 4080	ComputerName: XXX-PC
10:42:57.0202 4080	UserName: XXX
10:42:57.0202 4080	Windows directory: C:\Windows
10:42:57.0202 4080	System windows directory: C:\Windows
10:42:57.0202 4080	Processor architecture: Intel x86
10:42:57.0202 4080	Number of processors: 2
10:42:57.0202 4080	Page size: 0x1000
10:42:57.0202 4080	Boot type: Normal boot
10:42:57.0202 4080	============================================================
10:42:58.0006 4080	Drive \Device\Harddisk0\DR0 - Size: 0x25433D6000 (149.05 Gb), SectorSize: 0x200, Cylinders: 0x4C01, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000050
10:42:58.0066 4080	============================================================
10:42:58.0067 4080	\Device\Harddisk0\DR0:
10:42:58.0067 4080	MBR partitions:
10:42:58.0085 4080	\Device\Harddisk0\DR0\Partition0: MBR, Type 0xB, StartLBA 0xF52DB02, BlocksNum 0x34EAFBF
10:42:58.0085 4080	\Device\Harddisk0\DR0\Partition1: MBR, Type 0x7, StartLBA 0x3F, BlocksNum 0xF52DA84
10:42:58.0086 4080	============================================================
10:42:58.0120 4080	C: <-> \Device\Harddisk0\DR0\Partition1
10:42:58.0120 4080	D: <-> \Device\Harddisk0\DR0\Partition0
10:42:58.0121 4080	============================================================
10:42:58.0121 4080	Initialize success
10:42:58.0121 4080	============================================================
10:43:25.0456 4448	============================================================
10:43:25.0456 4448	Scan started
10:43:25.0456 4448	Mode: Manual; SigCheck; TDLFS; 
10:43:25.0456 4448	============================================================
10:43:26.0478 4448	ACPI            (82b296ae1892fe3dbee00c9cf92f8ac7) C:\Windows\system32\drivers\acpi.sys
10:43:26.0737 4448	ACPI - ok
10:43:26.0841 4448	AdobeFlashPlayerUpdateSvc (990dc6edc9f933194d7cd4e65146bc94) C:\Windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe
10:43:26.0868 4448	AdobeFlashPlayerUpdateSvc - ok
10:43:26.0955 4448	adp94xx         (2edc5bbac6c651ece337bde8ed97c9fb) C:\Windows\system32\drivers\adp94xx.sys
10:43:27.0016 4448	adp94xx - ok
10:43:27.0080 4448	adpahci         (b84088ca3cdca97da44a984c6ce1ccad) C:\Windows\system32\drivers\adpahci.sys
10:43:27.0112 4448	adpahci - ok
10:43:27.0137 4448	adpu160m        (7880c67bccc27c86fd05aa2afb5ea469) C:\Windows\system32\drivers\adpu160m.sys
10:43:27.0161 4448	adpu160m - ok
10:43:27.0188 4448	adpu320         (9ae713f8e30efc2abccd84904333df4d) C:\Windows\system32\drivers\adpu320.sys
10:43:27.0215 4448	adpu320 - ok
10:43:27.0247 4448	AeLookupSvc     (9d1fda9e086ba64e3c93c9de32461bcf) C:\Windows\System32\aelupsvc.dll
10:43:27.0402 4448	AeLookupSvc - ok
10:43:27.0498 4448	AFD             (3911b972b55fea0478476b2e777b29fa) C:\Windows\system32\drivers\afd.sys
10:43:27.0573 4448	AFD - ok
10:43:27.0623 4448	AgereModemAudio (39e435c90c9c4f780fa0ed05ca3c3a1b) C:\Windows\system32\agrsmsvc.exe
10:43:27.0679 4448	AgereModemAudio - ok
10:43:27.0840 4448	AgereSoftModem  (ce91b158fa490cf4c4d487a4130f4660) C:\Windows\system32\DRIVERS\AGRSM.sys
10:43:27.0961 4448	AgereSoftModem - ok
10:43:27.0994 4448	aic78xx         (ae1fdf7bf7bb6c6a70f67699d880592a) C:\Windows\system32\drivers\djsvs.sys
10:43:28.0018 4448	aic78xx - ok
10:43:28.0051 4448	ALG             (a1545b731579895d8cc44fc0481c1192) C:\Windows\System32\alg.exe
10:43:28.0237 4448	ALG - ok
10:43:28.0261 4448	aliide          (496eda16a127ac9a38bb285bef17dbb5) C:\Windows\system32\drivers\aliide.sys
10:43:28.0286 4448	aliide - ok
10:43:28.0341 4448	amdagp          (2b13e304c9dfdfa5eb582f6a149fa2c7) C:\Windows\system32\drivers\amdagp.sys
10:43:28.0365 4448	amdagp - ok
10:43:28.0383 4448	amdide          (6f65f4147c54398d7280b18cebbed215) C:\Windows\system32\drivers\amdide.sys
10:43:28.0407 4448	amdide - ok
10:43:28.0431 4448	AmdK7           (dc487885bcef9f28eece6fac0e5ddfc5) C:\Windows\system32\drivers\amdk7.sys
10:43:28.0639 4448	AmdK7 - ok
10:43:28.0661 4448	AmdK8           (0ca0071da4315b00fc1328ca86b425da) C:\Windows\system32\drivers\amdk8.sys
10:43:28.0766 4448	AmdK8 - ok
10:43:28.0876 4448	AntiVirSchedulerService (466a0d95960dad3222c896d2cea99993) C:\Program Files\Avira\AntiVir Desktop\sched.exe
10:43:28.0919 4448	AntiVirSchedulerService - ok
10:43:28.0972 4448	AntiVirService  (a489be6bb0aa1ff406b488b60542314b) C:\Program Files\Avira\AntiVir Desktop\avguard.exe
10:43:28.0994 4448	AntiVirService - ok
10:43:29.0055 4448	Appinfo         (c6d704c7f0434dc791aac37cac4b6e14) C:\Windows\System32\appinfo.dll
10:43:29.0146 4448	Appinfo - ok
10:43:29.0166 4448	arc             (5f673180268bb1fdb69c99b6619fe379) C:\Windows\system32\drivers\arc.sys
10:43:29.0189 4448	arc - ok
10:43:29.0237 4448	arcsas          (957f7540b5e7f602e44648c7de5a1c05) C:\Windows\system32\drivers\arcsas.sys
10:43:29.0260 4448	arcsas - ok
10:43:29.0312 4448	AsyncMac        (53b202abee6455406254444303e87be1) C:\Windows\system32\DRIVERS\asyncmac.sys
10:43:29.0412 4448	AsyncMac - ok
10:43:29.0452 4448	atapi           (1f05b78ab91c9075565a9d8a4b880bc4) C:\Windows\system32\drivers\atapi.sys
10:43:29.0479 4448	atapi - ok
10:43:29.0523 4448	ATSWPDRV        (69e65a2ce11619f0c868967ca9540b80) C:\Windows\system32\DRIVERS\ATSwpDrv.sys
10:43:29.0893 4448	ATSWPDRV - ok
10:43:30.0008 4448	AudioEndpointBuilder (68e2a1a0407a66cf50da0300852424ab) C:\Windows\System32\Audiosrv.dll
10:43:30.0060 4448	AudioEndpointBuilder - ok
10:43:30.0071 4448	Audiosrv        (68e2a1a0407a66cf50da0300852424ab) C:\Windows\System32\Audiosrv.dll
10:43:30.0116 4448	Audiosrv - ok
10:43:30.0135 4448	avgntflt        (d5541f0afb767e85fc412fc609d96a74) C:\Windows\system32\DRIVERS\avgntflt.sys
10:43:30.0161 4448	avgntflt - ok
10:43:30.0203 4448	avipbb          (7d967a682d4694df7fa57d63a2db01fe) C:\Windows\system32\DRIVERS\avipbb.sys
10:43:30.0230 4448	avipbb - ok
10:43:30.0242 4448	avkmgr          (53e56450da16a1a7f0d002f511113f67) C:\Windows\system32\DRIVERS\avkmgr.sys
10:43:30.0264 4448	avkmgr - ok
10:43:30.0307 4448	Beep            (67e506b75bd5326a3ec7b70bd014dfb6) C:\Windows\system32\drivers\Beep.sys
10:43:30.0393 4448	Beep - ok
10:43:30.0524 4448	BITS            (93952506c6d67330367f7e7934b6a02f) C:\Windows\System32\qmgr.dll
10:43:30.0636 4448	BITS - ok
10:43:30.0645 4448	blbdrive - ok
10:43:30.0718 4448	bowser          (35f376253f687bde63976ccb3f2108ca) C:\Windows\system32\DRIVERS\bowser.sys
10:43:30.0774 4448	bowser - ok
10:43:30.0819 4448	BrFiltLo        (9f9acc7f7ccde8a15c282d3f88b43309) C:\Windows\system32\drivers\brfiltlo.sys
10:43:30.0873 4448	BrFiltLo - ok
10:43:30.0897 4448	BrFiltUp        (56801ad62213a41f6497f96dee83755a) C:\Windows\system32\drivers\brfiltup.sys
10:43:30.0964 4448	BrFiltUp - ok
10:43:30.0998 4448	Browser         (a3629a0c4226f9e9c72faaeebc3ad33c) C:\Windows\System32\browser.dll
10:43:31.0101 4448	Browser - ok
10:43:31.0144 4448	Brserid         (b304e75cff293029eddf094246747113) C:\Windows\system32\drivers\brserid.sys
10:43:31.0244 4448	Brserid - ok
10:43:31.0267 4448	BrSerWdm        (203f0b1e73adadbbb7b7b1fabd901f6b) C:\Windows\system32\drivers\brserwdm.sys
10:43:31.0374 4448	BrSerWdm - ok
10:43:31.0402 4448	BrUsbMdm        (bd456606156ba17e60a04e18016ae54b) C:\Windows\system32\drivers\brusbmdm.sys
10:43:31.0506 4448	BrUsbMdm - ok
10:43:31.0546 4448	BrUsbSer        (af72ed54503f717a43268b3cc5faec2e) C:\Windows\system32\drivers\brusbser.sys
10:43:31.0646 4448	BrUsbSer - ok
10:43:31.0703 4448	BthEnum         (6d39c954799b63ba866910234cf7d726) C:\Windows\system32\DRIVERS\BthEnum.sys
10:43:31.0774 4448	BthEnum - ok
10:43:31.0833 4448	BTHMODEM        (9a966a8e86d1771911ae34a20d11bff3) C:\Windows\system32\DRIVERS\bthmodem.sys
10:43:31.0881 4448	BTHMODEM - ok
10:43:31.0925 4448	BthPan          (5904efa25f829bf84ea6fb045134a1d8) C:\Windows\system32\DRIVERS\bthpan.sys
10:43:32.0000 4448	BthPan - ok
10:43:32.0112 4448	BTHPORT         (611ff3f2f095c8d4a6d4cfd9dcc09793) C:\Windows\system32\Drivers\BTHport.sys
10:43:32.0195 4448	BTHPORT - ok
10:43:32.0243 4448	BthServ         (a4c8377fa4a994e07075107dbe2e3dce) C:\Windows\System32\bthserv.dll
10:43:32.0307 4448	BthServ - ok
10:43:32.0347 4448	BTHUSB          (d330803eab2a15caec7f011f1d4cb30e) C:\Windows\system32\Drivers\BTHUSB.sys
10:43:32.0372 4448	BTHUSB - ok
10:43:32.0517 4448	Cam5607         (48f64a84054771b2fef55606adf57557) C:\Windows\system32\Drivers\BisonC07.sys
10:43:32.0598 4448	Cam5607 - ok
10:43:32.0662 4448	cdfs            (7add03e75beb9e6dd102c3081d29840a) C:\Windows\system32\DRIVERS\cdfs.sys
10:43:32.0730 4448	cdfs - ok
10:43:32.0783 4448	cdrom           (6b4bffb9becd728097024276430db314) C:\Windows\system32\DRIVERS\cdrom.sys
10:43:32.0845 4448	cdrom - ok
10:43:32.0894 4448	CertPropSvc     (312ec3e37a0a1f2006534913e37b4423) C:\Windows\System32\certprop.dll
10:43:32.0971 4448	CertPropSvc - ok
10:43:33.0341 4448	CGVPNCliSrvc    (8fa3860fa448ccf9eae4de6bef190735) C:\Program Files\S.A.D\CyberGhost VPN\CGVPNCliService.exe
10:43:33.0581 4448	CGVPNCliSrvc - ok
10:43:33.0761 4448	circlass        (da8e0afc7baa226c538ef53ac2f90897) C:\Windows\system32\drivers\circlass.sys
10:43:33.0869 4448	circlass - ok
10:43:33.0939 4448	CLFS            (d7659d3b5b92c31e84e53c1431f35132) C:\Windows\system32\CLFS.sys
10:43:33.0972 4448	CLFS - ok
10:43:34.0047 4448	clr_optimization_v2.0.50727_32 (8ee772032e2fe80a924f3b8dd5082194) C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe
10:43:34.0071 4448	clr_optimization_v2.0.50727_32 - ok
10:43:34.0188 4448	clr_optimization_v4.0.30319_32 (c5a75eb48e2344abdc162bda79e16841) C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe
10:43:34.0245 4448	clr_optimization_v4.0.30319_32 - ok
10:43:34.0296 4448	CmBatt          (99afc3795b58cc478fbbbcdc658fcb56) C:\Windows\system32\DRIVERS\CmBatt.sys
10:43:34.0386 4448	CmBatt - ok
10:43:34.0431 4448	cmdide          (59172a0724f2ab769f31d61b0571d75b) C:\Windows\system32\drivers\cmdide.sys
10:43:34.0456 4448	cmdide - ok
10:43:34.0487 4448	Compbatt        (6afef0b60fa25de07c0968983ee4f60a) C:\Windows\system32\DRIVERS\compbatt.sys
10:43:34.0511 4448	Compbatt - ok
10:43:34.0520 4448	COMSysApp - ok
10:43:34.0552 4448	crcdisk         (2a213ae086bbec5e937553c7d9a2b22c) C:\Windows\system32\drivers\crcdisk.sys
10:43:34.0575 4448	crcdisk - ok
10:43:34.0591 4448	Crusoe          (22a7f883508176489f559ee745b5bf5d) C:\Windows\system32\drivers\crusoe.sys
10:43:34.0685 4448	Crusoe - ok
10:43:34.0728 4448	CryptSvc        (75c6a297e364014840b48eccd7525e30) C:\Windows\system32\cryptsvc.dll
10:43:34.0783 4448	CryptSvc - ok
10:43:34.0887 4448	DcomLaunch      (3b5b4d53fec14f7476ca29a20cc31ac9) C:\Windows\system32\rpcss.dll
10:43:34.0942 4448	DcomLaunch - ok
10:43:35.0016 4448	DfsC            (622c41a07ca7e6dd91770f50d532cb6c) C:\Windows\system32\Drivers\dfsc.sys
10:43:35.0062 4448	DfsC - ok
10:43:35.0368 4448	DFSR            (2cc3dcfb533a1035b13dcab6160ab38b) C:\Windows\system32\DFSR.exe
10:43:35.0588 4448	DFSR - ok
10:43:35.0787 4448	Dhcp            (9028559c132146fb75eb7acf384b086a) C:\Windows\System32\dhcpcsvc.dll
10:43:35.0848 4448	Dhcp - ok
10:43:35.0934 4448	disk            (5d4aefc3386920236a548271f8f1af6a) C:\Windows\system32\drivers\disk.sys
10:43:35.0961 4448	disk - ok
10:43:36.0024 4448	Dnscache        (57d762f6f5974af0da2be88a3349baaa) C:\Windows\System32\dnsrslvr.dll
10:43:36.0074 4448	Dnscache - ok
10:43:36.0131 4448	dot3svc         (324fd74686b1ef5e7c19a8af49e748f6) C:\Windows\System32\dot3svc.dll
10:43:36.0173 4448	dot3svc - ok
10:43:36.0215 4448	DPS             (a622e888f8aa2f6b49e9bc466f0e5def) C:\Windows\system32\dps.dll
10:43:36.0285 4448	DPS - ok
10:43:36.0313 4448	drmkaud         (97fef831ab90bee128c9af390e243f80) C:\Windows\system32\drivers\drmkaud.sys
10:43:36.0365 4448	drmkaud - ok
10:43:36.0460 4448	DXGKrnl         (c68ac676b0ef30cfbb1080adce49eb1f) C:\Windows\System32\drivers\dxgkrnl.sys
10:43:36.0518 4448	DXGKrnl - ok
10:43:36.0583 4448	E1G60           (f88fb26547fd2ce6d0a5af2985892c48) C:\Windows\system32\DRIVERS\E1G60I32.sys
10:43:36.0683 4448	E1G60 - ok
10:43:36.0720 4448	EapHost         (c0b95e40d85cd807d614e264248a45b9) C:\Windows\System32\eapsvc.dll
10:43:36.0762 4448	EapHost - ok
10:43:36.0843 4448	Ecache          (7f64ea048dcfac7acf8b4d7b4e6fe371) C:\Windows\system32\drivers\ecache.sys
10:43:36.0872 4448	Ecache - ok
10:43:36.0946 4448	ehRecvr         (9be3744d295a7701eb425332014f0797) C:\Windows\ehome\ehRecvr.exe
10:43:37.0002 4448	ehRecvr - ok
10:43:37.0040 4448	ehSched         (ad1870c8e5d6dd340c829e6074bf3c3f) C:\Windows\ehome\ehsched.exe
10:43:37.0095 4448	ehSched - ok
10:43:37.0101 4448	ehstart         (c27c4ee8926e74aa72efcab24c5242c3) C:\Windows\ehome\ehstart.dll
10:43:37.0146 4448	ehstart - ok
10:43:37.0217 4448	elxstor         (e8f3f21a71720c84bcf423b80028359f) C:\Windows\system32\drivers\elxstor.sys
10:43:37.0250 4448	elxstor - ok
10:43:37.0346 4448	EMDMgmt         (4e6b23dfc917ea39306b529b773950f4) C:\Windows\system32\emdmgmt.dll
10:43:37.0467 4448	EMDMgmt - ok
10:43:37.0561 4448	EventSystem     (67058c46504bc12d821f38cf99b7b28f) C:\Windows\system32\es.dll
10:43:37.0624 4448	EventSystem - ok
10:43:37.0704 4448	exfat           (22b408651f9123527bcee54b4f6c5cae) C:\Windows\system32\drivers\exfat.sys
10:43:37.0756 4448	exfat - ok
10:43:37.0800 4448	fastfat         (1e9b9a70d332103c52995e957dc09ef8) C:\Windows\system32\drivers\fastfat.sys
10:43:37.0864 4448	fastfat - ok
10:43:37.0892 4448	fdc             (63bdada84951b9c03e641800e176898a) C:\Windows\system32\DRIVERS\fdc.sys
10:43:37.0991 4448	fdc - ok
10:43:38.0007 4448	fdPHost         (6629b5f0e98151f4afdd87567ea32ba3) C:\Windows\system32\fdPHost.dll
10:43:38.0057 4448	fdPHost - ok
10:43:38.0081 4448	FDResPub        (89ed56dce8e47af40892778a5bd31fd2) C:\Windows\system32\fdrespub.dll
10:43:38.0189 4448	FDResPub - ok
10:43:38.0233 4448	FETNDIS         (b2b2c38e916184ff8523c7439ddd417f) C:\Windows\system32\DRIVERS\fetnd5.sys
10:43:38.0329 4448	FETNDIS - ok
10:43:38.0368 4448	FileInfo        (a8c0139a884861e3aae9cfe73b208a9f) C:\Windows\system32\drivers\fileinfo.sys
10:43:38.0393 4448	FileInfo - ok
10:43:38.0434 4448	Filetrace       (0ae429a696aecbc5970e3cf2c62635ae) C:\Windows\system32\drivers\filetrace.sys
10:43:38.0497 4448	Filetrace - ok
10:43:38.0762 4448	FirebirdServerMAGIXInstance (167d24a045499ebef438f231976158df) C:\Program Files\ALDI Foto Service Nord\Common\Database\bin\fbserver.exe
10:43:38.0889 4448	FirebirdServerMAGIXInstance ( UnsignedFile.Multi.Generic ) - warning
10:43:38.0889 4448	FirebirdServerMAGIXInstance - detected UnsignedFile.Multi.Generic (1)
10:43:39.0073 4448	flpydisk        (6603957eff5ec62d25075ea8ac27de68) C:\Windows\system32\DRIVERS\flpydisk.sys
10:43:39.0173 4448	flpydisk - ok
10:43:39.0232 4448	FltMgr          (01334f9ea68e6877c4ef05d3ea8abb05) C:\Windows\system32\drivers\fltmgr.sys
10:43:39.0263 4448	FltMgr - ok
10:43:39.0423 4448	FontCache       (8ce364388c8eca59b14b539179276d44) C:\Windows\system32\FntCache.dll
10:43:39.0562 4448	FontCache - ok
10:43:39.0664 4448	FontCache3.0.0.0 (c7fbdd1ed42f82bfa35167a5c9803ea3) C:\Windows\Microsoft.Net\Framework\v3.0\WPF\PresentationFontCache.exe
10:43:39.0686 4448	FontCache3.0.0.0 - ok
10:43:39.0713 4448	Fs_Rec          (b972a66758577e0bfd1de0f91aaa27b5) C:\Windows\system32\drivers\Fs_Rec.sys
10:43:39.0785 4448	Fs_Rec - ok
10:43:39.0816 4448	gagp30kx        (4e1cd0a45c50a8882616cae5bf82f3c5) C:\Windows\system32\drivers\gagp30kx.sys
10:43:39.0839 4448	gagp30kx - ok
10:43:39.0942 4448	GnabService     (51b2d8629e1a0f463682f365d56325cb) c:\program files\common files\gnab\service\servicecontroller.exe
10:43:39.0949 4448	GnabService ( UnsignedFile.Multi.Generic ) - warning
10:43:39.0949 4448	GnabService - detected UnsignedFile.Multi.Generic (1)
10:43:40.0062 4448	GoogleDesktopManager-051210-111108 (9f5f2f0fb0a7f5aa9f16b9a7b6dad89f) C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe
10:43:40.0082 4448	GoogleDesktopManager-051210-111108 - ok
10:43:40.0209 4448	gpsvc           (cd5d0aeee35dfd4e986a5aa1500a6e66) C:\Windows\System32\gpsvc.dll
10:43:40.0335 4448	gpsvc - ok
10:43:40.0409 4448	gupdate1c98d4a81d4e800 (626a24ed1228580b9518c01930936df9) C:\Program Files\Google\Update\GoogleUpdate.exe
10:43:40.0430 4448	gupdate1c98d4a81d4e800 - ok
10:43:40.0450 4448	gupdatem        (626a24ed1228580b9518c01930936df9) C:\Program Files\Google\Update\GoogleUpdate.exe
10:43:40.0471 4448	gupdatem - ok
10:43:40.0528 4448	gusvc           (408ddd80eede47175f6844817b90213e) C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
10:43:40.0552 4448	gusvc - ok
10:43:40.0624 4448	HdAudAddService (cb04c744be0a61b1d648faed182c3b59) C:\Windows\system32\drivers\HdAudio.sys
10:43:40.0728 4448	HdAudAddService - ok
10:43:40.0809 4448	HDAudBus        (062452b7ffd68c8c042a6261fe8dff4a) C:\Windows\system32\DRIVERS\HDAudBus.sys
10:43:40.0902 4448	HDAudBus - ok
10:43:40.0931 4448	HidBth          (fcb3f4be408f72c1bd81bcaba87fc22f) C:\Windows\system32\DRIVERS\hidbth.sys
10:43:40.0982 4448	HidBth - ok
10:43:41.0005 4448	HidIr           (ff3160c3a2445128c5a6d9b076da519e) C:\Windows\system32\drivers\hidir.sys
10:43:41.0109 4448	HidIr - ok
10:43:41.0152 4448	hidserv         (84067081f3318162797385e11a8f0582) C:\Windows\system32\hidserv.dll
10:43:41.0193 4448	hidserv - ok
10:43:41.0231 4448	HidUsb          (cca4b519b17e23a00b826c55716809cc) C:\Windows\system32\DRIVERS\hidusb.sys
10:43:41.0295 4448	HidUsb - ok
10:43:41.0339 4448	hkmsvc          (d8ad255b37da92434c26e4876db7d418) C:\Windows\system32\kmsvc.dll
10:43:41.0389 4448	hkmsvc - ok
10:43:41.0411 4448	Hotkey          (8b566ea71d5b76157a9cdb78f25a5731) C:\Windows\system32\drivers\Hotkey.sys
10:43:41.0429 4448	Hotkey ( UnsignedFile.Multi.Generic ) - warning
10:43:41.0429 4448	Hotkey - detected UnsignedFile.Multi.Generic (1)
10:43:41.0453 4448	HpCISSs         (df353b401001246853763c4b7aaa6f50) C:\Windows\system32\drivers\hpcisss.sys
10:43:41.0476 4448	HpCISSs - ok
10:43:41.0550 4448	HTTP            (f870aa3e254628ebeafe754108d664de) C:\Windows\system32\drivers\HTTP.sys
10:43:41.0617 4448	HTTP - ok
10:43:41.0647 4448	i2omp           (324c2152ff2c61abae92d09f3cca4d63) C:\Windows\system32\drivers\i2omp.sys
10:43:41.0669 4448	i2omp - ok
10:43:41.0725 4448	i8042prt        (22d56c8184586b7a1f6fa60be5f5a2bd) C:\Windows\system32\DRIVERS\i8042prt.sys
10:43:41.0774 4448	i8042prt - ok
10:43:41.0900 4448	IAANTMON        (204a73a56751c68c6031e9d5d611ec98) C:\Program Files\Intel\Intel Matrix Storage Manager\Iaantmon.exe
10:43:41.0934 4448	IAANTMON - ok
10:43:41.0994 4448	iaStor          (2358c53f30cb9dcd1d3843c4e2f299b2) C:\Windows\system32\DRIVERS\iaStor.sys
10:43:42.0020 4448	iaStor - ok
10:43:42.0070 4448	iaStorV         (c957bf4b5d80b46c5017bf0101e6c906) C:\Windows\system32\drivers\iastorv.sys
10:43:42.0099 4448	iaStorV - ok
10:43:42.0257 4448	idsvc           (98477b08e61945f974ed9fdc4cb6bdab) C:\Windows\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\infocard.exe
10:43:42.0367 4448	idsvc - ok
10:43:42.0599 4448	igfx            (c134e69ce901422d1f2d7ea8d69098fe) C:\Windows\system32\DRIVERS\igdkmd32.sys
10:43:42.0799 4448	igfx - ok
10:43:42.0970 4448	iirsp           (2d077bf86e843f901d8db709c95b49a5) C:\Windows\system32\drivers\iirsp.sys
10:43:42.0993 4448	iirsp - ok
10:43:43.0067 4448	IKEEXT          (9908d8a397b76cd8d31d0d383c5773c9) C:\Windows\System32\ikeext.dll
10:43:43.0142 4448	IKEEXT - ok
10:43:43.0382 4448	IntcAzAudAddService (0f16d98c3af2138fabfa20adde4e01fe) C:\Windows\system32\drivers\RTKVHDA.sys
10:43:43.0552 4448	IntcAzAudAddService - ok
10:43:43.0738 4448	intelide        (83aa759f3189e6370c30de5dc5590718) C:\Windows\system32\drivers\intelide.sys
10:43:43.0763 4448	intelide - ok
10:43:43.0801 4448	intelppm        (224191001e78c89dfa78924c3ea595ff) C:\Windows\system32\DRIVERS\intelppm.sys
10:43:43.0867 4448	intelppm - ok
10:43:43.0900 4448	IPBusEnum       (9ac218c6e6105477484c6fdbe7d409a4) C:\Windows\system32\ipbusenum.dll
10:43:43.0964 4448	IPBusEnum - ok
10:43:43.0992 4448	ipdll2k - ok
10:43:44.0022 4448	IpFilterDriver  (62c265c38769b864cb25b4bcf62df6c3) C:\Windows\system32\DRIVERS\ipfltdrv.sys
10:43:44.0088 4448	IpFilterDriver - ok
10:43:44.0094 4448	IpInIp - ok
10:43:44.0142 4448	IPMIDRV         (40f34f8aba2a015d780e4b09138b6c17) C:\Windows\system32\drivers\ipmidrv.sys
10:43:44.0235 4448	IPMIDRV - ok
10:43:44.0276 4448	IPNAT           (8793643a67b42cec66490b2a0cf92d68) C:\Windows\system32\DRIVERS\ipnat.sys
10:43:44.0350 4448	IPNAT - ok
10:43:44.0385 4448	IRENUM          (109c0dfb82c3632fbd11949b73aeeac9) C:\Windows\system32\drivers\irenum.sys
10:43:44.0451 4448	IRENUM - ok
10:43:44.0477 4448	isapnp          (350fca7e73cf65bcef43fae1e4e91293) C:\Windows\system32\drivers\isapnp.sys
10:43:44.0500 4448	isapnp - ok
10:43:44.0541 4448	iScsiPrt        (232fa340531d940aac623b121a595034) C:\Windows\system32\DRIVERS\msiscsi.sys
10:43:44.0572 4448	iScsiPrt - ok
10:43:44.0590 4448	iteatapi        (bced60d16156e428f8df8cf27b0df150) C:\Windows\system32\drivers\iteatapi.sys
10:43:44.0613 4448	iteatapi - ok
10:43:44.0629 4448	iteraid         (06fa654504a498c30adca8bec4e87e7e) C:\Windows\system32\drivers\iteraid.sys
10:43:44.0651 4448	iteraid - ok
10:43:44.0685 4448	kbdclass        (37605e0a8cf00cbba538e753e4344c6e) C:\Windows\system32\DRIVERS\kbdclass.sys
10:43:44.0710 4448	kbdclass - ok
10:43:44.0740 4448	kbdhid          (ede59ec70e25c24581add1fbec7325f7) C:\Windows\system32\DRIVERS\kbdhid.sys
10:43:44.0793 4448	kbdhid - ok
10:43:44.0840 4448	KeyIso          (a3e186b4b935905b829219502557314e) C:\Windows\system32\lsass.exe
10:43:44.0904 4448	KeyIso - ok
10:43:44.0979 4448	KSecDD          (2b2f1638466e8cb091400c9019cc730e) C:\Windows\system32\Drivers\ksecdd.sys
10:43:45.0028 4448	KSecDD - ok
10:43:45.0083 4448	KtmRm           (8078f8f8f7a79e2e6b494523a828c585) C:\Windows\system32\msdtckrm.dll
10:43:45.0181 4448	KtmRm - ok
10:43:45.0233 4448	LanmanServer    (1bf5eebfd518dd7298434d8c862f825d) C:\Windows\system32\srvsvc.dll
10:43:45.0283 4448	LanmanServer - ok
10:43:45.0330 4448	LanmanWorkstation (1db69705b695b987082c8baec0c6b34f) C:\Windows\System32\wkssvc.dll
10:43:45.0394 4448	LanmanWorkstation - ok
10:43:45.0488 4448	LightScribeService (6e5dac168d1ff9843e84a59d51d31107) C:\Program Files\Common Files\LightScribe\LSSrvc.exe
10:43:45.0511 4448	LightScribeService ( UnsignedFile.Multi.Generic ) - warning
10:43:45.0512 4448	LightScribeService - detected UnsignedFile.Multi.Generic (1)
10:43:45.0548 4448	lltdio          (d1c5883087a0c3f1344d9d55a44901f6) C:\Windows\system32\DRIVERS\lltdio.sys
10:43:45.0636 4448	lltdio - ok
10:43:45.0694 4448	lltdsvc         (2d5a428872f1442631d0959a34abff63) C:\Windows\System32\lltdsvc.dll
10:43:45.0759 4448	lltdsvc - ok
10:43:45.0785 4448	lmhosts         (35d40113e4a5b961b6ce5c5857702518) C:\Windows\System32\lmhsvc.dll
10:43:45.0881 4448	lmhosts - ok
10:43:45.0932 4448	LSI_FC          (a2262fb9f28935e862b4db46438c80d2) C:\Windows\system32\drivers\lsi_fc.sys
10:43:45.0955 4448	LSI_FC - ok
10:43:45.0977 4448	LSI_SAS         (30d73327d390f72a62f32c103daf1d6d) C:\Windows\system32\drivers\lsi_sas.sys
10:43:46.0000 4448	LSI_SAS - ok
10:43:46.0022 4448	LSI_SCSI        (e1e36fefd45849a95f1ab81de0159fe3) C:\Windows\system32\drivers\lsi_scsi.sys
10:43:46.0046 4448	LSI_SCSI - ok
10:43:46.0091 4448	luafv           (8f5c7426567798e62a3b3614965d62cc) C:\Windows\system32\drivers\luafv.sys
10:43:46.0159 4448	luafv - ok
10:43:46.0203 4448	MBAMProtector   (fb097bbc1a18f044bd17bd2fccf97865) C:\Windows\system32\drivers\mbam.sys
10:43:46.0226 4448	MBAMProtector - ok
10:43:46.0329 4448	MBAMService     (ba400ed640bca1eae5c727ae17c10207) C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe
10:43:46.0372 4448	MBAMService - ok
10:43:46.0403 4448	Mcx2Svc         (aef9babb8a506bc4ce0451a64aaded46) C:\Windows\system32\Mcx2Svc.dll
10:43:46.0454 4448	Mcx2Svc - ok
10:43:46.0493 4448	megasas         (d153b14fc6598eae8422a2037553adce) C:\Windows\system32\drivers\megasas.sys
10:43:46.0517 4448	megasas - ok
10:43:46.0626 4448	Microsoft Office Groove Audit Service (123271bd5237ab991dc5c21fdf8835eb) C:\Program Files\Microsoft Office\Office12\GrooveAuditService.exe
10:43:46.0648 4448	Microsoft Office Groove Audit Service - ok
10:43:46.0676 4448	MMCSS           (1076ffcffaae8385fd62dfcb25ac4708) C:\Windows\system32\mmcss.dll
10:43:46.0749 4448	MMCSS - ok
10:43:46.0785 4448	Modem           (e13b5ea0f51ba5b1512ec671393d09ba) C:\Windows\system32\drivers\modem.sys
10:43:46.0835 4448	Modem - ok
10:43:46.0863 4448	monitor         (0a9bb33b56e294f686abb7c1e4e2d8a8) C:\Windows\system32\DRIVERS\monitor.sys
10:43:46.0926 4448	monitor - ok
10:43:46.0959 4448	mouclass        (5bf6a1326a335c5298477754a506d263) C:\Windows\system32\DRIVERS\mouclass.sys
10:43:46.0984 4448	mouclass - ok
10:43:47.0006 4448	mouhid          (93b8d4869e12cfbe663915502900876f) C:\Windows\system32\DRIVERS\mouhid.sys
10:43:47.0057 4448	mouhid - ok
10:43:47.0093 4448	MountMgr        (bdafc88aa6b92f7842416ea6a48e1600) C:\Windows\system32\drivers\mountmgr.sys
10:43:47.0118 4448	MountMgr - ok
10:43:47.0188 4448	MozillaMaintenance (15d5398eed42c2504bb3d4fc875c15d1) C:\Program Files\Mozilla Maintenance Service\maintenanceservice.exe
10:43:47.0213 4448	MozillaMaintenance - ok
10:43:47.0267 4448	mpio            (583a41f26278d9e0ea548163d6139397) C:\Windows\system32\drivers\mpio.sys
10:43:47.0292 4448	mpio - ok
10:43:47.0331 4448	mpsdrv          (22241feba9b2defa669c8cb0a8dd7d2e) C:\Windows\system32\drivers\mpsdrv.sys
10:43:47.0404 4448	mpsdrv - ok
10:43:47.0446 4448	Mraid35x        (4fbbb70d30fd20ec51f80061703b001e) C:\Windows\system32\drivers\mraid35x.sys
10:43:47.0469 4448	Mraid35x - ok
10:43:47.0504 4448	MRxDAV          (82cea0395524aacfeb58ba1448e8325c) C:\Windows\system32\drivers\mrxdav.sys
10:43:47.0548 4448	MRxDAV - ok
10:43:47.0594 4448	mrxsmb          (1e94971c4b446ab2290deb71d01cf0c2) C:\Windows\system32\DRIVERS\mrxsmb.sys
10:43:47.0635 4448	mrxsmb - ok
10:43:47.0697 4448	mrxsmb10        (4fccb34d793b116423209c0f8b7a3b03) C:\Windows\system32\DRIVERS\mrxsmb10.sys
10:43:47.0743 4448	mrxsmb10 - ok
10:43:47.0754 4448	mrxsmb20        (c3cb1b40ad4a0124d617a1199b0b9d7c) C:\Windows\system32\DRIVERS\mrxsmb20.sys
10:43:47.0780 4448	mrxsmb20 - ok
10:43:47.0820 4448	msahci          (86068b8b54a5eb092f51657f00b2222a) C:\Windows\system32\drivers\msahci.sys
10:43:47.0844 4448	msahci - ok
10:43:47.0865 4448	msdsm           (3fc82a2ae4cc149165a94699183d3028) C:\Windows\system32\drivers\msdsm.sys
10:43:47.0889 4448	msdsm - ok
10:43:47.0938 4448	MSDTC           (fd7520cc3a80c5fc8c48852bb24c6ded) C:\Windows\System32\msdtc.exe
10:43:48.0004 4448	MSDTC - ok
10:43:48.0050 4448	Msfs            (a9927f4a46b816c92f461acb90cf8515) C:\Windows\system32\drivers\Msfs.sys
10:43:48.0110 4448	Msfs - ok
10:43:48.0148 4448	msisadrv        (0f400e306f385c56317357d6dea56f62) C:\Windows\system32\drivers\msisadrv.sys
10:43:48.0173 4448	msisadrv - ok
10:43:48.0215 4448	MSiSCSI         (85466c0757a23d9a9aecdc0755203cb2) C:\Windows\system32\iscsiexe.dll
10:43:48.0283 4448	MSiSCSI - ok
10:43:48.0289 4448	msiserver - ok
10:43:48.0332 4448	MSKSSRV         (d8c63d34d9c9e56c059e24ec7185cc07) C:\Windows\system32\drivers\MSKSSRV.sys
10:43:48.0395 4448	MSKSSRV - ok
10:43:48.0439 4448	MSPCLOCK        (1d373c90d62ddb641d50e55b9e78d65e) C:\Windows\system32\drivers\MSPCLOCK.sys
10:43:48.0487 4448	MSPCLOCK - ok
10:43:48.0527 4448	MSPQM           (b572da05bf4e098d4bba3a4734fb505b) C:\Windows\system32\drivers\MSPQM.sys
10:43:48.0577 4448	MSPQM - ok
10:43:48.0617 4448	MsRPC           (b49456d70555de905c311bcda6ec6adb) C:\Windows\system32\drivers\MsRPC.sys
10:43:48.0649 4448	MsRPC - ok
10:43:48.0685 4448	mssmbios        (e384487cb84be41d09711c30ca79646c) C:\Windows\system32\DRIVERS\mssmbios.sys
10:43:48.0710 4448	mssmbios - ok
10:43:48.0746 4448	MSTEE           (7199c1eec1e4993caf96b8c0a26bd58a) C:\Windows\system32\drivers\MSTEE.sys
10:43:48.0823 4448	MSTEE - ok
10:43:48.0923 4448	MTOnlPktAlyX    (493138c4f4119e938427da02486f09cb) C:\PROGRA~1\T-Online\T-ONLI~1\BASIS-~1\Basis1\MTOnlPktAlyX.SYS
10:43:48.0948 4448	MTOnlPktAlyX ( UnsignedFile.Multi.Generic ) - warning
10:43:48.0948 4448	MTOnlPktAlyX - detected UnsignedFile.Multi.Generic (1)
10:43:48.0958 4448	Mup             (6a57b5733d4cb702c8ea4542e836b96c) C:\Windows\system32\Drivers\mup.sys
10:43:48.0985 4448	Mup - ok
10:43:49.0043 4448	napagent        (e4eaf0c5c1b41b5c83386cf212ca9584) C:\Windows\system32\qagentRT.dll
10:43:49.0091 4448	napagent - ok
10:43:49.0153 4448	NativeWifiP     (85c44fdff9cf7e72a40dcb7ec06a4416) C:\Windows\system32\DRIVERS\nwifi.sys
10:43:49.0223 4448	NativeWifiP - ok
10:43:49.0379 4448	NBService       (9576cc8e84f7ceda9189cdda1cfd4bc1) C:\Program Files\Nero\Nero 7\Nero BackItUp\NBService.exe
10:43:49.0462 4448	NBService ( UnsignedFile.Multi.Generic ) - warning
10:43:49.0462 4448	NBService - detected UnsignedFile.Multi.Generic (1)
10:43:49.0554 4448	NDIS            (1357274d1883f68300aeadd15d7bbb42) C:\Windows\system32\drivers\ndis.sys
10:43:49.0599 4448	NDIS - ok
10:43:49.0640 4448	NdisTapi        (0e186e90404980569fb449ba7519ae61) C:\Windows\system32\DRIVERS\ndistapi.sys
10:43:49.0698 4448	NdisTapi - ok
10:43:49.0739 4448	Ndisuio         (d6973aa34c4d5d76c0430b181c3cd389) C:\Windows\system32\DRIVERS\ndisuio.sys
10:43:49.0788 4448	Ndisuio - ok
10:43:49.0827 4448	NdisWan         (818f648618ae34f729fdb47ec68345c3) C:\Windows\system32\DRIVERS\ndiswan.sys
10:43:49.0868 4448	NdisWan - ok
10:43:49.0896 4448	NDProxy         (71dab552b41936358f3b541ae5997fb3) C:\Windows\system32\drivers\NDProxy.sys
10:43:49.0936 4448	NDProxy - ok
10:43:49.0978 4448	NetBIOS         (bcd093a5a6777cf626434568dc7dba78) C:\Windows\system32\DRIVERS\netbios.sys
10:43:50.0026 4448	NetBIOS - ok
10:43:50.0068 4448	netbt           (ecd64230a59cbd93c85f1cd1cab9f3f6) C:\Windows\system32\DRIVERS\netbt.sys
10:43:50.0127 4448	netbt - ok
10:43:50.0172 4448	Netlogon        (a3e186b4b935905b829219502557314e) C:\Windows\system32\lsass.exe
10:43:50.0198 4448	Netlogon - ok
10:43:50.0260 4448	Netman          (c8052711daecc48b982434c5116ca401) C:\Windows\System32\netman.dll
10:43:50.0328 4448	Netman - ok
10:43:50.0377 4448	netprofm        (2ef3bbe22e5a5acd1428ee387a0d0172) C:\Windows\System32\netprofm.dll
10:43:50.0433 4448	netprofm - ok
10:43:50.0502 4448	NetTcpPortSharing (d6c4e4a39a36029ac0813d476fbd0248) C:\Windows\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\SMSvcHost.exe
10:43:50.0526 4448	NetTcpPortSharing - ok
10:43:50.0723 4448	NETw3v32        (a15f219208843a5a210c8cb391384453) C:\Windows\system32\DRIVERS\NETw3v32.sys
10:43:50.0969 4448	NETw3v32 - ok
10:43:51.0374 4448	NETw4v32        (dd194a025d1c0472f45f57de8d8388eb) C:\Windows\system32\DRIVERS\NETw4v32.sys
10:43:51.0621 4448	NETw4v32 - ok
10:43:51.0743 4448	nfrd960         (2e7fb731d4790a1bc6270accefacb36e) C:\Windows\system32\drivers\nfrd960.sys
10:43:51.0766 4448	nfrd960 - ok
10:43:51.0818 4448	NlaSvc          (2997b15415f9bbe05b5a4c1c85e0c6a2) C:\Windows\System32\nlasvc.dll
10:43:51.0893 4448	NlaSvc - ok
10:43:52.0003 4448	NMIndexingService (c4ebbbd7165be535f0bfd06b80601d91) C:\Program Files\Common Files\Ahead\Lib\NMIndexingService.exe
10:43:52.0043 4448	NMIndexingService ( UnsignedFile.Multi.Generic ) - warning
10:43:52.0043 4448	NMIndexingService - detected UnsignedFile.Multi.Generic (1)
10:43:52.0106 4448	NPF             (b48dc6abcd3aeff8618350ccbdc6b09a) C:\Windows\system32\drivers\npf.sys
10:43:52.0125 4448	NPF - ok
10:43:52.0158 4448	Npfs            (d36f239d7cce1931598e8fb90a0dbc26) C:\Windows\system32\drivers\Npfs.sys
10:43:52.0197 4448	Npfs - ok
10:43:52.0231 4448	nsi             (8bb86f0c7eea2bded6fe095d0b4ca9bd) C:\Windows\system32\nsisvc.dll
10:43:52.0297 4448	nsi - ok
10:43:52.0325 4448	nsiproxy        (609773e344a97410ce4ebf74a8914fcf) C:\Windows\system32\drivers\nsiproxy.sys
10:43:52.0388 4448	nsiproxy - ok
10:43:52.0524 4448	Ntfs            (6a4a98cee84cf9e99564510dda4baa47) C:\Windows\system32\drivers\Ntfs.sys
10:43:52.0613 4448	Ntfs - ok
10:43:52.0655 4448	ntrigdigi       (e875c093aec0c978a90f30c9e0dfbb72) C:\Windows\system32\drivers\ntrigdigi.sys
10:43:52.0738 4448	ntrigdigi - ok
10:43:52.0766 4448	Null            (c5dbbcda07d780bda9b685df333bb41e) C:\Windows\system32\drivers\Null.sys
10:43:52.0814 4448	Null - ok
10:43:52.0837 4448	nvraid          (e69e946f80c1c31c53003bfbf50cbb7c) C:\Windows\system32\drivers\nvraid.sys
10:43:52.0862 4448	nvraid - ok
10:43:52.0884 4448	nvstor          (9e0ba19a28c498a6d323d065db76dffc) C:\Windows\system32\drivers\nvstor.sys
10:43:52.0907 4448	nvstor - ok
10:43:52.0936 4448	nv_agp          (07c186427eb8fcc3d8d7927187f260f7) C:\Windows\system32\drivers\nv_agp.sys
10:43:52.0961 4448	nv_agp - ok
10:43:52.0968 4448	NwlnkFlt - ok
10:43:52.0978 4448	NwlnkFwd - ok
10:43:53.0120 4448	odserv          (785f487a64950f3cb8e9f16253ba3b7b) C:\Program Files\Common Files\Microsoft Shared\OFFICE12\ODSERV.EXE
10:43:53.0159 4448	odserv - ok
10:43:53.0193 4448	ohci1394        (be32da025a0be1878f0ee8d6d9386cd5) C:\Windows\system32\DRIVERS\ohci1394.sys
10:43:53.0296 4448	ohci1394 - ok
10:43:53.0339 4448	omniserv        (5d6e8243445e1e8356c27edd1fd76745) C:\Program Files\Softex\OmniPass\OmniServ.exe
10:43:53.0368 4448	omniserv ( UnsignedFile.Multi.Generic ) - warning
10:43:53.0369 4448	omniserv - detected UnsignedFile.Multi.Generic (1)
10:43:53.0447 4448	ose             (5a432a042dae460abe7199b758e8606c) C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE
10:43:53.0471 4448	ose - ok
10:43:53.0584 4448	p2pimsvc        (0c8e8e61ad1eb0b250b846712c917506) C:\Windows\system32\p2psvc.dll
10:43:53.0695 4448	p2pimsvc - ok
10:43:53.0709 4448	p2psvc          (0c8e8e61ad1eb0b250b846712c917506) C:\Windows\system32\p2psvc.dll
10:43:53.0755 4448	p2psvc - ok
10:43:53.0818 4448	Parport         (0fa9b5055484649d63c303fe404e5f4d) C:\Windows\system32\DRIVERS\parport.sys
10:43:53.0904 4448	Parport - ok
10:43:53.0936 4448	partmgr         (b9c2b89f08670e159f7181891e449cd9) C:\Windows\system32\drivers\partmgr.sys
10:43:53.0962 4448	partmgr - ok
10:43:53.0985 4448	Parvdm          (4f9a6a8a31413180d0fcb279ad5d8112) C:\Windows\system32\DRIVERS\parvdm.sys
10:43:54.0088 4448	Parvdm - ok
10:43:54.0128 4448	PcaSvc          (c6276ad11f4bb49b58aa1ed88537f14a) C:\Windows\System32\pcasvc.dll
10:43:54.0197 4448	PcaSvc - ok
10:43:54.0247 4448	pci             (941dc1d19e7e8620f40bbc206981efdb) C:\Windows\system32\drivers\pci.sys
10:43:54.0276 4448	pci - ok
10:43:54.0305 4448	pciide          (304048c2565a803d091cca1ac945f593) C:\Windows\system32\drivers\pciide.sys
10:43:54.0330 4448	pciide - ok
10:43:54.0365 4448	pcmcia          (e6f3fb1b86aa519e7698ad05e58b04e5) C:\Windows\system32\drivers\pcmcia.sys
10:43:54.0391 4448	pcmcia - ok
10:43:54.0516 4448	PEAUTH          (6349f6ed9c623b44b52ea3c63c831a92) C:\Windows\system32\drivers\peauth.sys
10:43:54.0719 4448	PEAUTH - ok
10:43:54.0914 4448	PhilCap         (f433b5aa6dbac3c8626eefaf134e4763) C:\Windows\system32\DRIVERS\PhilCap.sys
10:43:55.0107 4448	PhilCap - ok
10:43:55.0291 4448	pla             (b1689df169143f57053f795390c99db3) C:\Windows\system32\pla.dll
10:43:55.0486 4448	pla - ok
10:43:55.0655 4448	PlugPlay        (c5e7f8a996ec0a82d508fd9064a5569e) C:\Windows\system32\umpnpmgr.dll
10:43:55.0700 4448	PlugPlay - ok
10:43:55.0790 4448	PNRPAutoReg     (0c8e8e61ad1eb0b250b846712c917506) C:\Windows\system32\p2psvc.dll
10:43:55.0862 4448	PNRPAutoReg - ok
10:43:55.0875 4448	PNRPsvc         (0c8e8e61ad1eb0b250b846712c917506) C:\Windows\system32\p2psvc.dll
10:43:55.0922 4448	PNRPsvc - ok
10:43:55.0998 4448	PolicyAgent     (d0494460421a03cd5225cca0059aa146) C:\Windows\System32\ipsecsvc.dll
10:43:56.0101 4448	PolicyAgent - ok
10:43:56.0173 4448	PptpMiniport    (ecfffaec0c1ecd8dbc77f39070ea1db1) C:\Windows\system32\DRIVERS\raspptp.sys
10:43:56.0248 4448	PptpMiniport - ok
10:43:56.0295 4448	Processor       (0e3cef5d28b40cf273281d620c50700a) C:\Windows\system32\drivers\processr.sys
10:43:56.0390 4448	Processor - ok
10:43:56.0439 4448	ProfSvc         (0508faa222d28835310b7bfca7a77346) C:\Windows\system32\profsvc.dll
10:43:56.0482 4448	ProfSvc - ok
10:43:56.0526 4448	ProtectedStorage (a3e186b4b935905b829219502557314e) C:\Windows\system32\lsass.exe
10:43:56.0552 4448	ProtectedStorage - ok
10:43:56.0616 4448	PSched          (99514faa8df93d34b5589187db3aa0ba) C:\Windows\system32\DRIVERS\pacer.sys
10:43:56.0655 4448	PSched - ok
10:43:56.0774 4448	ql2300          (ccdac889326317792480c0a67156a1ec) C:\Windows\system32\drivers\ql2300.sys
10:43:56.0844 4448	ql2300 - ok
10:43:56.0876 4448	ql40xx          (81a7e5c076e59995d54bc1ed3a16e60b) C:\Windows\system32\drivers\ql40xx.sys
10:43:56.0901 4448	ql40xx - ok
10:43:56.0961 4448	QWAVE           (e9ecae663f47e6cb43962d18ab18890f) C:\Windows\system32\qwave.dll
10:43:57.0019 4448	QWAVE - ok
10:43:57.0058 4448	QWAVEdrv        (9f5e0e1926014d17486901c88eca2db7) C:\Windows\system32\drivers\qwavedrv.sys
10:43:57.0095 4448	QWAVEdrv - ok
10:43:57.0343 4448	R300            (e642b131fb74caf4bb8a014f31113142) C:\Windows\system32\DRIVERS\atikmdag.sys
10:43:57.0570 4448	R300 - ok
10:43:57.0695 4448	RapiMgr         (70dbdab246c18b78e2200d6401d038be) C:\Windows\WindowsMobile\rapimgr.dll
10:43:57.0760 4448	RapiMgr - ok
10:43:57.0904 4448	RasAcd          (147d7f9c556d259924351feb0de606c3) C:\Windows\system32\DRIVERS\rasacd.sys
10:43:57.0977 4448	RasAcd - ok
10:43:58.0020 4448	RasAuto         (f6a452eb4ceadbb51c9e0ee6b3ecef0f) C:\Windows\System32\rasauto.dll
10:43:58.0082 4448	RasAuto - ok
10:43:58.0128 4448	Rasl2tp         (a214adbaf4cb47dd2728859ef31f26b0) C:\Windows\system32\DRIVERS\rasl2tp.sys
10:43:58.0195 4448	Rasl2tp - ok
10:43:58.0266 4448	RasMan          (75d47445d70ca6f9f894b032fbc64fcf) C:\Windows\System32\rasmans.dll
10:43:58.0312 4448	RasMan - ok
10:43:58.0345 4448	RasPppoe        (509a98dd18af4375e1fc40bc175f1def) C:\Windows\system32\DRIVERS\raspppoe.sys
10:43:58.0384 4448	RasPppoe - ok
10:43:58.0421 4448	RasSstp         (2005f4a1e05fa09389ac85840f0a9e4d) C:\Windows\system32\DRIVERS\rassstp.sys
10:43:58.0447 4448	RasSstp - ok
10:43:58.0505 4448	rdbss           (b14c9d5b9add2f84f70570bbbfaa7935) C:\Windows\system32\DRIVERS\rdbss.sys
10:43:58.0565 4448	rdbss - ok
10:43:58.0602 4448	RDPCDD          (89e59be9a564262a3fb6c4f4f1cd9899) C:\Windows\system32\DRIVERS\RDPCDD.sys
10:43:58.0662 4448	RDPCDD - ok
10:43:58.0729 4448	rdpdr           (e8bd98d46f2ed77132ba927fccb47d8b) C:\Windows\system32\drivers\rdpdr.sys
10:43:58.0831 4448	rdpdr - ok
10:43:58.0854 4448	RDPENCDD        (9d91fe5286f748862ecffa05f8a0710c) C:\Windows\system32\drivers\rdpencdd.sys
10:43:58.0904 4448	RDPENCDD - ok
10:43:58.0960 4448	RDPWD           (c127ebd5afab31524662c48dfceb773a) C:\Windows\system32\drivers\RDPWD.sys
10:43:59.0032 4448	RDPWD - ok
10:43:59.0106 4448	RemoteAccess    (bcdd6b4804d06b1f7ebf29e53a57ece9) C:\Windows\System32\mprdim.dll
10:43:59.0159 4448	RemoteAccess - ok
10:43:59.0199 4448	RemoteRegistry  (9e6894ea18daff37b63e1005f83ae4ab) C:\Windows\system32\regsvc.dll
10:43:59.0258 4448	RemoteRegistry - ok
10:43:59.0313 4448	RFCOMM          (6482707f9f4da0ecbab43b2e0398a101) C:\Windows\system32\DRIVERS\rfcomm.sys
10:43:59.0379 4448	RFCOMM - ok
10:43:59.0497 4448	RichVideo       (4d05898896ec49cf663dda61041ab096) C:\Program Files\CyberLink\Shared Files\RichVideo.exe
10:43:59.0523 4448	RichVideo - ok
10:43:59.0563 4448	rpcapd          (b60f58f175de20a6739194e85b035178) C:\Program Files\WinPcap\rpcapd.exe
10:43:59.0583 4448	rpcapd - ok
10:43:59.0614 4448	RpcLocator      (5123f83cbc4349d065534eeb6bbdc42b) C:\Windows\system32\locator.exe
10:43:59.0664 4448	RpcLocator - ok
10:43:59.0746 4448	RpcSs           (3b5b4d53fec14f7476ca29a20cc31ac9) C:\Windows\system32\rpcss.dll
10:43:59.0800 4448	RpcSs - ok
10:43:59.0834 4448	rspndr          (9c508f4074a39e8b4b31d27198146fad) C:\Windows\system32\DRIVERS\rspndr.sys
10:43:59.0884 4448	rspndr - ok
10:43:59.0913 4448	RTL8169         (b8b159fa669c6386a458fcd468ebb1e6) C:\Windows\system32\DRIVERS\Rtlh86.sys
10:43:59.0987 4448	RTL8169 - ok
10:44:00.0039 4448	RTSTOR          (d6d7c67a6df41898d9cf11c734690254) C:\Windows\system32\drivers\RTSTOR.SYS
10:44:00.0118 4448	RTSTOR - ok
10:44:00.0188 4448	s816bus         (8c156e6b568aa927eb5deadeb870bdd2) C:\Windows\system32\DRIVERS\s816bus.sys
10:44:00.0209 4448	s816bus - ok
10:44:00.0271 4448	s816mdfl        (d4ed429953a2b8b09c702805813a26c8) C:\Windows\system32\DRIVERS\s816mdfl.sys
10:44:00.0288 4448	s816mdfl - ok
10:44:00.0327 4448	s816mdm         (94306f371a6ff8b690bea81157111b3b) C:\Windows\system32\DRIVERS\s816mdm.sys
10:44:00.0346 4448	s816mdm - ok
10:44:00.0372 4448	s816mgmt        (fafdd00abad1b6029bf7f4067764ab41) C:\Windows\system32\DRIVERS\s816mgmt.sys
10:44:00.0395 4448	s816mgmt - ok
10:44:00.0423 4448	s816nd5         (fd0d1e39cb22558d79bff59b66a5874a) C:\Windows\system32\DRIVERS\s816nd5.sys
10:44:00.0443 4448	s816nd5 - ok
10:44:00.0473 4448	s816obex        (8eacd5e46764463e75f171d9bf305348) C:\Windows\system32\DRIVERS\s816obex.sys
10:44:00.0492 4448	s816obex - ok
10:44:00.0522 4448	s816unic        (e2090b041b935430abc8e184b7d6cd75) C:\Windows\system32\DRIVERS\s816unic.sys
10:44:00.0543 4448	s816unic - ok
10:44:00.0592 4448	SamSs           (a3e186b4b935905b829219502557314e) C:\Windows\system32\lsass.exe
10:44:00.0617 4448	SamSs - ok
10:44:00.0653 4448	sbp2port        (3ce8f073a557e172b330109436984e30) C:\Windows\system32\drivers\sbp2port.sys
10:44:00.0677 4448	sbp2port - ok
10:44:00.0729 4448	SCardSvr        (77b7a11a0c3d78d3386398fbbea1b632) C:\Windows\System32\SCardSvr.dll
10:44:00.0801 4448	SCardSvr - ok
10:44:00.0890 4448	Schedule        (1a58069db21d05eb2ab58ee5753ebe8d) C:\Windows\system32\schedsvc.dll
10:44:00.0996 4448	Schedule - ok
10:44:01.0030 4448	SCPolicySvc     (312ec3e37a0a1f2006534913e37b4423) C:\Windows\System32\certprop.dll
10:44:01.0068 4448	SCPolicySvc - ok
10:44:01.0107 4448	SDRSVC          (716313d9f6b0529d03f726d5aaf6f191) C:\Windows\System32\SDRSVC.dll
10:44:01.0155 4448	SDRSVC - ok
10:44:01.0284 4448	SearchAnonymizer (0f4a80438e7286a0e623582f5f2395bd) C:\Users\XXX\AppData\Roaming\OCS\SM\SearchAnonymizerHelper.exe
10:44:01.0302 4448	SearchAnonymizer ( UnsignedFile.Multi.Generic ) - warning
10:44:01.0302 4448	SearchAnonymizer - detected UnsignedFile.Multi.Generic (1)
10:44:01.0335 4448	secdrv          (90a3935d05b494a5a39d37e71f09a677) C:\Windows\system32\drivers\secdrv.sys
10:44:01.0447 4448	secdrv - ok
10:44:01.0486 4448	seclogon        (fd5199d4d8a521005e4b5ee7fe00fa9b) C:\Windows\system32\seclogon.dll
10:44:01.0551 4448	seclogon - ok
10:44:01.0583 4448	SENS            (a9bbab5759771e523f55563d6cbe140f) C:\Windows\System32\sens.dll
10:44:01.0651 4448	SENS - ok
10:44:01.0667 4448	Serenum         (68e44e331d46f0fb38f0863a84cd1a31) C:\Windows\system32\DRIVERS\serenum.sys
10:44:01.0770 4448	Serenum - ok
10:44:01.0804 4448	Serial          (c70d69a918b178d3c3b06339b40c2e1b) C:\Windows\system32\DRIVERS\serial.sys
10:44:01.0908 4448	Serial - ok
10:44:01.0942 4448	sermouse        (8af3d28a879bf75db53a0ee7a4289624) C:\Windows\system32\drivers\sermouse.sys
10:44:02.0012 4448	sermouse - ok
10:44:02.0069 4448	SessionEnv      (d2193326f729b163125610dbf3e17d57) C:\Windows\system32\sessenv.dll
10:44:02.0122 4448	SessionEnv - ok
10:44:02.0138 4448	sffdisk         (103b79418da647736ee95645f305f68a) C:\Windows\system32\drivers\sffdisk.sys
10:44:02.0233 4448	sffdisk - ok
10:44:02.0253 4448	sffp_mmc        (8fd08a310645fe872eeec6e08c6bf3ee) C:\Windows\system32\drivers\sffp_mmc.sys
10:44:02.0349 4448	sffp_mmc - ok
10:44:02.0367 4448	sffp_sd         (9cfa05fcfcb7124e69cfc812b72f9614) C:\Windows\system32\drivers\sffp_sd.sys
10:44:02.0468 4448	sffp_sd - ok
10:44:02.0498 4448	sfloppy         (46ed8e91793b2e6f848015445a0ac188) C:\Windows\system32\drivers\sfloppy.sys
10:44:02.0584 4448	sfloppy - ok
10:44:02.0646 4448	ShellHWDetection (c7230fbee14437716701c15be02c27b8) C:\Windows\System32\shsvcs.dll
10:44:02.0701 4448	ShellHWDetection - ok
10:44:02.0783 4448	Si3531          (4346d5bbdde7756d8614a3f193d60984) C:\Windows\system32\DRIVERS\Si3531.sys
10:44:02.0808 4448	Si3531 - ok
10:44:02.0825 4448	SiFilter        (e853c341bbf4ac0007a8db0858dbb09d) C:\Windows\system32\DRIVERS\SiWinAcc.sys
10:44:02.0843 4448	SiFilter - ok
10:44:02.0861 4448	SiRemFil        (d80e6f142eb4963e82a8537dd745f51b) C:\Windows\system32\DRIVERS\SiRemFil.sys
10:44:02.0880 4448	SiRemFil - ok
10:44:02.0904 4448	SiSRaid2        (cedd6f4e7d84e9f98b34b3fe988373aa) C:\Windows\system32\drivers\sisraid2.sys
10:44:02.0931 4448	SiSRaid2 - ok
10:44:02.0946 4448	SiSRaid4        (df843c528c4f69d12ce41ce462e973a7) C:\Windows\system32\drivers\sisraid4.sys
10:44:02.0969 4448	SiSRaid4 - ok
10:44:03.0346 4448	slsvc           (862bb4cbc05d80c5b45be430e5ef872f) C:\Windows\system32\SLsvc.exe
10:44:03.0613 4448	slsvc - ok
10:44:03.0781 4448	SLUINotify      (6edc422215cd78aa8a9cde6b30abbd35) C:\Windows\system32\SLUINotify.dll
10:44:03.0836 4448	SLUINotify - ok
10:44:03.0894 4448	Smb             (7b75299a4d201d6a6533603d6914ab04) C:\Windows\system32\DRIVERS\smb.sys
10:44:03.0951 4448	Smb - ok
10:44:03.0992 4448	SNMPTRAP        (2a146a055b4401c16ee62d18b8e2a032) C:\Windows\System32\snmptrap.exe
10:44:04.0030 4448	SNMPTRAP - ok
10:44:04.0070 4448	spldr           (7aebdeef071fe28b0eef2cdd69102bff) C:\Windows\system32\drivers\spldr.sys
10:44:04.0095 4448	spldr - ok
10:44:04.0151 4448	Spooler         (8554097e5136c3bf9f69fe578a1b35f4) C:\Windows\System32\spoolsv.exe
10:44:04.0243 4448	Spooler - ok
10:44:04.0316 4448	srv             (41987f9fc0e61adf54f581e15029ad91) C:\Windows\system32\DRIVERS\srv.sys
10:44:04.0395 4448	srv - ok
10:44:04.0453 4448	srv2            (ff33aff99564b1aa534f58868cbe41ef) C:\Windows\system32\DRIVERS\srv2.sys
10:44:04.0512 4448	srv2 - ok
10:44:04.0785 4448	srvcPVR         (bf94a7553ef257d70cb2287bf7a3bce1) C:\Program Files\Sceneo\AbsolutTV\Services\PVR\PVRService.exe
10:44:04.0880 4448	srvcPVR ( UnsignedFile.Multi.Generic ) - warning
10:44:04.0880 4448	srvcPVR - detected UnsignedFile.Multi.Generic (1)
10:44:05.0065 4448	srvnet          (7605c0e1d01a08f3ecd743f38b834a44) C:\Windows\system32\DRIVERS\srvnet.sys
10:44:05.0109 4448	srvnet - ok
10:44:05.0156 4448	SSDPSRV         (03d50b37234967433a5ea5ba72bc0b62) C:\Windows\System32\ssdpsrv.dll
10:44:05.0210 4448	SSDPSRV - ok
10:44:05.0249 4448	ssmdrv          (a36ee93698802cd899f98bfd553d8185) C:\Windows\system32\DRIVERS\ssmdrv.sys
10:44:05.0267 4448	ssmdrv - ok
10:44:05.0307 4448	SstpSvc         (6f1a32e7b7b30f004d9a20afadb14944) C:\Windows\system32\sstpsvc.dll
10:44:05.0337 4448	SstpSvc - ok
10:44:05.0376 4448	StillCam        (ef70b3d22b4bffda6ea851ecb063efaa) C:\Windows\system32\DRIVERS\serscan.sys
10:44:05.0415 4448	StillCam - ok
10:44:05.0489 4448	stisvc          (5de7d67e49b88f5f07f3e53c4b92a352) C:\Windows\System32\wiaservc.dll
10:44:05.0531 4448	stisvc - ok
10:44:05.0551 4448	swenum          (7ba58ecf0c0a9a69d44b3dca62becf56) C:\Windows\system32\DRIVERS\swenum.sys
10:44:05.0577 4448	swenum - ok
10:44:05.0633 4448	swprv           (f21fd248040681cca1fb6c9a03aaa93d) C:\Windows\System32\swprv.dll
10:44:05.0691 4448	swprv - ok
10:44:05.0721 4448	Symc8xx         (192aa3ac01df071b541094f251deed10) C:\Windows\system32\drivers\symc8xx.sys
10:44:05.0744 4448	Symc8xx - ok
10:44:05.0773 4448	Sym_hi          (8c8eb8c76736ebaf3b13b633b2e64125) C:\Windows\system32\drivers\sym_hi.sys
10:44:05.0795 4448	Sym_hi - ok
10:44:05.0814 4448	Sym_u3          (8072af52b5fd103bbba387a1e49f62cb) C:\Windows\system32\drivers\sym_u3.sys
10:44:05.0836 4448	Sym_u3 - ok
10:44:05.0879 4448	SynTP           (4c6de67ebb6c487f7690a373fcfde279) C:\Windows\system32\DRIVERS\SynTP.sys
10:44:05.0908 4448	SynTP - ok
10:44:05.0987 4448	SysMain         (9a51b04e9886aa4ee90093586b0ba88d) C:\Windows\system32\sysmain.dll
10:44:06.0103 4448	SysMain - ok
10:44:06.0138 4448	TabletInputService (2dca225eae15f42c0933e998ee0231c3) C:\Windows\System32\TabSvc.dll
10:44:06.0198 4448	TabletInputService - ok
10:44:06.0251 4448	tap0901         (1e89de7a4fb7a854ebb241d0aa8996dd) C:\Windows\system32\DRIVERS\tap0901.sys
10:44:06.0259 4448	tap0901 ( UnsignedFile.Multi.Generic ) - warning
10:44:06.0259 4448	tap0901 - detected UnsignedFile.Multi.Generic (1)
10:44:06.0299 4448	TapiSrv         (d7673e4b38ce21ee54c59eeeb65e2483) C:\Windows\System32\tapisrv.dll
10:44:06.0355 4448	TapiSrv - ok
10:44:06.0393 4448	TBS             (cb05822cd9cc6c688168e113c603dbe7) C:\Windows\System32\tbssvc.dll
10:44:06.0446 4448	TBS - ok
10:44:06.0615 4448	Tcpip           (27d470dabc77bc60d0a3b0e4deb6cb91) C:\Windows\system32\drivers\tcpip.sys
10:44:06.0700 4448	Tcpip - ok
10:44:06.0722 4448	Tcpip6          (27d470dabc77bc60d0a3b0e4deb6cb91) C:\Windows\system32\DRIVERS\tcpip.sys
10:44:06.0843 4448	Tcpip6 - ok
10:44:06.0892 4448	tcpipreg        (608c345a255d82a6289c2d468eb41fd7) C:\Windows\system32\drivers\tcpipreg.sys
10:44:06.0938 4448	tcpipreg - ok
10:44:06.0970 4448	TDPIPE          (5dcf5e267be67a1ae926f2df77fbcc56) C:\Windows\system32\drivers\tdpipe.sys
10:44:07.0030 4448	TDPIPE - ok
10:44:07.0077 4448	TDTCP           (389c63e32b3cefed425b61ed92d3f021) C:\Windows\system32\drivers\tdtcp.sys
10:44:07.0138 4448	TDTCP - ok
10:44:07.0176 4448	tdx             (76b06eb8a01fc8624d699e7045303e54) C:\Windows\system32\DRIVERS\tdx.sys
10:44:07.0232 4448	tdx - ok
10:44:07.0266 4448	TermDD          (3cad38910468eab9a6479e2f01db43c7) C:\Windows\system32\DRIVERS\termdd.sys
10:44:07.0293 4448	TermDD - ok
10:44:07.0367 4448	TermService     (bb95da09bef6e7a131bff3ba5032090d) C:\Windows\System32\termsrv.dll
10:44:07.0438 4448	TermService - ok
10:44:07.0496 4448	Themes          (c7230fbee14437716701c15be02c27b8) C:\Windows\system32\shsvcs.dll
10:44:07.0529 4448	Themes - ok
10:44:07.0560 4448	THREADORDER     (1076ffcffaae8385fd62dfcb25ac4708) C:\Windows\system32\mmcss.dll
10:44:07.0611 4448	THREADORDER - ok
10:44:07.0635 4448	TrkWks          (ec74e77d0eb004bd3a809b5f8fb8c2ce) C:\Windows\System32\trkwks.dll
10:44:07.0690 4448	TrkWks - ok
10:44:07.0752 4448	TrustedInstaller (97d9d6a04e3ad9b6c626b9931db78dba) C:\Windows\servicing\TrustedInstaller.exe
10:44:07.0814 4448	TrustedInstaller - ok
10:44:07.0864 4448	tssecsrv        (dcf0f056a2e4f52287264f5ab29cf206) C:\Windows\system32\DRIVERS\tssecsrv.sys
10:44:07.0925 4448	tssecsrv - ok
10:44:07.0954 4448	tunmp           (caecc0120ac49e3d2f758b9169872d38) C:\Windows\system32\DRIVERS\tunmp.sys
10:44:08.0017 4448	tunmp - ok
10:44:08.0075 4448	tunnel          (300db877ac094feab0be7688c3454a9c) C:\Windows\system32\DRIVERS\tunnel.sys
10:44:08.0116 4448	tunnel - ok
10:44:08.0147 4448	uagp35          (c3ade15414120033a36c0f293d4a4121) C:\Windows\system32\DRIVERS\uagp35.sys
10:44:08.0171 4448	uagp35 - ok
10:44:08.0224 4448	udfs            (d9728af68c4c7693cb100b8441cbdec6) C:\Windows\system32\DRIVERS\udfs.sys
10:44:08.0267 4448	udfs - ok
10:44:08.0309 4448	UI0Detect       (ecef404f62863755951e09c802c94ad5) C:\Windows\system32\UI0Detect.exe
10:44:08.0361 4448	UI0Detect - ok
10:44:08.0384 4448	uliagpkx        (75e6890ebfce0841d3291b02e7a8bdb0) C:\Windows\system32\drivers\uliagpkx.sys
10:44:08.0408 4448	uliagpkx - ok
10:44:08.0441 4448	uliahci         (3cd4ea35a6221b85dcc25daa46313f8d) C:\Windows\system32\drivers\uliahci.sys
10:44:08.0470 4448	uliahci - ok
10:44:08.0493 4448	UlSata          (8514d0e5cd0534467c5fc61be94a569f) C:\Windows\system32\drivers\ulsata.sys
10:44:08.0518 4448	UlSata - ok
10:44:08.0543 4448	ulsata2         (38c3c6e62b157a6bc46594fada45c62b) C:\Windows\system32\drivers\ulsata2.sys
10:44:08.0569 4448	ulsata2 - ok
10:44:08.0606 4448	umbus           (32cff9f809ae9aed85464492bf3e32d2) C:\Windows\system32\DRIVERS\umbus.sys
10:44:08.0655 4448	umbus - ok
10:44:08.0715 4448	upnphost        (68308183f4ae0be7bf8ecd07cb297999) C:\Windows\System32\upnphost.dll
10:44:08.0772 4448	upnphost - ok
10:44:08.0823 4448	usbccgp         (caf811ae4c147ffcd5b51750c7f09142) C:\Windows\system32\DRIVERS\usbccgp.sys
10:44:08.0862 4448	usbccgp - ok
10:44:08.0888 4448	usbcir          (e9476e6c486e76bc4898074768fb7131) C:\Windows\system32\drivers\usbcir.sys
10:44:08.0992 4448	usbcir - ok
10:44:09.0039 4448	usbehci         (79e96c23a97ce7b8f14d310da2db0c9b) C:\Windows\system32\DRIVERS\usbehci.sys
10:44:09.0095 4448	usbehci - ok
10:44:09.0150 4448	usbhub          (4673bbcb006af60e7abddbe7a130ba42) C:\Windows\system32\DRIVERS\usbhub.sys
10:44:09.0193 4448	usbhub - ok
10:44:09.0219 4448	usbohci         (38dbc7dd6cc5a72011f187425384388b) C:\Windows\system32\drivers\usbohci.sys
10:44:09.0337 4448	usbohci - ok
10:44:09.0369 4448	usbprint        (e75c4b5269091d15a2e7dc0b6d35f2f5) C:\Windows\system32\DRIVERS\usbprint.sys
10:44:09.0436 4448	usbprint - ok
10:44:09.0454 4448	usbscan         (a508c9bd8724980512136b039bba65e9) C:\Windows\system32\DRIVERS\usbscan.sys
10:44:09.0517 4448	usbscan - ok
10:44:09.0546 4448	USBSTOR         (be3da31c191bc222d9ad503c5224f2ad) C:\Windows\system32\DRIVERS\USBSTOR.SYS
10:44:09.0595 4448	USBSTOR - ok
10:44:09.0619 4448	usbuhci         (814d653efc4d48be3b04a307eceff56f) C:\Windows\system32\DRIVERS\usbuhci.sys
10:44:09.0675 4448	usbuhci - ok
10:44:09.0736 4448	usbvideo        (0a6b81f01bc86399482e27e6fda7b33b) C:\Windows\system32\Drivers\usbvideo.sys
10:44:09.0860 4448	usbvideo - ok
10:44:09.0904 4448	UxSms           (1509e705f3ac1d474c92454a5c2dd81f) C:\Windows\System32\uxsms.dll
10:44:09.0980 4448	UxSms - ok
10:44:10.0046 4448	vds             (cd88d1b7776dc17a119049742ec07eb4) C:\Windows\System32\vds.exe
10:44:10.0113 4448	vds - ok
10:44:10.0158 4448	vga             (7d92be0028ecdedec74617009084b5ef) C:\Windows\system32\DRIVERS\vgapnp.sys
10:44:10.0257 4448	vga - ok
10:44:10.0290 4448	VgaSave         (2e93ac0a1d8c79d019db6c51f036636c) C:\Windows\System32\drivers\vga.sys
10:44:10.0338 4448	VgaSave - ok
10:44:10.0364 4448	viaagp          (045d9961e591cf0674a920b6ba3ba5cb) C:\Windows\system32\drivers\viaagp.sys
10:44:10.0387 4448	viaagp - ok
10:44:10.0404 4448	ViaC7           (56a4de5f02f2e88182b0981119b4dd98) C:\Windows\system32\drivers\viac7.sys
10:44:10.0490 4448	ViaC7 - ok
10:44:10.0534 4448	viaide          (7aa7ec9a08dc2c39649c413b1a26e298) C:\Windows\system32\drivers\viaide.sys
10:44:10.0560 4448	viaide - ok
10:44:10.0590 4448	volmgr          (69503668ac66c77c6cd7af86fbdf8c43) C:\Windows\system32\drivers\volmgr.sys
10:44:10.0615 4448	volmgr - ok
10:44:10.0671 4448	volmgrx         (23e41b834759917bfd6b9a0d625d0c28) C:\Windows\system32\drivers\volmgrx.sys
10:44:10.0706 4448	volmgrx - ok
10:44:10.0763 4448	volsnap         (147281c01fcb1df9252de2a10d5e7093) C:\Windows\system32\drivers\volsnap.sys
10:44:10.0795 4448	volsnap - ok
10:44:10.0821 4448	vsmraid         (d984439746d42b30fc65a4c3546c6829) C:\Windows\system32\drivers\vsmraid.sys
10:44:10.0846 4448	vsmraid - ok
10:44:10.0995 4448	VSS             (db3d19f850c6eb32bdcb9bc0836acddb) C:\Windows\system32\vssvc.exe
10:44:11.0143 4448	VSS - ok
10:44:11.0206 4448	W32Time         (96ea68b9eb310a69c25ebb0282b2b9de) C:\Windows\system32\w32time.dll
10:44:11.0266 4448	W32Time - ok
10:44:11.0319 4448	WacomPen        (48dfee8f1af7c8235d4e626f0c4fe031) C:\Windows\system32\drivers\wacompen.sys
10:44:11.0418 4448	WacomPen - ok
10:44:11.0470 4448	Wanarp          (55201897378cca7af8b5efd874374a26) C:\Windows\system32\DRIVERS\wanarp.sys
10:44:11.0528 4448	Wanarp - ok
10:44:11.0533 4448	Wanarpv6        (55201897378cca7af8b5efd874374a26) C:\Windows\system32\DRIVERS\wanarp.sys
10:44:11.0574 4448	Wanarpv6 - ok
10:44:11.0651 4448	WcesComm        (779f9c90d3fe9c70b6ffd8ef035f3e83) C:\Windows\WindowsMobile\wcescomm.dll
10:44:11.0726 4448	WcesComm - ok
10:44:11.0778 4448	wcncsvc         (a3cd60fd826381b49f03832590e069af) C:\Windows\System32\wcncsvc.dll
10:44:11.0820 4448	wcncsvc - ok
10:44:11.0859 4448	WcsPlugInService (11bcb7afcdd7aadacb5746f544d3a9c7) C:\Windows\System32\WcsPlugInService.dll
10:44:11.0901 4448	WcsPlugInService - ok
10:44:11.0922 4448	Wd              (afc5ad65b991c1e205cf25cfdbf7a6f4) C:\Windows\system32\drivers\wd.sys
10:44:11.0945 4448	Wd - ok
10:44:12.0028 4448	Wdf01000        (b6f0a7ad6d4bd325fbcd8bac96cd8d96) C:\Windows\system32\drivers\Wdf01000.sys
10:44:12.0072 4448	Wdf01000 - ok
10:44:12.0111 4448	WdiServiceHost  (abfc76b48bb6c96e3338d8943c5d93b5) C:\Windows\system32\wdi.dll
10:44:12.0172 4448	WdiServiceHost - ok
10:44:12.0178 4448	WdiSystemHost   (abfc76b48bb6c96e3338d8943c5d93b5) C:\Windows\system32\wdi.dll
10:44:12.0232 4448	WdiSystemHost - ok
10:44:12.0286 4448	WebClient       (04c37d8107320312fbae09926103d5e2) C:\Windows\System32\webclnt.dll
10:44:12.0324 4448	WebClient - ok
10:44:12.0377 4448	Wecsvc          (ae3736e7e8892241c23e4ebbb7453b60) C:\Windows\system32\wecsvc.dll
10:44:12.0444 4448	Wecsvc - ok
10:44:12.0490 4448	wercplsupport   (670ff720071ed741206d69bd995ea453) C:\Windows\System32\wercplsupport.dll
10:44:12.0548 4448	wercplsupport - ok
10:44:12.0595 4448	WerSvc          (32b88481d3b326da6deb07b1d03481e7) C:\Windows\System32\WerSvc.dll
10:44:12.0657 4448	WerSvc - ok
10:44:12.0668 4448	WinHttpAutoProxySvc - ok
10:44:12.0760 4448	Winmgmt         (6b2a1d0e80110e3d04e6863c6e62fd8a) C:\Windows\system32\wbem\WMIsvc.dll
10:44:12.0800 4448	Winmgmt - ok
10:44:12.0954 4448	WinRM           (7cfe68bdc065e55aa5e8421607037511) C:\Windows\system32\WsmSvc.dll
10:44:13.0078 4448	WinRM - ok
10:44:13.0145 4448	winusb          (676f4b665bdd8053eaa53ac1695b8074) C:\Windows\system32\DRIVERS\winusb.sys
10:44:13.0200 4448	winusb - ok
10:44:13.0301 4448	WisLMSvc        (f0fe933e27f1e2a83ff322a0693a4724) C:\Program Files\Launch Manager\WisLMSvc.exe
10:44:13.0310 4448	WisLMSvc ( UnsignedFile.Multi.Generic ) - warning
10:44:13.0310 4448	WisLMSvc - detected UnsignedFile.Multi.Generic (1)
10:44:13.0378 4448	Wlansvc         (c008405e4feeb069e30da1d823910234) C:\Windows\System32\wlansvc.dll
10:44:13.0492 4448	Wlansvc - ok
10:44:13.0578 4448	WLSetupSvc      (94a85e956a065e23e0010a6a7826243b) C:\Program Files\Windows Live\installer\WLSetupSvc.exe
10:44:13.0628 4448	WLSetupSvc - ok
10:44:13.0662 4448	WmiAcpi         (2e7255d172df0b8283cdfb7b433b864e) C:\Windows\system32\DRIVERS\wmiacpi.sys
10:44:13.0715 4448	WmiAcpi - ok
10:44:13.0790 4448	wmiApSrv        (43be3875207dcb62a85c8c49970b66cc) C:\Windows\system32\wbem\WmiApSrv.exe
10:44:13.0830 4448	wmiApSrv - ok
10:44:13.0964 4448	WMPNetworkSvc   (3978704576a121a9204f8cc49a301a9b) C:\Program Files\Windows Media Player\wmpnetwk.exe
10:44:14.0082 4448	WMPNetworkSvc - ok
10:44:14.0116 4448	WPCSvc          (cfc5a04558f5070cee3e3a7809f3ff52) C:\Windows\System32\wpcsvc.dll
10:44:14.0165 4448	WPCSvc - ok
10:44:14.0222 4448	WPDBusEnum      (801fbdb89d472b3c467eb112a0fc9246) C:\Windows\system32\wpdbusenum.dll
10:44:14.0266 4448	WPDBusEnum - ok
10:44:14.0325 4448	WpdUsb          (de9d36f91a4df3d911626643debf11ea) C:\Windows\system32\DRIVERS\wpdusb.sys
10:44:14.0368 4448	WpdUsb - ok
10:44:14.0601 4448	WPFFontCache_v0400 (dcf3e3edf5109ee8bc02fe6e1f045795) C:\Windows\Microsoft.NET\Framework\v4.0.30319\WPF\WPFFontCache_v0400.exe
10:44:14.0648 4448	WPFFontCache_v0400 - ok
10:44:14.0686 4448	ws2ifsl         (e3a3cb253c0ec2494d4a61f5e43a389c) C:\Windows\system32\drivers\ws2ifsl.sys
10:44:14.0737 4448	ws2ifsl - ok
10:44:14.0745 4448	WSearch - ok
10:44:14.0985 4448	wuauserv        (fc3ec24fce372c89423e015a2ac1a31e) C:\Windows\system32\wuaueng.dll
10:44:15.0223 4448	wuauserv - ok
10:44:15.0420 4448	WUDFRd          (ac13cb789d93412106b0fb6c7eb2bcb6) C:\Windows\system32\DRIVERS\WUDFRd.sys
10:44:15.0470 4448	WUDFRd - ok
10:44:15.0509 4448	wudfsvc         (575a4190d989f64732119e4114045a4f) C:\Windows\System32\WUDFSvc.dll
10:44:15.0562 4448	wudfsvc - ok
10:44:15.0609 4448	X10Hid          (ab2d77bf7222b007717abb61b15f9ae2) C:\Windows\system32\Drivers\x10hid.sys
10:44:15.0628 4448	X10Hid - ok
10:44:15.0708 4448	x10nets         (5a0c788c5bc5f2c993cb60940adcf95e) C:\PROGRA~1\COMMON~1\X10\Common\x10nets.exe
10:44:15.0738 4448	x10nets ( UnsignedFile.Multi.Generic ) - warning
10:44:15.0738 4448	x10nets - detected UnsignedFile.Multi.Generic (1)
10:44:15.0783 4448	XUIF            (6bbf7a3bab8ffdccf82057fa2aae2b7b) C:\Windows\system32\Drivers\x10ufx2.sys
10:44:15.0802 4448	XUIF - ok
10:44:15.0898 4448	MBR (0x1B8)     (5c616939100b85e558da92b899a0fc36) \Device\Harddisk0\DR0
10:44:16.0335 4448	\Device\Harddisk0\DR0 - ok
10:44:16.0341 4448	Boot (0x1200)   (c8a12dbf6c2b09ff6e06896c9bebebfa) \Device\Harddisk0\DR0\Partition0
10:44:16.0343 4448	\Device\Harddisk0\DR0\Partition0 - ok
10:44:16.0350 4448	Boot (0x1200)   (f5bba773cc17d10c649b6715d81d63ad) \Device\Harddisk0\DR0\Partition1
10:44:16.0353 4448	\Device\Harddisk0\DR0\Partition1 - ok
10:44:16.0354 4448	============================================================
10:44:16.0354 4448	Scan finished
10:44:16.0354 4448	============================================================
10:44:16.0375 1228	Detected object count: 13
10:44:16.0375 1228	Actual detected object count: 13
10:44:59.0094 1228	FirebirdServerMAGIXInstance ( UnsignedFile.Multi.Generic ) - skipped by user
10:44:59.0094 1228	FirebirdServerMAGIXInstance ( UnsignedFile.Multi.Generic ) - User select action: Skip 
10:44:59.0095 1228	GnabService ( UnsignedFile.Multi.Generic ) - skipped by user
10:44:59.0095 1228	GnabService ( UnsignedFile.Multi.Generic ) - User select action: Skip 
10:44:59.0098 1228	Hotkey ( UnsignedFile.Multi.Generic ) - skipped by user
10:44:59.0098 1228	Hotkey ( UnsignedFile.Multi.Generic ) - User select action: Skip 
10:44:59.0101 1228	LightScribeService ( UnsignedFile.Multi.Generic ) - skipped by user
10:44:59.0101 1228	LightScribeService ( UnsignedFile.Multi.Generic ) - User select action: Skip 
10:44:59.0105 1228	MTOnlPktAlyX ( UnsignedFile.Multi.Generic ) - skipped by user
10:44:59.0105 1228	MTOnlPktAlyX ( UnsignedFile.Multi.Generic ) - User select action: Skip 
10:44:59.0108 1228	NBService ( UnsignedFile.Multi.Generic ) - skipped by user
10:44:59.0109 1228	NBService ( UnsignedFile.Multi.Generic ) - User select action: Skip 
10:44:59.0111 1228	NMIndexingService ( UnsignedFile.Multi.Generic ) - skipped by user
10:44:59.0112 1228	NMIndexingService ( UnsignedFile.Multi.Generic ) - User select action: Skip 
10:44:59.0114 1228	omniserv ( UnsignedFile.Multi.Generic ) - skipped by user
10:44:59.0115 1228	omniserv ( UnsignedFile.Multi.Generic ) - User select action: Skip 
10:44:59.0118 1228	SearchAnonymizer ( UnsignedFile.Multi.Generic ) - skipped by user
10:44:59.0118 1228	SearchAnonymizer ( UnsignedFile.Multi.Generic ) - User select action: Skip 
10:44:59.0123 1228	srvcPVR ( UnsignedFile.Multi.Generic ) - skipped by user
10:44:59.0123 1228	srvcPVR ( UnsignedFile.Multi.Generic ) - User select action: Skip 
10:44:59.0125 1228	tap0901 ( UnsignedFile.Multi.Generic ) - skipped by user
10:44:59.0126 1228	tap0901 ( UnsignedFile.Multi.Generic ) - User select action: Skip 
10:44:59.0129 1228	WisLMSvc ( UnsignedFile.Multi.Generic ) - skipped by user
10:44:59.0129 1228	WisLMSvc ( UnsignedFile.Multi.Generic ) - User select action: Skip 
10:44:59.0132 1228	x10nets ( UnsignedFile.Multi.Generic ) - skipped by user
10:44:59.0132 1228	x10nets ( UnsignedFile.Multi.Generic ) - User select action: Skip
         

Antwort

Themen zu Nach system security Virus nun Trojan.sirefef und trojan.small in windows/installer
80000000.@, 800000cb.@, administrator, adobe, dateien, dateisystem, erste mal, explorer, firefox, harddisk, heuristiks/extra, heuristiks/shuriken, hängen, log, logfile, neustart, piepen, programm, programme, registry, security, services.exe, software, system, system security, system32, systemwiederherstellung, temp, trojan.sirefef, trojan.small, trojaner, trojaner sirefef, updates, virus, vista



Ähnliche Themen: Nach system security Virus nun Trojan.sirefef und trojan.small in windows/installer


  1. Trojan:Win32/Sirefef.AB und Trojan:Win64/Sirefef.P entfernen!
    Log-Analyse und Auswertung - 10.12.2013 (22)
  2. Trojan:Win32/Sirefef.AB und Trojan:Win64/Sirefef.P entfernen!
    Log-Analyse und Auswertung - 02.08.2013 (14)
  3. Trojan.Sirefef.MC und Trojan.Generic.8253580 lassen sich nicht entfernen!
    Log-Analyse und Auswertung - 23.02.2013 (9)
  4. Trojan.Phex.THAGen9 + Trojan.0Access + Sirefef.AH + Sirefef.AL
    Plagegeister aller Art und deren Bekämpfung - 04.09.2012 (3)
  5. Trojan.Sirefef-411 in services.exe u. Trojan.Patchload in \adsldpc.dll, \aaclient.dll, \adsmsext.dll
    Log-Analyse und Auswertung - 05.08.2012 (12)
  6. Virenfund Trojan.Generic.7552386 und Trojan.Sirefef.FY nach GVU-Befall
    Log-Analyse und Auswertung - 03.08.2012 (15)
  7. Virusbefall (Trojan.Generic, Trojan.Sirefef, Win64.Sirefef, Win32.Atraps) bei windows installer & Co
    Plagegeister aller Art und deren Bekämpfung - 23.07.2012 (19)
  8. Rootkit.0Access, Trojan.Sirefef, Trojan.Small Befall
    Plagegeister aller Art und deren Bekämpfung - 15.07.2012 (3)
  9. 2x Rootkit0.Access, Trojan.Zaccess und zweimal Trojan.Dropper.PE4 in C:\Windows\Installer\
    Log-Analyse und Auswertung - 14.07.2012 (3)
  10. Trojan.Small, Trojan.Sirefef, Rootkit.0Access in C:\Windows\installer - ist nicht zu entfernen
    Log-Analyse und Auswertung - 05.07.2012 (23)
  11. Spam mails vom computer? Trojan.sirefef, Trojan.dropper, trojan.small, etc.etc.
    Plagegeister aller Art und deren Bekämpfung - 03.07.2012 (13)
  12. Diverse Infizierungen u.a. Trojan.Small ; Trojan.Sirefef ; Rootkits
    Plagegeister aller Art und deren Bekämpfung - 03.07.2012 (5)
  13. trojan.small, trojan.sirefef, rootkit.0access
    Log-Analyse und Auswertung - 29.06.2012 (1)
  14. Hilfe! Trojan.Small; Trojan.Sirefef; Rootkit.0Access; Trojan.Atraps.Gen2 auf meinem Rechner.
    Plagegeister aller Art und deren Bekämpfung - 29.06.2012 (11)
  15. Probleme mit Trojan.Small, Trojan.Sirefef.AG.35, Rootkid.0Access,TR/ATRAPS.Gen2
    Log-Analyse und Auswertung - 28.06.2012 (23)
  16. ikarus virus utilities meldet Trojan.Win64 und Trojan.Win32.Small
    Plagegeister aller Art und deren Bekämpfung - 20.06.2012 (11)
  17. Trojan:Win64/Sirefef.K, Sirefef.E und Sirefef.D kommen immer wieder
    Plagegeister aller Art und deren Bekämpfung - 04.01.2012 (1)

Zum Thema Nach system security Virus nun Trojan.sirefef und trojan.small in windows/installer - Hallo Leute, Ich hoffe ihr könnt mir helfen. Ich hatte vor einigen Tagen einen Virus auf meinem PC, der das erste mal auftrat nachdem ich Adobe Updates heruntergeladen habe (könnte - Nach system security Virus nun Trojan.sirefef und trojan.small in windows/installer...
Archiv
Du betrachtest: Nach system security Virus nun Trojan.sirefef und trojan.small in windows/installer auf Trojaner-Board

Search Engine Optimization by vBSEO ©2011, Crawlability, Inc.