Zurück   Trojaner-Board > Malware entfernen > Plagegeister aller Art und deren Bekämpfung

Plagegeister aller Art und deren Bekämpfung: BKA Trojaner Win7

Windows 7 Wenn Du nicht sicher bist, ob Du dir Malware oder Trojaner eingefangen hast, erstelle hier ein Thema. Ein Experte wird sich mit weiteren Anweisungen melden und Dir helfen die Malware zu entfernen oder Unerwünschte Software zu deinstallieren bzw. zu löschen. Bitte schildere dein Problem so genau wie möglich. Sollte es ein Trojaner oder Viren Problem sein wird ein Experte Dir bei der Beseitigug der Infektion helfen.

Antwort
Alt 11.09.2012, 10:04   #1
bluth
 
BKA Trojaner Win7 - Standard

BKA Trojaner Win7



Hallo.

Ich hab hier ein Notebook (Freund), das vom BKA Trojaner befallen ist. Der Freund sagte mir das es passierte als er mit dem IE unterwegs war und auf irgendeiner Ägypten Urlaub Seite war.
Irgendwo im Netz sind die Varianten aufgelistet, dem Screen nach ist es Variante 1.15.
Der abgesicherte Modus mit Eingabeaufforderung funktioniert. Ich hatte darüber dann einfach mal Malwarebytes mit aktuellen Signaturen laufen lassen und der hat 3 Funde löschen können (Log im Anhang). Danach war das Fenster weg... dann hab ich mal die temporären Dateien der Browser und des Systems mit CCleaner gelöscht.
ABER... nach Wiederherstellung der Internetverbindung und Start eines Browsers (in diesem Fall Firefox) war das BKA Fenster prompt wieder da - ergo ist das Ding nicht sauber. Daher wende ich mich nun an euch...

Ich hab jetzt ohne Internetverbindung nach der o.g. Säuberung von Malwarebytes mal OTL laufen lassen. (normaler Desktop - als Admin)
Die Logs ebenso im Anhang (die Extras.txt ist von gestern - die hat er mir eben nicht ausgegeben)

Ich hoffe ich habe nichts falsch gemacht und ihr könnt helfen.

Dankeschön.

Gruß
Angehängte Dateien
Dateityp: txt OTL.Txt (74,5 KB, 215x aufgerufen)
Dateityp: txt Extras.Txt (64,8 KB, 195x aufgerufen)
Dateityp: txt mbam-log-2012-09-10 (23-52-01).txt (2,7 KB, 154x aufgerufen)

Alt 11.09.2012, 13:16   #2
cosinus
/// Winkelfunktion
/// TB-Süch-Tiger™
 
BKA Trojaner Win7 - Standard

BKA Trojaner Win7



Bitte erstmal routinemäßig einen Vollscan mit Malwarebytes machen und Log posten. =>ALLE lokalen Datenträger (außer CD/DVD) überprüfen lassen!
Denk daran, dass Malwarebytes vor jedem Scan manuell aktualisiert werden muss!

Die Funde mit Malwarebytes bitte alle entfernen, sodass sie in der Quarantäne von Malwarebytes aufgehoben werden! NICHTS voreilig aus der Quarantäne entfernen!

Falls Logs aus älteren Scans mit Malwarebytes vorhanden sind, bitte auch davon alle posten!




ESET Online Scanner

  • Hier findest du eine bebilderte Anleitung zu ESET Online Scanner
  • Lade und starte Eset Online Scanner
  • Setze einen Haken bei Ja, ich bin mit den Nutzungsbedingungen einverstanden und klicke auf Starten.
  • Aktiviere die "Erkennung von eventuell unerwünschten Anwendungen" und wähle folgende Einstellungen.
  • Klicke auf Starten.
  • Die Signaturen werden heruntergeladen, der Scan beginnt automatisch.
  • Klicke am Ende des Suchlaufs auf Fertig stellen.
  • Schließe das Fenster von ESET.
  • Explorer öffnen.
  • C:\Programme\Eset\EsetOnlineScanner\log.txt (bei 64 Bit auch C:\Programme (x86)\Eset\EsetOnlineScanner\log.txt) suchen und mit Deinem Editor öffnen (bebildert).
  • Logfile hier posten.
  • Deinstallation: Systemsteuerung => Software / Programme deinstallieren => Eset Online Scanner V3 entfernen.
  • Manuell folgenden Ordner löschen und Papierkorb leeren => C:\Programme\Eset




Bitte alles nach Möglichkeit hier in CODE-Tags posten.

Wird so gemacht:

[code] hier steht das Log [/code]

Und das ganze sieht dann so aus:

Code:
ATTFilter
 hier steht das Log
         
__________________

__________________

Alt 11.09.2012, 16:09   #3
bluth
 
BKA Trojaner Win7 - Standard

BKA Trojaner Win7



Hallo.

Danke für deine Rückmeldung. Ich habe versucht alles richtig abzuarbeiten.

1. Malwarebytes
Komplettscan lief durch ohne Fund... Log:
Code:
ATTFilter
Malwarebytes Anti-Malware 1.65.0.1400
www.malwarebytes.org

Datenbank Version: v2012.09.11.05

Windows 7 Service Pack 1 x86 NTFS (Abgesichertenmodus/Netzwerkfähig)
Internet Explorer 9.0.8112.16421
Christian :: CHRISTIAN-PC [Administrator]

11.09.2012 14:28:30
mbam-log-2012-09-11 (14-28-30).txt

Art des Suchlaufs: Vollständiger Suchlauf (C:\|)
Aktivierte Suchlaufeinstellungen: Speicher | Autostart | Registrierung | Dateisystem | Heuristiks/Extra | HeuristiKs/Shuriken | PUP | PUM
Deaktivierte Suchlaufeinstellungen: P2P
Durchsuchte Objekte: 314125
Laufzeit: 37 Minute(n), 23 Sekunde(n)

Infizierte Speicherprozesse: 0
(Keine bösartigen Objekte gefunden)

Infizierte Speichermodule: 0
(Keine bösartigen Objekte gefunden)

Infizierte Registrierungsschlüssel: 0
(Keine bösartigen Objekte gefunden)

Infizierte Registrierungswerte: 0
(Keine bösartigen Objekte gefunden)

Infizierte Dateiobjekte der Registrierung: 0
(Keine bösartigen Objekte gefunden)

Infizierte Verzeichnisse: 0
(Keine bösartigen Objekte gefunden)

Infizierte Dateien: 0
(Keine bösartigen Objekte gefunden)

(Ende)
         
2. ESET
Scan wie oben beschrieben. 2 Funde... Log:
Code:
ATTFilter
C:\Users\Christian\AppData\Local\Microsoft\Windows\2234\werdiagcontroller.exe	Win32/TrojanDownloader.Retacino.A trojan
C:\Users\Christian\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\4\725f59c4-3442728e	Win32/TrojanDownloader.Retacino.A trojan
         
Bin gespannt auf die weiteren Instruktionen...

Gruß
__________________

Alt 11.09.2012, 21:44   #4
cosinus
/// Winkelfunktion
/// TB-Süch-Tiger™
 
BKA Trojaner Win7 - Standard

BKA Trojaner Win7



adwCleaner - Toolbars und ungewollte Start-/Suchseiten entfernen
  • Schließe alle offenen Programme und Browser.
  • Starte die adwcleaner.exe mit einem Doppelklick.
  • Klicke auf Löschen.
  • Bestätige jeweils mit Ok.
  • Dein Rechner wird neu gestartet. Nach dem Neustart öffnet sich eine Textdatei.
  • Poste mir den Inhalt mit deiner nächsten Antwort.
  • Die Logdatei findest du auch unter C:\AdwCleaner[Sx].txt. (x=fortlaufende Nummer)
__________________
"Die Wahrheit ist normalerweise nur eine Entschuldigung für einen Mangel an Fantasie." (Elim Garak)

Das Trojaner-Board unterstützen
Warum Linux besser als Windows ist!

Alt 11.09.2012, 21:58   #5
bluth
 
BKA Trojaner Win7 - Standard

BKA Trojaner Win7



Hi.

Danke für die Rückmeldung. Nur zur Sicherheit... Den Fund von ESET hatte ich, wie beschrieben, nicht löschen lassen. Auch jetzt nicht... richtig?

Der Inhalt der Log Datei vom o.g. Tool:

Code:
ATTFilter
# AdwCleaner v2.001 - Datei am 09/11/2012 um 22:51:53 erstellt
# Aktualisiert am 09/09/2012 von Xplode
# Betriebssystem : Windows 7 Home Premium Service Pack 1 (32 bits)
# Benutzer : Christian - CHRISTIAN-PC
# Bootmodus : Abgesicherter Modus mit Netzwerkunterstützung
# Ausgeführt unter : C:\Users\Christian\Desktop\adwcleaner.exe
# Option [Löschen]


**** [Dienste] ****


***** [Dateien / Ordner] *****

Datei Gelöscht : C:\Users\Christian\Desktop\eBay.lnk
Ordner Gelöscht : C:\Program Files\ConduitEngine
Ordner Gelöscht : C:\Program Files\Freeware.de
Ordner Gelöscht : C:\ProgramData\Ask
Ordner Gelöscht : C:\Users\Christian\AppData\Local\Conduit
Ordner Gelöscht : C:\Users\Christian\AppData\LocalLow\Conduit
Ordner Gelöscht : C:\Users\Christian\AppData\LocalLow\ConduitEngine
Ordner Gelöscht : C:\Users\Christian\AppData\LocalLow\Freeware.de
Ordner Gelöscht : C:\Users\Christian\AppData\LocalLow\PriceGong

***** [Registrierungsdatenbank] *****

Schlüssel Gelöscht : HKCU\Software\AppDataLow\Software\Conduit
Schlüssel Gelöscht : HKCU\Software\AppDataLow\Software\conduitEngine
Schlüssel Gelöscht : HKCU\Software\AppDataLow\Software\ConduitSearchScopes
Schlüssel Gelöscht : HKCU\Software\AppDataLow\Software\Freeware.de
Schlüssel Gelöscht : HKCU\Software\AppDataLow\Software\PriceGong
Schlüssel Gelöscht : HKCU\Software\AppDataLow\Software\SmartBar
Schlüssel Gelöscht : HKCU\Software\AppDataLow\Toolbar
Schlüssel Gelöscht : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{30F9B915-B755-4826-820B-08FBA6BD249D}
Schlüssel Gelöscht : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{7E111A5C-3D11-4F56-9463-5310C3C69025}
Schlüssel Gelöscht : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{00000000-6E41-4FD3-8538-502F5495E5FC}
Schlüssel Gelöscht : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{30F9B915-B755-4826-820B-08FBA6BD249D}
Schlüssel Gelöscht : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{50BA0FF5-8CF4-4A36-8DF0-BDA26616252F}
Schlüssel Gelöscht : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{7E111A5C-3D11-4F56-9463-5310C3C69025}
Schlüssel Gelöscht : HKCU\Software\Softonic
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\CLSID\{30F9B915-B755-4826-820B-08FBA6BD249D}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\CLSID\{50BA0FF5-8CF4-4A36-8DF0-BDA26616252F}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\CLSID\{7E111A5C-3D11-4F56-9463-5310C3C69025}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\CLSID\{7EACD652-78D4-4FBD-9D30-4B82D40BD4D4}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Conduit.Engine
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Toolbar.CT2449729
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Toolbar.CT2736476
Schlüssel Gelöscht : HKLM\Software\Conduit
Schlüssel Gelöscht : HKLM\Software\conduitEngine
Schlüssel Gelöscht : HKLM\Software\Freeware.de
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{367829EA-52F9-4872-8B27-2F06CAE057E1}
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{3C36E395-EBE5-4312-BBE3-62DC21C31101}
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{CD7A1931-D5AD-4996-B2C6-78A17500D70D}
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{30F9B915-B755-4826-820B-08FBA6BD249D}
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{7E111A5C-3D11-4F56-9463-5310C3C69025}
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{50BA0FF5-8CF4-4A36-8DF0-BDA26616252F}
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\conduitEngine
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Freeware.de Toolbar
Wert Gelöscht : HKCU\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser [{30F9B915-B755-4826-820B-08FBA6BD249D}]
Wert Gelöscht : HKCU\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser [{7E111A5C-3D11-4F56-9463-5310C3C69025}]
Wert Gelöscht : HKCU\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser [{D4027C7F-154A-4066-A1AD-4243D8127440}]
Wert Gelöscht : HKCU\Software\Microsoft\Internet Explorer\URLSearchHooks [{7E111A5C-3D11-4F56-9463-5310C3C69025}]
Wert Gelöscht : HKLM\SOFTWARE\Microsoft\Internet Explorer\Toolbar [{30F9B915-B755-4826-820B-08FBA6BD249D}]
Wert Gelöscht : HKLM\SOFTWARE\Microsoft\Internet Explorer\Toolbar [{7E111A5C-3D11-4F56-9463-5310C3C69025}]
Wert Gelöscht : HKLM\SOFTWARE\Microsoft\Internet Explorer\URLSearchHooks [{7E111A5C-3D11-4F56-9463-5310C3C69025}]

***** [Internet Browser] *****

-\\ Internet Explorer v9.0.8112.16421

Wiederhergestellt : [HKCU\Software\Microsoft\Internet Explorer\SearchScopes - DefaultScope]
Wiederhergestellt : [HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes - DefaultScope]
Wiederhergestellt : [HKU\S-1-5-18\Software\Microsoft\Internet Explorer\SearchScopes - DefaultScope]
Wiederhergestellt : [HKU\S-1-5-19\Software\Microsoft\Internet Explorer\SearchScopes - DefaultScope]
Wiederhergestellt : [HKU\S-1-5-20\Software\Microsoft\Internet Explorer\SearchScopes - DefaultScope]

-\\ Mozilla Firefox v11.0 (de)

Profilname : default 
Datei : C:\Users\Christian\AppData\Roaming\Mozilla\Firefox\Profiles\cui2yhsr.default\prefs.js

Gelöscht : user_pref("browser.search.order.1", "Ask.com");
Gelöscht : user_pref("browser.search.selectedEngine", "Ask.com");

*************************

AdwCleaner[S1].txt - [5550 octets] - [11/09/2012 22:51:53]

########## EOF - C:\AdwCleaner[S1].txt - [5610 octets] ##########
         
Gruß


Alt 12.09.2012, 00:05   #6
cosinus
/// Winkelfunktion
/// TB-Süch-Tiger™
 
BKA Trojaner Win7 - Standard

BKA Trojaner Win7



Das ist schon ok so

Hätte da mal zwei Fragen bevor es weiter geht

1.) Geht der normale Modus von Windows (wieder) uneingeschränkt?
2.) Vermisst du irgendwas im Startmenü? Sind da leere Ordner unter alle Programme oder ist alles vorhanden?
__________________
--> BKA Trojaner Win7

Alt 12.09.2012, 07:12   #7
bluth
 
BKA Trojaner Win7 - Standard

BKA Trojaner Win7



1. Sieht zumindest so aus. Ich hab jetzt noch keinen Browser und I-net Verbindung angeschmissen (Netzwerkkabel ist raus), weil ich Schiss hab, das der Kollege Trojaner sofort wieder da ist.
Wenn ich das auch testen soll, bitte Signal geben.

2. Soweit ich das überblicke, ist ja nicht mein Gerät, sieht das alles normal aus. Nichts dergleichen.

Ich hätte auch mal eine Frage: Wie man in anderen Threads sieht, kann das hier ja noch ein Weilchen weiter gehen mit diversen Tools und Scann <-> Logfile posten...
Wenn mein Freund zwischendurch mal irgendwelche Daten braucht, darf er dann mal kurz ans Gerät oder kann ich ihm diese geben?

Vielen Dank für die Hilfe!

Gruß

Alt 12.09.2012, 13:19   #8
cosinus
/// Winkelfunktion
/// TB-Süch-Tiger™
 
BKA Trojaner Win7 - Standard

BKA Trojaner Win7



Mir wärs lieber wenn die Bereinigung nicht unterbrochen wird

Mach bitte ein neues OTL-Log. Bitte alles nach Möglichkeit hier in CODE-Tags posten.

Wird so gemacht:

[code] hier steht das Log [/code]

Und das ganze sieht dann so aus:

Code:
ATTFilter
 hier steht das Log
         
CustomScan mit OTL

Lade Dir bitte OTL von Oldtimer herunter und speichere es auf Deinem Desktop. Falls schon vorhanden, bitte die ältere vorhandene Datei durch die neu heruntergeladene Datei ersetzen, damit du auch wirklich mit einer aktuellen Version von OTL arbeitest.
  • Starte bitte die OTL.exe.
    Vista und Win7 User mit Rechtsklick "als Administrator starten"
  • Setze oben mittig den Haken bei Scanne alle Benutzer
  • Kopiere nun den kompletten Inhalt aus der untenstehenden Codebox in die Textbox von OTL - wenn OTL auf deutsch ist wird sie mit beschriftet
Code:
ATTFilter
netsvcs
msconfig
safebootminimal
safebootnetwork
activex
drivers32
%ALLUSERSPROFILE%\Application Data\*.
%ALLUSERSPROFILE%\Application Data\*.exe /s
%APPDATA%\*.
%APPDATA%\*.exe /s
%SYSTEMDRIVE%\*.exe
/md5start
wininit.exe
userinit.exe
eventlog.dll
scecli.dll
netlogon.dll
cngaudit.dll
ws2ifsl.sys
sceclt.dll
ntelogon.dll
winlogon.exe
logevent.dll
user32.DLL
iaStor.sys
nvstor.sys
atapi.sys
IdeChnDr.sys
viasraid.sys
AGP440.sys
vaxscsi.sys
nvatabus.sys
viamraid.sys
nvata.sys
nvgts.sys
iastorv.sys
ViPrt.sys
eNetHook.dll
ahcix86.sys
KR10N.sys
nvstor32.sys
ahcix86s.sys
/md5stop
%systemroot%\system32\drivers\*.sys /lockedfiles
%systemroot%\System32\config\*.sav
%systemroot%\*. /mp /s
%systemroot%\system32\*.dll /lockedfiles
CREATERESTOREPOINT
         
  • Schliesse bitte nun alle Programme. (Wichtig)
  • Klicke nun bitte auf den Quick Scan Button.
  • Klick auf .
  • Kopiere nun den Inhalt aus OTL.txt hier in Deinen Thread
__________________
"Die Wahrheit ist normalerweise nur eine Entschuldigung für einen Mangel an Fantasie." (Elim Garak)

Das Trojaner-Board unterstützen
Warum Linux besser als Windows ist!

Alt 12.09.2012, 15:23   #9
bluth
 
BKA Trojaner Win7 - Standard

BKA Trojaner Win7



Das wird ihm nicht schmecken... aber was muss was muss wohl...

Das Log vom OTL Custom Scan:

Code:
ATTFilter
OTL logfile created on: 12.09.2012 15:54:14 - Run 4
OTL by OldTimer - Version 3.2.61.3     Folder = C:\Users\Christian\Desktop
 Home Premium Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
 
1,97 Gb Total Physical Memory | 1,61 Gb Available Physical Memory | 81,94% Memory free
3,93 Gb Paging File | 3,59 Gb Available in Paging File | 91,29% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 134,36 Gb Total Space | 84,22 Gb Free Space | 62,68% Space Free | Partition Type: NTFS
Drive E: | 3,82 Gb Total Space | 3,80 Gb Free Space | 99,38% Space Free | Partition Type: FAT32
 
Computer Name: CHRISTIAN-PC | User Name: Christian | Logged in as Administrator.
Boot Mode: SafeMode with Networking | Scan Mode: All users | Quick Scan
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days
 
========== Processes (SafeList) ==========
 
PRC - [2012.09.10 22:46:56 | 000,600,064 | ---- | M] (OldTimer Tools) -- C:\Users\Christian\Desktop\OTL.exe
PRC - [2011.02.25 07:30:54 | 002,616,320 | ---- | M] (Microsoft Corporation) -- C:\Windows\explorer.exe
 
 
========== Modules (No Company Name) ==========
 
 
========== Services (SafeList) ==========
 
SRV - [2012.09.06 21:23:31 | 000,250,568 | ---- | M] (Adobe Systems Incorporated) [On_Demand | Stopped] -- C:\Windows\System32\Macromed\Flash\FlashPlayerUpdateService.exe -- (AdobeFlashPlayerUpdateSvc)
SRV - [2012.04.29 16:07:41 | 000,224,096 | ---- | M] () [Auto | Stopped] -- C:\Program Files\T-Mobile\InternetManager_H\UpdateDog\ouc.exe -- (Internet Manager. RunOuc)
SRV - [2012.03.11 20:54:30 | 001,343,400 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\Wat\WatAdminSvc.exe -- (WatAdminSvc)
SRV - [2012.02.29 08:50:48 | 000,158,856 | R--- | M] (Skype Technologies) [Auto | Stopped] -- C:\Program Files\Skype\Updater\Updater.exe -- (SkypeUpdate)
SRV - [2012.01.13 11:21:10 | 000,095,200 | ---- | M] (McAfee, Inc.) [Auto | Stopped] -- c:\Program Files\McAfee\SiteAdvisor\McSACore.exe -- (McAfee SiteAdvisor Service)
SRV - [2011.10.21 16:23:42 | 000,196,176 | ---- | M] (Microsoft Corporation.) [Auto | Stopped] -- C:\Program Files\Microsoft\BingBar\BBSvc.EXE -- (BBSvc)
SRV - [2011.10.13 18:21:52 | 000,249,648 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Program Files\Microsoft\BingBar\SeaPort.EXE -- (BBUpdate)
SRV - [2011.06.17 19:33:04 | 000,237,008 | ---- | M] (McAfee, Inc.) [On_Demand | Stopped] -- C:\Program Files\McAfee Security Scan\3.0.207\McCHSvc.exe -- (McComponentHostService)
SRV - [2011.01.28 06:03:32 | 000,270,176 | ---- | M] () [Auto | Stopped] -- C:\ProgramData\DatacardService\HWDeviceService.exe -- (HWDeviceService.exe)
SRV - [2011.01.13 10:47:33 | 000,040,384 | ---- | M] (AVAST Software) [Auto | Stopped] -- C:\Program Files\Alwil Software\Avast5\AvastSvc.exe -- (avast! Antivirus)
SRV - [2009.07.31 04:20:04 | 000,144,752 | ---- | M] (TOSHIBA CORPORATION) [On_Demand | Stopped] -- c:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosBtSrv.exe -- (TOSHIBA Bluetooth Service)
SRV - [2009.07.17 06:57:36 | 000,026,112 | ---- | M] () [Auto | Stopped] -- C:\Program Files\Dell\Dell Wireless WLAN Card\WLTRYSVC.EXE -- (wltrysvc)
SRV - [2009.07.14 03:16:13 | 000,025,088 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\sensrsvc.dll -- (SensrSvc)
SRV - [2009.07.14 03:15:41 | 000,680,960 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files\Windows Defender\MpSvc.dll -- (WinDefend)
SRV - [2009.04.29 05:21:04 | 000,410,624 | ---- | M] (Conexant Systems, Inc.) [Auto | Stopped] -- C:\Windows\System32\XAudio32.dll -- (HsfXAudioService)
 
 
========== Driver Services (SafeList) ==========
 
DRV - File not found [Kernel | On_Demand | Stopped] -- system32\DRIVERS\ewusbdev.sys -- (hwusbdev)
DRV - File not found [Kernel | On_Demand | Stopped] -- system32\DRIVERS\ewusbnet.sys -- (ewusbnet)
DRV - [2012.04.29 16:07:49 | 000,181,760 | ---- | M] (Huawei Technologies Co., Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\ew_juwwanecm.sys -- (huawei_wwanecm)
DRV - [2012.04.29 16:07:49 | 000,090,112 | ---- | M] (Huawei Technologies Co., Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\ew_jucdcacm.sys -- (huawei_cdcacm)
DRV - [2012.04.29 16:07:49 | 000,026,624 | ---- | M] (Huawei Technologies Co., Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\ew_juextctrl.sys -- (huawei_ext_ctrl)
DRV - [2012.04.29 16:07:49 | 000,024,192 | ---- | M] (Bytemobile, Inc.) [Kernel | System | Running] -- C:\Windows\System32\drivers\tcpipBM.sys -- (tcpipBM)
DRV - [2012.04.29 16:07:49 | 000,011,136 | ---- | M] (Huawei Technologies Co., Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\ew_usbenumfilter.sys -- (ew_usbenumfilter)
DRV - [2012.04.29 16:07:48 | 000,353,280 | ---- | M] (Huawei Technologies Co., Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\ewusbwwan.sys -- (ewusbmbb)
DRV - [2012.04.29 16:07:48 | 000,193,792 | ---- | M] (Huawei Technologies Co., Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\ewusbmdm.sys -- (hwdatacard)
DRV - [2012.04.29 16:07:48 | 000,102,784 | ---- | M] (Huawei Technologies Co., Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\ew_hwusbdev.sys -- (ew_hwusbdev)
DRV - [2012.04.29 16:07:48 | 000,073,216 | ---- | M] (Huawei Technologies Co., Ltd.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\ew_jubusenum.sys -- (huawei_enumerator)
DRV - [2012.04.29 16:07:48 | 000,013,184 | ---- | M] (Bytemobile, Inc.) [Kernel | Boot | Running] -- C:\Windows\System32\drivers\BMLoad.sys -- (BMLoad)
DRV - [2011.08.02 18:38:44 | 000,018,432 | ---- | M] (Apple Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\netaapl.sys -- (Netaapl)
DRV - [2011.01.13 10:41:16 | 000,294,608 | ---- | M] (AVAST Software) [Kernel | System | Stopped] -- C:\Windows\System32\drivers\aswSP.sys -- (aswSP)
DRV - [2011.01.13 10:40:16 | 000,047,440 | ---- | M] (AVAST Software) [Kernel | System | Stopped] -- C:\Windows\System32\drivers\aswTdi.sys -- (aswTdi)
DRV - [2011.01.13 10:37:30 | 000,023,632 | ---- | M] (AVAST Software) [Kernel | System | Running] -- C:\Windows\System32\drivers\aswRdr.sys -- (aswRdr)
DRV - [2011.01.13 10:37:19 | 000,051,280 | ---- | M] (AVAST Software) [File_System | Auto | Stopped] -- C:\Windows\System32\drivers\aswMonFlt.sys -- (aswMonFlt)
DRV - [2011.01.13 10:37:09 | 000,017,744 | ---- | M] (AVAST Software) [File_System | Auto | Stopped] -- C:\Windows\System32\drivers\aswFsBlk.sys -- (aswFsBlk)
DRV - [2010.11.20 12:24:41 | 000,052,224 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\TsUsbFlt.sys -- (TsUsbFlt)
DRV - [2010.11.20 11:59:44 | 000,035,968 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\winusb.sys -- (WinUsb)
DRV - [2010.03.31 03:13:28 | 000,379,904 | ---- | M] (Realtek Semiconductor Corporation                           ) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\RTL8187B.sys -- (RTL8187B)
DRV - [2009.07.28 14:01:26 | 000,069,480 | ---- | M] (TOSHIBA Corporation) [Kernel | System | Stopped] -- C:\Windows\System32\drivers\tosrfcom.sys -- (Tosrfcom)
DRV - [2009.07.28 12:38:00 | 000,049,016 | ---- | M] (TOSHIBA CORPORATION) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\tosrfusb.sys -- (Tosrfusb)
DRV - [2009.07.24 05:31:58 | 000,021,608 | ---- | M] (TOSHIBA Corporation.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\tosrfnds.sys -- (tosrfnds)
DRV - [2009.07.17 06:56:50 | 000,018,424 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\bcm42rly.sys -- (BCM42RLY)
DRV - [2009.07.14 01:52:10 | 000,014,336 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\vwifimp.sys -- (vwifimp)
DRV - [2009.07.07 15:38:34 | 000,168,936 | ---- | M] (TOSHIBA CORPORATION) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\tosrfbd.sys -- (tosrfbd)
DRV - [2009.07.04 12:37:08 | 000,038,400 | ---- | M] (REDC) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\rixdpe86.sys -- (rixdpcie)
DRV - [2009.07.02 02:50:16 | 000,047,104 | ---- | M] (REDC) [Kernel | Auto | Running] -- C:\Windows\System32\drivers\rimspe86.sys -- (rimspci)
DRV - [2009.06.30 13:28:28 | 000,049,152 | ---- | M] (REDC) [Kernel | Auto | Running] -- C:\Windows\System32\drivers\risdpe86.sys -- (risdpcie)
DRV - [2009.06.25 10:58:10 | 000,048,128 | ---- | M] (REDC) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\rimmptsk.sys -- (rimmptsk)
DRV - [2009.06.25 10:25:58 | 000,038,400 | ---- | M] (REDC) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\rixdptsk.sys -- (rismxdp)
DRV - [2009.06.25 10:10:48 | 000,044,544 | ---- | M] (REDC) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\rimsptsk.sys -- (rimsptsk)
DRV - [2009.06.19 03:57:20 | 000,079,872 | ---- | M] (TOSHIBA Corporation.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\Tosrfhid.sys -- (Tosrfhid)
DRV - [2009.06.19 03:56:48 | 000,042,472 | ---- | M] (TOSHIBA Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\tosrfbnp.sys -- (tosrfbnp)
DRV - [2009.06.17 05:59:46 | 000,046,984 | ---- | M] (TOSHIBA Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\tosporte.sys -- (tosporte)
DRV - [2009.06.15 20:05:16 | 000,143,968 | ---- | M] (Creative Technology Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\CtClsFlt.sys -- (CtClsFlt)
DRV - [2009.05.28 17:48:20 | 000,134,144 | ---- | M] (Creative Technology Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\CtAudDrv.sys -- (CtAudDrv)
DRV - [2009.05.20 20:21:12 | 000,467,968 | ---- | M] (Conexant Systems Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\CHDRT32.sys -- (CnxtHdAudService)
DRV - [2009.04.29 05:20:56 | 000,008,704 | ---- | M] (Conexant Systems, Inc.) [Kernel | Auto | Stopped] -- C:\Windows\System32\drivers\XAudio32.sys -- (XAudio)
DRV - [2009.03.24 19:25:24 | 000,197,680 | ---- | M] (Alps Electric Co., Ltd.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\Apfiltr.sys -- (ApfiltrService)
 
 
========== Standard Registry (SafeList) ==========
 
 
========== Internet Explorer ==========
 
IE - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE - HKLM\..\SearchScopes\{5C6788F2-FFD2-410E-951C-A1279BDCE640}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&form=DLSDF8&pc=MDDS&src=IE-SearchBox
IE - HKLM\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = hxxp://www.google.com/search?q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&sourceid=ie7
 
 
IE - HKU\.DEFAULT\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
 
IE - HKU\S-1-5-18\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
 
IE - HKU\S-1-5-19\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
 
IE - HKU\S-1-5-20\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
 
IE - HKU\S-1-5-21-2641306596-2459300260-627242885-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://g.uk.msn.com/USSMB/8
IE - HKU\S-1-5-21-2641306596-2459300260-627242885-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.ruhepuls.com/
IE - HKU\S-1-5-21-2641306596-2459300260-627242885-1000\..\URLSearchHook: {0EBBBE48-BAD4-4B4C-8E5A-516ABECAE064} - c:\Program Files\McAfee\SiteAdvisor\McIEPlg.dll (McAfee, Inc.)
IE - HKU\S-1-5-21-2641306596-2459300260-627242885-1000\..\URLSearchHook: {a51a36e6-31e7-4838-9ff7-76298b527ec0} - No CLSID value found
IE - HKU\S-1-5-21-2641306596-2459300260-627242885-1000\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE - HKU\S-1-5-21-2641306596-2459300260-627242885-1000\..\SearchScopes\{1B865875-B7E8-4C02-8049-B2BABF1AB289}: "URL" = hxxp://search.gmx.com/web?q={searchTerms}&origin=tb_splugin_ie
IE - HKU\S-1-5-21-2641306596-2459300260-627242885-1000\..\SearchScopes\{1F6A0FE4-A3A6-4ED2-A38A-880FD62229D3}: "URL" = hxxp://search.conduit.com/ResultsExt.aspx?q={searchTerms}&SearchSource=4&ctid=CT2736476
IE - HKU\S-1-5-21-2641306596-2459300260-627242885-1000\..\SearchScopes\{3661BC0A-252D-4A27-A9EA-6F5788DEE226}: "URL" = hxxp://www.bing.com/search?FORM=DLSBDF&PC=MDDS&q={searchTerms}&src=IE-SearchBox
IE - HKU\S-1-5-21-2641306596-2459300260-627242885-1000\..\SearchScopes\{440D4342-2F9B-49AC-B606-C92D3E2B8909}: "URL" = hxxp://go.web.de/tb/ie_searchplugin/?su={searchTerms}
IE - HKU\S-1-5-21-2641306596-2459300260-627242885-1000\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = hxxp://www.google.com/search?q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&sourceid=ie7&rlz=1I7SKPT_de
IE - HKU\S-1-5-21-2641306596-2459300260-627242885-1000\..\SearchScopes\{7029FD5F-6E57-4BC4-A857-F0940F80AA2C}: "URL" = hxxp://go.1und1.de/tb/ie_searchplugin/?su={searchTerms}
IE - HKU\S-1-5-21-2641306596-2459300260-627242885-1000\..\SearchScopes\{8F85EA1C-E713-44BC-8A83-4D93684FD088}: "URL" = hxxp://go.gmx.net/tb/ie_searchplugin/?su={searchTerms}
IE - HKU\S-1-5-21-2641306596-2459300260-627242885-1000\..\SearchScopes\{998F971A-21C4-46DF-A76A-3AB29AD904B9}: "URL" = hxxp://websearch.ask.com/redirect?client=ie&tb=ORJ&o=100000027&src=kw&q={searchTerms}&locale=de_DE&apn_ptnrs=U3&apn_dtid=OSJ000YYDE&apn_uid=6AB7589A-0D67-413D-837D-5BD290C1B602&apn_sauid=BA27AF55-9101-45CD-AD02-0B1F4A72D086
IE - HKU\S-1-5-21-2641306596-2459300260-627242885-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKU\S-1-5-21-2641306596-2459300260-627242885-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local
 
========== FireFox ==========
 
FF - prefs.js..browser.search.defaultengine: "Google"
FF - prefs.js..browser.search.defaultenginename: "Google"
FF - prefs.js..browser.startup.homepage: "hxxp://www.ruhepuls.com/"
FF - prefs.js..network.proxy.no_proxies_on: "*.local"
FF - prefs.js..network.proxy.type: 0
FF - user.js - File not found
 
FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF32_11_3_300_271.dll ()
FF - HKLM\Software\MozillaPlugins\@adobe.com/ShockwavePlayer: C:\Windows\system32\Adobe\Director\np32dsw.dll (Adobe Systems, Inc.)
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files\Java\jre6\bin\new_plugin\npjp2.dll (Sun Microsystems, Inc.)
FF - HKLM\Software\MozillaPlugins\@mcafee.com/SAFFPlugin: C:\Program Files\McAfee\SiteAdvisor\npmcffplg32.dll (McAfee, Inc.)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files\Microsoft Silverlight\4.1.10329.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=14.0.8081.0709: C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files\Google\Update\1.3.21.115\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files\Google\Update\1.3.21.115\npGoogleUpdate3.dll (Google Inc.)
 
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\ff-bmboc@bytemobile.com: C:\Program Files\T-Mobile\InternetManager_H\OCx32\addon [2012.04.29 16:07:53 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{4ED1F68A-5463-4931-9384-8FFF5ED91D92}: C:\Program Files\McAfee\SiteAdvisor [2012.05.04 19:55:27 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 11.0\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2012.04.24 15:03:26 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 11.0\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Thunderbird 15.0\extensions\\Components: C:\Program Files\Mozilla Thunderbird\components [2012.06.18 08:24:31 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Thunderbird 15.0\extensions\\Plugins: C:\Program Files\Mozilla Thunderbird\plugins
 
[2010.06.21 17:43:31 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Christian\AppData\Roaming\mozilla\Extensions
[2010.06.21 17:43:31 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Christian\AppData\Roaming\mozilla\Extensions\{3550f703-e582-4d05-9a08-453d09bdfdc6}
[2012.05.02 13:43:47 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Christian\AppData\Roaming\mozilla\Firefox\Profiles\cui2yhsr.default\extensions
[2012.04.24 15:03:26 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files\Mozilla Firefox\extensions
[2012.03.13 06:38:06 | 000,097,208 | ---- | M] (Mozilla Foundation) -- C:\Program Files\mozilla firefox\components\browsercomps.dll
[2012.03.13 07:23:34 | 000,001,392 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\amazondotcom-de.xml
[2012.03.13 07:06:36 | 000,002,252 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\bing.xml
[2012.03.13 07:23:34 | 000,001,153 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\eBay-de.xml
[2012.03.13 07:23:34 | 000,006,805 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\leo_ende_de.xml
[2012.03.13 07:23:34 | 000,001,178 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\wikipedia-de.xml
[2012.03.13 07:23:34 | 000,001,105 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\yahoo-de.xml
 
O1 HOSTS File: ([2009.06.10 23:39:37 | 000,000,824 | ---- | M]) - C:\Windows\System32\drivers\etc\hosts
O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - No CLSID value found.
O2 - BHO: (Skype Browser Helper) - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O2 - BHO: (McAfee SiteAdvisor BHO) - {B164E929-A1B6-4A06-B104-2CD0E90A88FF} - c:\Program Files\McAfee\SiteAdvisor\McIEPlg.dll (McAfee, Inc.)
O2 - BHO: (GMX Toolbar BHO) - {BF42D4A8-016E-4fcd-B1EB-837659FD77C6} - C:\Program Files\GMX Toolbar\IE\uitb.dll (1und1 Mail und Media GmbH)
O2 - BHO: (Bing Bar Helper) - {d2ce3e00-f94a-4740-988e-03dc2f38c34f} - C:\Program Files\Microsoft\BingBar\BingExt.dll (Microsoft Corporation.)
O3 - HKLM\..\Toolbar: (McAfee SiteAdvisor Toolbar) - {0EBBBE48-BAD4-4B4C-8E5A-516ABECAE064} - c:\Program Files\McAfee\SiteAdvisor\McIEPlg.dll (McAfee, Inc.)
O3 - HKLM\..\Toolbar: (Bing Bar) - {8dcb7100-df86-4384-8842-8fa844297b3f} - C:\Program Files\Microsoft\BingBar\BingExt.dll (Microsoft Corporation.)
O3 - HKLM\..\Toolbar: (GMX Toolbar) - {C424171E-592A-415a-9EB1-DFD6D95D3530} - C:\Program Files\GMX Toolbar\IE\uitb.dll (1und1 Mail und Media GmbH)
O3 - HKLM\..\Toolbar: (no name) - Locked - No CLSID value found.
O3 - HKU\S-1-5-21-2641306596-2459300260-627242885-1000\..\Toolbar\WebBrowser: (no name) - {21FA44EF-376D-4D53-9B0F-8A89D3229068} - No CLSID value found.
O3 - HKU\S-1-5-21-2641306596-2459300260-627242885-1000\..\Toolbar\WebBrowser: (no name) - {A51A36E6-31E7-4838-9FF7-76298B527EC0} - No CLSID value found.
O3 - HKU\S-1-5-21-2641306596-2459300260-627242885-1000\..\Toolbar\WebBrowser: (GMX Toolbar) - {C424171E-592A-415A-9EB1-DFD6D95D3530} - C:\Program Files\GMX Toolbar\IE\uitb.dll (1und1 Mail und Media GmbH)
O4 - HKLM..\Run: [Apoint] C:\Program Files\DellTPad\Apoint.exe (Alps Electric Co., Ltd.)
O4 - HKLM..\Run: [APSDaemon] C:\Program Files\Common Files\Apple\Apple Application Support\APSDaemon.exe (Apple Inc.)
O4 - HKLM..\Run: [avast5] C:\Program Files\Alwil Software\Avast5\avastUI.exe (AVAST Software)
O4 - HKLM..\Run: [Broadcom Wireless Manager UI] C:\Program Files\Dell\Dell Wireless WLAN Card\WLTRAY.EXE (Dell Inc.)
O4 - HKLM..\Run: [DBRMTray] C:\dell\DBRM\Reminder\DbrmTrayicon.exe (Microsoft)
O4 - HKLM..\Run: [Dell Webcam Central] C:\Program Files\Dell Webcam\Dell Webcam Central\WebcamDell2.exe (Creative Technology Ltd)
O4 - HKLM..\Run: [ITSecMng] C:\Program Files\TOSHIBA\Bluetooth Toshiba Stack\ItSecMng.exe (TOSHIBA CORPORATION)
O4 - HKU\S-1-5-21-2641306596-2459300260-627242885-1000..\Run: [werdiagcontroller] C:\Users\Christian\AppData\Local\Microsoft\Windows\2234\werdiagcontroller.exe ()
O4 - HKLM..\RunOnce: [DBRMTray] C:\dell\DBRM\Reminder\TrayApp.exe (Microsoft)
O4 - HKU\S-1-5-19..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (Microsoft Corporation)
O4 - HKU\S-1-5-20..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (Microsoft Corporation)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
O9 - Extra Button: Skype Click to Call - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O9 - Extra 'Tools' menuitem : Skype Click to Call - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000006 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)
O13 - gopher Prefix: missing
O16 - DPF: {166B1BCA-3F9C-11CF-8075-444553540000} hxxp://download.macromedia.com/pub/shockwave/cabs/director/sw.cab (Shockwave ActiveX Control)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_29-windows-i586.cab (Java Plug-in 1.6.0_29)
O16 - DPF: {CAFEEFAC-0016-0000-0029-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_29-windows-i586.cab (Java Plug-in 1.6.0_29)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_29-windows-i586.cab (Java Plug-in 1.6.0_29)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{1E2B1263-DA41-4F33-80E3-3FB27F72CA4C}: DhcpNameServer = 192.168.178.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{4E29FB45-A2B4-49A5-A84C-9ACEB75FC6FD}: NameServer = 10.74.210.210 10.74.210.211
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{BEAC369A-2DD0-462F-AB03-0614B7971FA1}: NameServer = 10.74.210.210 10.74.210.211
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{D51ED1F8-A2E9-4F87-B517-FD1F268E16C5}: DhcpNameServer = 10.129.32.1 10.111.81.129
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{F88506AD-A1A8-4BF4-A130-04D379773D0C}: DhcpNameServer = 192.168.178.1
O18 - Protocol\Handler\dssrequest {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\Program Files\McAfee\SiteAdvisor\McIEPlg.dll (McAfee, Inc.)
O18 - Protocol\Handler\gmx {8FAF0273-9CA8-4efc-9536-1E35E254D5CD} - C:\Program Files\GMX Toolbar\IE\uitb.dll (1und1 Mail und Media GmbH)
O18 - Protocol\Handler\sacore {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\Program Files\McAfee\SiteAdvisor\McIEPlg.dll (McAfee, Inc.)
O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files\Common Files\Skype\Skype4COM.dll (Skype Technologies)
O18 - Protocol\Handler\skype-ie-addon-data {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\System32\userinit.exe (Microsoft Corporation)
O20 - HKLM Winlogon: VMApplet - (SystemPropertiesPerformance.exe) - C:\Windows\System32\SystemPropertiesPerformance.exe (Microsoft Corporation)
O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O28 - HKLM ShellExecuteHooks: {5AE067D3-9AFB-48E0-853A-EBB7F4A000DA} - C:\Program Files\SUPERAntiSpyware\SASSEH.DLL File not found
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2009.06.10 23:42:20 | 000,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ]
O33 - MountPoints2\{134440cd-a0be-11e1-bc92-b8ac6f5d1e90}\Shell - "" = AutoRun
O33 - MountPoints2\{134440cd-a0be-11e1-bc92-b8ac6f5d1e90}\Shell\AutoRun\command - "" = E:\AutoRun.exe
O33 - MountPoints2\{1dee277b-4b07-11e0-999e-b8ac6f5d1e90}\Shell - "" = AutoRun
O33 - MountPoints2\{1dee277b-4b07-11e0-999e-b8ac6f5d1e90}\Shell\AutoRun\command - "" = E:\AutoRun.exe
O33 - MountPoints2\{38eeded0-92a4-11e1-bf64-b8ac6f5d1e90}\Shell - "" = AutoRun
O33 - MountPoints2\{38eeded0-92a4-11e1-bf64-b8ac6f5d1e90}\Shell\AutoRun\command - "" = E:\AutoRun.exe
O33 - MountPoints2\{5a51dd28-79fd-11e0-971f-001e101f79c9}\Shell - "" = AutoRun
O33 - MountPoints2\{5a51dd28-79fd-11e0-971f-001e101f79c9}\Shell\AutoRun\command - "" = F:\LGAutoRun.exe
O33 - MountPoints2\{6fce6508-7b0e-11df-bd2f-b8ac6f5d1e90}\Shell - "" = AutoRun
O33 - MountPoints2\{6fce6508-7b0e-11df-bd2f-b8ac6f5d1e90}\Shell\AutoRun\command - "" = E:\AutoRun.exe
O33 - MountPoints2\{6fce6519-7b0e-11df-bd2f-b8ac6f5d1e90}\Shell - "" = AutoRun
O33 - MountPoints2\{6fce6519-7b0e-11df-bd2f-b8ac6f5d1e90}\Shell\AutoRun\command - "" = G:\AutoRun.exe
O33 - MountPoints2\{af11dbe4-bb4a-11e0-b6fb-b8ac6f5d1e90}\Shell - "" = AutoRun
O33 - MountPoints2\{af11dbe4-bb4a-11e0-b6fb-b8ac6f5d1e90}\Shell\AutoRun\command - "" = E:\AutoRun.exe
O33 - MountPoints2\{bd35594b-91f3-11e1-b9c3-b8ac6f5d1e90}\Shell - "" = AutoRun
O33 - MountPoints2\{bd35594b-91f3-11e1-b9c3-b8ac6f5d1e90}\Shell\AutoRun\command - "" = E:\AutoRun.exe
O33 - MountPoints2\{bd355960-91f3-11e1-b9c3-b8ac6f5d1e90}\Shell - "" = AutoRun
O33 - MountPoints2\{bd355960-91f3-11e1-b9c3-b8ac6f5d1e90}\Shell\AutoRun\command - "" = E:\AutoRun.exe
O33 - MountPoints2\{e4dc09c2-bf2a-11e0-8fee-001e101f4da1}\Shell - "" = AutoRun
O33 - MountPoints2\{e4dc09c2-bf2a-11e0-8fee-001e101f4da1}\Shell\AutoRun\command - "" = E:\LaunchU3.exe -a
O33 - MountPoints2\E\Shell - "" = AutoRun
O33 - MountPoints2\E\Shell\AutoRun\command - "" = E:\LaunchU3.exe -a
O34 - HKLM BootExecute: (autocheck autochk *)
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)
O38 - SubSystems\\Windows: (ServerDll=sxssrv,4)
 
NetSvcs: FastUserSwitchingCompatibility -  File not found
NetSvcs: Ias - C:\Windows\System32\ias.dll (Microsoft Corporation)
NetSvcs: Nla -  File not found
NetSvcs: Ntmssvc -  File not found
NetSvcs: NWCWorkstation -  File not found
NetSvcs: Nwsapagent -  File not found
NetSvcs: SRService -  File not found
NetSvcs: WmdmPmSp -  File not found
NetSvcs: LogonHours -  File not found
NetSvcs: PCAudit -  File not found
NetSvcs: helpsvc -  File not found
NetSvcs: uploadmgr -  File not found
 
MsConfig - StartUpFolder: C:^Users^Christian^AppData^Roaming^Microsoft^Windows^Start Menu^Programs^Startup^OpenOffice.org 3.2.lnk - C:\Program Files\OpenOffice.org 3\program\quickstart.exe - ()
MsConfig - StartUpReg: Adobe ARM - hkey= - key= - C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe (Adobe Systems Incorporated)
MsConfig - StartUpReg: Adobe Reader Speed Launcher - hkey= - key= - C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe (Adobe Systems Incorporated)
MsConfig - StartUpReg: PDVDDXSrv - hkey= - key= - C:\Program Files\CyberLink\PowerDVD DX\PDVDDXSrv.exe (CyberLink Corp.)
MsConfig - State: "startup" - 2
 
SafeBootMin: AppMgmt - Service
SafeBootMin: Base - Driver Group
SafeBootMin: Boot Bus Extender - Driver Group
SafeBootMin: Boot file system - Driver Group
SafeBootMin: File system - Driver Group
SafeBootMin: Filter - Driver Group
SafeBootMin: HelpSvc - Service
SafeBootMin: NTDS -  File not found
SafeBootMin: PCI Configuration - Driver Group
SafeBootMin: PNP Filter - Driver Group
SafeBootMin: Primary disk - Driver Group
SafeBootMin: sacsvr - Service
SafeBootMin: SCSI Class - Driver Group
SafeBootMin: System Bus Extender - Driver Group
SafeBootMin: vmms - Service
SafeBootMin: WinDefend - C:\Program Files\Windows Defender\MpSvc.dll (Microsoft Corporation)
SafeBootMin: {36FC9E60-C465-11CF-8056-444553540000} - Universal Serial Bus controllers
SafeBootMin: {4D36E965-E325-11CE-BFC1-08002BE10318} - CD-ROM Drive
SafeBootMin: {4D36E967-E325-11CE-BFC1-08002BE10318} - DiskDrive
SafeBootMin: {4D36E969-E325-11CE-BFC1-08002BE10318} - Standard floppy disk controller
SafeBootMin: {4D36E96A-E325-11CE-BFC1-08002BE10318} - Hdc
SafeBootMin: {4D36E96B-E325-11CE-BFC1-08002BE10318} - Keyboard
SafeBootMin: {4D36E96F-E325-11CE-BFC1-08002BE10318} - Mouse
SafeBootMin: {4D36E977-E325-11CE-BFC1-08002BE10318} - PCMCIA Adapters
SafeBootMin: {4D36E97B-E325-11CE-BFC1-08002BE10318} - SCSIAdapter
SafeBootMin: {4D36E97D-E325-11CE-BFC1-08002BE10318} - System
SafeBootMin: {4D36E980-E325-11CE-BFC1-08002BE10318} - Floppy disk drive
SafeBootMin: {533C5B84-EC70-11D2-9505-00C04F79DEAF} - Volume shadow copy
SafeBootMin: {6BDD1FC1-810F-11D0-BEC7-08002BE2092F} - IEEE 1394 Bus host controllers
SafeBootMin: {71A27CDD-812A-11D0-BEC7-08002BE2092F} - Volume
SafeBootMin: {745A17A0-74D3-11D0-B6FE-00A0C90F57DA} - Human Interface Devices
SafeBootMin: {D48179BE-EC20-11D1-B6B8-00C04FA372A7} - SBP2 IEEE 1394 Devices
SafeBootMin: {D94EE5D8-D189-4994-83D2-F68D7D41B0E6} - SecurityDevices
 
SafeBootNet: AppMgmt - Service
SafeBootNet: Base - Driver Group
SafeBootNet: Boot Bus Extender - Driver Group
SafeBootNet: Boot file system - Driver Group
SafeBootNet: File system - Driver Group
SafeBootNet: Filter - Driver Group
SafeBootNet: HelpSvc - Service
SafeBootNet: Messenger - Service
SafeBootNet: NDIS Wrapper - Driver Group
SafeBootNet: NetBIOSGroup - Driver Group
SafeBootNet: NetDDEGroup - Driver Group
SafeBootNet: Network - Driver Group
SafeBootNet: NetworkProvider - Driver Group
SafeBootNet: NTDS -  File not found
SafeBootNet: PCI Configuration - Driver Group
SafeBootNet: PNP Filter - Driver Group
SafeBootNet: PNP_TDI - Driver Group
SafeBootNet: Primary disk - Driver Group
SafeBootNet: rdsessmgr - Service
SafeBootNet: sacsvr - Service
SafeBootNet: SCSI Class - Driver Group
SafeBootNet: Streams Drivers - Driver Group
SafeBootNet: System Bus Extender - Driver Group
SafeBootNet: TDI - Driver Group
SafeBootNet: vmms - Service
SafeBootNet: WinDefend - C:\Program Files\Windows Defender\MpSvc.dll (Microsoft Corporation)
SafeBootNet: WudfUsbccidDriver - Driver
SafeBootNet: {36FC9E60-C465-11CF-8056-444553540000} - Universal Serial Bus controllers
SafeBootNet: {4D36E965-E325-11CE-BFC1-08002BE10318} - CD-ROM Drive
SafeBootNet: {4D36E967-E325-11CE-BFC1-08002BE10318} - DiskDrive
SafeBootNet: {4D36E969-E325-11CE-BFC1-08002BE10318} - Standard floppy disk controller
SafeBootNet: {4D36E96A-E325-11CE-BFC1-08002BE10318} - Hdc
SafeBootNet: {4D36E96B-E325-11CE-BFC1-08002BE10318} - Keyboard
SafeBootNet: {4D36E96F-E325-11CE-BFC1-08002BE10318} - Mouse
SafeBootNet: {4D36E972-E325-11CE-BFC1-08002BE10318} - Net
SafeBootNet: {4D36E973-E325-11CE-BFC1-08002BE10318} - NetClient
SafeBootNet: {4D36E974-E325-11CE-BFC1-08002BE10318} - NetService
SafeBootNet: {4D36E975-E325-11CE-BFC1-08002BE10318} - NetTrans
SafeBootNet: {4D36E977-E325-11CE-BFC1-08002BE10318} - PCMCIA Adapters
SafeBootNet: {4D36E97B-E325-11CE-BFC1-08002BE10318} - SCSIAdapter
SafeBootNet: {4D36E97D-E325-11CE-BFC1-08002BE10318} - System
SafeBootNet: {4D36E980-E325-11CE-BFC1-08002BE10318} - Floppy disk drive
SafeBootNet: {50DD5230-BA8A-11D1-BF5D-0000F805F530} - Smart card readers
SafeBootNet: {533C5B84-EC70-11D2-9505-00C04F79DEAF} - Volume shadow copy
SafeBootNet: {6BDD1FC1-810F-11D0-BEC7-08002BE2092F} - IEEE 1394 Bus host controllers
SafeBootNet: {71A27CDD-812A-11D0-BEC7-08002BE2092F} - Volume
SafeBootNet: {745A17A0-74D3-11D0-B6FE-00A0C90F57DA} - Human Interface Devices
SafeBootNet: {D48179BE-EC20-11D1-B6B8-00C04FA372A7} - SBP2 IEEE 1394 Devices
SafeBootNet: {D94EE5D8-D189-4994-83D2-F68D7D41B0E6} - SecurityDevices
 
ActiveX: {08B0E5C0-4FCB-11CF-AAA5-00401C608500} - Java (Sun)
ActiveX: {22d6f312-b0f6-11d0-94ab-0080c74c7e95} - Microsoft Windows Media Player 12.0
ActiveX: {25FFAAD0-F4A3-4164-95FF-4461E9F35D51} - .NET Framework
ActiveX: {2C7339CF-2B09-4501-B3F3-F3508C9228ED} - %SystemRoot%\system32\regsvr32.exe /s /n /i:/UserInstall %SystemRoot%\system32\themeui.dll
ActiveX: {3af36230-a269-11d1-b5bf-0000f8051515} - Offline Browsing Pack
ActiveX: {3C3901C5-3455-3E0A-A214-0B093A5070A6} - .NET Framework
ActiveX: {44BBA840-CC51-11CF-AAFA-00AA00B6015C} - "%ProgramFiles%\Windows Mail\WinMail.exe" OCInstallUserConfigOE
ActiveX: {44BBA855-CC51-11CF-AAFA-00AA00B6015F} - DirectDrawEx
ActiveX: {45ea75a0-a269-11d1-b5bf-0000f8051515} - Internet Explorer Help
ActiveX: {4f645220-306d-11d2-995d-00c04f98bbc9} - Microsoft Windows Script 5.6
ActiveX: {5fd399c0-a70a-11d1-9948-00c04f98bbc9} - Internet Explorer Setup Tools
ActiveX: {630b1da0-b465-11d1-9948-00c04f98bbc9} - Browsing Enhancements
ActiveX: {6BF52A52-394A-11d3-B153-00C04F79FAA6} - Microsoft Windows Media Player
ActiveX: {6fab99d0-bab8-11d1-994a-00c04f98bbc9} - MSN Site Access
ActiveX: {7790769C-0471-11d2-AF11-00C04FA35D02} - Address Book 7
ActiveX: {7C028AF8-F614-47B3-82DA-BA94E41B1089} - .NET Framework
ActiveX: {89820200-ECBD-11cf-8B85-00AA005B4340} - regsvr32.exe /s /n /i:U shell32.dll
ActiveX: {89820200-ECBD-11cf-8B85-00AA005B4383} - C:\Windows\System32\ie4uinit.exe -BaseSettings
ActiveX: {89B4C1CD-B018-4511-B0A1-5476DBF70820} - C:\Windows\system32\Rundll32.exe C:\Windows\system32\mscories.dll,Install
ActiveX: {9381D8F2-0288-11D0-9501-00AA00B911A5} - Dynamic HTML Data Binding
ActiveX: {C9E9A340-D1F1-11D0-821E-444553540600} - Internet Explorer Core Fonts
ActiveX: {D27CDB6E-AE6D-11CF-96B8-444553540000} - Adobe Flash Player
ActiveX: {de5aed00-a4bf-11d1-9948-00c04f98bbc9} - HTML Help
ActiveX: {E92B03AB-B707-11d2-9CBD-0000F87A369E} - Active Directory Service Interface
ActiveX: >{22d6f312-b0f6-11d0-94ab-0080c74c7e95} - %SystemRoot%\system32\unregmp2.exe /ShowWMP
ActiveX: >{26923b43-4d38-484f-9b9e-de460746276c} - C:\Windows\System32\ie4uinit.exe -UserIconConfig
ActiveX: >{60B49E34-C7CC-11D0-8953-00A0C90347FF} - "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\iedkcs32.dll",BrandIEActiveSetup SIGNUP
 
Drivers32: msacm.l3acm - C:\Windows\System32\l3codeca.acm (Fraunhofer Institut Integrierte Schaltungen IIS)
Drivers32: MSVideo8 - C:\Windows\System32\vfwwdm32.dll (Microsoft Corporation)
Drivers32: vidc.cvid - C:\Windows\System32\iccvid.dll (Radius Inc.)
 
CREATERESTOREPOINT
Unable to start System Restore Service. Error code 1084
 
========== Files/Folders - Created Within 30 Days ==========
 
[2012.09.11 15:27:06 | 000,000,000 | ---D | C] -- C:\Program Files\ESET
[2012.09.11 15:26:31 | 002,322,184 | ---- | C] (ESET) -- C:\Users\Christian\Desktop\esetsmartinstaller_enu.exe
[2012.09.11 10:25:52 | 000,000,000 | ---D | C] -- C:\Users\Christian\AppData\Roaming\hellomoto
[2012.09.10 23:42:27 | 000,000,000 | ---D | C] -- C:\Users\Christian\AppData\Local\Macromedia
[2012.09.10 23:32:18 | 000,000,000 | ---D | C] -- C:\Program Files\CCleaner
[2012.09.10 23:15:12 | 000,000,000 | ---D | C] -- C:\Users\Christian\AppData\Roaming\Malwarebytes
[2012.09.10 23:14:27 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes' Anti-Malware
[2012.09.10 23:14:26 | 000,022,856 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbam.sys
[2012.09.10 23:14:26 | 000,000,000 | ---D | C] -- C:\Program Files\Malwarebytes' Anti-Malware
[2012.09.10 23:14:26 | 000,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes
[2012.09.10 22:47:59 | 000,600,064 | ---- | C] (OldTimer Tools) -- C:\Users\Christian\Desktop\OTL.exe
[2011.02.23 12:50:20 | 005,882,888 | ---- | C] (RhinoSoft.com                                               ) -- C:\Users\Christian\FTPVoyagerSetup.exe
 
========== Files - Modified Within 30 Days ==========
 
[2012.09.12 15:54:04 | 000,654,150 | ---- | M] () -- C:\Windows\System32\perfh007.dat
[2012.09.12 15:54:04 | 000,616,032 | ---- | M] () -- C:\Windows\System32\perfh009.dat
[2012.09.12 15:54:04 | 000,130,022 | ---- | M] () -- C:\Windows\System32\perfc007.dat
[2012.09.12 15:54:04 | 000,106,412 | ---- | M] () -- C:\Windows\System32\perfc009.dat
[2012.09.12 15:46:06 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2012.09.12 15:45:59 | 1582,583,808 | -HS- | M] () -- C:\hiberfil.sys
[2012.09.12 00:10:10 | 000,001,104 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job
[2012.09.12 00:07:00 | 000,000,884 | ---- | M] () -- C:\Windows\tasks\Adobe Flash Player Updater.job
[2012.09.11 23:00:39 | 000,014,240 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
[2012.09.11 23:00:39 | 000,014,240 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
[2012.09.11 22:53:33 | 000,001,100 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job
[2012.09.11 22:49:48 | 000,512,399 | ---- | M] () -- C:\Users\Christian\Desktop\adwcleaner.exe
[2012.09.11 14:37:12 | 002,322,184 | ---- | M] (ESET) -- C:\Users\Christian\Desktop\esetsmartinstaller_enu.exe
[2012.09.11 14:27:44 | 000,001,029 | ---- | M] () -- C:\Users\Public\Desktop\ Malwarebytes Anti-Malware .lnk
[2012.09.10 23:32:22 | 000,000,927 | ---- | M] () -- C:\Users\Public\Desktop\CCleaner.lnk
[2012.09.10 22:46:56 | 000,600,064 | ---- | M] (OldTimer Tools) -- C:\Users\Christian\Desktop\OTL.exe
[2012.09.09 09:18:40 | 000,002,172 | -H-- | M] () -- C:\Users\Christian\Documents\Default.rdp
[2012.09.07 17:04:46 | 000,022,856 | ---- | M] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbam.sys
[2012.09.01 15:13:55 | 000,002,288 | ---- | M] () -- C:\Users\Public\Desktop\Google Chrome.lnk
[2012.08.16 08:09:11 | 000,434,600 | ---- | M] () -- C:\Windows\System32\FNTCACHE.DAT
 
========== Files Created - No Company Name ==========
 
[2012.09.11 22:51:24 | 000,512,399 | ---- | C] () -- C:\Users\Christian\Desktop\adwcleaner.exe
[2012.09.10 23:32:22 | 000,000,927 | ---- | C] () -- C:\Users\Public\Desktop\CCleaner.lnk
[2012.09.10 23:14:27 | 000,001,029 | ---- | C] () -- C:\Users\Public\Desktop\ Malwarebytes Anti-Malware .lnk
[2012.01.08 14:50:22 | 000,000,000 | ---- | C] () -- C:\Users\Christian\AppData\Local\{D099D9E4-1A12-4731-94E2-C6BAC5133851}
[2011.07.13 18:20:52 | 000,000,000 | ---- | C] () -- C:\Users\Christian\AppData\Local\{79E2CA01-03BC-42FA-A9EA-24CB12FD8775}
[2011.06.25 20:39:23 | 000,000,000 | ---- | C] () -- C:\Users\Christian\AppData\Local\{50A48D02-A206-4567-B704-788298320F6B}
[2010.12.14 23:40:02 | 000,116,224 | ---- | C] () -- C:\Windows\System32\pdfcmnnt.dll
[2010.12.05 19:35:37 | 000,000,056 | -H-- | C] () -- C:\ProgramData\ezsidmv.dat
 
========== LOP Check ==========
 
[2012.03.29 13:04:44 | 000,000,000 | ---D | M] -- C:\Users\Christian\AppData\Roaming\1&1 Mail & Media GmbH
[2012.01.26 11:50:01 | 000,000,000 | ---D | M] -- C:\Users\Christian\AppData\Roaming\Amazon
[2011.11.03 00:09:02 | 000,000,000 | ---D | M] -- C:\Users\Christian\AppData\Roaming\go
[2012.09.11 10:25:52 | 000,000,000 | ---D | M] -- C:\Users\Christian\AppData\Roaming\hellomoto
[2012.03.08 08:28:07 | 000,000,000 | ---D | M] -- C:\Users\Christian\AppData\Roaming\mp3DirectCut
[2011.02.23 12:34:52 | 000,000,000 | ---D | M] -- C:\Users\Christian\AppData\Roaming\mquadr.at
[2010.05.28 10:07:39 | 000,000,000 | ---D | M] -- C:\Users\Christian\AppData\Roaming\OpenOffice.org
[2011.02.23 12:53:31 | 000,000,000 | ---D | M] -- C:\Users\Christian\AppData\Roaming\RhinoSoft.com
[2012.04.29 16:08:07 | 000,000,000 | ---D | M] -- C:\Users\Christian\AppData\Roaming\T-Mobile
[2010.06.21 17:43:30 | 000,000,000 | ---D | M] -- C:\Users\Christian\AppData\Roaming\Thunderbird
[2012.07.12 12:29:29 | 000,032,640 | ---- | M] () -- C:\Windows\Tasks\SCHEDLGU.TXT
 
========== Purity Check ==========
 
 
 
========== Custom Scans ==========
 
< %ALLUSERSPROFILE%\Application Data\*. >
 
< %ALLUSERSPROFILE%\Application Data\*.exe /s >
 
< %APPDATA%\*. >
[2012.03.29 13:04:44 | 000,000,000 | ---D | M] -- C:\Users\Christian\AppData\Roaming\1&1 Mail & Media GmbH
[2010.06.12 15:32:41 | 000,000,000 | ---D | M] -- C:\Users\Christian\AppData\Roaming\Adobe
[2012.01.26 11:50:01 | 000,000,000 | ---D | M] -- C:\Users\Christian\AppData\Roaming\Amazon
[2011.11.19 16:23:00 | 000,000,000 | ---D | M] -- C:\Users\Christian\AppData\Roaming\Apple Computer
[2010.07.01 16:26:10 | 000,000,000 | R--D | M] -- C:\Users\Christian\AppData\Roaming\Brother
[2010.05.28 10:17:31 | 000,000,000 | ---D | M] -- C:\Users\Christian\AppData\Roaming\Creative
[2010.05.27 17:55:30 | 000,000,000 | ---D | M] -- C:\Users\Christian\AppData\Roaming\CyberLink
[2011.11.03 00:09:02 | 000,000,000 | ---D | M] -- C:\Users\Christian\AppData\Roaming\go
[2010.12.05 21:19:42 | 000,000,000 | ---D | M] -- C:\Users\Christian\AppData\Roaming\Google
[2012.09.11 10:25:52 | 000,000,000 | ---D | M] -- C:\Users\Christian\AppData\Roaming\hellomoto
[2010.05.27 16:10:22 | 000,000,000 | ---D | M] -- C:\Users\Christian\AppData\Roaming\Identities
[2010.05.27 18:00:03 | 000,000,000 | ---D | M] -- C:\Users\Christian\AppData\Roaming\Macromedia
[2012.09.10 23:15:12 | 000,000,000 | ---D | M] -- C:\Users\Christian\AppData\Roaming\Malwarebytes
[2009.07.14 10:56:41 | 000,000,000 | ---D | M] -- C:\Users\Christian\AppData\Roaming\Media Center Programs
[2012.09.10 23:42:27 | 000,000,000 | --SD | M] -- C:\Users\Christian\AppData\Roaming\Microsoft
[2012.04.24 15:03:36 | 000,000,000 | ---D | M] -- C:\Users\Christian\AppData\Roaming\Mozilla
[2012.03.08 08:28:07 | 000,000,000 | ---D | M] -- C:\Users\Christian\AppData\Roaming\mp3DirectCut
[2011.02.23 12:34:52 | 000,000,000 | ---D | M] -- C:\Users\Christian\AppData\Roaming\mquadr.at
[2010.05.28 10:07:39 | 000,000,000 | ---D | M] -- C:\Users\Christian\AppData\Roaming\OpenOffice.org
[2011.02.23 12:53:31 | 000,000,000 | ---D | M] -- C:\Users\Christian\AppData\Roaming\RhinoSoft.com
[2010.05.27 17:50:14 | 000,000,000 | ---D | M] -- C:\Users\Christian\AppData\Roaming\Roxio Log Files
[2012.09.12 00:37:19 | 000,000,000 | ---D | M] -- C:\Users\Christian\AppData\Roaming\Skype
[2011.05.29 08:09:30 | 000,000,000 | ---D | M] -- C:\Users\Christian\AppData\Roaming\skypePM
[2012.04.29 16:08:07 | 000,000,000 | ---D | M] -- C:\Users\Christian\AppData\Roaming\T-Mobile
[2010.06.21 17:43:30 | 000,000,000 | ---D | M] -- C:\Users\Christian\AppData\Roaming\Thunderbird
 
< %APPDATA%\*.exe /s >
 
< %SYSTEMDRIVE%\*.exe >
 
< MD5 for: AGP440.SYS  >
[2009.07.14 03:26:15 | 000,053,312 | ---- | M] (Microsoft Corporation) MD5=507812C3054C21CEF746B6EE3D04DD6E -- C:\Windows\System32\drivers\AGP440.sys
[2009.07.14 03:26:15 | 000,053,312 | ---- | M] (Microsoft Corporation) MD5=507812C3054C21CEF746B6EE3D04DD6E -- C:\Windows\System32\DriverStore\FileRepository\machine.inf_x86_neutral_65848c2d7375a720\AGP440.sys
[2009.07.14 03:26:15 | 000,053,312 | ---- | M] (Microsoft Corporation) MD5=507812C3054C21CEF746B6EE3D04DD6E -- C:\Windows\System32\DriverStore\FileRepository\machine.inf_x86_neutral_a97a2a0d0fbc6696\AGP440.sys
[2009.07.14 03:26:15 | 000,053,312 | ---- | M] (Microsoft Corporation) MD5=507812C3054C21CEF746B6EE3D04DD6E -- C:\Windows\winsxs\x86_machine.inf_31bf3856ad364e35_6.1.7600.16385_none_b9e9435f20046eeb\AGP440.sys
[2009.07.14 03:26:15 | 000,053,312 | ---- | M] (Microsoft Corporation) MD5=507812C3054C21CEF746B6EE3D04DD6E -- C:\Windows\winsxs\x86_machine.inf_31bf3856ad364e35_6.1.7601.17514_none_bc1a57271cf2f285\AGP440.sys
 
< MD5 for: ATAPI.SYS  >
[2009.07.14 03:26:15 | 000,021,584 | ---- | M] (Microsoft Corporation) MD5=338C86357871C167A96AB976519BF59E -- C:\Windows\System32\drivers\atapi.sys
[2009.07.14 03:26:15 | 000,021,584 | ---- | M] (Microsoft Corporation) MD5=338C86357871C167A96AB976519BF59E -- C:\Windows\System32\DriverStore\FileRepository\mshdc.inf_x86_neutral_6acd47459c3a74fb\atapi.sys
[2009.07.14 03:26:15 | 000,021,584 | ---- | M] (Microsoft Corporation) MD5=338C86357871C167A96AB976519BF59E -- C:\Windows\System32\DriverStore\FileRepository\mshdc.inf_x86_neutral_f64b9c35a3a5be81\atapi.sys
[2009.07.14 03:26:15 | 000,021,584 | ---- | M] (Microsoft Corporation) MD5=338C86357871C167A96AB976519BF59E -- C:\Windows\System32\DriverStore\FileRepository\mshdc.inf_x86_neutral_fab873f3e8a3315c\atapi.sys
[2009.07.14 03:26:15 | 000,021,584 | ---- | M] (Microsoft Corporation) MD5=338C86357871C167A96AB976519BF59E -- C:\Windows\winsxs\x86_mshdc.inf_31bf3856ad364e35_6.1.7600.16385_none_dd0e7e3d82dd640d\atapi.sys
[2009.07.14 03:26:15 | 000,021,584 | ---- | M] (Microsoft Corporation) MD5=338C86357871C167A96AB976519BF59E -- C:\Windows\winsxs\x86_mshdc.inf_31bf3856ad364e35_6.1.7600.20575_none_dda2ecda9bf2e50d\atapi.sys
[2009.07.14 03:26:15 | 000,021,584 | ---- | M] (Microsoft Corporation) MD5=338C86357871C167A96AB976519BF59E -- C:\Windows\winsxs\x86_mshdc.inf_31bf3856ad364e35_6.1.7601.17514_none_df3f92057fcbe7a7\atapi.sys
 
< MD5 for: CNGAUDIT.DLL  >
[2009.07.14 03:15:06 | 000,012,288 | ---- | M] (Microsoft Corporation) MD5=50BA656134F78AF64E4DD3C8B6FEFD7E -- C:\Windows\System32\cngaudit.dll
[2009.07.14 03:15:06 | 000,012,288 | ---- | M] (Microsoft Corporation) MD5=50BA656134F78AF64E4DD3C8B6FEFD7E -- C:\Windows\winsxs\x86_microsoft-windows-cngaudit-dll_31bf3856ad364e35_6.1.7600.16385_none_e83a414890e8132b\cngaudit.dll
 
< MD5 for: IASTORV.SYS  >
[2011.03.11 07:38:51 | 000,332,160 | ---- | M] (Intel Corporation) MD5=5CD5F9A5444E6CDCB0AC89BD62D8B76E -- C:\Windows\System32\drivers\iaStorV.sys
[2011.03.11 07:38:51 | 000,332,160 | ---- | M] (Intel Corporation) MD5=5CD5F9A5444E6CDCB0AC89BD62D8B76E -- C:\Windows\System32\DriverStore\FileRepository\iastorv.inf_x86_neutral_0bcee2057afcc090\iaStorV.sys
[2011.03.11 07:38:51 | 000,332,160 | ---- | M] (Intel Corporation) MD5=5CD5F9A5444E6CDCB0AC89BD62D8B76E -- C:\Windows\winsxs\x86_iastorv.inf_31bf3856ad364e35_6.1.7601.17577_none_b0daddb9e6380745\iaStorV.sys
[2011.03.11 07:43:55 | 000,332,160 | ---- | M] (Intel Corporation) MD5=71F1A494FEDF4B33C02C4A6A28D6D9E9 -- C:\Windows\System32\DriverStore\FileRepository\iastorv.inf_x86_neutral_0033117673c16921\iaStorV.sys
[2011.03.11 07:43:55 | 000,332,160 | ---- | M] (Intel Corporation) MD5=71F1A494FEDF4B33C02C4A6A28D6D9E9 -- C:\Windows\winsxs\x86_iastorv.inf_31bf3856ad364e35_6.1.7600.16778_none_aef580fde910b4b0\iaStorV.sys
[2011.03.11 07:28:00 | 000,332,160 | ---- | M] (Intel Corporation) MD5=778D0E6D7D9EBA0C403BADBAAD41DB20 -- C:\Windows\winsxs\x86_iastorv.inf_31bf3856ad364e35_6.1.7601.21680_none_b152a892ff64119f\iaStorV.sys
[2009.07.14 03:20:36 | 000,332,352 | ---- | M] (Intel Corporation) MD5=934AF4D7C5F457B9F0743F4299B77B67 -- C:\Windows\System32\DriverStore\FileRepository\iastorv.inf_x86_neutral_18cccb83b34e1453\iaStorV.sys
[2009.07.14 03:20:36 | 000,332,352 | ---- | M] (Intel Corporation) MD5=934AF4D7C5F457B9F0743F4299B77B67 -- C:\Windows\winsxs\x86_iastorv.inf_31bf3856ad364e35_6.1.7600.16385_none_aee7a89be91b9000\iaStorV.sys
[2010.11.20 14:29:54 | 000,332,160 | ---- | M] (Intel Corporation) MD5=A3CAE5D281DB4CFF7CFF8233507EE5AD -- C:\Windows\System32\DriverStore\FileRepository\iastorv.inf_x86_neutral_668286aa35d55928\iaStorV.sys
[2010.11.20 14:29:54 | 000,332,160 | ---- | M] (Intel Corporation) MD5=A3CAE5D281DB4CFF7CFF8233507EE5AD -- C:\Windows\winsxs\x86_iastorv.inf_31bf3856ad364e35_6.1.7601.17514_none_b118bc63e60a139a\iaStorV.sys
[2011.03.11 07:52:21 | 000,332,160 | ---- | M] (Intel Corporation) MD5=B9039A34C2F8769490DCC494E2402445 -- C:\Windows\winsxs\x86_iastorv.inf_31bf3856ad364e35_6.1.7600.20921_none_afae2d45020c148b\iaStorV.sys
 
< MD5 for: NETLOGON.DLL  >
[2010.11.20 14:20:28 | 000,563,712 | ---- | M] (Microsoft Corporation) MD5=C1809B9907ADEDAF16F50C894100883B -- C:\Windows\System32\netlogon.dll
[2010.11.20 14:20:28 | 000,563,712 | ---- | M] (Microsoft Corporation) MD5=C1809B9907ADEDAF16F50C894100883B -- C:\Windows\winsxs\x86_microsoft-windows-security-netlogon_31bf3856ad364e35_6.1.7601.17514_none_ffbf212e963c0162\netlogon.dll
[2009.07.14 03:16:02 | 000,563,712 | ---- | M] (Microsoft Corporation) MD5=EAA75D9000B71F10EEC04D2AE6C60E81 -- C:\Windows\winsxs\x86_microsoft-windows-security-netlogon_31bf3856ad364e35_6.1.7600.16385_none_fd8e0d66994d7dc8\netlogon.dll
 
< MD5 for: NVSTOR.SYS  >
[2011.03.11 07:39:00 | 000,143,744 | ---- | M] (NVIDIA Corporation) MD5=4380E59A170D88C4F1022EFF6719A8A4 -- C:\Windows\System32\drivers\nvstor.sys
[2011.03.11 07:39:00 | 000,143,744 | ---- | M] (NVIDIA Corporation) MD5=4380E59A170D88C4F1022EFF6719A8A4 -- C:\Windows\System32\DriverStore\FileRepository\nvraid.inf_x86_neutral_0276fc3b3ea60d41\nvstor.sys
[2011.03.11 07:39:00 | 000,143,744 | ---- | M] (NVIDIA Corporation) MD5=4380E59A170D88C4F1022EFF6719A8A4 -- C:\Windows\winsxs\x86_nvraid.inf_31bf3856ad364e35_6.1.7601.17577_none_3ba44e691d6eb11d\nvstor.sys
[2011.03.11 07:44:01 | 000,143,744 | ---- | M] (NVIDIA Corporation) MD5=4520B63899E867F354EE012D34E11536 -- C:\Windows\System32\DriverStore\FileRepository\nvraid.inf_x86_neutral_38e464dbe521cc7f\nvstor.sys
[2011.03.11 07:44:01 | 000,143,744 | ---- | M] (NVIDIA Corporation) MD5=4520B63899E867F354EE012D34E11536 -- C:\Windows\winsxs\x86_nvraid.inf_31bf3856ad364e35_6.1.7600.16778_none_39bef1ad20475e88\nvstor.sys
[2011.03.11 07:28:10 | 000,143,744 | ---- | M] (NVIDIA Corporation) MD5=66D468654A58594F5F3BA63D5AD5B1AF -- C:\Windows\winsxs\x86_nvraid.inf_31bf3856ad364e35_6.1.7601.21680_none_3c1c1942369abb77\nvstor.sys
[2011.03.11 07:52:25 | 000,143,744 | ---- | M] (NVIDIA Corporation) MD5=8A7583A3B58D3EEB28BB26626526BC91 -- C:\Windows\winsxs\x86_nvraid.inf_31bf3856ad364e35_6.1.7600.20921_none_3a779df43942be63\nvstor.sys
[2010.11.20 14:30:06 | 000,143,744 | ---- | M] (NVIDIA Corporation) MD5=9283C58EBAA2618F93482EB5DABCEC82 -- C:\Windows\System32\DriverStore\FileRepository\nvraid.inf_x86_neutral_dd659ed032d28a14\nvstor.sys
[2010.11.20 14:30:06 | 000,143,744 | ---- | M] (NVIDIA Corporation) MD5=9283C58EBAA2618F93482EB5DABCEC82 -- C:\Windows\winsxs\x86_nvraid.inf_31bf3856ad364e35_6.1.7601.17514_none_3be22d131d40bd72\nvstor.sys
[2009.07.14 03:20:44 | 000,142,416 | ---- | M] (NVIDIA Corporation) MD5=C99F251A5DE63C6F129CF71933ACED0F -- C:\Windows\System32\DriverStore\FileRepository\nvraid.inf_x86_neutral_5bde3fe2945bce9e\nvstor.sys
[2009.07.14 03:20:44 | 000,142,416 | ---- | M] (NVIDIA Corporation) MD5=C99F251A5DE63C6F129CF71933ACED0F -- C:\Windows\winsxs\x86_nvraid.inf_31bf3856ad364e35_6.1.7600.16385_none_39b1194b205239d8\nvstor.sys
 
< MD5 for: SCECLI.DLL  >
[2009.07.14 03:16:13 | 000,175,616 | ---- | M] (Microsoft Corporation) MD5=26073302DAEA83CC5B944C546D6B47D2 -- C:\Windows\winsxs\x86_microsoft-windows-s..urationengineclient_31bf3856ad364e35_6.1.7600.16385_none_37e4387f3a6f0483\scecli.dll
[2010.11.20 14:21:04 | 000,175,616 | ---- | M] (Microsoft Corporation) MD5=8124944EC89D6A1815E4E53F5B96AAF4 -- C:\Windows\System32\scecli.dll
[2010.11.20 14:21:04 | 000,175,616 | ---- | M] (Microsoft Corporation) MD5=8124944EC89D6A1815E4E53F5B96AAF4 -- C:\Windows\winsxs\x86_microsoft-windows-s..urationengineclient_31bf3856ad364e35_6.1.7601.17514_none_3a154c47375d881d\scecli.dll
 
< MD5 for: USER32.DLL  >
[2009.07.14 03:16:17 | 000,811,520 | ---- | M] (Microsoft Corporation) MD5=34B7E222E81FAFA885F0C5F2CFA56861 -- C:\Windows\winsxs\x86_microsoft-windows-user32_31bf3856ad364e35_6.1.7600.16385_none_cd0ec264ceb014a3\user32.dll
[2010.11.20 14:21:33 | 000,811,520 | ---- | M] (Microsoft Corporation) MD5=F1DD3ACAEE5E6B4BBC69BC6DF75CEF66 -- C:\Windows\System32\user32.dll
[2010.11.20 14:21:33 | 000,811,520 | ---- | M] (Microsoft Corporation) MD5=F1DD3ACAEE5E6B4BBC69BC6DF75CEF66 -- C:\Windows\winsxs\x86_microsoft-windows-user32_31bf3856ad364e35_6.1.7601.17514_none_cf3fd62ccb9e983d\user32.dll
 
< MD5 for: USERINIT.EXE  >
[2010.11.20 14:17:48 | 000,026,624 | ---- | M] (Microsoft Corporation) MD5=61AC3EFDFACFDD3F0F11DD4FD4044223 -- C:\Windows\System32\userinit.exe
[2010.11.20 14:17:48 | 000,026,624 | ---- | M] (Microsoft Corporation) MD5=61AC3EFDFACFDD3F0F11DD4FD4044223 -- C:\Windows\winsxs\x86_microsoft-windows-userinit_31bf3856ad364e35_6.1.7601.17514_none_de3024012ff21116\userinit.exe
[2009.07.14 03:14:43 | 000,026,112 | ---- | M] (Microsoft Corporation) MD5=6DE80F60D7DE9CE6B8C2DDFDF79EF175 -- C:\Windows\winsxs\x86_microsoft-windows-userinit_31bf3856ad364e35_6.1.7600.16385_none_dbff103933038d7c\userinit.exe
 
< MD5 for: WININIT.EXE  >
[2009.07.14 03:14:45 | 000,096,256 | ---- | M] (Microsoft Corporation) MD5=B5C5DCAD3899512020D135600129D665 -- C:\Windows\System32\wininit.exe
[2009.07.14 03:14:45 | 000,096,256 | ---- | M] (Microsoft Corporation) MD5=B5C5DCAD3899512020D135600129D665 -- C:\Windows\winsxs\x86_microsoft-windows-wininit_31bf3856ad364e35_6.1.7600.16385_none_30c90ef265a43c13\wininit.exe
 
< MD5 for: WINLOGON.EXE  >
[2009.10.28 08:17:59 | 000,285,696 | ---- | M] (Microsoft Corporation) MD5=37CDB7E72EB66BA85A87CBE37E7F03FD -- C:\Windows\winsxs\x86_microsoft-windows-winlogon_31bf3856ad364e35_6.1.7600.16447_none_6fc699643622d177\winlogon.exe
[2009.10.28 07:52:08 | 000,285,696 | ---- | M] (Microsoft Corporation) MD5=3BABE6767C78FBF5FB8435FEED187F30 -- C:\Windows\winsxs\x86_microsoft-windows-winlogon_31bf3856ad364e35_6.1.7600.20560_none_703394514f56f7c2\winlogon.exe
[2012.09.07 17:04:42 | 000,218,696 | ---- | M] () MD5=4E0D8C9F83B7FD82393F7D8CCC27E7AE -- C:\Program Files\Malwarebytes' Anti-Malware\Chameleon\winlogon.exe
[2010.11.20 14:17:54 | 000,286,720 | ---- | M] (Microsoft Corporation) MD5=6D13E1406F50C66E2A95D97F22C47560 -- C:\Windows\System32\winlogon.exe
[2010.11.20 14:17:54 | 000,286,720 | ---- | M] (Microsoft Corporation) MD5=6D13E1406F50C66E2A95D97F22C47560 -- C:\Windows\winsxs\x86_microsoft-windows-winlogon_31bf3856ad364e35_6.1.7601.17514_none_71ca6b0233339500\winlogon.exe
[2009.07.14 03:14:45 | 000,285,696 | ---- | M] (Microsoft Corporation) MD5=8EC6A4AB12B8F3759E21F8E3A388F2CF -- C:\Windows\winsxs\x86_microsoft-windows-winlogon_31bf3856ad364e35_6.1.7600.16385_none_6f99573a36451166\winlogon.exe
 
< MD5 for: WS2IFSL.SYS  >
[2009.07.14 01:55:02 | 000,016,384 | ---- | M] (Microsoft Corporation) MD5=6DB3276587B853BF886B69528FDB048C -- C:\Windows\System32\drivers\ws2ifsl.sys
[2009.07.14 01:55:02 | 000,016,384 | ---- | M] (Microsoft Corporation) MD5=6DB3276587B853BF886B69528FDB048C -- C:\Windows\winsxs\x86_microsoft-windows-w..rastructure-ws2ifsl_31bf3856ad364e35_6.1.7600.16385_none_4f5cf6f829213bb2\ws2ifsl.sys
 
< %systemroot%\system32\drivers\*.sys /lockedfiles >
 
< %systemroot%\System32\config\*.sav >
 
< %systemroot%\*. /mp /s >
 
< %systemroot%\system32\*.dll /lockedfiles >
 
<           >

< End of report >
         
Wie immer. Dickes Danke für deinen Job.

Gruß

Alt 12.09.2012, 15:34   #10
cosinus
/// Winkelfunktion
/// TB-Süch-Tiger™
 
BKA Trojaner Win7 - Standard

BKA Trojaner Win7



Abgesicherter Modus noch? Geht der normale noch nicht? Ich dachte der geht?
__________________
"Die Wahrheit ist normalerweise nur eine Entschuldigung für einen Mangel an Fantasie." (Elim Garak)

Das Trojaner-Board unterstützen
Warum Linux besser als Windows ist!

Alt 12.09.2012, 16:36   #11
bluth
 
BKA Trojaner Win7 - Standard

BKA Trojaner Win7



Ähem. Ja...sorry. Mein Fehler.
Ich hab die Tage immer nur im abgesicherten Modus an dem Teil rumgemacht, das ich fast automatisch immer F8 drücke.

Soll ich nochmals im normalen Modus scannen?
Was solls, hier das Log von der normalen Oberfläche:
Code:
ATTFilter
OTL logfile created on: 12.09.2012 17:15:57 - Run 5
OTL by OldTimer - Version 3.2.61.3     Folder = C:\Users\Christian\Desktop
 Home Premium Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
 
1,97 Gb Total Physical Memory | 1,17 Gb Available Physical Memory | 59,32% Memory free
3,93 Gb Paging File | 3,05 Gb Available in Paging File | 77,49% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 134,36 Gb Total Space | 84,21 Gb Free Space | 62,67% Space Free | Partition Type: NTFS
Drive E: | 3,82 Gb Total Space | 3,80 Gb Free Space | 99,37% Space Free | Partition Type: FAT32
 
Computer Name: CHRISTIAN-PC | User Name: Christian | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users | Quick Scan
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days
 
========== Processes (SafeList) ==========
 
PRC - [2012.09.10 22:46:56 | 000,600,064 | ---- | M] (OldTimer Tools) -- C:\Users\Christian\Desktop\OTL.exe
PRC - [2012.04.29 16:07:41 | 000,224,096 | ---- | M] () -- C:\ProgramData\Internet Manager\OnlineUpdate\ouc.exe
PRC - [2012.02.29 08:50:48 | 000,158,856 | R--- | M] (Skype Technologies) -- C:\Program Files\Skype\Updater\Updater.exe
PRC - [2012.01.13 11:21:10 | 000,095,200 | ---- | M] (McAfee, Inc.) -- c:\Program Files\McAfee\SiteAdvisor\McSACore.exe
PRC - [2011.10.21 16:23:42 | 000,196,176 | ---- | M] (Microsoft Corporation.) -- C:\Program Files\Microsoft\BingBar\BBSvc.EXE
PRC - [2011.10.13 18:21:52 | 000,249,648 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Microsoft\BingBar\SeaPort.EXE
PRC - [2011.06.24 06:22:20 | 000,271,360 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\conhost.exe
PRC - [2011.06.17 19:33:04 | 000,272,528 | ---- | M] (McAfee, Inc.) -- C:\Program Files\McAfee Security Scan\3.0.207\SSScheduler.exe
PRC - [2011.02.25 07:30:54 | 002,616,320 | ---- | M] (Microsoft Corporation) -- C:\Windows\explorer.exe
PRC - [2011.01.28 06:03:32 | 000,270,176 | ---- | M] () -- C:\ProgramData\DatacardService\HWDeviceService.exe
PRC - [2011.01.28 06:03:26 | 000,236,384 | ---- | M] (Huawei Technologies Co., Ltd.) -- C:\ProgramData\DatacardService\DCSHelper.exe
PRC - [2011.01.13 10:47:34 | 003,396,624 | ---- | M] (AVAST Software) -- C:\Program Files\Alwil Software\Avast5\AvastUI.exe
PRC - [2011.01.13 10:47:33 | 000,040,384 | ---- | M] (AVAST Software) -- C:\Program Files\Alwil Software\Avast5\AvastSvc.exe
PRC - [2010.11.20 14:17:47 | 000,049,152 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\taskhost.exe
PRC - [2009.11.12 02:55:30 | 000,203,776 | ---- | M] (Microsoft) -- C:\dell\DBRM\Reminder\DbrmTrayicon.exe
PRC - [2009.08.01 00:36:14 | 002,680,160 | ---- | M] (TOSHIBA CORPORATION.) -- C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosBtMng.exe
PRC - [2009.07.31 20:23:22 | 000,354,128 | ---- | M] (TOSHIBA CORPORATION.) -- c:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosHdpProc.exe
PRC - [2009.07.31 04:20:04 | 000,144,752 | ---- | M] (TOSHIBA CORPORATION) -- c:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosBtSrv.exe
PRC - [2009.07.22 02:58:52 | 002,651,512 | ---- | M] (TOSHIBA CORPORATION.) -- C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosBtProc.exe
PRC - [2009.07.17 06:57:36 | 004,562,944 | ---- | M] (Dell Inc.) -- C:\Program Files\Dell\Dell Wireless WLAN Card\WLTRAY.EXE
PRC - [2009.07.17 06:57:36 | 000,026,112 | ---- | M] () -- C:\Program Files\Dell\Dell Wireless WLAN Card\WLTRYSVC.EXE
PRC - [2009.07.17 06:57:04 | 003,086,848 | ---- | M] (Dell Inc.) -- C:\Program Files\Dell\Dell Wireless WLAN Card\BCMWLTRY.EXE
PRC - [2009.07.07 17:44:22 | 000,341,320 | ---- | M] (TOSHIBA CORPORATION.) -- c:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosOBEX.exe
PRC - [2009.06.24 23:21:38 | 000,409,744 | ---- | M] (Creative Technology Ltd) -- C:\Program Files\Dell Webcam\Dell Webcam Central\WebcamDell2.exe
PRC - [2009.06.08 21:34:58 | 000,660,808 | ---- | M] (TOSHIBA CORPORATION.) -- c:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosA2dp.exe
PRC - [2009.06.03 22:33:14 | 000,308,552 | ---- | M] (TOSHIBA CORPORATION.) -- c:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosBtHSP.exe
PRC - [2009.04.04 01:17:42 | 000,447,816 | ---- | M] (TOSHIBA CORPORATION.) -- c:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosAVRC.exe
PRC - [2009.03.10 06:24:04 | 000,233,472 | ---- | M] (Alps Electric Co., Ltd.) -- C:\Program Files\DellTPad\Apoint.exe
PRC - [2009.01.31 18:15:38 | 000,049,152 | ---- | M] (Alps Electric Co., Ltd.) -- C:\Program Files\DellTPad\ApntEx.exe
PRC - [2009.01.31 16:43:30 | 000,049,250 | ---- | M] (Alps Electric Co., Ltd.) -- C:\Program Files\DellTPad\hidfind.exe
PRC - [2008.11.24 07:56:46 | 000,054,568 | ---- | M] (Alps Electric Co., Ltd.) -- C:\Program Files\DellTPad\ApMsgFwd.exe
PRC - [2008.07.24 18:24:24 | 000,083,272 | ---- | M] (TOSHIBA CORPORATION.) -- c:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosBtHid.exe
 
 
========== Modules (No Company Name) ==========
 
MOD - [2012.06.15 17:15:06 | 011,833,344 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Web\a501b7960f6c6e2e39162b83f3303aaa\System.Web.ni.dll
MOD - [2012.06.15 17:14:25 | 012,436,480 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\7b7fbe651c6e72f12099a298654c9594\System.Windows.Forms.ni.dll
MOD - [2012.06.15 17:14:12 | 001,591,808 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Drawing\6bb439b3f87736d3248ae27d43e2c0d6\System.Drawing.ni.dll
MOD - [2012.05.09 05:58:15 | 000,771,584 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Runtime.Remo#\03dee80574f4ec770b6f77ca030ded6c\System.Runtime.Remoting.ni.dll
MOD - [2012.05.09 05:56:48 | 007,967,232 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System\ce9ff6baf9053ed2ed673d948179195c\System.ni.dll
MOD - [2012.05.09 05:56:36 | 011,492,864 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\acfc1391e45fedd2a359778ea57d914c\mscorlib.ni.dll
MOD - [2010.11.13 02:02:21 | 000,315,392 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\mscorlib.resources\2.0.0.0_de_b77a5c561934e089\mscorlib.resources.dll
MOD - [2009.07.17 06:57:02 | 000,055,808 | ---- | M] () -- C:\Program Files\Dell\Dell Wireless WLAN Card\bcmwlrmt.dll
 
 
========== Services (SafeList) ==========
 
SRV - [2012.09.06 21:23:31 | 000,250,568 | ---- | M] (Adobe Systems Incorporated) [On_Demand | Stopped] -- C:\Windows\System32\Macromed\Flash\FlashPlayerUpdateService.exe -- (AdobeFlashPlayerUpdateSvc)
SRV - [2012.04.29 16:07:41 | 000,224,096 | ---- | M] () [Auto | Stopped] -- C:\Program Files\T-Mobile\InternetManager_H\UpdateDog\ouc.exe -- (Internet Manager. RunOuc)
SRV - [2012.03.11 20:54:30 | 001,343,400 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\Wat\WatAdminSvc.exe -- (WatAdminSvc)
SRV - [2012.02.29 08:50:48 | 000,158,856 | R--- | M] (Skype Technologies) [Auto | Stopped] -- C:\Program Files\Skype\Updater\Updater.exe -- (SkypeUpdate)
SRV - [2012.01.13 11:21:10 | 000,095,200 | ---- | M] (McAfee, Inc.) [Auto | Running] -- c:\Program Files\McAfee\SiteAdvisor\McSACore.exe -- (McAfee SiteAdvisor Service)
SRV - [2011.10.21 16:23:42 | 000,196,176 | ---- | M] (Microsoft Corporation.) [Auto | Running] -- C:\Program Files\Microsoft\BingBar\BBSvc.EXE -- (BBSvc)
SRV - [2011.10.13 18:21:52 | 000,249,648 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files\Microsoft\BingBar\SeaPort.EXE -- (BBUpdate)
SRV - [2011.06.17 19:33:04 | 000,237,008 | ---- | M] (McAfee, Inc.) [On_Demand | Stopped] -- C:\Program Files\McAfee Security Scan\3.0.207\McCHSvc.exe -- (McComponentHostService)
SRV - [2011.01.28 06:03:32 | 000,270,176 | ---- | M] () [Auto | Running] -- C:\ProgramData\DatacardService\HWDeviceService.exe -- (HWDeviceService.exe)
SRV - [2011.01.13 10:47:33 | 000,040,384 | ---- | M] (AVAST Software) [Auto | Running] -- C:\Program Files\Alwil Software\Avast5\AvastSvc.exe -- (avast! Antivirus)
SRV - [2009.07.31 04:20:04 | 000,144,752 | ---- | M] (TOSHIBA CORPORATION) [On_Demand | Running] -- c:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosBtSrv.exe -- (TOSHIBA Bluetooth Service)
SRV - [2009.07.17 06:57:36 | 000,026,112 | ---- | M] () [Auto | Running] -- C:\Program Files\Dell\Dell Wireless WLAN Card\WLTRYSVC.EXE -- (wltrysvc)
SRV - [2009.07.14 03:16:13 | 000,025,088 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\sensrsvc.dll -- (SensrSvc)
SRV - [2009.07.14 03:15:41 | 000,680,960 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files\Windows Defender\MpSvc.dll -- (WinDefend)
SRV - [2009.04.29 05:21:04 | 000,410,624 | ---- | M] (Conexant Systems, Inc.) [Auto | Running] -- C:\Windows\System32\XAudio32.dll -- (HsfXAudioService)
 
 
========== Driver Services (SafeList) ==========
 
DRV - File not found [Kernel | On_Demand | Stopped] -- system32\DRIVERS\ewusbdev.sys -- (hwusbdev)
DRV - File not found [Kernel | On_Demand | Stopped] -- system32\DRIVERS\ewusbnet.sys -- (ewusbnet)
DRV - [2012.04.29 16:07:49 | 000,181,760 | ---- | M] (Huawei Technologies Co., Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\ew_juwwanecm.sys -- (huawei_wwanecm)
DRV - [2012.04.29 16:07:49 | 000,090,112 | ---- | M] (Huawei Technologies Co., Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\ew_jucdcacm.sys -- (huawei_cdcacm)
DRV - [2012.04.29 16:07:49 | 000,026,624 | ---- | M] (Huawei Technologies Co., Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\ew_juextctrl.sys -- (huawei_ext_ctrl)
DRV - [2012.04.29 16:07:49 | 000,024,192 | ---- | M] (Bytemobile, Inc.) [Kernel | System | Running] -- C:\Windows\System32\drivers\tcpipBM.sys -- (tcpipBM)
DRV - [2012.04.29 16:07:49 | 000,011,136 | ---- | M] (Huawei Technologies Co., Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\ew_usbenumfilter.sys -- (ew_usbenumfilter)
DRV - [2012.04.29 16:07:48 | 000,353,280 | ---- | M] (Huawei Technologies Co., Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\ewusbwwan.sys -- (ewusbmbb)
DRV - [2012.04.29 16:07:48 | 000,193,792 | ---- | M] (Huawei Technologies Co., Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\ewusbmdm.sys -- (hwdatacard)
DRV - [2012.04.29 16:07:48 | 000,102,784 | ---- | M] (Huawei Technologies Co., Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\ew_hwusbdev.sys -- (ew_hwusbdev)
DRV - [2012.04.29 16:07:48 | 000,073,216 | ---- | M] (Huawei Technologies Co., Ltd.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\ew_jubusenum.sys -- (huawei_enumerator)
DRV - [2012.04.29 16:07:48 | 000,013,184 | ---- | M] (Bytemobile, Inc.) [Kernel | Boot | Running] -- C:\Windows\System32\drivers\BMLoad.sys -- (BMLoad)
DRV - [2011.08.02 18:38:44 | 000,018,432 | ---- | M] (Apple Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\netaapl.sys -- (Netaapl)
DRV - [2011.01.13 10:41:16 | 000,294,608 | ---- | M] (AVAST Software) [Kernel | System | Running] -- C:\Windows\System32\drivers\aswSP.sys -- (aswSP)
DRV - [2011.01.13 10:40:16 | 000,047,440 | ---- | M] (AVAST Software) [Kernel | System | Running] -- C:\Windows\System32\drivers\aswTdi.sys -- (aswTdi)
DRV - [2011.01.13 10:37:30 | 000,023,632 | ---- | M] (AVAST Software) [Kernel | System | Running] -- C:\Windows\System32\drivers\aswRdr.sys -- (aswRdr)
DRV - [2011.01.13 10:37:19 | 000,051,280 | ---- | M] (AVAST Software) [File_System | Auto | Running] -- C:\Windows\System32\drivers\aswMonFlt.sys -- (aswMonFlt)
DRV - [2011.01.13 10:37:09 | 000,017,744 | ---- | M] (AVAST Software) [File_System | Auto | Running] -- C:\Windows\System32\drivers\aswFsBlk.sys -- (aswFsBlk)
DRV - [2010.11.20 12:24:41 | 000,052,224 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\TsUsbFlt.sys -- (TsUsbFlt)
DRV - [2010.11.20 11:59:44 | 000,035,968 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\winusb.sys -- (WinUsb)
DRV - [2010.03.31 03:13:28 | 000,379,904 | ---- | M] (Realtek Semiconductor Corporation                           ) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\RTL8187B.sys -- (RTL8187B)
DRV - [2009.07.28 14:01:26 | 000,069,480 | ---- | M] (TOSHIBA Corporation) [Kernel | System | Running] -- C:\Windows\System32\drivers\tosrfcom.sys -- (Tosrfcom)
DRV - [2009.07.28 12:38:00 | 000,049,016 | ---- | M] (TOSHIBA CORPORATION) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\tosrfusb.sys -- (Tosrfusb)
DRV - [2009.07.24 05:31:58 | 000,021,608 | ---- | M] (TOSHIBA Corporation.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\tosrfnds.sys -- (tosrfnds)
DRV - [2009.07.17 06:56:50 | 000,018,424 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\bcm42rly.sys -- (BCM42RLY)
DRV - [2009.07.14 01:52:10 | 000,014,336 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\vwifimp.sys -- (vwifimp)
DRV - [2009.07.07 15:38:34 | 000,168,936 | ---- | M] (TOSHIBA CORPORATION) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\tosrfbd.sys -- (tosrfbd)
DRV - [2009.07.04 12:37:08 | 000,038,400 | ---- | M] (REDC) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\rixdpe86.sys -- (rixdpcie)
DRV - [2009.07.02 02:50:16 | 000,047,104 | ---- | M] (REDC) [Kernel | Auto | Running] -- C:\Windows\System32\drivers\rimspe86.sys -- (rimspci)
DRV - [2009.06.30 13:28:28 | 000,049,152 | ---- | M] (REDC) [Kernel | Auto | Running] -- C:\Windows\System32\drivers\risdpe86.sys -- (risdpcie)
DRV - [2009.06.25 10:58:10 | 000,048,128 | ---- | M] (REDC) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\rimmptsk.sys -- (rimmptsk)
DRV - [2009.06.25 10:25:58 | 000,038,400 | ---- | M] (REDC) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\rixdptsk.sys -- (rismxdp)
DRV - [2009.06.25 10:10:48 | 000,044,544 | ---- | M] (REDC) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\rimsptsk.sys -- (rimsptsk)
DRV - [2009.06.19 03:57:20 | 000,079,872 | ---- | M] (TOSHIBA Corporation.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\Tosrfhid.sys -- (Tosrfhid)
DRV - [2009.06.19 03:56:48 | 000,042,472 | ---- | M] (TOSHIBA Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\tosrfbnp.sys -- (tosrfbnp)
DRV - [2009.06.17 05:59:46 | 000,046,984 | ---- | M] (TOSHIBA Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\tosporte.sys -- (tosporte)
DRV - [2009.06.15 20:05:16 | 000,143,968 | ---- | M] (Creative Technology Ltd.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\CtClsFlt.sys -- (CtClsFlt)
DRV - [2009.05.28 17:48:20 | 000,134,144 | ---- | M] (Creative Technology Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\CtAudDrv.sys -- (CtAudDrv)
DRV - [2009.05.20 20:21:12 | 000,467,968 | ---- | M] (Conexant Systems Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\CHDRT32.sys -- (CnxtHdAudService)
DRV - [2009.04.29 05:20:56 | 000,008,704 | ---- | M] (Conexant Systems, Inc.) [Kernel | Auto | Running] -- C:\Windows\System32\drivers\XAudio32.sys -- (XAudio)
DRV - [2009.03.24 19:25:24 | 000,197,680 | ---- | M] (Alps Electric Co., Ltd.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\Apfiltr.sys -- (ApfiltrService)
 
 
========== Standard Registry (SafeList) ==========
 
 
========== Internet Explorer ==========
 
IE - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE - HKLM\..\SearchScopes\{5C6788F2-FFD2-410E-951C-A1279BDCE640}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&form=DLSDF8&pc=MDDS&src=IE-SearchBox
IE - HKLM\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = hxxp://www.google.com/search?q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&sourceid=ie7
 
 
IE - HKU\.DEFAULT\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
 
IE - HKU\S-1-5-18\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
 
IE - HKU\S-1-5-19\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
 
IE - HKU\S-1-5-20\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
 
IE - HKU\S-1-5-21-2641306596-2459300260-627242885-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://g.uk.msn.com/USSMB/8
IE - HKU\S-1-5-21-2641306596-2459300260-627242885-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.ruhepuls.com/
IE - HKU\S-1-5-21-2641306596-2459300260-627242885-1000\..\URLSearchHook: {0EBBBE48-BAD4-4B4C-8E5A-516ABECAE064} - c:\Program Files\McAfee\SiteAdvisor\McIEPlg.dll (McAfee, Inc.)
IE - HKU\S-1-5-21-2641306596-2459300260-627242885-1000\..\URLSearchHook: {a51a36e6-31e7-4838-9ff7-76298b527ec0} - No CLSID value found
IE - HKU\S-1-5-21-2641306596-2459300260-627242885-1000\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE - HKU\S-1-5-21-2641306596-2459300260-627242885-1000\..\SearchScopes\{1B865875-B7E8-4C02-8049-B2BABF1AB289}: "URL" = hxxp://search.gmx.com/web?q={searchTerms}&origin=tb_splugin_ie
IE - HKU\S-1-5-21-2641306596-2459300260-627242885-1000\..\SearchScopes\{1F6A0FE4-A3A6-4ED2-A38A-880FD62229D3}: "URL" = hxxp://search.conduit.com/ResultsExt.aspx?q={searchTerms}&SearchSource=4&ctid=CT2736476
IE - HKU\S-1-5-21-2641306596-2459300260-627242885-1000\..\SearchScopes\{3661BC0A-252D-4A27-A9EA-6F5788DEE226}: "URL" = hxxp://www.bing.com/search?FORM=DLSBDF&PC=MDDS&q={searchTerms}&src=IE-SearchBox
IE - HKU\S-1-5-21-2641306596-2459300260-627242885-1000\..\SearchScopes\{440D4342-2F9B-49AC-B606-C92D3E2B8909}: "URL" = hxxp://go.web.de/tb/ie_searchplugin/?su={searchTerms}
IE - HKU\S-1-5-21-2641306596-2459300260-627242885-1000\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = hxxp://www.google.com/search?q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&sourceid=ie7&rlz=1I7SKPT_de
IE - HKU\S-1-5-21-2641306596-2459300260-627242885-1000\..\SearchScopes\{7029FD5F-6E57-4BC4-A857-F0940F80AA2C}: "URL" = hxxp://go.1und1.de/tb/ie_searchplugin/?su={searchTerms}
IE - HKU\S-1-5-21-2641306596-2459300260-627242885-1000\..\SearchScopes\{8F85EA1C-E713-44BC-8A83-4D93684FD088}: "URL" = hxxp://go.gmx.net/tb/ie_searchplugin/?su={searchTerms}
IE - HKU\S-1-5-21-2641306596-2459300260-627242885-1000\..\SearchScopes\{998F971A-21C4-46DF-A76A-3AB29AD904B9}: "URL" = hxxp://websearch.ask.com/redirect?client=ie&tb=ORJ&o=100000027&src=kw&q={searchTerms}&locale=de_DE&apn_ptnrs=U3&apn_dtid=OSJ000YYDE&apn_uid=6AB7589A-0D67-413D-837D-5BD290C1B602&apn_sauid=BA27AF55-9101-45CD-AD02-0B1F4A72D086
IE - HKU\S-1-5-21-2641306596-2459300260-627242885-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKU\S-1-5-21-2641306596-2459300260-627242885-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local
 
========== FireFox ==========
 
FF - prefs.js..browser.search.defaultengine: "Google"
FF - prefs.js..browser.search.defaultenginename: "Google"
FF - prefs.js..browser.startup.homepage: "hxxp://www.ruhepuls.com/"
FF - prefs.js..network.proxy.no_proxies_on: "*.local"
FF - prefs.js..network.proxy.type: 0
FF - user.js - File not found
 
FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF32_11_3_300_271.dll ()
FF - HKLM\Software\MozillaPlugins\@adobe.com/ShockwavePlayer: C:\Windows\system32\Adobe\Director\np32dsw.dll (Adobe Systems, Inc.)
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files\Java\jre6\bin\new_plugin\npjp2.dll (Sun Microsystems, Inc.)
FF - HKLM\Software\MozillaPlugins\@mcafee.com/SAFFPlugin: C:\Program Files\McAfee\SiteAdvisor\npmcffplg32.dll (McAfee, Inc.)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files\Microsoft Silverlight\4.1.10329.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=14.0.8081.0709: C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files\Google\Update\1.3.21.115\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files\Google\Update\1.3.21.115\npGoogleUpdate3.dll (Google Inc.)
 
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\ff-bmboc@bytemobile.com: C:\Program Files\T-Mobile\InternetManager_H\OCx32\addon [2012.04.29 16:07:53 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{4ED1F68A-5463-4931-9384-8FFF5ED91D92}: C:\Program Files\McAfee\SiteAdvisor [2012.05.04 19:55:27 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 11.0\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2012.04.24 15:03:26 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 11.0\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Thunderbird 15.0\extensions\\Components: C:\Program Files\Mozilla Thunderbird\components [2012.06.18 08:24:31 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Thunderbird 15.0\extensions\\Plugins: C:\Program Files\Mozilla Thunderbird\plugins
 
[2010.06.21 17:43:31 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Christian\AppData\Roaming\mozilla\Extensions
[2010.06.21 17:43:31 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Christian\AppData\Roaming\mozilla\Extensions\{3550f703-e582-4d05-9a08-453d09bdfdc6}
[2012.05.02 13:43:47 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Christian\AppData\Roaming\mozilla\Firefox\Profiles\cui2yhsr.default\extensions
[2012.04.24 15:03:26 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files\Mozilla Firefox\extensions
[2012.03.13 06:38:06 | 000,097,208 | ---- | M] (Mozilla Foundation) -- C:\Program Files\mozilla firefox\components\browsercomps.dll
[2012.03.13 07:23:34 | 000,001,392 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\amazondotcom-de.xml
[2012.03.13 07:06:36 | 000,002,252 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\bing.xml
[2012.03.13 07:23:34 | 000,001,153 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\eBay-de.xml
[2012.03.13 07:23:34 | 000,006,805 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\leo_ende_de.xml
[2012.03.13 07:23:34 | 000,001,178 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\wikipedia-de.xml
[2012.03.13 07:23:34 | 000,001,105 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\yahoo-de.xml
 
O1 HOSTS File: ([2009.06.10 23:39:37 | 000,000,824 | ---- | M]) - C:\Windows\System32\drivers\etc\hosts
O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - No CLSID value found.
O2 - BHO: (Skype Browser Helper) - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O2 - BHO: (McAfee SiteAdvisor BHO) - {B164E929-A1B6-4A06-B104-2CD0E90A88FF} - c:\Program Files\McAfee\SiteAdvisor\McIEPlg.dll (McAfee, Inc.)
O2 - BHO: (GMX Toolbar BHO) - {BF42D4A8-016E-4fcd-B1EB-837659FD77C6} - C:\Program Files\GMX Toolbar\IE\uitb.dll (1und1 Mail und Media GmbH)
O2 - BHO: (Bing Bar Helper) - {d2ce3e00-f94a-4740-988e-03dc2f38c34f} - C:\Program Files\Microsoft\BingBar\BingExt.dll (Microsoft Corporation.)
O3 - HKLM\..\Toolbar: (McAfee SiteAdvisor Toolbar) - {0EBBBE48-BAD4-4B4C-8E5A-516ABECAE064} - c:\Program Files\McAfee\SiteAdvisor\McIEPlg.dll (McAfee, Inc.)
O3 - HKLM\..\Toolbar: (Bing Bar) - {8dcb7100-df86-4384-8842-8fa844297b3f} - C:\Program Files\Microsoft\BingBar\BingExt.dll (Microsoft Corporation.)
O3 - HKLM\..\Toolbar: (GMX Toolbar) - {C424171E-592A-415a-9EB1-DFD6D95D3530} - C:\Program Files\GMX Toolbar\IE\uitb.dll (1und1 Mail und Media GmbH)
O3 - HKLM\..\Toolbar: (no name) - Locked - No CLSID value found.
O3 - HKU\S-1-5-21-2641306596-2459300260-627242885-1000\..\Toolbar\WebBrowser: (no name) - {21FA44EF-376D-4D53-9B0F-8A89D3229068} - No CLSID value found.
O3 - HKU\S-1-5-21-2641306596-2459300260-627242885-1000\..\Toolbar\WebBrowser: (no name) - {A51A36E6-31E7-4838-9FF7-76298B527EC0} - No CLSID value found.
O3 - HKU\S-1-5-21-2641306596-2459300260-627242885-1000\..\Toolbar\WebBrowser: (GMX Toolbar) - {C424171E-592A-415A-9EB1-DFD6D95D3530} - C:\Program Files\GMX Toolbar\IE\uitb.dll (1und1 Mail und Media GmbH)
O4 - HKLM..\Run: [Apoint] C:\Program Files\DellTPad\Apoint.exe (Alps Electric Co., Ltd.)
O4 - HKLM..\Run: [APSDaemon] C:\Program Files\Common Files\Apple\Apple Application Support\APSDaemon.exe (Apple Inc.)
O4 - HKLM..\Run: [avast5] C:\Program Files\Alwil Software\Avast5\avastUI.exe (AVAST Software)
O4 - HKLM..\Run: [Broadcom Wireless Manager UI] C:\Program Files\Dell\Dell Wireless WLAN Card\WLTRAY.EXE (Dell Inc.)
O4 - HKLM..\Run: [DBRMTray] C:\dell\DBRM\Reminder\DbrmTrayicon.exe (Microsoft)
O4 - HKLM..\Run: [Dell Webcam Central] C:\Program Files\Dell Webcam\Dell Webcam Central\WebcamDell2.exe (Creative Technology Ltd)
O4 - HKLM..\Run: [ITSecMng] C:\Program Files\TOSHIBA\Bluetooth Toshiba Stack\ItSecMng.exe (TOSHIBA CORPORATION)
O4 - HKU\S-1-5-21-2641306596-2459300260-627242885-1000..\Run: [werdiagcontroller] C:\Users\Christian\AppData\Local\Microsoft\Windows\2234\werdiagcontroller.exe ()
O4 - HKLM..\RunOnce: [DBRMTray] C:\dell\DBRM\Reminder\TrayApp.exe (Microsoft)
O4 - HKU\S-1-5-19..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (Microsoft Corporation)
O4 - HKU\S-1-5-20..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (Microsoft Corporation)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
O9 - Extra Button: Skype Click to Call - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O9 - Extra 'Tools' menuitem : Skype Click to Call - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000006 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)
O13 - gopher Prefix: missing
O16 - DPF: {166B1BCA-3F9C-11CF-8075-444553540000} hxxp://download.macromedia.com/pub/shockwave/cabs/director/sw.cab (Shockwave ActiveX Control)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_29-windows-i586.cab (Java Plug-in 1.6.0_29)
O16 - DPF: {CAFEEFAC-0016-0000-0029-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_29-windows-i586.cab (Java Plug-in 1.6.0_29)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_29-windows-i586.cab (Java Plug-in 1.6.0_29)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{1E2B1263-DA41-4F33-80E3-3FB27F72CA4C}: DhcpNameServer = 192.168.178.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{4E29FB45-A2B4-49A5-A84C-9ACEB75FC6FD}: NameServer = 10.74.210.210 10.74.210.211
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{BEAC369A-2DD0-462F-AB03-0614B7971FA1}: NameServer = 10.74.210.210 10.74.210.211
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{D51ED1F8-A2E9-4F87-B517-FD1F268E16C5}: DhcpNameServer = 10.129.32.1 10.111.81.129
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{F88506AD-A1A8-4BF4-A130-04D379773D0C}: DhcpNameServer = 192.168.178.1
O18 - Protocol\Handler\dssrequest {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\Program Files\McAfee\SiteAdvisor\McIEPlg.dll (McAfee, Inc.)
O18 - Protocol\Handler\gmx {8FAF0273-9CA8-4efc-9536-1E35E254D5CD} - C:\Program Files\GMX Toolbar\IE\uitb.dll (1und1 Mail und Media GmbH)
O18 - Protocol\Handler\sacore {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\Program Files\McAfee\SiteAdvisor\McIEPlg.dll (McAfee, Inc.)
O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files\Common Files\Skype\Skype4COM.dll (Skype Technologies)
O18 - Protocol\Handler\skype-ie-addon-data {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\System32\userinit.exe (Microsoft Corporation)
O20 - HKLM Winlogon: VMApplet - (SystemPropertiesPerformance.exe) - C:\Windows\System32\SystemPropertiesPerformance.exe (Microsoft Corporation)
O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O28 - HKLM ShellExecuteHooks: {5AE067D3-9AFB-48E0-853A-EBB7F4A000DA} - C:\Program Files\SUPERAntiSpyware\SASSEH.DLL File not found
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2009.06.10 23:42:20 | 000,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ]
O33 - MountPoints2\{134440cd-a0be-11e1-bc92-b8ac6f5d1e90}\Shell - "" = AutoRun
O33 - MountPoints2\{134440cd-a0be-11e1-bc92-b8ac6f5d1e90}\Shell\AutoRun\command - "" = E:\AutoRun.exe
O33 - MountPoints2\{1dee277b-4b07-11e0-999e-b8ac6f5d1e90}\Shell - "" = AutoRun
O33 - MountPoints2\{1dee277b-4b07-11e0-999e-b8ac6f5d1e90}\Shell\AutoRun\command - "" = E:\AutoRun.exe
O33 - MountPoints2\{38eeded0-92a4-11e1-bf64-b8ac6f5d1e90}\Shell - "" = AutoRun
O33 - MountPoints2\{38eeded0-92a4-11e1-bf64-b8ac6f5d1e90}\Shell\AutoRun\command - "" = E:\AutoRun.exe
O33 - MountPoints2\{5a51dd28-79fd-11e0-971f-001e101f79c9}\Shell - "" = AutoRun
O33 - MountPoints2\{5a51dd28-79fd-11e0-971f-001e101f79c9}\Shell\AutoRun\command - "" = F:\LGAutoRun.exe
O33 - MountPoints2\{6fce6508-7b0e-11df-bd2f-b8ac6f5d1e90}\Shell - "" = AutoRun
O33 - MountPoints2\{6fce6508-7b0e-11df-bd2f-b8ac6f5d1e90}\Shell\AutoRun\command - "" = E:\AutoRun.exe
O33 - MountPoints2\{6fce6519-7b0e-11df-bd2f-b8ac6f5d1e90}\Shell - "" = AutoRun
O33 - MountPoints2\{6fce6519-7b0e-11df-bd2f-b8ac6f5d1e90}\Shell\AutoRun\command - "" = G:\AutoRun.exe
O33 - MountPoints2\{af11dbe4-bb4a-11e0-b6fb-b8ac6f5d1e90}\Shell - "" = AutoRun
O33 - MountPoints2\{af11dbe4-bb4a-11e0-b6fb-b8ac6f5d1e90}\Shell\AutoRun\command - "" = E:\AutoRun.exe
O33 - MountPoints2\{bd35594b-91f3-11e1-b9c3-b8ac6f5d1e90}\Shell - "" = AutoRun
O33 - MountPoints2\{bd35594b-91f3-11e1-b9c3-b8ac6f5d1e90}\Shell\AutoRun\command - "" = E:\AutoRun.exe
O33 - MountPoints2\{bd355960-91f3-11e1-b9c3-b8ac6f5d1e90}\Shell - "" = AutoRun
O33 - MountPoints2\{bd355960-91f3-11e1-b9c3-b8ac6f5d1e90}\Shell\AutoRun\command - "" = E:\AutoRun.exe
O33 - MountPoints2\{e4dc09c2-bf2a-11e0-8fee-001e101f4da1}\Shell - "" = AutoRun
O33 - MountPoints2\{e4dc09c2-bf2a-11e0-8fee-001e101f4da1}\Shell\AutoRun\command - "" = E:\LaunchU3.exe -a
O33 - MountPoints2\E\Shell - "" = AutoRun
O33 - MountPoints2\E\Shell\AutoRun\command - "" = E:\LaunchU3.exe -a
O34 - HKLM BootExecute: (autocheck autochk *)
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)
O38 - SubSystems\\Windows: (ServerDll=sxssrv,4)
 
NetSvcs: FastUserSwitchingCompatibility -  File not found
NetSvcs: Ias - C:\Windows\System32\ias.dll (Microsoft Corporation)
NetSvcs: Nla -  File not found
NetSvcs: Ntmssvc -  File not found
NetSvcs: NWCWorkstation -  File not found
NetSvcs: Nwsapagent -  File not found
NetSvcs: SRService -  File not found
NetSvcs: WmdmPmSp -  File not found
NetSvcs: LogonHours -  File not found
NetSvcs: PCAudit -  File not found
NetSvcs: helpsvc -  File not found
NetSvcs: uploadmgr -  File not found
 
MsConfig - StartUpFolder: C:^Users^Christian^AppData^Roaming^Microsoft^Windows^Start Menu^Programs^Startup^OpenOffice.org 3.2.lnk - C:\Program Files\OpenOffice.org 3\program\quickstart.exe - ()
MsConfig - StartUpReg: Adobe ARM - hkey= - key= - C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe (Adobe Systems Incorporated)
MsConfig - StartUpReg: Adobe Reader Speed Launcher - hkey= - key= - C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe (Adobe Systems Incorporated)
MsConfig - StartUpReg: PDVDDXSrv - hkey= - key= - C:\Program Files\CyberLink\PowerDVD DX\PDVDDXSrv.exe (CyberLink Corp.)
MsConfig - State: "startup" - 2
 
SafeBootMin: AppMgmt - Service
SafeBootMin: Base - Driver Group
SafeBootMin: Boot Bus Extender - Driver Group
SafeBootMin: Boot file system - Driver Group
SafeBootMin: File system - Driver Group
SafeBootMin: Filter - Driver Group
SafeBootMin: HelpSvc - Service
SafeBootMin: NTDS -  File not found
SafeBootMin: PCI Configuration - Driver Group
SafeBootMin: PNP Filter - Driver Group
SafeBootMin: Primary disk - Driver Group
SafeBootMin: sacsvr - Service
SafeBootMin: SCSI Class - Driver Group
SafeBootMin: System Bus Extender - Driver Group
SafeBootMin: vmms - Service
SafeBootMin: WinDefend - C:\Program Files\Windows Defender\MpSvc.dll (Microsoft Corporation)
SafeBootMin: {36FC9E60-C465-11CF-8056-444553540000} - Universal Serial Bus controllers
SafeBootMin: {4D36E965-E325-11CE-BFC1-08002BE10318} - CD-ROM Drive
SafeBootMin: {4D36E967-E325-11CE-BFC1-08002BE10318} - DiskDrive
SafeBootMin: {4D36E969-E325-11CE-BFC1-08002BE10318} - Standard floppy disk controller
SafeBootMin: {4D36E96A-E325-11CE-BFC1-08002BE10318} - Hdc
SafeBootMin: {4D36E96B-E325-11CE-BFC1-08002BE10318} - Keyboard
SafeBootMin: {4D36E96F-E325-11CE-BFC1-08002BE10318} - Mouse
SafeBootMin: {4D36E977-E325-11CE-BFC1-08002BE10318} - PCMCIA Adapters
SafeBootMin: {4D36E97B-E325-11CE-BFC1-08002BE10318} - SCSIAdapter
SafeBootMin: {4D36E97D-E325-11CE-BFC1-08002BE10318} - System
SafeBootMin: {4D36E980-E325-11CE-BFC1-08002BE10318} - Floppy disk drive
SafeBootMin: {533C5B84-EC70-11D2-9505-00C04F79DEAF} - Volume shadow copy
SafeBootMin: {6BDD1FC1-810F-11D0-BEC7-08002BE2092F} - IEEE 1394 Bus host controllers
SafeBootMin: {71A27CDD-812A-11D0-BEC7-08002BE2092F} - Volume
SafeBootMin: {745A17A0-74D3-11D0-B6FE-00A0C90F57DA} - Human Interface Devices
SafeBootMin: {D48179BE-EC20-11D1-B6B8-00C04FA372A7} - SBP2 IEEE 1394 Devices
SafeBootMin: {D94EE5D8-D189-4994-83D2-F68D7D41B0E6} - SecurityDevices
 
SafeBootNet: AppMgmt - Service
SafeBootNet: Base - Driver Group
SafeBootNet: Boot Bus Extender - Driver Group
SafeBootNet: Boot file system - Driver Group
SafeBootNet: File system - Driver Group
SafeBootNet: Filter - Driver Group
SafeBootNet: HelpSvc - Service
SafeBootNet: Messenger - Service
SafeBootNet: NDIS Wrapper - Driver Group
SafeBootNet: NetBIOSGroup - Driver Group
SafeBootNet: NetDDEGroup - Driver Group
SafeBootNet: Network - Driver Group
SafeBootNet: NetworkProvider - Driver Group
SafeBootNet: NTDS -  File not found
SafeBootNet: PCI Configuration - Driver Group
SafeBootNet: PNP Filter - Driver Group
SafeBootNet: PNP_TDI - Driver Group
SafeBootNet: Primary disk - Driver Group
SafeBootNet: rdsessmgr - Service
SafeBootNet: sacsvr - Service
SafeBootNet: SCSI Class - Driver Group
SafeBootNet: Streams Drivers - Driver Group
SafeBootNet: System Bus Extender - Driver Group
SafeBootNet: TDI - Driver Group
SafeBootNet: vmms - Service
SafeBootNet: WinDefend - C:\Program Files\Windows Defender\MpSvc.dll (Microsoft Corporation)
SafeBootNet: WudfUsbccidDriver - Driver
SafeBootNet: {36FC9E60-C465-11CF-8056-444553540000} - Universal Serial Bus controllers
SafeBootNet: {4D36E965-E325-11CE-BFC1-08002BE10318} - CD-ROM Drive
SafeBootNet: {4D36E967-E325-11CE-BFC1-08002BE10318} - DiskDrive
SafeBootNet: {4D36E969-E325-11CE-BFC1-08002BE10318} - Standard floppy disk controller
SafeBootNet: {4D36E96A-E325-11CE-BFC1-08002BE10318} - Hdc
SafeBootNet: {4D36E96B-E325-11CE-BFC1-08002BE10318} - Keyboard
SafeBootNet: {4D36E96F-E325-11CE-BFC1-08002BE10318} - Mouse
SafeBootNet: {4D36E972-E325-11CE-BFC1-08002BE10318} - Net
SafeBootNet: {4D36E973-E325-11CE-BFC1-08002BE10318} - NetClient
SafeBootNet: {4D36E974-E325-11CE-BFC1-08002BE10318} - NetService
SafeBootNet: {4D36E975-E325-11CE-BFC1-08002BE10318} - NetTrans
SafeBootNet: {4D36E977-E325-11CE-BFC1-08002BE10318} - PCMCIA Adapters
SafeBootNet: {4D36E97B-E325-11CE-BFC1-08002BE10318} - SCSIAdapter
SafeBootNet: {4D36E97D-E325-11CE-BFC1-08002BE10318} - System
SafeBootNet: {4D36E980-E325-11CE-BFC1-08002BE10318} - Floppy disk drive
SafeBootNet: {50DD5230-BA8A-11D1-BF5D-0000F805F530} - Smart card readers
SafeBootNet: {533C5B84-EC70-11D2-9505-00C04F79DEAF} - Volume shadow copy
SafeBootNet: {6BDD1FC1-810F-11D0-BEC7-08002BE2092F} - IEEE 1394 Bus host controllers
SafeBootNet: {71A27CDD-812A-11D0-BEC7-08002BE2092F} - Volume
SafeBootNet: {745A17A0-74D3-11D0-B6FE-00A0C90F57DA} - Human Interface Devices
SafeBootNet: {D48179BE-EC20-11D1-B6B8-00C04FA372A7} - SBP2 IEEE 1394 Devices
SafeBootNet: {D94EE5D8-D189-4994-83D2-F68D7D41B0E6} - SecurityDevices
 
ActiveX: {08B0E5C0-4FCB-11CF-AAA5-00401C608500} - Java (Sun)
ActiveX: {22d6f312-b0f6-11d0-94ab-0080c74c7e95} - Microsoft Windows Media Player 12.0
ActiveX: {25FFAAD0-F4A3-4164-95FF-4461E9F35D51} - .NET Framework
ActiveX: {2C7339CF-2B09-4501-B3F3-F3508C9228ED} - %SystemRoot%\system32\regsvr32.exe /s /n /i:/UserInstall %SystemRoot%\system32\themeui.dll
ActiveX: {3af36230-a269-11d1-b5bf-0000f8051515} - Offline Browsing Pack
ActiveX: {3C3901C5-3455-3E0A-A214-0B093A5070A6} - .NET Framework
ActiveX: {44BBA840-CC51-11CF-AAFA-00AA00B6015C} - "%ProgramFiles%\Windows Mail\WinMail.exe" OCInstallUserConfigOE
ActiveX: {44BBA855-CC51-11CF-AAFA-00AA00B6015F} - DirectDrawEx
ActiveX: {45ea75a0-a269-11d1-b5bf-0000f8051515} - Internet Explorer Help
ActiveX: {4f645220-306d-11d2-995d-00c04f98bbc9} - Microsoft Windows Script 5.6
ActiveX: {5fd399c0-a70a-11d1-9948-00c04f98bbc9} - Internet Explorer Setup Tools
ActiveX: {630b1da0-b465-11d1-9948-00c04f98bbc9} - Browsing Enhancements
ActiveX: {6BF52A52-394A-11d3-B153-00C04F79FAA6} - Microsoft Windows Media Player
ActiveX: {6fab99d0-bab8-11d1-994a-00c04f98bbc9} - MSN Site Access
ActiveX: {7790769C-0471-11d2-AF11-00C04FA35D02} - Address Book 7
ActiveX: {7C028AF8-F614-47B3-82DA-BA94E41B1089} - .NET Framework
ActiveX: {89820200-ECBD-11cf-8B85-00AA005B4340} - regsvr32.exe /s /n /i:U shell32.dll
ActiveX: {89820200-ECBD-11cf-8B85-00AA005B4383} - C:\Windows\System32\ie4uinit.exe -BaseSettings
ActiveX: {89B4C1CD-B018-4511-B0A1-5476DBF70820} - C:\Windows\system32\Rundll32.exe C:\Windows\system32\mscories.dll,Install
ActiveX: {9381D8F2-0288-11D0-9501-00AA00B911A5} - Dynamic HTML Data Binding
ActiveX: {C9E9A340-D1F1-11D0-821E-444553540600} - Internet Explorer Core Fonts
ActiveX: {D27CDB6E-AE6D-11CF-96B8-444553540000} - Adobe Flash Player
ActiveX: {de5aed00-a4bf-11d1-9948-00c04f98bbc9} - HTML Help
ActiveX: {E92B03AB-B707-11d2-9CBD-0000F87A369E} - Active Directory Service Interface
ActiveX: >{22d6f312-b0f6-11d0-94ab-0080c74c7e95} - %SystemRoot%\system32\unregmp2.exe /ShowWMP
ActiveX: >{26923b43-4d38-484f-9b9e-de460746276c} - C:\Windows\System32\ie4uinit.exe -UserIconConfig
ActiveX: >{60B49E34-C7CC-11D0-8953-00A0C90347FF} - "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\iedkcs32.dll",BrandIEActiveSetup SIGNUP
 
Drivers32: msacm.l3acm - C:\Windows\System32\l3codeca.acm (Fraunhofer Institut Integrierte Schaltungen IIS)
Drivers32: MSVideo8 - C:\Windows\System32\vfwwdm32.dll (Microsoft Corporation)
Drivers32: vidc.cvid - C:\Windows\System32\iccvid.dll (Radius Inc.)
 
CREATERESTOREPOINT
Restore point Set: OTL Restore Point
 
========== Files/Folders - Created Within 30 Days ==========
 
[2012.09.11 15:27:06 | 000,000,000 | ---D | C] -- C:\Program Files\ESET
[2012.09.11 15:26:31 | 002,322,184 | ---- | C] (ESET) -- C:\Users\Christian\Desktop\esetsmartinstaller_enu.exe
[2012.09.11 10:25:52 | 000,000,000 | ---D | C] -- C:\Users\Christian\AppData\Roaming\hellomoto
[2012.09.10 23:42:27 | 000,000,000 | ---D | C] -- C:\Users\Christian\AppData\Local\Macromedia
[2012.09.10 23:32:18 | 000,000,000 | ---D | C] -- C:\Program Files\CCleaner
[2012.09.10 23:15:12 | 000,000,000 | ---D | C] -- C:\Users\Christian\AppData\Roaming\Malwarebytes
[2012.09.10 23:14:27 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes' Anti-Malware
[2012.09.10 23:14:26 | 000,022,856 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbam.sys
[2012.09.10 23:14:26 | 000,000,000 | ---D | C] -- C:\Program Files\Malwarebytes' Anti-Malware
[2012.09.10 23:14:26 | 000,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes
[2012.09.10 22:47:59 | 000,600,064 | ---- | C] (OldTimer Tools) -- C:\Users\Christian\Desktop\OTL.exe
[2011.02.23 12:50:20 | 005,882,888 | ---- | C] (RhinoSoft.com                                               ) -- C:\Users\Christian\FTPVoyagerSetup.exe
 
========== Files - Modified Within 30 Days ==========
 
[2012.09.12 17:22:41 | 000,014,240 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
[2012.09.12 17:22:41 | 000,014,240 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
[2012.09.12 17:22:24 | 000,654,400 | ---- | M] () -- C:\Windows\System32\perfh007.dat
[2012.09.12 17:22:24 | 000,616,242 | ---- | M] () -- C:\Windows\System32\perfh009.dat
[2012.09.12 17:22:24 | 000,130,240 | ---- | M] () -- C:\Windows\System32\perfc007.dat
[2012.09.12 17:22:24 | 000,106,622 | ---- | M] () -- C:\Windows\System32\perfc009.dat
[2012.09.12 17:14:59 | 000,001,100 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job
[2012.09.12 17:14:36 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2012.09.12 17:14:27 | 1582,583,808 | -HS- | M] () -- C:\hiberfil.sys
[2012.09.12 00:10:10 | 000,001,104 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job
[2012.09.12 00:07:00 | 000,000,884 | ---- | M] () -- C:\Windows\tasks\Adobe Flash Player Updater.job
[2012.09.11 22:49:48 | 000,512,399 | ---- | M] () -- C:\Users\Christian\Desktop\adwcleaner.exe
[2012.09.11 14:37:12 | 002,322,184 | ---- | M] (ESET) -- C:\Users\Christian\Desktop\esetsmartinstaller_enu.exe
[2012.09.11 14:27:44 | 000,001,029 | ---- | M] () -- C:\Users\Public\Desktop\ Malwarebytes Anti-Malware .lnk
[2012.09.10 23:32:22 | 000,000,927 | ---- | M] () -- C:\Users\Public\Desktop\CCleaner.lnk
[2012.09.10 22:46:56 | 000,600,064 | ---- | M] (OldTimer Tools) -- C:\Users\Christian\Desktop\OTL.exe
[2012.09.09 09:18:40 | 000,002,172 | -H-- | M] () -- C:\Users\Christian\Documents\Default.rdp
[2012.09.07 17:04:46 | 000,022,856 | ---- | M] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbam.sys
[2012.09.01 15:13:55 | 000,002,288 | ---- | M] () -- C:\Users\Public\Desktop\Google Chrome.lnk
[2012.08.16 08:09:11 | 000,434,600 | ---- | M] () -- C:\Windows\System32\FNTCACHE.DAT
 
========== Files Created - No Company Name ==========
 
[2012.09.11 22:51:24 | 000,512,399 | ---- | C] () -- C:\Users\Christian\Desktop\adwcleaner.exe
[2012.09.10 23:32:22 | 000,000,927 | ---- | C] () -- C:\Users\Public\Desktop\CCleaner.lnk
[2012.09.10 23:14:27 | 000,001,029 | ---- | C] () -- C:\Users\Public\Desktop\ Malwarebytes Anti-Malware .lnk
[2012.01.08 14:50:22 | 000,000,000 | ---- | C] () -- C:\Users\Christian\AppData\Local\{D099D9E4-1A12-4731-94E2-C6BAC5133851}
[2011.07.13 18:20:52 | 000,000,000 | ---- | C] () -- C:\Users\Christian\AppData\Local\{79E2CA01-03BC-42FA-A9EA-24CB12FD8775}
[2011.06.25 20:39:23 | 000,000,000 | ---- | C] () -- C:\Users\Christian\AppData\Local\{50A48D02-A206-4567-B704-788298320F6B}
[2010.12.14 23:40:02 | 000,116,224 | ---- | C] () -- C:\Windows\System32\pdfcmnnt.dll
[2010.12.05 19:35:37 | 000,000,056 | -H-- | C] () -- C:\ProgramData\ezsidmv.dat
 
========== LOP Check ==========
 
[2012.03.29 13:04:44 | 000,000,000 | ---D | M] -- C:\Users\Christian\AppData\Roaming\1&1 Mail & Media GmbH
[2012.01.26 11:50:01 | 000,000,000 | ---D | M] -- C:\Users\Christian\AppData\Roaming\Amazon
[2011.11.03 00:09:02 | 000,000,000 | ---D | M] -- C:\Users\Christian\AppData\Roaming\go
[2012.09.11 10:25:52 | 000,000,000 | ---D | M] -- C:\Users\Christian\AppData\Roaming\hellomoto
[2012.03.08 08:28:07 | 000,000,000 | ---D | M] -- C:\Users\Christian\AppData\Roaming\mp3DirectCut
[2011.02.23 12:34:52 | 000,000,000 | ---D | M] -- C:\Users\Christian\AppData\Roaming\mquadr.at
[2010.05.28 10:07:39 | 000,000,000 | ---D | M] -- C:\Users\Christian\AppData\Roaming\OpenOffice.org
[2011.02.23 12:53:31 | 000,000,000 | ---D | M] -- C:\Users\Christian\AppData\Roaming\RhinoSoft.com
[2012.04.29 16:08:07 | 000,000,000 | ---D | M] -- C:\Users\Christian\AppData\Roaming\T-Mobile
[2010.06.21 17:43:30 | 000,000,000 | ---D | M] -- C:\Users\Christian\AppData\Roaming\Thunderbird
[2012.07.12 12:29:29 | 000,032,640 | ---- | M] () -- C:\Windows\Tasks\SCHEDLGU.TXT
 
========== Purity Check ==========
 
 
 
========== Custom Scans ==========
 
< %ALLUSERSPROFILE%\Application Data\*. >
 
< %ALLUSERSPROFILE%\Application Data\*.exe /s >
 
< %APPDATA%\*. >
[2012.03.29 13:04:44 | 000,000,000 | ---D | M] -- C:\Users\Christian\AppData\Roaming\1&1 Mail & Media GmbH
[2010.06.12 15:32:41 | 000,000,000 | ---D | M] -- C:\Users\Christian\AppData\Roaming\Adobe
[2012.01.26 11:50:01 | 000,000,000 | ---D | M] -- C:\Users\Christian\AppData\Roaming\Amazon
[2011.11.19 16:23:00 | 000,000,000 | ---D | M] -- C:\Users\Christian\AppData\Roaming\Apple Computer
[2010.07.01 16:26:10 | 000,000,000 | R--D | M] -- C:\Users\Christian\AppData\Roaming\Brother
[2010.05.28 10:17:31 | 000,000,000 | ---D | M] -- C:\Users\Christian\AppData\Roaming\Creative
[2010.05.27 17:55:30 | 000,000,000 | ---D | M] -- C:\Users\Christian\AppData\Roaming\CyberLink
[2011.11.03 00:09:02 | 000,000,000 | ---D | M] -- C:\Users\Christian\AppData\Roaming\go
[2010.12.05 21:19:42 | 000,000,000 | ---D | M] -- C:\Users\Christian\AppData\Roaming\Google
[2012.09.11 10:25:52 | 000,000,000 | ---D | M] -- C:\Users\Christian\AppData\Roaming\hellomoto
[2010.05.27 16:10:22 | 000,000,000 | ---D | M] -- C:\Users\Christian\AppData\Roaming\Identities
[2010.05.27 18:00:03 | 000,000,000 | ---D | M] -- C:\Users\Christian\AppData\Roaming\Macromedia
[2012.09.10 23:15:12 | 000,000,000 | ---D | M] -- C:\Users\Christian\AppData\Roaming\Malwarebytes
[2009.07.14 10:56:41 | 000,000,000 | ---D | M] -- C:\Users\Christian\AppData\Roaming\Media Center Programs
[2012.09.10 23:42:27 | 000,000,000 | --SD | M] -- C:\Users\Christian\AppData\Roaming\Microsoft
[2012.04.24 15:03:36 | 000,000,000 | ---D | M] -- C:\Users\Christian\AppData\Roaming\Mozilla
[2012.03.08 08:28:07 | 000,000,000 | ---D | M] -- C:\Users\Christian\AppData\Roaming\mp3DirectCut
[2011.02.23 12:34:52 | 000,000,000 | ---D | M] -- C:\Users\Christian\AppData\Roaming\mquadr.at
[2010.05.28 10:07:39 | 000,000,000 | ---D | M] -- C:\Users\Christian\AppData\Roaming\OpenOffice.org
[2011.02.23 12:53:31 | 000,000,000 | ---D | M] -- C:\Users\Christian\AppData\Roaming\RhinoSoft.com
[2010.05.27 17:50:14 | 000,000,000 | ---D | M] -- C:\Users\Christian\AppData\Roaming\Roxio Log Files
[2012.09.12 17:15:16 | 000,000,000 | ---D | M] -- C:\Users\Christian\AppData\Roaming\Skype
[2011.05.29 08:09:30 | 000,000,000 | ---D | M] -- C:\Users\Christian\AppData\Roaming\skypePM
[2012.04.29 16:08:07 | 000,000,000 | ---D | M] -- C:\Users\Christian\AppData\Roaming\T-Mobile
[2010.06.21 17:43:30 | 000,000,000 | ---D | M] -- C:\Users\Christian\AppData\Roaming\Thunderbird
 
< %APPDATA%\*.exe /s >
 
< %SYSTEMDRIVE%\*.exe >
 
< MD5 for: AGP440.SYS  >
[2009.07.14 03:26:15 | 000,053,312 | ---- | M] (Microsoft Corporation) MD5=507812C3054C21CEF746B6EE3D04DD6E -- C:\Windows\System32\drivers\AGP440.sys
[2009.07.14 03:26:15 | 000,053,312 | ---- | M] (Microsoft Corporation) MD5=507812C3054C21CEF746B6EE3D04DD6E -- C:\Windows\System32\DriverStore\FileRepository\machine.inf_x86_neutral_65848c2d7375a720\AGP440.sys
[2009.07.14 03:26:15 | 000,053,312 | ---- | M] (Microsoft Corporation) MD5=507812C3054C21CEF746B6EE3D04DD6E -- C:\Windows\System32\DriverStore\FileRepository\machine.inf_x86_neutral_a97a2a0d0fbc6696\AGP440.sys
[2009.07.14 03:26:15 | 000,053,312 | ---- | M] (Microsoft Corporation) MD5=507812C3054C21CEF746B6EE3D04DD6E -- C:\Windows\winsxs\x86_machine.inf_31bf3856ad364e35_6.1.7600.16385_none_b9e9435f20046eeb\AGP440.sys
[2009.07.14 03:26:15 | 000,053,312 | ---- | M] (Microsoft Corporation) MD5=507812C3054C21CEF746B6EE3D04DD6E -- C:\Windows\winsxs\x86_machine.inf_31bf3856ad364e35_6.1.7601.17514_none_bc1a57271cf2f285\AGP440.sys
 
< MD5 for: ATAPI.SYS  >
[2009.07.14 03:26:15 | 000,021,584 | ---- | M] (Microsoft Corporation) MD5=338C86357871C167A96AB976519BF59E -- C:\Windows\System32\drivers\atapi.sys
[2009.07.14 03:26:15 | 000,021,584 | ---- | M] (Microsoft Corporation) MD5=338C86357871C167A96AB976519BF59E -- C:\Windows\System32\DriverStore\FileRepository\mshdc.inf_x86_neutral_6acd47459c3a74fb\atapi.sys
[2009.07.14 03:26:15 | 000,021,584 | ---- | M] (Microsoft Corporation) MD5=338C86357871C167A96AB976519BF59E -- C:\Windows\System32\DriverStore\FileRepository\mshdc.inf_x86_neutral_f64b9c35a3a5be81\atapi.sys
[2009.07.14 03:26:15 | 000,021,584 | ---- | M] (Microsoft Corporation) MD5=338C86357871C167A96AB976519BF59E -- C:\Windows\System32\DriverStore\FileRepository\mshdc.inf_x86_neutral_fab873f3e8a3315c\atapi.sys
[2009.07.14 03:26:15 | 000,021,584 | ---- | M] (Microsoft Corporation) MD5=338C86357871C167A96AB976519BF59E -- C:\Windows\winsxs\x86_mshdc.inf_31bf3856ad364e35_6.1.7600.16385_none_dd0e7e3d82dd640d\atapi.sys
[2009.07.14 03:26:15 | 000,021,584 | ---- | M] (Microsoft Corporation) MD5=338C86357871C167A96AB976519BF59E -- C:\Windows\winsxs\x86_mshdc.inf_31bf3856ad364e35_6.1.7600.20575_none_dda2ecda9bf2e50d\atapi.sys
[2009.07.14 03:26:15 | 000,021,584 | ---- | M] (Microsoft Corporation) MD5=338C86357871C167A96AB976519BF59E -- C:\Windows\winsxs\x86_mshdc.inf_31bf3856ad364e35_6.1.7601.17514_none_df3f92057fcbe7a7\atapi.sys
 
< MD5 for: CNGAUDIT.DLL  >
[2009.07.14 03:15:06 | 000,012,288 | ---- | M] (Microsoft Corporation) MD5=50BA656134F78AF64E4DD3C8B6FEFD7E -- C:\Windows\System32\cngaudit.dll
[2009.07.14 03:15:06 | 000,012,288 | ---- | M] (Microsoft Corporation) MD5=50BA656134F78AF64E4DD3C8B6FEFD7E -- C:\Windows\winsxs\x86_microsoft-windows-cngaudit-dll_31bf3856ad364e35_6.1.7600.16385_none_e83a414890e8132b\cngaudit.dll
 
< MD5 for: IASTORV.SYS  >
[2011.03.11 07:38:51 | 000,332,160 | ---- | M] (Intel Corporation) MD5=5CD5F9A5444E6CDCB0AC89BD62D8B76E -- C:\Windows\System32\drivers\iaStorV.sys
[2011.03.11 07:38:51 | 000,332,160 | ---- | M] (Intel Corporation) MD5=5CD5F9A5444E6CDCB0AC89BD62D8B76E -- C:\Windows\System32\DriverStore\FileRepository\iastorv.inf_x86_neutral_0bcee2057afcc090\iaStorV.sys
[2011.03.11 07:38:51 | 000,332,160 | ---- | M] (Intel Corporation) MD5=5CD5F9A5444E6CDCB0AC89BD62D8B76E -- C:\Windows\winsxs\x86_iastorv.inf_31bf3856ad364e35_6.1.7601.17577_none_b0daddb9e6380745\iaStorV.sys
[2011.03.11 07:43:55 | 000,332,160 | ---- | M] (Intel Corporation) MD5=71F1A494FEDF4B33C02C4A6A28D6D9E9 -- C:\Windows\System32\DriverStore\FileRepository\iastorv.inf_x86_neutral_0033117673c16921\iaStorV.sys
[2011.03.11 07:43:55 | 000,332,160 | ---- | M] (Intel Corporation) MD5=71F1A494FEDF4B33C02C4A6A28D6D9E9 -- C:\Windows\winsxs\x86_iastorv.inf_31bf3856ad364e35_6.1.7600.16778_none_aef580fde910b4b0\iaStorV.sys
[2011.03.11 07:28:00 | 000,332,160 | ---- | M] (Intel Corporation) MD5=778D0E6D7D9EBA0C403BADBAAD41DB20 -- C:\Windows\winsxs\x86_iastorv.inf_31bf3856ad364e35_6.1.7601.21680_none_b152a892ff64119f\iaStorV.sys
[2009.07.14 03:20:36 | 000,332,352 | ---- | M] (Intel Corporation) MD5=934AF4D7C5F457B9F0743F4299B77B67 -- C:\Windows\System32\DriverStore\FileRepository\iastorv.inf_x86_neutral_18cccb83b34e1453\iaStorV.sys
[2009.07.14 03:20:36 | 000,332,352 | ---- | M] (Intel Corporation) MD5=934AF4D7C5F457B9F0743F4299B77B67 -- C:\Windows\winsxs\x86_iastorv.inf_31bf3856ad364e35_6.1.7600.16385_none_aee7a89be91b9000\iaStorV.sys
[2010.11.20 14:29:54 | 000,332,160 | ---- | M] (Intel Corporation) MD5=A3CAE5D281DB4CFF7CFF8233507EE5AD -- C:\Windows\System32\DriverStore\FileRepository\iastorv.inf_x86_neutral_668286aa35d55928\iaStorV.sys
[2010.11.20 14:29:54 | 000,332,160 | ---- | M] (Intel Corporation) MD5=A3CAE5D281DB4CFF7CFF8233507EE5AD -- C:\Windows\winsxs\x86_iastorv.inf_31bf3856ad364e35_6.1.7601.17514_none_b118bc63e60a139a\iaStorV.sys
[2011.03.11 07:52:21 | 000,332,160 | ---- | M] (Intel Corporation) MD5=B9039A34C2F8769490DCC494E2402445 -- C:\Windows\winsxs\x86_iastorv.inf_31bf3856ad364e35_6.1.7600.20921_none_afae2d45020c148b\iaStorV.sys
 
< MD5 for: NETLOGON.DLL  >
[2010.11.20 14:20:28 | 000,563,712 | ---- | M] (Microsoft Corporation) MD5=C1809B9907ADEDAF16F50C894100883B -- C:\Windows\System32\netlogon.dll
[2010.11.20 14:20:28 | 000,563,712 | ---- | M] (Microsoft Corporation) MD5=C1809B9907ADEDAF16F50C894100883B -- C:\Windows\winsxs\x86_microsoft-windows-security-netlogon_31bf3856ad364e35_6.1.7601.17514_none_ffbf212e963c0162\netlogon.dll
[2009.07.14 03:16:02 | 000,563,712 | ---- | M] (Microsoft Corporation) MD5=EAA75D9000B71F10EEC04D2AE6C60E81 -- C:\Windows\winsxs\x86_microsoft-windows-security-netlogon_31bf3856ad364e35_6.1.7600.16385_none_fd8e0d66994d7dc8\netlogon.dll
 
< MD5 for: NVSTOR.SYS  >
[2011.03.11 07:39:00 | 000,143,744 | ---- | M] (NVIDIA Corporation) MD5=4380E59A170D88C4F1022EFF6719A8A4 -- C:\Windows\System32\drivers\nvstor.sys
[2011.03.11 07:39:00 | 000,143,744 | ---- | M] (NVIDIA Corporation) MD5=4380E59A170D88C4F1022EFF6719A8A4 -- C:\Windows\System32\DriverStore\FileRepository\nvraid.inf_x86_neutral_0276fc3b3ea60d41\nvstor.sys
[2011.03.11 07:39:00 | 000,143,744 | ---- | M] (NVIDIA Corporation) MD5=4380E59A170D88C4F1022EFF6719A8A4 -- C:\Windows\winsxs\x86_nvraid.inf_31bf3856ad364e35_6.1.7601.17577_none_3ba44e691d6eb11d\nvstor.sys
[2011.03.11 07:44:01 | 000,143,744 | ---- | M] (NVIDIA Corporation) MD5=4520B63899E867F354EE012D34E11536 -- C:\Windows\System32\DriverStore\FileRepository\nvraid.inf_x86_neutral_38e464dbe521cc7f\nvstor.sys
[2011.03.11 07:44:01 | 000,143,744 | ---- | M] (NVIDIA Corporation) MD5=4520B63899E867F354EE012D34E11536 -- C:\Windows\winsxs\x86_nvraid.inf_31bf3856ad364e35_6.1.7600.16778_none_39bef1ad20475e88\nvstor.sys
[2011.03.11 07:28:10 | 000,143,744 | ---- | M] (NVIDIA Corporation) MD5=66D468654A58594F5F3BA63D5AD5B1AF -- C:\Windows\winsxs\x86_nvraid.inf_31bf3856ad364e35_6.1.7601.21680_none_3c1c1942369abb77\nvstor.sys
[2011.03.11 07:52:25 | 000,143,744 | ---- | M] (NVIDIA Corporation) MD5=8A7583A3B58D3EEB28BB26626526BC91 -- C:\Windows\winsxs\x86_nvraid.inf_31bf3856ad364e35_6.1.7600.20921_none_3a779df43942be63\nvstor.sys
[2010.11.20 14:30:06 | 000,143,744 | ---- | M] (NVIDIA Corporation) MD5=9283C58EBAA2618F93482EB5DABCEC82 -- C:\Windows\System32\DriverStore\FileRepository\nvraid.inf_x86_neutral_dd659ed032d28a14\nvstor.sys
[2010.11.20 14:30:06 | 000,143,744 | ---- | M] (NVIDIA Corporation) MD5=9283C58EBAA2618F93482EB5DABCEC82 -- C:\Windows\winsxs\x86_nvraid.inf_31bf3856ad364e35_6.1.7601.17514_none_3be22d131d40bd72\nvstor.sys
[2009.07.14 03:20:44 | 000,142,416 | ---- | M] (NVIDIA Corporation) MD5=C99F251A5DE63C6F129CF71933ACED0F -- C:\Windows\System32\DriverStore\FileRepository\nvraid.inf_x86_neutral_5bde3fe2945bce9e\nvstor.sys
[2009.07.14 03:20:44 | 000,142,416 | ---- | M] (NVIDIA Corporation) MD5=C99F251A5DE63C6F129CF71933ACED0F -- C:\Windows\winsxs\x86_nvraid.inf_31bf3856ad364e35_6.1.7600.16385_none_39b1194b205239d8\nvstor.sys
 
< MD5 for: SCECLI.DLL  >
[2009.07.14 03:16:13 | 000,175,616 | ---- | M] (Microsoft Corporation) MD5=26073302DAEA83CC5B944C546D6B47D2 -- C:\Windows\winsxs\x86_microsoft-windows-s..urationengineclient_31bf3856ad364e35_6.1.7600.16385_none_37e4387f3a6f0483\scecli.dll
[2010.11.20 14:21:04 | 000,175,616 | ---- | M] (Microsoft Corporation) MD5=8124944EC89D6A1815E4E53F5B96AAF4 -- C:\Windows\System32\scecli.dll
[2010.11.20 14:21:04 | 000,175,616 | ---- | M] (Microsoft Corporation) MD5=8124944EC89D6A1815E4E53F5B96AAF4 -- C:\Windows\winsxs\x86_microsoft-windows-s..urationengineclient_31bf3856ad364e35_6.1.7601.17514_none_3a154c47375d881d\scecli.dll
 
< MD5 for: USER32.DLL  >
[2009.07.14 03:16:17 | 000,811,520 | ---- | M] (Microsoft Corporation) MD5=34B7E222E81FAFA885F0C5F2CFA56861 -- C:\Windows\winsxs\x86_microsoft-windows-user32_31bf3856ad364e35_6.1.7600.16385_none_cd0ec264ceb014a3\user32.dll
[2010.11.20 14:21:33 | 000,811,520 | ---- | M] (Microsoft Corporation) MD5=F1DD3ACAEE5E6B4BBC69BC6DF75CEF66 -- C:\Windows\System32\user32.dll
[2010.11.20 14:21:33 | 000,811,520 | ---- | M] (Microsoft Corporation) MD5=F1DD3ACAEE5E6B4BBC69BC6DF75CEF66 -- C:\Windows\winsxs\x86_microsoft-windows-user32_31bf3856ad364e35_6.1.7601.17514_none_cf3fd62ccb9e983d\user32.dll
 
< MD5 for: USERINIT.EXE  >
[2010.11.20 14:17:48 | 000,026,624 | ---- | M] (Microsoft Corporation) MD5=61AC3EFDFACFDD3F0F11DD4FD4044223 -- C:\Windows\System32\userinit.exe
[2010.11.20 14:17:48 | 000,026,624 | ---- | M] (Microsoft Corporation) MD5=61AC3EFDFACFDD3F0F11DD4FD4044223 -- C:\Windows\winsxs\x86_microsoft-windows-userinit_31bf3856ad364e35_6.1.7601.17514_none_de3024012ff21116\userinit.exe
[2009.07.14 03:14:43 | 000,026,112 | ---- | M] (Microsoft Corporation) MD5=6DE80F60D7DE9CE6B8C2DDFDF79EF175 -- C:\Windows\winsxs\x86_microsoft-windows-userinit_31bf3856ad364e35_6.1.7600.16385_none_dbff103933038d7c\userinit.exe
 
< MD5 for: WININIT.EXE  >
[2009.07.14 03:14:45 | 000,096,256 | ---- | M] (Microsoft Corporation) MD5=B5C5DCAD3899512020D135600129D665 -- C:\Windows\System32\wininit.exe
[2009.07.14 03:14:45 | 000,096,256 | ---- | M] (Microsoft Corporation) MD5=B5C5DCAD3899512020D135600129D665 -- C:\Windows\winsxs\x86_microsoft-windows-wininit_31bf3856ad364e35_6.1.7600.16385_none_30c90ef265a43c13\wininit.exe
 
< MD5 for: WINLOGON.EXE  >
[2009.10.28 08:17:59 | 000,285,696 | ---- | M] (Microsoft Corporation) MD5=37CDB7E72EB66BA85A87CBE37E7F03FD -- C:\Windows\winsxs\x86_microsoft-windows-winlogon_31bf3856ad364e35_6.1.7600.16447_none_6fc699643622d177\winlogon.exe
[2009.10.28 07:52:08 | 000,285,696 | ---- | M] (Microsoft Corporation) MD5=3BABE6767C78FBF5FB8435FEED187F30 -- C:\Windows\winsxs\x86_microsoft-windows-winlogon_31bf3856ad364e35_6.1.7600.20560_none_703394514f56f7c2\winlogon.exe
[2012.09.07 17:04:42 | 000,218,696 | ---- | M] () MD5=4E0D8C9F83B7FD82393F7D8CCC27E7AE -- C:\Program Files\Malwarebytes' Anti-Malware\Chameleon\winlogon.exe
[2010.11.20 14:17:54 | 000,286,720 | ---- | M] (Microsoft Corporation) MD5=6D13E1406F50C66E2A95D97F22C47560 -- C:\Windows\System32\winlogon.exe
[2010.11.20 14:17:54 | 000,286,720 | ---- | M] (Microsoft Corporation) MD5=6D13E1406F50C66E2A95D97F22C47560 -- C:\Windows\winsxs\x86_microsoft-windows-winlogon_31bf3856ad364e35_6.1.7601.17514_none_71ca6b0233339500\winlogon.exe
[2009.07.14 03:14:45 | 000,285,696 | ---- | M] (Microsoft Corporation) MD5=8EC6A4AB12B8F3759E21F8E3A388F2CF -- C:\Windows\winsxs\x86_microsoft-windows-winlogon_31bf3856ad364e35_6.1.7600.16385_none_6f99573a36451166\winlogon.exe
 
< MD5 for: WS2IFSL.SYS  >
[2009.07.14 01:55:02 | 000,016,384 | ---- | M] (Microsoft Corporation) MD5=6DB3276587B853BF886B69528FDB048C -- C:\Windows\System32\drivers\ws2ifsl.sys
[2009.07.14 01:55:02 | 000,016,384 | ---- | M] (Microsoft Corporation) MD5=6DB3276587B853BF886B69528FDB048C -- C:\Windows\winsxs\x86_microsoft-windows-w..rastructure-ws2ifsl_31bf3856ad364e35_6.1.7600.16385_none_4f5cf6f829213bb2\ws2ifsl.sys
 
< %systemroot%\system32\drivers\*.sys /lockedfiles >
 
< %systemroot%\System32\config\*.sav >
 
< %systemroot%\*. /mp /s >
 
< %systemroot%\system32\*.dll /lockedfiles >
 
<           >

< End of report >
         

Alt 12.09.2012, 19:58   #12
cosinus
/// Winkelfunktion
/// TB-Süch-Tiger™
 
BKA Trojaner Win7 - Standard

BKA Trojaner Win7



Mach einen OTL-Fix, beende alle evtl. geöffneten Programme, auch Virenscanner deaktivieren (!), starte OTL und kopiere folgenden Text in die "Custom Scan/Fixes" Box (unten in OTL): (das ":OTL" muss mitkopiert werden!!!)

Code:
ATTFilter
:OTL
FF - user.js - File not found
IE - HKU\S-1-5-21-2641306596-2459300260-627242885-1000\..\URLSearchHook: {0EBBBE48-BAD4-4B4C-8E5A-516ABECAE064} - c:\Program Files\McAfee\SiteAdvisor\McIEPlg.dll (McAfee, Inc.)
IE - HKU\S-1-5-21-2641306596-2459300260-627242885-1000\..\URLSearchHook: {a51a36e6-31e7-4838-9ff7-76298b527ec0} - No CLSID value found
IE - HKU\S-1-5-21-2641306596-2459300260-627242885-1000\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE - HKU\S-1-5-21-2641306596-2459300260-627242885-1000\..\SearchScopes\{1B865875-B7E8-4C02-8049-B2BABF1AB289}: "URL" = http://search.gmx.com/web?q={searchTerms}&origin=tb_splugin_ie
IE - HKU\S-1-5-21-2641306596-2459300260-627242885-1000\..\SearchScopes\{1F6A0FE4-A3A6-4ED2-A38A-880FD62229D3}: "URL" = http://search.conduit.com/ResultsExt.aspx?q={searchTerms}&SearchSource=4&ctid=CT2736476
IE - HKU\S-1-5-21-2641306596-2459300260-627242885-1000\..\SearchScopes\{440D4342-2F9B-49AC-B606-C92D3E2B8909}: "URL" = http://go.web.de/tb/ie_searchplugin/?su={searchTerms}
IE - HKU\S-1-5-21-2641306596-2459300260-627242885-1000\..\SearchScopes\{7029FD5F-6E57-4BC4-A857-F0940F80AA2C}: "URL" = http://go.1und1.de/tb/ie_searchplugin/?su={searchTerms}
IE - HKU\S-1-5-21-2641306596-2459300260-627242885-1000\..\SearchScopes\{8F85EA1C-E713-44BC-8A83-4D93684FD088}: "URL" = http://go.gmx.net/tb/ie_searchplugin/?su={searchTerms}
IE - HKU\S-1-5-21-2641306596-2459300260-627242885-1000\..\SearchScopes\{998F971A-21C4-46DF-A76A-3AB29AD904B9}: "URL" = http://websearch.ask.com/redirect?client=ie&tb=ORJ&o=100000027&src=kw&q={searchTerms}&locale=de_DE&apn_ptnrs=U3&apn_dtid=OSJ000YYDE&apn_uid=6AB7589A-0D67-413D-837D-5BD290C1B602&apn_sauid=BA27AF55-9101-45CD-AD02-0B1F4A72D086
O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - No CLSID value found.
O2 - BHO: (McAfee SiteAdvisor BHO) - {B164E929-A1B6-4A06-B104-2CD0E90A88FF} - c:\Program Files\McAfee\SiteAdvisor\McIEPlg.dll (McAfee, Inc.)
O2 - BHO: (GMX Toolbar BHO) - {BF42D4A8-016E-4fcd-B1EB-837659FD77C6} - C:\Program Files\GMX Toolbar\IE\uitb.dll (1und1 Mail und Media GmbH)
O3 - HKLM\..\Toolbar: (McAfee SiteAdvisor Toolbar) - {0EBBBE48-BAD4-4B4C-8E5A-516ABECAE064} - c:\Program Files\McAfee\SiteAdvisor\McIEPlg.dll (McAfee, Inc.)
O3 - HKLM\..\Toolbar: (GMX Toolbar) - {C424171E-592A-415a-9EB1-DFD6D95D3530} - C:\Program Files\GMX Toolbar\IE\uitb.dll (1und1 Mail und Media GmbH)
O3 - HKLM\..\Toolbar: (no name) - Locked - No CLSID value found.
O3 - HKU\S-1-5-21-2641306596-2459300260-627242885-1000\..\Toolbar\WebBrowser: (no name) - {21FA44EF-376D-4D53-9B0F-8A89D3229068} - No CLSID value found.
O3 - HKU\S-1-5-21-2641306596-2459300260-627242885-1000\..\Toolbar\WebBrowser: (no name) - {A51A36E6-31E7-4838-9FF7-76298B527EC0} - No CLSID value found.
O3 - HKU\S-1-5-21-2641306596-2459300260-627242885-1000\..\Toolbar\WebBrowser: (GMX Toolbar) - {C424171E-592A-415A-9EB1-DFD6D95D3530} - C:\Program Files\GMX Toolbar\IE\uitb.dll (1und1 Mail und Media GmbH)
O18 - Protocol\Handler\dssrequest {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\Program Files\McAfee\SiteAdvisor\McIEPlg.dll (McAfee, Inc.)
O18 - Protocol\Handler\gmx {8FAF0273-9CA8-4efc-9536-1E35E254D5CD} - C:\Program Files\GMX Toolbar\IE\uitb.dll (1und1 Mail und Media GmbH)
O18 - Protocol\Handler\sacore {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\Program Files\McAfee\SiteAdvisor\McIEPlg.dll (McAfee, Inc.)
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2009.06.10 23:42:20 | 000,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ]
O33 - MountPoints2\{134440cd-a0be-11e1-bc92-b8ac6f5d1e90}\Shell - "" = AutoRun
O33 - MountPoints2\{134440cd-a0be-11e1-bc92-b8ac6f5d1e90}\Shell\AutoRun\command - "" = E:\AutoRun.exe
O33 - MountPoints2\{1dee277b-4b07-11e0-999e-b8ac6f5d1e90}\Shell - "" = AutoRun
O33 - MountPoints2\{1dee277b-4b07-11e0-999e-b8ac6f5d1e90}\Shell\AutoRun\command - "" = E:\AutoRun.exe
O33 - MountPoints2\{38eeded0-92a4-11e1-bf64-b8ac6f5d1e90}\Shell - "" = AutoRun
O33 - MountPoints2\{38eeded0-92a4-11e1-bf64-b8ac6f5d1e90}\Shell\AutoRun\command - "" = E:\AutoRun.exe
O33 - MountPoints2\{5a51dd28-79fd-11e0-971f-001e101f79c9}\Shell - "" = AutoRun
O33 - MountPoints2\{5a51dd28-79fd-11e0-971f-001e101f79c9}\Shell\AutoRun\command - "" = F:\LGAutoRun.exe
O33 - MountPoints2\{6fce6508-7b0e-11df-bd2f-b8ac6f5d1e90}\Shell - "" = AutoRun
O33 - MountPoints2\{6fce6508-7b0e-11df-bd2f-b8ac6f5d1e90}\Shell\AutoRun\command - "" = E:\AutoRun.exe
O33 - MountPoints2\{6fce6519-7b0e-11df-bd2f-b8ac6f5d1e90}\Shell - "" = AutoRun
O33 - MountPoints2\{6fce6519-7b0e-11df-bd2f-b8ac6f5d1e90}\Shell\AutoRun\command - "" = G:\AutoRun.exe
O33 - MountPoints2\{af11dbe4-bb4a-11e0-b6fb-b8ac6f5d1e90}\Shell - "" = AutoRun
O33 - MountPoints2\{af11dbe4-bb4a-11e0-b6fb-b8ac6f5d1e90}\Shell\AutoRun\command - "" = E:\AutoRun.exe
O33 - MountPoints2\{bd35594b-91f3-11e1-b9c3-b8ac6f5d1e90}\Shell - "" = AutoRun
O33 - MountPoints2\{bd35594b-91f3-11e1-b9c3-b8ac6f5d1e90}\Shell\AutoRun\command - "" = E:\AutoRun.exe
O33 - MountPoints2\{bd355960-91f3-11e1-b9c3-b8ac6f5d1e90}\Shell - "" = AutoRun
O33 - MountPoints2\{bd355960-91f3-11e1-b9c3-b8ac6f5d1e90}\Shell\AutoRun\command - "" = E:\AutoRun.exe
O33 - MountPoints2\{e4dc09c2-bf2a-11e0-8fee-001e101f4da1}\Shell - "" = AutoRun
O33 - MountPoints2\{e4dc09c2-bf2a-11e0-8fee-001e101f4da1}\Shell\AutoRun\command - "" = E:\LaunchU3.exe -a
O33 - MountPoints2\E\Shell - "" = AutoRun
O33 - MountPoints2\E\Shell\AutoRun\command - "" = E:\LaunchU3.exe -a
:Files
C:\Users\Christian\AppData\LocalLow\Sun\Java\Deployment\cache
C:\Users\Christian\AppData\Local\Microsoft\Windows\2234
C:\Users\Christian\AppData\Local\{*
C:\Users\Christian\AppData\Roaming\hellomoto
C:\Program Files\GMX Toolbar
ipconfig /flushdns /c
:Commands
[purity]
[emptytemp]
[resethosts]
         
Klick dann oben links auf den Button Fix!
Das Logfile müsste geöffnet werden, wenn Du nach dem Fixen auf ok klickst, poste das bitte. Evtl. wird der Rechner neu gestartet.

Die mit diesem Script gefixten Einträge, Dateien und Ordner werden zur Sicherheit nicht vollständig gelöscht, es wird eine Sicherheitskopie auf der Systempartition im Ordner "_OTL" erstellt.

Hinweis: Das obige Script ist nur für diesen einen User in dieser Situtation erstellt worden. Es ist auf keinen anderen Rechner portierbar und darf nicht anderweitig verwandt werden, da es das System nachhaltig schädigen kann!
__________________
"Die Wahrheit ist normalerweise nur eine Entschuldigung für einen Mangel an Fantasie." (Elim Garak)

Das Trojaner-Board unterstützen
Warum Linux besser als Windows ist!

Alt 12.09.2012, 21:51   #13
bluth
 
BKA Trojaner Win7 - Standard

BKA Trojaner Win7



Das Logfile, welches nach dem Neustart erschien, beinhaltet dies:
Code:
ATTFilter
All processes killed
========== OTL ==========
Registry value HKEY_USERS\S-1-5-21-2641306596-2459300260-627242885-1000\Software\Microsoft\Internet Explorer\URLSearchHooks\\{0EBBBE48-BAD4-4B4C-8E5A-516ABECAE064} deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{0EBBBE48-BAD4-4B4C-8E5A-516ABECAE064}\ deleted successfully.
c:\Program Files\McAfee\SiteAdvisor\McIEPlg.dll moved successfully.
Registry value HKEY_USERS\S-1-5-21-2641306596-2459300260-627242885-1000\Software\Microsoft\Internet Explorer\URLSearchHooks\\{a51a36e6-31e7-4838-9ff7-76298b527ec0} deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{a51a36e6-31e7-4838-9ff7-76298b527ec0}\ not found.
HKEY_USERS\S-1-5-21-2641306596-2459300260-627242885-1000\Software\Microsoft\Internet Explorer\SearchScopes\\DefaultScope| /E : value set successfully!
Registry key HKEY_USERS\S-1-5-21-2641306596-2459300260-627242885-1000\Software\Microsoft\Internet Explorer\SearchScopes\{1B865875-B7E8-4C02-8049-B2BABF1AB289}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{1B865875-B7E8-4C02-8049-B2BABF1AB289}\ not found.
Registry key HKEY_USERS\S-1-5-21-2641306596-2459300260-627242885-1000\Software\Microsoft\Internet Explorer\SearchScopes\{1F6A0FE4-A3A6-4ED2-A38A-880FD62229D3}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{1F6A0FE4-A3A6-4ED2-A38A-880FD62229D3}\ not found.
Registry key HKEY_USERS\S-1-5-21-2641306596-2459300260-627242885-1000\Software\Microsoft\Internet Explorer\SearchScopes\{440D4342-2F9B-49AC-B606-C92D3E2B8909}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{440D4342-2F9B-49AC-B606-C92D3E2B8909}\ not found.
Registry key HKEY_USERS\S-1-5-21-2641306596-2459300260-627242885-1000\Software\Microsoft\Internet Explorer\SearchScopes\{7029FD5F-6E57-4BC4-A857-F0940F80AA2C}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{7029FD5F-6E57-4BC4-A857-F0940F80AA2C}\ not found.
Registry key HKEY_USERS\S-1-5-21-2641306596-2459300260-627242885-1000\Software\Microsoft\Internet Explorer\SearchScopes\{8F85EA1C-E713-44BC-8A83-4D93684FD088}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{8F85EA1C-E713-44BC-8A83-4D93684FD088}\ not found.
Registry key HKEY_USERS\S-1-5-21-2641306596-2459300260-627242885-1000\Software\Microsoft\Internet Explorer\SearchScopes\{998F971A-21C4-46DF-A76A-3AB29AD904B9}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{998F971A-21C4-46DF-A76A-3AB29AD904B9}\ not found.
Registry key HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{5C255C8A-E604-49b4-9D64-90988571CECB}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{5C255C8A-E604-49b4-9D64-90988571CECB}\ not found.
Registry key HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{B164E929-A1B6-4A06-B104-2CD0E90A88FF}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{B164E929-A1B6-4A06-B104-2CD0E90A88FF}\ deleted successfully.
File c:\Program Files\McAfee\SiteAdvisor\McIEPlg.dll not found.
Registry key HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{BF42D4A8-016E-4fcd-B1EB-837659FD77C6}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{BF42D4A8-016E-4fcd-B1EB-837659FD77C6}\ deleted successfully.
C:\Program Files\GMX Toolbar\IE\uitb.dll moved successfully.
Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Toolbar\\{0EBBBE48-BAD4-4B4C-8E5A-516ABECAE064} deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{0EBBBE48-BAD4-4B4C-8E5A-516ABECAE064}\ not found.
File c:\Program Files\McAfee\SiteAdvisor\McIEPlg.dll not found.
Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Toolbar\\{C424171E-592A-415a-9EB1-DFD6D95D3530} deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{C424171E-592A-415a-9EB1-DFD6D95D3530}\ deleted successfully.
File C:\Program Files\GMX Toolbar\IE\uitb.dll not found.
Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Toolbar\\Locked deleted successfully.
Registry value HKEY_USERS\S-1-5-21-2641306596-2459300260-627242885-1000\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\\{21FA44EF-376D-4D53-9B0F-8A89D3229068} deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{21FA44EF-376D-4D53-9B0F-8A89D3229068}\ not found.
Registry value HKEY_USERS\S-1-5-21-2641306596-2459300260-627242885-1000\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\\{A51A36E6-31E7-4838-9FF7-76298B527EC0} deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{A51A36E6-31E7-4838-9FF7-76298B527EC0}\ not found.
Registry value HKEY_USERS\S-1-5-21-2641306596-2459300260-627242885-1000\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\\{C424171E-592A-415A-9EB1-DFD6D95D3530} deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{C424171E-592A-415A-9EB1-DFD6D95D3530}\ not found.
File C:\Program Files\GMX Toolbar\IE\uitb.dll not found.
File c:\Program Files\McAfee\SiteAdvisor\McIEPlg.dll not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\PROTOCOLS\Handler\dssrequest\ deleted successfully.
File c:\Program Files\McAfee\SiteAdvisor\McIEPlg.dll not found.
File C:\Program Files\GMX Toolbar\IE\uitb.dll not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\PROTOCOLS\Handler\gmx\ deleted successfully.
File C:\Program Files\GMX Toolbar\IE\uitb.dll not found.
File c:\Program Files\McAfee\SiteAdvisor\McIEPlg.dll not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\PROTOCOLS\Handler\sacore\ deleted successfully.
File c:\Program Files\McAfee\SiteAdvisor\McIEPlg.dll not found.
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Cdrom\\AutoRun|DWORD:1 /E : value set successfully!
C:\autoexec.bat moved successfully.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{134440cd-a0be-11e1-bc92-b8ac6f5d1e90}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{134440cd-a0be-11e1-bc92-b8ac6f5d1e90}\ not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{134440cd-a0be-11e1-bc92-b8ac6f5d1e90}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{134440cd-a0be-11e1-bc92-b8ac6f5d1e90}\ not found.
File E:\AutoRun.exe not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{1dee277b-4b07-11e0-999e-b8ac6f5d1e90}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{1dee277b-4b07-11e0-999e-b8ac6f5d1e90}\ not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{1dee277b-4b07-11e0-999e-b8ac6f5d1e90}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{1dee277b-4b07-11e0-999e-b8ac6f5d1e90}\ not found.
File E:\AutoRun.exe not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{38eeded0-92a4-11e1-bf64-b8ac6f5d1e90}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{38eeded0-92a4-11e1-bf64-b8ac6f5d1e90}\ not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{38eeded0-92a4-11e1-bf64-b8ac6f5d1e90}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{38eeded0-92a4-11e1-bf64-b8ac6f5d1e90}\ not found.
File E:\AutoRun.exe not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{5a51dd28-79fd-11e0-971f-001e101f79c9}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{5a51dd28-79fd-11e0-971f-001e101f79c9}\ not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{5a51dd28-79fd-11e0-971f-001e101f79c9}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{5a51dd28-79fd-11e0-971f-001e101f79c9}\ not found.
File F:\LGAutoRun.exe not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{6fce6508-7b0e-11df-bd2f-b8ac6f5d1e90}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{6fce6508-7b0e-11df-bd2f-b8ac6f5d1e90}\ not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{6fce6508-7b0e-11df-bd2f-b8ac6f5d1e90}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{6fce6508-7b0e-11df-bd2f-b8ac6f5d1e90}\ not found.
File E:\AutoRun.exe not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{6fce6519-7b0e-11df-bd2f-b8ac6f5d1e90}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{6fce6519-7b0e-11df-bd2f-b8ac6f5d1e90}\ not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{6fce6519-7b0e-11df-bd2f-b8ac6f5d1e90}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{6fce6519-7b0e-11df-bd2f-b8ac6f5d1e90}\ not found.
File G:\AutoRun.exe not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{af11dbe4-bb4a-11e0-b6fb-b8ac6f5d1e90}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{af11dbe4-bb4a-11e0-b6fb-b8ac6f5d1e90}\ not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{af11dbe4-bb4a-11e0-b6fb-b8ac6f5d1e90}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{af11dbe4-bb4a-11e0-b6fb-b8ac6f5d1e90}\ not found.
File E:\AutoRun.exe not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{bd35594b-91f3-11e1-b9c3-b8ac6f5d1e90}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{bd35594b-91f3-11e1-b9c3-b8ac6f5d1e90}\ not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{bd35594b-91f3-11e1-b9c3-b8ac6f5d1e90}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{bd35594b-91f3-11e1-b9c3-b8ac6f5d1e90}\ not found.
File E:\AutoRun.exe not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{bd355960-91f3-11e1-b9c3-b8ac6f5d1e90}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{bd355960-91f3-11e1-b9c3-b8ac6f5d1e90}\ not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{bd355960-91f3-11e1-b9c3-b8ac6f5d1e90}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{bd355960-91f3-11e1-b9c3-b8ac6f5d1e90}\ not found.
File E:\AutoRun.exe not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{e4dc09c2-bf2a-11e0-8fee-001e101f4da1}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{e4dc09c2-bf2a-11e0-8fee-001e101f4da1}\ not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{e4dc09c2-bf2a-11e0-8fee-001e101f4da1}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{e4dc09c2-bf2a-11e0-8fee-001e101f4da1}\ not found.
File E:\LaunchU3.exe -a not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\E\ deleted successfully.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\E\ not found.
File E:\LaunchU3.exe -a not found.
========== FILES ==========
C:\Users\Christian\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\tmp folder moved successfully.
C:\Users\Christian\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\muffin folder moved successfully.
C:\Users\Christian\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\host folder moved successfully.
C:\Users\Christian\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\9 folder moved successfully.
C:\Users\Christian\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\8 folder moved successfully.
C:\Users\Christian\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\7 folder moved successfully.
C:\Users\Christian\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\63 folder moved successfully.
C:\Users\Christian\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\62 folder moved successfully.
C:\Users\Christian\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\61 folder moved successfully.
C:\Users\Christian\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\60 folder moved successfully.
C:\Users\Christian\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\6 folder moved successfully.
C:\Users\Christian\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\59 folder moved successfully.
C:\Users\Christian\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\58 folder moved successfully.
C:\Users\Christian\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\57 folder moved successfully.
C:\Users\Christian\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\56 folder moved successfully.
C:\Users\Christian\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\55 folder moved successfully.
C:\Users\Christian\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\54 folder moved successfully.
C:\Users\Christian\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\53 folder moved successfully.
C:\Users\Christian\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\52 folder moved successfully.
C:\Users\Christian\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\51 folder moved successfully.
C:\Users\Christian\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\50\5535ab32-6877c905-n folder moved successfully.
C:\Users\Christian\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\50 folder moved successfully.
C:\Users\Christian\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\5 folder moved successfully.
C:\Users\Christian\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\49 folder moved successfully.
C:\Users\Christian\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\48 folder moved successfully.
C:\Users\Christian\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\47 folder moved successfully.
C:\Users\Christian\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\46\f84c6ae-456ed2bf-n folder moved successfully.
C:\Users\Christian\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\46 folder moved successfully.
C:\Users\Christian\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\45 folder moved successfully.
C:\Users\Christian\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\44 folder moved successfully.
C:\Users\Christian\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\43 folder moved successfully.
C:\Users\Christian\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\42 folder moved successfully.
C:\Users\Christian\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\41 folder moved successfully.
C:\Users\Christian\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\40 folder moved successfully.
C:\Users\Christian\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\4 folder moved successfully.
C:\Users\Christian\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\39 folder moved successfully.
C:\Users\Christian\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\38 folder moved successfully.
C:\Users\Christian\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\37 folder moved successfully.
C:\Users\Christian\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\36 folder moved successfully.
C:\Users\Christian\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\35 folder moved successfully.
C:\Users\Christian\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\34 folder moved successfully.
C:\Users\Christian\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\33 folder moved successfully.
C:\Users\Christian\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\32 folder moved successfully.
C:\Users\Christian\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\31 folder moved successfully.
C:\Users\Christian\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\30 folder moved successfully.
C:\Users\Christian\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\3 folder moved successfully.
C:\Users\Christian\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\29 folder moved successfully.
C:\Users\Christian\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\28 folder moved successfully.
C:\Users\Christian\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\27 folder moved successfully.
C:\Users\Christian\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\26 folder moved successfully.
C:\Users\Christian\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\25 folder moved successfully.
C:\Users\Christian\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\24 folder moved successfully.
C:\Users\Christian\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\23 folder moved successfully.
C:\Users\Christian\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\22 folder moved successfully.
C:\Users\Christian\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\21 folder moved successfully.
C:\Users\Christian\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\20 folder moved successfully.
C:\Users\Christian\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\2 folder moved successfully.
C:\Users\Christian\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\19 folder moved successfully.
C:\Users\Christian\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\18 folder moved successfully.
C:\Users\Christian\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\17 folder moved successfully.
C:\Users\Christian\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\16 folder moved successfully.
C:\Users\Christian\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\15 folder moved successfully.
C:\Users\Christian\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\14 folder moved successfully.
C:\Users\Christian\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\13 folder moved successfully.
C:\Users\Christian\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\12 folder moved successfully.
C:\Users\Christian\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\11 folder moved successfully.
C:\Users\Christian\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\10 folder moved successfully.
C:\Users\Christian\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\1 folder moved successfully.
C:\Users\Christian\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\0 folder moved successfully.
C:\Users\Christian\AppData\LocalLow\Sun\Java\Deployment\cache\6.0 folder moved successfully.
C:\Users\Christian\AppData\LocalLow\Sun\Java\Deployment\cache folder moved successfully.
C:\Users\Christian\AppData\Local\Microsoft\Windows\2234 folder moved successfully.
C:\Users\Christian\AppData\Local\{50A48D02-A206-4567-B704-788298320F6B} moved successfully.
C:\Users\Christian\AppData\Local\{79E2CA01-03BC-42FA-A9EA-24CB12FD8775} moved successfully.
C:\Users\Christian\AppData\Local\{D099D9E4-1A12-4731-94E2-C6BAC5133851} moved successfully.
C:\Users\Christian\AppData\Roaming\hellomoto folder moved successfully.
C:\Program Files\GMX Toolbar\IE\Resources folder moved successfully.
C:\Program Files\GMX Toolbar\IE folder moved successfully.
C:\Program Files\GMX Toolbar folder moved successfully.
< ipconfig /flushdns /c >
Windows-IP-Konfiguration
Der DNS-Aufl”sungscache wurde geleert.
C:\Users\Christian\Desktop\cmd.bat deleted successfully.
C:\Users\Christian\Desktop\cmd.txt deleted successfully.
========== COMMANDS ==========
 
[EMPTYTEMP]
 
User: All Users
 
User: Christian
->Temp folder emptied: 5563694 bytes
->Temporary Internet Files folder emptied: 2986076 bytes
->FireFox cache emptied: 31015823 bytes
->Flash cache emptied: 939 bytes
 
User: Default
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 33170 bytes
 
User: Default User
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
 
User: Public
 
%systemdrive% .tmp files removed: 0 bytes
%systemroot% .tmp files removed: 0 bytes
%systemroot%\System32 .tmp files removed: 0 bytes
%systemroot%\System32\drivers .tmp files removed: 0 bytes
Windows Temp folder emptied: 525747 bytes
RecycleBin emptied: 192008406 bytes
 
Total Files Cleaned = 221,00 mb
 
C:\Windows\System32\drivers\etc\Hosts moved successfully.
HOSTS file reset successfully
 
OTL by OldTimer - Version 3.2.61.3 log created on 09122012_224650

Files\Folders moved on Reboot...

PendingFileRenameOperations files...

Registry entries deleted on Reboot...
         
Darf ich mich jetzt eigentlich mal trauen, das Netzwerkkabel im normalen Modus wieder anzustecken?

Dankeschön und Gruß

Alt 13.09.2012, 15:28   #14
cosinus
/// Winkelfunktion
/// TB-Süch-Tiger™
 
BKA Trojaner Win7 - Standard

BKA Trojaner Win7



Ja musst du jetzt ja sogar

Bitte nun (im normalen Windows-Modus) dieses Tool von Kaspersky (TDSS-Killer) ausführen und das Log posten Anleitung und Downloadlink hier => http://www.trojaner-board.de/82358-t...entfernen.html

Hinweis: Bitte den Virenscanner abstellen bevor du den TDSS-Killer ausführst, denn v.a. Avira meldet im TDSS-Tool oft einen Fehalalrm!

Das Tool so einstellen wie unten im Bild angegeben - klick auf change parameters und setze die Haken wie im folgenden Screenshot abgebildet,
Dann auf Start Scan klicken und wenn es durch ist auf den Button Report klicken um das Log anzuzeigen. Dieses bitte komplett posten.

Wenn du das Log nicht findest oder den Inhalt kopieren und in dein Posting übertragen kannst, dann schau bitte direkt auf deiner Windows-Systempartition ( meistens Laufwerk C: ) nach, da speichert der TDSS-Killer seine Logs.

Hinweis: Bitte nichts voreilig mit dem TDSS-Killer löschen! Falls Objekte vom TDSS-Killer bemängelt werden, alle mit der Aktion "skip" behandeln und hier nur das Log posten!

__________________
"Die Wahrheit ist normalerweise nur eine Entschuldigung für einen Mangel an Fantasie." (Elim Garak)

Das Trojaner-Board unterstützen
Warum Linux besser als Windows ist!

Alt 13.09.2012, 15:59   #15
bluth
 
BKA Trojaner Win7 - Standard

BKA Trojaner Win7



Done.

Hier das Log:
Code:
ATTFilter
16:54:45.0563 4504  TDSS rootkit removing tool 2.8.8.0 Aug 24 2012 13:27:48
16:54:45.0922 4504  ============================================================
16:54:45.0922 4504  Current date / time: 2012/09/13 16:54:45.0922
16:54:45.0922 4504  SystemInfo:
16:54:45.0922 4504  
16:54:45.0922 4504  OS Version: 6.1.7601 ServicePack: 1.0
16:54:45.0922 4504  Product type: Workstation
16:54:45.0922 4504  ComputerName: CHRISTIAN-PC
16:54:45.0922 4504  UserName: Christian
16:54:45.0922 4504  Windows directory: C:\Windows
16:54:45.0922 4504  System windows directory: C:\Windows
16:54:45.0922 4504  Processor architecture: Intel x86
16:54:45.0922 4504  Number of processors: 1
16:54:45.0922 4504  Page size: 0x1000
16:54:45.0922 4504  Boot type: Normal boot
16:54:45.0922 4504  ============================================================
16:54:47.0716 4504  Drive \Device\Harddisk0\DR0 - Size: 0x25433D6000 (149.05 Gb), SectorSize: 0x200, Cylinders: 0x4C01, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000050
16:54:47.0716 4504  Drive \Device\Harddisk1\DR1 - Size: 0xF5000000 (3.83 Gb), SectorSize: 0x200, Cylinders: 0x1F3, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'W'
16:54:47.0716 4504  ============================================================
16:54:47.0716 4504  \Device\Harddisk0\DR0:
16:54:47.0716 4504  MBR partitions:
16:54:47.0716 4504  \Device\Harddisk0\DR0\Partition1: MBR, Type 0x7, StartLBA 0x139C5, BlocksNum 0x1D4C000
16:54:47.0716 4504  \Device\Harddisk0\DR0\Partition2: MBR, Type 0x7, StartLBA 0x1D5F9C5, BlocksNum 0x10CB9CEB
16:54:47.0716 4504  \Device\Harddisk1\DR1:
16:54:47.0716 4504  MBR partitions:
16:54:47.0716 4504  \Device\Harddisk1\DR1\Partition1: MBR, Type 0xC, StartLBA 0x30, BlocksNum 0x7A7FD0
16:54:47.0716 4504  ============================================================
16:54:47.0763 4504  C: <-> \Device\Harddisk0\DR0\Partition2
16:54:47.0763 4504  ============================================================
16:54:47.0763 4504  Initialize success
16:54:47.0763 4504  ============================================================
16:55:15.0562 5316  ============================================================
16:55:15.0562 5316  Scan started
16:55:15.0562 5316  Mode: Manual; SigCheck; TDLFS; 
16:55:15.0562 5316  ============================================================
16:55:18.0323 5316  ================ Scan system memory ========================
16:55:18.0323 5316  System memory - ok
16:55:18.0323 5316  ================ Scan services =============================
16:55:18.0510 5316  [ 1B133875B8AA8AC48969BD3458AFE9F5 ] 1394ohci        C:\Windows\system32\drivers\1394ohci.sys
16:55:18.0619 5316  1394ohci - ok
16:55:18.0666 5316  [ CEA80C80BED809AA0DA6FEBC04733349 ] ACPI            C:\Windows\system32\drivers\ACPI.sys
16:55:18.0697 5316  ACPI - ok
16:55:18.0775 5316  [ 1EFBC664ABFF416D1D07DB115DCB264F ] AcpiPmi         C:\Windows\system32\drivers\acpipmi.sys
16:55:18.0822 5316  AcpiPmi - ok
16:55:18.0931 5316  [ B2B64AF436FACCFA854DD397027C5360 ] AdobeFlashPlayerUpdateSvc C:\Windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe
16:55:18.0947 5316  AdobeFlashPlayerUpdateSvc - ok
16:55:19.0009 5316  [ 21E785EBD7DC90A06391141AAC7892FB ] adp94xx         C:\Windows\system32\DRIVERS\adp94xx.sys
16:55:19.0041 5316  adp94xx - ok
16:55:19.0072 5316  [ 0C676BC278D5B59FF5ABD57BBE9123F2 ] adpahci         C:\Windows\system32\DRIVERS\adpahci.sys
16:55:19.0087 5316  adpahci - ok
16:55:19.0119 5316  [ 7C7B5EE4B7B822EC85321FE23A27DB33 ] adpu320         C:\Windows\system32\DRIVERS\adpu320.sys
16:55:19.0134 5316  adpu320 - ok
16:55:19.0181 5316  [ 8B5EEFEEC1E6D1A72A06C526628AD161 ] AeLookupSvc     C:\Windows\System32\aelupsvc.dll
16:55:19.0228 5316  AeLookupSvc - ok
16:55:19.0306 5316  [ 9EBBBA55060F786F0FCAA3893BFA2806 ] AFD             C:\Windows\system32\drivers\afd.sys
16:55:19.0353 5316  AFD - ok
16:55:19.0399 5316  [ 507812C3054C21CEF746B6EE3D04DD6E ] agp440          C:\Windows\system32\drivers\agp440.sys
16:55:19.0415 5316  agp440 - ok
16:55:19.0446 5316  [ 8B30250D573A8F6B4BD23195160D8707 ] aic78xx         C:\Windows\system32\DRIVERS\djsvs.sys
16:55:19.0462 5316  aic78xx - ok
16:55:19.0493 5316  [ 18A54E132947CD98FEA9ACCC57F98F13 ] ALG             C:\Windows\System32\alg.exe
16:55:19.0540 5316  ALG - ok
16:55:19.0555 5316  [ 0D40BCF52EA90FC7DF2AEAB6503DEA44 ] aliide          C:\Windows\system32\drivers\aliide.sys
16:55:19.0571 5316  aliide - ok
16:55:19.0602 5316  [ 3C6600A0696E90A463771C7422E23AB5 ] amdagp          C:\Windows\system32\drivers\amdagp.sys
16:55:19.0618 5316  amdagp - ok
16:55:19.0633 5316  [ CD5914170297126B6266860198D1D4F0 ] amdide          C:\Windows\system32\drivers\amdide.sys
16:55:19.0633 5316  amdide - ok
16:55:19.0665 5316  [ 00DDA200D71BAC534BF56A9DB5DFD666 ] AmdK8           C:\Windows\system32\DRIVERS\amdk8.sys
16:55:19.0711 5316  AmdK8 - ok
16:55:19.0758 5316  [ 3CBF30F5370FDA40DD3E87DF38EA53B6 ] AmdPPM          C:\Windows\system32\DRIVERS\amdppm.sys
16:55:19.0852 5316  AmdPPM - ok
16:55:19.0883 5316  [ D320BF87125326F996D4904FE24300FC ] amdsata         C:\Windows\system32\drivers\amdsata.sys
16:55:19.0899 5316  amdsata - ok
16:55:19.0930 5316  [ EA43AF0C423FF267355F74E7A53BDABA ] amdsbs          C:\Windows\system32\DRIVERS\amdsbs.sys
16:55:19.0945 5316  amdsbs - ok
16:55:19.0961 5316  [ 46387FB17B086D16DEA267D5BE23A2F2 ] amdxata         C:\Windows\system32\drivers\amdxata.sys
16:55:19.0977 5316  amdxata - ok
16:55:20.0023 5316  [ D7723A101C5CB4C0FA979E4DDA732EC0 ] ApfiltrService  C:\Windows\system32\DRIVERS\Apfiltr.sys
16:55:20.0382 5316  ApfiltrService - ok
16:55:20.0429 5316  [ AEA177F783E20150ACE5383EE368DA19 ] AppID           C:\Windows\system32\drivers\appid.sys
16:55:20.0476 5316  AppID - ok
16:55:20.0507 5316  [ 62A9C86CB6085E20DB4823E4E97826F5 ] AppIDSvc        C:\Windows\System32\appidsvc.dll
16:55:20.0585 5316  AppIDSvc - ok
16:55:20.0647 5316  [ FB1959012294D6AD43E5304DF65E3C26 ] Appinfo         C:\Windows\System32\appinfo.dll
16:55:20.0694 5316  Appinfo - ok
16:55:20.0866 5316  [ 3DEBBECF665DCDDE3A95D9B902010817 ] Apple Mobile Device C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
16:55:20.0881 5316  Apple Mobile Device - ok
16:55:20.0944 5316  [ 2932004F49677BD84DBC72EDB754FFB3 ] arc             C:\Windows\system32\DRIVERS\arc.sys
16:55:20.0959 5316  arc - ok
16:55:20.0975 5316  [ 5D6F36C46FD283AE1B57BD2E9FEB0BC7 ] arcsas          C:\Windows\system32\DRIVERS\arcsas.sys
16:55:20.0991 5316  arcsas - ok
16:55:21.0037 5316  [ CBA53C5E29AE0A0CE76F9A2BE3A40D9E ] aswFsBlk        C:\Windows\system32\drivers\aswFsBlk.sys
16:55:21.0037 5316  aswFsBlk - ok
16:55:21.0100 5316  [ 317F85FB68A3BE507E9CCEDE5E6D9EE0 ] aswMonFlt       C:\Windows\system32\drivers\aswMonFlt.sys
16:55:21.0100 5316  aswMonFlt - ok
16:55:21.0115 5316  [ B6E8C5874377A42756C282FAC2E20836 ] aswRdr          C:\Windows\system32\drivers\aswRdr.sys
16:55:21.0131 5316  aswRdr - ok
16:55:21.0147 5316  [ B93A553C9B0F14263C8F016A44C3258C ] aswSP           C:\Windows\system32\drivers\aswSP.sys
16:55:21.0162 5316  aswSP - ok
16:55:21.0193 5316  [ 1408421505257846EB336FEEEF33352D ] aswTdi          C:\Windows\system32\drivers\aswTdi.sys
16:55:21.0193 5316  aswTdi - ok
16:55:21.0209 5316  [ ADD2ADE1C2B285AB8378D2DAAF991481 ] AsyncMac        C:\Windows\system32\DRIVERS\asyncmac.sys
16:55:21.0271 5316  AsyncMac - ok
16:55:21.0318 5316  [ 338C86357871C167A96AB976519BF59E ] atapi           C:\Windows\system32\drivers\atapi.sys
16:55:21.0318 5316  atapi - ok
16:55:21.0381 5316  [ CE3B4E731638D2EF62FCB419BE0D39F0 ] AudioEndpointBuilder C:\Windows\System32\Audiosrv.dll
16:55:21.0427 5316  AudioEndpointBuilder - ok
16:55:21.0459 5316  [ CE3B4E731638D2EF62FCB419BE0D39F0 ] Audiosrv        C:\Windows\System32\Audiosrv.dll
16:55:21.0490 5316  Audiosrv - ok
16:55:21.0552 5316  [ 25FB74EABCE5EC7836BA3CFB3C58449A ] avast! Antivirus C:\Program Files\Alwil Software\Avast5\AvastSvc.exe
16:55:21.0568 5316  avast! Antivirus - ok
16:55:21.0615 5316  [ 6E30D02AAC9CAC84F421622E3A2F6178 ] AxInstSV        C:\Windows\System32\AxInstSV.dll
16:55:21.0646 5316  AxInstSV - ok
16:55:21.0771 5316  [ 1A231ABEC60FD316EC54C66715543CEC ] b06bdrv         C:\Windows\system32\DRIVERS\bxvbdx.sys
16:55:21.0802 5316  b06bdrv - ok
16:55:21.0833 5316  [ BD8869EB9CDE6BBE4508D869929869EE ] b57nd60x        C:\Windows\system32\DRIVERS\b57nd60x.sys
16:55:21.0864 5316  b57nd60x - ok
16:55:21.0973 5316  [ 01A24B415926BB5F772DBE12459D97DE ] BBSvc           C:\Program Files\Microsoft\BingBar\BBSvc.EXE
16:55:21.0989 5316  BBSvc - ok
16:55:22.0036 5316  [ 785DE7ABDA13309D6065305542829E76 ] BBUpdate        C:\Program Files\Microsoft\BingBar\SeaPort.EXE
16:55:22.0067 5316  BBUpdate - ok
16:55:22.0098 5316  [ EB4434444E2721D721A8AC8D5D2AD26B ] BCM42RLY        C:\Windows\system32\drivers\BCM42RLY.sys
16:55:22.0114 5316  BCM42RLY - ok
16:55:22.0239 5316  [ 919832D1A7D067119CD5EE29BA76327A ] BCM43XX         C:\Windows\system32\DRIVERS\bcmwl6.sys
16:55:22.0285 5316  BCM43XX - ok
16:55:22.0473 5316  [ EE1E9C3BB8228AE423DD38DB69128E71 ] BDESVC          C:\Windows\System32\bdesvc.dll
16:55:22.0519 5316  BDESVC - ok
16:55:22.0551 5316  [ 505506526A9D467307B3C393DEDAF858 ] Beep            C:\Windows\system32\drivers\Beep.sys
16:55:22.0597 5316  Beep - ok
16:55:22.0691 5316  [ 1E2BAC209D184BB851E1A187D8A29136 ] BFE             C:\Windows\System32\bfe.dll
16:55:22.0769 5316  BFE - ok
16:55:22.0831 5316  [ E585445D5021971FAE10393F0F1C3961 ] BITS            C:\Windows\System32\qmgr.dll
16:55:22.0972 5316  BITS - ok
16:55:23.0065 5316  [ 2287078ED48FCFC477B05B20CF38F36F ] blbdrive        C:\Windows\system32\DRIVERS\blbdrive.sys
16:55:23.0159 5316  blbdrive - ok
16:55:23.0253 5316  [ 70CD6D71FC48BBBD1385D7B35AEADECC ] BMLoad          C:\Windows\system32\drivers\BMLoad.sys
16:55:23.0346 5316  BMLoad ( UnsignedFile.Multi.Generic ) - warning
16:55:23.0346 5316  BMLoad - detected UnsignedFile.Multi.Generic (1)
16:55:23.0471 5316  [ DB5BEA73EDAF19AC68B2C0FAD0F92B1A ] Bonjour Service C:\Program Files\Bonjour\mDNSResponder.exe
16:55:23.0487 5316  Bonjour Service - ok
16:55:23.0518 5316  [ 8F2DA3028D5FCBD1A060A3DE64CD6506 ] bowser          C:\Windows\system32\DRIVERS\bowser.sys
16:55:23.0580 5316  bowser - ok
16:55:23.0627 5316  [ 9F9ACC7F7CCDE8A15C282D3F88B43309 ] BrFiltLo        C:\Windows\system32\DRIVERS\BrFiltLo.sys
16:55:23.0689 5316  BrFiltLo - ok
16:55:23.0799 5316  [ 56801AD62213A41F6497F96DEE83755A ] BrFiltUp        C:\Windows\system32\DRIVERS\BrFiltUp.sys
16:55:23.0861 5316  BrFiltUp - ok
16:55:23.0970 5316  [ 3DAA727B5B0A45039B0E1C9A211B8400 ] Browser         C:\Windows\System32\browser.dll
16:55:24.0001 5316  Browser - ok
16:55:24.0079 5316  [ 845B8CE732E67F3B4133164868C666EA ] Brserid         C:\Windows\System32\Drivers\Brserid.sys
16:55:24.0111 5316  Brserid - ok
16:55:24.0157 5316  [ 203F0B1E73ADADBBB7B7B1FABD901F6B ] BrSerWdm        C:\Windows\System32\Drivers\BrSerWdm.sys
16:55:24.0173 5316  BrSerWdm - ok
16:55:24.0204 5316  [ BD456606156BA17E60A04E18016AE54B ] BrUsbMdm        C:\Windows\System32\Drivers\BrUsbMdm.sys
16:55:24.0313 5316  BrUsbMdm - ok
16:55:24.0345 5316  [ AF72ED54503F717A43268B3CC5FAEC2E ] BrUsbSer        C:\Windows\System32\Drivers\BrUsbSer.sys
16:55:24.0407 5316  BrUsbSer - ok
16:55:24.0532 5316  [ 2865A5C8E98C70C605F417908CEBB3A4 ] BthEnum         C:\Windows\system32\drivers\BthEnum.sys
16:55:24.0672 5316  BthEnum - ok
16:55:24.0719 5316  [ ED3DF7C56CE0084EB2034432FC56565A ] BTHMODEM        C:\Windows\system32\DRIVERS\bthmodem.sys
16:55:24.0781 5316  BTHMODEM - ok
16:55:24.0828 5316  [ AD1872E5829E8A2C3B5B4B641C3EAB0E ] BthPan          C:\Windows\system32\DRIVERS\bthpan.sys
16:55:24.0859 5316  BthPan - ok
16:55:24.0906 5316  [ 1153DE2E4F5941E10C399CB5592F78A1 ] BTHPORT         C:\Windows\System32\Drivers\BTHport.sys
16:55:24.0953 5316  BTHPORT - ok
16:55:24.0984 5316  [ 1DF19C96EEF6C29D1C3E1A8678E07190 ] bthserv         C:\Windows\system32\bthserv.dll
16:55:25.0031 5316  bthserv - ok
16:55:25.0062 5316  [ C81E9413A25A439F436B1D4B6A0CF9E9 ] BTHUSB          C:\Windows\System32\Drivers\BTHUSB.sys
16:55:25.0109 5316  BTHUSB - ok
16:55:25.0156 5316  [ 77EA11B065E0A8AB902D78145CA51E10 ] cdfs            C:\Windows\system32\DRIVERS\cdfs.sys
16:55:25.0203 5316  cdfs - ok
16:55:25.0265 5316  [ BE167ED0FDB9C1FA1133953C18D5A6C9 ] cdrom           C:\Windows\system32\DRIVERS\cdrom.sys
16:55:25.0296 5316  cdrom - ok
16:55:25.0359 5316  [ 319C6B309773D063541D01DF8AC6F55F ] CertPropSvc     C:\Windows\System32\certprop.dll
16:55:25.0405 5316  CertPropSvc - ok
16:55:25.0437 5316  [ 3FE3FE94A34DF6FB06E6418D0F6A0060 ] circlass        C:\Windows\system32\DRIVERS\circlass.sys
16:55:25.0452 5316  circlass - ok
16:55:25.0499 5316  [ 635181E0E9BBF16871BF5380D71DB02D ] CLFS            C:\Windows\system32\CLFS.sys
16:55:25.0515 5316  CLFS - ok
16:55:25.0593 5316  [ D88040F816FDA31C3B466F0FA0918F29 ] clr_optimization_v2.0.50727_32 C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe
16:55:25.0624 5316  clr_optimization_v2.0.50727_32 - ok
16:55:25.0764 5316  [ C5A75EB48E2344ABDC162BDA79E16841 ] clr_optimization_v4.0.30319_32 C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe
16:55:25.0811 5316  clr_optimization_v4.0.30319_32 - ok
16:55:25.0827 5316  [ DEA805815E587DAD1DD2C502220B5616 ] CmBatt          C:\Windows\system32\DRIVERS\CmBatt.sys
16:55:25.0842 5316  CmBatt - ok
16:55:25.0873 5316  [ C537B1DB64D495B9B4717B4D6D9EDBF2 ] cmdide          C:\Windows\system32\drivers\cmdide.sys
16:55:25.0889 5316  cmdide - ok
16:55:25.0936 5316  [ 247B4CE2DAB1160CD422D532D5241E1F ] CNG             C:\Windows\system32\Drivers\cng.sys
16:55:25.0967 5316  CNG - ok
16:55:26.0014 5316  [ 053F7C2624D5B0FF60F1F372C4AC2FE7 ] CnxtHdAudService C:\Windows\system32\drivers\CHDRT32.sys
16:55:26.0045 5316  CnxtHdAudService - ok
16:55:26.0076 5316  [ A6023D3823C37043986713F118A89BEE ] Compbatt        C:\Windows\system32\DRIVERS\compbatt.sys
16:55:26.0092 5316  Compbatt - ok
16:55:26.0139 5316  [ CBE8C58A8579CFE5FCCF809E6F114E89 ] CompositeBus    C:\Windows\system32\drivers\CompositeBus.sys
16:55:26.0185 5316  CompositeBus - ok
16:55:26.0201 5316  COMSysApp - ok
16:55:26.0232 5316  [ 2C4EBCFC84A9B44F209DFF6C6E6C61D1 ] crcdisk         C:\Windows\system32\DRIVERS\crcdisk.sys
16:55:26.0248 5316  crcdisk - ok
16:55:26.0295 5316  [ 06E771AA596B8761107AB57E99F128D7 ] CryptSvc        C:\Windows\system32\cryptsvc.dll
16:55:26.0326 5316  CryptSvc - ok
16:55:26.0388 5316  [ 0F538DF1673E5216F3BAACB6911D9D0F ] CtAudDrv        C:\Windows\system32\Drivers\CtAudDrv.sys
16:55:26.0419 5316  CtAudDrv - ok
16:55:26.0466 5316  [ 9A6CA307151505730DBFC91D97F01C7E ] CtClsFlt        C:\Windows\system32\DRIVERS\CtClsFlt.sys
16:55:26.0497 5316  CtClsFlt - ok
16:55:26.0544 5316  [ 7660F01D3B38ACA1747E397D21D790AF ] DcomLaunch      C:\Windows\system32\rpcss.dll
16:55:26.0591 5316  DcomLaunch - ok
16:55:26.0638 5316  [ 8D6E10A2D9A5EED59562D9B82CF804E1 ] defragsvc       C:\Windows\System32\defragsvc.dll
16:55:26.0685 5316  defragsvc - ok
16:55:26.0763 5316  [ F024449C97EC1E464AAFFDA18593DB88 ] DfsC            C:\Windows\system32\Drivers\dfsc.sys
16:55:26.0809 5316  DfsC - ok
16:55:26.0872 5316  [ E9E01EB683C132F7FA27CD607B8A2B63 ] Dhcp            C:\Windows\system32\dhcpcore.dll
16:55:26.0903 5316  Dhcp - ok
16:55:26.0919 5316  [ 1A050B0274BFB3890703D490F330C0DA ] discache        C:\Windows\system32\drivers\discache.sys
16:55:26.0965 5316  discache - ok
16:55:27.0012 5316  [ 565003F326F99802E68CA78F2A68E9FF ] Disk            C:\Windows\system32\DRIVERS\disk.sys
16:55:27.0028 5316  Disk - ok
16:55:27.0075 5316  [ 33EF4861F19A0736B11314AAD9AE28D0 ] Dnscache        C:\Windows\System32\dnsrslvr.dll
16:55:27.0106 5316  Dnscache - ok
16:55:27.0137 5316  [ 366BA8FB4B7BB7435E3B9EACB3843F67 ] dot3svc         C:\Windows\System32\dot3svc.dll
16:55:27.0184 5316  dot3svc - ok
16:55:27.0215 5316  [ 8EC04CA86F1D68DA9E11952EB85973D6 ] DPS             C:\Windows\system32\dps.dll
16:55:27.0262 5316  DPS - ok
16:55:27.0309 5316  [ B918E7C5F9BF77202F89E1A9539F2EB4 ] drmkaud         C:\Windows\system32\drivers\drmkaud.sys
16:55:27.0340 5316  drmkaud - ok
16:55:27.0387 5316  [ 23F5D28378A160352BA8F817BD8C71CB ] DXGKrnl         C:\Windows\System32\drivers\dxgkrnl.sys
16:55:27.0402 5316  DXGKrnl - ok
16:55:27.0449 5316  [ 8600142FA91C1B96367D3300AD0F3F3A ] EapHost         C:\Windows\System32\eapsvc.dll
16:55:27.0496 5316  EapHost - ok
16:55:27.0605 5316  [ 024E1B5CAC09731E4D868E64DBFB4AB0 ] ebdrv           C:\Windows\system32\DRIVERS\evbdx.sys
16:55:27.0808 5316  ebdrv - ok
16:55:27.0855 5316  [ 81951F51E318AECC2D68559E47485CC4 ] EFS             C:\Windows\System32\lsass.exe
16:55:27.0870 5316  EFS - ok
16:55:27.0964 5316  [ A8C362018EFC87BEB013EE28F29C0863 ] ehRecvr         C:\Windows\ehome\ehRecvr.exe
16:55:28.0011 5316  ehRecvr - ok
16:55:28.0042 5316  [ D389BFF34F80CAEDE417BF9D1507996A ] ehSched         C:\Windows\ehome\ehsched.exe
16:55:28.0057 5316  ehSched - ok
16:55:28.0104 5316  [ 0ED67910C8C326796FAA00B2BF6D9D3C ] elxstor         C:\Windows\system32\DRIVERS\elxstor.sys
16:55:28.0135 5316  elxstor - ok
16:55:28.0151 5316  [ 8FC3208352DD3912C94367A206AB3F11 ] ErrDev          C:\Windows\system32\drivers\errdev.sys
16:55:28.0182 5316  ErrDev - ok
16:55:28.0245 5316  [ F6916EFC29D9953D5D0DF06882AE8E16 ] EventSystem     C:\Windows\system32\es.dll
16:55:28.0291 5316  EventSystem - ok
16:55:28.0369 5316  [ 026F6D48CC5293C7B8A696376618B9D2 ] ewusbmbb        C:\Windows\system32\DRIVERS\ewusbwwan.sys
16:55:28.0416 5316  ewusbmbb - ok
16:55:28.0447 5316  ewusbnet - ok
16:55:28.0525 5316  [ 57C171EA22F0A7F068FCB0CAEDD1E8E7 ] ew_hwusbdev     C:\Windows\system32\DRIVERS\ew_hwusbdev.sys
16:55:28.0557 5316  ew_hwusbdev - ok
16:55:28.0603 5316  [ 61A973F60E94A551BA7B15F3460444FB ] ew_usbenumfilter C:\Windows\system32\DRIVERS\ew_usbenumfilter.sys
16:55:28.0619 5316  ew_usbenumfilter - ok
16:55:28.0650 5316  [ 2DC9108D74081149CC8B651D3A26207F ] exfat           C:\Windows\system32\drivers\exfat.sys
16:55:28.0697 5316  exfat - ok
16:55:28.0775 5316  [ 7E0AB74553476622FB6AE36F73D97D35 ] fastfat         C:\Windows\system32\drivers\fastfat.sys
16:55:28.0806 5316  fastfat - ok
16:55:28.0869 5316  [ 967EA5B213E9984CBE270205DF37755B ] Fax             C:\Windows\system32\fxssvc.exe
16:55:28.0900 5316  Fax - ok
16:55:28.0947 5316  [ E817A017F82DF2A1F8CFDBDA29388B29 ] fdc             C:\Windows\system32\DRIVERS\fdc.sys
16:55:28.0962 5316  fdc - ok
16:55:28.0993 5316  [ F3222C893BD2F5821A0179E5C71E88FB ] fdPHost         C:\Windows\system32\fdPHost.dll
16:55:29.0040 5316  fdPHost - ok
16:55:29.0056 5316  [ 7DBE8CBFE79EFBDEB98C9FB08D3A9A5B ] FDResPub        C:\Windows\system32\fdrespub.dll
16:55:29.0118 5316  FDResPub - ok
16:55:29.0149 5316  [ 6CF00369C97F3CF563BE99BE983D13D8 ] FileInfo        C:\Windows\system32\drivers\fileinfo.sys
16:55:29.0165 5316  FileInfo - ok
16:55:29.0181 5316  [ 42C51DC94C91DA21CB9196EB64C45DB9 ] Filetrace       C:\Windows\system32\drivers\filetrace.sys
16:55:29.0212 5316  Filetrace - ok
16:55:29.0227 5316  [ 87907AA70CB3C56600F1C2FB8841579B ] flpydisk        C:\Windows\system32\DRIVERS\flpydisk.sys
16:55:29.0259 5316  flpydisk - ok
16:55:29.0305 5316  [ 7520EC808E0C35E0EE6F841294316653 ] FltMgr          C:\Windows\system32\drivers\fltmgr.sys
16:55:29.0321 5316  FltMgr - ok
16:55:29.0368 5316  [ B3A5EC6B6B6673DB7E87C2BCDBDDC074 ] FontCache       C:\Windows\system32\FntCache.dll
16:55:29.0430 5316  FontCache - ok
16:55:29.0508 5316  [ E56F39F6B7FDA0AC77A79B0FD3DE1A2F ] FontCache3.0.0.0 C:\Windows\Microsoft.Net\Framework\v3.0\WPF\PresentationFontCache.exe
16:55:29.0524 5316  FontCache3.0.0.0 - ok
16:55:29.0555 5316  [ 1A16B57943853E598CFF37FE2B8CBF1D ] FsDepends       C:\Windows\system32\drivers\FsDepends.sys
16:55:29.0571 5316  FsDepends - ok
16:55:29.0602 5316  [ 7DAE5EBCC80E45D3253F4923DC424D05 ] Fs_Rec          C:\Windows\system32\drivers\Fs_Rec.sys
16:55:29.0617 5316  Fs_Rec - ok
16:55:29.0664 5316  [ 8A73E79089B282100B9393B644CB853B ] fvevol          C:\Windows\system32\DRIVERS\fvevol.sys
16:55:29.0695 5316  fvevol - ok
16:55:29.0758 5316  [ 65EE0C7A58B65E74AE05637418153938 ] gagp30kx        C:\Windows\system32\DRIVERS\gagp30kx.sys
16:55:29.0773 5316  gagp30kx - ok
16:55:29.0836 5316  [ 8182FF89C65E4D38B2DE4BB0FB18564E ] GEARAspiWDM     C:\Windows\system32\DRIVERS\GEARAspiWDM.sys
16:55:29.0836 5316  GEARAspiWDM - ok
16:55:29.0898 5316  [ E897EAF5ED6BA41E081060C9B447A673 ] gpsvc           C:\Windows\System32\gpsvc.dll
16:55:29.0961 5316  gpsvc - ok
16:55:30.0085 5316  [ F02A533F517EB38333CB12A9E8963773 ] gupdate         C:\Program Files\Google\Update\GoogleUpdate.exe
16:55:30.0085 5316  gupdate - ok
16:55:30.0148 5316  [ F02A533F517EB38333CB12A9E8963773 ] gupdatem        C:\Program Files\Google\Update\GoogleUpdate.exe
16:55:30.0163 5316  gupdatem - ok
16:55:30.0195 5316  [ 5D4BC124FAAE6730AC002CDB67BF1A1C ] gusvc           C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
16:55:30.0210 5316  gusvc - ok
16:55:30.0241 5316  [ C44E3C2BAB6837DB337DDEE7544736DB ] hcw85cir        C:\Windows\system32\drivers\hcw85cir.sys
16:55:30.0288 5316  hcw85cir - ok
16:55:30.0335 5316  [ 9036377B8A6C15DC2EEC53E489D159B5 ] HDAudBus        C:\Windows\system32\drivers\HDAudBus.sys
16:55:30.0366 5316  HDAudBus - ok
16:55:30.0382 5316  [ 1D58A7F3E11A9731D0EAAAA8405ACC36 ] HidBatt         C:\Windows\system32\DRIVERS\HidBatt.sys
16:55:30.0429 5316  HidBatt - ok
16:55:30.0460 5316  [ 89448F40E6DF260C206A193A4683BA78 ] HidBth          C:\Windows\system32\DRIVERS\hidbth.sys
16:55:30.0475 5316  HidBth - ok
16:55:30.0522 5316  [ CF50B4CF4A4F229B9F3C08351F99CA5E ] HidIr           C:\Windows\system32\DRIVERS\hidir.sys
16:55:30.0553 5316  HidIr - ok
16:55:30.0600 5316  [ 2BC6F6A1992B3A77F5F41432CA6B3B6B ] hidserv         C:\Windows\system32\hidserv.dll
16:55:30.0631 5316  hidserv - ok
16:55:30.0663 5316  [ 10C19F8290891AF023EAEC0832E1EB4D ] HidUsb          C:\Windows\system32\drivers\hidusb.sys
16:55:30.0678 5316  HidUsb - ok
16:55:30.0756 5316  [ 196B4E3F4CCCC24AF836CE58FACBB699 ] hkmsvc          C:\Windows\system32\kmsvc.dll
16:55:30.0803 5316  hkmsvc - ok
16:55:30.0850 5316  [ 6658F4404DE03D75FE3BA09F7ABA6A30 ] HomeGroupListener C:\Windows\system32\ListSvc.dll
16:55:30.0897 5316  HomeGroupListener - ok
16:55:30.0928 5316  [ DBC02D918FFF1CAD628ACBE0C0EAA8E8 ] HomeGroupProvider C:\Windows\system32\provsvc.dll
16:55:30.0975 5316  HomeGroupProvider - ok
16:55:31.0006 5316  [ 295FDC419039090EB8B49FFDBB374549 ] HpSAMD          C:\Windows\system32\drivers\HpSAMD.sys
16:55:31.0021 5316  HpSAMD - ok
16:55:31.0068 5316  [ 210388FD8225B02BD83D77628AAE64A9 ] HsfXAudioService C:\Windows\system32\XAudio32.dll
16:55:31.0115 5316  HsfXAudioService - ok
16:55:31.0162 5316  [ 227C3BA25012752BB7450235392C719F ] HSF_DPV         C:\Windows\system32\DRIVERS\HSX_DPV.sys
16:55:31.0224 5316  HSF_DPV - ok
16:55:31.0240 5316  [ 4DF5C76302DC2F8F3465966C8426A292 ] HSXHWAZL        C:\Windows\system32\DRIVERS\HSXHWAZL.sys
16:55:31.0271 5316  HSXHWAZL - ok
16:55:31.0318 5316  [ 871917B07A141BFF43D76D8844D48106 ] HTTP            C:\Windows\system32\drivers\HTTP.sys
16:55:31.0365 5316  HTTP - ok
16:55:31.0427 5316  [ 42A64382A0607B80C99C37170911B346 ] huawei_cdcacm   C:\Windows\system32\DRIVERS\ew_jucdcacm.sys
16:55:31.0458 5316  huawei_cdcacm - ok
16:55:31.0505 5316  [ F44461E66F1B7DD267957FE9BAA63ED0 ] huawei_enumerator C:\Windows\system32\DRIVERS\ew_jubusenum.sys
16:55:31.0536 5316  huawei_enumerator - ok
16:55:31.0567 5316  [ 69A103138B77AC0950EC3846E2E6F655 ] huawei_ext_ctrl C:\Windows\system32\DRIVERS\ew_juextctrl.sys
16:55:31.0599 5316  huawei_ext_ctrl - ok
16:55:31.0661 5316  [ 7DE001BAB4056257E1792AF1FCFA489F ] huawei_wwanecm  C:\Windows\system32\DRIVERS\ew_juwwanecm.sys
16:55:31.0677 5316  huawei_wwanecm - ok
16:55:31.0770 5316  [ F547F862B8907F1BCBD9B72A72A6449E ] hwdatacard      C:\Windows\system32\DRIVERS\ewusbmdm.sys
16:55:31.0786 5316  hwdatacard - ok
16:55:31.0848 5316  HWDeviceService.exe - ok
16:55:31.0879 5316  [ 0C4E035C7F105F1299258C90886C64C5 ] hwpolicy        C:\Windows\system32\drivers\hwpolicy.sys
16:55:31.0895 5316  hwpolicy - ok
16:55:31.0926 5316  hwusbdev - ok
16:55:31.0973 5316  [ F151F0BDC47F4A28B1B20A0818EA36D6 ] i8042prt        C:\Windows\system32\drivers\i8042prt.sys
16:55:31.0989 5316  i8042prt - ok
16:55:32.0035 5316  [ 5CD5F9A5444E6CDCB0AC89BD62D8B76E ] iaStorV         C:\Windows\system32\drivers\iaStorV.sys
16:55:32.0067 5316  iaStorV - ok
16:55:32.0129 5316  [ C521D7EB6497BB1AF6AFA89E322FB43C ] idsvc           C:\Windows\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\infocard.exe
16:55:32.0160 5316  idsvc - ok
16:55:32.0394 5316  [ 8266AE06DF974E5BA047B3E9E9E70B3F ] igfx            C:\Windows\system32\DRIVERS\igdkmd32.sys
16:55:32.0675 5316  igfx - ok
16:55:32.0784 5316  [ 4173FF5708F3236CF25195FECD742915 ] iirsp           C:\Windows\system32\DRIVERS\iirsp.sys
16:55:32.0800 5316  iirsp - ok
16:55:32.0847 5316  [ F95622F161474511B8D80D6B093AA610 ] IKEEXT          C:\Windows\System32\ikeext.dll
16:55:32.0893 5316  IKEEXT - ok
16:55:32.0925 5316  [ A0F12F2C9BA6C72F3987CE780E77C130 ] intelide        C:\Windows\system32\drivers\intelide.sys
16:55:32.0940 5316  intelide - ok
16:55:32.0956 5316  [ 3B514D27BFC4ACCB4037BC6685F766E0 ] intelppm        C:\Windows\system32\DRIVERS\intelppm.sys
16:55:32.0987 5316  intelppm - ok
16:55:33.0096 5316  [ 80A3CB16C3ABAB616D33C1D8B2DB0ECE ] Internet Manager. RunOuc C:\Program Files\T-Mobile\InternetManager_H\UpdateDog\ouc.exe
16:55:33.0112 5316  Internet Manager. RunOuc - ok
16:55:33.0143 5316  [ ACB364B9075A45C0736E5C47BE5CAE19 ] IPBusEnum       C:\Windows\system32\ipbusenum.dll
16:55:33.0190 5316  IPBusEnum - ok
16:55:33.0221 5316  [ 709D1761D3B19A932FF0238EA6D50200 ] IpFilterDriver  C:\Windows\system32\DRIVERS\ipfltdrv.sys
16:55:33.0268 5316  IpFilterDriver - ok
16:55:33.0346 5316  [ 4D65A07B795D6674312F879D09AA7663 ] iphlpsvc        C:\Windows\System32\iphlpsvc.dll
16:55:33.0393 5316  iphlpsvc - ok
16:55:33.0424 5316  [ 4BD7134618C1D2A27466A099062547BF ] IPMIDRV         C:\Windows\system32\drivers\IPMIDrv.sys
16:55:33.0455 5316  IPMIDRV - ok
16:55:33.0517 5316  [ A5FA468D67ABCDAA36264E463A7BB0CD ] IPNAT           C:\Windows\system32\drivers\ipnat.sys
16:55:33.0564 5316  IPNAT - ok
16:55:33.0611 5316  [ 42996CFF20A3084A56017B7902307E9F ] IRENUM          C:\Windows\system32\drivers\irenum.sys
16:55:33.0627 5316  IRENUM - ok
16:55:33.0705 5316  [ 1F32BB6B38F62F7DF1A7AB7292638A35 ] isapnp          C:\Windows\system32\drivers\isapnp.sys
16:55:33.0751 5316  isapnp - ok
16:55:33.0783 5316  [ CB7A9ABB12B8415BCE5D74994C7BA3AE ] iScsiPrt        C:\Windows\system32\drivers\msiscsi.sys
16:55:33.0798 5316  iScsiPrt - ok
16:55:33.0829 5316  [ ADEF52CA1AEAE82B50DF86B56413107E ] kbdclass        C:\Windows\system32\drivers\kbdclass.sys
16:55:33.0845 5316  kbdclass - ok
16:55:33.0892 5316  [ 9E3CED91863E6EE98C24794D05E27A71 ] kbdhid          C:\Windows\system32\drivers\kbdhid.sys
16:55:33.0923 5316  kbdhid - ok
16:55:33.0954 5316  [ 81951F51E318AECC2D68559E47485CC4 ] KeyIso          C:\Windows\system32\lsass.exe
16:55:33.0970 5316  KeyIso - ok
16:55:34.0017 5316  [ B7895B4182C0D16F6EFADEB8081E8D36 ] KSecDD          C:\Windows\system32\Drivers\ksecdd.sys
16:55:34.0032 5316  KSecDD - ok
16:55:34.0079 5316  [ D30159AC9237519FBC62C6EC247D2D46 ] KSecPkg         C:\Windows\system32\Drivers\ksecpkg.sys
16:55:34.0095 5316  KSecPkg - ok
16:55:34.0141 5316  [ 89A7B9CC98D0D80C6F31B91C0A310FCD ] KtmRm           C:\Windows\system32\msdtckrm.dll
16:55:34.0188 5316  KtmRm - ok
16:55:34.0235 5316  [ D64AF876D53ECA3668BB97B51B4E70AB ] LanmanServer    C:\Windows\system32\srvsvc.dll
16:55:34.0282 5316  LanmanServer - ok
16:55:34.0313 5316  [ 58405E4F68BA8E4057C6E914F326ABA2 ] LanmanWorkstation C:\Windows\System32\wkssvc.dll
16:55:34.0375 5316  LanmanWorkstation - ok
16:55:34.0438 5316  [ F7611EC07349979DA9B0AE1F18CCC7A6 ] lltdio          C:\Windows\system32\DRIVERS\lltdio.sys
16:55:34.0485 5316  lltdio - ok
16:55:34.0516 5316  [ 5700673E13A2117FA3B9020C852C01E2 ] lltdsvc         C:\Windows\System32\lltdsvc.dll
16:55:34.0563 5316  lltdsvc - ok
16:55:34.0578 5316  [ 55CA01BA19D0006C8F2639B6C045E08B ] lmhosts         C:\Windows\System32\lmhsvc.dll
16:55:34.0625 5316  lmhosts - ok
16:55:34.0672 5316  [ EB119A53CCF2ACC000AC71B065B78FEF ] LSI_FC          C:\Windows\system32\DRIVERS\lsi_fc.sys
16:55:34.0687 5316  LSI_FC - ok
16:55:34.0703 5316  [ 8ADE1C877256A22E49B75D1CC9161F9C ] LSI_SAS         C:\Windows\system32\DRIVERS\lsi_sas.sys
16:55:34.0750 5316  LSI_SAS - ok
16:55:34.0765 5316  [ DC9DC3D3DAA0E276FD2EC262E38B11E9 ] LSI_SAS2        C:\Windows\system32\DRIVERS\lsi_sas2.sys
16:55:34.0781 5316  LSI_SAS2 - ok
16:55:34.0797 5316  [ 0A036C7D7CAB643A7F07135AC47E0524 ] LSI_SCSI        C:\Windows\system32\DRIVERS\lsi_scsi.sys
16:55:34.0828 5316  LSI_SCSI - ok
16:55:34.0843 5316  [ 6703E366CC18D3B6E534F5CF7DF39CEE ] luafv           C:\Windows\system32\drivers\luafv.sys
16:55:34.0875 5316  luafv - ok
16:55:34.0968 5316  [ 6C3D154FFF0A97A6C3D9F78D60C41655 ] McAfee SiteAdvisor Service c:\PROGRA~1\mcafee\SITEAD~1\mcsacore.exe
16:55:34.0984 5316  McAfee SiteAdvisor Service - ok
16:55:35.0046 5316  [ 22A7776C5D8EB5930EDF9C8DD0884259 ] McComponentHostService C:\Program Files\McAfee Security Scan\3.0.207\McCHSvc.exe
16:55:35.0062 5316  McComponentHostService - ok
16:55:35.0109 5316  [ BFB9EE8EE977EFE85D1A3105ABEF6DD1 ] Mcx2Svc         C:\Windows\system32\Mcx2Svc.dll
16:55:35.0124 5316  Mcx2Svc - ok
16:55:35.0155 5316  [ 0CEA2D0D3FA284B85ED5B68365114F76 ] mdmxsdk         C:\Windows\system32\DRIVERS\mdmxsdk.sys
16:55:35.0187 5316  mdmxsdk - ok
16:55:35.0233 5316  [ 0FFF5B045293002AB38EB1FD1FC2FB74 ] megasas         C:\Windows\system32\DRIVERS\megasas.sys
16:55:35.0233 5316  megasas - ok
16:55:35.0265 5316  [ DCBAB2920C75F390CAF1D29F675D03D6 ] MegaSR          C:\Windows\system32\DRIVERS\MegaSR.sys
16:55:35.0280 5316  MegaSR - ok
16:55:35.0374 5316  [ 123271BD5237AB991DC5C21FDF8835EB ] Microsoft Office Groove Audit Service C:\Program Files\Microsoft Office\Office12\GrooveAuditService.exe
16:55:35.0389 5316  Microsoft Office Groove Audit Service - ok
16:55:35.0421 5316  [ 146B6F43A673379A3C670E86D89BE5EA ] MMCSS           C:\Windows\system32\mmcss.dll
16:55:35.0483 5316  MMCSS - ok
16:55:35.0499 5316  [ F001861E5700EE84E2D4E52C712F4964 ] Modem           C:\Windows\system32\drivers\modem.sys
16:55:35.0530 5316  Modem - ok
16:55:35.0545 5316  [ 79D10964DE86B292320E9DFE02282A23 ] monitor         C:\Windows\system32\DRIVERS\monitor.sys
16:55:35.0577 5316  monitor - ok
16:55:35.0670 5316  [ FB18CC1D4C2E716B6B903B0AC0CC0609 ] mouclass        C:\Windows\system32\drivers\mouclass.sys
16:55:35.0670 5316  mouclass - ok
16:55:35.0748 5316  [ 2C388D2CD01C9042596CF3C8F3C7B24D ] mouhid          C:\Windows\system32\DRIVERS\mouhid.sys
16:55:35.0779 5316  mouhid - ok
16:55:35.0826 5316  [ FC8771F45ECCCFD89684E38842539B9B ] mountmgr        C:\Windows\system32\drivers\mountmgr.sys
16:55:35.0842 5316  mountmgr - ok
16:55:35.0857 5316  [ 2D699FB6E89CE0D8DA14ECC03B3EDFE0 ] mpio            C:\Windows\system32\drivers\mpio.sys
16:55:35.0873 5316  mpio - ok
16:55:35.0904 5316  [ AD2723A7B53DD1AACAE6AD8C0BFBF4D0 ] mpsdrv          C:\Windows\system32\drivers\mpsdrv.sys
16:55:35.0951 5316  mpsdrv - ok
16:55:35.0998 5316  [ 9835584E999D25004E1EE8E5F3E3B881 ] MpsSvc          C:\Windows\system32\mpssvc.dll
16:55:36.0060 5316  MpsSvc - ok
16:55:36.0107 5316  [ CEB46AB7C01C9F825F8CC6BABC18166A ] MRxDAV          C:\Windows\system32\drivers\mrxdav.sys
16:55:36.0123 5316  MRxDAV - ok
16:55:36.0169 5316  [ 5D16C921E3671636C0EBA3BBAAC5FD25 ] mrxsmb          C:\Windows\system32\DRIVERS\mrxsmb.sys
16:55:36.0201 5316  mrxsmb - ok
16:55:36.0247 5316  [ 6D17A4791ACA19328C685D256349FEFC ] mrxsmb10        C:\Windows\system32\DRIVERS\mrxsmb10.sys
16:55:36.0294 5316  mrxsmb10 - ok
16:55:36.0310 5316  [ B81F204D146000BE76651A50670A5E9E ] mrxsmb20        C:\Windows\system32\DRIVERS\mrxsmb20.sys
16:55:36.0341 5316  mrxsmb20 - ok
16:55:36.0388 5316  [ 012C5F4E9349E711E11E0F19A8589F0A ] msahci          C:\Windows\system32\drivers\msahci.sys
16:55:36.0403 5316  msahci - ok
16:55:36.0450 5316  [ 55055F8AD8BE27A64C831322A780A228 ] msdsm           C:\Windows\system32\drivers\msdsm.sys
16:55:36.0466 5316  msdsm - ok
16:55:36.0481 5316  [ E1BCE74A3BD9902B72599C0192A07E27 ] MSDTC           C:\Windows\System32\msdtc.exe
16:55:36.0513 5316  MSDTC - ok
16:55:36.0575 5316  [ DAEFB28E3AF5A76ABCC2C3078C07327F ] Msfs            C:\Windows\system32\drivers\Msfs.sys
16:55:36.0606 5316  Msfs - ok
16:55:36.0606 5316  [ 3E1E5767043C5AF9367F0056295E9F84 ] mshidkmdf       C:\Windows\System32\drivers\mshidkmdf.sys
16:55:36.0669 5316  mshidkmdf - ok
16:55:36.0747 5316  [ 0A4E5757AE09FA9622E3158CC1AEF114 ] msisadrv        C:\Windows\system32\drivers\msisadrv.sys
16:55:36.0762 5316  msisadrv - ok
16:55:36.0809 5316  [ 90F7D9E6B6F27E1A707D4A297F077828 ] MSiSCSI         C:\Windows\system32\iscsiexe.dll
16:55:36.0840 5316  MSiSCSI - ok
16:55:36.0856 5316  msiserver - ok
16:55:36.0903 5316  [ 8C0860D6366AAFFB6C5BB9DF9448E631 ] MSKSSRV         C:\Windows\system32\drivers\MSKSSRV.sys
16:55:36.0949 5316  MSKSSRV - ok
16:55:36.0965 5316  [ 3EA8B949F963562CEDBB549EAC0C11CE ] MSPCLOCK        C:\Windows\system32\drivers\MSPCLOCK.sys
16:55:37.0012 5316  MSPCLOCK - ok
16:55:37.0043 5316  [ F456E973590D663B1073E9C463B40932 ] MSPQM           C:\Windows\system32\drivers\MSPQM.sys
16:55:37.0074 5316  MSPQM - ok
16:55:37.0121 5316  [ 0E008FC4819D238C51D7C93E7B41E560 ] MsRPC           C:\Windows\system32\drivers\MsRPC.sys
16:55:37.0137 5316  MsRPC - ok
16:55:37.0168 5316  [ FC6B9FF600CC585EA38B12589BD4E246 ] mssmbios        C:\Windows\system32\drivers\mssmbios.sys
16:55:37.0183 5316  mssmbios - ok
16:55:37.0215 5316  [ B42C6B921F61A6E55159B8BE6CD54A36 ] MSTEE           C:\Windows\system32\drivers\MSTEE.sys
16:55:37.0246 5316  MSTEE - ok
16:55:37.0261 5316  [ 33599130F44E1F34631CEA241DE8AC84 ] MTConfig        C:\Windows\system32\DRIVERS\MTConfig.sys
16:55:37.0277 5316  MTConfig - ok
16:55:37.0293 5316  [ 159FAD02F64E6381758C990F753BCC80 ] Mup             C:\Windows\system32\Drivers\mup.sys
16:55:37.0308 5316  Mup - ok
16:55:37.0355 5316  [ 61D57A5D7C6D9AFE10E77DAE6E1B445E ] napagent        C:\Windows\system32\qagentRT.dll
16:55:37.0386 5316  napagent - ok
16:55:37.0433 5316  [ 26384429FCD85D83746F63E798AB1480 ] NativeWifiP     C:\Windows\system32\DRIVERS\nwifi.sys
16:55:37.0464 5316  NativeWifiP - ok
16:55:37.0495 5316  [ E7C54812A2AAF43316EB6930C1FFA108 ] NDIS            C:\Windows\system32\drivers\ndis.sys
16:55:37.0527 5316  NDIS - ok
16:55:37.0558 5316  [ 0E1787AA6C9191D3D319E8BAFE86F80C ] NdisCap         C:\Windows\system32\DRIVERS\ndiscap.sys
16:55:37.0605 5316  NdisCap - ok
16:55:37.0636 5316  [ E4A8AEC125A2E43A9E32AFEEA7C9C888 ] NdisTapi        C:\Windows\system32\DRIVERS\ndistapi.sys
16:55:37.0667 5316  NdisTapi - ok
16:55:37.0761 5316  [ D8A65DAFB3EB41CBB622745676FCD072 ] Ndisuio         C:\Windows\system32\DRIVERS\ndisuio.sys
16:55:37.0807 5316  Ndisuio - ok
16:55:37.0854 5316  [ 38FBE267E7E6983311179230FACB1017 ] NdisWan         C:\Windows\system32\DRIVERS\ndiswan.sys
16:55:37.0901 5316  NdisWan - ok
16:55:37.0917 5316  [ A4BDC541E69674FBFF1A8FF00BE913F2 ] NDProxy         C:\Windows\system32\drivers\NDProxy.sys
16:55:37.0948 5316  NDProxy - ok
16:55:37.0995 5316  [ 1352E1648213551923A0A822E441553C ] Netaapl         C:\Windows\system32\DRIVERS\netaapl.sys
16:55:38.0026 5316  Netaapl - ok
16:55:38.0088 5316  [ 80B275B1CE3B0E79909DB7B39AF74D51 ] NetBIOS         C:\Windows\system32\DRIVERS\netbios.sys
16:55:38.0135 5316  NetBIOS - ok
16:55:38.0166 5316  [ 280122DDCF04B378EDD1AD54D71C1E54 ] NetBT           C:\Windows\system32\DRIVERS\netbt.sys
16:55:38.0244 5316  NetBT - ok
16:55:38.0260 5316  [ 81951F51E318AECC2D68559E47485CC4 ] Netlogon        C:\Windows\system32\lsass.exe
16:55:38.0275 5316  Netlogon - ok
16:55:38.0322 5316  [ 7CCCFCA7510684768DA22092D1FA4DB2 ] Netman          C:\Windows\System32\netman.dll
16:55:38.0385 5316  Netman - ok
16:55:38.0416 5316  [ 8C338238C16777A802D6A9211EB2BA50 ] netprofm        C:\Windows\System32\netprofm.dll
16:55:38.0463 5316  netprofm - ok
16:55:38.0509 5316  [ F476EC40033CDB91EFBE73EB99B8362D ] NetTcpPortSharing C:\Windows\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\SMSvcHost.exe
16:55:38.0525 5316  NetTcpPortSharing - ok
16:55:38.0556 5316  [ 1D85C4B390B0EE09C7A46B91EFB2C097 ] nfrd960         C:\Windows\system32\DRIVERS\nfrd960.sys
16:55:38.0572 5316  nfrd960 - ok
16:55:38.0619 5316  [ 912084381D30D8B89EC4E293053F4710 ] NlaSvc          C:\Windows\System32\nlasvc.dll
16:55:38.0665 5316  NlaSvc - ok
16:55:38.0697 5316  [ 1DB262A9F8C087E8153D89BEF3D2235F ] Npfs            C:\Windows\system32\drivers\Npfs.sys
16:55:38.0728 5316  Npfs - ok
16:55:38.0775 5316  [ BA387E955E890C8A88306D9B8D06BF17 ] nsi             C:\Windows\system32\nsisvc.dll
16:55:38.0806 5316  nsi - ok
16:55:38.0837 5316  [ E9A0A4D07E53D8FEA2BB8387A3293C58 ] nsiproxy        C:\Windows\system32\drivers\nsiproxy.sys
16:55:38.0884 5316  nsiproxy - ok
16:55:38.0946 5316  [ 81189C3D7763838E55C397759D49007A ] Ntfs            C:\Windows\system32\drivers\Ntfs.sys
16:55:39.0009 5316  Ntfs - ok
16:55:39.0024 5316  [ F9756A98D69098DCA8945D62858A812C ] Null            C:\Windows\system32\drivers\Null.sys
16:55:39.0055 5316  Null - ok
16:55:39.0118 5316  [ B3E25EE28883877076E0E1FF877D02E0 ] nvraid          C:\Windows\system32\drivers\nvraid.sys
16:55:39.0133 5316  nvraid - ok
16:55:39.0149 5316  [ 4380E59A170D88C4F1022EFF6719A8A4 ] nvstor          C:\Windows\system32\drivers\nvstor.sys
16:55:39.0165 5316  nvstor - ok
16:55:39.0211 5316  [ 5A0983915F02BAE73267CC2A041F717D ] nv_agp          C:\Windows\system32\drivers\nv_agp.sys
16:55:39.0227 5316  nv_agp - ok
16:55:39.0321 5316  [ 785F487A64950F3CB8E9F16253BA3B7B ] odserv          C:\Program Files\Common Files\Microsoft Shared\OFFICE12\ODSERV.EXE
16:55:39.0336 5316  odserv - ok
16:55:39.0383 5316  [ 08A70A1F2CDDE9BB49B885CB817A66EB ] ohci1394        C:\Windows\system32\drivers\ohci1394.sys
16:55:39.0414 5316  ohci1394 - ok
16:55:39.0492 5316  [ 5A432A042DAE460ABE7199B758E8606C ] ose             C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE
16:55:39.0508 5316  ose - ok
16:55:39.0539 5316  [ 82A8521DDC60710C3D3D3E7325209BEC ] p2pimsvc        C:\Windows\system32\pnrpsvc.dll
16:55:39.0586 5316  p2pimsvc - ok
16:55:39.0633 5316  [ 59C3DDD501E39E006DAC31BF55150D91 ] p2psvc          C:\Windows\system32\p2psvc.dll
16:55:39.0648 5316  p2psvc - ok
16:55:39.0695 5316  [ 2EA877ED5DD9713C5AC74E8EA7348D14 ] Parport         C:\Windows\system32\DRIVERS\parport.sys
16:55:39.0726 5316  Parport - ok
16:55:39.0773 5316  [ 3F34A1B4C5F6475F320C275E63AFCE9B ] partmgr         C:\Windows\system32\drivers\partmgr.sys
16:55:39.0789 5316  partmgr - ok
16:55:39.0804 5316  [ EB0A59F29C19B86479D36B35983DAADC ] Parvdm          C:\Windows\system32\DRIVERS\parvdm.sys
16:55:39.0835 5316  Parvdm - ok
16:55:39.0867 5316  [ 358AB7956D3160000726574083DFC8A6 ] PcaSvc          C:\Windows\System32\pcasvc.dll
16:55:39.0882 5316  PcaSvc - ok
16:55:39.0929 5316  [ 673E55C3498EB970088E812EA820AA8F ] pci             C:\Windows\system32\drivers\pci.sys
16:55:39.0945 5316  pci - ok
16:55:39.0976 5316  [ AFE86F419014DB4E5593F69FFE26CE0A ] pciide          C:\Windows\system32\drivers\pciide.sys
16:55:39.0991 5316  pciide - ok
16:55:40.0023 5316  [ F396431B31693E71E8A80687EF523506 ] pcmcia          C:\Windows\system32\DRIVERS\pcmcia.sys
16:55:40.0038 5316  pcmcia - ok
16:55:40.0054 5316  [ 250F6B43D2B613172035C6747AEEB19F ] pcw             C:\Windows\system32\drivers\pcw.sys
16:55:40.0069 5316  pcw - ok
16:55:40.0101 5316  [ 9E0104BA49F4E6973749A02BF41344ED ] PEAUTH          C:\Windows\system32\drivers\peauth.sys
16:55:40.0163 5316  PEAUTH - ok
16:55:40.0257 5316  [ 414BBA67A3DED1D28437EB66AEB8A720 ] pla             C:\Windows\system32\pla.dll
16:55:40.0350 5316  pla - ok
16:55:40.0397 5316  [ EC7BC28D207DA09E79B3E9FAF8B232CA ] PlugPlay        C:\Windows\system32\umpnpmgr.dll
16:55:40.0444 5316  PlugPlay - ok
16:55:40.0475 5316  [ 63FF8572611249931EB16BB8EED6AFC8 ] PNRPAutoReg     C:\Windows\system32\pnrpauto.dll
16:55:40.0506 5316  PNRPAutoReg - ok
16:55:40.0537 5316  [ 82A8521DDC60710C3D3D3E7325209BEC ] PNRPsvc         C:\Windows\system32\pnrpsvc.dll
16:55:40.0553 5316  PNRPsvc - ok
16:55:40.0584 5316  [ 53946B69BA0836BD95B03759530C81EC ] PolicyAgent     C:\Windows\System32\ipsecsvc.dll
16:55:40.0631 5316  PolicyAgent - ok
16:55:40.0678 5316  [ F87D30E72E03D579A5199CCB3831D6EA ] Power           C:\Windows\system32\umpo.dll
16:55:40.0709 5316  Power - ok
16:55:40.0803 5316  [ 631E3E205AD6D86F2AED6A4A8E69F2DB ] PptpMiniport    C:\Windows\system32\DRIVERS\raspptp.sys
16:55:40.0834 5316  PptpMiniport - ok
16:55:40.0865 5316  [ 85B1E3A0C7585BC4AAE6899EC6FCF011 ] Processor       C:\Windows\system32\DRIVERS\processr.sys
16:55:40.0912 5316  Processor - ok
16:55:40.0974 5316  [ CADEFAC453040E370A1BDFF3973BE00D ] ProfSvc         C:\Windows\system32\profsvc.dll
16:55:41.0005 5316  ProfSvc - ok
16:55:41.0037 5316  [ 81951F51E318AECC2D68559E47485CC4 ] ProtectedStorage C:\Windows\system32\lsass.exe
16:55:41.0052 5316  ProtectedStorage - ok
16:55:41.0083 5316  [ 6270CCAE2A86DE6D146529FE55B3246A ] Psched          C:\Windows\system32\DRIVERS\pacer.sys
16:55:41.0130 5316  Psched - ok
16:55:41.0177 5316  [ AB95ECF1F6659A60DDC166D8315B0751 ] ql2300          C:\Windows\system32\DRIVERS\ql2300.sys
16:55:41.0255 5316  ql2300 - ok
16:55:41.0271 5316  [ B4DD51DD25182244B86737DC51AF2270 ] ql40xx          C:\Windows\system32\DRIVERS\ql40xx.sys
16:55:41.0286 5316  ql40xx - ok
16:55:41.0333 5316  [ 31AC809E7707EB580B2BDB760390765A ] QWAVE           C:\Windows\system32\qwave.dll
16:55:41.0364 5316  QWAVE - ok
16:55:41.0395 5316  [ 584078CA1B95CA72DF2A27C336F9719D ] QWAVEdrv        C:\Windows\system32\drivers\qwavedrv.sys
16:55:41.0411 5316  QWAVEdrv - ok
16:55:41.0427 5316  [ 30A81B53C766D0133BB86D234E5556AB ] RasAcd          C:\Windows\system32\DRIVERS\rasacd.sys
16:55:41.0473 5316  RasAcd - ok
16:55:41.0520 5316  [ 57EC4AEF73660166074D8F7F31C0D4FD ] RasAgileVpn     C:\Windows\system32\DRIVERS\AgileVpn.sys
16:55:41.0567 5316  RasAgileVpn - ok
16:55:41.0583 5316  [ A60F1839849C0C00739787FD5EC03F13 ] RasAuto         C:\Windows\System32\rasauto.dll
16:55:41.0629 5316  RasAuto - ok
16:55:41.0645 5316  [ D9F91EAFEC2815365CBE6D167E4E332A ] Rasl2tp         C:\Windows\system32\DRIVERS\rasl2tp.sys
16:55:41.0692 5316  Rasl2tp - ok
16:55:41.0785 5316  [ CB9E04DC05EACF5B9A36CA276D475006 ] RasMan          C:\Windows\System32\rasmans.dll
16:55:41.0832 5316  RasMan - ok
16:55:41.0848 5316  [ 0FE8B15916307A6AC12BFB6A63E45507 ] RasPppoe        C:\Windows\system32\DRIVERS\raspppoe.sys
16:55:41.0910 5316  RasPppoe - ok
16:55:41.0957 5316  [ 44101F495A83EA6401D886E7FD70096B ] RasSstp         C:\Windows\system32\DRIVERS\rassstp.sys
16:55:42.0004 5316  RasSstp - ok
16:55:42.0051 5316  [ D528BC58A489409BA40334EBF96A311B ] rdbss           C:\Windows\system32\DRIVERS\rdbss.sys
16:55:42.0097 5316  rdbss - ok
16:55:42.0144 5316  [ 0D8F05481CB76E70E1DA06EE9F0DA9DF ] rdpbus          C:\Windows\system32\DRIVERS\rdpbus.sys
16:55:42.0160 5316  rdpbus - ok
16:55:42.0207 5316  [ 23DAE03F29D253AE74C44F99E515F9A1 ] RDPCDD          C:\Windows\system32\DRIVERS\RDPCDD.sys
16:55:42.0269 5316  RDPCDD - ok
16:55:42.0316 5316  [ 5A53CA1598DD4156D44196D200C94B8A ] RDPENCDD        C:\Windows\system32\drivers\rdpencdd.sys
16:55:42.0363 5316  RDPENCDD - ok
16:55:42.0394 5316  [ 44B0A53CD4F27D50ED461DAE0C0B4E1F ] RDPREFMP        C:\Windows\system32\drivers\rdprefmp.sys
16:55:42.0425 5316  RDPREFMP - ok
16:55:42.0472 5316  [ F031683E6D1FEA157ABB2FF260B51E61 ] RDPWD           C:\Windows\system32\drivers\RDPWD.sys
16:55:42.0519 5316  RDPWD - ok
16:55:42.0550 5316  [ 518395321DC96FE2C9F0E96AC743B656 ] rdyboost        C:\Windows\system32\drivers\rdyboost.sys
16:55:42.0565 5316  rdyboost - ok
16:55:42.0612 5316  [ 7B5E1419717FAC363A31CC302895217A ] RemoteAccess    C:\Windows\System32\mprdim.dll
16:55:42.0659 5316  RemoteAccess - ok
16:55:42.0690 5316  [ CB9A8683F4EF2BF99E123D79950D7935 ] RemoteRegistry  C:\Windows\system32\regsvc.dll
16:55:42.0784 5316  RemoteRegistry - ok
16:55:42.0831 5316  [ CB928D9E6DAF51879DD6BA8D02F01321 ] RFCOMM          C:\Windows\system32\DRIVERS\rfcomm.sys
16:55:42.0846 5316  RFCOMM - ok
16:55:42.0877 5316  [ DF672613FBBCD58C38BB0BC2694BCFB0 ] rimmptsk        C:\Windows\system32\DRIVERS\rimmptsk.sys
16:55:42.0924 5316  rimmptsk - ok
16:55:42.0955 5316  [ AF213955C4D952C914620E8DB0CD0CF7 ] rimspci         C:\Windows\system32\DRIVERS\rimspe86.sys
16:55:42.0987 5316  rimspci - ok
16:55:43.0033 5316  [ 9BFB54D3559F2FF7301271D29D383564 ] rimsptsk        C:\Windows\system32\DRIVERS\rimsptsk.sys
16:55:43.0065 5316  rimsptsk - ok
16:55:43.0096 5316  [ 6978DECC2C38C5CE10A8B0F2B12F4451 ] risdpcie        C:\Windows\system32\DRIVERS\risdpe86.sys
16:55:43.0096 5316  risdpcie - ok
16:55:43.0127 5316  [ DCB87DA83CC1010CBC9FC4DC9E395BBC ] rismxdp         C:\Windows\system32\DRIVERS\rixdptsk.sys
16:55:43.0143 5316  rismxdp - ok
16:55:43.0174 5316  [ 764C1F3453E779724BA647327DE7DDD4 ] rixdpcie        C:\Windows\system32\DRIVERS\rixdpe86.sys
16:55:43.0189 5316  rixdpcie - ok
16:55:43.0236 5316  [ 78D072F35BC45D9E4E1B61895C152234 ] RpcEptMapper    C:\Windows\System32\RpcEpMap.dll
16:55:43.0283 5316  RpcEptMapper - ok
16:55:43.0330 5316  [ 94D36C0E44677DD26981D2BFEEF2A29D ] RpcLocator      C:\Windows\system32\locator.exe
16:55:43.0345 5316  RpcLocator - ok
16:55:43.0377 5316  [ 7660F01D3B38ACA1747E397D21D790AF ] RpcSs           C:\Windows\system32\rpcss.dll
16:55:43.0408 5316  RpcSs - ok
16:55:43.0455 5316  [ 032B0D36AD92B582D869879F5AF5B928 ] rspndr          C:\Windows\system32\DRIVERS\rspndr.sys
16:55:43.0501 5316  rspndr - ok
16:55:43.0548 5316  [ 26A9D6227D12B9D9DA5A81BB9B55D810 ] RTL8167         C:\Windows\system32\DRIVERS\Rt86win7.sys
16:55:43.0579 5316  RTL8167 - ok
16:55:43.0626 5316  [ 949F74CB383A1D5DA67AEA9CCD4A8B87 ] RTL8187B        C:\Windows\system32\DRIVERS\rtl8187B.sys
16:55:43.0657 5316  RTL8187B - ok
16:55:43.0673 5316  [ 81951F51E318AECC2D68559E47485CC4 ] SamSs           C:\Windows\system32\lsass.exe
16:55:43.0689 5316  SamSs - ok
16:55:43.0813 5316  [ 05D860DA1040F111503AC416CCEF2BCA ] sbp2port        C:\Windows\system32\drivers\sbp2port.sys
16:55:43.0829 5316  sbp2port - ok
16:55:43.0876 5316  [ 8FC518FFE9519C2631D37515A68009C4 ] SCardSvr        C:\Windows\System32\SCardSvr.dll
16:55:43.0907 5316  SCardSvr - ok
16:55:43.0954 5316  [ 0693B5EC673E34DC147E195779A4DCF6 ] scfilter        C:\Windows\system32\DRIVERS\scfilter.sys
16:55:44.0001 5316  scfilter - ok
16:55:44.0047 5316  [ A04BB13F8A72F8B6E8B4071723E4E336 ] Schedule        C:\Windows\system32\schedsvc.dll
16:55:44.0110 5316  Schedule - ok
16:55:44.0141 5316  [ 319C6B309773D063541D01DF8AC6F55F ] SCPolicySvc     C:\Windows\System32\certprop.dll
16:55:44.0172 5316  SCPolicySvc - ok
16:55:44.0219 5316  [ 08236C4BCE5EDD0A0318A438AF28E0F7 ] SDRSVC          C:\Windows\System32\SDRSVC.dll
16:55:44.0250 5316  SDRSVC - ok
16:55:44.0297 5316  [ 90A3935D05B494A5A39D37E71F09A677 ] secdrv          C:\Windows\system32\drivers\secdrv.sys
16:55:44.0344 5316  secdrv - ok
16:55:44.0375 5316  [ A59B3A4442C52060CC7A85293AA3546F ] seclogon        C:\Windows\system32\seclogon.dll
16:55:44.0422 5316  seclogon - ok
16:55:44.0469 5316  [ DCB7FCDCC97F87360F75D77425B81737 ] SENS            C:\Windows\System32\sens.dll
16:55:44.0515 5316  SENS - ok
16:55:44.0562 5316  [ 50087FE1EE447009C9CC2997B90DE53F ] SensrSvc        C:\Windows\system32\sensrsvc.dll
16:55:44.0593 5316  SensrSvc - ok
16:55:44.0625 5316  [ 9AD8B8B515E3DF6ACD4212EF465DE2D1 ] Serenum         C:\Windows\system32\DRIVERS\serenum.sys
16:55:44.0640 5316  Serenum - ok
16:55:44.0656 5316  [ 5FB7FCEA0490D821F26F39CC5EA3D1E2 ] Serial          C:\Windows\system32\DRIVERS\serial.sys
16:55:44.0687 5316  Serial - ok
16:55:44.0703 5316  [ 79BFFB520327FF916A582DFEA17AA813 ] sermouse        C:\Windows\system32\DRIVERS\sermouse.sys
16:55:44.0765 5316  sermouse - ok
16:55:44.0827 5316  [ 4AE380F39A0032EAB7DD953030B26D28 ] SessionEnv      C:\Windows\system32\sessenv.dll
16:55:44.0859 5316  SessionEnv - ok
16:55:44.0905 5316  [ 9F976E1EB233DF46FCE808D9DEA3EB9C ] sffdisk         C:\Windows\system32\drivers\sffdisk.sys
16:55:44.0937 5316  sffdisk - ok
16:55:44.0968 5316  [ 932A68EE27833CFD57C1639D375F2731 ] sffp_mmc        C:\Windows\system32\drivers\sffp_mmc.sys
16:55:44.0999 5316  sffp_mmc - ok
16:55:45.0015 5316  [ 6D4CCAEDC018F1CF52866BBBAA235982 ] sffp_sd         C:\Windows\system32\drivers\sffp_sd.sys
16:55:45.0030 5316  sffp_sd - ok
16:55:45.0046 5316  [ DB96666CC8312EBC45032F30B007A547 ] sfloppy         C:\Windows\system32\DRIVERS\sfloppy.sys
16:55:45.0061 5316  sfloppy - ok
16:55:45.0108 5316  [ D1A079A0DE2EA524513B6930C24527A2 ] SharedAccess    C:\Windows\System32\ipnathlp.dll
16:55:45.0171 5316  SharedAccess - ok
16:55:45.0202 5316  [ 414DA952A35BF5D50192E28263B40577 ] ShellHWDetection C:\Windows\System32\shsvcs.dll
16:55:45.0233 5316  ShellHWDetection - ok
16:55:45.0249 5316  [ 2565CAC0DC9FE0371BDCE60832582B2E ] sisagp          C:\Windows\system32\drivers\sisagp.sys
16:55:45.0264 5316  sisagp - ok
16:55:45.0295 5316  [ A9F0486851BECB6DDA1D89D381E71055 ] SiSRaid2        C:\Windows\system32\DRIVERS\SiSRaid2.sys
16:55:45.0311 5316  SiSRaid2 - ok
16:55:45.0342 5316  [ 3727097B55738E2F554972C3BE5BC1AA ] SiSRaid4        C:\Windows\system32\DRIVERS\sisraid4.sys
16:55:45.0358 5316  SiSRaid4 - ok
16:55:45.0420 5316  [ 6128E98EAAED364ED1A32708D2FD22CB ] SkypeUpdate     C:\Program Files\Skype\Updater\Updater.exe
16:55:45.0420 5316  SkypeUpdate - ok
16:55:45.0467 5316  [ 3E21C083B8A01CB70BA1F09303010FCE ] Smb             C:\Windows\system32\DRIVERS\smb.sys
16:55:45.0498 5316  Smb - ok
16:55:45.0529 5316  [ 6A984831644ECA1A33FFEAE4126F4F37 ] SNMPTRAP        C:\Windows\System32\snmptrap.exe
16:55:45.0561 5316  SNMPTRAP - ok
16:55:45.0576 5316  [ 95CF1AE7527FB70F7816563CBC09D942 ] spldr           C:\Windows\system32\drivers\spldr.sys
16:55:45.0592 5316  spldr - ok
16:55:45.0639 5316  [ 9AEA093B8F9C37CF45538382CABA2475 ] Spooler         C:\Windows\System32\spoolsv.exe
16:55:45.0670 5316  Spooler - ok
16:55:45.0810 5316  [ CF87A1DE791347E75B98885214CED2B8 ] sppsvc          C:\Windows\system32\sppsvc.exe
16:55:45.0935 5316  sppsvc - ok
16:55:45.0982 5316  [ B0180B20B065D89232A78A40FE56EAA6 ] sppuinotify     C:\Windows\system32\sppuinotify.dll
16:55:46.0044 5316  sppuinotify - ok
16:55:46.0091 5316  [ E4C2764065D66EA1D2D3EBC28FE99C46 ] srv             C:\Windows\system32\DRIVERS\srv.sys
16:55:46.0122 5316  srv - ok
16:55:46.0153 5316  [ 03F0545BD8D4C77FA0AE1CEEDFCC71AB ] srv2            C:\Windows\system32\DRIVERS\srv2.sys
16:55:46.0185 5316  srv2 - ok
16:55:46.0200 5316  [ BE6BD660CAA6F291AE06A718A4FA8ABC ] srvnet          C:\Windows\system32\DRIVERS\srvnet.sys
16:55:46.0216 5316  srvnet - ok
16:55:46.0247 5316  [ D887C9FD02AC9FA880F6E5027A43E118 ] SSDPSRV         C:\Windows\System32\ssdpsrv.dll
16:55:46.0325 5316  SSDPSRV - ok
16:55:46.0341 5316  [ D318F23BE45D5E3A107469EB64815B50 ] SstpSvc         C:\Windows\system32\sstpsvc.dll
16:55:46.0372 5316  SstpSvc - ok
16:55:46.0419 5316  [ DB32D325C192B801DF274BFD12A7E72B ] stexstor        C:\Windows\system32\DRIVERS\stexstor.sys
16:55:46.0419 5316  stexstor - ok
16:55:46.0481 5316  [ E1FB3706030FB4578A0D72C2FC3689E4 ] StiSvc          C:\Windows\System32\wiaservc.dll
16:55:46.0528 5316  StiSvc - ok
16:55:46.0559 5316  [ E58C78A848ADD9610A4DB6D214AF5224 ] swenum          C:\Windows\system32\drivers\swenum.sys
16:55:46.0575 5316  swenum - ok
16:55:46.0606 5316  [ A28BD92DF340E57B024BA433165D34D7 ] swprv           C:\Windows\System32\swprv.dll
16:55:46.0637 5316  swprv - ok
16:55:46.0762 5316  [ 36650D618CA34C9D357DFD3D89B2C56F ] SysMain         C:\Windows\system32\sysmain.dll
16:55:46.0824 5316  SysMain - ok
16:55:46.0855 5316  [ 763FECDC3D30C815FE72DD57936C6CD1 ] TabletInputService C:\Windows\System32\TabSvc.dll
16:55:46.0902 5316  TabletInputService - ok
16:55:46.0949 5316  [ 613BF4820361543956909043A265C6AC ] TapiSrv         C:\Windows\System32\tapisrv.dll
16:55:47.0011 5316  TapiSrv - ok
16:55:47.0043 5316  [ B799D9FDB26111737F58288D8DC172D9 ] TBS             C:\Windows\System32\tbssvc.dll
16:55:47.0074 5316  TBS - ok
16:55:47.0152 5316  [ 7FA2E0F8B072BD04B77B421480B6CC22 ] Tcpip           C:\Windows\system32\drivers\tcpip.sys
16:55:47.0214 5316  Tcpip - ok
16:55:47.0261 5316  [ 7FA2E0F8B072BD04B77B421480B6CC22 ] TCPIP6          C:\Windows\system32\DRIVERS\tcpip.sys
16:55:47.0292 5316  TCPIP6 - ok
16:55:47.0339 5316  [ 74905EBCBB8CBDB1F3C0B1778BBCB4BC ] tcpipBM         C:\Windows\system32\drivers\tcpipBM.sys
16:55:47.0370 5316  tcpipBM ( UnsignedFile.Multi.Generic ) - warning
16:55:47.0370 5316  tcpipBM - detected UnsignedFile.Multi.Generic (1)
16:55:47.0401 5316  [ CCA24162E055C3714CE5A88B100C64ED ] tcpipreg        C:\Windows\system32\drivers\tcpipreg.sys
16:55:47.0464 5316  tcpipreg - ok
16:55:47.0511 5316  [ 1CB91B2BD8F6DD367DFC2EF26FD751B2 ] TDPIPE          C:\Windows\system32\drivers\tdpipe.sys
16:55:47.0542 5316  TDPIPE - ok
16:55:47.0557 5316  [ 2C2C5AFE7EE4F620D69C23C0617651A8 ] TDTCP           C:\Windows\system32\drivers\tdtcp.sys
16:55:47.0604 5316  TDTCP - ok
16:55:47.0635 5316  [ B459575348C20E8121D6039DA063C704 ] tdx             C:\Windows\system32\DRIVERS\tdx.sys
16:55:47.0682 5316  tdx - ok
16:55:47.0713 5316  [ 04DBF4B01EA4BF25A9A3E84AFFAC9B20 ] TermDD          C:\Windows\system32\drivers\termdd.sys
16:55:47.0729 5316  TermDD - ok
16:55:47.0791 5316  [ 382C804C92811BE57829D8E550A900E2 ] TermService     C:\Windows\System32\termsrv.dll
16:55:47.0838 5316  TermService - ok
16:55:47.0885 5316  [ 42FB6AFD6B79D9FE07381609172E7CA4 ] Themes          C:\Windows\system32\themeservice.dll
16:55:47.0916 5316  Themes - ok
16:55:47.0947 5316  [ 146B6F43A673379A3C670E86D89BE5EA ] THREADORDER     C:\Windows\system32\mmcss.dll
16:55:47.0979 5316  THREADORDER - ok
16:55:48.0041 5316  [ AC88D258F20909EEB91796F490CFBB73 ] TOSHIBA Bluetooth Service c:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosBtSrv.exe
16:55:48.0057 5316  TOSHIBA Bluetooth Service - ok
16:55:48.0072 5316  [ 90AFA1A4451BBBEE87C9F18A665D8121 ] tosporte        C:\Windows\system32\DRIVERS\tosporte.sys
16:55:48.0088 5316  tosporte - ok
16:55:48.0135 5316  [ B168B345FB7073930C31E0D8B85E8353 ] tosrfbd         C:\Windows\system32\DRIVERS\tosrfbd.sys
16:55:48.0135 5316  tosrfbd - ok
16:55:48.0150 5316  [ 74392BAB3F0D4810DA8436EC79D6955D ] tosrfbnp        C:\Windows\system32\Drivers\tosrfbnp.sys
16:55:48.0166 5316  tosrfbnp - ok
16:55:48.0197 5316  [ 1AD9EB1B5ABD0AEEE4084C8153476F1E ] Tosrfcom        C:\Windows\system32\Drivers\tosrfcom.sys
16:55:48.0213 5316  Tosrfcom - ok
16:55:48.0259 5316  [ A72A3473180F378CC07D342803FFD580 ] Tosrfhid        C:\Windows\system32\DRIVERS\Tosrfhid.sys
16:55:48.0259 5316  Tosrfhid - ok
16:55:48.0291 5316  [ B2A1A6538245FD69578224BBF2FD4677 ] tosrfnds        C:\Windows\system32\DRIVERS\tosrfnds.sys
16:55:48.0291 5316  tosrfnds - ok
16:55:48.0337 5316  [ 97529D04178BF604C62C5BE4B8BB2129 ] Tosrfusb        C:\Windows\system32\DRIVERS\tosrfusb.sys
16:55:48.0337 5316  Tosrfusb - ok
16:55:48.0431 5316  [ 4792C0378DB99A9BC2AE2DE6CFFF0C3A ] TrkWks          C:\Windows\System32\trkwks.dll
16:55:48.0478 5316  TrkWks - ok
16:55:48.0540 5316  [ 2C49B175AEE1D4364B91B531417FE583 ] TrustedInstaller C:\Windows\servicing\TrustedInstaller.exe
16:55:48.0587 5316  TrustedInstaller - ok
16:55:48.0634 5316  [ 254BB140EEE3C59D6114C1A86B636877 ] tssecsrv        C:\Windows\system32\DRIVERS\tssecsrv.sys
16:55:48.0696 5316  tssecsrv - ok
16:55:48.0790 5316  [ FD1D6C73E6333BE727CBCC6054247654 ] TsUsbFlt        C:\Windows\system32\drivers\tsusbflt.sys
16:55:48.0821 5316  TsUsbFlt - ok
16:55:48.0883 5316  [ B2FA25D9B17A68BB93D58B0556E8C90D ] tunnel          C:\Windows\system32\DRIVERS\tunnel.sys
16:55:48.0915 5316  tunnel - ok
16:55:48.0961 5316  [ 750FBCB269F4D7DD2E420C56B795DB6D ] uagp35          C:\Windows\system32\DRIVERS\uagp35.sys
16:55:48.0977 5316  uagp35 - ok
16:55:48.0993 5316  [ EE43346C7E4B5E63E54F927BABBB32FF ] udfs            C:\Windows\system32\DRIVERS\udfs.sys
16:55:49.0039 5316  udfs - ok
16:55:49.0117 5316  [ 8344FD4FCE927880AA1AA7681D4927E5 ] UI0Detect       C:\Windows\system32\UI0Detect.exe
16:55:49.0149 5316  UI0Detect - ok
16:55:49.0180 5316  [ 44E8048ACE47BEFBFDC2E9BE4CBC8880 ] uliagpkx        C:\Windows\system32\drivers\uliagpkx.sys
16:55:49.0195 5316  uliagpkx - ok
16:55:49.0242 5316  [ D295BED4B898F0FD999FCFA9B32B071B ] umbus           C:\Windows\system32\drivers\umbus.sys
16:55:49.0258 5316  umbus - ok
16:55:49.0273 5316  [ 7550AD0C6998BA1CB4843E920EE0FEAC ] UmPass          C:\Windows\system32\DRIVERS\umpass.sys
16:55:49.0320 5316  UmPass - ok
16:55:49.0351 5316  [ 833FBB672460EFCE8011D262175FAD33 ] upnphost        C:\Windows\System32\upnphost.dll
16:55:49.0398 5316  upnphost - ok
16:55:49.0429 5316  [ 83CAFCB53201BBAC04D822F32438E244 ] USBAAPL         C:\Windows\system32\Drivers\usbaapl.sys
16:55:49.0445 5316  USBAAPL - ok
16:55:49.0476 5316  [ BD9C55D7023C5DE374507ACC7A14E2AC ] usbccgp         C:\Windows\system32\DRIVERS\usbccgp.sys
16:55:49.0492 5316  usbccgp - ok
16:55:49.0523 5316  [ 04EC7CEC62EC3B6D9354EEE93327FC82 ] usbcir          C:\Windows\system32\drivers\usbcir.sys
16:55:49.0570 5316  usbcir - ok
16:55:49.0601 5316  [ F92DE757E4B7CE9C07C5E65423F3AE3B ] usbehci         C:\Windows\system32\DRIVERS\usbehci.sys
16:55:49.0617 5316  usbehci - ok
16:55:49.0648 5316  [ 8DC94AEC6A7E644A06135AE7506DC2E9 ] usbhub          C:\Windows\system32\DRIVERS\usbhub.sys
16:55:49.0695 5316  usbhub - ok
16:55:49.0726 5316  [ E185D44FAC515A18D9DEDDC23C2CDF44 ] usbohci         C:\Windows\system32\drivers\usbohci.sys
16:55:49.0788 5316  usbohci - ok
16:55:49.0819 5316  [ 797D862FE0875E75C7CC4C1AD7B30252 ] usbprint        C:\Windows\system32\DRIVERS\usbprint.sys
16:55:49.0835 5316  usbprint - ok
16:55:49.0882 5316  [ 576096CCBC07E7C4EA4F5E6686D6888F ] usbscan         C:\Windows\system32\DRIVERS\usbscan.sys
16:55:49.0913 5316  usbscan - ok
16:55:49.0944 5316  [ F991AB9CC6B908DB552166768176896A ] USBSTOR         C:\Windows\system32\DRIVERS\USBSTOR.SYS
16:55:49.0975 5316  USBSTOR - ok
16:55:50.0007 5316  [ 68DF884CF41CDADA664BEB01DAF67E3D ] usbuhci         C:\Windows\system32\DRIVERS\usbuhci.sys
16:55:50.0022 5316  usbuhci - ok
16:55:50.0069 5316  [ 45F4E7BF43DB40A6C6B4D92C76CBC3F2 ] usbvideo        C:\Windows\System32\Drivers\usbvideo.sys
16:55:50.0085 5316  usbvideo - ok
16:55:50.0116 5316  [ 081E6E1C91AEC36758902A9F727CD23C ] UxSms           C:\Windows\System32\uxsms.dll
16:55:50.0194 5316  UxSms - ok
16:55:50.0225 5316  [ 81951F51E318AECC2D68559E47485CC4 ] VaultSvc        C:\Windows\system32\lsass.exe
16:55:50.0241 5316  VaultSvc - ok
16:55:50.0272 5316  [ A059C4C3EDB09E07D21A8E5C0AABD3CB ] vdrvroot        C:\Windows\system32\drivers\vdrvroot.sys
16:55:50.0287 5316  vdrvroot - ok
16:55:50.0334 5316  [ C3CD30495687C2A2F66A65CA6FD89BE9 ] vds             C:\Windows\System32\vds.exe
16:55:50.0381 5316  vds - ok
16:55:50.0428 5316  [ 17C408214EA61696CEC9C66E388B14F3 ] vga             C:\Windows\system32\DRIVERS\vgapnp.sys
16:55:50.0443 5316  vga - ok
16:55:50.0459 5316  [ 8E38096AD5C8570A6F1570A61E251561 ] VgaSave         C:\Windows\System32\drivers\vga.sys
16:55:50.0490 5316  VgaSave - ok
16:55:50.0537 5316  [ 5461686CCA2FDA57B024547733AB42E3 ] vhdmp           C:\Windows\system32\drivers\vhdmp.sys
16:55:50.0553 5316  vhdmp - ok
16:55:50.0584 5316  [ C829317A37B4BEA8F39735D4B076E923 ] viaagp          C:\Windows\system32\drivers\viaagp.sys
16:55:50.0599 5316  viaagp - ok
16:55:50.0615 5316  [ E02F079A6AA107F06B16549C6E5C7B74 ] ViaC7           C:\Windows\system32\DRIVERS\viac7.sys
16:55:50.0646 5316  ViaC7 - ok
16:55:50.0677 5316  [ E43574F6A56A0EE11809B48C09E4FD3C ] viaide          C:\Windows\system32\drivers\viaide.sys
16:55:50.0693 5316  viaide - ok
16:55:50.0740 5316  [ 4C63E00F2F4B5F86AB48A58CD990F212 ] volmgr          C:\Windows\system32\drivers\volmgr.sys
16:55:50.0755 5316  volmgr - ok
16:55:50.0787 5316  [ B5BB72067DDDDBBFB04B2F89FF8C3C87 ] volmgrx         C:\Windows\system32\drivers\volmgrx.sys
16:55:50.0818 5316  volmgrx - ok
16:55:50.0833 5316  [ F497F67932C6FA693D7DE2780631CFE7 ] volsnap         C:\Windows\system32\drivers\volsnap.sys
16:55:50.0849 5316  volsnap - ok
16:55:50.0880 5316  [ 9DFA0CC2F8855A04816729651175B631 ] vsmraid         C:\Windows\system32\DRIVERS\vsmraid.sys
16:55:50.0896 5316  vsmraid - ok
16:55:50.0974 5316  [ 209A3B1901B83AEB8527ED211CCE9E4C ] VSS             C:\Windows\system32\vssvc.exe
16:55:51.0067 5316  VSS - ok
16:55:51.0083 5316  [ 90567B1E658001E79D7C8BBD3DDE5AA6 ] vwifibus        C:\Windows\system32\DRIVERS\vwifibus.sys
16:55:51.0114 5316  vwifibus - ok
16:55:51.0161 5316  [ 7090D3436EEB4E7DA3373090A23448F7 ] vwififlt        C:\Windows\system32\DRIVERS\vwififlt.sys
16:55:51.0192 5316  vwififlt - ok
16:55:51.0223 5316  [ A3F04CBEA6C2A10E6CB01F8B47611882 ] vwifimp         C:\Windows\system32\DRIVERS\vwifimp.sys
16:55:51.0255 5316  vwifimp - ok
16:55:51.0286 5316  [ 55187FD710E27D5095D10A472C8BAF1C ] W32Time         C:\Windows\system32\w32time.dll
16:55:51.0348 5316  W32Time - ok
16:55:51.0364 5316  [ DE3721E89C653AA281428C8A69745D90 ] WacomPen        C:\Windows\system32\DRIVERS\wacompen.sys
16:55:51.0411 5316  WacomPen - ok
16:55:51.0457 5316  [ 3C3C78515F5AB448B022BDF5B8FFDD2E ] WANARP          C:\Windows\system32\DRIVERS\wanarp.sys
16:55:51.0489 5316  WANARP - ok
16:55:51.0504 5316  [ 3C3C78515F5AB448B022BDF5B8FFDD2E ] Wanarpv6        C:\Windows\system32\DRIVERS\wanarp.sys
16:55:51.0535 5316  Wanarpv6 - ok
16:55:51.0629 5316  [ 353A04C273EC58475D8633E75CCD5604 ] WatAdminSvc     C:\Windows\system32\Wat\WatAdminSvc.exe
16:55:51.0691 5316  WatAdminSvc - ok
16:55:51.0785 5316  [ 691E3285E53DCA558E1A84667F13E15A ] wbengine        C:\Windows\system32\wbengine.exe
16:55:51.0863 5316  wbengine - ok
16:55:51.0910 5316  [ 9614B5D29DC76AC3C29F6D2D3AA70E67 ] WbioSrvc        C:\Windows\System32\wbiosrvc.dll
16:55:51.0941 5316  WbioSrvc - ok
16:55:51.0988 5316  [ 34EEE0DFAADB4F691D6D5308A51315DC ] wcncsvc         C:\Windows\System32\wcncsvc.dll
16:55:52.0050 5316  wcncsvc - ok
16:55:52.0066 5316  [ 5D930B6357A6D2AF4D7653BDABBF352F ] WcsPlugInService C:\Windows\System32\WcsPlugInService.dll
16:55:52.0081 5316  WcsPlugInService - ok
16:55:52.0113 5316  [ 1112A9BADACB47B7C0BB0392E3158DFF ] Wd              C:\Windows\system32\DRIVERS\wd.sys
16:55:52.0128 5316  Wd - ok
16:55:52.0159 5316  [ 9950E3D0F08141C7E89E64456AE7DC73 ] Wdf01000        C:\Windows\system32\drivers\Wdf01000.sys
16:55:52.0191 5316  Wdf01000 - ok
16:55:52.0206 5316  [ 46EF9DC96265FD0B423DB72E7C38C2A5 ] WdiServiceHost  C:\Windows\system32\wdi.dll
16:55:52.0253 5316  WdiServiceHost - ok
16:55:52.0253 5316  [ 46EF9DC96265FD0B423DB72E7C38C2A5 ] WdiSystemHost   C:\Windows\system32\wdi.dll
16:55:52.0284 5316  WdiSystemHost - ok
16:55:52.0331 5316  [ A9D880F97530D5B8FEE278923349929D ] WebClient       C:\Windows\System32\webclnt.dll
16:55:52.0347 5316  WebClient - ok
16:55:52.0409 5316  [ 760F0AFE937A77CFF27153206534F275 ] Wecsvc          C:\Windows\system32\wecsvc.dll
16:55:52.0440 5316  Wecsvc - ok
16:55:52.0456 5316  [ AC804569BB2364FB6017370258A4091B ] wercplsupport   C:\Windows\System32\wercplsupport.dll
16:55:52.0503 5316  wercplsupport - ok
16:55:52.0565 5316  [ 08E420D873E4FD85241EE2421B02C4A4 ] WerSvc          C:\Windows\System32\WerSvc.dll
16:55:52.0659 5316  WerSvc - ok
16:55:52.0877 5316  [ 8B9A943F3B53861F2BFAF6C186168F79 ] WfpLwf          C:\Windows\system32\DRIVERS\wfplwf.sys
16:55:52.0908 5316  WfpLwf - ok
16:55:52.0924 5316  [ 5CF95B35E59E2A38023836FFF31BE64C ] WIMMount        C:\Windows\system32\drivers\wimmount.sys
16:55:52.0939 5316  WIMMount - ok
16:55:52.0986 5316  [ 8B976D4CA270110111DF4F313DA0E6E8 ] winachsf        C:\Windows\system32\DRIVERS\HSX_CNXT.sys
16:55:53.0017 5316  winachsf - ok
16:55:53.0095 5316  [ 3FAE8F94296001C32EAB62CD7D82E0FD ] WinDefend       C:\Program Files\Windows Defender\mpsvc.dll
16:55:53.0158 5316  WinDefend - ok
16:55:53.0173 5316  WinHttpAutoProxySvc - ok
16:55:53.0407 5316  [ F62E510B6AD4C21EB9FE8668ED251826 ] Winmgmt         C:\Windows\system32\wbem\WMIsvc.dll
16:55:53.0470 5316  Winmgmt - ok
16:55:53.0563 5316  [ 1B91CD34EA3A90AB6A4EF0550174F4CC ] WinRM           C:\Windows\system32\WsmSvc.dll
16:55:53.0657 5316  WinRM - ok
16:55:53.0875 5316  [ A67E5F9A400F3BD1BE3D80613B45F708 ] WinUsb          C:\Windows\system32\DRIVERS\WinUsb.sys
16:55:53.0969 5316  WinUsb - ok
16:55:54.0031 5316  [ 16935C98FF639D185086A3529B1F2067 ] Wlansvc         C:\Windows\System32\wlansvc.dll
16:55:54.0109 5316  Wlansvc - ok
16:55:54.0172 5316  [ 3CBCE0C65CC433121001C1108B511D13 ] wltrysvc        C:\Program Files\Dell\Dell Wireless WLAN Card\WLTRYSVC.EXE
16:55:54.0203 5316  wltrysvc ( UnsignedFile.Multi.Generic ) - warning
16:55:54.0203 5316  wltrysvc - detected UnsignedFile.Multi.Generic (1)
16:55:54.0265 5316  [ 0217679B8FCA58714C3BF2726D2CA84E ] WmiAcpi         C:\Windows\system32\drivers\wmiacpi.sys
16:55:54.0297 5316  WmiAcpi - ok
16:55:54.0328 5316  [ 6EB6B66517B048D87DC1856DDF1F4C3F ] wmiApSrv        C:\Windows\system32\wbem\WmiApSrv.exe
16:55:54.0390 5316  wmiApSrv - ok
16:55:54.0593 5316  [ 3B40D3A61AA8C21B88AE57C58AB3122E ] WMPNetworkSvc   C:\Program Files\Windows Media Player\wmpnetwk.exe
16:55:54.0655 5316  WMPNetworkSvc - ok
16:55:54.0687 5316  [ A2F0EC770A92F2B3F9DE6D518E11409C ] WPCSvc          C:\Windows\System32\wpcsvc.dll
16:55:54.0733 5316  WPCSvc - ok
16:55:54.0780 5316  [ AA53356D60AF47EACC85BC617A4F3F66 ] WPDBusEnum      C:\Windows\system32\wpdbusenum.dll
16:55:54.0843 5316  WPDBusEnum - ok
16:55:54.0921 5316  [ 6DB3276587B853BF886B69528FDB048C ] ws2ifsl         C:\Windows\system32\drivers\ws2ifsl.sys
16:55:55.0014 5316  ws2ifsl - ok
16:55:55.0061 5316  [ 6F5D49EFE0E7164E03AE773A3FE25340 ] wscsvc          C:\Windows\System32\wscsvc.dll
16:55:55.0092 5316  wscsvc - ok
16:55:55.0108 5316  WSearch - ok
16:55:55.0186 5316  [ FC3EC24FCE372C89423E015A2AC1A31E ] wuauserv        C:\Windows\system32\wuaueng.dll
16:55:55.0279 5316  wuauserv - ok
16:55:55.0311 5316  [ E714A1C0354636837E20CCBF00888EE7 ] WudfPf          C:\Windows\system32\drivers\WudfPf.sys
16:55:55.0342 5316  WudfPf - ok
16:55:55.0420 5316  [ 1023EE888C9B47178C5293ED5336AB69 ] WUDFRd          C:\Windows\system32\DRIVERS\WUDFRd.sys
16:55:55.0467 5316  WUDFRd - ok
16:55:55.0513 5316  [ 8D1E1E529A2C9E9B6A85B55A345F7629 ] wudfsvc         C:\Windows\System32\WUDFSvc.dll
16:55:55.0545 5316  wudfsvc - ok
16:55:55.0591 5316  [ FF2D745B560F7C71B31F30F4D49F73D2 ] WwanSvc         C:\Windows\System32\wwansvc.dll
16:55:55.0623 5316  WwanSvc - ok
16:55:55.0654 5316  [ 894F963BE999BA9DB5AAC3AED55B115D ] XAudio          C:\Windows\system32\DRIVERS\XAudio32.sys
16:55:55.0669 5316  XAudio - ok
16:55:55.0841 5316  ================ Scan global ===============================
16:55:55.0888 5316  [ DAB748AE0439955ED2FA22357533DDDB ] C:\Windows\system32\basesrv.dll
16:55:55.0935 5316  [ 183B4188D5D91B271613EC3EFD1B3CEF ] C:\Windows\system32\winsrv.dll
16:55:55.0950 5316  [ 183B4188D5D91B271613EC3EFD1B3CEF ] C:\Windows\system32\winsrv.dll
16:55:55.0981 5316  [ 364455805E64882844EE9ACB72522830 ] C:\Windows\system32\sxssrv.dll
16:55:56.0028 5316  [ 5F1B6A9C35D3D5CA72D6D6FDEF9747D6 ] C:\Windows\system32\services.exe
16:55:56.0028 5316  [Global] - ok
16:55:56.0044 5316  ================ Scan MBR ==================================
16:55:56.0059 5316  [ 5C616939100B85E558DA92B899A0FC36 ] \Device\Harddisk0\DR0
16:55:56.0371 5316  \Device\Harddisk0\DR0 - ok
16:55:56.0387 5316  [ 8F558EB6672622401DA993E1E865C861 ] \Device\Harddisk1\DR1
16:55:59.0226 5316  \Device\Harddisk1\DR1 - ok
16:55:59.0242 5316  ================ Scan VBR ==================================
16:55:59.0242 5316  [ 326A9EDDC7B4339130E9ADFD28726ACF ] \Device\Harddisk0\DR0\Partition1
16:55:59.0242 5316  \Device\Harddisk0\DR0\Partition1 - ok
16:55:59.0289 5316  [ 61AA32B2487004EEEF466A57C93BF6B8 ] \Device\Harddisk0\DR0\Partition2
16:55:59.0289 5316  \Device\Harddisk0\DR0\Partition2 - ok
16:55:59.0304 5316  [ 04C273A516A283F7400300D1302D1E33 ] \Device\Harddisk1\DR1\Partition1
16:55:59.0304 5316  \Device\Harddisk1\DR1\Partition1 - ok
16:55:59.0320 5316  ============================================================
16:55:59.0320 5316  Scan finished
16:55:59.0320 5316  ============================================================
16:55:59.0335 5324  Detected object count: 3
16:55:59.0335 5324  Actual detected object count: 3
16:56:28.0539 5324  BMLoad ( UnsignedFile.Multi.Generic ) - skipped by user
16:56:28.0539 5324  BMLoad ( UnsignedFile.Multi.Generic ) - User select action: Skip 
16:56:28.0539 5324  tcpipBM ( UnsignedFile.Multi.Generic ) - skipped by user
16:56:28.0539 5324  tcpipBM ( UnsignedFile.Multi.Generic ) - User select action: Skip 
16:56:28.0539 5324  wltrysvc ( UnsignedFile.Multi.Generic ) - skipped by user
16:56:28.0539 5324  wltrysvc ( UnsignedFile.Multi.Generic ) - User select action: Skip
         
Gruß

...nähern wir uns dem Ende?

Antwort

Themen zu BKA Trojaner Win7
aktuelle, browser, ccleaner, dateien, desktop, einfach, eingabeaufforderung, falsch, firefox, internetverbindung, log, löschen, malwarebytes, modus, nichts, notebook, screen, seite, signaturen, start, temporäre, trojaner, verbindung, win, win7



Ähnliche Themen: BKA Trojaner Win7


  1. Div. Bluescreens bei Win7 und Win7-Installation nach durchgeb. Netzteil
    Alles rund um Windows - 24.11.2013 (8)
  2. GUV Trojaner Win7
    Plagegeister aller Art und deren Bekämpfung - 22.02.2013 (27)
  3. GVU-Trojaner auf Win7 x64
    Plagegeister aller Art und deren Bekämpfung - 16.02.2013 (5)
  4. GVU Trojaner Win7
    Plagegeister aller Art und deren Bekämpfung - 09.01.2013 (1)
  5. GVU-Trojaner auf Win7
    Plagegeister aller Art und deren Bekämpfung - 23.11.2012 (13)
  6. GVU Trojaner in Win7
    Plagegeister aller Art und deren Bekämpfung - 21.11.2012 (3)
  7. BKA Trojaner 1.13 Win7
    Plagegeister aller Art und deren Bekämpfung - 11.11.2012 (10)
  8. GVU Win7 Trojaner
    Plagegeister aller Art und deren Bekämpfung - 07.10.2012 (4)
  9. GVU Trojaner auf Win7 Pro x64
    Plagegeister aller Art und deren Bekämpfung - 09.09.2012 (12)
  10. SUISA-Trojaner (Verschlüsselungs-Trojaner) befall auf HP-Pro-Laptop Win7 64Bit
    Plagegeister aller Art und deren Bekämpfung - 06.09.2012 (19)
  11. GVU Trojaner auf Win7 :-(
    Plagegeister aller Art und deren Bekämpfung - 09.08.2012 (10)
  12. GVU Trojaner - Win7
    Log-Analyse und Auswertung - 06.08.2012 (12)
  13. gvu trojaner win7
    Plagegeister aller Art und deren Bekämpfung - 02.08.2012 (7)
  14. GVU-Trojaner, Win7 64-Bit
    Plagegeister aller Art und deren Bekämpfung - 26.07.2012 (1)
  15. BKA Trojaner 3.02 und 1.03 auf Win7
    Log-Analyse und Auswertung - 30.03.2012 (1)
  16. BKA Trojaner win7 pro 64 Bit
    Log-Analyse und Auswertung - 14.11.2011 (30)
  17. Ist Win7 Starter genau so sicher wie das normale Win7?
    Alles rund um Windows - 28.07.2011 (2)

Zum Thema BKA Trojaner Win7 - Hallo. Ich hab hier ein Notebook (Freund), das vom BKA Trojaner befallen ist. Der Freund sagte mir das es passierte als er mit dem IE unterwegs war und auf irgendeiner - BKA Trojaner Win7...
Archiv
Du betrachtest: BKA Trojaner Win7 auf Trojaner-Board

Search Engine Optimization by vBSEO ©2011, Crawlability, Inc.