GUV-Trojaner - Computer gesperrt - Win 7

cosinus · 28.09.2012, 21:49

adwCleaner - Toolbars und ungewollte Start-/Suchseiten entfernen

Schließe alle offenen Programme und Browser.
Starte die adwcleaner.exe mit einem Doppelklick.
Klicke auf Löschen.
Bestätige jeweils mit Ok.
Dein Rechner wird neu gestartet. Nach dem Neustart öffnet sich eine Textdatei.
Poste mir den Inhalt mit deiner nächsten Antwort.
Die Logdatei findest du auch unter C:\AdwCleaner[Sx].txt. (x=fortlaufende Nummer)

erebor · 28.09.2012, 21:55

Code:

ATTFilter

# AdwCleaner v2.003 - Datei am 09/28/2012 um 22:50:22 erstellt
# Aktualisiert am 23/09/2012 von Xplode
# Betriebssystem : Windows 7 Home Premium  (32 bits)
# Benutzer : Tini - TINI-PC
# Bootmodus : Normal
# Ausgeführt unter : C:\Users\Tini\Desktop\adwcleaner.exe
# Option [Löschen]


**** [Dienste] ****


***** [Dateien / Ordner] *****


***** [Registrierungsdatenbank] *****

Schlüssel Gelöscht : HKCU\Software\Ask.com.tmp

***** [Internet Browser] *****

-\\ Internet Explorer v8.0.7600.16385

[OK] Die Registrierungsdatenbank ist sauber.

-\\ Mozilla Firefox v15.0 (de)

Profilname : default 
Datei : C:\Users\Tini\AppData\Roaming\Mozilla\Firefox\Profiles\9setddhg.default\prefs.js

[OK] Die Datei ist sauber.

*************************

AdwCleaner[R1].txt - [9330 octets] - [28/09/2012 20:10:08]
AdwCleaner[S1].txt - [9544 octets] - [28/09/2012 20:49:53]
AdwCleaner[R2].txt - [1152 octets] - [28/09/2012 22:34:23]
AdwCleaner[S2].txt - [956 octets] - [28/09/2012 22:50:22]

########## EOF - C:\AdwCleaner[S2].txt - [1015 octets] ##########

cosinus · 28.09.2012, 22:29

Mach bitte ein neues OTL-Log. Bitte alles nach Möglichkeit hier in CODE-Tags posten.

Wird so gemacht:

[code] hier steht das Log [/code]

Und das ganze sieht dann so aus:

Code:

ATTFilter

 hier steht das Log

CustomScan mit OTL

Lade Dir bitte OTL von Oldtimer herunter und speichere es auf Deinem Desktop. Falls schon vorhanden, bitte die ältere vorhandene Datei durch die neu heruntergeladene Datei ersetzen, damit du auch wirklich mit einer aktuellen Version von OTL arbeitest.

Starte bitte die OTL.exe.
Vista und Win7 User mit Rechtsklick "als Administrator starten"
Setze oben mittig den Haken bei Scanne alle Benutzer
Kopiere nun den kompletten Inhalt aus der untenstehenden Codebox in die Textbox von OTL - wenn OTL auf deutsch ist wird sie mit beschriftet

Code:

ATTFilter

netsvcs
msconfig
safebootminimal
safebootnetwork
activex
drivers32
%ALLUSERSPROFILE%\Application Data\*.
%ALLUSERSPROFILE%\Application Data\*.exe /s
%APPDATA%\*.
%APPDATA%\*.exe /s
%SYSTEMDRIVE%\*.exe
/md5start
wininit.exe
userinit.exe
eventlog.dll
scecli.dll
netlogon.dll
cngaudit.dll
ws2ifsl.sys
sceclt.dll
ntelogon.dll
winlogon.exe
logevent.dll
user32.DLL
iaStor.sys
nvstor.sys
atapi.sys
IdeChnDr.sys
viasraid.sys
AGP440.sys
vaxscsi.sys
nvatabus.sys
viamraid.sys
nvata.sys
nvgts.sys
iastorv.sys
ViPrt.sys
eNetHook.dll
ahcix86.sys
KR10N.sys
nvstor32.sys
ahcix86s.sys
/md5stop
%systemroot%\system32\drivers\*.sys /lockedfiles
%systemroot%\System32\config\*.sav
%systemroot%\*. /mp /s
%systemroot%\system32\*.dll /lockedfiles
CREATERESTOREPOINT

Schliesse bitte nun alle Programme. (Wichtig)
Klicke nun bitte auf den Quick Scan Button.
Klick auf .
Kopiere nun den Inhalt aus OTL.txt hier in Deinen Thread

erebor · 28.09.2012, 22:54

OTL Logfile:

Code:

ATTFilter

OTL logfile created on: 28.09.2012 23:32:47 - Run 3
OTL by OldTimer - Version 3.2.69.0     Folder = C:\Users\Tini\Desktop
 Home Premium Edition  (Version = 6.1.7600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.7600.16385)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
 
3,18 Gb Total Physical Memory | 2,22 Gb Available Physical Memory | 69,86% Memory free
6,35 Gb Paging File | 5,21 Gb Available in Paging File | 81,92% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 424,66 Gb Total Space | 280,54 Gb Free Space | 66,06% Space Free | Partition Type: NTFS
Drive D: | 40,00 Gb Total Space | 30,29 Gb Free Space | 75,72% Space Free | Partition Type: NTFS
Drive F: | 931,51 Gb Total Space | 814,90 Gb Free Space | 87,48% Space Free | Partition Type: NTFS
 
Computer Name: TINI-PC | User Name: Tini | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users | Quick Scan
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days
 
========== Processes (SafeList) ==========
 
PRC - C:\Users\Tini\Desktop\OTL.exe (OldTimer Tools)
PRC - C:\Programme\Avira\AntiVir Desktop\avgnt.exe (Avira Operations GmbH & Co. KG)
PRC - C:\Programme\Avira\AntiVir Desktop\sched.exe (Avira Operations GmbH & Co. KG)
PRC - C:\Programme\Avira\AntiVir Desktop\avshadow.exe (Avira Operations GmbH & Co. KG)
PRC - C:\Programme\Avira\AntiVir Desktop\avguard.exe (Avira Operations GmbH & Co. KG)
PRC - C:\Windows\System32\conhost.exe (Microsoft Corporation)
PRC - C:\Windows\explorer.exe (Microsoft Corporation)
PRC - C:\Programme\Verbindungsassistent\WTGService.exe ()
PRC - C:\Programme\McAfee Security Scan\2.0.181\SSScheduler.exe (McAfee, Inc.)
PRC - C:\Programme\Launch Manager\WButton.exe (Wistron Corp.)
PRC - C:\Programme\Realtek\Audio\HDA\RtHDVBg.exe (Realtek Semiconductor)
PRC - C:\Programme\Launch Manager\HotkeyApp.exe (Wistron)
PRC - C:\Programme\Launch Manager\OSD.exe (Wistron Corp.)
PRC - C:\Programme\Intel\Intel(R) Management Engine Components\UNS\UNS.exe (Intel Corporation)
PRC - C:\Programme\Intel\Intel(R) Management Engine Components\LMS\LMS.exe (Intel Corporation)
PRC - C:\Programme\Launch Manager\WisLMSvc.exe (Wistron Corp.)
PRC - C:\Programme\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe (Intel Corporation)
PRC - C:\Programme\Windows Media Player\wmpnetwk.exe (Microsoft Corporation)
PRC - C:\Windows\System32\taskhost.exe (Microsoft Corporation)
PRC - c:\Programme\Windows Defender\MpCmdRun.exe (Microsoft Corporation)
PRC - C:\Programme\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe (Microsoft Corporation)
PRC - C:\Programme\Common Files\MAGIX Services\Database\bin\FABS.exe (MAGIX AG)
PRC - C:\Windows\System32\bgsvcgen.exe (B.H.A Corporation)
PRC - C:\Windows\System32\PSIService.exe ()
 
 
========== Modules (No Company Name) ==========
 
 
========== Services (SafeList) ==========
 
SRV - (MozillaMaintenance) -- C:\Programme\Mozilla Maintenance Service\maintenanceservice.exe (Mozilla Foundation)
SRV - (AntiVirSchedulerService) -- C:\Programme\Avira\AntiVir Desktop\sched.exe (Avira Operations GmbH & Co. KG)
SRV - (AntiVirService) -- C:\Programme\Avira\AntiVir Desktop\avguard.exe (Avira Operations GmbH & Co. KG)
SRV - (WatAdminSvc) -- C:\Windows\System32\Wat\WatAdminSvc.exe (Microsoft Corporation)
SRV - (WTGService) -- C:\Programme\Verbindungsassistent\WTGService.exe ()
SRV - (McComponentHostService) -- C:\Programme\McAfee Security Scan\2.0.181\McCHSvc.exe (McAfee, Inc.)
SRV - (UNS) -- C:\Programme\Intel\Intel(R) Management Engine Components\UNS\UNS.exe (Intel Corporation)
SRV - (LMS) -- C:\Programme\Intel\Intel(R) Management Engine Components\LMS\LMS.exe (Intel Corporation)
SRV - (WisLMSvc) -- C:\Programme\Launch Manager\WisLMSvc.exe (Wistron Corp.)
SRV - (IAStorDataMgrSvc) -- C:\Programme\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe (Intel Corporation)
SRV - (SensrSvc) -- C:\Windows\System32\sensrsvc.dll (Microsoft Corporation)
SRV - (WinDefend) -- C:\Programme\Windows Defender\MpSvc.dll (Microsoft Corporation)
SRV - (WMPNetworkSvc) -- C:\Programme\Windows Media Player\wmpnetwk.exe (Microsoft Corporation)
SRV - (SeaPort) -- C:\Programme\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe (Microsoft Corporation)
SRV - (Fabs) -- C:\Program Files\Common Files\MAGIX Services\Database\bin\FABS.exe (MAGIX AG)
SRV - (FirebirdServerMAGIXInstance) -- C:\Programme\Common Files\MAGIX Services\Database\bin\fbserver.exe (MAGIX®)
SRV - (bgsvcgen) -- C:\Windows\System32\bgsvcgen.exe (B.H.A Corporation)
SRV - (ProtexisLicensing) -- C:\Windows\System32\PSIService.exe ()
 
 
========== Driver Services (SafeList) ==========
 
DRV - (USBCCID) -- system32\DRIVERS\RtsUCcid.sys File not found
DRV - (RtsUIR) -- system32\DRIVERS\Rts516xIR.sys File not found
DRV - (avipbb) -- C:\Windows\System32\drivers\avipbb.sys (Avira GmbH)
DRV - (avgntflt) -- C:\Windows\System32\drivers\avgntflt.sys (Avira GmbH)
DRV - (avkmgr) -- C:\Windows\System32\drivers\avkmgr.sys (Avira GmbH)
DRV - (ANDModem) -- C:\Windows\System32\drivers\lgandmodem.sys (LG Electronics Inc.)
DRV - (AndDiag) -- C:\Windows\System32\drivers\lganddiag.sys (LG Electronics Inc.)
DRV - (AndGps) -- C:\Windows\System32\drivers\lgandgps.sys (LG Electronics Inc.)
DRV - (Andbus) -- C:\Windows\System32\drivers\lgandbus.sys (LG Electronics Inc.)
DRV - (ssmdrv) -- C:\Windows\System32\drivers\ssmdrv.sys (Avira GmbH)
DRV - (nvlddmkm) -- C:\Windows\System32\drivers\nvlddmkm.sys (NVIDIA Corporation)
DRV - (rtl8192se) -- C:\Windows\System32\drivers\rtl8192se.sys (Realtek Semiconductor Corporation                           )
DRV - (L1C) -- C:\Windows\System32\drivers\L1C62x86.sys (Atheros Communications, Inc.)
DRV - (IntcDAud) -- C:\Windows\System32\drivers\IntcDAud.sys (Intel(R) Corporation)
DRV - (Impcd) -- C:\Windows\System32\drivers\Impcd.sys (Intel Corporation)
DRV - (HECI) -- C:\Windows\System32\drivers\HECI.sys (Intel Corporation)
DRV - (RSUSBSTOR) -- C:\Windows\System32\drivers\RtsUStor.sys (Realtek Semiconductor Corp.)
DRV - (hwdatacard) -- C:\Windows\System32\drivers\ewusbmdm.sys (Huawei Technologies Co., Ltd.)
DRV - (cdrbsdrv) -- C:\Windows\System32\drivers\cdrbsdrv.sys (B.H.A Corporation)
 
 
========== Standard Registry (SafeList) ==========
 
 
========== Internet Explorer ==========
 
IE - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&FORM=IE8SRC
 
 
IE - HKU\.DEFAULT\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
 
IE - HKU\S-1-5-18\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
 
IE - HKU\S-1-5-19\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
 
IE - HKU\S-1-5-20\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
 
IE - HKU\S-1-5-21-2249979900-2224263888-1861242652-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://www.aldi.com
IE - HKU\S-1-5-21-2249979900-2224263888-1861242652-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Search_URL = hxxp://www.google.com/ie
IE - HKU\S-1-5-21-2249979900-2224263888-1861242652-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Secondary_Page_URL = hxxp://medion.msn.com [binary data]
IE - HKU\S-1-5-21-2249979900-2224263888-1861242652-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Search Bar = hxxp://www.google.com/ie
IE - HKU\S-1-5-21-2249979900-2224263888-1861242652-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.google.com
IE - HKU\S-1-5-21-2249979900-2224263888-1861242652-1000\SOFTWARE\Microsoft\Internet Explorer\Main,SearchDefaultBranded = 1
IE - HKU\S-1-5-21-2249979900-2224263888-1861242652-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.freemail.de/
IE - HKU\S-1-5-21-2249979900-2224263888-1861242652-1000\SOFTWARE\Microsoft\Internet Explorer\Search,Default_Search_URL = hxxp://www.google.com/ie
IE - HKU\S-1-5-21-2249979900-2224263888-1861242652-1000\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant = hxxp://www.google.com/ie
IE - HKU\S-1-5-21-2249979900-2224263888-1861242652-1000\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE - HKU\S-1-5-21-2249979900-2224263888-1861242652-1000\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&src=IE-SearchBox&FORM=IE8SRC
IE - HKU\S-1-5-21-2249979900-2224263888-1861242652-1000\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = hxxp://www.google.com/search?q={searchTerms}&rls=com.microsoft:{language}
IE - HKU\S-1-5-21-2249979900-2224263888-1861242652-1000\..\SearchScopes\{87CD65BD-5CE8-4469-B624-3A653EB1BA01}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&form=MEDTDF&pc=MAMD&src=IE-SearchBox
IE - HKU\S-1-5-21-2249979900-2224263888-1861242652-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
 
========== FireFox ==========
 
FF - prefs.js..extensions.enabledItems: toolbar@ask.com:3.11.3.100005
FF - user.js - File not found
 
FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF32.dll ()
FF - HKLM\Software\MozillaPlugins\@google.com/npPicasa3,version=3.0.0: C:\Program Files\Google\Picasa3\npPicasa3.dll (Google, Inc.)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files\Microsoft Silverlight\3.0.50106.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=14.0.8081.0709: C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
 
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 15.0\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2012.09.12 17:23:59 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 15.0\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2012.09.12 17:23:54 | 000,000,000 | ---D | M]
FF - HKEY_CURRENT_USER\software\mozilla\Mozilla Firefox 15.0.1\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2012.09.12 17:23:59 | 000,000,000 | ---D | M]
FF - HKEY_CURRENT_USER\software\mozilla\Mozilla Firefox 15.0.1\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2012.09.12 17:23:54 | 000,000,000 | ---D | M]
 
[2010.03.05 12:45:23 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Tini\AppData\Roaming\mozilla\Extensions
[2012.09.28 20:49:56 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Tini\AppData\Roaming\mozilla\Firefox\Profiles\9setddhg.default\extensions
[2012.09.12 17:23:53 | 000,000,000 | ---D | M] (No name found) -- C:\Programme\Mozilla Firefox\extensions
[2012.09.12 17:23:59 | 000,266,720 | ---- | M] (Mozilla Foundation) -- C:\Program Files\mozilla firefox\components\browsercomps.dll
[2011.10.03 05:06:04 | 000,476,904 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files\mozilla firefox\plugins\npdeployJava1.dll
[2012.09.08 21:01:56 | 000,001,392 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\amazondotcom-de.xml
[2012.09.08 21:01:56 | 000,002,465 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\bing.xml
[2012.09.08 21:01:56 | 000,001,153 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\eBay-de.xml
[2012.09.08 21:01:56 | 000,006,805 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\leo_ende_de.xml
[2012.09.08 21:01:56 | 000,001,178 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\wikipedia-de.xml
[2012.09.08 21:01:56 | 000,001,105 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\yahoo-de.xml
 
O1 HOSTS File: ([2009.06.10 23:39:37 | 000,000,824 | ---- | M]) - C:\Windows\System32\drivers\etc\hosts
O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - No CLSID value found.
O2 - BHO: (Search Helper) - {6EBF7485-159F-4bff-A14F-B9E3AAC4465B} - C:\Programme\Microsoft\Search Enhancement Pack\Search Helper\SEPsearchhelperie.dll (Microsoft Corporation)
O2 - BHO: (Windows Live Anmelde-Hilfsprogramm) - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Programme\Common Files\microsoft shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corporation)
O2 - BHO: (Java(tm) Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll File not found
O2 - BHO: (Windows Live Toolbar Helper) - {E15A8DC0-8516-42A1-81EA-DC94EC1ACF10} - C:\Programme\Windows Live\Toolbar\wltcore.dll (Microsoft Corporation)
O3 - HKLM\..\Toolbar: (&Windows Live Toolbar) - {21FA44EF-376D-4D53-9B0F-8A89D3229068} - C:\Programme\Windows Live\Toolbar\wltcore.dll (Microsoft Corporation)
O3 - HKU\S-1-5-21-2249979900-2224263888-1861242652-1000\..\Toolbar\WebBrowser: (&Windows Live Toolbar) - {21FA44EF-376D-4D53-9B0F-8A89D3229068} - C:\Programme\Windows Live\Toolbar\wltcore.dll (Microsoft Corporation)
O4 - HKLM..\Run: []  File not found
O4 - HKLM..\Run: [avgnt] C:\Program Files\Avira\AntiVir Desktop\avgnt.exe (Avira Operations GmbH & Co. KG)
O4 - HKLM..\Run: [HotkeyApp] C:\Program Files\Launch Manager\HotkeyApp.exe (Wistron)
O4 - HKLM..\Run: [LMgrOSD] "C:\Program Files\Launch Manager\OSDCtrl.exe" File not found
O4 - HKLM..\Run: [LMgrVolOSD] C:\Program Files\Launch Manager\OSD.exe (Wistron Corp.)
O4 - HKLM..\Run: [NvCplDaemon] C:\Windows\System32\NvCpl.dll (NVIDIA Corporation)
O4 - HKLM..\Run: [PDVD9LanguageShortcut] C:\Program Files\CyberLink\PowerDVD9\Language\Language.exe (CyberLink Corp.)
O4 - HKLM..\Run: [RtHDVBg] C:\Program Files\Realtek\Audio\HDA\RtHDVBg.exe (Realtek Semiconductor)
O4 - HKLM..\Run: [Wbutton] C:\Program Files\Launch Manager\Wbutton.exe (Wistron Corp.)
O4 - HKU\S-1-5-19..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (Microsoft Corporation)
O4 - HKU\S-1-5-20..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (Microsoft Corporation)
O4 - Startup: C:\Users\Tini\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\OpenOffice.org 3.2.lnk = C:\Programme\OpenOffice.org 3\program\quickstart.exe ()
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
O8 - Extra context menu item: Add to Google Photos Screensa&ver - C:\Windows\System32\GPhotos.scr (Google Inc.)
O8 - Extra context menu item: Nach Microsoft E&xel exportieren - res://C:\PROGRA~1\MICROS~3\Office12\EXCEL.EXE/3000 File not found
O9 - Extra Button: eBay - Der weltweite Online-Marktplatz - {0B65DCC9-1740-43dc-B19C-4F309FB6A6CA} - hxxp://rover.ebay.com/rover/1/707-37276-17534-31/4 File not found
O9 - Extra 'Tools' menuitem : eBay - {0B65DCC9-1740-43dc-B19C-4F309FB6A6CA} - hxxp://rover.ebay.com/rover/1/707-37276-17534-31/4 File not found
O9 - Extra Button: In Blog veröffentlichen - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Programme\Windows Live\Writer\WriterBrowserExtension.dll (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : In Windows Live Writer in Blog veröffentliche&n - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Programme\Windows Live\Writer\WriterBrowserExtension.dll (Microsoft Corporation)
O13 - gopher Prefix: missing
O16 - DPF: {C345E174-3E87-4F41-A01C-B066A90A49B4} hxxp://trial.trymicrosoftoffice.com/trialoaa/buymsoffice_assets/framework/microsoft/wrc32.ocx (WRC Class)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.2.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{3E7DE919-339A-444D-98AB-B48A90812815}: DhcpNameServer = 192.168.2.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{AECFE797-20E1-407E-B749-9A758EE0D5C1}: DhcpNameServer = 61.177.7.1 218.104.32.106 168.95.1.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{F9054822-0E09-481C-9540-687A254040D7}: DhcpNameServer = 192.168.2.1
O18 - Protocol\Handler\ipp\0x00000001 {E1D2BF42-A96B-11D1-9C6B-0000F875AC61} - C:\Programme\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\livecall {828030A1-22C1-4009-854F-8E305202313F} - C:\Programme\Windows Live\Messenger\msgrapp.14.0.8089.0726.dll (Microsoft Corporation)
O18 - Protocol\Handler\msdaipp\0x00000001 {E1D2BF42-A96B-11D1-9C6B-0000F875AC61} - C:\Programme\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\msdaipp\oledb {E1D2BF40-A96B-11D1-9C6B-0000F875AC61} - C:\Programme\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\ms-itss {0A9007C0-4076-11D3-8789-0000F8105754} - C:\Programme\Common Files\microsoft shared\Information Retrieval\msitss.dll (Microsoft Corporation)
O18 - Protocol\Handler\msnim {828030A1-22C1-4009-854F-8E305202313F} - C:\Programme\Windows Live\Messenger\msgrapp.14.0.8089.0726.dll (Microsoft Corporation)
O18 - Protocol\Handler\wlmailhtml {03C514A3-1EFB-4856-9F99-10D7BE1653C0} - C:\Programme\Windows Live\Mail\mailcomm.dll (Microsoft Corporation)
O20 - AppInit_DLLs: (C:\Windows\system32\nvinit.dll) - C:\Windows\System32\nvinit.dll (NVIDIA Corporation)
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\System32\userinit.exe (Microsoft Corporation)
O20 - HKLM Winlogon: VMApplet - (SystemPropertiesPerformance.exe) - C:\Windows\System32\SystemPropertiesPerformance.exe (Microsoft Corporation)
O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2009.06.10 23:42:20 | 000,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ]
O33 - MountPoints2\{1ed4687b-4d77-11df-8906-806e6f6e6963}\Shell - "" = AutoRun
O33 - MountPoints2\{1ed4687b-4d77-11df-8906-806e6f6e6963}\Shell\AutoRun\command - "" = F:\AutoRun.exe
O33 - MountPoints2\{2fe31451-e59d-11e0-b561-00262df0893e}\Shell - "" = AutoRun
O33 - MountPoints2\{2fe31451-e59d-11e0-b561-00262df0893e}\Shell\AutoRun\command - "" = F:\LaunchU3.exe -a
O33 - MountPoints2\{50908690-e3a6-11e0-aed5-00262df0893e}\Shell - "" = AutoRun
O33 - MountPoints2\{50908690-e3a6-11e0-aed5-00262df0893e}\Shell\AutoRun\command - "" = F:\LaunchU3.exe -a
O33 - MountPoints2\{e2ebe337-01f5-11e0-9e89-1c4bd623fdac}\Shell - "" = AutoRun
O33 - MountPoints2\{e2ebe337-01f5-11e0-9e89-1c4bd623fdac}\Shell\AutoRun\command - "" = F:\AutoRun.exe
O33 - MountPoints2\{e2ebe33a-01f5-11e0-9e89-1c4bd623fdac}\Shell - "" = AutoRun
O33 - MountPoints2\{e2ebe33a-01f5-11e0-9e89-1c4bd623fdac}\Shell\AutoRun\command - "" = F:\AutoRun.exe
O33 - MountPoints2\{e4e06538-570f-11e0-b5d3-806e6f6e6963}\Shell - "" = AutoRun
O33 - MountPoints2\{e4e06538-570f-11e0-b5d3-806e6f6e6963}\Shell\AutoRun\command - "" = F:\AutoRun.exe
O33 - MountPoints2\{e4e0654f-570f-11e0-b5d3-1c4bd623fdac}\Shell - "" = AutoRun
O33 - MountPoints2\{e4e0654f-570f-11e0-b5d3-1c4bd623fdac}\Shell\AutoRun\command - "" = F:\AutoRun.exe
O33 - MountPoints2\{f7004fec-2833-11df-baf7-1c4bd623fdac}\Shell - "" = AutoRun
O33 - MountPoints2\{f7004fec-2833-11df-baf7-1c4bd623fdac}\Shell\AutoRun\command - "" = F:\AutoRun.exe
O33 - MountPoints2\{f7004ff0-2833-11df-baf7-1c4bd623fdac}\Shell - "" = AutoRun
O33 - MountPoints2\{f7004ff0-2833-11df-baf7-1c4bd623fdac}\Shell\AutoRun\command - "" = F:\AutoRun.exe
O33 - MountPoints2\G\Shell - "" = AutoRun
O33 - MountPoints2\G\Shell\AutoRun\command - "" = G:\AutoRun.exe
O34 - HKLM BootExecute: (autocheck autochk *)
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)
O38 - SubSystems\\Windows: (ServerDll=sxssrv,4)
 
NetSvcs: FastUserSwitchingCompatibility -  File not found
NetSvcs: Ias - C:\Windows\System32\ias.dll (Microsoft Corporation)
NetSvcs: Nla -  File not found
NetSvcs: Ntmssvc -  File not found
NetSvcs: NWCWorkstation -  File not found
NetSvcs: Nwsapagent -  File not found
NetSvcs: SRService -  File not found
NetSvcs: WmdmPmSp -  File not found
NetSvcs: LogonHours -  File not found
NetSvcs: PCAudit -  File not found
NetSvcs: helpsvc -  File not found
NetSvcs: uploadmgr -  File not found
 
 
SafeBootMin: AppMgmt - Service
SafeBootMin: Base - Driver Group
SafeBootMin: Boot Bus Extender - Driver Group
SafeBootMin: Boot file system - Driver Group
SafeBootMin: File system - Driver Group
SafeBootMin: Filter - Driver Group
SafeBootMin: HelpSvc - Service
SafeBootMin: NTDS -  File not found
SafeBootMin: PCI Configuration - Driver Group
SafeBootMin: PNP Filter - Driver Group
SafeBootMin: Primary disk - Driver Group
SafeBootMin: sacsvr - Service
SafeBootMin: SCSI Class - Driver Group
SafeBootMin: System Bus Extender - Driver Group
SafeBootMin: vmms - Service
SafeBootMin: WinDefend - C:\Programme\Windows Defender\MpSvc.dll (Microsoft Corporation)
SafeBootMin: {36FC9E60-C465-11CF-8056-444553540000} - Universal Serial Bus controllers
SafeBootMin: {4D36E965-E325-11CE-BFC1-08002BE10318} - CD-ROM Drive
SafeBootMin: {4D36E967-E325-11CE-BFC1-08002BE10318} - DiskDrive
SafeBootMin: {4D36E969-E325-11CE-BFC1-08002BE10318} - Standard floppy disk controller
SafeBootMin: {4D36E96A-E325-11CE-BFC1-08002BE10318} - Hdc
SafeBootMin: {4D36E96B-E325-11CE-BFC1-08002BE10318} - Keyboard
SafeBootMin: {4D36E96F-E325-11CE-BFC1-08002BE10318} - Mouse
SafeBootMin: {4D36E977-E325-11CE-BFC1-08002BE10318} - PCMCIA Adapters
SafeBootMin: {4D36E97B-E325-11CE-BFC1-08002BE10318} - SCSIAdapter
SafeBootMin: {4D36E97D-E325-11CE-BFC1-08002BE10318} - System
SafeBootMin: {4D36E980-E325-11CE-BFC1-08002BE10318} - Floppy disk drive
SafeBootMin: {533C5B84-EC70-11D2-9505-00C04F79DEAF} - Volume shadow copy
SafeBootMin: {6BDD1FC1-810F-11D0-BEC7-08002BE2092F} - IEEE 1394 Bus host controllers
SafeBootMin: {71A27CDD-812A-11D0-BEC7-08002BE2092F} - Volume
SafeBootMin: {745A17A0-74D3-11D0-B6FE-00A0C90F57DA} - Human Interface Devices
SafeBootMin: {D48179BE-EC20-11D1-B6B8-00C04FA372A7} - SBP2 IEEE 1394 Devices
SafeBootMin: {D94EE5D8-D189-4994-83D2-F68D7D41B0E6} - SecurityDevices
 
SafeBootNet: AppMgmt - Service
SafeBootNet: Base - Driver Group
SafeBootNet: Boot Bus Extender - Driver Group
SafeBootNet: Boot file system - Driver Group
SafeBootNet: File system - Driver Group
SafeBootNet: Filter - Driver Group
SafeBootNet: HelpSvc - Service
SafeBootNet: Messenger - Service
SafeBootNet: NDIS Wrapper - Driver Group
SafeBootNet: NetBIOSGroup - Driver Group
SafeBootNet: NetDDEGroup - Driver Group
SafeBootNet: Network - Driver Group
SafeBootNet: NetworkProvider - Driver Group
SafeBootNet: NTDS -  File not found
SafeBootNet: PCI Configuration - Driver Group
SafeBootNet: PNP Filter - Driver Group
SafeBootNet: PNP_TDI - Driver Group
SafeBootNet: Primary disk - Driver Group
SafeBootNet: rdsessmgr - Service
SafeBootNet: sacsvr - Service
SafeBootNet: SCSI Class - Driver Group
SafeBootNet: Streams Drivers - Driver Group
SafeBootNet: System Bus Extender - Driver Group
SafeBootNet: TDI - Driver Group
SafeBootNet: vmms - Service
SafeBootNet: WinDefend - C:\Programme\Windows Defender\MpSvc.dll (Microsoft Corporation)
SafeBootNet: WudfUsbccidDriver - Driver
SafeBootNet: {36FC9E60-C465-11CF-8056-444553540000} - Universal Serial Bus controllers
SafeBootNet: {4D36E965-E325-11CE-BFC1-08002BE10318} - CD-ROM Drive
SafeBootNet: {4D36E967-E325-11CE-BFC1-08002BE10318} - DiskDrive
SafeBootNet: {4D36E969-E325-11CE-BFC1-08002BE10318} - Standard floppy disk controller
SafeBootNet: {4D36E96A-E325-11CE-BFC1-08002BE10318} - Hdc
SafeBootNet: {4D36E96B-E325-11CE-BFC1-08002BE10318} - Keyboard
SafeBootNet: {4D36E96F-E325-11CE-BFC1-08002BE10318} - Mouse
SafeBootNet: {4D36E972-E325-11CE-BFC1-08002BE10318} - Net
SafeBootNet: {4D36E973-E325-11CE-BFC1-08002BE10318} - NetClient
SafeBootNet: {4D36E974-E325-11CE-BFC1-08002BE10318} - NetService
SafeBootNet: {4D36E975-E325-11CE-BFC1-08002BE10318} - NetTrans
SafeBootNet: {4D36E977-E325-11CE-BFC1-08002BE10318} - PCMCIA Adapters
SafeBootNet: {4D36E97B-E325-11CE-BFC1-08002BE10318} - SCSIAdapter
SafeBootNet: {4D36E97D-E325-11CE-BFC1-08002BE10318} - System
SafeBootNet: {4D36E980-E325-11CE-BFC1-08002BE10318} - Floppy disk drive
SafeBootNet: {50DD5230-BA8A-11D1-BF5D-0000F805F530} - Smart card readers
SafeBootNet: {533C5B84-EC70-11D2-9505-00C04F79DEAF} - Volume shadow copy
SafeBootNet: {6BDD1FC1-810F-11D0-BEC7-08002BE2092F} - IEEE 1394 Bus host controllers
SafeBootNet: {71A27CDD-812A-11D0-BEC7-08002BE2092F} - Volume
SafeBootNet: {745A17A0-74D3-11D0-B6FE-00A0C90F57DA} - Human Interface Devices
SafeBootNet: {D48179BE-EC20-11D1-B6B8-00C04FA372A7} - SBP2 IEEE 1394 Devices
SafeBootNet: {D94EE5D8-D189-4994-83D2-F68D7D41B0E6} - SecurityDevices
 
ActiveX: {22d6f312-b0f6-11d0-94ab-0080c74c7e95} - Microsoft Windows Media Player 12.0
ActiveX: {25FFAAD0-F4A3-4164-95FF-4461E9F35D51} - .NET Framework
ActiveX: {2C7339CF-2B09-4501-B3F3-F3508C9228ED} - %SystemRoot%\system32\regsvr32.exe /s /n /i:/UserInstall %SystemRoot%\system32\themeui.dll
ActiveX: {3af36230-a269-11d1-b5bf-0000f8051515} - Offline Browsing Pack
ActiveX: {3C3901C5-3455-3E0A-A214-0B093A5070A6} - .NET Framework
ActiveX: {44BBA840-CC51-11CF-AAFA-00AA00B6015C} - "%ProgramFiles%\Windows Mail\WinMail.exe" OCInstallUserConfigOE
ActiveX: {44BBA855-CC51-11CF-AAFA-00AA00B6015F} - DirectDrawEx
ActiveX: {45ea75a0-a269-11d1-b5bf-0000f8051515} - Internet Explorer Help
ActiveX: {4f645220-306d-11d2-995d-00c04f98bbc9} - Microsoft Windows Script 5.6
ActiveX: {5fd399c0-a70a-11d1-9948-00c04f98bbc9} - Internet Explorer Setup Tools
ActiveX: {630b1da0-b465-11d1-9948-00c04f98bbc9} - Browsing Enhancements
ActiveX: {6BF52A52-394A-11d3-B153-00C04F79FAA6} - Microsoft Windows Media Player
ActiveX: {6fab99d0-bab8-11d1-994a-00c04f98bbc9} - MSN Site Access
ActiveX: {73FA19D0-2D75-11D2-995D-00C04F98BBC9} - Webordner
ActiveX: {7790769C-0471-11d2-AF11-00C04FA35D02} - Address Book 7
ActiveX: {7C028AF8-F614-47B3-82DA-BA94E41B1089} - .NET Framework
ActiveX: {89820200-ECBD-11cf-8B85-00AA005B4340} - regsvr32.exe /s /n /i:U shell32.dll
ActiveX: {89820200-ECBD-11cf-8B85-00AA005B4383} - C:\Windows\System32\ie4uinit.exe -BaseSettings
ActiveX: {89B4C1CD-B018-4511-B0A1-5476DBF70820} - C:\Windows\system32\Rundll32.exe C:\Windows\system32\mscories.dll,Install
ActiveX: {9381D8F2-0288-11D0-9501-00AA00B911A5} - Dynamic HTML Data Binding
ActiveX: {C9E9A340-D1F1-11D0-821E-444553540600} - Internet Explorer Core Fonts
ActiveX: {D27CDB6E-AE6D-11CF-96B8-444553540000} - Adobe Flash Player
ActiveX: {de5aed00-a4bf-11d1-9948-00c04f98bbc9} - HTML Help
ActiveX: {E92B03AB-B707-11d2-9CBD-0000F87A369E} - Active Directory Service Interface
ActiveX: >{22d6f312-b0f6-11d0-94ab-0080c74c7e95} - %SystemRoot%\system32\unregmp2.exe /ShowWMP
ActiveX: >{26923b43-4d38-484f-9b9e-de460746276c} - C:\Windows\System32\ie4uinit.exe -UserIconConfig
ActiveX: >{60B49E34-C7CC-11D0-8953-00A0C90347FF} - "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\iedkcs32.dll",BrandIEActiveSetup SIGNUP
 
Drivers32: msacm.l3acm - C:\Windows\System32\l3codeca.acm (Fraunhofer Institut Integrierte Schaltungen IIS)
Drivers32: MSVideo8 - C:\Windows\System32\vfwwdm32.dll (Microsoft Corporation)
Drivers32: vidc.cvid - C:\Windows\System32\iccvid.dll (Radius Inc.)
 
CREATERESTOREPOINT
Restore point Set: OTL Restore Point
 
========== Files/Folders - Created Within 30 Days ==========
 
[2012.09.28 23:31:12 | 000,602,112 | ---- | C] (OldTimer Tools) -- C:\Users\Tini\Desktop\OTL.exe
[2012.09.28 17:58:54 | 000,000,000 | ---D | C] -- C:\Program Files\ESET
[2012.09.28 17:51:49 | 000,000,000 | ---D | C] -- C:\Kaspersky Rescue Disk 10.0
[2012.09.28 17:06:14 | 000,000,000 | ---D | C] -- C:\Users\Tini\AppData\Roaming\Malwarebytes
[2012.09.28 17:06:01 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes' Anti-Malware
[2012.09.28 17:06:01 | 000,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes
[2012.09.28 17:06:00 | 000,022,856 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbam.sys
[2012.09.28 17:06:00 | 000,000,000 | ---D | C] -- C:\Program Files\Malwarebytes' Anti-Malware
[2012.09.28 16:06:09 | 010,524,080 | ---- | C] (Malwarebytes Corporation                                    ) -- C:\Users\Tini\Desktop\mbam-setup-1.65.0.1400.exe
[2012.09.25 17:29:38 | 000,000,000 | ---D | C] -- C:\Users\Tini\Documents\raabits sema
[2012.09.23 18:43:58 | 000,000,000 | ---D | C] -- C:\Users\Tini\Documents\Lernserver
[2012.09.12 17:23:52 | 000,000,000 | ---D | C] -- C:\Program Files\Mozilla Firefox
[2012.09.08 11:34:53 | 000,000,000 | ---D | C] -- C:\Users\Tini\Documents\theater
[2012.08.31 17:12:39 | 000,000,000 | ---D | C] -- C:\Users\Tini\Documents\Lehrberichte
[3 C:\Users\Tini\Desktop\*.tmp files -> C:\Users\Tini\Desktop\*.tmp -> ]
 
========== Files - Modified Within 30 Days ==========
 
[2012.09.28 23:31:16 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\Tini\Desktop\OTL.exe
[2012.09.28 22:59:43 | 000,009,920 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
[2012.09.28 22:59:43 | 000,009,920 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
[2012.09.28 22:56:52 | 000,654,374 | ---- | M] () -- C:\Windows\System32\perfh007.dat
[2012.09.28 22:56:52 | 000,616,216 | ---- | M] () -- C:\Windows\System32\perfh009.dat
[2012.09.28 22:56:52 | 000,130,214 | ---- | M] () -- C:\Windows\System32\perfc007.dat
[2012.09.28 22:56:52 | 000,106,596 | ---- | M] () -- C:\Windows\System32\perfc009.dat
[2012.09.28 22:51:26 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2012.09.28 22:51:09 | 2559,467,520 | -HS- | M] () -- C:\hiberfil.sys
[2012.09.28 22:33:49 | 000,513,501 | ---- | M] () -- C:\Users\Tini\Desktop\adwcleaner.exe
[2012.09.28 17:06:01 | 000,001,075 | ---- | M] () -- C:\Users\Public\Desktop\ Malwarebytes Anti-Malware .lnk
[2012.09.28 11:58:08 | 274,587,648 | ---- | M] () -- C:\Users\Tini\Desktop\kav_rescue_10.iso
[2012.09.28 09:48:23 | 000,387,584 | ---- | M] () -- C:\Users\Tini\Desktop\rescue2usb.exe
[2012.09.28 09:44:19 | 000,302,592 | ---- | M] () -- C:\Users\Tini\Desktop\16n8qdyj.exe
[2012.09.28 09:43:04 | 010,524,080 | ---- | M] (Malwarebytes Corporation                                    ) -- C:\Users\Tini\Desktop\mbam-setup-1.65.0.1400.exe
[2012.09.27 23:39:09 | 083,023,306 | ---- | M] () -- C:\Documents and Settings\All Users\Application Data\0tbpw.pad
[2012.09.23 12:30:20 | 000,015,901 | ---- | M] () -- C:\Users\Tini\Desktop\tatt0_2---tmai12b5e60f35287192;jsessionid=22F229C61C33AE1732379AC1904E69C9-n1.pdf
[2012.09.23 12:28:49 | 000,005,375 | ---- | M] () -- C:\Users\Tini\Desktop\tatt0_1---tmai12b5e60f35287192;jsessionid=22F229C61C33AE1732379AC1904E69C9-n1.pdf
[2012.09.21 20:05:45 | 000,555,570 | ---- | M] () -- C:\Users\Tini\IMG214ä.jpg
[2012.09.21 19:45:42 | 000,908,297 | ---- | M] () -- C:\Users\Tini\P1010470ä.jpg
[2012.09.21 19:43:48 | 002,699,324 | ---- | M] () -- C:\Users\Tini\P1000046ä.jpg
[2012.09.21 19:41:55 | 004,744,566 | ---- | M] () -- C:\Users\Tini\P1050695ö.jpg
[2012.09.21 19:37:02 | 000,738,712 | ---- | M] () -- C:\Users\Tini\DSC_0269ä.jpg
[2012.09.21 19:36:01 | 000,302,075 | ---- | M] () -- C:\Users\Tini\km.jpg
[2012.09.21 19:34:26 | 001,026,044 | ---- | M] () -- C:\Users\Tini\DSC_0017l.jpg
[2012.09.21 19:33:31 | 000,433,062 | ---- | M] () -- C:\Users\Tini\P1000325ö.jpg
[2012.09.21 19:30:41 | 000,363,077 | ---- | M] () -- C:\Users\Tini\P1000855ä.jpg
[2012.09.21 19:29:13 | 004,543,121 | ---- | M] () -- C:\Users\Tini\P1000787ä.jpg
[2012.09.21 19:26:19 | 001,387,498 | ---- | M] () -- C:\Users\Tini\P1000952ä.jpg
[2012.09.20 16:39:34 | 005,846,309 | ---- | M] () -- C:\Users\Tini\Documents\Flipcharts seminar gründau.pdf
[2012.09.17 16:36:07 | 000,084,940 | ---- | M] () -- C:\Users\Tini\Desktop\KV.pdf
[2012.09.15 14:11:14 | 026,179,773 | ---- | M] () -- C:\Users\Tini\Documents\juwel gartenbausteine.pdf
[2012.09.07 17:04:46 | 000,022,856 | ---- | M] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbam.sys
[3 C:\Users\Tini\Desktop\*.tmp files -> C:\Users\Tini\Desktop\*.tmp -> ]
 
========== Files Created - No Company Name ==========
 
[2012.09.28 22:33:42 | 000,513,501 | ---- | C] () -- C:\Users\Tini\Desktop\adwcleaner.exe
[2012.09.28 17:06:01 | 000,001,075 | ---- | C] () -- C:\Users\Public\Desktop\ Malwarebytes Anti-Malware .lnk
[2012.09.28 16:05:59 | 274,587,648 | ---- | C] () -- C:\Users\Tini\Desktop\kav_rescue_10.iso
[2012.09.28 16:05:59 | 000,387,584 | ---- | C] () -- C:\Users\Tini\Desktop\rescue2usb.exe
[2012.09.28 16:05:59 | 000,302,592 | ---- | C] () -- C:\Users\Tini\Desktop\16n8qdyj.exe
[2012.09.27 20:21:41 | 083,023,306 | ---- | C] () -- C:\Documents and Settings\All Users\Application Data\0tbpw.pad
[2012.09.23 12:30:20 | 000,015,901 | ---- | C] () -- C:\Users\Tini\Desktop\tatt0_2---tmai12b5e60f35287192;jsessionid=22F229C61C33AE1732379AC1904E69C9-n1.pdf
[2012.09.23 12:28:49 | 000,005,375 | ---- | C] () -- C:\Users\Tini\Desktop\tatt0_1---tmai12b5e60f35287192;jsessionid=22F229C61C33AE1732379AC1904E69C9-n1.pdf
[2012.09.21 20:05:45 | 000,555,570 | ---- | C] () -- C:\Users\Tini\IMG214ä.jpg
[2012.09.21 19:45:39 | 000,908,297 | ---- | C] () -- C:\Users\Tini\P1010470ä.jpg
[2012.09.21 19:43:44 | 002,699,324 | ---- | C] () -- C:\Users\Tini\P1000046ä.jpg
[2012.09.21 19:41:52 | 004,744,566 | ---- | C] () -- C:\Users\Tini\P1050695ö.jpg
[2012.09.21 19:37:01 | 000,738,712 | ---- | C] () -- C:\Users\Tini\DSC_0269ä.jpg
[2012.09.21 19:36:01 | 000,302,075 | ---- | C] () -- C:\Users\Tini\km.jpg
[2012.09.21 19:34:26 | 001,026,044 | ---- | C] () -- C:\Users\Tini\DSC_0017l.jpg
[2012.09.21 19:33:30 | 000,433,062 | ---- | C] () -- C:\Users\Tini\P1000325ö.jpg
[2012.09.21 19:30:40 | 000,363,077 | ---- | C] () -- C:\Users\Tini\P1000855ä.jpg
[2012.09.21 19:29:10 | 004,543,121 | ---- | C] () -- C:\Users\Tini\P1000787ä.jpg
[2012.09.21 19:26:18 | 001,387,498 | ---- | C] () -- C:\Users\Tini\P1000952ä.jpg
[2012.09.20 16:39:34 | 005,846,309 | ---- | C] () -- C:\Users\Tini\Documents\Flipcharts seminar gründau.pdf
[2012.09.17 16:36:06 | 000,084,940 | ---- | C] () -- C:\Users\Tini\Desktop\KV.pdf
[2012.09.15 14:11:13 | 026,179,773 | ---- | C] () -- C:\Users\Tini\Documents\juwel gartenbausteine.pdf
[2012.08.18 11:13:57 | 001,556,963 | ---- | C] () -- C:\Users\Tini\fotos 5g.pdf
[2012.06.25 19:09:21 | 003,563,002 | ---- | C] () -- C:\Users\Tini\P1050695ä.jpg
[2012.06.25 18:46:22 | 004,795,152 | ---- | C] () -- C:\Users\Tini\P1000532ä.jpg
[2012.05.21 19:52:57 | 003,522,321 | ---- | C] () -- C:\Users\Tini\P1000471.JPG
[2012.05.10 20:22:18 | 000,067,384 | ---- | C] () -- C:\Users\Tini\eltern kind beziehung.pdf
[2012.05.04 17:24:59 | 000,359,260 | ---- | C] () -- C:\Users\Tini\Examen Deutsch Anhang version christina.odt
[2012.05.04 17:16:33 | 000,027,289 | ---- | C] () -- C:\Users\Tini\Examensentwurf Deutsch version christina.odt
[2012.04.25 14:57:45 | 000,016,597 | ---- | C] () -- C:\Users\Tini\kl deu Tempusformen der Verben6.pdf
[2012.04.25 14:41:13 | 000,011,733 | ---- | C] () -- C:\Users\Tini\Klausur 12-3 Deutsch nachschreiber.pdf
[2012.04.23 19:15:06 | 000,009,932 | ---- | C] () -- C:\Users\Tini\Erwartungshorizont Klausur 12.3 Woyzeck.pdf
[2012.04.22 12:52:56 | 000,043,571 | ---- | C] () -- C:\Users\Tini\Hein brief + textstelle.pdf
[2012.03.13 18:22:52 | 000,047,971 | ---- | C] () -- C:\Users\Tini\AB Schallversuche.pdf
[2012.03.13 17:50:24 | 000,004,752 | ---- | C] () -- C:\Users\Tini\gänseblümchengelee.pdf
[2012.03.04 10:29:41 | 000,000,075 | ---- | C] () -- C:\Windows\TassWin.INI
[2012.03.04 10:29:07 | 000,149,504 | R--- | C] () -- C:\Windows\System32\CETNUASM.DLL
[2012.02.26 13:27:41 | 000,005,231 | ---- | C] () -- C:\Users\Tini\.recently-used.xbel
[2012.02.25 11:53:58 | 001,328,904 | ---- | C] () -- C:\Users\Tini\Deutsch UB 27.01.12 Examenssemester.pdf
[2012.01.17 20:52:38 | 000,005,120 | ---- | C] () -- C:\Users\Tini\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2012.01.14 11:53:29 | 000,000,125 | ---- | C] () -- C:\Windows\QTW.INI
[2012.01.14 11:53:21 | 000,000,214 | ---- | C] () -- C:\Windows\Syrinx.INI
[2012.01.14 11:53:21 | 000,000,111 | ---- | C] () -- C:\Windows\USM.INI
[2011.09.18 19:54:03 | 000,101,348 | ---- | C] () -- C:\Users\Tini\flat_4_you_online.pdf
[2011.01.07 16:48:22 | 000,098,930 | ---- | C] () -- C:\Users\Tini\socken_mit_klassischer_ferse.pdf
[2010.10.02 17:44:36 | 005,851,107 | ---- | C] () -- C:\Users\Tini\attika_Prospekt_2010.pdf
[2010.08.05 11:39:48 | 000,634,235 | ---- | C] () -- C:\Users\Tini\AppData\Roaming\mdbu.bin
[2010.03.05 11:03:24 | 000,000,000 | ---- | C] () -- C:\Users\Tini\AppData\Roaming\wklnhst.dat
 
========== ZeroAccess Check ==========
 
[2009.07.14 06:42:31 | 000,000,227 | RHS- | M] () -- C:\Windows\assembly\Desktop.ini
 
[HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
 
[HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32]
 
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
"" = %SystemRoot%\system32\shell32.dll -- [2012.06.09 06:46:56 | 012,868,608 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment
 
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32]
"" = %systemroot%\system32\wbem\fastprox.dll -- [2009.07.14 03:15:20 | 000,605,696 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free
 
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32]
"" = %systemroot%\system32\wbem\wbemess.dll -- [2009.07.14 03:16:17 | 000,342,528 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Both
 
========== LOP Check ==========
 
[2012.09.28 23:25:56 | 000,000,000 | -HSD | M] -- C:\Users\Tini\AppData\Roaming\.#
[2012.09.28 18:31:04 | 000,000,000 | ---D | M] -- C:\Users\Tini\AppData\Roaming\ALDI_SUED_Mah_Jong
[2011.01.23 18:04:17 | 000,000,000 | ---D | M] -- C:\Users\Tini\AppData\Roaming\Amazon
[2011.04.17 14:32:56 | 000,000,000 | ---D | M] -- C:\Users\Tini\AppData\Roaming\Canneverbe Limited
[2010.08.21 12:07:50 | 000,000,000 | ---D | M] -- C:\Users\Tini\AppData\Roaming\fotobuch.de AG
[2012.02.26 13:27:41 | 000,000,000 | ---D | M] -- C:\Users\Tini\AppData\Roaming\gtk-2.0
[2011.04.07 20:08:19 | 000,000,000 | ---D | M] -- C:\Users\Tini\AppData\Roaming\MAGIX
[2010.04.02 09:03:07 | 000,000,000 | ---D | M] -- C:\Users\Tini\AppData\Roaming\OpenOffice.org
[2010.09.05 12:06:50 | 000,000,000 | ---D | M] -- C:\Users\Tini\AppData\Roaming\Panasonic
[2012.03.04 10:44:07 | 000,000,000 | ---D | M] -- C:\Users\Tini\AppData\Roaming\Philipp Winterberg
[2011.01.06 17:41:33 | 000,000,000 | ---D | M] -- C:\Users\Tini\AppData\Roaming\Verbindungsassistent
 
========== Purity Check ==========
 
 
 
========== Custom Scans ==========
 
< %ALLUSERSPROFILE%\Application Data\*. >
 
< %ALLUSERSPROFILE%\Application Data\*.exe /s >
 
< %APPDATA%\*. >
[2012.09.28 23:25:56 | 000,000,000 | -HSD | M] -- C:\Users\Tini\AppData\Roaming\.#
[2010.03.05 13:34:33 | 000,000,000 | ---D | M] -- C:\Users\Tini\AppData\Roaming\Adobe
[2012.09.28 18:31:04 | 000,000,000 | ---D | M] -- C:\Users\Tini\AppData\Roaming\ALDI_SUED_Mah_Jong
[2011.01.23 18:04:17 | 000,000,000 | ---D | M] -- C:\Users\Tini\AppData\Roaming\Amazon
[2011.10.14 15:03:37 | 000,000,000 | ---D | M] -- C:\Users\Tini\AppData\Roaming\Avira
[2011.04.17 14:32:56 | 000,000,000 | ---D | M] -- C:\Users\Tini\AppData\Roaming\Canneverbe Limited
[2012.02.13 15:56:26 | 000,000,000 | ---D | M] -- C:\Users\Tini\AppData\Roaming\CyberLink
[2010.08.21 12:07:50 | 000,000,000 | ---D | M] -- C:\Users\Tini\AppData\Roaming\fotobuch.de AG
[2012.02.26 13:27:41 | 000,000,000 | ---D | M] -- C:\Users\Tini\AppData\Roaming\gtk-2.0
[2010.03.05 10:55:51 | 000,000,000 | ---D | M] -- C:\Users\Tini\AppData\Roaming\Identities
[2010.09.05 12:01:19 | 000,000,000 | ---D | M] -- C:\Users\Tini\AppData\Roaming\InstallShield
[2012.06.04 14:20:41 | 000,000,000 | ---D | M] -- C:\Users\Tini\AppData\Roaming\Macromedia
[2011.04.07 20:08:19 | 000,000,000 | ---D | M] -- C:\Users\Tini\AppData\Roaming\MAGIX
[2012.09.28 17:06:14 | 000,000,000 | ---D | M] -- C:\Users\Tini\AppData\Roaming\Malwarebytes
[2009.07.14 10:56:41 | 000,000,000 | ---D | M] -- C:\Users\Tini\AppData\Roaming\Media Center Programs
[2011.04.17 14:37:48 | 000,000,000 | --SD | M] -- C:\Users\Tini\AppData\Roaming\Microsoft
[2010.03.05 12:36:47 | 000,000,000 | ---D | M] -- C:\Users\Tini\AppData\Roaming\Microsoft Web Folders
[2010.03.05 12:45:23 | 000,000,000 | ---D | M] -- C:\Users\Tini\AppData\Roaming\Mozilla
[2010.12.19 13:25:40 | 000,000,000 | ---D | M] -- C:\Users\Tini\AppData\Roaming\Nero
[2010.04.02 09:03:07 | 000,000,000 | ---D | M] -- C:\Users\Tini\AppData\Roaming\OpenOffice.org
[2010.09.05 12:06:50 | 000,000,000 | ---D | M] -- C:\Users\Tini\AppData\Roaming\Panasonic
[2012.03.04 10:44:07 | 000,000,000 | ---D | M] -- C:\Users\Tini\AppData\Roaming\Philipp Winterberg
[2011.01.06 17:41:33 | 000,000,000 | ---D | M] -- C:\Users\Tini\AppData\Roaming\Verbindungsassistent
 
< %APPDATA%\*.exe /s >
[2009.01.14 12:09:12 | 000,120,264 | ---- | M] (Huawei Technologies Co., Ltd.) -- C:\Users\Tini\AppData\Roaming\Verbindungsassistent\BackUp\Del_CD_ROM.exe
[2009.03.03 13:44:48 | 000,030,160 | ---- | M] () -- C:\Users\Tini\AppData\Roaming\Verbindungsassistent\BackUp\InstallWTGService.exe
[2009.03.03 13:44:55 | 000,251,344 | ---- | M] () -- C:\Users\Tini\AppData\Roaming\Verbindungsassistent\BackUp\OSU.exe
[2009.03.03 13:45:08 | 000,693,712 | ---- | M] () -- C:\Users\Tini\AppData\Roaming\Verbindungsassistent\BackUp\Setup.exe
[2009.03.03 13:45:05 | 001,091,024 | ---- | M] () -- C:\Users\Tini\AppData\Roaming\Verbindungsassistent\BackUp\Uninstaller.exe
[2009.03.03 13:44:52 | 007,009,744 | ---- | M] (WebToGo Mobile Internet GmbH) -- C:\Users\Tini\AppData\Roaming\Verbindungsassistent\BackUp\Verbindungsassistent.exe
[2009.03.04 09:34:41 | 000,468,432 | ---- | M] (WebToGo Mobiles Internet GmbH) -- C:\Users\Tini\AppData\Roaming\Verbindungsassistent\BackUp\Verbindungsassistent_SMSMMS.exe
[2009.03.03 13:45:11 | 000,296,400 | ---- | M] () -- C:\Users\Tini\AppData\Roaming\Verbindungsassistent\BackUp\WTGService.exe
[2009.03.03 13:45:15 | 000,243,152 | ---- | M] () -- C:\Users\Tini\AppData\Roaming\Verbindungsassistent\BackUp\WTGVistaUtil.exe
 
< %SYSTEMDRIVE%\*.exe >
 
< MD5 for: AGP440.SYS  >
[2009.07.14 03:26:15 | 000,053,312 | ---- | M] (Microsoft Corporation) MD5=507812C3054C21CEF746B6EE3D04DD6E -- C:\Windows\System32\drivers\AGP440.sys
[2009.07.14 03:26:15 | 000,053,312 | ---- | M] (Microsoft Corporation) MD5=507812C3054C21CEF746B6EE3D04DD6E -- C:\Windows\System32\DriverStore\FileRepository\machine.inf_x86_neutral_65848c2d7375a720\AGP440.sys
[2009.07.14 03:26:15 | 000,053,312 | ---- | M] (Microsoft Corporation) MD5=507812C3054C21CEF746B6EE3D04DD6E -- C:\Windows\winsxs\x86_machine.inf_31bf3856ad364e35_6.1.7600.16385_none_b9e9435f20046eeb\AGP440.sys
[2009.07.14 03:26:15 | 000,053,312 | ---- | M] (Microsoft Corporation) MD5=507812C3054C21CEF746B6EE3D04DD6E -- C:\Windows\winsxs\x86_machine.inf_31bf3856ad364e35_6.1.7601.17514_none_bc1a57271cf2f285\AGP440.sys
 
< MD5 for: ATAPI.SYS  >
[2009.07.14 03:26:15 | 000,021,584 | ---- | M] (Microsoft Corporation) MD5=338C86357871C167A96AB976519BF59E -- C:\Windows\System32\drivers\atapi.sys
[2009.07.14 03:26:15 | 000,021,584 | ---- | M] (Microsoft Corporation) MD5=338C86357871C167A96AB976519BF59E -- C:\Windows\System32\DriverStore\FileRepository\mshdc.inf_x86_neutral_f64b9c35a3a5be81\atapi.sys
[2009.07.14 03:26:15 | 000,021,584 | ---- | M] (Microsoft Corporation) MD5=338C86357871C167A96AB976519BF59E -- C:\Windows\winsxs\x86_mshdc.inf_31bf3856ad364e35_6.1.7600.16385_none_dd0e7e3d82dd640d\atapi.sys
[2009.07.14 03:26:15 | 000,021,584 | ---- | M] (Microsoft Corporation) MD5=338C86357871C167A96AB976519BF59E -- C:\Windows\winsxs\x86_mshdc.inf_31bf3856ad364e35_6.1.7601.17514_none_df3f92057fcbe7a7\atapi.sys
 
< MD5 for: CNGAUDIT.DLL  >
[2009.07.14 03:15:06 | 000,012,288 | ---- | M] (Microsoft Corporation) MD5=50BA656134F78AF64E4DD3C8B6FEFD7E -- C:\Windows\System32\cngaudit.dll
[2009.07.14 03:15:06 | 000,012,288 | ---- | M] (Microsoft Corporation) MD5=50BA656134F78AF64E4DD3C8B6FEFD7E -- C:\Windows\winsxs\x86_microsoft-windows-cngaudit-dll_31bf3856ad364e35_6.1.7600.16385_none_e83a414890e8132b\cngaudit.dll
 
< MD5 for: EVENTLOG.DLL  >
[2008.06.06 15:03:52 | 000,007,216 | ---- | M] () MD5=C2A279A458A06DE2C83D842AA042B5A8 -- C:\Program Files\CyberLink\PowerDirector\EventLog.dll
[2009.01.04 17:43:34 | 000,032,768 | ---- | M] (Panasonic Corporation) MD5=F113CB0CD335B41D55AB7803ECAD7739 -- C:\Program Files\Panasonic\PHOTOfunSTUDIO\Core\EventLog.dll
 
< MD5 for: IASTOR.SYS  >
[2009.10.02 13:40:50 | 000,432,664 | ---- | M] (Intel Corporation) MD5=D5EDB998656E6ECF1A17C78DAB019A3C -- C:\Windows\System32\drivers\iaStor.sys
[2009.10.02 13:40:50 | 000,432,664 | ---- | M] (Intel Corporation) MD5=D5EDB998656E6ECF1A17C78DAB019A3C -- C:\Windows\System32\DriverStore\FileRepository\iaahci.inf_x86_neutral_c08288e6bf102290\iaStor.sys
 
< MD5 for: IASTORV.SYS  >
[2011.03.11 07:38:51 | 000,332,160 | ---- | M] (Intel Corporation) MD5=5CD5F9A5444E6CDCB0AC89BD62D8B76E -- C:\Windows\winsxs\x86_iastorv.inf_31bf3856ad364e35_6.1.7601.17577_none_b0daddb9e6380745\iaStorV.sys
[2011.03.11 07:43:55 | 000,332,160 | ---- | M] (Intel Corporation) MD5=71F1A494FEDF4B33C02C4A6A28D6D9E9 -- C:\Windows\System32\drivers\iaStorV.sys
[2011.03.11 07:43:55 | 000,332,160 | ---- | M] (Intel Corporation) MD5=71F1A494FEDF4B33C02C4A6A28D6D9E9 -- C:\Windows\System32\DriverStore\FileRepository\iastorv.inf_x86_neutral_0033117673c16921\iaStorV.sys
[2011.03.11 07:43:55 | 000,332,160 | ---- | M] (Intel Corporation) MD5=71F1A494FEDF4B33C02C4A6A28D6D9E9 -- C:\Windows\winsxs\x86_iastorv.inf_31bf3856ad364e35_6.1.7600.16778_none_aef580fde910b4b0\iaStorV.sys
[2011.03.11 07:28:00 | 000,332,160 | ---- | M] (Intel Corporation) MD5=778D0E6D7D9EBA0C403BADBAAD41DB20 -- C:\Windows\winsxs\x86_iastorv.inf_31bf3856ad364e35_6.1.7601.21680_none_b152a892ff64119f\iaStorV.sys
[2009.07.14 03:20:36 | 000,332,352 | ---- | M] (Intel Corporation) MD5=934AF4D7C5F457B9F0743F4299B77B67 -- C:\Windows\System32\DriverStore\FileRepository\iastorv.inf_x86_neutral_18cccb83b34e1453\iaStorV.sys
[2009.07.14 03:20:36 | 000,332,352 | ---- | M] (Intel Corporation) MD5=934AF4D7C5F457B9F0743F4299B77B67 -- C:\Windows\winsxs\x86_iastorv.inf_31bf3856ad364e35_6.1.7600.16385_none_aee7a89be91b9000\iaStorV.sys
[2010.11.20 14:29:54 | 000,332,160 | ---- | M] (Intel Corporation) MD5=A3CAE5D281DB4CFF7CFF8233507EE5AD -- C:\Windows\SoftwareDistribution\Download\18e2c83e42cc8f0cc17b5dbfaf982690\x86_iastorv.inf_31bf3856ad364e35_6.1.7601.17514_none_b118bc63e60a139a\iaStorV.sys
[2011.03.11 07:52:21 | 000,332,160 | ---- | M] (Intel Corporation) MD5=B9039A34C2F8769490DCC494E2402445 -- C:\Windows\winsxs\x86_iastorv.inf_31bf3856ad364e35_6.1.7600.20921_none_afae2d45020c148b\iaStorV.sys
 
< MD5 for: NETLOGON.DLL  >
[2010.11.20 14:20:28 | 000,563,712 | ---- | M] (Microsoft Corporation) MD5=C1809B9907ADEDAF16F50C894100883B -- C:\Windows\SoftwareDistribution\Download\18e2c83e42cc8f0cc17b5dbfaf982690\x86_microsoft-windows-security-netlogon_31bf3856ad364e35_6.1.7601.17514_none_ffbf212e963c0162\netlogon.dll
[2009.07.14 03:16:02 | 000,563,712 | ---- | M] (Microsoft Corporation) MD5=EAA75D9000B71F10EEC04D2AE6C60E81 -- C:\Windows\System32\netlogon.dll
[2009.07.14 03:16:02 | 000,563,712 | ---- | M] (Microsoft Corporation) MD5=EAA75D9000B71F10EEC04D2AE6C60E81 -- C:\Windows\winsxs\x86_microsoft-windows-security-netlogon_31bf3856ad364e35_6.1.7600.16385_none_fd8e0d66994d7dc8\netlogon.dll
 
< MD5 for: NVSTOR.SYS  >
[2011.03.11 07:39:00 | 000,143,744 | ---- | M] (NVIDIA Corporation) MD5=4380E59A170D88C4F1022EFF6719A8A4 -- C:\Windows\winsxs\x86_nvraid.inf_31bf3856ad364e35_6.1.7601.17577_none_3ba44e691d6eb11d\nvstor.sys
[2011.03.11 07:44:01 | 000,143,744 | ---- | M] (NVIDIA Corporation) MD5=4520B63899E867F354EE012D34E11536 -- C:\Windows\System32\drivers\nvstor.sys
[2011.03.11 07:44:01 | 000,143,744 | ---- | M] (NVIDIA Corporation) MD5=4520B63899E867F354EE012D34E11536 -- C:\Windows\System32\DriverStore\FileRepository\nvraid.inf_x86_neutral_38e464dbe521cc7f\nvstor.sys
[2011.03.11 07:44:01 | 000,143,744 | ---- | M] (NVIDIA Corporation) MD5=4520B63899E867F354EE012D34E11536 -- C:\Windows\winsxs\x86_nvraid.inf_31bf3856ad364e35_6.1.7600.16778_none_39bef1ad20475e88\nvstor.sys
[2011.03.11 07:28:10 | 000,143,744 | ---- | M] (NVIDIA Corporation) MD5=66D468654A58594F5F3BA63D5AD5B1AF -- C:\Windows\winsxs\x86_nvraid.inf_31bf3856ad364e35_6.1.7601.21680_none_3c1c1942369abb77\nvstor.sys
[2011.03.11 07:52:25 | 000,143,744 | ---- | M] (NVIDIA Corporation) MD5=8A7583A3B58D3EEB28BB26626526BC91 -- C:\Windows\winsxs\x86_nvraid.inf_31bf3856ad364e35_6.1.7600.20921_none_3a779df43942be63\nvstor.sys
[2010.11.20 14:30:06 | 000,143,744 | ---- | M] (NVIDIA Corporation) MD5=9283C58EBAA2618F93482EB5DABCEC82 -- C:\Windows\SoftwareDistribution\Download\18e2c83e42cc8f0cc17b5dbfaf982690\x86_nvraid.inf_31bf3856ad364e35_6.1.7601.17514_none_3be22d131d40bd72\nvstor.sys
[2009.07.14 03:20:44 | 000,142,416 | ---- | M] (NVIDIA Corporation) MD5=C99F251A5DE63C6F129CF71933ACED0F -- C:\Windows\System32\DriverStore\FileRepository\nvraid.inf_x86_neutral_5bde3fe2945bce9e\nvstor.sys
[2009.07.14 03:20:44 | 000,142,416 | ---- | M] (NVIDIA Corporation) MD5=C99F251A5DE63C6F129CF71933ACED0F -- C:\Windows\winsxs\x86_nvraid.inf_31bf3856ad364e35_6.1.7600.16385_none_39b1194b205239d8\nvstor.sys
 
< MD5 for: SCECLI.DLL  >
[2009.07.14 03:16:13 | 000,175,616 | ---- | M] (Microsoft Corporation) MD5=26073302DAEA83CC5B944C546D6B47D2 -- C:\Windows\System32\scecli.dll
[2009.07.14 03:16:13 | 000,175,616 | ---- | M] (Microsoft Corporation) MD5=26073302DAEA83CC5B944C546D6B47D2 -- C:\Windows\winsxs\x86_microsoft-windows-s..urationengineclient_31bf3856ad364e35_6.1.7600.16385_none_37e4387f3a6f0483\scecli.dll
[2010.11.20 14:21:04 | 000,175,616 | ---- | M] (Microsoft Corporation) MD5=8124944EC89D6A1815E4E53F5B96AAF4 -- C:\Windows\SoftwareDistribution\Download\18e2c83e42cc8f0cc17b5dbfaf982690\x86_microsoft-windows-s..urationengineclient_31bf3856ad364e35_6.1.7601.17514_none_3a154c47375d881d\scecli.dll
 
< MD5 for: USER32.DLL  >
[2009.07.14 03:16:17 | 000,811,520 | ---- | M] (Microsoft Corporation) MD5=34B7E222E81FAFA885F0C5F2CFA56861 -- C:\Windows\System32\user32.dll
[2009.07.14 03:16:17 | 000,811,520 | ---- | M] (Microsoft Corporation) MD5=34B7E222E81FAFA885F0C5F2CFA56861 -- C:\Windows\winsxs\x86_microsoft-windows-user32_31bf3856ad364e35_6.1.7600.16385_none_cd0ec264ceb014a3\user32.dll
[2010.11.20 14:21:33 | 000,811,520 | ---- | M] (Microsoft Corporation) MD5=F1DD3ACAEE5E6B4BBC69BC6DF75CEF66 -- C:\Windows\SoftwareDistribution\Download\18e2c83e42cc8f0cc17b5dbfaf982690\x86_microsoft-windows-user32_31bf3856ad364e35_6.1.7601.17514_none_cf3fd62ccb9e983d\user32.dll
 
< MD5 for: USERINIT.EXE  >
[2010.11.20 14:17:48 | 000,026,624 | ---- | M] (Microsoft Corporation) MD5=61AC3EFDFACFDD3F0F11DD4FD4044223 -- C:\Windows\SoftwareDistribution\Download\18e2c83e42cc8f0cc17b5dbfaf982690\x86_microsoft-windows-userinit_31bf3856ad364e35_6.1.7601.17514_none_de3024012ff21116\userinit.exe
[2009.07.14 03:14:43 | 000,026,112 | ---- | M] (Microsoft Corporation) MD5=6DE80F60D7DE9CE6B8C2DDFDF79EF175 -- C:\Windows\System32\userinit.exe
[2009.07.14 03:14:43 | 000,026,112 | ---- | M] (Microsoft Corporation) MD5=6DE80F60D7DE9CE6B8C2DDFDF79EF175 -- C:\Windows\winsxs\x86_microsoft-windows-userinit_31bf3856ad364e35_6.1.7600.16385_none_dbff103933038d7c\userinit.exe
 
< MD5 for: WININIT.EXE  >
[2009.07.14 03:14:45 | 000,096,256 | ---- | M] (Microsoft Corporation) MD5=B5C5DCAD3899512020D135600129D665 -- C:\Windows\System32\wininit.exe
[2009.07.14 03:14:45 | 000,096,256 | ---- | M] (Microsoft Corporation) MD5=B5C5DCAD3899512020D135600129D665 -- C:\Windows\winsxs\x86_microsoft-windows-wininit_31bf3856ad364e35_6.1.7600.16385_none_30c90ef265a43c13\wininit.exe
 
< MD5 for: WINLOGON.EXE  >
[2009.10.28 08:17:59 | 000,285,696 | ---- | M] (Microsoft Corporation) MD5=37CDB7E72EB66BA85A87CBE37E7F03FD -- C:\Windows\System32\winlogon.exe
[2009.10.28 08:17:59 | 000,285,696 | ---- | M] (Microsoft Corporation) MD5=37CDB7E72EB66BA85A87CBE37E7F03FD -- C:\Windows\winsxs\x86_microsoft-windows-winlogon_31bf3856ad364e35_6.1.7600.16447_none_6fc699643622d177\winlogon.exe
[2009.10.28 07:52:08 | 000,285,696 | ---- | M] (Microsoft Corporation) MD5=3BABE6767C78FBF5FB8435FEED187F30 -- C:\Windows\winsxs\x86_microsoft-windows-winlogon_31bf3856ad364e35_6.1.7600.20560_none_703394514f56f7c2\winlogon.exe
[2012.09.07 17:04:42 | 000,218,696 | ---- | M] () MD5=4E0D8C9F83B7FD82393F7D8CCC27E7AE -- C:\Program Files\Malwarebytes' Anti-Malware\Chameleon\winlogon.exe
[2010.11.20 14:17:54 | 000,286,720 | ---- | M] (Microsoft Corporation) MD5=6D13E1406F50C66E2A95D97F22C47560 -- C:\Windows\SoftwareDistribution\Download\18e2c83e42cc8f0cc17b5dbfaf982690\x86_microsoft-windows-winlogon_31bf3856ad364e35_6.1.7601.17514_none_71ca6b0233339500\winlogon.exe
[2009.07.14 03:14:45 | 000,285,696 | ---- | M] (Microsoft Corporation) MD5=8EC6A4AB12B8F3759E21F8E3A388F2CF -- C:\Windows\winsxs\x86_microsoft-windows-winlogon_31bf3856ad364e35_6.1.7600.16385_none_6f99573a36451166\winlogon.exe
 
< MD5 for: WS2IFSL.SYS  >
[2009.07.14 01:55:02 | 000,016,384 | ---- | M] (Microsoft Corporation) MD5=6DB3276587B853BF886B69528FDB048C -- C:\Windows\System32\drivers\ws2ifsl.sys
[2009.07.14 01:55:02 | 000,016,384 | ---- | M] (Microsoft Corporation) MD5=6DB3276587B853BF886B69528FDB048C -- C:\Windows\winsxs\x86_microsoft-windows-w..rastructure-ws2ifsl_31bf3856ad364e35_6.1.7600.16385_none_4f5cf6f829213bb2\ws2ifsl.sys
 
< %systemroot%\system32\drivers\*.sys /lockedfiles >
 
< %systemroot%\System32\config\*.sav >
 
< %systemroot%\*. /mp /s >
 
< %systemroot%\system32\*.dll /lockedfiles >

< End of report >

--- --- ---

cosinus · 28.09.2012, 23:37

Mach einen OTL-Fix, beende alle evtl. geöffneten Programme, auch Virenscanner deaktivieren (!), starte OTL und kopiere folgenden Text in die "Custom Scan/Fixes" Box (unten in OTL): (das ":OTL" muss mitkopiert werden!!!)

Code:

ATTFilter

:OTL
FF - user.js - File not found
O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - No CLSID value found.
O4 - HKLM..\Run: []  File not found
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{AECFE797-20E1-407E-B749-9A758EE0D5C1}: DhcpNameServer = 61.177.7.1 218.104.32.106 168.95.1.1
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2009.06.10 23:42:20 | 000,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ]
O33 - MountPoints2\{1ed4687b-4d77-11df-8906-806e6f6e6963}\Shell - "" = AutoRun
O33 - MountPoints2\{1ed4687b-4d77-11df-8906-806e6f6e6963}\Shell\AutoRun\command - "" = F:\AutoRun.exe
O33 - MountPoints2\{2fe31451-e59d-11e0-b561-00262df0893e}\Shell - "" = AutoRun
O33 - MountPoints2\{2fe31451-e59d-11e0-b561-00262df0893e}\Shell\AutoRun\command - "" = F:\LaunchU3.exe -a
O33 - MountPoints2\{50908690-e3a6-11e0-aed5-00262df0893e}\Shell - "" = AutoRun
O33 - MountPoints2\{50908690-e3a6-11e0-aed5-00262df0893e}\Shell\AutoRun\command - "" = F:\LaunchU3.exe -a
O33 - MountPoints2\{e2ebe337-01f5-11e0-9e89-1c4bd623fdac}\Shell - "" = AutoRun
O33 - MountPoints2\{e2ebe337-01f5-11e0-9e89-1c4bd623fdac}\Shell\AutoRun\command - "" = F:\AutoRun.exe
O33 - MountPoints2\{e2ebe33a-01f5-11e0-9e89-1c4bd623fdac}\Shell - "" = AutoRun
O33 - MountPoints2\{e2ebe33a-01f5-11e0-9e89-1c4bd623fdac}\Shell\AutoRun\command - "" = F:\AutoRun.exe
O33 - MountPoints2\{e4e06538-570f-11e0-b5d3-806e6f6e6963}\Shell - "" = AutoRun
O33 - MountPoints2\{e4e06538-570f-11e0-b5d3-806e6f6e6963}\Shell\AutoRun\command - "" = F:\AutoRun.exe
O33 - MountPoints2\{e4e0654f-570f-11e0-b5d3-1c4bd623fdac}\Shell - "" = AutoRun
O33 - MountPoints2\{e4e0654f-570f-11e0-b5d3-1c4bd623fdac}\Shell\AutoRun\command - "" = F:\AutoRun.exe
O33 - MountPoints2\{f7004fec-2833-11df-baf7-1c4bd623fdac}\Shell - "" = AutoRun
O33 - MountPoints2\{f7004fec-2833-11df-baf7-1c4bd623fdac}\Shell\AutoRun\command - "" = F:\AutoRun.exe
O33 - MountPoints2\{f7004ff0-2833-11df-baf7-1c4bd623fdac}\Shell - "" = AutoRun
O33 - MountPoints2\{f7004ff0-2833-11df-baf7-1c4bd623fdac}\Shell\AutoRun\command - "" = F:\AutoRun.exe
O33 - MountPoints2\G\Shell - "" = AutoRun
O33 - MountPoints2\G\Shell\AutoRun\command - "" = G:\AutoRun.exe
:Files
C:\Users\Tini\AppData\Roaming\.#
C:\Program Files\Uniblue
C:\Users\Tini\AppData\Roaming\OpenCandy
C:\Users\Tini\Downloads\SoftonicDownloader_fuer_nero-burning-rom.exe
C:\Users\Tini\Downloads\SweetImSetup.exe
ipconfig /flushdns /c
:Commands
[purity]
[emptytemp]
[resethosts]

Klick dann oben links auf den Button Fix!
Das Logfile müsste geöffnet werden, wenn Du nach dem Fixen auf ok klickst, poste das bitte. Evtl. wird der Rechner neu gestartet.

Die mit diesem Script gefixten Einträge, Dateien und Ordner werden zur Sicherheit nicht vollständig gelöscht, es wird eine Sicherheitskopie auf der Systempartition im Ordner "_OTL" erstellt.

Hinweis: Das obige Script ist nur für diesen einen User in dieser Situtation erstellt worden. Es ist auf keinen anderen Rechner portierbar und darf nicht anderweitig verwandt werden, da es das System nachhaltig schädigen kann!

erebor · 29.09.2012, 09:12

Guten Morgen! Bin gestern leider vorm PC eingepennt

Tut mir leid. Hab mich heute morgen aber direkt wieder dran gesetzt.
Hier das Ergebnis des OTL-Fixes.

Code:

ATTFilter

All processes killed
========== OTL ==========
Registry key HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{5C255C8A-E604-49b4-9D64-90988571CECB}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{5C255C8A-E604-49b4-9D64-90988571CECB}\ not found.
Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run\\ deleted successfully.
HKEY_LOCAL_MACHINE\System\CurrentControlSet\Services\Tcpip\Parameters\Interfaces\{AECFE797-20E1-407E-B749-9A758EE0D5C1}\\DhcpNameServer| /E : value set successfully!
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Cdrom\\AutoRun|DWORD:1 /E : value set successfully!
C:\autoexec.bat moved successfully.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{1ed4687b-4d77-11df-8906-806e6f6e6963}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{1ed4687b-4d77-11df-8906-806e6f6e6963}\ not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{1ed4687b-4d77-11df-8906-806e6f6e6963}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{1ed4687b-4d77-11df-8906-806e6f6e6963}\ not found.
File F:\AutoRun.exe not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{2fe31451-e59d-11e0-b561-00262df0893e}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{2fe31451-e59d-11e0-b561-00262df0893e}\ not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{2fe31451-e59d-11e0-b561-00262df0893e}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{2fe31451-e59d-11e0-b561-00262df0893e}\ not found.
File F:\LaunchU3.exe -a not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{50908690-e3a6-11e0-aed5-00262df0893e}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{50908690-e3a6-11e0-aed5-00262df0893e}\ not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{50908690-e3a6-11e0-aed5-00262df0893e}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{50908690-e3a6-11e0-aed5-00262df0893e}\ not found.
File F:\LaunchU3.exe -a not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{e2ebe337-01f5-11e0-9e89-1c4bd623fdac}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{e2ebe337-01f5-11e0-9e89-1c4bd623fdac}\ not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{e2ebe337-01f5-11e0-9e89-1c4bd623fdac}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{e2ebe337-01f5-11e0-9e89-1c4bd623fdac}\ not found.
File F:\AutoRun.exe not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{e2ebe33a-01f5-11e0-9e89-1c4bd623fdac}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{e2ebe33a-01f5-11e0-9e89-1c4bd623fdac}\ not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{e2ebe33a-01f5-11e0-9e89-1c4bd623fdac}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{e2ebe33a-01f5-11e0-9e89-1c4bd623fdac}\ not found.
File F:\AutoRun.exe not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{e4e06538-570f-11e0-b5d3-806e6f6e6963}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{e4e06538-570f-11e0-b5d3-806e6f6e6963}\ not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{e4e06538-570f-11e0-b5d3-806e6f6e6963}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{e4e06538-570f-11e0-b5d3-806e6f6e6963}\ not found.
File F:\AutoRun.exe not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{e4e0654f-570f-11e0-b5d3-1c4bd623fdac}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{e4e0654f-570f-11e0-b5d3-1c4bd623fdac}\ not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{e4e0654f-570f-11e0-b5d3-1c4bd623fdac}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{e4e0654f-570f-11e0-b5d3-1c4bd623fdac}\ not found.
File F:\AutoRun.exe not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{f7004fec-2833-11df-baf7-1c4bd623fdac}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{f7004fec-2833-11df-baf7-1c4bd623fdac}\ not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{f7004fec-2833-11df-baf7-1c4bd623fdac}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{f7004fec-2833-11df-baf7-1c4bd623fdac}\ not found.
File F:\AutoRun.exe not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{f7004ff0-2833-11df-baf7-1c4bd623fdac}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{f7004ff0-2833-11df-baf7-1c4bd623fdac}\ not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{f7004ff0-2833-11df-baf7-1c4bd623fdac}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{f7004ff0-2833-11df-baf7-1c4bd623fdac}\ not found.
File F:\AutoRun.exe not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\G\ deleted successfully.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\G\ not found.
File G:\AutoRun.exe not found.
========== FILES ==========
C:\Users\Tini\AppData\Roaming\.# folder moved successfully.
C:\Program Files\Uniblue\RegistryBooster\locale\se\LC_MESSAGES folder moved successfully.
C:\Program Files\Uniblue\RegistryBooster\locale\se folder moved successfully.
C:\Program Files\Uniblue\RegistryBooster\locale\ru\LC_MESSAGES folder moved successfully.
C:\Program Files\Uniblue\RegistryBooster\locale\ru folder moved successfully.
C:\Program Files\Uniblue\RegistryBooster\locale\pt\LC_MESSAGES folder moved successfully.
C:\Program Files\Uniblue\RegistryBooster\locale\pt folder moved successfully.
C:\Program Files\Uniblue\RegistryBooster\locale\no\LC_MESSAGES folder moved successfully.
C:\Program Files\Uniblue\RegistryBooster\locale\no folder moved successfully.
C:\Program Files\Uniblue\RegistryBooster\locale\nl\LC_MESSAGES folder moved successfully.
C:\Program Files\Uniblue\RegistryBooster\locale\nl folder moved successfully.
C:\Program Files\Uniblue\RegistryBooster\locale\jp\LC_MESSAGES folder moved successfully.
C:\Program Files\Uniblue\RegistryBooster\locale\jp folder moved successfully.
C:\Program Files\Uniblue\RegistryBooster\locale\it\LC_MESSAGES folder moved successfully.
C:\Program Files\Uniblue\RegistryBooster\locale\it folder moved successfully.
C:\Program Files\Uniblue\RegistryBooster\locale\gr\LC_MESSAGES folder moved successfully.
C:\Program Files\Uniblue\RegistryBooster\locale\gr folder moved successfully.
C:\Program Files\Uniblue\RegistryBooster\locale\fr\LC_MESSAGES folder moved successfully.
C:\Program Files\Uniblue\RegistryBooster\locale\fr folder moved successfully.
C:\Program Files\Uniblue\RegistryBooster\locale\es\LC_MESSAGES folder moved successfully.
C:\Program Files\Uniblue\RegistryBooster\locale\es folder moved successfully.
C:\Program Files\Uniblue\RegistryBooster\locale\en\LC_MESSAGES folder moved successfully.
C:\Program Files\Uniblue\RegistryBooster\locale\en folder moved successfully.
C:\Program Files\Uniblue\RegistryBooster\locale\dk\LC_MESSAGES folder moved successfully.
C:\Program Files\Uniblue\RegistryBooster\locale\dk folder moved successfully.
C:\Program Files\Uniblue\RegistryBooster\locale folder moved successfully.
C:\Program Files\Uniblue\RegistryBooster folder moved successfully.
C:\Program Files\Uniblue folder moved successfully.
File\Folder C:\Users\Tini\AppData\Roaming\OpenCandy not found.
C:\Users\Tini\Downloads\SoftonicDownloader_fuer_nero-burning-rom.exe moved successfully.
C:\Users\Tini\Downloads\SweetImSetup.exe moved successfully.
< ipconfig /flushdns /c >
Windows-IP-Konfiguration
Der DNS-Aufl”sungscache wurde geleert.
C:\Users\Tini\Desktop\cmd.bat deleted successfully.
C:\Users\Tini\Desktop\cmd.txt deleted successfully.
========== COMMANDS ==========
 
[EMPTYTEMP]
 
User: All Users
 
User: Default
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
 
User: Default User
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
 
User: Public
 
User: Tini
->Temp folder emptied: 604040243 bytes
->Temporary Internet Files folder emptied: 146409166 bytes
->Java cache emptied: 1112239 bytes
->FireFox cache emptied: 72106600 bytes
->Flash cache emptied: 171733 bytes
 
%systemdrive% .tmp files removed: 0 bytes
%systemroot% .tmp files removed: 0 bytes
%systemroot%\System32 .tmp files removed: 0 bytes
%systemroot%\System32\drivers .tmp files removed: 0 bytes
Windows Temp folder emptied: 155610760 bytes
RecycleBin emptied: 24959595874 bytes
 
Total Files Cleaned = 24.737,00 mb
 
C:\Windows\System32\drivers\etc\Hosts moved successfully.
HOSTS file reset successfully
 
OTL by OldTimer - Version 3.2.69.0 log created on 09292012_100349

Files\Folders moved on Reboot...

PendingFileRenameOperations files...

Registry entries deleted on Reboot...

cosinus · 01.10.2012, 11:19

Bitte nun (im normalen Windows-Modus) dieses Tool von Kaspersky (TDSS-Killer) ausführen und das Log posten Anleitung und Downloadlink hier => http://www.trojaner-board.de/82358-t...entfernen.html

Hinweis: Bitte den Virenscanner abstellen bevor du den TDSS-Killer ausführst, denn v.a. Avira meldet im TDSS-Tool oft einen Fehalalrm!

Das Tool so einstellen wie unten im Bild angegeben - klick auf change parameters und setze die Haken wie im folgenden Screenshot abgebildet,
Dann auf Start Scan klicken und wenn es durch ist auf den Button Report klicken um das Log anzuzeigen. Dieses bitte komplett posten.

Wenn du das Log nicht findest oder den Inhalt kopieren und in dein Posting übertragen kannst, dann schau bitte direkt auf deiner Windows-Systempartition ( meistens Laufwerk C: ) nach, da speichert der TDSS-Killer seine Logs.

Hinweis: Bitte nichts voreilig mit dem TDSS-Killer löschen! Falls Objekte vom TDSS-Killer bemängelt werden, alle mit der Aktion "skip" behandeln und hier nur das Log posten!

erebor · 01.10.2012, 18:19

Hier das Ergebnis des TDSS-Scans:

Code:

ATTFilter

19:14:31.0077 4980  TDSS rootkit removing tool 2.8.10.0 Sep 17 2012 19:23:24
19:14:31.0202 4980  ============================================================
19:14:31.0202 4980  Current date / time: 2012/10/01 19:14:31.0202
19:14:31.0202 4980  SystemInfo:
19:14:31.0202 4980  
19:14:31.0202 4980  OS Version: 6.1.7600 ServicePack: 0.0
19:14:31.0202 4980  Product type: Workstation
19:14:31.0202 4980  ComputerName: TINI-PC
19:14:31.0202 4980  UserName: Tini
19:14:31.0202 4980  Windows directory: C:\Windows
19:14:31.0202 4980  System windows directory: C:\Windows
19:14:31.0202 4980  Processor architecture: Intel x86
19:14:31.0202 4980  Number of processors: 4
19:14:31.0202 4980  Page size: 0x1000
19:14:31.0202 4980  Boot type: Normal boot
19:14:31.0202 4980  ============================================================
19:14:32.0965 4980  Drive \Device\Harddisk0\DR0 - Size: 0x7470C06000 (465.76 Gb), SectorSize: 0x200, Cylinders: 0xED81, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000050
19:14:32.0965 4980  ============================================================
19:14:32.0965 4980  \Device\Harddisk0\DR0:
19:14:32.0965 4980  MBR partitions:
19:14:32.0965 4980  \Device\Harddisk0\DR0\Partition1: MBR, Type 0x7, StartLBA 0x800, BlocksNum 0x32000
19:14:32.0965 4980  \Device\Harddisk0\DR0\Partition2: MBR, Type 0x7, StartLBA 0x32800, BlocksNum 0x35152000
19:14:32.0965 4980  \Device\Harddisk0\DR0\Partition3: MBR, Type 0x7, StartLBA 0x35184800, BlocksNum 0x5000000
19:14:32.0965 4980  ============================================================
19:14:33.0168 4980  C: <-> \Device\Harddisk0\DR0\Partition2
19:14:33.0324 4980  D: <-> \Device\Harddisk0\DR0\Partition3
19:14:33.0324 4980  ============================================================
19:14:33.0324 4980  Initialize success
19:14:33.0324 4980  ============================================================
19:14:37.0270 5032  ============================================================
19:14:37.0270 5032  Scan started
19:14:37.0270 5032  Mode: Manual; 
19:14:37.0270 5032  ============================================================
19:14:44.0306 5032  ================ Scan system memory ========================
19:14:44.0306 5032  System memory - ok
19:14:44.0306 5032  ================ Scan services =============================
19:14:56.0193 5136  ============================================================
19:14:56.0193 5136  Scan started
19:14:56.0193 5136  Mode: Manual; 
19:14:56.0193 5136  ============================================================
19:14:56.0692 5136  ================ Scan system memory ========================
19:14:56.0692 5136  System memory - ok
19:14:56.0692 5136  ================ Scan services =============================
19:15:00.0124 5136  [ 6D2ACA41739BFE8CB86EE8E85F29697D ] 1394ohci        C:\Windows\system32\DRIVERS\1394ohci.sys
19:15:00.0140 5136  1394ohci - ok
19:15:00.0312 5136  [ F0E07D144C8685B8774BC32FC8DA4DF0 ] ACPI            C:\Windows\system32\DRIVERS\ACPI.sys
19:15:00.0312 5136  ACPI - ok
19:15:00.0436 5136  [ 98D81CA942D19F7D9153B095162AC013 ] AcpiPmi         C:\Windows\system32\DRIVERS\acpipmi.sys
19:15:00.0436 5136  AcpiPmi - ok
19:15:00.0686 5136  [ 21E785EBD7DC90A06391141AAC7892FB ] adp94xx         C:\Windows\system32\DRIVERS\adp94xx.sys
19:15:00.0702 5136  adp94xx - ok
19:15:00.0904 5136  [ 0C676BC278D5B59FF5ABD57BBE9123F2 ] adpahci         C:\Windows\system32\DRIVERS\adpahci.sys
19:15:00.0920 5136  adpahci - ok
19:15:01.0029 5136  [ 7C7B5EE4B7B822EC85321FE23A27DB33 ] adpu320         C:\Windows\system32\DRIVERS\adpu320.sys
19:15:01.0029 5136  adpu320 - ok
19:15:01.0123 5136  [ 8B5EEFEEC1E6D1A72A06C526628AD161 ] AeLookupSvc     C:\Windows\System32\aelupsvc.dll
19:15:01.0123 5136  AeLookupSvc - ok
19:15:01.0388 5136  [ 0DB7A48388D54D154EBEC120461A0FCD ] AFD             C:\Windows\system32\drivers\afd.sys
19:15:01.0388 5136  AFD - ok
19:15:01.0497 5136  [ 507812C3054C21CEF746B6EE3D04DD6E ] agp440          C:\Windows\system32\DRIVERS\agp440.sys
19:15:01.0497 5136  agp440 - ok
19:15:01.0622 5136  [ 8B30250D573A8F6B4BD23195160D8707 ] aic78xx         C:\Windows\system32\DRIVERS\djsvs.sys
19:15:01.0622 5136  aic78xx - ok
19:15:01.0825 5136  [ 18A54E132947CD98FEA9ACCC57F98F13 ] ALG             C:\Windows\System32\alg.exe
19:15:01.0825 5136  ALG - ok
19:15:01.0934 5136  [ 0D40BCF52EA90FC7DF2AEAB6503DEA44 ] aliide          C:\Windows\system32\DRIVERS\aliide.sys
19:15:01.0934 5136  aliide - ok
19:15:02.0028 5136  [ 3C6600A0696E90A463771C7422E23AB5 ] amdagp          C:\Windows\system32\DRIVERS\amdagp.sys
19:15:02.0028 5136  amdagp - ok
19:15:02.0106 5136  [ CD5914170297126B6266860198D1D4F0 ] amdide          C:\Windows\system32\DRIVERS\amdide.sys
19:15:02.0106 5136  amdide - ok
19:15:02.0199 5136  [ 00DDA200D71BAC534BF56A9DB5DFD666 ] AmdK8           C:\Windows\system32\DRIVERS\amdk8.sys
19:15:02.0199 5136  AmdK8 - ok
19:15:02.0246 5136  [ 3CBF30F5370FDA40DD3E87DF38EA53B6 ] AmdPPM          C:\Windows\system32\DRIVERS\amdppm.sys
19:15:02.0262 5136  AmdPPM - ok
19:15:02.0402 5136  [ 19CE906B4CDC11FC4FEF5745F33A63B6 ] amdsata         C:\Windows\system32\drivers\amdsata.sys
19:15:02.0402 5136  amdsata - ok
19:15:02.0496 5136  [ EA43AF0C423FF267355F74E7A53BDABA ] amdsbs          C:\Windows\system32\DRIVERS\amdsbs.sys
19:15:02.0496 5136  amdsbs - ok
19:15:02.0605 5136  [ 869E67D66BE326A5A9159FBA8746FA70 ] amdxata         C:\Windows\system32\drivers\amdxata.sys
19:15:02.0605 5136  amdxata - ok
19:15:02.0730 5136  [ 3E59DF4984FBD6800D6621480B38A34E ] Andbus          C:\Windows\system32\DRIVERS\lgandbus.sys
19:15:02.0730 5136  Andbus - ok
19:15:02.0854 5136  [ 8E0BF6F3B2C9C292BC7CE0DE727CDD56 ] AndDiag         C:\Windows\system32\DRIVERS\lganddiag.sys
19:15:02.0854 5136  AndDiag - ok
19:15:02.0979 5136  [ 1D2C90E25483363D54B652898BBC8F2A ] AndGps          C:\Windows\system32\DRIVERS\lgandgps.sys
19:15:02.0979 5136  AndGps - ok
19:15:03.0104 5136  [ B1B06A95DA2CAC7FA19832C60C348C85 ] ANDModem        C:\Windows\system32\DRIVERS\lgandmodem.sys
19:15:03.0104 5136  ANDModem - ok
19:15:03.0962 5136  [ 466A0D95960DAD3222C896D2CEA99993 ] AntiVirSchedulerService C:\Program Files\Avira\AntiVir Desktop\sched.exe
19:15:03.0962 5136  AntiVirSchedulerService - ok
19:15:04.0149 5136  [ A489BE6BB0AA1FF406B488B60542314B ] AntiVirService  C:\Program Files\Avira\AntiVir Desktop\avguard.exe
19:15:04.0149 5136  AntiVirService - ok
19:15:04.0227 5136  [ FEB834C02CE1E84B6A38F953CA067706 ] AppID           C:\Windows\system32\drivers\appid.sys
19:15:04.0243 5136  AppID - ok
19:15:04.0352 5136  [ 62A9C86CB6085E20DB4823E4E97826F5 ] AppIDSvc        C:\Windows\System32\appidsvc.dll
19:15:04.0352 5136  AppIDSvc - ok
19:15:04.0524 5136  [ 7DEAD9E3F65DCB2794F2711003BBF650 ] Appinfo         C:\Windows\System32\appinfo.dll
19:15:04.0524 5136  Appinfo - ok
19:15:04.0648 5136  [ 2932004F49677BD84DBC72EDB754FFB3 ] arc             C:\Windows\system32\DRIVERS\arc.sys
19:15:04.0648 5136  arc - ok
19:15:04.0726 5136  [ 5D6F36C46FD283AE1B57BD2E9FEB0BC7 ] arcsas          C:\Windows\system32\DRIVERS\arcsas.sys
19:15:04.0726 5136  arcsas - ok
19:15:04.0836 5136  [ ADD2ADE1C2B285AB8378D2DAAF991481 ] AsyncMac        C:\Windows\system32\DRIVERS\asyncmac.sys
19:15:04.0851 5136  AsyncMac - ok
19:15:05.0038 5136  [ 338C86357871C167A96AB976519BF59E ] atapi           C:\Windows\system32\DRIVERS\atapi.sys
19:15:05.0038 5136  atapi - ok
19:15:05.0257 5136  [ 510C873BFA135AA829F4180352772734 ] AudioEndpointBuilder C:\Windows\System32\Audiosrv.dll
19:15:05.0272 5136  AudioEndpointBuilder - ok
19:15:05.0413 5136  [ 510C873BFA135AA829F4180352772734 ] Audiosrv        C:\Windows\System32\Audiosrv.dll
19:15:05.0428 5136  Audiosrv - ok
19:15:05.0631 5136  [ D5541F0AFB767E85FC412FC609D96A74 ] avgntflt        C:\Windows\system32\DRIVERS\avgntflt.sys
19:15:05.0631 5136  avgntflt - ok
19:15:05.0865 5136  [ 7D967A682D4694DF7FA57D63A2DB01FE ] avipbb          C:\Windows\system32\DRIVERS\avipbb.sys
19:15:05.0865 5136  avipbb - ok
19:15:05.0928 5136  [ 271CFD1A989209B1964E24D969552BF7 ] avkmgr          C:\Windows\system32\DRIVERS\avkmgr.sys
19:15:05.0928 5136  avkmgr - ok
19:15:06.0115 5136  [ DD6A431B43E34B91A767D1CE33728175 ] AxInstSV        C:\Windows\System32\AxInstSV.dll
19:15:06.0115 5136  AxInstSV - ok
19:15:06.0302 5136  [ 1A231ABEC60FD316EC54C66715543CEC ] b06bdrv         C:\Windows\system32\DRIVERS\bxvbdx.sys
19:15:06.0302 5136  b06bdrv - ok
19:15:06.0458 5136  [ BD8869EB9CDE6BBE4508D869929869EE ] b57nd60x        C:\Windows\system32\DRIVERS\b57nd60x.sys
19:15:06.0458 5136  b57nd60x - ok
19:15:06.0723 5136  [ EE1E9C3BB8228AE423DD38DB69128E71 ] BDESVC          C:\Windows\System32\bdesvc.dll
19:15:06.0723 5136  BDESVC - ok
19:15:06.0832 5136  [ 505506526A9D467307B3C393DEDAF858 ] Beep            C:\Windows\system32\drivers\Beep.sys
19:15:06.0832 5136  Beep - ok
19:15:07.0066 5136  [ 85AC71C045CEB054ED48A7841AAE0C11 ] BFE             C:\Windows\System32\bfe.dll
19:15:07.0082 5136  BFE - ok
19:15:07.0332 5136  [ ACC9C8C560C567FAD6F79C977AB2EA09 ] bgsvcgen        C:\Windows\System32\bgsvcgen.exe
19:15:07.0332 5136  bgsvcgen - ok
19:15:07.0768 5136  [ 53F476476F55A27F580661BDE09C4EC4 ] BITS            C:\Windows\System32\qmgr.dll
19:15:07.0800 5136  BITS - ok
19:15:07.0909 5136  [ 2287078ED48FCFC477B05B20CF38F36F ] blbdrive        C:\Windows\system32\DRIVERS\blbdrive.sys
19:15:07.0909 5136  blbdrive - ok
19:15:08.0002 5136  [ 9A5C671B7FBAE4865149BB11F59B91B2 ] bowser          C:\Windows\system32\DRIVERS\bowser.sys
19:15:08.0002 5136  bowser - ok
19:15:08.0065 5136  [ 9F9ACC7F7CCDE8A15C282D3F88B43309 ] BrFiltLo        C:\Windows\system32\DRIVERS\BrFiltLo.sys
19:15:08.0065 5136  BrFiltLo - ok
19:15:08.0143 5136  [ 56801AD62213A41F6497F96DEE83755A ] BrFiltUp        C:\Windows\system32\DRIVERS\BrFiltUp.sys
19:15:08.0158 5136  BrFiltUp - ok
19:15:08.0283 5136  [ A0E691DC6589D4D2CBE373171D1A49E5 ] Browser         C:\Windows\System32\browser.dll
19:15:08.0283 5136  Browser - ok
19:15:08.0455 5136  [ 845B8CE732E67F3B4133164868C666EA ] Brserid         C:\Windows\System32\Drivers\Brserid.sys
19:15:08.0470 5136  Brserid - ok
19:15:08.0548 5136  [ 203F0B1E73ADADBBB7B7B1FABD901F6B ] BrSerWdm        C:\Windows\System32\Drivers\BrSerWdm.sys
19:15:08.0564 5136  BrSerWdm - ok
19:15:08.0642 5136  [ BD456606156BA17E60A04E18016AE54B ] BrUsbMdm        C:\Windows\System32\Drivers\BrUsbMdm.sys
19:15:08.0658 5136  BrUsbMdm - ok
19:15:08.0673 5136  [ AF72ED54503F717A43268B3CC5FAEC2E ] BrUsbSer        C:\Windows\System32\Drivers\BrUsbSer.sys
19:15:08.0673 5136  BrUsbSer - ok
19:15:08.0720 5136  [ ED3DF7C56CE0084EB2034432FC56565A ] BTHMODEM        C:\Windows\system32\DRIVERS\bthmodem.sys
19:15:08.0736 5136  BTHMODEM - ok
19:15:08.0860 5136  [ 1DF19C96EEF6C29D1C3E1A8678E07190 ] bthserv         C:\Windows\system32\bthserv.dll
19:15:08.0876 5136  bthserv - ok
19:15:08.0954 5136  [ 77EA11B065E0A8AB902D78145CA51E10 ] cdfs            C:\Windows\system32\DRIVERS\cdfs.sys
19:15:08.0954 5136  cdfs - ok
19:15:09.0235 5136  [ E0042BD5BEF17A6A3EF1DF576BDE24D1 ] cdrbsdrv        C:\Windows\system32\drivers\cdrbsdrv.sys
19:15:09.0235 5136  cdrbsdrv - ok
19:15:09.0375 5136  [ BA6E70AA0E6091BC39DE29477D866A77 ] cdrom           C:\Windows\system32\DRIVERS\cdrom.sys
19:15:09.0375 5136  cdrom - ok
19:15:09.0500 5136  [ 628A9E30EC5E18DD5DE6BE4DBDC12198 ] CertPropSvc     C:\Windows\System32\certprop.dll
19:15:09.0500 5136  CertPropSvc - ok
19:15:09.0578 5136  [ 3FE3FE94A34DF6FB06E6418D0F6A0060 ] circlass        C:\Windows\system32\DRIVERS\circlass.sys
19:15:09.0578 5136  circlass - ok
19:15:09.0718 5136  [ 635181E0E9BBF16871BF5380D71DB02D ] CLFS            C:\Windows\system32\CLFS.sys
19:15:09.0718 5136  CLFS - ok
19:15:10.0358 5136  [ D88040F816FDA31C3B466F0FA0918F29 ] clr_optimization_v2.0.50727_32 C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe
19:15:10.0358 5136  clr_optimization_v2.0.50727_32 - ok
19:15:10.0842 5136  [ C5A75EB48E2344ABDC162BDA79E16841 ] clr_optimization_v4.0.30319_32 C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe
19:15:10.0842 5136  clr_optimization_v4.0.30319_32 - ok
19:15:10.0904 5136  [ DEA805815E587DAD1DD2C502220B5616 ] CmBatt          C:\Windows\system32\DRIVERS\CmBatt.sys
19:15:10.0904 5136  CmBatt - ok
19:15:10.0982 5136  [ C537B1DB64D495B9B4717B4D6D9EDBF2 ] cmdide          C:\Windows\system32\DRIVERS\cmdide.sys
19:15:10.0982 5136  cmdide - ok
19:15:11.0154 5136  [ DB5E008B3744DD60C8498CBBF2A1CFA6 ] CNG             C:\Windows\system32\Drivers\cng.sys
19:15:11.0154 5136  CNG - ok
19:15:11.0247 5136  [ A6023D3823C37043986713F118A89BEE ] Compbatt        C:\Windows\system32\DRIVERS\compbatt.sys
19:15:11.0247 5136  Compbatt - ok
19:15:11.0388 5136  [ F1724BA27E97D627F808FB0BA77A28A6 ] CompositeBus    C:\Windows\system32\DRIVERS\CompositeBus.sys
19:15:11.0388 5136  CompositeBus - ok
19:15:11.0419 5136  COMSysApp - ok
19:15:11.0481 5136  [ 2C4EBCFC84A9B44F209DFF6C6E6C61D1 ] crcdisk         C:\Windows\system32\DRIVERS\crcdisk.sys
19:15:11.0481 5136  crcdisk - ok
19:15:11.0746 5136  [ 520A108A2657F4BCA7FCED9CA7D885DE ] CryptSvc        C:\Windows\system32\cryptsvc.dll
19:15:11.0746 5136  CryptSvc - ok
19:15:11.0871 5136  [ B82CD39E336973359D7C9BF911E8E84F ] DcomLaunch      C:\Windows\system32\rpcss.dll
19:15:11.0887 5136  DcomLaunch - ok
19:15:11.0965 5136  [ 8D6E10A2D9A5EED59562D9B82CF804E1 ] defragsvc       C:\Windows\System32\defragsvc.dll
19:15:11.0980 5136  defragsvc - ok
19:15:12.0043 5136  [ 83D1ECEA8FAAE75604C0FA49AC7AD996 ] DfsC            C:\Windows\system32\Drivers\dfsc.sys
19:15:12.0043 5136  DfsC - ok
19:15:12.0246 5136  [ C56495FBD770712367CAD35E5DE72DA6 ] Dhcp            C:\Windows\system32\dhcpcore.dll
19:15:12.0261 5136  Dhcp - ok
19:15:12.0324 5136  [ 1A050B0274BFB3890703D490F330C0DA ] discache        C:\Windows\system32\drivers\discache.sys
19:15:12.0324 5136  discache - ok
19:15:12.0448 5136  [ 565003F326F99802E68CA78F2A68E9FF ] Disk            C:\Windows\system32\DRIVERS\disk.sys
19:15:12.0448 5136  Disk - ok
19:15:12.0542 5136  [ B15BE77A2BACF9C3177D27518AFE26A9 ] Dnscache        C:\Windows\System32\dnsrslvr.dll
19:15:12.0542 5136  Dnscache - ok
19:15:12.0636 5136  [ 4408C85C21EEA48EB0CE486BAEEF0502 ] dot3svc         C:\Windows\System32\dot3svc.dll
19:15:12.0651 5136  dot3svc - ok
19:15:12.0745 5136  [ 7FA81C6E11CAA594ADB52084DA73A1E5 ] DPS             C:\Windows\system32\dps.dll
19:15:12.0745 5136  DPS - ok
19:15:12.0823 5136  [ B918E7C5F9BF77202F89E1A9539F2EB4 ] drmkaud         C:\Windows\system32\drivers\drmkaud.sys
19:15:12.0823 5136  drmkaud - ok
19:15:13.0088 5136  [ 1679A4669326CB1A67CC95658D273234 ] DXGKrnl         C:\Windows\System32\drivers\dxgkrnl.sys
19:15:13.0135 5136  DXGKrnl - ok
19:15:13.0260 5136  [ 8600142FA91C1B96367D3300AD0F3F3A ] EapHost         C:\Windows\System32\eapsvc.dll
19:15:13.0260 5136  EapHost - ok
19:15:13.0306 5136  Scan interrupted by user!
19:15:13.0306 5136  ================ Scan global ===============================
19:15:13.0306 5136  Scan interrupted by user!
19:15:13.0306 5136  ================ Scan MBR ==================================
19:15:13.0306 5136  Scan interrupted by user!
19:15:13.0306 5136  ================ Scan VBR ==================================
19:15:13.0306 5136  Scan interrupted by user!
19:15:13.0306 5136  ============================================================
19:15:13.0306 5136  Scan finished
19:15:13.0306 5136  ============================================================
19:15:13.0322 5128  Detected object count: 0
19:15:13.0322 5128  Actual detected object count: 0
19:15:43.0134 5384  ============================================================
19:15:43.0134 5384  Scan started
19:15:43.0134 5384  Mode: Manual; SigCheck; TDLFS; 
19:15:43.0134 5384  ============================================================
19:15:43.0477 5384  ================ Scan system memory ========================
19:15:43.0477 5384  System memory - ok
19:15:43.0477 5384  ================ Scan services =============================
19:15:43.0618 5384  [ 6D2ACA41739BFE8CB86EE8E85F29697D ] 1394ohci        C:\Windows\system32\DRIVERS\1394ohci.sys
19:15:43.0696 5384  1394ohci - ok
19:15:43.0727 5384  [ F0E07D144C8685B8774BC32FC8DA4DF0 ] ACPI            C:\Windows\system32\DRIVERS\ACPI.sys
19:15:43.0758 5384  ACPI - ok
19:15:43.0774 5384  [ 98D81CA942D19F7D9153B095162AC013 ] AcpiPmi         C:\Windows\system32\DRIVERS\acpipmi.sys
19:15:43.0805 5384  AcpiPmi - ok
19:15:43.0852 5384  [ 21E785EBD7DC90A06391141AAC7892FB ] adp94xx         C:\Windows\system32\DRIVERS\adp94xx.sys
19:15:43.0867 5384  adp94xx - ok
19:15:43.0899 5384  [ 0C676BC278D5B59FF5ABD57BBE9123F2 ] adpahci         C:\Windows\system32\DRIVERS\adpahci.sys
19:15:43.0930 5384  adpahci - ok
19:15:43.0961 5384  [ 7C7B5EE4B7B822EC85321FE23A27DB33 ] adpu320         C:\Windows\system32\DRIVERS\adpu320.sys
19:15:43.0977 5384  adpu320 - ok
19:15:44.0023 5384  [ 8B5EEFEEC1E6D1A72A06C526628AD161 ] AeLookupSvc     C:\Windows\System32\aelupsvc.dll
19:15:44.0070 5384  AeLookupSvc - ok
19:15:44.0117 5384  [ 0DB7A48388D54D154EBEC120461A0FCD ] AFD             C:\Windows\system32\drivers\afd.sys
19:15:44.0164 5384  AFD - ok
19:15:44.0211 5384  [ 507812C3054C21CEF746B6EE3D04DD6E ] agp440          C:\Windows\system32\DRIVERS\agp440.sys
19:15:44.0226 5384  agp440 - ok
19:15:44.0273 5384  [ 8B30250D573A8F6B4BD23195160D8707 ] aic78xx         C:\Windows\system32\DRIVERS\djsvs.sys
19:15:44.0273 5384  aic78xx - ok
19:15:44.0335 5384  [ 18A54E132947CD98FEA9ACCC57F98F13 ] ALG             C:\Windows\System32\alg.exe
19:15:44.0382 5384  ALG - ok
19:15:44.0413 5384  [ 0D40BCF52EA90FC7DF2AEAB6503DEA44 ] aliide          C:\Windows\system32\DRIVERS\aliide.sys
19:15:44.0413 5384  aliide - ok
19:15:44.0460 5384  [ 3C6600A0696E90A463771C7422E23AB5 ] amdagp          C:\Windows\system32\DRIVERS\amdagp.sys
19:15:44.0476 5384  amdagp - ok
19:15:44.0523 5384  [ CD5914170297126B6266860198D1D4F0 ] amdide          C:\Windows\system32\DRIVERS\amdide.sys
19:15:44.0538 5384  amdide - ok
19:15:44.0554 5384  [ 00DDA200D71BAC534BF56A9DB5DFD666 ] AmdK8           C:\Windows\system32\DRIVERS\amdk8.sys
19:15:44.0585 5384  AmdK8 - ok
19:15:44.0601 5384  [ 3CBF30F5370FDA40DD3E87DF38EA53B6 ] AmdPPM          C:\Windows\system32\DRIVERS\amdppm.sys
19:15:44.0632 5384  AmdPPM - ok
19:15:44.0679 5384  [ 19CE906B4CDC11FC4FEF5745F33A63B6 ] amdsata         C:\Windows\system32\drivers\amdsata.sys
19:15:44.0694 5384  amdsata - ok
19:15:44.0710 5384  [ EA43AF0C423FF267355F74E7A53BDABA ] amdsbs          C:\Windows\system32\DRIVERS\amdsbs.sys
19:15:44.0725 5384  amdsbs - ok
19:15:44.0772 5384  [ 869E67D66BE326A5A9159FBA8746FA70 ] amdxata         C:\Windows\system32\drivers\amdxata.sys
19:15:44.0788 5384  amdxata - ok
19:15:44.0819 5384  [ 3E59DF4984FBD6800D6621480B38A34E ] Andbus          C:\Windows\system32\DRIVERS\lgandbus.sys
19:15:44.0881 5384  Andbus - ok
19:15:44.0913 5384  [ 8E0BF6F3B2C9C292BC7CE0DE727CDD56 ] AndDiag         C:\Windows\system32\DRIVERS\lganddiag.sys
19:15:44.0944 5384  AndDiag - ok
19:15:44.0975 5384  [ 1D2C90E25483363D54B652898BBC8F2A ] AndGps          C:\Windows\system32\DRIVERS\lgandgps.sys
19:15:44.0991 5384  AndGps - ok
19:15:45.0006 5384  [ B1B06A95DA2CAC7FA19832C60C348C85 ] ANDModem        C:\Windows\system32\DRIVERS\lgandmodem.sys
19:15:45.0037 5384  ANDModem - ok
19:15:45.0271 5384  [ 466A0D95960DAD3222C896D2CEA99993 ] AntiVirSchedulerService C:\Program Files\Avira\AntiVir Desktop\sched.exe
19:15:45.0334 5384  AntiVirSchedulerService - ok
19:15:45.0365 5384  [ A489BE6BB0AA1FF406B488B60542314B ] AntiVirService  C:\Program Files\Avira\AntiVir Desktop\avguard.exe
19:15:45.0396 5384  AntiVirService - ok
19:15:45.0443 5384  [ FEB834C02CE1E84B6A38F953CA067706 ] AppID           C:\Windows\system32\drivers\appid.sys
19:15:45.0537 5384  AppID - ok
19:15:45.0583 5384  [ 62A9C86CB6085E20DB4823E4E97826F5 ] AppIDSvc        C:\Windows\System32\appidsvc.dll
19:15:45.0724 5384  AppIDSvc - ok
19:15:45.0739 5384  [ 7DEAD9E3F65DCB2794F2711003BBF650 ] Appinfo         C:\Windows\System32\appinfo.dll
19:15:45.0786 5384  Appinfo - ok
19:15:45.0833 5384  [ 2932004F49677BD84DBC72EDB754FFB3 ] arc             C:\Windows\system32\DRIVERS\arc.sys
19:15:45.0864 5384  arc - ok
19:15:45.0895 5384  [ 5D6F36C46FD283AE1B57BD2E9FEB0BC7 ] arcsas          C:\Windows\system32\DRIVERS\arcsas.sys
19:15:45.0911 5384  arcsas - ok
19:15:45.0927 5384  [ ADD2ADE1C2B285AB8378D2DAAF991481 ] AsyncMac        C:\Windows\system32\DRIVERS\asyncmac.sys
19:15:45.0989 5384  AsyncMac - ok
19:15:46.0020 5384  [ 338C86357871C167A96AB976519BF59E ] atapi           C:\Windows\system32\DRIVERS\atapi.sys
19:15:46.0036 5384  atapi - ok
19:15:46.0083 5384  [ 510C873BFA135AA829F4180352772734 ] AudioEndpointBuilder C:\Windows\System32\Audiosrv.dll
19:15:46.0176 5384  AudioEndpointBuilder - ok
19:15:46.0192 5384  [ 510C873BFA135AA829F4180352772734 ] Audiosrv        C:\Windows\System32\Audiosrv.dll
19:15:46.0254 5384  Audiosrv - ok
19:15:46.0301 5384  [ D5541F0AFB767E85FC412FC609D96A74 ] avgntflt        C:\Windows\system32\DRIVERS\avgntflt.sys
19:15:46.0332 5384  avgntflt - ok
19:15:46.0395 5384  [ 7D967A682D4694DF7FA57D63A2DB01FE ] avipbb          C:\Windows\system32\DRIVERS\avipbb.sys
19:15:46.0410 5384  avipbb - ok
19:15:46.0473 5384  [ 271CFD1A989209B1964E24D969552BF7 ] avkmgr          C:\Windows\system32\DRIVERS\avkmgr.sys
19:15:46.0488 5384  avkmgr - ok
19:15:46.0519 5384  [ DD6A431B43E34B91A767D1CE33728175 ] AxInstSV        C:\Windows\System32\AxInstSV.dll
19:15:46.0551 5384  AxInstSV - ok
19:15:46.0597 5384  [ 1A231ABEC60FD316EC54C66715543CEC ] b06bdrv         C:\Windows\system32\DRIVERS\bxvbdx.sys
19:15:46.0644 5384  b06bdrv - ok
19:15:46.0691 5384  [ BD8869EB9CDE6BBE4508D869929869EE ] b57nd60x        C:\Windows\system32\DRIVERS\b57nd60x.sys
19:15:46.0707 5384  b57nd60x - ok
19:15:46.0753 5384  [ EE1E9C3BB8228AE423DD38DB69128E71 ] BDESVC          C:\Windows\System32\bdesvc.dll
19:15:46.0816 5384  BDESVC - ok
19:15:46.0831 5384  [ 505506526A9D467307B3C393DEDAF858 ] Beep            C:\Windows\system32\drivers\Beep.sys
19:15:46.0894 5384  Beep - ok
19:15:46.0925 5384  [ 85AC71C045CEB054ED48A7841AAE0C11 ] BFE             C:\Windows\System32\bfe.dll
19:15:46.0987 5384  BFE - ok
19:15:47.0034 5384  [ ACC9C8C560C567FAD6F79C977AB2EA09 ] bgsvcgen        C:\Windows\System32\bgsvcgen.exe
19:15:47.0050 5384  bgsvcgen - ok
19:15:47.0097 5384  [ 53F476476F55A27F580661BDE09C4EC4 ] BITS            C:\Windows\System32\qmgr.dll
19:15:47.0159 5384  BITS - ok
19:15:47.0206 5384  [ 2287078ED48FCFC477B05B20CF38F36F ] blbdrive        C:\Windows\system32\DRIVERS\blbdrive.sys
19:15:47.0237 5384  blbdrive - ok
19:15:47.0284 5384  [ 9A5C671B7FBAE4865149BB11F59B91B2 ] bowser          C:\Windows\system32\DRIVERS\bowser.sys
19:15:47.0299 5384  bowser - ok
19:15:47.0331 5384  [ 9F9ACC7F7CCDE8A15C282D3F88B43309 ] BrFiltLo        C:\Windows\system32\DRIVERS\BrFiltLo.sys
19:15:47.0362 5384  BrFiltLo - ok
19:15:47.0393 5384  [ 56801AD62213A41F6497F96DEE83755A ] BrFiltUp        C:\Windows\system32\DRIVERS\BrFiltUp.sys
19:15:47.0424 5384  BrFiltUp - ok
19:15:47.0455 5384  [ A0E691DC6589D4D2CBE373171D1A49E5 ] Browser         C:\Windows\System32\browser.dll
19:15:47.0518 5384  Browser - ok
19:15:47.0549 5384  [ 845B8CE732E67F3B4133164868C666EA ] Brserid         C:\Windows\System32\Drivers\Brserid.sys
19:15:47.0596 5384  Brserid - ok
19:15:47.0627 5384  [ 203F0B1E73ADADBBB7B7B1FABD901F6B ] BrSerWdm        C:\Windows\System32\Drivers\BrSerWdm.sys
19:15:47.0674 5384  BrSerWdm - ok
19:15:47.0705 5384  [ BD456606156BA17E60A04E18016AE54B ] BrUsbMdm        C:\Windows\System32\Drivers\BrUsbMdm.sys
19:15:47.0736 5384  BrUsbMdm - ok
19:15:47.0767 5384  [ AF72ED54503F717A43268B3CC5FAEC2E ] BrUsbSer        C:\Windows\System32\Drivers\BrUsbSer.sys
19:15:47.0799 5384  BrUsbSer - ok
19:15:47.0814 5384  [ ED3DF7C56CE0084EB2034432FC56565A ] BTHMODEM        C:\Windows\system32\DRIVERS\bthmodem.sys
19:15:47.0845 5384  BTHMODEM - ok
19:15:47.0908 5384  [ 1DF19C96EEF6C29D1C3E1A8678E07190 ] bthserv         C:\Windows\system32\bthserv.dll
19:15:47.0970 5384  bthserv - ok
19:15:48.0033 5384  [ 77EA11B065E0A8AB902D78145CA51E10 ] cdfs            C:\Windows\system32\DRIVERS\cdfs.sys
19:15:48.0111 5384  cdfs - ok
19:15:48.0142 5384  [ E0042BD5BEF17A6A3EF1DF576BDE24D1 ] cdrbsdrv        C:\Windows\system32\drivers\cdrbsdrv.sys
19:15:48.0173 5384  cdrbsdrv ( UnsignedFile.Multi.Generic ) - warning
19:15:48.0173 5384  cdrbsdrv - detected UnsignedFile.Multi.Generic (1)
19:15:48.0204 5384  [ BA6E70AA0E6091BC39DE29477D866A77 ] cdrom           C:\Windows\system32\DRIVERS\cdrom.sys
19:15:48.0251 5384  cdrom - ok
19:15:48.0313 5384  [ 628A9E30EC5E18DD5DE6BE4DBDC12198 ] CertPropSvc     C:\Windows\System32\certprop.dll
19:15:48.0407 5384  CertPropSvc - ok
19:15:48.0423 5384  [ 3FE3FE94A34DF6FB06E6418D0F6A0060 ] circlass        C:\Windows\system32\DRIVERS\circlass.sys
19:15:48.0454 5384  circlass - ok
19:15:48.0485 5384  [ 635181E0E9BBF16871BF5380D71DB02D ] CLFS            C:\Windows\system32\CLFS.sys
19:15:48.0516 5384  CLFS - ok
19:15:49.0156 5384  [ D88040F816FDA31C3B466F0FA0918F29 ] clr_optimization_v2.0.50727_32 C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe
19:15:49.0171 5384  clr_optimization_v2.0.50727_32 - ok
19:15:49.0483 5384  [ C5A75EB48E2344ABDC162BDA79E16841 ] clr_optimization_v4.0.30319_32 C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe
19:15:49.0515 5384  clr_optimization_v4.0.30319_32 - ok
19:15:49.0593 5384  [ DEA805815E587DAD1DD2C502220B5616 ] CmBatt          C:\Windows\system32\DRIVERS\CmBatt.sys
19:15:49.0608 5384  CmBatt - ok
19:15:49.0686 5384  [ C537B1DB64D495B9B4717B4D6D9EDBF2 ] cmdide          C:\Windows\system32\DRIVERS\cmdide.sys
19:15:49.0702 5384  cmdide - ok
19:15:49.0858 5384  [ DB5E008B3744DD60C8498CBBF2A1CFA6 ] CNG             C:\Windows\system32\Drivers\cng.sys
19:15:49.0951 5384  CNG - ok
19:15:49.0998 5384  [ A6023D3823C37043986713F118A89BEE ] Compbatt        C:\Windows\system32\DRIVERS\compbatt.sys
19:15:50.0029 5384  Compbatt - ok
19:15:50.0061 5384  [ F1724BA27E97D627F808FB0BA77A28A6 ] CompositeBus    C:\Windows\system32\DRIVERS\CompositeBus.sys
19:15:50.0107 5384  CompositeBus - ok
19:15:50.0123 5384  COMSysApp - ok
19:15:50.0170 5384  [ 2C4EBCFC84A9B44F209DFF6C6E6C61D1 ] crcdisk         C:\Windows\system32\DRIVERS\crcdisk.sys
19:15:50.0185 5384  crcdisk - ok
19:15:50.0263 5384  [ 520A108A2657F4BCA7FCED9CA7D885DE ] CryptSvc        C:\Windows\system32\cryptsvc.dll
19:15:50.0669 5384  CryptSvc - ok
19:15:50.0731 5384  [ B82CD39E336973359D7C9BF911E8E84F ] DcomLaunch      C:\Windows\system32\rpcss.dll
19:15:50.0997 5384  DcomLaunch - ok
19:15:51.0043 5384  [ 8D6E10A2D9A5EED59562D9B82CF804E1 ] defragsvc       C:\Windows\System32\defragsvc.dll
19:15:51.0090 5384  defragsvc - ok
19:15:51.0121 5384  [ 83D1ECEA8FAAE75604C0FA49AC7AD996 ] DfsC            C:\Windows\system32\Drivers\dfsc.sys
19:15:51.0168 5384  DfsC - ok
19:15:51.0184 5384  [ C56495FBD770712367CAD35E5DE72DA6 ] Dhcp            C:\Windows\system32\dhcpcore.dll
19:15:51.0231 5384  Dhcp - ok
19:15:51.0262 5384  [ 1A050B0274BFB3890703D490F330C0DA ] discache        C:\Windows\system32\drivers\discache.sys
19:15:51.0324 5384  discache - ok
19:15:51.0371 5384  [ 565003F326F99802E68CA78F2A68E9FF ] Disk            C:\Windows\system32\DRIVERS\disk.sys
19:15:51.0387 5384  Disk - ok
19:15:51.0433 5384  [ B15BE77A2BACF9C3177D27518AFE26A9 ] Dnscache        C:\Windows\System32\dnsrslvr.dll
19:15:51.0480 5384  Dnscache - ok
19:15:51.0511 5384  [ 4408C85C21EEA48EB0CE486BAEEF0502 ] dot3svc         C:\Windows\System32\dot3svc.dll
19:15:51.0589 5384  dot3svc - ok
19:15:51.0605 5384  [ 7FA81C6E11CAA594ADB52084DA73A1E5 ] DPS             C:\Windows\system32\dps.dll
19:15:51.0683 5384  DPS - ok
19:15:51.0761 5384  [ B918E7C5F9BF77202F89E1A9539F2EB4 ] drmkaud         C:\Windows\system32\drivers\drmkaud.sys
19:15:51.0808 5384  drmkaud - ok
19:15:51.0948 5384  [ 1679A4669326CB1A67CC95658D273234 ] DXGKrnl         C:\Windows\System32\drivers\dxgkrnl.sys
19:15:51.0995 5384  DXGKrnl - ok
19:15:52.0026 5384  [ 8600142FA91C1B96367D3300AD0F3F3A ] EapHost         C:\Windows\System32\eapsvc.dll
19:15:52.0104 5384  EapHost - ok
19:15:52.0229 5384  [ 024E1B5CAC09731E4D868E64DBFB4AB0 ] ebdrv           C:\Windows\system32\DRIVERS\evbdx.sys
19:15:52.0385 5384  ebdrv - ok
19:15:52.0432 5384  [ C2243FF9E9AAD0C30E8B1A0914DA15B6 ] EFS             C:\Windows\System32\lsass.exe
19:15:52.0479 5384  EFS - ok
19:15:52.0697 5384  [ 1697C39978CD69F6FBC15302EDCECE1F ] ehRecvr         C:\Windows\ehome\ehRecvr.exe
19:15:52.0775 5384  ehRecvr - ok
19:15:52.0822 5384  [ D389BFF34F80CAEDE417BF9D1507996A ] ehSched         C:\Windows\ehome\ehsched.exe
19:15:52.0884 5384  ehSched - ok
19:15:52.0962 5384  [ 0ED67910C8C326796FAA00B2BF6D9D3C ] elxstor         C:\Windows\system32\DRIVERS\elxstor.sys
19:15:53.0009 5384  elxstor - ok
19:15:53.0040 5384  [ 8FC3208352DD3912C94367A206AB3F11 ] ErrDev          C:\Windows\system32\DRIVERS\errdev.sys
19:15:53.0087 5384  ErrDev - ok
19:15:53.0149 5384  [ F6916EFC29D9953D5D0DF06882AE8E16 ] EventSystem     C:\Windows\system32\es.dll
19:15:53.0227 5384  EventSystem - ok
19:15:53.0290 5384  [ 2DC9108D74081149CC8B651D3A26207F ] exfat           C:\Windows\system32\drivers\exfat.sys
19:15:53.0383 5384  exfat - ok
19:15:53.0446 5384  Fabs - ok
19:15:53.0493 5384  [ 7E0AB74553476622FB6AE36F73D97D35 ] fastfat         C:\Windows\system32\drivers\fastfat.sys
19:15:53.0586 5384  fastfat - ok
19:15:53.0664 5384  [ F7EA23CC5E6BF2181F3F399D54F6EFC1 ] Fax             C:\Windows\system32\fxssvc.exe
19:15:53.0727 5384  Fax - ok
19:15:53.0789 5384  [ E817A017F82DF2A1F8CFDBDA29388B29 ] fdc             C:\Windows\system32\DRIVERS\fdc.sys
19:15:53.0836 5384  fdc - ok
19:15:53.0883 5384  [ F3222C893BD2F5821A0179E5C71E88FB ] fdPHost         C:\Windows\system32\fdPHost.dll
19:15:53.0961 5384  fdPHost - ok
19:15:53.0992 5384  [ 7DBE8CBFE79EFBDEB98C9FB08D3A9A5B ] FDResPub        C:\Windows\system32\fdrespub.dll
19:15:54.0070 5384  FDResPub - ok
19:15:54.0101 5384  [ 6CF00369C97F3CF563BE99BE983D13D8 ] FileInfo        C:\Windows\system32\drivers\fileinfo.sys
19:15:54.0132 5384  FileInfo - ok
19:15:54.0148 5384  [ 42C51DC94C91DA21CB9196EB64C45DB9 ] Filetrace       C:\Windows\system32\drivers\filetrace.sys
19:15:54.0210 5384  Filetrace - ok
19:15:54.0319 5384  [ FFF1130F7C9FA01D093A1EDFC5CCE8FC ] FirebirdServerMAGIXInstance C:\Program Files\Common Files\MAGIX Services\Database\bin\fbserver.exe
19:15:54.0460 5384  FirebirdServerMAGIXInstance ( UnsignedFile.Multi.Generic ) - warning
19:15:54.0460 5384  FirebirdServerMAGIXInstance - detected UnsignedFile.Multi.Generic (1)
19:15:54.0522 5384  [ 87907AA70CB3C56600F1C2FB8841579B ] flpydisk        C:\Windows\system32\DRIVERS\flpydisk.sys
19:15:54.0553 5384  flpydisk - ok
19:15:54.0600 5384  [ 7520EC808E0C35E0EE6F841294316653 ] FltMgr          C:\Windows\system32\drivers\fltmgr.sys
19:15:54.0631 5384  FltMgr - ok
19:15:54.0694 5384  [ 7FE4995528A7529A761875151EE3D512 ] FontCache       C:\Windows\system32\FntCache.dll
19:15:54.0787 5384  FontCache - ok
19:15:54.0865 5384  [ E56F39F6B7FDA0AC77A79B0FD3DE1A2F ] FontCache3.0.0.0 C:\Windows\Microsoft.Net\Framework\v3.0\WPF\PresentationFontCache.exe
19:15:54.0881 5384  FontCache3.0.0.0 - ok
19:15:54.0897 5384  [ 1A16B57943853E598CFF37FE2B8CBF1D ] FsDepends       C:\Windows\system32\drivers\FsDepends.sys
19:15:54.0928 5384  FsDepends - ok
19:15:54.0975 5384  [ 500A9814FD9446A8126858A5A7F7D273 ] Fs_Rec          C:\Windows\system32\drivers\Fs_Rec.sys
19:15:54.0990 5384  Fs_Rec - ok
19:15:55.0037 5384  [ DAFBD9FE39197495AED6D51F3B85B5D2 ] fvevol          C:\Windows\system32\DRIVERS\fvevol.sys
19:15:55.0068 5384  fvevol - ok
19:15:55.0115 5384  [ 65EE0C7A58B65E74AE05637418153938 ] gagp30kx        C:\Windows\system32\DRIVERS\gagp30kx.sys
19:15:55.0131 5384  gagp30kx - ok
19:15:55.0177 5384  [ 8BA3C04702BF8F927AB36AE8313CA4EE ] gpsvc           C:\Windows\System32\gpsvc.dll
19:15:55.0240 5384  gpsvc - ok
19:15:55.0302 5384  [ C1B577B2169900F4CF7190C39F085794 ] gusvc           C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
19:15:55.0318 5384  gusvc - ok
19:15:55.0349 5384  [ C44E3C2BAB6837DB337DDEE7544736DB ] hcw85cir        C:\Windows\system32\drivers\hcw85cir.sys
19:15:55.0396 5384  hcw85cir - ok
19:15:55.0443 5384  [ 3530CAD25DEBA7DC7DE8BB51632CBC5F ] HdAudAddService C:\Windows\system32\drivers\HdAudio.sys
19:15:55.0474 5384  HdAudAddService - ok
19:15:55.0536 5384  [ 717A2207FD6F13AD3E664C7D5A43C7BF ] HDAudBus        C:\Windows\system32\DRIVERS\HDAudBus.sys
19:15:55.0567 5384  HDAudBus - ok
19:15:55.0614 5384  [ A88485DC6A7136C10D9A6C7E38FDFE3C ] HECI            C:\Windows\system32\DRIVERS\HECI.sys
19:15:55.0661 5384  HECI - ok
19:15:55.0692 5384  [ 1D58A7F3E11A9731D0EAAAA8405ACC36 ] HidBatt         C:\Windows\system32\DRIVERS\HidBatt.sys
19:15:55.0723 5384  HidBatt - ok
19:15:55.0739 5384  [ 89448F40E6DF260C206A193A4683BA78 ] HidBth          C:\Windows\system32\DRIVERS\hidbth.sys
19:15:55.0786 5384  HidBth - ok
19:15:55.0833 5384  [ CF50B4CF4A4F229B9F3C08351F99CA5E ] HidIr           C:\Windows\system32\DRIVERS\hidir.sys
19:15:55.0864 5384  HidIr - ok
19:15:55.0895 5384  [ 2BC6F6A1992B3A77F5F41432CA6B3B6B ] hidserv         C:\Windows\system32\hidserv.dll
19:15:55.0957 5384  hidserv - ok
19:15:56.0020 5384  [ 25072FB35AC90B25F9E4E3BACF774102 ] HidUsb          C:\Windows\system32\DRIVERS\hidusb.sys
19:15:56.0035 5384  HidUsb - ok
19:15:56.0067 5384  [ 741C2A45CA8407E374AABA3E330B7872 ] hkmsvc          C:\Windows\system32\kmsvc.dll
19:15:56.0129 5384  hkmsvc - ok
19:15:56.0145 5384  [ A768CA158BB06782A2835B907F4873C3 ] HomeGroupListener C:\Windows\system32\ListSvc.dll
19:15:56.0191 5384  HomeGroupListener - ok
19:15:56.0223 5384  [ FB08DEC5EF43D0C66D83B8E9694E7549 ] HomeGroupProvider C:\Windows\system32\provsvc.dll
19:15:56.0254 5384  HomeGroupProvider - ok
19:15:56.0285 5384  [ 295FDC419039090EB8B49FFDBB374549 ] HpSAMD          C:\Windows\system32\DRIVERS\HpSAMD.sys
19:15:56.0301 5384  HpSAMD - ok
19:15:56.0363 5384  [ C531C7FD9E8B62021112787C4E2C5A5A ] HTTP            C:\Windows\system32\drivers\HTTP.sys
19:15:56.0441 5384  HTTP - ok
19:15:56.0503 5384  [ 1720966D9C7EA5E2D78B6DB92D2F9171 ] hwdatacard      C:\Windows\system32\DRIVERS\ewusbmdm.sys
19:15:56.0550 5384  hwdatacard - ok
19:15:56.0581 5384  [ 8305F33CDE89AD6C7A0763ED0B5A8D42 ] hwpolicy        C:\Windows\system32\drivers\hwpolicy.sys
19:15:56.0597 5384  hwpolicy - ok
19:15:56.0644 5384  [ F151F0BDC47F4A28B1B20A0818EA36D6 ] i8042prt        C:\Windows\system32\DRIVERS\i8042prt.sys
19:15:56.0675 5384  i8042prt - ok
19:15:56.0784 5384  [ D5EDB998656E6ECF1A17C78DAB019A3C ] iaStor          C:\Windows\system32\DRIVERS\iaStor.sys
19:15:56.0815 5384  iaStor - ok
19:15:56.0862 5384  [ 7493EA4DE41348F7D3EDBF9DB298F56A ] IAStorDataMgrSvc C:\Program Files\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe
19:15:56.0878 5384  IAStorDataMgrSvc - ok
19:15:56.0940 5384  [ 71F1A494FEDF4B33C02C4A6A28D6D9E9 ] iaStorV         C:\Windows\system32\drivers\iaStorV.sys
19:15:56.0971 5384  iaStorV - ok
19:15:57.0096 5384  [ DAF66902F08796F9C694901660E5A64A ] IDriverT        C:\Program Files\Common Files\InstallShield\Driver\1150\Intel 32\IDriverT.exe
19:15:57.0096 5384  IDriverT ( UnsignedFile.Multi.Generic ) - warning
19:15:57.0096 5384  IDriverT - detected UnsignedFile.Multi.Generic (1)
19:15:57.0174 5384  [ 5AF815EB5BC9802E5A064E2BA62BFC0C ] idsvc           C:\Windows\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\infocard.exe
19:15:57.0237 5384  idsvc - ok
19:15:57.0517 5384  [ 8266AE06DF974E5BA047B3E9E9E70B3F ] igfx            C:\Windows\system32\DRIVERS\igdkmd32.sys
19:15:57.0876 5384  igfx - ok
19:15:57.0923 5384  [ 4173FF5708F3236CF25195FECD742915 ] iirsp           C:\Windows\system32\DRIVERS\iirsp.sys
19:15:57.0939 5384  iirsp - ok
19:15:58.0017 5384  [ FAC0EE6562B121B1399D6E855583F7A5 ] IKEEXT          C:\Windows\System32\ikeext.dll
19:15:58.0095 5384  IKEEXT - ok
19:15:58.0141 5384  [ 2DB41BA61D5E44D0667CF126D35DCF34 ] Impcd           C:\Windows\system32\DRIVERS\Impcd.sys
19:15:58.0173 5384  Impcd - ok
19:15:58.0297 5384  [ 8C513F0F34CBA1E146922562BEA4C7A1 ] IntcAzAudAddService C:\Windows\system32\drivers\RTKVHDA.sys
19:15:58.0438 5384  IntcAzAudAddService - ok
19:15:58.0500 5384  [ 29061F25ABB6E60A5B49FBEED7A5698A ] IntcDAud        C:\Windows\system32\DRIVERS\IntcDAud.sys
19:15:58.0531 5384  IntcDAud - ok
19:15:58.0578 5384  [ A0F12F2C9BA6C72F3987CE780E77C130 ] intelide        C:\Windows\system32\DRIVERS\intelide.sys
19:15:58.0594 5384  intelide - ok
19:15:58.0625 5384  [ 3B514D27BFC4ACCB4037BC6685F766E0 ] intelppm        C:\Windows\system32\DRIVERS\intelppm.sys
19:15:58.0656 5384  intelppm - ok
19:15:58.0687 5384  [ ACB364B9075A45C0736E5C47BE5CAE19 ] IPBusEnum       C:\Windows\system32\ipbusenum.dll
19:15:58.0750 5384  IPBusEnum - ok
19:15:58.0781 5384  [ 709D1761D3B19A932FF0238EA6D50200 ] IpFilterDriver  C:\Windows\system32\DRIVERS\ipfltdrv.sys
19:15:58.0828 5384  IpFilterDriver - ok
19:15:58.0875 5384  [ 477397B432A256A50EE7E4339EB9EA14 ] iphlpsvc        C:\Windows\System32\iphlpsvc.dll
19:15:58.0937 5384  iphlpsvc - ok
19:15:58.0984 5384  [ E4454B6C37D7FFD5649611F6496308A7 ] IPMIDRV         C:\Windows\system32\DRIVERS\IPMIDrv.sys
19:15:59.0015 5384  IPMIDRV - ok
19:15:59.0062 5384  [ A5FA468D67ABCDAA36264E463A7BB0CD ] IPNAT           C:\Windows\system32\drivers\ipnat.sys
19:15:59.0109 5384  IPNAT - ok
19:15:59.0140 5384  [ 42996CFF20A3084A56017B7902307E9F ] IRENUM          C:\Windows\system32\drivers\irenum.sys
19:15:59.0171 5384  IRENUM - ok
19:15:59.0187 5384  [ 1F32BB6B38F62F7DF1A7AB7292638A35 ] isapnp          C:\Windows\system32\DRIVERS\isapnp.sys
19:15:59.0202 5384  isapnp - ok
19:15:59.0233 5384  [ ED46C223AE46C6866AB77CDC41C404B7 ] iScsiPrt        C:\Windows\system32\DRIVERS\msiscsi.sys
19:15:59.0265 5384  iScsiPrt - ok
19:15:59.0311 5384  [ ADEF52CA1AEAE82B50DF86B56413107E ] kbdclass        C:\Windows\system32\DRIVERS\kbdclass.sys
19:15:59.0327 5384  kbdclass - ok
19:15:59.0374 5384  [ 3D9F0EBF350EDCFD6498057301455964 ] kbdhid          C:\Windows\system32\DRIVERS\kbdhid.sys
19:15:59.0405 5384  kbdhid - ok
19:15:59.0436 5384  [ C2243FF9E9AAD0C30E8B1A0914DA15B6 ] KeyIso          C:\Windows\system32\lsass.exe
19:15:59.0452 5384  KeyIso - ok
19:15:59.0483 5384  [ 52FC17C8589F11747D01D3CF592673D0 ] KSecDD          C:\Windows\system32\Drivers\ksecdd.sys
19:15:59.0499 5384  KSecDD - ok
19:15:59.0545 5384  [ 3E5474B03568CFAB834DA3C38E8C9EFA ] KSecPkg         C:\Windows\system32\Drivers\ksecpkg.sys
19:15:59.0561 5384  KSecPkg - ok
19:15:59.0608 5384  [ 89A7B9CC98D0D80C6F31B91C0A310FCD ] KtmRm           C:\Windows\system32\msdtckrm.dll
19:15:59.0670 5384  KtmRm - ok
19:15:59.0748 5384  [ 3705B2273E8EFC9A707864AB7324B614 ] L1C             C:\Windows\system32\DRIVERS\L1C62x86.sys
19:15:59.0779 5384  L1C - ok
19:15:59.0889 5384  [ 8F6BF790D3168224C16F2AF68A84438C ] LanmanServer    C:\Windows\system32\srvsvc.dll
19:15:59.0920 5384  LanmanServer - ok
19:15:59.0967 5384  [ B9891F885DCF1F0513A51CB58493CB1F ] LanmanWorkstation C:\Windows\System32\wkssvc.dll
19:16:00.0045 5384  LanmanWorkstation - ok
19:16:00.0091 5384  [ F7611EC07349979DA9B0AE1F18CCC7A6 ] lltdio          C:\Windows\system32\DRIVERS\lltdio.sys
19:16:00.0185 5384  lltdio - ok
19:16:00.0232 5384  [ 5700673E13A2117FA3B9020C852C01E2 ] lltdsvc         C:\Windows\System32\lltdsvc.dll
19:16:00.0310 5384  lltdsvc - ok
19:16:00.0325 5384  [ 55CA01BA19D0006C8F2639B6C045E08B ] lmhosts         C:\Windows\System32\lmhsvc.dll
19:16:00.0419 5384  lmhosts - ok
19:16:00.0481 5384  [ 1E2F802846EB944E0333EFEE7C9532A8 ] LMS             C:\Program Files\Intel\Intel(R) Management Engine Components\LMS\LMS.exe
19:16:00.0513 5384  LMS - ok
19:16:00.0575 5384  [ EB119A53CCF2ACC000AC71B065B78FEF ] LSI_FC          C:\Windows\system32\DRIVERS\lsi_fc.sys
19:16:00.0606 5384  LSI_FC - ok
19:16:00.0637 5384  [ 8ADE1C877256A22E49B75D1CC9161F9C ] LSI_SAS         C:\Windows\system32\DRIVERS\lsi_sas.sys
19:16:00.0669 5384  LSI_SAS - ok
19:16:00.0700 5384  [ DC9DC3D3DAA0E276FD2EC262E38B11E9 ] LSI_SAS2        C:\Windows\system32\DRIVERS\lsi_sas2.sys
19:16:00.0731 5384  LSI_SAS2 - ok
19:16:00.0762 5384  [ 0A036C7D7CAB643A7F07135AC47E0524 ] LSI_SCSI        C:\Windows\system32\DRIVERS\lsi_scsi.sys
19:16:00.0793 5384  LSI_SCSI - ok
19:16:00.0809 5384  [ 6703E366CC18D3B6E534F5CF7DF39CEE ] luafv           C:\Windows\system32\drivers\luafv.sys
19:16:00.0887 5384  luafv - ok
19:16:00.0996 5384  [ F453D1E6D881E8F8717E20CCD4199E85 ] McComponentHostService C:\Program Files\McAfee Security Scan\2.0.181\McCHSvc.exe
19:16:01.0027 5384  McComponentHostService - ok
19:16:01.0059 5384  [ E2B0887816ED336685954E3D8FDAA51D ] Mcx2Svc         C:\Windows\system32\Mcx2Svc.dll
19:16:01.0105 5384  Mcx2Svc - ok
19:16:01.0137 5384  [ 0FFF5B045293002AB38EB1FD1FC2FB74 ] megasas         C:\Windows\system32\DRIVERS\megasas.sys
19:16:01.0183 5384  megasas - ok
19:16:01.0215 5384  [ DCBAB2920C75F390CAF1D29F675D03D6 ] MegaSR          C:\Windows\system32\DRIVERS\MegaSR.sys
19:16:01.0261 5384  MegaSR - ok
19:16:01.0293 5384  [ 146B6F43A673379A3C670E86D89BE5EA ] MMCSS           C:\Windows\system32\mmcss.dll
19:16:01.0386 5384  MMCSS - ok
19:16:01.0433 5384  [ F001861E5700EE84E2D4E52C712F4964 ] Modem           C:\Windows\system32\drivers\modem.sys
19:16:01.0527 5384  Modem - ok
19:16:01.0542 5384  [ 79D10964DE86B292320E9DFE02282A23 ] monitor         C:\Windows\system32\DRIVERS\monitor.sys
19:16:01.0589 5384  monitor - ok
19:16:01.0636 5384  [ FB18CC1D4C2E716B6B903B0AC0CC0609 ] mouclass        C:\Windows\system32\DRIVERS\mouclass.sys
19:16:01.0651 5384  mouclass - ok
19:16:01.0698 5384  [ 2C388D2CD01C9042596CF3C8F3C7B24D ] mouhid          C:\Windows\system32\DRIVERS\mouhid.sys
19:16:01.0745 5384  mouhid - ok
19:16:01.0792 5384  [ 921C18727C5920D6C0300736646931C2 ] mountmgr        C:\Windows\system32\drivers\mountmgr.sys
19:16:01.0807 5384  mountmgr - ok
19:16:01.0885 5384  [ CB8AF049AC9BE419A77ADAE288673359 ] MozillaMaintenance C:\Program Files\Mozilla Maintenance Service\maintenanceservice.exe
19:16:01.0901 5384  MozillaMaintenance - ok
19:16:01.0932 5384  [ 2AF5997438C55FB79D33D015C30E1974 ] mpio            C:\Windows\system32\DRIVERS\mpio.sys
19:16:01.0963 5384  mpio - ok
19:16:01.0963 5384  [ AD2723A7B53DD1AACAE6AD8C0BFBF4D0 ] mpsdrv          C:\Windows\system32\drivers\mpsdrv.sys
19:16:02.0026 5384  mpsdrv - ok
19:16:02.0073 5384  [ 5CD996CECF45CBC3E8D109C86B82D69E ] MpsSvc          C:\Windows\system32\mpssvc.dll
19:16:02.0166 5384  MpsSvc - ok
19:16:02.0182 5384  [ B1BE47008D20E43DA3ADC37C24CDB89D ] MRxDAV          C:\Windows\system32\drivers\mrxdav.sys
19:16:02.0213 5384  MRxDAV - ok
19:16:02.0275 5384  [ CA7570E42522E24324A12161DB14EC02 ] mrxsmb          C:\Windows\system32\DRIVERS\mrxsmb.sys
19:16:02.0291 5384  mrxsmb - ok
19:16:02.0353 5384  [ F965C3AB2B2AE5C378F4562486E35051 ] mrxsmb10        C:\Windows\system32\DRIVERS\mrxsmb10.sys
19:16:02.0385 5384  mrxsmb10 - ok
19:16:02.0431 5384  [ 25C38264A3C72594DD21D355D70D7A5D ] mrxsmb20        C:\Windows\system32\DRIVERS\mrxsmb20.sys
19:16:02.0447 5384  mrxsmb20 - ok
19:16:02.0478 5384  [ 4326D168944123F38DD3B2D9C37A0B12 ] msahci          C:\Windows\system32\DRIVERS\msahci.sys
19:16:02.0494 5384  msahci - ok
19:16:02.0525 5384  [ 455029C7174A2DBB03DBA8A0D8BDDD9A ] msdsm           C:\Windows\system32\DRIVERS\msdsm.sys
19:16:02.0541 5384  msdsm - ok
19:16:02.0572 5384  [ E1BCE74A3BD9902B72599C0192A07E27 ] MSDTC           C:\Windows\System32\msdtc.exe
19:16:02.0603 5384  MSDTC - ok
19:16:02.0665 5384  [ DAEFB28E3AF5A76ABCC2C3078C07327F ] Msfs            C:\Windows\system32\drivers\Msfs.sys
19:16:02.0712 5384  Msfs - ok
19:16:02.0759 5384  [ 3E1E5767043C5AF9367F0056295E9F84 ] mshidkmdf       C:\Windows\System32\drivers\mshidkmdf.sys
19:16:02.0853 5384  mshidkmdf - ok
19:16:02.0884 5384  [ 0A4E5757AE09FA9622E3158CC1AEF114 ] msisadrv        C:\Windows\system32\DRIVERS\msisadrv.sys
19:16:02.0915 5384  msisadrv - ok
19:16:02.0977 5384  [ 90F7D9E6B6F27E1A707D4A297F077828 ] MSiSCSI         C:\Windows\system32\iscsiexe.dll
19:16:03.0055 5384  MSiSCSI - ok
19:16:03.0071 5384  msiserver - ok
19:16:03.0118 5384  [ 8C0860D6366AAFFB6C5BB9DF9448E631 ] MSKSSRV         C:\Windows\system32\drivers\MSKSSRV.sys
19:16:03.0196 5384  MSKSSRV - ok
19:16:03.0243 5384  [ 3EA8B949F963562CEDBB549EAC0C11CE ] MSPCLOCK        C:\Windows\system32\drivers\MSPCLOCK.sys
19:16:03.0321 5384  MSPCLOCK - ok
19:16:03.0336 5384  [ F456E973590D663B1073E9C463B40932 ] MSPQM           C:\Windows\system32\drivers\MSPQM.sys
19:16:03.0414 5384  MSPQM - ok
19:16:03.0430 5384  [ 0E008FC4819D238C51D7C93E7B41E560 ] MsRPC           C:\Windows\system32\drivers\MsRPC.sys
19:16:03.0445 5384  MsRPC - ok
19:16:03.0492 5384  [ FC6B9FF600CC585EA38B12589BD4E246 ] mssmbios        C:\Windows\system32\DRIVERS\mssmbios.sys
19:16:03.0508 5384  mssmbios - ok
19:16:03.0539 5384  [ B42C6B921F61A6E55159B8BE6CD54A36 ] MSTEE           C:\Windows\system32\drivers\MSTEE.sys
19:16:03.0586 5384  MSTEE - ok
19:16:03.0648 5384  [ 33599130F44E1F34631CEA241DE8AC84 ] MTConfig        C:\Windows\system32\DRIVERS\MTConfig.sys
19:16:03.0679 5384  MTConfig - ok
19:16:03.0711 5384  [ 159FAD02F64E6381758C990F753BCC80 ] Mup             C:\Windows\system32\Drivers\mup.sys
19:16:03.0726 5384  Mup - ok
19:16:03.0835 5384  [ 80284F1985C70C86F0B5F86DA2DFE1DF ] napagent        C:\Windows\system32\qagentRT.dll
19:16:03.0929 5384  napagent - ok
19:16:03.0976 5384  [ 26384429FCD85D83746F63E798AB1480 ] NativeWifiP     C:\Windows\system32\DRIVERS\nwifi.sys
19:16:04.0038 5384  NativeWifiP - ok
19:16:04.0069 5384  [ 23759D175A0A9BAAF04D05047BC135A8 ] NDIS            C:\Windows\system32\drivers\ndis.sys
19:16:04.0132 5384  NDIS - ok
19:16:04.0179 5384  [ 0E1787AA6C9191D3D319E8BAFE86F80C ] NdisCap         C:\Windows\system32\DRIVERS\ndiscap.sys
19:16:04.0257 5384  NdisCap - ok
19:16:04.0288 5384  [ E4A8AEC125A2E43A9E32AFEEA7C9C888 ] NdisTapi        C:\Windows\system32\DRIVERS\ndistapi.sys
19:16:04.0366 5384  NdisTapi - ok
19:16:04.0397 5384  [ B30AE7F2B6D7E343B0DF32E6C08FCE75 ] Ndisuio         C:\Windows\system32\DRIVERS\ndisuio.sys
19:16:04.0475 5384  Ndisuio - ok
19:16:04.0491 5384  [ 267C415EADCBE53C9CA873DEE39CF3A4 ] NdisWan         C:\Windows\system32\DRIVERS\ndiswan.sys
19:16:04.0569 5384  NdisWan - ok
19:16:04.0584 5384  [ AF7E7C63DCEF3F8772726F86039D6EB4 ] NDProxy         C:\Windows\system32\drivers\NDProxy.sys
19:16:04.0647 5384  NDProxy - ok
19:16:04.0693 5384  [ 80B275B1CE3B0E79909DB7B39AF74D51 ] NetBIOS         C:\Windows\system32\DRIVERS\netbios.sys
19:16:04.0771 5384  NetBIOS - ok
19:16:04.0818 5384  [ DD52A733BF4CA5AF84562A5E2F963B91 ] NetBT           C:\Windows\system32\DRIVERS\netbt.sys
19:16:04.0881 5384  NetBT - ok
19:16:04.0912 5384  [ C2243FF9E9AAD0C30E8B1A0914DA15B6 ] Netlogon        C:\Windows\system32\lsass.exe
19:16:04.0927 5384  Netlogon - ok
19:16:04.0990 5384  [ 7CCCFCA7510684768DA22092D1FA4DB2 ] Netman          C:\Windows\System32\netman.dll
19:16:05.0068 5384  Netman - ok
19:16:05.0099 5384  [ 8C338238C16777A802D6A9211EB2BA50 ] netprofm        C:\Windows\System32\netprofm.dll
19:16:05.0161 5384  netprofm - ok
19:16:05.0193 5384  [ FE2AA5A684B0DD9B1FAE57B7817C198B ] NetTcpPortSharing C:\Windows\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\SMSvcHost.exe
19:16:05.0208 5384  NetTcpPortSharing - ok
19:16:05.0239 5384  [ 1D85C4B390B0EE09C7A46B91EFB2C097 ] nfrd960         C:\Windows\system32\DRIVERS\nfrd960.sys
19:16:05.0271 5384  nfrd960 - ok
19:16:05.0317 5384  [ 2226496E34BD40734946A054B1CD657F ] NlaSvc          C:\Windows\System32\nlasvc.dll
19:16:05.0395 5384  NlaSvc - ok
19:16:05.0458 5384  [ 1DB262A9F8C087E8153D89BEF3D2235F ] Npfs            C:\Windows\system32\drivers\Npfs.sys
19:16:05.0536 5384  Npfs - ok
19:16:05.0551 5384  [ BA387E955E890C8A88306D9B8D06BF17 ] nsi             C:\Windows\system32\nsisvc.dll
19:16:05.0629 5384  nsi - ok
19:16:05.0645 5384  [ E9A0A4D07E53D8FEA2BB8387A3293C58 ] nsiproxy        C:\Windows\system32\drivers\nsiproxy.sys
19:16:05.0723 5384  nsiproxy - ok
19:16:05.0817 5384  [ 187002CE05693C306F43C873F821381F ] Ntfs            C:\Windows\system32\drivers\Ntfs.sys
19:16:05.0895 5384  Ntfs - ok
19:16:05.0926 5384  [ F9756A98D69098DCA8945D62858A812C ] Null            C:\Windows\system32\drivers\Null.sys
19:16:05.0988 5384  Null - ok
19:16:06.0643 5384  [ 79E32439C1BFF32890BF47724C3074FF ] nvlddmkm        C:\Windows\system32\DRIVERS\nvlddmkm.sys
19:16:07.0143 5384  nvlddmkm - ok
19:16:07.0205 5384  [ F1B0BED906F97E16F6D0C3629D2F21C6 ] nvraid          C:\Windows\system32\drivers\nvraid.sys
19:16:07.0221 5384  nvraid - ok
19:16:07.0299 5384  [ 4520B63899E867F354EE012D34E11536 ] nvstor          C:\Windows\system32\drivers\nvstor.sys
19:16:07.0314 5384  nvstor - ok
19:16:07.0377 5384  [ 4878BAEB44A818E8C094809082D52E08 ] nvsvc           C:\Windows\system32\nvvsvc.exe
19:16:07.0408 5384  nvsvc - ok
19:16:07.0423 5384  [ 5A0983915F02BAE73267CC2A041F717D ] nv_agp          C:\Windows\system32\DRIVERS\nv_agp.sys
19:16:07.0455 5384  nv_agp - ok
19:16:07.0486 5384  [ 08A70A1F2CDDE9BB49B885CB817A66EB ] ohci1394        C:\Windows\system32\DRIVERS\ohci1394.sys
19:16:07.0517 5384  ohci1394 - ok
19:16:07.0564 5384  [ 82A8521DDC60710C3D3D3E7325209BEC ] p2pimsvc        C:\Windows\system32\pnrpsvc.dll
19:16:07.0642 5384  p2pimsvc - ok
19:16:07.0704 5384  [ 59C3DDD501E39E006DAC31BF55150D91 ] p2psvc          C:\Windows\system32\p2psvc.dll
19:16:07.0751 5384  p2psvc - ok
19:16:07.0798 5384  [ 2EA877ED5DD9713C5AC74E8EA7348D14 ] Parport         C:\Windows\system32\DRIVERS\parport.sys
19:16:07.0829 5384  Parport - ok
19:16:07.0876 5384  [ 66D3415C159741ADE7038A277EFFF99F ] partmgr         C:\Windows\system32\drivers\partmgr.sys
19:16:07.0907 5384  partmgr - ok
19:16:07.0954 5384  [ EB0A59F29C19B86479D36B35983DAADC ] Parvdm          C:\Windows\system32\DRIVERS\parvdm.sys
19:16:08.0001 5384  Parvdm - ok
19:16:08.0016 5384  [ 358AB7956D3160000726574083DFC8A6 ] PcaSvc          C:\Windows\System32\pcasvc.dll
19:16:08.0063 5384  PcaSvc - ok
19:16:08.0079 5384  [ C858CB77C577780ECC456A892E7E7D0F ] pci             C:\Windows\system32\DRIVERS\pci.sys
19:16:08.0110 5384  pci - ok
19:16:08.0172 5384  [ AFE86F419014DB4E5593F69FFE26CE0A ] pciide          C:\Windows\system32\DRIVERS\pciide.sys
19:16:08.0203 5384  pciide - ok
19:16:08.0235 5384  [ F396431B31693E71E8A80687EF523506 ] pcmcia          C:\Windows\system32\DRIVERS\pcmcia.sys
19:16:08.0266 5384  pcmcia - ok
19:16:08.0313 5384  [ 250F6B43D2B613172035C6747AEEB19F ] pcw             C:\Windows\system32\drivers\pcw.sys
19:16:08.0328 5384  pcw - ok
19:16:08.0375 5384  [ 9E0104BA49F4E6973749A02BF41344ED ] PEAUTH          C:\Windows\system32\drivers\peauth.sys
19:16:08.0453 5384  PEAUTH - ok
19:16:08.0547 5384  [ 9C1BFF7910C89A1D12E57343475840CB ] pla             C:\Windows\system32\pla.dll
19:16:08.0703 5384  pla - ok
19:16:08.0765 5384  [ 71DEF5EC79774C798342D0EA16E41780 ] PlugPlay        C:\Windows\system32\umpnpmgr.dll
19:16:08.0812 5384  PlugPlay - ok
19:16:08.0843 5384  [ 63FF8572611249931EB16BB8EED6AFC8 ] PNRPAutoReg     C:\Windows\system32\pnrpauto.dll
19:16:08.0890 5384  PNRPAutoReg - ok
19:16:08.0921 5384  [ 82A8521DDC60710C3D3D3E7325209BEC ] PNRPsvc         C:\Windows\system32\pnrpsvc.dll
19:16:08.0952 5384  PNRPsvc - ok
19:16:08.0999 5384  [ 48E1B75C6DC0232FD92BAAE4BD344721 ] PolicyAgent     C:\Windows\System32\ipsecsvc.dll
19:16:09.0093 5384  PolicyAgent - ok
19:16:09.0139 5384  [ DBFF83F709A91049621C1D35DD45C92C ] Power           C:\Windows\system32\umpo.dll
19:16:09.0202 5384  Power - ok
19:16:09.0264 5384  [ 631E3E205AD6D86F2AED6A4A8E69F2DB ] PptpMiniport    C:\Windows\system32\DRIVERS\raspptp.sys
19:16:09.0327 5384  PptpMiniport - ok
19:16:09.0358 5384  [ 85B1E3A0C7585BC4AAE6899EC6FCF011 ] Processor       C:\Windows\system32\DRIVERS\processr.sys
19:16:09.0389 5384  Processor - ok
19:16:09.0436 5384  [ AEA3BDBDBA667AA6F678CB38907E4F5E ] ProfSvc         C:\Windows\system32\profsvc.dll
19:16:09.0483 5384  ProfSvc - ok
19:16:09.0514 5384  [ C2243FF9E9AAD0C30E8B1A0914DA15B6 ] ProtectedStorage C:\Windows\system32\lsass.exe
19:16:09.0545 5384  ProtectedStorage - ok
19:16:09.0576 5384  [ F115AF58ABE5605D7D709CBFBD83F418 ] ProtexisLicensing C:\Windows\system32\PSIService.exe
19:16:09.0607 5384  ProtexisLicensing - ok
19:16:09.0654 5384  [ 6270CCAE2A86DE6D146529FE55B3246A ] Psched          C:\Windows\system32\DRIVERS\pacer.sys
19:16:09.0717 5384  Psched - ok
19:16:09.0795 5384  [ AB95ECF1F6659A60DDC166D8315B0751 ] ql2300          C:\Windows\system32\DRIVERS\ql2300.sys
19:16:09.0873 5384  ql2300 - ok
19:16:09.0919 5384  [ B4DD51DD25182244B86737DC51AF2270 ] ql40xx          C:\Windows\system32\DRIVERS\ql40xx.sys
19:16:09.0951 5384  ql40xx - ok
19:16:09.0982 5384  [ 31AC809E7707EB580B2BDB760390765A ] QWAVE           C:\Windows\system32\qwave.dll
19:16:10.0029 5384  QWAVE - ok
19:16:10.0060 5384  [ 584078CA1B95CA72DF2A27C336F9719D ] QWAVEdrv        C:\Windows\system32\drivers\qwavedrv.sys
19:16:10.0091 5384  QWAVEdrv - ok
19:16:10.0107 5384  [ 30A81B53C766D0133BB86D234E5556AB ] RasAcd          C:\Windows\system32\DRIVERS\rasacd.sys
19:16:10.0185 5384  RasAcd - ok
19:16:10.0247 5384  [ 57EC4AEF73660166074D8F7F31C0D4FD ] RasAgileVpn     C:\Windows\system32\DRIVERS\AgileVpn.sys
19:16:10.0341 5384  RasAgileVpn - ok
19:16:10.0372 5384  [ A60F1839849C0C00739787FD5EC03F13 ] RasAuto         C:\Windows\System32\rasauto.dll
19:16:10.0450 5384  RasAuto - ok
19:16:10.0465 5384  [ D9F91EAFEC2815365CBE6D167E4E332A ] Rasl2tp         C:\Windows\system32\DRIVERS\rasl2tp.sys
19:16:10.0543 5384  Rasl2tp - ok
19:16:10.0590 5384  [ 0CE66EC736B7FC526D78F7624C7D2A94 ] RasMan          C:\Windows\System32\rasmans.dll
19:16:10.0684 5384  RasMan - ok
19:16:10.0684 5384  [ 0FE8B15916307A6AC12BFB6A63E45507 ] RasPppoe        C:\Windows\system32\DRIVERS\raspppoe.sys
19:16:10.0762 5384  RasPppoe - ok
19:16:10.0793 5384  [ 44101F495A83EA6401D886E7FD70096B ] RasSstp         C:\Windows\system32\DRIVERS\rassstp.sys
19:16:10.0855 5384  RasSstp - ok
19:16:10.0871 5384  [ 835D7E81BF517A3B72384BDCC85E1CE6 ] rdbss           C:\Windows\system32\DRIVERS\rdbss.sys
19:16:10.0949 5384  rdbss - ok
19:16:10.0980 5384  [ 0D8F05481CB76E70E1DA06EE9F0DA9DF ] rdpbus          C:\Windows\system32\DRIVERS\rdpbus.sys
19:16:11.0027 5384  rdpbus - ok
19:16:11.0043 5384  [ 1E016846895B15A99F9A176A05029075 ] RDPCDD          C:\Windows\system32\DRIVERS\RDPCDD.sys
19:16:11.0121 5384  RDPCDD - ok
19:16:11.0152 5384  [ 5A53CA1598DD4156D44196D200C94B8A ] RDPENCDD        C:\Windows\system32\drivers\rdpencdd.sys
19:16:11.0214 5384  RDPENCDD - ok
19:16:11.0230 5384  [ 44B0A53CD4F27D50ED461DAE0C0B4E1F ] RDPREFMP        C:\Windows\system32\drivers\rdprefmp.sys
19:16:11.0292 5384  RDPREFMP - ok
19:16:11.0339 5384  [ C5B8D47A4688DE9D335204EA757C2240 ] RDPWD           C:\Windows\system32\drivers\RDPWD.sys
19:16:11.0386 5384  RDPWD - ok
19:16:11.0448 5384  [ 4EA225BF1CF05E158853F30A99CA29A7 ] rdyboost        C:\Windows\system32\drivers\rdyboost.sys
19:16:11.0479 5384  rdyboost - ok
19:16:11.0542 5384  [ 7B5E1419717FAC363A31CC302895217A ] RemoteAccess    C:\Windows\System32\mprdim.dll
19:16:11.0620 5384  RemoteAccess - ok
19:16:11.0651 5384  [ CB9A8683F4EF2BF99E123D79950D7935 ] RemoteRegistry  C:\Windows\system32\regsvc.dll
19:16:11.0745 5384  RemoteRegistry - ok
19:16:11.0838 5384  [ 616F6E52CAE254727A886BA8EDA1BEEA ] RichVideo       C:\Program Files\CyberLink\Shared Files\RichVideo.exe
19:16:11.0854 5384  RichVideo - ok
19:16:11.0885 5384  [ 78D072F35BC45D9E4E1B61895C152234 ] RpcEptMapper    C:\Windows\System32\RpcEpMap.dll
19:16:11.0963 5384  RpcEptMapper - ok
19:16:12.0010 5384  [ 94D36C0E44677DD26981D2BFEEF2A29D ] RpcLocator      C:\Windows\system32\locator.exe
19:16:12.0057 5384  RpcLocator - ok
19:16:12.0088 5384  [ B82CD39E336973359D7C9BF911E8E84F ] RpcSs           C:\Windows\system32\rpcss.dll
19:16:12.0166 5384  RpcSs - ok
19:16:12.0228 5384  [ 032B0D36AD92B582D869879F5AF5B928 ] rspndr          C:\Windows\system32\DRIVERS\rspndr.sys
19:16:12.0306 5384  rspndr - ok
19:16:12.0353 5384  [ EF8B2AFC3C0751C5E5A59983C8893260 ] RSUSBSTOR       C:\Windows\System32\Drivers\RtsUStor.sys
19:16:12.0400 5384  RSUSBSTOR - ok
19:16:12.0478 5384  [ 2A529A3DF6458C93663BAD515BA8680C ] rtl8192se       C:\Windows\system32\DRIVERS\rtl8192se.sys
19:16:12.0540 5384  rtl8192se - ok
19:16:12.0556 5384  RtsUIR - ok
19:16:12.0587 5384  [ C2243FF9E9AAD0C30E8B1A0914DA15B6 ] SamSs           C:\Windows\system32\lsass.exe
19:16:12.0603 5384  SamSs - ok
19:16:12.0649 5384  [ 34EE0C44B724E3E4CE2EFF29126DE5B5 ] sbp2port        C:\Windows\system32\DRIVERS\sbp2port.sys
19:16:12.0681 5384  sbp2port - ok
19:16:12.0727 5384  [ 8FC518FFE9519C2631D37515A68009C4 ] SCardSvr        C:\Windows\System32\SCardSvr.dll
19:16:12.0805 5384  SCardSvr - ok
19:16:12.0837 5384  [ A95C54B2AC3CC9C73FCDF9E51A1D6B51 ] scfilter        C:\Windows\system32\DRIVERS\scfilter.sys
19:16:12.0883 5384  scfilter - ok
19:16:12.0977 5384  [ DF1E5C82E4D09CF8105CC644980C4803 ] Schedule        C:\Windows\system32\schedsvc.dll
19:16:13.0086 5384  Schedule - ok
19:16:13.0133 5384  [ 628A9E30EC5E18DD5DE6BE4DBDC12198 ] SCPolicySvc     C:\Windows\System32\certprop.dll
19:16:13.0195 5384  SCPolicySvc - ok
19:16:13.0242 5384  [ 5FD90ABDBFAEE85986802622CBB03446 ] SDRSVC          C:\Windows\System32\SDRSVC.dll
19:16:13.0289 5384  SDRSVC - ok
19:16:13.0367 5384  [ 271077B91D7AD1B616F8AFDFE8E3F981 ] SeaPort         C:\Program Files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe
19:16:13.0398 5384  SeaPort - ok
19:16:13.0445 5384  [ 90A3935D05B494A5A39D37E71F09A677 ] secdrv          C:\Windows\system32\drivers\secdrv.sys
19:16:13.0539 5384  secdrv - ok
19:16:13.0570 5384  [ A59B3A4442C52060CC7A85293AA3546F ] seclogon        C:\Windows\system32\seclogon.dll
19:16:13.0632 5384  seclogon - ok
19:16:13.0663 5384  [ DCB7FCDCC97F87360F75D77425B81737 ] SENS            C:\Windows\System32\sens.dll
19:16:13.0741 5384  SENS - ok
19:16:13.0757 5384  [ 50087FE1EE447009C9CC2997B90DE53F ] SensrSvc        C:\Windows\system32\sensrsvc.dll
19:16:13.0819 5384  SensrSvc - ok
19:16:13.0851 5384  [ 9AD8B8B515E3DF6ACD4212EF465DE2D1 ] Serenum         C:\Windows\system32\DRIVERS\serenum.sys
19:16:13.0897 5384  Serenum - ok
19:16:13.0944 5384  [ 5FB7FCEA0490D821F26F39CC5EA3D1E2 ] Serial          C:\Windows\system32\DRIVERS\serial.sys
19:16:13.0975 5384  Serial - ok
19:16:13.0991 5384  [ 79BFFB520327FF916A582DFEA17AA813 ] sermouse        C:\Windows\system32\DRIVERS\sermouse.sys
19:16:14.0022 5384  sermouse - ok
19:16:14.0069 5384  [ 8F55CE568C543D5ADF45C409D16718FC ] SessionEnv      C:\Windows\system32\sessenv.dll
19:16:14.0163 5384  SessionEnv - ok
19:16:14.0194 5384  [ 9F976E1EB233DF46FCE808D9DEA3EB9C ] sffdisk         C:\Windows\system32\DRIVERS\sffdisk.sys
19:16:14.0241 5384  sffdisk - ok
19:16:14.0272 5384  [ 932A68EE27833CFD57C1639D375F2731 ] sffp_mmc        C:\Windows\system32\DRIVERS\sffp_mmc.sys
19:16:14.0303 5384  sffp_mmc - ok
19:16:14.0350 5384  [ 4F1E5B0FE7C8050668DBFADE8999AEFB ] sffp_sd         C:\Windows\system32\DRIVERS\sffp_sd.sys
19:16:14.0397 5384  sffp_sd - ok
19:16:14.0443 5384  [ DB96666CC8312EBC45032F30B007A547 ] sfloppy         C:\Windows\system32\DRIVERS\sfloppy.sys
19:16:14.0475 5384  sfloppy - ok
19:16:14.0537 5384  [ D1A079A0DE2EA524513B6930C24527A2 ] SharedAccess    C:\Windows\System32\ipnathlp.dll
19:16:14.0615 5384  SharedAccess - ok
19:16:14.0755 5384  [ CD2E48FA5B29EE2B3B5858056D246EF2 ] ShellHWDetection C:\Windows\System32\shsvcs.dll
19:16:14.0818 5384  ShellHWDetection - ok
19:16:14.0849 5384  [ 2565CAC0DC9FE0371BDCE60832582B2E ] sisagp          C:\Windows\system32\DRIVERS\sisagp.sys
19:16:14.0880 5384  sisagp - ok
19:16:14.0896 5384  [ A9F0486851BECB6DDA1D89D381E71055 ] SiSRaid2        C:\Windows\system32\DRIVERS\SiSRaid2.sys
19:16:14.0927 5384  SiSRaid2 - ok
19:16:14.0958 5384  [ 3727097B55738E2F554972C3BE5BC1AA ] SiSRaid4        C:\Windows\system32\DRIVERS\sisraid4.sys
19:16:14.0974 5384  SiSRaid4 - ok
19:16:15.0036 5384  [ 3E21C083B8A01CB70BA1F09303010FCE ] Smb             C:\Windows\system32\DRIVERS\smb.sys
19:16:15.0114 5384  Smb - ok
19:16:15.0161 5384  [ 6A984831644ECA1A33FFEAE4126F4F37 ] SNMPTRAP        C:\Windows\System32\snmptrap.exe
19:16:15.0208 5384  SNMPTRAP - ok
19:16:15.0223 5384  [ 95CF1AE7527FB70F7816563CBC09D942 ] spldr           C:\Windows\system32\drivers\spldr.sys
19:16:15.0255 5384  spldr - ok
19:16:15.0379 5384  [ E17323B0AA9FB3FF9945731D736EDA2F ] Spooler         C:\Windows\System32\spoolsv.exe
19:16:15.0457 5384  Spooler - ok
19:16:16.0159 5384  [ 4C287F9069FEDBD791178876EE9DE536 ] sppsvc          C:\Windows\system32\sppsvc.exe
19:16:16.0347 5384  sppsvc - ok
19:16:16.0378 5384  [ D8E3E19EEBDAB49DD4A8D3062EAD4EC7 ] sppuinotify     C:\Windows\system32\sppuinotify.dll
19:16:16.0471 5384  sppuinotify - ok
19:16:16.0518 5384  [ C4A027B8C0BD3FC0699F41FA5E9E0C87 ] srv             C:\Windows\system32\DRIVERS\srv.sys
19:16:16.0549 5384  srv - ok
19:16:16.0565 5384  [ 414BB592CAD8A79649D01F9D94318FB3 ] srv2            C:\Windows\system32\DRIVERS\srv2.sys
19:16:16.0627 5384  srv2 - ok
19:16:16.0659 5384  [ FF207D67700AA18242AAF985D3E7D8F4 ] srvnet          C:\Windows\system32\DRIVERS\srvnet.sys
19:16:16.0721 5384  srvnet - ok
19:16:16.0783 5384  [ D887C9FD02AC9FA880F6E5027A43E118 ] SSDPSRV         C:\Windows\System32\ssdpsrv.dll
19:16:16.0861 5384  SSDPSRV - ok
19:16:16.0908 5384  [ A36EE93698802CD899F98BFD553D8185 ] ssmdrv          C:\Windows\system32\DRIVERS\ssmdrv.sys
19:16:16.0924 5384  ssmdrv - ok
19:16:16.0924 5384  [ D318F23BE45D5E3A107469EB64815B50 ] SstpSvc         C:\Windows\system32\sstpsvc.dll
19:16:17.0002 5384  SstpSvc - ok
19:16:17.0033 5384  [ DB32D325C192B801DF274BFD12A7E72B ] stexstor        C:\Windows\system32\DRIVERS\stexstor.sys
19:16:17.0064 5384  stexstor - ok
19:16:17.0111 5384  [ A22825E7BB7018E8AF3E229A5AF17221 ] StiSvc          C:\Windows\System32\wiaservc.dll
19:16:17.0173 5384  StiSvc - ok
19:16:17.0189 5384  [ E58C78A848ADD9610A4DB6D214AF5224 ] swenum          C:\Windows\system32\DRIVERS\swenum.sys
19:16:17.0220 5384  swenum - ok
19:16:17.0251 5384  [ A28BD92DF340E57B024BA433165D34D7 ] swprv           C:\Windows\System32\swprv.dll
19:16:17.0329 5384  swprv - ok
19:16:17.0392 5384  [ D776EB85A20696D9D43129CCF6E703E2 ] SynTP           C:\Windows\system32\DRIVERS\SynTP.sys
19:16:17.0423 5384  SynTP - ok
19:16:17.0485 5384  [ 04105C8DA62353589C29BDAEB8D88BD8 ] SysMain         C:\Windows\system32\sysmain.dll
19:16:17.0595 5384  SysMain - ok
19:16:17.0626 5384  [ FCFB6C552FBC0DA299799CBD50AD9FD4 ] TabletInputService C:\Windows\System32\TabSvc.dll
19:16:17.0673 5384  TabletInputService - ok
19:16:17.0688 5384  [ 2F46B0C70A4ADC8C90CF825DA3B4FEAF ] TapiSrv         C:\Windows\System32\tapisrv.dll
19:16:17.0766 5384  TapiSrv - ok
19:16:17.0782 5384  [ B799D9FDB26111737F58288D8DC172D9 ] TBS             C:\Windows\System32\tbssvc.dll
19:16:17.0875 5384  TBS - ok
19:16:17.0938 5384  [ 55E9965552741F3850CB22CBBA9671ED ] Tcpip           C:\Windows\system32\drivers\tcpip.sys
19:16:18.0031 5384  Tcpip - ok
19:16:18.0094 5384  [ 55E9965552741F3850CB22CBBA9671ED ] TCPIP6          C:\Windows\system32\DRIVERS\tcpip.sys
19:16:18.0172 5384  TCPIP6 - ok
19:16:18.0203 5384  [ E64444523ADD154F86567C469BC0B17F ] tcpipreg        C:\Windows\system32\drivers\tcpipreg.sys
19:16:18.0281 5384  tcpipreg - ok
19:16:18.0297 5384  [ 1875C1490D99E70E449E3AFAE9FCBADF ] TDPIPE          C:\Windows\system32\drivers\tdpipe.sys
19:16:18.0343 5384  TDPIPE - ok
19:16:18.0375 5384  [ 7156308896D34EA75A582F9A09E50C17 ] TDTCP           C:\Windows\system32\drivers\tdtcp.sys
19:16:18.0406 5384  TDTCP - ok
19:16:18.0437 5384  [ CB39E896A2A83702D1737BFD402B3542 ] tdx             C:\Windows\system32\DRIVERS\tdx.sys
19:16:18.0531 5384  tdx - ok
19:16:18.0562 5384  [ C36F41EE20E6999DBF4B0425963268A5 ] TermDD          C:\Windows\system32\DRIVERS\termdd.sys
19:16:18.0577 5384  TermDD - ok
19:16:18.0624 5384  [ A01E50A04D7B1960B33E92B9080E6A94 ] TermService     C:\Windows\System32\termsrv.dll
19:16:18.0733 5384  TermService - ok
19:16:18.0749 5384  [ 42FB6AFD6B79D9FE07381609172E7CA4 ] Themes          C:\Windows\system32\themeservice.dll
19:16:18.0796 5384  Themes - ok
19:16:18.0811 5384  [ 146B6F43A673379A3C670E86D89BE5EA ] THREADORDER     C:\Windows\system32\mmcss.dll
19:16:18.0874 5384  THREADORDER - ok
19:16:18.0905 5384  [ 4792C0378DB99A9BC2AE2DE6CFFF0C3A ] TrkWks          C:\Windows\System32\trkwks.dll
19:16:18.0999 5384  TrkWks - ok
19:16:19.0061 5384  [ 41A4C781D2286208D397D72099304133 ] TrustedInstaller C:\Windows\servicing\TrustedInstaller.exe
19:16:19.0092 5384  TrustedInstaller - ok
19:16:19.0139 5384  [ 98AE6FA07D12CB4EC5CF4A9BFA5F4242 ] tssecsrv        C:\Windows\system32\DRIVERS\tssecsrv.sys
19:16:19.0217 5384  tssecsrv - ok
19:16:19.0264 5384  [ 3E461D890A97F9D4C168F5FDA36E1D00 ] tunnel          C:\Windows\system32\DRIVERS\tunnel.sys
19:16:19.0326 5384  tunnel - ok
19:16:19.0357 5384  [ 750FBCB269F4D7DD2E420C56B795DB6D ] uagp35          C:\Windows\system32\DRIVERS\uagp35.sys
19:16:19.0373 5384  uagp35 - ok
19:16:19.0404 5384  [ 09CC3E16F8E5EE7168E01CF8FCBE061A ] udfs            C:\Windows\system32\DRIVERS\udfs.sys
19:16:19.0467 5384  udfs - ok
19:16:19.0513 5384  [ 8344FD4FCE927880AA1AA7681D4927E5 ] UI0Detect       C:\Windows\system32\UI0Detect.exe
19:16:19.0560 5384  UI0Detect - ok
19:16:19.0591 5384  [ 44E8048ACE47BEFBFDC2E9BE4CBC8880 ] uliagpkx        C:\Windows\system32\DRIVERS\uliagpkx.sys
19:16:19.0607 5384  uliagpkx - ok
19:16:19.0654 5384  [ 049B3A50B3D646BAEEEE9EEC9B0668DC ] umbus           C:\Windows\system32\DRIVERS\umbus.sys
19:16:19.0685 5384  umbus - ok
19:16:19.0716 5384  [ 7550AD0C6998BA1CB4843E920EE0FEAC ] UmPass          C:\Windows\system32\DRIVERS\umpass.sys
19:16:19.0747 5384  UmPass - ok
19:16:19.0841 5384  [ AF905F4966CFC8B973623AB150CD4B2B ] UNS             C:\Program Files\Intel\Intel(R) Management Engine Components\UNS\UNS.exe
19:16:19.0966 5384  UNS - ok
19:16:20.0013 5384  [ 833FBB672460EFCE8011D262175FAD33 ] upnphost        C:\Windows\System32\upnphost.dll
19:16:20.0075 5384  upnphost - ok
19:16:20.0122 5384  [ C31AE588E403042632DC796CF09E30B0 ] usbccgp         C:\Windows\system32\drivers\usbccgp.sys
19:16:20.0184 5384  usbccgp - ok
19:16:20.0184 5384  USBCCID - ok
19:16:20.0231 5384  [ 04EC7CEC62EC3B6D9354EEE93327FC82 ] usbcir          C:\Windows\system32\DRIVERS\usbcir.sys
19:16:20.0262 5384  usbcir - ok
19:16:20.0293 5384  [ E4C436D914768CE965D5E659BA7EEBD8 ] usbehci         C:\Windows\system32\drivers\usbehci.sys
19:16:20.0340 5384  usbehci - ok
19:16:20.0387 5384  [ BDCD7156EC37448F08633FD899823620 ] usbhub          C:\Windows\system32\DRIVERS\usbhub.sys
19:16:20.0403 5384  usbhub - ok
19:16:20.0449 5384  [ EB2D819A639015253C871CDA09D91D58 ] usbohci         C:\Windows\system32\drivers\usbohci.sys
19:16:20.0481 5384  usbohci - ok
19:16:20.0527 5384  [ 797D862FE0875E75C7CC4C1AD7B30252 ] usbprint        C:\Windows\system32\DRIVERS\usbprint.sys
19:16:20.0559 5384  usbprint - ok
19:16:20.0605 5384  [ 1C4287739A93594E57E2A9E6A3ED7353 ] USBSTOR         C:\Windows\system32\DRIVERS\USBSTOR.SYS
19:16:20.0668 5384  USBSTOR - ok
19:16:20.0699 5384  [ 22480BF4E5A09192E5E30BA4DDE79FA4 ] usbuhci         C:\Windows\system32\drivers\usbuhci.sys
19:16:20.0730 5384  usbuhci - ok
19:16:20.0808 5384  [ B5F6A992D996282B7FAE7048E50AF83A ] usbvideo        C:\Windows\System32\Drivers\usbvideo.sys
19:16:20.0855 5384  usbvideo - ok
19:16:20.0886 5384  [ 081E6E1C91AEC36758902A9F727CD23C ] UxSms           C:\Windows\System32\uxsms.dll
19:16:20.0949 5384  UxSms - ok
19:16:20.0964 5384  [ C2243FF9E9AAD0C30E8B1A0914DA15B6 ] VaultSvc        C:\Windows\system32\lsass.exe
19:16:20.0995 5384  VaultSvc - ok
19:16:21.0058 5384  [ A059C4C3EDB09E07D21A8E5C0AABD3CB ] vdrvroot        C:\Windows\system32\DRIVERS\vdrvroot.sys
19:16:21.0089 5384  vdrvroot - ok
19:16:21.0120 5384  [ 8C4E7C49D3641BC9E299E466A7F8867D ] vds             C:\Windows\System32\vds.exe
19:16:21.0183 5384  vds - ok
19:16:21.0198 5384  [ 17C408214EA61696CEC9C66E388B14F3 ] vga             C:\Windows\system32\DRIVERS\vgapnp.sys
19:16:21.0245 5384  vga - ok
19:16:21.0261 5384  [ 8E38096AD5C8570A6F1570A61E251561 ] VgaSave         C:\Windows\System32\drivers\vga.sys
19:16:21.0323 5384  VgaSave - ok
19:16:21.0385 5384  [ 3BE6E1F3A4F1AFEC8CEE0D7883F93583 ] vhdmp           C:\Windows\system32\DRIVERS\vhdmp.sys
19:16:21.0417 5384  vhdmp - ok
19:16:21.0432 5384  [ C829317A37B4BEA8F39735D4B076E923 ] viaagp          C:\Windows\system32\DRIVERS\viaagp.sys
19:16:21.0463 5384  viaagp - ok
19:16:21.0479 5384  [ E02F079A6AA107F06B16549C6E5C7B74 ] ViaC7           C:\Windows\system32\DRIVERS\viac7.sys
19:16:21.0526 5384  ViaC7 - ok
19:16:21.0573 5384  [ E43574F6A56A0EE11809B48C09E4FD3C ] viaide          C:\Windows\system32\DRIVERS\viaide.sys
19:16:21.0604 5384  viaide - ok
19:16:21.0635 5384  [ 384E5A2AA49934295171E499F86BA6F3 ] volmgr          C:\Windows\system32\DRIVERS\volmgr.sys
19:16:21.0666 5384  volmgr - ok
19:16:21.0697 5384  [ B5BB72067DDDDBBFB04B2F89FF8C3C87 ] volmgrx         C:\Windows\system32\drivers\volmgrx.sys
19:16:21.0729 5384  volmgrx - ok
19:16:21.0775 5384  [ 58DF9D2481A56EDDE167E51B334D44FD ] volsnap         C:\Windows\system32\DRIVERS\volsnap.sys
19:16:21.0791 5384  volsnap - ok
19:16:21.0853 5384  [ 9DFA0CC2F8855A04816729651175B631 ] vsmraid         C:\Windows\system32\DRIVERS\vsmraid.sys
19:16:21.0869 5384  vsmraid - ok
19:16:21.0994 5384  [ 7EA2BCD94D9CFAF4C556F5CC94532A6C ] VSS             C:\Windows\system32\vssvc.exe
19:16:22.0072 5384  VSS - ok
19:16:22.0119 5384  [ 90567B1E658001E79D7C8BBD3DDE5AA6 ] vwifibus        C:\Windows\system32\DRIVERS\vwifibus.sys
19:16:22.0150 5384  vwifibus - ok
19:16:22.0181 5384  [ 7090D3436EEB4E7DA3373090A23448F7 ] vwififlt        C:\Windows\system32\DRIVERS\vwififlt.sys
19:16:22.0228 5384  vwififlt - ok
19:16:22.0259 5384  [ 55187FD710E27D5095D10A472C8BAF1C ] W32Time         C:\Windows\system32\w32time.dll
19:16:22.0337 5384  W32Time - ok
19:16:22.0384 5384  [ DE3721E89C653AA281428C8A69745D90 ] WacomPen        C:\Windows\system32\DRIVERS\wacompen.sys
19:16:22.0415 5384  WacomPen - ok
19:16:22.0462 5384  [ 692A712062146E96D28BA0B7D75DE31B ] WANARP          C:\Windows\system32\DRIVERS\wanarp.sys
19:16:22.0524 5384  WANARP - ok
19:16:22.0540 5384  [ 692A712062146E96D28BA0B7D75DE31B ] Wanarpv6        C:\Windows\system32\DRIVERS\wanarp.sys
19:16:22.0602 5384  Wanarpv6 - ok
19:16:22.0743 5384  [ 353A04C273EC58475D8633E75CCD5604 ] WatAdminSvc     C:\Windows\system32\Wat\WatAdminSvc.exe
19:16:22.0836 5384  WatAdminSvc - ok
19:16:23.0086 5384  [ 7790B77FE1E5EE47DCC66247095BB4C9 ] wbengine        C:\Windows\system32\wbengine.exe
19:16:23.0164 5384  wbengine - ok
19:16:23.0226 5384  [ 9614B5D29DC76AC3C29F6D2D3AA70E67 ] WbioSrvc        C:\Windows\System32\wbiosrvc.dll
19:16:23.0257 5384  WbioSrvc - ok
19:16:23.0304 5384  [ 6D9B75275C3E3A5F51AEF81AFFADB2B6 ] wcncsvc         C:\Windows\System32\wcncsvc.dll
19:16:23.0335 5384  wcncsvc - ok
19:16:23.0367 5384  [ 5D930B6357A6D2AF4D7653BDABBF352F ] WcsPlugInService C:\Windows\System32\WcsPlugInService.dll
19:16:23.0429 5384  WcsPlugInService - ok
19:16:23.0460 5384  [ 1112A9BADACB47B7C0BB0392E3158DFF ] Wd              C:\Windows\system32\DRIVERS\wd.sys
19:16:23.0491 5384  Wd - ok
19:16:23.0601 5384  [ 9950E3D0F08141C7E89E64456AE7DC73 ] Wdf01000        C:\Windows\system32\drivers\Wdf01000.sys
19:16:23.0647 5384  Wdf01000 - ok
19:16:23.0679 5384  [ 46EF9DC96265FD0B423DB72E7C38C2A5 ] WdiServiceHost  C:\Windows\system32\wdi.dll
19:16:23.0741 5384  WdiServiceHost - ok
19:16:23.0741 5384  [ 46EF9DC96265FD0B423DB72E7C38C2A5 ] WdiSystemHost   C:\Windows\system32\wdi.dll
19:16:23.0772 5384  WdiSystemHost - ok
19:16:23.0866 5384  [ BB5EC38F8D4600119B4720BC5D4211F1 ] WebClient       C:\Windows\System32\webclnt.dll
19:16:23.0928 5384  WebClient - ok
19:16:23.0991 5384  [ 760F0AFE937A77CFF27153206534F275 ] Wecsvc          C:\Windows\system32\wecsvc.dll
19:16:24.0053 5384  Wecsvc - ok
19:16:24.0084 5384  [ AC804569BB2364FB6017370258A4091B ] wercplsupport   C:\Windows\System32\wercplsupport.dll
19:16:24.0162 5384  wercplsupport - ok
19:16:24.0193 5384  [ 08E420D873E4FD85241EE2421B02C4A4 ] WerSvc          C:\Windows\System32\WerSvc.dll
19:16:24.0256 5384  WerSvc - ok
19:16:24.0303 5384  [ 8B9A943F3B53861F2BFAF6C186168F79 ] WfpLwf          C:\Windows\system32\DRIVERS\wfplwf.sys
19:16:24.0349 5384  WfpLwf - ok
19:16:24.0412 5384  [ 5CF95B35E59E2A38023836FFF31BE64C ] WIMMount        C:\Windows\system32\drivers\wimmount.sys
19:16:24.0427 5384  WIMMount - ok
19:16:24.0537 5384  [ 3FAE8F94296001C32EAB62CD7D82E0FD ] WinDefend       C:\Program Files\Windows Defender\mpsvc.dll
19:16:24.0599 5384  WinDefend - ok
19:16:24.0615 5384  WinHttpAutoProxySvc - ok
19:16:24.0724 5384  [ F62E510B6AD4C21EB9FE8668ED251826 ] Winmgmt         C:\Windows\system32\wbem\WMIsvc.dll
19:16:24.0802 5384  Winmgmt - ok
19:16:25.0114 5384  [ C4F5D3901D1B41D602DDC196E0B95B51 ] WinRM           C:\Windows\system32\WsmSvc.dll
19:16:25.0223 5384  WinRM - ok
19:16:25.0285 5384  [ 4C69A8E2E159C1C59BC4B688E9DD7F8C ] WisLMSvc        C:\Program Files\Launch Manager\WisLMSvc.exe
19:16:25.0301 5384  WisLMSvc - ok
19:16:25.0348 5384  [ 16935C98FF639D185086A3529B1F2067 ] Wlansvc         C:\Windows\System32\wlansvc.dll
19:16:25.0457 5384  Wlansvc - ok
19:16:25.0488 5384  [ 0217679B8FCA58714C3BF2726D2CA84E ] WmiAcpi         C:\Windows\system32\DRIVERS\wmiacpi.sys
19:16:25.0519 5384  WmiAcpi - ok
19:16:25.0551 5384  [ 6EB6B66517B048D87DC1856DDF1F4C3F ] wmiApSrv        C:\Windows\system32\wbem\WmiApSrv.exe
19:16:25.0597 5384  wmiApSrv - ok
19:16:25.0675 5384  [ 77FBD400984CF72BA0FC4B3489D65F74 ] WMPNetworkSvc   C:\Program Files\Windows Media Player\wmpnetwk.exe
19:16:25.0785 5384  WMPNetworkSvc - ok
19:16:25.0831 5384  [ A2F0EC770A92F2B3F9DE6D518E11409C ] WPCSvc          C:\Windows\System32\wpcsvc.dll
19:16:25.0878 5384  WPCSvc - ok
19:16:25.0909 5384  [ B7F658A2EBC07129538AD9AB35212637 ] WPDBusEnum      C:\Windows\system32\wpdbusenum.dll
19:16:25.0941 5384  WPDBusEnum - ok
19:16:25.0987 5384  [ 6DB3276587B853BF886B69528FDB048C ] ws2ifsl         C:\Windows\system32\drivers\ws2ifsl.sys
19:16:26.0081 5384  ws2ifsl - ok
19:16:26.0112 5384  [ A661A76333057B383A06E65F0073222F ] wscsvc          C:\Windows\System32\wscsvc.dll
19:16:26.0159 5384  wscsvc - ok
19:16:26.0175 5384  WSearch - ok
19:16:26.0268 5384  [ 534C2D3D81B066FA24A075C224045654 ] WTGService      C:\Program Files\Verbindungsassistent\wtgservice.exe
19:16:26.0299 5384  WTGService - ok
19:16:26.0487 5384  [ FC3EC24FCE372C89423E015A2AC1A31E ] wuauserv        C:\Windows\system32\wuaueng.dll
19:16:26.0643 5384  wuauserv - ok
19:16:26.0674 5384  [ 6F9B6C0C93232CFF47D0F72D6DB1D21E ] WudfPf          C:\Windows\system32\drivers\WudfPf.sys
19:16:26.0752 5384  WudfPf - ok
19:16:26.0814 5384  [ F91FF1E51FCA30B3C3981DB7D5924252 ] WUDFRd          C:\Windows\system32\DRIVERS\WUDFRd.sys
19:16:26.0877 5384  WUDFRd - ok
19:16:26.0908 5384  [ DDEE3682FE97037C45F4D7AB467CB8B6 ] wudfsvc         C:\Windows\System32\WUDFSvc.dll
19:16:26.0986 5384  wudfsvc - ok
19:16:27.0017 5384  [ FF2D745B560F7C71B31F30F4D49F73D2 ] WwanSvc         C:\Windows\System32\wwansvc.dll
19:16:27.0064 5384  WwanSvc - ok
19:16:27.0095 5384  ================ Scan global ===============================
19:16:27.0126 5384  [ 9A595DF601070DA78C40481120DD2C06 ] C:\Windows\system32\basesrv.dll
19:16:27.0157 5384  [ 008F51AE989C3DF1CBAF8B39DC423CCC ] C:\Windows\system32\winsrv.dll
19:16:27.0204 5384  [ 008F51AE989C3DF1CBAF8B39DC423CCC ] C:\Windows\system32\winsrv.dll
19:16:27.0251 5384  [ 364455805E64882844EE9ACB72522830 ] C:\Windows\system32\sxssrv.dll
19:16:27.0298 5384  [ 5F1B6A9C35D3D5CA72D6D6FDEF9747D6 ] C:\Windows\system32\services.exe
19:16:27.0298 5384  [Global] - ok
19:16:27.0298 5384  ================ Scan MBR ==================================
19:16:27.0313 5384  [ 8A1C59E4DFEF87510470928550466632 ] \Device\Harddisk0\DR0
19:16:32.0087 5384  \Device\Harddisk0\DR0 - ok
19:16:32.0087 5384  ================ Scan VBR ==================================
19:16:32.0118 5384  [ DC9C2DF7D01B8BEAAB1FBB48A98AA20B ] \Device\Harddisk0\DR0\Partition1
19:16:32.0118 5384  \Device\Harddisk0\DR0\Partition1 - ok
19:16:32.0134 5384  [ B2A9444BFCA9CD68226A2D040A2811ED ] \Device\Harddisk0\DR0\Partition2
19:16:32.0149 5384  \Device\Harddisk0\DR0\Partition2 - ok
19:16:32.0181 5384  [ E58753FD3CDC39CCD7A6F6B10324191C ] \Device\Harddisk0\DR0\Partition3
19:16:32.0181 5384  \Device\Harddisk0\DR0\Partition3 - ok
19:16:32.0181 5384  ============================================================
19:16:32.0181 5384  Scan finished
19:16:32.0181 5384  ============================================================
19:16:32.0196 5376  Detected object count: 3
19:16:32.0196 5376  Actual detected object count: 3
19:16:49.0653 5376  cdrbsdrv ( UnsignedFile.Multi.Generic ) - skipped by user
19:16:49.0653 5376  cdrbsdrv ( UnsignedFile.Multi.Generic ) - User select action: Skip 
19:16:49.0653 5376  FirebirdServerMAGIXInstance ( UnsignedFile.Multi.Generic ) - skipped by user
19:16:49.0653 5376  FirebirdServerMAGIXInstance ( UnsignedFile.Multi.Generic ) - User select action: Skip 
19:16:49.0653 5376  IDriverT ( UnsignedFile.Multi.Generic ) - skipped by user
19:16:49.0653 5376  IDriverT ( UnsignedFile.Multi.Generic ) - User select action: Skip

cosinus · 02.10.2012, 13:29

Dann bitte jetzt CF ausführen:

ComboFix

Ein Leitfaden und Tutorium zur Nutzung von ComboFix

Lade dir ComboFix hier herunter auf deinen Desktop.

Schliesse alle Programme, vor allem dein Antivirenprogramm und andere Hintergrundwächter sowie deinen Internetbrowser.

Starte combofix.exe von deinem Desktop aus, bestätige die Warnmeldungen, führe die Updates durch (falls vorgeschlagen), installiere die Wiederherstellungskonsole (falls vorgeschlagen) und lass dein System durchsuchen.
Vermeide es auch während Combofix läuft die Maus und Tastatur zu benutzen.

Im Anschluss öffnet sich automatisch eine combofix.txt, diesen Inhalt bitte kopieren ([Strg]a, [Strg]c) und in deinen Beitrag einfügen ([Strg]v). Die Datei findest du außerdem unter: C:\ComboFix.txt.

Wichtiger Hinweis:

Combofix darf ausschließlich ausgeführt werden, wenn ein Kompetenzler dies ausdrücklich empfohlen hat!

Es sollte nie auf eigene Initiative hin ausgeführt werden! Eine falsche Benutzung kann ernsthafte Computerprobleme nach sich ziehen und eine Bereinigung der Infektion noch erschweren.

Solltest du nach der Ausführung von Combofix Probleme beim Starten von Anwendungen haben und Meldungen erhalten wie

Zitat:

Es wurde versucht, einen Registrierungsschlüssel einem ungültigen Vorgang zu unterziehen, der zum Löschen markiert wurde.

startest du Windows dann manuell neu und die Fehlermeldungen sollten nicht mehr auftauchen.

erebor · 02.10.2012, 22:04

Hey, hier das Ergebnis des ComboFix-Scans/Bereinigung.
[Code]
Combofix Logfile:

Code:

ATTFilter

ComboFix 12-10-02.02 - Tini 02.10.2012  22:52:10.1.4 - x86
Microsoft Windows 7 Home Premium   6.1.7600.0.1252.49.1031.18.3255.2196 [GMT 2:00]
ausgeführt von:: c:\users\Tini\Desktop\ComboFix.exe
AV: Avira Desktop *Disabled/Outdated* {F67B4DE5-C0B4-6C3F-0EFF-6C83BD5D0C2C}
SP: Avira Desktop *Disabled/Outdated* {4D1AAC01-E68E-63B1-344F-57F1C6DA4691}
SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
 * Neuer Wiederherstellungspunkt wurde erstellt
.
.
((((((((((((((((((((((((((((((((((((   Weitere Löschungen   ))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\documents and settings\All Users\Application Data\0tbpw.pad
c:\users\Tini\AppData\Roaming\.#
c:\users\Tini\AppData\Roaming\.#\MBX@1560@16D2740.###
c:\users\Tini\AppData\Roaming\.#\MBX@1560@16D2770.###
c:\users\Tini\AppData\Roaming\.#\MBX@814@242740.###
c:\users\Tini\AppData\Roaming\.#\MBX@814@242770.###
.
.
(((((((((((((((((((((((   Dateien erstellt von 2012-09-02 bis 2012-10-02  ))))))))))))))))))))))))))))))
.
.
2012-10-02 21:00 . 2012-10-02 21:00	--------	d-----w-	c:\users\Tini\AppData\Local\temp
2012-10-02 21:00 . 2012-10-02 21:00	--------	d-----w-	c:\users\Default\AppData\Local\temp
2012-09-29 08:03 . 2012-09-29 08:03	--------	d-----w-	C:\_OTL
2012-09-28 15:58 . 2012-09-28 15:58	--------	d-----w-	c:\program files\ESET
2012-09-28 15:51 . 2012-09-28 15:54	--------	d---a-w-	C:\Kaspersky Rescue Disk 10.0
2012-09-28 15:06 . 2012-09-28 15:06	--------	d-----w-	c:\users\Tini\AppData\Roaming\Malwarebytes
2012-09-28 15:06 . 2012-09-28 15:06	--------	d-----w-	c:\program files\Malwarebytes' Anti-Malware
2012-09-28 15:06 . 2012-09-07 15:04	22856	----a-w-	c:\windows\system32\drivers\mbam.sys
2012-09-12 15:19 . 2012-08-02 17:05	490496	----a-w-	c:\windows\system32\d3d10level9.dll
.
.
.
((((((((((((((((((((((((((((((((((((   Find3M Bericht   ))))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2012-08-05 16:22 . 2010-08-05 09:39	634235	----a-w-	c:\users\Tini\AppData\Roaming\mdbu.bin
2012-07-18 17:10 . 2012-08-15 15:37	2344448	----a-w-	c:\windows\system32\win32k.sys
2012-07-04 21:23 . 2012-08-15 15:37	41472	----a-w-	c:\windows\system32\browcli.dll
2012-07-04 21:23 . 2012-08-15 15:37	102912	----a-w-	c:\windows\system32\browser.dll
2012-09-12 15:23 . 2012-09-12 15:23	266720	----a-w-	c:\program files\mozilla firefox\components\browsercomps.dll
.
.
((((((((((((((((((((((((((((   Autostartpunkte der Registrierung   ))))))))))))))))))))))))))))))))))))))))
.
.
*Hinweis* leere Einträge & legitime Standardeinträge werden nicht angezeigt. 
REGEDIT4
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"HotkeyApp"="c:\program files\Launch Manager\HotkeyApp.exe" [2009-12-14 200704]
"LMgrVolOSD"="c:\program files\Launch Manager\OSD.exe" [2009-12-11 348960]
"Wbutton"="c:\program files\Launch Manager\Wbutton.exe" [2010-01-13 413696]
"SynTPEnh"="c:\program files\Synaptics\SynTP\SynTPEnh.exe" [2009-12-10 1594664]
"PDVD9LanguageShortcut"="c:\program files\CyberLink\PowerDVD9\Language\Language.exe" [2009-04-27 50472]
"UCam_Menu"="c:\program files\CyberLink\YouCam\MUITransfer\MUIStartMenu.exe" [2009-05-19 222504]
"RtHDVCpl"="c:\program files\Realtek\Audio\HDA\RtHDVCpl.exe" [2010-01-12 8423968]
"RtHDVBg"="c:\program files\Realtek\Audio\HDA\RtHDVBg.exe" [2010-01-12 678432]
"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2010-01-14 14817896]
"IgfxTray"="c:\windows\system32\igfxtray.exe" [2010-08-25 136216]
"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2010-08-25 171032]
"Persistence"="c:\windows\system32\igfxpers.exe" [2010-08-25 170520]
"avgnt"="c:\program files\Avira\AntiVir Desktop\avgnt.exe" [2012-08-09 348664]
.
c:\users\Tini\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
OpenOffice.org 3.2.lnk - c:\program files\OpenOffice.org 3\program\quickstart.exe [2009-12-15 384000]
.
c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
McAfee Security Scan Plus.lnk - c:\program files\McAfee Security Scan\2.0.181\SSScheduler.exe [2010-1-15 255536]
Microsoft Office.lnk - c:\program files\Microsoft Office\Office\OSA9.EXE [1999-4-30 65588]
PHOTOfunSTUDIO HD Edition.lnk - c:\program files\Panasonic\PHOTOfunSTUDIO\PhAutoRun.exe [2010-9-5 44176]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 5 (0x5)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableUIADesktopToggle"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows]
"AppInit_DLLs"=c:\windows\System32\nvinit.dll
.
R3 Andbus;LGE Android Platform Composite USB Device;c:\windows\system32\DRIVERS\lgandbus.sys [x]
R3 AndDiag;LGE Android Platform USB Serial Port;c:\windows\system32\DRIVERS\lganddiag.sys [x]
R3 AndGps;LGE Android Platform USB GPS NMEA Port;c:\windows\system32\DRIVERS\lgandgps.sys [x]
R3 ANDModem;LGE Android Platform USB Modem;c:\windows\system32\DRIVERS\lgandmodem.sys [x]
R3 FirebirdServerMAGIXInstance;Firebird Server - MAGIX Instance;c:\program files\Common Files\MAGIX Services\Database\bin\fbserver.exe [x]
R3 McComponentHostService;McAfee Security Scan Component Host Service;c:\program files\McAfee Security Scan\2.0.181\McCHSvc.exe [x]
R3 MozillaMaintenance;Mozilla Maintenance Service;c:\program files\Mozilla Maintenance Service\maintenanceservice.exe [x]
R3 RSUSBSTOR;RtsUStor.Sys Realtek USB Card Reader;c:\windows\System32\Drivers\RtsUStor.sys [x]
R3 RtsUIR;Realtek IR Driver;c:\windows\system32\DRIVERS\Rts516xIR.sys [x]
R3 WatAdminSvc;Windows-Aktivierungstechnologieservice;c:\windows\system32\Wat\WatAdminSvc.exe [x]
S1 avkmgr;avkmgr;c:\windows\system32\DRIVERS\avkmgr.sys [x]
S1 vwififlt;Virtual WiFi Filter Driver;c:\windows\system32\DRIVERS\vwififlt.sys [x]
S2 AntiVirSchedulerService;Avira Planer;c:\program files\Avira\AntiVir Desktop\sched.exe [x]
S2 Fabs;FABS - Helping agent for MAGIX media database;c:\program files\Common Files\MAGIX Services\Database\bin\FABS.exe [x]
S2 IAStorDataMgrSvc;Intel(R) Rapid Storage Technology;c:\program files\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe [x]
S2 UNS;Intel(R) Management & Security Application User Notification Service;c:\program files\Intel\Intel(R) Management Engine Components\UNS\UNS.exe [x]
S2 WTGService;WTGService;c:\program files\Verbindungsassistent\wtgservice.exe [x]
S3 Impcd;Impcd;c:\windows\system32\DRIVERS\Impcd.sys [x]
S3 IntcDAud;Intel(R) Display-Audio;c:\windows\system32\DRIVERS\IntcDAud.sys [x]
S3 L1C;NDIS Miniport Driver for Atheros AR813x/AR815x PCI-E Ethernet Controller;c:\windows\system32\DRIVERS\L1C62x86.sys [x]
S3 rtl8192se;Realtek Wireless LAN 802.11n PCI-E NIC NT Driver;c:\windows\system32\DRIVERS\rtl8192se.sys [x]
S3 WisLMSvc;WisLMSvc;c:\program files\Launch Manager\WisLMSvc.exe [x]
.
.
--- Andere Dienste/Treiber im Speicher ---
.
*NewlyCreated* - 37644981
*Deregistered* - 37644981
.
Inhalt des "geplante Tasks" Ordners
.
2012-10-02 c:\windows\Tasks\AppleSoftwareUpdate.job
- c:\program files\Apple Software Update\SoftwareUpdate.exe [2006-08-29 13:21]
.
.
------- Zusätzlicher Suchlauf -------
.
uStart Page = hxxp://www.freemail.de/
uDefault_Search_URL = hxxp://www.google.com/ie
uSearchAssistant = hxxp://www.google.com/ie
uSearchURL,(Default) = hxxp://www.google.com/search?q=%s
IE: Add to Google Photos Screensa&ver - c:\windows\system32\GPhotos.scr/200
IE: Nach Microsoft E&xel exportieren - c:\progra~1\MICROS~3\Office12\EXCEL.EXE/3000
IE: {{0B65DCC9-1740-43dc-B19C-4F309FB6A6CA} - hxxp://rover.ebay.com/rover/1/707-37276-17534-31/4
TCP: DhcpNameServer = 192.168.178.1
FF - ProfilePath - c:\users\Tini\AppData\Roaming\Mozilla\Firefox\Profiles\9setddhg.default\
.
- - - - Entfernte verwaiste Registrierungseinträge - - - -
.
HKLM-Run-LMgrOSD - c:\program files\Launch Manager\OSDCtrl.exe
AddRemove-_{ADDBE07D-95B8-4789-9C76-187FFF9624B4} - c:\program files\Corel\CorelDRAW Essential Edition 3\Programs\MSILauncher {ADDBE07D-95B8-4789-9C76-187FFF9624B4}
AddRemove-{E63E34A7-E552-412B-9E40-FD6FC5227ABA}_is1 - c:\program files\Uniblue\RegistryBooster\unins000.exe
.
.
.
--------------------- Gesperrte Registrierungsschluessel ---------------------
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0001\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0002\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0003\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0004\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0005\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
Zeit der Fertigstellung: 2012-10-02  23:03:03
ComboFix-quarantined-files.txt  2012-10-02 21:03
.
Vor Suchlauf: 9 Verzeichnis(se), 327.166.582.784 Bytes frei
Nach Suchlauf: 12 Verzeichnis(se), 327.242.371.072 Bytes frei
.
- - End Of File - - 876845BAD5C2331A15D84344EBBEDA8D

--- --- ---

cosinus · 03.10.2012, 18:07

Bitte nun Logs mit GMER und OSAM erstellen und posten.
GMER stürzt häufiger ab, wenn das Tool auch beim 2. Mal nicht will, lass es einfach weg und führ nur OSAM aus - die Online-Abfrage durch OSAM bitte überspringen.
Bei OSAM bitte darauf auch achten, dass Du das Log auch als *.log und nicht *.html oder so abspeicherst.

Hinweis: Zum Entpacken von OSAM bitte WinRAR oder 7zip verwenden! Stell auch unbedingt den Virenscanner ab, besonders der Scanner von McAfee meldet oft einen Fehalarm in OSAM!

Downloade dir bitte

aswMBR.exe und speichere die Datei auf deinem Desktop.

Starte die aswMBR.exe - (aswMBR.exe Anleitung)
Ab Windows Vista (oder höher) bitte mit Rechtsklick "als Administrator ausführen" starten".
Das Tool wird dich fragen, ob Du mit der aktuellen Virendefinition von AVAST! dein System scannen willst. Beantworte diese Frage bitte mit Ja. (Sollte deine Firewall fragen, bitte den Zugriff auf das Internet zulassen )
Der Download der Definitionen kann je nach Verbindung eine Weile dauern.
Klicke auf Scan.
Warte bitte bis Scan finished successfully im DOS-Fenster steht.
Drücke auf Save Log und speichere diese auf dem Desktop.

Poste mir die aswMBR.txt in deiner nächsten Antwort.

Wichtig: Drücke keinesfalls einen der Fix Buttons ohne Anweisung

Hinweis: Sollte der Scan Button ausgeblendet sein, schließe das Tool und starte es erneut. Sollte der Scan abbrechen und das Programm abstürzen, dann teile mir das mit und wähle unter AV Scan die Einstellung (none).

Noch ein Hinweis: Sollte aswMBR abstürzen und es kommt eine Meldung wie "aswMBR.exe funktioniert nicht mehr, dann mach Folgendes:
Starte aswMBR neu, wähle unten links im Drop-Down-Menü (unten links im Fenster von aswMBR) bei "AV scan" (none) aus und klick nochmal auf den Scan-Button.

erebor · 03.10.2012, 20:14

Hier schonmal der gmer-Scan. Osam schmeiße ich jetzt an.
GMER Logfile:

Code:

ATTFilter

GMER 1.0.15.15641 - hxxp://www.gmer.net
Rootkit scan 2012-10-03 21:13:00
Windows 6.1.7600  Harddisk0\DR0 -> \Device\Ide\IAAStorageDevice-1 WDC_WD50 rev.01.0
Running: 9zq8839x.exe; Driver: C:\Users\Tini\AppData\Local\Temp\pwldipod.sys


---- System - GMER 1.0.15 ----

SSDT            91C88D36                                                                                                                       ZwCreateSection
SSDT            91C88D40                                                                                                                       ZwRequestWaitReplyPort
SSDT            91C88D3B                                                                                                                       ZwSetContextThread
SSDT            91C88D45                                                                                                                       ZwSetSecurityObject
SSDT            91C88D4A                                                                                                                       ZwSystemDebugControl
SSDT            91C88CD7                                                                                                                       ZwTerminateProcess

---- Kernel code sections - GMER 1.0.15 ----

.text           ntkrnlpa.exe!ZwRollbackTransaction + 13E9                                                                                      8325D599 1 Byte  [06]
.text           ntkrnlpa.exe!KiDispatchInterrupt + 5A2                                                                                         83282092 19 Bytes  [E0, 0F, BA, F0, 07, 73, 09, ...] {LOOPNZ 0x11; MOV EDX, 0x97307f0; MOV CR4, EAX; OR AL, 0x80; MOV CR4, EAX; RET ; MOV ECX, CR3}
.text           ntkrnlpa.exe!RtlSidHashLookup + 340                                                                                            83289990 4 Bytes  [36, 8D, C8, 91]
.text           ntkrnlpa.exe!RtlSidHashLookup + 69C                                                                                            83289CEC 4 Bytes  [40, 8D, C8, 91]
.text           ntkrnlpa.exe!RtlSidHashLookup + 6E0                                                                                            83289D30 4 Bytes  [3B, 8D, C8, 91]
.text           ntkrnlpa.exe!RtlSidHashLookup + 75C                                                                                            83289DAC 4 Bytes  [45, 8D, C8, 91]
.text           ntkrnlpa.exe!RtlSidHashLookup + 7B0                                                                                            83289E00 4 Bytes  [4A, 8D, C8, 91]
.text           ...                                                                                                                            
PAGE            spsys.sys!?SPRevision@@3PADA + 4F90                                                                                            AE86F000 290 Bytes  [8B, FF, 55, 8B, EC, 33, C0, ...]
PAGE            spsys.sys!?SPRevision@@3PADA + 50B3                                                                                            AE86F123 629 Bytes  [A5, 86, AE, FE, 05, 34, A5, ...]
PAGE            spsys.sys!?SPRevision@@3PADA + 5329                                                                                            AE86F399 101 Bytes  [6A, 28, 59, A5, 5E, C6, 03, ...]
PAGE            spsys.sys!?SPRevision@@3PADA + 538F                                                                                            AE86F3FF 148 Bytes  [18, 5D, C2, 14, 00, 8B, FF, ...]
PAGE            spsys.sys!?SPRevision@@3PADA + 543B                                                                                            AE86F4AB 2228 Bytes  [8B, FF, 55, 8B, EC, FF, 75, ...]
PAGE            ...                                                                                                                            

---- Devices - GMER 1.0.15 ----

AttachedDevice  \Driver\kbdclass \Device\KeyboardClass0                                                                                        Wdf01000.sys (Kernelmodustreiber-Frameworklaufzeit/Microsoft Corporation)
AttachedDevice  \Driver\kbdclass \Device\KeyboardClass1                                                                                        Wdf01000.sys (Kernelmodustreiber-Frameworklaufzeit/Microsoft Corporation)

Device          \Driver\ACPI_HAL \Device\00000046                                                                                              halmacpi.dll (Hardware Abstraction Layer DLL/Microsoft Corporation)

AttachedDevice  \Driver\volmgr \Device\HarddiskVolume1                                                                                         fvevol.sys (BitLocker Drive Encryption Driver/Microsoft Corporation)
AttachedDevice  \Driver\volmgr \Device\HarddiskVolume1                                                                                         rdyboost.sys (ReadyBoost Driver/Microsoft Corporation)
AttachedDevice  \Driver\volmgr \Device\HarddiskVolume2                                                                                         fvevol.sys (BitLocker Drive Encryption Driver/Microsoft Corporation)
AttachedDevice  \Driver\volmgr \Device\HarddiskVolume2                                                                                         rdyboost.sys (ReadyBoost Driver/Microsoft Corporation)
AttachedDevice  \Driver\volmgr \Device\HarddiskVolume3                                                                                         fvevol.sys (BitLocker Drive Encryption Driver/Microsoft Corporation)
AttachedDevice  \Driver\volmgr \Device\HarddiskVolume3                                                                                         rdyboost.sys (ReadyBoost Driver/Microsoft Corporation)
AttachedDevice  \Driver\volmgr \Device\HarddiskVolume4                                                                                         fvevol.sys (BitLocker Drive Encryption Driver/Microsoft Corporation)
AttachedDevice  \Driver\volmgr \Device\HarddiskVolume4                                                                                         rdyboost.sys (ReadyBoost Driver/Microsoft Corporation)

---- Registry - GMER 1.0.15 ----

Reg             HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{87FCD95C-6954-4FEA-88FF-F52FC96ED8A9}              
Reg             HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{87FCD95C-6954-4FEA-88FF-F52FC96ED8A9}              
Reg             HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{87FCD95C-6954-4FEA-88FF-F52FC96ED8A9}@Path         \Microsoft\Windows Defender\MP Scheduled Scan
Reg             HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{87FCD95C-6954-4FEA-88FF-F52FC96ED8A9}@Hash         0x41 0x98 0x3C 0x15 ...
Reg             HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{87FCD95C-6954-4FEA-88FF-F52FC96ED8A9}@Triggers     0x15 0x00 0x00 0x00 ...
Reg             HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{87FCD95C-6954-4FEA-88FF-F52FC96ED8A9}@DynamicInfo  0x03 0x00 0x00 0x00 ...
Reg             HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Microsoft\Windows Defender\MP Scheduled Scan@Id      {87FCD95C-6954-4FEA-88FF-F52FC96ED8A9}

---- EOF - GMER 1.0.15 ----

--- --- ---

Hier der Osam-Log.

OSAM Logfile:

Code:

ATTFilter

Report of OSAM: Autorun Manager v5.0.11926.0
hxxp://www.online-solutions.ru/en/
Saved at 21:19:48 on 03.10.2012

OS: Windows 7 Home Premium Edition (Build 7600), 32-bit
Default Browser: Microsoft Corporation Internet Explorer 8.00.7600.16385

Scanner Settings
[x] Rootkits detection (hidden registry)
[x] Rootkits detection (hidden files)
[x] Retrieve files information
[x] Check Microsoft signatures

Filters
[ ] Trusted entries
[ ] Empty entries
[x] Hidden registry entries (rootkit activity)
[x] Exclusively opened files
[x] Not found files
[x] Files without detailed information
[x] Existing files
[ ] Non-startable services
[ ] Non-startable drivers
[x] Active entries
[x] Disabled entries


[Common]
-----( %SystemRoot%\Tasks )-----
"AppleSoftwareUpdate.job" - "Apple Computer, Inc." - C:\Program Files\Apple Software Update\SoftwareUpdate.exe

[Control Panel Objects]
-----( %SystemRoot%\system32 )-----
"FlashPlayerCPLApp.cpl" - "Adobe Systems Incorporated" - C:\Windows\system32\FlashPlayerCPLApp.cpl
"ISUSPM.cpl" - "Macrovision Corporation" - C:\Windows\system32\ISUSPM.cpl
"nvcpl.cpl" - "NVIDIA Corporation" - C:\Windows\system32\nvcpl.cpl
"QTW32.CPL" - "Apple Computer, Inc." - C:\Windows\system32\QTW32.CPL

[Drivers]
-----( HKLM\SYSTEM\CurrentControlSet\Services )-----
"avgntflt" (avgntflt) - "Avira GmbH" - C:\Windows\System32\DRIVERS\avgntflt.sys
"avipbb" (avipbb) - "Avira GmbH" - C:\Windows\System32\DRIVERS\avipbb.sys
"avkmgr" (avkmgr) - "Avira GmbH" - C:\Windows\System32\DRIVERS\avkmgr.sys
"catchme" (catchme) - ? - C:\Users\Tini\AppData\Local\Temp\catchme.sys  (File not found)
"cdrbsdrv" (cdrbsdrv) - "B.H.A Corporation" - C:\Windows\system32\drivers\cdrbsdrv.sys
"pwldipod" (pwldipod) - ? - C:\Users\Tini\AppData\Local\Temp\pwldipod.sys  (Hidden registry entry, rootkit activity | File not found)
"Realtek IR Driver" (RtsUIR) - ? - C:\Windows\System32\DRIVERS\Rts516xIR.sys  (File not found)
"Realtek Smartcard Reader Driver" (USBCCID) - ? - C:\Windows\System32\DRIVERS\RtsUCcid.sys  (File not found)
"ssmdrv" (ssmdrv) - "Avira GmbH" - C:\Windows\System32\DRIVERS\ssmdrv.sys

[Explorer]
-----( HKCU\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved )-----
{BDEADF00-C265-11d0-BCED-00A0C90AB50F} "Webordner" - "Microsoft Corporation" - C:\PROGRA~1\COMMON~1\MICROS~1\WEBFOL~1\MSONSEXT.DLL
-----( HKLM\Software\Classes\Folder\shellex\ColumnHandlers )-----
{F9DB5320-233E-11D1-9F84-707F02C10627} "PDF Shell Extension" - "Adobe Systems, Inc." - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\PDFShell.dll
{C52AF81D-F7A0-4AAB-8E87-F80A60CCD396} "{C52AF81D-F7A0-4AAB-8E87-F80A60CCD396}" - ? - C:\Program Files\OpenOffice.org 3\Basis\program\shlxthdl\shlxthdl.dll
-----( HKLM\Software\Classes\Protocols\Handler )-----
{828030A1-22C1-4009-854F-8E305202313F} "livecall" - "Microsoft Corporation" - C:\PROGRA~1\WIC4A1~1\MESSEN~1\MSGRAP~1.DLL
{0A9007C0-4076-11D3-8789-0000F8105754} "Microsoft Infotech Storage Protocol for IE 4.0" - "Microsoft Corporation" - C:\Program Files\Common Files\Microsoft Shared\Information Retrieval\msitss.dll
{828030A1-22C1-4009-854F-8E305202313F} "msnim" - "Microsoft Corporation" - C:\PROGRA~1\WIC4A1~1\MESSEN~1\MSGRAP~1.DLL
{03C514A3-1EFB-4856-9F99-10D7BE1653C0} "Windows Live Mail HTML Asynchronous Pluggable Protocol Handler" - "Microsoft Corporation" - C:\Program Files\Windows Live\Mail\mailcomm.dll
-----( HKLM\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved )-----
{23170F69-40C1-278A-1000-000100020000} "7-Zip Shell Extension" - "Igor Pavlov" - C:\Program Files\7-Zip\7-zip.dll
{0563DB41-F538-4B37-A92D-4659049B7766} "CLSID_WLMCMimeFilter" - "Microsoft Corporation" - C:\Program Files\Windows Live\Mail\mailcomm.dll
{A70C977A-BF00-412C-90B7-034C51DA2439} "DesktopContext Class" - "NVIDIA Corporation" - C:\Windows\system32\nvcpl.dll
{993BE281-6695-4BA5-8A2A-7AACBFAAB69E} "Microsoft Office Metadata Handler" - "Microsoft Corporation" - C:\PROGRA~1\COMMON~1\MICROS~1\OFFICE12\msoshext.dll
{C41662BB-1FA0-4CE0-8DC5-9B7F8279FF97} "Microsoft Office Thumbnail Handler" - "Microsoft Corporation" - C:\PROGRA~1\COMMON~1\MICROS~1\OFFICE12\msoshext.dll
{A929C4CE-FD36-4270-B4F5-34ECAC5BD63C} "NvAppShExt Class" - "NVIDIA Corporation" - C:\Windows\system32\Nv3DAppShExt.dll
{3D1975AF-48C6-4f8e-A182-BE0E08FA86A9} "NVIDIA CPL Context Menu Extension" - "NVIDIA Corporation" - C:\Windows\system32\nvshext.dll
{FFB699E0-306A-11d3-8BD1-00104B6F7516} "NVIDIA CPL Extension" - "NVIDIA Corporation" - C:\Windows\system32\nvcpl.dll
{C52AF81D-F7A0-4AAB-8E87-F80A60CCD396} "OpenOffice.org Column Handler" - ? - C:\Program Files\OpenOffice.org 3\Basis\program\shlxthdl\shlxthdl.dll
{087B3AE3-E237-4467-B8DB-5A38AB959AC9} "OpenOffice.org Infotip Handler" - ? - C:\Program Files\OpenOffice.org 3\Basis\program\shlxthdl\shlxthdl.dll
{63542C48-9552-494A-84F7-73AA6A7C99C1} "OpenOffice.org Property Sheet Handler" - ? - C:\Program Files\OpenOffice.org 3\Basis\program\shlxthdl\shlxthdl.dll
{3B092F0C-7696-40E3-A80F-68D74DA84210} "OpenOffice.org Thumbnail Viewer" - ? - C:\Program Files\OpenOffice.org 3\Basis\program\shlxthdl\shlxthdl.dll
{0006F045-0000-0000-C000-000000000046} "Outlook-Dateisymbolerweiterung" - "Microsoft Corporation" - C:\PROGRA~1\MICROS~3\Office\OLKFSTUB.DLL
{45AC2688-0253-4ED8-97DE-B5370FA7D48A} "Shell Extension for Malware scanning" - "Avira Operations GmbH & Co. KG" - C:\Program Files\Avira\AntiVir Desktop\shlext.dll
{2BE99FD4-A181-4996-BFA9-58C5FFD11F6C} "Windows Live Photo Gallery Autoplay Drop Target" - "Microsoft Corporation" - C:\Program Files\Windows Live\Photo Gallery\WLXPhotoGallery.exe
{00F30F64-AC33-42F5-8FD1-5DC2D3FDE06C} "Windows Live Photo Gallery Editor Drop Target" - "Microsoft Corporation" - C:\Program Files\Windows Live\Photo Gallery\WLXPhotoGallery.exe
{00F3712A-CA79-45B4-9E4D-D7891E7F8B9D} "Windows Live Photo Gallery Editor Shim" - "Microsoft Corporation" - C:\Program Files\Windows Live\Photo Gallery\PhotoViewerShim.dll
{00F30F90-3E96-453B-AFCD-D71989ECC2C7} "Windows Live Photo Gallery Viewer Autoplay Shim" - "Microsoft Corporation" - C:\Program Files\Windows Live\Photo Gallery\PhotoViewerShim.dll
{00F33137-EE26-412F-8D71-F84E4C2C6625} "Windows Live Photo Gallery Viewer Autoplay Shim" - "Microsoft Corporation" - C:\Program Files\Windows Live\Photo Gallery\PhotoViewerShim.dll
{00F374B7-B390-4884-B372-2FC349F2172B} "Windows Live Photo Gallery Viewer Drop Target" - "Microsoft Corporation" - C:\Program Files\Windows Live\Photo Gallery\WLXPhotoGallery.exe
{00F346CB-35A4-465B-8B8F-65A29DBAB1F6} "Windows Live Photo Gallery Viewer Shim" - "Microsoft Corporation" - C:\Program Files\Windows Live\Photo Gallery\PhotoViewerShim.dll
{06A2568A-CED6-4187-BB20-400B8C02BE5A} "{06A2568A-CED6-4187-BB20-400B8C02BE5A}" - "Microsoft Corporation" - C:\Program Files\Windows Live\Photo Gallery\WLXPhotoAcquireWizard.exe

[Internet Explorer]
-----( HKCU\SOFTWARE\Microsoft\Internet Explorer\Extensions )-----
"eBay - Der weltweite Online-Marktplatz" - ? - hxxp://rover.ebay.com/rover/1/707-37276-17534-31/4  (HTTP value)
-----( HKCU\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser )-----
<binary data> "&Windows Live Toolbar" - "Microsoft Corporation" - C:\Program Files\Windows Live\Toolbar\wltcore.dll
ITBar7Height "ITBar7Height" - ? -   (File not found | COM-object registry key not found)
<binary data> "ITBar7Layout" - ? -   (File not found | COM-object registry key not found)
-----( HKLM\SOFTWARE\Microsoft\Code Store Database\Distribution Units )-----
{C345E174-3E87-4F41-A01C-B066A90A49B4} "WRC Class" - "Microsoft Corporation" - C:\Windows\Downloaded Program Files\wrc32.ocx / hxxp://trial.trymicrosoftoffice.com/trialoaa/buymsoffice_assets/framework/microsoft/wrc32.ocx
-----( HKLM\SOFTWARE\Microsoft\Internet Explorer\Extensions )-----
"eBay - Der weltweite Online-Marktplatz" - ? - hxxp://rover.ebay.com/rover/1/707-37276-17534-31/4  (HTTP value)
{5F7B1267-94A9-47F5-98DB-E99415F33AEC} "In Blog veröffentlichen" - "Microsoft Corporation" - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll
-----( HKLM\SOFTWARE\Microsoft\Internet Explorer\Toolbar )-----
<binary data> "&Windows Live Toolbar" - "Microsoft Corporation" - C:\Program Files\Windows Live\Toolbar\wltcore.dll
-----( HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects )-----
{18DF081C-E8AD-4283-A596-FA578C2EBDC3} "Adobe PDF Link Helper" - "Adobe Systems Incorporated" - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
{DBC80044-A445-435b-BC74-9C25C1C588A9} "Java(tm) Plug-In 2 SSV Helper" - ? - C:\Program Files\Java\jre6\bin\jp2ssv.dll  (File not found)
{6EBF7485-159F-4bff-A14F-B9E3AAC4465B} "Search Helper" - "Microsoft Corporation" - C:\Program Files\Microsoft\Search Enhancement Pack\Search Helper\SEPsearchhelperie.dll
{9030D464-4C02-4ABF-8ECC-5164760863C6} "Windows Live Anmelde-Hilfsprogramm" - "Microsoft Corporation" - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
{E15A8DC0-8516-42A1-81EA-DC94EC1ACF10} "Windows Live Toolbar Helper" - "Microsoft Corporation" - C:\Program Files\Windows Live\Toolbar\wltcore.dll

[Logon]
-----( %APPDATA%\Microsoft\Windows\Start Menu\Programs\Startup )-----
"desktop.ini" - ? - C:\Users\Tini\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\desktop.ini
"OpenOffice.org 3.2.lnk" - ? - C:\Program Files\OpenOffice.org 3\program\quickstart.exe  (Shortcut exists | File found, but it contains no detailed information | File exists)
-----( %AllUsersProfile%\Microsoft\Windows\Start Menu\Programs\Startup )-----
"desktop.ini" - ? - C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\desktop.ini
"McAfee Security Scan Plus.lnk" - "McAfee, Inc." - C:\Program Files\McAfee Security Scan\2.0.181\SSScheduler.exe  (Shortcut exists | File exists)
"Microsoft Office.lnk" - "Microsoft Corporation" - C:\Program Files\Microsoft Office\Office\OSA9.EXE  (Shortcut exists | File exists)
"PHOTOfunSTUDIO HD Edition.lnk" - "Panasonic Corporation" - C:\Program Files\Panasonic\PHOTOfunSTUDIO\PhAutoRun.exe  (Shortcut exists | File exists)
-----( HKLM\SYSTEM\CurrentControlSet\Control\Terminal Server\Wds\rdpwd )-----
"StartupPrograms" - ? - rdpclip  (File not found)
-----( HKLM\Software\Microsoft\Windows\CurrentVersion\Run )-----
"avgnt" - "Avira Operations GmbH & Co. KG" - "C:\Program Files\Avira\AntiVir Desktop\avgnt.exe" /min
"HotkeyApp" - "Wistron" - "C:\Program Files\Launch Manager\HotkeyApp.exe"
"LMgrVolOSD" - "Wistron Corp." - "C:\Program Files\Launch Manager\OSD.exe"
"NvCplDaemon" - "NVIDIA Corporation" - RUNDLL32.EXE C:\Windows\system32\NvCpl.dll,NvStartup
"PDVD9LanguageShortcut" - "CyberLink Corp." - "C:\Program Files\CyberLink\PowerDVD9\Language\Language.exe"
"UCam_Menu" - "CyberLink Corp." - "C:\Program Files\CyberLink\YouCam\MUITransfer\MUIStartMenu.exe" "C:\Program Files\CyberLink\YouCam" UpdateWithCreateOnce "Software\CyberLink\YouCam\3.0"
"Wbutton" - "Wistron Corp." - "C:\Program Files\Launch Manager\Wbutton.exe"

[Print Monitors]
-----( HKLM\SYSTEM\CurrentControlSet\Control\Print\Monitors )-----
"PDFCreator" - ? - C:\Windows\system32\pdfcmnnt.dll  (File found, but it contains no detailed information)

[Services]
-----( HKLM\SYSTEM\CurrentControlSet\Services )-----
"Avira Echtzeit Scanner" (AntiVirService) - "Avira Operations GmbH & Co. KG" - C:\Program Files\Avira\AntiVir Desktop\avguard.exe
"Avira Planer" (AntiVirSchedulerService) - "Avira Operations GmbH & Co. KG" - C:\Program Files\Avira\AntiVir Desktop\sched.exe
"B's Recorder GOLD Library General Service" (bgsvcgen) - "B.H.A Corporation" - C:\Windows\System32\bgsvcgen.exe
"Cyberlink RichVideo Service(CRVS)" (RichVideo) - ? - C:\Program Files\CyberLink\Shared Files\RichVideo.exe
"FABS - Helping agent for MAGIX media database" (Fabs) - "MAGIX AG" - C:\Program Files\Common Files\MAGIX Services\Database\bin\FABS.exe
"Firebird Server - MAGIX Instance" (FirebirdServerMAGIXInstance) - "MAGIX®" - C:\Program Files\Common Files\MAGIX Services\Database\bin\fbserver.exe
"Google Updater Service" (gusvc) - "Google" - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
"InstallDriver Table Manager" (IDriverT) - "Macrovision Corporation" - C:\Program Files\Common Files\InstallShield\Driver\1150\Intel 32\IDriverT.exe
"Intel(R) Management & Security Application User Notification Service" (UNS) - "Intel Corporation" - C:\Program Files\Intel\Intel(R) Management Engine Components\UNS\UNS.exe
"Intel(R) Management and Security Application Local Management Service" (LMS) - "Intel Corporation" - C:\Program Files\Intel\Intel(R) Management Engine Components\LMS\LMS.exe
"Intel(R) Rapid Storage Technology" (IAStorDataMgrSvc) - "Intel Corporation" - C:\Program Files\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe
"McAfee Security Scan Component Host Service" (McComponentHostService) - "McAfee, Inc." - C:\Program Files\McAfee Security Scan\2.0.181\McCHSvc.exe
"Microsoft .NET Framework NGEN v4.0.30319_X86" (clr_optimization_v4.0.30319_32) - "Microsoft Corporation" - C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe
"Mozilla Maintenance Service" (MozillaMaintenance) - "Mozilla Foundation" - C:\Program Files\Mozilla Maintenance Service\maintenanceservice.exe
"NVIDIA Display Driver Service" (nvsvc) - "NVIDIA Corporation" - C:\Windows\system32\nvvsvc.exe
"ProtexisLicensing" (ProtexisLicensing) - ? - C:\Windows\system32\PSIService.exe
"SeaPort" (SeaPort) - "Microsoft Corporation" - C:\Program Files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe
"WisLMSvc" (WisLMSvc) - "Wistron Corp." - C:\Program Files\Launch Manager\WisLMSvc.exe
"WTGService" (WTGService) - ? - C:\Program Files\Verbindungsassistent\wtgservice.exe  (File found, but it contains no detailed information)

[Winlogon]
-----( HKCU\Control Panel\Desktop )-----
"SCRNSAVE.EXE" - "ALDI SÜD" - C:\Windows\system32\MAHJON~1.SCR

===[ Logfile end ]=========================================[ Logfile end ]===

--- --- ---

If You have questions or want to get some help, You can visit hxxp://forum.online-solutions.ru

cosinus · 03.10.2012, 21:11

Was ist mit aswMBR?

erebor · 03.10.2012, 21:16

Läuft seit ca. 45 Minuten.

Hier der Log.

Code:

ATTFilter

aswMBR version 0.9.9.1665 Copyright(c) 2011 AVAST Software
Run date: 2012-10-03 21:23:55
-----------------------------
21:23:55.177    OS Version: Windows 6.1.7600 
21:23:55.177    Number of processors: 4 586 0x2502
21:23:55.177    ComputerName: TINI-PC  UserName: Tini
21:23:58.593    Initialize success
21:27:41.873    AVAST engine defs: 12100301
21:31:27.355    Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\Ide\IAAStorageDevice-1
21:31:27.355    Disk 0 Vendor: WDC_WD50 01.0 Size: 476940MB BusType: 3
21:31:27.402    Disk 0 MBR read successfully
21:31:27.418    Disk 0 MBR scan
21:31:27.418    Disk 0 unknown MBR code
21:31:27.511    Disk 0 Partition 1 80 (A) 07    HPFS/NTFS NTFS          100 MB offset 2048
21:31:27.589    Disk 0 Partition 2 00     07    HPFS/NTFS NTFS       434852 MB offset 206848
21:31:27.699    Disk 0 Partition 3 00     07    HPFS/NTFS NTFS        40960 MB offset 890783744
21:31:27.792    Disk 0 Partition 4 00     12  Compaq diag NTFS         1026 MB offset 974669824
21:31:27.886    Disk 0 scanning sectors +976771072
21:31:28.276    Disk 0 scanning C:\Windows\system32\drivers
21:32:30.957    Service scanning
21:33:03.452    Modules scanning
21:34:51.997    Disk 0 trace - called modules:
21:34:52.012    ntkrnlpa.exe CLASSPNP.SYS disk.sys iaStor.sys halmacpi.dll 
21:34:52.012    1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0x883835c0]
21:34:52.028    3 CLASSPNP.SYS[8c3a959e] -> nt!IofCallDriver -> \Device\Ide\IAAStorageDevice-1[0x867d4028]
21:34:54.773    AVAST engine scan C:\Windows
21:38:32.909    AVAST engine scan C:\Windows\system32
22:05:22.270    AVAST engine scan C:\Windows\system32\drivers
22:05:40.990    AVAST engine scan C:\Users\Tini
22:21:46.678    AVAST engine scan C:\ProgramData
22:23:27.205    Scan finished successfully
22:40:41.846    Disk 0 MBR has been saved successfully to "C:\Users\Tini\Desktop\MBR.dat"
22:40:41.846    The log file has been saved successfully to "C:\Users\Tini\Desktop\aswMBR.txt"

cosinus · 04.10.2012, 09:13

Wir sollten den MBR fixen, sichere für den Fall der Fälle ALLE wichtigen Daten, auch wenn meistens alles glatt geht.

Hinweis: Mach bitte NICHT den MBR-Fix, wenn du noch andere Betriebssysteme wie zB Ubuntu installiert hast, ein MBR-Fix mit Windows-Tools macht ein parallel installiertes (Dualboot) Linux unbootbar.
Mach den Fix auch dann nicht, wenn du zB mit TrueCrypt oder anderen Verschlüsselungsprogrammen eine Vollverschlüsselung der Windowspartition bzw. gesamten Festplatte hast

Starte nach der Datensicherung aswmbr erneut und klick auf den Button FIXMBR.

Hinweis: Bitte den Virenscanner abstellen bevor du aswMBR ausführst, denn v.a. Avira meldet darin oft einen Fehalalrm!

Anschließend Windows neu starten und ein neues Log mit aswMBR machen.

03.10.2012, 21:11	#28
cosinus /// Winkelfunktion /// TB-Süch-Tiger™	GUV-Trojaner - Computer gesperrt - Win 7 Was ist mit aswMBR? __________________ Logfiles bitte immer in CODE-Tags posten

GUV-Trojaner - Computer gesperrt - Win 7

Plagegeister aller Art und deren Bekämpfung: GUV-Trojaner - Computer gesperrt - Win 7