Zurück   Trojaner-Board > Malware entfernen > Log-Analyse und Auswertung
Bundesministerium für Internetsicherheit - Kompromitierter Rechner

Bundesministerium für Internetsicherheit - Kompromitierter Rechner


Log-Analyse und Auswertung: Bundesministerium für Internetsicherheit - Kompromitierter Rechner

Windows 7 Wenn Du Dir einen Trojaner eingefangen hast oder ständig Viren Warnungen bekommst, kannst Du hier die Logs unserer Diagnose Tools zwecks Auswertung durch unsere Experten posten. Um Viren und Trojaner entfernen zu können, muss das infizierte System zuerst untersucht werden: Erste Schritte zur Hilfe. Beachte dass ein infiziertes System nicht vertrauenswürdig ist und bis zur vollständigen Entfernung der Malware nicht verwendet werden sollte.XML

Antwort
Seite 1 von 3 1 23
Alt 06.05.2013, 17:41   #1
SuppiSuppenh
 
Bundesministerium für Internetsicherheit - Kompromitierter Rechner - Standard

Bundesministerium für Internetsicherheit - Kompromitierter Rechner


Hallo Experten !

Ich habe den "Bundesministerium für Internetsicherheit"-Trojaner auf meinem Rechner.
Irgendwie habe ich es geschafft auf den Desktop Zugriff zu bekommen.

Meine Recherche hier im Board hat mich bereits auf die Scans mit Malwarebytes-Anti-Rootkit und OTD gebracht.

Hier die Logs:

Erster Durchlauf
Code:
ATTFilter
Malwarebytes Anti-Rootkit BETA 1.05.0.1001
www.malwarebytes.org

Database version: v2013.03.22.01

Windows 7 Service Pack 1 x86 FAT32
Internet Explorer 9.0.8112.16421
Martin :: MARTIN-PC [administrator]

06.05.2013 17:30:06
mbar-log-2013-05-06 (17-30-06).txt

Scan type: Quick scan
Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM | P2P
Scan options disabled: 
Objects scanned: 27029
Time elapsed: 6 minute(s), 41 second(s)

Memory Processes Detected: 0
(No malicious items detected)

Memory Modules Detected: 0
(No malicious items detected)

Registry Keys Detected: 1
HKCU\SOFTWARE\CLASSES\CLSID\{fbeb8a05-beee-4442-804e-409d6c4515e9} (Hijack.Trojan.Siredef.C) -> Delete on reboot.

Registry Values Detected: 1
HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Run|ctfmon.exe (Trojan.Agent.Gen) -> Data: C:\PROGRA~3\rundll32.exe C:\PROGRA~3\ijezdqe.dat,FG00 -> Delete on reboot.

Registry Data Items Detected: 1
HKCU\SOFTWARE\CLASSES\CLSID\{FBEB8A05-BEEE-4442-804E-409D6C4515E9}\INPROCSERVER32| (Trojan.0Access) -> Bad: (C:\$Recycle.Bin\S-1-5-21-2975299611-2270659082-2690376731-1001\$6b39cb7759c16d7e3f9be78c40b1bc1b\n.) Good: (shell32.dll) -> Delete on reboot.

Folders Detected: 3
c:\$Recycle.Bin\S-1-5-21-2975299611-2270659082-2690376731-1001\$6b39cb7759c16d7e3f9be78c40b1bc1b\U (Trojan.Siredef.C) -> Delete on reboot.
c:\$Recycle.Bin\S-1-5-21-2975299611-2270659082-2690376731-1001\$6b39cb7759c16d7e3f9be78c40b1bc1b\L (Trojan.Siredef.C) -> Delete on reboot.
c:\$Recycle.Bin\S-1-5-21-2975299611-2270659082-2690376731-1001\$6b39cb7759c16d7e3f9be78c40b1bc1b (Trojan.Siredef.C) -> Delete on reboot.

Files Detected: 6
c:\$Recycle.Bin\S-1-5-21-2975299611-2270659082-2690376731-1001\$6b39cb7759c16d7e3f9be78c40b1bc1b\@ (Trojan.Siredef.C) -> Delete on reboot.
c:\ProgramData\rundll32.exe (Trojan.Agent.Gen) -> Delete on reboot.
c:\Users\Martin\AppData\Roaming\skype.dat (Trojan.Agent) -> Delete on reboot.
c:\$Recycle.Bin\S-1-5-21-2975299611-2270659082-2690376731-1001\$6b39cb7759c16d7e3f9be78c40b1bc1b\U\00000001.@ (Trojan.Siredef.C) -> Delete on reboot.
c:\$Recycle.Bin\S-1-5-21-2975299611-2270659082-2690376731-1001\$6b39cb7759c16d7e3f9be78c40b1bc1b\U\80000000.@ (Trojan.Siredef.C) -> Delete on reboot.
c:\$Recycle.Bin\S-1-5-21-2975299611-2270659082-2690376731-1001\$6b39cb7759c16d7e3f9be78c40b1bc1b\U\800000cb.@ (Trojan.Siredef.C) -> Delete on reboot.

(end)
Zweiter Durchlauf
Code:
ATTFilter
Malwarebytes Anti-Rootkit BETA 1.05.0.1001
www.malwarebytes.org

Database version: v2013.05.06.06

Windows 7 Service Pack 1 x86 NTFS
Internet Explorer 9.0.8112.16421
Martin :: MARTIN-PC [administrator]

06.05.2013 18:04:41
mbar-log-2013-05-06 (18-04-41).txt

Scan type: Quick scan
Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM | P2P
Scan options disabled: 
Objects scanned: 27091
Time elapsed: 7 minute(s), 16 second(s)

Memory Processes Detected: 0
(No malicious items detected)

Memory Modules Detected: 0
(No malicious items detected)

Registry Keys Detected: 1
HKCU\SOFTWARE\CLASSES\CLSID\{FBEB8A05-BEEE-4442-804E-409D6C4515E9} (Hijack.Trojan.Siredef.C) -> Delete on reboot.

Registry Values Detected: 0
(No malicious items detected)

Registry Data Items Detected: 0
(No malicious items detected)

Folders Detected: 0
(No malicious items detected)

Files Detected: 9
c:\ProgramData\ijezdqe.dat (Trojan.FakeMS) -> Delete on reboot.
c:\ProgramData\qfoni4.dat (Trojan.FakeMS) -> Delete on reboot.
c:\$Recycle.Bin\S-1-5-21-2975299611-2270659082-2690376731-1001\$RD25EEB70 (Trojan.FakeMS) -> Delete on reboot.
c:\Users\Martin\AppData\Local\Temp\icyoajc (Trojan.Zbot.ED) -> Delete on reboot.
c:\Users\Martin\AppData\Local\Temp\uoosuud.exe (Trojan.Agent.SZ) -> Delete on reboot.
c:\Users\Martin\AppData\Local\Temp\8jECD92.exe (Trojan.FakeMS) -> Delete on reboot.
c:\Users\Martin\AppData\Local\Temp\~!#35A1.tmp (Trojan.Agent.SZ) -> Delete on reboot.
c:\Users\Martin\AppData\Local\Temp\~!#DE4D.tmp (Trojan.Zbot.ED) -> Delete on reboot.
c:\ProgramData\rundll32.exe (Trojan.Agent.Gen) -> Delete on reboot.

(end)
Dritter Durchlauf
Code:
ATTFilter
Malwarebytes Anti-Rootkit BETA 1.05.0.1001
www.malwarebytes.org

Database version: v2013.05.06.06

Windows 7 Service Pack 1 x86 NTFS
Internet Explorer 9.0.8112.16421
Martin :: MARTIN-PC [administrator]

06.05.2013 18:14:44
mbar-log-2013-05-06 (18-14-44).txt

Scan type: Quick scan
Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM | P2P
Scan options disabled: 
Objects scanned: 27022
Time elapsed: 6 minute(s), 58 second(s)

Memory Processes Detected: 0
(No malicious items detected)

Memory Modules Detected: 0
(No malicious items detected)

Registry Keys Detected: 0
(No malicious items detected)

Registry Values Detected: 0
(No malicious items detected)

Registry Data Items Detected: 0
(No malicious items detected)

Folders Detected: 0
(No malicious items detected)

Files Detected: 0
(No malicious items detected)

(end)
Dann habe ich OTD durchlaufen lassen.

Hier die Scans:

OTL.Txt
Code:
ATTFilter
OTL logfile created on: 06.05.2013 18:16:44 - Run 1
OTL by OldTimer - Version 3.2.69.0     Folder = C:\Users\Martin\Desktop\Trojaner-Board
 Home Premium Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
 
3,00 Gb Total Physical Memory | 2,01 Gb Available Physical Memory | 67,09% Memory free
6,00 Gb Paging File | 4,66 Gb Available in Paging File | 77,66% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 98,60 Gb Total Space | 23,59 Gb Free Space | 23,93% Space Free | Partition Type: NTFS
Drive D: | 832,91 Gb Total Space | 645,48 Gb Free Space | 77,50% Space Free | Partition Type: NTFS
Drive E: | 690,24 Mb Total Space | 0,00 Mb Free Space | 0,00% Space Free | Partition Type: CDFS
 
Computer Name: MARTIN-PC | User Name: Martin | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days
 
========== Processes (SafeList) ==========
 
PRC - C:\Users\Martin\Desktop\Trojaner-Board\OTL.exe (OldTimer Tools)
PRC - C:\Program Files\McAfee Security Scan\3.0.318\SSScheduler.exe (McAfee, Inc.)
PRC - C:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe (Adobe Systems Incorporated)
PRC - D:\Programme\Hamachi\hamachi-2-ui.exe (LogMeIn Inc.)
PRC - D:\Programme\Hamachi\hamachi-2.exe (LogMeIn Inc.)
PRC - C:\Program Files\Evernote\Evernote\EvernoteClipper.exe (Evernote Corp., 333 W Evelyn Ave. Mountain View, CA 94041)
PRC - C:\Windows\System32\taskhost.exe (Microsoft Corporation)
PRC - C:\Program Files\avmwlanstick\FRITZWLANMini.exe (AVM Berlin)
PRC - D:\Programme\I-Tunes\iTunesHelper.exe (Apple Inc.)
PRC - C:\Program Files\Nokia\Nokia Suite\NokiaSuite.exe (Nokia)
PRC - C:\Program Files\PC Connectivity Solution\ServiceLayer.exe (Nokia)
PRC - C:\Program Files\PC Connectivity Solution\Transports\NclUSBSrv.exe (Nokia)
PRC - C:\Program Files\PC Connectivity Solution\Transports\NclMSBTSrvEx.exe (Nokia)
PRC - C:\Windows\System32\atieclxx.exe (AMD)
PRC - C:\Windows\System32\atiesrxx.exe (AMD)
PRC - C:\Programme\Avira\AntiVir Desktop\avguard.exe (Avira GmbH)
PRC - C:\Windows\explorer.exe (Microsoft Corporation)
PRC - D:\Programme\ATI\ATI.ACE\Core-Static\CCC.exe (ATI Technologies Inc.)
PRC - D:\Programme\ATI\ATI.ACE\Core-Static\MOM.exe (Advanced Micro Devices Inc.)
PRC - C:\Programme\Avira\AntiVir Desktop\sched.exe (Avira GmbH)
PRC - C:\Programme\Avira\AntiVir Desktop\avgnt.exe (Avira GmbH)
PRC - C:\Programme\Avira\AntiVir Desktop\avshadow.exe (Avira GmbH)
PRC - D:\Programme\Content Tranfer 1.3\CT1.3_dl\ContentTransferWMDetector.exe (Sony Corporation)
PRC - C:\Program Files\Canon\MyPrinter\BJMYPRT.EXE (CANON INC.)
PRC - C:\Programme\Microsoft Office\Office12\ONENOTEM.EXE (Microsoft Corporation)
PRC - C:\Programme\Microsoft Office\Office12\GrooveMonitor.exe (Microsoft Corporation)
PRC - C:\Program Files\Common Files\Nero\Lib\NMIndexStoreSvr.exe (Nero AG)
PRC - D:\Programme\Canon Image Mixer 3.1\CameraMonitor.exe (PIXELA CORPORATION)
PRC - C:\Program Files\Fisher-Price\DACS\MiniApp\DACSMiniApp.exe (Mattel Inc.)
 
 
========== Modules (No Company Name) ==========
 
MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\WindowsFormsIntegra#\78967b28f748b8807eaa97c1cb454adc\WindowsFormsIntegration.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Web\5ecf01964c70e453d71e5d7653912ff9\System.Web.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\cb562e2e4f74ae607f1186f6ec50cec7\System.Windows.Forms.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Core\77dfcfed5fd5f67d0d3edc545935bb21\System.Core.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\PresentationFramewo#\d7d20811a7ce7cc589153648cbb1ce5c\PresentationFramework.Aero.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Runtime.Remo#\90b89f6e8032310e9ac72a309fd49e83\System.Runtime.Remoting.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\PresentationFramewo#\ff7c9a4f41f7cccc47e696c11b9f8469\PresentationFramework.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Drawing\eead6629e384a5b69f9ae35284b7eeed\System.Drawing.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\UIAutomationProvider\23da92e38ffc0bbf6673adb1892aa0f4\UIAutomationProvider.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\PresentationCore\19b3d17c3ce0e264c4fb62028161adf7\PresentationCore.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\WindowsBase\cf827fe7bc99d9bcf0ba3621054ef527\WindowsBase.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Xml\f687c43e9fdec031988b33ae722c4613\System.Xml.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\System\369f8bdca364e2b4936d18dea582912c\System.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Configuration\195a77fcc6206f8bb35d419ff2cf0d72\System.Configuration.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\7150b9136fad5b79e88f6c7f9d3d2c39\mscorlib.ni.dll ()
MOD - C:\Windows\assembly\GAC_MSIL\System.Windows.Forms\2.0.0.0__b77a5c561934e089\System.Windows.Forms.dll ()
MOD - C:\Windows\assembly\GAC_MSIL\System\2.0.0.0__b77a5c561934e089\System.dll ()
MOD - C:\Windows\assembly\GAC_MSIL\System.Drawing\2.0.0.0__b03f5f7f11d50a3a\System.Drawing.dll ()
MOD - C:\Program Files\Evernote\Evernote\libxml2.dll ()
MOD - C:\Program Files\Evernote\Evernote\libtidy.dll ()
MOD - C:\Windows\assembly\GAC_32\mscorlib\2.0.0.0__b77a5c561934e089\mscorlib.dll ()
MOD - C:\Program Files\Nokia\Nokia Suite\ssoengine.dll ()
MOD - C:\Program Files\Nokia\Nokia Suite\securestorage.dll ()
MOD - C:\Program Files\Nokia\Nokia Suite\qjson.dll ()
MOD - C:\Program Files\Nokia\Nokia Suite\phonon4.dll ()
MOD - C:\Program Files\Nokia\Nokia Suite\QxtCore.dll ()
MOD - C:\Program Files\Nokia\Nokia Suite\QxtWeb.dll ()
MOD - C:\Program Files\Nokia\Nokia Suite\QtXmlPatterns4.dll ()
MOD - C:\Program Files\Nokia\Nokia Suite\QtXml4.dll ()
MOD - C:\Program Files\Nokia\Nokia Suite\QtWebKit4.dll ()
MOD - C:\Program Files\Nokia\Nokia Suite\QtSql4.dll ()
MOD - C:\Program Files\Nokia\Nokia Suite\QtScript4.dll ()
MOD - C:\Program Files\Nokia\Nokia Suite\QtOpenGL4.dll ()
MOD - C:\Program Files\Nokia\Nokia Suite\QtNetwork4.dll ()
MOD - C:\Program Files\Nokia\Nokia Suite\QtMultimediaKit1.dll ()
MOD - C:\Program Files\Nokia\Nokia Suite\QtGui4.dll ()
MOD - C:\Program Files\Nokia\Nokia Suite\QtDeclarative4.dll ()
MOD - C:\Program Files\Nokia\Nokia Suite\QtCore4.dll ()
MOD - C:\Program Files\Nokia\Nokia Suite\sqldrivers\qsqlite4.dll ()
MOD - C:\Program Files\Nokia\Nokia Suite\imageformats\qjpeg4.dll ()
MOD - C:\Program Files\Nokia\Nokia Suite\imageformats\qico4.dll ()
MOD - C:\Program Files\Nokia\Nokia Suite\imageformats\qgif4.dll ()
MOD - C:\Program Files\Nokia\Nokia Suite\OviShareLib.dll ()
MOD - C:\Program Files\Nokia\Nokia Suite\NService.dll ()
MOD - C:\Program Files\Nokia\Nokia Suite\Maps Service API.dll ()
MOD - C:\Program Files\Nokia\Nokia Suite\CommonUpdateChecker.dll ()
MOD - C:\Program Files\Nokia\Nokia Suite\mediaservice\dsengine.dll ()
MOD - D:\Programme\ATI\ATI.ACE\Core-Static\CLI.Aspect.CrossDisplay.Graphics.Dashboard.dll ()
MOD - C:\Program Files\Common Files\Apple\Apple Application Support\zlib1.dll ()
MOD - C:\Program Files\Common Files\Apple\Apple Application Support\libxml2.dll ()
MOD - C:\Windows\assembly\GAC_MSIL\mscorlib.resources\2.0.0.0_de_b77a5c561934e089\mscorlib.resources.dll ()
MOD - C:\Windows\assembly\GAC_MSIL\System.resources\2.0.0.0_de_b77a5c561934e089\System.resources.dll ()
MOD - C:\Windows\assembly\GAC_MSIL\Accessibility\2.0.0.0__b03f5f7f11d50a3a\Accessibility.dll ()
MOD - D:\Programme\Canon Image Mixer 3.1\pxl_m17n_tool.dll ()
 
 
========== Services (SafeList) ==========
 
SRV - (Winmgmt) -- C:\PROGRA~3\ijezdqe.dat File not found
SRV - (MozillaMaintenance) -- C:\Program Files\Mozilla Maintenance Service\maintenanceservice.exe (Mozilla Foundation)
SRV - (AdobeFlashPlayerUpdateSvc) -- C:\Windows\System32\Macromed\Flash\FlashPlayerUpdateService.exe (Adobe Systems Incorporated)
SRV - (McComponentHostService) -- C:\Program Files\McAfee Security Scan\3.0.318\McCHSvc.exe (McAfee, Inc.)
SRV - (AdobeARMservice) -- C:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe (Adobe Systems Incorporated)
SRV - (Hamachi2Svc) -- D:\Programme\Hamachi\hamachi-2.exe (LogMeIn Inc.)
SRV - (ServiceLayer) -- C:\Program Files\PC Connectivity Solution\ServiceLayer.exe (Nokia)
SRV - (AMD External Events Utility) -- C:\Windows\System32\atiesrxx.exe (AMD)
SRV - (AntiVirService) -- C:\Programme\Avira\AntiVir Desktop\avguard.exe (Avira GmbH)
SRV - (AntiVirSchedulerService) -- C:\Programme\Avira\AntiVir Desktop\sched.exe (Avira GmbH)
SRV - (SensrSvc) -- C:\Windows\System32\sensrsvc.dll (Microsoft Corporation)
SRV - (WinDefend) -- C:\Program Files\Windows Defender\mpsvc.dll (Microsoft Corporation)
SRV - (Microsoft Office Groove Audit Service) -- C:\Programme\Microsoft Office\Office12\GrooveAuditService.exe (Microsoft Corporation)
 
 
========== Driver Services (SafeList) ==========
 
DRV - (AIDA64Driver) -- H:\aida64extreme_build_1114_b\kerneld.wnt File not found
DRV - (avipbb) -- C:\Windows\System32\drivers\avipbb.sys (Avira Operations GmbH & Co. KG)
DRV - (avgntflt) -- C:\Windows\System32\drivers\avgntflt.sys (Avira Operations GmbH & Co. KG)
DRV - (avkmgr) -- C:\Windows\System32\drivers\avkmgr.sys (Avira Operations GmbH & Co. KG)
DRV - (ssudobex) -- C:\Windows\System32\drivers\ssudobex.sys (DEVGURU Co., LTD.(www.devguru.co.kr))
DRV - (dg_ssudbus) -- C:\Windows\System32\drivers\ssudbus.sys (DEVGURU Co., LTD.(www.devguru.co.kr))
DRV - (ssudmdm) -- C:\Windows\System32\drivers\ssudmdm.sys (DEVGURU Co., LTD.(www.devguru.co.kr))
DRV - (ssmdrv) -- C:\Windows\System32\drivers\ssmdrv.sys (Avira GmbH)
DRV - (fwlanusb5) -- C:\Windows\System32\drivers\fwlanusb5.sys (AVM GmbH)
DRV - (avmeject) -- C:\Windows\System32\drivers\avmeject.sys (AVM Berlin)
DRV - (atikmdag) -- C:\Windows\System32\drivers\atikmdag.sys (Advanced Micro Devices, Inc.)
DRV - (amdkmdag) -- C:\Windows\System32\drivers\atikmdag.sys (Advanced Micro Devices, Inc.)
DRV - (amdkmdap) -- C:\Windows\System32\drivers\atikmpag.sys (Advanced Micro Devices, Inc.)
DRV - (nmwcd) -- C:\Windows\System32\drivers\ccdcmb.sys (Nokia)
DRV - (UsbserFilt) -- C:\Windows\System32\drivers\usbser_lowerfltj.sys (Nokia)
DRV - (upperdev) -- C:\Windows\System32\drivers\usbser_lowerflt.sys (Nokia)
DRV - (nmwcdc) -- C:\Windows\System32\drivers\ccdcmbo.sys (Nokia)
DRV - (AtiHDAudioService) -- C:\Windows\System32\drivers\AtihdW73.sys (Advanced Micro Devices)
DRV - (NTIOLib_1_0_8) -- C:\PROGRA~2\MSI\MSIWDev\NTIOLib.sys (MSI)
DRV - (TsUsbFlt) -- C:\Windows\System32\drivers\TsUsbFlt.sys (Microsoft Corporation)
DRV - (WinUsb) -- C:\Windows\System32\drivers\winusb.sys (Microsoft Corporation)
DRV - (MSI_MSIBIOS_010507) -- C:\PROGRA~2\MSI\MSIWDev\msibios32_100507.sys (Your Corporation)
DRV - (AsIO) -- C:\Windows\System32\drivers\AsIO.sys ()
DRV - (L1E) -- C:\Windows\System32\drivers\L1E62x86.sys (Atheros Communications, Inc.)
DRV - (AsUpIO) -- C:\Windows\System32\drivers\AsUpIO.sys ()
DRV - (hamachi) -- C:\Windows\System32\drivers\hamachi.sys (LogMeIn, Inc.)
DRV - (pccsmcfd) -- C:\Windows\System32\drivers\pccsmcfd.sys (Nokia)
DRV - (LUsbFilt) -- C:\Windows\System32\drivers\LUsbFilt.sys (Logitech, Inc.)
DRV - (MTsensor) -- C:\Windows\System32\drivers\ASACPI.sys ()
 
 
========== Standard Registry (SafeList) ==========
 
 
========== Internet Explorer ==========
 
IE - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&FORM=IE8SRC
 
 
IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
 
IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
 
 
 
IE - HKU\S-1-5-21-2975299611-2270659082-2690376731-1001\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = hxxp://de.msn.com/?ocid=iehp
IE - HKU\S-1-5-21-2975299611-2270659082-2690376731-1001\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = de-DE
IE - HKU\S-1-5-21-2975299611-2270659082-2690376731-1001\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = E4 31 37 93 9A 45 CE 01  [binary data]
IE - HKU\S-1-5-21-2975299611-2270659082-2690376731-1001\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE - HKU\S-1-5-21-2975299611-2270659082-2690376731-1001\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&src=IE-SearchBox&FORM=IE8SRC
IE - HKU\S-1-5-21-2975299611-2270659082-2690376731-1001\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKU\S-1-5-21-2975299611-2270659082-2690376731-1001\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local
 
========== FireFox ==========
 
FF - prefs.js..browser.search.selectedEngine: "Google"
FF - prefs.js..browser.startup.homepage: "www.web.de"
FF - prefs.js..extensions.enabledAddons: backupfox_959a5970_ada3_11e0_9f1c_0800200c9a66%40mozillafirefoxextension:1.0.3
FF - prefs.js..extensions.enabledAddons: toolbar%40web.de:2.5
FF - prefs.js..extensions.enabledAddons: %7B78e516ef-11de-47a1-8364-a99b917ec5ee%7D:10.15.2.523
FF - prefs.js..extensions.enabledAddons: %7B972ce4c6-7e08-4474-a285-3208198ce6fd%7D:20.0.1
FF - user.js - File not found
 
FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF32_11_6_602_180.dll ()
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=:  File not found
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=1.0: D:\Programme\I-Tunes\Mozilla Plugins\npitunes.dll ()
FF - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=10.17.2: C:\Windows\system32\npDeployJava1.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin,version=10.17.2: C:\Program Files\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@mcafee.com/McAfeeMssPlugin: C:\Program Files\McAfee Security Scan\3.0.318\npMcAfeeMss.dll (McAfee, Inc.)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeLive,version=1.5: C:\Program Files\Microsoft\Office Live\npOLW.dll (Microsoft Corp.)
FF - HKLM\Software\MozillaPlugins\@veetle.com/veetleCorePlugin,version=0.9.18: D:\Programme\Veetle player\Veetle\plugins\npVeetle.dll (Veetle Inc)
FF - HKLM\Software\MozillaPlugins\@veetle.com/veetlePlayerPlugin,version=0.9.18: D:\Programme\Veetle player\Veetle\Player\npvlc.dll (Veetle Inc)
FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
 
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\fe_9.0@nokia.com: C:\Program Files\Nokia\Nokia Suite\Connectors\Bookmarks Connector\FirefoxExtension_9.0 [2012.01.29 11:16:44 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 20.0.1\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2011.04.06 17:14:51 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 20.0.1\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Thunderbird 17.0.5\extensions\\Components: C:\Program Files\Mozilla Thunderbird\components [2011.04.06 17:14:51 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Thunderbird 17.0.5\extensions\\Plugins: C:\Program Files\Mozilla Thunderbird\plugins
FF - HKEY_LOCAL_MACHINE\software\mozilla\Thunderbird\Extensions\\te_9.0@nokia.com: C:\Program Files\Nokia\Nokia Suite\Connectors\Thunderbird Connector\ThunderbirdExtension_9.0 [2012.01.29 11:16:44 | 000,000,000 | ---D | M]
FF - HKEY_CURRENT_USER\software\mozilla\Mozilla Firefox 20.0.1\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2011.04.06 17:14:51 | 000,000,000 | ---D | M]
FF - HKEY_CURRENT_USER\software\mozilla\Mozilla Firefox 20.0.1\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins
FF - HKEY_CURRENT_USER\software\mozilla\Mozilla Thunderbird 17.0.5\extensions\\Components: C:\Program Files\Mozilla Thunderbird\components [2011.04.06 17:14:51 | 000,000,000 | ---D | M]
FF - HKEY_CURRENT_USER\software\mozilla\Mozilla Thunderbird 17.0.5\extensions\\Plugins: C:\Program Files\Mozilla Thunderbird\plugins
 
[2011.04.12 15:25:45 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Martin\AppData\Roaming\mozilla\Extensions
[2011.04.12 15:25:45 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Martin\AppData\Roaming\mozilla\Extensions\{3550f703-e582-4d05-9a08-453d09bdfdc6}
[2013.04.15 17:30:32 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Martin\AppData\Roaming\mozilla\Firefox\Profiles\1uxfjgzh.default\extensions
[2013.04.15 17:30:32 | 000,000,000 | ---D | M] (FileConverter 1.3) -- C:\Users\Martin\AppData\Roaming\mozilla\Firefox\Profiles\1uxfjgzh.default\extensions\{78e516ef-11de-47a1-8364-a99b917ec5ee}
[2012.02.13 17:05:10 | 000,000,000 | ---D | M] (Cooliris) -- C:\Users\Martin\AppData\Roaming\mozilla\Firefox\Profiles\1uxfjgzh.default\extensions\piclens@cooliris.com
[2011.10.05 16:22:58 | 000,027,678 | ---- | M] () (No name found) -- C:\Users\Martin\AppData\Roaming\mozilla\firefox\profiles\1uxfjgzh.default\extensions\backupfox_959a5970_ada3_11e0_9f1c_0800200c9a66@mozillafirefoxextension.xpi
[2013.03.21 16:31:01 | 000,549,639 | ---- | M] () (No name found) -- C:\Users\Martin\AppData\Roaming\mozilla\firefox\profiles\1uxfjgzh.default\extensions\toolbar@web.de.xpi
[2013.04.12 15:52:24 | 000,000,000 | ---D | M] (No name found) -- C:\Programme\Mozilla Firefox\extensions
[2013.04.12 15:52:20 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files\mozilla firefox\distribution\extensions
[2013.04.12 15:52:23 | 000,000,000 | ---D | M] (WEB.DE MailCheck) -- C:\Program Files\mozilla firefox\distribution\extensions\toolbar@web.de
[2013.04.12 15:52:28 | 000,263,064 | ---- | M] (Mozilla Foundation) -- C:\Program Files\mozilla firefox\components\browsercomps.dll
[2012.10.16 11:41:44 | 000,001,392 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\amazondotcom-de.xml
[2012.10.16 11:41:44 | 000,002,465 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\bing.xml
[2012.10.16 11:41:44 | 000,001,153 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\eBay-de.xml
[2012.10.16 11:41:44 | 000,006,805 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\leo_ende_de.xml
[2012.10.16 11:41:44 | 000,001,178 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\wikipedia-de.xml
[2012.10.16 11:41:44 | 000,001,105 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\yahoo-de.xml
 
O1 HOSTS File: ([2009.06.10 23:39:37 | 000,000,824 | ---- | M]) - C:\Windows\System32\drivers\etc\hosts
O2 - BHO: (AdblockPro) - {04F2568A-3E7A-422D-A71E-DC088A635F7D} - C:\Users\Martin\AppData\Roaming\AdblockPro\IE\AdblockPro.dll (Adblock Pro Inc.)
O2 - BHO: (MSS+ Identifier) - {0E8A89AD-95D7-40EB-8D9D-083EF7066A01} - C:\Program Files\McAfee Security Scan\3.0.318\McAfeeMSS_IE.dll (McAfee, Inc.)
O2 - BHO: (Groove GFS Browser Helper) - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Programme\Microsoft Office\Office12\GrooveShellExtensions.dll (Microsoft Corporation)
O2 - BHO: (Java(tm) Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre7\bin\ssv.dll (Oracle Corporation)
O2 - BHO: (AdobeReader) - {AC6401E9-813B-46DA-B06F-A4FFA2F9AE6D} - C:\Users\Martin\AppData\Roaming\AdobeReader\IE\AdobeReader.dll (Adobe Corporation)
O2 - BHO: (Java(tm) Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
O4 - HKLM..\Run: [APSDaemon] C:\Program Files\Common Files\Apple\Apple Application Support\APSDaemon.exe (Apple Inc.)
O4 - HKLM..\Run: [avgnt] C:\Program Files\Avira\AntiVir Desktop\avgnt.exe (Avira Operations GmbH & Co. KG)
O4 - HKLM..\Run: [AVMWlanClient] C:\Program Files\avmwlanstick\FRITZWLANMini.exe (AVM Berlin)
O4 - HKLM..\Run: [CanonMyPrinter] C:\Program Files\Canon\MyPrinter\BJMyPrt.exe (CANON INC.)
O4 - HKLM..\Run: [CanonSolutionMenu] C:\Program Files\Canon\SolutionMenu\CNSLMAIN.exe (CANON INC.)
O4 - HKLM..\Run: [ContentTransferWMDetector.exe] D:\Programme\Content Tranfer 1.3\CT1.3_dl\ContentTransferWMDetector.exe (Sony Corporation)
O4 - HKLM..\Run: [DACSMiniApp] C:\Program Files\Fisher-Price\DACS\MiniApp\DACSMiniApp.exe (Mattel Inc.)
O4 - HKLM..\Run: [DXM6Patch_981116] C:\Windows\p_981116.exe (Microsoft Corporation)
O4 - HKLM..\Run: [iTunesHelper] D:\Programme\I-Tunes\iTunesHelper.exe (Apple Inc.)
O4 - HKLM..\Run: [LogMeIn Hamachi Ui] D:\Programme\Hamachi\hamachi-2-ui.exe (LogMeIn Inc.)
O4 - HKLM..\Run: [QuickTime Task] D:\Programme\QuickTimePlayer 24.03.2103\QTTask.exe (Apple Inc.)
O4 - HKLM..\Run: [StartCCC] D:\Programme\ATI\ATI.ACE\Core-Static\CLIStart.exe (Advanced Micro Devices, Inc.)
O4 - HKU\S-1-5-21-2975299611-2270659082-2690376731-1001..\Run: []  File not found
O4 - HKU\S-1-5-21-2975299611-2270659082-2690376731-1001..\Run: [IndxStoreSvr_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] C:\Program Files\Common Files\Nero\Lib\NMIndexStoreSvr.exe (Nero AG)
O4 - HKU\S-1-5-21-2975299611-2270659082-2690376731-1001..\Run: [NokiaSuite.exe] C:\Program Files\Nokia\Nokia Suite\NokiaSuite.exe (Nokia)
O4 - HKLM..\RunOnce: [Z1] C:\Windows\System32\cmd.exe (Microsoft Corporation)
O4 - HKU\S-1-5-19..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (Microsoft Corporation)
O4 - HKU\S-1-5-20..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (Microsoft Corporation)
O4 - Startup: C:\Users\Martin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\EvernoteClipper.lnk = C:\Program Files\Evernote\Evernote\EvernoteClipper.exe (Evernote Corp., 333 W Evelyn Ave. Mountain View, CA 94041)
O4 - Startup: C:\Users\Martin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\OneNote 2007 Bildschirmausschnitt- und Startprogramm.lnk = C:\Programme\Microsoft Office\Office12\ONENOTEM.EXE (Microsoft Corporation)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
O8 - Extra context menu item: Add to Evernote 4.0 - C:\Program Files\Evernote\Evernote\EvernoteIE.dll (Evernote Corp., 333 W Evelyn Ave. Mountain View, CA 94041)
O8 - Extra context menu item: Nach Microsoft E&xel exportieren - C:\Programme\Microsoft Office\Office12\EXCEL.EXE (Microsoft Corporation)
O9 - Extra Button: An OneNote senden - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Programme\Microsoft Office\Office12\ONBttnIE.dll (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : An OneNote s&enden - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Programme\Microsoft Office\Office12\ONBttnIE.dll (Microsoft Corporation)
O9 - Extra Button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\Programme\Microsoft Office\Office12\REFIEBAR.DLL (Microsoft Corporation)
O9 - Extra Button: @C:\Program Files\Evernote\Evernote\Resource.dll,-101 - {A95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\Program Files\Evernote\Evernote\EvernoteIE.dll (Evernote Corp., 333 W Evelyn Ave. Mountain View, CA 94041)
O9 - Extra 'Tools' menuitem : @C:\Program Files\Evernote\Evernote\Resource.dll,-101 - {A95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\Program Files\Evernote\Evernote\EvernoteIE.dll (Evernote Corp., 333 W Evelyn Ave. Mountain View, CA 94041)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000007 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)
O13 - gopher Prefix: missing
O15 - HKU\S-1-5-21-2975299611-2270659082-2690376731-1001\..Trusted Domains: com ([www.msi] http in Trusted sites)
O15 - HKU\S-1-5-21-2975299611-2270659082-2690376731-1001\..Trusted Domains: com.tw ([asia.msi] http in Trusted sites)
O15 - HKU\S-1-5-21-2975299611-2270659082-2690376731-1001\..Trusted Domains: com.tw ([global.msi] http in Trusted sites)
O16 - DPF: {8167C273-DF59-4416-B647-C8BB2C7EE83E} hxxp://liveupdate.msi.com.tw/autobios/LOnline/RELEASECAB/install.cab (WebSDev Control)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.7.0/jinstall-1_7_0_17-windows-i586.cab (Java Plug-in 10.17.2)
O16 - DPF: {CAFEEFAC-0017-0000-0017-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.7.0/jinstall-1_7_0_17-windows-i586.cab (Java Plug-in 1.7.0_17)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.7.0/jinstall-1_7_0_17-windows-i586.cab (Java Plug-in 1.7.0_17)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{465AF0CE-323F-4DB8-A6A8-0648F36EF922}: DhcpNameServer = 192.168.178.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{A309E58A-523F-4A3C-ABD9-D45FB6D60C05}: DhcpNameServer = 192.168.178.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{FCECDB36-B776-45E9-AE46-1D80E87BD977}: DhcpNameServer = 192.168.178.1
O18 - Protocol\Handler\grooveLocalGWS {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\Programme\Microsoft Office\Office12\GrooveSystemServices.dll (Microsoft Corporation)
O18 - Protocol\Filter\text/xml {807563E5-5146-11D5-A672-00B0D022E945} - C:\PROGRA~2\COMMON~1\MICROS~1\OFFICE12\MSOXMLMF.DLL (Microsoft Corporation)
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\System32\userinit.exe (Microsoft Corporation)
O20 - HKLM Winlogon: VMApplet - (SystemPropertiesPerformance.exe) - C:\Windows\System32\SystemPropertiesPerformance.exe (Microsoft Corporation)
O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O28 - HKLM ShellExecuteHooks: {B5A7F190-DDA6-4420-B3BA-52453494E6CD} - C:\Programme\Microsoft Office\Office12\GrooveShellExtensions.dll (Microsoft Corporation)
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2009.06.10 23:42:20 | 000,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ]
O32 - AutoRun File - [2008.01.28 17:00:37 | 000,000,042 | R--- | M] () - E:\AUTORUN.INF -- [ CDFS ]
O33 - MountPoints2\{48fb6c4b-9ae1-11e2-91bc-002185163e7e}\Shell - "" = AutoRun
O33 - MountPoints2\{48fb6c4b-9ae1-11e2-91bc-002185163e7e}\Shell\AutoRun\command - "" = H:\pushinst.exe
O33 - MountPoints2\{52477ca5-9104-11e0-8f0f-806e6f6e6963}\Shell - "" = AutoRun
O33 - MountPoints2\{52477ca5-9104-11e0-8f0f-806e6f6e6963}\Shell\AutoRun\command - "" = E:\Setup.EXE -- [2008.01.28 17:00:42 | 001,912,985 | R--- | M] ()
O34 - HKLM BootExecute: (autocheck autochk *)
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)
O38 - SubSystems\\Windows: (ServerDll=sxssrv,4)
 
========== Files/Folders - Created Within 30 Days ==========
 
[2013.05.06 17:41:00 | 000,000,000 | ---D | C] -- C:\Users\Martin\Desktop\Trojaner-Board
[2013.05.06 17:22:49 | 000,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes
[2013.05.04 13:04:27 | 000,000,000 | ---D | C] -- C:\Kaspersky Rescue Disk 10.0
[2013.04.22 16:25:43 | 000,026,176 | -H-- | C] (LogMeIn, Inc.) -- C:\Windows\System32\hamachi.sys
[2013.04.22 16:25:42 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\LogMeIn Hamachi
[2013.04.22 16:25:21 | 000,000,000 | ---D | C] -- C:\Users\Martin\AppData\Local\LogMeIn Hamachi
[2013.04.12 15:52:19 | 000,000,000 | ---D | C] -- C:\Program Files\Mozilla Firefox
[2013.04.10 14:21:00 | 002,382,848 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mshtml.tlb
[2013.04.10 14:21:00 | 000,065,024 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\jsproxy.dll
[2013.04.10 14:20:59 | 000,607,744 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\msfeeds.dll
[2013.04.10 14:20:59 | 000,176,640 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ieui.dll
[2013.04.10 14:20:59 | 000,142,848 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ieUnatt.exe
[2013.04.10 14:20:58 | 001,800,704 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\jscript9.dll
[2013.04.10 14:20:58 | 000,231,936 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\url.dll
[2013.04.10 14:20:57 | 001,427,968 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\inetcpl.cpl
[2013.04.10 13:36:12 | 002,347,008 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\win32k.sys
[2013.04.10 13:36:06 | 003,968,856 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ntkrnlpa.exe
[2013.04.10 13:36:06 | 003,913,560 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ntoskrnl.exe
[2013.04.10 13:36:05 | 000,038,912 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\csrsrv.dll
[2013.04.10 13:36:02 | 000,131,584 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\aaclient.dll
[2013.04.10 13:36:02 | 000,036,864 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\tsgqec.dll
 
========== Files - Modified Within 30 Days ==========
 
[2013.05.06 18:13:24 | 000,014,944 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
[2013.05.06 18:13:24 | 000,014,944 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
[2013.05.06 18:06:05 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2013.05.06 18:05:57 | 2415,271,936 | -HS- | M] () -- C:\hiberfil.sys
[2013.05.06 17:25:02 | 000,000,884 | ---- | M] () -- C:\Windows\tasks\Adobe Flash Player Updater.job
[2013.05.06 16:46:37 | 095,023,320 | ---- | M] () -- C:\ProgramData\eqdzeji.pad
[2013.05.04 13:50:13 | 000,002,660 | ---- | M] () -- C:\ProgramData\eqdzeji.js
[2013.05.02 02:06:08 | 000,238,872 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\MpSigStub.exe
[2013.04.30 14:02:18 | 000,001,041 | ---- | M] () -- C:\Users\Martin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\msconfig.lnk
[2013.04.30 14:02:16 | 095,023,320 | ---- | M] () -- C:\ProgramData\4inofq.pad
[2013.04.25 18:41:32 | 001,828,931 | ---- | M] () -- C:\Users\Martin\Desktop\Radrennen.pdf
[2013.04.22 16:17:43 | 000,654,150 | ---- | M] () -- C:\Windows\System32\perfh007.dat
[2013.04.22 16:17:43 | 000,616,032 | ---- | M] () -- C:\Windows\System32\perfh009.dat
[2013.04.22 16:17:43 | 000,130,022 | ---- | M] () -- C:\Windows\System32\perfc007.dat
[2013.04.22 16:17:43 | 000,106,412 | ---- | M] () -- C:\Windows\System32\perfc009.dat
[2013.04.10 15:30:19 | 000,418,672 | ---- | M] () -- C:\Windows\System32\FNTCACHE.DAT
 
========== Files Created - No Company Name ==========
 
[2013.05.04 13:50:13 | 000,002,660 | ---- | C] () -- C:\ProgramData\eqdzeji.js
[2013.04.30 14:02:18 | 000,001,041 | ---- | C] () -- C:\Users\Martin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\msconfig.lnk
[2013.04.30 14:02:14 | 095,023,320 | ---- | C] () -- C:\ProgramData\eqdzeji.pad
[2013.04.30 14:02:14 | 095,023,320 | ---- | C] () -- C:\ProgramData\4inofq.pad
[2013.04.25 18:41:31 | 001,828,931 | ---- | C] () -- C:\Users\Martin\Desktop\Radrennen.pdf
[2012.08.22 19:32:20 | 000,000,153 | ---- | C] () -- C:\Windows\WLP.ini
[2012.06.07 19:00:42 | 000,000,064 | ---- | C] () -- C:\Windows\Felix1.ini
[2012.05.30 18:25:20 | 001,780,718 | ---- | C] () -- C:\Users\Martin\Mediathek.xml
[2011.11.10 04:28:32 | 000,204,960 | ---- | C] () -- C:\Windows\System32\ativvsvl.dat
[2011.11.10 04:28:32 | 000,157,152 | ---- | C] () -- C:\Windows\System32\ativvsva.dat
[2011.11.09 23:39:44 | 000,059,904 | ---- | C] () -- C:\Windows\System32\OpenVideo.dll
[2011.11.09 23:39:32 | 000,054,784 | ---- | C] () -- C:\Windows\System32\OVDecode.dll
[2011.10.21 21:30:14 | 000,243,168 | ---- | C] () -- C:\Windows\System32\atiicdxx.dat
[2011.10.04 20:21:37 | 000,010,240 | ---- | C] () -- C:\Windows\System32\vidx16.dll
[2011.10.03 20:07:32 | 000,000,020 | ---- | C] () -- C:\Windows\SIERRA.INI
[2011.09.13 01:06:16 | 000,003,917 | ---- | C] () -- C:\Windows\System32\atipblag.dat
[2011.07.03 12:57:47 | 000,000,079 | ---- | C] () -- C:\Users\Martin\AppData\Roaming\default.pls
[2011.06.07 15:03:10 | 000,080,416 | ---- | C] () -- C:\Windows\System32\RtNicProp32.dll
[2011.05.27 16:40:26 | 000,011,448 | ---- | C] () -- C:\Windows\System32\drivers\AsUpIO.sys
[2011.05.27 16:40:22 | 000,024,576 | ---- | C] () -- C:\Windows\System32\AsIO.dll
[2011.05.27 16:40:22 | 000,011,296 | ---- | C] () -- C:\Windows\System32\drivers\AsIO.sys
[2011.05.27 16:39:54 | 000,001,769 | ---- | C] () -- C:\Windows\Language_trs.ini
[2011.04.15 14:11:19 | 000,003,584 | ---- | C] () -- C:\Users\Martin\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2011.04.13 09:06:22 | 000,001,024 | ---- | C] () -- C:\Users\Martin\.rnd
 
========== ZeroAccess Check ==========
 
[2009.07.14 06:42:31 | 000,000,227 | RHS- | M] () -- C:\Windows\assembly\Desktop.ini
 
[HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
 
[HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32]
 
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
"" = %SystemRoot%\system32\shell32.dll -- [2012.06.09 06:41:00 | 012,873,728 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment
 
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32]
"" = %systemroot%\system32\wbem\fastprox.dll -- [2010.11.20 14:19:02 | 000,606,208 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free
 
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32]
"" = %systemroot%\system32\wbem\wbemess.dll -- [2009.07.14 03:16:17 | 000,342,528 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Both
 
========== LOP Check ==========
 
[2013.04.29 18:02:43 | 000,000,000 | ---D | M] -- C:\Users\Martin\AppData\Roaming\.minecraft
[2011.04.12 15:13:59 | 000,000,000 | ---D | M] -- C:\Users\Martin\AppData\Roaming\AdblockPro
[2011.07.06 21:27:29 | 000,000,000 | ---D | M] -- C:\Users\Martin\AppData\Roaming\Amazon
[2011.04.19 12:14:57 | 000,000,000 | ---D | M] -- C:\Users\Martin\AppData\Roaming\Canon
[2012.12.27 16:23:55 | 000,000,000 | ---D | M] -- C:\Users\Martin\AppData\Roaming\Fisher-Price
[2011.06.23 16:55:35 | 000,000,000 | ---D | M] -- C:\Users\Martin\AppData\Roaming\KIDDINX
[2012.01.29 11:17:42 | 000,000,000 | ---D | M] -- C:\Users\Martin\AppData\Roaming\Nokia
[2012.02.05 20:45:53 | 000,000,000 | ---D | M] -- C:\Users\Martin\AppData\Roaming\PC Suite
[2011.04.12 15:57:44 | 000,000,000 | ---D | M] -- C:\Users\Martin\AppData\Roaming\PhotoFiltre
[2012.02.22 17:22:36 | 000,000,000 | ---D | M] -- C:\Users\Martin\AppData\Roaming\PhotoFiltre 7
[2011.10.03 19:18:43 | 000,000,000 | ---D | M] -- C:\Users\Martin\AppData\Roaming\RavensburgerTipToi
[2012.07.21 11:57:53 | 000,000,000 | ---D | M] -- C:\Users\Martin\AppData\Roaming\Rovio
[2012.02.05 15:14:27 | 000,000,000 | ---D | M] -- C:\Users\Martin\AppData\Roaming\SPORE
[2011.04.12 15:25:44 | 000,000,000 | ---D | M] -- C:\Users\Martin\AppData\Roaming\Thunderbird
 
========== Purity Check ==========
 
 

< End of report >
Extras.Txt
Code:
ATTFilter
OTL Extras logfile created on: 06.05.2013 18:16:44 - Run 1
OTL by OldTimer - Version 3.2.69.0     Folder = C:\Users\Martin\Desktop\Trojaner-Board
 Home Premium Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
 
3,00 Gb Total Physical Memory | 2,01 Gb Available Physical Memory | 67,09% Memory free
6,00 Gb Paging File | 4,66 Gb Available in Paging File | 77,66% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 98,60 Gb Total Space | 23,59 Gb Free Space | 23,93% Space Free | Partition Type: NTFS
Drive D: | 832,91 Gb Total Space | 645,48 Gb Free Space | 77,50% Space Free | Partition Type: NTFS
Drive E: | 690,24 Mb Total Space | 0,00 Mb Free Space | 0,00% Space Free | Partition Type: CDFS
 
Computer Name: MARTIN-PC | User Name: Martin | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days
 
========== Extra Registry (SafeList) ==========
 
 
========== File Associations ==========
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- C:\Windows\System32\control.exe (Microsoft Corporation)
.hlp [@ = hlpfile] -- C:\Windows\winhlp32.exe (Microsoft Corporation)
 
[HKEY_USERS\S-1-5-21-2975299611-2270659082-2690376731-1001\SOFTWARE\Classes\<extension>]
.html [@ = FirefoxHTML] -- C:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation)
 
========== Shell Spawning ==========
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
hlpfile [open] -- %SystemRoot%\winhlp32.exe %1 (Microsoft Corporation)
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [OneNote.Open] -- C:\PROGRA~2\MICROS~2\Office12\ONENOTE.EXE "%L" (Microsoft Corporation)
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
 
========== Security Center Settings ==========
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 0
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"VistaSp1" = Reg Error: Unknown registry data type -- File not found
"AntiVirusOverride" = 0
"AntiSpywareOverride" = 0
"FirewallOverride" = 0
 
========== Firewall Settings ==========
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1
 
========== Authorized Applications List ==========
 
 
========== Vista Active Open Ports Exception List ==========
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{0AB36897-E10D-412D-AEFC-9A39BCB9F50C}" = rport=139 | protocol=6 | dir=out | app=system | 
"{15799C1D-95D2-4D6E-A952-177DC0388131}" = lport=2177 | protocol=6 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe | 
"{22C3A65B-AA6B-4A84-A0EB-AB5F5848DB13}" = lport=2869 | protocol=6 | dir=in | app=system | 
"{3C3B35EA-FA5F-4578-8ABA-29049F22CFC5}" = lport=10243 | protocol=6 | dir=in | app=system | 
"{418669D9-9A61-4AAA-A5CA-9A14FB265119}" = lport=445 | protocol=6 | dir=in | app=system | 
"{460D682C-B565-442B-8EDA-8610514443A4}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe | 
"{520DFDCA-0181-41E6-AC17-14B523C66268}" = lport=5355 | protocol=17 | dir=in | svc=dnscache | app=%systemroot%\system32\svchost.exe | 
"{56472A45-04CE-41CF-BD91-A7CBE6CA5F6C}" = rport=445 | protocol=6 | dir=out | app=system | 
"{6AD5333E-75D4-4DDE-9565-1AA5EB4CA18E}" = rport=2177 | protocol=6 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe | 
"{6BD075C6-D3AE-48FC-AE69-1FBBF688B985}" = lport=137 | protocol=17 | dir=in | app=system | 
"{764E57A4-21D2-4100-99A4-7AC80F91E69D}" = rport=10243 | protocol=6 | dir=out | app=system | 
"{8E1D1B0E-4B9C-412D-A5BA-FE09804D515D}" = lport=rpc-epmap | protocol=6 | dir=in | svc=rpcss | name=@firewallapi.dll,-28539 | 
"{94367088-5A77-4C1F-8509-DBD0AE1042AE}" = rport=5355 | protocol=17 | dir=out | svc=dnscache | app=%systemroot%\system32\svchost.exe | 
"{9D65FEB7-E8EA-4C4D-8604-A63E4F7AB6FE}" = lport=5355 | protocol=17 | dir=in | svc=dnscache | app=%systemroot%\system32\svchost.exe | 
"{9F193A89-2AF6-4C14-963D-83AB9EA91E8B}" = lport=139 | protocol=6 | dir=in | app=system | 
"{BD05E1A1-96A5-426C-A62A-7DF01F14B03B}" = lport=rpc | protocol=6 | dir=in | svc=spooler | app=%systemroot%\system32\spoolsv.exe | 
"{CAF49B4A-2E13-41E7-BBA3-2FF0A1F5F739}" = lport=6004 | protocol=17 | dir=in | app=c:\program files\microsoft office\office12\outlook.exe | 
"{D0997995-1783-4701-B3BE-B5065A4F9A56}" = lport=138 | protocol=17 | dir=in | app=system | 
"{D69AB1FC-1632-4D99-B48A-62F9D9C61427}" = rport=5355 | protocol=17 | dir=out | svc=dnscache | app=%systemroot%\system32\svchost.exe | 
"{DEA7550D-7B66-41C0-8D50-E8F5CC8EFD53}" = rport=138 | protocol=17 | dir=out | app=system | 
"{E243345A-01CC-497F-81DD-C6499F02A975}" = rport=137 | protocol=17 | dir=out | app=system | 
"{E8343362-07EE-470E-9CFA-97D510AB2BA3}" = rport=1900 | protocol=17 | dir=out | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe | 
"{F7B206AB-C2EB-42CB-9F3C-10F3BF783F1A}" = lport=2177 | protocol=17 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe | 
"{FF712B1F-6687-42AC-941A-A5370181EA22}" = rport=2177 | protocol=17 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe | 
 
========== Vista Active Application Exception List ==========
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{04EC6A98-D280-4BAF-BDC5-8BCC9221B610}" = protocol=6 | dir=out | svc=upnphost | app=%systemroot%\system32\svchost.exe | 
"{18923AD5-1DD5-4AB1-AB6F-83C3E90D87FD}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe | 
"{2740EC6C-F167-4F6F-BB8B-05B0558DF4BF}" = protocol=17 | dir=in | app=c:\program files\microsoft office\office12\onenote.exe | 
"{27E94C34-0034-46A8-8747-1642FD409422}" = protocol=6 | dir=out | app=system | 
"{34F6DB5E-DB68-47D5-B479-6212C095A776}" = protocol=1 | dir=in | name=@firewallapi.dll,-28543 | 
"{376CC586-BB36-48F9-9EF9-853F6BF82454}" = dir=in | app=c:\program files\common files\nokia\service layer\a\nsl_host_process.exe | 
"{383D8D31-E847-4863-88D5-839B979E0181}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmpnetwk.exe | 
"{3D2B7DB2-8D04-4A17-9A51-812353C5606E}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe | 
"{564D6367-784E-4F89-B732-6F181D6DA1C8}" = protocol=6 | dir=in | app=c:\program files\bonjour\mdnsresponder.exe | 
"{60AF4940-4772-42CF-B5A2-BA9E0B4F5782}" = dir=in | app=c:\program files\common files\apple\apple application support\webkit2webprocess.exe | 
"{78A49817-F5BA-479B-8695-3ACBC38C4FE8}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe | 
"{811BABE3-5B18-4AAD-AA2B-1088D2058B26}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmpnetwk.exe | 
"{86B5282A-4A2B-4594-B0C8-73DC8537618C}" = dir=in | app=c:\program files\nokia\nokia suite\nokiasuite.exe | 
"{87EAA304-88A4-43E9-B03F-CE3F66D0F168}" = protocol=17 | dir=in | app=c:\program files\microsoft office\office12\groove.exe | 
"{88C7F71D-0C90-4C1C-BA62-8CBD333DD0E1}" = protocol=17 | dir=in | app=c:\program files\bonjour\mdnsresponder.exe | 
"{8E058CBA-E9E9-4BB5-A921-8B9611F000E5}" = protocol=1 | dir=out | name=@firewallapi.dll,-28544 | 
"{984CDD36-BE12-4570-AF98-18C2D2C11EBF}" = protocol=6 | dir=in | app=%programfiles%\windows media player\wmpnetwk.exe | 
"{99EA9D16-6B8A-4755-92BE-66B6A5731064}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmpnetwk.exe | 
"{A239222F-74BA-4AFD-B2D3-3EE3C86DC3CF}" = protocol=6 | dir=in | app=c:\program files\microsoft office\office12\onenote.exe | 
"{A9E815F4-D89F-4BA0-9B38-3E18D1D15D18}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe | 
"{C3C25694-2E54-4514-8692-B3141A27127B}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe | 
"{C8FB1B54-A257-4681-A59F-9777623299DD}" = protocol=58 | dir=in | name=@firewallapi.dll,-28545 | 
"{CA31DF7A-BE7A-4C0F-9474-4200E2875301}" = dir=in | app=d:\programme\i-tunes\itunes.exe | 
"{D3793604-0E92-4C12-878E-3C5F8F8E2A1B}" = protocol=6 | dir=in | app=c:\program files\microsoft office\office12\groove.exe | 
"{E69C3512-07C2-425A-B75B-ACCE4B76CBFD}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe | 
"{F69BB6BA-C615-47AF-8F38-BFC9B7C2466C}" = protocol=58 | dir=out | name=@firewallapi.dll,-28546 | 
"TCP Query User{08D8F2DF-D401-4877-8E3E-F4FD994B1536}C:\program files\internet explorer\iexplore.exe" = protocol=6 | dir=in | app=c:\program files\internet explorer\iexplore.exe | 
"TCP Query User{2143ADD7-620B-4798-AD8E-93A1999B27D9}C:\program files\java\jre7\bin\javaw.exe" = protocol=6 | dir=in | app=c:\program files\java\jre7\bin\javaw.exe | 
"TCP Query User{ADA08954-5708-45D9-9BFE-E7A235796970}C:\program files\mozilla firefox\plugin-container.exe" = protocol=6 | dir=in | app=c:\program files\mozilla firefox\plugin-container.exe | 
"TCP Query User{AE07DC3D-105A-4871-AC29-37C8769EC402}C:\program files\java\jre7\bin\javaw.exe" = protocol=6 | dir=in | app=c:\program files\java\jre7\bin\javaw.exe | 
"TCP Query User{EBF99B8C-8979-449C-B15E-A2622BEBBE24}D:\programme\java\bin\javaw.exe" = protocol=6 | dir=in | app=d:\programme\java\bin\javaw.exe | 
"TCP Query User{ED6EA784-4156-40D8-824E-C409DC0ACB0F}C:\windows\explorer.exe" = protocol=6 | dir=in | app=c:\windows\explorer.exe | 
"UDP Query User{11EB7881-FA02-44ED-BEAD-FB09AA0E10F3}C:\program files\internet explorer\iexplore.exe" = protocol=17 | dir=in | app=c:\program files\internet explorer\iexplore.exe | 
"UDP Query User{29074744-A52B-4B8C-BDB6-1C31FFAFE68E}C:\program files\java\jre7\bin\javaw.exe" = protocol=17 | dir=in | app=c:\program files\java\jre7\bin\javaw.exe | 
"UDP Query User{2F266BB9-7482-49F8-845E-C233FF86AD9F}C:\windows\explorer.exe" = protocol=17 | dir=in | app=c:\windows\explorer.exe | 
"UDP Query User{4ABBD26F-C419-4F84-8BC9-3427DA3ED32A}D:\programme\java\bin\javaw.exe" = protocol=17 | dir=in | app=d:\programme\java\bin\javaw.exe | 
"UDP Query User{4FB80F03-88DA-4DAD-9640-5029D184D93C}C:\program files\java\jre7\bin\javaw.exe" = protocol=17 | dir=in | app=c:\program files\java\jre7\bin\javaw.exe | 
"UDP Query User{A4217134-1787-4B22-B476-15CCA678AB5B}C:\program files\mozilla firefox\plugin-container.exe" = protocol=17 | dir=in | app=c:\program files\mozilla firefox\plugin-container.exe | 
 
========== HKEY_LOCAL_MACHINE Uninstall List ==========
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{05CAF469-9765-8FBF-10AD-FD621091824A}" = CCC Help English
"{0A5F80AA-FCA7-41C5-BF1C-74727ECE1031}" = Nero 8 Essentials
"{106B4413-ACBB-4CDE-8707-587DB9BD77EC}" = LogMeIn Hamachi
"{1199FAD5-9546-44f3-81CF-FFDB8040B7BF}_Canon_iP4700_series" = Canon iP4700 series Printer Driver
"{1199FAD5-9546-44f3-81CF-FFDB8040B7BF}_CNQ2412" = CanoScan LiDE 90
"{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
"{23B8A91D-680B-462B-87AD-3D70F7341731}" = iTunes
"{26A24AE4-039D-4CA4-87B4-2F83217017FF}" = Java 7 Update 17
"{2985C5E6-8009-44BB-A84E-7685F4BC709D}" = The Digital Arts and Crafts Studio
"{2ECA81CA-D932-4AD3-AD59-BF5CCF099C83}" = Catalyst Control Center - Branding
"{3921A67A-5AB1-4E48-9444-C71814CF3027}" = VCRedistSetup
"{3A95D49D-0076-4DB7-A91E-0E685DC6D6AD}" = ImageMixer 3 SE Ver.3
"{3C3901C5-3455-3E0A-A214-0B093A5070A6}" = Microsoft .NET Framework 4 Client Profile
"{40FDC018-23A6-4618-B30A-A8EFCAA22A3D}" = Wildlife Park
"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
"{4A8331C0-C7CE-11D5-9A6D-A8FD74C70A01}" = Pinball Ten
"{4AA68A73-DB9C-439D-9481-981C82BD008B}" = Nokia Connectivity Cable Driver
"{4E1D0591-14F7-736E-143A-62DC3E552A1A}" = Catalyst Control Center InstallProxy
"{56C049BE-79E9-4502-BEA7-9754A3E60F9B}" = neroxml
"{587178E7-B1DF-494E-9838-FA4DD36E873C}" = ASUSUpdate
"{6D3245B1-8DB8-4A23-9CD2-2C90F40ABAF6}" = MSVC80_x86_v2
"{6F64A42C-6D93-6788-EB4F-07CC066DE194}" = Catalyst Control Center Graphics Previews Common
"{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}" = Microsoft Visual C++ 2005 Redistributable
"{716E0306-8318-4364-8B8F-0CC4E9376BAC}" = MSXML 4.0 SP2 Parser and SDK
"{76D1FBEB-FBBF-0D1E-BB0A-CAA0D19E2C7F}" = ccc-utility
"{789A5B64-9DD9-4BA5-915A-F0FC0A1B7BFE}" = Apple Software Update
"{79155F2B-9895-49D7-8612-D92580E0DE5B}" = Bonjour
"{7CBE9636-B985-4ACB-9CC7-D7E79FDADEA8}" = Angry Birds
"{8695082B-3A98-44AB-AF56-0DA70A0146F1}" = SpaceInvadersAnniversary
"{86CE85E6-DBAC-3FFD-B977-E4B79F83C909}" = Microsoft Visual C++ 2008 Redistributable - KB2467174 - x86 9.0.30729.5570
"{8833FFB6-5B0C-4764-81AA-06DFEED9A476}" = Realtek Ethernet Controller Driver
"{8D8B8115-40C1-A707-B7DA-599514076A81}" = Catalyst Control Center
"{90120000-0015-0407-0000-0000000FF1CE}" = Microsoft Office Access MUI (German) 2007
"{90120000-0015-0407-0000-0000000FF1CE}_ENTERPRISER_{DB2ACBD1-65B1-4FC5-881E-4E75C668E7E2}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-0016-0407-0000-0000000FF1CE}" = Microsoft Office Excel MUI (German) 2007
"{90120000-0016-0407-0000-0000000FF1CE}_ENTERPRISER_{DB2ACBD1-65B1-4FC5-881E-4E75C668E7E2}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-0018-0407-0000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (German) 2007
"{90120000-0018-0407-0000-0000000FF1CE}_ENTERPRISER_{DB2ACBD1-65B1-4FC5-881E-4E75C668E7E2}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-0019-0407-0000-0000000FF1CE}" = Microsoft Office Publisher MUI (German) 2007
"{90120000-0019-0407-0000-0000000FF1CE}_ENTERPRISER_{DB2ACBD1-65B1-4FC5-881E-4E75C668E7E2}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-001A-0407-0000-0000000FF1CE}" = Microsoft Office Outlook MUI (German) 2007
"{90120000-001A-0407-0000-0000000FF1CE}_ENTERPRISER_{DB2ACBD1-65B1-4FC5-881E-4E75C668E7E2}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-001B-0407-0000-0000000FF1CE}" = Microsoft Office Word MUI (German) 2007
"{90120000-001B-0407-0000-0000000FF1CE}_ENTERPRISER_{DB2ACBD1-65B1-4FC5-881E-4E75C668E7E2}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-001F-0407-0000-0000000FF1CE}" = Microsoft Office Proof (German) 2007
"{90120000-001F-0407-0000-0000000FF1CE}_ENTERPRISER_{928D7B99-2BEA-49F9-83B8-20FA57860643}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
"{90120000-001F-0409-0000-0000000FF1CE}" = Microsoft Office Proof (English) 2007
"{90120000-001F-0409-0000-0000000FF1CE}_ENTERPRISER_{1FF96026-A04A-4C3E-B50A-BB7022654D0F}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
"{90120000-001F-040C-0000-0000000FF1CE}" = Microsoft Office Proof (French) 2007
"{90120000-001F-040C-0000-0000000FF1CE}_ENTERPRISER_{71F055E8-E2C6-4214-BB3D-BFE03561B89E}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
"{90120000-001F-0410-0000-0000000FF1CE}" = Microsoft Office Proof (Italian) 2007
"{90120000-001F-0410-0000-0000000FF1CE}_ENTERPRISER_{A23BFC95-4A73-410F-9248-4C2B48E38C49}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
"{90120000-002C-0407-0000-0000000FF1CE}" = Microsoft Office Proofing (German) 2007
"{90120000-0044-0407-0000-0000000FF1CE}" = Microsoft Office InfoPath MUI (German) 2007
"{90120000-0044-0407-0000-0000000FF1CE}_ENTERPRISER_{DB2ACBD1-65B1-4FC5-881E-4E75C668E7E2}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-006E-0407-0000-0000000FF1CE}" = Microsoft Office Shared MUI (German) 2007
"{90120000-006E-0407-0000-0000000FF1CE}_ENTERPRISER_{A6353E8F-5B8D-47CC-8737-DFF032ED3973}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-00A1-0407-0000-0000000FF1CE}" = Microsoft Office OneNote MUI (German) 2007
"{90120000-00A1-0407-0000-0000000FF1CE}_ENTERPRISER_{DB2ACBD1-65B1-4FC5-881E-4E75C668E7E2}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-00BA-0407-0000-0000000FF1CE}" = Microsoft Office Groove MUI (German) 2007
"{90120000-00BA-0407-0000-0000000FF1CE}_ENTERPRISER_{DB2ACBD1-65B1-4FC5-881E-4E75C668E7E2}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90140000-2005-0000-0000-0000000FF1CE}" = Microsoft Office File Validation Add-In
"{91120000-0030-0000-0000-0000000FF1CE}" = Microsoft Office Enterprise 2007
"{91120000-0030-0000-0000-0000000FF1CE}_ENTERPRISER_{6E107EB7-8B55-48BF-ACCB-199F86A2CD93}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{92D1CEBC-7C72-4ECF-BFC6-C131EF3FE6A7}" = Nokia Suite
"{9BE518E6-ECC6-35A9-88E4-87755C07200F}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
"{9DF0196F-B6B8-4C3A-8790-DE42AA530101}" = SPORE™
"{A23AADDA-3DBF-11E2-A6F2-984BE15F174E}" = Evernote v. 4.6
"{A25FF1C0-80B6-4B8B-A551-DC525697A408}" = AMD APP SDK Runtime
"{A2AA4204-C05A-4013-888A-AD153139297F}" = PC Connectivity Solution
"{A81D3EB9-20E6-A6E3-2537-26964CE91417}" = AMD Drag and Drop Transcoding
"{A942958E-AF92-7901-861B-7F373A1B6ABA}" = AMD Catalyst Install Manager
"{AA373850-5233-4DA2-98AE-790091A20415}" = Tous ensemble 1 Sprachtrainer Kommunikation
"{AC76BA86-7AD7-1031-7B44-AB0000000001}" = Adobe Reader XI (11.0.02) - Deutsch
"{AF0CE7C0-A3E4-4D73-988B-B29187EC6E9A}" = QuickTime
"{AF111648-99A1-453E-81DD-80DBBF6DAD0D}" = MSVC90_x86
"{CFADE4AF-C0CF-4A04-A776-741318F1658F}" = Content Transfer
"{E3B64CC5-C011-40C0-92BC-7316CD5E5688}" = Microsoft_VC100_CRT_SP1_x86
"{EFC04D3F-A152-47E7-8517-EE0F6201AFEF}" = Apple Mobile Device Support
"{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}" = Microsoft Visual C++ 2010  x86 Redistributable - 10.0.40219
"{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}" = Realtek High Definition Audio Driver
"{F40BBEC7-C2A4-4A00-9B24-7A055A2C5262}" = Microsoft Office Live Add-in 1.5
"{F48756D1-A348-2DA5-B59B-DF39F293F750}" = AMD Media Foundation Decoders
"{F5266D28-E0B2-4130-BFC5-EE155AD514DC}" = Apple Application Support
"{F750C986-5310-3A5A-95F8-4EC71C8AC01C}" = Microsoft .NET Framework 4 Client Profile DEU Language Pack
"{FBCF2ED3-AFB5-475E-BF9A-30BEAD366FBC}" = Sprachtrainer Fonts
"504244733D18C8F63FF584AEB290E3904E791693" = Windows-Treiberpaket - Nokia pccsmcfd  (08/22/2008 7.0.0.0)
"7-Zip" = 7-Zip 9.20
"Action Replay DSi Code Manager_is1" = Action Replay DSi Code Manager
"Adobe Flash Player ActiveX" = Adobe Flash Player ActiveX
"Adobe Flash Player Plugin" = Adobe Flash Player 11 Plugin
"Amazon MP3-Downloader" = Amazon MP3-Downloader 1.0.9
"Avira AntiVir Desktop" = Avira Free Antivirus
"AVMWLANCLI" = AVM FRITZ!WLAN
"CANON iMAGE GATEWAY Task" = CANON iMAGE GATEWAY Task for ZoomBrowser EX
"Canon Internet Library for ZoomBrowser EX" = Canon Internet Library for ZoomBrowser EX
"Canon iP4700 series Benutzerregistrierung" = Canon iP4700 series Benutzerregistrierung
"CanonMyPrinter" = Canon Utilities My Printer
"CanonSolutionMenu" = Canon Utilities Solution Menu
"DV CIG Guide" = CANON IMAGE GATEWAY Registrierungsanleitung
"ENTERPRISER" = Microsoft Office Enterprise 2007
"Grundschule Lernspass mit Albert E. Englisch Klasse 3+4" = Grundschule Lernspass mit Albert E. Englisch Klasse 3+4
"Kommissar Kugelblitz 1" = Kommissar Kugelblitz 1
"LogMeIn Hamachi" = LogMeIn Hamachi
"McAfee Security Scan" = McAfee Security Scan Plus
"Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile
"Microsoft .NET Framework 4 Client Profile DEU Language Pack" = Microsoft .NET Framework 4 Client Profile DEU Language Pack
"MozBackup" = MozBackup 1.4.9
"Mozilla Firefox 20.0.1 (x86 de)" = Mozilla Firefox 20.0.1 (x86 de)
"Mozilla Thunderbird 17.0.5 (x86 de)" = Mozilla Thunderbird 17.0.5 (x86 de)
"MozillaMaintenanceService" = Mozilla Maintenance Service
"MP Navigator EX 1.0" = Canon MP Navigator EX 1.0
"MyCamera" = Canon Utilities MyCamera
"Nokia Suite" = Nokia Suite
"Ravensburger tiptoi" = Ravensburger tiptoi
"Veetle TV" = Veetle TV 0.9.18
"Winmail Opener" = Winmail Opener 1.4
 
========== HKEY_USERS Uninstall List ==========
 
[HKEY_USERS\S-1-5-21-2975299611-2270659082-2690376731-1001\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"PhotoFiltre 7" = PhotoFiltre 7
 
========== Last 20 Event Log Errors ==========
 
[ Application Events ]
Error - 21.04.2013 13:24:49 | Computer Name = Martin-PC | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: m->NextScheduledEvent 2995
 
Error - 21.04.2013 13:24:49 | Computer Name = Martin-PC | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: m->NextScheduledSPRetry 2995
 
Error - 21.04.2013 13:24:50 | Computer Name = Martin-PC | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: Continuously busy for more than a second
 
Error - 21.04.2013 13:24:50 | Computer Name = Martin-PC | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: m->NextScheduledEvent 4009
 
Error - 21.04.2013 13:24:50 | Computer Name = Martin-PC | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: m->NextScheduledSPRetry 4009
 
Error - 21.04.2013 13:42:43 | Computer Name = Martin-PC | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: Continuously busy for more than a second
 
Error - 21.04.2013 13:42:43 | Computer Name = Martin-PC | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: m->NextScheduledEvent 1077561
 
Error - 21.04.2013 13:42:43 | Computer Name = Martin-PC | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: m->NextScheduledSPRetry 1077561
 
Error - 27.04.2013 04:14:29 | Computer Name = Martin-PC | Source = Application Error | ID = 1000
Description = Name der fehlerhaften Anwendung: firefox.exe, Version: 20.0.1.4847,
 Zeitstempel: 0x51650aee  Name des fehlerhaften Moduls: xul.dll, Version: 20.0.1.4847,
 Zeitstempel: 0x51650a09  Ausnahmecode: 0xc0000005  Fehleroffset: 0x000b10e8  ID des fehlerhaften
 Prozesses: 0x14a0  Startzeit der fehlerhaften Anwendung: 0x01ce431e4a0e30a9  Pfad der
 fehlerhaften Anwendung: C:\Program Files\Mozilla Firefox\firefox.exe  Pfad des fehlerhaften
 Moduls: C:\Program Files\Mozilla Firefox\xul.dll  Berichtskennung: 7b60f781-af12-11e2-9fb3-002185163e7e
 
Error - 28.04.2013 13:22:43 | Computer Name = Martin-PC | Source = SideBySide | ID = 16842815
Description = Fehler beim Generieren des Aktivierungskontextes für "d:\programme\mozilla
 backup 1.4.9\mozbackup\dll\DelZip179.dll". Fehler in Manifest- oder Richtliniendatei
 "d:\programme\mozilla backup 1.4.9\mozbackup\dll\DelZip179.dll" in Zeile 8.  Der 
Wert "*" des "language"-Attributs im assemblyIdentity-Element ist ungültig.
 
Error - 06.05.2013 11:36:14 | Computer Name = Martin-PC | Source = VSS | ID = 8194
Description = 
 
[ System Events ]
Error - 06.05.2013 12:17:36 | Computer Name = Martin-PC | Source = Service Control Manager | ID = 7023
Description = Der Dienst "Windows-Verwaltungsinstrumentation" wurde mit folgendem
 Fehler beendet:   %%126
 
Error - 06.05.2013 12:18:06 | Computer Name = Martin-PC | Source = Service Control Manager | ID = 7023
Description = Der Dienst "Windows-Verwaltungsinstrumentation" wurde mit folgendem
 Fehler beendet:   %%126
 
Error - 06.05.2013 12:18:36 | Computer Name = Martin-PC | Source = Service Control Manager | ID = 7023
Description = Der Dienst "Windows-Verwaltungsinstrumentation" wurde mit folgendem
 Fehler beendet:   %%126
 
Error - 06.05.2013 12:19:06 | Computer Name = Martin-PC | Source = Service Control Manager | ID = 7023
Description = Der Dienst "Windows-Verwaltungsinstrumentation" wurde mit folgendem
 Fehler beendet:   %%126
 
Error - 06.05.2013 12:19:36 | Computer Name = Martin-PC | Source = Service Control Manager | ID = 7023
Description = Der Dienst "Windows-Verwaltungsinstrumentation" wurde mit folgendem
 Fehler beendet:   %%126
 
Error - 06.05.2013 12:20:06 | Computer Name = Martin-PC | Source = Service Control Manager | ID = 7023
Description = Der Dienst "Windows-Verwaltungsinstrumentation" wurde mit folgendem
 Fehler beendet:   %%126
 
Error - 06.05.2013 12:20:36 | Computer Name = Martin-PC | Source = Service Control Manager | ID = 7023
Description = Der Dienst "Windows-Verwaltungsinstrumentation" wurde mit folgendem
 Fehler beendet:   %%126
 
Error - 06.05.2013 12:21:06 | Computer Name = Martin-PC | Source = Service Control Manager | ID = 7023
Description = Der Dienst "Windows-Verwaltungsinstrumentation" wurde mit folgendem
 Fehler beendet:   %%126
 
Error - 06.05.2013 12:21:36 | Computer Name = Martin-PC | Source = Service Control Manager | ID = 7023
Description = Der Dienst "Windows-Verwaltungsinstrumentation" wurde mit folgendem
 Fehler beendet:   %%126
 
Error - 06.05.2013 12:22:06 | Computer Name = Martin-PC | Source = Service Control Manager | ID = 7023
Description = Der Dienst "Windows-Verwaltungsinstrumentation" wurde mit folgendem
 Fehler beendet:   %%126
 
 
< End of report >
Kann mir bitte jemand weiterhelfen ?

Gruß,
Suppi

Alt 06.05.2013, 21:29   #2
cosinus
/// Winkelfunktion
/// TB-Süch-Tiger™
 
Bundesministerium für Internetsicherheit - Kompromitierter Rechner - Standard

Bundesministerium für Internetsicherheit - Kompromitierter Rechner


Hallo und

Hast du noch weitere Logs (mit Funden)? Malwarebytes und/oder andere Virenscanner, sind die jemals fündig geworden?
Ich frage deswegen nach => http://www.trojaner-board.de/125889-...tml#post941520

Bitte keine neuen Virenscans machen sondern erst nur schon vorhandene Logs posten!

Lesestoff:
Posten in CODE-Tags
Die Logfiles anzuhängen oder sogar vorher in ein ZIP, RAR, 7Z-Archive zu packen erschwert mir massiv die Arbeit, es sei denn natürlich die Datei wäre ansonsten zu gross für das Forum. Um die Logfiles in eine CODE-Box zu stellen gehe so vor:
  • Markiere das gesamte Logfile (geht meist mit STRG+A) und kopiere es in die Zwischenablage mit STRG+C.
  • Klicke im Editor auf das #-Symbol. Es erscheinen zwei Klammerausdrücke [CODE] [/CODE].
  • Setze den Curser zwischen die CODE-Tags und drücke STRG+V.
  • Klicke auf Erweitert/Vorschau, um so prüfen, ob du es richtig gemacht hast. Wenn alles stimmt ... auf Antworten.
__________________

__________________
Alt 06.05.2013, 21:46   #3
SuppiSuppenh
 
Bundesministerium für Internetsicherheit - Kompromitierter Rechner - Standard

Bundesministerium für Internetsicherheit - Kompromitierter Rechner


Habe alles gepostet, was ich an LOGs habe.

Sorry, aber da ist sonst nichts.
__________________
Alt 07.05.2013, 08:37   #4
cosinus
/// Winkelfunktion
/// TB-Süch-Tiger™
 
Bundesministerium für Internetsicherheit - Kompromitierter Rechner - Standard

Bundesministerium für Internetsicherheit - Kompromitierter Rechner


Bevor wir uns an die Arbeit machen, möchte ich dich bitten, folgende Punkte vollständig und aufmerksam zu lesen.
  • Lies dir meine Anleitungen, die ich im Laufe dieses Strangs hier posten werde, aufmerksam durch. Frag umgehend nach, wenn dir irgendetwas unklar sein sollte, bevor du anfängst meine Anleitungen umzusetzen.

  • Solltest du bei einem Schritt Probleme haben, stoppe dort und beschreib mir das Problem so gut du kannst. Manchmal erfordert ein Schritt den vorhergehenden.

  • Bitte nur Scans durchführen zu denen du von einem Helfer aufgefordert wurdest! Installiere / Deinstalliere keine Software ohne Aufforderung!

  • Poste die Logfiles direkt in deinen Thread (bitte in CODE-Tags) und nicht als Anhang, ausser du wurdest dazu aufgefordert. Logs in Anhängen erschweren mir das Auswerten!

  • Die Logs der aufgegebenen Tools wie zB Malwarebytes sind immer zu posten - egal ob ein Fund dabei war oder nicht!

  • Beachte bitte auch => Löschen von Logfiles und andere Anfragen

Note:
Sollte ich drei Tage nichts von mir hören lassen, so melde dich bitte in diesem Strang => Erinnerung an meinem Thread.
Nervige "Wann geht es weiter" Nachrichten enden mit Schließung deines Themas. Auch ich habe ein Leben abseits des Trojaner-Boards.



Dann bitte jetzt Combofix ausführen:

Scan mit Combofix
WARNUNG an die MITLESER:
Combofix sollte ausschließlich ausgeführt werden, wenn dies von einem Teammitglied angewiesen wurde!

Downloade dir bitte Combofix vom folgenden Downloadspiegel: Link
  • WICHTIG: Speichere Combofix auf deinem Desktop.
  • Deaktiviere bitte alle deine Antivirensoftware sowie Malware/Spyware Scanner. Diese können Combofix bei der Arbeit stören. Combofix meckert auch manchmal trotzdem noch, das kannst du dann ignorieren, mir aber bitte mitteilen.
  • Starte die Combofix.exe und folge den Anweisungen auf dem Bildschirm.
  • Während Combofix läuft bitte nicht am Computer arbeiten, die Maus bewegen oder ins Combofixfenster klicken!
  • Wenn Combofix fertig ist, wird es ein Logfile erstellen.
  • Bitte poste die C:\Combofix.txt in deiner nächsten Antwort (möglichst in CODE-Tags).
Hinweis: Solltest du nach dem Neustart folgende Fehlermeldung erhalten
Es wurde versucht, einen Registrierungsschlüssel einem ungültigen Vorgang zu unterziehen, der zum Löschen markiert wurde.
starte den Rechner einfach neu. Dies sollte das Problem beheben.

__________________
Logfiles bitte immer in CODE-Tags posten

Alt 07.05.2013, 19:36   #5
SuppiSuppenh
 
Bundesministerium für Internetsicherheit - Kompromitierter Rechner - Standard

Bundesministerium für Internetsicherheit - Kompromitierter Rechner


Combofix.txt
Code:
ATTFilter
ComboFix 13-05-07.02 - Martin 07.05.2013  20:19:42.1.4 - x86
ausgeführt von:: c:\users\Martin\Desktop\Trojaner-Board\ComboFix.exe
.
.
((((((((((((((((((((((((((((((((((((   Weitere Löschungen   ))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\programdata\4inofq.pad
c:\programdata\eqdzeji.pad
c:\windows\IsUn0407.exe
.
.
(((((((((((((((((((((((   Dateien erstellt von 2013-04-07 bis 2013-05-07  ))))))))))))))))))))))))))))))
.
.
2013-05-06 15:22 . 2013-05-06 15:22	--------	d-----w-	c:\programdata\Malwarebytes
2013-05-04 11:52 . 2013-04-10 03:08	6906960	----a-w-	c:\programdata\Microsoft\Windows Defender\Definition Updates\{36B80821-A77B-4F9C-80B7-06DAA86575A4}\mpengine.dll
2013-05-04 11:50 . 2013-05-04 11:50	2660	----a-w-	c:\programdata\eqdzeji.js
2013-05-04 11:04 . 2013-05-04 12:47	--------	d---a-w-	C:\Kaspersky Rescue Disk 10.0
2013-04-24 09:06 . 2013-04-12 13:45	1211752	----a-w-	c:\windows\system32\drivers\ntfs.sys
2013-04-22 14:25 . 2009-03-18 14:35	26176	---ha-w-	c:\windows\system32\hamachi.sys
2013-04-22 14:25 . 2013-05-07 18:27	--------	d-----w-	c:\users\Martin\AppData\Local\LogMeIn Hamachi
2013-04-10 12:21 . 2013-02-22 04:10	149616	----a-w-	c:\program files\Internet Explorer\sqmapi.dll
2013-04-10 12:21 . 2013-02-22 03:36	768512	----a-w-	c:\program files\Common Files\Microsoft Shared\VGX\VGX.dll
2013-04-10 12:21 . 2013-02-22 03:35	194048	----a-w-	c:\program files\Internet Explorer\IEShims.dll
2013-04-10 12:21 . 2013-02-22 03:34	420864	----a-w-	c:\windows\system32\vbscript.dll
2013-04-10 12:21 . 2013-02-22 03:31	2382848	----a-w-	c:\windows\system32\mshtml.tlb
2013-04-10 11:36 . 2013-03-01 03:09	2347008	----a-w-	c:\windows\system32\win32k.sys
2013-04-10 11:36 . 2013-01-24 04:47	196328	----a-w-	c:\windows\system32\drivers\fvevol.sys
2013-04-10 11:36 . 2013-03-19 05:04	3968856	----a-w-	c:\windows\system32\ntkrnlpa.exe
2013-04-10 11:36 . 2013-03-19 05:04	3913560	----a-w-	c:\windows\system32\ntoskrnl.exe
2013-04-10 11:36 . 2013-03-19 04:48	38912	----a-w-	c:\windows\system32\csrsrv.dll
2013-04-10 11:36 . 2013-03-19 02:49	69632	----a-w-	c:\windows\system32\smss.exe
2013-04-10 11:36 . 2013-02-15 04:37	3217408	----a-w-	c:\windows\system32\mstscax.dll
2013-04-10 11:36 . 2013-02-15 04:34	131584	----a-w-	c:\windows\system32\aaclient.dll
2013-04-10 11:36 . 2013-02-15 03:25	36864	----a-w-	c:\windows\system32\tsgqec.dll
.
.
.
((((((((((((((((((((((((((((((((((((   Find3M Bericht   ))))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2013-05-02 00:06 . 2011-04-12 13:18	238872	------w-	c:\windows\system32\MpSigStub.exe
2013-03-27 15:26 . 2012-10-21 12:52	84744	----a-w-	c:\windows\system32\drivers\avgntflt.sys
2013-03-27 15:26 . 2012-10-21 12:52	37352	----a-w-	c:\windows\system32\drivers\avkmgr.sys
2013-03-27 15:26 . 2012-10-21 12:52	135136	----a-w-	c:\windows\system32\drivers\avipbb.sys
2013-03-24 19:22 . 2013-03-24 19:22	693976	----a-w-	c:\windows\system32\FlashPlayerApp.exe
2013-03-24 19:22 . 2011-12-21 19:24	73432	----a-w-	c:\windows\system32\FlashPlayerCPLApp.cpl
2013-03-24 19:11 . 2013-03-24 19:11	94112	----a-w-	c:\windows\system32\WindowsAccessBridge.dll
2013-03-24 19:11 . 2012-10-21 12:59	861088	----a-w-	c:\windows\system32\npdeployJava1.dll
2013-03-24 19:11 . 2011-05-12 13:57	782240	----a-w-	c:\windows\system32\deployJava1.dll
2013-02-12 04:48 . 2013-03-13 15:46	474112	----a-w-	c:\windows\apppatch\AcSpecfc.dll
2013-02-12 04:48 . 2013-03-13 15:46	2176512	----a-w-	c:\windows\apppatch\AcGenral.dll
2013-02-12 03:32 . 2013-03-21 11:09	15872	----a-w-	c:\windows\system32\drivers\usb8023.sys
2013-04-12 13:52 . 2013-04-12 13:52	263064	----a-w-	c:\program files\mozilla firefox\components\browsercomps.dll
.
.
((((((((((((((((((((((((((((   Autostartpunkte der Registrierung   ))))))))))))))))))))))))))))))))))))))))
.
.
*Hinweis* leere Einträge & legitime Standardeinträge werden nicht angezeigt. 
REGEDIT4
.
[HKEY_LOCAL_MACHINE\SOFTWARE\~\Browser Helper Objects\{04F2568A-3E7A-422D-A71E-DC088A635F7D}]
2011-03-29 12:05	202752	----a-w-	c:\users\Martin\AppData\Roaming\AdblockPro\IE\AdblockPro.dll
.
[HKEY_LOCAL_MACHINE\SOFTWARE\~\Browser Helper Objects\{AC6401E9-813B-46DA-B06F-A4FFA2F9AE6D}]
2011-03-29 12:30	543232	----a-w-	c:\users\Martin\AppData\Roaming\AdobeReader\IE\AdobeReader.dll
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"IndxStoreSvr_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}"="c:\program files\Common Files\Nero\Lib\NMIndexStoreSvr.exe" [2008-06-24 1840424]
"NokiaSuite.exe"="c:\program files\Nokia\Nokia Suite\NokiaSuite.exe" [2012-01-10 1083264]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"GrooveMonitor"="c:\program files\Microsoft Office\Office12\GrooveMonitor.exe" [2009-02-26 30040]
"CanonMyPrinter"="c:\program files\Canon\MyPrinter\BJMyPrt.exe" [2009-07-27 1983816]
"CanonSolutionMenu"="c:\program files\Canon\SolutionMenu\CNSLMAIN.exe" [2009-03-18 767312]
"RTHDVCPL"="c:\program files\Realtek\Audio\HDA\RtHDVCpl.exe" [2011-05-03 10082920]
"DXM6Patch_981116"="c:\windows\p_981116.exe" [1998-11-30 497376]
"StartCCC"="d:\programme\ATI\ATI.ACE\Core-Static\CLIStart.exe" [2011-11-09 343168]
"APSDaemon"="c:\program files\Common Files\Apple\Apple Application Support\APSDaemon.exe" [2012-10-11 59280]
"iTunesHelper"="d:\programme\I-Tunes\iTunesHelper.exe" [2012-03-27 421736]
"ContentTransferWMDetector.exe"="d:\programme\Content Tranfer 1.3\CT1.3_dl\ContentTransferWMDetector.exe" [2009-11-19 583016]
"avgnt"="c:\program files\Avira\AntiVir Desktop\avgnt.exe" [2013-03-27 345312]
"DACSMiniApp"="c:\program files\Fisher-Price\DACS\MiniApp\DACSMiniApp.exe" [2008-03-13 128256]
"Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2012-12-18 946352]
"QuickTime Task"="d:\programme\QuickTimePlayer 24.03.2103\QTTask.exe" [2012-10-25 421888]
"AVMWlanClient"="c:\program files\avmwlanstick\FRITZWLANMini.exe" [2012-08-21 933888]
"LogMeIn Hamachi Ui"="d:\programme\Hamachi\hamachi-2-ui.exe" [2012-12-10 2254768]
.
c:\users\Martin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
EvernoteClipper.lnk - c:\program files\Evernote\Evernote\EvernoteClipper.exe [2012-12-3 1044320]
msconfig.lnk - c:\windows\System32\rundll32.exe [2009-7-14 44544]
OneNote 2007 Bildschirmausschnitt- und Startprogramm.lnk - c:\program files\Microsoft Office\Office12\ONENOTEM.EXE [2009-2-26 97680]
.
c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
ImageMixer 3 SE Camera Monitor Ver.3.lnk - d:\programme\Canon Image Mixer 3.1\CameraMonitor.exe [2011-5-28 253952]
McAfee Security Scan Plus.lnk - c:\program files\McAfee Security Scan\3.0.318\SSScheduler.exe [2013-2-5 272248]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 5 (0x5)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableUIADesktopToggle"= 0 (0x0)
.
R3 AIDA64Driver;FinalWire AIDA64 Kernel Driver;h:\aida64extreme_build_1114_b\kerneld.wnt [x]
R3 avmeject;AVM Eject;c:\windows\system32\drivers\avmeject.sys [x]
R3 dg_ssudbus;SAMSUNG Mobile USB Composite Device Driver (DEVGURU Ver.);c:\windows\system32\DRIVERS\ssudbus.sys [x]
R3 fwlanusb5;FRITZ!WLAN N v2;c:\windows\system32\DRIVERS\fwlanusb5.sys [x]
R3 McComponentHostService;McAfee Security Scan Component Host Service;c:\program files\McAfee Security Scan\3.0.318\McCHSvc.exe [x]
R3 MSI_MSIBIOS_010507;MSI_MSIBIOS_010507;c:\progra~2\MSI\MSIWDev\msibios32_100507.sys [x]
R3 NTIOLib_1_0_8;NTIOLib_1_0_8;c:\progra~2\MSI\MSIWDev\NTIOLib.sys [x]
R3 ssudmdm;SAMSUNG  Mobile USB Modem Drivers (DEVGURU Ver.);c:\windows\system32\DRIVERS\ssudmdm.sys [x]
R3 ssudobex;SAMSUNG Mobile USB OBEX Serial Port(DEVGURU Ver.);c:\windows\system32\DRIVERS\ssudobex.sys [x]
R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys [x]
S1 AsUpIO;AsUpIO;c:\windows\system32\drivers\AsUpIO.sys [x]
S1 avkmgr;avkmgr;c:\windows\system32\DRIVERS\avkmgr.sys [x]
S2 AMD External Events Utility;AMD External Events Utility;c:\windows\system32\atiesrxx.exe [x]
S2 AntiVirSchedulerService;Avira Planer;c:\program files\Avira\AntiVir Desktop\sched.exe [x]
S2 Hamachi2Svc;LogMeIn Hamachi Tunneling Engine;d:\programme\Hamachi\hamachi-2.exe [x]
S3 AtiHDAudioService;AMD Function Driver for HD Audio Service;c:\windows\system32\drivers\AtihdW73.sys [x]
S3 RTL8167;Realtek 8167 NT Driver;c:\windows\system32\DRIVERS\Rt86win7.sys [x]
.
.
--- Andere Dienste/Treiber im Speicher ---
.
*NewlyCreated* - WS2IFSL
.
Inhalt des "geplante Tasks" Ordners
.
2013-05-07 c:\windows\Tasks\Adobe Flash Player Updater.job
- c:\windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [2013-03-24 19:22]
.
.
------- Zusätzlicher Suchlauf -------
.
uInternet Settings,ProxyOverride = *.local
IE: Add to Evernote 4.0 - c:\program files\Evernote\Evernote\EvernoteIE.dll/204
IE: Nach Microsoft E&xel exportieren - c:\progra~2\MICROS~2\Office12\EXCEL.EXE/3000
Trusted Zone: com\www.msi
Trusted Zone: com.tw\asia.msi
Trusted Zone: com.tw\global.msi
FF - ProfilePath - c:\users\Martin\AppData\Roaming\Mozilla\Firefox\Profiles\1uxfjgzh.default\
FF - prefs.js: browser.search.selectedEngine - Google
FF - prefs.js: browser.startup.homepage - www.web.de
.
- - - - Entfernte verwaiste Registrierungseinträge - - - -
.
AddRemove-Kommissar Kugelblitz 1 - c:\windows\IsUn0407.exe
.
.
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\services\AIDA64Driver]
"ImagePath"="\??\h:\aida64extreme_build_1114_b\kerneld.wnt"
.
--------------------- Gesperrte Registrierungsschluessel ---------------------
.
[HKEY_USERS\S-1-5-21-2975299611-2270659082-2690376731-1001\Software\SecuROM\License information*]
"datasecu"=hex:24,55,c6,f6,66,a6,57,58,05,fc,f4,5a,8a,bd,b2,0d,c7,6b,0f,a2,31,
   f8,c0,98,2d,aa,17,fc,32,54,b2,13,ab,7e,84,c6,15,ab,7b,2e,e9,3a,33,a2,65,ef,\
"rkeysecu"=hex:cb,bd,f2,61,5a,4e,c6,95,f2,29,8b,82,ba,6b,3d,44
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0001\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0002\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0003\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0004\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
------------------------ Weitere laufende Prozesse ------------------------
.
c:\windows\system32\atieclxx.exe
c:\program files\Common Files\Adobe\ARM\1.0\armsvc.exe
c:\program files\Avira\AntiVir Desktop\avguard.exe
c:\program files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
c:\program files\Bonjour\mDNSResponder.exe
c:\windows\system32\taskhost.exe
c:\program files\Avira\AntiVir Desktop\avshadow.exe
c:\windows\System32\WUDFHost.exe
c:\windows\system32\conhost.exe
c:\windows\system32\sppsvc.exe
c:\program files\Windows Media Player\wmpnetwk.exe
.
**************************************************************************
.
Zeit der Fertigstellung: 2013-05-07  20:30:14 - PC wurde neu gestartet
ComboFix-quarantined-files.txt  2013-05-07 18:30
.
Vor Suchlauf: 15 Verzeichnis(se), 24.021.307.392 Bytes frei
Nach Suchlauf: 22 Verzeichnis(se), 25.587.060.736 Bytes frei
.
- - End Of File - - EE956123CDCE9AA73BD80892C078E738


Alt 07.05.2013, 19:56   #6
cosinus
/// Winkelfunktion
/// TB-Süch-Tiger™
 
Bundesministerium für Internetsicherheit - Kompromitierter Rechner - Standard

Bundesministerium für Internetsicherheit - Kompromitierter Rechner


Mach bitte nun Logs mit (1) GMER, (2) aswMBR und (3) TDSSKiller:

Bitte lade dir GMER Rootkit Scanner GMER herunter: (Dateiname zufällig)
  • Schließe alle anderen Programme, deaktiviere deinen Virenscanner und trenne den Rechner vom Internet bevor du GMER startest.
  • Sollte sich nach dem Start ein Fenster mit folgender Warnung öffnen:
    WARNING !!!
    GMER has found system modification, which might have been caused by ROOTKIT activity.
    Do you want to fully scan your system ?
    Unbedingt auf "No" klicken.
  • Entferne rechts den Haken bei: IAT/EAT und Show All
  • Setze den Haken bei Quickscan und entferne ihn bei allen anderen Laufwerken.
  • Starte den Scan mit "Scan".
  • Mache nichts am Computer während der Scan läuft.
  • Wenn der Scan fertig ist klicke auf Save und speichere die Logfile unter Gmer.txt auf deinem Desktop. Mit "Ok" wird GMER beendet.
Antiviren-Programm und sonstige Scanner wieder einschalten, bevor Du ins Netz gehst!


Tauchen Probleme auf?
  • Probiere alternativ den abgesicherten Modus.
  • Erhältst du einen Bluescreen, dann entferne den Haken vor Devices.



Downloade dir bitte aswMBR.exe und speichere die Datei auf deinem Desktop.
  • Starte die aswMBR.exe - (aswMBR.exe Anleitung)
    Ab Windows Vista (oder höher) bitte mit Rechtsklick "als Administrator ausführen" starten".
  • Das Tool wird dich fragen, ob Du mit der aktuellen Virendefinition von AVAST! dein System scannen willst. Beantworte diese Frage bitte mit Ja. (Sollte deine Firewall fragen, bitte den Zugriff auf das Internet zulassen )
    Der Download der Definitionen kann je nach Verbindung eine Weile dauern.
  • Klicke auf Scan.
  • Warte bitte bis Scan finished successfully im DOS-Fenster steht.
  • Drücke auf Save Log und speichere diese auf dem Desktop.
Poste mir die aswMBR.txt in deiner nächsten Antwort.

Wichtig: Drücke keinesfalls einen der Fix Buttons ohne Anweisung

Hinweis: Sollte der Scan Button ausgeblendet sein, schließe das Tool und starte es erneut. Sollte der Scan abbrechen und das Programm abstürzen, dann teile mir das mit und wähle unter AV Scan die Einstellung (none).




Downloade dir bitte TDSSKiller TDSSKiller.exe und speichere diese Datei auf dem Desktop
  • Starte die TDSSKiller.exe - Einstellen wie in der Anleitung zu TDSSKiller beschrieben.
  • Drücke Start Scan
  • Sollten infizierte Objekte gefunden werden, wähle keinesfalls Cure. Wähle Skip und klicke auf Continue.
    TDSSKiller wird eine Logfile auf deinem Systemlaufwerk speichern (Meistens C:\)
    Als Beispiel: C:\TDSSKiller.<Version_Datum_Uhrzeit>log.txt
Poste den Inhalt bitte in jedem Fall hier in deinen Thread.
__________________
--> Bundesministerium für Internetsicherheit - Kompromitierter Rechner

Alt 08.05.2013, 08:05   #7
SuppiSuppenh
 
Bundesministerium für Internetsicherheit - Kompromitierter Rechner - Standard

Bundesministerium für Internetsicherheit - Kompromitierter Rechner


1.) Scan mit Gmer

Während des Scans mit GMER lief folgende Fehlermeldung mehrfach auf und musste mit "Abbrechen" weggeklickt werden:

Es befindet sich kein Datenträger im Laufwerk.
Legen Sie einen Datenträger in Laufwerk \Device\Harddisk2\DR2 ein

Hier ist der Log:
Code:
ATTFilter
GMER 2.1.19163 - hxxp://www.gmer.net
Rootkit scan 2013-05-08 06:53:48
Windows 6.1.7601 Service Pack 1 \Device\Harddisk0\DR0 -> \Device\Ide\IdeDeviceP2T0L0-2 SAMSUNG_HD103UJ rev.1AA01113 931,51GB
Running: gmer_2.1.19163.exe; Driver: C:\Users\Martin\AppData\Local\Temp\pgriypow.sys


---- System - GMER 2.1 ----

SSDT            900B8476                                                                                                                                                                                            ZwCreateSection
SSDT            900B8480                                                                                                                                                                                            ZwRequestWaitReplyPort
SSDT            900B847B                                                                                                                                                                                            ZwSetContextThread
SSDT            900B8485                                                                                                                                                                                            ZwSetSecurityObject
SSDT            900B848A                                                                                                                                                                                            ZwSystemDebugControl
SSDT            900B8417                                                                                                                                                                                            ZwTerminateProcess

---- Kernel code sections - GMER 2.1 ----

.text           ntkrnlpa.exe!ZwRollbackEnlistment + 140D                                                                                                                                                            83487A09 1 Byte  [06]
.text           ntkrnlpa.exe!KiDispatchInterrupt + 5A2                                                                                                                                                              834C11F2 19 Bytes  [E0, 0F, BA, F0, 07, 73, 09, ...] {LOOPNZ 0x11; MOV EDX, 0x97307f0; MOV CR4, EAX; OR AL, 0x80; MOV CR4, EAX; RET ; MOV ECX, CR3}
.text           ntkrnlpa.exe!KeRemoveQueueEx + 11F7                                                                                                                                                                 834C834C 4 Bytes  [76, 84, 0B, 90]
.text           ntkrnlpa.exe!KeRemoveQueueEx + 1553                                                                                                                                                                 834C86A8 4 Bytes  [80, 84, 0B, 90]
.text           ntkrnlpa.exe!KeRemoveQueueEx + 1597                                                                                                                                                                 834C86EC 4 Bytes  [7B, 84, 0B, 90]
.text           ntkrnlpa.exe!KeRemoveQueueEx + 1613                                                                                                                                                                 834C8768 4 Bytes  [85, 84, 0B, 90]
.text           ntkrnlpa.exe!KeRemoveQueueEx + 1667                                                                                                                                                                 834C87BC 4 Bytes  [8A, 84, 0B, 90]
.text           ...                                                                                                                                                                                                 
.text           C:\Windows\system32\DRIVERS\atikmdag.sys                                                                                                                                                            section is writeable [0x91C15000, 0x3BEEC5, 0xE8000020]

---- Devices - GMER 2.1 ----

AttachedDevice  \FileSystem\fastfat \Fat                                                                                                                                                                            fltmgr.sys

---- Threads - GMER 2.1 ----

Thread          System [4:164]                                                                                                                                                                                      A9A2FF2E

---- Registry - GMER 2.1 ----

Reg             HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\AppCompatFlags\ClientTelemetry@LastInventoryTime                                                                                                  0x1D 0x72 0x98 0x07 ...
Reg             HKCU\Software\Microsoft\Windows NT\CurrentVersion\AppCompatFlags\Compatibility Assistant\Persisted@SIGN.MEDIA=1BEBA6A2 AsusUpdt_V71713_WinxpVistaWin7\AsusUpdtú\xafV71713_WinxpVistaWin7\setup.exe  1

---- EOF - GMER 2.1 ----

2.) Scan mit aswMBR

Während des Scans mit aswMBR meldete sich das auf dem Rechner installierte AntiVir zu Wort (siehe Snapshots).
Die Meldungen von AntiVir wurden mit Abbruch bestätigt.

Hier ist der Log:
Code:
ATTFilter
aswMBR version 0.9.9.1771 Copyright(c) 2011 AVAST Software
Run date: 2013-05-08 06:55:21
-----------------------------
06:55:21.260    OS Version: Windows 6.1.7601 Service Pack 1
06:55:21.260    Number of processors: 4 586 0x1707
06:55:21.262    ComputerName: MARTIN-PC  UserName: Martin
06:55:21.728    Initialize success
06:59:36.150    AVAST engine defs: 13050702
07:00:08.234    Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\Ide\IdeDeviceP2T0L0-2
07:00:08.237    Disk 0 Vendor: SAMSUNG_HD103UJ 1AA01113 Size: 953869MB BusType: 3
07:00:08.378    Disk 0 MBR read successfully
07:00:08.381    Disk 0 MBR scan
07:00:08.388    Disk 0 Windows 7 default MBR code
07:00:08.397    Disk 0 Partition 1 80 (A) 07    HPFS/NTFS NTFS       100963 MB offset 63
07:00:08.405    Disk 0 Partition - 00     0F Extended LBA            852904 MB offset 206772615
07:00:08.426    Disk 0 Partition 2 00     07    HPFS/NTFS NTFS       852903 MB offset 206772678
07:00:08.453    Disk 0 scanning sectors +1953520065
07:00:08.595    Disk 0 scanning C:\Windows\system32\drivers
07:00:27.762    Service scanning
07:00:47.130    Modules scanning
07:01:13.944    Disk 0 trace - called modules:
07:01:13.964    ntkrnlpa.exe CLASSPNP.SYS disk.sys ACPI.sys halmacpi.dll ataport.SYS pciide.sys PCIIDEX.SYS atapi.sys 
07:01:13.970    1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0x86a02878]
07:01:13.976    3 CLASSPNP.SYS[8b9b059e] -> nt!IofCallDriver -> [0x864a1918]
07:01:13.981    5 ACPI.sys[8b6d13d4] -> nt!IofCallDriver -> \Device\Ide\IdeDeviceP2T0L0-2[0x868b6908]
07:01:14.363    AVAST engine scan C:\Windows
07:01:22.290    AVAST engine scan C:\Windows\system32
07:06:17.448    AVAST engine scan C:\Windows\system32\drivers
07:06:41.149    AVAST engine scan C:\Users\Martin
07:11:16.798    AVAST engine scan C:\ProgramData
07:15:03.478    Scan finished successfully
07:24:45.504    Disk 0 MBR has been saved successfully to "C:\Users\Martin\Desktop\Trojaner-Board\MBR.dat"
07:24:45.519    The log file has been saved successfully to "C:\Users\Martin\Desktop\Trojaner-Board\aswMBR.txt"

3.) Scan mit TDSSKiller

Hier ist der Log:
Code:
ATTFilter
07:28:34.0295 2692  TDSS rootkit removing tool 2.8.16.0 Feb 11 2013 18:50:42
07:28:34.0577 2692  ============================================================
07:28:34.0578 2692  Current date / time: 2013/05/08 07:28:34.0577
07:28:34.0578 2692  SystemInfo:
07:28:34.0578 2692  
07:28:34.0578 2692  OS Version: 6.1.7601 ServicePack: 1.0
07:28:34.0578 2692  Product type: Workstation
07:28:34.0578 2692  ComputerName: MARTIN-PC
07:28:34.0578 2692  UserName: Martin
07:28:34.0578 2692  Windows directory: C:\Windows
07:28:34.0578 2692  System windows directory: C:\Windows
07:28:34.0578 2692  Processor architecture: Intel x86
07:28:34.0578 2692  Number of processors: 4
07:28:34.0578 2692  Page size: 0x1000
07:28:34.0578 2692  Boot type: Normal boot
07:28:34.0578 2692  ============================================================
07:28:35.0436 2692  Drive \Device\Harddisk0\DR0 - Size: 0xE8E0DB6000 (931.51 Gb), SectorSize: 0x200, Cylinders: 0x1DB01, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000050
07:28:35.0469 2692  Drive \Device\Harddisk5\DR6 - Size: 0x1DD180000 (7.45 Gb), SectorSize: 0x200, Cylinders: 0x3CD, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'W'
07:28:35.0470 2692  ============================================================
07:28:35.0470 2692  \Device\Harddisk0\DR0:
07:28:35.0471 2692  MBR partitions:
07:28:35.0471 2692  \Device\Harddisk0\DR0\Partition1: MBR, Type 0x7, StartLBA 0x3F, BlocksNum 0xC531948
07:28:35.0471 2692  \Device\Harddisk0\DR0\Partition2: MBR, Type 0x7, StartLBA 0xC5319C6, BlocksNum 0x681D3FFB
07:28:35.0471 2692  \Device\Harddisk5\DR6:
07:28:35.0471 2692  MBR partitions:
07:28:35.0471 2692  \Device\Harddisk5\DR6\Partition1: MBR, Type 0xB, StartLBA 0x20, BlocksNum 0xEE8BE0
07:28:35.0471 2692  ============================================================
07:28:35.0489 2692  C: <-> \Device\Harddisk0\DR0\Partition1
07:28:35.0490 2692  D: <-> \Device\Harddisk0\DR0\Partition2
07:28:35.0490 2692  ============================================================
07:28:35.0490 2692  Initialize success
07:28:35.0490 2692  ============================================================
07:29:20.0984 5452  ============================================================
07:29:20.0984 5452  Scan started
07:29:20.0984 5452  Mode: Manual; 
07:29:20.0984 5452  ============================================================
07:29:21.0790 5452  ================ Scan system memory ========================
07:29:21.0790 5452  System memory - ok
07:29:21.0790 5452  ================ Scan services =============================
07:29:21.0928 5452  [ 1B133875B8AA8AC48969BD3458AFE9F5 ] 1394ohci        C:\Windows\system32\drivers\1394ohci.sys
07:29:21.0937 5452  1394ohci - ok
07:29:21.0985 5452  [ CEA80C80BED809AA0DA6FEBC04733349 ] ACPI            C:\Windows\system32\drivers\ACPI.sys
07:29:21.0988 5452  ACPI - ok
07:29:21.0998 5452  [ 1EFBC664ABFF416D1D07DB115DCB264F ] AcpiPmi         C:\Windows\system32\drivers\acpipmi.sys
07:29:21.0999 5452  AcpiPmi - ok
07:29:22.0062 5452  [ 3927397AC60D943DAF8808AFFED582B7 ] AdobeARMservice C:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe
07:29:22.0069 5452  AdobeARMservice - ok
07:29:22.0169 5452  [ EA856F4A46320389D1899B2CAA7BF40F ] AdobeFlashPlayerUpdateSvc C:\Windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe
07:29:22.0172 5452  AdobeFlashPlayerUpdateSvc - ok
07:29:22.0217 5452  [ 21E785EBD7DC90A06391141AAC7892FB ] adp94xx         C:\Windows\system32\DRIVERS\adp94xx.sys
07:29:22.0223 5452  adp94xx - ok
07:29:22.0230 5452  [ 0C676BC278D5B59FF5ABD57BBE9123F2 ] adpahci         C:\Windows\system32\DRIVERS\adpahci.sys
07:29:22.0235 5452  adpahci - ok
07:29:22.0241 5452  [ 7C7B5EE4B7B822EC85321FE23A27DB33 ] adpu320         C:\Windows\system32\DRIVERS\adpu320.sys
07:29:22.0243 5452  adpu320 - ok
07:29:22.0273 5452  [ 8B5EEFEEC1E6D1A72A06C526628AD161 ] AeLookupSvc     C:\Windows\System32\aelupsvc.dll
07:29:22.0274 5452  AeLookupSvc - ok
07:29:22.0322 5452  [ 9EBBBA55060F786F0FCAA3893BFA2806 ] AFD             C:\Windows\system32\drivers\afd.sys
07:29:22.0326 5452  AFD - ok
07:29:22.0347 5452  [ 507812C3054C21CEF746B6EE3D04DD6E ] agp440          C:\Windows\system32\drivers\agp440.sys
07:29:22.0349 5452  agp440 - ok
07:29:22.0371 5452  [ 8B30250D573A8F6B4BD23195160D8707 ] aic78xx         C:\Windows\system32\DRIVERS\djsvs.sys
07:29:22.0373 5452  aic78xx - ok
07:29:22.0400 5452  AIDA64Driver - ok
07:29:22.0433 5452  [ 18A54E132947CD98FEA9ACCC57F98F13 ] ALG             C:\Windows\System32\alg.exe
07:29:22.0434 5452  ALG - ok
07:29:22.0445 5452  [ 0D40BCF52EA90FC7DF2AEAB6503DEA44 ] aliide          C:\Windows\system32\drivers\aliide.sys
07:29:22.0447 5452  aliide - ok
07:29:22.0476 5452  [ F970EA885AEFEB1B9EB97CA7F1EB226D ] AMD External Events Utility C:\Windows\system32\atiesrxx.exe
07:29:22.0478 5452  AMD External Events Utility - ok
07:29:22.0483 5452  [ 3C6600A0696E90A463771C7422E23AB5 ] amdagp          C:\Windows\system32\drivers\amdagp.sys
07:29:22.0485 5452  amdagp - ok
07:29:22.0494 5452  [ CD5914170297126B6266860198D1D4F0 ] amdide          C:\Windows\system32\drivers\amdide.sys
07:29:22.0495 5452  amdide - ok
07:29:22.0507 5452  [ 00DDA200D71BAC534BF56A9DB5DFD666 ] AmdK8           C:\Windows\system32\DRIVERS\amdk8.sys
07:29:22.0508 5452  AmdK8 - ok
07:29:23.0045 5452  [ AB70F110143892EB41AA46500AA5CF00 ] amdkmdag        C:\Windows\system32\DRIVERS\atikmdag.sys
07:29:23.0139 5452  amdkmdag - ok
07:29:23.0174 5452  [ 32D68D05B871EED5572D0C2C764EA4EC ] amdkmdap        C:\Windows\system32\DRIVERS\atikmpag.sys
07:29:23.0177 5452  amdkmdap - ok
07:29:23.0213 5452  [ 3CBF30F5370FDA40DD3E87DF38EA53B6 ] AmdPPM          C:\Windows\system32\DRIVERS\amdppm.sys
07:29:23.0215 5452  AmdPPM - ok
07:29:23.0249 5452  [ D320BF87125326F996D4904FE24300FC ] amdsata         C:\Windows\system32\drivers\amdsata.sys
07:29:23.0251 5452  amdsata - ok
07:29:23.0276 5452  [ EA43AF0C423FF267355F74E7A53BDABA ] amdsbs          C:\Windows\system32\DRIVERS\amdsbs.sys
07:29:23.0279 5452  amdsbs - ok
07:29:23.0289 5452  [ 46387FB17B086D16DEA267D5BE23A2F2 ] amdxata         C:\Windows\system32\drivers\amdxata.sys
07:29:23.0290 5452  amdxata - ok
07:29:23.0411 5452  [ D9A92E6DD41C5ADC045AE485026AA40C ] AntiVirSchedulerService C:\Program Files\Avira\AntiVir Desktop\sched.exe
07:29:23.0419 5452  AntiVirSchedulerService - ok
07:29:23.0453 5452  [ 66A7A38F7C439153B758548375EB9E5E ] AntiVirService  C:\Program Files\Avira\AntiVir Desktop\avguard.exe
07:29:23.0461 5452  AntiVirService - ok
07:29:23.0501 5452  [ AEA177F783E20150ACE5383EE368DA19 ] AppID           C:\Windows\system32\drivers\appid.sys
07:29:23.0502 5452  AppID - ok
07:29:23.0538 5452  [ 62A9C86CB6085E20DB4823E4E97826F5 ] AppIDSvc        C:\Windows\System32\appidsvc.dll
07:29:23.0539 5452  AppIDSvc - ok
07:29:23.0566 5452  [ FB1959012294D6AD43E5304DF65E3C26 ] Appinfo         C:\Windows\System32\appinfo.dll
07:29:23.0567 5452  Appinfo - ok
07:29:23.0646 5452  [ 7EF47644B74EBE721CC32211D3C35E76 ] Apple Mobile Device C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
07:29:23.0653 5452  Apple Mobile Device - ok
07:29:23.0685 5452  [ 2932004F49677BD84DBC72EDB754FFB3 ] arc             C:\Windows\system32\DRIVERS\arc.sys
07:29:23.0687 5452  arc - ok
07:29:23.0691 5452  [ 5D6F36C46FD283AE1B57BD2E9FEB0BC7 ] arcsas          C:\Windows\system32\DRIVERS\arcsas.sys
07:29:23.0693 5452  arcsas - ok
07:29:23.0720 5452  [ 9D8CB58B9A9E177DDD599791A58A654D ] AsIO            C:\Windows\system32\drivers\AsIO.sys
07:29:23.0722 5452  AsIO - ok
07:29:23.0734 5452  [ E67493490466B5F04B58C22D2590E8CA ] AsUpIO          C:\Windows\system32\drivers\AsUpIO.sys
07:29:23.0735 5452  AsUpIO - ok
07:29:23.0746 5452  [ ADD2ADE1C2B285AB8378D2DAAF991481 ] AsyncMac        C:\Windows\system32\DRIVERS\asyncmac.sys
07:29:23.0747 5452  AsyncMac - ok
07:29:23.0781 5452  [ 338C86357871C167A96AB976519BF59E ] atapi           C:\Windows\system32\drivers\atapi.sys
07:29:23.0782 5452  atapi - ok
07:29:23.0834 5452  [ 7725AECCEDDF81BD8374C77157E450EA ] AtiHDAudioService C:\Windows\system32\drivers\AtihdW73.sys
07:29:23.0836 5452  AtiHDAudioService - ok
07:29:24.0085 5452  [ AB70F110143892EB41AA46500AA5CF00 ] atikmdag        C:\Windows\system32\DRIVERS\atikmdag.sys
07:29:24.0133 5452  atikmdag - ok
07:29:24.0177 5452  [ CE3B4E731638D2EF62FCB419BE0D39F0 ] AudioEndpointBuilder C:\Windows\System32\Audiosrv.dll
07:29:24.0181 5452  AudioEndpointBuilder - ok
07:29:24.0189 5452  [ CE3B4E731638D2EF62FCB419BE0D39F0 ] Audiosrv        C:\Windows\System32\Audiosrv.dll
07:29:24.0192 5452  Audiosrv - ok
07:29:24.0220 5452  [ 87425709A251386064C99B684BF96F72 ] avgntflt        C:\Windows\system32\DRIVERS\avgntflt.sys
07:29:24.0221 5452  avgntflt - ok
07:29:24.0285 5452  [ D50FBA68163BC498F2C136E0E5BA8E2F ] avipbb          C:\Windows\system32\DRIVERS\avipbb.sys
07:29:24.0286 5452  avipbb - ok
07:29:24.0338 5452  [ CB8741CD7B126499FED40C9B197F6AC5 ] avkmgr          C:\Windows\system32\DRIVERS\avkmgr.sys
07:29:24.0339 5452  avkmgr - ok
07:29:24.0384 5452  [ 263CF9D248FD5E020A1333ED4F7EAA88 ] avmeject        C:\Windows\system32\drivers\avmeject.sys
07:29:24.0385 5452  avmeject - ok
07:29:24.0418 5452  [ 6E30D02AAC9CAC84F421622E3A2F6178 ] AxInstSV        C:\Windows\System32\AxInstSV.dll
07:29:24.0420 5452  AxInstSV - ok
07:29:24.0494 5452  [ 1A231ABEC60FD316EC54C66715543CEC ] b06bdrv         C:\Windows\system32\DRIVERS\bxvbdx.sys
07:29:24.0499 5452  b06bdrv - ok
07:29:24.0528 5452  [ BD8869EB9CDE6BBE4508D869929869EE ] b57nd60x        C:\Windows\system32\DRIVERS\b57nd60x.sys
07:29:24.0532 5452  b57nd60x - ok
07:29:24.0564 5452  [ EE1E9C3BB8228AE423DD38DB69128E71 ] BDESVC          C:\Windows\System32\bdesvc.dll
07:29:24.0566 5452  BDESVC - ok
07:29:24.0590 5452  [ 505506526A9D467307B3C393DEDAF858 ] Beep            C:\Windows\system32\drivers\Beep.sys
07:29:24.0591 5452  Beep - ok
07:29:24.0616 5452  [ 1E2BAC209D184BB851E1A187D8A29136 ] BFE             C:\Windows\System32\bfe.dll
07:29:24.0621 5452  BFE - ok
07:29:24.0654 5452  [ E585445D5021971FAE10393F0F1C3961 ] BITS            C:\Windows\system32\qmgr.dll
07:29:24.0671 5452  BITS - ok
07:29:24.0679 5452  [ 2287078ED48FCFC477B05B20CF38F36F ] blbdrive        C:\Windows\system32\DRIVERS\blbdrive.sys
07:29:24.0681 5452  blbdrive - ok
07:29:24.0736 5452  [ DB5BEA73EDAF19AC68B2C0FAD0F92B1A ] Bonjour Service C:\Program Files\Bonjour\mDNSResponder.exe
07:29:24.0747 5452  Bonjour Service - ok
07:29:24.0785 5452  [ 8F2DA3028D5FCBD1A060A3DE64CD6506 ] bowser          C:\Windows\system32\DRIVERS\bowser.sys
07:29:24.0787 5452  bowser - ok
07:29:24.0804 5452  [ 9F9ACC7F7CCDE8A15C282D3F88B43309 ] BrFiltLo        C:\Windows\system32\DRIVERS\BrFiltLo.sys
07:29:24.0805 5452  BrFiltLo - ok
07:29:24.0817 5452  [ 56801AD62213A41F6497F96DEE83755A ] BrFiltUp        C:\Windows\system32\DRIVERS\BrFiltUp.sys
07:29:24.0818 5452  BrFiltUp - ok
07:29:24.0873 5452  [ 77361D72A04F18809D0EFB6CCEB74D4B ] BridgeMP        C:\Windows\system32\DRIVERS\bridge.sys
07:29:24.0875 5452  BridgeMP - ok
07:29:24.0902 5452  [ 3DAA727B5B0A45039B0E1C9A211B8400 ] Browser         C:\Windows\System32\browser.dll
07:29:24.0903 5452  Browser - ok
07:29:24.0910 5452  [ 845B8CE732E67F3B4133164868C666EA ] Brserid         C:\Windows\System32\Drivers\Brserid.sys
07:29:24.0914 5452  Brserid - ok
07:29:24.0935 5452  [ 203F0B1E73ADADBBB7B7B1FABD901F6B ] BrSerWdm        C:\Windows\System32\Drivers\BrSerWdm.sys
07:29:24.0937 5452  BrSerWdm - ok
07:29:24.0941 5452  [ BD456606156BA17E60A04E18016AE54B ] BrUsbMdm        C:\Windows\System32\Drivers\BrUsbMdm.sys
07:29:24.0942 5452  BrUsbMdm - ok
07:29:24.0955 5452  [ AF72ED54503F717A43268B3CC5FAEC2E ] BrUsbSer        C:\Windows\System32\Drivers\BrUsbSer.sys
07:29:24.0956 5452  BrUsbSer - ok
07:29:24.0971 5452  [ ED3DF7C56CE0084EB2034432FC56565A ] BTHMODEM        C:\Windows\system32\DRIVERS\bthmodem.sys
07:29:24.0972 5452  BTHMODEM - ok
07:29:25.0000 5452  [ 1DF19C96EEF6C29D1C3E1A8678E07190 ] bthserv         C:\Windows\system32\bthserv.dll
07:29:25.0002 5452  bthserv - ok
07:29:25.0152 5452  catchme - ok
07:29:25.0167 5452  [ 77EA11B065E0A8AB902D78145CA51E10 ] cdfs            C:\Windows\system32\DRIVERS\cdfs.sys
07:29:25.0169 5452  cdfs - ok
07:29:25.0218 5452  [ BE167ED0FDB9C1FA1133953C18D5A6C9 ] cdrom           C:\Windows\system32\DRIVERS\cdrom.sys
07:29:25.0219 5452  cdrom - ok
07:29:25.0248 5452  [ 319C6B309773D063541D01DF8AC6F55F ] CertPropSvc     C:\Windows\System32\certprop.dll
07:29:25.0249 5452  CertPropSvc - ok
07:29:25.0264 5452  [ 3FE3FE94A34DF6FB06E6418D0F6A0060 ] circlass        C:\Windows\system32\DRIVERS\circlass.sys
07:29:25.0265 5452  circlass - ok
07:29:25.0298 5452  [ 635181E0E9BBF16871BF5380D71DB02D ] CLFS            C:\Windows\system32\CLFS.sys
07:29:25.0301 5452  CLFS - ok
07:29:25.0454 5452  [ D88040F816FDA31C3B466F0FA0918F29 ] clr_optimization_v2.0.50727_32 C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe
07:29:25.0475 5452  clr_optimization_v2.0.50727_32 - ok
07:29:25.0519 5452  [ C5A75EB48E2344ABDC162BDA79E16841 ] clr_optimization_v4.0.30319_32 C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe
07:29:25.0520 5452  clr_optimization_v4.0.30319_32 - ok
07:29:25.0527 5452  [ DEA805815E587DAD1DD2C502220B5616 ] CmBatt          C:\Windows\system32\DRIVERS\CmBatt.sys
07:29:25.0529 5452  CmBatt - ok
07:29:25.0567 5452  [ C537B1DB64D495B9B4717B4D6D9EDBF2 ] cmdide          C:\Windows\system32\drivers\cmdide.sys
07:29:25.0569 5452  cmdide - ok
07:29:25.0599 5452  [ 247B4CE2DAB1160CD422D532D5241E1F ] CNG             C:\Windows\system32\Drivers\cng.sys
07:29:25.0604 5452  CNG - ok
07:29:25.0617 5452  [ A6023D3823C37043986713F118A89BEE ] Compbatt        C:\Windows\system32\DRIVERS\compbatt.sys
07:29:25.0619 5452  Compbatt - ok
07:29:25.0632 5452  [ CBE8C58A8579CFE5FCCF809E6F114E89 ] CompositeBus    C:\Windows\system32\drivers\CompositeBus.sys
07:29:25.0633 5452  CompositeBus - ok
07:29:25.0638 5452  COMSysApp - ok
07:29:25.0651 5452  [ 2C4EBCFC84A9B44F209DFF6C6E6C61D1 ] crcdisk         C:\Windows\system32\DRIVERS\crcdisk.sys
07:29:25.0652 5452  crcdisk - ok
07:29:25.0693 5452  [ 96C0E38905CFD788313BE8E11DAE3F2F ] CryptSvc        C:\Windows\system32\cryptsvc.dll
07:29:25.0695 5452  CryptSvc - ok
07:29:25.0728 5452  [ 7660F01D3B38ACA1747E397D21D790AF ] DcomLaunch      C:\Windows\system32\rpcss.dll
07:29:25.0733 5452  DcomLaunch - ok
07:29:25.0775 5452  [ 8D6E10A2D9A5EED59562D9B82CF804E1 ] defragsvc       C:\Windows\System32\defragsvc.dll
07:29:25.0781 5452  defragsvc - ok
07:29:25.0805 5452  [ F024449C97EC1E464AAFFDA18593DB88 ] DfsC            C:\Windows\system32\Drivers\dfsc.sys
07:29:25.0807 5452  DfsC - ok
07:29:25.0852 5452  [ 649705E3DAE598BC0F957BACBF9A2BD5 ] dg_ssudbus      C:\Windows\system32\DRIVERS\ssudbus.sys
07:29:25.0854 5452  dg_ssudbus - ok
07:29:25.0885 5452  [ E9E01EB683C132F7FA27CD607B8A2B63 ] Dhcp            C:\Windows\system32\dhcpcore.dll
07:29:25.0888 5452  Dhcp - ok
07:29:25.0896 5452  [ 1A050B0274BFB3890703D490F330C0DA ] discache        C:\Windows\system32\drivers\discache.sys
07:29:25.0897 5452  discache - ok
07:29:25.0937 5452  [ 565003F326F99802E68CA78F2A68E9FF ] Disk            C:\Windows\system32\DRIVERS\disk.sys
07:29:25.0938 5452  Disk - ok
07:29:25.0980 5452  [ 33EF4861F19A0736B11314AAD9AE28D0 ] Dnscache        C:\Windows\System32\dnsrslvr.dll
07:29:25.0982 5452  Dnscache - ok
07:29:26.0013 5452  [ 366BA8FB4B7BB7435E3B9EACB3843F67 ] dot3svc         C:\Windows\System32\dot3svc.dll
07:29:26.0017 5452  dot3svc - ok
07:29:26.0029 5452  [ 8EC04CA86F1D68DA9E11952EB85973D6 ] DPS             C:\Windows\system32\dps.dll
07:29:26.0031 5452  DPS - ok
07:29:26.0052 5452  [ B918E7C5F9BF77202F89E1A9539F2EB4 ] drmkaud         C:\Windows\system32\drivers\drmkaud.sys
07:29:26.0053 5452  drmkaud - ok
07:29:26.0091 5452  [ 23F5D28378A160352BA8F817BD8C71CB ] DXGKrnl         C:\Windows\System32\drivers\dxgkrnl.sys
07:29:26.0100 5452  DXGKrnl - ok
07:29:26.0123 5452  [ 8600142FA91C1B96367D3300AD0F3F3A ] EapHost         C:\Windows\System32\eapsvc.dll
07:29:26.0124 5452  EapHost - ok
07:29:26.0188 5452  [ 024E1B5CAC09731E4D868E64DBFB4AB0 ] ebdrv           C:\Windows\system32\DRIVERS\evbdx.sys
07:29:26.0219 5452  ebdrv - ok
07:29:26.0268 5452  [ 81951F51E318AECC2D68559E47485CC4 ] EFS             C:\Windows\System32\lsass.exe
07:29:26.0270 5452  EFS - ok
07:29:26.0443 5452  [ A8C362018EFC87BEB013EE28F29C0863 ] ehRecvr         C:\Windows\ehome\ehRecvr.exe
07:29:26.0462 5452  ehRecvr - ok
07:29:26.0488 5452  [ D389BFF34F80CAEDE417BF9D1507996A ] ehSched         C:\Windows\ehome\ehsched.exe
07:29:26.0496 5452  ehSched - ok
07:29:26.0529 5452  [ 0ED67910C8C326796FAA00B2BF6D9D3C ] elxstor         C:\Windows\system32\DRIVERS\elxstor.sys
07:29:26.0535 5452  elxstor - ok
07:29:26.0571 5452  [ 8FC3208352DD3912C94367A206AB3F11 ] ErrDev          C:\Windows\system32\drivers\errdev.sys
07:29:26.0573 5452  ErrDev - ok
07:29:26.0612 5452  [ F6916EFC29D9953D5D0DF06882AE8E16 ] EventSystem     C:\Windows\system32\es.dll
07:29:26.0615 5452  EventSystem - ok
07:29:26.0630 5452  [ 2DC9108D74081149CC8B651D3A26207F ] exfat           C:\Windows\system32\drivers\exfat.sys
07:29:26.0633 5452  exfat - ok
07:29:26.0648 5452  [ 7E0AB74553476622FB6AE36F73D97D35 ] fastfat         C:\Windows\system32\drivers\fastfat.sys
07:29:26.0649 5452  fastfat - ok
07:29:26.0680 5452  [ 967EA5B213E9984CBE270205DF37755B ] Fax             C:\Windows\system32\fxssvc.exe
07:29:26.0686 5452  Fax - ok
07:29:26.0697 5452  [ E817A017F82DF2A1F8CFDBDA29388B29 ] fdc             C:\Windows\system32\DRIVERS\fdc.sys
07:29:26.0699 5452  fdc - ok
07:29:26.0728 5452  [ F3222C893BD2F5821A0179E5C71E88FB ] fdPHost         C:\Windows\system32\fdPHost.dll
07:29:26.0729 5452  fdPHost - ok
07:29:26.0741 5452  [ 7DBE8CBFE79EFBDEB98C9FB08D3A9A5B ] FDResPub        C:\Windows\system32\fdrespub.dll
07:29:26.0742 5452  FDResPub - ok
07:29:26.0752 5452  [ 6CF00369C97F3CF563BE99BE983D13D8 ] FileInfo        C:\Windows\system32\drivers\fileinfo.sys
07:29:26.0754 5452  FileInfo - ok
07:29:26.0759 5452  [ 42C51DC94C91DA21CB9196EB64C45DB9 ] Filetrace       C:\Windows\system32\drivers\filetrace.sys
07:29:26.0761 5452  Filetrace - ok
07:29:26.0776 5452  [ 87907AA70CB3C56600F1C2FB8841579B ] flpydisk        C:\Windows\system32\DRIVERS\flpydisk.sys
07:29:26.0777 5452  flpydisk - ok
07:29:26.0792 5452  [ 7520EC808E0C35E0EE6F841294316653 ] FltMgr          C:\Windows\system32\drivers\fltmgr.sys
07:29:26.0793 5452  FltMgr - ok
07:29:26.0840 5452  [ B3A5EC6B6B6673DB7E87C2BCDBDDC074 ] FontCache       C:\Windows\system32\FntCache.dll
07:29:26.0849 5452  FontCache - ok
07:29:26.0919 5452  [ E56F39F6B7FDA0AC77A79B0FD3DE1A2F ] FontCache3.0.0.0 C:\Windows\Microsoft.Net\Framework\v3.0\WPF\PresentationFontCache.exe
07:29:26.0924 5452  FontCache3.0.0.0 - ok
07:29:26.0935 5452  [ 1A16B57943853E598CFF37FE2B8CBF1D ] FsDepends       C:\Windows\system32\drivers\FsDepends.sys
07:29:26.0937 5452  FsDepends - ok
07:29:26.0967 5452  [ 7DAE5EBCC80E45D3253F4923DC424D05 ] Fs_Rec          C:\Windows\system32\drivers\Fs_Rec.sys
07:29:26.0978 5452  Fs_Rec - ok
07:29:27.0006 5452  [ E306A24D9694C724FA2491278BF50FDB ] fvevol          C:\Windows\system32\DRIVERS\fvevol.sys
07:29:27.0008 5452  fvevol - ok
07:29:27.0074 5452  [ 49BFA64D5EEE3CBE4137E131CC8554AF ] fwlanusb5       C:\Windows\system32\DRIVERS\fwlanusb5.sys
07:29:27.0084 5452  fwlanusb5 - ok
07:29:27.0114 5452  [ 65EE0C7A58B65E74AE05637418153938 ] gagp30kx        C:\Windows\system32\DRIVERS\gagp30kx.sys
07:29:27.0116 5452  gagp30kx - ok
07:29:27.0133 5452  [ 8182FF89C65E4D38B2DE4BB0FB18564E ] GEARAspiWDM     C:\Windows\system32\DRIVERS\GEARAspiWDM.sys
07:29:27.0134 5452  GEARAspiWDM - ok
07:29:27.0167 5452  [ E897EAF5ED6BA41E081060C9B447A673 ] gpsvc           C:\Windows\System32\gpsvc.dll
07:29:27.0173 5452  gpsvc - ok
07:29:27.0238 5452  [ 833051C6C6C42117191935F734CFBD97 ] hamachi         C:\Windows\system32\DRIVERS\hamachi.sys
07:29:27.0240 5452  hamachi - ok
07:29:27.0348 5452  Hamachi2Svc - ok
07:29:27.0392 5452  [ C44E3C2BAB6837DB337DDEE7544736DB ] hcw85cir        C:\Windows\system32\drivers\hcw85cir.sys
07:29:27.0393 5452  hcw85cir - ok
07:29:27.0437 5452  [ A5EF29D5315111C80A5C1ABAD14C8972 ] HdAudAddService C:\Windows\system32\drivers\HdAudio.sys
07:29:27.0441 5452  HdAudAddService - ok
07:29:27.0468 5452  [ 9036377B8A6C15DC2EEC53E489D159B5 ] HDAudBus        C:\Windows\system32\DRIVERS\HDAudBus.sys
07:29:27.0470 5452  HDAudBus - ok
07:29:27.0488 5452  [ 1D58A7F3E11A9731D0EAAAA8405ACC36 ] HidBatt         C:\Windows\system32\DRIVERS\HidBatt.sys
07:29:27.0489 5452  HidBatt - ok
07:29:27.0501 5452  [ 89448F40E6DF260C206A193A4683BA78 ] HidBth          C:\Windows\system32\DRIVERS\hidbth.sys
07:29:27.0503 5452  HidBth - ok
07:29:27.0516 5452  [ CF50B4CF4A4F229B9F3C08351F99CA5E ] HidIr           C:\Windows\system32\DRIVERS\hidir.sys
07:29:27.0518 5452  HidIr - ok
07:29:27.0542 5452  [ 2BC6F6A1992B3A77F5F41432CA6B3B6B ] hidserv         C:\Windows\System32\hidserv.dll
07:29:27.0544 5452  hidserv - ok
07:29:27.0618 5452  [ 10C19F8290891AF023EAEC0832E1EB4D ] HidUsb          C:\Windows\system32\DRIVERS\hidusb.sys
07:29:27.0619 5452  HidUsb - ok
07:29:27.0646 5452  [ 196B4E3F4CCCC24AF836CE58FACBB699 ] hkmsvc          C:\Windows\system32\kmsvc.dll
07:29:27.0648 5452  hkmsvc - ok
07:29:27.0683 5452  [ 6658F4404DE03D75FE3BA09F7ABA6A30 ] HomeGroupListener C:\Windows\system32\ListSvc.dll
07:29:27.0700 5452  HomeGroupListener - ok
07:29:27.0738 5452  [ DBC02D918FFF1CAD628ACBE0C0EAA8E8 ] HomeGroupProvider C:\Windows\system32\provsvc.dll
07:29:27.0741 5452  HomeGroupProvider - ok
07:29:27.0751 5452  [ 295FDC419039090EB8B49FFDBB374549 ] HpSAMD          C:\Windows\system32\drivers\HpSAMD.sys
07:29:27.0753 5452  HpSAMD - ok
07:29:27.0792 5452  [ 871917B07A141BFF43D76D8844D48106 ] HTTP            C:\Windows\system32\drivers\HTTP.sys
07:29:27.0830 5452  HTTP - ok
07:29:27.0896 5452  [ 0C4E035C7F105F1299258C90886C64C5 ] hwpolicy        C:\Windows\system32\drivers\hwpolicy.sys
07:29:27.0917 5452  hwpolicy - ok
07:29:27.0948 5452  [ F151F0BDC47F4A28B1B20A0818EA36D6 ] i8042prt        C:\Windows\system32\DRIVERS\i8042prt.sys
07:29:27.0967 5452  i8042prt - ok
07:29:27.0985 5452  [ 5CD5F9A5444E6CDCB0AC89BD62D8B76E ] iaStorV         C:\Windows\system32\drivers\iaStorV.sys
07:29:27.0990 5452  iaStorV - ok
07:29:28.0055 5452  [ 1CF03C69B49ACB70C722DF92755C0C8C ] IDriverT        C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
07:29:28.0065 5452  IDriverT - ok
07:29:28.0106 5452  [ C521D7EB6497BB1AF6AFA89E322FB43C ] idsvc           C:\Windows\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\infocard.exe
07:29:28.0137 5452  idsvc - ok
07:29:28.0174 5452  [ 4173FF5708F3236CF25195FECD742915 ] iirsp           C:\Windows\system32\DRIVERS\iirsp.sys
07:29:28.0176 5452  iirsp - ok
07:29:28.0200 5452  [ F95622F161474511B8D80D6B093AA610 ] IKEEXT          C:\Windows\System32\ikeext.dll
07:29:28.0209 5452  IKEEXT - ok
07:29:28.0306 5452  [ 763FA415837A3768CF5E6C6FB8626602 ] IntcAzAudAddService C:\Windows\system32\drivers\RTKVHDA.sys
07:29:28.0342 5452  IntcAzAudAddService - ok
07:29:28.0352 5452  [ A0F12F2C9BA6C72F3987CE780E77C130 ] intelide        C:\Windows\system32\drivers\intelide.sys
07:29:28.0354 5452  intelide - ok
07:29:28.0388 5452  [ 3B514D27BFC4ACCB4037BC6685F766E0 ] intelppm        C:\Windows\system32\DRIVERS\intelppm.sys
07:29:28.0389 5452  intelppm - ok
07:29:28.0421 5452  [ ACB364B9075A45C0736E5C47BE5CAE19 ] IPBusEnum       C:\Windows\system32\ipbusenum.dll
07:29:28.0423 5452  IPBusEnum - ok
07:29:28.0434 5452  [ 709D1761D3B19A932FF0238EA6D50200 ] IpFilterDriver  C:\Windows\system32\DRIVERS\ipfltdrv.sys
07:29:28.0436 5452  IpFilterDriver - ok
07:29:28.0466 5452  [ 58F67245D041FBE7AF88F4EAF79DF0FA ] iphlpsvc        C:\Windows\System32\iphlpsvc.dll
07:29:28.0472 5452  iphlpsvc - ok
07:29:28.0484 5452  [ 4BD7134618C1D2A27466A099062547BF ] IPMIDRV         C:\Windows\system32\drivers\IPMIDrv.sys
07:29:28.0485 5452  IPMIDRV - ok
07:29:28.0494 5452  [ A5FA468D67ABCDAA36264E463A7BB0CD ] IPNAT           C:\Windows\system32\drivers\ipnat.sys
07:29:28.0496 5452  IPNAT - ok
07:29:28.0550 5452  [ 57EDB35EA2FECA88F8B17C0C095C9A56 ] iPod Service    C:\Program Files\iPod\bin\iPodService.exe
07:29:28.0567 5452  iPod Service - ok
07:29:28.0576 5452  [ 42996CFF20A3084A56017B7902307E9F ] IRENUM          C:\Windows\system32\drivers\irenum.sys
07:29:28.0577 5452  IRENUM - ok
07:29:28.0591 5452  [ 1F32BB6B38F62F7DF1A7AB7292638A35 ] isapnp          C:\Windows\system32\drivers\isapnp.sys
07:29:28.0592 5452  isapnp - ok
07:29:28.0599 5452  [ CB7A9ABB12B8415BCE5D74994C7BA3AE ] iScsiPrt        C:\Windows\system32\drivers\msiscsi.sys
07:29:28.0602 5452  iScsiPrt - ok
07:29:28.0623 5452  [ ADEF52CA1AEAE82B50DF86B56413107E ] kbdclass        C:\Windows\system32\DRIVERS\kbdclass.sys
07:29:28.0624 5452  kbdclass - ok
07:29:28.0636 5452  [ 9E3CED91863E6EE98C24794D05E27A71 ] kbdhid          C:\Windows\system32\DRIVERS\kbdhid.sys
07:29:28.0637 5452  kbdhid - ok
07:29:28.0642 5452  [ 81951F51E318AECC2D68559E47485CC4 ] KeyIso          C:\Windows\system32\lsass.exe
07:29:28.0644 5452  KeyIso - ok
07:29:28.0668 5452  [ B7895B4182C0D16F6EFADEB8081E8D36 ] KSecDD          C:\Windows\system32\Drivers\ksecdd.sys
07:29:28.0670 5452  KSecDD - ok
07:29:28.0700 5452  [ D30159AC9237519FBC62C6EC247D2D46 ] KSecPkg         C:\Windows\system32\Drivers\ksecpkg.sys
07:29:28.0703 5452  KSecPkg - ok
07:29:28.0731 5452  [ 89A7B9CC98D0D80C6F31B91C0A310FCD ] KtmRm           C:\Windows\system32\msdtckrm.dll
07:29:28.0737 5452  KtmRm - ok
07:29:28.0768 5452  [ 8C804B1FFAD1EFA952B747E8285C3B76 ] L1E             C:\Windows\system32\DRIVERS\L1E62x86.sys
07:29:28.0770 5452  L1E - ok
07:29:28.0822 5452  [ D64AF876D53ECA3668BB97B51B4E70AB ] LanmanServer    C:\Windows\System32\srvsvc.dll
07:29:28.0826 5452  LanmanServer - ok
07:29:28.0840 5452  [ 58405E4F68BA8E4057C6E914F326ABA2 ] LanmanWorkstation C:\Windows\System32\wkssvc.dll
07:29:28.0844 5452  LanmanWorkstation - ok
07:29:28.0886 5452  [ F7611EC07349979DA9B0AE1F18CCC7A6 ] lltdio          C:\Windows\system32\DRIVERS\lltdio.sys
07:29:28.0887 5452  lltdio - ok
07:29:28.0904 5452  [ 5700673E13A2117FA3B9020C852C01E2 ] lltdsvc         C:\Windows\System32\lltdsvc.dll
07:29:28.0908 5452  lltdsvc - ok
07:29:28.0933 5452  [ 55CA01BA19D0006C8F2639B6C045E08B ] lmhosts         C:\Windows\System32\lmhsvc.dll
07:29:28.0935 5452  lmhosts - ok
07:29:28.0960 5452  [ EB119A53CCF2ACC000AC71B065B78FEF ] LSI_FC          C:\Windows\system32\DRIVERS\lsi_fc.sys
07:29:28.0962 5452  LSI_FC - ok
07:29:28.0967 5452  [ 8ADE1C877256A22E49B75D1CC9161F9C ] LSI_SAS         C:\Windows\system32\DRIVERS\lsi_sas.sys
07:29:28.0969 5452  LSI_SAS - ok
07:29:28.0992 5452  [ DC9DC3D3DAA0E276FD2EC262E38B11E9 ] LSI_SAS2        C:\Windows\system32\DRIVERS\lsi_sas2.sys
07:29:28.0994 5452  LSI_SAS2 - ok
07:29:28.0999 5452  [ 0A036C7D7CAB643A7F07135AC47E0524 ] LSI_SCSI        C:\Windows\system32\DRIVERS\lsi_scsi.sys
07:29:29.0000 5452  LSI_SCSI - ok
07:29:29.0026 5452  [ 6703E366CC18D3B6E534F5CF7DF39CEE ] luafv           C:\Windows\system32\drivers\luafv.sys
07:29:29.0028 5452  luafv - ok
07:29:29.0056 5452  [ 144011D14BD35F4E36136AE057B1AADD ] LUsbFilt        C:\Windows\system32\Drivers\LUsbFilt.Sys
07:29:29.0057 5452  LUsbFilt - ok
07:29:29.0158 5452  [ DDCC236009C707761D60E5C76D639176 ] McComponentHostService C:\Program Files\McAfee Security Scan\3.0.318\McCHSvc.exe
07:29:29.0170 5452  McComponentHostService - ok
07:29:29.0194 5452  [ BFB9EE8EE977EFE85D1A3105ABEF6DD1 ] Mcx2Svc         C:\Windows\system32\Mcx2Svc.dll
07:29:29.0196 5452  Mcx2Svc - ok
07:29:29.0206 5452  [ 0FFF5B045293002AB38EB1FD1FC2FB74 ] megasas         C:\Windows\system32\DRIVERS\megasas.sys
07:29:29.0208 5452  megasas - ok
07:29:29.0214 5452  [ DCBAB2920C75F390CAF1D29F675D03D6 ] MegaSR          C:\Windows\system32\DRIVERS\MegaSR.sys
07:29:29.0217 5452  MegaSR - ok
07:29:29.0284 5452  [ 123271BD5237AB991DC5C21FDF8835EB ] Microsoft Office Groove Audit Service C:\Program Files\Microsoft Office\Office12\GrooveAuditService.exe
07:29:29.0291 5452  Microsoft Office Groove Audit Service - ok
07:29:29.0308 5452  [ 146B6F43A673379A3C670E86D89BE5EA ] MMCSS           C:\Windows\system32\mmcss.dll
07:29:29.0310 5452  MMCSS - ok
07:29:29.0324 5452  [ F001861E5700EE84E2D4E52C712F4964 ] Modem           C:\Windows\system32\drivers\modem.sys
07:29:29.0325 5452  Modem - ok
07:29:29.0333 5452  [ 79D10964DE86B292320E9DFE02282A23 ] monitor         C:\Windows\system32\DRIVERS\monitor.sys
07:29:29.0334 5452  monitor - ok
07:29:29.0360 5452  [ FB18CC1D4C2E716B6B903B0AC0CC0609 ] mouclass        C:\Windows\system32\DRIVERS\mouclass.sys
07:29:29.0361 5452  mouclass - ok
07:29:29.0392 5452  [ 2C388D2CD01C9042596CF3C8F3C7B24D ] mouhid          C:\Windows\system32\DRIVERS\mouhid.sys
07:29:29.0393 5452  mouhid - ok
07:29:29.0404 5452  [ FC8771F45ECCCFD89684E38842539B9B ] mountmgr        C:\Windows\system32\drivers\mountmgr.sys
07:29:29.0405 5452  mountmgr - ok
07:29:29.0479 5452  [ 7EDBBB9351A38C6BB0FE98CFD44DB430 ] MozillaMaintenance C:\Program Files\Mozilla Maintenance Service\maintenanceservice.exe
07:29:29.0488 5452  MozillaMaintenance - ok
07:29:29.0515 5452  [ 2D699FB6E89CE0D8DA14ECC03B3EDFE0 ] mpio            C:\Windows\system32\drivers\mpio.sys
07:29:29.0517 5452  mpio - ok
07:29:29.0545 5452  [ AD2723A7B53DD1AACAE6AD8C0BFBF4D0 ] mpsdrv          C:\Windows\system32\drivers\mpsdrv.sys
07:29:29.0546 5452  mpsdrv - ok
07:29:29.0581 5452  [ 9835584E999D25004E1EE8E5F3E3B881 ] MpsSvc          C:\Windows\system32\mpssvc.dll
07:29:29.0588 5452  MpsSvc - ok
07:29:29.0606 5452  [ CEB46AB7C01C9F825F8CC6BABC18166A ] MRxDAV          C:\Windows\system32\drivers\mrxdav.sys
07:29:29.0608 5452  MRxDAV - ok
07:29:29.0643 5452  [ 5D16C921E3671636C0EBA3BBAAC5FD25 ] mrxsmb          C:\Windows\system32\DRIVERS\mrxsmb.sys
07:29:29.0645 5452  mrxsmb - ok
07:29:29.0660 5452  [ 6D17A4791ACA19328C685D256349FEFC ] mrxsmb10        C:\Windows\system32\DRIVERS\mrxsmb10.sys
07:29:29.0664 5452  mrxsmb10 - ok
07:29:29.0672 5452  [ B81F204D146000BE76651A50670A5E9E ] mrxsmb20        C:\Windows\system32\DRIVERS\mrxsmb20.sys
07:29:29.0674 5452  mrxsmb20 - ok
07:29:29.0689 5452  [ 012C5F4E9349E711E11E0F19A8589F0A ] msahci          C:\Windows\system32\drivers\msahci.sys
07:29:29.0690 5452  msahci - ok
07:29:29.0703 5452  [ 55055F8AD8BE27A64C831322A780A228 ] msdsm           C:\Windows\system32\drivers\msdsm.sys
07:29:29.0721 5452  msdsm - ok
07:29:29.0733 5452  [ E1BCE74A3BD9902B72599C0192A07E27 ] MSDTC           C:\Windows\System32\msdtc.exe
07:29:29.0736 5452  MSDTC - ok
07:29:29.0756 5452  [ DAEFB28E3AF5A76ABCC2C3078C07327F ] Msfs            C:\Windows\system32\drivers\Msfs.sys
07:29:29.0757 5452  Msfs - ok
07:29:29.0761 5452  [ 3E1E5767043C5AF9367F0056295E9F84 ] mshidkmdf       C:\Windows\System32\drivers\mshidkmdf.sys
07:29:29.0762 5452  mshidkmdf - ok
07:29:29.0775 5452  [ 0A4E5757AE09FA9622E3158CC1AEF114 ] msisadrv        C:\Windows\system32\drivers\msisadrv.sys
07:29:29.0776 5452  msisadrv - ok
07:29:29.0805 5452  [ 90F7D9E6B6F27E1A707D4A297F077828 ] MSiSCSI         C:\Windows\system32\iscsiexe.dll
07:29:29.0808 5452  MSiSCSI - ok
07:29:29.0812 5452  msiserver - ok
07:29:29.0844 5452  [ 3846C05A66A3F5CD1D33E1A323C1762C ] MSI_MSIBIOS_010507 C:\PROGRA~2\MSI\MSIWDev\msibios32_100507.sys
07:29:29.0845 5452  MSI_MSIBIOS_010507 - ok
07:29:29.0900 5452  [ 8C0860D6366AAFFB6C5BB9DF9448E631 ] MSKSSRV         C:\Windows\system32\drivers\MSKSSRV.sys
07:29:29.0901 5452  MSKSSRV - ok
07:29:29.0909 5452  [ 3EA8B949F963562CEDBB549EAC0C11CE ] MSPCLOCK        C:\Windows\system32\drivers\MSPCLOCK.sys
07:29:29.0911 5452  MSPCLOCK - ok
07:29:29.0937 5452  [ F456E973590D663B1073E9C463B40932 ] MSPQM           C:\Windows\system32\drivers\MSPQM.sys
07:29:29.0938 5452  MSPQM - ok
07:29:29.0954 5452  [ 0E008FC4819D238C51D7C93E7B41E560 ] MsRPC           C:\Windows\system32\drivers\MsRPC.sys
07:29:29.0957 5452  MsRPC - ok
07:29:29.0968 5452  [ FC6B9FF600CC585EA38B12589BD4E246 ] mssmbios        C:\Windows\system32\drivers\mssmbios.sys
07:29:29.0969 5452  mssmbios - ok
07:29:29.0973 5452  [ B42C6B921F61A6E55159B8BE6CD54A36 ] MSTEE           C:\Windows\system32\drivers\MSTEE.sys
07:29:29.0974 5452  MSTEE - ok
07:29:29.0982 5452  [ 33599130F44E1F34631CEA241DE8AC84 ] MTConfig        C:\Windows\system32\DRIVERS\MTConfig.sys
07:29:29.0983 5452  MTConfig - ok
07:29:30.0030 5452  [ D48659BB24C48345D926ECB45C1EBDF5 ] MTsensor        C:\Windows\system32\DRIVERS\ASACPI.sys
07:29:30.0031 5452  MTsensor - ok
07:29:30.0050 5452  [ 159FAD02F64E6381758C990F753BCC80 ] Mup             C:\Windows\system32\Drivers\mup.sys
07:29:30.0051 5452  Mup - ok
07:29:30.0065 5452  [ 61D57A5D7C6D9AFE10E77DAE6E1B445E ] napagent        C:\Windows\system32\qagentRT.dll
07:29:30.0070 5452  napagent - ok
07:29:30.0100 5452  [ 26384429FCD85D83746F63E798AB1480 ] NativeWifiP     C:\Windows\system32\DRIVERS\nwifi.sys
07:29:30.0104 5452  NativeWifiP - ok
07:29:30.0140 5452  [ 8C9C922D71F1CD4DEF73F186416B7896 ] NDIS            C:\Windows\system32\drivers\ndis.sys
07:29:30.0147 5452  NDIS - ok
07:29:30.0163 5452  [ 0E1787AA6C9191D3D319E8BAFE86F80C ] NdisCap         C:\Windows\system32\DRIVERS\ndiscap.sys
07:29:30.0165 5452  NdisCap - ok
07:29:30.0200 5452  [ E4A8AEC125A2E43A9E32AFEEA7C9C888 ] NdisTapi        C:\Windows\system32\DRIVERS\ndistapi.sys
07:29:30.0201 5452  NdisTapi - ok
07:29:30.0233 5452  [ D8A65DAFB3EB41CBB622745676FCD072 ] Ndisuio         C:\Windows\system32\DRIVERS\ndisuio.sys
07:29:30.0234 5452  Ndisuio - ok
07:29:30.0244 5452  [ 38FBE267E7E6983311179230FACB1017 ] NdisWan         C:\Windows\system32\DRIVERS\ndiswan.sys
07:29:30.0247 5452  NdisWan - ok
07:29:30.0260 5452  [ A4BDC541E69674FBFF1A8FF00BE913F2 ] NDProxy         C:\Windows\system32\drivers\NDProxy.sys
07:29:30.0262 5452  NDProxy - ok
07:29:30.0266 5452  [ 80B275B1CE3B0E79909DB7B39AF74D51 ] NetBIOS         C:\Windows\system32\DRIVERS\netbios.sys
07:29:30.0267 5452  NetBIOS - ok
07:29:30.0294 5452  [ 280122DDCF04B378EDD1AD54D71C1E54 ] NetBT           C:\Windows\system32\DRIVERS\netbt.sys
07:29:30.0295 5452  NetBT - ok
07:29:30.0300 5452  [ 81951F51E318AECC2D68559E47485CC4 ] Netlogon        C:\Windows\system32\lsass.exe
07:29:30.0302 5452  Netlogon - ok
07:29:30.0352 5452  [ 7CCCFCA7510684768DA22092D1FA4DB2 ] Netman          C:\Windows\System32\netman.dll
07:29:30.0356 5452  Netman - ok
07:29:30.0375 5452  [ 8C338238C16777A802D6A9211EB2BA50 ] netprofm        C:\Windows\System32\netprofm.dll
07:29:30.0380 5452  netprofm - ok
07:29:30.0397 5452  [ F476EC40033CDB91EFBE73EB99B8362D ] NetTcpPortSharing C:\Windows\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\SMSvcHost.exe
07:29:30.0407 5452  NetTcpPortSharing - ok
07:29:30.0429 5452  [ 1D85C4B390B0EE09C7A46B91EFB2C097 ] nfrd960         C:\Windows\system32\DRIVERS\nfrd960.sys
07:29:30.0431 5452  nfrd960 - ok
07:29:30.0454 5452  [ 374071043F9E4231EE43BE2BB48DD36D ] NlaSvc          C:\Windows\System32\nlasvc.dll
07:29:30.0458 5452  NlaSvc - ok
07:29:30.0541 5452  [ CB992AE1506985D9167E85883B4C3240 ] NMIndexingService C:\Program Files\Common Files\Nero\Lib\NMIndexingService.exe
07:29:30.0559 5452  NMIndexingService - ok
07:29:30.0591 5452  [ F6C40E0A565EE3CE5AEEB325E10054F2 ] nmwcd           C:\Windows\system32\drivers\ccdcmb.sys
07:29:30.0593 5452  nmwcd - ok
07:29:30.0617 5452  [ 2A394E9E1FA3565E4B2FEA470FFE4D6B ] nmwcdc          C:\Windows\system32\drivers\ccdcmbo.sys
07:29:30.0619 5452  nmwcdc - ok
07:29:30.0634 5452  [ 1DB262A9F8C087E8153D89BEF3D2235F ] Npfs            C:\Windows\system32\drivers\Npfs.sys
07:29:30.0646 5452  Npfs - ok
07:29:30.0686 5452  [ BA387E955E890C8A88306D9B8D06BF17 ] nsi             C:\Windows\system32\nsisvc.dll
07:29:30.0688 5452  nsi - ok
07:29:30.0773 5452  [ E9A0A4D07E53D8FEA2BB8387A3293C58 ] nsiproxy        C:\Windows\system32\drivers\nsiproxy.sys
07:29:30.0774 5452  nsiproxy - ok
07:29:30.0934 5452  [ 5E43D2B0EE64123D4880DFA6626DEFDE ] Ntfs            C:\Windows\system32\drivers\Ntfs.sys
07:29:30.0948 5452  Ntfs - ok
07:29:30.0963 5452  [ AA70ED3B0D93C1073260A5043805B6DB ] NTIOLib_1_0_8   C:\PROGRA~2\MSI\MSIWDev\NTIOLib.sys
07:29:30.0964 5452  NTIOLib_1_0_8 - ok
07:29:30.0992 5452  [ F9756A98D69098DCA8945D62858A812C ] Null            C:\Windows\system32\drivers\Null.sys
07:29:30.0994 5452  Null - ok
07:29:31.0018 5452  [ B3E25EE28883877076E0E1FF877D02E0 ] nvraid          C:\Windows\system32\drivers\nvraid.sys
07:29:31.0020 5452  nvraid - ok
07:29:31.0116 5452  [ 4380E59A170D88C4F1022EFF6719A8A4 ] nvstor          C:\Windows\system32\drivers\nvstor.sys
07:29:31.0171 5452  nvstor - ok
07:29:31.0297 5452  [ 5A0983915F02BAE73267CC2A041F717D ] nv_agp          C:\Windows\system32\drivers\nv_agp.sys
07:29:31.0362 5452  nv_agp - ok
07:29:31.0406 5452  [ 785F487A64950F3CB8E9F16253BA3B7B ] odserv          C:\Program Files\Common Files\Microsoft Shared\OFFICE12\ODSERV.EXE
07:29:31.0423 5452  odserv - ok
07:29:31.0428 5452  [ 08A70A1F2CDDE9BB49B885CB817A66EB ] ohci1394        C:\Windows\system32\drivers\ohci1394.sys
07:29:31.0430 5452  ohci1394 - ok
07:29:31.0471 5452  [ 5A432A042DAE460ABE7199B758E8606C ] ose             C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE
07:29:31.0481 5452  ose - ok
07:29:31.0521 5452  [ 82A8521DDC60710C3D3D3E7325209BEC ] p2pimsvc        C:\Windows\system32\pnrpsvc.dll
07:29:31.0525 5452  p2pimsvc - ok
07:29:31.0558 5452  [ 59C3DDD501E39E006DAC31BF55150D91 ] p2psvc          C:\Windows\system32\p2psvc.dll
07:29:31.0563 5452  p2psvc - ok
07:29:31.0598 5452  [ 2EA877ED5DD9713C5AC74E8EA7348D14 ] Parport         C:\Windows\system32\DRIVERS\parport.sys
07:29:31.0600 5452  Parport - ok
07:29:31.0626 5452  [ 3F34A1B4C5F6475F320C275E63AFCE9B ] partmgr         C:\Windows\system32\drivers\partmgr.sys
07:29:31.0629 5452  partmgr - ok
07:29:31.0654 5452  [ EB0A59F29C19B86479D36B35983DAADC ] Parvdm          C:\Windows\system32\DRIVERS\parvdm.sys
07:29:31.0656 5452  Parvdm - ok
07:29:31.0672 5452  [ 358AB7956D3160000726574083DFC8A6 ] PcaSvc          C:\Windows\System32\pcasvc.dll
07:29:31.0675 5452  PcaSvc - ok
07:29:31.0744 5452  [ FD2041E9BA03DB7764B2248F02475079 ] pccsmcfd        C:\Windows\system32\DRIVERS\pccsmcfd.sys
07:29:31.0745 5452  pccsmcfd - ok
07:29:31.0766 5452  [ 673E55C3498EB970088E812EA820AA8F ] pci             C:\Windows\system32\drivers\pci.sys
07:29:31.0768 5452  pci - ok
07:29:31.0773 5452  [ AFE86F419014DB4E5593F69FFE26CE0A ] pciide          C:\Windows\system32\drivers\pciide.sys
07:29:31.0774 5452  pciide - ok
07:29:31.0812 5452  [ F396431B31693E71E8A80687EF523506 ] pcmcia          C:\Windows\system32\DRIVERS\pcmcia.sys
07:29:31.0815 5452  pcmcia - ok
07:29:31.0834 5452  [ 250F6B43D2B613172035C6747AEEB19F ] pcw             C:\Windows\system32\drivers\pcw.sys
07:29:31.0836 5452  pcw - ok
07:29:31.0854 5452  [ 9E0104BA49F4E6973749A02BF41344ED ] PEAUTH          C:\Windows\system32\drivers\peauth.sys
07:29:31.0862 5452  PEAUTH - ok
07:29:31.0915 5452  [ 414BBA67A3DED1D28437EB66AEB8A720 ] pla             C:\Windows\system32\pla.dll
07:29:31.0933 5452  pla - ok
07:29:31.0974 5452  [ EC7BC28D207DA09E79B3E9FAF8B232CA ] PlugPlay        C:\Windows\system32\umpnpmgr.dll
07:29:31.0979 5452  PlugPlay - ok
07:29:31.0991 5452  [ 63FF8572611249931EB16BB8EED6AFC8 ] PNRPAutoReg     C:\Windows\system32\pnrpauto.dll
07:29:31.0993 5452  PNRPAutoReg - ok
07:29:32.0000 5452  [ 82A8521DDC60710C3D3D3E7325209BEC ] PNRPsvc         C:\Windows\system32\pnrpsvc.dll
07:29:32.0004 5452  PNRPsvc - ok
07:29:32.0024 5452  [ 53946B69BA0836BD95B03759530C81EC ] PolicyAgent     C:\Windows\System32\ipsecsvc.dll
07:29:32.0029 5452  PolicyAgent - ok
07:29:32.0050 5452  [ F87D30E72E03D579A5199CCB3831D6EA ] Power           C:\Windows\system32\umpo.dll
07:29:32.0054 5452  Power - ok
07:29:32.0077 5452  [ 631E3E205AD6D86F2AED6A4A8E69F2DB ] PptpMiniport    C:\Windows\system32\DRIVERS\raspptp.sys
07:29:32.0079 5452  PptpMiniport - ok
07:29:32.0096 5452  [ 85B1E3A0C7585BC4AAE6899EC6FCF011 ] Processor       C:\Windows\system32\DRIVERS\processr.sys
07:29:32.0098 5452  Processor - ok
07:29:32.0126 5452  [ CADEFAC453040E370A1BDFF3973BE00D ] ProfSvc         C:\Windows\system32\profsvc.dll
07:29:32.0129 5452  ProfSvc - ok
07:29:32.0149 5452  [ 81951F51E318AECC2D68559E47485CC4 ] ProtectedStorage C:\Windows\system32\lsass.exe
07:29:32.0151 5452  ProtectedStorage - ok
07:29:32.0191 5452  [ 6270CCAE2A86DE6D146529FE55B3246A ] Psched          C:\Windows\system32\DRIVERS\pacer.sys
07:29:32.0193 5452  Psched - ok
07:29:32.0228 5452  [ AB95ECF1F6659A60DDC166D8315B0751 ] ql2300          C:\Windows\system32\DRIVERS\ql2300.sys
07:29:32.0243 5452  ql2300 - ok
07:29:32.0249 5452  [ B4DD51DD25182244B86737DC51AF2270 ] ql40xx          C:\Windows\system32\DRIVERS\ql40xx.sys
07:29:32.0251 5452  ql40xx - ok
07:29:32.0285 5452  [ 31AC809E7707EB580B2BDB760390765A ] QWAVE           C:\Windows\system32\qwave.dll
07:29:32.0289 5452  QWAVE - ok
07:29:32.0296 5452  [ 584078CA1B95CA72DF2A27C336F9719D ] QWAVEdrv        C:\Windows\system32\drivers\qwavedrv.sys
07:29:32.0298 5452  QWAVEdrv - ok
07:29:32.0304 5452  [ 30A81B53C766D0133BB86D234E5556AB ] RasAcd          C:\Windows\system32\DRIVERS\rasacd.sys
07:29:32.0306 5452  RasAcd - ok
07:29:32.0331 5452  [ 57EC4AEF73660166074D8F7F31C0D4FD ] RasAgileVpn     C:\Windows\system32\DRIVERS\AgileVpn.sys
07:29:32.0332 5452  RasAgileVpn - ok
07:29:32.0353 5452  [ A60F1839849C0C00739787FD5EC03F13 ] RasAuto         C:\Windows\System32\rasauto.dll
07:29:32.0357 5452  RasAuto - ok
07:29:32.0371 5452  [ D9F91EAFEC2815365CBE6D167E4E332A ] Rasl2tp         C:\Windows\system32\DRIVERS\rasl2tp.sys
07:29:32.0373 5452  Rasl2tp - ok
07:29:32.0417 5452  [ CB9E04DC05EACF5B9A36CA276D475006 ] RasMan          C:\Windows\System32\rasmans.dll
07:29:32.0421 5452  RasMan - ok
07:29:32.0434 5452  [ 0FE8B15916307A6AC12BFB6A63E45507 ] RasPppoe        C:\Windows\system32\DRIVERS\raspppoe.sys
07:29:32.0436 5452  RasPppoe - ok
07:29:32.0443 5452  [ 44101F495A83EA6401D886E7FD70096B ] RasSstp         C:\Windows\system32\DRIVERS\rassstp.sys
07:29:32.0445 5452  RasSstp - ok
07:29:32.0451 5452  [ D528BC58A489409BA40334EBF96A311B ] rdbss           C:\Windows\system32\DRIVERS\rdbss.sys
07:29:32.0454 5452  rdbss - ok
07:29:32.0465 5452  [ 0D8F05481CB76E70E1DA06EE9F0DA9DF ] rdpbus          C:\Windows\system32\DRIVERS\rdpbus.sys
07:29:32.0467 5452  rdpbus - ok
07:29:32.0495 5452  [ 23DAE03F29D253AE74C44F99E515F9A1 ] RDPCDD          C:\Windows\system32\DRIVERS\RDPCDD.sys
07:29:32.0496 5452  RDPCDD - ok
07:29:32.0532 5452  [ 5A53CA1598DD4156D44196D200C94B8A ] RDPENCDD        C:\Windows\system32\drivers\rdpencdd.sys
07:29:32.0533 5452  RDPENCDD - ok
07:29:32.0539 5452  [ 44B0A53CD4F27D50ED461DAE0C0B4E1F ] RDPREFMP        C:\Windows\system32\drivers\rdprefmp.sys
07:29:32.0540 5452  RDPREFMP - ok
07:29:32.0579 5452  [ F031683E6D1FEA157ABB2FF260B51E61 ] RDPWD           C:\Windows\system32\drivers\RDPWD.sys
07:29:32.0582 5452  RDPWD - ok
07:29:32.0621 5452  [ 518395321DC96FE2C9F0E96AC743B656 ] rdyboost        C:\Windows\system32\drivers\rdyboost.sys
07:29:32.0624 5452  rdyboost - ok
07:29:32.0666 5452  [ 7B5E1419717FAC363A31CC302895217A ] RemoteAccess    C:\Windows\System32\mprdim.dll
07:29:32.0669 5452  RemoteAccess - ok
07:29:32.0683 5452  [ CB9A8683F4EF2BF99E123D79950D7935 ] RemoteRegistry  C:\Windows\system32\regsvc.dll
07:29:32.0687 5452  RemoteRegistry - ok
07:29:32.0719 5452  [ 78D072F35BC45D9E4E1B61895C152234 ] RpcEptMapper    C:\Windows\System32\RpcEpMap.dll
07:29:32.0721 5452  RpcEptMapper - ok
07:29:32.0728 5452  [ 94D36C0E44677DD26981D2BFEEF2A29D ] RpcLocator      C:\Windows\system32\locator.exe
07:29:32.0731 5452  RpcLocator - ok
07:29:32.0745 5452  [ 7660F01D3B38ACA1747E397D21D790AF ] RpcSs           C:\Windows\system32\rpcss.dll
07:29:32.0749 5452  RpcSs - ok
07:29:32.0757 5452  [ 032B0D36AD92B582D869879F5AF5B928 ] rspndr          C:\Windows\system32\DRIVERS\rspndr.sys
07:29:32.0759 5452  rspndr - ok
07:29:32.0800 5452  [ E099D23EE1BBCE0CF5745F811F3B1882 ] RTL8167         C:\Windows\system32\DRIVERS\Rt86win7.sys
07:29:32.0805 5452  RTL8167 - ok
07:29:32.0821 5452  [ 81951F51E318AECC2D68559E47485CC4 ] SamSs           C:\Windows\system32\lsass.exe
07:29:32.0823 5452  SamSs - ok
07:29:32.0853 5452  [ 05D860DA1040F111503AC416CCEF2BCA ] sbp2port        C:\Windows\system32\drivers\sbp2port.sys
07:29:32.0855 5452  sbp2port - ok
07:29:32.0882 5452  [ 8FC518FFE9519C2631D37515A68009C4 ] SCardSvr        C:\Windows\System32\SCardSvr.dll
07:29:32.0886 5452  SCardSvr - ok
07:29:32.0894 5452  [ 0693B5EC673E34DC147E195779A4DCF6 ] scfilter        C:\Windows\system32\DRIVERS\scfilter.sys
07:29:32.0895 5452  scfilter - ok
07:29:32.0931 5452  [ A04BB13F8A72F8B6E8B4071723E4E336 ] Schedule        C:\Windows\system32\schedsvc.dll
07:29:32.0939 5452  Schedule - ok
07:29:32.0943 5452  [ 319C6B309773D063541D01DF8AC6F55F ] SCPolicySvc     C:\Windows\System32\certprop.dll
07:29:32.0944 5452  SCPolicySvc - ok
07:29:33.0008 5452  [ 08236C4BCE5EDD0A0318A438AF28E0F7 ] SDRSVC          C:\Windows\System32\SDRSVC.dll
07:29:33.0027 5452  SDRSVC - ok
07:29:33.0097 5452  [ 90A3935D05B494A5A39D37E71F09A677 ] secdrv          C:\Windows\system32\drivers\secdrv.sys
07:29:33.0099 5452  secdrv - ok
07:29:33.0179 5452  [ A59B3A4442C52060CC7A85293AA3546F ] seclogon        C:\Windows\system32\seclogon.dll
07:29:33.0181 5452  seclogon - ok
07:29:33.0291 5452  [ DCB7FCDCC97F87360F75D77425B81737 ] SENS            C:\Windows\system32\sens.dll
07:29:33.0294 5452  SENS - ok
07:29:33.0359 5452  [ 50087FE1EE447009C9CC2997B90DE53F ] SensrSvc        C:\Windows\system32\sensrsvc.dll
07:29:33.0362 5452  SensrSvc - ok
07:29:33.0369 5452  [ 9AD8B8B515E3DF6ACD4212EF465DE2D1 ] Serenum         C:\Windows\system32\DRIVERS\serenum.sys
07:29:33.0370 5452  Serenum - ok
07:29:33.0385 5452  [ 5FB7FCEA0490D821F26F39CC5EA3D1E2 ] Serial          C:\Windows\system32\DRIVERS\serial.sys
07:29:33.0387 5452  Serial - ok
07:29:33.0405 5452  [ 79BFFB520327FF916A582DFEA17AA813 ] sermouse        C:\Windows\system32\DRIVERS\sermouse.sys
07:29:33.0406 5452  sermouse - ok
07:29:33.0474 5452  [ F31E9531AF225CA25350D5E87E999B31 ] ServiceLayer    C:\Program Files\PC Connectivity Solution\ServiceLayer.exe
07:29:33.0491 5452  ServiceLayer - ok
07:29:33.0528 5452  [ 4AE380F39A0032EAB7DD953030B26D28 ] SessionEnv      C:\Windows\system32\sessenv.dll
07:29:33.0531 5452  SessionEnv - ok
07:29:33.0557 5452  [ 9F976E1EB233DF46FCE808D9DEA3EB9C ] sffdisk         C:\Windows\system32\drivers\sffdisk.sys
07:29:33.0558 5452  sffdisk - ok
07:29:33.0571 5452  [ 932A68EE27833CFD57C1639D375F2731 ] sffp_mmc        C:\Windows\system32\drivers\sffp_mmc.sys
07:29:33.0573 5452  sffp_mmc - ok
07:29:33.0592 5452  [ 6D4CCAEDC018F1CF52866BBBAA235982 ] sffp_sd         C:\Windows\system32\drivers\sffp_sd.sys
07:29:33.0593 5452  sffp_sd - ok
07:29:33.0607 5452  [ DB96666CC8312EBC45032F30B007A547 ] sfloppy         C:\Windows\system32\DRIVERS\sfloppy.sys
07:29:33.0609 5452  sfloppy - ok
07:29:33.0655 5452  [ D1A079A0DE2EA524513B6930C24527A2 ] SharedAccess    C:\Windows\System32\ipnathlp.dll
07:29:33.0663 5452  SharedAccess - ok
07:29:33.0679 5452  [ 414DA952A35BF5D50192E28263B40577 ] ShellHWDetection C:\Windows\System32\shsvcs.dll
07:29:33.0684 5452  ShellHWDetection - ok
07:29:33.0719 5452  [ 2565CAC0DC9FE0371BDCE60832582B2E ] sisagp          C:\Windows\system32\drivers\sisagp.sys
07:29:33.0721 5452  sisagp - ok
07:29:33.0743 5452  [ A9F0486851BECB6DDA1D89D381E71055 ] SiSRaid2        C:\Windows\system32\DRIVERS\SiSRaid2.sys
07:29:33.0744 5452  SiSRaid2 - ok
07:29:33.0765 5452  [ 3727097B55738E2F554972C3BE5BC1AA ] SiSRaid4        C:\Windows\system32\DRIVERS\sisraid4.sys
07:29:33.0768 5452  SiSRaid4 - ok
07:29:33.0777 5452  [ 3E21C083B8A01CB70BA1F09303010FCE ] Smb             C:\Windows\system32\DRIVERS\smb.sys
07:29:33.0779 5452  Smb - ok
07:29:33.0815 5452  [ 6A984831644ECA1A33FFEAE4126F4F37 ] SNMPTRAP        C:\Windows\System32\snmptrap.exe
07:29:33.0828 5452  SNMPTRAP - ok
07:29:33.0849 5452  [ 95CF1AE7527FB70F7816563CBC09D942 ] spldr           C:\Windows\system32\drivers\spldr.sys
07:29:33.0850 5452  spldr - ok
07:29:33.0903 5452  [ 9AEA093B8F9C37CF45538382CABA2475 ] Spooler         C:\Windows\System32\spoolsv.exe
07:29:33.0909 5452  Spooler - ok
07:29:34.0021 5452  [ CF87A1DE791347E75B98885214CED2B8 ] sppsvc          C:\Windows\system32\sppsvc.exe
07:29:34.0053 5452  sppsvc - ok
07:29:34.0099 5452  [ B0180B20B065D89232A78A40FE56EAA6 ] sppuinotify     C:\Windows\system32\sppuinotify.dll
07:29:34.0103 5452  sppuinotify - ok
07:29:34.0137 5452  [ E4C2764065D66EA1D2D3EBC28FE99C46 ] srv             C:\Windows\system32\DRIVERS\srv.sys
07:29:34.0141 5452  srv - ok
07:29:34.0157 5452  [ 03F0545BD8D4C77FA0AE1CEEDFCC71AB ] srv2            C:\Windows\system32\DRIVERS\srv2.sys
07:29:34.0161 5452  srv2 - ok
07:29:34.0193 5452  [ BE6BD660CAA6F291AE06A718A4FA8ABC ] srvnet          C:\Windows\system32\DRIVERS\srvnet.sys
07:29:34.0196 5452  srvnet - ok
07:29:34.0206 5452  [ D887C9FD02AC9FA880F6E5027A43E118 ] SSDPSRV         C:\Windows\System32\ssdpsrv.dll
07:29:34.0209 5452  SSDPSRV - ok
07:29:34.0266 5452  [ A36EE93698802CD899F98BFD553D8185 ] ssmdrv          C:\Windows\system32\DRIVERS\ssmdrv.sys
07:29:34.0267 5452  ssmdrv - ok
07:29:34.0276 5452  [ D318F23BE45D5E3A107469EB64815B50 ] SstpSvc         C:\Windows\system32\sstpsvc.dll
07:29:34.0279 5452  SstpSvc - ok
07:29:34.0322 5452  [ 6D82CB78DE57A073E95431F3486B1B27 ] ssudmdm         C:\Windows\system32\DRIVERS\ssudmdm.sys
07:29:34.0325 5452  ssudmdm - ok
07:29:34.0358 5452  [ E07BB90071FA944038B0CF3FC050E485 ] ssudobex        C:\Windows\system32\DRIVERS\ssudobex.sys
07:29:34.0361 5452  ssudobex - ok
07:29:34.0402 5452  [ DB32D325C192B801DF274BFD12A7E72B ] stexstor        C:\Windows\system32\DRIVERS\stexstor.sys
07:29:34.0404 5452  stexstor - ok
07:29:34.0458 5452  [ E1FB3706030FB4578A0D72C2FC3689E4 ] StiSvc          C:\Windows\System32\wiaservc.dll
07:29:34.0465 5452  StiSvc - ok
07:29:34.0500 5452  [ E58C78A848ADD9610A4DB6D214AF5224 ] swenum          C:\Windows\system32\drivers\swenum.sys
07:29:34.0501 5452  swenum - ok
07:29:34.0519 5452  [ A28BD92DF340E57B024BA433165D34D7 ] swprv           C:\Windows\System32\swprv.dll
07:29:34.0524 5452  swprv - ok
07:29:34.0581 5452  [ 36650D618CA34C9D357DFD3D89B2C56F ] SysMain         C:\Windows\system32\sysmain.dll
07:29:34.0599 5452  SysMain - ok
07:29:34.0627 5452  [ 763FECDC3D30C815FE72DD57936C6CD1 ] TabletInputService C:\Windows\System32\TabSvc.dll
07:29:34.0631 5452  TabletInputService - ok
07:29:34.0704 5452  [ 613BF4820361543956909043A265C6AC ] TapiSrv         C:\Windows\System32\tapisrv.dll
07:29:34.0708 5452  TapiSrv - ok
07:29:34.0722 5452  [ B799D9FDB26111737F58288D8DC172D9 ] TBS             C:\Windows\System32\tbssvc.dll
07:29:34.0725 5452  TBS - ok
07:29:34.0789 5452  [ 7C0507D2391AF5933600CBCED799F277 ] Tcpip           C:\Windows\system32\drivers\tcpip.sys
07:29:34.0799 5452  Tcpip - ok
07:29:34.0844 5452  [ 7C0507D2391AF5933600CBCED799F277 ] TCPIP6          C:\Windows\system32\DRIVERS\tcpip.sys
07:29:34.0852 5452  TCPIP6 - ok
07:29:34.0886 5452  [ 3EEBD3BD93DA46A26E89893C7AB2FF3B ] tcpipreg        C:\Windows\system32\drivers\tcpipreg.sys
07:29:34.0888 5452  tcpipreg - ok
07:29:34.0910 5452  [ 1CB91B2BD8F6DD367DFC2EF26FD751B2 ] TDPIPE          C:\Windows\system32\drivers\tdpipe.sys
07:29:34.0911 5452  TDPIPE - ok
07:29:34.0946 5452  [ 2C2C5AFE7EE4F620D69C23C0617651A8 ] TDTCP           C:\Windows\system32\drivers\tdtcp.sys
07:29:34.0948 5452  TDTCP - ok
07:29:34.0989 5452  [ B459575348C20E8121D6039DA063C704 ] tdx             C:\Windows\system32\DRIVERS\tdx.sys
07:29:34.0991 5452  tdx - ok
07:29:34.0999 5452  [ 04DBF4B01EA4BF25A9A3E84AFFAC9B20 ] TermDD          C:\Windows\system32\drivers\termdd.sys
07:29:35.0000 5452  TermDD - ok
07:29:35.0029 5452  [ 382C804C92811BE57829D8E550A900E2 ] TermService     C:\Windows\System32\termsrv.dll
07:29:35.0036 5452  TermService - ok
07:29:35.0065 5452  [ 42FB6AFD6B79D9FE07381609172E7CA4 ] Themes          C:\Windows\system32\themeservice.dll
07:29:35.0067 5452  Themes - ok
07:29:35.0089 5452  [ 146B6F43A673379A3C670E86D89BE5EA ] THREADORDER     C:\Windows\system32\mmcss.dll
07:29:35.0091 5452  THREADORDER - ok
07:29:35.0111 5452  [ 4792C0378DB99A9BC2AE2DE6CFFF0C3A ] TrkWks          C:\Windows\System32\trkwks.dll
07:29:35.0115 5452  TrkWks - ok
07:29:35.0164 5452  [ 2C49B175AEE1D4364B91B531417FE583 ] TrustedInstaller C:\Windows\servicing\TrustedInstaller.exe
07:29:35.0166 5452  TrustedInstaller - ok
07:29:35.0179 5452  [ 254BB140EEE3C59D6114C1A86B636877 ] tssecsrv        C:\Windows\system32\DRIVERS\tssecsrv.sys
07:29:35.0181 5452  tssecsrv - ok
07:29:35.0199 5452  [ FD1D6C73E6333BE727CBCC6054247654 ] TsUsbFlt        C:\Windows\system32\drivers\tsusbflt.sys
07:29:35.0201 5452  TsUsbFlt - ok
07:29:35.0233 5452  [ B2FA25D9B17A68BB93D58B0556E8C90D ] tunnel          C:\Windows\system32\DRIVERS\tunnel.sys
07:29:35.0235 5452  tunnel - ok
07:29:35.0260 5452  [ 750FBCB269F4D7DD2E420C56B795DB6D ] uagp35          C:\Windows\system32\DRIVERS\uagp35.sys
07:29:35.0262 5452  uagp35 - ok
07:29:35.0278 5452  [ EE43346C7E4B5E63E54F927BABBB32FF ] udfs            C:\Windows\system32\DRIVERS\udfs.sys
07:29:35.0281 5452  udfs - ok
07:29:35.0295 5452  [ 8344FD4FCE927880AA1AA7681D4927E5 ] UI0Detect       C:\Windows\system32\UI0Detect.exe
07:29:35.0299 5452  UI0Detect - ok
07:29:35.0328 5452  [ 44E8048ACE47BEFBFDC2E9BE4CBC8880 ] uliagpkx        C:\Windows\system32\drivers\uliagpkx.sys
07:29:35.0330 5452  uliagpkx - ok
07:29:35.0361 5452  [ D295BED4B898F0FD999FCFA9B32B071B ] umbus           C:\Windows\system32\drivers\umbus.sys
07:29:35.0363 5452  umbus - ok
07:29:35.0373 5452  [ 7550AD0C6998BA1CB4843E920EE0FEAC ] UmPass          C:\Windows\system32\DRIVERS\umpass.sys
07:29:35.0374 5452  UmPass - ok
07:29:35.0388 5452  [ 833FBB672460EFCE8011D262175FAD33 ] upnphost        C:\Windows\System32\upnphost.dll
07:29:35.0392 5452  upnphost - ok
07:29:35.0440 5452  [ 47F5F9D837D80FFD5882A14DB9DA0A67 ] upperdev        C:\Windows\system32\DRIVERS\usbser_lowerflt.sys
07:29:35.0441 5452  upperdev - ok
07:29:35.0477 5452  [ BD9C55D7023C5DE374507ACC7A14E2AC ] usbccgp         C:\Windows\system32\DRIVERS\usbccgp.sys
07:29:35.0479 5452  usbccgp - ok
07:29:35.0499 5452  [ 04EC7CEC62EC3B6D9354EEE93327FC82 ] usbcir          C:\Windows\system32\drivers\usbcir.sys
07:29:35.0501 5452  usbcir - ok
07:29:35.0529 5452  [ F92DE757E4B7CE9C07C5E65423F3AE3B ] usbehci         C:\Windows\system32\DRIVERS\usbehci.sys
07:29:35.0531 5452  usbehci - ok
07:29:35.0548 5452  [ 8DC94AEC6A7E644A06135AE7506DC2E9 ] usbhub          C:\Windows\system32\DRIVERS\usbhub.sys
07:29:35.0552 5452  usbhub - ok
07:29:35.0567 5452  [ E185D44FAC515A18D9DEDDC23C2CDF44 ] usbohci         C:\Windows\system32\DRIVERS\usbohci.sys
07:29:35.0568 5452  usbohci - ok
07:29:35.0588 5452  [ 797D862FE0875E75C7CC4C1AD7B30252 ] usbprint        C:\Windows\system32\DRIVERS\usbprint.sys
07:29:35.0590 5452  usbprint - ok
07:29:35.0613 5452  [ 576096CCBC07E7C4EA4F5E6686D6888F ] usbscan         C:\Windows\system32\DRIVERS\usbscan.sys
07:29:35.0615 5452  usbscan - ok
07:29:35.0628 5452  [ 31181DE6190B39FC8007DFFD1A48FFD6 ] usbser          C:\Windows\system32\drivers\usbser.sys
07:29:35.0630 5452  usbser - ok
07:29:35.0640 5452  [ E44F0D17BE0908B58DCC99CCB99C6C32 ] UsbserFilt      C:\Windows\system32\DRIVERS\usbser_lowerfltj.sys
07:29:35.0642 5452  UsbserFilt - ok
07:29:35.0656 5452  [ F991AB9CC6B908DB552166768176896A ] USBSTOR         C:\Windows\system32\DRIVERS\USBSTOR.SYS
07:29:35.0658 5452  USBSTOR - ok
07:29:35.0671 5452  [ 68DF884CF41CDADA664BEB01DAF67E3D ] usbuhci         C:\Windows\system32\drivers\usbuhci.sys
07:29:35.0673 5452  usbuhci - ok
07:29:35.0709 5452  [ 081E6E1C91AEC36758902A9F727CD23C ] UxSms           C:\Windows\System32\uxsms.dll
07:29:35.0712 5452  UxSms - ok
07:29:35.0723 5452  [ 81951F51E318AECC2D68559E47485CC4 ] VaultSvc        C:\Windows\system32\lsass.exe
07:29:35.0725 5452  VaultSvc - ok
07:29:35.0733 5452  [ A059C4C3EDB09E07D21A8E5C0AABD3CB ] vdrvroot        C:\Windows\system32\drivers\vdrvroot.sys
07:29:35.0735 5452  vdrvroot - ok
07:29:35.0774 5452  [ C3CD30495687C2A2F66A65CA6FD89BE9 ] vds             C:\Windows\System32\vds.exe
07:29:35.0782 5452  vds - ok
07:29:35.0825 5452  [ 17C408214EA61696CEC9C66E388B14F3 ] vga             C:\Windows\system32\DRIVERS\vgapnp.sys
07:29:35.0826 5452  vga - ok
07:29:35.0845 5452  [ 8E38096AD5C8570A6F1570A61E251561 ] VgaSave         C:\Windows\System32\drivers\vga.sys
07:29:35.0847 5452  VgaSave - ok
07:29:35.0861 5452  [ 5461686CCA2FDA57B024547733AB42E3 ] vhdmp           C:\Windows\system32\drivers\vhdmp.sys
07:29:35.0864 5452  vhdmp - ok
07:29:35.0870 5452  [ C829317A37B4BEA8F39735D4B076E923 ] viaagp          C:\Windows\system32\drivers\viaagp.sys
07:29:35.0872 5452  viaagp - ok
07:29:35.0898 5452  [ E02F079A6AA107F06B16549C6E5C7B74 ] ViaC7           C:\Windows\system32\DRIVERS\viac7.sys
07:29:35.0900 5452  ViaC7 - ok
07:29:35.0934 5452  [ E43574F6A56A0EE11809B48C09E4FD3C ] viaide          C:\Windows\system32\drivers\viaide.sys
07:29:35.0936 5452  viaide - ok
07:29:35.0961 5452  [ 4C63E00F2F4B5F86AB48A58CD990F212 ] volmgr          C:\Windows\system32\drivers\volmgr.sys
07:29:35.0963 5452  volmgr - ok
07:29:35.0981 5452  [ B5BB72067DDDDBBFB04B2F89FF8C3C87 ] volmgrx         C:\Windows\system32\drivers\volmgrx.sys
07:29:35.0984 5452  volmgrx - ok
07:29:36.0020 5452  [ F497F67932C6FA693D7DE2780631CFE7 ] volsnap         C:\Windows\system32\drivers\volsnap.sys
07:29:36.0024 5452  volsnap - ok
07:29:36.0064 5452  [ 9DFA0CC2F8855A04816729651175B631 ] vsmraid         C:\Windows\system32\DRIVERS\vsmraid.sys
07:29:36.0067 5452  vsmraid - ok
07:29:36.0112 5452  [ 209A3B1901B83AEB8527ED211CCE9E4C ] VSS             C:\Windows\system32\vssvc.exe
07:29:36.0134 5452  VSS - ok
07:29:36.0148 5452  [ 90567B1E658001E79D7C8BBD3DDE5AA6 ] vwifibus        C:\Windows\system32\DRIVERS\vwifibus.sys
07:29:36.0150 5452  vwifibus - ok
07:29:36.0177 5452  [ 7090D3436EEB4E7DA3373090A23448F7 ] vwififlt        C:\Windows\system32\DRIVERS\vwififlt.sys
07:29:36.0178 5452  vwififlt - ok
07:29:36.0219 5452  [ 55187FD710E27D5095D10A472C8BAF1C ] W32Time         C:\Windows\system32\w32time.dll
07:29:36.0224 5452  W32Time - ok
07:29:36.0249 5452  [ DE3721E89C653AA281428C8A69745D90 ] WacomPen        C:\Windows\system32\DRIVERS\wacompen.sys
07:29:36.0250 5452  WacomPen - ok
07:29:36.0263 5452  [ 3C3C78515F5AB448B022BDF5B8FFDD2E ] WANARP          C:\Windows\system32\DRIVERS\wanarp.sys
07:29:36.0265 5452  WANARP - ok
07:29:36.0269 5452  [ 3C3C78515F5AB448B022BDF5B8FFDD2E ] Wanarpv6        C:\Windows\system32\DRIVERS\wanarp.sys
07:29:36.0270 5452  Wanarpv6 - ok
07:29:36.0316 5452  [ 691E3285E53DCA558E1A84667F13E15A ] wbengine        C:\Windows\system32\wbengine.exe
07:29:36.0332 5452  wbengine - ok
07:29:36.0363 5452  [ 9614B5D29DC76AC3C29F6D2D3AA70E67 ] WbioSrvc        C:\Windows\System32\wbiosrvc.dll
07:29:36.0368 5452  WbioSrvc - ok
07:29:36.0384 5452  [ 34EEE0DFAADB4F691D6D5308A51315DC ] wcncsvc         C:\Windows\System32\wcncsvc.dll
07:29:36.0389 5452  wcncsvc - ok
07:29:36.0402 5452  [ 5D930B6357A6D2AF4D7653BDABBF352F ] WcsPlugInService C:\Windows\System32\WcsPlugInService.dll
07:29:36.0405 5452  WcsPlugInService - ok
07:29:36.0420 5452  [ 1112A9BADACB47B7C0BB0392E3158DFF ] Wd              C:\Windows\system32\DRIVERS\wd.sys
07:29:36.0421 5452  Wd - ok
07:29:36.0452 5452  [ A840213F1ACDCC175B4D1D5AAEAC0D7A ] Wdf01000        C:\Windows\system32\drivers\Wdf01000.sys
07:29:36.0459 5452  Wdf01000 - ok
07:29:36.0498 5452  [ 46EF9DC96265FD0B423DB72E7C38C2A5 ] WdiServiceHost  C:\Windows\system32\wdi.dll
07:29:36.0502 5452  WdiServiceHost - ok
07:29:36.0505 5452  [ 46EF9DC96265FD0B423DB72E7C38C2A5 ] WdiSystemHost   C:\Windows\system32\wdi.dll
07:29:36.0509 5452  WdiSystemHost - ok
07:29:36.0526 5452  [ A9D880F97530D5B8FEE278923349929D ] WebClient       C:\Windows\System32\webclnt.dll
07:29:36.0532 5452  WebClient - ok
07:29:36.0544 5452  [ 760F0AFE937A77CFF27153206534F275 ] Wecsvc          C:\Windows\system32\wecsvc.dll
07:29:36.0548 5452  Wecsvc - ok
07:29:36.0561 5452  [ AC804569BB2364FB6017370258A4091B ] wercplsupport   C:\Windows\System32\wercplsupport.dll
07:29:36.0564 5452  wercplsupport - ok
07:29:36.0576 5452  [ 08E420D873E4FD85241EE2421B02C4A4 ] WerSvc          C:\Windows\System32\WerSvc.dll
07:29:36.0579 5452  WerSvc - ok
07:29:36.0600 5452  [ 8B9A943F3B53861F2BFAF6C186168F79 ] WfpLwf          C:\Windows\system32\DRIVERS\wfplwf.sys
07:29:36.0601 5452  WfpLwf - ok
07:29:36.0615 5452  [ 5CF95B35E59E2A38023836FFF31BE64C ] WIMMount        C:\Windows\system32\drivers\wimmount.sys
07:29:36.0616 5452  WIMMount - ok
07:29:36.0709 5452  [ 3FAE8F94296001C32EAB62CD7D82E0FD ] WinDefend       C:\Program Files\Windows Defender\mpsvc.dll
07:29:36.0723 5452  WinDefend - ok
07:29:36.0728 5452  WinHttpAutoProxySvc - ok
07:29:36.0782 5452  [ F62E510B6AD4C21EB9FE8668ED251826 ] Winmgmt         C:\Windows\system32\wbem\WMIsvc.dll
07:29:36.0792 5452  Winmgmt - ok
07:29:36.0826 5452  [ 1B91CD34EA3A90AB6A4EF0550174F4CC ] WinRM           C:\Windows\system32\WsmSvc.dll
07:29:36.0841 5452  WinRM - ok
07:29:36.0882 5452  [ A67E5F9A400F3BD1BE3D80613B45F708 ] WinUsb          C:\Windows\system32\DRIVERS\WinUsb.sys
07:29:36.0883 5452  WinUsb - ok
07:29:36.0903 5452  [ 16935C98FF639D185086A3529B1F2067 ] Wlansvc         C:\Windows\System32\wlansvc.dll
07:29:36.0914 5452  Wlansvc - ok
07:29:36.0945 5452  [ 0217679B8FCA58714C3BF2726D2CA84E ] WmiAcpi         C:\Windows\system32\drivers\wmiacpi.sys
07:29:36.0947 5452  WmiAcpi - ok
07:29:36.0964 5452  [ 6EB6B66517B048D87DC1856DDF1F4C3F ] wmiApSrv        C:\Windows\system32\wbem\WmiApSrv.exe
07:29:36.0973 5452  wmiApSrv - ok
07:29:37.0003 5452  [ 3B40D3A61AA8C21B88AE57C58AB3122E ] WMPNetworkSvc   C:\Program Files\Windows Media Player\wmpnetwk.exe
07:29:37.0012 5452  WMPNetworkSvc - ok
07:29:37.0033 5452  [ A2F0EC770A92F2B3F9DE6D518E11409C ] WPCSvc          C:\Windows\System32\wpcsvc.dll
07:29:37.0036 5452  WPCSvc - ok
07:29:37.0075 5452  [ AA53356D60AF47EACC85BC617A4F3F66 ] WPDBusEnum      C:\Windows\system32\wpdbusenum.dll
07:29:37.0078 5452  WPDBusEnum - ok
07:29:37.0113 5452  [ 6DB3276587B853BF886B69528FDB048C ] ws2ifsl         C:\Windows\system32\drivers\ws2ifsl.sys
07:29:37.0114 5452  ws2ifsl - ok
07:29:37.0124 5452  [ 6F5D49EFE0E7164E03AE773A3FE25340 ] wscsvc          C:\Windows\system32\wscsvc.dll
07:29:37.0127 5452  wscsvc - ok
07:29:37.0131 5452  WSearch - ok
07:29:37.0196 5452  [ FC3EC24FCE372C89423E015A2AC1A31E ] wuauserv        C:\Windows\system32\wuaueng.dll
07:29:37.0218 5452  wuauserv - ok
07:29:37.0246 5452  [ 06E6F32C8D0A3F66D956F57B43A2E070 ] WudfPf          C:\Windows\system32\drivers\WudfPf.sys
07:29:37.0248 5452  WudfPf - ok
07:29:37.0264 5452  [ 867C301E8B790040AE9CF6486E8041DF ] WUDFRd          C:\Windows\system32\DRIVERS\WUDFRd.sys
07:29:37.0265 5452  WUDFRd - ok
07:29:37.0290 5452  [ FE47B7BC8EA320C2D9B5E5BF6E303765 ] wudfsvc         C:\Windows\System32\WUDFSvc.dll
07:29:37.0294 5452  wudfsvc - ok
07:29:37.0319 5452  [ FF2D745B560F7C71B31F30F4D49F73D2 ] WwanSvc         C:\Windows\System32\wwansvc.dll
07:29:37.0325 5452  WwanSvc - ok
07:29:37.0353 5452  ================ Scan global ===============================
07:29:37.0383 5452  [ DAB748AE0439955ED2FA22357533DDDB ] C:\Windows\system32\basesrv.dll
07:29:37.0406 5452  [ 1F5F07091D50244F17DD8D5147A628CC ] C:\Windows\system32\winsrv.dll
07:29:37.0414 5452  [ 1F5F07091D50244F17DD8D5147A628CC ] C:\Windows\system32\winsrv.dll
07:29:37.0441 5452  [ 364455805E64882844EE9ACB72522830 ] C:\Windows\system32\sxssrv.dll
07:29:37.0463 5452  [ 5F1B6A9C35D3D5CA72D6D6FDEF9747D6 ] C:\Windows\system32\services.exe
07:29:37.0467 5452  [Global] - ok
07:29:37.0468 5452  ================ Scan MBR ==================================
07:29:37.0477 5452  [ A36C5E4F47E84449FF07ED3517B43A31 ] \Device\Harddisk0\DR0
07:29:37.0691 5452  \Device\Harddisk0\DR0 - ok
07:29:37.0697 5452  [ 5FB38429D5D77768867C76DCBDB35194 ] \Device\Harddisk5\DR6
07:29:37.0704 5452  \Device\Harddisk5\DR6 - ok
07:29:37.0705 5452  ================ Scan VBR ==================================
07:29:37.0707 5452  [ 9A921452B320930199AF6159752D31BB ] \Device\Harddisk0\DR0\Partition1
07:29:37.0711 5452  \Device\Harddisk0\DR0\Partition1 - ok
07:29:37.0728 5452  [ 23CE4340CAEE4E845EEB1AD9D259ADD1 ] \Device\Harddisk0\DR0\Partition2
07:29:37.0730 5452  \Device\Harddisk0\DR0\Partition2 - ok
07:29:37.0734 5452  [ 160D40A47227B5A8F049EB166192B40B ] \Device\Harddisk5\DR6\Partition1
07:29:37.0735 5452  \Device\Harddisk5\DR6\Partition1 - ok
07:29:37.0736 5452  ============================================================
07:29:37.0736 5452  Scan finished
07:29:37.0736 5452  ============================================================
07:29:37.0745 4324  Detected object count: 0
07:29:37.0745 4324  Actual detected object count: 0
Angehängte Grafiken
Dateityp: png Avira-Meldung während aswMBR Scan 1.PNG (53,1 KB, 183x aufgerufen)
Dateityp: png Avira-Meldung während aswMBR Scan 2.PNG (51,2 KB, 193x aufgerufen)

Alt 08.05.2013, 09:12   #8
cosinus
/// Winkelfunktion
/// TB-Süch-Tiger™
 
Bundesministerium für Internetsicherheit - Kompromitierter Rechner - Standard

Bundesministerium für Internetsicherheit - Kompromitierter Rechner


Code:
ATTFilter
07:29:20.0984 5452  Scan started
07:29:20.0984 5452  Mode: Manual;
Du hast den tdsskiller falsch eingestellt; bitte die Anleitungen richtig lesen und umsetzen
__________________
Logfiles bitte immer in CODE-Tags posten

Alt 08.05.2013, 11:15   #9
SuppiSuppenh
 
Bundesministerium für Internetsicherheit - Kompromitierter Rechner - Standard

Bundesministerium für Internetsicherheit - Kompromitierter Rechner


Oh, sorry !

Hier der Scan mit den Häkchen ...
Code:
ATTFilter
10:24:24.0423 5728  TDSS rootkit removing tool 2.8.16.0 Feb 11 2013 18:50:42
10:24:24.0706 5728  ============================================================
10:24:24.0706 5728  Current date / time: 2013/05/08 10:24:24.0706
10:24:24.0706 5728  SystemInfo:
10:24:24.0706 5728  
10:24:24.0707 5728  OS Version: 6.1.7601 ServicePack: 1.0
10:24:24.0707 5728  Product type: Workstation
10:24:24.0707 5728  ComputerName: MARTIN-PC
10:24:24.0707 5728  UserName: Martin
10:24:24.0707 5728  Windows directory: C:\Windows
10:24:24.0707 5728  System windows directory: C:\Windows
10:24:24.0707 5728  Processor architecture: Intel x86
10:24:24.0707 5728  Number of processors: 4
10:24:24.0707 5728  Page size: 0x1000
10:24:24.0707 5728  Boot type: Normal boot
10:24:24.0707 5728  ============================================================
10:24:27.0447 5728  Drive \Device\Harddisk0\DR0 - Size: 0xE8E0DB6000 (931.51 Gb), SectorSize: 0x200, Cylinders: 0x1DB01, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000050
10:24:27.0470 5728  ============================================================
10:24:27.0470 5728  \Device\Harddisk0\DR0:
10:24:27.0470 5728  MBR partitions:
10:24:27.0470 5728  \Device\Harddisk0\DR0\Partition1: MBR, Type 0x7, StartLBA 0x3F, BlocksNum 0xC531948
10:24:27.0491 5728  \Device\Harddisk0\DR0\Partition2: MBR, Type 0x7, StartLBA 0xC5319C6, BlocksNum 0x681D3FFB
10:24:27.0491 5728  ============================================================
10:24:27.0528 5728  C: <-> \Device\Harddisk0\DR0\Partition1
10:24:27.0566 5728  D: <-> \Device\Harddisk0\DR0\Partition2
10:24:27.0566 5728  ============================================================
10:24:27.0566 5728  Initialize success
10:24:27.0566 5728  ============================================================
10:25:31.0794 5080  ============================================================
10:25:31.0794 5080  Scan started
10:25:31.0794 5080  Mode: Manual; SigCheck; TDLFS; 
10:25:31.0794 5080  ============================================================
10:25:33.0485 5080  ================ Scan system memory ========================
10:25:33.0485 5080  System memory - ok
10:25:33.0485 5080  ================ Scan services =============================
10:25:33.0615 5080  [ 1B133875B8AA8AC48969BD3458AFE9F5 ] 1394ohci        C:\Windows\system32\drivers\1394ohci.sys
10:25:33.0731 5080  1394ohci - ok
10:25:33.0763 5080  [ CEA80C80BED809AA0DA6FEBC04733349 ] ACPI            C:\Windows\system32\drivers\ACPI.sys
10:25:33.0788 5080  ACPI - ok
10:25:33.0809 5080  [ 1EFBC664ABFF416D1D07DB115DCB264F ] AcpiPmi         C:\Windows\system32\drivers\acpipmi.sys
10:25:33.0892 5080  AcpiPmi - ok
10:25:33.0973 5080  [ 3927397AC60D943DAF8808AFFED582B7 ] AdobeARMservice C:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe
10:25:33.0987 5080  AdobeARMservice - ok
10:25:34.0072 5080  [ EA856F4A46320389D1899B2CAA7BF40F ] AdobeFlashPlayerUpdateSvc C:\Windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe
10:25:34.0089 5080  AdobeFlashPlayerUpdateSvc - ok
10:25:34.0144 5080  [ 21E785EBD7DC90A06391141AAC7892FB ] adp94xx         C:\Windows\system32\DRIVERS\adp94xx.sys
10:25:34.0174 5080  adp94xx - ok
10:25:34.0182 5080  [ 0C676BC278D5B59FF5ABD57BBE9123F2 ] adpahci         C:\Windows\system32\DRIVERS\adpahci.sys
10:25:34.0205 5080  adpahci - ok
10:25:34.0211 5080  [ 7C7B5EE4B7B822EC85321FE23A27DB33 ] adpu320         C:\Windows\system32\DRIVERS\adpu320.sys
10:25:34.0231 5080  adpu320 - ok
10:25:34.0258 5080  [ 8B5EEFEEC1E6D1A72A06C526628AD161 ] AeLookupSvc     C:\Windows\System32\aelupsvc.dll
10:25:34.0305 5080  AeLookupSvc - ok
10:25:34.0366 5080  [ 9EBBBA55060F786F0FCAA3893BFA2806 ] AFD             C:\Windows\system32\drivers\afd.sys
10:25:34.0418 5080  AFD - ok
10:25:34.0432 5080  [ 507812C3054C21CEF746B6EE3D04DD6E ] agp440          C:\Windows\system32\drivers\agp440.sys
10:25:34.0450 5080  agp440 - ok
10:25:34.0473 5080  [ 8B30250D573A8F6B4BD23195160D8707 ] aic78xx         C:\Windows\system32\DRIVERS\djsvs.sys
10:25:34.0492 5080  aic78xx - ok
10:25:34.0534 5080  AIDA64Driver - ok
10:25:34.0542 5080  [ 18A54E132947CD98FEA9ACCC57F98F13 ] ALG             C:\Windows\System32\alg.exe
10:25:34.0596 5080  ALG - ok
10:25:34.0613 5080  [ 0D40BCF52EA90FC7DF2AEAB6503DEA44 ] aliide          C:\Windows\system32\drivers\aliide.sys
10:25:34.0632 5080  aliide - ok
10:25:34.0669 5080  [ F970EA885AEFEB1B9EB97CA7F1EB226D ] AMD External Events Utility C:\Windows\system32\atiesrxx.exe
10:25:34.0725 5080  AMD External Events Utility - ok
10:25:34.0730 5080  [ 3C6600A0696E90A463771C7422E23AB5 ] amdagp          C:\Windows\system32\drivers\amdagp.sys
10:25:34.0749 5080  amdagp - ok
10:25:34.0762 5080  [ CD5914170297126B6266860198D1D4F0 ] amdide          C:\Windows\system32\drivers\amdide.sys
10:25:34.0778 5080  amdide - ok
10:25:34.0791 5080  [ 00DDA200D71BAC534BF56A9DB5DFD666 ] AmdK8           C:\Windows\system32\DRIVERS\amdk8.sys
10:25:34.0836 5080  AmdK8 - ok
10:25:35.0001 5080  [ AB70F110143892EB41AA46500AA5CF00 ] amdkmdag        C:\Windows\system32\DRIVERS\atikmdag.sys
10:25:35.0343 5080  amdkmdag - ok
10:25:35.0367 5080  [ 32D68D05B871EED5572D0C2C764EA4EC ] amdkmdap        C:\Windows\system32\DRIVERS\atikmpag.sys
10:25:35.0399 5080  amdkmdap - ok
10:25:35.0414 5080  [ 3CBF30F5370FDA40DD3E87DF38EA53B6 ] AmdPPM          C:\Windows\system32\DRIVERS\amdppm.sys
10:25:35.0434 5080  AmdPPM - ok
10:25:35.0467 5080  [ D320BF87125326F996D4904FE24300FC ] amdsata         C:\Windows\system32\drivers\amdsata.sys
10:25:35.0488 5080  amdsata - ok
10:25:35.0502 5080  [ EA43AF0C423FF267355F74E7A53BDABA ] amdsbs          C:\Windows\system32\DRIVERS\amdsbs.sys
10:25:35.0523 5080  amdsbs - ok
10:25:35.0540 5080  [ 46387FB17B086D16DEA267D5BE23A2F2 ] amdxata         C:\Windows\system32\drivers\amdxata.sys
10:25:35.0557 5080  amdxata - ok
10:25:35.0637 5080  [ D9A92E6DD41C5ADC045AE485026AA40C ] AntiVirSchedulerService C:\Program Files\Avira\AntiVir Desktop\sched.exe
10:25:35.0650 5080  AntiVirSchedulerService - ok
10:25:35.0712 5080  [ 66A7A38F7C439153B758548375EB9E5E ] AntiVirService  C:\Program Files\Avira\AntiVir Desktop\avguard.exe
10:25:35.0724 5080  AntiVirService - ok
10:25:35.0751 5080  [ AEA177F783E20150ACE5383EE368DA19 ] AppID           C:\Windows\system32\drivers\appid.sys
10:25:35.0846 5080  AppID - ok
10:25:35.0872 5080  [ 62A9C86CB6085E20DB4823E4E97826F5 ] AppIDSvc        C:\Windows\System32\appidsvc.dll
10:25:35.0919 5080  AppIDSvc - ok
10:25:35.0941 5080  [ FB1959012294D6AD43E5304DF65E3C26 ] Appinfo         C:\Windows\System32\appinfo.dll
10:25:35.0992 5080  Appinfo - ok
10:25:36.0054 5080  [ 7EF47644B74EBE721CC32211D3C35E76 ] Apple Mobile Device C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
10:25:36.0067 5080  Apple Mobile Device - ok
10:25:36.0084 5080  [ 2932004F49677BD84DBC72EDB754FFB3 ] arc             C:\Windows\system32\DRIVERS\arc.sys
10:25:36.0104 5080  arc - ok
10:25:36.0109 5080  [ 5D6F36C46FD283AE1B57BD2E9FEB0BC7 ] arcsas          C:\Windows\system32\DRIVERS\arcsas.sys
10:25:36.0128 5080  arcsas - ok
10:25:36.0162 5080  [ 9D8CB58B9A9E177DDD599791A58A654D ] AsIO            C:\Windows\system32\drivers\AsIO.sys
10:25:36.0539 5080  AsIO - ok
10:25:36.0557 5080  [ E67493490466B5F04B58C22D2590E8CA ] AsUpIO          C:\Windows\system32\drivers\AsUpIO.sys
10:25:36.0570 5080  AsUpIO - ok
10:25:36.0577 5080  [ ADD2ADE1C2B285AB8378D2DAAF991481 ] AsyncMac        C:\Windows\system32\DRIVERS\asyncmac.sys
10:25:36.0668 5080  AsyncMac - ok
10:25:36.0687 5080  [ 338C86357871C167A96AB976519BF59E ] atapi           C:\Windows\system32\drivers\atapi.sys
10:25:36.0700 5080  atapi - ok
10:25:36.0749 5080  [ 7725AECCEDDF81BD8374C77157E450EA ] AtiHDAudioService C:\Windows\system32\drivers\AtihdW73.sys
10:25:36.0765 5080  AtiHDAudioService - ok
10:25:36.0924 5080  [ AB70F110143892EB41AA46500AA5CF00 ] atikmdag        C:\Windows\system32\DRIVERS\atikmdag.sys
10:25:37.0026 5080  atikmdag - ok
10:25:37.0066 5080  [ CE3B4E731638D2EF62FCB419BE0D39F0 ] AudioEndpointBuilder C:\Windows\System32\Audiosrv.dll
10:25:37.0132 5080  AudioEndpointBuilder - ok
10:25:37.0139 5080  [ CE3B4E731638D2EF62FCB419BE0D39F0 ] Audiosrv        C:\Windows\System32\Audiosrv.dll
10:25:37.0168 5080  Audiosrv - ok
10:25:37.0200 5080  [ 87425709A251386064C99B684BF96F72 ] avgntflt        C:\Windows\system32\DRIVERS\avgntflt.sys
10:25:37.0221 5080  avgntflt - ok
10:25:37.0271 5080  [ D50FBA68163BC498F2C136E0E5BA8E2F ] avipbb          C:\Windows\system32\DRIVERS\avipbb.sys
10:25:37.0293 5080  avipbb - ok
10:25:37.0360 5080  [ CB8741CD7B126499FED40C9B197F6AC5 ] avkmgr          C:\Windows\system32\DRIVERS\avkmgr.sys
10:25:37.0378 5080  avkmgr - ok
10:25:37.0406 5080  [ 263CF9D248FD5E020A1333ED4F7EAA88 ] avmeject        C:\Windows\system32\drivers\avmeject.sys
10:25:37.0427 5080  avmeject ( UnsignedFile.Multi.Generic ) - warning
10:25:37.0427 5080  avmeject - detected UnsignedFile.Multi.Generic (1)
10:25:37.0473 5080  [ 6E30D02AAC9CAC84F421622E3A2F6178 ] AxInstSV        C:\Windows\System32\AxInstSV.dll
10:25:37.0527 5080  AxInstSV - ok
10:25:37.0566 5080  [ 1A231ABEC60FD316EC54C66715543CEC ] b06bdrv         C:\Windows\system32\DRIVERS\bxvbdx.sys
10:25:37.0606 5080  b06bdrv - ok
10:25:37.0625 5080  [ BD8869EB9CDE6BBE4508D869929869EE ] b57nd60x        C:\Windows\system32\DRIVERS\b57nd60x.sys
10:25:37.0650 5080  b57nd60x - ok
10:25:37.0735 5080  [ EE1E9C3BB8228AE423DD38DB69128E71 ] BDESVC          C:\Windows\System32\bdesvc.dll
10:25:37.0780 5080  BDESVC - ok
10:25:37.0795 5080  [ 505506526A9D467307B3C393DEDAF858 ] Beep            C:\Windows\system32\drivers\Beep.sys
10:25:37.0835 5080  Beep - ok
10:25:37.0870 5080  [ 1E2BAC209D184BB851E1A187D8A29136 ] BFE             C:\Windows\System32\bfe.dll
10:25:37.0925 5080  BFE - ok
10:25:37.0958 5080  [ E585445D5021971FAE10393F0F1C3961 ] BITS            C:\Windows\system32\qmgr.dll
10:25:38.0003 5080  BITS - ok
10:25:38.0016 5080  [ 2287078ED48FCFC477B05B20CF38F36F ] blbdrive        C:\Windows\system32\DRIVERS\blbdrive.sys
10:25:38.0044 5080  blbdrive - ok
10:25:38.0098 5080  [ DB5BEA73EDAF19AC68B2C0FAD0F92B1A ] Bonjour Service C:\Program Files\Bonjour\mDNSResponder.exe
10:25:38.0112 5080  Bonjour Service - ok
10:25:38.0139 5080  [ 8F2DA3028D5FCBD1A060A3DE64CD6506 ] bowser          C:\Windows\system32\DRIVERS\bowser.sys
10:25:38.0185 5080  bowser - ok
10:25:38.0199 5080  [ 9F9ACC7F7CCDE8A15C282D3F88B43309 ] BrFiltLo        C:\Windows\system32\DRIVERS\BrFiltLo.sys
10:25:38.0232 5080  BrFiltLo - ok
10:25:38.0246 5080  [ 56801AD62213A41F6497F96DEE83755A ] BrFiltUp        C:\Windows\system32\DRIVERS\BrFiltUp.sys
10:25:38.0281 5080  BrFiltUp - ok
10:25:38.0351 5080  [ 77361D72A04F18809D0EFB6CCEB74D4B ] BridgeMP        C:\Windows\system32\DRIVERS\bridge.sys
10:25:38.0385 5080  BridgeMP - ok
10:25:38.0413 5080  [ 3DAA727B5B0A45039B0E1C9A211B8400 ] Browser         C:\Windows\System32\browser.dll
10:25:38.0445 5080  Browser - ok
10:25:38.0458 5080  [ 845B8CE732E67F3B4133164868C666EA ] Brserid         C:\Windows\System32\Drivers\Brserid.sys
10:25:38.0504 5080  Brserid - ok
10:25:38.0513 5080  [ 203F0B1E73ADADBBB7B7B1FABD901F6B ] BrSerWdm        C:\Windows\System32\Drivers\BrSerWdm.sys
10:25:38.0534 5080  BrSerWdm - ok
10:25:38.0547 5080  [ BD456606156BA17E60A04E18016AE54B ] BrUsbMdm        C:\Windows\System32\Drivers\BrUsbMdm.sys
10:25:38.0572 5080  BrUsbMdm - ok
10:25:38.0591 5080  [ AF72ED54503F717A43268B3CC5FAEC2E ] BrUsbSer        C:\Windows\System32\Drivers\BrUsbSer.sys
10:25:38.0615 5080  BrUsbSer - ok
10:25:38.0631 5080  [ ED3DF7C56CE0084EB2034432FC56565A ] BTHMODEM        C:\Windows\system32\DRIVERS\bthmodem.sys
10:25:38.0664 5080  BTHMODEM - ok
10:25:38.0728 5080  [ 1DF19C96EEF6C29D1C3E1A8678E07190 ] bthserv         C:\Windows\system32\bthserv.dll
10:25:38.0778 5080  bthserv - ok
10:25:38.0887 5080  catchme - ok
10:25:38.0894 5080  [ 77EA11B065E0A8AB902D78145CA51E10 ] cdfs            C:\Windows\system32\DRIVERS\cdfs.sys
10:25:38.0939 5080  cdfs - ok
10:25:38.0978 5080  [ BE167ED0FDB9C1FA1133953C18D5A6C9 ] cdrom           C:\Windows\system32\DRIVERS\cdrom.sys
10:25:39.0012 5080  cdrom - ok
10:25:39.0058 5080  [ 319C6B309773D063541D01DF8AC6F55F ] CertPropSvc     C:\Windows\System32\certprop.dll
10:25:39.0100 5080  CertPropSvc - ok
10:25:39.0115 5080  [ 3FE3FE94A34DF6FB06E6418D0F6A0060 ] circlass        C:\Windows\system32\DRIVERS\circlass.sys
10:25:39.0135 5080  circlass - ok
10:25:39.0166 5080  [ 635181E0E9BBF16871BF5380D71DB02D ] CLFS            C:\Windows\system32\CLFS.sys
10:25:39.0190 5080  CLFS - ok
10:25:39.0247 5080  [ D88040F816FDA31C3B466F0FA0918F29 ] clr_optimization_v2.0.50727_32 C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe
10:25:39.0267 5080  clr_optimization_v2.0.50727_32 - ok
10:25:39.0320 5080  [ C5A75EB48E2344ABDC162BDA79E16841 ] clr_optimization_v4.0.30319_32 C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe
10:25:39.0379 5080  clr_optimization_v4.0.30319_32 - ok
10:25:39.0395 5080  [ DEA805815E587DAD1DD2C502220B5616 ] CmBatt          C:\Windows\system32\DRIVERS\CmBatt.sys
10:25:39.0412 5080  CmBatt - ok
10:25:39.0444 5080  [ C537B1DB64D495B9B4717B4D6D9EDBF2 ] cmdide          C:\Windows\system32\drivers\cmdide.sys
10:25:39.0460 5080  cmdide - ok
10:25:39.0491 5080  [ 247B4CE2DAB1160CD422D532D5241E1F ] CNG             C:\Windows\system32\Drivers\cng.sys
10:25:39.0533 5080  CNG - ok
10:25:39.0543 5080  [ A6023D3823C37043986713F118A89BEE ] Compbatt        C:\Windows\system32\DRIVERS\compbatt.sys
10:25:39.0560 5080  Compbatt - ok
10:25:39.0575 5080  [ CBE8C58A8579CFE5FCCF809E6F114E89 ] CompositeBus    C:\Windows\system32\drivers\CompositeBus.sys
10:25:39.0607 5080  CompositeBus - ok
10:25:39.0611 5080  COMSysApp - ok
10:25:39.0627 5080  [ 2C4EBCFC84A9B44F209DFF6C6E6C61D1 ] crcdisk         C:\Windows\system32\DRIVERS\crcdisk.sys
10:25:39.0644 5080  crcdisk - ok
10:25:39.0711 5080  [ 96C0E38905CFD788313BE8E11DAE3F2F ] CryptSvc        C:\Windows\system32\cryptsvc.dll
10:25:39.0770 5080  CryptSvc - ok
10:25:39.0795 5080  [ 7660F01D3B38ACA1747E397D21D790AF ] DcomLaunch      C:\Windows\system32\rpcss.dll
10:25:39.0842 5080  DcomLaunch - ok
10:25:39.0866 5080  [ 8D6E10A2D9A5EED59562D9B82CF804E1 ] defragsvc       C:\Windows\System32\defragsvc.dll
10:25:39.0912 5080  defragsvc - ok
10:25:39.0938 5080  [ F024449C97EC1E464AAFFDA18593DB88 ] DfsC            C:\Windows\system32\Drivers\dfsc.sys
10:25:39.0975 5080  DfsC - ok
10:25:40.0018 5080  [ 649705E3DAE598BC0F957BACBF9A2BD5 ] dg_ssudbus      C:\Windows\system32\DRIVERS\ssudbus.sys
10:25:40.0037 5080  dg_ssudbus - ok
10:25:40.0060 5080  [ E9E01EB683C132F7FA27CD607B8A2B63 ] Dhcp            C:\Windows\system32\dhcpcore.dll
10:25:40.0106 5080  Dhcp - ok
10:25:40.0121 5080  [ 1A050B0274BFB3890703D490F330C0DA ] discache        C:\Windows\system32\drivers\discache.sys
10:25:40.0168 5080  discache - ok
10:25:40.0195 5080  [ 565003F326F99802E68CA78F2A68E9FF ] Disk            C:\Windows\system32\DRIVERS\disk.sys
10:25:40.0213 5080  Disk - ok
10:25:40.0245 5080  [ 33EF4861F19A0736B11314AAD9AE28D0 ] Dnscache        C:\Windows\System32\dnsrslvr.dll
10:25:40.0307 5080  Dnscache - ok
10:25:40.0338 5080  [ 366BA8FB4B7BB7435E3B9EACB3843F67 ] dot3svc         C:\Windows\System32\dot3svc.dll
10:25:40.0375 5080  dot3svc - ok
10:25:40.0402 5080  [ 8EC04CA86F1D68DA9E11952EB85973D6 ] DPS             C:\Windows\system32\dps.dll
10:25:40.0449 5080  DPS - ok
10:25:40.0476 5080  [ B918E7C5F9BF77202F89E1A9539F2EB4 ] drmkaud         C:\Windows\system32\drivers\drmkaud.sys
10:25:40.0501 5080  drmkaud - ok
10:25:40.0540 5080  [ 23F5D28378A160352BA8F817BD8C71CB ] DXGKrnl         C:\Windows\System32\drivers\dxgkrnl.sys
10:25:40.0573 5080  DXGKrnl - ok
10:25:40.0604 5080  [ 8600142FA91C1B96367D3300AD0F3F3A ] EapHost         C:\Windows\System32\eapsvc.dll
10:25:40.0646 5080  EapHost - ok
10:25:40.0752 5080  [ 024E1B5CAC09731E4D868E64DBFB4AB0 ] ebdrv           C:\Windows\system32\DRIVERS\evbdx.sys
10:25:40.0830 5080  ebdrv - ok
10:25:40.0849 5080  [ 81951F51E318AECC2D68559E47485CC4 ] EFS             C:\Windows\System32\lsass.exe
10:25:40.0895 5080  EFS - ok
10:25:40.0941 5080  [ A8C362018EFC87BEB013EE28F29C0863 ] ehRecvr         C:\Windows\ehome\ehRecvr.exe
10:25:41.0010 5080  ehRecvr - ok
10:25:41.0036 5080  [ D389BFF34F80CAEDE417BF9D1507996A ] ehSched         C:\Windows\ehome\ehsched.exe
10:25:41.0080 5080  ehSched - ok
10:25:41.0120 5080  [ 0ED67910C8C326796FAA00B2BF6D9D3C ] elxstor         C:\Windows\system32\DRIVERS\elxstor.sys
10:25:41.0151 5080  elxstor - ok
10:25:41.0194 5080  [ 8FC3208352DD3912C94367A206AB3F11 ] ErrDev          C:\Windows\system32\drivers\errdev.sys
10:25:41.0222 5080  ErrDev - ok
10:25:41.0259 5080  [ F6916EFC29D9953D5D0DF06882AE8E16 ] EventSystem     C:\Windows\system32\es.dll
10:25:41.0309 5080  EventSystem - ok
10:25:41.0327 5080  [ 2DC9108D74081149CC8B651D3A26207F ] exfat           C:\Windows\system32\drivers\exfat.sys
10:25:41.0367 5080  exfat - ok
10:25:41.0386 5080  [ 7E0AB74553476622FB6AE36F73D97D35 ] fastfat         C:\Windows\system32\drivers\fastfat.sys
10:25:41.0420 5080  fastfat - ok
10:25:41.0459 5080  [ 967EA5B213E9984CBE270205DF37755B ] Fax             C:\Windows\system32\fxssvc.exe
10:25:41.0508 5080  Fax - ok
10:25:41.0519 5080  [ E817A017F82DF2A1F8CFDBDA29388B29 ] fdc             C:\Windows\system32\DRIVERS\fdc.sys
10:25:41.0536 5080  fdc - ok
10:25:41.0557 5080  [ F3222C893BD2F5821A0179E5C71E88FB ] fdPHost         C:\Windows\system32\fdPHost.dll
10:25:41.0587 5080  fdPHost - ok
10:25:41.0594 5080  [ 7DBE8CBFE79EFBDEB98C9FB08D3A9A5B ] FDResPub        C:\Windows\system32\fdrespub.dll
10:25:41.0636 5080  FDResPub - ok
10:25:41.0649 5080  [ 6CF00369C97F3CF563BE99BE983D13D8 ] FileInfo        C:\Windows\system32\drivers\fileinfo.sys
10:25:41.0666 5080  FileInfo - ok
10:25:41.0671 5080  [ 42C51DC94C91DA21CB9196EB64C45DB9 ] Filetrace       C:\Windows\system32\drivers\filetrace.sys
10:25:41.0712 5080  Filetrace - ok
10:25:41.0730 5080  [ 87907AA70CB3C56600F1C2FB8841579B ] flpydisk        C:\Windows\system32\DRIVERS\flpydisk.sys
10:25:41.0747 5080  flpydisk - ok
10:25:41.0779 5080  [ 7520EC808E0C35E0EE6F841294316653 ] FltMgr          C:\Windows\system32\drivers\fltmgr.sys
10:25:41.0802 5080  FltMgr - ok
10:25:41.0861 5080  [ B3A5EC6B6B6673DB7E87C2BCDBDDC074 ] FontCache       C:\Windows\system32\FntCache.dll
10:25:41.0904 5080  FontCache - ok
10:25:41.0956 5080  [ E56F39F6B7FDA0AC77A79B0FD3DE1A2F ] FontCache3.0.0.0 C:\Windows\Microsoft.Net\Framework\v3.0\WPF\PresentationFontCache.exe
10:25:41.0968 5080  FontCache3.0.0.0 - ok
10:25:41.0981 5080  [ 1A16B57943853E598CFF37FE2B8CBF1D ] FsDepends       C:\Windows\system32\drivers\FsDepends.sys
10:25:42.0000 5080  FsDepends - ok
10:25:42.0029 5080  [ 7DAE5EBCC80E45D3253F4923DC424D05 ] Fs_Rec          C:\Windows\system32\drivers\Fs_Rec.sys
10:25:42.0047 5080  Fs_Rec - ok
10:25:42.0085 5080  [ E306A24D9694C724FA2491278BF50FDB ] fvevol          C:\Windows\system32\DRIVERS\fvevol.sys
10:25:42.0115 5080  fvevol - ok
10:25:42.0153 5080  [ 49BFA64D5EEE3CBE4137E131CC8554AF ] fwlanusb5       C:\Windows\system32\DRIVERS\fwlanusb5.sys
10:25:42.0203 5080  fwlanusb5 - ok
10:25:42.0226 5080  [ 65EE0C7A58B65E74AE05637418153938 ] gagp30kx        C:\Windows\system32\DRIVERS\gagp30kx.sys
10:25:42.0244 5080  gagp30kx - ok
10:25:42.0262 5080  [ 8182FF89C65E4D38B2DE4BB0FB18564E ] GEARAspiWDM     C:\Windows\system32\DRIVERS\GEARAspiWDM.sys
10:25:42.0275 5080  GEARAspiWDM - ok
10:25:42.0303 5080  [ E897EAF5ED6BA41E081060C9B447A673 ] gpsvc           C:\Windows\System32\gpsvc.dll
10:25:42.0355 5080  gpsvc - ok
10:25:42.0400 5080  [ 833051C6C6C42117191935F734CFBD97 ] hamachi         C:\Windows\system32\DRIVERS\hamachi.sys
10:25:42.0417 5080  hamachi - ok
10:25:42.0518 5080  Hamachi2Svc - ok
10:25:42.0537 5080  [ C44E3C2BAB6837DB337DDEE7544736DB ] hcw85cir        C:\Windows\system32\drivers\hcw85cir.sys
10:25:42.0575 5080  hcw85cir - ok
10:25:42.0614 5080  [ A5EF29D5315111C80A5C1ABAD14C8972 ] HdAudAddService C:\Windows\system32\drivers\HdAudio.sys
10:25:42.0652 5080  HdAudAddService - ok
10:25:42.0688 5080  [ 9036377B8A6C15DC2EEC53E489D159B5 ] HDAudBus        C:\Windows\system32\DRIVERS\HDAudBus.sys
10:25:42.0715 5080  HDAudBus - ok
10:25:42.0724 5080  [ 1D58A7F3E11A9731D0EAAAA8405ACC36 ] HidBatt         C:\Windows\system32\DRIVERS\HidBatt.sys
10:25:42.0754 5080  HidBatt - ok
10:25:42.0779 5080  [ 89448F40E6DF260C206A193A4683BA78 ] HidBth          C:\Windows\system32\DRIVERS\hidbth.sys
10:25:42.0805 5080  HidBth - ok
10:25:42.0827 5080  [ CF50B4CF4A4F229B9F3C08351F99CA5E ] HidIr           C:\Windows\system32\DRIVERS\hidir.sys
10:25:42.0854 5080  HidIr - ok
10:25:42.0886 5080  [ 2BC6F6A1992B3A77F5F41432CA6B3B6B ] hidserv         C:\Windows\System32\hidserv.dll
10:25:42.0932 5080  hidserv - ok
10:25:42.0971 5080  [ 10C19F8290891AF023EAEC0832E1EB4D ] HidUsb          C:\Windows\system32\DRIVERS\hidusb.sys
10:25:42.0989 5080  HidUsb - ok
10:25:43.0015 5080  [ 196B4E3F4CCCC24AF836CE58FACBB699 ] hkmsvc          C:\Windows\system32\kmsvc.dll
10:25:43.0057 5080  hkmsvc - ok
10:25:43.0085 5080  [ 6658F4404DE03D75FE3BA09F7ABA6A30 ] HomeGroupListener C:\Windows\system32\ListSvc.dll
10:25:43.0117 5080  HomeGroupListener - ok
10:25:43.0148 5080  [ DBC02D918FFF1CAD628ACBE0C0EAA8E8 ] HomeGroupProvider C:\Windows\system32\provsvc.dll
10:25:43.0188 5080  HomeGroupProvider - ok
10:25:43.0220 5080  [ 295FDC419039090EB8B49FFDBB374549 ] HpSAMD          C:\Windows\system32\drivers\HpSAMD.sys
10:25:43.0239 5080  HpSAMD - ok
10:25:43.0285 5080  [ 871917B07A141BFF43D76D8844D48106 ] HTTP            C:\Windows\system32\drivers\HTTP.sys
10:25:43.0328 5080  HTTP - ok
10:25:43.0356 5080  [ 0C4E035C7F105F1299258C90886C64C5 ] hwpolicy        C:\Windows\system32\drivers\hwpolicy.sys
10:25:43.0372 5080  hwpolicy - ok
10:25:43.0377 5080  [ F151F0BDC47F4A28B1B20A0818EA36D6 ] i8042prt        C:\Windows\system32\DRIVERS\i8042prt.sys
10:25:43.0407 5080  i8042prt - ok
10:25:43.0429 5080  [ 5CD5F9A5444E6CDCB0AC89BD62D8B76E ] iaStorV         C:\Windows\system32\drivers\iaStorV.sys
10:25:43.0455 5080  iaStorV - ok
10:25:43.0540 5080  [ 1CF03C69B49ACB70C722DF92755C0C8C ] IDriverT        C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
10:25:43.0571 5080  IDriverT ( UnsignedFile.Multi.Generic ) - warning
10:25:43.0571 5080  IDriverT - detected UnsignedFile.Multi.Generic (1)
10:25:43.0607 5080  [ C521D7EB6497BB1AF6AFA89E322FB43C ] idsvc           C:\Windows\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\infocard.exe
10:25:43.0652 5080  idsvc - ok
10:25:43.0701 5080  [ 4173FF5708F3236CF25195FECD742915 ] iirsp           C:\Windows\system32\DRIVERS\iirsp.sys
10:25:43.0720 5080  iirsp - ok
10:25:43.0751 5080  [ F95622F161474511B8D80D6B093AA610 ] IKEEXT          C:\Windows\System32\ikeext.dll
10:25:43.0802 5080  IKEEXT - ok
10:25:43.0898 5080  [ 763FA415837A3768CF5E6C6FB8626602 ] IntcAzAudAddService C:\Windows\system32\drivers\RTKVHDA.sys
10:25:43.0964 5080  IntcAzAudAddService - ok
10:25:43.0978 5080  [ A0F12F2C9BA6C72F3987CE780E77C130 ] intelide        C:\Windows\system32\drivers\intelide.sys
10:25:43.0995 5080  intelide - ok
10:25:44.0023 5080  [ 3B514D27BFC4ACCB4037BC6685F766E0 ] intelppm        C:\Windows\system32\DRIVERS\intelppm.sys
10:25:44.0050 5080  intelppm - ok
10:25:44.0080 5080  [ ACB364B9075A45C0736E5C47BE5CAE19 ] IPBusEnum       C:\Windows\system32\ipbusenum.dll
10:25:44.0124 5080  IPBusEnum - ok
10:25:44.0143 5080  [ 709D1761D3B19A932FF0238EA6D50200 ] IpFilterDriver  C:\Windows\system32\DRIVERS\ipfltdrv.sys
10:25:44.0181 5080  IpFilterDriver - ok
10:25:44.0208 5080  [ 58F67245D041FBE7AF88F4EAF79DF0FA ] iphlpsvc        C:\Windows\System32\iphlpsvc.dll
10:25:44.0257 5080  iphlpsvc - ok
10:25:44.0301 5080  [ 4BD7134618C1D2A27466A099062547BF ] IPMIDRV         C:\Windows\system32\drivers\IPMIDrv.sys
10:25:44.0337 5080  IPMIDRV - ok
10:25:44.0361 5080  [ A5FA468D67ABCDAA36264E463A7BB0CD ] IPNAT           C:\Windows\system32\drivers\ipnat.sys
10:25:44.0406 5080  IPNAT - ok
10:25:44.0458 5080  [ 57EDB35EA2FECA88F8B17C0C095C9A56 ] iPod Service    C:\Program Files\iPod\bin\iPodService.exe
10:25:44.0478 5080  iPod Service - ok
10:25:44.0500 5080  [ 42996CFF20A3084A56017B7902307E9F ] IRENUM          C:\Windows\system32\drivers\irenum.sys
10:25:44.0519 5080  IRENUM - ok
10:25:44.0549 5080  [ 1F32BB6B38F62F7DF1A7AB7292638A35 ] isapnp          C:\Windows\system32\drivers\isapnp.sys
10:25:44.0567 5080  isapnp - ok
10:25:44.0573 5080  [ CB7A9ABB12B8415BCE5D74994C7BA3AE ] iScsiPrt        C:\Windows\system32\drivers\msiscsi.sys
10:25:44.0598 5080  iScsiPrt - ok
10:25:44.0614 5080  [ ADEF52CA1AEAE82B50DF86B56413107E ] kbdclass        C:\Windows\system32\DRIVERS\kbdclass.sys
10:25:44.0631 5080  kbdclass - ok
10:25:44.0644 5080  [ 9E3CED91863E6EE98C24794D05E27A71 ] kbdhid          C:\Windows\system32\DRIVERS\kbdhid.sys
10:25:44.0675 5080  kbdhid - ok
10:25:44.0706 5080  [ 81951F51E318AECC2D68559E47485CC4 ] KeyIso          C:\Windows\system32\lsass.exe
10:25:44.0720 5080  KeyIso - ok
10:25:44.0759 5080  [ B7895B4182C0D16F6EFADEB8081E8D36 ] KSecDD          C:\Windows\system32\Drivers\ksecdd.sys
10:25:44.0779 5080  KSecDD - ok
10:25:44.0807 5080  [ D30159AC9237519FBC62C6EC247D2D46 ] KSecPkg         C:\Windows\system32\Drivers\ksecpkg.sys
10:25:44.0828 5080  KSecPkg - ok
10:25:44.0854 5080  [ 89A7B9CC98D0D80C6F31B91C0A310FCD ] KtmRm           C:\Windows\system32\msdtckrm.dll
10:25:44.0901 5080  KtmRm - ok
10:25:44.0950 5080  [ 8C804B1FFAD1EFA952B747E8285C3B76 ] L1E             C:\Windows\system32\DRIVERS\L1E62x86.sys
10:25:44.0980 5080  L1E - ok
10:25:45.0029 5080  [ D64AF876D53ECA3668BB97B51B4E70AB ] LanmanServer    C:\Windows\System32\srvsvc.dll
10:25:45.0068 5080  LanmanServer - ok
10:25:45.0080 5080  [ 58405E4F68BA8E4057C6E914F326ABA2 ] LanmanWorkstation C:\Windows\System32\wkssvc.dll
10:25:45.0124 5080  LanmanWorkstation - ok
10:25:45.0130 5080  [ F7611EC07349979DA9B0AE1F18CCC7A6 ] lltdio          C:\Windows\system32\DRIVERS\lltdio.sys
10:25:45.0161 5080  lltdio - ok
10:25:45.0177 5080  [ 5700673E13A2117FA3B9020C852C01E2 ] lltdsvc         C:\Windows\System32\lltdsvc.dll
10:25:45.0219 5080  lltdsvc - ok
10:25:45.0239 5080  [ 55CA01BA19D0006C8F2639B6C045E08B ] lmhosts         C:\Windows\System32\lmhsvc.dll
10:25:45.0269 5080  lmhosts - ok
10:25:45.0291 5080  [ EB119A53CCF2ACC000AC71B065B78FEF ] LSI_FC          C:\Windows\system32\DRIVERS\lsi_fc.sys
10:25:45.0311 5080  LSI_FC - ok
10:25:45.0315 5080  [ 8ADE1C877256A22E49B75D1CC9161F9C ] LSI_SAS         C:\Windows\system32\DRIVERS\lsi_sas.sys
10:25:45.0335 5080  LSI_SAS - ok
10:25:45.0348 5080  [ DC9DC3D3DAA0E276FD2EC262E38B11E9 ] LSI_SAS2        C:\Windows\system32\DRIVERS\lsi_sas2.sys
10:25:45.0366 5080  LSI_SAS2 - ok
10:25:45.0371 5080  [ 0A036C7D7CAB643A7F07135AC47E0524 ] LSI_SCSI        C:\Windows\system32\DRIVERS\lsi_scsi.sys
10:25:45.0390 5080  LSI_SCSI - ok
10:25:45.0407 5080  [ 6703E366CC18D3B6E534F5CF7DF39CEE ] luafv           C:\Windows\system32\drivers\luafv.sys
10:25:45.0440 5080  luafv - ok
10:25:45.0478 5080  [ 144011D14BD35F4E36136AE057B1AADD ] LUsbFilt        C:\Windows\system32\Drivers\LUsbFilt.Sys
10:25:45.0494 5080  LUsbFilt - ok
10:25:45.0555 5080  [ DDCC236009C707761D60E5C76D639176 ] McComponentHostService C:\Program Files\McAfee Security Scan\3.0.318\McCHSvc.exe
10:25:45.0580 5080  McComponentHostService - ok
10:25:45.0606 5080  [ BFB9EE8EE977EFE85D1A3105ABEF6DD1 ] Mcx2Svc         C:\Windows\system32\Mcx2Svc.dll
10:25:45.0628 5080  Mcx2Svc - ok
10:25:45.0661 5080  [ 0FFF5B045293002AB38EB1FD1FC2FB74 ] megasas         C:\Windows\system32\DRIVERS\megasas.sys
10:25:45.0689 5080  megasas - ok
10:25:45.0695 5080  [ DCBAB2920C75F390CAF1D29F675D03D6 ] MegaSR          C:\Windows\system32\DRIVERS\MegaSR.sys
10:25:45.0719 5080  MegaSR - ok
10:25:45.0788 5080  [ 123271BD5237AB991DC5C21FDF8835EB ] Microsoft Office Groove Audit Service C:\Program Files\Microsoft Office\Office12\GrooveAuditService.exe
10:25:45.0808 5080  Microsoft Office Groove Audit Service - ok
10:25:45.0829 5080  [ 146B6F43A673379A3C670E86D89BE5EA ] MMCSS           C:\Windows\system32\mmcss.dll
10:25:45.0869 5080  MMCSS - ok
10:25:45.0886 5080  [ F001861E5700EE84E2D4E52C712F4964 ] Modem           C:\Windows\system32\drivers\modem.sys
10:25:45.0930 5080  Modem - ok
10:25:45.0953 5080  [ 79D10964DE86B292320E9DFE02282A23 ] monitor         C:\Windows\system32\DRIVERS\monitor.sys
10:25:45.0983 5080  monitor - ok
10:25:46.0005 5080  [ FB18CC1D4C2E716B6B903B0AC0CC0609 ] mouclass        C:\Windows\system32\DRIVERS\mouclass.sys
10:25:46.0023 5080  mouclass - ok
10:25:46.0053 5080  [ 2C388D2CD01C9042596CF3C8F3C7B24D ] mouhid          C:\Windows\system32\DRIVERS\mouhid.sys
10:25:46.0103 5080  mouhid - ok
10:25:46.0115 5080  [ FC8771F45ECCCFD89684E38842539B9B ] mountmgr        C:\Windows\system32\drivers\mountmgr.sys
10:25:46.0134 5080  mountmgr - ok
10:25:46.0223 5080  [ 7EDBBB9351A38C6BB0FE98CFD44DB430 ] MozillaMaintenance C:\Program Files\Mozilla Maintenance Service\maintenanceservice.exe
10:25:46.0244 5080  MozillaMaintenance - ok
10:25:46.0260 5080  [ 2D699FB6E89CE0D8DA14ECC03B3EDFE0 ] mpio            C:\Windows\system32\drivers\mpio.sys
10:25:46.0281 5080  mpio - ok
10:25:46.0298 5080  [ AD2723A7B53DD1AACAE6AD8C0BFBF4D0 ] mpsdrv          C:\Windows\system32\drivers\mpsdrv.sys
10:25:46.0337 5080  mpsdrv - ok
10:25:46.0384 5080  [ 9835584E999D25004E1EE8E5F3E3B881 ] MpsSvc          C:\Windows\system32\mpssvc.dll
10:25:46.0444 5080  MpsSvc - ok
10:25:46.0475 5080  [ CEB46AB7C01C9F825F8CC6BABC18166A ] MRxDAV          C:\Windows\system32\drivers\mrxdav.sys
10:25:46.0499 5080  MRxDAV - ok
10:25:46.0528 5080  [ 5D16C921E3671636C0EBA3BBAAC5FD25 ] mrxsmb          C:\Windows\system32\DRIVERS\mrxsmb.sys
10:25:46.0583 5080  mrxsmb - ok
10:25:46.0604 5080  [ 6D17A4791ACA19328C685D256349FEFC ] mrxsmb10        C:\Windows\system32\DRIVERS\mrxsmb10.sys
10:25:46.0637 5080  mrxsmb10 - ok
10:25:46.0658 5080  [ B81F204D146000BE76651A50670A5E9E ] mrxsmb20        C:\Windows\system32\DRIVERS\mrxsmb20.sys
10:25:46.0714 5080  mrxsmb20 - ok
10:25:46.0732 5080  [ 012C5F4E9349E711E11E0F19A8589F0A ] msahci          C:\Windows\system32\drivers\msahci.sys
10:25:46.0751 5080  msahci - ok
10:25:46.0763 5080  [ 55055F8AD8BE27A64C831322A780A228 ] msdsm           C:\Windows\system32\drivers\msdsm.sys
10:25:46.0786 5080  msdsm - ok
10:25:46.0801 5080  [ E1BCE74A3BD9902B72599C0192A07E27 ] MSDTC           C:\Windows\System32\msdtc.exe
10:25:46.0831 5080  MSDTC - ok
10:25:46.0865 5080  [ DAEFB28E3AF5A76ABCC2C3078C07327F ] Msfs            C:\Windows\system32\drivers\Msfs.sys
10:25:46.0902 5080  Msfs - ok
10:25:46.0924 5080  [ 3E1E5767043C5AF9367F0056295E9F84 ] mshidkmdf       C:\Windows\System32\drivers\mshidkmdf.sys
10:25:46.0967 5080  mshidkmdf - ok
10:25:46.0975 5080  [ 0A4E5757AE09FA9622E3158CC1AEF114 ] msisadrv        C:\Windows\system32\drivers\msisadrv.sys
10:25:46.0991 5080  msisadrv - ok
10:25:47.0031 5080  [ 90F7D9E6B6F27E1A707D4A297F077828 ] MSiSCSI         C:\Windows\system32\iscsiexe.dll
10:25:47.0090 5080  MSiSCSI - ok
10:25:47.0093 5080  msiserver - ok
10:25:47.0161 5080  [ 3846C05A66A3F5CD1D33E1A323C1762C ] MSI_MSIBIOS_010507 C:\PROGRA~2\MSI\MSIWDev\msibios32_100507.sys
10:25:47.0192 5080  MSI_MSIBIOS_010507 - ok
10:25:47.0217 5080  [ 8C0860D6366AAFFB6C5BB9DF9448E631 ] MSKSSRV         C:\Windows\system32\drivers\MSKSSRV.sys
10:25:47.0285 5080  MSKSSRV - ok
10:25:47.0425 5080  [ 3EA8B949F963562CEDBB549EAC0C11CE ] MSPCLOCK        C:\Windows\system32\drivers\MSPCLOCK.sys
10:25:47.0481 5080  MSPCLOCK - ok
10:25:47.0489 5080  [ F456E973590D663B1073E9C463B40932 ] MSPQM           C:\Windows\system32\drivers\MSPQM.sys
10:25:47.0525 5080  MSPQM - ok
10:25:47.0537 5080  [ 0E008FC4819D238C51D7C93E7B41E560 ] MsRPC           C:\Windows\system32\drivers\MsRPC.sys
10:25:47.0610 5080  MsRPC - ok
10:25:47.0642 5080  [ FC6B9FF600CC585EA38B12589BD4E246 ] mssmbios        C:\Windows\system32\drivers\mssmbios.sys
10:25:47.0671 5080  mssmbios - ok
10:25:47.0676 5080  [ B42C6B921F61A6E55159B8BE6CD54A36 ] MSTEE           C:\Windows\system32\drivers\MSTEE.sys
10:25:47.0706 5080  MSTEE - ok
10:25:47.0722 5080  [ 33599130F44E1F34631CEA241DE8AC84 ] MTConfig        C:\Windows\system32\DRIVERS\MTConfig.sys
10:25:47.0740 5080  MTConfig - ok
10:25:47.0803 5080  [ D48659BB24C48345D926ECB45C1EBDF5 ] MTsensor        C:\Windows\system32\DRIVERS\ASACPI.sys
10:25:47.0829 5080  MTsensor - ok
10:25:47.0889 5080  [ 159FAD02F64E6381758C990F753BCC80 ] Mup             C:\Windows\system32\Drivers\mup.sys
10:25:47.0916 5080  Mup - ok
10:25:47.0954 5080  [ 61D57A5D7C6D9AFE10E77DAE6E1B445E ] napagent        C:\Windows\system32\qagentRT.dll
10:25:47.0996 5080  napagent - ok
10:25:48.0056 5080  [ 26384429FCD85D83746F63E798AB1480 ] NativeWifiP     C:\Windows\system32\DRIVERS\nwifi.sys
10:25:48.0102 5080  NativeWifiP - ok
10:25:48.0203 5080  [ 8C9C922D71F1CD4DEF73F186416B7896 ] NDIS            C:\Windows\system32\drivers\ndis.sys
10:25:48.0313 5080  NDIS - ok
10:25:48.0326 5080  [ 0E1787AA6C9191D3D319E8BAFE86F80C ] NdisCap         C:\Windows\system32\DRIVERS\ndiscap.sys
10:25:48.0366 5080  NdisCap - ok
10:25:48.0421 5080  [ E4A8AEC125A2E43A9E32AFEEA7C9C888 ] NdisTapi        C:\Windows\system32\DRIVERS\ndistapi.sys
10:25:48.0482 5080  NdisTapi - ok
10:25:48.0553 5080  [ D8A65DAFB3EB41CBB622745676FCD072 ] Ndisuio         C:\Windows\system32\DRIVERS\ndisuio.sys
10:25:48.0629 5080  Ndisuio - ok
10:25:48.0656 5080  [ 38FBE267E7E6983311179230FACB1017 ] NdisWan         C:\Windows\system32\DRIVERS\ndiswan.sys
10:25:48.0697 5080  NdisWan - ok
10:25:48.0713 5080  [ A4BDC541E69674FBFF1A8FF00BE913F2 ] NDProxy         C:\Windows\system32\drivers\NDProxy.sys
10:25:48.0766 5080  NDProxy - ok
10:25:48.0804 5080  [ 80B275B1CE3B0E79909DB7B39AF74D51 ] NetBIOS         C:\Windows\system32\DRIVERS\netbios.sys
10:25:48.0843 5080  NetBIOS - ok
10:25:48.0863 5080  [ 280122DDCF04B378EDD1AD54D71C1E54 ] NetBT           C:\Windows\system32\DRIVERS\netbt.sys
10:25:48.0907 5080  NetBT - ok
10:25:48.0918 5080  [ 81951F51E318AECC2D68559E47485CC4 ] Netlogon        C:\Windows\system32\lsass.exe
10:25:48.0932 5080  Netlogon - ok
10:25:48.0971 5080  [ 7CCCFCA7510684768DA22092D1FA4DB2 ] Netman          C:\Windows\System32\netman.dll
10:25:49.0023 5080  Netman - ok
10:25:49.0044 5080  [ 8C338238C16777A802D6A9211EB2BA50 ] netprofm        C:\Windows\System32\netprofm.dll
10:25:49.0085 5080  netprofm - ok
10:25:49.0107 5080  [ F476EC40033CDB91EFBE73EB99B8362D ] NetTcpPortSharing C:\Windows\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\SMSvcHost.exe
10:25:49.0128 5080  NetTcpPortSharing - ok
10:25:49.0156 5080  [ 1D85C4B390B0EE09C7A46B91EFB2C097 ] nfrd960         C:\Windows\system32\DRIVERS\nfrd960.sys
10:25:49.0174 5080  nfrd960 - ok
10:25:49.0206 5080  [ 374071043F9E4231EE43BE2BB48DD36D ] NlaSvc          C:\Windows\System32\nlasvc.dll
10:25:49.0231 5080  NlaSvc - ok
10:25:49.0401 5080  [ CB992AE1506985D9167E85883B4C3240 ] NMIndexingService C:\Program Files\Common Files\Nero\Lib\NMIndexingService.exe
10:25:49.0420 5080  NMIndexingService - ok
10:25:49.0460 5080  [ F6C40E0A565EE3CE5AEEB325E10054F2 ] nmwcd           C:\Windows\system32\drivers\ccdcmb.sys
10:25:49.0514 5080  nmwcd - ok
10:25:49.0536 5080  [ 2A394E9E1FA3565E4B2FEA470FFE4D6B ] nmwcdc          C:\Windows\system32\drivers\ccdcmbo.sys
10:25:49.0598 5080  nmwcdc - ok
10:25:49.0618 5080  [ 1DB262A9F8C087E8153D89BEF3D2235F ] Npfs            C:\Windows\system32\drivers\Npfs.sys
10:25:49.0667 5080  Npfs - ok
10:25:49.0710 5080  [ BA387E955E890C8A88306D9B8D06BF17 ] nsi             C:\Windows\system32\nsisvc.dll
10:25:49.0868 5080  nsi - ok
10:25:49.0907 5080  [ E9A0A4D07E53D8FEA2BB8387A3293C58 ] nsiproxy        C:\Windows\system32\drivers\nsiproxy.sys
10:25:49.0956 5080  nsiproxy - ok
10:25:50.0092 5080  [ 5E43D2B0EE64123D4880DFA6626DEFDE ] Ntfs            C:\Windows\system32\drivers\Ntfs.sys
10:25:50.0194 5080  Ntfs - ok
10:25:50.0205 5080  [ AA70ED3B0D93C1073260A5043805B6DB ] NTIOLib_1_0_8   C:\PROGRA~2\MSI\MSIWDev\NTIOLib.sys
10:25:50.0235 5080  NTIOLib_1_0_8 ( UnsignedFile.Multi.Generic ) - warning
10:25:50.0235 5080  NTIOLib_1_0_8 - detected UnsignedFile.Multi.Generic (1)
10:25:50.0251 5080  [ F9756A98D69098DCA8945D62858A812C ] Null            C:\Windows\system32\drivers\Null.sys
10:25:50.0288 5080  Null - ok
10:25:50.0310 5080  [ B3E25EE28883877076E0E1FF877D02E0 ] nvraid          C:\Windows\system32\drivers\nvraid.sys
10:25:50.0334 5080  nvraid - ok
10:25:50.0384 5080  [ 4380E59A170D88C4F1022EFF6719A8A4 ] nvstor          C:\Windows\system32\drivers\nvstor.sys
10:25:50.0412 5080  nvstor - ok
10:25:50.0448 5080  [ 5A0983915F02BAE73267CC2A041F717D ] nv_agp          C:\Windows\system32\drivers\nv_agp.sys
10:25:50.0498 5080  nv_agp - ok
10:25:50.0595 5080  [ 785F487A64950F3CB8E9F16253BA3B7B ] odserv          C:\Program Files\Common Files\Microsoft Shared\OFFICE12\ODSERV.EXE
10:25:50.0633 5080  odserv - ok
10:25:50.0651 5080  [ 08A70A1F2CDDE9BB49B885CB817A66EB ] ohci1394        C:\Windows\system32\drivers\ohci1394.sys
10:25:50.0747 5080  ohci1394 - ok
10:25:50.0788 5080  [ 5A432A042DAE460ABE7199B758E8606C ] ose             C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE
10:25:50.0824 5080  ose - ok
10:25:50.0863 5080  [ 82A8521DDC60710C3D3D3E7325209BEC ] p2pimsvc        C:\Windows\system32\pnrpsvc.dll
10:25:50.0943 5080  p2pimsvc - ok
10:25:51.0032 5080  [ 59C3DDD501E39E006DAC31BF55150D91 ] p2psvc          C:\Windows\system32\p2psvc.dll
10:25:51.0078 5080  p2psvc - ok
10:25:51.0122 5080  [ 2EA877ED5DD9713C5AC74E8EA7348D14 ] Parport         C:\Windows\system32\DRIVERS\parport.sys
10:25:51.0156 5080  Parport - ok
10:25:51.0191 5080  [ 3F34A1B4C5F6475F320C275E63AFCE9B ] partmgr         C:\Windows\system32\drivers\partmgr.sys
10:25:51.0223 5080  partmgr - ok
10:25:51.0244 5080  [ EB0A59F29C19B86479D36B35983DAADC ] Parvdm          C:\Windows\system32\DRIVERS\parvdm.sys
10:25:51.0265 5080  Parvdm - ok
10:25:51.0296 5080  [ 358AB7956D3160000726574083DFC8A6 ] PcaSvc          C:\Windows\System32\pcasvc.dll
10:25:51.0344 5080  PcaSvc - ok
10:25:51.0491 5080  [ FD2041E9BA03DB7764B2248F02475079 ] pccsmcfd        C:\Windows\system32\DRIVERS\pccsmcfd.sys
10:25:51.0580 5080  pccsmcfd - ok
10:25:51.0638 5080  [ 673E55C3498EB970088E812EA820AA8F ] pci             C:\Windows\system32\drivers\pci.sys
10:25:51.0702 5080  pci - ok
10:25:51.0724 5080  [ AFE86F419014DB4E5593F69FFE26CE0A ] pciide          C:\Windows\system32\drivers\pciide.sys
10:25:51.0744 5080  pciide - ok
10:25:51.0792 5080  [ F396431B31693E71E8A80687EF523506 ] pcmcia          C:\Windows\system32\DRIVERS\pcmcia.sys
10:25:51.0825 5080  pcmcia - ok
10:25:51.0938 5080  [ 250F6B43D2B613172035C6747AEEB19F ] pcw             C:\Windows\system32\drivers\pcw.sys
10:25:51.0958 5080  pcw - ok
10:25:52.0191 5080  [ 9E0104BA49F4E6973749A02BF41344ED ] PEAUTH          C:\Windows\system32\drivers\peauth.sys
10:25:52.0248 5080  PEAUTH - ok
10:25:52.0308 5080  [ 414BBA67A3DED1D28437EB66AEB8A720 ] pla             C:\Windows\system32\pla.dll
10:25:52.0388 5080  pla - ok
10:25:52.0443 5080  [ EC7BC28D207DA09E79B3E9FAF8B232CA ] PlugPlay        C:\Windows\system32\umpnpmgr.dll
10:25:52.0561 5080  PlugPlay - ok
10:25:52.0601 5080  [ 63FF8572611249931EB16BB8EED6AFC8 ] PNRPAutoReg     C:\Windows\system32\pnrpauto.dll
10:25:52.0642 5080  PNRPAutoReg - ok
10:25:52.0672 5080  [ 82A8521DDC60710C3D3D3E7325209BEC ] PNRPsvc         C:\Windows\system32\pnrpsvc.dll
10:25:52.0688 5080  PNRPsvc - ok
10:25:52.0742 5080  [ 53946B69BA0836BD95B03759530C81EC ] PolicyAgent     C:\Windows\System32\ipsecsvc.dll
10:25:52.0799 5080  PolicyAgent - ok
10:25:52.0818 5080  [ F87D30E72E03D579A5199CCB3831D6EA ] Power           C:\Windows\system32\umpo.dll
10:25:52.0856 5080  Power - ok
10:25:52.0903 5080  [ 631E3E205AD6D86F2AED6A4A8E69F2DB ] PptpMiniport    C:\Windows\system32\DRIVERS\raspptp.sys
10:25:52.0952 5080  PptpMiniport - ok
10:25:52.0988 5080  [ 85B1E3A0C7585BC4AAE6899EC6FCF011 ] Processor       C:\Windows\system32\DRIVERS\processr.sys
10:25:53.0021 5080  Processor - ok
10:25:53.0043 5080  [ CADEFAC453040E370A1BDFF3973BE00D ] ProfSvc         C:\Windows\system32\profsvc.dll
10:25:53.0102 5080  ProfSvc - ok
10:25:53.0116 5080  [ 81951F51E318AECC2D68559E47485CC4 ] ProtectedStorage C:\Windows\system32\lsass.exe
10:25:53.0130 5080  ProtectedStorage - ok
10:25:53.0150 5080  [ 6270CCAE2A86DE6D146529FE55B3246A ] Psched          C:\Windows\system32\DRIVERS\pacer.sys
10:25:53.0194 5080  Psched - ok
10:25:53.0253 5080  [ AB95ECF1F6659A60DDC166D8315B0751 ] ql2300          C:\Windows\system32\DRIVERS\ql2300.sys
10:25:53.0310 5080  ql2300 - ok
10:25:53.0317 5080  [ B4DD51DD25182244B86737DC51AF2270 ] ql40xx          C:\Windows\system32\DRIVERS\ql40xx.sys
10:25:53.0353 5080  ql40xx - ok
10:25:53.0426 5080  [ 31AC809E7707EB580B2BDB760390765A ] QWAVE           C:\Windows\system32\qwave.dll
10:25:53.0478 5080  QWAVE - ok
10:25:53.0487 5080  [ 584078CA1B95CA72DF2A27C336F9719D ] QWAVEdrv        C:\Windows\system32\drivers\qwavedrv.sys
10:25:53.0506 5080  QWAVEdrv - ok
10:25:53.0537 5080  [ 30A81B53C766D0133BB86D234E5556AB ] RasAcd          C:\Windows\system32\DRIVERS\rasacd.sys
10:25:53.0601 5080  RasAcd - ok
10:25:53.0655 5080  [ 57EC4AEF73660166074D8F7F31C0D4FD ] RasAgileVpn     C:\Windows\system32\DRIVERS\AgileVpn.sys
10:25:53.0716 5080  RasAgileVpn - ok
10:25:53.0743 5080  [ A60F1839849C0C00739787FD5EC03F13 ] RasAuto         C:\Windows\System32\rasauto.dll
10:25:53.0783 5080  RasAuto - ok
10:25:53.0802 5080  [ D9F91EAFEC2815365CBE6D167E4E332A ] Rasl2tp         C:\Windows\system32\DRIVERS\rasl2tp.sys
10:25:53.0873 5080  Rasl2tp - ok
10:25:53.0898 5080  [ CB9E04DC05EACF5B9A36CA276D475006 ] RasMan          C:\Windows\System32\rasmans.dll
10:25:53.0952 5080  RasMan - ok
10:25:53.0981 5080  [ 0FE8B15916307A6AC12BFB6A63E45507 ] RasPppoe        C:\Windows\system32\DRIVERS\raspppoe.sys
10:25:54.0043 5080  RasPppoe - ok
10:25:54.0057 5080  [ 44101F495A83EA6401D886E7FD70096B ] RasSstp         C:\Windows\system32\DRIVERS\rassstp.sys
10:25:54.0117 5080  RasSstp - ok
10:25:54.0149 5080  [ D528BC58A489409BA40334EBF96A311B ] rdbss           C:\Windows\system32\DRIVERS\rdbss.sys
10:25:54.0224 5080  rdbss - ok
10:25:54.0245 5080  [ 0D8F05481CB76E70E1DA06EE9F0DA9DF ] rdpbus          C:\Windows\system32\DRIVERS\rdpbus.sys
10:25:54.0280 5080  rdpbus - ok
10:25:54.0325 5080  [ 23DAE03F29D253AE74C44F99E515F9A1 ] RDPCDD          C:\Windows\system32\DRIVERS\RDPCDD.sys
10:25:54.0376 5080  RDPCDD - ok
10:25:54.0428 5080  [ 5A53CA1598DD4156D44196D200C94B8A ] RDPENCDD        C:\Windows\system32\drivers\rdpencdd.sys
10:25:54.0469 5080  RDPENCDD - ok
10:25:54.0486 5080  [ 44B0A53CD4F27D50ED461DAE0C0B4E1F ] RDPREFMP        C:\Windows\system32\drivers\rdprefmp.sys
10:25:54.0520 5080  RDPREFMP - ok
10:25:54.0558 5080  [ F031683E6D1FEA157ABB2FF260B51E61 ] RDPWD           C:\Windows\system32\drivers\RDPWD.sys
10:25:54.0618 5080  RDPWD - ok
10:25:54.0669 5080  [ 518395321DC96FE2C9F0E96AC743B656 ] rdyboost        C:\Windows\system32\drivers\rdyboost.sys
10:25:54.0706 5080  rdyboost - ok
10:25:54.0744 5080  [ 7B5E1419717FAC363A31CC302895217A ] RemoteAccess    C:\Windows\System32\mprdim.dll
10:25:54.0847 5080  RemoteAccess - ok
10:25:54.0861 5080  [ CB9A8683F4EF2BF99E123D79950D7935 ] RemoteRegistry  C:\Windows\system32\regsvc.dll
10:25:54.0928 5080  RemoteRegistry - ok
10:25:54.0946 5080  [ 78D072F35BC45D9E4E1B61895C152234 ] RpcEptMapper    C:\Windows\System32\RpcEpMap.dll
10:25:54.0987 5080  RpcEptMapper - ok
10:25:54.0993 5080  [ 94D36C0E44677DD26981D2BFEEF2A29D ] RpcLocator      C:\Windows\system32\locator.exe
10:25:55.0021 5080  RpcLocator - ok
10:25:55.0056 5080  [ 7660F01D3B38ACA1747E397D21D790AF ] RpcSs           C:\Windows\system32\rpcss.dll
10:25:55.0090 5080  RpcSs - ok
10:25:55.0134 5080  [ 032B0D36AD92B582D869879F5AF5B928 ] rspndr          C:\Windows\system32\DRIVERS\rspndr.sys
10:25:55.0173 5080  rspndr - ok
10:25:55.0235 5080  [ E099D23EE1BBCE0CF5745F811F3B1882 ] RTL8167         C:\Windows\system32\DRIVERS\Rt86win7.sys
10:25:55.0259 5080  RTL8167 - ok
10:25:55.0272 5080  [ 81951F51E318AECC2D68559E47485CC4 ] SamSs           C:\Windows\system32\lsass.exe
10:25:55.0286 5080  SamSs - ok
10:25:55.0313 5080  [ 05D860DA1040F111503AC416CCEF2BCA ] sbp2port        C:\Windows\system32\drivers\sbp2port.sys
10:25:55.0333 5080  sbp2port - ok
10:25:55.0373 5080  [ 8FC518FFE9519C2631D37515A68009C4 ] SCardSvr        C:\Windows\System32\SCardSvr.dll
10:25:55.0438 5080  SCardSvr - ok
10:25:55.0461 5080  [ 0693B5EC673E34DC147E195779A4DCF6 ] scfilter        C:\Windows\system32\DRIVERS\scfilter.sys
10:25:55.0504 5080  scfilter - ok
10:25:55.0548 5080  [ A04BB13F8A72F8B6E8B4071723E4E336 ] Schedule        C:\Windows\system32\schedsvc.dll
10:25:55.0607 5080  Schedule - ok
10:25:55.0620 5080  [ 319C6B309773D063541D01DF8AC6F55F ] SCPolicySvc     C:\Windows\System32\certprop.dll
10:25:55.0645 5080  SCPolicySvc - ok
10:25:55.0683 5080  [ 08236C4BCE5EDD0A0318A438AF28E0F7 ] SDRSVC          C:\Windows\System32\SDRSVC.dll
10:25:55.0735 5080  SDRSVC - ok
10:25:55.0764 5080  [ 90A3935D05B494A5A39D37E71F09A677 ] secdrv          C:\Windows\system32\drivers\secdrv.sys
10:25:55.0795 5080  secdrv - ok
10:25:55.0808 5080  [ A59B3A4442C52060CC7A85293AA3546F ] seclogon        C:\Windows\system32\seclogon.dll
10:25:55.0872 5080  seclogon - ok
10:25:55.0917 5080  [ DCB7FCDCC97F87360F75D77425B81737 ] SENS            C:\Windows\system32\sens.dll
10:25:55.0951 5080  SENS - ok
10:25:55.0968 5080  [ 50087FE1EE447009C9CC2997B90DE53F ] SensrSvc        C:\Windows\system32\sensrsvc.dll
10:25:56.0028 5080  SensrSvc - ok
10:25:56.0044 5080  [ 9AD8B8B515E3DF6ACD4212EF465DE2D1 ] Serenum         C:\Windows\system32\DRIVERS\serenum.sys
10:25:56.0061 5080  Serenum - ok
10:25:56.0093 5080  [ 5FB7FCEA0490D821F26F39CC5EA3D1E2 ] Serial          C:\Windows\system32\DRIVERS\serial.sys
10:25:56.0126 5080  Serial - ok
10:25:56.0146 5080  [ 79BFFB520327FF916A582DFEA17AA813 ] sermouse        C:\Windows\system32\DRIVERS\sermouse.sys
10:25:56.0181 5080  sermouse - ok
10:25:56.0275 5080  [ F31E9531AF225CA25350D5E87E999B31 ] ServiceLayer    C:\Program Files\PC Connectivity Solution\ServiceLayer.exe
10:25:56.0295 5080  ServiceLayer - ok
10:25:56.0327 5080  [ 4AE380F39A0032EAB7DD953030B26D28 ] SessionEnv      C:\Windows\system32\sessenv.dll
10:25:56.0378 5080  SessionEnv - ok
10:25:56.0406 5080  [ 9F976E1EB233DF46FCE808D9DEA3EB9C ] sffdisk         C:\Windows\system32\drivers\sffdisk.sys
10:25:56.0432 5080  sffdisk - ok
10:25:56.0446 5080  [ 932A68EE27833CFD57C1639D375F2731 ] sffp_mmc        C:\Windows\system32\drivers\sffp_mmc.sys
10:25:56.0464 5080  sffp_mmc - ok
10:25:56.0474 5080  [ 6D4CCAEDC018F1CF52866BBBAA235982 ] sffp_sd         C:\Windows\system32\drivers\sffp_sd.sys
10:25:56.0493 5080  sffp_sd - ok
10:25:56.0507 5080  [ DB96666CC8312EBC45032F30B007A547 ] sfloppy         C:\Windows\system32\DRIVERS\sfloppy.sys
10:25:56.0526 5080  sfloppy - ok
10:25:56.0555 5080  [ D1A079A0DE2EA524513B6930C24527A2 ] SharedAccess    C:\Windows\System32\ipnathlp.dll
10:25:56.0605 5080  SharedAccess - ok
10:25:56.0620 5080  [ 414DA952A35BF5D50192E28263B40577 ] ShellHWDetection C:\Windows\System32\shsvcs.dll
10:25:56.0665 5080  ShellHWDetection - ok
10:25:56.0709 5080  [ 2565CAC0DC9FE0371BDCE60832582B2E ] sisagp          C:\Windows\system32\drivers\sisagp.sys
10:25:56.0730 5080  sisagp - ok
10:25:56.0758 5080  [ A9F0486851BECB6DDA1D89D381E71055 ] SiSRaid2        C:\Windows\system32\DRIVERS\SiSRaid2.sys
10:25:56.0777 5080  SiSRaid2 - ok
10:25:56.0789 5080  [ 3727097B55738E2F554972C3BE5BC1AA ] SiSRaid4        C:\Windows\system32\DRIVERS\sisraid4.sys
10:25:56.0808 5080  SiSRaid4 - ok
10:25:56.0825 5080  [ 3E21C083B8A01CB70BA1F09303010FCE ] Smb             C:\Windows\system32\DRIVERS\smb.sys
10:25:56.0857 5080  Smb - ok
10:25:56.0914 5080  [ 6A984831644ECA1A33FFEAE4126F4F37 ] SNMPTRAP        C:\Windows\System32\snmptrap.exe
10:25:56.0933 5080  SNMPTRAP - ok
10:25:56.0947 5080  [ 95CF1AE7527FB70F7816563CBC09D942 ] spldr           C:\Windows\system32\drivers\spldr.sys
10:25:56.0963 5080  spldr - ok
10:25:56.0993 5080  [ 9AEA093B8F9C37CF45538382CABA2475 ] Spooler         C:\Windows\System32\spoolsv.exe
10:25:57.0076 5080  Spooler - ok
10:25:57.0160 5080  [ CF87A1DE791347E75B98885214CED2B8 ] sppsvc          C:\Windows\system32\sppsvc.exe
10:25:57.0250 5080  sppsvc - ok
10:25:57.0280 5080  [ B0180B20B065D89232A78A40FE56EAA6 ] sppuinotify     C:\Windows\system32\sppuinotify.dll
10:25:57.0326 5080  sppuinotify - ok
10:25:57.0417 5080  [ E4C2764065D66EA1D2D3EBC28FE99C46 ] srv             C:\Windows\system32\DRIVERS\srv.sys
10:25:57.0488 5080  srv - ok
10:25:57.0504 5080  [ 03F0545BD8D4C77FA0AE1CEEDFCC71AB ] srv2            C:\Windows\system32\DRIVERS\srv2.sys
10:25:57.0545 5080  srv2 - ok
10:25:57.0557 5080  [ BE6BD660CAA6F291AE06A718A4FA8ABC ] srvnet          C:\Windows\system32\DRIVERS\srvnet.sys
10:25:57.0579 5080  srvnet - ok
10:25:57.0611 5080  [ D887C9FD02AC9FA880F6E5027A43E118 ] SSDPSRV         C:\Windows\System32\ssdpsrv.dll
10:25:57.0675 5080  SSDPSRV - ok
10:25:57.0737 5080  [ A36EE93698802CD899F98BFD553D8185 ] ssmdrv          C:\Windows\system32\DRIVERS\ssmdrv.sys
10:25:57.0751 5080  ssmdrv - ok
10:25:57.0772 5080  [ D318F23BE45D5E3A107469EB64815B50 ] SstpSvc         C:\Windows\system32\sstpsvc.dll
10:25:57.0822 5080  SstpSvc - ok
10:25:57.0868 5080  [ 6D82CB78DE57A073E95431F3486B1B27 ] ssudmdm         C:\Windows\system32\DRIVERS\ssudmdm.sys
10:25:57.0890 5080  ssudmdm - ok
10:25:57.0921 5080  [ E07BB90071FA944038B0CF3FC050E485 ] ssudobex        C:\Windows\system32\DRIVERS\ssudobex.sys
10:25:57.0944 5080  ssudobex - ok
10:25:57.0973 5080  [ DB32D325C192B801DF274BFD12A7E72B ] stexstor        C:\Windows\system32\DRIVERS\stexstor.sys
10:25:57.0990 5080  stexstor - ok
10:25:58.0028 5080  [ E1FB3706030FB4578A0D72C2FC3689E4 ] StiSvc          C:\Windows\System32\wiaservc.dll
10:25:58.0068 5080  StiSvc - ok
10:25:58.0104 5080  [ E58C78A848ADD9610A4DB6D214AF5224 ] swenum          C:\Windows\system32\drivers\swenum.sys
10:25:58.0121 5080  swenum - ok
10:25:58.0172 5080  [ A28BD92DF340E57B024BA433165D34D7 ] swprv           C:\Windows\System32\swprv.dll
10:25:58.0216 5080  swprv - ok
10:25:58.0359 5080  [ 36650D618CA34C9D357DFD3D89B2C56F ] SysMain         C:\Windows\system32\sysmain.dll
10:25:58.0393 5080  SysMain - ok
10:25:58.0406 5080  [ 763FECDC3D30C815FE72DD57936C6CD1 ] TabletInputService C:\Windows\System32\TabSvc.dll
10:25:58.0455 5080  TabletInputService - ok
10:25:58.0507 5080  [ 613BF4820361543956909043A265C6AC ] TapiSrv         C:\Windows\System32\tapisrv.dll
10:25:58.0551 5080  TapiSrv - ok
10:25:58.0574 5080  [ B799D9FDB26111737F58288D8DC172D9 ] TBS             C:\Windows\System32\tbssvc.dll
10:25:58.0616 5080  TBS - ok
10:25:58.0758 5080  [ 7C0507D2391AF5933600CBCED799F277 ] Tcpip           C:\Windows\system32\drivers\tcpip.sys
10:25:58.0847 5080  Tcpip - ok
10:25:58.0900 5080  [ 7C0507D2391AF5933600CBCED799F277 ] TCPIP6          C:\Windows\system32\DRIVERS\tcpip.sys
10:25:58.0933 5080  TCPIP6 - ok
10:25:58.0971 5080  [ 3EEBD3BD93DA46A26E89893C7AB2FF3B ] tcpipreg        C:\Windows\system32\drivers\tcpipreg.sys
10:25:58.0999 5080  tcpipreg - ok
10:25:59.0053 5080  [ 1CB91B2BD8F6DD367DFC2EF26FD751B2 ] TDPIPE          C:\Windows\system32\drivers\tdpipe.sys
10:25:59.0144 5080  TDPIPE - ok
10:25:59.0172 5080  [ 2C2C5AFE7EE4F620D69C23C0617651A8 ] TDTCP           C:\Windows\system32\drivers\tdtcp.sys
10:25:59.0202 5080  TDTCP - ok
10:25:59.0240 5080  [ B459575348C20E8121D6039DA063C704 ] tdx             C:\Windows\system32\DRIVERS\tdx.sys
10:25:59.0294 5080  tdx - ok
10:25:59.0332 5080  [ 04DBF4B01EA4BF25A9A3E84AFFAC9B20 ] TermDD          C:\Windows\system32\drivers\termdd.sys
10:25:59.0357 5080  TermDD - ok
10:25:59.0421 5080  [ 382C804C92811BE57829D8E550A900E2 ] TermService     C:\Windows\System32\termsrv.dll
10:25:59.0525 5080  TermService - ok
10:25:59.0564 5080  [ 42FB6AFD6B79D9FE07381609172E7CA4 ] Themes          C:\Windows\system32\themeservice.dll
10:25:59.0592 5080  Themes - ok
10:25:59.0605 5080  [ 146B6F43A673379A3C670E86D89BE5EA ] THREADORDER     C:\Windows\system32\mmcss.dll
10:25:59.0632 5080  THREADORDER - ok
10:25:59.0667 5080  [ 4792C0378DB99A9BC2AE2DE6CFFF0C3A ] TrkWks          C:\Windows\System32\trkwks.dll
10:25:59.0721 5080  TrkWks - ok
10:25:59.0746 5080  [ 2C49B175AEE1D4364B91B531417FE583 ] TrustedInstaller C:\Windows\servicing\TrustedInstaller.exe
10:25:59.0792 5080  TrustedInstaller - ok
10:25:59.0811 5080  [ 254BB140EEE3C59D6114C1A86B636877 ] tssecsrv        C:\Windows\system32\DRIVERS\tssecsrv.sys
10:25:59.0881 5080  tssecsrv - ok
10:25:59.0931 5080  [ FD1D6C73E6333BE727CBCC6054247654 ] TsUsbFlt        C:\Windows\system32\drivers\tsusbflt.sys
10:25:59.0988 5080  TsUsbFlt - ok
10:26:00.0056 5080  [ B2FA25D9B17A68BB93D58B0556E8C90D ] tunnel          C:\Windows\system32\DRIVERS\tunnel.sys
10:26:00.0154 5080  tunnel - ok
10:26:00.0191 5080  [ 750FBCB269F4D7DD2E420C56B795DB6D ] uagp35          C:\Windows\system32\DRIVERS\uagp35.sys
10:26:00.0209 5080  uagp35 - ok
10:26:00.0225 5080  [ EE43346C7E4B5E63E54F927BABBB32FF ] udfs            C:\Windows\system32\DRIVERS\udfs.sys
10:26:00.0276 5080  udfs - ok
10:26:00.0284 5080  [ 8344FD4FCE927880AA1AA7681D4927E5 ] UI0Detect       C:\Windows\system32\UI0Detect.exe
10:26:00.0312 5080  UI0Detect - ok
10:26:00.0350 5080  [ 44E8048ACE47BEFBFDC2E9BE4CBC8880 ] uliagpkx        C:\Windows\system32\drivers\uliagpkx.sys
10:26:00.0369 5080  uliagpkx - ok
10:26:00.0400 5080  [ D295BED4B898F0FD999FCFA9B32B071B ] umbus           C:\Windows\system32\drivers\umbus.sys
10:26:00.0418 5080  umbus - ok
10:26:00.0436 5080  [ 7550AD0C6998BA1CB4843E920EE0FEAC ] UmPass          C:\Windows\system32\DRIVERS\umpass.sys
10:26:00.0452 5080  UmPass - ok
10:26:00.0509 5080  [ 833FBB672460EFCE8011D262175FAD33 ] upnphost        C:\Windows\System32\upnphost.dll
10:26:00.0550 5080  upnphost - ok
10:26:00.0594 5080  [ 47F5F9D837D80FFD5882A14DB9DA0A67 ] upperdev        C:\Windows\system32\DRIVERS\usbser_lowerflt.sys
10:26:00.0625 5080  upperdev - ok
10:26:00.0681 5080  [ BD9C55D7023C5DE374507ACC7A14E2AC ] usbccgp         C:\Windows\system32\DRIVERS\usbccgp.sys
10:26:00.0747 5080  usbccgp - ok
10:26:00.0770 5080  [ 04EC7CEC62EC3B6D9354EEE93327FC82 ] usbcir          C:\Windows\system32\drivers\usbcir.sys
10:26:00.0803 5080  usbcir - ok
10:26:00.0825 5080  [ F92DE757E4B7CE9C07C5E65423F3AE3B ] usbehci         C:\Windows\system32\DRIVERS\usbehci.sys
10:26:00.0842 5080  usbehci - ok
10:26:00.0860 5080  [ 8DC94AEC6A7E644A06135AE7506DC2E9 ] usbhub          C:\Windows\system32\DRIVERS\usbhub.sys
10:26:00.0895 5080  usbhub - ok
10:26:00.0912 5080  [ E185D44FAC515A18D9DEDDC23C2CDF44 ] usbohci         C:\Windows\system32\DRIVERS\usbohci.sys
10:26:00.0943 5080  usbohci - ok
10:26:00.0984 5080  [ 797D862FE0875E75C7CC4C1AD7B30252 ] usbprint        C:\Windows\system32\DRIVERS\usbprint.sys
10:26:01.0002 5080  usbprint - ok
10:26:01.0042 5080  [ 576096CCBC07E7C4EA4F5E6686D6888F ] usbscan         C:\Windows\system32\DRIVERS\usbscan.sys
10:26:01.0061 5080  usbscan - ok
10:26:01.0073 5080  [ 31181DE6190B39FC8007DFFD1A48FFD6 ] usbser          C:\Windows\system32\drivers\usbser.sys
10:26:01.0230 5080  usbser - ok
10:26:01.0268 5080  [ E44F0D17BE0908B58DCC99CCB99C6C32 ] UsbserFilt      C:\Windows\system32\DRIVERS\usbser_lowerfltj.sys
10:26:01.0298 5080  UsbserFilt - ok
10:26:01.0309 5080  [ F991AB9CC6B908DB552166768176896A ] USBSTOR         C:\Windows\system32\DRIVERS\USBSTOR.SYS
10:26:01.0357 5080  USBSTOR - ok
10:26:01.0374 5080  [ 68DF884CF41CDADA664BEB01DAF67E3D ] usbuhci         C:\Windows\system32\drivers\usbuhci.sys
10:26:01.0391 5080  usbuhci - ok
10:26:01.0461 5080  [ 081E6E1C91AEC36758902A9F727CD23C ] UxSms           C:\Windows\System32\uxsms.dll
10:26:01.0553 5080  UxSms - ok
10:26:01.0591 5080  [ 81951F51E318AECC2D68559E47485CC4 ] VaultSvc        C:\Windows\system32\lsass.exe
10:26:01.0607 5080  VaultSvc - ok
10:26:01.0659 5080  [ A059C4C3EDB09E07D21A8E5C0AABD3CB ] vdrvroot        C:\Windows\system32\drivers\vdrvroot.sys
10:26:01.0706 5080  vdrvroot - ok
10:26:01.0750 5080  [ C3CD30495687C2A2F66A65CA6FD89BE9 ] vds             C:\Windows\System32\vds.exe
10:26:01.0884 5080  vds - ok
10:26:01.0917 5080  [ 17C408214EA61696CEC9C66E388B14F3 ] vga             C:\Windows\system32\DRIVERS\vgapnp.sys
10:26:01.0981 5080  vga - ok
10:26:01.0995 5080  [ 8E38096AD5C8570A6F1570A61E251561 ] VgaSave         C:\Windows\System32\drivers\vga.sys
10:26:02.0026 5080  VgaSave - ok
10:26:02.0069 5080  [ 5461686CCA2FDA57B024547733AB42E3 ] vhdmp           C:\Windows\system32\drivers\vhdmp.sys
10:26:02.0103 5080  vhdmp - ok
10:26:02.0150 5080  [ C829317A37B4BEA8F39735D4B076E923 ] viaagp          C:\Windows\system32\drivers\viaagp.sys
10:26:02.0169 5080  viaagp - ok
10:26:02.0181 5080  [ E02F079A6AA107F06B16549C6E5C7B74 ] ViaC7           C:\Windows\system32\DRIVERS\viac7.sys
10:26:02.0211 5080  ViaC7 - ok
10:26:02.0225 5080  [ E43574F6A56A0EE11809B48C09E4FD3C ] viaide          C:\Windows\system32\drivers\viaide.sys
10:26:02.0241 5080  viaide - ok
10:26:02.0252 5080  [ 4C63E00F2F4B5F86AB48A58CD990F212 ] volmgr          C:\Windows\system32\drivers\volmgr.sys
10:26:02.0270 5080  volmgr - ok
10:26:02.0297 5080  [ B5BB72067DDDDBBFB04B2F89FF8C3C87 ] volmgrx         C:\Windows\system32\drivers\volmgrx.sys
10:26:02.0325 5080  volmgrx - ok
10:26:02.0336 5080  [ F497F67932C6FA693D7DE2780631CFE7 ] volsnap         C:\Windows\system32\drivers\volsnap.sys
10:26:02.0362 5080  volsnap - ok
10:26:02.0388 5080  [ 9DFA0CC2F8855A04816729651175B631 ] vsmraid         C:\Windows\system32\DRIVERS\vsmraid.sys
10:26:02.0408 5080  vsmraid - ok
10:26:02.0460 5080  [ 209A3B1901B83AEB8527ED211CCE9E4C ] VSS             C:\Windows\system32\vssvc.exe
10:26:02.0510 5080  VSS - ok
10:26:02.0522 5080  [ 90567B1E658001E79D7C8BBD3DDE5AA6 ] vwifibus        C:\Windows\system32\DRIVERS\vwifibus.sys
10:26:02.0554 5080  vwifibus - ok
10:26:02.0576 5080  [ 7090D3436EEB4E7DA3373090A23448F7 ] vwififlt        C:\Windows\system32\DRIVERS\vwififlt.sys
10:26:02.0596 5080  vwififlt - ok
10:26:02.0618 5080  [ 55187FD710E27D5095D10A472C8BAF1C ] W32Time         C:\Windows\system32\w32time.dll
10:26:02.0664 5080  W32Time - ok
10:26:02.0697 5080  [ DE3721E89C653AA281428C8A69745D90 ] WacomPen        C:\Windows\system32\DRIVERS\wacompen.sys
10:26:02.0725 5080  WacomPen - ok
10:26:02.0753 5080  [ 3C3C78515F5AB448B022BDF5B8FFDD2E ] WANARP          C:\Windows\system32\DRIVERS\wanarp.sys
10:26:02.0793 5080  WANARP - ok
10:26:02.0805 5080  [ 3C3C78515F5AB448B022BDF5B8FFDD2E ] Wanarpv6        C:\Windows\system32\DRIVERS\wanarp.sys
10:26:02.0830 5080  Wanarpv6 - ok
10:26:02.0989 5080  [ 691E3285E53DCA558E1A84667F13E15A ] wbengine        C:\Windows\system32\wbengine.exe
10:26:03.0049 5080  wbengine - ok
10:26:03.0069 5080  [ 9614B5D29DC76AC3C29F6D2D3AA70E67 ] WbioSrvc        C:\Windows\System32\wbiosrvc.dll
10:26:03.0093 5080  WbioSrvc - ok
10:26:03.0156 5080  [ 34EEE0DFAADB4F691D6D5308A51315DC ] wcncsvc         C:\Windows\System32\wcncsvc.dll
10:26:03.0206 5080  wcncsvc - ok
10:26:03.0223 5080  [ 5D930B6357A6D2AF4D7653BDABBF352F ] WcsPlugInService C:\Windows\System32\WcsPlugInService.dll
10:26:03.0276 5080  WcsPlugInService - ok
10:26:03.0283 5080  [ 1112A9BADACB47B7C0BB0392E3158DFF ] Wd              C:\Windows\system32\DRIVERS\wd.sys
10:26:03.0302 5080  Wd - ok
10:26:03.0349 5080  [ A840213F1ACDCC175B4D1D5AAEAC0D7A ] Wdf01000        C:\Windows\system32\drivers\Wdf01000.sys
10:26:03.0384 5080  Wdf01000 - ok
10:26:03.0395 5080  [ 46EF9DC96265FD0B423DB72E7C38C2A5 ] WdiServiceHost  C:\Windows\system32\wdi.dll
10:26:03.0451 5080  WdiServiceHost - ok
10:26:03.0455 5080  [ 46EF9DC96265FD0B423DB72E7C38C2A5 ] WdiSystemHost   C:\Windows\system32\wdi.dll
10:26:03.0471 5080  WdiSystemHost - ok
10:26:03.0489 5080  [ A9D880F97530D5B8FEE278923349929D ] WebClient       C:\Windows\System32\webclnt.dll
10:26:03.0525 5080  WebClient - ok
10:26:03.0548 5080  [ 760F0AFE937A77CFF27153206534F275 ] Wecsvc          C:\Windows\system32\wecsvc.dll
10:26:03.0584 5080  Wecsvc - ok
10:26:03.0590 5080  [ AC804569BB2364FB6017370258A4091B ] wercplsupport   C:\Windows\System32\wercplsupport.dll
10:26:03.0621 5080  wercplsupport - ok
10:26:03.0655 5080  [ 08E420D873E4FD85241EE2421B02C4A4 ] WerSvc          C:\Windows\System32\WerSvc.dll
10:26:03.0730 5080  WerSvc - ok
10:26:03.0751 5080  [ 8B9A943F3B53861F2BFAF6C186168F79 ] WfpLwf          C:\Windows\system32\DRIVERS\wfplwf.sys
10:26:03.0793 5080  WfpLwf - ok
10:26:03.0810 5080  [ 5CF95B35E59E2A38023836FFF31BE64C ] WIMMount        C:\Windows\system32\drivers\wimmount.sys
10:26:03.0827 5080  WIMMount - ok
10:26:03.0887 5080  [ 3FAE8F94296001C32EAB62CD7D82E0FD ] WinDefend       C:\Program Files\Windows Defender\mpsvc.dll
10:26:03.0920 5080  WinDefend - ok
10:26:03.0924 5080  WinHttpAutoProxySvc - ok
10:26:03.0977 5080  [ F62E510B6AD4C21EB9FE8668ED251826 ] Winmgmt         C:\Windows\system32\wbem\WMIsvc.dll
10:26:04.0022 5080  Winmgmt - ok
10:26:04.0071 5080  [ 1B91CD34EA3A90AB6A4EF0550174F4CC ] WinRM           C:\Windows\system32\WsmSvc.dll
10:26:04.0137 5080  WinRM - ok
10:26:04.0177 5080  [ A67E5F9A400F3BD1BE3D80613B45F708 ] WinUsb          C:\Windows\system32\DRIVERS\WinUsb.sys
10:26:04.0197 5080  WinUsb - ok
10:26:04.0239 5080  [ 16935C98FF639D185086A3529B1F2067 ] Wlansvc         C:\Windows\System32\wlansvc.dll
10:26:04.0285 5080  Wlansvc - ok
10:26:04.0323 5080  [ 0217679B8FCA58714C3BF2726D2CA84E ] WmiAcpi         C:\Windows\system32\drivers\wmiacpi.sys
10:26:04.0341 5080  WmiAcpi - ok
10:26:04.0358 5080  [ 6EB6B66517B048D87DC1856DDF1F4C3F ] wmiApSrv        C:\Windows\system32\wbem\WmiApSrv.exe
10:26:04.0391 5080  wmiApSrv - ok
10:26:04.0439 5080  [ 3B40D3A61AA8C21B88AE57C58AB3122E ] WMPNetworkSvc   C:\Program Files\Windows Media Player\wmpnetwk.exe
10:26:04.0483 5080  WMPNetworkSvc - ok
10:26:04.0518 5080  [ A2F0EC770A92F2B3F9DE6D518E11409C ] WPCSvc          C:\Windows\System32\wpcsvc.dll
10:26:04.0540 5080  WPCSvc - ok
10:26:04.0577 5080  [ AA53356D60AF47EACC85BC617A4F3F66 ] WPDBusEnum      C:\Windows\system32\wpdbusenum.dll
10:26:04.0610 5080  WPDBusEnum - ok
10:26:04.0631 5080  [ 6DB3276587B853BF886B69528FDB048C ] ws2ifsl         C:\Windows\system32\drivers\ws2ifsl.sys
10:26:04.0666 5080  ws2ifsl - ok
10:26:04.0683 5080  [ 6F5D49EFE0E7164E03AE773A3FE25340 ] wscsvc          C:\Windows\system32\wscsvc.dll
10:26:04.0721 5080  wscsvc - ok
10:26:04.0725 5080  WSearch - ok
10:26:04.0805 5080  [ FC3EC24FCE372C89423E015A2AC1A31E ] wuauserv        C:\Windows\system32\wuaueng.dll
10:26:04.0866 5080  wuauserv - ok
10:26:04.0897 5080  [ 06E6F32C8D0A3F66D956F57B43A2E070 ] WudfPf          C:\Windows\system32\drivers\WudfPf.sys
10:26:04.0931 5080  WudfPf - ok
10:26:04.0948 5080  [ 867C301E8B790040AE9CF6486E8041DF ] WUDFRd          C:\Windows\system32\DRIVERS\WUDFRd.sys
10:26:04.0974 5080  WUDFRd - ok
10:26:05.0016 5080  [ FE47B7BC8EA320C2D9B5E5BF6E303765 ] wudfsvc         C:\Windows\System32\WUDFSvc.dll
10:26:05.0049 5080  wudfsvc - ok
10:26:05.0078 5080  [ FF2D745B560F7C71B31F30F4D49F73D2 ] WwanSvc         C:\Windows\System32\wwansvc.dll
10:26:05.0111 5080  WwanSvc - ok
10:26:05.0144 5080  ================ Scan global ===============================
10:26:05.0167 5080  [ DAB748AE0439955ED2FA22357533DDDB ] C:\Windows\system32\basesrv.dll
10:26:05.0198 5080  [ 1F5F07091D50244F17DD8D5147A628CC ] C:\Windows\system32\winsrv.dll
10:26:05.0217 5080  [ 1F5F07091D50244F17DD8D5147A628CC ] C:\Windows\system32\winsrv.dll
10:26:05.0241 5080  [ 364455805E64882844EE9ACB72522830 ] C:\Windows\system32\sxssrv.dll
10:26:05.0271 5080  [ 5F1B6A9C35D3D5CA72D6D6FDEF9747D6 ] C:\Windows\system32\services.exe
10:26:05.0282 5080  [Global] - ok
10:26:05.0282 5080  ================ Scan MBR ==================================
10:26:05.0302 5080  [ A36C5E4F47E84449FF07ED3517B43A31 ] \Device\Harddisk0\DR0
10:26:05.0668 5080  \Device\Harddisk0\DR0 - ok
10:26:05.0669 5080  ================ Scan VBR ==================================
10:26:05.0671 5080  [ 9A921452B320930199AF6159752D31BB ] \Device\Harddisk0\DR0\Partition1
10:26:05.0672 5080  \Device\Harddisk0\DR0\Partition1 - ok
10:26:05.0694 5080  [ 23CE4340CAEE4E845EEB1AD9D259ADD1 ] \Device\Harddisk0\DR0\Partition2
10:26:05.0696 5080  \Device\Harddisk0\DR0\Partition2 - ok
10:26:05.0696 5080  ============================================================
10:26:05.0696 5080  Scan finished
10:26:05.0696 5080  ============================================================
10:26:05.0706 5064  Detected object count: 3
10:26:05.0706 5064  Actual detected object count: 3
10:29:47.0255 5064  avmeject ( UnsignedFile.Multi.Generic ) - skipped by user
10:29:47.0255 5064  avmeject ( UnsignedFile.Multi.Generic ) - User select action: Skip 
10:29:47.0256 5064  IDriverT ( UnsignedFile.Multi.Generic ) - skipped by user
10:29:47.0256 5064  IDriverT ( UnsignedFile.Multi.Generic ) - User select action: Skip 
10:29:47.0258 5064  NTIOLib_1_0_8 ( UnsignedFile.Multi.Generic ) - skipped by user
10:29:47.0258 5064  NTIOLib_1_0_8 ( UnsignedFile.Multi.Generic ) - User select action: Skip

Alt 08.05.2013, 11:22   #10
cosinus
/// Winkelfunktion
/// TB-Süch-Tiger™
 
Bundesministerium für Internetsicherheit - Kompromitierter Rechner - Standard

Bundesministerium für Internetsicherheit - Kompromitierter Rechner


JRT - Junkware Removal Tool

Beende bitte Deine Schutzsoftware um eventuelle Konflikte zu vermeiden.
Bitte lade Junkware Removal Tool auf Deinen Desktop

  • Starte das Tool mit Doppelklick. Ab Windows Vista (oder höher) bitte mit Rechtsklick "als Administrator ausführen" starten.
  • Drücke eine beliebige Taste, um das Tool zu starten.
  • Je nach System kann der Scan eine Weile dauern.
  • Wenn das Tool fertig ist wird das Logfile (JRT.txt) auf dem Desktop gespeichert und automatisch geöffnet.
  • Bitte poste den Inhalt der JRT.txt in Deiner nächsten Antwort.




Im Anschluss:

adwCleaner - Toolbars und ungewollte Start-/Suchseiten entfernen

Downloade Dir bitte AdwCleaner Logo Icon AdwCleaner auf deinen Desktop.
  • Schließe alle offenen Programme und Browser. Bebilderte Anleitung zu AdwCleaner.
  • Starte die AdwCleaner.exe mit einem Doppelklick.
  • Stimme den Nutzungsbedingungen zu.
  • Klicke auf Optionen und vergewissere dich, dass die folgenden Punkte ausgewählt sind:
    • "Tracing" Schlüssel löschen
    • Winsock Einstellungen zurücksetzen
    • Proxy Einstellungen zurücksetzen
    • Internet Explorer Richtlinien zurücksetzen
    • Chrome Richtlinien zurücksetzen
    • Stelle sicher, dass alle 5 Optionen wie hier dargestellt, ausgewählt sind
  • Klicke auf Suchlauf und warte bis dieser abgeschlossen ist.
  • Klicke nun auf Löschen und bestätige auftretende Hinweise mit Ok.
  • Dein Rechner wird automatisch neu gestartet. Nach dem Neustart öffnet sich eine Textdatei. Poste mir deren Inhalt mit deiner nächsten Antwort.
  • Die Logdatei findest du auch unter C:\AdwCleaner\AdwCleaner[Cx].txt. (x = fortlaufende Nummer).


Danach eine Kontrolle mit OTL bitte:
  • Doppelklick auf die OTL.exe
  • Vista User: Rechtsklick auf die OTL.exe und "als Administrator ausführen" wählen
  • Setze oben mittig den Haken bei Scanne alle Benutzer
  • Oben findest Du ein Kästchen mit Output. Wähle bitte Minimal Output
  • Unter Extra Registry, wähle bitte Use SafeList
  • Klicke nun auf Run Scan links oben
  • Wenn der Scan beendet wurde werden 2 Logfiles erstellt
  • Poste die Logfiles in CODE-Tags hier in den Thread.
__________________
Logfiles bitte immer in CODE-Tags posten

Alt 08.05.2013, 14:52   #11
SuppiSuppenh
 
Bundesministerium für Internetsicherheit - Kompromitierter Rechner - Standard

Bundesministerium für Internetsicherheit - Kompromitierter Rechner


1.) JRT - Junkware Removal Tool

Hier ist der Log:
Code:
ATTFilter
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Junkware Removal Tool (JRT) by Thisisu
Version: 4.9.4 (05.06.2013:1)
OS: Windows 7 Home Premium x86
Ran by Martin on 08.05.2013 at 13:08:05,59
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~




~~~ Services



~~~ Registry Values



~~~ Registry Keys

Successfully deleted: [Registry Key] HKEY_CURRENT_USER\Software\conduit
Successfully deleted: [Registry Key] HKEY_CURRENT_USER\Software\softonic
Successfully deleted: [Registry Key] HKEY_CURRENT_USER\Software\AppDataLow\Software\smartbar



~~~ Files



~~~ Folders



~~~ FireFox

Successfully deleted: [Folder] C:\Users\Martin\AppData\Roaming\mozilla\firefox\profiles\1uxfjgzh.default\smartbar
Successfully deleted the following from C:\Users\Martin\AppData\Roaming\mozilla\firefox\profiles\1uxfjgzh.default\prefs.js

user_pref("CT3241949.1000082.isDisplayHidden", "true");
user_pref("CT3241949.1000082.state", "{\"state\":\"stopped\",\"text\":\"Californi...\",\"description\":\"California Rock\",\"url\":\"hxxp://feedlive.net/california.asx\"}");
user_pref("CT3241949.1000234.TWC_TMP_city", "FRANKFURT AM MAIN");
user_pref("CT3241949.1000234.TWC_TMP_country", "DE");
user_pref("CT3241949.1000234.TWC_locId", "GMXX0040");
user_pref("CT3241949.1000234.TWC_location", "Frankfurt am Main, Deutschland");
user_pref("CT3241949.1000234.TWC_region", "DE");
user_pref("CT3241949.1000234.TWC_temp_dis", "c");
user_pref("CT3241949.1000234.TWC_wind_dis", "kmh");
user_pref("CT3241949.1000234.weatherData", "{\"icon\":\"28.png\",\"temperature\":\"9°C\",\"temperatureClear\":\"9°C\",\"highTemperature\":\"9°C\",\"lowTemperature\":\"4°C\
user_pref("CT3241949.CBOpenMAMSettings.enc", "MA==");
user_pref("CT3241949.ENABALE_HISTORY", "{\"dataType\":\"string\",\"data\":\"true\"}");
user_pref("CT3241949.ENABLE_RETURN_WEB_SEARCH_ON_THE_PAGE", "{\"dataType\":\"string\",\"data\":\"true\"}");
user_pref("CT3241949.FirstTime", "true");
user_pref("CT3241949.FirstTimeFF3", "true");
user_pref("CT3241949.LoginRevertSettingsEnabled", true);
user_pref("CT3241949.RevertSettingsEnabled", true);
user_pref("CT3241949.UserID", "UN08415876074448336");
user_pref("CT3241949.addressBarTakeOverEnabledInHidden", "true");
user_pref("CT3241949.cbcountry_001.enc", "REU=");
user_pref("CT3241949.cbfirsttime.enc", "TW9uIERlYyAzMSAyMDEyIDE1OjA0OjI5IEdNVCswMTAw");
user_pref("CT3241949.enableAlerts", "never");
user_pref("CT3241949.enableFix404ByUser", "FALSE");
user_pref("CT3241949.event_data.enc", "JTVCJTVE");
user_pref("CT3241949.fired_events.enc", "AA==");
user_pref("CT3241949.firstTimeDialogOpened", "true");
user_pref("CT3241949.fixPageNotFoundErrorByUser", "TRUE");
user_pref("CT3241949.fixPageNotFoundErrorInHidden", "true");
user_pref("CT3241949.fixUrls", true);
user_pref("CT3241949.installType", "Unknown");
user_pref("CT3241949.isCheckedStartAsHidden", true);
user_pref("CT3241949.isEnableAllDialogs", "{\"dataType\":\"string\",\"data\":\"true\"}");
user_pref("CT3241949.isFirstTimeToolbarLoading", "false");
user_pref("CT3241949.isNewTabEnabled", false);
user_pref("CT3241949.isPerformedSmartBarTransition", "true");
user_pref("CT3241949.isToolbarShrinked", "{\"dataType\":\"string\",\"data\":\"false\"}");
user_pref("CT3241949.isWelcomPage", "{\"dataType\":\"boolean\",\"data\":\"true\"}");
user_pref("CT3241949.key_date.enc", "MzE=");
user_pref("CT3241949.lastNewTabSettings", "{\"isEnabled\":false,\"newTabUrl\":\"hxxp://search.conduit.com/?ctid=CT3241949&octid=CT3241949&SearchSource=15&CUI=UN084158760744483
user_pref("CT3241949.lastVersion", "10.15.2.523");
user_pref("CT3241949.migrateAppsAndComponents", true);
user_pref("CT3241949.navigationAliasesJson", "{\"EB_SEARCH_TERM\":\"\",\"EB_MAIN_FRAME_URL\":\"about%3Adownloads\",\"EB_MAIN_FRAME_TITLE\":\"\",\"EB_TOOLBAR_SUB_DOMAIN\":\"htt
user_pref("CT3241949.newSettings", "{\"dataType\":\"boolean\",\"data\":\"true\"}");
user_pref("CT3241949.price-gong.bornDate", "{\"dataType\":\"string\",\"data\":\"{\\\"Response\\\":\\\"12\\\\/31\\\\/2012 17\\\"}\"}");
user_pref("CT3241949.price-gong.isManagedApp", "true");
user_pref("CT3241949.search.searchAppId", "129887071061272563");
user_pref("CT3241949.search.searchCount", "2");
user_pref("CT3241949.searchInNewTabEnabled", "false");
user_pref("CT3241949.searchInNewTabEnabledByUser", "false");
user_pref("CT3241949.searchInNewTabEnabledInHidden", "true");
user_pref("CT3241949.selectToSearchBoxEnabled", "{\"dataType\":\"string\",\"data\":\"true\"}");
user_pref("CT3241949.serviceLayer_service_login_isFirstLoginInvoked", "{\"dataType\":\"boolean\",\"data\":\"true\"}");
user_pref("CT3241949.serviceLayer_service_login_loginCount", "{\"dataType\":\"number\",\"data\":\"4\"}");
user_pref("CT3241949.serviceLayer_service_toolbarGrouping_activeCTID", "{\"dataType\":\"string\",\"data\":\"CT3241949\"}");
user_pref("CT3241949.serviceLayer_service_toolbarGrouping_activeDownloadUrl", "{\"dataType\":\"string\",\"data\":\"hxxp://FileConverter13.OurToolbar.com//xpi\"}");
user_pref("CT3241949.serviceLayer_service_toolbarGrouping_activeToolbarName", "{\"dataType\":\"string\",\"data\":\"FileConverter 1.3\"}");
user_pref("CT3241949.serviceLayer_service_toolbarGrouping_invoked", "{\"dataType\":\"string\",\"data\":\"true\"}");
user_pref("CT3241949.serviceLayer_services_appTrackingFirstTime_lastUpdate", "1356962664994");
user_pref("CT3241949.serviceLayer_services_appsMetadata_lastUpdate", "1356962664879");
user_pref("CT3241949.serviceLayer_services_gottenAppsContextMenu_lastUpdate", "1356962665551");
user_pref("CT3241949.serviceLayer_services_location_lastUpdate", "1367988967752");
user_pref("CT3241949.serviceLayer_services_login_10.13.40.15_lastUpdate", "1358859528841");
user_pref("CT3241949.serviceLayer_services_login_10.14.40.128_lastUpdate", "1359299309480");
user_pref("CT3241949.serviceLayer_services_login_10.14.42.7_lastUpdate", "1360766755362");
user_pref("CT3241949.serviceLayer_services_login_10.14.65.43_lastUpdate", "1364053739718");
user_pref("CT3241949.serviceLayer_services_login_10.15.0.562_lastUpdate", "1366033849988");
user_pref("CT3241949.serviceLayer_services_login_10.15.2.523_lastUpdate", "1368011131182");
user_pref("CT3241949.serviceLayer_services_menu_769c590835a76d075fe33b9a87a87786_lastUpdate", "1356962665283");
user_pref("CT3241949.serviceLayer_services_menu_d32f45618f5a02bd965c56155a643855_lastUpdate", "1356962665208");
user_pref("CT3241949.serviceLayer_services_otherAppsContextMenu_lastUpdate", "1356962665592");
user_pref("CT3241949.serviceLayer_services_searchAPI_lastUpdate", "1356962664467");
user_pref("CT3241949.serviceLayer_services_serviceMap_lastUpdate", "1367988967406");
user_pref("CT3241949.serviceLayer_services_toolbarContextMenu_lastUpdate", "1356962665512");
user_pref("CT3241949.serviceLayer_services_toolbarSettings_lastUpdate", "1368011131253");
user_pref("CT3241949.serviceLayer_services_translation_lastUpdate", "1367988967645");
user_pref("CT3241949.serviceLayer_services_userApps1ec55dac-8dca-406b-9697-5d68893c1c0c_lastUpdate", "1356962707739");
user_pref("CT3241949.serviceLayer_services_userApps_lastUpdate", "1356962707747");
user_pref("CT3241949.settingsINI", true);
user_pref("CT3241949.showToolbarPermission", "false");
user_pref("CT3241949.smartbar.CTID", "CT3241949");
user_pref("CT3241949.smartbar.Uninstall", "0");
user_pref("CT3241949.smartbar.isHidden", true);
user_pref("CT3241949.smartbar.toolbarName", "FileConverter 1.3 ");
user_pref("CT3241949.toolbarBornServerTime", "31-12-2012");
user_pref("CT3241949.toolbarCurrentServerTime", "8-5-2013");
user_pref("CT3241949.toolbarLoginClientTime", "Sat Mar 23 2013 19:39:13 GMT+0100");
user_pref("CT3241949.url_history0001.enc", "aHR0cDovL3d3dy5jaGlwLmRlL2Rvd25sb2Fkcy9NaW5lY3JhZnRfNTE3MDUzNzguaHRtbDo6OmNsaWNraGFuZGxlcjo6OjEzNTY5NjI4Mzk0MjMsLCxodHRwOi8vd3d3LmN
user_pref("CT3241949_Firefox.csv", "[{\"from\":\"Abs Layer\",\"action\":\"loading toolbar\",\"time\":1368011009439,\"isWithState\":\"\",\"timeFromStart\":0,\"timeFromPrev\":0}
user_pref("smartbar.machineId", "WVDYSR5XFZMPHJI4POIEOLI55ZKORA3XWGEJQUZVBEJRC2XJSRB9YCQF4IHAIZDALTIAV74OKFB6LX1G8EOU0G");
Emptied folder: C:\Users\Martin\AppData\Roaming\mozilla\firefox\profiles\1uxfjgzh.default\minidumps [26 files]



~~~ Event Viewer Logs were cleared





~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Scan was completed on 08.05.2013 at 13:09:28,79
End of JRT log
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

2.) adwCleaner - Toolbars und ungewollte Start-/Suchseiten entfernen

Hier ist der Log:
Code:
ATTFilter
# AdwCleaner v2.300 - Datei am 08/05/2013 um 15:21:29 erstellt
# Aktualisiert am 28/04/2013 von Xplode
# Betriebssystem : Windows 7 Home Premium Service Pack 1 (32 bits)
# Benutzer : Martin - MARTIN-PC
# Bootmodus : Normal
# Ausgeführt unter : C:\Users\Martin\Desktop\Trojaner-Board\adwcleaner.exe
# Option [Löschen]


**** [Dienste] ****


***** [Dateien / Ordner] *****

Ordner Gelöscht : C:\Users\Martin\AppData\Roaming\Mozilla\Firefox\Profiles\1uxfjgzh.default\CT3241949
Ordner Gelöscht : C:\Users\Martin\AppData\Roaming\Mozilla\Firefox\Profiles\1uxfjgzh.default\extensions\{78e516ef-11de-47a1-8364-a99b917ec5ee}
Ordner Gelöscht : C:\Users\Martin\AppData\Roaming\Mozilla\Firefox\Profiles\1uxfjgzh.default\Smartbar

***** [Registrierungsdatenbank] *****

Schlüssel Gelöscht : HKCU\Software\AppDataLow\Software\SmartBar
Schlüssel Gelöscht : HKCU\Software\Conduit
Schlüssel Gelöscht : HKCU\Software\InstallCore
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\AppID\{50F7F0BE-31BA-4145-BD8B-6B0DECFED804}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{813A22E0-3E2B-4188-9BDA-ECA9878B8D48}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{BCFF5F55-6F44-11D2-86F8-00104B265ED5}
Schlüssel Gelöscht : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\063A857434EDED11A893800002C0A966
Schlüssel Gelöscht : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\0FF2AEFF45EEA0A48A4B33C1973B6094
Schlüssel Gelöscht : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\305B09CE8C53A214DB58887F62F25536
Schlüssel Gelöscht : HKLM\SOFTWARE\Software

***** [Internet Browser] *****

-\\ Internet Explorer v10.0.9200.16521

[OK] Die Registrierungsdatenbank ist sauber.

-\\ Mozilla Firefox v20.0.1 (de)

Datei : C:\Users\Martin\AppData\Roaming\Mozilla\Firefox\Profiles\1uxfjgzh.default\prefs.js

Gelöscht : user_pref("CT3241949.1000082.isPlayDisplay", "true");
Gelöscht : user_pref("CT3241949.1000082.state", "{\"state\":\"stopped\",\"text\":\"Californi...\",\"description[...]
Gelöscht : user_pref("CT3241949.1000234.TWC_TMP_city", "FRANKFURT AM MAIN");
Gelöscht : user_pref("CT3241949.1000234.TWC_TMP_country", "DE");
Gelöscht : user_pref("CT3241949.1000234.TWC_country", "GERMANY");
Gelöscht : user_pref("CT3241949.1000234.TWC_locId", "GMXX0040");
Gelöscht : user_pref("CT3241949.1000234.TWC_location", "Frankfurt am Main, Germany");
Gelöscht : user_pref("CT3241949.1000234.TWC_region", "DE");
Gelöscht : user_pref("CT3241949.1000234.TWC_temp_dis", "c");
Gelöscht : user_pref("CT3241949.1000234.TWC_wind_dis", "kmh");
Gelöscht : user_pref("CT3241949.1000234.weatherData", "{\"icon\":\"28.png\",\"temperature\":\"21°C\",\"temperat[...]
Gelöscht : user_pref("CT3241949.ENABALE_HISTORY", "{\"dataType\":\"string\",\"data\":\"true\"}");
Gelöscht : user_pref("CT3241949.ENABLE_RETURN_WEB_SEARCH_ON_THE_PAGE", "{\"dataType\":\"string\",\"data\":\"tru[...]
Gelöscht : user_pref("CT3241949.FirstTime", "true");
Gelöscht : user_pref("CT3241949.FirstTimeFF3", "true");
Gelöscht : user_pref("CT3241949.PG_ENABLE", "dHJ1ZQ==");
Gelöscht : user_pref("CT3241949.PG_ENABLE.enc", "dHJ1ZQ==");
Gelöscht : user_pref("CT3241949.SF_JUST_INSTALLED.enc", "RkFMU0U=");
Gelöscht : user_pref("CT3241949.SF_STATUS.enc", "RU5BQkxFRA==");
Gelöscht : user_pref("CT3241949.SF_USER_ID.enc", "Y2lkXzg1MjAxMzE1MTY3NjE1MTQ0Mw==");
Gelöscht : user_pref("CT3241949.UserID", "UN39844585039552793");
Gelöscht : user_pref("CT3241949.addressBarTakeOverEnabledInHidden", "true");
Gelöscht : user_pref("CT3241949.embeddedsData", "[{\"appId\":\"129887071061272563\",\"apiPermissions\":{\"cross[...]
Gelöscht : user_pref("CT3241949.enableAlerts", "always");
Gelöscht : user_pref("CT3241949.enableFix404ByUser", "FALSE");
Gelöscht : user_pref("CT3241949.event_data.enc", "JTVCJTVE");
Gelöscht : user_pref("CT3241949.fired_events.enc", "");
Gelöscht : user_pref("CT3241949.firstTimeDialogOpened", "true");
Gelöscht : user_pref("CT3241949.fixPageNotFoundErrorByUser", "TRUE");
Gelöscht : user_pref("CT3241949.fixPageNotFoundErrorInHidden", "true");
Gelöscht : user_pref("CT3241949.fixUrls", true);
Gelöscht : user_pref("CT3241949.isCheckedStartAsHidden", true);
Gelöscht : user_pref("CT3241949.isEnableAllDialogs", "{\"dataType\":\"string\",\"data\":\"true\"}");
Gelöscht : user_pref("CT3241949.isFirstTimeToolbarLoading", "false");
Gelöscht : user_pref("CT3241949.isToolbarShrinked", "{\"dataType\":\"string\",\"data\":\"false\"}");
Gelöscht : user_pref("CT3241949.isWelcomPage", "{\"dataType\":\"boolean\",\"data\":\"true\"}");
Gelöscht : user_pref("CT3241949.key_date.enc", "OA==");
Gelöscht : user_pref("CT3241949.lastNewTabSettings", "{\"isEnabled\":false,\"newTabUrl\":\"hxxp://search.condui[...]
Gelöscht : user_pref("CT3241949.lastVersion", "10.15.2.523");
Gelöscht : user_pref("CT3241949.mam_gk_appStateReportTime.enc", "MTM2ODAxODk0MzgwNA==");
Gelöscht : user_pref("CT3241949.mam_gk_appState_CouponBuddy.enc", "b24=");
Gelöscht : user_pref("CT3241949.mam_gk_appState_Easytobook.enc", "b24=");
Gelöscht : user_pref("CT3241949.mam_gk_appState_Easytobook_targeted.enc", "b24=");
Gelöscht : user_pref("CT3241949.mam_gk_appState_PriceGong.enc", "b24=");
Gelöscht : user_pref("CT3241949.mam_gk_appState_WindowShopper.enc", "b24=");
Gelöscht : user_pref("CT3241949.mam_gk_appsData.enc", "eyJhcHBzIjpbeyJpZCI6IlByaWNlR29uZyIsInVybCI6Imh0dHA6Ly9w[...]
Gelöscht : user_pref("CT3241949.mam_gk_appsDefaultEnabled.enc", "bnVsbA==");
Gelöscht : user_pref("CT3241949.mam_gk_configuration.enc", "eyJjb25maWd1cmF0aW9uIjpbeyJpZCI6IkVhc3l0b2Jvb2tfdGF[...]
Gelöscht : user_pref("CT3241949.mam_gk_currentVersion.enc", "MS40LjQuNg==");
Gelöscht : user_pref("CT3241949.mam_gk_first_time.enc", "MQ==");
Gelöscht : user_pref("CT3241949.mam_gk_installer_preapproved.enc", "RkFMU0U=");
Gelöscht : user_pref("CT3241949.mam_gk_lastLoginTime.enc", "MTM2ODAxODk0MDA1Nw==");
Gelöscht : user_pref("CT3241949.mam_gk_localization.enc", "eyJnYWRnZXRDb250ZW50UG9saWN5Ijp7IlRleHQiOiJDb250ZW50[...]
Gelöscht : user_pref("CT3241949.mam_gk_pgUnloadedOnce.enc", "dHJ1ZQ==");
Gelöscht : user_pref("CT3241949.mam_gk_settings1.4.4.6.enc", "eyJTdGF0dXMiOiJzdWNjZWVkZWQiLCJEYXRhIjp7ImludGVyd[...]
Gelöscht : user_pref("CT3241949.mam_gk_showCloseButton.enc", "dHJ1ZQ==");
Gelöscht : user_pref("CT3241949.mam_gk_showWelcomeGadget.enc", "ZmFsc2U=");
Gelöscht : user_pref("CT3241949.mam_gk_userId.enc", "OTk3ZTg0MmEtMzkzZi00YzdlLTlkMGItZmJlYzgzZDE1YzE2");
Gelöscht : user_pref("CT3241949.migrateAppsAndComponents", true);
Gelöscht : user_pref("CT3241949.navigationAliasesJson", "{\"EB_SEARCH_TERM\":\"\",\"EB_MAIN_FRAME_URL\":\"hxxp%[...]
Gelöscht : user_pref("CT3241949.personalApps", "{\"dataType\":\"object\",\"data\":\"[\\\"BROWSER_COMPONENT\\\"][...]
Gelöscht : user_pref("CT3241949.price-gong.bornDate", "{\"dataType\":\"string\",\"data\":\"{\\\"Response\\\":\\[...]
Gelöscht : user_pref("CT3241949.price-gong.isManagedApp", "true");
Gelöscht : user_pref("CT3241949.revertSettingsEnabled", "false");
Gelöscht : user_pref("CT3241949.search.searchAppId", "129887071061272563");
Gelöscht : user_pref("CT3241949.search.searchCount", "0");
Gelöscht : user_pref("CT3241949.searchInNewTabEnabledByUser", "false");
Gelöscht : user_pref("CT3241949.searchInNewTabEnabledInHidden", "true");
Gelöscht : user_pref("CT3241949.searchUserMode", "1");
Gelöscht : user_pref("CT3241949.selectToSearchBoxEnabled", "{\"dataType\":\"string\",\"data\":\"true\"}");
Gelöscht : user_pref("CT3241949.serviceLayer_service_login_isFirstLoginInvoked", "{\"dataType\":\"boolean\",\"d[...]
Gelöscht : user_pref("CT3241949.serviceLayer_service_login_loginCount", "{\"dataType\":\"number\",\"data\":\"4\[...]
Gelöscht : user_pref("CT3241949.serviceLayer_service_toolbarGrouping_activeCTID", "{\"dataType\":\"string\",\"d[...]
Gelöscht : user_pref("CT3241949.serviceLayer_service_toolbarGrouping_activeDownloadUrl", "{\"dataType\":\"strin[...]
Gelöscht : user_pref("CT3241949.serviceLayer_service_toolbarGrouping_activeToolbarName", "{\"dataType\":\"strin[...]
Gelöscht : user_pref("CT3241949.serviceLayer_service_toolbarGrouping_invoked", "{\"dataType\":\"string\",\"data[...]
Gelöscht : user_pref("CT3241949.serviceLayer_services_appTrackingFirstTime_lastUpdate", "1368019046219");
Gelöscht : user_pref("CT3241949.serviceLayer_services_appsMetadata_lastUpdate", "1368019213644");
Gelöscht : user_pref("CT3241949.serviceLayer_services_gottenAppsContextMenu_lastUpdate", "1368019046105");
Gelöscht : user_pref("CT3241949.serviceLayer_services_location_lastUpdate", "1368019043030");
Gelöscht : user_pref("CT3241949.serviceLayer_services_login_10.15.2.523_lastUpdate", "1368019046067");
Gelöscht : user_pref("CT3241949.serviceLayer_services_menu_769c590835a76d075fe33b9a87a87786_lastUpdate", "13680[...]
Gelöscht : user_pref("CT3241949.serviceLayer_services_menu_d32f45618f5a02bd965c56155a643855_lastUpdate", "13680[...]
Gelöscht : user_pref("CT3241949.serviceLayer_services_otherAppsContextMenu_lastUpdate", "1368019046144");
Gelöscht : user_pref("CT3241949.serviceLayer_services_searchAPI_lastUpdate", "1368019043094");
Gelöscht : user_pref("CT3241949.serviceLayer_services_serviceMap_lastUpdate", "1368019042983");
Gelöscht : user_pref("CT3241949.serviceLayer_services_setupAPI_lastUpdate", "1368019043077");
Gelöscht : user_pref("CT3241949.serviceLayer_services_toolbarContextMenu_lastUpdate", "1368019046026");
Gelöscht : user_pref("CT3241949.serviceLayer_services_toolbarSettings_lastUpdate", "1368019213688");
Gelöscht : user_pref("CT3241949.serviceLayer_services_translation_lastUpdate", "1368019046012");
Gelöscht : user_pref("CT3241949.serviceLayer_services_userApps_lastUpdate", "1368018925714");
Gelöscht : user_pref("CT3241949.settingsINI", true);
Gelöscht : user_pref("CT3241949.showToolbarPermission", "false");
Gelöscht : user_pref("CT3241949.smartbar.CTID", "CT3241949");
Gelöscht : user_pref("CT3241949.smartbar.Uninstall", "0");
Gelöscht : user_pref("CT3241949.smartbar.toolbarName", "FileConverter 1.3 ");
Gelöscht : user_pref("CT3241949.toolbarCurrentServerTime", "8-5-2013");
Gelöscht : user_pref("CT3241949.toolbarLoginClientTime", "Wed May 08 2013 15:15:25 GMT+0200");
Gelöscht : user_pref("CT3241949.url_history0001.enc", "aHR0cDovL3d3dy50cm9qYW5lci1ib2FyZC5kZS86OjpjbGlja2hhbmRs[...]
Gelöscht : user_pref("CT3241949.userIdGenerationCounter", "1");
Gelöscht : user_pref("CT3241949_Firefox.csv", "[{\"from\":\"Abs Layer\",\"action\":\"loading toolbar\",\"time\"[...]
Gelöscht : user_pref("smartbar.machineId", "WVDYSR5XFZMPHJI4POIEOLI55ZKORA3XWGEJQUZVBEJRC2XJSRB9YCQF4IHAIZDALTI[...]

*************************

AdwCleaner[R1].txt - [10990 octets] - [08/05/2013 15:18:33]
AdwCleaner[S1].txt - [10826 octets] - [08/05/2013 15:21:29]

########## EOF - C:\AdwCleaner[S1].txt - [10887 octets] ##########
3.) Scan mit OTL

Hier ist die OTL.Txt:
Code:
ATTFilter
OTL logfile created on: 08.05.2013 15:26:30 - Run 2
OTL by OldTimer - Version 3.2.69.0     Folder = C:\Users\Martin\Desktop\Trojaner-Board
 Home Premium Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 9.10.9200.16521)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
 
3,00 Gb Total Physical Memory | 1,91 Gb Available Physical Memory | 63,66% Memory free
6,00 Gb Paging File | 4,60 Gb Available in Paging File | 76,73% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 98,60 Gb Total Space | 23,69 Gb Free Space | 24,02% Space Free | Partition Type: NTFS
Drive D: | 832,91 Gb Total Space | 645,48 Gb Free Space | 77,50% Space Free | Partition Type: NTFS
Drive E: | 690,24 Mb Total Space | 0,00 Mb Free Space | 0,00% Space Free | Partition Type: CDFS
 
Computer Name: MARTIN-PC | User Name: Martin | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days
 
========== Processes (SafeList) ==========
 
PRC - C:\Users\Martin\Desktop\Trojaner-Board\OTL.exe (OldTimer Tools)
PRC - C:\Program Files\McAfee Security Scan\3.0.318\SSScheduler.exe (McAfee, Inc.)
PRC - C:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe (Adobe Systems Incorporated)
PRC - D:\Programme\Hamachi\hamachi-2-ui.exe (LogMeIn Inc.)
PRC - D:\Programme\Hamachi\hamachi-2.exe (LogMeIn Inc.)
PRC - C:\Program Files\Evernote\Evernote\EvernoteClipper.exe (Evernote Corp., 333 W Evelyn Ave. Mountain View, CA 94041)
PRC - C:\Windows\System32\taskhost.exe (Microsoft Corporation)
PRC - C:\Program Files\avmwlanstick\FRITZWLANMini.exe (AVM Berlin)
PRC - D:\Programme\I-Tunes\iTunesHelper.exe (Apple Inc.)
PRC - C:\Program Files\Nokia\Nokia Suite\NokiaSuite.exe (Nokia)
PRC - C:\Program Files\PC Connectivity Solution\ServiceLayer.exe (Nokia)
PRC - C:\Program Files\PC Connectivity Solution\Transports\NclUSBSrv.exe (Nokia)
PRC - C:\Program Files\PC Connectivity Solution\Transports\NclMSBTSrvEx.exe (Nokia)
PRC - C:\Windows\System32\atieclxx.exe (AMD)
PRC - C:\Windows\System32\atiesrxx.exe (AMD)
PRC - C:\Programme\Mozilla Firefox\firefox.exe (Mozilla Corporation)
PRC - C:\Programme\Avira\AntiVir Desktop\avguard.exe (Avira GmbH)
PRC - C:\Windows\explorer.exe (Microsoft Corporation)
PRC - C:\Windows\System32\prevhost.exe (Microsoft Corporation)
PRC - D:\Programme\ATI\ATI.ACE\Core-Static\CCC.exe (ATI Technologies Inc.)
PRC - D:\Programme\ATI\ATI.ACE\Core-Static\MOM.exe (Advanced Micro Devices Inc.)
PRC - C:\Programme\Avira\AntiVir Desktop\sched.exe (Avira GmbH)
PRC - C:\Programme\Avira\AntiVir Desktop\avgnt.exe (Avira GmbH)
PRC - C:\Programme\Avira\AntiVir Desktop\avshadow.exe (Avira GmbH)
PRC - D:\Programme\Content Tranfer 1.3\CT1.3_dl\ContentTransferWMDetector.exe (Sony Corporation)
PRC - C:\Program Files\Canon\MyPrinter\BJMYPRT.EXE (CANON INC.)
PRC - C:\Programme\Microsoft Office\Office12\ONENOTEM.EXE (Microsoft Corporation)
PRC - C:\Programme\Microsoft Office\Office12\GrooveMonitor.exe (Microsoft Corporation)
PRC - C:\Program Files\Common Files\Nero\Lib\NMIndexStoreSvr.exe (Nero AG)
PRC - D:\Programme\Canon Image Mixer 3.1\CameraMonitor.exe (PIXELA CORPORATION)
PRC - C:\Program Files\Fisher-Price\DACS\MiniApp\DACSMiniApp.exe (Mattel Inc.)
 
 
========== Modules (No Company Name) ==========
 
MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\WindowsFormsIntegra#\78967b28f748b8807eaa97c1cb454adc\WindowsFormsIntegration.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Web\5ecf01964c70e453d71e5d7653912ff9\System.Web.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\cb562e2e4f74ae607f1186f6ec50cec7\System.Windows.Forms.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Core\77dfcfed5fd5f67d0d3edc545935bb21\System.Core.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\PresentationFramewo#\d7d20811a7ce7cc589153648cbb1ce5c\PresentationFramework.Aero.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Runtime.Remo#\90b89f6e8032310e9ac72a309fd49e83\System.Runtime.Remoting.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\PresentationFramewo#\ff7c9a4f41f7cccc47e696c11b9f8469\PresentationFramework.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Drawing\eead6629e384a5b69f9ae35284b7eeed\System.Drawing.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\UIAutomationProvider\23da92e38ffc0bbf6673adb1892aa0f4\UIAutomationProvider.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\PresentationCore\19b3d17c3ce0e264c4fb62028161adf7\PresentationCore.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\WindowsBase\cf827fe7bc99d9bcf0ba3621054ef527\WindowsBase.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Xml\f687c43e9fdec031988b33ae722c4613\System.Xml.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\System\369f8bdca364e2b4936d18dea582912c\System.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Configuration\195a77fcc6206f8bb35d419ff2cf0d72\System.Configuration.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\7150b9136fad5b79e88f6c7f9d3d2c39\mscorlib.ni.dll ()
MOD - C:\Windows\assembly\GAC_MSIL\System.Windows.Forms\2.0.0.0__b77a5c561934e089\System.Windows.Forms.dll ()
MOD - C:\Windows\assembly\GAC_MSIL\System\2.0.0.0__b77a5c561934e089\System.dll ()
MOD - C:\Windows\assembly\GAC_MSIL\System.Drawing\2.0.0.0__b03f5f7f11d50a3a\System.Drawing.dll ()
MOD - C:\Program Files\Evernote\Evernote\libxml2.dll ()
MOD - C:\Program Files\Evernote\Evernote\libtidy.dll ()
MOD - C:\Windows\assembly\GAC_32\mscorlib\2.0.0.0__b77a5c561934e089\mscorlib.dll ()
MOD - C:\Program Files\Nokia\Nokia Suite\ssoengine.dll ()
MOD - C:\Program Files\Nokia\Nokia Suite\securestorage.dll ()
MOD - C:\Program Files\Nokia\Nokia Suite\qjson.dll ()
MOD - C:\Program Files\Nokia\Nokia Suite\phonon4.dll ()
MOD - C:\Program Files\Nokia\Nokia Suite\QxtCore.dll ()
MOD - C:\Program Files\Nokia\Nokia Suite\QxtWeb.dll ()
MOD - C:\Program Files\Nokia\Nokia Suite\QtXmlPatterns4.dll ()
MOD - C:\Program Files\Nokia\Nokia Suite\QtXml4.dll ()
MOD - C:\Program Files\Nokia\Nokia Suite\QtWebKit4.dll ()
MOD - C:\Program Files\Nokia\Nokia Suite\QtSql4.dll ()
MOD - C:\Program Files\Nokia\Nokia Suite\QtScript4.dll ()
MOD - C:\Program Files\Nokia\Nokia Suite\QtOpenGL4.dll ()
MOD - C:\Program Files\Nokia\Nokia Suite\QtNetwork4.dll ()
MOD - C:\Program Files\Nokia\Nokia Suite\QtMultimediaKit1.dll ()
MOD - C:\Program Files\Nokia\Nokia Suite\QtGui4.dll ()
MOD - C:\Program Files\Nokia\Nokia Suite\QtDeclarative4.dll ()
MOD - C:\Program Files\Nokia\Nokia Suite\QtCore4.dll ()
MOD - C:\Program Files\Nokia\Nokia Suite\sqldrivers\qsqlite4.dll ()
MOD - C:\Program Files\Nokia\Nokia Suite\imageformats\qjpeg4.dll ()
MOD - C:\Program Files\Nokia\Nokia Suite\imageformats\qico4.dll ()
MOD - C:\Program Files\Nokia\Nokia Suite\imageformats\qgif4.dll ()
MOD - C:\Program Files\Nokia\Nokia Suite\OviShareLib.dll ()
MOD - C:\Program Files\Nokia\Nokia Suite\NService.dll ()
MOD - C:\Program Files\Nokia\Nokia Suite\Maps Service API.dll ()
MOD - C:\Program Files\Nokia\Nokia Suite\CommonUpdateChecker.dll ()
MOD - C:\Program Files\Nokia\Nokia Suite\mediaservice\dsengine.dll ()
MOD - D:\Programme\ATI\ATI.ACE\Core-Static\CLI.Aspect.CrossDisplay.Graphics.Dashboard.dll ()
MOD - C:\Program Files\Common Files\Apple\Apple Application Support\zlib1.dll ()
MOD - C:\Program Files\Common Files\Apple\Apple Application Support\libxml2.dll ()
MOD - C:\Programme\Mozilla Firefox\mozjs.dll ()
MOD - C:\Windows\assembly\GAC_MSIL\mscorlib.resources\2.0.0.0_de_b77a5c561934e089\mscorlib.resources.dll ()
MOD - C:\Windows\assembly\GAC_MSIL\System.resources\2.0.0.0_de_b77a5c561934e089\System.resources.dll ()
MOD - C:\Windows\assembly\GAC_MSIL\Accessibility\2.0.0.0__b03f5f7f11d50a3a\Accessibility.dll ()
MOD - D:\Programme\Canon Image Mixer 3.1\pxl_m17n_tool.dll ()
 
 
========== Services (SafeList) ==========
 
SRV - (MozillaMaintenance) -- C:\Program Files\Mozilla Maintenance Service\maintenanceservice.exe (Mozilla Foundation)
SRV - (AdobeFlashPlayerUpdateSvc) -- C:\Windows\System32\Macromed\Flash\FlashPlayerUpdateService.exe (Adobe Systems Incorporated)
SRV - (McComponentHostService) -- C:\Program Files\McAfee Security Scan\3.0.318\McCHSvc.exe (McAfee, Inc.)
SRV - (AdobeARMservice) -- C:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe (Adobe Systems Incorporated)
SRV - (Hamachi2Svc) -- D:\Programme\Hamachi\hamachi-2.exe (LogMeIn Inc.)
SRV - (ServiceLayer) -- C:\Program Files\PC Connectivity Solution\ServiceLayer.exe (Nokia)
SRV - (AMD External Events Utility) -- C:\Windows\System32\atiesrxx.exe (AMD)
SRV - (AntiVirService) -- C:\Programme\Avira\AntiVir Desktop\avguard.exe (Avira GmbH)
SRV - (AntiVirSchedulerService) -- C:\Programme\Avira\AntiVir Desktop\sched.exe (Avira GmbH)
SRV - (SensrSvc) -- C:\Windows\System32\sensrsvc.dll (Microsoft Corporation)
SRV - (WinDefend) -- C:\Program Files\Windows Defender\mpsvc.dll (Microsoft Corporation)
SRV - (Microsoft Office Groove Audit Service) -- C:\Programme\Microsoft Office\Office12\GrooveAuditService.exe (Microsoft Corporation)
 
 
========== Driver Services (SafeList) ==========
 
DRV - (catchme) -- C:\Users\Martin\AppData\Local\Temp\catchme.sys File not found
DRV - (AIDA64Driver) -- H:\aida64extreme_build_1114_b\kerneld.wnt File not found
DRV - (avipbb) -- C:\Windows\System32\drivers\avipbb.sys (Avira Operations GmbH & Co. KG)
DRV - (avgntflt) -- C:\Windows\System32\drivers\avgntflt.sys (Avira Operations GmbH & Co. KG)
DRV - (avkmgr) -- C:\Windows\System32\drivers\avkmgr.sys (Avira Operations GmbH & Co. KG)
DRV - (ssudobex) -- C:\Windows\System32\drivers\ssudobex.sys (DEVGURU Co., LTD.(www.devguru.co.kr))
DRV - (dg_ssudbus) -- C:\Windows\System32\drivers\ssudbus.sys (DEVGURU Co., LTD.(www.devguru.co.kr))
DRV - (ssudmdm) -- C:\Windows\System32\drivers\ssudmdm.sys (DEVGURU Co., LTD.(www.devguru.co.kr))
DRV - (ssmdrv) -- C:\Windows\System32\drivers\ssmdrv.sys (Avira GmbH)
DRV - (fwlanusb5) -- C:\Windows\System32\drivers\fwlanusb5.sys (AVM GmbH)
DRV - (avmeject) -- C:\Windows\System32\drivers\avmeject.sys (AVM Berlin)
DRV - (atikmdag) -- C:\Windows\System32\drivers\atikmdag.sys (Advanced Micro Devices, Inc.)
DRV - (amdkmdag) -- C:\Windows\System32\drivers\atikmdag.sys (Advanced Micro Devices, Inc.)
DRV - (amdkmdap) -- C:\Windows\System32\drivers\atikmpag.sys (Advanced Micro Devices, Inc.)
DRV - (nmwcd) -- C:\Windows\System32\drivers\ccdcmb.sys (Nokia)
DRV - (UsbserFilt) -- C:\Windows\System32\drivers\usbser_lowerfltj.sys (Nokia)
DRV - (upperdev) -- C:\Windows\System32\drivers\usbser_lowerflt.sys (Nokia)
DRV - (nmwcdc) -- C:\Windows\System32\drivers\ccdcmbo.sys (Nokia)
DRV - (AtiHDAudioService) -- C:\Windows\System32\drivers\AtihdW73.sys (Advanced Micro Devices)
DRV - (NTIOLib_1_0_8) -- C:\PROGRA~2\MSI\MSIWDev\NTIOLib.sys (MSI)
DRV - (TsUsbFlt) -- C:\Windows\System32\drivers\TsUsbFlt.sys (Microsoft Corporation)
DRV - (WinUsb) -- C:\Windows\System32\drivers\winusb.sys (Microsoft Corporation)
DRV - (MSI_MSIBIOS_010507) -- C:\PROGRA~2\MSI\MSIWDev\msibios32_100507.sys (Your Corporation)
DRV - (AsIO) -- C:\Windows\System32\drivers\AsIO.sys ()
DRV - (Serial) -- C:\Windows\System32\drivers\serial.sys (Brother Industries Ltd.)
DRV - (L1E) -- C:\Windows\System32\drivers\L1E62x86.sys (Atheros Communications, Inc.)
DRV - (AsUpIO) -- C:\Windows\System32\drivers\AsUpIO.sys ()
DRV - (hamachi) -- C:\Windows\System32\drivers\hamachi.sys (LogMeIn, Inc.)
DRV - (pccsmcfd) -- C:\Windows\System32\drivers\pccsmcfd.sys (Nokia)
DRV - (LUsbFilt) -- C:\Windows\System32\drivers\LUsbFilt.sys (Logitech, Inc.)
DRV - (MTsensor) -- C:\Windows\System32\drivers\ASACPI.sys ()
 
 
========== Standard Registry (SafeList) ==========
 
 
========== Internet Explorer ==========
 
IE - HKLM\..\SearchScopes,DefaultScope = 
IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&FORM=IE8SRC
 
 
IE - HKU\.DEFAULT\..\SearchScopes,DefaultScope = 
IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
 
IE - HKU\S-1-5-18\..\SearchScopes,DefaultScope = 
IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
 
IE - HKU\S-1-5-19\..\SearchScopes,DefaultScope = 
 
IE - HKU\S-1-5-20\..\SearchScopes,DefaultScope = 
 
IE - HKU\S-1-5-21-2975299611-2270659082-2690376731-1001\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = de-DE
IE - HKU\S-1-5-21-2975299611-2270659082-2690376731-1001\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = E4 31 37 93 9A 45 CE 01  [binary data]
IE - HKU\S-1-5-21-2975299611-2270659082-2690376731-1001\..\SearchScopes,DefaultScope = 
IE - HKU\S-1-5-21-2975299611-2270659082-2690376731-1001\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&src=IE-SearchBox&FORM=IE8SRC
IE - HKU\S-1-5-21-2975299611-2270659082-2690376731-1001\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&FORM=IE8SRC
IE - HKU\S-1-5-21-2975299611-2270659082-2690376731-1001\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKU\S-1-5-21-2975299611-2270659082-2690376731-1001\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local
 
========== FireFox ==========
 
FF - prefs.js..browser.search.selectedEngine: "Google"
FF - prefs.js..browser.startup.homepage: "www.web.de"
FF - prefs.js..extensions.enabledAddons: backupfox_959a5970_ada3_11e0_9f1c_0800200c9a66%40mozillafirefoxextension:1.0.3
FF - prefs.js..extensions.enabledAddons: toolbar%40web.de:2.5
FF - prefs.js..extensions.enabledAddons: %7B972ce4c6-7e08-4474-a285-3208198ce6fd%7D:20.0.1
FF - user.js - File not found
 
FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF32_11_6_602_180.dll ()
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=:  File not found
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=1.0: D:\Programme\I-Tunes\Mozilla Plugins\npitunes.dll ()
FF - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=10.17.2: C:\Windows\system32\npDeployJava1.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin,version=10.17.2: C:\Program Files\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@mcafee.com/McAfeeMssPlugin: C:\Program Files\McAfee Security Scan\3.0.318\npMcAfeeMss.dll (McAfee, Inc.)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeLive,version=1.5: C:\Program Files\Microsoft\Office Live\npOLW.dll (Microsoft Corp.)
FF - HKLM\Software\MozillaPlugins\@veetle.com/veetleCorePlugin,version=0.9.18: D:\Programme\Veetle player\Veetle\plugins\npVeetle.dll (Veetle Inc)
FF - HKLM\Software\MozillaPlugins\@veetle.com/veetlePlayerPlugin,version=0.9.18: D:\Programme\Veetle player\Veetle\Player\npvlc.dll (Veetle Inc)
FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
 
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\fe_9.0@nokia.com: C:\Program Files\Nokia\Nokia Suite\Connectors\Bookmarks Connector\FirefoxExtension_9.0 [2012.01.29 11:16:44 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 20.0.1\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2011.04.06 17:14:51 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 20.0.1\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Thunderbird 17.0.5\extensions\\Components: C:\Program Files\Mozilla Thunderbird\components [2011.04.06 17:14:51 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Thunderbird 17.0.5\extensions\\Plugins: C:\Program Files\Mozilla Thunderbird\plugins
FF - HKEY_LOCAL_MACHINE\software\mozilla\Thunderbird\Extensions\\te_9.0@nokia.com: C:\Program Files\Nokia\Nokia Suite\Connectors\Thunderbird Connector\ThunderbirdExtension_9.0 [2012.01.29 11:16:44 | 000,000,000 | ---D | M]
FF - HKEY_CURRENT_USER\software\mozilla\Mozilla Firefox 20.0.1\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2011.04.06 17:14:51 | 000,000,000 | ---D | M]
FF - HKEY_CURRENT_USER\software\mozilla\Mozilla Firefox 20.0.1\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins
FF - HKEY_CURRENT_USER\software\mozilla\Mozilla Thunderbird 17.0.5\extensions\\Components: C:\Program Files\Mozilla Thunderbird\components [2011.04.06 17:14:51 | 000,000,000 | ---D | M]
FF - HKEY_CURRENT_USER\software\mozilla\Mozilla Thunderbird 17.0.5\extensions\\Plugins: C:\Program Files\Mozilla Thunderbird\plugins
 
[2011.04.12 15:25:45 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Martin\AppData\Roaming\mozilla\Extensions
[2011.04.12 15:25:45 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Martin\AppData\Roaming\mozilla\Extensions\{3550f703-e582-4d05-9a08-453d09bdfdc6}
[2013.05.08 15:21:39 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Martin\AppData\Roaming\mozilla\Firefox\Profiles\1uxfjgzh.default\extensions
[2012.02.13 17:05:10 | 000,000,000 | ---D | M] (Cooliris) -- C:\Users\Martin\AppData\Roaming\mozilla\Firefox\Profiles\1uxfjgzh.default\extensions\piclens@cooliris.com
[2011.10.05 16:22:58 | 000,027,678 | ---- | M] () (No name found) -- C:\Users\Martin\AppData\Roaming\mozilla\firefox\profiles\1uxfjgzh.default\extensions\backupfox_959a5970_ada3_11e0_9f1c_0800200c9a66@mozillafirefoxextension.xpi
[2013.03.21 16:31:01 | 000,549,639 | ---- | M] () (No name found) -- C:\Users\Martin\AppData\Roaming\mozilla\firefox\profiles\1uxfjgzh.default\extensions\toolbar@web.de.xpi
[2013.04.12 15:52:24 | 000,000,000 | ---D | M] (No name found) -- C:\Programme\Mozilla Firefox\extensions
[2013.04.12 15:52:20 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files\mozilla firefox\distribution\extensions
[2013.04.12 15:52:23 | 000,000,000 | ---D | M] (WEB.DE MailCheck) -- C:\Program Files\mozilla firefox\distribution\extensions\toolbar@web.de
[2013.04.12 15:52:28 | 000,263,064 | ---- | M] (Mozilla Foundation) -- C:\Program Files\mozilla firefox\components\browsercomps.dll
[2012.10.16 11:41:44 | 000,001,392 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\amazondotcom-de.xml
[2012.10.16 11:41:44 | 000,002,465 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\bing.xml
[2012.10.16 11:41:44 | 000,001,153 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\eBay-de.xml
[2012.10.16 11:41:44 | 000,006,805 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\leo_ende_de.xml
[2012.10.16 11:41:44 | 000,001,178 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\wikipedia-de.xml
[2012.10.16 11:41:44 | 000,001,105 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\yahoo-de.xml
 
O1 HOSTS File: ([2013.05.07 20:25:44 | 000,000,027 | ---- | M]) - C:\Windows\System32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1       localhost
O2 - BHO: (AdblockPro) - {04F2568A-3E7A-422D-A71E-DC088A635F7D} - C:\Users\Martin\AppData\Roaming\AdblockPro\IE\AdblockPro.dll (Adblock Pro Inc.)
O2 - BHO: (MSS+ Identifier) - {0E8A89AD-95D7-40EB-8D9D-083EF7066A01} - C:\Program Files\McAfee Security Scan\3.0.318\McAfeeMSS_IE.dll (McAfee, Inc.)
O2 - BHO: (Groove GFS Browser Helper) - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Programme\Microsoft Office\Office12\GrooveShellExtensions.dll (Microsoft Corporation)
O2 - BHO: (Java(tm) Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre7\bin\ssv.dll (Oracle Corporation)
O2 - BHO: (AdobeReader) - {AC6401E9-813B-46DA-B06F-A4FFA2F9AE6D} - C:\Users\Martin\AppData\Roaming\AdobeReader\IE\AdobeReader.dll (Adobe Corporation)
O2 - BHO: (Java(tm) Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
O4 - HKLM..\Run: [APSDaemon] C:\Program Files\Common Files\Apple\Apple Application Support\APSDaemon.exe (Apple Inc.)
O4 - HKLM..\Run: [avgnt] C:\Program Files\Avira\AntiVir Desktop\avgnt.exe (Avira Operations GmbH & Co. KG)
O4 - HKLM..\Run: [AVMWlanClient] C:\Program Files\avmwlanstick\FRITZWLANMini.exe (AVM Berlin)
O4 - HKLM..\Run: [CanonMyPrinter] C:\Program Files\Canon\MyPrinter\BJMyPrt.exe (CANON INC.)
O4 - HKLM..\Run: [CanonSolutionMenu] C:\Program Files\Canon\SolutionMenu\CNSLMAIN.exe (CANON INC.)
O4 - HKLM..\Run: [ContentTransferWMDetector.exe] D:\Programme\Content Tranfer 1.3\CT1.3_dl\ContentTransferWMDetector.exe (Sony Corporation)
O4 - HKLM..\Run: [DACSMiniApp] C:\Program Files\Fisher-Price\DACS\MiniApp\DACSMiniApp.exe (Mattel Inc.)
O4 - HKLM..\Run: [DXM6Patch_981116] C:\Windows\p_981116.exe (Microsoft Corporation)
O4 - HKLM..\Run: [iTunesHelper] D:\Programme\I-Tunes\iTunesHelper.exe (Apple Inc.)
O4 - HKLM..\Run: [LogMeIn Hamachi Ui] D:\Programme\Hamachi\hamachi-2-ui.exe (LogMeIn Inc.)
O4 - HKLM..\Run: [QuickTime Task] D:\Programme\QuickTimePlayer 24.03.2103\QTTask.exe (Apple Inc.)
O4 - HKLM..\Run: [StartCCC] D:\Programme\ATI\ATI.ACE\Core-Static\CLIStart.exe (Advanced Micro Devices, Inc.)
O4 - HKU\S-1-5-21-2975299611-2270659082-2690376731-1001..\Run: [IndxStoreSvr_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] C:\Program Files\Common Files\Nero\Lib\NMIndexStoreSvr.exe (Nero AG)
O4 - HKU\S-1-5-21-2975299611-2270659082-2690376731-1001..\Run: [NokiaSuite.exe] C:\Program Files\Nokia\Nokia Suite\NokiaSuite.exe (Nokia)
O4 - Startup: C:\Users\Martin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\EvernoteClipper.lnk = C:\Program Files\Evernote\Evernote\EvernoteClipper.exe (Evernote Corp., 333 W Evelyn Ave. Mountain View, CA 94041)
O4 - Startup: C:\Users\Martin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\OneNote 2007 Bildschirmausschnitt- und Startprogramm.lnk = C:\Programme\Microsoft Office\Office12\ONENOTEM.EXE (Microsoft Corporation)
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
O7 - HKU\.DEFAULT\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-18\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-19\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-20\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-21-2975299611-2270659082-2690376731-1001\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-21-2975299611-2270659082-2690376731-1001\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O8 - Extra context menu item: Add to Evernote 4.0 - C:\Program Files\Evernote\Evernote\EvernoteIE.dll (Evernote Corp., 333 W Evelyn Ave. Mountain View, CA 94041)
O8 - Extra context menu item: Nach Microsoft E&xel exportieren - C:\Programme\Microsoft Office\Office12\EXCEL.EXE (Microsoft Corporation)
O9 - Extra Button: An OneNote senden - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Programme\Microsoft Office\Office12\ONBttnIE.dll (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : An OneNote s&enden - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Programme\Microsoft Office\Office12\ONBttnIE.dll (Microsoft Corporation)
O9 - Extra Button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\Programme\Microsoft Office\Office12\REFIEBAR.DLL (Microsoft Corporation)
O9 - Extra Button: @C:\Program Files\Evernote\Evernote\Resource.dll,-101 - {A95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\Program Files\Evernote\Evernote\EvernoteIE.dll (Evernote Corp., 333 W Evelyn Ave. Mountain View, CA 94041)
O9 - Extra 'Tools' menuitem : @C:\Program Files\Evernote\Evernote\Resource.dll,-101 - {A95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\Program Files\Evernote\Evernote\EvernoteIE.dll (Evernote Corp., 333 W Evelyn Ave. Mountain View, CA 94041)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000007 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)
O15 - HKU\S-1-5-21-2975299611-2270659082-2690376731-1001\..Trusted Domains: com ([www.msi] http in Trusted sites)
O15 - HKU\S-1-5-21-2975299611-2270659082-2690376731-1001\..Trusted Domains: com.tw ([asia.msi] http in Trusted sites)
O15 - HKU\S-1-5-21-2975299611-2270659082-2690376731-1001\..Trusted Domains: com.tw ([global.msi] http in Trusted sites)
O16 - DPF: {8167C273-DF59-4416-B647-C8BB2C7EE83E} hxxp://liveupdate.msi.com.tw/autobios/LOnline/RELEASECAB/install.cab (WebSDev Control)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.7.0/jinstall-1_7_0_17-windows-i586.cab (Java Plug-in 10.17.2)
O16 - DPF: {CAFEEFAC-0017-0000-0017-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.7.0/jinstall-1_7_0_17-windows-i586.cab (Java Plug-in 1.7.0_17)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.7.0/jinstall-1_7_0_17-windows-i586.cab (Java Plug-in 1.7.0_17)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{465AF0CE-323F-4DB8-A6A8-0648F36EF922}: DhcpNameServer = 192.168.178.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{A309E58A-523F-4A3C-ABD9-D45FB6D60C05}: DhcpNameServer = 192.168.178.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{FCECDB36-B776-45E9-AE46-1D80E87BD977}: DhcpNameServer = 192.168.178.1
O18 - Protocol\Handler\grooveLocalGWS {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\Programme\Microsoft Office\Office12\GrooveSystemServices.dll (Microsoft Corporation)
O18 - Protocol\Filter\text/xml {807563E5-5146-11D5-A672-00B0D022E945} - C:\PROGRA~2\COMMON~1\MICROS~1\OFFICE12\MSOXMLMF.DLL (Microsoft Corporation)
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\System32\userinit.exe (Microsoft Corporation)
O20 - HKLM Winlogon: VMApplet - (SystemPropertiesPerformance.exe) - C:\Windows\System32\SystemPropertiesPerformance.exe (Microsoft Corporation)
O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O28 - HKLM ShellExecuteHooks: {B5A7F190-DDA6-4420-B3BA-52453494E6CD} - C:\Programme\Microsoft Office\Office12\GrooveShellExtensions.dll (Microsoft Corporation)
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2009.06.10 23:42:20 | 000,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ]
O32 - AutoRun File - [2008.01.28 17:00:37 | 000,000,042 | R--- | M] () - E:\AUTORUN.INF -- [ CDFS ]
O34 - HKLM BootExecute: (autocheck autochk *)
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = ComFile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)
O38 - SubSystems\\Windows: (ServerDll=sxssrv,4)
 
========== Files/Folders - Created Within 30 Days ==========
 
[2013.05.08 13:08:03 | 000,000,000 | ---D | C] -- C:\Windows\ERUNT
[2013.05.08 13:07:57 | 000,000,000 | ---D | C] -- C:\JRT
[2013.05.08 10:34:52 | 002,877,440 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\jscript9.dll
[2013.05.08 10:34:52 | 002,706,432 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mshtml.tlb
[2013.05.08 10:34:52 | 000,745,472 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\MsSpellCheckingFacility.exe
[2013.05.08 10:34:52 | 000,493,056 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\msfeeds.dll
[2013.05.08 10:34:52 | 000,391,680 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ieui.dll
[2013.05.08 10:34:52 | 000,185,344 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\elshyph.dll
[2013.05.08 10:34:52 | 000,163,840 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\msrating.dll
[2013.05.08 10:34:52 | 000,158,720 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\msls31.dll
[2013.05.08 10:34:52 | 000,150,528 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\iexpress.exe
[2013.05.08 10:34:52 | 000,138,752 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\wextract.exe
[2013.05.08 10:34:52 | 000,137,216 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ieUnatt.exe
[2013.05.08 10:34:52 | 000,117,248 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\iepeers.dll
[2013.05.08 10:34:52 | 000,110,592 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\IEAdvpack.dll
[2013.05.08 10:34:52 | 000,109,056 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\iesysprep.dll
[2013.05.08 10:34:52 | 000,082,432 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\inseng.dll
[2013.05.08 10:34:52 | 000,073,728 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\SetIEInstalledDate.exe
[2013.05.08 10:34:52 | 000,071,680 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\RegisterIEPKEYs.exe
[2013.05.08 10:34:52 | 000,057,344 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\pngfilt.dll
[2013.05.08 10:34:52 | 000,048,640 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mshtmler.dll
[2013.05.08 10:34:52 | 000,041,984 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\msfeedsbs.dll
[2013.05.08 10:34:52 | 000,039,936 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\jsproxy.dll
[2013.05.08 10:34:52 | 000,038,400 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\imgutil.dll
[2013.05.08 10:34:52 | 000,011,776 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\msfeedssync.exe
[2013.05.08 10:34:51 | 001,441,280 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\inetcpl.cpl
[2013.05.08 10:34:51 | 001,400,416 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ieapfltr.dat
[2013.05.08 10:34:51 | 000,719,360 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mshtmlmedia.dll
[2013.05.08 10:34:51 | 000,629,248 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ieapfltr.dll
[2013.05.08 10:34:51 | 000,361,984 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\html.iec
[2013.05.08 10:34:51 | 000,357,888 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\dxtmsft.dll
[2013.05.08 10:34:51 | 000,242,200 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\iedkcs32.dll
[2013.05.08 10:34:51 | 000,232,960 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\url.dll
[2013.05.08 10:34:51 | 000,226,816 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\dxtrans.dll
[2013.05.08 10:34:51 | 000,061,440 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\iesetup.dll
[2013.05.08 10:34:51 | 000,042,496 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ie4uinit.exe
[2013.05.08 10:34:51 | 000,033,280 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\iernonce.dll
[2013.05.08 10:34:51 | 000,023,040 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\licmgr10.dll
[2013.05.08 10:34:12 | 003,419,136 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\d2d1.dll
[2013.05.08 10:34:12 | 002,284,544 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\msmpeg2vdec.dll
[2013.05.08 10:34:12 | 001,988,096 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\d3d10warp.dll
[2013.05.08 10:34:12 | 001,504,768 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\d3d11.dll
[2013.05.08 10:34:12 | 001,247,744 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\DWrite.dll
[2013.05.08 10:34:12 | 001,158,144 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\XpsPrint.dll
[2013.05.08 10:34:12 | 001,080,832 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\d3d10.dll
[2013.05.08 10:34:12 | 000,604,160 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\d3d10level9.dll
[2013.05.08 10:34:12 | 000,417,792 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\WMPhoto.dll
[2013.05.08 10:34:12 | 000,364,544 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\XpsGdiConverter.dll
[2013.05.08 10:34:12 | 000,293,376 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\dxgi.dll
[2013.05.08 10:34:12 | 000,249,856 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\d3d10_1core.dll
[2013.05.08 10:34:12 | 000,220,160 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\d3d10core.dll
[2013.05.08 10:34:12 | 000,207,872 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\WindowsCodecsExt.dll
[2013.05.08 10:34:12 | 000,187,392 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\UIAnimation.dll
[2013.05.08 10:34:12 | 000,161,792 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\d3d10_1.dll
[2013.05.08 10:34:12 | 000,010,752 | -H-- | C] (Microsoft Corporation) -- C:\Windows\System32\api-ms-win-downlevel-advapi32-l1-1-0.dll
[2013.05.08 10:34:12 | 000,009,728 | -H-- | C] (Microsoft Corporation) -- C:\Windows\System32\api-ms-win-downlevel-shlwapi-l1-1-0.dll
[2013.05.08 10:34:12 | 000,005,632 | -H-- | C] (Microsoft Corporation) -- C:\Windows\System32\api-ms-win-downlevel-shlwapi-l2-1-0.dll
[2013.05.08 10:34:12 | 000,005,632 | -H-- | C] (Microsoft Corporation) -- C:\Windows\System32\api-ms-win-downlevel-ole32-l1-1-0.dll
[2013.05.08 10:34:12 | 000,004,096 | -H-- | C] (Microsoft Corporation) -- C:\Windows\System32\api-ms-win-downlevel-user32-l1-1-0.dll
[2013.05.08 10:34:12 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\Windows\System32\api-ms-win-downlevel-advapi32-l2-1-0.dll
[2013.05.08 10:34:12 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\System32\api-ms-win-downlevel-version-l1-1-0.dll
[2013.05.08 10:34:12 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\System32\api-ms-win-downlevel-shell32-l1-1-0.dll
[2013.05.08 10:34:12 | 000,002,560 | -H-- | C] (Microsoft Corporation) -- C:\Windows\System32\api-ms-win-downlevel-normaliz-l1-1-0.dll
[2013.05.08 06:56:44 | 000,066,656 | ---- | C] (Avira GmbH) -- C:\Windows\System32\drivers\avnetflt.sys
[2013.05.07 20:30:16 | 000,000,000 | ---D | C] -- C:\Windows\temp
[2013.05.07 20:27:16 | 000,000,000 | ---D | C] -- C:\$RECYCLE.BIN
[2013.05.07 20:17:14 | 000,518,144 | ---- | C] (SteelWerX) -- C:\Windows\SWREG.exe
[2013.05.07 20:17:14 | 000,406,528 | ---- | C] (SteelWerX) -- C:\Windows\SWSC.exe
[2013.05.07 20:17:14 | 000,060,416 | ---- | C] (NirSoft) -- C:\Windows\NIRCMD.exe
[2013.05.07 20:16:43 | 000,000,000 | ---D | C] -- C:\Qoobox
[2013.05.07 20:15:23 | 000,000,000 | ---D | C] -- C:\Windows\erdnt
[2013.05.06 17:41:00 | 000,000,000 | ---D | C] -- C:\Users\Martin\Desktop\Trojaner-Board
[2013.05.06 17:22:49 | 000,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes
[2013.05.04 13:04:27 | 000,000,000 | ---D | C] -- C:\Kaspersky Rescue Disk 10.0
[2013.04.22 16:25:43 | 000,026,176 | -H-- | C] (LogMeIn, Inc.) -- C:\Windows\System32\hamachi.sys
[2013.04.22 16:25:42 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\LogMeIn Hamachi
[2013.04.22 16:25:21 | 000,000,000 | ---D | C] -- C:\Users\Martin\AppData\Local\LogMeIn Hamachi
[2013.04.12 15:52:19 | 000,000,000 | ---D | C] -- C:\Program Files\Mozilla Firefox
[2013.04.10 13:36:12 | 002,347,008 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\win32k.sys
[2013.04.10 13:36:06 | 003,968,856 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ntkrnlpa.exe
[2013.04.10 13:36:06 | 003,913,560 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ntoskrnl.exe
[2013.04.10 13:36:05 | 000,038,912 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\csrsrv.dll
[2013.04.10 13:36:02 | 000,131,584 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\aaclient.dll
[2013.04.10 13:36:02 | 000,036,864 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\tsgqec.dll
 
========== Files - Modified Within 30 Days ==========
 
[2013.05.08 15:25:00 | 000,000,884 | ---- | M] () -- C:\Windows\tasks\Adobe Flash Player Updater.job
[2013.05.08 15:23:14 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2013.05.08 15:23:07 | 2415,271,936 | -HS- | M] () -- C:\hiberfil.sys
[2013.05.08 13:10:07 | 000,014,944 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
[2013.05.08 13:10:07 | 000,014,944 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
[2013.05.08 13:07:18 | 000,654,150 | ---- | M] () -- C:\Windows\System32\perfh007.dat
[2013.05.08 13:07:18 | 000,616,032 | ---- | M] () -- C:\Windows\System32\perfh009.dat
[2013.05.08 13:07:18 | 000,130,022 | ---- | M] () -- C:\Windows\System32\perfc007.dat
[2013.05.08 13:07:18 | 000,106,412 | ---- | M] () -- C:\Windows\System32\perfc009.dat
[2013.05.08 10:34:52 | 002,877,440 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\jscript9.dll
[2013.05.08 10:34:52 | 002,706,432 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\mshtml.tlb
[2013.05.08 10:34:52 | 000,745,472 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\MsSpellCheckingFacility.exe
[2013.05.08 10:34:52 | 000,493,056 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\msfeeds.dll
[2013.05.08 10:34:52 | 000,391,680 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\ieui.dll
[2013.05.08 10:34:52 | 000,185,344 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\elshyph.dll
[2013.05.08 10:34:52 | 000,163,840 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\msrating.dll
[2013.05.08 10:34:52 | 000,158,720 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\msls31.dll
[2013.05.08 10:34:52 | 000,150,528 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\iexpress.exe
[2013.05.08 10:34:52 | 000,138,752 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\wextract.exe
[2013.05.08 10:34:52 | 000,137,216 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\ieUnatt.exe
[2013.05.08 10:34:52 | 000,117,248 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\iepeers.dll
[2013.05.08 10:34:52 | 000,110,592 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\IEAdvpack.dll
[2013.05.08 10:34:52 | 000,109,056 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\iesysprep.dll
[2013.05.08 10:34:52 | 000,082,432 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\inseng.dll
[2013.05.08 10:34:52 | 000,073,728 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\SetIEInstalledDate.exe
[2013.05.08 10:34:52 | 000,071,680 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\RegisterIEPKEYs.exe
[2013.05.08 10:34:52 | 000,057,344 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\pngfilt.dll
[2013.05.08 10:34:52 | 000,048,640 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\mshtmler.dll
[2013.05.08 10:34:52 | 000,041,984 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\msfeedsbs.dll
[2013.05.08 10:34:52 | 000,039,936 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\jsproxy.dll
[2013.05.08 10:34:52 | 000,038,400 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\imgutil.dll
[2013.05.08 10:34:52 | 000,011,776 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\msfeedssync.exe
[2013.05.08 10:34:51 | 001,441,280 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\inetcpl.cpl
[2013.05.08 10:34:51 | 001,400,416 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\ieapfltr.dat
[2013.05.08 10:34:51 | 000,719,360 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\mshtmlmedia.dll
[2013.05.08 10:34:51 | 000,629,248 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\ieapfltr.dll
[2013.05.08 10:34:51 | 000,361,984 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\html.iec
[2013.05.08 10:34:51 | 000,357,888 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\dxtmsft.dll
[2013.05.08 10:34:51 | 000,242,200 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\iedkcs32.dll
[2013.05.08 10:34:51 | 000,232,960 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\url.dll
[2013.05.08 10:34:51 | 000,226,816 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\dxtrans.dll
[2013.05.08 10:34:51 | 000,061,440 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\iesetup.dll
[2013.05.08 10:34:51 | 000,042,496 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\ie4uinit.exe
[2013.05.08 10:34:51 | 000,033,280 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\iernonce.dll
[2013.05.08 10:34:51 | 000,025,185 | ---- | M] () -- C:\Windows\System32\ieuinit.inf
[2013.05.08 10:34:51 | 000,023,040 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\licmgr10.dll
[2013.05.08 10:34:12 | 003,419,136 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\d2d1.dll
[2013.05.08 10:34:12 | 002,284,544 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\msmpeg2vdec.dll
[2013.05.08 10:34:12 | 001,988,096 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\d3d10warp.dll
[2013.05.08 10:34:12 | 001,504,768 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\d3d11.dll
[2013.05.08 10:34:12 | 001,247,744 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\DWrite.dll
[2013.05.08 10:34:12 | 001,158,144 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\XpsPrint.dll
[2013.05.08 10:34:12 | 001,080,832 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\d3d10.dll
[2013.05.08 10:34:12 | 000,604,160 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\d3d10level9.dll
[2013.05.08 10:34:12 | 000,417,792 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\WMPhoto.dll
[2013.05.08 10:34:12 | 000,364,544 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\XpsGdiConverter.dll
[2013.05.08 10:34:12 | 000,293,376 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\dxgi.dll
[2013.05.08 10:34:12 | 000,249,856 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\d3d10_1core.dll
[2013.05.08 10:34:12 | 000,220,160 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\d3d10core.dll
[2013.05.08 10:34:12 | 000,207,872 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\WindowsCodecsExt.dll
[2013.05.08 10:34:12 | 000,187,392 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\UIAnimation.dll
[2013.05.08 10:34:12 | 000,161,792 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\d3d10_1.dll
[2013.05.08 10:34:12 | 000,010,752 | -H-- | M] (Microsoft Corporation) -- C:\Windows\System32\api-ms-win-downlevel-advapi32-l1-1-0.dll
[2013.05.08 10:34:12 | 000,009,728 | -H-- | M] (Microsoft Corporation) -- C:\Windows\System32\api-ms-win-downlevel-shlwapi-l1-1-0.dll
[2013.05.08 10:34:12 | 000,005,632 | -H-- | M] (Microsoft Corporation) -- C:\Windows\System32\api-ms-win-downlevel-shlwapi-l2-1-0.dll
[2013.05.08 10:34:12 | 000,005,632 | -H-- | M] (Microsoft Corporation) -- C:\Windows\System32\api-ms-win-downlevel-ole32-l1-1-0.dll
[2013.05.08 10:34:12 | 000,004,096 | -H-- | M] (Microsoft Corporation) -- C:\Windows\System32\api-ms-win-downlevel-user32-l1-1-0.dll
[2013.05.08 10:34:12 | 000,003,584 | -H-- | M] (Microsoft Corporation) -- C:\Windows\System32\api-ms-win-downlevel-advapi32-l2-1-0.dll
[2013.05.08 10:34:12 | 000,003,072 | -H-- | M] (Microsoft Corporation) -- C:\Windows\System32\api-ms-win-downlevel-version-l1-1-0.dll
[2013.05.08 10:34:12 | 000,003,072 | -H-- | M] (Microsoft Corporation) -- C:\Windows\System32\api-ms-win-downlevel-shell32-l1-1-0.dll
[2013.05.08 10:34:12 | 000,002,560 | -H-- | M] (Microsoft Corporation) -- C:\Windows\System32\api-ms-win-downlevel-normaliz-l1-1-0.dll
[2013.05.08 06:56:30 | 000,066,656 | ---- | M] (Avira GmbH) -- C:\Windows\System32\drivers\avnetflt.sys
[2013.05.07 20:25:44 | 000,000,027 | ---- | M] () -- C:\Windows\System32\drivers\etc\hosts
[2013.05.04 13:50:13 | 000,002,660 | ---- | M] () -- C:\ProgramData\eqdzeji.js
[2013.05.02 02:06:08 | 000,238,872 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\MpSigStub.exe
[2013.04.30 14:02:18 | 000,001,041 | ---- | M] () -- C:\Users\Martin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\msconfig.lnk
[2013.04.25 18:41:32 | 001,828,931 | ---- | M] () -- C:\Users\Martin\Desktop\Radrennen.pdf
[2013.04.10 15:30:19 | 000,418,672 | ---- | M] () -- C:\Windows\System32\FNTCACHE.DAT
 
========== Files Created - No Company Name ==========
 
[2013.05.08 10:34:51 | 000,025,185 | ---- | C] () -- C:\Windows\System32\ieuinit.inf
[2013.05.07 20:17:14 | 000,256,000 | ---- | C] () -- C:\Windows\PEV.exe
[2013.05.07 20:17:14 | 000,208,896 | ---- | C] () -- C:\Windows\MBR.exe
[2013.05.07 20:17:14 | 000,098,816 | ---- | C] () -- C:\Windows\sed.exe
[2013.05.07 20:17:14 | 000,080,412 | ---- | C] () -- C:\Windows\grep.exe
[2013.05.07 20:17:14 | 000,068,096 | ---- | C] () -- C:\Windows\zip.exe
[2013.05.04 13:50:13 | 000,002,660 | ---- | C] () -- C:\ProgramData\eqdzeji.js
[2013.04.30 14:02:18 | 000,001,041 | ---- | C] () -- C:\Users\Martin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\msconfig.lnk
[2013.04.25 18:41:31 | 001,828,931 | ---- | C] () -- C:\Users\Martin\Desktop\Radrennen.pdf
[2012.08.22 19:32:20 | 000,000,153 | ---- | C] () -- C:\Windows\WLP.ini
[2012.06.07 19:00:42 | 000,000,064 | ---- | C] () -- C:\Windows\Felix1.ini
[2012.05.30 18:25:20 | 001,780,718 | ---- | C] () -- C:\Users\Martin\Mediathek.xml
[2011.11.10 04:28:32 | 000,204,960 | ---- | C] () -- C:\Windows\System32\ativvsvl.dat
[2011.11.10 04:28:32 | 000,157,152 | ---- | C] () -- C:\Windows\System32\ativvsva.dat
[2011.11.09 23:39:44 | 000,059,904 | ---- | C] () -- C:\Windows\System32\OpenVideo.dll
[2011.11.09 23:39:32 | 000,054,784 | ---- | C] () -- C:\Windows\System32\OVDecode.dll
[2011.10.21 21:30:14 | 000,243,168 | ---- | C] () -- C:\Windows\System32\atiicdxx.dat
[2011.10.04 20:21:37 | 000,010,240 | ---- | C] () -- C:\Windows\System32\vidx16.dll
[2011.10.03 20:07:32 | 000,000,020 | ---- | C] () -- C:\Windows\SIERRA.INI
[2011.09.13 01:06:16 | 000,003,917 | ---- | C] () -- C:\Windows\System32\atipblag.dat
[2011.07.03 12:57:47 | 000,000,079 | ---- | C] () -- C:\Users\Martin\AppData\Roaming\default.pls
[2011.06.07 15:03:10 | 000,080,416 | ---- | C] () -- C:\Windows\System32\RtNicProp32.dll
[2011.05.27 16:40:26 | 000,011,448 | ---- | C] () -- C:\Windows\System32\drivers\AsUpIO.sys
[2011.05.27 16:40:22 | 000,024,576 | ---- | C] () -- C:\Windows\System32\AsIO.dll
[2011.05.27 16:40:22 | 000,011,296 | ---- | C] () -- C:\Windows\System32\drivers\AsIO.sys
[2011.05.27 16:39:54 | 000,001,769 | ---- | C] () -- C:\Windows\Language_trs.ini
[2011.04.15 14:11:19 | 000,003,584 | ---- | C] () -- C:\Users\Martin\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2011.04.13 09:06:22 | 000,001,024 | ---- | C] () -- C:\Users\Martin\.rnd
 
========== ZeroAccess Check ==========
 
[2009.07.14 06:42:31 | 000,000,227 | RHS- | M] () -- C:\Windows\assembly\Desktop.ini
 
[HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
 
[HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32]
 
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
"" = %SystemRoot%\system32\shell32.dll -- [2012.06.09 06:41:00 | 012,873,728 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment
 
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32]
"" = %systemroot%\system32\wbem\fastprox.dll -- [2010.11.20 14:19:02 | 000,606,208 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free
 
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32]
"" = %systemroot%\system32\wbem\wbemess.dll -- [2009.07.14 03:16:17 | 000,342,528 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Both

< End of report >
... und hier die Extras.Txt:
Code:
ATTFilter
OTL Extras logfile created on: 08.05.2013 15:26:30 - Run 2
OTL by OldTimer - Version 3.2.69.0     Folder = C:\Users\Martin\Desktop\Trojaner-Board
 Home Premium Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 9.10.9200.16521)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
 
3,00 Gb Total Physical Memory | 1,91 Gb Available Physical Memory | 63,66% Memory free
6,00 Gb Paging File | 4,60 Gb Available in Paging File | 76,73% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 98,60 Gb Total Space | 23,69 Gb Free Space | 24,02% Space Free | Partition Type: NTFS
Drive D: | 832,91 Gb Total Space | 645,48 Gb Free Space | 77,50% Space Free | Partition Type: NTFS
Drive E: | 690,24 Mb Total Space | 0,00 Mb Free Space | 0,00% Space Free | Partition Type: CDFS
 
Computer Name: MARTIN-PC | User Name: Martin | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days
 
========== Extra Registry (SafeList) ==========
 
 
========== File Associations ==========
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- C:\Windows\System32\control.exe (Microsoft Corporation)
.hlp [@ = hlpfile] -- C:\Windows\winhlp32.exe (Microsoft Corporation)
 
[HKEY_USERS\S-1-5-21-2975299611-2270659082-2690376731-1001\SOFTWARE\Classes\<extension>]
.html [@ = FirefoxHTML] -- C:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation)
 
========== Shell Spawning ==========
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
hlpfile [open] -- %SystemRoot%\winhlp32.exe %1 (Microsoft Corporation)
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [OneNote.Open] -- C:\PROGRA~2\MICROS~2\Office12\ONENOTE.EXE "%L" (Microsoft Corporation)
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
 
========== Security Center Settings ==========
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 1
"FirewallDisableNotify" = 0
"AntiVirusDisableNotify" = 0
"UpdatesDisableNotify" = 0
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"VistaSp1" = Reg Error: Unknown registry data type -- File not found
"AntiVirusOverride" = 0
"AntiSpywareOverride" = 0
"FirewallOverride" = 0
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol]
 
========== System Restore Settings ==========
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SystemRestore]
"DisableSR" = 0
 
========== Firewall Settings ==========
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\DomainProfile]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\StandardProfile]
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List]
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1
 
========== Authorized Applications List ==========
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
 
 
========== Vista Active Open Ports Exception List ==========
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{0AB36897-E10D-412D-AEFC-9A39BCB9F50C}" = rport=139 | protocol=6 | dir=out | app=system | 
"{15799C1D-95D2-4D6E-A952-177DC0388131}" = lport=2177 | protocol=6 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe | 
"{22C3A65B-AA6B-4A84-A0EB-AB5F5848DB13}" = lport=2869 | protocol=6 | dir=in | app=system | 
"{3C3B35EA-FA5F-4578-8ABA-29049F22CFC5}" = lport=10243 | protocol=6 | dir=in | app=system | 
"{418669D9-9A61-4AAA-A5CA-9A14FB265119}" = lport=445 | protocol=6 | dir=in | app=system | 
"{460D682C-B565-442B-8EDA-8610514443A4}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe | 
"{520DFDCA-0181-41E6-AC17-14B523C66268}" = lport=5355 | protocol=17 | dir=in | svc=dnscache | app=%systemroot%\system32\svchost.exe | 
"{56472A45-04CE-41CF-BD91-A7CBE6CA5F6C}" = rport=445 | protocol=6 | dir=out | app=system | 
"{6AD5333E-75D4-4DDE-9565-1AA5EB4CA18E}" = rport=2177 | protocol=6 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe | 
"{6BD075C6-D3AE-48FC-AE69-1FBBF688B985}" = lport=137 | protocol=17 | dir=in | app=system | 
"{764E57A4-21D2-4100-99A4-7AC80F91E69D}" = rport=10243 | protocol=6 | dir=out | app=system | 
"{8E1D1B0E-4B9C-412D-A5BA-FE09804D515D}" = lport=rpc-epmap | protocol=6 | dir=in | svc=rpcss | name=@firewallapi.dll,-28539 | 
"{94367088-5A77-4C1F-8509-DBD0AE1042AE}" = rport=5355 | protocol=17 | dir=out | svc=dnscache | app=%systemroot%\system32\svchost.exe | 
"{9D65FEB7-E8EA-4C4D-8604-A63E4F7AB6FE}" = lport=5355 | protocol=17 | dir=in | svc=dnscache | app=%systemroot%\system32\svchost.exe | 
"{9F193A89-2AF6-4C14-963D-83AB9EA91E8B}" = lport=139 | protocol=6 | dir=in | app=system | 
"{BD05E1A1-96A5-426C-A62A-7DF01F14B03B}" = lport=rpc | protocol=6 | dir=in | svc=spooler | app=%systemroot%\system32\spoolsv.exe | 
"{CAF49B4A-2E13-41E7-BBA3-2FF0A1F5F739}" = lport=6004 | protocol=17 | dir=in | app=c:\program files\microsoft office\office12\outlook.exe | 
"{D0997995-1783-4701-B3BE-B5065A4F9A56}" = lport=138 | protocol=17 | dir=in | app=system | 
"{D69AB1FC-1632-4D99-B48A-62F9D9C61427}" = rport=5355 | protocol=17 | dir=out | svc=dnscache | app=%systemroot%\system32\svchost.exe | 
"{DEA7550D-7B66-41C0-8D50-E8F5CC8EFD53}" = rport=138 | protocol=17 | dir=out | app=system | 
"{E243345A-01CC-497F-81DD-C6499F02A975}" = rport=137 | protocol=17 | dir=out | app=system | 
"{E8343362-07EE-470E-9CFA-97D510AB2BA3}" = rport=1900 | protocol=17 | dir=out | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe | 
"{F7B206AB-C2EB-42CB-9F3C-10F3BF783F1A}" = lport=2177 | protocol=17 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe | 
"{FF712B1F-6687-42AC-941A-A5370181EA22}" = rport=2177 | protocol=17 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe | 
 
========== Vista Active Application Exception List ==========
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{04EC6A98-D280-4BAF-BDC5-8BCC9221B610}" = protocol=6 | dir=out | svc=upnphost | app=%systemroot%\system32\svchost.exe | 
"{18923AD5-1DD5-4AB1-AB6F-83C3E90D87FD}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe | 
"{2740EC6C-F167-4F6F-BB8B-05B0558DF4BF}" = protocol=17 | dir=in | app=c:\program files\microsoft office\office12\onenote.exe | 
"{27E94C34-0034-46A8-8747-1642FD409422}" = protocol=6 | dir=out | app=system | 
"{34F6DB5E-DB68-47D5-B479-6212C095A776}" = protocol=1 | dir=in | name=@firewallapi.dll,-28543 | 
"{376CC586-BB36-48F9-9EF9-853F6BF82454}" = dir=in | app=c:\program files\common files\nokia\service layer\a\nsl_host_process.exe | 
"{383D8D31-E847-4863-88D5-839B979E0181}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmpnetwk.exe | 
"{3D2B7DB2-8D04-4A17-9A51-812353C5606E}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe | 
"{564D6367-784E-4F89-B732-6F181D6DA1C8}" = protocol=6 | dir=in | app=c:\program files\bonjour\mdnsresponder.exe | 
"{60AF4940-4772-42CF-B5A2-BA9E0B4F5782}" = dir=in | app=c:\program files\common files\apple\apple application support\webkit2webprocess.exe | 
"{78A49817-F5BA-479B-8695-3ACBC38C4FE8}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe | 
"{811BABE3-5B18-4AAD-AA2B-1088D2058B26}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmpnetwk.exe | 
"{86B5282A-4A2B-4594-B0C8-73DC8537618C}" = dir=in | app=c:\program files\nokia\nokia suite\nokiasuite.exe | 
"{87EAA304-88A4-43E9-B03F-CE3F66D0F168}" = protocol=17 | dir=in | app=c:\program files\microsoft office\office12\groove.exe | 
"{88C7F71D-0C90-4C1C-BA62-8CBD333DD0E1}" = protocol=17 | dir=in | app=c:\program files\bonjour\mdnsresponder.exe | 
"{8E058CBA-E9E9-4BB5-A921-8B9611F000E5}" = protocol=1 | dir=out | name=@firewallapi.dll,-28544 | 
"{984CDD36-BE12-4570-AF98-18C2D2C11EBF}" = protocol=6 | dir=in | app=%programfiles%\windows media player\wmpnetwk.exe | 
"{99EA9D16-6B8A-4755-92BE-66B6A5731064}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmpnetwk.exe | 
"{A239222F-74BA-4AFD-B2D3-3EE3C86DC3CF}" = protocol=6 | dir=in | app=c:\program files\microsoft office\office12\onenote.exe | 
"{A9E815F4-D89F-4BA0-9B38-3E18D1D15D18}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe | 
"{C3C25694-2E54-4514-8692-B3141A27127B}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe | 
"{C8FB1B54-A257-4681-A59F-9777623299DD}" = protocol=58 | dir=in | name=@firewallapi.dll,-28545 | 
"{CA31DF7A-BE7A-4C0F-9474-4200E2875301}" = dir=in | app=d:\programme\i-tunes\itunes.exe | 
"{D3793604-0E92-4C12-878E-3C5F8F8E2A1B}" = protocol=6 | dir=in | app=c:\program files\microsoft office\office12\groove.exe | 
"{E69C3512-07C2-425A-B75B-ACCE4B76CBFD}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe | 
"{F69BB6BA-C615-47AF-8F38-BFC9B7C2466C}" = protocol=58 | dir=out | name=@firewallapi.dll,-28546 | 
"TCP Query User{08D8F2DF-D401-4877-8E3E-F4FD994B1536}C:\program files\internet explorer\iexplore.exe" = protocol=6 | dir=in | app=c:\program files\internet explorer\iexplore.exe | 
"TCP Query User{2143ADD7-620B-4798-AD8E-93A1999B27D9}C:\program files\java\jre7\bin\javaw.exe" = protocol=6 | dir=in | app=c:\program files\java\jre7\bin\javaw.exe | 
"TCP Query User{ADA08954-5708-45D9-9BFE-E7A235796970}C:\program files\mozilla firefox\plugin-container.exe" = protocol=6 | dir=in | app=c:\program files\mozilla firefox\plugin-container.exe | 
"TCP Query User{AE07DC3D-105A-4871-AC29-37C8769EC402}C:\program files\java\jre7\bin\javaw.exe" = protocol=6 | dir=in | app=c:\program files\java\jre7\bin\javaw.exe | 
"TCP Query User{EBF99B8C-8979-449C-B15E-A2622BEBBE24}D:\programme\java\bin\javaw.exe" = protocol=6 | dir=in | app=d:\programme\java\bin\javaw.exe | 
"TCP Query User{ED6EA784-4156-40D8-824E-C409DC0ACB0F}C:\windows\explorer.exe" = protocol=6 | dir=in | app=c:\windows\explorer.exe | 
"UDP Query User{11EB7881-FA02-44ED-BEAD-FB09AA0E10F3}C:\program files\internet explorer\iexplore.exe" = protocol=17 | dir=in | app=c:\program files\internet explorer\iexplore.exe | 
"UDP Query User{29074744-A52B-4B8C-BDB6-1C31FFAFE68E}C:\program files\java\jre7\bin\javaw.exe" = protocol=17 | dir=in | app=c:\program files\java\jre7\bin\javaw.exe | 
"UDP Query User{2F266BB9-7482-49F8-845E-C233FF86AD9F}C:\windows\explorer.exe" = protocol=17 | dir=in | app=c:\windows\explorer.exe | 
"UDP Query User{4ABBD26F-C419-4F84-8BC9-3427DA3ED32A}D:\programme\java\bin\javaw.exe" = protocol=17 | dir=in | app=d:\programme\java\bin\javaw.exe | 
"UDP Query User{4FB80F03-88DA-4DAD-9640-5029D184D93C}C:\program files\java\jre7\bin\javaw.exe" = protocol=17 | dir=in | app=c:\program files\java\jre7\bin\javaw.exe | 
"UDP Query User{A4217134-1787-4B22-B476-15CCA678AB5B}C:\program files\mozilla firefox\plugin-container.exe" = protocol=17 | dir=in | app=c:\program files\mozilla firefox\plugin-container.exe | 
 
========== HKEY_LOCAL_MACHINE Uninstall List ==========
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{05CAF469-9765-8FBF-10AD-FD621091824A}" = CCC Help English
"{0A5F80AA-FCA7-41C5-BF1C-74727ECE1031}" = Nero 8 Essentials
"{106B4413-ACBB-4CDE-8707-587DB9BD77EC}" = LogMeIn Hamachi
"{1199FAD5-9546-44f3-81CF-FFDB8040B7BF}_Canon_iP4700_series" = Canon iP4700 series Printer Driver
"{1199FAD5-9546-44f3-81CF-FFDB8040B7BF}_CNQ2412" = CanoScan LiDE 90
"{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
"{23B8A91D-680B-462B-87AD-3D70F7341731}" = iTunes
"{26A24AE4-039D-4CA4-87B4-2F83217017FF}" = Java 7 Update 17
"{2985C5E6-8009-44BB-A84E-7685F4BC709D}" = The Digital Arts and Crafts Studio
"{2ECA81CA-D932-4AD3-AD59-BF5CCF099C83}" = Catalyst Control Center - Branding
"{3921A67A-5AB1-4E48-9444-C71814CF3027}" = VCRedistSetup
"{3A95D49D-0076-4DB7-A91E-0E685DC6D6AD}" = ImageMixer 3 SE Ver.3
"{3C3901C5-3455-3E0A-A214-0B093A5070A6}" = Microsoft .NET Framework 4 Client Profile
"{40FDC018-23A6-4618-B30A-A8EFCAA22A3D}" = Wildlife Park
"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
"{4A8331C0-C7CE-11D5-9A6D-A8FD74C70A01}" = Pinball Ten
"{4AA68A73-DB9C-439D-9481-981C82BD008B}" = Nokia Connectivity Cable Driver
"{4E1D0591-14F7-736E-143A-62DC3E552A1A}" = Catalyst Control Center InstallProxy
"{56C049BE-79E9-4502-BEA7-9754A3E60F9B}" = neroxml
"{587178E7-B1DF-494E-9838-FA4DD36E873C}" = ASUSUpdate
"{6D3245B1-8DB8-4A23-9CD2-2C90F40ABAF6}" = MSVC80_x86_v2
"{6F64A42C-6D93-6788-EB4F-07CC066DE194}" = Catalyst Control Center Graphics Previews Common
"{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}" = Microsoft Visual C++ 2005 Redistributable
"{716E0306-8318-4364-8B8F-0CC4E9376BAC}" = MSXML 4.0 SP2 Parser and SDK
"{76D1FBEB-FBBF-0D1E-BB0A-CAA0D19E2C7F}" = ccc-utility
"{789A5B64-9DD9-4BA5-915A-F0FC0A1B7BFE}" = Apple Software Update
"{79155F2B-9895-49D7-8612-D92580E0DE5B}" = Bonjour
"{7CBE9636-B985-4ACB-9CC7-D7E79FDADEA8}" = Angry Birds
"{8695082B-3A98-44AB-AF56-0DA70A0146F1}" = SpaceInvadersAnniversary
"{86CE85E6-DBAC-3FFD-B977-E4B79F83C909}" = Microsoft Visual C++ 2008 Redistributable - KB2467174 - x86 9.0.30729.5570
"{8833FFB6-5B0C-4764-81AA-06DFEED9A476}" = Realtek Ethernet Controller Driver
"{8D8B8115-40C1-A707-B7DA-599514076A81}" = Catalyst Control Center
"{90120000-0015-0407-0000-0000000FF1CE}" = Microsoft Office Access MUI (German) 2007
"{90120000-0015-0407-0000-0000000FF1CE}_ENTERPRISER_{DB2ACBD1-65B1-4FC5-881E-4E75C668E7E2}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-0016-0407-0000-0000000FF1CE}" = Microsoft Office Excel MUI (German) 2007
"{90120000-0016-0407-0000-0000000FF1CE}_ENTERPRISER_{DB2ACBD1-65B1-4FC5-881E-4E75C668E7E2}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-0018-0407-0000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (German) 2007
"{90120000-0018-0407-0000-0000000FF1CE}_ENTERPRISER_{DB2ACBD1-65B1-4FC5-881E-4E75C668E7E2}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-0019-0407-0000-0000000FF1CE}" = Microsoft Office Publisher MUI (German) 2007
"{90120000-0019-0407-0000-0000000FF1CE}_ENTERPRISER_{DB2ACBD1-65B1-4FC5-881E-4E75C668E7E2}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-001A-0407-0000-0000000FF1CE}" = Microsoft Office Outlook MUI (German) 2007
"{90120000-001A-0407-0000-0000000FF1CE}_ENTERPRISER_{DB2ACBD1-65B1-4FC5-881E-4E75C668E7E2}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-001B-0407-0000-0000000FF1CE}" = Microsoft Office Word MUI (German) 2007
"{90120000-001B-0407-0000-0000000FF1CE}_ENTERPRISER_{DB2ACBD1-65B1-4FC5-881E-4E75C668E7E2}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-001F-0407-0000-0000000FF1CE}" = Microsoft Office Proof (German) 2007
"{90120000-001F-0407-0000-0000000FF1CE}_ENTERPRISER_{928D7B99-2BEA-49F9-83B8-20FA57860643}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
"{90120000-001F-0409-0000-0000000FF1CE}" = Microsoft Office Proof (English) 2007
"{90120000-001F-0409-0000-0000000FF1CE}_ENTERPRISER_{1FF96026-A04A-4C3E-B50A-BB7022654D0F}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
"{90120000-001F-040C-0000-0000000FF1CE}" = Microsoft Office Proof (French) 2007
"{90120000-001F-040C-0000-0000000FF1CE}_ENTERPRISER_{71F055E8-E2C6-4214-BB3D-BFE03561B89E}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
"{90120000-001F-0410-0000-0000000FF1CE}" = Microsoft Office Proof (Italian) 2007
"{90120000-001F-0410-0000-0000000FF1CE}_ENTERPRISER_{A23BFC95-4A73-410F-9248-4C2B48E38C49}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
"{90120000-002C-0407-0000-0000000FF1CE}" = Microsoft Office Proofing (German) 2007
"{90120000-0044-0407-0000-0000000FF1CE}" = Microsoft Office InfoPath MUI (German) 2007
"{90120000-0044-0407-0000-0000000FF1CE}_ENTERPRISER_{DB2ACBD1-65B1-4FC5-881E-4E75C668E7E2}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-006E-0407-0000-0000000FF1CE}" = Microsoft Office Shared MUI (German) 2007
"{90120000-006E-0407-0000-0000000FF1CE}_ENTERPRISER_{A6353E8F-5B8D-47CC-8737-DFF032ED3973}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-00A1-0407-0000-0000000FF1CE}" = Microsoft Office OneNote MUI (German) 2007
"{90120000-00A1-0407-0000-0000000FF1CE}_ENTERPRISER_{DB2ACBD1-65B1-4FC5-881E-4E75C668E7E2}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-00BA-0407-0000-0000000FF1CE}" = Microsoft Office Groove MUI (German) 2007
"{90120000-00BA-0407-0000-0000000FF1CE}_ENTERPRISER_{DB2ACBD1-65B1-4FC5-881E-4E75C668E7E2}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90140000-2005-0000-0000-0000000FF1CE}" = Microsoft Office File Validation Add-In
"{91120000-0030-0000-0000-0000000FF1CE}" = Microsoft Office Enterprise 2007
"{91120000-0030-0000-0000-0000000FF1CE}_ENTERPRISER_{6E107EB7-8B55-48BF-ACCB-199F86A2CD93}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{92D1CEBC-7C72-4ECF-BFC6-C131EF3FE6A7}" = Nokia Suite
"{9BE518E6-ECC6-35A9-88E4-87755C07200F}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
"{9DF0196F-B6B8-4C3A-8790-DE42AA530101}" = SPORE™
"{A23AADDA-3DBF-11E2-A6F2-984BE15F174E}" = Evernote v. 4.6
"{A25FF1C0-80B6-4B8B-A551-DC525697A408}" = AMD APP SDK Runtime
"{A2AA4204-C05A-4013-888A-AD153139297F}" = PC Connectivity Solution
"{A81D3EB9-20E6-A6E3-2537-26964CE91417}" = AMD Drag and Drop Transcoding
"{A942958E-AF92-7901-861B-7F373A1B6ABA}" = AMD Catalyst Install Manager
"{AA373850-5233-4DA2-98AE-790091A20415}" = Tous ensemble 1 Sprachtrainer Kommunikation
"{AC76BA86-7AD7-1031-7B44-AB0000000001}" = Adobe Reader XI (11.0.02) - Deutsch
"{AF0CE7C0-A3E4-4D73-988B-B29187EC6E9A}" = QuickTime
"{AF111648-99A1-453E-81DD-80DBBF6DAD0D}" = MSVC90_x86
"{CFADE4AF-C0CF-4A04-A776-741318F1658F}" = Content Transfer
"{E3B64CC5-C011-40C0-92BC-7316CD5E5688}" = Microsoft_VC100_CRT_SP1_x86
"{EFC04D3F-A152-47E7-8517-EE0F6201AFEF}" = Apple Mobile Device Support
"{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}" = Microsoft Visual C++ 2010  x86 Redistributable - 10.0.40219
"{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}" = Realtek High Definition Audio Driver
"{F40BBEC7-C2A4-4A00-9B24-7A055A2C5262}" = Microsoft Office Live Add-in 1.5
"{F48756D1-A348-2DA5-B59B-DF39F293F750}" = AMD Media Foundation Decoders
"{F5266D28-E0B2-4130-BFC5-EE155AD514DC}" = Apple Application Support
"{F750C986-5310-3A5A-95F8-4EC71C8AC01C}" = Microsoft .NET Framework 4 Client Profile DEU Language Pack
"{FBCF2ED3-AFB5-475E-BF9A-30BEAD366FBC}" = Sprachtrainer Fonts
"504244733D18C8F63FF584AEB290E3904E791693" = Windows-Treiberpaket - Nokia pccsmcfd  (08/22/2008 7.0.0.0)
"7-Zip" = 7-Zip 9.20
"Action Replay DSi Code Manager_is1" = Action Replay DSi Code Manager
"Adobe Flash Player ActiveX" = Adobe Flash Player ActiveX
"Adobe Flash Player Plugin" = Adobe Flash Player 11 Plugin
"Amazon MP3-Downloader" = Amazon MP3-Downloader 1.0.9
"Avira AntiVir Desktop" = Avira Free Antivirus
"AVMWLANCLI" = AVM FRITZ!WLAN
"CANON iMAGE GATEWAY Task" = CANON iMAGE GATEWAY Task for ZoomBrowser EX
"Canon Internet Library for ZoomBrowser EX" = Canon Internet Library for ZoomBrowser EX
"Canon iP4700 series Benutzerregistrierung" = Canon iP4700 series Benutzerregistrierung
"CanonMyPrinter" = Canon Utilities My Printer
"CanonSolutionMenu" = Canon Utilities Solution Menu
"DV CIG Guide" = CANON IMAGE GATEWAY Registrierungsanleitung
"ENTERPRISER" = Microsoft Office Enterprise 2007
"Grundschule Lernspass mit Albert E. Englisch Klasse 3+4" = Grundschule Lernspass mit Albert E. Englisch Klasse 3+4
"LogMeIn Hamachi" = LogMeIn Hamachi
"McAfee Security Scan" = McAfee Security Scan Plus
"Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile
"Microsoft .NET Framework 4 Client Profile DEU Language Pack" = Microsoft .NET Framework 4 Client Profile DEU Language Pack
"MozBackup" = MozBackup 1.4.9
"Mozilla Firefox 20.0.1 (x86 de)" = Mozilla Firefox 20.0.1 (x86 de)
"Mozilla Thunderbird 17.0.5 (x86 de)" = Mozilla Thunderbird 17.0.5 (x86 de)
"MozillaMaintenanceService" = Mozilla Maintenance Service
"MP Navigator EX 1.0" = Canon MP Navigator EX 1.0
"MyCamera" = Canon Utilities MyCamera
"Nokia Suite" = Nokia Suite
"Ravensburger tiptoi" = Ravensburger tiptoi
"Veetle TV" = Veetle TV 0.9.18
"Winmail Opener" = Winmail Opener 1.4
 
========== HKEY_USERS Uninstall List ==========
 
[HKEY_USERS\S-1-5-21-2975299611-2270659082-2690376731-1001\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"PhotoFiltre 7" = PhotoFiltre 7
 
========== Last 20 Event Log Errors ==========
 
[ System Events ]
Error - 08.05.2013 09:14:04 | Computer Name = Martin-PC | Source = DCOM | ID = 10010
Description = 
 
 
< End of report >

Alt 08.05.2013, 15:02   #12
cosinus
/// Winkelfunktion
/// TB-Süch-Tiger™
 
Bundesministerium für Internetsicherheit - Kompromitierter Rechner - Standard

Bundesministerium für Internetsicherheit - Kompromitierter Rechner


Sieht ok aus. Wir sollten fast durch sein. Mach bitte zur Kontrolle einen Vollscan mit Malwarebytes - denk bitte vorher daran, Malwarebytes über den Updatebutton zu aktualisieren

Anschließend über den OnlineScanner von ESET eine zusätzliche Meinung zu holen ist auch nicht verkehrt:


ESET Online Scanner

  • Hier findest du eine bebilderte Anleitung zu ESET Online Scanner
  • Lade und starte Eset Online Scanner
  • Setze einen Haken bei Ja, ich bin mit den Nutzungsbedingungen einverstanden und klicke auf Starten.
  • Aktiviere die "Erkennung von eventuell unerwünschten Anwendungen" und wähle folgende Einstellungen.
  • Klicke auf Starten.
  • Die Signaturen werden heruntergeladen, der Scan beginnt automatisch.
  • Klicke am Ende des Suchlaufs auf Fertig stellen.
  • Schließe das Fenster von ESET.
  • Explorer öffnen.
  • C:\Programme\Eset\EsetOnlineScanner\log.txt (bei 64 Bit auch C:\Programme (x86)\Eset\EsetOnlineScanner\log.txt) suchen und mit Deinem Editor öffnen (bebildert).
  • Logfile hier posten.
  • Deinstallation: Systemsteuerung => Software / Programme deinstallieren => Eset Online Scanner V3 entfernen.
  • Manuell folgenden Ordner löschen und Papierkorb leeren => C:\Programme\Eset

__________________
Logfiles bitte immer in CODE-Tags posten

Alt 09.05.2013, 14:32   #13
SuppiSuppenh
 
Bundesministerium für Internetsicherheit - Kompromitierter Rechner - Standard

Bundesministerium für Internetsicherheit - Kompromitierter Rechner


Hi !

Habe die Logs noch nicht vorrätig.
Es hat sich nämlich ergeben, dass bei jedem Systemstart eine Fehlermeldung aufpoppt.
(siehe Anhang)

Ich dachte, dass ist vielleicht wichtig.
Angehängte Grafiken
Dateityp: png Fehlermeldung Systemstart.PNG (46,0 KB, 143x aufgerufen)

Alt 09.05.2013, 18:40   #14
cosinus
/// Winkelfunktion
/// TB-Süch-Tiger™
 
Bundesministerium für Internetsicherheit - Kompromitierter Rechner - Standard

Bundesministerium für Internetsicherheit - Kompromitierter Rechner


Unwichtig, mach erstmal die Scans
__________________
Logfiles bitte immer in CODE-Tags posten

Alt 10.05.2013, 20:12   #15
SuppiSuppenh
 
Bundesministerium für Internetsicherheit - Kompromitierter Rechner - Standard

Bundesministerium für Internetsicherheit - Kompromitierter Rechner


1.) Vollscan mit Malwarebytes

Während des Scans liefen bei Avira zwei Meldungen auf. (siehe Anhang)

Hier der Log:
Code:
ATTFilter
Malwarebytes Anti-Malware 1.75.0.1300
www.malwarebytes.org

Datenbank Version: v2013.05.10.01

Windows 7 Service Pack 1 x86 NTFS
Internet Explorer 10.0.9200.16521
Martin :: MARTIN-PC [Administrator]

10.05.2013 09:11:48
MBAM-log-2013-05-10 (15-22-09).txt

Art des Suchlaufs: Vollständiger Suchlauf (C:\|D:\|)
Aktivierte Suchlaufeinstellungen: Speicher | Autostart | Registrierung | Dateisystem | Heuristiks/Extra | HeuristiKs/Shuriken | PUP | PUM
Deaktivierte Suchlaufeinstellungen: P2P
Durchsuchte Objekte: 427051
Laufzeit: 1 Stunde(n), 17 Minute(n), 25 Sekunde(n)

Infizierte Speicherprozesse: 0
(Keine bösartigen Objekte gefunden)

Infizierte Speichermodule: 0
(Keine bösartigen Objekte gefunden)

Infizierte Registrierungsschlüssel: 0
(Keine bösartigen Objekte gefunden)

Infizierte Registrierungswerte: 0
(Keine bösartigen Objekte gefunden)

Infizierte Dateiobjekte der Registrierung: 0
(Keine bösartigen Objekte gefunden)

Infizierte Verzeichnisse: 0
(Keine bösartigen Objekte gefunden)

Infizierte Dateien: 1
C:\Windows.old\Windows\system32\cmdow.exe (PUP.Tool) -> Keine Aktion durchgeführt.

(Ende)

2.) ESET Online Scanner

Hier der Log:
Code:
ATTFilter
ESETSmartInstaller@High as downloader log:
all ok
# version=8
# OnlineScannerApp.exe=1.0.0.1
# OnlineScanner.ocx=1.0.0.6920
# api_version=3.0.2
# EOSSerial=2a10ce858617c94ea6040d1808530f11
# engine=13799
# end=stopped
# remove_checked=false
# archives_checked=true
# unwanted_checked=false
# unsafe_checked=false
# antistealth_checked=true
# utc_time=2013-05-10 04:27:56
# local_time=2013-05-10 06:27:56 (+0100, Mitteleuropäische Sommerzeit)
# country="Germany"
# lang=1033
# osver=6.1.7601 NT Service Pack 1
# compatibility_mode=1799 16775165 100 97 11064 233626566 3849 0
# compatibility_mode=5893 16776573 100 94 33352 119834467 0 0
# scanned=56695
# found=0
# cleaned=0
# scan_time=10941

... und die Scan-Results:
Code:
ATTFilter
C:\Program Files\Avira\AntiVir Desktop\apnic.dll	a variant of Win32/Bundled.Toolbar.Ask application
C:\Program Files\Avira\AntiVir Desktop\apntoolbarinstaller.exe	a variant of Win32/Bundled.Toolbar.Ask application
C:\ProgramData\eqdzeji.js	JS/Agent.NID trojan
C:\Users\All Users\eqdzeji.js	JS/Agent.NID trojan
C:\Users\Martin\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\12\4b9563cc-74c6f99b	a variant of Java/Exploit.CVE-2013-2423.AG trojan
C:\Users\Martin\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\21\6a5741d5-3fdd6c82	multiple threats
C:\Users\Martin\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\3\47cf5ec3-403d33c4	multiple threats
C:\Users\Martin\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\51\24352533-151cf4cc	Java/Exploit.Agent.OAS trojan
C:\Users\Martin\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\53\1f751df5-3a79811d	a variant of Java/Exploit.CVE-2013-2423.E trojan
C:\Users\Martin\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\56\29fd98b8-79909512	Java/Exploit.Agent.OAQ trojan
C:\Users\Martin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\msconfig.lnk	Win32/Reveton.M trojan
C:\Users\Martin\Desktop\7ZipSetup.exe	a variant of Win32/Somoto.A application
C:\Users\Martin\Desktop\PDFCreatorSetup(1).exe	Win32/InstallCore.BL application
C:\Users\Martin\Desktop\PDFCreatorSetup.exe	a variant of Win32/Somoto.A application
C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\D3T2PA5C\ApnIC[1].0	a variant of Win32/Bundled.Toolbar.Ask application
C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\M6RPBZ2N\ApnIC[1].0	a variant of Win32/Bundled.Toolbar.Ask application
C:\Windows.old\Windows\system32\cmdow.exe	Win32/CMDOW.142 application
D:\Programme\Avira\avira_free_antivirus_de.exe	a variant of Win32/Bundled.Toolbar.Ask application
D:\Programme\Avira Antivir\avira_free_antivirus_de.exe	a variant of Win32/Bundled.Toolbar.Ask application
D:\Programme\flv-Player\FLVPlayerSetup.exe	a variant of Win32/InstallCore.BF application
D:\Programme\Photo Filtre\SoftonicDownloader_fuer_deutsches-sprachpaket-fur-photofiltre.exe	a variant of Win32/SoftonicDownloader.D application
Angehängte Grafiken
Dateityp: png Avira Meldung während Malwarebytes Anti-Malware Scan 2.PNG (17,2 KB, 143x aufgerufen)
Dateityp: png Avira Meldung während Malwarebytes Anti-Malware Scan.PNG (18,9 KB, 176x aufgerufen)

Antwort
Seite 1 von 3 1 23

Themen zu Bundesministerium für Internetsicherheit - Kompromitierter Rechner
7-zip, adobe reader xi, autorun, bonjour, c:\windows\system32\cmd.exe, canon, error, flash player, format, hijack.trojan.siredef.c, iexplore.exe, install.exe, plug-in, problem, registry, richtlinie, run|ctfmon.exe, security, stick, svchost.exe, system, taskhost.exe, trojan.0access, trojan.agent, trojan.agent.ge, trojan.agent.gen, trojan.agent.sz, trojan.fakems, trojan.siredef.c, trojan.zbot.ed


« SELicAdm.exe - Systemfehler: JUtil.dll | Weißer Bildschirm (Polizei-Trojaner) blockiert jeglichen Zugriff (Vista) »

Ähnliche Themen: Bundesministerium für Internetsicherheit - Kompromitierter Rechner


  1. Virus Bundesministerium f. Internetsicherheit entfernen
    Plagegeister aller Art und deren Bekämpfung - 17.07.2014 (13)
  2. Karrikaturen und Bilder für ein Referat über Internetsicherheit
    Diskussionsforum - 22.01.2014 (1)
  3. Bundesministerium für Internetsicherheit. Trojaner?
    Plagegeister aller Art und deren Bekämpfung - 20.01.2014 (4)
  4. Computer gesperrt, Meldung Bundesamt für Internetsicherheit
    Plagegeister aller Art und deren Bekämpfung - 16.08.2013 (5)
  5. Virus Bundesministerium für Internetsicherheit - Zahlung von...
    Log-Analyse und Auswertung - 02.08.2013 (13)
  6. Sperrung des PCs durch Bundesamt für Internetsicherheit ?
    Log-Analyse und Auswertung - 04.06.2013 (95)
  7. Computer gesperrt mit Meldung vom Bundesamt für Internetsicherheit usw.
    Plagegeister aller Art und deren Bekämpfung - 20.05.2013 (13)
  8. Trojaner Polizei Bundesministerium!
    Log-Analyse und Auswertung - 13.05.2013 (12)
  9. Virus Bundesministerium f. Internetsicherheit...Zahlung von €100 per paypal
    Log-Analyse und Auswertung - 07.04.2013 (11)
  10. Ihr System wurde blockiert (Bundesministerium)
    Plagegeister aller Art und deren Bekämpfung - 04.04.2013 (10)
  11. Trojaner: Bundesministerium für Sicherheit sperrt ihren Computer
    Plagegeister aller Art und deren Bekämpfung - 01.04.2013 (3)
  12. Virus über Kinox.to, Bundesministerium
    Log-Analyse und Auswertung - 28.12.2012 (1)
  13. Laptop komplett gesperrt vom Bundesministerium!
    Plagegeister aller Art und deren Bekämpfung - 31.07.2012 (3)
  14. Brüssel führt Umfrage zur Internetsicherheit durch
    Nachrichten - 23.07.2012 (0)
  15. EU-Kommission will Internetsicherheit global vorantreiben
    Nachrichten - 02.04.2011 (0)
  16. Agentur für Internetsicherheit rät zur Vorsicht in Social Networks
    Nachrichten - 08.02.2010 (0)
  17. Kompromitierter Rechner ??
    Mülltonne - 11.05.2007 (0)
Anleitungen und Tipps

- Für alle Hilfesuchenden! Was beachten?

- Anleitung: MyStartSearch.com entfernen

- Anleitung: WebSearches löschen

- Hilfe: iStartSurf entfernen – so gehts!

- Anleitung: Omiga Plus richtig entfernen

- Browser Viren entfernen


Zum Thema Bundesministerium für Internetsicherheit - Kompromitierter Rechner - Hallo Experten ! Ich habe den "Bundesministerium für Internetsicherheit"-Trojaner auf meinem Rechner. Irgendwie habe ich es geschafft auf den Desktop Zugriff zu bekommen. Meine Recherche hier im Board hat mich - Bundesministerium für Internetsicherheit - Kompromitierter Rechner...
Archiv
Du betrachtest: Bundesministerium für Internetsicherheit - Kompromitierter Rechner auf Trojaner-Board

Search Engine Optimization by vBSEO ©2011, Crawlability, Inc.

1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27