Zurück   Trojaner-Board > Malware entfernen > Plagegeister aller Art und deren Bekämpfung

Plagegeister aller Art und deren Bekämpfung: TubeSaver1.125

Windows 7 Wenn Du nicht sicher bist, ob Du dir Malware oder Trojaner eingefangen hast, erstelle hier ein Thema. Ein Experte wird sich mit weiteren Anweisungen melden und Dir helfen die Malware zu entfernen oder Unerwünschte Software zu deinstallieren bzw. zu löschen. Bitte schildere dein Problem so genau wie möglich. Sollte es ein Trojaner oder Viren Problem sein wird ein Experte Dir bei der Beseitigug der Infektion helfen.

Antwort
Alt 30.07.2013, 16:19   #1
querulant_in
 
TubeSaver1.125 - Standard

TubeSaver1.125



seit ein paar tagen werden alle möglichen seiten in firefox total komisch angezeigt: es sind wahllos worte doppelt grün unterstrichen und scheinbar mit einem pseudo-suchdienst verlinkt. weisz nicht genau, wo es hinführt, hab nicht angeklickt.
bei der suche nach der ursache dieser neuen extravaganz fiel mir ein add-on auf, dass ich ganz sicher nicht installiert habe: das ding heiszt TubeSaver1.125.
habs gegooglet, aber da erscheinen nur mies übersetzte seiten...
sagt das irgendwem was?

Habs jetzt erstmal deaktiviert und scheinbar ist zumindest diese unterstreichung damit eingestellt.

Alt 30.07.2013, 16:22   #2
markusg
/// Malware-holic
 
TubeSaver1.125 - Standard

TubeSaver1.125



Hi,
Bitte lade dir die passende Version von Farbar's Recovery Scan Tool auf deinen Desktop: FRST Download FRST 64-Bit
(Wenn du nicht sicher bist: Lade beide Versionen oder unter Start > Computer (Rechtsklick) > Eigenschaften nachschauen)
  • Starte jetzt FRST.
  • Ändere ungefragt keine der Checkboxen und klicke auf Untersuchen.
  • Die Logdateien werden nun erstellt und befinden sich danach auf deinem Desktop.
  • Poste mir die FRST.txt und nach dem ersten Scan auch die Addition.txt in deinem Thread (#-Symbol im Eingabefenster der Webseite anklicken)

__________________

__________________

Alt 30.07.2013, 17:09   #3
querulant_in
 
TubeSaver1.125 - Standard

TubeSaver1.125



danke für die fixe antwort! hoffentlich hab ich alles richtig verstanden.
hier also die dateien

FRST Logfile:

FRST Logfile:
Code:
ATTFilter
Scan result of Farbar Recovery Scan Tool (FRST) (x86) Version: 30-07-2013 03
Ran by *** (administrator) on 30-07-2013 17:58:13
Running from C:\Users\***\Desktop
Microsoft® Windows Vista™ Home Premium  (X86) OS Language: German Standard
Internet Explorer Version 7
Boot Mode: Normal

==================== Processes (Whitelisted) ===================

(Logitech Inc.) C:\Program Files\Common Files\LogiShrd\LVMVFM\LVPrcSrv.exe
(Microsoft Corporation) C:\Windows\system32\SLsvc.exe
(Symantec Corporation) C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
(Symantec Corporation) C:\Program Files\Common Files\Symantec Shared\AppCore\AppSvc32.exe
(Avira Operations GmbH & Co. KG) C:\Program Files\Avira\AntiVir Desktop\sched.exe
(Intel Corporation) C:\Windows\System32\hkcmd.exe
(Intel Corporation) C:\Windows\System32\igfxpers.exe
(Alps Electric Co., Ltd.) C:\Program Files\Apoint\Apoint.exe
() C:\Program Files\Common Files\LogiShrd\LComMgr\Communications_Helper.exe
(Ask) C:\Program Files\Ask.com\Updater\Updater.exe
(Avira Operations GmbH & Co. KG) C:\Program Files\Avira\AntiVir Desktop\avgnt.exe
(Alps Electric Co., Ltd.) C:\Program Files\Apoint\ApMsgFwd.exe
(BitTorrent Inc.) C:\Users\***\AppData\Roaming\uTorrent\uTorrent.exe
(Adobe Systems Inc.) C:\Program Files\Adobe\Acrobat 6.0\Distillr\acrotray.exe
(Dropbox, Inc.) C:\Users\***\AppData\Roaming\Dropbox\bin\Dropbox.exe
() C:\Users\***\Desktop\Post\GnuPT\WPT\WinPT.exe
(Alps Electric Co., Ltd.) C:\Program Files\Apoint\Apntex.exe
(Avira Operations GmbH & Co. KG) C:\Program Files\Avira\AntiVir Desktop\avguard.exe
() C:\Program Files\GNUzwei\GnuPG\dirmngr.exe
(Logitech Inc.) C:\Program Files\Common Files\LogiShrd\LVCOMSER\LVComSer.exe
(Logitech Inc.) C:\Program Files\Common Files\LogiShrd\LVCOMSER\LVComSer.exe
(Microsoft Corporation) C:\Program Files\Microsoft SQL Server\MSSQL.1\MSSQL\Binn\sqlservr.exe
(Sony Corporation) C:\Program Files\sony\VAIO Event Service\VESMgr.exe
(Sony Corporation) C:\Program Files\sony\VAIO Event Service\VESMgrSub.exe
(Intel Corporation) C:\Windows\system32\igfxext.exe
(Intel Corporation) C:\Windows\system32\igfxsrvc.exe
(Sony Corporation) C:\Program Files\Common Files\Sony Shared\VAIO Entertainment Platform\VCSW\VCSW.exe
(Conexant Systems, Inc.) C:\Windows\system32\DRIVERS\xaudio.exe
(Sony Corporation) C:\Program Files\Sony\VAIO Power Management\SPMgr.exe
(Sony Corporation) C:\Program Files\Common Files\Sony Shared\VAIO Entertainment Platform\VzCdb\VzCdbSvc.exe
(Sony Corporation) C:\Program Files\Common Files\Sony Shared\VAIO Entertainment Platform\VzCdb\VzFw.exe
(Avira Operations GmbH & Co. KG) C:\Program Files\Avira\AntiVir Desktop\avshadow.exe
(Avira Operations GmbH & Co. KG) C:\Program Files\Avira\AntiVir Desktop\AVWEBGRD.EXE
(Sony Corporation) C:\Program Files\Sony\Wireless Switch Setting Utility\Switcher.exe
(Microsoft Corporation) C:\Program Files\Windows Media Player\wmpnscfg.exe
(Microsoft Corporation) C:\Windows\system32\conime.exe
() C:\Program Files\GNUzwei\GnuPG\gpg-agent.exe
() C:\Windows\system32\lxcfcoms.exe
(Mozilla Corporation) C:\Program Files\Mozilla Thunderbird\thunderbird.exe
(Microsoft Corporation) C:\Program Files\Windows Media Player\wmplayer.exe
(Mozilla Corporation) C:\Program Files\Mozilla Firefox\firefox.exe
(Mozilla Corporation) C:\Program Files\Mozilla Firefox\plugin-container.exe
(Adobe Systems, Inc.) C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_7_700_202.exe
(Adobe Systems, Inc.) C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_7_700_202.exe

==================== Registry (Whitelisted) ==================

HKLM\...\Run: [RtHDVCpl] - C:\Windows\RtHDVCpl.exe [4317184 2007-02-06] (Realtek Semiconductor)
HKLM\...\Run: [Apoint] - C:\Program Files\Apoint\Apoint.exe [118784 2007-01-12] (Alps Electric Co., Ltd.)
HKLM\...\Run: [LogitechCommunicationsManager] - C:\Program Files\Common Files\LogiShrd\LComMgr\Communications_Helper.exe [563984 2007-10-25] ()
HKLM\...\Run: [LXCFCATS] - rundll32 C:\Windows\system32\spool\DRIVERS\W32X86\3\LXCFtime.dll,_RunDLLEntry@16 [x]
HKLM\...\Run: [SunJavaUpdateSched] - C:\Program Files\Common Files\Java\Java Update\jusched.exe [252296 2012-01-17] (Sun Microsystems, Inc.)
HKLM\...\Run: [QuickTime Task] - C:\Program Files\QuickTime\QTTask.exe [417792 2009-11-11] (Apple Inc.)
HKLM\...\Run: [] -  [x]
HKLM\...\Run: [ApnUpdater] - C:\Program Files\Ask.com\Updater\Updater.exe [1573584 2012-10-29] (Ask)
HKLM\...\Run: [avgnt] - C:\Program Files\Avira\AntiVir Desktop\avgnt.exe [345144 2013-07-01] (Avira Operations GmbH & Co. KG)
Winlogon\Notify\VESWinlogon: VESWinlogon.dll (Sony Corporation)
HKLM\...D6A79037F57F\InprocServer32: [Default-fastprox] fastprox.dll ATTENTION! ====> ZeroAccess?
HKLM\...\InprocServer32: [Default-cscui]  <==== ATTENTION!
HKCU\...\Run: [ccleaner] - C:\Program Files\CCleaner\CCleaner.exe [2647872 2011-09-29] (Piriform Ltd)
HKCU\...\Run: [uTorrent] - C:\Users\***\AppData\Roaming\uTorrent\uTorrent.exe [802136 2013-05-17] (BitTorrent Inc.)
HKCU\...\Run: [Optimizer Pro] - C:\Program Files\Optimizer Pro\OptProLauncher.exe [135672 2013-06-21] (PC Utilities Pro)
HKCU\...\RunOnce: [FlashPlayerUpdate] - C:\Windows\system32\Macromed\Flash\FlashUtil32_11_7_700_202_Plugin.exe -update plugin [813448 2013-05-31] (Adobe Systems Incorporated)
HKCR\...409d6c4515e9\InprocServer32: [Default-shell32] shell32.dll ATTENTION! ====> ZeroAccess?
MountPoints2: {03b06498-f377-11e0-82df-0013a9ca1d09} - vatra\\pecka.exe
MountPoints2: {cc37f8eb-4c55-11e1-87cc-0013a9ca1d09} - H:\Startme.exe
HKU\Default\...\Run: [WindowsWelcomeCenter] - C:\Windows\System32\oobefldr.dll [ 2006-11-02] (Microsoft Corporation)
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\Acrobat Assistant.lnk
ShortcutTarget: Acrobat Assistant.lnk -> C:\Program Files\Adobe\Acrobat 6.0\Distillr\acrotray.exe (Adobe Systems Inc.)
Startup: C:\Users\***\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dropbox.lnk
ShortcutTarget: Dropbox.lnk -> C:\Users\***\AppData\Roaming\Dropbox\bin\Dropbox.exe (Dropbox, Inc.)
Startup: C:\Users\***\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Windows Privacy Tray.lnk
ShortcutTarget: Windows Privacy Tray.lnk -> C:\Users\***\Desktop\Post\GnuPT\WPT\WinPT.exe ()

==================== Internet (Whitelisted) ====================

HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = %SystemRoot%\system32\blank.htm
HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.club-vaio.com
HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://www.club-vaio.com
HKLM\Software\Microsoft\Internet Explorer\Main,Default_Secondary_Page_URL = hxxp://partnerpage.google.com/eu.sony.com/de
hxxp://www.club-vaio.com/vbc
HKLM\Software\Microsoft\Internet Explorer\Main,Secondary Start Pages = hxxp://partnerpage.google.com/eu.sony.com/de
hxxp://www.club-vaio.com/vbc
URLSearchHook: UrlSearchHook Class - {00000000-6E41-4FD3-8538-502F5495E5FC} - C:\Program Files\Ask.com\GenericAskToolbar.dll (Ask)
SearchScopes: HKLM - DefaultScope {47A69BFA-63EF-41C2-B09F-7F84F19B5FDF} URL = hxxp://www.google.de/search?hl=de&q={searchTerms}&meta=
SearchScopes: HKLM - {47A69BFA-63EF-41C2-B09F-7F84F19B5FDF} URL = hxxp://www.google.de/search?hl=de&q={searchTerms}&meta=
SearchScopes: HKCU - DefaultScope {0ECDF796-C2DC-4d79-A620-CCE0C0A66CC9} URL = hxxp://search.babylon.com/?q={searchTerms}&babsrc=SP_ss_sps&mntrId=26D400197E6BF6D8&affID=120692&tt=160713_91114&tsp=4946
SearchScopes: HKCU - {0ECDF796-C2DC-4d79-A620-CCE0C0A66CC9} URL = hxxp://search.babylon.com/?q={searchTerms}&babsrc=SP_ss_sps&mntrId=26D400197E6BF6D8&affID=120692&tt=160713_91114&tsp=4946
SearchScopes: HKCU - {171DEBEB-C3D4-40b7-AC73-056A5EBA4A7E} URL = hxxp://websearch.ask.com/redirect?client=ie&tb=AVR-4&o=APN10261&src=crm&q={searchTerms}&locale=&apn_ptnrs=^AGS&apn_dtid=^YYYYYY^YY^DE&apn_uid=86f68a40-1cd0-4ecd-a9ee-2d3b7e0db83c&apn_sauid=B4A21FB3-6BDC-4104-8C1A-CAEEC57C9EF0
BHO: No Name - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} -  No File
BHO: DivX Plus Web Player HTML5 <video> - {326E768D-4182-46FD-9C16-1449A49795F4} - C:\Program Files\DivX\DivX Plus Web Player\ie\DivXHTML5\DivXHTML5.dll (DivX, LLC)
BHO: TubeSaver - {57F2FC14-BE99-4DFB-B9F1-2458A4F496AB} - C:\Program Files\TubeSaver\125.dll (istqt Soft)
BHO: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Oracle\JavaFX 2.1 Runtime\bin\ssv.dll (Oracle Corporation)
BHO: AcroIEToolbarHelper Class - {AE7CD045-E861-484f-8273-0445EE161910} - C:\Program Files\Adobe\Acrobat 6.0\Acrobat\AcroIEFavClient.dll ()
BHO: delta Helper Object - {C1AF5FA5-852C-4C90-812E-A7F75E011D87} - C:\Program Files\Delta\delta\1.8.21.5\bh\delta.dll (Delta-search.com)
BHO: CBrowserHelperObject Object - {CA6319C0-31B7-401E-A518-A07C3DB8F777} - C:\PROGRA~1\GOOGLE~1\BAE.dll (Your Company Name)
BHO: Avira SearchFree Toolbar plus Web Protection - {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Program Files\Ask.com\GenericAskToolbar.dll (Ask)
BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Oracle\JavaFX 2.1 Runtime\bin\jp2ssv.dll (Oracle Corporation)
BHO: TubeSaver - {E7673D9C-270D-4805-B619-5556A9977909} - C:\Program Files\TubeSaver\116.dll No File
Toolbar: HKLM - Adobe PDF - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files\Adobe\Acrobat 6.0\Acrobat\AcroIEFavClient.dll ()
Toolbar: HKLM - Avira SearchFree Toolbar plus Web Protection - {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Program Files\Ask.com\GenericAskToolbar.dll (Ask)
Toolbar: HKLM - Delta Toolbar - {82E1477C-B154-48D3-9891-33D83C26BCD3} - C:\Program Files\Delta\delta\1.8.21.5\deltaTlbr.dll (Delta-search.com)
Toolbar: HKCU -Adobe PDF - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files\Adobe\Acrobat 6.0\Acrobat\AcroIEFavClient.dll ()
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0000-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0-windows-i586.cab
Handler: ms-itss - {0A9007C0-4076-11D3-8789-0000F8105754} - C:\Program Files\Common Files\Microsoft Shared\Information Retrieval\msitss.dll (Microsoft Corporation)
Handler: msdaipp - No CLSID Value - 
Winsock: Catalog9 01 C:\Program Files\Avira\AntiVir Desktop\avsda.dll [258104] (Avira Operations GmbH & Co. KG)
Winsock: Catalog9 02 C:\Program Files\Avira\AntiVir Desktop\avsda.dll [258104] (Avira Operations GmbH & Co. KG)
Winsock: Catalog9 03 C:\Program Files\Avira\AntiVir Desktop\avsda.dll [258104] (Avira Operations GmbH & Co. KG)
Winsock: Catalog9 04 C:\Program Files\Avira\AntiVir Desktop\avsda.dll [258104] (Avira Operations GmbH & Co. KG)
Winsock: Catalog9 05 C:\Program Files\Avira\AntiVir Desktop\avsda.dll [258104] (Avira Operations GmbH & Co. KG)
Winsock: Catalog9 06 C:\Program Files\Avira\AntiVir Desktop\avsda.dll [258104] (Avira Operations GmbH & Co. KG)
Winsock: Catalog9 07 C:\Program Files\Avira\AntiVir Desktop\avsda.dll [258104] (Avira Operations GmbH & Co. KG)
Winsock: Catalog9 08 C:\Program Files\Avira\AntiVir Desktop\avsda.dll [258104] (Avira Operations GmbH & Co. KG)
Winsock: Catalog9 27 C:\Program Files\Avira\AntiVir Desktop\avsda.dll [258104] (Avira Operations GmbH & Co. KG)
Tcpip\Parameters: [DhcpNameServer] 192.168.178.1

FireFox:
========
FF ProfilePath: C:\Users\***\AppData\Roaming\Mozilla\Firefox\Profiles\jpzzj47c.default
FF user.js: detected! => C:\Users\***\AppData\Roaming\Mozilla\Firefox\Profiles\jpzzj47c.default\user.js
FF SelectedSearchEngine: Google
FF Homepage: inforiot.de
FF Keyword.URL: hxxp://websearch.ask.com/redirect?client=ff&src=kw&tb=AVR-4&o=APN10261&locale=de_DE&apn_uid=86f68a40-1cd0-4ecd-a9ee-2d3b7e0db83c&apn_ptnrs=%5EAGS&apn_sauid=B4A21FB3-6BDC-4104-8C1A-CAEEC57C9EF0&apn_dtid=%5EYYYYYY%5EYY%5EDE&&q=
FF Plugin: @adobe.com/FlashPlayer - C:\Windows\system32\Macromed\Flash\NPSWF32_11_7_700_202.dll ()
FF Plugin: @divx.com/DivX Browser Plugin,version=1.0.0 - C:\Program Files\DivX\DivX Plus Web Player\npdivx32.dll (DivX, LLC)
FF Plugin: @divx.com/DivX VOD Helper,version=1.0.0 - C:\Program Files\DivX\DivX OVS Helper\npovshelper.dll (DivX, LLC.)
FF Plugin: @java.com/JavaPlugin,version=10.5.1 - C:\Program Files\Oracle\JavaFX 2.1 Runtime\bin\plugin2\npjp2.dll (Oracle Corporation)
FF Plugin: @tools.google.com/Google Update;version=3 - C:\Program Files\Google\Update\1.3.21.153\npGoogleUpdate3.dll (Google Inc.)
FF Plugin: @tools.google.com/Google Update;version=9 - C:\Program Files\Google\Update\1.3.21.153\npGoogleUpdate3.dll (Google Inc.)
FF SearchPlugin: C:\Users\***\AppData\Roaming\Mozilla\Firefox\Profiles\jpzzj47c.default\searchplugins\askcom.xml
FF SearchPlugin: C:\Users\***\AppData\Roaming\Mozilla\Firefox\Profiles\jpzzj47c.default\searchplugins\delta.xml
FF Extension: No Name - C:\Users\***\AppData\Roaming\Mozilla\Extensions\{3550f703-e582-4d05-9a08-453d09bdfdc6}
FF Extension: DoNotTrackMe - C:\Users\***\AppData\Roaming\Mozilla\Firefox\Profiles\jpzzj47c.default\Extensions\donottrackplus@abine.com
FF Extension: Delta Toolbar - C:\Users\***\AppData\Roaming\Mozilla\Firefox\Profiles\jpzzj47c.default\Extensions\ffxtlbr@delta.com
FF Extension: ProxTube - Gesperrte YouTube Videos entsperren - C:\Users\***\AppData\Roaming\Mozilla\Firefox\Profiles\jpzzj47c.default\Extensions\ich@maltegoetz.de
FF Extension: Avira SearchFree Toolbar plus Web Protection - C:\Users\***\AppData\Roaming\Mozilla\Firefox\Profiles\jpzzj47c.default\Extensions\toolbar@ask.com
FF Extension: No Name - C:\Users\***\AppData\Roaming\Mozilla\Firefox\Profiles\jpzzj47c.default\Extensions\{097d3191-e6fa-4728-9826-b533d755359d}.xpi
FF Extension: No Name - C:\Users\***\AppData\Roaming\Mozilla\Firefox\Profiles\jpzzj47c.default\Extensions\{c0c9a2c7-2e5c-4447-bc53-97718bc91e1b}.xpi
FF Extension: No Name - C:\Users\***\AppData\Roaming\Mozilla\Firefox\Profiles\jpzzj47c.default\Extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}.xpi
FF Extension: No Name - C:\Users\***\AppData\Roaming\Mozilla\Firefox\Profiles\jpzzj47c.default\Extensions\{dc572301-7619-498c-a57d-39143191b318}.xpi
FF Extension: Default - C:\Program Files\Mozilla Firefox\browser\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}
FF HKLM\...\Firefox\Extensions: [{23fcfd51-4958-4f00-80a3-ae97e717ed8b}] C:\Program Files\DivX\DivX Plus Web Player\firefox\DivXHTML5
FF Extension: DivX Plus Web Player HTML5 &lt;video&gt; - C:\Program Files\DivX\DivX Plus Web Player\firefox\DivXHTML5
FF HKCU\...\Firefox\Extensions: [Tubesaver@istqt.co] C:\Program Files\TubeSaver\125.xpi
FF Extension: No Name - C:\Program Files\TubeSaver\125.xpi

========================== Services (Whitelisted) =================

R2 AntiVirSchedulerService; C:\Program Files\Avira\AntiVir Desktop\sched.exe [84024 2013-07-01] (Avira Operations GmbH & Co. KG)
R2 AntiVirService; C:\Program Files\Avira\AntiVir Desktop\avguard.exe [108088 2013-07-01] (Avira Operations GmbH & Co. KG)
R2 AntiVirWebService; C:\Program Files\Avira\AntiVir Desktop\AVWEBGRD.EXE [589368 2013-07-01] (Avira Operations GmbH & Co. KG)
R2 ccEvtMgr; C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe [107624 2006-11-17] (Symantec Corporation)
R2 ccSetMgr; C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe [107624 2006-11-17] (Symantec Corporation)
S2 CLTNetCnService; C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe [107624 2006-11-17] (Symantec Corporation)
S3 comHost; C:\Program Files\Common Files\Symantec Shared\VAScanner\comHost.exe [49296 2006-11-17] (Symantec Corporation)
R2 DirMngr; C:\Program Files\GNUzwei\GnuPG\dirmngr.exe [224256 2011-03-02] ()
S3 ISPwdSvc; C:\Program Files\Norton Internet Security\isPwdSvc.exe [80552 2006-11-17] (Symantec Corporation)
R2 LVCOMSer; C:\Program Files\Common Files\LogiShrd\LVCOMSER\LVComSer.exe [186904 2007-10-19] (Logitech Inc.)
S2 LVSrvLauncher; C:\Program Files\Common Files\LogiShrd\SrvLnch\SrvLnch.exe [141848 2007-10-19] (Logitech Inc.)
R3 lxcf_device; C:\Windows\system32\lxcfcoms.exe [491520 2005-04-15] ()
R2 MSSQL$VAIO_VEDB; C:\Program Files\Microsoft SQL Server\MSSQL.1\MSSQL\Binn\sqlservr.exe [28933976 2007-02-05] (Microsoft Corporation)
S4 MSSQLServerADHelper; C:\Program Files\Microsoft SQL Server\90\Shared\sqladhlp90.exe [45272 2007-02-05] (Microsoft Corporation)
S3 PACSPTISVR; C:\Program Files\Common Files\Sony Shared\AvLib\PACSPTISVR.exe [57344 2006-12-14] ()
S3 Sony Ericsson PCComp***on; C:\Program Files\Sony Ericsson\Sony Ericsson PC Comp***on\PCCService.exe [155344 2011-06-29] (Avanquest Software)
S3 SPTISRV; C:\Program Files\Common Files\Sony Shared\AvLib\SPTISRV.exe [69632 2006-12-14] (Sony Corporation)
R2 SymAppCore; C:\Program Files\Common Files\Symantec Shared\AppCore\AppSvc32.exe [46736 2006-11-17] (Symantec Corporation)
S3 VAIO Entertainment TV Device Arbitration Service; C:\Program Files\Common Files\Sony Shared\VAIO Entertainment Platform\VzCs\VzHardwareResourceManager\VzHardwareResourceManager.exe [73728 2007-01-10] (Sony Corporation)
R2 VAIO Event Service; C:\Program Files\sony\VAIO Event Service\VESMgr.exe [182392 2007-02-13] (Sony Corporation)
S3 VAIOMediaPlatform-IntegratedServer-AppServer; C:\Program Files\sony\VAIO Media Integrated Server\VMISrv.exe [2523136 2007-01-16] (Sony Corporation)
S3 VAIOMediaPlatform-IntegratedServer-UPnP; C:\Program Files\sony\VAIO Media Integrated Server\Platform\UPnPFramework.exe [1089536 2007-01-16] (Sony Corporation)
S3 VAIOMediaPlatform-UCLS-AppServer; C:\Program Files\sony\VAIO Media Integrated Server\UCLS.exe [745472 2007-01-10] (Sony Corporation)
S3 VAIOMediaPlatform-UCLS-UPnP; C:\Program Files\sony\VAIO Media Integrated Server\Platform\UPnPFramework.exe [1089536 2007-01-16] (Sony Corporation)
R3 Vcsw; C:\Program Files\Common Files\Sony Shared\VAIO Entertainment Platform\VCSW\VCSW.exe [274432 2006-11-28] (Sony Corporation)
R2 VzCdbSvc; C:\Program Files\Common Files\Sony Shared\VAIO Entertainment Platform\VzCdb\VzCdbSvc.exe [172032 2006-11-28] (Sony Corporation)
R2 VzFw; C:\Program Files\Common Files\Sony Shared\VAIO Entertainment Platform\VzCdb\VzFw.exe [135168 2006-11-28] (Sony Corporation)
S3 VAIOMediaPlatform-IntegratedServer-HTTP; "C:\Program Files\sony\VAIO Media Integrated Server\Platform\SV_Httpd.exe" /Service=VAIOMediaPlatform-IntegratedServer-HTTP /RegRoot="SOFTWARE\Sony Corporation\VAIO Media Platform\2.0" /RegExt="Applications\IntegratedServer\HTTP" [x]
S3 VAIOMediaPlatform-Mobile-Gateway; "C:\Program Files\sony\VAIO Media Integrated Server\Platform\VmGateway.exe" /Service=VAIOMediaPlatform-Mobile-Gateway /RegRoot="SOFTWARE\Sony Corporation\VAIO Media Platform\2.0" /RegExt="\Addons\Packages\Mobile\Gateway" /DisplayName="VAIO Media Gateway Server" [x]
S3 VAIOMediaPlatform-UCLS-HTTP; "C:\Program Files\sony\VAIO Media Integrated Server\Platform\SV_Httpd.exe" /Service=VAIOMediaPlatform-UCLS-HTTP /RegRoot="SOFTWARE\Sony Corporation\VAIO Media Platform\2.0" /RegExt="\Applications\UCLS\HTTP" [x]

==================== Drivers (Whitelisted) ====================

R2 avgntflt; C:\Windows\System32\DRIVERS\avgntflt.sys [84744 2013-03-28] (Avira Operations GmbH & Co. KG)
R1 avipbb; C:\Windows\System32\DRIVERS\avipbb.sys [135136 2013-03-28] (Avira Operations GmbH & Co. KG)
R1 avkmgr; C:\Windows\System32\DRIVERS\avkmgr.sys [37352 2013-03-28] (Avira Operations GmbH & Co. KG)
S3 IDSvix86; C:\PROGRA~2\Symantec\DEFINI~1\SymcData\idsdefs\20061025.029\IDSvix86.sys [202872 2006-11-17] (Symantec Corporation)
S3 LVcKap; C:\Windows\System32\DRIVERS\LVcKap.sys [2109976 2007-10-19] (Logitech Inc.)
S3 LVMVDrv; C:\Windows\System32\DRIVERS\LVMVDrv.sys [2142488 2007-10-11] (Logitech Inc.)
R3 LVPr2Mon; C:\Windows\System32\DRIVERS\LVPr2Mon.sys [25624 2007-10-11] ()
S3 MBAMSwissArmy; C:\Windows\system32\drivers\mbamswissarmy.sys [40776 2012-10-12] (Malwarebytes Corporation)
S3 QCDonner; C:\Windows\System32\DRIVERS\LVCD.sys [474304 2004-04-26] (Logitech Inc.)
R3 SNC; C:\Windows\System32\Drivers\SonyNC.sys [27520 2007-02-06] (Sony Corporation)
R1 ssmdrv; C:\Windows\System32\DRIVERS\ssmdrv.sys [28520 2012-08-27] (Avira GmbH)
S3 SymEvent; C:\Windows\system32\Drivers\SYMEVENT.SYS [109744 2007-02-26] (Symantec Corporation)
R3 ti21sony; C:\Windows\System32\drivers\ti21sony.sys [807424 2007-02-08] (Texas Instruments)
S4 blbdrive; \SystemRoot\system32\drivers\blbdrive.sys [x]
S3 IpInIp; system32\DRIVERS\ipinip.sys [x]
S3 NwlnkFlt; system32\DRIVERS\nwlnkflt.sys [x]
S3 NwlnkFwd; system32\DRIVERS\nwlnkfwd.sys [x]

==================== NetSvcs (Whitelisted) ===================


==================== One Month Created Files and Folders ========

2013-07-30 17:58 - 2013-07-30 17:58 - 00000000 ____D C:\FRST
2013-07-30 17:57 - 2013-07-30 17:57 - 01222114 _____ (Farbar) C:\Users\***\Desktop\FRST.exe
2013-07-26 16:25 - 2013-07-26 16:25 - 00000000 ____D C:\Users\***\Desktop\sampler
2013-07-23 13:26 - 2013-07-23 13:26 - 00000000 ____D C:\Program Files\TubeSaver
2013-07-19 12:24 - 2013-07-19 12:24 - 00000075 _____ C:\Users\***\Desktop\Neues Textdokument.txt
2013-07-17 17:24 - 2013-07-17 17:25 - 00637534 _____ C:\Users\***\Documents\SMS Konversationen.html
2013-07-17 13:45 - 2013-07-17 13:45 - 00480657 _____ C:\Users\***\Documents\Backup ***phone 2013-07-17.mpb
2013-07-17 13:38 - 2013-07-17 13:38 - 00000000 ____D C:\Users\***\.android
2013-07-17 13:37 - 2013-07-17 13:37 - 00000000 ____D C:\Users\***\AppData\Roaming\Optimizer Pro
2013-07-17 13:37 - 2013-07-17 13:37 - 00000000 ____D C:\Program Files\Optimizer Pro
2013-07-17 13:36 - 2013-07-26 13:26 - 00000344 _____ C:\Windows\Tasks\TubeSaver Update.job
2013-07-17 13:36 - 2013-07-23 20:55 - 00000000 ____D C:\Users\***\AppData\Roaming\MyPhoneExplorer
2013-07-17 13:36 - 2013-07-17 13:36 - 00001854 _____ C:\Users\Public\Desktop\MyPhoneExplorer.lnk
2013-07-17 13:36 - 2013-07-17 13:36 - 00000000 ____D C:\Users\***\AppData\Roaming\BabSolution
2013-07-17 13:36 - 2013-07-17 13:36 - 00000000 ____D C:\Program Files\Delta
2013-07-17 13:35 - 2013-07-17 13:36 - 00000000 ____D C:\Program Files\MyPhoneExplorer
2013-07-17 13:35 - 2013-07-17 13:35 - 00000000 ____D C:\Users\***\AppData\Roaming\Babylon
2013-07-17 13:35 - 2013-07-17 13:35 - 00000000 ____D C:\ProgramData\Babylon
2013-07-17 13:31 - 2013-07-17 13:31 - 07134488 _____ C:\Users\***\Downloads\MyPhoneExplorer_Setup_1.8.4.exe
2013-07-17 13:17 - 2013-07-17 13:18 - 00008767 _____ C:\Windows\WindowsUpdate.log
2013-07-13 14:26 - 2013-07-13 14:26 - 00000022 _____ C:\Windows\S.dirmngr
2013-07-01 21:42 - 2013-07-13 21:48 - 00000000 ____D C:\Program Files\Mozilla Thunderbird

==================== One Month Modified Files and Folders =======

2013-07-30 17:57 - 2013-07-30 17:57 - 01222114 _____ (Farbar) C:\Users\***\Desktop\FRST.exe
2013-07-30 17:55 - 2013-02-22 17:15 - 00000000 ____D C:\Users\***\AppData\Roaming\uTorrent
2013-07-30 17:52 - 2006-11-02 14:47 - 00003456 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0
2013-07-30 17:52 - 2006-11-02 14:47 - 00003456 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0
2013-07-30 08:34 - 2011-10-22 21:42 - 00001092 _____ C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
2013-07-28 16:29 - 2013-03-20 21:57 - 00000000 ____D C:\Users\***\AppData\Roaming\Dropbox
2013-07-28 14:34 - 2011-10-22 21:42 - 00001088 _____ C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
2013-07-26 16:25 - 2013-07-26 16:25 - 00000000 ____D C:\Users\***\Desktop\sampler
2013-07-26 13:26 - 2013-07-17 13:36 - 00000344 _____ C:\Windows\Tasks\TubeSaver Update.job
2013-07-24 18:13 - 2011-10-11 13:36 - 00000000 ___RD C:\Users\***\Desktop\#1
2013-07-24 18:02 - 2013-01-24 16:14 - 00000000 ____D C:\Users\***\Desktop\gesammelt
2013-07-23 20:55 - 2013-07-17 13:36 - 00000000 ____D C:\Users\***\AppData\Roaming\MyPhoneExplorer
2013-07-23 13:26 - 2013-07-23 13:26 - 00000000 ____D C:\Program Files\TubeSaver
2013-07-21 22:31 - 2013-03-20 22:01 - 00000000 ___RD C:\Users\***\Dropbox
2013-07-21 21:49 - 2011-10-10 21:38 - 00000000 ____D C:\Users\***\AppData\Roaming\Winamp
2013-07-19 12:24 - 2013-07-19 12:24 - 00000075 _____ C:\Users\***\Desktop\Neues Textdokument.txt
2013-07-19 12:01 - 2006-11-02 12:33 - 01617722 _____ C:\Windows\system32\PerfStringBackup.INI
2013-07-17 17:25 - 2013-07-17 17:24 - 00637534 _____ C:\Users\***\Documents\SMS Konversationen.html
2013-07-17 13:45 - 2013-07-17 13:45 - 00480657 _____ C:\Users\***\Documents\Backup ***phone 2013-07-17.mpb
2013-07-17 13:38 - 2013-07-17 13:38 - 00000000 ____D C:\Users\***\.android
2013-07-17 13:38 - 2011-10-10 21:11 - 00000000 ____D C:\Users\***
2013-07-17 13:37 - 2013-07-17 13:37 - 00000000 ____D C:\Users\***\AppData\Roaming\Optimizer Pro
2013-07-17 13:37 - 2013-07-17 13:37 - 00000000 ____D C:\Program Files\Optimizer Pro
2013-07-17 13:36 - 2013-07-17 13:36 - 00001854 _____ C:\Users\Public\Desktop\MyPhoneExplorer.lnk
2013-07-17 13:36 - 2013-07-17 13:36 - 00000000 ____D C:\Users\***\AppData\Roaming\BabSolution
2013-07-17 13:36 - 2013-07-17 13:36 - 00000000 ____D C:\Program Files\Delta
2013-07-17 13:36 - 2013-07-17 13:35 - 00000000 ____D C:\Program Files\MyPhoneExplorer
2013-07-17 13:35 - 2013-07-17 13:35 - 00000000 ____D C:\Users\***\AppData\Roaming\Babylon
2013-07-17 13:35 - 2013-07-17 13:35 - 00000000 ____D C:\ProgramData\Babylon
2013-07-17 13:31 - 2013-07-17 13:31 - 07134488 _____ C:\Users\***\Downloads\MyPhoneExplorer_Setup_1.8.4.exe
2013-07-17 13:18 - 2013-07-17 13:17 - 00008767 _____ C:\Windows\WindowsUpdate.log
2013-07-13 22:00 - 2013-01-24 14:01 - 00000000 ____D C:\Users\***\AppData\Roaming\gnupg
2013-07-13 21:48 - 2013-07-01 21:42 - 00000000 ____D C:\Program Files\Mozilla Thunderbird
2013-07-13 21:48 - 2012-04-27 18:03 - 00000000 ____D C:\Program Files\Mozilla Maintenance Service
2013-07-13 14:26 - 2013-07-13 14:26 - 00000022 _____ C:\Windows\S.dirmngr
2013-07-13 14:26 - 2006-11-02 15:01 - 00000006 ____H C:\Windows\Tasks\SA.DAT
2013-07-13 14:25 - 2006-11-02 15:01 - 00032572 _____ C:\Windows\Tasks\SCHEDLGU.TXT
2013-07-05 12:34 - 2012-07-29 15:06 - 00000000 ____D C:\Users\***\Desktop\haus4_WiLMa
2013-07-04 20:13 - 2013-05-26 16:24 - 00000000 ____D C:\Program Files\Mozilla Firefox
2013-07-01 19:27 - 2012-02-24 12:14 - 00002161 _____ C:\lxcf.log

ZeroAccess:
C:\$Recycle.Bin\S-1-5-21-4061229319-778602753-3459304342-1003\$35e98341865a7168209c0b91755073f5

ZeroAccess:
C:\$Recycle.Bin\S-1-5-18\$35e98341865a7168209c0b91755073f5

==================== Bamital & volsnap Check =================

C:\Windows\explorer.exe
[2006-11-02 10:47] - [2006-11-02 11:45] - 2923520 ____A (Microsoft Corporation) FD8C53FB002217F6F888BCF6F5D7084D

C:\Windows\System32\winlogon.exe => MD5 is legit
C:\Windows\System32\wininit.exe => MD5 is legit
C:\Windows\System32\svchost.exe => MD5 is legit
C:\Windows\System32\services.exe => MD5 is legit
C:\Windows\System32\User32.dll
[2006-11-02 10:38] - [2006-11-02 11:46] - 0633856 ____A (Microsoft Corporation) E698A5437B89A285ACA3FF022356810A

C:\Windows\System32\userinit.exe => MD5 is legit
C:\Windows\System32\Drivers\volsnap.sys
[2006-11-02 10:52] - [2006-11-02 11:51] - 0208488 ____A (Microsoft Corporation) 11EF6C1CAEF76B685233450A126125D6



LastRegBack: 2013-07-13 14:34

==================== End Of Log ============================
         
--- --- ---

--- --- ---


und hier der rest:
Code:
ATTFilter
Additional scan result of Farbar Recovery Scan Tool (x86) Version: 30-07-2013 03
Ran by *** at 2013-07-30 17:58:39
Running from C:\Users\***\Desktop
Boot Mode: Normal
==========================================================


==================== Installed Programs =======================

µTorrent (Version: 3.3.0.29625)
7-Zip 9.20
Adobe Acrobat 6.0 Professional - English, Français, Deutsch (Version: 006.000.000)
Adobe Flash Player 11 Plugin (Version: 11.7.700.202)
Adobe Flash Player 9 ActiveX (Version: 9)
Alps Pointing-device for VAIO
AppCore (Version: 1)
Apple Application Support (Version: 1.1.0)
Apple Software Update (Version: 2.1.1.116)
Ask Toolbar (Version: 1.15.11.0)
Avira Free Antivirus (Version: 13.0.0.3884)
Avira SearchFree Toolbar plus Web Protection Updater (HKCU Version: 1.2.3.30498)
BitTorrent (Version: 7.6.0)
Browser Address Error Redirector
ccCommon (Version: 106.1.1.4)
CCleaner (Version: 3.11)
Click to DVD 2.0.05 Menu Data (Version: 2.0.05)
Click to DVD 2.6.00 (Version: 2.6.00)
Delta Chrome Toolbar
Delta toolbar   (Version: 1.8.21.5)
DivX-Setup (Version: 2.6.1.5)
Dropbox (HKCU Version: 2.0.22)
FUJIFILM MyFinePix Studio 3.1
GenoPro 2.5.4.1
GnuPT Version 4.5.0 (Version: 4.5.0)
Google Update Helper (Version: 1.3.21.153)
Gpg4win (2.1.0) (Version: 2.1.0)
HDAUDIO SoftV92 Data Fax Modem with SmartCP
Intel(R) Graphics Media Accelerator Driver
IrfanView (remove only) (Version: 4.27)
Java Auto Updater (Version: 2.1.6.0)
Java(TM) 7 Update 5 (Version: 7.0.50)
Java(TM) SE Runtime Environment 6 (Version: 1.6.0.0)
JavaFX 2.1.1 (Version: 2.1.1)
LAN-Express AS IEEE 802.11 Wireless LAN (Version: 7.1.0.116)
Lexmark 730 Series
Logitech QuickCam (Version: 11.50.1169)
Logitech QuickCam-Treiberpaket
Microsoft Office Professional Edition 2003 (Version: 11.0.5614.0)
Microsoft SQL Server 2005
Microsoft SQL Server 2005 Express Edition (VAIO_VEDB) (Version: 9.1.2047.00)
Microsoft SQL Server Native Client (Version: 9.00.2047.00)
Microsoft SQL Server VSS Writer (Version: 9.00.2047.00)
Microsoft Visual C++ 2005 Redistributable (Version: 8.0.50727.42)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30411 (Version: 9.0.30411)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (Version: 9.0.30729.4148)
Microsoft Visual C++ 2010  x86 Redistributable - 10.0.40219 (Version: 10.0.40219)
Microsoft Works (Version: 08.05.0822)
Microsoft_VC100_CRT_SP1_x86 (Version: 10.0.40219.1)
Mozilla Firefox 22.0 (x86 de) (Version: 22.0)
Mozilla Maintenance Service (Version: 17.0.7)
Mozilla Thunderbird 17.0.7 (x86 de) (Version: 17.0.7)
MSRedist (Version: 1.0.0.0)
MSVC80_x86_v2 (Version: 1.0.3.0)
MSVC90_x86 (Version: 1.0.1.2)
MSXML 4.0 SP2 (KB927978) (Version: 4.20.9841.0)
MyPhoneExplorer (Version: 1.8.4)
Nokia Connectivity Cable Driver (Version: 7.1.69.0)
Nokia PC Suite (Version: 7.1.180.46)
Norton Internet Security (Symantec Corporation) (Version: 10.1.0.26)
Norton Internet Security (Version: 10.1.0.26)
OpenMG Limited Patch 4.7-07-13-24-01
OpenMG Secure Module 4.7.00 (Version: 4.7.00.12140)
OpenOffice.org 3.4 (Version: 3.4.9590)
Optimizer Pro v3.0 (Version: 3.0)
PC Connectivity Solution (Version: 11.5.22.0)
QuickTime (Version: 7.65.17.80)
RAF (Version: 1.00.0001)
RAW FILE CONVERTER EX powered by SILKYPIX (Version: 3)
Realtek High Definition Audio Driver (Version: 6.0.1.5350)
Setting Utility Series (Version: 2.1.00.13300)
Skype™ 5.5 (Version: 5.5.124)
Sony Ericsson PC Comp***on 2.02.015 (Version: 2.02.015)
Sony Ericsson Update Engine (Version: 2.12.2.14)
Sony Utilities DLL (Version: 7.1.00.13300)
Sony Video Shared Library (Version: 3.1.03)
SymNet (Version: 7.1.0.27)
System Progressive Protection
TubeSaver
Unterstützungsdateien für das Microsoft SQL Server-Setup (Englisch) (Version: 9.00.2047.00)
VAIO Aqua Breeze Wallpaper (Version: 1.0.11.13240)
VAIO Control Center (Version: 2.0.00.11060)
VAIO Cozy Orange Wallpaper (Version: 1.0.11.13240)
VAIO Data Restore Tool (Version: 1.0.01.02070)
VAIO Entertainment Platform (Version: 2.0.02.13290)
VAIO Event Service (Version: 3.1.00.14130)
VAIO Hardware Diagnostics
VAIO Media (Version: 6.0.10)
VAIO Media 6.0 (Version: 6.0.10)
VAIO Media AC3 Decoder 1.0
VAIO Media Content Collection 6.0
VAIO Media Integrated Server 6.0
VAIO Media Redistribution 6.0 (Version: 6.0.10)
VAIO Media Registration Tool (Version: 6.0.10)
VAIO Media Registration Tool 6.0 (Version: 6.0.10)
VAIO Original Screen Saver
VAIO Photo 2007 (Version: 1.0.01.01250)
VAIO Power Management (Version: 2.1.00.14090)
VAIO Tender Green Wallpaper (Version: 1.0.11.10180)
VAIO Update 3 (Version: 3.0.01.02050)
VAIO Video & Photo  Suite (Version: 1.1.00.13301)
VAIO Video & Photo Suite (Version: 1.1.00.13301)
VC80CRTRedist - 8.0.50727.6195 (Version: 1.2.0)
VLC media player 1.1.11 (Version: 1.1.11)
Winamp (Version: 5.581 )
Winamp Erkennungs-Plug-in (HKCU Version: 1.0.0.1)
Windows-Treiberpaket - Nokia Modem  (02/25/2011 4.7) (Version: 02/25/2011 4.7)
Windows-Treiberpaket - Nokia Modem  (02/25/2011 7.01.0.9) (Version: 02/25/2011 7.01.0.9)
Windows-Treiberpaket - Nokia pccsmcfd  (08/22/2008 7.0.0.0) (Version: 08/22/2008 7.0.0.0)
WinDVD for VAIO (Version: 8.0-B6.113)
Wireless Switch Setting Utility (Version: 3.6.00.13120)
Yontoo Layers Runtime 1.10.01 (Version: 1.10.01)
 

==================== Restore Points  =========================

13-07-2013 13:28:57 Geplanter Prüfpunkt
14-07-2013 17:42:07 Geplanter Prüfpunkt
15-07-2013 22:00:02 Geplanter Prüfpunkt
16-07-2013 22:00:03 Geplanter Prüfpunkt
19-07-2013 08:30:37 Geplanter Prüfpunkt
20-07-2013 22:00:03 Geplanter Prüfpunkt
22-07-2013 09:26:50 Geplanter Prüfpunkt
22-07-2013 22:00:03 Geplanter Prüfpunkt
23-07-2013 22:00:03 Geplanter Prüfpunkt
24-07-2013 22:00:04 Geplanter Prüfpunkt
25-07-2013 22:00:03 Geplanter Prüfpunkt

==================== Hosts content: ==========================

2006-11-02 12:23 - 2006-09-18 23:41 - 00000761 ____A C:\Windows\system32\Drivers\etc\hosts
127.0.0.1       localhost
::1             localhost

==================== Scheduled Tasks (whitelisted) =============

Task: {1790BB7F-6CAC-419E-8708-1010A37C4899} - System32\Tasks\MCVRegistrationReminder1 => C:\Windows\System32\DeleteReminders.vbs No File
Task: {1CC81347-6204-4B83-900C-01E02F50F067} - System32\Tasks\Microsoft\Windows\MobilePC\TMM
Task: {20063BB2-142A-4A27-8DB6-2A7CECF16876} - System32\Tasks\MCVSurveyReminder2 => C:\Windows\System32\DeleteReminders.vbs No File
Task: {2D69436B-2541-437B-BB11-11D958EF676E} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files\Google\Update\GoogleUpdate.exe [2011-10-22] (Google Inc.)
Task: {2E4F4B73-42D7-4E23-9129-3BB1661779DD} - System32\Tasks\Apple\AppleSoftwareUpdate => C:\Program Files\Apple Software Update\SoftwareUpdate.exe [2008-07-30] (Apple Inc.)
Task: {3095EE8B-AEBA-424A-B760-6FE0896C1DBC} - System32\Tasks\TubeSaver Update => C:\Program Files\TubeSaver\tbsUd.exe [2013-07-22] (istqt Soft)
Task: {34B81208-03DF-4BB1-BE9F-9266FC7BBB5D} - System32\Tasks\MCVSurveyReminder4 => C:\Windows\System32\DeleteReminders.vbs No File
Task: {38FCB278-DF31-4B26-96A3-A50AA27C5D26} - System32\Tasks\Microsoft\Windows Defender\MP Scheduled Scan => c:\program files\windows defender\MpCmdRun.exe [2006-11-02] (Microsoft Corporation)
Task: {3BCDF251-CA5C-4045-A1FC-8FCEF9FBDC93} - System32\Tasks\Microsoft\Windows\Shell\CrawlStartPages
Task: {42285F7C-E8A0-442A-A956-F633B71CF827} - System32\Tasks\MCVRegistrationReminder3 => C:\Windows\System32\DeleteReminders.vbs No File
Task: {44980BEE-7809-44A9-AC24-D6E578A3B7DF} - System32\Tasks\Microsoft\Windows\RAC\RACAgent => C:\Windows\system32\RacAgent.exe [2006-11-02] (Microsoft Corporation)
Task: {621FB1B7-0A9E-4150-9C13-9B5890F43C9E} - System32\Tasks\MCVSurveyReminder3 => C:\Windows\System32\DeleteReminders.vbs No File
Task: {6D4FFB42-42B5-4AE2-A53D-BE89BB30B41F} - System32\Tasks\Scheduled Update for Ask Toolbar => C:\Program Files\Ask.com\UpdateTask.exe [2012-10-29] ()
Task: {6F1FE12A-67CD-43B3-B0E7-BC084D32CEC0} - System32\Tasks\SONY\VAIO Update\VAIO Update => C:\Program Files\Sony\VAIO Update 3\VAIOUpdt.exe [2007-02-05] (Sony Corporation)
Task: {74A56C0B-3DC2-4FDF-9B23-B104E0729A9D} - System32\Tasks\Microsoft\Windows\Defrag\ManualDefrag => C:\Windows\system32\defrag.exe [2006-11-02] (Microsoft Corp.)
Task: {8ADDCA81-5434-48D3-AD74-6F928888FDFE} - System32\Tasks\MCVSurveyReminder1 => C:\Windows\System32\DeleteReminders.vbs No File
Task: {910A2C64-2C5F-4F0E-8DE5-1BDA6BE72619} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files\Google\Update\GoogleUpdate.exe [2011-10-22] (Google Inc.)
Task: {9EB44560-63F6-4CA3-8294-048D3F7D340B} - System32\Tasks\Microsoft\Windows\NetworkAccessProtection\NAPStatus UI
Task: {A61555D3-7840-45C1-A5A9-0D49851DE37A} - System32\Tasks\Microsoft\Windows\Customer Experience Improvement Program\OptinNotification => C:\Windows\System32\wsqmcons.exe [2006-11-02] (Microsoft Corporation)
Task: {AEE7196D-A740-4A19-B9D7-8CFAD1CFD86A} - System32\Tasks\LaunchMCV => C:\Windows\System32\DeleteLauncher.vbs No File
Task: {AF79E16A-9937-460E-82B8-929679BA725A} - System32\Tasks\SONY\WSSU\WSSU => C:\Program Files\Sony\Wireless Switch Setting Utility\Switcher.exe [2007-01-11] (Sony Corporation)
Task: {BAC5A039-AC3B-410D-8279-5F3996DFB957} - System32\Tasks\MCVRegistrationReminder2 => C:\Windows\System32\DeleteReminders.vbs No File
Task: {CA1C91DE-389D-4921-B7F9-D1EB6A9438BC} - System32\Tasks\MCVRegistrationReminder4 => C:\Windows\System32\DeleteReminders.vbs No File
Task: {E5150B95-F9B4-4D5D-95A2-7EC1ACBA95F8} - System32\Tasks\Microsoft\Windows\Wireless\GatherWirelessInfo => C:\Windows\system32\gatherWirelessInfo.vbs [2006-11-02] ()
Task: {F116675D-DA8A-463E-8DD2-2403FC639BF0} - System32\Tasks\EPUpdater => C:\Users\***\AppData\Roaming\BABSOL~1\Shared\BabMaint.exe [2013-06-06] ()
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\TubeSaver Update.job => C:\Program Files\TubeSaver\tbsUd.exe

==================== Faulty Device Manager Devices =============


==================== Event log errors: =========================

Application errors:
==================
Error: (07/21/2013 09:49:26 PM) (Source: Application Error) (User: )
Description: Fehlerhafte Anwendung winamp.exe, Version 5.5.8.2985, Zeitstempel 0x4c3b43ea, fehlerhaftes Modul winamp.exe, Version 5.5.8.2985, Zeitstempel 0x4c3b43ea, Ausnahmecode 0xc0000005, Fehleroffset 0x0003fa19,
Prozess-ID 0x431c, Anwendungsstartzeit winamp.exe0.

Error: (05/20/2013 06:37:06 PM) (Source: System Restore) (User: )
Description: Der geplante Wiederherstellungspunkt konnte nicht erstellt werden. Zusätzliche Informationen: (0x81000101).

Error: (05/20/2013 06:37:06 PM) (Source: System Restore) (User: )
Description: Fehler beim Erstellen des Wiederherstellungspunkts auf dem Volume (Prozess = C:\Windows\system32\rundll32.exe /d srrstr.dll,ExecuteScheduledSPPCreation; Beschreibung = Geplanter Prüfpunkt; Hr = 0x81000101).

Error: (03/21/2013 00:55:41 AM) (Source: Application Error) (User: )
Description: Fehlerhafte Anwendung lxcfcoms.exe, Version 1.154.7.0, Zeitstempel 0x42602ef0, fehlerhaftes Modul unknown, Version 0.0.0.0, Zeitstempel 0x00000000, Ausnahmecode 0xc0000005, Fehleroffset 0x002300c9,
Prozess-ID 0x14d8, Anwendungsstartzeit lxcfcoms.exe0.

Error: (02/25/2013 10:07:19 PM) (Source: Application Hang) (User: )
Description: Programm firefox.exe, Version 18.0.2.4780 arbeitet nicht mehr mit Windows zusammen und wurde beendet. Überprüfen Sie den Problemverlauf im Applet "Lösungen für Probleme" in der Systemsteuerung, um nach weiteren Informationen über das Problem zu suchen.
Prozess-ID: 13b0
Anfangszeit: 01ce0e1b3a0cd360
Zeitpunkt der Beendigung: 314

Error: (02/16/2013 00:53:57 PM) (Source: MsiInstaller) (User: ***-pc)
Description: Produkt: Adobe Acrobat 6.0 Professional - English, Français, Deutsch -- Fehler 1706. Für das Produkt Adobe Acrobat 6.0 Professional - English, Français, Deutsch wurde kein Installationspaket gefunden. Wiederholen Sie die Installation und verwenden Sie dabei eine gültige Kopie des Installationspakets "AcroPro.msi".

Error: (02/06/2013 05:35:14 PM) (Source: System Restore) (User: )
Description: Der geplante Wiederherstellungspunkt konnte nicht erstellt werden. Zusätzliche Informationen: (0x81000101).

Error: (02/06/2013 05:35:14 PM) (Source: System Restore) (User: )
Description: Fehler beim Erstellen des Wiederherstellungspunkts auf dem Volume (Prozess = C:\Windows\system32\rundll32.exe /d srrstr.dll,ExecuteScheduledSPPCreation; Beschreibung = Geplanter Prüfpunkt; Hr = 0x81000101).

Error: (02/06/2013 05:29:40 PM) (Source: VSS) (User: )
Description: Volumeschattenkopie-Dienstfehler: Die E/A-Schreibvorgänge können während des Schattenkopie-Erstellungszeitraums auf Volume "\\?\Volume{cdd21cca-f371-11e0-ab69-806e6f6e6963}\" nicht gespeichert werden.
Der Volumeindex im Schattenkopiesatz ist 0. Fehlerdetails: Offen[0x00000000], Leerung[0x00000000], Freigabe[0x80042314], Ausführung[0x00000000].


Vorgang:
   Asynchroner Vorgang wird ausgeführt

Kontext:
   Aktueller Status: DoSnapshotSet

Error: (01/24/2013 04:44:57 PM) (Source: Perflib) (User: )
Description: PNRPsvcC:\Windows\system32\pnrpperf.dll4


System errors:
=============
Error: (07/13/2013 02:26:46 PM) (Source: Print) (User: NT-AUTORITÄT)
Description: Der Druckspooler konnte den Drucker hp psc 1300 series nicht unter dem Namen hp psc 1300 series freigeben. Fehler: 2114. Der Drucker kann nicht von anderen Benutzern im Netzwerk verwendet werden.

Error: (07/10/2013 04:16:21 PM) (Source: Dhcp) (User: )
Description: Die IP-Adresslease 192.168.178.21 für die Netzwerkkarte mit der Netzwerkadresse 0013A9CA1D09 wurde durch den DHCP-Server 0.0.0.0 abgelehnt (der DHCP-Server hat eine DHCPNACK-Meldung gesendet).

Error: (07/01/2013 09:30:44 PM) (Source: Service Control Manager) (User: )
Description: 30000Netman

Error: (07/01/2013 07:30:41 PM) (Source: Service Control Manager) (User: )
Description: IPsec-Richtlinien-AgentBFE

Error: (07/01/2013 07:30:41 PM) (Source: Service Control Manager) (User: )
Description: IKE- und AuthIP IPsec-SchlüsselerstellungsmoduleBFE

Error: (07/01/2013 07:30:41 PM) (Source: Service Control Manager) (User: )
Description: Computerbrowser%%1060

Error: (07/01/2013 07:30:41 PM) (Source: Service Control Manager) (User: )
Description: Parallel port driver%%1058

Error: (07/01/2013 07:29:09 PM) (Source: Print) (User: NT-AUTORITÄT)
Description: Der Druckspooler konnte den Drucker hp psc 1300 series nicht unter dem Namen hp psc 1300 series freigeben. Fehler: 2114. Der Drucker kann nicht von anderen Benutzern im Netzwerk verwendet werden.

Error: (07/01/2013 07:27:57 PM) (Source: Service Control Manager) (User: )
Description: lxcf_device%%1053

Error: (07/01/2013 07:27:57 PM) (Source: Service Control Manager) (User: )
Description: 30000lxcf_device


Microsoft Office Sessions:
=========================
Error: (07/21/2013 09:49:26 PM) (Source: Application Error)(User: )
Description: winamp.exe5.5.8.29854c3b43eawinamp.exe5.5.8.29854c3b43eac00000050003fa19431c01ce86110b271600

Error: (05/20/2013 06:37:06 PM) (Source: System Restore)(User: )
Description: 0x81000101

Error: (05/20/2013 06:37:06 PM) (Source: System Restore)(User: )
Description: C:\Windows\system32\rundll32.exe /d srrstr.dll,ExecuteScheduledSPPCreationGeplanter Prüfpunkt0x81000101

Error: (03/21/2013 00:55:41 AM) (Source: Application Error)(User: )
Description: lxcfcoms.exe1.154.7.042602ef0unknown0.0.0.000000000c0000005002300c914d801ce25be06391687

Error: (02/25/2013 10:07:19 PM) (Source: Application Hang)(User: )
Description: firefox.exe18.0.2.478013b001ce0e1b3a0cd360314

Error: (02/16/2013 00:53:57 PM) (Source: MsiInstaller)(User: ***-pc)
Description: Produkt: Adobe Acrobat 6.0 Professional - English, Français, Deutsch -- Fehler 1706. Für das Produkt Adobe Acrobat 6.0 Professional - English, Français, Deutsch wurde kein Installationspaket gefunden. Wiederholen Sie die Installation und verwenden Sie dabei eine gültige Kopie des Installationspakets "AcroPro.msi".(NULL)(NULL)(NULL)(NULL)

Error: (02/06/2013 05:35:14 PM) (Source: System Restore)(User: )
Description: 0x81000101

Error: (02/06/2013 05:35:14 PM) (Source: System Restore)(User: )
Description: C:\Windows\system32\rundll32.exe /d srrstr.dll,ExecuteScheduledSPPCreationGeplanter Prüfpunkt0x81000101

Error: (02/06/2013 05:29:40 PM) (Source: VSS)(User: )
Description: \\?\Volume{cdd21cca-f371-11e0-ab69-806e6f6e6963}\00x000000000x000000000x800423140x00000000

Vorgang:
   Asynchroner Vorgang wird ausgeführt

Kontext:
   Aktueller Status: DoSnapshotSet

Error: (01/24/2013 04:44:57 PM) (Source: Perflib)(User: )
Description: PNRPsvcC:\Windows\system32\pnrpperf.dll4


==================== Memory info =========================== 

Percentage of memory in use: 57%
Total physical RAM: 2037.56 MB
Available physical RAM: 859.87 MB
Total Pagefile: 4292.69 MB
Available Pagefile: 2709.19 MB
Total Virtual: 2047.88 MB
Available Virtual: 1909.23 MB

==================== Drives ================================

Drive c: () (Fixed) (Total:102.48 GB) (Free:40.63 GB) NTFS ==>[Drive with boot components (obtained from BCD)]

==================== MBR & Partition Table ==================

========================================================
Disk: 0 (MBR Code: Windows 7 or Vista) (Size: 112 GB) (Disk ID: 64D81BAE)
Partition 1: (Not Active) - (Size=9 GB) - (Type=27)
Partition 2: (Active) - (Size=102 GB) - (Type=07 NTFS)

==================== End Of Log ============================
         
__________________

Alt 31.07.2013, 12:31   #4
markusg
/// Malware-holic
 
TubeSaver1.125 - Standard

TubeSaver1.125



Hi,
es sind 2 Logs zu erstellen, poste diese möglichst gleichzeitig.
1.
Downloade dir bitte TDSSKiller TDSSKiller.exe und speichere diese Datei auf dem Desktop
  • Starte die TDSSKiller.exe - Einstellen wie in der Anleitung zu TDSSKiller beschrieben.
  • Drücke Start Scan
  • Sollten infizierte Objekte gefunden werden, wähle keinesfalls Cure. Wähle Skip und klicke auf Continue.
    TDSSKiller wird eine Logfile auf deinem Systemlaufwerk speichern (Meistens C:\)
    Als Beispiel: C:\TDSSKiller.<Version_Datum_Uhrzeit>log.txt
Poste den Inhalt bitte in jedem Fall hier in deinen Thread.

2.
2.
Scan mit Combofix
WARNUNG an die MITLESER:
Combofix sollte ausschließlich ausgeführt werden, wenn dies von einem Teammitglied angewiesen wurde!

Downloade dir bitte Combofix vom folgenden Downloadspiegel: Link
  • WICHTIG: Speichere Combofix auf deinem Desktop.
  • Deaktiviere bitte alle deine Antivirensoftware sowie Malware/Spyware Scanner. Diese können Combofix bei der Arbeit stören. Combofix meckert auch manchmal trotzdem noch, das kannst du dann ignorieren, mir aber bitte mitteilen.
  • Starte die Combofix.exe und folge den Anweisungen auf dem Bildschirm.
  • Während Combofix läuft bitte nicht am Computer arbeiten, die Maus bewegen oder ins Combofixfenster klicken!
  • Wenn Combofix fertig ist, wird es ein Logfile erstellen.
  • Bitte poste die C:\Combofix.txt in deiner nächsten Antwort (möglichst in CODE-Tags).
Hinweis: Solltest du nach dem Neustart folgende Fehlermeldung erhalten
Es wurde versucht, einen Registrierungsschlüssel einem ungültigen Vorgang zu unterziehen, der zum Löschen markiert wurde.
starte den Rechner einfach neu. Dies sollte das Problem beheben.

__________________
-Verdächtige mails bitte an uns zur Analyse weiterleiten:
markusg.trojaner-board@web.de
Weiterleiten
Anleitung:
http://markusg.trojaner-board.de
Mails bitte vorerst nach obiger Anleitung an
markusg.trojaner-board@web.de
Weiterleiten
Wenn Ihr uns unterstützen möchtet

Alt 31.07.2013, 19:38   #5
querulant_in
 
TubeSaver1.125 - Standard

TubeSaver1.125



so. ohne zu verstehen warum u was da vorgeht...

Code:
ATTFilter
19:51:04.0452 6308  TDSS rootkit removing tool 2.8.16.0 Feb 11 2013 18:50:42
19:51:04.0753 6308  ============================================================
19:51:04.0753 6308  Current date / time: 2013/07/31 19:51:04.0753
19:51:04.0753 6308  SystemInfo:
19:51:04.0753 6308  
19:51:04.0753 6308  OS Version: 6.0.6000 ServicePack: 0.0
19:51:04.0753 6308  Product type: Workstation
19:51:04.0753 6308  ComputerName: ***-PC
19:51:04.0753 6308  UserName: ***
19:51:04.0753 6308  Windows directory: C:\Windows
19:51:04.0753 6308  System windows directory: C:\Windows
19:51:04.0753 6308  Processor architecture: Intel x86
19:51:04.0753 6308  Number of processors: 2
19:51:04.0753 6308  Page size: 0x1000
19:51:04.0753 6308  Boot type: Normal boot
19:51:04.0753 6308  ============================================================
19:51:06.0686 6308  Drive \Device\Harddisk0\DR0 - Size: 0x1BF2976000 (111.79 Gb), SectorSize: 0x200, Cylinders: 0x3901, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000050
19:51:06.0690 6308  ============================================================
19:51:06.0690 6308  \Device\Harddisk0\DR0:
19:51:06.0690 6308  MBR partitions:
19:51:06.0690 6308  \Device\Harddisk0\DR0\Partition1: MBR, Type 0x7, StartLBA 0x12A0800, BlocksNum 0xCCF3800
19:51:06.0690 6308  ============================================================
19:51:06.0771 6308  C: <-> \Device\Harddisk0\DR0\Partition1
19:51:06.0771 6308  ============================================================
19:51:06.0771 6308  Initialize success
19:51:06.0771 6308  ============================================================
19:51:15.0488 5420  ============================================================
19:51:15.0488 5420  Scan started
19:51:15.0488 5420  Mode: Manual; SigCheck; TDLFS; 
19:51:15.0488 5420  ============================================================
19:51:16.0466 5420  ================ Scan system memory ========================
19:51:16.0466 5420  System memory - ok
19:51:16.0466 5420  ================ Scan services =============================
19:51:16.0634 5420  [ 192BDBD1540645C4A2AA69F24CCE197F ] ACPI            C:\Windows\system32\drivers\acpi.sys
19:51:16.0760 5420  ACPI - ok
19:51:16.0796 5420  [ 2EDC5BBAC6C651ECE337BDE8ED97C9FB ] adp94xx         C:\Windows\system32\drivers\adp94xx.sys
19:51:16.0822 5420  adp94xx - ok
19:51:16.0853 5420  [ B84088CA3CDCA97DA44A984C6CE1CCAD ] adpahci         C:\Windows\system32\drivers\adpahci.sys
19:51:16.0871 5420  adpahci - ok
19:51:16.0908 5420  [ 7880C67BCCC27C86FD05AA2AFB5EA469 ] adpu160m        C:\Windows\system32\drivers\adpu160m.sys
19:51:16.0920 5420  adpu160m - ok
19:51:16.0981 5420  [ 9AE713F8E30EFC2ABCCD84904333DF4D ] adpu320         C:\Windows\system32\drivers\adpu320.sys
19:51:16.0996 5420  adpu320 - ok
19:51:17.0042 5420  [ 9D1FDA9E086BA64E3C93C9DE32461BCF ] AeLookupSvc     C:\Windows\System32\aelupsvc.dll
19:51:17.0131 5420  AeLookupSvc - ok
19:51:17.0154 5420  [ 5D24CAF8EFD924A875698FF28384DB8B ] AFD             C:\Windows\system32\drivers\afd.sys
19:51:17.0286 5420  AFD - ok
19:51:17.0351 5420  [ EF23439CDD587F64C2C1B8825CEAD7D8 ] agp440          C:\Windows\system32\drivers\agp440.sys
19:51:17.0361 5420  agp440 - ok
19:51:17.0390 5420  [ AE1FDF7BF7BB6C6A70F67699D880592A ] aic78xx         C:\Windows\system32\drivers\djsvs.sys
19:51:17.0403 5420  aic78xx - ok
19:51:17.0427 5420  [ E69FB0E3112C40FDC0EF7D21A52DC951 ] ALG             C:\Windows\System32\alg.exe
19:51:17.0497 5420  ALG - ok
19:51:17.0505 5420  [ 90395B64600EBB4552E26E178C94B2E4 ] aliide          C:\Windows\system32\drivers\aliide.sys
19:51:17.0515 5420  aliide - ok
19:51:17.0533 5420  [ 2B13E304C9DFDFA5EB582F6A149FA2C7 ] amdagp          C:\Windows\system32\drivers\amdagp.sys
19:51:17.0544 5420  amdagp - ok
19:51:17.0563 5420  [ 0577DF1D323FE75A739C787893D300EA ] amdide          C:\Windows\system32\drivers\amdide.sys
19:51:17.0574 5420  amdide - ok
19:51:17.0595 5420  [ DC487885BCEF9F28EECE6FAC0E5DDFC5 ] AmdK7           C:\Windows\system32\drivers\amdk7.sys
19:51:17.0675 5420  AmdK7 - ok
19:51:17.0703 5420  [ 0CA0071DA4315B00FC1328CA86B425DA ] AmdK8           C:\Windows\system32\drivers\amdk8.sys
19:51:17.0779 5420  AmdK8 - ok
19:51:17.0900 5420  [ FE9932692FC61C2203EC9884D414F700 ] AntiVirSchedulerService C:\Program Files\Avira\AntiVir Desktop\sched.exe
19:51:17.0909 5420  AntiVirSchedulerService - ok
19:51:17.0944 5420  [ B1F8B58F27971B7E316DD316687886EC ] AntiVirService  C:\Program Files\Avira\AntiVir Desktop\avguard.exe
19:51:17.0954 5420  AntiVirService - ok
19:51:17.0999 5420  [ 53DDEA96AA407C3E2BCEF68A44E31A59 ] AntiVirWebService C:\Program Files\Avira\AntiVir Desktop\AVWEBGRD.EXE
19:51:18.0048 5420  AntiVirWebService - ok
19:51:18.0116 5420  [ 7C2F57BCE81FA74933F0E1C84A97C9DB ] ApfiltrService  C:\Windows\system32\DRIVERS\Apfiltr.sys
19:51:18.0168 5420  ApfiltrService - ok
19:51:18.0239 5420  [ CFA455816879F06F1C4E5BBF9E8AEF7D ] Appinfo         C:\Windows\System32\appinfo.dll
19:51:18.0317 5420  Appinfo - ok
19:51:18.0481 5420  [ 5F673180268BB1FDB69C99B6619FE379 ] arc             C:\Windows\system32\drivers\arc.sys
19:51:18.0550 5420  arc - ok
19:51:18.0852 5420  [ 957F7540B5E7F602E44648C7DE5A1C05 ] arcsas          C:\Windows\system32\drivers\arcsas.sys
19:51:18.0864 5420  arcsas - ok
19:51:18.0903 5420  [ E86CF7CE67D5DE898F27EF884DC357D8 ] AsyncMac        C:\Windows\system32\DRIVERS\asyncmac.sys
19:51:19.0000 5420  AsyncMac - ok
19:51:19.0023 5420  [ 4F4FCB8B6EA06784FB6D475B7EC7300F ] atapi           C:\Windows\system32\drivers\atapi.sys
19:51:19.0032 5420  atapi - ok
19:51:19.0071 5420  [ B600E2C287E9FB70FFBD7CC103C10BEE ] athr            C:\Windows\system32\DRIVERS\athr.sys
19:51:19.0159 5420  athr - ok
19:51:19.0219 5420  [ E760FC1BD68F7F6F1B17EB4E8D9480B0 ] AudioEndpointBuilder C:\Windows\System32\Audiosrv.dll
19:51:19.0282 5420  AudioEndpointBuilder - ok
19:51:19.0290 5420  [ E760FC1BD68F7F6F1B17EB4E8D9480B0 ] Audiosrv        C:\Windows\System32\Audiosrv.dll
19:51:19.0350 5420  Audiosrv - ok
19:51:19.0400 5420  [ 87425709A251386064C99B684BF96F72 ] avgntflt        C:\Windows\system32\DRIVERS\avgntflt.sys
19:51:19.0431 5420  avgntflt - ok
19:51:19.0465 5420  [ D50FBA68163BC498F2C136E0E5BA8E2F ] avipbb          C:\Windows\system32\DRIVERS\avipbb.sys
19:51:19.0476 5420  avipbb - ok
19:51:19.0493 5420  [ CB8741CD7B126499FED40C9B197F6AC5 ] avkmgr          C:\Windows\system32\DRIVERS\avkmgr.sys
19:51:19.0503 5420  avkmgr - ok
19:51:19.0564 5420  [ AC3DD1708B22761EBD7CBE14DCC3B5D7 ] Beep            C:\Windows\system32\drivers\Beep.sys
19:51:19.0642 5420  Beep - ok
19:51:19.0653 5420  blbdrive - ok
19:51:19.0693 5420  [ 913CD06FBE9105CE6077E90FD4418561 ] bowser          C:\Windows\system32\DRIVERS\bowser.sys
19:51:19.0780 5420  bowser - ok
19:51:19.0814 5420  [ 9F9ACC7F7CCDE8A15C282D3F88B43309 ] BrFiltLo        C:\Windows\system32\drivers\brfiltlo.sys
19:51:19.0895 5420  BrFiltLo - ok
19:51:19.0921 5420  [ 56801AD62213A41F6497F96DEE83755A ] BrFiltUp        C:\Windows\system32\drivers\brfiltup.sys
19:51:19.0977 5420  BrFiltUp - ok
19:51:20.0013 5420  [ BEB6470532B7461D7BB426E3FACB424F ] Browser         C:\Windows\System32\browser.dll
19:51:20.0094 5420  Browser - ok
19:51:20.0182 5420  [ B304E75CFF293029EDDF094246747113 ] Brserid         C:\Windows\system32\drivers\brserid.sys
19:51:20.0240 5420  Brserid - ok
19:51:20.0274 5420  [ 203F0B1E73ADADBBB7B7B1FABD901F6B ] BrSerWdm        C:\Windows\system32\drivers\brserwdm.sys
19:51:20.0354 5420  BrSerWdm - ok
19:51:20.0377 5420  [ BD456606156BA17E60A04E18016AE54B ] BrUsbMdm        C:\Windows\system32\drivers\brusbmdm.sys
19:51:20.0460 5420  BrUsbMdm - ok
19:51:20.0491 5420  [ AF72ED54503F717A43268B3CC5FAEC2E ] BrUsbSer        C:\Windows\system32\drivers\brusbser.sys
19:51:20.0572 5420  BrUsbSer - ok
19:51:20.0600 5420  [ AD07C1EC6665B8B35741AB91200C6B68 ] BTHMODEM        C:\Windows\system32\drivers\bthmodem.sys
19:51:20.0671 5420  BTHMODEM - ok
19:51:20.0779 5420  [ E7AAB1A32AC2EEA4C4B735B8D034C802 ] ccEvtMgr        C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
19:51:20.0789 5420  ccEvtMgr - ok
19:51:20.0794 5420  [ E7AAB1A32AC2EEA4C4B735B8D034C802 ] ccSetMgr        C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
19:51:20.0803 5420  ccSetMgr - ok
19:51:20.0828 5420  [ 6C3A437FC873C6F6A4FC620B6888CB86 ] cdfs            C:\Windows\system32\DRIVERS\cdfs.sys
19:51:20.0903 5420  cdfs - ok
19:51:20.0955 5420  [ 8D1866E61AF096AE8B582454F5E4D303 ] cdrom           C:\Windows\system32\DRIVERS\cdrom.sys
19:51:21.0012 5420  cdrom - ok
19:51:21.0039 5420  [ 0600E04315FE543802A379D5D23C8BE0 ] CertPropSvc     C:\Windows\System32\certprop.dll
19:51:21.0114 5420  CertPropSvc - ok
19:51:21.0146 5420  [ DA8E0AFC7BAA226C538EF53AC2F90897 ] circlass        C:\Windows\system32\drivers\circlass.sys
19:51:21.0202 5420  circlass - ok
19:51:21.0223 5420  [ 51B4B82560E49C415AE5B1337D635C3F ] CLFS            C:\Windows\system32\CLFS.sys
19:51:21.0240 5420  CLFS - ok
19:51:21.0317 5420  [ D3BF342F47996E18490970FCFB8126A8 ] clr_optimization_v2.0.50727_32 C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe
19:51:21.0348 5420  clr_optimization_v2.0.50727_32 - ok
19:51:21.0379 5420  [ E7AAB1A32AC2EEA4C4B735B8D034C802 ] CLTNetCnService C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
19:51:21.0388 5420  CLTNetCnService - ok
19:51:21.0412 5420  [ 0FED59EDB4A83FF17F1778827B88AB1A ] CmBatt          C:\Windows\system32\DRIVERS\CmBatt.sys
19:51:21.0492 5420  CmBatt - ok
19:51:21.0532 5420  [ 45201046C776FFDAF3FC8A0029C581C8 ] cmdide          C:\Windows\system32\drivers\cmdide.sys
19:51:21.0542 5420  cmdide - ok
19:51:21.0604 5420  [ 7CE352882828C12DD7632B172253A02C ] comHost         C:\Program Files\Common Files\Symantec Shared\VAScanner\comHost.exe
19:51:21.0613 5420  comHost - ok
19:51:21.0639 5420  [ 82B8C91D327CFECF76CB58716F7D4997 ] Compbatt        C:\Windows\system32\DRIVERS\compbatt.sys
19:51:21.0649 5420  Compbatt - ok
19:51:21.0655 5420  COMSysApp - ok
19:51:21.0662 5420  [ 2A213AE086BBEC5E937553C7D9A2B22C ] crcdisk         C:\Windows\system32\drivers\crcdisk.sys
19:51:21.0672 5420  crcdisk - ok
19:51:21.0685 5420  [ 22A7F883508176489F559EE745B5BF5D ] Crusoe          C:\Windows\system32\drivers\crusoe.sys
19:51:21.0764 5420  Crusoe - ok
19:51:21.0813 5420  [ 1C26FB097170A2A91066D1E3A24366E3 ] CryptSvc        C:\Windows\system32\cryptsvc.dll
19:51:21.0872 5420  CryptSvc - ok
19:51:21.0930 5420  [ B46D8EA6DD30BAA49F674DACDC4C491F ] DcomLaunch      C:\Windows\system32\rpcss.dll
19:51:22.0045 5420  DcomLaunch - ok
19:51:22.0077 5420  [ A7179DE59AE269AB70345527894CCD7C ] DfsC            C:\Windows\system32\Drivers\dfsc.sys
19:51:22.0132 5420  DfsC - ok
19:51:22.0281 5420  [ E0D584AA76C7D845BA9F3A788260528F ] DFSR            C:\Windows\system32\DFSR.exe
19:51:22.0384 5420  DFSR - ok
19:51:22.0443 5420  [ 17210D8064EC116A3FC6B5E45E577D43 ] Dhcp            C:\Windows\System32\dhcpcsvc.dll
19:51:22.0572 5420  Dhcp - ok
19:51:22.0645 5420  [ 4F26BB00747D41E7C0FE8EBB2900F862 ] DirMngr         C:\Program Files\GNUzwei\GnuPG\dirmngr.exe
19:51:22.0672 5420  DirMngr ( UnsignedFile.Multi.Generic ) - warning
19:51:22.0672 5420  DirMngr - detected UnsignedFile.Multi.Generic (1)
19:51:22.0725 5420  [ 841AF4C4D41D3E3B2F244E976B0F7963 ] disk            C:\Windows\system32\drivers\disk.sys
19:51:22.0737 5420  disk - ok
19:51:22.0859 5420  [ F206E28ED74C491FD5D7C0A1119CE37F ] DMICall         C:\Windows\system32\DRIVERS\DMICall.sys
19:51:22.0870 5420  DMICall - ok
19:51:22.0918 5420  [ 7EF78529439683570884F9308A02EC11 ] Dnscache        C:\Windows\System32\dnsrslvr.dll
19:51:23.0042 5420  Dnscache - ok
19:51:23.0146 5420  [ 1F795D214820E496BF1124434A6DB546 ] dot3svc         C:\Windows\System32\dot3svc.dll
19:51:23.0240 5420  dot3svc - ok
19:51:23.0276 5420  [ 8EF243E3BAF1AB4F6202EDEB8890319B ] DPS             C:\Windows\system32\dps.dll
19:51:23.0361 5420  DPS - ok
19:51:23.0404 5420  [ EE472CD2C01F6F8E8AA1FA06FFEF61B6 ] drmkaud         C:\Windows\system32\drivers\drmkaud.sys
19:51:23.0490 5420  drmkaud - ok
19:51:23.0621 5420  [ F032A2F91287A0B800891C7BEF9CA7A8 ] DXGKrnl         C:\Windows\System32\drivers\dxgkrnl.sys
19:51:23.0697 5420  DXGKrnl - ok
19:51:23.0918 5420  [ F88FB26547FD2CE6D0A5AF2985892C48 ] E1G60           C:\Windows\system32\DRIVERS\E1G60I32.sys
19:51:24.0026 5420  E1G60 - ok
19:51:24.0174 5420  [ 90A0A875642E18618010645311B4E89E ] EapHost         C:\Windows\System32\eapsvc.dll
19:51:24.0290 5420  EapHost - ok
19:51:24.0333 5420  [ 0EFC7531B936EE57FDB4E837664C509F ] Ecache          C:\Windows\system32\drivers\ecache.sys
19:51:24.0345 5420  Ecache - ok
19:51:24.0407 5420  [ B4580122B0A7B263B6EE9ACBA69C8013 ] ehRecvr         C:\Windows\ehome\ehRecvr.exe
19:51:24.0446 5420  ehRecvr - ok
19:51:24.0471 5420  [ AD1870C8E5D6DD340C829E6074BF3C3F ] ehSched         C:\Windows\ehome\ehsched.exe
19:51:24.0505 5420  ehSched - ok
19:51:24.0544 5420  [ C27C4EE8926E74AA72EFCAB24C5242C3 ] ehstart         C:\Windows\ehome\ehstart.dll
19:51:24.0591 5420  ehstart - ok
19:51:24.0636 5420  [ E8F3F21A71720C84BCF423B80028359F ] elxstor         C:\Windows\system32\drivers\elxstor.sys
19:51:24.0655 5420  elxstor - ok
19:51:24.0705 5420  [ 3226FDA08988526E819E364E8CCE4CEE ] EMDMgmt         C:\Windows\system32\emdmgmt.dll
19:51:24.0835 5420  EMDMgmt - ok
19:51:24.0917 5420  [ DFB250BAC1A9108ABD777EA181E32015 ] EventSystem     C:\Windows\system32\es.dll
19:51:25.0056 5420  EventSystem - ok
19:51:25.0100 5420  [ 84A317CB0B3954D3768CDCD018DBF670 ] fastfat         C:\Windows\system32\drivers\fastfat.sys
19:51:25.0158 5420  fastfat - ok
19:51:25.0177 5420  [ 63BDADA84951B9C03E641800E176898A ] fdc             C:\Windows\system32\DRIVERS\fdc.sys
19:51:25.0259 5420  fdc - ok
19:51:25.0298 5420  [ E43BCE1A77D6FD4ED5F8E0482B9E7DF1 ] fdPHost         C:\Windows\system32\fdPHost.dll
19:51:25.0382 5420  fdPHost - ok
19:51:25.0427 5420  [ 89ED56DCE8E47AF40892778A5BD31FD2 ] FDResPub        C:\Windows\system32\fdrespub.dll
19:51:25.0500 5420  FDResPub - ok
19:51:25.0545 5420  [ 65773D6115C037FFD7EF8280AE85EB9D ] FileInfo        C:\Windows\system32\drivers\fileinfo.sys
19:51:25.0556 5420  FileInfo - ok
19:51:25.0572 5420  [ C226DD0DE060745F3E042F58DCF78402 ] Filetrace       C:\Windows\system32\drivers\filetrace.sys
19:51:25.0665 5420  Filetrace - ok
19:51:25.0704 5420  [ 6603957EFF5EC62D25075EA8AC27DE68 ] flpydisk        C:\Windows\system32\DRIVERS\flpydisk.sys
19:51:25.0759 5420  flpydisk - ok
19:51:25.0779 5420  [ A6A8DA7AE4D53394AB22AC3AB6D3F5D3 ] FltMgr          C:\Windows\system32\drivers\fltmgr.sys
19:51:25.0794 5420  FltMgr - ok
19:51:25.0873 5420  [ 7EF57375636991F794BF40B522A8E7EF ] FontCache3.0.0.0 C:\Windows\Microsoft.Net\Framework\v3.0\WPF\PresentationFontCache.exe
19:51:25.0924 5420  FontCache3.0.0.0 - ok
19:51:25.0949 5420  [ 1ED8599E1E08BA40F2B7301F0B83583A ] Fs_Rec          C:\Windows\system32\drivers\Fs_Rec.sys
19:51:26.0025 5420  Fs_Rec - ok
19:51:26.0059 5420  [ 4E1CD0A45C50A8882616CAE5BF82F3C5 ] gagp30kx        C:\Windows\system32\drivers\gagp30kx.sys
19:51:26.0069 5420  gagp30kx - ok
19:51:26.0105 5420  [ BCF6589C42D8F6A20F33EF133FFE0524 ] gpsvc           C:\Windows\System32\gpsvc.dll
19:51:26.0162 5420  gpsvc - ok
19:51:26.0292 5420  [ F02A533F517EB38333CB12A9E8963773 ] gupdate         C:\Program Files\Google\Update\GoogleUpdate.exe
19:51:26.0303 5420  gupdate - ok
19:51:26.0310 5420  [ F02A533F517EB38333CB12A9E8963773 ] gupdatem        C:\Program Files\Google\Update\GoogleUpdate.exe
19:51:26.0319 5420  gupdatem - ok
19:51:26.0396 5420  [ CB04C744BE0A61B1D648FAED182C3B59 ] HdAudAddService C:\Windows\system32\drivers\HdAudio.sys
19:51:26.0457 5420  HdAudAddService - ok
19:51:26.0479 5420  [ FFB271303BA3C59D9C97B7AF1175DE95 ] HDAudBus        C:\Windows\system32\DRIVERS\HDAudBus.sys
19:51:26.0532 5420  HDAudBus - ok
19:51:26.0555 5420  [ 1338520E78D90154ED6BE8F84DE5FCEB ] HidBth          C:\Windows\system32\drivers\hidbth.sys
19:51:26.0634 5420  HidBth - ok
19:51:26.0662 5420  [ FF3160C3A2445128C5A6D9B076DA519E ] HidIr           C:\Windows\system32\drivers\hidir.sys
19:51:26.0745 5420  HidIr - ok
19:51:26.0789 5420  [ 8FA640195279ACE21BEA91396A0054FC ] hidserv         C:\Windows\system32\hidserv.dll
19:51:26.0870 5420  hidserv - ok
19:51:26.0909 5420  [ 3C64042B95E583B366BA4E5D2450235E ] HidUsb          C:\Windows\system32\DRIVERS\hidusb.sys
19:51:26.0985 5420  HidUsb - ok
19:51:27.0026 5420  [ D40AA05E29BF6ED29B139F044B461E9B ] hkmsvc          C:\Windows\system32\kmsvc.dll
19:51:27.0082 5420  hkmsvc - ok
19:51:27.0096 5420  [ DF353B401001246853763C4B7AAA6F50 ] HpCISSs         C:\Windows\system32\drivers\hpcisss.sys
19:51:27.0107 5420  HpCISSs - ok
19:51:27.0182 5420  [ 53229DCF431D76434816CD29251168A0 ] HSF_DPV         C:\Windows\system32\DRIVERS\HSX_DPV.sys
19:51:27.0255 5420  HSF_DPV - ok
19:51:27.0293 5420  [ 31F949D452201F2F0AF0C88D7DB512CD ] HSXHWAZL        C:\Windows\system32\DRIVERS\HSXHWAZL.sys
19:51:27.0336 5420  HSXHWAZL - ok
19:51:27.0372 5420  [ F31D27CCF514549A17E79BEBE01B40B6 ] HTTP            C:\Windows\system32\drivers\HTTP.sys
19:51:27.0440 5420  HTTP - ok
19:51:27.0494 5420  [ 324C2152FF2C61ABAE92D09F3CCA4D63 ] i2omp           C:\Windows\system32\drivers\i2omp.sys
19:51:27.0504 5420  i2omp - ok
19:51:27.0545 5420  [ 1060F1377F395A242E27719440ECE602 ] i8042prt        C:\Windows\system32\DRIVERS\i8042prt.sys
19:51:27.0626 5420  i8042prt - ok
19:51:27.0666 5420  [ C957BF4B5D80B46C5017BF0101E6C906 ] iaStorV         C:\Windows\system32\drivers\iastorv.sys
19:51:27.0683 5420  iaStorV - ok
19:51:27.0746 5420  [ DAF66902F08796F9C694901660E5A64A ] IDriverT        C:\Program Files\Common Files\InstallShield\Driver\1150\Intel 32\IDriverT.exe
19:51:27.0772 5420  IDriverT ( UnsignedFile.Multi.Generic ) - warning
19:51:27.0772 5420  IDriverT - detected UnsignedFile.Multi.Generic (1)
19:51:27.0885 5420  [ 6D1D3CAB85BA0C63CB83296A8A1825F9 ] idsvc           C:\Windows\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\infocard.exe
19:51:27.0923 5420  idsvc - ok
19:51:28.0073 5420  [ 78432A57D085328CF8BAF125985425D2 ] IDSvix86        C:\PROGRA~2\Symantec\DEFINI~1\SymcData\idsdefs\20061025.029\IDSvix86.sys
19:51:28.0087 5420  IDSvix86 - ok
19:51:28.0198 5420  [ A4FBA5B34E69E46315A7C5223A470A17 ] igfx            C:\Windows\system32\DRIVERS\igdkmd32.sys
19:51:28.0290 5420  igfx - ok
19:51:28.0338 5420  [ 2D077BF86E843F901D8DB709C95B49A5 ] iirsp           C:\Windows\system32\drivers\iirsp.sys
19:51:28.0348 5420  iirsp - ok
19:51:28.0396 5420  [ 35662FE4D8622F667AA5A5568F7F1B40 ] IKEEXT          C:\Windows\System32\ikeext.dll
19:51:28.0462 5420  IKEEXT - ok
19:51:28.0620 5420  [ C61B3B87F3856CEF0C9F204028C6860D ] IntcAzAudAddService C:\Windows\system32\drivers\RTKVHDA.sys
19:51:28.0750 5420  IntcAzAudAddService - ok
19:51:28.0803 5420  [ 97469037714070E45194ED318D636401 ] intelide        C:\Windows\system32\drivers\intelide.sys
19:51:28.0813 5420  intelide - ok
19:51:28.0856 5420  [ CE44CC04262F28216DD4341E9E36A16F ] intelppm        C:\Windows\system32\DRIVERS\intelppm.sys
19:51:28.0934 5420  intelppm - ok
19:51:29.0006 5420  [ 88CF5281ED9880D74DC9011CF8B5262D ] IPBusEnum       C:\Windows\system32\ipbusenum.dll
19:51:29.0066 5420  IPBusEnum - ok
19:51:29.0092 5420  [ 880C6F86CC3F551B8FEA2C11141268C0 ] IpFilterDriver  C:\Windows\system32\DRIVERS\ipfltdrv.sys
19:51:29.0148 5420  IpFilterDriver - ok
19:51:29.0154 5420  IpInIp - ok
19:51:29.0166 5420  [ 40F34F8ABA2A015D780E4B09138B6C17 ] IPMIDRV         C:\Windows\system32\drivers\ipmidrv.sys
19:51:29.0252 5420  IPMIDRV - ok
19:51:29.0387 5420  [ 10077C35845101548037DF04FD1A420B ] IPNAT           C:\Windows\system32\DRIVERS\ipnat.sys
19:51:29.0566 5420  IPNAT - ok
19:51:29.0638 5420  [ A82F328F4792304184642D6D397BB1E3 ] IRENUM          C:\Windows\system32\drivers\irenum.sys
19:51:29.0759 5420  IRENUM - ok
19:51:29.0795 5420  [ 350FCA7E73CF65BCEF43FAE1E4E91293 ] isapnp          C:\Windows\system32\drivers\isapnp.sys
19:51:29.0805 5420  isapnp - ok
19:51:29.0839 5420  [ 4DCA456D4D5723F8FA9C6760D240B0DF ] iScsiPrt        C:\Windows\system32\DRIVERS\msiscsi.sys
19:51:29.0851 5420  iScsiPrt - ok
19:51:29.0907 5420  [ 36474FDE02F8422B8B1A52EAD9894DBC ] ISPwdSvc        C:\Program Files\Norton Internet Security\isPwdSvc.exe
19:51:29.0916 5420  ISPwdSvc - ok
19:51:29.0939 5420  [ BCED60D16156E428F8DF8CF27B0DF150 ] iteatapi        C:\Windows\system32\drivers\iteatapi.sys
19:51:29.0949 5420  iteatapi - ok
19:51:29.0989 5420  [ 06FA654504A498C30ADCA8BEC4E87E7E ] iteraid         C:\Windows\system32\drivers\iteraid.sys
19:51:29.0999 5420  iteraid - ok
19:51:30.0016 5420  [ 1A48765F92BA1A88445FC25C9C9D94FC ] kbdclass        C:\Windows\system32\DRIVERS\kbdclass.sys
19:51:30.0027 5420  kbdclass - ok
19:51:30.0039 5420  [ D2600CB17B7408B4A83F231DC9A11AC3 ] kbdhid          C:\Windows\system32\drivers\kbdhid.sys
19:51:30.0100 5420  kbdhid - ok
19:51:30.0136 5420  [ 6A0E382E74280E4CC0DF17FE2661D003 ] KeyIso          C:\Windows\system32\lsass.exe
19:51:30.0184 5420  KeyIso - ok
19:51:30.0233 5420  [ 11D0BC1F2AFD8ABBB5A3DC47A042DE54 ] KSecDD          C:\Windows\system32\Drivers\ksecdd.sys
19:51:30.0271 5420  KSecDD - ok
19:51:30.0335 5420  [ 45C537FE5DDE9A0146AEFF76E615737D ] KtmRm           C:\Windows\system32\msdtckrm.dll
19:51:30.0440 5420  KtmRm - ok
19:51:30.0485 5420  [ 53D1482FC1AA36AC015A85E6CF2146BD ] LanmanServer    C:\Windows\system32\srvsvc.dll
19:51:30.0563 5420  LanmanServer - ok
19:51:30.0613 5420  [ A6A0DFF37BC17ECD6705FBDB90EECD92 ] LanmanWorkstation C:\Windows\System32\wkssvc.dll
19:51:30.0693 5420  LanmanWorkstation - ok
19:51:30.0721 5420  [ FD015B4F95DAA2B712F0E372A116FBAD ] lltdio          C:\Windows\system32\DRIVERS\lltdio.sys
19:51:30.0838 5420  lltdio - ok
19:51:30.0899 5420  [ 7450DBCF754391DD6363FFFD5EF0E789 ] lltdsvc         C:\Windows\System32\lltdsvc.dll
19:51:31.0000 5420  lltdsvc - ok
19:51:31.0033 5420  [ 35D40113E4A5B961B6CE5C5857702518 ] lmhosts         C:\Windows\System32\lmhsvc.dll
19:51:31.0145 5420  lmhosts - ok
19:51:31.0204 5420  [ A2262FB9F28935E862B4DB46438C80D2 ] LSI_FC          C:\Windows\system32\drivers\lsi_fc.sys
19:51:31.0226 5420  LSI_FC - ok
19:51:31.0250 5420  [ 30D73327D390F72A62F32C103DAF1D6D ] LSI_SAS         C:\Windows\system32\drivers\lsi_sas.sys
19:51:31.0265 5420  LSI_SAS - ok
19:51:31.0297 5420  [ E1E36FEFD45849A95F1AB81DE0159FE3 ] LSI_SCSI        C:\Windows\system32\drivers\lsi_scsi.sys
19:51:31.0312 5420  LSI_SCSI - ok
19:51:31.0337 5420  [ 42885BB44B6E065B8575A8DD6C430C52 ] luafv           C:\Windows\system32\drivers\luafv.sys
19:51:31.0422 5420  luafv - ok
19:51:31.0557 5420  [ 8113133EC42DD6C566908008CE913EDD ] LVcKap          C:\Windows\system32\DRIVERS\LVcKap.sys
19:51:31.0654 5420  LVcKap - ok
19:51:31.0778 5420  [ 9E41266C68C11D7101A2D18CD1F7553E ] LVCOMSer        C:\Program Files\Common Files\LogiShrd\LVCOMSER\LVComSer.exe
19:51:31.0789 5420  LVCOMSer - ok
19:51:31.0884 5420  [ 0DD5B8AF4917A2821047450195C511B3 ] LVMVDrv         C:\Windows\system32\DRIVERS\LVMVDrv.sys
19:51:32.0027 5420  LVMVDrv - ok
19:51:32.0086 5420  [ 406B1D186F75B4B4832D6237859E1B00 ] LVPr2Mon        C:\Windows\system32\DRIVERS\LVPr2Mon.sys
19:51:32.0098 5420  LVPr2Mon - ok
19:51:32.0150 5420  [ 85C2E84BC1224C75A20B5560D5A15DB9 ] LVPrcSrv        C:\Program Files\Common Files\LogiShrd\LVMVFM\LVPrcSrv.exe
19:51:32.0165 5420  LVPrcSrv - ok
19:51:32.0183 5420  [ 656180E9C0C5199520972426C44BC2F0 ] LVSrvLauncher   C:\Program Files\Common Files\LogiShrd\SrvLnch\SrvLnch.exe
19:51:32.0196 5420  LVSrvLauncher - ok
19:51:32.0218 5420  lxcf_device - ok
19:51:32.0262 5420  [ 0DB7527DB188C7D967A37BB51BBF3963 ] MBAMSwissArmy   C:\Windows\system32\drivers\mbamswissarmy.sys
19:51:32.0274 5420  MBAMSwissArmy - ok
19:51:32.0301 5420  [ E93C1AD58E88A0846EAEE10671C2A8F3 ] Mcx2Svc         C:\Windows\system32\Mcx2Svc.dll
19:51:32.0343 5420  Mcx2Svc - ok
19:51:32.0380 5420  [ 0CEA2D0D3FA284B85ED5B68365114F76 ] mdmxsdk         C:\Windows\system32\DRIVERS\mdmxsdk.sys
19:51:32.0432 5420  mdmxsdk - ok
19:51:32.0492 5420  [ D153B14FC6598EAE8422A2037553ADCE ] megasas         C:\Windows\system32\drivers\megasas.sys
19:51:32.0501 5420  megasas - ok
19:51:32.0527 5420  [ 9DFA3A459AF0954AA85B4F7622AD87BB ] MMCSS           C:\Windows\system32\mmcss.dll
19:51:32.0612 5420  MMCSS - ok
19:51:32.0642 5420  [ 21755967298A46FB6ADFEC9DB6012211 ] Modem           C:\Windows\system32\drivers\modem.sys
19:51:32.0698 5420  Modem - ok
19:51:32.0724 5420  [ EC839BA91E45CCE6EADAFC418FFF8206 ] monitor         C:\Windows\system32\DRIVERS\monitor.sys
19:51:32.0780 5420  monitor - ok
19:51:32.0790 5420  [ 3C9469DFB3440555DAB070716D768B1E ] mouclass        C:\Windows\system32\DRIVERS\mouclass.sys
19:51:32.0800 5420  mouclass - ok
19:51:32.0813 5420  [ A3A6DFF7E9E757DB3DF51A833BC28885 ] mouhid          C:\Windows\system32\DRIVERS\mouhid.sys
19:51:32.0887 5420  mouhid - ok
19:51:32.0914 5420  [ 01F1E5A3E4877C931CBB31613FEC16A6 ] MountMgr        C:\Windows\system32\drivers\mountmgr.sys
19:51:32.0924 5420  MountMgr - ok
19:51:33.0005 5420  [ 528A5C2570F468155A1B3CF0A2FF5EBD ] MozillaMaintenance C:\Program Files\Mozilla Maintenance Service\maintenanceservice.exe
19:51:33.0019 5420  MozillaMaintenance - ok
19:51:33.0046 5420  [ 583A41F26278D9E0EA548163D6139397 ] mpio            C:\Windows\system32\drivers\mpio.sys
19:51:33.0056 5420  mpio - ok
19:51:33.0081 5420  [ 8D326E8B321685D4784AFA1C55169D73 ] mpsdrv          C:\Windows\system32\drivers\mpsdrv.sys
19:51:33.0139 5420  mpsdrv - ok
19:51:33.0151 5420  [ 4FBBB70D30FD20EC51F80061703B001E ] Mraid35x        C:\Windows\system32\drivers\mraid35x.sys
19:51:33.0161 5420  Mraid35x - ok
19:51:33.0181 5420  [ 93224014A418B72356462B8F7DE6E8C9 ] MRxDAV          C:\Windows\system32\drivers\mrxdav.sys
19:51:33.0216 5420  MRxDAV - ok
19:51:33.0248 5420  [ FCA7563D87F71C6DB0182CA67CC19AA7 ] mrxsmb          C:\Windows\system32\DRIVERS\mrxsmb.sys
19:51:33.0307 5420  mrxsmb - ok
19:51:33.0317 5420  [ 58A9AB5754FA4CABEDE7401283B5A771 ] mrxsmb10        C:\Windows\system32\DRIVERS\mrxsmb10.sys
19:51:33.0397 5420  mrxsmb10 - ok
19:51:33.0428 5420  [ 79B09504E4A790104683722CD04F76B4 ] mrxsmb20        C:\Windows\system32\DRIVERS\mrxsmb20.sys
19:51:33.0484 5420  mrxsmb20 - ok
19:51:33.0516 5420  [ 742AED7939E734C36B7E8D6228CE26B7 ] msahci          C:\Windows\system32\drivers\msahci.sys
19:51:33.0527 5420  msahci - ok
19:51:33.0618 5420  [ 8E46A7BAC823DD82D4FB2A34C3DF4C1D ] MSCSPTISRV      C:\Program Files\Common Files\Sony Shared\AvLib\MSCSPTISRV.exe
19:51:33.0624 5420  MSCSPTISRV ( UnsignedFile.Multi.Generic ) - warning
19:51:33.0624 5420  MSCSPTISRV - detected UnsignedFile.Multi.Generic (1)
19:51:33.0662 5420  [ 3FC82A2AE4CC149165A94699183D3028 ] msdsm           C:\Windows\system32\drivers\msdsm.sys
19:51:33.0672 5420  msdsm - ok
19:51:33.0718 5420  [ BC64A92D821EFEA8BAB8E8CAF1B668BC ] MSDTC           C:\Windows\System32\msdtc.exe
19:51:33.0759 5420  MSDTC - ok
19:51:33.0791 5420  [ 729EAFEFD4E7417165F353A18DBE947D ] Msfs            C:\Windows\system32\drivers\Msfs.sys
19:51:33.0847 5420  Msfs - ok
19:51:33.0890 5420  [ 5F454A16A5146CD91A176D70F0CFA3EC ] msisadrv        C:\Windows\system32\drivers\msisadrv.sys
19:51:33.0900 5420  msisadrv - ok
19:51:33.0956 5420  [ 8ACF956D9154E893E789881430C12632 ] MSiSCSI         C:\Windows\system32\iscsiexe.dll
19:51:34.0034 5420  MSiSCSI - ok
19:51:34.0039 5420  msiserver - ok
19:51:34.0067 5420  [ 892CEDEFA7E0FFE7BE8DA651B651D047 ] MSKSSRV         C:\Windows\system32\drivers\MSKSSRV.sys
19:51:34.0123 5420  MSKSSRV - ok
19:51:34.0145 5420  [ AE2CB1DA69B2676B4CEE2A501AF5871C ] MSPCLOCK        C:\Windows\system32\drivers\MSPCLOCK.sys
19:51:34.0221 5420  MSPCLOCK - ok
19:51:34.0248 5420  [ F910DA84FA90C44A3ADDB7CD874463FD ] MSPQM           C:\Windows\system32\drivers\MSPQM.sys
19:51:34.0325 5420  MSPQM - ok
19:51:34.0356 5420  [ 84571C0AE07647BA38D493F5F0015DF7 ] MsRPC           C:\Windows\system32\drivers\MsRPC.sys
19:51:34.0371 5420  MsRPC - ok
19:51:34.0393 5420  [ 4385C80EDE885E25492D408CAD91BD6F ] mssmbios        C:\Windows\system32\DRIVERS\mssmbios.sys
19:51:34.0402 5420  mssmbios - ok
19:51:34.0466 5420  MSSQL$VAIO_VEDB - ok
19:51:34.0527 5420  [ ADAF062116B4E6D96E44D26486A87AF6 ] MSSQLServerADHelper C:\Program Files\Microsoft SQL Server\90\Shared\sqladhlp90.exe
19:51:34.0539 5420  MSSQLServerADHelper - ok
19:51:34.0596 5420  [ C826DD1373F38AFD9CA46EC3C436A14E ] MSTEE           C:\Windows\system32\drivers\MSTEE.sys
19:51:34.0710 5420  MSTEE - ok
19:51:34.0857 5420  [ FA7AA70050CF5E2D15DE00941E5665E5 ] Mup             C:\Windows\system32\Drivers\mup.sys
19:51:34.0868 5420  Mup - ok
19:51:34.0979 5420  [ 1CDBB5D002FE2BC5300AA20550D8A52E ] napagent        C:\Windows\system32\qagentRT.dll
19:51:35.0071 5420  napagent - ok
19:51:35.0147 5420  [ 497DE786240303EE67AB01F5690C24C2 ] NativeWifiP     C:\Windows\system32\DRIVERS\nwifi.sys
19:51:35.0166 5420  NativeWifiP - ok
19:51:35.0203 5420  [ 227C11E1E7CF6EF8AFB2A238D209760C ] NDIS            C:\Windows\system32\drivers\ndis.sys
19:51:35.0232 5420  NDIS - ok
19:51:35.0247 5420  [ 7584F1794B23B83D63CC124A8C56D103 ] NdisTapi        C:\Windows\system32\DRIVERS\ndistapi.sys
19:51:35.0304 5420  NdisTapi - ok
19:51:35.0330 5420  [ 5DE5EE546BF40838EBE0E01CB629DF64 ] Ndisuio         C:\Windows\system32\DRIVERS\ndisuio.sys
19:51:35.0385 5420  Ndisuio - ok
19:51:35.0404 5420  [ 397402ADCBB8946223A1950101F6CD94 ] NdisWan         C:\Windows\system32\DRIVERS\ndiswan.sys
19:51:35.0484 5420  NdisWan - ok
19:51:35.0507 5420  [ 874C12E3AD1431CABC854697D302C563 ] NDProxy         C:\Windows\system32\drivers\NDProxy.sys
19:51:35.0586 5420  NDProxy - ok
19:51:35.0613 5420  [ 356DBB9F98E8DC1028DD3092FCEEB877 ] NetBIOS         C:\Windows\system32\DRIVERS\netbios.sys
19:51:35.0695 5420  NetBIOS - ok
19:51:35.0730 5420  [ E3A168912E7EEFC3BD3B814720D68B41 ] netbt           C:\Windows\system32\DRIVERS\netbt.sys
19:51:35.0790 5420  netbt - ok
19:51:35.0803 5420  [ 6A0E382E74280E4CC0DF17FE2661D003 ] Netlogon        C:\Windows\system32\lsass.exe
19:51:35.0816 5420  Netlogon - ok
19:51:35.0850 5420  [ 90A4DAE28B94497F83BEA0F2A3B77092 ] Netman          C:\Windows\System32\netman.dll
19:51:35.0936 5420  Netman - ok
19:51:35.0967 5420  [ 7C5C3D9CEEE838856B828AB6F98A2857 ] netprofm        C:\Windows\System32\netprofm.dll
19:51:36.0048 5420  netprofm - ok
19:51:36.0100 5420  [ B418382DE04FF58567AA07A2B66B2332 ] NetTcpPortSharing C:\Windows\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\SMSvcHost.exe
19:51:36.0115 5420  NetTcpPortSharing - ok
19:51:36.0221 5420  [ ACC6170D80C69E50145B370023B64ED3 ] NETw3v32        C:\Windows\system32\DRIVERS\NETw3v32.sys
19:51:36.0329 5420  NETw3v32 - ok
19:51:36.0372 5420  [ 2E7FB731D4790A1BC6270ACCEFACB36E ] nfrd960         C:\Windows\system32\drivers\nfrd960.sys
19:51:36.0381 5420  nfrd960 - ok
19:51:36.0456 5420  [ C424117A562F2DE37A42266894C79AEB ] NlaSvc          C:\Windows\System32\nlasvc.dll
19:51:36.0541 5420  NlaSvc - ok
19:51:36.0595 5420  [ F6C40E0A565EE3CE5AEEB325E10054F2 ] nmwcd           C:\Windows\system32\drivers\ccdcmb.sys
19:51:36.0661 5420  nmwcd - ok
19:51:36.0683 5420  [ 2A394E9E1FA3565E4B2FEA470FFE4D6B ] nmwcdc          C:\Windows\system32\drivers\ccdcmbo.sys
19:51:36.0739 5420  nmwcdc - ok
19:51:36.0771 5420  [ 4F9832BEB9FAFD8CEB0E541F1323B26E ] Npfs            C:\Windows\system32\drivers\Npfs.sys
19:51:36.0827 5420  Npfs - ok
19:51:36.0860 5420  [ 23B8201A363DE0E649FC75EE9874DEE2 ] nsi             C:\Windows\system32\nsisvc.dll
19:51:36.0923 5420  nsi - ok
19:51:36.0942 5420  [ B488DFEC274DE1FC9D653870EF2587BE ] nsiproxy        C:\Windows\system32\drivers\nsiproxy.sys
19:51:37.0035 5420  nsiproxy - ok
19:51:37.0164 5420  [ 3F379380A4A2637F559444E338CF1B51 ] Ntfs            C:\Windows\system32\drivers\Ntfs.sys
19:51:37.0274 5420  Ntfs - ok
19:51:37.0356 5420  [ E875C093AEC0C978A90F30C9E0DFBB72 ] ntrigdigi       C:\Windows\system32\drivers\ntrigdigi.sys
19:51:37.0412 5420  ntrigdigi - ok
19:51:37.0430 5420  [ EC5EFB3C60F1B624648344A328BCE596 ] Null            C:\Windows\system32\drivers\Null.sys
19:51:37.0504 5420  Null - ok
19:51:37.0529 5420  [ E69E946F80C1C31C53003BFBF50CBB7C ] nvraid          C:\Windows\system32\drivers\nvraid.sys
19:51:37.0540 5420  nvraid - ok
19:51:37.0551 5420  [ 9E0BA19A28C498A6D323D065DB76DFFC ] nvstor          C:\Windows\system32\drivers\nvstor.sys
19:51:37.0560 5420  nvstor - ok
19:51:37.0579 5420  [ 07C186427EB8FCC3D8D7927187F260F7 ] nv_agp          C:\Windows\system32\drivers\nv_agp.sys
19:51:37.0592 5420  nv_agp - ok
19:51:37.0598 5420  NwlnkFlt - ok
19:51:37.0604 5420  NwlnkFwd - ok
19:51:37.0631 5420  [ BE32DA025A0BE1878F0EE8D6D9386CD5 ] ohci1394        C:\Windows\system32\DRIVERS\ohci1394.sys
19:51:37.0713 5420  ohci1394 - ok
19:51:37.0812 5420  [ 7A56CF3E3F12E8AF599963B16F50FB6A ] ose             C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE
19:51:37.0821 5420  ose - ok
19:51:37.0874 5420  [ 016D01D3B8FB976A193C7434BED8DCCF ] p2pimsvc        C:\Windows\system32\p2psvc.dll
19:51:37.0928 5420  p2pimsvc - ok
19:51:37.0943 5420  [ 016D01D3B8FB976A193C7434BED8DCCF ] p2psvc          C:\Windows\system32\p2psvc.dll
19:51:38.0036 5420  p2psvc - ok
19:51:38.0105 5420  [ 753A8F339F231D2B857E2CCD51A6E6CA ] PACSPTISVR      C:\Program Files\Common Files\Sony Shared\AvLib\PACSPTISVR.exe
19:51:38.0124 5420  PACSPTISVR ( UnsignedFile.Multi.Generic ) - warning
19:51:38.0124 5420  PACSPTISVR - detected UnsignedFile.Multi.Generic (1)
19:51:38.0166 5420  [ 0FA9B5055484649D63C303FE404E5F4D ] Parport         C:\Windows\system32\drivers\parport.sys
19:51:38.0223 5420  Parport - ok
19:51:38.0247 5420  [ 555A5B2C8022983BC7467BC925B222EE ] partmgr         C:\Windows\system32\drivers\partmgr.sys
19:51:38.0258 5420  partmgr - ok
19:51:38.0275 5420  [ 4F9A6A8A31413180D0FCB279AD5D8112 ] Parvdm          C:\Windows\system32\drivers\parvdm.sys
19:51:38.0330 5420  Parvdm - ok
19:51:38.0365 5420  [ D8C5C215C932233A4F1D7F368F4E4E65 ] PcaSvc          C:\Windows\System32\pcasvc.dll
19:51:38.0382 5420  PcaSvc - ok
19:51:38.0430 5420  [ FD2041E9BA03DB7764B2248F02475079 ] pccsmcfd        C:\Windows\system32\DRIVERS\pccsmcfd.sys
19:51:38.0492 5420  pccsmcfd - ok
19:51:38.0500 5420  [ 1085D75657807E0E8B32F9E19A1647C3 ] pci             C:\Windows\system32\drivers\pci.sys
19:51:38.0512 5420  pci - ok
19:51:38.0529 5420  [ 3B1901E401473E03EB8C874271E50C26 ] pciide          C:\Windows\system32\DRIVERS\pciide.sys
19:51:38.0539 5420  pciide - ok
19:51:38.0560 5420  [ E6F3FB1B86AA519E7698AD05E58B04E5 ] pcmcia          C:\Windows\system32\DRIVERS\pcmcia.sys
19:51:38.0573 5420  pcmcia - ok
19:51:38.0625 5420  [ 6349F6ED9C623B44B52EA3C63C831A92 ] PEAUTH          C:\Windows\system32\drivers\peauth.sys
19:51:38.0782 5420  PEAUTH - ok
19:51:38.0921 5420  [ CD05A38D166BEADE18030BAFC0C0A939 ] pla             C:\Windows\system32\pla.dll
19:51:39.0267 5420  pla - ok
19:51:39.0333 5420  [ 99F45FF202A0C8F2C948557FA404AF4C ] PlugPlay        C:\Windows\system32\umpnpmgr.dll
19:51:39.0413 5420  PlugPlay - ok
19:51:39.0473 5420  [ 016D01D3B8FB976A193C7434BED8DCCF ] PNRPAutoReg     C:\Windows\system32\p2psvc.dll
19:51:39.0542 5420  PNRPAutoReg - ok
19:51:39.0558 5420  [ 016D01D3B8FB976A193C7434BED8DCCF ] PNRPsvc         C:\Windows\system32\p2psvc.dll
19:51:39.0666 5420  PNRPsvc - ok
19:51:39.0722 5420  [ 05AB8CBD7056B6EA16E5FAB14326AAEE ] PolicyAgent     C:\Windows\System32\ipsecsvc.dll
19:51:39.0880 5420  PolicyAgent - ok
19:51:39.0930 5420  [ 6C359AC71D7B550A0D41F9DB4563CE05 ] PptpMiniport    C:\Windows\system32\DRIVERS\raspptp.sys
19:51:39.0987 5420  PptpMiniport - ok
19:51:40.0002 5420  [ 0E3CEF5D28B40CF273281D620C50700A ] Processor       C:\Windows\system32\drivers\processr.sys
19:51:40.0078 5420  Processor - ok
19:51:40.0130 5420  [ 213112E152E68F0E4705E36F052A2880 ] ProfSvc         C:\Windows\system32\profsvc.dll
19:51:40.0220 5420  ProfSvc - ok
19:51:40.0236 5420  [ 6A0E382E74280E4CC0DF17FE2661D003 ] ProtectedStorage C:\Windows\system32\lsass.exe
19:51:40.0250 5420  ProtectedStorage - ok
19:51:40.0299 5420  [ B74EDF14453C9987E99E66535047EBEE ] PSched          C:\Windows\system32\DRIVERS\pacer.sys
19:51:40.0385 5420  PSched - ok
19:51:40.0472 5420  [ E42E3433DBB4CFFE8FDD91EAB29AEA8E ] PxHelp20        C:\Windows\system32\Drivers\PxHelp20.sys
19:51:40.0480 5420  PxHelp20 - ok
19:51:40.0581 5420  [ B1AD87B4C97B6B59FCD075001E76865F ] QCDonner        C:\Windows\system32\DRIVERS\LVCD.sys
19:51:40.0680 5420  QCDonner - ok
19:51:40.0747 5420  [ CCDAC889326317792480C0A67156A1EC ] ql2300          C:\Windows\system32\drivers\ql2300.sys
19:51:40.0791 5420  ql2300 - ok
19:51:40.0825 5420  [ 81A7E5C076E59995D54BC1ED3A16E60B ] ql40xx          C:\Windows\system32\drivers\ql40xx.sys
19:51:40.0836 5420  ql40xx - ok
19:51:40.0910 5420  [ CA61BDFD3713A7CE75F2812AFC431594 ] QWAVE           C:\Windows\system32\qwave.dll
19:51:40.0977 5420  QWAVE - ok
19:51:41.0003 5420  [ D2B3E2B7426DC23E185FBC73C8936C12 ] QWAVEdrv        C:\Windows\system32\drivers\qwavedrv.sys
19:51:41.0020 5420  QWAVEdrv - ok
19:51:41.0091 5420  [ BD7B30F55B3649506DD8B3D38F571D2A ] RasAcd          C:\Windows\system32\DRIVERS\rasacd.sys
19:51:41.0166 5420  RasAcd - ok
19:51:41.0189 5420  [ F14F4AAB9F54D099FE99192BDB100AC9 ] RasAuto         C:\Windows\System32\rasauto.dll
19:51:41.0248 5420  RasAuto - ok
19:51:41.0267 5420  [ 88587DD843E2059848995B407B67F6CF ] Rasl2tp         C:\Windows\system32\DRIVERS\rasl2tp.sys
19:51:41.0325 5420  Rasl2tp - ok
19:51:41.0345 5420  [ 11D65E29BC9D1E4114D18FE68194394C ] RasMan          C:\Windows\System32\rasmans.dll
19:51:41.0406 5420  RasMan - ok
19:51:41.0413 5420  [ CCF4E9C6CBBAC81437F88CB2AE0B6C96 ] RasPppoe        C:\Windows\system32\DRIVERS\raspppoe.sys
19:51:41.0503 5420  RasPppoe - ok
19:51:41.0532 5420  [ 54129C5D9581BBEC8BD1EBD3BA813F47 ] rdbss           C:\Windows\system32\DRIVERS\rdbss.sys
19:51:41.0615 5420  rdbss - ok
19:51:41.0654 5420  [ 794585276B5D7FCA9F3FC15543F9F0B9 ] RDPCDD          C:\Windows\system32\DRIVERS\RDPCDD.sys
19:51:41.0735 5420  RDPCDD - ok
19:51:41.0983 5420  [ E8BD98D46F2ED77132BA927FCCB47D8B ] rdpdr           C:\Windows\system32\drivers\rdpdr.sys
19:51:42.0068 5420  rdpdr - ok
19:51:42.0076 5420  [ 980B56E2E273E19D3A9D72D5C420F008 ] RDPENCDD        C:\Windows\system32\drivers\rdpencdd.sys
19:51:42.0132 5420  RDPENCDD - ok
19:51:42.0168 5420  [ 8830E790A74A96605FABA74F9665BB3C ] RDPWD           C:\Windows\system32\drivers\RDPWD.sys
19:51:42.0229 5420  RDPWD - ok
19:51:42.0278 5420  [ 6C1A43C589EE8011A1EBFD51C01B77CE ] RemoteAccess    C:\Windows\System32\mprdim.dll
19:51:42.0353 5420  RemoteAccess - ok
19:51:42.0398 5420  [ 9A043808667C8C1893DA7275AF373F0E ] RemoteRegistry  C:\Windows\system32\regsvc.dll
19:51:42.0486 5420  RemoteRegistry - ok
19:51:42.0515 5420  [ 5123F83CBC4349D065534EEB6BBDC42B ] RpcLocator      C:\Windows\system32\locator.exe
19:51:42.0528 5420  RpcLocator - ok
19:51:42.0564 5420  [ B46D8EA6DD30BAA49F674DACDC4C491F ] RpcSs           C:\Windows\system32\rpcss.dll
19:51:42.0640 5420  RpcSs - ok
19:51:42.0700 5420  [ 97E939D2128FEC5D5A3E6E79B290A2F4 ] rspndr          C:\Windows\system32\DRIVERS\rspndr.sys
19:51:42.0755 5420  rspndr - ok
19:51:42.0761 5420  [ 6A0E382E74280E4CC0DF17FE2661D003 ] SamSs           C:\Windows\system32\lsass.exe
19:51:42.0775 5420  SamSs - ok
19:51:42.0812 5420  [ 3CE8F073A557E172B330109436984E30 ] sbp2port        C:\Windows\system32\drivers\sbp2port.sys
19:51:42.0823 5420  sbp2port - ok
19:51:42.0867 5420  [ 565B4B9E5AD2F2F18A4F8AAFA6C06BBB ] SCardSvr        C:\Windows\System32\SCardSvr.dll
19:51:42.0925 5420  SCardSvr - ok
19:51:42.0965 5420  [ 5C72614E6625D39CC1504BF078FDC4CA ] Schedule        C:\Windows\system32\schedsvc.dll
19:51:43.0059 5420  Schedule - ok
19:51:43.0084 5420  [ 0600E04315FE543802A379D5D23C8BE0 ] SCPolicySvc     C:\Windows\System32\certprop.dll
19:51:43.0140 5420  SCPolicySvc - ok
19:51:43.0162 5420  [ F7B6BF02240D0A764ADF8C8966735552 ] SDRSVC          C:\Windows\System32\SDRSVC.dll
19:51:43.0195 5420  SDRSVC - ok
19:51:43.0226 5420  [ 90A3935D05B494A5A39D37E71F09A677 ] secdrv          C:\Windows\system32\drivers\secdrv.sys
19:51:43.0282 5420  secdrv - ok
19:51:43.0304 5420  [ 8388C4133DDBE62AD7BC3EC9F14271ED ] seclogon        C:\Windows\system32\seclogon.dll
19:51:43.0385 5420  seclogon - ok
19:51:43.0413 5420  [ 34350AE2C1D33D21C7305F861BD8DAD8 ] SENS            C:\Windows\System32\sens.dll
19:51:43.0497 5420  SENS - ok
19:51:43.0516 5420  [ 68E44E331D46F0FB38F0863A84CD1A31 ] Serenum         C:\Windows\system32\drivers\serenum.sys
19:51:43.0572 5420  Serenum - ok
19:51:43.0595 5420  [ C70D69A918B178D3C3B06339B40C2E1B ] Serial          C:\Windows\system32\drivers\serial.sys
19:51:43.0651 5420  Serial - ok
19:51:43.0688 5420  [ FD06895F55C0BEC3CBD84BDA14E1C6B7 ] sermouse        C:\Windows\system32\drivers\sermouse.sys
19:51:43.0821 5420  sermouse - ok
19:51:43.0904 5420  [ E802089FEC30A95FDFD218995308F9B3 ] ServiceLayer    C:\Program Files\PC Connectivity Solution\ServiceLayer.exe
19:51:43.0995 5420  ServiceLayer - ok
19:51:44.0080 5420  [ 78878235DA4DF0D116E86837A0A21DF8 ] SessionEnv      C:\Windows\system32\sessenv.dll
19:51:44.0162 5420  SessionEnv - ok
19:51:44.0230 5420  [ 103B79418DA647736EE95645F305F68A ] sffdisk         C:\Windows\system32\drivers\sffdisk.sys
19:51:44.0286 5420  sffdisk - ok
19:51:44.0319 5420  [ 8FD08A310645FE872EEEC6E08C6BF3EE ] sffp_mmc        C:\Windows\system32\drivers\sffp_mmc.sys
19:51:44.0374 5420  sffp_mmc - ok
19:51:44.0391 5420  [ 9CFA05FCFCB7124E69CFC812B72F9614 ] sffp_sd         C:\Windows\system32\drivers\sffp_sd.sys
19:51:44.0447 5420  sffp_sd - ok
19:51:44.0467 5420  [ 46ED8E91793B2E6F848015445A0AC188 ] sfloppy         C:\Windows\system32\drivers\sfloppy.sys
19:51:44.0537 5420  sfloppy - ok
19:51:44.0577 5420  [ B264DFA21677728613267FE63802B332 ] ShellHWDetection C:\Windows\System32\shsvcs.dll
19:51:44.0619 5420  ShellHWDetection - ok
19:51:44.0643 5420  [ D2A595D6EEBEEAF4334F8E50EFBC9931 ] sisagp          C:\Windows\system32\drivers\sisagp.sys
19:51:44.0653 5420  sisagp - ok
19:51:44.0675 5420  [ CEDD6F4E7D84E9F98B34B3FE988373AA ] SiSRaid2        C:\Windows\system32\drivers\sisraid2.sys
19:51:44.0686 5420  SiSRaid2 - ok
19:51:44.0742 5420  [ DF843C528C4F69D12CE41CE462E973A7 ] SiSRaid4        C:\Windows\system32\drivers\sisraid4.sys
19:51:44.0753 5420  SiSRaid4 - ok
19:51:44.0890 5420  [ 7610645679BB5994210D21A347E0C479 ] slsvc           C:\Windows\system32\SLsvc.exe
19:51:45.0212 5420  slsvc - ok
19:51:45.0268 5420  [ 49670F3E42A0178A0AB425AE15D88E7C ] SLUINotify      C:\Windows\system32\SLUINotify.dll
19:51:45.0351 5420  SLUINotify - ok
19:51:45.0377 5420  [ AC0D90738ADB51A6FD12FF00874A2162 ] Smb             C:\Windows\system32\DRIVERS\smb.sys
19:51:45.0458 5420  Smb - ok
19:51:45.0494 5420  [ DB31D8989B3450569C29780E7FA98C48 ] SNC             C:\Windows\system32\Drivers\SonyNC.sys
19:51:45.0527 5420  SNC - ok
19:51:45.0554 5420  [ 2A146A055B4401C16EE62D18B8E2A032 ] SNMPTRAP        C:\Windows\System32\snmptrap.exe
19:51:45.0569 5420  SNMPTRAP - ok
19:51:45.0652 5420  [ 1A623F2B69E1F182F995F963C55DB935 ] Sony Ericsson PCCompanion C:\Program Files\Sony Ericsson\Sony Ericsson PC Companion\PCCService.exe
19:51:45.0705 5420  Sony Ericsson PCCompanion ( UnsignedFile.Multi.Generic ) - warning
19:51:45.0705 5420  Sony Ericsson PCCompanion - detected UnsignedFile.Multi.Generic (1)
19:51:45.0752 5420  [ 426F9B029AA9162CECCF65369457D046 ] spldr           C:\Windows\system32\drivers\spldr.sys
19:51:45.0762 5420  spldr - ok
19:51:45.0797 5420  [ DA612EF2556776DF2630B68BF2D48935 ] Spooler         C:\Windows\System32\spoolsv.exe
19:51:45.0812 5420  Spooler - ok
19:51:45.0881 5420  [ E3E6C96B0EF4492C3C8FD0DEEF4E35A1 ] SPTISRV         C:\Program Files\Common Files\Sony Shared\AvLib\SPTISRV.exe
19:51:45.0886 5420  SPTISRV ( UnsignedFile.Multi.Generic ) - warning
19:51:45.0886 5420  SPTISRV - detected UnsignedFile.Multi.Generic (1)
19:51:45.0939 5420  [ 5673E79BBB62A4C35B10D821FF1B4ACA ] SQLBrowser      C:\Program Files\Microsoft SQL Server\90\Shared\sqlbrowser.exe
19:51:45.0955 5420  SQLBrowser - ok
19:51:45.0963 5420  [ 9263C8898732E2B890F7E954E7729AB7 ] SQLWriter       C:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe
19:51:45.0974 5420  SQLWriter - ok
19:51:46.0027 5420  [ 2C677528B24D64D22886ECBE5CD97F20 ] srv             C:\Windows\system32\DRIVERS\srv.sys
19:51:46.0117 5420  srv - ok
19:51:46.0216 5420  [ 382BAF4DCBD7648CED6C64A8A1E335B2 ] srv2            C:\Windows\system32\DRIVERS\srv2.sys
19:51:46.0322 5420  srv2 - ok
19:51:46.0353 5420  [ F8E47A77E1690D8574962B69CB22BEB3 ] srvnet          C:\Windows\system32\DRIVERS\srvnet.sys
19:51:46.0480 5420  srvnet - ok
19:51:46.0515 5420  [ 8D3E4BAFF8B3997138C38EB1B600519A ] SSDPSRV         C:\Windows\System32\ssdpsrv.dll
19:51:46.0575 5420  SSDPSRV - ok
19:51:46.0615 5420  [ A36EE93698802CD899F98BFD553D8185 ] ssmdrv          C:\Windows\system32\DRIVERS\ssmdrv.sys
19:51:46.0624 5420  ssmdrv - ok
19:51:46.0686 5420  [ A941E099EF46E3CC12F898CBE1C39910 ] stisvc          C:\Windows\System32\wiaservc.dll
19:51:46.0716 5420  stisvc - ok
19:51:46.0746 5420  [ 1379BDB336F8158C176A465E30759F57 ] swenum          C:\Windows\system32\DRIVERS\swenum.sys
19:51:46.0756 5420  swenum - ok
19:51:46.0828 5420  [ 749ADA8D6C18A08ADFEDE69CBF5DB2E0 ] swprv           C:\Windows\System32\swprv.dll
19:51:46.0915 5420  swprv - ok
19:51:46.0978 5420  [ 2FE779B1A07747FED8074C433C3C4604 ] SymAppCore      C:\Program Files\Common Files\Symantec Shared\AppCore\AppSvc32.exe
19:51:46.0986 5420  SymAppCore - ok
19:51:47.0023 5420  [ 192AA3AC01DF071B541094F251DEED10 ] Symc8xx         C:\Windows\system32\drivers\symc8xx.sys
19:51:47.0033 5420  Symc8xx - ok
19:51:47.0055 5420  [ 9D98270B5F10A4C84E8DA417C30756E1 ] SymEvent        C:\Windows\system32\Drivers\SYMEVENT.SYS
19:51:47.0066 5420  SymEvent - ok
19:51:47.0105 5420  [ 8C8EB8C76736EBAF3B13B633B2E64125 ] Sym_hi          C:\Windows\system32\drivers\sym_hi.sys
19:51:47.0115 5420  Sym_hi - ok
19:51:47.0162 5420  [ 8072AF52B5FD103BBBA387A1E49F62CB ] Sym_u3          C:\Windows\system32\drivers\sym_u3.sys
19:51:47.0172 5420  Sym_u3 - ok
19:51:47.0224 5420  [ C1FDFF9AFD8C6C905485981B41DCFB40 ] SysMain         C:\Windows\system32\sysmain.dll
19:51:47.0321 5420  SysMain - ok
19:51:47.0351 5420  [ 2DCA225EAE15F42C0933E998EE0231C3 ] TabletInputService C:\Windows\System32\TabSvc.dll
19:51:47.0389 5420  TabletInputService - ok
19:51:47.0420 5420  [ EF3DD33C740FC2F82E7E4622F1C49289 ] TapiSrv         C:\Windows\System32\tapisrv.dll
19:51:47.0482 5420  TapiSrv - ok
19:51:47.0503 5420  [ 68FA52794AE9ACC61BDE16FE0956B414 ] TBS             C:\Windows\System32\tbssvc.dll
19:51:47.0560 5420  TBS - ok
19:51:47.0606 5420  [ D944522B048A5FEB7700B5170D3D9423 ] Tcpip           C:\Windows\system32\drivers\tcpip.sys
19:51:47.0759 5420  Tcpip - ok
19:51:47.0778 5420  [ D944522B048A5FEB7700B5170D3D9423 ] Tcpip6          C:\Windows\system32\DRIVERS\tcpip.sys
19:51:47.0883 5420  Tcpip6 - ok
19:51:47.0915 5420  [ 5CE0C4A7B12D0067DAD527D72B68C726 ] tcpipreg        C:\Windows\system32\drivers\tcpipreg.sys
19:51:47.0970 5420  tcpipreg - ok
19:51:47.0996 5420  [ 964248AEF49C31FA6A93201A73FFAF50 ] TDPIPE          C:\Windows\system32\drivers\tdpipe.sys
19:51:48.0051 5420  TDPIPE - ok
19:51:48.0072 5420  [ 7D2C1AE1648A60FCE4AA0F7982E419D3 ] TDTCP           C:\Windows\system32\drivers\tdtcp.sys
19:51:48.0139 5420  TDTCP - ok
19:51:48.0164 5420  [ AB4FDE8AF4A0270A46A001C08CBCE1C2 ] tdx             C:\Windows\system32\DRIVERS\tdx.sys
19:51:48.0223 5420  tdx - ok
19:51:48.0242 5420  [ 2C549BD9DD091FBFAA0A2A48E82EC2FB ] TermDD          C:\Windows\system32\DRIVERS\termdd.sys
19:51:48.0253 5420  TermDD - ok
19:51:48.0291 5420  [ FAD71C1E8E4047B154E899AE31EB8CAA ] TermService     C:\Windows\System32\termsrv.dll
19:51:48.0395 5420  TermService - ok
19:51:48.0433 5420  [ B264DFA21677728613267FE63802B332 ] Themes          C:\Windows\system32\shsvcs.dll
19:51:48.0453 5420  Themes - ok
19:51:48.0472 5420  [ 9DFA3A459AF0954AA85B4F7622AD87BB ] THREADORDER     C:\Windows\system32\mmcss.dll
19:51:48.0531 5420  THREADORDER - ok
19:51:48.0595 5420  [ DCD46A3FC856167FD985507492AE610A ] ti21sony        C:\Windows\system32\drivers\ti21sony.sys
19:51:48.0646 5420  ti21sony - ok
19:51:48.0694 5420  [ 6BBA0582C0025D43729A1112D3B57897 ] TrkWks          C:\Windows\System32\trkwks.dll
19:51:48.0753 5420  TrkWks - ok
19:51:48.0846 5420  [ CD987375605E6F9C3230E99EDA9D9C6D ] TrustedInstaller C:\Windows\servicing\TrustedInstaller.exe
19:51:48.0885 5420  TrustedInstaller - ok
19:51:48.0939 5420  [ 29F0ECA726F0D51F7E048BDB0B372F29 ] tssecsrv        C:\Windows\system32\DRIVERS\tssecsrv.sys
19:51:49.0006 5420  tssecsrv - ok
19:51:49.0067 5420  [ 80FC4AC81602C88E7D23618E6EFBA2C6 ] tunmp           C:\Windows\system32\DRIVERS\tunmp.sys
19:51:49.0123 5420  tunmp - ok
19:51:49.0130 5420  [ 52DAA1FA3B5A40D6A6627B44C60A9B78 ] tunnel          C:\Windows\system32\DRIVERS\tunnel.sys
19:51:49.0186 5420  tunnel - ok
19:51:49.0221 5420  [ C3ADE15414120033A36C0F293D4A4121 ] uagp35          C:\Windows\system32\drivers\uagp35.sys
19:51:49.0233 5420  uagp35 - ok
19:51:49.0262 5420  [ 6348DA98707CEDA8A0DFB05820E17732 ] udfs            C:\Windows\system32\DRIVERS\udfs.sys
19:51:49.0342 5420  udfs - ok
19:51:49.0389 5420  [ 24A333F4F14DCFB6FF6D5A1B9E5D79DD ] UI0Detect       C:\Windows\system32\UI0Detect.exe
19:51:49.0403 5420  UI0Detect - ok
19:51:49.0432 5420  [ 75E6890EBFCE0841D3291B02E7A8BDB0 ] uliagpkx        C:\Windows\system32\drivers\uliagpkx.sys
19:51:49.0442 5420  uliagpkx - ok
19:51:49.0473 5420  [ 3CD4EA35A6221B85DCC25DAA46313F8D ] uliahci         C:\Windows\system32\drivers\uliahci.sys
19:51:49.0490 5420  uliahci - ok
19:51:49.0520 5420  [ 8514D0E5CD0534467C5FC61BE94A569F ] UlSata          C:\Windows\system32\drivers\ulsata.sys
19:51:49.0532 5420  UlSata - ok
19:51:49.0558 5420  [ 38C3C6E62B157A6BC46594FADA45C62B ] ulsata2         C:\Windows\system32\drivers\ulsata2.sys
19:51:49.0570 5420  ulsata2 - ok
19:51:49.0605 5420  [ 3FB78F1D1DD86D87BECECD9DFFA24DD9 ] umbus           C:\Windows\system32\DRIVERS\umbus.sys
19:51:49.0661 5420  umbus - ok
19:51:49.0688 5420  [ 8EB871A3DEB6B3D5A85EB6DDFC390B59 ] upnphost        C:\Windows\System32\upnphost.dll
19:51:49.0752 5420  upnphost - ok
19:51:49.0792 5420  [ 47F5F9D837D80FFD5882A14DB9DA0A67 ] upperdev        C:\Windows\system32\DRIVERS\usbser_lowerflt.sys
19:51:49.0851 5420  upperdev - ok
19:51:49.0905 5420  [ F6BF998AE33E3FB6C7D27F0560F1173F ] usbaudio        C:\Windows\system32\drivers\usbaudio.sys
19:51:49.0963 5420  usbaudio - ok
19:51:49.0982 5420  [ 8BD3AE150D97BA4E633C6C5C51B41AE1 ] usbccgp         C:\Windows\system32\DRIVERS\usbccgp.sys
19:51:50.0062 5420  usbccgp - ok
19:51:50.0080 5420  [ E9476E6C486E76BC4898074768FB7131 ] usbcir          C:\Windows\system32\drivers\usbcir.sys
19:51:50.0139 5420  usbcir - ok
19:51:50.0182 5420  [ 63FE924D8A1113C3BA6750693FBEC7D3 ] usbehci         C:\Windows\system32\DRIVERS\usbehci.sys
19:51:50.0239 5420  usbehci - ok
19:51:50.0260 5420  [ 5EDEC5510592C905E91817707DCE62A2 ] usbhub          C:\Windows\system32\DRIVERS\usbhub.sys
19:51:50.0319 5420  usbhub - ok
19:51:50.0350 5420  [ 38DBC7DD6CC5A72011F187425384388B ] usbohci         C:\Windows\system32\drivers\usbohci.sys
19:51:50.0421 5420  usbohci - ok
19:51:50.0438 5420  [ B51E52ACF758BE00EF3A58EA452FE360 ] usbprint        C:\Windows\system32\DRIVERS\usbprint.sys
19:51:50.0494 5420  usbprint - ok
19:51:50.0557 5420  [ B1F95285C08DDFE00C0B955462637EC7 ] usbscan         C:\Windows\system32\DRIVERS\usbscan.sys
19:51:50.0612 5420  usbscan - ok
19:51:50.0662 5420  [ C0488CC01A1C686B08A3D360C7F50324 ] usbser          C:\Windows\system32\DRIVERS\usbser.sys
19:51:50.0733 5420  usbser - ok
19:51:50.0786 5420  [ E44F0D17BE0908B58DCC99CCB99C6C32 ] UsbserFilt      C:\Windows\system32\DRIVERS\usbser_lowerfltj.sys
19:51:50.0817 5420  UsbserFilt - ok
19:51:50.0858 5420  [ FDBAABF07244C60B0F4E0A6E71A107C6 ] USBSTOR         C:\Windows\system32\DRIVERS\USBSTOR.SYS
19:51:50.0913 5420  USBSTOR - ok
19:51:50.0944 5420  [ 325DBBACB8A36AF9988CCF40EAC228CC ] usbuhci         C:\Windows\system32\DRIVERS\usbuhci.sys
19:51:51.0022 5420  usbuhci - ok
19:51:51.0055 5420  [ F79D0D7C9004474CB42746D9B2C30A2B ] UxSms           C:\Windows\System32\uxsms.dll
19:51:51.0111 5420  UxSms - ok
19:51:51.0173 5420  [ 4E9C6BF8D0655BB7538088DC6F2306D9 ] VAIO Entertainment TV Device Arbitration Service C:\Program Files\Common Files\Sony Shared\VAIO Entertainment Platform\VzCs\VzHardwareResourceManager\VzHardwareResourceManager.exe
19:51:51.0180 5420  VAIO Entertainment TV Device Arbitration Service ( UnsignedFile.Multi.Generic ) - warning
19:51:51.0180 5420  VAIO Entertainment TV Device Arbitration Service - detected UnsignedFile.Multi.Generic (1)
19:51:51.0280 5420  [ 8A9F18ADAD471402236CA931553BF79B ] VAIO Event Service C:\Program Files\sony\VAIO Event Service\VESMgr.exe
19:51:51.0291 5420  VAIO Event Service - ok
19:51:51.0486 5420  [ 88DC6B884824A578B0E1E9C3790C105B ] VAIOMediaPlatform-IntegratedServer-AppServer C:\Program Files\sony\VAIO Media Integrated Server\VMISrv.exe
19:51:51.0833 5420  VAIOMediaPlatform-IntegratedServer-AppServer ( UnsignedFile.Multi.Generic ) - warning
19:51:51.0833 5420  VAIOMediaPlatform-IntegratedServer-AppServer - detected UnsignedFile.Multi.Generic (1)
19:51:51.0916 5420  [ 56E33AAA46CBA8431E72486196AFB3A1 ] VAIOMediaPlatform-IntegratedServer-HTTP C:\Program Files\sony\VAIO Media Integrated Server\Platform\SV_Httpd.exe
19:51:51.0935 5420  VAIOMediaPlatform-IntegratedServer-HTTP ( UnsignedFile.Multi.Generic ) - warning
19:51:51.0935 5420  VAIOMediaPlatform-IntegratedServer-HTTP - detected UnsignedFile.Multi.Generic (1)
19:51:52.0006 5420  [ ADDF0E4E19BD2FF0A0B852D324FDC281 ] VAIOMediaPlatform-IntegratedServer-UPnP C:\Program Files\sony\VAIO Media Integrated Server\Platform\UPnPFramework.exe
19:51:52.0063 5420  VAIOMediaPlatform-IntegratedServer-UPnP ( UnsignedFile.Multi.Generic ) - warning
19:51:52.0063 5420  VAIOMediaPlatform-IntegratedServer-UPnP - detected UnsignedFile.Multi.Generic (1)
19:51:52.0165 5420  [ 52D4F568FE7D05AE5026B8717EEB59EB ] VAIOMediaPlatform-UCLS-AppServer C:\Program Files\sony\VAIO Media Integrated Server\UCLS.exe
19:51:52.0238 5420  VAIOMediaPlatform-UCLS-AppServer ( UnsignedFile.Multi.Generic ) - warning
19:51:52.0239 5420  VAIOMediaPlatform-UCLS-AppServer - detected UnsignedFile.Multi.Generic (1)
19:51:52.0427 5420  [ 56E33AAA46CBA8431E72486196AFB3A1 ] VAIOMediaPlatform-UCLS-HTTP C:\Program Files\sony\VAIO Media Integrated Server\Platform\SV_Httpd.exe
19:51:52.0514 5420  VAIOMediaPlatform-UCLS-HTTP ( UnsignedFile.Multi.Generic ) - warning
19:51:52.0514 5420  VAIOMediaPlatform-UCLS-HTTP - detected UnsignedFile.Multi.Generic (1)
19:51:52.0822 5420  [ ADDF0E4E19BD2FF0A0B852D324FDC281 ] VAIOMediaPlatform-UCLS-UPnP C:\Program Files\sony\VAIO Media Integrated Server\Platform\UPnPFramework.exe
19:51:52.0980 5420  VAIOMediaPlatform-UCLS-UPnP ( UnsignedFile.Multi.Generic ) - warning
19:51:52.0980 5420  VAIOMediaPlatform-UCLS-UPnP - detected UnsignedFile.Multi.Generic (1)
19:51:52.0986 5420  Vcsw - ok
19:51:53.0023 5420  [ C9D0BAFEE0D0A2681F048CA61BC0DA96 ] vds             C:\Windows\System32\vds.exe
19:51:53.0077 5420  vds - ok
19:51:53.0167 5420  [ 7D92BE0028ECDEDEC74617009084B5EF ] vga             C:\Windows\system32\DRIVERS\vgapnp.sys
19:51:53.0223 5420  vga - ok
19:51:53.0251 5420  [ 17A8F877314E4067F8C8172CC6D9101C ] VgaSave         C:\Windows\System32\drivers\vga.sys
19:51:53.0324 5420  VgaSave - ok
19:51:53.0345 5420  [ 045D9961E591CF0674A920B6BA3BA5CB ] viaagp          C:\Windows\system32\drivers\viaagp.sys
19:51:53.0356 5420  viaagp - ok
19:51:53.0372 5420  [ 56A4DE5F02F2E88182B0981119B4DD98 ] ViaC7           C:\Windows\system32\drivers\viac7.sys
19:51:53.0441 5420  ViaC7 - ok
19:51:53.0455 5420  [ FD2E3175FCADA350C7AB4521DCA187EC ] viaide          C:\Windows\system32\drivers\viaide.sys
19:51:53.0465 5420  viaide - ok
19:51:53.0490 5420  [ 103E84C95832D0ED93507997CC7B54E8 ] volmgr          C:\Windows\system32\drivers\volmgr.sys
19:51:53.0500 5420  volmgr - ok
19:51:53.0512 5420  [ 294DA8D3F965F6A8DB934A83C7B461FF ] volmgrx         C:\Windows\system32\drivers\volmgrx.sys
19:51:53.0531 5420  volmgrx - ok
19:51:53.0554 5420  [ 11EF6C1CAEF76B685233450A126125D6 ] volsnap         C:\Windows\system32\drivers\volsnap.sys
19:51:53.0569 5420  volsnap - ok
19:51:53.0601 5420  [ D984439746D42B30FC65A4C3546C6829 ] vsmraid         C:\Windows\system32\drivers\vsmraid.sys
19:51:53.0612 5420  vsmraid - ok
19:51:53.0678 5420  [ E0E29D9EF2524ABD11749C7C2FD7F607 ] VSS             C:\Windows\system32\vssvc.exe
19:51:53.0815 5420  VSS - ok
19:51:53.0898 5420  [ 5FEB20D9ED9A2BD4F234222B0A3BB855 ] VzCdbSvc        C:\Program Files\Common Files\Sony Shared\VAIO Entertainment Platform\VzCdb\VzCdbSvc.exe
19:51:53.0906 5420  VzCdbSvc ( UnsignedFile.Multi.Generic ) - warning
19:51:53.0906 5420  VzCdbSvc - detected UnsignedFile.Multi.Generic (1)
19:51:53.0991 5420  [ 3757DFD3C07896EF660D4060366E7B4E ] VzFw            C:\Program Files\Common Files\Sony Shared\VAIO Entertainment Platform\VzCdb\VzFw.exe
19:51:53.0998 5420  VzFw ( UnsignedFile.Multi.Generic ) - warning
19:51:53.0998 5420  VzFw - detected UnsignedFile.Multi.Generic (1)
19:51:54.0076 5420  [ 62B0D0F6F5580D9D0DFA5E0B466FF2ED ] W32Time         C:\Windows\system32\w32time.dll
19:51:54.0140 5420  W32Time - ok
19:51:54.0187 5420  [ 48DFEE8F1AF7C8235D4E626F0C4FE031 ] WacomPen        C:\Windows\system32\drivers\wacompen.sys
19:51:54.0296 5420  WacomPen - ok
19:51:54.0490 5420  [ 6E1A5BE9A0605F3D932FF35FBA2B22B3 ] Wanarp          C:\Windows\system32\DRIVERS\wanarp.sys
19:51:54.0571 5420  Wanarp - ok
19:51:54.0598 5420  [ 6E1A5BE9A0605F3D932FF35FBA2B22B3 ] Wanarpv6        C:\Windows\system32\DRIVERS\wanarp.sys
19:51:54.0659 5420  Wanarpv6 - ok
19:51:54.0779 5420  [ C1B19162E0509CEAB4CDF664E139D956 ] wcncsvc         C:\Windows\System32\wcncsvc.dll
19:51:54.0829 5420  wcncsvc - ok
19:51:54.0860 5420  [ 11BCB7AFCDD7AADACB5746F544D3A9C7 ] WcsPlugInService C:\Windows\System32\WcsPlugInService.dll
19:51:54.0939 5420  WcsPlugInService - ok
19:51:54.0982 5420  [ AFC5AD65B991C1E205CF25CFDBF7A6F4 ] Wd              C:\Windows\system32\drivers\wd.sys
19:51:54.0992 5420  Wd - ok
19:51:55.0116 5420  [ 9950E3D0F08141C7E89E64456AE7DC73 ] Wdf01000        C:\Windows\system32\drivers\Wdf01000.sys
19:51:55.0236 5420  Wdf01000 - ok
19:51:55.0270 5420  [ 2A424B89B14EF17A3D06BCB5A8F79601 ] WdiServiceHost  C:\Windows\system32\wdi.dll
19:51:55.0305 5420  WdiServiceHost - ok
19:51:55.0311 5420  [ 2A424B89B14EF17A3D06BCB5A8F79601 ] WdiSystemHost   C:\Windows\system32\wdi.dll
19:51:55.0329 5420  WdiSystemHost - ok
19:51:55.0530 5420  [ 5BB7DCE05889A1FE2E0DB1CDF451412B ] WebClient       C:\Windows\System32\webclnt.dll
19:51:55.0606 5420  WebClient - ok
19:51:55.0637 5420  [ 9CF67FF7F8D34CBF115D0C278B9F74AA ] Wecsvc          C:\Windows\system32\wecsvc.dll
19:51:55.0697 5420  Wecsvc - ok
19:51:55.0713 5420  [ B68CAB45DB1DAB59D92ACADFAD6364A8 ] wercplsupport   C:\Windows\System32\wercplsupport.dll
19:51:55.0783 5420  wercplsupport - ok
19:51:55.0817 5420  [ 36BA0707680EF4236FD752BEE982CC25 ] WerSvc          C:\Windows\System32\WerSvc.dll
19:51:55.0877 5420  WerSvc - ok
19:51:56.0076 5420  [ 6D2350BB6E77E800FC4BE4E5B7A2E89A ] winachsf        C:\Windows\system32\DRIVERS\HSX_CNXT.sys
19:51:56.0166 5420  winachsf - ok
19:51:56.0179 5420  WinHttpAutoProxySvc - ok
19:51:56.0259 5420  [ 38A7B89DE4E3417C122317949667FDD8 ] Winmgmt         C:\Windows\system32\wbem\WMIsvc.dll
19:51:56.0318 5420  Winmgmt - ok
19:51:56.0372 5420  [ 3F6823040030C3E4DA1CF11CD40B7534 ] WinRM           C:\Windows\system32\WsmSvc.dll
19:51:56.0471 5420  WinRM - ok
19:51:56.0519 5420  [ 424782AC6393CAFD0EE6FA887105BBAE ] Wlansvc         C:\Windows\System32\wlansvc.dll
19:51:56.0550 5420  Wlansvc - ok
19:51:56.0575 5420  [ 701A9F884A294327E9141D73746EE279 ] WmiAcpi         C:\Windows\system32\drivers\wmiacpi.sys
19:51:56.0631 5420  WmiAcpi - ok
19:51:56.0669 5420  [ A279323BEE5FFFAFDA222910BCE92132 ] wmiApSrv        C:\Windows\system32\wbem\WmiApSrv.exe
19:51:56.0683 5420  wmiApSrv - ok
19:51:56.0764 5420  [ ACB2E63D50157E3EA7140F29D9E76A48 ] WMPNetworkSvc   C:\Program Files\Windows Media Player\wmpnetwk.exe
19:51:56.0889 5420  WMPNetworkSvc - ok
19:51:56.0924 5420  [ 3D3B3B80C12ABE506F56930C46422C28 ] WPCSvc          C:\Windows\System32\wpcsvc.dll
19:51:56.0963 5420  WPCSvc - ok
19:51:56.0988 5420  [ C24844A1D0D9528B19D5BC266B8CD572 ] WPDBusEnum      C:\Windows\system32\wpdbusenum.dll
19:51:57.0043 5420  WPDBusEnum - ok
19:51:57.0106 5420  [ 2D27171B16A577EF14C1273668753485 ] WpdUsb          C:\Windows\system32\DRIVERS\wpdusb.sys
19:51:57.0162 5420  WpdUsb - ok
19:51:57.0203 5420  [ 84620AECDCFD2A7A14E6263927D8C0ED ] ws2ifsl         C:\Windows\system32\drivers\ws2ifsl.sys
19:51:57.0279 5420  ws2ifsl - ok
19:51:57.0284 5420  WSearch - ok
19:51:57.0359 5420  [ 6F9B6C0C93232CFF47D0F72D6DB1D21E ] WudfPf          C:\Windows\system32\drivers\WudfPf.sys
19:51:57.0394 5420  WudfPf - ok
19:51:57.0427 5420  [ F91FF1E51FCA30B3C3981DB7D5924252 ] WUDFRd          C:\Windows\system32\DRIVERS\WUDFRd.sys
19:51:57.0444 5420  WUDFRd - ok
19:51:57.0465 5420  [ FE0B93B28089C79E9D635434A92995C0 ] wudfsvc         C:\Windows\System32\WUDFSvc.dll
19:51:57.0482 5420  wudfsvc - ok
19:51:57.0506 5420  [ 5A7FF9A18FF6D7E0527FE3ABF9204EF8 ] XAudio          C:\Windows\system32\DRIVERS\xaudio.sys
19:51:57.0534 5420  XAudio - ok
19:51:57.0571 5420  [ 28DC5D626E036A75A572556F0A6EB1F6 ] XAudioService   C:\Windows\system32\DRIVERS\xaudio.exe
19:51:57.0612 5420  XAudioService - ok
19:51:57.0649 5420  [ 69222091B6285906AFF82E43681CF826 ] yukonwlh        C:\Windows\system32\DRIVERS\yk60x86.sys
19:51:57.0689 5420  yukonwlh - ok
19:51:57.0697 5420  ================ Scan global ===============================
19:51:57.0756 5420  [ 8CD98A8EC9CADAF4E051CDCAC15C96C4 ] C:\Windows\system32\basesrv.dll
19:51:57.0796 5420  [ D2E032FC47D59D704B1A49D159C318E5 ] C:\Windows\system32\winsrv.dll
19:51:57.0813 5420  [ D2E032FC47D59D704B1A49D159C318E5 ] C:\Windows\system32\winsrv.dll
19:51:57.0857 5420  [ 329CF3C97CE4C19375C8ABCABAE258B0 ] C:\Windows\system32\services.exe
19:51:57.0862 5420  [Global] - ok
19:51:57.0862 5420  ================ Scan MBR ==================================
19:51:57.0878 5420  [ 5C616939100B85E558DA92B899A0FC36 ] \Device\Harddisk0\DR0
19:51:58.0300 5420  \Device\Harddisk0\DR0 - ok
19:51:58.0301 5420  ================ Scan VBR ==================================
19:51:58.0312 5420  [ EE1CFAEFA6E94C66125683838C076F03 ] \Device\Harddisk0\DR0\Partition1
19:51:58.0401 5420  \Device\Harddisk0\DR0\Partition1 - ok
19:51:58.0401 5420  ============================================================
19:51:58.0401 5420  Scan finished
19:51:58.0401 5420  ============================================================
19:51:58.0416 6288  Detected object count: 15
19:51:58.0416 6288  Actual detected object count: 15
19:52:22.0940 6288  DirMngr ( UnsignedFile.Multi.Generic ) - skipped by user
19:52:22.0941 6288  DirMngr ( UnsignedFile.Multi.Generic ) - User select action: Skip 
19:52:22.0941 6288  IDriverT ( UnsignedFile.Multi.Generic ) - skipped by user
19:52:22.0941 6288  IDriverT ( UnsignedFile.Multi.Generic ) - User select action: Skip 
19:52:22.0944 6288  MSCSPTISRV ( UnsignedFile.Multi.Generic ) - skipped by user
19:52:22.0944 6288  MSCSPTISRV ( UnsignedFile.Multi.Generic ) - User select action: Skip 
19:52:22.0947 6288  PACSPTISVR ( UnsignedFile.Multi.Generic ) - skipped by user
19:52:22.0947 6288  PACSPTISVR ( UnsignedFile.Multi.Generic ) - User select action: Skip 
19:52:22.0949 6288  Sony Ericsson PCCompanion ( UnsignedFile.Multi.Generic ) - skipped by user
19:52:22.0949 6288  Sony Ericsson PCCompanion ( UnsignedFile.Multi.Generic ) - User select action: Skip 
19:52:22.0952 6288  SPTISRV ( UnsignedFile.Multi.Generic ) - skipped by user
19:52:22.0952 6288  SPTISRV ( UnsignedFile.Multi.Generic ) - User select action: Skip 
19:52:22.0956 6288  VAIO Entertainment TV Device Arbitration Service ( UnsignedFile.Multi.Generic ) - skipped by user
19:52:22.0956 6288  VAIO Entertainment TV Device Arbitration Service ( UnsignedFile.Multi.Generic ) - User select action: Skip 
19:52:22.0958 6288  VAIOMediaPlatform-IntegratedServer-AppServer ( UnsignedFile.Multi.Generic ) - skipped by user
19:52:22.0959 6288  VAIOMediaPlatform-IntegratedServer-AppServer ( UnsignedFile.Multi.Generic ) - User select action: Skip 
19:52:22.0961 6288  VAIOMediaPlatform-IntegratedServer-HTTP ( UnsignedFile.Multi.Generic ) - skipped by user
19:52:22.0962 6288  VAIOMediaPlatform-IntegratedServer-HTTP ( UnsignedFile.Multi.Generic ) - User select action: Skip 
19:52:22.0965 6288  VAIOMediaPlatform-IntegratedServer-UPnP ( UnsignedFile.Multi.Generic ) - skipped by user
19:52:22.0966 6288  VAIOMediaPlatform-IntegratedServer-UPnP ( UnsignedFile.Multi.Generic ) - User select action: Skip 
19:52:22.0967 6288  VAIOMediaPlatform-UCLS-AppServer ( UnsignedFile.Multi.Generic ) - skipped by user
19:52:22.0967 6288  VAIOMediaPlatform-UCLS-AppServer ( UnsignedFile.Multi.Generic ) - User select action: Skip 
19:52:22.0971 6288  VAIOMediaPlatform-UCLS-HTTP ( UnsignedFile.Multi.Generic ) - skipped by user
19:52:22.0971 6288  VAIOMediaPlatform-UCLS-HTTP ( UnsignedFile.Multi.Generic ) - User select action: Skip 
19:52:22.0973 6288  VAIOMediaPlatform-UCLS-UPnP ( UnsignedFile.Multi.Generic ) - skipped by user
19:52:22.0973 6288  VAIOMediaPlatform-UCLS-UPnP ( UnsignedFile.Multi.Generic ) - User select action: Skip 
19:52:22.0976 6288  VzCdbSvc ( UnsignedFile.Multi.Generic ) - skipped by user
19:52:22.0976 6288  VzCdbSvc ( UnsignedFile.Multi.Generic ) - User select action: Skip 
19:52:22.0979 6288  VzFw ( UnsignedFile.Multi.Generic ) - skipped by user
19:52:22.0979 6288  VzFw ( UnsignedFile.Multi.Generic ) - User select action: Skip
         
und
Code:
ATTFilter
ComboFix 13-07-31.02 - *** 31.07.2013  20:26:22.2.2 - x86
Microsoft® Windows Vista™ Home Premium   6.0.6000.0.1252.49.1031.18.2038.1368 [GMT 2:00]
ausgeführt von:: c:\users\***\Desktop\ComboFix.exe
.
.
((((((((((((((((((((((((((((((((((((   Weitere Löschungen   ))))))))))))))))))))))))))))))))))))))))))))))))
.
.
---- Vorheriger Suchlauf -------
.
C:\Install.exe
.
.
(((((((((((((((((((((((   Dateien erstellt von 2013-06-28 bis 2013-07-31  ))))))))))))))))))))))))))))))
.
.
2013-07-31 18:32 . 2013-07-31 18:32	--------	d-----w-	c:\users\***\AppData\Local\temp
2013-07-30 15:58 . 2013-07-30 15:58	--------	d-----w-	C:\FRST
2013-07-23 11:26 . 2013-07-23 11:26	--------	d-----w-	c:\program files\TubeSaver
2013-07-17 11:38 . 2013-07-17 11:38	--------	d-----w-	c:\users\***\.android
2013-07-17 11:37 . 2013-07-17 11:37	--------	d-----w-	c:\users\***\AppData\Roaming\Optimizer Pro
2013-07-17 11:37 . 2013-07-17 11:37	--------	d-----w-	c:\program files\Optimizer Pro
2013-07-17 11:36 . 2013-07-17 11:36	--------	d-----w-	c:\users\***\AppData\Roaming\BabSolution
2013-07-17 11:36 . 2013-07-17 11:36	--------	d-----w-	c:\program files\Delta
2013-07-17 11:36 . 2013-07-23 18:55	--------	d-----w-	c:\users\***\AppData\Roaming\MyPhoneExplorer
2013-07-17 11:35 . 2013-07-17 11:35	--------	d-----w-	c:\users\***\AppData\Roaming\Babylon
2013-07-17 11:35 . 2013-07-17 11:35	--------	d-----w-	c:\programdata\Babylon
2013-07-17 11:35 . 2013-07-17 11:36	--------	d-----w-	c:\program files\MyPhoneExplorer
2013-07-01 19:42 . 2013-07-13 19:48	--------	d-----w-	c:\program files\Mozilla Thunderbird
.
.
.
((((((((((((((((((((((((((((((((((((   Find3M Bericht   ))))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2013-05-31 19:53 . 2012-05-19 11:03	692104	----a-w-	c:\windows\system32\FlashPlayerApp.exe
2013-05-31 19:53 . 2011-10-11 10:44	71048	----a-w-	c:\windows\system32\FlashPlayerCPLApp.cpl
.
.
((((((((((((((((((((((((((((   Autostartpunkte der Registrierung   ))))))))))))))))))))))))))))))))))))))))
.
.
*Hinweis* leere Einträge & legitime Standardeinträge werden nicht angezeigt. 
REGEDIT4
.
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\URLSearchHooks]
"{00000000-6E41-4FD3-8538-502F5495E5FC}"= "c:\program files\Ask.com\GenericAskToolbar.dll" [2012-10-29 1521872]
.
[HKEY_CLASSES_ROOT\clsid\{00000000-6e41-4fd3-8538-502f5495e5fc}]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\~\Browser Helper Objects\{57F2FC14-BE99-4DFB-B9F1-2458A4F496AB}]
2013-07-22 14:11	137728	----a-w-	c:\program files\TubeSaver\125.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt1]
@="{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}]
2013-04-04 22:12	130736	----a-w-	c:\users\***\AppData\Roaming\Dropbox\bin\DropboxExt.19.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt2]
@="{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}]
2013-04-04 22:12	130736	----a-w-	c:\users\***\AppData\Roaming\Dropbox\bin\DropboxExt.19.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt3]
@="{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}]
2013-04-04 22:12	130736	----a-w-	c:\users\***\AppData\Roaming\Dropbox\bin\DropboxExt.19.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt4]
@="{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}]
2013-04-04 22:12	130736	----a-w-	c:\users\***\AppData\Roaming\Dropbox\bin\DropboxExt.19.dll
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ccleaner"="c:\program files\CCleaner\CCleaner.exe" [2011-09-29 2647872]
"uTorrent"="c:\users\***\AppData\Roaming\uTorrent\uTorrent.exe" [2013-05-17 802136]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"IgfxTray"="c:\windows\system32\igfxtray.exe" [2007-01-24 98304]
"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2007-01-24 106496]
"Persistence"="c:\windows\system32\igfxpers.exe" [2007-01-24 81920]
"RtHDVCpl"="RtHDVCpl.exe" [2007-02-06 4317184]
"Apoint"="c:\program files\Apoint\Apoint.exe" [2007-01-12 118784]
"LogitechCommunicationsManager"="c:\program files\Common Files\LogiShrd\LComMgr\Communications_Helper.exe" [2007-10-25 563984]
"LXCFCATS"="c:\windows\system32\spool\DRIVERS\W32X86\3\LXCFtime.dll" [2005-04-27 69632]
"SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2012-01-17 252296]
"QuickTime Task"="c:\program files\QuickTime\QTTask.exe" [2009-11-10 417792]
"ApnUpdater"="c:\program files\Ask.com\Updater\Updater.exe" [2012-10-29 1573584]
"avgnt"="c:\program files\Avira\AntiVir Desktop\avgnt.exe" [2013-07-01 345144]
.
c:\users\***\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
Dropbox.lnk - c:\users\***\AppData\Roaming\Dropbox\bin\Dropbox.exe /systemstartup [2013-5-25 27776968]
Windows Privacy Tray.lnk - c:\users\***\Desktop\Post\GnuPT\WPT\WinPT.exe [2013-1-24 595456]
.
c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
Acrobat Assistant.lnk - c:\program files\Adobe\Acrobat 6.0\Distillr\acrotray.exe [2003-5-15 217193]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"EnableLUA"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\VESWinlogon]
2007-02-13 14:19	98304	----a-w-	c:\windows\System32\VESWinlogon.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"aux2"=wdmaud.drv
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\hitmanpro36]
@=""
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\hitmanpro36.sys]
@=""
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\HitmanPro36Crusader]
@=""
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\HitmanPro36CrusaderBoot]
@=""
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WudfSvc]
@="Service"
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ccApp]
2006-11-17 02:08	107112	----a-w-	c:\program files\Common Files\Symantec Shared\ccApp.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DivXUpdate]
2011-07-28 23:08	1259376	----a-w-	c:\program files\DivX\DivX Update\DivXUpdate.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ISBMgr.exe]
2007-01-22 19:39	321656	----a-w-	c:\program files\sony\ISB Utility\ISBMgr.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\LogitechQuickCamRibbon]
2007-10-25 14:37	2178832	----a-w-	c:\program files\Logitech\QuickCam\Quickcam.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\osCheck]
2006-11-17 02:05	22696	----a-w-	c:\program files\Norton Internet Security\osCheck.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Windows Defender]
2006-11-02 12:34	1004136	----a-w-	c:\program files\Windows Defender\MSASCui.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\WindowsWelcomeCenter]
2006-11-02 12:34	2159104	----a-w-	c:\windows\System32\oobefldr.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"AntiVirusOverride"=dword:00000001
"FirewallOverride"=dword:00000001
.
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring]
"DisableMonitoring"=dword:00000001
.
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus]
"DisableMonitoring"=dword:00000001
.
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecFirewall]
"DisableMonitoring"=dword:00000001
.
--- Andere Dienste/Treiber im Speicher ---
.
*NewlyCreated* - COMHOST
.
Inhalt des "geplante Tasks" Ordners
.
2013-07-31 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files\Google\Update\GoogleUpdate.exe [2011-10-22 19:41]
.
2013-07-31 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files\Google\Update\GoogleUpdate.exe [2011-10-22 19:41]
.
2013-07-31 c:\windows\Tasks\TubeSaver Update.job
- c:\program files\TubeSaver\tbsUd.exe [2013-07-22 14:11]
.
.
------- Zusätzlicher Suchlauf -------
.
uStart Page = about:blank
mStart Page = hxxp://www.club-vaio.com
LSP: c:\program files\Avira\AntiVir Desktop\avsda.dll
TCP: DhcpNameServer = 192.168.178.1
FF - ProfilePath - c:\users\***\AppData\Roaming\Mozilla\Firefox\Profiles\jpzzj47c.default\
FF - prefs.js: browser.search.selectedEngine - Google
FF - prefs.js: browser.startup.homepage - inforiot.de
FF - prefs.js: keyword.URL - hxxp://websearch.ask.com/redirect?client=ff&src=kw&tb=AVR-4&o=APN10261&locale=de_DE&apn_uid=86f68a40-1cd0-4ecd-a9ee-2d3b7e0db83c&apn_ptnrs=%5EAGS&apn_sauid=B4A21FB3-6BDC-4104-8C1A-CAEEC57C9EF0&apn_dtid=%5EYYYYYY%5EYY%5EDE&&q=
FF - ExtSQL: 2013-07-17 13:36; ffxtlbr@delta.com; c:\users\***\AppData\Roaming\Mozilla\Firefox\Profiles\jpzzj47c.default\extensions\ffxtlbr@delta.com
FF - ExtSQL: 2013-07-17 13:36; Tubesaver@istqt.co; c:\program files\TubeSaver\125.xpi
FF - user.js: extentions.y2layers.installId - b47af8cb-4e90-4485-a3a2-985a03a01ffa
FF - user.js: extentions.y2layers.defaultEnableAppsList - BestVideoDownloader,BestVideoDownloader,
FF - user.js: extensions.delta.tlbrSrchUrl - 
FF - user.js: extensions.delta.id - 26d46bdb00000000000000197e6bf6d8
FF - user.js: extensions.delta.appId - {C26644C4-2A12-4CA6-8F2E-0EDE6CF018F3}
FF - user.js: extensions.delta.instlDay - 15903
FF - user.js: extensions.delta.vrsn - 1.8.21.5
FF - user.js: extensions.delta.vrsni - 1.8.21.5
FF - user.js: extensions.delta.vrsnTs - 1.8.21.513:36
FF - user.js: extensions.delta.prtnrId - delta
FF - user.js: extensions.delta.prdct - delta
FF - user.js: extensions.delta.aflt - babsst
FF - user.js: extensions.delta.smplGrp - none
FF - user.js: extensions.delta.tlbrId - base
FF - user.js: extensions.delta.instlRef - sst
FF - user.js: extensions.delta.dfltLng - de
FF - user.js: extensions.delta.excTlbr - false
FF - user.js: extensions.delta.ffxUnstlRst - true
FF - user.js: extensions.delta.admin - false
FF - user.js: extensions.delta_i.babTrack - affID=120692&tt=160713_91114&tsp=4946
FF - user.js: extensions.delta_i.babExt - 
FF - user.js: extensions.delta_i.srcExt - ss
FF - user.js: extensions.delta.autoRvrt - false
FF - user.js: extensions.delta.rvrt - false
FF - user.js: extensions.delta.newTab - false
FF - user.js: extensions.autoDisableScopes - 0
FF - user.js: extensions.shownSelectionUI - true
.
- - - - Entfernte verwaiste Registrierungseinträge - - - -
.
SafeBoot-WudfPf
SafeBoot-WudfRd
MSConfigStartUp-Adobe ARM - c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe
MSConfigStartUp-IS CfgWiz - c:\program files\Common Files\Symantec Shared\OPC\{31011D49-D90C-4da0-878B-78D28AD507AF}\cltUIStb.exe
AddRemove-HDMI - c:\windows\system32\igxpun.exe
AddRemove-System Progressive Protection - c:\programdata\FB40BB586A656BDB0026FB409483D7B6\FB40BB586A656BDB0026FB409483D7B6.exe
.
.
.
**************************************************************************
.
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, hxxp://www.gmer.net
Rootkit scan 2013-07-31 20:32
Windows 6.0.6000  NTFS
.
Scanne versteckte Prozesse... 
.
Scanne versteckte Autostarteinträge... 
.
HKLM\Software\Microsoft\Windows\CurrentVersion\Run
  LXCFCATS = rundll32 c:\windows\system32\spool\DRIVERS\W32X86\3\LXCFtime.dll,_RunDLLEntry@16??????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????? 
.
Scanne versteckte Dateien... 
.
Scan erfolgreich abgeschlossen
versteckte Dateien: 0
.
**************************************************************************
.
--------------------- Gesperrte Registrierungsschluessel ---------------------
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0001\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0002\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
Zeit der Fertigstellung: 2013-07-31  20:34:37
ComboFix-quarantined-files.txt  2013-07-31 18:34
.
Vor Suchlauf: 11 Verzeichnis(se), 43.648.348.160 Bytes frei
Nach Suchlauf: 12 Verzeichnis(se), 43.408.510.976 Bytes frei
.
- - End Of File - - 4AAC3A65FB0BD6394E8C2B45646EA578
5C616939100B85E558DA92B899A0FC36
         
merci


Alt 31.07.2013, 21:05   #6
markusg
/// Malware-holic
 
TubeSaver1.125 - Standard

TubeSaver1.125



Hi,
es sind mehrere Logs zu erstellen, poste diese möglichst gleichzeitig, sollte es Probleme geben, stoppen und nachfragen.
1.
Deinstaliere bitte erst einmal:
Ask Toolbar
Avira SearchFree
Browser Address Error
Delta : beide
Optimizer Pro
TubeSaver
Sollte eine Deinstalation nicht funktionieren, mache es mit Rewo:
Revo Uninstaller - Download - Filepony
Starte nach den deinstalationen neu.
2.
Downloade Dir bitte AdwCleaner Logo Icon AdwCleaner auf deinen Desktop.
  • Schließe alle offenen Programme und Browser. Bebilderte Anleitung zu AdwCleaner.
  • Starte die AdwCleaner.exe mit einem Doppelklick.
  • Stimme den Nutzungsbedingungen zu.
  • Klicke auf Optionen und vergewissere dich, dass die folgenden Punkte ausgewählt sind:
    • "Tracing" Schlüssel löschen
    • Winsock Einstellungen zurücksetzen
    • Proxy Einstellungen zurücksetzen
    • Internet Explorer Richtlinien zurücksetzen
    • Chrome Richtlinien zurücksetzen
    • Stelle sicher, dass alle 5 Optionen wie hier dargestellt, ausgewählt sind
  • Klicke auf Suchlauf und warte bis dieser abgeschlossen ist.
  • Klicke nun auf Löschen und bestätige auftretende Hinweise mit Ok.
  • Dein Rechner wird automatisch neu gestartet. Nach dem Neustart öffnet sich eine Textdatei. Poste mir deren Inhalt mit deiner nächsten Antwort.
  • Die Logdatei findest du auch unter C:\AdwCleaner\AdwCleaner[Cx].txt. (x = fortlaufende Nummer).

neustarten.
3.

Beende bitte Deine Schutzsoftware um eventuelle Konflikte zu vermeiden.
Bitte lade Junkware Removal Tool auf Deinen Desktop

  • Starte das Tool mit Doppelklick. Ab Windows Vista (oder höher) bitte mit Rechtsklick "als Administrator ausführen" starten.
  • Drücke eine beliebige Taste, um das Tool zu starten.
  • Je nach System kann der Scan eine Weile dauern.
  • Wenn das Tool fertig ist wird das Logfile (JRT.txt) auf dem Desktop gespeichert und automatisch geöffnet.
  • Bitte poste den Inhalt der JRT.txt in Deiner nächsten Antwort.


neustarten.
4.
Hitmanpro laden:
Hitman Pro - Download - Filepony
Doppelklicken, Scan klicken.
Log speichern und posten, bzw als XML exportieren, packen und anhängenHi,
es sind 2 Logs zu erstellen, bitte gleichzeitig posten

Beende bitte Deine Schutzsoftware um eventuelle Konflikte zu vermeiden.
Bitte lade Junkware Removal Tool auf Deinen Desktop

  • Starte das Tool mit Doppelklick. Ab Windows Vista (oder höher) bitte mit Rechtsklick "als Administrator ausführen" starten.
  • Drücke eine beliebige Taste, um das Tool zu starten.
  • Je nach System kann der Scan eine Weile dauern.
  • Wenn das Tool fertig ist wird das Logfile (JRT.txt) auf dem Desktop gespeichert und automatisch geöffnet.
  • Bitte poste den Inhalt der JRT.txt in Deiner nächsten Antwort.

__________________
--> TubeSaver1.125

Alt 31.07.2013, 22:06   #7
querulant_in
 
TubeSaver1.125 - Standard

TubeSaver1.125



wart ma... das is so viel.
ihr macht das im normalfall nicht so, dass ihr ansagt, obs n problem gibt und welches?
bin etw verunsichert durch die standartisierten anweisungen ohne info, wasde aus den log-datein eigentlich liest..
no offence.
würd nur gern wissen, was phase is. geht das?

Alt 01.08.2013, 12:02   #8
markusg
/// Malware-holic
 
TubeSaver1.125 - Standard

TubeSaver1.125



Wenn wir jeden Schritt erklären würden, würde das halt viel zeit kosten, wir entfernen jetzt adware
__________________
-Verdächtige mails bitte an uns zur Analyse weiterleiten:
markusg.trojaner-board@web.de
Weiterleiten
Anleitung:
http://markusg.trojaner-board.de
Mails bitte vorerst nach obiger Anleitung an
markusg.trojaner-board@web.de
Weiterleiten
Wenn Ihr uns unterstützen möchtet

Alt 01.08.2013, 19:10   #9
querulant_in
 
TubeSaver1.125 - Standard

TubeSaver1.125



danke. srry, wollt nicht unverschämt sein. cool, dassde dir die zeit nimmst.
hier die log-dateien:
Code:
ATTFilter
# AdwCleaner v2.306 - Datei am 01/08/2013 um 19:43:11 erstellt
# Aktualisiert am 19/07/2013 von Xplode
# Betriebssystem : Windows Vista (TM) Home Premium  (32 bits)
# Benutzer : *** - ***-PC
# Bootmodus : Normal
# Ausgeführt unter : C:\Users\***\Desktop\adwcleaner.exe
# Option [Löschen]


**** [Dienste] ****


***** [Dateien / Ordner] *****

Datei Gelöscht : C:\Users\***\AppData\Roaming\Mozilla\Firefox\Profiles\jpzzj47c.default\foxydeal.sqlite
Datei Gelöscht : C:\Users\***\AppData\Roaming\Mozilla\Firefox\Profiles\jpzzj47c.default\searchplugins\Askcom.xml
Datei Gelöscht : C:\Users\***\AppData\Roaming\Mozilla\Firefox\Profiles\jpzzj47c.default\searchplugins\delta.xml
Ordner Gelöscht : C:\ProgramData\Babylon
Ordner Gelöscht : C:\ProgramData\Tarma Installer
Ordner Gelöscht : C:\Users\***\AppData\LocalLow\boost_interprocess
Ordner Gelöscht : C:\Users\***\AppData\Roaming\Babylon

***** [Registrierungsdatenbank] *****

Schlüssel Gelöscht : HKCU\Software\1ClickDownload
Schlüssel Gelöscht : HKCU\Software\BabSolution
Schlüssel Gelöscht : HKCU\Software\Conduit
Schlüssel Gelöscht : HKCU\Software\delta LTD
Schlüssel Gelöscht : HKCU\Software\Microsoft\Windows\CurrentVersion\App Management\ARPCache\{79A765E1-C399-405B-85AF-466F52E918B0}
Schlüssel Gelöscht : HKCU\Software\Microsoft\Windows\CurrentVersion\App Management\ARPCache\{889DF117-14D1-44EE-9F31-C5FB5D47F68B}
Schlüssel Gelöscht : HKCU\Software\Softonic
Schlüssel Gelöscht : HKLM\Software\BabylonToolbar
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\AppID\{4E1E9D45-8BF9-4139-915C-9F83CC3D5921}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\AppID\{9B0CB95C-933A-4B8C-B6D4-EDCD19A43874}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\AppID\{C26644C4-2A12-4CA6-8F2E-0EDE6CF018F3}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\AppID\{CFDAFE39-20CE-451D-BD45-A37452F39CF0}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\AppID\escorTlbr.DLL
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\AppID\GenericAskToolbar.DLL
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\AppID\YontooIEClient.DLL
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\CLSID\{10DE7085-6A1E-4D41-A7BF-9AF93E351401}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\CLSID\{7E84186E-B5DE-4226-8A66-6E49C6B511B4}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\CLSID\{80922EE0-8A76-46AE-95D5-BD3C3FE0708D}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\CLSID\{DF7770F7-832F-4BDF-B144-100EDDD0C3AE}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\CLSID\{FE9271F2-6EFD-44B0-A826-84C829536E93}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{10DE7085-6A1E-4D41-A7BF-9AF93E351401}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{1AD27395-1659-4DFF-A319-2CFA243861A5}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{6C434537-053E-486D-B62A-160059D9D456}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{91CF619A-4686-4CA4-9232-3B2E6B63AA92}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{AC71B60E-94C9-4EDE-BA46-E146747BB67E}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Prod.cap
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\YontooIEClient.Api
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\YontooIEClient.Api.1
Schlüssel Gelöscht : HKLM\Software\Description
Schlüssel Gelöscht : HKLM\SOFTWARE\Google\Chrome\Extensions\niapdbllcanepiiimjjndipklodoedlc
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{DF7770F7-832F-4BDF-B144-100EDDD0C3AE}
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{889DF117-14D1-44EE-9F31-C5FB5D47F68B}
Schlüssel Gelöscht : HKLM\SOFTWARE\Software

***** [Internet Browser] *****

-\\ Internet Explorer v7.0.6000.16386

[OK] Die Registrierungsdatenbank ist sauber.

-\\ Mozilla Firefox v22.0 (de)

Datei : C:\Users\***\AppData\Roaming\Mozilla\Firefox\Profiles\jpzzj47c.default\prefs.js

C:\Users\***\AppData\Roaming\Mozilla\Firefox\Profiles\jpzzj47c.default\user.js ... Gelöscht !

Gelöscht : user_pref("extensions.delta.admin", false);
Gelöscht : user_pref("extensions.delta.aflt", "babsst");
Gelöscht : user_pref("extensions.delta.appId", "{C26644C4-2A12-4CA6-8F2E-0EDE6CF018F3}");
Gelöscht : user_pref("extensions.delta.autoRvrt", "false");
Gelöscht : user_pref("extensions.delta.bbDpng", "31");
Gelöscht : user_pref("extensions.delta.cntry", "DE");
Gelöscht : user_pref("extensions.delta.dfltLng", "de");
Gelöscht : user_pref("extensions.delta.excTlbr", false);
Gelöscht : user_pref("extensions.delta.ffxUnstlRst", true);
Gelöscht : user_pref("extensions.delta.hdrMd5", "94E900A13AEA4A3B7EF944FBAAC3E10E");
Gelöscht : user_pref("extensions.delta.id", "26d46bdb00000000000000197e6bf6d8");
Gelöscht : user_pref("extensions.delta.instlDay", "15903");
Gelöscht : user_pref("extensions.delta.instlRef", "sst");
Gelöscht : user_pref("extensions.delta.lastVrsnTs", "1.8.21.513:36:26");
Gelöscht : user_pref("extensions.delta.newTab", false);
Gelöscht : user_pref("extensions.delta.prdct", "delta");
Gelöscht : user_pref("extensions.delta.prtnrId", "delta");
Gelöscht : user_pref("extensions.delta.rvrt", "false");
Gelöscht : user_pref("extensions.delta.sg", "azb");
Gelöscht : user_pref("extensions.delta.smplGrp", "none");
Gelöscht : user_pref("extensions.delta.tlbrId", "base");
Gelöscht : user_pref("extensions.delta.tlbrSrchUrl", "");
Gelöscht : user_pref("extensions.delta.vrsn", "1.8.21.5");
Gelöscht : user_pref("extensions.delta.vrsnTs", "1.8.21.513:36:26");
Gelöscht : user_pref("extensions.delta.vrsni", "1.8.21.5");
Gelöscht : user_pref("extensions.delta_i.babExt", "");
Gelöscht : user_pref("extensions.delta_i.babTrack", "affID=120692&tt=160713_91114&tsp=4946");
Gelöscht : user_pref("extensions.delta_i.srcExt", "ss");
Gelöscht : user_pref("extensions.ffxtlbr@delta.com.install-event-fired", true);
Gelöscht : user_pref("extensions.toolbar@ask.com.install-event-fired", true);
Gelöscht : user_pref("extentions.y2layers.defaultEnableAppsList", "BestVideoDownloader,BestVideoDownloader,");
Gelöscht : user_pref("extentions.y2layers.installId", "b47af8cb-4e90-4485-a3a2-985a03a01ffa");
Gelöscht : user_pref("extentions.y2layers.lastDnsTest", 371943);

*************************

AdwCleaner[S1].txt - [6167 octets] - [01/08/2013 19:43:11]

########## EOF - C:\AdwCleaner[S1].txt - [6227 octets] ##########
         
Code:
ATTFilter
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Junkware Removal Tool (JRT) by Thisisu
Version: 5.2.9 (07.30.2013:1)
OS: Windows Vista (TM) Home Premium x86
Ran by *** on 01.08.2013 at 19:51:00,43
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~




~~~ Services



~~~ Registry Values



~~~ Registry Keys



~~~ Files

Successfully deleted: [File] C:\eula.1028.txt
Successfully deleted: [File] C:\eula.1031.txt
Successfully deleted: [File] C:\eula.1033.txt
Successfully deleted: [File] C:\eula.1036.txt
Successfully deleted: [File] C:\eula.1040.txt
Successfully deleted: [File] C:\eula.1041.txt
Successfully deleted: [File] C:\eula.1042.txt
Successfully deleted: [File] C:\eula.1049.txt
Successfully deleted: [File] C:\eula.2052.txt
Successfully deleted: [File] C:\install.res.1028.dll
Successfully deleted: [File] C:\install.res.1031.dll
Successfully deleted: [File] C:\install.res.1033.dll
Successfully deleted: [File] C:\install.res.1036.dll
Successfully deleted: [File] C:\install.res.1040.dll
Successfully deleted: [File] C:\install.res.1041.dll
Successfully deleted: [File] C:\install.res.1042.dll
Successfully deleted: [File] C:\install.res.1049.dll
Successfully deleted: [File] C:\install.res.2052.dll
Successfully deleted: [File] C:\install.res.3082.dll



~~~ Folders



~~~ FireFox

Successfully deleted: [File] C:\Users\***\AppData\Roaming\mozilla\firefox\profiles\jpzzj47c.default\invalidprefs.js
Emptied folder: C:\Users\***\AppData\Roaming\mozilla\firefox\profiles\jpzzj47c.default\minidumps [39 files]



~~~ Event Viewer Logs were cleared





~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Scan was completed on 01.08.2013 at 19:54:55,37
End of JRT log
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
         
Code:
ATTFilter
Code:
ATTFilter
HitmanPro 3.7.7.202
www.hitmanpro.com

   Computer name . . . . : ***-PC
   Windows . . . . . . . : 6.0.0.6000.X86/2
   User name . . . . . . : ***-pc\***
   UAC . . . . . . . . . : Disabled
   License . . . . . . . : Trial (Expired)

   Scan date . . . . . . : 2013-08-01 19:59:29
   Scan mode . . . . . . : Normal
   Scan duration . . . . : 6m 24s
   Disk access mode  . . : Direct disk access (SRB)
   Cloud . . . . . . . . : Internet
   Reboot  . . . . . . . : No

   Threats . . . . . . . : 0
   Traces  . . . . . . . : 0

   Objects scanned . . . : 739.513
   Files scanned . . . . : 21.681
   Remnants scanned  . . : 109.781 files / 608.051 keys
         
merci.

Alt 01.08.2013, 19:24   #10
markusg
/// Malware-holic
 
TubeSaver1.125 - Standard

TubeSaver1.125



Hi,
ist doch nicht unverschämt wenn du nachfragst :-)
starte mal bitte neu,poste ein abschließenes Farbar's Recovery Scan Tool Log.
Wir werden später auch die Nutzerkontensteuerung wieder einschalten, sie ist ein guter Anfang um Malware fernzuhalten.
__________________
-Verdächtige mails bitte an uns zur Analyse weiterleiten:
markusg.trojaner-board@web.de
Weiterleiten
Anleitung:
http://markusg.trojaner-board.de
Mails bitte vorerst nach obiger Anleitung an
markusg.trojaner-board@web.de
Weiterleiten
Wenn Ihr uns unterstützen möchtet

Alt 01.08.2013, 20:59   #11
querulant_in
 
TubeSaver1.125 - Standard

TubeSaver1.125



ok. danke du.


FRST Logfile:
Code:
ATTFilter
Scan result of Farbar Recovery Scan Tool (FRST) (x86) Version: 30-07-2013 03
Ran by *** (administrator) on 01-08-2013 21:55:46
Running from C:\Users\***\Desktop
Microsoft® Windows Vista™ Home Premium  (X86) OS Language: German Standard
Internet Explorer Version 7
Boot Mode: Normal

==================== Processes (Whitelisted) ===================

(Logitech Inc.) C:\Program Files\Common Files\LogiShrd\LVMVFM\LVPrcSrv.exe
(Microsoft Corporation) C:\Windows\system32\SLsvc.exe
(Symantec Corporation) C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
(Symantec Corporation) C:\Program Files\Common Files\Symantec Shared\AppCore\AppSvc32.exe
(Avira Operations GmbH & Co. KG) C:\Program Files\Avira\AntiVir Desktop\sched.exe
(Intel Corporation) C:\Windows\System32\hkcmd.exe
(Intel Corporation) C:\Windows\System32\igfxpers.exe
(Alps Electric Co., Ltd.) C:\Program Files\Apoint\Apoint.exe
() C:\Program Files\Common Files\LogiShrd\LComMgr\Communications_Helper.exe
(Avira Operations GmbH & Co. KG) C:\Program Files\Avira\AntiVir Desktop\avgnt.exe
(BitTorrent Inc.) C:\Users\***\AppData\Roaming\uTorrent\uTorrent.exe
(Adobe Systems Inc.) C:\Program Files\Adobe\Acrobat 6.0\Distillr\acrotray.exe
(Dropbox, Inc.) C:\Users\***\AppData\Roaming\Dropbox\bin\Dropbox.exe
() C:\Users\***\Desktop\Post\GnuPT\WPT\WinPT.exe
(Alps Electric Co., Ltd.) C:\Program Files\Apoint\ApMsgFwd.exe
(Alps Electric Co., Ltd.) C:\Program Files\Apoint\Apntex.exe
(Avira Operations GmbH & Co. KG) C:\Program Files\Avira\AntiVir Desktop\avguard.exe
() C:\Program Files\GNUzwei\GnuPG\dirmngr.exe
(Logitech Inc.) C:\Program Files\Common Files\LogiShrd\LVCOMSER\LVComSer.exe
(Logitech Inc.) C:\Program Files\Common Files\LogiShrd\LVCOMSER\LVComSer.exe
(Microsoft Corporation) C:\Program Files\Microsoft SQL Server\MSSQL.1\MSSQL\Binn\sqlservr.exe
(Sony Corporation) C:\Program Files\sony\VAIO Event Service\VESMgr.exe
(Sony Corporation) C:\Program Files\Common Files\Sony Shared\VAIO Entertainment Platform\VCSW\VCSW.exe
(Conexant Systems, Inc.) C:\Windows\system32\DRIVERS\xaudio.exe
(Sony Corporation) C:\Program Files\sony\VAIO Event Service\VESMgrSub.exe
(Intel Corporation) C:\Windows\system32\igfxext.exe
(Intel Corporation) C:\Windows\system32\igfxsrvc.exe
(Sony Corporation) C:\Program Files\Common Files\Sony Shared\VAIO Entertainment Platform\VzCdb\VzCdbSvc.exe
(Sony Corporation) C:\Program Files\Common Files\Sony Shared\VAIO Entertainment Platform\VzCdb\VzFw.exe
(Sony Corporation) C:\Program Files\Sony\VAIO Power Management\SPMgr.exe
(Avira Operations GmbH & Co. KG) C:\Program Files\Avira\AntiVir Desktop\avshadow.exe
(Sony Corporation) C:\Program Files\Sony\Wireless Switch Setting Utility\Switcher.exe
(Microsoft Corporation) C:\Program Files\Windows Media Player\wmpnscfg.exe
(Mozilla Corporation) C:\Program Files\Mozilla Firefox\firefox.exe

==================== Registry (Whitelisted) ==================

HKLM\...\Run: [RtHDVCpl] - C:\Windows\RtHDVCpl.exe [4317184 2007-02-06] (Realtek Semiconductor)
HKLM\...\Run: [Apoint] - C:\Program Files\Apoint\Apoint.exe [118784 2007-01-12] (Alps Electric Co., Ltd.)
HKLM\...\Run: [LogitechCommunicationsManager] - C:\Program Files\Common Files\LogiShrd\LComMgr\Communications_Helper.exe [563984 2007-10-25] ()
HKLM\...\Run: [LXCFCATS] - rundll32 C:\Windows\system32\spool\DRIVERS\W32X86\3\LXCFtime.dll,_RunDLLEntry@16 [x]
HKLM\...\Run: [SunJavaUpdateSched] - C:\Program Files\Common Files\Java\Java Update\jusched.exe [252296 2012-01-17] (Sun Microsystems, Inc.)
HKLM\...\Run: [QuickTime Task] - C:\Program Files\QuickTime\QTTask.exe [417792 2009-11-11] (Apple Inc.)
HKLM\...\Run: [avgnt] - C:\Program Files\Avira\AntiVir Desktop\avgnt.exe [345144 2013-07-01] (Avira Operations GmbH & Co. KG)
Winlogon\Notify\VESWinlogon: VESWinlogon.dll (Sony Corporation)
HKLM\...\InprocServer32: [Default-cscui]  <==== ATTENTION!
HKCU\...\Run: [ccleaner] - C:\Program Files\CCleaner\CCleaner.exe [2647872 2011-09-29] (Piriform Ltd)
HKCU\...\Run: [uTorrent] - C:\Users\***\AppData\Roaming\uTorrent\uTorrent.exe [802136 2013-05-17] (BitTorrent Inc.)
HKU\Default\...\Run: [WindowsWelcomeCenter] - C:\Windows\System32\oobefldr.dll [ 2006-11-02] (Microsoft Corporation)
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\Acrobat Assistant.lnk
ShortcutTarget: Acrobat Assistant.lnk -> C:\Program Files\Adobe\Acrobat 6.0\Distillr\acrotray.exe (Adobe Systems Inc.)
Startup: C:\Users\***\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dropbox.lnk
ShortcutTarget: Dropbox.lnk -> C:\Users\***\AppData\Roaming\Dropbox\bin\Dropbox.exe (Dropbox, Inc.)
Startup: C:\Users\***\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Windows Privacy Tray.lnk
ShortcutTarget: Windows Privacy Tray.lnk -> C:\Users\***\Desktop\Post\GnuPT\WPT\WinPT.exe ()

==================== Internet (Whitelisted) ====================

HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = %SystemRoot%\system32\blank.htm
HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.club-vaio.com
HKLM\Software\Microsoft\Internet Explorer\Main,Default_Secondary_Page_URL = hxxp://partnerpage.google.com/eu.sony.com/de
hxxp://www.club-vaio.com/vbc
HKLM\Software\Microsoft\Internet Explorer\Main,Secondary Start Pages = hxxp://partnerpage.google.com/eu.sony.com/de
hxxp://www.club-vaio.com/vbc
SearchScopes: HKLM - DefaultScope value is missing.
SearchScopes: HKLM - {47A69BFA-63EF-41C2-B09F-7F84F19B5FDF} URL = hxxp://www.google.de/search?hl=de&q={searchTerms}&meta=
SearchScopes: HKCU - {47A69BFA-63EF-41C2-B09F-7F84F19B5FDF} URL = hxxp://www.google.de/search?hl=de&q={searchTerms}&meta=
BHO: No Name - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} -  No File
BHO: DivX Plus Web Player HTML5 <video> - {326E768D-4182-46FD-9C16-1449A49795F4} - C:\Program Files\DivX\DivX Plus Web Player\ie\DivXHTML5\DivXHTML5.dll (DivX, LLC)
BHO: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Oracle\JavaFX 2.1 Runtime\bin\ssv.dll (Oracle Corporation)
BHO: AcroIEToolbarHelper Class - {AE7CD045-E861-484f-8273-0445EE161910} - C:\Program Files\Adobe\Acrobat 6.0\Acrobat\AcroIEFavClient.dll ()
BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Oracle\JavaFX 2.1 Runtime\bin\jp2ssv.dll (Oracle Corporation)
Toolbar: HKLM - Adobe PDF - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files\Adobe\Acrobat 6.0\Acrobat\AcroIEFavClient.dll ()
Toolbar: HKCU -Adobe PDF - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files\Adobe\Acrobat 6.0\Acrobat\AcroIEFavClient.dll ()
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0000-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0-windows-i586.cab
Handler: ms-itss - {0A9007C0-4076-11D3-8789-0000F8105754} - C:\Program Files\Common Files\Microsoft Shared\Information Retrieval\msitss.dll (Microsoft Corporation)
Handler: msdaipp - No CLSID Value - 
Tcpip\Parameters: [DhcpNameServer] 192.168.178.1

FireFox:
========
FF ProfilePath: C:\Users\***\AppData\Roaming\Mozilla\Firefox\Profiles\jpzzj47c.default
FF Plugin: @adobe.com/FlashPlayer - C:\Windows\system32\Macromed\Flash\NPSWF32_11_7_700_202.dll ()
FF Plugin: @divx.com/DivX Browser Plugin,version=1.0.0 - C:\Program Files\DivX\DivX Plus Web Player\npdivx32.dll (DivX, LLC)
FF Plugin: @divx.com/DivX VOD Helper,version=1.0.0 - C:\Program Files\DivX\DivX OVS Helper\npovshelper.dll (DivX, LLC.)
FF Plugin: @java.com/JavaPlugin,version=10.5.1 - C:\Program Files\Oracle\JavaFX 2.1 Runtime\bin\plugin2\npjp2.dll (Oracle Corporation)
FF Plugin: @tools.google.com/Google Update;version=3 - C:\Program Files\Google\Update\1.3.21.153\npGoogleUpdate3.dll (Google Inc.)
FF Plugin: @tools.google.com/Google Update;version=9 - C:\Program Files\Google\Update\1.3.21.153\npGoogleUpdate3.dll (Google Inc.)
FF Extension: No Name - C:\Users\***\AppData\Roaming\Mozilla\Extensions\{3550f703-e582-4d05-9a08-453d09bdfdc6}
FF Extension: DoNotTrackMe - C:\Users\***\AppData\Roaming\Mozilla\Firefox\Profiles\jpzzj47c.default\Extensions\donottrackplus@abine.com
FF Extension: ProxTube - Gesperrte YouTube Videos entsperren - C:\Users\***\AppData\Roaming\Mozilla\Firefox\Profiles\jpzzj47c.default\Extensions\ich@maltegoetz.de
FF Extension: No Name - C:\Users\***\AppData\Roaming\Mozilla\Firefox\Profiles\jpzzj47c.default\Extensions\{097d3191-e6fa-4728-9826-b533d755359d}.xpi
FF Extension: No Name - C:\Users\***\AppData\Roaming\Mozilla\Firefox\Profiles\jpzzj47c.default\Extensions\{c0c9a2c7-2e5c-4447-bc53-97718bc91e1b}.xpi
FF Extension: No Name - C:\Users\***\AppData\Roaming\Mozilla\Firefox\Profiles\jpzzj47c.default\Extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}.xpi
FF Extension: No Name - C:\Users\***\AppData\Roaming\Mozilla\Firefox\Profiles\jpzzj47c.default\Extensions\{dc572301-7619-498c-a57d-39143191b318}.xpi
FF Extension: Default - C:\Program Files\Mozilla Firefox\browser\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}
FF HKLM\...\Firefox\Extensions: [{23fcfd51-4958-4f00-80a3-ae97e717ed8b}] C:\Program Files\DivX\DivX Plus Web Player\firefox\DivXHTML5
FF Extension: DivX Plus Web Player HTML5 &lt;video&gt; - C:\Program Files\DivX\DivX Plus Web Player\firefox\DivXHTML5

========================== Services (Whitelisted) =================

R2 AntiVirSchedulerService; C:\Program Files\Avira\AntiVir Desktop\sched.exe [84024 2013-07-01] (Avira Operations GmbH & Co. KG)
R2 AntiVirService; C:\Program Files\Avira\AntiVir Desktop\avguard.exe [108088 2013-07-01] (Avira Operations GmbH & Co. KG)
R2 ccEvtMgr; C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe [107624 2006-11-17] (Symantec Corporation)
R2 ccSetMgr; C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe [107624 2006-11-17] (Symantec Corporation)
S2 CLTNetCnService; C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe [107624 2006-11-17] (Symantec Corporation)
S3 comHost; C:\Program Files\Common Files\Symantec Shared\VAScanner\comHost.exe [49296 2006-11-17] (Symantec Corporation)
R2 DirMngr; C:\Program Files\GNUzwei\GnuPG\dirmngr.exe [224256 2011-03-02] ()
S3 ISPwdSvc; C:\Program Files\Norton Internet Security\isPwdSvc.exe [80552 2006-11-17] (Symantec Corporation)
R2 LVCOMSer; C:\Program Files\Common Files\LogiShrd\LVCOMSER\LVComSer.exe [186904 2007-10-19] (Logitech Inc.)
S2 LVSrvLauncher; C:\Program Files\Common Files\LogiShrd\SrvLnch\SrvLnch.exe [141848 2007-10-19] (Logitech Inc.)
S3 lxcf_device; C:\Windows\system32\lxcfcoms.exe [491520 2005-04-15] ()
R2 MSSQL$VAIO_VEDB; C:\Program Files\Microsoft SQL Server\MSSQL.1\MSSQL\Binn\sqlservr.exe [28933976 2007-02-05] (Microsoft Corporation)
S4 MSSQLServerADHelper; C:\Program Files\Microsoft SQL Server\90\Shared\sqladhlp90.exe [45272 2007-02-05] (Microsoft Corporation)
S3 PACSPTISVR; C:\Program Files\Common Files\Sony Shared\AvLib\PACSPTISVR.exe [57344 2006-12-14] ()
S3 Sony Ericsson PCCompanion; C:\Program Files\Sony Ericsson\Sony Ericsson PC Companion\PCCService.exe [155344 2011-06-29] (Avanquest Software)
S3 SPTISRV; C:\Program Files\Common Files\Sony Shared\AvLib\SPTISRV.exe [69632 2006-12-14] (Sony Corporation)
R2 SymAppCore; C:\Program Files\Common Files\Symantec Shared\AppCore\AppSvc32.exe [46736 2006-11-17] (Symantec Corporation)
S3 VAIO Entertainment TV Device Arbitration Service; C:\Program Files\Common Files\Sony Shared\VAIO Entertainment Platform\VzCs\VzHardwareResourceManager\VzHardwareResourceManager.exe [73728 2007-01-10] (Sony Corporation)
R2 VAIO Event Service; C:\Program Files\sony\VAIO Event Service\VESMgr.exe [182392 2007-02-13] (Sony Corporation)
S3 VAIOMediaPlatform-IntegratedServer-AppServer; C:\Program Files\sony\VAIO Media Integrated Server\VMISrv.exe [2523136 2007-01-16] (Sony Corporation)
S3 VAIOMediaPlatform-IntegratedServer-UPnP; C:\Program Files\sony\VAIO Media Integrated Server\Platform\UPnPFramework.exe [1089536 2007-01-16] (Sony Corporation)
S3 VAIOMediaPlatform-UCLS-AppServer; C:\Program Files\sony\VAIO Media Integrated Server\UCLS.exe [745472 2007-01-10] (Sony Corporation)
S3 VAIOMediaPlatform-UCLS-UPnP; C:\Program Files\sony\VAIO Media Integrated Server\Platform\UPnPFramework.exe [1089536 2007-01-16] (Sony Corporation)
R3 Vcsw; C:\Program Files\Common Files\Sony Shared\VAIO Entertainment Platform\VCSW\VCSW.exe [274432 2006-11-28] (Sony Corporation)
R2 VzCdbSvc; C:\Program Files\Common Files\Sony Shared\VAIO Entertainment Platform\VzCdb\VzCdbSvc.exe [172032 2006-11-28] (Sony Corporation)
R2 VzFw; C:\Program Files\Common Files\Sony Shared\VAIO Entertainment Platform\VzCdb\VzFw.exe [135168 2006-11-28] (Sony Corporation)
S3 VAIOMediaPlatform-IntegratedServer-HTTP; "C:\Program Files\sony\VAIO Media Integrated Server\Platform\SV_Httpd.exe" /Service=VAIOMediaPlatform-IntegratedServer-HTTP /RegRoot="SOFTWARE\Sony Corporation\VAIO Media Platform\2.0" /RegExt="Applications\IntegratedServer\HTTP" [x]
S3 VAIOMediaPlatform-Mobile-Gateway; "C:\Program Files\sony\VAIO Media Integrated Server\Platform\VmGateway.exe" /Service=VAIOMediaPlatform-Mobile-Gateway /RegRoot="SOFTWARE\Sony Corporation\VAIO Media Platform\2.0" /RegExt="\Addons\Packages\Mobile\Gateway" /DisplayName="VAIO Media Gateway Server" [x]
S3 VAIOMediaPlatform-UCLS-HTTP; "C:\Program Files\sony\VAIO Media Integrated Server\Platform\SV_Httpd.exe" /Service=VAIOMediaPlatform-UCLS-HTTP /RegRoot="SOFTWARE\Sony Corporation\VAIO Media Platform\2.0" /RegExt="\Applications\UCLS\HTTP" [x]

==================== Drivers (Whitelisted) ====================

R2 avgntflt; C:\Windows\System32\DRIVERS\avgntflt.sys [84744 2013-03-28] (Avira Operations GmbH & Co. KG)
R1 avipbb; C:\Windows\System32\DRIVERS\avipbb.sys [135136 2013-03-28] (Avira Operations GmbH & Co. KG)
R1 avkmgr; C:\Windows\System32\DRIVERS\avkmgr.sys [37352 2013-03-28] (Avira Operations GmbH & Co. KG)
S3 IDSvix86; C:\PROGRA~2\Symantec\DEFINI~1\SymcData\idsdefs\20061025.029\IDSvix86.sys [202872 2006-11-17] (Symantec Corporation)
S3 LVcKap; C:\Windows\System32\DRIVERS\LVcKap.sys [2109976 2007-10-19] (Logitech Inc.)
S3 LVMVDrv; C:\Windows\System32\DRIVERS\LVMVDrv.sys [2142488 2007-10-11] (Logitech Inc.)
R3 LVPr2Mon; C:\Windows\System32\DRIVERS\LVPr2Mon.sys [25624 2007-10-11] ()
S3 MBAMSwissArmy; C:\Windows\system32\drivers\mbamswissarmy.sys [40776 2012-10-12] (Malwarebytes Corporation)
S3 QCDonner; C:\Windows\System32\DRIVERS\LVCD.sys [474304 2004-04-26] (Logitech Inc.)
R3 SNC; C:\Windows\System32\Drivers\SonyNC.sys [27520 2007-02-06] (Sony Corporation)
R1 ssmdrv; C:\Windows\System32\DRIVERS\ssmdrv.sys [28520 2012-08-27] (Avira GmbH)
S3 SymEvent; C:\Windows\system32\Drivers\SYMEVENT.SYS [109744 2007-02-26] (Symantec Corporation)
R3 ti21sony; C:\Windows\System32\drivers\ti21sony.sys [807424 2007-02-08] (Texas Instruments)
S4 blbdrive; \SystemRoot\system32\drivers\blbdrive.sys [x]
S3 catchme; \??\C:\Users\***\AppData\Local\Temp\catchme.sys [x]
S3 IpInIp; system32\DRIVERS\ipinip.sys [x]
S3 NwlnkFlt; system32\DRIVERS\nwlnkflt.sys [x]
S3 NwlnkFwd; system32\DRIVERS\nwlnkfwd.sys [x]

==================== NetSvcs (Whitelisted) ===================


==================== One Month Created Files and Folders ========

2013-08-01 21:43 - 2013-08-01 21:43 - 00000000 _____ C:\Windows\WindowsUpdate.log
2013-08-01 21:40 - 2013-08-01 21:40 - 00000022 _____ C:\Windows\S.dirmngr
2013-08-01 21:18 - 2013-08-01 21:19 - 00000000 ____D C:\Users\***\Desktop\josis mp3 31.7.13
2013-08-01 20:11 - 2013-08-01 21:55 - 00000000 ____D C:\Users\***\Desktop\viruskacke
2013-08-01 19:50 - 2013-08-01 19:50 - 00000000 ____D C:\Windows\ERUNT
2013-08-01 19:43 - 2013-08-01 19:43 - 00006296 _____ C:\AdwCleaner[S1].txt
2013-07-31 20:34 - 2013-07-31 20:34 - 00013276 _____ C:\ComboFix.txt
2013-07-31 20:24 - 2013-07-31 20:34 - 00000000 ____D C:\ComboFix
2013-07-31 19:57 - 2013-07-31 20:34 - 00000000 ____D C:\Qoobox
2013-07-31 19:57 - 2011-06-26 08:45 - 00256000 _____ C:\Windows\PEV.exe
2013-07-31 19:57 - 2010-11-07 19:20 - 00208896 _____ C:\Windows\MBR.exe
2013-07-31 19:57 - 2009-04-20 06:56 - 00060416 _____ (NirSoft) C:\Windows\NIRCMD.exe
2013-07-31 19:57 - 2000-08-31 02:00 - 00518144 _____ (SteelWerX) C:\Windows\SWREG.exe
2013-07-31 19:57 - 2000-08-31 02:00 - 00406528 _____ (SteelWerX) C:\Windows\SWSC.exe
2013-07-31 19:57 - 2000-08-31 02:00 - 00212480 _____ (SteelWerX) C:\Windows\SWXCACLS.exe
2013-07-31 19:57 - 2000-08-31 02:00 - 00098816 _____ C:\Windows\sed.exe
2013-07-31 19:57 - 2000-08-31 02:00 - 00080412 _____ C:\Windows\grep.exe
2013-07-31 19:57 - 2000-08-31 02:00 - 00068096 _____ C:\Windows\zip.exe
2013-07-31 19:56 - 2013-07-31 20:32 - 00000000 ____D C:\Windows\erdnt
2013-07-30 17:58 - 2013-07-30 17:58 - 00000000 ____D C:\FRST
2013-07-30 17:57 - 2013-07-30 17:57 - 01222114 _____ (Farbar) C:\Users\***\Desktop\FRST.exe
2013-07-26 16:25 - 2013-07-26 16:25 - 00000000 ____D C:\Users\***\Desktop\sampler
2013-07-19 12:24 - 2013-07-19 12:24 - 00000075 _____ C:\Users\***\Desktop\Neues Textdokument.txt
2013-07-17 17:24 - 2013-07-17 17:25 - 00637534 _____ C:\Users\***\Documents\SMS Konversationen.html
2013-07-17 13:45 - 2013-07-17 13:45 - 00480657 _____ C:\Users\***\Documents\Backup ***phone 2013-07-17.mpb
2013-07-17 13:38 - 2013-07-17 13:38 - 00000000 ____D C:\Users\***\.android
2013-07-17 13:36 - 2013-07-23 20:55 - 00000000 ____D C:\Users\***\AppData\Roaming\MyPhoneExplorer
2013-07-17 13:36 - 2013-07-17 13:36 - 00001854 _____ C:\Users\Public\Desktop\MyPhoneExplorer.lnk
2013-07-17 13:35 - 2013-07-17 13:36 - 00000000 ____D C:\Program Files\MyPhoneExplorer
2013-07-17 13:31 - 2013-07-17 13:31 - 07134488 _____ C:\Users\***\Downloads\MyPhoneExplorer_Setup_1.8.4.exe

==================== One Month Modified Files and Folders =======

2013-08-01 21:55 - 2013-08-01 20:11 - 00000000 ____D C:\Users\***\Desktop\viruskacke
2013-08-01 21:55 - 2013-02-22 17:15 - 00000000 ____D C:\Users\***\AppData\Roaming\uTorrent
2013-08-01 21:47 - 2006-11-02 12:33 - 01617722 _____ C:\Windows\system32\PerfStringBackup.INI
2013-08-01 21:43 - 2013-08-01 21:43 - 00000000 _____ C:\Windows\WindowsUpdate.log
2013-08-01 21:41 - 2013-03-20 21:57 - 00000000 ____D C:\Users\***\AppData\Roaming\Dropbox
2013-08-01 21:40 - 2013-08-01 21:40 - 00000022 _____ C:\Windows\S.dirmngr
2013-08-01 21:40 - 2013-03-20 22:01 - 00000000 ___RD C:\Users\***\Dropbox
2013-08-01 21:39 - 2011-10-22 21:42 - 00001088 _____ C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
2013-08-01 21:39 - 2006-11-02 15:01 - 00000006 ____H C:\Windows\Tasks\SA.DAT
2013-08-01 21:39 - 2006-11-02 14:47 - 00003456 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0
2013-08-01 21:39 - 2006-11-02 14:47 - 00003456 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0
2013-08-01 21:38 - 2012-02-24 12:14 - 00002422 _____ C:\lxcf.log
2013-08-01 21:38 - 2006-11-02 15:01 - 00032572 _____ C:\Windows\Tasks\SCHEDLGU.TXT
2013-08-01 21:34 - 2011-10-22 21:42 - 00001092 _____ C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
2013-08-01 21:19 - 2013-08-01 21:18 - 00000000 ____D C:\Users\***\Desktop\josis mp3 31.7.13
2013-08-01 20:07 - 2012-09-25 23:28 - 00000000 ____D C:\ProgramData\HitmanPro
2013-08-01 19:50 - 2013-08-01 19:50 - 00000000 ____D C:\Windows\ERUNT
2013-08-01 19:43 - 2013-08-01 19:43 - 00006296 _____ C:\AdwCleaner[S1].txt
2013-07-31 20:34 - 2013-07-31 20:34 - 00013276 _____ C:\ComboFix.txt
2013-07-31 20:34 - 2013-07-31 20:24 - 00000000 ____D C:\ComboFix
2013-07-31 20:34 - 2013-07-31 19:57 - 00000000 ____D C:\Qoobox
2013-07-31 20:34 - 2006-11-02 13:18 - 00000000 ___RD C:\Users\Public
2013-07-31 20:32 - 2013-07-31 19:56 - 00000000 ____D C:\Windows\erdnt
2013-07-31 20:32 - 2006-11-02 12:23 - 00000215 _____ C:\Windows\system.ini
2013-07-30 21:32 - 2013-01-24 14:01 - 00000000 ____D C:\Users\***\AppData\Roaming\gnupg
2013-07-30 21:26 - 2012-04-27 18:03 - 00000000 ____D C:\Program Files\Mozilla Maintenance Service
2013-07-30 21:26 - 2011-10-10 21:38 - 00000000 ____D C:\Users\***\AppData\Roaming\Winamp
2013-07-30 17:58 - 2013-07-30 17:58 - 00000000 ____D C:\FRST
2013-07-30 17:57 - 2013-07-30 17:57 - 01222114 _____ (Farbar) C:\Users\***\Desktop\FRST.exe
2013-07-26 16:25 - 2013-07-26 16:25 - 00000000 ____D C:\Users\***\Desktop\sampler
2013-07-24 18:13 - 2011-10-11 13:36 - 00000000 ___RD C:\Users\***\Desktop\#1
2013-07-24 18:02 - 2013-01-24 16:14 - 00000000 ____D C:\Users\***\Desktop\gesammelt
2013-07-23 20:55 - 2013-07-17 13:36 - 00000000 ____D C:\Users\***\AppData\Roaming\MyPhoneExplorer
2013-07-19 12:24 - 2013-07-19 12:24 - 00000075 _____ C:\Users\***\Desktop\Neues Textdokument.txt
2013-07-17 17:25 - 2013-07-17 17:24 - 00637534 _____ C:\Users\***\Documents\SMS Konversationen.html
2013-07-17 13:45 - 2013-07-17 13:45 - 00480657 _____ C:\Users\***\Documents\Backup ***phone 2013-07-17.mpb
2013-07-17 13:38 - 2013-07-17 13:38 - 00000000 ____D C:\Users\***\.android
2013-07-17 13:38 - 2011-10-10 21:11 - 00000000 ____D C:\Users\***
2013-07-17 13:36 - 2013-07-17 13:36 - 00001854 _____ C:\Users\Public\Desktop\MyPhoneExplorer.lnk
2013-07-17 13:36 - 2013-07-17 13:35 - 00000000 ____D C:\Program Files\MyPhoneExplorer
2013-07-17 13:31 - 2013-07-17 13:31 - 07134488 _____ C:\Users\***\Downloads\MyPhoneExplorer_Setup_1.8.4.exe
2013-07-13 21:48 - 2013-07-01 21:42 - 00000000 ____D C:\Program Files\Mozilla Thunderbird
2013-07-05 12:34 - 2012-07-29 15:06 - 00000000 ____D C:\Users\***\Desktop\haus4_WiLMa
2013-07-04 20:13 - 2013-05-26 16:24 - 00000000 ____D C:\Program Files\Mozilla Firefox

==================== Bamital & volsnap Check =================

C:\Windows\explorer.exe
[2006-11-02 10:47] - [2006-11-02 11:45] - 2923520 ____A (Microsoft Corporation) FD8C53FB002217F6F888BCF6F5D7084D

C:\Windows\System32\winlogon.exe => MD5 is legit
C:\Windows\System32\wininit.exe => MD5 is legit
C:\Windows\System32\svchost.exe => MD5 is legit
C:\Windows\System32\services.exe => MD5 is legit
C:\Windows\System32\User32.dll
[2006-11-02 10:38] - [2006-11-02 11:46] - 0633856 ____A (Microsoft Corporation) E698A5437B89A285ACA3FF022356810A

C:\Windows\System32\userinit.exe => MD5 is legit
C:\Windows\System32\Drivers\volsnap.sys
[2006-11-02 10:52] - [2006-11-02 11:51] - 0208488 ____A (Microsoft Corporation) 11EF6C1CAEF76B685233450A126125D6



LastRegBack: 2013-08-01 21:46

==================== End Of Log ============================
         
--- --- ---

Alt 08.08.2013, 06:40   #12
querulant_in
 
TubeSaver1.125 - Standard

TubeSaver1.125



wie gehts weiter?

Alt 08.08.2013, 12:44   #13
markusg
/// Malware-holic
 
TubeSaver1.125 - Standard

TubeSaver1.125



Hiermit:
Bitte beginne damit, Windows Updates zu instalieren.
Am besten geht dies, wenn du über Start, Suchen gehst, und dort Windows Updates eingibst.
Prüfe unter "Einstellungen ändern" dass folgendes ausgewählt ist:
- Updates automatisch Instalieren,
- Täglich
- Uhrzeit wählen
- Bitte den gesammten rest anhaken, außer:
- detailierte benachichtungen anzeigen, wenn neue Microsoft software verfügbar ist.
Klicke jetzt die Schaltfläche "OK"
Klicke jetzt "nach Updates suchen".
Bitte instaliere zunächst wichtige Updates.
Es wird nötig sein, den PC zwischendurch neu zu starten. falls dies der Fall ist, musst du erneut über Start, Suchen, Windows Update aufrufen, auf Updates suchen klicken und die nächsten instalieren.
Mache das selbe bitte mit den optionalen Updates.

Instaliere solange Updates, bis das Vista Servicepack 2 (SP2) instaliert ist, prüfe dies, unter rechtsklick, Computer, Eigenschaften.
__________________
-Verdächtige mails bitte an uns zur Analyse weiterleiten:
markusg.trojaner-board@web.de
Weiterleiten
Anleitung:
http://markusg.trojaner-board.de
Mails bitte vorerst nach obiger Anleitung an
markusg.trojaner-board@web.de
Weiterleiten
Wenn Ihr uns unterstützen möchtet

Alt 10.08.2013, 09:30   #14
querulant_in
 
TubeSaver1.125 - Standard

TubeSaver1.125



komme leider nur bis servicepack 1 - und das wrd mir immer wieder als neues wichtiges update angezeigt, obwohl lt. update verlauf schon mehrfach installiert.
nanu?!

Alt 12.08.2013, 16:00   #15
markusg
/// Malware-holic
 
TubeSaver1.125 - Standard

TubeSaver1.125



Hi gibts fehlermeldung
1.
Systemupdate-Vorbereitungstool für Windows Vista (KB947821) [Mai 2013] aus dem Microsoft Download Center herunterladen.
Vorbereitungstool laufen lassen.
2. Treiber für mainboard, netzwerk, Grafikkarte aktualisieren, dann sollte das mit dem Update klappen
__________________
-Verdächtige mails bitte an uns zur Analyse weiterleiten:
markusg.trojaner-board@web.de
Weiterleiten
Anleitung:
http://markusg.trojaner-board.de
Mails bitte vorerst nach obiger Anleitung an
markusg.trojaner-board@web.de
Weiterleiten
Wenn Ihr uns unterstützen möchtet

Antwort

Themen zu TubeSaver1.125
grün unterstrichen, nicht installiert, tubesaver, unterstrichen



Zum Thema TubeSaver1.125 - seit ein paar tagen werden alle möglichen seiten in firefox total komisch angezeigt: es sind wahllos worte doppelt grün unterstrichen und scheinbar mit einem pseudo-suchdienst verlinkt. weisz nicht genau, wo - TubeSaver1.125...
Archiv
Du betrachtest: TubeSaver1.125 auf Trojaner-Board

Search Engine Optimization by vBSEO ©2011, Crawlability, Inc.