Trojaner-Board - BKA Virus nach Systemwiederherstellung weg?

Trojaner-Board (https://www.trojaner-board.de/)

- Log-Analyse und Auswertung (https://www.trojaner-board.de/log-analyse-auswertung/)

- - BKA Virus nach Systemwiederherstellung weg? (https://www.trojaner-board.de/111257-bka-virus-systemwiederherstellung-weg.html)

BKA Virus nach Systemwiederherstellung weg?

Hallo zusammen!
Ich habe mir gestern das "polizei Virus" eingefangen und dann natürlich sämtliche Foren nach einer Problemlösung durchsucht... Das Problem bei der Sache waren meine mangelnden Computerkenntnisse.
Schließlich bin ich auf etwas gestoßen was sogar ich verstanden habe und durchführen konnte... nämlich Systemwiederherstellung.
Habe die Wiederherstellung durchgeführt und jetzt läuft wieder alles wie normal
Habe jetzt Malwarebytes heruntergeladen und scannen lassen
malewarebytes hat dann folgenden gefunden :

Code:

Malwarebytes Anti-Malware (Test) 1.60.1.1000

www.malwarebytes.org
 

Datenbank Version: v2012.03.10.05
 

Windows Vista Service Pack 2 x86 NTFS

Internet Explorer 9.0.8112.16421

sandra :: DELL [Administrator]
 

Schutz: Aktiviert
 

11.03.2012 00:15:48

mbam-log-2012-03-11 (00-15-48).txt
 

Art des Suchlaufs: Vollständiger Suchlauf

Aktivierte Suchlaufeinstellungen: Speicher | Autostart | Registrierung | Dateisystem | Heuristiks/Extra | HeuristiKs/Shuriken | PUP | PUM

Deaktivierte Suchlaufeinstellungen: P2P

Durchsuchte Objekte: 359792

Laufzeit: 2 Stunde(n), 49 Minute(n), 21 Sekunde(n)
 

Infizierte Speicherprozesse: 0

(Keine bösartigen Objekte gefunden)
 

Infizierte Speichermodule: 0

(Keine bösartigen Objekte gefunden)
 

Infizierte Registrierungsschlüssel: 0

(Keine bösartigen Objekte gefunden)
 

Infizierte Registrierungswerte: 0

(Keine bösartigen Objekte gefunden)
 

Infizierte Dateiobjekte der Registrierung: 1

HKCR\scrfile\shell\open\command| (Broken.OpenCommand) -> Bösartig: ("C:\Program Files\Internet Explorer\Iexplore.exe" %1) Gut: ("%1" /S) -> Erfolgreich ersetzt und in Quarantäne gestellt.
 

Infizierte Verzeichnisse: 0

(Keine bösartigen Objekte gefunden)
 

Infizierte Dateien: 2

C:\Users\sandra\2gweorjqjutp92vjy9gake (Malware.Trace) -> Erfolgreich gelöscht und in Quarantäne gestellt.

C:\Users\sandra\AppData\Roaming\Adobe\shed\thr1.chm (Malware.Trace) -> Erfolgreich gelöscht und in Quarantäne gestellt.
 

(Ende)

nun meine Frage: ist der Virus damit beseitigt oder gibt es noch weitere Schritte die ich durchführen muss?

Falls noch weitere Schritte notwendig sind bitte eine Anleitung für Dummies...
danke schon mal im vorhinein

Führ bitte auch ESET aus, danach sehen wir weiter:

ESET Online Scanner

Hier findest du eine bebilderte Anleitung zu ESET Online Scanner
Lade und starte Eset Online Scanner
Setze einen Haken bei Ja, ich bin mit den Nutzungsbedingungen einverstanden und klicke auf Starten.
Aktiviere die "Erkennung von eventuell unerwünschten Anwendungen" und wähle folgende Einstellungen.
Klicke auf Starten.
Die Signaturen werden heruntergeladen, der Scan beginnt automatisch.
Klicke am Ende des Suchlaufs auf Fertig stellen.
Schließe das Fenster von ESET.
Explorer öffnen.
C:\Programme\Eset\EsetOnlineScanner\log.txt (bei 64 Bit auch C:\Programme (x86)\Eset\EsetOnlineScanner\log.txt) suchen und mit Deinem Editor öffnen (bebildert).
Logfile hier posten.
Deinstallation: Systemsteuerung => Software / Programme deinstallieren => Eset Online Scanner V3 entfernen.
Manuell folgenden Ordner löschen und Papierkorb leeren => C:\Programme\Eset

hab das jetzt auch durchgeführt und folgendes ist dabei rausgekommen:

Code:

ESETSmartInstaller@High as downloader log:

all ok

# version=7

# OnlineScannerApp.exe=1.0.0.1

# OnlineScanner.ocx=1.0.0.6583

# api_version=3.0.2

# EOSSerial=c1377ddaac3d9441a0f83c9c130f806b

# end=stopped

# remove_checked=false

# archives_checked=true

# unwanted_checked=true

# unsafe_checked=false

# antistealth_checked=true

# utc_time=2012-03-12 06:07:52

# local_time=2012-03-12 07:07:52 (+0100, Mitteleuropäische Zeit)

# country="Austria"

# lang=1033

# osver=6.0.6002 NT Service Pack 2

# compatibility_mode=1797 16775165 100 94 401427 104229251 26545 0

# compatibility_mode=5892 16776573 100 100 16712 169103864 0 0

# compatibility_mode=8192 67108863 100 0 3714 3714 0 0

# scanned=81701

# found=3

# cleaned=0

# scan_time=4536

C:\Users\sandra\AppData\Local\Temp\jar_cache7824746856752433174.tmp        Win32/Spy.Zbot.YW trojan (unable to clean)        00000000000000000000000000000000        I

C:\Users\sandra\AppData\Local\Temp\Main.class        Java/TrojanDownloader.Agent.NDQ trojan (unable to clean)        00000000000000000000000000000000        I

C:\Users\sandra\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\42\4724ba2a-3c568282        Java/Exploit.Blacole.EL trojan (unable to clean)        00000000000000000000000000000000        I

ESETSmartInstaller@High as downloader log:

all ok

# version=7

# OnlineScannerApp.exe=1.0.0.1

# OnlineScanner.ocx=1.0.0.6583

# api_version=3.0.2

# EOSSerial=c1377ddaac3d9441a0f83c9c130f806b

# end=finished

# remove_checked=false

# archives_checked=true

# unwanted_checked=true

# unsafe_checked=false

# antistealth_checked=true

# utc_time=2012-03-13 08:14:36

# local_time=2012-03-13 09:14:36 (+0100, Mitteleuropäische Zeit)

# country="Austria"

# lang=1033

# osver=6.0.6002 NT Service Pack 2

# compatibility_mode=1797 16775165 100 94 37772 104319927 30548 0

# compatibility_mode=5892 16776573 100 100 28742 169194540 0 0

# compatibility_mode=8192 67108863 100 0 94390 94390 0 0

# scanned=168924

# found=3

# cleaned=0

# scan_time=7864

C:\Users\sandra\AppData\Local\Temp\jar_cache7824746856752433174.tmp        Win32/Spy.Zbot.YW trojan (unable to clean)        00000000000000000000000000000000        I

C:\Users\sandra\AppData\Local\Temp\Main.class        Java/TrojanDownloader.Agent.NDQ trojan (unable to clean)        00000000000000000000000000000000        I

C:\Users\sandra\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\42\4724ba2a-3c568282        Java/Exploit.Blacole.EL trojan (unable to clean)        00000000000000000000000000000000        I

Danke schon mal für die Hilfe

CustomScan mit OTL

Falls noch nicht vorhanden, lade Dir bitte OTL von Oldtimer herunter und speichere es auf Deinem Desktop

Starte bitte die OTL.exe.
Vista und Win7 User mit Rechtsklick "als Administrator starten"
Setze oben mittig den Haken bei Scanne alle Benutzer
Kopiere nun den kompletten Inhalt aus der untenstehenden Codebox in die http://billy-oneal.com/Canned%20Spee.../customFix.png Textbox von OTL - wenn OTL auf deutsch ist wird sie mit http://larusso.trojaner-board.de/Images/otlfix.jpg beschriftet

Code:

netsvcs

msconfig

safebootminimal

safebootnetwork

activex

drivers32

%ALLUSERSPROFILE%\Application Data\*.

%ALLUSERSPROFILE%\Application Data\*.exe /s

%APPDATA%\*.

%APPDATA%\*.exe /s

%SYSTEMDRIVE%\*.exe

/md5start

wininit.exe

userinit.exe

eventlog.dll

scecli.dll

netlogon.dll

cngaudit.dll

ws2ifsl.sys

sceclt.dll

ntelogon.dll

winlogon.exe

logevent.dll

user32.DLL

iaStor.sys

nvstor.sys

atapi.sys

IdeChnDr.sys

viasraid.sys

AGP440.sys

vaxscsi.sys

nvatabus.sys

viamraid.sys

nvata.sys

nvgts.sys

iastorv.sys

ViPrt.sys

eNetHook.dll

ahcix86.sys

KR10N.sys

nvstor32.sys

ahcix86s.sys

/md5stop

%systemroot%\system32\drivers\*.sys /lockedfiles

%systemroot%\System32\config\*.sav

%systemroot%\*. /mp /s

%systemroot%\system32\*.dll /lockedfiles

CREATERESTOREPOINT

Schliesse bitte nun alle Programme. (Wichtig)
Klicke nun bitte auf den Quick Scan Button.
Klick auf http://billy-oneal.com/Canned%20Spee.../OTL/btnOK.png.
Kopiere nun den Inhalt aus OTL.txt hier in Deinen Thread

OTL.txt :OTL Logfile:

Code:

OTL logfile created on: 15.03.2012 13:58:02 - Run 1

OTL by OldTimer - Version 3.2.37.0     Folder = C:\Users\sandra\Desktop

Windows Vista Home Premium Edition Service Pack 2 (Version = 6.0.6002) - Type = NTWorkstation

Internet Explorer (Version = 9.0.8112.16421)

Locale: 00000C07 | Country: Österreich | Language: DEA | Date Format: dd.MM.yyyy

 

2,00 Gb Total Physical Memory | 1,19 Gb Available Physical Memory | 59,46% Memory free

4,23 Gb Paging File | 3,05 Gb Available in Paging File | 72,03% Paging File free

Paging file location(s): ?:\pagefile.sys [binary data]

 

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files

Drive C: | 138,91 Gb Total Space | 12,21 Gb Free Space | 8,79% Space Free | Partition Type: NTFS

Drive D: | 10,00 Gb Total Space | 4,95 Gb Free Space | 49,50% Space Free | Partition Type: NTFS

 

Computer Name: DELL | User Name: sandra | Logged in as Administrator.

Boot Mode: Normal | Scan Mode: All users | Quick Scan

Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days

 
 ========== Processes (SafeList) ==========

 

PRC - [2012.03.15 13:55:19 | 000,594,432 | ---- | M] (OldTimer Tools) -- C:\Users\sandra\Desktop\OTL.exe

PRC - [2012.01.13 14:53:18 | 000,652,360 | ---- | M] (Malwarebytes Corporation) -- C:\Programme\Malwarebytes' Anti-Malware\mbamservice.exe

PRC - [2012.01.13 14:53:18 | 000,460,872 | ---- | M] (Malwarebytes Corporation) -- C:\Programme\Malwarebytes' Anti-Malware\mbamgui.exe

PRC - [2010.01.15 13:49:20 | 000,255,536 | ---- | M] (McAfee, Inc.) -- C:\Programme\McAfee Security Scan\2.0.181\SSScheduler.exe

PRC - [2009.08.26 09:25:28 | 000,662,016 | ---- | M] (Sonix) -- C:\Windows\vsnp2uvc.exe

PRC - [2009.07.21 13:34:33 | 000,185,089 | ---- | M] (Avira GmbH) -- C:\Programme\Avira\AntiVir Desktop\avguard.exe

PRC - [2009.05.19 11:36:18 | 000,240,512 | ---- | M] (Microsoft Corporation) -- C:\Programme\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe

PRC - [2009.05.13 15:48:22 | 000,108,289 | ---- | M] (Avira GmbH) -- C:\Programme\Avira\AntiVir Desktop\sched.exe

PRC - [2009.04.11 07:28:03 | 001,233,920 | ---- | M] (Microsoft Corporation) -- C:\Programme\Windows Sidebar\sidebar.exe

PRC - [2009.04.11 07:27:36 | 002,926,592 | ---- | M] (Microsoft Corporation) -- C:\Windows\explorer.exe

PRC - [2009.03.02 12:08:47 | 000,209,153 | ---- | M] (Avira GmbH) -- C:\Programme\Avira\AntiVir Desktop\avgnt.exe

PRC - [2008.10.25 10:44:34 | 000,031,072 | ---- | M] (Microsoft Corporation) -- C:\Programme\Microsoft Office\Office12\GrooveMonitor.exe

PRC - [2008.08.29 13:23:48 | 000,442,460 | ---- | M] (IDT, Inc.) -- C:\Programme\IDT\WDM\sttray.exe

PRC - [2008.08.29 13:23:46 | 000,225,362 | ---- | M] (IDT, Inc.) -- C:\Windows\System32\DriverStore\FileRepository\stwrt.inf_2ba5baa4\stacsv.exe

PRC - [2008.08.29 13:23:40 | 000,073,728 | ---- | M] (Andrea Electronics Corporation) -- C:\Windows\System32\DriverStore\FileRepository\stwrt.inf_2ba5baa4\AEstSrv.exe

PRC - [2008.08.26 15:58:12 | 000,201,968 | ---- | M] (SupportSoft, Inc.) -- C:\Programme\Dell Support Center\bin\sprtsvc.exe

PRC - [2008.08.26 15:58:10 | 000,206,064 | ---- | M] (SupportSoft, Inc.) -- C:\Programme\Dell Support Center\bin\sprtcmd.exe

PRC - [2008.08.04 00:02:20 | 000,036,352 | ---- | M] () -- C:\Programme\Winamp\winampa.exe

PRC - [2008.07.15 11:12:48 | 001,226,024 | ---- | M] (Stardock Corporation) -- C:\Programme\Dell\DellDock\DellDock.exe

PRC - [2008.06.30 11:28:24 | 000,040,960 | ---- | M] (Alps Electric Co., Ltd.) -- C:\Programme\DellTPad\hidfind.exe

PRC - [2008.06.30 11:28:14 | 000,196,608 | ---- | M] (Alps Electric Co., Ltd.) -- C:\Programme\DellTPad\Apoint.exe

PRC - [2008.06.30 11:28:12 | 000,049,152 | ---- | M] (Alps Electric Co., Ltd.) -- C:\Programme\DellTPad\ApntEx.exe

PRC - [2008.06.30 11:28:12 | 000,046,376 | ---- | M] (Alps Electric Co., Ltd.) -- C:\Programme\DellTPad\ApMsgFwd.exe

PRC - [2008.05.02 14:09:04 | 000,161,048 | ---- | M] (Stardock Corporation) -- C:\Programme\Dell\DellDock\DockLogin.exe

PRC - [2008.03.17 18:35:50 | 001,207,376 | ---- | M] (Dell Inc.) -- C:\Programme\Dell\QuickSet\quickset.exe

PRC - [2008.01.21 03:25:33 | 000,896,512 | ---- | M] (Microsoft Corporation) -- C:\Programme\Windows Media Player\wmpnetwk.exe

PRC - [2008.01.21 03:25:33 | 000,202,240 | ---- | M] (Microsoft Corporation) -- C:\Programme\Windows Media Player\wmpnscfg.exe

PRC - [2008.01.21 03:23:32 | 001,008,184 | ---- | M] (Microsoft Corporation) -- C:\Programme\Windows Defender\MSASCui.exe

PRC - [2008.01.14 10:13:02 | 000,132,392 | ---- | M] (CyberLink Corp.) -- C:\Programme\Dell\MediaDirect\PCMService.exe

PRC - [2007.10.03 15:45:02 | 000,358,936 | ---- | M] (Intel Corporation) -- C:\Programme\Intel\Intel Matrix Storage Manager\IAANTmon.exe

PRC - [2007.10.03 15:44:58 | 000,178,712 | ---- | M] (Intel Corporation) -- C:\Programme\Intel\Intel Matrix Storage Manager\IAAnotif.exe

 

 
 ========== Modules (No Company Name) ==========

 

MOD - [2012.02.19 18:32:38 | 015,881,216 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\MenuSkinning\763e9e193260d832c2af21688c2093c5\MenuSkinning.ni.dll

MOD - [2012.02.19 18:32:12 | 011,820,032 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Web\2598077ccea480c6120d3a1ad4455be0\System.Web.ni.dll

MOD - [2012.02.19 18:31:58 | 000,771,584 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Runtime.Remo#\5c3bfd69e0c268baff0d169e11a6a784\System.Runtime.Remoting.ni.dll

MOD - [2012.02.19 18:31:42 | 000,284,160 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\VistaBridgeLibrary\c721e680f75a6c3657548d9045f94e2e\VistaBridgeLibrary.ni.dll

MOD - [2012.02.19 18:31:38 | 000,998,400 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Management\8b5f54e3b382fc1720c76557ef8c8bc3\System.Management.ni.dll

MOD - [2012.02.19 18:31:36 | 002,261,504 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\DellDock\c4e0f07bc28055a2d7ba9f1486bc3276\DellDock.ni.exe

MOD - [2012.02.19 18:31:33 | 000,249,856 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\MyDock.Util\ae7ea87967b9f2e8bfcdf496ba041130\MyDock.Util.ni.dll

MOD - [2012.02.19 18:31:21 | 000,971,264 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Configuration\7fd6c62196829d1e2dce5a253145d51a\System.Configuration.ni.dll

MOD - [2012.02.19 18:12:00 | 005,450,752 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Xml\d9f0f1dc8cbdb81f1ba122d77a6ab710\System.Xml.ni.dll

MOD - [2012.02.19 18:11:30 | 012,430,848 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\65450889f3742aada2a6c0cf8e6173e3\System.Windows.Forms.ni.dll

MOD - [2012.02.19 18:11:10 | 001,587,200 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Drawing\137696d0416b65dbc1561152971488b4\System.Drawing.ni.dll

MOD - [2012.02.19 18:09:05 | 007,953,408 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System\c50133cb67d7c013fa31e1ffb942060b\System.ni.dll

MOD - [2011.10.14 19:54:07 | 000,025,600 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\Accessibility\bcb66dbad2b45d05235b37a02f737eb5\Accessibility.ni.dll

MOD - [2011.10.14 19:50:00 | 011,490,816 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\b6632a8b2f276a8e31f5b0f6b2006cd1\mscorlib.ni.dll

MOD - [2011.09.27 06:23:00 | 000,087,912 | ---- | M] () -- C:\Programme\Common Files\Apple\Apple Application Support\zlib1.dll

MOD - [2011.09.27 06:22:40 | 001,242,472 | ---- | M] () -- C:\Programme\Common Files\Apple\Apple Application Support\libxml2.dll

MOD - [2009.03.30 05:42:12 | 000,434,176 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\System.Windows.Forms.resources\2.0.0.0_de_b77a5c561934e089\System.Windows.Forms.resources.dll

MOD - [2009.03.30 05:42:12 | 000,212,992 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\System.resources\2.0.0.0_de_b77a5c561934e089\System.resources.dll

MOD - [2009.03.30 05:42:11 | 000,315,392 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\mscorlib.resources\2.0.0.0_de_b77a5c561934e089\mscorlib.resources.dll

MOD - [2008.10.30 18:32:41 | 001,679,360 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Aspect.DisplaysManager.Graphics.Wizard\2.0.3019.36912__90ba9c70f846762e\CLI.Aspect.DisplaysManager.Graphics.Wizard.dll

MOD - [2008.10.30 18:32:41 | 000,253,952 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Caste.Graphics.Runtime\2.0.3019.36870__90ba9c70f846762e\CLI.Caste.Graphics.Runtime.dll

MOD - [2008.10.30 18:32:41 | 000,196,608 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Aspect.InfoCentre.Graphics.Wizard\2.0.3019.36924__90ba9c70f846762e\CLI.Aspect.InfoCentre.Graphics.Wizard.dll

MOD - [2008.10.30 18:32:41 | 000,040,960 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Caste.Graphics.Wizard\2.0.3019.36904__90ba9c70f846762e\CLI.Caste.Graphics.Wizard.dll

MOD - [2008.10.30 18:32:41 | 000,020,480 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Aspect.HotkeysHandling.Graphics.Runtime\2.0.3019.36890__90ba9c70f846762e\CLI.Aspect.HotkeysHandling.Graphics.Runtime.dll

MOD - [2008.10.30 18:32:40 | 000,483,328 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Aspect.TransCode.Graphics.Wizard\2.0.3019.37131__90ba9c70f846762e\CLI.Aspect.TransCode.Graphics.Wizard.dll

MOD - [2008.10.30 18:32:40 | 000,077,824 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Aspect.DeviceTV.Graphics.Runtime\2.0.3019.37100__90ba9c70f846762e\CLI.Aspect.DeviceTV.Graphics.Runtime.dll

MOD - [2008.10.30 18:32:40 | 000,065,536 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Aspect.DeviceCV.Graphics.Runtime\2.0.3019.37065__90ba9c70f846762e\CLI.Aspect.DeviceCV.Graphics.Runtime.dll

MOD - [2008.10.30 18:32:40 | 000,036,864 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Aspect.DeviceProperty.Graphics.Runtime\2.0.3019.37022__90ba9c70f846762e\CLI.Aspect.DeviceProperty.Graphics.Runtime.dll

MOD - [2008.10.30 18:32:29 | 000,073,728 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Caste.Graphics.Dashboard\2.0.3019.36884__90ba9c70f846762e\CLI.Caste.Graphics.Dashboard.dll

MOD - [2008.10.30 18:32:28 | 000,802,816 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Aspect.MMVideo.Graphics.Dashboard\2.0.3019.37030__90ba9c70f846762e\CLI.Aspect.MMVideo.Graphics.Dashboard.dll

MOD - [2008.10.30 18:32:28 | 000,401,408 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Aspect.MMVideo.Graphics.Wizard\2.0.3019.37092__90ba9c70f846762e\CLI.Aspect.MMVideo.Graphics.Wizard.dll

MOD - [2008.10.30 18:32:28 | 000,352,256 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Aspect.Radeon3D.Graphics.Dashboard\2.0.3019.37072__90ba9c70f846762e\CLI.Aspect.Radeon3D.Graphics.Dashboard.dll

MOD - [2008.10.30 18:32:28 | 000,217,088 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Aspect.InfoCentre.Graphics.Dashboard\2.0.3019.36930__90ba9c70f846762e\CLI.Aspect.InfoCentre.Graphics.Dashboard.dll

MOD - [2008.10.30 18:32:28 | 000,147,456 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Aspect.PowerPlayDPPE.Graphics.Dashboard\2.0.3019.37130__90ba9c70f846762e\CLI.Aspect.PowerPlayDPPE.Graphics.Dashboard.dll

MOD - [2008.10.30 18:32:28 | 000,135,168 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Aspect.Welcome.Graphics.Dashboard\2.0.3019.37137__90ba9c70f846762e\CLI.Aspect.Welcome.Graphics.Dashboard.dll

MOD - [2008.10.30 18:32:28 | 000,090,112 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Aspect.Radeon3D.Graphics.Wizard\2.0.3019.37079__90ba9c70f846762e\CLI.Aspect.Radeon3D.Graphics.Wizard.dll

MOD - [2008.10.30 18:32:28 | 000,073,728 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Aspect.MMVideo.Graphics.Runtime\2.0.3019.37029__90ba9c70f846762e\CLI.Aspect.MMVideo.Graphics.Runtime.dll

MOD - [2008.10.30 18:32:28 | 000,061,440 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Aspect.Radeon3D.Graphics.Runtime\2.0.3019.37071__90ba9c70f846762e\CLI.Aspect.Radeon3D.Graphics.Runtime.dll

MOD - [2008.10.30 18:32:28 | 000,045,056 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Aspect.PowerPlayDPPE.Graphics.Runtime\2.0.3019.37129__90ba9c70f846762e\CLI.Aspect.PowerPlayDPPE.Graphics.Runtime.dll

MOD - [2008.10.30 18:32:27 | 000,585,728 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Aspect.DisplaysColour2.Graphics.Dashboard\2.0.3019.36936__90ba9c70f846762e\CLI.Aspect.DisplaysColour2.Graphics.Dashboard.dll

MOD - [2008.10.30 18:32:27 | 000,479,232 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Aspect.DeviceCRT.Graphics.Dashboard\2.0.3019.37023__90ba9c70f846762e\CLI.Aspect.DeviceCRT.Graphics.Dashboard.dll

MOD - [2008.10.30 18:32:27 | 000,446,464 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Aspect.DeviceDFP.Graphics.Dashboard\2.0.3019.37015__90ba9c70f846762e\CLI.Aspect.DeviceDFP.Graphics.Dashboard.dll

MOD - [2008.10.30 18:32:27 | 000,438,272 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Aspect.DisplaysManager.Graphics.Dashboard\2.0.3019.36891__90ba9c70f846762e\CLI.Aspect.DisplaysManager.Graphics.Dashboard.dll

MOD - [2008.10.30 18:32:27 | 000,401,408 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Aspect.DeviceLCD.Graphics.Dashboard\2.0.3019.37058__90ba9c70f846762e\CLI.Aspect.DeviceLCD.Graphics.Dashboard.dll

MOD - [2008.10.30 18:32:27 | 000,307,200 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Aspect.DeviceLCD.Graphics.Wizard\2.0.3019.36943__90ba9c70f846762e\CLI.Aspect.DeviceLCD.Graphics.Wizard.dll

MOD - [2008.10.30 18:32:27 | 000,118,784 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Aspect.DisplaysOptions.Graphics.Dashboard\2.0.3019.37044__90ba9c70f846762e\CLI.Aspect.DisplaysOptions.Graphics.Dashboard.dll

MOD - [2008.10.30 18:32:27 | 000,061,440 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Aspect.DeviceDFP.Graphics.Runtime\2.0.3019.37022__90ba9c70f846762e\CLI.Aspect.DeviceDFP.Graphics.Runtime.dll

MOD - [2008.10.30 18:32:27 | 000,040,960 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Aspect.DisplaysColour2.Graphics.Runtime\2.0.3019.36942__90ba9c70f846762e\CLI.Aspect.DisplaysColour2.Graphics.Runtime.dll

MOD - [2008.10.30 18:32:27 | 000,040,960 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Aspect.DeviceCRT.Graphics.Runtime\2.0.3019.37029__90ba9c70f846762e\CLI.Aspect.DeviceCRT.Graphics.Runtime.dll

MOD - [2008.10.30 18:32:27 | 000,036,864 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Aspect.DisplaysOptions.Graphics.Runtime\2.0.3019.37044__90ba9c70f846762e\CLI.Aspect.DisplaysOptions.Graphics.Runtime.dll

MOD - [2008.10.30 18:32:27 | 000,032,768 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Aspect.DeviceLCD.Graphics.Runtime\2.0.3019.37058__90ba9c70f846762e\CLI.Aspect.DeviceLCD.Graphics.Runtime.dll

MOD - [2008.10.30 18:32:27 | 000,020,480 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\AEM.Plugin.Hotkeys.Shared\2.0.2939.23687__90ba9c70f846762e\AEM.Plugin.Hotkeys.Shared.dll

MOD - [2008.10.30 18:32:27 | 000,020,480 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\AEM.Actions.CCAA.Shared\2.0.2939.23679__90ba9c70f846762e\AEM.Actions.CCAA.Shared.dll

MOD - [2008.10.30 18:32:27 | 000,016,384 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\AEM.Plugin.GD.Shared\2.0.2939.23767__90ba9c70f846762e\AEM.Plugin.GD.Shared.dll

MOD - [2008.10.30 18:32:27 | 000,016,384 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\AEM.Plugin.EEU.Shared\2.0.2939.23710__90ba9c70f846762e\AEM.Plugin.EEU.Shared.dll

MOD - [2008.10.30 18:32:27 | 000,016,384 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\AEM.Plugin.DPPE.Shared\2.0.2939.23768__90ba9c70f846762e\AEM.Plugin.DPPE.Shared.dll

MOD - [2008.10.30 18:32:27 | 000,006,656 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\atixclib\1.0.0.0__90ba9c70f846762e\atixclib.dll

MOD - [2008.10.30 18:32:26 | 000,065,536 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Aspect.DeviceTV.Graphics.Shared\2.0.2965.22300__90ba9c70f846762e\CLI.Aspect.DeviceTV.Graphics.Shared.dll

MOD - [2008.10.30 18:32:26 | 000,053,248 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Foundation\2.0.2939.23668__90ba9c70f846762e\CLI.Foundation.dll

MOD - [2008.10.30 18:32:26 | 000,053,248 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Caste.Graphics.Shared\2.0.2939.23689__90ba9c70f846762e\CLI.Caste.Graphics.Shared.dll

MOD - [2008.10.30 18:32:26 | 000,053,248 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Aspect.Radeon3D.Graphics.Shared\2.0.2939.23743__90ba9c70f846762e\CLI.Aspect.Radeon3D.Graphics.Shared.dll

MOD - [2008.10.30 18:32:26 | 000,049,152 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Aspect.MMVideo.Graphics.Shared\2.0.2939.23740__90ba9c70f846762e\CLI.Aspect.MMVideo.Graphics.Shared.dll

MOD - [2008.10.30 18:32:26 | 000,045,056 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\DEM.Graphics.I0601\2.0.2573.17685__90ba9c70f846762e\DEM.Graphics.I0601.dll

MOD - [2008.10.30 18:32:26 | 000,045,056 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Aspect.DeviceDFP.Graphics.Shared\2.0.2939.23738__90ba9c70f846762e\CLI.Aspect.DeviceDFP.Graphics.Shared.dll

MOD - [2008.10.30 18:32:26 | 000,040,960 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Aspect.TransCode.Graphics.Shared\2.0.2939.23764__90ba9c70f846762e\CLI.Aspect.TransCode.Graphics.Shared.dll

MOD - [2008.10.30 18:32:26 | 000,032,768 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\LOG.Foundation\2.0.2939.23662__90ba9c70f846762e\LOG.Foundation.dll

MOD - [2008.10.30 18:32:26 | 000,032,768 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Aspect.DeviceProperty.Graphics.Shared\2.0.2939.23708__90ba9c70f846762e\CLI.Aspect.DeviceProperty.Graphics.Shared.dll

MOD - [2008.10.30 18:32:26 | 000,028,672 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Foundation.XManifest\2.0.2939.23802__90ba9c70f846762e\CLI.Foundation.XManifest.dll

MOD - [2008.10.30 18:32:26 | 000,028,672 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Aspect.PowerPlayDPPE.Graphics.Shared\2.0.2939.23763__90ba9c70f846762e\CLI.Aspect.PowerPlayDPPE.Graphics.Shared.dll

MOD - [2008.10.30 18:32:26 | 000,028,672 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Aspect.DisplaysColour2.Graphics.Shared\2.0.2939.23735__90ba9c70f846762e\CLI.Aspect.DisplaysColour2.Graphics.Shared.dll

MOD - [2008.10.30 18:32:26 | 000,028,672 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Aspect.DeviceLCD.Graphics.Shared\2.0.2939.23719__90ba9c70f846762e\CLI.Aspect.DeviceLCD.Graphics.Shared.dll

MOD - [2008.10.30 18:32:26 | 000,024,576 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\NEWAEM.Foundation\2.0.2939.23667__90ba9c70f846762e\NEWAEM.Foundation.dll

MOD - [2008.10.30 18:32:26 | 000,024,576 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Aspect.DisplaysOptions.Graphics.Shared\2.0.2939.23741__90ba9c70f846762e\CLI.Aspect.DisplaysOptions.Graphics.Shared.dll

MOD - [2008.10.30 18:32:26 | 000,020,480 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\DEM.OS.I0602\2.0.2939.23717__90ba9c70f846762e\DEM.OS.I0602.dll

MOD - [2008.10.30 18:32:26 | 000,020,480 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Component.Wizard.Shared\2.0.2939.23693__90ba9c70f846762e\CLI.Component.Wizard.Shared.dll

MOD - [2008.10.30 18:32:26 | 000,020,480 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Component.Dashboard.Shared\2.0.2939.23687__90ba9c70f846762e\CLI.Component.Dashboard.Shared.dll

MOD - [2008.10.30 18:32:26 | 000,020,480 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Component.Client.Shared\2.0.2939.23679__90ba9c70f846762e\CLI.Component.Client.Shared.dll

MOD - [2008.10.30 18:32:26 | 000,020,480 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Aspect.HotkeysHandling.Graphics.Shared\2.0.2939.23719__90ba9c70f846762e\CLI.Aspect.HotkeysHandling.Graphics.Shared.dll

MOD - [2008.10.30 18:32:26 | 000,016,384 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\MOM.Foundation\2.0.2939.23707__90ba9c70f846762e\MOM.Foundation.dll

MOD - [2008.10.30 18:32:26 | 000,016,384 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\DEM.OS\2.0.2939.23717__90ba9c70f846762e\DEM.OS.dll

MOD - [2008.10.30 18:32:26 | 000,016,384 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\DEM.Graphics.I0706\2.0.2743.23304__90ba9c70f846762e\DEM.Graphics.I0706.dll

MOD - [2008.10.30 18:32:26 | 000,016,384 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\DEM.Graphics\2.0.2939.23718__90ba9c70f846762e\DEM.Graphics.dll

MOD - [2008.10.30 18:32:26 | 000,016,384 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\DEM.Foundation\2.0.2573.17684__90ba9c70f846762e\DEM.Foundation.dll

MOD - [2008.10.30 18:32:26 | 000,016,384 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Component.Runtime.Shared\2.0.2939.23688__90ba9c70f846762e\CLI.Component.Runtime.Shared.dll

MOD - [2008.10.30 18:32:26 | 000,016,384 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Caste.Graphics.Wizard.Shared\2.0.2939.23734__90ba9c70f846762e\CLI.Caste.Graphics.Wizard.Shared.dll

MOD - [2008.10.30 18:32:26 | 000,016,384 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Caste.Graphics.Dashboard.Shared\2.0.2939.23718__90ba9c70f846762e\CLI.Caste.Graphics.Dashboard.Shared.dll

MOD - [2008.10.30 18:32:25 | 000,053,248 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Aspect.DeviceCRT.Graphics.Shared\2.0.2939.23739__90ba9c70f846762e\CLI.Aspect.DeviceCRT.Graphics.Shared.dll

MOD - [2008.10.30 18:32:25 | 000,040,960 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Aspect.DeviceCV.Graphics.Shared\2.0.2939.23742__90ba9c70f846762e\CLI.Aspect.DeviceCV.Graphics.Shared.dll

MOD - [2008.10.30 18:32:25 | 000,024,576 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Aspect.CustomFormats.Graphics.Shared\2.0.2939.23711__90ba9c70f846762e\CLI.Aspect.CustomFormats.Graphics.Shared.dll

MOD - [2008.10.30 18:32:25 | 000,024,576 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\AEM.Foundation\2.0.2939.23665__90ba9c70f846762e\AEM.Foundation.dll

MOD - [2008.10.30 18:32:25 | 000,024,576 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\ACE.Graphics.DisplaysManager.Shared\2.0.2573.17685__90ba9c70f846762e\ACE.Graphics.DisplaysManager.Shared.dll

MOD - [2008.10.30 18:32:25 | 000,020,480 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\APM.Foundation\2.0.2939.23709__90ba9c70f846762e\APM.Foundation.dll

MOD - [2008.10.30 18:32:25 | 000,016,384 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\AEM.Server.Shared\2.0.2939.23687__90ba9c70f846762e\AEM.Server.Shared.dll

MOD - [2008.10.30 18:32:22 | 000,491,520 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Component.Wizard\2.0.3019.36897__90ba9c70f846762e\CLI.Component.Wizard.dll

MOD - [2008.10.30 18:32:22 | 000,102,400 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\MOM.Implementation\2.0.3019.37122__90ba9c70f846762e\MOM.Implementation.dll

MOD - [2008.10.30 18:32:22 | 000,061,440 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\LOG.Foundation.Implementation\2.0.3019.37121__90ba9c70f846762e\LOG.Foundation.Implementation.dll

MOD - [2008.10.30 18:32:22 | 000,040,960 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Foundation.Private\2.0.2939.23678__90ba9c70f846762e\CLI.Foundation.Private.dll

MOD - [2008.10.30 18:32:22 | 000,040,960 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\AEM.Plugin.Source.Kit.Server\2.0.3019.37147__90ba9c70f846762e\AEM.Plugin.Source.Kit.Server.dll

MOD - [2008.10.30 18:32:22 | 000,032,768 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\LOG.Foundation.Private\2.0.2939.23679__90ba9c70f846762e\LOG.Foundation.Private.dll

MOD - [2008.10.30 18:32:22 | 000,024,576 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Component.Wizard.Shared.Private\2.0.2939.23694__90ba9c70f846762e\CLI.Component.Wizard.Shared.Private.dll

MOD - [2008.10.30 18:32:22 | 000,020,480 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\LOG.Foundation.Implementation.Private\2.0.2939.23712__90ba9c70f846762e\LOG.Foundation.Implementation.Private.dll

MOD - [2008.10.30 18:32:22 | 000,016,384 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\LOCALIZATION.Foundation.Private\2.0.2939.23677__90ba9c70f846762e\LOCALIZATION.Foundation.Private.dll

MOD - [2008.10.30 18:32:22 | 000,006,656 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Component.Runtime.Extension.EEU\2.0.3019.36862__90ba9c70f846762e\CLI.Component.Runtime.Extension.EEU.dll

MOD - [2008.10.30 18:32:21 | 001,511,424 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Component.Dashboard\2.0.3019.36878__90ba9c70f846762e\CLI.Component.Dashboard.dll

MOD - [2008.10.30 18:32:21 | 000,073,728 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Component.Runtime\2.0.3019.36862__90ba9c70f846762e\CLI.Component.Runtime.dll

MOD - [2008.10.30 18:32:21 | 000,065,536 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\ATIDEMOS\2.0.3019.36863__90ba9c70f846762e\ATIDEMOS.dll

MOD - [2008.10.30 18:32:21 | 000,053,248 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\APM.Server\2.0.3019.36861__90ba9c70f846762e\APM.Server.dll

MOD - [2008.10.30 18:32:21 | 000,045,056 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Component.Runtime.Shared.Private\2.0.2939.23713__90ba9c70f846762e\CLI.Component.Runtime.Shared.Private.dll

MOD - [2008.10.30 18:32:21 | 000,045,056 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\AEM.Server\2.0.3019.36862__90ba9c70f846762e\AEM.Server.dll

MOD - [2008.10.30 18:32:21 | 000,040,960 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Component.Client.Shared.Private\2.0.2939.23689__90ba9c70f846762e\CLI.Component.Client.Shared.Private.dll

MOD - [2008.10.30 18:32:21 | 000,032,768 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CCC.Implementation\2.0.3019.37122__90ba9c70f846762e\CCC.Implementation.dll

MOD - [2008.10.30 18:32:21 | 000,032,768 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\ATICCCom\2.0.0.0__90ba9c70f846762e\ATICCCom.dll

MOD - [2008.10.30 18:32:21 | 000,020,480 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Component.Dashboard.Shared.Private\2.0.2939.23711__90ba9c70f846762e\CLI.Component.Dashboard.Shared.Private.dll

MOD - [2008.10.30 18:32:21 | 000,020,480 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Caste.Graphics.Runtime.Shared.Private\2.0.2939.23746__90ba9c70f846762e\CLI.Caste.Graphics.Runtime.Shared.Private.dll

MOD - [2008.09.16 20:18:06 | 000,132,608 | ---- | M] () -- C:\Programme\WinRAR\RarExt.dll

MOD - [2008.08.05 13:16:20 | 000,055,808 | ---- | M] () -- C:\Windows\System32\bcmwlrmt.dll

MOD - [2008.08.04 00:02:20 | 000,036,352 | ---- | M] () -- C:\Programme\Winamp\winampa.exe

 

 
 ========== Win32 Services (SafeList) ==========

 

SRV - [2012.01.13 14:53:18 | 000,652,360 | ---- | M] (Malwarebytes Corporation) [Auto | Running] -- C:\Programme\Malwarebytes' Anti-Malware\mbamservice.exe -- (MBAMService)

SRV - [2010.01.15 13:49:20 | 000,227,232 | ---- | M] (McAfee, Inc.) [On_Demand | Stopped] -- C:\Programme\McAfee Security Scan\2.0.181\McCHSvc.exe -- (McComponentHostService)

SRV - [2009.07.21 13:34:33 | 000,185,089 | ---- | M] (Avira GmbH) [Auto | Running] -- C:\Programme\Avira\AntiVir Desktop\avguard.exe -- (AntiVirService)

SRV - [2009.05.19 11:36:18 | 000,240,512 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Programme\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe -- (SeaPort)

SRV - [2009.05.13 15:48:22 | 000,108,289 | ---- | M] (Avira GmbH) [Auto | Running] -- C:\Programme\Avira\AntiVir Desktop\sched.exe -- (AntiVirSchedulerService)

SRV - [2008.11.04 00:06:28 | 000,441,712 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Programme\Common Files\microsoft shared\OFFICE12\ODSERV.EXE -- (odserv)

SRV - [2008.10.30 18:42:53 | 000,016,680 | ---- | M] (Citrix Online, a division of Citrix Systems, Inc.) [On_Demand | Stopped] -- C:\Program Files\Citrix\GoToAssist\514\g2aservice.exe -- (GoToAssist)

SRV - [2008.10.25 10:44:08 | 000,065,888 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Programme\Microsoft Office\Office12\GrooveAuditService.exe -- (Microsoft Office Groove Audit Service)

SRV - [2008.08.29 13:23:46 | 000,225,362 | ---- | M] (IDT, Inc.) [Auto | Running] -- C:\Windows\System32\DriverStore\FileRepository\stwrt.inf_2ba5baa4\stacsv.exe -- (STacSV)

SRV - [2008.08.29 13:23:40 | 000,073,728 | ---- | M] (Andrea Electronics Corporation) [Auto | Running] -- C:\Windows\System32\DriverStore\FileRepository\stwrt.inf_2ba5baa4\AEstSrv.exe -- (AESTFilters)

SRV - [2008.08.26 15:58:12 | 000,201,968 | ---- | M] (SupportSoft, Inc.) [Auto | Running] -- C:\Program Files\Dell Support Center\bin\sprtsvc.exe -- (sprtsvc_DellSupportCenter) SupportSoft Sprocket Service (DellSupportCenter)

SRV - [2008.05.02 14:09:04 | 000,161,048 | ---- | M] (Stardock Corporation) [Auto | Running] -- C:\Programme\Dell\DellDock\DockLogin.exe -- (DockLoginService)

SRV - [2008.01.21 03:25:33 | 000,896,512 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Programme\Windows Media Player\wmpnetwk.exe -- (WMPNetworkSvc)

SRV - [2008.01.21 03:23:32 | 000,272,952 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Programme\Windows Defender\MpSvc.dll -- (WinDefend)

SRV - [2007.10.03 15:45:02 | 000,358,936 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\Programme\Intel\Intel Matrix Storage Manager\IAANTmon.exe -- (IAANTMON) Intel(R)

SRV - [2006.10.26 14:03:08 | 000,145,184 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Programme\Common Files\microsoft shared\Source Engine\OSE.EXE -- (ose)

 

 
 ========== Driver Services (SafeList) ==========

 

DRV - File not found [Kernel | On_Demand | Stopped] -- system32\DRIVERS\SymIM.sys -- (SymIMMP)

DRV - File not found [Kernel | On_Demand | Stopped] -- system32\DRIVERS\SymIM.sys -- (SymIM)

DRV - File not found [Kernel | On_Demand | Stopped] -- system32\DRIVERS\nwlnkfwd.sys -- (NwlnkFwd)

DRV - File not found [Kernel | On_Demand | Stopped] -- system32\DRIVERS\nwlnkflt.sys -- (NwlnkFlt)

DRV - File not found [Kernel | On_Demand | Stopped] -- system32\DRIVERS\ipinip.sys -- (IpInIp)

DRV - [2011.12.10 15:24:06 | 000,020,464 | ---- | M] (Malwarebytes Corporation) [File_System | On_Demand | Running] -- C:\Windows\System32\drivers\mbam.sys -- (MBAMProtector)

DRV - [2009.12.11 21:27:34 | 000,056,816 | ---- | M] (Avira GmbH) [File_System | Auto | Running] -- C:\Windows\System32\drivers\avgntflt.sys -- (avgntflt)

DRV - [2009.06.23 09:37:10 | 003,486,336 | ---- | M] () [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\snp2uvc.sys -- (SNP2UVC) USB2.0 PC Camera (SNP2UVC)

DRV - [2009.05.11 09:12:24 | 000,028,520 | ---- | M] (Avira GmbH) [Kernel | System | Running] -- C:\Windows\System32\drivers\ssmdrv.sys -- (ssmdrv)

DRV - [2009.03.30 09:33:07 | 000,096,104 | ---- | M] (Avira GmbH) [Kernel | System | Running] -- C:\Windows\System32\drivers\avipbb.sys -- (avipbb)

DRV - [2009.02.13 11:35:05 | 000,011,608 | ---- | M] (Avira GmbH) [Kernel | System | Running] -- C:\Programme\Avira\AntiVir Desktop\avgio.sys -- (avgio)

DRV - [2008.08.29 13:23:50 | 000,382,976 | ---- | M] (IDT, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\stwrt.sys -- (STHDA)

DRV - [2008.08.05 13:16:06 | 000,018,424 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\bcm42rly.sys -- (BCM42RLY)

DRV - [2008.06.30 11:28:10 | 000,170,032 | ---- | M] (Alps Electric Co., Ltd.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\Apfiltr.sys -- (ApfiltrService)

DRV - [2008.05.04 09:42:18 | 003,548,672 | ---- | M] (ATI Technologies Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\atikmdag.sys -- (R300)

DRV - [2008.05.04 09:42:18 | 003,548,672 | ---- | M] (ATI Technologies Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\atikmdag.sys -- (atikmdag)

DRV - [2008.04.17 16:36:14 | 000,101,632 | ---- | M] (Huawei Technologies Co., Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\ewusbmdm.sys -- (hwdatacard)

DRV - [2008.03.14 14:04:26 | 000,054,784 | ---- | M] (ITE Tech. Inc. ) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\itecir.sys -- (itecir)

DRV - [2008.03.11 07:42:24 | 000,203,264 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\k57nd60x.sys -- (k57nd60x) Broadcom NetLink (TM)

DRV - [2008.03.11 07:24:46 | 000,038,400 | ---- | M] (REDC) [Kernel | Auto | Running] -- C:\Windows\System32\drivers\rixdptsk.sys -- (rismxdp)

DRV - [2008.03.11 07:24:44 | 000,046,592 | ---- | M] (REDC) [Kernel | Auto | Running] -- C:\Windows\System32\drivers\rimmptsk.sys -- (rimmptsk)

DRV - [2008.03.11 07:24:42 | 000,043,008 | ---- | M] (REDC) [Kernel | Auto | Running] -- C:\Windows\System32\drivers\rimsptsk.sys -- (rimsptsk)

DRV - [2008.01.21 03:23:25 | 000,251,904 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\VSTBS23.SYS -- (VSTHWBS2)

DRV - [2008.01.21 03:23:25 | 000,220,672 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\e1e6032.sys -- (e1express) Intel(R)

 

 
 ========== Standard Registry (SafeList) ==========

 

 
 ========== Internet Explorer ==========

 

IE - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}

IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&FORM=IE8SRC

 

 

IE - HKU\.DEFAULT\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}

IE - HKU\.DEFAULT\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://search.live.com/results.aspx?q={searchTerms}&src={referrer:source?}

IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

 

IE - HKU\S-1-5-18\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}

IE - HKU\S-1-5-18\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://search.live.com/results.aspx?q={searchTerms}&src={referrer:source?}

IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

 

 

 

IE - HKU\S-1-5-21-3495034231-3606071678-3502338459-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = DELL - Offizielle Seite | Dell Österreich

IE - HKU\S-1-5-21-3495034231-3606071678-3502338459-1000\SOFTWARE\Microsoft\Internet Explorer\Main,StartPageCache = 1

IE - HKU\S-1-5-21-3495034231-3606071678-3502338459-1000\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}

IE - HKU\S-1-5-21-3495034231-3606071678-3502338459-1000\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?FORM=IEFM1&q={searchTerms}&src={referrer:source?}

IE - HKU\S-1-5-21-3495034231-3606071678-3502338459-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-21-3495034231-3606071678-3502338459-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local

 
 ========== FireFox ==========

 

FF - prefs.js..browser.search.defaultenginename: "Bing"

FF - prefs.js..browser.search.defaulturl: "hxxp://www.bing.com/search?FORM=IEFM1&q="

FF - prefs.js..browser.search.selectedEngine: "Google"

FF - prefs.js..browser.search.useDBForOrder: true

FF - prefs.js..browser.startup.homepage: "hxxp://www.google.at/firefox?client=firefox-a&rls=org.mozilla:de:official"

FF - prefs.js..extensions.enabledItems: {8b86149f-01fb-4842-9dd8-4d7eb02fd055}:0.22.1

FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}:6.0.20

FF - prefs.js..extensions.enabledItems: {82AF8DCA-6DE9-405D-BD5E-43525BDAD38A}:5.3.0.7280

FF - prefs.js..keyword.URL: "hxxp://www.bing.com/search?FORM=IEFM1&q="

 

 

FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF32.dll ()

FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=:  File not found

FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=1.0: C:\Program Files\iTunes\Mozilla Plugins\npitunes.dll ()

FF - HKLM\Software\MozillaPlugins\@divx.com/DivX Browser Plugin,version=1.0.0: C:\Program Files\DivX\DivX Web Player\npdivx32.dll (DivX,Inc.)

FF - HKLM\Software\MozillaPlugins\@divx.com/DivX Player Plugin,version=1.0.0: C:\Program Files\DivX\DivX Player\npDivxPlayerPlugin.dll (DivX, Inc)

FF - HKLM\Software\MozillaPlugins\@Google.com/GoogleEarthPlugin: C:\Program Files\Google\Google Earth\plugin\npgeplugin.dll (Google)

FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files\Microsoft Silverlight\4.1.10111.0\npctrl.dll ( Microsoft Corporation)

FF - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeLive,version=1.3: C:\Program Files\Microsoft\Office Live\npOLW.dll (Microsoft Corp.)

FF - HKLM\Software\MozillaPlugins\@microsoft.com/WPF,version=3.5: c:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)

FF - HKLM\Software\MozillaPlugins\@real.com/nppl3260;version=6.0.12.69: C:\Program Files\K-Lite Codec Pack\Real\browser\plugins\nppl3260.dll (RealNetworks, Inc.)

FF - HKLM\Software\MozillaPlugins\@real.com/nprpjplug;version=6.0.12.69: C:\Program Files\K-Lite Codec Pack\Real\browser\plugins\nprpjplug.dll (RealNetworks, Inc.)

FF - HKLM\Software\MozillaPlugins\@real.com/nsJSRealPlayerPlugin;version=:  File not found

FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files\Google\Update\1.3.21.99\npGoogleUpdate3.dll (Google Inc.)

FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files\Google\Update\1.3.21.99\npGoogleUpdate3.dll (Google Inc.)

 

FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 3.6.28\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2012.03.15 08:40:13 | 000,000,000 | ---D | M]

FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 3.6.28\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2012.03.15 08:40:13 | 000,000,000 | ---D | M]

 

[2008.11.05 15:13:40 | 000,000,000 | ---D | M] (No name found) -- C:\Users\sandra\AppData\Roaming\mozilla\Extensions

[2012.03.15 08:50:26 | 000,000,000 | ---D | M] (No name found) -- C:\Users\sandra\AppData\Roaming\mozilla\Firefox\Profiles\51uoo4lk.default\extensions

[2010.05.06 10:25:52 | 000,000,000 | ---D | M] (Microsoft .NET Framework Assistant) -- C:\Users\sandra\AppData\Roaming\mozilla\Firefox\Profiles\51uoo4lk.default\extensions\{20a82645-c095-46ed-80e3-08825760534b}

[2011.09.20 16:32:23 | 000,000,000 | ---D | M] (All-in-One Gestures) -- C:\Users\sandra\AppData\Roaming\mozilla\Firefox\Profiles\51uoo4lk.default\extensions\{8b86149f-01fb-4842-9dd8-4d7eb02fd055}

[2009.11.06 16:12:33 | 000,002,163 | ---- | M] () -- C:\Users\sandra\AppData\Roaming\Mozilla\Firefox\Profiles\51uoo4lk.default\searchplugins\bing.xml

[2011.12.03 22:53:04 | 000,000,000 | ---D | M] (No name found) -- C:\Programme\Mozilla Firefox\extensions

[2011.05.25 18:34:01 | 000,000,000 | ---D | M] (Skype extension) -- C:\Programme\Mozilla Firefox\extensions\{82AF8DCA-6DE9-405D-BD5E-43525BDAD38A}

[2010.05.06 09:50:54 | 000,000,000 | ---D | M] (Java Console) -- C:\Programme\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}

[2011.05.25 18:34:01 | 000,000,000 | ---D | M] (Skype extension) -- C:\PROGRAM FILES\MOZILLA FIREFOX\EXTENSIONS\{82AF8DCA-6DE9-405D-BD5E-43525BDAD38A}

[2009.06.03 19:22:56 | 000,000,000 | ---D | M] (Java Console) -- C:\PROGRAM FILES\MOZILLA FIREFOX\EXTENSIONS\{CAFEEFAC-0016-0000-0013-ABCDEFFEDCBA}

[2009.09.03 07:33:39 | 000,000,000 | ---D | M] (Java Console) -- C:\PROGRAM FILES\MOZILLA FIREFOX\EXTENSIONS\{CAFEEFAC-0016-0000-0015-ABCDEFFEDCBA}

[2009.11.30 19:23:59 | 000,000,000 | ---D | M] (Java Console) -- C:\PROGRAM FILES\MOZILLA FIREFOX\EXTENSIONS\{CAFEEFAC-0016-0000-0017-ABCDEFFEDCBA}

[2010.05.06 09:50:54 | 000,000,000 | ---D | M] (Java Console) -- C:\PROGRAM FILES\MOZILLA FIREFOX\EXTENSIONS\{CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}

[2007.07.26 16:00:36 | 001,687,552 | ---- | M] (MDL Information Systems, Inc (Elsevier MDL)) -- C:\Program Files\mozilla firefox\plugins\npchime.dll

[2010.04.12 16:29:19 | 000,411,368 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files\mozilla firefox\plugins\npdeployJava1.dll

[2011.11.12 19:18:43 | 000,001,392 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\amazondotcom-de.xml

[2011.11.12 19:18:43 | 000,002,344 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\eBay-de.xml

[2011.11.12 19:18:43 | 000,006,805 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\leo_ende_de.xml

[2011.11.12 19:18:43 | 000,001,178 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\wikipedia-de.xml

[2011.11.12 19:18:43 | 000,001,105 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\yahoo-de.xml

 

O1 HOSTS File: ([2006.09.18 22:41:30 | 000,000,761 | ---- | M]) - C:\Windows\System32\drivers\etc\hosts

O1 - Hosts: 127.0.0.1       localhost

O1 - Hosts: ::1             localhost

O2 - BHO: (no name) - {602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} - No CLSID value found.

O2 - BHO: (Search Helper) - {6EBF7485-159F-4bff-A14F-B9E3AAC4465B} - C:\Programme\Microsoft\Search Enhancement Pack\Search Helper\SEPsearchhelperie.dll (Microsoft Corporation)

O2 - BHO: (Groove GFS Browser Helper) - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Programme\Microsoft Office\Office12\GrooveShellExtensions.dll (Microsoft Corporation)

O2 - BHO: (Windows Live Anmelde-Hilfsprogramm) - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Programme\Common Files\microsoft shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corporation)

O2 - BHO: (Skype Plug-In) - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Programme\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)

O3 - HKLM\..\Toolbar: (no name) - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - No CLSID value found.

O3 - HKU\S-1-5-21-3495034231-3606071678-3502338459-1000\..\Toolbar\WebBrowser: (no name) - {21FA44EF-376D-4D53-9B0F-8A89D3229068} - No CLSID value found.

O3 - HKU\S-1-5-21-3495034231-3606071678-3502338459-1000\..\Toolbar\WebBrowser: (no name) - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - No CLSID value found.

O4 - HKLM..\Run: [Apoint] C:\Programme\DellTPad\Apoint.exe (Alps Electric Co., Ltd.)

O4 - HKLM..\Run: [APSDaemon] C:\Program Files\Common Files\Apple\Apple Application Support\APSDaemon.exe (Apple Inc.)

O4 - HKLM..\Run: [avgnt] C:\Program Files\Avira\AntiVir Desktop\avgnt.exe (Avira GmbH)

O4 - HKLM..\Run: [dellsupportcenter] C:\Program Files\Dell Support Center\bin\sprtcmd.exe (SupportSoft, Inc.)

O4 - HKLM..\Run: [IAAnotif] C:\Program Files\Intel\Intel Matrix Storage Manager\Iaanotif.exe (Intel Corporation)

O4 - HKLM..\Run: [Malwarebytes' Anti-Malware] C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe (Malwarebytes Corporation)

O4 - HKLM..\Run: [PCMService] C:\Program Files\Dell\MediaDirect\PCMService.exe (CyberLink Corp.)

O4 - HKLM..\Run: [snp2uvc] C:\Windows\vsnp2uvc.exe (Sonix)

O4 - HKLM..\Run: [StartCCC] C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe (Advanced Micro Devices, Inc.)

O4 - HKLM..\Run: [SysTrayApp] C:\Programme\IDT\WDM\sttray.exe (IDT, Inc.)

O4 - HKLM..\Run: [WinampAgent] C:\Program Files\Winamp\winampa.exe ()

O4 - HKLM..\Run: [Windows Defender] C:\Program Files\Windows Defender\MSASCui.exe (Microsoft Corporation)

O4 - HKU\S-1-5-19..\Run: [WindowsWelcomeCenter] C:\Windows\System32\oobefldr.dll (Microsoft Corporation)

O4 - HKU\S-1-5-20..\Run: [WindowsWelcomeCenter] C:\Windows\System32\oobefldr.dll (Microsoft Corporation)

O4 - HKU\S-1-5-21-3495034231-3606071678-3502338459-1000..\Run: [MsnMsgr] "C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe" /background File not found

O4 - HKU\S-1-5-21-3495034231-3606071678-3502338459-1000..\Run: [WMPNSCFG] C:\Programme\Windows Media Player\wmpnscfg.exe (Microsoft Corporation)

O4 - Startup: C:\Users\Default\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dell Dock First Run.lnk = C:\Programme\Dell\DellDock\DellDock.exe (Stardock Corporation)

O4 - Startup: C:\Users\Default User\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dell Dock First Run.lnk = C:\Programme\Dell\DellDock\DellDock.exe (Stardock Corporation)

O4 - Startup: C:\Users\Gast\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dell Dock.lnk = C:\Programme\Dell\DellDock\DellDock.exe (Stardock Corporation)

O4 - Startup: C:\Users\sandra\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dell Dock.lnk = C:\Programme\Dell\DellDock\DellDock.exe (Stardock Corporation)

O8 - Extra context menu item: Add to Windows &Live Favorites - hxxp://favorites.live.com/quickadd.aspx File not found

O8 - Extra context menu item: Nach Microsoft E&xel exportieren - C:\Programme\Microsoft Office\Office12\EXCEL.EXE (Microsoft Corporation)

O9 - Extra Button: An OneNote senden - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Programme\Microsoft Office\Office12\ONBttnIE.dll (Microsoft Corporation)

O9 - Extra 'Tools' menuitem : An OneNote s&enden - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Programme\Microsoft Office\Office12\ONBttnIE.dll (Microsoft Corporation)

O9 - Extra Button: Skype Plug-In - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Programme\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)

O9 - Extra 'Tools' menuitem : Skype Plug-In - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Programme\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)

O9 - Extra Button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\Programme\Microsoft Office\Office12\REFIEBAR.DLL (Microsoft Corporation)

O9 - Extra Button: ICQ6 - {E59EB121-F339-4851-A3BA-FE49C35617C2} - C:\Programme\ICQ6\ICQ.exe (ICQ, Inc.)

O9 - Extra 'Tools' menuitem : ICQ6 - {E59EB121-F339-4851-A3BA-FE49C35617C2} - C:\Programme\ICQ6\ICQ.exe (ICQ, Inc.)

O10 - NameSpace_Catalog5\Catalog_Entries\000000000007 [] - C:\Programme\Bonjour\mdnsNSP.dll (Apple Inc.)

O12 - Plugin for: .csm - C:\Programme\Internet Explorer\Plugins\npchime.dll (MDL Information Systems, Inc (Elsevier MDL))

O12 - Plugin for: .csml - C:\Programme\Internet Explorer\Plugins\npchime.dll (MDL Information Systems, Inc (Elsevier MDL))

O12 - Plugin for: .cub - C:\Programme\Internet Explorer\Plugins\npchime.dll (MDL Information Systems, Inc (Elsevier MDL))

O12 - Plugin for: .cube - C:\Programme\Internet Explorer\Plugins\npchime.dll (MDL Information Systems, Inc (Elsevier MDL))

O12 - Plugin for: .dx - C:\Programme\Internet Explorer\Plugins\npchime.dll (MDL Information Systems, Inc (Elsevier MDL))

O12 - Plugin for: .emb - C:\Programme\Internet Explorer\Plugins\npchime.dll (MDL Information Systems, Inc (Elsevier MDL))

O12 - Plugin for: .embl - C:\Programme\Internet Explorer\Plugins\npchime.dll (MDL Information Systems, Inc (Elsevier MDL))

O12 - Plugin for: .gau - C:\Programme\Internet Explorer\Plugins\npchime.dll (MDL Information Systems, Inc (Elsevier MDL))

O12 - Plugin for: .jdx - C:\Programme\Internet Explorer\Plugins\npchime.dll (MDL Information Systems, Inc (Elsevier MDL))

O12 - Plugin for: .mol - C:\Programme\Internet Explorer\Plugins\npchime.dll (MDL Information Systems, Inc (Elsevier MDL))

O12 - Plugin for: .mop - C:\Programme\Internet Explorer\Plugins\npchime.dll (MDL Information Systems, Inc (Elsevier MDL))

O12 - Plugin for: .pdb - C:\Programme\Internet Explorer\Plugins\npchime.dll (MDL Information Systems, Inc (Elsevier MDL))

O12 - Plugin for: .rxn - C:\Programme\Internet Explorer\Plugins\npchime.dll (MDL Information Systems, Inc (Elsevier MDL))

O12 - Plugin for: .scr - C:\Programme\Internet Explorer\Plugins\npchime.dll (MDL Information Systems, Inc (Elsevier MDL))

O12 - Plugin for: .skc - C:\Programme\Internet Explorer\Plugins\npchime.dll (MDL Information Systems, Inc (Elsevier MDL))

O12 - Plugin for: .spt - C:\Programme\Internet Explorer\Plugins\npchime.dll (MDL Information Systems, Inc (Elsevier MDL))

O12 - Plugin for: .tgf - C:\Programme\Internet Explorer\Plugins\npchime.dll (MDL Information Systems, Inc (Elsevier MDL))

O12 - Plugin for: .xyz - C:\Programme\Internet Explorer\Plugins\npchime.dll (MDL Information Systems, Inc (Elsevier MDL))

O13 - gopher Prefix: missing

O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_20-windows-i586.cab (Java Plug-in 1.6.0_20)

O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} hxxp://messenger.zone.msn.com/binary/MessengerStatsPAClient.cab56907.cab (MessengerStatsClient Class)

O16 - DPF: {CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_07-windows-i586.cab (Java Plug-in 1.6.0_07)

O16 - DPF: {CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_20-windows-i586.cab (Java Plug-in 1.6.0_20)

O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_20-windows-i586.cab (Java Plug-in 1.6.0_20)

O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 195.34.133.21 195.34.133.22

O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{2C7D9A5E-6C89-4D30-94C1-41BD7B21B879}: DhcpNameServer = 195.34.133.21 195.34.133.22

O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{8020B94A-7AF0-44B7-97C5-414DF8E9853B}: DhcpNameServer = 92.62.30.3 195.230.160.10 195.230.160.12

O18 - Protocol\Handler\grooveLocalGWS {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\Programme\Microsoft Office\Office12\GrooveSystemServices.dll (Microsoft Corporation)

O18 - Protocol\Handler\ms-help {314111c7-a502-11d2-bbca-00c04f8ec294} - C:\Programme\Common Files\microsoft shared\Help\hxds.dll (Microsoft Corporation)

O18 - Protocol\Handler\ms-itss {0A9007C0-4076-11D3-8789-0000F8105754} - C:\Programme\Common Files\microsoft shared\Information Retrieval\msitss.dll (Microsoft Corporation)

O18 - Protocol\Handler\skype-ie-addon-data {91774881-D725-4E58-B298-07617B9B86A8} - C:\Programme\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)

O18 - Protocol\Filter\text/xml {807563E5-5146-11D5-A672-00B0D022E945} - C:\Programme\Common Files\microsoft shared\OFFICE12\MSOXMLMF.DLL (Microsoft Corporation)

O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)

O20 - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\System32\userinit.exe (Microsoft Corporation)

O20 - Winlogon\Notify\GoToAssist: DllName - (C:\Program Files\Citrix\GoToAssist\514\G2AWinLogon.dll) - C:\Programme\Citrix\GoToAssist\514\g2awinlogon.dll (Citrix Online, a division of Citrix Systems, Inc.)

O24 - Desktop WallPaper: C:\Windows\Web\Wallpaper\img34.jpg

O24 - Desktop BackupWallPaper: C:\Windows\Web\Wallpaper\img34.jpg

O28 - HKLM ShellExecuteHooks: {B5A7F190-DDA6-4420-B3BA-52453494E6CD} - C:\Programme\Microsoft Office\Office12\GrooveShellExtensions.dll (Microsoft Corporation)

O32 - HKLM CDRom: AutoRun - 1

O32 - AutoRun File - [2006.09.18 22:43:36 | 000,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ]

O33 - MountPoints2\{030e3481-5cb5-11de-9d7a-00217082d29c}\Shell - "" = AutoRun

O33 - MountPoints2\{030e3481-5cb5-11de-9d7a-00217082d29c}\Shell\AutoRun\command - "" = F:\AutoRun.exe

O33 - MountPoints2\{030e3482-5cb5-11de-9d7a-00217082d29c}\Shell - "" = AutoRun

O33 - MountPoints2\{030e3482-5cb5-11de-9d7a-00217082d29c}\Shell\AutoRun\command - "" = F:\AutoRun.exe

O33 - MountPoints2\{8b31ec2c-4077-11e1-91d0-00217082d29c}\Shell - "" = AutoRun

O33 - MountPoints2\{8b31ec2c-4077-11e1-91d0-00217082d29c}\Shell\AutoRun\command - "" = F:\AutoLcd209x.exe

O33 - MountPoints2\{fc50d8ea-b587-11dd-b579-d42f6e3e9e72}\Shell - "" = AutoRun

O33 - MountPoints2\{fc50d8ea-b587-11dd-b579-d42f6e3e9e72}\Shell\AutoRun\command - "" = F:\AutoRun.exe

O33 - MountPoints2\{fc50d8fd-b587-11dd-b579-d42f6e3e9e72}\Shell - "" = AutoRun

O33 - MountPoints2\{fc50d8fd-b587-11dd-b579-d42f6e3e9e72}\Shell\AutoRun\command - "" = F:\AutoRun.exe

O33 - MountPoints2\{fc50d8fe-b587-11dd-b579-d42f6e3e9e72}\Shell - "" = AutoRun

O33 - MountPoints2\{fc50d8fe-b587-11dd-b579-d42f6e3e9e72}\Shell\AutoRun\command - "" = F:\AutoRun.exe

O34 - HKLM BootExecute: (autocheck autochk *)

O35 - HKLM\..comfile [open] -- "%1" %*

O35 - HKLM\..exefile [open] -- "%1" %*

O37 - HKLM\...com [@ = comfile] -- "%1" %*

O37 - HKLM\...exe [@ = exefile] -- "%1" %*

 

NetSvcs: FastUserSwitchingCompatibility -  File not found

NetSvcs: Ias - C:\Windows\System32\ias.dll (Microsoft Corporation)

NetSvcs: Nla -  File not found

NetSvcs: Ntmssvc -  File not found

NetSvcs: NWCWorkstation -  File not found

NetSvcs: Nwsapagent -  File not found

NetSvcs: SRService -  File not found

NetSvcs: WmdmPmSp -  File not found

NetSvcs: LogonHours -  File not found

NetSvcs: PCAudit -  File not found

NetSvcs: helpsvc -  File not found

NetSvcs: uploadmgr -  File not found

 

 

SafeBootMin: AppMgmt - Service

SafeBootMin: Base - Driver Group

SafeBootMin: Boot Bus Extender - Driver Group

SafeBootMin: Boot file system - Driver Group

SafeBootMin: File system - Driver Group

SafeBootMin: Filter - Driver Group

SafeBootMin: HelpSvc - Service

SafeBootMin: NTDS -  File not found

SafeBootMin: PCI Configuration - Driver Group

SafeBootMin: PNP Filter - Driver Group

SafeBootMin: Primary disk - Driver Group

SafeBootMin: sacsvr - Service

SafeBootMin: SCSI Class - Driver Group

SafeBootMin: System Bus Extender - Driver Group

SafeBootMin: WinDefend - C:\Programme\Windows Defender\MpSvc.dll (Microsoft Corporation)

SafeBootMin: {36FC9E60-C465-11CF-8056-444553540000} - Universal Serial Bus controllers

SafeBootMin: {4D36E965-E325-11CE-BFC1-08002BE10318} - CD-ROM Drive

SafeBootMin: {4D36E967-E325-11CE-BFC1-08002BE10318} - DiskDrive

SafeBootMin: {4D36E969-E325-11CE-BFC1-08002BE10318} - Standard floppy disk controller

SafeBootMin: {4D36E96A-E325-11CE-BFC1-08002BE10318} - Hdc

SafeBootMin: {4D36E96B-E325-11CE-BFC1-08002BE10318} - Keyboard

SafeBootMin: {4D36E96F-E325-11CE-BFC1-08002BE10318} - Mouse

SafeBootMin: {4D36E977-E325-11CE-BFC1-08002BE10318} - PCMCIA Adapters

SafeBootMin: {4D36E97B-E325-11CE-BFC1-08002BE10318} - SCSIAdapter

SafeBootMin: {4D36E97D-E325-11CE-BFC1-08002BE10318} - System

SafeBootMin: {4D36E980-E325-11CE-BFC1-08002BE10318} - Floppy disk drive

SafeBootMin: {533C5B84-EC70-11D2-9505-00C04F79DEAF} - Volume shadow copy

SafeBootMin: {6BDD1FC1-810F-11D0-BEC7-08002BE2092F} - IEEE 1394 Bus host controllers

SafeBootMin: {71A27CDD-812A-11D0-BEC7-08002BE2092F} - Volume

SafeBootMin: {745A17A0-74D3-11D0-B6FE-00A0C90F57DA} - Human Interface Devices

SafeBootMin: {D48179BE-EC20-11D1-B6B8-00C04FA372A7} - SBP2 IEEE 1394 Devices

SafeBootMin: {D94EE5D8-D189-4994-83D2-F68D7D41B0E6} - SecurityDevices

 

SafeBootNet: AppMgmt - Service

SafeBootNet: Base - Driver Group

SafeBootNet: Boot Bus Extender - Driver Group

SafeBootNet: Boot file system - Driver Group

SafeBootNet: File system - Driver Group

SafeBootNet: Filter - Driver Group

SafeBootNet: GoToAssist - C:\Program Files\Citrix\GoToAssist\514\g2aservice.exe (Citrix Online, a division of Citrix Systems, Inc.)

SafeBootNet: HelpSvc - Service

SafeBootNet: Messenger - Service

SafeBootNet: NDIS Wrapper - Driver Group

SafeBootNet: NetBIOSGroup - Driver Group

SafeBootNet: NetDDEGroup - Driver Group

SafeBootNet: Network - Driver Group

SafeBootNet: NetworkProvider - Driver Group

SafeBootNet: NTDS -  File not found

SafeBootNet: PCI Configuration - Driver Group

SafeBootNet: PNP Filter - Driver Group

SafeBootNet: PNP_TDI - Driver Group

SafeBootNet: Primary disk - Driver Group

SafeBootNet: rdsessmgr - Service

SafeBootNet: sacsvr - Service

SafeBootNet: SCSI Class - Driver Group

SafeBootNet: Streams Drivers - Driver Group

SafeBootNet: System Bus Extender - Driver Group

SafeBootNet: TDI - Driver Group

SafeBootNet: WinDefend - C:\Programme\Windows Defender\MpSvc.dll (Microsoft Corporation)

SafeBootNet: WudfPf - Driver

SafeBootNet: WudfUsbccidDriver - Driver

SafeBootNet: {36FC9E60-C465-11CF-8056-444553540000} - Universal Serial Bus controllers

SafeBootNet: {4D36E965-E325-11CE-BFC1-08002BE10318} - CD-ROM Drive

SafeBootNet: {4D36E967-E325-11CE-BFC1-08002BE10318} - DiskDrive

SafeBootNet: {4D36E969-E325-11CE-BFC1-08002BE10318} - Standard floppy disk controller

SafeBootNet: {4D36E96A-E325-11CE-BFC1-08002BE10318} - Hdc

SafeBootNet: {4D36E96B-E325-11CE-BFC1-08002BE10318} - Keyboard

SafeBootNet: {4D36E96F-E325-11CE-BFC1-08002BE10318} - Mouse

SafeBootNet: {4D36E972-E325-11CE-BFC1-08002BE10318} - Net

SafeBootNet: {4D36E973-E325-11CE-BFC1-08002BE10318} - NetClient

SafeBootNet: {4D36E974-E325-11CE-BFC1-08002BE10318} - NetService

SafeBootNet: {4D36E975-E325-11CE-BFC1-08002BE10318} - NetTrans

SafeBootNet: {4D36E977-E325-11CE-BFC1-08002BE10318} - PCMCIA Adapters

SafeBootNet: {4D36E97B-E325-11CE-BFC1-08002BE10318} - SCSIAdapter

SafeBootNet: {4D36E97D-E325-11CE-BFC1-08002BE10318} - System

SafeBootNet: {4D36E980-E325-11CE-BFC1-08002BE10318} - Floppy disk drive

SafeBootNet: {50DD5230-BA8A-11D1-BF5D-0000F805F530} - Smart card readers

SafeBootNet: {533C5B84-EC70-11D2-9505-00C04F79DEAF} - Volume shadow copy

SafeBootNet: {6BDD1FC1-810F-11D0-BEC7-08002BE2092F} - IEEE 1394 Bus host controllers

SafeBootNet: {71A27CDD-812A-11D0-BEC7-08002BE2092F} - Volume

SafeBootNet: {745A17A0-74D3-11D0-B6FE-00A0C90F57DA} - Human Interface Devices

SafeBootNet: {D48179BE-EC20-11D1-B6B8-00C04FA372A7} - SBP2 IEEE 1394 Devices

SafeBootNet: {D94EE5D8-D189-4994-83D2-F68D7D41B0E6} - SecurityDevices

 

ActiveX: {08B0E5C0-4FCB-11CF-AAA5-00401C608500} - Java (Sun)

ActiveX: {2179C5D3-EBFF-11CF-B6FD-00AA00B4E220} - 

ActiveX: {22d6f312-b0f6-11d0-94ab-0080c74c7e95} - Microsoft Windows Media Player 11.0

ActiveX: {25FFAAD0-F4A3-4164-95FF-4461E9F35D51} - .NET Framework

ActiveX: {2C7339CF-2B09-4501-B3F3-F3508C9228ED} - %SystemRoot%\system32\regsvr32.exe /s /n /i:/UserInstall %SystemRoot%\system32\themeui.dll

ActiveX: {3af36230-a269-11d1-b5bf-0000f8051515} - Offline Browsing Pack

ActiveX: {44BBA840-CC51-11CF-AAFA-00AA00B6015C} - "%ProgramFiles%\Windows Mail\WinMail.exe" OCInstallUserConfigOE

ActiveX: {44BBA848-CC51-11CF-AAFA-00AA00B6015C} - 

ActiveX: {44BBA855-CC51-11CF-AAFA-00AA00B6015F} - DirectDrawEx

ActiveX: {45ea75a0-a269-11d1-b5bf-0000f8051515} - Internet Explorer Help

ActiveX: {4f645220-306d-11d2-995d-00c04f98bbc9} - Microsoft Windows Script 5.6

ActiveX: {5fd399c0-a70a-11d1-9948-00c04f98bbc9} - Internet Explorer Setup Tools

ActiveX: {630b1da0-b465-11d1-9948-00c04f98bbc9} - Browsing Enhancements

ActiveX: {6BF52A52-394A-11d3-B153-00C04F79FAA6} - Microsoft Windows Media Player

ActiveX: {6fab99d0-bab8-11d1-994a-00c04f98bbc9} - MSN Site Access

ActiveX: {7790769C-0471-11d2-AF11-00C04FA35D02} - Address Book 7

ActiveX: {7C028AF8-F614-47B3-82DA-BA94E41B1089} - .NET Framework

ActiveX: {89820200-ECBD-11cf-8B85-00AA005B4340} - regsvr32.exe /s /n /i:U shell32.dll

ActiveX: {89820200-ECBD-11cf-8B85-00AA005B4383} - C:\Windows\system32\ie4uinit.exe -BaseSettings

ActiveX: {89B4C1CD-B018-4511-B0A1-5476DBF70820} - C:\Windows\system32\Rundll32.exe C:\Windows\system32\mscories.dll,Install

ActiveX: {9381D8F2-0288-11D0-9501-00AA00B911A5} - Dynamic HTML Data Binding

ActiveX: {C9E9A340-D1F1-11D0-821E-444553540600} - Internet Explorer Core Fonts

ActiveX: {CDD7975E-60F8-41d5-8149-19E51D6F71D0} - Windows Movie Maker v2.1

ActiveX: {D27CDB6E-AE6D-11CF-96B8-444553540000} - Adobe Flash Player

ActiveX: {de5aed00-a4bf-11d1-9948-00c04f98bbc9} - HTML Help

ActiveX: {E92B03AB-B707-11d2-9CBD-0000F87A369E} - Active Directory Service Interface

ActiveX: >{22d6f312-b0f6-11d0-94ab-0080c74c7e95} - C:\Windows\system32\unregmp2.exe /ShowWMP

ActiveX: >{26923b43-4d38-484f-9b9e-de460746276c} - C:\Windows\system32\ie4uinit.exe -UserIconConfig

ActiveX: >{60B49E34-C7CC-11D0-8953-00A0C90347FF} - "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\iedkcs32.dll",BrandIEActiveSetup SIGNUP

 

Drivers32: msacm.ac3acm - C:\Windows\System32\ac3acm.acm (fccHandler)

Drivers32: msacm.l3acm - C:\Windows\System32\l3codeca.acm (Fraunhofer Institut Integrierte Schaltungen IIS)

Drivers32: msacm.lameacm - C:\Windows\System32\lameACM.acm (www)

Drivers32: MSVideo8 - C:\Windows\System32\vfwwdm32.dll (Microsoft Corporation)

Drivers32: vidc.cvid - C:\Windows\System32\iccvid.dll (Radius Inc.)

Drivers32: vidc.DIVX - C:\Windows\System32\DivX.dll (DivX, Inc.)

Drivers32: VIDC.FFDS - C:\Windows\System32\ff_vfw.dll ()

Drivers32: VIDC.XVID - C:\Windows\System32\xvidvfw.dll ()

Drivers32: VIDC.YV12 - C:\Windows\System32\DivX.dll (DivX, Inc.)

 

CREATERESTOREPOINT

Restore point Set: OTL Restore Point

 
 ========== Files/Folders - Created Within 30 Days ==========

 

[2012.03.15 13:55:07 | 000,594,432 | ---- | C] (OldTimer Tools) -- C:\Users\sandra\Desktop\OTL.exe

[2012.03.12 17:50:22 | 000,000,000 | ---D | C] -- C:\Program Files\ESET

[2012.03.11 00:12:43 | 000,000,000 | ---D | C] -- C:\Users\sandra\AppData\Roaming\Malwarebytes

[2012.03.11 00:09:50 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes' Anti-Malware

[2012.03.11 00:09:46 | 000,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes

[2012.03.11 00:09:32 | 000,020,464 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbam.sys

[2012.03.11 00:09:32 | 000,000,000 | ---D | C] -- C:\Program Files\Malwarebytes' Anti-Malware

 
 ========== Files - Modified Within 30 Days ==========

 

[2012.03.15 14:01:09 | 000,001,098 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job

[2012.03.15 13:55:19 | 000,594,432 | ---- | M] (OldTimer Tools) -- C:\Users\sandra\Desktop\OTL.exe

[2012.03.15 12:36:24 | 000,003,616 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0

[2012.03.15 12:36:24 | 000,003,616 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0

[2012.03.15 08:42:59 | 000,621,952 | ---- | M] () -- C:\Windows\System32\perfh007.dat

[2012.03.15 08:42:59 | 000,590,082 | ---- | M] () -- C:\Windows\System32\perfh009.dat

[2012.03.15 08:42:59 | 000,123,852 | ---- | M] () -- C:\Windows\System32\perfc007.dat

[2012.03.15 08:42:59 | 000,102,094 | ---- | M] () -- C:\Windows\System32\perfc009.dat

[2012.03.15 08:36:50 | 000,001,094 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job

[2012.03.15 08:36:19 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat

[2012.03.15 08:35:33 | 2145,361,920 | -HS- | M] () -- C:\hiberfil.sys

[2012.03.14 18:00:00 | 000,000,446 | ---- | M] () -- C:\Windows\tasks\ParetoLogic Registration3.job

[2012.03.14 18:00:00 | 000,000,444 | ---- | M] () -- C:\Windows\tasks\ParetoLogic Registration.job

[2012.03.13 08:40:43 | 000,000,418 | ---- | M] () -- C:\Windows\tasks\ParetoLogic Update Version2.job

[2012.03.12 14:12:03 | 000,000,382 | ---- | M] () -- C:\Windows\tasks\DriverCure.job

[2012.03.11 21:39:20 | 000,173,056 | ---- | M] () -- C:\Users\sandra\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini

[2012.03.11 00:09:51 | 000,000,908 | ---- | M] () -- C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk

[2012.03.08 03:03:52 | 000,008,798 | ---- | M] () -- C:\Windows\System32\icrav03.rat

[2012.03.08 03:03:52 | 000,001,988 | ---- | M] () -- C:\Windows\System32\ticrf.rat

[2012.03.08 03:03:39 | 000,072,822 | ---- | M] () -- C:\Windows\System32\ieuinit.inf

[2012.02.27 16:11:33 | 000,248,749 | ---- | M] () -- C:\Users\sandra\Documents\Lebenslauf_Sandra_Toth.pdf

[2012.02.19 18:08:08 | 000,379,880 | ---- | M] () -- C:\Windows\System32\FNTCACHE.DAT

 
 ========== Files Created - No Company Name ==========

 

[2012.03.11 00:09:51 | 000,000,908 | ---- | C] () -- C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk

[2012.03.10 23:40:18 | 2145,361,920 | -HS- | C] () -- C:\hiberfil.sys

[2012.03.08 03:03:39 | 000,072,822 | ---- | C] () -- C:\Windows\System32\ieuinit.inf

[2012.02.27 16:11:32 | 000,248,749 | ---- | C] () -- C:\Users\sandra\Documents\Lebenslauf_Sandra_Toth.pdf

[2011.12.16 03:35:06 | 000,000,127 | ---- | C] () -- C:\Windows\System32\MRT.INI

[2011.10.06 18:19:09 | 000,000,106 | ---- | C] () -- C:\Windows\GKMENS3D.INI

[2011.10.06 18:18:53 | 000,113,445 | ---- | C] () -- C:\Windows\GKM30DEI.EXE

[2011.02.17 15:53:11 | 000,000,056 | -H-- | C] () -- C:\ProgramData\ezsidmv.dat

 
 ========== LOP Check ==========

 

[2009.02.18 18:01:57 | 000,000,000 | ---D | M] -- C:\Users\sandra\AppData\Roaming\Alice Systems

[2009.11.16 03:25:49 | 000,000,000 | ---D | M] -- C:\Users\sandra\AppData\Roaming\DriverCure

[2011.11.09 23:38:04 | 000,000,000 | ---D | M] -- C:\Users\sandra\AppData\Roaming\Ekloy

[2008.11.05 18:46:03 | 000,000,000 | ---D | M] -- C:\Users\sandra\AppData\Roaming\ICQ

[2011.12.16 11:08:09 | 000,000,000 | ---D | M] -- C:\Users\sandra\AppData\Roaming\Ynzied

[2012.03.12 14:12:03 | 000,000,382 | ---- | M] () -- C:\Windows\Tasks\DriverCure.job

[2012.03.14 18:00:00 | 000,000,444 | ---- | M] () -- C:\Windows\Tasks\ParetoLogic Registration.job

[2012.03.14 18:00:00 | 000,000,446 | ---- | M] () -- C:\Windows\Tasks\ParetoLogic Registration3.job

[2012.03.13 08:40:43 | 000,000,418 | ---- | M] () -- C:\Windows\Tasks\ParetoLogic Update Version2.job

[2012.03.12 14:13:24 | 000,032,538 | ---- | M] () -- C:\Windows\Tasks\SCHEDLGU.TXT

 
 ========== Purity Check ==========

 

 

 
 ========== Custom Scans ==========

 

 
 < %ALLUSERSPROFILE%\Application Data\*. >

 
 < %ALLUSERSPROFILE%\Application Data\*.exe /s >

 
 < %APPDATA%\*. >

[2011.05.14 19:57:15 | 000,000,000 | ---D | M] -- C:\Users\sandra\AppData\Roaming\Adobe

[2009.02.18 18:01:57 | 000,000,000 | ---D | M] -- C:\Users\sandra\AppData\Roaming\Alice Systems

[2009.11.27 15:54:17 | 000,000,000 | ---D | M] -- C:\Users\sandra\AppData\Roaming\Apple Computer

[2008.11.05 14:35:15 | 000,000,000 | ---D | M] -- C:\Users\sandra\AppData\Roaming\ATI

[2008.11.06 16:06:52 | 000,000,000 | ---D | M] -- C:\Users\sandra\AppData\Roaming\CyberLink

[2008.11.05 14:32:48 | 000,000,000 | ---D | M] -- C:\Users\sandra\AppData\Roaming\Dell

[2009.09.30 05:16:35 | 000,000,000 | ---D | M] -- C:\Users\sandra\AppData\Roaming\DivX

[2009.11.16 03:25:49 | 000,000,000 | ---D | M] -- C:\Users\sandra\AppData\Roaming\DriverCure

[2010.12.07 08:24:01 | 000,000,000 | ---D | M] -- C:\Users\sandra\AppData\Roaming\dvdcss

[2011.11.09 23:38:04 | 000,000,000 | ---D | M] -- C:\Users\sandra\AppData\Roaming\Ekloy

[2008.11.05 18:46:03 | 000,000,000 | ---D | M] -- C:\Users\sandra\AppData\Roaming\ICQ

[2008.11.05 14:34:48 | 000,000,000 | ---D | M] -- C:\Users\sandra\AppData\Roaming\Identities

[2009.12.29 19:57:00 | 000,000,000 | ---D | M] -- C:\Users\sandra\AppData\Roaming\InstallShield

[2008.11.05 14:47:47 | 000,000,000 | ---D | M] -- C:\Users\sandra\AppData\Roaming\Macromedia

[2012.03.11 00:12:43 | 000,000,000 | ---D | M] -- C:\Users\sandra\AppData\Roaming\Malwarebytes

[2006.11.02 13:37:34 | 000,000,000 | ---D | M] -- C:\Users\sandra\AppData\Roaming\Media Center Programs

[2008.11.05 19:32:06 | 000,000,000 | ---D | M] -- C:\Users\sandra\AppData\Roaming\Media Player Classic

[2011.08.31 19:10:49 | 000,000,000 | --SD | M] -- C:\Users\sandra\AppData\Roaming\Microsoft

[2008.11.05 15:13:40 | 000,000,000 | ---D | M] -- C:\Users\sandra\AppData\Roaming\Mozilla

[2010.03.01 16:12:52 | 000,000,000 | ---D | M] -- C:\Users\sandra\AppData\Roaming\Real

[2012.03.12 21:56:40 | 000,000,000 | ---D | M] -- C:\Users\sandra\AppData\Roaming\Skype

[2011.10.22 17:01:50 | 000,000,000 | ---D | M] -- C:\Users\sandra\AppData\Roaming\skypePM

[2008.11.05 14:35:21 | 000,000,000 | ---D | M] -- C:\Users\sandra\AppData\Roaming\Symantec

[2011.02.16 16:16:18 | 000,000,000 | ---D | M] -- C:\Users\sandra\AppData\Roaming\vlc

[2008.11.05 19:07:32 | 000,000,000 | ---D | M] -- C:\Users\sandra\AppData\Roaming\Winamp

[2009.01.21 11:18:34 | 000,000,000 | ---D | M] -- C:\Users\sandra\AppData\Roaming\WinRAR

[2011.12.16 11:08:09 | 000,000,000 | ---D | M] -- C:\Users\sandra\AppData\Roaming\Ynzied

 
 < %APPDATA%\*.exe /s >

 
 < %SYSTEMDRIVE%\*.exe >

 

 
 < MD5 for: AGP440.SYS  >

[2008.01.21 03:23:01 | 000,056,376 | ---- | M] (Microsoft Corporation) MD5=13F9E33747E6B41A3FF305C37DB0D360 -- C:\Windows\System32\drivers\AGP440.sys

[2008.01.21 03:23:01 | 000,056,376 | ---- | M] (Microsoft Corporation) MD5=13F9E33747E6B41A3FF305C37DB0D360 -- C:\Windows\System32\DriverStore\FileRepository\machine.inf_51b95d75\AGP440.sys

[2008.01.21 03:23:01 | 000,056,376 | ---- | M] (Microsoft Corporation) MD5=13F9E33747E6B41A3FF305C37DB0D360 -- C:\Windows\System32\DriverStore\FileRepository\machine.inf_f750e484\AGP440.sys

[2008.01.21 03:23:01 | 000,056,376 | ---- | M] (Microsoft Corporation) MD5=13F9E33747E6B41A3FF305C37DB0D360 -- C:\Windows\winsxs\x86_machine.inf_31bf3856ad364e35_6.0.6001.18000_none_ba12ed3bbeb0d97a\AGP440.sys

[2008.01.21 03:23:01 | 000,056,376 | ---- | M] (Microsoft Corporation) MD5=13F9E33747E6B41A3FF305C37DB0D360 -- C:\Windows\winsxs\x86_machine.inf_31bf3856ad364e35_6.0.6002.18005_none_bbfe6647bbd2a4c6\AGP440.sys

[2006.11.02 10:49:52 | 000,053,864 | ---- | M] (Microsoft Corporation) MD5=EF23439CDD587F64C2C1B8825CEAD7D8 -- C:\Windows\System32\DriverStore\FileRepository\machine.inf_920a2c1f\AGP440.sys

 
 < MD5 for: ATAPI.SYS  >

[2008.10.31 02:56:14 | 000,021,560 | ---- | M] (Microsoft Corporation) MD5=0D83C87A801A3DFCD1BF73893FE7518C -- C:\Windows\System32\drivers\atapi.sys

[2008.10.31 02:56:14 | 000,021,560 | ---- | M] (Microsoft Corporation) MD5=0D83C87A801A3DFCD1BF73893FE7518C -- C:\Windows\System32\DriverStore\FileRepository\mshdc.inf_4c9c5a00\atapi.sys

[2008.10.31 02:56:14 | 000,021,560 | ---- | M] (Microsoft Corporation) MD5=0D83C87A801A3DFCD1BF73893FE7518C -- C:\Windows\winsxs\x86_mshdc.inf_31bf3856ad364e35_6.0.6001.18034_none_dd1bb97e219e87cb\atapi.sys

[2009.04.11 07:32:26 | 000,019,944 | ---- | M] (Microsoft Corporation) MD5=1F05B78AB91C9075565A9D8A4B880BC4 -- C:\Windows\System32\DriverStore\FileRepository\mshdc.inf_b12d8e84\atapi.sys

[2009.04.11 07:32:26 | 000,019,944 | ---- | M] (Microsoft Corporation) MD5=1F05B78AB91C9075565A9D8A4B880BC4 -- C:\Windows\winsxs\x86_mshdc.inf_31bf3856ad364e35_6.0.6002.18005_none_df23a1261eab99e8\atapi.sys

[2008.01.21 03:23:00 | 000,021,560 | ---- | M] (Microsoft Corporation) MD5=2D9C903DC76A66813D350A562DE40ED9 -- C:\Windows\System32\DriverStore\FileRepository\mshdc.inf_cc18792d\atapi.sys

[2008.01.21 03:23:00 | 000,021,560 | ---- | M] (Microsoft Corporation) MD5=2D9C903DC76A66813D350A562DE40ED9 -- C:\Windows\winsxs\x86_mshdc.inf_31bf3856ad364e35_6.0.6001.18000_none_dd38281a2189ce9c\atapi.sys

[2006.11.02 10:49:36 | 000,019,048 | ---- | M] (Microsoft Corporation) MD5=4F4FCB8B6EA06784FB6D475B7EC7300F -- C:\Windows\System32\DriverStore\FileRepository\mshdc.inf_c6c2e699\atapi.sys

[2008.10.31 02:56:13 | 000,021,560 | ---- | M] (Microsoft Corporation) MD5=96DC4E1A9F90CCD489950A8935425C59 -- C:\Windows\winsxs\x86_mshdc.inf_31bf3856ad364e35_6.0.6001.22134_none_dda556493abc2795\atapi.sys

 
 < MD5 for: CNGAUDIT.DLL  >

[2006.11.02 10:46:03 | 000,011,776 | ---- | M] (Microsoft Corporation) MD5=7F15B4953378C8B5161D65C26D5FED4D -- C:\Windows\System32\cngaudit.dll

[2006.11.02 10:46:03 | 000,011,776 | ---- | M] (Microsoft Corporation) MD5=7F15B4953378C8B5161D65C26D5FED4D -- C:\Windows\winsxs\x86_microsoft-windows-cngaudit-dll_31bf3856ad364e35_6.0.6000.16386_none_e62d292932a96ce6\cngaudit.dll

 
 < MD5 for: IASTOR.SYS  >

[2007.09.29 23:03:32 | 000,384,024 | ---- | M] (Intel Corporation) MD5=16A4671255CFB842225F0FDB6DBDB414 -- C:\Program Files\Intel\Intel Matrix Storage Manager\Driver64\IaStor.sys

[2008.03.11 07:44:12 | 000,305,176 | ---- | M] (Intel Corporation) MD5=2358C53F30CB9DCD1D3843C4E2F299B2 -- C:\Drivers\storage\R180982\iastor.sys

[2008.03.11 07:44:12 | 000,305,176 | ---- | M] (Intel Corporation) MD5=2358C53F30CB9DCD1D3843C4E2F299B2 -- C:\Windows\System32\drivers\iaStor.sys

[2008.03.11 07:44:12 | 000,305,176 | ---- | M] (Intel Corporation) MD5=2358C53F30CB9DCD1D3843C4E2F299B2 -- C:\Windows\System32\DriverStore\FileRepository\iaahci.inf_cfa1dde4\iaStor.sys

[2008.03.11 07:44:12 | 000,305,176 | ---- | M] (Intel Corporation) MD5=2358C53F30CB9DCD1D3843C4E2F299B2 -- C:\Windows\System32\DriverStore\FileRepository\iastor.inf_ec8a8d1b\iaStor.sys

[2007.09.29 23:03:12 | 000,308,248 | ---- | M] (Intel Corporation) MD5=E5A0034847537EAEE3C00349D5C34C5F -- C:\Program Files\Intel\Intel Matrix Storage Manager\Driver\IaStor.sys

 
 < MD5 for: IASTORV.SYS  >

[2008.01.21 03:23:23 | 000,235,064 | ---- | M] (Intel Corporation) MD5=54155EA1B0DF185878E0FC9EC3AC3A14 -- C:\Windows\System32\drivers\iaStorV.sys

[2008.01.21 03:23:23 | 000,235,064 | ---- | M] (Intel Corporation) MD5=54155EA1B0DF185878E0FC9EC3AC3A14 -- C:\Windows\System32\DriverStore\FileRepository\iastorv.inf_c9df7691\iaStorV.sys

[2008.01.21 03:23:23 | 000,235,064 | ---- | M] (Intel Corporation) MD5=54155EA1B0DF185878E0FC9EC3AC3A14 -- C:\Windows\winsxs\x86_iastorv.inf_31bf3856ad364e35_6.0.6001.18000_none_af11527887c7fa8f\iaStorV.sys

[2006.11.02 10:51:25 | 000,232,040 | ---- | M] (Intel Corporation) MD5=C957BF4B5D80B46C5017BF0101E6C906 -- C:\Windows\System32\DriverStore\FileRepository\iastorv.inf_37cdafa4\iaStorV.sys

 
 < MD5 for: NETLOGON.DLL  >

[2009.04.11 07:28:23 | 000,592,896 | ---- | M] (Microsoft Corporation) MD5=95DAECF0FB120A7B5DA679CC54E37DDE -- C:\Windows\System32\netlogon.dll

[2009.04.11 07:28:23 | 000,592,896 | ---- | M] (Microsoft Corporation) MD5=95DAECF0FB120A7B5DA679CC54E37DDE -- C:\Windows\winsxs\x86_microsoft-windows-security-netlogon_31bf3856ad364e35_6.0.6002.18005_none_ffa3304f351bb3a3\netlogon.dll

[2008.01.21 03:24:05 | 000,592,384 | ---- | M] (Microsoft Corporation) MD5=A8EFC0B6E75B789F7FD3BA5025D4E37F -- C:\Windows\winsxs\x86_microsoft-windows-security-netlogon_31bf3856ad364e35_6.0.6001.18000_none_fdb7b74337f9e857\netlogon.dll

 
 < MD5 for: NVSTOR.SYS  >

[2006.11.02 10:50:13 | 000,040,040 | ---- | M] (NVIDIA Corporation) MD5=9E0BA19A28C498A6D323D065DB76DFFC -- C:\Windows\System32\DriverStore\FileRepository\nvraid.inf_733654ff\nvstor.sys

[2008.01.21 03:23:21 | 000,045,112 | ---- | M] (NVIDIA Corporation) MD5=ABED0C09758D1D97DB0042DBB2688177 -- C:\Windows\System32\drivers\nvstor.sys

[2008.01.21 03:23:21 | 000,045,112 | ---- | M] (NVIDIA Corporation) MD5=ABED0C09758D1D97DB0042DBB2688177 -- C:\Windows\System32\DriverStore\FileRepository\nvraid.inf_31c3d71d\nvstor.sys

[2008.01.21 03:23:21 | 000,045,112 | ---- | M] (NVIDIA Corporation) MD5=ABED0C09758D1D97DB0042DBB2688177 -- C:\Windows\winsxs\x86_nvraid.inf_31bf3856ad364e35_6.0.6001.18000_none_39dac327befea467\nvstor.sys

 
 < MD5 for: SCECLI.DLL  >

[2008.01.21 03:24:50 | 000,177,152 | ---- | M] (Microsoft Corporation) MD5=28B84EB538F7E8A0FE8B9299D591E0B9 -- C:\Windows\winsxs\x86_microsoft-windows-s..urationengineclient_31bf3856ad364e35_6.0.6001.18000_none_380de25bd91b6f12\scecli.dll

[2009.04.11 07:28:24 | 000,177,152 | ---- | M] (Microsoft Corporation) MD5=8FC182167381E9915651267044105EE1 -- C:\Windows\System32\scecli.dll

[2009.04.11 07:28:24 | 000,177,152 | ---- | M] (Microsoft Corporation) MD5=8FC182167381E9915651267044105EE1 -- C:\Windows\winsxs\x86_microsoft-windows-s..urationengineclient_31bf3856ad364e35_6.0.6002.18005_none_39f95b67d63d3a5e\scecli.dll

 
 < MD5 for: USER32.DLL  >

[2008.01.21 03:24:21 | 000,627,200 | ---- | M] (Microsoft Corporation) MD5=B974D9F06DC7D1908E825DC201681269 -- C:\Windows\winsxs\x86_microsoft-windows-user32_31bf3856ad364e35_6.0.6001.18000_none_cd386c416d5c7f32\user32.dll

[2009.04.11 07:28:25 | 000,627,712 | ---- | M] (Microsoft Corporation) Unable to obtain MD5 -- C:\Windows\System32\user32.dll

[2009.04.11 07:28:25 | 000,627,712 | ---- | M] (Microsoft Corporation) Unable to obtain MD5 -- C:\Windows\winsxs\x86_microsoft-windows-user32_31bf3856ad364e35_6.0.6002.18005_none_cf23e54d6a7e4a7e\user32.dll

 
 < MD5 for: USERINIT.EXE  >

[2008.01.21 03:24:49 | 000,025,088 | ---- | M] (Microsoft Corporation) MD5=0E135526E9785D085BCD9AEDE6FBCBF9 -- C:\Windows\System32\userinit.exe

[2008.01.21 03:24:49 | 000,025,088 | ---- | M] (Microsoft Corporation) MD5=0E135526E9785D085BCD9AEDE6FBCBF9 -- C:\Windows\winsxs\x86_microsoft-windows-userinit_31bf3856ad364e35_6.0.6001.18000_none_dc28ba15d1aff80b\userinit.exe

 
 < MD5 for: WININIT.EXE  >

[2008.01.21 03:23:42 | 000,096,768 | ---- | M] (Microsoft Corporation) MD5=101BA3EA053480BB5D957EF37C06B5ED -- C:\Windows\System32\wininit.exe

[2008.01.21 03:23:42 | 000,096,768 | ---- | M] (Microsoft Corporation) MD5=101BA3EA053480BB5D957EF37C06B5ED -- C:\Windows\winsxs\x86_microsoft-windows-wininit_31bf3856ad364e35_6.0.6001.18000_none_30f2b8cf0450a6a2\wininit.exe

 
 < MD5 for: WINLOGON.EXE  >

[2012.01.13 14:53:20 | 000,182,856 | ---- | M] () MD5=63EEC8A8B221AB79045E776E5F592868 -- C:\Program Files\Malwarebytes' Anti-Malware\Chameleon\winlogon.exe

[2009.04.11 07:28:13 | 000,314,368 | ---- | M] (Microsoft Corporation) MD5=898E7C06A350D4A1A64A9EA264D55452 -- C:\Windows\System32\winlogon.exe

[2009.04.11 07:28:13 | 000,314,368 | ---- | M] (Microsoft Corporation) MD5=898E7C06A350D4A1A64A9EA264D55452 -- C:\Windows\winsxs\x86_microsoft-windows-winlogon_31bf3856ad364e35_6.0.6002.18005_none_71ae7a22d2134741\winlogon.exe

[2008.01.21 03:24:49 | 000,314,880 | ---- | M] (Microsoft Corporation) MD5=C2610B6BDBEFC053BBDAB4F1B965CB24 -- C:\Windows\winsxs\x86_microsoft-windows-winlogon_31bf3856ad364e35_6.0.6001.18000_none_6fc30116d4f17bf5\winlogon.exe

 
 < MD5 for: WS2IFSL.SYS  >

[2008.01.21 03:24:47 | 000,015,872 | ---- | M] (Microsoft Corporation) MD5=E3A3CB253C0EC2494D4A61F5E43A389C -- C:\Windows\System32\drivers\ws2ifsl.sys

[2008.01.21 03:24:47 | 000,015,872 | ---- | M] (Microsoft Corporation) MD5=E3A3CB253C0EC2494D4A61F5E43A389C -- C:\Windows\winsxs\x86_microsoft-windows-w..rastructure-ws2ifsl_31bf3856ad364e35_6.0.6001.18000_none_4f86a0d4c7cda641\ws2ifsl.sys

 
 < %systemroot%\system32\drivers\*.sys /lockedfiles >

 
 < %systemroot%\System32\config\*.sav >

[2008.01.21 04:14:18 | 016,846,848 | ---- | M] () -- C:\Windows\System32\config\COMPONENTS.SAV

[2008.01.21 04:14:08 | 000,106,496 | ---- | M] () -- C:\Windows\System32\config\DEFAULT.SAV

[2008.01.21 04:14:18 | 000,020,480 | ---- | M] () -- C:\Windows\System32\config\SECURITY.SAV

[2006.11.02 11:34:08 | 010,133,504 | ---- | M] () -- C:\Windows\System32\config\SOFTWARE.SAV

[2006.11.02 11:34:08 | 001,826,816 | ---- | M] () -- C:\Windows\System32\config\SYSTEM.SAV

 
 < %systemroot%\*. /mp /s >

 
 < %systemroot%\system32\*.dll /lockedfiles >

[2008.05.04 09:42:16 | 000,372,736 | ---- | M] (Advanced Micro Devices, Inc.) Unable to obtain MD5 -- C:\Windows\system32\ATIDEMGX.dll

[2008.08.05 13:16:20 | 000,055,808 | ---- | M] () Unable to obtain MD5 -- C:\Windows\system32\bcmwlrmt.dll

[2012.03.08 03:03:39 | 000,353,792 | ---- | M] (Microsoft Corporation) Unable to obtain MD5 -- C:\Windows\system32\dxtmsft.dll

[2012.03.08 03:03:39 | 000,223,232 | ---- | M] (Microsoft Corporation) Unable to obtain MD5 -- C:\Windows\system32\dxtrans.dll

 
 <           >
 

< End of report >

--- --- ---

Danke und lieben Gruß

Mach einen OTL-Fix, beende alle evtl. geöffneten Programme, auch Virenscanner deaktivieren (!), starte OTL und kopiere folgenden Text in die "Custom Scan/Fixes" Box (unten in OTL): (das ":OTL" muss mitkopiert werden!!!)

Code:

:OTL

IE - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}

IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/search?q={searchTerms}&FORM=IE8SRC

IE - HKU\.DEFAULT\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}

IE - HKU\.DEFAULT\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://search.live.com/results.aspx?q={searchTerms}&src={referrer:source?}

IE - HKU\S-1-5-18\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}

IE - HKU\S-1-5-18\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://search.live.com/results.aspx?q={searchTerms}&src={referrer:source?}

IE - HKU\S-1-5-21-3495034231-3606071678-3502338459-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = DELL - Offizielle Seite | Dell Österreich

IE - HKU\S-1-5-21-3495034231-3606071678-3502338459-1000\SOFTWARE\Microsoft\Internet Explorer\Main,StartPageCache = 1

IE - HKU\S-1-5-21-3495034231-3606071678-3502338459-1000\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}

IE - HKU\S-1-5-21-3495034231-3606071678-3502338459-1000\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/search?FORM=IEFM1&q={searchTerms}&src={referrer:source?}

FF - prefs.js..browser.search.defaultenginename: "Bing"

FF - prefs.js..browser.search.defaulturl: "http://www.bing.com/search?FORM=IEFM1&q="

FF - prefs.js..browser.search.useDBForOrder: true

FF - prefs.js..browser.startup.homepage: "http://www.google.at/firefox?client=firefox-a&rls=org.mozilla:de:official"

FF - HKLM\Software\MozillaPlugins\@divx.com/DivX Browser Plugin,version=1.0.0: C:\Program Files\DivX\DivX Web Player\npdivx32.dll (DivX,Inc.)

FF - HKLM\Software\MozillaPlugins\@divx.com/DivX Player Plugin,version=1.0.0: C:\Program Files\DivX\DivX Player\npDivxPlayerPlugin.dll (DivX, Inc)

[2010.05.06 10:25:52 | 000,000,000 | ---D | M] (Microsoft .NET Framework Assistant) -- C:\Users\sandra\AppData\Roaming\mozilla\Firefox\Profiles\51uoo4lk.default\extensions\{20a82645-c095-46ed-80e3-08825760534b}

O2 - BHO: (no name) - {602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} - No CLSID value found.

O2 - BHO: (Search Helper) - {6EBF7485-159F-4bff-A14F-B9E3AAC4465B} - C:\Programme\Microsoft\Search Enhancement Pack\Search Helper\SEPsearchhelperie.dll (Microsoft Corporation)

O2 - BHO: (Skype Plug-In) - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Programme\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)

O3 - HKLM\..\Toolbar: (no name) - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - No CLSID value found.

O3 - HKU\S-1-5-21-3495034231-3606071678-3502338459-1000\..\Toolbar\WebBrowser: (no name) - {21FA44EF-376D-4D53-9B0F-8A89D3229068} - No CLSID value found.

O3 - HKU\S-1-5-21-3495034231-3606071678-3502338459-1000\..\Toolbar\WebBrowser: (no name) - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - No CLSID value found.

O4 - HKLM..\Run: [WinampAgent] C:\Program Files\Winamp\winampa.exe ()

O4 - HKU\S-1-5-21-3495034231-3606071678-3502338459-1000..\Run: [MsnMsgr] "C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe" /background File not found

O32 - HKLM CDRom: AutoRun - 1

O32 - AutoRun File - [2006.09.18 22:43:36 | 000,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ]

O33 - MountPoints2\{030e3481-5cb5-11de-9d7a-00217082d29c}\Shell - "" = AutoRun

O33 - MountPoints2\{030e3481-5cb5-11de-9d7a-00217082d29c}\Shell\AutoRun\command - "" = F:\AutoRun.exe

O33 - MountPoints2\{030e3482-5cb5-11de-9d7a-00217082d29c}\Shell - "" = AutoRun

O33 - MountPoints2\{030e3482-5cb5-11de-9d7a-00217082d29c}\Shell\AutoRun\command - "" = F:\AutoRun.exe

O33 - MountPoints2\{8b31ec2c-4077-11e1-91d0-00217082d29c}\Shell - "" = AutoRun

O33 - MountPoints2\{8b31ec2c-4077-11e1-91d0-00217082d29c}\Shell\AutoRun\command - "" = F:\AutoLcd209x.exe

O33 - MountPoints2\{fc50d8ea-b587-11dd-b579-d42f6e3e9e72}\Shell - "" = AutoRun

O33 - MountPoints2\{fc50d8ea-b587-11dd-b579-d42f6e3e9e72}\Shell\AutoRun\command - "" = F:\AutoRun.exe

O33 - MountPoints2\{fc50d8fd-b587-11dd-b579-d42f6e3e9e72}\Shell - "" = AutoRun

O33 - MountPoints2\{fc50d8fd-b587-11dd-b579-d42f6e3e9e72}\Shell\AutoRun\command - "" = F:\AutoRun.exe

O33 - MountPoints2\{fc50d8fe-b587-11dd-b579-d42f6e3e9e72}\Shell - "" = AutoRun

O33 - MountPoints2\{fc50d8fe-b587-11dd-b579-d42f6e3e9e72}\Shell\AutoRun\command - "" = F:\AutoRun.exe

[2011.11.09 23:38:04 | 000,000,000 | ---D | M] -- C:\Users\sandra\AppData\Roaming\Ekloy

[2011.12.16 11:08:09 | 000,000,000 | ---D | M] -- C:\Users\sandra\AppData\Roaming\Ynzied

[2012.03.12 14:12:03 | 000,000,382 | ---- | M] () -- C:\Windows\Tasks\DriverCure.job

[2012.03.14 18:00:00 | 000,000,444 | ---- | M] () -- C:\Windows\Tasks\ParetoLogic Registration.job

[2012.03.14 18:00:00 | 000,000,446 | ---- | M] () -- C:\Windows\Tasks\ParetoLogic Registration3.job

[2012.03.13 08:40:43 | 000,000,418 | ---- | M] () -- C:\Windows\Tasks\ParetoLogic Update Version2.job

:Commands

[emptytemp]

[resethosts]

Klick dann oben links auf den Button Fix!
Das Logfile müsste geöffnet werden, wenn Du nach dem Fixen auf ok klickst, poste das bitte. Evtl. wird der Rechner neu gestartet.

Die mit diesem Script gefixten Einträge, Dateien und Ordner werden zur Sicherheit nicht vollständig gelöscht, es wird eine Sicherheitskopie auf der Systempartition im Ordner "_OTL" erstellt.

Hinweis: Das obige Script ist nur für diesen einen User in dieser Situtation erstellt worden. Es ist auf keinen anderen Rechner portierbar und darf nicht anderweitig verwandt werden, da es das System nachhaltig schädigen kann!

ebenfalls durchgeführt!

Code:

All processes killed

========== OTL ==========

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\\DefaultScope| /E : value set successfully!

Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}\ not found.

Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}\ not found.

HKEY_USERS\.DEFAULT\Software\Microsoft\Internet Explorer\SearchScopes\\DefaultScope| /E : value set successfully!

Registry key HKEY_USERS\.DEFAULT\Software\Microsoft\Internet Explorer\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}\ not found.

Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}\ not found.

HKEY_USERS\S-1-5-18\Software\Microsoft\Internet Explorer\SearchScopes\\DefaultScope| /E : value set successfully!

Registry key HKEY_USERS\S-1-5-18\Software\Microsoft\Internet Explorer\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}\ not found.

Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}\ not found.

HKU\S-1-5-21-3495034231-3606071678-3502338459-1000\SOFTWARE\Microsoft\Internet Explorer\Main\\Default_Page_URL| /E : value set successfully!

HKU\S-1-5-21-3495034231-3606071678-3502338459-1000\SOFTWARE\Microsoft\Internet Explorer\Main\\StartPageCache| /E : value set successfully!

HKEY_USERS\S-1-5-21-3495034231-3606071678-3502338459-1000\Software\Microsoft\Internet Explorer\SearchScopes\\DefaultScope| /E : value set successfully!

Registry key HKEY_USERS\S-1-5-21-3495034231-3606071678-3502338459-1000\Software\Microsoft\Internet Explorer\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}\ not found.

Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}\ not found.

Prefs.js: "Bing" removed from browser.search.defaultenginename

Prefs.js: "hxxp://www.bing.com/search?FORM=IEFM1&q=" removed from browser.search.defaulturl

Prefs.js: true removed from browser.search.useDBForOrder

Prefs.js: "hxxp://www.google.at/firefox?client=firefox-a&rls=org.mozilla:de:official" removed from browser.startup.homepage

Registry key HKEY_LOCAL_MACHINE\Software\MozillaPlugins\@divx.com/DivX Browser Plugin,version=1.0.0\ not found.

File C:\Program Files\DivX\DivX Web Player\npdivx32.dll not found.

Registry key HKEY_LOCAL_MACHINE\Software\MozillaPlugins\@divx.com/DivX Player Plugin,version=1.0.0\ not found.

File C:\Program Files\DivX\DivX Player\npDivxPlayerPlugin.dll not found.

Folder C:\Users\sandra\AppData\Roaming\mozilla\Firefox\Profiles\51uoo4lk.default\extensions\{20a82645-c095-46ed-80e3-08825760534b}\ not found.

Registry key HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{602ADB0E-4AFF-4217-8AA1-95DAC4DFA408}\ not found.

Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{602ADB0E-4AFF-4217-8AA1-95DAC4DFA408}\ not found.

Registry key HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{6EBF7485-159F-4bff-A14F-B9E3AAC4465B}\ not found.

Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{6EBF7485-159F-4bff-A14F-B9E3AAC4465B}\ not found.

File C:\Programme\Microsoft\Search Enhancement Pack\Search Helper\SEPsearchhelperie.dll not found.

Registry key HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{AE805869-2E5C-4ED4-8F7B-F1F7851A4497}\ not found.

Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{AE805869-2E5C-4ED4-8F7B-F1F7851A4497}\ not found.

File C:\Programme\Skype\Toolbars\Internet Explorer\skypeieplugin.dll not found.

Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Toolbar\\{7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} not found.

Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA}\ not found.

Registry value HKEY_USERS\S-1-5-21-3495034231-3606071678-3502338459-1000\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\\{21FA44EF-376D-4D53-9B0F-8A89D3229068} not found.

Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{21FA44EF-376D-4D53-9B0F-8A89D3229068}\ not found.

Registry value HKEY_USERS\S-1-5-21-3495034231-3606071678-3502338459-1000\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\\{BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} not found.

Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0}\ not found.

Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run\\WinampAgent not found.

File C:\Program Files\Winamp\winampa.exe not found.

Registry value HKEY_USERS\S-1-5-21-3495034231-3606071678-3502338459-1000\Software\Microsoft\Windows\CurrentVersion\Run\\MsnMsgr not found.

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Cdrom\\AutoRun|DWORD:1 /E : value set successfully!

File C:\autoexec.bat not found.

Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{030e3481-5cb5-11de-9d7a-00217082d29c}\ not found.

Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{030e3481-5cb5-11de-9d7a-00217082d29c}\ not found.

Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{030e3481-5cb5-11de-9d7a-00217082d29c}\ not found.

Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{030e3481-5cb5-11de-9d7a-00217082d29c}\ not found.

File F:\AutoRun.exe not found.

Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{030e3482-5cb5-11de-9d7a-00217082d29c}\ not found.

Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{030e3482-5cb5-11de-9d7a-00217082d29c}\ not found.

Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{030e3482-5cb5-11de-9d7a-00217082d29c}\ not found.

Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{030e3482-5cb5-11de-9d7a-00217082d29c}\ not found.

File F:\AutoRun.exe not found.

Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{8b31ec2c-4077-11e1-91d0-00217082d29c}\ not found.

Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{8b31ec2c-4077-11e1-91d0-00217082d29c}\ not found.

Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{8b31ec2c-4077-11e1-91d0-00217082d29c}\ not found.

Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{8b31ec2c-4077-11e1-91d0-00217082d29c}\ not found.

File F:\AutoLcd209x.exe not found.

Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{fc50d8ea-b587-11dd-b579-d42f6e3e9e72}\ not found.

Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{fc50d8ea-b587-11dd-b579-d42f6e3e9e72}\ not found.

Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{fc50d8ea-b587-11dd-b579-d42f6e3e9e72}\ not found.

Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{fc50d8ea-b587-11dd-b579-d42f6e3e9e72}\ not found.

File F:\AutoRun.exe not found.

Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{fc50d8fd-b587-11dd-b579-d42f6e3e9e72}\ not found.

Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{fc50d8fd-b587-11dd-b579-d42f6e3e9e72}\ not found.

Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{fc50d8fd-b587-11dd-b579-d42f6e3e9e72}\ not found.

Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{fc50d8fd-b587-11dd-b579-d42f6e3e9e72}\ not found.

File F:\AutoRun.exe not found.

Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{fc50d8fe-b587-11dd-b579-d42f6e3e9e72}\ not found.

Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{fc50d8fe-b587-11dd-b579-d42f6e3e9e72}\ not found.

Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{fc50d8fe-b587-11dd-b579-d42f6e3e9e72}\ not found.

Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{fc50d8fe-b587-11dd-b579-d42f6e3e9e72}\ not found.

File F:\AutoRun.exe not found.

Folder C:\Users\sandra\AppData\Roaming\Ekloy\ not found.

Folder C:\Users\sandra\AppData\Roaming\Ynzied\ not found.

File C:\Windows\Tasks\DriverCure.job not found.

File C:\Windows\Tasks\ParetoLogic Registration.job not found.

File C:\Windows\Tasks\ParetoLogic Registration3.job not found.

File C:\Windows\Tasks\ParetoLogic Update Version2.job not found.

========== COMMANDS ==========

 

[EMPTYTEMP]

 

User: All Users

 

User: Default

->Temp folder emptied: 0 bytes

->Temporary Internet Files folder emptied: 0 bytes

 

User: Default User

->Temp folder emptied: 0 bytes

->Temporary Internet Files folder emptied: 0 bytes

 

User: Gast

->Temp folder emptied: 0 bytes

->Temporary Internet Files folder emptied: 0 bytes

->Java cache emptied: 0 bytes

 

User: Public

 

User: sandra

->Temp folder emptied: 31832 bytes

->Temporary Internet Files folder emptied: 472134314 bytes

->Java cache emptied: 61078956 bytes

->FireFox cache emptied: 46736191 bytes

->Apple Safari cache emptied: 730112 bytes

->Flash cache emptied: 134878 bytes

 

%systemdrive% .tmp files removed: 0 bytes

%systemroot% .tmp files removed: 0 bytes

%systemroot%\System32 .tmp files removed: 0 bytes

%systemroot%\System32\drivers .tmp files removed: 0 bytes

Windows Temp folder emptied: 2075727797 bytes

RecycleBin emptied: 9604654353 bytes

 

Total Files Cleaned = 11.693,00 mb

 

C:\Windows\System32\drivers\etc\Hosts moved successfully.

HOSTS file reset successfully

 

OTL by OldTimer - Version 3.2.37.0 log created on 03162012_094849
 

Files\Folders moved on Reboot...
 

Registry entries deleted on Reboot...

Danke für die Mühe

Bitte nun (im normalen Windows-Modus) dieses Tool von Kaspersky (TDSS-Killer) ausführen und das Log posten => http://www.trojaner-board.de/82358-t...entfernen.html

Hinweis: Bitte den Virenscanner abstellen bevor du den TDSS-Killer ausführst, denn v.a. Avira meldet im TDSS-Tool oft einen Fehalalrm!

Das Tool so einstellen wie unten im Bild angegeben - klick auf change parameters und setze die Haken wie im folgenden Screenshot abgebildet,
Dann auf Start Scan klicken und wenn es durch ist auf den Button Report klicken um das Log anzuzeigen. Dieses bitte komplett posten.
Wenn du das Log nicht findest oder den Inhalt kopieren und in dein Posting übertragen kannst, dann schau bitte direkt auf deiner Windows-Systempartition (meistens Laufwerk C:) nach, da speichert der TDSS-Killer seine Logs.

Hinweis: Bitte nichts voreilig mit dem TDSS-Killer löschen! Falls Objekte vom TDSS-Killer bemängelt werden, alle mit der Aktion "skip" behandeln und hier nur das Log posten!

http://saved.im/mtkwmtcxexhp/setting...8_16-25-18.jpg

ich glaube das sieht ganz gut aus oder?

Code:

08:50:54.0427 3056        TDSS rootkit removing tool 2.7.20.0 Mar  9 2012 17:10:43

08:50:54.0694 3056        ============================================================

08:50:54.0694 3056        Current date / time: 2012/03/18 08:50:54.0694

08:50:54.0694 3056        SystemInfo:

08:50:54.0694 3056        

08:50:54.0695 3056        OS Version: 6.0.6002 ServicePack: 2.0

08:50:54.0695 3056        Product type: Workstation

08:50:54.0695 3056        ComputerName: DELL

08:50:54.0695 3056        UserName: sandra

08:50:54.0695 3056        Windows directory: C:\Windows

08:50:54.0695 3056        System windows directory: C:\Windows

08:50:54.0695 3056        Processor architecture: Intel x86

08:50:54.0695 3056        Number of processors: 2

08:50:54.0695 3056        Page size: 0x1000

08:50:54.0695 3056        Boot type: Normal boot

08:50:54.0695 3056        ============================================================

08:50:55.0421 3056        Drive \Device\Harddisk0\DR0 - Size: 0x25433D6000 (149.05 Gb), SectorSize: 0x200, Cylinders: 0x4C01, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000050

08:50:55.0425 3056        \Device\Harddisk0\DR0:

08:50:55.0425 3056        MBR used

08:50:55.0425 3056        \Device\Harddisk0\DR0\Partition0: MBR, Type 0x7, StartLBA 0x47000, BlocksNum 0x1400000

08:50:55.0425 3056        \Device\Harddisk0\DR0\Partition1: MBR, Type 0x7, StartLBA 0x1447000, BlocksNum 0x115D2000

08:50:55.0538 3056        Initialize success

08:50:55.0538 3056        ============================================================

08:51:45.0609 1604        ============================================================

08:51:45.0609 1604        Scan started

08:51:45.0609 1604        Mode: Manual; SigCheck; TDLFS; 

08:51:45.0609 1604        ============================================================

08:51:49.0311 1604        ACPI            (82b296ae1892fe3dbee00c9cf92f8ac7) C:\Windows\system32\drivers\acpi.sys

08:51:49.0496 1604        ACPI - ok

08:51:49.0644 1604        adp94xx         (04f0fcac69c7c71a3ac4eb97fafc8303) C:\Windows\system32\drivers\adp94xx.sys

08:51:49.0693 1604        adp94xx - ok

08:51:49.0783 1604        adpahci         (60505e0041f7751bdbb80f88bf45c2ce) C:\Windows\system32\drivers\adpahci.sys

08:51:49.0811 1604        adpahci - ok

08:51:49.0874 1604        adpu160m        (8a42779b02aec986eab64ecfc98f8bd7) C:\Windows\system32\drivers\adpu160m.sys

08:51:49.0895 1604        adpu160m - ok

08:51:49.0929 1604        adpu320         (241c9e37f8ce45ef51c3de27515ca4e5) C:\Windows\system32\drivers\adpu320.sys

08:51:49.0951 1604        adpu320 - ok

08:51:50.0115 1604        AFD             (3911b972b55fea0478476b2e777b29fa) C:\Windows\system32\drivers\afd.sys

08:51:50.0199 1604        AFD - ok

08:51:50.0323 1604        agp440          (13f9e33747e6b41a3ff305c37db0d360) C:\Windows\system32\drivers\agp440.sys

08:51:50.0341 1604        agp440 - ok

08:51:50.0377 1604        aic78xx         (ae1fdf7bf7bb6c6a70f67699d880592a) C:\Windows\system32\drivers\djsvs.sys

08:51:50.0398 1604        aic78xx - ok

08:51:50.0436 1604        aliide          (9eaef5fc9b8e351afa7e78a6fae91f91) C:\Windows\system32\drivers\aliide.sys

08:51:50.0452 1604        aliide - ok

08:51:50.0488 1604        amdagp          (c47344bc706e5f0b9dce369516661578) C:\Windows\system32\drivers\amdagp.sys

08:51:50.0506 1604        amdagp - ok

08:51:50.0546 1604        amdide          (9b78a39a4c173fdbc1321e0dd659b34c) C:\Windows\system32\drivers\amdide.sys

08:51:50.0563 1604        amdide - ok

08:51:50.0617 1604        AmdK7           (18f29b49ad23ecee3d2a826c725c8d48) C:\Windows\system32\drivers\amdk7.sys

08:51:50.0688 1604        AmdK7 - ok

08:51:50.0723 1604        AmdK8           (93ae7f7dd54ab986a6f1a1b37be7442d) C:\Windows\system32\drivers\amdk8.sys

08:51:50.0793 1604        AmdK8 - ok

08:51:50.0867 1604        ApfiltrService  (1de27858a431a5749e0f3df54ba935b9) C:\Windows\system32\DRIVERS\Apfiltr.sys

08:51:50.0920 1604        ApfiltrService - ok

08:51:51.0035 1604        arc             (5d2888182fb46632511acee92fdad522) C:\Windows\system32\drivers\arc.sys

08:51:51.0055 1604        arc - ok

08:51:51.0125 1604        arcsas          (5e2a321bd7c8b3624e41fdec3e244945) C:\Windows\system32\drivers\arcsas.sys

08:51:51.0145 1604        arcsas - ok

08:51:51.0219 1604        AsyncMac        (53b202abee6455406254444303e87be1) C:\Windows\system32\DRIVERS\asyncmac.sys

08:51:51.0296 1604        AsyncMac - ok

08:51:51.0352 1604        atapi           (0d83c87a801a3dfcd1bf73893fe7518c) C:\Windows\system32\drivers\atapi.sys

08:51:51.0370 1604        atapi - ok

08:51:51.0576 1604        atikmdag        (be4d8fdc6b2598c46b2b5e6e4fbaafc5) C:\Windows\system32\DRIVERS\atikmdag.sys

08:51:51.0865 1604        atikmdag - ok

08:51:52.0020 1604        avgntflt        (7713e4eb0276702faa08e52a6e23f2a6) C:\Windows\system32\DRIVERS\avgntflt.sys

08:51:52.0039 1604        avgntflt - ok

08:51:52.0068 1604        avipbb          (13b02b9b969dde270cd7c351203dad3c) C:\Windows\system32\DRIVERS\avipbb.sys

08:51:52.0087 1604        avipbb - ok

08:51:52.0144 1604        avkmgr          (271cfd1a989209b1964e24d969552bf7) C:\Windows\system32\DRIVERS\avkmgr.sys

08:51:52.0159 1604        avkmgr - ok

08:51:52.0257 1604        BCM42RLY        (7bd70aeed0d975285a1b20bd012ebf4e) C:\Windows\system32\drivers\BCM42RLY.sys

08:51:52.0271 1604        BCM42RLY - ok

08:51:52.0402 1604        BCM43XX         (fa6707a346cd122407f3b0bad1c47639) C:\Windows\system32\DRIVERS\bcmwl6.sys

08:51:52.0565 1604        BCM43XX - ok

08:51:52.0682 1604        Beep            (67e506b75bd5326a3ec7b70bd014dfb6) C:\Windows\system32\drivers\Beep.sys

08:51:52.0751 1604        Beep - ok

08:51:52.0840 1604        blbdrive        (d4df28447741fd3d953526e33a617397) C:\Windows\system32\drivers\blbdrive.sys

08:51:52.0901 1604        blbdrive - ok

08:51:53.0026 1604        bowser          (35f376253f687bde63976ccb3f2108ca) C:\Windows\system32\DRIVERS\bowser.sys

08:51:53.0078 1604        bowser - ok

08:51:53.0153 1604        BrFiltLo        (9f9acc7f7ccde8a15c282d3f88b43309) C:\Windows\system32\drivers\brfiltlo.sys

08:51:53.0211 1604        BrFiltLo - ok

08:51:53.0245 1604        BrFiltUp        (56801ad62213a41f6497f96dee83755a) C:\Windows\system32\drivers\brfiltup.sys

08:51:53.0308 1604        BrFiltUp - ok

08:51:53.0347 1604        Brserid         (b304e75cff293029eddf094246747113) C:\Windows\system32\drivers\brserid.sys

08:51:53.0445 1604        Brserid - ok

08:51:53.0477 1604        BrSerWdm        (203f0b1e73adadbbb7b7b1fabd901f6b) C:\Windows\system32\drivers\brserwdm.sys

08:51:53.0584 1604        BrSerWdm - ok

08:51:53.0616 1604        BrUsbMdm        (bd456606156ba17e60a04e18016ae54b) C:\Windows\system32\drivers\brusbmdm.sys

08:51:53.0714 1604        BrUsbMdm - ok

08:51:53.0750 1604        BrUsbSer        (af72ed54503f717a43268b3cc5faec2e) C:\Windows\system32\drivers\brusbser.sys

08:51:53.0842 1604        BrUsbSer - ok

08:51:53.0875 1604        BTHMODEM        (ad07c1ec6665b8b35741ab91200c6b68) C:\Windows\system32\drivers\bthmodem.sys

08:51:53.0966 1604        BTHMODEM - ok

08:51:54.0005 1604        cdfs            (7add03e75beb9e6dd102c3081d29840a) C:\Windows\system32\DRIVERS\cdfs.sys

08:51:54.0074 1604        cdfs - ok

08:51:54.0131 1604        cdrom           (6b4bffb9becd728097024276430db314) C:\Windows\system32\DRIVERS\cdrom.sys

08:51:54.0166 1604        cdrom - ok

08:51:54.0193 1604        circlass        (e5d4133f37219dbcfe102bc61072589d) C:\Windows\system32\DRIVERS\circlass.sys

08:51:54.0254 1604        circlass - ok

08:51:54.0299 1604        CLFS            (d7659d3b5b92c31e84e53c1431f35132) C:\Windows\system32\CLFS.sys

08:51:54.0327 1604        CLFS - ok

08:51:54.0387 1604        CmBatt          (99afc3795b58cc478fbbbcdc658fcb56) C:\Windows\system32\DRIVERS\CmBatt.sys

08:51:54.0450 1604        CmBatt - ok

08:51:54.0481 1604        cmdide          (0ca25e686a4928484e9fdabd168ab629) C:\Windows\system32\drivers\cmdide.sys

08:51:54.0498 1604        cmdide - ok

08:51:54.0512 1604        Compbatt        (6afef0b60fa25de07c0968983ee4f60a) C:\Windows\system32\DRIVERS\compbatt.sys

08:51:54.0530 1604        Compbatt - ok

08:51:54.0548 1604        crcdisk         (741e9dff4f42d2d8477d0fc1dc0df871) C:\Windows\system32\drivers\crcdisk.sys

08:51:54.0566 1604        crcdisk - ok

08:51:54.0593 1604        Crusoe          (1f07becdca750766a96cda811ba86410) C:\Windows\system32\drivers\crusoe.sys

08:51:54.0636 1604        Crusoe - ok

08:51:54.0723 1604        DfsC            (622c41a07ca7e6dd91770f50d532cb6c) C:\Windows\system32\Drivers\dfsc.sys

08:51:54.0774 1604        DfsC - ok

08:51:54.0869 1604        disk            (5d4aefc3386920236a548271f8f1af6a) C:\Windows\system32\drivers\disk.sys

08:51:54.0890 1604        disk - ok

08:51:54.0950 1604        drmkaud         (97fef831ab90bee128c9af390e243f80) C:\Windows\system32\drivers\drmkaud.sys

08:51:55.0006 1604        drmkaud - ok

08:51:55.0083 1604        DXGKrnl         (c68ac676b0ef30cfbb1080adce49eb1f) C:\Windows\System32\drivers\dxgkrnl.sys

08:51:55.0137 1604        DXGKrnl - ok

08:51:55.0180 1604        e1express       (908ed85b7806e8af3af5e9b74f7809d4) C:\Windows\system32\DRIVERS\e1e6032.sys

08:51:55.0228 1604        e1express - ok

08:51:55.0268 1604        E1G60           (5425f74ac0c1dbd96a1e04f17d63f94c) C:\Windows\system32\DRIVERS\E1G60I32.sys

08:51:55.0341 1604        E1G60 - ok

08:51:55.0408 1604        Ecache          (7f64ea048dcfac7acf8b4d7b4e6fe371) C:\Windows\system32\drivers\ecache.sys

08:51:55.0432 1604        Ecache - ok

08:51:55.0491 1604        elxstor         (23b62471681a124889978f6295b3f4c6) C:\Windows\system32\drivers\elxstor.sys

08:51:55.0525 1604        elxstor - ok

08:51:55.0562 1604        ErrDev          (3db974f3935483555d7148663f726c61) C:\Windows\system32\drivers\errdev.sys

08:51:55.0631 1604        ErrDev - ok

08:51:55.0711 1604        exfat           (22b408651f9123527bcee54b4f6c5cae) C:\Windows\system32\drivers\exfat.sys

08:51:55.0737 1604        exfat - ok

08:51:55.0770 1604        fastfat         (1e9b9a70d332103c52995e957dc09ef8) C:\Windows\system32\drivers\fastfat.sys

08:51:55.0834 1604        fastfat - ok

08:51:55.0870 1604        fdc             (afe1e8b9782a0dd7fb46bbd88e43f89a) C:\Windows\system32\DRIVERS\fdc.sys

08:51:55.0932 1604        fdc - ok

08:51:55.0975 1604        FileInfo        (a8c0139a884861e3aae9cfe73b208a9f) C:\Windows\system32\drivers\fileinfo.sys

08:51:55.0993 1604        FileInfo - ok

08:51:56.0021 1604        Filetrace       (0ae429a696aecbc5970e3cf2c62635ae) C:\Windows\system32\drivers\filetrace.sys

08:51:56.0085 1604        Filetrace - ok

08:51:56.0126 1604        flpydisk        (85b7cf99d532820495d68d747fda9ebd) C:\Windows\system32\DRIVERS\flpydisk.sys

08:51:56.0190 1604        flpydisk - ok

08:51:56.0247 1604        FltMgr          (01334f9ea68e6877c4ef05d3ea8abb05) C:\Windows\system32\drivers\fltmgr.sys

08:51:56.0272 1604        FltMgr - ok

08:51:56.0329 1604        Fs_Rec          (65ea8b77b5851854f0c55c43fa51a198) C:\Windows\system32\drivers\Fs_Rec.sys

08:51:56.0382 1604        Fs_Rec - ok

08:51:56.0416 1604        gagp30kx        (34582a6e6573d54a07ece5fe24a126b5) C:\Windows\system32\drivers\gagp30kx.sys

08:51:56.0435 1604        gagp30kx - ok

08:51:56.0461 1604        GEARAspiWDM     (8182ff89c65e4d38b2de4bb0fb18564e) C:\Windows\system32\DRIVERS\GEARAspiWDM.sys

08:51:56.0475 1604        GEARAspiWDM - ok

08:51:56.0559 1604        HdAudAddService (3f90e001369a07243763bd5a523d8722) C:\Windows\system32\drivers\HdAudio.sys

08:51:56.0612 1604        HdAudAddService - ok

08:51:56.0670 1604        HDAudBus        (062452b7ffd68c8c042a6261fe8dff4a) C:\Windows\system32\DRIVERS\HDAudBus.sys

08:51:56.0776 1604        HDAudBus - ok

08:51:56.0825 1604        HidBth          (1338520e78d90154ed6be8f84de5fceb) C:\Windows\system32\drivers\hidbth.sys

08:51:56.0921 1604        HidBth - ok

08:51:56.0967 1604        HidIr           (d8df3722d5e961baa1292aa2f12827e2) C:\Windows\system32\DRIVERS\hidir.sys

08:51:56.0999 1604        HidIr - ok

08:51:57.0053 1604        HidUsb          (cca4b519b17e23a00b826c55716809cc) C:\Windows\system32\DRIVERS\hidusb.sys

08:51:57.0106 1604        HidUsb - ok

08:51:57.0144 1604        HpCISSs         (16ee7b23a009e00d835cdb79574a91a6) C:\Windows\system32\drivers\hpcisss.sys

08:51:57.0163 1604        HpCISSs - ok

08:51:57.0237 1604        HTTP            (f870aa3e254628ebeafe754108d664de) C:\Windows\system32\drivers\HTTP.sys

08:51:57.0316 1604        HTTP - ok

08:51:57.0384 1604        hwdatacard      (19e6885a061011d8dabe8f64498423fa) C:\Windows\system32\DRIVERS\ewusbmdm.sys

08:51:57.0448 1604        hwdatacard - ok

08:51:57.0468 1604        i2omp           (c6b032d69650985468160fc9937cf5b4) C:\Windows\system32\drivers\i2omp.sys

08:51:57.0486 1604        i2omp - ok

08:51:57.0542 1604        i8042prt        (22d56c8184586b7a1f6fa60be5f5a2bd) C:\Windows\system32\DRIVERS\i8042prt.sys

08:51:57.0602 1604        i8042prt - ok

08:51:57.0681 1604        iaStor          (2358c53f30cb9dcd1d3843c4e2f299b2) C:\Windows\system32\drivers\iastor.sys

08:51:57.0701 1604        iaStor - ok

08:51:57.0734 1604        iaStorV         (54155ea1b0df185878e0fc9ec3ac3a14) C:\Windows\system32\drivers\iastorv.sys

08:51:57.0759 1604        iaStorV - ok

08:51:57.0783 1604        iirsp           (2d077bf86e843f901d8db709c95b49a5) C:\Windows\system32\drivers\iirsp.sys

08:51:57.0800 1604        iirsp - ok

08:51:57.0856 1604        intelide        (83aa759f3189e6370c30de5dc5590718) C:\Windows\system32\drivers\intelide.sys

08:51:57.0874 1604        intelide - ok

08:51:57.0903 1604        intelppm        (224191001e78c89dfa78924c3ea595ff) C:\Windows\system32\DRIVERS\intelppm.sys

08:51:57.0967 1604        intelppm - ok

08:51:58.0007 1604        IpFilterDriver  (62c265c38769b864cb25b4bcf62df6c3) C:\Windows\system32\DRIVERS\ipfltdrv.sys

08:51:58.0069 1604        IpFilterDriver - ok

08:51:58.0085 1604        IpInIp - ok

08:51:58.0118 1604        IPMIDRV         (b25aaf203552b7b3491139d582b39ad1) C:\Windows\system32\drivers\ipmidrv.sys

08:51:58.0184 1604        IPMIDRV - ok

08:51:58.0214 1604        IPNAT           (8793643a67b42cec66490b2a0cf92d68) C:\Windows\system32\DRIVERS\ipnat.sys

08:51:58.0282 1604        IPNAT - ok

08:51:58.0352 1604        IRENUM          (109c0dfb82c3632fbd11949b73aeeac9) C:\Windows\system32\drivers\irenum.sys

08:51:58.0416 1604        IRENUM - ok

08:51:58.0459 1604        isapnp          (6c70698a3e5c4376c6ab5c7c17fb0614) C:\Windows\system32\drivers\isapnp.sys

08:51:58.0477 1604        isapnp - ok

08:51:58.0517 1604        iScsiPrt        (232fa340531d940aac623b121a595034) C:\Windows\system32\DRIVERS\msiscsi.sys

08:51:58.0539 1604        iScsiPrt - ok

08:51:58.0602 1604        iteatapi        (bced60d16156e428f8df8cf27b0df150) C:\Windows\system32\drivers\iteatapi.sys

08:51:58.0619 1604        iteatapi - ok

08:51:58.0753 1604        itecir          (8bcd857c7932ad005d5f9c89329da2e1) C:\Windows\system32\DRIVERS\itecir.sys

08:51:58.0772 1604        itecir - ok

08:51:58.0807 1604        iteraid         (06fa654504a498c30adca8bec4e87e7e) C:\Windows\system32\drivers\iteraid.sys

08:51:58.0824 1604        iteraid - ok

08:51:58.0874 1604        k57nd60x        (a67e8cfcad7d4f8b35643d6c79ba64c3) C:\Windows\system32\DRIVERS\k57nd60x.sys

08:51:58.0926 1604        k57nd60x - ok

08:51:58.0963 1604        kbdclass        (37605e0a8cf00cbba538e753e4344c6e) C:\Windows\system32\DRIVERS\kbdclass.sys

08:51:58.0980 1604        kbdclass - ok

08:51:59.0012 1604        kbdhid          (ede59ec70e25c24581add1fbec7325f7) C:\Windows\system32\DRIVERS\kbdhid.sys

08:51:59.0044 1604        kbdhid - ok

08:51:59.0106 1604        KSecDD          (2b2f1638466e8cb091400c9019cc730e) C:\Windows\system32\Drivers\ksecdd.sys

08:51:59.0156 1604        KSecDD - ok

08:51:59.0213 1604        lltdio          (d1c5883087a0c3f1344d9d55a44901f6) C:\Windows\system32\DRIVERS\lltdio.sys

08:51:59.0279 1604        lltdio - ok

08:51:59.0319 1604        LSI_FC          (c7e15e82879bf3235b559563d4185365) C:\Windows\system32\drivers\lsi_fc.sys

08:51:59.0339 1604        LSI_FC - ok

08:51:59.0359 1604        LSI_SAS         (ee01ebae8c9bf0fa072e0ff68718920a) C:\Windows\system32\drivers\lsi_sas.sys

08:51:59.0379 1604        LSI_SAS - ok

08:51:59.0423 1604        LSI_SCSI        (912a04696e9ca30146a62afa1463dd5c) C:\Windows\system32\drivers\lsi_scsi.sys

08:51:59.0443 1604        LSI_SCSI - ok

08:51:59.0466 1604        luafv           (8f5c7426567798e62a3b3614965d62cc) C:\Windows\system32\drivers\luafv.sys

08:51:59.0532 1604        luafv - ok

08:51:59.0591 1604        MBAMProtector   (b7ca8cc3f978201856b6ab82f40953c3) C:\Windows\system32\drivers\mbam.sys

08:51:59.0604 1604        MBAMProtector - ok

08:51:59.0637 1604        megasas         (0001ce609d66632fa17b84705f658879) C:\Windows\system32\drivers\megasas.sys

08:51:59.0655 1604        megasas - ok

08:51:59.0695 1604        MegaSR          (c252f32cd9a49dbfc25ecf26ebd51a99) C:\Windows\system32\drivers\megasr.sys

08:51:59.0730 1604        MegaSR - ok

08:51:59.0862 1604        Modem           (e13b5ea0f51ba5b1512ec671393d09ba) C:\Windows\system32\drivers\modem.sys

08:51:59.0929 1604        Modem - ok

08:51:59.0955 1604        monitor         (0a9bb33b56e294f686abb7c1e4e2d8a8) C:\Windows\system32\DRIVERS\monitor.sys

08:52:00.0048 1604        monitor - ok

08:52:00.0084 1604        mouclass        (5bf6a1326a335c5298477754a506d263) C:\Windows\system32\DRIVERS\mouclass.sys

08:52:00.0101 1604        mouclass - ok

08:52:00.0124 1604        mouhid          (93b8d4869e12cfbe663915502900876f) C:\Windows\system32\DRIVERS\mouhid.sys

08:52:00.0166 1604        mouhid - ok

08:52:00.0185 1604        MountMgr        (bdafc88aa6b92f7842416ea6a48e1600) C:\Windows\system32\drivers\mountmgr.sys

08:52:00.0204 1604        MountMgr - ok

08:52:00.0252 1604        mpio            (511d011289755dd9f9a7579fb0b064e6) C:\Windows\system32\drivers\mpio.sys

08:52:00.0278 1604        mpio - ok

08:52:00.0307 1604        mpsdrv          (22241feba9b2defa669c8cb0a8dd7d2e) C:\Windows\system32\drivers\mpsdrv.sys

08:52:00.0362 1604        mpsdrv - ok

08:52:00.0400 1604        Mraid35x        (4fbbb70d30fd20ec51f80061703b001e) C:\Windows\system32\drivers\mraid35x.sys

08:52:00.0418 1604        Mraid35x - ok

08:52:00.0460 1604        MRxDAV          (82cea0395524aacfeb58ba1448e8325c) C:\Windows\system32\drivers\mrxdav.sys

08:52:00.0506 1604        MRxDAV - ok

08:52:00.0561 1604        mrxsmb          (1e94971c4b446ab2290deb71d01cf0c2) C:\Windows\system32\DRIVERS\mrxsmb.sys

08:52:00.0585 1604        mrxsmb - ok

08:52:00.0642 1604        mrxsmb10        (4fccb34d793b116423209c0f8b7a3b03) C:\Windows\system32\DRIVERS\mrxsmb10.sys

08:52:00.0691 1604        mrxsmb10 - ok

08:52:00.0708 1604        mrxsmb20        (c3cb1b40ad4a0124d617a1199b0b9d7c) C:\Windows\system32\DRIVERS\mrxsmb20.sys

08:52:00.0742 1604        mrxsmb20 - ok

08:52:00.0788 1604        msahci          (f70590424eefbf5c27a40c67afdb8383) C:\Windows\system32\drivers\msahci.sys

08:52:00.0840 1604        msahci - ok

08:52:00.0876 1604        msdsm           (4468b0f385a86ecddaf8d3ca662ec0e7) C:\Windows\system32\drivers\msdsm.sys

08:52:00.0896 1604        msdsm - ok

08:52:00.0927 1604        Msfs            (a9927f4a46b816c92f461acb90cf8515) C:\Windows\system32\drivers\Msfs.sys

08:52:00.0991 1604        Msfs - ok

08:52:01.0034 1604        msisadrv        (0f400e306f385c56317357d6dea56f62) C:\Windows\system32\drivers\msisadrv.sys

08:52:01.0052 1604        msisadrv - ok

08:52:01.0093 1604        MSKSSRV         (d8c63d34d9c9e56c059e24ec7185cc07) C:\Windows\system32\drivers\MSKSSRV.sys

08:52:01.0157 1604        MSKSSRV - ok

08:52:01.0200 1604        MSPCLOCK        (1d373c90d62ddb641d50e55b9e78d65e) C:\Windows\system32\drivers\MSPCLOCK.sys

08:52:01.0268 1604        MSPCLOCK - ok

08:52:01.0301 1604        MSPQM           (b572da05bf4e098d4bba3a4734fb505b) C:\Windows\system32\drivers\MSPQM.sys

08:52:01.0375 1604        MSPQM - ok

08:52:01.0432 1604        MsRPC           (b49456d70555de905c311bcda6ec6adb) C:\Windows\system32\drivers\MsRPC.sys

08:52:01.0457 1604        MsRPC - ok

08:52:01.0484 1604        mssmbios        (e384487cb84be41d09711c30ca79646c) C:\Windows\system32\DRIVERS\mssmbios.sys

08:52:01.0500 1604        mssmbios - ok

08:52:01.0522 1604        MSTEE           (7199c1eec1e4993caf96b8c0a26bd58a) C:\Windows\system32\drivers\MSTEE.sys

08:52:01.0585 1604        MSTEE - ok

08:52:01.0621 1604        Mup             (6a57b5733d4cb702c8ea4542e836b96c) C:\Windows\system32\Drivers\mup.sys

08:52:01.0641 1604        Mup - ok

08:52:01.0696 1604        NativeWifiP     (85c44fdff9cf7e72a40dcb7ec06a4416) C:\Windows\system32\DRIVERS\nwifi.sys

08:52:01.0724 1604        NativeWifiP - ok

08:52:01.0818 1604        NDIS            (1357274d1883f68300aeadd15d7bbb42) C:\Windows\system32\drivers\ndis.sys

08:52:01.0854 1604        NDIS - ok

08:52:01.0894 1604        NdisTapi        (0e186e90404980569fb449ba7519ae61) C:\Windows\system32\DRIVERS\ndistapi.sys

08:52:01.0954 1604        NdisTapi - ok

08:52:02.0031 1604        Ndisuio         (d6973aa34c4d5d76c0430b181c3cd389) C:\Windows\system32\DRIVERS\ndisuio.sys

08:52:02.0073 1604        Ndisuio - ok

08:52:02.0119 1604        NdisWan         (818f648618ae34f729fdb47ec68345c3) C:\Windows\system32\DRIVERS\ndiswan.sys

08:52:02.0184 1604        NdisWan - ok

08:52:02.0219 1604        NDProxy         (71dab552b41936358f3b541ae5997fb3) C:\Windows\system32\drivers\NDProxy.sys

08:52:02.0281 1604        NDProxy - ok

08:52:02.0320 1604        NetBIOS         (bcd093a5a6777cf626434568dc7dba78) C:\Windows\system32\DRIVERS\netbios.sys

08:52:02.0384 1604        NetBIOS - ok

08:52:02.0439 1604        netbt           (ecd64230a59cbd93c85f1cd1cab9f3f6) C:\Windows\system32\DRIVERS\netbt.sys

08:52:02.0476 1604        netbt - ok

08:52:02.0512 1604        nfrd960         (2e7fb731d4790a1bc6270accefacb36e) C:\Windows\system32\drivers\nfrd960.sys

08:52:02.0530 1604        nfrd960 - ok

08:52:02.0562 1604        Npfs            (d36f239d7cce1931598e8fb90a0dbc26) C:\Windows\system32\drivers\Npfs.sys

08:52:02.0596 1604        Npfs - ok

08:52:02.0628 1604        nsiproxy        (609773e344a97410ce4ebf74a8914fcf) C:\Windows\system32\drivers\nsiproxy.sys

08:52:02.0698 1604        nsiproxy - ok

08:52:02.0780 1604        Ntfs            (6a4a98cee84cf9e99564510dda4baa47) C:\Windows\system32\drivers\Ntfs.sys

08:52:02.0934 1604        Ntfs - ok

08:52:02.0961 1604        ntrigdigi       (e875c093aec0c978a90f30c9e0dfbb72) C:\Windows\system32\drivers\ntrigdigi.sys

08:52:03.0032 1604        ntrigdigi - ok

08:52:03.0067 1604        Null            (c5dbbcda07d780bda9b685df333bb41e) C:\Windows\system32\drivers\Null.sys

08:52:03.0133 1604        Null - ok

08:52:03.0166 1604        nvraid          (2edf9e7751554b42cbb60116de727101) C:\Windows\system32\drivers\nvraid.sys

08:52:03.0187 1604        nvraid - ok

08:52:03.0215 1604        nvstor          (abed0c09758d1d97db0042dbb2688177) C:\Windows\system32\drivers\nvstor.sys

08:52:03.0233 1604        nvstor - ok

08:52:03.0255 1604        nv_agp          (18bbdf913916b71bd54575bdb6eeac0b) C:\Windows\system32\drivers\nv_agp.sys

08:52:03.0276 1604        nv_agp - ok

08:52:03.0289 1604        NwlnkFlt - ok

08:52:03.0306 1604        NwlnkFwd - ok

08:52:03.0346 1604        ohci1394        (6f310e890d46e246e0e261a63d9b36b4) C:\Windows\system32\DRIVERS\ohci1394.sys

08:52:03.0402 1604        ohci1394 - ok

08:52:03.0492 1604        Parport         (0fa9b5055484649d63c303fe404e5f4d) C:\Windows\system32\drivers\parport.sys

08:52:03.0587 1604        Parport - ok

08:52:03.0638 1604        partmgr         (57389fa59a36d96b3eb09d0cb91e9cdc) C:\Windows\system32\drivers\partmgr.sys

08:52:03.0658 1604        partmgr - ok

08:52:03.0682 1604        Parvdm          (4f9a6a8a31413180d0fcb279ad5d8112) C:\Windows\system32\drivers\parvdm.sys

08:52:03.0778 1604        Parvdm - ok

08:52:03.0833 1604        pci             (941dc1d19e7e8620f40bbc206981efdb) C:\Windows\system32\drivers\pci.sys

08:52:03.0855 1604        pci - ok

08:52:03.0882 1604        pciide          (fc175f5ddab666d7f4d17449a547626f) C:\Windows\system32\drivers\pciide.sys

08:52:03.0900 1604        pciide - ok

08:52:03.0932 1604        pcmcia          (e6f3fb1b86aa519e7698ad05e58b04e5) C:\Windows\system32\drivers\pcmcia.sys

08:52:03.0955 1604        pcmcia - ok

08:52:04.0003 1604        PEAUTH          (6349f6ed9c623b44b52ea3c63c831a92) C:\Windows\system32\drivers\peauth.sys

08:52:04.0166 1604        PEAUTH - ok

08:52:04.0238 1604        PptpMiniport    (ecfffaec0c1ecd8dbc77f39070ea1db1) C:\Windows\system32\DRIVERS\raspptp.sys

08:52:04.0300 1604        PptpMiniport - ok

08:52:04.0332 1604        Processor       (2027293619dd0f047c584cf2e7df4ffd) C:\Windows\system32\drivers\processr.sys

08:52:04.0403 1604        Processor - ok

08:52:04.0443 1604        PSched          (99514faa8df93d34b5589187db3aa0ba) C:\Windows\system32\DRIVERS\pacer.sys

08:52:04.0503 1604        PSched - ok

08:52:04.0548 1604        PxHelp20        (03e0fe281823ba64b3782f5b38950e73) C:\Windows\system32\Drivers\PxHelp20.sys

08:52:04.0564 1604        PxHelp20 - ok

08:52:04.0625 1604        ql2300          (0a6db55afb7820c99aa1f3a1d270f4f6) C:\Windows\system32\drivers\ql2300.sys

08:52:04.0724 1604        ql2300 - ok

08:52:04.0754 1604        ql40xx          (81a7e5c076e59995d54bc1ed3a16e60b) C:\Windows\system32\drivers\ql40xx.sys

08:52:04.0774 1604        ql40xx - ok

08:52:04.0845 1604        QWAVEdrv        (9f5e0e1926014d17486901c88eca2db7) C:\Windows\system32\drivers\qwavedrv.sys

08:52:04.0884 1604        QWAVEdrv - ok

08:52:05.0025 1604        R300            (be4d8fdc6b2598c46b2b5e6e4fbaafc5) C:\Windows\system32\DRIVERS\atikmdag.sys

08:52:05.0191 1604        R300 - ok

08:52:05.0221 1604        RasAcd          (147d7f9c556d259924351feb0de606c3) C:\Windows\system32\DRIVERS\rasacd.sys

08:52:05.0261 1604        RasAcd - ok

08:52:05.0291 1604        Rasl2tp         (a214adbaf4cb47dd2728859ef31f26b0) C:\Windows\system32\DRIVERS\rasl2tp.sys

08:52:05.0362 1604        Rasl2tp - ok

08:52:05.0420 1604        RasPppoe        (509a98dd18af4375e1fc40bc175f1def) C:\Windows\system32\DRIVERS\raspppoe.sys

08:52:05.0472 1604        RasPppoe - ok

08:52:05.0512 1604        RasSstp         (2005f4a1e05fa09389ac85840f0a9e4d) C:\Windows\system32\DRIVERS\rassstp.sys

08:52:05.0536 1604        RasSstp - ok

08:52:05.0569 1604        rdbss           (b14c9d5b9add2f84f70570bbbfaa7935) C:\Windows\system32\DRIVERS\rdbss.sys

08:52:05.0608 1604        rdbss - ok

08:52:05.0642 1604        RDPCDD          (89e59be9a564262a3fb6c4f4f1cd9899) C:\Windows\system32\DRIVERS\RDPCDD.sys

08:52:05.0683 1604        RDPCDD - ok

08:52:05.0718 1604        rdpdr           (fbc0bacd9c3d7f6956853f64a66e252d) C:\Windows\system32\drivers\rdpdr.sys

08:52:05.0767 1604        rdpdr - ok

08:52:05.0811 1604        RDPENCDD        (9d91fe5286f748862ecffa05f8a0710c) C:\Windows\system32\drivers\rdpencdd.sys

08:52:05.0853 1604        RDPENCDD - ok

08:52:05.0915 1604        RDPWD           (79c6df8477250f5c54f7c5ae1d6b814e) C:\Windows\system32\drivers\RDPWD.sys

08:52:05.0979 1604        RDPWD - ok

08:52:06.0022 1604        rimmptsk        (c2ef513bbe069f0d4ee0938a76f975d3) C:\Windows\system32\DRIVERS\rimmptsk.sys

08:52:06.0067 1604        rimmptsk - ok

08:52:06.0101 1604        rimsptsk        (c398bca91216755b098679a8da8a2300) C:\Windows\system32\DRIVERS\rimsptsk.sys

08:52:06.0149 1604        rimsptsk - ok

08:52:06.0184 1604        rismxdp         (2a2554cb24506e0a0508fc395c4a1b42) C:\Windows\system32\DRIVERS\rixdptsk.sys

08:52:06.0222 1604        rismxdp - ok

08:52:06.0274 1604        rspndr          (9c508f4074a39e8b4b31d27198146fad) C:\Windows\system32\DRIVERS\rspndr.sys

08:52:06.0316 1604        rspndr - ok

08:52:06.0342 1604        sbp2port        (3ce8f073a557e172b330109436984e30) C:\Windows\system32\drivers\sbp2port.sys

08:52:06.0361 1604        sbp2port - ok

08:52:06.0403 1604        sdbus           (8f36b54688c31eed4580129040c6a3d3) C:\Windows\system32\DRIVERS\sdbus.sys

08:52:06.0465 1604        sdbus - ok

08:52:06.0517 1604        secdrv          (90a3935d05b494a5a39d37e71f09a677) C:\Windows\system32\drivers\secdrv.sys

08:52:06.0590 1604        secdrv - ok

08:52:06.0621 1604        Serenum         (68e44e331d46f0fb38f0863a84cd1a31) C:\Windows\system32\drivers\serenum.sys

08:52:06.0694 1604        Serenum - ok

08:52:06.0722 1604        Serial          (c70d69a918b178d3c3b06339b40c2e1b) C:\Windows\system32\drivers\serial.sys

08:52:06.0820 1604        Serial - ok

08:52:06.0835 1604        sermouse        (8af3d28a879bf75db53a0ee7a4289624) C:\Windows\system32\drivers\sermouse.sys

08:52:06.0878 1604        sermouse - ok

08:52:06.0934 1604        sffdisk         (3efa810bdca87f6ecc24f9832243fe86) C:\Windows\system32\DRIVERS\sffdisk.sys

08:52:06.0967 1604        sffdisk - ok

08:52:06.0990 1604        sffp_mmc        (e95d451f7ea3e583aec75f3b3ee42dc5) C:\Windows\system32\drivers\sffp_mmc.sys

08:52:07.0031 1604        sffp_mmc - ok

08:52:07.0062 1604        sffp_sd         (9f66a46c55d6f1ccabc79bb7afccc545) C:\Windows\system32\DRIVERS\sffp_sd.sys

08:52:07.0096 1604        sffp_sd - ok

08:52:07.0121 1604        sfloppy         (46ed8e91793b2e6f848015445a0ac188) C:\Windows\system32\drivers\sfloppy.sys

08:52:07.0238 1604        sfloppy - ok

08:52:07.0284 1604        sisagp          (1d76624a09a054f682d746b924e2dbc3) C:\Windows\system32\drivers\sisagp.sys

08:52:07.0302 1604        sisagp - ok

08:52:07.0324 1604        SiSRaid2        (43cb7aa756c7db280d01da9b676cfde2) C:\Windows\system32\drivers\sisraid2.sys

08:52:07.0342 1604        SiSRaid2 - ok

08:52:07.0370 1604        SiSRaid4        (a99c6c8b0baa970d8aa59ddc50b57f94) C:\Windows\system32\drivers\sisraid4.sys

08:52:07.0389 1604        SiSRaid4 - ok

08:52:07.0438 1604        Smb             (7b75299a4d201d6a6533603d6914ab04) C:\Windows\system32\DRIVERS\smb.sys

08:52:07.0473 1604        Smb - ok

08:52:07.0635 1604        SNP2UVC         (e1f5f9fbf8a2cfed174e4ec38a358b93) C:\Windows\system32\DRIVERS\snp2uvc.sys

08:52:08.0127 1604        SNP2UVC - ok

08:52:08.0227 1604        spldr           (7aebdeef071fe28b0eef2cdd69102bff) C:\Windows\system32\drivers\spldr.sys

08:52:08.0244 1604        spldr - ok

08:52:08.0344 1604        srv             (41987f9fc0e61adf54f581e15029ad91) C:\Windows\system32\DRIVERS\srv.sys

08:52:08.0466 1604        srv - ok

08:52:08.0517 1604        srv2            (ff33aff99564b1aa534f58868cbe41ef) C:\Windows\system32\DRIVERS\srv2.sys

08:52:08.0596 1604        srv2 - ok

08:52:08.0634 1604        srvnet          (7605c0e1d01a08f3ecd743f38b834a44) C:\Windows\system32\DRIVERS\srvnet.sys

08:52:08.0677 1604        srvnet - ok

08:52:08.0734 1604        ssmdrv          (a36ee93698802cd899f98bfd553d8185) C:\Windows\system32\DRIVERS\ssmdrv.sys

08:52:08.0750 1604        ssmdrv - ok

08:52:08.0815 1604        STHDA           (d4ae2486c4290054b8d6f1adc4bad7fd) C:\Windows\system32\DRIVERS\stwrt.sys

08:52:08.0895 1604        STHDA - ok

08:52:08.0968 1604        swenum          (7ba58ecf0c0a9a69d44b3dca62becf56) C:\Windows\system32\DRIVERS\swenum.sys

08:52:08.0985 1604        swenum - ok

08:52:09.0008 1604        Symc8xx         (192aa3ac01df071b541094f251deed10) C:\Windows\system32\drivers\symc8xx.sys

08:52:09.0025 1604        Symc8xx - ok

08:52:09.0045 1604        SymIM - ok

08:52:09.0063 1604        SymIMMP - ok

08:52:09.0096 1604        Sym_hi          (8c8eb8c76736ebaf3b13b633b2e64125) C:\Windows\system32\drivers\sym_hi.sys

08:52:09.0113 1604        Sym_hi - ok

08:52:09.0139 1604        Sym_u3          (8072af52b5fd103bbba387a1e49f62cb) C:\Windows\system32\drivers\sym_u3.sys

08:52:09.0156 1604        Sym_u3 - ok

08:52:09.0241 1604        Tcpip           (814a1c66fbd4e1b310a517221f1456bf) C:\Windows\system32\drivers\tcpip.sys

08:52:09.0332 1604        Tcpip - ok

08:52:09.0381 1604        Tcpip6          (814a1c66fbd4e1b310a517221f1456bf) C:\Windows\system32\DRIVERS\tcpip.sys

08:52:09.0455 1604        Tcpip6 - ok

08:52:09.0497 1604        tcpipreg        (608c345a255d82a6289c2d468eb41fd7) C:\Windows\system32\drivers\tcpipreg.sys

08:52:09.0528 1604        tcpipreg - ok

08:52:09.0559 1604        TDPIPE          (5dcf5e267be67a1ae926f2df77fbcc56) C:\Windows\system32\drivers\tdpipe.sys

08:52:09.0641 1604        TDPIPE - ok

08:52:09.0676 1604        TDTCP           (389c63e32b3cefed425b61ed92d3f021) C:\Windows\system32\drivers\tdtcp.sys

08:52:09.0717 1604        TDTCP - ok

08:52:09.0754 1604        tdx             (76b06eb8a01fc8624d699e7045303e54) C:\Windows\system32\DRIVERS\tdx.sys

08:52:09.0813 1604        tdx - ok

08:52:09.0872 1604        TermDD          (3cad38910468eab9a6479e2f01db43c7) C:\Windows\system32\DRIVERS\termdd.sys

08:52:09.0892 1604        TermDD - ok

08:52:09.0959 1604        tssecsrv        (dcf0f056a2e4f52287264f5ab29cf206) C:\Windows\system32\DRIVERS\tssecsrv.sys

08:52:10.0025 1604        tssecsrv - ok

08:52:10.0066 1604        tunmp           (caecc0120ac49e3d2f758b9169872d38) C:\Windows\system32\DRIVERS\tunmp.sys

08:52:10.0088 1604        tunmp - ok

08:52:10.0110 1604        tunnel          (300db877ac094feab0be7688c3454a9c) C:\Windows\system32\DRIVERS\tunnel.sys

08:52:10.0132 1604        tunnel - ok

08:52:10.0163 1604        uagp35          (7d33c4db2ce363c8518d2dfcf533941f) C:\Windows\system32\drivers\uagp35.sys

08:52:10.0182 1604        uagp35 - ok

08:52:10.0232 1604        udfs            (d9728af68c4c7693cb100b8441cbdec6) C:\Windows\system32\DRIVERS\udfs.sys

08:52:10.0271 1604        udfs - ok

08:52:10.0313 1604        uliagpkx        (b0acfdc9e4af279e9116c03e014b2b27) C:\Windows\system32\drivers\uliagpkx.sys

08:52:10.0332 1604        uliagpkx - ok

08:52:10.0359 1604        uliahci         (9224bb254f591de4ca8d572a5f0d635c) C:\Windows\system32\drivers\uliahci.sys

08:52:10.0384 1604        uliahci - ok

08:52:10.0410 1604        UlSata          (8514d0e5cd0534467c5fc61be94a569f) C:\Windows\system32\drivers\ulsata.sys

08:52:10.0430 1604        UlSata - ok

08:52:10.0462 1604        ulsata2         (38c3c6e62b157a6bc46594fada45c62b) C:\Windows\system32\drivers\ulsata2.sys

08:52:10.0482 1604        ulsata2 - ok

08:52:10.0512 1604        umbus           (32cff9f809ae9aed85464492bf3e32d2) C:\Windows\system32\DRIVERS\umbus.sys

08:52:10.0574 1604        umbus - ok

08:52:10.0649 1604        USBAAPL         (83cafcb53201bbac04d822f32438e244) C:\Windows\system32\Drivers\usbaapl.sys

08:52:10.0729 1604        USBAAPL - ok

08:52:10.0780 1604        usbaudio        (32db9517628ff0d070682aab61e688f0) C:\Windows\system32\drivers\usbaudio.sys

08:52:10.0836 1604        usbaudio - ok

08:52:10.0877 1604        usbccgp         (caf811ae4c147ffcd5b51750c7f09142) C:\Windows\system32\DRIVERS\usbccgp.sys

08:52:10.0941 1604        usbccgp - ok

08:52:10.0978 1604        usbcir          (e9476e6c486e76bc4898074768fb7131) C:\Windows\system32\drivers\usbcir.sys

08:52:11.0077 1604        usbcir - ok

08:52:11.0124 1604        usbehci         (79e96c23a97ce7b8f14d310da2db0c9b) C:\Windows\system32\DRIVERS\usbehci.sys

08:52:11.0181 1604        usbehci - ok

08:52:11.0225 1604        usbhub          (4673bbcb006af60e7abddbe7a130ba42) C:\Windows\system32\DRIVERS\usbhub.sys

08:52:11.0264 1604        usbhub - ok

08:52:11.0285 1604        usbohci         (38dbc7dd6cc5a72011f187425384388b) C:\Windows\system32\drivers\usbohci.sys

08:52:11.0376 1604        usbohci - ok

08:52:11.0413 1604        usbprint        (e75c4b5269091d15a2e7dc0b6d35f2f5) C:\Windows\system32\DRIVERS\usbprint.sys

08:52:11.0456 1604        usbprint - ok

08:52:11.0479 1604        usbscan         (a508c9bd8724980512136b039bba65e9) C:\Windows\system32\DRIVERS\usbscan.sys

08:52:11.0513 1604        usbscan - ok

08:52:11.0542 1604        USBSTOR         (be3da31c191bc222d9ad503c5224f2ad) C:\Windows\system32\DRIVERS\USBSTOR.SYS

08:52:11.0603 1604        USBSTOR - ok

08:52:11.0647 1604        usbuhci         (814d653efc4d48be3b04a307eceff56f) C:\Windows\system32\DRIVERS\usbuhci.sys

08:52:11.0708 1604        usbuhci - ok

08:52:11.0818 1604        usbvideo        (e67998e8f14cb0627a769f6530bcb352) C:\Windows\system32\Drivers\usbvideo.sys

08:52:11.0864 1604        usbvideo - ok

08:52:11.0911 1604        vga             (87b06e1f30b749a114f74622d013f8d4) C:\Windows\system32\DRIVERS\vgapnp.sys

08:52:11.0954 1604        vga - ok

08:52:11.0976 1604        VgaSave         (2e93ac0a1d8c79d019db6c51f036636c) C:\Windows\System32\drivers\vga.sys

08:52:12.0017 1604        VgaSave - ok

08:52:12.0043 1604        viaagp          (5d7159def58a800d5781ba3a879627bc) C:\Windows\system32\drivers\viaagp.sys

08:52:12.0061 1604        viaagp - ok

08:52:12.0089 1604        ViaC7           (c4f3a691b5bad343e6249bd8c2d45dee) C:\Windows\system32\drivers\viac7.sys

08:52:12.0131 1604        ViaC7 - ok

08:52:12.0157 1604        viaide          (aadf5587a4063f52c2c3fed7887426fc) C:\Windows\system32\drivers\viaide.sys

08:52:12.0174 1604        viaide - ok

08:52:12.0207 1604        volmgr          (69503668ac66c77c6cd7af86fbdf8c43) C:\Windows\system32\drivers\volmgr.sys

08:52:12.0226 1604        volmgr - ok

08:52:12.0277 1604        volmgrx         (23e41b834759917bfd6b9a0d625d0c28) C:\Windows\system32\drivers\volmgrx.sys

08:52:12.0307 1604        volmgrx - ok

08:52:12.0332 1604        volsnap         (147281c01fcb1df9252de2a10d5e7093) C:\Windows\system32\drivers\volsnap.sys

08:52:12.0359 1604        volsnap - ok

08:52:12.0386 1604        vsmraid         (587253e09325e6bf226b299774b728a9) C:\Windows\system32\drivers\vsmraid.sys

08:52:12.0407 1604        vsmraid - ok

08:52:12.0457 1604        VSTHWBS2        (c466021d31ff6c0a6069d12299d80c0b) C:\Windows\system32\DRIVERS\VSTBS23.SYS

08:52:12.0507 1604        VSTHWBS2 - ok

08:52:12.0561 1604        VST_DPV         (ec36f1d542ed4252390d446bf6d4dfd0) C:\Windows\system32\DRIVERS\VSTDPV3.SYS

08:52:12.0692 1604        VST_DPV - ok

08:52:12.0736 1604        WacomPen        (48dfee8f1af7c8235d4e626f0c4fe031) C:\Windows\system32\drivers\wacompen.sys

08:52:12.0830 1604        WacomPen - ok

08:52:12.0871 1604        Wanarp          (55201897378cca7af8b5efd874374a26) C:\Windows\system32\DRIVERS\wanarp.sys

08:52:12.0904 1604        Wanarp - ok

08:52:12.0925 1604        Wanarpv6        (55201897378cca7af8b5efd874374a26) C:\Windows\system32\DRIVERS\wanarp.sys

08:52:12.0959 1604        Wanarpv6 - ok

08:52:12.0990 1604        Wd              (78fe9542363f297b18c027b2d7e7c07f) C:\Windows\system32\drivers\wd.sys

08:52:13.0007 1604        Wd - ok

08:52:13.0047 1604        Wdf01000        (b6f0a7ad6d4bd325fbcd8bac96cd8d96) C:\Windows\system32\drivers\Wdf01000.sys

08:52:13.0123 1604        Wdf01000 - ok

08:52:13.0199 1604        winachsf        (5c7bdcf5864db00323fe2d90fa26a8a2) C:\Windows\system32\DRIVERS\VSTCNXT3.SYS

08:52:13.0351 1604        winachsf - ok

08:52:13.0419 1604        WmiAcpi         (2e7255d172df0b8283cdfb7b433b864e) C:\Windows\system32\DRIVERS\wmiacpi.sys

08:52:13.0476 1604        WmiAcpi - ok

08:52:13.0552 1604        WpdUsb          (0cec23084b51b8288099eb710224e955) C:\Windows\system32\DRIVERS\wpdusb.sys

08:52:13.0586 1604        WpdUsb - ok

08:52:13.0608 1604        ws2ifsl         (e3a3cb253c0ec2494d4a61f5e43a389c) C:\Windows\system32\drivers\ws2ifsl.sys

08:52:13.0676 1604        ws2ifsl - ok

08:52:13.0723 1604        WUDFRd          (ac13cb789d93412106b0fb6c7eb2bcb6) C:\Windows\system32\DRIVERS\WUDFRd.sys

08:52:13.0785 1604        WUDFRd - ok

08:52:13.0883 1604        MBR (0x1B8)     (5c616939100b85e558da92b899a0fc36) \Device\Harddisk0\DR0

08:52:14.0137 1604        \Device\Harddisk0\DR0 - ok

08:52:14.0165 1604        Boot (0x1200)   (5f2548caf5385e5d72cdafef5cc65882) \Device\Harddisk0\DR0\Partition0

08:52:14.0167 1604        \Device\Harddisk0\DR0\Partition0 - ok

08:52:14.0172 1604        Boot (0x1200)   (bd8ff35c2199316ec646e709629401c6) \Device\Harddisk0\DR0\Partition1

08:52:14.0174 1604        \Device\Harddisk0\DR0\Partition1 - ok

08:52:14.0178 1604        ============================================================

08:52:14.0178 1604        Scan finished

08:52:14.0178 1604        ============================================================

08:52:14.0193 4204        Detected object count: 0

08:52:14.0193 4204        Actual detected object count: 0

Liebe Grüße

Du solltest die Logs in CODE-Tags posten!!

Dann bitte jetzt CF ausführen:

ComboFix

Ein Leitfaden und Tutorium zur Nutzung von ComboFix

Lade dir ComboFix hier herunter auf deinen Desktop.

Schliesse alle Programme, vor allem dein Antivirenprogramm und andere Hintergrundwächter sowie deinen Internetbrowser.

Starte combofix.exe von deinem Desktop aus, bestätige die Warnmeldungen, führe die Updates durch (falls vorgeschlagen), installiere die Wiederherstellungskonsole (falls vorgeschlagen) und lass dein System durchsuchen.
Vermeide es auch während Combofix läuft die Maus und Tastatur zu benutzen.

Im Anschluss öffnet sich automatisch eine combofix.txt, diesen Inhalt bitte kopieren ([Strg]a, [Strg]c) und in deinen Beitrag einfügen ([Strg]v). Die Datei findest du außerdem unter: C:\ComboFix.txt.

Wichtiger Hinweis:

Combofix darf ausschließlich ausgeführt werden, wenn ein Kompetenzler dies ausdrücklich empfohlen hat!

Es sollte nie auf eigene Initiative hin ausgeführt werden! Eine falsche Benutzung kann ernsthafte Computerprobleme nach sich ziehen und eine Bereinigung der Infektion noch erschweren.

Solltest du nach der Ausführung von Combofix Probleme beim Starten von Anwendungen haben und Meldungen erhalten wie

Zitat:

Es wurde versucht, einen Registrierungsschlüssel einem ungültigen Vorgang zu unterziehen, der zum Löschen markiert wurde.

startest du Windows dann manuell neu und die Fehlermeldungen sollten nicht mehr auftauchen.

Zitat:

Du solltest die Logs in CODE-Tags posten!!

sorry aber ich habe leider keinen plan wie das funktioniert....

Bitte alles nach Möglichkeit hier in CODE-Tags posten.

Wird so gemacht:

[code] hier steht das Log [/code]

Und das ganze sieht dann so aus:

Code:

hier steht das Log

so habe jetzt Combofix ausgeführt:
[code]^Combofix Logfile:

Code:

ComboFix 12-03-29.02 - sandra 29.03.2012  15:22:34.1.2 - x86

Microsoft® Windows Vista™ Home Premium   6.0.6002.2.1252.43.1031.18.2045.983 [GMT 2:00]

ausgeführt von:: c:\users\sandra\Desktop\ComboFix.exe

AV: Avira Desktop *Disabled/Outdated* {F67B4DE5-C0B4-6C3F-0EFF-6C83BD5D0C2C}

SP: Avira Desktop *Disabled/Outdated* {4D1AAC01-E68E-63B1-344F-57F1C6DA4691}

SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}

.

.

((((((((((((((((((((((((((((((((((((   Weitere Löschungen   ))))))))))))))))))))))))))))))))))))))))))))))))

.

.

c:\programdata\Dell

c:\programdata\Dell\DellDock\error_log.txt

c:\programdata\Dell\DellDock\uninstaller.exe

c:\programdata\Dell\DSL\DSLCheck.exe

.

---- Vorheriger Suchlauf -------

.

c:\programdata\Dell\DellDock\AddlDefaultShortcuts\bob internet installieren.lnk.xml

c:\programdata\Dell\DellDock\AddlDefaultShortcuts\bob internet.lnk.xml

c:\programdata\Dell\DellDock\AddlDefaultShortcuts\DivX Player.lnk.xml

c:\programdata\Dell\DellDock\AddlDefaultShortcuts\Mein 3DataManager.lnk.xml

c:\programdata\Dell\DellDock\AddlDefaultShortcuts\QuickTime Player.lnk.xml

c:\programdata\Dell\DellDock\AddlDefaultShortcuts\Winamp.lnk.xml

c:\programdata\Dell\DellDock\BaseCategories.xml

c:\programdata\Dell\DellDock\BaseDesktopExclusions.xml

c:\programdata\Dell\DellDock\BaseSettings.xml

c:\programdata\Dell\DellDock\Default.lang.xml

c:\programdata\Dell\DellDock\images\aol_icon.jpg

c:\programdata\Dell\DellDock\images\datasafe_32x32.jpg

c:\programdata\Dell\DellDock\images\DellSupportCenter_icon.jpg

c:\programdata\Dell\DellDock\images\earthlink_icon.png

c:\programdata\Dell\DellDock\images\ebay_32x32.png

c:\programdata\Dell\DellDock\images\GDS_32x32.png

c:\programdata\Dell\DellDock\images\globe-32x32.png

c:\programdata\Dell\DellDock\images\McAfee_32x32.JPG

c:\programdata\Dell\DellDock\images\netzero_icon.png

c:\programdata\Dell\DellDock\images\norton_32x32.PNG

c:\programdata\Dell\DellDock\images\pccilin_32x32.png

c:\programdata\Dell\DellDock\images\wt.PNG

c:\programdata\Dell\DellDock\Shortcuts\emailchat-outlookmail.xml

c:\programdata\Dell\DellDock\Shortcuts\emailchat-sightspeed.xml

c:\programdata\Dell\DellDock\Shortcuts\emailchat-winmail.xml

c:\programdata\Dell\DellDock\Shortcuts\helpsupport-datasafe.xml

c:\programdata\Dell\DellDock\Shortcuts\helpsupport-datasafepctransfer.xml

c:\programdata\Dell\DellDock\Shortcuts\helpsupport-DellCustomize.xml

c:\programdata\Dell\DellDock\Shortcuts\helpsupport-DellNetworkAssistant.xml

c:\programdata\Dell\DellDock\Shortcuts\helpsupport-dellsportcenter.xml

c:\programdata\Dell\DellDock\Shortcuts\helpsupport-hybrid.xml

c:\programdata\Dell\DellDock\Shortcuts\helpsupport-nortonsave.xml

c:\programdata\Dell\DellDock\Shortcuts\helpsupport-ownermanual.xml

c:\programdata\Dell\DellDock\Shortcuts\helpsupport-pctuneup1.xml

c:\programdata\Dell\DellDock\Shortcuts\helpsupport-systemvideo.xml

c:\programdata\Dell\DellDock\Shortcuts\helpsupport-uninstaller.xml

c:\programdata\Dell\DellDock\Shortcuts\helpsupport-vistahelp.xml

c:\programdata\Dell\DellDock\Shortcuts\helpsupport-vistapctransfer.xml

c:\programdata\Dell\DellDock\Shortcuts\internet-aol.xml

c:\programdata\Dell\DellDock\Shortcuts\internet-bestofweb.xml

c:\programdata\Dell\DellDock\Shortcuts\internet-betterto.xml

c:\programdata\Dell\DellDock\Shortcuts\internet-bt.xml

c:\programdata\Dell\DellDock\Shortcuts\internet-DellMobileBroadband.xml

c:\programdata\Dell\DellDock\Shortcuts\internet-earthlink.xml

c:\programdata\Dell\DellDock\Shortcuts\internet-internetexplorer.xml

c:\programdata\Dell\DellDock\Shortcuts\internet-livewriter.xml

c:\programdata\Dell\DellDock\Shortcuts\internet-netzero.xml

c:\programdata\Dell\DellDock\Shortcuts\internet-tiscali.xml

c:\programdata\Dell\DellDock\Shortcuts\internet-vistaparentalcontrol.xml

c:\programdata\Dell\DellDock\Shortcuts\music-adobesoundbooth.xml

c:\programdata\Dell\DellDock\Shortcuts\music-vistamediaplayer.xml

c:\programdata\Dell\DellDock\Shortcuts\office-msexcel.xml

c:\programdata\Dell\DellDock\Shortcuts\office-mspowerpoint.xml

c:\programdata\Dell\DellDock\Shortcuts\office-msword.xml

c:\programdata\Dell\DellDock\Shortcuts\office-worksspreadsheet.xml

c:\programdata\Dell\DellDock\Shortcuts\office-worksword.xml

c:\programdata\Dell\DellDock\Shortcuts\photos-adobephotoshop.xml

c:\programdata\Dell\DellDock\Shortcuts\photos-livephoto.xml

c:\programdata\Dell\DellDock\Shortcuts\photos-vistaphotogallery.xml

c:\programdata\Dell\DellDock\Shortcuts\photos-webcamm08.xml

c:\programdata\Dell\DellDock\Shortcuts\photos-webcamm09.xml

c:\programdata\Dell\DellDock\Shortcuts\security-facialrecognition.xml

c:\programdata\Dell\DellDock\Shortcuts\security-fingerprint.xml

c:\programdata\Dell\DellDock\Shortcuts\security-fingerprintm08.xml

c:\programdata\Dell\DellDock\Shortcuts\security-mcafee.xml

c:\programdata\Dell\DellDock\Shortcuts\security-norton2008.xml

c:\programdata\Dell\DellDock\Shortcuts\security-trend16.xml

c:\programdata\Dell\DellDock\Shortcuts\security-trendmicro.xml

c:\programdata\Dell\DellDock\Shortcuts\security-vistaparentalcontrol.xml

c:\programdata\Dell\DellDock\Shortcuts\videos-adobepremiere.xml

c:\programdata\Dell\DellDock\Shortcuts\videos-roxio10.xml

c:\programdata\Dell\DellDock\Shortcuts\videos-sightspeed.xml

c:\programdata\Dell\DellDock\Shortcuts\videos-vistamediaplayer.xml

c:\programdata\Dell\DellDock\Shortcuts\videos-vistamoviemaker.xml

c:\programdata\Dell\DellDock\Shortcuts\videos-webcamm08.xml

c:\programdata\Dell\DellDock\Shortcuts\videos-webcamm09.xml

c:\programdata\Dell\DellDock\Shortcuts\videos-windowsmediacenter.xml

c:\programdata\Dell\DellDock\uninstaller.exe

c:\programdata\Dell\DellDock\uninstaller.xml

c:\programdata\Dell\DSCUpdates\dsc_2_2_08267.msp

c:\programdata\Dell\DSCUpdates\patch.log

c:\programdata\Dell\DSL\DSLCheck.exe

c:\programdata\Dell\HWDiags\PCDsysinfo.xml

c:\programdata\Dell\RMC\DataSafeDashBoard.xml

c:\users\Gast\AppData\Roaming\Dell

c:\users\sandra\AppData\Roaming\Adobe\plugs

c:\users\sandra\AppData\Roaming\Adobe\shed

c:\users\sandra\AppData\Roaming\Dell

c:\users\sandra\AppData\Roaming\Dell\DellDock\DockContents.xml

c:\users\sandra\AppData\Roaming\Dell\DellDock\DockContentsBackup.xml

C:\x86winc.bin

.

.

(((((((((((((((((((((((   Dateien erstellt von 2012-02-28 bis 2012-03-29  ))))))))))))))))))))))))))))))

.

.

2012-03-29 13:16 . 2012-03-20 01:53        6582328        ----a-w-        c:\programdata\Microsoft\Windows Defender\Definition Updates\{7CF5B68B-3213-4E8D-AC9E-B203F8FDB5C3}\mpengine.dll

2012-03-29 13:00 . 2012-03-29 13:00        --------        d-----w-        c:\users\sandra\AppData\Local\Temp(25)

2012-03-19 09:32 . 2012-03-19 10:48        --------        d-----w-        c:\users\sandra\Mietzinsbeihilfe

2012-03-16 10:19 . 2012-03-16 10:19        --------        d-----w-        c:\users\sandra\AppData\Roaming\Avira

2012-03-16 10:12 . 2012-01-31 07:56        74640        ----a-w-        c:\windows\system32\drivers\avgntflt.sys

2012-03-16 10:12 . 2012-01-31 07:56        137416        ----a-w-        c:\windows\system32\drivers\avipbb.sys

2012-03-16 10:12 . 2011-09-16 15:08        36000        ----a-w-        c:\windows\system32\drivers\avkmgr.sys

2012-03-16 10:12 . 2012-03-16 10:12        --------        d-----w-        c:\program files\Avira

2012-03-16 09:55 . 2012-03-16 09:55        --------        d-----w-        c:\users\Default\AppData\Local\AskToolbar

2012-03-16 09:55 . 2012-03-16 09:55        --------        d-----w-        c:\program files\Ask.com

2012-03-16 09:54 . 2012-03-16 10:12        --------        d-----w-        c:\programdata\Avira

2012-03-16 07:54 . 2012-03-16 07:54        --------        d-----w-        C:\_OTL

2012-03-14 07:26 . 2012-02-02 15:16        2044416        ----a-w-        c:\windows\system32\win32k.sys

2012-03-14 07:26 . 2012-02-14 15:45        219648        ----a-w-        c:\windows\system32\d3d10_1core.dll

2012-03-14 07:26 . 2012-02-13 14:12        1172480        ----a-w-        c:\windows\system32\d3d10warp.dll

2012-03-14 07:26 . 2012-02-13 13:44        1068544        ----a-w-        c:\windows\system32\DWrite.dll

2012-03-14 07:26 . 2012-02-14 15:45        160768        ----a-w-        c:\windows\system32\d3d10_1.dll

2012-03-14 07:26 . 2012-02-13 13:47        683008        ----a-w-        c:\windows\system32\d2d1.dll

2012-03-14 07:26 . 2012-01-09 15:54        613376        ----a-w-        c:\windows\system32\rdpencom.dll

2012-03-14 07:26 . 2012-01-09 13:58        180736        ----a-w-        c:\windows\system32\drivers\rdpwd.sys

2012-03-12 16:50 . 2012-03-12 16:50        --------        d-----w-        c:\program files\ESET

2012-03-10 23:12 . 2012-03-10 23:12        --------        d-----w-        c:\users\sandra\AppData\Roaming\Malwarebytes

2012-03-10 23:09 . 2012-03-10 23:09        --------        d-----w-        c:\programdata\Malwarebytes

2012-03-10 23:09 . 2012-03-10 23:09        --------        d-----w-        c:\program files\Malwarebytes' Anti-Malware

2012-03-10 23:09 . 2011-12-10 14:24        20464        ----a-w-        c:\windows\system32\drivers\mbam.sys

2012-03-08 02:01 . 2012-03-08 02:01        979456        ----a-w-        c:\windows\system32\MFH264Dec.dll

.

.

.

((((((((((((((((((((((((((((((((((((   Find3M Bericht   ))))))))))))))))))))))))))))))))))))))))))))))))))))))

.

2012-02-23 07:18 . 2009-10-02 17:26        237072        ------w-        c:\windows\system32\MpSigStub.exe

2007-07-26 15:01 . 2009-01-28 21:35        114688        ----a-w-        c:\program files\internet explorer\plugins\ChimeShim.dll

.

.

((((((((((((((((((((((((((((   Autostartpunkte der Registrierung   ))))))))))))))))))))))))))))))))))))))))

.

.

*Hinweis* leere Einträge & legitime Standardeinträge werden nicht angezeigt. 

REGEDIT4

.

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{D4027C7F-154A-4066-A1AD-4243D8127440}]

2012-01-04 19:20        1514152        ----a-w-        c:\program files\Ask.com\GenericAskToolbar.dll

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]

"{D4027C7F-154A-4066-A1AD-4243D8127440}"= "c:\program files\Ask.com\GenericAskToolbar.dll" [2012-01-04 1514152]

.

[HKEY_CLASSES_ROOT\clsid\{d4027c7f-154a-4066-a1ad-4243d8127440}]

[HKEY_CLASSES_ROOT\GenericAskToolbar.ToolbarWnd.1]

[HKEY_CLASSES_ROOT\TypeLib\{2996F0E7-292B-4CAE-893F-47B8B1C05B56}]

[HKEY_CLASSES_ROOT\GenericAskToolbar.ToolbarWnd]

.

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"Sidebar"="c:\program files\Windows Sidebar\sidebar.exe" [2009-04-11 1233920]

"WMPNSCFG"="c:\program files\Windows Media Player\WMPNSCFG.exe" [2008-01-21 202240]

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"Apoint"="c:\program files\DellTPad\Apoint.exe" [2008-06-30 196608]

"StartCCC"="c:\program files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" [2008-01-21 61440]

"IAAnotif"="c:\program files\Intel\Intel Matrix Storage Manager\Iaanotif.exe" [2007-10-03 178712]

"Broadcom Wireless Manager UI"="c:\windows\system32\WLTRAY.exe" [2008-08-05 3563520]

"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2008-06-12 34672]

"PCMService"="c:\program files\Dell\MediaDirect\PCMService.exe" [2008-01-14 132392]

"dellsupportcenter"="c:\program files\Dell Support Center\bin\sprtcmd.exe" [2008-08-26 206064]

"GrooveMonitor"="c:\program files\Microsoft Office\Office12\GrooveMonitor.exe" [2009-02-26 30040]

"SysTrayApp"="c:\program files\IDT\WDM\sttray.exe" [2008-08-29 442460]

"SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2010-02-18 248040]

"snp2uvc"="c:\windows\vsnp2uvc.exe" [2009-08-26 662016]

"AppleSyncNotifier"="c:\program files\Common Files\Apple\Mobile Device Support\AppleSyncNotifier.exe" [2011-04-20 58656]

"APSDaemon"="c:\program files\Common Files\Apple\Apple Application Support\APSDaemon.exe" [2011-09-27 59240]

"QuickTime Task"="c:\program files\QuickTime\QTTask.exe" [2011-07-05 421888]

"iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2011-10-09 421736]

"Malwarebytes' Anti-Malware"="c:\program files\Malwarebytes' Anti-Malware\mbamgui.exe" [2012-01-13 460872]

"ApnUpdater"="c:\program files\Ask.com\Updater\Updater.exe" [2012-01-04 1391272]

"avgnt"="c:\program files\Avira\AntiVir Desktop\avgnt.exe" [2012-01-31 258512]

.

c:\users\Gast\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\

Dell Dock.lnk - c:\program files\Dell\DellDock\DellDock.exe [2008-7-15 1226024]

.

c:\users\sandra\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\

Dell Dock.lnk - c:\program files\Dell\DellDock\DellDock.exe [2008-7-15 1226024]

.

c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\

McAfee Security Scan Plus.lnk - c:\program files\McAfee Security Scan\2.0.181\SSScheduler.exe [2010-1-15 255536]

QuickSet.lnk - c:\program files\Dell\QuickSet\quickset.exe [2008-3-17 1207376]

.

c:\users\Default User\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\

Dell Dock First Run.lnk - c:\program files\Dell\DellDock\DellDock.exe [2008-7-15 1226024]

.

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]

"EnableUIADesktopToggle"= 0 (0x0)

.

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\GoToAssist]

2008-10-30 17:42        10536        ----a-w-        c:\program files\Citrix\GoToAssist\514\g2awinlogon.dll

.

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys]

@="Driver"

.

S2 AESTFilters;Andrea ST Filters Service;c:\windows\System32\DriverStore\FileRepository\stwrt.inf_2ba5baa4\aestsrv.exe [2008-08-29 73728]

.

.

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]

LocalServiceAndNoImpersonation        REG_MULTI_SZ           FontCache

.

Inhalt des "geplante Tasks" Ordners

.

2012-03-29 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job

- c:\program files\Google\Update\GoogleUpdate.exe [2011-02-22 13:46]

.

2012-03-20 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job

- c:\program files\Google\Update\GoogleUpdate.exe [2011-02-22 13:46]

.

2012-03-20 c:\windows\Tasks\ParetoLogic Registration3.job

- c:\program files\Common Files\ParetoLogic\UUS3\UUS3.dll [2010-04-06 21:30]

.

.

------- Zusätzlicher Suchlauf -------

.

uInternet Settings,ProxyOverride = *.local

IE: Add to Windows &Live Favorites - hxxp://favorites.live.com/quickadd.aspx

IE: Nach Microsoft E&xel exportieren - c:\progra~1\MICROS~3\Office12\EXCEL.EXE/3000

LSP: c:\program files\Avira\AntiVir Desktop\avsda.dll

TCP: DhcpNameServer = 195.34.133.21 195.34.133.22

FF - ProfilePath - c:\users\sandra\AppData\Roaming\Mozilla\Firefox\Profiles\51uoo4lk.default\

FF - prefs.js: browser.search.defaulturl - 

FF - prefs.js: browser.search.selectedEngine - Google

FF - prefs.js: keyword.URL - hxxp://www.bing.com/search?FORM=IEFM1&q=

FF - Ext: Default: {972ce4c6-7e08-4474-a285-3208198ce6fd} - c:\program files\Mozilla Firefox\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}

FF - Ext: Java Console: {CAFEEFAC-0016-0000-0013-ABCDEFFEDCBA} - c:\program files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0013-ABCDEFFEDCBA}

FF - Ext: Java Console: {CAFEEFAC-0016-0000-0015-ABCDEFFEDCBA} - c:\program files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0015-ABCDEFFEDCBA}

FF - Ext: Java Console: {CAFEEFAC-0016-0000-0017-ABCDEFFEDCBA} - c:\program files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0017-ABCDEFFEDCBA}

FF - Ext: Java Console: {CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA} - c:\program files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}

FF - Ext: Skype extension: {82AF8DCA-6DE9-405D-BD5E-43525BDAD38A} - c:\program files\Mozilla Firefox\extensions\{82AF8DCA-6DE9-405D-BD5E-43525BDAD38A}

FF - Ext: All-in-One Gestures: {8b86149f-01fb-4842-9dd8-4d7eb02fd055} - %profile%\extensions\{8b86149f-01fb-4842-9dd8-4d7eb02fd055}

FF - Ext: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension

FF - user.js: network.cookie.cookieBehavior - 0

FF - user.js: privacy.clearOnShutdown.cookies - false

FF - user.js: security.warn_viewing_mixed - false

FF - user.js: security.warn_viewing_mixed.show_once - false

FF - user.js: security.warn_submit_insecure - false

FF - user.js: security.warn_submit_insecure.show_once - false

.

.

**************************************************************************

.

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, hxxp://www.gmer.net

Rootkit scan 2012-03-29 15:37

Windows 6.0.6002 Service Pack 2 NTFS

.

Scanne versteckte Prozesse... 

.

Scanne versteckte Autostarteinträge... 

.

Scanne versteckte Dateien... 

.

Scan erfolgreich abgeschlossen

versteckte Dateien: 0

.

**************************************************************************

.

--------------------- Gesperrte Registrierungsschluessel ---------------------

.

[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]

@Denied: (A) (Users)

@Denied: (A) (Everyone)

@Allowed: (B 1 2 3 4 5) (S-1-5-20)

"BlindDial"=dword:00000000

.

[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0001\AllUserSettings]

@Denied: (A) (Users)

@Denied: (A) (Everyone)

@Allowed: (B 1 2 3 4 5) (S-1-5-20)

"BlindDial"=dword:00000000

.

[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0002\AllUserSettings]

@Denied: (A) (Users)

@Denied: (A) (Everyone)

@Allowed: (B 1 2 3 4 5) (S-1-5-20)

"BlindDial"=dword:00000000

.

[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0003\AllUserSettings]

@Denied: (A) (Users)

@Denied: (A) (Everyone)

@Allowed: (B 1 2 3 4 5) (S-1-5-20)

"BlindDial"=dword:00000000

.

[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0004\AllUserSettings]

@Denied: (A) (Users)

@Denied: (A) (Everyone)

@Allowed: (B 1 2 3 4 5) (S-1-5-20)

"BlindDial"=dword:00000000

.

[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0005\AllUserSettings]

@Denied: (A) (Users)

@Denied: (A) (Everyone)

@Allowed: (B 1 2 3 4 5) (S-1-5-20)

"BlindDial"=dword:00000000

.

[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0006\AllUserSettings]

@Denied: (A) (Users)

@Denied: (A) (Everyone)

@Allowed: (B 1 2 3 4 5) (S-1-5-20)

"BlindDial"=dword:00000000

.

------------------------ Weitere laufende Prozesse ------------------------

.

c:\windows\system32\Ati2evxx.exe

c:\windows\System32\DriverStore\FileRepository\stwrt.inf_2ba5baa4\STacSV.exe

c:\windows\system32\Ati2evxx.exe

c:\program files\Dell\DellDock\DockLogin.exe

c:\windows\System32\WLTRYSVC.EXE

c:\windows\System32\bcmwltry.exe

c:\program files\Avira\AntiVir Desktop\sched.exe

c:\program files\Avira\AntiVir Desktop\avguard.exe

c:\program files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe

c:\program files\Bonjour\mDNSResponder.exe

c:\program files\Intel\Intel Matrix Storage Manager\Iaantmon.exe

c:\program files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe

c:\program files\Dell Support Center\bin\sprtsvc.exe

c:\program files\Avira\AntiVir Desktop\avshadow.exe

c:\program files\Avira\AntiVir Desktop\AVWEBGRD.EXE

c:\program files\Malwarebytes' Anti-Malware\mbamservice.exe

c:\program files\Windows Media Player\wmpnetwk.exe

c:\windows\servicing\TrustedInstaller.exe

.

**************************************************************************

.

Zeit der Fertigstellung: 2012-03-29  15:42:37 - PC wurde neu gestartet

ComboFix-quarantined-files.txt  2012-03-29 13:42

.

Vor Suchlauf: 11 Verzeichnis(se), 28.721.823.744 Bytes frei

Nach Suchlauf: 15 Verzeichnis(se), 33.321.947.136 Bytes frei

.

- - End Of File - - 26542D0BD6DD49CAC9DDB3BFB713AE78

--- --- ---

Lg

Bitte nun Logs mit GMER und OSAM erstellen und posten.
GMER stürzt häufiger ab, wenn das Tool auch beim 2. Mal nicht will, lass es einfach weg und führ nur OSAM aus - die Online-Abfrage durch OSAM bitte überspringen.
Bei OSAM bitte darauf auch achten, dass Du das Log auch als *.log und nicht *.html oder so abspeicherst.

Hinweis: Zum Entpacken von OSAM bitte WinRAR oder 7zip verwenden! Stell auch unbedingt den Virenscanner ab, besonders der Scanner von McAfee meldet oft einen Fehalarm in OSAM!

Downloade dir bitte

aswMBR.exe und speichere die Datei auf deinem Desktop.

Starte die aswMBR.exe - (aswMBR.exe Anleitung)
Ab Windows Vista (oder höher) bitte mit Rechtsklick "als Administrator ausführen" starten".
Das Tool wird dich fragen, ob Du mit der aktuellen Virendefinition von AVAST! dein System scannen willst. Beantworte diese Frage bitte mit Ja. (Sollte deine Firewall fragen, bitte den Zugriff auf das Internet zulassen )
Der Download der Definitionen kann je nach Verbindung eine Weile dauern.
Klicke auf Scan.
Warte bitte bis Scan finished successfully im DOS-Fenster steht.
Drücke auf Save Log und speichere diese auf dem Desktop.

Poste mir die aswMBR.txt in deiner nächsten Antwort.

Wichtig: Drücke keinesfalls einen der Fix Buttons ohne Anweisung

Hinweis: Sollte der Scan Button ausgeblendet sein, schließe das Tool und starte es erneut. Sollte der Scan abbrechen und das Programm abstürzen, dann teile mir das mit und wähle unter AV Scan die Einstellung (none).

GMER ist mir 2 mal abgstürzt...
Habe OSAM Log erstellt.

aswMBR.txt:

Code:

aswMBR version 0.9.9.1665 Copyright(c) 2011 AVAST Software

Run date: 2012-03-29 21:38:10

-----------------------------

21:38:10.757    OS Version: Windows 6.0.6002 Service Pack 2

21:38:10.757    Number of processors: 2 586 0xF0D

21:38:10.759    ComputerName: DELL  UserName: 

21:38:12.137    Initialize success

21:39:31.755    AVAST engine defs: 12032901

21:41:42.167    Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\Ide\IAAStorageDevice-1

21:41:42.173    Disk 0 Vendor: WDC_WD16 11.0 Size: 152627MB BusType: 3

21:41:42.229    Disk 0 MBR read successfully

21:41:42.236    Disk 0 MBR scan

21:41:42.247    Disk 0 Windows VISTA default MBR code

21:41:42.255    Disk 0 Partition 1 00     DE Dell Utility Dell 8.0      141 MB offset 63

21:41:42.358    Disk 0 Partition 2 00     07    HPFS/NTFS NTFS        10240 MB offset 290816

21:41:42.384    Disk 0 Partition 3 80 (A) 07    HPFS/NTFS NTFS       142244 MB offset 21262336

21:41:42.404    Disk 0 scanning sectors +312578048

21:41:42.497    Disk 0 scanning C:\Windows\system32\drivers

21:41:56.165    Service scanning

21:42:20.317    Modules scanning

21:42:27.229    Disk 0 trace - called modules:

21:42:27.274    ntkrnlpa.exe CLASSPNP.SYS disk.sys iastor.sys hal.dll 

21:42:27.289    1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0x865edac8]

21:42:27.304    3 CLASSPNP.SYS[88ba38b3] -> nt!IofCallDriver -> \Device\Ide\IAAStorageDevice-1[0x8560d030]

21:42:28.506    AVAST engine scan C:\Windows

21:42:33.474    AVAST engine scan C:\Windows\system32

21:46:36.821    AVAST engine scan C:\Windows\system32\drivers

21:46:52.902    AVAST engine scan C:\Users\sandra

21:50:05.881    Disk 0 MBR has been saved successfully to "C:\Users\sandra\Desktop\MBR.dat"

21:50:05.906    The log file has been saved successfully to "C:\Users\sandra\Desktop\aswMBR.txt"