Trojaner-Board - Mein GMX-Account verschickt Spammails

Trojaner-Board (https://www.trojaner-board.de/)

- Log-Analyse und Auswertung (https://www.trojaner-board.de/log-analyse-auswertung/)

- - Mein GMX-Account verschickt Spammails (https://www.trojaner-board.de/114786-gmx-account-verschickt-spammails.html)

Mein GMX-Account verschickt Spammails

Hallo!

Ich hab wenig Ahnung dafür aber ein Problem...

Mein GMX Account verschickt seit dem 1. Mai so ca. 7.00Uhr Spammails an mein gesamtes Adressbuch und an Teile meines "gesendet"- Ordners.

Hab es an diesen "Mail Delivery System"-Mails gemerkt. Diese kommen jetzt übrigens regelmäßig täglich von 8.00-9.00 immer an dieselben Adressen.

Hab Adressbuch und alle Ordner gelöscht. Wechsel fast täglich mein Passwort und mache es immer komplizierter. Kontakt mit GMX-Support aufgenommen aber noch keine Antwort bekommen.

Ich lock mich immer direkt bei GMX ein und benutz kein Outlook oder sowas.

Ich hab AntiVir, Malwarebytes (Vollscan), Spybot, CCleaner und TuneUp "drüber" laufen lassen. Ohne Funde soweit ich das erkenne. Hab jetzt die hier im Forum Empfohlenen Scan-Programme (Eset, OTL und diese drei für alle Hilfsuchenden) mir schon mal besorgt und freue mich auf Ratschläge.

Bei defogger gab es keine Fehlermeldung.

Schon mal im vorraus vielen Dank für die Mühe und Geduld mit mir!

[code]
.DDS Logfile:

Code:

DDS (Ver_2011-08-26.01) - NTFSx86 

Internet Explorer: 7.0.6000.16982

Run by Matze at 20:04:59 on 2012-05-05

Microsoft® Windows Vista™ Home Premium   6.0.6000.0.1252.49.1031.18.3071.2142 [GMT 2:00]

.

.

============== Running Processes ===============

.

C:\Windows\system32\wininit.exe

C:\Windows\system32\lsm.exe

C:\Windows\system32\svchost.exe -k DcomLaunch

C:\Windows\system32\nvvsvc.exe

C:\Windows\system32\svchost.exe -k rpcss

C:\Windows\System32\svchost.exe -k secsvcs

C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted

C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted

C:\Windows\system32\svchost.exe -k netsvcs

C:\Windows\system32\SLsvc.exe

C:\Windows\system32\svchost.exe -k LocalService

C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe

C:\Windows\system32\nvvsvc.exe

C:\Windows\system32\svchost.exe -k NetworkService

C:\Windows\System32\spoolsv.exe

C:\Program Files\Avira\AntiVir Desktop\sched.exe

C:\Windows\system32\Dwm.exe

C:\Windows\Explorer.EXE

C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork

C:\Windows\system32\taskeng.exe

C:\Program Files\Windows Defender\MSASCui.exe

C:\Windows\RtHDVCpl.exe

C:\Program Files\Microsoft IntelliType Pro\itype.exe

C:\Program Files\Microsoft IntelliPoint\ipoint.exe

C:\Program Files\Avira\AntiVir Desktop\avgnt.exe

C:\Program Files\Windows Sidebar\sidebar.exe

C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe

C:\Program Files\NVIDIA Corporation\Display\nvtray.exe

C:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe

C:\Program Files\Avira\AntiVir Desktop\avguard.exe

C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted

C:\Windows\system32\svchost.exe -k imgsvc

C:\Program Files\TuneUp Utilities 2010\TuneUpUtilitiesService32.exe

C:\Windows\System32\svchost.exe -k WerSvcGroup

C:\Program Files\Spybot - Search & Destroy\SDWinSec.exe

C:\Program Files\TuneUp Utilities 2010\TuneUpUtilitiesApp32.exe

C:\Windows\system32\WUDFHost.exe

C:\Program Files\Avira\AntiVir Desktop\avshadow.exe

C:\Windows\system32\taskeng.exe

C:\Program Files\NVIDIA Corporation\NVIDIA Updatus\daemonu.exe

C:\Windows\system32\wuauclt.exe

C:\Windows\system32\taskeng.exe

C:\Windows\system32\DllHost.exe

C:\Windows\system32\DllHost.exe

C:\Windows\system32\wbem\wmiprvse.exe

.

============== Pseudo HJT Report ===============

.

uStart Page = hxxp://www.gmx.de/

mStart Page = hxxp://search.searchonme.com/

BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelperShim.dll

BHO: Spybot-S&D IE Protection: {53707962-6f74-2d53-2644-206d7942484f} - c:\progra~1\spybot~1\SDHelper.dll

uRun: [Sidebar] c:\program files\windows sidebar\sidebar.exe /autoRun

uRun: [SpybotSD TeaTimer] c:\program files\spybot - search & destroy\TeaTimer.exe

mRun: [Windows Defender] %ProgramFiles%\Windows Defender\MSASCui.exe -hide

mRun: [RtHDVCpl] RtHDVCpl.exe

mRun: [Skytel] Skytel.exe

mRun: [itype] "c:\program files\microsoft intellitype pro\itype.exe"

mRun: [IntelliPoint] "c:\program files\microsoft intellipoint\ipoint.exe"

mRun: [avgnt] "c:\program files\avira\antivir desktop\avgnt.exe" /min

IE: {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - {53707962-6F74-2D53-2644-206D7942484F} - c:\progra~1\spybot~1\SDHelper.dll

DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} - hxxp://fpdownload2.macromedia.com/get/flashplayer/current/swflash.cab

TCP: DhcpNameServer = 192.168.220.1

TCP: Interfaces\{4C3C6723-963E-4E09-A060-452EE71E4B9C} : DhcpNameServer = 192.168.220.1

.

================= FIREFOX ===================

.

FF - ProfilePath - c:\users\matze\appdata\roaming\mozilla\firefox\profiles\uig1ebrz.default\

FF - prefs.js: browser.search.selectedEngine - Google

FF - prefs.js: browser.startup.homepage - www.gmx.de

FF - prefs.js: keyword.URL - hxxp://search.searchonme.com/?q=

FF - plugin: c:\program files\adobe\reader 10.0\reader\air\nppdf32.dll

FF - plugin: c:\windows\system32\macromed\flash\NPSWF32_11_2_202_235.dll

.

============= SERVICES / DRIVERS ===============

.

R1 avkmgr;avkmgr;c:\windows\system32\drivers\avkmgr.sys [2012-4-24 36000]

R2 AdobeARMservice;Adobe Acrobat Update Service;c:\program files\common files\adobe\arm\1.0\armsvc.exe [2012-1-3 63928]

R2 AntiVirSchedulerService;Avira Planer;c:\program files\avira\antivir desktop\sched.exe [2012-4-24 86224]

R2 AntiVirService;Avira Echtzeit Scanner;c:\program files\avira\antivir desktop\avguard.exe [2012-4-24 110032]

R2 avgntflt;avgntflt;c:\windows\system32\drivers\avgntflt.sys [2012-4-24 74640]

R2 nvUpdatusService;NVIDIA Update Service Daemon;c:\program files\nvidia corporation\nvidia updatus\daemonu.exe [2011-9-8 2253120]

R2 SBSDWSCService;SBSD Security Center Service;c:\program files\spybot - search & destroy\SDWinSec.exe [2012-5-3 1153368]

R2 TuneUp.UtilitiesSvc;TuneUp Utilities Service;c:\program files\tuneup utilities 2010\TuneUpUtilitiesService32.exe [2011-11-21 1052480]

R3 dc3d;MS Hardware Device Detection Driver (USB);c:\windows\system32\drivers\dc3d.sys [2010-12-15 44416]

R3 PhilCap;Pinnacle PCTV service;c:\windows\system32\drivers\PhilCap.sys [2011-9-8 908832]

R3 SIS163u;SiS163 USB Wireless LAN Adapter Driver;c:\windows\system32\drivers\sis163u.sys [2011-9-8 218624]

R3 TuneUpUtilitiesDrv;TuneUpUtilitiesDrv;c:\program files\tuneup utilities 2010\TuneUpUtilitiesDriver32.sys [2010-2-24 10064]

S2 McMPFSvc;McAfee Personal Firewall Service;"c:\program files\common files\mcafee\mcsvchost\mcsvhost.exe" /mccoresvc --> c:\program files\common files\mcafee\mcsvchost\McSvHost.exe [?]

S3 AdobeFlashPlayerUpdateSvc;Adobe Flash Player Update Service;c:\windows\system32\macromed\flash\FlashPlayerUpdateService.exe [2012-3-31 257696]

S3 MozillaMaintenance;Mozilla Maintenance Service;c:\program files\mozilla maintenance service\maintenanceservice.exe [2012-4-25 129976]

.

=============== Created Last 30 ================

.

2012-05-04 13:45:52        --------        d-----w-        c:\program files\Trend Micro

2012-05-04 08:43:38        6734704        ----a-w-        c:\programdata\microsoft\windows defender\definition updates\{105d6e60-8865-4bf0-8ab9-138e4067c89a}\mpengine.dll

2012-05-03 17:20:32        --------        d-----w-        c:\programdata\Spybot - Search & Destroy

2012-05-03 17:20:32        --------        d-----w-        c:\program files\Spybot - Search & Destroy

2012-05-02 15:15:42        97208        ----a-w-        c:\program files\mozilla firefox\components\browsercomps.dll

2012-05-02 15:15:35        868952        ----a-w-        c:\program files\mozilla firefox\uninstall\helper.exe

2012-05-01 13:04:38        --------        d-----w-        c:\users\matze\appdata\roaming\ESET

2012-05-01 13:04:38        --------        d-----w-        c:\users\matze\appdata\local\ESET

2012-04-25 18:48:22        --------        d-----w-        c:\program files\Mozilla Maintenance Service

2012-04-25 18:48:19        157352        ----a-w-        c:\program files\mozilla firefox\maintenanceservice_installer.exe

2012-04-25 18:48:19        129976        ----a-w-        c:\program files\mozilla firefox\maintenanceservice.exe

2012-04-24 05:13:34        --------        d-----w-        c:\users\matze\appdata\roaming\Avira

2012-04-24 05:09:57        74640        ----a-w-        c:\windows\system32\drivers\avgntflt.sys

2012-04-24 05:09:57        36000        ----a-w-        c:\windows\system32\drivers\avkmgr.sys

2012-04-24 05:09:52        --------        d-----w-        c:\programdata\Avira

2012-04-24 05:09:52        --------        d-----w-        c:\program files\Avira

.

==================== Find3M  ====================

.

2012-05-05 09:09:24        70304        ----a-w-        c:\windows\system32\FlashPlayerCPLApp.cpl

2012-05-05 09:09:24        419488        ----a-w-        c:\windows\system32\FlashPlayerApp.exe

2012-04-04 13:56:40        22344        ----a-w-        c:\windows\system32\drivers\mbam.sys

2012-02-23 08:18:36        237072        ------w-        c:\windows\system32\MpSigStub.exe

2012-02-09 20:43:00        881984        ----a-w-        c:\windows\system32\nvgenco32.dll

2012-02-09 20:43:00        7713088        ----a-w-        c:\windows\system32\nvwgf2um.dll

2012-02-09 20:43:00        61248        ----a-w-        c:\windows\system32\OpenCL.dll

2012-02-09 20:43:00        5892928        ----a-w-        c:\windows\system32\nvcuda.dll

2012-02-09 20:43:00        2517312        ----a-w-        c:\windows\system32\nvcuvid.dll

2012-02-09 20:43:00        2437440        ----a-w-        c:\windows\system32\nvcuvenc.dll

2012-02-09 20:43:00        2301248        ----a-w-        c:\windows\system32\nvapi.dll

2012-02-09 20:43:00        19443520        ----a-w-        c:\windows\system32\nvoglv32.dll

2012-02-09 20:43:00        17543488        ----a-w-        c:\windows\system32\nvcompiler.dll

2012-02-09 20:43:00        15009600        ----a-w-        c:\windows\system32\nvd3dum.dll

2012-02-09 20:43:00        10816832        ----a-w-        c:\windows\system32\drivers\nvlddmkm.sys

2012-02-09 20:43:00        1000256        ----a-w-        c:\windows\system32\nvdispco32.dll

.

============= FINISH: 20:06:12,34 ===============

--- --- ---

Hier der Vollscan von malwarebytes

Code:

Malwarebytes Anti-Malware 1.61.0.1400

www.malwarebytes.org
 

Datenbank Version: v2012.05.05.07
 

Windows Vista x86 NTFS

Internet Explorer 7.0.6000.16982

Matze :: MATZE-PC [Administrator]
 

05.05.2012 21:31:35

mbam-log-2012-05-05 (21-31-35).txt
 

Art des Suchlaufs: Vollständiger Suchlauf

Aktivierte Suchlaufeinstellungen: Speicher | Autostart | Registrierung | Dateisystem | Heuristiks/Extra | HeuristiKs/Shuriken | PUP | PUM

Deaktivierte Suchlaufeinstellungen: P2P

Durchsuchte Objekte: 264934

Laufzeit: 29 Minute(n), 14 Sekunde(n)
 

Infizierte Speicherprozesse: 0

(Keine bösartigen Objekte gefunden)
 

Infizierte Speichermodule: 0

(Keine bösartigen Objekte gefunden)
 

Infizierte Registrierungsschlüssel: 0

(Keine bösartigen Objekte gefunden)
 

Infizierte Registrierungswerte: 0

(Keine bösartigen Objekte gefunden)
 

Infizierte Dateiobjekte der Registrierung: 0

(Keine bösartigen Objekte gefunden)
 

Infizierte Verzeichnisse: 0

(Keine bösartigen Objekte gefunden)
 

Infizierte Dateien: 0

(Keine bösartigen Objekte gefunden)
 

(Ende)

Gruß Matjes

Führ bitte auch ESET aus, danach sehen wir weiter:

ESET Online Scanner

Hier findest du eine bebilderte Anleitung zu ESET Online Scanner
Lade und starte Eset Online Scanner
Setze einen Haken bei Ja, ich bin mit den Nutzungsbedingungen einverstanden und klicke auf Starten.
Aktiviere die "Erkennung von eventuell unerwünschten Anwendungen" und wähle folgende Einstellungen.
Klicke auf Starten.
Die Signaturen werden heruntergeladen, der Scan beginnt automatisch.
Klicke am Ende des Suchlaufs auf Fertig stellen.
Schließe das Fenster von ESET.
Explorer öffnen.
C:\Programme\Eset\EsetOnlineScanner\log.txt (bei 64 Bit auch C:\Programme (x86)\Eset\EsetOnlineScanner\log.txt) suchen und mit Deinem Editor öffnen (bebildert).
Logfile hier posten.
Deinstallation: Systemsteuerung => Software / Programme deinstallieren => Eset Online Scanner V3 entfernen.
Manuell folgenden Ordner löschen und Papierkorb leeren => C:\Programme\Eset

Cool das du antwortets.

Kleine Vorabinfo: Seit Sonntag sind keine Mails mehr rausgegangen. Meine Feunde haben das bestätigt. Aber das heißt ja noch nicht das der PC sauber ist.
GMX hat auch geantwortet, aber nichts weltbewegendes beigesteuert. Nach Viren/Trojaner scannen, Passwörter ändern, etc....

Code:

ESETSmartInstaller@High as downloader log:

all ok

# version=7

# OnlineScannerApp.exe=1.0.0.1

# OnlineScanner.ocx=1.0.0.6583

# api_version=3.0.2

# EOSSerial=cc7574fc31d1cb459c101fd88af0c444

# end=finished

# remove_checked=false

# archives_checked=true

# unwanted_checked=true

# unsafe_checked=false

# antistealth_checked=true

# utc_time=2012-05-08 02:49:42

# local_time=2012-05-08 04:49:42 (+0100, Mitteleuropäische Sommerzeit)

# country="Germany"

# lang=1033

# osver=6.0.6000 NT 

# compatibility_mode=1792 16777191 100 0 1242506 1242506 0 0

# compatibility_mode=5892 16776573 100 100 275509 174019426 0 0

# compatibility_mode=8192 67108863 100 0 277 277 0 0

# scanned=80856

# found=0

# cleaned=0

# scan_time=1884

Danke und Gruß
Matjes

Mach bitte ein neues OTL-Log. Bitte alles nach Möglichkeit hier in CODE-Tags posten.

Wird so gemacht:

[code] hier steht das Log [/code]

Und das ganze sieht dann so aus:

Code:

hier steht das Log

CustomScan mit OTL

Falls noch nicht vorhanden, lade Dir bitte OTL von Oldtimer herunter und speichere es auf Deinem Desktop

Starte bitte die OTL.exe.
Vista und Win7 User mit Rechtsklick "als Administrator starten"
Setze oben mittig den Haken bei Scanne alle Benutzer
Kopiere nun den kompletten Inhalt aus der untenstehenden Codebox in die http://billy-oneal.com/Canned%20Spee.../customFix.png Textbox von OTL - wenn OTL auf deutsch ist wird sie mit http://larusso.trojaner-board.de/Images/otlfix.jpg beschriftet

Code:

netsvcs

msconfig

safebootminimal

safebootnetwork

activex

drivers32

%ALLUSERSPROFILE%\Application Data\*.

%ALLUSERSPROFILE%\Application Data\*.exe /s

%APPDATA%\*.

%APPDATA%\*.exe /s

%SYSTEMDRIVE%\*.exe

/md5start

wininit.exe

userinit.exe

eventlog.dll

scecli.dll

netlogon.dll

cngaudit.dll

ws2ifsl.sys

sceclt.dll

ntelogon.dll

winlogon.exe

logevent.dll

user32.DLL

iaStor.sys

nvstor.sys

atapi.sys

IdeChnDr.sys

viasraid.sys

AGP440.sys

vaxscsi.sys

nvatabus.sys

viamraid.sys

nvata.sys

nvgts.sys

iastorv.sys

ViPrt.sys

eNetHook.dll

ahcix86.sys

KR10N.sys

nvstor32.sys

ahcix86s.sys

/md5stop

%systemroot%\system32\drivers\*.sys /lockedfiles

%systemroot%\System32\config\*.sav

%systemroot%\*. /mp /s

%systemroot%\system32\*.dll /lockedfiles

CREATERESTOREPOINT

Schliesse bitte nun alle Programme. (Wichtig)
Klicke nun bitte auf den Quick Scan Button.
Klick auf http://billy-oneal.com/Canned%20Spee.../OTL/btnOK.png.
Kopiere nun den Inhalt aus OTL.txt hier in Deinen Thread

OTL Logfile:

Code:

OTL logfile created on: 08.05.2012 19:04:25 - Run 2

OTL by OldTimer - Version 3.2.42.2     Folder = C:\Users\Matze\Desktop

Windows Vista Home Premium Edition  (Version = 6.0.6000) - Type = NTWorkstation

Internet Explorer (Version = 7.0.6000.16982)

Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy

 

3,00 Gb Total Physical Memory | 2,30 Gb Available Physical Memory | 76,66% Memory free

6,15 Gb Paging File | 5,15 Gb Available in Paging File | 83,74% Paging File free

Paging file location(s): ?:\pagefile.sys [binary data]

 

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files

Drive C: | 156,86 Gb Total Space | 97,66 Gb Free Space | 62,26% Space Free | Partition Type: NTFS

Drive D: | 146,48 Gb Total Space | 146,37 Gb Free Space | 99,92% Space Free | Partition Type: NTFS

Drive E: | 150,69 Gb Total Space | 150,41 Gb Free Space | 99,81% Space Free | Partition Type: NTFS

 

Computer Name: MATZE-PC | User Name: Matze | Logged in as Administrator.

Boot Mode: Normal | Scan Mode: All users | Quick Scan

Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days

 
 ========== Processes (SafeList) ==========

 

PRC - C:\Users\Matze\Desktop\OTL.exe (OldTimer Tools)

PRC - C:\Programme\Avira\AntiVir Desktop\avshadow.exe (Avira Operations GmbH & Co. KG)

PRC - C:\Programme\Avira\AntiVir Desktop\sched.exe (Avira Operations GmbH & Co. KG)

PRC - C:\Programme\Avira\AntiVir Desktop\avgnt.exe (Avira Operations GmbH & Co. KG)

PRC - C:\Programme\Avira\AntiVir Desktop\avguard.exe (Avira Operations GmbH & Co. KG)

PRC - C:\Programme\Common Files\Adobe\ARM\1.0\armsvc.exe (Adobe Systems Incorporated)

PRC - C:\Programme\TuneUp Utilities 2010\TuneUpUtilitiesApp32.exe (TuneUp Software)

PRC - C:\Programme\TuneUp Utilities 2010\TuneUpUtilitiesService32.exe (TuneUp Software)

PRC - C:\Programme\NVIDIA Corporation\NVIDIA Updatus\daemonu.exe (NVIDIA Corporation)

PRC - C:\Programme\NVIDIA Corporation\Display\nvtray.exe (NVIDIA Corporation)

PRC - C:\Programme\NVIDIA Corporation\Display\nvxdsync.exe (NVIDIA Corporation)

PRC - C:\Programme\Windows Defender\MSASCui.exe (Microsoft Corporation)

PRC - C:\Windows\explorer.exe (Microsoft Corporation)

PRC - C:\Programme\Windows Sidebar\sidebar.exe (Microsoft Corporation)

PRC - C:\Programme\Microsoft IntelliType Pro\itype.exe (Microsoft Corporation)

PRC - C:\Programme\Microsoft IntelliPoint\ipoint.exe (Microsoft Corporation)

PRC - C:\Programme\Spybot - Search & Destroy\SDWinSec.exe (Safer Networking Ltd.)

PRC - C:\Windows\RtHDVCpl.exe (Realtek Semiconductor)

 

 
 ========== Modules (No Company Name) ==========

 

 
 ========== Win32 Services (SafeList) ==========

 

SRV - (SBSDWSCService) -- C:\Program Files\Spybot File not found

SRV - (McMPFSvc) -- C:\Program Files\Common Files\Mcafee\McSvcHost\McSvHost.exe /McCoreSvc File not found

SRV - (AdobeFlashPlayerUpdateSvc) -- C:\Windows\System32\Macromed\Flash\FlashPlayerUpdateService.exe (Adobe Systems Incorporated)

SRV - (MozillaMaintenance) -- C:\Programme\Mozilla Maintenance Service\maintenanceservice.exe (Mozilla Foundation)

SRV - (AntiVirSchedulerService) -- C:\Programme\Avira\AntiVir Desktop\sched.exe (Avira Operations GmbH & Co. KG)

SRV - (AntiVirService) -- C:\Programme\Avira\AntiVir Desktop\avguard.exe (Avira Operations GmbH & Co. KG)

SRV - (AdobeARMservice) -- C:\Programme\Common Files\Adobe\ARM\1.0\armsvc.exe (Adobe Systems Incorporated)

SRV - (TuneUp.Defrag) -- C:\Programme\TuneUp Utilities 2010\TuneUpDefragService.exe (TuneUp Software)

SRV - (TuneUp.UtilitiesSvc) -- C:\Programme\TuneUp Utilities 2010\TuneUpUtilitiesService32.exe (TuneUp Software)

SRV - (UxTuneUp) -- C:\Windows\System32\uxtuneup.dll (TuneUp Software)

SRV - (nvUpdatusService) -- C:\Programme\NVIDIA Corporation\NVIDIA Updatus\daemonu.exe (NVIDIA Corporation)

SRV - (WinDefend) -- C:\Programme\Windows Defender\MpSvc.dll (Microsoft Corporation)

SRV - (OpenVPNService) -- C:\Programme\Astaro\Astaro SSL VPN Client\bin\openvpnserv.exe ()

SRV - (WMPNetworkSvc) -- C:\Programme\Windows Media Player\wmpnetwk.exe (Microsoft Corporation)

 

 
 ========== Driver Services (SafeList) ==========

 

DRV - (NwlnkFwd) -- system32\DRIVERS\nwlnkfwd.sys File not found

DRV - (NwlnkFlt) -- system32\DRIVERS\nwlnkflt.sys File not found

DRV - (IpInIp) -- system32\DRIVERS\ipinip.sys File not found

DRV - (blbdrive) -- C:\Windows\system32\drivers\blbdrive.sys File not found

DRV - (aaudstum) -- C:\Users\Matze\AppData\Local\Temp\aaudstum.sys File not found

DRV - (nvlddmkm) -- C:\Windows\System32\drivers\nvlddmkm.sys (NVIDIA Corporation)

DRV - (avipbb) -- C:\Windows\System32\drivers\avipbb.sys (Avira GmbH)

DRV - (avgntflt) -- C:\Windows\System32\drivers\avgntflt.sys (Avira GmbH)

DRV - (avkmgr) -- C:\Windows\System32\drivers\avkmgr.sys (Avira GmbH)

DRV - (atksgt) -- C:\Windows\System32\drivers\atksgt.sys ()

DRV - (lirsgt) -- C:\Windows\System32\drivers\lirsgt.sys ()

DRV - (dc3d) MS Hardware Device Detection Driver (USB) -- C:\Windows\System32\drivers\dc3d.sys (Microsoft Corporation)

DRV - (tap0901) -- C:\Windows\System32\drivers\tap0901.sys (The OpenVPN Project)

DRV - (TuneUpUtilitiesDrv) -- C:\Programme\TuneUp Utilities 2010\TuneUpUtilitiesDriver32.sys (TuneUp Software)

DRV - (ssmdrv) -- C:\Windows\System32\drivers\ssmdrv.sys (Avira GmbH)

DRV - (NVENETFD) -- C:\Windows\System32\drivers\nvmfdx32.sys (NVIDIA Corporation)

DRV - (nvsmu) -- C:\Windows\System32\drivers\nvsmu.sys (NVIDIA Corporation)

DRV - (PhilCap) -- C:\Windows\System32\drivers\PhilCap.sys (NXP Semiconductors Germany GmbH)

DRV - (JRAID) -- C:\Windows\System32\drivers\jraid.sys (JMicron Technology Corp.)

DRV - (SIS163u) -- C:\Windows\System32\drivers\sis163u.sys (Silicon Integrated Systems Corp.)

DRV - (sfsync04) StarForce Protection Synchronization Driver (version 4.x) -- C:\Windows\System32\drivers\sfsync04.sys (Protection Technology (StarForce))

 

 
 ========== Standard Registry (SafeList) ==========

 

 
 ========== Internet Explorer ==========

 

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = %SystemRoot%\system32\blank.htm

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://search.searchonme.com/

IE - HKLM\..\SearchScopes,DefaultScope = {BB74DE59-BC4C-4172-9AC4-73315F71CFFE}

IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://search.live.com/results.aspx?q={searchTerms}&src={referrer:source?}

IE - HKLM\..\SearchScopes\{BB74DE59-BC4C-4172-9AC4-73315F71CFFE}: "URL" = hxxp://search.searchonme.com/?q={searchTerms}

 

 

IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

 

IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

 

 

 

IE - HKU\S-1-5-21-534847706-395394252-3581119422-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.gmx.de/

IE - HKU\S-1-5-21-534847706-395394252-3581119422-1000\SOFTWARE\Microsoft\Internet Explorer\Main,StartPageCache = 1

IE - HKU\S-1-5-21-534847706-395394252-3581119422-1000\..\SearchScopes,DefaultScope = {CB614197-6077-44CF-87BA-E3950197C1D4}

IE - HKU\S-1-5-21-534847706-395394252-3581119422-1000\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://search.live.com/results.aspx?q={searchTerms}&src={referrer:source?}

IE - HKU\S-1-5-21-534847706-395394252-3581119422-1000\..\SearchScopes\{BB74DE59-BC4C-4172-9AC4-73315F71CFFE}: "URL" = hxxp://search.searchonme.com/?q={searchTerms}

IE - HKU\S-1-5-21-534847706-395394252-3581119422-1000\..\SearchScopes\{CB614197-6077-44CF-87BA-E3950197C1D4}: "URL" = hxxp://www.google.de/search?q={searchTerms}

IE - HKU\S-1-5-21-534847706-395394252-3581119422-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

 

 
 ========== FireFox ==========

 

FF - prefs.js..browser.search.defaultenginename: "SearchOnMe"

FF - prefs.js..browser.search.order.1: "SearchOnMe"

FF - prefs.js..browser.search.selectedEngine: "Google"

FF - prefs.js..browser.startup.homepage: "www.gmx.de"

FF - prefs.js..keyword.URL: "hxxp://search.searchonme.com/?q="

FF - user.js - File not found

 

FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF32_11_2_202_235.dll ()

FF - HKLM\Software\MozillaPlugins\@divx.com/DivX Browser Plugin,version=1.0.0: C:\Program Files\DivX\DivX Web Player\npdivx32.dll (DivX,Inc.)

FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)

 

FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 12.0\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2012.05.02 17:15:42 | 000,000,000 | ---D | M]

FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 12.0\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2012.04.13 11:07:54 | 000,000,000 | ---D | M]

FF - HKEY_LOCAL_MACHINE\software\mozilla\Thunderbird\Extensions\\eplgTb@eset.com: C:\Program Files\ESET\ESET Smart Security\Mozilla Thunderbird

 

[2011.09.09 12:11:54 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Matze\AppData\Roaming\mozilla\Extensions

[2012.05.02 10:56:59 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Matze\AppData\Roaming\mozilla\Firefox\Profiles\uig1ebrz.default\extensions

[2011.10.29 15:26:41 | 000,000,000 | ---D | M] (Garmin Communicator) -- C:\Users\Matze\AppData\Roaming\mozilla\Firefox\Profiles\uig1ebrz.default\extensions\{195A3098-0BD5-4e90-AE22-BA1C540AFD1E}

[2012.03.18 08:45:03 | 000,000,000 | ---D | M] (Codec-C) -- C:\Users\Matze\AppData\Roaming\mozilla\Firefox\Profiles\uig1ebrz.default\extensions\info@allpremiumplay.info

[2012.03.18 08:45:02 | 000,000,448 | ---- | M] () -- C:\Users\Matze\AppData\Roaming\Mozilla\Firefox\Profiles\uig1ebrz.default\searchplugins\SearchOnMe.xml

[2012.05.02 17:15:35 | 000,000,000 | ---D | M] (No name found) -- C:\Programme\Mozilla Firefox\extensions

[2012.05.02 17:15:35 | 000,000,000 | ---D | M] (No name found) -- C:\Programme\Mozilla Firefox\distribution\extensions

[2012.05.02 17:15:35 | 000,000,000 | ---D | M] (GMX Toolbar) -- C:\Programme\Mozilla Firefox\distribution\extensions\toolbar@gmx.net

() (No name found) -- C:\USERS\MATZE\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\UIG1EBRZ.DEFAULT\EXTENSIONS\{D10D0BF8-F5B5-C8B4-A8B2-2B9879E08C5D}.XPI

[2012.04.21 03:18:00 | 000,097,208 | ---- | M] (Mozilla Foundation) -- C:\Program Files\mozilla firefox\components\browsercomps.dll

[2012.04.21 03:54:08 | 000,001,392 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\amazondotcom-de.xml

[2011.09.13 17:19:39 | 000,002,288 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\babylon.xml

[2012.04.21 03:54:08 | 000,002,252 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\bing.xml

[2012.04.21 03:54:08 | 000,001,153 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\eBay-de.xml

[2012.04.21 03:54:08 | 000,006,805 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\leo_ende_de.xml

[2012.04.21 03:54:08 | 000,001,178 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\wikipedia-de.xml

[2012.04.21 03:54:08 | 000,001,105 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\yahoo-de.xml

 

O1 HOSTS File: ([2006.09.18 23:41:30 | 000,000,761 | ---- | M]) - C:\Windows\System32\drivers\etc\hosts

O1 - Hosts: 127.0.0.1       localhost

O1 - Hosts: ::1             localhost

O2 - BHO: (Spybot-S&D IE Protection) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Programme\Spybot - Search & Destroy\SDHelper.dll (Safer Networking Limited)

O4 - HKLM..\Run: [avgnt] C:\Program Files\Avira\AntiVir Desktop\avgnt.exe (Avira Operations GmbH & Co. KG)

O4 - HKLM..\Run: [RtHDVCpl] C:\Windows\RtHDVCpl.exe (Realtek Semiconductor)

O4 - HKLM..\Run: [Windows Defender] C:\Program Files\Windows Defender\MSASCui.exe (Microsoft Corporation)

O4 - HKU\S-1-5-19..\Run: [WindowsWelcomeCenter] C:\Windows\System32\oobefldr.dll (Microsoft Corporation)

O4 - HKU\S-1-5-20..\Run: [WindowsWelcomeCenter] C:\Windows\System32\oobefldr.dll (Microsoft Corporation)

O4 - HKU\S-1-5-21-534847706-395394252-3581119422-1000..\Run: [SpybotSD TeaTimer] C:\Programme\Spybot - Search & Destroy\TeaTimer.exe (Safer-Networking Ltd.)

O4 - HKU\S-1-5-21-534847706-395394252-3581119422-1001..\Run: [WindowsWelcomeCenter] C:\Windows\System32\oobefldr.dll (Microsoft Corporation)

O9 - Extra 'Tools' menuitem : Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Programme\Spybot - Search & Destroy\SDHelper.dll (Safer Networking Limited)

O13 - gopher Prefix: missing

O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} hxxp://fpdownload2.macromedia.com/get/flashplayer/current/swflash.cab (Shockwave Flash Object)

O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.220.1

O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{4C3C6723-963E-4E09-A060-452EE71E4B9C}: DhcpNameServer = 192.168.220.1

O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)

O20 - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\System32\userinit.exe (Microsoft Corporation)

O24 - Desktop WallPaper: C:\Users\Matze\AppData\Roaming\Microsoft\Windows Photo Gallery\Hintergrundbild der Windows-Fotogalerie.jpg

O24 - Desktop BackupWallPaper: C:\Users\Matze\AppData\Roaming\Microsoft\Windows Photo Gallery\Hintergrundbild der Windows-Fotogalerie.jpg

O32 - HKLM CDRom: AutoRun - 1

O32 - AutoRun File - [2006.09.18 23:43:36 | 000,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ]

O32 - AutoRun File - [2011.10.17 16:54:03 | 000,000,000 | ---D | M] - E:\Autorun -- [ NTFS ]

O34 - HKLM BootExecute: (autocheck autochk *)

O35 - HKLM\..comfile [open] -- "%1" %*

O35 - HKLM\..exefile [open] -- "%1" %*

O37 - HKLM\...com [@ = comfile] -- "%1" %*

O37 - HKLM\...exe [@ = exefile] -- "%1" %*

O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)

O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)

 

NetSvcs: UxTuneUp - C:\Windows\System32\uxtuneup.dll (TuneUp Software)

NetSvcs: FastUserSwitchingCompatibility -  File not found

NetSvcs: Ias - C:\Windows\System32\ias.dll (Microsoft Corporation)

NetSvcs: Nla -  File not found

NetSvcs: Ntmssvc -  File not found

NetSvcs: NWCWorkstation -  File not found

NetSvcs: Nwsapagent -  File not found

NetSvcs: SRService -  File not found

NetSvcs: WmdmPmSp -  File not found

NetSvcs: LogonHours -  File not found

NetSvcs: PCAudit -  File not found

NetSvcs: helpsvc -  File not found

NetSvcs: uploadmgr -  File not found

 

 

SafeBootMin: AppMgmt - Service

SafeBootMin: Base - Driver Group

SafeBootMin: Boot Bus Extender - Driver Group

SafeBootMin: Boot file system - Driver Group

SafeBootMin: File system - Driver Group

SafeBootMin: Filter - Driver Group

SafeBootMin: HelpSvc - Service

SafeBootMin: MCODS - Reg Error: Value error.

SafeBootMin: NTDS -  File not found

SafeBootMin: PCI Configuration - Driver Group

SafeBootMin: PNP Filter - Driver Group

SafeBootMin: Primary disk - Driver Group

SafeBootMin: sacsvr - Service

SafeBootMin: SCSI Class - Driver Group

SafeBootMin: System Bus Extender - Driver Group

SafeBootMin: WinDefend - C:\Programme\Windows Defender\MpSvc.dll (Microsoft Corporation)

SafeBootMin: {36FC9E60-C465-11CF-8056-444553540000} - Universal Serial Bus controllers

SafeBootMin: {4D36E965-E325-11CE-BFC1-08002BE10318} - CD-ROM Drive

SafeBootMin: {4D36E967-E325-11CE-BFC1-08002BE10318} - DiskDrive

SafeBootMin: {4D36E969-E325-11CE-BFC1-08002BE10318} - Standard floppy disk controller

SafeBootMin: {4D36E96A-E325-11CE-BFC1-08002BE10318} - Hdc

SafeBootMin: {4D36E96B-E325-11CE-BFC1-08002BE10318} - Keyboard

SafeBootMin: {4D36E96F-E325-11CE-BFC1-08002BE10318} - Mouse

SafeBootMin: {4D36E977-E325-11CE-BFC1-08002BE10318} - PCMCIA Adapters

SafeBootMin: {4D36E97B-E325-11CE-BFC1-08002BE10318} - SCSIAdapter

SafeBootMin: {4D36E97D-E325-11CE-BFC1-08002BE10318} - System

SafeBootMin: {4D36E980-E325-11CE-BFC1-08002BE10318} - Floppy disk drive

SafeBootMin: {533C5B84-EC70-11D2-9505-00C04F79DEAF} - Volume shadow copy

SafeBootMin: {6BDD1FC1-810F-11D0-BEC7-08002BE2092F} - IEEE 1394 Bus host controllers

SafeBootMin: {71A27CDD-812A-11D0-BEC7-08002BE2092F} - Volume

SafeBootMin: {745A17A0-74D3-11D0-B6FE-00A0C90F57DA} - Human Interface Devices

SafeBootMin: {D48179BE-EC20-11D1-B6B8-00C04FA372A7} - SBP2 IEEE 1394 Devices

SafeBootMin: {D94EE5D8-D189-4994-83D2-F68D7D41B0E6} - SecurityDevices

 

SafeBootNet: AppMgmt - Service

SafeBootNet: Base - Driver Group

SafeBootNet: Boot Bus Extender - Driver Group

SafeBootNet: Boot file system - Driver Group

SafeBootNet: File system - Driver Group

SafeBootNet: Filter - Driver Group

SafeBootNet: HelpSvc - Service

SafeBootNet: McMPFSvc - C:\Program Files\Common Files\Mcafee\McSvcHost\McSvHost.exe /McCoreSvc File not found

SafeBootNet: MCODS - Reg Error: Value error.

SafeBootNet: Messenger - Service

SafeBootNet: NDIS Wrapper - Driver Group

SafeBootNet: NetBIOSGroup - Driver Group

SafeBootNet: NetDDEGroup - Driver Group

SafeBootNet: Network - Driver Group

SafeBootNet: NetworkProvider - Driver Group

SafeBootNet: NTDS -  File not found

SafeBootNet: PCI Configuration - Driver Group

SafeBootNet: PNP Filter - Driver Group

SafeBootNet: PNP_TDI - Driver Group

SafeBootNet: Primary disk - Driver Group

SafeBootNet: rdsessmgr - Service

SafeBootNet: sacsvr - Service

SafeBootNet: SCSI Class - Driver Group

SafeBootNet: Streams Drivers - Driver Group

SafeBootNet: System Bus Extender - Driver Group

SafeBootNet: TDI - Driver Group

SafeBootNet: WinDefend - C:\Programme\Windows Defender\MpSvc.dll (Microsoft Corporation)

SafeBootNet: {36FC9E60-C465-11CF-8056-444553540000} - Universal Serial Bus controllers

SafeBootNet: {4D36E965-E325-11CE-BFC1-08002BE10318} - CD-ROM Drive

SafeBootNet: {4D36E967-E325-11CE-BFC1-08002BE10318} - DiskDrive

SafeBootNet: {4D36E969-E325-11CE-BFC1-08002BE10318} - Standard floppy disk controller

SafeBootNet: {4D36E96A-E325-11CE-BFC1-08002BE10318} - Hdc

SafeBootNet: {4D36E96B-E325-11CE-BFC1-08002BE10318} - Keyboard

SafeBootNet: {4D36E96F-E325-11CE-BFC1-08002BE10318} - Mouse

SafeBootNet: {4D36E972-E325-11CE-BFC1-08002BE10318} - Net

SafeBootNet: {4D36E973-E325-11CE-BFC1-08002BE10318} - NetClient

SafeBootNet: {4D36E974-E325-11CE-BFC1-08002BE10318} - NetService

SafeBootNet: {4D36E975-E325-11CE-BFC1-08002BE10318} - NetTrans

SafeBootNet: {4D36E977-E325-11CE-BFC1-08002BE10318} - PCMCIA Adapters

SafeBootNet: {4D36E97B-E325-11CE-BFC1-08002BE10318} - SCSIAdapter

SafeBootNet: {4D36E97D-E325-11CE-BFC1-08002BE10318} - System

SafeBootNet: {4D36E980-E325-11CE-BFC1-08002BE10318} - Floppy disk drive

SafeBootNet: {50DD5230-BA8A-11D1-BF5D-0000F805F530} - Smart card readers

SafeBootNet: {533C5B84-EC70-11D2-9505-00C04F79DEAF} - Volume shadow copy

SafeBootNet: {6BDD1FC1-810F-11D0-BEC7-08002BE2092F} - IEEE 1394 Bus host controllers

SafeBootNet: {71A27CDD-812A-11D0-BEC7-08002BE2092F} - Volume

SafeBootNet: {745A17A0-74D3-11D0-B6FE-00A0C90F57DA} - Human Interface Devices

SafeBootNet: {D48179BE-EC20-11D1-B6B8-00C04FA372A7} - SBP2 IEEE 1394 Devices

SafeBootNet: {D94EE5D8-D189-4994-83D2-F68D7D41B0E6} - SecurityDevices

 

ActiveX: {2179C5D3-EBFF-11CF-B6FD-00AA00B4E220} - 

ActiveX: {22d6f312-b0f6-11d0-94ab-0080c74c7e95} - Microsoft Windows Media Player 11.0

ActiveX: {25FFAAD0-F4A3-4164-95FF-4461E9F35D51} - .NET Framework

ActiveX: {2C7339CF-2B09-4501-B3F3-F3508C9228ED} - %SystemRoot%\system32\regsvr32.exe /s /n /i:/UserInstall %SystemRoot%\system32\themeui.dll

ActiveX: {3af36230-a269-11d1-b5bf-0000f8051515} - Offline Browsing Pack

ActiveX: {44BBA840-CC51-11CF-AAFA-00AA00B6015C} - "%ProgramFiles%\Windows Mail\WinMail.exe" OCInstallUserConfigOE

ActiveX: {44BBA848-CC51-11CF-AAFA-00AA00B6015C} - 

ActiveX: {44BBA855-CC51-11CF-AAFA-00AA00B6015F} - DirectDrawEx

ActiveX: {45ea75a0-a269-11d1-b5bf-0000f8051515} - Internet Explorer Help

ActiveX: {4f645220-306d-11d2-995d-00c04f98bbc9} - Microsoft Windows Script 5.7

ActiveX: {5fd399c0-a70a-11d1-9948-00c04f98bbc9} - Internet Explorer Setup Tools

ActiveX: {630b1da0-b465-11d1-9948-00c04f98bbc9} - Browsing Enhancements

ActiveX: {6BF52A52-394A-11d3-B153-00C04F79FAA6} - Microsoft Windows Media Player

ActiveX: {6fab99d0-bab8-11d1-994a-00c04f98bbc9} - MSN Site Access

ActiveX: {7790769C-0471-11d2-AF11-00C04FA35D02} - Address Book 7

ActiveX: {7C028AF8-F614-47B3-82DA-BA94E41B1089} - .NET Framework

ActiveX: {89820200-ECBD-11cf-8B85-00AA005B4340} - regsvr32.exe /s /n /i:U shell32.dll

ActiveX: {89820200-ECBD-11cf-8B85-00AA005B4383} - C:\Windows\system32\ie4uinit.exe -BaseSettings

ActiveX: {89B4C1CD-B018-4511-B0A1-5476DBF70820} - C:\Windows\system32\Rundll32.exe C:\Windows\system32\mscories.dll,Install

ActiveX: {9381D8F2-0288-11D0-9501-00AA00B911A5} - Dynamic HTML Data Binding

ActiveX: {C9E9A340-D1F1-11D0-821E-444553540600} - Internet Explorer Core Fonts

ActiveX: {CDD7975E-60F8-41d5-8149-19E51D6F71D0} - Windows Movie Maker v2.1

ActiveX: {de5aed00-a4bf-11d1-9948-00c04f98bbc9} - HTML Help

ActiveX: {E92B03AB-B707-11d2-9CBD-0000F87A369E} - Active Directory Service Interface

ActiveX: >{22d6f312-b0f6-11d0-94ab-0080c74c7e95} - C:\Windows\system32\unregmp2.exe /ShowWMP

ActiveX: >{26923b43-4d38-484f-9b9e-de460746276c} - C:\Windows\system32\ie4uinit.exe -UserIconConfig

ActiveX: >{60B49E34-C7CC-11D0-8953-00A0C90347FF} - RunDLL32 IEDKCS32.DLL,BrandIE4 SIGNUP

 

Drivers32: msacm.l3acm - C:\Windows\System32\l3codeca.acm (Fraunhofer Institut Integrierte Schaltungen IIS)

Drivers32: MSVideo8 - C:\Windows\System32\vfwwdm32.dll (Microsoft Corporation)

Drivers32: vidc.cvid - C:\Windows\System32\iccvid.dll (Radius Inc.)

 

CREATERESTOREPOINT

Restore point Set: OTL Restore Point

 
 ========== Files/Folders - Created Within 30 Days ==========

 

[2012.05.08 16:13:41 | 000,000,000 | ---D | C] -- C:\Program Files\ESET

[2012.05.05 20:31:12 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\7-Zip

[2012.05.05 20:31:11 | 000,000,000 | ---D | C] -- C:\Program Files\7-Zip

[2012.05.05 19:51:55 | 000,607,260 | R--- | C] (Swearware) -- C:\Users\Matze\Desktop\dds.com

[2012.05.04 16:04:45 | 000,000,000 | -HSD | C] -- C:\Config.Msi

[2012.05.04 16:02:33 | 000,595,456 | ---- | C] (OldTimer Tools) -- C:\Users\Matze\Desktop\OTL.exe

[2012.05.04 15:45:52 | 000,000,000 | ---D | C] -- C:\Program Files\Trend Micro

[2012.05.04 14:40:02 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Avira

[2012.05.03 19:20:47 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Spybot - Search & Destroy

[2012.05.03 19:20:32 | 000,000,000 | ---D | C] -- C:\ProgramData\Spybot - Search & Destroy

[2012.05.03 19:20:32 | 000,000,000 | ---D | C] -- C:\Program Files\Spybot - Search & Destroy

[2012.05.02 17:22:40 | 000,000,000 | ---D | C] -- C:\ProgramData\McAfee

[2012.05.01 15:04:38 | 000,000,000 | ---D | C] -- C:\Users\Matze\AppData\Roaming\ESET

[2012.05.01 15:04:38 | 000,000,000 | ---D | C] -- C:\Users\Matze\AppData\Local\ESET

[2012.04.25 20:48:22 | 000,000,000 | ---D | C] -- C:\Program Files\Mozilla Maintenance Service

[2012.04.25 20:48:22 | 000,000,000 | ---D | C] -- C:\ProgramData\Mozilla

[2012.04.24 07:13:34 | 000,000,000 | ---D | C] -- C:\Users\Matze\AppData\Roaming\Avira

[2012.04.24 07:10:02 | 000,028,520 | ---- | C] (Avira GmbH) -- C:\Windows\System32\drivers\ssmdrv.sys

[2012.04.24 07:09:57 | 000,137,416 | ---- | C] (Avira GmbH) -- C:\Windows\System32\drivers\avipbb.sys

[2012.04.24 07:09:57 | 000,074,640 | ---- | C] (Avira GmbH) -- C:\Windows\System32\drivers\avgntflt.sys

[2012.04.24 07:09:57 | 000,036,000 | ---- | C] (Avira GmbH) -- C:\Windows\System32\drivers\avkmgr.sys

[2012.04.24 07:09:52 | 000,000,000 | ---D | C] -- C:\ProgramData\Avira

[2012.04.24 07:09:52 | 000,000,000 | ---D | C] -- C:\Program Files\Avira

[2012.04.10 17:21:25 | 000,000,000 | ---D | C] -- C:\Users\Matze\Desktop\Suse Bank

[4 C:\Windows\System32\*.tmp files -> C:\Windows\System32\*.tmp -> ]

 
 ========== Files - Modified Within 30 Days ==========

 

[2012.05.08 19:03:07 | 000,003,552 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0

[2012.05.08 19:03:07 | 000,003,552 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0

[2012.05.08 18:09:00 | 000,000,884 | ---- | M] () -- C:\Windows\tasks\Adobe Flash Player Updater.job

[2012.05.08 17:25:13 | 000,016,278 | ---- | M] () -- C:\Users\Matze\Desktop\image.png

[2012.05.08 17:12:43 | 000,033,499 | ---- | M] () -- C:\Users\Matze\Desktop\Protokoll Triathlon 02052012.pdf

[2012.05.08 17:12:37 | 000,472,357 | ---- | M] () -- C:\Users\Matze\Desktop\Flyer Triathlon 2012 (2).pdf

[2012.05.08 16:08:31 | 000,641,106 | ---- | M] () -- C:\Windows\System32\perfh007.dat

[2012.05.08 16:08:31 | 000,609,944 | ---- | M] () -- C:\Windows\System32\perfh009.dat

[2012.05.08 16:08:31 | 000,116,500 | ---- | M] () -- C:\Windows\System32\perfc007.dat

[2012.05.08 16:08:31 | 000,103,726 | ---- | M] () -- C:\Windows\System32\perfc009.dat

[2012.05.08 16:03:05 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat

[2012.05.08 16:02:31 | 3220,430,848 | -HS- | M] () -- C:\hiberfil.sys

[2012.05.08 13:49:04 | 000,196,608 | ---- | M] () -- C:\Windows\ocsetup_install_NetFx3.etl

[2012.05.06 09:39:44 | 000,058,003 | ---- | M] () -- C:\Users\Matze\Desktop\052.jpg

[2012.05.06 09:33:04 | 000,012,800 | ---- | M] () -- C:\Users\Matze\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini

[2012.05.05 22:05:50 | 000,002,820 | ---- | M] () -- C:\Users\Matze\Desktop\Gmer und Attach.zip

[2012.05.05 20:11:55 | 000,302,592 | ---- | M] () -- C:\Users\Matze\Desktop\ge02kcv6.exe

[2012.05.05 19:52:00 | 000,607,260 | R--- | M] (Swearware) -- C:\Users\Matze\Desktop\dds.com

[2012.05.05 19:50:50 | 000,000,000 | ---- | M] () -- C:\Users\Matze\defogger_reenable

[2012.05.05 19:50:02 | 000,050,477 | ---- | M] () -- C:\Users\Matze\Desktop\Defogger.exe

[2012.05.04 16:02:40 | 000,595,456 | ---- | M] (OldTimer Tools) -- C:\Users\Matze\Desktop\OTL.exe

[2012.05.04 14:40:02 | 000,001,847 | ---- | M] () -- C:\Users\Public\Desktop\Avira Control Center.lnk

[2012.05.04 12:36:43 | 000,000,804 | ---- | M] () -- C:\Users\Public\Desktop\CCleaner.lnk

[2012.05.03 19:20:47 | 000,001,055 | ---- | M] () -- C:\Users\Matze\Desktop\Spybot - Search & Destroy.lnk

[2012.05.02 17:52:44 | 001,447,858 | ---- | M] () -- C:\Users\Matze\Desktop\Servicebogen Neuwinger.jpg

[2012.05.02 17:15:51 | 000,000,846 | ---- | M] () -- C:\Users\Public\Desktop\Mozilla Firefox.lnk

[2012.04.21 16:14:14 | 000,027,446 | ---- | M] () -- C:\Users\Matze\Desktop\010017710.jpg

[2012.04.21 08:20:01 | 000,080,349 | ---- | M] () -- C:\Users\Matze\Desktop\Herzinfakt+und+Schlaganfall+erkennen.pdf

[2012.04.18 18:04:50 | 000,015,414 | ---- | M] () -- C:\Users\Matze\Desktop\22288nc_23.jpg

[2012.04.13 07:18:05 | 000,000,906 | ---- | M] () -- C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk

[2012.04.11 16:31:59 | 000,640,118 | ---- | M] () -- C:\Users\Matze\Desktop\IMG_2608.JPG

[2012.04.11 16:31:57 | 000,473,814 | ---- | M] () -- C:\Users\Matze\Desktop\IMG_2610.JPG

[2012.04.11 16:31:57 | 000,410,658 | ---- | M] () -- C:\Users\Matze\Desktop\IMG_2609.JPG

[2012.04.11 16:31:57 | 000,385,571 | ---- | M] () -- C:\Users\Matze\Desktop\IMG_2612.JPG

[2012.04.11 16:31:56 | 000,372,905 | ---- | M] () -- C:\Users\Matze\Desktop\IMG_2611.JPG

[2012.04.11 16:31:53 | 124,281,402 | ---- | M] () -- C:\Users\Matze\Desktop\MVI_2613.AVI

[4 C:\Windows\System32\*.tmp files -> C:\Windows\System32\*.tmp -> ]

 
 ========== Files Created - No Company Name ==========

 

[2012.05.08 17:25:13 | 000,016,278 | ---- | C] () -- C:\Users\Matze\Desktop\image.png

[2012.05.08 17:12:42 | 000,033,499 | ---- | C] () -- C:\Users\Matze\Desktop\Protokoll Triathlon 02052012.pdf

[2012.05.08 17:12:34 | 000,472,357 | ---- | C] () -- C:\Users\Matze\Desktop\Flyer Triathlon 2012 (2).pdf

[2012.05.06 09:34:31 | 000,058,003 | ---- | C] () -- C:\Users\Matze\Desktop\052.jpg

[2012.05.05 22:05:50 | 000,002,820 | ---- | C] () -- C:\Users\Matze\Desktop\Gmer und Attach.zip

[2012.05.05 20:11:53 | 000,302,592 | ---- | C] () -- C:\Users\Matze\Desktop\ge02kcv6.exe

[2012.05.05 19:50:50 | 000,000,000 | ---- | C] () -- C:\Users\Matze\defogger_reenable

[2012.05.05 19:50:01 | 000,050,477 | ---- | C] () -- C:\Users\Matze\Desktop\Defogger.exe

[2012.05.03 19:20:47 | 000,001,055 | ---- | C] () -- C:\Users\Matze\Desktop\Spybot - Search & Destroy.lnk

[2012.05.02 18:28:03 | 3220,430,848 | -HS- | C] () -- C:\hiberfil.sys

[2012.05.02 17:52:41 | 001,447,858 | ---- | C] () -- C:\Users\Matze\Desktop\Servicebogen Neuwinger.jpg

[2012.04.24 07:10:19 | 000,001,847 | ---- | C] () -- C:\Users\Public\Desktop\Avira Control Center.lnk

[2012.04.21 16:14:14 | 000,027,446 | ---- | C] () -- C:\Users\Matze\Desktop\010017710.jpg

[2012.04.21 08:19:59 | 000,080,349 | ---- | C] () -- C:\Users\Matze\Desktop\Herzinfakt+und+Schlaganfall+erkennen.pdf

[2012.04.18 18:04:50 | 000,015,414 | ---- | C] () -- C:\Users\Matze\Desktop\22288nc_23.jpg

[2012.04.15 12:30:07 | 001,899,032 | ---- | C] () -- C:\Users\Matze\Desktop\CIMG1520.JPG

[2012.04.15 12:29:53 | 001,864,557 | ---- | C] () -- C:\Users\Matze\Desktop\CIMG1479.JPG

[2012.04.15 12:29:12 | 001,890,448 | ---- | C] () -- C:\Users\Matze\Desktop\CIMG1480.JPG

[2012.04.11 16:31:57 | 000,473,814 | ---- | C] () -- C:\Users\Matze\Desktop\IMG_2610.JPG

[2012.04.11 16:31:57 | 000,410,658 | ---- | C] () -- C:\Users\Matze\Desktop\IMG_2609.JPG

[2012.04.11 16:31:56 | 000,385,571 | ---- | C] () -- C:\Users\Matze\Desktop\IMG_2612.JPG

[2012.04.11 16:31:56 | 000,372,905 | ---- | C] () -- C:\Users\Matze\Desktop\IMG_2611.JPG

[2012.04.11 16:31:45 | 000,640,118 | ---- | C] () -- C:\Users\Matze\Desktop\IMG_2608.JPG

[2012.04.11 16:31:38 | 124,281,402 | ---- | C] () -- C:\Users\Matze\Desktop\MVI_2613.AVI

[2012.02.01 18:23:36 | 000,004,096 | ---- | C] () -- C:\Windows\d3dx.dat

[2012.01.21 11:52:26 | 000,284,160 | ---- | C] () -- C:\Windows\unin0407.exe

[2012.01.19 20:29:40 | 000,000,600 | ---- | C] () -- C:\Windows\Rtcw.INI

[2011.11.18 20:19:10 | 000,000,103 | ---- | C] () -- C:\Windows\wiso.ini

[2011.10.15 01:54:52 | 000,321,856 | ---- | C] () -- C:\Windows\System32\nvStreaming.exe

[2011.10.05 21:00:44 | 000,000,025 | ---- | C] () -- C:\Windows\CDE DX8400DEFGIPS.ini

[2011.09.13 17:13:58 | 000,175,616 | ---- | C] () -- C:\Windows\System32\unrar.dll

[2011.09.10 18:57:12 | 000,278,728 | ---- | C] () -- C:\Windows\System32\drivers\atksgt.sys

[2011.09.10 18:57:12 | 000,025,416 | ---- | C] () -- C:\Windows\System32\drivers\lirsgt.sys

[2011.09.10 12:36:13 | 000,040,960 | ---- | C] () -- C:\Windows\System32\psfind.dll

[2011.09.09 05:06:32 | 000,641,106 | ---- | C] () -- C:\Windows\System32\perfh007.dat

[2011.09.09 05:06:32 | 000,290,748 | ---- | C] () -- C:\Windows\System32\perfi007.dat

[2011.09.09 05:06:32 | 000,116,500 | ---- | C] () -- C:\Windows\System32\perfc007.dat

[2011.09.09 05:06:32 | 000,036,916 | ---- | C] () -- C:\Windows\System32\perfd007.dat

[2011.09.08 20:30:24 | 000,012,800 | ---- | C] () -- C:\Users\Matze\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini

[2011.09.08 19:26:18 | 000,009,760 | ---- | C] () -- C:\Windows\System32\716xCoInstaller.dll

[2011.09.08 19:26:01 | 000,009,216 | ---- | C] () -- C:\Windows\System32\unwlsdrv.exe

[2011.09.08 19:25:54 | 000,003,636 | R--- | C] () -- C:\Windows\System32\drivers\nvphy.bin

[2011.09.08 19:19:55 | 000,000,680 | ---- | C] () -- C:\Users\Matze\AppData\Local\d3d9caps.dat

 
 ========== LOP Check ==========

 

[2011.11.18 20:33:11 | 000,000,000 | ---D | M] -- C:\Users\Matze\AppData\Roaming\Buhl Data Service

[2011.10.15 08:50:44 | 000,000,000 | ---D | M] -- C:\Users\Matze\AppData\Roaming\DesktopIconForAmazon

[2012.03.28 13:32:40 | 000,000,000 | ---D | M] -- C:\Users\Matze\AppData\Roaming\elsterformular

[2012.05.01 15:04:38 | 000,000,000 | ---D | M] -- C:\Users\Matze\AppData\Roaming\ESET

[2011.10.29 15:26:52 | 000,000,000 | ---D | M] -- C:\Users\Matze\AppData\Roaming\Garmin

[2011.09.09 13:15:32 | 000,000,000 | ---D | M] -- C:\Users\Matze\AppData\Roaming\Opera

[2012.01.25 17:40:30 | 000,000,000 | ---D | M] -- C:\Users\Matze\AppData\Roaming\TeamViewer

[2011.09.09 13:53:46 | 000,000,000 | ---D | M] -- C:\Users\Matze\AppData\Roaming\TuneUp Software

[2012.05.08 14:08:18 | 000,032,638 | ---- | M] () -- C:\Windows\Tasks\SCHEDLGU.TXT

 
 ========== Purity Check ==========

 

 

 
 ========== Custom Scans ==========

 
 < %ALLUSERSPROFILE%\Application Data\*. >

 
 < %ALLUSERSPROFILE%\Application Data\*.exe /s >

 
 < %APPDATA%\*. >

[2011.10.05 20:53:00 | 000,000,000 | ---D | M] -- C:\Users\Matze\AppData\Roaming\Adobe

[2012.04.24 07:13:34 | 000,000,000 | ---D | M] -- C:\Users\Matze\AppData\Roaming\Avira

[2011.11.18 20:33:11 | 000,000,000 | ---D | M] -- C:\Users\Matze\AppData\Roaming\Buhl Data Service

[2011.10.15 08:50:44 | 000,000,000 | ---D | M] -- C:\Users\Matze\AppData\Roaming\DesktopIconForAmazon

[2011.09.13 18:41:47 | 000,000,000 | ---D | M] -- C:\Users\Matze\AppData\Roaming\DivX

[2012.03.28 13:32:40 | 000,000,000 | ---D | M] -- C:\Users\Matze\AppData\Roaming\elsterformular

[2012.05.01 15:04:38 | 000,000,000 | ---D | M] -- C:\Users\Matze\AppData\Roaming\ESET

[2011.10.29 15:26:52 | 000,000,000 | ---D | M] -- C:\Users\Matze\AppData\Roaming\Garmin

[2011.09.08 19:19:59 | 000,000,000 | ---D | M] -- C:\Users\Matze\AppData\Roaming\Identities

[2011.09.08 19:30:07 | 000,000,000 | ---D | M] -- C:\Users\Matze\AppData\Roaming\Macromedia

[2011.09.09 12:55:54 | 000,000,000 | ---D | M] -- C:\Users\Matze\AppData\Roaming\Malwarebytes

[2006.11.02 14:37:34 | 000,000,000 | ---D | M] -- C:\Users\Matze\AppData\Roaming\Media Center Programs

[2011.09.13 21:59:10 | 000,000,000 | ---D | M] -- C:\Users\Matze\AppData\Roaming\Media Player Classic

[2012.01.21 12:36:55 | 000,000,000 | --SD | M] -- C:\Users\Matze\AppData\Roaming\Microsoft

[2011.09.09 12:11:54 | 000,000,000 | ---D | M] -- C:\Users\Matze\AppData\Roaming\Mozilla

[2011.11.17 23:55:40 | 000,000,000 | ---D | M] -- C:\Users\Matze\AppData\Roaming\NVIDIA

[2011.09.09 13:15:32 | 000,000,000 | ---D | M] -- C:\Users\Matze\AppData\Roaming\Opera

[2012.01.25 17:40:30 | 000,000,000 | ---D | M] -- C:\Users\Matze\AppData\Roaming\TeamViewer

[2011.09.09 13:53:46 | 000,000,000 | ---D | M] -- C:\Users\Matze\AppData\Roaming\TuneUp Software

[2012.05.01 22:05:42 | 000,000,000 | ---D | M] -- C:\Users\Matze\AppData\Roaming\vlc

[2011.11.22 18:01:52 | 000,000,000 | ---D | M] -- C:\Users\Matze\AppData\Roaming\WinRAR

 
 < %APPDATA%\*.exe /s >

[2011.10.15 08:50:44 | 000,753,664 | ---- | M] (Microsoft) -- C:\Users\Matze\AppData\Roaming\DesktopIconForAmazon\IconForAmazon.exe

[2011.09.10 17:47:14 | 000,010,134 | R--- | M] () -- C:\Users\Matze\AppData\Roaming\Microsoft\Installer\{1A4E47DC-6701-4A85-AA16-C1F99A44598C}\ARPPRODUCTICON.exe

[2011.09.10 17:47:14 | 000,045,056 | R--- | M] (InstallShield Software Corp.) -- C:\Users\Matze\AppData\Roaming\Microsoft\Installer\{1A4E47DC-6701-4A85-AA16-C1F99A44598C}\NewShortcut1_1A4E47DC67014A85AA16C1F99A44598C.exe

[2011.09.10 17:47:14 | 000,045,056 | R--- | M] (InstallShield Software Corp.) -- C:\Users\Matze\AppData\Roaming\Microsoft\Installer\{1A4E47DC-6701-4A85-AA16-C1F99A44598C}\NewShortcut5_1A4E47DC67014A85AA16C1F99A44598C.exe

[2011.11.10 20:09:15 | 000,015,360 | R--- | M] () -- C:\Users\Matze\AppData\Roaming\Microsoft\Installer\{DD8408E9-9421-484F-979D-DB6361E3E828}\IconDD8408E910.exe

[2011.11.10 20:09:15 | 000,011,264 | R--- | M] () -- C:\Users\Matze\AppData\Roaming\Microsoft\Installer\{DD8408E9-9421-484F-979D-DB6361E3E828}\IconDD8408E96.exe

 
 < %SYSTEMDRIVE%\*.exe >

 
 < MD5 for: AGP440.SYS  >

[2006.11.02 11:49:52 | 000,053,864 | ---- | M] (Microsoft Corporation) MD5=EF23439CDD587F64C2C1B8825CEAD7D8 -- C:\Windows\System32\drivers\AGP440.sys

[2006.11.02 11:49:52 | 000,053,864 | ---- | M] (Microsoft Corporation) MD5=EF23439CDD587F64C2C1B8825CEAD7D8 -- C:\Windows\System32\DriverStore\FileRepository\machine.inf_920a2c1f\AGP440.sys

 
 < MD5 for: ATAPI.SYS  >

[2006.11.02 11:49:36 | 000,019,048 | ---- | M] (Microsoft Corporation) MD5=4F4FCB8B6EA06784FB6D475B7EC7300F -- C:\Windows\System32\DriverStore\FileRepository\mshdc.inf_c6c2e699\atapi.sys

[2007.08.01 16:22:24 | 000,021,688 | ---- | M] (Microsoft Corporation) MD5=78620BDA3EC87816E5D1FA86F920BC3A -- C:\Windows\System32\DriverStore\FileRepository\mshdc.inf_c2a1b5ae\atapi.sys

[2007.08.01 16:22:24 | 000,021,688 | ---- | M] (Microsoft Corporation) MD5=78620BDA3EC87816E5D1FA86F920BC3A -- C:\Windows\winsxs\x86_mshdc.inf_31bf3856ad364e35_6.0.6000.20518_none_dbd8b4d73d81c9d0\atapi.sys

[2011.09.10 08:24:16 | 000,021,560 | ---- | M] (Microsoft Corporation) MD5=B35CFCEF838382AB6490B321C87EDF17 -- C:\Windows\System32\DriverStore\FileRepository\mshdc.inf_7de13c21\atapi.sys

[2011.09.10 08:24:16 | 000,021,560 | ---- | M] (Microsoft Corporation) MD5=B35CFCEF838382AB6490B321C87EDF17 -- C:\Windows\winsxs\x86_mshdc.inf_31bf3856ad364e35_6.0.6000.16632_none_db337a442479c42c\atapi.sys

[2011.09.10 08:24:16 | 000,021,560 | ---- | M] (Microsoft Corporation) MD5=E03E8C99D15D0381E02743C36AFC7C6F -- C:\Windows\System32\drivers\atapi.sys

[2011.09.10 08:24:16 | 000,021,560 | ---- | M] (Microsoft Corporation) MD5=E03E8C99D15D0381E02743C36AFC7C6F -- C:\Windows\System32\DriverStore\FileRepository\mshdc.inf_64dfd8ea\atapi.sys

[2011.09.10 08:24:16 | 000,021,560 | ---- | M] (Microsoft Corporation) MD5=E03E8C99D15D0381E02743C36AFC7C6F -- C:\Windows\winsxs\x86_mshdc.inf_31bf3856ad364e35_6.0.6000.20757_none_dbac78a93da31a8b\atapi.sys

 
 < MD5 for: CNGAUDIT.DLL  >

[2006.11.02 11:46:03 | 000,011,776 | ---- | M] (Microsoft Corporation) MD5=7F15B4953378C8B5161D65C26D5FED4D -- C:\Windows\System32\cngaudit.dll

[2006.11.02 11:46:03 | 000,011,776 | ---- | M] (Microsoft Corporation) MD5=7F15B4953378C8B5161D65C26D5FED4D -- C:\Windows\winsxs\x86_microsoft-windows-cngaudit-dll_31bf3856ad364e35_6.0.6000.16386_none_e62d292932a96ce6\cngaudit.dll

 
 < MD5 for: IASTORV.SYS  >

[2006.11.02 11:51:25 | 000,232,040 | ---- | M] (Intel Corporation) MD5=C957BF4B5D80B46C5017BF0101E6C906 -- C:\Windows\System32\drivers\iaStorV.sys

[2006.11.02 11:51:25 | 000,232,040 | ---- | M] (Intel Corporation) MD5=C957BF4B5D80B46C5017BF0101E6C906 -- C:\Windows\System32\DriverStore\FileRepository\iastorv.inf_37cdafa4\iaStorV.sys

 
 < MD5 for: NETLOGON.DLL  >

[2006.11.02 11:46:11 | 000,559,616 | ---- | M] (Microsoft Corporation) MD5=889A2C9F2AACCD8F64EF50AC0B3D553B -- C:\Windows\System32\netlogon.dll

[2006.11.02 11:46:11 | 000,559,616 | ---- | M] (Microsoft Corporation) MD5=889A2C9F2AACCD8F64EF50AC0B3D553B -- C:\Windows\winsxs\x86_microsoft-windows-security-netlogon_31bf3856ad364e35_6.0.6000.16386_none_fb80f5473b0ed783\netlogon.dll

 
 < MD5 for: NVSTOR.SYS  >

[2007.01.05 22:59:42 | 000,035,920 | ---- | M] (NVIDIA Corporation) MD5=4A5FCAB82D9BF6AF8A023A66802FE9E9 -- C:\Windows\System32\drivers\nvstor.sys

[2007.01.05 22:59:42 | 000,035,920 | ---- | M] (NVIDIA Corporation) MD5=4A5FCAB82D9BF6AF8A023A66802FE9E9 -- C:\Windows\System32\DriverStore\FileRepository\nvraid.inf_45f67928\nvstor.sys

[2006.11.02 11:50:13 | 000,040,040 | ---- | M] (NVIDIA Corporation) MD5=9E0BA19A28C498A6D323D065DB76DFFC -- C:\Windows\System32\DriverStore\FileRepository\nvraid.inf_733654ff\nvstor.sys

 
 < MD5 for: SCECLI.DLL  >

[2006.11.02 11:46:12 | 000,176,640 | ---- | M] (Microsoft Corporation) MD5=80E2839D05CA5970A86D7BE2A08BFF61 -- C:\Windows\System32\scecli.dll

[2006.11.02 11:46:12 | 000,176,640 | ---- | M] (Microsoft Corporation) MD5=80E2839D05CA5970A86D7BE2A08BFF61 -- C:\Windows\winsxs\x86_microsoft-windows-s..urationengineclient_31bf3856ad364e35_6.0.6000.16386_none_35d7205fdc305e3e\scecli.dll

 
 < MD5 for: USER32.DLL  >

[2011.09.09 12:28:48 | 000,633,856 | ---- | M] (Microsoft Corporation) MD5=9D9F061EDA75425FC67F0365E3467C86 -- C:\Windows\winsxs\x86_microsoft-windows-user32_31bf3856ad364e35_6.0.6000.20537_none_cbc258dc896598f1\user32.dll

[2006.11.02 11:46:13 | 000,633,856 | ---- | M] (Microsoft Corporation) MD5=E698A5437B89A285ACA3FF022356810A -- C:\Windows\winsxs\x86_microsoft-windows-user32_31bf3856ad364e35_6.0.6000.16386_none_cb01aa4570716e5e\user32.dll

[2011.09.09 12:28:48 | 000,633,856 | ---- | M] (Microsoft Corporation) Unable to obtain MD5 -- C:\Windows\System32\user32.dll

[2011.09.09 12:28:48 | 000,633,856 | ---- | M] (Microsoft Corporation) Unable to obtain MD5 -- C:\Windows\winsxs\x86_microsoft-windows-user32_31bf3856ad364e35_6.0.6000.16438_none_cb39bc5b7047127e\user32.dll

 
 < MD5 for: USERINIT.EXE  >

[2006.11.02 11:45:50 | 000,024,576 | ---- | M] (Microsoft Corporation) MD5=22027835939F86C3E47AD8E3FBDE3D11 -- C:\Windows\System32\userinit.exe

[2006.11.02 11:45:50 | 000,024,576 | ---- | M] (Microsoft Corporation) MD5=22027835939F86C3E47AD8E3FBDE3D11 -- C:\Windows\winsxs\x86_microsoft-windows-userinit_31bf3856ad364e35_6.0.6000.16386_none_d9f1f819d4c4e737\userinit.exe

 
 < MD5 for: WININIT.EXE  >

[2006.11.02 11:45:57 | 000,095,744 | ---- | M] (Microsoft Corporation) MD5=D4385B03E8CCCEE6F0EE249F827C1F3E -- C:\Windows\System32\wininit.exe

[2006.11.02 11:45:57 | 000,095,744 | ---- | M] (Microsoft Corporation) MD5=D4385B03E8CCCEE6F0EE249F827C1F3E -- C:\Windows\winsxs\x86_microsoft-windows-wininit_31bf3856ad364e35_6.0.6000.16386_none_2ebbf6d3076595ce\wininit.exe

 
 < MD5 for: WINLOGON.EXE  >

[2012.04.04 15:56:38 | 000,199,240 | ---- | M] () MD5=097D0E812D7A9A3101CE46CB2BE0474D -- C:\Program Files\Malwarebytes' Anti-Malware\Chameleon\winlogon.exe

[2006.11.02 11:45:57 | 000,308,224 | ---- | M] (Microsoft Corporation) MD5=9F75392B9128A91ABAFB044EA350BAAD -- C:\Windows\System32\winlogon.exe

[2006.11.02 11:45:57 | 000,308,224 | ---- | M] (Microsoft Corporation) MD5=9F75392B9128A91ABAFB044EA350BAAD -- C:\Windows\winsxs\x86_microsoft-windows-winlogon_31bf3856ad364e35_6.0.6000.16386_none_6d8c3f1ad8066b21\winlogon.exe

 
 < MD5 for: WS2IFSL.SYS  >

[2006.11.02 10:58:26 | 000,015,872 | ---- | M] (Microsoft Corporation) MD5=84620AECDCFD2A7A14E6263927D8C0ED -- C:\Windows\System32\drivers\ws2ifsl.sys

[2006.11.02 10:58:26 | 000,015,872 | ---- | M] (Microsoft Corporation) MD5=84620AECDCFD2A7A14E6263927D8C0ED -- C:\Windows\winsxs\x86_microsoft-windows-w..rastructure-ws2ifsl_31bf3856ad364e35_6.0.6000.16386_none_4d4fded8cae2956d\ws2ifsl.sys

 
 < %systemroot%\system32\drivers\*.sys /lockedfiles >

 
 < %systemroot%\System32\config\*.sav >

[2006.11.02 12:34:05 | 000,008,192 | ---- | M] () -- C:\Windows\System32\config\COMPONENTS.SAV

[2006.11.02 12:34:05 | 000,020,480 | ---- | M] () -- C:\Windows\System32\config\DEFAULT.SAV

[2006.11.02 12:34:05 | 000,008,192 | ---- | M] () -- C:\Windows\System32\config\SECURITY.SAV

[2006.11.02 12:34:08 | 010,133,504 | ---- | M] () -- C:\Windows\System32\config\SOFTWARE.SAV

[2006.11.02 12:34:08 | 001,826,816 | ---- | M] () -- C:\Windows\System32\config\SYSTEM.SAV

 
 < %systemroot%\*. /mp /s >

 
 < %systemroot%\system32\*.dll /lockedfiles >

[4 C:\Windows\system32\*.tmp files -> C:\Windows\system32\*.tmp -> ]
 

< End of report >

--- --- ---

Mach einen OTL-Fix, beende alle evtl. geöffneten Programme, auch Virenscanner deaktivieren (!), starte OTL und kopiere folgenden Text in die "Custom Scan/Fixes" Box (unten in OTL): (das ":OTL" muss mitkopiert werden!!!)

Code:

:OTL

DRV - (blbdrive) -- C:\Windows\system32\drivers\blbdrive.sys File not found

DRV - (aaudstum) -- C:\Users\Matze\AppData\Local\Temp\aaudstum.sys File not found

IE - HKU\S-1-5-21-534847706-395394252-3581119422-1000\..\SearchScopes\{BB74DE59-BC4C-4172-9AC4-73315F71CFFE}: "URL" = http://search.searchonme.com/?q={searchTerms}

FF - prefs.js..browser.search.defaultenginename: "SearchOnMe"

FF - prefs.js..browser.search.order.1: "SearchOnMe"

FF - prefs.js..keyword.URL: "http://search.searchonme.com/?q="

FF - user.js - File not found

[2012.03.18 08:45:03 | 000,000,000 | ---D | M] (Codec-C) -- C:\Users\Matze\AppData\Roaming\mozilla\Firefox\Profiles\uig1ebrz.default\extensions\info@allpremiumplay.info

[2012.03.18 08:45:02 | 000,000,448 | ---- | M] () -- C:\Users\Matze\AppData\Roaming\Mozilla\Firefox\Profiles\uig1ebrz.default\searchplugins\SearchOnMe.xml

[2012.05.02 17:15:35 | 000,000,000 | ---D | M] (GMX Toolbar) -- C:\Programme\Mozilla Firefox\distribution\extensions\toolbar@gmx.net

[2011.09.13 17:19:39 | 000,002,288 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\babylon.xml

O4 - HKU\S-1-5-21-534847706-395394252-3581119422-1000..\Run: [SpybotSD TeaTimer] C:\Programme\Spybot - Search & Destroy\TeaTimer.exe (Safer-Networking Ltd.)

O32 - HKLM CDRom: AutoRun - 1

O32 - AutoRun File - [2006.09.18 23:43:36 | 000,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ]

O32 - AutoRun File - [2011.10.17 16:54:03 | 000,000,000 | ---D | M] - E:\Autorun -- [ NTFS ]

:Commands

[purity]

[emptytemp]

[emptyflash]

[resethosts]

Klick dann oben links auf den Button Fix!
Das Logfile müsste geöffnet werden, wenn Du nach dem Fixen auf ok klickst, poste das bitte. Evtl. wird der Rechner neu gestartet.

Die mit diesem Script gefixten Einträge, Dateien und Ordner werden zur Sicherheit nicht vollständig gelöscht, es wird eine Sicherheitskopie auf der Systempartition im Ordner "_OTL" erstellt.

Hinweis: Das obige Script ist nur für diesen einen User in dieser Situtation erstellt worden. Es ist auf keinen anderen Rechner portierbar und darf nicht anderweitig verwandt werden, da es das System nachhaltig schädigen kann!

PC wurde neu gestartet

Code:

All processes killed

========== OTL ==========

Service blbdrive stopped successfully!

Service blbdrive deleted successfully!

File  C:\Windows\system32\drivers\blbdrive.sys File not found not found.

Service aaudstum stopped successfully!

Service aaudstum deleted successfully!

File  C:\Users\Matze\AppData\Local\Temp\aaudstum.sys File not found not found.

Registry key HKEY_USERS\S-1-5-21-534847706-395394252-3581119422-1000\Software\Microsoft\Internet Explorer\SearchScopes\{BB74DE59-BC4C-4172-9AC4-73315F71CFFE}\ deleted successfully.

Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{BB74DE59-BC4C-4172-9AC4-73315F71CFFE}\ not found.

Prefs.js: "SearchOnMe" removed from browser.search.defaultenginename

Prefs.js: "SearchOnMe" removed from browser.search.order.1

Prefs.js: "hxxp://search.searchonme.com/?q=" removed from keyword.URL

C:\Users\Matze\AppData\Roaming\mozilla\Firefox\Profiles\uig1ebrz.default\extensions\info@allpremiumplay.info\content folder moved successfully.

C:\Users\Matze\AppData\Roaming\mozilla\Firefox\Profiles\uig1ebrz.default\extensions\info@allpremiumplay.info folder moved successfully.

C:\Users\Matze\AppData\Roaming\Mozilla\Firefox\Profiles\uig1ebrz.default\searchplugins\SearchOnMe.xml moved successfully.

C:\Programme\Mozilla Firefox\distribution\extensions\toolbar@gmx.net\skin\weather folder moved successfully.

C:\Programme\Mozilla Firefox\distribution\extensions\toolbar@gmx.net\skin\ticker folder moved successfully.

C:\Programme\Mozilla Firefox\distribution\extensions\toolbar@gmx.net\skin\shopping folder moved successfully.

C:\Programme\Mozilla Firefox\distribution\extensions\toolbar@gmx.net\skin\search folder moved successfully.

C:\Programme\Mozilla Firefox\distribution\extensions\toolbar@gmx.net\skin\pref folder moved successfully.

C:\Programme\Mozilla Firefox\distribution\extensions\toolbar@gmx.net\skin\phish folder moved successfully.

C:\Programme\Mozilla Firefox\distribution\extensions\toolbar@gmx.net\skin\newtab\initial-thumbs folder moved successfully.

C:\Programme\Mozilla Firefox\distribution\extensions\toolbar@gmx.net\skin\newtab folder moved successfully.

C:\Programme\Mozilla Firefox\distribution\extensions\toolbar@gmx.net\skin\neterror folder moved successfully.

C:\Programme\Mozilla Firefox\distribution\extensions\toolbar@gmx.net\skin\horoscope folder moved successfully.

C:\Programme\Mozilla Firefox\distribution\extensions\toolbar@gmx.net\skin\homebutton folder moved successfully.

C:\Programme\Mozilla Firefox\distribution\extensions\toolbar@gmx.net\skin\highlight folder moved successfully.

C:\Programme\Mozilla Firefox\distribution\extensions\toolbar@gmx.net\skin\help folder moved successfully.

C:\Programme\Mozilla Firefox\distribution\extensions\toolbar@gmx.net\skin\email folder moved successfully.

C:\Programme\Mozilla Firefox\distribution\extensions\toolbar@gmx.net\skin\ebay folder moved successfully.

C:\Programme\Mozilla Firefox\distribution\extensions\toolbar@gmx.net\skin\brand folder moved successfully.

C:\Programme\Mozilla Firefox\distribution\extensions\toolbar@gmx.net\skin folder moved successfully.

C:\Programme\Mozilla Firefox\distribution\extensions\toolbar@gmx.net\locale\en-US\weather folder moved successfully.

C:\Programme\Mozilla Firefox\distribution\extensions\toolbar@gmx.net\locale\en-US\ticker folder moved successfully.

C:\Programme\Mozilla Firefox\distribution\extensions\toolbar@gmx.net\locale\en-US\shopping folder moved successfully.

C:\Programme\Mozilla Firefox\distribution\extensions\toolbar@gmx.net\locale\en-US\search folder moved successfully.

C:\Programme\Mozilla Firefox\distribution\extensions\toolbar@gmx.net\locale\en-US\pref folder moved successfully.

C:\Programme\Mozilla Firefox\distribution\extensions\toolbar@gmx.net\locale\en-US\phish folder moved successfully.

C:\Programme\Mozilla Firefox\distribution\extensions\toolbar@gmx.net\locale\en-US\newtab folder moved successfully.

C:\Programme\Mozilla Firefox\distribution\extensions\toolbar@gmx.net\locale\en-US\neterror folder moved successfully.

C:\Programme\Mozilla Firefox\distribution\extensions\toolbar@gmx.net\locale\en-US\main folder moved successfully.

C:\Programme\Mozilla Firefox\distribution\extensions\toolbar@gmx.net\locale\en-US\horoscope folder moved successfully.

C:\Programme\Mozilla Firefox\distribution\extensions\toolbar@gmx.net\locale\en-US\highlight folder moved successfully.

C:\Programme\Mozilla Firefox\distribution\extensions\toolbar@gmx.net\locale\en-US\help folder moved successfully.

C:\Programme\Mozilla Firefox\distribution\extensions\toolbar@gmx.net\locale\en-US\email folder moved successfully.

C:\Programme\Mozilla Firefox\distribution\extensions\toolbar@gmx.net\locale\en-US\ebay folder moved successfully.

C:\Programme\Mozilla Firefox\distribution\extensions\toolbar@gmx.net\locale\en-US folder moved successfully.

C:\Programme\Mozilla Firefox\distribution\extensions\toolbar@gmx.net\locale\de-DE\weather folder moved successfully.

C:\Programme\Mozilla Firefox\distribution\extensions\toolbar@gmx.net\locale\de-DE\ticker folder moved successfully.

C:\Programme\Mozilla Firefox\distribution\extensions\toolbar@gmx.net\locale\de-DE\shopping folder moved successfully.

C:\Programme\Mozilla Firefox\distribution\extensions\toolbar@gmx.net\locale\de-DE\search folder moved successfully.

C:\Programme\Mozilla Firefox\distribution\extensions\toolbar@gmx.net\locale\de-DE\pref folder moved successfully.

C:\Programme\Mozilla Firefox\distribution\extensions\toolbar@gmx.net\locale\de-DE\phish folder moved successfully.

C:\Programme\Mozilla Firefox\distribution\extensions\toolbar@gmx.net\locale\de-DE\newtab folder moved successfully.

C:\Programme\Mozilla Firefox\distribution\extensions\toolbar@gmx.net\locale\de-DE\neterror folder moved successfully.

C:\Programme\Mozilla Firefox\distribution\extensions\toolbar@gmx.net\locale\de-DE\main folder moved successfully.

C:\Programme\Mozilla Firefox\distribution\extensions\toolbar@gmx.net\locale\de-DE\horoscope folder moved successfully.

C:\Programme\Mozilla Firefox\distribution\extensions\toolbar@gmx.net\locale\de-DE\highlight folder moved successfully.

C:\Programme\Mozilla Firefox\distribution\extensions\toolbar@gmx.net\locale\de-DE\help\page folder moved successfully.

C:\Programme\Mozilla Firefox\distribution\extensions\toolbar@gmx.net\locale\de-DE\help folder moved successfully.

C:\Programme\Mozilla Firefox\distribution\extensions\toolbar@gmx.net\locale\de-DE\email folder moved successfully.

C:\Programme\Mozilla Firefox\distribution\extensions\toolbar@gmx.net\locale\de-DE\ebay folder moved successfully.

C:\Programme\Mozilla Firefox\distribution\extensions\toolbar@gmx.net\locale\de-DE folder moved successfully.

C:\Programme\Mozilla Firefox\distribution\extensions\toolbar@gmx.net\locale folder moved successfully.

C:\Programme\Mozilla Firefox\distribution\extensions\toolbar@gmx.net\defaults\preferences folder moved successfully.

C:\Programme\Mozilla Firefox\distribution\extensions\toolbar@gmx.net\defaults folder moved successfully.

C:\Programme\Mozilla Firefox\distribution\extensions\toolbar@gmx.net\content\weather folder moved successfully.

C:\Programme\Mozilla Firefox\distribution\extensions\toolbar@gmx.net\content\util folder moved successfully.

C:\Programme\Mozilla Firefox\distribution\extensions\toolbar@gmx.net\content\tracking folder moved successfully.

C:\Programme\Mozilla Firefox\distribution\extensions\toolbar@gmx.net\content\ticker folder moved successfully.

C:\Programme\Mozilla Firefox\distribution\extensions\toolbar@gmx.net\content\shopping folder moved successfully.

C:\Programme\Mozilla Firefox\distribution\extensions\toolbar@gmx.net\content\search\mcollect folder moved successfully.

C:\Programme\Mozilla Firefox\distribution\extensions\toolbar@gmx.net\content\search folder moved successfully.

C:\Programme\Mozilla Firefox\distribution\extensions\toolbar@gmx.net\content\pref folder moved successfully.

C:\Programme\Mozilla Firefox\distribution\extensions\toolbar@gmx.net\content\phish folder moved successfully.

C:\Programme\Mozilla Firefox\distribution\extensions\toolbar@gmx.net\content\newtab folder moved successfully.

C:\Programme\Mozilla Firefox\distribution\extensions\toolbar@gmx.net\content\neterror folder moved successfully.

C:\Programme\Mozilla Firefox\distribution\extensions\toolbar@gmx.net\content\main folder moved successfully.

C:\Programme\Mozilla Firefox\distribution\extensions\toolbar@gmx.net\content\hotnews folder moved successfully.

C:\Programme\Mozilla Firefox\distribution\extensions\toolbar@gmx.net\content\horoscope folder moved successfully.

C:\Programme\Mozilla Firefox\distribution\extensions\toolbar@gmx.net\content\highlight folder moved successfully.

C:\Programme\Mozilla Firefox\distribution\extensions\toolbar@gmx.net\content\help folder moved successfully.

C:\Programme\Mozilla Firefox\distribution\extensions\toolbar@gmx.net\content\email folder moved successfully.

C:\Programme\Mozilla Firefox\distribution\extensions\toolbar@gmx.net\content\ebay folder moved successfully.

C:\Programme\Mozilla Firefox\distribution\extensions\toolbar@gmx.net\content folder moved successfully.

C:\Programme\Mozilla Firefox\distribution\extensions\toolbar@gmx.net\components folder moved successfully.

C:\Programme\Mozilla Firefox\distribution\extensions\toolbar@gmx.net folder moved successfully.

C:\Programme\Mozilla Firefox\searchplugins\babylon.xml moved successfully.

Registry value HKEY_USERS\S-1-5-21-534847706-395394252-3581119422-1000\Software\Microsoft\Windows\CurrentVersion\Run\\SpybotSD TeaTimer deleted successfully.

C:\Programme\Spybot - Search & Destroy\TeaTimer.exe moved successfully.

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Cdrom\\AutoRun|DWORD:1 /E : value set successfully!

C:\autoexec.bat moved successfully.

File  not found.

========== COMMANDS ==========

 

[EMPTYTEMP]

 

User: All Users

 

User: Default

->Temp folder emptied: 0 bytes

->Temporary Internet Files folder emptied: 0 bytes

 

User: Default User

->Temp folder emptied: 0 bytes

->Temporary Internet Files folder emptied: 0 bytes

 

User: Matze

->Temp folder emptied: 100502 bytes

->Temporary Internet Files folder emptied: 417633 bytes

->FireFox cache emptied: 143018372 bytes

->Opera cache emptied: 3601131 bytes

->Flash cache emptied: 1334 bytes

 

User: Public

 

User: UpdatusUser

->Temp folder emptied: 0 bytes

->Temporary Internet Files folder emptied: 0 bytes

 

%systemdrive% .tmp files removed: 0 bytes

%systemroot% .tmp files removed: 0 bytes

%systemroot%\System32 .tmp files removed: 17460992 bytes

%systemroot%\System32\drivers .tmp files removed: 0 bytes

Windows Temp folder emptied: 107870 bytes

RecycleBin emptied: 31744 bytes

 

Total Files Cleaned = 157,00 mb

 

 

[EMPTYFLASH]

 

User: All Users

 

User: Default

 

User: Default User

 

User: Matze

->Flash cache emptied: 0 bytes

 

User: Public

 

User: UpdatusUser

 

Total Flash Files Cleaned = 0,00 mb

 

C:\Windows\System32\drivers\etc\Hosts moved successfully.

HOSTS file reset successfully

 

OTL by OldTimer - Version 3.2.42.2 log created on 05082012_234908
 

Files\Folders moved on Reboot...
 

Registry entries deleted on Reboot...

Was machen wir hier eigentlich? :-)
Gruß
Matjes

Bitte nun (im normalen Windows-Modus) dieses Tool von Kaspersky (TDSS-Killer) ausführen und das Log posten, Anleitung und Downloadlink hier => http://www.trojaner-board.de/82358-t...entfernen.html

Hinweis: Bitte den Virenscanner abstellen bevor du den TDSS-Killer ausführst, denn v.a. Avira meldet im TDSS-Tool oft einen Fehalalrm!

Das Tool so einstellen wie unten im Bild angegeben - klick auf change parameters und setze die Haken wie im folgenden Screenshot abgebildet,
Dann auf Start Scan klicken und wenn es durch ist auf den Button Report klicken um das Log anzuzeigen. Dieses bitte komplett posten.
Wenn du das Log nicht findest oder den Inhalt kopieren und in dein Posting übertragen kannst, dann schau bitte direkt auf deiner Windows-Systempartition (meistens Laufwerk C:) nach, da speichert der TDSS-Killer seine Logs.

Hinweis: Bitte nichts voreilig mit dem TDSS-Killer löschen! Falls Objekte vom TDSS-Killer bemängelt werden, alle mit der Aktion "skip" behandeln und hier nur das Log posten!

http://saved.im/mtkwmtcxexhp/setting...8_16-25-18.jpg

Ah, supi man kommt wieder auf Trojaner-Board.
weiter geht´s...

Code:

13:27:12.0706 2448        TDSS rootkit removing tool 2.7.34.0 May  2 2012 09:59:18

13:27:12.0851 2448        ============================================================

13:27:12.0851 2448        Current date / time: 2012/05/11 13:27:12.0851

13:27:12.0851 2448        SystemInfo:

13:27:12.0851 2448        

13:27:12.0851 2448        OS Version: 6.0.6000 ServicePack: 0.0

13:27:12.0851 2448        Product type: Workstation

13:27:12.0851 2448        ComputerName: MATZE-PC

13:27:12.0851 2448        UserName: Matze

13:27:12.0851 2448        Windows directory: C:\Windows

13:27:12.0851 2448        System windows directory: C:\Windows

13:27:12.0851 2448        Processor architecture: Intel x86

13:27:12.0851 2448        Number of processors: 4

13:27:12.0851 2448        Page size: 0x1000

13:27:12.0851 2448        Boot type: Normal boot

13:27:12.0851 2448        ============================================================

13:27:13.0760 2448        Drive \Device\Harddisk0\DR0 - Size: 0x7470C06000 (465.76 Gb), SectorSize: 0x200, Cylinders: 0xED81, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000050

13:27:13.0777 2448        ============================================================

13:27:13.0777 2448        \Device\Harddisk0\DR0:

13:27:13.0777 2448        MBR partitions:

13:27:13.0777 2448        \Device\Harddisk0\DR0\Partition0: MBR, Type 0x7, StartLBA 0x1770800, BlocksNum 0x139B9800

13:27:13.0777 2448        \Device\Harddisk0\DR0\Partition1: MBR, Type 0x7, StartLBA 0x1512A000, BlocksNum 0x124F8000

13:27:13.0777 2448        \Device\Harddisk0\DR0\Partition2: MBR, Type 0x7, StartLBA 0x27622000, BlocksNum 0x12D63800

13:27:13.0777 2448        ============================================================

13:27:13.0813 2448        C: <-> \Device\Harddisk0\DR0\Partition0

13:27:13.0849 2448        D: <-> \Device\Harddisk0\DR0\Partition1

13:27:13.0961 2448        E: <-> \Device\Harddisk0\DR0\Partition2

13:27:13.0961 2448        ============================================================

13:27:13.0961 2448        Initialize success

13:27:13.0961 2448        ============================================================

13:27:39.0405 3000        ============================================================

13:27:39.0406 3000        Scan started

13:27:39.0406 3000        Mode: Manual; SigCheck; TDLFS; 

13:27:39.0406 3000        ============================================================

13:27:39.0815 3000        ACPI            (84fc6df81212d16be5c4f441682feccc) C:\Windows\system32\drivers\acpi.sys

13:27:39.0905 3000        ACPI - ok

13:27:39.0966 3000        AdobeARMservice (62b7936f9036dd6ed36e6a7efa805dc0) C:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe

13:27:39.0973 3000        AdobeARMservice - ok

13:27:40.0041 3000        AdobeFlashPlayerUpdateSvc (76d5a3d2a50402a0b9b6ed13c4371e79) C:\Windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe

13:27:40.0049 3000        AdobeFlashPlayerUpdateSvc - ok

13:27:40.0089 3000        adp94xx         (2edc5bbac6c651ece337bde8ed97c9fb) C:\Windows\system32\drivers\adp94xx.sys

13:27:40.0118 3000        adp94xx - ok

13:27:40.0200 3000        adpahci         (b84088ca3cdca97da44a984c6ce1ccad) C:\Windows\system32\drivers\adpahci.sys

13:27:40.0211 3000        adpahci - ok

13:27:40.0225 3000        adpu160m        (7880c67bccc27c86fd05aa2afb5ea469) C:\Windows\system32\drivers\adpu160m.sys

13:27:40.0233 3000        adpu160m - ok

13:27:40.0254 3000        adpu320         (9ae713f8e30efc2abccd84904333df4d) C:\Windows\system32\drivers\adpu320.sys

13:27:40.0262 3000        adpu320 - ok

13:27:40.0286 3000        AeLookupSvc     (9d1fda9e086ba64e3c93c9de32461bcf) C:\Windows\System32\aelupsvc.dll

13:27:40.0460 3000        AeLookupSvc - ok

13:27:40.0525 3000        AFD             (5d24caf8efd924a875698ff28384db8b) C:\Windows\system32\drivers\afd.sys

13:27:40.0588 3000        AFD - ok

13:27:40.0625 3000        agp440          (ef23439cdd587f64c2c1b8825cead7d8) C:\Windows\system32\drivers\agp440.sys

13:27:40.0632 3000        agp440 - ok

13:27:40.0650 3000        aic78xx         (ae1fdf7bf7bb6c6a70f67699d880592a) C:\Windows\system32\drivers\djsvs.sys

13:27:40.0658 3000        aic78xx - ok

13:27:40.0673 3000        ALG             (e69fb0e3112c40fdc0ef7d21a52dc951) C:\Windows\System32\alg.exe

13:27:40.0723 3000        ALG - ok

13:27:40.0736 3000        aliide          (496eda16a127ac9a38bb285bef17dbb5) C:\Windows\system32\drivers\aliide.sys

13:27:40.0744 3000        aliide - ok

13:27:40.0761 3000        amdagp          (2b13e304c9dfdfa5eb582f6a149fa2c7) C:\Windows\system32\drivers\amdagp.sys

13:27:40.0768 3000        amdagp - ok

13:27:40.0776 3000        amdide          (6f65f4147c54398d7280b18cebbed215) C:\Windows\system32\drivers\amdide.sys

13:27:40.0783 3000        amdide - ok

13:27:40.0826 3000        AmdK7           (dc487885bcef9f28eece6fac0e5ddfc5) C:\Windows\system32\drivers\amdk7.sys

13:27:40.0881 3000        AmdK7 - ok

13:27:40.0901 3000        AmdK8           (0ca0071da4315b00fc1328ca86b425da) C:\Windows\system32\drivers\amdk8.sys

13:27:40.0954 3000        AmdK8 - ok

13:27:41.0064 3000        AntiVirSchedulerService (466a0d95960dad3222c896d2cea99993) C:\Program Files\Avira\AntiVir Desktop\sched.exe

13:27:41.0072 3000        AntiVirSchedulerService - ok

13:27:41.0101 3000        AntiVirService  (a489be6bb0aa1ff406b488b60542314b) C:\Program Files\Avira\AntiVir Desktop\avguard.exe

13:27:41.0108 3000        AntiVirService - ok

13:27:41.0133 3000        Appinfo         (cfa455816879f06f1c4e5bbf9e8aef7d) C:\Windows\System32\appinfo.dll

13:27:41.0182 3000        Appinfo - ok

13:27:41.0210 3000        arc             (5f673180268bb1fdb69c99b6619fe379) C:\Windows\system32\drivers\arc.sys

13:27:41.0217 3000        arc - ok

13:27:41.0262 3000        arcsas          (957f7540b5e7f602e44648c7de5a1c05) C:\Windows\system32\drivers\arcsas.sys

13:27:41.0269 3000        arcsas - ok

13:27:41.0313 3000        AsyncMac        (e86cf7ce67d5de898f27ef884dc357d8) C:\Windows\system32\DRIVERS\asyncmac.sys

13:27:41.0362 3000        AsyncMac - ok

13:27:41.0378 3000        atapi           (e03e8c99d15d0381e02743c36afc7c6f) C:\Windows\system32\drivers\atapi.sys

13:27:41.0386 3000        atapi - ok

13:27:41.0451 3000        atksgt          (72bc628af75c4c3250f2a3bac260265a) C:\Windows\system32\DRIVERS\atksgt.sys

13:27:41.0476 3000        atksgt - ok

13:27:41.0502 3000        AudioEndpointBuilder (e760fc1bd68f7f6f1b17eb4e8d9480b0) C:\Windows\System32\Audiosrv.dll

13:27:41.0555 3000        AudioEndpointBuilder - ok

13:27:41.0560 3000        Audiosrv        (e760fc1bd68f7f6f1b17eb4e8d9480b0) C:\Windows\System32\Audiosrv.dll

13:27:41.0598 3000        Audiosrv - ok

13:27:41.0649 3000        avgntflt        (d5541f0afb767e85fc412fc609d96a74) C:\Windows\system32\DRIVERS\avgntflt.sys

13:27:41.0657 3000        avgntflt - ok

13:27:41.0705 3000        avipbb          (7d967a682d4694df7fa57d63a2db01fe) C:\Windows\system32\DRIVERS\avipbb.sys

13:27:41.0713 3000        avipbb - ok

13:27:41.0724 3000        avkmgr          (271cfd1a989209b1964e24d969552bf7) C:\Windows\system32\DRIVERS\avkmgr.sys

13:27:41.0731 3000        avkmgr - ok

13:27:41.0746 3000        Beep            (ac3dd1708b22761ebd7cbe14dcc3b5d7) C:\Windows\system32\drivers\Beep.sys

13:27:41.0809 3000        Beep - ok

13:27:41.0859 3000        BFE             (98ebdffb824a7c265337d68dd480e45c) C:\Windows\System32\bfe.dll

13:27:41.0937 3000        BFE - ok

13:27:42.0013 3000        BITS            (da551697e34d2b9943c8b1c8eaffe89a) C:\Windows\System32\qmgr.dll

13:27:42.0075 3000        BITS - ok

13:27:42.0080 3000        bowser          (913cd06fbe9105ce6077e90fd4418561) C:\Windows\system32\DRIVERS\bowser.sys

13:27:42.0116 3000        bowser - ok

13:27:42.0155 3000        BrFiltLo        (9f9acc7f7ccde8a15c282d3f88b43309) C:\Windows\system32\drivers\brfiltlo.sys

13:27:42.0217 3000        BrFiltLo - ok

13:27:42.0249 3000        BrFiltUp        (56801ad62213a41f6497f96dee83755a) C:\Windows\system32\drivers\brfiltup.sys

13:27:42.0314 3000        BrFiltUp - ok

13:27:42.0355 3000        Browser         (beb6470532b7461d7bb426e3facb424f) C:\Windows\System32\browser.dll

13:27:42.0405 3000        Browser - ok

13:27:42.0438 3000        Brserid         (b304e75cff293029eddf094246747113) C:\Windows\system32\drivers\brserid.sys

13:27:42.0474 3000        Brserid - ok

13:27:42.0500 3000        BrSerWdm        (203f0b1e73adadbbb7b7b1fabd901f6b) C:\Windows\system32\drivers\brserwdm.sys

13:27:42.0563 3000        BrSerWdm - ok

13:27:42.0586 3000        BrUsbMdm        (bd456606156ba17e60a04e18016ae54b) C:\Windows\system32\drivers\brusbmdm.sys

13:27:42.0639 3000        BrUsbMdm - ok

13:27:42.0656 3000        BrUsbSer        (af72ed54503f717a43268b3cc5faec2e) C:\Windows\system32\drivers\brusbser.sys

13:27:42.0708 3000        BrUsbSer - ok

13:27:42.0741 3000        BTHMODEM        (ad07c1ec6665b8b35741ab91200c6b68) C:\Windows\system32\drivers\bthmodem.sys

13:27:42.0805 3000        BTHMODEM - ok

13:27:42.0821 3000        cdfs            (6c3a437fc873c6f6a4fc620b6888cb86) C:\Windows\system32\DRIVERS\cdfs.sys

13:27:42.0876 3000        cdfs - ok

13:27:42.0909 3000        cdrom           (8d1866e61af096ae8b582454f5e4d303) C:\Windows\system32\DRIVERS\cdrom.sys

13:27:42.0945 3000        cdrom - ok

13:27:42.0978 3000        CertPropSvc     (0600e04315fe543802a379d5d23c8be0) C:\Windows\System32\certprop.dll

13:27:43.0013 3000        CertPropSvc - ok

13:27:43.0023 3000        circlass        (da8e0afc7baa226c538ef53ac2f90897) C:\Windows\system32\drivers\circlass.sys

13:27:43.0058 3000        circlass - ok

13:27:43.0112 3000        CLFS            (1b84fd0937d3b99af9ba38ddff3daf54) C:\Windows\system32\CLFS.sys

13:27:43.0121 3000        CLFS - ok

13:27:43.0175 3000        clr_optimization_v2.0.50727_32 (d87acaed61e417bba546ced5e7e36d9c) C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe

13:27:43.0183 3000        clr_optimization_v2.0.50727_32 - ok

13:27:43.0196 3000        cmdide          (59172a0724f2ab769f31d61b0571d75b) C:\Windows\system32\drivers\cmdide.sys

13:27:43.0203 3000        cmdide - ok

13:27:43.0214 3000        Compbatt        (82b8c91d327cfecf76cb58716f7d4997) C:\Windows\system32\drivers\compbatt.sys

13:27:43.0221 3000        Compbatt - ok

13:27:43.0223 3000        COMSysApp - ok

13:27:43.0229 3000        crcdisk         (2a213ae086bbec5e937553c7d9a2b22c) C:\Windows\system32\drivers\crcdisk.sys

13:27:43.0235 3000        crcdisk - ok

13:27:43.0246 3000        Crusoe          (22a7f883508176489f559ee745b5bf5d) C:\Windows\system32\drivers\crusoe.sys

13:27:43.0281 3000        Crusoe - ok

13:27:43.0300 3000        CryptSvc        (1c26fb097170a2a91066d1e3a24366e3) C:\Windows\system32\cryptsvc.dll

13:27:43.0354 3000        CryptSvc - ok

13:27:43.0419 3000        dc3d            (484ffbcec4091ff617494b6b0cb04eb3) C:\Windows\system32\DRIVERS\dc3d.sys

13:27:43.0426 3000        dc3d - ok

13:27:43.0473 3000        DcomLaunch      (7b981222a257d076885bffb66f19b7ce) C:\Windows\system32\rpcss.dll

13:27:43.0533 3000        DcomLaunch - ok

13:27:43.0554 3000        DfsC            (a7179de59ae269ab70345527894ccd7c) C:\Windows\system32\Drivers\dfsc.sys

13:27:43.0607 3000        DfsC - ok

13:27:43.0732 3000        DFSR            (e0d584aa76c7d845ba9f3a788260528f) C:\Windows\system32\DFSR.exe

13:27:43.0857 3000        DFSR - ok

13:27:43.0982 3000        Dhcp            (dc45739bc22d528d2b3e50d3f6761750) C:\Windows\System32\dhcpcsvc.dll

13:27:44.0047 3000        Dhcp - ok

13:27:44.0068 3000        disk            (841af4c4d41d3e3b2f244e976b0f7963) C:\Windows\system32\drivers\disk.sys

13:27:44.0075 3000        disk - ok

13:27:44.0093 3000        Dnscache        (eecba1dd142bf8693c476be8f32fe253) C:\Windows\System32\dnsrslvr.dll

13:27:44.0138 3000        Dnscache - ok

13:27:44.0161 3000        dot3svc         (1f795d214820e496bf1124434a6db546) C:\Windows\System32\dot3svc.dll

13:27:44.0212 3000        dot3svc - ok

13:27:44.0252 3000        DPS             (032c90ad677bf7b7a8013d6087c7a921) C:\Windows\system32\dps.dll

13:27:44.0268 3000        DPS - ok

13:27:44.0305 3000        drmkaud         (ee472cd2c01f6f8e8aa1fa06ffef61b6) C:\Windows\system32\drivers\drmkaud.sys

13:27:44.0356 3000        drmkaud - ok

13:27:44.0403 3000        DXGKrnl         (a2b160c1bb13ee3303c342e551373c59) C:\Windows\System32\drivers\dxgkrnl.sys

13:27:44.0448 3000        DXGKrnl - ok

13:27:44.0482 3000        E1G60           (f88fb26547fd2ce6d0a5af2985892c48) C:\Windows\system32\DRIVERS\E1G60I32.sys

13:27:44.0535 3000        E1G60 - ok

13:27:44.0547 3000        EapHost         (90a0a875642e18618010645311b4e89e) C:\Windows\System32\eapsvc.dll

13:27:44.0592 3000        EapHost - ok

13:27:44.0632 3000        Ecache          (0efc7531b936ee57fdb4e837664c509f) C:\Windows\system32\drivers\ecache.sys

13:27:44.0640 3000        Ecache - ok

13:27:44.0683 3000        ehRecvr         (b4580122b0a7b263b6ee9acba69c8013) C:\Windows\ehome\ehRecvr.exe

13:27:44.0730 3000        ehRecvr - ok

13:27:44.0737 3000        ehSched         (ad1870c8e5d6dd340c829e6074bf3c3f) C:\Windows\ehome\ehsched.exe

13:27:44.0762 3000        ehSched - ok

13:27:44.0796 3000        ehstart         (c27c4ee8926e74aa72efcab24c5242c3) C:\Windows\ehome\ehstart.dll

13:27:44.0805 3000        ehstart - ok

13:27:44.0858 3000        elxstor         (e8f3f21a71720c84bcf423b80028359f) C:\Windows\system32\drivers\elxstor.sys

13:27:44.0871 3000        elxstor - ok

13:27:44.0907 3000        EMDMgmt         (3226fda08988526e819e364e8cce4cee) C:\Windows\system32\emdmgmt.dll

13:27:44.0998 3000        EMDMgmt - ok

13:27:45.0058 3000        EventSystem     (7b4971c3d43525175a4ea0d143e0412e) C:\Windows\system32\es.dll

13:27:45.0090 3000        EventSystem - ok

13:27:45.0121 3000        fastfat         (84a317cb0b3954d3768cdcd018dbf670) C:\Windows\system32\drivers\fastfat.sys

13:27:45.0185 3000        fastfat - ok

13:27:45.0287 3000        fdc             (63bdada84951b9c03e641800e176898a) C:\Windows\system32\DRIVERS\fdc.sys

13:27:45.0347 3000        fdc - ok

13:27:45.0365 3000        fdPHost         (e43bce1a77d6fd4ed5f8e0482b9e7df1) C:\Windows\system32\fdPHost.dll

13:27:45.0416 3000        fdPHost - ok

13:27:45.0432 3000        FDResPub        (89ed56dce8e47af40892778a5bd31fd2) C:\Windows\system32\fdrespub.dll

13:27:45.0488 3000        FDResPub - ok

13:27:45.0520 3000        FileInfo        (65773d6115c037ffd7ef8280ae85eb9d) C:\Windows\system32\drivers\fileinfo.sys

13:27:45.0526 3000        FileInfo - ok

13:27:45.0538 3000        Filetrace       (c226dd0de060745f3e042f58dcf78402) C:\Windows\system32\drivers\filetrace.sys

13:27:45.0573 3000        Filetrace - ok

13:27:45.0583 3000        flpydisk        (6603957eff5ec62d25075ea8ac27de68) C:\Windows\system32\DRIVERS\flpydisk.sys

13:27:45.0636 3000        flpydisk - ok

13:27:45.0668 3000        FltMgr          (a6a8da7ae4d53394ab22ac3ab6d3f5d3) C:\Windows\system32\drivers\fltmgr.sys

13:27:45.0676 3000        FltMgr - ok

13:27:45.0730 3000        FontCache3.0.0.0 (7ef57375636991f794bf40b522a8e7ef) C:\Windows\Microsoft.Net\Framework\v3.0\WPF\PresentationFontCache.exe

13:27:45.0771 3000        FontCache3.0.0.0 - ok

13:27:45.0796 3000        Fs_Rec          (66a078591208baa210c7634b11eb392c) C:\Windows\system32\drivers\Fs_Rec.sys

13:27:45.0830 3000        Fs_Rec - ok

13:27:45.0851 3000        gagp30kx        (4e1cd0a45c50a8882616cae5bf82f3c5) C:\Windows\system32\drivers\gagp30kx.sys

13:27:45.0858 3000        gagp30kx - ok

13:27:45.0889 3000        gpsvc           (bcf6589c42d8f6a20f33ef133ffe0524) C:\Windows\System32\gpsvc.dll

13:27:45.0973 3000        gpsvc - ok

13:27:46.0025 3000        HdAudAddService (cb04c744be0a61b1d648faed182c3b59) C:\Windows\system32\drivers\HdAudio.sys

13:27:46.0090 3000        HdAudAddService - ok

13:27:46.0104 3000        HDAudBus        (0db613a7e427b5663563677796fd5258) C:\Windows\system32\DRIVERS\HDAudBus.sys

13:27:46.0127 3000        HDAudBus - ok

13:27:46.0144 3000        HidBth          (1338520e78d90154ed6be8f84de5fceb) C:\Windows\system32\drivers\hidbth.sys

13:27:46.0196 3000        HidBth - ok

13:27:46.0213 3000        HidIr           (ff3160c3a2445128c5a6d9b076da519e) C:\Windows\system32\drivers\hidir.sys

13:27:46.0248 3000        HidIr - ok

13:27:46.0255 3000        hidserv         (8fa640195279ace21bea91396a0054fc) C:\Windows\system32\hidserv.dll

13:27:46.0290 3000        hidserv - ok

13:27:46.0302 3000        HidUsb          (3c64042b95e583b366ba4e5d2450235e) C:\Windows\system32\DRIVERS\hidusb.sys

13:27:46.0353 3000        HidUsb - ok

13:27:46.0383 3000        hkmsvc          (d40aa05e29bf6ed29b139f044b461e9b) C:\Windows\system32\kmsvc.dll

13:27:46.0434 3000        hkmsvc - ok

13:27:46.0457 3000        HpCISSs         (df353b401001246853763c4b7aaa6f50) C:\Windows\system32\drivers\hpcisss.sys

13:27:46.0463 3000        HpCISSs - ok

13:27:46.0494 3000        HTTP            (ea24fe637d974a8a31bc650f478e3533) C:\Windows\system32\drivers\HTTP.sys

13:27:46.0531 3000        HTTP - ok

13:27:46.0545 3000        i2omp           (324c2152ff2c61abae92d09f3cca4d63) C:\Windows\system32\drivers\i2omp.sys

13:27:46.0551 3000        i2omp - ok

13:27:46.0599 3000        i8042prt        (1c9ee072baa3abb460b91d7ee9152660) C:\Windows\system32\DRIVERS\i8042prt.sys

13:27:46.0640 3000        i8042prt - ok

13:27:46.0664 3000        iaStorV         (c957bf4b5d80b46c5017bf0101e6c906) C:\Windows\system32\drivers\iastorv.sys

13:27:46.0673 3000        iaStorV - ok

13:27:46.0747 3000        idsvc           (6d1d3cab85ba0c63cb83296a8a1825f9) C:\Windows\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\infocard.exe

13:27:46.0810 3000        idsvc - ok

13:27:46.0814 3000        iirsp           (2d077bf86e843f901d8db709c95b49a5) C:\Windows\system32\drivers\iirsp.sys

13:27:46.0820 3000        iirsp - ok

13:27:46.0879 3000        IKEEXT          (35662fe4d8622f667aa5a5568f7f1b40) C:\Windows\System32\ikeext.dll

13:27:46.0948 3000        IKEEXT - ok

13:27:47.0089 3000        IntcAzAudAddService (a82c70cbaec7b10e4c9c1341d729640f) C:\Windows\system32\drivers\RTKVHDA.sys

13:27:47.0152 3000        IntcAzAudAddService - ok

13:27:47.0256 3000        intelide        (e5ea1c17da5065032e346591ff64f3af) C:\Windows\system32\drivers\intelide.sys

13:27:47.0263 3000        intelide - ok

13:27:47.0302 3000        intelppm        (ce44cc04262f28216dd4341e9e36a16f) C:\Windows\system32\DRIVERS\intelppm.sys

13:27:47.0354 3000        intelppm - ok

13:27:47.0380 3000        IPBusEnum       (88cf5281ed9880d74dc9011cf8b5262d) C:\Windows\system32\ipbusenum.dll

13:27:47.0429 3000        IPBusEnum - ok

13:27:47.0448 3000        IpFilterDriver  (880c6f86cc3f551b8fea2c11141268c0) C:\Windows\system32\DRIVERS\ipfltdrv.sys

13:27:47.0497 3000        IpFilterDriver - ok

13:27:47.0533 3000        iphlpsvc        (ecc9ad72cfc4ab41cf6a9bcc11f9fef6) C:\Windows\System32\iphlpsvc.dll

13:27:47.0580 3000        iphlpsvc - ok

13:27:47.0582 3000        IpInIp - ok

13:27:47.0596 3000        IPMIDRV         (40f34f8aba2a015d780e4b09138b6c17) C:\Windows\system32\drivers\ipmidrv.sys

13:27:47.0632 3000        IPMIDRV - ok

13:27:47.0646 3000        IPNAT           (10077c35845101548037df04fd1a420b) C:\Windows\system32\DRIVERS\ipnat.sys

13:27:47.0696 3000        IPNAT - ok

13:27:47.0712 3000        IRENUM          (a82f328f4792304184642d6d397bb1e3) C:\Windows\system32\drivers\irenum.sys

13:27:47.0761 3000        IRENUM - ok

13:27:47.0781 3000        isapnp          (350fca7e73cf65bcef43fae1e4e91293) C:\Windows\system32\drivers\isapnp.sys

13:27:47.0788 3000        isapnp - ok

13:27:47.0803 3000        iScsiPrt        (4dca456d4d5723f8fa9c6760d240b0df) C:\Windows\system32\DRIVERS\msiscsi.sys

13:27:47.0811 3000        iScsiPrt - ok

13:27:47.0826 3000        iteatapi        (bced60d16156e428f8df8cf27b0df150) C:\Windows\system32\drivers\iteatapi.sys

13:27:47.0833 3000        iteatapi - ok

13:27:47.0869 3000        iteraid         (06fa654504a498c30adca8bec4e87e7e) C:\Windows\system32\drivers\iteraid.sys

13:27:47.0875 3000        iteraid - ok

13:27:47.0887 3000        JRAID           (c1632fe31d1824a43dea29725312e3fa) C:\Windows\system32\drivers\jraid.sys

13:27:47.0915 3000        JRAID - ok

13:27:47.0937 3000        kbdclass        (b076b2ab806b3f696dab21375389101c) C:\Windows\system32\DRIVERS\kbdclass.sys

13:27:47.0944 3000        kbdclass - ok

13:27:47.0960 3000        kbdhid          (ed61dbc6603f612b7338283edbacbc4b) C:\Windows\system32\DRIVERS\kbdhid.sys

13:27:47.0987 3000        kbdhid - ok

13:27:48.0017 3000        KeyIso          (c731b1fe449d4e9cea358c9d55b69be9) C:\Windows\system32\lsass.exe

13:27:48.0066 3000        KeyIso - ok

13:27:48.0100 3000        KSecDD          (0a829977b078dea11641fc2af87ceade) C:\Windows\system32\Drivers\ksecdd.sys

13:27:48.0131 3000        KSecDD - ok

13:27:48.0194 3000        KtmRm           (45c537fe5dde9a0146aeff76e615737d) C:\Windows\system32\msdtckrm.dll

13:27:48.0248 3000        KtmRm - ok

13:27:48.0287 3000        LanmanServer    (53d1482fc1aa36ac015a85e6cf2146bd) C:\Windows\system32\srvsvc.dll

13:27:48.0340 3000        LanmanServer - ok

13:27:48.0384 3000        LanmanWorkstation (435f0f6dc87a4b5da78f1fa309884189) C:\Windows\System32\wkssvc.dll

13:27:48.0427 3000        LanmanWorkstation - ok

13:27:48.0455 3000        lirsgt          (4127e8b6ddb4090e815c1f8852c277d3) C:\Windows\system32\DRIVERS\lirsgt.sys

13:27:48.0461 3000        lirsgt - ok

13:27:48.0474 3000        lltdio          (fd015b4f95daa2b712f0e372a116fbad) C:\Windows\system32\DRIVERS\lltdio.sys

13:27:48.0530 3000        lltdio - ok

13:27:48.0564 3000        lltdsvc         (7450dbcf754391dd6363fffd5ef0e789) C:\Windows\System32\lltdsvc.dll

13:27:48.0622 3000        lltdsvc - ok

13:27:48.0644 3000        lmhosts         (35d40113e4a5b961b6ce5c5857702518) C:\Windows\System32\lmhsvc.dll

13:27:48.0679 3000        lmhosts - ok

13:27:48.0695 3000        LSI_FC          (a2262fb9f28935e862b4db46438c80d2) C:\Windows\system32\drivers\lsi_fc.sys

13:27:48.0702 3000        LSI_FC - ok

13:27:48.0718 3000        LSI_SAS         (30d73327d390f72a62f32c103daf1d6d) C:\Windows\system32\drivers\lsi_sas.sys

13:27:48.0725 3000        LSI_SAS - ok

13:27:48.0767 3000        LSI_SCSI        (e1e36fefd45849a95f1ab81de0159fe3) C:\Windows\system32\drivers\lsi_scsi.sys

13:27:48.0774 3000        LSI_SCSI - ok

13:27:48.0780 3000        luafv           (42885bb44b6e065b8575a8dd6c430c52) C:\Windows\system32\drivers\luafv.sys

13:27:48.0834 3000        luafv - ok

13:27:48.0881 3000        McMPFSvc - ok

13:27:48.0891 3000        Mcx2Svc         (e93c1ad58e88a0846eaee10671c2a8f3) C:\Windows\system32\Mcx2Svc.dll

13:27:48.0920 3000        Mcx2Svc - ok

13:27:48.0946 3000        megasas         (d153b14fc6598eae8422a2037553adce) C:\Windows\system32\drivers\megasas.sys

13:27:48.0953 3000        megasas - ok

13:27:48.0965 3000        MMCSS           (9dfa3a459af0954aa85b4f7622ad87bb) C:\Windows\system32\mmcss.dll

13:27:49.0019 3000        MMCSS - ok

13:27:49.0040 3000        Modem           (21755967298a46fb6adfec9db6012211) C:\Windows\system32\drivers\modem.sys

13:27:49.0089 3000        Modem - ok

13:27:49.0119 3000        monitor         (7446e104a5fe5987ca9e4983fbac4f97) C:\Windows\system32\DRIVERS\monitor.sys

13:27:49.0162 3000        monitor - ok

13:27:49.0182 3000        mouclass        (5fba13c1a1841b0885d316ed3589489d) C:\Windows\system32\DRIVERS\mouclass.sys

13:27:49.0189 3000        mouclass - ok

13:27:49.0200 3000        mouhid          (b569b5c5d3bde545df3a6af512cccdba) C:\Windows\system32\DRIVERS\mouhid.sys

13:27:49.0222 3000        mouhid - ok

13:27:49.0227 3000        MountMgr        (01f1e5a3e4877c931cbb31613fec16a6) C:\Windows\system32\drivers\mountmgr.sys

13:27:49.0234 3000        MountMgr - ok

13:27:49.0282 3000        MozillaMaintenance (96aa8ba23142cc8e2b30f3cae0c80254) C:\Program Files\Mozilla Maintenance Service\maintenanceservice.exe

13:27:49.0290 3000        MozillaMaintenance - ok

13:27:49.0329 3000        mpio            (583a41f26278d9e0ea548163d6139397) C:\Windows\system32\drivers\mpio.sys

13:27:49.0336 3000        mpio - ok

13:27:49.0361 3000        mpsdrv          (6e7a7f0c1193ee5648443fe2d4b789ec) C:\Windows\system32\drivers\mpsdrv.sys

13:27:49.0406 3000        mpsdrv - ok

13:27:49.0438 3000        MpsSvc          (563ed845885c6a7c09a7715d8bd0585c) C:\Windows\system32\mpssvc.dll

13:27:49.0482 3000        MpsSvc - ok

13:27:49.0503 3000        Mraid35x        (4fbbb70d30fd20ec51f80061703b001e) C:\Windows\system32\drivers\mraid35x.sys

13:27:49.0510 3000        Mraid35x - ok

13:27:49.0528 3000        MRxDAV          (1d8828b98ee309d65e006f0829e280e5) C:\Windows\system32\drivers\mrxdav.sys

13:27:49.0569 3000        MRxDAV - ok

13:27:49.0602 3000        mrxsmb          (8af705ce1bb907932157fab821170f27) C:\Windows\system32\DRIVERS\mrxsmb.sys

13:27:49.0650 3000        mrxsmb - ok

13:27:49.0669 3000        mrxsmb10        (47e13ab23371be3279eef22bbfa2c1be) C:\Windows\system32\DRIVERS\mrxsmb10.sys

13:27:49.0693 3000        mrxsmb10 - ok

13:27:49.0719 3000        mrxsmb20        (90b3fc7bd6b3d7ee7635debba2187f66) C:\Windows\system32\DRIVERS\mrxsmb20.sys

13:27:49.0729 3000        mrxsmb20 - ok

13:27:49.0743 3000        msahci          (86068b8b54a5eb092f51657f00b2222a) C:\Windows\system32\drivers\msahci.sys

13:27:49.0750 3000        msahci - ok

13:27:49.0762 3000        msdsm           (3fc82a2ae4cc149165a94699183d3028) C:\Windows\system32\drivers\msdsm.sys

13:27:49.0769 3000        msdsm - ok

13:27:49.0793 3000        MSDTC           (bc64a92d821efea8bab8e8caf1b668bc) C:\Windows\System32\msdtc.exe

13:27:49.0824 3000        MSDTC - ok

13:27:49.0828 3000        Msfs            (729eafefd4e7417165f353a18dbe947d) C:\Windows\system32\drivers\Msfs.sys

13:27:49.0867 3000        Msfs - ok

13:27:49.0892 3000        msisadrv        (5f454a16a5146cd91a176d70f0cfa3ec) C:\Windows\system32\drivers\msisadrv.sys

13:27:49.0898 3000        msisadrv - ok

13:27:49.0922 3000        MSiSCSI         (8acf956d9154e893e789881430c12632) C:\Windows\system32\iscsiexe.dll

13:27:49.0978 3000        MSiSCSI - ok

13:27:49.0980 3000        msiserver - ok

13:27:50.0003 3000        MSKSSRV         (892cedefa7e0ffe7be8da651b651d047) C:\Windows\system32\drivers\MSKSSRV.sys

13:27:50.0037 3000        MSKSSRV - ok

13:27:50.0043 3000        MSPCLOCK        (ae2cb1da69b2676b4cee2a501af5871c) C:\Windows\system32\drivers\MSPCLOCK.sys

13:27:50.0097 3000        MSPCLOCK - ok

13:27:50.0099 3000        MSPQM           (f910da84fa90c44a3addb7cd874463fd) C:\Windows\system32\drivers\MSPQM.sys

13:27:50.0143 3000        MSPQM - ok

13:27:50.0169 3000        MsRPC           (84571c0ae07647ba38d493f5f0015df7) C:\Windows\system32\drivers\MsRPC.sys

13:27:50.0177 3000        MsRPC - ok

13:27:50.0187 3000        mssmbios        (4385c80ede885e25492d408cad91bd6f) C:\Windows\system32\DRIVERS\mssmbios.sys

13:27:50.0193 3000        mssmbios - ok

13:27:50.0201 3000        MSTEE           (c826dd1373f38afd9ca46ec3c436a14e) C:\Windows\system32\drivers\MSTEE.sys

13:27:50.0253 3000        MSTEE - ok

13:27:50.0275 3000        Mup             (fa7aa70050cf5e2d15de00941e5665e5) C:\Windows\system32\Drivers\mup.sys

13:27:50.0282 3000        Mup - ok

13:27:50.0313 3000        napagent        (1cdbb5d002fe2bc5300aa20550d8a52e) C:\Windows\system32\qagentRT.dll

13:27:50.0369 3000        napagent - ok

13:27:50.0462 3000        NativeWifiP     (6da4a0fc7c0e83df0cb3cfd0a514c3bc) C:\Windows\system32\DRIVERS\nwifi.sys

13:27:50.0486 3000        NativeWifiP - ok

13:27:50.0528 3000        NDIS            (227c11e1e7cf6ef8afb2a238d209760c) C:\Windows\system32\drivers\ndis.sys

13:27:50.0556 3000        NDIS - ok

13:27:50.0596 3000        NdisTapi        (81659cdcbd0f9a9e07e6878ad8c78d3f) C:\Windows\system32\DRIVERS\ndistapi.sys

13:27:50.0618 3000        NdisTapi - ok

13:27:50.0633 3000        Ndisuio         (5de5ee546bf40838ebe0e01cb629df64) C:\Windows\system32\DRIVERS\ndisuio.sys

13:27:50.0683 3000        Ndisuio - ok

13:27:50.0690 3000        NdisWan         (397402adcbb8946223a1950101f6cd94) C:\Windows\system32\DRIVERS\ndiswan.sys

13:27:50.0733 3000        NdisWan - ok

13:27:50.0755 3000        NDProxy         (1b24fa907af283199a81b3bb37e5e526) C:\Windows\system32\drivers\NDProxy.sys

13:27:50.0783 3000        NDProxy - ok

13:27:50.0801 3000        NetBIOS         (356dbb9f98e8dc1028dd3092fceeb877) C:\Windows\system32\DRIVERS\netbios.sys

13:27:50.0849 3000        NetBIOS - ok

13:27:50.0876 3000        netbt           (e3a168912e7eefc3bd3b814720d68b41) C:\Windows\system32\DRIVERS\netbt.sys

13:27:50.0913 3000        netbt - ok

13:27:50.0930 3000        Netlogon        (c731b1fe449d4e9cea358c9d55b69be9) C:\Windows\system32\lsass.exe

13:27:50.0941 3000        Netlogon - ok

13:27:50.0969 3000        Netman          (90a4dae28b94497f83bea0f2a3b77092) C:\Windows\System32\netman.dll

13:27:51.0024 3000        Netman - ok

13:27:51.0049 3000        netprofm        (7c5c3d9ceee838856b828ab6f98a2857) C:\Windows\System32\netprofm.dll

13:27:51.0087 3000        netprofm - ok

13:27:51.0125 3000        NetTcpPortSharing (b418382de04ff58567aa07a2b66b2332) C:\Windows\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\SMSvcHost.exe

13:27:51.0152 3000        NetTcpPortSharing - ok

13:27:51.0170 3000        nfrd960         (2e7fb731d4790a1bc6270accefacb36e) C:\Windows\system32\drivers\nfrd960.sys

13:27:51.0177 3000        nfrd960 - ok

13:27:51.0197 3000        NlaSvc          (c424117a562f2de37a42266894c79aeb) C:\Windows\System32\nlasvc.dll

13:27:51.0248 3000        NlaSvc - ok

13:27:51.0252 3000        Npfs            (4f9832beb9fafd8ceb0e541f1323b26e) C:\Windows\system32\drivers\Npfs.sys

13:27:51.0296 3000        Npfs - ok

13:27:51.0330 3000        nsi             (23b8201a363de0e649fc75ee9874dee2) C:\Windows\system32\nsisvc.dll

13:27:51.0385 3000        nsi - ok

13:27:51.0409 3000        nsiproxy        (b488dfec274de1fc9d653870ef2587be) C:\Windows\system32\drivers\nsiproxy.sys

13:27:51.0460 3000        nsiproxy - ok

13:27:51.0540 3000        Ntfs            (37430aa7a66d7a63407adc2c0d05e9f6) C:\Windows\system32\drivers\Ntfs.sys

13:27:51.0573 3000        Ntfs - ok

13:27:51.0577 3000        ntrigdigi       (e875c093aec0c978a90f30c9e0dfbb72) C:\Windows\system32\drivers\ntrigdigi.sys

13:27:51.0628 3000        ntrigdigi - ok

13:27:51.0646 3000        Null            (ec5efb3c60f1b624648344a328bce596) C:\Windows\system32\drivers\Null.sys

13:27:51.0681 3000        Null - ok

13:27:51.0791 3000        NVENETFD        (d668632606d1cebf0b6ec64c1df7ed6f) C:\Windows\system32\DRIVERS\nvmfdx32.sys

13:27:51.0828 3000        NVENETFD - ok

13:27:52.0389 3000        nvlddmkm        (f452e6ad3eda2852f44be492e283c40f) C:\Windows\system32\DRIVERS\nvlddmkm.sys

13:27:52.0784 3000        nvlddmkm - ok

13:27:52.0884 3000        nvraid          (6f785db62a6d8f3fafd3e5695277e849) C:\Windows\system32\drivers\nvraid.sys

13:27:52.0928 3000        nvraid - ok

13:27:52.0945 3000        nvsmu           (c44ee36dd84fa95eb81d79c374756003) C:\Windows\system32\DRIVERS\nvsmu.sys

13:27:52.0963 3000        nvsmu - ok

13:27:52.0975 3000        nvstor          (4a5fcab82d9bf6af8a023a66802fe9e9) C:\Windows\system32\drivers\nvstor.sys

13:27:52.0983 3000        nvstor - ok

13:27:53.0056 3000        nvsvc           (d122f7c5f79c68868f5dc28cefeb2ecf) C:\Windows\system32\nvvsvc.exe

13:27:53.0088 3000        nvsvc - ok

13:27:53.0250 3000        nvUpdatusService (003cb0a155568b4a53a301f07c734233) C:\Program Files\NVIDIA Corporation\NVIDIA Updatus\daemonu.exe

13:27:53.0359 3000        nvUpdatusService - ok

13:27:53.0437 3000        nv_agp          (07c186427eb8fcc3d8d7927187f260f7) C:\Windows\system32\drivers\nv_agp.sys

13:27:53.0444 3000        nv_agp - ok

13:27:53.0446 3000        NwlnkFlt - ok

13:27:53.0448 3000        NwlnkFwd - ok

13:27:53.0472 3000        ohci1394        (be32da025a0be1878f0ee8d6d9386cd5) C:\Windows\system32\DRIVERS\ohci1394.sys

13:27:53.0519 3000        ohci1394 - ok

13:27:53.0561 3000        OpenVPNService  (5952c16dcc36907fe09f0f39311277a1) C:\Program Files\Astaro\Astaro SSL VPN Client\bin\openvpnserv.exe

13:27:53.0581 3000        OpenVPNService ( UnsignedFile.Multi.Generic ) - warning

13:27:53.0581 3000        OpenVPNService - detected UnsignedFile.Multi.Generic (1)

13:27:53.0641 3000        p2pimsvc        (016d01d3b8fb976a193c7434bed8dccf) C:\Windows\system32\p2psvc.dll

13:27:53.0716 3000        p2pimsvc - ok

13:27:53.0721 3000        p2psvc          (016d01d3b8fb976a193c7434bed8dccf) C:\Windows\system32\p2psvc.dll

13:27:53.0740 3000        p2psvc - ok

13:27:53.0776 3000        Parport         (0fa9b5055484649d63c303fe404e5f4d) C:\Windows\system32\drivers\parport.sys

13:27:53.0828 3000        Parport - ok

13:27:53.0854 3000        partmgr         (555a5b2c8022983bc7467bc925b222ee) C:\Windows\system32\drivers\partmgr.sys

13:27:53.0861 3000        partmgr - ok

13:27:53.0875 3000        Parvdm          (4f9a6a8a31413180d0fcb279ad5d8112) C:\Windows\system32\drivers\parvdm.sys

13:27:53.0910 3000        Parvdm - ok

13:27:53.0923 3000        PcaSvc          (d8c5c215c932233a4f1d7f368f4e4e65) C:\Windows\System32\pcasvc.dll

13:27:53.0948 3000        PcaSvc - ok

13:27:53.0956 3000        pci             (1085d75657807e0e8b32f9e19a1647c3) C:\Windows\system32\drivers\pci.sys

13:27:53.0964 3000        pci - ok

13:27:54.0008 3000        pciide          (b2fc76090ef1003463ccb07cabb35cff) C:\Windows\system32\drivers\pciide.sys

13:27:54.0015 3000        pciide - ok

13:27:54.0038 3000        pcmcia          (e6f3fb1b86aa519e7698ad05e58b04e5) C:\Windows\system32\drivers\pcmcia.sys

13:27:54.0046 3000        pcmcia - ok

13:27:54.0135 3000        PEAUTH          (6349f6ed9c623b44b52ea3c63c831a92) C:\Windows\system32\drivers\peauth.sys

13:27:54.0189 3000        PEAUTH - ok

13:27:54.0417 3000        PhilCap         (95c48b0fdb5aa04bfcb70d774f512a71) C:\Windows\system32\DRIVERS\PhilCap.sys

13:27:54.0465 3000        PhilCap - ok

13:27:54.0559 3000        pla             (cd05a38d166beade18030bafc0c0a939) C:\Windows\system32\pla.dll

13:27:54.0656 3000        pla - ok

13:27:54.0759 3000        PlugPlay        (747bb4c31f3b6e8d1b5ed0ad61518cb5) C:\Windows\system32\umpnpmgr.dll

13:27:54.0771 3000        PlugPlay - ok

13:27:54.0811 3000        PNRPAutoReg     (016d01d3b8fb976a193c7434bed8dccf) C:\Windows\system32\p2psvc.dll

13:27:54.0831 3000        PNRPAutoReg - ok

13:27:54.0836 3000        PNRPsvc         (016d01d3b8fb976a193c7434bed8dccf) C:\Windows\system32\p2psvc.dll

13:27:54.0874 3000        PNRPsvc - ok

13:27:54.0913 3000        Point32         (420336f91eb745811cf130c80ede0653) C:\Windows\system32\DRIVERS\point32.sys

13:27:54.0919 3000        Point32 - ok

13:27:54.0961 3000        PolicyAgent     (5ebdec613bd377ce9a85382be5c6b83b) C:\Windows\System32\ipsecsvc.dll

13:27:55.0016 3000        PolicyAgent - ok

13:27:55.0042 3000        PptpMiniport    (6c359ac71d7b550a0d41f9db4563ce05) C:\Windows\system32\DRIVERS\raspptp.sys

13:27:55.0076 3000        PptpMiniport - ok

13:27:55.0109 3000        Processor       (0e3cef5d28b40cf273281d620c50700a) C:\Windows\system32\drivers\processr.sys

13:27:55.0162 3000        Processor - ok

13:27:55.0193 3000        ProfSvc         (213112e152e68f0e4705e36f052a2880) C:\Windows\system32\profsvc.dll

13:27:55.0230 3000        ProfSvc - ok

13:27:55.0254 3000        ProtectedStorage (c731b1fe449d4e9cea358c9d55b69be9) C:\Windows\system32\lsass.exe

13:27:55.0264 3000        ProtectedStorage - ok

13:27:55.0292 3000        PSched          (2c8bae55247c4e09352e870292e4d1ab) C:\Windows\system32\DRIVERS\pacer.sys

13:27:55.0301 3000        PSched - ok

13:27:55.0386 3000        ql2300          (ccdac889326317792480c0a67156a1ec) C:\Windows\system32\drivers\ql2300.sys

13:27:55.0429 3000        ql2300 - ok

13:27:55.0460 3000        ql40xx          (81a7e5c076e59995d54bc1ed3a16e60b) C:\Windows\system32\drivers\ql40xx.sys

13:27:55.0467 3000        ql40xx - ok

13:27:55.0508 3000        QWAVE           (ca61bdfd3713a7ce75f2812afc431594) C:\Windows\system32\qwave.dll

13:27:55.0524 3000        QWAVE - ok

13:27:55.0535 3000        QWAVEdrv        (d2b3e2b7426dc23e185fbc73c8936c12) C:\Windows\system32\drivers\qwavedrv.sys

13:27:55.0546 3000        QWAVEdrv - ok

13:27:55.0556 3000        RasAcd          (bd7b30f55b3649506dd8b3d38f571d2a) C:\Windows\system32\DRIVERS\rasacd.sys

13:27:55.0590 3000        RasAcd - ok

13:27:55.0601 3000        RasAuto         (f14f4aab9f54d099fe99192bdb100ac9) C:\Windows\System32\rasauto.dll

13:27:55.0638 3000        RasAuto - ok

13:27:55.0653 3000        Rasl2tp         (88587dd843e2059848995b407b67f6cf) C:\Windows\system32\DRIVERS\rasl2tp.sys

13:27:55.0688 3000        Rasl2tp - ok

13:27:55.0705 3000        RasMan          (11d65e29bc9d1e4114d18fe68194394c) C:\Windows\System32\rasmans.dll

13:27:55.0743 3000        RasMan - ok

13:27:55.0747 3000        RasPppoe        (ccf4e9c6cbbac81437f88cb2ae0b6c96) C:\Windows\system32\DRIVERS\raspppoe.sys

13:27:55.0795 3000        RasPppoe - ok

13:27:55.0827 3000        rdbss           (54129c5d9581bbec8bd1ebd3ba813f47) C:\Windows\system32\DRIVERS\rdbss.sys

13:27:55.0864 3000        rdbss - ok

13:27:55.0877 3000        RDPCDD          (794585276b5d7fca9f3fc15543f9f0b9) C:\Windows\system32\DRIVERS\RDPCDD.sys

13:27:55.0911 3000        RDPCDD - ok

13:27:55.0936 3000        rdpdr           (e8bd98d46f2ed77132ba927fccb47d8b) C:\Windows\system32\drivers\rdpdr.sys

13:27:55.0985 3000        rdpdr - ok

13:27:55.0988 3000        RDPENCDD        (980b56e2e273e19d3a9d72d5c420f008) C:\Windows\system32\drivers\rdpencdd.sys

13:27:56.0032 3000        RDPENCDD - ok

13:27:56.0055 3000        RDPWD           (8830e790a74a96605faba74f9665bb3c) C:\Windows\system32\drivers\RDPWD.sys

13:27:56.0112 3000        RDPWD - ok

13:27:56.0155 3000        RemoteAccess    (6c1a43c589ee8011a1ebfd51c01b77ce) C:\Windows\System32\mprdim.dll

13:27:56.0191 3000        RemoteAccess - ok

13:27:56.0205 3000        RemoteRegistry  (9a043808667c8c1893da7275af373f0e) C:\Windows\system32\regsvc.dll

13:27:56.0241 3000        RemoteRegistry - ok

13:27:56.0255 3000        RpcLocator      (5123f83cbc4349d065534eeb6bbdc42b) C:\Windows\system32\locator.exe

13:27:56.0265 3000        RpcLocator - ok

13:27:56.0312 3000        RpcSs           (7b981222a257d076885bffb66f19b7ce) C:\Windows\system32\rpcss.dll

13:27:56.0330 3000        RpcSs - ok

13:27:56.0352 3000        rspndr          (97e939d2128fec5d5a3e6e79b290a2f4) C:\Windows\system32\DRIVERS\rspndr.sys

13:27:56.0387 3000        rspndr - ok

13:27:56.0407 3000        SamSs           (c731b1fe449d4e9cea358c9d55b69be9) C:\Windows\system32\lsass.exe

13:27:56.0417 3000        SamSs - ok

13:27:56.0429 3000        sbp2port        (3ce8f073a557e172b330109436984e30) C:\Windows\system32\drivers\sbp2port.sys

13:27:56.0436 3000        sbp2port - ok

13:27:56.0538 3000        SBSDWSCService  (794d4b48dfb6e999537c7c3947863463) C:\Program Files\Spybot - Search & Destroy\SDWinSec.exe

13:27:56.0568 3000        SBSDWSCService - ok

13:27:56.0588 3000        SCardSvr        (565b4b9e5ad2f2f18a4f8aafa6c06bbb) C:\Windows\System32\SCardSvr.dll

13:27:56.0625 3000        SCardSvr - ok

13:27:56.0663 3000        Schedule        (886cec884b5be29ab9828b8ab46b11f7) C:\Windows\system32\schedsvc.dll

13:27:56.0731 3000        Schedule - ok

13:27:56.0762 3000        SCPolicySvc     (0600e04315fe543802a379d5d23c8be0) C:\Windows\System32\certprop.dll

13:27:56.0797 3000        SCPolicySvc - ok

13:27:56.0822 3000        SDRSVC          (f7b6bf02240d0a764adf8c8966735552) C:\Windows\System32\SDRSVC.dll

13:27:56.0865 3000        SDRSVC - ok

13:27:56.0890 3000        secdrv          (90a3935d05b494a5a39d37e71f09a677) C:\Windows\system32\drivers\secdrv.sys

13:27:56.0939 3000        secdrv - ok

13:27:56.0962 3000        seclogon        (8388c4133ddbe62ad7bc3ec9f14271ed) C:\Windows\system32\seclogon.dll

13:27:56.0998 3000        seclogon - ok

13:27:57.0006 3000        SENS            (34350ae2c1d33d21c7305f861bd8dad8) C:\Windows\System32\sens.dll

13:27:57.0060 3000        SENS - ok

13:27:57.0082 3000        Serenum         (68e44e331d46f0fb38f0863a84cd1a31) C:\Windows\system32\drivers\serenum.sys

13:27:57.0133 3000        Serenum - ok

13:27:57.0159 3000        Serial          (c70d69a918b178d3c3b06339b40c2e1b) C:\Windows\system32\drivers\serial.sys

13:27:57.0215 3000        Serial - ok

13:27:57.0241 3000        sermouse        (450accd77ec5cea720c1cdb9e26b953b) C:\Windows\system32\drivers\sermouse.sys

13:27:57.0264 3000        sermouse - ok

13:27:57.0288 3000        SessionEnv      (78878235da4df0d116e86837a0a21df8) C:\Windows\system32\sessenv.dll

13:27:57.0325 3000        SessionEnv - ok

13:27:57.0338 3000        sffdisk         (103b79418da647736ee95645f305f68a) C:\Windows\system32\drivers\sffdisk.sys

13:27:57.0386 3000        sffdisk - ok

13:27:57.0407 3000        sffp_mmc        (8fd08a310645fe872eeec6e08c6bf3ee) C:\Windows\system32\drivers\sffp_mmc.sys

13:27:57.0442 3000        sffp_mmc - ok

13:27:57.0448 3000        sffp_sd         (9cfa05fcfcb7124e69cfc812b72f9614) C:\Windows\system32\drivers\sffp_sd.sys

13:27:57.0483 3000        sffp_sd - ok

13:27:57.0490 3000        sfloppy         (46ed8e91793b2e6f848015445a0ac188) C:\Windows\system32\drivers\sfloppy.sys

13:27:57.0541 3000        sfloppy - ok

13:27:57.0583 3000        sfsync04        (c526ad307ff1900bc4c864f74553f762) C:\Windows\system32\drivers\sfsync04.sys

13:27:57.0590 3000        sfsync04 - ok

13:27:57.0621 3000        SharedAccess    (9a82bf4c90b00a63150a606a1e2fd82b) C:\Windows\System32\ipnathlp.dll

13:27:57.0633 3000        SharedAccess - ok

13:27:57.0645 3000        ShellHWDetection (b264dfa21677728613267fe63802b332) C:\Windows\System32\shsvcs.dll

13:27:57.0660 3000        ShellHWDetection - ok

13:27:57.0719 3000        SIS163u         (370ed82428657a2344aba98a76c06250) C:\Windows\system32\DRIVERS\sis163u.sys

13:27:57.0747 3000        SIS163u - ok

13:27:57.0751 3000        sisagp          (d2a595d6eebeeaf4334f8e50efbc9931) C:\Windows\system32\drivers\sisagp.sys

13:27:57.0758 3000        sisagp - ok

13:27:57.0775 3000        SiSRaid2        (cedd6f4e7d84e9f98b34b3fe988373aa) C:\Windows\system32\drivers\sisraid2.sys

13:27:57.0782 3000        SiSRaid2 - ok

13:27:57.0796 3000        SiSRaid4        (df843c528c4f69d12ce41ce462e973a7) C:\Windows\system32\drivers\sisraid4.sys

13:27:57.0803 3000        SiSRaid4 - ok

13:27:57.0937 3000        slsvc           (a1dcd30534835cb67733ad00175125a6) C:\Windows\system32\SLsvc.exe

13:27:58.0083 3000        slsvc - ok

13:27:58.0194 3000        SLUINotify      (56da296e7b376a727e7bdc5ac7fbee02) C:\Windows\system32\SLUINotify.dll

13:27:58.0224 3000        SLUINotify - ok

13:27:58.0247 3000        Smb             (ac0d90738adb51a6fd12ff00874a2162) C:\Windows\system32\DRIVERS\smb.sys

13:27:58.0282 3000        Smb - ok

13:27:58.0296 3000        SNMPTRAP        (2a146a055b4401c16ee62d18b8e2a032) C:\Windows\System32\snmptrap.exe

13:27:58.0307 3000        SNMPTRAP - ok

13:27:58.0315 3000        spldr           (426f9b029aa9162ceccf65369457d046) C:\Windows\system32\drivers\spldr.sys

13:27:58.0322 3000        spldr - ok

13:27:58.0339 3000        Spooler         (da612ef2556776df2630b68bf2d48935) C:\Windows\System32\spoolsv.exe

13:27:58.0350 3000        Spooler - ok

13:27:58.0392 3000        srv             (038579c35f7cad4a4bbf735dbf83277d) C:\Windows\system32\DRIVERS\srv.sys

13:27:58.0418 3000        srv - ok

13:27:58.0433 3000        srv2            (6971a757af8cb5e2cbcbb76cc530db6c) C:\Windows\system32\DRIVERS\srv2.sys

13:27:58.0477 3000        srv2 - ok

13:27:58.0483 3000        srvnet          (9e1a4603b874eebce0298113951abefb) C:\Windows\system32\DRIVERS\srvnet.sys

13:27:58.0495 3000        srvnet - ok

13:27:58.0514 3000        SSDPSRV         (8d3e4baff8b3997138c38eb1b600519a) C:\Windows\System32\ssdpsrv.dll

13:27:58.0552 3000        SSDPSRV - ok

13:27:58.0561 3000        ssmdrv          (a36ee93698802cd899f98bfd553d8185) C:\Windows\system32\DRIVERS\ssmdrv.sys

13:27:58.0567 3000        ssmdrv - ok

13:27:58.0638 3000        stisvc          (a941e099ef46e3cc12f898cbe1c39910) C:\Windows\System32\wiaservc.dll

13:27:58.0698 3000        stisvc - ok

13:27:58.0717 3000        swenum          (1379bdb336f8158c176a465e30759f57) C:\Windows\system32\DRIVERS\swenum.sys

13:27:58.0723 3000        swenum - ok

13:27:58.0743 3000        swprv           (749ada8d6c18a08adfede69cbf5db2e0) C:\Windows\System32\swprv.dll

13:27:58.0806 3000        swprv - ok

13:27:58.0827 3000        Symc8xx         (192aa3ac01df071b541094f251deed10) C:\Windows\system32\drivers\symc8xx.sys

13:27:58.0834 3000        Symc8xx - ok

13:27:58.0848 3000        Sym_hi          (8c8eb8c76736ebaf3b13b633b2e64125) C:\Windows\system32\drivers\sym_hi.sys

13:27:58.0855 3000        Sym_hi - ok

13:27:58.0870 3000        Sym_u3          (8072af52b5fd103bbba387a1e49f62cb) C:\Windows\system32\drivers\sym_u3.sys

13:27:58.0877 3000        Sym_u3 - ok

13:27:58.0916 3000        SysMain         (8f2b5fede18bd3c4c926cbf88e6f1264) C:\Windows\system32\sysmain.dll

13:27:58.0956 3000        SysMain - ok

13:27:58.0971 3000        TabletInputService (2dca225eae15f42c0933e998ee0231c3) C:\Windows\System32\TabSvc.dll

13:27:58.0998 3000        TabletInputService - ok

13:27:59.0033 3000        tap0901         (d3a66c827b3f729bcbab84eba8570b48) C:\Windows\system32\DRIVERS\tap0901.sys

13:27:59.0040 3000        tap0901 - ok

13:27:59.0063 3000        TapiSrv         (ef3dd33c740fc2f82e7e4622f1c49289) C:\Windows\System32\tapisrv.dll

13:27:59.0102 3000        TapiSrv - ok

13:27:59.0111 3000        TBS             (68fa52794ae9acc61bde16fe0956b414) C:\Windows\System32\tbssvc.dll

13:27:59.0148 3000        TBS - ok

13:27:59.0210 3000        Tcpip           (4a82fa8f0df67aa354580c3faaf8bde3) C:\Windows\system32\drivers\tcpip.sys

13:27:59.0235 3000        Tcpip - ok

13:27:59.0243 3000        Tcpip6          (4a82fa8f0df67aa354580c3faaf8bde3) C:\Windows\system32\DRIVERS\tcpip.sys

13:27:59.0264 3000        Tcpip6 - ok

13:27:59.0291 3000        tcpipreg        (5ce0c4a7b12d0067dad527d72b68c726) C:\Windows\system32\drivers\tcpipreg.sys

13:27:59.0326 3000        tcpipreg - ok

13:27:59.0335 3000        TDPIPE          (964248aef49c31fa6a93201a73ffaf50) C:\Windows\system32\drivers\tdpipe.sys

13:27:59.0388 3000        TDPIPE - ok

13:27:59.0409 3000        TDTCP           (7d2c1ae1648a60fce4aa0f7982e419d3) C:\Windows\system32\drivers\tdtcp.sys

13:27:59.0444 3000        TDTCP - ok

13:27:59.0449 3000        tdx             (ab4fde8af4a0270a46a001c08cbce1c2) C:\Windows\system32\DRIVERS\tdx.sys

13:27:59.0484 3000        tdx - ok

13:27:59.0496 3000        TermDD          (2c549bd9dd091fbfaa0a2a48e82ec2fb) C:\Windows\system32\DRIVERS\termdd.sys

13:27:59.0503 3000        TermDD - ok

13:27:59.0534 3000        TermService     (fad71c1e8e4047b154e899ae31eb8caa) C:\Windows\System32\termsrv.dll

13:27:59.0577 3000        TermService - ok

13:27:59.0603 3000        Themes          (b264dfa21677728613267fe63802b332) C:\Windows\system32\shsvcs.dll

13:27:59.0617 3000        Themes - ok

13:27:59.0637 3000        THREADORDER     (9dfa3a459af0954aa85b4f7622ad87bb) C:\Windows\system32\mmcss.dll

13:27:59.0673 3000        THREADORDER - ok

13:27:59.0687 3000        TrkWks          (6bba0582c0025d43729a1112d3b57897) C:\Windows\System32\trkwks.dll

13:27:59.0723 3000        TrkWks - ok

13:27:59.0754 3000        TrustedInstaller (34e388a395fedba1d0511ed39bbf4074) C:\Windows\servicing\TrustedInstaller.exe

13:27:59.0782 3000        TrustedInstaller - ok

13:27:59.0807 3000        tssecsrv        (29f0eca726f0d51f7e048bdb0b372f29) C:\Windows\system32\DRIVERS\tssecsrv.sys

13:27:59.0856 3000        tssecsrv - ok

13:27:59.0939 3000        TuneUp.Defrag   (c1a64414db4e49d41d9df9359ed9369b) C:\Program Files\TuneUp Utilities 2010\TuneUpDefragService.exe

13:27:59.0952 3000        TuneUp.Defrag - ok

13:28:00.0039 3000        TuneUp.UtilitiesSvc (dc653cf2d70827c4ebc2b157da25cf57) C:\Program Files\TuneUp Utilities 2010\TuneUpUtilitiesService32.exe

13:28:00.0065 3000        TuneUp.UtilitiesSvc - ok

13:28:00.0115 3000        TuneUpUtilitiesDrv (f2107c9d85ec0df116939ccce06ae697) C:\Program Files\TuneUp Utilities 2010\TuneUpUtilitiesDriver32.sys

13:28:00.0121 3000        TuneUpUtilitiesDrv - ok

13:28:00.0197 3000        tunmp           (65e953bc0084d44498b51f59784d2a82) C:\Windows\system32\DRIVERS\tunmp.sys

13:28:00.0207 3000        tunmp - ok

13:28:00.0221 3000        tunnel          (4a39bda5e0fd30bdf4884f9d33ae6105) C:\Windows\system32\DRIVERS\tunnel.sys

13:28:00.0231 3000        tunnel - ok

13:28:00.0250 3000        uagp35          (c3ade15414120033a36c0f293d4a4121) C:\Windows\system32\drivers\uagp35.sys

13:28:00.0258 3000        uagp35 - ok

13:28:00.0279 3000        udfs            (6348da98707ceda8a0dfb05820e17732) C:\Windows\system32\DRIVERS\udfs.sys

13:28:00.0317 3000        udfs - ok

13:28:00.0331 3000        UI0Detect       (24a333f4f14dcfb6ff6d5a1b9e5d79dd) C:\Windows\system32\UI0Detect.exe

13:28:00.0342 3000        UI0Detect - ok

13:28:00.0356 3000        uliagpkx        (75e6890ebfce0841d3291b02e7a8bdb0) C:\Windows\system32\drivers\uliagpkx.sys

13:28:00.0364 3000        uliagpkx - ok

13:28:00.0382 3000        uliahci         (3cd4ea35a6221b85dcc25daa46313f8d) C:\Windows\system32\drivers\uliahci.sys

13:28:00.0392 3000        uliahci - ok

13:28:00.0408 3000        UlSata          (8514d0e5cd0534467c5fc61be94a569f) C:\Windows\system32\drivers\ulsata.sys

13:28:00.0415 3000        UlSata - ok

13:28:00.0430 3000        ulsata2         (38c3c6e62b157a6bc46594fada45c62b) C:\Windows\system32\drivers\ulsata2.sys

13:28:00.0438 3000        ulsata2 - ok

13:28:00.0453 3000        umbus           (3fb78f1d1dd86d87bececd9dffa24dd9) C:\Windows\system32\DRIVERS\umbus.sys

13:28:00.0508 3000        umbus - ok

13:28:00.0541 3000        upnphost        (8eb871a3deb6b3d5a85eb6ddfc390b59) C:\Windows\System32\upnphost.dll

13:28:00.0581 3000        upnphost - ok

13:28:00.0611 3000        usbccgp         (b0ba9caffe9b0555ec0317f30cb79cd2) C:\Windows\system32\DRIVERS\usbccgp.sys

13:28:00.0656 3000        usbccgp - ok

13:28:00.0673 3000        usbcir          (e9476e6c486e76bc4898074768fb7131) C:\Windows\system32\drivers\usbcir.sys

13:28:00.0709 3000        usbcir - ok

13:28:00.0730 3000        usbehci         (c9fcd05b0a80ea08c2768e5a279b14de) C:\Windows\system32\DRIVERS\usbehci.sys

13:28:00.0739 3000        usbehci - ok

13:28:00.0769 3000        usbhub          (5e44f7d957f7560da06bfe6b84b58a35) C:\Windows\system32\DRIVERS\usbhub.sys

13:28:00.0783 3000        usbhub - ok

13:28:00.0787 3000        usbohci         (9333e482a173938788cbde8f81ec52fb) C:\Windows\system32\DRIVERS\usbohci.sys

13:28:00.0812 3000        usbohci - ok

13:28:00.0835 3000        usbprint        (b51e52acf758be00ef3a58ea452fe360) C:\Windows\system32\DRIVERS\usbprint.sys

13:28:00.0872 3000        usbprint - ok

13:28:00.0901 3000        usbscan         (b1f95285c08ddfe00c0b955462637ec7) C:\Windows\system32\DRIVERS\usbscan.sys

13:28:00.0937 3000        usbscan - ok

13:28:00.0962 3000        USBSTOR         (7887ce56934e7f104e98c975f47353c5) C:\Windows\system32\DRIVERS\USBSTOR.SYS

13:28:01.0008 3000        USBSTOR - ok

13:28:01.0027 3000        usbuhci         (325dbbacb8a36af9988ccf40eac228cc) C:\Windows\system32\DRIVERS\usbuhci.sys

13:28:01.0063 3000        usbuhci - ok

13:28:01.0075 3000        UxSms           (f79d0d7c9004474cb42746d9b2c30a2b) C:\Windows\System32\uxsms.dll

13:28:01.0127 3000        UxSms - ok

13:28:01.0146 3000        UxTuneUp        (dc2172accb384c6a3d59342050422102) C:\Windows\System32\uxtuneup.dll

13:28:01.0153 3000        UxTuneUp - ok

13:28:01.0184 3000        vds             (c9d0bafee0d0a2681f048ca61bc0da96) C:\Windows\System32\vds.exe

13:28:01.0201 3000        vds - ok

13:28:01.0231 3000        vga             (7d92be0028ecdedec74617009084b5ef) C:\Windows\system32\DRIVERS\vgapnp.sys

13:28:01.0266 3000        vga - ok

13:28:01.0275 3000        VgaSave         (17a8f877314e4067f8c8172cc6d9101c) C:\Windows\System32\drivers\vga.sys

13:28:01.0311 3000        VgaSave - ok

13:28:01.0325 3000        viaagp          (045d9961e591cf0674a920b6ba3ba5cb) C:\Windows\system32\drivers\viaagp.sys

13:28:01.0332 3000        viaagp - ok

13:28:01.0346 3000        ViaC7           (56a4de5f02f2e88182b0981119b4dd98) C:\Windows\system32\drivers\viac7.sys

13:28:01.0399 3000        ViaC7 - ok

13:28:01.0424 3000        viaide          (7aa7ec9a08dc2c39649c413b1a26e298) C:\Windows\system32\drivers\viaide.sys

13:28:01.0431 3000        viaide - ok

13:28:01.0450 3000        volmgr          (103e84c95832d0ed93507997cc7b54e8) C:\Windows\system32\drivers\volmgr.sys

13:28:01.0457 3000        volmgr - ok

13:28:01.0472 3000        volmgrx         (294da8d3f965f6a8db934a83c7b461ff) C:\Windows\system32\drivers\volmgrx.sys

13:28:01.0483 3000        volmgrx - ok

13:28:01.0496 3000        volsnap         (80dc0c9bcb579ed9815001a4d37cbfd5) C:\Windows\system32\drivers\volsnap.sys

13:28:01.0506 3000        volsnap - ok

13:28:01.0526 3000        vsmraid         (d984439746d42b30fc65a4c3546c6829) C:\Windows\system32\drivers\vsmraid.sys

13:28:01.0533 3000        vsmraid - ok

13:28:01.0593 3000        VSS             (e0e29d9ef2524abd11749c7c2fd7f607) C:\Windows\system32\vssvc.exe

13:28:01.0636 3000        VSS - ok

13:28:01.0665 3000        W32Time         (62b0d0f6f5580d9d0dfa5e0b466ff2ed) C:\Windows\system32\w32time.dll

13:28:01.0705 3000        W32Time - ok

13:28:01.0720 3000        WacomPen        (48dfee8f1af7c8235d4e626f0c4fe031) C:\Windows\system32\drivers\wacompen.sys

13:28:01.0756 3000        WacomPen - ok

13:28:01.0774 3000        Wanarp          (6798c1209a53b5a0ded8d437c45145ff) C:\Windows\system32\DRIVERS\wanarp.sys

13:28:01.0784 3000        Wanarp - ok

13:28:01.0787 3000        Wanarpv6        (6798c1209a53b5a0ded8d437c45145ff) C:\Windows\system32\DRIVERS\wanarp.sys

13:28:01.0798 3000        Wanarpv6 - ok

13:28:01.0816 3000        wcncsvc         (c1b19162e0509ceab4cdf664e139d956) C:\Windows\System32\wcncsvc.dll

13:28:01.0831 3000        wcncsvc - ok

13:28:01.0836 3000        WcsPlugInService (11bcb7afcdd7aadacb5746f544d3a9c7) C:\Windows\System32\WcsPlugInService.dll

13:28:01.0875 3000        WcsPlugInService - ok

13:28:01.0879 3000        Wd              (afc5ad65b991c1e205cf25cfdbf7a6f4) C:\Windows\system32\drivers\wd.sys

13:28:01.0887 3000        Wd - ok

13:28:01.0929 3000        Wdf01000        (9950e3d0f08141c7e89e64456ae7dc73) C:\Windows\system32\drivers\Wdf01000.sys

13:28:01.0946 3000        Wdf01000 - ok

13:28:01.0967 3000        WdiServiceHost  (2a424b89b14ef17a3d06bcb5a8f79601) C:\Windows\system32\wdi.dll

13:28:01.0996 3000        WdiServiceHost - ok

13:28:01.0999 3000        WdiSystemHost   (2a424b89b14ef17a3d06bcb5a8f79601) C:\Windows\system32\wdi.dll

13:28:02.0013 3000        WdiSystemHost - ok

13:28:02.0052 3000        WebClient       (01e41c264eedcb827820a1909162579f) C:\Windows\System32\webclnt.dll

13:28:02.0064 3000        WebClient - ok

13:28:02.0075 3000        Wecsvc          (9cf67ff7f8d34cbf115d0c278b9f74aa) C:\Windows\system32\wecsvc.dll

13:28:02.0113 3000        Wecsvc - ok

13:28:02.0127 3000        wercplsupport   (b68cab45db1dab59d92acadfad6364a8) C:\Windows\System32\wercplsupport.dll

13:28:02.0164 3000        wercplsupport - ok

13:28:02.0185 3000        WerSvc          (36ba0707680ef4236fd752bee982cc25) C:\Windows\System32\WerSvc.dll

13:28:02.0222 3000        WerSvc - ok

13:28:02.0274 3000        WinDefend       (0d5ad0e71ff5ddac5dd2f443b499abd0) C:\Program Files\Windows Defender\mpsvc.dll

13:28:02.0285 3000        WinDefend - ok

13:28:02.0290 3000        WinHttpAutoProxySvc - ok

13:28:02.0336 3000        Winmgmt         (38a7b89de4e3417c122317949667fdd8) C:\Windows\system32\wbem\WMIsvc.dll

13:28:02.0389 3000        Winmgmt - ok

13:28:02.0427 3000        WinRM           (3f6823040030c3e4da1cf11cd40b7534) C:\Windows\system32\WsmSvc.dll

13:28:02.0488 3000        WinRM - ok

13:28:02.0544 3000        Wlansvc         (7640acea41348bfef34b76e245501261) C:\Windows\System32\wlansvc.dll

13:28:02.0622 3000        Wlansvc - ok

13:28:02.0658 3000        WmiAcpi         (17eac0d023a65fa9b02114cc2baacad5) C:\Windows\system32\DRIVERS\wmiacpi.sys

13:28:02.0695 3000        WmiAcpi - ok

13:28:02.0727 3000        wmiApSrv        (a279323bee5fffafda222910bce92132) C:\Windows\system32\wbem\WmiApSrv.exe

13:28:02.0737 3000        wmiApSrv - ok

13:28:02.0830 3000        WMPNetworkSvc   (acb2e63d50157e3ea7140f29d9e76a48) C:\Program Files\Windows Media Player\wmpnetwk.exe

13:28:02.0886 3000        WMPNetworkSvc - ok

13:28:02.0914 3000        WPCSvc          (3d3b3b80c12abe506f56930c46422c28) C:\Windows\System32\wpcsvc.dll

13:28:02.0953 3000        WPCSvc - ok

13:28:02.0975 3000        WPDBusEnum      (c24844a1d0d9528b19d5bc266b8cd572) C:\Windows\system32\wpdbusenum.dll

13:28:03.0007 3000        WPDBusEnum - ok

13:28:03.0039 3000        WpdUsb          (2d27171b16a577ef14c1273668753485) C:\Windows\system32\DRIVERS\wpdusb.sys

13:28:03.0087 3000        WpdUsb - ok

13:28:03.0117 3000        ws2ifsl         (84620aecdcfd2a7a14e6263927d8c0ed) C:\Windows\system32\drivers\ws2ifsl.sys

13:28:03.0154 3000        ws2ifsl - ok

13:28:03.0169 3000        wscsvc          (f97cbb919af6d0a6643d1a59c15014d1) C:\Windows\System32\wscsvc.dll

13:28:03.0199 3000        wscsvc - ok

13:28:03.0203 3000        WSearch - ok

13:28:03.0334 3000        wuauserv        (6298277b73c77fa99106b271a7525163) C:\Windows\system32\wuaueng.dll

13:28:03.0412 3000        wuauserv - ok

13:28:03.0551 3000        WUDFRd          (a2aafcc8a204736296d937c7c545b53f) C:\Windows\system32\DRIVERS\WUDFRd.sys

13:28:03.0604 3000        WUDFRd - ok

13:28:03.0626 3000        wudfsvc         (db5bf5aab72b1b99b5331231d09ebb26) C:\Windows\System32\WUDFSvc.dll

13:28:03.0663 3000        wudfsvc - ok

13:28:03.0686 3000        MBR (0x1B8)     (5c616939100b85e558da92b899a0fc36) \Device\Harddisk0\DR0

13:28:03.0883 3000        \Device\Harddisk0\DR0 - ok

13:28:03.0886 3000        Boot (0x1200)   (3151a58075f1f57f2e5971c9e5b67a96) \Device\Harddisk0\DR0\Partition0

13:28:03.0888 3000        \Device\Harddisk0\DR0\Partition0 - ok

13:28:03.0917 3000        Boot (0x1200)   (04253e24ab4c333404c937f68a18cef5) \Device\Harddisk0\DR0\Partition1

13:28:03.0919 3000        \Device\Harddisk0\DR0\Partition1 - ok

13:28:03.0938 3000        Boot (0x1200)   (57fbe5b0b8bec124b545f81704f294d3) \Device\Harddisk0\DR0\Partition2

13:28:03.0939 3000        \Device\Harddisk0\DR0\Partition2 - ok

13:28:03.0940 3000        ============================================================

13:28:03.0940 3000        Scan finished

13:28:03.0940 3000        ============================================================

13:28:03.0949 2896        Detected object count: 1

13:28:03.0949 2896        Actual detected object count: 1

13:28:17.0527 2896        OpenVPNService ( UnsignedFile.Multi.Generic ) - skipped by user

13:28:17.0527 2896        OpenVPNService ( UnsignedFile.Multi.Generic ) - User select action: Skip

Danke und Gruß
Matjes

Dann bitte jetzt CF ausführen:

ComboFix

Ein Leitfaden und Tutorium zur Nutzung von ComboFix

Lade dir ComboFix hier herunter auf deinen Desktop.

Schliesse alle Programme, vor allem dein Antivirenprogramm und andere Hintergrundwächter sowie deinen Internetbrowser.

Starte combofix.exe von deinem Desktop aus, bestätige die Warnmeldungen, führe die Updates durch (falls vorgeschlagen), installiere die Wiederherstellungskonsole (falls vorgeschlagen) und lass dein System durchsuchen.
Vermeide es auch während Combofix läuft die Maus und Tastatur zu benutzen.

Im Anschluss öffnet sich automatisch eine combofix.txt, diesen Inhalt bitte kopieren ([Strg]a, [Strg]c) und in deinen Beitrag einfügen ([Strg]v). Die Datei findest du außerdem unter: C:\ComboFix.txt.

Wichtiger Hinweis:

Combofix darf ausschließlich ausgeführt werden, wenn ein Kompetenzler dies ausdrücklich empfohlen hat!

Es sollte nie auf eigene Initiative hin ausgeführt werden! Eine falsche Benutzung kann ernsthafte Computerprobleme nach sich ziehen und eine Bereinigung der Infektion noch erschweren.

Solltest du nach der Ausführung von Combofix Probleme beim Starten von Anwendungen haben und Meldungen erhalten wie

Zitat:

Es wurde versucht, einen Registrierungsschlüssel einem ungültigen Vorgang zu unterziehen, der zum Löschen markiert wurde.

startest du Windows dann manuell neu und die Fehlermeldungen sollten nicht mehr auftauchen.

Combofix Logfile:

Code:

ComboFix 12-05-11.03 - Matze 11.05.2012  20:44:03.1.4 - x86

Microsoft® Windows Vista™ Home Premium   6.0.6000.0.1252.49.1031.18.3071.2359 [GMT 2:00]

ausgeführt von:: c:\users\Matze\Desktop\ComboFix.exe

.

.

((((((((((((((((((((((((((((((((((((   Weitere Löschungen   ))))))))))))))))))))))))))))))))))))))))))))))))

.

.

c:\windows\unin0407.exe

.

.

(((((((((((((((((((((((   Dateien erstellt von 2012-04-11 bis 2012-05-11  ))))))))))))))))))))))))))))))

.

.

2012-05-11 18:47 . 2012-05-11 18:47        --------        d-----w-        c:\users\Matze\AppData\Local\temp

2012-05-09 05:08 . 2012-04-13 07:36        6734704        ----a-w-        c:\programdata\Microsoft\Windows Defender\Definition Updates\{9FA75F4E-877D-4E25-9A42-6AD80CCA931D}\mpengine.dll

2012-05-08 21:49 . 2012-05-08 21:49        --------        d-----w-        C:\_OTL

2012-05-05 18:31 . 2012-05-05 18:31        --------        d-----w-        c:\program files\7-Zip

2012-05-04 13:45 . 2012-05-04 13:45        --------        d-----w-        c:\program files\Trend Micro

2012-05-03 17:20 . 2012-05-08 21:49        --------        d-----w-        c:\program files\Spybot - Search & Destroy

2012-05-03 17:20 . 2012-05-06 07:35        --------        d-----w-        c:\programdata\Spybot - Search & Destroy

2012-05-02 15:22 . 2012-05-02 16:28        --------        d-----w-        c:\programdata\McAfee

2012-05-02 15:15 . 2012-04-21 01:18        97208        ----a-w-        c:\program files\Mozilla Firefox\components\browsercomps.dll

2012-05-02 15:15 . 2012-04-21 01:54        868952        ----a-w-        c:\program files\Mozilla Firefox\uninstall\helper.exe

2012-05-01 13:04 . 2012-05-01 13:04        --------        d-----w-        c:\users\Matze\AppData\Local\ESET

2012-04-25 18:48 . 2012-05-02 15:59        --------        d-----w-        c:\program files\Mozilla Maintenance Service

2012-04-25 18:48 . 2012-04-21 01:16        157352        ----a-w-        c:\program files\Mozilla Firefox\maintenanceservice_installer.exe

2012-04-25 18:48 . 2012-04-21 01:16        129976        ----a-w-        c:\program files\Mozilla Firefox\maintenanceservice.exe

2012-04-24 05:13 . 2012-04-24 05:13        --------        d-----w-        c:\users\Matze\AppData\Roaming\Avira

2012-04-24 05:09 . 2012-05-08 21:47        83392        ----a-w-        c:\windows\system32\drivers\avgntflt.sys

2012-04-24 05:09 . 2012-05-08 21:47        137928        ----a-w-        c:\windows\system32\drivers\avipbb.sys

2012-04-24 05:09 . 2011-09-16 14:08        36000        ----a-w-        c:\windows\system32\drivers\avkmgr.sys

2012-04-24 05:09 . 2012-04-24 05:09        --------        d-----w-        c:\programdata\Avira

2012-04-24 05:09 . 2012-04-24 05:09        --------        d-----w-        c:\program files\Avira

.

.

.

((((((((((((((((((((((((((((((((((((   Find3M Bericht   ))))))))))))))))))))))))))))))))))))))))))))))))))))))

.

2012-05-05 09:09 . 2012-03-31 15:33        419488        ----a-w-        c:\windows\system32\FlashPlayerApp.exe

2012-05-05 09:09 . 2011-09-08 17:30        70304        ----a-w-        c:\windows\system32\FlashPlayerCPLApp.cpl

2012-04-04 13:56 . 2011-09-09 10:55        22344        ----a-w-        c:\windows\system32\drivers\mbam.sys

2012-02-23 08:18 . 2011-09-09 09:53        237072        ------w-        c:\windows\system32\MpSigStub.exe

2009-05-01 21:02 . 2009-05-01 21:02        1044480        ----a-w-        c:\program files\mozilla firefox\plugins\libdivx.dll

2009-05-01 21:02 . 2009-05-01 21:02        200704        ----a-w-        c:\program files\mozilla firefox\plugins\ssldivx.dll

2012-04-21 01:18 . 2012-05-02 15:15        97208        ----a-w-        c:\program files\mozilla firefox\components\browsercomps.dll

.

.

((((((((((((((((((((((((((((   Autostartpunkte der Registrierung   ))))))))))))))))))))))))))))))))))))))))

.

.

*Hinweis* leere Einträge & legitime Standardeinträge werden nicht angezeigt. 

REGEDIT4

.

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"Sidebar"="c:\program files\Windows Sidebar\sidebar.exe" [2011-09-10 1232896]

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"RtHDVCpl"="RtHDVCpl.exe" [2007-12-17 4718592]

"Skytel"="Skytel.exe" [2007-11-20 1826816]

"itype"="c:\program files\Microsoft IntelliType Pro\itype.exe" [2011-01-07 1778552]

"IntelliPoint"="c:\program files\Microsoft IntelliPoint\ipoint.exe" [2011-01-07 1797488]

"avgnt"="c:\program files\Avira\AntiVir Desktop\avgnt.exe" [2012-05-08 348624]

.

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MCODS]

@=""

.

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\run-]

"EPSON Stylus DX8400 Series"=c:\windows\system32\spool\DRIVERS\W32X86\3\E_FATICEE.EXE /FU "c:\windows\TEMP\E_S870F.tmp" /EF "HKCU"

.

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run-]

"Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe"

"openvpn-gui"=c:\program files\Astaro\Astaro SSL VPN Client\bin\openvpn-gui.exe

.

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\McAfeeAntiSpyware]

"DisableMonitoring"=dword:00000001

.

R3 AdobeFlashPlayerUpdateSvc;Adobe Flash Player Update Service;c:\windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [2012-05-05 257696]

S2 AdobeARMservice;Adobe Acrobat Update Service;c:\program files\Common Files\Adobe\ARM\1.0\armsvc.exe [2012-01-03 63928]

.

.

--- Andere Dienste/Treiber im Speicher ---

.

*NewlyCreated* - 35018371

*Deregistered* - 35018371

.

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Svchost  - NetSvcs

UxTuneUp

.

Inhalt des "geplante Tasks" Ordners

.

2012-05-11 c:\windows\Tasks\Adobe Flash Player Updater.job

- c:\windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [2012-03-31 09:09]

.

.

------- Zusätzlicher Suchlauf -------

.

uStart Page = hxxp://www.gmx.de/

mStart Page = hxxp://search.searchonme.com/

TCP: DhcpNameServer = 192.168.220.1

FF - ProfilePath - c:\users\Matze\AppData\Roaming\Mozilla\Firefox\Profiles\uig1ebrz.default\

FF - prefs.js: browser.search.selectedEngine - Google

FF - prefs.js: browser.startup.homepage - www.gmx.de

.

.

**************************************************************************

.

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, hxxp://www.gmer.net

Rootkit scan 2012-05-11 20:47

Windows 6.0.6000  NTFS

.

Scanne versteckte Prozesse... 

.

Scanne versteckte Autostarteinträge... 

.

Scanne versteckte Dateien... 

.

Scan erfolgreich abgeschlossen

versteckte Dateien: 0

.

**************************************************************************

.

Zeit der Fertigstellung: 2012-05-11  20:49:05

ComboFix-quarantined-files.txt  2012-05-11 18:49

.

Vor Suchlauf: 10 Verzeichnis(se), 100.436.992.000 Bytes frei

Nach Suchlauf: 14 Verzeichnis(se), 100.403.355.648 Bytes frei

.

- - End Of File - - 94D9D531596522237F9ACA110BC6EBA5

--- --- ---

Danke und gruß
Matjes

Bitte nun Logs mit GMER und OSAM erstellen und posten.
GMER stürzt häufiger ab, wenn das Tool auch beim 2. Mal nicht will, lass es einfach weg und führ nur OSAM aus - die Online-Abfrage durch OSAM bitte überspringen.
Bei OSAM bitte darauf auch achten, dass Du das Log auch als *.log und nicht *.html oder so abspeicherst.

Hinweis: Zum Entpacken von OSAM bitte WinRAR oder 7zip verwenden! Stell auch unbedingt den Virenscanner ab, besonders der Scanner von McAfee meldet oft einen Fehalarm in OSAM!

Downloade dir bitte

aswMBR.exe und speichere die Datei auf deinem Desktop.

Starte die aswMBR.exe - (aswMBR.exe Anleitung)
Ab Windows Vista (oder höher) bitte mit Rechtsklick "als Administrator ausführen" starten".
Das Tool wird dich fragen, ob Du mit der aktuellen Virendefinition von AVAST! dein System scannen willst. Beantworte diese Frage bitte mit Ja. (Sollte deine Firewall fragen, bitte den Zugriff auf das Internet zulassen )
Der Download der Definitionen kann je nach Verbindung eine Weile dauern.
Klicke auf Scan.
Warte bitte bis Scan finished successfully im DOS-Fenster steht.
Drücke auf Save Log und speichere diese auf dem Desktop.

Poste mir die aswMBR.txt in deiner nächsten Antwort.

Wichtig: Drücke keinesfalls einen der Fix Buttons ohne Anweisung

Hinweis: Sollte der Scan Button ausgeblendet sein, schließe das Tool und starte es erneut. Sollte der Scan abbrechen und das Programm abstürzen, dann teile mir das mit und wähle unter AV Scan die Einstellung (none).

Noch ein Hinweis: Sollte aswMBR abstürzen und es kommt eine Meldung wie "aswMBR.exe funktioniert nicht mehr, dann mach Folgendes:
Starte aswMBR neu, wähle unten links im Drop-Down-Menü (unten links im Fenster von aswMBR) bei "AV scan" (none) aus und klick nochmal auf den Scan-Button.

GMER Logfile:

Code:

GMER 1.0.15.15641 - hxxp://www.gmer.net

Rootkit scan 2012-05-11 22:58:43

Windows 6.0.6000  Harddisk0\DR0 -> \Device\Ide\IdeDeviceP0T1L0-1 WDC_WD5000AAKS-07YGA0 rev.12.01C02

Running: tgkb0ots.exe; Driver: C:\Users\Matze\AppData\Local\Temp\ugrcypow.sys
 
 

---- System - GMER 1.0.15 ----
 

SSDT     8CF3556C                                       ZwClose

SSDT     8CF35576                                       ZwCreateSection

SSDT     8CF35567                                       ZwDuplicateObject

SSDT     8CF35508                                       ZwOpenProcess

SSDT     8CF3550D                                       ZwOpenThread

SSDT     8CF35580                                       ZwRequestWaitReplyPort

SSDT     8CF3557B                                       ZwSetContextThread

SSDT     8CF35585                                       ZwSetSecurityObject

SSDT     8CF3558A                                       ZwSystemDebugControl

SSDT     8CF35517                                       ZwTerminateProcess
 

---- Kernel code sections - GMER 1.0.15 ----
 

.text    ntoskrnl.exe!_alloca_probe + EC                83855E5C 4 Bytes  [6C, 55, F3, 8C]

.text    ntoskrnl.exe!_alloca_probe + 158               83855EC8 4 Bytes  [76, 55, F3, 8C]

.text    ntoskrnl.exe!_alloca_probe + 230               83855FA0 4 Bytes  [67, 55, F3, 8C]

.text    ntoskrnl.exe!_alloca_probe + 334               838560A4 4 Bytes  [08, 55, F3, 8C]

.text    ntoskrnl.exe!_alloca_probe + 350               838560C0 4 Bytes  [0D, 55, F3, 8C]

.text    ...                                            

.xreloc  C:\Windows\System32\drivers\sfsync04.sys       unknown last section [0x80431000, 0xC5E, 0x40000040]

.text    C:\Windows\system32\DRIVERS\atksgt.sys         section is writeable [0xA57BD300, 0x3ACC8, 0xE8000020]

.text    C:\Windows\system32\DRIVERS\lirsgt.sys         section is writeable [0x91AC2300, 0x1B7E, 0xE8000020]

?        C:\Windows\system32\Drivers\PROCEXP113.SYS     Das System kann die angegebene Datei nicht finden. !

?        C:\Users\Matze\AppData\Local\Temp\catchme.sys  Das System kann die angegebene Datei nicht finden. !
 

---- Devices - GMER 1.0.15 ----
 

Device   \Driver\USBSTOR \Device\00000063               88EB3660

Device   \Driver\USBSTOR \Device\00000064               88EB3660

Device   \Driver\USBSTOR \Device\00000065               88EB3660

Device   \Driver\atapi \Device\Ide\IdePort0             864E5090

Device   \Driver\atapi \Device\Ide\IdePort1             864E5090

Device   \Driver\atapi \Device\Ide\IdeDeviceP1T0L0-2    864E5090

Device   \Driver\atapi \Device\Ide\IdeDeviceP0T1L0-1    864E5090

Device   \Driver\atapi \Device\Ide\IdeDeviceP1T1L0-3    864E5090

Device   \Driver\USBSTOR \Device\00000066               88EB3660

Device   \Driver\USBSTOR \Device\00000067               88EB3660

Device   \Driver\USBSTOR \Device\00000068               88EB3660
 

---- EOF - GMER 1.0.15 ----

--- --- ---

OSAM Logfile:

Code:

Report of OSAM: Autorun Manager v5.0.11926.0

hxxp://www.online-solutions.ru/en/

Saved at 23:37:39 on 11.05.2012
 

OS: Windows Vista Home Premium Edition (Build 6000), 32-bit

Default Browser: Mozilla Corporation Firefox 12.0
 

Scanner Settings

[x] Rootkits detection (hidden registry)

[x] Rootkits detection (hidden files)

[x] Retrieve files information

[x] Check Microsoft signatures
 

Filters

[ ] Trusted entries

[ ] Empty entries

[x] Hidden registry entries (rootkit activity)

[x] Exclusively opened files

[x] Not found files

[x] Files without detailed information

[x] Existing files

[ ] Non-startable services

[ ] Non-startable drivers

[x] Active entries

[x] Disabled entries
 
 

[Common]

-----( %SystemRoot%\Tasks )-----

"Adobe Flash Player Updater.job" - "Adobe Systems Incorporated" - C:\Windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe
 

[Control Panel Objects]

-----( %SystemRoot%\system32 )-----

"FlashPlayerCPLApp.cpl" - "Adobe Systems Incorporated" - C:\Windows\system32\FlashPlayerCPLApp.cpl
 

[Drivers]

-----( HKLM\SYSTEM\CurrentControlSet\Services )-----

"atksgt" (atksgt) - ? - C:\Windows\System32\DRIVERS\atksgt.sys  (File found, but it contains no detailed information)

"avgntflt" (avgntflt) - "Avira GmbH" - C:\Windows\System32\DRIVERS\avgntflt.sys

"avipbb" (avipbb) - "Avira GmbH" - C:\Windows\System32\DRIVERS\avipbb.sys

"avkmgr" (avkmgr) - "Avira GmbH" - C:\Windows\System32\DRIVERS\avkmgr.sys

"catchme" (catchme) - ? - C:\Users\Matze\AppData\Local\Temp\catchme.sys  (File not found)

"IP in IP Tunnel Driver" (IpInIp) - ? - C:\Windows\System32\DRIVERS\ipinip.sys  (File not found)

"IPX Traffic Filter Driver" (NwlnkFlt) - ? - C:\Windows\System32\DRIVERS\nwlnkflt.sys  (File not found)

"IPX Traffic Forwarder Driver" (NwlnkFwd) - ? - C:\Windows\System32\DRIVERS\nwlnkfwd.sys  (File not found)

"lirsgt" (lirsgt) - ? - C:\Windows\System32\DRIVERS\lirsgt.sys  (File found, but it contains no detailed information)

"mbr" (mbr) - ? - C:\ComboFix\mbr.sys  (Hidden registry entry, rootkit activity | File not found)

"ssmdrv" (ssmdrv) - "Avira GmbH" - C:\Windows\System32\DRIVERS\ssmdrv.sys

"StarForce Protection Synchronization Driver (version 4.x)" (sfsync04) - "Protection Technology (StarForce)" - C:\Windows\System32\drivers\sfsync04.sys

"TuneUpUtilitiesDrv" (TuneUpUtilitiesDrv) - "TuneUp Software" - C:\Program Files\TuneUp Utilities 2010\TuneUpUtilitiesDriver32.sys

"ugrcypow" (ugrcypow) - ? - C:\Users\Matze\AppData\Local\Temp\ugrcypow.sys  (Hidden registry entry, rootkit activity | File not found)
 

[Explorer]

-----( HKLM\Software\Classes\Folder\shellex\ColumnHandlers )-----

{F9DB5320-233E-11D1-9F84-707F02C10627} "PDF Shell Extension" - "Adobe Systems, Inc." - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\PDFShell.dll

-----( HKLM\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved )-----

{911051fa-c21c-4246-b470-070cd8df6dc4} ".cab or .zip files" - ? -   (File not found | COM-object registry key not found)

{23170F69-40C1-278A-1000-000100020000} "7-Zip Shell Extension" - "Igor Pavlov" - C:\Program Files\7-Zip\7-zip.dll

{1b24a030-9b20-49bc-97ac-1be4426f9e59} "ActiveDirectory Folder" - ? -   (File not found | COM-object registry key not found)

{34449847-FD14-4fc8-A75A-7432F5181EFB} "ActiveDirectory Folder" - ? -   (File not found | COM-object registry key not found)

{653DCCC2-13DB-45B2-A389-427885776CFE} "Activities Property Page" - "Microsoft Corporation" - C:\Program Files\Microsoft IntelliPoint\ipcplact.dll

{124597D8-850A-41AE-849C-017A4FA99CA2} "Buttons Property Page" - "Microsoft Corporation" - C:\Program Files\Microsoft IntelliPoint\ipcplbtn.dll

{0F8604A5-4ECE-4DE1-BA7D-CF10F8AA4F48} "Contacts folder" - ? -   (File not found | COM-object registry key not found)

{A70C977A-BF00-412C-90B7-034C51DA2439} "DesktopContext Class" - "NVIDIA Corporation" - C:\Program Files\NVIDIA Corporation\Display\nvui.dll

{2C2577C2-63A7-40e3-9B7F-586602617ECB} "Explorer Query Band" - ? -   (File not found | COM-object registry key not found)

{3BEABCC1-BF31-42df-88D9-A2955D6B8528} "IntelliPoint Sensitivity Property Page" - "Microsoft Corporation" - C:\Program Files\Microsoft IntelliPoint\ipcplsens.dll

{ED6E87C6-8A83-43aa-8208-8DBC8247F4D2} "IntelliType Pro Key Settings Property Page" - "Microsoft Corporation" - C:\Program Files\Microsoft IntelliType Pro\itcplkey.dll

{111D8120-25EB-4E1C-A4DF-C9EE5FCA35CB} "IntelliType Pro Scrolling Property Page" - "Microsoft Corporation" - C:\Program Files\Microsoft IntelliType Pro\itcplwhl.dll

{1825D0FA-5B0C-4e20-A929-3EFD15B6DF71} "IntelliType Pro Touchpad Control Property Page" - "Microsoft Corporation" - C:\Program Files\Microsoft IntelliType Pro\itcpltp.dll

{A2569D1F-4E06-43EC-9825-0088B471BE47} "IntelliType Pro Wireless Control Panel Property Page" - "Microsoft Corporation" - C:\Program Files\Microsoft IntelliType Pro\itcplwir.dll

{97FA8AA2-EE77-4FF2-9449-424D8924EF21} "IntelliType Pro Zooming Property Page" - "Microsoft Corporation" - C:\Program Files\Microsoft IntelliType Pro\itcplzm.dll

{00020d75-0000-0000-c000-000000000046} "lnkfile" - ? -   (File not found | COM-object registry key not found)

{3D1975AF-48C6-4f8e-A182-BE0E08FA86A9} "NVIDIA CPL Context Menu Extension" - "NVIDIA Corporation" - C:\Windows\system32\nvshext.dll

{C8494E42-ACDD-4739-B0FB-217361E4894F} "Sam Account Folder" - ? -   (File not found | COM-object registry key not found)

{E29F9716-5C08-4FCD-955A-119FDB5A522D} "Sam Account Folder" - ? -   (File not found | COM-object registry key not found)

{45AC2688-0253-4ED8-97DE-B5370FA7D48A} "Shell Extension for Malware scanning" - "Avira Operations GmbH & Co. KG" - C:\Program Files\Avira\AntiVir Desktop\shlext.dll

{1184D0ED-DBCE-4170-8DBB-4D0C3905DA85} "Touch Property Page" - "Microsoft Corporation" - C:\Program Files\Microsoft IntelliPoint\ipcpltouch.dll

{4838CD50-7E5D-4811-9B17-C47A85539F28} "TuneUp Disk Space Explorer Shell Extension" - "TuneUp Software" - C:\Program Files\TuneUp Utilities 2010\DseShExt-x86.dll

{4858E7D9-8E12-45a3-B6A3-1CD128C9D403} "TuneUp Shredder Shell Extension" - "TuneUp Software" - C:\Program Files\TuneUp Utilities 2010\SDShelEx-win32.dll

{44440D00-FF19-4AFC-B765-9A0970567D97} "TuneUp Theme Extension" - "TuneUp Software" - C:\Windows\System32\uxtuneup.dll

{AF90F543-6A3A-4C1B-8B16-ECEC073E69BE} "Wheel Property Page" - "Microsoft Corporation" - C:\Program Files\Microsoft IntelliPoint\ipcplwhl.dll

{da67b8ad-e81b-4c70-9b91b417b5e33527} "Windows Search Shell Service" - ? -   (File not found | COM-object registry key not found)

{20082881-FC36-4E47-9A7A-644C95FF749F} "Wireless Property Page" - "Microsoft Corporation" - C:\Program Files\Microsoft IntelliPoint\ipcplwir.dll
 

[Internet Explorer]

-----( HKCU\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser )-----

<binary data> "ITBar7Layout" - ? -   (File not found | COM-object registry key not found)

-----( HKLM\SOFTWARE\Microsoft\Code Store Database\Distribution Units )-----

{D27CDB6E-AE6D-11CF-96B8-444553540000} "Shockwave Flash Object" - "Adobe Systems, Inc." - C:\Windows\system32\Macromed\Flash\Flash32_11_2_202_235.ocx / hxxp://fpdownload2.macromedia.com/get/flashplayer/current/swflash.cab

-----( HKLM\SOFTWARE\Microsoft\Internet Explorer\Extensions )-----

{53707962-6F74-2D53-2644-206D7942484F} "ClsidExtension" - "Safer Networking Limited" - C:\PROGRA~1\SPYBOT~1\SDHelper.dll

-----( HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects )-----

{18DF081C-E8AD-4283-A596-FA578C2EBDC3} "Adobe PDF Link Helper" - "Adobe Systems Incorporated" - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll

{53707962-6F74-2D53-2644-206D7942484F} "Spybot-S&D IE Protection" - "Safer Networking Limited" - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
 

[Logon]

-----( %APPDATA%\Microsoft\Windows\Start Menu\Programs\Startup )-----

"desktop.ini" - ? - C:\Users\Matze\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\desktop.ini

-----( %AllUsersProfile%\Microsoft\Windows\Start Menu\Programs\Startup )-----

"desktop.ini" - ? - C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\desktop.ini

-----( HKLM\SYSTEM\CurrentControlSet\Control\Terminal Server\Wds\rdpwd )-----

"StartupPrograms" - ? - rdpclip  (File not found)

-----( HKLM\Software\Microsoft\Windows\CurrentVersion\Run )-----

"avgnt" - "Avira Operations GmbH & Co. KG" - "C:\Program Files\Avira\AntiVir Desktop\avgnt.exe" /min

"IntelliPoint" - "Microsoft Corporation" - "C:\Program Files\Microsoft IntelliPoint\ipoint.exe"

"itype" - "Microsoft Corporation" - "C:\Program Files\Microsoft IntelliType Pro\itype.exe"
 

[Services]

-----( HKLM\SYSTEM\CurrentControlSet\Services )-----

"@%SystemRoot%\System32\uxtuneup.dll,-4096" (UxTuneUp) - "TuneUp Software" - C:\Windows\System32\uxtuneup.dll

"@C:\Program Files\TuneUp Utilities 2010\TuneUpDefragService.exe,-1" (TuneUp.Defrag) - "TuneUp Software" - C:\Program Files\TuneUp Utilities 2010\TuneUpDefragService.exe

"Adobe Acrobat Update Service" (AdobeARMservice) - "Adobe Systems Incorporated" - C:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe

"Adobe Flash Player Update Service" (AdobeFlashPlayerUpdateSvc) - "Adobe Systems Incorporated" - C:\Windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe

"Avira Echtzeit Scanner" (AntiVirService) - "Avira Operations GmbH & Co. KG" - C:\Program Files\Avira\AntiVir Desktop\avguard.exe

"Avira Planer" (AntiVirSchedulerService) - "Avira Operations GmbH & Co. KG" - C:\Program Files\Avira\AntiVir Desktop\sched.exe

"McAfee Personal Firewall Service" (McMPFSvc) - ? - "C:\Program Files\Common Files\Mcafee\McSvcHost\McSvHost.exe" /McCoreSvc  (File not found)

"Mozilla Maintenance Service" (MozillaMaintenance) - "Mozilla Foundation" - C:\Program Files\Mozilla Maintenance Service\maintenanceservice.exe

"NVIDIA Display Driver Service" (nvsvc) - "NVIDIA Corporation" - C:\Windows\system32\nvvsvc.exe

"NVIDIA Update Service Daemon" (nvUpdatusService) - "NVIDIA Corporation" - C:\Program Files\NVIDIA Corporation\NVIDIA Updatus\daemonu.exe

"OpenVPN Service" (OpenVPNService) - ? - C:\Program Files\Astaro\Astaro SSL VPN Client\bin\openvpnserv.exe  (File found, but it contains no detailed information)

"SBSD Security Center Service" (SBSDWSCService) - "Safer Networking Ltd." - C:\Program Files\Spybot - Search & Destroy\SDWinSec.exe

"TuneUp Utilities Service" (TuneUp.UtilitiesSvc) - "TuneUp Software" - C:\Program Files\TuneUp Utilities 2010\TuneUpUtilitiesService32.exe
 

===[ Logfile end ]=========================================[ Logfile end ]===

--- --- ---
If You have questions or want to get some help, You can visit hxxp://forum.online-solutions.ru
[/code]

Code:

aswMBR version 0.9.9.1665 Copyright(c) 2011 AVAST Software

Run date: 2012-05-11 23:40:41

-----------------------------

23:40:41.933    OS Version: Windows 6.0.6000 

23:40:41.933    Number of processors: 4 586 0xF0B

23:40:41.938    ComputerName: MATZE-PC  UserName: Matze

23:40:42.424    Initialize success

23:44:40.216    AVAST engine defs: 12051101

23:45:17.468    Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\Ide\IdeDeviceP0T1L0-1

23:45:17.471    Disk 0 Vendor: WDC_WD5000AAKS-07YGA0 12.01C02 Size: 476940MB BusType: 3

23:45:17.599    Disk 0 MBR read successfully

23:45:17.601    Disk 0 MBR scan

23:45:17.612    Disk 0 Windows VISTA default MBR code

23:45:17.652    Disk 0 Partition 1 00     27 Hidden NTFS WinRE NTFS        12000 MB offset 2048

23:45:17.668    Disk 0 Partition 2 80 (A) 07    HPFS/NTFS NTFS       160627 MB offset 24578048

23:45:17.714    Disk 0 Partition 3 00     07    HPFS/NTFS NTFS       150000 MB offset 353542144

23:45:17.735    Disk 0 Partition 4 00     07    HPFS/NTFS NTFS       154311 MB offset 660742144

23:45:17.788    Disk 0 scanning sectors +976771072

23:45:18.056    Disk 0 scanning C:\Windows\system32\drivers

23:45:42.190    Service scanning

23:45:59.321    Modules scanning

23:46:05.447    Disk 0 trace - called modules:

23:46:05.465    ntoskrnl.exe CLASSPNP.SYS disk.sys acpi.sys hal.dll >>UNKNOWN [0x864e5090]<<

23:46:05.469    1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0x864e2ad8]

23:46:05.473    3 ntoskrnl.exe[838a80af] -> nt!IofCallDriver -> [0x85a81860]

23:46:05.477    5 acpi.sys[8047f32a] -> nt!IofCallDriver -> \Device\Ide\IdeDeviceP0T1L0-1[0x85a84730]

23:46:05.481    \Driver\atapi[0x864c7030] -> IRP_MJ_INTERNAL_DEVICE_CONTROL -> 0x864e5090

23:46:06.269    AVAST engine scan C:\Windows

23:46:09.553    AVAST engine scan C:\Windows\system32

23:49:32.151    AVAST engine scan C:\Windows\system32\drivers

23:49:43.339    AVAST engine scan C:\Users\Matze

23:51:37.631    AVAST engine scan C:\ProgramData

23:52:27.677    Scan finished successfully

23:52:48.073    Disk 0 MBR has been saved successfully to "C:\Users\Matze\Desktop\MBR.dat"

23:52:48.077    The log file has been saved successfully to "C:\Users\Matze\Desktop\aswMBR.txt"

Danke und Gruß
Matjes