Trojaner-Board

Trojaner-Board (https://www.trojaner-board.de/)
-   Log-Analyse und Auswertung (https://www.trojaner-board.de/log-analyse-auswertung/)
-   -   Windows Vista - Infektion mit Sirefef, Sirefef.AB (https://www.trojaner-board.de/124970-windows-vista-infektion-sirefef-sirefef-ab.html)

SatanasOz 01.10.2012 09:45
Windows Vista - Infektion mit Sirefef, Sirefef.AB
 
Liste der Anhänge anzeigen (Anzahl: 1)
Nachdem wir am anderen Ende der Welt angekommen sind, wollten wir nach 4 Wochen ohne Netzverbindung die nötigen updates ziehen, und meine Partnerin hat dabei wohl das "Flash-update" mit adminrechten versorgt. Alle Scanner haben sofort alarm geschlagen, da war es aber auch schon zu spät.

Auch wenn momentan noch nichts wirklich schlimm aussieht, hat es mich nun hier her getrieben. MSE läuft, das Sicherheitscenter incl. Firewall (dienst) ist aber aus und beide lassen sich nicht mehr starten (Der Sicherheitsdienst konnte nicht gestartet werden).

Backup ist leider etwas zu alt, so das ich gern das System wieder hin bekommen würde.

Bisher habe ich die Anleitung befolgt, OTL, Gmer und Malwarebytes logs sind im Anhang.

OTL bricht mit einem Fehler ab, die aber meiner Meinung nach nichts mit dem Befall zu tun hat (siehe Bild). Ich kann keine Datei mit diesem Datum finden, aber wenn ich OTL ohne Datumseinschränkung starte, läuft es durch.

http://www.trojaner-board.de/attachm...1&d=1349080591

Daher ist das OTL Log ziemlich Lang und seperat im Anhang :/

Stand jetzt: Malwarebytes hat beim ersten Scan (siehe Log) einiges gefunden. Dies wurde leider bereits "bereinigt". Sorry dafür - ein aktueller Scan findet nix mehr, aber Sicherheitscenter und FW bleiben defekt.

DerJazzer 02.10.2012 19:01
:hallo:

Ich habe dein Thema in Arbeit und melde mich so schnell als möglich mit weiteren Anweisungen.

Bitte beachte, dass alle meine Antworten zuerst von einem Ausbilder freigegeben werden müssen, bevor ich diese hier posten darf. Dies garantiert, dass Du Hilfe von einem ausgebildeten Helfer bekommst.

Ich bedanke mich für deine Geduld :)

DerJazzer 03.10.2012 12:21
Hallo und :hallo:
Ich bin Christoph und möchte dir bei deinem Problem helfen.
Eine Bereinigung ist mitunter mit viel Arbeit für Dich verbunden.
  • Bitte arbeite alle Schritte der Reihe nach ab.
  • Lese die Anleitungen sorgfältig. Sollte es Probleme geben, bitte stoppen und hier so gut es geht beschreiben.
  • Nur Scans durchführen zu denen Du von einem Helfer aufgefordert wirst.
  • Bitte kein Crossposting (Posten in mehreren Foren).
  • Installiere oder Deinstalliere während der Bereinigung keine Software außer Du wurdest dazu aufgefordert.
  • Lese Dir die Anleitung zuerst vollständig durch. Sollte etwas unklar sein, frage bevor Du beginnst.
  • Poste die Logfiles direkt in deinen Thread. Nicht anhängen außer ich fordere Dich dazu auf. Erschwert mir nämlich das Auswerten.

Hinweis: Ich kann Dir niemals eine Garantie geben, dass ich auch alles finde. Eine Formatierung ist meist der schnellere und immer der sicherste Weg.
Solltest Du Dich für eine Bereinigung entscheiden, arbeite solange mit, bis dir jemand vom Team sagt, dass dein PC clean ist.

Vista und Win7 User
Alle Tools mit Rechtsklick "als Administrator ausführen" starten.


Schritt 1

Ich habe gesehen, dass auf dem Rechner eine Doktorarbeit und Bewerbungsunterlagen lagern. Du solltest auf jeden Fall ein Backup dieser und weiterer sensibler Daten anlegen, bevor du fortfährst!


Schritt 2
Combofix sollte ausschließlich ausgeführt werden, wenn dies von einem Teammitglied angewiesen wurde!
Downloade dir bitte Combofix vom folgenden Downloadspiegel

Link 1


WICHTIG - Speichere Combofix auf deinem Desktop
  • Deaktiviere bitte all deine Anti Viren sowie Anti Malware/Spyware Scanner. Diese können Combofix bei der Arbeit stören.
Starte die Combofix.exe und folge den Anweisungen auf dem Bildschirm.

Wenn Combofix fertig ist, wird es eine Logfile erstellen. Bitte poste die C:\Combofix.txt in deiner nächsten Antwort.


Hinweis: Solltest du nach dem Neustart folgende Fehlermeldung erhalten

starte den Rechner einfach neu. Dies sollte das Problem beheben.


Schritt 3

Wie läuft der Rechner? Startet das Sicherheitscenter usw. wieder?


Bitte poste in deiner nächsten Antwort
  • Combofix.txt
  • Antwort auf meine Frage :)

SatanasOz 04.10.2012 00:15
Ein Backup habe ich gemacht, dazu musste ich leider Acronis installieren. Dafür gibts jetzt eine volles BU.

Combofix ist durchgelaufen. Beim start hat es gemault, weil Avira Antivir noch aktiv ist. Allerdings ist AntiVir schon länger deinstalliert. Ich habe noch mal alles durchgeschaut:

- Programme und Funktionen = kein AV
- Prozesse aller User = Kein AV
- Dienste = Kein AV

Also war ich mutig und hab Combofix dennoch laufen lassen. Lief wie gesagt durch und hat auch das Log angelegt. Aber dann war ich wohl etwas zu eilig und wollte die Kiste neustarten, bevor der letzte Boot richtig durch war. Dabei ist der Rechner abgestürzt und hängt jetzt vor dem Login beim cursor on black fest.

Der Taskmanager lässt sich nicht öffnen und auch der abgesicherte Modus hilft nicht weiter. Wahrscheinlich stelle ich einfach das BU wieder her und probiere es nochmal, ohne am Ende in Hektik zu verfallen. ;)

Das wird dann aber wieder einene Moment dauern, ich melde mich wenn es so weit ist.

Ok, schlechte Nachricht: Es ist der Einsatz von Combofix der das System in einen un-bootbaren zustand bringt. Ich habe:
  1. Die Systemplatte C: in den Zustand vor Combofix wiederhergestellt
  2. Combofix im abgesicherten Modus laufen lassen
  3. Nach dem Neustart fährt Windows nur noch zum schwarzen Bildschirm mit Cursor hoch, selbst im abgesicherten Modus

Ich kann das System jederzeit wieder auf den Anfangsstand zurücksetzten. Was ich jetzt in der Zwischenzeit machen werde, ist ein inplace upgrade von Vista starten, um mir die Zeit zu vertreiben. Wenn das auch nicht klappt, setzte ich zurück und warte auf neue Instruktionen.

Btw: Ich konnte mittels boot-usb stick die Combofix.txt retten. Bitteschön:

Code:
ComboFix 12-10-03.03 - Nina 04.10.2012  16:14:52.1.2 - x86 MINIMAL
Microsoft® Windows Vista™ Home Premium  6.0.6002.2.1252.49.1031.18.2046.1625 [GMT 13:00]
ausgeführt von:: c:\users\Nina\Desktop\ComboFix.exe
AV: AntiVir Desktop *Enabled/Updated* {090F9C29-64CE-6C6F-379C-5901B49A85B7}
SP: AntiVir Desktop *Enabled/Updated* {B26E7DCD-42F4-63E1-0D2C-6273CF1DCF0A}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
 * Neuer Wiederherstellungspunkt wurde erstellt
.
.
((((((((((((((((((((((((((((((((((((  Weitere Löschungen  ))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\windows\msvcr71.dll
c:\windows\system32\pthreadVC.dll
.
.
(((((((((((((((((((((((  Dateien erstellt von 2012-09-04 bis 2012-10-04  ))))))))))))))))))))))))))))))
.
.
2012-10-04 03:21 . 2012-10-04 03:21        --------        d-----w-        c:\users\Mcx1\AppData\Local\temp
2012-10-04 03:21 . 2012-10-04 03:21        --------        d-----w-        c:\users\Florian\AppData\Local\temp
2012-10-04 03:21 . 2012-10-04 03:22        --------        d-----w-        c:\users\Nina\AppData\Local\temp
2012-10-04 03:21 . 2012-10-04 03:21        --------        d-----w-        c:\users\Default\AppData\Local\temp
2012-10-02 22:10 . 2012-10-02 22:10        234752        ----a-w-        c:\windows\system32\drivers\afcdp.sys
2012-10-02 22:10 . 2012-10-02 22:10        775232        ----a-w-        c:\windows\system32\drivers\tdrpman.sys
2012-10-02 22:10 . 2012-10-02 22:10        614592        ----a-w-        c:\windows\system32\drivers\timntr.sys
2012-10-02 22:09 . 2012-10-02 22:09        126880        ----a-w-        c:\windows\system32\drivers\vididr.sys
2012-10-02 22:09 . 2012-10-02 22:09        86496        ----a-w-        c:\windows\system32\drivers\vsflt67.sys
2012-10-02 22:09 . 2012-10-02 22:09        177600        ----a-w-        c:\windows\system32\drivers\snapman.sys
2012-10-02 22:09 . 2012-10-02 22:09        80416        ----a-w-        c:\windows\system32\drivers\fltsrv.sys
2012-10-02 22:08 . 2012-10-02 22:08        --------        d-----w-        c:\program files\Acronis
2012-10-02 22:07 . 2012-10-02 22:10        --------        d-----w-        c:\program files\Common Files\Acronis
2012-10-02 21:33 . 2012-09-18 11:59        6980552        ----a-w-        c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{EAAD08E7-3183-4182-BF59-A521D2D428E0}\mpengine.dll
2012-10-02 12:08 . 2012-10-02 21:24        --------        d-----w-        c:\programdata\NVIDIA
2012-10-02 11:33 . 2012-10-02 11:33        181064        ----a-w-        c:\windows\PSEXESVC.EXE
2012-10-02 11:32 . 2010-04-26 22:04        381816        ----a-w-        c:\windows\system32\PsExec.exe
2012-10-02 05:03 . 2012-10-02 12:00        --------        d-----w-        c:\users\Nina\AppData\Local\ElevatedDiagnostics
2012-10-01 20:25 . 2012-09-18 11:59        6980552        ----a-w-        c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\Backup\mpengine.dll
2012-09-30 09:04 . 2012-09-30 09:04        --------        d-----w-        c:\users\Nina\AppData\Roaming\Malwarebytes
2012-09-30 09:02 . 2012-09-30 09:02        --------        d-----w-        c:\programdata\Malwarebytes
2012-09-30 09:02 . 2012-09-07 04:04        22856        ----a-w-        c:\windows\system32\drivers\mbam.sys
2012-09-30 09:02 . 2012-09-30 09:02        --------        d-----w-        c:\program files\Malwarebytes' Anti-Malware
2012-09-30 07:11 . 2012-09-30 22:08        --------        d-----w-        c:\program files\Common Files\Steam
2012-09-30 07:11 . 2012-10-01 08:12        --------        d-----w-        c:\program files\Steam
2012-09-30 06:08 . 2012-02-09 01:17        713784        ------w-        c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\NISBackup\gapaengine.dll
2012-09-30 06:08 . 2012-02-09 01:17        713784        ------w-        c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{C0E24A38-5BFC-4101-A546-59D6C3DAD3BC}\gapaengine.dll
2012-09-30 05:58 . 2012-10-02 11:43        --------        d-----w-        c:\program files\Microsoft Security Client
2012-09-30 05:33 . 2012-09-30 22:03        --------        d-----w-        c:\users\Nina\AppData\Roaming\Haewevv
2012-09-30 05:33 . 2012-09-30 05:36        --------        d-----w-        c:\users\Nina\AppData\Roaming\Izu
2012-09-29 09:33 . 2012-09-18 22:59        6980552        ----a-w-        c:\programdata\Microsoft\Windows Defender\Definition Updates\{9C86BF41-E1EC-4DD2-97A3-BA4B5585189C}\mpengine.dll
2012-09-27 03:36 . 2012-09-27 03:36        --------        d-----w-        c:\program files\Common Files\Skype
2012-09-27 02:03 . 2012-09-27 02:03        --------        d-----w-        c:\program files\Microsoft
2012-09-19 10:42 . 2012-09-19 10:42        --------        d-----w-        c:\users\Florian\AppData\Roaming\dvdcss
.
.
.
((((((((((((((((((((((((((((((((((((  Find3M Bericht  ))))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2012-10-01 05:55 . 2007-11-06 11:21        45056        ----a-w-        c:\windows\system32\acovcnt.exe
2012-08-30 09:03 . 2012-08-30 09:03        193552        ----a-w-        c:\windows\system32\drivers\MpFilter.sys
2012-08-30 09:03 . 2012-03-20 07:44        99272        ----a-w-        c:\windows\system32\drivers\NisDrvWFP.sys
2012-07-22 11:47 . 2011-03-28 16:36        19736        ----a-w-        c:\programdata\Microsoft\IdentityCRL\production\ppcrlconfig600.dll
.
.
((((((((((((((((((((((((((((  Autostartpunkte der Registrierung  ))))))))))))))))))))))))))))))))))))))))
.
.
*Hinweis* leere Einträge & legitime Standardeinträge werden nicht angezeigt.
REGEDIT4
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Sidebar"="c:\program files\Windows Sidebar\sidebar.exe" [2009-04-11 1233920]
"ehTray.exe"="c:\windows\ehome\ehTray.exe" [2008-01-19 125952]
"WMPNSCFG"="c:\program files\Windows Media Player\WMPNSCFG.exe" [2008-01-19 202240]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"RtHDVCpl"="RtHDVCpl.exe" [2007-04-25 4444160]
"Skytel"="Skytel.exe" [2007-04-13 1822720]
"ATKMEDIA"="c:\program files\ASUS\ATK Media\DMEDIA.EXE" [2006-11-02 61440]
"SynTPEnh"="c:\program files\Synaptics\SynTP\SynTPEnh.exe" [2007-03-01 857648]
"IAAnotif"="c:\program files\Intel\Intel Matrix Storage Manager\Iaanotif.exe" [2007-02-12 174872]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2008-10-15 39792]
"QuickTime Task"="c:\program files\QuickTime\QTTask.exe" [2009-11-10 417792]
"iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2010-02-15 141608]
"Windows Mobile-based device management"="c:\windows\WindowsMobile\wmdSync.exe" [2006-11-02 215552]
"MSC"="c:\program files\Microsoft Security Client\msseces.exe" [2012-09-12 947176]
"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2009-07-01 13789728]
"SMSERIAL"="c:\program files\Motorola\SMSERIAL\sm56hlpr.exe" [2009-10-26 1458176]
"TrueImageMonitor.exe"="c:\program files\Acronis\TrueImageHome\TrueImageMonitor.exe" [2012-06-28 5955088]
"AcronisTimounterMonitor"="c:\program files\Acronis\TrueImageHome\TimounterMonitor.exe" [2012-06-28 1171336]
"Acronis Scheduler2 Service"="c:\program files\Common Files\Acronis\Schedule2\schedhlp.exe" [2012-06-28 403144]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"EnableUIADesktopToggle"= 0 (0x0)
"EnableLinkedConnections"= 1 (0x1)
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MsMpSvc]
@="Service"
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ASUS Camera ScreenSaver]
2007-11-06 11:27        37232        ----a-w-        c:\windows\ASScrProlog.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ASUS Screen Saver Protector]
2007-11-06 11:27        33136        ----a-w-        c:\windows\ASScrPro.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MMReminderService]
2008-11-14 02:35        37656        ----a-w-        c:\program files\Mindjet\MindManager 8\MmReminderService.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MsnMsgr]
2012-03-08 16:50        4280184        ----a-w-        c:\program files\Windows Live\Messenger\msnmsgr.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\PowerForPhone]
2007-06-26 18:10        778240        ----a-w-        c:\program files\PowerForPhone\PowerForPhone.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Skype]
2012-07-13 01:33        17418928        ----a-r-        c:\program files\Skype\Phone\Skype.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SMSERIAL]
2009-10-26 01:46        1458176        ----a-w-        c:\program files\Motorola\SMSERIAL\sm56hlpr.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Sony Ericsson PC Suite]
2007-06-13 06:16        528384        ----a-r-        c:\program files\Sony Ericsson\Mobile2\Application Launcher\Application Launcher.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Steam]
2012-09-30 07:16        1353080        ----a-w-        c:\program files\Steam\Steam.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring]
"DisableMonitoring"=dword:00000001
.
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus]
"DisableMonitoring"=dword:00000001
.
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecFirewall]
"DisableMonitoring"=dword:00000001
.
R2 afcdpsrv;Acronis Nonstop Backup Service;c:\program files\Common Files\Acronis\CDP\afcdpsrv.exe [x]
R3 afcdp;afcdp;c:\windows\system32\DRIVERS\afcdp.sys [x]
.
.
--- Andere Dienste/Treiber im Speicher ---
.
*NewlyCreated* - ECACHE
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
bthsvcs        REG_MULTI_SZ          BthServ
LocalServiceAndNoImpersonation        REG_MULTI_SZ          FontCache
WindowsMobile        REG_MULTI_SZ          wcescomm rapimgr
LocalServiceRestricted        REG_MULTI_SZ          WcesComm RapiMgr
.
Inhalt des "geplante Tasks" Ordners
.
2012-10-04 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files\Google\Update\GoogleUpdate.exe [2009-12-15 21:29]
.
2012-10-02 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files\Google\Update\GoogleUpdate.exe [2009-12-15 21:29]
.
.
------- Zusätzlicher Suchlauf -------
.
uStart Page = hxxp://www.t-online.de/
uInternet Settings,ProxyOverride = *.local
IE: &Citavi Picker... - file://c:\program files\Internet Explorer\PLUGINS\Citavi Picker\ShowContextMenu.html
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~2\Office12\EXCEL.EXE/3000
IE: Nach Microsoft E&xel exportieren - c:\progra~1\MICROS~2\Office12\EXCEL.EXE/3000
Trusted Zone: t-online.de\email
TCP: DhcpNameServer = 192.168.1.1
.
- - - - Entfernte verwaiste Registrierungseinträge - - - -
.
ShellIconOverlayIdentifiers- - (no file)
ShellIconOverlayIdentifiers- - (no file)
ShellIconOverlayIdentifiers- - (no file)
.
.
.
**************************************************************************
.
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, hxxp://www.gmer.net
Rootkit scan 2012-10-04 16:22
Windows 6.0.6002 Service Pack 2 NTFS
.
Scanne versteckte Prozesse...
.
Scanne versteckte Autostarteinträge...
.
Scanne versteckte Dateien...
.
Scan erfolgreich abgeschlossen
versteckte Dateien: 0
.
**************************************************************************
.
--------------------- Gesperrte Registrierungsschluessel ---------------------
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
"MSCurrentCountry"=dword:000000b5
.
--------------------- Durch laufende Prozesse gestartete DLLs ---------------------
.
- - - - - - - > 'Explorer.exe'(692)
c:\program files\Acronis\TrueImageHome\tishell.dll
c:\program files\Acronis\TrueImageHome\timounter.dll
c:\program files\Acronis\TrueImageHome\ti_managers_proxy_stub.dll
.
Zeit der Fertigstellung: 2012-10-04  16:24:47
ComboFix-quarantined-files.txt  2012-10-04 03:24
.
Vor Suchlauf: 8 Verzeichnis(se), 17.589.530.624 Bytes frei
Nach Suchlauf: 13 Verzeichnis(se), 21.100.048.384 Bytes frei
.
- - End Of File - - 341A9CB73539DABB663E6D7559AE0AFC
Update 2: Keine deutsche Vista installations-DVD in Neuseeland aufzutreiben. Bleibt also nur noch eure hilfe oder neu aufsetzen :daumenrunter:

DerJazzer 04.10.2012 14:04
Hi :)

Ok, setzte bitte wieder auf den Zeitpunkt vor Combofix zurück.

Dann, mache Folgendes:

Downloade dir bitte Farbar Recovery Scan Tool 32-Bit und speichere diese auf einen USB Stick.

Schließe den USB Stick an das infizierte System an.

Du musst das System nun in die System Reparatur Option booten.

Über den Boot Manager
  • Starte den Rechner neu auf.
  • Während dem Hochfahren drücke mehrmals die F8 Taste
  • Wähle nun Computer reparieren.
  • Wähle dein Betriebssystem und Benutzerkonto und klicke jeweils "Weiter".

Mit Windows CD/DVD
  • Lege die Windows CD in dein Laufwerk.
  • Starte den Rechner neu auf und starte von der CD
  • Wähle die Spracheinstellungen und klicke "Weiter".
  • Klicke auf Computerreparaturoptionen !!
  • Wähle dein Betriebssystem und Benutzerkonto und klicke jeweils "Weiter".


Wähle in den Reparaturoptionen Eingabeaufforderung
  • Gib nun bitte notepad ein und drücke Enter.
  • Im öffnenden Textdokument --> Datei --> Speichern unter und wähle Computer
    Hier wird dir der Laufwerksbuchstabe deines USB Sticks angezeigt.
  • Schließe Notepad wieder
  • Gib nun bitte folgenden Befehl ein.
    e:\frst.exe
    Hinweis: e steht für den Laufwerksbuchstaben deines USB Sticks. Gegebenfalls anpassen.
  • Akzeptiere den Disclaimer mit Yes und klicke Scan
Das Tool erstellt eine FRST.txt auf deinem USB Stick. Poste den Inhalt bitte hier.

SatanasOz 04.10.2012 21:45
War nicht so einfach. Da es wohl so eine schreckliche ASUS OEM Version ist, gibt es keine Reperaturoption im Bootmenu. Ich kann nur seperat von der Asus Partion booten und C: in den Ausgangszustand wiederherstellen.

Habe jetzt eine Vista Home Premium deutsch Installation gefunden, mit der kam ich auch in den Reperatur-"modus".

Code:
OTL Extras logfile created on: 01.10.2012 12:46:25 - Run 1
OTL by OldTimer - Version 3.2.69.0    Folder = C:\Users\Nina\Desktop
Windows Vista Home Premium Edition Service Pack 2 (Version = 6.0.6002) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
 
2,00 Gb Total Physical Memory | 1,06 Gb Available Physical Memory | 52,84% Memory free
4,23 Gb Paging File | 2,87 Gb Available in Paging File | 67,81% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 116,44 Gb Total Space | 22,37 Gb Free Space | 19,21% Space Free | Partition Type: NTFS
Drive D: | 109,60 Gb Total Space | 31,06 Gb Free Space | 28,34% Space Free | Partition Type: NTFS
Drive F: | 967,22 Mb Total Space | 954,89 Mb Free Space | 98,73% Space Free | Partition Type: FAT
 
Computer Name: NINA-PC | User Name: Nina | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days
 
========== Extra Registry (SafeList) ==========
 
 
========== File Associations ==========
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- C:\Windows\System32\control.exe (Microsoft Corporation)
.hlp [@ = hlpfile] -- C:\Windows\winhlp32.exe (Microsoft Corporation)
 
========== Shell Spawning ==========
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
hlpfile [open] -- %SystemRoot%\winhlp32.exe %1 (Microsoft Corporation)
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [OneNote.Open] -- C:\PROGRA~1\MICROS~2\Office12\ONENOTE.EXE "%L"
Folder [open] -- %SystemRoot%\Explorer.exe /separate,/idlist,%I,%L (Microsoft Corporation)
Folder [explore] -- %SystemRoot%\Explorer.exe /separate,/e,/idlist,%I,%L (Microsoft Corporation)
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
 
========== Security Center Settings ==========
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 0
"UacDisableNotify" = 1
"InternetSettingsDisableNotify" = 1
"AutoUpdateDisableNotify" = 1
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]
"DisableMonitoring" = 1
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecAntiVirus]
"DisableMonitoring" = 1
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecFirewall]
"DisableMonitoring" = 1
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"AntiVirusOverride" = 0
"AntiSpywareOverride" = 0
"FirewallOverride" = 0
"VistaSp1" = Reg Error: Unknown registry data type -- File not found
"VistaSp2" = Reg Error: Unknown registry data type -- File not found
 
========== Firewall Settings ==========
 
========== Authorized Applications List ==========
 
 
========== HKEY_LOCAL_MACHINE Uninstall List ==========
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{002D9D5E-29BA-3E6D-9BC4-3D7D6DBC735C}" = Microsoft Visual C++ 2008 ATL Update kb973924 - x86 9.0.30729.4148
"{048298C9-A4D3-490B-9FF9-AB023A9238F3}" = Steam
"{052FDD78-A6EA-3187-8386-C82F4CA3A929}" = Microsoft .NET Framework 3.5 Language Pack SP1 - deu
"{07287123-B8AC-41CE-8346-3D777245C35B}" = Bonjour
"{0B0F231F-CE6A-483D-AA23-77B364F75917}" = Windows Live Installer
"{0F842B77-56EA-4AAF-8295-81A022350B5E}" = Microsoft Security Client
"{139B0FFA-187E-4BA1-BCA6-6B56B2B6AB8C}" = ATK Media
"{1451DE6B-ABE1-4F62-BE9A-B363A17588A2}" = QuickTime
"{1BA1DBDC-5431-46FD-A66F-A17EB1C439EE}" = Windows Live Messenger
"{1DBD1F12-ED93-49C0-A7CC-56CBDE488158}" = LifeFrame2
"{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
"{1F698102-5739-441E-96F0-74F4EA540F06}" = Attansic Ethernet Utility
"{200FEC62-3C34-4D60-9CE8-EC372E01C08F}" = Windows Live SOXE Definitions
"{25BEC3AB-5CD4-481D-9143-215C1BBB189E}" = Sony Ericsson PC Suite
"{32E4F0D2-C135-475E-A841-1D59A0D22989}" = Sid Meier's Civilization 4 - Beyond the Sword
"{37B33B16-2535-49E7-8990-32668708A0A3}" = Windows Live UX Platform Language Pack
"{3912D529-02BC-4CA8-B5ED-0D0C20EB6003}" = ATK Hotkey
"{3C3901C5-3455-3E0A-A214-0B093A5070A6}" = Microsoft .NET Framework 4 Client Profile
"{3FA365DF-2D68-45ED-8F83-8C8A33E65143}" = Apple Application Support
"{4377F918-E6C9-4ECA-A7F5-754B310B7ED8}" = Sid Meier's Civilization 4
"{59F6A514-9813-47A3-948C-8A155460CC2A}" = RICOH R5C83x/84x Flash Media Controller Driver Ver.3.51.01
"{5C1DB4ED-E9B4-402D-BB14-D75D97D6C1A6}" = ATKOSD2
"{5DD4FCBD-A3C1-4155-9E17-4161C70AAABA}" = Segoe UI
"{626C034B-50B8-47BD-AF93-EEFD0FA78FF4}" = Character Builder
"{6324A1EF-CEF4-43E3-8BCD-9EF3F67317FD}" = NB Probe
"{65DA2EC9-0642-47E9-AAE2-B5267AA14D75}" = Activation Assistant for the 2007 Microsoft Office suites
"{682B3E4F-696A-42DE-A41C-4C07EA1678B4}" = Windows Live SOXE
"{6956856F-B6B3-4BE0-BA0B-8F495BE32033}" = Apple Software Update
"{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}" = Microsoft Visual C++ 2005 Redistributable
"{770657D0-A123-3C07-8E44-1C83EC895118}" = Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
"{81063354-9060-42B2-A000-1EBE96778AA9}" = iTunes
"{83C292B7-38A5-440B-A731-07070E81A64F}" = Windows Live PIMT Platform
"{83F73CB1-7705-49D1-9852-84D839CA2A45}" = Wireless Console 2
"{86CE85E6-DBAC-3FFD-B977-E4B79F83C909}" = Microsoft Visual C++ 2008 Redistributable - KB2467174 - x86 9.0.30729.5570
"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
"{8B928BA1-EDEC-4227-A2DA-DD83026C36F5}" = mPfMgr
"{8C6BB412-D3A8-4AAE-A01B-35B681789D68}" = mHelp
"{8CFEBE9C-F29F-4C49-80E0-7106970F8734}" = Power4Gear eXtreme
"{8DD46C6A-0056-4FEC-B70A-28BB16A1F11F}" = MSVCRT
"{90120000-0015-0407-0000-0000000FF1CE}" = Microsoft Office Access MUI (German) 2007
"{90120000-0015-0407-0000-0000000FF1CE}_PROHYBRIDR_{DB2ACBD1-65B1-4FC5-881E-4E75C668E7E2}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-0015-0409-0000-0000000FF1CE}" = Microsoft Office Access MUI (English) 2007
"{90120000-0015-0409-0000-0000000FF1CE}_PROHYBRIDR_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-0015-040C-0000-0000000FF1CE}" = Microsoft Office Access MUI (French) 2007
"{90120000-0015-040C-0000-0000000FF1CE}_PROHYBRIDR_{CF3C20A6-47B7-48DA-95C1-6FBB5A439AF8}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-0015-0410-0000-0000000FF1CE}" = Microsoft Office Access MUI (Italian) 2007
"{90120000-0015-0410-0000-0000000FF1CE}_PROHYBRIDR_{7F40286D-09A7-4DC0-A2A4-AA18D026D369}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-0015-0413-0000-0000000FF1CE}" = Microsoft Office Access MUI (Dutch) 2007
"{90120000-0015-0413-0000-0000000FF1CE}_PROHYBRIDR_{26257879-B20D-4D30-A429-B387A4890929}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-0016-0407-0000-0000000FF1CE}" = Microsoft Office Excel MUI (German) 2007
"{90120000-0016-0407-0000-0000000FF1CE}_HOMESTUDENTR_{DB2ACBD1-65B1-4FC5-881E-4E75C668E7E2}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-0016-0407-0000-0000000FF1CE}_PROHYBRIDR_{DB2ACBD1-65B1-4FC5-881E-4E75C668E7E2}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-0016-0409-0000-0000000FF1CE}" = Microsoft Office Excel MUI (English) 2007
"{90120000-0016-0409-0000-0000000FF1CE}_PROHYBRIDR_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-0016-040C-0000-0000000FF1CE}" = Microsoft Office Excel MUI (French) 2007
"{90120000-0016-040C-0000-0000000FF1CE}_PROHYBRIDR_{CF3C20A6-47B7-48DA-95C1-6FBB5A439AF8}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-0016-0410-0000-0000000FF1CE}" = Microsoft Office Excel MUI (Italian) 2007
"{90120000-0016-0410-0000-0000000FF1CE}_PROHYBRIDR_{7F40286D-09A7-4DC0-A2A4-AA18D026D369}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-0016-0413-0000-0000000FF1CE}" = Microsoft Office Excel MUI (Dutch) 2007
"{90120000-0016-0413-0000-0000000FF1CE}_PROHYBRIDR_{26257879-B20D-4D30-A429-B387A4890929}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-0018-0407-0000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (German) 2007
"{90120000-0018-0407-0000-0000000FF1CE}_HOMESTUDENTR_{DB2ACBD1-65B1-4FC5-881E-4E75C668E7E2}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-0018-0407-0000-0000000FF1CE}_PROHYBRIDR_{DB2ACBD1-65B1-4FC5-881E-4E75C668E7E2}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-0018-0409-0000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (English) 2007
"{90120000-0018-0409-0000-0000000FF1CE}_PROHYBRIDR_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-0018-040C-0000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (French) 2007
"{90120000-0018-040C-0000-0000000FF1CE}_PROHYBRIDR_{CF3C20A6-47B7-48DA-95C1-6FBB5A439AF8}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-0018-0410-0000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (Italian) 2007
"{90120000-0018-0410-0000-0000000FF1CE}_PROHYBRIDR_{7F40286D-09A7-4DC0-A2A4-AA18D026D369}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-0018-0413-0000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (Dutch) 2007
"{90120000-0018-0413-0000-0000000FF1CE}_PROHYBRIDR_{26257879-B20D-4D30-A429-B387A4890929}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-0019-0407-0000-0000000FF1CE}" = Microsoft Office Publisher MUI (German) 2007
"{90120000-0019-0407-0000-0000000FF1CE}_PROHYBRIDR_{DB2ACBD1-65B1-4FC5-881E-4E75C668E7E2}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-0019-0409-0000-0000000FF1CE}" = Microsoft Office Publisher MUI (English) 2007
"{90120000-0019-0409-0000-0000000FF1CE}_PROHYBRIDR_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-0019-040C-0000-0000000FF1CE}" = Microsoft Office Publisher MUI (French) 2007
"{90120000-0019-040C-0000-0000000FF1CE}_PROHYBRIDR_{CF3C20A6-47B7-48DA-95C1-6FBB5A439AF8}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-0019-0410-0000-0000000FF1CE}" = Microsoft Office Publisher MUI (Italian) 2007
"{90120000-0019-0410-0000-0000000FF1CE}_PROHYBRIDR_{7F40286D-09A7-4DC0-A2A4-AA18D026D369}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-0019-0413-0000-0000000FF1CE}" = Microsoft Office Publisher MUI (Dutch) 2007
"{90120000-0019-0413-0000-0000000FF1CE}_PROHYBRIDR_{26257879-B20D-4D30-A429-B387A4890929}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-001A-0407-0000-0000000FF1CE}" = Microsoft Office Outlook MUI (German) 2007
"{90120000-001A-0407-0000-0000000FF1CE}_PROHYBRIDR_{DB2ACBD1-65B1-4FC5-881E-4E75C668E7E2}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-001A-0409-0000-0000000FF1CE}" = Microsoft Office Outlook MUI (English) 2007
"{90120000-001A-0409-0000-0000000FF1CE}_PROHYBRIDR_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-001A-040C-0000-0000000FF1CE}" = Microsoft Office Outlook MUI (French) 2007
"{90120000-001A-040C-0000-0000000FF1CE}_PROHYBRIDR_{CF3C20A6-47B7-48DA-95C1-6FBB5A439AF8}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-001A-0410-0000-0000000FF1CE}" = Microsoft Office Outlook MUI (Italian) 2007
"{90120000-001A-0410-0000-0000000FF1CE}_PROHYBRIDR_{7F40286D-09A7-4DC0-A2A4-AA18D026D369}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-001A-0413-0000-0000000FF1CE}" = Microsoft Office Outlook MUI (Dutch) 2007
"{90120000-001A-0413-0000-0000000FF1CE}_PROHYBRIDR_{26257879-B20D-4D30-A429-B387A4890929}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-001B-0407-0000-0000000FF1CE}" = Microsoft Office Word MUI (German) 2007
"{90120000-001B-0407-0000-0000000FF1CE}_HOMESTUDENTR_{DB2ACBD1-65B1-4FC5-881E-4E75C668E7E2}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-001B-0407-0000-0000000FF1CE}_PROHYBRIDR_{DB2ACBD1-65B1-4FC5-881E-4E75C668E7E2}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-001B-0409-0000-0000000FF1CE}" = Microsoft Office Word MUI (English) 2007
"{90120000-001B-0409-0000-0000000FF1CE}_PROHYBRIDR_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-001B-040C-0000-0000000FF1CE}" = Microsoft Office Word MUI (French) 2007
"{90120000-001B-040C-0000-0000000FF1CE}_PROHYBRIDR_{CF3C20A6-47B7-48DA-95C1-6FBB5A439AF8}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-001B-0410-0000-0000000FF1CE}" = Microsoft Office Word MUI (Italian) 2007
"{90120000-001B-0410-0000-0000000FF1CE}_PROHYBRIDR_{7F40286D-09A7-4DC0-A2A4-AA18D026D369}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-001B-0413-0000-0000000FF1CE}" = Microsoft Office Word MUI (Dutch) 2007
"{90120000-001B-0413-0000-0000000FF1CE}_PROHYBRIDR_{26257879-B20D-4D30-A429-B387A4890929}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-001F-0401-0000-0000000FF1CE}" = Microsoft Office Proof (Arabic) 2007
"{90120000-001F-0401-0000-0000000FF1CE}_PROHYBRIDR_{3E8EA473-ECCE-405F-A9CA-59446AEADD3A}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
"{90120000-001F-0407-0000-0000000FF1CE}" = Microsoft Office Proof (German) 2007
"{90120000-001F-0407-0000-0000000FF1CE}_HOMESTUDENTR_{928D7B99-2BEA-49F9-83B8-20FA57860643}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
"{90120000-001F-0407-0000-0000000FF1CE}_PROHYBRIDR_{928D7B99-2BEA-49F9-83B8-20FA57860643}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
"{90120000-001F-0409-0000-0000000FF1CE}" = Microsoft Office Proof (English) 2007
"{90120000-001F-0409-0000-0000000FF1CE}_HOMESTUDENTR_{1FF96026-A04A-4C3E-B50A-BB7022654D0F}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
"{90120000-001F-0409-0000-0000000FF1CE}_PROHYBRIDR_{1FF96026-A04A-4C3E-B50A-BB7022654D0F}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
"{90120000-001F-040C-0000-0000000FF1CE}" = Microsoft Office Proof (French) 2007
"{90120000-001F-040C-0000-0000000FF1CE}_HOMESTUDENTR_{71F055E8-E2C6-4214-BB3D-BFE03561B89E}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
"{90120000-001F-040C-0000-0000000FF1CE}_PROHYBRIDR_{71F055E8-E2C6-4214-BB3D-BFE03561B89E}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
"{90120000-001F-0410-0000-0000000FF1CE}" = Microsoft Office Proof (Italian) 2007
"{90120000-001F-0410-0000-0000000FF1CE}_HOMESTUDENTR_{A23BFC95-4A73-410F-9248-4C2B48E38C49}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
"{90120000-001F-0410-0000-0000000FF1CE}_PROHYBRIDR_{A23BFC95-4A73-410F-9248-4C2B48E38C49}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
"{90120000-001F-0413-0000-0000000FF1CE}" = Microsoft Office Proof (Dutch) 2007
"{90120000-001F-0413-0000-0000000FF1CE}_PROHYBRIDR_{2C95E7EE-FEA7-4B3A-A6E5-DF90A88B816A}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
"{90120000-001F-0C0A-0000-0000000FF1CE}" = Microsoft Office Proof (Spanish) 2007
"{90120000-001F-0C0A-0000-0000000FF1CE}_PROHYBRIDR_{2314F9A1-126F-45CC-8A5E-DFAF866F3FBC}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
"{90120000-002C-0407-0000-0000000FF1CE}" = Microsoft Office Proofing (German) 2007
"{90120000-002C-0409-0000-0000000FF1CE}" = Microsoft Office Proofing (English) 2007
"{90120000-002C-040C-0000-0000000FF1CE}" = Microsoft Office Proofing (French) 2007
"{90120000-002C-0410-0000-0000000FF1CE}" = Microsoft Office Proofing (Italian) 2007
"{90120000-002C-0413-0000-0000000FF1CE}" = Microsoft Office Proofing (Dutch) 2007
"{90120000-006E-0407-0000-0000000FF1CE}" = Microsoft Office Shared MUI (German) 2007
"{90120000-006E-0407-0000-0000000FF1CE}_HOMESTUDENTR_{A6353E8F-5B8D-47CC-8737-DFF032ED3973}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-006E-0407-0000-0000000FF1CE}_PROHYBRIDR_{A6353E8F-5B8D-47CC-8737-DFF032ED3973}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-006E-0409-0000-0000000FF1CE}" = Microsoft Office Shared MUI (English) 2007
"{90120000-006E-0409-0000-0000000FF1CE}_PROHYBRIDR_{98333358-268C-4164-B6D4-C96DF5153727}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-006E-040C-0000-0000000FF1CE}" = Microsoft Office Shared MUI (French) 2007
"{90120000-006E-040C-0000-0000000FF1CE}_PROHYBRIDR_{8283FD64-6A3B-4104-9E12-7CA25EF29A1A}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-006E-0410-0000-0000000FF1CE}" = Microsoft Office Shared MUI (Italian) 2007
"{90120000-006E-0410-0000-0000000FF1CE}_PROHYBRIDR_{C0C7E58F-D0A1-4102-855B-0B7AA2E8F1C1}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-006E-0413-0000-0000000FF1CE}" = Microsoft Office Shared MUI (Dutch) 2007
"{90120000-006E-0413-0000-0000000FF1CE}_PROHYBRIDR_{1D12BC91-360E-424C-97C4-813651313660}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-00A1-0407-0000-0000000FF1CE}" = Microsoft Office OneNote MUI (German) 2007
"{90120000-00A1-0407-0000-0000000FF1CE}_HOMESTUDENTR_{DB2ACBD1-65B1-4FC5-881E-4E75C668E7E2}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-0115-0409-0000-0000000FF1CE}" = Microsoft Office Shared Setup Metadata MUI (English) 2007
"{90120000-0115-0409-0000-0000000FF1CE}_PROHYBRIDR_{98333358-268C-4164-B6D4-C96DF5153727}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-0117-0409-0000-0000000FF1CE}" = Microsoft Office Access Setup Metadata MUI (English) 2007
"{90120000-0117-0409-0000-0000000FF1CE}_PROHYBRIDR_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90140000-2005-0000-0000-0000000FF1CE}" = Microsoft Office File Validation Add-In
"{9068B2BE-D93A-4C0A-861C-5E35E2C0E09E}" = Intel(R) Matrix Storage Manager
"{91120000-002F-0000-0000-0000000FF1CE}" = Microsoft Office Home and Student 2007
"{91120000-002F-0000-0000-0000000FF1CE}_HOMESTUDENTR_{6E107EB7-8B55-48BF-ACCB-199F86A2CD93}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{91120000-0031-0000-0000-0000000FF1CE}" = Microsoft Office Professional Hybrid 2007
"{91120000-0031-0000-0000-0000000FF1CE}_PROHYBRIDR_{6E107EB7-8B55-48BF-ACCB-199F86A2CD93}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{95120000-00B9-0409-0000-0000000FF1CE}" = Microsoft Application Error Reporting
"{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
"{9BE518E6-ECC6-35A9-88E4-87755C07200F}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
"{A0F925BF-5C55-44C2-A4E7-5A4C59791C29}" = mDriver
"{A203F249-2267-409A-A862-92D2965CBFCA}" = Brother HL-2035
"{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}" = Google Update Helper
"{A9BDCA6B-3653-467B-AC83-94367DA3BFE3}" = Windows Live Photo Common
"{AADEA55D-C834-4BCB-98A3-4B8D1C18F4EE}" = Apple Mobile Device Support
"{AC76BA86-7AD7-1033-7B44-A81300000003}" = Adobe Reader 8.1.4
"{B6CF2967-C81E-40C0-9815-C05774FEF120}" = Skype Toolbars
"{C0FC1C14-4824-4A73-87A6-9E888C9C3102}" = ASUS Splendid Video Enhancement Technology
"{C2AB7DC4-489E-4BE9-887A-52262FBADBE0}" = Windows Live Photo Common
"{C60BA916-9E44-4DA4-B11A-9E27B7624EF5}" = Sony Ericsson Drivers
"{C6150D8A-86ED-41D3-87BB-F3BB51B0B77F}" = Windows Live ID Sign-in Assistant
"{C92E7DF1-624A-4D95-A4C4-18CB491B44A4}" = Sony Ericsson Device Data
"{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}" = Microsoft .NET Framework 3.5 SP1
"{CE386A4E-D0DA-4208-8235-BCE43275C694}" = LightScribe  1.4.142.1
"{CE95A79E-E4FC-4FFF-8A75-29F04B942FF2}" = Windows Live UX Platform
"{CFBCE791-2D53-4FCE-B3FB-D6E01F4112E8}" = Sid Meier's Civilization 4
"{D3D54F3E-C5C3-443D-978F-87A72E5616E8}" = ATK Generic Function Service
"{D45240D3-B6B3-4FF9-B243-54ECE3E10066}" = Windows Live Communications Platform
"{D6BF6477-8369-489F-8DE6-3731F4B88560}" = Sony Ericsson PC Suite
"{D7FD752A-DDB9-4685-83FD-E20C7C59BD84}" = Mindjet MindManager 8
"{DE10AB76-4756-4913-BE25-55D1C1051F9A}" = WinFlash
"{E09C4DB7-630C-4F06-A631-8EA7239923AF}" = D3DX10
"{E28B1E6F-E0AA-4228-AB89-DB4A0C89D426}" = AVerTV
"{E5B21F11-6933-4E0B-A25C-7963E3C07D11}" = Windows Live Messenger
"{E657B243-9AD4-4ECC-BE81-4CCF8D667FD0}" = ASUS Live Update
"{EE7257A2-39A2-4D2F-9DAC-F9F25B8AE1D8}" = Skype™ 5.10
"{F0BFC7EF-9CF8-44EE-91B0-158884CD87C5}" = mMHouse
"{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}" = Realtek High Definition Audio Driver
"{F20C1251-1D0A-4944-B2AE-678581B33B19}" = Neverwinter Nights 2
"{F40BBEC7-C2A4-4A00-9B24-7A055A2C5262}" = Microsoft Office Live Add-in 1.5
"{F5D7FAB5-A1FD-4DD3-983E-4155B09D7102}" = mCore
"{F750C986-5310-3A5A-95F8-4EC71C8AC01C}" = Microsoft .NET Framework 4 Client Profile DEU Language Pack
"{F95E4EE0-0C6E-4273-B6B9-91FD6F071D76}" = Windows Live Essentials
"{FC3D290D-79BE-44B7-ABF9-FDD110925930}" = PowerForPhone
"{FE0646A7-19D0-41B4-A2BB-2C35D644270D}" = Windows Live OneCare safety scanner
"{FF66E9F6-83E7-3A3E-AF14-8DE9A809A6A4}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022
"Activation Assistant for the 2007 Microsoft Office suites" = Activation Assistant for the 2007 Microsoft Office suites
"Adobe Flash Player ActiveX" = Adobe Flash Player 11 ActiveX
"Asus_Camera_ScreenSaver" = Asus_Camera_ScreenSaver
"Audacity 1.3 Beta (Unicode)_is1" = Audacity 1.3.13 (Unicode)
"AVerMedia A850 USB DMB-TH" = AVerMedia A850 USB DMB-TH 1.0.0.30
"Citavi" = Citavi 2.5
"Free YouTube to Mp3 Converter_is1" = Free YouTube to Mp3 Converter version 3.1
"Google Chrome Frame" = Google Chrome Frame
"Guild Wars" = GUILD WARS
"HOMESTUDENTR" = Microsoft Office Home and Student 2007
"InstallShield_{E28B1E6F-E0AA-4228-AB89-DB4A0C89D426}" = AVerTV
"Malwarebytes' Anti-Malware_is1" = Malwarebytes Anti-Malware Version 1.65.0.1400
"Microsoft .NET Framework 3.5 Language Pack SP1 - deu" = Microsoft .NET Framework 3.5 Language Pack SP1 - DEU
"Microsoft .NET Framework 3.5 SP1" = Microsoft .NET Framework 3.5 SP1
"Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile
"Microsoft .NET Framework 4 Client Profile DEU Language Pack" = Microsoft .NET Framework 4 Client Profile DEU Language Pack
"Microsoft Security Client" = Microsoft Security Essentials
"NVIDIA Drivers" = NVIDIA Drivers
"PDF-XChange 3_is1" = PDF-XChange 3
"PROHYBRIDR" = 2007 Microsoft Office system
"ProInst" = Intel(R) PROSet/Wireless Software
"ScummVM_is1" = ScummVM Git
"Simple PDF Merger_is1" = Simple PDF Merger 1.0
"SMSERIAL" = Motorola SM56 Speakerphone Modem
"Steam App 8930" = Sid Meier's Civilization V
"SynTPDeinstKey" = Synaptics Pointing Device Driver
"Uninstall_is1" = Uninstall 1.0.0.1
"USB 2.0 1.3M UVC WebCam" = USB 2.0 1.3M UVC WebCam
"VLC media player" = VideoLAN VLC media player 0.8.6d
"Windows Live OneCare safety scanner" = Windows Live OneCare safety scanner
"WinLiveSuite" = Windows Live Essentials
 
========== HKEY_CURRENT_USER Uninstall List ==========
 
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"Move Media Player" = Move Media Player
 
========== Last 20 Event Log Errors ==========
 
[ Application Events ]
Error - 30.09.2012 03:08:53 | Computer Name = Nina-PC | Source = Application Error | ID = 1000
Description = Fehlerhafte Anwendung svchost.exe, Version 6.0.6001.18000, Zeitstempel
 0x47918b89, fehlerhaftes Modul unknown, Version 0.0.0.0, Zeitstempel 0x00000000,
 Ausnahmecode 0xc0000005, Fehleroffset 0x00000000,  Prozess-ID 0x1560, Anwendungsstartzeit
 01cd9eda7333fe4f.
 
Error - 30.09.2012 03:09:59 | Computer Name = Nina-PC | Source = Application Error | ID = 1000
Description = Fehlerhafte Anwendung svchost.exe, Version 6.0.6001.18000, Zeitstempel
 0x47918b89, fehlerhaftes Modul unknown, Version 0.0.0.0, Zeitstempel 0x00000000,
 Ausnahmecode 0xc0000005, Fehleroffset 0x00000000,  Prozess-ID 0x1440, Anwendungsstartzeit
 01cd9eda9a2ca5bf.
 
Error - 30.09.2012 03:11:04 | Computer Name = Nina-PC | Source = Application Error | ID = 1000
Description = Fehlerhafte Anwendung svchost.exe, Version 6.0.6001.18000, Zeitstempel
 0x47918b89, fehlerhaftes Modul unknown, Version 0.0.0.0, Zeitstempel 0x00000000,
 Ausnahmecode 0xc0000005, Fehleroffset 0x00000000,  Prozess-ID 0x494, Anwendungsstartzeit
 01cd9edac11bfe5f.
 
Error - 30.09.2012 03:11:09 | Computer Name = Nina-PC | Source = Steam Client Service | ID = 1
Description = Error: Failed to poke open firewall
 
Error - 30.09.2012 03:29:57 | Computer Name = Nina-PC | Source = Application Error | ID = 1000
Description = Fehlerhafte Anwendung LiveUpdt.exe, Version 2.0.0.0, Zeitstempel 0x464177a8,
 fehlerhaftes Modul kernel32.dll, Version 6.0.6002.18449, Zeitstempel 0x4da47967,
 Ausnahmecode 0xe06d7363, Fehleroffset 0x0003fc56,  Prozess-ID 0x1630, Anwendungsstartzeit
 01cd9edc9b29d7c9.
 
Error - 30.09.2012 03:56:29 | Computer Name = Nina-PC | Source = Application Error | ID = 1000
Description = Fehlerhafte Anwendung LiveUpdt.exe, Version 2.0.0.0, Zeitstempel 0x464177a8,
 fehlerhaftes Modul kernel32.dll, Version 6.0.6002.18449, Zeitstempel 0x4da47967,
 Ausnahmecode 0xe06d7363, Fehleroffset 0x0003fc56,  Prozess-ID 0x1684, Anwendungsstartzeit
 01cd9ee025dee0b2.
 
Error - 30.09.2012 06:44:54 | Computer Name = Nina-PC | Source = Application Error | ID = 1000
Description = Fehlerhafte Anwendung Application Launcher.exe, Version 2.2.12.63,
 Zeitstempel 0x466921ca, fehlerhaftes Modul unknown, Version 0.0.0.0, Zeitstempel
 0x00000000, Ausnahmecode 0xc0000005, Fehleroffset 0x059cd200,  Prozess-ID 0x590,
Anwendungsstartzeit 01cd9ee65566d1d1.
 
Error - 30.09.2012 06:59:34 | Computer Name = Nina-PC | Source = EventSystem | ID = 4609
Description =
 
Error - 30.09.2012 18:21:47 | Computer Name = Nina-PC | Source = Application Error | ID = 1000
Description = Fehlerhafte Anwendung LiveUpdt.exe, Version 2.0.0.0, Zeitstempel 0x464177a8,
 fehlerhaftes Modul kernel32.dll, Version 6.0.6002.18449, Zeitstempel 0x4da47967,
 Ausnahmecode 0xe06d7363, Fehleroffset 0x0003fc56,  Prozess-ID 0x15bc, Anwendungsstartzeit
 01cd9f5937690224.
 
Error - 30.09.2012 18:45:30 | Computer Name = Nina-PC | Source = Perflib | ID = 1010
Description =
 
[ Media Center Events ]
Error - 26.06.2011 11:33:09 | Computer Name = Nina-PC | Source = Mcx2Svc | ID = 301
Description =
 
Error - 26.06.2011 11:44:36 | Computer Name = Nina-PC | Source = Mcx2Svc | ID = 301
Description =
 
Error - 26.06.2011 11:48:07 | Computer Name = Nina-PC | Source = Mcx2Svc | ID = 301
Description =
 
Error - 26.06.2011 11:56:48 | Computer Name = Nina-PC | Source = McrMgr | ID = 107
Description =
 
Error - 26.06.2011 14:18:34 | Computer Name = Nina-PC | Source = ehRecvr | ID = 3
Description =
 
Error - 01.12.2011 15:29:11 | Computer Name = Nina-PC | Source = ehRecvr | ID = 3
Description =
 
Error - 01.12.2011 15:30:35 | Computer Name = Nina-PC | Source = ehRecvr | ID = 3
Description =
 
Error - 09.12.2011 15:15:48 | Computer Name = Nina-PC | Source = ehRecvr | ID = 3
Description =
 
Error - 12.04.2012 14:05:23 | Computer Name = Nina-PC | Source = ehRecvr | ID = 4
Description =
 
Error - 13.06.2012 12:55:50 | Computer Name = Nina-PC | Source = ehRecvr | ID = 3
Description =
 
[ OSession Events ]
Error - 15.08.2010 15:48:04 | Computer Name = Nina-PC | Source = Microsoft Office 12 Sessions | ID = 7001
Description = ID: 0, Application Name: Microsoft Office Word, Application Version:
 12.0.6541.5000, Microsoft Office Version: 12.0.6425.1000. This session lasted 14860
 seconds with 120 seconds of active time.  This session ended with a crash.
 
Error - 03.03.2011 12:23:19 | Computer Name = Nina-PC | Source = Microsoft Office 12 Sessions | ID = 7001
Description = ID: 0, Application Name: Microsoft Office Word, Application Version:
 12.0.6545.5000, Microsoft Office Version: 12.0.6425.1000. This session lasted 253
 seconds with 240 seconds of active time.  This session ended with a crash.
 
[ System Events ]
Error - 30.09.2012 07:00:18 | Computer Name = Nina-PC | Source = Service Control Manager | ID = 7026
Description =
 
Error - 30.09.2012 07:00:18 | Computer Name = Nina-PC | Source = Service Control Manager | ID = 7001
Description =
 
Error - 30.09.2012 07:00:18 | Computer Name = Nina-PC | Source = Service Control Manager | ID = 7001
Description =
 
Error - 30.09.2012 07:00:18 | Computer Name = Nina-PC | Source = Service Control Manager | ID = 7001
Description =
 
Error - 30.09.2012 07:00:18 | Computer Name = Nina-PC | Source = Service Control Manager | ID = 7001
Description =
 
Error - 30.09.2012 07:00:58 | Computer Name = Nina-PC | Source = Service Control Manager | ID = 7001
Description =
 
Error - 30.09.2012 18:06:10 | Computer Name = Nina-PC | Source = Service Control Manager | ID = 7024
Description =
 
Error - 30.09.2012 18:06:10 | Computer Name = Nina-PC | Source = Service Control Manager | ID = 7000
Description =
 
Error - 30.09.2012 18:12:55 | Computer Name = Nina-PC | Source = Service Control Manager | ID = 7024
Description =
 
Error - 30.09.2012 18:17:03 | Computer Name = Nina-PC | Source = Service Control Manager | ID = 7024
Description =
 
 
< End of report >

DerJazzer 04.10.2012 22:51
Was du da gepostet hast ist die Extras.txt von einem OTL-Scan. Ich brauche aber die FRST.txt von einem Scan mit FRST in den Reperaturoptionen.

SatanasOz 04.10.2012 23:17
ups

Code:
Scan result of Farbar Recovery Scan Tool (FRST) (x86) Version: 02-10-2012 01
Ran by SYSTEM at 05-10-2012 09:38:42
Running from G:\
Windows Vista (TM) Home Premium  Service Pack 1 (X86) OS Language: German Standard
The current controlset is ControlSet001

==================== Registry (Whitelisted) ===================

HKLM\...\Run: [RtHDVCpl] RtHDVCpl.exe [x]
HKLM\...\Run: [Skytel] Skytel.exe [x]
HKLM\...\Run: [ATKMEDIA] C:\Program Files\ASUS\ATK Media\DMEDIA.EXE [61440 2006-11-02] (ASUSTeK Computer INC.)
HKLM\...\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe [857648 2007-03-01] (Synaptics, Inc.)
HKLM\...\Run: [IAAnotif] "C:\Program Files\Intel\Intel Matrix Storage Manager\Iaanotif.exe" [174872 2007-02-12] (Intel Corporation)
HKLM\...\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [39792 2008-10-15] (Adobe Systems Incorporated)
HKLM\...\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime [417792 2009-11-10] (Apple Inc.)
HKLM\...\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe" [141608 2010-02-15] (Apple Inc.)
HKLM\...\Run: [Windows Mobile-based device management] %windir%\WindowsMobile\wmdSync.exe [x]
HKLM\...\Run: [MSC] "C:\Program Files\Microsoft Security Client\msseces.exe" -hide -runkey [947176 2012-09-12] (Microsoft Corporation)
HKLM\...\Run: [NvCplDaemon] RUNDLL32.EXE C:\Windows\system32\NvCpl.dll,NvStartup [13789728 2009-07-01] (NVIDIA Corporation)
HKLM\...\Run: [SMSERIAL] C:\Program Files\Motorola\SMSERIAL\sm56hlpr.exe [1458176 2009-10-26] (Motorola Inc.)
HKLM\...\Run: [TrueImageMonitor.exe] "C:\Program Files\Acronis\TrueImageHome\TrueImageMonitor.exe" [5955088 2012-06-28] (Acronis)
HKLM\...\Run: [AcronisTimounterMonitor] C:\Program Files\Acronis\TrueImageHome\TimounterMonitor.exe [1171336 2012-06-28] (Acronis)
HKLM\...\Run: [Acronis Scheduler2 Service] "C:\Program Files\Common Files\Acronis\Schedule2\schedhlp.exe" [403144 2012-06-28] (Acronis)
HKU\Florian\...\Run: [ehTray.exe] C:\Windows\ehome\ehTray.exe [125952 2008-01-19] (Microsoft Corporation)
HKU\Mcx1\...\Run: [ehTray.exe] C:\Windows\ehome\ehTray.exe [125952 2008-01-19] (Microsoft Corporation)
HKU\Mcx1\...\Winlogon: [Shell] C:\Windows\eHome\McrMgr.exe [173056 2009-04-11] (Microsoft Corporation)
HKU\Nina\...\Run: [ehTray.exe] C:\Windows\ehome\ehTray.exe [125952 2008-01-19] (Microsoft Corporation)
HKU\Nina\...\Run: [WMPNSCFG] C:\Program Files\Windows Media Player\WMPNSCFG.exe [202240 2008-01-19] (Microsoft Corporation)
HKLM\...D6A79037F57F\InprocServer32: [Default-fastprox] fastprox.dll ATTENTION! ====> ZeroAccess
Tcpip\Parameters: [DhcpNameServer] 192.168.1.1

==================== Services (Whitelisted) ===================

2 AcrSch2Svc; "C:\Program Files\Common Files\Acronis\Schedule2\schedul2.exe" [821048 2012-06-28] (Acronis)
2 afcdpsrv; C:\Program Files\Common Files\Acronis\CDP\afcdpsrv.exe [3459024 2012-10-02] (Acronis)
4 Apple Mobile Device; "C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe" [144672 2009-08-28] (Apple Inc.)
4 ASLDRService; C:\Program Files\ATK Hotkey\ASLDRSrv.exe [94208 2007-02-06] ()
2 ATKGFNEXSrv; C:\Program Files\ATKGFNEX\GFNEXSrv.exe [94208 2007-05-15] ()
4 AVerRemote; C:\Program Files\Common Files\AVerMedia\Service\AVerRemote.exe [348160 2009-10-31] (AVerMedia)
4 AVerScheduleService; C:\Program Files\Common Files\AVerMedia\Service\AVerScheduleService.exe [397312 2009-12-07] ()
2 MsMpSvc; "C:\Program Files\Microsoft Security Client\MsMpEng.exe" [20472 2012-09-12] (Microsoft Corporation)
3 NisSrv; "C:\Program Files\Microsoft Security Client\NisSrv.exe" [287824 2012-09-12] (Microsoft Corporation)
2 spmgr; C:\Program Files\ASUS\NB Probe\SPM\spmgr.exe [123248 2006-12-29] ()
2 syncagentsrv; "C:\Program Files\Common Files\Acronis\SyncAgent\syncagentsrv.exe" [5915352 2012-06-28] (Acronis)
4 NMIndexingService; "C:\Program Files\Common Files\Ahead\Lib\NMIndexingService.exe" [x]

==================== Drivers (Whitelisted) ====================

2 ASMMAP; \??\C:\Program Files\ATKGFNEX\ASMMAP.sys [11632 2007-02-05] ()
3 AtcL001; C:\Windows\System32\DRIVERS\atl01v32.sys [48128 2007-03-15] (Attansic Technology corporation.)
3 AVerAF15DMBTH; C:\Windows\System32\Drivers\AVerAF15DMBTH.sys [569728 2010-05-06] (AVerMedia TECHNOLOGIES, Inc.)
2 ghaio; \??\C:\Program Files\ASUS\NB Probe\SPM\ghaio.sys [15216 2006-11-16] ()
3 kbfiltr; C:\Windows\System32\DRIVERS\kbfiltr.sys [5632 2007-01-24] ( )
0 MpFilter; C:\Windows\System32\DRIVERS\MpFilter.sys [193552 2012-08-30] (Microsoft Corporation)
3 MTsensor; C:\Windows\System32\DRIVERS\ATKACPI.sys [7680 2006-12-14] (ATK0100)
3 SNP2UVC; C:\Windows\System32\DRIVERS\snp2uvc.sys [1743232 2007-05-25] ()
4 sptd; C:\Windows\System32\Drivers\sptd.sys [691696 2009-10-31] (Duplex Secure Ltd.)
0 tdrpman; C:\Windows\System32\DRIVERS\tdrpman.sys [775232 2012-10-02] (Acronis)
0 vididr; C:\Windows\System32\DRIVERS\vididr.sys [126880 2012-10-02] (Acronis)
0 vidsflt67; C:\Windows\System32\DRIVERS\vsflt67.sys [86496 2012-10-02] (Acronis)
4 blbdrive; C:\Windows\system32\drivers\blbdrive.sys [x]
3 IpInIp; C:\Windows\System32\DRIVERS\ipinip.sys [x]
3 NwlnkFlt; C:\Windows\System32\DRIVERS\nwlnkflt.sys [x]
3 NwlnkFwd; C:\Windows\System32\DRIVERS\nwlnkfwd.sys [x]

==================== NetSvcs (Whitelisted) ===================


==================== One Month Created Files and Folders ========

2012-10-05 09:38 - 2012-10-05 09:38 - 00000000 ____D C:\FRST
2012-10-04 09:52 - 2012-10-04 10:15 - 00001905 ____A C:\Windows\diagwrn.xml
2012-10-04 09:52 - 2012-10-04 10:15 - 00001905 ____A C:\Windows\diagerr.xml
2012-10-02 23:12 - 2012-10-02 23:12 - 00000000 ____D C:\Users\Nina\AppData\Roaming\Acronis
2012-10-02 23:10 - 2012-10-02 23:10 - 00775232 ____A (Acronis) C:\Windows\System32\Drivers\tdrpman.sys
2012-10-02 23:10 - 2012-10-02 23:10 - 00614592 ____A (Acronis) C:\Windows\System32\Drivers\timntr.sys
2012-10-02 23:10 - 2012-10-02 23:10 - 00234752 ____A (Acronis) C:\Windows\System32\Drivers\afcdp.sys
2012-10-02 23:09 - 2012-10-02 23:09 - 00177600 ____A (Acronis) C:\Windows\System32\Drivers\snapman.sys
2012-10-02 23:09 - 2012-10-02 23:09 - 00126880 ____A (Acronis) C:\Windows\System32\Drivers\vididr.sys
2012-10-02 23:09 - 2012-10-02 23:09 - 00086496 ____A (Acronis) C:\Windows\System32\Drivers\vsflt67.sys
2012-10-02 23:09 - 2012-10-02 23:09 - 00080416 ____A (Acronis) C:\Windows\System32\Drivers\fltsrv.sys
2012-10-02 23:08 - 2012-10-02 23:08 - 00001011 ____A C:\Users\Public\Desktop\Acronis True Image Home 2012.lnk
2012-10-02 23:08 - 2012-10-02 23:08 - 00000000 ____D C:\Program Files\Acronis
2012-10-02 23:07 - 2012-10-02 23:10 - 00000000 ____D C:\Program Files\Common Files\Acronis
2012-10-02 22:55 - 2012-08-25 23:30 - 225073224 ____A C:\Users\Nina\Desktop\ATIH2012_trial_en-US.exe
2012-10-02 12:33 - 2012-10-02 12:33 - 00181064 ____A (Sysinternals) C:\Windows\PSEXESVC.EXE
2012-10-02 12:32 - 2010-04-26 23:04 - 00381816 ____A (Sysinternals - www.sysinternals.com) C:\Windows\System32\PsExec.exe
2012-10-02 12:26 - 2012-10-02 12:26 - 00000422 ____A C:\Windows\BitsRepairTool.log
2012-10-02 11:56 - 2012-10-02 11:56 - 00000000 ____D C:\Users\Nina\Desktop\Neuer Ordner
2012-10-01 09:11 - 2012-10-01 09:11 - 00000000 ____D C:\Users\Nina\AppData\Local\{ECDEF87C-64BF-4661-B9CC-BF20B5C042C5}
2012-10-01 09:02 - 2012-10-01 09:02 - 00000020 ____A C:\Users\Nina\defogger_reenable
2012-10-01 06:56 - 2012-10-01 06:56 - 00000000 ____D C:\Users\Nina\AppData\Local\{A083496B-F28A-454E-ACD6-AE190C1B0283}
2012-10-01 01:01 - 2012-10-01 01:01 - 00060392 ____A C:\Users\Nina\Desktop\Extras.Txt
2012-10-01 00:57 - 2012-10-01 00:57 - 01379872 ____A C:\Users\Nina\Desktop\OTL.Txt
2012-09-30 23:07 - 2012-09-30 23:07 - 00000000 ____D C:\Users\Nina\AppData\Local\{3A09E88B-5581-46ED-9BC1-37B250087C21}
2012-09-30 21:44 - 2012-09-30 11:45 - 00602112 ____A (OldTimer Tools) C:\Users\Nina\Desktop\OTL.exe
2012-09-30 21:44 - 2012-09-30 11:45 - 00302592 ____A C:\Users\Nina\Desktop\soo9ymcb.exe
2012-09-30 10:04 - 2012-09-30 10:04 - 00000000 ____D C:\Users\Nina\AppData\Roaming\Malwarebytes
2012-09-30 10:02 - 2012-09-30 10:02 - 00000913 ____A C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
2012-09-30 10:02 - 2012-09-30 10:02 - 00000000 ____D C:\Program Files\Malwarebytes' Anti-Malware
2012-09-30 10:02 - 2012-09-07 05:04 - 00022856 ____A (Malwarebytes Corporation) C:\Windows\System32\Drivers\mbam.sys
2012-09-30 08:53 - 2012-09-30 08:53 - 00000214 ____A C:\Users\Nina\Desktop\Sid Meier's Civilization V.url
2012-09-30 08:11 - 2012-10-01 09:12 - 00000000 ____D C:\Program Files\Steam
2012-09-30 08:11 - 2012-09-30 23:08 - 00000000 ____D C:\Program Files\Common Files\Steam
2012-09-30 08:11 - 2012-09-30 08:11 - 00000793 ____A C:\Users\Public\Desktop\Steam.lnk
2012-09-30 07:01 - 2012-10-02 12:44 - 00001912 ____A C:\Windows\epplauncher.mif
2012-09-30 06:58 - 2012-10-02 12:43 - 00000000 ____D C:\Program Files\Microsoft Security Client
2012-09-30 06:33 - 2012-09-30 23:03 - 00000000 ____D C:\Users\Nina\AppData\Roaming\Haewevv
2012-09-30 06:33 - 2012-09-30 06:36 - 00000000 ____D C:\Users\Nina\AppData\Roaming\Izu
2012-09-30 06:19 - 2012-09-30 06:20 - 00000000 ____D C:\Users\Nina\AppData\Local\{E6D7D3C0-3687-457D-8D8D-AF6830A285E0}
2012-09-29 10:22 - 2012-09-29 10:22 - 00000000 ____D C:\Users\Nina\AppData\Local\{20666CC0-4259-43A3-A916-C011F1229BFD}
2012-09-27 19:57 - 2012-09-27 19:57 - 00000000 ____D C:\Users\Nina\AppData\Local\{D21FCDC8-0591-4A39-A636-7040B1A90BC8}
2012-09-27 07:40 - 2012-08-24 08:27 - 12319744 ____A (Microsoft Corporation) C:\Windows\System32\mshtml.dll
2012-09-27 07:40 - 2012-08-24 08:03 - 09738240 ____A (Microsoft Corporation) C:\Windows\System32\ieframe.dll
2012-09-27 07:40 - 2012-08-24 07:59 - 01800704 ____A (Microsoft Corporation) C:\Windows\System32\jscript9.dll
2012-09-27 07:40 - 2012-08-24 07:51 - 01427968 ____A (Microsoft Corporation) C:\Windows\System32\inetcpl.cpl
2012-09-27 07:40 - 2012-08-24 07:51 - 01129472 ____A (Microsoft Corporation) C:\Windows\System32\wininet.dll
2012-09-27 07:40 - 2012-08-24 07:51 - 01103872 ____A (Microsoft Corporation) C:\Windows\System32\urlmon.dll
2012-09-27 07:40 - 2012-08-24 07:49 - 00231936 ____A (Microsoft Corporation) C:\Windows\System32\url.dll
2012-09-27 07:40 - 2012-08-24 07:48 - 00065024 ____A (Microsoft Corporation) C:\Windows\System32\jsproxy.dll
2012-09-27 07:40 - 2012-08-24 07:47 - 00717824 ____A (Microsoft Corporation) C:\Windows\System32\jscript.dll
2012-09-27 07:40 - 2012-08-24 07:47 - 00420864 ____A (Microsoft Corporation) C:\Windows\System32\vbscript.dll
2012-09-27 07:40 - 2012-08-24 07:47 - 00142848 ____A (Microsoft Corporation) C:\Windows\System32\ieUnatt.exe
2012-09-27 07:40 - 2012-08-24 07:45 - 00607744 ____A (Microsoft Corporation) C:\Windows\System32\msfeeds.dll
2012-09-27 07:40 - 2012-08-24 07:44 - 01793024 ____A (Microsoft Corporation) C:\Windows\System32\iertutil.dll
2012-09-27 07:40 - 2012-08-24 07:44 - 00073216 ____A (Microsoft Corporation) C:\Windows\System32\mshtmled.dll
2012-09-27 07:40 - 2012-08-24 07:43 - 02382848 ____A (Microsoft Corporation) C:\Windows\System32\mshtml.tlb
2012-09-27 07:40 - 2012-08-24 07:40 - 00176640 ____A (Microsoft Corporation) C:\Windows\System32\ieui.dll
2012-09-27 06:49 - 2012-09-27 06:49 - 00000000 ____D C:\Users\Nina\AppData\Local\{928279D6-6C89-49E1-8F47-762BC1025D61}
2012-09-27 04:36 - 2012-09-27 04:36 - 00001880 ____A C:\Users\Public\Desktop\Skype.lnk
2012-09-27 04:36 - 2012-09-27 04:36 - 00000000 ____D C:\Program Files\Common Files\Skype
2012-09-27 02:57 - 2012-09-27 02:57 - 00000000 ____D C:\Users\Nina\AppData\Local\{8771A15B-7446-4500-82BD-7D9955761C20}
2012-09-25 23:16 - 2012-09-25 23:16 - 00000000 ____D C:\Users\Nina\AppData\Local\{75BAB726-26B3-489B-AB66-6C843DD63D67}
2012-09-25 01:44 - 2012-09-25 01:44 - 00000000 ____D C:\Users\Nina\AppData\Local\{8E93B501-DBF1-44CF-8D06-26E71FF5752E}
2012-09-22 11:01 - 2012-09-22 11:01 - 00000000 ____D C:\Users\Nina\AppData\Local\{6396CA56-3F9E-4835-A99D-8072AA846B38}
2012-09-19 11:42 - 2012-09-19 11:42 - 00000000 ____D C:\Users\Florian\AppData\Roaming\dvdcss
10508-02-27 20:36 - 2012-06-02 14:25 - 00000000 ____D C:\Users\Nina\Documents\NINA - Queen of Awesomeness and Antarctica
10508-02-27 20:35 - 2012-06-02 14:25 - 00000000 ____D C:\Users\Nina\Documents\Uni und Schule
10508-02-27 20:34 - 2012-06-07 10:19 - 00000000 ____D C:\Users\Nina\Documents\pics from NZ friends

==================== 3 Months Modified Files ==================

2012-10-04 21:20 - 2009-12-15 22:29 - 00001094 ____A C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
2012-10-04 21:20 - 2006-11-02 14:01 - 00032632 ____A C:\Windows\Tasks\SCHEDLGU.TXT
2012-10-04 21:20 - 2006-11-02 14:01 - 00000006 ___AH C:\Windows\Tasks\SA.DAT
2012-10-04 21:20 - 2006-11-02 13:47 - 00003296 ___AH C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0
2012-10-04 21:20 - 2006-11-02 13:47 - 00003296 ___AH C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0
2012-10-04 21:18 - 2007-04-18 09:33 - 00000012 ____A C:\Windows\bthservsdp.dat
2012-10-04 16:20 - 2009-12-15 22:29 - 00001090 ____A C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
2012-10-04 15:00 - 2007-11-06 10:54 - 01581341 ____A C:\Windows\WindowsUpdate.log
2012-10-04 10:15 - 2012-10-04 09:52 - 00001905 ____A C:\Windows\diagwrn.xml
2012-10-04 10:15 - 2012-10-04 09:52 - 00001905 ____A C:\Windows\diagerr.xml
2012-10-04 10:14 - 2006-11-02 13:52 - 00000000 ____A C:\Windows\setuperr.log
2012-10-04 10:14 - 2006-11-02 13:52 - 00000000 ____A C:\Windows\setupact.log
2012-10-04 09:54 - 2006-11-02 11:33 - 01458792 ____A C:\Windows\System32\PerfStringBackup.INI
2012-10-04 09:49 - 2007-11-06 12:19 - 00059546 ____A C:\Windows\PFRO.log
2012-10-02 23:10 - 2012-10-02 23:10 - 00775232 ____A (Acronis) C:\Windows\System32\Drivers\tdrpman.sys
2012-10-02 23:10 - 2012-10-02 23:10 - 00614592 ____A (Acronis) C:\Windows\System32\Drivers\timntr.sys
2012-10-02 23:10 - 2012-10-02 23:10 - 00234752 ____A (Acronis) C:\Windows\System32\Drivers\afcdp.sys
2012-10-02 23:09 - 2012-10-02 23:09 - 00177600 ____A (Acronis) C:\Windows\System32\Drivers\snapman.sys
2012-10-02 23:09 - 2012-10-02 23:09 - 00126880 ____A (Acronis) C:\Windows\System32\Drivers\vididr.sys
2012-10-02 23:09 - 2012-10-02 23:09 - 00086496 ____A (Acronis) C:\Windows\System32\Drivers\vsflt67.sys
2012-10-02 23:09 - 2012-10-02 23:09 - 00080416 ____A (Acronis) C:\Windows\System32\Drivers\fltsrv.sys
2012-10-02 23:08 - 2012-10-02 23:08 - 00001011 ____A C:\Users\Public\Desktop\Acronis True Image Home 2012.lnk
2012-10-02 12:54 - 2007-12-26 18:52 - 00052566 ____A C:\Users\Nina\AppData\Roaming\nvModes.001
2012-10-02 12:44 - 2012-09-30 07:01 - 00001912 ____A C:\Windows\epplauncher.mif
2012-10-02 12:33 - 2012-10-02 12:33 - 00181064 ____A (Sysinternals) C:\Windows\PSEXESVC.EXE
2012-10-02 12:26 - 2012-10-02 12:26 - 00000422 ____A C:\Windows\BitsRepairTool.log
2012-10-01 09:02 - 2012-10-01 09:02 - 00000020 ____A C:\Users\Nina\defogger_reenable
2012-10-01 06:55 - 2007-11-06 12:21 - 00045056 ____A C:\Windows\System32\acovcnt.exe
2012-10-01 01:01 - 2012-10-01 01:01 - 00060392 ____A C:\Users\Nina\Desktop\Extras.Txt
2012-10-01 00:57 - 2012-10-01 00:57 - 01379872 ____A C:\Users\Nina\Desktop\OTL.Txt
2012-09-30 11:45 - 2012-09-30 21:44 - 00602112 ____A (OldTimer Tools) C:\Users\Nina\Desktop\OTL.exe
2012-09-30 11:45 - 2012-09-30 21:44 - 00302592 ____A C:\Users\Nina\Desktop\soo9ymcb.exe
2012-09-30 10:02 - 2012-09-30 10:02 - 00000913 ____A C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
2012-09-30 09:34 - 2010-02-22 23:39 - 00035541 ____A C:\Users\Florian\AppData\Roaming\nvModes.001
2012-09-30 08:53 - 2012-09-30 08:53 - 00000214 ____A C:\Users\Nina\Desktop\Sid Meier's Civilization V.url
2012-09-30 08:11 - 2012-09-30 08:11 - 00000793 ____A C:\Users\Public\Desktop\Steam.lnk
2012-09-27 07:36 - 2006-11-02 11:24 - 62164608 ____A (Microsoft Corporation) C:\Windows\System32\mrt.exe
2012-09-27 04:36 - 2012-09-27 04:36 - 00001880 ____A C:\Users\Public\Desktop\Skype.lnk
2012-09-27 03:16 - 2007-12-25 16:47 - 00052566 ____A C:\Users\Nina\AppData\Roaming\nvModes.dat
2012-09-25 01:52 - 2007-11-06 11:11 - 00002631 ____A C:\Users\Nina\Desktop\Microsoft Office Word 2007.lnk
2012-09-19 11:39 - 2010-02-14 13:41 - 00102376 ____A C:\Users\Florian\AppData\Local\GDIPFONTCACHEV1.DAT
2012-09-07 05:04 - 2012-09-30 10:02 - 00022856 ____A (Malwarebytes Corporation) C:\Windows\System32\Drivers\mbam.sys
2012-08-30 10:03 - 2012-08-30 10:03 - 00193552 ____A (Microsoft Corporation) C:\Windows\System32\Drivers\MpFilter.sys
2012-08-30 10:03 - 2012-03-20 08:44 - 00099272 ____A (Microsoft Corporation) C:\Windows\System32\Drivers\NisDrvWFP.sys
2012-08-25 23:30 - 2012-10-02 22:55 - 225073224 ____A C:\Users\Nina\Desktop\ATIH2012_trial_en-US.exe
2012-08-24 08:27 - 2012-09-27 07:40 - 12319744 ____A (Microsoft Corporation) C:\Windows\System32\mshtml.dll
2012-08-24 08:03 - 2012-09-27 07:40 - 09738240 ____A (Microsoft Corporation) C:\Windows\System32\ieframe.dll
2012-08-24 07:59 - 2012-09-27 07:40 - 01800704 ____A (Microsoft Corporation) C:\Windows\System32\jscript9.dll
2012-08-24 07:51 - 2012-09-27 07:40 - 01427968 ____A (Microsoft Corporation) C:\Windows\System32\inetcpl.cpl
2012-08-24 07:51 - 2012-09-27 07:40 - 01129472 ____A (Microsoft Corporation) C:\Windows\System32\wininet.dll
2012-08-24 07:51 - 2012-09-27 07:40 - 01103872 ____A (Microsoft Corporation) C:\Windows\System32\urlmon.dll
2012-08-24 07:49 - 2012-09-27 07:40 - 00231936 ____A (Microsoft Corporation) C:\Windows\System32\url.dll
2012-08-24 07:48 - 2012-09-27 07:40 - 00065024 ____A (Microsoft Corporation) C:\Windows\System32\jsproxy.dll
2012-08-24 07:47 - 2012-09-27 07:40 - 00717824 ____A (Microsoft Corporation) C:\Windows\System32\jscript.dll
2012-08-24 07:47 - 2012-09-27 07:40 - 00420864 ____A (Microsoft Corporation) C:\Windows\System32\vbscript.dll
2012-08-24 07:47 - 2012-09-27 07:40 - 00142848 ____A (Microsoft Corporation) C:\Windows\System32\ieUnatt.exe
2012-08-24 07:45 - 2012-09-27 07:40 - 00607744 ____A (Microsoft Corporation) C:\Windows\System32\msfeeds.dll
2012-08-24 07:44 - 2012-09-27 07:40 - 01793024 ____A (Microsoft Corporation) C:\Windows\System32\iertutil.dll
2012-08-24 07:44 - 2012-09-27 07:40 - 00073216 ____A (Microsoft Corporation) C:\Windows\System32\mshtmled.dll
2012-08-24 07:43 - 2012-09-27 07:40 - 02382848 ____A (Microsoft Corporation) C:\Windows\System32\mshtml.tlb
2012-08-24 07:40 - 2012-09-27 07:40 - 00176640 ____A (Microsoft Corporation) C:\Windows\System32\ieui.dll
2012-08-19 07:56 - 2006-11-02 13:47 - 00380544 ____A C:\Windows\System32\FNTCACHE.DAT
2012-07-22 18:34 - 2007-12-23 21:51 - 00102376 ____A C:\Users\Nina\AppData\Local\GDIPFONTCACHEV1.DAT
2012-07-12 17:15 - 2006-11-02 11:23 - 00000219 ____A C:\Windows\win.ini


ZeroAccess:
C:\$Recycle.Bin\S-1-5-21-1915372461-94194756-3268695451-1000\$898db74ea6967aeb234f4d8d0754815e

ZeroAccess:
C:\$Recycle.Bin\S-1-5-18\$898db74ea6967aeb234f4d8d0754815e

==================== Known DLLs (Whitelisted) =================


==================== Bamital & volsnap Check =================

C:\Windows\explorer.exe => MD5 is legit
C:\Windows\System32\winlogon.exe => MD5 is legit
C:\Windows\System32\wininit.exe => MD5 is legit
C:\Windows\System32\svchost.exe => MD5 is legit
C:\Windows\System32\services.exe => MD5 is legit
C:\Windows\System32\User32.dll => MD5 is legit
C:\Windows\System32\userinit.exe => MD5 is legit
C:\Windows\System32\Drivers\volsnap.sys => MD5 is legit

==================== EXE ASSOCIATION =====================

HKLM\...\.exe: exefile => OK
HKLM\...\exefile\DefaultIcon: %1 => OK
HKLM\...\exefile\open\command: "%1" %* => OK

==================== Restore Points  =========================

Restore point made on: 2012-10-01 04:14:41
Restore point made on: 2012-10-02 07:16:58
Restore point made on: 2012-10-02 12:41:19
Restore point made on: 2012-10-02 13:03:07
Restore point made on: 2012-10-02 13:21:40
Restore point made on: 2012-10-02 23:09:45
Restore point made on: 2012-10-04 10:55:21

==================== Memory info ===========================

Percentage of memory in use: 19%
Total physical RAM: 2046.48 MB
Available physical RAM: 1641.52 MB
Total Pagefile: 1854.95 MB
Available Pagefile: 1708.35 MB
Total Virtual: 2047.88 MB
Available Virtual: 1974.3 MB

==================== Partitions =============================

1 Drive c: (VistaOS) (Fixed) (Total:116.44 GB) (Free:14.89 GB) NTFS ==>[System with boot components (obtained from reading drive)]
2 Drive d: (DATA) (Fixed) (Total:109.6 GB) (Free:31.07 GB) NTFS
4 Drive f: () (Removable) (Total:3.85 GB) (Free:0.95 GB) FAT32
5 Drive g: () (Removable) (Total:0.94 GB) (Free:0.65 GB) FAT
6 Drive x: (Boot) (Fixed) (Total:0.03 GB) (Free:0.03 GB) NTFS

  Datentr ###  Status      Gr”áe    Frei    Dyn  GPT
  --------  ----------  -------  -------  ---  ---
      0    Online      233 GB      0 B       
      1    Online      3946 MB      0 B       
      2    Online      968 MB      0 B       



Last Boot: 2012-10-04 10:01

==================== End Of Log ============================

DerJazzer 05.10.2012 09:33
Hi :)

gehe bitte wie folgt vor:

Drücke bitte die http://larusso.trojaner-board.de/Images/windows.jpg + R Taste und schreibe notepad in das Ausführen Fenster.

Kopiere nun folgenden Text aus der Code-Box in das leere Textdokument
Code:
HKLM\...D6A79037F57F\InprocServer32: [Default-fastprox] fastprox.dll ATTENTION! ====> ZeroAccess
2012-09-30 06:33 - 2012-09-30 23:03 - 00000000 ____D C:\Users\Nina\AppData\Roaming\Haewevv
2012-09-30 06:33 - 2012-09-30 06:36 - 00000000 ____D C:\Users\Nina\AppData\Roaming\Izu
C:\$Recycle.Bin\S-1-5-21-1915372461-94194756-3268695451-1000\$898db74ea6967aeb234f4d8d0754815e
C:\$Recycle.Bin\S-1-5-18\$898db74ea6967aeb234f4d8d0754815e
Speichere diese bitte als Fixlist.txt auf deinem USB Stick.
  • Starte deinen Rechner erneut in die Reparaturoptionen
  • Starte nun die FRST.exe erneut und klicke den Fix Button.
Das Tool erstellt eine Fixlog.txt auf deinem USB Stick. Poste den Inhalt bitte hier.

SatanasOz 05.10.2012 13:42
hmmm ... fixlog ist korrupt. Es ist 2 uhr morgens hier, ich probiere es Morgen noch mal.

Code:
ÐÏࡱá                >  þÿ                    n        r    þÿÿÿ    g  h  i  j  k  l  m  ÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿì¥Á €          ø¿            ”.  bjbj´V´V                           kü Ö< Ö< lÞ úG  -                      ÿÿ        ÿÿ        ÿÿ                ·    ¾      ¾  #  H  I*  à  )/      )/      )/  $          ÿÿÿÿ    M/      M/      M/  P  /  Ü  y5  \  M/      ?w    Õ6  ò  Ç?

SatanasOz 07.10.2012 20:56
Ok ... restored und noch mal probiert. Das ist im Fixlog.txt:

Code:
HKLM\...D6A79037F57F\InprocServer32: [Default-fastprox] fastprox.dll ATTENTION! ====> ZeroAccess
2012-09-30 06:33 - 2012-09-30 23:03 - 00000000 ____D C:\Users\Nina\AppData\Roaming\Haewevv
2012-09-30 06:33 - 2012-09-30 06:36 - 00000000 ____D C:\Users\Nina\AppData\Roaming\Izu
C:\$Recycle.Bin\S-1-5-21-1915372461-94194756-3268695451-1000\$898db74ea6967aeb234f4d8d0754815e
C:\$Recycle.Bin\S-1-5-18\$898db74ea6967aeb234f4d8d0754815e

DerJazzer 07.10.2012 22:06
Bist du sicher?

Das sieht nämlich aus wie die Fixlist.txt (siehe mein lezter Post).

Ich brauche aber die Fixlog.txt :)

SatanasOz 07.10.2012 22:25
das dachte ich auch schon. Aber das ist 100% die fixlog.txt - beim ausführen wurde die fixlist.txt entfernt und die fixlog.txt angelegt ...

EDIT: nur um 150 % sicher zu sein, mache ich es gerade noch mal.

EDIT2: Jup, das ist genau was passiert. Die fixlist.txt wird zur fixlog.txt ... habe es gerade noch einmal ausgeführt ... halt, aber diesmal mit anderem Inhalt:

Code:
Fix result of Farbar Recovery Tool (FRST written by Farbar) (x86) Version: 02-10-2012 01
Ran by SYSTEM at 2012-10-08 10:37:33 Run:2
Running from G:\

==============================================

HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InprocServer32\\Default value was restored successfully .
[HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}] should be deleted in normal mode (if present).
C:\Users\Nina\AppData\Roaming\Haewevv  not found.
C:\Users\Nina\AppData\Roaming\Izu  not found.
Could not move C:\$Recycle.Bin\S-1-5-21-1915372461-94194756-3268695451-1000\$898db74ea6967aeb234f4d8d0754815e .
Could not move C:\$Recycle.Bin\S-1-5-18\$898db74ea6967aeb234f4d8d0754815e.

==== End of Fixlog ====
Ich will eigene Schusseligkeit nicht ausschließen - es ist aber nicht das erste mal das ich scripte und dergleichen verwende.

DerJazzer 08.10.2012 06:10
Da ist irgendwas schiefgelaufen.

Bitte mache einen neuen Scan mit FRST.

SatanasOz 08.10.2012 08:02
ok, ohne zurücksetzten sind wir hier:

Code:
Scan result of Farbar Recovery Scan Tool (FRST) (x86) Version: 02-10-2012 01 (ATTENTION: FRST version is 6 days old)
Ran by SYSTEM at 08-10-2012 19:51:31
Running from G:\
Windows Vista (TM) Home Premium  Service Pack 1 (X86) OS Language: German Standard
The current controlset is ControlSet001

==================== Registry (Whitelisted) ===================

HKLM\...\Run: [RtHDVCpl] RtHDVCpl.exe [x]
HKLM\...\Run: [Skytel] Skytel.exe [x]
HKLM\...\Run: [ATKMEDIA] C:\Program Files\ASUS\ATK Media\DMEDIA.EXE [61440 2006-11-02] (ASUSTeK Computer INC.)
HKLM\...\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe [857648 2007-03-01] (Synaptics, Inc.)
HKLM\...\Run: [IAAnotif] "C:\Program Files\Intel\Intel Matrix Storage Manager\Iaanotif.exe" [174872 2007-02-12] (Intel Corporation)
HKLM\...\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [39792 2008-10-15] (Adobe Systems Incorporated)
HKLM\...\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime [417792 2009-11-10] (Apple Inc.)
HKLM\...\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe" [141608 2010-02-15] (Apple Inc.)
HKLM\...\Run: [Windows Mobile-based device management] %windir%\WindowsMobile\wmdSync.exe [x]
HKLM\...\Run: [MSC] "C:\Program Files\Microsoft Security Client\msseces.exe" -hide -runkey [947176 2012-09-12] (Microsoft Corporation)
HKLM\...\Run: [NvCplDaemon] RUNDLL32.EXE C:\Windows\system32\NvCpl.dll,NvStartup [13789728 2009-07-01] (NVIDIA Corporation)
HKLM\...\Run: [SMSERIAL] C:\Program Files\Motorola\SMSERIAL\sm56hlpr.exe [1458176 2009-10-26] (Motorola Inc.)
HKLM\...\Run: [TrueImageMonitor.exe] "C:\Program Files\Acronis\TrueImageHome\TrueImageMonitor.exe" [5955088 2012-06-28] (Acronis)
HKLM\...\Run: [AcronisTimounterMonitor] C:\Program Files\Acronis\TrueImageHome\TimounterMonitor.exe [1171336 2012-06-28] (Acronis)
HKLM\...\Run: [Acronis Scheduler2 Service] "C:\Program Files\Common Files\Acronis\Schedule2\schedhlp.exe" [403144 2012-06-28] (Acronis)
HKU\Florian\...\Run: [ehTray.exe] C:\Windows\ehome\ehTray.exe [125952 2008-01-19] (Microsoft Corporation)
HKU\Mcx1\...\Run: [ehTray.exe] C:\Windows\ehome\ehTray.exe [125952 2008-01-19] (Microsoft Corporation)
HKU\Mcx1\...\Winlogon: [Shell] C:\Windows\eHome\McrMgr.exe [173056 2009-04-11] (Microsoft Corporation)
HKU\Nina\...\Run: [ehTray.exe] C:\Windows\ehome\ehTray.exe [125952 2008-01-19] (Microsoft Corporation)
HKU\Nina\...\Run: [WMPNSCFG] C:\Program Files\Windows Media Player\WMPNSCFG.exe [202240 2008-01-19] (Microsoft Corporation)
Tcpip\Parameters: [DhcpNameServer] 192.168.1.1

==================== Services (Whitelisted) ===================

2 AcrSch2Svc; "C:\Program Files\Common Files\Acronis\Schedule2\schedul2.exe" [821048 2012-06-28] (Acronis)
2 afcdpsrv; C:\Program Files\Common Files\Acronis\CDP\afcdpsrv.exe [3459024 2012-10-02] (Acronis)
4 Apple Mobile Device; "C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe" [144672 2009-08-28] (Apple Inc.)
4 ASLDRService; C:\Program Files\ATK Hotkey\ASLDRSrv.exe [94208 2007-02-06] ()
2 ATKGFNEXSrv; C:\Program Files\ATKGFNEX\GFNEXSrv.exe [94208 2007-05-15] ()
4 AVerRemote; C:\Program Files\Common Files\AVerMedia\Service\AVerRemote.exe [348160 2009-10-31] (AVerMedia)
4 AVerScheduleService; C:\Program Files\Common Files\AVerMedia\Service\AVerScheduleService.exe [397312 2009-12-07] ()
2 MsMpSvc; "C:\Program Files\Microsoft Security Client\MsMpEng.exe" [20472 2012-09-12] (Microsoft Corporation)
3 NisSrv; "C:\Program Files\Microsoft Security Client\NisSrv.exe" [287824 2012-09-12] (Microsoft Corporation)
2 spmgr; C:\Program Files\ASUS\NB Probe\SPM\spmgr.exe [123248 2006-12-29] ()
2 syncagentsrv; "C:\Program Files\Common Files\Acronis\SyncAgent\syncagentsrv.exe" [5915352 2012-06-28] (Acronis)
4 NMIndexingService; "C:\Program Files\Common Files\Ahead\Lib\NMIndexingService.exe" [x]

==================== Drivers (Whitelisted) ====================

2 ASMMAP; \??\C:\Program Files\ATKGFNEX\ASMMAP.sys [11632 2007-02-05] ()
3 AtcL001; C:\Windows\System32\DRIVERS\atl01v32.sys [48128 2007-03-15] (Attansic Technology corporation.)
3 AVerAF15DMBTH; C:\Windows\System32\Drivers\AVerAF15DMBTH.sys [569728 2010-05-06] (AVerMedia TECHNOLOGIES, Inc.)
2 ghaio; \??\C:\Program Files\ASUS\NB Probe\SPM\ghaio.sys [15216 2006-11-16] ()
3 kbfiltr; C:\Windows\System32\DRIVERS\kbfiltr.sys [5632 2007-01-24] ( )
0 MpFilter; C:\Windows\System32\DRIVERS\MpFilter.sys [193552 2012-08-30] (Microsoft Corporation)
3 MTsensor; C:\Windows\System32\DRIVERS\ATKACPI.sys [7680 2006-12-14] (ATK0100)
3 SNP2UVC; C:\Windows\System32\DRIVERS\snp2uvc.sys [1743232 2007-05-25] ()
4 sptd; C:\Windows\System32\Drivers\sptd.sys [691696 2009-10-31] (Duplex Secure Ltd.)
0 tdrpman; C:\Windows\System32\DRIVERS\tdrpman.sys [775232 2012-10-02] (Acronis)
0 vididr; C:\Windows\System32\DRIVERS\vididr.sys [126880 2012-10-02] (Acronis)
0 vidsflt67; C:\Windows\System32\DRIVERS\vsflt67.sys [86496 2012-10-02] (Acronis)
4 blbdrive; C:\Windows\system32\drivers\blbdrive.sys [x]
3 IpInIp; C:\Windows\System32\DRIVERS\ipinip.sys [x]
3 NwlnkFlt; C:\Windows\System32\DRIVERS\nwlnkflt.sys [x]
3 NwlnkFwd; C:\Windows\System32\DRIVERS\nwlnkfwd.sys [x]

==================== NetSvcs (Whitelisted) ===================


==================== One Month Created Files and Folders ========

2012-10-08 08:52 - 2012-10-08 08:52 - 00000000 ____D C:\FRST
2012-10-02 23:12 - 2012-10-02 23:12 - 00000000 ____D C:\Users\Nina\AppData\Roaming\Acronis
2012-10-02 23:10 - 2012-10-02 23:10 - 00775232 ____A (Acronis) C:\Windows\System32\Drivers\tdrpman.sys
2012-10-02 23:10 - 2012-10-02 23:10 - 00614592 ____A (Acronis) C:\Windows\System32\Drivers\timntr.sys
2012-10-02 23:10 - 2012-10-02 23:10 - 00234752 ____A (Acronis) C:\Windows\System32\Drivers\afcdp.sys
2012-10-02 23:09 - 2012-10-02 23:09 - 00177600 ____A (Acronis) C:\Windows\System32\Drivers\snapman.sys
2012-10-02 23:09 - 2012-10-02 23:09 - 00126880 ____A (Acronis) C:\Windows\System32\Drivers\vididr.sys
2012-10-02 23:09 - 2012-10-02 23:09 - 00086496 ____A (Acronis) C:\Windows\System32\Drivers\vsflt67.sys
2012-10-02 23:09 - 2012-10-02 23:09 - 00080416 ____A (Acronis) C:\Windows\System32\Drivers\fltsrv.sys
2012-10-02 23:08 - 2012-10-02 23:08 - 00001011 ____A C:\Users\Public\Desktop\Acronis True Image Home 2012.lnk
2012-10-02 23:08 - 2012-10-02 23:08 - 00000000 ____D C:\Program Files\Acronis
2012-10-02 23:07 - 2012-10-02 23:10 - 00000000 ____D C:\Program Files\Common Files\Acronis
2012-10-02 22:55 - 2012-08-25 23:30 - 225073224 ____A C:\Users\Nina\Desktop\ATIH2012_trial_en-US.exe
2012-10-02 12:33 - 2012-10-02 12:33 - 00181064 ____A (Sysinternals) C:\Windows\PSEXESVC.EXE
2012-10-02 12:32 - 2010-04-26 23:04 - 00381816 ____A (Sysinternals - www.sysinternals.com) C:\Windows\System32\PsExec.exe
2012-10-02 12:26 - 2012-10-02 12:26 - 00000422 ____A C:\Windows\BitsRepairTool.log
2012-10-02 11:56 - 2012-10-02 11:56 - 00000000 ____D C:\Users\Nina\Desktop\Neuer Ordner
2012-10-01 09:11 - 2012-10-01 09:11 - 00000000 ____D C:\Users\Nina\AppData\Local\{ECDEF87C-64BF-4661-B9CC-BF20B5C042C5}
2012-10-01 09:02 - 2012-10-01 09:02 - 00000020 ____A C:\Users\Nina\defogger_reenable
2012-10-01 06:56 - 2012-10-01 06:56 - 00000000 ____D C:\Users\Nina\AppData\Local\{A083496B-F28A-454E-ACD6-AE190C1B0283}
2012-10-01 01:01 - 2012-10-01 01:01 - 00060392 ____A C:\Users\Nina\Desktop\Extras.Txt
2012-10-01 00:57 - 2012-10-01 00:57 - 01379872 ____A C:\Users\Nina\Desktop\OTL.Txt
2012-09-30 23:07 - 2012-09-30 23:07 - 00000000 ____D C:\Users\Nina\AppData\Local\{3A09E88B-5581-46ED-9BC1-37B250087C21}
2012-09-30 21:44 - 2012-09-30 11:45 - 00602112 ____A (OldTimer Tools) C:\Users\Nina\Desktop\OTL.exe
2012-09-30 21:44 - 2012-09-30 11:45 - 00302592 ____A C:\Users\Nina\Desktop\soo9ymcb.exe
2012-09-30 10:04 - 2012-09-30 10:04 - 00000000 ____D C:\Users\Nina\AppData\Roaming\Malwarebytes
2012-09-30 10:02 - 2012-09-30 10:02 - 00000913 ____A C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
2012-09-30 10:02 - 2012-09-30 10:02 - 00000000 ____D C:\Program Files\Malwarebytes' Anti-Malware
2012-09-30 10:02 - 2012-09-07 05:04 - 00022856 ____A (Malwarebytes Corporation) C:\Windows\System32\Drivers\mbam.sys
2012-09-30 08:53 - 2012-09-30 08:53 - 00000214 ____A C:\Users\Nina\Desktop\Sid Meier's Civilization V.url
2012-09-30 08:11 - 2012-10-01 09:12 - 00000000 ____D C:\Program Files\Steam
2012-09-30 08:11 - 2012-09-30 23:08 - 00000000 ____D C:\Program Files\Common Files\Steam
2012-09-30 08:11 - 2012-09-30 08:11 - 00000793 ____A C:\Users\Public\Desktop\Steam.lnk
2012-09-30 07:01 - 2012-10-02 12:44 - 00001912 ____A C:\Windows\epplauncher.mif
2012-09-30 06:58 - 2012-10-02 12:43 - 00000000 ____D C:\Program Files\Microsoft Security Client
2012-09-30 06:19 - 2012-09-30 06:20 - 00000000 ____D C:\Users\Nina\AppData\Local\{E6D7D3C0-3687-457D-8D8D-AF6830A285E0}
2012-09-29 10:22 - 2012-09-29 10:22 - 00000000 ____D C:\Users\Nina\AppData\Local\{20666CC0-4259-43A3-A916-C011F1229BFD}
2012-09-27 19:57 - 2012-09-27 19:57 - 00000000 ____D C:\Users\Nina\AppData\Local\{D21FCDC8-0591-4A39-A636-7040B1A90BC8}
2012-09-27 07:40 - 2012-08-24 08:27 - 12319744 ____A (Microsoft Corporation) C:\Windows\System32\mshtml.dll
2012-09-27 07:40 - 2012-08-24 08:03 - 09738240 ____A (Microsoft Corporation) C:\Windows\System32\ieframe.dll
2012-09-27 07:40 - 2012-08-24 07:59 - 01800704 ____A (Microsoft Corporation) C:\Windows\System32\jscript9.dll
2012-09-27 07:40 - 2012-08-24 07:51 - 01427968 ____A (Microsoft Corporation) C:\Windows\System32\inetcpl.cpl
2012-09-27 07:40 - 2012-08-24 07:51 - 01129472 ____A (Microsoft Corporation) C:\Windows\System32\wininet.dll
2012-09-27 07:40 - 2012-08-24 07:51 - 01103872 ____A (Microsoft Corporation) C:\Windows\System32\urlmon.dll
2012-09-27 07:40 - 2012-08-24 07:49 - 00231936 ____A (Microsoft Corporation) C:\Windows\System32\url.dll
2012-09-27 07:40 - 2012-08-24 07:48 - 00065024 ____A (Microsoft Corporation) C:\Windows\System32\jsproxy.dll
2012-09-27 07:40 - 2012-08-24 07:47 - 00717824 ____A (Microsoft Corporation) C:\Windows\System32\jscript.dll
2012-09-27 07:40 - 2012-08-24 07:47 - 00420864 ____A (Microsoft Corporation) C:\Windows\System32\vbscript.dll
2012-09-27 07:40 - 2012-08-24 07:47 - 00142848 ____A (Microsoft Corporation) C:\Windows\System32\ieUnatt.exe
2012-09-27 07:40 - 2012-08-24 07:45 - 00607744 ____A (Microsoft Corporation) C:\Windows\System32\msfeeds.dll
2012-09-27 07:40 - 2012-08-24 07:44 - 01793024 ____A (Microsoft Corporation) C:\Windows\System32\iertutil.dll
2012-09-27 07:40 - 2012-08-24 07:44 - 00073216 ____A (Microsoft Corporation) C:\Windows\System32\mshtmled.dll
2012-09-27 07:40 - 2012-08-24 07:43 - 02382848 ____A (Microsoft Corporation) C:\Windows\System32\mshtml.tlb
2012-09-27 07:40 - 2012-08-24 07:40 - 00176640 ____A (Microsoft Corporation) C:\Windows\System32\ieui.dll
2012-09-27 06:49 - 2012-09-27 06:49 - 00000000 ____D C:\Users\Nina\AppData\Local\{928279D6-6C89-49E1-8F47-762BC1025D61}
2012-09-27 04:36 - 2012-09-27 04:36 - 00001880 ____A C:\Users\Public\Desktop\Skype.lnk
2012-09-27 04:36 - 2012-09-27 04:36 - 00000000 ____D C:\Program Files\Common Files\Skype
2012-09-27 02:57 - 2012-09-27 02:57 - 00000000 ____D C:\Users\Nina\AppData\Local\{8771A15B-7446-4500-82BD-7D9955761C20}
2012-09-25 23:16 - 2012-09-25 23:16 - 00000000 ____D C:\Users\Nina\AppData\Local\{75BAB726-26B3-489B-AB66-6C843DD63D67}
2012-09-25 01:44 - 2012-09-25 01:44 - 00000000 ____D C:\Users\Nina\AppData\Local\{8E93B501-DBF1-44CF-8D06-26E71FF5752E}
2012-09-22 11:01 - 2012-09-22 11:01 - 00000000 ____D C:\Users\Nina\AppData\Local\{6396CA56-3F9E-4835-A99D-8072AA846B38}
2012-09-19 11:42 - 2012-09-19 11:42 - 00000000 ____D C:\Users\Florian\AppData\Roaming\dvdcss
10508-02-27 20:36 - 2012-06-02 14:25 - 00000000 ____D C:\Users\Nina\Documents\NINA - Queen of Awesomeness and Antarctica
10508-02-27 20:35 - 2012-06-02 14:25 - 00000000 ____D C:\Users\Nina\Documents\Uni und Schule
10508-02-27 20:34 - 2012-06-07 10:19 - 00000000 ____D C:\Users\Nina\Documents\pics from NZ friends

==================== 3 Months Modified Files ==================

2012-10-08 07:48 - 2007-04-18 09:33 - 00000012 ____A C:\Windows\bthservsdp.dat
2012-10-08 07:48 - 2006-11-02 14:01 - 00032632 ____A C:\Windows\Tasks\SCHEDLGU.TXT
2012-10-08 07:48 - 2006-11-02 14:01 - 00000006 ___AH C:\Windows\Tasks\SA.DAT
2012-10-08 07:47 - 2009-12-15 22:29 - 00001090 ____A C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
2012-10-08 07:47 - 2006-11-02 13:47 - 00003296 ___AH C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0
2012-10-08 07:47 - 2006-11-02 13:47 - 00003296 ___AH C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0
2012-10-08 07:20 - 2009-12-15 22:29 - 00001094 ____A C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
2012-10-07 22:45 - 2006-11-02 11:33 - 01458792 ____A C:\Windows\System32\PerfStringBackup.INI
2012-10-07 22:44 - 2007-11-06 10:54 - 01580696 ____A C:\Windows\WindowsUpdate.log
2012-10-07 20:55 - 2007-11-06 12:19 - 00059542 ____A C:\Windows\PFRO.log
2012-10-02 23:10 - 2012-10-02 23:10 - 00775232 ____A (Acronis) C:\Windows\System32\Drivers\tdrpman.sys
2012-10-02 23:10 - 2012-10-02 23:10 - 00614592 ____A (Acronis) C:\Windows\System32\Drivers\timntr.sys
2012-10-02 23:10 - 2012-10-02 23:10 - 00234752 ____A (Acronis) C:\Windows\System32\Drivers\afcdp.sys
2012-10-02 23:09 - 2012-10-02 23:09 - 00177600 ____A (Acronis) C:\Windows\System32\Drivers\snapman.sys
2012-10-02 23:09 - 2012-10-02 23:09 - 00126880 ____A (Acronis) C:\Windows\System32\Drivers\vididr.sys
2012-10-02 23:09 - 2012-10-02 23:09 - 00086496 ____A (Acronis) C:\Windows\System32\Drivers\vsflt67.sys
2012-10-02 23:09 - 2012-10-02 23:09 - 00080416 ____A (Acronis) C:\Windows\System32\Drivers\fltsrv.sys
2012-10-02 23:08 - 2012-10-02 23:08 - 00001011 ____A C:\Users\Public\Desktop\Acronis True Image Home 2012.lnk
2012-10-02 12:54 - 2007-12-26 18:52 - 00052566 ____A C:\Users\Nina\AppData\Roaming\nvModes.001
2012-10-02 12:44 - 2012-09-30 07:01 - 00001912 ____A C:\Windows\epplauncher.mif
2012-10-02 12:33 - 2012-10-02 12:33 - 00181064 ____A (Sysinternals) C:\Windows\PSEXESVC.EXE
2012-10-02 12:26 - 2012-10-02 12:26 - 00000422 ____A C:\Windows\BitsRepairTool.log
2012-10-01 09:02 - 2012-10-01 09:02 - 00000020 ____A C:\Users\Nina\defogger_reenable
2012-10-01 06:55 - 2007-11-06 12:21 - 00045056 ____A C:\Windows\System32\acovcnt.exe
2012-10-01 01:01 - 2012-10-01 01:01 - 00060392 ____A C:\Users\Nina\Desktop\Extras.Txt
2012-10-01 00:57 - 2012-10-01 00:57 - 01379872 ____A C:\Users\Nina\Desktop\OTL.Txt
2012-09-30 11:45 - 2012-09-30 21:44 - 00602112 ____A (OldTimer Tools) C:\Users\Nina\Desktop\OTL.exe
2012-09-30 11:45 - 2012-09-30 21:44 - 00302592 ____A C:\Users\Nina\Desktop\soo9ymcb.exe
2012-09-30 10:02 - 2012-09-30 10:02 - 00000913 ____A C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
2012-09-30 09:34 - 2010-02-22 23:39 - 00035541 ____A C:\Users\Florian\AppData\Roaming\nvModes.001
2012-09-30 08:53 - 2012-09-30 08:53 - 00000214 ____A C:\Users\Nina\Desktop\Sid Meier's Civilization V.url
2012-09-30 08:11 - 2012-09-30 08:11 - 00000793 ____A C:\Users\Public\Desktop\Steam.lnk
2012-09-27 07:36 - 2006-11-02 11:24 - 62164608 ____A (Microsoft Corporation) C:\Windows\System32\mrt.exe
2012-09-27 04:36 - 2012-09-27 04:36 - 00001880 ____A C:\Users\Public\Desktop\Skype.lnk
2012-09-27 03:16 - 2007-12-25 16:47 - 00052566 ____A C:\Users\Nina\AppData\Roaming\nvModes.dat
2012-09-27 02:54 - 2006-11-02 13:52 - 00086153 ____A C:\Windows\setupact.log
2012-09-25 01:52 - 2007-11-06 11:11 - 00002631 ____A C:\Users\Nina\Desktop\Microsoft Office Word 2007.lnk
2012-09-19 11:39 - 2010-02-14 13:41 - 00102376 ____A C:\Users\Florian\AppData\Local\GDIPFONTCACHEV1.DAT
2012-09-07 05:04 - 2012-09-30 10:02 - 00022856 ____A (Malwarebytes Corporation) C:\Windows\System32\Drivers\mbam.sys
2012-08-30 10:03 - 2012-08-30 10:03 - 00193552 ____A (Microsoft Corporation) C:\Windows\System32\Drivers\MpFilter.sys
2012-08-30 10:03 - 2012-03-20 08:44 - 00099272 ____A (Microsoft Corporation) C:\Windows\System32\Drivers\NisDrvWFP.sys
2012-08-25 23:30 - 2012-10-02 22:55 - 225073224 ____A C:\Users\Nina\Desktop\ATIH2012_trial_en-US.exe
2012-08-24 08:27 - 2012-09-27 07:40 - 12319744 ____A (Microsoft Corporation) C:\Windows\System32\mshtml.dll
2012-08-24 08:03 - 2012-09-27 07:40 - 09738240 ____A (Microsoft Corporation) C:\Windows\System32\ieframe.dll
2012-08-24 07:59 - 2012-09-27 07:40 - 01800704 ____A (Microsoft Corporation) C:\Windows\System32\jscript9.dll
2012-08-24 07:51 - 2012-09-27 07:40 - 01427968 ____A (Microsoft Corporation) C:\Windows\System32\inetcpl.cpl
2012-08-24 07:51 - 2012-09-27 07:40 - 01129472 ____A (Microsoft Corporation) C:\Windows\System32\wininet.dll
2012-08-24 07:51 - 2012-09-27 07:40 - 01103872 ____A (Microsoft Corporation) C:\Windows\System32\urlmon.dll
2012-08-24 07:49 - 2012-09-27 07:40 - 00231936 ____A (Microsoft Corporation) C:\Windows\System32\url.dll
2012-08-24 07:48 - 2012-09-27 07:40 - 00065024 ____A (Microsoft Corporation) C:\Windows\System32\jsproxy.dll
2012-08-24 07:47 - 2012-09-27 07:40 - 00717824 ____A (Microsoft Corporation) C:\Windows\System32\jscript.dll
2012-08-24 07:47 - 2012-09-27 07:40 - 00420864 ____A (Microsoft Corporation) C:\Windows\System32\vbscript.dll
2012-08-24 07:47 - 2012-09-27 07:40 - 00142848 ____A (Microsoft Corporation) C:\Windows\System32\ieUnatt.exe
2012-08-24 07:45 - 2012-09-27 07:40 - 00607744 ____A (Microsoft Corporation) C:\Windows\System32\msfeeds.dll
2012-08-24 07:44 - 2012-09-27 07:40 - 01793024 ____A (Microsoft Corporation) C:\Windows\System32\iertutil.dll
2012-08-24 07:44 - 2012-09-27 07:40 - 00073216 ____A (Microsoft Corporation) C:\Windows\System32\mshtmled.dll
2012-08-24 07:43 - 2012-09-27 07:40 - 02382848 ____A (Microsoft Corporation) C:\Windows\System32\mshtml.tlb
2012-08-24 07:40 - 2012-09-27 07:40 - 00176640 ____A (Microsoft Corporation) C:\Windows\System32\ieui.dll
2012-08-19 07:56 - 2006-11-02 13:47 - 00380544 ____A C:\Windows\System32\FNTCACHE.DAT
2012-07-22 18:34 - 2007-12-23 21:51 - 00102376 ____A C:\Users\Nina\AppData\Local\GDIPFONTCACHEV1.DAT
2012-07-12 17:15 - 2006-11-02 11:23 - 00000219 ____A C:\Windows\win.ini


ZeroAccess:
C:\$Recycle.Bin\S-1-5-21-1915372461-94194756-3268695451-1000\$898db74ea6967aeb234f4d8d0754815e

ZeroAccess:
C:\$Recycle.Bin\S-1-5-18\$898db74ea6967aeb234f4d8d0754815e

==================== Known DLLs (Whitelisted) =================


==================== Bamital & volsnap Check =================

C:\Windows\explorer.exe => MD5 is legit
C:\Windows\System32\winlogon.exe => MD5 is legit
C:\Windows\System32\wininit.exe => MD5 is legit
C:\Windows\System32\svchost.exe => MD5 is legit
C:\Windows\System32\services.exe => MD5 is legit
C:\Windows\System32\User32.dll => MD5 is legit
C:\Windows\System32\userinit.exe => MD5 is legit
C:\Windows\System32\Drivers\volsnap.sys => MD5 is legit

==================== EXE ASSOCIATION =====================

HKLM\...\.exe: exefile => OK
HKLM\...\exefile\DefaultIcon: %1 => OK
HKLM\...\exefile\open\command: "%1" %* => OK

==================== Restore Points  =========================

Restore point made on: 2012-10-07 22:04:23

==================== Memory info ===========================

Percentage of memory in use: 19%
Total physical RAM: 2046.48 MB
Available physical RAM: 1642.89 MB
Total Pagefile: 1854.95 MB
Available Pagefile: 1711.61 MB
Total Virtual: 2047.88 MB
Available Virtual: 1980.94 MB

==================== Partitions =============================

1 Drive c: (VistaOS) (Fixed) (Total:116.44 GB) (Free:23.13 GB) NTFS ==>[System with boot components (obtained from reading drive)]
2 Drive d: (DATA) (Fixed) (Total:109.6 GB) (Free:31.07 GB) NTFS
4 Drive f: () (Removable) (Total:3.85 GB) (Free:0.73 GB) FAT32
5 Drive g: () (Removable) (Total:0.94 GB) (Free:0.65 GB) FAT
6 Drive x: (Boot) (Fixed) (Total:0.03 GB) (Free:0.03 GB) NTFS

  Datentr ###  Status      Gr”áe    Frei    Dyn  GPT
  --------  ----------  -------  -------  ---  ---
      0    Online      233 GB      0 B       
      1    Online      3946 MB      0 B       
      2    Online      968 MB      0 B       



Last Boot: 2012-10-07 22:47

==================== End Of Log ============================

DerJazzer 08.10.2012 11:52
Hi :)

der will uns ärgern ;) Versuchen wir es hiermit:

Schritt 1

Downloade dir bitte aswMBR.exe und speichere die Datei auf deinem Desktop.
  • Starte die aswMBR.exe - (aswMBR.exe Anleitung)
    Vista und Win7 User mit Rechtsklick "als Admininstartor starten"
  • Das Tool wird dich fragen, ob Du mit der aktuellen Virendefinition von AVAST! dein System scannen willst. Beantworte diese Frage bitte mit Ja. (Sollte deine Firewall fragen, bitte den Zugriff auf das Internet zulassen!)
    Der Download der Definitionen kann je nach Verbindung eine Weile dauern.
  • Klicke auf Scan.
  • Warte bitte bis Scan finished successfully im DOS Fenster steht.
  • Drücke auf Save Log und speichere diese auf dem Desktop.
Poste mir die aswMBR.txt in deiner nächsten Antwort.

Wichtig: Drücke keinesfalls einen der Fix Buttons ohne Anweisung!

Hinweis: Sollte der Scan Button ausgeblendet sein, schließe das Tool und starte es erneut. Sollte es erneut nicht klappen, teile mir das bitte mit.


Schritt 2

Lese bitte folgende Anweisungen genau. Wir wollen hier noch nichts "fixen" sondern nur einen Scan Report sehen.
Downloade dir bitte TDSSKiller.exe und speichere diese Datei auf dem Desktop
  • Starte die TDSSKiller.exe
  • Drücke Start Scan
  • Sollten infizierte Objekte gefunden werden, wähle keinesfalls Cure. Wähle Skip und speichere das Logfile. TDSSKiller wird eine Logfile auf deinem Systemlaufwerk speichern ( Meistens C:\ ) Als Beispiel: C:\TDSSKiller.<version_date_time>log.txt
Poste den Inhalt bitte hier in deinen Thread.


Bitte poste in deiner nächsten Antwort
  • aswMBR.txt
  • TDSSKiller-Log

SatanasOz 08.10.2012 21:59
nächste Runde:

Code:
aswMBR version 0.9.9.1665 Copyright(c) 2011 AVAST Software
Run date: 2012-10-09 09:29:12
-----------------------------
09:29:12.268    OS Version: Windows 6.0.6002 Service Pack 2
09:29:12.269    Number of processors: 2 586 0xF0B
09:29:12.271    ComputerName: NINA-PC  UserName: Nina
09:29:45.973    Initialize success
09:33:13.913    AVAST engine defs: 12100800
09:36:25.842    The log file has been saved successfully to "G:\aswMBR.txt"
Code:
09:36:50.0959 1960  TDSS rootkit removing tool 2.8.10.0 Sep 17 2012 19:23:24
09:36:51.0870 1960  ============================================================
09:36:51.0871 1960  Current date / time: 2012/10/09 09:36:51.0870
09:36:51.0871 1960  SystemInfo:
09:36:51.0871 1960 
09:36:51.0871 1960  OS Version: 6.0.6002 ServicePack: 2.0
09:36:51.0871 1960  Product type: Workstation
09:36:51.0871 1960  ComputerName: NINA-PC
09:36:51.0871 1960  UserName: Nina
09:36:51.0872 1960  Windows directory: C:\Windows
09:36:51.0872 1960  System windows directory: C:\Windows
09:36:51.0872 1960  Processor architecture: Intel x86
09:36:51.0872 1960  Number of processors: 2
09:36:51.0872 1960  Page size: 0x1000
09:36:51.0872 1960  Boot type: Normal boot
09:36:51.0872 1960  ============================================================
09:36:53.0234 1960  Drive \Device\Harddisk0\DR0 - Size: 0x3A38B2E000 (232.89 Gb), SectorSize: 0x200, Cylinders: 0x3A38B, SectorsPerTrack: 0x20, TracksPerCylinder: 0x40, Type 'K0', Flags 0x00000050
09:36:53.0242 1960  Drive \Device\Harddisk1\DR3 - Size: 0x3C780000 (0.94 Gb), SectorSize: 0x200, Cylinders: 0x7B, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'W'
09:36:53.0243 1960  ============================================================
09:36:53.0243 1960  \Device\Harddisk0\DR0:
09:36:53.0243 1960  MBR partitions:
09:36:53.0243 1960  \Device\Harddisk0\DR0\Partition1: MBR, Type 0x7, StartLBA 0xDAC800, BlocksNum 0xE8E2800
09:36:53.0263 1960  \Device\Harddisk0\DR0\Partition2: MBR, Type 0x7, StartLBA 0xF68F800, BlocksNum 0xDB35800
09:36:53.0263 1960  \Device\Harddisk1\DR3:
09:36:53.0263 1960  MBR partitions:
09:36:53.0263 1960  \Device\Harddisk1\DR3\Partition1: MBR, Type 0x6, StartLBA 0x20, BlocksNum 0x1E3BE0
09:36:53.0263 1960  ============================================================
09:36:53.0306 1960  C: <-> \Device\Harddisk0\DR0\Partition1
09:36:53.0402 1960  D: <-> \Device\Harddisk0\DR0\Partition2
09:36:53.0403 1960  ============================================================
09:36:53.0403 1960  Initialize success
09:36:53.0403 1960  ============================================================
09:37:01.0014 5604  ============================================================
09:37:01.0014 5604  Scan started
09:37:01.0014 5604  Mode: Manual;
09:37:01.0014 5604  ============================================================
09:37:01.0386 5604  ================ Scan system memory ========================
09:37:01.0386 5604  System memory - ok
09:37:01.0387 5604  ================ Scan services =============================
09:37:02.0039 5604  [ 82B296AE1892FE3DBEE00C9CF92F8AC7 ] ACPI            C:\Windows\system32\drivers\acpi.sys
09:37:02.0046 5604  ACPI - ok
09:37:02.0240 5604  [ FE1E7BDA5639D5EC9BD575137D0C3516 ] AcrSch2Svc      C:\Program Files\Common Files\Acronis\Schedule2\schedul2.exe
09:37:02.0288 5604  AcrSch2Svc - ok
09:37:02.0345 5604  [ 2EDC5BBAC6C651ECE337BDE8ED97C9FB ] adp94xx        C:\Windows\system32\drivers\adp94xx.sys
09:37:02.0367 5604  adp94xx - ok
09:37:02.0393 5604  [ B84088CA3CDCA97DA44A984C6CE1CCAD ] adpahci        C:\Windows\system32\drivers\adpahci.sys
09:37:02.0402 5604  adpahci - ok
09:37:02.0427 5604  [ 7880C67BCCC27C86FD05AA2AFB5EA469 ] adpu160m        C:\Windows\system32\drivers\adpu160m.sys
09:37:02.0431 5604  adpu160m - ok
09:37:02.0458 5604  [ 9AE713F8E30EFC2ABCCD84904333DF4D ] adpu320        C:\Windows\system32\drivers\adpu320.sys
09:37:02.0461 5604  adpu320 - ok
09:37:02.0521 5604  [ 9D1FDA9E086BA64E3C93C9DE32461BCF ] AeLookupSvc    C:\Windows\System32\aelupsvc.dll
09:37:02.0522 5604  AeLookupSvc - ok
09:37:02.0632 5604  [ 158ED54CE49CF828C1E46A811FFF8804 ] afcdp          C:\Windows\system32\DRIVERS\afcdp.sys
09:37:02.0650 5604  afcdp - ok
09:37:03.0001 5604  [ CD2B244F62BA9C4683597E3EDCB0FBE3 ] afcdpsrv        C:\Program Files\Common Files\Acronis\CDP\afcdpsrv.exe
09:37:03.0133 5604  afcdpsrv - ok
09:37:03.0211 5604  [ 3911B972B55FEA0478476B2E777B29FA ] AFD            C:\Windows\system32\drivers\afd.sys
09:37:03.0220 5604  AFD - ok
09:37:03.0250 5604  [ EF23439CDD587F64C2C1B8825CEAD7D8 ] agp440          C:\Windows\system32\drivers\agp440.sys
09:37:03.0253 5604  agp440 - ok
09:37:03.0275 5604  [ AE1FDF7BF7BB6C6A70F67699D880592A ] aic78xx        C:\Windows\system32\drivers\djsvs.sys
09:37:03.0278 5604  aic78xx - ok
09:37:03.0317 5604  [ A1545B731579895D8CC44FC0481C1192 ] ALG            C:\Windows\System32\alg.exe
09:37:03.0319 5604  ALG - ok
09:37:03.0345 5604  [ 90395B64600EBB4552E26E178C94B2E4 ] aliide          C:\Windows\system32\drivers\aliide.sys
09:37:03.0348 5604  aliide - ok
09:37:03.0374 5604  [ 2B13E304C9DFDFA5EB582F6A149FA2C7 ] amdagp          C:\Windows\system32\drivers\amdagp.sys
09:37:03.0377 5604  amdagp - ok
09:37:03.0397 5604  [ 0577DF1D323FE75A739C787893D300EA ] amdide          C:\Windows\system32\drivers\amdide.sys
09:37:03.0400 5604  amdide - ok
09:37:03.0438 5604  [ DC487885BCEF9F28EECE6FAC0E5DDFC5 ] AmdK7          C:\Windows\system32\drivers\amdk7.sys
09:37:03.0440 5604  AmdK7 - ok
09:37:03.0466 5604  [ 0CA0071DA4315B00FC1328CA86B425DA ] AmdK8          C:\Windows\system32\drivers\amdk8.sys
09:37:03.0468 5604  AmdK8 - ok
09:37:03.0526 5604  [ C6D704C7F0434DC791AAC37CAC4B6E14 ] Appinfo        C:\Windows\System32\appinfo.dll
09:37:03.0527 5604  Appinfo - ok
09:37:03.0623 5604  [ 4B5AE15E5C73EB4DC8DBEC2788230D41 ] Apple Mobile Device C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
09:37:03.0628 5604  Apple Mobile Device - ok
09:37:03.0655 5604  [ 5F673180268BB1FDB69C99B6619FE379 ] arc            C:\Windows\system32\drivers\arc.sys
09:37:03.0660 5604  arc - ok
09:37:03.0697 5604  [ 957F7540B5E7F602E44648C7DE5A1C05 ] arcsas          C:\Windows\system32\drivers\arcsas.sys
09:37:03.0700 5604  arcsas - ok
09:37:03.0763 5604  [ 66597AD6098352D11239C0C42100B176 ] ASLDRService    C:\Program Files\ATK Hotkey\ASLDRSrv.exe
09:37:03.0906 5604  ASLDRService - ok
09:37:04.0004 5604  [ F1A1B8C0E3B2542A2A9EC78EC0B3A591 ] ASMMAP          C:\Program Files\ATKGFNEX\ASMMAP.sys
09:37:04.0037 5604  ASMMAP - ok
09:37:04.0076 5604  [ 53B202ABEE6455406254444303E87BE1 ] AsyncMac        C:\Windows\system32\DRIVERS\asyncmac.sys
09:37:04.0078 5604  AsyncMac - ok
09:37:04.0114 5604  [ 1F05B78AB91C9075565A9D8A4B880BC4 ] atapi          C:\Windows\system32\drivers\atapi.sys
09:37:04.0119 5604  atapi - ok
09:37:04.0149 5604  [ B4C0D962A251555F3DAF42738CE6680D ] AtcL001        C:\Windows\system32\DRIVERS\atl01v32.sys
09:37:04.0152 5604  AtcL001 - ok
09:37:04.0175 5604  [ B607E1315332639B0FCA261F861FDD5F ] ATKGFNEXSrv    C:\Program Files\ATKGFNEX\GFNEXSrv.exe
09:37:04.0747 5604  ATKGFNEXSrv - ok
09:37:04.0808 5604  [ 68E2A1A0407A66CF50DA0300852424AB ] AudioEndpointBuilder C:\Windows\System32\Audiosrv.dll
09:37:04.0823 5604  AudioEndpointBuilder - ok
09:37:04.0836 5604  [ 68E2A1A0407A66CF50DA0300852424AB ] Audiosrv        C:\Windows\System32\Audiosrv.dll
09:37:04.0842 5604  Audiosrv - ok
09:37:04.0943 5604  [ 3E851CC6DB0C07A8CC640FD03EB6FDAE ] AVerAF15DMBTH  C:\Windows\system32\Drivers\AVerAF15DMBTH.sys
09:37:05.0010 5604  AVerAF15DMBTH - ok
09:37:05.0131 5604  [ 95D7F9544B6C989D1AEBBBE4664BCD70 ] AVerRemote      C:\Program Files\Common Files\AVerMedia\Service\AVerRemote.exe
09:37:05.0414 5604  AVerRemote - ok
09:37:05.0483 5604  [ 0DB0AB8415BFF81037981AF1D3BBBE97 ] AVerScheduleService C:\Program Files\Common Files\AVerMedia\Service\AVerScheduleService.exe
09:37:05.0727 5604  AVerScheduleService - ok
09:37:05.0781 5604  [ 67E506B75BD5326A3EC7B70BD014DFB6 ] Beep            C:\Windows\system32\drivers\Beep.sys
09:37:05.0783 5604  Beep - ok
09:37:05.0839 5604  [ C789AF0F724FDA5852FB9A7D3A432381 ] BFE            C:\Windows\System32\bfe.dll
09:37:05.0850 5604  BFE - ok
09:37:05.0923 5604  [ 93952506C6D67330367F7E7934B6A02F ] BITS            C:\Windows\System32\qmgr.dll
09:37:05.0949 5604  BITS - ok
09:37:05.0959 5604  blbdrive - ok
09:37:06.0015 5604  [ 3F56903E124E820AEECE6D471583C6C1 ] Bonjour Service C:\Program Files\Bonjour\mDNSResponder.exe
09:37:06.0020 5604  Bonjour Service - ok
09:37:06.0050 5604  [ 35F376253F687BDE63976CCB3F2108CA ] bowser          C:\Windows\system32\DRIVERS\bowser.sys
09:37:06.0053 5604  bowser - ok
09:37:06.0090 5604  [ 9F9ACC7F7CCDE8A15C282D3F88B43309 ] BrFiltLo        C:\Windows\system32\drivers\brfiltlo.sys
09:37:06.0092 5604  BrFiltLo - ok
09:37:06.0112 5604  [ 56801AD62213A41F6497F96DEE83755A ] BrFiltUp        C:\Windows\system32\drivers\brfiltup.sys
09:37:06.0114 5604  BrFiltUp - ok
09:37:06.0150 5604  [ A3629A0C4226F9E9C72FAAEEBC3AD33C ] Browser        C:\Windows\System32\browser.dll
09:37:06.0153 5604  Browser - ok
09:37:06.0179 5604  [ B304E75CFF293029EDDF094246747113 ] Brserid        C:\Windows\system32\drivers\brserid.sys
09:37:06.0181 5604  Brserid - ok
09:37:06.0206 5604  [ 203F0B1E73ADADBBB7B7B1FABD901F6B ] BrSerWdm        C:\Windows\system32\drivers\brserwdm.sys
09:37:06.0222 5604  BrSerWdm - ok
09:37:06.0255 5604  [ BD456606156BA17E60A04E18016AE54B ] BrUsbMdm        C:\Windows\system32\drivers\brusbmdm.sys
09:37:06.0256 5604  BrUsbMdm - ok
09:37:06.0266 5604  [ AF72ED54503F717A43268B3CC5FAEC2E ] BrUsbSer        C:\Windows\system32\drivers\brusbser.sys
09:37:06.0269 5604  BrUsbSer - ok
09:37:06.0289 5604  [ A820438255F37AB8BAA2BD59753A8D81 ] BthEnum        C:\Windows\system32\DRIVERS\BthEnum.sys
09:37:06.0291 5604  BthEnum - ok
09:37:06.0311 5604  [ AD07C1EC6665B8B35741AB91200C6B68 ] BTHMODEM        C:\Windows\system32\drivers\bthmodem.sys
09:37:06.0314 5604  BTHMODEM - ok
09:37:06.0340 5604  [ B8C3D9DDF85FD197C3E5F849FEF71144 ] BthPan          C:\Windows\system32\DRIVERS\bthpan.sys
09:37:06.0344 5604  BthPan - ok
09:37:06.0366 5604  [ 4A74BBB2B6761789F42A6613479BDB1D ] BTHPORT        C:\Windows\system32\Drivers\BTHport.sys
09:37:06.0371 5604  BTHPORT - ok
09:37:06.0409 5604  [ A4C8377FA4A994E07075107DBE2E3DCE ] BthServ        C:\Windows\System32\bthserv.dll
09:37:06.0424 5604  BthServ - ok
09:37:06.0458 5604  [ 1A407F9B707A06F55AA150F9AA072B09 ] BTHUSB          C:\Windows\system32\Drivers\BTHUSB.sys
09:37:06.0461 5604  BTHUSB - ok
09:37:06.0496 5604  [ 7ADD03E75BEB9E6DD102C3081D29840A ] cdfs            C:\Windows\system32\DRIVERS\cdfs.sys
09:37:06.0498 5604  cdfs - ok
09:37:06.0527 5604  [ 6B4BFFB9BECD728097024276430DB314 ] cdrom          C:\Windows\system32\DRIVERS\cdrom.sys
09:37:06.0531 5604  cdrom - ok
09:37:06.0576 5604  [ 312EC3E37A0A1F2006534913E37B4423 ] CertPropSvc    C:\Windows\System32\certprop.dll
09:37:06.0579 5604  CertPropSvc - ok
09:37:06.0607 5604  [ E5D4133F37219DBCFE102BC61072589D ] circlass        C:\Windows\system32\DRIVERS\circlass.sys
09:37:06.0609 5604  circlass - ok
09:37:06.0726 5604  [ D7659D3B5B92C31E84E53C1431F35132 ] CLFS            C:\Windows\system32\CLFS.sys
09:37:06.0760 5604  CLFS - ok
09:37:06.0843 5604  [ 8EE772032E2FE80A924F3B8DD5082194 ] clr_optimization_v2.0.50727_32 C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe
09:37:06.0847 5604  clr_optimization_v2.0.50727_32 - ok
09:37:06.0900 5604  [ C5A75EB48E2344ABDC162BDA79E16841 ] clr_optimization_v4.0.30319_32 C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe
09:37:06.0905 5604  clr_optimization_v4.0.30319_32 - ok
09:37:06.0955 5604  [ 99AFC3795B58CC478FBBBCDC658FCB56 ] CmBatt          C:\Windows\system32\DRIVERS\CmBatt.sys
09:37:06.0963 5604  CmBatt - ok
09:37:06.0991 5604  [ 45201046C776FFDAF3FC8A0029C581C8 ] cmdide          C:\Windows\system32\drivers\cmdide.sys
09:37:06.0993 5604  cmdide - ok
09:37:07.0019 5604  [ 6AFEF0B60FA25DE07C0968983EE4F60A ] Compbatt        C:\Windows\system32\DRIVERS\compbatt.sys
09:37:07.0022 5604  Compbatt - ok
09:37:07.0031 5604  COMSysApp - ok
09:37:07.0045 5604  [ 2A213AE086BBEC5E937553C7D9A2B22C ] crcdisk        C:\Windows\system32\drivers\crcdisk.sys
09:37:07.0047 5604  crcdisk - ok
09:37:07.0071 5604  [ 22A7F883508176489F559EE745B5BF5D ] Crusoe          C:\Windows\system32\drivers\crusoe.sys
09:37:07.0074 5604  Crusoe - ok
09:37:07.0136 5604  [ 75C6A297E364014840B48ECCD7525E30 ] CryptSvc        C:\Windows\system32\cryptsvc.dll
09:37:07.0139 5604  CryptSvc - ok
09:37:07.0203 5604  [ 3B5B4D53FEC14F7476CA29A20CC31AC9 ] DcomLaunch      C:\Windows\system32\rpcss.dll
09:37:07.0216 5604  DcomLaunch - ok
09:37:07.0256 5604  [ 622C41A07CA7E6DD91770F50D532CB6C ] DfsC            C:\Windows\system32\Drivers\dfsc.sys
09:37:07.0262 5604  DfsC - ok
09:37:07.0419 5604  [ 2CC3DCFB533A1035B13DCAB6160AB38B ] DFSR            C:\Windows\system32\DFSR.exe
09:37:07.0498 5604  DFSR - ok
09:37:07.0551 5604  [ 9028559C132146FB75EB7ACF384B086A ] Dhcp            C:\Windows\System32\dhcpcsvc.dll
09:37:07.0559 5604  Dhcp - ok
09:37:07.0605 5604  [ 5D4AEFC3386920236A548271F8F1AF6A ] disk            C:\Windows\system32\drivers\disk.sys
09:37:07.0617 5604  disk - ok
09:37:07.0659 5604  [ 57D762F6F5974AF0DA2BE88A3349BAAA ] Dnscache        C:\Windows\System32\dnsrslvr.dll
09:37:07.0664 5604  Dnscache - ok
09:37:07.0691 5604  [ 324FD74686B1EF5E7C19A8AF49E748F6 ] dot3svc        C:\Windows\System32\dot3svc.dll
09:37:07.0698 5604  dot3svc - ok
09:37:07.0724 5604  [ A622E888F8AA2F6B49E9BC466F0E5DEF ] DPS            C:\Windows\system32\dps.dll
09:37:07.0728 5604  DPS - ok
09:37:07.0776 5604  [ 97FEF831AB90BEE128C9AF390E243F80 ] drmkaud        C:\Windows\system32\drivers\drmkaud.sys
09:37:07.0778 5604  drmkaud - ok
09:37:07.0833 5604  [ C68AC676B0EF30CFBB1080ADCE49EB1F ] DXGKrnl        C:\Windows\System32\drivers\dxgkrnl.sys
09:37:07.0850 5604  DXGKrnl - ok
09:37:07.0889 5604  [ F88FB26547FD2CE6D0A5AF2985892C48 ] E1G60          C:\Windows\system32\DRIVERS\E1G60I32.sys
09:37:07.0894 5604  E1G60 - ok
09:37:07.0927 5604  [ C0B95E40D85CD807D614E264248A45B9 ] EapHost        C:\Windows\System32\eapsvc.dll
09:37:07.0940 5604  EapHost - ok
09:37:07.0996 5604  [ 7F64EA048DCFAC7ACF8B4D7B4E6FE371 ] Ecache          C:\Windows\system32\drivers\ecache.sys
09:37:08.0001 5604  Ecache - ok
09:37:08.0049 5604  [ 9BE3744D295A7701EB425332014F0797 ] ehRecvr        C:\Windows\ehome\ehRecvr.exe
09:37:08.0059 5604  ehRecvr - ok
09:37:08.0094 5604  [ AD1870C8E5D6DD340C829E6074BF3C3F ] ehSched        C:\Windows\ehome\ehsched.exe
09:37:08.0097 5604  ehSched - ok
09:37:08.0122 5604  [ C27C4EE8926E74AA72EFCAB24C5242C3 ] ehstart        C:\Windows\ehome\ehstart.dll
09:37:08.0132 5604  ehstart - ok
09:37:08.0174 5604  [ E8F3F21A71720C84BCF423B80028359F ] elxstor        C:\Windows\system32\drivers\elxstor.sys
09:37:08.0184 5604  elxstor - ok
09:37:08.0238 5604  [ 4E6B23DFC917EA39306B529B773950F4 ] EMDMgmt        C:\Windows\system32\emdmgmt.dll
09:37:08.0255 5604  EMDMgmt - ok
09:37:08.0320 5604  [ 67058C46504BC12D821F38CF99B7B28F ] EventSystem    C:\Windows\system32\es.dll
09:37:08.0326 5604  EventSystem - ok
09:37:08.0446 5604  [ 695E398E5858C10813E54FAFC933514F ] EvtEng          C:\Program Files\Intel\Wireless\Bin\EvtEng.exe
09:37:08.0465 5604  EvtEng - ok
09:37:08.0514 5604  [ 22B408651F9123527BCEE54B4F6C5CAE ] exfat          C:\Windows\system32\drivers\exfat.sys
09:37:08.0532 5604  exfat - ok
09:37:08.0568 5604  [ 1E9B9A70D332103C52995E957DC09EF8 ] fastfat        C:\Windows\system32\drivers\fastfat.sys
09:37:08.0573 5604  fastfat - ok
09:37:08.0605 5604  [ 63BDADA84951B9C03E641800E176898A ] fdc            C:\Windows\system32\DRIVERS\fdc.sys
09:37:08.0607 5604  fdc - ok
09:37:08.0635 5604  [ 6629B5F0E98151F4AFDD87567EA32BA3 ] fdPHost        C:\Windows\system32\fdPHost.dll
09:37:08.0638 5604  fdPHost - ok
09:37:08.0664 5604  [ 89ED56DCE8E47AF40892778A5BD31FD2 ] FDResPub        C:\Windows\system32\fdrespub.dll
09:37:08.0678 5604  FDResPub - ok
09:37:08.0711 5604  [ A8C0139A884861E3AAE9CFE73B208A9F ] FileInfo        C:\Windows\system32\drivers\fileinfo.sys
09:37:08.0713 5604  FileInfo - ok
09:37:08.0744 5604  [ 0AE429A696AECBC5970E3CF2C62635AE ] Filetrace      C:\Windows\system32\drivers\filetrace.sys
09:37:08.0746 5604  Filetrace - ok
09:37:08.0782 5604  [ 6603957EFF5EC62D25075EA8AC27DE68 ] flpydisk        C:\Windows\system32\DRIVERS\flpydisk.sys
09:37:08.0784 5604  flpydisk - ok
09:37:08.0817 5604  [ 01334F9EA68E6877C4EF05D3EA8ABB05 ] FltMgr          C:\Windows\system32\drivers\fltmgr.sys
09:37:08.0824 5604  FltMgr - ok
09:37:08.0886 5604  [ 17119D86FB4A43A99BF5242DD3038394 ] fltsrv          C:\Windows\system32\DRIVERS\fltsrv.sys
09:37:08.0896 5604  fltsrv - ok
09:37:08.0951 5604  [ 8CE364388C8ECA59B14B539179276D44 ] FontCache      C:\Windows\system32\FntCache.dll
09:37:08.0976 5604  FontCache - ok
09:37:09.0047 5604  [ C7FBDD1ED42F82BFA35167A5C9803EA3 ] FontCache3.0.0.0 C:\Windows\Microsoft.Net\Framework\v3.0\WPF\PresentationFontCache.exe
09:37:09.0057 5604  FontCache3.0.0.0 - ok
09:37:09.0080 5604  [ B972A66758577E0BFD1DE0F91AAA27B5 ] Fs_Rec          C:\Windows\system32\drivers\Fs_Rec.sys
09:37:09.0082 5604  Fs_Rec - ok
09:37:09.0112 5604  [ 4E1CD0A45C50A8882616CAE5BF82F3C5 ] gagp30kx        C:\Windows\system32\drivers\gagp30kx.sys
09:37:09.0114 5604  gagp30kx - ok
09:37:09.0140 5604  [ 8182FF89C65E4D38B2DE4BB0FB18564E ] GEARAspiWDM    C:\Windows\system32\DRIVERS\GEARAspiWDM.sys
09:37:09.0142 5604  GEARAspiWDM - ok
09:37:09.0188 5604  [ BA4A798183529FE251A3DCFA650670BF ] ghaio          C:\Program Files\ASUS\NB Probe\SPM\ghaio.sys
09:37:09.0199 5604  ghaio - ok
09:37:09.0246 5604  [ CD5D0AEEE35DFD4E986A5AA1500A6E66 ] gpsvc          C:\Windows\System32\gpsvc.dll
09:37:09.0264 5604  gpsvc - ok
09:37:09.0311 5604  [ 8F0DE4FEF8201E306F9938B0905AC96A ] gupdate        C:\Program Files\Google\Update\GoogleUpdate.exe
09:37:09.0316 5604  gupdate - ok
09:37:09.0338 5604  [ 8F0DE4FEF8201E306F9938B0905AC96A ] gupdatem        C:\Program Files\Google\Update\GoogleUpdate.exe
09:37:09.0341 5604  gupdatem - ok
09:37:09.0397 5604  [ CB04C744BE0A61B1D648FAED182C3B59 ] HdAudAddService C:\Windows\system32\drivers\HdAudio.sys
09:37:09.0405 5604  HdAudAddService - ok
09:37:09.0453 5604  [ 062452B7FFD68C8C042A6261FE8DFF4A ] HDAudBus        C:\Windows\system32\DRIVERS\HDAudBus.sys
09:37:09.0468 5604  HDAudBus - ok
09:37:09.0510 5604  [ 1338520E78D90154ED6BE8F84DE5FCEB ] HidBth          C:\Windows\system32\drivers\hidbth.sys
09:37:09.0511 5604  HidBth - ok
09:37:09.0530 5604  [ FF3160C3A2445128C5A6D9B076DA519E ] HidIr          C:\Windows\system32\drivers\hidir.sys
09:37:09.0533 5604  HidIr - ok
09:37:09.0557 5604  [ 84067081F3318162797385E11A8F0582 ] hidserv        C:\Windows\system32\hidserv.dll
09:37:09.0561 5604  hidserv - ok
09:37:09.0589 5604  [ CCA4B519B17E23A00B826C55716809CC ] HidUsb          C:\Windows\system32\DRIVERS\hidusb.sys
09:37:09.0591 5604  HidUsb - ok
09:37:09.0634 5604  [ D8AD255B37DA92434C26E4876DB7D418 ] hkmsvc          C:\Windows\system32\kmsvc.dll
09:37:09.0638 5604  hkmsvc - ok
09:37:09.0654 5604  [ DF353B401001246853763C4B7AAA6F50 ] HpCISSs        C:\Windows\system32\drivers\hpcisss.sys
09:37:09.0662 5604  HpCISSs - ok
09:37:09.0708 5604  [ F870AA3E254628EBEAFE754108D664DE ] HTTP            C:\Windows\system32\drivers\HTTP.sys
09:37:09.0721 5604  HTTP - ok
09:37:09.0752 5604  [ 324C2152FF2C61ABAE92D09F3CCA4D63 ] i2omp          C:\Windows\system32\drivers\i2omp.sys
09:37:09.0754 5604  i2omp - ok
09:37:09.0828 5604  [ 22D56C8184586B7A1F6FA60BE5F5A2BD ] i8042prt        C:\Windows\system32\DRIVERS\i8042prt.sys
09:37:09.0831 5604  i8042prt - ok
09:37:09.0895 5604  [ 582F2D900A3AC34C98FBDC2C0ABEF6B9 ] IAANTMON        C:\Program Files\Intel\Intel Matrix Storage Manager\Iaantmon.exe
09:37:09.0910 5604  IAANTMON - ok
09:37:09.0946 5604  [ FD7F9D74C2B35DBDA400804A3F5ED5D8 ] iaStor          C:\Windows\system32\DRIVERS\iaStor.sys
09:37:09.0951 5604  iaStor - ok
09:37:09.0981 5604  [ C957BF4B5D80B46C5017BF0101E6C906 ] iaStorV        C:\Windows\system32\drivers\iastorv.sys
09:37:09.0992 5604  iaStorV - ok
09:37:10.0190 5604  [ 98477B08E61945F974ED9FDC4CB6BDAB ] idsvc          C:\Windows\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\infocard.exe
09:37:10.0218 5604  idsvc - ok
09:37:10.0250 5604  [ 2D077BF86E843F901D8DB709C95B49A5 ] iirsp          C:\Windows\system32\drivers\iirsp.sys
09:37:10.0253 5604  iirsp - ok
09:37:10.0304 5604  [ 9908D8A397B76CD8D31D0D383C5773C9 ] IKEEXT          C:\Windows\System32\ikeext.dll
09:37:10.0324 5604  IKEEXT - ok
09:37:10.0455 5604  [ B84732D9F8459ABF6323D28A3270DC19 ] IntcAzAudAddService C:\Windows\system32\drivers\RTKVHDA.sys
09:37:10.0504 5604  IntcAzAudAddService - ok
09:37:10.0560 5604  [ 83AA759F3189E6370C30DE5DC5590718 ] intelide        C:\Windows\system32\drivers\intelide.sys
09:37:10.0567 5604  intelide - ok
09:37:10.0591 5604  [ 224191001E78C89DFA78924C3EA595FF ] intelppm        C:\Windows\system32\DRIVERS\intelppm.sys
09:37:10.0593 5604  intelppm - ok
09:37:10.0627 5604  [ 9AC218C6E6105477484C6FDBE7D409A4 ] IPBusEnum      C:\Windows\system32\ipbusenum.dll
09:37:10.0632 5604  IPBusEnum - ok
09:37:10.0663 5604  [ 62C265C38769B864CB25B4BCF62DF6C3 ] IpFilterDriver  C:\Windows\system32\DRIVERS\ipfltdrv.sys
09:37:10.0664 5604  IpFilterDriver - ok
09:37:10.0673 5604  IpInIp - ok
09:37:10.0701 5604  [ 40F34F8ABA2A015D780E4B09138B6C17 ] IPMIDRV        C:\Windows\system32\drivers\ipmidrv.sys
09:37:10.0705 5604  IPMIDRV - ok
09:37:10.0727 5604  [ 8793643A67B42CEC66490B2A0CF92D68 ] IPNAT          C:\Windows\system32\DRIVERS\ipnat.sys
09:37:10.0731 5604  IPNAT - ok
09:37:10.0857 5604  [ 1E6F080D5EDB4C3B4C4EB787A0848DCC ] iPod Service    C:\Program Files\iPod\bin\iPodService.exe
09:37:10.0875 5604  iPod Service - ok
09:37:10.0913 5604  [ 109C0DFB82C3632FBD11949B73AEEAC9 ] IRENUM          C:\Windows\system32\drivers\irenum.sys
09:37:10.0927 5604  IRENUM - ok
09:37:10.0957 5604  [ 350FCA7E73CF65BCEF43FAE1E4E91293 ] isapnp          C:\Windows\system32\drivers\isapnp.sys
09:37:10.0960 5604  isapnp - ok
09:37:11.0003 5604  [ 232FA340531D940AAC623B121A595034 ] iScsiPrt        C:\Windows\system32\DRIVERS\msiscsi.sys
09:37:11.0006 5604  iScsiPrt - ok
09:37:11.0021 5604  [ BCED60D16156E428F8DF8CF27B0DF150 ] iteatapi        C:\Windows\system32\drivers\iteatapi.sys
09:37:11.0024 5604  iteatapi - ok
09:37:11.0040 5604  [ 06FA654504A498C30ADCA8BEC4E87E7E ] iteraid        C:\Windows\system32\drivers\iteraid.sys
09:37:11.0042 5604  iteraid - ok
09:37:11.0066 5604  [ 37605E0A8CF00CBBA538E753E4344C6E ] kbdclass        C:\Windows\system32\DRIVERS\kbdclass.sys
09:37:11.0068 5604  kbdclass - ok
09:37:11.0093 5604  [ D2600CB17B7408B4A83F231DC9A11AC3 ] kbdhid          C:\Windows\system32\drivers\kbdhid.sys
09:37:11.0095 5604  kbdhid - ok
09:37:11.0124 5604  [ CC2A86D7BBF14977340DCA61BBCBA771 ] kbfiltr        C:\Windows\system32\DRIVERS\kbfiltr.sys
09:37:11.0126 5604  kbfiltr - ok
09:37:11.0163 5604  [ A3E186B4B935905B829219502557314E ] KeyIso          C:\Windows\system32\lsass.exe
09:37:11.0167 5604  KeyIso - ok
09:37:11.0209 5604  [ 4A1445EFA932A3BAF5BDB02D7131EE20 ] KSecDD          C:\Windows\system32\Drivers\ksecdd.sys
09:37:11.0223 5604  KSecDD - ok
09:37:11.0282 5604  [ 8078F8F8F7A79E2E6B494523A828C585 ] KtmRm          C:\Windows\system32\msdtckrm.dll
09:37:11.0293 5604  KtmRm - ok
09:37:11.0353 5604  [ 1BF5EEBFD518DD7298434D8C862F825D ] LanmanServer    C:\Windows\system32\srvsvc.dll
09:37:11.0361 5604  LanmanServer - ok
09:37:11.0402 5604  [ 1DB69705B695B987082C8BAEC0C6B34F ] LanmanWorkstation C:\Windows\System32\wkssvc.dll
09:37:11.0419 5604  LanmanWorkstation - ok
09:37:11.0477 5604  [ 793FF718477345CD5D232C50BED1E452 ] LightScribeService C:\Program Files\Common Files\LightScribe\LSSrvc.exe
09:37:11.0480 5604  LightScribeService - ok
09:37:11.0510 5604  [ D1C5883087A0C3F1344D9D55A44901F6 ] lltdio          C:\Windows\system32\DRIVERS\lltdio.sys
09:37:11.0512 5604  lltdio - ok
09:37:11.0559 5604  [ 2D5A428872F1442631D0959A34ABFF63 ] lltdsvc        C:\Windows\System32\lltdsvc.dll
09:37:11.0575 5604  lltdsvc - ok
09:37:11.0606 5604  [ 35D40113E4A5B961B6CE5C5857702518 ] lmhosts        C:\Windows\System32\lmhsvc.dll
09:37:11.0611 5604  lmhosts - ok
09:37:11.0652 5604  [ A2262FB9F28935E862B4DB46438C80D2 ] LSI_FC          C:\Windows\system32\drivers\lsi_fc.sys
09:37:11.0686 5604  LSI_FC - ok
09:37:11.0710 5604  [ 30D73327D390F72A62F32C103DAF1D6D ] LSI_SAS        C:\Windows\system32\drivers\lsi_sas.sys
09:37:11.0733 5604  LSI_SAS - ok
09:37:11.0766 5604  [ E1E36FEFD45849A95F1AB81DE0159FE3 ] LSI_SCSI        C:\Windows\system32\drivers\lsi_scsi.sys
09:37:11.0770 5604  LSI_SCSI - ok
09:37:11.0798 5604  [ 8F5C7426567798E62A3B3614965D62CC ] luafv          C:\Windows\system32\drivers\luafv.sys
09:37:11.0808 5604  luafv - ok
09:37:11.0848 5604  [ AEF9BABB8A506BC4CE0451A64AADED46 ] Mcx2Svc        C:\Windows\system32\Mcx2Svc.dll
09:37:11.0853 5604  Mcx2Svc - ok
09:37:11.0884 5604  [ D153B14FC6598EAE8422A2037553ADCE ] megasas        C:\Windows\system32\drivers\megasas.sys
09:37:11.0887 5604  megasas - ok
09:37:11.0913 5604  [ 1076FFCFFAAE8385FD62DFCB25AC4708 ] MMCSS          C:\Windows\system32\mmcss.dll
09:37:11.0918 5604  MMCSS - ok
09:37:11.0940 5604  [ E13B5EA0F51BA5B1512EC671393D09BA ] Modem          C:\Windows\system32\drivers\modem.sys
09:37:11.0942 5604  Modem - ok
09:37:11.0993 5604  [ CBB59C41F19EFEA1A000793E08070A62 ] MODEMCSA        C:\Windows\system32\drivers\MODEMCSA.sys
09:37:12.0003 5604  MODEMCSA - ok
09:37:12.0060 5604  [ 0A9BB33B56E294F686ABB7C1E4E2D8A8 ] monitor        C:\Windows\system32\DRIVERS\monitor.sys
09:37:12.0061 5604  monitor - ok
09:37:12.0083 5604  [ 5BF6A1326A335C5298477754A506D263 ] mouclass        C:\Windows\system32\DRIVERS\mouclass.sys
09:37:12.0087 5604  mouclass - ok
09:37:12.0137 5604  [ 93B8D4869E12CFBE663915502900876F ] mouhid          C:\Windows\system32\DRIVERS\mouhid.sys
09:37:12.0144 5604  mouhid - ok
09:37:12.0190 5604  [ BDAFC88AA6B92F7842416EA6A48E1600 ] MountMgr        C:\Windows\system32\drivers\mountmgr.sys
09:37:12.0193 5604  MountMgr - ok
09:37:12.0278 5604  [ EE728AF83850DDAD9A3FCAC0AAB3AD97 ] MpFilter        C:\Windows\system32\DRIVERS\MpFilter.sys
09:37:12.0299 5604  MpFilter - ok
09:37:12.0339 5604  [ 583A41F26278D9E0EA548163D6139397 ] mpio            C:\Windows\system32\drivers\mpio.sys
09:37:12.0342 5604  mpio - ok
09:37:12.0474 5604  [ A69630D039C38018689190234F866D77 ] MpKslcfc6c124  C:\ProgramData\Microsoft\Microsoft Antimalware\Definition Updates\{A4FD79F5-E263-4FDE-A276-62196E5BA0C2}\MpKslcfc6c124.sys
09:37:12.0475 5604  MpKslcfc6c124 - ok
09:37:12.0517 5604  [ 22241FEBA9B2DEFA669C8CB0A8DD7D2E ] mpsdrv          C:\Windows\system32\drivers\mpsdrv.sys
09:37:12.0530 5604  mpsdrv - ok
09:37:12.0585 5604  [ 5DE62C6E9108F14F6794060A9BDECAEC ] MpsSvc          C:\Windows\system32\mpssvc.dll
09:37:12.0595 5604  MpsSvc - ok
09:37:12.0622 5604  [ 4FBBB70D30FD20EC51F80061703B001E ] Mraid35x        C:\Windows\system32\drivers\mraid35x.sys
09:37:12.0625 5604  Mraid35x - ok
09:37:12.0658 5604  [ 82CEA0395524AACFEB58BA1448E8325C ] MRxDAV          C:\Windows\system32\drivers\mrxdav.sys
09:37:12.0660 5604  MRxDAV - ok
09:37:12.0702 5604  [ 1E94971C4B446AB2290DEB71D01CF0C2 ] mrxsmb          C:\Windows\system32\DRIVERS\mrxsmb.sys
09:37:12.0714 5604  mrxsmb - ok
09:37:12.0756 5604  [ 4FCCB34D793B116423209C0F8B7A3B03 ] mrxsmb10        C:\Windows\system32\DRIVERS\mrxsmb10.sys
09:37:12.0764 5604  mrxsmb10 - ok
09:37:12.0788 5604  [ C3CB1B40AD4A0124D617A1199B0B9D7C ] mrxsmb20        C:\Windows\system32\DRIVERS\mrxsmb20.sys
09:37:12.0791 5604  mrxsmb20 - ok
09:37:12.0834 5604  [ 742AED7939E734C36B7E8D6228CE26B7 ] msahci          C:\Windows\system32\drivers\msahci.sys
09:37:12.0836 5604  msahci - ok
09:37:12.0860 5604  [ 3FC82A2AE4CC149165A94699183D3028 ] msdsm          C:\Windows\system32\drivers\msdsm.sys
09:37:12.0863 5604  msdsm - ok
09:37:12.0888 5604  [ FD7520CC3A80C5FC8C48852BB24C6DED ] MSDTC          C:\Windows\System32\msdtc.exe
09:37:12.0895 5604  MSDTC - ok
09:37:12.0918 5604  [ A9927F4A46B816C92F461ACB90CF8515 ] Msfs            C:\Windows\system32\drivers\Msfs.sys
09:37:12.0920 5604  Msfs - ok
09:37:12.0974 5604  [ 0F400E306F385C56317357D6DEA56F62 ] msisadrv        C:\Windows\system32\drivers\msisadrv.sys
09:37:12.0984 5604  msisadrv - ok
09:37:13.0015 5604  [ 85466C0757A23D9A9AECDC0755203CB2 ] MSiSCSI        C:\Windows\system32\iscsiexe.dll
09:37:13.0021 5604  MSiSCSI - ok
09:37:13.0030 5604  msiserver - ok
09:37:13.0068 5604  [ D8C63D34D9C9E56C059E24EC7185CC07 ] MSKSSRV        C:\Windows\system32\drivers\MSKSSRV.sys
09:37:13.0077 5604  MSKSSRV - ok
09:37:13.0168 5604  [ E077FCA2A7E79FB9BF67D3E30B5CE593 ] MsMpSvc        C:\Program Files\Microsoft Security Client\MsMpEng.exe
09:37:13.0178 5604  MsMpSvc - ok
09:37:13.0204 5604  [ 1D373C90D62DDB641D50E55B9E78D65E ] MSPCLOCK        C:\Windows\system32\drivers\MSPCLOCK.sys
09:37:13.0207 5604  MSPCLOCK - ok
09:37:13.0226 5604  [ B572DA05BF4E098D4BBA3A4734FB505B ] MSPQM          C:\Windows\system32\drivers\MSPQM.sys
09:37:13.0229 5604  MSPQM - ok
09:37:13.0259 5604  [ B49456D70555DE905C311BCDA6EC6ADB ] MsRPC          C:\Windows\system32\drivers\MsRPC.sys
09:37:13.0264 5604  MsRPC - ok
09:37:13.0296 5604  [ E384487CB84BE41D09711C30CA79646C ] mssmbios        C:\Windows\system32\DRIVERS\mssmbios.sys
09:37:13.0298 5604  mssmbios - ok
09:37:13.0308 5604  [ 7199C1EEC1E4993CAF96B8C0A26BD58A ] MSTEE          C:\Windows\system32\drivers\MSTEE.sys
09:37:13.0310 5604  MSTEE - ok
09:37:13.0347 5604  [ 97AFFA9D95FFE20EEE6229BC6BE166CF ] MTsensor        C:\Windows\system32\DRIVERS\ATKACPI.sys
09:37:13.0349 5604  MTsensor - ok
09:37:13.0363 5604  [ 6A57B5733D4CB702C8EA4542E836B96C ] Mup            C:\Windows\system32\Drivers\mup.sys
09:37:13.0365 5604  Mup - ok
09:37:13.0402 5604  [ E4EAF0C5C1B41B5C83386CF212CA9584 ] napagent        C:\Windows\system32\qagentRT.dll
09:37:13.0421 5604  napagent - ok
09:37:13.0456 5604  [ 85C44FDFF9CF7E72A40DCB7EC06A4416 ] NativeWifiP    C:\Windows\system32\DRIVERS\nwifi.sys
09:37:13.0474 5604  NativeWifiP - ok
09:37:13.0546 5604  [ 1357274D1883F68300AEADD15D7BBB42 ] NDIS            C:\Windows\system32\drivers\ndis.sys
09:37:13.0561 5604  NDIS - ok
09:37:13.0594 5604  [ 0E186E90404980569FB449BA7519AE61 ] NdisTapi        C:\Windows\system32\DRIVERS\ndistapi.sys
09:37:13.0596 5604  NdisTapi - ok
09:37:13.0626 5604  [ D6973AA34C4D5D76C0430B181C3CD389 ] Ndisuio        C:\Windows\system32\DRIVERS\ndisuio.sys
09:37:13.0628 5604  Ndisuio - ok
09:37:13.0653 5604  [ 818F648618AE34F729FDB47EC68345C3 ] NdisWan        C:\Windows\system32\DRIVERS\ndiswan.sys
09:37:13.0658 5604  NdisWan - ok
09:37:13.0696 5604  [ 71DAB552B41936358F3B541AE5997FB3 ] NDProxy        C:\Windows\system32\drivers\NDProxy.sys
09:37:13.0701 5604  NDProxy - ok
09:37:13.0718 5604  [ BCD093A5A6777CF626434568DC7DBA78 ] NetBIOS        C:\Windows\system32\DRIVERS\netbios.sys
09:37:13.0720 5604  NetBIOS - ok
09:37:13.0763 5604  [ ECD64230A59CBD93C85F1CD1CAB9F3F6 ] netbt          C:\Windows\system32\DRIVERS\netbt.sys
09:37:13.0769 5604  netbt - ok
09:37:13.0785 5604  [ A3E186B4B935905B829219502557314E ] Netlogon        C:\Windows\system32\lsass.exe
09:37:13.0789 5604  Netlogon - ok
09:37:13.0831 5604  [ C8052711DAECC48B982434C5116CA401 ] Netman          C:\Windows\System32\netman.dll
09:37:13.0844 5604  Netman - ok
09:37:13.0882 5604  [ 2EF3BBE22E5A5ACD1428EE387A0D0172 ] netprofm        C:\Windows\System32\netprofm.dll
09:37:13.0892 5604  netprofm - ok
09:37:13.0919 5604  [ D6C4E4A39A36029AC0813D476FBD0248 ] NetTcpPortSharing C:\Windows\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\SMSvcHost.exe
09:37:13.0924 5604  NetTcpPortSharing - ok
09:37:14.0011 5604  [ A15F219208843A5A210C8CB391384453 ] NETw3v32        C:\Windows\system32\DRIVERS\NETw3v32.sys
09:37:14.0061 5604  NETw3v32 - ok
09:37:14.0159 5604  [ CB3AF516A6797B27725E3F1E73F3496C ] NETw4v32        C:\Windows\system32\DRIVERS\NETw4v32.sys
09:37:14.0236 5604  NETw4v32 - ok
09:37:14.0276 5604  [ 2E7FB731D4790A1BC6270ACCEFACB36E ] nfrd960        C:\Windows\system32\drivers\nfrd960.sys
09:37:14.0279 5604  nfrd960 - ok
09:37:14.0333 5604  [ 2CD24A6AF497D0E9B9BF3DA924ED05E6 ] NisDrv          C:\Windows\system32\DRIVERS\NisDrvWFP.sys
09:37:14.0337 5604  NisDrv - ok
09:37:14.0396 5604  [ 3B846434055F80D9E89D0742F3ADAD34 ] NisSrv          C:\Program Files\Microsoft Security Client\NisSrv.exe
09:37:14.0406 5604  NisSrv - ok
09:37:14.0438 5604  [ 2997B15415F9BBE05B5A4C1C85E0C6A2 ] NlaSvc          C:\Windows\System32\nlasvc.dll
09:37:14.0447 5604  NlaSvc - ok
09:37:14.0483 5604  NMIndexingService - ok
09:37:14.0516 5604  [ D36F239D7CCE1931598E8FB90A0DBC26 ] Npfs            C:\Windows\system32\drivers\Npfs.sys
09:37:14.0519 5604  Npfs - ok
09:37:14.0552 5604  [ 8BB86F0C7EEA2BDED6FE095D0B4CA9BD ] nsi            C:\Windows\system32\nsisvc.dll
09:37:14.0558 5604  nsi - ok
09:37:14.0594 5604  [ 609773E344A97410CE4EBF74A8914FCF ] nsiproxy        C:\Windows\system32\drivers\nsiproxy.sys
09:37:14.0596 5604  nsiproxy - ok
09:37:14.0672 5604  [ 6A4A98CEE84CF9E99564510DDA4BAA47 ] Ntfs            C:\Windows\system32\drivers\Ntfs.sys
09:37:14.0703 5604  Ntfs - ok
09:37:14.0739 5604  [ E875C093AEC0C978A90F30C9E0DFBB72 ] ntrigdigi      C:\Windows\system32\drivers\ntrigdigi.sys
09:37:14.0742 5604  ntrigdigi - ok
09:37:14.0780 5604  [ C5DBBCDA07D780BDA9B685DF333BB41E ] Null            C:\Windows\system32\drivers\Null.sys
09:37:14.0783 5604  Null - ok
09:37:15.0168 5604  [ 5CE5B23855262ACABAECCE156F48DD88 ] nvlddmkm        C:\Windows\system32\DRIVERS\nvlddmkm.sys
09:37:15.0460 5604  nvlddmkm - ok
09:37:15.0499 5604  [ E69E946F80C1C31C53003BFBF50CBB7C ] nvraid          C:\Windows\system32\drivers\nvraid.sys
09:37:15.0503 5604  nvraid - ok
09:37:15.0517 5604  [ 9E0BA19A28C498A6D323D065DB76DFFC ] nvstor          C:\Windows\system32\drivers\nvstor.sys
09:37:15.0520 5604  nvstor - ok
09:37:15.0571 5604  [ 6DF4CC671CD9704840C5522627F3ED43 ] nvsvc          C:\Windows\system32\nvvsvc.exe
09:37:15.0581 5604  nvsvc - ok
09:37:15.0604 5604  [ 07C186427EB8FCC3D8D7927187F260F7 ] nv_agp          C:\Windows\system32\drivers\nv_agp.sys
09:37:15.0606 5604  nv_agp - ok
09:37:15.0615 5604  NwlnkFlt - ok
09:37:15.0631 5604  NwlnkFwd - ok
09:37:15.0692 5604  [ 785F487A64950F3CB8E9F16253BA3B7B ] odserv          C:\Program Files\Common Files\Microsoft Shared\OFFICE12\ODSERV.EXE
09:37:15.0706 5604  odserv - ok
09:37:15.0763 5604  [ 6F310E890D46E246E0E261A63D9B36B4 ] ohci1394        C:\Windows\system32\DRIVERS\ohci1394.sys
09:37:15.0766 5604  ohci1394 - ok
09:37:15.0803 5604  [ 5A432A042DAE460ABE7199B758E8606C ] ose            C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE
09:37:15.0808 5604  ose - ok
09:37:15.0871 5604  [ 0C8E8E61AD1EB0B250B846712C917506 ] p2pimsvc        C:\Windows\system32\p2psvc.dll
09:37:15.0893 5604  p2pimsvc - ok
09:37:15.0915 5604  [ 0C8E8E61AD1EB0B250B846712C917506 ] p2psvc          C:\Windows\system32\p2psvc.dll
09:37:15.0929 5604  p2psvc - ok
09:37:15.0963 5604  [ 0FA9B5055484649D63C303FE404E5F4D ] Parport        C:\Windows\system32\drivers\parport.sys
09:37:15.0967 5604  Parport - ok
09:37:15.0999 5604  [ B9C2B89F08670E159F7181891E449CD9 ] partmgr        C:\Windows\system32\drivers\partmgr.sys
09:37:16.0002 5604  partmgr - ok
09:37:16.0015 5604  [ 4F9A6A8A31413180D0FCB279AD5D8112 ] Parvdm          C:\Windows\system32\drivers\parvdm.sys
09:37:16.0017 5604  Parvdm - ok
09:37:16.0046 5604  [ C6276AD11F4BB49B58AA1ED88537F14A ] PcaSvc          C:\Windows\System32\pcasvc.dll
09:37:16.0053 5604  PcaSvc - ok
09:37:16.0087 5604  [ 941DC1D19E7E8620F40BBC206981EFDB ] pci            C:\Windows\system32\drivers\pci.sys
09:37:16.0090 5604  pci - ok
09:37:16.0112 5604  [ 3B1901E401473E03EB8C874271E50C26 ] pciide          C:\Windows\system32\drivers\pciide.sys
09:37:16.0114 5604  pciide - ok
09:37:16.0156 5604  [ E6F3FB1B86AA519E7698AD05E58B04E5 ] pcmcia          C:\Windows\system32\drivers\pcmcia.sys
09:37:16.0162 5604  pcmcia - ok
09:37:16.0225 5604  [ 6349F6ED9C623B44B52EA3C63C831A92 ] PEAUTH          C:\Windows\system32\drivers\peauth.sys
09:37:16.0249 5604  PEAUTH - ok
09:37:16.0346 5604  [ B1689DF169143F57053F795390C99DB3 ] pla            C:\Windows\system32\pla.dll
09:37:16.0392 5604  pla - ok
09:37:16.0431 5604  [ C5E7F8A996EC0A82D508FD9064A5569E ] PlugPlay        C:\Windows\system32\umpnpmgr.dll
09:37:16.0441 5604  PlugPlay - ok
09:37:16.0504 5604  [ 0C8E8E61AD1EB0B250B846712C917506 ] PNRPAutoReg    C:\Windows\system32\p2psvc.dll
09:37:16.0518 5604  PNRPAutoReg - ok
09:37:16.0542 5604  [ 0C8E8E61AD1EB0B250B846712C917506 ] PNRPsvc        C:\Windows\system32\p2psvc.dll
09:37:16.0558 5604  PNRPsvc - ok
09:37:16.0612 5604  [ D0494460421A03CD5225CCA0059AA146 ] PolicyAgent    C:\Windows\System32\ipsecsvc.dll
09:37:16.0625 5604  PolicyAgent - ok
09:37:16.0666 5604  [ ECFFFAEC0C1ECD8DBC77F39070EA1DB1 ] PptpMiniport    C:\Windows\system32\DRIVERS\raspptp.sys
09:37:16.0699 5604  PptpMiniport - ok
09:37:16.0743 5604  [ 0E3CEF5D28B40CF273281D620C50700A ] Processor      C:\Windows\system32\drivers\processr.sys
09:37:16.0745 5604  Processor - ok
09:37:16.0779 5604  [ 0508FAA222D28835310B7BFCA7A77346 ] ProfSvc        C:\Windows\system32\profsvc.dll
09:37:16.0789 5604  ProfSvc - ok
09:37:16.0807 5604  [ A3E186B4B935905B829219502557314E ] ProtectedStorage C:\Windows\system32\lsass.exe
09:37:16.0811 5604  ProtectedStorage - ok
09:37:16.0846 5604  [ 99514FAA8DF93D34B5589187DB3AA0BA ] PSched          C:\Windows\system32\DRIVERS\pacer.sys
09:37:16.0848 5604  PSched - ok
09:37:16.0921 5604  [ CCDAC889326317792480C0A67156A1EC ] ql2300          C:\Windows\system32\drivers\ql2300.sys
09:37:16.0946 5604  ql2300 - ok
09:37:16.0968 5604  [ 81A7E5C076E59995D54BC1ED3A16E60B ] ql40xx          C:\Windows\system32\drivers\ql40xx.sys
09:37:16.0972 5604  ql40xx - ok
09:37:17.0017 5604  [ E9ECAE663F47E6CB43962D18AB18890F ] QWAVE          C:\Windows\system32\qwave.dll
09:37:17.0028 5604  QWAVE - ok
09:37:17.0052 5604  [ 9F5E0E1926014D17486901C88ECA2DB7 ] QWAVEdrv        C:\Windows\system32\drivers\qwavedrv.sys
09:37:17.0054 5604  QWAVEdrv - ok
09:37:17.0127 5604  [ 70DBDAB246C18B78E2200D6401D038BE ] RapiMgr        C:\Windows\WindowsMobile\rapimgr.dll
09:37:17.0133 5604  RapiMgr - ok
09:37:17.0168 5604  [ 147D7F9C556D259924351FEB0DE606C3 ] RasAcd          C:\Windows\system32\DRIVERS\rasacd.sys
09:37:17.0171 5604  RasAcd - ok
09:37:17.0206 5604  [ F6A452EB4CEADBB51C9E0EE6B3ECEF0F ] RasAuto        C:\Windows\System32\rasauto.dll
09:37:17.0214 5604  RasAuto - ok
09:37:17.0242 5604  [ A214ADBAF4CB47DD2728859EF31F26B0 ] Rasl2tp        C:\Windows\system32\DRIVERS\rasl2tp.sys
09:37:17.0246 5604  Rasl2tp - ok
09:37:17.0285 5604  [ 75D47445D70CA6F9F894B032FBC64FCF ] RasMan          C:\Windows\System32\rasmans.dll
09:37:17.0297 5604  RasMan - ok
09:37:17.0329 5604  [ 509A98DD18AF4375E1FC40BC175F1DEF ] RasPppoe        C:\Windows\system32\DRIVERS\raspppoe.sys
09:37:17.0331 5604  RasPppoe - ok
09:37:17.0367 5604  [ 2005F4A1E05FA09389AC85840F0A9E4D ] RasSstp        C:\Windows\system32\DRIVERS\rassstp.sys
09:37:17.0371 5604  RasSstp - ok
09:37:17.0396 5604  [ B14C9D5B9ADD2F84F70570BBBFAA7935 ] rdbss          C:\Windows\system32\DRIVERS\rdbss.sys
09:37:17.0404 5604  rdbss - ok
09:37:17.0436 5604  [ 89E59BE9A564262A3FB6C4F4F1CD9899 ] RDPCDD          C:\Windows\system32\DRIVERS\RDPCDD.sys
09:37:17.0438 5604  RDPCDD - ok
09:37:17.0475 5604  [ E8BD98D46F2ED77132BA927FCCB47D8B ] rdpdr          C:\Windows\system32\drivers\rdpdr.sys
09:37:17.0483 5604  rdpdr - ok
09:37:17.0492 5604  [ 9D91FE5286F748862ECFFA05F8A0710C ] RDPENCDD        C:\Windows\system32\drivers\rdpencdd.sys
09:37:17.0495 5604  RDPENCDD - ok
09:37:17.0529 5604  [ C127EBD5AFAB31524662C48DFCEB773A ] RDPWD          C:\Windows\system32\drivers\RDPWD.sys
09:37:17.0536 5604  RDPWD - ok
09:37:17.0583 5604  [ B3611F5CC7052FE52998984A4361880F ] RegSrvc        C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe
09:37:17.0589 5604  RegSrvc - ok
09:37:17.0633 5604  [ BCDD6B4804D06B1F7EBF29E53A57ECE9 ] RemoteAccess    C:\Windows\System32\mprdim.dll
09:37:17.0639 5604  RemoteAccess - ok
09:37:17.0677 5604  [ 9E6894EA18DAFF37B63E1005F83AE4AB ] RemoteRegistry  C:\Windows\system32\regsvc.dll
09:37:17.0686 5604  RemoteRegistry - ok
09:37:17.0718 5604  [ 7EC90C316177BA3F1BCE92005264B447 ] RFCOMM          C:\Windows\system32\DRIVERS\rfcomm.sys
09:37:17.0721 5604  RFCOMM - ok
09:37:17.0754 5604  [ 355AAC141B214BEF1DBC1483AFD9BD50 ] rimmptsk        C:\Windows\system32\DRIVERS\rimmptsk.sys
09:37:17.0757 5604  rimmptsk - ok
09:37:17.0774 5604  [ A4216C71DD4F60B26418CCFD99CD0815 ] rimsptsk        C:\Windows\system32\DRIVERS\rimsptsk.sys
09:37:17.0777 5604  rimsptsk - ok
09:37:17.0790 5604  [ D231B577024AA324AF13A42F3A807D10 ] rismxdp        C:\Windows\system32\DRIVERS\rixdptsk.sys
09:37:17.0792 5604  rismxdp - ok
09:37:17.0829 5604  [ 5123F83CBC4349D065534EEB6BBDC42B ] RpcLocator      C:\Windows\system32\locator.exe
09:37:17.0833 5604  RpcLocator - ok
09:37:17.0868 5604  [ 3B5B4D53FEC14F7476CA29A20CC31AC9 ] RpcSs          C:\Windows\system32\rpcss.dll
09:37:17.0881 5604  RpcSs - ok
09:37:17.0917 5604  [ 9C508F4074A39E8B4B31D27198146FAD ] rspndr          C:\Windows\system32\DRIVERS\rspndr.sys
09:37:17.0920 5604  rspndr - ok
09:37:17.0954 5604  [ 283392AF1860ECDB5E0F8EBD7F3D72DF ] RTL8169        C:\Windows\system32\DRIVERS\Rtlh86.sys
09:37:17.0957 5604  RTL8169 - ok
09:37:17.0969 5604  [ A3E186B4B935905B829219502557314E ] SamSs          C:\Windows\system32\lsass.exe
09:37:17.0973 5604  SamSs - ok
09:37:17.0988 5604  [ 3CE8F073A557E172B330109436984E30 ] sbp2port        C:\Windows\system32\drivers\sbp2port.sys
09:37:17.0993 5604  sbp2port - ok
09:37:18.0039 5604  [ 77B7A11A0C3D78D3386398FBBEA1B632 ] SCardSvr        C:\Windows\System32\SCardSvr.dll
09:37:18.0047 5604  SCardSvr - ok
09:37:18.0108 5604  [ 1A58069DB21D05EB2AB58EE5753EBE8D ] Schedule        C:\Windows\system32\schedsvc.dll
09:37:18.0121 5604  Schedule - ok
09:37:18.0153 5604  [ 312EC3E37A0A1F2006534913E37B4423 ] SCPolicySvc    C:\Windows\System32\certprop.dll
09:37:18.0155 5604  SCPolicySvc - ok
09:37:18.0191 5604  [ 8F36B54688C31EED4580129040C6A3D3 ] sdbus          C:\Windows\system32\DRIVERS\sdbus.sys
09:37:18.0195 5604  sdbus - ok
09:37:18.0229 5604  [ 716313D9F6B0529D03F726D5AAF6F191 ] SDRSVC          C:\Windows\System32\SDRSVC.dll
09:37:18.0236 5604  SDRSVC - ok
09:37:18.0264 5604  [ 90A3935D05B494A5A39D37E71F09A677 ] secdrv          C:\Windows\system32\drivers\secdrv.sys
09:37:18.0267 5604  secdrv - ok
09:37:18.0298 5604  [ FD5199D4D8A521005E4B5EE7FE00FA9B ] seclogon        C:\Windows\system32\seclogon.dll
09:37:18.0304 5604  seclogon - ok
09:37:18.0321 5604  [ A9BBAB5759771E523F55563D6CBE140F ] SENS            C:\Windows\System32\sens.dll
09:37:18.0328 5604  SENS - ok
09:37:18.0341 5604  [ 68E44E331D46F0FB38F0863A84CD1A31 ] Serenum        C:\Windows\system32\drivers\serenum.sys
09:37:18.0343 5604  Serenum - ok
09:37:18.0365 5604  [ C70D69A918B178D3C3B06339B40C2E1B ] Serial          C:\Windows\system32\drivers\serial.sys
09:37:18.0369 5604  Serial - ok
09:37:18.0407 5604  [ 8AF3D28A879BF75DB53A0EE7A4289624 ] sermouse        C:\Windows\system32\drivers\sermouse.sys
09:37:18.0409 5604  sermouse - ok
09:37:18.0446 5604  [ D2193326F729B163125610DBF3E17D57 ] SessionEnv      C:\Windows\system32\sessenv.dll
09:37:18.0455 5604  SessionEnv - ok
09:37:18.0500 5604  [ 3EFA810BDCA87F6ECC24F9832243FE86 ] sffdisk        C:\Windows\system32\DRIVERS\sffdisk.sys
09:37:18.0503 5604  sffdisk - ok
09:37:18.0539 5604  [ 8FD08A310645FE872EEEC6E08C6BF3EE ] sffp_mmc        C:\Windows\system32\drivers\sffp_mmc.sys
09:37:18.0542 5604  sffp_mmc - ok
09:37:18.0571 5604  [ 9F66A46C55D6F1CCABC79BB7AFCCC545 ] sffp_sd        C:\Windows\system32\DRIVERS\sffp_sd.sys
09:37:18.0573 5604  sffp_sd - ok
09:37:18.0595 5604  [ C33BFBD6E9E41FCD9FFEF9729E9FAED6 ] sfloppy        C:\Windows\system32\DRIVERS\sfloppy.sys
09:37:18.0598 5604  sfloppy - ok
09:37:18.0647 5604  [ C7230FBEE14437716701C15BE02C27B8 ] ShellHWDetection C:\Windows\System32\shsvcs.dll
09:37:18.0659 5604  ShellHWDetection - ok
09:37:18.0683 5604  [ D2A595D6EEBEEAF4334F8E50EFBC9931 ] sisagp          C:\Windows\system32\drivers\sisagp.sys
09:37:18.0687 5604  sisagp - ok
09:37:18.0705 5604  [ CEDD6F4E7D84E9F98B34B3FE988373AA ] SiSRaid2        C:\Windows\system32\drivers\sisraid2.sys
09:37:18.0707 5604  SiSRaid2 - ok
09:37:18.0732 5604  [ DF843C528C4F69D12CE41CE462E973A7 ] SiSRaid4        C:\Windows\system32\drivers\sisraid4.sys
09:37:18.0737 5604  SiSRaid4 - ok
09:37:18.0781 5604  [ F07AF60B152221472FBDB2FECEC4896D ] SkypeUpdate    C:\Program Files\Skype\Updater\Updater.exe
09:37:18.0787 5604  SkypeUpdate - ok
09:37:18.0925 5604  [ 862BB4CBC05D80C5B45BE430E5EF872F ] slsvc          C:\Windows\system32\SLsvc.exe
09:37:19.0056 5604  slsvc - ok
09:37:19.0089 5604  [ 6EDC422215CD78AA8A9CDE6B30ABBD35 ] SLUINotify      C:\Windows\system32\SLUINotify.dll
09:37:19.0096 5604  SLUINotify - ok
09:37:19.0136 5604  [ 7B75299A4D201D6A6533603D6914AB04 ] Smb            C:\Windows\system32\DRIVERS\smb.sys
09:37:19.0140 5604  Smb - ok
09:37:19.0223 5604  [ 859E3ADC59D1C89A66AA6492C14D379E ] smserial        C:\Windows\system32\DRIVERS\smserial.sys
09:37:19.0255 5604  smserial - ok
09:37:19.0326 5604  [ 1BC68A9A70F92D5EFFBF0700AE2D7432 ] snapman        C:\Windows\system32\DRIVERS\snapman.sys
09:37:19.0333 5604  snapman - ok
09:37:19.0368 5604  [ 2A146A055B4401C16EE62D18B8E2A032 ] SNMPTRAP        C:\Windows\System32\snmptrap.exe
09:37:19.0375 5604  SNMPTRAP - ok
09:37:19.0468 5604  [ 750771BB0F0EDA12BBC93F223FE682D4 ] SNP2UVC        C:\Windows\system32\DRIVERS\snp2uvc.sys
09:37:19.0518 5604  SNP2UVC - ok
09:37:19.0546 5604  [ 7AEBDEEF071FE28B0EEF2CDD69102BFF ] spldr          C:\Windows\system32\drivers\spldr.sys
09:37:19.0549 5604  spldr - ok
09:37:19.0581 5604  [ D1E30EEA74ED4C65A72AFDE5B6FA36EE ] spmgr          C:\Program Files\ASUS\NB Probe\SPM\spmgr.exe
09:37:19.0585 5604  spmgr - ok
09:37:19.0623 5604  [ 8554097E5136C3BF9F69FE578A1B35F4 ] Spooler        C:\Windows\System32\spoolsv.exe
09:37:19.0632 5604  Spooler - ok
09:37:19.0708 5604  [ CDDDEC541BC3C96F91ECB48759673505 ] sptd            C:\Windows\System32\Drivers\sptd.sys
09:37:19.0728 5604  sptd - ok
09:37:19.0766 5604  [ 41987F9FC0E61ADF54F581E15029AD91 ] srv            C:\Windows\system32\DRIVERS\srv.sys
09:37:19.0771 5604  srv - ok
09:37:19.0811 5604  [ FF33AFF99564B1AA534F58868CBE41EF ] srv2            C:\Windows\system32\DRIVERS\srv2.sys
09:37:19.0817 5604  srv2 - ok
09:37:19.0847 5604  [ 7605C0E1D01A08F3ECD743F38B834A44 ] srvnet          C:\Windows\system32\DRIVERS\srvnet.sys
09:37:19.0851 5604  srvnet - ok
09:37:19.0884 5604  [ 03D50B37234967433A5EA5BA72BC0B62 ] SSDPSRV        C:\Windows\System32\ssdpsrv.dll
09:37:19.0894 5604  SSDPSRV - ok
09:37:19.0939 5604  [ 6F1A32E7B7B30F004D9A20AFADB14944 ] SstpSvc        C:\Windows\system32\sstpsvc.dll
09:37:19.0948 5604  SstpSvc - ok
09:37:19.0960 5604  Steam Client Service - ok
09:37:19.0996 5604  [ 5DE7D67E49B88F5F07F3E53C4B92A352 ] stisvc          C:\Windows\System32\wiaservc.dll
09:37:20.0015 5604  stisvc - ok
09:37:20.0034 5604  [ 7BA58ECF0C0A9A69D44B3DCA62BECF56 ] swenum          C:\Windows\system32\DRIVERS\swenum.sys
09:37:20.0036 5604  swenum - ok
09:37:20.0088 5604  [ F21FD248040681CCA1FB6C9A03AAA93D ] swprv          C:\Windows\System32\swprv.dll
09:37:20.0098 5604  swprv - ok
09:37:20.0133 5604  [ 192AA3AC01DF071B541094F251DEED10 ] Symc8xx        C:\Windows\system32\drivers\symc8xx.sys
09:37:20.0136 5604  Symc8xx - ok
09:37:20.0150 5604  [ 8C8EB8C76736EBAF3B13B633B2E64125 ] Sym_hi          C:\Windows\system32\drivers\sym_hi.sys
09:37:20.0153 5604  Sym_hi - ok
09:37:20.0174 5604  [ 8072AF52B5FD103BBBA387A1E49F62CB ] Sym_u3          C:\Windows\system32\drivers\sym_u3.sys
09:37:20.0177 5604  Sym_u3 - ok
09:37:20.0422 5604  [ 9AD49345CBCAFB82DBE0CC9CDD55E3D2 ] syncagentsrv    C:\Program Files\Common Files\Acronis\SyncAgent\syncagentsrv.exe
09:37:20.0651 5604  syncagentsrv - ok
09:37:20.0685 5604  [ 760E4F5A1E754BBE4A1BD2A0B54F6AA6 ] SynTP          C:\Windows\system32\DRIVERS\SynTP.sys
09:37:20.0692 5604  SynTP - ok
09:37:20.0751 5604  [ 9A51B04E9886AA4EE90093586B0BA88D ] SysMain        C:\Windows\system32\sysmain.dll
09:37:20.0773 5604  SysMain - ok
09:37:20.0802 5604  [ 2DCA225EAE15F42C0933E998EE0231C3 ] TabletInputService C:\Windows\System32\TabSvc.dll
09:37:20.0811 5604  TabletInputService - ok
09:37:20.0856 5604  [ D7673E4B38CE21EE54C59EEEB65E2483 ] TapiSrv        C:\Windows\System32\tapisrv.dll
09:37:20.0870 5604  TapiSrv - ok
09:37:20.0904 5604  [ CB05822CD9CC6C688168E113C603DBE7 ] TBS            C:\Windows\System32\tbssvc.dll
09:37:20.0911 5604  TBS - ok
09:37:20.0973 5604  [ 27D470DABC77BC60D0A3B0E4DEB6CB91 ] Tcpip          C:\Windows\system32\drivers\tcpip.sys
09:37:21.0000 5604  Tcpip - ok
09:37:21.0033 5604  [ 27D470DABC77BC60D0A3B0E4DEB6CB91 ] Tcpip6          C:\Windows\system32\DRIVERS\tcpip.sys
09:37:21.0048 5604  Tcpip6 - ok
09:37:21.0091 5604  [ 608C345A255D82A6289C2D468EB41FD7 ] tcpipreg        C:\Windows\system32\drivers\tcpipreg.sys
09:37:21.0093 5604  tcpipreg - ok
09:37:21.0122 5604  [ 5DCF5E267BE67A1AE926F2DF77FBCC56 ] TDPIPE          C:\Windows\system32\drivers\tdpipe.sys
09:37:21.0125 5604  TDPIPE - ok
09:37:21.0206 5604  [ E04AB70501B2AD59DA3612C175AFD5D7 ] tdrpman        C:\Windows\system32\DRIVERS\tdrpman.sys
09:37:21.0229 5604  tdrpman - ok
09:37:21.0262 5604  [ 389C63E32B3CEFED425B61ED92D3F021 ] TDTCP          C:\Windows\system32\drivers\tdtcp.sys
09:37:21.0264 5604  TDTCP - ok
09:37:21.0305 5604  [ 76B06EB8A01FC8624D699E7045303E54 ] tdx            C:\Windows\system32\DRIVERS\tdx.sys
09:37:21.0309 5604  tdx - ok
09:37:21.0333 5604  [ 3CAD38910468EAB9A6479E2F01DB43C7 ] TermDD          C:\Windows\system32\DRIVERS\termdd.sys
09:37:21.0336 5604  TermDD - ok
09:37:21.0376 5604  [ BB95DA09BEF6E7A131BFF3BA5032090D ] TermService    C:\Windows\System32\termsrv.dll
09:37:21.0394 5604  TermService - ok
09:37:21.0424 5604  [ C7230FBEE14437716701C15BE02C27B8 ] Themes          C:\Windows\system32\shsvcs.dll
09:37:21.0434 5604  Themes - ok
09:37:21.0457 5604  [ 1076FFCFFAAE8385FD62DFCB25AC4708 ] THREADORDER    C:\Windows\system32\mmcss.dll
09:37:21.0462 5604  THREADORDER - ok
09:37:21.0499 5604  [ 4E4BA74565E8300596025FDF8B271CD1 ] timounter      C:\Windows\system32\DRIVERS\timntr.sys
09:37:21.0518 5604  timounter - ok
09:37:21.0566 5604  [ 6D9AD3534A9CF7E4B86C6EAE8BC335F6 ] TPM            C:\Windows\system32\drivers\tpm.sys
09:37:21.0568 5604  TPM - ok
09:37:21.0599 5604  [ EC74E77D0EB004BD3A809B5F8FB8C2CE ] TrkWks          C:\Windows\System32\trkwks.dll
09:37:21.0606 5604  TrkWks - ok
09:37:21.0656 5604  [ 97D9D6A04E3AD9B6C626B9931DB78DBA ] TrustedInstaller C:\Windows\servicing\TrustedInstaller.exe
09:37:21.0683 5604  TrustedInstaller - ok
09:37:21.0715 5604  [ DCF0F056A2E4F52287264F5AB29CF206 ] tssecsrv        C:\Windows\system32\DRIVERS\tssecsrv.sys
09:37:21.0718 5604  tssecsrv - ok
09:37:21.0751 5604  [ CAECC0120AC49E3D2F758B9169872D38 ] tunmp          C:\Windows\system32\DRIVERS\tunmp.sys
09:37:21.0753 5604  tunmp - ok
09:37:21.0773 5604  [ 300DB877AC094FEAB0BE7688C3454A9C ] tunnel          C:\Windows\system32\DRIVERS\tunnel.sys
09:37:21.0776 5604  tunnel - ok
09:37:21.0811 5604  [ C3ADE15414120033A36C0F293D4A4121 ] uagp35          C:\Windows\system32\drivers\uagp35.sys
09:37:21.0814 5604  uagp35 - ok
09:37:21.0849 5604  [ D9728AF68C4C7693CB100B8441CBDEC6 ] udfs            C:\Windows\system32\DRIVERS\udfs.sys
09:37:21.0857 5604  udfs - ok
09:37:21.0891 5604  [ ECEF404F62863755951E09C802C94AD5 ] UI0Detect      C:\Windows\system32\UI0Detect.exe
09:37:21.0898 5604  UI0Detect - ok
09:37:21.0913 5604  [ 75E6890EBFCE0841D3291B02E7A8BDB0 ] uliagpkx        C:\Windows\system32\drivers\uliagpkx.sys
09:37:21.0916 5604  uliagpkx - ok
09:37:21.0944 5604  [ 3CD4EA35A6221B85DCC25DAA46313F8D ] uliahci        C:\Windows\system32\drivers\uliahci.sys
09:37:21.0953 5604  uliahci - ok
09:37:21.0984 5604  [ 8514D0E5CD0534467C5FC61BE94A569F ] UlSata          C:\Windows\system32\drivers\ulsata.sys
09:37:21.0988 5604  UlSata - ok
09:37:22.0015 5604  [ 38C3C6E62B157A6BC46594FADA45C62B ] ulsata2        C:\Windows\system32\drivers\ulsata2.sys
09:37:22.0021 5604  ulsata2 - ok
09:37:22.0067 5604  [ 32CFF9F809AE9AED85464492BF3E32D2 ] umbus          C:\Windows\system32\DRIVERS\umbus.sys
09:37:22.0070 5604  umbus - ok
09:37:22.0108 5604  [ 88BD96A1BAEED33EE8BDF9499C07A841 ] UMPass          C:\Windows\system32\DRIVERS\umpass.sys
09:37:22.0111 5604  UMPass - ok
09:37:22.0141 5604  [ 68308183F4AE0BE7BF8ECD07CB297999 ] upnphost        C:\Windows\System32\upnphost.dll
09:37:22.0154 5604  upnphost - ok
09:37:22.0211 5604  [ 32DB9517628FF0D070682AAB61E688F0 ] usbaudio        C:\Windows\system32\drivers\usbaudio.sys
09:37:22.0215 5604  usbaudio - ok
09:37:22.0252 5604  [ CAF811AE4C147FFCD5B51750C7F09142 ] usbccgp        C:\Windows\system32\DRIVERS\usbccgp.sys
09:37:22.0256 5604  usbccgp - ok
09:37:22.0291 5604  [ E9476E6C486E76BC4898074768FB7131 ] usbcir          C:\Windows\system32\drivers\usbcir.sys
09:37:22.0294 5604  usbcir - ok
09:37:22.0317 5604  [ 79E96C23A97CE7B8F14D310DA2DB0C9B ] usbehci        C:\Windows\system32\DRIVERS\usbehci.sys
09:37:22.0319 5604  usbehci - ok
09:37:22.0346 5604  [ 4673BBCB006AF60E7ABDDBE7A130BA42 ] usbhub          C:\Windows\system32\DRIVERS\usbhub.sys
09:37:22.0353 5604  usbhub - ok
09:37:22.0371 5604  [ 38DBC7DD6CC5A72011F187425384388B ] usbohci        C:\Windows\system32\drivers\usbohci.sys
09:37:22.0374 5604  usbohci - ok
09:37:22.0408 5604  [ E75C4B5269091D15A2E7DC0B6D35F2F5 ] usbprint        C:\Windows\system32\DRIVERS\usbprint.sys
09:37:22.0411 5604  usbprint - ok
09:37:22.0449 5604  [ BE3DA31C191BC222D9AD503C5224F2AD ] USBSTOR        C:\Windows\system32\DRIVERS\USBSTOR.SYS
09:37:22.0452 5604  USBSTOR - ok
09:37:22.0478 5604  [ 814D653EFC4D48BE3B04A307ECEFF56F ] usbuhci        C:\Windows\system32\DRIVERS\usbuhci.sys
09:37:22.0480 5604  usbuhci - ok
09:37:22.0528 5604  [ E67998E8F14CB0627A769F6530BCB352 ] usbvideo        C:\Windows\system32\Drivers\usbvideo.sys
09:37:22.0534 5604  usbvideo - ok
09:37:22.0577 5604  [ 1509E705F3AC1D474C92454A5C2DD81F ] UxSms          C:\Windows\System32\uxsms.dll
09:37:22.0585 5604  UxSms - ok
09:37:22.0610 5604  [ CD88D1B7776DC17A119049742EC07EB4 ] vds            C:\Windows\System32\vds.exe
09:37:22.0627 5604  vds - ok
09:37:22.0652 5604  [ 7D92BE0028ECDEDEC74617009084B5EF ] vga            C:\Windows\system32\DRIVERS\vgapnp.sys
09:37:22.0655 5604  vga - ok
09:37:22.0689 5604  [ 2E93AC0A1D8C79D019DB6C51F036636C ] VgaSave        C:\Windows\System32\drivers\vga.sys
09:37:22.0692 5604  VgaSave - ok
09:37:22.0711 5604  [ 045D9961E591CF0674A920B6BA3BA5CB ] viaagp          C:\Windows\system32\drivers\viaagp.sys
09:37:22.0714 5604  viaagp - ok
09:37:22.0741 5604  [ 56A4DE5F02F2E88182B0981119B4DD98 ] ViaC7          C:\Windows\system32\drivers\viac7.sys
09:37:22.0744 5604  ViaC7 - ok
09:37:22.0761 5604  [ FD2E3175FCADA350C7AB4521DCA187EC ] viaide          C:\Windows\system32\drivers\viaide.sys
09:37:22.0763 5604  viaide - ok
09:37:22.0810 5604  [ 9D71C424898E029E316FA93AD494950E ] vididr          C:\Windows\system32\DRIVERS\vididr.sys
09:37:22.0815 5604  vididr - ok
09:37:22.0831 5604  [ 47AB6AC7635E40F3C55C5A32CC4B86A8 ] vidsflt67      C:\Windows\system32\DRIVERS\vsflt67.sys
09:37:22.0836 5604  vidsflt67 - ok
09:37:22.0853 5604  [ 69503668AC66C77C6CD7AF86FBDF8C43 ] volmgr          C:\Windows\system32\drivers\volmgr.sys
09:37:22.0855 5604  volmgr - ok
09:37:22.0902 5604  [ 23E41B834759917BFD6B9A0D625D0C28 ] volmgrx        C:\Windows\system32\drivers\volmgrx.sys
09:37:22.0907 5604  volmgrx - ok
09:37:22.0925 5604  [ 147281C01FCB1DF9252DE2A10D5E7093 ] volsnap        C:\Windows\system32\drivers\volsnap.sys
09:37:22.0933 5604  volsnap - ok
09:37:22.0973 5604  [ D984439746D42B30FC65A4C3546C6829 ] vsmraid        C:\Windows\system32\drivers\vsmraid.sys
09:37:22.0978 5604  vsmraid - ok
09:37:23.0039 5604  [ DB3D19F850C6EB32BDCB9BC0836ACDDB ] VSS            C:\Windows\system32\vssvc.exe
09:37:23.0075 5604  VSS - ok
09:37:23.0101 5604  [ 96EA68B9EB310A69C25EBB0282B2B9DE ] W32Time        C:\Windows\system32\w32time.dll
09:37:23.0115 5604  W32Time - ok
09:37:23.0158 5604  [ 48DFEE8F1AF7C8235D4E626F0C4FE031 ] WacomPen        C:\Windows\system32\drivers\wacompen.sys
09:37:23.0160 5604  WacomPen - ok
09:37:23.0193 5604  [ 55201897378CCA7AF8B5EFD874374A26 ] Wanarp          C:\Windows\system32\DRIVERS\wanarp.sys
09:37:23.0196 5604  Wanarp - ok
09:37:23.0206 5604  [ 55201897378CCA7AF8B5EFD874374A26 ] Wanarpv6        C:\Windows\system32\DRIVERS\wanarp.sys
09:37:23.0208 5604  Wanarpv6 - ok
09:37:23.0243 5604  [ 779F9C90D3FE9C70B6FFD8EF035F3E83 ] WcesComm        C:\Windows\WindowsMobile\wcescomm.dll
09:37:23.0248 5604  WcesComm - ok
09:37:23.0293 5604  [ A3CD60FD826381B49F03832590E069AF ] wcncsvc        C:\Windows\System32\wcncsvc.dll
09:37:23.0305 5604  wcncsvc - ok
09:37:23.0334 5604  [ 11BCB7AFCDD7AADACB5746F544D3A9C7 ] WcsPlugInService C:\Windows\System32\WcsPlugInService.dll
09:37:23.0341 5604  WcsPlugInService - ok
09:37:23.0381 5604  [ AFC5AD65B991C1E205CF25CFDBF7A6F4 ] Wd              C:\Windows\system32\drivers\wd.sys
09:37:23.0384 5604  Wd - ok
09:37:23.0427 5604  [ B6F0A7AD6D4BD325FBCD8BAC96CD8D96 ] Wdf01000        C:\Windows\system32\drivers\Wdf01000.sys
09:37:23.0443 5604  Wdf01000 - ok
09:37:23.0482 5604  [ ABFC76B48BB6C96E3338D8943C5D93B5 ] WdiServiceHost  C:\Windows\system32\wdi.dll
09:37:23.0491 5604  WdiServiceHost - ok
09:37:23.0501 5604  [ ABFC76B48BB6C96E3338D8943C5D93B5 ] WdiSystemHost  C:\Windows\system32\wdi.dll
09:37:23.0508 5604  WdiSystemHost - ok
09:37:23.0556 5604  [ 04C37D8107320312FBAE09926103D5E2 ] WebClient      C:\Windows\System32\webclnt.dll
09:37:23.0565 5604  WebClient - ok
09:37:23.0601 5604  [ AE3736E7E8892241C23E4EBBB7453B60 ] Wecsvc          C:\Windows\system32\wecsvc.dll
09:37:23.0610 5604  Wecsvc - ok
09:37:23.0644 5604  [ 670FF720071ED741206D69BD995EA453 ] wercplsupport  C:\Windows\System32\wercplsupport.dll
09:37:23.0652 5604  wercplsupport - ok
09:37:23.0686 5604  [ 32B88481D3B326DA6DEB07B1D03481E7 ] WerSvc          C:\Windows\System32\WerSvc.dll
09:37:23.0696 5604  WerSvc - ok
09:37:23.0709 5604  WinHttpAutoProxySvc - ok
09:37:23.0765 5604  [ 6B2A1D0E80110E3D04E6863C6E62FD8A ] Winmgmt        C:\Windows\system32\wbem\WMIsvc.dll
09:37:23.0771 5604  Winmgmt - ok
09:37:23.0838 5604  [ 7CFE68BDC065E55AA5E8421607037511 ] WinRM          C:\Windows\system32\WsmSvc.dll
09:37:23.0877 5604  WinRM - ok
09:37:23.0911 5604  [ 676F4B665BDD8053EAA53AC1695B8074 ] winusb          C:\Windows\system32\DRIVERS\winusb.sys
09:37:23.0914 5604  winusb - ok
09:37:23.0973 5604  [ C008405E4FEEB069E30DA1D823910234 ] Wlansvc        C:\Windows\System32\wlansvc.dll
09:37:23.0994 5604  Wlansvc - ok
09:37:24.0132 5604  [ FB01D4AE207B9EFDBABFC55DC95C7E31 ] wlidsvc        C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
09:37:24.0181 5604  wlidsvc - ok
09:37:24.0207 5604  [ 701A9F884A294327E9141D73746EE279 ] WmiAcpi        C:\Windows\system32\drivers\wmiacpi.sys
09:37:24.0210 5604  WmiAcpi - ok
09:37:24.0243 5604  [ 43BE3875207DCB62A85C8C49970B66CC ] wmiApSrv        C:\Windows\system32\wbem\WmiApSrv.exe
09:37:24.0246 5604  wmiApSrv - ok
09:37:24.0329 5604  [ 3978704576A121A9204F8CC49A301A9B ] WMPNetworkSvc  C:\Program Files\Windows Media Player\wmpnetwk.exe
09:37:24.0355 5604  WMPNetworkSvc - ok
09:37:24.0395 5604  [ CFC5A04558F5070CEE3E3A7809F3FF52 ] WPCSvc          C:\Windows\System32\wpcsvc.dll
09:37:24.0403 5604  WPCSvc - ok
09:37:24.0443 5604  [ 801FBDB89D472B3C467EB112A0FC9246 ] WPDBusEnum      C:\Windows\system32\wpdbusenum.dll
09:37:24.0454 5604  WPDBusEnum - ok
09:37:24.0487 5604  [ DE9D36F91A4DF3D911626643DEBF11EA ] WpdUsb          C:\Windows\system32\DRIVERS\wpdusb.sys
09:37:24.0490 5604  WpdUsb - ok
09:37:24.0590 5604  [ DCF3E3EDF5109EE8BC02FE6E1F045795 ] WPFFontCache_v0400 C:\Windows\Microsoft.NET\Framework\v4.0.30319\WPF\WPFFontCache_v0400.exe
09:37:24.0602 5604  WPFFontCache_v0400 - ok
09:37:24.0638 5604  [ E3A3CB253C0EC2494D4A61F5E43A389C ] ws2ifsl        C:\Windows\system32\drivers\ws2ifsl.sys
09:37:24.0640 5604  ws2ifsl - ok
09:37:24.0650 5604  WSearch - ok
09:37:24.0780 5604  [ FC3EC24FCE372C89423E015A2AC1A31E ] wuauserv        C:\Windows\system32\wuaueng.dll
09:37:24.0841 5604  wuauserv - ok
09:37:24.0875 5604  [ AC13CB789D93412106B0FB6C7EB2BCB6 ] WUDFRd          C:\Windows\system32\DRIVERS\WUDFRd.sys
09:37:24.0879 5604  WUDFRd - ok
09:37:24.0908 5604  [ 575A4190D989F64732119E4114045A4F ] wudfsvc        C:\Windows\System32\WUDFSvc.dll
09:37:24.0916 5604  wudfsvc - ok
09:37:24.0930 5604  ================ Scan global ===============================
09:37:24.0943 5604  [ F31EEBC1A1C81FD04005489CC3DCDFE7 ] C:\Windows\system32\basesrv.dll
09:37:24.0999 5604  [ D2293B069E4B63DC17B2F08D45E71124 ] C:\Windows\system32\winsrv.dll
09:37:25.0030 5604  [ D2293B069E4B63DC17B2F08D45E71124 ] C:\Windows\system32\winsrv.dll
09:37:25.0083 5604  [ D4E6D91C1349B7BFB3599A6ADA56851B ] C:\Windows\system32\services.exe
09:37:25.0097 5604  [Global] - ok
09:37:25.0098 5604  ================ Scan MBR ==================================
09:37:25.0111 5604  [ 5C616939100B85E558DA92B899A0FC36 ] \Device\Harddisk0\DR0
09:37:25.0415 5604  \Device\Harddisk0\DR0 - ok
09:37:25.0426 5604  [ C3BF017D6EE85E7F3DFBBF8A248A7F54 ] \Device\Harddisk1\DR3
09:37:25.0996 5604  \Device\Harddisk1\DR3 - ok
09:37:25.0996 5604  ================ Scan VBR ==================================
09:37:26.0000 5604  [ D0F303C7823B71BCC4E52A371BF2F3DE ] \Device\Harddisk0\DR0\Partition1
09:37:26.0003 5604  \Device\Harddisk0\DR0\Partition1 - ok
09:37:26.0025 5604  [ A9724774CF11B9E64C91443B658E497A ] \Device\Harddisk0\DR0\Partition2
09:37:26.0028 5604  \Device\Harddisk0\DR0\Partition2 - ok
09:37:26.0034 5604  [ 3D080CBEF46552F3FE8A993973EBDDF8 ] \Device\Harddisk1\DR3\Partition1
09:37:26.0035 5604  \Device\Harddisk1\DR3\Partition1 - ok
09:37:26.0036 5604  ============================================================
09:37:26.0036 5604  Scan finished
09:37:26.0036 5604  ============================================================
09:37:26.0047 3252  Detected object count: 0
09:37:26.0048 3252  Actual detected object count: 0
09:54:26.0568 2492  Deinitialize success

DerJazzer 08.10.2012 22:03
Du hast aswMBR nicht per Rechtsklick als Administrator ausgeführt.

Bitte wiederholen :)

SatanasOz 08.10.2012 23:52
Ausgeführt als Admin hatte ich es, aber nicht auf scan gedrückt :stirn:

Code:
aswMBR version 0.9.9.1665 Copyright(c) 2011 AVAST Software
Run date: 2012-10-09 09:29:12
-----------------------------
09:29:12.268    OS Version: Windows 6.0.6002 Service Pack 2
09:29:12.269    Number of processors: 2 586 0xF0B
09:29:12.271    ComputerName: NINA-PC  UserName: Nina
09:29:45.973    Initialize success
09:33:13.913    AVAST engine defs: 12100800
09:36:25.842    The log file has been saved successfully to "G:\aswMBR.txt"


aswMBR version 0.9.9.1665 Copyright(c) 2011 AVAST Software
Run date: 2012-10-09 10:08:15
-----------------------------
10:08:15.401    OS Version: Windows 6.0.6002 Service Pack 2
10:08:15.401    Number of processors: 2 586 0xF0B
10:08:15.403    ComputerName: NINA-PC  UserName: Nina
10:08:16.312    Initialize success
10:08:30.657    AVAST engine defs: 12100800
10:08:33.728    Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\Ide\IAAStorageDevice-0
10:08:33.734    Disk 0 Vendor: Hitachi_ BBFO Size: 238475MB BusType: 3
10:08:33.752    Disk 0 MBR read successfully
10:08:33.759    Disk 0 MBR scan
10:08:33.819    Disk 0 Windows VISTA default MBR code
10:08:33.839    Disk 0 Partition 1 00    1C Hidd FAT32 LBA MSDOS5.0    7000 MB offset 2048
10:08:33.861    Disk 0 Partition 2 80 (A) 07    HPFS/NTFS NTFS      119237 MB offset 14338048
10:08:33.897    Disk 0 Partition - 00    05    Extended            112236 MB offset 258535424
10:08:33.963    Disk 0 Partition 3 00    07    HPFS/NTFS NTFS      112235 MB offset 258537472
10:08:34.023    Disk 0 scanning sectors +488394752
10:08:34.192    Disk 0 scanning C:\Windows\system32\drivers
10:09:12.229    Service scanning
10:09:45.134    Service MpKslcfc6c124 C:\ProgramData\Microsoft\Microsoft Antimalware\Definition Updates\{A4FD79F5-E263-4FDE-A276-62196E5BA0C2}\MpKslcfc6c124.sys **LOCKED** 32
10:10:29.441    Modules scanning
10:10:40.172    Disk 0 trace - called modules:
10:10:40.194   
10:10:41.536    AVAST engine scan C:\Windows
10:10:56.602    AVAST engine scan C:\Windows\system32
10:18:18.375    AVAST engine scan C:\Windows\system32\drivers
10:18:58.274    AVAST engine scan C:\Users\Nina
11:10:13.439    AVAST engine scan C:\ProgramData
11:16:09.106    Scan finished successfully
11:47:59.862    Disk 0 MBR has been saved successfully to "G:\MBR.dat"
11:48:00.082    The log file has been saved successfully to "G:\aswMBR.txt"
und MBR.dat

DerJazzer 09.10.2012 12:22
Hi :)

Langsam wirds kniffelig...

Falls Du kein Brennprogramm installiert hast, lade
dir bitte ISOBurner herunter.
Das Programm wird Dir erlauben, OTLPE auf eine CD zu brennen und sie bootfähig zu machen.
Du brauchst das Tool nur zu installieren, der Rest läuft automatisch => Wie brenne ich eine ISO Datei auf CD/DVD.
  • Lade OTLPENet.exe von OldTimer herunter und speichere sie auf Deinem Desktop.
    Anmerkung: Die Datei ist ca. 120 MB groß und es wird bei langsamer Internet-Verbindung ein wenig dauern, bis Du sie runtergeladen hast.
  • Wenn der Download fertig ist, mache einen Doppelklick auf die Datei und beantworte die Frage "Do you want to burn the CD?" mit Yes.
  • Lege eine leere CD in Deinen Brenner.
  • ImgBurn (oder Dein Brennprogramm) wird das Archiv extrahieren und OTLPE Network auf die CD brennen.
  • Wenn der Brenn-Vorgang abgeschlossen ist, wirst Du eine Dialogbox sehen => "Operation successfully completed".
  • Du kannst nun die Fenster des Brennprogramms schließen.
Nun boote von mit der OTLPE CD.
Hinweis: Wie boote ich von CD
  • Dein System sollte nach einigen Minuten den REATOGO-X-PE Desktop anzeigen.
  • Mache einen Doppelklick auf das OTLPE Icon.
  • Wenn Du gefragt wirst "Do you wish to load the remote registry", dann wähle Yes.
  • Wenn Du gefragt wirst "Do you wish to load remote user profile(s) for scanning", dann wähle Yes.
  • Vergewissere Dich, dass die Box "Automatically Load All Remaining Users" gewählt ist und drücke OK.
  • OTLpe sollte nun starten.
  • Drücke Run Scan, um den Scan zu starten.
  • Wenn der Scan fertig ist, werden die Dateien C:\OTL.Txt und C:\Extras.Txt erstellt
  • Kopiere diese Datei auf Deinen USB-Stick, wenn Du keine Internetverbindung auf diesem System hast.
  • Bitte poste den Inhalt von C:\OTL.Txt und Extras.Txt.

DerJazzer 12.10.2012 12:30
Hallo,
benötigst Du noch weiterhin Hilfe ?

Sollte ich innerhalb der nächsten 24 Stunden keine Antwort von dir erhalten, werde ich dein Thema aus meinen Abos nehmen und bekomme dadurch keine Nachricht über neue Antworten.

Das Verschwinden der Symptome bedeutet nicht, dass dein System schon sauber ist!

SatanasOz 12.10.2012 13:29
Hey - nein, es es kein Desinteresse. Zu allem übel ist am donnerstag der Nagel eue router gestorben. Ergo, kein internet :( 3g ist hier leider zu teuer für alles ausser e-mail. Der provider schickt mir einen neuen Router, der sollte morgen hier sein.

Ich habe den scan gemacht und poste ihn so bald ich kann. Es wurde (auch nach dem 2. Versuch) keine extras.txt auf c:/ angelegt.

DerJazzer 12.10.2012 14:22
Ok, kein Problem, Unvorhergesehenes geschieht ;)

Bitte poste das Scanergebnis sobald es bei dir möglich ist :)

SatanasOz 15.10.2012 22:19
Ok ... mein Provider hat es seit Donnerstag noch nicht geschafft die Verbindung wieder hin zu kriegen, aber es muss ja weiter gehen. Also hier, in voller 3G übertragungspracht, das Log. Wie gesagt, keine extras.txt. Habe die ganze Kiste noch mal gescannt.

Code:
OTL logfile created on: 10/10/2012 8:37:17 PM - Run
OTLPE by OldTimer - Version 3.1.48.0    Folder = X:\Programs\OTLPE
Windows Vista (TM) Home Premium Service Pack 2 (Version = 6.0.6002) - Type = System
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
 
2.00 Gb Total Physical Memory | 2.00 Gb Available Physical Memory | 86.00% Memory free
2.00 Gb Paging File | 2.00 Gb Available in Paging File | 97.00% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 116.44 Gb Total Space | 21.67 Gb Free Space | 18.61% Space Free | Partition Type: NTFS
Drive D: | 109.60 Gb Total Space | 31.07 Gb Free Space | 28.35% Space Free | Partition Type: NTFS
Drive E: | 967.22 Mb Total Space | 663.44 Mb Free Space | 68.59% Space Free | Partition Type: FAT
Drive X: | 436.59 Mb Total Space | 0.00 Mb Free Space | 0.00% Space Free | Partition Type: CDFS
 
Computer Name: REATOGO | User Name: SYSTEM
Boot Mode: Normal | Scan Mode: All users
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days
Using ControlSet: ControlSet001
 
========== Win32 Services (SafeList) ==========
 
SRV - File not found [Disabled] --  -- (NMIndexingService)
SRV - [2012/10/02 18:10:31 | 003,459,024 | ---- | M] (Acronis) [Auto] -- C:\Program Files\Common Files\Acronis\CDP\afcdpsrv.exe -- (afcdpsrv)
SRV - [2012/09/30 03:44:09 | 000,529,744 | ---- | M] (Valve Corporation) [Disabled] -- C:\Program Files\Common Files\Steam\SteamService.exe -- (Steam Client Service)
SRV - [2012/09/12 00:25:24 | 000,287,824 | ---- | M] (Microsoft Corporation) [On_Demand] -- C:\Program Files\Microsoft Security Client\NisSrv.exe -- (NisSrv)
SRV - [2012/09/12 00:25:22 | 000,020,472 | ---- | M] (Microsoft Corporation) [Auto] -- C:\Program Files\Microsoft Security Client\MsMpEng.exe -- (MsMpSvc)
SRV - [2012/07/12 21:28:36 | 000,160,944 | R--- | M] (Skype Technologies) [Disabled] -- C:\Program Files\Skype\Updater\Updater.exe -- (SkypeUpdate)
SRV - [2012/06/28 00:32:18 | 005,915,352 | ---- | M] (Acronis) [Auto] -- C:\Program Files\Common Files\Acronis\SyncAgent\syncagentsrv.exe -- (syncagentsrv)
SRV - [2012/06/28 00:29:42 | 000,821,048 | ---- | M] (Acronis) [Auto] -- C:\Program Files\Common Files\Acronis\Schedule2\schedul2.exe -- (AcrSch2Svc)
SRV - [2009/12/07 09:13:14 | 000,397,312 | ---- | M] () [Disabled] -- C:\Program Files\Common Files\AVerMedia\Service\AVerScheduleService.exe -- (AVerScheduleService)
SRV - [2009/10/31 02:48:42 | 000,348,160 | ---- | M] (AVerMedia) [Disabled] -- C:\Program Files\Common Files\AVerMedia\Service\AVerRemote.exe -- (AVerRemote)
SRV - [2008/01/19 03:36:49 | 000,365,568 | ---- | M] (Microsoft Corporation) [Auto] -- C:\Windows\WindowsMobile\wcescomm.dll -- (WcesComm)
SRV - [2008/01/19 03:36:15 | 000,167,936 | ---- | M] (Microsoft Corporation) [Auto] -- C:\Windows\WindowsMobile\rapimgr.dll -- (RapiMgr)
SRV - [2007/05/15 13:47:48 | 000,094,208 | ---- | M] () [Auto] -- C:\Program Files\ATKGFNEX\GFNEXSrv.exe -- (ATKGFNEXSrv)
SRV - [2007/02/12 08:38:04 | 000,355,096 | ---- | M] (Intel Corporation) [Auto] -- C:\Program Files\Intel\Intel Matrix Storage Manager\IAANTmon.exe -- (IAANTMON) Intel(R)
SRV - [2007/02/05 22:13:14 | 000,094,208 | ---- | M] () [Disabled] -- C:\Program Files\ATK Hotkey\ASLDRSrv.exe -- (ASLDRService)
SRV - [2006/12/28 20:17:50 | 000,123,248 | ---- | M] () [Auto] -- C:\Program Files\ASUS\NB Probe\SPM\spmgr.exe -- (spmgr)
 
 
========== Driver Services (SafeList) ==========
 
DRV - File not found [Kernel | On_Demand] --  -- (NwlnkFwd)
DRV - File not found [Kernel | On_Demand] --  -- (NwlnkFlt)
DRV - File not found [Kernel | On_Demand] --  -- (IpInIp)
DRV - [2012/10/02 18:10:44 | 000,234,752 | ---- | M] (Acronis) [File_System | On_Demand] -- C:\Windows\System32\drivers\afcdp.sys -- (afcdp)
DRV - [2012/10/02 18:10:11 | 000,775,232 | ---- | M] (Acronis) [Kernel | Boot] -- C:\Windows\System32\drivers\tdrpman.sys -- (tdrpman)
DRV - [2012/10/02 18:10:03 | 000,614,592 | ---- | M] (Acronis) [Kernel | Boot] -- C:\Windows\System32\drivers\timntr.sys -- (timounter)
DRV - [2012/10/02 18:09:12 | 000,126,880 | ---- | M] (Acronis) [Kernel | Boot] -- C:\Windows\System32\drivers\vididr.sys -- (vididr)
DRV - [2012/10/02 18:09:11 | 000,086,496 | ---- | M] (Acronis) [Kernel | Boot] -- C:\Windows\System32\drivers\vsflt67.sys -- (vidsflt67) Acronis Disk Storage Filter (67)
DRV - [2012/10/02 18:09:06 | 000,177,600 | ---- | M] (Acronis) [Kernel | Boot] -- C:\Windows\System32\drivers\snapman.sys -- (snapman)
DRV - [2012/10/02 18:09:03 | 000,080,416 | ---- | M] (Acronis) [Kernel | Boot] -- C:\Windows\System32\drivers\fltsrv.sys -- (fltsrv)
DRV - [2012/08/30 05:03:50 | 000,099,272 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand] -- C:\Windows\System32\drivers\NisDrvWFP.sys -- (NisDrv)
DRV - [2010/05/06 06:35:16 | 000,569,728 | ---- | M] (AVerMedia TECHNOLOGIES, Inc.) [Kernel | On_Demand] -- C:\Windows\System32\drivers\AVerAF15DMBTH.sys -- (AVerAF15DMBTH)
DRV - [2009/10/31 05:38:28 | 000,691,696 | ---- | M] (Duplex Secure Ltd.) [Kernel | Disabled] -- C:\Windows\System32\Drivers\sptd.sys -- (sptd)
DRV - [2009/10/25 22:09:06 | 001,095,936 | ---- | M] (Motorola Inc.) [Kernel | On_Demand] -- C:\Windows\System32\drivers\smserial.sys -- (smserial)
DRV - [2009/07/01 07:59:00 | 009,786,752 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand] -- C:\Windows\System32\drivers\nvlddmkm.sys -- (nvlddmkm)
DRV - [2009/04/11 00:42:52 | 000,031,616 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand] -- C:\Windows\System32\drivers\winusb.sys -- (winusb)
DRV - [2007/05/24 22:15:15 | 001,743,232 | ---- | M] () [Kernel | On_Demand] -- C:\Windows\System32\drivers\snp2uvc.sys -- (SNP2UVC) USB2.0 PC Camera (SNP2UVC)
DRV - [2007/04/30 10:45:18 | 002,219,520 | ---- | M] (Intel Corporation) [Kernel | On_Demand] -- C:\Windows\System32\drivers\NETw4v32.sys -- (NETw4v32) Intel(R)
DRV - [2007/03/22 02:02:04 | 000,037,376 | ---- | M] (REDC) [Kernel | Auto] -- C:\Windows\System32\drivers\rixdptsk.sys -- (rismxdp)
DRV - [2007/03/15 02:41:15 | 000,048,128 | ---- | M] (Attansic Technology corporation.) [Kernel | On_Demand] -- C:\Windows\System32\drivers\atl01v32.sys -- (AtcL001)
DRV - [2007/02/24 18:42:22 | 000,039,936 | ---- | M] (REDC) [Kernel | Auto] -- C:\Windows\System32\drivers\rimmptsk.sys -- (rimmptsk)
DRV - [2007/02/05 07:53:58 | 000,011,632 | ---- | M] () [Kernel | Auto] -- C:\Program Files\ATKGFNEX\ASMMAP.sys -- (ASMMAP)
DRV - [2007/01/24 06:08:39 | 000,005,632 | ---- | M] ( ) [Kernel | On_Demand] -- C:\Windows\System32\drivers\kbfiltr.sys -- (kbfiltr)
DRV - [2007/01/23 20:40:20 | 000,042,496 | ---- | M] (REDC) [Kernel | Auto] -- C:\Windows\System32\drivers\rimsptsk.sys -- (rimsptsk)
DRV - [2006/12/14 03:11:57 | 000,007,680 | ---- | M] (ATK0100) [Kernel | On_Demand] -- C:\Windows\System32\drivers\ATKACPI.sys -- (MTsensor)
DRV - [2006/11/15 22:02:19 | 000,015,216 | ---- | M] () [Kernel | Auto] -- C:\Program Files\ASUS\NB Probe\SPM\ghaio.sys -- (ghaio)
DRV - [2006/11/02 05:50:17 | 000,041,064 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand] -- C:\Windows\System32\drivers\tpm.sys -- (TPM)
DRV - [2006/11/02 03:30:56 | 000,044,544 | ---- | M] (Realtek Corporation) [Kernel | On_Demand] -- C:\Windows\System32\drivers\Rtlh86.sys -- (RTL8169)
DRV - [2006/11/02 03:30:54 | 001,781,760 | ---- | M] (Intel® Corporation) [Kernel | On_Demand] -- C:\Windows\System32\drivers\NETw3v32.sys -- (NETw3v32) Intel(R)
 
 
========== Standard Registry (SafeList) ==========
 
 
========== Internet Explorer ==========
 
IE - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://www.asus.com
 
 
IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
 
IE - HKU\Florian_ON_C\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://www.asus.com
IE - HKU\Florian_ON_C\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.asus.com
IE - HKU\Florian_ON_C\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
 
 
IE - HKU\Mcx1_ON_C\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
 
 
IE - HKU\Nina_ON_C\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.t-online.de/
IE - HKU\Nina_ON_C\Software\Microsoft\Internet Explorer\Main,StartPageCache = 1
IE - HKU\Nina_ON_C\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKU\Nina_ON_C\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local
 
 
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=: 
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=1.0: C:\Program Files\iTunes\Mozilla Plugins\npitunes.dll ()
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: C:\Program Files\Microsoft Silverlight\4.1.10329.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeLive,version=1.5: C:\Program Files\Microsoft\Office Live\npOLW.dll (Microsoft Corp.)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WPF,version=3.5: C:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files\Google\Update\1.3.21.123\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files\Google\Update\1.3.21.123\npGoogleUpdate3.dll (Google Inc.)
 
 
 
O1 HOSTS File: ([2006/09/18 17:41:30 | 000,000,761 | ---- | M]) - C:\Windows\System32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1      localhost
O1 - Hosts: ::1            localhost
O2 - BHO: (Adobe PDF Reader Link Helper) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll (Adobe Systems Incorporated)
O2 - BHO: (CmjBrowserHelperObject Object) - {6FE6A929-59D1-4763-91AD-29B61CFFB35B} - C:\Program Files\Mindjet\MindManager 8\Mm8InternetExplorer.dll (Mindjet)
O2 - BHO: (Skype Browser Helper) - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O2 - BHO: (Java(tm) Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} -  File not found
O2 - BHO: (ChromeFrame BHO) - {ECB3C477-1A0A-44BD-BB57-78F9EFE34FA7} - C:\Program Files\Google\Chrome Frame\Application\22.0.1229.92\npchrome_frame.dll (Google Inc.)
O4 - HKLM..\Run: [Acronis Scheduler2 Service] C:\Program Files\Common Files\Acronis\Schedule2\schedhlp.exe (Acronis)
O4 - HKLM..\Run: [AcronisTimounterMonitor] C:\Program Files\Acronis\TrueImageHome\TimounterMonitor.exe (Acronis)
O4 - HKLM..\Run: [ATKMEDIA] C:\Program Files\ASUS\ATK Media\DMedia.exe (ASUSTeK Computer INC.)
O4 - HKLM..\Run: [IAAnotif] C:\Program Files\Intel\Intel Matrix Storage Manager\Iaanotif.exe (Intel Corporation)
O4 - HKLM..\Run: [MSC] C:\Program Files\Microsoft Security Client\msseces.exe (Microsoft Corporation)
O4 - HKLM..\Run: [NvCplDaemon] C:\Windows\System32\NvCpl.dll (NVIDIA Corporation)
O4 - HKLM..\Run: [RtHDVCpl] C:\Windows\RtHDVCpl.exe (Realtek Semiconductor)
O4 - HKLM..\Run: [SMSERIAL] C:\Program Files\Motorola\SMSERIAL\sm56hlpr.exe (Motorola Inc.)
O4 - HKLM..\Run: [TrueImageMonitor.exe] C:\Program Files\Acronis\TrueImageHome\TrueImageMonitor.exe (Acronis)
O4 - HKLM..\Run: [Windows Mobile-based device management] C:\Windows\WindowsMobile\wmdSync.exe (Microsoft Corporation)
O4 - HKU\LocalService_ON_C..\Run: [WindowsWelcomeCenter] C:\Windows\System32\oobefldr.dll (Microsoft Corporation)
O4 - HKU\Mcx1_ON_C..\Run: [WindowsWelcomeCenter] C:\Windows\System32\oobefldr.dll (Microsoft Corporation)
O4 - HKU\NetworkService_ON_C..\Run: [WindowsWelcomeCenter] C:\Windows\System32\oobefldr.dll (Microsoft Corporation)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableLinkedConnections = 1
O8 - Extra context menu item: &Citavi Picker... - C:\Program Files\Internet Explorer\PLUGINS\Citavi Picker\ShowContextMenu.html ()
O9 - Extra Button: Send to Mindjet MindManager - {2F72393D-2472-4F82-B600-ED77F354B7FF} - C:\Program Files\Mindjet\MindManager 8\Mm8InternetExplorer.dll (Mindjet)
O9 - Extra Button: Skype Plug-In - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O9 - Extra 'Tools' menuitem : Skype Plug-In - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000008 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)
O10 - Protocol_Catalog9\Catalog_Entries\000000000001 -  File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000002 -  File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000003 -  File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000004 -  File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000005 -  File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000006 -  File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000007 -  File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000008 -  File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000009 -  File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000010 -  File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000011 -  File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000012 -  File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000013 -  File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000014 -  File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000015 -  File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000016 -  File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000017 -  File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000018 -  File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000019 -  File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000020 -  File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000021 -  File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000022 -  File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000023 -  File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000024 -  File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000025 -  File not found
O13 - gopher Prefix: missing
O16 - DPF: {0CCA191D-13A6-4E29-B746-314DEE697D83} hxxp://upload.facebook.com/controls/2008.10.10_v5.5.8/FacebookPhotoUploader5.cab (Facebook Photo Uploader 5 Control)
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} hxxp://download.microsoft.com/download/E/5/6/E5611B10-0D6D-4117-8430-A67417AA88CD/LegitCheckControl.cab (Windows Genuine Advantage Validation Tool)
O16 - DPF: {8100D56A-5661-482C-BEE8-AFECE305D968} hxxp://upload.facebook.com/controls/2009.07.28_v5.5.8.1/FacebookPhotoUploader55.cab (Facebook Photo Uploader 5 Control)
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} https://fpdownload.macromedia.com/pub/shockwave/cabs/flash/swflash.cab (Shockwave Flash Object)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.1
O18 - Protocol\Handler\cf - No CLSID value found
O18 - Protocol\Handler\gcf {9875BFAF-B04D-445E-8A69-BE36838CDE3E} - C:\Program Files\Google\Chrome Frame\Application\22.0.1229.92\npchrome_frame.dll (Google Inc.)
O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files\Common Files\Skype\Skype4COM.dll (Skype Technologies)
O18 - Protocol\Handler\skype-ie-addon-data {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O24 - Desktop WallPaper: C:\Windows\Web\Wallpaper\img24.jpg
O24 - Desktop BackupWallPaper: C:\Windows\Web\Wallpaper\img24.jpg
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2006/09/18 17:43:36 | 000,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ]
O32 - AutoRun File - [2006/03/24 07:06:41 | 000,000,053 | R--- | M] () - X:\AUTORUN.INF -- [ CDFS ]
O34 - HKLM BootExecute: (autocheck autochk *) -  File not found
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
 
========== Files/Folders - Created Within 30 Days ==========
 
[2099/01/01 12:00:00 | 000,000,000 | ---D | C] -- C:\Users\Nina\Documents\Uni und Schule
[2099/01/01 12:00:00 | 000,000,000 | ---D | C] -- C:\Users\Nina\Documents\pics from NZ friends
[2099/01/01 12:00:00 | 000,000,000 | ---D | C] -- C:\Users\Nina\Documents\NINA - Queen of Awesomeness and Antarctica
[2012/10/08 16:28:55 | 002,212,440 | ---- | C] (Kaspersky Lab ZAO) -- C:\Users\Nina\Desktop\tdsskiller.exe
[2012/10/08 16:28:32 | 004,731,392 | ---- | C] (AVAST Software) -- C:\Users\Nina\Desktop\aswMBR.exe
[2012/10/08 03:52:34 | 000,000,000 | ---D | C] -- C:\FRST
[2012/10/02 18:12:19 | 000,000,000 | ---D | C] -- C:\Users\Nina\AppData\Roaming\Acronis
[2012/10/02 18:11:17 | 000,000,000 | ---D | C] -- C:\ProgramData\Acronis
[2012/10/02 18:10:41 | 000,234,752 | ---- | C] (Acronis) -- C:\Windows\System32\drivers\afcdp.sys
[2012/10/02 18:10:10 | 000,775,232 | ---- | C] (Acronis) -- C:\Windows\System32\drivers\tdrpman.sys
[2012/10/02 18:10:02 | 000,614,592 | ---- | C] (Acronis) -- C:\Windows\System32\drivers\timntr.sys
[2012/10/02 18:09:12 | 000,126,880 | ---- | C] (Acronis) -- C:\Windows\System32\drivers\vididr.sys
[2012/10/02 18:09:10 | 000,086,496 | ---- | C] (Acronis) -- C:\Windows\System32\drivers\vsflt67.sys
[2012/10/02 18:09:06 | 000,177,600 | ---- | C] (Acronis) -- C:\Windows\System32\drivers\snapman.sys
[2012/10/02 18:09:03 | 000,080,416 | ---- | C] (Acronis) -- C:\Windows\System32\drivers\fltsrv.sys
[2012/10/02 18:08:54 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Acronis
[2012/10/02 18:08:10 | 000,000,000 | ---D | C] -- C:\Program Files\Acronis
[2012/10/02 18:07:58 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Acronis
[2012/10/02 08:08:05 | 000,000,000 | ---D | C] -- C:\ProgramData\NVIDIA
[2012/10/02 07:33:25 | 000,181,064 | ---- | C] (Sysinternals) -- C:\Windows\PSEXESVC.EXE
[2012/10/02 07:32:33 | 000,381,816 | ---- | C] (Sysinternals - www.sysinternals.com) -- C:\Windows\System32\PsExec.exe
[2012/10/02 06:56:39 | 000,000,000 | ---D | C] -- C:\Users\Nina\Desktop\Neuer Ordner
[2012/10/02 01:03:54 | 000,000,000 | ---D | C] -- C:\Users\Nina\AppData\Local\ElevatedDiagnostics
[2012/10/01 04:11:50 | 000,000,000 | ---D | C] -- C:\Users\Nina\AppData\Local\{ECDEF87C-64BF-4661-B9CC-BF20B5C042C5}
[2012/10/01 01:56:46 | 000,000,000 | ---D | C] -- C:\Users\Nina\AppData\Local\{A083496B-F28A-454E-ACD6-AE190C1B0283}
[2012/09/30 18:07:59 | 000,000,000 | ---D | C] -- C:\Users\Nina\AppData\Local\{3A09E88B-5581-46ED-9BC1-37B250087C21}
[2012/09/30 16:44:56 | 000,602,112 | ---- | C] (OldTimer Tools) -- C:\Users\Nina\Desktop\OTL.exe
[2012/09/30 05:04:03 | 000,000,000 | ---D | C] -- C:\Users\Nina\AppData\Roaming\Malwarebytes
[2012/09/30 05:02:26 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes' Anti-Malware
[2012/09/30 05:02:13 | 000,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes
[2012/09/30 05:02:10 | 000,022,856 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbam.sys
[2012/09/30 05:02:09 | 000,000,000 | ---D | C] -- C:\Program Files\Malwarebytes' Anti-Malware
[2012/09/30 03:53:30 | 000,000,000 | ---D | C] -- C:\Users\Nina\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Steam
[2012/09/30 03:11:09 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Steam
[2012/09/30 03:11:08 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Steam
[2012/09/30 03:11:05 | 000,000,000 | ---D | C] -- C:\Program Files\Steam
[2012/09/30 01:58:10 | 000,000,000 | ---D | C] -- C:\Program Files\Microsoft Security Client
[2012/09/30 01:19:50 | 000,000,000 | ---D | C] -- C:\Users\Nina\AppData\Local\{E6D7D3C0-3687-457D-8D8D-AF6830A285E0}
[2012/09/29 05:22:35 | 000,000,000 | ---D | C] -- C:\Users\Nina\AppData\Local\{20666CC0-4259-43A3-A916-C011F1229BFD}
[2012/09/27 14:57:18 | 000,000,000 | ---D | C] -- C:\Users\Nina\AppData\Local\{D21FCDC8-0591-4A39-A636-7040B1A90BC8}
[2012/09/27 02:40:41 | 002,382,848 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mshtml.tlb
[2012/09/27 02:40:40 | 000,420,864 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\vbscript.dll
[2012/09/27 02:40:39 | 000,176,640 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ieui.dll
[2012/09/27 02:40:39 | 000,142,848 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ieUnatt.exe
[2012/09/27 02:40:39 | 000,065,024 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\jsproxy.dll
[2012/09/27 02:40:38 | 000,607,744 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\msfeeds.dll
[2012/09/27 02:40:37 | 000,717,824 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\jscript.dll
[2012/09/27 02:40:36 | 001,800,704 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\jscript9.dll
[2012/09/27 02:40:36 | 000,231,936 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\url.dll
[2012/09/27 02:40:33 | 001,427,968 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\inetcpl.cpl
[2012/09/27 01:49:33 | 000,000,000 | ---D | C] -- C:\Users\Nina\AppData\Local\{928279D6-6C89-49E1-8F47-762BC1025D61}
[2012/09/26 23:36:32 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Skype
[2012/09/26 23:36:31 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Skype
[2012/09/26 22:03:15 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Office Live Add-in
[2012/09/26 22:03:14 | 000,000,000 | ---D | C] -- C:\Program Files\Microsoft
[2012/09/26 21:57:18 | 000,000,000 | ---D | C] -- C:\Users\Nina\AppData\Local\{8771A15B-7446-4500-82BD-7D9955761C20}
[2012/09/25 18:16:10 | 000,000,000 | ---D | C] -- C:\Users\Nina\AppData\Local\{75BAB726-26B3-489B-AB66-6C843DD63D67}
[2012/09/24 20:44:17 | 000,000,000 | ---D | C] -- C:\Users\Nina\AppData\Local\{8E93B501-DBF1-44CF-8D06-26E71FF5752E}
[2012/09/22 06:01:27 | 000,000,000 | ---D | C] -- C:\Users\Nina\AppData\Local\{6396CA56-3F9E-4835-A99D-8072AA846B38}
[2012/09/19 06:42:52 | 000,000,000 | ---D | C] -- C:\Users\Florian\AppData\Roaming\dvdcss
[2007/01/24 06:08:39 | 000,005,632 | ---- | C] ( ) -- C:\Windows\System32\drivers\kbfiltr.sys
 
========== Files - Modified Within 30 Days ==========
 
[2012/10/10 02:22:02 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2012/10/10 02:21:43 | 000,003,296 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0
[2012/10/10 02:21:43 | 000,003,296 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0
[2012/10/10 02:21:42 | 000,000,012 | ---- | M] () -- C:\Windows\bthservsdp.dat
[2012/10/10 02:20:00 | 000,001,094 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job
[2012/10/10 02:16:56 | 000,633,584 | ---- | M] () -- C:\Windows\System32\perfh007.dat
[2012/10/10 02:16:56 | 000,600,142 | ---- | M] () -- C:\Windows\System32\perfh009.dat
[2012/10/10 02:16:56 | 000,128,800 | ---- | M] () -- C:\Windows\System32\perfc007.dat
[2012/10/10 02:16:56 | 000,106,018 | ---- | M] () -- C:\Windows\System32\perfc009.dat
[2012/10/10 02:15:00 | 000,031,776 | ---- | M] () -- C:\ProgramData\nvModes.001
[2012/10/10 02:12:05 | 000,031,776 | ---- | M] () -- C:\ProgramData\nvModes.dat
[2012/10/10 02:12:04 | 000,001,090 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job
[2012/10/08 16:25:34 | 002,212,440 | ---- | M] (Kaspersky Lab ZAO) -- C:\Users\Nina\Desktop\tdsskiller.exe
[2012/10/08 16:24:56 | 004,731,392 | ---- | M] (AVAST Software) -- C:\Users\Nina\Desktop\aswMBR.exe
[2012/10/02 18:10:44 | 000,234,752 | ---- | M] (Acronis) -- C:\Windows\System32\drivers\afcdp.sys
[2012/10/02 18:10:11 | 000,775,232 | ---- | M] (Acronis) -- C:\Windows\System32\drivers\tdrpman.sys
[2012/10/02 18:10:03 | 000,614,592 | ---- | M] (Acronis) -- C:\Windows\System32\drivers\timntr.sys
[2012/10/02 18:09:12 | 000,126,880 | ---- | M] (Acronis) -- C:\Windows\System32\drivers\vididr.sys
[2012/10/02 18:09:11 | 000,086,496 | ---- | M] (Acronis) -- C:\Windows\System32\drivers\vsflt67.sys
[2012/10/02 18:09:06 | 000,177,600 | ---- | M] (Acronis) -- C:\Windows\System32\drivers\snapman.sys
[2012/10/02 18:09:03 | 000,080,416 | ---- | M] (Acronis) -- C:\Windows\System32\drivers\fltsrv.sys
[2012/10/02 18:08:54 | 000,001,011 | ---- | M] () -- C:\Users\Public\Desktop\Acronis True Image Home 2012.lnk
[2012/10/02 18:08:54 | 000,000,000 | ---D | M] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Acronis
[2012/10/02 07:54:22 | 000,052,566 | ---- | M] () -- C:\Users\Nina\AppData\Roaming\nvModes.001
[2012/10/02 07:44:05 | 000,001,912 | ---- | M] () -- C:\Windows\epplauncher.mif
[2012/10/02 07:44:00 | 000,001,833 | ---- | M] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Security Essentials.lnk
[2012/10/02 07:33:25 | 000,181,064 | ---- | M] (Sysinternals) -- C:\Windows\PSEXESVC.EXE
[2012/10/01 01:55:21 | 000,045,056 | ---- | M] () -- C:\Windows\System32\acovcnt.exe
[2012/09/30 06:45:58 | 000,302,592 | ---- | M] () -- C:\Users\Nina\Desktop\soo9ymcb.exe
[2012/09/30 06:45:36 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\Nina\Desktop\OTL.exe
[2012/09/30 05:02:26 | 000,000,913 | ---- | M] () -- C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
[2012/09/30 05:02:26 | 000,000,000 | ---D | M] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes' Anti-Malware
[2012/09/30 04:34:04 | 000,035,541 | ---- | M] () -- C:\Users\Florian\AppData\Roaming\nvModes.001
[2012/09/30 03:53:30 | 000,000,214 | ---- | M] () -- C:\Users\Nina\Desktop\Sid Meier's Civilization V.url
[2012/09/30 03:11:10 | 000,000,793 | ---- | M] () -- C:\Users\Public\Desktop\Steam.lnk
[2012/09/30 03:11:10 | 000,000,000 | ---D | M] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Steam
[2012/09/26 23:36:32 | 000,001,880 | ---- | M] () -- C:\Users\Public\Desktop\Skype.lnk
[2012/09/26 23:36:32 | 000,000,000 | ---D | M] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Skype
[2012/09/26 22:16:37 | 000,052,566 | ---- | M] () -- C:\Users\Nina\AppData\Roaming\nvModes.dat
[2012/09/26 22:03:15 | 000,000,000 | ---D | M] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Office Live Add-in
[2012/09/24 20:52:42 | 000,002,631 | ---- | M] () -- C:\Users\Nina\Desktop\Microsoft Office Word 2007.lnk
 
========== Files Created - No Company Name ==========
 
[2012/10/02 18:08:54 | 000,001,011 | ---- | C] () -- C:\Users\Public\Desktop\Acronis True Image Home 2012.lnk
[2012/10/02 17:55:27 | 225,073,224 | ---- | C] () -- C:\Users\Nina\Desktop\ATIH2012_trial_en-US.exe
[2012/10/02 17:23:45 | 000,031,776 | ---- | C] () -- C:\ProgramData\nvModes.001
[2012/10/02 17:23:33 | 000,031,776 | ---- | C] () -- C:\ProgramData\nvModes.dat
[2012/09/30 16:44:59 | 000,302,592 | ---- | C] () -- C:\Users\Nina\Desktop\soo9ymcb.exe
[2012/09/30 05:02:26 | 000,000,913 | ---- | C] () -- C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
[2012/09/30 03:53:30 | 000,000,214 | ---- | C] () -- C:\Users\Nina\Desktop\Sid Meier's Civilization V.url
[2012/09/30 03:11:10 | 000,000,793 | ---- | C] () -- C:\Users\Public\Desktop\Steam.lnk
[2012/09/30 02:01:17 | 000,001,912 | ---- | C] () -- C:\Windows\epplauncher.mif
[2012/09/30 01:58:29 | 000,001,833 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Security Essentials.lnk
[2012/09/26 23:36:32 | 000,001,880 | ---- | C] () -- C:\Users\Public\Desktop\Skype.lnk
[2010/09/02 15:32:02 | 000,006,656 | ---- | C] () -- C:\Users\Florian\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2010/07/03 07:17:09 | 000,000,350 | ---- | C] () -- C:\Windows\System32\AP6RMHV.BIN
[2010/07/03 07:17:09 | 000,000,252 | ---- | C] () -- C:\Windows\System32\AP6RMJX.BIN
[2010/07/03 07:17:09 | 000,000,252 | ---- | C] () -- C:\Windows\System32\AP6RMJH.BIN
[2010/07/03 07:17:09 | 000,000,238 | ---- | C] () -- C:\Windows\System32\AP6RMFP.BIN
[2010/07/03 07:17:09 | 000,000,189 | ---- | C] () -- C:\Windows\System32\AP6RMKS.BIN
[2010/07/03 07:17:09 | 000,000,126 | ---- | C] () -- C:\Windows\System32\AP6RMHR.BIN
[2010/07/03 07:15:45 | 000,049,152 | ---- | C] () -- C:\Windows\System32\AVerIO.dll
[2010/07/03 07:15:45 | 000,003,456 | ---- | C] () -- C:\Windows\System32\AVerIO.sys
[2010/07/03 07:15:36 | 000,606,208 | ---- | C] () -- C:\Windows\System32\sptlib21.dll
[2010/07/03 07:15:36 | 000,311,296 | ---- | C] () -- C:\Windows\System32\sptlib01.dll
[2010/07/03 07:15:36 | 000,294,912 | ---- | C] () -- C:\Windows\System32\sptlib11.dll
[2010/07/03 07:15:36 | 000,290,816 | ---- | C] () -- C:\Windows\System32\sptlib22.dll
[2010/07/03 07:15:36 | 000,249,856 | ---- | C] () -- C:\Windows\System32\sptlib03.dll
[2010/07/03 07:15:36 | 000,225,280 | ---- | C] () -- C:\Windows\System32\sptlib02.dll
[2010/07/03 07:15:36 | 000,135,168 | ---- | C] () -- C:\Windows\System32\sptlib12.dll
[2010/02/22 18:39:28 | 000,035,541 | ---- | C] () -- C:\Users\Florian\AppData\Roaming\nvModes.001
[2010/02/22 18:39:26 | 000,035,541 | ---- | C] () -- C:\Users\Florian\AppData\Roaming\nvModes.dat
[2009/10/22 10:42:27 | 000,117,248 | ---- | C] () -- C:\Windows\System32\EhStorAuthn.dll
[2009/10/22 10:42:27 | 000,107,612 | ---- | C] () -- C:\Windows\System32\StructuredQuerySchema.bin
[2009/08/30 06:10:38 | 000,000,000 | ---- | C] () -- C:\Windows\nsreg.dat
[2008/10/24 12:26:02 | 000,000,145 | ---- | C] () -- C:\Windows\BRVIDEO.INI
[2008/10/24 12:26:02 | 000,000,023 | ---- | C] () -- C:\Windows\Brownie.ini
[2008/10/24 12:26:02 | 000,000,000 | ---- | C] () -- C:\Windows\brmx2001.ini
[2008/10/24 12:25:54 | 000,000,114 | ---- | C] () -- C:\Windows\System32\brlmw03a.ini
[2008/10/24 12:25:53 | 000,008,981 | ---- | C] () -- C:\Windows\HL-2030.INI
[2008/10/24 12:25:05 | 000,000,432 | ---- | C] () -- C:\Windows\BRWMARK.INI
[2008/10/24 12:25:05 | 000,000,034 | ---- | C] () -- C:\Windows\System32\BD2030.DAT
[2008/10/11 15:00:37 | 000,000,680 | ---- | C] () -- C:\Users\Nina\AppData\Local\d3d9caps.dat
[2008/08/19 21:01:08 | 000,018,904 | ---- | C] () -- C:\Windows\System32\StructuredQuerySchemaTrivial.bin
[2008/07/20 22:01:29 | 000,000,056 | -H-- | C] () -- C:\ProgramData\ezsidmv.dat
[2008/03/13 05:52:12 | 000,001,025 | ---- | C] () -- C:\Windows\System32\sysprs7.dll
[2008/03/13 05:52:12 | 000,000,205 | ---- | C] () -- C:\Windows\System32\lsprst7.dll
[2007/12/31 14:48:57 | 000,000,049 | ---- | C] () -- C:\Windows\NeroDigital.ini
[2007/12/26 13:52:08 | 000,052,566 | ---- | C] () -- C:\Users\Nina\AppData\Roaming\nvModes.001
[2007/12/25 11:47:44 | 000,052,566 | ---- | C] () -- C:\Users\Nina\AppData\Roaming\nvModes.dat
[2007/12/25 07:49:10 | 000,000,032 | ---- | C] () -- C:\ProgramData\ezsid.dat
[2007/12/25 05:52:45 | 000,000,546 | ---- | C] () -- C:\Windows\System32\ABF3Sc.DAT
[2007/12/23 17:22:18 | 000,099,328 | ---- | C] () -- C:\Users\Nina\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2007/11/06 07:27:29 | 000,037,232 | ---- | C] () -- C:\Windows\ASScrProlog.exe
[2007/11/06 07:27:25 | 000,012,288 | ---- | C] () -- C:\Windows\impborl.dll
[2007/11/06 07:27:18 | 000,033,136 | ---- | C] () -- C:\Windows\ASScrPro.exe
[2007/11/06 07:21:52 | 000,045,056 | ---- | C] () -- C:\Windows\System32\acovcnt.exe
[2007/11/06 07:05:36 | 000,016,480 | ---- | C] () -- C:\Windows\System32\rixdicon.dll
[2007/05/24 22:15:15 | 001,743,232 | ---- | C] () -- C:\Windows\System32\drivers\snp2uvc.sys
[2007/05/09 03:16:39 | 000,028,160 | ---- | C] () -- C:\Windows\System32\drivers\sncduvc.sys
[2007/04/18 05:14:04 | 000,633,584 | ---- | C] () -- C:\Windows\System32\perfh007.dat
[2007/04/18 05:14:04 | 000,290,748 | ---- | C] () -- C:\Windows\System32\perfi007.dat
[2007/04/18 05:14:04 | 000,128,800 | ---- | C] () -- C:\Windows\System32\perfc007.dat
[2007/04/18 05:14:04 | 000,036,916 | ---- | C] () -- C:\Windows\System32\perfd007.dat
[2007/04/18 05:06:01 | 000,000,010 | ---- | C] () -- C:\Windows\System32\ABLKSR.ini
[2007/04/18 04:33:08 | 000,000,012 | ---- | C] () -- C:\Windows\bthservsdp.dat
[2007/04/16 15:31:38 | 000,999,424 | ---- | C] () -- C:\Windows\System32\WLIHVUI.dll
[2006/11/02 08:57:28 | 000,067,584 | --S- | C] () -- C:\Windows\bootstat.dat
[2006/11/02 08:47:37 | 000,380,544 | ---- | C] () -- C:\Windows\System32\FNTCACHE.DAT
[2006/11/02 08:35:32 | 000,005,632 | ---- | C] () -- C:\Windows\System32\sysprepMCE.dll
[2006/11/02 06:33:01 | 000,600,142 | ---- | C] () -- C:\Windows\System32\perfh009.dat
[2006/11/02 06:33:01 | 000,287,440 | ---- | C] () -- C:\Windows\System32\perfi009.dat
[2006/11/02 06:33:01 | 000,106,018 | ---- | C] () -- C:\Windows\System32\perfc009.dat
[2006/11/02 06:33:01 | 000,030,674 | ---- | C] () -- C:\Windows\System32\perfd009.dat
[2006/11/02 06:23:21 | 000,215,943 | ---- | C] () -- C:\Windows\System32\dssec.dat
[2006/11/02 04:58:30 | 000,043,131 | ---- | C] () -- C:\Windows\mib.bin
[2006/11/02 04:19:00 | 000,000,741 | ---- | C] () -- C:\Windows\System32\NOISE.DAT
[2006/11/02 03:40:29 | 000,013,750 | ---- | C] () -- C:\Windows\System32\pacerprf.ini
[2006/11/02 03:25:31 | 000,673,088 | ---- | C] () -- C:\Windows\System32\mlang.dat
[2006/03/08 22:57:59 | 001,060,424 | ---- | C] () -- C:\Windows\System32\WdfCoInstaller01000.dll
 
========== LOP Check ==========
 
[2010/02/14 08:41:53 | 000,000,000 | ---D | M] -- C:\Users\Florian\AppData\Roaming\Teleca
[2011/12/06 16:12:44 | 000,000,000 | ---D | M] -- C:\Users\Nina\AppData\Roaming\.minecraft
[2009/11/04 03:52:55 | 000,000,000 | ---D | M] -- C:\Users\Nina\AppData\Roaming\Academic Software Zurich
[2012/10/02 18:12:19 | 000,000,000 | ---D | M] -- C:\Users\Nina\AppData\Roaming\Acronis
[2011/12/11 07:27:08 | 000,000,000 | ---D | M] -- C:\Users\Nina\AppData\Roaming\Audacity
[2009/10/31 05:55:29 | 000,000,000 | ---D | M] -- C:\Users\Nina\AppData\Roaming\DAEMON Tools Lite
[2011/07/10 10:12:46 | 000,000,000 | ---D | M] -- C:\Users\Nina\AppData\Roaming\ScummVM
[2009/09/04 15:03:29 | 000,000,000 | ---D | M] -- C:\Users\Nina\AppData\Roaming\Teleca
[2009/08/30 06:10:37 | 000,000,000 | ---D | M] -- C:\Users\Nina\AppData\Roaming\Thunderbird
[2012/10/02 18:11:17 | 000,000,000 | ---D | M] -- C:\ProgramData\Acronis
[2006/11/02 09:02:03 | 000,000,000 | -HSD | M] -- C:\ProgramData\Application Data
[2007/12/31 14:48:15 | 000,000,000 | ---D | M] -- C:\ProgramData\ASUS
[2010/07/03 07:17:29 | 000,000,000 | ---D | M] -- C:\ProgramData\AVerTV
[2009/10/31 05:37:36 | 000,000,000 | ---D | M] -- C:\ProgramData\DAEMON Tools Lite
[2006/11/02 09:02:03 | 000,000,000 | -HSD | M] -- C:\ProgramData\Desktop
[2006/11/02 09:02:03 | 000,000,000 | -HSD | M] -- C:\ProgramData\Documents
[2006/11/02 09:02:03 | 000,000,000 | -HSD | M] -- C:\ProgramData\Favorites
[2009/12/26 06:13:24 | 000,000,000 | ---D | M] -- C:\ProgramData\Mindjet
[2007/11/06 07:10:24 | 000,000,000 | ---D | M] -- C:\ProgramData\P4G
[2006/11/02 09:02:03 | 000,000,000 | -HSD | M] -- C:\ProgramData\Start Menu
[2009/09/03 11:57:14 | 000,000,000 | ---D | M] -- C:\ProgramData\Teleca
[2006/11/02 09:02:04 | 000,000,000 | -HSD | M] -- C:\ProgramData\Templates
[2011/04/28 08:37:55 | 000,000,000 | ---D | M] -- C:\ProgramData\WindowsSearch
[2007/11/06 06:12:40 | 000,000,000 | ---D | M] -- C:\ProgramData\{623D32E9-0C62-4453-AD44-98B31F52A5E1}
[2010/02/28 06:39:32 | 000,000,000 | ---D | M] -- C:\ProgramData\{755AC846-7372-4AC8-8550-C52491DAA8BD}
[2012/10/10 02:21:43 | 000,032,632 | ---- | M] () -- C:\Windows\Tasks\SCHEDLGU.TXT
 
========== Purity Check ==========
 
 
< End of report >

DerJazzer 16.10.2012 16:45
Hi :)

Lese bitte folgende Anweisungen genau. Wir wollen hier noch nichts "fixen" sondern nur einen Scan Report sehen.
Downloade dir bitte TDSSKiller.exe und speichere diese Datei auf dem Desktop
  • Starte die TDSSKiller.exe
  • Klicke auf Change Parameters und aktiviere alle Kontrollkästchen. Klicke auf OK.
  • Drücke Start Scan
  • Sollten infizierte Objekte gefunden werden, wähle keinesfalls Cure. Wähle Skip und speichere das Logfile. TDSSKiller wird eine Logfile auf deinem Systemlaufwerk speichern ( Meistens C:\ ) Als Beispiel: C:\TDSSKiller.<version_date_time>log.txt
Poste den Inhalt bitte hier in deinen Thread.

SatanasOz 17.10.2012 00:01
Log gekürzt, volles Log im Anhang

Code:
11:39:47.0780 5256  TDSS rootkit removing tool 2.8.13.0 Oct 12 2012 17:26:47
11:39:48.0880 5256  ============================================================
11:39:48.0880 5256  Current date / time: 2012/10/17 11:39:48.0880
11:39:48.0880 5256  SystemInfo:
11:39:48.0880 5256 
11:39:48.0880 5256  OS Version: 6.0.6002 ServicePack: 2.0
11:39:48.0881 5256  Product type: Workstation
11:39:48.0881 5256  ComputerName: NINA-PC
11:39:48.0881 5256  UserName: Nina
11:39:48.0881 5256  Windows directory: C:\Windows
11:39:48.0881 5256  System windows directory: C:\Windows
11:39:48.0881 5256  Processor architecture: Intel x86
11:39:48.0881 5256  Number of processors: 2
11:39:48.0881 5256  Page size: 0x1000
11:39:48.0881 5256  Boot type: Normal boot
11:39:48.0882 5256  ============================================================
11:39:49.0002 5256  BG loaded
11:39:49.0653 5256  Drive \Device\Harddisk0\DR0 - Size: 0x3A38B2E000 (232.89 Gb), SectorSize: 0x200, Cylinders: 0x3A38B, SectorsPerTrack: 0x20, TracksPerCylinder: 0x40, Type 'K0', Flags 0x00000050
11:39:49.0677 5256  Drive \Device\Harddisk1\DR2 - Size: 0x3C780000 (0.94 Gb), SectorSize: 0x200, Cylinders: 0x7B, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'W'
11:39:49.0679 5256  ============================================================
11:39:49.0679 5256  \Device\Harddisk0\DR0:
11:39:49.0679 5256  MBR partitions:
11:39:49.0679 5256  \Device\Harddisk0\DR0\Partition1: MBR, Type 0x7, StartLBA 0xDAC800, BlocksNum 0xE8E2800
11:39:49.0692 5256  \Device\Harddisk0\DR0\Partition2: MBR, Type 0x7, StartLBA 0xF68F800, BlocksNum 0xDB35800
11:39:49.0693 5256  \Device\Harddisk1\DR2:
11:39:49.0694 5256  MBR partitions:
11:39:49.0694 5256  \Device\Harddisk1\DR2\Partition1: MBR, Type 0x6, StartLBA 0x20, BlocksNum 0x1E3BE0
11:39:49.0694 5256  ============================================================
11:39:49.0769 5256  C: <-> \Device\Harddisk0\DR0\Partition1
11:39:49.0859 5256  D: <-> \Device\Harddisk0\DR0\Partition2
11:39:49.0860 5256  ============================================================
11:39:49.0860 5256  Initialize success
11:39:49.0860 5256  ============================================================
11:39:59.0820 5872  ============================================================
11:39:59.0820 5872  Scan started
11:39:59.0821 5872  Mode: Manual; SigCheck; TDLFS;
11:39:59.0821 5872  ============================================================
11:40:04.0760 5872  ================ Scan system memory ========================
11:40:04.0761 5872  System memory - ok
11:40:04.0761 5872  ================ Scan services =============================
11:40:06.0098 5872  [ 82B296AE1892FE3DBEE00C9CF92F8AC7 ] ACPI            C:\Windows\system32\drivers\acpi.sys
11:40:06.0386 5872  ACPI - ok
11:40:06.0847 5872  [ FE1E7BDA5639D5EC9BD575137D0C3516 ] AcrSch2Svc      C:\Program Files\Common Files\Acronis\Schedule2\schedul2.exe
11:40:07.0079 5872  AcrSch2Svc - ok
...
11:49:59.0250 4400  C:\Windows\System32\wsqmcons.exe - ok
11:49:59.0261 4400  [ 8A38B5E8493A9D103083B8620AC5F3A1 ] C:\Windows\System32\tdh.dll
11:49:59.0261 4400  C:\Windows\System32\tdh.dll - ok
11:49:59.0268 4400  [ 2A965923FE3D6D5119A770D9B40B1C16 ] C:\Program Files\ASUS\ASUS Live Update\LiveUpdt.exe
11:49:59.0268 4400  C:\Program Files\ASUS\ASUS Live Update\LiveUpdt.exe - ok
11:49:59.0272 4400  ============================================================
11:49:59.0272 4400  Scan finished
11:49:59.0272 4400  ============================================================
11:49:59.0287 3684  Detected object count: 11
11:49:59.0287 3684  Actual detected object count: 11
11:51:43.0665 3684  ASLDRService ( UnsignedFile.Multi.Generic ) - skipped by user
11:51:43.0665 3684  ASLDRService ( UnsignedFile.Multi.Generic ) - User select action: Skip
11:51:43.0665 3684  ASMMAP ( UnsignedFile.Multi.Generic ) - skipped by user
11:51:43.0665 3684  ASMMAP ( UnsignedFile.Multi.Generic ) - User select action: Skip
11:51:43.0668 3684  ATKGFNEXSrv ( UnsignedFile.Multi.Generic ) - skipped by user
11:51:43.0668 3684  ATKGFNEXSrv ( UnsignedFile.Multi.Generic ) - User select action: Skip
11:51:43.0670 3684  AVerAF15DMBTH ( UnsignedFile.Multi.Generic ) - skipped by user
11:51:43.0670 3684  AVerAF15DMBTH ( UnsignedFile.Multi.Generic ) - User select action: Skip
11:51:43.0672 3684  AVerRemote ( UnsignedFile.Multi.Generic ) - skipped by user
11:51:43.0672 3684  AVerRemote ( UnsignedFile.Multi.Generic ) - User select action: Skip
11:51:43.0674 3684  AVerScheduleService ( UnsignedFile.Multi.Generic ) - skipped by user
11:51:43.0674 3684  AVerScheduleService ( UnsignedFile.Multi.Generic ) - User select action: Skip
11:51:43.0677 3684  EvtEng ( UnsignedFile.Multi.Generic ) - skipped by user
11:51:43.0678 3684  EvtEng ( UnsignedFile.Multi.Generic ) - User select action: Skip
11:51:43.0681 3684  ghaio ( UnsignedFile.Multi.Generic ) - skipped by user
11:51:43.0681 3684  ghaio ( UnsignedFile.Multi.Generic ) - User select action: Skip
11:51:43.0688 3684  LightScribeService ( UnsignedFile.Multi.Generic ) - skipped by user
11:51:43.0688 3684  LightScribeService ( UnsignedFile.Multi.Generic ) - User select action: Skip
11:51:43.0692 3684  RegSrvc ( UnsignedFile.Multi.Generic ) - skipped by user
11:51:43.0692 3684  RegSrvc ( UnsignedFile.Multi.Generic ) - User select action: Skip
11:51:43.0696 3684  spmgr ( UnsignedFile.Multi.Generic ) - skipped by user
11:51:43.0696 3684  spmgr ( UnsignedFile.Multi.Generic ) - User select action: Skip

schrauber 18.10.2012 17:39
Hi,

ich übernehme ab hier, da DerJazzer sehr beschäftigt ist im Moment.

Beschreibe bitte was für Probleme noch mit dem System bestehen.

SatanasOz 18.10.2012 21:55
Soweit ich erkennen kann, scheinen alle Anzeichen einer Infektion beseitigt zu sein. MSE läuft wieder. Windows update konnte wiederhergestellt werden.

Jetzt bleibt noch die Firewall und das Sicherheitscenter. Die Firewall lässt sich mit Fehler 5 nicht mehr aktivieren, ebenso der Sicherheitscenterdienst.

Leider habe ich keine passendes deutsches Windows Vista Home Pemium incl. SP2 Medium hier, um ein inplace Upgrade zu machen.

schrauber 19.10.2012 16:26
Downloade dir bitte Farbar's Service Scanner
  • Starte das Tool mit Doppelklick auf die FSS.exe
  • Gehe sicher, dass folgende Optionen angehakt sind.
    • Internet Services
    • Windows Firewall
    • System Restore
    • Security Center/Action Center
    • Windows Update
    • Windows Defender
    • Other Services
  • Klicke auf Scan.
  • Wenn das Tool fertig ist, wird es eine FSS.txt in dem Verzeichnis erstellen, wo das Tool gelaufen ist.
Poste bitte den Inhalt hier.

SatanasOz 20.10.2012 01:35
Code:
Farbar Service Scanner Version: 19-10-2012
Ran by Nina (administrator) on 20-10-2012 at 12:14:10
Running from "G:\"
Microsoft® Windows Vista™ Home Premium  Service Pack 2 (X86)
Boot Mode: Normal
****************************************************************

Internet Services:
============

Connection Status:
==============
Localhost is accessible.
LAN connected.
Google IP is accessible.
Google.com is accessible.
Yahoo IP is accessible.
Yahoo.com is accessible.


Windows Firewall:
=============
MpsSvc Service is not running. Checking service configuration:
The start type of MpsSvc service is OK.
The ImagePath of MpsSvc service is OK.
The ServiceDll of MpsSvc service is OK.


Firewall Disabled Policy:
==================


System Restore:
============

System Restore Disabled Policy:
========================


Security Center:
============
wscsvc Service is not running. Checking service configuration:
Checking Start type: ATTENTION!=====> Unable to open wscsvc registry key. The service key does not exist.
Checking ImagePath: ATTENTION!=====> Unable to open wscsvc registry key. The service key does not exist.
Checking ServiceDll: ATTENTION!=====> Unable to open wscsvc registry key. The service key does not exist.


Windows Update:
============

Windows Autoupdate Disabled Policy:
============================


Windows Defender:
==============
WinDefend Service is not running. Checking service configuration:
Checking Start type: ATTENTION!=====> Unable to open WinDefend registry key. The service key does not exist.
Checking ImagePath: ATTENTION!=====> Unable to open WinDefend registry key. The service key does not exist.
Checking ServiceDll: ATTENTION!=====> Unable to open WinDefend registry key. The service key does not exist.


Windows Defender Disabled Policy:
==========================
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows Defender]
"DisableAntiSpyware"=DWORD:1


Other Services:
==============
Checking Start type of SharedAccess: ATTENTION!=====> Unable to retrieve start type of SharedAccess. The value does not exist.
Checking ImagePath of SharedAccess: ATTENTION!=====> Unable to retrieve ImagePath of SharedAccess. The value does not exist.
Checking ServiceDll of SharedAccess: ATTENTION!=====> Unable to open SharedAccess registry key. The service key does not exist.


File Check:
========
C:\Windows\system32\nsisvc.dll => MD5 is legit
C:\Windows\system32\Drivers\nsiproxy.sys => MD5 is legit
C:\Windows\system32\dhcpcsvc.dll => MD5 is legit
C:\Windows\system32\Drivers\afd.sys => MD5 is legit
C:\Windows\system32\Drivers\tdx.sys => MD5 is legit
C:\Windows\system32\Drivers\tcpip.sys => MD5 is legit
C:\Windows\system32\dnsrslvr.dll => MD5 is legit
C:\Windows\system32\mpssvc.dll => MD5 is legit
C:\Windows\system32\bfe.dll => MD5 is legit
C:\Windows\system32\Drivers\mpsdrv.sys => MD5 is legit
C:\Windows\system32\SDRSVC.dll => MD5 is legit
C:\Windows\system32\vssvc.exe => MD5 is legit
C:\Windows\system32\wscsvc.dll => MD5 is legit
C:\Windows\system32\wbem\WMIsvc.dll => MD5 is legit
C:\Windows\system32\wuaueng.dll => MD5 is legit
C:\Windows\system32\qmgr.dll => MD5 is legit
C:\Windows\system32\es.dll => MD5 is legit
C:\Windows\system32\cryptsvc.dll
[2012-10-17 11:55] - [2012-06-02 13:02] - 0133120 ____A (Microsoft Corporation) F1E8C34892336D33EDDCDFE44E474F64

C:\Program Files\Windows Defender\MpSvc.dll => MD5 is legit
C:\Windows\system32\ipnathlp.dll
[2008-07-29 13:05] - [2008-01-19 20:34] - 0288256 ____A (Microsoft Corporation) E1499BD0FF76B1B2FBBF1AF339D91165

C:\Windows\system32\svchost.exe => MD5 is legit
C:\Windows\system32\rpcss.dll => MD5 is legit


**** End of log ****

schrauber 20.10.2012 14:49
http://download.bleepingcomputer.com...aredAccess.reg
http://download.bleepingcomputer.com.../WinDefend.reg
http://download.bleepingcomputer.com...sta/wscsvc.reg

dies drei Dateien laden auf den Desktop und mit Doppelklick ausführen, Meldung bestätigen, Reboot, neues FSS Logfile.

Noch Probleme? :)

SatanasOz 21.10.2012 02:13
zum Knuuuutschen!!! :applaus:

Danke sehr ... das sieht sehr sehr gut aus. Kein Scanner schlägt mehr an, die Tools laufen wieder.

FSS zeigt nix mehr ausser den Defender ... nach einer Sekunde nachdenken ist mir dann auch der Grund (MSE) eingefallen.

:daumenhoc

schrauber 21.10.2012 05:45
Supi :)


AdwCleaner öffnen > Uninstall

Windows-Taste+R > Combofix /Uninstall > Enter

OTL öffnen > Button Bereinigung drücken



Hier noch ein paar Tipps zur Absicherung deines Systems.


Ich kann garnicht zu oft erwähnen, wie wichtig es ist, dass dein System Up to Date ist.
  • Bitte überprüfe ob dein System Windows Updates automatisch herunter lädt
  • Windows Updates
    • Windows XP: Start --> Systemsteuerung --> Doppelklick auf Automatische Updates
    • Windows Vista / 7: Start --> Systemsteuerung --> System und Sicherheit --> Automatische Updates aktivieren oder deaktivieren
  • Gehe sicher das die automatischen Updates aktiviert sind.
  • Software Updates
    Installierte Software kann ebenfalls Sicherheitslücken haben, welche Malware nutzen kann, um dein System zu infizieren.
    Um deine Installierte Software up to date zu halten, empfehle ich dir Secunia Online Software.


Anti- Viren Software
  • Gehe sicher immer eine Anti Viren Software installiert zu haben und das diese auch up to date ist. Es ist nämlich nutzlos wenn diese out of date sind.


Zusätzlicher Schutz
  • MalwareBytes Anti Malware
    Dies ist eines der besten Anti-Malware Tools auf dem Markt. Es ist ein On- Demond Scan Tool welches viele aktuelle Malware erkennt und auch entfernt.
    Update das Tool und lass es einmal in der Woche laufen. Die Kaufversion biete zudem noch einen Hintergrundwächter.
    Ein Tutorial zur Verwendung findest Du hier.
  • WinPatrol
    Diese Software macht einen Snapshot deines Systems und warnt dich vor eventuellen Änderungen. Downloade dir die Freeware Version von hier.


Sicheres Browsen
  • SpywareBlaster
    Eine kurze Einführung findest du Hier
  • MVPs hosts file
    Ein Tutorial findest Du hier. Leider habe ich bis jetzt kein deutschsprachiges gefunden.
  • WOT (Web of trust)
    Dieses AddOn warnt Dich bevor Du eine als schädlich gemeldete Seite besuchst.


Alternative Browser

Andere Browser tendieren zu etwas mehr Sicherheit als der IE, da diese keine Active X Elemente verwenden. Diese können von Spyware zur Infektion deines Systems missbraucht werden.
  • Opera
  • Mozilla Firefox.
    • Hinweis: Für diesen Browser habe ich hier ein paar nützliche Add Ons
    • NoScript
      Dieses AddOn blockt JavaScript, Java and Flash und andere Plugins. Sie werden nur dann ausgeführt wenn Du es bestätigst.
    • AdblockPlus
      Dieses AddOn blockt die meisten Werbung von selbst. Ein Rechtsklick auf den Banner um diesen zu AdBlockPlus hinzu zu fügen reicht und dieser wird nicht mehr geladen.
      Es spart ausserdem Downloadkapazität.

Performance
Bereinige regelmäßig deine Temp Files. Ich empfehle hierzu TFC
Halte dich fern von jedlichen Registry Cleanern.
Diese Schaden deinem System mehr als sie helfen. Hier ein paar ( englishe ) Links
Miekemoes Blogspot ( MVP )
Bill Castner ( MVP )



Don'ts
  • Klicke nicht auf alles nur weil es Dich dazu auffordert und schön bunt ist.
  • verwende keine peer to peer oder Filesharing Software (Emule, uTorrent,..)
  • Lass die Finger von Cracks, Keygens, Serials oder anderer illegaler Software.
  • Öffne keine Anhänge von Dir nicht bekannten Emails. Achte vor allem auf die Dateiendung wie zb deinFoto.jpg.exe
Nun bleibt mir nur noch dir viel Spass beim sicheren Surfen zu wünschen.

Hinweis: Bitte gib mir eine kurze Rückmeldung wenn alles erledigt ist und keine Fragen mehr vorhanden sind, so das ich diesen Thread aus meinen Abos löschen kann.


Alle Zeitangaben in WEZ +1. Es ist jetzt 09:04 Uhr.

Copyright ©2000-2024, Trojaner-Board


Search Engine Optimization by vBSEO ©2011, Crawlability, Inc.

1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28 29 30 31 32 33 34 35 36 37 38 39 40 41 42 43 44 45 46 47 48 49 50 51 52 53 54 55 56 57 58 59 60 61 62 63 64 65 66 67 68 69 70 71 72 73 74 75 76 77 78 79 80 81 82 83 84 85 86 87 88 89 90 91 92 93 94 95 96 97 98 99 100 101 102 103 104 105 106 107 108 109 110 111 112 113 114 115 116 117 118 119 120 121 122 123 124 125 126 127 128 129