Trojaner-Board
Seite 1 von 2 1 2
100 Beiträge dieses Themas auf einer Seite anzeigen

Trojaner-Board (https://www.trojaner-board.de/)
-   Plagegeister aller Art und deren Bekämpfung (https://www.trojaner-board.de/plagegeister-aller-art-deren-bekaempfung/)
-   -   BKA-Trojaner; Offline-Scanner findet keine Viren, Online-Scanner jedoch... (https://www.trojaner-board.de/108437-bka-trojaner-offline-scanner-findet-keine-viren-online-scanner-jedoch.html)

Paclib 22.01.2012 14:35
BKA-Trojaner; Offline-Scanner findet keine Viren, Online-Scanner jedoch...
 
Hallo.

Mein Laptop hat vorgestern einen BKA-Trojaner bekommen.

Ich konnte meinen Laptop nicht mehr nutzen, ich schaltete das Laptop aus,
später konnte ich ihn wieder normal öffnen. Jedoch kam die Fehlermeldung,
dass wpbt0.dll nicht funktioniert.

Ich startete gleich danach die Avira, um das Virus ausfindig zu machen.
Sie sind ausfindig gemacht worden. Da waren 2 Viren. In die Quarantäne versetzt worden. Ich habe sie dann gelöscht.
Das könnt ihr im Text "avira" einsehen. In dem Text seht ihr den einen Virus Leider finde ich in Berichte von Avira den anderen Virus nicht mehr. Dieser Virus war in einer PDF-Datei, irgendetwas mit q.....pdf, in einer Cache.

Bevor mit fsescure startete, habe ich auch noch malwarebytes genommen. da wurde auch einiges gefunden. Ebenfalls unter "malwarebytes" einzusehen.

Ich startete dann nochmal einen Scancheck via Online.
Bei Eset wurde keine gefunden, ich dachte, ich check sicherheitshalber nochmal mit einer anderen. F-Secure fand dann einen. Das könnt ihr auch einsehen in Text "fsecure".

Hm... ich hätte wohl nichts machen sollen und gleich an euch wenden sollen. Ich dachte, das Programm macht es schon. Seufz...

Da kam ich zu eurer Seite, machte also defogger, otl und gmer.
defogger startete nicht neu, und keine fehlermeldung kam raus. ich hoffe, da stimmt alles.

Anbei auch, wie von euch gebeten, die drei Texte von defooger, otl und gmer.

Ich hoffe, ihr wisst, was ich noch zu tun habe...

Hm... Das war alles...

cosinus 23.01.2012 14:26
Bitte nun routinemäßig einen Vollscan mit malwarebytes machen und Log posten.
Denk daran, dass Malwarebytes vor jedem Scan manuell aktualisiert werden muss! Außerdem müssen alle Funde entfernt werden.

Falls Logs aus älteren Scans mit Malwarebytes vorhanden sind, bitte auch davon alle posten!



ESET Online Scanner

  • Hier findest du eine bebilderte Anleitung zu ESET Online Scanner
  • Lade und starte Eset Online Scanner
  • Setze einen Haken bei Ja, ich bin mit den Nutzungsbedingungen einverstanden und klicke auf Starten.
  • Aktiviere die "Erkennung von eventuell unerwünschten Anwendungen" und wähle folgende Einstellungen.
  • Klicke auf Starten.
  • Die Signaturen werden heruntergeladen, der Scan beginnt automatisch.
  • Klicke am Ende des Suchlaufs auf Fertig stellen.
  • Schließe das Fenster von ESET.
  • Explorer öffnen.
  • C:\Programme\Eset\EsetOnlineScanner\log.txt (bei 64 Bit auch C:\Programme (x86)\Eset\EsetOnlineScanner\log.txt) suchen und mit Deinem Editor öffnen (bebildert).
  • Logfile hier posten.
  • Deinstallation: Systemsteuerung => Software / Programme deinstallieren => Eset Online Scanner V3 entfernen.
  • Manuell folgenden Ordner löschen und Papierkorb leeren => C:\Programme\Eset





Bitte alles nach Möglichkeit hier in CODE-Tags posten.

Wird so gemacht:

[code] hier steht das Log [/code]

Und das ganze sieht dann so aus:

Code:
hier steht das Log

Paclib 23.01.2012 18:54
Hallo.

Vielen Dank für die Antwort.

Hier sind die Ergebnisse:

Malwarebytes:

Code:
Malwarebytes Anti-Malware (Test) 1.60.0.1800
www.malwarebytes.org

Datenbank Version: v2012.01.23.03

Windows 7 x86 NTFS
Internet Explorer 8.0.7600.16385
MR :: MR-PC [Administrator]

Schutz: Aktiviert

23.01.2012 15:44:37
mbam-log-2012-01-23 (15-44-37).txt

Art des Suchlaufs: Vollständiger Suchlauf
Aktivierte Suchlaufeinstellungen: Speicher | Autostart | Registrierung | Dateisystem | Heuristiks/Extra | HeuristiKs/Shuriken | PUP | PUM
Deaktivierte Suchlaufeinstellungen: P2P
Durchsuchte Objekte: 261315
Laufzeit: 47 Minute(n), 58 Sekunde(n)

Infizierte Speicherprozesse: 0
(Keine bösartigen Objekte gefunden)

Infizierte Speichermodule: 0
(Keine bösartigen Objekte gefunden)

Infizierte Registrierungsschlüssel: 0
(Keine bösartigen Objekte gefunden)

Infizierte Registrierungswerte: 0
(Keine bösartigen Objekte gefunden)

Infizierte Dateiobjekte der Registrierung: 0
(Keine bösartigen Objekte gefunden)

Infizierte Verzeichnisse: 0
(Keine bösartigen Objekte gefunden)

Infizierte Dateien: 0
(Keine bösartigen Objekte gefunden)

(Ende)
Und hier der erste Scan von Malwarebytes:

Code:
Malwarebytes Anti-Malware (Test) 1.60.0.1800
www.malwarebytes.org

Datenbank Version: v2012.01.21.02

Windows 7 x86 NTFS
Internet Explorer 8.0.7600.16385
MR :: MR-PC [Administrator]

Schutz: Aktiviert

21.01.2012 21:21:04
mbam-log-2012-01-21 (21-21-04).txt

Art des Suchlaufs: Quick-Scan
Aktivierte Suchlaufeinstellungen: Speicher | Autostart | Registrierung | Dateisystem | Heuristiks/Extra | HeuristiKs/Shuriken | PUP | PUM
Deaktivierte Suchlaufeinstellungen: P2P
Durchsuchte Objekte: 163780
Laufzeit: 6 Minute(n), 4 Sekunde(n)

Infizierte Speicherprozesse: 0
(Keine bösartigen Objekte gefunden)

Infizierte Speichermodule: 0
(Keine bösartigen Objekte gefunden)

Infizierte Registrierungsschlüssel: 0
(Keine bösartigen Objekte gefunden)

Infizierte Registrierungswerte: 1
HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Run|Update (Exploit.Drop) -> Daten: C:\Users\MR\AppData\Roaming\wpbt0.dll -> Erfolgreich gelöscht und in Quarantäne gestellt.

Infizierte Dateiobjekte der Registrierung: 0
(Keine bösartigen Objekte gefunden)

Infizierte Verzeichnisse: 0
(Keine bösartigen Objekte gefunden)

Infizierte Dateien: 1
C:\Users\MR\AppData\Roaming\wpbt0.dll (Exploit.Drop) -> Erfolgreich gelöscht und in Quarantäne gestellt.

(Ende)

Hier Eset-Scan:

Code:
ESETSmartInstaller@High as CAB hook log:
OnlineScanner.ocx - registred OK
esets_scanner_update returned -1 esets_gle=53251
Ich versteh den Inhalt von diesem log-datei nicht, daher hab ich sicherheitshalber die 2 funde von eset mit den viren hier:

Code:
C:\Windows\Installer\e3ae.msi        a variant of Win32/Adware.Toolbar.Dealio application
D:\MR-PC\Backup Set 2012-01-07 152733\Backup Files 2012-01-07 152733\Backup files 3.zip        multiple threats
Und? Was jetzt?

cosinus 23.01.2012 21:32
Du hast ESET garantiert so ausgeführt:

Anmerkung für Vista und Win7 User: Bitte den Browser unbedingt so öffnen: per Rechtsklick => als Administrator ausführen

Das Log sieht nämlich nicht danach aus

Paclib 24.01.2012 16:16
Hallo.

Diesmal hat der eset-scan funktioniert. hier das ergebnis:


Code:
ESETSmartInstaller@High as CAB hook log:
OnlineScanner.ocx - registred OK
esets_scanner_update returned -1 esets_gle=53251
# version=7
# iexplore.exe=8.00.7600.16385 (win7_rtm.090713-1255)
# OnlineScanner.ocx=1.0.0.6583
# api_version=3.0.2
# EOSSerial=4bd3a822f3e8d940a56dc8dbe543d090
# end=finished
# remove_checked=false
# archives_checked=true
# unwanted_checked=true
# unsafe_checked=false
# antistealth_checked=true
# utc_time=2012-01-24 02:59:07
# local_time=2012-01-24 03:59:07 (+0100, Mitteleuropäische Zeit)
# country="Germany"
# lang=1033
# osver=6.1.7600 NT
# compatibility_mode=1792 16777215 100 0 8832849 8832849 0 0
# compatibility_mode=5893 16776573 100 94 4072 79849269 0 0
# compatibility_mode=8192 67108863 100 0 281549 281549 0 0
# scanned=104410
# found=2
# cleaned=0
# scan_time=6643
C:\Windows\Installer\e3ae.msi        a variant of Win32/Adware.Toolbar.Dealio application (unable to clean)        00000000000000000000000000000000        I
D:\MR-PC\Backup Set 2012-01-07 152733\Backup Files 2012-01-07 152733\Backup files 3.zip        multiple threats (unable to clean)        00000000000000000000000000000000        I
und jetzt???

cosinus 24.01.2012 16:19
Du brauchst nicht nach jedem Posting zu fragen "was jetzt ist"
Wie es weiter geht weiß ich aus den Logs und nicht aus der Frage :pfeiff:

Mach bitte ein neues OTL-Log. Bitte alles nach Möglichkeit hier in CODE-Tags posten.

Wird so gemacht:

[code] hier steht das Log [/code]

Und das ganze sieht dann so aus:

Code:
hier steht das Log
CustomScan mit OTL

Falls noch nicht vorhanden, lade Dir bitte OTL von Oldtimer herunter und speichere es auf Deinem Desktop
Code:
netsvcs
msconfig
safebootminimal
safebootnetwork
activex
drivers32
%ALLUSERSPROFILE%\Application Data\*.
%ALLUSERSPROFILE%\Application Data\*.exe /s
%APPDATA%\*.
%APPDATA%\*.exe /s
%SYSTEMDRIVE%\*.exe
/md5start
wininit.exe
userinit.exe
eventlog.dll
scecli.dll
netlogon.dll
cngaudit.dll
ws2ifsl.sys
sceclt.dll
ntelogon.dll
winlogon.exe
logevent.dll
user32.DLL
iaStor.sys
nvstor.sys
atapi.sys
IdeChnDr.sys
viasraid.sys
AGP440.sys
vaxscsi.sys
nvatabus.sys
viamraid.sys
nvata.sys
nvgts.sys
iastorv.sys
ViPrt.sys
eNetHook.dll
ahcix86.sys
KR10N.sys
nvstor32.sys
ahcix86s.sys
/md5stop
%systemroot%\system32\drivers\*.sys /lockedfiles
%systemroot%\System32\config\*.sav
%systemroot%\*. /mp /s
%systemroot%\system32\*.dll /lockedfiles
CREATERESTOREPOINT

Paclib 24.01.2012 17:13
Code:
OTL logfile created on: 24.01.2012 16:59:15 - Run 2
OTL by OldTimer - Version 3.2.31.0    Folder = C:\Users\MR\Downloads\Scan-Virus-Programme\otl
 Professional  (Version = 6.1.7600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.7600.16385)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
 
1,99 Gb Total Physical Memory | 1,22 Gb Available Physical Memory | 61,41% Memory free
3,98 Gb Paging File | 3,02 Gb Available in Paging File | 75,78% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 87,79 Gb Total Space | 40,87 Gb Free Space | 46,55% Space Free | Partition Type: NTFS
Drive D: | 61,16 Gb Total Space | 28,77 Gb Free Space | 47,05% Space Free | Partition Type: NTFS
 
Computer Name: MR-PC | User Name: MR | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Quick Scan
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days
 
========== Processes (SafeList) ==========
 
PRC - [2012.01.22 13:07:14 | 000,584,192 | ---- | M] (OldTimer Tools) -- C:\Users\MR\Downloads\Scan-Virus-Programme\otl\OTL.exe
PRC - [2012.01.11 09:31:33 | 000,735,608 | ---- | M] (BitTorrent, Inc.) -- C:\Programme\uTorrent\uTorrent.exe
PRC - [2012.01.04 10:11:21 | 000,020,480 | ---- | M] (RealNetworks, Inc.) -- C:\Programme\Real\RealPlayer\realplay.exe
PRC - [2011.12.24 17:50:18 | 000,652,872 | ---- | M] (Malwarebytes Corporation) -- C:\Programme\Malwarebytes' Anti-Malware\mbamservice.exe
PRC - [2011.12.24 17:50:18 | 000,460,872 | ---- | M] (Malwarebytes Corporation) -- C:\Programme\Malwarebytes' Anti-Malware\mbamgui.exe
PRC - [2011.10.11 14:00:02 | 000,080,336 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\Programme\Avira\AntiVir Desktop\avshadow.exe
PRC - [2011.10.11 13:59:49 | 000,086,224 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\Programme\Avira\AntiVir Desktop\sched.exe
PRC - [2011.10.11 13:59:37 | 000,258,512 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\Programme\Avira\AntiVir Desktop\avgnt.exe
PRC - [2011.10.11 13:59:37 | 000,110,032 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\Programme\Avira\AntiVir Desktop\avguard.exe
PRC - [2011.07.16 05:31:12 | 000,271,360 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\conhost.exe
PRC - [2011.02.26 06:33:07 | 002,614,784 | ---- | M] (Microsoft Corporation) -- C:\Windows\explorer.exe
PRC - [2010.10.02 03:50:36 | 000,557,568 | ---- | M] (Hauppauge Computer Works) -- C:\Programme\WinTV\TVServer\HauppaugeTVServer.exe
PRC - [2010.09.07 18:00:20 | 000,082,944 | ---- | M] (Hauppauge Computer Works, Inc.) -- C:\Programme\WinTV\WinTV7\WinTVTray.exe
PRC - [2010.01.15 13:49:20 | 000,255,536 | ---- | M] (McAfee, Inc.) -- C:\Programme\McAfee Security Scan\2.0.181\SSScheduler.exe
PRC - [2009.07.14 02:14:47 | 001,121,280 | ---- | M] (Microsoft Corporation) -- C:\Programme\Windows Media Player\wmpnetwk.exe
PRC - [2009.07.14 02:14:42 | 000,049,152 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\taskhost.exe
PRC - [2001.09.24 09:39:28 | 000,098,304 | ---- | M] (Logitech Inc.) -- C:\Programme\Common Files\Logitech\QCDriver\LVComS.exe
 
 
========== Modules (No Company Name) ==========
 
MOD - [2012.01.04 10:11:27 | 000,036,352 | ---- | M] () -- C:\Programme\Real\RealPlayer\psethvy_gr.dll
MOD - [2012.01.04 10:11:27 | 000,029,184 | ---- | M] () -- C:\Programme\Real\RealPlayer\rplvstpn_gr.dll
MOD - [2012.01.04 10:11:27 | 000,009,728 | ---- | M] () -- C:\Programme\Real\RealPlayer\rpwfalzr_gr.dll
MOD - [2011.12.10 11:49:03 | 012,431,360 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\d76221993c2fdfb991b8c12ae50a30eb\System.Windows.Forms.ni.dll
MOD - [2011.12.10 11:48:20 | 001,586,688 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Drawing\0e245eb9c1067cabd5673fe832d28613\System.Drawing.ni.dll
MOD - [2011.12.10 11:47:44 | 005,452,800 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Xml\275680f2b9db0501d53c50ea7d7a43f0\System.Xml.ni.dll
MOD - [2011.12.10 11:47:29 | 007,949,312 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System\95b9866ab6e4437ef5dc5855ebab4e33\System.ni.dll
MOD - [2011.12.10 11:47:17 | 011,490,304 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\1b31ced9bb880d94fff1c6d47c16a81e\mscorlib.ni.dll
MOD - [2010.09.01 08:33:54 | 000,019,456 | ---- | M] () -- C:\Programme\WinTV\TVServer\HauppaugeTVServerps.dll
 
 
========== Win32 Services (SafeList) ==========
 
SRV - [2011.12.24 17:50:18 | 000,652,872 | ---- | M] (Malwarebytes Corporation) [Auto | Running] -- C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe -- (MBAMService)
SRV - [2011.10.11 13:59:49 | 000,086,224 | ---- | M] (Avira Operations GmbH & Co. KG) [Auto | Running] -- C:\Program Files\Avira\AntiVir Desktop\sched.exe -- (AntiVirSchedulerService)
SRV - [2011.10.11 13:59:37 | 000,110,032 | ---- | M] (Avira Operations GmbH & Co. KG) [Auto | Running] -- C:\Program Files\Avira\AntiVir Desktop\avguard.exe -- (AntiVirService)
SRV - [2010.10.02 03:50:36 | 000,557,568 | ---- | M] (Hauppauge Computer Works) [Auto | Running] -- C:\Programme\WinTV\TVServer\HauppaugeTVServer.exe -- (HauppaugeTVServer)
SRV - [2010.01.15 13:49:20 | 000,227,232 | ---- | M] (McAfee, Inc.) [On_Demand | Stopped] -- C:\Program Files\McAfee Security Scan\2.0.181\McCHSvc.exe -- (McComponentHostService)
SRV - [2009.07.14 02:16:15 | 000,016,384 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\StorSvc.dll -- (StorSvc)
SRV - [2009.07.14 02:16:13 | 000,025,088 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\sensrsvc.dll -- (SensrSvc)
SRV - [2009.07.14 02:16:12 | 001,004,544 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\PeerDistSvc.dll -- (PeerDistSvc)
SRV - [2009.07.14 02:15:41 | 000,680,960 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Programme\Windows Defender\MpSvc.dll -- (WinDefend)
 
 
========== Driver Services (SafeList) ==========
 
DRV - [2011.12.10 15:24:06 | 000,020,464 | ---- | M] (Malwarebytes Corporation) [File_System | On_Demand | Running] -- C:\Windows\System32\drivers\mbam.sys -- (MBAMProtector)
DRV - [2011.12.09 20:51:34 | 000,134,856 | ---- | M] (Avira GmbH) [Kernel | System | Running] -- C:\Windows\System32\drivers\avipbb.sys -- (avipbb)
DRV - [2011.12.05 19:47:09 | 000,076,928 | ---- | M] (ENE Technology Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\ESM7SK.sys -- (ESMCR)
DRV - [2011.12.05 19:47:09 | 000,062,208 | ---- | M] (ENE Technology Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\EMS7SK.sys -- (EMSCR)
DRV - [2011.12.05 19:47:09 | 000,042,240 | ---- | M] (ENE Technology Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\ESD7SK.sys -- (ESDCR)
DRV - [2011.10.11 14:00:01 | 000,074,640 | ---- | M] (Avira GmbH) [File_System | Auto | Running] -- C:\Windows\System32\drivers\avgntflt.sys -- (avgntflt)
DRV - [2011.10.11 14:00:01 | 000,036,000 | ---- | M] (Avira GmbH) [Kernel | System | Running] -- C:\Windows\System32\drivers\avkmgr.sys -- (avkmgr)
DRV - [2010.06.17 14:14:27 | 000,028,520 | ---- | M] (Avira GmbH) [Kernel | System | Running] -- C:\Windows\System32\drivers\ssmdrv.sys -- (ssmdrv)
DRV - [2009.08.13 04:19:58 | 000,032,896 | ---- | M] (AVerMedia TECHNOLOGIES, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\AVPolCIR.sys -- (AVPolCIR)
DRV - [2009.08.13 04:19:54 | 000,314,752 | ---- | M] (AVerMedia TECHNOLOGIES, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\AVerPola.sys -- (AVerPola)
DRV - [2009.07.14 02:19:10 | 000,175,824 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\vmbus.sys -- (vmbus)
DRV - [2009.07.14 02:19:10 | 000,040,896 | ---- | M] (Microsoft Corporation) [Kernel | Boot | Running] -- C:\Windows\system32\DRIVERS\vmstorfl.sys -- (storflt)
DRV - [2009.07.14 02:19:10 | 000,028,224 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\storvsc.sys -- (storvsc)
DRV - [2009.07.14 00:28:47 | 000,005,632 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\vms3cap.sys -- (s3cap)
DRV - [2009.07.14 00:28:45 | 000,017,920 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\VMBusHID.sys -- (VMBusHID)
DRV - [2009.07.13 23:02:51 | 004,231,168 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\netw5v32.sys -- (netw5v32) Intel(R)
DRV - [2009.07.13 23:02:49 | 000,046,080 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\bcm4sbxp.sys -- (bcm4sbxp)
DRV - [2009.07.06 15:33:40 | 000,015,616 | ---- | M] (Hauppauge Computer Works, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\hcw95rc.sys -- (hcw95rc)
DRV - [2009.07.06 15:30:58 | 000,573,440 | ---- | M] (Hauppauge Computer Works, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\hcw95bda.sys -- (hcw95bda)
DRV - [2001.09.24 09:39:04 | 000,044,032 | ---- | M] (Logitech Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\lvce.sys -- (QCEmerald) Logitech QuickCam Web(PID_0850)
 
 
========== Standard Registry (SafeList) ==========
 
 
========== Internet Explorer ==========
 
 
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.niewieder.de!!!!!/
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = hxxp://de.msn.com/?ocid=iehp
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = de
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = 7B 49 AC 9A C7 D6 CC 01  [binary data]
IE - HKCU\..\URLSearchHook: {F3FEE66E-E034-436a-86E4-9690573BEE8A} - C:\Programme\YouTube Downloader Toolbar\IE\4.9\youtubedownloaderToolbarIE.dll (Spigot, Inc.)
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
 
========== FireFox ==========
 
FF - prefs.js..browser.search.defaultenginename: "Yahoo"
FF - prefs.js..browser.search.param.yahoo-fr: "chr-greentree_ff&type=937811&ilc=12"
FF - prefs.js..browser.search.selectedEngine: "Yahoo"
FF - prefs.js..keyword.URL: "hxxp://de.search.yahoo.com/search?fr=greentree_ff1&ei=utf-8&ilc=12&type=937811&p="
FF - prefs.js..network.proxy.type: 0
 
FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF32.dll ()
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files\Java\jre7\bin\new_plugin\npjp2.dll (Oracle Corporation)
 
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 9.0.1\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2012.01.08 09:14:29 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 9.0.1\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins
 
[2011.10.13 16:43:36 | 000,000,000 | ---D | M] (No name found) -- C:\Users\MR\AppData\Roaming\mozilla\Extensions
[2012.01.22 11:38:42 | 000,000,000 | ---D | M] (No name found) -- C:\Users\MR\AppData\Roaming\mozilla\Firefox\Profiles\yukpx4mi.default\extensions
[2012.01.22 11:38:42 | 000,000,000 | ---D | M] (BitDefender QuickScan) -- C:\Users\MR\AppData\Roaming\mozilla\Firefox\Profiles\yukpx4mi.default\extensions\{e001c731-5e37-4538-a5cb-8168736a2360}
[2012.01.08 09:14:32 | 000,000,000 | ---D | M] (No name found) -- C:\Programme\Mozilla Firefox\extensions
[2012.01.08 09:14:29 | 000,121,816 | ---- | M] (Mozilla Foundation) -- C:\Program Files\mozilla firefox\components\browsercomps.dll
[2011.09.29 02:24:37 | 000,001,392 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\amazondotcom-de.xml
[2011.09.29 02:16:42 | 000,002,252 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\bing.xml
[2011.09.29 02:24:37 | 000,001,153 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\eBay-de.xml
[2011.09.29 02:24:37 | 000,006,805 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\leo_ende_de.xml
[2011.09.29 02:24:37 | 000,001,178 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\wikipedia-de.xml
[2011.09.29 02:24:37 | 000,001,105 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\yahoo-de.xml
 
O1 HOSTS File: ([2009.06.10 22:39:37 | 000,000,824 | ---- | M]) - C:\Windows\System32\drivers\etc\hosts
O2 - BHO: (Adobe PDF Reader) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Programme\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll (Adobe Systems Incorporated)
O2 - BHO: (Java(tm) Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Programme\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
O2 - BHO: (YouTube Downloader Toolbar) - {F3FEE66E-E034-436a-86E4-9690573BEE8A} - C:\Programme\YouTube Downloader Toolbar\IE\4.9\youtubedownloaderToolbarIE.dll (Spigot, Inc.)
O3 - HKLM\..\Toolbar: (YouTube Downloader Toolbar) - {F3FEE66E-E034-436a-86E4-9690573BEE8A} - C:\Programme\YouTube Downloader Toolbar\IE\4.9\youtubedownloaderToolbarIE.dll (Spigot, Inc.)
O4 - HKLM..\Run: []  File not found
O4 - HKLM..\Run: [APSDaemon] C:\Program Files\Common Files\Apple\Apple Application Support\APSDaemon.exe (Apple Inc.)
O4 - HKLM..\Run: [avgnt] C:\Program Files\Avira\AntiVir Desktop\avgnt.exe (Avira Operations GmbH & Co. KG)
O4 - HKLM..\Run: [DXM6Patch_981116] C:\Windows\p_981116.exe (Microsoft Corporation)
O4 - HKLM..\Run: [LVCOMS] C:\Programme\Common Files\Logitech\QCDriver\LVComS.exe (Logitech Inc.)
O4 - HKLM..\Run: [Malwarebytes' Anti-Malware] C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe (Malwarebytes Corporation)
O4 - HKLM..\Run: [QCDriverInstaller] C:\Programme\Common Files\Logitech\QCDriver\Lqdsw.exe (Logitech Inc.)
O4 - HKLM..\Run: [RealTray] C:\Program Files\Real\RealPlayer\RealPlay.exe (RealNetworks, Inc.)
O4 - HKCU..\Run: [uTorrent] C:\Program Files\uTorrent\uTorrent.exe (BitTorrent, Inc.)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
O13 - gopher Prefix: missing
O16 - DPF: {7530BFB8-7293-4D34-9923-61A11451AFC5} hxxp://download.eset.com/special/eos/OnlineScanner.cab (OnlineScanner Control)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.7.0/jinstall-1_7_0_01-windows-i586.cab (Java Plug-in 10.1.0)
O16 - DPF: {CAFEEFAC-0017-0000-0001-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.7.0/jinstall-1_7_0_01-windows-i586.cab (Java Plug-in 1.7.0_01)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.7.0/jinstall-1_7_0_01-windows-i586.cab (Java Plug-in 1.7.0_01)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{1E07E1F2-EB66-4B38-B496-2E3CD95742D5}: DhcpNameServer = 192.168.1.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{5BB701F0-71E7-416C-85A6-90C05EEE5545}: DhcpNameServer = 192.168.1.1
O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Programme\Common Files\Skype\Skype4COM.dll (Skype Technologies)
O20 - HKLM Winlogon: Shell - (explorer.exe) -C:\Windows\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) -C:\Windows\System32\userinit.exe (Microsoft Corporation)
O20 - HKLM Winlogon: VMApplet - (SystemPropertiesPerformance.exe) -C:\Windows\System32\SystemPropertiesPerformance.exe (Microsoft Corporation)
O20 - HKLM Winlogon: VMApplet - (/pagefile) - File not found
O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2009.06.10 22:42:20 | 000,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ]
O33 - MountPoints2\{5705f481-f5b0-11e0-bce6-0016d4db80ff}\Shell - "" = AutoRun
O33 - MountPoints2\{5705f481-f5b0-11e0-bce6-0016d4db80ff}\Shell\AutoRun\command - "" = F:\LaunchU3.exe -a
O34 - HKLM BootExecute: (autocheck autochk *)
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
 
ActiveX: {08B0E5C0-4FCB-11CF-AAA5-00401C608500} - Java (Sun)
ActiveX: {2179C5D3-EBFF-11CF-B6FD-00AA00B4E220} - NetShow
ActiveX: {22d6f312-b0f6-11d0-94ab-0080c74c7e95} - Windows Media Player 5.2
ActiveX: {25FFAAD0-F4A3-4164-95FF-4461E9F35D51} - .NET Framework
ActiveX: {2C7339CF-2B09-4501-B3F3-F3508C9228ED} - %SystemRoot%\system32\regsvr32.exe /s /n /i:/UserInstall %SystemRoot%\system32\themeui.dll
ActiveX: {3af36230-a269-11d1-b5bf-0000f8051515} - Offline Browsing Pack
ActiveX: {3C3901C5-3455-3E0A-A214-0B093A5070A6} - .NET Framework
ActiveX: {44BBA840-CC51-11CF-AAFA-00AA00B6015C} - "%ProgramFiles%\Windows Mail\WinMail.exe" OCInstallUserConfigOE
ActiveX: {44BBA848-CC51-11CF-AAFA-00AA00B6015C} - DirectShow
ActiveX: {44BBA855-CC51-11CF-AAFA-00AA00B6015F} - DirectDrawEx
ActiveX: {45ea75a0-a269-11d1-b5bf-0000f8051515} - Internet Explorer Help
ActiveX: {4f645220-306d-11d2-995d-00c04f98bbc9} - Microsoft Windows Script 5.6
ActiveX: {5fd399c0-a70a-11d1-9948-00c04f98bbc9} - Internet Explorer Setup Tools
ActiveX: {630b1da0-b465-11d1-9948-00c04f98bbc9} - Browsing Enhancements
ActiveX: {6BF52A52-394A-11d3-B153-00C04F79FAA6} - Microsoft Windows Media Player
ActiveX: {6fab99d0-bab8-11d1-994a-00c04f98bbc9} - MSN Site Access
ActiveX: {7790769C-0471-11d2-AF11-00C04FA35D02} - Address Book 7
ActiveX: {7C028AF8-F614-47B3-82DA-BA94E41B1089} - .NET Framework
ActiveX: {89820200-ECBD-11cf-8B85-00AA005B4340} - regsvr32.exe /s /n /i:U shell32.dll
ActiveX: {89820200-ECBD-11cf-8B85-00AA005B4383} - C:\Windows\System32\ie4uinit.exe -BaseSettings
ActiveX: {89B4C1CD-B018-4511-B0A1-5476DBF70820} - C:\Windows\system32\Rundll32.exe C:\Windows\system32\mscories.dll,Install
ActiveX: {9381D8F2-0288-11D0-9501-00AA00B911A5} - Dynamic HTML Data Binding
ActiveX: {C9E9A340-D1F1-11D0-821E-444553540600} - Internet Explorer Core Fonts
ActiveX: {de5aed00-a4bf-11d1-9948-00c04f98bbc9} - HTML Help
ActiveX: {E92B03AB-B707-11d2-9CBD-0000F87A369E} - Active Directory Service Interface
ActiveX: >{22d6f312-b0f6-11d0-94ab-0080c74c7e95} - %SystemRoot%\system32\unregmp2.exe /ShowWMP
ActiveX: >{26923b43-4d38-484f-9b9e-de460746276c} - C:\Windows\System32\ie4uinit.exe -UserIconConfig
ActiveX: >{60B49E34-C7CC-11D0-8953-00A0C90347FF} - "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\iedkcs32.dll",BrandIEActiveSetup SIGNUP
 
NetSvcs: FastUserSwitchingCompatibility -  File not found
NetSvcs: Ias - C:\Windows\System32\ias.dll (Microsoft Corporation)
NetSvcs: Nla -  File not found
NetSvcs: Ntmssvc -  File not found
NetSvcs: NWCWorkstation -  File not found
NetSvcs: Nwsapagent -  File not found
NetSvcs: SRService -  File not found
NetSvcs: WmdmPmSp -  File not found
NetSvcs: LogonHours -  File not found
NetSvcs: PCAudit -  File not found
NetSvcs: helpsvc -  File not found
NetSvcs: uploadmgr -  File not found
 
 
CREATERESTOREPOINT
Restore point Set: OTL Restore Point
 
========== Files/Folders - Created Within 30 Days ==========
 
[2012.01.22 11:53:27 | 000,000,000 | ---D | C] -- C:\Users\MR\AppData\Roaming\f-secure
[2012.01.22 11:52:50 | 000,000,000 | ---D | C] -- C:\ProgramData\F-Secure
[2012.01.22 11:41:34 | 000,000,000 | ---D | C] -- C:\Users\MR\AppData\Roaming\QuickScan
[2012.01.21 21:17:53 | 000,000,000 | ---D | C] -- C:\Users\MR\AppData\Roaming\Malwarebytes
[2012.01.21 21:17:44 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes' Anti-Malware
[2012.01.21 21:17:42 | 000,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes
[2012.01.21 21:17:40 | 000,020,464 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbam.sys
[2012.01.21 21:17:40 | 000,000,000 | ---D | C] -- C:\Program Files\Malwarebytes' Anti-Malware
[2012.01.21 08:56:17 | 000,000,000 | ---D | C] -- C:\Program Files\ESET
[2012.01.16 21:25:30 | 000,000,000 | ---D | C] -- C:\Users\MR\Documents\Abrechn
[2012.01.16 20:42:31 | 000,000,000 | ---D | C] -- C:\Users\MR\Documents\Neuer Ordner
[2012.01.16 20:42:17 | 000,000,000 | ---D | C] -- C:\Users\MR\Documents\Projekt Spiritualität
[2012.01.16 20:41:03 | 000,000,000 | ---D | C] -- C:\Users\MR\Documents\Projekt Meditation
[2012.01.07 15:14:17 | 000,000,000 | ---D | C] -- C:\Program Files\uTorrent
[2012.01.07 15:13:14 | 000,000,000 | ---D | C] -- C:\Users\MR\AppData\Roaming\uTorrent
[2012.01.04 10:12:09 | 000,000,000 | ---D | C] -- C:\Program Files\Windows Media Components
[2012.01.04 10:11:44 | 000,140,800 | ---- | C] (The Duck Corporation) -- C:\Windows\System32\tm20dec.ax
[2012.01.04 10:11:28 | 000,000,000 | ---D | C] -- C:\My Music
[2012.01.04 10:11:21 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Real
[2012.01.04 10:11:19 | 000,000,000 | ---D | C] -- C:\Program Files\Real
[2012.01.04 10:11:18 | 000,278,528 | ---- | C] (Real Networks, Inc) -- C:\Windows\System32\pncrt.dll
[2012.01.04 10:11:17 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Real
[2012.01.04 10:10:17 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Logitech
[2012.01.04 10:09:57 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Logitech QuickCam
[2012.01.04 10:09:48 | 000,000,000 | ---D | C] -- C:\Program Files\Logitech
[2012.01.04 10:03:34 | 000,000,000 | ---D | C] -- C:\Users\MR\Documents\Chakren
[2012.01.03 20:32:14 | 000,000,000 | ---D | C] -- C:\Program Files\YouTube Downloader Toolbar
[2012.01.03 20:32:14 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Spigot
[2012.01.03 20:32:14 | 000,000,000 | ---D | C] -- C:\Program Files\Application Updater
 
========== Files - Modified Within 30 Days ==========
 
[2012.01.24 14:33:58 | 000,021,693 | ---- | M] () -- C:\Users\MR\Documents\Anschreiben.odt
[2012.01.24 14:04:27 | 001,540,916 | ---- | M] () -- C:\Users\MR\Documents\Gefesselte_Jugend.pdf
[2012.01.24 14:03:35 | 000,018,752 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
[2012.01.24 14:03:35 | 000,018,752 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
[2012.01.24 13:55:52 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2012.01.24 13:55:44 | 1602,838,528 | -HS- | M] () -- C:\hiberfil.sys
[2012.01.22 20:31:54 | 000,654,166 | ---- | M] () -- C:\Windows\System32\perfh007.dat
[2012.01.22 20:31:54 | 000,616,008 | ---- | M] () -- C:\Windows\System32\perfh009.dat
[2012.01.22 20:31:54 | 000,130,006 | ---- | M] () -- C:\Windows\System32\perfc007.dat
[2012.01.22 20:31:54 | 000,106,388 | ---- | M] () -- C:\Windows\System32\perfc009.dat
[2012.01.22 14:30:10 | 000,024,410 | ---- | M] () -- C:\Users\MR\Files.zip
[2012.01.22 13:11:10 | 000,000,000 | ---- | M] () -- C:\Users\MR\defogger_reenable
[2012.01.22 12:35:56 | 000,080,877 | ---- | M] () -- C:\Users\MR\Documents\Ausweis0001.jpg
[2012.01.22 12:35:56 | 000,072,731 | ---- | M] () -- C:\Users\MR\Documents\Ausweis0002.jpg
[2012.01.22 12:35:08 | 000,080,877 | ---- | M] () -- C:\Users\MR\Documents\Ausweis.jpg
[2012.01.22 12:30:02 | 000,181,149 | ---- | M] () -- C:\Users\MR\Documents\paysafecard.jpg
[2012.01.21 23:47:56 | 000,455,897 | ---- | M] () -- C:\Users\MR\Documents\nachhaltiges-u-soziales-lernen-in-naturverbind.pdf
[2012.01.21 21:17:45 | 000,001,067 | ---- | M] () -- C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
[2012.01.20 20:13:56 | 000,109,068 | ---- | M] () -- C:\Users\MR\Documents\material_literaturmodul_buddhism.pdf
[2012.01.20 13:08:35 | 000,142,966 | ---- | M] () -- C:\Users\MR\Documents\PDF_Rechnung_M211120033032952_01-2012.pdf
[2012.01.19 10:32:09 | 000,040,073 | ---- | M] () -- C:\Users\MR\Documents\Einladung_Antrittsvorlesung.pdf
[2012.01.19 09:45:18 | 001,631,714 | ---- | M] () -- C:\Users\MR\Documents\S1_Wahrnehmung.pdf
[2012.01.13 17:18:08 | 000,636,550 | ---- | M] () -- C:\Users\MR\Documents\un-konv_infobrosch_web.pdf
[2012.01.04 10:11:18 | 000,278,528 | ---- | M] (Real Networks, Inc) -- C:\Windows\System32\pncrt.dll
[2012.01.04 10:10:13 | 000,000,256 | ---- | M] () -- C:\Windows\_delis32.ini
 
========== Files Created - No Company Name ==========
 
[2012.01.24 14:04:27 | 001,540,916 | ---- | C] () -- C:\Users\MR\Documents\Gefesselte_Jugend.pdf
[2012.01.22 14:30:10 | 000,024,410 | ---- | C] () -- C:\Users\MR\Files.zip
[2012.01.22 13:11:10 | 000,000,000 | ---- | C] () -- C:\Users\MR\defogger_reenable
[2012.01.22 12:35:56 | 000,080,877 | ---- | C] () -- C:\Users\MR\Documents\Ausweis0001.jpg
[2012.01.22 12:35:56 | 000,072,731 | ---- | C] () -- C:\Users\MR\Documents\Ausweis0002.jpg
[2012.01.22 12:35:08 | 000,080,877 | ---- | C] () -- C:\Users\MR\Documents\Ausweis.jpg
[2012.01.22 12:30:02 | 000,181,149 | ---- | C] () -- C:\Users\MR\Documents\paysafecard.jpg
[2012.01.21 23:47:56 | 000,455,897 | ---- | C] () -- C:\Users\MR\Documents\nachhaltiges-u-soziales-lernen-in-naturverbind.pdf
[2012.01.21 21:17:45 | 000,001,067 | ---- | C] () -- C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
[2012.01.20 20:13:56 | 000,109,068 | ---- | C] () -- C:\Users\MR\Documents\material_literaturmodul_buddhism.pdf
[2012.01.20 13:08:35 | 000,142,966 | ---- | C] () -- C:\Users\MR\Documents\PDF_Rechnung_M211120033032952_01-2012.pdf
[2012.01.19 10:32:09 | 000,040,073 | ---- | C] () -- C:\Users\MR\Documents\Einladung_Antrittsvorlesung.pdf
[2012.01.19 09:45:18 | 001,631,714 | ---- | C] () -- C:\Users\MR\Documents\S1_Wahrnehmung.pdf
[2012.01.16 14:32:19 | 000,021,693 | ---- | C] () -- C:\Users\MR\Documents\Anschreiben.odt
[2012.01.13 17:18:08 | 000,636,550 | ---- | C] () -- C:\Users\MR\Documents\un-konv_infobrosch_web.pdf
[2012.01.05 12:31:36 | 000,645,564 | ---- | C] () -- C:\Users\MR\Desktop\praktikumsbericht jaaaaaaaa =).odt
[2012.01.04 10:11:39 | 000,010,240 | ---- | C] () -- C:\Windows\System32\vidx16.dll
[2012.01.04 10:11:39 | 000,005,672 | ---- | C] () -- C:\Windows\System32\quartz.vxd
[2012.01.04 10:10:18 | 000,069,632 | ---- | C] () -- C:\Windows\System32\LVUI2RC.dll
[2012.01.04 10:10:13 | 000,000,256 | ---- | C] () -- C:\Windows\_delis32.ini
[2011.12.05 19:48:11 | 000,356,352 | ---- | C] () -- C:\Windows\EMCRI.dll
[2011.10.18 13:08:38 | 000,000,135 | ---- | C] () -- C:\Windows\ODBC.INI
[2011.10.18 13:08:37 | 000,000,209 | ---- | C] () -- C:\Windows\ODBCINST.INI
[2011.10.18 13:07:52 | 000,037,574 | ---- | C] () -- C:\Windows\Irremote.ini
[2011.10.18 13:07:40 | 000,142,337 | ---- | C] () -- C:\Windows\System32\Wait.exe
[2011.10.18 13:07:14 | 000,007,328 | ---- | C] () -- C:\Windows\HCWPNP.INI
[2009.07.14 09:47:43 | 000,654,166 | ---- | C] () -- C:\Windows\System32\perfh007.dat
[2009.07.14 09:47:43 | 000,295,922 | ---- | C] () -- C:\Windows\System32\perfi007.dat
[2009.07.14 09:47:43 | 000,130,006 | ---- | C] () -- C:\Windows\System32\perfc007.dat
[2009.07.14 09:47:43 | 000,038,104 | ---- | C] () -- C:\Windows\System32\perfd007.dat
[2009.07.14 05:57:37 | 000,067,584 | --S- | C] () -- C:\Windows\bootstat.dat
[2009.07.14 05:33:53 | 000,300,976 | ---- | C] () -- C:\Windows\System32\FNTCACHE.DAT
[2009.07.14 03:05:48 | 000,616,008 | ---- | C] () -- C:\Windows\System32\perfh009.dat
[2009.07.14 03:05:48 | 000,291,294 | ---- | C] () -- C:\Windows\System32\perfi009.dat
[2009.07.14 03:05:48 | 000,106,388 | ---- | C] () -- C:\Windows\System32\perfc009.dat
[2009.07.14 03:05:48 | 000,031,548 | ---- | C] () -- C:\Windows\System32\perfd009.dat
[2009.07.14 03:05:05 | 000,000,741 | ---- | C] () -- C:\Windows\System32\NOISE.DAT
[2009.07.14 03:04:11 | 000,215,943 | ---- | C] () -- C:\Windows\System32\dssec.dat
[2009.07.14 01:19:49 | 000,066,048 | ---- | C] () -- C:\Windows\System32\PrintBrmUi.exe
[2009.07.14 00:55:01 | 000,043,131 | ---- | C] () -- C:\Windows\mib.bin
[2009.07.14 00:51:43 | 000,073,728 | ---- | C] () -- C:\Windows\System32\BthpanContextHandler.dll
[2009.07.14 00:42:10 | 000,064,000 | ---- | C] () -- C:\Windows\System32\BWContextHandler.dll
[2009.06.10 22:26:10 | 000,673,088 | ---- | C] () -- C:\Windows\System32\mlang.dat
 
========== LOP Check ==========
 
[2012.01.22 11:53:27 | 000,000,000 | ---D | M] -- C:\Users\MR\AppData\Roaming\f-secure
[2011.10.14 09:07:50 | 000,000,000 | ---D | M] -- C:\Users\MR\AppData\Roaming\LibreOffice
[2011.11.09 21:07:36 | 000,000,000 | ---D | M] -- C:\Users\MR\AppData\Roaming\Lingo4u
[2012.01.22 11:41:40 | 000,000,000 | ---D | M] -- C:\Users\MR\AppData\Roaming\QuickScan
[2012.01.24 16:59:30 | 000,000,000 | ---D | M] -- C:\Users\MR\AppData\Roaming\uTorrent
[2012.01.20 16:03:07 | 000,032,630 | ---- | M] () -- C:\Windows\Tasks\SCHEDLGU.TXT
 
========== Purity Check ==========
 
 
 
========== Custom Scans ==========
 
 
< %SYSTEMDRIVE%\*. >
[2011.10.13 16:32:55 | 000,000,000 | -HSD | M] -- C:\$Recycle.Bin
[2009.07.14 05:53:55 | 000,000,000 | -HSD | M] -- C:\Documents and Settings
[2011.10.13 16:32:27 | 000,000,000 | -HSD | M] -- C:\Dokumente und Einstellungen
[2011.11.12 15:20:26 | 000,000,000 | ---D | M] -- C:\Intel
[2012.01.04 10:11:28 | 000,000,000 | ---D | M] -- C:\My Music
[2009.07.14 03:37:05 | 000,000,000 | ---D | M] -- C:\PerfLogs
[2012.01.21 21:17:40 | 000,000,000 | R--D | M] -- C:\Program Files
[2012.01.22 11:52:50 | 000,000,000 | -H-D | M] -- C:\ProgramData
[2011.10.13 16:32:27 | 000,000,000 | -HSD | M] -- C:\Programme
[2011.10.13 16:32:27 | 000,000,000 | -HSD | M] -- C:\Recovery
[2012.01.24 17:02:07 | 000,000,000 | -HSD | M] -- C:\System Volume Information
[2011.10.17 18:44:00 | 000,000,000 | R--D | M] -- C:\Users
[2012.01.21 09:01:03 | 000,000,000 | ---D | M] -- C:\Windows
 
< %PROGRAMFILES%\*.exe >
 
< %LOCALAPPDATA%\*.exe >
 
< %systemroot%\*. /mp /s >
 
< %systemroot%\system32\*.manifest /3 >
 
 
< MD5 for: AFD.SYS  >
[2011.04.25 03:35:40 | 000,338,944 | ---- | M] (Microsoft Corporation) MD5=0DB7A48388D54D154EBEC120461A0FCD -- C:\Windows\System32\drivers\afd.sys
[2011.04.25 03:35:40 | 000,338,944 | ---- | M] (Microsoft Corporation) MD5=0DB7A48388D54D154EBEC120461A0FCD -- C:\Windows\winsxs\x86_microsoft-windows-winsock-core_31bf3856ad364e35_6.1.7600.16802_none_d81220b5bf827af7\afd.sys
[2010.11.20 09:40:03 | 000,338,944 | ---- | M] (Microsoft Corporation) MD5=1151FD4FB0216CFED887BFDE29EBD516 -- C:\Windows\SoftwareDistribution\Download\18e2c83e42cc8f0cc17b5dbfaf982690\x86_microsoft-windows-winsock-core_31bf3856ad364e35_6.1.7601.17514_none_d9efac7dbcaf385b\afd.sys
[2011.04.25 03:18:03 | 000,338,944 | ---- | M] (Microsoft Corporation) MD5=9EBBBA55060F786F0FCAA3893BFA2806 -- C:\Windows\winsxs\x86_microsoft-windows-winsock-core_31bf3856ad364e35_6.1.7601.17603_none_d9f97e05bca8003a\afd.sys
[2011.04.25 03:27:23 | 000,338,944 | ---- | M] (Microsoft Corporation) MD5=C114AB7A1550D42EA1700FFD4179CF5A -- C:\Windows\winsxs\x86_microsoft-windows-winsock-core_31bf3856ad364e35_6.1.7600.20951_none_d864ad9ad8c98d1f\afd.sys
[2011.04.25 04:24:09 | 000,338,944 | ---- | M] (Microsoft Corporation) MD5=C427F91A748CD342A2B3F9278D9FD6A5 -- C:\Windows\winsxs\x86_microsoft-windows-winsock-core_31bf3856ad364e35_6.1.7601.21712_none_da774a9ad5cea29e\afd.sys
[2009.07.14 00:12:38 | 000,338,944 | ---- | M] (Microsoft Corporation) MD5=DDC040FDB01EF1712A6B13E52AFB104C -- C:\Windows\winsxs\x86_microsoft-windows-winsock-core_31bf3856ad364e35_6.1.7600.16385_none_d7be98b5bfc0b4c1\afd.sys
 
< MD5 for: EXPLORER.EXE  >
[2011.02.26 06:19:21 | 002,616,320 | ---- | M] (Microsoft Corporation) MD5=0FB9C74046656D1579A64660AD67B746 -- C:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.1.7601.21669_none_54149f9ef14031fc\explorer.exe
[2009.07.14 02:14:20 | 002,613,248 | ---- | M] (Microsoft Corporation) MD5=15BC38A7492BEFE831966ADB477CF76F -- C:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.16385_none_518afd35db100430\explorer.exe
[2011.02.26 06:51:13 | 002,614,784 | ---- | M] (Microsoft Corporation) MD5=255CF508D7CFB10E0794D6AC93280BD8 -- C:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.20910_none_525b5180f3f95373\explorer.exe
[2009.10.31 06:45:39 | 002,614,272 | ---- | M] (Microsoft Corporation) MD5=2626FC9755BE22F805D3CFA0CE3EE727 -- C:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.16450_none_51a66d6ddafc2ed1\explorer.exe
[2011.02.26 06:33:07 | 002,614,784 | ---- | M] (Microsoft Corporation) MD5=2AF58D15EDC06EC6FDACCE1F19482BBF -- C:\Windows\explorer.exe
[2011.02.26 06:33:07 | 002,614,784 | ---- | M] (Microsoft Corporation) MD5=2AF58D15EDC06EC6FDACCE1F19482BBF -- C:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.16768_none_51a3a583dafd0cef\explorer.exe
[2010.11.20 13:17:09 | 002,616,320 | ---- | M] (Microsoft Corporation) MD5=40D777B7A95E00593EB1568C68514493 -- C:\Windows\SoftwareDistribution\Download\18e2c83e42cc8f0cc17b5dbfaf982690\x86_microsoft-windows-explorer_31bf3856ad364e35_6.1.7601.17514_none_53bc10fdd7fe87ca\explorer.exe
[2011.02.25 06:30:54 | 002,616,320 | ---- | M] (Microsoft Corporation) MD5=8B88EBBB05A0E56B7DCC708498C02B3E -- C:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.1.7601.17567_none_5389023fd8245f84\explorer.exe
[2009.08.03 06:49:47 | 002,613,248 | ---- | M] (Microsoft Corporation) MD5=9FF6C4C91A3711C0A3B18F87B08B518D -- C:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.20500_none_526619d4f3f142e6\explorer.exe
[2009.08.03 06:35:50 | 002,613,248 | ---- | M] (Microsoft Corporation) MD5=B95EEB0F4E5EFBF1038A35B3351CF047 -- C:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.16404_none_51e07e31dad00878\explorer.exe
[2009.10.31 07:00:51 | 002,614,272 | ---- | M] (Microsoft Corporation) MD5=C76153C7ECA00FA852BB0C193378F917 -- C:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.20563_none_52283b2af41f3691\explorer.exe
 
< MD5 for: REGEDIT.EXE  >
[2009.07.14 02:14:30 | 000,398,336 | ---- | M] (Microsoft Corporation) MD5=8A4883F5E7AC37444F23279239553878 -- C:\Windows\regedit.exe
[2009.07.14 02:14:30 | 000,398,336 | ---- | M] (Microsoft Corporation) MD5=8A4883F5E7AC37444F23279239553878 -- C:\Windows\winsxs\x86_microsoft-windows-registry-editor_31bf3856ad364e35_6.1.7600.16385_none_f4050b883d2c3c08\regedit.exe
 
< MD5 for: USERINIT.EXE  >
[2010.11.20 13:17:48 | 000,026,624 | ---- | M] (Microsoft Corporation) MD5=61AC3EFDFACFDD3F0F11DD4FD4044223 -- C:\Windows\SoftwareDistribution\Download\18e2c83e42cc8f0cc17b5dbfaf982690\x86_microsoft-windows-userinit_31bf3856ad364e35_6.1.7601.17514_none_de3024012ff21116\userinit.exe
[2009.07.14 02:14:43 | 000,026,112 | ---- | M] (Microsoft Corporation) MD5=6DE80F60D7DE9CE6B8C2DDFDF79EF175 -- C:\Windows\System32\userinit.exe
[2009.07.14 02:14:43 | 000,026,112 | ---- | M] (Microsoft Corporation) MD5=6DE80F60D7DE9CE6B8C2DDFDF79EF175 -- C:\Windows\winsxs\x86_microsoft-windows-userinit_31bf3856ad364e35_6.1.7600.16385_none_dbff103933038d7c\userinit.exe
 
< MD5 for: WININIT.EXE  >
[2009.07.14 02:14:45 | 000,096,256 | ---- | M] (Microsoft Corporation) MD5=B5C5DCAD3899512020D135600129D665 -- C:\Windows\System32\wininit.exe
[2009.07.14 02:14:45 | 000,096,256 | ---- | M] (Microsoft Corporation) MD5=B5C5DCAD3899512020D135600129D665 -- C:\Windows\winsxs\x86_microsoft-windows-wininit_31bf3856ad364e35_6.1.7600.16385_none_30c90ef265a43c13\wininit.exe
 
< MD5 for: WINLOGON.EXE  >
[2009.10.28 07:17:59 | 000,285,696 | ---- | M] (Microsoft Corporation) MD5=37CDB7E72EB66BA85A87CBE37E7F03FD -- C:\Windows\System32\winlogon.exe
[2009.10.28 07:17:59 | 000,285,696 | ---- | M] (Microsoft Corporation) MD5=37CDB7E72EB66BA85A87CBE37E7F03FD -- C:\Windows\winsxs\x86_microsoft-windows-winlogon_31bf3856ad364e35_6.1.7600.16447_none_6fc699643622d177\winlogon.exe
[2009.10.28 06:52:08 | 000,285,696 | ---- | M] (Microsoft Corporation) MD5=3BABE6767C78FBF5FB8435FEED187F30 -- C:\Windows\winsxs\x86_microsoft-windows-winlogon_31bf3856ad364e35_6.1.7600.20560_none_703394514f56f7c2\winlogon.exe
[2010.11.20 13:17:54 | 000,286,720 | ---- | M] (Microsoft Corporation) MD5=6D13E1406F50C66E2A95D97F22C47560 -- C:\Windows\SoftwareDistribution\Download\18e2c83e42cc8f0cc17b5dbfaf982690\x86_microsoft-windows-winlogon_31bf3856ad364e35_6.1.7601.17514_none_71ca6b0233339500\winlogon.exe
[2009.07.14 02:14:45 | 000,285,696 | ---- | M] (Microsoft Corporation) MD5=8EC6A4AB12B8F3759E21F8E3A388F2CF -- C:\Windows\winsxs\x86_microsoft-windows-winlogon_31bf3856ad364e35_6.1.7600.16385_none_6f99573a36451166\winlogon.exe
[2011.12.24 17:50:20 | 000,182,856 | ---- | M] () MD5=B382935AB01B27D0E14F267DBF288896 -- C:\Program Files\Malwarebytes' Anti-Malware\Chameleon\winlogon.exe
 
< HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Session Manager\SubSystems|Windows /rs >
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Session Manager\SubSystems\\Required: DebugWindows [binary data]
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Session Manager\SubSystems\\Windows: %SystemRoot%\system32\csrss.exe ObjectDirectory=\Windows SharedSection=1024,12288,512 Windows=On SubSystemType=Windows ServerDll=basesrv,1 ServerDll=winsrv:UserServerDllInitialization,3 ServerDll=winsrv:ConServerDllInitialization,2 ServerDll=sxssrv,4 ProfileControl=Off MaxRequestThreads=16
 
< HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\WindowsUpdate\AU >
 
< HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\WindowsUpdate\Auto Update\Results\Install|LastSuccessTime /rs >
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\WindowsUpdate\Auto Update\Results\Install\\LastSuccessTime: 2012-01-24 13:01:04
 
<          >

< End of report >

Paclib 24.01.2012 17:42
Mir ist vorhin aufgefallen, dass ich die falsche Inhalt kopiet habe (der falsche Inhalt kam von: http://www.trojaner-board.de/69886-a...-beachten.html )

Ich habe nun die Inhalt, wie du sie hier angegeben hast, eingegeben.

Entschuldigung für den Umstand.

Code:
OTL logfile created on: 24.01.2012 17:23:17 - Run 3
OTL by OldTimer - Version 3.2.31.0    Folder = C:\Users\MR\Downloads\Scan-Virus-Programme\otl
 Professional  (Version = 6.1.7600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.7600.16385)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
 
1,99 Gb Total Physical Memory | 1,09 Gb Available Physical Memory | 54,92% Memory free
3,98 Gb Paging File | 2,97 Gb Available in Paging File | 74,51% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 87,79 Gb Total Space | 40,60 Gb Free Space | 46,25% Space Free | Partition Type: NTFS
Drive D: | 61,16 Gb Total Space | 28,77 Gb Free Space | 47,05% Space Free | Partition Type: NTFS
 
Computer Name: MR-PC | User Name: MR | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Quick Scan
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days
 
========== Processes (SafeList) ==========
 
PRC - [2012.01.22 13:07:14 | 000,584,192 | ---- | M] (OldTimer Tools) -- C:\Users\MR\Downloads\Scan-Virus-Programme\otl\OTL.exe
PRC - [2012.01.11 09:31:33 | 000,735,608 | ---- | M] (BitTorrent, Inc.) -- C:\Programme\uTorrent\uTorrent.exe
PRC - [2012.01.04 10:11:21 | 000,020,480 | ---- | M] (RealNetworks, Inc.) -- C:\Programme\Real\RealPlayer\realplay.exe
PRC - [2011.12.24 17:50:18 | 000,652,872 | ---- | M] (Malwarebytes Corporation) -- C:\Programme\Malwarebytes' Anti-Malware\mbamservice.exe
PRC - [2011.12.24 17:50:18 | 000,460,872 | ---- | M] (Malwarebytes Corporation) -- C:\Programme\Malwarebytes' Anti-Malware\mbamgui.exe
PRC - [2011.10.11 14:00:02 | 000,080,336 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\Programme\Avira\AntiVir Desktop\avshadow.exe
PRC - [2011.10.11 13:59:49 | 000,086,224 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\Programme\Avira\AntiVir Desktop\sched.exe
PRC - [2011.10.11 13:59:37 | 000,258,512 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\Programme\Avira\AntiVir Desktop\avgnt.exe
PRC - [2011.10.11 13:59:37 | 000,110,032 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\Programme\Avira\AntiVir Desktop\avguard.exe
PRC - [2011.07.16 05:31:12 | 000,271,360 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\conhost.exe
PRC - [2011.02.26 06:33:07 | 002,614,784 | ---- | M] (Microsoft Corporation) -- C:\Windows\explorer.exe
PRC - [2010.10.02 03:50:36 | 000,557,568 | ---- | M] (Hauppauge Computer Works) -- C:\Programme\WinTV\TVServer\HauppaugeTVServer.exe
PRC - [2010.09.07 18:00:20 | 000,082,944 | ---- | M] (Hauppauge Computer Works, Inc.) -- C:\Programme\WinTV\WinTV7\WinTVTray.exe
PRC - [2010.01.15 13:49:20 | 000,255,536 | ---- | M] (McAfee, Inc.) -- C:\Programme\McAfee Security Scan\2.0.181\SSScheduler.exe
PRC - [2009.07.14 02:14:47 | 001,121,280 | ---- | M] (Microsoft Corporation) -- C:\Programme\Windows Media Player\wmpnetwk.exe
PRC - [2009.07.14 02:14:42 | 000,049,152 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\taskhost.exe
PRC - [2001.09.24 09:39:28 | 000,098,304 | ---- | M] (Logitech Inc.) -- C:\Programme\Common Files\Logitech\QCDriver\LVComS.exe
 
 
========== Modules (No Company Name) ==========
 
MOD - [2012.01.04 10:11:27 | 000,036,352 | ---- | M] () -- C:\Programme\Real\RealPlayer\psethvy_gr.dll
MOD - [2012.01.04 10:11:27 | 000,029,184 | ---- | M] () -- C:\Programme\Real\RealPlayer\rplvstpn_gr.dll
MOD - [2012.01.04 10:11:27 | 000,009,728 | ---- | M] () -- C:\Programme\Real\RealPlayer\rpwfalzr_gr.dll
MOD - [2011.12.10 11:49:03 | 012,431,360 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\d76221993c2fdfb991b8c12ae50a30eb\System.Windows.Forms.ni.dll
MOD - [2011.12.10 11:48:20 | 001,586,688 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Drawing\0e245eb9c1067cabd5673fe832d28613\System.Drawing.ni.dll
MOD - [2011.12.10 11:47:44 | 005,452,800 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Xml\275680f2b9db0501d53c50ea7d7a43f0\System.Xml.ni.dll
MOD - [2011.12.10 11:47:29 | 007,949,312 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System\95b9866ab6e4437ef5dc5855ebab4e33\System.ni.dll
MOD - [2011.12.10 11:47:17 | 011,490,304 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\1b31ced9bb880d94fff1c6d47c16a81e\mscorlib.ni.dll
MOD - [2010.09.01 08:33:54 | 000,019,456 | ---- | M] () -- C:\Programme\WinTV\TVServer\HauppaugeTVServerps.dll
 
 
========== Win32 Services (SafeList) ==========
 
SRV - [2011.12.24 17:50:18 | 000,652,872 | ---- | M] (Malwarebytes Corporation) [Auto | Running] -- C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe -- (MBAMService)
SRV - [2011.10.11 13:59:49 | 000,086,224 | ---- | M] (Avira Operations GmbH & Co. KG) [Auto | Running] -- C:\Program Files\Avira\AntiVir Desktop\sched.exe -- (AntiVirSchedulerService)
SRV - [2011.10.11 13:59:37 | 000,110,032 | ---- | M] (Avira Operations GmbH & Co. KG) [Auto | Running] -- C:\Program Files\Avira\AntiVir Desktop\avguard.exe -- (AntiVirService)
SRV - [2010.10.02 03:50:36 | 000,557,568 | ---- | M] (Hauppauge Computer Works) [Auto | Running] -- C:\Programme\WinTV\TVServer\HauppaugeTVServer.exe -- (HauppaugeTVServer)
SRV - [2010.01.15 13:49:20 | 000,227,232 | ---- | M] (McAfee, Inc.) [On_Demand | Stopped] -- C:\Program Files\McAfee Security Scan\2.0.181\McCHSvc.exe -- (McComponentHostService)
SRV - [2009.07.14 02:16:15 | 000,016,384 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\StorSvc.dll -- (StorSvc)
SRV - [2009.07.14 02:16:13 | 000,025,088 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\sensrsvc.dll -- (SensrSvc)
SRV - [2009.07.14 02:16:12 | 001,004,544 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\PeerDistSvc.dll -- (PeerDistSvc)
SRV - [2009.07.14 02:15:41 | 000,680,960 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Programme\Windows Defender\MpSvc.dll -- (WinDefend)
 
 
========== Driver Services (SafeList) ==========
 
DRV - [2011.12.10 15:24:06 | 000,020,464 | ---- | M] (Malwarebytes Corporation) [File_System | On_Demand | Running] -- C:\Windows\System32\drivers\mbam.sys -- (MBAMProtector)
DRV - [2011.12.09 20:51:34 | 000,134,856 | ---- | M] (Avira GmbH) [Kernel | System | Running] -- C:\Windows\System32\drivers\avipbb.sys -- (avipbb)
DRV - [2011.12.05 19:47:09 | 000,076,928 | ---- | M] (ENE Technology Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\ESM7SK.sys -- (ESMCR)
DRV - [2011.12.05 19:47:09 | 000,062,208 | ---- | M] (ENE Technology Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\EMS7SK.sys -- (EMSCR)
DRV - [2011.12.05 19:47:09 | 000,042,240 | ---- | M] (ENE Technology Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\ESD7SK.sys -- (ESDCR)
DRV - [2011.10.11 14:00:01 | 000,074,640 | ---- | M] (Avira GmbH) [File_System | Auto | Running] -- C:\Windows\System32\drivers\avgntflt.sys -- (avgntflt)
DRV - [2011.10.11 14:00:01 | 000,036,000 | ---- | M] (Avira GmbH) [Kernel | System | Running] -- C:\Windows\System32\drivers\avkmgr.sys -- (avkmgr)
DRV - [2010.06.17 14:14:27 | 000,028,520 | ---- | M] (Avira GmbH) [Kernel | System | Running] -- C:\Windows\System32\drivers\ssmdrv.sys -- (ssmdrv)
DRV - [2009.08.13 04:19:58 | 000,032,896 | ---- | M] (AVerMedia TECHNOLOGIES, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\AVPolCIR.sys -- (AVPolCIR)
DRV - [2009.08.13 04:19:54 | 000,314,752 | ---- | M] (AVerMedia TECHNOLOGIES, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\AVerPola.sys -- (AVerPola)
DRV - [2009.07.14 02:19:10 | 000,175,824 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\vmbus.sys -- (vmbus)
DRV - [2009.07.14 02:19:10 | 000,040,896 | ---- | M] (Microsoft Corporation) [Kernel | Boot | Running] -- C:\Windows\system32\DRIVERS\vmstorfl.sys -- (storflt)
DRV - [2009.07.14 02:19:10 | 000,028,224 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\storvsc.sys -- (storvsc)
DRV - [2009.07.14 00:28:47 | 000,005,632 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\vms3cap.sys -- (s3cap)
DRV - [2009.07.14 00:28:45 | 000,017,920 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\VMBusHID.sys -- (VMBusHID)
DRV - [2009.07.13 23:02:51 | 004,231,168 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\netw5v32.sys -- (netw5v32) Intel(R)
DRV - [2009.07.13 23:02:49 | 000,046,080 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\bcm4sbxp.sys -- (bcm4sbxp)
DRV - [2009.07.06 15:33:40 | 000,015,616 | ---- | M] (Hauppauge Computer Works, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\hcw95rc.sys -- (hcw95rc)
DRV - [2009.07.06 15:30:58 | 000,573,440 | ---- | M] (Hauppauge Computer Works, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\hcw95bda.sys -- (hcw95bda)
DRV - [2001.09.24 09:39:04 | 000,044,032 | ---- | M] (Logitech Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\lvce.sys -- (QCEmerald) Logitech QuickCam Web(PID_0850)
 
 
========== Standard Registry (SafeList) ==========
 
 
========== Internet Explorer ==========
 
 
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.niewieder.de!!!!!/
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = hxxp://de.msn.com/?ocid=iehp
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = de
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = 7B 49 AC 9A C7 D6 CC 01  [binary data]
IE - HKCU\..\URLSearchHook: {F3FEE66E-E034-436a-86E4-9690573BEE8A} - C:\Programme\YouTube Downloader Toolbar\IE\4.9\youtubedownloaderToolbarIE.dll (Spigot, Inc.)
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
 
========== FireFox ==========
 
FF - prefs.js..browser.search.defaultenginename: "Yahoo"
FF - prefs.js..browser.search.param.yahoo-fr: "chr-greentree_ff&type=937811&ilc=12"
FF - prefs.js..browser.search.selectedEngine: "Yahoo"
FF - prefs.js..keyword.URL: "hxxp://de.search.yahoo.com/search?fr=greentree_ff1&ei=utf-8&ilc=12&type=937811&p="
FF - prefs.js..network.proxy.type: 0
 
FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF32.dll ()
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files\Java\jre7\bin\new_plugin\npjp2.dll (Oracle Corporation)
 
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 9.0.1\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2012.01.08 09:14:29 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 9.0.1\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins
 
[2011.10.13 16:43:36 | 000,000,000 | ---D | M] (No name found) -- C:\Users\MR\AppData\Roaming\mozilla\Extensions
[2012.01.22 11:38:42 | 000,000,000 | ---D | M] (No name found) -- C:\Users\MR\AppData\Roaming\mozilla\Firefox\Profiles\yukpx4mi.default\extensions
[2012.01.22 11:38:42 | 000,000,000 | ---D | M] (BitDefender QuickScan) -- C:\Users\MR\AppData\Roaming\mozilla\Firefox\Profiles\yukpx4mi.default\extensions\{e001c731-5e37-4538-a5cb-8168736a2360}
[2012.01.08 09:14:32 | 000,000,000 | ---D | M] (No name found) -- C:\Programme\Mozilla Firefox\extensions
[2012.01.08 09:14:29 | 000,121,816 | ---- | M] (Mozilla Foundation) -- C:\Program Files\mozilla firefox\components\browsercomps.dll
[2011.09.29 02:24:37 | 000,001,392 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\amazondotcom-de.xml
[2011.09.29 02:16:42 | 000,002,252 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\bing.xml
[2011.09.29 02:24:37 | 000,001,153 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\eBay-de.xml
[2011.09.29 02:24:37 | 000,006,805 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\leo_ende_de.xml
[2011.09.29 02:24:37 | 000,001,178 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\wikipedia-de.xml
[2011.09.29 02:24:37 | 000,001,105 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\yahoo-de.xml
 
O1 HOSTS File: ([2009.06.10 22:39:37 | 000,000,824 | ---- | M]) - C:\Windows\System32\drivers\etc\hosts
O2 - BHO: (Adobe PDF Reader) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Programme\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll (Adobe Systems Incorporated)
O2 - BHO: (Java(tm) Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Programme\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
O2 - BHO: (YouTube Downloader Toolbar) - {F3FEE66E-E034-436a-86E4-9690573BEE8A} - C:\Programme\YouTube Downloader Toolbar\IE\4.9\youtubedownloaderToolbarIE.dll (Spigot, Inc.)
O3 - HKLM\..\Toolbar: (YouTube Downloader Toolbar) - {F3FEE66E-E034-436a-86E4-9690573BEE8A} - C:\Programme\YouTube Downloader Toolbar\IE\4.9\youtubedownloaderToolbarIE.dll (Spigot, Inc.)
O4 - HKLM..\Run: []  File not found
O4 - HKLM..\Run: [APSDaemon] C:\Program Files\Common Files\Apple\Apple Application Support\APSDaemon.exe (Apple Inc.)
O4 - HKLM..\Run: [avgnt] C:\Program Files\Avira\AntiVir Desktop\avgnt.exe (Avira Operations GmbH & Co. KG)
O4 - HKLM..\Run: [DXM6Patch_981116] C:\Windows\p_981116.exe (Microsoft Corporation)
O4 - HKLM..\Run: [LVCOMS] C:\Programme\Common Files\Logitech\QCDriver\LVComS.exe (Logitech Inc.)
O4 - HKLM..\Run: [Malwarebytes' Anti-Malware] C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe (Malwarebytes Corporation)
O4 - HKLM..\Run: [QCDriverInstaller] C:\Programme\Common Files\Logitech\QCDriver\Lqdsw.exe (Logitech Inc.)
O4 - HKLM..\Run: [RealTray] C:\Program Files\Real\RealPlayer\RealPlay.exe (RealNetworks, Inc.)
O4 - HKCU..\Run: [uTorrent] C:\Program Files\uTorrent\uTorrent.exe (BitTorrent, Inc.)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
O13 - gopher Prefix: missing
O16 - DPF: {7530BFB8-7293-4D34-9923-61A11451AFC5} hxxp://download.eset.com/special/eos/OnlineScanner.cab (OnlineScanner Control)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.7.0/jinstall-1_7_0_01-windows-i586.cab (Java Plug-in 10.1.0)
O16 - DPF: {CAFEEFAC-0017-0000-0001-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.7.0/jinstall-1_7_0_01-windows-i586.cab (Java Plug-in 1.7.0_01)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.7.0/jinstall-1_7_0_01-windows-i586.cab (Java Plug-in 1.7.0_01)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{1E07E1F2-EB66-4B38-B496-2E3CD95742D5}: DhcpNameServer = 192.168.1.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{5BB701F0-71E7-416C-85A6-90C05EEE5545}: DhcpNameServer = 192.168.1.1
O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Programme\Common Files\Skype\Skype4COM.dll (Skype Technologies)
O20 - HKLM Winlogon: Shell - (explorer.exe) -C:\Windows\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) -C:\Windows\System32\userinit.exe (Microsoft Corporation)
O20 - HKLM Winlogon: VMApplet - (SystemPropertiesPerformance.exe) -C:\Windows\System32\SystemPropertiesPerformance.exe (Microsoft Corporation)
O20 - HKLM Winlogon: VMApplet - (/pagefile) - File not found
O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2009.06.10 22:42:20 | 000,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ]
O33 - MountPoints2\{5705f481-f5b0-11e0-bce6-0016d4db80ff}\Shell - "" = AutoRun
O33 - MountPoints2\{5705f481-f5b0-11e0-bce6-0016d4db80ff}\Shell\AutoRun\command - "" = F:\LaunchU3.exe -a
O34 - HKLM BootExecute: (autocheck autochk *)
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
 
NetSvcs: FastUserSwitchingCompatibility -  File not found
NetSvcs: Ias - C:\Windows\System32\ias.dll (Microsoft Corporation)
NetSvcs: Nla -  File not found
NetSvcs: Ntmssvc -  File not found
NetSvcs: NWCWorkstation -  File not found
NetSvcs: Nwsapagent -  File not found
NetSvcs: SRService -  File not found
NetSvcs: WmdmPmSp -  File not found
NetSvcs: LogonHours -  File not found
NetSvcs: PCAudit -  File not found
NetSvcs: helpsvc -  File not found
NetSvcs: uploadmgr -  File not found
 
 
SafeBootMin: Base - Driver Group
SafeBootMin: Boot Bus Extender - Driver Group
SafeBootMin: Boot file system - Driver Group
SafeBootMin: File system - Driver Group
SafeBootMin: Filter - Driver Group
SafeBootMin: HelpSvc - Service
SafeBootMin: NTDS -  File not found
SafeBootMin: PCI Configuration - Driver Group
SafeBootMin: PNP Filter - Driver Group
SafeBootMin: Primary disk - Driver Group
SafeBootMin: sacsvr - Service
SafeBootMin: SCSI Class - Driver Group
SafeBootMin: System Bus Extender - Driver Group
SafeBootMin: vmms - Service
SafeBootMin: WinDefend - C:\Programme\Windows Defender\MpSvc.dll (Microsoft Corporation)
SafeBootMin: {36FC9E60-C465-11CF-8056-444553540000} - Universal Serial Bus controllers
SafeBootMin: {4D36E965-E325-11CE-BFC1-08002BE10318} - CD-ROM Drive
SafeBootMin: {4D36E967-E325-11CE-BFC1-08002BE10318} - DiskDrive
SafeBootMin: {4D36E969-E325-11CE-BFC1-08002BE10318} - Standard floppy disk controller
SafeBootMin: {4D36E96A-E325-11CE-BFC1-08002BE10318} - Hdc
SafeBootMin: {4D36E96B-E325-11CE-BFC1-08002BE10318} - Keyboard
SafeBootMin: {4D36E96F-E325-11CE-BFC1-08002BE10318} - Mouse
SafeBootMin: {4D36E977-E325-11CE-BFC1-08002BE10318} - PCMCIA Adapters
SafeBootMin: {4D36E97B-E325-11CE-BFC1-08002BE10318} - SCSIAdapter
SafeBootMin: {4D36E97D-E325-11CE-BFC1-08002BE10318} - System
SafeBootMin: {4D36E980-E325-11CE-BFC1-08002BE10318} - Floppy disk drive
SafeBootMin: {533C5B84-EC70-11D2-9505-00C04F79DEAF} - Volume shadow copy
SafeBootMin: {6BDD1FC1-810F-11D0-BEC7-08002BE2092F} - IEEE 1394 Bus host controllers
SafeBootMin: {71A27CDD-812A-11D0-BEC7-08002BE2092F} - Volume
SafeBootMin: {745A17A0-74D3-11D0-B6FE-00A0C90F57DA} - Human Interface Devices
SafeBootMin: {D48179BE-EC20-11D1-B6B8-00C04FA372A7} - SBP2 IEEE 1394 Devices
SafeBootMin: {D94EE5D8-D189-4994-83D2-F68D7D41B0E6} - SecurityDevices
 
SafeBootNet: Base - Driver Group
SafeBootNet: Boot Bus Extender - Driver Group
SafeBootNet: Boot file system - Driver Group
SafeBootNet: File system - Driver Group
SafeBootNet: Filter - Driver Group
SafeBootNet: HelpSvc - Service
SafeBootNet: Messenger - Service
SafeBootNet: NDIS Wrapper - Driver Group
SafeBootNet: NetBIOSGroup - Driver Group
SafeBootNet: NetDDEGroup - Driver Group
SafeBootNet: Network - Driver Group
SafeBootNet: NetworkProvider - Driver Group
SafeBootNet: NTDS -  File not found
SafeBootNet: PCI Configuration - Driver Group
SafeBootNet: PNP Filter - Driver Group
SafeBootNet: PNP_TDI - Driver Group
SafeBootNet: Primary disk - Driver Group
SafeBootNet: rdsessmgr - Service
SafeBootNet: sacsvr - Service
SafeBootNet: SCSI Class - Driver Group
SafeBootNet: Streams Drivers - Driver Group
SafeBootNet: System Bus Extender - Driver Group
SafeBootNet: TDI - Driver Group
SafeBootNet: vmms - Service
SafeBootNet: WinDefend - C:\Programme\Windows Defender\MpSvc.dll (Microsoft Corporation)
SafeBootNet: WudfUsbccidDriver - Driver
SafeBootNet: {36FC9E60-C465-11CF-8056-444553540000} - Universal Serial Bus controllers
SafeBootNet: {4D36E965-E325-11CE-BFC1-08002BE10318} - CD-ROM Drive
SafeBootNet: {4D36E967-E325-11CE-BFC1-08002BE10318} - DiskDrive
SafeBootNet: {4D36E969-E325-11CE-BFC1-08002BE10318} - Standard floppy disk controller
SafeBootNet: {4D36E96A-E325-11CE-BFC1-08002BE10318} - Hdc
SafeBootNet: {4D36E96B-E325-11CE-BFC1-08002BE10318} - Keyboard
SafeBootNet: {4D36E96F-E325-11CE-BFC1-08002BE10318} - Mouse
SafeBootNet: {4D36E972-E325-11CE-BFC1-08002BE10318} - Net
SafeBootNet: {4D36E973-E325-11CE-BFC1-08002BE10318} - NetClient
SafeBootNet: {4D36E974-E325-11CE-BFC1-08002BE10318} - NetService
SafeBootNet: {4D36E975-E325-11CE-BFC1-08002BE10318} - NetTrans
SafeBootNet: {4D36E977-E325-11CE-BFC1-08002BE10318} - PCMCIA Adapters
SafeBootNet: {4D36E97B-E325-11CE-BFC1-08002BE10318} - SCSIAdapter
SafeBootNet: {4D36E97D-E325-11CE-BFC1-08002BE10318} - System
SafeBootNet: {4D36E980-E325-11CE-BFC1-08002BE10318} - Floppy disk drive
SafeBootNet: {50DD5230-BA8A-11D1-BF5D-0000F805F530} - Smart card readers
SafeBootNet: {533C5B84-EC70-11D2-9505-00C04F79DEAF} - Volume shadow copy
SafeBootNet: {6BDD1FC1-810F-11D0-BEC7-08002BE2092F} - IEEE 1394 Bus host controllers
SafeBootNet: {71A27CDD-812A-11D0-BEC7-08002BE2092F} - Volume
SafeBootNet: {745A17A0-74D3-11D0-B6FE-00A0C90F57DA} - Human Interface Devices
SafeBootNet: {D48179BE-EC20-11D1-B6B8-00C04FA372A7} - SBP2 IEEE 1394 Devices
SafeBootNet: {D94EE5D8-D189-4994-83D2-F68D7D41B0E6} - SecurityDevices
 
ActiveX: {08B0E5C0-4FCB-11CF-AAA5-00401C608500} - Java (Sun)
ActiveX: {2179C5D3-EBFF-11CF-B6FD-00AA00B4E220} - NetShow
ActiveX: {22d6f312-b0f6-11d0-94ab-0080c74c7e95} - Windows Media Player 5.2
ActiveX: {25FFAAD0-F4A3-4164-95FF-4461E9F35D51} - .NET Framework
ActiveX: {2C7339CF-2B09-4501-B3F3-F3508C9228ED} - %SystemRoot%\system32\regsvr32.exe /s /n /i:/UserInstall %SystemRoot%\system32\themeui.dll
ActiveX: {3af36230-a269-11d1-b5bf-0000f8051515} - Offline Browsing Pack
ActiveX: {3C3901C5-3455-3E0A-A214-0B093A5070A6} - .NET Framework
ActiveX: {44BBA840-CC51-11CF-AAFA-00AA00B6015C} - "%ProgramFiles%\Windows Mail\WinMail.exe" OCInstallUserConfigOE
ActiveX: {44BBA848-CC51-11CF-AAFA-00AA00B6015C} - DirectShow
ActiveX: {44BBA855-CC51-11CF-AAFA-00AA00B6015F} - DirectDrawEx
ActiveX: {45ea75a0-a269-11d1-b5bf-0000f8051515} - Internet Explorer Help
ActiveX: {4f645220-306d-11d2-995d-00c04f98bbc9} - Microsoft Windows Script 5.6
ActiveX: {5fd399c0-a70a-11d1-9948-00c04f98bbc9} - Internet Explorer Setup Tools
ActiveX: {630b1da0-b465-11d1-9948-00c04f98bbc9} - Browsing Enhancements
ActiveX: {6BF52A52-394A-11d3-B153-00C04F79FAA6} - Microsoft Windows Media Player
ActiveX: {6fab99d0-bab8-11d1-994a-00c04f98bbc9} - MSN Site Access
ActiveX: {7790769C-0471-11d2-AF11-00C04FA35D02} - Address Book 7
ActiveX: {7C028AF8-F614-47B3-82DA-BA94E41B1089} - .NET Framework
ActiveX: {89820200-ECBD-11cf-8B85-00AA005B4340} - regsvr32.exe /s /n /i:U shell32.dll
ActiveX: {89820200-ECBD-11cf-8B85-00AA005B4383} - C:\Windows\System32\ie4uinit.exe -BaseSettings
ActiveX: {89B4C1CD-B018-4511-B0A1-5476DBF70820} - C:\Windows\system32\Rundll32.exe C:\Windows\system32\mscories.dll,Install
ActiveX: {9381D8F2-0288-11D0-9501-00AA00B911A5} - Dynamic HTML Data Binding
ActiveX: {C9E9A340-D1F1-11D0-821E-444553540600} - Internet Explorer Core Fonts
ActiveX: {de5aed00-a4bf-11d1-9948-00c04f98bbc9} - HTML Help
ActiveX: {E92B03AB-B707-11d2-9CBD-0000F87A369E} - Active Directory Service Interface
ActiveX: >{22d6f312-b0f6-11d0-94ab-0080c74c7e95} - %SystemRoot%\system32\unregmp2.exe /ShowWMP
ActiveX: >{26923b43-4d38-484f-9b9e-de460746276c} - C:\Windows\System32\ie4uinit.exe -UserIconConfig
ActiveX: >{60B49E34-C7CC-11D0-8953-00A0C90347FF} - "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\iedkcs32.dll",BrandIEActiveSetup SIGNUP
 
Drivers32: msacm.l3acm - C:\Windows\System32\l3codeca.acm (Fraunhofer Institut Integrierte Schaltungen IIS)
Drivers32: msacm.voxacm160 - C:\Windows\System32\vct3216.acm (Voxware, Inc.)
Drivers32: MSVideo - C:\Windows\System32\vfwwdm32.dll (Microsoft Corporation)
Drivers32: MSVideo8 - C:\Windows\System32\vfwwdm32.dll (Microsoft Corporation)
Drivers32: vidc.cvid - C:\Windows\System32\iccvid.dll (Radius Inc.)
Drivers32: VIDC.I420 - C:\Windows\System32\lvcodec2.dll (Logitech Inc.)
 
CREATERESTOREPOINT
Restore point Set: OTL Restore Point
 
========== Files/Folders - Created Within 30 Days ==========
 
[2012.01.22 11:53:27 | 000,000,000 | ---D | C] -- C:\Users\MR\AppData\Roaming\f-secure
[2012.01.22 11:52:50 | 000,000,000 | ---D | C] -- C:\ProgramData\F-Secure
[2012.01.22 11:41:34 | 000,000,000 | ---D | C] -- C:\Users\MR\AppData\Roaming\QuickScan
[2012.01.21 21:17:53 | 000,000,000 | ---D | C] -- C:\Users\MR\AppData\Roaming\Malwarebytes
[2012.01.21 21:17:44 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes' Anti-Malware
[2012.01.21 21:17:42 | 000,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes
[2012.01.21 21:17:40 | 000,020,464 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbam.sys
[2012.01.21 21:17:40 | 000,000,000 | ---D | C] -- C:\Program Files\Malwarebytes' Anti-Malware
[2012.01.21 08:56:17 | 000,000,000 | ---D | C] -- C:\Program Files\ESET
[2012.01.16 21:25:30 | 000,000,000 | ---D | C] -- C:\Users\MR\Documents\Abrechn
[2012.01.16 20:42:31 | 000,000,000 | ---D | C] -- C:\Users\MR\Documents\Neuer Ordner
[2012.01.16 20:42:17 | 000,000,000 | ---D | C] -- C:\Users\MR\Documents\Projekt Spiritualität
[2012.01.16 20:41:03 | 000,000,000 | ---D | C] -- C:\Users\MR\Documents\Projekt Meditation
[2012.01.07 15:14:17 | 000,000,000 | ---D | C] -- C:\Program Files\uTorrent
[2012.01.07 15:13:14 | 000,000,000 | ---D | C] -- C:\Users\MR\AppData\Roaming\uTorrent
[2012.01.04 10:12:09 | 000,000,000 | ---D | C] -- C:\Program Files\Windows Media Components
[2012.01.04 10:11:44 | 000,140,800 | ---- | C] (The Duck Corporation) -- C:\Windows\System32\tm20dec.ax
[2012.01.04 10:11:28 | 000,000,000 | ---D | C] -- C:\My Music
[2012.01.04 10:11:21 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Real
[2012.01.04 10:11:19 | 000,000,000 | ---D | C] -- C:\Program Files\Real
[2012.01.04 10:11:18 | 000,278,528 | ---- | C] (Real Networks, Inc) -- C:\Windows\System32\pncrt.dll
[2012.01.04 10:11:17 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Real
[2012.01.04 10:10:17 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Logitech
[2012.01.04 10:09:57 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Logitech QuickCam
[2012.01.04 10:09:48 | 000,000,000 | ---D | C] -- C:\Program Files\Logitech
[2012.01.04 10:03:34 | 000,000,000 | ---D | C] -- C:\Users\MR\Documents\Chakren
[2012.01.03 20:32:14 | 000,000,000 | ---D | C] -- C:\Program Files\YouTube Downloader Toolbar
[2012.01.03 20:32:14 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Spigot
[2012.01.03 20:32:14 | 000,000,000 | ---D | C] -- C:\Program Files\Application Updater
 
========== Files - Modified Within 30 Days ==========
 
[2012.01.24 14:33:58 | 000,021,693 | ---- | M] () -- C:\Users\MR\Documents\Anschreiben.odt
[2012.01.24 14:04:27 | 001,540,916 | ---- | M] () -- C:\Users\MR\Documents\Gefesselte_Jugend.pdf
[2012.01.24 14:03:35 | 000,018,752 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
[2012.01.24 14:03:35 | 000,018,752 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
[2012.01.24 13:55:52 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2012.01.24 13:55:44 | 1602,838,528 | -HS- | M] () -- C:\hiberfil.sys
[2012.01.22 20:31:54 | 000,654,166 | ---- | M] () -- C:\Windows\System32\perfh007.dat
[2012.01.22 20:31:54 | 000,616,008 | ---- | M] () -- C:\Windows\System32\perfh009.dat
[2012.01.22 20:31:54 | 000,130,006 | ---- | M] () -- C:\Windows\System32\perfc007.dat
[2012.01.22 20:31:54 | 000,106,388 | ---- | M] () -- C:\Windows\System32\perfc009.dat
[2012.01.22 14:30:10 | 000,024,410 | ---- | M] () -- C:\Users\MR\Files.zip
[2012.01.22 13:11:10 | 000,000,000 | ---- | M] () -- C:\Users\MR\defogger_reenable
[2012.01.22 12:35:56 | 000,080,877 | ---- | M] () -- C:\Users\MR\Documents\Ausweis0001.jpg
[2012.01.22 12:35:56 | 000,072,731 | ---- | M] () -- C:\Users\MR\Documents\Ausweis0002.jpg
[2012.01.22 12:35:08 | 000,080,877 | ---- | M] () -- C:\Users\MR\Documents\Ausweis.jpg
[2012.01.22 12:30:02 | 000,181,149 | ---- | M] () -- C:\Users\MR\Documents\paysafecard.jpg
[2012.01.21 23:47:56 | 000,455,897 | ---- | M] () -- C:\Users\MR\Documents\nachhaltiges-u-soziales-lernen-in-naturverbind.pdf
[2012.01.21 21:17:45 | 000,001,067 | ---- | M] () -- C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
[2012.01.20 20:13:56 | 000,109,068 | ---- | M] () -- C:\Users\MR\Documents\material_literaturmodul_buddhism.pdf
[2012.01.20 13:08:35 | 000,142,966 | ---- | M] () -- C:\Users\MR\Documents\PDF_Rechnung_M211120033032952_01-2012.pdf
[2012.01.19 10:32:09 | 000,040,073 | ---- | M] () -- C:\Users\MR\Documents\Einladung_Antrittsvorlesung.pdf
[2012.01.19 09:45:18 | 001,631,714 | ---- | M] () -- C:\Users\MR\Documents\S1_Wahrnehmung.pdf
[2012.01.13 17:18:08 | 000,636,550 | ---- | M] () -- C:\Users\MR\Documents\un-konv_infobrosch_web.pdf
[2012.01.04 10:11:18 | 000,278,528 | ---- | M] (Real Networks, Inc) -- C:\Windows\System32\pncrt.dll
[2012.01.04 10:10:13 | 000,000,256 | ---- | M] () -- C:\Windows\_delis32.ini
 
========== Files Created - No Company Name ==========
 
[2012.01.24 14:04:27 | 001,540,916 | ---- | C] () -- C:\Users\MR\Documents\Gefesselte_Jugend.pdf
[2012.01.22 14:30:10 | 000,024,410 | ---- | C] () -- C:\Users\MR\Files.zip
[2012.01.22 13:11:10 | 000,000,000 | ---- | C] () -- C:\Users\MR\defogger_reenable
[2012.01.22 12:35:56 | 000,080,877 | ---- | C] () -- C:\Users\MR\Documents\Ausweis0001.jpg
[2012.01.22 12:35:56 | 000,072,731 | ---- | C] () -- C:\Users\MR\Documents\Ausweis0002.jpg
[2012.01.22 12:35:08 | 000,080,877 | ---- | C] () -- C:\Users\MR\Documents\Ausweis.jpg
[2012.01.22 12:30:02 | 000,181,149 | ---- | C] () -- C:\Users\MR\Documents\paysafecard.jpg
[2012.01.21 23:47:56 | 000,455,897 | ---- | C] () -- C:\Users\MR\Documents\nachhaltiges-u-soziales-lernen-in-naturverbind.pdf
[2012.01.21 21:17:45 | 000,001,067 | ---- | C] () -- C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
[2012.01.20 20:13:56 | 000,109,068 | ---- | C] () -- C:\Users\MR\Documents\material_literaturmodul_buddhism.pdf
[2012.01.20 13:08:35 | 000,142,966 | ---- | C] () -- C:\Users\MR\Documents\PDF_Rechnung_M211120033032952_01-2012.pdf
[2012.01.19 10:32:09 | 000,040,073 | ---- | C] () -- C:\Users\MR\Documents\Einladung_Antrittsvorlesung.pdf
[2012.01.19 09:45:18 | 001,631,714 | ---- | C] () -- C:\Users\MR\Documents\S1_Wahrnehmung.pdf
[2012.01.16 14:32:19 | 000,021,693 | ---- | C] () -- C:\Users\MR\Documents\Anschreiben.odt
[2012.01.13 17:18:08 | 000,636,550 | ---- | C] () -- C:\Users\MR\Documents\un-konv_infobrosch_web.pdf
[2012.01.05 12:31:36 | 000,645,564 | ---- | C] () -- C:\Users\MR\Desktop\praktikumsbericht jaaaaaaaa =).odt
[2012.01.04 10:11:39 | 000,010,240 | ---- | C] () -- C:\Windows\System32\vidx16.dll
[2012.01.04 10:11:39 | 000,005,672 | ---- | C] () -- C:\Windows\System32\quartz.vxd
[2012.01.04 10:10:18 | 000,069,632 | ---- | C] () -- C:\Windows\System32\LVUI2RC.dll
[2012.01.04 10:10:13 | 000,000,256 | ---- | C] () -- C:\Windows\_delis32.ini
[2011.12.05 19:48:11 | 000,356,352 | ---- | C] () -- C:\Windows\EMCRI.dll
[2011.10.18 13:08:38 | 000,000,135 | ---- | C] () -- C:\Windows\ODBC.INI
[2011.10.18 13:08:37 | 000,000,209 | ---- | C] () -- C:\Windows\ODBCINST.INI
[2011.10.18 13:07:52 | 000,037,574 | ---- | C] () -- C:\Windows\Irremote.ini
[2011.10.18 13:07:40 | 000,142,337 | ---- | C] () -- C:\Windows\System32\Wait.exe
[2011.10.18 13:07:14 | 000,007,328 | ---- | C] () -- C:\Windows\HCWPNP.INI
[2009.07.14 09:47:43 | 000,654,166 | ---- | C] () -- C:\Windows\System32\perfh007.dat
[2009.07.14 09:47:43 | 000,295,922 | ---- | C] () -- C:\Windows\System32\perfi007.dat
[2009.07.14 09:47:43 | 000,130,006 | ---- | C] () -- C:\Windows\System32\perfc007.dat
[2009.07.14 09:47:43 | 000,038,104 | ---- | C] () -- C:\Windows\System32\perfd007.dat
[2009.07.14 05:57:37 | 000,067,584 | --S- | C] () -- C:\Windows\bootstat.dat
[2009.07.14 05:33:53 | 000,300,976 | ---- | C] () -- C:\Windows\System32\FNTCACHE.DAT
[2009.07.14 03:05:48 | 000,616,008 | ---- | C] () -- C:\Windows\System32\perfh009.dat
[2009.07.14 03:05:48 | 000,291,294 | ---- | C] () -- C:\Windows\System32\perfi009.dat
[2009.07.14 03:05:48 | 000,106,388 | ---- | C] () -- C:\Windows\System32\perfc009.dat
[2009.07.14 03:05:48 | 000,031,548 | ---- | C] () -- C:\Windows\System32\perfd009.dat
[2009.07.14 03:05:05 | 000,000,741 | ---- | C] () -- C:\Windows\System32\NOISE.DAT
[2009.07.14 03:04:11 | 000,215,943 | ---- | C] () -- C:\Windows\System32\dssec.dat
[2009.07.14 01:19:49 | 000,066,048 | ---- | C] () -- C:\Windows\System32\PrintBrmUi.exe
[2009.07.14 00:55:01 | 000,043,131 | ---- | C] () -- C:\Windows\mib.bin
[2009.07.14 00:51:43 | 000,073,728 | ---- | C] () -- C:\Windows\System32\BthpanContextHandler.dll
[2009.07.14 00:42:10 | 000,064,000 | ---- | C] () -- C:\Windows\System32\BWContextHandler.dll
[2009.06.10 22:26:10 | 000,673,088 | ---- | C] () -- C:\Windows\System32\mlang.dat
 
========== LOP Check ==========
 
[2012.01.22 11:53:27 | 000,000,000 | ---D | M] -- C:\Users\MR\AppData\Roaming\f-secure
[2011.10.14 09:07:50 | 000,000,000 | ---D | M] -- C:\Users\MR\AppData\Roaming\LibreOffice
[2011.11.09 21:07:36 | 000,000,000 | ---D | M] -- C:\Users\MR\AppData\Roaming\Lingo4u
[2012.01.22 11:41:40 | 000,000,000 | ---D | M] -- C:\Users\MR\AppData\Roaming\QuickScan
[2012.01.24 17:26:04 | 000,000,000 | ---D | M] -- C:\Users\MR\AppData\Roaming\uTorrent
[2012.01.20 16:03:07 | 000,032,630 | ---- | M] () -- C:\Windows\Tasks\SCHEDLGU.TXT
 
========== Purity Check ==========
 
 
 
========== Custom Scans ==========
 
 
< %ALLUSERSPROFILE%\Application Data\*. >
 
< %ALLUSERSPROFILE%\Application Data\*.exe /s >
 
< %APPDATA%\*. >
[2011.11.08 13:41:15 | 000,000,000 | ---D | M] -- C:\Users\MR\AppData\Roaming\Adobe
[2011.11.10 07:39:55 | 000,000,000 | ---D | M] -- C:\Users\MR\AppData\Roaming\Apple Computer
[2011.10.14 08:35:09 | 000,000,000 | ---D | M] -- C:\Users\MR\AppData\Roaming\Avira
[2012.01.22 11:53:27 | 000,000,000 | ---D | M] -- C:\Users\MR\AppData\Roaming\f-secure
[2011.11.15 21:23:47 | 000,000,000 | ---D | M] -- C:\Users\MR\AppData\Roaming\HpUpdate
[2011.10.13 16:33:04 | 000,000,000 | ---D | M] -- C:\Users\MR\AppData\Roaming\Identities
[2011.10.14 09:07:50 | 000,000,000 | ---D | M] -- C:\Users\MR\AppData\Roaming\LibreOffice
[2011.11.09 21:07:36 | 000,000,000 | ---D | M] -- C:\Users\MR\AppData\Roaming\Lingo4u
[2011.11.08 13:41:15 | 000,000,000 | ---D | M] -- C:\Users\MR\AppData\Roaming\Macromedia
[2012.01.21 21:17:53 | 000,000,000 | ---D | M] -- C:\Users\MR\AppData\Roaming\Malwarebytes
[2009.07.14 09:56:56 | 000,000,000 | ---D | M] -- C:\Users\MR\AppData\Roaming\Media Center Programs
[2011.11.12 14:45:06 | 000,000,000 | --SD | M] -- C:\Users\MR\AppData\Roaming\Microsoft
[2011.10.13 16:43:36 | 000,000,000 | ---D | M] -- C:\Users\MR\AppData\Roaming\Mozilla
[2012.01.22 11:41:40 | 000,000,000 | ---D | M] -- C:\Users\MR\AppData\Roaming\QuickScan
[2012.01.12 16:02:23 | 000,000,000 | ---D | M] -- C:\Users\MR\AppData\Roaming\Skype
[2012.01.24 17:26:04 | 000,000,000 | ---D | M] -- C:\Users\MR\AppData\Roaming\uTorrent
[2012.01.22 22:26:48 | 000,000,000 | ---D | M] -- C:\Users\MR\AppData\Roaming\vlc
 
< %APPDATA%\*.exe /s >
 
< %SYSTEMDRIVE%\*.exe >
 
 
< MD5 for: AGP440.SYS  >
[2009.07.14 02:26:15 | 000,053,312 | ---- | M] (Microsoft Corporation) MD5=507812C3054C21CEF746B6EE3D04DD6E -- C:\Windows\System32\drivers\AGP440.sys
[2009.07.14 02:26:15 | 000,053,312 | ---- | M] (Microsoft Corporation) MD5=507812C3054C21CEF746B6EE3D04DD6E -- C:\Windows\System32\DriverStore\FileRepository\machine.inf_x86_neutral_65848c2d7375a720\AGP440.sys
[2009.07.14 02:26:15 | 000,053,312 | ---- | M] (Microsoft Corporation) MD5=507812C3054C21CEF746B6EE3D04DD6E -- C:\Windows\winsxs\x86_machine.inf_31bf3856ad364e35_6.1.7600.16385_none_b9e9435f20046eeb\AGP440.sys
[2009.07.14 02:26:15 | 000,053,312 | ---- | M] (Microsoft Corporation) MD5=507812C3054C21CEF746B6EE3D04DD6E -- C:\Windows\winsxs\x86_machine.inf_31bf3856ad364e35_6.1.7601.17514_none_bc1a57271cf2f285\AGP440.sys
 
< MD5 for: ATAPI.SYS  >
[2009.07.14 02:26:15 | 000,021,584 | ---- | M] (Microsoft Corporation) MD5=338C86357871C167A96AB976519BF59E -- C:\Windows\System32\drivers\atapi.sys
[2009.07.14 02:26:15 | 000,021,584 | ---- | M] (Microsoft Corporation) MD5=338C86357871C167A96AB976519BF59E -- C:\Windows\System32\DriverStore\FileRepository\mshdc.inf_x86_neutral_f64b9c35a3a5be81\atapi.sys
[2009.07.14 02:26:15 | 000,021,584 | ---- | M] (Microsoft Corporation) MD5=338C86357871C167A96AB976519BF59E -- C:\Windows\winsxs\x86_mshdc.inf_31bf3856ad364e35_6.1.7600.16385_none_dd0e7e3d82dd640d\atapi.sys
[2009.07.14 02:26:15 | 000,021,584 | ---- | M] (Microsoft Corporation) MD5=338C86357871C167A96AB976519BF59E -- C:\Windows\winsxs\x86_mshdc.inf_31bf3856ad364e35_6.1.7601.17514_none_df3f92057fcbe7a7\atapi.sys
 
< MD5 for: CNGAUDIT.DLL  >
[2009.07.14 02:15:06 | 000,012,288 | ---- | M] (Microsoft Corporation) MD5=50BA656134F78AF64E4DD3C8B6FEFD7E -- C:\Windows\System32\cngaudit.dll
[2009.07.14 02:15:06 | 000,012,288 | ---- | M] (Microsoft Corporation) MD5=50BA656134F78AF64E4DD3C8B6FEFD7E -- C:\Windows\winsxs\x86_microsoft-windows-cngaudit-dll_31bf3856ad364e35_6.1.7600.16385_none_e83a414890e8132b\cngaudit.dll
 
< MD5 for: IASTORV.SYS  >
[2011.03.11 06:38:51 | 000,332,160 | ---- | M] (Intel Corporation) MD5=5CD5F9A5444E6CDCB0AC89BD62D8B76E -- C:\Windows\winsxs\x86_iastorv.inf_31bf3856ad364e35_6.1.7601.17577_none_b0daddb9e6380745\iaStorV.sys
[2011.03.11 06:43:55 | 000,332,160 | ---- | M] (Intel Corporation) MD5=71F1A494FEDF4B33C02C4A6A28D6D9E9 -- C:\Windows\System32\drivers\iaStorV.sys
[2011.03.11 06:43:55 | 000,332,160 | ---- | M] (Intel Corporation) MD5=71F1A494FEDF4B33C02C4A6A28D6D9E9 -- C:\Windows\System32\DriverStore\FileRepository\iastorv.inf_x86_neutral_0033117673c16921\iaStorV.sys
[2011.03.11 06:43:55 | 000,332,160 | ---- | M] (Intel Corporation) MD5=71F1A494FEDF4B33C02C4A6A28D6D9E9 -- C:\Windows\winsxs\x86_iastorv.inf_31bf3856ad364e35_6.1.7600.16778_none_aef580fde910b4b0\iaStorV.sys
[2011.03.11 06:28:00 | 000,332,160 | ---- | M] (Intel Corporation) MD5=778D0E6D7D9EBA0C403BADBAAD41DB20 -- C:\Windows\winsxs\x86_iastorv.inf_31bf3856ad364e35_6.1.7601.21680_none_b152a892ff64119f\iaStorV.sys
[2009.07.14 02:20:36 | 000,332,352 | ---- | M] (Intel Corporation) MD5=934AF4D7C5F457B9F0743F4299B77B67 -- C:\Windows\System32\DriverStore\FileRepository\iastorv.inf_x86_neutral_18cccb83b34e1453\iaStorV.sys
[2009.07.14 02:20:36 | 000,332,352 | ---- | M] (Intel Corporation) MD5=934AF4D7C5F457B9F0743F4299B77B67 -- C:\Windows\winsxs\x86_iastorv.inf_31bf3856ad364e35_6.1.7600.16385_none_aee7a89be91b9000\iaStorV.sys
[2010.11.20 13:29:54 | 000,332,160 | ---- | M] (Intel Corporation) MD5=A3CAE5D281DB4CFF7CFF8233507EE5AD -- C:\Windows\SoftwareDistribution\Download\18e2c83e42cc8f0cc17b5dbfaf982690\x86_iastorv.inf_31bf3856ad364e35_6.1.7601.17514_none_b118bc63e60a139a\iaStorV.sys
[2011.03.11 06:52:21 | 000,332,160 | ---- | M] (Intel Corporation) MD5=B9039A34C2F8769490DCC494E2402445 -- C:\Windows\winsxs\x86_iastorv.inf_31bf3856ad364e35_6.1.7600.20921_none_afae2d45020c148b\iaStorV.sys
 
< MD5 for: NETLOGON.DLL  >
[2010.11.20 13:20:28 | 000,563,712 | ---- | M] (Microsoft Corporation) MD5=C1809B9907ADEDAF16F50C894100883B -- C:\Windows\SoftwareDistribution\Download\18e2c83e42cc8f0cc17b5dbfaf982690\x86_microsoft-windows-security-netlogon_31bf3856ad364e35_6.1.7601.17514_none_ffbf212e963c0162\netlogon.dll
[2009.07.14 02:16:02 | 000,563,712 | ---- | M] (Microsoft Corporation) MD5=EAA75D9000B71F10EEC04D2AE6C60E81 -- C:\Windows\System32\netlogon.dll
[2009.07.14 02:16:02 | 000,563,712 | ---- | M] (Microsoft Corporation) MD5=EAA75D9000B71F10EEC04D2AE6C60E81 -- C:\Windows\winsxs\x86_microsoft-windows-security-netlogon_31bf3856ad364e35_6.1.7600.16385_none_fd8e0d66994d7dc8\netlogon.dll
 
< MD5 for: NVSTOR.SYS  >
[2011.03.11 06:39:00 | 000,143,744 | ---- | M] (NVIDIA Corporation) MD5=4380E59A170D88C4F1022EFF6719A8A4 -- C:\Windows\winsxs\x86_nvraid.inf_31bf3856ad364e35_6.1.7601.17577_none_3ba44e691d6eb11d\nvstor.sys
[2011.03.11 06:44:01 | 000,143,744 | ---- | M] (NVIDIA Corporation) MD5=4520B63899E867F354EE012D34E11536 -- C:\Windows\System32\drivers\nvstor.sys
[2011.03.11 06:44:01 | 000,143,744 | ---- | M] (NVIDIA Corporation) MD5=4520B63899E867F354EE012D34E11536 -- C:\Windows\System32\DriverStore\FileRepository\nvraid.inf_x86_neutral_38e464dbe521cc7f\nvstor.sys
[2011.03.11 06:44:01 | 000,143,744 | ---- | M] (NVIDIA Corporation) MD5=4520B63899E867F354EE012D34E11536 -- C:\Windows\winsxs\x86_nvraid.inf_31bf3856ad364e35_6.1.7600.16778_none_39bef1ad20475e88\nvstor.sys
[2011.03.11 06:28:10 | 000,143,744 | ---- | M] (NVIDIA Corporation) MD5=66D468654A58594F5F3BA63D5AD5B1AF -- C:\Windows\winsxs\x86_nvraid.inf_31bf3856ad364e35_6.1.7601.21680_none_3c1c1942369abb77\nvstor.sys
[2011.03.11 06:52:25 | 000,143,744 | ---- | M] (NVIDIA Corporation) MD5=8A7583A3B58D3EEB28BB26626526BC91 -- C:\Windows\winsxs\x86_nvraid.inf_31bf3856ad364e35_6.1.7600.20921_none_3a779df43942be63\nvstor.sys
[2010.11.20 13:30:06 | 000,143,744 | ---- | M] (NVIDIA Corporation) MD5=9283C58EBAA2618F93482EB5DABCEC82 -- C:\Windows\SoftwareDistribution\Download\18e2c83e42cc8f0cc17b5dbfaf982690\x86_nvraid.inf_31bf3856ad364e35_6.1.7601.17514_none_3be22d131d40bd72\nvstor.sys
[2009.07.14 02:20:44 | 000,142,416 | ---- | M] (NVIDIA Corporation) MD5=C99F251A5DE63C6F129CF71933ACED0F -- C:\Windows\System32\DriverStore\FileRepository\nvraid.inf_x86_neutral_5bde3fe2945bce9e\nvstor.sys
[2009.07.14 02:20:44 | 000,142,416 | ---- | M] (NVIDIA Corporation) MD5=C99F251A5DE63C6F129CF71933ACED0F -- C:\Windows\winsxs\x86_nvraid.inf_31bf3856ad364e35_6.1.7600.16385_none_39b1194b205239d8\nvstor.sys
 
< MD5 for: SCECLI.DLL  >
[2009.07.14 02:16:13 | 000,175,616 | ---- | M] (Microsoft Corporation) MD5=26073302DAEA83CC5B944C546D6B47D2 -- C:\Windows\System32\scecli.dll
[2009.07.14 02:16:13 | 000,175,616 | ---- | M] (Microsoft Corporation) MD5=26073302DAEA83CC5B944C546D6B47D2 -- C:\Windows\winsxs\x86_microsoft-windows-s..urationengineclient_31bf3856ad364e35_6.1.7600.16385_none_37e4387f3a6f0483\scecli.dll
[2010.11.20 13:21:04 | 000,175,616 | ---- | M] (Microsoft Corporation) MD5=8124944EC89D6A1815E4E53F5B96AAF4 -- C:\Windows\SoftwareDistribution\Download\18e2c83e42cc8f0cc17b5dbfaf982690\x86_microsoft-windows-s..urationengineclient_31bf3856ad364e35_6.1.7601.17514_none_3a154c47375d881d\scecli.dll
 
< MD5 for: USER32.DLL  >
[2009.07.14 02:16:17 | 000,811,520 | ---- | M] (Microsoft Corporation) MD5=34B7E222E81FAFA885F0C5F2CFA56861 -- C:\Windows\System32\user32.dll
[2009.07.14 02:16:17 | 000,811,520 | ---- | M] (Microsoft Corporation) MD5=34B7E222E81FAFA885F0C5F2CFA56861 -- C:\Windows\winsxs\x86_microsoft-windows-user32_31bf3856ad364e35_6.1.7600.16385_none_cd0ec264ceb014a3\user32.dll
[2010.11.20 13:21:33 | 000,811,520 | ---- | M] (Microsoft Corporation) MD5=F1DD3ACAEE5E6B4BBC69BC6DF75CEF66 -- C:\Windows\SoftwareDistribution\Download\18e2c83e42cc8f0cc17b5dbfaf982690\x86_microsoft-windows-user32_31bf3856ad364e35_6.1.7601.17514_none_cf3fd62ccb9e983d\user32.dll
 
< MD5 for: USERINIT.EXE  >
[2010.11.20 13:17:48 | 000,026,624 | ---- | M] (Microsoft Corporation) MD5=61AC3EFDFACFDD3F0F11DD4FD4044223 -- C:\Windows\SoftwareDistribution\Download\18e2c83e42cc8f0cc17b5dbfaf982690\x86_microsoft-windows-userinit_31bf3856ad364e35_6.1.7601.17514_none_de3024012ff21116\userinit.exe
[2009.07.14 02:14:43 | 000,026,112 | ---- | M] (Microsoft Corporation) MD5=6DE80F60D7DE9CE6B8C2DDFDF79EF175 -- C:\Windows\System32\userinit.exe
[2009.07.14 02:14:43 | 000,026,112 | ---- | M] (Microsoft Corporation) MD5=6DE80F60D7DE9CE6B8C2DDFDF79EF175 -- C:\Windows\winsxs\x86_microsoft-windows-userinit_31bf3856ad364e35_6.1.7600.16385_none_dbff103933038d7c\userinit.exe
 
< MD5 for: WININIT.EXE  >
[2009.07.14 02:14:45 | 000,096,256 | ---- | M] (Microsoft Corporation) MD5=B5C5DCAD3899512020D135600129D665 -- C:\Windows\System32\wininit.exe
[2009.07.14 02:14:45 | 000,096,256 | ---- | M] (Microsoft Corporation) MD5=B5C5DCAD3899512020D135600129D665 -- C:\Windows\winsxs\x86_microsoft-windows-wininit_31bf3856ad364e35_6.1.7600.16385_none_30c90ef265a43c13\wininit.exe
 
< MD5 for: WINLOGON.EXE  >
[2009.10.28 07:17:59 | 000,285,696 | ---- | M] (Microsoft Corporation) MD5=37CDB7E72EB66BA85A87CBE37E7F03FD -- C:\Windows\System32\winlogon.exe
[2009.10.28 07:17:59 | 000,285,696 | ---- | M] (Microsoft Corporation) MD5=37CDB7E72EB66BA85A87CBE37E7F03FD -- C:\Windows\winsxs\x86_microsoft-windows-winlogon_31bf3856ad364e35_6.1.7600.16447_none_6fc699643622d177\winlogon.exe
[2009.10.28 06:52:08 | 000,285,696 | ---- | M] (Microsoft Corporation) MD5=3BABE6767C78FBF5FB8435FEED187F30 -- C:\Windows\winsxs\x86_microsoft-windows-winlogon_31bf3856ad364e35_6.1.7600.20560_none_703394514f56f7c2\winlogon.exe
[2010.11.20 13:17:54 | 000,286,720 | ---- | M] (Microsoft Corporation) MD5=6D13E1406F50C66E2A95D97F22C47560 -- C:\Windows\SoftwareDistribution\Download\18e2c83e42cc8f0cc17b5dbfaf982690\x86_microsoft-windows-winlogon_31bf3856ad364e35_6.1.7601.17514_none_71ca6b0233339500\winlogon.exe
[2009.07.14 02:14:45 | 000,285,696 | ---- | M] (Microsoft Corporation) MD5=8EC6A4AB12B8F3759E21F8E3A388F2CF -- C:\Windows\winsxs\x86_microsoft-windows-winlogon_31bf3856ad364e35_6.1.7600.16385_none_6f99573a36451166\winlogon.exe
[2011.12.24 17:50:20 | 000,182,856 | ---- | M] () MD5=B382935AB01B27D0E14F267DBF288896 -- C:\Program Files\Malwarebytes' Anti-Malware\Chameleon\winlogon.exe
 
< MD5 for: WS2IFSL.SYS  >
[2009.07.14 00:55:02 | 000,016,384 | ---- | M] (Microsoft Corporation) MD5=6DB3276587B853BF886B69528FDB048C -- C:\Windows\System32\drivers\ws2ifsl.sys
[2009.07.14 00:55:02 | 000,016,384 | ---- | M] (Microsoft Corporation) MD5=6DB3276587B853BF886B69528FDB048C -- C:\Windows\winsxs\x86_microsoft-windows-w..rastructure-ws2ifsl_31bf3856ad364e35_6.1.7600.16385_none_4f5cf6f829213bb2\ws2ifsl.sys
 
< %systemroot%\system32\drivers\*.sys /lockedfiles >
 
< %systemroot%\System32\config\*.sav >
 
< %systemroot%\*. /mp /s >
 
< %systemroot%\system32\*.dll /lockedfiles >
 
<          >

< End of report >

cosinus 24.01.2012 20:31
Mach einen OTL-Fix, beende alle evtl. geöffneten Programme, auch Virenscanner deaktivieren (!), starte OTL und kopiere folgenden Text in die "Custom Scan/Fixes" Box (unten in OTL): (das ":OTL" muss mitkopiert werden!!!)

Code:
:OTL
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.niewieder.de!!!!!/
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = http://de.msn.com/?ocid=iehp
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = de
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = 7B 49 AC 9A C7 D6 CC 01  [binary data]
IE - HKCU\..\URLSearchHook: {F3FEE66E-E034-436a-86E4-9690573BEE8A} - C:\Programme\YouTube Downloader Toolbar\IE\4.9\youtubedownloaderToolbarIE.dll (Spigot, Inc.)
FF - prefs.js..browser.search.defaultenginename: "Yahoo"
FF - prefs.js..browser.search.param.yahoo-fr: "chr-greentree_ff&type=937811&ilc=12"
FF - prefs.js..browser.search.selectedEngine: "Yahoo"
FF - prefs.js..keyword.URL: "http://de.search.yahoo.com/search?fr=greentree_ff1&ei=utf-8&ilc=12&type=937811&p="
O4 - HKLM..\Run: []  File not found
O4 - HKLM..\Run: [DXM6Patch_981116] C:\Windows\p_981116.exe (Microsoft Corporation)
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2009.06.10 22:42:20 | 000,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ]
O33 - MountPoints2\{5705f481-f5b0-11e0-bce6-0016d4db80ff}\Shell - "" = AutoRun
O33 - MountPoints2\{5705f481-f5b0-11e0-bce6-0016d4db80ff}\Shell\AutoRun\command - "" = F:\LaunchU3.exe -a

:Commands
[emptytemp]
[resethosts]
Klick dann oben links auf den Button Fix!
Das Logfile müsste geöffnet werden, wenn Du nach dem Fixen auf ok klickst, poste das bitte. Evtl. wird der Rechner neu gestartet.

Die mit diesem Script gefixten Einträge, Dateien und Ordner werden zur Sicherheit nicht vollständig gelöscht, es wird eine Sicherheitskopie auf der Systempartition im Ordner "_OTL" erstellt.

Hinweis: Das obige Script ist nur für diesen einen User in dieser Situtation erstellt worden. Es ist auf keinen anderen Rechner portierbar und darf nicht anderweitig verwandt werden, da es das System nachhaltig schädigen kann!

Paclib 24.01.2012 20:47
Gefixt, und das hier ist rausgekommen:

Code:
All processes killed
========== OTL ==========
HKCU\SOFTWARE\Microsoft\Internet Explorer\Main\\Start Page| /E : value set successfully!
HKCU\SOFTWARE\Microsoft\Internet Explorer\Main\\Start Page Redirect Cache| /E : value set successfully!
HKCU\SOFTWARE\Microsoft\Internet Explorer\Main\\Start Page Redirect Cache AcceptLangs| /E : value set successfully!
HKCU\SOFTWARE\Microsoft\Internet Explorer\Main\\Start Page Redirect Cache_TIMESTAMP| /E : value set successfully!
Registry value HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\URLSearchHooks\\{F3FEE66E-E034-436a-86E4-9690573BEE8A} deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{F3FEE66E-E034-436a-86E4-9690573BEE8A}\ deleted successfully.
C:\Programme\YouTube Downloader Toolbar\IE\4.9\youtubedownloaderToolbarIE.dll moved successfully.
Prefs.js: "Yahoo" removed from browser.search.defaultenginename
Prefs.js: "chr-greentree_ff&type=937811&ilc=12" removed from browser.search.param.yahoo-fr
Prefs.js: "Yahoo" removed from browser.search.selectedEngine
Prefs.js: "hxxp://de.search.yahoo.com/search?fr=greentree_ff1&ei=utf-8&ilc=12&type=937811&p=" removed from keyword.URL
Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run\\ deleted successfully.
Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run\\DXM6Patch_981116 deleted successfully.
C:\Windows\p_981116.exe moved successfully.
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Cdrom\\AutoRun|DWORD:1 /E : value set successfully!
C:\autoexec.bat moved successfully.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{5705f481-f5b0-11e0-bce6-0016d4db80ff}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{5705f481-f5b0-11e0-bce6-0016d4db80ff}\ not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{5705f481-f5b0-11e0-bce6-0016d4db80ff}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{5705f481-f5b0-11e0-bce6-0016d4db80ff}\ not found.
File F:\LaunchU3.exe -a not found.
========== COMMANDS ==========
 
[EMPTYTEMP]
 
User: All Users
 
User: Default
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
 
User: Default User
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
 
User: MR
->Temp folder emptied: 373232104 bytes
->Temporary Internet Files folder emptied: 32943276 bytes
->Java cache emptied: 713216 bytes
->FireFox cache emptied: 470688220 bytes
->Flash cache emptied: 985 bytes
 
User: Public
 
User: user
 
%systemdrive% .tmp files removed: 0 bytes
%systemroot% .tmp files removed: 0 bytes
%systemroot%\System32 .tmp files removed: 0 bytes
%systemroot%\System32\drivers .tmp files removed: 0 bytes
Windows Temp folder emptied: 57322564 bytes
RecycleBin emptied: 999339 bytes
 
Total Files Cleaned = 893,00 mb
 
C:\Windows\System32\drivers\etc\Hosts moved successfully.
HOSTS file reset successfully
 
OTL by OldTimer - Version 3.2.31.0 log created on 01242012_204009

Files\Folders moved on Reboot...
C:\Windows\temp\JET7FCA.tmp moved successfully.
C:\Windows\temp\JETA820.tmp moved successfully.

Registry entries deleted on Reboot...

cosinus 24.01.2012 21:10
Bitte nun (im normalen Windows-Modus) dieses Tool von Kaspersky (TDSS-Killer) ausführen und das Log posten => http://www.trojaner-board.de/82358-t...entfernen.html

Das Tool so einstellen wie unten im Bild angegeben - klick auf change parameters und setze die Haken wie im folgenden Screenshot abgebildet,
Dann auf Start Scan klicken und wenn es durch ist auf den Button Report klicken um das Log anzuzeigen. Dieses bitte komplett posten.
Wenn du das Log nicht findest oder den Inhalt kopieren und in dein Posting übertragen kannst, dann schau bitte direkt auf deiner Windows-Systempartition (meistens Laufwerk C:) nach, da speichert der TDSS-Killer seine Logs.

Hinweis: Bitte nichts voreilig mit dem TDSS-Killer löschen! Falls Objekte vom TDSS-Killer bemängelt werden, alle mit der Aktion "skip" behandeln und hier nur das Log posten!

http://saved.im/mtkwmtcxexhp/setting...8_16-25-18.jpg


Falls du durch die Infektion auf deine Dokumente/Eigenen Dateien nicht zugreifen kannst, Verknüpfungen auf dem Desktop oder im Startmenü unter "alle Programme" fehlen, bitte unhide ausführen:
Downloade dir bitte unhide.exe und speichere diese Datei auf deinem Desktop.
Starte das Tool und es sollten alle Dateien und Ordner wieder sichtbar sein. ( Könnte eine Weile dauern )
http://www.trojaner-board.de/images/icons/icon4.gif Windows-Vista und Windows-7-User müssen das Tool per Rechtsklick als Administrator ausführen! http://www.trojaner-board.de/images/icons/icon4.gif

Paclib 24.01.2012 22:40
Code:
22:25:04.0434 2112        TDSS rootkit removing tool 2.7.7.0 Jan 24 2012 16:44:27
22:25:04.0683 2112        ============================================================
22:25:04.0683 2112        Current date / time: 2012/01/24 22:25:04.0683
22:25:04.0683 2112        SystemInfo:
22:25:04.0683 2112       
22:25:04.0683 2112        OS Version: 6.1.7600 ServicePack: 0.0
22:25:04.0683 2112        Product type: Workstation
22:25:04.0684 2112        ComputerName: MR-PC
22:25:04.0684 2112        UserName: MR
22:25:04.0684 2112        Windows directory: C:\Windows
22:25:04.0684 2112        System windows directory: C:\Windows
22:25:04.0684 2112        Processor architecture: Intel x86
22:25:04.0684 2112        Number of processors: 2
22:25:04.0684 2112        Page size: 0x1000
22:25:04.0684 2112        Boot type: Normal boot
22:25:04.0684 2112        ============================================================
22:25:06.0234 2112        Drive \Device\Harddisk0\DR0 - Size: 0x25433D6000 (149.05 Gb), SectorSize: 0x200, Cylinders: 0x4C01, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000050
22:25:06.0301 2112        Initialize success
22:36:25.0087 3744        ============================================================
22:36:25.0087 3744        Scan started
22:36:25.0087 3744        Mode: Manual; SigCheck; TDLFS;
22:36:25.0087 3744        ============================================================
22:36:25.0789 3744        1394ohci        (6d2aca41739bfe8cb86ee8e85f29697d) C:\Windows\system32\DRIVERS\1394ohci.sys
22:36:25.0961 3744        1394ohci - ok
22:36:25.0992 3744        ACPI            (f0e07d144c8685b8774bc32fc8da4df0) C:\Windows\system32\DRIVERS\ACPI.sys
22:36:26.0023 3744        ACPI - ok
22:36:26.0054 3744        AcpiPmi        (98d81ca942d19f7d9153b095162ac013) C:\Windows\system32\DRIVERS\acpipmi.sys
22:36:26.0132 3744        AcpiPmi - ok
22:36:26.0210 3744        adp94xx        (21e785ebd7dc90a06391141aac7892fb) C:\Windows\system32\DRIVERS\adp94xx.sys
22:36:26.0273 3744        adp94xx - ok
22:36:26.0288 3744        adpahci        (0c676bc278d5b59ff5abd57bbe9123f2) C:\Windows\system32\DRIVERS\adpahci.sys
22:36:26.0351 3744        adpahci - ok
22:36:26.0382 3744        adpu320        (7c7b5ee4b7b822ec85321fe23a27db33) C:\Windows\system32\DRIVERS\adpu320.sys
22:36:26.0413 3744        adpu320 - ok
22:36:26.0491 3744        AFD            (0db7a48388d54d154ebec120461a0fcd) C:\Windows\system32\drivers\afd.sys
22:36:26.0678 3744        AFD - ok
22:36:26.0709 3744        agp440          (507812c3054c21cef746b6ee3d04dd6e) C:\Windows\system32\DRIVERS\agp440.sys
22:36:26.0741 3744        agp440 - ok
22:36:26.0772 3744        aic78xx        (8b30250d573a8f6b4bd23195160d8707) C:\Windows\system32\DRIVERS\djsvs.sys
22:36:26.0819 3744        aic78xx - ok
22:36:26.0850 3744        aliide          (0d40bcf52ea90fc7df2aeab6503dea44) C:\Windows\system32\DRIVERS\aliide.sys
22:36:26.0881 3744        aliide - ok
22:36:26.0897 3744        amdagp          (3c6600a0696e90a463771c7422e23ab5) C:\Windows\system32\DRIVERS\amdagp.sys
22:36:26.0928 3744        amdagp - ok
22:36:26.0943 3744        amdide          (cd5914170297126b6266860198d1d4f0) C:\Windows\system32\DRIVERS\amdide.sys
22:36:26.0975 3744        amdide - ok
22:36:27.0006 3744        AmdK8          (00dda200d71bac534bf56a9db5dfd666) C:\Windows\system32\DRIVERS\amdk8.sys
22:36:27.0053 3744        AmdK8 - ok
22:36:27.0068 3744        AmdPPM          (3cbf30f5370fda40dd3e87df38ea53b6) C:\Windows\system32\DRIVERS\amdppm.sys
22:36:27.0131 3744        AmdPPM - ok
22:36:27.0177 3744        amdsata        (19ce906b4cdc11fc4fef5745f33a63b6) C:\Windows\system32\drivers\amdsata.sys
22:36:27.0224 3744        amdsata - ok
22:36:27.0255 3744        amdsbs          (ea43af0c423ff267355f74e7a53bdaba) C:\Windows\system32\DRIVERS\amdsbs.sys
22:36:27.0287 3744        amdsbs - ok
22:36:27.0318 3744        amdxata        (869e67d66be326a5a9159fba8746fa70) C:\Windows\system32\drivers\amdxata.sys
22:36:27.0349 3744        amdxata - ok
22:36:27.0396 3744        AppID          (feb834c02ce1e84b6a38f953ca067706) C:\Windows\system32\drivers\appid.sys
22:36:27.0489 3744        AppID - ok
22:36:27.0536 3744        arc            (2932004f49677bd84dbc72edb754ffb3) C:\Windows\system32\DRIVERS\arc.sys
22:36:27.0583 3744        arc - ok
22:36:27.0599 3744        arcsas          (5d6f36c46fd283ae1b57bd2e9feb0bc7) C:\Windows\system32\DRIVERS\arcsas.sys
22:36:27.0645 3744        arcsas - ok
22:36:27.0677 3744        AsyncMac        (add2ade1c2b285ab8378d2daaf991481) C:\Windows\system32\DRIVERS\asyncmac.sys
22:36:27.0801 3744        AsyncMac - ok
22:36:27.0817 3744        atapi          (338c86357871c167a96ab976519bf59e) C:\Windows\system32\DRIVERS\atapi.sys
22:36:27.0848 3744        atapi - ok
22:36:27.0926 3744        AVerPola        (5b7297abcea83c058ce1713849642804) C:\Windows\system32\DRIVERS\AVerPola.sys
22:36:28.0004 3744        AVerPola ( UnsignedFile.Multi.Generic ) - warning
22:36:28.0004 3744        AVerPola - detected UnsignedFile.Multi.Generic (1)
22:36:28.0051 3744        avgntflt        (7713e4eb0276702faa08e52a6e23f2a6) C:\Windows\system32\DRIVERS\avgntflt.sys
22:36:28.0160 3744        avgntflt - ok
22:36:28.0191 3744        avipbb          (475fbb85956534720858ae72010c0a43) C:\Windows\system32\DRIVERS\avipbb.sys
22:36:28.0223 3744        avipbb - ok
22:36:28.0254 3744        avkmgr          (271cfd1a989209b1964e24d969552bf7) C:\Windows\system32\DRIVERS\avkmgr.sys
22:36:28.0285 3744        avkmgr - ok
22:36:28.0347 3744        AVPolCIR        (ae130449d9562183ad1bcc070de93fbc) C:\Windows\system32\DRIVERS\AVPolCIR.sys
22:36:28.0394 3744        AVPolCIR ( UnsignedFile.Multi.Generic ) - warning
22:36:28.0394 3744        AVPolCIR - detected UnsignedFile.Multi.Generic (1)
22:36:28.0488 3744        b06bdrv        (1a231abec60fd316ec54c66715543cec) C:\Windows\system32\DRIVERS\bxvbdx.sys
22:36:28.0581 3744        b06bdrv - ok
22:36:28.0628 3744        b57nd60x        (bd8869eb9cde6bbe4508d869929869ee) C:\Windows\system32\DRIVERS\b57nd60x.sys
22:36:28.0706 3744        b57nd60x - ok
22:36:28.0769 3744        bcm4sbxp        (82dd21bfa8bbe0a3a3833a1bd8e86158) C:\Windows\system32\DRIVERS\bcm4sbxp.sys
22:36:28.0831 3744        bcm4sbxp - ok
22:36:28.0893 3744        Beep            (505506526a9d467307b3c393dedaf858) C:\Windows\system32\drivers\Beep.sys
22:36:28.0971 3744        Beep - ok
22:36:29.0018 3744        blbdrive        (2287078ed48fcfc477b05b20cf38f36f) C:\Windows\system32\DRIVERS\blbdrive.sys
22:36:29.0081 3744        blbdrive - ok
22:36:29.0112 3744        bowser          (9a5c671b7fbae4865149bb11f59b91b2) C:\Windows\system32\DRIVERS\bowser.sys
22:36:29.0174 3744        bowser - ok
22:36:29.0205 3744        BrFiltLo        (9f9acc7f7ccde8a15c282d3f88b43309) C:\Windows\system32\DRIVERS\BrFiltLo.sys
22:36:29.0268 3744        BrFiltLo - ok
22:36:29.0283 3744        BrFiltUp        (56801ad62213a41f6497f96dee83755a) C:\Windows\system32\DRIVERS\BrFiltUp.sys
22:36:29.0330 3744        BrFiltUp - ok
22:36:29.0361 3744        Brserid        (845b8ce732e67f3b4133164868c666ea) C:\Windows\System32\Drivers\Brserid.sys
22:36:29.0455 3744        Brserid - ok
22:36:29.0471 3744        BrSerWdm        (203f0b1e73adadbbb7b7b1fabd901f6b) C:\Windows\System32\Drivers\BrSerWdm.sys
22:36:29.0549 3744        BrSerWdm - ok
22:36:29.0549 3744        BrUsbMdm        (bd456606156ba17e60a04e18016ae54b) C:\Windows\System32\Drivers\BrUsbMdm.sys
22:36:29.0627 3744        BrUsbMdm - ok
22:36:29.0642 3744        BrUsbSer        (af72ed54503f717a43268b3cc5faec2e) C:\Windows\System32\Drivers\BrUsbSer.sys
22:36:29.0673 3744        BrUsbSer - ok
22:36:29.0689 3744        BTHMODEM        (ed3df7c56ce0084eb2034432fc56565a) C:\Windows\system32\DRIVERS\bthmodem.sys
22:36:29.0751 3744        BTHMODEM - ok
22:36:29.0798 3744        cdfs            (77ea11b065e0a8ab902d78145ca51e10) C:\Windows\system32\DRIVERS\cdfs.sys
22:36:29.0861 3744        cdfs - ok
22:36:29.0907 3744        cdrom          (ba6e70aa0e6091bc39de29477d866a77) C:\Windows\system32\DRIVERS\cdrom.sys
22:36:29.0954 3744        cdrom - ok
22:36:29.0985 3744        circlass        (3fe3fe94a34df6fb06e6418d0f6a0060) C:\Windows\system32\DRIVERS\circlass.sys
22:36:30.0048 3744        circlass - ok
22:36:30.0095 3744        CLFS            (635181e0e9bbf16871bf5380d71db02d) C:\Windows\system32\CLFS.sys
22:36:30.0141 3744        CLFS - ok
22:36:30.0219 3744        CmBatt          (dea805815e587dad1dd2c502220b5616) C:\Windows\system32\DRIVERS\CmBatt.sys
22:36:30.0266 3744        CmBatt - ok
22:36:30.0297 3744        cmdide          (c537b1db64d495b9b4717b4d6d9edbf2) C:\Windows\system32\DRIVERS\cmdide.sys
22:36:30.0313 3744        cmdide - ok
22:36:30.0375 3744        CNG            (36c252e474b2ffa0f0fbbff20d92a640) C:\Windows\system32\Drivers\cng.sys
22:36:30.0453 3744        CNG - ok
22:36:30.0469 3744        Compbatt        (a6023d3823c37043986713f118a89bee) C:\Windows\system32\DRIVERS\compbatt.sys
22:36:30.0500 3744        Compbatt - ok
22:36:30.0547 3744        CompositeBus    (f1724ba27e97d627f808fb0ba77a28a6) C:\Windows\system32\DRIVERS\CompositeBus.sys
22:36:30.0594 3744        CompositeBus - ok
22:36:30.0641 3744        crcdisk        (2c4ebcfc84a9b44f209dff6c6e6c61d1) C:\Windows\system32\DRIVERS\crcdisk.sys
22:36:30.0672 3744        crcdisk - ok
22:36:30.0719 3744        CSC            (27c9490bdd0ae48911ab8cf1932591ed) C:\Windows\system32\drivers\csc.sys
22:36:30.0828 3744        CSC - ok
22:36:30.0906 3744        DfsC            (83d1ecea8faae75604c0fa49ac7ad996) C:\Windows\system32\Drivers\dfsc.sys
22:36:30.0968 3744        DfsC - ok
22:36:30.0999 3744        discache        (1a050b0274bfb3890703d490f330c0da) C:\Windows\system32\drivers\discache.sys
22:36:31.0077 3744        discache - ok
22:36:31.0093 3744        Disk            (565003f326f99802e68ca78f2a68e9ff) C:\Windows\system32\DRIVERS\disk.sys
22:36:31.0140 3744        Disk - ok
22:36:31.0187 3744        drmkaud        (b918e7c5f9bf77202f89e1a9539f2eb4) C:\Windows\system32\drivers\drmkaud.sys
22:36:31.0233 3744        drmkaud - ok
22:36:31.0311 3744        DXGKrnl        (1679a4669326cb1a67cc95658d273234) C:\Windows\System32\drivers\dxgkrnl.sys
22:36:31.0421 3744        DXGKrnl - ok
22:36:31.0592 3744        ebdrv          (024e1b5cac09731e4d868e64dbfb4ab0) C:\Windows\system32\DRIVERS\evbdx.sys
22:36:31.0842 3744        ebdrv - ok
22:36:31.0904 3744        elxstor        (0ed67910c8c326796faa00b2bf6d9d3c) C:\Windows\system32\DRIVERS\elxstor.sys
22:36:31.0982 3744        elxstor - ok
22:36:32.0045 3744        EMSCR          (1fa3f9df8983873746fa6b72dd7e3c2c) C:\Windows\system32\DRIVERS\EMS7SK.sys
22:36:32.0091 3744        EMSCR - ok
22:36:32.0091 3744        ErrDev          (8fc3208352dd3912c94367a206ab3f11) C:\Windows\system32\DRIVERS\errdev.sys
22:36:32.0154 3744        ErrDev - ok
22:36:32.0201 3744        ESDCR          (9c7487253aad6bf61f9bc83d50e32ccc) C:\Windows\system32\DRIVERS\ESD7SK.sys
22:36:32.0263 3744        ESDCR - ok
22:36:32.0294 3744        ESMCR          (99589d975da04f8bd31f124428fcc797) C:\Windows\system32\DRIVERS\ESM7SK.sys
22:36:32.0357 3744        ESMCR - ok
22:36:32.0419 3744        exfat          (2dc9108d74081149cc8b651d3a26207f) C:\Windows\system32\drivers\exfat.sys
22:36:32.0481 3744        exfat - ok
22:36:32.0497 3744        fastfat        (7e0ab74553476622fb6ae36f73d97d35) C:\Windows\system32\drivers\fastfat.sys
22:36:32.0575 3744        fastfat - ok
22:36:32.0606 3744        fdc            (e817a017f82df2a1f8cfdbda29388b29) C:\Windows\system32\DRIVERS\fdc.sys
22:36:32.0653 3744        fdc - ok
22:36:32.0684 3744        FileInfo        (6cf00369c97f3cf563be99be983d13d8) C:\Windows\system32\drivers\fileinfo.sys
22:36:32.0731 3744        FileInfo - ok
22:36:32.0747 3744        Filetrace      (42c51dc94c91da21cb9196eb64c45db9) C:\Windows\system32\drivers\filetrace.sys
22:36:32.0840 3744        Filetrace - ok
22:36:32.0856 3744        flpydisk        (87907aa70cb3c56600f1c2fb8841579b) C:\Windows\system32\DRIVERS\flpydisk.sys
22:36:32.0918 3744        flpydisk - ok
22:36:32.0949 3744        FltMgr          (7520ec808e0c35e0ee6f841294316653) C:\Windows\system32\drivers\fltmgr.sys
22:36:32.0996 3744        FltMgr - ok
22:36:33.0027 3744        FsDepends      (1a16b57943853e598cff37fe2b8cbf1d) C:\Windows\system32\drivers\FsDepends.sys
22:36:33.0074 3744        FsDepends - ok
22:36:33.0090 3744        Fs_Rec          (a574b4360e438977038aae4bf60d79a2) C:\Windows\system32\drivers\Fs_Rec.sys
22:36:33.0121 3744        Fs_Rec - ok
22:36:33.0152 3744        fvevol          (dafbd9fe39197495aed6d51f3b85b5d2) C:\Windows\system32\DRIVERS\fvevol.sys
22:36:33.0215 3744        fvevol - ok
22:36:33.0261 3744        gagp30kx        (65ee0c7a58b65e74ae05637418153938) C:\Windows\system32\DRIVERS\gagp30kx.sys
22:36:33.0293 3744        gagp30kx - ok
22:36:33.0355 3744        hcw85cir        (c44e3c2bab6837db337ddee7544736db) C:\Windows\system32\drivers\hcw85cir.sys
22:36:33.0417 3744        hcw85cir - ok
22:36:33.0480 3744        hcw95bda        (a9157afe4b6f32dcce9bd18fecd53a0d) C:\Windows\system32\Drivers\hcw95bda.sys
22:36:33.0558 3744        hcw95bda - ok
22:36:33.0589 3744        hcw95rc        (eb77f3c96c62e65cc25f04220b9a204a) C:\Windows\system32\DRIVERS\hcw95rc.sys
22:36:33.0636 3744        hcw95rc - ok
22:36:33.0745 3744        HdAudAddService (3530cad25deba7dc7de8bb51632cbc5f) C:\Windows\system32\drivers\HdAudio.sys
22:36:33.0839 3744        HdAudAddService - ok
22:36:33.0901 3744        HDAudBus        (717a2207fd6f13ad3e664c7d5a43c7bf) C:\Windows\system32\DRIVERS\HDAudBus.sys
22:36:33.0948 3744        HDAudBus - ok
22:36:33.0963 3744        HidBatt        (1d58a7f3e11a9731d0eaaaa8405acc36) C:\Windows\system32\DRIVERS\HidBatt.sys
22:36:34.0010 3744        HidBatt - ok
22:36:34.0026 3744        HidBth          (89448f40e6df260c206a193a4683ba78) C:\Windows\system32\DRIVERS\hidbth.sys
22:36:34.0104 3744        HidBth - ok
22:36:34.0119 3744        HidIr          (cf50b4cf4a4f229b9f3c08351f99ca5e) C:\Windows\system32\DRIVERS\hidir.sys
22:36:34.0182 3744        HidIr - ok
22:36:34.0229 3744        HidUsb          (25072fb35ac90b25f9e4e3bacf774102) C:\Windows\system32\DRIVERS\hidusb.sys
22:36:34.0275 3744        HidUsb - ok
22:36:34.0322 3744        HpSAMD          (295fdc419039090eb8b49ffdbb374549) C:\Windows\system32\DRIVERS\HpSAMD.sys
22:36:34.0369 3744        HpSAMD - ok
22:36:34.0416 3744        HTTP            (c531c7fd9e8b62021112787c4e2c5a5a) C:\Windows\system32\drivers\HTTP.sys
22:36:34.0541 3744        HTTP - ok
22:36:34.0572 3744        hwpolicy        (8305f33cde89ad6c7a0763ed0b5a8d42) C:\Windows\system32\drivers\hwpolicy.sys
22:36:34.0587 3744        hwpolicy - ok
22:36:34.0619 3744        i8042prt        (f151f0bdc47f4a28b1b20a0818ea36d6) C:\Windows\system32\DRIVERS\i8042prt.sys
22:36:34.0681 3744        i8042prt - ok
22:36:34.0759 3744        iaStorV        (71f1a494fedf4b33c02c4a6a28d6d9e9) C:\Windows\system32\drivers\iaStorV.sys
22:36:34.0821 3744        iaStorV - ok
22:36:35.0040 3744        igfx            (9467514ea189475a6e7fdc5d7bde9d3f) C:\Windows\system32\DRIVERS\igdkmd32.sys
22:36:35.0367 3744        igfx - ok
22:36:35.0477 3744        iirsp          (4173ff5708f3236cf25195fecd742915) C:\Windows\system32\DRIVERS\iirsp.sys
22:36:35.0508 3744        iirsp - ok
22:36:35.0555 3744        intelide        (a0f12f2c9ba6c72f3987ce780e77c130) C:\Windows\system32\DRIVERS\intelide.sys
22:36:35.0586 3744        intelide - ok
22:36:35.0617 3744        intelppm        (3b514d27bfc4accb4037bc6685f766e0) C:\Windows\system32\DRIVERS\intelppm.sys
22:36:35.0664 3744        intelppm - ok
22:36:35.0679 3744        IpFilterDriver  (709d1761d3b19a932ff0238ea6d50200) C:\Windows\system32\DRIVERS\ipfltdrv.sys
22:36:35.0789 3744        IpFilterDriver - ok
22:36:35.0804 3744        IPMIDRV        (e4454b6c37d7ffd5649611f6496308a7) C:\Windows\system32\DRIVERS\IPMIDrv.sys
22:36:35.0867 3744        IPMIDRV - ok
22:36:35.0882 3744        IPNAT          (a5fa468d67abcdaa36264e463a7bb0cd) C:\Windows\system32\drivers\ipnat.sys
22:36:35.0960 3744        IPNAT - ok
22:36:36.0007 3744        IRENUM          (42996cff20a3084a56017b7902307e9f) C:\Windows\system32\drivers\irenum.sys
22:36:36.0069 3744        IRENUM - ok
22:36:36.0101 3744        isapnp          (1f32bb6b38f62f7df1a7ab7292638a35) C:\Windows\system32\DRIVERS\isapnp.sys
22:36:36.0132 3744        isapnp - ok
22:36:36.0163 3744        iScsiPrt        (ed46c223ae46c6866ab77cdc41c404b7) C:\Windows\system32\DRIVERS\msiscsi.sys
22:36:36.0210 3744        iScsiPrt - ok
22:36:36.0241 3744        kbdclass        (adef52ca1aeae82b50df86b56413107e) C:\Windows\system32\DRIVERS\kbdclass.sys
22:36:36.0272 3744        kbdclass - ok
22:36:36.0303 3744        kbdhid          (3d9f0ebf350edcfd6498057301455964) C:\Windows\system32\DRIVERS\kbdhid.sys
22:36:36.0366 3744        kbdhid - ok
22:36:36.0413 3744        KSecDD          (0263364acb9c834ace52fb85c2c064ec) C:\Windows\system32\Drivers\ksecdd.sys
22:36:36.0444 3744        KSecDD - ok
22:36:36.0475 3744        KSecPkg        (27391db553be2a4e2b0adeea2873b2af) C:\Windows\system32\Drivers\ksecpkg.sys
22:36:36.0522 3744        KSecPkg - ok
22:36:36.0584 3744        lltdio          (f7611ec07349979da9b0ae1f18ccc7a6) C:\Windows\system32\DRIVERS\lltdio.sys
22:36:36.0662 3744        lltdio - ok
22:36:36.0725 3744        LSI_FC          (eb119a53ccf2acc000ac71b065b78fef) C:\Windows\system32\DRIVERS\lsi_fc.sys
22:36:36.0771 3744        LSI_FC - ok
22:36:36.0787 3744        LSI_SAS        (8ade1c877256a22e49b75d1cc9161f9c) C:\Windows\system32\DRIVERS\lsi_sas.sys
22:36:36.0818 3744        LSI_SAS - ok
22:36:36.0834 3744        LSI_SAS2        (dc9dc3d3daa0e276fd2ec262e38b11e9) C:\Windows\system32\DRIVERS\lsi_sas2.sys
22:36:36.0881 3744        LSI_SAS2 - ok
22:36:36.0896 3744        LSI_SCSI        (0a036c7d7cab643a7f07135ac47e0524) C:\Windows\system32\DRIVERS\lsi_scsi.sys
22:36:36.0927 3744        LSI_SCSI - ok
22:36:36.0959 3744        luafv          (6703e366cc18d3b6e534f5cf7df39cee) C:\Windows\system32\drivers\luafv.sys
22:36:37.0037 3744        luafv - ok
22:36:37.0115 3744        MBAMProtector  (b7ca8cc3f978201856b6ab82f40953c3) C:\Windows\system32\drivers\mbam.sys
22:36:37.0130 3744        MBAMProtector - ok
22:36:37.0208 3744        megasas        (0fff5b045293002ab38eb1fd1fc2fb74) C:\Windows\system32\DRIVERS\megasas.sys
22:36:37.0239 3744        megasas - ok
22:36:37.0271 3744        MegaSR          (dcbab2920c75f390caf1d29f675d03d6) C:\Windows\system32\DRIVERS\MegaSR.sys
22:36:37.0317 3744        MegaSR - ok
22:36:37.0333 3744        Modem          (f001861e5700ee84e2d4e52c712f4964) C:\Windows\system32\drivers\modem.sys
22:36:37.0411 3744        Modem - ok
22:36:37.0442 3744        monitor        (79d10964de86b292320e9dfe02282a23) C:\Windows\system32\DRIVERS\monitor.sys
22:36:37.0489 3744        monitor - ok
22:36:37.0505 3744        mouclass        (fb18cc1d4c2e716b6b903b0ac0cc0609) C:\Windows\system32\DRIVERS\mouclass.sys
22:36:37.0551 3744        mouclass - ok
22:36:37.0567 3744        mouhid          (2c388d2cd01c9042596cf3c8f3c7b24d) C:\Windows\system32\DRIVERS\mouhid.sys
22:36:37.0614 3744        mouhid - ok
22:36:37.0629 3744        mountmgr        (921c18727c5920d6c0300736646931c2) C:\Windows\system32\drivers\mountmgr.sys
22:36:37.0676 3744        mountmgr - ok
22:36:37.0692 3744        mpio            (2af5997438c55fb79d33d015c30e1974) C:\Windows\system32\DRIVERS\mpio.sys
22:36:37.0739 3744        mpio - ok
22:36:37.0754 3744        mpsdrv          (ad2723a7b53dd1aacae6ad8c0bfbf4d0) C:\Windows\system32\drivers\mpsdrv.sys
22:36:37.0957 3744        mpsdrv - ok
22:36:37.0973 3744        MRxDAV          (b1be47008d20e43da3adc37c24cdb89d) C:\Windows\system32\drivers\mrxdav.sys
22:36:38.0051 3744        MRxDAV - ok
22:36:38.0097 3744        mrxsmb          (ca7570e42522e24324a12161db14ec02) C:\Windows\system32\DRIVERS\mrxsmb.sys
22:36:38.0207 3744        mrxsmb - ok
22:36:38.0222 3744        mrxsmb10        (f965c3ab2b2ae5c378f4562486e35051) C:\Windows\system32\DRIVERS\mrxsmb10.sys
22:36:38.0300 3744        mrxsmb10 - ok
22:36:38.0331 3744        mrxsmb20        (25c38264a3c72594dd21d355d70d7a5d) C:\Windows\system32\DRIVERS\mrxsmb20.sys
22:36:38.0378 3744        mrxsmb20 - ok
22:36:38.0409 3744        msahci          (4326d168944123f38dd3b2d9c37a0b12) C:\Windows\system32\DRIVERS\msahci.sys
22:36:38.0441 3744        msahci - ok
22:36:38.0456 3744        msdsm          (455029c7174a2dbb03dba8a0d8bddd9a) C:\Windows\system32\DRIVERS\msdsm.sys
22:36:38.0487 3744        msdsm - ok
22:36:38.0550 3744        Msfs            (daefb28e3af5a76abcc2c3078c07327f) C:\Windows\system32\drivers\Msfs.sys
22:36:38.0612 3744        Msfs - ok
22:36:38.0643 3744        mshidkmdf      (3e1e5767043c5af9367f0056295e9f84) C:\Windows\System32\drivers\mshidkmdf.sys
22:36:38.0706 3744        mshidkmdf - ok
22:36:38.0737 3744        msisadrv        (0a4e5757ae09fa9622e3158cc1aef114) C:\Windows\system32\DRIVERS\msisadrv.sys
22:36:38.0753 3744        msisadrv - ok
22:36:38.0799 3744        MSKSSRV        (8c0860d6366aaffb6c5bb9df9448e631) C:\Windows\system32\drivers\MSKSSRV.sys
22:36:38.0862 3744        MSKSSRV - ok
22:36:38.0877 3744        MSPCLOCK        (3ea8b949f963562cedbb549eac0c11ce) C:\Windows\system32\drivers\MSPCLOCK.sys
22:36:38.0940 3744        MSPCLOCK - ok
22:36:38.0955 3744        MSPQM          (f456e973590d663b1073e9c463b40932) C:\Windows\system32\drivers\MSPQM.sys
22:36:39.0018 3744        MSPQM - ok
22:36:39.0049 3744        MsRPC          (0e008fc4819d238c51d7c93e7b41e560) C:\Windows\system32\drivers\MsRPC.sys
22:36:39.0080 3744        MsRPC - ok
22:36:39.0096 3744        mssmbios        (fc6b9ff600cc585ea38b12589bd4e246) C:\Windows\system32\DRIVERS\mssmbios.sys
22:36:39.0127 3744        mssmbios - ok
22:36:39.0143 3744        MSTEE          (b42c6b921f61a6e55159b8be6cd54a36) C:\Windows\system32\drivers\MSTEE.sys
22:36:39.0189 3744        MSTEE - ok
22:36:39.0221 3744        MTConfig        (33599130f44e1f34631cea241de8ac84) C:\Windows\system32\DRIVERS\MTConfig.sys
22:36:39.0252 3744        MTConfig - ok
22:36:39.0267 3744        Mup            (159fad02f64e6381758c990f753bcc80) C:\Windows\system32\Drivers\mup.sys
22:36:39.0299 3744        Mup - ok
22:36:39.0330 3744        NativeWifiP    (26384429fcd85d83746f63e798ab1480) C:\Windows\system32\DRIVERS\nwifi.sys
22:36:39.0408 3744        NativeWifiP - ok
22:36:39.0455 3744        NDIS            (23759d175a0a9baaf04d05047bc135a8) C:\Windows\system32\drivers\ndis.sys
22:36:39.0501 3744        NDIS - ok
22:36:39.0517 3744        NdisCap        (0e1787aa6c9191d3d319e8bafe86f80c) C:\Windows\system32\DRIVERS\ndiscap.sys
22:36:39.0611 3744        NdisCap - ok
22:36:39.0642 3744        NdisTapi        (e4a8aec125a2e43a9e32afeea7c9c888) C:\Windows\system32\DRIVERS\ndistapi.sys
22:36:39.0720 3744        NdisTapi - ok
22:36:39.0751 3744        Ndisuio        (b30ae7f2b6d7e343b0df32e6c08fce75) C:\Windows\system32\DRIVERS\ndisuio.sys
22:36:39.0813 3744        Ndisuio - ok
22:36:39.0829 3744        NdisWan        (267c415eadcbe53c9ca873dee39cf3a4) C:\Windows\system32\DRIVERS\ndiswan.sys
22:36:39.0923 3744        NdisWan - ok
22:36:40.0001 3744        NDProxy        (af7e7c63dcef3f8772726f86039d6eb4) C:\Windows\system32\drivers\NDProxy.sys
22:36:40.0079 3744        NDProxy - ok
22:36:40.0281 3744        NetBIOS        (80b275b1ce3b0e79909db7b39af74d51) C:\Windows\system32\DRIVERS\netbios.sys
22:36:40.0375 3744        NetBIOS - ok
22:36:40.0406 3744        NetBT          (dd52a733bf4ca5af84562a5e2f963b91) C:\Windows\system32\DRIVERS\netbt.sys
22:36:40.0484 3744        NetBT - ok
22:36:40.0703 3744        netw5v32        (58218ec6b61b1169cf54aab0d00f5fe2) C:\Windows\system32\DRIVERS\netw5v32.sys
22:36:40.0968 3744        netw5v32 - ok
22:36:41.0061 3744        nfrd960        (1d85c4b390b0ee09c7a46b91efb2c097) C:\Windows\system32\DRIVERS\nfrd960.sys
22:36:41.0108 3744        nfrd960 - ok
22:36:41.0139 3744        Npfs            (1db262a9f8c087e8153d89bef3d2235f) C:\Windows\system32\drivers\Npfs.sys
22:36:41.0217 3744        Npfs - ok
22:36:41.0249 3744        nsiproxy        (e9a0a4d07e53d8fea2bb8387a3293c58) C:\Windows\system32\drivers\nsiproxy.sys
22:36:41.0327 3744        nsiproxy - ok
22:36:41.0405 3744        Ntfs            (187002ce05693c306f43c873f821381f) C:\Windows\system32\drivers\Ntfs.sys
22:36:41.0545 3744        Ntfs - ok
22:36:41.0576 3744        Null            (f9756a98d69098dca8945d62858a812c) C:\Windows\system32\drivers\Null.sys
22:36:41.0639 3744        Null - ok
22:36:41.0717 3744        nvraid          (f1b0bed906f97e16f6d0c3629d2f21c6) C:\Windows\system32\drivers\nvraid.sys
22:36:41.0795 3744        nvraid - ok
22:36:41.0841 3744        nvstor          (4520b63899e867f354ee012d34e11536) C:\Windows\system32\drivers\nvstor.sys
22:36:41.0873 3744        nvstor - ok
22:36:41.0904 3744        nv_agp          (5a0983915f02bae73267cc2a041f717d) C:\Windows\system32\DRIVERS\nv_agp.sys
22:36:41.0951 3744        nv_agp - ok
22:36:41.0982 3744        ohci1394        (08a70a1f2cdde9bb49b885cb817a66eb) C:\Windows\system32\DRIVERS\ohci1394.sys
22:36:42.0044 3744        ohci1394 - ok
22:36:42.0075 3744        Parport        (2ea877ed5dd9713c5ac74e8ea7348d14) C:\Windows\system32\DRIVERS\parport.sys
22:36:42.0138 3744        Parport - ok
22:36:42.0153 3744        partmgr        (ff4218952b51de44fe910953a3e686b9) C:\Windows\system32\drivers\partmgr.sys
22:36:42.0185 3744        partmgr - ok
22:36:42.0200 3744        Parvdm          (eb0a59f29c19b86479d36b35983daadc) C:\Windows\system32\DRIVERS\parvdm.sys
22:36:42.0231 3744        Parvdm - ok
22:36:42.0263 3744        pci            (c858cb77c577780ecc456a892e7e7d0f) C:\Windows\system32\DRIVERS\pci.sys
22:36:42.0309 3744        pci - ok
22:36:42.0325 3744        pciide          (afe86f419014db4e5593f69ffe26ce0a) C:\Windows\system32\DRIVERS\pciide.sys
22:36:42.0356 3744        pciide - ok
22:36:42.0387 3744        pcmcia          (f396431b31693e71e8a80687ef523506) C:\Windows\system32\DRIVERS\pcmcia.sys
22:36:42.0419 3744        pcmcia - ok
22:36:42.0434 3744        pcw            (250f6b43d2b613172035c6747aeeb19f) C:\Windows\system32\drivers\pcw.sys
22:36:42.0481 3744        pcw - ok
22:36:42.0528 3744        PEAUTH          (9e0104ba49f4e6973749a02bf41344ed) C:\Windows\system32\drivers\peauth.sys
22:36:42.0653 3744        PEAUTH - ok
22:36:42.0746 3744        PptpMiniport    (631e3e205ad6d86f2aed6a4a8e69f2db) C:\Windows\system32\DRIVERS\raspptp.sys
22:36:42.0840 3744        PptpMiniport - ok
22:36:42.0855 3744        Processor      (85b1e3a0c7585bc4aae6899ec6fcf011) C:\Windows\system32\DRIVERS\processr.sys
22:36:42.0918 3744        Processor - ok
22:36:42.0980 3744        Psched          (6270ccae2a86de6d146529fe55b3246a) C:\Windows\system32\DRIVERS\pacer.sys
22:36:43.0058 3744        Psched - ok
22:36:43.0121 3744        QCEmerald      (7a48ee359f8f2d6de6e11a01074180b0) C:\Windows\system32\DRIVERS\LVCE.sys
22:36:43.0183 3744        QCEmerald - ok
22:36:43.0245 3744        ql2300          (ab95ecf1f6659a60ddc166d8315b0751) C:\Windows\system32\DRIVERS\ql2300.sys
22:36:43.0401 3744        ql2300 - ok
22:36:43.0448 3744        ql40xx          (b4dd51dd25182244b86737dc51af2270) C:\Windows\system32\DRIVERS\ql40xx.sys
22:36:43.0479 3744        ql40xx - ok
22:36:43.0495 3744        QWAVEdrv        (584078ca1b95ca72df2a27c336f9719d) C:\Windows\system32\drivers\qwavedrv.sys
22:36:43.0542 3744        QWAVEdrv - ok
22:36:43.0557 3744        RasAcd          (30a81b53c766d0133bb86d234e5556ab) C:\Windows\system32\DRIVERS\rasacd.sys
22:36:43.0635 3744        RasAcd - ok
22:36:43.0682 3744        RasAgileVpn    (57ec4aef73660166074d8f7f31c0d4fd) C:\Windows\system32\DRIVERS\AgileVpn.sys
22:36:43.0760 3744        RasAgileVpn - ok
22:36:43.0791 3744        Rasl2tp        (d9f91eafec2815365cbe6d167e4e332a) C:\Windows\system32\DRIVERS\rasl2tp.sys
22:36:43.0854 3744        Rasl2tp - ok
22:36:43.0901 3744        RasPppoe        (0fe8b15916307a6ac12bfb6a63e45507) C:\Windows\system32\DRIVERS\raspppoe.sys
22:36:43.0994 3744        RasPppoe - ok
22:36:44.0010 3744        RasSstp        (44101f495a83ea6401d886e7fd70096b) C:\Windows\system32\DRIVERS\rassstp.sys
22:36:44.0103 3744        RasSstp - ok
22:36:44.0119 3744        rdbss          (835d7e81bf517a3b72384bdcc85e1ce6) C:\Windows\system32\DRIVERS\rdbss.sys
22:36:44.0213 3744        rdbss - ok
22:36:44.0228 3744        rdpbus          (0d8f05481cb76e70e1da06ee9f0da9df) C:\Windows\system32\DRIVERS\rdpbus.sys
22:36:44.0275 3744        rdpbus - ok
22:36:44.0291 3744        RDPCDD          (1e016846895b15a99f9a176a05029075) C:\Windows\system32\DRIVERS\RDPCDD.sys
22:36:44.0384 3744        RDPCDD - ok
22:36:44.0415 3744        RDPDR          (c5ff95883ffef704d50c40d21cfb3ab5) C:\Windows\system32\drivers\rdpdr.sys
22:36:44.0478 3744        RDPDR - ok
22:36:44.0525 3744        RDPENCDD        (5a53ca1598dd4156d44196d200c94b8a) C:\Windows\system32\drivers\rdpencdd.sys
22:36:44.0587 3744        RDPENCDD - ok
22:36:44.0618 3744        RDPREFMP        (44b0a53cd4f27d50ed461dae0c0b4e1f) C:\Windows\system32\drivers\rdprefmp.sys
22:36:44.0681 3744        RDPREFMP - ok
22:36:44.0696 3744        RDPWD          (801371ba9782282892d00aadb08ee367) C:\Windows\system32\drivers\RDPWD.sys
22:36:44.0790 3744        RDPWD - ok
22:36:44.0837 3744        rdyboost        (4ea225bf1cf05e158853f30a99ca29a7) C:\Windows\system32\drivers\rdyboost.sys
22:36:44.0883 3744        rdyboost - ok
22:36:44.0993 3744        rspndr          (032b0d36ad92b582d869879f5af5b928) C:\Windows\system32\DRIVERS\rspndr.sys
22:36:45.0086 3744        rspndr - ok
22:36:45.0289 3744        s3cap          (5423d8437051e89dd34749f242c98648) C:\Windows\system32\DRIVERS\vms3cap.sys
22:36:45.0336 3744        s3cap - ok
22:36:45.0398 3744        sbp2port        (34ee0c44b724e3e4ce2eff29126de5b5) C:\Windows\system32\DRIVERS\sbp2port.sys
22:36:45.0445 3744        sbp2port - ok
22:36:45.0461 3744        scfilter        (a95c54b2ac3cc9c73fcdf9e51a1d6b51) C:\Windows\system32\DRIVERS\scfilter.sys
22:36:45.0554 3744        scfilter - ok
22:36:45.0617 3744        sdbus          (7b48cff3a475fe849dea65ec4d35c425) C:\Windows\system32\DRIVERS\sdbus.sys
22:36:45.0679 3744        sdbus - ok
22:36:45.0726 3744        secdrv          (90a3935d05b494a5a39d37e71f09a677) C:\Windows\system32\drivers\secdrv.sys
22:36:45.0819 3744        secdrv - ok
22:36:45.0866 3744        Serenum        (9ad8b8b515e3df6acd4212ef465de2d1) C:\Windows\system32\DRIVERS\serenum.sys
22:36:45.0929 3744        Serenum - ok
22:36:45.0944 3744        Serial          (5fb7fcea0490d821f26f39cc5ea3d1e2) C:\Windows\system32\DRIVERS\serial.sys
22:36:46.0007 3744        Serial - ok
22:36:46.0038 3744        sermouse        (79bffb520327ff916a582dfea17aa813) C:\Windows\system32\DRIVERS\sermouse.sys
22:36:46.0069 3744        sermouse - ok
22:36:46.0116 3744        sffdisk        (9f976e1eb233df46fce808d9dea3eb9c) C:\Windows\system32\DRIVERS\sffdisk.sys
22:36:46.0163 3744        sffdisk - ok
22:36:46.0178 3744        sffp_mmc        (932a68ee27833cfd57c1639d375f2731) C:\Windows\system32\DRIVERS\sffp_mmc.sys
22:36:46.0225 3744        sffp_mmc - ok
22:36:46.0241 3744        sffp_sd        (4f1e5b0fe7c8050668dbfade8999aefb) C:\Windows\system32\DRIVERS\sffp_sd.sys
22:36:46.0303 3744        sffp_sd - ok
22:36:46.0319 3744        sfloppy        (db96666cc8312ebc45032f30b007a547) C:\Windows\system32\DRIVERS\sfloppy.sys
22:36:46.0365 3744        sfloppy - ok
22:36:46.0381 3744        sisagp          (2565cac0dc9fe0371bdce60832582b2e) C:\Windows\system32\DRIVERS\sisagp.sys
22:36:46.0428 3744        sisagp - ok
22:36:46.0443 3744        SiSRaid2        (a9f0486851becb6dda1d89d381e71055) C:\Windows\system32\DRIVERS\SiSRaid2.sys
22:36:46.0490 3744        SiSRaid2 - ok
22:36:46.0506 3744        SiSRaid4        (3727097b55738e2f554972c3be5bc1aa) C:\Windows\system32\DRIVERS\sisraid4.sys
22:36:46.0553 3744        SiSRaid4 - ok
22:36:46.0584 3744        Smb            (3e21c083b8a01cb70ba1f09303010fce) C:\Windows\system32\DRIVERS\smb.sys
22:36:46.0677 3744        Smb - ok
22:36:46.0740 3744        spldr          (95cf1ae7527fb70f7816563cbc09d942) C:\Windows\system32\drivers\spldr.sys
22:36:46.0771 3744        spldr - ok
22:36:46.0880 3744        srv            (c4a027b8c0bd3fc0699f41fa5e9e0c87) C:\Windows\system32\DRIVERS\srv.sys
22:36:46.0989 3744        srv - ok
22:36:47.0036 3744        srv2            (414bb592cad8a79649d01f9d94318fb3) C:\Windows\system32\DRIVERS\srv2.sys
22:36:47.0114 3744        srv2 - ok
22:36:47.0177 3744        SrvHsfHDA      (e00fdfaff025e94f9821153750c35a6d) C:\Windows\system32\DRIVERS\VSTAZL3.SYS
22:36:47.0223 3744        SrvHsfHDA - ok
22:36:47.0286 3744        SrvHsfV92      (ceb4e3b6890e1e42dca6694d9e59e1a0) C:\Windows\system32\DRIVERS\VSTDPV3.SYS
22:36:47.0379 3744        SrvHsfV92 - ok
22:36:47.0426 3744        SrvHsfWinac    (bc0c7ea89194c299f051c24119000e17) C:\Windows\system32\DRIVERS\VSTCNXT3.SYS
22:36:47.0489 3744        SrvHsfWinac - ok
22:36:47.0535 3744        srvnet          (ff207d67700aa18242aaf985d3e7d8f4) C:\Windows\system32\DRIVERS\srvnet.sys
22:36:47.0598 3744        srvnet - ok
22:36:47.0660 3744        ssmdrv          (a36ee93698802cd899f98bfd553d8185) C:\Windows\system32\DRIVERS\ssmdrv.sys
22:36:47.0691 3744        ssmdrv - ok
22:36:47.0738 3744        stexstor        (db32d325c192b801df274bfd12a7e72b) C:\Windows\system32\DRIVERS\stexstor.sys
22:36:47.0769 3744        stexstor - ok
22:36:47.0816 3744        StillCam        (edb05bd63148796f23ea78506404a538) C:\Windows\system32\DRIVERS\serscan.sys
22:36:47.0879 3744        StillCam - ok
22:36:47.0925 3744        storflt        (957e346ca948668f2496a6ccf6ff82cc) C:\Windows\system32\DRIVERS\vmstorfl.sys
22:36:47.0957 3744        storflt - ok
22:36:47.0972 3744        storvsc        (d5751969dc3e4b88bf482ac8ec9fe019) C:\Windows\system32\DRIVERS\storvsc.sys
22:36:48.0003 3744        storvsc - ok
22:36:48.0035 3744        swenum          (e58c78a848add9610a4db6d214af5224) C:\Windows\system32\DRIVERS\swenum.sys
22:36:48.0066 3744        swenum - ok
22:36:48.0191 3744        Tcpip          (56c198ac82efa622dd93e9e43575f79c) C:\Windows\system32\drivers\tcpip.sys
22:36:48.0331 3744        Tcpip - ok
22:36:48.0393 3744        TCPIP6          (56c198ac82efa622dd93e9e43575f79c) C:\Windows\system32\DRIVERS\tcpip.sys
22:36:48.0456 3744        TCPIP6 - ok
22:36:48.0487 3744        tcpipreg        (e64444523add154f86567c469bc0b17f) C:\Windows\system32\drivers\tcpipreg.sys
22:36:48.0581 3744        tcpipreg - ok
22:36:48.0612 3744        TDPIPE          (1875c1490d99e70e449e3afae9fcbadf) C:\Windows\system32\drivers\tdpipe.sys
22:36:48.0690 3744        TDPIPE - ok
22:36:48.0705 3744        TDTCP          (7551e91ea999ee9a8e9c331d5a9c31f3) C:\Windows\system32\drivers\tdtcp.sys
22:36:48.0799 3744        TDTCP - ok
22:36:48.0815 3744        tdx            (cb39e896a2a83702d1737bfd402b3542) C:\Windows\system32\DRIVERS\tdx.sys
22:36:48.0893 3744        tdx - ok
22:36:48.0908 3744        TermDD          (c36f41ee20e6999dbf4b0425963268a5) C:\Windows\system32\DRIVERS\termdd.sys
22:36:48.0955 3744        TermDD - ok
22:36:49.0002 3744        tssecsrv        (98ae6fa07d12cb4ec5cf4a9bfa5f4242) C:\Windows\system32\DRIVERS\tssecsrv.sys
22:36:49.0064 3744        tssecsrv - ok
22:36:49.0111 3744        tunnel          (3e461d890a97f9d4c168f5fda36e1d00) C:\Windows\system32\DRIVERS\tunnel.sys
22:36:49.0189 3744        tunnel - ok
22:36:49.0220 3744        uagp35          (750fbcb269f4d7dd2e420c56b795db6d) C:\Windows\system32\DRIVERS\uagp35.sys
22:36:49.0251 3744        uagp35 - ok
22:36:49.0267 3744        udfs            (09cc3e16f8e5ee7168e01cf8fcbe061a) C:\Windows\system32\DRIVERS\udfs.sys
22:36:49.0376 3744        udfs - ok
22:36:49.0423 3744        uliagpkx        (44e8048ace47befbfdc2e9be4cbc8880) C:\Windows\system32\DRIVERS\uliagpkx.sys
22:36:49.0454 3744        uliagpkx - ok
22:36:49.0485 3744        umbus          (049b3a50b3d646baeeee9eec9b0668dc) C:\Windows\system32\DRIVERS\umbus.sys
22:36:49.0563 3744        umbus - ok
22:36:49.0579 3744        UmPass          (7550ad0c6998ba1cb4843e920ee0feac) C:\Windows\system32\DRIVERS\umpass.sys
22:36:49.0610 3744        UmPass - ok
22:36:49.0673 3744        usbccgp        (c31ae588e403042632dc796cf09e30b0) C:\Windows\system32\DRIVERS\usbccgp.sys
22:36:49.0719 3744        usbccgp - ok
22:36:49.0735 3744        usbcir          (04ec7cec62ec3b6d9354eee93327fc82) C:\Windows\system32\DRIVERS\usbcir.sys
22:36:49.0813 3744        usbcir - ok
22:36:49.0860 3744        usbehci        (e4c436d914768ce965d5e659ba7eebd8) C:\Windows\system32\drivers\usbehci.sys
22:36:49.0891 3744        usbehci - ok
22:36:49.0938 3744        usbhub          (bdcd7156ec37448f08633fd899823620) C:\Windows\system32\DRIVERS\usbhub.sys
22:36:49.0985 3744        usbhub - ok
22:36:50.0031 3744        usbohci        (eb2d819a639015253c871cda09d91d58) C:\Windows\system32\drivers\usbohci.sys
22:36:50.0078 3744        usbohci - ok
22:36:50.0141 3744        usbprint        (797d862fe0875e75c7cc4c1ad7b30252) C:\Windows\system32\DRIVERS\usbprint.sys
22:36:50.0187 3744        usbprint - ok
22:36:50.0219 3744        usbscan        (576096ccbc07e7c4ea4f5e6686d6888f) C:\Windows\system32\DRIVERS\usbscan.sys
22:36:50.0297 3744        usbscan - ok
22:36:50.0328 3744        USBSTOR        (1c4287739a93594e57e2a9e6a3ed7353) C:\Windows\system32\DRIVERS\USBSTOR.SYS
22:36:50.0375 3744        USBSTOR - ok
22:36:50.0421 3744        usbuhci        (22480bf4e5a09192e5e30ba4dde79fa4) C:\Windows\system32\drivers\usbuhci.sys
22:36:50.0453 3744        usbuhci - ok
22:36:50.0515 3744        vdrvroot        (a059c4c3edb09e07d21a8e5c0aabd3cb) C:\Windows\system32\DRIVERS\vdrvroot.sys
22:36:50.0546 3744        vdrvroot - ok
22:36:50.0577 3744        vga            (17c408214ea61696cec9c66e388b14f3) C:\Windows\system32\DRIVERS\vgapnp.sys
22:36:50.0624 3744        vga - ok
22:36:50.0640 3744        VgaSave        (8e38096ad5c8570a6f1570a61e251561) C:\Windows\System32\drivers\vga.sys
22:36:50.0718 3744        VgaSave - ok
22:36:50.0733 3744        vhdmp          (3be6e1f3a4f1afec8cee0d7883f93583) C:\Windows\system32\DRIVERS\vhdmp.sys
22:36:50.0780 3744        vhdmp - ok
22:36:50.0796 3744        viaagp          (c829317a37b4bea8f39735d4b076e923) C:\Windows\system32\DRIVERS\viaagp.sys
22:36:50.0843 3744        viaagp - ok
22:36:50.0858 3744        ViaC7          (e02f079a6aa107f06b16549c6e5c7b74) C:\Windows\system32\DRIVERS\viac7.sys
22:36:50.0921 3744        ViaC7 - ok
22:36:50.0936 3744        viaide          (e43574f6a56a0ee11809b48c09e4fd3c) C:\Windows\system32\DRIVERS\viaide.sys
22:36:50.0967 3744        viaide - ok
22:36:50.0999 3744        vmbus          (379b349f65f453d2a6e75ea6b7448e49) C:\Windows\system32\DRIVERS\vmbus.sys
22:36:51.0045 3744        vmbus - ok
22:36:51.0061 3744        VMBusHID        (ec2bbab4b84d0738c6c83d2234dc36fe) C:\Windows\system32\DRIVERS\VMBusHID.sys
22:36:51.0108 3744        VMBusHID - ok
22:36:51.0123 3744        volmgr          (384e5a2aa49934295171e499f86ba6f3) C:\Windows\system32\DRIVERS\volmgr.sys
22:36:51.0170 3744        volmgr - ok
22:36:51.0186 3744        volmgrx        (b5bb72067ddddbbfb04b2f89ff8c3c87) C:\Windows\system32\drivers\volmgrx.sys
22:36:51.0233 3744        volmgrx - ok
22:36:51.0264 3744        volsnap        (58df9d2481a56edde167e51b334d44fd) C:\Windows\system32\DRIVERS\volsnap.sys
22:36:51.0326 3744        volsnap - ok
22:36:51.0373 3744        vsmraid        (9dfa0cc2f8855a04816729651175b631) C:\Windows\system32\DRIVERS\vsmraid.sys
22:36:51.0420 3744        vsmraid - ok
22:36:51.0435 3744        vwifibus        (90567b1e658001e79d7c8bbd3dde5aa6) C:\Windows\System32\drivers\vwifibus.sys
22:36:51.0482 3744        vwifibus - ok
22:36:51.0498 3744        WacomPen        (de3721e89c653aa281428c8a69745d90) C:\Windows\system32\DRIVERS\wacompen.sys
22:36:51.0545 3744        WacomPen - ok
22:36:51.0576 3744        WANARP          (692a712062146e96d28ba0b7d75de31b) C:\Windows\system32\DRIVERS\wanarp.sys
22:36:51.0654 3744        WANARP - ok
22:36:51.0654 3744        Wanarpv6        (692a712062146e96d28ba0b7d75de31b) C:\Windows\system32\DRIVERS\wanarp.sys
22:36:51.0716 3744        Wanarpv6 - ok
22:36:51.0763 3744        Wd              (1112a9badacb47b7c0bb0392e3158dff) C:\Windows\system32\DRIVERS\wd.sys
22:36:51.0794 3744        Wd - ok
22:36:51.0825 3744        Wdf01000        (9950e3d0f08141c7e89e64456ae7dc73) C:\Windows\system32\drivers\Wdf01000.sys
22:36:51.0888 3744        Wdf01000 - ok
22:36:51.0966 3744        WfpLwf          (8b9a943f3b53861f2bfaf6c186168f79) C:\Windows\system32\DRIVERS\wfplwf.sys
22:36:52.0044 3744        WfpLwf - ok
22:36:52.0075 3744        WIMMount        (5cf95b35e59e2a38023836fff31be64c) C:\Windows\system32\drivers\wimmount.sys
22:36:52.0106 3744        WIMMount - ok
22:36:52.0184 3744        WmiAcpi        (0217679b8fca58714c3bf2726d2ca84e) C:\Windows\system32\DRIVERS\wmiacpi.sys
22:36:52.0215 3744        WmiAcpi - ok
22:36:52.0278 3744        ws2ifsl        (6db3276587b853bf886b69528fdb048c) C:\Windows\system32\drivers\ws2ifsl.sys
22:36:52.0356 3744        ws2ifsl - ok
22:36:52.0387 3744        WudfPf          (6f9b6c0c93232cff47d0f72d6db1d21e) C:\Windows\system32\drivers\WudfPf.sys
22:36:52.0465 3744        WudfPf - ok
22:36:52.0496 3744        WUDFRd          (f91ff1e51fca30b3c3981db7d5924252) C:\Windows\system32\DRIVERS\WUDFRd.sys
22:36:52.0574 3744        WUDFRd - ok
22:36:52.0652 3744        MBR (0x1B8)    (a36c5e4f47e84449ff07ed3517b43a31) \Device\Harddisk0\DR0
22:36:52.0808 3744        \Device\Harddisk0\DR0 - ok
22:36:52.0808 3744        Boot (0x1200)  (e13cf040a8df8aecd3ac1f82db69a764) \Device\Harddisk0\DR0\Partition0
22:36:52.0808 3744        \Device\Harddisk0\DR0\Partition0 - ok
22:36:52.0839 3744        Boot (0x1200)  (1ae3d2a350265ecfe3836ddcbf2d708b) \Device\Harddisk0\DR0\Partition1
22:36:52.0855 3744        \Device\Harddisk0\DR0\Partition1 - ok
22:36:52.0871 3744        Boot (0x1200)  (038e85c4e79dc3643ab4dc300589dd87) \Device\Harddisk0\DR0\Partition2
22:36:52.0871 3744        \Device\Harddisk0\DR0\Partition2 - ok
22:36:52.0871 3744        ============================================================
22:36:52.0871 3744        Scan finished
22:36:52.0871 3744        ============================================================
22:36:52.0886 3800        Detected object count: 2
22:36:52.0886 3800        Actual detected object count: 2
22:37:13.0759 3800        AVerPola ( UnsignedFile.Multi.Generic ) - skipped by user
22:37:13.0759 3800        AVerPola ( UnsignedFile.Multi.Generic ) - User select action: Skip
22:37:13.0759 3800        AVPolCIR ( UnsignedFile.Multi.Generic ) - skipped by user
22:37:13.0759 3800        AVPolCIR ( UnsignedFile.Multi.Generic ) - User select action: Skip

cosinus 25.01.2012 10:05
Dann bitte jetzt CF ausführen:

ComboFix

Ein Leitfaden und Tutorium zur Nutzung von ComboFix
  • Schliesse alle Programme, vor allem dein Antivirenprogramm und andere Hintergrundwächter sowie deinen Internetbrowser.
  • Starte cofi.exe von deinem Desktop aus, bestätige die Warnmeldungen, führe die Updates durch (falls vorgeschlagen), installiere die Wiederherstellungskonsole (falls vorgeschlagen) und lass dein System durchsuchen.
    Vermeide es auch während Combofix läuft die Maus und Tastatur zu benutzen.
  • Im Anschluss öffnet sich automatisch eine combofix.txt, diesen Inhalt bitte kopieren ([Strg]a, [Strg]c) und in deinen Beitrag einfügen ([Strg]v). Die Datei findest du außerdem unter: C:\ComboFix.txt.
Wichtiger Hinweis:
Combofix darf ausschließlich ausgeführt werden, wenn ein Kompetenzler dies ausdrücklich empfohlen hat!

Es sollte nie auf eigene Initiative hin ausgeführt werden! Eine falsche Benutzung kann ernsthafte Computerprobleme nach sich ziehen und eine Bereinigung der Infektion noch erschweren.

Solltest du nach der Ausführung von Combofix Probleme beim Starten von Anwendungen haben und Meldungen erhalten wie

Zitat:
Es wurde versucht, einen Registrierungsschlüssel einem ungültigen Vorgang zu unterziehen, der zum Löschen markiert wurde.
startest du Windows dann manuell neu und die Fehlermeldungen sollten nicht mehr auftauchen.

Paclib 25.01.2012 17:32
Code:
ComboFix 12-01-23.02 - MR 25.01.2012  17:19:59.1.2 - x86
Microsoft Windows 7 Professional  6.1.7600.0.1252.49.1031.18.2038.1254 [GMT 1:00]
ausgeführt von:: c:\users\MR\Desktop\ComboFix.exe
AV: Avira Desktop *Enabled/Updated* {F67B4DE5-C0B4-6C3F-0EFF-6C83BD5D0C2C}
SP: Avira Desktop *Enabled/Updated* {4D1AAC01-E68E-63B1-344F-57F1C6DA4691}
SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
.
((((((((((((((((((((((((((((((((((((  Weitere Löschungen  ))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\windows\IsUn0407.exe
.
.
(((((((((((((((((((((((  Dateien erstellt von 2011-12-25 bis 2012-01-25  ))))))))))))))))))))))))))))))
.
.
2012-01-25 16:27 . 2012-01-25 16:27        --------        d-----w-        c:\users\MR\AppData\Local\temp
2012-01-25 16:27 . 2012-01-25 16:27        --------        d-----w-        c:\users\Default\AppData\Local\temp
2012-01-24 19:40 . 2012-01-24 19:40        --------        d-----w-        C:\_OTL
2012-01-24 13:00 . 2012-01-06 04:19        6557240        ----a-w-        c:\programdata\Microsoft\Windows Defender\Definition Updates\{5F5976B6-94F5-4F0E-A085-1A13458EE9CE}\mpengine.dll
2012-01-22 10:53 . 2012-01-22 10:53        --------        d-----w-        c:\users\MR\AppData\Roaming\f-secure
2012-01-22 10:52 . 2012-01-22 10:52        --------        d-----w-        c:\programdata\F-Secure
2012-01-22 10:41 . 2012-01-22 10:41        --------        d-----w-        c:\users\MR\AppData\Roaming\QuickScan
2012-01-21 20:17 . 2012-01-21 20:17        --------        d-----w-        c:\users\MR\AppData\Roaming\Malwarebytes
2012-01-21 20:17 . 2012-01-21 20:17        --------        d-----w-        c:\programdata\Malwarebytes
2012-01-21 20:17 . 2012-01-21 20:17        --------        d-----w-        c:\program files\Malwarebytes' Anti-Malware
2012-01-21 20:17 . 2011-12-10 14:24        20464        ----a-w-        c:\windows\system32\drivers\mbam.sys
2012-01-21 07:56 . 2012-01-21 07:56        --------        d-----w-        c:\program files\ESET
2012-01-11 14:27 . 2011-11-17 05:41        1288984        ----a-w-        c:\windows\system32\ntdll.dll
2012-01-11 14:27 . 2011-11-19 14:06        67072        ----a-w-        c:\windows\system32\packager.dll
2012-01-11 14:27 . 2011-10-26 04:28        1328640        ----a-w-        c:\windows\system32\quartz.dll
2012-01-11 14:27 . 2011-10-26 04:28        514560        ----a-w-        c:\windows\system32\qdvd.dll
2012-01-08 08:14 . 2012-01-08 08:14        626688        ----a-w-        c:\program files\Mozilla Firefox\msvcr80.dll
2012-01-08 08:14 . 2012-01-08 08:14        548864        ----a-w-        c:\program files\Mozilla Firefox\msvcp80.dll
2012-01-08 08:14 . 2012-01-08 08:14        479232        ----a-w-        c:\program files\Mozilla Firefox\msvcm80.dll
2012-01-08 08:14 . 2012-01-08 08:14        43992        ----a-w-        c:\program files\Mozilla Firefox\mozutils.dll
2012-01-07 14:14 . 2012-01-07 14:14        --------        d-----w-        c:\program files\uTorrent
2012-01-07 14:13 . 2012-01-25 16:25        --------        d-----w-        c:\users\MR\AppData\Roaming\uTorrent
2012-01-04 09:12 . 2012-01-04 09:12        --------        d-----w-        c:\program files\Windows Media Components
2012-01-04 09:10 . 2001-09-24 08:41        69632        ----a-w-        c:\windows\system32\LVUI2RC.dll
2012-01-04 09:10 . 2001-09-24 08:39        44032        ----a-w-        c:\windows\system32\drivers\lvce.sys
2012-01-04 09:10 . 2001-09-24 08:38        59904        ----a-w-        c:\windows\system32\drivers\lvcam2.dll
2012-01-04 09:10 . 2001-09-24 08:38        33280        ----a-w-        c:\windows\system32\drivers\LVSound2.sys
2012-01-04 09:10 . 2001-09-24 08:38        412672        ----a-w-        c:\windows\system32\drivers\lvcodek2.dll
2012-01-04 09:10 . 2012-01-04 09:10        --------        d-----w-        c:\program files\Common Files\Logitech
2012-01-04 09:10 . 2001-09-24 08:41        200704        ----a-w-        c:\windows\system32\LVUI2.dll
2012-01-04 09:10 . 2001-09-24 08:40        172032        ----a-w-        c:\windows\system32\lvcodec2.dll
2012-01-04 09:10 . 2001-09-24 08:39        57344        ----a-w-        c:\windows\system32\LVComC.dll
2012-01-04 09:10 . 2001-09-24 08:39        98304        ----a-w-        c:\windows\system32\LVComS.exe
2012-01-04 09:09 . 2012-01-04 09:09        --------        d-----w-        c:\program files\Logitech
2012-01-04 09:08 . 2012-01-04 09:08        53248        ------w-        c:\program files\Common Files\InstallShield\engine\6\Intel 32\msihook.dll
2012-01-04 09:08 . 2012-01-04 09:08        32768        ------w-        c:\program files\Common Files\InstallShield\engine\6\Intel 32\objectps.dll
2012-01-04 09:08 . 2012-01-04 09:08        221184        ------w-        c:\program files\Common Files\InstallShield\IScript\iscript.dll
2012-01-04 09:08 . 2012-01-04 09:08        217088        ------w-        c:\program files\Common Files\InstallShield\engine\6\Intel 32\iuser.dll
2012-01-04 09:08 . 2012-01-04 09:08        126976        ------w-        c:\program files\Common Files\InstallShield\engine\6\Intel 32\knlwrap.exe
2012-01-04 09:08 . 2012-01-04 09:08        598016        ------w-        c:\program files\Common Files\InstallShield\engine\6\Intel 32\ikernel.exe
2012-01-04 09:08 . 2012-01-04 09:08        114688        ------w-        c:\program files\Common Files\InstallShield\engine\6\Intel 32\scpthdlr.dll
2012-01-03 19:32 . 2012-01-21 08:00        --------        d-----w-        c:\program files\Application Updater
2012-01-03 19:32 . 2012-01-03 19:32        --------        d-----w-        c:\program files\YouTube Downloader Toolbar
2012-01-03 19:32 . 2012-01-03 19:32        --------        d-----w-        c:\program files\Common Files\Spigot
.
.
.
((((((((((((((((((((((((((((((((((((  Find3M Bericht  ))))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2011-12-14 09:08 . 2011-11-09 14:17        1248080        ----a-w-        c:\programdata\Microsoft\eHome\Packages\MCESpotlight\MCESpotlight\SpotlightResources.dll
2011-12-09 19:51 . 2011-10-14 07:34        134856        ----a-w-        c:\windows\system32\drivers\avipbb.sys
2011-12-08 00:25 . 2011-11-09 14:17        2300696        ----a-w-        c:\programdata\Microsoft\eHome\Packages\MCEClientUX\UpdateableMarkup\markup.dll
2011-12-08 00:25 . 2011-11-09 14:17        42776        ----a-w-        c:\programdata\Microsoft\eHome\Packages\MCEClientUX\dSM\StartResources.dll
2011-12-08 00:25 . 2011-12-08 00:25        1092400        ----a-w-        c:\programdata\Microsoft\eHome\Packages\MCESpotlight\MCESpotlight-2\SpotlightResources.dll
2011-12-05 18:47 . 2006-10-24 21:36        42240        ----a-w-        c:\windows\system32\drivers\ESD7SK.sys
2011-12-05 18:47 . 2006-10-24 21:36        76928        ----a-w-        c:\windows\system32\drivers\ESM7SK.sys
2011-12-05 18:47 . 2006-10-24 21:36        62208        ----a-w-        c:\windows\system32\drivers\EMS7SK.sys
2011-12-05 18:47 . 2011-12-05 18:48        356352        ----a-w-        c:\windows\EMCRI.dll
2011-11-24 18:27 . 2011-11-24 18:27        2300696        ----a-w-        c:\programdata\Microsoft\eHome\Packages\MCEClientUX\UpdateableMarkup-2\markup.dll
2011-11-24 18:27 . 2011-11-24 18:27        42776        ----a-w-        c:\programdata\Microsoft\eHome\Packages\MCEClientUX\dSM-2\StartResources.dll
2011-11-24 04:23 . 2011-12-14 09:07        2340352        ----a-w-        c:\windows\system32\win32k.sys
2011-11-15 13:29 . 2011-10-14 07:44        222080        ------w-        c:\windows\system32\MpSigStub.exe
2011-11-12 08:59 . 2011-11-12 08:59        98304        ----a-w-        c:\windows\system32\CmdLineExt.dll
2011-11-09 16:57 . 2011-11-09 16:57        544656        ----a-w-        c:\windows\system32\deployJava1.dll
2011-11-08 12:42 . 2011-11-08 12:41        414368        ----a-w-        c:\windows\system32\FlashPlayerCPLApp.cpl
2011-11-05 04:35 . 2011-12-14 09:07        981504        ----a-w-        c:\windows\system32\wininet.dll
2011-11-05 04:34 . 2011-12-14 09:07        44544        ----a-w-        c:\windows\system32\licmgr10.dll
2011-11-05 04:30 . 2011-12-14 09:07        2048        ----a-w-        c:\windows\system32\tzres.dll
2011-11-05 03:28 . 2011-12-14 09:07        386048        ----a-w-        c:\windows\system32\html.iec
2011-11-05 02:55 . 2011-12-14 09:07        1638912        ----a-w-        c:\windows\system32\mshtml.tlb
2012-01-08 08:14 . 2011-10-13 15:43        121816        ----a-w-        c:\program files\mozilla firefox\components\browsercomps.dll
.
.
((((((((((((((((((((((((((((  Autostartpunkte der Registrierung  ))))))))))))))))))))))))))))))))))))))))
.
.
*Hinweis* leere Einträge & legitime Standardeinträge werden nicht angezeigt.
REGEDIT4
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"uTorrent"="c:\program files\uTorrent\uTorrent.exe" [2012-01-11 735608]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"avgnt"="c:\program files\Avira\AntiVir Desktop\avgnt.exe" [2011-10-11 258512]
"HP Software Update"="c:\program files\Hp\HP Software Update\HPWuSchd2.exe" [2010-06-09 49208]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2008-01-11 39792]
"SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2011-05-04 252136]
"APSDaemon"="c:\program files\Common Files\Apple\Apple Application Support\APSDaemon.exe" [2011-09-27 59240]
"QuickTime Task"="c:\program files\QuickTime\QTTask.exe" [2011-10-24 421888]
"IgfxTray"="c:\windows\system32\igfxtray.exe" [2009-10-02 141848]
"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2009-10-02 173592]
"Persistence"="c:\windows\system32\igfxpers.exe" [2009-10-02 150552]
"LVCOMS"="c:\program files\Common Files\Logitech\QCDriver\LVCOMS.EXE" [2001-09-24 98304]
"QCDriverInstaller"="c:\progra~1\COMMON~1\Logitech\QCDriver\Lqdsw.exe" [2001-09-24 634880]
"RealTray"="c:\program files\Real\RealPlayer\RealPlay.exe" [2012-01-04 20480]
"Malwarebytes' Anti-Malware"="c:\program files\Malwarebytes' Anti-Malware\mbamgui.exe" [2011-12-24 460872]
.
c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
AutoStart IR.lnk - c:\program files\WinTV\Ir.exe [2011-10-18 117344]
McAfee Security Scan Plus.lnk - c:\program files\McAfee Security Scan\2.0.181\SSScheduler.exe [2010-1-15 255536]
WinTV Recording Status..lnk - c:\program files\WinTV\WinTV7\WinTVTray.exe [2011-10-18 82944]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 5 (0x5)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableUIADesktopToggle"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"aux"=wdmaud.drv
.
R2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-03-18 130384]
R3 AVerPola;AVerMedia USB Polaris Series Capture Service;c:\windows\system32\DRIVERS\AVerPola.sys [2009-08-13 314752]
R3 AVPolCIR;AVerMedia USB Polaris Series Custom IR Service;c:\windows\system32\DRIVERS\AVPolCIR.sys [2009-08-13 32896]
R3 hcw95bda;Hauppauge MOD7700 Tuner Driver;c:\windows\system32\Drivers\hcw95bda.sys [2009-07-06 573440]
R3 hcw95rc;Hauppauge MOD7700 IR Driver;c:\windows\system32\DRIVERS\hcw95rc.sys [2009-07-06 15616]
R3 McComponentHostService;McAfee Security Scan Component Host Service;c:\program files\McAfee Security Scan\2.0.181\McCHSvc.exe [2010-01-15 227232]
R3 QCEmerald;Logitech QuickCam Web(PID_0850);c:\windows\system32\DRIVERS\LVCE.sys [2001-09-24 44032]
S1 avkmgr;avkmgr;c:\windows\system32\DRIVERS\avkmgr.sys [2011-10-11 36000]
S2 AntiVirSchedulerService;Avira Planer;c:\program files\Avira\AntiVir Desktop\sched.exe [2011-10-11 86224]
S2 MBAMService;MBAMService;c:\program files\Malwarebytes' Anti-Malware\mbamservice.exe [2011-12-24 652872]
S3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [2011-12-10 20464]
S3 netw5v32;Intel(R) Wireless WiFi Link 5000-Serie - Adaptertreiber für Windows Vista 32 Bit;c:\windows\system32\DRIVERS\netw5v32.sys [2009-07-13 4231168]
S3 SrvHsfHDA;SrvHsfHDA;c:\windows\system32\DRIVERS\VSTAZL3.SYS [2009-07-13 207360]
S3 SrvHsfV92;SrvHsfV92;c:\windows\system32\DRIVERS\VSTDPV3.SYS [2009-07-13 980992]
S3 SrvHsfWinac;SrvHsfWinac;c:\windows\system32\DRIVERS\VSTCNXT3.SYS [2009-07-13 661504]
.
.
.
------- Zusätzlicher Suchlauf -------
.
uStart Page =
TCP: DhcpNameServer = 192.168.1.1
FF - ProfilePath - c:\users\MR\AppData\Roaming\Mozilla\Firefox\Profiles\yukpx4mi.default\
FF - prefs.js: browser.search.selectedEngine -
FF - prefs.js: network.proxy.type - 0
.
.
--------------------- Gesperrte Registrierungsschluessel ---------------------
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
Zeit der Fertigstellung: 2012-01-25  17:29:18
ComboFix-quarantined-files.txt  2012-01-25 16:29
.
Vor Suchlauf: 8 Verzeichnis(se), 43.177.443.328 Bytes frei
Nach Suchlauf: 11 Verzeichnis(se), 43.087.785.984 Bytes frei
.
- - End Of File - - 379EEE0941F69B80C4F227E76B134AE3

cosinus 25.01.2012 19:27
Ok. Bitte nun Logs mit GMER und OSAM erstellen und posten.
GMER stürzt häufiger ab, wenn das Tool auch beim 2. Mal nicht will, lass es einfach weg und führ nur OSAM aus - die Online-Abfrage durch OSAM bitte überspringen.
Bei OSAM bitte darauf auch achten, dass Du das Log auch als *.log und nicht *.html oder so abspeicherst.

Hinweis: Zum Entpacken von OSAM bitte WinRAR oder 7zip verwenden! Stell auch unbedingt den Virenscanner ab, besonders der Scanner von McAfee meldet oft einen Fehalarm in OSAM!

Downloade dir bitte aswMBR.exe und speichere die Datei auf deinem Desktop.
  • Starte die aswMBR.exe - (aswMBR.exe Anleitung)
    Ab Windows Vista (oder höher) bitte mit Rechtsklick "als Administrator ausführen" starten".
  • Das Tool wird dich fragen, ob Du mit der aktuellen Virendefinition von AVAST! dein System scannen willst. Beantworte diese Frage bitte mit Ja. (Sollte deine Firewall fragen, bitte den Zugriff auf das Internet zulassen )
    Der Download der Definitionen kann je nach Verbindung eine Weile dauern.
  • Klicke auf Scan.
  • Warte bitte bis Scan finished successfully im DOS-Fenster steht.
  • Drücke auf Save Log und speichere diese auf dem Desktop.
Poste mir die aswMBR.txt in deiner nächsten Antwort.

Wichtig: Drücke keinesfalls einen der Fix Buttons ohne Anweisung

Hinweis: Sollte der Scan Button ausgeblendet sein, schließe das Tool und starte es erneut. Sollte der Scan abbrechen und das Programm abstürzen, dann teile mir das mit und wähle unter AV Scan die Einstellung (none).


Alle Zeitangaben in WEZ +1. Es ist jetzt 05:00 Uhr.
Seite 1 von 2 1 2
100 Beiträge dieses Themas auf einer Seite anzeigen

Copyright ©2000-2024, Trojaner-Board


Search Engine Optimization by vBSEO ©2011, Crawlability, Inc.

1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28 29 30 31 32 33 34 35 36 37 38 39 40 41 42 43 44 45 46 47 48 49 50 51 52 53 54 55 56 57 58 59 60 61 62 63 64 65 66 67 68 69 70 71 72 73 74 75 76 77 78 79 80 81 82 83 84 85 86 87 88 89 90 91 92 93 94 95 96 97 98 99 100 101 102 103 104 105 106 107 108 109 110 111 112 113 114 115 116 117 118 119 120 121 122 123 124 125 126 127 128 129