Trojaner-Board - "Aus Sicherheitsgründen wurde Ihr Windowssystem blockiert"

Trojaner-Board (https://www.trojaner-board.de/)

- Plagegeister aller Art und deren Bekämpfung (https://www.trojaner-board.de/plagegeister-aller-art-deren-bekaempfung/)

- - "Aus Sicherheitsgründen wurde Ihr Windowssystem blockiert" (https://www.trojaner-board.de/112206-sicherheitsgruenden-wurde-windowssystem-blockiert.html)

"Aus Sicherheitsgründen wurde Ihr Windowssystem blockiert"

Hallo ihr Lieben,
habe vorhin diesen netten schwarzen Screen mit "Achtung! Ihr Windowssystem wird aus Sicherheitsgründen blockiert" (+Bezahlen und runterladen - Button) bekommen...
Bisher habe ich im abgesicherten Modus Malwarebytes (Quick-Scan) laufen lassen und die gefundenen 5 Objekte gelöscht(Log im Anhang). Jetzt kommt die "Achtung!"-Meldung zwar nicht mehr, aber Avira hat sich noch ein paar Male mit neuen Funden gemeldet.
Wie gehe ich nun weiter vor? Nur weil die Meldung nicht mehr kommt, ist dieser Mist ja immernoch irgendwo...:confused:
Vielen Dank schon mal für eure Hilfe!

Bitte erstmal routinemäßig einen Vollscan mit malwarebytes machen und Log posten. =>ALLE lokalen Datenträger (außer CD/DVD) überprüfen lassen!
Denk daran, dass Malwarebytes vor jedem Scan manuell aktualisiert werden muss! Außerdem müssen alle Funde entfernt werden.

Falls Logs aus älteren Scans mit Malwarebytes vorhanden sind, bitte auch davon alle posten!

ESET Online Scanner

Hier findest du eine bebilderte Anleitung zu ESET Online Scanner
Lade und starte Eset Online Scanner
Setze einen Haken bei Ja, ich bin mit den Nutzungsbedingungen einverstanden und klicke auf Starten.
Aktiviere die "Erkennung von eventuell unerwünschten Anwendungen" und wähle folgende Einstellungen.
Klicke auf Starten.
Die Signaturen werden heruntergeladen, der Scan beginnt automatisch.
Klicke am Ende des Suchlaufs auf Fertig stellen.
Schließe das Fenster von ESET.
Explorer öffnen.
C:\Programme\Eset\EsetOnlineScanner\log.txt (bei 64 Bit auch C:\Programme (x86)\Eset\EsetOnlineScanner\log.txt) suchen und mit Deinem Editor öffnen (bebildert).
Logfile hier posten.
Deinstallation: Systemsteuerung => Software / Programme deinstallieren => Eset Online Scanner V3 entfernen.
Manuell folgenden Ordner löschen und Papierkorb leeren => C:\Programme\Eset

Bitte alles nach Möglichkeit hier in CODE-Tags posten.

Wird so gemacht:

[code] hier steht das Log [/code]

Und das ganze sieht dann so aus:

Code:

hier steht das Log

Vielen Dank schon mal...
Hier der Vollscan von Malewarebytes:

Code:

Malwarebytes Anti-Malware 1.60.1.1000

www.malwarebytes.org
 

Datenbank Version: v2012.03.23.05
 

Windows Vista x86 NTFS

Internet Explorer 7.0.6000.17037

* :: * [Administrator]
 

24.03.2012 11:10:01

mbam-log-2012-03-24 (11-10-01).txt
 

Art des Suchlaufs: Vollständiger Suchlauf

Aktivierte Suchlaufeinstellungen: Speicher | Autostart | Registrierung | Dateisystem | Heuristiks/Extra | HeuristiKs/Shuriken | PUP | PUM

Deaktivierte Suchlaufeinstellungen: P2P

Durchsuchte Objekte: 357123

Laufzeit: 4 Stunde(n), 40 Minute(n), 21 Sekunde(n)
 

Infizierte Speicherprozesse: 0

(Keine bösartigen Objekte gefunden)
 

Infizierte Speichermodule: 0

(Keine bösartigen Objekte gefunden)
 

Infizierte Registrierungsschlüssel: 0

(Keine bösartigen Objekte gefunden)
 

Infizierte Registrierungswerte: 0

(Keine bösartigen Objekte gefunden)
 

Infizierte Dateiobjekte der Registrierung: 0

(Keine bösartigen Objekte gefunden)
 

Infizierte Verzeichnisse: 0

(Keine bösartigen Objekte gefunden)
 

Infizierte Dateien: 0

(Keine bösartigen Objekte gefunden)
 

(Ende)

ESET scannt gerade noch, hat bisher 5 infizierte Files gefunden...
Wäre ja auch zu schön gewesen.

Hier das Ergebnis von ESET:

Code:

ESETSmartInstaller@High as downloader log:

all ok

# version=7

# OnlineScannerApp.exe=1.0.0.1

# OnlineScanner.ocx=1.0.0.6583

# api_version=3.0.2

# EOSSerial=2010bb90100f9d4bb9f262b0e497a452

# end=finished

# remove_checked=false

# archives_checked=true

# unwanted_checked=true

# unsafe_checked=false

# antistealth_checked=true

# utc_time=2012-03-26 10:49:55

# local_time=2012-03-27 12:49:55 (+0100, Mitteleuropäische Sommerzeit)

# country="Germany"

# lang=1033

# osver=6.0.6000 NT 

# compatibility_mode=512 16777215 100 0 48835132 48835132 0 0

# compatibility_mode=1792 16777191 100 0 3785686 3785686 0 0

# compatibility_mode=5892 16776573 100 100 26489 170317062 0 0

# compatibility_mode=8192 67108863 100 0 284 284 0 0

# scanned=191904

# found=6

# cleaned=0

# scan_time=17862

C:\Users\*\AppData\Local\Temp\jar_cache5714293808212891567.tmp        a variant of Java/TrojanDownloader.Agent.NDR trojan (unable to clean)        00000000000000000000000000000000        I

C:\Users\*\AppData\Local\Temp\jar_cache7811024365845757029.tmp        Java/Exploit.Blacole.AN trojan (unable to clean)        00000000000000000000000000000000        I

C:\Users\*\AppData\Local\Temp\Main.class        probably a variant of Java/Exploit.CVE-2011-3544.BF trojan (unable to clean)        00000000000000000000000000000000        I

C:\Users\*\AppData\Roaming\696737317CB889FB6A28F6275874920D\enemies-names.txt        Win32/Adware.AntimalwareDoctor.AE.Gen application (unable to clean)        00000000000000000000000000000000        I

C:\Users\*\AppData\Roaming\696737317CB889FB6A28F6275874920D\local.ini        Win32/Adware.AntimalwareDoctor.AE.Gen application (unable to clean)        00000000000000000000000000000000        I

C:\_OTL\MovedFiles\09082010_004114\C_Dokumente und Einstellungen\*\Lokale Einstellungen\Anwendungsdaten\Windows Server\hlp.dat        Win32/Bamital.DZ trojan (unable to clean)        00000000000000000000000000000000        I

CustomScan mit OTL

Falls noch nicht vorhanden, lade Dir bitte OTL von Oldtimer herunter und speichere es auf Deinem Desktop

Starte bitte die OTL.exe.
Vista und Win7 User mit Rechtsklick "als Administrator starten"
Setze oben mittig den Haken bei Scanne alle Benutzer
Kopiere nun den kompletten Inhalt aus der untenstehenden Codebox in die http://billy-oneal.com/Canned%20Spee.../customFix.png Textbox von OTL - wenn OTL auf deutsch ist wird sie mit http://larusso.trojaner-board.de/Images/otlfix.jpg beschriftet

Code:

netsvcs

msconfig

safebootminimal

safebootnetwork

activex

drivers32

%ALLUSERSPROFILE%\Application Data\*.

%ALLUSERSPROFILE%\Application Data\*.exe /s

%APPDATA%\*.

%APPDATA%\*.exe /s

%SYSTEMDRIVE%\*.exe

/md5start

wininit.exe

userinit.exe

eventlog.dll

scecli.dll

netlogon.dll

cngaudit.dll

ws2ifsl.sys

sceclt.dll

ntelogon.dll

winlogon.exe

logevent.dll

user32.DLL

iaStor.sys

nvstor.sys

atapi.sys

IdeChnDr.sys

viasraid.sys

AGP440.sys

vaxscsi.sys

nvatabus.sys

viamraid.sys

nvata.sys

nvgts.sys

iastorv.sys

ViPrt.sys

eNetHook.dll

ahcix86.sys

KR10N.sys

nvstor32.sys

ahcix86s.sys

/md5stop

%systemroot%\system32\drivers\*.sys /lockedfiles

%systemroot%\System32\config\*.sav

%systemroot%\*. /mp /s

%systemroot%\system32\*.dll /lockedfiles

CREATERESTOREPOINT

Schliesse bitte nun alle Programme. (Wichtig)
Klicke nun bitte auf den Quick Scan Button.
Klick auf http://billy-oneal.com/Canned%20Spee.../OTL/btnOK.png.
Kopiere nun den Inhalt aus OTL.txt hier in Deinen Thread

Hier die Ergebnisse von OTL:

OTL Logfile:

Code:

OTL logfile created on: 27.03.2012 18:15:43 - Run 4

OTL by OldTimer - Version 3.2.39.2     Folder = C:\Users\*\Downloads

Windows Vista Home Premium Edition  (Version = 6.0.6000) - Type = NTWorkstation

Internet Explorer (Version = 7.0.6000.17037)

Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy

 

3,00 Gb Total Physical Memory | 1,81 Gb Available Physical Memory | 60,49% Memory free

6,19 Gb Paging File | 4,99 Gb Available in Paging File | 80,55% Paging File free

Paging file location(s): ?:\pagefile.sys [binary data]

 

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files

Drive C: | 144,09 Gb Total Space | 63,48 Gb Free Space | 44,06% Space Free | Partition Type: NTFS

Drive D: | 144,00 Gb Total Space | 99,10 Gb Free Space | 68,82% Space Free | Partition Type: NTFS

 

Computer Name: * | User Name: * | Logged in as Administrator.

Boot Mode: Normal | Scan Mode: All users | Quick Scan

Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days

 
 ========== Processes (SafeList) ==========

 

PRC - C:\Users\*\Downloads\OTL(1).exe (OldTimer Tools)

PRC - C:\Users\*\AppData\Roaming\Dropbox\bin\Dropbox.exe (Dropbox, Inc.)

PRC - C:\Program Files\Avira\AntiVir Desktop\avshadow.exe (Avira Operations GmbH & Co. KG)

PRC - C:\Program Files\Avira\AntiVir Desktop\sched.exe (Avira Operations GmbH & Co. KG)

PRC - C:\Program Files\Avira\AntiVir Desktop\avguard.exe (Avira Operations GmbH & Co. KG)

PRC - C:\Program Files\Avira\AntiVir Desktop\avgnt.exe (Avira Operations GmbH & Co. KG)

PRC - C:\Program Files\Microsoft\BingBar\SeaPort.EXE (Microsoft Corporation)

PRC - C:\Windows\explorer.exe (Microsoft Corporation)

PRC - C:\Program Files\Windows Defender\MSASCui.exe (Microsoft Corporation)

PRC - C:\Program Files\Microsoft Small Business\Business Contact Manager\BcmSqlStartupSvc.exe (Microsoft Corporation)

PRC - C:\Program Files\Samsung\EBM\EasyBatteryMgr3.exe (SAMSUNG Electronics co., LTD.)

PRC - C:\Program Files\Samsung\EasySpeedUpManager\EasySpeedUpManager.exe (Samsung Electronics Co., Ltd.)

PRC - C:\Program Files\Samsung\Samsung Magic Doctor\MagicDoctorKbdHk.exe (Samsung Electronics Co., Ltd.)

PRC - C:\Program Files\Samsung\Samsung Update Plus\SLUTrayNotifier.exe ()

PRC - C:\Windows\RtHDVCpl.exe (Realtek Semiconductor)

PRC - C:\Program Files\Samsung\Easy Display Manager\dmhkcore.exe (SAMSUNG Electronics)

PRC - C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe (Broadcom Corporation.)

 

 
 ========== Modules (No Company Name) ==========

 

MOD - C:\Program Files\Common Files\Apple\Apple Application Support\zlib1.dll ()

MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Web\03858406f9a9514402888707e8b93abe\System.Web.ni.dll ()

MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Runtime.Remo#\23281812ddf7a1fab881b5322e577ac4\System.Runtime.Remoting.ni.dll ()

MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Xml\7208ffa39630e9b923331f9df0947a12\System.Xml.ni.dll ()

MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\1941d7639299344ae28fb6b23da65247\System.Windows.Forms.ni.dll ()

MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Drawing\6312464f64727a2a50d5ce3fd73ad1bb\System.Drawing.ni.dll ()

MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\System\52e1ea3c7491e05cda766d7b3ce3d559\System.ni.dll ()

MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\17f572b09facdc5fda9431558eb7a26e\mscorlib.ni.dll ()

MOD - C:\Windows\assembly\GAC_MSIL\System.Windows.Forms.resources\2.0.0.0_de_b77a5c561934e089\System.Windows.Forms.resources.dll ()

MOD - C:\Windows\assembly\GAC_MSIL\mscorlib.resources\2.0.0.0_de_b77a5c561934e089\mscorlib.resources.dll ()

MOD - C:\Windows\assembly\GAC_MSIL\CLI.Aspect.DisplaysManager.Graphics.Wizard\2.0.2999.36899__90ba9c70f846762e\CLI.Aspect.DisplaysManager.Graphics.Wizard.dll ()

MOD - C:\Windows\assembly\GAC_MSIL\CLI.Caste.Graphics.Runtime\2.0.2999.36858__90ba9c70f846762e\CLI.Caste.Graphics.Runtime.dll ()

MOD - C:\Windows\assembly\GAC_MSIL\CLI.Aspect.InfoCentre.Graphics.Wizard\2.0.2999.36911__90ba9c70f846762e\CLI.Aspect.InfoCentre.Graphics.Wizard.dll ()

MOD - C:\Windows\assembly\GAC_MSIL\CLI.Aspect.DeviceTV.Graphics.Runtime\2.0.2999.37087__90ba9c70f846762e\CLI.Aspect.DeviceTV.Graphics.Runtime.dll ()

MOD - C:\Windows\assembly\GAC_MSIL\CLI.Caste.Graphics.Wizard\2.0.2999.36892__90ba9c70f846762e\CLI.Caste.Graphics.Wizard.dll ()

MOD - C:\Windows\assembly\GAC_MSIL\CLI.Aspect.HotkeysHandling.Graphics.Runtime\2.0.2999.36878__90ba9c70f846762e\CLI.Aspect.HotkeysHandling.Graphics.Runtime.dll ()

MOD - C:\Windows\assembly\GAC_MSIL\CLI.Aspect.DeviceCV.Graphics.Runtime\2.0.2999.37051__90ba9c70f846762e\CLI.Aspect.DeviceCV.Graphics.Runtime.dll ()

MOD - C:\Windows\assembly\GAC_MSIL\CLI.Aspect.DeviceProperty.Graphics.Runtime\2.0.2999.37008__90ba9c70f846762e\CLI.Aspect.DeviceProperty.Graphics.Runtime.dll ()

MOD - C:\Windows\assembly\GAC_MSIL\CLI.Aspect.TransCode.Graphics.Wizard\2.0.2999.37120__90ba9c70f846762e\CLI.Aspect.TransCode.Graphics.Wizard.dll ()

MOD - C:\Windows\assembly\GAC_MSIL\CLI.Aspect.Welcome.Graphics.Dashboard\2.0.2999.37127__90ba9c70f846762e\CLI.Aspect.Welcome.Graphics.Dashboard.dll ()

MOD - C:\Windows\assembly\GAC_MSIL\CLI.Aspect.Radeon3D.Graphics.Wizard\2.0.2999.37065__90ba9c70f846762e\CLI.Aspect.Radeon3D.Graphics.Wizard.dll ()

MOD - C:\Windows\assembly\GAC_MSIL\CLI.Caste.Graphics.Dashboard\2.0.2999.36872__90ba9c70f846762e\CLI.Caste.Graphics.Dashboard.dll ()

MOD - C:\Windows\assembly\GAC_MSIL\CLI.Aspect.Radeon3D.Graphics.Dashboard\2.0.2999.37059__90ba9c70f846762e\CLI.Aspect.Radeon3D.Graphics.Dashboard.dll ()

MOD - C:\Windows\assembly\GAC_MSIL\CLI.Aspect.Radeon3D.Graphics.Runtime\2.0.2999.37058__90ba9c70f846762e\CLI.Aspect.Radeon3D.Graphics.Runtime.dll ()

MOD - C:\Windows\assembly\GAC_MSIL\CLI.Aspect.PowerPlayDPPE.Graphics.Runtime\2.0.2999.37118__90ba9c70f846762e\CLI.Aspect.PowerPlayDPPE.Graphics.Runtime.dll ()

MOD - C:\Windows\assembly\GAC_MSIL\CLI.Aspect.MMVideo.Graphics.Dashboard\2.0.2999.37017__90ba9c70f846762e\CLI.Aspect.MMVideo.Graphics.Dashboard.dll ()

MOD - C:\Windows\assembly\GAC_MSIL\CLI.Aspect.DisplaysColour2.Graphics.Dashboard\2.0.2999.36923__90ba9c70f846762e\CLI.Aspect.DisplaysColour2.Graphics.Dashboard.dll ()

MOD - C:\Windows\assembly\GAC_MSIL\CLI.Aspect.DisplaysManager.Graphics.Dashboard\2.0.2999.36879__90ba9c70f846762e\CLI.Aspect.DisplaysManager.Graphics.Dashboard.dll ()

MOD - C:\Windows\assembly\GAC_MSIL\CLI.Aspect.MMVideo.Graphics.Wizard\2.0.2999.37079__90ba9c70f846762e\CLI.Aspect.MMVideo.Graphics.Wizard.dll ()

MOD - C:\Windows\assembly\GAC_MSIL\CLI.Aspect.InfoCentre.Graphics.Dashboard\2.0.2999.36917__90ba9c70f846762e\CLI.Aspect.InfoCentre.Graphics.Dashboard.dll ()

MOD - C:\Windows\assembly\GAC_MSIL\CLI.Aspect.DisplaysOptions.Graphics.Dashboard\2.0.2999.37030__90ba9c70f846762e\CLI.Aspect.DisplaysOptions.Graphics.Dashboard.dll ()

MOD - C:\Windows\assembly\GAC_MSIL\CLI.Aspect.MMVideo.Graphics.Runtime\2.0.2999.37016__90ba9c70f846762e\CLI.Aspect.MMVideo.Graphics.Runtime.dll ()

MOD - C:\Windows\assembly\GAC_MSIL\CLI.Aspect.DisplaysColour2.Graphics.Runtime\2.0.2999.36929__90ba9c70f846762e\CLI.Aspect.DisplaysColour2.Graphics.Runtime.dll ()

MOD - C:\Windows\assembly\GAC_MSIL\CLI.Aspect.DisplaysOptions.Graphics.Runtime\2.0.2999.37030__90ba9c70f846762e\CLI.Aspect.DisplaysOptions.Graphics.Runtime.dll ()

MOD - C:\Windows\assembly\GAC_MSIL\CLI.Aspect.DeviceCRT.Graphics.Dashboard\2.0.2999.37010__90ba9c70f846762e\CLI.Aspect.DeviceCRT.Graphics.Dashboard.dll ()

MOD - C:\Windows\assembly\GAC_MSIL\CLI.Aspect.DeviceLCD.Graphics.Dashboard\2.0.2999.37045__90ba9c70f846762e\CLI.Aspect.DeviceLCD.Graphics.Dashboard.dll ()

MOD - C:\Windows\assembly\GAC_MSIL\CLI.Aspect.DeviceLCD.Graphics.Wizard\2.0.2999.36929__90ba9c70f846762e\CLI.Aspect.DeviceLCD.Graphics.Wizard.dll ()

MOD - C:\Windows\assembly\GAC_MSIL\CLI.Aspect.DeviceDFP.Graphics.Runtime\2.0.2999.37009__90ba9c70f846762e\CLI.Aspect.DeviceDFP.Graphics.Runtime.dll ()

MOD - C:\Windows\assembly\GAC_MSIL\CLI.Aspect.DeviceLCD.Graphics.Runtime\2.0.2999.37044__90ba9c70f846762e\CLI.Aspect.DeviceLCD.Graphics.Runtime.dll ()

MOD - C:\Windows\assembly\GAC_MSIL\CLI.Aspect.DeviceCRT.Graphics.Runtime\2.0.2999.37016__90ba9c70f846762e\CLI.Aspect.DeviceCRT.Graphics.Runtime.dll ()

MOD - C:\Windows\assembly\GAC_MSIL\AEM.Plugin.Hotkeys.Shared\2.0.2939.23687__90ba9c70f846762e\AEM.Plugin.Hotkeys.Shared.dll ()

MOD - C:\Windows\assembly\GAC_MSIL\AEM.Actions.CCAA.Shared\2.0.2939.23679__90ba9c70f846762e\AEM.Actions.CCAA.Shared.dll ()

MOD - C:\Windows\assembly\GAC_MSIL\AEM.Plugin.GD.Shared\2.0.2939.23767__90ba9c70f846762e\AEM.Plugin.GD.Shared.dll ()

MOD - C:\Windows\assembly\GAC_MSIL\AEM.Plugin.EEU.Shared\2.0.2939.23710__90ba9c70f846762e\AEM.Plugin.EEU.Shared.dll ()

MOD - C:\Windows\assembly\GAC_MSIL\AEM.Plugin.DPPE.Shared\2.0.2939.23768__90ba9c70f846762e\AEM.Plugin.DPPE.Shared.dll ()

MOD - C:\Windows\assembly\GAC_MSIL\atixclib\1.0.0.0__90ba9c70f846762e\atixclib.dll ()

MOD - C:\Windows\assembly\GAC_MSIL\CLI.Foundation\2.0.2939.23668__90ba9c70f846762e\CLI.Foundation.dll ()

MOD - C:\Windows\assembly\GAC_MSIL\DEM.Graphics.I0601\2.0.2573.17685__90ba9c70f846762e\DEM.Graphics.I0601.dll ()

MOD - C:\Windows\assembly\GAC_MSIL\LOG.Foundation\2.0.2939.23662__90ba9c70f846762e\LOG.Foundation.dll ()

MOD - C:\Windows\assembly\GAC_MSIL\CLI.Foundation.XManifest\2.0.2939.23802__90ba9c70f846762e\CLI.Foundation.XManifest.dll ()

MOD - C:\Windows\assembly\GAC_MSIL\NEWAEM.Foundation\2.0.2939.23667__90ba9c70f846762e\NEWAEM.Foundation.dll ()

MOD - C:\Windows\assembly\GAC_MSIL\DEM.OS.I0602\2.0.2939.23717__90ba9c70f846762e\DEM.OS.I0602.dll ()

MOD - C:\Windows\assembly\GAC_MSIL\CLI.Component.Wizard.Shared\2.0.2939.23693__90ba9c70f846762e\CLI.Component.Wizard.Shared.dll ()

MOD - C:\Windows\assembly\GAC_MSIL\CLI.Component.Dashboard.Shared\2.0.2939.23687__90ba9c70f846762e\CLI.Component.Dashboard.Shared.dll ()

MOD - C:\Windows\assembly\GAC_MSIL\CLI.Component.Client.Shared\2.0.2939.23679__90ba9c70f846762e\CLI.Component.Client.Shared.dll ()

MOD - C:\Windows\assembly\GAC_MSIL\MOM.Foundation\2.0.2939.23707__90ba9c70f846762e\MOM.Foundation.dll ()

MOD - C:\Windows\assembly\GAC_MSIL\DEM.OS\2.0.2939.23717__90ba9c70f846762e\DEM.OS.dll ()

MOD - C:\Windows\assembly\GAC_MSIL\DEM.Graphics.I0706\2.0.2743.23304__90ba9c70f846762e\DEM.Graphics.I0706.dll ()

MOD - C:\Windows\assembly\GAC_MSIL\DEM.Graphics\2.0.2939.23718__90ba9c70f846762e\DEM.Graphics.dll ()

MOD - C:\Windows\assembly\GAC_MSIL\DEM.Foundation\2.0.2573.17684__90ba9c70f846762e\DEM.Foundation.dll ()

MOD - C:\Windows\assembly\GAC_MSIL\CLI.Component.Runtime.Shared\2.0.2939.23688__90ba9c70f846762e\CLI.Component.Runtime.Shared.dll ()

MOD - C:\Windows\assembly\GAC_MSIL\CLI.Caste.Graphics.Wizard.Shared\2.0.2939.23734__90ba9c70f846762e\CLI.Caste.Graphics.Wizard.Shared.dll ()

MOD - C:\Windows\assembly\GAC_MSIL\CLI.Aspect.DeviceTV.Graphics.Shared\2.0.2965.22300__90ba9c70f846762e\CLI.Aspect.DeviceTV.Graphics.Shared.dll ()

MOD - C:\Windows\assembly\GAC_MSIL\CLI.Caste.Graphics.Shared\2.0.2939.23689__90ba9c70f846762e\CLI.Caste.Graphics.Shared.dll ()

MOD - C:\Windows\assembly\GAC_MSIL\CLI.Aspect.Radeon3D.Graphics.Shared\2.0.2939.23743__90ba9c70f846762e\CLI.Aspect.Radeon3D.Graphics.Shared.dll ()

MOD - C:\Windows\assembly\GAC_MSIL\CLI.Aspect.DeviceCRT.Graphics.Shared\2.0.2939.23739__90ba9c70f846762e\CLI.Aspect.DeviceCRT.Graphics.Shared.dll ()

MOD - C:\Windows\assembly\GAC_MSIL\CLI.Aspect.MMVideo.Graphics.Shared\2.0.2939.23740__90ba9c70f846762e\CLI.Aspect.MMVideo.Graphics.Shared.dll ()

MOD - C:\Windows\assembly\GAC_MSIL\CLI.Aspect.DeviceDFP.Graphics.Shared\2.0.2939.23738__90ba9c70f846762e\CLI.Aspect.DeviceDFP.Graphics.Shared.dll ()

MOD - C:\Windows\assembly\GAC_MSIL\CLI.Aspect.TransCode.Graphics.Shared\2.0.2939.23764__90ba9c70f846762e\CLI.Aspect.TransCode.Graphics.Shared.dll ()

MOD - C:\Windows\assembly\GAC_MSIL\CLI.Aspect.DeviceCV.Graphics.Shared\2.0.2939.23742__90ba9c70f846762e\CLI.Aspect.DeviceCV.Graphics.Shared.dll ()

MOD - C:\Windows\assembly\GAC_MSIL\CLI.Aspect.DeviceProperty.Graphics.Shared\2.0.2939.23708__90ba9c70f846762e\CLI.Aspect.DeviceProperty.Graphics.Shared.dll ()

MOD - C:\Windows\assembly\GAC_MSIL\CLI.Aspect.PowerPlayDPPE.Graphics.Shared\2.0.2939.23763__90ba9c70f846762e\CLI.Aspect.PowerPlayDPPE.Graphics.Shared.dll ()

MOD - C:\Windows\assembly\GAC_MSIL\CLI.Aspect.DisplaysColour2.Graphics.Shared\2.0.2939.23735__90ba9c70f846762e\CLI.Aspect.DisplaysColour2.Graphics.Shared.dll ()

MOD - C:\Windows\assembly\GAC_MSIL\CLI.Aspect.DeviceLCD.Graphics.Shared\2.0.2939.23719__90ba9c70f846762e\CLI.Aspect.DeviceLCD.Graphics.Shared.dll ()

MOD - C:\Windows\assembly\GAC_MSIL\CLI.Aspect.DisplaysOptions.Graphics.Shared\2.0.2939.23741__90ba9c70f846762e\CLI.Aspect.DisplaysOptions.Graphics.Shared.dll ()

MOD - C:\Windows\assembly\GAC_MSIL\CLI.Aspect.CustomFormats.Graphics.Shared\2.0.2939.23711__90ba9c70f846762e\CLI.Aspect.CustomFormats.Graphics.Shared.dll ()

MOD - C:\Windows\assembly\GAC_MSIL\CLI.Aspect.HotkeysHandling.Graphics.Shared\2.0.2939.23719__90ba9c70f846762e\CLI.Aspect.HotkeysHandling.Graphics.Shared.dll ()

MOD - C:\Windows\assembly\GAC_MSIL\CLI.Caste.Graphics.Dashboard.Shared\2.0.2939.23718__90ba9c70f846762e\CLI.Caste.Graphics.Dashboard.Shared.dll ()

MOD - C:\Windows\assembly\GAC_MSIL\AEM.Foundation\2.0.2939.23665__90ba9c70f846762e\AEM.Foundation.dll ()

MOD - C:\Windows\assembly\GAC_MSIL\ACE.Graphics.DisplaysManager.Shared\2.0.2573.17685__90ba9c70f846762e\ACE.Graphics.DisplaysManager.Shared.dll ()

MOD - C:\Windows\assembly\GAC_MSIL\APM.Foundation\2.0.2939.23709__90ba9c70f846762e\APM.Foundation.dll ()

MOD - C:\Windows\assembly\GAC_MSIL\AEM.Server.Shared\2.0.2939.23687__90ba9c70f846762e\AEM.Server.Shared.dll ()

MOD - C:\Windows\assembly\GAC_MSIL\CLI.Component.Systemtray.resources\2.0.2999.37102_de_90ba9c70f846762e\CLI.Component.Systemtray.resources.dll ()

MOD - C:\Windows\assembly\GAC_MSIL\AEM.Plugin.Source.Kit.Server\2.0.2999.37138__90ba9c70f846762e\AEM.Plugin.Source.Kit.Server.dll ()

MOD - C:\Windows\assembly\GAC_MSIL\LOCALIZATION.Foundation.Implementation\2.0.2999.37149__90ba9c70f846762e\LOCALIZATION.Foundation.Implementation.dll ()

MOD - C:\Windows\assembly\GAC_MSIL\CLI.Component.Runtime.Extension.EEU\2.0.2999.36850__90ba9c70f846762e\CLI.Component.Runtime.Extension.EEU.dll ()

MOD - C:\Windows\assembly\GAC_MSIL\LOCALIZATION.Foundation.Private\2.0.2939.23677__90ba9c70f846762e\LOCALIZATION.Foundation.Private.dll ()

MOD - C:\Windows\assembly\GAC_MSIL\MOM.Implementation\2.0.2999.37110__90ba9c70f846762e\MOM.Implementation.dll ()

MOD - C:\Windows\assembly\GAC_MSIL\LOG.Foundation.Private\2.0.2939.23679__90ba9c70f846762e\LOG.Foundation.Private.dll ()

MOD - C:\Windows\assembly\GAC_MSIL\LOG.Foundation.Implementation\2.0.2999.37109__90ba9c70f846762e\LOG.Foundation.Implementation.dll ()

MOD - C:\Windows\assembly\GAC_MSIL\CLI.Foundation.Private\2.0.2939.23678__90ba9c70f846762e\CLI.Foundation.Private.dll ()

MOD - C:\Windows\assembly\GAC_MSIL\LOG.Foundation.Implementation.Private\2.0.2939.23712__90ba9c70f846762e\LOG.Foundation.Implementation.Private.dll ()

MOD - C:\Windows\assembly\GAC_MSIL\CLI.Component.Wizard\2.0.2999.36886__90ba9c70f846762e\CLI.Component.Wizard.dll ()

MOD - C:\Windows\assembly\GAC_MSIL\CLI.Component.Systemtray\2.0.2999.37102__90ba9c70f846762e\CLI.Component.Systemtray.dll ()

MOD - C:\Windows\assembly\GAC_MSIL\CLI.Component.Wizard.Shared.Private\2.0.2939.23694__90ba9c70f846762e\CLI.Component.Wizard.Shared.Private.dll ()

MOD - C:\Windows\assembly\GAC_MSIL\CLI.Component.Runtime.Shared.Private\2.0.2939.23713__90ba9c70f846762e\CLI.Component.Runtime.Shared.Private.dll ()

MOD - C:\Windows\assembly\GAC_MSIL\CLI.Component.Runtime\2.0.2999.36850__90ba9c70f846762e\CLI.Component.Runtime.dll ()

MOD - C:\Windows\assembly\GAC_MSIL\CLI.Component.Dashboard.Shared.Private\2.0.2939.23711__90ba9c70f846762e\CLI.Component.Dashboard.Shared.Private.dll ()

MOD - C:\Windows\assembly\GAC_MSIL\CLI.Component.Dashboard\2.0.2999.36865__90ba9c70f846762e\CLI.Component.Dashboard.dll ()

MOD - C:\Windows\assembly\GAC_MSIL\ATIDEMOS\2.0.2999.36850__90ba9c70f846762e\ATIDEMOS.dll ()

MOD - C:\Windows\assembly\GAC_MSIL\CLI.Component.Client.Shared.Private\2.0.2939.23689__90ba9c70f846762e\CLI.Component.Client.Shared.Private.dll ()

MOD - C:\Windows\assembly\GAC_MSIL\CCC.Implementation\2.0.2999.37110__90ba9c70f846762e\CCC.Implementation.dll ()

MOD - C:\Windows\assembly\GAC_MSIL\ATICCCom\2.0.0.0__90ba9c70f846762e\ATICCCom.dll ()

MOD - C:\Windows\assembly\GAC_MSIL\CLI.Caste.Graphics.Runtime.Shared.Private\2.0.2939.23746__90ba9c70f846762e\CLI.Caste.Graphics.Runtime.Shared.Private.dll ()

MOD - C:\Windows\assembly\GAC_MSIL\APM.Server\2.0.2999.36849__90ba9c70f846762e\APM.Server.dll ()

MOD - C:\Windows\assembly\GAC_MSIL\AEM.Server\2.0.2999.36849__90ba9c70f846762e\AEM.Server.dll ()

MOD - C:\Windows\System32\atitmmxx.dll ()

MOD - C:\Program Files\ATI Technologies\ATI.ACE\Branding\Branding.dll ()

MOD - C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\atiacmxx.dll ()

MOD - C:\Program Files\Samsung\Samsung Update Plus\SLUTrayNotifier.exe ()

MOD - C:\Windows\System32\btwhidcs.dll ()

MOD - C:\Program Files\Common Files\LightScribe\QtGui4.dll ()

MOD - C:\Program Files\Common Files\LightScribe\QtCore4.dll ()

MOD - C:\Program Files\Samsung\Easy Display Manager\WinMove.dll ()

MOD - C:\Program Files\Samsung\Samsung Magic Doctor\HookDllPS2.dll ()

MOD - C:\Program Files\Samsung\EasySpeedUpManager\HookDllPS2.dll ()

MOD - C:\Program Files\Samsung\Easy Display Manager\HookDllPS2.dll ()

 

 
 ========== Win32 Services (SafeList) ==========

 

SRV - (AntiVirSchedulerService) -- C:\Program Files\Avira\AntiVir Desktop\sched.exe (Avira Operations GmbH & Co. KG)

SRV - (AntiVirService) -- C:\Program Files\Avira\AntiVir Desktop\avguard.exe (Avira Operations GmbH & Co. KG)

SRV - (BBSvc) -- C:\Program Files\Microsoft\BingBar\BBSvc.EXE (Microsoft Corporation.)

SRV - (SeaPort) -- C:\Program Files\Microsoft\BingBar\SeaPort.EXE (Microsoft Corporation)

SRV - (OpenVPNService) -- C:\Program Files\OpenVPN\bin\openvpnserv.exe ()

SRV - (WinDefend) -- C:\Program Files\Windows Defender\MpSvc.dll (Microsoft Corporation)

SRV - (BcmSqlStartupSvc) -- C:\Program Files\Microsoft Small Business\Business Contact Manager\BcmSqlStartupSvc.exe (Microsoft Corporation)

SRV - (Samsung Update Plus) -- C:\Program Files\Samsung\Samsung Update Plus\SLUBackgroundService.exe ()

 

 
 ========== Driver Services (SafeList) ==========

 

DRV - (NwlnkFwd) -- system32\DRIVERS\nwlnkfwd.sys File not found

DRV - (NwlnkFlt) -- system32\DRIVERS\nwlnkflt.sys File not found

DRV - (IpInIp) -- system32\DRIVERS\ipinip.sys File not found

DRV - (blbdrive) -- C:\Windows\system32\drivers\blbdrive.sys File not found

DRV - (avipbb) -- C:\Windows\System32\drivers\avipbb.sys (Avira GmbH)

DRV - (avgntflt) -- C:\Windows\System32\drivers\avgntflt.sys (Avira GmbH)

DRV - (avkmgr) -- C:\Windows\System32\drivers\avkmgr.sys (Avira GmbH)

DRV - (seehcri) -- C:\Windows\System32\drivers\seehcri.sys (Sony Ericsson Mobile Communications)

DRV - (ggsemc) -- C:\Windows\System32\drivers\ggsemc.sys (Sony Ericsson Mobile Communications)

DRV - (ggflt) -- C:\Windows\System32\drivers\ggflt.sys (Sony Ericsson Mobile Communications)

DRV - (ssmdrv) -- C:\Windows\System32\drivers\ssmdrv.sys (Avira GmbH)

DRV - (sptd) -- C:\Windows\System32\drivers\sptd.sys ()

DRV - (PzWDM) -- C:\Windows\System32\drivers\PzWDM.sys (Prassi Technology)

DRV - (KMDFMEMIO) -- C:\Windows\System32\drivers\KMDFMEMIO.sys (SAMSUNG ELECTRONICS CO., LTD.)

DRV - (R300) -- C:\Windows\System32\drivers\atikmdag.sys (ATI Technologies Inc.)

DRV - (atikmdag) -- C:\Windows\System32\drivers\atikmdag.sys (ATI Technologies Inc.)

DRV - (VMC302) -- C:\Windows\System32\drivers\vmc302.sys (Vimicro Corporation)

DRV - (athr) -- C:\Windows\System32\drivers\athr.sys (Atheros Communications, Inc.)

DRV - (AtiPcie) ATI PCI Express (3GIO) -- C:\Windows\System32\drivers\AtiPcie.sys (ATI Technologies Inc.)

DRV - (AgereSoftModem) -- C:\Windows\System32\drivers\AGRSM.sys (Agere Systems)

DRV - (NETw2v32) Intel(R) -- C:\Windows\System32\drivers\NETw2v32.sys (Intel® Corporation)

DRV - (RTL8023xp) -- C:\Windows\System32\drivers\Rtnicxp.sys (Realtek Semiconductor Corporation                           )

 

 
 ========== Standard Registry (SafeList) ==========

 

 
 ========== Internet Explorer ==========

 

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http:\\www.samsungcomputer.com

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = %SystemRoot%\system32\blank.htm

IE - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}

IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://search.live.com/results.aspx?q={searchTerms}&src={referrer:source?}

 

 

IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

 

IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

 

 

 

IE - HKU\S-1-5-21-2695662200-722587133-2900711219-1003\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http:\\www.samsungcomputer.com

IE - HKU\S-1-5-21-2695662200-722587133-2900711219-1003\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Search_URL = hxxp://www.google.com/ie

IE - HKU\S-1-5-21-2695662200-722587133-2900711219-1003\SOFTWARE\Microsoft\Internet Explorer\Main,Search Bar = hxxp://www.google.com/ie

IE - HKU\S-1-5-21-2695662200-722587133-2900711219-1003\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.google.com

IE - HKU\S-1-5-21-2695662200-722587133-2900711219-1003\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http:\\www.samsungcomputer.com

IE - HKU\S-1-5-21-2695662200-722587133-2900711219-1003\SOFTWARE\Microsoft\Internet Explorer\Main,StartPageCache = 1

IE - HKU\S-1-5-21-2695662200-722587133-2900711219-1003\SOFTWARE\Microsoft\Internet Explorer\Search,Default_Search_URL = hxxp://www.google.com/ie

IE - HKU\S-1-5-21-2695662200-722587133-2900711219-1003\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant = hxxp://www.google.com/ie

IE - HKU\S-1-5-21-2695662200-722587133-2900711219-1003\..\URLSearchHook:  - No CLSID value found

IE - HKU\S-1-5-21-2695662200-722587133-2900711219-1003\..\SearchScopes,DefaultScope = {EBB836D7-F359-4057-997A-EF314E7BA572}

IE - HKU\S-1-5-21-2695662200-722587133-2900711219-1003\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://search.live.com/results.aspx?q={searchTerms}&src={referrer:source?}

IE - HKU\S-1-5-21-2695662200-722587133-2900711219-1003\..\SearchScopes\{6552C7DD-90A4-4387-B795-F8F96747DE19}: "URL" = hxxp://www.icq.com/search/results.php?q={searchTerms}&ch_id=osd

IE - HKU\S-1-5-21-2695662200-722587133-2900711219-1003\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = hxxp://www.google.com/search?q={sear

IE - HKU\S-1-5-21-2695662200-722587133-2900711219-1003\..\SearchScopes\{EBB836D7-F359-4057-997A-EF314E7BA572}: "URL" = hxxp://www.google.com/search?q={searchTerms}&sourceid=ie7&rls=com.microsoft:en-US&ie=utf8&oe=utf8

IE - HKU\S-1-5-21-2695662200-722587133-2900711219-1003\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-21-2695662200-722587133-2900711219-1003\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local

 
 ========== FireFox ==========

 

FF - prefs.js..browser.search.defaultenginename: "ICQ Search"

FF - prefs.js..browser.search.selectedEngine: "Google"

FF - prefs.js..browser.search.useDBForOrder: true

FF - prefs.js..browser.startup.homepage: "hxxp://google.de/"

FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA}:6.0.21

FF - prefs.js..extensions.enabledItems: {ACAA314B-EEBA-48e4-AD47-84E31C44796C}:1.0.1

FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA}:6.0.22

FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA}:6.0.23

FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA}:6.0.24

FF - prefs.js..keyword.URL: "hxxp://search.icq.com/search/afe_results.php?ch_id=afex&q="

FF - user.js - File not found

 

FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF32.dll ()

FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=:  File not found

FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=1.0: C:\Program Files\iTunes\Mozilla Plugins\npitunes.dll ()

FF - HKLM\Software\MozillaPlugins\@divx.com/DivX Player Plugin,version=1.0.0:  File not found

FF - HKLM\Software\MozillaPlugins\@google.com/npPicasa3,version=3.0.0: C:\Program Files\Google\Picasa3\npPicasa3.dll (Google, Inc.)

FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files\Java\jre6\bin\new_plugin\npjp2.dll (Sun Microsystems, Inc.)

FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: C:\Program Files\Microsoft Silverlight\4.1.10111.0\npctrl.dll ( Microsoft Corporation)

FF - HKLM\Software\MozillaPlugins\@microsoft.com/WPF,version=3.5: C:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)

FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files\Google\Update\1.3.21.111\npGoogleUpdate3.dll (Google Inc.)

FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files\Google\Update\1.3.21.111\npGoogleUpdate3.dll (Google Inc.)

 

FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 11.0\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2012.03.18 13:30:50 | 000,000,000 | ---D | M]

FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 11.0\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2012.01.27 13:20:54 | 000,000,000 | ---D | M]

 

[2008.09.25 14:58:21 | 000,000,000 | ---D | M] (No name found) -- C:\Users\*\AppData\Roaming\mozilla\Extensions

[2012.02.08 20:19:52 | 000,000,000 | ---D | M] (No name found) -- C:\Users\*\AppData\Roaming\mozilla\Firefox\Profiles\kh6forey.default\extensions

[2010.09.16 14:47:31 | 000,000,000 | ---D | M] ("Free YouTube Download (Free Studio) Menu") -- C:\Users\*\AppData\Roaming\mozilla\Firefox\Profiles\kh6forey.default\extensions\{ACAA314B-EEBA-48e4-AD47-84E31C44796C}

[2012.03.24 13:16:36 | 000,000,944 | ---- | M] () -- C:\Users\*\AppData\Roaming\Mozilla\Firefox\Profiles\kh6forey.default\searchplugins\icqplugin.xml

[2012.02.03 18:50:07 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files\Mozilla Firefox\extensions

[2008.12.26 11:23:11 | 000,000,000 | ---D | M] ("ICQ Toolbar") -- C:\Program Files\Mozilla Firefox\extensions\{800b5000-a755-47e1-992b-48a1c1357f07}

() (No name found) -- C:\USERS\*\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\KH6FOREY.DEFAULT\EXTENSIONS\FIREBUG@SOFTWARE.JOEHEWITT.COM.XPI

[2012.03.18 13:30:49 | 000,097,208 | ---- | M] (Mozilla Foundation) -- C:\Program Files\mozilla firefox\components\browsercomps.dll

[2011.11.10 06:54:13 | 000,476,904 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files\mozilla firefox\plugins\npdeployJava1.dll

[2011.05.18 19:14:33 | 000,001,392 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\amazondotcom-de.xml

[2011.05.18 19:14:33 | 000,002,252 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\bing.xml

[2011.05.18 19:14:33 | 000,001,153 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\eBay-de.xml

[2011.05.18 19:14:33 | 000,006,805 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\leo_ende_de.xml

[2011.05.18 19:14:33 | 000,001,178 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\wikipedia-de.xml

[2011.05.18 19:14:33 | 000,001,105 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\yahoo-de.xml

 

O1 HOSTS File: ([2006.09.18 23:41:30 | 000,000,761 | ---- | M]) - C:\Windows\System32\drivers\etc\hosts

O1 - Hosts: 127.0.0.1       localhost

O1 - Hosts: ::1             localhost

O2 - BHO: (Adobe PDF Reader) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll (Adobe Systems Incorporated)

O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - No CLSID value found.

O2 - BHO: (Java(tm) Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre6\bin\ssv.dll (Sun Microsystems, Inc.)

O2 - BHO: (Bing Bar Helper) - {d2ce3e00-f94a-4740-988e-03dc2f38c34f} - C:\Program Files\Microsoft\BingBar\BingExt.dll (Microsoft Corporation.)

O3 - HKLM\..\Toolbar: (Bing Bar) - {8dcb7100-df86-4384-8842-8fa844297b3f} - C:\Program Files\Microsoft\BingBar\BingExt.dll (Microsoft Corporation.)

O4 - HKLM..\Run: [avgnt] C:\Program Files\Avira\AntiVir Desktop\avgnt.exe (Avira Operations GmbH & Co. KG)

O4 - HKLM..\Run: [LanguageShortcut] C:\Program Files\CyberLink\PowerDVD\Language\Language.exe ()

O4 - HKLM..\Run: [Malwarebytes Anti-Malware (reboot)] C:\Program Files\Malwarebytes' Anti-Malware\mbam.exe (Malwarebytes Corporation)

O4 - HKLM..\Run: [MBBalloon] C:\Program Files\HOTALBUMMyBOX\MBBalloon.exe (PLANNING Co., Ltd.)

O4 - HKLM..\Run: [MSConfig] C:\Windows\System32\msconfig.exe (Microsoft Corporation)

O4 - HKLM..\Run: [RtHDVCpl] C:\Windows\RtHDVCpl.exe (Realtek Semiconductor)

O4 - HKLM..\Run: [StartCCC] C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe (Advanced Micro Devices, Inc.)

O4 - HKLM..\Run: [Windows Defender] C:\Program Files\Windows Defender\MSASCui.exe (Microsoft Corporation)

O4 - HKU\S-1-5-19..\Run: [WindowsWelcomeCenter] C:\Windows\System32\oobefldr.dll (Microsoft Corporation)

O4 - HKU\S-1-5-20..\Run: [WindowsWelcomeCenter] C:\Windows\System32\oobefldr.dll (Microsoft Corporation)

F3 - HKU\S-1-5-21-2695662200-722587133-2900711219-1003 WinNT: Load - (C:\Users\jess\LOCALS~1\Temp\mssxkoiuu.pif) -  File not found

O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: NoHotStart = 0

O8 - Extra context menu item: Add to Google Photos Screensa&ver - C:\Windows\System32\GPhotos.scr (Google Inc.)

O8 - Extra context menu item: Free YouTube Download - C:\Users\*\AppData\Roaming\DVDVideoSoftIEHelpers\youtubedownload.htm ()

O8 - Extra context menu item: Free YouTube to Mp3 Converter - C:\Users\*\AppData\Roaming\DVDVideoSoftIEHelpers\freeyoutubetomp3converter.htm ()

O9 - Extra Button: @btrez.dll,-4015 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm ()

O9 - Extra 'Tools' menuitem : @btrez.dll,-12650 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm ()

O10 - NameSpace_Catalog5\Catalog_Entries\000000000008 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)

O13 - gopher Prefix: missing

O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_30-windows-i586.cab (Java Plug-in 1.6.0_30)

O16 - DPF: {CAFEEFAC-0016-0000-0030-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_30-windows-i586.cab (Java Plug-in 1.6.0_30)

O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_30-windows-i586.cab (Java Plug-in 1.6.0_30)

O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.2.1 78.42.43.62 82.212.62.62

O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{7044E990-DB48-44BA-B743-E604CF9DB3DB}: DhcpNameServer = 192.168.2.1

O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{769E267F-D595-4D68-B831-FEC1872E800B}: DhcpNameServer = 192.168.2.1 78.42.43.62 82.212.62.62

O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files\Common Files\Skype\Skype4COM.dll (Skype Technologies)

O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)

O20 - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\System32\userinit.exe (Microsoft Corporation)

O24 - Desktop WallPaper: C:\Users\jess\AppData\Roaming\Microsoft\Windows Photo Gallery\Hintergrundbild der Windows-Fotogalerie.jpg

O24 - Desktop BackupWallPaper: C:\Users\jess\AppData\Roaming\Microsoft\Windows Photo Gallery\Hintergrundbild der Windows-Fotogalerie.jpg

O32 - HKLM CDRom: AutoRun - 1

O32 - AutoRun File - [2006.09.18 23:43:36 | 000,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ]

O33 - MountPoints2\{673e6cfe-29ff-11de-8d2f-0013779d79c3}\Shell\AutoRun\command - "" = H:\START.exe

O33 - MountPoints2\{77e039ad-eb5a-11df-989f-0013779d79c3}\Shell - "" = AutoRun

O33 - MountPoints2\{77e039ad-eb5a-11df-989f-0013779d79c3}\Shell\AutoRun\command - "" = I:\Startme.exe

O33 - MountPoints2\{8ce13330-463f-11df-bc61-0013779d79c3}\Shell - "" = AutoRun

O33 - MountPoints2\{8ce13330-463f-11df-bc61-0013779d79c3}\Shell\AutoRun\command - "" = I:\LaunchU3.exe -a

O34 - HKLM BootExecute: (autocheck autochk *)

O35 - HKLM\..comfile [open] -- "%1" %*

O35 - HKLM\..exefile [open] -- "%1" %*

O37 - HKLM\...com [@ = comfile] -- "%1" %*

O37 - HKLM\...exe [@ = exefile] -- "%1" %*

 

NetSvcs: FastUserSwitchingCompatibility -  File not found

NetSvcs: Ias - C:\Windows\System32\ias.dll (Microsoft Corporation)

NetSvcs: Nla -  File not found

NetSvcs: Ntmssvc -  File not found

NetSvcs: NWCWorkstation -  File not found

NetSvcs: Nwsapagent -  File not found

NetSvcs: SRService -  File not found

NetSvcs: WmdmPmSp -  File not found

NetSvcs: LogonHours -  File not found

NetSvcs: PCAudit -  File not found

NetSvcs: helpsvc -  File not found

NetSvcs: uploadmgr -  File not found

 

MsConfig - StartUpReg: Ulead Photo Express 5 SE Calendar Checker - hkey= - key= - C:\Program Files\Ulead Systems\Ulead Photo Express 5 SE\CalCheck.exe (Ulead Systems, Inc.)

MsConfig - State: "startup" - 2

 

SafeBootMin: AppMgmt - Service

SafeBootMin: Base - Driver Group

SafeBootMin: Boot Bus Extender - Driver Group

SafeBootMin: Boot file system - Driver Group

SafeBootMin: File system - Driver Group

SafeBootMin: Filter - Driver Group

SafeBootMin: HelpSvc - Service

SafeBootMin: NTDS -  File not found

SafeBootMin: PCI Configuration - Driver Group

SafeBootMin: PNP Filter - Driver Group

SafeBootMin: Primary disk - Driver Group

SafeBootMin: sacsvr - Service

SafeBootMin: SCSI Class - Driver Group

SafeBootMin: System Bus Extender - Driver Group

SafeBootMin: WinDefend - C:\Program Files\Windows Defender\MpSvc.dll (Microsoft Corporation)

SafeBootMin: {36FC9E60-C465-11CF-8056-444553540000} - Universal Serial Bus controllers

SafeBootMin: {4D36E965-E325-11CE-BFC1-08002BE10318} - CD-ROM Drive

SafeBootMin: {4D36E967-E325-11CE-BFC1-08002BE10318} - DiskDrive

SafeBootMin: {4D36E969-E325-11CE-BFC1-08002BE10318} - Standard floppy disk controller

SafeBootMin: {4D36E96A-E325-11CE-BFC1-08002BE10318} - Hdc

SafeBootMin: {4D36E96B-E325-11CE-BFC1-08002BE10318} - Keyboard

SafeBootMin: {4D36E96F-E325-11CE-BFC1-08002BE10318} - Mouse

SafeBootMin: {4D36E977-E325-11CE-BFC1-08002BE10318} - PCMCIA Adapters

SafeBootMin: {4D36E97B-E325-11CE-BFC1-08002BE10318} - SCSIAdapter

SafeBootMin: {4D36E97D-E325-11CE-BFC1-08002BE10318} - System

SafeBootMin: {4D36E980-E325-11CE-BFC1-08002BE10318} - Floppy disk drive

SafeBootMin: {533C5B84-EC70-11D2-9505-00C04F79DEAF} - Volume shadow copy

SafeBootMin: {6BDD1FC1-810F-11D0-BEC7-08002BE2092F} - IEEE 1394 Bus host controllers

SafeBootMin: {71A27CDD-812A-11D0-BEC7-08002BE2092F} - Volume

SafeBootMin: {745A17A0-74D3-11D0-B6FE-00A0C90F57DA} - Human Interface Devices

SafeBootMin: {D48179BE-EC20-11D1-B6B8-00C04FA372A7} - SBP2 IEEE 1394 Devices

SafeBootMin: {D94EE5D8-D189-4994-83D2-F68D7D41B0E6} - SecurityDevices

 

SafeBootNet: AppMgmt - Service

SafeBootNet: Base - Driver Group

SafeBootNet: Boot Bus Extender - Driver Group

SafeBootNet: Boot file system - Driver Group

SafeBootNet: File system - Driver Group

SafeBootNet: Filter - Driver Group

SafeBootNet: HelpSvc - Service

SafeBootNet: Messenger - Service

SafeBootNet: NDIS Wrapper - Driver Group

SafeBootNet: NetBIOSGroup - Driver Group

SafeBootNet: NetDDEGroup - Driver Group

SafeBootNet: Network - Driver Group

SafeBootNet: NetworkProvider - Driver Group

SafeBootNet: NTDS -  File not found

SafeBootNet: PCI Configuration - Driver Group

SafeBootNet: PNP Filter - Driver Group

SafeBootNet: PNP_TDI - Driver Group

SafeBootNet: Primary disk - Driver Group

SafeBootNet: rdsessmgr - Service

SafeBootNet: sacsvr - Service

SafeBootNet: SCSI Class - Driver Group

SafeBootNet: Streams Drivers - Driver Group

SafeBootNet: System Bus Extender - Driver Group

SafeBootNet: TDI - Driver Group

SafeBootNet: WinDefend - C:\Program Files\Windows Defender\MpSvc.dll (Microsoft Corporation)

SafeBootNet: {36FC9E60-C465-11CF-8056-444553540000} - Universal Serial Bus controllers

SafeBootNet: {4D36E965-E325-11CE-BFC1-08002BE10318} - CD-ROM Drive

SafeBootNet: {4D36E967-E325-11CE-BFC1-08002BE10318} - DiskDrive

SafeBootNet: {4D36E969-E325-11CE-BFC1-08002BE10318} - Standard floppy disk controller

SafeBootNet: {4D36E96A-E325-11CE-BFC1-08002BE10318} - Hdc

SafeBootNet: {4D36E96B-E325-11CE-BFC1-08002BE10318} - Keyboard

SafeBootNet: {4D36E96F-E325-11CE-BFC1-08002BE10318} - Mouse

SafeBootNet: {4D36E972-E325-11CE-BFC1-08002BE10318} - Net

SafeBootNet: {4D36E973-E325-11CE-BFC1-08002BE10318} - NetClient

SafeBootNet: {4D36E974-E325-11CE-BFC1-08002BE10318} - NetService

SafeBootNet: {4D36E975-E325-11CE-BFC1-08002BE10318} - NetTrans

SafeBootNet: {4D36E977-E325-11CE-BFC1-08002BE10318} - PCMCIA Adapters

SafeBootNet: {4D36E97B-E325-11CE-BFC1-08002BE10318} - SCSIAdapter

SafeBootNet: {4D36E97D-E325-11CE-BFC1-08002BE10318} - System

SafeBootNet: {4D36E980-E325-11CE-BFC1-08002BE10318} - Floppy disk drive

SafeBootNet: {50DD5230-BA8A-11D1-BF5D-0000F805F530} - Smart card readers

SafeBootNet: {533C5B84-EC70-11D2-9505-00C04F79DEAF} - Volume shadow copy

SafeBootNet: {6BDD1FC1-810F-11D0-BEC7-08002BE2092F} - IEEE 1394 Bus host controllers

SafeBootNet: {71A27CDD-812A-11D0-BEC7-08002BE2092F} - Volume

SafeBootNet: {745A17A0-74D3-11D0-B6FE-00A0C90F57DA} - Human Interface Devices

SafeBootNet: {D48179BE-EC20-11D1-B6B8-00C04FA372A7} - SBP2 IEEE 1394 Devices

SafeBootNet: {D94EE5D8-D189-4994-83D2-F68D7D41B0E6} - SecurityDevices

 

ActiveX: {08B0E5C0-4FCB-11CF-AAA5-00401C608500} - Microsoft VM

ActiveX: {10880D85-AAD9-4558-ABDC-2AB1552D831F} - "C:\Program Files\Common Files\LightScribe\LSRunOnce.exe"

ActiveX: {2179C5D3-EBFF-11CF-B6FD-00AA00B4E220} - 

ActiveX: {22d6f312-b0f6-11d0-94ab-0080c74c7e95} - Microsoft Windows Media Player 11.0

ActiveX: {25FFAAD0-F4A3-4164-95FF-4461E9F35D51} - .NET Framework

ActiveX: {2C7339CF-2B09-4501-B3F3-F3508C9228ED} - %SystemRoot%\system32\regsvr32.exe /s /n /i:/UserInstall %SystemRoot%\system32\themeui.dll

ActiveX: {3af36230-a269-11d1-b5bf-0000f8051515} - Offline Browsing Pack

ActiveX: {44BBA840-CC51-11CF-AAFA-00AA00B6015C} - "%ProgramFiles%\Windows Mail\WinMail.exe" OCInstallUserConfigOE

ActiveX: {44BBA848-CC51-11CF-AAFA-00AA00B6015C} - 

ActiveX: {44BBA855-CC51-11CF-AAFA-00AA00B6015F} - DirectDrawEx

ActiveX: {45ea75a0-a269-11d1-b5bf-0000f8051515} - Internet Explorer Help

ActiveX: {4f645220-306d-11d2-995d-00c04f98bbc9} - Microsoft Windows Script 5.6

ActiveX: {5fd399c0-a70a-11d1-9948-00c04f98bbc9} - Internet Explorer Setup Tools

ActiveX: {630b1da0-b465-11d1-9948-00c04f98bbc9} - Browsing Enhancements

ActiveX: {6BF52A52-394A-11d3-B153-00C04F79FAA6} - Microsoft Windows Media Player

ActiveX: {6fab99d0-bab8-11d1-994a-00c04f98bbc9} - MSN Site Access

ActiveX: {7790769C-0471-11d2-AF11-00C04FA35D02} - Address Book 7

ActiveX: {7C028AF8-F614-47B3-82DA-BA94E41B1089} - .NET Framework

ActiveX: {89820200-ECBD-11cf-8B85-00AA005B4340} - regsvr32.exe /s /n /i:U shell32.dll

ActiveX: {89820200-ECBD-11cf-8B85-00AA005B4383} - C:\Windows\system32\ie4uinit.exe -BaseSettings

ActiveX: {89B4C1CD-B018-4511-B0A1-5476DBF70820} - C:\Windows\system32\Rundll32.exe C:\Windows\system32\mscories.dll,Install

ActiveX: {9381D8F2-0288-11D0-9501-00AA00B911A5} - Dynamic HTML Data Binding

ActiveX: {C9E9A340-D1F1-11D0-821E-444553540600} - Internet Explorer Core Fonts

ActiveX: {CDD7975E-60F8-41d5-8149-19E51D6F71D0} - Windows Movie Maker v2.1

ActiveX: {D27CDB6E-AE6D-11CF-96B8-444553540000} - Macromedia Shockwave Flash

ActiveX: {de5aed00-a4bf-11d1-9948-00c04f98bbc9} - HTML Help

ActiveX: {E92B03AB-B707-11d2-9CBD-0000F87A369E} - Active Directory Service Interface

ActiveX: >{22d6f312-b0f6-11d0-94ab-0080c74c7e95} - C:\Windows\system32\unregmp2.exe /ShowWMP

ActiveX: >{26923b43-4d38-484f-9b9e-de460746276c} - C:\Windows\system32\ie4uinit.exe -UserIconConfig

ActiveX: >{60B49E34-C7CC-11D0-8953-00A0C90347FF} - RunDLL32 IEDKCS32.DLL,BrandIE4 SIGNUP

 

Drivers32: msacm.l3acm - C:\Windows\System32\l3codeca.acm (Fraunhofer Institut Integrierte Schaltungen IIS)

Drivers32: MSVideo8 - C:\Windows\System32\vfwwdm32.dll (Microsoft Corporation)

Drivers32: vidc.cvid - C:\Windows\System32\iccvid.dll (Radius Inc.)

 

CREATERESTOREPOINT

Restore point Set: OTL Restore Point

 
 ========== Files/Folders - Created Within 30 Days ==========

 

[2012.03.26 19:47:30 | 000,000,000 | ---D | C] -- C:\Program Files\ESET

[2012.03.20 22:38:31 | 000,000,000 | ---D | C] -- C:\Users\*\Local Settings

 
 ========== Files - Modified Within 30 Days ==========

 

[2012.03.27 18:08:59 | 000,698,314 | ---- | M] () -- C:\Windows\System32\perfh007.dat

[2012.03.27 18:08:59 | 000,656,850 | ---- | M] () -- C:\Windows\System32\perfh009.dat

[2012.03.27 18:08:59 | 000,140,232 | ---- | M] () -- C:\Windows\System32\perfc007.dat

[2012.03.27 18:08:59 | 000,121,446 | ---- | M] () -- C:\Windows\System32\perfc009.dat

[2012.03.27 18:04:06 | 000,001,090 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job

[2012.03.27 18:01:54 | 000,003,072 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0

[2012.03.27 18:01:53 | 000,003,072 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0

[2012.03.27 18:01:38 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat

[2012.03.27 18:01:32 | 3219,308,544 | -HS- | M] () -- C:\hiberfil.sys

[2012.03.27 08:52:25 | 000,000,012 | ---- | M] () -- C:\Windows\bthservsdp.dat

[2012.03.27 08:39:00 | 000,001,094 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job

[2012.03.26 19:47:02 | 000,000,416 | -H-- | M] () -- C:\Windows\tasks\User_Feed_Synchronization-{B8DF09FC-AA2A-42C8-AAFD-FBF970487B24}.job

[2012.03.24 10:28:40 | 000,000,866 | ---- | M] () -- C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk

[2012.03.01 18:51:34 | 006,454,744 | ---- | M] () -- C:\Users\*\Desktop\2.JPG

[2012.03.01 18:44:39 | 004,655,684 | ---- | M] () -- C:\Users\*\Desktop\1.JPG

[2012.03.01 17:01:13 | 000,000,916 | ---- | M] () -- C:\Users\*\Desktop\Dropbox.lnk

 
 ========== Files Created - No Company Name ==========

 

[2012.03.24 10:46:41 | 3219,308,544 | -HS- | C] () -- C:\hiberfil.sys

[2012.03.24 10:28:40 | 000,000,866 | ---- | C] () -- C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk

[2012.03.20 17:07:40 | 000,001,094 | ---- | C] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job

[2012.03.20 17:07:38 | 000,001,090 | ---- | C] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job

[2012.03.01 18:51:31 | 006,454,744 | ---- | C] () -- C:\Users\*\Desktop\2.JPG

 
 ========== LOP Check ==========

 

[2010.09.07 23:25:29 | 000,000,000 | ---D | M] -- C:\Users\*\AppData\Roaming\696737317CB889FB6A28F6275874920D

[2011.06.28 09:47:37 | 000,000,000 | ---D | M] -- C:\Users\*\AppData\Roaming\com.adobe.downloadassistant.AdobeDownloadAssistant

[2010.03.31 12:35:47 | 000,000,000 | ---D | M] -- C:\Users\*\AppData\Roaming\DAEMON Tools Lite

[2009.10.15 18:33:03 | 000,000,000 | ---D | M] -- C:\Users\*\AppData\Roaming\DAEMON Tools Pro

[2012.03.27 18:06:17 | 000,000,000 | ---D | M] -- C:\Users\*\AppData\Roaming\Dropbox

[2011.11.30 22:20:44 | 000,000,000 | ---D | M] -- C:\Users\*\AppData\Roaming\DVDVideoSoft

[2011.07.04 23:25:37 | 000,000,000 | ---D | M] -- C:\Users\*\AppData\Roaming\DVDVideoSoftIEHelpers

[2011.06.28 11:09:30 | 000,000,000 | ---D | M] -- C:\Users\*\AppData\Roaming\gtk-2.0

[2011.01.15 18:24:12 | 000,000,000 | ---D | M] -- C:\Users\*\AppData\Roaming\MySQL

[2008.11.18 15:24:34 | 000,000,000 | ---D | M] -- C:\Users\*\AppData\Roaming\OpenOffice.org

[2011.07.07 00:47:56 | 000,000,000 | ---D | M] -- C:\Users\*\AppData\Roaming\PhotoScape

[2011.05.01 19:22:46 | 000,000,000 | ---D | M] -- C:\Users\*\AppData\Roaming\Scribus

[2010.03.31 18:25:19 | 000,000,000 | ---D | M] -- C:\Users\*\AppData\Roaming\TeamViewer

[2012.03.27 08:52:28 | 000,032,620 | ---- | M] () -- C:\Windows\Tasks\SCHEDLGU.TXT

[2012.03.26 19:47:02 | 000,000,416 | -H-- | M] () -- C:\Windows\Tasks\User_Feed_Synchronization-{B8DF09FC-AA2A-42C8-AAFD-FBF970487B24}.job

 
 ========== Purity Check ==========

 

 

 
 ========== Custom Scans ==========

 
 < %ALLUSERSPROFILE%\Application Data\*. >

 
 < %ALLUSERSPROFILE%\Application Data\*.exe /s >

 
 < %APPDATA%\*. >

[2010.09.07 23:25:29 | 000,000,000 | ---D | M] -- C:\Users\*\AppData\Roaming\696737317CB889FB6A28F6275874920D

[2011.06.28 10:23:14 | 000,000,000 | ---D | M] -- C:\Users\*\AppData\Roaming\Adobe

[2010.10.29 11:03:42 | 000,000,000 | ---D | M] -- C:\Users\*\AppData\Roaming\Apple Computer

[2008.09.25 14:30:06 | 000,000,000 | ---D | M] -- C:\Users\*\AppData\Roaming\ATI

[2012.02.12 00:24:37 | 000,000,000 | ---D | M] -- C:\Users\*\AppData\Roaming\Avira

[2011.06.28 09:47:37 | 000,000,000 | ---D | M] -- C:\Users\*\AppData\Roaming\com.adobe.downloadassistant.AdobeDownloadAssistant

[2009.01.28 23:19:53 | 000,000,000 | ---D | M] -- C:\Users\*\AppData\Roaming\CyberLink

[2010.03.31 12:35:47 | 000,000,000 | ---D | M] -- C:\Users\*\AppData\Roaming\DAEMON Tools Lite

[2009.10.15 18:33:03 | 000,000,000 | ---D | M] -- C:\Users\*\AppData\Roaming\DAEMON Tools Pro

[2009.01.28 15:38:30 | 000,000,000 | ---D | M] -- C:\Users\*\AppData\Roaming\DivX

[2012.03.27 18:06:17 | 000,000,000 | ---D | M] -- C:\Users\*\AppData\Roaming\Dropbox

[2011.11.30 22:20:44 | 000,000,000 | ---D | M] -- C:\Users\*\AppData\Roaming\DVDVideoSoft

[2011.07.04 23:25:37 | 000,000,000 | ---D | M] -- C:\Users\*\AppData\Roaming\DVDVideoSoftIEHelpers

[2011.06.28 11:09:30 | 000,000,000 | ---D | M] -- C:\Users\*\AppData\Roaming\gtk-2.0

[2008.09.25 14:28:50 | 000,000,000 | ---D | M] -- C:\Users\*\AppData\Roaming\Identities

[2008.09.25 14:51:44 | 000,000,000 | ---D | M] -- C:\Users\*\AppData\Roaming\Macromedia

[2010.09.07 16:37:59 | 000,000,000 | ---D | M] -- C:\Users\*\AppData\Roaming\Malwarebytes

[2006.11.02 14:37:34 | 000,000,000 | ---D | M] -- C:\Users\*\AppData\Roaming\Media Center Programs

[2012.03.24 10:38:30 | 000,000,000 | --SD | M] -- C:\Users\*\AppData\Roaming\Microsoft

[2008.09.25 14:58:21 | 000,000,000 | ---D | M] -- C:\Users\*\AppData\Roaming\Mozilla

[2011.01.15 18:24:12 | 000,000,000 | ---D | M] -- C:\Users\*\AppData\Roaming\MySQL

[2008.11.18 15:24:34 | 000,000,000 | ---D | M] -- C:\Users\*\AppData\Roaming\OpenOffice.org

[2011.07.07 00:47:56 | 000,000,000 | ---D | M] -- C:\Users\*\AppData\Roaming\PhotoScape

[2011.05.01 19:22:46 | 000,000,000 | ---D | M] -- C:\Users\*\AppData\Roaming\Scribus

[2012.01.31 22:45:10 | 000,000,000 | ---D | M] -- C:\Users\*\AppData\Roaming\Skype

[2012.01.31 22:45:04 | 000,000,000 | ---D | M] -- C:\Users\*\AppData\Roaming\skypePM

[2010.03.31 18:25:19 | 000,000,000 | ---D | M] -- C:\Users\*\AppData\Roaming\TeamViewer

[2010.09.04 19:38:10 | 000,000,000 | ---D | M] -- C:\Users\*\AppData\Roaming\U3

[2011.04.28 22:01:31 | 000,000,000 | ---D | M] -- C:\Users\*\AppData\Roaming\WinRAR

 
 < %APPDATA%\*.exe /s >

[2012.02.15 01:03:14 | 024,246,216 | ---- | M] (Dropbox, Inc.) -- C:\Users\*\AppData\Roaming\Dropbox\bin\Dropbox.exe

[2012.02.15 01:03:44 | 000,174,752 | ---- | M] (Dropbox, Inc.) -- C:\Users\*\AppData\Roaming\Dropbox\bin\Uninstall.exe

[2008.05.04 16:02:26 | 004,603,904 | ---- | M] () -- C:\Users\*\AppData\Roaming\U3\087762189640D884\LaunchPad.exe

[2007.10.23 09:27:20 | 000,110,592 | ---- | M] () -- C:\Users\*\AppData\Roaming\U3\temp\cleanup.exe

[2008.05.02 10:41:48 | 003,493,888 | -H-- | M] (SanDisk Corporation) -- C:\Users\*\AppData\Roaming\U3\temp\Launchpad Removal.exe

 
 < %SYSTEMDRIVE%\*.exe >

 
 < MD5 for: AGP440.SYS  >

[2008.01.19 09:42:25 | 000,056,376 | ---- | M] (Microsoft Corporation) MD5=13F9E33747E6B41A3FF305C37DB0D360 -- C:\Windows\SoftwareDistribution\Download\df81987ce1972154ab659b2f560f1610\x86_machine.inf_31bf3856ad364e35_6.0.6001.18000_none_ba12ed3bbeb0d97a\AGP440.sys

[2008.04.16 02:43:34 | 000,053,864 | ---- | M] (Microsoft Corporation) MD5=313FF294978EA6AF715722D708FB249F -- C:\Windows\winsxs\x86_machine.inf_31bf3856ad364e35_6.0.6000.20494_none_b858f78adaed51b3\AGP440.sys

[2008.04.16 02:45:08 | 000,053,864 | ---- | M] (Microsoft Corporation) MD5=8B10CE1C1F9F1D47E4DEB1A547A00CD4 -- C:\Windows\System32\DriverStore\FileRepository\machine.inf_8ed06b47\AGP440.sys

[2008.04.16 02:45:08 | 000,053,864 | ---- | M] (Microsoft Corporation) MD5=8B10CE1C1F9F1D47E4DEB1A547A00CD4 -- C:\Windows\winsxs\x86_machine.inf_31bf3856ad364e35_6.0.6000.16400_none_b82caac9c18a4e3b\AGP440.sys

[2008.04.16 02:45:07 | 000,053,864 | ---- | M] (Microsoft Corporation) MD5=BF34B4A0E0B64440C5389AA6B902F4AD -- C:\Windows\winsxs\x86_machine.inf_31bf3856ad364e35_6.0.6000.20496_none_b85af81edaeb8461\AGP440.sys

[2008.04.16 02:43:35 | 000,053,864 | ---- | M] (Microsoft Corporation) MD5=CE71AFD6738AA025D742CDBCFBDC8B9C -- C:\Windows\System32\DriverStore\FileRepository\machine.inf_f2490cb0\AGP440.sys

[2008.04.16 02:43:35 | 000,053,864 | ---- | M] (Microsoft Corporation) MD5=CE71AFD6738AA025D742CDBCFBDC8B9C -- C:\Windows\winsxs\x86_machine.inf_31bf3856ad364e35_6.0.6000.16399_none_b7d45c31c1cb309c\AGP440.sys

[2006.11.02 11:49:52 | 000,053,864 | ---- | M] (Microsoft Corporation) MD5=EF23439CDD587F64C2C1B8825CEAD7D8 -- C:\Windows\System32\drivers\AGP440.sys

[2006.11.02 11:49:52 | 000,053,864 | ---- | M] (Microsoft Corporation) MD5=EF23439CDD587F64C2C1B8825CEAD7D8 -- C:\Windows\System32\DriverStore\FileRepository\machine.inf_920a2c1f\AGP440.sys

 
 < MD5 for: ATAPI.SYS  >

[2008.01.19 09:41:30 | 000,021,560 | ---- | M] (Microsoft Corporation) MD5=2D9C903DC76A66813D350A562DE40ED9 -- C:\Windows\SoftwareDistribution\Download\df81987ce1972154ab659b2f560f1610\x86_mshdc.inf_31bf3856ad364e35_6.0.6001.18000_none_dd38281a2189ce9c\atapi.sys

[2006.11.02 11:49:36 | 000,019,048 | ---- | M] (Microsoft Corporation) MD5=4F4FCB8B6EA06784FB6D475B7EC7300F -- C:\Windows\System32\DriverStore\FileRepository\mshdc.inf_c6c2e699\atapi.sys

[2008.04.16 03:05:39 | 000,021,688 | ---- | M] (Microsoft Corporation) MD5=78620BDA3EC87816E5D1FA86F920BC3A -- C:\Windows\System32\DriverStore\FileRepository\mshdc.inf_c2a1b5ae\atapi.sys

[2008.04.16 03:05:39 | 000,021,688 | ---- | M] (Microsoft Corporation) MD5=78620BDA3EC87816E5D1FA86F920BC3A -- C:\Windows\winsxs\x86_mshdc.inf_31bf3856ad364e35_6.0.6000.20518_none_dbd8b4d73d81c9d0\atapi.sys

[2008.04.16 02:23:50 | 000,021,560 | ---- | M] (Microsoft Corporation) MD5=B35CFCEF838382AB6490B321C87EDF17 -- C:\Windows\System32\DriverStore\FileRepository\mshdc.inf_7de13c21\atapi.sys

[2008.04.16 02:23:50 | 000,021,560 | ---- | M] (Microsoft Corporation) MD5=B35CFCEF838382AB6490B321C87EDF17 -- C:\Windows\winsxs\x86_mshdc.inf_31bf3856ad364e35_6.0.6000.16632_none_db337a442479c42c\atapi.sys

[2008.04.16 02:23:49 | 000,021,560 | ---- | M] (Microsoft Corporation) MD5=E03E8C99D15D0381E02743C36AFC7C6F -- C:\Windows\System32\drivers\atapi.sys

[2008.04.16 02:23:49 | 000,021,560 | ---- | M] (Microsoft Corporation) MD5=E03E8C99D15D0381E02743C36AFC7C6F -- C:\Windows\System32\DriverStore\FileRepository\mshdc.inf_64dfd8ea\atapi.sys

[2008.04.16 02:23:49 | 000,021,560 | ---- | M] (Microsoft Corporation) MD5=E03E8C99D15D0381E02743C36AFC7C6F -- C:\Windows\winsxs\x86_mshdc.inf_31bf3856ad364e35_6.0.6000.20757_none_dbac78a93da31a8b\atapi.sys

 
 < MD5 for: CNGAUDIT.DLL  >

[2006.11.02 11:46:03 | 000,011,776 | ---- | M] (Microsoft Corporation) MD5=7F15B4953378C8B5161D65C26D5FED4D -- C:\Windows\System32\cngaudit.dll

[2006.11.02 11:46:03 | 000,011,776 | ---- | M] (Microsoft Corporation) MD5=7F15B4953378C8B5161D65C26D5FED4D -- C:\Windows\winsxs\x86_microsoft-windows-cngaudit-dll_31bf3856ad364e35_6.0.6000.16386_none_e62d292932a96ce6\cngaudit.dll

 
 < MD5 for: EVENTLOG.DLL  >

[2009.12.20 01:00:00 | 000,037,520 | ---- | M] (perl.org) MD5=2852D57385C4709EAAE2F9DB01AD3672 -- C:\xampp\perl\site\lib\auto\Win32\EventLog\EventLog.dll

 
 < MD5 for: IASTORV.SYS  >

[2008.01.19 09:42:51 | 000,235,064 | ---- | M] (Intel Corporation) MD5=54155EA1B0DF185878E0FC9EC3AC3A14 -- C:\Windows\SoftwareDistribution\Download\df81987ce1972154ab659b2f560f1610\x86_iastorv.inf_31bf3856ad364e35_6.0.6001.18000_none_af11527887c7fa8f\iaStorV.sys

[2006.11.02 11:51:25 | 000,232,040 | ---- | M] (Intel Corporation) MD5=C957BF4B5D80B46C5017BF0101E6C906 -- C:\Windows\System32\drivers\iaStorV.sys

[2006.11.02 11:51:25 | 000,232,040 | ---- | M] (Intel Corporation) MD5=C957BF4B5D80B46C5017BF0101E6C906 -- C:\Windows\System32\DriverStore\FileRepository\iastorv.inf_37cdafa4\iaStorV.sys

 
 < MD5 for: NETLOGON.DLL  >

[2006.11.02 11:46:11 | 000,559,616 | ---- | M] (Microsoft Corporation) MD5=889A2C9F2AACCD8F64EF50AC0B3D553B -- C:\Windows\System32\netlogon.dll

[2006.11.02 11:46:11 | 000,559,616 | ---- | M] (Microsoft Corporation) MD5=889A2C9F2AACCD8F64EF50AC0B3D553B -- C:\Windows\winsxs\x86_microsoft-windows-security-netlogon_31bf3856ad364e35_6.0.6000.16386_none_fb80f5473b0ed783\netlogon.dll

[2008.01.19 09:35:36 | 000,592,384 | ---- | M] (Microsoft Corporation) MD5=A8EFC0B6E75B789F7FD3BA5025D4E37F -- C:\Windows\SoftwareDistribution\Download\df81987ce1972154ab659b2f560f1610\x86_microsoft-windows-security-netlogon_31bf3856ad364e35_6.0.6001.18000_none_fdb7b74337f9e857\netlogon.dll

 
 < MD5 for: NVSTOR.SYS  >

[2006.11.02 11:50:13 | 000,040,040 | ---- | M] (NVIDIA Corporation) MD5=9E0BA19A28C498A6D323D065DB76DFFC -- C:\Windows\System32\drivers\nvstor.sys

[2006.11.02 11:50:13 | 000,040,040 | ---- | M] (NVIDIA Corporation) MD5=9E0BA19A28C498A6D323D065DB76DFFC -- C:\Windows\System32\DriverStore\FileRepository\nvraid.inf_733654ff\nvstor.sys

[2008.01.19 09:42:09 | 000,045,112 | ---- | M] (NVIDIA Corporation) MD5=ABED0C09758D1D97DB0042DBB2688177 -- C:\Windows\SoftwareDistribution\Download\df81987ce1972154ab659b2f560f1610\x86_nvraid.inf_31bf3856ad364e35_6.0.6001.18000_none_39dac327befea467\nvstor.sys

 
 < MD5 for: SCECLI.DLL  >

[2008.01.19 09:36:19 | 000,177,152 | ---- | M] (Microsoft Corporation) MD5=28B84EB538F7E8A0FE8B9299D591E0B9 -- C:\Windows\SoftwareDistribution\Download\df81987ce1972154ab659b2f560f1610\x86_microsoft-windows-s..urationengineclient_31bf3856ad364e35_6.0.6001.18000_none_380de25bd91b6f12\scecli.dll

[2006.11.02 11:46:12 | 000,176,640 | ---- | M] (Microsoft Corporation) MD5=80E2839D05CA5970A86D7BE2A08BFF61 -- C:\Windows\System32\scecli.dll

[2006.11.02 11:46:12 | 000,176,640 | ---- | M] (Microsoft Corporation) MD5=80E2839D05CA5970A86D7BE2A08BFF61 -- C:\Windows\winsxs\x86_microsoft-windows-s..urationengineclient_31bf3856ad364e35_6.0.6000.16386_none_35d7205fdc305e3e\scecli.dll

 
 < MD5 for: USER32.DLL  >

[2008.04.16 01:47:00 | 000,633,856 | ---- | M] (Microsoft Corporation) MD5=9D9F061EDA75425FC67F0365E3467C86 -- C:\Windows\winsxs\x86_microsoft-windows-user32_31bf3856ad364e35_6.0.6000.20537_none_cbc258dc896598f1\user32.dll

[2008.01.19 09:36:46 | 000,627,200 | ---- | M] (Microsoft Corporation) MD5=B974D9F06DC7D1908E825DC201681269 -- C:\Windows\SoftwareDistribution\Download\df81987ce1972154ab659b2f560f1610\x86_microsoft-windows-user32_31bf3856ad364e35_6.0.6001.18000_none_cd386c416d5c7f32\user32.dll

[2006.11.02 11:46:13 | 000,633,856 | ---- | M] (Microsoft Corporation) MD5=E698A5437B89A285ACA3FF022356810A -- C:\Windows\winsxs\x86_microsoft-windows-user32_31bf3856ad364e35_6.0.6000.16386_none_cb01aa4570716e5e\user32.dll

[2008.04.16 01:47:00 | 000,633,856 | ---- | M] (Microsoft Corporation) Unable to obtain MD5 -- C:\Windows\System32\user32.dll

[2008.04.16 01:47:00 | 000,633,856 | ---- | M] (Microsoft Corporation) Unable to obtain MD5 -- C:\Windows\winsxs\x86_microsoft-windows-user32_31bf3856ad364e35_6.0.6000.16438_none_cb39bc5b7047127e\user32.dll

 
 < MD5 for: USERINIT.EXE  >

[2008.01.19 09:33:33 | 000,025,088 | ---- | M] (Microsoft Corporation) MD5=0E135526E9785D085BCD9AEDE6FBCBF9 -- C:\Windows\SoftwareDistribution\Download\df81987ce1972154ab659b2f560f1610\x86_microsoft-windows-userinit_31bf3856ad364e35_6.0.6001.18000_none_dc28ba15d1aff80b\userinit.exe

[2006.11.02 11:45:50 | 000,024,576 | ---- | M] (Microsoft Corporation) MD5=22027835939F86C3E47AD8E3FBDE3D11 -- C:\Windows\System32\userinit.exe

[2006.11.02 11:45:50 | 000,024,576 | ---- | M] (Microsoft Corporation) MD5=22027835939F86C3E47AD8E3FBDE3D11 -- C:\Windows\winsxs\x86_microsoft-windows-userinit_31bf3856ad364e35_6.0.6000.16386_none_d9f1f819d4c4e737\userinit.exe

 
 < MD5 for: VIAMRAID.SYS  >

[2006.03.06 12:45:10 | 000,060,928 | R--- | M] (VIA Technologies inc,.ltd) MD5=0363E216E4EB5052969C96608934DBDE -- C:\router arcor dsl\VIAHYPERION\VIA_HyperionPro_V5.00A.0\DrvDisk\i386\NT5\viamraid.sys

[2006.03.06 12:45:12 | 000,060,928 | R--- | M] (VIA Technologies inc,.ltd) MD5=0363E216E4EB5052969C96608934DBDE -- C:\router arcor dsl\VIAHYPERION\VIA_HyperionPro_V5.00A.0\VIARaid\driver\Winxp\viamraid.sys

[2006.03.06 12:45:10 | 000,067,664 | R--- | M] (VIA Technologies inc,.ltd) MD5=26583CDFF008A60FAE217400FF342DB4 -- C:\router arcor dsl\VIAHYPERION\VIA_HyperionPro_V5.00A.0\DrvDisk\i386\NT4\viamraid.sys

[2006.03.06 12:45:12 | 000,067,664 | R--- | M] (VIA Technologies inc,.ltd) MD5=26583CDFF008A60FAE217400FF342DB4 -- C:\router arcor dsl\VIAHYPERION\VIA_HyperionPro_V5.00A.0\VIARaid\driver\Winnt40\viamraid.sys

 
 < MD5 for: WININIT.EXE  >

[2008.01.19 09:33:37 | 000,096,768 | ---- | M] (Microsoft Corporation) MD5=101BA3EA053480BB5D957EF37C06B5ED -- C:\Windows\SoftwareDistribution\Download\df81987ce1972154ab659b2f560f1610\x86_microsoft-windows-wininit_31bf3856ad364e35_6.0.6001.18000_none_30f2b8cf0450a6a2\wininit.exe

[2006.11.02 11:45:57 | 000,095,744 | ---- | M] (Microsoft Corporation) MD5=D4385B03E8CCCEE6F0EE249F827C1F3E -- C:\Windows\System32\wininit.exe

[2006.11.02 11:45:57 | 000,095,744 | ---- | M] (Microsoft Corporation) MD5=D4385B03E8CCCEE6F0EE249F827C1F3E -- C:\Windows\winsxs\x86_microsoft-windows-wininit_31bf3856ad364e35_6.0.6000.16386_none_2ebbf6d3076595ce\wininit.exe

 
 < MD5 for: WINLOGON.EXE  >

[2012.01.13 15:53:20 | 000,182,856 | ---- | M] () MD5=63EEC8A8B221AB79045E776E5F592868 -- C:\Program Files\Malwarebytes' Anti-Malware\Chameleon\winlogon.exe

[2006.11.02 11:45:57 | 000,308,224 | ---- | M] (Microsoft Corporation) MD5=9F75392B9128A91ABAFB044EA350BAAD -- C:\Windows\System32\winlogon.exe

[2006.11.02 11:45:57 | 000,308,224 | ---- | M] (Microsoft Corporation) MD5=9F75392B9128A91ABAFB044EA350BAAD -- C:\Windows\winsxs\x86_microsoft-windows-winlogon_31bf3856ad364e35_6.0.6000.16386_none_6d8c3f1ad8066b21\winlogon.exe

[2008.01.19 09:33:37 | 000,314,880 | ---- | M] (Microsoft Corporation) MD5=C2610B6BDBEFC053BBDAB4F1B965CB24 -- C:\Windows\SoftwareDistribution\Download\df81987ce1972154ab659b2f560f1610\x86_microsoft-windows-winlogon_31bf3856ad364e35_6.0.6001.18000_none_6fc30116d4f17bf5\winlogon.exe

 
 < MD5 for: WS2IFSL.SYS  >

[2006.11.02 10:58:26 | 000,015,872 | ---- | M] (Microsoft Corporation) MD5=84620AECDCFD2A7A14E6263927D8C0ED -- C:\Windows\System32\drivers\ws2ifsl.sys

[2006.11.02 10:58:26 | 000,015,872 | ---- | M] (Microsoft Corporation) MD5=84620AECDCFD2A7A14E6263927D8C0ED -- C:\Windows\winsxs\x86_microsoft-windows-w..rastructure-ws2ifsl_31bf3856ad364e35_6.0.6000.16386_none_4d4fded8cae2956d\ws2ifsl.sys

[2008.01.19 07:56:49 | 000,015,872 | ---- | M] (Microsoft Corporation) MD5=E3A3CB253C0EC2494D4A61F5E43A389C -- C:\Windows\SoftwareDistribution\Download\df81987ce1972154ab659b2f560f1610\x86_microsoft-windows-w..rastructure-ws2ifsl_31bf3856ad364e35_6.0.6001.18000_none_4f86a0d4c7cda641\ws2ifsl.sys

 
 < %systemroot%\system32\drivers\*.sys /lockedfiles >

[2009.12.09 16:55:44 | 000,691,696 | ---- | M] () Unable to obtain MD5 -- C:\Windows\system32\drivers\sptd.sys

 
 < %systemroot%\System32\config\*.sav >

[2006.11.02 12:34:05 | 000,008,192 | ---- | M] () -- C:\Windows\System32\config\COMPONENTS.SAV

[2006.11.02 12:34:05 | 000,020,480 | ---- | M] () -- C:\Windows\System32\config\DEFAULT.SAV

[2006.11.02 12:34:05 | 000,008,192 | ---- | M] () -- C:\Windows\System32\config\SECURITY.SAV

[2006.11.02 12:34:08 | 010,133,504 | ---- | M] () -- C:\Windows\System32\config\SOFTWARE.SAV

[2006.11.02 12:34:08 | 001,826,816 | ---- | M] () -- C:\Windows\System32\config\SYSTEM.SAV

 
 < %systemroot%\*. /mp /s >

 
 < %systemroot%\system32\*.dll /lockedfiles >

[2008.03.18 15:05:02 | 000,372,736 | ---- | M] (Advanced Micro Devices, Inc.) Unable to obtain MD5 -- C:\Windows\system32\ATIDEMGX.dll

[2010.03.09 18:49:34 | 000,347,136 | ---- | M] (Microsoft Corporation) Unable to obtain MD5 -- C:\Windows\system32\dxtmsft.dll

[2010.03.09 18:49:34 | 000,214,528 | ---- | M] (Microsoft Corporation) Unable to obtain MD5 -- C:\Windows\system32\dxtrans.dll

[2008.04.16 01:51:41 | 000,392,192 | ---- | M] (Microsoft Corporation) Unable to obtain MD5 -- C:\Windows\system32\FirewallAPI.dll
 

< End of report >

--- --- ---

Ich hoffe das passt so!
Vieeeeelen Dank!

Zitat:

Windows Vista Home Premium Edition (Version = 6.0.6000) - Type = NTWorkstation
Internet Explorer (Version = 7.0.6000.17037)

Wieso hat dien Vista eigentlich offensichtlich kein einziges Update gesehen? :balla:
Keine Spur vom SP2, nichtmal SP1 und sogar der IE7 ist in der uralten Version 7 noch drauf!
Warum hast du das System so vernachlässigt?
Die Updates müssen später (nicht jetzt) unbedingt eingespielt werden!

Ich weiß, dass ich da nachlässig war - aber ich finde, ich habe meine Strafe hiermit bekommen!
Kann ich noch irgendetwas machen?

Mach einen OTL-Fix, beende alle evtl. geöffneten Programme, auch Virenscanner deaktivieren (!), starte OTL und kopiere folgenden Text in die "Custom Scan/Fixes" Box (unten in OTL): (das ":OTL" muss mitkopiert werden!!!)

Hinweis: Falls Du Deinen Benutzernamen unkenntlich gemacht hast, musst Du das Ausgesternte in Deinen richtigen Benutzernamen wieder verwandeln, sonst funktioniert das Script nicht!!

Code:

:OTL

F3 - HKU\S-1-5-21-2695662200-722587133-2900711219-1003 WinNT: Load - (C:\Users\jess\LOCALS~1\Temp\mssxkoiuu.pif) -  File not found

O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: NoHotStart = 0

O32 - HKLM CDRom: AutoRun - 1

O32 - AutoRun File - [2006.09.18 23:43:36 | 000,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ]

O33 - MountPoints2\{673e6cfe-29ff-11de-8d2f-0013779d79c3}\Shell\AutoRun\command - "" = H:\START.exe

O33 - MountPoints2\{77e039ad-eb5a-11df-989f-0013779d79c3}\Shell - "" = AutoRun

O33 - MountPoints2\{77e039ad-eb5a-11df-989f-0013779d79c3}\Shell\AutoRun\command - "" = I:\Startme.exe

O33 - MountPoints2\{8ce13330-463f-11df-bc61-0013779d79c3}\Shell - "" = AutoRun

O33 - MountPoints2\{8ce13330-463f-11df-bc61-0013779d79c3}\Shell\AutoRun\command - "" = I:\LaunchU3.exe -a

[2010.09.07 23:25:29 | 000,000,000 | ---D | M] -- C:\Users\*\AppData\Roaming\696737317CB889FB6A28F6275874920D

:Commands

[purity]

[resethosts]

Klick dann oben links auf den Button Fix!
Das Logfile müsste geöffnet werden, wenn Du nach dem Fixen auf ok klickst, poste das bitte. Evtl. wird der Rechner neu gestartet.

Die mit diesem Script gefixten Einträge, Dateien und Ordner werden zur Sicherheit nicht vollständig gelöscht, es wird eine Sicherheitskopie auf der Systempartition im Ordner "_OTL" erstellt.

Hinweis: Das obige Script ist nur für diesen einen User in dieser Situtation erstellt worden. Es ist auf keinen anderen Rechner portierbar und darf nicht anderweitig verwandt werden, da es das System nachhaltig schädigen kann!

Wow - das ging schneller als gedacht(höchstens 2 Sekunden)
"Deleted successfully" lese ich sehr gerne(v.a. bei diesem mssxkoiuu.pif-da kam nach dem Hochfahren immer eine Fehlermeldung)
Aber"not found"? Was ist mit denen?

Code:

========== OTL ==========

Registry value HKEY_USERS\S-1-5-21-2695662200-722587133-2900711219-1003\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows\\Load:C:\Users\*\LOCALS~1\Temp\mssxkoiuu.pif deleted successfully.

Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\\NoHotStart deleted successfully.

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Cdrom\\AutoRun|DWORD:1 /E : value set successfully!

C:\autoexec.bat moved successfully.

Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{673e6cfe-29ff-11de-8d2f-0013779d79c3}\ deleted successfully.

Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{673e6cfe-29ff-11de-8d2f-0013779d79c3}\ not found.

File H:\START.exe not found.

Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{77e039ad-eb5a-11df-989f-0013779d79c3}\ deleted successfully.

Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{77e039ad-eb5a-11df-989f-0013779d79c3}\ not found.

Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{77e039ad-eb5a-11df-989f-0013779d79c3}\ not found.

Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{77e039ad-eb5a-11df-989f-0013779d79c3}\ not found.

File I:\Startme.exe not found.

Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{8ce13330-463f-11df-bc61-0013779d79c3}\ deleted successfully.

Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{8ce13330-463f-11df-bc61-0013779d79c3}\ not found.

Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{8ce13330-463f-11df-bc61-0013779d79c3}\ not found.

Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{8ce13330-463f-11df-bc61-0013779d79c3}\ not found.

File I:\LaunchU3.exe -a not found.

C:\Users\*\AppData\Roaming\696737317CB889FB6A28F6275874920D folder moved successfully.

========== COMMANDS ==========

C:\Windows\System32\drivers\etc\Hosts moved successfully.

HOSTS file reset successfully

 

OTL by OldTimer - Version 3.2.39.2 log created on 03282012_215547

Ja was heißt wohl "not found" :pfeiff:

Bitte nun (im normalen Windows-Modus) dieses Tool von Kaspersky (TDSS-Killer) ausführen und das Log posten => http://www.trojaner-board.de/82358-t...entfernen.html

Hinweis: Bitte den Virenscanner abstellen bevor du den TDSS-Killer ausführst, denn v.a. Avira meldet im TDSS-Tool oft einen Fehalalrm!

Das Tool so einstellen wie unten im Bild angegeben - klick auf change parameters und setze die Haken wie im folgenden Screenshot abgebildet,
Dann auf Start Scan klicken und wenn es durch ist auf den Button Report klicken um das Log anzuzeigen. Dieses bitte komplett posten.
Wenn du das Log nicht findest oder den Inhalt kopieren und in dein Posting übertragen kannst, dann schau bitte direkt auf deiner Windows-Systempartition (meistens Laufwerk C:) nach, da speichert der TDSS-Killer seine Logs.

Hinweis: Bitte nichts voreilig mit dem TDSS-Killer löschen! Falls Objekte vom TDSS-Killer bemängelt werden, alle mit der Aktion "skip" behandeln und hier nur das Log posten!

http://saved.im/mtkwmtcxexhp/setting...8_16-25-18.jpg

Nur weil ich hier Hilfe suche, bin ich nicht dumm - natürlich ist mir klar, was "not found" heißt. Ich wollte nur wissen, was nicht gefunden werden konnte&was das bedeutet.

Code:

14:03:15.0792 5848        TDSS rootkit removing tool 2.7.23.0 Mar 26 2012 13:40:18

14:03:17.0305 5848        ============================================================

14:03:17.0305 5848        Current date / time: 2012/03/29 14:03:17.0305

14:03:17.0305 5848        SystemInfo:

14:03:17.0305 5848        

14:03:17.0305 5848        OS Version: 6.0.6000 ServicePack: 0.0

14:03:17.0305 5848        Product type: Workstation

14:03:17.0305 5848        ComputerName: *

14:03:17.0305 5848        UserName: *

14:03:17.0305 5848        Windows directory: C:\Windows

14:03:17.0305 5848        System windows directory: C:\Windows

14:03:17.0305 5848        Processor architecture: Intel x86

14:03:17.0305 5848        Number of processors: 2

14:03:17.0305 5848        Page size: 0x1000

14:03:17.0305 5848        Boot type: Normal boot

14:03:17.0305 5848        ============================================================

14:03:18.0615 5848        Drive \Device\Harddisk0\DR0 - Size: 0x4A85D56000 (298.09 Gb), SectorSize: 0x200, Cylinders: 0x9801, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000050

14:03:18.0615 5848        \Device\Harddisk0\DR0:

14:03:18.0615 5848        MBR used

14:03:18.0615 5848        \Device\Harddisk0\DR0\Partition0: MBR, Type 0x7, StartLBA 0x1400800, BlocksNum 0x1202E000

14:03:18.0615 5848        \Device\Harddisk0\DR0\Partition1: MBR, Type 0x7, StartLBA 0x1342E800, BlocksNum 0x11FFF800

14:03:18.0709 5848        Initialize success

14:03:18.0709 5848        ============================================================

14:03:34.0169 4404        ============================================================

14:03:34.0169 4404        Scan started

14:03:34.0169 4404        Mode: Manual; SigCheck; TDLFS; 

14:03:34.0169 4404        ============================================================

14:03:34.0886 4404        ACPI            (84fc6df81212d16be5c4f441682feccc) C:\Windows\system32\drivers\acpi.sys

14:03:35.0120 4404        ACPI - ok

14:03:35.0214 4404        adp94xx         (2edc5bbac6c651ece337bde8ed97c9fb) C:\Windows\system32\drivers\adp94xx.sys

14:03:35.0261 4404        adp94xx - ok

14:03:35.0323 4404        adpahci         (b84088ca3cdca97da44a984c6ce1ccad) C:\Windows\system32\drivers\adpahci.sys

14:03:35.0370 4404        adpahci - ok

14:03:35.0448 4404        adpu160m        (7880c67bccc27c86fd05aa2afb5ea469) C:\Windows\system32\drivers\adpu160m.sys

14:03:35.0479 4404        adpu160m - ok

14:03:35.0526 4404        adpu320         (9ae713f8e30efc2abccd84904333df4d) C:\Windows\system32\drivers\adpu320.sys

14:03:35.0541 4404        adpu320 - ok

14:03:35.0604 4404        AeLookupSvc     (9d1fda9e086ba64e3c93c9de32461bcf) C:\Windows\System32\aelupsvc.dll

14:03:35.0775 4404        AeLookupSvc - ok

14:03:35.0885 4404        AFD             (5d24caf8efd924a875698ff28384db8b) C:\Windows\system32\drivers\afd.sys

14:03:36.0009 4404        AFD - ok

14:03:36.0087 4404        AgereSoftModem  (ce91b158fa490cf4c4d487a4130f4660) C:\Windows\system32\DRIVERS\AGRSM.sys

14:03:36.0243 4404        AgereSoftModem - ok

14:03:36.0353 4404        agp440          (ef23439cdd587f64c2c1b8825cead7d8) C:\Windows\system32\drivers\agp440.sys

14:03:36.0384 4404        agp440 - ok

14:03:36.0431 4404        aic78xx         (ae1fdf7bf7bb6c6a70f67699d880592a) C:\Windows\system32\drivers\djsvs.sys

14:03:36.0462 4404        aic78xx - ok

14:03:36.0509 4404        ALG             (e69fb0e3112c40fdc0ef7d21a52dc951) C:\Windows\System32\alg.exe

14:03:36.0555 4404        ALG - ok

14:03:36.0665 4404        aliide          (90395b64600ebb4552e26e178c94b2e4) C:\Windows\system32\drivers\aliide.sys

14:03:36.0680 4404        aliide - ok

14:03:36.0727 4404        amdagp          (2b13e304c9dfdfa5eb582f6a149fa2c7) C:\Windows\system32\drivers\amdagp.sys

14:03:36.0743 4404        amdagp - ok

14:03:36.0774 4404        amdide          (0577df1d323fe75a739c787893d300ea) C:\Windows\system32\drivers\amdide.sys

14:03:36.0789 4404        amdide - ok

14:03:36.0836 4404        AmdK7           (dc487885bcef9f28eece6fac0e5ddfc5) C:\Windows\system32\drivers\amdk7.sys

14:03:36.0945 4404        AmdK7 - ok

14:03:37.0039 4404        AmdK8           (0ca0071da4315b00fc1328ca86b425da) C:\Windows\system32\drivers\amdk8.sys

14:03:37.0148 4404        AmdK8 - ok

14:03:37.0257 4404        AntiVirSchedulerService (a122d68ea2541453f787f341877cb40b) C:\Program Files\Avira\AntiVir Desktop\sched.exe

14:03:37.0273 4404        AntiVirSchedulerService - ok

14:03:37.0320 4404        AntiVirService  (2fe359edeb34efcf42574752f8aebd3f) C:\Program Files\Avira\AntiVir Desktop\avguard.exe

14:03:37.0335 4404        AntiVirService - ok

14:03:37.0445 4404        Appinfo         (cfa455816879f06f1c4e5bbf9e8aef7d) C:\Windows\System32\appinfo.dll

14:03:37.0569 4404        Appinfo - ok

14:03:37.0647 4404        Apple Mobile Device (20f6f19fe9e753f2780dc2fa083ad597) C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe

14:03:37.0663 4404        Apple Mobile Device - ok

14:03:37.0741 4404        arc             (5f673180268bb1fdb69c99b6619fe379) C:\Windows\system32\drivers\arc.sys

14:03:37.0772 4404        arc - ok

14:03:37.0850 4404        arcsas          (957f7540b5e7f602e44648c7de5a1c05) C:\Windows\system32\drivers\arcsas.sys

14:03:37.0866 4404        arcsas - ok

14:03:37.0913 4404        AsyncMac        (e86cf7ce67d5de898f27ef884dc357d8) C:\Windows\system32\DRIVERS\asyncmac.sys

14:03:38.0037 4404        AsyncMac - ok

14:03:38.0131 4404        atapi           (e03e8c99d15d0381e02743c36afc7c6f) C:\Windows\system32\drivers\atapi.sys

14:03:38.0147 4404        atapi - ok

14:03:38.0209 4404        athr            (91e15b0a1d6f7b99ace55d04c6d1544a) C:\Windows\system32\DRIVERS\athr.sys

14:03:38.0334 4404        athr - ok

14:03:38.0459 4404        Ati External Event Utility (a80ecb306802572fd2d6659da010b037) C:\Windows\system32\Ati2evxx.exe

14:03:38.0599 4404        Ati External Event Utility - ok

14:03:38.0786 4404        atikmdag        (976d32226fc4dd1187110b763f913a69) C:\Windows\system32\DRIVERS\atikmdag.sys

14:03:39.0036 4404        atikmdag - ok

14:03:39.0145 4404        AtiPcie         (4aa1eb65481c392955939e735d27118b) C:\Windows\system32\DRIVERS\AtiPcie.sys

14:03:39.0176 4404        AtiPcie - ok

14:03:39.0254 4404        AudioEndpointBuilder (e760fc1bd68f7f6f1b17eb4e8d9480b0) C:\Windows\System32\Audiosrv.dll

14:03:39.0410 4404        AudioEndpointBuilder - ok

14:03:39.0426 4404        Audiosrv        (e760fc1bd68f7f6f1b17eb4e8d9480b0) C:\Windows\System32\Audiosrv.dll

14:03:39.0582 4404        Audiosrv - ok

14:03:39.0707 4404        avgntflt        (7713e4eb0276702faa08e52a6e23f2a6) C:\Windows\system32\DRIVERS\avgntflt.sys

14:03:39.0785 4404        avgntflt - ok

14:03:39.0831 4404        avipbb          (13b02b9b969dde270cd7c351203dad3c) C:\Windows\system32\DRIVERS\avipbb.sys

14:03:39.0863 4404        avipbb - ok

14:03:39.0925 4404        avkmgr          (271cfd1a989209b1964e24d969552bf7) C:\Windows\system32\DRIVERS\avkmgr.sys

14:03:39.0941 4404        avkmgr - ok

14:03:40.0190 4404        BBSvc           (825f81a6f7dd073509db101f0ba6dc59) C:\Program Files\Microsoft\BingBar\BBSvc.EXE

14:03:40.0221 4404        BBSvc - ok

14:03:40.0284 4404        BcmSqlStartupSvc (6163664c7e9cd110af70180c126c3fdc) C:\Program Files\Microsoft Small Business\Business Contact Manager\BcmSqlStartupSvc.exe

14:03:40.0299 4404        BcmSqlStartupSvc - ok

14:03:40.0409 4404        Beep            (ac3dd1708b22761ebd7cbe14dcc3b5d7) C:\Windows\system32\drivers\Beep.sys

14:03:40.0533 4404        Beep - ok

14:03:40.0627 4404        BFE             (98ebdffb824a7c265337d68dd480e45c) C:\Windows\System32\bfe.dll

14:03:40.0736 4404        BFE - ok

14:03:40.0861 4404        BITS            (da551697e34d2b9943c8b1c8eaffe89a) C:\Windows\System32\qmgr.dll

14:03:40.0955 4404        BITS - ok

14:03:41.0001 4404        blbdrive - ok

14:03:41.0111 4404        Bonjour Service (f2060a34c8a75bc24a9222eb4f8c07bd) C:\Program Files\Bonjour\mDNSResponder.exe

14:03:41.0126 4404        Bonjour Service - ok

14:03:41.0173 4404        bowser          (913cd06fbe9105ce6077e90fd4418561) C:\Windows\system32\DRIVERS\bowser.sys

14:03:41.0282 4404        bowser - ok

14:03:41.0345 4404        BrFiltLo        (9f9acc7f7ccde8a15c282d3f88b43309) C:\Windows\system32\drivers\brfiltlo.sys

14:03:41.0438 4404        BrFiltLo - ok

14:03:41.0532 4404        BrFiltUp        (56801ad62213a41f6497f96dee83755a) C:\Windows\system32\drivers\brfiltup.sys

14:03:41.0610 4404        BrFiltUp - ok

14:03:41.0657 4404        Browser         (beb6470532b7461d7bb426e3facb424f) C:\Windows\System32\browser.dll

14:03:41.0781 4404        Browser - ok

14:03:41.0828 4404        Brserid         (b304e75cff293029eddf094246747113) C:\Windows\system32\drivers\brserid.sys

14:03:41.0937 4404        Brserid - ok

14:03:42.0047 4404        BrSerWdm        (203f0b1e73adadbbb7b7b1fabd901f6b) C:\Windows\system32\drivers\brserwdm.sys

14:03:42.0171 4404        BrSerWdm - ok

14:03:42.0265 4404        BrUsbMdm        (bd456606156ba17e60a04e18016ae54b) C:\Windows\system32\drivers\brusbmdm.sys

14:03:42.0390 4404        BrUsbMdm - ok

14:03:42.0515 4404        BrUsbSer        (af72ed54503f717a43268b3cc5faec2e) C:\Windows\system32\drivers\brusbser.sys

14:03:42.0639 4404        BrUsbSer - ok

14:03:42.0702 4404        BthEnum         (064fbc56921051de1075495d628b815f) C:\Windows\system32\DRIVERS\BthEnum.sys

14:03:42.0749 4404        BthEnum - ok

14:03:42.0873 4404        BTHMODEM        (ad07c1ec6665b8b35741ab91200c6b68) C:\Windows\system32\drivers\bthmodem.sys

14:03:43.0014 4404        BTHMODEM - ok

14:03:43.0076 4404        BthPan          (b8c3d9ddf85fd197c3e5f849fef71144) C:\Windows\system32\DRIVERS\bthpan.sys

14:03:43.0185 4404        BthPan - ok

14:03:43.0248 4404        BTHPORT         (b24757d9154cca035e1bbd3db92966d7) C:\Windows\system32\Drivers\BTHport.sys

14:03:43.0295 4404        BTHPORT - ok

14:03:43.0419 4404        BthServ         (58ee7f5e68310bc8d4e7cebd8358c12e) C:\Windows\System32\bthserv.dll

14:03:43.0513 4404        BthServ - ok

14:03:43.0622 4404        BTHUSB          (d42cf5f0c7635b3f1578810fe34d9e41) C:\Windows\system32\Drivers\BTHUSB.sys

14:03:43.0669 4404        BTHUSB - ok

14:03:43.0794 4404        btwaudio        (636f45a8500c1438cfa7dee15fc5c184) C:\Windows\system32\drivers\btwaudio.sys

14:03:43.0809 4404        btwaudio - ok

14:03:43.0841 4404        btwavdt         (bf9256ff01b093a5d90bb7a35ec90410) C:\Windows\system32\drivers\btwavdt.sys

14:03:43.0856 4404        btwavdt - ok

14:03:43.0997 4404        btwdins         (7fe64b44b0249a64597f5588bc2a09be) C:\Program Files\WIDCOMM\Bluetooth Software\bin\btwdins.exe

14:03:44.0043 4404        btwdins - ok

14:03:44.0153 4404        btwrchid        (0ab8c1ac177afb27309e1072faf34a37) C:\Windows\system32\DRIVERS\btwrchid.sys

14:03:44.0168 4404        btwrchid - ok

14:03:44.0231 4404        cdfs            (6c3a437fc873c6f6a4fc620b6888cb86) C:\Windows\system32\DRIVERS\cdfs.sys

14:03:44.0340 4404        cdfs - ok

14:03:44.0402 4404        cdrom           (8d1866e61af096ae8b582454f5e4d303) C:\Windows\system32\DRIVERS\cdrom.sys

14:03:44.0511 4404        cdrom - ok

14:03:44.0589 4404        CertPropSvc     (0600e04315fe543802a379d5d23c8be0) C:\Windows\System32\certprop.dll

14:03:44.0714 4404        CertPropSvc - ok

14:03:44.0792 4404        circlass        (da8e0afc7baa226c538ef53ac2f90897) C:\Windows\system32\drivers\circlass.sys

14:03:44.0901 4404        circlass - ok

14:03:44.0979 4404        CLFS            (1b84fd0937d3b99af9ba38ddff3daf54) C:\Windows\system32\CLFS.sys

14:03:45.0011 4404        CLFS - ok

14:03:45.0073 4404        clr_optimization_v2.0.50727_32 (d87acaed61e417bba546ced5e7e36d9c) C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe

14:03:45.0089 4404        clr_optimization_v2.0.50727_32 - ok

14:03:45.0213 4404        CmBatt          (ed97ad3df1b9005989eaf149bf06c821) C:\Windows\system32\DRIVERS\CmBatt.sys

14:03:45.0291 4404        CmBatt - ok

14:03:45.0338 4404        cmdide          (45201046c776ffdaf3fc8a0029c581c8) C:\Windows\system32\drivers\cmdide.sys

14:03:45.0369 4404        cmdide - ok

14:03:45.0401 4404        Compbatt        (722936afb75a7f509662b69b5632f48a) C:\Windows\system32\DRIVERS\compbatt.sys

14:03:45.0416 4404        Compbatt - ok

14:03:45.0447 4404        COMSysApp - ok

14:03:45.0525 4404        crcdisk         (2a213ae086bbec5e937553c7d9a2b22c) C:\Windows\system32\drivers\crcdisk.sys

14:03:45.0541 4404        crcdisk - ok

14:03:45.0588 4404        Crusoe          (22a7f883508176489f559ee745b5bf5d) C:\Windows\system32\drivers\crusoe.sys

14:03:45.0713 4404        Crusoe - ok

14:03:45.0775 4404        CryptSvc        (1c26fb097170a2a91066d1e3a24366e3) C:\Windows\system32\cryptsvc.dll

14:03:45.0900 4404        CryptSvc - ok

14:03:46.0009 4404        DcomLaunch      (7b981222a257d076885bffb66f19b7ce) C:\Windows\system32\rpcss.dll

14:03:46.0087 4404        DcomLaunch - ok

14:03:46.0134 4404        DfsC            (a7179de59ae269ab70345527894ccd7c) C:\Windows\system32\Drivers\dfsc.sys

14:03:46.0259 4404        DfsC - ok

14:03:46.0368 4404        DFSR            (e0d584aa76c7d845ba9f3a788260528f) C:\Windows\system32\DFSR.exe

14:03:46.0571 4404        DFSR - ok

14:03:46.0664 4404        Dhcp            (dc45739bc22d528d2b3e50d3f6761750) C:\Windows\System32\dhcpcsvc.dll

14:03:46.0727 4404        Dhcp - ok

14:03:46.0805 4404        disk            (841af4c4d41d3e3b2f244e976b0f7963) C:\Windows\system32\drivers\disk.sys

14:03:46.0836 4404        disk - ok

14:03:46.0883 4404        Dnscache        (eecba1dd142bf8693c476be8f32fe253) C:\Windows\System32\dnsrslvr.dll

14:03:46.0929 4404        Dnscache - ok

14:03:46.0992 4404        dot3svc         (1f795d214820e496bf1124434a6db546) C:\Windows\System32\dot3svc.dll

14:03:47.0101 4404        dot3svc - ok

14:03:47.0241 4404        dot4            (57b2d433a08b95e4f1b53a919937f3e5) C:\Windows\system32\DRIVERS\Dot4.sys

14:03:47.0366 4404        dot4 - ok

14:03:47.0413 4404        Dot4Print       (d93fa484bb62fbe7e5ef335c5415d3cf) C:\Windows\system32\DRIVERS\Dot4Prt.sys

14:03:47.0522 4404        Dot4Print - ok

14:03:47.0569 4404        dot4usb         (599742c4260fb3e8edb3be148b8ce856) C:\Windows\system32\DRIVERS\dot4usb.sys

14:03:47.0694 4404        dot4usb - ok

14:03:47.0756 4404        DPS             (032c90ad677bf7b7a8013d6087c7a921) C:\Windows\system32\dps.dll

14:03:47.0819 4404        DPS - ok

14:03:47.0897 4404        drmkaud         (ee472cd2c01f6f8e8aa1fa06ffef61b6) C:\Windows\system32\drivers\drmkaud.sys

14:03:48.0006 4404        drmkaud - ok

14:03:48.0099 4404        DXGKrnl         (334988883de69adb27e2cf9f9715bbdb) C:\Windows\System32\drivers\dxgkrnl.sys

14:03:48.0193 4404        DXGKrnl - ok

14:03:48.0240 4404        E1G60           (f88fb26547fd2ce6d0a5af2985892c48) C:\Windows\system32\DRIVERS\E1G60I32.sys

14:03:48.0349 4404        E1G60 - ok

14:03:48.0396 4404        EapHost         (90a0a875642e18618010645311b4e89e) C:\Windows\System32\eapsvc.dll

14:03:48.0505 4404        EapHost - ok

14:03:48.0630 4404        Ecache          (0efc7531b936ee57fdb4e837664c509f) C:\Windows\system32\drivers\ecache.sys

14:03:48.0645 4404        Ecache - ok

14:03:48.0692 4404        ehRecvr         (792f72e8b63df55ce98445d464874986) C:\Windows\ehome\ehRecvr.exe

14:03:48.0755 4404        ehRecvr - ok

14:03:48.0786 4404        ehSched         (ad1870c8e5d6dd340c829e6074bf3c3f) C:\Windows\ehome\ehsched.exe

14:03:48.0848 4404        ehSched - ok

14:03:48.0895 4404        ehstart         (c27c4ee8926e74aa72efcab24c5242c3) C:\Windows\ehome\ehstart.dll

14:03:48.0911 4404        ehstart - ok

14:03:49.0020 4404        elxstor         (e8f3f21a71720c84bcf423b80028359f) C:\Windows\system32\drivers\elxstor.sys

14:03:49.0051 4404        elxstor - ok

14:03:49.0113 4404        EMDMgmt         (3226fda08988526e819e364e8cce4cee) C:\Windows\system32\emdmgmt.dll

14:03:49.0207 4404        EMDMgmt - ok

14:03:49.0285 4404        EventSystem     (7b4971c3d43525175a4ea0d143e0412e) C:\Windows\system32\es.dll

14:03:49.0347 4404        EventSystem - ok

14:03:49.0425 4404        fastfat         (84a317cb0b3954d3768cdcd018dbf670) C:\Windows\system32\drivers\fastfat.sys

14:03:49.0550 4404        fastfat - ok

14:03:49.0597 4404        fdc             (63bdada84951b9c03e641800e176898a) C:\Windows\system32\DRIVERS\fdc.sys

14:03:49.0706 4404        fdc - ok

14:03:49.0769 4404        fdPHost         (e43bce1a77d6fd4ed5f8e0482b9e7df1) C:\Windows\system32\fdPHost.dll

14:03:49.0878 4404        fdPHost - ok

14:03:49.0940 4404        FDResPub        (89ed56dce8e47af40892778a5bd31fd2) C:\Windows\system32\fdrespub.dll

14:03:50.0049 4404        FDResPub - ok

14:03:50.0127 4404        FileInfo        (65773d6115c037ffd7ef8280ae85eb9d) C:\Windows\system32\drivers\fileinfo.sys

14:03:50.0143 4404        FileInfo - ok

14:03:50.0190 4404        Filetrace       (c226dd0de060745f3e042f58dcf78402) C:\Windows\system32\drivers\filetrace.sys

14:03:50.0299 4404        Filetrace - ok

14:03:50.0330 4404        flpydisk        (6603957eff5ec62d25075ea8ac27de68) C:\Windows\system32\DRIVERS\flpydisk.sys

14:03:50.0455 4404        flpydisk - ok

14:03:50.0517 4404        FltMgr          (a6a8da7ae4d53394ab22ac3ab6d3f5d3) C:\Windows\system32\drivers\fltmgr.sys

14:03:50.0549 4404        FltMgr - ok

14:03:50.0595 4404        FontCache3.0.0.0 (c9be08664611ddaf98e2331e9288b00b) C:\Windows\Microsoft.Net\Framework\v3.0\WPF\PresentationFontCache.exe

14:03:50.0627 4404        FontCache3.0.0.0 - ok

14:03:50.0673 4404        Fs_Rec          (66a078591208baa210c7634b11eb392c) C:\Windows\system32\drivers\Fs_Rec.sys

14:03:50.0720 4404        Fs_Rec - ok

14:03:50.0783 4404        gagp30kx        (4e1cd0a45c50a8882616cae5bf82f3c5) C:\Windows\system32\drivers\gagp30kx.sys

14:03:50.0798 4404        gagp30kx - ok

14:03:50.0907 4404        GEARAspiWDM     (8182ff89c65e4d38b2de4bb0fb18564e) C:\Windows\system32\DRIVERS\GEARAspiWDM.sys

14:03:50.0907 4404        GEARAspiWDM - ok

14:03:51.0001 4404        ggflt           (007aea2e06e7cef7372e40c277163959) C:\Windows\system32\DRIVERS\ggflt.sys

14:03:51.0017 4404        ggflt - ok

14:03:51.0048 4404        ggsemc          (c73de35960ca75c5ab4ae636b127c64e) C:\Windows\system32\DRIVERS\ggsemc.sys

14:03:51.0063 4404        ggsemc - ok

14:03:51.0157 4404        gpsvc           (bcf6589c42d8f6a20f33ef133ffe0524) C:\Windows\System32\gpsvc.dll

14:03:51.0282 4404        gpsvc - ok

14:03:51.0407 4404        gupdate         (f02a533f517eb38333cb12a9e8963773) C:\Program Files\Google\Update\GoogleUpdate.exe

14:03:51.0422 4404        gupdate - ok

14:03:51.0438 4404        gupdatem        (f02a533f517eb38333cb12a9e8963773) C:\Program Files\Google\Update\GoogleUpdate.exe

14:03:51.0469 4404        gupdatem - ok

14:03:51.0516 4404        gusvc           (c1b577b2169900f4cf7190c39f085794) C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe

14:03:51.0531 4404        gusvc - ok

14:03:51.0641 4404        HdAudAddService (cb04c744be0a61b1d648faed182c3b59) C:\Windows\system32\drivers\HdAudio.sys

14:03:51.0765 4404        HdAudAddService - ok

14:03:51.0828 4404        HDAudBus        (0db613a7e427b5663563677796fd5258) C:\Windows\system32\DRIVERS\HDAudBus.sys

14:03:51.0859 4404        HDAudBus - ok

14:03:51.0890 4404        HidBth          (1338520e78d90154ed6be8f84de5fceb) C:\Windows\system32\drivers\hidbth.sys

14:03:52.0015 4404        HidBth - ok

14:03:52.0124 4404        HidIr           (ff3160c3a2445128c5a6d9b076da519e) C:\Windows\system32\drivers\hidir.sys

14:03:52.0233 4404        HidIr - ok

14:03:52.0311 4404        hidserv         (8fa640195279ace21bea91396a0054fc) C:\Windows\system32\hidserv.dll

14:03:52.0421 4404        hidserv - ok

14:03:52.0499 4404        HidUsb          (01e7971e9f4bd6ac6a08db52d0ea0418) C:\Windows\system32\DRIVERS\hidusb.sys

14:03:52.0530 4404        HidUsb - ok

14:03:52.0592 4404        hkmsvc          (d40aa05e29bf6ed29b139f044b461e9b) C:\Windows\system32\kmsvc.dll

14:03:52.0717 4404        hkmsvc - ok

14:03:52.0779 4404        HpCISSs         (df353b401001246853763c4b7aaa6f50) C:\Windows\system32\drivers\hpcisss.sys

14:03:52.0795 4404        HpCISSs - ok

14:03:52.0857 4404        HTTP            (ea24fe637d974a8a31bc650f478e3533) C:\Windows\system32\drivers\HTTP.sys

14:03:52.0920 4404        HTTP - ok

14:03:52.0998 4404        i2omp           (324c2152ff2c61abae92d09f3cca4d63) C:\Windows\system32\drivers\i2omp.sys

14:03:53.0013 4404        i2omp - ok

14:03:53.0107 4404        i8042prt        (1c9ee072baa3abb460b91d7ee9152660) C:\Windows\system32\DRIVERS\i8042prt.sys

14:03:53.0154 4404        i8042prt - ok

14:03:53.0216 4404        iaStorV         (c957bf4b5d80b46c5017bf0101e6c906) C:\Windows\system32\drivers\iastorv.sys

14:03:53.0247 4404        iaStorV - ok

14:03:53.0341 4404        idsvc           (7b630acaed64fef0c3e1cf255cb56686) C:\Windows\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\infocard.exe

14:03:53.0450 4404        idsvc - ok

14:03:53.0544 4404        iirsp           (2d077bf86e843f901d8db709c95b49a5) C:\Windows\system32\drivers\iirsp.sys

14:03:53.0559 4404        iirsp - ok

14:03:53.0637 4404        IKEEXT          (35662fe4d8622f667aa5a5568f7f1b40) C:\Windows\System32\ikeext.dll

14:03:53.0793 4404        IKEEXT - ok

14:03:54.0105 4404        IntcAzAudAddService (7bd4e0428776d11c8e8e26f9f5508690) C:\Windows\system32\drivers\RTKVHDA.sys

14:03:54.0293 4404        IntcAzAudAddService - ok

14:03:54.0371 4404        intelide        (97469037714070e45194ed318d636401) C:\Windows\system32\drivers\intelide.sys

14:03:54.0402 4404        intelide - ok

14:03:54.0449 4404        intelppm        (ce44cc04262f28216dd4341e9e36a16f) C:\Windows\system32\DRIVERS\intelppm.sys

14:03:54.0573 4404        intelppm - ok

14:03:54.0620 4404        IPBusEnum       (88cf5281ed9880d74dc9011cf8b5262d) C:\Windows\system32\ipbusenum.dll

14:03:54.0729 4404        IPBusEnum - ok

14:03:54.0823 4404        IpFilterDriver  (880c6f86cc3f551b8fea2c11141268c0) C:\Windows\system32\DRIVERS\ipfltdrv.sys

14:03:54.0948 4404        IpFilterDriver - ok

14:03:55.0026 4404        iphlpsvc        (ecc9ad72cfc4ab41cf6a9bcc11f9fef6) C:\Windows\System32\iphlpsvc.dll

14:03:55.0057 4404        iphlpsvc - ok

14:03:55.0119 4404        IpInIp - ok

14:03:55.0166 4404        IPMIDRV         (40f34f8aba2a015d780e4b09138b6c17) C:\Windows\system32\drivers\ipmidrv.sys

14:03:55.0260 4404        IPMIDRV - ok

14:03:55.0338 4404        IPNAT           (10077c35845101548037df04fd1a420b) C:\Windows\system32\DRIVERS\ipnat.sys

14:03:55.0447 4404        IPNAT - ok

14:03:55.0556 4404        iPod Service    (b84a28b3984185eda8867541af14cddb) C:\Program Files\iPod\bin\iPodService.exe

14:03:55.0619 4404        iPod Service - ok

14:03:55.0697 4404        IRENUM          (a82f328f4792304184642d6d397bb1e3) C:\Windows\system32\drivers\irenum.sys

14:03:55.0806 4404        IRENUM - ok

14:03:55.0837 4404        isapnp          (350fca7e73cf65bcef43fae1e4e91293) C:\Windows\system32\drivers\isapnp.sys

14:03:55.0868 4404        isapnp - ok

14:03:55.0899 4404        iScsiPrt        (4dca456d4d5723f8fa9c6760d240b0df) C:\Windows\system32\DRIVERS\msiscsi.sys

14:03:55.0931 4404        iScsiPrt - ok

14:03:55.0977 4404        iteatapi        (bced60d16156e428f8df8cf27b0df150) C:\Windows\system32\drivers\iteatapi.sys

14:03:55.0993 4404        iteatapi - ok

14:03:56.0102 4404        iteraid         (06fa654504a498c30adca8bec4e87e7e) C:\Windows\system32\drivers\iteraid.sys

14:03:56.0133 4404        iteraid - ok

14:03:56.0180 4404        kbdclass        (b076b2ab806b3f696dab21375389101c) C:\Windows\system32\DRIVERS\kbdclass.sys

14:03:56.0211 4404        kbdclass - ok

14:03:56.0258 4404        kbdhid          (ed61dbc6603f612b7338283edbacbc4b) C:\Windows\system32\DRIVERS\kbdhid.sys

14:03:56.0289 4404        kbdhid - ok

14:03:56.0352 4404        KeyIso          (c731b1fe449d4e9cea358c9d55b69be9) C:\Windows\system32\lsass.exe

14:03:56.0414 4404        KeyIso - ok

14:03:56.0492 4404        KMDFMEMIO       (ebc507f129df8f0e0ca270dcfc0cf87f) C:\Windows\system32\DRIVERS\kmdfmemio.sys

14:03:56.0539 4404        KMDFMEMIO - ok

14:03:56.0586 4404        KSecDD          (0a829977b078dea11641fc2af87ceade) C:\Windows\system32\Drivers\ksecdd.sys

14:03:56.0633 4404        KSecDD - ok

14:03:56.0711 4404        KtmRm           (45c537fe5dde9a0146aeff76e615737d) C:\Windows\system32\msdtckrm.dll

14:03:56.0835 4404        KtmRm - ok

14:03:56.0882 4404        LanmanServer    (53d1482fc1aa36ac015a85e6cf2146bd) C:\Windows\system32\srvsvc.dll

14:03:56.0991 4404        LanmanServer - ok

14:03:57.0069 4404        LanmanWorkstation (435f0f6dc87a4b5da78f1fa309884189) C:\Windows\System32\wkssvc.dll

14:03:57.0132 4404        LanmanWorkstation - ok

14:03:57.0225 4404        LightScribeService (f34b35f6f74e28a460749da11d1117f8) C:\Program Files\Common Files\LightScribe\LSSrvc.exe

14:03:57.0241 4404        LightScribeService - ok

14:03:57.0335 4404        lltdio          (fd015b4f95daa2b712f0e372a116fbad) C:\Windows\system32\DRIVERS\lltdio.sys

14:03:57.0428 4404        lltdio - ok

14:03:57.0491 4404        lltdsvc         (7450dbcf754391dd6363fffd5ef0e789) C:\Windows\System32\lltdsvc.dll

14:03:57.0615 4404        lltdsvc - ok

14:03:57.0647 4404        lmhosts         (35d40113e4a5b961b6ce5c5857702518) C:\Windows\System32\lmhsvc.dll

14:03:57.0756 4404        lmhosts - ok

14:03:57.0849 4404        LSI_FC          (a2262fb9f28935e862b4db46438c80d2) C:\Windows\system32\drivers\lsi_fc.sys

14:03:57.0881 4404        LSI_FC - ok

14:03:57.0959 4404        LSI_SAS         (30d73327d390f72a62f32c103daf1d6d) C:\Windows\system32\drivers\lsi_sas.sys

14:03:57.0974 4404        LSI_SAS - ok

14:03:58.0021 4404        LSI_SCSI        (e1e36fefd45849a95f1ab81de0159fe3) C:\Windows\system32\drivers\lsi_scsi.sys

14:03:58.0037 4404        LSI_SCSI - ok

14:03:58.0083 4404        luafv           (42885bb44b6e065b8575a8dd6c430c52) C:\Windows\system32\drivers\luafv.sys

14:03:58.0208 4404        luafv - ok

14:03:58.0255 4404        Mcx2Svc         (e93c1ad58e88a0846eaee10671c2a8f3) C:\Windows\system32\Mcx2Svc.dll

14:03:58.0286 4404        Mcx2Svc - ok

14:03:58.0395 4404        megasas         (d153b14fc6598eae8422a2037553adce) C:\Windows\system32\drivers\megasas.sys

14:03:58.0411 4404        megasas - ok

14:03:58.0458 4404        MMCSS           (9dfa3a459af0954aa85b4f7622ad87bb) C:\Windows\system32\mmcss.dll

14:03:58.0583 4404        MMCSS - ok

14:03:58.0614 4404        Modem           (21755967298a46fb6adfec9db6012211) C:\Windows\system32\drivers\modem.sys

14:03:58.0739 4404        Modem - ok

14:03:58.0848 4404        monitor         (7446e104a5fe5987ca9e4983fbac4f97) C:\Windows\system32\DRIVERS\monitor.sys

14:03:58.0895 4404        monitor - ok

14:03:58.0941 4404        mouclass        (5fba13c1a1841b0885d316ed3589489d) C:\Windows\system32\DRIVERS\mouclass.sys

14:03:58.0957 4404        mouclass - ok

14:03:59.0004 4404        mouhid          (b569b5c5d3bde545df3a6af512cccdba) C:\Windows\system32\DRIVERS\mouhid.sys

14:03:59.0066 4404        mouhid - ok

14:03:59.0160 4404        MountMgr        (01f1e5a3e4877c931cbb31613fec16a6) C:\Windows\system32\drivers\mountmgr.sys

14:03:59.0175 4404        MountMgr - ok

14:03:59.0222 4404        mpio            (583a41f26278d9e0ea548163d6139397) C:\Windows\system32\drivers\mpio.sys

14:03:59.0253 4404        mpio - ok

14:03:59.0300 4404        mpsdrv          (6e7a7f0c1193ee5648443fe2d4b789ec) C:\Windows\system32\drivers\mpsdrv.sys

14:03:59.0347 4404        mpsdrv - ok

14:03:59.0425 4404        MpsSvc          (563ed845885c6a7c09a7715d8bd0585c) C:\Windows\system32\mpssvc.dll

14:03:59.0487 4404        MpsSvc - ok

14:03:59.0581 4404        Mraid35x        (4fbbb70d30fd20ec51f80061703b001e) C:\Windows\system32\drivers\mraid35x.sys

14:03:59.0597 4404        Mraid35x - ok

14:03:59.0643 4404        MRxDAV          (1d8828b98ee309d65e006f0829e280e5) C:\Windows\system32\drivers\mrxdav.sys

14:03:59.0706 4404        MRxDAV - ok

14:03:59.0768 4404        mrxsmb          (8af705ce1bb907932157fab821170f27) C:\Windows\system32\DRIVERS\mrxsmb.sys

14:03:59.0815 4404        mrxsmb - ok

14:03:59.0877 4404        mrxsmb10        (47e13ab23371be3279eef22bbfa2c1be) C:\Windows\system32\DRIVERS\mrxsmb10.sys

14:03:59.0940 4404        mrxsmb10 - ok

14:03:59.0987 4404        mrxsmb20        (90b3fc7bd6b3d7ee7635debba2187f66) C:\Windows\system32\DRIVERS\mrxsmb20.sys

14:04:00.0033 4404        mrxsmb20 - ok

14:04:00.0096 4404        msahci          (742aed7939e734c36b7e8d6228ce26b7) C:\Windows\system32\drivers\msahci.sys

14:04:00.0111 4404        msahci - ok

14:04:00.0158 4404        msdsm           (3fc82a2ae4cc149165a94699183d3028) C:\Windows\system32\drivers\msdsm.sys

14:04:00.0174 4404        msdsm - ok

14:04:00.0221 4404        MSDTC           (bc64a92d821efea8bab8e8caf1b668bc) C:\Windows\System32\msdtc.exe

14:04:00.0267 4404        MSDTC - ok

14:04:00.0330 4404        Msfs            (729eafefd4e7417165f353a18dbe947d) C:\Windows\system32\drivers\Msfs.sys

14:04:00.0439 4404        Msfs - ok

14:04:00.0533 4404        msisadrv        (207df26dbb2537c20276da0e15892274) C:\Windows\system32\drivers\msisadrv.sys

14:04:00.0548 4404        msisadrv - ok

14:04:00.0595 4404        MSiSCSI         (8acf956d9154e893e789881430c12632) C:\Windows\system32\iscsiexe.dll

14:04:00.0720 4404        MSiSCSI - ok

14:04:00.0735 4404        msiserver - ok

14:04:00.0860 4404        MSKSSRV         (892cedefa7e0ffe7be8da651b651d047) C:\Windows\system32\drivers\MSKSSRV.sys

14:04:00.0954 4404        MSKSSRV - ok

14:04:01.0047 4404        MSPCLOCK        (ae2cb1da69b2676b4cee2a501af5871c) C:\Windows\system32\drivers\MSPCLOCK.sys

14:04:01.0157 4404        MSPCLOCK - ok

14:04:01.0235 4404        MSPQM           (f910da84fa90c44a3addb7cd874463fd) C:\Windows\system32\drivers\MSPQM.sys

14:04:01.0344 4404        MSPQM - ok

14:04:01.0391 4404        MsRPC           (84571c0ae07647ba38d493f5f0015df7) C:\Windows\system32\drivers\MsRPC.sys

14:04:01.0406 4404        MsRPC - ok

14:04:01.0500 4404        mssmbios        (7dbaa028f625aa46b95dda4fbe4b602b) C:\Windows\system32\DRIVERS\mssmbios.sys

14:04:01.0515 4404        mssmbios - ok

14:04:01.0578 4404        MSSQL$MSSMLBIZ - ok

14:04:01.0656 4404        MSSQLServerADHelper (c06ea83f6fc2959e897c117255b6b1d5) C:\Program Files\Microsoft SQL Server\90\Shared\sqladhlp90.exe

14:04:01.0671 4404        MSSQLServerADHelper - ok

14:04:01.0796 4404        MSTEE           (c826dd1373f38afd9ca46ec3c436a14e) C:\Windows\system32\drivers\MSTEE.sys

14:04:01.0890 4404        MSTEE - ok

14:04:01.0937 4404        Mup             (fa7aa70050cf5e2d15de00941e5665e5) C:\Windows\system32\Drivers\mup.sys

14:04:01.0952 4404        Mup - ok

14:04:02.0015 4404        napagent        (1cdbb5d002fe2bc5300aa20550d8a52e) C:\Windows\system32\qagentRT.dll

14:04:02.0124 4404        napagent - ok

14:04:02.0233 4404        NativeWifiP     (6da4a0fc7c0e83df0cb3cfd0a514c3bc) C:\Windows\system32\DRIVERS\nwifi.sys

14:04:02.0264 4404        NativeWifiP - ok

14:04:02.0373 4404        NDIS            (fffe00134c554e113ee186eeddb0ff30) C:\Windows\system32\drivers\ndis.sys

14:04:02.0420 4404        NDIS - ok

14:04:02.0483 4404        NdisTapi        (81659cdcbd0f9a9e07e6878ad8c78d3f) C:\Windows\system32\DRIVERS\ndistapi.sys

14:04:02.0545 4404        NdisTapi - ok

14:04:02.0607 4404        Ndisuio         (5de5ee546bf40838ebe0e01cb629df64) C:\Windows\system32\DRIVERS\ndisuio.sys

14:04:02.0717 4404        Ndisuio - ok

14:04:02.0810 4404        NdisWan         (397402adcbb8946223a1950101f6cd94) C:\Windows\system32\DRIVERS\ndiswan.sys

14:04:02.0919 4404        NdisWan - ok

14:04:02.0966 4404        NDProxy         (1b24fa907af283199a81b3bb37e5e526) C:\Windows\system32\drivers\NDProxy.sys

14:04:02.0997 4404        NDProxy - ok

14:04:03.0060 4404        NetBIOS         (356dbb9f98e8dc1028dd3092fceeb877) C:\Windows\system32\DRIVERS\netbios.sys

14:04:03.0185 4404        NetBIOS - ok

14:04:03.0231 4404        netbt           (e3a168912e7eefc3bd3b814720d68b41) C:\Windows\system32\DRIVERS\netbt.sys

14:04:03.0341 4404        netbt - ok

14:04:03.0434 4404        Netlogon        (c731b1fe449d4e9cea358c9d55b69be9) C:\Windows\system32\lsass.exe

14:04:03.0465 4404        Netlogon - ok

14:04:03.0528 4404        Netman          (90a4dae28b94497f83bea0f2a3b77092) C:\Windows\System32\netman.dll

14:04:03.0684 4404        Netman - ok

14:04:03.0746 4404        netprofm        (7c5c3d9ceee838856b828ab6f98a2857) C:\Windows\System32\netprofm.dll

14:04:03.0871 4404        netprofm - ok

14:04:03.0933 4404        NetTcpPortSharing (0ad5876ef4e9eb77c8f93eb5b2fff386) C:\Windows\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\SMSvcHost.exe

14:04:03.0949 4404        NetTcpPortSharing - ok

14:04:04.0121 4404        NETw2v32        (6e9edc1020b319e7676387b8cdf2398c) C:\Windows\system32\DRIVERS\NETw2v32.sys

14:04:04.0386 4404        NETw2v32 - ok

14:04:04.0433 4404        nfrd960         (2e7fb731d4790a1bc6270accefacb36e) C:\Windows\system32\drivers\nfrd960.sys

14:04:04.0464 4404        nfrd960 - ok

14:04:04.0526 4404        NlaSvc          (c424117a562f2de37a42266894c79aeb) C:\Windows\System32\nlasvc.dll

14:04:04.0651 4404        NlaSvc - ok

14:04:04.0745 4404        Npfs            (4f9832beb9fafd8ceb0e541f1323b26e) C:\Windows\system32\drivers\Npfs.sys

14:04:04.0854 4404        Npfs - ok

14:04:04.0901 4404        nsi             (23b8201a363de0e649fc75ee9874dee2) C:\Windows\system32\nsisvc.dll

14:04:05.0025 4404        nsi - ok

14:04:05.0057 4404        nsiproxy        (b488dfec274de1fc9d653870ef2587be) C:\Windows\system32\drivers\nsiproxy.sys

14:04:05.0181 4404        nsiproxy - ok

14:04:05.0306 4404        Ntfs            (37430aa7a66d7a63407adc2c0d05e9f6) C:\Windows\system32\drivers\Ntfs.sys

14:04:05.0384 4404        Ntfs - ok

14:04:05.0478 4404        ntrigdigi       (e875c093aec0c978a90f30c9e0dfbb72) C:\Windows\system32\drivers\ntrigdigi.sys

14:04:05.0587 4404        ntrigdigi - ok

14:04:05.0618 4404        Null            (ec5efb3c60f1b624648344a328bce596) C:\Windows\system32\drivers\Null.sys

14:04:05.0727 4404        Null - ok

14:04:05.0821 4404        nvraid          (e69e946f80c1c31c53003bfbf50cbb7c) C:\Windows\system32\drivers\nvraid.sys

14:04:05.0837 4404        nvraid - ok

14:04:05.0883 4404        nvstor          (9e0ba19a28c498a6d323d065db76dffc) C:\Windows\system32\drivers\nvstor.sys

14:04:05.0899 4404        nvstor - ok

14:04:05.0961 4404        nv_agp          (07c186427eb8fcc3d8d7927187f260f7) C:\Windows\system32\drivers\nv_agp.sys

14:04:05.0977 4404        nv_agp - ok

14:04:06.0055 4404        NwlnkFlt - ok

14:04:06.0086 4404        NwlnkFwd - ok

14:04:06.0180 4404        odserv          (785f487a64950f3cb8e9f16253ba3b7b) C:\Program Files\Common Files\Microsoft Shared\OFFICE12\ODSERV.EXE

14:04:06.0227 4404        odserv - ok

14:04:06.0289 4404        ohci1394        (be32da025a0be1878f0ee8d6d9386cd5) C:\Windows\system32\drivers\ohci1394.sys

14:04:06.0383 4404        ohci1394 - ok

14:04:06.0523 4404        OpenVPNService  (207263e9b61267e21fa2748ed38889a3) C:\Program Files\OpenVPN\bin\openvpnserv.exe

14:04:06.0539 4404        OpenVPNService ( UnsignedFile.Multi.Generic ) - warning

14:04:06.0539 4404        OpenVPNService - detected UnsignedFile.Multi.Generic (1)

14:04:06.0617 4404        ose             (5a432a042dae460abe7199b758e8606c) C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE

14:04:06.0648 4404        ose - ok

14:04:06.0741 4404        p2pimsvc        (016d01d3b8fb976a193c7434bed8dccf) C:\Windows\system32\p2psvc.dll

14:04:06.0866 4404        p2pimsvc - ok

14:04:06.0929 4404        p2psvc          (016d01d3b8fb976a193c7434bed8dccf) C:\Windows\system32\p2psvc.dll

14:04:06.0975 4404        p2psvc - ok

14:04:07.0053 4404        Parport         (0fa9b5055484649d63c303fe404e5f4d) C:\Windows\system32\drivers\parport.sys

14:04:07.0163 4404        Parport - ok

14:04:07.0225 4404        partmgr         (555a5b2c8022983bc7467bc925b222ee) C:\Windows\system32\drivers\partmgr.sys

14:04:07.0241 4404        partmgr - ok

14:04:07.0287 4404        Parvdm          (4f9a6a8a31413180d0fcb279ad5d8112) C:\Windows\system32\drivers\parvdm.sys

14:04:07.0397 4404        Parvdm - ok

14:04:07.0443 4404        PcaSvc          (d8c5c215c932233a4f1d7f368f4e4e65) C:\Windows\System32\pcasvc.dll

14:04:07.0475 4404        PcaSvc - ok

14:04:07.0521 4404        pci             (bdd96f9cf34d58958aff1be6ef4c8020) C:\Windows\system32\drivers\pci.sys

14:04:07.0537 4404        pci - ok

14:04:07.0599 4404        pciide          (b2fc76090ef1003463ccb07cabb35cff) C:\Windows\system32\drivers\pciide.sys

14:04:07.0615 4404        pciide - ok

14:04:07.0693 4404        pcmcia          (e6f3fb1b86aa519e7698ad05e58b04e5) C:\Windows\system32\DRIVERS\pcmcia.sys

14:04:07.0709 4404        pcmcia - ok

14:04:07.0787 4404        PEAUTH          (6349f6ed9c623b44b52ea3c63c831a92) C:\Windows\system32\drivers\peauth.sys

14:04:07.0943 4404        PEAUTH - ok

14:04:08.0083 4404        pla             (cd05a38d166beade18030bafc0c0a939) C:\Windows\system32\pla.dll

14:04:08.0301 4404        pla - ok

14:04:08.0379 4404        PlugPlay        (747bb4c31f3b6e8d1b5ed0ad61518cb5) C:\Windows\system32\umpnpmgr.dll

14:04:08.0411 4404        PlugPlay - ok

14:04:08.0489 4404        Pml Driver HPZ12 (9dc0eb6e111c15886fe753061b8a2f61) C:\Windows\system32\HPZipm12.dll

14:04:08.0613 4404        Pml Driver HPZ12 - ok

14:04:08.0691 4404        PNRPAutoReg     (016d01d3b8fb976a193c7434bed8dccf) C:\Windows\system32\p2psvc.dll

14:04:08.0769 4404        PNRPAutoReg - ok

14:04:08.0832 4404        PNRPsvc         (016d01d3b8fb976a193c7434bed8dccf) C:\Windows\system32\p2psvc.dll

14:04:08.0894 4404        PNRPsvc - ok

14:04:08.0972 4404        PolicyAgent     (5ebdec613bd377ce9a85382be5c6b83b) C:\Windows\System32\ipsecsvc.dll

14:04:09.0035 4404        PolicyAgent - ok

14:04:09.0144 4404        PptpMiniport    (c04dec5ace67c5247b150c4223970bb7) C:\Windows\system32\DRIVERS\raspptp.sys

14:04:09.0191 4404        PptpMiniport - ok

14:04:09.0253 4404        Processor       (0e3cef5d28b40cf273281d620c50700a) C:\Windows\system32\drivers\processr.sys

14:04:09.0362 4404        Processor - ok

14:04:09.0425 4404        ProfSvc         (8b8e8f4734c5c576e3b910db73756cf1) C:\Windows\system32\profsvc.dll

14:04:09.0471 4404        ProfSvc - ok

14:04:09.0549 4404        ProtectedStorage (c731b1fe449d4e9cea358c9d55b69be9) C:\Windows\system32\lsass.exe

14:04:09.0581 4404        ProtectedStorage - ok

14:04:09.0612 4404        PSched          (2c8bae55247c4e09352e870292e4d1ab) C:\Windows\system32\DRIVERS\pacer.sys

14:04:09.0643 4404        PSched - ok

14:04:09.0705 4404        PzWDM           (36cf3653d367cbc72a38625543f3d4d1) C:\Windows\system32\Drivers\PzWDM.sys

14:04:09.0737 4404        PzWDM ( UnsignedFile.Multi.Generic ) - warning

14:04:09.0737 4404        PzWDM - detected UnsignedFile.Multi.Generic (1)

14:04:09.0815 4404        ql2300          (ccdac889326317792480c0a67156a1ec) C:\Windows\system32\drivers\ql2300.sys

14:04:09.0893 4404        ql2300 - ok

14:04:09.0971 4404        ql40xx          (81a7e5c076e59995d54bc1ed3a16e60b) C:\Windows\system32\drivers\ql40xx.sys

14:04:10.0002 4404        ql40xx - ok

14:04:10.0064 4404        QWAVE           (ca61bdfd3713a7ce75f2812afc431594) C:\Windows\system32\qwave.dll

14:04:10.0111 4404        QWAVE - ok

14:04:10.0142 4404        QWAVEdrv        (d2b3e2b7426dc23e185fbc73c8936c12) C:\Windows\system32\drivers\qwavedrv.sys

14:04:10.0173 4404        QWAVEdrv - ok

14:04:10.0345 4404        R300            (976d32226fc4dd1187110b763f913a69) C:\Windows\system32\DRIVERS\atikmdag.sys

14:04:10.0548 4404        R300 - ok

14:04:10.0641 4404        RasAcd          (bd7b30f55b3649506dd8b3d38f571d2a) C:\Windows\system32\DRIVERS\rasacd.sys

14:04:10.0751 4404        RasAcd - ok

14:04:10.0829 4404        RasAuto         (f14f4aab9f54d099fe99192bdb100ac9) C:\Windows\System32\rasauto.dll

14:04:10.0938 4404        RasAuto - ok

14:04:11.0031 4404        Rasl2tp         (68b0019fee429ec49d29017af937e482) C:\Windows\system32\DRIVERS\rasl2tp.sys

14:04:11.0078 4404        Rasl2tp - ok

14:04:11.0125 4404        RasMan          (11d65e29bc9d1e4114d18fe68194394c) C:\Windows\System32\rasmans.dll

14:04:11.0234 4404        RasMan - ok

14:04:11.0328 4404        RasPppoe        (ccf4e9c6cbbac81437f88cb2ae0b6c96) C:\Windows\system32\DRIVERS\raspppoe.sys

14:04:11.0437 4404        RasPppoe - ok

14:04:11.0499 4404        rdbss           (54129c5d9581bbec8bd1ebd3ba813f47) C:\Windows\system32\DRIVERS\rdbss.sys

14:04:11.0609 4404        rdbss - ok

14:04:11.0671 4404        RDPCDD          (794585276b5d7fca9f3fc15543f9f0b9) C:\Windows\system32\DRIVERS\RDPCDD.sys

14:04:11.0780 4404        RDPCDD - ok

14:04:11.0874 4404        rdpdr           (e8bd98d46f2ed77132ba927fccb47d8b) C:\Windows\system32\drivers\rdpdr.sys

14:04:11.0983 4404        rdpdr - ok

14:04:12.0061 4404        RDPENCDD        (980b56e2e273e19d3a9d72d5c420f008) C:\Windows\system32\drivers\rdpencdd.sys

14:04:12.0170 4404        RDPENCDD - ok

14:04:12.0248 4404        RDPWD           (8830e790a74a96605faba74f9665bb3c) C:\Windows\system32\drivers\RDPWD.sys

14:04:12.0373 4404        RDPWD - ok

14:04:12.0435 4404        RemoteAccess    (6c1a43c589ee8011a1ebfd51c01b77ce) C:\Windows\System32\mprdim.dll

14:04:12.0545 4404        RemoteAccess - ok

14:04:12.0607 4404        RemoteRegistry  (9a043808667c8c1893da7275af373f0e) C:\Windows\system32\regsvc.dll

14:04:12.0716 4404        RemoteRegistry - ok

14:04:12.0810 4404        RFCOMM          (7ec90c316177ba3f1bce92005264b447) C:\Windows\system32\DRIVERS\rfcomm.sys

14:04:12.0919 4404        RFCOMM - ok

14:04:12.0997 4404        RichVideo       (4d05898896ec49cf663dda61041ab096) C:\Program Files\CyberLink\Shared Files\RichVideo.exe

14:04:13.0013 4404        RichVideo - ok

14:04:13.0091 4404        RpcLocator      (5123f83cbc4349d065534eeb6bbdc42b) C:\Windows\system32\locator.exe

14:04:13.0137 4404        RpcLocator - ok

14:04:13.0231 4404        RpcSs           (7b981222a257d076885bffb66f19b7ce) C:\Windows\system32\rpcss.dll

14:04:13.0278 4404        RpcSs - ok

14:04:13.0340 4404        rspndr          (97e939d2128fec5d5a3e6e79b290a2f4) C:\Windows\system32\DRIVERS\rspndr.sys

14:04:13.0449 4404        rspndr - ok

14:04:13.0496 4404        RTL8023xp       (959ef612d2ccfdb6d9e443f8e3655013) C:\Windows\system32\DRIVERS\Rtnicxp.sys

14:04:13.0605 4404        RTL8023xp - ok

14:04:13.0715 4404        SamSs           (c731b1fe449d4e9cea358c9d55b69be9) C:\Windows\system32\lsass.exe

14:04:13.0746 4404        SamSs - ok

14:04:13.0839 4404        Samsung Update Plus (4bfb51cdb25d4d4b9e8fccab635f262e) C:\Program Files\Samsung\Samsung Update Plus\SLUBackgroundService.exe

14:04:13.0855 4404        Samsung Update Plus ( UnsignedFile.Multi.Generic ) - warning

14:04:13.0855 4404        Samsung Update Plus - detected UnsignedFile.Multi.Generic (1)

14:04:13.0902 4404        sbp2port        (3ce8f073a557e172b330109436984e30) C:\Windows\system32\drivers\sbp2port.sys

14:04:13.0917 4404        sbp2port - ok

14:04:13.0964 4404        SCardSvr        (565b4b9e5ad2f2f18a4f8aafa6c06bbb) C:\Windows\System32\SCardSvr.dll

14:04:14.0073 4404        SCardSvr - ok

14:04:14.0183 4404        Schedule        (886cec884b5be29ab9828b8ab46b11f7) C:\Windows\system32\schedsvc.dll

14:04:14.0261 4404        Schedule - ok

14:04:14.0323 4404        SCPolicySvc     (0600e04315fe543802a379d5d23c8be0) C:\Windows\System32\certprop.dll

14:04:14.0417 4404        SCPolicySvc - ok

14:04:14.0526 4404        sdbus           (4339a2585708c7d9b0c0ce5aad3dd6ff) C:\Windows\system32\DRIVERS\sdbus.sys

14:04:14.0635 4404        sdbus - ok

14:04:14.0682 4404        SDRSVC          (f7b6bf02240d0a764adf8c8966735552) C:\Windows\System32\SDRSVC.dll

14:04:14.0729 4404        SDRSVC - ok

14:04:14.0869 4404        SeaPort         (cc781378e7eda615d2cdca3b17829fa4) C:\Program Files\Microsoft\BingBar\SeaPort.EXE

14:04:14.0900 4404        SeaPort - ok

14:04:14.0978 4404        secdrv          (90a3935d05b494a5a39d37e71f09a677) C:\Windows\system32\drivers\secdrv.sys

14:04:15.0087 4404        secdrv - ok

14:04:15.0150 4404        seclogon        (8388c4133ddbe62ad7bc3ec9f14271ed) C:\Windows\system32\seclogon.dll

14:04:15.0259 4404        seclogon - ok

14:04:15.0321 4404        seehcri         (e5b56569a9f79b70314fede6c953641e) C:\Windows\system32\DRIVERS\seehcri.sys

14:04:15.0384 4404        seehcri - ok

14:04:15.0415 4404        SENS            (34350ae2c1d33d21c7305f861bd8dad8) C:\Windows\System32\sens.dll

14:04:15.0540 4404        SENS - ok

14:04:15.0618 4404        Serenum         (68e44e331d46f0fb38f0863a84cd1a31) C:\Windows\system32\drivers\serenum.sys

14:04:15.0727 4404        Serenum - ok

14:04:15.0758 4404        Serial          (c70d69a918b178d3c3b06339b40c2e1b) C:\Windows\system32\drivers\serial.sys

14:04:15.0867 4404        Serial - ok

14:04:15.0961 4404        sermouse        (450accd77ec5cea720c1cdb9e26b953b) C:\Windows\system32\drivers\sermouse.sys

14:04:16.0008 4404        sermouse - ok

14:04:16.0086 4404        SessionEnv      (78878235da4df0d116e86837a0a21df8) C:\Windows\system32\sessenv.dll

14:04:16.0195 4404        SessionEnv - ok

14:04:16.0304 4404        sffdisk         (103b79418da647736ee95645f305f68a) C:\Windows\system32\drivers\sffdisk.sys

14:04:16.0413 4404        sffdisk - ok

14:04:16.0476 4404        sffp_mmc        (8fd08a310645fe872eeec6e08c6bf3ee) C:\Windows\system32\drivers\sffp_mmc.sys

14:04:16.0585 4404        sffp_mmc - ok

14:04:16.0632 4404        sffp_sd         (9cfa05fcfcb7124e69cfc812b72f9614) C:\Windows\system32\drivers\sffp_sd.sys

14:04:16.0741 4404        sffp_sd - ok

14:04:16.0788 4404        sfloppy         (46ed8e91793b2e6f848015445a0ac188) C:\Windows\system32\drivers\sfloppy.sys

14:04:16.0913 4404        sfloppy - ok

14:04:16.0959 4404        SharedAccess    (9a82bf4c90b00a63150a606a1e2fd82b) C:\Windows\System32\ipnathlp.dll

14:04:16.0991 4404        SharedAccess - ok

14:04:17.0053 4404        ShellHWDetection (b264dfa21677728613267fe63802b332) C:\Windows\System32\shsvcs.dll

14:04:17.0100 4404        ShellHWDetection - ok

14:04:17.0178 4404        sisagp          (d2a595d6eebeeaf4334f8e50efbc9931) C:\Windows\system32\drivers\sisagp.sys

14:04:17.0209 4404        sisagp - ok

14:04:17.0271 4404        SiSRaid2        (cedd6f4e7d84e9f98b34b3fe988373aa) C:\Windows\system32\drivers\sisraid2.sys

14:04:17.0287 4404        SiSRaid2 - ok

14:04:17.0334 4404        SiSRaid4        (df843c528c4f69d12ce41ce462e973a7) C:\Windows\system32\drivers\sisraid4.sys

14:04:17.0365 4404        SiSRaid4 - ok

14:04:17.0505 4404        slsvc           (a1dcd30534835cb67733ad00175125a6) C:\Windows\system32\SLsvc.exe

14:04:17.0739 4404        slsvc - ok

14:04:17.0833 4404        SLUINotify      (56da296e7b376a727e7bdc5ac7fbee02) C:\Windows\system32\SLUINotify.dll

14:04:17.0880 4404        SLUINotify - ok

14:04:17.0958 4404        Smb             (46baf398809a0f3b2d3300a1760e4b91) C:\Windows\system32\DRIVERS\smb.sys

14:04:18.0005 4404        Smb - ok

14:04:18.0051 4404        SNMPTRAP        (2a146a055b4401c16ee62d18b8e2a032) C:\Windows\System32\snmptrap.exe

14:04:18.0098 4404        SNMPTRAP - ok

14:04:18.0145 4404        spldr           (426f9b029aa9162ceccf65369457d046) C:\Windows\system32\drivers\spldr.sys

14:04:18.0176 4404        spldr - ok

14:04:18.0207 4404        Spooler         (da612ef2556776df2630b68bf2d48935) C:\Windows\System32\spoolsv.exe

14:04:18.0239 4404        Spooler - ok

14:04:18.0332 4404        sptd            (cdddec541bc3c96f91ecb48759673505) C:\Windows\system32\Drivers\sptd.sys

14:04:18.0332 4404        Suspicious file (NoAccess): C:\Windows\system32\Drivers\sptd.sys. md5: cdddec541bc3c96f91ecb48759673505

14:04:18.0348 4404        sptd ( LockedFile.Multi.Generic ) - warning

14:04:18.0348 4404        sptd - detected LockedFile.Multi.Generic (1)

14:04:18.0441 4404        SQLBrowser      (b2ec3e1deac5f0a764bd3486d213a0af) C:\Program Files\Microsoft SQL Server\90\Shared\sqlbrowser.exe

14:04:18.0473 4404        SQLBrowser - ok

14:04:18.0519 4404        SQLWriter       (d2f4f32b59440011174b4f8137af4e0c) C:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe

14:04:18.0535 4404        SQLWriter - ok

14:04:18.0660 4404        srv             (038579c35f7cad4a4bbf735dbf83277d) C:\Windows\system32\DRIVERS\srv.sys

14:04:18.0722 4404        srv - ok

14:04:18.0785 4404        srv2            (6971a757af8cb5e2cbcbb76cc530db6c) C:\Windows\system32\DRIVERS\srv2.sys

14:04:18.0831 4404        srv2 - ok

14:04:18.0878 4404        srvnet          (9e1a4603b874eebce0298113951abefb) C:\Windows\system32\DRIVERS\srvnet.sys

14:04:18.0909 4404        srvnet - ok

14:04:18.0972 4404        SSDPSRV         (8d3e4baff8b3997138c38eb1b600519a) C:\Windows\System32\ssdpsrv.dll

14:04:19.0097 4404        SSDPSRV - ok

14:04:19.0237 4404        ssmdrv          (a36ee93698802cd899f98bfd553d8185) C:\Windows\system32\DRIVERS\ssmdrv.sys

14:04:19.0253 4404        ssmdrv - ok

14:04:19.0315 4404        stisvc          (a941e099ef46e3cc12f898cbe1c39910) C:\Windows\System32\wiaservc.dll

14:04:19.0393 4404        stisvc - ok

14:04:19.0455 4404        swenum          (3b80b4383c9bce13279c8482734b32b2) C:\Windows\system32\DRIVERS\swenum.sys

14:04:19.0471 4404        swenum - ok

14:04:19.0549 4404        swprv           (749ada8d6c18a08adfede69cbf5db2e0) C:\Windows\System32\swprv.dll

14:04:19.0674 4404        swprv - ok

14:04:19.0752 4404        Symc8xx         (192aa3ac01df071b541094f251deed10) C:\Windows\system32\drivers\symc8xx.sys

14:04:19.0783 4404        Symc8xx - ok

14:04:19.0830 4404        Sym_hi          (8c8eb8c76736ebaf3b13b633b2e64125) C:\Windows\system32\drivers\sym_hi.sys

14:04:19.0845 4404        Sym_hi - ok

14:04:19.0877 4404        Sym_u3          (8072af52b5fd103bbba387a1e49f62cb) C:\Windows\system32\drivers\sym_u3.sys

14:04:19.0908 4404        Sym_u3 - ok

14:04:19.0955 4404        SynTP           (451e8037e2eb6da6bdf0a66f65d1810b) C:\Windows\system32\DRIVERS\SynTP.sys

14:04:19.0986 4404        SynTP - ok

14:04:20.0064 4404        SysMain         (8f2b5fede18bd3c4c926cbf88e6f1264) C:\Windows\system32\sysmain.dll

14:04:20.0126 4404        SysMain - ok

14:04:20.0189 4404        TabletInputService (2dca225eae15f42c0933e998ee0231c3) C:\Windows\System32\TabSvc.dll

14:04:20.0235 4404        TabletInputService - ok

14:04:20.0282 4404        TapiSrv         (ef3dd33c740fc2f82e7e4622f1c49289) C:\Windows\System32\tapisrv.dll

14:04:20.0407 4404        TapiSrv - ok

14:04:20.0469 4404        TBS             (68fa52794ae9acc61bde16fe0956b414) C:\Windows\System32\tbssvc.dll

14:04:20.0594 4404        TBS - ok

14:04:20.0703 4404        Tcpip           (4a82fa8f0df67aa354580c3faaf8bde3) C:\Windows\system32\drivers\tcpip.sys

14:04:20.0781 4404        Tcpip - ok

14:04:20.0859 4404        Tcpip6          (4a82fa8f0df67aa354580c3faaf8bde3) C:\Windows\system32\DRIVERS\tcpip.sys

14:04:20.0922 4404        Tcpip6 - ok

14:04:20.0969 4404        tcpipreg        (5ce0c4a7b12d0067dad527d72b68c726) C:\Windows\system32\drivers\tcpipreg.sys

14:04:21.0062 4404        tcpipreg - ok

14:04:21.0171 4404        TDPIPE          (964248aef49c31fa6a93201a73ffaf50) C:\Windows\system32\drivers\tdpipe.sys

14:04:21.0296 4404        TDPIPE - ok

14:04:21.0374 4404        TDTCP           (7d2c1ae1648a60fce4aa0f7982e419d3) C:\Windows\system32\drivers\tdtcp.sys

14:04:21.0468 4404        TDTCP - ok

14:04:21.0530 4404        tdx             (ab4fde8af4a0270a46a001c08cbce1c2) C:\Windows\system32\DRIVERS\tdx.sys

14:04:21.0639 4404        tdx - ok

14:04:21.0717 4404        TermDD          (849ed71967d45f15c3e0abfc633fdf2a) C:\Windows\system32\DRIVERS\termdd.sys

14:04:21.0749 4404        TermDD - ok

14:04:21.0827 4404        TermService     (fad71c1e8e4047b154e899ae31eb8caa) C:\Windows\System32\termsrv.dll

14:04:21.0967 4404        TermService - ok

14:04:21.0998 4404        Themes          (b264dfa21677728613267fe63802b332) C:\Windows\system32\shsvcs.dll

14:04:22.0045 4404        Themes - ok

14:04:22.0107 4404        THREADORDER     (9dfa3a459af0954aa85b4f7622ad87bb) C:\Windows\system32\mmcss.dll

14:04:22.0217 4404        THREADORDER - ok

14:04:22.0310 4404        TrkWks          (6bba0582c0025d43729a1112d3b57897) C:\Windows\System32\trkwks.dll

14:04:22.0419 4404        TrkWks - ok

14:04:22.0451 4404        TrustedInstaller (34e388a395fedba1d0511ed39bbf4074) C:\Windows\servicing\TrustedInstaller.exe

14:04:22.0497 4404        TrustedInstaller - ok

14:04:22.0575 4404        tssecsrv        (29f0eca726f0d51f7e048bdb0b372f29) C:\Windows\system32\DRIVERS\tssecsrv.sys

14:04:22.0685 4404        tssecsrv - ok

14:04:22.0747 4404        tunmp           (65e953bc0084d44498b51f59784d2a82) C:\Windows\system32\DRIVERS\tunmp.sys

14:04:22.0794 4404        tunmp - ok

14:04:22.0825 4404        tunnel          (4a39bda5e0fd30bdf4884f9d33ae6105) C:\Windows\system32\DRIVERS\tunnel.sys

14:04:22.0856 4404        tunnel - ok

14:04:22.0903 4404        uagp35          (c3ade15414120033a36c0f293d4a4121) C:\Windows\system32\drivers\uagp35.sys

14:04:22.0919 4404        uagp35 - ok

14:04:22.0965 4404        udfs            (6348da98707ceda8a0dfb05820e17732) C:\Windows\system32\DRIVERS\udfs.sys

14:04:23.0090 4404        udfs - ok

14:04:23.0199 4404        UI0Detect       (24a333f4f14dcfb6ff6d5a1b9e5d79dd) C:\Windows\system32\UI0Detect.exe

14:04:23.0246 4404        UI0Detect - ok

14:04:23.0309 4404        uliagpkx        (75e6890ebfce0841d3291b02e7a8bdb0) C:\Windows\system32\drivers\uliagpkx.sys

14:04:23.0324 4404        uliagpkx - ok

14:04:23.0387 4404        uliahci         (3cd4ea35a6221b85dcc25daa46313f8d) C:\Windows\system32\drivers\uliahci.sys

14:04:23.0418 4404        uliahci - ok

14:04:23.0465 4404        UlSata          (8514d0e5cd0534467c5fc61be94a569f) C:\Windows\system32\drivers\ulsata.sys

14:04:23.0480 4404        UlSata - ok

14:04:23.0527 4404        ulsata2         (38c3c6e62b157a6bc46594fada45c62b) C:\Windows\system32\drivers\ulsata2.sys

14:04:23.0558 4404        ulsata2 - ok

14:04:23.0589 4404        umbus           (3fb78f1d1dd86d87bececd9dffa24dd9) C:\Windows\system32\DRIVERS\umbus.sys

14:04:23.0714 4404        umbus - ok

14:04:23.0808 4404        upnphost        (8eb871a3deb6b3d5a85eb6ddfc390b59) C:\Windows\System32\upnphost.dll

14:04:23.0933 4404        upnphost - ok

14:04:24.0026 4404        USBAAPL         (4b8a9c16b6d9258ed99c512aecb8c555) C:\Windows\system32\Drivers\usbaapl.sys

14:04:24.0057 4404        USBAAPL ( UnsignedFile.Multi.Generic ) - warning

14:04:24.0057 4404        USBAAPL - detected UnsignedFile.Multi.Generic (1)

14:04:24.0120 4404        usbccgp         (03b01e8dbd2da2b49157b7e51912aaf2) C:\Windows\system32\DRIVERS\usbccgp.sys

14:04:24.0167 4404        usbccgp - ok

14:04:24.0213 4404        usbcir          (e9476e6c486e76bc4898074768fb7131) C:\Windows\system32\drivers\usbcir.sys

14:04:24.0323 4404        usbcir - ok

14:04:24.0447 4404        usbehci         (2f83363f98484f8edaf49f9b41520d14) C:\Windows\system32\DRIVERS\usbehci.sys

14:04:24.0494 4404        usbehci - ok

14:04:24.0557 4404        usbhub          (14d2a4dcd92c0b3368667aed6893463d) C:\Windows\system32\DRIVERS\usbhub.sys

14:04:24.0603 4404        usbhub - ok

14:04:24.0666 4404        usbohci         (51dc36722172d45f2f935ce5cc18a812) C:\Windows\system32\DRIVERS\usbohci.sys

14:04:24.0697 4404        usbohci - ok

14:04:24.0744 4404        usbprint        (b51e52acf758be00ef3a58ea452fe360) C:\Windows\system32\DRIVERS\usbprint.sys

14:04:24.0853 4404        usbprint - ok

14:04:24.0947 4404        usbscan         (b1f95285c08ddfe00c0b955462637ec7) C:\Windows\system32\DRIVERS\usbscan.sys

14:04:25.0071 4404        usbscan - ok

14:04:25.0118 4404        USBSTOR         (7887ce56934e7f104e98c975f47353c5) C:\Windows\system32\DRIVERS\USBSTOR.SYS

14:04:25.0181 4404        USBSTOR - ok

14:04:25.0227 4404        usbuhci         (325dbbacb8a36af9988ccf40eac228cc) C:\Windows\system32\DRIVERS\usbuhci.sys

14:04:25.0337 4404        usbuhci - ok

14:04:25.0446 4404        usbvideo        (0a6b81f01bc86399482e27e6fda7b33b) C:\Windows\system32\Drivers\usbvideo.sys

14:04:25.0555 4404        usbvideo - ok

14:04:25.0617 4404        UxSms           (f79d0d7c9004474cb42746d9b2c30a2b) C:\Windows\System32\uxsms.dll

14:04:25.0758 4404        UxSms - ok

14:04:25.0820 4404        vds             (c9d0bafee0d0a2681f048ca61bc0da96) C:\Windows\System32\vds.exe

14:04:25.0867 4404        vds - ok

14:04:25.0961 4404        vga             (7d92be0028ecdedec74617009084b5ef) C:\Windows\system32\DRIVERS\vgapnp.sys

14:04:26.0054 4404        vga - ok

14:04:26.0117 4404        VgaSave         (17a8f877314e4067f8c8172cc6d9101c) C:\Windows\System32\drivers\vga.sys

14:04:26.0241 4404        VgaSave - ok

14:04:26.0288 4404        viaagp          (045d9961e591cf0674a920b6ba3ba5cb) C:\Windows\system32\drivers\viaagp.sys

14:04:26.0304 4404        viaagp - ok

14:04:26.0351 4404        ViaC7           (56a4de5f02f2e88182b0981119b4dd98) C:\Windows\system32\drivers\viac7.sys

14:04:26.0460 4404        ViaC7 - ok

14:04:26.0522 4404        viaide          (fd2e3175fcada350c7ab4521dca187ec) C:\Windows\system32\drivers\viaide.sys

14:04:26.0538 4404        viaide - ok

14:04:26.0631 4404        VMC302          (2dff4efa8e65b257c171c362c1256db8) C:\Windows\system32\Drivers\VMC302.sys

14:04:26.0678 4404        VMC302 - ok

14:04:26.0741 4404        volmgr          (fd16fac15f9f165ac19a618e7b391f5c) C:\Windows\system32\drivers\volmgr.sys

14:04:26.0772 4404        volmgr - ok

14:04:26.0819 4404        volmgrx         (294da8d3f965f6a8db934a83c7b461ff) C:\Windows\system32\drivers\volmgrx.sys

14:04:26.0850 4404        volmgrx - ok

14:04:26.0897 4404        volsnap         (80dc0c9bcb579ed9815001a4d37cbfd5) C:\Windows\system32\drivers\volsnap.sys

14:04:26.0912 4404        volsnap - ok

14:04:26.0975 4404        vsmraid         (d984439746d42b30fc65a4c3546c6829) C:\Windows\system32\drivers\vsmraid.sys

14:04:27.0006 4404        vsmraid - ok

14:04:27.0068 4404        VSS             (e0e29d9ef2524abd11749c7c2fd7f607) C:\Windows\system32\vssvc.exe

14:04:27.0162 4404        VSS - ok

14:04:27.0240 4404        W32Time         (62b0d0f6f5580d9d0dfa5e0b466ff2ed) C:\Windows\system32\w32time.dll

14:04:27.0365 4404        W32Time - ok

14:04:27.0458 4404        WacomPen        (48dfee8f1af7c8235d4e626f0c4fe031) C:\Windows\system32\drivers\wacompen.sys

14:04:27.0567 4404        WacomPen - ok

14:04:27.0770 4404        Wanarp          (6798c1209a53b5a0ded8d437c45145ff) C:\Windows\system32\DRIVERS\wanarp.sys

14:04:27.0786 4404        Wanarp - ok

14:04:27.0801 4404        Wanarpv6        (6798c1209a53b5a0ded8d437c45145ff) C:\Windows\system32\DRIVERS\wanarp.sys

14:04:27.0833 4404        Wanarpv6 - ok

14:04:27.0879 4404        wcncsvc         (c1b19162e0509ceab4cdf664e139d956) C:\Windows\System32\wcncsvc.dll

14:04:27.0926 4404        wcncsvc - ok

14:04:27.0957 4404        WcsPlugInService (11bcb7afcdd7aadacb5746f544d3a9c7) C:\Windows\System32\WcsPlugInService.dll

14:04:28.0020 4404        WcsPlugInService - ok

14:04:28.0051 4404        Wd              (afc5ad65b991c1e205cf25cfdbf7a6f4) C:\Windows\system32\drivers\wd.sys

14:04:28.0082 4404        Wd - ok

14:04:28.0145 4404        Wdf01000        (b6f0a7ad6d4bd325fbcd8bac96cd8d96) C:\Windows\system32\drivers\Wdf01000.sys

14:04:28.0191 4404        Wdf01000 - ok

14:04:28.0269 4404        WdiServiceHost  (2a424b89b14ef17a3d06bcb5a8f79601) C:\Windows\system32\wdi.dll

14:04:28.0301 4404        WdiServiceHost - ok

14:04:28.0316 4404        WdiSystemHost   (2a424b89b14ef17a3d06bcb5a8f79601) C:\Windows\system32\wdi.dll

14:04:28.0347 4404        WdiSystemHost - ok

14:04:28.0394 4404        WebClient       (01e41c264eedcb827820a1909162579f) C:\Windows\System32\webclnt.dll

14:04:28.0441 4404        WebClient - ok

14:04:28.0488 4404        Wecsvc          (9cf67ff7f8d34cbf115d0c278b9f74aa) C:\Windows\system32\wecsvc.dll

14:04:28.0597 4404        Wecsvc - ok

14:04:28.0659 4404        wercplsupport   (b68cab45db1dab59d92acadfad6364a8) C:\Windows\System32\wercplsupport.dll

14:04:28.0784 4404        wercplsupport - ok

14:04:28.0847 4404        WerSvc          (36ba0707680ef4236fd752bee982cc25) C:\Windows\System32\WerSvc.dll

14:04:28.0971 4404        WerSvc - ok

14:04:29.0049 4404        WinDefend       (0d5ad0e71ff5ddac5dd2f443b499abd0) C:\Program Files\Windows Defender\mpsvc.dll

14:04:29.0081 4404        WinDefend - ok

14:04:29.0096 4404        WinHttpAutoProxySvc - ok

14:04:29.0190 4404        Winmgmt         (38a7b89de4e3417c122317949667fdd8) C:\Windows\system32\wbem\WMIsvc.dll

14:04:29.0315 4404        Winmgmt - ok

14:04:29.0393 4404        WinRM           (3f6823040030c3e4da1cf11cd40b7534) C:\Windows\system32\WsmSvc.dll

14:04:29.0517 4404        WinRM - ok

14:04:29.0642 4404        Wlansvc         (7640acea41348bfef34b76e245501261) C:\Windows\System32\wlansvc.dll

14:04:29.0720 4404        Wlansvc - ok

14:04:29.0876 4404        wlidsvc         (5144ae67d60ec653f97ddf3feed29e77) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE

14:04:30.0001 4404        wlidsvc - ok

14:04:30.0079 4404        WmiAcpi         (701a9f884a294327e9141d73746ee279) C:\Windows\system32\drivers\wmiacpi.sys

14:04:30.0188 4404        WmiAcpi - ok

14:04:30.0282 4404        wmiApSrv        (a279323bee5fffafda222910bce92132) C:\Windows\system32\wbem\WmiApSrv.exe

14:04:30.0313 4404        wmiApSrv - ok

14:04:30.0391 4404        WMPNetworkSvc   (acb2e63d50157e3ea7140f29d9e76a48) C:\Program Files\Windows Media Player\wmpnetwk.exe

14:04:30.0516 4404        WMPNetworkSvc - ok

14:04:30.0594 4404        WPCSvc          (3d3b3b80c12abe506f56930c46422c28) C:\Windows\System32\wpcsvc.dll

14:04:30.0656 4404        WPCSvc - ok

14:04:30.0703 4404        WPDBusEnum      (c24844a1d0d9528b19d5bc266b8cd572) C:\Windows\system32\wpdbusenum.dll

14:04:30.0750 4404        WPDBusEnum - ok

14:04:30.0843 4404        WpdUsb          (2d27171b16a577ef14c1273668753485) C:\Windows\system32\DRIVERS\wpdusb.sys

14:04:30.0953 4404        WpdUsb - ok

14:04:31.0015 4404        ws2ifsl         (84620aecdcfd2a7a14e6263927d8c0ed) C:\Windows\system32\drivers\ws2ifsl.sys

14:04:31.0124 4404        ws2ifsl - ok

14:04:31.0218 4404        wscsvc          (f97cbb919af6d0a6643d1a59c15014d1) C:\Windows\System32\wscsvc.dll

14:04:31.0280 4404        wscsvc - ok

14:04:31.0311 4404        WSearch - ok

14:04:31.0452 4404        wuauserv        (6298277b73c77fa99106b271a7525163) C:\Windows\system32\wuaueng.dll

14:04:31.0639 4404        wuauserv - ok

14:04:31.0733 4404        WUDFRd          (a2aafcc8a204736296d937c7c545b53f) C:\Windows\system32\DRIVERS\WUDFRd.sys

14:04:31.0842 4404        WUDFRd - ok

14:04:31.0935 4404        wudfsvc         (db5bf5aab72b1b99b5331231d09ebb26) C:\Windows\System32\WUDFSvc.dll

14:04:32.0060 4404        wudfsvc - ok

14:04:32.0169 4404        yukonwlh        (ade7a4943003020216952b56a6741ec7) C:\Windows\system32\DRIVERS\yk60x86.sys

14:04:32.0216 4404        yukonwlh - ok

14:04:32.0247 4404        MBR (0x1B8)     (61a349592c4728853f4a90ff78f7628e) \Device\Harddisk0\DR0

14:04:32.0825 4404        \Device\Harddisk0\DR0 - ok

14:04:32.0871 4404        Boot (0x1200)   (39f1c8d7cb96ca8956459235f6edafcf) \Device\Harddisk0\DR0\Partition0

14:04:32.0871 4404        \Device\Harddisk0\DR0\Partition0 - ok

14:04:32.0887 4404        Boot (0x1200)   (92836443a2c29378b7f248aad6cb16da) \Device\Harddisk0\DR0\Partition1

14:04:32.0887 4404        \Device\Harddisk0\DR0\Partition1 - ok

14:04:32.0903 4404        ============================================================

14:04:32.0903 4404        Scan finished

14:04:32.0903 4404        ============================================================

14:04:32.0918 5464        Detected object count: 5

14:04:32.0918 5464        Actual detected object count: 5

14:04:58.0986 5464        OpenVPNService ( UnsignedFile.Multi.Generic ) - skipped by user

14:04:58.0986 5464        OpenVPNService ( UnsignedFile.Multi.Generic ) - User select action: Skip 

14:04:58.0986 5464        PzWDM ( UnsignedFile.Multi.Generic ) - skipped by user

14:04:58.0986 5464        PzWDM ( UnsignedFile.Multi.Generic ) - User select action: Skip 

14:04:58.0986 5464        Samsung Update Plus ( UnsignedFile.Multi.Generic ) - skipped by user

14:04:58.0986 5464        Samsung Update Plus ( UnsignedFile.Multi.Generic ) - User select action: Skip 

14:04:59.0001 5464        sptd ( LockedFile.Multi.Generic ) - skipped by user

14:04:59.0001 5464        sptd ( LockedFile.Multi.Generic ) - User select action: Skip 

14:04:59.0001 5464        USBAAPL ( UnsignedFile.Multi.Generic ) - skipped by user

14:04:59.0001 5464        USBAAPL ( UnsignedFile.Multi.Generic ) - User select action: Skip

Zitat:

Nur weil ich hier Hilfe suche, bin ich nicht dumm - natürlich ist mir klar, was "not found" heißt. Ich wollte nur wissen, was nicht gefunden werden konnte&was das bedeutet.

Na dann überleg doch mal "not found" = nicht gefunden = Objekt ist nicht mehr vorhanden!

Dann bitte jetzt CF ausführen:

ComboFix

Ein Leitfaden und Tutorium zur Nutzung von ComboFix

Lade dir ComboFix hier herunter auf deinen Desktop.

Schliesse alle Programme, vor allem dein Antivirenprogramm und andere Hintergrundwächter sowie deinen Internetbrowser.

Starte combofix.exe von deinem Desktop aus, bestätige die Warnmeldungen, führe die Updates durch (falls vorgeschlagen), installiere die Wiederherstellungskonsole (falls vorgeschlagen) und lass dein System durchsuchen.
Vermeide es auch während Combofix läuft die Maus und Tastatur zu benutzen.

Im Anschluss öffnet sich automatisch eine combofix.txt, diesen Inhalt bitte kopieren ([Strg]a, [Strg]c) und in deinen Beitrag einfügen ([Strg]v). Die Datei findest du außerdem unter: C:\ComboFix.txt.

Wichtiger Hinweis:

Combofix darf ausschließlich ausgeführt werden, wenn ein Kompetenzler dies ausdrücklich empfohlen hat!

Es sollte nie auf eigene Initiative hin ausgeführt werden! Eine falsche Benutzung kann ernsthafte Computerprobleme nach sich ziehen und eine Bereinigung der Infektion noch erschweren.

Solltest du nach der Ausführung von Combofix Probleme beim Starten von Anwendungen haben und Meldungen erhalten wie

Zitat:

Es wurde versucht, einen Registrierungsschlüssel einem ungültigen Vorgang zu unterziehen, der zum Löschen markiert wurde.

startest du Windows dann manuell neu und die Fehlermeldungen sollten nicht mehr auftauchen.

Faszinierend, seitdem hab ich wieder den IE auf dem Desktop.

[CODE]
Combofix Logfile:

Code:

ComboFix 12-03-29.02 - * 29.03.2012  16:24:10.1.2 - x86

Microsoft® Windows Vista™ Home Premium   6.0.6000.0.1252.49.1031.18.3070.2160 [GMT 2:00]

ausgeführt von:: c:\users\*\Desktop\ComboFix.exe

.

.

(((((((((((((((((((((((   Dateien erstellt von 2012-02-28 bis 2012-03-29  ))))))))))))))))))))))))))))))

.

.

2012-03-29 13:22 . 2012-03-29 13:22        63115        ----a-w-        c:\programdata\Microsoft\IdentityCRL\production\temp\wlidui_WLIDSVC\USERTILE.JS

2012-03-29 13:22 . 2012-03-29 13:22        9310        ----a-w-        c:\programdata\Microsoft\IdentityCRL\production\temp\wlidui_WLIDSVC\TEXTBOX.JS

2012-03-29 13:22 . 2012-03-29 13:22        8646        ----a-w-        c:\programdata\Microsoft\IdentityCRL\production\temp\wlidui_WLIDSVC\TILEBOX.JS

2012-03-29 13:22 . 2012-03-29 13:22        6429        ----a-w-        c:\programdata\Microsoft\IdentityCRL\production\temp\wlidui_WLIDSVC\UICORE.JS

2012-03-29 13:22 . 2012-03-29 13:22        5927        ----a-w-        c:\programdata\Microsoft\IdentityCRL\production\temp\wlidui_WLIDSVC\TEXT.JS

2012-03-29 13:22 . 2012-03-29 13:22        4599        ----a-w-        c:\programdata\Microsoft\IdentityCRL\production\temp\wlidui_WLIDSVC\UIRESOURCE.JS

2012-03-29 13:22 . 2012-03-29 13:22        8613        ----a-w-        c:\programdata\Microsoft\IdentityCRL\production\temp\wlidui_WLIDSVC\SAVEDUSER.JS

2012-03-29 13:22 . 2012-03-29 13:22        1651        ----a-w-        c:\programdata\Microsoft\IdentityCRL\production\temp\wlidui_WLIDSVC\QUERYSTRING.JS

2012-03-29 13:22 . 2012-03-29 13:22        6910        ----a-w-        c:\programdata\Microsoft\IdentityCRL\production\temp\wlidui_WLIDSVC\NEWUSERCOMM.JS

2012-03-29 13:21 . 2012-03-29 13:21        8288        ----a-w-        c:\programdata\Microsoft\IdentityCRL\production\temp\wlidui_WLIDSVC\IMAGE.JS

2012-03-29 13:21 . 2012-03-29 13:21        6208        ----a-w-        c:\programdata\Microsoft\IdentityCRL\production\temp\wlidui_WLIDSVC\LINK.JS

2012-03-29 13:21 . 2012-03-29 13:21        18541        ----a-w-        c:\programdata\Microsoft\IdentityCRL\production\temp\wlidui_WLIDSVC\LOCALIZATION.JS

2012-03-29 13:21 . 2012-03-29 13:21        51852        ----a-w-        c:\programdata\Microsoft\IdentityCRL\production\temp\wlidui_WLIDSVC\EXTERNALWRAPPER.JS

2012-03-29 13:21 . 2012-03-29 13:21        7271        ----a-w-        c:\programdata\Microsoft\IdentityCRL\production\temp\wlidui_WLIDSVC\CHECKBOX.JS

2012-03-29 13:21 . 2012-03-29 13:21        23327        ----a-w-        c:\programdata\Microsoft\IdentityCRL\production\temp\wlidui_WLIDSVC\COMBOBOX.JS

2012-03-29 13:21 . 2012-03-29 13:21        20719        ----a-w-        c:\programdata\Microsoft\IdentityCRL\production\temp\wlidui_WLIDSVC\DIVWRAPPER.JS

2012-03-29 13:21 . 2012-03-29 13:21        8782        ----a-w-        c:\programdata\Microsoft\IdentityCRL\production\temp\wlidui_WLIDSVC\BUTTON.JS

2012-03-27 16:10 . 2012-03-14 02:15        6582328        ----a-w-        c:\programdata\Microsoft\Windows Defender\Definition Updates\{1EDAECD4-62A1-4AF8-A21D-F19E1379403D}\mpengine.dll

2012-03-26 17:47 . 2012-03-26 17:47        --------        d-----w-        c:\program files\ESET

2012-03-18 11:30 . 2012-03-18 11:30        592824        ----a-w-        c:\program files\Mozilla Firefox\gkmedias.dll

2012-03-18 11:30 . 2012-03-18 11:30        44472        ----a-w-        c:\program files\Mozilla Firefox\mozglue.dll

.

.

.

((((((((((((((((((((((((((((((((((((   Find3M Bericht   ))))))))))))))))))))))))))))))))))))))))))))))))))))))

.

2012-02-23 08:18 . 2009-10-03 10:03        237072        ------w-        c:\windows\system32\MpSigStub.exe

2012-02-16 17:51 . 2012-02-11 22:17        137416        ----a-w-        c:\windows\system32\drivers\avipbb.sys

2012-03-18 11:30 . 2011-05-18 17:14        97208        ----a-w-        c:\program files\mozilla firefox\components\browsercomps.dll

.

.

((((((((((((((((((((((((((((   Autostartpunkte der Registrierung   ))))))))))))))))))))))))))))))))))))))))

.

.

*Hinweis* leere Einträge & legitime Standardeinträge werden nicht angezeigt. 

REGEDIT4

.

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt1]

@="{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}"

[HKEY_CLASSES_ROOT\CLSID\{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}]

2010-10-06 23:36        94208        ----a-w-        c:\users\*\AppData\Roaming\Dropbox\bin\DropboxExt.14.dll

.

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt2]

@="{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}"

[HKEY_CLASSES_ROOT\CLSID\{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}]

2010-10-06 23:36        94208        ----a-w-        c:\users\*\AppData\Roaming\Dropbox\bin\DropboxExt.14.dll

.

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt3]

@="{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}"

[HKEY_CLASSES_ROOT\CLSID\{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}]

2010-10-06 23:36        94208        ----a-w-        c:\users\*\AppData\Roaming\Dropbox\bin\DropboxExt.14.dll

.

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"Sidebar"="c:\program files\Windows Sidebar\sidebar.exe" [2008-04-16 1232896]

"LightScribe Control Panel"="c:\program files\Common Files\LightScribe\LightScribeControlPanel.exe" [2007-07-18 451872]

"WMPNSCFG"="c:\program files\Windows Media Player\WMPNSCFG.exe" [2006-11-02 201728]

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"StartCCC"="c:\program files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" [2008-01-21 61440]

"RtHDVCpl"="RtHDVCpl.exe" [2007-06-13 4489216]

"SynTPEnh"="c:\program files\Synaptics\SynTP\SynTPEnh.exe" [2007-10-26 1029416]

"RemoteControl"="c:\program files\CyberLink\PowerDVD\PDVDServ.exe" [2007-01-08 68640]

"LanguageShortcut"="c:\program files\CyberLink\PowerDVD\Language\Language.exe" [2007-01-08 52256]

"MBBalloon"="c:\program files\HOTALBUMMyBOX\MBBalloon.exe" [2007-12-21 791392]

"Malwarebytes Anti-Malware (reboot)"="c:\program files\Malwarebytes' Anti-Malware\mbam.exe" [2012-01-13 981680]

"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2011-08-31 40368]

"Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2011-03-29 937920]

"QuickTime Task"="c:\program files\QuickTime\QTTask.exe" [2010-11-29 421888]

"iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2011-06-07 421160]

"SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2011-06-09 254696]

"avgnt"="c:\program files\Avira\AntiVir Desktop\avgnt.exe" [2011-12-15 258512]

.

c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\

BTTray.lnk - c:\program files\WIDCOMM\Bluetooth Software\BTTray.exe [2007-4-24 723760]

.

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]

"aux"=wdmaud.drv

.

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Ulead Photo Express 5 SE Calendar Checker]

2004-01-12 19:40        69632        ----a-w-        c:\program files\Ulead Systems\Ulead Photo Express 5 SE\CalCheck.exe

.

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\McAfeeAntiSpyware]

"DisableMonitoring"=dword:00000001

.

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]

bthsvcs        REG_MULTI_SZ           BthServ

HPZ12        REG_MULTI_SZ           Pml Driver HPZ12 Net Driver HPZ12

.

[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{10880D85-AAD9-4558-ABDC-2AB1552D831F}]

2007-07-18 08:53        451872        ----a-w-        c:\program files\Common Files\LightScribe\LSRunOnce.exe

.

Inhalt des "geplante Tasks" Ordners

.

2012-03-29 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job

- c:\program files\Google\Update\GoogleUpdate.exe [2012-03-20 15:06]

.

2012-03-29 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job

- c:\program files\Google\Update\GoogleUpdate.exe [2012-03-20 15:06]

.

2012-03-29 c:\windows\Tasks\User_Feed_Synchronization-{B8DF09FC-AA2A-42C8-AAFD-FBF970487B24}.job

- c:\windows\system32\msfeedssync.exe [2006-11-02 09:45]

.

.

------- Zusätzlicher Suchlauf -------

.

uStart Page = hxxp:\\www.samsungcomputer.com

uDefault_Search_URL = hxxp://www.google.com/ie

uInternet Settings,ProxyOverride = *.local

uSearchAssistant = hxxp://www.google.com/ie

uSearchURL,(Default) = hxxp://www.google.com/search?q=%s

IE: Add to Google Photos Screensa&ver - c:\windows\system32\GPhotos.scr/200

IE: Free YouTube Download - c:\users\*\AppData\Roaming\DVDVideoSoftIEHelpers\youtubedownload.htm

IE: Free YouTube to Mp3 Converter - c:\users\*\AppData\Roaming\DVDVideoSoftIEHelpers\freeyoutubetomp3converter.htm

IE: Nach Microsoft E&xel exportieren - c:\progra~1\MICROS~2\Office12\EXCEL.EXE/3000

TCP: DhcpNameServer = 192.168.2.1 78.42.43.62 82.212.62.62

FF - ProfilePath - c:\users\*\AppData\Roaming\Mozilla\Firefox\Profiles\kh6forey.default\

FF - prefs.js: browser.search.selectedEngine - Google

FF - prefs.js: browser.startup.homepage - hxxp://google.de/

FF - prefs.js: keyword.URL - hxxp://search.icq.com/search/afe_results.php?ch_id=afex&q=

.

.

**************************************************************************

.

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, hxxp://www.gmer.net

Rootkit scan 2012-03-29 16:35

Windows 6.0.6000  NTFS

.

Scanne versteckte Prozesse... 

.

Scanne versteckte Autostarteinträge... 

.

Scanne versteckte Dateien... 

.

Scan erfolgreich abgeschlossen

versteckte Dateien: 0

.

**************************************************************************

.

--------------------- Durch laufende Prozesse gestartete DLLs ---------------------

.

- - - - - - - > 'Explorer.exe'(2208)

c:\users\*\AppData\Roaming\Dropbox\bin\DropboxExt.14.dll

c:\windows\system32\btmmhook.dll

.

Zeit der Fertigstellung: 2012-03-29  16:39:39

ComboFix-quarantined-files.txt  2012-03-29 14:39

.

Vor Suchlauf: 18 Verzeichnis(se), 67.773.440.000 Bytes frei

Nach Suchlauf: 22 Verzeichnis(se), 68.315.021.312 Bytes frei

.

- - End Of File - - 741F613D63D0CE9B0114AE7D04FDE775

--- --- ---

Bitte nun Logs mit GMER und OSAM erstellen und posten.
GMER stürzt häufiger ab, wenn das Tool auch beim 2. Mal nicht will, lass es einfach weg und führ nur OSAM aus - die Online-Abfrage durch OSAM bitte überspringen.
Bei OSAM bitte darauf auch achten, dass Du das Log auch als *.log und nicht *.html oder so abspeicherst.

Hinweis: Zum Entpacken von OSAM bitte WinRAR oder 7zip verwenden! Stell auch unbedingt den Virenscanner ab, besonders der Scanner von McAfee meldet oft einen Fehalarm in OSAM!

Downloade dir bitte

aswMBR.exe und speichere die Datei auf deinem Desktop.

Starte die aswMBR.exe - (aswMBR.exe Anleitung)
Ab Windows Vista (oder höher) bitte mit Rechtsklick "als Administrator ausführen" starten".
Das Tool wird dich fragen, ob Du mit der aktuellen Virendefinition von AVAST! dein System scannen willst. Beantworte diese Frage bitte mit Ja. (Sollte deine Firewall fragen, bitte den Zugriff auf das Internet zulassen )
Der Download der Definitionen kann je nach Verbindung eine Weile dauern.
Klicke auf Scan.
Warte bitte bis Scan finished successfully im DOS-Fenster steht.
Drücke auf Save Log und speichere diese auf dem Desktop.

Poste mir die aswMBR.txt in deiner nächsten Antwort.

Wichtig: Drücke keinesfalls einen der Fix Buttons ohne Anweisung

Hinweis: Sollte der Scan Button ausgeblendet sein, schließe das Tool und starte es erneut. Sollte der Scan abbrechen und das Programm abstürzen, dann teile mir das mit und wähle unter AV Scan die Einstellung (none).

Osam - Log:

Code:

OSAM Logfile:
 

        Code:


        
Report of OSAM: Autorun Manager v5.0.11926.0

hxxp://www.online-solutions.ru/en/

Saved at 21:18:30 on 30.03.2012
 

OS: Windows Vista Home Premium Edition (Build 6000), 32-bit

Default Browser: Mozilla Corporation Firefox 11.0
 

Scanner Settings

[x] Rootkits detection (hidden registry)

[x] Rootkits detection (hidden files)

[x] Retrieve files information

[x] Check Microsoft signatures
 

Filters

[ ] Trusted entries

[ ] Empty entries

[x] Hidden registry entries (rootkit activity)

[x] Exclusively opened files

[x] Not found files

[x] Files without detailed information

[x] Existing files

[ ] Non-startable services

[ ] Non-startable drivers

[x] Active entries

[x] Disabled entries
 
 

[Common]

-----( %SystemRoot%\Tasks )-----

"GoogleUpdateTaskMachineCore.job" - "Google Inc." - C:\Program Files\Google\Update\GoogleUpdate.exe

"GoogleUpdateTaskMachineUA.job" - "Google Inc." - C:\Program Files\Google\Update\GoogleUpdate.exe
 

[Control Panel Objects]

-----( %SystemRoot%\system32 )-----

"FlashPlayerCPLApp.cpl" - "Adobe Systems Incorporated" - C:\Windows\system32\FlashPlayerCPLApp.cpl

-----( HKLM\Software\Microsoft\Windows\CurrentVersion\Control Panel\Cpls )-----

"mlcfg32.cpl" - "Microsoft Corporation" - C:\PROGRA~1\MICROS~2\Office12\MLCFG32.CPL

"QuickTime" - "Apple Inc." - C:\Program Files\QuickTime\QTSystem\QuickTime.cpl
 

[Drivers]

-----( HKLM\SYSTEM\CurrentControlSet\Services )-----

"Apple Mobile USB Driver" (USBAAPL) - "Apple, Inc." - C:\Windows\System32\Drivers\usbaapl.sys

"avgntflt" (avgntflt) - "Avira GmbH" - C:\Windows\System32\DRIVERS\avgntflt.sys

"avipbb" (avipbb) - "Avira GmbH" - C:\Windows\System32\DRIVERS\avipbb.sys

"avkmgr" (avkmgr) - "Avira GmbH" - C:\Windows\System32\DRIVERS\avkmgr.sys

"catchme" (catchme) - ? - C:\Users\jess\AppData\Local\Temp\catchme.sys  (File not found)

"IP in IP Tunnel Driver" (IpInIp) - ? - C:\Windows\System32\DRIVERS\ipinip.sys  (File not found)

"IPX Traffic Filter Driver" (NwlnkFlt) - ? - C:\Windows\System32\DRIVERS\nwlnkflt.sys  (File not found)

"IPX Traffic Forwarder Driver" (NwlnkFwd) - ? - C:\Windows\System32\DRIVERS\nwlnkfwd.sys  (File not found)

"PzWDM" (PzWDM) - "Prassi Technology" - C:\Windows\System32\Drivers\PzWDM.sys

"sptd" (sptd) - "Duplex Secure Ltd." - C:\Windows\System32\Drivers\sptd.sys  (File is exclusively opened, access blocked)

"ssmdrv" (ssmdrv) - "Avira GmbH" - C:\Windows\System32\DRIVERS\ssmdrv.sys
 

[Explorer]

-----( HKCU\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved )-----

{FB314ED9-A251-47B7-93E1-CDD82E34AF8B} "DropboxExt" - ? -   (File not found | COM-object registry key not found)

{FB314EDA-A251-47B7-93E1-CDD82E34AF8B} "DropboxExt" - ? -   (File not found | COM-object registry key not found)

{FB314EDB-A251-47B7-93E1-CDD82E34AF8B} "DropboxExt" - ? -   (File not found | COM-object registry key not found)

{FB314EDC-A251-47B7-93E1-CDD82E34AF8B} "DropboxExt" - ? -   (File not found | COM-object registry key not found)

-----( HKLM\SOFTWARE\Microsoft\Active Setup\Installed Components )-----

{10880D85-AAD9-4558-ABDC-2AB1552D831F} "LightScribe Control Panel" - "Hewlett-Packard Company" - "C:\Program Files\Common Files\LightScribe\LSRunOnce.exe"

-----( HKLM\Software\Classes\Folder\shellex\ColumnHandlers )-----

{F9DB5320-233E-11D1-9F84-707F02C10627} "PDF Shell Extension" - "Adobe Systems, Inc." - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\PDFShell.dll

{C52AF81D-F7A0-4AAB-8E87-F80A60CCD396} "{C52AF81D-F7A0-4AAB-8E87-F80A60CCD396}" - ? - C:\Program Files\OpenOffice.org 3\Basis\program\shlxthdl\shlxthdl.dll

-----( HKLM\Software\Classes\Protocols\Filter )-----

{807563E5-5146-11D5-A672-00B0D022E945} "Microsoft Office InfoPath XML Mime Filter" - "Microsoft Corporation" - C:\PROGRA~1\COMMON~1\MICROS~1\OFFICE12\MSOXMLMF.DLL

-----( HKLM\Software\Classes\Protocols\Handler )-----

{32505114-5902-49B2-880A-1F7738E5A384} "Data Page Plugable Protocal mso-offdap11 Handler" - "Microsoft Corporation" - C:\PROGRA~1\COMMON~1\MICROS~1\WEBCOM~1\11\OWC11.DLL

{314111c7-a502-11d2-bbca-00c04f8ec294} "HxProtocol Class" - "Microsoft Corporation" - C:\Program Files\Common Files\Microsoft Shared\Help\hxds.dll

{FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} "IEProtocolHandler Class" - "Skype Technologies" - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL

{828030A1-22C1-4009-854F-8E305202313F} "livecall" - "Microsoft Corporation" - C:\PROGRA~1\WI1F86~1\MESSEN~1\MSGRAP~1.DLL

{828030A1-22C1-4009-854F-8E305202313F} "msnim" - "Microsoft Corporation" - C:\PROGRA~1\WI1F86~1\MESSEN~1\MSGRAP~1.DLL

-----( HKLM\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved )-----

{911051fa-c21c-4246-b470-070cd8df6dc4} ".cab or .zip files" - ? -   (File not found | COM-object registry key not found)

{23170F69-40C1-278A-1000-000100020000} "7-Zip Shell Extension" - "Igor Pavlov" - C:\Program Files\7-Zip\7-zip.dll

{1b24a030-9b20-49bc-97ac-1be4426f9e59} "ActiveDirectory Folder" - ? -   (File not found | COM-object registry key not found)

{34449847-FD14-4fc8-A75A-7432F5181EFB} "ActiveDirectory Folder" - ? -   (File not found | COM-object registry key not found)

{0F8604A5-4ECE-4DE1-BA7D-CF10F8AA4F48} "Contacts folder" - ? -   (File not found | COM-object registry key not found)

{2C2577C2-63A7-40e3-9B7F-586602617ECB} "Explorer Query Band" - ? -   (File not found | COM-object registry key not found)

{B9E1D2CB-CCFF-4AA6-9579-D7A4754030EF} "iTunes" - "Apple Inc." - C:\Program Files\iTunes\iTunesMiniPlayer.dll

{42042206-2D85-11D3-8CFF-005004838597} "Microsoft Office HTML Icon Handler" - "Microsoft Corporation" - C:\Program Files\Microsoft Office\Office12\msohevi.dll

{993BE281-6695-4BA5-8A2A-7AACBFAAB69E} "Microsoft Office Metadata Handler" - "Microsoft Corporation" - C:\PROGRA~1\COMMON~1\MICROS~1\OFFICE12\msoshext.dll

{00020d75-0000-0000-c000-000000000046} "Microsoft Office Outlook" - "Microsoft Corporation" - C:\PROGRA~1\MICROS~2\Office12\MLSHEXT.DLL

{C41662BB-1FA0-4CE0-8DC5-9B7F8279FF97} "Microsoft Office Thumbnail Handler" - "Microsoft Corporation" - C:\PROGRA~1\COMMON~1\MICROS~1\OFFICE12\msoshext.dll

{7842554E-6BED-11D2-8CDB-B05550C10000} "Monitor Class" - "Broadcom Corporation." - C:\Windows\system32\btncopy.dll

{C52AF81D-F7A0-4AAB-8E87-F80A60CCD396} "OpenOffice.org Column Handler" - ? - C:\Program Files\OpenOffice.org 3\Basis\program\shlxthdl\shlxthdl.dll

{087B3AE3-E237-4467-B8DB-5A38AB959AC9} "OpenOffice.org Infotip Handler" - ? - C:\Program Files\OpenOffice.org 3\Basis\program\shlxthdl\shlxthdl.dll

{63542C48-9552-494A-84F7-73AA6A7C99C1} "OpenOffice.org Property Sheet Handler" - ? - C:\Program Files\OpenOffice.org 3\Basis\program\shlxthdl\shlxthdl.dll

{3B092F0C-7696-40E3-A80F-68D74DA84210} "OpenOffice.org Thumbnail Viewer" - ? - C:\Program Files\OpenOffice.org 3\Basis\program\shlxthdl\shlxthdl.dll

{0006F045-0000-0000-C000-000000000046} "Outlook File Icon Extension" - "Microsoft Corporation" - C:\PROGRA~1\MICROS~2\Office12\OLKFSTUB.DLL

{C8494E42-ACDD-4739-B0FB-217361E4894F} "Sam Account Folder" - ? -   (File not found | COM-object registry key not found)

{E29F9716-5C08-4FCD-955A-119FDB5A522D} "Sam Account Folder" - ? -   (File not found | COM-object registry key not found)

{45AC2688-0253-4ED8-97DE-B5370FA7D48A} "Shell Extension for Malware scanning" - "Avira Operations GmbH & Co. KG" - C:\Program Files\Avira\AntiVir Desktop\shlext.dll

{5E2121EE-0300-11D4-8D3B-444553540000} "SimpleShlExt Class" - ? - C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\atiacmxx.dll

{da67b8ad-e81b-4c70-9b91b417b5e33527} "Windows Search Shell Service" - ? -   (File not found | COM-object registry key not found)
 

[Internet Explorer]

-----( HKCU\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser )-----

<binary data> "ITBar7Layout" - ? -   (File not found | COM-object registry key not found)

-----( HKLM\SOFTWARE\Microsoft\Code Store Database\Distribution Units )-----

{8AD9C840-044E-11D1-B3E9-00805F499D93} "Java Plug-in 1.6.0_30" - "Sun Microsystems, Inc." - C:\Program Files\Java\jre6\bin\jp2iexp.dll / hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_30-windows-i586.cab

{CAFEEFAC-0016-0000-0030-ABCDEFFEDCBA} "Java Plug-in 1.6.0_30" - "Sun Microsystems, Inc." - C:\Program Files\Java\jre6\bin\jp2iexp.dll / hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_30-windows-i586.cab

{CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} "Java Plug-in 1.6.0_30" - "Sun Microsystems, Inc." - C:\Program Files\Java\jre6\bin\npjpi160_30.dll / hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_30-windows-i586.cab

-----( HKLM\SOFTWARE\Microsoft\Internet Explorer\Extensions )-----

"@btrez.dll,-4015" - ? - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm

{FF059E31-CC5A-4E2E-BF3B-96E929D65503} "Research" - "Microsoft Corporation" - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL

-----( HKLM\SOFTWARE\Microsoft\Internet Explorer\Toolbar )-----

{8dcb7100-df86-4384-8842-8fa844297b3f} "Bing Bar" - "Microsoft Corporation." - C:\Program Files\Microsoft\BingBar\BingExt.dll

-----( HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects )-----

{06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} "Adobe PDF Reader" - "Adobe Systems Incorporated" - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll

{d2ce3e00-f94a-4740-988e-03dc2f38c34f} "Bing Bar Helper" - "Microsoft Corporation." - C:\Program Files\Microsoft\BingBar\BingExt.dll

{DBC80044-A445-435b-BC74-9C25C1C588A9} "Java(tm) Plug-In 2 SSV Helper" - "Sun Microsystems, Inc." - C:\Program Files\Java\jre6\bin\jp2ssv.dll

{761497BB-D6F0-462C-B6EB-D4DAF1D92D43} "Java(tm) Plug-In SSV Helper" - "Sun Microsystems, Inc." - C:\Program Files\Java\jre6\bin\ssv.dll

{9030D464-4C02-4ABF-8ECC-5164760863C6} "Windows Live ID Sign-in Helper" - "Microsoft Corporation" - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll

{5C255C8A-E604-49b4-9D64-90988571CECB} "{5C255C8A-E604-49b4-9D64-90988571CECB}" - ? -   (File not found | COM-object registry key not found)
 

[Logon]

-----( %APPDATA%\Microsoft\Windows\Start Menu\Programs\Startup )-----

"desktop.ini" - ? - C:\Users\*\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\desktop.ini

-----( %AllUsersProfile%\Microsoft\Windows\Start Menu\Programs\Startup )-----

"desktop.ini" - ? - C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\desktop.ini

"BTTray.lnk" - "Broadcom Corporation." - C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe  (Shortcut exists | File exists)

-----( %UserProfile%\AppData\Local\Windows )-----

"Dropbox.lnk" - "Dropbox, Inc." - C:\Users\*\AppData\Roaming\Dropbox\bin\Dropbox.exe  (Shortcut exists | File exists)

-----( HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Run )-----

"LightScribe Control Panel" - "Hewlett-Packard Company" - C:\Program Files\Common Files\LightScribe\LightScribeControlPanel.exe -hidden

-----( HKLM\SYSTEM\CurrentControlSet\Control\Terminal Server\Wds\rdpwd )-----

"StartupPrograms" - ? - rdpclip  (File not found)

-----( HKLM\Software\Microsoft\Windows\CurrentVersion\Run )-----

"Adobe ARM" - "Adobe Systems Incorporated" - "C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe"

"Adobe Reader Speed Launcher" - "Adobe Systems Incorporated" - "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"

"avgnt" - "Avira Operations GmbH & Co. KG" - "C:\Program Files\Avira\AntiVir Desktop\avgnt.exe" /min

"iTunesHelper" - "Apple Inc." - "C:\Program Files\iTunes\iTunesHelper.exe"

"LanguageShortcut" - ? - "C:\Program Files\CyberLink\PowerDVD\Language\Language.exe"

"Malwarebytes Anti-Malware (reboot)" - "Malwarebytes Corporation" - "C:\Program Files\Malwarebytes' Anti-Malware\mbam.exe" /runcleanupscript

"MBBalloon" - "PLANNING Co., Ltd." - C:\Program Files\HOTALBUMMyBOX\MBBalloon.exe

"QuickTime Task" - "Apple Inc." - "C:\Program Files\QuickTime\QTTask.exe" -atboottime

"RemoteControl" - "Cyberlink Corp." - "C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe"

"StartCCC" - "Advanced Micro Devices, Inc." - "C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe"

"SunJavaUpdateSched" - "Sun Microsystems, Inc." - "C:\Program Files\Common Files\Java\Java Update\jusched.exe"
 

[Print Monitors]

-----( HKLM\SYSTEM\CurrentControlSet\Control\Print\Monitors )-----

"HP 8711 Status Monitor" - "Hewlett-Packard Co." - C:\Windows\system32\hpinksts8711LM.dll
 

[Services]

-----( HKLM\SYSTEM\CurrentControlSet\Services )-----

"Apple Mobile Device" (Apple Mobile Device) - "Apple Inc." - C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe

"Avira Echtzeit Scanner" (AntiVirService) - "Avira Operations GmbH & Co. KG" - C:\Program Files\Avira\AntiVir Desktop\avguard.exe

"Avira Planer" (AntiVirSchedulerService) - "Avira Operations GmbH & Co. KG" - C:\Program Files\Avira\AntiVir Desktop\sched.exe

"Bing Bar Update Service" (BBSvc) - "Microsoft Corporation." - C:\Program Files\Microsoft\BingBar\BBSvc.EXE

"Bluetooth Service" (btwdins) - "Broadcom Corporation." - C:\Program Files\WIDCOMM\Bluetooth Software\bin\btwdins.exe

"Cyberlink RichVideo Service(CRVS)" (RichVideo) - ? - C:\Program Files\CyberLink\Shared Files\RichVideo.exe

"Dienst "Bonjour"" (Bonjour Service) - "Apple Inc." - C:\Program Files\Bonjour\mDNSResponder.exe

"Google Update-Dienst (gupdate)" (gupdate) - "Google Inc." - C:\Program Files\Google\Update\GoogleUpdate.exe

"Google Update-Dienst (gupdatem)" (gupdatem) - "Google Inc." - C:\Program Files\Google\Update\GoogleUpdate.exe

"Google Updater Service" (gusvc) - "Google" - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe

"iPod-Dienst" (iPod Service) - "Apple Inc." - C:\Program Files\iPod\bin\iPodService.exe

"LightScribeService Direct Disc Labeling Service" (LightScribeService) - "Hewlett-Packard Company" - C:\Program Files\Common Files\LightScribe\LSSrvc.exe

"Microsoft Office Diagnostics Service" (odserv) - "Microsoft Corporation" - C:\Program Files\Common Files\Microsoft Shared\OFFICE12\ODSERV.EXE

"Office Source Engine" (ose) - "Microsoft Corporation" - C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE

"OpenVPN Service" (OpenVPNService) - ? - C:\Program Files\OpenVPN\bin\openvpnserv.exe  (File found, but it contains no detailed information)

"Samsung Update Plus" (Samsung Update Plus) - ? - C:\Program Files\Samsung\Samsung Update Plus\SLUBackgroundService.exe  (File found, but it contains no detailed information)

"SeaPort" (SeaPort) - "Microsoft Corporation" - C:\Program Files\Microsoft\BingBar\SeaPort.EXE

"SQL Server (MSSMLBIZ)" (MSSQL$MSSMLBIZ) - ? - C:\Program Files\Microsoft SQL Server\MSSQL.1\MSSQL\Binn\sqlservr.exe

"SQL Server VSS Writer" (SQLWriter) - ? - C:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe

"SQL Server-Browser" (SQLBrowser) - ? - C:\Program Files\Microsoft SQL Server\90\Shared\sqlbrowser.exe

"SQL Server-Startdienst für Business Contact Manager" (BcmSqlStartupSvc) - "Microsoft Corporation" - C:\Program Files\Microsoft Small Business\Business Contact Manager\BcmSqlStartupSvc.exe

"Windows Live ID Sign-in Assistant" (wlidsvc) - "Microsoft Corporation" - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
 

[Winsock Providers]

-----( HKLM\SYSTEM\CurrentControlSet\Services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries )-----

"mdnsNSP" - "Apple Inc." - C:\Program Files\Bonjour\mdnsNSP.dll
 

===[ Logfile end ]=========================================[ Logfile end ]===

 
--- --- ---
 

If You have questions or want to get some help, You can visit hxxp://forum.online-solutions.ru