Trojaner-Board

Trojaner-Board (https://www.trojaner-board.de/)
-   Plagegeister aller Art und deren Bekämpfung (https://www.trojaner-board.de/plagegeister-aller-art-deren-bekaempfung/)
-   -   Registrierungsreparatur nach Trojanerbefall (https://www.trojaner-board.de/115578-registrierungsreparatur-trojanerbefall.html)

ThimoS. 22.05.2012 11:25
Registrierungsreparatur nach Trojanerbefall
 
hy,

hatte folgende schädlinge auf der windos7 platte:

Code:
C:\Users\-----\AppData\Local\{ad5ecec4-3dd7-312d-1dd4-776665b24f04}\U\00000008.@\[Embedded_R#00310]\[UPX]       
C:\Users\-----\AppData\Local\{ad5ecec4-3dd7-312d-1dd4-776665b24f04}\n       
C:\Windows\assembly\GAC\Desktop.ini       
C:\Users\-----\AppData\Roaming\3.EXE       
C:\Windows\Microsoft.NET\Framework\v2.0.50727\AppLaunch.exe       
C:\Windows\winsxs\x86_netfx-applaunch_exe_b03f5f7f11d50a3a_6.1.7601.17514_none_99931ad927972550\AppLaunch.exe
per avast bart cd entfernt
im internet find ich nix jedenfalls nix hilfreiches.
das problem ist nun, das nach jedem neustart die desktopsymbole groß sind und deren position nicht gespeichert werden, auch kann man im explorer die sichteinstellung "details" nicht speichern, nach jedem aufrufen von explorer ist die ansicht auf standard (tiles)

nun wollt ich fragen ob hier jemnad weiß, was diese genannten schaedlinge in der registry ändern, um das manuell zu beheben.
vielen dank

thimo

Psychotic 23.05.2012 08:10
Zitat:
C:\Users\-----\AppData\Local\{ad5ecec4-3dd7-312d-1dd4-776665b24f04}\U\00000008.@\[Embedded_R#00310]\[UPX]
C:\Users\-----\AppData\Local\{ad5ecec4-3dd7-312d-1dd4-776665b24f04}\n
C:\Windows\assembly\GAC\Desktop.ini
Du hast das ZeroAccess-Rootkit auf der Maschine!
Dieser Schädling lässt sich nicht einfach durch eine RescueCD ausheblen!

Um eine genauere Analyse zu ermöglichen, befolge bitte diesen Link:

An alle Hilfesuchenden! Was muss ich vor Eröffnung eines Themas beachten?

ThimoS. 23.05.2012 12:01
vielen lieben dank fue deine reaktion, anbei die logs:


Attach:

[code]
.
UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.
IF REQUESTED, ZIP IT UP & ATTACH IT
.DDS Logfile:
Code:
DDS (Ver_2011-08-26.01)
.
.
==== Disk Partitions =========================
.
.
==== Disabled Device Manager Items =============
.
==== System Restore Points ===================
.
No restore point in system.
.
==== Installed Programs ======================
.
.
'Full Speed' Internet Booster + Performance Tests
7-Zip 9.20
Adobe Flash Player 11 ActiveX
Adobe Flash Player 11 Plugin
Apple Application Support
Apple Software Update
avast! Internet Security
Bitcoin
CCleaner
Command & Conquer Generals
Command and ConquerTM Generals Zero Hour
CoreAVC Professional Edition (remove only)
CrystalDiskInfo 4.1.3
DVDFab 8.1.7.5 (07/04/2012) Qt
FileASSASSIN
FileServe Manager 1.0.0.3394
FileZilla Client 3.5.3
GPL Ghostscript
Haali Media Splitter
HD Tune Pro 5.00
HDDlife Pro 4.0
IncrediMail
IncrediMail 2.0
IncrediMail Password Recovery
Internet Cyclone 1.92
IrfanView (remove only)
Java Auto Updater
Java(TM) 6 Update 31
Java(TM) 7 Update 3
K-Lite Mega Codec Pack 7.8.0
LG Tool Kit
Malwarebytes Anti-Malware version 1.61.0.1400
Microsoft .NET Framework 4 Client Profile
Microsoft Office Access MUI (English) 2007
Microsoft Office Access Setup Metadata MUI (English) 2007
Microsoft Office Enterprise 2007
Microsoft Office Excel MUI (English) 2007
Microsoft Office Groove MUI (English) 2007
Microsoft Office Groove Setup Metadata MUI (English) 2007
Microsoft Office InfoPath MUI (English) 2007
Microsoft Office OneNote MUI (English) 2007
Microsoft Office Outlook MUI (English) 2007
Microsoft Office PowerPoint MUI (English) 2007
Microsoft Office Proof (English) 2007
Microsoft Office Proof (French) 2007
Microsoft Office Proof (Spanish) 2007
Microsoft Office Proofing (English) 2007
Microsoft Office Publisher MUI (English) 2007
Microsoft Office Shared MUI (English) 2007
Microsoft Office Shared Setup Metadata MUI (English) 2007
Microsoft Office Word MUI (English) 2007
Microsoft Visual C++ 2005 Redistributable
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30411
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
Microsoft_VC100_CRT_SP1_x86
MSVC80_x86_v2
MSVC90_x86
MSXML 4.0 SP2 (KB954430)
MSXML 4.0 SP2 (KB973688)
Mytoolsoft Watermark Software 2.7.6
Nokia Connectivity Cable Driver
Nokia Ovi Suite Software Updater
Nokia Suite
Notepad++
NTREGOPT 1.1j
NVIDIA Graphics Driver 296.10
NVIDIA Install Application
OviMPlatform
PantsOff 2.0
PC Connectivity Solution
PDF-XChange Viewer
PerfectDisk 10 Professional
PhotoME
PowerISO
QuickTime
Realtek AC'97 Audio
Registry Repair 4.1.0.388
RouterControl 2.0
Samsung New PC Studio
Samsung SF-360_CF-360 Series
SAMSUNG USB Driver for Mobile Phones
Security Update for Microsoft .NET Framework 4 Client Profile (KB2478663)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2518870)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2539636)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2572078)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2604121)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2633870)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2656351)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2656368)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2656405)
SRWare Iron version SRWare Iron 18.0.1050.0
System Requirements Lab
TeamViewer 7
Technitium MAC Address Changer v6.0
Tinypic 3.18
TUGZip 3.5
TuneUp Utilities 2011
TuneUp Utilities Language Pack (en-US)
Uniblue SpeedUpMyPC
Unlocker 1.9.1
Update for Microsoft .NET Framework 4 Client Profile (KB2468871)
Update for Microsoft .NET Framework 4 Client Profile (KB2533523)
Update for Microsoft .NET Framework 4 Client Profile (KB2600217)
Virtual CD v10
WIDCOMM Bluetooth Software 6.0.1.6300
Windows Driver Package - Nokia pccsmcfd  (08/22/2008 7.0.0.0)
WinPcap 4.1.2
WinUtilities 10.38 Professional Edition
WordToPDF 2.7
.
==== End Of File ===========================
DDS:

Code:
.
DDS (Ver_2011-08-26.01) - NTFSx86
Internet Explorer: 9.0.8112.16421
Run by ----- at 12:53:48 on 2012-05-23
.
============== Running Processes ===============
.
.
============== Pseudo HJT Report ===============
.
uWindow Title = >>> 'Full Speed' Enabled <<<
mRun: [avast5] "c:\program files\alwil software\avast5\avastUI.exe" /nogui
uPolicies-explorer: HideClock = 0 (0x0)
mPolicies-explorer: NoResolveTrack = 1 (0x1)
mPolicies-explorer: NoFileAssociate = 0 (0x0)
mPolicies-system: ConsentPromptBehaviorAdmin = 0 (0x0)
mPolicies-system: ConsentPromptBehaviorUser = 3 (0x3)
mPolicies-system: EnableLUA = 0 (0x0)
mPolicies-system: EnableUIADesktopToggle = 0 (0x0)
mPolicies-system: PromptOnSecureDesktop = 0 (0x0)
mPolicies-system: NoDispSettingsPage = 0 (0x0)
IE: Download with FileServe Manager - c:\program files\fileserve manager\GetUrl.htm
IE: E&xport to Microsoft Excel - c:\progra~1\microsoft office\office12\EXCEL.EXE/3000
IE: Send image to &Bluetooth Device... - c:\program files\widcomm\bluetooth software\btsendto_ie_ctx.htm
IE: Send page to &Bluetooth Device... - c:\program files\widcomm\bluetooth software\btsendto_ie.htm
LSP: mswsock.dll
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.7.0/jinstall-1_7_0_03-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0031-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab
DPF: {CAFEEFAC-0017-0000-0003-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.7.0/jinstall-1_7_0_03-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab
TCP: Interfaces\{177994D8-96D5-4F24-AA0A-66B749006129} : NameServer = 208.67.222.222,208.67.220.220
Handler: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - c:\progra~1\microsoft office\office12\GrooveSystemServices.dll
SEH: Groove GFS Stub Execution Hook: {b5a7f190-dda6-4420-b3ba-52453494e6cd} - c:\progra~1\microsoft office\office12\GrooveShellExtensions.dll
.
============= SERVICES / DRIVERS ===============
.
.
=============== Created Last 30 ================
.
2012-05-22 13:12:56        --------        d-----w-        c:\users\-----\appdata\roaming\GlarySoft
2012-05-22 13:04:46        --------        d-----w-        c:\program files\Uniblue
2012-05-22 12:21:31        --------        d-----w-        c:\program files\Glarysoft
2012-05-21 10:12:57        --------        d-----w-        c:\program files\Passcape
2012-05-18 11:58:38        --------        d-----w-        c:\users\-----\appdata\roaming\Profiles
2012-05-18 11:58:37        --------        d-----w-        c:\users\-----\appdata\roaming\Skins
2012-05-18 11:58:37        --------        d-----w-        c:\users\-----\appdata\roaming\Settings
2012-05-18 11:58:37        --------        d-----w-        c:\users\-----\appdata\roaming\Language
2012-05-10 20:37:24        1291632        ----a-w-        c:\windows\system32\drivers\tcpip.sys
2012-05-10 20:37:21        936960        ----a-w-        c:\program files\common files\microsoft shared\ink\journal.dll
2012-05-10 20:37:20        989184        ----a-w-        c:\program files\windows journal\JNTFiltr.dll
2012-05-10 20:37:20        969216        ----a-w-        c:\program files\windows journal\JNWDRV.dll
2012-05-10 20:37:20        1221632        ----a-w-        c:\program files\windows journal\NBDoc.DLL
2012-05-10 20:37:04        3968368        ----a-w-        c:\windows\system32\ntkrnlpa.exe
2012-05-10 20:37:04        3913072        ----a-w-        c:\windows\system32\ntoskrnl.exe
2012-05-10 20:37:03        2343424        ----a-w-        c:\windows\system32\win32k.sys
2012-05-10 20:36:02        56176        ----a-w-        c:\windows\system32\drivers\partmgr.sys
2012-05-10 20:36:00        1077248        ----a-w-        c:\windows\system32\DWrite.dll
2012-05-05 12:35:11        --------        d-----w-        c:\program files\common files\SpeechEngines
2012-05-02 18:50:37        --------        d-sh--w-        c:\programdata\MPK
2012-05-02 18:50:37        --------        d-sh--w-        c:\program files\KGB
2012-04-30 21:37:12        --------        d-----w-        c:\programdata\NVIDIA Corporation
2012-04-30 21:36:48        881984        ----a-w-        c:\windows\system32\nvgenco32.dll
2012-04-30 21:36:48        19444544        ----a-w-        c:\windows\system32\nvoglv32.dll
2012-04-30 21:36:48        1000256        ----a-w-        c:\windows\system32\nvdispco32.dll
2012-04-28 17:09:20        --------        d-----w-        c:\users\-----\appdata\roaming\HD Tune Pro
2012-04-28 17:06:19        --------        d-----w-        c:\program files\HDTune
2012-04-28 16:44:43        --------        d-----w-        c:\users\-----\appdata\local\Western Digital
2012-04-28 16:36:57        --------        d-----w-        c:\users\-----\appdata\roaming\BinarySense
2012-04-28 16:35:48        --------        d-----w-        c:\program files\HdLife
2012-04-28 16:35:48        --------        d-----w-        c:\program files\common files\BinarySense
2012-04-28 15:41:51        59904        ----a-w-        c:\windows\system32\wbemdisp.tlb
2012-04-28 15:41:51        102160        ----a-w-        c:\windows\system32\VB6KO.DLL
2012-04-28 15:41:50        16384        ----a-w-        c:\windows\system32\lgfwunis.exe
2012-04-28 15:41:50        115016        ----a-w-        c:\windows\system32\MSINET.OCX
2012-04-28 15:41:50        --------        d-----w-        c:\program files\lg_fwupdate
2012-04-28 15:41:41        77824        ----a-w-        c:\program files\common files\installshield\engine\6\intel 32\ctor.dll
2012-04-28 15:41:41        32768        ------w-        c:\program files\common files\installshield\engine\6\intel 32\objectps.dll
2012-04-28 15:41:41        225280        ------w-        c:\program files\common files\installshield\iscript\iscript.dll
2012-04-28 15:41:41        176128        ------w-        c:\program files\common files\installshield\engine\6\intel 32\iuser.dll
2012-04-28 15:41:40        614532        ----a-w-        c:\program files\common files\installshield\engine\6\intel 32\IKernel.exe
2012-04-28 15:32:00        --------        d-----w-        c:\program files\DVD Genie
.
==================== Find3M  ====================
.
2012-05-22 13:26:12        249856        ----a-w-        c:\windows\system32\uxtheme.dll
2012-05-22 13:26:10        2755072        ----a-w-        c:\windows\system32\themeui.dll
2012-05-22 13:26:07        37376        ----a-w-        c:\windows\system32\themeservice.dll
2012-05-10 06:54:28        70304        ----a-w-        c:\windows\system32\FlashPlayerCPLApp.cpl
2012-05-10 06:54:28        419488        ----a-w-        c:\windows\system32\FlashPlayerApp.exe
2012-04-08 16:35:20        60416        ----a-w-        c:\windows\ALCFDRTM.VER
2012-04-04 13:56:40        22344        ----a-w-        c:\windows\system32\drivers\mbam.sys
2012-03-27 12:54:29        637848        ----a-w-        c:\windows\system32\npdeployJava1.dll
2012-03-27 12:54:29        567696        ----a-w-        c:\windows\system32\deployJava1.dll
2012-03-24 11:40:47        60416        ----a-w-        c:\windows\ALCFDRTM.EXE
2012-03-07 20:40:02        1010720        --s---r-        c:\windows\system32\MSCHRT20.OCX
2012-03-01 05:46:57        19824        ----a-w-        c:\windows\system32\drivers\fs_rec.sys
2012-03-01 05:37:41        172544        ----a-w-        c:\windows\system32\wintrust.dll
2012-03-01 05:33:23        159232        ----a-w-        c:\windows\system32\imagehlp.dll
2012-03-01 05:29:16        5120        ----a-w-        c:\windows\system32\wmi.dll
2012-02-29 23:59:00        61248        ----a-w-        c:\windows\system32\OpenCL.dll
2012-02-29 23:59:00        5892928        ----a-w-        c:\windows\system32\nvcuda.dll
2012-02-29 23:59:00        2517312        ----a-w-        c:\windows\system32\nvcuvid.dll
2012-02-29 23:59:00        2437440        ----a-w-        c:\windows\system32\nvcuvenc.dll
2012-02-29 23:59:00        2301248        ----a-w-        c:\windows\system32\nvapi.dll
2012-02-29 23:59:00        17543488        ----a-w-        c:\windows\system32\nvcompiler.dll
2012-02-29 23:59:00        15009600        ----a-w-        c:\windows\system32\nvd3dum.dll
2012-02-29 23:59:00        10819392        ----a-w-        c:\windows\system32\drivers\nvlddmkm.sys
2012-02-29 20:56:41        3881792        ----a-w-        c:\windows\system32\nvcpl.dll
2012-02-29 20:55:16        2719040        ----a-w-        c:\windows\system32\nvsvc.dll
2012-02-29 20:53:47        108352        ----a-w-        c:\windows\system32\nvmctray.dll
2012-02-29 20:53:46        645440        ----a-w-        c:\windows\system32\nvvsvc.exe
2012-02-29 20:53:46        62272        ----a-w-        c:\windows\system32\nvshext.dll
2012-02-28 01:18:55        1799168        ----a-w-        c:\windows\system32\jscript9.dll
2012-02-28 01:11:21        1427456        ----a-w-        c:\windows\system32\inetcpl.cpl
2012-02-28 01:11:07        1127424        ----a-w-        c:\windows\system32\wininet.dll
2012-02-28 01:03:16        2382848        ----a-w-        c:\windows\system32\mshtml.tlb
.
============= FINISH: 12:54:58.06 ===============
--- --- ---


Gmer:

GMER Logfile:
Code:
GMER 1.0.15.15641 - hxxp://www.gmer.net
Rootkit scan 2012-05-23 12:44:41
Windows 6.1.7601 Service Pack 1 Harddisk0\DR0 -> \Device\Ide\IdeDeviceP0T0L0-0 SAMSUNG_SP1203N rev.TL100-30
Running: rqfnzd0n.exe; Driver: C:\Users\-----\AppData\Local\Temp\pgddqpow.sys


---- System - GMER 1.0.15 ----

SSDT            \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software)                                    ZwAddBootEntry [0x8B2E7CAE]
SSDT            \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software)                                    ZwAlpcSendWaitReceivePort [0x8B2EA16E]
SSDT            \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software)                                    ZwCreateEvent [0x8B2E9B34]
SSDT            \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software)                                    ZwCreateEventPair [0x8B2E9B8C]
SSDT            \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software)                                    ZwCreateIoCompletion [0x8B2E9CA2]
SSDT            \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software)                                    ZwCreateMutant [0x8B2E9A8A]
SSDT            \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software)                                    ZwCreateSection [0x8B2E9BDC]
SSDT            \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software)                                    ZwCreateSemaphore [0x8B2E9ADE]
SSDT            \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software)                                    ZwCreateTimer [0x8B2E9C50]
SSDT            \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software)                                    ZwDeleteBootEntry [0x8B2E7CD2]
SSDT            \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software)                                    ZwLoadDriver [0x8B2E7ADA]
SSDT            \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software)                                    ZwModifyBootEntry [0x8B2E7CF6]
SSDT            \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software)                                    ZwNotifyChangeKey [0x8B2EA548]
SSDT            \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software)                                    ZwNotifyChangeMultipleKeys [0x8B2E87F8]
SSDT            \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software)                                    ZwOpenEvent [0x8B2E9B64]
SSDT            \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software)                                    ZwOpenEventPair [0x8B2E9BB4]
SSDT            \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software)                                    ZwOpenIoCompletion [0x8B2E9CCC]
SSDT            \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software)                                    ZwOpenMutant [0x8B2E9AB6]
SSDT            \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software)                                    ZwOpenSection [0x8B2E9C1C]
SSDT            \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software)                                    ZwOpenSemaphore [0x8B2E9B0C]
SSDT            \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software)                                    ZwOpenTimer [0x8B2E9C7A]
SSDT            \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software)                                    ZwQueryObject [0x8B2E86BE]
SSDT            \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software)                                    ZwReplyWaitReceivePort [0x8B2EA57E]
SSDT            \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software)                                    ZwReplyWaitReceivePortEx [0x8B2EA142]
SSDT            \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software)                                    ZwSetBootEntryOrder [0x8B2E7D1A]
SSDT            \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software)                                    ZwSetBootOptions [0x8B2E7D3E]
SSDT            \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software)                                    ZwSetSystemInformation [0x8B2E7B34]
SSDT            \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software)                                    ZwShutdownSystem [0x8B2E7C44]
SSDT            \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software)                                    ZwSystemDebugControl [0x8B2E7C56]

Code            \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/AVAST Software)                                    ZwCreateProcessEx [0x910A8BAE]
Code            \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/AVAST Software)                                    ObMakeTemporaryObject

---- Kernel code sections - GMER 1.0.15 ----

.text          ntoskrnl.exe!ZwRollbackEnlistment + 1409                                                                                  83047989 1 Byte  [06]
.text          ntoskrnl.exe!KiDispatchInterrupt + 5A2                                                                                    830674E2 19 Bytes  [E0, 0F, BA, F0, 07, 73, 09, ...] {LOOPNZ 0x11; MOV EDX, 0x97307f0; MOV CR4, EAX; OR AL, 0x80; MOV CR4, EAX; RET ; MOV ECX, CR3}
.text          ntoskrnl.exe!KeRemoveQueueEx + 1393                                                                                      8306E750 4 Bytes  [AE, 7C, 2E, 8B]
.text          ntoskrnl.exe!KeRemoveQueueEx + 140B                                                                                      8306E7C8 4 Bytes  [6E, A1, 2E, 8B]
.text          ntoskrnl.exe!KeRemoveQueueEx + 146F                                                                                      8306E82C 8 Bytes  [34, 9B, 2E, 8B, 8C, 9B, 2E, ...]
.text          ntoskrnl.exe!KeRemoveQueueEx + 147B                                                                                      8306E838 4 Bytes  [A2, 9C, 2E, 8B]
.text          ntoskrnl.exe!KeRemoveQueueEx + 1497                                                                                      8306E854 4 Bytes  [8A, 9A, 2E, 8B]
.text          ...                                                                                                                     
PAGE            ntoskrnl.exe!ObMakeTemporaryObject                                                                                        831F448A 5 Bytes  JMP 910A45D4 \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/AVAST Software)
PAGE            ntoskrnl.exe!RtlCompareUnicodeStrings + 50C                                                                              8321B9D6 5 Bytes  JMP 910A6012 \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/AVAST Software)
PAGE            ntoskrnl.exe!ZwCreateProcessEx                                                                                            832E4944 7 Bytes  JMP 910A8BB2 \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/AVAST Software)
?              C:\Users\-----\AppData\Local\Temp\mbr.sys                                                                              The system cannot find the file specified. !

---- User code sections - GMER 1.0.15 ----

.text          C:\Program Files\SRWare Iron\iron.exe[840] ntdll.dll!NtCreateFile + 6                                                    779855CE 4 Bytes  [28, 00, 17, 00]
.text          C:\Program Files\SRWare Iron\iron.exe[840] ntdll.dll!NtCreateFile + B                                                    779855D3 1 Byte  [E2]
.text          C:\Program Files\SRWare Iron\iron.exe[840] ntdll.dll!NtMapViewOfSection + 6                                              77985C2E 1 Byte  [28]
.text          C:\Program Files\SRWare Iron\iron.exe[840] ntdll.dll!NtMapViewOfSection + 6                                              77985C2E 4 Bytes  [28, 03, 17, 00]
.text          C:\Program Files\SRWare Iron\iron.exe[840] ntdll.dll!NtMapViewOfSection + B                                              77985C33 1 Byte  [E2]
.text          C:\Program Files\SRWare Iron\iron.exe[840] ntdll.dll!NtOpenFile + 6                                                      77985CDE 4 Bytes  [68, 00, 17, 00]
.text          C:\Program Files\SRWare Iron\iron.exe[840] ntdll.dll!NtOpenFile + B                                                      77985CE3 1 Byte  [E2]
.text          C:\Program Files\SRWare Iron\iron.exe[840] ntdll.dll!NtOpenProcess + 6                                                    77985D8E 4 Bytes  [A8, 01, 17, 00]
.text          C:\Program Files\SRWare Iron\iron.exe[840] ntdll.dll!NtOpenProcess + B                                                    77985D93 1 Byte  [E2]
.text          C:\Program Files\SRWare Iron\iron.exe[840] ntdll.dll!NtOpenProcessToken + 6                                              77985D9E 4 Bytes  CALL 769874A4 C:\Windows\system32\SHELL32.dll (Windows Shell Common Dll/Microsoft Corporation)
.text          C:\Program Files\SRWare Iron\iron.exe[840] ntdll.dll!NtOpenProcessToken + B                                              77985DA3 1 Byte  [E2]
.text          C:\Program Files\SRWare Iron\iron.exe[840] ntdll.dll!NtOpenProcessTokenEx + 6                                            77985DAE 4 Bytes  [A8, 02, 17, 00]
.text          C:\Program Files\SRWare Iron\iron.exe[840] ntdll.dll!NtOpenProcessTokenEx + B                                            77985DB3 1 Byte  [E2]
.text          C:\Program Files\SRWare Iron\iron.exe[840] ntdll.dll!NtOpenThread + 6                                                    77985E0E 4 Bytes  [68, 01, 17, 00]
.text          C:\Program Files\SRWare Iron\iron.exe[840] ntdll.dll!NtOpenThread + B                                                    77985E13 1 Byte  [E2]
.text          C:\Program Files\SRWare Iron\iron.exe[840] ntdll.dll!NtOpenThreadToken + 6                                                77985E1E 4 Bytes  [68, 02, 17, 00]
.text          C:\Program Files\SRWare Iron\iron.exe[840] ntdll.dll!NtOpenThreadToken + B                                                77985E23 1 Byte  [E2]
.text          C:\Program Files\SRWare Iron\iron.exe[840] ntdll.dll!NtOpenThreadTokenEx + 6                                              77985E2E 4 Bytes  CALL 76987535 C:\Windows\system32\SHELL32.dll (Windows Shell Common Dll/Microsoft Corporation)
.text          C:\Program Files\SRWare Iron\iron.exe[840] ntdll.dll!NtOpenThreadTokenEx + B                                              77985E33 1 Byte  [E2]
.text          C:\Program Files\SRWare Iron\iron.exe[840] ntdll.dll!NtQueryAttributesFile + 6                                            77985F3E 4 Bytes  [A8, 00, 17, 00]
.text          C:\Program Files\SRWare Iron\iron.exe[840] ntdll.dll!NtQueryAttributesFile + B                                            77985F43 1 Byte  [E2]
.text          C:\Program Files\SRWare Iron\iron.exe[840] ntdll.dll!NtQueryFullAttributesFile + 6                                        77985FEE 4 Bytes  CALL 769876F3 C:\Windows\system32\SHELL32.dll (Windows Shell Common Dll/Microsoft Corporation)
.text          C:\Program Files\SRWare Iron\iron.exe[840] ntdll.dll!NtQueryFullAttributesFile + B                                        77985FF3 1 Byte  [E2]
.text          C:\Program Files\SRWare Iron\iron.exe[840] ntdll.dll!NtSetInformationFile + 6                                            7798663E 4 Bytes  [28, 01, 17, 00]
.text          C:\Program Files\SRWare Iron\iron.exe[840] ntdll.dll!NtSetInformationFile + B                                            77986643 1 Byte  [E2]
.text          C:\Program Files\SRWare Iron\iron.exe[840] ntdll.dll!NtSetInformationThread + 6                                          7798669E 4 Bytes  [28, 02, 17, 00]
.text          C:\Program Files\SRWare Iron\iron.exe[840] ntdll.dll!NtSetInformationThread + B                                          779866A3 1 Byte  [E2]
.text          C:\Program Files\SRWare Iron\iron.exe[840] ntdll.dll!NtUnmapViewOfSection + 6                                            779869BE 1 Byte  [68]
.text          C:\Program Files\SRWare Iron\iron.exe[840] ntdll.dll!NtUnmapViewOfSection + 6                                            779869BE 4 Bytes  [68, 03, 17, 00]
.text          C:\Program Files\SRWare Iron\iron.exe[840] ntdll.dll!NtUnmapViewOfSection + B                                            779869C3 1 Byte  [E2]
.text          C:\Program Files\SRWare Iron\iron.exe[1108] ntdll.dll!NtCreateFile + 6                                                    779855CE 4 Bytes  [28, 00, 1D, 00]
.text          C:\Program Files\SRWare Iron\iron.exe[1108] ntdll.dll!NtCreateFile + B                                                    779855D3 1 Byte  [E2]
.text          C:\Program Files\SRWare Iron\iron.exe[1108] ntdll.dll!NtMapViewOfSection + 6                                              77985C2E 1 Byte  [28]
.text          C:\Program Files\SRWare Iron\iron.exe[1108] ntdll.dll!NtMapViewOfSection + 6                                              77985C2E 4 Bytes  [28, 03, 1D, 00]
.text          C:\Program Files\SRWare Iron\iron.exe[1108] ntdll.dll!NtMapViewOfSection + B                                              77985C33 1 Byte  [E2]
.text          C:\Program Files\SRWare Iron\iron.exe[1108] ntdll.dll!NtOpenFile + 6                                                      77985CDE 4 Bytes  [68, 00, 1D, 00]
.text          C:\Program Files\SRWare Iron\iron.exe[1108] ntdll.dll!NtOpenFile + B                                                      77985CE3 1 Byte  [E2]
.text          C:\Program Files\SRWare Iron\iron.exe[1108] ntdll.dll!NtOpenProcess + 6                                                  77985D8E 4 Bytes  [A8, 01, 1D, 00]
.text          C:\Program Files\SRWare Iron\iron.exe[1108] ntdll.dll!NtOpenProcess + B                                                  77985D93 1 Byte  [E2]
.text          C:\Program Files\SRWare Iron\iron.exe[1108] ntdll.dll!NtOpenProcessToken + 6                                              77985D9E 4 Bytes  CALL 76987AA4 C:\Windows\system32\SHELL32.dll (Windows Shell Common Dll/Microsoft Corporation)
.text          C:\Program Files\SRWare Iron\iron.exe[1108] ntdll.dll!NtOpenProcessToken + B                                              77985DA3 1 Byte  [E2]
.text          C:\Program Files\SRWare Iron\iron.exe[1108] ntdll.dll!NtOpenProcessTokenEx + 6                                            77985DAE 4 Bytes  [A8, 02, 1D, 00]
.text          C:\Program Files\SRWare Iron\iron.exe[1108] ntdll.dll!NtOpenProcessTokenEx + B                                            77985DB3 1 Byte  [E2]
.text          C:\Program Files\SRWare Iron\iron.exe[1108] ntdll.dll!NtOpenThread + 6                                                    77985E0E 4 Bytes  [68, 01, 1D, 00]
.text          C:\Program Files\SRWare Iron\iron.exe[1108] ntdll.dll!NtOpenThread + B                                                    77985E13 1 Byte  [E2]
.text          C:\Program Files\SRWare Iron\iron.exe[1108] ntdll.dll!NtOpenThreadToken + 6                                              77985E1E 4 Bytes  [68, 02, 1D, 00]
.text          C:\Program Files\SRWare Iron\iron.exe[1108] ntdll.dll!NtOpenThreadToken + B                                              77985E23 1 Byte  [E2]
.text          C:\Program Files\SRWare Iron\iron.exe[1108] ntdll.dll!NtOpenThreadTokenEx + 6                                            77985E2E 4 Bytes  CALL 76987B35 C:\Windows\system32\SHELL32.dll (Windows Shell Common Dll/Microsoft Corporation)
.text          C:\Program Files\SRWare Iron\iron.exe[1108] ntdll.dll!NtOpenThreadTokenEx + B                                            77985E33 1 Byte  [E2]
.text          C:\Program Files\SRWare Iron\iron.exe[1108] ntdll.dll!NtQueryAttributesFile + 6                                          77985F3E 4 Bytes  [A8, 00, 1D, 00]
.text          C:\Program Files\SRWare Iron\iron.exe[1108] ntdll.dll!NtQueryAttributesFile + B                                          77985F43 1 Byte  [E2]
.text          C:\Program Files\SRWare Iron\iron.exe[1108] ntdll.dll!NtQueryFullAttributesFile + 6                                      77985FEE 4 Bytes  CALL 76987CF3 C:\Windows\system32\SHELL32.dll (Windows Shell Common Dll/Microsoft Corporation)
.text          C:\Program Files\SRWare Iron\iron.exe[1108] ntdll.dll!NtQueryFullAttributesFile + B                                      77985FF3 1 Byte  [E2]
.text          C:\Program Files\SRWare Iron\iron.exe[1108] ntdll.dll!NtSetInformationFile + 6                                            7798663E 4 Bytes  [28, 01, 1D, 00]
.text          C:\Program Files\SRWare Iron\iron.exe[1108] ntdll.dll!NtSetInformationFile + B                                            77986643 1 Byte  [E2]
.text          C:\Program Files\SRWare Iron\iron.exe[1108] ntdll.dll!NtSetInformationThread + 6                                          7798669E 4 Bytes  [28, 02, 1D, 00]
.text          C:\Program Files\SRWare Iron\iron.exe[1108] ntdll.dll!NtSetInformationThread + B                                          779866A3 1 Byte  [E2]
.text          C:\Program Files\SRWare Iron\iron.exe[1108] ntdll.dll!NtUnmapViewOfSection + 6                                            779869BE 1 Byte  [68]
.text          C:\Program Files\SRWare Iron\iron.exe[1108] ntdll.dll!NtUnmapViewOfSection + 6                                            779869BE 4 Bytes  [68, 03, 1D, 00]
.text          C:\Program Files\SRWare Iron\iron.exe[1108] ntdll.dll!NtUnmapViewOfSection + B                                            779869C3 1 Byte  [E2]
.text          C:\Program Files\SRWare Iron\iron.exe[1436] ntdll.dll!NtCreateFile + 6                                                    779855CE 4 Bytes  [28, 00, 40, 00]
.text          C:\Program Files\SRWare Iron\iron.exe[1436] ntdll.dll!NtCreateFile + B                                                    779855D3 1 Byte  [E2]
.text          C:\Program Files\SRWare Iron\iron.exe[1436] ntdll.dll!NtMapViewOfSection + 6                                              77985C2E 1 Byte  [28]
.text          C:\Program Files\SRWare Iron\iron.exe[1436] ntdll.dll!NtMapViewOfSection + 6                                              77985C2E 4 Bytes  [28, 03, 40, 00]
.text          C:\Program Files\SRWare Iron\iron.exe[1436] ntdll.dll!NtMapViewOfSection + B                                              77985C33 1 Byte  [E2]
.text          C:\Program Files\SRWare Iron\iron.exe[1436] ntdll.dll!NtOpenFile + 6                                                      77985CDE 4 Bytes  [68, 00, 40, 00]
.text          C:\Program Files\SRWare Iron\iron.exe[1436] ntdll.dll!NtOpenFile + B                                                      77985CE3 1 Byte  [E2]
.text          C:\Program Files\SRWare Iron\iron.exe[1436] ntdll.dll!NtOpenProcess + 6                                                  77985D8E 4 Bytes  [A8, 01, 40, 00]
.text          C:\Program Files\SRWare Iron\iron.exe[1436] ntdll.dll!NtOpenProcess + B                                                  77985D93 1 Byte  [E2]
.text          C:\Program Files\SRWare Iron\iron.exe[1436] ntdll.dll!NtOpenProcessToken + 6                                              77985D9E 4 Bytes  CALL 76989DA4 C:\Windows\system32\SHELL32.dll (Windows Shell Common Dll/Microsoft Corporation)
.text          C:\Program Files\SRWare Iron\iron.exe[1436] ntdll.dll!NtOpenProcessToken + B                                              77985DA3 1 Byte  [E2]
.text          C:\Program Files\SRWare Iron\iron.exe[1436] ntdll.dll!NtOpenProcessTokenEx + 6                                            77985DAE 4 Bytes  [A8, 02, 40, 00]
.text          C:\Program Files\SRWare Iron\iron.exe[1436] ntdll.dll!NtOpenProcessTokenEx + B                                            77985DB3 1 Byte  [E2]
.text          C:\Program Files\SRWare Iron\iron.exe[1436] ntdll.dll!NtOpenThread + 6                                                    77985E0E 4 Bytes  [68, 01, 40, 00]
.text          C:\Program Files\SRWare Iron\iron.exe[1436] ntdll.dll!NtOpenThread + B                                                    77985E13 1 Byte  [E2]
.text          C:\Program Files\SRWare Iron\iron.exe[1436] ntdll.dll!NtOpenThreadToken + 6                                              77985E1E 4 Bytes  [68, 02, 40, 00]
.text          C:\Program Files\SRWare Iron\iron.exe[1436] ntdll.dll!NtOpenThreadToken + B                                              77985E23 1 Byte  [E2]
.text          C:\Program Files\SRWare Iron\iron.exe[1436] ntdll.dll!NtOpenThreadTokenEx + 6                                            77985E2E 4 Bytes  CALL 76989E35 C:\Windows\system32\SHELL32.dll (Windows Shell Common Dll/Microsoft Corporation)
.text          C:\Program Files\SRWare Iron\iron.exe[1436] ntdll.dll!NtOpenThreadTokenEx + B                                            77985E33 1 Byte  [E2]
.text          C:\Program Files\SRWare Iron\iron.exe[1436] ntdll.dll!NtQueryAttributesFile + 6                                          77985F3E 4 Bytes  [A8, 00, 40, 00]
.text          C:\Program Files\SRWare Iron\iron.exe[1436] ntdll.dll!NtQueryAttributesFile + B                                          77985F43 1 Byte  [E2]
.text          C:\Program Files\SRWare Iron\iron.exe[1436] ntdll.dll!NtQueryFullAttributesFile + 6                                      77985FEE 4 Bytes  CALL 76989FF3 C:\Windows\system32\SHELL32.dll (Windows Shell Common Dll/Microsoft Corporation)
.text          C:\Program Files\SRWare Iron\iron.exe[1436] ntdll.dll!NtQueryFullAttributesFile + B                                      77985FF3 1 Byte  [E2]
.text          C:\Program Files\SRWare Iron\iron.exe[1436] ntdll.dll!NtSetInformationFile + 6                                            7798663E 4 Bytes  [28, 01, 40, 00]
.text          C:\Program Files\SRWare Iron\iron.exe[1436] ntdll.dll!NtSetInformationFile + B                                            77986643 1 Byte  [E2]
.text          C:\Program Files\SRWare Iron\iron.exe[1436] ntdll.dll!NtSetInformationThread + 6                                          7798669E 4 Bytes  [28, 02, 40, 00]
.text          C:\Program Files\SRWare Iron\iron.exe[1436] ntdll.dll!NtSetInformationThread + B                                          779866A3 1 Byte  [E2]
.text          C:\Program Files\SRWare Iron\iron.exe[1436] ntdll.dll!NtUnmapViewOfSection + 6                                            779869BE 1 Byte  [68]
.text          C:\Program Files\SRWare Iron\iron.exe[1436] ntdll.dll!NtUnmapViewOfSection + 6                                            779869BE 4 Bytes  [68, 03, 40, 00]
.text          C:\Program Files\SRWare Iron\iron.exe[1436] ntdll.dll!NtUnmapViewOfSection + B                                            779869C3 1 Byte  [E2]
.text          C:\Program Files\Alwil Software\Avast5\AvastSvc.exe[1720] kernel32.dll!SetUnhandledExceptionFilter                        7768F4FB 4 Bytes  [C2, 04, 00, 90] {RET 0x4; NOP }
.text          C:\Program Files\SRWare Iron\iron.exe[2000] ntdll.dll!NtCreateFile + 6                                                    779855CE 4 Bytes  [28, 00, 1F, 00]
.text          C:\Program Files\SRWare Iron\iron.exe[2000] ntdll.dll!NtCreateFile + B                                                    779855D3 1 Byte  [E2]
.text          C:\Program Files\SRWare Iron\iron.exe[2000] ntdll.dll!NtMapViewOfSection + 6                                              77985C2E 1 Byte  [28]
.text          C:\Program Files\SRWare Iron\iron.exe[2000] ntdll.dll!NtMapViewOfSection + 6                                              77985C2E 4 Bytes  [28, 03, 1F, 00]
.text          C:\Program Files\SRWare Iron\iron.exe[2000] ntdll.dll!NtMapViewOfSection + B                                              77985C33 1 Byte  [E2]
.text          C:\Program Files\SRWare Iron\iron.exe[2000] ntdll.dll!NtOpenFile + 6                                                      77985CDE 4 Bytes  [68, 00, 1F, 00]
.text          C:\Program Files\SRWare Iron\iron.exe[2000] ntdll.dll!NtOpenFile + B                                                      77985CE3 1 Byte  [E2]
.text          C:\Program Files\SRWare Iron\iron.exe[2000] ntdll.dll!NtOpenProcess + 6                                                  77985D8E 4 Bytes  [A8, 01, 1F, 00]
.text          C:\Program Files\SRWare Iron\iron.exe[2000] ntdll.dll!NtOpenProcess + B                                                  77985D93 1 Byte  [E2]
.text          C:\Program Files\SRWare Iron\iron.exe[2000] ntdll.dll!NtOpenProcessToken + 6                                              77985D9E 4 Bytes  CALL 76987CA4 C:\Windows\system32\SHELL32.dll (Windows Shell Common Dll/Microsoft Corporation)
.text          C:\Program Files\SRWare Iron\iron.exe[2000] ntdll.dll!NtOpenProcessToken + B                                              77985DA3 1 Byte  [E2]
.text          C:\Program Files\SRWare Iron\iron.exe[2000] ntdll.dll!NtOpenProcessTokenEx + 6                                            77985DAE 4 Bytes  [A8, 02, 1F, 00]
.text          C:\Program Files\SRWare Iron\iron.exe[2000] ntdll.dll!NtOpenProcessTokenEx + B                                            77985DB3 1 Byte  [E2]
.text          C:\Program Files\SRWare Iron\iron.exe[2000] ntdll.dll!NtOpenThread + 6                                                    77985E0E 4 Bytes  [68, 01, 1F, 00]
.text          C:\Program Files\SRWare Iron\iron.exe[2000] ntdll.dll!NtOpenThread + B                                                    77985E13 1 Byte  [E2]
.text          C:\Program Files\SRWare Iron\iron.exe[2000] ntdll.dll!NtOpenThreadToken + 6                                              77985E1E 4 Bytes  [68, 02, 1F, 00]
.text          C:\Program Files\SRWare Iron\iron.exe[2000] ntdll.dll!NtOpenThreadToken + B                                              77985E23 1 Byte  [E2]
.text          C:\Program Files\SRWare Iron\iron.exe[2000] ntdll.dll!NtOpenThreadTokenEx + 6                                            77985E2E 4 Bytes  CALL 76987D35 C:\Windows\system32\SHELL32.dll (Windows Shell Common Dll/Microsoft Corporation)
.text          C:\Program Files\SRWare Iron\iron.exe[2000] ntdll.dll!NtOpenThreadTokenEx + B                                            77985E33 1 Byte  [E2]
.text          C:\Program Files\SRWare Iron\iron.exe[2000] ntdll.dll!NtQueryAttributesFile + 6                                          77985F3E 4 Bytes  [A8, 00, 1F, 00]
.text          C:\Program Files\SRWare Iron\iron.exe[2000] ntdll.dll!NtQueryAttributesFile + B                                          77985F43 1 Byte  [E2]
.text          C:\Program Files\SRWare Iron\iron.exe[2000] ntdll.dll!NtQueryFullAttributesFile + 6                                      77985FEE 4 Bytes  CALL 76987EF3 C:\Windows\system32\SHELL32.dll (Windows Shell Common Dll/Microsoft Corporation)
.text          C:\Program Files\SRWare Iron\iron.exe[2000] ntdll.dll!NtQueryFullAttributesFile + B                                      77985FF3 1 Byte  [E2]
.text          C:\Program Files\SRWare Iron\iron.exe[2000] ntdll.dll!NtSetInformationFile + 6                                            7798663E 4 Bytes  [28, 01, 1F, 00]
.text          C:\Program Files\SRWare Iron\iron.exe[2000] ntdll.dll!NtSetInformationFile + B                                            77986643 1 Byte  [E2]
.text          C:\Program Files\SRWare Iron\iron.exe[2000] ntdll.dll!NtSetInformationThread + 6                                          7798669E 4 Bytes  [28, 02, 1F, 00]
.text          C:\Program Files\SRWare Iron\iron.exe[2000] ntdll.dll!NtSetInformationThread + B                                          779866A3 1 Byte  [E2]
.text          C:\Program Files\SRWare Iron\iron.exe[2000] ntdll.dll!NtUnmapViewOfSection + 6                                            779869BE 1 Byte  [68]
.text          C:\Program Files\SRWare Iron\iron.exe[2000] ntdll.dll!NtUnmapViewOfSection + 6                                            779869BE 4 Bytes  [68, 03, 1F, 00]
.text          C:\Program Files\SRWare Iron\iron.exe[2000] ntdll.dll!NtUnmapViewOfSection + B                                            779869C3 1 Byte  [E2]
.text          C:\Program Files\SRWare Iron\iron.exe[3668] ntdll.dll!NtCreateFile + 6                                                    779855CE 4 Bytes  [28, 00, 33, 00] {SUB [EAX], AL; XOR EAX, [EAX]}
.text          C:\Program Files\SRWare Iron\iron.exe[3668] ntdll.dll!NtCreateFile + B                                                    779855D3 1 Byte  [E2]
.text          C:\Program Files\SRWare Iron\iron.exe[3668] ntdll.dll!NtMapViewOfSection + 6                                              77985C2E 1 Byte  [28]
.text          C:\Program Files\SRWare Iron\iron.exe[3668] ntdll.dll!NtMapViewOfSection + 6                                              77985C2E 4 Bytes  [28, 03, 33, 00] {SUB [EBX], AL; XOR EAX, [EAX]}
.text          C:\Program Files\SRWare Iron\iron.exe[3668] ntdll.dll!NtMapViewOfSection + B                                              77985C33 1 Byte  [E2]
.text          C:\Program Files\SRWare Iron\iron.exe[3668] ntdll.dll!NtOpenFile + 6                                                      77985CDE 4 Bytes  [68, 00, 33, 00]
.text          C:\Program Files\SRWare Iron\iron.exe[3668] ntdll.dll!NtOpenFile + B                                                      77985CE3 1 Byte  [E2]
.text          C:\Program Files\SRWare Iron\iron.exe[3668] ntdll.dll!NtOpenProcess + 6                                                  77985D8E 4 Bytes  [A8, 01, 33, 00] {TEST AL, 0x1; XOR EAX, [EAX]}
.text          C:\Program Files\SRWare Iron\iron.exe[3668] ntdll.dll!NtOpenProcess + B                                                  77985D93 1 Byte  [E2]
.text          C:\Program Files\SRWare Iron\iron.exe[3668] ntdll.dll!NtOpenProcessToken + 6                                              77985D9E 4 Bytes  CALL 769890A4 C:\Windows\system32\SHELL32.dll (Windows Shell Common Dll/Microsoft Corporation)
.text          C:\Program Files\SRWare Iron\iron.exe[3668] ntdll.dll!NtOpenProcessToken + B                                              77985DA3 1 Byte  [E2]
.text          C:\Program Files\SRWare Iron\iron.exe[3668] ntdll.dll!NtOpenProcessTokenEx + 6                                            77985DAE 4 Bytes  [A8, 02, 33, 00] {TEST AL, 0x2; XOR EAX, [EAX]}
.text          C:\Program Files\SRWare Iron\iron.exe[3668] ntdll.dll!NtOpenProcessTokenEx + B                                            77985DB3 1 Byte  [E2]
.text          C:\Program Files\SRWare Iron\iron.exe[3668] ntdll.dll!NtOpenThread + 6                                                    77985E0E 4 Bytes  [68, 01, 33, 00]
.text          C:\Program Files\SRWare Iron\iron.exe[3668] ntdll.dll!NtOpenThread + B                                                    77985E13 1 Byte  [E2]
.text          C:\Program Files\SRWare Iron\iron.exe[3668] ntdll.dll!NtOpenThreadToken + 6                                              77985E1E 4 Bytes  [68, 02, 33, 00]
.text          C:\Program Files\SRWare Iron\iron.exe[3668] ntdll.dll!NtOpenThreadToken + B                                              77985E23 1 Byte  [E2]
.text          C:\Program Files\SRWare Iron\iron.exe[3668] ntdll.dll!NtOpenThreadTokenEx + 6                                            77985E2E 4 Bytes  CALL 76989135 C:\Windows\system32\SHELL32.dll (Windows Shell Common Dll/Microsoft Corporation)
.text          C:\Program Files\SRWare Iron\iron.exe[3668] ntdll.dll!NtOpenThreadTokenEx + B                                            77985E33 1 Byte  [E2]
.text          C:\Program Files\SRWare Iron\iron.exe[3668] ntdll.dll!NtQueryAttributesFile + 6                                          77985F3E 4 Bytes  [A8, 00, 33, 00] {TEST AL, 0x0; XOR EAX, [EAX]}
.text          C:\Program Files\SRWare Iron\iron.exe[3668] ntdll.dll!NtQueryAttributesFile + B                                          77985F43 1 Byte  [E2]
.text          C:\Program Files\SRWare Iron\iron.exe[3668] ntdll.dll!NtQueryFullAttributesFile + 6                                      77985FEE 4 Bytes  CALL 769892F3 C:\Windows\system32\SHELL32.dll (Windows Shell Common Dll/Microsoft Corporation)
.text          C:\Program Files\SRWare Iron\iron.exe[3668] ntdll.dll!NtQueryFullAttributesFile + B                                      77985FF3 1 Byte  [E2]
.text          C:\Program Files\SRWare Iron\iron.exe[3668] ntdll.dll!NtSetInformationFile + 6                                            7798663E 4 Bytes  [28, 01, 33, 00] {SUB [ECX], AL; XOR EAX, [EAX]}
.text          C:\Program Files\SRWare Iron\iron.exe[3668] ntdll.dll!NtSetInformationFile + B                                            77986643 1 Byte  [E2]
.text          C:\Program Files\SRWare Iron\iron.exe[3668] ntdll.dll!NtSetInformationThread + 6                                          7798669E 4 Bytes  [28, 02, 33, 00] {SUB [EDX], AL; XOR EAX, [EAX]}
.text          C:\Program Files\SRWare Iron\iron.exe[3668] ntdll.dll!NtSetInformationThread + B                                          779866A3 1 Byte  [E2]
.text          C:\Program Files\SRWare Iron\iron.exe[3668] ntdll.dll!NtUnmapViewOfSection + 6                                            779869BE 1 Byte  [68]
.text          C:\Program Files\SRWare Iron\iron.exe[3668] ntdll.dll!NtUnmapViewOfSection + 6                                            779869BE 4 Bytes  [68, 03, 33, 00]
.text          C:\Program Files\SRWare Iron\iron.exe[3668] ntdll.dll!NtUnmapViewOfSection + B                                            779869C3 1 Byte  [E2]
.text          C:\Program Files\SRWare Iron\iron.exe[4088] ntdll.dll!NtCreateFile + 6                                                    779855CE 4 Bytes  [28, 00, 43, 00]
.text          C:\Program Files\SRWare Iron\iron.exe[4088] ntdll.dll!NtCreateFile + B                                                    779855D3 1 Byte  [E2]
.text          C:\Program Files\SRWare Iron\iron.exe[4088] ntdll.dll!NtMapViewOfSection + 6                                              77985C2E 1 Byte  [28]
.text          C:\Program Files\SRWare Iron\iron.exe[4088] ntdll.dll!NtMapViewOfSection + 6                                              77985C2E 4 Bytes  [28, 03, 43, 00]
.text          C:\Program Files\SRWare Iron\iron.exe[4088] ntdll.dll!NtMapViewOfSection + B                                              77985C33 1 Byte  [E2]
.text          C:\Program Files\SRWare Iron\iron.exe[4088] ntdll.dll!NtOpenFile + 6                                                      77985CDE 4 Bytes  [68, 00, 43, 00]
.text          C:\Program Files\SRWare Iron\iron.exe[4088] ntdll.dll!NtOpenFile + B                                                      77985CE3 1 Byte  [E2]
.text          C:\Program Files\SRWare Iron\iron.exe[4088] ntdll.dll!NtOpenProcess + 6                                                  77985D8E 4 Bytes  [A8, 01, 43, 00]
.text          C:\Program Files\SRWare Iron\iron.exe[4088] ntdll.dll!NtOpenProcess + B                                                  77985D93 1 Byte  [E2]
.text          C:\Program Files\SRWare Iron\iron.exe[4088] ntdll.dll!NtOpenProcessToken + 6                                              77985D9E 4 Bytes  CALL 7698A0A4 C:\Windows\system32\SHELL32.dll (Windows Shell Common Dll/Microsoft Corporation)
.text          C:\Program Files\SRWare Iron\iron.exe[4088] ntdll.dll!NtOpenProcessToken + B                                              77985DA3 1 Byte  [E2]
.text          C:\Program Files\SRWare Iron\iron.exe[4088] ntdll.dll!NtOpenProcessTokenEx + 6                                            77985DAE 4 Bytes  [A8, 02, 43, 00]
.text          C:\Program Files\SRWare Iron\iron.exe[4088] ntdll.dll!NtOpenProcessTokenEx + B                                            77985DB3 1 Byte  [E2]
.text          C:\Program Files\SRWare Iron\iron.exe[4088] ntdll.dll!NtOpenThread + 6                                                    77985E0E 4 Bytes  [68, 01, 43, 00]
.text          C:\Program Files\SRWare Iron\iron.exe[4088] ntdll.dll!NtOpenThread + B                                                    77985E13 1 Byte  [E2]
.text          C:\Program Files\SRWare Iron\iron.exe[4088] ntdll.dll!NtOpenThreadToken + 6                                              77985E1E 4 Bytes  [68, 02, 43, 00]
.text          C:\Program Files\SRWare Iron\iron.exe[4088] ntdll.dll!NtOpenThreadToken + B                                              77985E23 1 Byte  [E2]
.text          C:\Program Files\SRWare Iron\iron.exe[4088] ntdll.dll!NtOpenThreadTokenEx + 6                                            77985E2E 4 Bytes  CALL 7698A135 C:\Windows\system32\SHELL32.dll (Windows Shell Common Dll/Microsoft Corporation)
.text          C:\Program Files\SRWare Iron\iron.exe[4088] ntdll.dll!NtOpenThreadTokenEx + B                                            77985E33 1 Byte  [E2]
.text          C:\Program Files\SRWare Iron\iron.exe[4088] ntdll.dll!NtQueryAttributesFile + 6                                          77985F3E 4 Bytes  [A8, 00, 43, 00]
.text          C:\Program Files\SRWare Iron\iron.exe[4088] ntdll.dll!NtQueryAttributesFile + B                                          77985F43 1 Byte  [E2]
.text          C:\Program Files\SRWare Iron\iron.exe[4088] ntdll.dll!NtQueryFullAttributesFile + 6                                      77985FEE 4 Bytes  CALL 7698A2F3 C:\Windows\system32\SHELL32.dll (Windows Shell Common Dll/Microsoft Corporation)
.text          C:\Program Files\SRWare Iron\iron.exe[4088] ntdll.dll!NtQueryFullAttributesFile + B                                      77985FF3 1 Byte  [E2]
.text          C:\Program Files\SRWare Iron\iron.exe[4088] ntdll.dll!NtSetInformationFile + 6                                            7798663E 4 Bytes  [28, 01, 43, 00]
.text          C:\Program Files\SRWare Iron\iron.exe[4088] ntdll.dll!NtSetInformationFile + B                                            77986643 1 Byte  [E2]
.text          C:\Program Files\SRWare Iron\iron.exe[4088] ntdll.dll!NtSetInformationThread + 6                                          7798669E 4 Bytes  [28, 02, 43, 00]
.text          C:\Program Files\SRWare Iron\iron.exe[4088] ntdll.dll!NtSetInformationThread + B                                          779866A3 1 Byte  [E2]
.text          C:\Program Files\SRWare Iron\iron.exe[4088] ntdll.dll!NtUnmapViewOfSection + 6                                            779869BE 1 Byte  [68]
.text          C:\Program Files\SRWare Iron\iron.exe[4088] ntdll.dll!NtUnmapViewOfSection + 6                                            779869BE 4 Bytes  [68, 03, 43, 00]
.text          C:\Program Files\SRWare Iron\iron.exe[4088] ntdll.dll!NtUnmapViewOfSection + B                                            779869C3 1 Byte  [E2]

---- Devices - GMER 1.0.15 ----

Device          \Driver\ACPI_HAL \Device\00000055                                                                                        halmacpi.dll (Hardware Abstraction Layer DLL/Microsoft Corporation)

AttachedDevice  \Driver\tdx \Device\Tcp                                                                                                  aswFW.SYS (avast! Filtering TDI driver/AVAST Software)
AttachedDevice  \Driver\volmgr \Device\HarddiskVolume1                                                                                    fvevol.sys (BitLocker Drive Encryption Driver/Microsoft Corporation)
AttachedDevice  \Driver\volmgr \Device\HarddiskVolume2                                                                                    fvevol.sys (BitLocker Drive Encryption Driver/Microsoft Corporation)
AttachedDevice  \Driver\volmgr \Device\HarddiskVolume3                                                                                    fvevol.sys (BitLocker Drive Encryption Driver/Microsoft Corporation)
AttachedDevice  \Driver\tdx \Device\Udp                                                                                                  aswFW.SYS (avast! Filtering TDI driver/AVAST Software)

---- Services - GMER 1.0.15 ----

Service        C:\Windows\system32\DRIVERS\vdrv1000.sys (*** hidden *** )                                                                [SYSTEM] vdrv1000                                                                                                                                    <-- ROOTKIT !!!

---- Registry - GMER 1.0.15 ----

Reg            HKLM\SYSTEM\ControlSet001\services\BTHPORT\Parameters\Keys\00190e0d2b2c (not active ControlSet)                         
Reg            HKLM\SYSTEM\ControlSet001\services\BTHPORT\Parameters\Keys\00190e0d2b2c@fca13efdb1f7                                      0x52 0x8F 0xFF 0xE2 ...
Reg            HKLM\SYSTEM\ControlSet001\services\BTHPORT\Parameters\Keys\00190e0d2b2c@9c4a7b422655                                      0xC5 0x59 0x86 0x88 ...
Reg            HKLM\SYSTEM\ControlSet001\services\vdrv1000@ServiceBinary                                                                C:\Windows\system32\drivers\VDRV1000.SYS
Reg            HKLM\SYSTEM\ControlSet001\services\vdrv1000@Group                                                                        SCSI Miniport
Reg            HKLM\SYSTEM\ControlSet001\services\vdrv1000@ImagePath                                                                    system32\DRIVERS\vdrv1000.sys
Reg            HKLM\SYSTEM\ControlSet001\services\vdrv1000@ErrorControl                                                                  1
Reg            HKLM\SYSTEM\ControlSet001\services\vdrv1000@Start                                                                        1
Reg            HKLM\SYSTEM\ControlSet001\services\vdrv1000@Type                                                                          1
Reg            HKLM\SYSTEM\ControlSet001\services\vdrv1000@Tag                                                                          64
Reg            HKLM\SYSTEM\ControlSet001\services\vdrv1000\Enum (not active ControlSet)                                                 
Reg            HKLM\SYSTEM\ControlSet001\services\vdrv1000\Enum@0                                                                        ROOT\SCSIADAPTER\0000
Reg            HKLM\SYSTEM\ControlSet001\services\vdrv1000\Enum@Count                                                                    1
Reg            HKLM\SYSTEM\ControlSet001\services\vdrv1000\Enum@NextInstance                                                            1
Reg            HKLM\SYSTEM\ControlSet001\services\vdrv1000\Enum@INITSTARTFAILED                                                          1
Reg            HKLM\SYSTEM\ControlSet001\services\vdrv1000\parameters (not active ControlSet)                                           
Reg            HKLM\SYSTEM\ControlSet001\services\vdrv1000\parameters\pnpinterface (not active ControlSet)                             
Reg            HKLM\SYSTEM\ControlSet001\services\vdrv1000\parameters\pnpinterface@1                                                    1
Reg            HKLM\SYSTEM\ControlSet001\services\vdrv1000\security (not active ControlSet)                                             
Reg            HKLM\SYSTEM\CurrentControlSet\services\BTHPORT\Parameters\Keys\00190e0d2b2c                                             
Reg            HKLM\SYSTEM\CurrentControlSet\services\BTHPORT\Parameters\Keys\00190e0d2b2c@fca13efdb1f7                                  0x52 0x8F 0xFF 0xE2 ...
Reg            HKLM\SYSTEM\CurrentControlSet\services\BTHPORT\Parameters\Keys\00190e0d2b2c@9c4a7b422655                                  0xC5 0x59 0x86 0x88 ...
Reg            HKLM\SYSTEM\CurrentControlSet\services\vdrv1000@ServiceBinary                                                            C:\Windows\system32\drivers\VDRV1000.SYS
Reg            HKLM\SYSTEM\CurrentControlSet\services\vdrv1000@Group                                                                    SCSI Miniport
Reg            HKLM\SYSTEM\CurrentControlSet\services\vdrv1000@ImagePath                                                                system32\DRIVERS\vdrv1000.sys
Reg            HKLM\SYSTEM\CurrentControlSet\services\vdrv1000@ErrorControl                                                              1
Reg            HKLM\SYSTEM\CurrentControlSet\services\vdrv1000@Start                                                                    1
Reg            HKLM\SYSTEM\CurrentControlSet\services\vdrv1000@Type                                                                      1
Reg            HKLM\SYSTEM\CurrentControlSet\services\vdrv1000@Tag                                                                      64
Reg            HKLM\SYSTEM\CurrentControlSet\services\vdrv1000\Enum                                                                     
Reg            HKLM\SYSTEM\CurrentControlSet\services\vdrv1000\Enum@0                                                                    ROOT\SCSIADAPTER\0000
Reg            HKLM\SYSTEM\CurrentControlSet\services\vdrv1000\Enum@Count                                                                1
Reg            HKLM\SYSTEM\CurrentControlSet\services\vdrv1000\Enum@NextInstance                                                        1
Reg            HKLM\SYSTEM\CurrentControlSet\services\vdrv1000\Enum@INITSTARTFAILED                                                      1
Reg            HKLM\SYSTEM\CurrentControlSet\services\vdrv1000\parameters                                                               
Reg            HKLM\SYSTEM\CurrentControlSet\services\vdrv1000\parameters\pnpinterface                                                 
Reg            HKLM\SYSTEM\CurrentControlSet\services\vdrv1000\parameters\pnpinterface@1                                                1
Reg            HKLM\SYSTEM\CurrentControlSet\services\vdrv1000\security                                                                 
Reg            HKLM\SYSTEM\ControlSet003\services\BTHPORT\Parameters\Keys\00190e0d2b2c (not active ControlSet)                         
Reg            HKLM\SYSTEM\ControlSet003\services\BTHPORT\Parameters\Keys\00190e0d2b2c@fca13efdb1f7                                      0x52 0x8F 0xFF 0xE2 ...
Reg            HKLM\SYSTEM\ControlSet003\services\BTHPORT\Parameters\Keys\00190e0d2b2c@9c4a7b422655                                      0xC5 0x59 0x86 0x88 ...
Reg            HKLM\SYSTEM\ControlSet003\services\vdrv1000@ServiceBinary                                                                C:\Windows\system32\drivers\VDRV1000.SYS
Reg            HKLM\SYSTEM\ControlSet003\services\vdrv1000@Group                                                                        SCSI Miniport
Reg            HKLM\SYSTEM\ControlSet003\services\vdrv1000@ImagePath                                                                    system32\DRIVERS\vdrv1000.sys
Reg            HKLM\SYSTEM\ControlSet003\services\vdrv1000@ErrorControl                                                                  1
Reg            HKLM\SYSTEM\ControlSet003\services\vdrv1000@Start                                                                        1
Reg            HKLM\SYSTEM\ControlSet003\services\vdrv1000@Type                                                                          1
Reg            HKLM\SYSTEM\ControlSet003\services\vdrv1000@Tag                                                                          64
Reg            HKLM\SYSTEM\ControlSet003\services\vdrv1000\Enum (not active ControlSet)                                                 
Reg            HKLM\SYSTEM\ControlSet003\services\vdrv1000\Enum@0                                                                        ROOT\SCSIADAPTER\0000
Reg            HKLM\SYSTEM\ControlSet003\services\vdrv1000\Enum@Count                                                                    1
Reg            HKLM\SYSTEM\ControlSet003\services\vdrv1000\Enum@NextInstance                                                            1
Reg            HKLM\SYSTEM\ControlSet003\services\vdrv1000\Enum@INITSTARTFAILED                                                          1
Reg            HKLM\SYSTEM\ControlSet003\services\vdrv1000\parameters (not active ControlSet)                                           
Reg            HKLM\SYSTEM\ControlSet003\services\vdrv1000\parameters\pnpinterface (not active ControlSet)                             
Reg            HKLM\SYSTEM\ControlSet003\services\vdrv1000\parameters\pnpinterface@1                                                    1
Reg            HKLM\SYSTEM\ControlSet003\services\vdrv1000\security (not active ControlSet)                                             

---- Files - GMER 1.0.15 ----

File            C:\## aswSnx private storage                                                                                              0 bytes
File            C:\## aswSnx private storage\snx_rhive                                                                                    262144 bytes
File            C:\## aswSnx private storage\snx_rhive.LOG1                                                                              9216 bytes
File            C:\## aswSnx private storage\snx_rhive.LOG2                                                                              0 bytes
File            C:\## aswSnx private storage\snx_rhive{9dfc2b22-a40a-11e1-b8b3-2433a5b4733b}.TM.blf                                      65536 bytes
File            C:\## aswSnx private storage\snx_rhive{9dfc2b22-a40a-11e1-b8b3-2433a5b4733b}.TMContainer00000000000000000001.regtrans-ms  524288 bytes
File            C:\## aswSnx private storage\snx_rhive{9dfc2b22-a40a-11e1-b8b3-2433a5b4733b}.TMContainer00000000000000000002.regtrans-ms  524288 bytes

---- EOF - GMER 1.0.15 ----
--- --- ---

Psychotic 23.05.2012 12:23
Auweh!
Mal gucken, of das hier tut:

TDSS-Killer (Scan)


Lese bitte folgende Anweisungen genau. Wir wollen hier noch nichts "fixen" sondern nur einen Scan Report sehen. Downloade dir bitte TDSSKiller.exe und speichere diese Datei auf dem Desktop
  • Starte die TDSSKiller.exe
  • Klicke Change parameters, wähle Detect TDLFS file system, klicke OK.
  • Drücke Start Scan
  • Sollten infizierte Objekte gefunden werden, wähle keinesfalls Cure. Wähle Skip und speichere das Logfile. TDSSKiller wird eine Logfile auf deinem Systemlaufwerk speichern ( Meistens C:\ ) Als Beispiel: C:\TDSSKiller.<version_date_time>log.txt
Poste den Inhalt bitte hier in deinen Thread.

ThimoS. 23.05.2012 12:46
vielen lieben dank, hier der anhang:

Code:

0063 3396        TDSS rootkit removing tool 2.7.37.0 May 23 2012 08:15:30
13:41:30.0344 3396        ============================================================
13:41:30.0344 3396        Current date / time: 2012/05/23 13:41:30.0344
13:41:30.0344 3396        SystemInfo:
13:41:30.0344 3396       
13:41:30.0344 3396        OS Version: 6.1.7601 ServicePack: 1.0
13:41:30.0344 3396        Product type: Workstation
13:41:30.0344 3396        ComputerName: -----
13:41:30.0344 3396        UserName: -----
13:41:30.0344 3396        Windows directory: C:\Windows
13:41:30.0344 3396        System windows directory: C:\Windows
13:41:30.0344 3396        Processor architecture: Intel x86
13:41:30.0344 3396        Number of processors: 1
13:41:30.0344 3396        Page size: 0x1000
13:41:30.0344 3396        Boot type: Normal boot
13:41:30.0344 3396        ============================================================
13:41:31.0391 3396        Drive \Device\Harddisk0\DR0 - Size: 0x1BF4187E00 (111.81 Gb), SectorSize: 0x200, Cylinders: 0x3904, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000050
13:41:31.0407 3396        Drive \Device\Harddisk1\DR1 - Size: 0x9515A5E00 (37.27 Gb), SectorSize: 0x200, Cylinders: 0x1301, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000050
13:41:31.0407 3396        ============================================================
13:41:31.0407 3396        \Device\Harddisk0\DR0:
13:41:31.0422 3396        MBR partitions:
13:41:31.0422 3396        \Device\Harddisk0\DR0\Partition0: MBR, Type 0x7, StartLBA 0x3F, BlocksNum 0x6FCF9C3
13:41:31.0438 3396        \Device\Harddisk0\DR0\Partition1: MBR, Type 0x7, StartLBA 0x6FCFA41, BlocksNum 0x6FCBB02
13:41:31.0438 3396        \Device\Harddisk1\DR1:
13:41:31.0438 3396        MBR partitions:
13:41:31.0438 3396        \Device\Harddisk1\DR1\Partition0: MBR, Type 0x7, StartLBA 0x3F, BlocksNum 0x4A852C1
13:41:31.0438 3396        ============================================================
13:41:31.0454 3396        C: <-> \Device\Harddisk0\DR0\Partition0
13:41:31.0485 3396        D: <-> \Device\Harddisk1\DR1\Partition0
13:41:31.0516 3396        E: <-> \Device\Harddisk0\DR0\Partition1
13:41:31.0516 3396        ============================================================
13:41:31.0516 3396        Initialize success
13:41:31.0516 3396        ============================================================
13:42:16.0374 3764        ============================================================
13:42:16.0374 3764        Scan started
13:42:16.0374 3764        Mode: Manual; TDLFS;
13:42:16.0374 3764        ============================================================
13:42:17.0081 3764        1394ohci        (1b133875b8aa8ac48969bd3458afe9f5) C:\Windows\system32\drivers\1394ohci.sys
13:42:17.0094 3764        1394ohci - ok
13:42:17.0154 3764        ACPI            (cea80c80bed809aa0da6febc04733349) C:\Windows\system32\drivers\ACPI.sys
13:42:17.0170 3764        ACPI - ok
13:42:17.0230 3764        AcpiPmi        (1efbc664abff416d1d07db115dcb264f) C:\Windows\system32\drivers\acpipmi.sys
13:42:17.0233 3764        AcpiPmi - ok
13:42:17.0285 3764        adp94xx        (21e785ebd7dc90a06391141aac7892fb) C:\Windows\system32\DRIVERS\adp94xx.sys
13:42:17.0300 3764        adp94xx - ok
13:42:17.0339 3764        adpahci        (0c676bc278d5b59ff5abd57bbe9123f2) C:\Windows\system32\DRIVERS\adpahci.sys
13:42:17.0359 3764        adpahci - ok
13:42:17.0407 3764        adpu320        (7c7b5ee4b7b822ec85321fe23a27db33) C:\Windows\system32\DRIVERS\adpu320.sys
13:42:17.0426 3764        adpu320 - ok
13:42:17.0483 3764        AeLookupSvc    (8b5eefeec1e6d1a72a06c526628ad161) C:\Windows\System32\aelupsvc.dll
13:42:17.0490 3764        AeLookupSvc - ok
13:42:17.0554 3764        AFD            (9ebbba55060f786f0fcaa3893bfa2806) C:\Windows\system32\drivers\afd.sys
13:42:17.0579 3764        AFD - ok
13:42:17.0624 3764        agp440          (507812c3054c21cef746b6ee3d04dd6e) C:\Windows\system32\drivers\agp440.sys
13:42:17.0625 3764        agp440 - ok
13:42:17.0684 3764        aic78xx        (8b30250d573a8f6b4bd23195160d8707) C:\Windows\system32\DRIVERS\djsvs.sys
13:42:17.0693 3764        aic78xx - ok
13:42:17.0953 3764        ALCXWDM        (7997b6f02cbda0e31fa18cc85871b938) C:\Windows\system32\drivers\RTKVAC.SYS
13:42:18.0003 3764        ALCXWDM - ok
13:42:18.0120 3764        ALG            (18a54e132947cd98fea9accc57f98f13) C:\Windows\System32\alg.exe
13:42:18.0127 3764        ALG - ok
13:42:18.0195 3764        aliide          (0d40bcf52ea90fc7df2aeab6503dea44) C:\Windows\system32\drivers\aliide.sys
13:42:18.0198 3764        aliide - ok
13:42:18.0225 3764        amdagp          (3c6600a0696e90a463771c7422e23ab5) C:\Windows\system32\drivers\amdagp.sys
13:42:18.0236 3764        amdagp - ok
13:42:18.0281 3764        amdide          (cd5914170297126b6266860198d1d4f0) C:\Windows\system32\drivers\amdide.sys
13:42:18.0285 3764        amdide - ok
13:42:18.0321 3764        AmdK8          (00dda200d71bac534bf56a9db5dfd666) C:\Windows\system32\DRIVERS\amdk8.sys
13:42:18.0330 3764        AmdK8 - ok
13:42:18.0351 3764        AmdPPM          (3cbf30f5370fda40dd3e87df38ea53b6) C:\Windows\system32\DRIVERS\amdppm.sys
13:42:18.0355 3764        AmdPPM - ok
13:42:18.0401 3764        amdsata        (d320bf87125326f996d4904fe24300fc) C:\Windows\system32\drivers\amdsata.sys
13:42:18.0408 3764        amdsata - ok
13:42:18.0443 3764        amdsbs          (ea43af0c423ff267355f74e7a53bdaba) C:\Windows\system32\DRIVERS\amdsbs.sys
13:42:18.0457 3764        amdsbs - ok
13:42:18.0503 3764        amdxata        (46387fb17b086d16dea267d5be23a2f2) C:\Windows\system32\drivers\amdxata.sys
13:42:18.0505 3764        amdxata - ok
13:42:18.0547 3764        AppID          (aea177f783e20150ace5383ee368da19) C:\Windows\system32\drivers\appid.sys
13:42:18.0553 3764        AppID - ok
13:42:18.0589 3764        AppIDSvc        (62a9c86cb6085e20db4823e4e97826f5) C:\Windows\System32\appidsvc.dll
13:42:18.0597 3764        AppIDSvc - ok
13:42:18.0653 3764        Appinfo        (fb1959012294d6ad43e5304df65e3c26) C:\Windows\System32\appinfo.dll
13:42:18.0658 3764        Appinfo - ok
13:42:18.0699 3764        AppMgmt        (a45d184df6a8803da13a0b329517a64a) C:\Windows\System32\appmgmts.dll
13:42:18.0713 3764        AppMgmt - ok
13:42:18.0753 3764        arc            (2932004f49677bd84dbc72edb754ffb3) C:\Windows\system32\DRIVERS\arc.sys
13:42:18.0759 3764        arc - ok
13:42:18.0797 3764        arcsas          (5d6f36c46fd283ae1b57bd2e9feb0bc7) C:\Windows\system32\DRIVERS\arcsas.sys
13:42:18.0804 3764        arcsas - ok
13:42:18.0934 3764        aswArKrn - ok
13:42:19.0024 3764        aswFsBlk        (a0d86b8ac93ef95620420c7a24ac5344) C:\Windows\system32\drivers\aswFsBlk.sys
13:42:19.0026 3764        aswFsBlk - ok
13:42:19.0070 3764        aswFW          (25ace55b10046e9e6e9b148fa7abd3b7) C:\Windows\system32\drivers\aswFW.sys
13:42:19.0073 3764        aswFW - ok
13:42:19.0105 3764        aswMonFlt      (bd9119468c32b7ecd1e0544d3f286a73) C:\Windows\system32\drivers\aswMonFlt.sys
13:42:19.0107 3764        aswMonFlt - ok
13:42:19.0141 3764        aswNdis        (7b948e3657bea62e437bc46ca6ef6012) C:\Windows\system32\DRIVERS\aswNdis.sys
13:42:19.0143 3764        aswNdis - ok
13:42:19.0189 3764        aswNdis2        (125febcb61d33b358afc20866b8a9842) C:\Windows\system32\drivers\aswNdis2.sys
13:42:19.0198 3764        aswNdis2 - ok
13:42:19.0225 3764        aswRdr          (69823954bbd461a73d69774928c9737e) C:\Windows\system32\drivers\aswRdr.sys
13:42:19.0226 3764        aswRdr - ok
13:42:19.0281 3764        aswSnx          (81f10376af5f0f466f03cb2c5321b7ed) C:\Windows\system32\drivers\aswSnx.sys
13:42:19.0287 3764        aswSnx - ok
13:42:19.0326 3764        aswSP          (7ecc2776638b04553f9a85bd684c3abf) C:\Windows\system32\drivers\aswSP.sys
13:42:19.0328 3764        aswSP - ok
13:42:19.0375 3764        aswTdi          (095ed820a926aa8189180b305e1bcfc9) C:\Windows\system32\drivers\aswTdi.sys
13:42:19.0376 3764        aswTdi - ok
13:42:19.0403 3764        AsyncMac        (add2ade1c2b285ab8378d2daaf991481) C:\Windows\system32\DRIVERS\asyncmac.sys
13:42:19.0405 3764        AsyncMac - ok
13:42:19.0438 3764        atapi          (338c86357871c167a96ab976519bf59e) C:\Windows\system32\drivers\atapi.sys
13:42:19.0440 3764        atapi - ok
13:42:19.0500 3764        AudioEndpointBuilder (ce3b4e731638d2ef62fcb419be0d39f0) C:\Windows\System32\Audiosrv.dll
13:42:19.0525 3764        AudioEndpointBuilder - ok
13:42:19.0561 3764        Audiosrv        (ce3b4e731638d2ef62fcb419be0d39f0) C:\Windows\System32\Audiosrv.dll
13:42:19.0569 3764        Audiosrv - ok
13:42:19.0650 3764        avast! Antivirus (acb544d7254f366dfb48f380bc36cd25) C:\Program Files\Alwil Software\Avast5\AvastSvc.exe
13:42:19.0653 3764        avast! Antivirus - ok
13:42:19.0690 3764        avast! Firewall (8408b80b5d1927d5063e1250ea5d9a78) C:\Program Files\Alwil Software\Avast5\afwServ.exe
13:42:19.0693 3764        avast! Firewall - ok
13:42:19.0708 3764        avast! Web Scanner (acb544d7254f366dfb48f380bc36cd25) C:\Program Files\Alwil Software\Avast5\AvastSvc.exe
13:42:19.0709 3764        avast! Web Scanner - ok
13:42:19.0760 3764        AxInstSV        (6e30d02aac9cac84f421622e3a2f6178) C:\Windows\System32\AxInstSV.dll
13:42:19.0766 3764        AxInstSV - ok
13:42:19.0824 3764        b06bdrv        (1a231abec60fd316ec54c66715543cec) C:\Windows\system32\DRIVERS\bxvbdx.sys
13:42:19.0847 3764        b06bdrv - ok
13:42:19.0890 3764        b57nd60x        (bd8869eb9cde6bbe4508d869929869ee) C:\Windows\system32\DRIVERS\b57nd60x.sys
13:42:19.0917 3764        b57nd60x - ok
13:42:19.0967 3764        BDESVC          (ee1e9c3bb8228ae423dd38db69128e71) C:\Windows\System32\bdesvc.dll
13:42:19.0974 3764        BDESVC - ok
13:42:20.0003 3764        Beep            (505506526a9d467307b3c393dedaf858) C:\Windows\system32\drivers\Beep.sys
13:42:20.0005 3764        Beep - ok
13:42:20.0075 3764        BITS            (e585445d5021971fae10393f0f1c3961) C:\Windows\System32\qmgr.dll
13:42:20.0105 3764        BITS - ok
13:42:20.0158 3764        blbdrive        (2287078ed48fcfc477b05b20cf38f36f) C:\Windows\system32\DRIVERS\blbdrive.sys
13:42:20.0165 3764        blbdrive - ok
13:42:20.0213 3764        bowser          (8f2da3028d5fcbd1a060a3de64cd6506) C:\Windows\system32\DRIVERS\bowser.sys
13:42:20.0218 3764        bowser - ok
13:42:20.0243 3764        BrFiltLo        (9f9acc7f7ccde8a15c282d3f88b43309) C:\Windows\system32\DRIVERS\BrFiltLo.sys
13:42:20.0246 3764        BrFiltLo - ok
13:42:20.0264 3764        BrFiltUp        (56801ad62213a41f6497f96dee83755a) C:\Windows\system32\DRIVERS\BrFiltUp.sys
13:42:20.0266 3764        BrFiltUp - ok
13:42:20.0304 3764        Browser        (6e11f33d14d020f58d5e02e4d67dfa19) C:\Windows\System32\browser.dll
13:42:20.0311 3764        Browser - ok
13:42:20.0347 3764        Brserid        (845b8ce732e67f3b4133164868c666ea) C:\Windows\System32\Drivers\Brserid.sys
13:42:20.0367 3764        Brserid - ok
13:42:20.0391 3764        BrSerWdm        (203f0b1e73adadbbb7b7b1fabd901f6b) C:\Windows\System32\Drivers\BrSerWdm.sys
13:42:20.0400 3764        BrSerWdm - ok
13:42:20.0419 3764        BrUsbMdm        (bd456606156ba17e60a04e18016ae54b) C:\Windows\System32\Drivers\BrUsbMdm.sys
13:42:20.0423 3764        BrUsbMdm - ok
13:42:20.0446 3764        BrUsbSer        (af72ed54503f717a43268b3cc5faec2e) C:\Windows\System32\Drivers\BrUsbSer.sys
13:42:20.0448 3764        BrUsbSer - ok
13:42:20.0483 3764        BthEnum        (2865a5c8e98c70c605f417908cebb3a4) C:\Windows\system32\DRIVERS\BthEnum.sys
13:42:20.0491 3764        BthEnum - ok
13:42:20.0511 3764        BTHMODEM        (ed3df7c56ce0084eb2034432fc56565a) C:\Windows\system32\DRIVERS\bthmodem.sys
13:42:20.0519 3764        BTHMODEM - ok
13:42:20.0547 3764        BthPan          (ad1872e5829e8a2c3b5b4b641c3eab0e) C:\Windows\system32\DRIVERS\bthpan.sys
13:42:20.0556 3764        BthPan - ok
13:42:20.0621 3764        BTHPORT        (c2fbf6d271d9a94d839c416bf186ead9) C:\Windows\system32\Drivers\BTHport.sys
13:42:20.0644 3764        BTHPORT - ok
13:42:20.0678 3764        bthserv        (1df19c96eef6c29d1c3e1a8678e07190) C:\Windows\system32\bthserv.dll
13:42:20.0685 3764        bthserv - ok
13:42:20.0716 3764        BTHUSB          (c81e9413a25a439f436b1d4b6a0cf9e9) C:\Windows\system32\Drivers\BTHUSB.sys
13:42:20.0723 3764        BTHUSB - ok
13:42:20.0764 3764        btwaudio        (3ea1a20dc0ca1ad23e7aa8c37a91bcd1) C:\Windows\system32\drivers\btwaudio.sys
13:42:20.0770 3764        btwaudio - ok
13:42:20.0817 3764        btwavdt        (195872e48a7fb01f8bc9b800f70f4054) C:\Windows\system32\DRIVERS\btwavdt.sys
13:42:20.0826 3764        btwavdt - ok
13:42:20.0861 3764        cdfs            (77ea11b065e0a8ab902d78145ca51e10) C:\Windows\system32\DRIVERS\cdfs.sys
13:42:20.0875 3764        cdfs - ok
13:42:20.0924 3764        cdrom          (be167ed0fdb9c1fa1133953c18d5a6c9) C:\Windows\system32\DRIVERS\cdrom.sys
13:42:20.0930 3764        cdrom - ok
13:42:20.0971 3764        CertPropSvc    (319c6b309773d063541d01df8ac6f55f) C:\Windows\System32\certprop.dll
13:42:20.0977 3764        CertPropSvc - ok
13:42:21.0015 3764        circlass        (3fe3fe94a34df6fb06e6418d0f6a0060) C:\Windows\system32\DRIVERS\circlass.sys
13:42:21.0024 3764        circlass - ok
13:42:21.0086 3764        CLFS            (635181e0e9bbf16871bf5380d71db02d) C:\Windows\system32\CLFS.sys
13:42:21.0103 3764        CLFS - ok
13:42:21.0185 3764        clr_optimization_v2.0.50727_32 (d88040f816fda31c3b466f0fa0918f29) C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe
13:42:21.0196 3764        clr_optimization_v2.0.50727_32 - ok
13:42:21.0321 3764        clr_optimization_v4.0.30319_32 (c5a75eb48e2344abdc162bda79e16841) C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe
13:42:21.0326 3764        clr_optimization_v4.0.30319_32 - ok
13:42:21.0359 3764        CmBatt          (dea805815e587dad1dd2c502220b5616) C:\Windows\system32\DRIVERS\CmBatt.sys
13:42:21.0361 3764        CmBatt - ok
13:42:21.0399 3764        cmdide          (c537b1db64d495b9b4717b4d6d9edbf2) C:\Windows\system32\drivers\cmdide.sys
13:42:21.0401 3764        cmdide - ok
13:42:21.0419 3764        cmuda3 - ok
13:42:21.0471 3764        CNG            (6427525d76f61d0c519b008d3680e8e7) C:\Windows\system32\Drivers\cng.sys
13:42:21.0486 3764        CNG - ok
13:42:21.0513 3764        Compbatt        (a6023d3823c37043986713f118a89bee) C:\Windows\system32\DRIVERS\compbatt.sys
13:42:21.0516 3764        Compbatt - ok
13:42:21.0556 3764        CompositeBus    (cbe8c58a8579cfe5fccf809e6f114e89) C:\Windows\system32\drivers\CompositeBus.sys
13:42:21.0564 3764        CompositeBus - ok
13:42:21.0583 3764        COMSysApp - ok
13:42:21.0610 3764        crcdisk        (2c4ebcfc84a9b44f209dff6c6e6c61d1) C:\Windows\system32\DRIVERS\crcdisk.sys
13:42:21.0617 3764        crcdisk - ok
13:42:21.0669 3764        CryptSvc        (a585bebf7d054bd9618eda0922d5484a) C:\Windows\system32\cryptsvc.dll
13:42:21.0680 3764        CryptSvc - ok
13:42:21.0749 3764        CscService      (15f93b37f6801943360d9eb42485d5d3) C:\Windows\System32\cscsvc.dll
13:42:21.0770 3764        CscService - ok
13:42:21.0837 3764        DcomLaunch      (7660f01d3b38aca1747e397d21d790af) C:\Windows\system32\rpcss.dll
13:42:21.0869 3764        DcomLaunch - ok
13:42:21.0916 3764        DefragFS        (292e9ec82df08cbdd1cc51d963f38248) C:\Windows\system32\drivers\DefragFS.sys
13:42:21.0917 3764        DefragFS - ok
13:42:21.0971 3764        defragsvc      (8d6e10a2d9a5eed59562d9b82cf804e1) C:\Windows\System32\defragsvc.dll
13:42:21.0983 3764        defragsvc - ok
13:42:22.0020 3764        DfsC            (f024449c97ec1e464aaffda18593db88) C:\Windows\system32\Drivers\dfsc.sys
13:42:22.0027 3764        DfsC - ok
13:42:22.0078 3764        Dhcp            (e9e01eb683c132f7fa27cd607b8a2b63) C:\Windows\system32\dhcpcore.dll
13:42:22.0088 3764        Dhcp - ok
13:42:22.0124 3764        discache        (1a050b0274bfb3890703d490f330c0da) C:\Windows\system32\drivers\discache.sys
13:42:22.0131 3764        discache - ok
13:42:22.0163 3764        Disk            (565003f326f99802e68ca78f2a68e9ff) C:\Windows\system32\DRIVERS\disk.sys
13:42:22.0164 3764        Disk - ok
13:42:22.0220 3764        Dnscache        (33ef4861f19a0736b11314aad9ae28d0) C:\Windows\System32\dnsrslvr.dll
13:42:22.0235 3764        Dnscache - ok
13:42:22.0280 3764        dot3svc        (366ba8fb4b7bb7435e3b9eacb3843f67) C:\Windows\System32\dot3svc.dll
13:42:22.0292 3764        dot3svc - ok
13:42:22.0338 3764        DPS            (8ec04ca86f1d68da9e11952eb85973d6) C:\Windows\system32\dps.dll
13:42:22.0350 3764        DPS - ok
13:42:22.0386 3764        drmkaud        (b918e7c5f9bf77202f89e1a9539f2eb4) C:\Windows\system32\drivers\drmkaud.sys
13:42:22.0389 3764        drmkaud - ok
13:42:22.0468 3764        DXGKrnl        (23f5d28378a160352ba8f817bd8c71cb) C:\Windows\System32\drivers\dxgkrnl.sys
13:42:22.0477 3764        DXGKrnl - ok
13:42:22.0513 3764        EapHost        (8600142fa91c1b96367d3300ad0f3f3a) C:\Windows\System32\eapsvc.dll
13:42:22.0528 3764        EapHost - ok
13:42:22.0731 3764        ebdrv          (024e1b5cac09731e4d868e64dbfb4ab0) C:\Windows\system32\DRIVERS\evbdx.sys
13:42:22.0838 3764        ebdrv - ok
13:42:22.0962 3764        EFS            (81951f51e318aecc2d68559e47485cc4) C:\Windows\System32\lsass.exe
13:42:22.0968 3764        EFS - ok
13:42:23.0067 3764        ehRecvr        (a8c362018efc87beb013ee28f29c0863) C:\Windows\ehome\ehRecvr.exe
13:42:23.0084 3764        ehRecvr - ok
13:42:23.0133 3764        ehSched        (d389bff34f80caede417bf9d1507996a) C:\Windows\ehome\ehsched.exe
13:42:23.0141 3764        ehSched - ok
13:42:23.0237 3764        elxstor        (0ed67910c8c326796faa00b2bf6d9d3c) C:\Windows\system32\DRIVERS\elxstor.sys
13:42:23.0258 3764        elxstor - ok
13:42:23.0292 3764        ErrDev          (8fc3208352dd3912c94367a206ab3f11) C:\Windows\system32\drivers\errdev.sys
13:42:23.0294 3764        ErrDev - ok
13:42:23.0383 3764        EventSystem    (f6916efc29d9953d5d0df06882ae8e16) C:\Windows\system32\es.dll
13:42:23.0403 3764        EventSystem - ok
13:42:23.0440 3764        exfat          (2dc9108d74081149cc8b651d3a26207f) C:\Windows\system32\drivers\exfat.sys
13:42:23.0454 3764        exfat - ok
13:42:23.0492 3764        fastfat        (7e0ab74553476622fb6ae36f73d97d35) C:\Windows\system32\drivers\fastfat.sys
13:42:23.0504 3764        fastfat - ok
13:42:23.0576 3764        Fax            (967ea5b213e9984cbe270205df37755b) C:\Windows\system32\fxssvc.exe
13:42:23.0595 3764        Fax - ok
13:42:23.0627 3764        fdc            (e817a017f82df2a1f8cfdbda29388b29) C:\Windows\system32\DRIVERS\fdc.sys
13:42:23.0635 3764        fdc - ok
13:42:23.0688 3764        fdPHost        (f3222c893bd2f5821a0179e5c71e88fb) C:\Windows\system32\fdPHost.dll
13:42:23.0694 3764        fdPHost - ok
13:42:23.0723 3764        FDResPub        (7dbe8cbfe79efbdeb98c9fb08d3a9a5b) C:\Windows\system32\fdrespub.dll
13:42:23.0730 3764        FDResPub - ok
13:42:23.0756 3764        FileInfo        (6cf00369c97f3cf563be99be983d13d8) C:\Windows\system32\drivers\fileinfo.sys
13:42:23.0758 3764        FileInfo - ok
13:42:23.0811 3764        Filetrace      (42c51dc94c91da21cb9196eb64c45db9) C:\Windows\system32\drivers\filetrace.sys
13:42:23.0819 3764        Filetrace - ok
13:42:23.0853 3764        flpydisk        (87907aa70cb3c56600f1c2fb8841579b) C:\Windows\system32\DRIVERS\flpydisk.sys
13:42:23.0856 3764        flpydisk - ok
13:42:23.0898 3764        FltMgr          (7520ec808e0c35e0ee6f841294316653) C:\Windows\system32\drivers\fltmgr.sys
13:42:23.0910 3764        FltMgr - ok
13:42:23.0995 3764        FontCache      (b3a5ec6b6b6673db7e87c2bcdbddc074) C:\Windows\system32\FntCache.dll
13:42:24.0023 3764        FontCache - ok
13:42:24.0107 3764        FontCache3.0.0.0 (e56f39f6b7fda0ac77a79b0fd3de1a2f) C:\Windows\Microsoft.Net\Framework\v3.0\WPF\PresentationFontCache.exe
13:42:24.0116 3764        FontCache3.0.0.0 - ok
13:42:24.0154 3764        FsDepends      (1a16b57943853e598cff37fe2b8cbf1d) C:\Windows\system32\drivers\FsDepends.sys
13:42:24.0160 3764        FsDepends - ok
13:42:24.0217 3764        FsUsbExDisk    (cbe5f69a5e5b918225f420ba748f3742) C:\Windows\system32\FsUsbExDisk.SYS
13:42:24.0234 3764        FsUsbExDisk - ok
13:42:24.0271 3764        FsUsbExService  (96633419f4a1e37acb89b45ebccfe001) C:\Windows\system32\FsUsbExService.Exe
13:42:24.0291 3764        FsUsbExService - ok
13:42:24.0328 3764        Fs_Rec          (7dae5ebcc80e45d3253f4923dc424d05) C:\Windows\system32\drivers\Fs_Rec.sys
13:42:24.0329 3764        Fs_Rec - ok
13:42:24.0379 3764        fvevol          (8a73e79089b282100b9393b644cb853b) C:\Windows\system32\DRIVERS\fvevol.sys
13:42:24.0390 3764        fvevol - ok
13:42:24.0433 3764        gagp30kx        (65ee0c7a58b65e74ae05637418153938) C:\Windows\system32\DRIVERS\gagp30kx.sys
13:42:24.0439 3764        gagp30kx - ok
13:42:24.0510 3764        gpsvc          (e897eaf5ed6ba41e081060c9b447a673) C:\Windows\System32\gpsvc.dll
13:42:24.0537 3764        gpsvc - ok
13:42:24.0565 3764        hcw85cir        (c44e3c2bab6837db337ddee7544736db) C:\Windows\system32\drivers\hcw85cir.sys
13:42:24.0573 3764        hcw85cir - ok
13:42:24.0611 3764        HDAudBus        (9036377b8a6c15dc2eec53e489d159b5) C:\Windows\system32\drivers\HDAudBus.sys
13:42:24.0624 3764        HDAudBus - ok
13:42:24.0737 3764        HDDlife HDD Access service (dce43f051d80820a28307d527bd4e947) C:\Program Files\Common Files\BinarySense\hldasvc.exe
13:42:24.0767 3764        HDDlife HDD Access service - ok
13:42:24.0797 3764        HH10Help.sys    (d1c92d1e1620da2e22e3f483a73729d7) C:\Windows\system32\drivers\HH10Help.sys
13:42:24.0799 3764        HH10Help.sys - ok
13:42:24.0835 3764        HidBatt        (1d58a7f3e11a9731d0eaaaa8405acc36) C:\Windows\system32\DRIVERS\HidBatt.sys
13:42:24.0838 3764        HidBatt - ok
13:42:24.0864 3764        HidBth          (89448f40e6df260c206a193a4683ba78) C:\Windows\system32\DRIVERS\hidbth.sys
13:42:24.0874 3764        HidBth - ok
13:42:24.0902 3764        HidIr          (cf50b4cf4a4f229b9f3c08351f99ca5e) C:\Windows\system32\DRIVERS\hidir.sys
13:42:24.0909 3764        HidIr - ok
13:42:24.0951 3764        hidserv        (2bc6f6a1992b3a77f5f41432ca6b3b6b) C:\Windows\system32\hidserv.dll
13:42:24.0973 3764        hidserv - ok
13:42:25.0007 3764        HidUsb          (10c19f8290891af023eaec0832e1eb4d) C:\Windows\system32\DRIVERS\hidusb.sys
13:42:25.0010 3764        HidUsb - ok
13:42:25.0057 3764        hkmsvc          (196b4e3f4cccc24af836ce58facbb699) C:\Windows\system32\kmsvc.dll
13:42:25.0074 3764        hkmsvc - ok
13:42:25.0126 3764        HomeGroupListener (6658f4404de03d75fe3ba09f7aba6a30) C:\Windows\system32\ListSvc.dll
13:42:25.0139 3764        HomeGroupListener - ok
13:42:25.0191 3764        HomeGroupProvider (dbc02d918fff1cad628acbe0c0eaa8e8) C:\Windows\system32\provsvc.dll
13:42:25.0213 3764        HomeGroupProvider - ok
13:42:25.0253 3764        HpSAMD          (295fdc419039090eb8b49ffdbb374549) C:\Windows\system32\drivers\HpSAMD.sys
13:42:25.0260 3764        HpSAMD - ok
13:42:25.0318 3764        HTTP            (871917b07a141bff43d76d8844d48106) C:\Windows\system32\drivers\HTTP.sys
13:42:25.0347 3764        HTTP - ok
13:42:25.0374 3764        hwpolicy        (0c4e035c7f105f1299258c90886c64c5) C:\Windows\system32\drivers\hwpolicy.sys
13:42:25.0375 3764        hwpolicy - ok
13:42:25.0411 3764        i8042prt        (f151f0bdc47f4a28b1b20a0818ea36d6) C:\Windows\system32\drivers\i8042prt.sys
13:42:25.0417 3764        i8042prt - ok
13:42:25.0471 3764        iaStorV        (5cd5f9a5444e6cdcb0ac89bd62d8b76e) C:\Windows\system32\drivers\iaStorV.sys
13:42:25.0489 3764        iaStorV - ok
13:42:25.0617 3764        idsvc          (c521d7eb6497bb1af6afa89e322fb43c) C:\Windows\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\infocard.exe
13:42:25.0644 3764        idsvc - ok
13:42:25.0687 3764        iirsp          (4173ff5708f3236cf25195fecd742915) C:\Windows\system32\DRIVERS\iirsp.sys
13:42:25.0695 3764        iirsp - ok
13:42:25.0775 3764        IKEEXT          (f95622f161474511b8d80d6b093aa610) C:\Windows\System32\ikeext.dll
13:42:25.0797 3764        IKEEXT - ok
13:42:25.0838 3764        intelide        (a0f12f2c9ba6c72f3987ce780e77c130) C:\Windows\system32\drivers\intelide.sys
13:42:25.0840 3764        intelide - ok
13:42:25.0885 3764        intelppm        (3b514d27bfc4accb4037bc6685f766e0) C:\Windows\system32\DRIVERS\intelppm.sys
13:42:25.0891 3764        intelppm - ok
13:42:25.0926 3764        IPBusEnum      (acb364b9075a45c0736e5c47be5cae19) C:\Windows\system32\ipbusenum.dll
13:42:25.0943 3764        IPBusEnum - ok
13:42:25.0974 3764        IpFilterDriver  (709d1761d3b19a932ff0238ea6d50200) C:\Windows\system32\DRIVERS\ipfltdrv.sys
13:42:25.0980 3764        IpFilterDriver - ok
13:42:26.0023 3764        IPMIDRV        (4bd7134618c1d2a27466a099062547bf) C:\Windows\system32\drivers\IPMIDrv.sys
13:42:26.0034 3764        IPMIDRV - ok
13:42:26.0076 3764        IPNAT          (a5fa468d67abcdaa36264e463a7bb0cd) C:\Windows\system32\drivers\ipnat.sys
13:42:26.0083 3764        IPNAT - ok
13:42:26.0105 3764        IRENUM          (42996cff20a3084a56017b7902307e9f) C:\Windows\system32\drivers\irenum.sys
13:42:26.0108 3764        IRENUM - ok
13:42:26.0145 3764        isapnp          (1f32bb6b38f62f7df1a7ab7292638a35) C:\Windows\system32\drivers\isapnp.sys
13:42:26.0153 3764        isapnp - ok
13:42:26.0199 3764        iScsiPrt        (cb7a9abb12b8415bce5d74994c7ba3ae) C:\Windows\system32\drivers\msiscsi.sys
13:42:26.0213 3764        iScsiPrt - ok
13:42:26.0245 3764        kbdclass        (adef52ca1aeae82b50df86b56413107e) C:\Windows\system32\DRIVERS\kbdclass.sys
13:42:26.0247 3764        kbdclass - ok
13:42:26.0279 3764        kbdhid          (9e3ced91863e6ee98c24794d05e27a71) C:\Windows\system32\DRIVERS\kbdhid.sys
13:42:26.0287 3764        kbdhid - ok
13:42:26.0321 3764        KeyIso          (81951f51e318aecc2d68559e47485cc4) C:\Windows\system32\lsass.exe
13:42:26.0327 3764        KeyIso - ok
13:42:26.0360 3764        KMWDFILTERx86  (4476fe98aaf505acdcd3ee6360aabec1) C:\Windows\system32\DRIVERS\KMWDFILTER.sys
13:42:26.0368 3764        KMWDFILTERx86 - ok
13:42:26.0414 3764        KSecDD          (f4647bb23db9038a7536cf6b68f4207f) C:\Windows\system32\Drivers\ksecdd.sys
13:42:26.0419 3764        KSecDD - ok
13:42:26.0458 3764        KSecPkg        (e73cae53bbb72ba26918492c6b4c229d) C:\Windows\system32\Drivers\ksecpkg.sys
13:42:26.0471 3764        KSecPkg - ok
13:42:26.0525 3764        KtmRm          (89a7b9cc98d0d80c6f31b91c0a310fcd) C:\Windows\system32\msdtckrm.dll
13:42:26.0544 3764        KtmRm - ok
13:42:26.0611 3764        LanmanServer    (d64af876d53eca3668bb97b51b4e70ab) C:\Windows\system32\srvsvc.dll
13:42:26.0628 3764        LanmanServer - ok
13:42:26.0669 3764        LanmanWorkstation (58405e4f68ba8e4057c6e914f326aba2) C:\Windows\System32\wkssvc.dll
13:42:26.0684 3764        LanmanWorkstation - ok
13:42:26.0733 3764        lltdio          (f7611ec07349979da9b0ae1f18ccc7a6) C:\Windows\system32\DRIVERS\lltdio.sys
13:42:26.0740 3764        lltdio - ok
13:42:26.0789 3764        lltdsvc        (5700673e13a2117fa3b9020c852c01e2) C:\Windows\System32\lltdsvc.dll
13:42:26.0806 3764        lltdsvc - ok
13:42:26.0831 3764        lmhosts        (55ca01ba19d0006c8f2639b6c045e08b) C:\Windows\System32\lmhsvc.dll
13:42:26.0836 3764        lmhosts - ok
13:42:26.0854 3764        LMImirr - ok
13:42:26.0892 3764        LSI_FC          (eb119a53ccf2acc000ac71b065b78fef) C:\Windows\system32\DRIVERS\lsi_fc.sys
13:42:26.0898 3764        LSI_FC - ok
13:42:26.0922 3764        LSI_SAS        (8ade1c877256a22e49b75d1cc9161f9c) C:\Windows\system32\DRIVERS\lsi_sas.sys
13:42:26.0934 3764        LSI_SAS - ok
13:42:26.0962 3764        LSI_SAS2        (dc9dc3d3daa0e276fd2ec262e38b11e9) C:\Windows\system32\DRIVERS\lsi_sas2.sys
13:42:26.0970 3764        LSI_SAS2 - ok
13:42:26.0995 3764        LSI_SCSI        (0a036c7d7cab643a7f07135ac47e0524) C:\Windows\system32\DRIVERS\lsi_scsi.sys
13:42:27.0006 3764        LSI_SCSI - ok
13:42:27.0037 3764        luafv          (6703e366cc18d3b6e534f5cf7df39cee) C:\Windows\system32\drivers\luafv.sys
13:42:27.0043 3764        luafv - ok
13:42:27.0086 3764        LVUSBSta        (be5e104be263921d6842c555db6a5c23) C:\Windows\system32\DRIVERS\LVUSBSta.sys
13:42:27.0087 3764        LVUSBSta - ok
13:42:27.0140 3764        MBAMProtector  (fb097bbc1a18f044bd17bd2fccf97865) C:\Windows\system32\drivers\mbam.sys
13:42:27.0143 3764        MBAMProtector - ok
13:42:27.0255 3764        MBAMService    (ba400ed640bca1eae5c727ae17c10207) C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe
13:42:27.0279 3764        MBAMService - ok
13:42:27.0324 3764        Mcx2Svc        (bfb9ee8ee977efe85d1a3105abef6dd1) C:\Windows\system32\Mcx2Svc.dll
13:42:27.0333 3764        Mcx2Svc - ok
13:42:27.0368 3764        megasas        (0fff5b045293002ab38eb1fd1fc2fb74) C:\Windows\system32\DRIVERS\megasas.sys
13:42:27.0375 3764        megasas - ok
13:42:27.0416 3764        MegaSR          (dcbab2920c75f390caf1d29f675d03d6) C:\Windows\system32\DRIVERS\MegaSR.sys
13:42:27.0427 3764        MegaSR - ok
13:42:27.0486 3764        Microsoft Office Groove Audit Service (fafe367d032ed82e9332b4c741a20216) C:\Program Files\Microsoft Office\Office12\GrooveAuditService.exe
13:42:27.0493 3764        Microsoft Office Groove Audit Service - ok
13:42:27.0529 3764        MMCSS          (146b6f43a673379a3c670e86d89be5ea) C:\Windows\system32\mmcss.dll
13:42:27.0545 3764        MMCSS - ok
13:42:27.0625 3764        Modem          (f001861e5700ee84e2d4e52c712f4964) C:\Windows\system32\drivers\modem.sys
13:42:27.0633 3764        Modem - ok
13:42:27.0673 3764        monitor        (79d10964de86b292320e9dfe02282a23) C:\Windows\system32\DRIVERS\monitor.sys
13:42:27.0675 3764        monitor - ok
13:42:27.0714 3764        mouclass        (fb18cc1d4c2e716b6b903b0ac0cc0609) C:\Windows\system32\DRIVERS\mouclass.sys
13:42:27.0716 3764        mouclass - ok
13:42:27.0748 3764        mouhid          (2c388d2cd01c9042596cf3c8f3c7b24d) C:\Windows\system32\DRIVERS\mouhid.sys
13:42:27.0755 3764        mouhid - ok
13:42:27.0801 3764        mountmgr        (fc8771f45ecccfd89684e38842539b9b) C:\Windows\system32\drivers\mountmgr.sys
13:42:27.0807 3764        mountmgr - ok
13:42:27.0844 3764        mpio            (2d699fb6e89ce0d8da14ecc03b3edfe0) C:\Windows\system32\drivers\mpio.sys
13:42:27.0857 3764        mpio - ok
13:42:27.0900 3764        mpsdrv          (ad2723a7b53dd1aacae6ad8c0bfbf4d0) C:\Windows\system32\drivers\mpsdrv.sys
13:42:27.0907 3764        mpsdrv - ok
13:42:27.0953 3764        MRxDAV          (ceb46ab7c01c9f825f8cc6babc18166a) C:\Windows\system32\drivers\mrxdav.sys
13:42:27.0966 3764        MRxDAV - ok
13:42:28.0014 3764        mrxsmb          (5d16c921e3671636c0eba3bbaac5fd25) C:\Windows\system32\DRIVERS\mrxsmb.sys
13:42:28.0028 3764        mrxsmb - ok
13:42:28.0070 3764        mrxsmb10        (6d17a4791aca19328c685d256349fefc) C:\Windows\system32\DRIVERS\mrxsmb10.sys
13:42:28.0081 3764        mrxsmb10 - ok
13:42:28.0120 3764        mrxsmb20        (b81f204d146000be76651a50670a5e9e) C:\Windows\system32\DRIVERS\mrxsmb20.sys
13:42:28.0126 3764        mrxsmb20 - ok
13:42:28.0156 3764        msahci          (012c5f4e9349e711e11e0f19a8589f0a) C:\Windows\system32\drivers\msahci.sys
13:42:28.0164 3764        msahci - ok
13:42:28.0223 3764        msdsm          (55055f8ad8be27a64c831322a780a228) C:\Windows\system32\drivers\msdsm.sys
13:42:28.0236 3764        msdsm - ok
13:42:28.0289 3764        MSDTC          (e1bce74a3bd9902b72599c0192a07e27) C:\Windows\System32\msdtc.exe
13:42:28.0307 3764        MSDTC - ok
13:42:28.0364 3764        Msfs            (daefb28e3af5a76abcc2c3078c07327f) C:\Windows\system32\drivers\Msfs.sys
13:42:28.0366 3764        Msfs - ok
13:42:28.0390 3764        mshidkmdf      (3e1e5767043c5af9367f0056295e9f84) C:\Windows\System32\drivers\mshidkmdf.sys
13:42:28.0395 3764        mshidkmdf - ok
13:42:28.0435 3764        msisadrv        (0a4e5757ae09fa9622e3158cc1aef114) C:\Windows\system32\drivers\msisadrv.sys
13:42:28.0437 3764        msisadrv - ok
13:42:28.0484 3764        MSiSCSI        (90f7d9e6b6f27e1a707d4a297f077828) C:\Windows\system32\iscsiexe.dll
13:42:28.0498 3764        MSiSCSI - ok
13:42:28.0516 3764        msiserver - ok
13:42:28.0546 3764        MSKSSRV        (8c0860d6366aaffb6c5bb9df9448e631) C:\Windows\system32\drivers\MSKSSRV.sys
13:42:28.0548 3764        MSKSSRV - ok
13:42:28.0568 3764        MSPCLOCK        (3ea8b949f963562cedbb549eac0c11ce) C:\Windows\system32\drivers\MSPCLOCK.sys
13:42:28.0571 3764        MSPCLOCK - ok
13:42:28.0589 3764        MSPQM          (f456e973590d663b1073e9c463b40932) C:\Windows\system32\drivers\MSPQM.sys
13:42:28.0593 3764        MSPQM - ok
13:42:28.0628 3764        MsRPC          (0e008fc4819d238c51d7c93e7b41e560) C:\Windows\system32\drivers\MsRPC.sys
13:42:28.0641 3764        MsRPC - ok
13:42:28.0693 3764        mssmbios        (fc6b9ff600cc585ea38b12589bd4e246) C:\Windows\system32\drivers\mssmbios.sys
13:42:28.0695 3764        mssmbios - ok
13:42:28.0720 3764        MSTEE          (b42c6b921f61a6e55159b8be6cd54a36) C:\Windows\system32\drivers\MSTEE.sys
13:42:28.0723 3764        MSTEE - ok
13:42:28.0744 3764        MTConfig        (33599130f44e1f34631cea241de8ac84) C:\Windows\system32\DRIVERS\MTConfig.sys
13:42:28.0746 3764        MTConfig - ok
13:42:28.0778 3764        Mup            (159fad02f64e6381758c990f753bcc80) C:\Windows\system32\Drivers\mup.sys
13:42:28.0783 3764        Mup - ok
13:42:28.0853 3764        napagent        (61d57a5d7c6d9afe10e77dae6e1b445e) C:\Windows\system32\qagentRT.dll
13:42:28.0886 3764        napagent - ok
13:42:28.0933 3764        NativeWifiP    (26384429fcd85d83746f63e798ab1480) C:\Windows\system32\DRIVERS\nwifi.sys
13:42:28.0950 3764        NativeWifiP - ok
13:42:29.0030 3764        NDIS            (e7c54812a2aaf43316eb6930c1ffa108) C:\Windows\system32\drivers\ndis.sys
13:42:29.0060 3764        NDIS - ok
13:42:29.0088 3764        NdisCap        (0e1787aa6c9191d3d319e8bafe86f80c) C:\Windows\system32\DRIVERS\ndiscap.sys
13:42:29.0096 3764        NdisCap - ok
13:42:29.0134 3764        NdisTapi        (e4a8aec125a2e43a9e32afeea7c9c888) C:\Windows\system32\DRIVERS\ndistapi.sys
13:42:29.0136 3764        NdisTapi - ok
13:42:29.0168 3764        Ndisuio        (d8a65dafb3eb41cbb622745676fcd072) C:\Windows\system32\DRIVERS\ndisuio.sys
13:42:29.0184 3764        Ndisuio - ok
13:42:29.0220 3764        NdisWan        (38fbe267e7e6983311179230facb1017) C:\Windows\system32\DRIVERS\ndiswan.sys
13:42:29.0235 3764        NdisWan - ok
13:42:29.0286 3764        NDProxy        (a4bdc541e69674fbff1a8ff00be913f2) C:\Windows\system32\drivers\NDProxy.sys
13:42:29.0292 3764        NDProxy - ok
13:42:29.0344 3764        NetBIOS        (80b275b1ce3b0e79909db7b39af74d51) C:\Windows\system32\DRIVERS\netbios.sys
13:42:29.0353 3764        NetBIOS - ok
13:42:29.0404 3764        NetBT          (280122ddcf04b378edd1ad54d71c1e54) C:\Windows\system32\DRIVERS\netbt.sys
13:42:29.0415 3764        NetBT - ok
13:42:29.0463 3764        Netlogon        (81951f51e318aecc2d68559e47485cc4) C:\Windows\system32\lsass.exe
13:42:29.0467 3764        Netlogon - ok
13:42:29.0519 3764        Netman          (7cccfca7510684768da22092d1fa4db2) C:\Windows\System32\netman.dll
13:42:29.0546 3764        Netman - ok
13:42:29.0597 3764        netprofm        (8c338238c16777a802d6a9211eb2ba50) C:\Windows\System32\netprofm.dll
13:42:29.0621 3764        netprofm - ok
13:42:29.0708 3764        NetTcpPortSharing (f476ec40033cdb91efbe73eb99b8362d) C:\Windows\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\SMSvcHost.exe
13:42:29.0720 3764        NetTcpPortSharing - ok
13:42:29.0754 3764        nfrd960        (1d85c4b390b0ee09c7a46b91efb2c097) C:\Windows\system32\DRIVERS\nfrd960.sys
13:42:29.0761 3764        nfrd960 - ok
13:42:29.0833 3764        NlaSvc          (912084381d30d8b89ec4e293053f4710) C:\Windows\System32\nlasvc.dll
13:42:29.0849 3764        NlaSvc - ok
13:42:29.0928 3764        nmwcd          (f6c40e0a565ee3ce5aeeb325e10054f2) C:\Windows\system32\drivers\ccdcmb.sys
13:42:29.0931 3764        nmwcd - ok
13:42:29.0975 3764        nmwcdc          (2a394e9e1fa3565e4b2fea470ffe4d6b) C:\Windows\system32\drivers\ccdcmbo.sys
13:42:29.0977 3764        nmwcdc - ok
13:42:30.0015 3764        nmwcdnsu        (99b224f8026cb534724aa3c408561e45) C:\Windows\system32\drivers\nmwcdnsu.sys
13:42:30.0029 3764        nmwcdnsu - ok
13:42:30.0053 3764        nmwcdnsuc      (d23257682d349a5e2e4507ed33decc16) C:\Windows\system32\drivers\nmwcdnsuc.sys
13:42:30.0056 3764        nmwcdnsuc - ok
13:42:30.0104 3764        NPF            (b48dc6abcd3aeff8618350ccbdc6b09a) C:\Windows\system32\drivers\npf.sys
13:42:30.0111 3764        NPF - ok
13:42:30.0139 3764        Npfs            (1db262a9f8c087e8153d89bef3d2235f) C:\Windows\system32\drivers\Npfs.sys
13:42:30.0147 3764        Npfs - ok
13:42:30.0199 3764        nsi            (ba387e955e890c8a88306d9b8d06bf17) C:\Windows\system32\nsisvc.dll
13:42:30.0207 3764        nsi - ok
13:42:30.0233 3764        nsiproxy        (e9a0a4d07e53d8fea2bb8387a3293c58) C:\Windows\system32\drivers\nsiproxy.sys
13:42:30.0236 3764        nsiproxy - ok
13:42:30.0350 3764        Ntfs            (81189c3d7763838e55c397759d49007a) C:\Windows\system32\drivers\Ntfs.sys
13:42:30.0395 3764        Ntfs - ok
13:42:30.0428 3764        Null            (f9756a98d69098dca8945d62858a812c) C:\Windows\system32\drivers\Null.sys
13:42:30.0430 3764        Null - ok
13:42:31.0133 3764        nvlddmkm        (e891b3979f0cf2740c1b073f834221fe) C:\Windows\system32\DRIVERS\nvlddmkm.sys
13:42:31.0254 3764        nvlddmkm - ok
13:42:31.0422 3764        nvraid          (b3e25ee28883877076e0e1ff877d02e0) C:\Windows\system32\drivers\nvraid.sys
13:42:31.0435 3764        nvraid - ok
13:42:31.0483 3764        nvstor          (4380e59a170d88c4f1022eff6719a8a4) C:\Windows\system32\drivers\nvstor.sys
13:42:31.0495 3764        nvstor - ok
13:42:31.0559 3764        nvsvc          (ae2de8e165dcb93a66b21748e6f913df) C:\Windows\system32\nvvsvc.exe
13:42:31.0585 3764        nvsvc - ok
13:42:31.0819 3764        nvUpdatusService (c78581c14699c46fe0f0817416383134) C:\Program Files\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe
13:42:31.0889 3764        nvUpdatusService - ok
13:42:32.0039 3764        nv_agp          (5a0983915f02bae73267cc2a041f717d) C:\Windows\system32\drivers\nv_agp.sys
13:42:32.0045 3764        nv_agp - ok
13:42:32.0125 3764        odserv          (84de1dd996b48b05ace31ad015fa108a) C:\Program Files\Common Files\Microsoft Shared\OFFICE12\ODSERV.EXE
13:42:32.0139 3764        odserv - ok
13:42:32.0194 3764        ohci1394        (08a70a1f2cdde9bb49b885cb817a66eb) C:\Windows\system32\drivers\ohci1394.sys
13:42:32.0200 3764        ohci1394 - ok
13:42:32.0239 3764        ose            (5a432a042dae460abe7199b758e8606c) C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE
13:42:32.0250 3764        ose - ok
13:42:32.0315 3764        p2pimsvc        (82a8521ddc60710c3d3d3e7325209bec) C:\Windows\system32\pnrpsvc.dll
13:42:32.0334 3764        p2pimsvc - ok
13:42:32.0386 3764        p2psvc          (59c3ddd501e39e006dac31bf55150d91) C:\Windows\system32\p2psvc.dll
13:42:32.0410 3764        p2psvc - ok
13:42:32.0460 3764        PAC7311        (2085d5168fc0c56bb13304d180d244b6) C:\Windows\system32\DRIVERS\PA707UCM.SYS
13:42:32.0468 3764        PAC7311 - ok
13:42:32.0513 3764        Parport        (2ea877ed5dd9713c5ac74e8ea7348d14) C:\Windows\system32\DRIVERS\parport.sys
13:42:32.0526 3764        Parport - ok
13:42:32.0559 3764        partmgr        (3f34a1b4c5f6475f320c275e63afce9b) C:\Windows\system32\drivers\partmgr.sys
13:42:32.0561 3764        partmgr - ok
13:42:32.0585 3764        Parvdm          (eb0a59f29c19b86479d36b35983daadc) C:\Windows\system32\DRIVERS\parvdm.sys
13:42:32.0587 3764        Parvdm - ok
13:42:32.0625 3764        PcaSvc          (358ab7956d3160000726574083dfc8a6) C:\Windows\System32\pcasvc.dll
13:42:32.0646 3764        PcaSvc - ok
13:42:32.0700 3764        pccsmcfd        (fd2041e9ba03db7764b2248f02475079) C:\Windows\system32\DRIVERS\pccsmcfd.sys
13:42:32.0704 3764        pccsmcfd - ok
13:42:32.0744 3764        pci            (673e55c3498eb970088e812ea820aa8f) C:\Windows\system32\drivers\pci.sys
13:42:32.0757 3764        pci - ok
13:42:32.0796 3764        pciide          (afe86f419014db4e5593f69ffe26ce0a) C:\Windows\system32\drivers\pciide.sys
13:42:32.0799 3764        pciide - ok
13:42:32.0845 3764        pcmcia          (f396431b31693e71e8a80687ef523506) C:\Windows\system32\DRIVERS\pcmcia.sys
13:42:32.0857 3764        pcmcia - ok
13:42:32.0885 3764        pcw            (250f6b43d2b613172035c6747aeeb19f) C:\Windows\system32\drivers\pcw.sys
13:42:32.0887 3764        pcw - ok
13:42:33.0031 3764        PDAgent        (6abb7315658f35e448207b0ce69025bc) C:\Program Files\Raxco\PerfectDisk10\PDAgent.exe
13:42:33.0073 3764        PDAgent - ok
13:42:33.0156 3764        PDEngine        (b5838b97235014d5378b80ed05d4ef30) C:\Program Files\Raxco\PerfectDisk10\PDEngine.exe
13:42:33.0193 3764        PDEngine - ok
13:42:33.0378 3764        PEAUTH          (9e0104ba49f4e6973749a02bf41344ed) C:\Windows\system32\drivers\peauth.sys
13:42:33.0398 3764        PEAUTH - ok
13:42:33.0494 3764        PeerDistSvc    (af4d64d2a57b9772cf3801950b8058a6) C:\Windows\system32\peerdistsvc.dll
13:42:33.0533 3764        PeerDistSvc - ok
13:42:33.0666 3764        PID_0928        (3551190e9cf1eb4c0971bdef4269ca25) C:\Windows\system32\DRIVERS\LV561AV.SYS
13:42:33.0689 3764        PID_0928 - ok
13:42:33.0809 3764        pla            (414bba67a3ded1d28437eb66aeb8a720) C:\Windows\system32\pla.dll
13:42:33.0874 3764        pla - ok
13:42:34.0018 3764        PlugPlay        (ec7bc28d207da09e79b3e9faf8b232ca) C:\Windows\system32\umpnpmgr.dll
13:42:34.0038 3764        PlugPlay - ok
13:42:34.0083 3764        PNRPAutoReg    (63ff8572611249931eb16bb8eed6afc8) C:\Windows\system32\pnrpauto.dll
13:42:34.0090 3764        PNRPAutoReg - ok
13:42:34.0144 3764        PNRPsvc        (82a8521ddc60710c3d3d3e7325209bec) C:\Windows\system32\pnrpsvc.dll
13:42:34.0155 3764        PNRPsvc - ok
13:42:34.0221 3764        PolicyAgent    (53946b69ba0836bd95b03759530c81ec) C:\Windows\System32\ipsecsvc.dll
13:42:34.0246 3764        PolicyAgent - ok
13:42:34.0303 3764        Power          (f87d30e72e03d579a5199ccb3831d6ea) C:\Windows\system32\umpo.dll
13:42:34.0324 3764        Power - ok
13:42:34.0388 3764        PptpMiniport    (631e3e205ad6d86f2aed6a4a8e69f2db) C:\Windows\system32\DRIVERS\raspptp.sys
13:42:34.0396 3764        PptpMiniport - ok
13:42:34.0441 3764        Processor      (85b1e3a0c7585bc4aae6899ec6fcf011) C:\Windows\system32\DRIVERS\processr.sys
13:42:34.0457 3764        Processor - ok
13:42:34.0499 3764        ProfSvc        (43ca4ccc22d52fb58e8988f0198851d0) C:\Windows\system32\profsvc.dll
13:42:34.0510 3764        ProfSvc - ok
13:42:34.0543 3764        ProtectedStorage (81951f51e318aecc2d68559e47485cc4) C:\Windows\system32\lsass.exe
13:42:34.0547 3764        ProtectedStorage - ok
13:42:34.0610 3764        Psched          (6270ccae2a86de6d146529fe55b3246a) C:\Windows\system32\DRIVERS\pacer.sys
13:42:34.0617 3764        Psched - ok
13:42:34.0716 3764        ql2300          (ab95ecf1f6659a60ddc166d8315b0751) C:\Windows\system32\DRIVERS\ql2300.sys
13:42:34.0773 3764        ql2300 - ok
13:42:34.0933 3764        ql40xx          (b4dd51dd25182244b86737dc51af2270) C:\Windows\system32\DRIVERS\ql40xx.sys
13:42:34.0948 3764        ql40xx - ok
13:42:35.0010 3764        QWAVE          (31ac809e7707eb580b2bdb760390765a) C:\Windows\system32\qwave.dll
13:42:35.0031 3764        QWAVE - ok
13:42:35.0054 3764        QWAVEdrv        (584078ca1b95ca72df2a27c336f9719d) C:\Windows\system32\drivers\qwavedrv.sys
13:42:35.0057 3764        QWAVEdrv - ok
13:42:35.0079 3764        RasAcd          (30a81b53c766d0133bb86d234e5556ab) C:\Windows\system32\DRIVERS\rasacd.sys
13:42:35.0081 3764        RasAcd - ok
13:42:35.0121 3764        RasAgileVpn    (57ec4aef73660166074d8f7f31c0d4fd) C:\Windows\system32\DRIVERS\AgileVpn.sys
13:42:35.0128 3764        RasAgileVpn - ok
13:42:35.0169 3764        RasAuto        (a60f1839849c0c00739787fd5ec03f13) C:\Windows\System32\rasauto.dll
13:42:35.0194 3764        RasAuto - ok
13:42:35.0228 3764        Rasl2tp        (d9f91eafec2815365cbe6d167e4e332a) C:\Windows\system32\DRIVERS\rasl2tp.sys
13:42:35.0236 3764        Rasl2tp - ok
13:42:35.0293 3764        RasMan          (cb9e04dc05eacf5b9a36ca276d475006) C:\Windows\System32\rasmans.dll
13:42:35.0314 3764        RasMan - ok
13:42:35.0351 3764        RasPppoe        (0fe8b15916307a6ac12bfb6a63e45507) C:\Windows\system32\DRIVERS\raspppoe.sys
13:42:35.0360 3764        RasPppoe - ok
13:42:35.0397 3764        RasSstp        (44101f495a83ea6401d886e7fd70096b) C:\Windows\system32\DRIVERS\rassstp.sys
13:42:35.0405 3764        RasSstp - ok
13:42:35.0467 3764        rdbss          (d528bc58a489409ba40334ebf96a311b) C:\Windows\system32\DRIVERS\rdbss.sys
13:42:35.0478 3764        rdbss - ok
13:42:35.0509 3764        rdpbus          (0d8f05481cb76e70e1da06ee9f0da9df) C:\Windows\system32\DRIVERS\rdpbus.sys
13:42:35.0513 3764        rdpbus - ok
13:42:35.0553 3764        RDPCDD          (23dae03f29d253ae74c44f99e515f9a1) C:\Windows\system32\DRIVERS\RDPCDD.sys
13:42:35.0555 3764        RDPCDD - ok
13:42:35.0604 3764        RDPDR          (b973fcfc50dc1434e1970a146f7e3885) C:\Windows\system32\drivers\rdpdr.sys
13:42:35.0616 3764        RDPDR - ok
13:42:35.0648 3764        RDPENCDD        (5a53ca1598dd4156d44196d200c94b8a) C:\Windows\system32\drivers\rdpencdd.sys
13:42:35.0650 3764        RDPENCDD - ok
13:42:35.0688 3764        RDPREFMP        (44b0a53cd4f27d50ed461dae0c0b4e1f) C:\Windows\system32\drivers\rdprefmp.sys
13:42:35.0690 3764        RDPREFMP - ok
13:42:35.0741 3764        RdpVideoMiniport (68a0387f58e226deee23d9715955572a) C:\Windows\system32\drivers\rdpvideominiport.sys
13:42:35.0745 3764        RdpVideoMiniport - ok
13:42:35.0792 3764        RDPWD          (244c83332f44589ae98fc347f11b2693) C:\Windows\system32\drivers\RDPWD.sys
13:42:35.0805 3764        RDPWD - ok
13:42:35.0841 3764        rdyboost        (518395321dc96fe2c9f0e96ac743b656) C:\Windows\system32\drivers\rdyboost.sys
13:42:35.0854 3764        rdyboost - ok
13:42:35.0911 3764        RemoteAccess    (7b5e1419717fac363a31cc302895217a) C:\Windows\System32\mprdim.dll
13:42:35.0925 3764        RemoteAccess - ok
13:42:35.0971 3764        RemoteRegistry  (cb9a8683f4ef2bf99e123d79950d7935) C:\Windows\system32\regsvc.dll
13:42:35.0986 3764        RemoteRegistry - ok
13:42:36.0023 3764        RFCOMM          (cb928d9e6daf51879dd6ba8d02f01321) C:\Windows\system32\DRIVERS\rfcomm.sys
13:42:36.0035 3764        RFCOMM - ok
13:42:36.0096 3764        rpcapd          (b60f58f175de20a6739194e85b035178) C:\Program Files\WinPcap\rpcapd.exe
13:42:36.0110 3764        rpcapd - ok
13:42:36.0168 3764        RpcEptMapper    (78d072f35bc45d9e4e1b61895c152234) C:\Windows\System32\RpcEpMap.dll
13:42:36.0198 3764        RpcEptMapper - ok
13:42:36.0234 3764        RpcLocator      (94d36c0e44677dd26981d2bfeef2a29d) C:\Windows\system32\locator.exe
13:42:36.0239 3764        RpcLocator - ok
13:42:36.0292 3764        RpcSs          (7660f01d3b38aca1747e397d21d790af) C:\Windows\system32\rpcss.dll
13:42:36.0304 3764        RpcSs - ok
13:42:36.0360 3764        rspndr          (032b0d36ad92b582d869879f5af5b928) C:\Windows\system32\DRIVERS\rspndr.sys
13:42:36.0368 3764        rspndr - ok
13:42:36.0406 3764        s3cap          (7fa7f2e249a5dcbb7970630e15e1f482) C:\Windows\system32\drivers\vms3cap.sys
13:42:36.0409 3764        s3cap - ok
13:42:36.0446 3764        SamSs          (81951f51e318aecc2d68559e47485cc4) C:\Windows\system32\lsass.exe
13:42:36.0451 3764        SamSs - ok
13:42:36.0488 3764        sbp2port        (05d860da1040f111503ac416ccef2bca) C:\Windows\system32\drivers\sbp2port.sys
13:42:36.0500 3764        sbp2port - ok
13:42:36.0548 3764        SCardSvr        (8fc518ffe9519c2631d37515a68009c4) C:\Windows\System32\SCardSvr.dll
13:42:36.0564 3764        SCardSvr - ok
13:42:36.0597 3764        SCDEmu          (3b35ce540758bbabb721e234cb5a4f3f) C:\Windows\system32\drivers\SCDEmu.sys
13:42:36.0599 3764        SCDEmu - ok
13:42:36.0640 3764        scfilter        (0693b5ec673e34dc147e195779a4dcf6) C:\Windows\system32\DRIVERS\scfilter.sys
13:42:36.0648 3764        scfilter - ok
13:42:36.0725 3764        Schedule        (a04bb13f8a72f8b6e8b4071723e4e336) C:\Windows\system32\schedsvc.dll
13:42:36.0758 3764        Schedule - ok
13:42:36.0798 3764        SCPolicySvc    (319c6b309773d063541d01df8ac6f55f) C:\Windows\System32\certprop.dll
13:42:36.0800 3764        SCPolicySvc - ok
13:42:36.0844 3764        SDRSVC          (08236c4bce5edd0a0318a438af28e0f7) C:\Windows\System32\SDRSVC.dll
13:42:36.0857 3764        SDRSVC - ok
13:42:36.0910 3764        secdrv          (90a3935d05b494a5a39d37e71f09a677) C:\Windows\system32\drivers\secdrv.sys
13:42:36.0914 3764        secdrv - ok
13:42:36.0953 3764        seclogon        (a59b3a4442c52060cc7a85293aa3546f) C:\Windows\system32\seclogon.dll
13:42:36.0960 3764        seclogon - ok
13:42:36.0988 3764        SENS            (dcb7fcdcc97f87360f75d77425b81737) C:\Windows\System32\sens.dll
13:42:37.0003 3764        SENS - ok
13:42:37.0045 3764        SensrSvc        (50087fe1ee447009c9cc2997b90de53f) C:\Windows\system32\sensrsvc.dll
13:42:37.0063 3764        SensrSvc - ok
13:42:37.0097 3764        Serenum        (9ad8b8b515e3df6acd4212ef465de2d1) C:\Windows\system32\DRIVERS\serenum.sys
13:42:37.0100 3764        Serenum - ok
13:42:37.0139 3764        Serial          (5fb7fcea0490d821f26f39cc5ea3d1e2) C:\Windows\system32\DRIVERS\serial.sys
13:42:37.0146 3764        Serial - ok
13:42:37.0205 3764        sermouse        (79bffb520327ff916a582dfea17aa813) C:\Windows\system32\DRIVERS\sermouse.sys
13:42:37.0208 3764        sermouse - ok
13:42:37.0314 3764        ServiceLayer    (f31e9531af225ca25350d5e87e999b31) C:\Program Files\PC Connectivity Solution\ServiceLayer.exe
13:42:37.0321 3764        ServiceLayer - ok
13:42:37.0394 3764        SessionEnv      (4ae380f39a0032eab7dd953030b26d28) C:\Windows\system32\sessenv.dll
13:42:37.0405 3764        SessionEnv - ok
13:42:37.0443 3764        sffdisk        (9f976e1eb233df46fce808d9dea3eb9c) C:\Windows\system32\drivers\sffdisk.sys
13:42:37.0446 3764        sffdisk - ok
13:42:37.0478 3764        sffp_mmc        (932a68ee27833cfd57c1639d375f2731) C:\Windows\system32\drivers\sffp_mmc.sys
13:42:37.0481 3764        sffp_mmc - ok
13:42:37.0514 3764        sffp_sd        (6d4ccaedc018f1cf52866bbbaa235982) C:\Windows\system32\drivers\sffp_sd.sys
13:42:37.0516 3764        sffp_sd - ok
13:42:37.0554 3764        sfloppy        (db96666cc8312ebc45032f30b007a547) C:\Windows\system32\DRIVERS\sfloppy.sys
13:42:37.0557 3764        sfloppy - ok
13:42:37.0647 3764        ShellHWDetection (414da952a35bf5d50192e28263b40577) C:\Windows\System32\shsvcs.dll
13:42:37.0672 3764        ShellHWDetection - ok
13:42:37.0710 3764        sisagp          (2565cac0dc9fe0371bdce60832582b2e) C:\Windows\system32\drivers\sisagp.sys
13:42:37.0721 3764        sisagp - ok
13:42:37.0758 3764        SiSRaid2        (a9f0486851becb6dda1d89d381e71055) C:\Windows\system32\DRIVERS\SiSRaid2.sys
13:42:37.0766 3764        SiSRaid2 - ok
13:42:37.0790 3764        SiSRaid4        (3727097b55738e2f554972c3be5bc1aa) C:\Windows\system32\DRIVERS\sisraid4.sys
13:42:37.0794 3764        SiSRaid4 - ok
13:42:37.0820 3764        Smb            (3e21c083b8a01cb70ba1f09303010fce) C:\Windows\system32\DRIVERS\smb.sys
13:42:37.0830 3764        Smb - ok
13:42:37.0888 3764        SNMPTRAP        (6a984831644eca1a33ffeae4126f4f37) C:\Windows\System32\snmptrap.exe
13:42:37.0897 3764        SNMPTRAP - ok
13:42:37.0927 3764        spldr          (95cf1ae7527fb70f7816563cbc09d942) C:\Windows\system32\drivers\spldr.sys
13:42:37.0929 3764        spldr - ok
13:42:37.0993 3764        Spooler        (866a43013535dc8587c258e43579c764) C:\Windows\System32\spoolsv.exe
13:42:38.0009 3764        Spooler - ok
13:42:38.0226 3764        sppsvc          (cf87a1de791347e75b98885214ced2b8) C:\Windows\system32\sppsvc.exe
13:42:38.0340 3764        sppsvc - ok
13:42:38.0556 3764        sppuinotify    (b0180b20b065d89232a78a40fe56eaa6) C:\Windows\system32\sppuinotify.dll
13:42:38.0572 3764        sppuinotify - ok
13:42:38.0649 3764        srv            (e4c2764065d66ea1d2d3ebc28fe99c46) C:\Windows\system32\DRIVERS\srv.sys
13:42:38.0666 3764        srv - ok
13:42:38.0723 3764        srv2            (03f0545bd8d4c77fa0ae1ceedfcc71ab) C:\Windows\system32\DRIVERS\srv2.sys
13:42:38.0739 3764        srv2 - ok
13:42:38.0771 3764        srvnet          (be6bd660caa6f291ae06a718a4fa8abc) C:\Windows\system32\DRIVERS\srvnet.sys
13:42:38.0781 3764        srvnet - ok
13:42:38.0847 3764        SSDPSRV        (d887c9fd02ac9fa880f6e5027a43e118) C:\Windows\System32\ssdpsrv.dll
13:42:38.0868 3764        SSDPSRV - ok
13:42:38.0905 3764        SstpSvc        (d318f23be45d5e3a107469eb64815b50) C:\Windows\system32\sstpsvc.dll
13:42:38.0918 3764        SstpSvc - ok
13:42:38.0955 3764        stexstor        (db32d325c192b801df274bfd12a7e72b) C:\Windows\system32\DRIVERS\stexstor.sys
13:42:38.0963 3764        stexstor - ok
13:42:39.0045 3764        StiSvc          (e1fb3706030fb4578a0d72c2fc3689e4) C:\Windows\System32\wiaservc.dll
13:42:39.0074 3764        StiSvc - ok
13:42:39.0116 3764        storflt        (472af0311073dceceaa8fa18ba2bdf89) C:\Windows\system32\drivers\vmstorfl.sys
13:42:39.0118 3764        storflt - ok
13:42:39.0166 3764        StorSvc        (0bf669f0a910beda4a32258d363af2a5) C:\Windows\system32\storsvc.dll
13:42:39.0187 3764        StorSvc - ok
13:42:39.0214 3764        storvsc        (dcaffd62259e0bdb433dd67b5bb37619) C:\Windows\system32\drivers\storvsc.sys
13:42:39.0223 3764        storvsc - ok
13:42:39.0253 3764        swenum          (e58c78a848add9610a4db6d214af5224) C:\Windows\system32\drivers\swenum.sys
13:42:39.0255 3764        swenum - ok
13:42:39.0309 3764        swprv          (a28bd92df340e57b024ba433165d34d7) C:\Windows\System32\swprv.dll
13:42:39.0335 3764        swprv - ok
13:42:39.0429 3764        SysMain        (36650d618ca34c9d357dfd3d89b2c56f) C:\Windows\system32\sysmain.dll
13:42:39.0483 3764        SysMain - ok
13:42:39.0539 3764        TabletInputService (763fecdc3d30c815fe72dd57936c6cd1) C:\Windows\System32\TabSvc.dll
13:42:39.0555 3764        TabletInputService - ok
13:42:39.0604 3764        TapiSrv        (613bf4820361543956909043a265c6ac) C:\Windows\System32\tapisrv.dll
13:42:39.0623 3764        TapiSrv - ok
13:42:39.0680 3764        TBS            (b799d9fdb26111737f58288d8dc172d9) C:\Windows\System32\tbssvc.dll
13:42:39.0696 3764        TBS - ok
13:42:39.0833 3764        Tcpip          (7fa2e0f8b072bd04b77b421480b6cc22) C:\Windows\system32\drivers\tcpip.sys
13:42:39.0871 3764        Tcpip - ok
13:42:39.0904 3764        TCPIP6          (7fa2e0f8b072bd04b77b421480b6cc22) C:\Windows\system32\DRIVERS\tcpip.sys
13:42:39.0917 3764        TCPIP6 - ok
13:42:39.0969 3764        tcpipreg        (cca24162e055c3714ce5a88b100c64ed) C:\Windows\system32\drivers\tcpipreg.sys
13:42:39.0976 3764        tcpipreg - ok
13:42:40.0023 3764        TDPIPE          (1cb91b2bd8f6dd367dfc2ef26fd751b2) C:\Windows\system32\drivers\tdpipe.sys
13:42:40.0026 3764        TDPIPE - ok
13:42:40.0064 3764        TDTCP          (2c2c5afe7ee4f620d69c23c0617651a8) C:\Windows\system32\drivers\tdtcp.sys
13:42:40.0073 3764        TDTCP - ok
13:42:40.0113 3764        tdx            (b459575348c20e8121d6039da063c704) C:\Windows\system32\DRIVERS\tdx.sys
13:42:40.0119 3764        tdx - ok
13:42:40.0374 3764        TeamViewer7    (e8fc62b7a07123d6cd28fd82b9c4ccd7) C:\Program Files\TeamViewer\Version7\TeamViewer_Service.exe
13:42:40.0485 3764        TeamViewer7 - ok
13:42:40.0661 3764        teamviewervpn  (9101fffcfccd1a30e870a5b8a9091b10) C:\Windows\system32\DRIVERS\teamviewervpn.sys
13:42:40.0668 3764        teamviewervpn - ok
13:42:40.0705 3764        TermDD          (04dbf4b01ea4bf25a9a3e84affac9b20) C:\Windows\system32\drivers\termdd.sys
13:42:40.0708 3764        TermDD - ok
13:42:40.0771 3764        TermService    (382c804c92811be57829d8e550a900e2) C:\Windows\System32\termsrv.dll
13:42:40.0800 3764        TermService - ok
13:42:40.0848 3764        Themes          (59cfda4eacb3788f8b17f87b49b0ac0e) C:\Windows\system32\themeservice.dll
13:42:40.0864 3764        Themes - ok
13:42:40.0914 3764        THREADORDER    (146b6f43a673379a3c670e86d89be5ea) C:\Windows\system32\mmcss.dll
13:42:40.0919 3764        THREADORDER - ok
13:42:40.0957 3764        TrkWks          (4792c0378db99a9bc2ae2de6cfff0c3a) C:\Windows\System32\trkwks.dll
13:42:40.0971 3764        TrkWks - ok
13:42:41.0039 3764        TrustedInstaller (2c49b175aee1d4364b91b531417fe583) C:\Windows\servicing\TrustedInstaller.exe
13:42:41.0049 3764        TrustedInstaller - ok
13:42:41.0108 3764        tssecsrv        (254bb140eee3c59d6114c1a86b636877) C:\Windows\system32\DRIVERS\tssecsrv.sys
13:42:41.0116 3764        tssecsrv - ok
13:42:41.0144 3764        TsUsbFlt        (fd1d6c73e6333be727cbcc6054247654) C:\Windows\system32\drivers\tsusbflt.sys
13:42:41.0151 3764        TsUsbFlt - ok
13:42:41.0328 3764        TuneUp.UtilitiesSvc (529ef4070a4a1f949ab254e38782b5d4) C:\Program Files\TuneUp Utilities 2011\TuneUpUtilitiesService32.exe
13:42:41.0399 3764        TuneUp.UtilitiesSvc - ok
13:42:41.0431 3764        TuneUpUtilitiesDrv (f2107c9d85ec0df116939ccce06ae697) C:\Program Files\TuneUp Utilities 2011\TuneUpUtilitiesDriver32.sys
13:42:41.0435 3764        TuneUpUtilitiesDrv - ok
13:42:41.0595 3764        tunnel          (b2fa25d9b17a68bb93d58b0556e8c90d) C:\Windows\system32\DRIVERS\tunnel.sys
13:42:41.0601 3764        tunnel - ok
13:42:41.0645 3764        uagp35          (750fbcb269f4d7dd2e420c56b795db6d) C:\Windows\system32\DRIVERS\uagp35.sys
13:42:41.0652 3764        uagp35 - ok
13:42:41.0696 3764        udfs            (ee43346c7e4b5e63e54f927babbb32ff) C:\Windows\system32\DRIVERS\udfs.sys
13:42:41.0707 3764        udfs - ok
13:42:41.0766 3764        UI0Detect      (8344fd4fce927880aa1aa7681d4927e5) C:\Windows\system32\UI0Detect.exe
13:42:41.0783 3764        UI0Detect - ok
13:42:41.0828 3764        uliagpkx        (44e8048ace47befbfdc2e9be4cbc8880) C:\Windows\system32\drivers\uliagpkx.sys
13:42:41.0835 3764        uliagpkx - ok
13:42:41.0873 3764        umbus          (d295bed4b898f0fd999fcfa9b32b071b) C:\Windows\system32\drivers\umbus.sys
13:42:41.0879 3764        umbus - ok
13:42:41.0913 3764        UmPass          (7550ad0c6998ba1cb4843e920ee0feac) C:\Windows\system32\DRIVERS\umpass.sys
13:42:41.0915 3764        UmPass - ok
13:42:41.0965 3764        UmRdpService    (409994a8eaceee4e328749c0353527a0) C:\Windows\System32\umrdp.dll
13:42:41.0986 3764        UmRdpService - ok
13:42:42.0033 3764        UnlockerDriver5 (bb879dcfd22926efbeb3298129898cbb) C:\Program Files\Unlocker\UnlockerDriver5.sys
13:42:42.0034 3764        UnlockerDriver5 - ok
13:42:42.0091 3764        upnphost        (833fbb672460efce8011d262175fad33) C:\Windows\System32\upnphost.dll
13:42:42.0115 3764        upnphost - ok
13:42:42.0168 3764        upperdev        (47f5f9d837d80ffd5882a14db9da0a67) C:\Windows\system32\DRIVERS\usbser_lowerflt.sys
13:42:42.0183 3764        upperdev - ok
13:42:42.0225 3764        usbccgp        (bd9c55d7023c5de374507acc7a14e2ac) C:\Windows\system32\DRIVERS\usbccgp.sys
13:42:42.0240 3764        usbccgp - ok
13:42:42.0284 3764        usbcir          (04ec7cec62ec3b6d9354eee93327fc82) C:\Windows\system32\drivers\usbcir.sys
13:42:42.0297 3764        usbcir - ok
13:42:42.0330 3764        usbehci        (f92de757e4b7ce9c07c5e65423f3ae3b) C:\Windows\system32\DRIVERS\usbehci.sys
13:42:42.0337 3764        usbehci - ok
13:42:42.0385 3764        usbhub          (8dc94aec6a7e644a06135ae7506dc2e9) C:\Windows\system32\DRIVERS\usbhub.sys
13:42:42.0405 3764        usbhub - ok
13:42:42.0444 3764        usbohci        (e185d44fac515a18d9deddc23c2cdf44) C:\Windows\system32\drivers\usbohci.sys
13:42:42.0447 3764        usbohci - ok
13:42:42.0494 3764        usbprint        (797d862fe0875e75c7cc4c1ad7b30252) C:\Windows\system32\DRIVERS\usbprint.sys
13:42:42.0497 3764        usbprint - ok
13:42:42.0541 3764        usbser          (31181de6190b39fc8007dffd1a48ffd6) C:\Windows\system32\drivers\usbser.sys
13:42:42.0548 3764        usbser - ok
13:42:42.0608 3764        UsbserFilt      (e44f0d17be0908b58dcc99ccb99c6c32) C:\Windows\system32\DRIVERS\usbser_lowerfltj.sys
13:42:42.0611 3764        UsbserFilt - ok
13:42:42.0655 3764        USBSTOR        (f991ab9cc6b908db552166768176896a) C:\Windows\system32\DRIVERS\USBSTOR.SYS
13:42:42.0661 3764        USBSTOR - ok
13:42:42.0696 3764        usbuhci        (68df884cf41cdada664beb01daf67e3d) C:\Windows\system32\DRIVERS\usbuhci.sys
13:42:42.0698 3764        usbuhci - ok
13:42:42.0741 3764        usbvideo        (45f4e7bf43db40a6c6b4d92c76cbc3f2) C:\Windows\system32\Drivers\usbvideo.sys
13:42:42.0755 3764        usbvideo - ok
13:42:42.0792 3764        UxSms          (081e6e1c91aec36758902a9f727cd23c) C:\Windows\System32\uxsms.dll
13:42:42.0809 3764        UxSms - ok
13:42:42.0849 3764        UxTuneUp        (866ed31801b008cacfb3276f78ab5800) C:\Windows\System32\uxtuneup.dll
13:42:42.0866 3764        UxTuneUp - ok
13:42:42.0905 3764        VaultSvc        (81951f51e318aecc2d68559e47485cc4) C:\Windows\system32\lsass.exe
13:42:42.0911 3764        VaultSvc - ok
13:42:42.0988 3764        VC10SecS        (e5ad81b19e005394035473465d10d13f) C:\Program Files\Virtual CD v10\System\VC10SecS.exe
13:42:43.0000 3764        VC10SecS - ok
13:42:43.0010 3764        Suspicious service (NoAccess): vdrv1000
13:42:43.0057 3764        vdrv1000        (8e747ea561969ee0e267bc7c5b3f17e5) C:\Windows\system32\DRIVERS\vdrv1000.sys
13:42:43.0061 3764        vdrv1000 ( LockedService.Multi.Generic ) - warning
13:42:43.0061 3764        vdrv1000 - detected LockedService.Multi.Generic (1)
13:42:43.0115 3764        vdrvroot        (a059c4c3edb09e07d21a8e5c0aabd3cb) C:\Windows\system32\drivers\vdrvroot.sys
13:42:43.0118 3764        vdrvroot - ok
13:42:43.0203 3764        vds            (c3cd30495687c2a2f66a65ca6fd89be9) C:\Windows\System32\vds.exe
13:42:43.0241 3764        vds - ok
13:42:43.0279 3764        vga            (17c408214ea61696cec9c66e388b14f3) C:\Windows\system32\DRIVERS\vgapnp.sys
13:42:43.0287 3764        vga - ok
13:42:43.0317 3764        VgaSave        (8e38096ad5c8570a6f1570a61e251561) C:\Windows\System32\drivers\vga.sys
13:42:43.0325 3764        VgaSave - ok
13:42:43.0371 3764        vhdmp          (5461686cca2fda57b024547733ab42e3) C:\Windows\system32\drivers\vhdmp.sys
13:42:43.0384 3764        vhdmp - ok
13:42:43.0424 3764        viaagp          (c829317a37b4bea8f39735d4b076e923) C:\Windows\system32\drivers\viaagp.sys
13:42:43.0431 3764        viaagp - ok
13:42:43.0471 3764        ViaC7          (e02f079a6aa107f06b16549c6e5c7b74) C:\Windows\system32\DRIVERS\viac7.sys
13:42:43.0479 3764        ViaC7 - ok
13:42:43.0506 3764        viaide          (e43574f6a56a0ee11809b48c09e4fd3c) C:\Windows\system32\drivers\viaide.sys
13:42:43.0509 3764        viaide - ok
13:42:43.0549 3764        vmbus          (c2f2911156fdc7817c52829c86da494e) C:\Windows\system32\drivers\vmbus.sys
13:42:43.0560 3764        vmbus - ok
13:42:43.0589 3764        VMBusHID        (d4d77455211e204f370d08f4963063ce) C:\Windows\system32\drivers\VMBusHID.sys
13:42:43.0593 3764        VMBusHID - ok
13:42:43.0625 3764        volmgr          (4c63e00f2f4b5f86ab48a58cd990f212) C:\Windows\system32\drivers\volmgr.sys
13:42:43.0626 3764        volmgr - ok
13:42:43.0685 3764        volmgrx        (b5bb72067ddddbbfb04b2f89ff8c3c87) C:\Windows\system32\drivers\volmgrx.sys
13:42:43.0704 3764        volmgrx - ok
13:42:43.0757 3764        volsnap        (f497f67932c6fa693d7de2780631cfe7) C:\Windows\system32\drivers\volsnap.sys
13:42:43.0767 3764        volsnap - ok
13:42:43.0803 3764        vsmraid        (9dfa0cc2f8855a04816729651175b631) C:\Windows\system32\DRIVERS\vsmraid.sys
13:42:43.0817 3764        vsmraid - ok
13:42:43.0915 3764        VSS            (209a3b1901b83aeb8527ed211cce9e4c) C:\Windows\system32\vssvc.exe
13:42:43.0962 3764        VSS - ok
13:42:43.0984 3764        vwifibus        (90567b1e658001e79d7c8bbd3dde5aa6) C:\Windows\System32\drivers\vwifibus.sys
13:42:43.0987 3764        vwifibus - ok
13:42:44.0047 3764        W32Time        (55187fd710e27d5095d10a472c8baf1c) C:\Windows\system32\w32time.dll
13:42:44.0073 3764        W32Time - ok
13:42:44.0105 3764        WacomPen        (de3721e89c653aa281428c8a69745d90) C:\Windows\system32\DRIVERS\wacompen.sys
13:42:44.0111 3764        WacomPen - ok
13:42:44.0159 3764        WANARP          (3c3c78515f5ab448b022bdf5b8ffdd2e) C:\Windows\system32\DRIVERS\wanarp.sys
13:42:44.0166 3764        WANARP - ok
13:42:44.0194 3764        Wanarpv6        (3c3c78515f5ab448b022bdf5b8ffdd2e) C:\Windows\system32\DRIVERS\wanarp.sys
13:42:44.0197 3764        Wanarpv6 - ok
13:42:44.0301 3764        wbengine        (691e3285e53dca558e1a84667f13e15a) C:\Windows\system32\wbengine.exe
13:42:44.0343 3764        wbengine - ok
13:42:44.0381 3764        WbioSrvc        (9614b5d29dc76ac3c29f6d2d3aa70e67) C:\Windows\System32\wbiosrvc.dll
13:42:44.0404 3764        WbioSrvc - ok
13:42:44.0463 3764        wcncsvc        (34eee0dfaadb4f691d6d5308a51315dc) C:\Windows\System32\wcncsvc.dll
13:42:44.0489 3764        wcncsvc - ok
13:42:44.0523 3764        WcsPlugInService (5d930b6357a6d2af4d7653bdabbf352f) C:\Windows\System32\WcsPlugInService.dll
13:42:44.0539 3764        WcsPlugInService - ok
13:42:44.0603 3764        Wd              (1112a9badacb47b7c0bb0392e3158dff) C:\Windows\system32\DRIVERS\wd.sys
13:42:44.0606 3764        Wd - ok
13:42:44.0658 3764        Wdf01000        (9950e3d0f08141c7e89e64456ae7dc73) C:\Windows\system32\drivers\Wdf01000.sys
13:42:44.0681 3764        Wdf01000 - ok
13:42:44.0727 3764        WdiServiceHost  (46ef9dc96265fd0b423db72e7c38c2a5) C:\Windows\system32\wdi.dll
13:42:44.0745 3764        WdiServiceHost - ok
13:42:44.0763 3764        WdiSystemHost  (46ef9dc96265fd0b423db72e7c38c2a5) C:\Windows\system32\wdi.dll
13:42:44.0775 3764        WdiSystemHost - ok
13:42:44.0821 3764        WebClient      (a9d880f97530d5b8fee278923349929d) C:\Windows\System32\webclnt.dll
13:42:44.0841 3764        WebClient - ok
13:42:44.0878 3764        Wecsvc          (760f0afe937a77cff27153206534f275) C:\Windows\system32\wecsvc.dll
13:42:44.0899 3764        Wecsvc - ok
13:42:44.0931 3764        wercplsupport  (ac804569bb2364fb6017370258a4091b) C:\Windows\System32\wercplsupport.dll
13:42:44.0947 3764        wercplsupport - ok
13:42:44.0977 3764        WerSvc          (08e420d873e4fd85241ee2421b02c4a4) C:\Windows\System32\WerSvc.dll
13:42:44.0993 3764        WerSvc - ok
13:42:45.0027 3764        WfpLwf          (8b9a943f3b53861f2bfaf6c186168f79) C:\Windows\system32\DRIVERS\wfplwf.sys
13:42:45.0029 3764        WfpLwf - ok
13:42:45.0061 3764        WIMMount        (5cf95b35e59e2a38023836fff31be64c) C:\Windows\system32\drivers\wimmount.sys
13:42:45.0065 3764        WIMMount - ok
13:42:45.0091 3764        WinHttpAutoProxySvc - ok
13:42:45.0163 3764        Winmgmt        (f62e510b6ad4c21eb9fe8668ed251826) C:\Windows\system32\wbem\WMIsvc.dll
13:42:45.0185 3764        Winmgmt - ok
13:42:45.0283 3764        WinRM          (1b91cd34ea3a90ab6a4ef0550174f4cc) C:\Windows\system32\WsmSvc.dll
13:42:45.0333 3764        WinRM - ok
13:42:45.0439 3764        WinUsb          (a67e5f9a400f3bd1be3d80613b45f708) C:\Windows\system32\DRIVERS\WinUsb.sys
13:42:45.0447 3764        WinUsb - ok
13:42:45.0534 3764        Wlansvc        (16935c98ff639d185086a3529b1f2067) C:\Windows\System32\wlansvc.dll
13:42:45.0578 3764        Wlansvc - ok
13:42:45.0616 3764        WmiAcpi        (0217679b8fca58714c3bf2726d2ca84e) C:\Windows\system32\drivers\wmiacpi.sys
13:42:45.0619 3764        WmiAcpi - ok
13:42:45.0700 3764        wmiApSrv        (6eb6b66517b048d87dc1856ddf1f4c3f) C:\Windows\system32\wbem\WmiApSrv.exe
13:42:45.0713 3764        wmiApSrv - ok
13:42:45.0854 3764        WMPNetworkSvc  (3b40d3a61aa8c21b88ae57c58ab3122e) C:\Program Files\Windows Media Player\wmpnetwk.exe
13:42:45.0894 3764        WMPNetworkSvc - ok
13:42:45.0935 3764        WPCSvc          (a2f0ec770a92f2b3f9de6d518e11409c) C:\Windows\System32\wpcsvc.dll
13:42:45.0945 3764        WPCSvc - ok
13:42:45.0979 3764        WPDBusEnum      (aa53356d60af47eacc85bc617a4f3f66) C:\Windows\system32\wpdbusenum.dll
13:42:45.0994 3764        WPDBusEnum - ok
13:42:46.0060 3764        ws2ifsl        (6db3276587b853bf886b69528fdb048c) C:\Windows\system32\drivers\ws2ifsl.sys
13:42:46.0063 3764        ws2ifsl - ok
13:42:46.0084 3764        WSearch - ok
13:42:46.0246 3764        wuauserv        (3026418a50c5b4761befa632cedb7406) C:\Windows\system32\wuaueng.dll
13:42:46.0318 3764        wuauserv - ok
13:42:46.0490 3764        WudfPf          (e714a1c0354636837e20ccbf00888ee7) C:\Windows\system32\drivers\WudfPf.sys
13:42:46.0498 3764        WudfPf - ok
13:42:46.0535 3764        WUDFRd          (1023ee888c9b47178c5293ed5336ab69) C:\Windows\system32\DRIVERS\WUDFRd.sys
13:42:46.0546 3764        WUDFRd - ok
13:42:46.0579 3764        wudfsvc        (8d1e1e529a2c9e9b6a85b55a345f7629) C:\Windows\System32\WUDFSvc.dll
13:42:46.0594 3764        wudfsvc - ok
13:42:46.0651 3764        WwanSvc        (ff2d745b560f7c71b31f30f4d49f73d2) C:\Windows\System32\wwansvc.dll
13:42:46.0677 3764        WwanSvc - ok
13:42:46.0745 3764        yukonw7        (30b73eb97218a16cbc6de535782a1b35) C:\Windows\system32\DRIVERS\yk62x86.sys
13:42:46.0760 3764        yukonw7 - ok
13:42:46.0816 3764        MBR (0x1B8)    (a36c5e4f47e84449ff07ed3517b43a31) \Device\Harddisk0\DR0
13:42:47.0065 3764        \Device\Harddisk0\DR0 - ok
13:42:47.0080 3764        MBR (0x1B8)    (72b8ce41af0de751c946802b3ed844b4) \Device\Harddisk1\DR1
13:42:47.0125 3764        \Device\Harddisk1\DR1 - ok
13:42:47.0157 3764        Boot (0x1200)  (bd0c199d0050147d1085cb874fc5089b) \Device\Harddisk0\DR0\Partition0
13:42:47.0159 3764        \Device\Harddisk0\DR0\Partition0 - ok
13:42:47.0196 3764        Boot (0x1200)  (48a8abb42d8ff020e88e7f7102f6ad87) \Device\Harddisk0\DR0\Partition1
13:42:47.0197 3764        \Device\Harddisk0\DR0\Partition1 - ok
13:42:47.0210 3764        Boot (0x1200)  (8d32013968366f67c06a445e74ed335f) \Device\Harddisk1\DR1\Partition0
13:42:47.0213 3764        \Device\Harddisk1\DR1\Partition0 - ok
13:42:47.0220 3764        ============================================================
13:42:47.0220 3764        Scan finished
13:42:47.0220 3764        ============================================================
13:42:47.0249 1652        Detected object count: 1
13:42:47.0249 1652        Actual detected object count: 1
13:43:04.0477 1652        vdrv1000 ( LockedService.Multi.Generic ) - skipped by user
13:43:04.0477 1652        vdrv1000 ( LockedService.Multi.Generic ) - User select action: Skip
13:43:12.0964 0200        Deinitialize success

Psychotic 23.05.2012 15:55
Schritt 1: Combofix

Combofix darf ausschließlich ausgeführt werden, wenn dies von einem Team Mitglied angewiesen wurde!
Es sollte nie auf eigene Initiative hin ausgeführt werden! Eine falsche Benutzung kann ernsthafte Computerprobleme nach sich ziehen und eine Bereinigung der Infektion noch erschweren.
Downloade dir bitte Combofix von einem dieser Downloadspiegel

Link 1
Link 2


WICHTIG - Speichere Combofix auf deinem Desktop
  • Deaktiviere bitte all deine Anti Viren sowie Anti Malware/Spyware Scanner. Diese können Combofix bei der Arbeit stören.
Starte die Combofix.exe und folge den Anweisungen auf dem Bildschirm.

Wenn Combofix fertig ist, wird es eine Logfile erstellen. Bitte poste die C:\Combofix.txt in deiner nächsten Antwort.


Hinweis: Solltest du nach dem Neustart folgende Fehlermeldung erhalten
Zitat:
Es wurde versucht, einen Registrierungsschlüssel einem ungültigen Vorgang zu unterziehen, der zum Löschen markiert wurde.
starte den Rechner einfach neu. Dies sollte das Problem beheben.


Schritt 2: FSS


Downloade dir bitte Farbar's Service Scanner
  • Starte das Tool mit Doppelklick auf die FSS.exe
  • Gehe sicher, dass folgende Optionen angehakt sind.
    • Internet Services
    • Windows Firewall
    • System Restore
  • Klicke auf Scan.
  • Wenn das Tool fertig ist, wird es eine FSS.txt in dem Verzeichnis erstellen, wo das Tool gelaufen ist.
Poste bitte den Inhalt hier.

ThimoS. 23.05.2012 17:24
vielen lieben dank fuer deine bemuehungen, leider hat "combofix" alles moegliche erstellt, nur kein logfile, ich werde es nochmal versuchen und dann reineditieren, anbei FFS:

Code:
Farbar Service Scanner Version: 17-05-2012
Ran by ----- (administrator) on 23-05-2012 at 18:22:16
Running from "E:\Dwnlds"
Windows 7 Enterprise Service Pack 1 (X86)
Boot Mode: Normal
****************************************************************

Internet Services:
============

Connection Status:
==============
Localhost is accessible.
LAN connected.
Google IP is accessible.
Yahoo IP is accessible.


Windows Firewall:
=============
MpsSvc Service is not running. Checking service configuration:
The start type of MpsSvc service is OK.
The ImagePath of MpsSvc service is OK.
The ServiceDll of MpsSvc service is OK.


Firewall Disabled Policy:
==================


System Restore:
============

System Restore Disabled Policy:
========================


File Check:
========
C:\Windows\system32\nsisvc.dll => MD5 is legit
C:\Windows\system32\Drivers\nsiproxy.sys => MD5 is legit
C:\Windows\system32\dhcpcore.dll => MD5 is legit
C:\Windows\system32\Drivers\afd.sys => MD5 is legit
C:\Windows\system32\Drivers\tdx.sys => MD5 is legit
C:\Windows\system32\Drivers\tcpip.sys => MD5 is legit
C:\Windows\system32\dnsrslvr.dll => MD5 is legit
C:\Windows\system32\mpssvc.dll => MD5 is legit
C:\Windows\system32\bfe.dll => MD5 is legit
C:\Windows\system32\Drivers\mpsdrv.sys => MD5 is legit
C:\Windows\system32\SDRSVC.dll => MD5 is legit
C:\Windows\system32\vssvc.exe => MD5 is legit
C:\Windows\system32\svchost.exe => MD5 is legit
C:\Windows\system32\rpcss.dll => MD5 is legit


**** End of log ****
ok nun 2ter versuch:

Combofix:

[code]
Combofix Logfile:
Code:
ComboFix 12-05-23.05 - ----- 23/05/2012  18:49:26.2.1 - x86
Running from: e:\dwnlds\ComboFix.exe
 * Created a new restore point
.
.
(((((((((((((((((((((((((  Files Created from 2012-04-23 to 2012-05-23  )))))))))))))))))))))))))))))))
.
.
2012-05-24 02:34 . 2012-05-24 02:34        --------        d-----w-        C:\Boot
2012-05-23 17:16 . 2012-05-23 17:16        --------        d-----w-        c:\users\Default\AppData\Local\temp
2012-05-23 16:36 . 2012-05-23 17:17        56200        ----a-w-        c:\programdata\Microsoft\Windows Defender\Definition Updates\{B925106A-176E-4833-9007-DA752802C034}\offreg.dll
2012-05-23 16:01 . 2012-05-23 17:17        --------        d-----w-        c:\users\-----\AppData\Local\temp
2012-05-23 13:54 . 2012-05-23 13:55        --------        d-----w-        c:\program files\SUPERAntiSpyware
2012-05-23 13:54 . 2012-05-23 13:54        --------        d-----w-        c:\program files\Common Files\Wise Installation Wizard
2012-05-22 13:12 . 2012-05-22 13:12        --------        d-----w-        c:\users\-----\AppData\Roaming\GlarySoft
2012-05-22 13:04 . 2012-05-22 13:04        --------        d-----w-        c:\program files\Uniblue
2012-05-22 12:21 . 2012-05-22 12:21        --------        d-----w-        c:\program files\Glarysoft
2012-05-21 10:12 . 2012-05-21 10:12        --------        d-----w-        c:\program files\Passcape
2012-05-18 11:58 . 2012-05-18 12:03        --------        d-----w-        c:\users\-----\AppData\Roaming\Profiles
2012-05-18 11:58 . 2012-05-18 11:58        --------        d-----w-        c:\users\-----\AppData\Roaming\Skins
2012-05-18 11:58 . 2012-05-18 11:58        --------        d-----w-        c:\users\-----\AppData\Roaming\Settings
2012-05-18 11:58 . 2012-05-18 11:58        --------        d-----w-        c:\users\-----\AppData\Roaming\Language
2012-05-10 20:37 . 2012-03-30 10:23        1291632        ----a-w-        c:\windows\system32\drivers\tcpip.sys
2012-05-10 20:37 . 2012-03-31 04:29        936960        ----a-w-        c:\program files\Common Files\Microsoft Shared\Ink\journal.dll
2012-05-10 20:37 . 2012-03-31 04:30        1221632        ----a-w-        c:\program files\Windows Journal\NBDoc.DLL
2012-05-10 20:37 . 2012-03-31 04:29        989184        ----a-w-        c:\program files\Windows Journal\JNTFiltr.dll
2012-05-10 20:37 . 2012-03-31 04:29        969216        ----a-w-        c:\program files\Windows Journal\JNWDRV.dll
2012-05-10 20:37 . 2012-03-31 04:39        3968368        ----a-w-        c:\windows\system32\ntkrnlpa.exe
2012-05-10 20:37 . 2012-03-31 04:39        3913072        ----a-w-        c:\windows\system32\ntoskrnl.exe
2012-05-10 20:37 . 2012-03-31 02:36        2343424        ----a-w-        c:\windows\system32\win32k.sys
2012-05-10 20:36 . 2012-03-17 07:27        56176        ----a-w-        c:\windows\system32\drivers\partmgr.sys
2012-05-10 20:36 . 2012-03-03 05:31        1077248        ----a-w-        c:\windows\system32\DWrite.dll
2012-05-02 18:50 . 2012-05-02 18:50        --------        d-sh--w-        c:\program files\KGB
2012-04-30 21:37 . 2012-04-30 21:37        --------        d-----w-        c:\programdata\NVIDIA Corporation
2012-04-30 21:36 . 2012-02-29 23:59        881984        ----a-w-        c:\windows\system32\nvgenco32.dll
2012-04-30 21:36 . 2012-02-29 23:59        19444544        ----a-w-        c:\windows\system32\nvoglv32.dll
2012-04-30 21:36 . 2012-02-29 23:59        1000256        ----a-w-        c:\windows\system32\nvdispco32.dll
2012-04-28 17:09 . 2012-04-28 17:09        --------        d-----w-        c:\users\-----\AppData\Roaming\HD Tune Pro
2012-04-28 17:06 . 2012-04-28 17:09        --------        d-----w-        c:\program files\HDTune
2012-04-28 16:44 . 2012-04-28 16:44        --------        d-----w-        c:\users\-----\AppData\Local\Western Digital
2012-04-28 16:36 . 2012-04-28 16:36        --------        d-----w-        c:\users\-----\AppData\Roaming\BinarySense
2012-04-28 16:35 . 2012-04-28 16:35        --------        d-----w-        c:\program files\HdLife
2012-04-28 16:35 . 2012-04-28 16:35        --------        d-----w-        c:\program files\Common Files\BinarySense
2012-04-28 15:41 . 2001-08-29 19:00        59904        ----a-w-        c:\windows\system32\wbemdisp.tlb
2012-04-28 15:41 . 1998-07-21 22:00        102160        ----a-w-        c:\windows\system32\VB6KO.DLL
2012-04-28 15:41 . 2012-04-28 15:47        --------        d-----w-        c:\program files\lg_fwupdate
2012-04-28 15:41 . 2012-04-28 15:43        16384        ----a-w-        c:\windows\system32\lgfwunis.exe
2012-04-28 15:41 . 1998-06-23 22:00        115016        ----a-w-        c:\windows\system32\MSINET.OCX
2012-04-28 15:41 . 2001-09-05 01:18        77824        ----a-w-        c:\program files\Common Files\InstallShield\Engine\6\Intel 32\ctor.dll
2012-04-28 15:41 . 2001-09-05 01:18        225280        ------w-        c:\program files\Common Files\InstallShield\IScript\iscript.dll
2012-04-28 15:41 . 2001-09-05 01:14        176128        ------w-        c:\program files\Common Files\InstallShield\Engine\6\Intel 32\iuser.dll
2012-04-28 15:41 . 2001-09-05 01:13        32768        ------w-        c:\program files\Common Files\InstallShield\Engine\6\Intel 32\objectps.dll
2012-04-28 15:41 . 2006-01-10 21:35        614532        ----a-w-        c:\program files\Common Files\InstallShield\Engine\6\Intel 32\IKernel.exe
2012-04-28 15:32 . 2012-04-28 15:32        --------        d-----w-        c:\program files\DVD Genie
.
.
.
((((((((((((((((((((((((((((((((((((((((  Find3M Report  ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2012-05-22 13:26 . 2009-07-13 23:40        249856        ----a-w-        c:\windows\system32\uxtheme.dll
2012-05-22 13:26 . 2011-10-29 15:48        2755072        ----a-w-        c:\windows\system32\themeui.dll
2012-05-22 13:26 . 2009-07-13 23:39        37376        ----a-w-        c:\windows\system32\themeservice.dll
2012-05-10 06:54 . 2012-04-17 16:54        419488        ----a-w-        c:\windows\system32\FlashPlayerApp.exe
2012-05-10 06:54 . 2011-10-29 18:01        70304        ----a-w-        c:\windows\system32\FlashPlayerCPLApp.cpl
2012-04-08 16:35 . 2012-03-24 11:40        60416        ----a-w-        c:\windows\ALCFDRTM.VER
2012-04-04 13:56 . 2011-10-29 20:31        22344        ----a-w-        c:\windows\system32\drivers\mbam.sys
2012-03-27 12:54 . 2012-02-06 14:09        637848        ----a-w-        c:\windows\system32\npdeployJava1.dll
2012-03-27 12:54 . 2012-02-06 14:09        567696        ----a-w-        c:\windows\system32\deployJava1.dll
2012-03-24 11:40 . 2012-03-24 11:40        60416        ----a-w-        c:\windows\ALCFDRTM.EXE
2012-03-07 20:40 . 2012-03-07 20:40        1010720        --s---r-        c:\windows\system32\MSCHRT20.OCX
2012-03-01 05:46 . 2012-04-12 14:39        19824        ----a-w-        c:\windows\system32\drivers\fs_rec.sys
2012-03-01 05:37 . 2012-04-12 14:39        172544        ----a-w-        c:\windows\system32\wintrust.dll
2012-03-01 05:33 . 2012-04-12 14:39        159232        ----a-w-        c:\windows\system32\imagehlp.dll
2012-03-01 05:29 . 2012-04-12 14:39        5120        ----a-w-        c:\windows\system32\wmi.dll
2012-02-29 23:59 . 2011-11-26 23:10        61248        ----a-w-        c:\windows\system32\OpenCL.dll
2012-02-29 23:59 . 2011-11-26 23:10        5892928        ----a-w-        c:\windows\system32\nvcuda.dll
2012-02-29 23:59 . 2011-11-26 23:10        2517312        ----a-w-        c:\windows\system32\nvcuvid.dll
2012-02-29 23:59 . 2011-11-26 23:10        2437440        ----a-w-        c:\windows\system32\nvcuvenc.dll
2012-02-29 23:59 . 2011-11-26 23:10        2301248        ----a-w-        c:\windows\system32\nvapi.dll
2012-02-29 23:59 . 2011-11-26 23:10        17543488        ----a-w-        c:\windows\system32\nvcompiler.dll
2012-02-29 23:59 . 2011-11-26 23:10        10819392        ----a-w-        c:\windows\system32\drivers\nvlddmkm.sys
2012-02-29 23:59 . 2009-06-10 21:19        15009600        ----a-w-        c:\windows\system32\nvd3dum.dll
2012-02-29 20:56 . 2011-11-26 23:10        3881792        ----a-w-        c:\windows\system32\nvcpl.dll
2012-02-29 20:55 . 2011-11-26 23:10        2719040        ----a-w-        c:\windows\system32\nvsvc.dll
2012-02-29 20:53 . 2011-11-26 23:10        108352        ----a-w-        c:\windows\system32\nvmctray.dll
2012-02-29 20:53 . 2011-11-26 23:10        645440        ----a-w-        c:\windows\system32\nvvsvc.exe
2012-02-29 20:53 . 2011-11-26 23:10        62272        ----a-w-        c:\windows\system32\nvshext.dll
2012-02-28 01:18 . 2012-04-12 14:42        1799168        ----a-w-        c:\windows\system32\jscript9.dll
2012-02-28 01:11 . 2012-04-12 14:42        1427456        ----a-w-        c:\windows\system32\inetcpl.cpl
2012-02-28 01:11 . 2012-04-12 14:42        1127424        ----a-w-        c:\windows\system32\wininet.dll
2012-02-28 01:03 . 2012-04-12 14:42        2382848        ----a-w-        c:\windows\system32\mshtml.tlb
.
.
------- Sigcheck -------
Note: Unsigned files aren't necessarily malware.
.
[7] 2011-02-26 . 0FB9C74046656D1579A64660AD67B746 . 2616320 . . [6.1.7600.16385] . . c:\windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.1.7601.21669_none_54149f9ef14031fc\explorer.exe
[-] 2011-02-25 . C159B521C73AA1E786DE7CE8DB0FCDF2 . 2616320 . . [6.1.7600.16385] . . c:\windows\explorer.exe
[7] 2011-02-25 . 8B88EBBB05A0E56B7DCC708498C02B3E . 2616320 . . [6.1.7600.16385] . . c:\windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.1.7601.17567_none_5389023fd8245f84\explorer.exe
[7] 2010-11-20 . 40D777B7A95E00593EB1568C68514493 . 2616320 . . [6.1.7600.16385] . . c:\windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.1.7601.17514_none_53bc10fdd7fe87ca\explorer.exe
.
(((((((((((((((((((((((((((((((((((((  Reg Loading Points  ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\snxPluginsShell]
@="{F4B3B0AA-13D1-4a36-BDA2-2055B0F3D5DE}"
[HKEY_CLASSES_ROOT\CLSID\{F4B3B0AA-13D1-4a36-BDA2-2055B0F3D5DE}]
2010-09-07 15:14        152160        ----a-w-        c:\program files\Alwil Software\Avast5\snxPlugins.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 0 (0x0)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableLUA"= 0 (0x0)
"EnableUIADesktopToggle"= 0 (0x0)
"PromptOnSecureDesktop"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\explorer]
"NoResolveTrack"= 1 (0x1)
"NoFileAssociate"= 0 (0x0)
.
[hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks]
"{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}"= "c:\program files\SUPERAntiSpyware\SASSEH.DLL" [2008-05-13 77824]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\!SASWinLogon]
2009-09-03 12:21        548352        ----a-w-        c:\program files\SUPERAntiSpyware\SASWINLO.dll
.
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\session manager]
BootExecute        REG_MULTI_SZ          PDBoot.exe\0autocheck autochk *\0ROBoot \??\c:\windows\system32\ASOROSet.bin
.
R2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-03-18 130384]
R3 aswArKrn;aswArKrn;c:\users\-----\AppData\Local\Temp\aswArKrn.sys [x]
R3 FsUsbExDisk;FsUsbExDisk;c:\windows\system32\FsUsbExDisk.SYS [2010-06-14 36608]
R3 HH10Help.sys;HH10Help.sys;c:\windows\system32\drivers\HH10Help.sys [2008-11-06 18432]
R3 KMWDFILTERx86;HIDServiceDesc;c:\windows\system32\DRIVERS\KMWDFILTER.sys [2009-04-29 25088]
R3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [2012-04-04 22344]
R3 MBAMService;MBAMService;c:\program files\Malwarebytes' Anti-Malware\mbamservice.exe [2012-04-04 654408]
R3 nmwcdnsu;Nokia USB Flashing Phone Parent;c:\windows\system32\drivers\nmwcdnsu.sys [2011-11-01 137600]
R3 nmwcdnsuc;Nokia USB Flashing Generic;c:\windows\system32\drivers\nmwcdnsuc.sys [2011-11-01 8576]
R3 NPF;NetGroup Packet Filter Driver;c:\windows\system32\drivers\npf.sys [2010-06-25 35088]
R3 nvUpdatusService;NVIDIA Update Service Daemon;c:\program files\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe [2012-02-29 2348352]
R3 PAC7311;Trust Webcam 14839;c:\windows\system32\DRIVERS\PA707UCM.SYS [2005-10-18 154752]
R3 RdpVideoMiniport;Remote Desktop Video Miniport Driver;c:\windows\system32\drivers\rdpvideominiport.sys [2010-11-20 15872]
R3 SASENUM;SASENUM;c:\program files\SUPERAntiSpyware\SASENUM.SYS [2009-11-11 7408]
R3 TeamViewer7;TeamViewer 7;c:\program files\TeamViewer\Version7\TeamViewer_Service.exe [2012-02-06 3027840]
R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys [2010-11-20 52224]
R3 TuneUp.UtilitiesSvc;TuneUp Utilities Service;c:\program files\TuneUp Utilities 2011\TuneUpUtilitiesService32.exe [2010-10-27 1483072]
R3 TuneUpUtilitiesDrv;TuneUpUtilitiesDrv;c:\program files\TuneUp Utilities 2011\TuneUpUtilitiesDriver32.sys [2010-10-07 10064]
R3 VC10SecS;Virtual CD v10 Management Service;c:\program files\Virtual CD v10\System\VC10SecS.exe [2010-02-24 144712]
R4 FsUsbExService;FsUsbExService;c:\windows\system32\FsUsbExService.Exe [2010-07-04 238952]
S0 aswNdis;avast! Firewall NDIS Filter Service;c:\windows\system32\DRIVERS\aswNdis.sys [2010-09-07 12112]
S0 aswNdis2;avast! Firewall Core Firewall Service; [x]
S1 aswFW;avast! TDI Firewall driver; [x]
S1 aswSnx;aswSnx; [x]
S1 aswSP;aswSP; [x]
S1 SASDIFSV;SASDIFSV;c:\program files\SUPERAntiSpyware\SASDIFSV.SYS [2009-11-11 9968]
S1 SASKUTIL;SASKUTIL;c:\program files\SUPERAntiSpyware\SASKUTIL.sys [2009-11-11 74480]
S2 aswFsBlk;aswFsBlk; [x]
S2 aswMonFlt;aswMonFlt;c:\windows\system32\drivers\aswMonFlt.sys [2010-09-07 50768]
S2 avast! Firewall;avast! Firewall;c:\program files\Alwil Software\Avast5\afwServ.exe [2010-09-07 119200]
S3 teamviewervpn;TeamViewer VPN Adapter;c:\windows\system32\DRIVERS\teamviewervpn.sys [2011-12-16 25088]
S3 yukonw7;NDIS6.2 Miniport Driver for Marvell Yukon Ethernet Controller;c:\windows\system32\DRIVERS\yk62x86.sys [2009-09-28 315392]
.
.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Svchost  - NetSvcs
UxTuneUp
.
.
------- Supplementary Scan -------
.
IE: Download with FileServe Manager - c:\program files\FileServe Manager\GetUrl.htm
IE: E&xport to Microsoft Excel - c:\progra~1\Microsoft Office\Office12\EXCEL.EXE/3000
IE: Send image to &Bluetooth Device... - c:\program files\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm
IE: Send page to &Bluetooth Device... - c:\program files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
TCP: Interfaces\{177994D8-96D5-4F24-AA0A-66B749006129}: NameServer = 208.67.222.222,208.67.220.220
.
- - - - ORPHANS REMOVED - - - -
.
SafeBoot-09491728.sys
AddRemove-01_Simmental - c:\program files\Samsung\USB Drivers\01_Simmental\Uninstall.exe
AddRemove-02_Siberian - c:\program files\Samsung\USB Drivers\02_Siberian\Uninstall.exe
AddRemove-03_Swallowtail - c:\program files\Samsung\USB Drivers\03_Swallowtail\Uninstall.exe
AddRemove-04_semseyite - c:\program files\Samsung\USB Drivers\04_semseyite\Uninstall.exe
AddRemove-05_Sloan - c:\program files\Samsung\USB Drivers\05_Sloan\Uninstall.exe
AddRemove-06_Spencer - c:\program files\Samsung\USB Drivers\06_Spencer\Uninstall.exe
AddRemove-07_Schorl - c:\program files\Samsung\USB Drivers\07_Schorl\Uninstall.exe
AddRemove-08_EMPChipset - c:\program files\Samsung\USB Drivers\08_EMPChipset\Uninstall.exe
AddRemove-09_Hsp - c:\program files\Samsung\USB Drivers\09_Hsp\Uninstall.exe
AddRemove-11_HSP_Plus_Default - c:\program files\Samsung\USB Drivers\11_HSP_Plus_Default\Uninstall.exe
AddRemove-16_Shrewsbury - c:\program files\Samsung\USB Drivers\16_Shrewsbury\Uninstall.exe
AddRemove-17_EMP_Chipset2 - c:\program files\Samsung\USB Drivers\17_EMP_Chipset2\Uninstall.exe
AddRemove-18_Zinia_Serial_Driver - c:\program files\Samsung\USB Drivers\18_Zinia_Serial_Driver\Uninstall.exe
AddRemove-19_VIA_driver - c:\program files\Samsung\USB Drivers\19_VIA_driver\Uninstall.exe
AddRemove-20_NXP_Driver - c:\program files\Samsung\USB Drivers\20_NXP_Driver\Uninstall.exe
AddRemove-21_Searsburg - c:\program files\Samsung\USB Drivers\21_Searsburg\Uninstall.exe
AddRemove-22_WiBro_WiMAX - c:\program files\Samsung\USB Drivers\22_WiBro_WiMAX\Uninstall.exe
.
.
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0001\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0002\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
--------------------- DLLs Loaded Under Running Processes ---------------------
.
- - - - - - - > 'Explorer.exe'(2176)
c:\windows\system32\btncopy.dll
.
------------------------ Other Running Processes ------------------------
.
c:\windows\system32\taskhost.exe
c:\program files\Alwil Software\Avast5\AvastSvc.exe
c:\windows\system32\conhost.exe
.
**************************************************************************
.
Completion time: 2012-05-23  19:25:19 - machine was rebooted
ComboFix-quarantined-files.txt  2012-05-23 17:25
.
Pre-Run: 38,529,597,440 bytes free
Post-Run: 38,445,678,592 bytes free
.
- - End Of File - - 50FF07CFB30CA7E70CD9AA7B80DD7E22
--- --- ---


FFS:

Code:
Farbar Service Scanner Version: 17-05-2012
Ran by ----- (administrator) on 23-05-2012 at 19:28:46
Running from "E:\Dwnlds"
Windows 7 Enterprise Service Pack 1 (X86)
Boot Mode: Normal
****************************************************************

Internet Services:
============

Connection Status:
==============
Localhost is accessible.
LAN connected.
Google IP is accessible.
Yahoo IP is accessible.


Windows Firewall:
=============

Firewall Disabled Policy:
==================


System Restore:
============

System Restore Disabled Policy:
========================


File Check:
========
C:\Windows\system32\nsisvc.dll => MD5 is legit
C:\Windows\system32\Drivers\nsiproxy.sys => MD5 is legit
C:\Windows\system32\dhcpcore.dll => MD5 is legit
C:\Windows\system32\Drivers\afd.sys => MD5 is legit
C:\Windows\system32\Drivers\tdx.sys => MD5 is legit
C:\Windows\system32\Drivers\tcpip.sys => MD5 is legit
C:\Windows\system32\dnsrslvr.dll => MD5 is legit
C:\Windows\system32\mpssvc.dll => MD5 is legit
C:\Windows\system32\bfe.dll => MD5 is legit
C:\Windows\system32\Drivers\mpsdrv.sys => MD5 is legit
C:\Windows\system32\SDRSVC.dll => MD5 is legit
C:\Windows\system32\vssvc.exe => MD5 is legit
C:\Windows\system32\svchost.exe => MD5 is legit
C:\Windows\system32\rpcss.dll => MD5 is legit


**** End of log ****
wie bekomme ich die eintraege von combofix wieder weg bei c:?

Psychotic 23.05.2012 21:01
FRST


Downloade dir bitte Farbar's Recovery Scan Tool und speichere diese auf einen USB Stick. Schließe den USB Stick an das infizierte System an Du musst das System nun in die System Reparatur Option booten. Über den Boot Manager
  • Starte den Rechner neu auf.
  • Während dem Hochfahren drücke mehrmals die F8 Taste
  • Wähle nun Computer reparieren.
  • Wähle dein Betriebssystem und Benutzerkonto und klicke jeweils "Weiter".
Mit Windows CD/DVD
  • Lege die Windows CD in dein Laufwerk.
  • Starte den Rechner neu auf und starte von der CD
  • Wähle die Spracheinstellungen und klicke "Weiter".
  • Klicke auf Computerreparaturoptionen !!
  • Wähle dein Betriebssystem und Benutzerkonto und klicke jeweils "Weiter".
Wähle in den Reparaturoptionen Eingabeaufforderung
  • Gib nun bitte notepad ein und drücke Enter.
  • Im öffnenden Textdokument --> Datei --> Speichern unter und wähle Computer Hier wird dir der Laufwerksbuchstabe deines USB Sticks angezeigt.
  • Schließe Notepad wieder
  • Gib nun bitte folgenden Befehl ein. e:\frst.exe Hinweis: e steht für den Laufwerksbuchstaben deines USB Sticks. Gegebenfalls anpassen.
  • Akzeptiere den Disclaimer mit Yes und klicke Scan
Das Tool erstellt eine FRST.txt auf deinem USB Stick. Poste den Inhalt bitte hier.

ThimoS. 23.05.2012 21:46
Code:
Scan result of Farbar Recovery Scan Tool (FRST written by farbar) Version: 23-05-2012 02
Ran by SYSTEM at 23-05-2012 22:33:02
Running from H:\
Windows 7 Enterprise  (X86) OS Language: English(US)
The current controlset is ControlSet002

========================== Registry (Whitelisted) =============

HKU\-----\...\Run: [AvastUI.exe] C:\Program Files\Alwil Software\Avast5\AvastUI.exe [2838912 2010-09-07] (AVAST Software)
Winlogon\Notify\!SASWinLogon: C:\Program Files\SUPERAntiSpyware\SASWINLO.dll [X]
Tcpip\..\Interfaces\{177994D8-96D5-4F24-AA0A-66B749006129}: [NameServer]208.67.222.222,208.67.220.220

================================ Services (Whitelisted) ==================

2 avast! Antivirus; "C:\Program Files\Alwil Software\Avast5\AvastSvc.exe" [40384 2010-09-07] (AVAST Software)
2 avast! Firewall; "C:\Program Files\Alwil Software\Avast5\afwServ.exe" [119200 2010-09-07] (AVAST Software)
3 avast! Web Scanner; "C:\Program Files\Alwil Software\Avast5\AvastSvc.exe" [40384 2010-09-07] (AVAST Software)
3 FMDY; C:\Users\-----\AppData\Local\Temp\FMDY.exe [564096 2012-05-23] (Sysinternals - www.sysinternals.com)
4 FsUsbExService; C:\Windows\system32\FsUsbExService.Exe [238952 2010-07-04] (Teruten)
3 HDDlife HDD Access service; "C:\Program Files\Common Files\BinarySense\hldasvc.exe" [845640 2012-03-05] (BinarySense, Inc.)
3 MBAMService; "C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe" [654408 2012-04-04] (Malwarebytes Corporation)
3 nvUpdatusService; C:\Program Files\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe [2348352 2012-02-29] (NVIDIA Corporation)
3 PDAgent; "C:\Program Files\Raxco\PerfectDisk10\PDAgent.exe" [939272 2010-01-26] (Raxco Software, Inc.)
3 PDEngine; "C:\Program Files\Raxco\PerfectDisk10\PDEngine.exe" [1033480 2010-01-26] (Raxco Software, Inc.)
3 RJA; C:\Users\-----\AppData\Local\Temp\RJA.exe [539520 2012-05-23] (Sysinternals - www.sysinternals.com)
3 StorSvc; C:\Windows\System32\storsvc.dll [16384 2009-07-13] (Microsoft Corporation)
3 TeamViewer7; C:\Program Files\TeamViewer\Version7\TeamViewer_Service.exe [3027840 2012-02-05] (TeamViewer GmbH)
3 TuneUp.UtilitiesSvc; "C:\Program Files\TuneUp Utilities 2011\TuneUpUtilitiesService32.exe" [1483072 2010-10-27] (TuneUp Software)
3 UxTuneUp; C:\Windows\System32\uxtuneup.dll [29504 2010-10-27] (TuneUp Software)
3 VC10SecS; C:\Program Files\Virtual CD v10\System\VC10SecS.exe [144712 2010-02-24] (H+H Software GmbH)
3 ZSJXDG; C:\Users\-----\AppData\Local\Temp\ZSJXDG.exe [568192 2012-05-23] (Sysinternals - www.sysinternals.com)
3 rpcapd; "C:\Program Files\WinPcap\rpcapd.exe" -d -f "C:\Program Files\WinPcap\rpcapd.ini" [x]

========================== Drivers (Whitelisted) =============

3 ALCXWDM; C:\Windows\System32\drivers\RTKVAC.SYS [4172832 2009-06-18] (Realtek Semiconductor Corp.)
2 aswFsBlk; C:\Windows\System32\Drivers\aswFsBlk.sys [17744 2010-09-07] (AVAST Software)
1 aswFW; C:\Windows\System32\Drivers\aswFW.sys [99792 2010-09-07] (AVAST Software)
2 aswMonFlt; \??\C:\Windows\system32\drivers\aswMonFlt.sys [50768 2010-09-07] (AVAST Software)
0 aswNdis; C:\Windows\System32\DRIVERS\aswNdis.sys [12112 2010-09-07] (ALWIL Software)
0 aswNdis2; C:\Windows\System32\Drivers\aswNdis2.sys [190416 2010-09-07] (AVAST Software)
1 aswRdr; C:\Windows\System32\Drivers\aswRdr.sys [23376 2010-09-07] (AVAST Software)
1 aswSnx; C:\Windows\System32\Drivers\aswSnx.sys [340048 2010-09-07] (AVAST Software)
1 aswSP; C:\Windows\System32\Drivers\aswSP.sys [165584 2010-09-07] (AVAST Software)
1 aswTdi; C:\Windows\System32\Drivers\aswTdi.sys [46672 2010-09-07] (AVAST Software)
3 BridgeMP; C:\Windows\System32\DRIVERS\bridge.sys [78336 2009-07-13] (Microsoft Corporation)
2 DefragFS; C:\Windows\System32\Drivers\DefragFS.sys [73232 2009-08-20] (Raxco Software, Inc.)
3 FsUsbExDisk; \??\C:\Windows\system32\FsUsbExDisk.SYS [36608 2010-06-14] ()
3 HH10Help.sys; \??\C:\Windows\system32\drivers\HH10Help.sys [18432 2008-11-06] (H+H Software GmbH)
3 KMWDFILTERx86; C:\Windows\System32\DRIVERS\KMWDFILTER.sys [25088 2009-04-29] (Windows (R) Codename Longhorn DDK provider)
3 LVUSBSta; C:\Windows\System32\DRIVERS\LVUSBSta.sys [41752 2007-10-11] (Logitech Inc.)
3 MBAMProtector; \??\C:\Windows\system32\drivers\mbam.sys [22344 2012-04-04] (Malwarebytes Corporation)
3 nmwcdnsu; C:\Windows\System32\drivers\nmwcdnsu.sys [137600 2011-11-01] (Nokia)
3 nmwcdnsuc; C:\Windows\System32\drivers\nmwcdnsuc.sys [8576 2011-11-01] (Nokia)
3 NPF; C:\Windows\System32\drivers\npf.sys [35088 2010-06-25] (CACE Technologies, Inc.)
3 PAC7311; C:\Windows\System32\DRIVERS\PA707UCM.SYS [154752 2005-10-18] (PixArt Imaging Inc.)
3 pccsmcfd; C:\Windows\System32\DRIVERS\pccsmcfd.sys [18816 2008-08-26] (Nokia)
3 PID_0928; C:\Windows\System32\DRIVERS\LV561AV.SYS [490776 2007-10-11] (Logitech Inc.)
1 SASDIFSV; \??\C:\Program Files\SUPERAntiSpyware\SASDIFSV.SYS [9968 2009-11-11] (SUPERAdBlocker.com and SUPERAntiSpyware.com)
3 SASENUM; \??\C:\Program Files\SUPERAntiSpyware\SASENUM.SYS [7408 2009-11-11] ( SUPERAdBlocker.com and SUPERAntiSpyware.com)
1 SASKUTIL; \??\C:\Program Files\SUPERAntiSpyware\SASKUTIL.sys [74480 2009-11-11] (SUPERAdBlocker.com and SUPERAntiSpyware.com)
3 teamviewervpn; C:\Windows\System32\DRIVERS\teamviewervpn.sys [25088 2011-12-16] (TeamViewer GmbH)
3 TuneUpUtilitiesDrv; \??\C:\Program Files\TuneUp Utilities 2011\TuneUpUtilitiesDriver32.sys [10064 2010-10-07] (TuneUp Software)
3 UsbserFilt; C:\Windows\System32\DRIVERS\usbser_lowerfltj.sys [8192 2011-11-01] (Nokia)
3 yukonw7; C:\Windows\System32\DRIVERS\yk62x86.sys [315392 2009-09-28] ()
3 aswArKrn; \??\C:\Users\-----\AppData\Local\Temp\aswArKrn.sys [x]
3 catchme; \??\C:\Users\-----\AppData\Local\Temp\catchme.sys [x]
3 cmuda3; C:\Windows\System32\drivers\cmudax3.sys [x]
3 LMImirr; C:\Windows\System32\DRIVERS\LMImirr.sys [x]

========================== NetSvcs (Whitelisted) ===========
NETSVC: UxTuneUp

============ One Month Created Files and Folders ==============

2012-05-23 22:32 - 2012-05-23 22:33 - 0000000 ____D C:\FRST
2012-05-23 18:30 - 2012-05-23 18:30 - 0001530 ____A C:\Windows\System32\config\aswrc1337826605.rcr
2012-05-23 09:25 - 2012-05-23 09:25 - 0016574 ____A C:\ComboFix.txt
2012-05-23 09:22 - 2012-05-23 09:22 - 0000000 __SHD C:\$RECYCLE.BIN
2012-05-23 08:38 - 2012-05-23 09:33 - 0000000 ____D C:\Qoobox
2012-05-23 08:05 - 2012-05-23 12:29 - 0029975 ____A C:\Windows\WindowsUpdate.log
2012-05-23 07:25 - 2012-05-23 08:05 - 0000000 ____D C:\Windows\ERDNT
2012-05-23 07:25 - 2011-06-25 22:45 - 0256000 ____A C:\Windows\PEV.exe
2012-05-23 07:25 - 2010-11-07 09:20 - 0208896 ____A C:\Windows\MBR.exe
2012-05-23 07:25 - 2009-04-19 20:56 - 0060416 ____A (NirSoft) C:\Windows\NIRCMD.exe
2012-05-23 07:25 - 2000-08-30 16:00 - 0518144 ____A (SteelWerX) C:\Windows\SWREG.exe
2012-05-23 07:25 - 2000-08-30 16:00 - 0406528 ____A (SteelWerX) C:\Windows\SWSC.exe
2012-05-23 07:25 - 2000-08-30 16:00 - 0098816 ____A C:\Windows\sed.exe
2012-05-23 07:25 - 2000-08-30 16:00 - 0080412 ____A C:\Windows\grep.exe
2012-05-23 07:25 - 2000-08-30 16:00 - 0068096 ____A C:\Windows\zip.exe
2012-05-23 05:59 - 2012-05-23 09:17 - 0001434 ____A C:\Windows\PFRO.log
2012-05-23 05:59 - 2012-05-23 05:59 - 0411784 ____A C:\Windows\System32\FNTCACHE.DAT
2012-05-23 05:59 - 2012-05-23 05:59 - 0215606 ____A C:\Windows\ntbtlog.txt
2012-05-23 05:54 - 2012-05-23 05:55 - 0000000 ____D C:\Program Files\SUPERAntiSpyware
2012-05-23 05:54 - 2012-05-23 05:54 - 0000000 ____D C:\Program Files\Common Files\Wise Installation Wizard
2012-05-23 05:53 - 2012-05-23 09:36 - 0000336 ____A C:\Windows\setupact.log
2012-05-23 05:53 - 2012-05-23 05:53 - 0000000 ____A C:\Windows\setuperr.log
2012-05-23 05:50 - 2012-05-23 05:50 - 0109216 ____A C:\Users\-----\AppData\Local\GDIPFONTCACHEV1.DAT
2012-05-23 02:20 - 2012-05-23 02:20 - 0000000 ____A C:\Users\-----\defogger_reenable
2012-05-22 07:47 - 2012-05-22 07:47 - 0012982 ____A C:\Windows\System32\config\aswrc1337701662.rcr
2012-05-22 05:12 - 2012-05-22 05:12 - 0000000 ____D C:\Users\-----\AppData\Roaming\GlarySoft
2012-05-22 05:04 - 2012-05-22 05:04 - 0000000 ____D C:\Program Files\Uniblue
2012-05-22 04:21 - 2012-05-22 04:21 - 0000000 ____D C:\Program Files\Glarysoft
2012-05-21 02:12 - 2012-05-21 02:12 - 0000000 ____D C:\Program Files\Passcape
2012-05-18 03:58 - 2012-05-18 03:58 - 0024165 ____A C:\Users\-----\AppData\Roaming\sound.wav
2012-05-18 03:58 - 2012-05-18 03:58 - 0000000 ____D C:\Users\-----\AppData\Roaming\Skins
2012-05-18 03:58 - 2012-05-18 03:58 - 0000000 ____D C:\Users\-----\AppData\Roaming\Settings
2012-05-18 03:58 - 2012-05-18 03:58 - 0000000 ____D C:\Users\-----\AppData\Roaming\Language
2012-05-10 12:37 - 2012-03-30 20:39 - 3968368 ____A (Microsoft Corporation) C:\Windows\System32\ntkrnlpa.exe
2012-05-10 12:37 - 2012-03-30 20:39 - 3913072 ____A (Microsoft Corporation) C:\Windows\System32\ntoskrnl.exe
2012-05-10 12:37 - 2012-03-30 18:36 - 2343424 ____A (Microsoft Corporation) C:\Windows\System32\win32k.sys
2012-05-10 12:37 - 2012-03-30 02:23 - 1291632 ____A (Microsoft Corporation) C:\Windows\System32\Drivers\tcpip.sys
2012-05-10 12:36 - 2012-03-16 23:27 - 0056176 ____A (Microsoft Corporation) C:\Windows\System32\Drivers\partmgr.sys
2012-05-10 12:36 - 2012-03-02 21:31 - 1077248 ____A (Microsoft Corporation) C:\Windows\System32\DWrite.dll
2012-05-05 04:35 - 2012-05-05 04:35 - 0000000 ____D C:\Program Files\Common Files\SpeechEngines
2012-05-05 04:35 - 2012-05-05 04:35 - 0000000 ____D C:\Program Files\Common Files\Services
2012-05-05 00:42 - 2012-05-05 00:42 - 0000000 ___SD C:\Users\-----\Documents\My Data Sources
2012-05-03 10:50 - 2012-05-03 15:38 - 0002038 ___AH C:\Users\-----\Documents\Default.rdp
2012-05-02 10:50 - 2012-05-02 10:50 - 0000857 ____A C:\Windows\System32\runkgb.lnk
2012-05-02 10:50 - 2012-05-02 10:50 - 0000000 __SHD C:\Program Files\KGB
2012-05-01 19:32 - 2012-05-01 19:32 - 0028278 ____A C:\Windows\System32\config\aswrc1335929570.rcr
2012-04-30 13:37 - 2012-04-30 13:37 - 0000000 ____D C:\Users\All Users\NVIDIA Corporation
2012-04-30 13:36 - 2012-02-29 15:59 - 19444544 ____A (NVIDIA Corporation) C:\Windows\System32\nvoglv32.dll
2012-04-30 13:36 - 2012-02-29 15:59 - 1000256 ____A (NVIDIA Corporation) C:\Windows\System32\nvdispco32.dll
2012-04-30 13:36 - 2012-02-29 15:59 - 0881984 ____A (NVIDIA Corporation) C:\Windows\System32\nvgenco32.dll
2012-04-28 09:09 - 2012-04-28 09:09 - 0000000 ____D C:\Users\-----\AppData\Roaming\HD Tune Pro
2012-04-28 09:06 - 2012-04-28 09:09 - 0000000 ____D C:\Program Files\HDTune
2012-04-28 08:44 - 2012-04-28 08:44 - 0000000 ____D C:\Users\-----\AppData\Local\Western Digital
2012-04-28 08:36 - 2012-04-28 08:36 - 0000000 ____D C:\Users\-----\AppData\Roaming\BinarySense
2012-04-28 08:35 - 2012-04-28 08:35 - 0000000 ____D C:\Program Files\HdLife
2012-04-28 08:35 - 2012-04-28 08:35 - 0000000 ____D C:\Program Files\Common Files\BinarySense
2012-04-28 07:47 - 2012-04-28 07:47 - 0000078 ____A C:\Windows\lgfwup.txt
2012-04-28 07:41 - 2012-04-28 07:47 - 0000310 ____A C:\Windows\lgfwup.ini
2012-04-28 07:41 - 2012-04-28 07:47 - 0000000 ____D C:\Program Files\lg_fwupdate
2012-04-28 07:41 - 2012-04-28 07:43 - 0016384 ____A (BitLeader) C:\Windows\System32\lgfwunis.exe
2012-04-28 07:41 - 2001-08-29 11:00 - 0059904 ____A (Microsoft Corporation) C:\Windows\System32\wbemdisp.tlb
2012-04-28 07:41 - 1998-07-21 14:00 - 0102160 ____A (Microsoft Corporation) C:\Windows\System32\VB6KO.DLL
2012-04-28 07:41 - 1998-06-23 14:00 - 0115016 ____A (Microsoft Corporation) C:\Windows\System32\MSINET.OCX
2012-04-28 07:32 - 2012-04-28 07:32 - 0000000 ____D C:\Program Files\DVD Genie

============ 3 Months Modified Files and Folders ===============

2012-05-23 22:33 - 2012-05-23 22:32 - 0000000 ____D C:\FRST
2012-05-23 18:30 - 2012-05-23 18:30 - 0001530 ____A C:\Windows\System32\config\aswrc1337826605.rcr
2012-05-23 12:29 - 2012-05-23 08:05 - 0029975 ____A C:\Windows\WindowsUpdate.log
2012-05-23 12:03 - 2011-10-29 10:11 - 0000107 ____A C:\Windows\System32\_WKERNEL.SYL
2012-05-23 09:36 - 2012-05-23 05:53 - 0000336 ____A C:\Windows\setupact.log
2012-05-23 09:36 - 2009-07-13 20:53 - 0000006 ___AH C:\Windows\Tasks\SA.DAT
2012-05-23 09:33 - 2012-05-23 08:38 - 0000000 ____D C:\Qoobox
2012-05-23 09:25 - 2012-05-23 09:25 - 0016574 ____A C:\ComboFix.txt
2012-05-23 09:25 - 2009-07-13 18:37 - 0000000 ___RD C:\users\Public
2012-05-23 09:22 - 2012-05-23 09:22 - 0000000 __SHD C:\$RECYCLE.BIN
2012-05-23 09:17 - 2012-05-23 05:59 - 0001434 ____A C:\Windows\PFRO.log
2012-05-23 09:17 - 2009-07-13 18:04 - 0000215 ____A C:\Windows\system.ini
2012-05-23 09:17 - 2009-07-13 18:04 - 0000027 ____A C:\Windows\System32\Drivers\etc\hosts
2012-05-23 08:44 - 2009-07-13 20:34 - 0014544 ___AH C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2012-05-23 08:44 - 2009-07-13 20:34 - 0014544 ___AH C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2012-05-23 08:05 - 2012-05-23 07:25 - 0000000 ____D C:\Windows\ERDNT
2012-05-23 07:31 - 2011-10-30 12:38 - 0000000 ____D C:\Users\-----\AppData\Roaming\SPlayer
2012-05-23 05:59 - 2012-05-23 05:59 - 0411784 ____A C:\Windows\System32\FNTCACHE.DAT
2012-05-23 05:59 - 2012-05-23 05:59 - 0215606 ____A C:\Windows\ntbtlog.txt
2012-05-23 05:55 - 2012-05-23 05:54 - 0000000 ____D C:\Program Files\SUPERAntiSpyware
2012-05-23 05:54 - 2012-05-23 05:54 - 0000000 ____D C:\Program Files\Common Files\Wise Installation Wizard
2012-05-23 05:54 - 2012-02-01 10:19 - 0000000 ____D C:\Users\-----\AppData\Roaming\SUPERAntiSpyware.com
2012-05-23 05:53 - 2012-05-23 05:53 - 0000000 ____A C:\Windows\setuperr.log
2012-05-23 05:50 - 2012-05-23 05:50 - 0109216 ____A C:\Users\-----\AppData\Local\GDIPFONTCACHEV1.DAT
2012-05-23 04:58 - 2011-10-29 07:21 - 0000000 ___RD C:\Users\-----\Desktop\Clnr
2012-05-23 03:19 - 2009-07-13 18:37 - 0000000 ____D C:\Windows\System32\LogFiles
2012-05-23 02:20 - 2012-05-23 02:20 - 0000000 ____A C:\Users\-----\defogger_reenable
2012-05-23 02:20 - 2011-10-29 05:58 - 0000000 ____D C:\users\-----
2012-05-22 12:18 - 2011-12-17 09:16 - 0000000 ____D C:\Users\-----\AppData\Roaming\Skype
2012-05-22 08:11 - 2012-01-14 11:03 - 0000000 ____D C:\Users\-----\AppData\Roaming\Mozilla
2012-05-22 07:47 - 2012-05-22 07:47 - 0012982 ____A C:\Windows\System32\config\aswrc1337701662.rcr
2012-05-22 05:26 - 2011-10-29 07:48 - 2755072 ____A (Microsoft Corporation) C:\Windows\System32\themeui.dll
2012-05-22 05:26 - 2009-07-13 15:40 - 0249856 ____A (Microsoft Corporation) C:\Windows\System32\uxtheme.dll
2012-05-22 05:26 - 2009-07-13 15:39 - 0037376 ____A (Microsoft Corporation) C:\Windows\System32\themeservice.dll
2012-05-22 05:12 - 2012-05-22 05:12 - 0000000 ____D C:\Users\-----\AppData\Roaming\GlarySoft
2012-05-22 05:04 - 2012-05-22 05:04 - 0000000 ____D C:\Program Files\Uniblue
2012-05-22 04:21 - 2012-05-22 04:21 - 0000000 ____D C:\Program Files\Glarysoft
2012-05-22 04:12 - 2011-12-06 09:56 - 0013824 ____A C:\Users\-----\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
2012-05-21 03:12 - 2011-10-29 06:03 - 0730320 ____A C:\Windows\System32\PerfStringBackup.INI
2012-05-21 02:12 - 2012-05-21 02:12 - 0000000 ____D C:\Program Files\Passcape
2012-05-20 10:27 - 2012-03-23 08:36 - 0000000 ___RD C:\Users\-----\Desktop\Misc
2012-05-18 03:58 - 2012-05-18 03:58 - 0024165 ____A C:\Users\-----\AppData\Roaming\sound.wav
2012-05-18 03:58 - 2012-05-18 03:58 - 0000000 ____D C:\Users\-----\AppData\Roaming\Skins
2012-05-18 03:58 - 2012-05-18 03:58 - 0000000 ____D C:\Users\-----\AppData\Roaming\Settings
2012-05-18 03:58 - 2012-05-18 03:58 - 0000000 ____D C:\Users\-----\AppData\Roaming\Language
2012-05-14 02:50 - 2011-10-29 10:04 - 0000000 ____D C:\Program Files\IrfanView
2012-05-11 04:48 - 2009-07-13 18:37 - 0000000 ____D C:\Windows\Microsoft.NET
2012-05-10 12:44 - 2009-07-13 23:20 - 0000000 ____D C:\Program Files\Windows Journal
2012-05-09 22:54 - 2012-04-17 08:54 - 0419488 ____A (Adobe Systems Incorporated) C:\Windows\System32\FlashPlayerApp.exe
2012-05-09 22:54 - 2011-10-29 10:01 - 0070304 ____A (Adobe Systems Incorporated) C:\Windows\System32\FlashPlayerCPLApp.cpl
2012-05-07 04:00 - 2009-07-13 18:37 - 0000000 ____D C:\Windows\System32\NDF
2012-05-07 03:30 - 2009-07-13 18:37 - 0000000 ____D C:\Windows\System32\config\TxR
2012-05-07 00:35 - 2012-01-20 09:08 - 0000000 ____D C:\Users\-----\AppData\Roaming\FileZilla
2012-05-05 06:44 - 2011-10-29 05:58 - 3145728 ____A C:\Users\-----\NTUSER.bak
2012-05-05 06:44 - 2009-07-13 18:03 - 44826624 ____A C:\Windows\System32\config\SOFTWARE.bak
2012-05-05 06:44 - 2009-07-13 18:03 - 14155776 ____A C:\Windows\System32\config\SYSTEM.bak
2012-05-05 06:44 - 2009-07-13 18:03 - 0262144 ____A C:\Windows\System32\config\DEFAULT.bak
2012-05-05 06:44 - 2009-07-13 18:03 - 0061440 ____A C:\Windows\System32\config\SAM.bak
2012-05-05 06:44 - 2009-07-13 18:03 - 0028672 ____A C:\Windows\System32\config\SECURITY.bak
2012-05-05 06:40 - 2011-10-29 14:38 - 0035840 __ASH C:\Windows\System32\config\SYSTEM.tmp.LOG1
2012-05-05 05:06 - 2011-12-30 07:40 - 0007605 ____A C:\Users\-----\AppData\Local\Resmon.ResmonCfg
2012-05-05 04:56 - 2009-07-13 18:37 - 0000000 ____D C:\Windows\Resources
2012-05-05 04:35 - 2012-05-05 04:35 - 0000000 ____D C:\Program Files\Common Files\SpeechEngines
2012-05-05 04:35 - 2012-05-05 04:35 - 0000000 ____D C:\Program Files\Common Files\Services
2012-05-05 04:35 - 2012-01-29 11:08 - 0000000 ____D C:\Program Files\Common Files\SYSTEM
2012-05-05 04:35 - 2012-01-29 11:07 - 0000000 ____D C:\Program Files\Common Files\Microsoft Shared
2012-05-05 00:42 - 2012-05-05 00:42 - 0000000 ___SD C:\Users\-----\Documents\My Data Sources
2012-05-03 15:38 - 2012-05-03 10:50 - 0002038 ___AH C:\Users\-----\Documents\Default.rdp
2012-05-03 08:38 - 2011-10-29 09:53 - 0000000 ____D C:\Program Files\SRWare Iron
2012-05-02 10:50 - 2012-05-02 10:50 - 0000857 ____A C:\Windows\System32\runkgb.lnk
2012-05-02 10:50 - 2012-05-02 10:50 - 0000000 __SHD C:\Program Files\KGB
2012-05-01 19:32 - 2012-05-01 19:32 - 0028278 ____A C:\Windows\System32\config\aswrc1335929570.rcr
2012-05-01 10:39 - 2009-07-13 18:37 - 0000000 ____D C:\Windows\SchCache
2012-05-01 09:51 - 2011-10-29 12:31 - 0000000 ____D C:\Program Files\Malwarebytes' Anti-Malware
2012-04-30 13:37 - 2012-04-30 13:37 - 0000000 ____D C:\Users\All Users\NVIDIA Corporation
2012-04-30 13:37 - 2011-11-26 15:10 - 0000000 ____D C:\Users\All Users\NVIDIA
2012-04-30 13:37 - 2011-11-26 15:09 - 0000000 ____D C:\Program Files\NVIDIA Corporation
2012-04-30 13:37 - 2009-07-13 18:37 - 0000000 ____D C:\Windows\System32\DriverStore
2012-04-30 03:45 - 2009-07-13 20:53 - 0032608 ____A C:\Windows\Tasks\SCHEDLGU.TXT
2012-04-28 09:09 - 2012-04-28 09:09 - 0000000 ____D C:\Users\-----\AppData\Roaming\HD Tune Pro
2012-04-28 09:09 - 2012-04-28 09:06 - 0000000 ____D C:\Program Files\HDTune
2012-04-28 08:44 - 2012-04-28 08:44 - 0000000 ____D C:\Users\-----\AppData\Local\Western Digital
2012-04-28 08:36 - 2012-04-28 08:36 - 0000000 ____D C:\Users\-----\AppData\Roaming\BinarySense
2012-04-28 08:35 - 2012-04-28 08:35 - 0000000 ____D C:\Program Files\HdLife
2012-04-28 08:35 - 2012-04-28 08:35 - 0000000 ____D C:\Program Files\Common Files\BinarySense
2012-04-28 07:47 - 2012-04-28 07:47 - 0000078 ____A C:\Windows\lgfwup.txt
2012-04-28 07:47 - 2012-04-28 07:41 - 0000310 ____A C:\Windows\lgfwup.ini
2012-04-28 07:47 - 2012-04-28 07:41 - 0000000 ____D C:\Program Files\lg_fwupdate
2012-04-28 07:43 - 2012-04-28 07:41 - 0016384 ____A (BitLeader) C:\Windows\System32\lgfwunis.exe
2012-04-28 07:41 - 2012-04-01 11:28 - 0000000 ____D C:\Program Files\Common Files\InstallShield
2012-04-28 07:41 - 2011-11-11 10:57 - 0000000 ___HD C:\Program Files\InstallShield Installation Information
2012-04-28 07:32 - 2012-04-28 07:32 - 0000000 ____D C:\Program Files\DVD Genie
2012-04-26 03:57 - 2012-01-13 16:22 - 0000000 ____D C:\Users\-----\AppData\Roaming\Bitcoin
2012-04-25 06:48 - 2011-10-29 07:24 - 0000000 ____D C:\Program Files\CCleaner
2012-04-19 06:32 - 2012-04-19 06:32 - 0000000 ____D C:\Users\-----\AppData\Local\Apps\2.0
2012-04-18 12:52 - 2012-04-18 12:52 - 0708132 ____A C:\Windows\System32\config\aswrc1334782341.rcr
2012-04-18 10:25 - 2012-01-04 15:51 - 0000000 ____D C:\Program Files\WinPcap
2012-04-18 02:23 - 2009-07-13 18:04 - 0002577 ____A C:\Windows\System32\config.nt
2012-04-18 02:22 - 2012-04-18 02:22 - 0000000 ____D C:\Users\All Users\Alwil Software
2012-04-18 02:22 - 2012-04-18 02:22 - 0000000 ____D C:\Program Files\Alwil Software
2012-04-14 03:45 - 2012-04-14 03:45 - 0000641 ____A C:\Users\-----\Desktop\Dwnlds.lnk
2012-04-12 07:02 - 2009-07-13 18:03 - 12582912 ____A C:\Windows\System32\config\COMPONENTS.bak
2012-04-11 10:10 - 2012-04-11 10:08 - 0000000 ____D C:\Users\-----\Documents\Command and Conquer Generals Data
2012-04-09 04:40 - 2012-04-09 02:28 - 0000000 ____D C:\Program Files\DVDFab 8 Qt
2012-04-09 04:30 - 2012-04-09 04:30 - 0000000 ____D C:\Users\All Users\vsosdk
2012-04-09 02:33 - 2012-04-09 02:33 - 0000000 ____D C:\Users\All Users\dvdfab
2012-04-09 02:32 - 2012-04-09 02:28 - 0000000 ____D C:\Users\-----\Documents\DVDFab
2012-04-08 08:35 - 2012-03-24 03:40 - 0060416 ____A (Realtek Semiconductor Corp.) C:\Windows\ALCFDRTM.VER
2012-04-04 10:51 - 2012-04-04 10:51 - 0000000 ____D C:\Users\-----\New folder
2012-04-04 06:20 - 2012-04-04 06:20 - 0000000 ____D C:\Users\-----\AppData\Roaming\MozillaControl
2012-04-04 05:56 - 2011-10-29 12:31 - 0022344 ____A (Malwarebytes Corporation) C:\Windows\System32\Drivers\mbam.sys
2012-04-03 06:29 - 2012-04-01 11:40 - 0000000 ____D C:\Users\-----\Documents\Command and Conquer Generals Zero Hour Data
2012-04-02 03:41 - 2012-04-01 11:38 - 0000000 ___RD C:\Users\-----\Desktop\Gms
2012-04-01 11:37 - 2012-04-01 11:31 - 0000977 ____A C:\Windows\eReg.dat
2012-04-01 11:18 - 2012-04-01 11:18 - 0000632 ____A C:\Users\-----\Desktop\Ntwrk.lnk
2012-03-30 20:39 - 2012-05-10 12:37 - 3968368 ____A (Microsoft Corporation) C:\Windows\System32\ntkrnlpa.exe
2012-03-30 20:39 - 2012-05-10 12:37 - 3913072 ____A (Microsoft Corporation) C:\Windows\System32\ntoskrnl.exe
2012-03-30 18:36 - 2012-05-10 12:37 - 2343424 ____A (Microsoft Corporation) C:\Windows\System32\win32k.sys
2012-03-30 11:38 - 2012-03-22 07:25 - 0000000 ____D C:\Users\All Users\NokiaInstallerCache
2012-03-30 02:23 - 2012-05-10 12:37 - 1291632 ____A (Microsoft Corporation) C:\Windows\System32\Drivers\tcpip.sys
2012-03-29 08:01 - 2012-03-29 08:01 - 0000000 ___AH C:\Windows\System32\Drivers\Msft_User_WpdMtpDr_01_09_00.Wdf
2012-03-28 10:06 - 2011-10-29 14:02 - 0000000 ____D C:\Users\-----\AppData\Local\IM
2012-03-27 06:32 - 2012-03-27 06:28 - 0000000 ____D C:\Users\-----\AppData\Roaming\WordToPDF
2012-03-27 06:31 - 2012-03-27 06:31 - 0000000 ____D C:\Program Files\gs
2012-03-27 06:28 - 2012-03-27 06:28 - 0000000 ____D C:\Program Files\WordToPDF
2012-03-27 05:21 - 2012-03-27 04:54 - 0000000 ____D C:\Program Files\Java
2012-03-27 04:58 - 2012-02-06 17:43 - 0000000 ____D C:\Windows\Sun
2012-03-27 04:54 - 2012-03-27 04:54 - 0224136 ____A (Oracle Corporation) C:\Windows\System32\javaws.exe
2012-03-27 04:54 - 2012-03-27 04:54 - 0173960 ____A (Oracle Corporation) C:\Windows\System32\javaw.exe
2012-03-27 04:54 - 2012-03-27 04:54 - 0173960 ____A (Oracle Corporation) C:\Windows\System32\java.exe
2012-03-27 04:54 - 2012-03-27 04:54 - 0000000 ____D C:\Users\All Users\Sun
2012-03-27 04:54 - 2012-03-27 04:54 - 0000000 ____D C:\Program Files\Common Files\Java
2012-03-27 04:54 - 2012-02-06 06:09 - 0637848 ____A (Oracle Corporation) C:\Windows\System32\npdeployJava1.dll
2012-03-27 04:54 - 2012-02-06 06:09 - 0567696 ____A (Oracle Corporation) C:\Windows\System32\deployJava1.dll
2012-03-24 03:40 - 2012-03-24 03:40 - 0060416 ____A (Realtek Semiconductor Corp.) C:\Windows\ALCFDRTM.EXE
2012-03-24 03:16 - 2012-03-24 03:16 - 0000000 ____D C:\Windows\PixArt
2012-03-24 03:16 - 2009-07-13 20:52 - 0000000 ____D C:\Windows\twain_32
2012-03-24 02:19 - 2009-07-13 18:37 - 0000000 ____D C:\Windows\system
2012-03-22 12:03 - 2011-10-30 08:56 - 0000000 ____D C:\Program Files\Samsung
2012-03-22 12:02 - 2012-03-22 12:02 - 0000000 ____D C:\Users\-----d\Documents\Samsung
2012-03-22 12:02 - 2012-03-22 12:02 - 0000000 ____D C:\Users\-----\Documents\My NPS Files
2012-03-22 12:02 - 2012-03-22 12:02 - 0000000 ____D C:\Users\-----\AppData\Roaming\Samsung
2012-03-22 12:02 - 2012-03-22 12:02 - 0000000 ____D C:\Users\All Users\Samsung
2012-03-22 12:01 - 2012-03-22 12:01 - 0000000 ____D C:\Program Files\MarkAny
2012-03-22 11:23 - 2012-03-22 11:23 - 0000000 ____D C:\Users\-----\AppData\Local\Downloaded Installations
2012-03-22 10:07 - 2009-07-13 18:37 - 0000000 ____D C:\Windows\ModemLogs
2012-03-22 07:53 - 2012-03-22 07:53 - 0000000 ____D C:\Users\-----\Documents\Nokia Suite
2012-03-22 07:44 - 2012-03-22 07:44 - 0000000 ____D C:\Users\-----\AppData\Roaming\Nokia Suite
2012-03-22 07:44 - 2012-03-22 07:29 - 0000000 ____D C:\Users\-----\AppData\Roaming\Nokia
2012-03-22 07:42 - 2012-03-22 07:29 - 0000000 ____D C:\Users\-----\AppData\Roaming\PC Suite
2012-03-22 07:42 - 2012-03-22 07:29 - 0000000 ____D C:\Users\-----\AppData\Local\NokiaAccount
2012-03-22 07:32 - 2012-03-22 07:29 - 0000000 ____D C:\Users\All Users\PC Suite
2012-03-22 07:29 - 2012-03-22 07:29 - 0000000 ____D C:\Users\-----\AppData\Local\Nokia
2012-03-22 07:28 - 2012-03-22 07:28 - 0000000 ____D C:\Users\All Users\Nokia
2012-03-22 07:28 - 2012-03-22 07:28 - 0000000 ____D C:\Program Files\Common Files\Nokia
2012-03-22 07:28 - 2012-03-22 07:25 - 0000000 ____D C:\Program Files\Nokia
2012-03-22 07:26 - 2012-03-22 07:26 - 0000000 ____D C:\Program Files\PC Connectivity Solution
2012-03-22 07:12 - 2012-03-22 07:12 - 0000000 ____D C:\Users\-----\Documents\Bluetooth Exchange Folder
2012-03-22 07:12 - 2012-03-22 07:12 - 0000000 ____D C:\Users\-----\Bluetooth Software
2012-03-22 07:10 - 2012-03-22 07:10 - 0000000 ____D C:\Windows\System32\es-MX
2012-03-22 07:10 - 2012-03-22 07:10 - 0000000 ____D C:\Windows\System32\es-AR
2012-03-22 07:10 - 2012-03-22 07:10 - 0000000 ____D C:\Program Files\WIDCOMM
2012-03-22 07:10 - 2009-07-13 18:37 - 0000000 ____D C:\Windows\System32\zh-TW
2012-03-22 07:10 - 2009-07-13 18:37 - 0000000 ____D C:\Windows\System32\zh-CN
2012-03-22 07:10 - 2009-07-13 18:37 - 0000000 ____D C:\Windows\System32\sv-SE
2012-03-22 07:10 - 2009-07-13 18:37 - 0000000 ____D C:\Windows\System32\ru-RU
2012-03-22 07:10 - 2009-07-13 18:37 - 0000000 ____D C:\Windows\System32\pt-BR
2012-03-22 07:10 - 2009-07-13 18:37 - 0000000 ____D C:\Windows\System32\pl-PL
2012-03-22 07:10 - 2009-07-13 18:37 - 0000000 ____D C:\Windows\System32\nl-NL
2012-03-22 07:10 - 2009-07-13 18:37 - 0000000 ____D C:\Windows\System32\nb-NO
2012-03-22 07:10 - 2009-07-13 18:37 - 0000000 ____D C:\Windows\System32\ko-KR
2012-03-22 07:10 - 2009-07-13 18:37 - 0000000 ____D C:\Windows\System32\ja-JP
2012-03-22 07:10 - 2009-07-13 18:37 - 0000000 ____D C:\Windows\System32\it-IT
2012-03-22 07:10 - 2009-07-13 18:37 - 0000000 ____D C:\Windows\System32\fr-FR
2012-03-22 07:10 - 2009-07-13 18:37 - 0000000 ____D C:\Windows\System32\fi-FI
2012-03-22 07:10 - 2009-07-13 18:37 - 0000000 ____D C:\Windows\System32\de-DE
2012-03-18 12:11 - 2012-03-18 12:11 - 0000000 ____D C:\Program Files\PantsOff
2012-03-17 03:14 - 2012-03-17 03:14 - 0000000 ___HD C:\Users\All Users\CanonBJ
2012-03-17 02:13 - 2011-10-29 14:02 - 0000000 ____D C:\Users\All Users\IM
2012-03-16 23:27 - 2012-05-10 12:36 - 0056176 ____A (Microsoft Corporation) C:\Windows\System32\Drivers\partmgr.sys
2012-03-11 02:49 - 2012-03-07 11:44 - 0000000 ____D C:\Users\-----\AppData\Roaming\Notepad++
2012-03-07 13:10 - 2012-02-28 11:30 - 0000000 ____D C:\Users\-----\AppData\Roaming\TeamViewer
2012-03-07 12:40 - 2012-03-07 12:40 - 1010720 ___RS (Microsoft Corporation) C:\Windows\System32\MSCHRT20.OCX
2012-03-07 12:40 - 2012-03-07 12:40 - 0000000 ____D C:\Program Files\Technitium
2012-03-07 11:04 - 2012-03-07 11:04 - 0002252 ____R C:\Windows\RouterControl_Uninstall.in
2012-03-04 15:33 - 2012-03-04 15:33 - 1123304 ____A C:\Windows\System32\config\aswrc1330904033.rcr
2012-03-02 21:31 - 2012-05-10 12:36 - 1077248 ____A (Microsoft Corporation) C:\Windows\System32\DWrite.dll
2012-02-29 21:46 - 2012-04-12 06:39 - 0019824 ____A (Microsoft Corporation) C:\Windows\System32\Drivers\fs_rec.sys
2012-02-29 21:37 - 2012-04-12 06:39 - 0172544 ____A (Microsoft Corporation) C:\Windows\System32\wintrust.dll
2012-02-29 21:33 - 2012-04-12 06:39 - 0159232 ____A (Microsoft Corporation) C:\Windows\System32\imagehlp.dll
2012-02-29 21:29 - 2012-04-12 06:39 - 0005120 ____A (Microsoft Corporation) C:\Windows\System32\wmi.dll
2012-02-29 15:59 - 2012-04-30 13:36 - 19444544 ____A (NVIDIA Corporation) C:\Windows\System32\nvoglv32.dll
2012-02-29 15:59 - 2012-04-30 13:36 - 1000256 ____A (NVIDIA Corporation) C:\Windows\System32\nvdispco32.dll
2012-02-29 15:59 - 2012-04-30 13:36 - 0881984 ____A (NVIDIA Corporation) C:\Windows\System32\nvgenco32.dll
2012-02-29 15:59 - 2011-11-26 15:10 - 5892928 ____A (NVIDIA Corporation) C:\Windows\System32\nvcuda.dll
2012-02-29 15:59 - 2011-11-26 15:10 - 2517312 ____A (NVIDIA Corporation) C:\Windows\System32\nvcuvid.dll
2012-02-29 15:59 - 2011-11-26 15:10 - 2437440 ____A (NVIDIA Corporation) C:\Windows\System32\nvcuvenc.dll
2012-02-29 15:59 - 2011-11-26 15:10 - 2301248 ____A (NVIDIA Corporation) C:\Windows\System32\nvapi.dll
2012-02-29 15:59 - 2011-11-26 15:10 - 17543488 ____A (NVIDIA Corporation) C:\Windows\System32\nvcompiler.dll
2012-02-29 15:59 - 2011-11-26 15:10 - 10819392 ____A (NVIDIA Corporation) C:\Windows\System32\Drivers\nvlddmkm.sys
2012-02-29 15:59 - 2011-11-26 15:10 - 0061248 ____A (Khronos Group) C:\Windows\System32\OpenCL.dll
2012-02-29 15:59 - 2011-11-26 15:10 - 0008772 ____A C:\Windows\System32\nvinfo.pb
2012-02-29 15:59 - 2009-06-10 13:19 - 15009600 ____A (NVIDIA Corporation) C:\Windows\System32\nvd3dum.dll
2012-02-29 12:56 - 2011-11-26 15:10 - 3881792 ____A (NVIDIA Corporation) C:\Windows\System32\nvcpl.dll
2012-02-29 12:55 - 2011-11-26 15:10 - 2719040 ____A (NVIDIA Corporation) C:\Windows\System32\nvsvc.dll
2012-02-29 12:53 - 2011-11-26 15:10 - 0645440 ____A (NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe
2012-02-29 12:53 - 2011-11-26 15:10 - 0108352 ____A (NVIDIA Corporation) C:\Windows\System32\nvmctray.dll
2012-02-29 12:53 - 2011-11-26 15:10 - 0062272 ____A (NVIDIA Corporation) C:\Windows\System32\nvshext.dll
2012-02-28 11:28 - 2012-02-28 11:28 - 0000000 ____D C:\Program Files\TeamViewer
2012-02-27 23:40 - 2012-02-27 23:40 - 0000000 ____D C:\Program Files\Notepad++
2012-02-27 17:52 - 2012-04-12 06:42 - 12281856 ____A (Microsoft Corporation) C:\Windows\System32\mshtml.dll
2012-02-27 17:27 - 2012-04-12 06:42 - 9705984 ____A (Microsoft Corporation) C:\Windows\System32\ieframe.dll
2012-02-27 17:18 - 2012-04-12 06:42 - 1799168 ____A (Microsoft Corporation) C:\Windows\System32\jscript9.dll
2012-02-27 17:12 - 2012-04-12 06:42 - 1103360 ____A (Microsoft Corporation) C:\Windows\System32\urlmon.dll
2012-02-27 17:11 - 2012-04-12 06:42 - 1427456 ____A (Microsoft Corporation) C:\Windows\System32\inetcpl.cpl
2012-02-27 17:11 - 2012-04-12 06:42 - 1127424 ____A (Microsoft Corporation) C:\Windows\System32\wininet.dll
2012-02-27 17:09 - 2012-04-12 06:42 - 0231936 ____A (Microsoft Corporation) C:\Windows\System32\url.dll
2012-02-27 17:08 - 2012-04-12 06:42 - 0065024 ____A (Microsoft Corporation) C:\Windows\System32\jsproxy.dll
2012-02-27 17:06 - 2012-04-12 06:42 - 0716800 ____A (Microsoft Corporation) C:\Windows\System32\jscript.dll
2012-02-27 17:04 - 2012-04-12 06:42 - 1792000 ____A (Microsoft Corporation) C:\Windows\System32\iertutil.dll
2012-02-27 17:03 - 2012-04-12 06:42 - 2382848 ____A (Microsoft Corporation) C:\Windows\System32\mshtml.tlb
2012-02-27 17:03 - 2012-04-12 06:42 - 0072704 ____A (Microsoft Corporation) C:\Windows\System32\mshtmled.dll
2012-02-27 16:59 - 2012-04-12 06:42 - 0176640 ____A (Microsoft Corporation) C:\Windows\System32\ieui.dll

========================= Known DLLs (Whitelisted) ============


========================= Bamital & volsnap Check ============

C:\Windows\explorer.exe
[2011-10-29 06:48] - [2011-02-24 21:30] - 2616320 ____A (Microsoft Corporation) C159B521C73AA1E786DE7CE8DB0FCDF2

C:\Windows\System32\winlogon.exe => MD5 is legit

C:\Windows\System32\wininit.exe => MD5 is legit

C:\Windows\System32\svchost.exe => MD5 is legit

C:\Windows\System32\User32.dll => MD5 is legit

C:\Windows\System32\userinit.exe => MD5 is legit

C:\Windows\System32\Drivers\volsnap.sys => MD5 is legit

==================== EXE ASSOCIATION =====================

HKLM\...\.exe: exefile => OK
HKLM\...\exefile\DefaultIcon: %1 => OK
HKLM\...\exefile\open\command: "%1" %* => OK

========================= Memory info ======================

Percentage of memory in use: 17%
Total physical RAM: 2559.56 MB
Available physical RAM: 2122.49 MB
Total Pagefile: 2555.77 MB
Available Pagefile: 2128.24 MB
Total Virtual: 2047.88 MB
Available Virtual: 1959.56 MB

======================= Partitions =========================

1 Drive c: (Main) (Fixed) (Total:55.91 GB) (Free:35.83 GB) NTFS ==>[Drive with boot components (obtained from BCD)]
2 Drive d: (Data) (Fixed) (Total:37.26 GB) (Free:14.66 GB) NTFS
3 Drive e: (Dwnlds) (Fixed) (Total:55.9 GB) (Free:39.87 GB) NTFS
4 Drive f: (GRMCULFRER_EN_DVD) (CDROM) (Total:3.73 GB) (Free:0 GB) UDF
6 Drive h: (AVAST) (Removable) (Total:3.74 GB) (Free:3.74 GB) FAT32
7 Drive x: (Boot) (Fixed) (Total:0.03 GB) (Free:0.03 GB) NTFS

  Disk ###  Status        Size    Free    Dyn  Gpt
  --------  -------------  -------  -------  ---  ---
  Disk 0    Online          111 GB    9 MB       
  Disk 1    Online          37 GB    9 MB       
  Disk 2    Online        3839 MB      0 B       

Partitions of Disk 0:
===============

  Partition ###  Type              Size    Offset
  -------------  ----------------  -------  -------
  Partition 1    Primary            55 GB    31 KB
  Partition 0    Extended            55 GB    55 GB
  Partition 2    Logical            55 GB    55 GB

======================================================================================================

Disk: 0
Partition 1
Type  : 07
Hidden: No
Active: Yes

  Volume ###  Ltr  Label        Fs    Type        Size    Status    Info
  ----------  ---  -----------  -----  ----------  -------  ---------  --------
* Volume 2    C  Main        NTFS  Partition    55 GB  Healthy           

======================================================================================================

Disk: 0
Partition 2
Type  : 07
Hidden: No
Active: No

  Volume ###  Ltr  Label        Fs    Type        Size    Status    Info
  ----------  ---  -----------  -----  ----------  -------  ---------  --------
* Volume 3    E  Dwnlds      NTFS  Partition    55 GB  Healthy           

======================================================================================================

Partitions of Disk 1:
===============

  Partition ###  Type              Size    Offset
  -------------  ----------------  -------  -------
  Partition 1    Primary            37 GB    31 KB

======================================================================================================

Disk: 1
Partition 1
Type  : 07
Hidden: No
Active: No

  Volume ###  Ltr  Label        Fs    Type        Size    Status    Info
  ----------  ---  -----------  -----  ----------  -------  ---------  --------
* Volume 4    D  Data        NTFS  Partition    37 GB  Healthy           

======================================================================================================

Partitions of Disk 2:
===============

  Partition ###  Type              Size    Offset
  -------------  ----------------  -------  -------
* Partition 1    Primary          3839 MB      0 B

======================================================================================================

Disk: 2
There is no partition selected.

There is no partition selected.
Please select a partition and try again.

======================================================================================================

==========================================================

Last Boot: 2012-05-19 00:24

======================= End Of Log ==========================

Psychotic 24.05.2012 08:29
Schritt 1: Fix mit FRST


Drücke bitte die http://larusso.trojaner-board.de/Images/windows.jpg + R Taste und schreibe notepad in das Ausführen Fenster. Kopiere nun folgenden Text aus der Code-Box in das leere Textdokument
Code:
3 FMDY; C:\Users\-----\AppData\Local\Temp\FMDY.exe [564096 2012-05-23] (Sysinternals - www.sysinternals.com)
3 RJA; C:\Users\-----\AppData\Local\Temp\RJA.exe [539520 2012-05-23] (Sysinternals - www.sysinternals.com)
3 ZSJXDG; C:\Users\-----\AppData\Local\Temp\ZSJXDG.exe [568192 2012-05-23] (Sysinternals - www.sysinternals.com)

C:\Users\-----\AppData\Local\Temp\FMDY.exe
C:\Users\-----\AppData\Local\Temp\RJA.exe
C:\Users\-----\AppData\Local\Temp\ZSJXDG.exe
Speichere diese bitte als Fixlist.txt auf deinem USB Stick.
  • Starte deinen Rechner erneut in die Reparaturoptionen
  • Starte nun die FRST.exe erneut und klicke den Fix Button.
Das Tool erstellt eine Fixlog.txt auf deinem USB Stick. Poste den Inhalt bitte hier.



Schritt 2: Combofix


Combofix darf ausschließlich ausgeführt werden, wenn dies von einem Team Mitglied angewiesen wurde!
Es sollte nie auf eigene Initiative hin ausgeführt werden! Eine falsche Benutzung kann ernsthafte Computerprobleme nach sich ziehen und eine Bereinigung der Infektion noch erschweren.
Downloade dir bitte Combofix von einem dieser Downloadspiegel

Link 1
Link 2


WICHTIG - Speichere Combofix auf deinem Desktop
  • Deaktiviere bitte all deine Anti Viren sowie Anti Malware/Spyware Scanner. Diese können Combofix bei der Arbeit stören.
Starte die Combofix.exe und folge den Anweisungen auf dem Bildschirm.

Wenn Combofix fertig ist, wird es eine Logfile erstellen. Bitte poste die C:\Combofix.txt in deiner nächsten Antwort.


Hinweis: Solltest du nach dem Neustart folgende Fehlermeldung erhalten
Zitat:
Es wurde versucht, einen Registrierungsschlüssel einem ungültigen Vorgang zu unterziehen, der zum Löschen markiert wurde.
starte den Rechner einfach neu. Dies sollte das Problem beheben.

ThimoS. 24.05.2012 10:55
Frst: (benutzer vorher reineditiert)

Code:
Fix result of Farbar Recovery Tool (FRST written by farbar) Version: 23-05-2012 02
Ran by SYSTEM at 2012-05-24 10:50:41 Run:2
Running from H:\

==============================================

FMDY service not found.
RJA service not found.
ZSJXDG service not found.
C:\Users\---\AppData\Local\Temp\FMDY.exe not found.
C:\Users\---\AppData\Local\Temp\RJA.exe not found.
C:\Users\---\AppData\Local\Temp\ZSJXDG.exe not found.

==== End of Fixlog ====

Combofix:

[code]
Combofix Logfile:
Code:
ComboFix 12-05-23.06 - --- 24/05/2012  11:07:21.3.1 - x86
Running from: e:\dwnlds\ComboFix.exe
 * Created a new restore point
.
.
(((((((((((((((((((((((((  Files Created from 2012-04-24 to 2012-05-24  )))))))))))))))))))))))))))))))
.
.
2012-05-24 09:34 . 2012-05-24 09:34        --------        d-----w-        c:\users\Default\AppData\Local\temp
2012-05-24 08:53 . 2012-05-24 08:53        56200        ----a-w-        c:\programdata\Microsoft\Windows Defender\Definition Updates\{B925106A-176E-4833-9007-DA752802C034}\offreg.dll
2012-05-24 06:32 . 2012-05-24 06:34        --------        d-----w-        C:\FRST
2012-05-24 02:34 . 2012-05-24 02:34        --------        d-----w-        C:\Boot
2012-05-23 20:48 . 2012-05-24 09:34        --------        d-----w-        c:\users\---\AppData\Local\Temp
2012-05-23 13:54 . 2012-05-23 13:55        --------        d-----w-        c:\program files\SUPERAntiSpyware
2012-05-23 13:54 . 2012-05-23 13:54        --------        d-----w-        c:\program files\Common Files\Wise Installation Wizard
2012-05-22 13:12 . 2012-05-22 13:12        --------        d-----w-        c:\users\---\AppData\Roaming\GlarySoft
2012-05-22 13:04 . 2012-05-22 13:04        --------        d-----w-        c:\program files\Uniblue
2012-05-22 12:21 . 2012-05-22 12:21        --------        d-----w-        c:\program files\Glarysoft
2012-05-21 10:12 . 2012-05-21 10:12        --------        d-----w-        c:\program files\Passcape
2012-05-18 11:58 . 2012-05-18 12:03        --------        d-----w-        c:\users\---\AppData\Roaming\Profiles
2012-05-18 11:58 . 2012-05-18 11:58        --------        d-----w-        c:\users\---\AppData\Roaming\Skins
2012-05-18 11:58 . 2012-05-18 11:58        --------        d-----w-        c:\users\---\AppData\Roaming\Settings
2012-05-18 11:58 . 2012-05-18 11:58        --------        d-----w-        c:\users\---\AppData\Roaming\Language
2012-05-10 20:37 . 2012-03-30 10:23        1291632        ----a-w-        c:\windows\system32\drivers\tcpip.sys
2012-05-10 20:37 . 2012-03-31 04:29        936960        ----a-w-        c:\program files\Common Files\Microsoft Shared\Ink\journal.dll
2012-05-10 20:37 . 2012-03-31 04:30        1221632        ----a-w-        c:\program files\Windows Journal\NBDoc.DLL
2012-05-10 20:37 . 2012-03-31 04:29        989184        ----a-w-        c:\program files\Windows Journal\JNTFiltr.dll
2012-05-10 20:37 . 2012-03-31 04:29        969216        ----a-w-        c:\program files\Windows Journal\JNWDRV.dll
2012-05-10 20:37 . 2012-03-31 04:39        3968368        ----a-w-        c:\windows\system32\ntkrnlpa.exe
2012-05-10 20:37 . 2012-03-31 04:39        3913072        ----a-w-        c:\windows\system32\ntoskrnl.exe
2012-05-10 20:37 . 2012-03-31 02:36        2343424        ----a-w-        c:\windows\system32\win32k.sys
2012-05-10 20:36 . 2012-03-17 07:27        56176        ----a-w-        c:\windows\system32\drivers\partmgr.sys
2012-05-10 20:36 . 2012-03-03 05:31        1077248        ----a-w-        c:\windows\system32\DWrite.dll
2012-05-02 18:50 . 2012-05-02 18:50        --------        d-sh--w-        c:\program files\KGB
2012-04-30 21:37 . 2012-04-30 21:37        --------        d-----w-        c:\programdata\NVIDIA Corporation
2012-04-30 21:36 . 2012-02-29 23:59        881984        ----a-w-        c:\windows\system32\nvgenco32.dll
2012-04-30 21:36 . 2012-02-29 23:59        19444544        ----a-w-        c:\windows\system32\nvoglv32.dll
2012-04-30 21:36 . 2012-02-29 23:59        1000256        ----a-w-        c:\windows\system32\nvdispco32.dll
2012-04-28 17:09 . 2012-04-28 17:09        --------        d-----w-        c:\users\---\AppData\Roaming\HD Tune Pro
2012-04-28 17:06 . 2012-04-28 17:09        --------        d-----w-        c:\program files\HDTune
2012-04-28 16:44 . 2012-04-28 16:44        --------        d-----w-        c:\users\---\AppData\Local\Western Digital
2012-04-28 16:36 . 2012-04-28 16:36        --------        d-----w-        c:\users\---\AppData\Roaming\BinarySense
2012-04-28 16:35 . 2012-04-28 16:35        --------        d-----w-        c:\program files\HdLife
2012-04-28 16:35 . 2012-04-28 16:35        --------        d-----w-        c:\program files\Common Files\BinarySense
2012-04-28 15:41 . 2001-08-29 19:00        59904        ----a-w-        c:\windows\system32\wbemdisp.tlb
2012-04-28 15:41 . 1998-07-21 22:00        102160        ----a-w-        c:\windows\system32\VB6KO.DLL
2012-04-28 15:41 . 2012-04-28 15:47        --------        d-----w-        c:\program files\lg_fwupdate
2012-04-28 15:41 . 2012-04-28 15:43        16384        ----a-w-        c:\windows\system32\lgfwunis.exe
2012-04-28 15:41 . 1998-06-23 22:00        115016        ----a-w-        c:\windows\system32\MSINET.OCX
2012-04-28 15:41 . 2001-09-05 01:18        77824        ----a-w-        c:\program files\Common Files\InstallShield\Engine\6\Intel 32\ctor.dll
2012-04-28 15:41 . 2001-09-05 01:18        225280        ------w-        c:\program files\Common Files\InstallShield\IScript\iscript.dll
2012-04-28 15:41 . 2001-09-05 01:14        176128        ------w-        c:\program files\Common Files\InstallShield\Engine\6\Intel 32\iuser.dll
2012-04-28 15:41 . 2001-09-05 01:13        32768        ------w-        c:\program files\Common Files\InstallShield\Engine\6\Intel 32\objectps.dll
2012-04-28 15:41 . 2006-01-10 21:35        614532        ----a-w-        c:\program files\Common Files\InstallShield\Engine\6\Intel 32\IKernel.exe
2012-04-28 15:32 . 2012-04-28 15:32        --------        d-----w-        c:\program files\DVD Genie
.
.
.
((((((((((((((((((((((((((((((((((((((((  Find3M Report  ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2012-05-22 13:26 . 2009-07-13 23:40        249856        ----a-w-        c:\windows\system32\uxtheme.dll
2012-05-22 13:26 . 2011-10-29 15:48        2755072        ----a-w-        c:\windows\system32\themeui.dll
2012-05-22 13:26 . 2009-07-13 23:39        37376        ----a-w-        c:\windows\system32\themeservice.dll
2012-05-10 06:54 . 2012-04-17 16:54        419488        ----a-w-        c:\windows\system32\FlashPlayerApp.exe
2012-05-10 06:54 . 2011-10-29 18:01        70304        ----a-w-        c:\windows\system32\FlashPlayerCPLApp.cpl
2012-04-08 16:35 . 2012-03-24 11:40        60416        ----a-w-        c:\windows\ALCFDRTM.VER
2012-04-04 13:56 . 2011-10-29 20:31        22344        ----a-w-        c:\windows\system32\drivers\mbam.sys
2012-03-27 12:54 . 2012-02-06 14:09        637848        ----a-w-        c:\windows\system32\npdeployJava1.dll
2012-03-27 12:54 . 2012-02-06 14:09        567696        ----a-w-        c:\windows\system32\deployJava1.dll
2012-03-24 11:40 . 2012-03-24 11:40        60416        ----a-w-        c:\windows\ALCFDRTM.EXE
2012-03-07 20:40 . 2012-03-07 20:40        1010720        --s---r-        c:\windows\system32\MSCHRT20.OCX
2012-03-01 05:46 . 2012-04-12 14:39        19824        ----a-w-        c:\windows\system32\drivers\fs_rec.sys
2012-03-01 05:37 . 2012-04-12 14:39        172544        ----a-w-        c:\windows\system32\wintrust.dll
2012-03-01 05:33 . 2012-04-12 14:39        159232        ----a-w-        c:\windows\system32\imagehlp.dll
2012-03-01 05:29 . 2012-04-12 14:39        5120        ----a-w-        c:\windows\system32\wmi.dll
2012-02-29 23:59 . 2011-11-26 23:10        61248        ----a-w-        c:\windows\system32\OpenCL.dll
2012-02-29 23:59 . 2011-11-26 23:10        5892928        ----a-w-        c:\windows\system32\nvcuda.dll
2012-02-29 23:59 . 2011-11-26 23:10        2517312        ----a-w-        c:\windows\system32\nvcuvid.dll
2012-02-29 23:59 . 2011-11-26 23:10        2437440        ----a-w-        c:\windows\system32\nvcuvenc.dll
2012-02-29 23:59 . 2011-11-26 23:10        2301248        ----a-w-        c:\windows\system32\nvapi.dll
2012-02-29 23:59 . 2011-11-26 23:10        17543488        ----a-w-        c:\windows\system32\nvcompiler.dll
2012-02-29 23:59 . 2011-11-26 23:10        10819392        ----a-w-        c:\windows\system32\drivers\nvlddmkm.sys
2012-02-29 23:59 . 2009-06-10 21:19        15009600        ----a-w-        c:\windows\system32\nvd3dum.dll
2012-02-29 20:56 . 2011-11-26 23:10        3881792        ----a-w-        c:\windows\system32\nvcpl.dll
2012-02-29 20:55 . 2011-11-26 23:10        2719040        ----a-w-        c:\windows\system32\nvsvc.dll
2012-02-29 20:53 . 2011-11-26 23:10        108352        ----a-w-        c:\windows\system32\nvmctray.dll
2012-02-29 20:53 . 2011-11-26 23:10        645440        ----a-w-        c:\windows\system32\nvvsvc.exe
2012-02-29 20:53 . 2011-11-26 23:10        62272        ----a-w-        c:\windows\system32\nvshext.dll
2012-02-28 01:18 . 2012-04-12 14:42        1799168        ----a-w-        c:\windows\system32\jscript9.dll
2012-02-28 01:11 . 2012-04-12 14:42        1427456        ----a-w-        c:\windows\system32\inetcpl.cpl
2012-02-28 01:11 . 2012-04-12 14:42        1127424        ----a-w-        c:\windows\system32\wininet.dll
2012-02-28 01:03 . 2012-04-12 14:42        2382848        ----a-w-        c:\windows\system32\mshtml.tlb
.
.
------- Sigcheck -------
Note: Unsigned files aren't necessarily malware.
.
[7] 2011-02-26 . 0FB9C74046656D1579A64660AD67B746 . 2616320 . . [6.1.7600.16385] . . c:\windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.1.7601.21669_none_54149f9ef14031fc\explorer.exe
[-] 2011-02-25 . C159B521C73AA1E786DE7CE8DB0FCDF2 . 2616320 . . [6.1.7600.16385] . . c:\windows\explorer.exe
[7] 2011-02-25 . 8B88EBBB05A0E56B7DCC708498C02B3E . 2616320 . . [6.1.7600.16385] . . c:\windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.1.7601.17567_none_5389023fd8245f84\explorer.exe
[7] 2010-11-20 . 40D777B7A95E00593EB1568C68514493 . 2616320 . . [6.1.7600.16385] . . c:\windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.1.7601.17514_none_53bc10fdd7fe87ca\explorer.exe
.
(((((((((((((((((((((((((((((((((((((  Reg Loading Points  ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\snxPluginsShell]
@="{F4B3B0AA-13D1-4a36-BDA2-2055B0F3D5DE}"
[HKEY_CLASSES_ROOT\CLSID\{F4B3B0AA-13D1-4a36-BDA2-2055B0F3D5DE}]
2010-09-07 15:14        152160        ----a-w-        c:\program files\Alwil Software\Avast5\snxPlugins.dll
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"AvastUI.exe"="c:\program files\Alwil Software\Avast5\AvastUI.exe" [2010-09-07 2838912]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 0 (0x0)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableLUA"= 0 (0x0)
"EnableUIADesktopToggle"= 0 (0x0)
"PromptOnSecureDesktop"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\explorer]
"NoResolveTrack"= 1 (0x1)
"NoFileAssociate"= 0 (0x0)
.
[hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks]
"{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}"= "c:\program files\SUPERAntiSpyware\SASSEH.DLL" [2008-05-13 77824]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\!SASWinLogon]
2009-09-03 12:21        548352        ----a-w-        c:\program files\SUPERAntiSpyware\SASWINLO.dll
.
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\session manager]
BootExecute        REG_MULTI_SZ          PDBoot.exe\0autocheck autochk *\0ROBoot \??\c:\windows\system32\ASOROSet.bin
.
R2 avast! Firewall;avast! Firewall;c:\program files\Alwil Software\Avast5\afwServ.exe [2010-09-07 119200]
R2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-03-18 130384]
R3 aswArKrn;aswArKrn;c:\users\---\AppData\Local\Temp\aswArKrn.sys [x]
R3 FsUsbExDisk;FsUsbExDisk;c:\windows\system32\FsUsbExDisk.SYS [2010-06-14 36608]
R3 HH10Help.sys;HH10Help.sys;c:\windows\system32\drivers\HH10Help.sys [2008-11-06 18432]
R3 KMWDFILTERx86;HIDServiceDesc;c:\windows\system32\DRIVERS\KMWDFILTER.sys [2009-04-29 25088]
R3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [2012-04-04 22344]
R3 MBAMService;MBAMService;c:\program files\Malwarebytes' Anti-Malware\mbamservice.exe [2012-04-04 654408]
R3 nmwcdnsu;Nokia USB Flashing Phone Parent;c:\windows\system32\drivers\nmwcdnsu.sys [2011-11-01 137600]
R3 nmwcdnsuc;Nokia USB Flashing Generic;c:\windows\system32\drivers\nmwcdnsuc.sys [2011-11-01 8576]
R3 NPF;NetGroup Packet Filter Driver;c:\windows\system32\drivers\npf.sys [2010-06-25 35088]
R3 nvUpdatusService;NVIDIA Update Service Daemon;c:\program files\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe [2012-02-29 2348352]
R3 PAC7311;Trust Webcam 14839;c:\windows\system32\DRIVERS\PA707UCM.SYS [2005-10-18 154752]
R3 RdpVideoMiniport;Remote Desktop Video Miniport Driver;c:\windows\system32\drivers\rdpvideominiport.sys [2010-11-20 15872]
R3 SASENUM;SASENUM;c:\program files\SUPERAntiSpyware\SASENUM.SYS [2009-11-11 7408]
R3 TeamViewer7;TeamViewer 7;c:\program files\TeamViewer\Version7\TeamViewer_Service.exe [2012-02-06 3027840]
R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys [2010-11-20 52224]
R3 TuneUp.UtilitiesSvc;TuneUp Utilities Service;c:\program files\TuneUp Utilities 2011\TuneUpUtilitiesService32.exe [2010-10-27 1483072]
R3 TuneUpUtilitiesDrv;TuneUpUtilitiesDrv;c:\program files\TuneUp Utilities 2011\TuneUpUtilitiesDriver32.sys [2010-10-07 10064]
R3 VC10SecS;Virtual CD v10 Management Service;c:\program files\Virtual CD v10\System\VC10SecS.exe [2010-02-24 144712]
R4 FsUsbExService;FsUsbExService;c:\windows\system32\FsUsbExService.Exe [2010-07-04 238952]
S0 aswNdis;avast! Firewall NDIS Filter Service;c:\windows\system32\DRIVERS\aswNdis.sys [2010-09-07 12112]
S0 aswNdis2;avast! Firewall Core Firewall Service; [x]
S1 aswFW;avast! TDI Firewall driver; [x]
S1 aswSnx;aswSnx; [x]
S1 aswSP;aswSP; [x]
S1 SASDIFSV;SASDIFSV;c:\program files\SUPERAntiSpyware\SASDIFSV.SYS [2009-11-11 9968]
S1 SASKUTIL;SASKUTIL;c:\program files\SUPERAntiSpyware\SASKUTIL.sys [2009-11-11 74480]
S2 aswFsBlk;aswFsBlk; [x]
S2 aswMonFlt;aswMonFlt;c:\windows\system32\drivers\aswMonFlt.sys [2010-09-07 50768]
S3 teamviewervpn;TeamViewer VPN Adapter;c:\windows\system32\DRIVERS\teamviewervpn.sys [2011-12-16 25088]
S3 yukonw7;NDIS6.2 Miniport Driver for Marvell Yukon Ethernet Controller;c:\windows\system32\DRIVERS\yk62x86.sys [2009-09-28 315392]
.
.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Svchost  - NetSvcs
UxTuneUp
.
.
------- Supplementary Scan -------
.
IE: Download with FileServe Manager - c:\program files\FileServe Manager\GetUrl.htm
IE: E&xport to Microsoft Excel - c:\progra~1\Microsoft Office\Office12\EXCEL.EXE/3000
IE: Send image to &Bluetooth Device... - c:\program files\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm
IE: Send page to &Bluetooth Device... - c:\program files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
TCP: Interfaces\{177994D8-96D5-4F24-AA0A-66B749006129}: NameServer = 208.67.222.222,208.67.220.220
.
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0001\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0002\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
Completion time: 2012-05-24  11:40:16
ComboFix-quarantined-files.txt  2012-05-24 09:40
.
Pre-Run: 38,439,657,472 bytes free
Post-Run: 38,372,478,976 bytes free
.
- - End Of File - - 90DB237722C117C74BE62CCCB856109D
--- --- ---



vieleicht sollte ich erwaehnen, das ich nach dem kaspersky tdss-killer amateurhafterweise noch das avast antiroot (aswar) hab laufen lassen, es wurden 7 eintraege gefunden und gefixed, log hab ich nicht, die namen hatten aber alle so avast aehnliche nahmen.

der desktop laesst sich auch wieder so einstellen wie gewuenscht, die explorer ansicht kann ich nach dem einsatz von glary registry repair wieder speichern.

ich nutze auch uniblue speed up my pc, das tool startet aber selbst nach einer neuinstallation nicht mehr, es wird also die registry verpfuscht sein.

Psychotic 24.05.2012 10:59
Warum tust du Dinge, ohne sie mir zu erzählen, obwohl ich ausdrücklich davon abgeraten hatte?

Du hast aswMBR ausgeführt und auf Fix geklickt? Sportlich, denn damit kannst du das System ggf. unbootbar machen! Das Tool hat eine logdatei erstellt, bitte poste die hier.

Erstelle außerdem ein neues FRST-Log, das brauche ich ebenfalls!

ThimoS. 24.05.2012 11:00
nicht aswMBR sondern aswar.exe www . avast . de/produkte/freeware/avast-antirootkit-tool . html

das logfile von dem avast tool ist nicht mehr da, das wichtigste log, ja war amateurhaft.

frst:

Code:
Scan result of Farbar Recovery Scan Tool (FRST written by farbar) Version: 23-05-2012 02
Ran by SYSTEM at 24-05-2012 12:10:45
Running from H:\
Windows 7 Enterprise  (X86) OS Language: English(US)
The current controlset is ControlSet002

========================== Registry (Whitelisted) =============

HKU\---\...\Run: [AvastUI.exe] C:\Program Files\Alwil Software\Avast5\AvastUI.exe [2838912 2010-09-07] (AVAST Software)
Winlogon\Notify\!SASWinLogon: C:\Program Files\SUPERAntiSpyware\SASWINLO.dll [X]
Tcpip\..\Interfaces\{177994D8-96D5-4F24-AA0A-66B749006129}: [NameServer]208.67.222.222,208.67.220.220

================================ Services (Whitelisted) ==================

2 avast! Antivirus; "C:\Program Files\Alwil Software\Avast5\AvastSvc.exe" [40384 2010-09-07] (AVAST Software)
2 avast! Firewall; "C:\Program Files\Alwil Software\Avast5\afwServ.exe" [119200 2010-09-07] (AVAST Software)
3 avast! Web Scanner; "C:\Program Files\Alwil Software\Avast5\AvastSvc.exe" [40384 2010-09-07] (AVAST Software)
4 FsUsbExService; C:\Windows\system32\FsUsbExService.Exe [238952 2010-07-04] (Teruten)
3 HDDlife HDD Access service; "C:\Program Files\Common Files\BinarySense\hldasvc.exe" [845640 2012-03-05] (BinarySense, Inc.)
3 MBAMService; "C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe" [654408 2012-04-04] (Malwarebytes Corporation)
3 nvUpdatusService; C:\Program Files\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe [2348352 2012-02-29] (NVIDIA Corporation)
3 PDAgent; "C:\Program Files\Raxco\PerfectDisk10\PDAgent.exe" [939272 2010-01-26] (Raxco Software, Inc.)
3 PDEngine; "C:\Program Files\Raxco\PerfectDisk10\PDEngine.exe" [1033480 2010-01-26] (Raxco Software, Inc.)
3 StorSvc; C:\Windows\System32\storsvc.dll [16384 2009-07-13] (Microsoft Corporation)
3 TeamViewer7; C:\Program Files\TeamViewer\Version7\TeamViewer_Service.exe [3027840 2012-02-05] (TeamViewer GmbH)
3 TuneUp.UtilitiesSvc; "C:\Program Files\TuneUp Utilities 2011\TuneUpUtilitiesService32.exe" [1483072 2010-10-27] (TuneUp Software)
3 UxTuneUp; C:\Windows\System32\uxtuneup.dll [29504 2010-10-27] (TuneUp Software)
3 VC10SecS; C:\Program Files\Virtual CD v10\System\VC10SecS.exe [144712 2010-02-24] (H+H Software GmbH)
3 rpcapd; "C:\Program Files\WinPcap\rpcapd.exe" -d -f "C:\Program Files\WinPcap\rpcapd.ini" [x]

========================== Drivers (Whitelisted) =============

3 ALCXWDM; C:\Windows\System32\drivers\RTKVAC.SYS [4172832 2009-06-18] (Realtek Semiconductor Corp.)
2 aswFsBlk; C:\Windows\System32\Drivers\aswFsBlk.sys [17744 2010-09-07] (AVAST Software)
1 aswFW; C:\Windows\System32\Drivers\aswFW.sys [99792 2010-09-07] (AVAST Software)
2 aswMonFlt; \??\C:\Windows\system32\drivers\aswMonFlt.sys [50768 2010-09-07] (AVAST Software)
0 aswNdis; C:\Windows\System32\DRIVERS\aswNdis.sys [12112 2010-09-07] (ALWIL Software)
0 aswNdis2; C:\Windows\System32\Drivers\aswNdis2.sys [190416 2010-09-07] (AVAST Software)
1 aswRdr; C:\Windows\System32\Drivers\aswRdr.sys [23376 2010-09-07] (AVAST Software)
1 aswSnx; C:\Windows\System32\Drivers\aswSnx.sys [340048 2010-09-07] (AVAST Software)
1 aswSP; C:\Windows\System32\Drivers\aswSP.sys [165584 2010-09-07] (AVAST Software)
1 aswTdi; C:\Windows\System32\Drivers\aswTdi.sys [46672 2010-09-07] (AVAST Software)
3 BridgeMP; C:\Windows\System32\DRIVERS\bridge.sys [78336 2009-07-13] (Microsoft Corporation)
2 DefragFS; C:\Windows\System32\Drivers\DefragFS.sys [73232 2009-08-20] (Raxco Software, Inc.)
3 FsUsbExDisk; \??\C:\Windows\system32\FsUsbExDisk.SYS [36608 2010-06-14] ()
3 HH10Help.sys; \??\C:\Windows\system32\drivers\HH10Help.sys [18432 2008-11-06] (H+H Software GmbH)
3 KMWDFILTERx86; C:\Windows\System32\DRIVERS\KMWDFILTER.sys [25088 2009-04-29] (Windows (R) Codename Longhorn DDK provider)
3 LVUSBSta; C:\Windows\System32\DRIVERS\LVUSBSta.sys [41752 2007-10-11] (Logitech Inc.)
3 MBAMProtector; \??\C:\Windows\system32\drivers\mbam.sys [22344 2012-04-04] (Malwarebytes Corporation)
3 nmwcdnsu; C:\Windows\System32\drivers\nmwcdnsu.sys [137600 2011-11-01] (Nokia)
3 nmwcdnsuc; C:\Windows\System32\drivers\nmwcdnsuc.sys [8576 2011-11-01] (Nokia)
3 NPF; C:\Windows\System32\drivers\npf.sys [35088 2010-06-25] (CACE Technologies, Inc.)
3 PAC7311; C:\Windows\System32\DRIVERS\PA707UCM.SYS [154752 2005-10-18] (PixArt Imaging Inc.)
3 pccsmcfd; C:\Windows\System32\DRIVERS\pccsmcfd.sys [18816 2008-08-26] (Nokia)
3 PID_0928; C:\Windows\System32\DRIVERS\LV561AV.SYS [490776 2007-10-11] (Logitech Inc.)
1 SASDIFSV; \??\C:\Program Files\SUPERAntiSpyware\SASDIFSV.SYS [9968 2009-11-11] (SUPERAdBlocker.com and SUPERAntiSpyware.com)
3 SASENUM; \??\C:\Program Files\SUPERAntiSpyware\SASENUM.SYS [7408 2009-11-11] ( SUPERAdBlocker.com and SUPERAntiSpyware.com)
1 SASKUTIL; \??\C:\Program Files\SUPERAntiSpyware\SASKUTIL.sys [74480 2009-11-11] (SUPERAdBlocker.com and SUPERAntiSpyware.com)
3 teamviewervpn; C:\Windows\System32\DRIVERS\teamviewervpn.sys [25088 2011-12-16] (TeamViewer GmbH)
3 TuneUpUtilitiesDrv; \??\C:\Program Files\TuneUp Utilities 2011\TuneUpUtilitiesDriver32.sys [10064 2010-10-07] (TuneUp Software)
3 UsbserFilt; C:\Windows\System32\DRIVERS\usbser_lowerfltj.sys [8192 2011-11-01] (Nokia)
3 yukonw7; C:\Windows\System32\DRIVERS\yk62x86.sys [315392 2009-09-28] ()
3 aswArKrn; \??\C:\Users\---\AppData\Local\Temp\aswArKrn.sys [x]
3 catchme; \??\C:\Users\---\AppData\Local\Temp\catchme.sys [x]
3 cmuda3; C:\Windows\System32\drivers\cmudax3.sys [x]
3 LMImirr; C:\Windows\System32\DRIVERS\LMImirr.sys [x]

========================== NetSvcs (Whitelisted) ===========
NETSVC: UxTuneUp

============ One Month Created Files and Folders ==============

2012-05-24 01:40 - 2012-05-24 01:44 - 0014661 ____A C:\ComboFix.txt
2012-05-24 01:37 - 2012-05-24 01:37 - 0000000 __SHD C:\$RECYCLE.BIN
2012-05-24 00:57 - 2012-05-24 01:40 - 0000000 ____D C:\ComboFix
2012-05-23 22:32 - 2012-05-24 12:11 - 0000000 ____D C:\FRST
2012-05-23 21:48 - 2012-05-24 01:42 - 0000894 ____A C:\Windows\PFRO.log
2012-05-23 21:48 - 2012-05-24 01:42 - 0000280 ____A C:\Windows\setupact.log
2012-05-23 21:48 - 2012-05-23 21:49 - 0411784 ____A C:\Windows\System32\FNTCACHE.DAT
2012-05-23 21:48 - 2012-05-23 21:48 - 0000000 ____A C:\Windows\setuperr.log
2012-05-23 18:30 - 2012-05-23 18:30 - 0001530 ____A C:\Windows\System32\config\aswrc1337826605.rcr
2012-05-23 08:38 - 2012-05-24 01:40 - 0000000 ____D C:\Qoobox
2012-05-23 08:05 - 2012-05-24 02:07 - 0101988 ____A C:\Windows\WindowsUpdate.log
2012-05-23 07:25 - 2012-05-23 08:05 - 0000000 ____D C:\Windows\ERDNT
2012-05-23 07:25 - 2011-06-25 22:45 - 0256000 ____A C:\Windows\PEV.exe
2012-05-23 07:25 - 2010-11-07 09:20 - 0208896 ____A C:\Windows\MBR.exe
2012-05-23 07:25 - 2009-04-19 20:56 - 0060416 ____A (NirSoft) C:\Windows\NIRCMD.exe
2012-05-23 07:25 - 2000-08-30 16:00 - 0518144 ____A (SteelWerX) C:\Windows\SWREG.exe
2012-05-23 07:25 - 2000-08-30 16:00 - 0406528 ____A (SteelWerX) C:\Windows\SWSC.exe
2012-05-23 07:25 - 2000-08-30 16:00 - 0098816 ____A C:\Windows\sed.exe
2012-05-23 07:25 - 2000-08-30 16:00 - 0080412 ____A C:\Windows\grep.exe
2012-05-23 07:25 - 2000-08-30 16:00 - 0068096 ____A C:\Windows\zip.exe
2012-05-23 05:54 - 2012-05-23 05:55 - 0000000 ____D C:\Program Files\SUPERAntiSpyware
2012-05-23 05:54 - 2012-05-23 05:54 - 0000000 ____D C:\Program Files\Common Files\Wise Installation Wizard
2012-05-23 02:20 - 2012-05-23 02:20 - 0000000 ____A C:\Users\---\defogger_reenable
2012-05-22 07:47 - 2012-05-22 07:47 - 0012982 ____A C:\Windows\System32\config\aswrc1337701662.rcr
2012-05-22 05:12 - 2012-05-22 05:12 - 0000000 ____D C:\Users\---\AppData\Roaming\GlarySoft
2012-05-22 05:04 - 2012-05-22 05:04 - 0000000 ____D C:\Program Files\Uniblue
2012-05-22 04:21 - 2012-05-22 04:21 - 0000000 ____D C:\Program Files\Glarysoft
2012-05-21 02:12 - 2012-05-21 02:12 - 0000000 ____D C:\Program Files\Passcape
2012-05-18 03:58 - 2012-05-18 03:58 - 0024165 ____A C:\Users\---\AppData\Roaming\sound.wav
2012-05-18 03:58 - 2012-05-18 03:58 - 0000000 ____D C:\Users\---\AppData\Roaming\Skins
2012-05-18 03:58 - 2012-05-18 03:58 - 0000000 ____D C:\Users\---\AppData\Roaming\Settings
2012-05-18 03:58 - 2012-05-18 03:58 - 0000000 ____D C:\Users\---\AppData\Roaming\Language
2012-05-10 12:37 - 2012-03-30 20:39 - 3968368 ____A (Microsoft Corporation) C:\Windows\System32\ntkrnlpa.exe
2012-05-10 12:37 - 2012-03-30 20:39 - 3913072 ____A (Microsoft Corporation) C:\Windows\System32\ntoskrnl.exe
2012-05-10 12:37 - 2012-03-30 18:36 - 2343424 ____A (Microsoft Corporation) C:\Windows\System32\win32k.sys
2012-05-10 12:37 - 2012-03-30 02:23 - 1291632 ____A (Microsoft Corporation) C:\Windows\System32\Drivers\tcpip.sys
2012-05-10 12:36 - 2012-03-16 23:27 - 0056176 ____A (Microsoft Corporation) C:\Windows\System32\Drivers\partmgr.sys
2012-05-10 12:36 - 2012-03-02 21:31 - 1077248 ____A (Microsoft Corporation) C:\Windows\System32\DWrite.dll
2012-05-05 04:35 - 2012-05-05 04:35 - 0000000 ____D C:\Program Files\Common Files\SpeechEngines
2012-05-05 04:35 - 2012-05-05 04:35 - 0000000 ____D C:\Program Files\Common Files\Services
2012-05-05 00:42 - 2012-05-05 00:42 - 0000000 ___SD C:\Users\---\Documents\My Data Sources
2012-05-03 10:50 - 2012-05-03 15:38 - 0002038 ___AH C:\Users\---\Documents\Default.rdp
2012-05-02 10:50 - 2012-05-02 10:50 - 0000857 ____A C:\Windows\System32\runkgb.lnk
2012-05-02 10:50 - 2012-05-02 10:50 - 0000000 __SHD C:\Program Files\KGB
2012-05-01 19:32 - 2012-05-01 19:32 - 0028278 ____A C:\Windows\System32\config\aswrc1335929570.rcr
2012-04-30 13:37 - 2012-04-30 13:37 - 0000000 ____D C:\Users\All Users\NVIDIA Corporation
2012-04-30 13:36 - 2012-02-29 15:59 - 19444544 ____A (NVIDIA Corporation) C:\Windows\System32\nvoglv32.dll
2012-04-30 13:36 - 2012-02-29 15:59 - 1000256 ____A (NVIDIA Corporation) C:\Windows\System32\nvdispco32.dll
2012-04-30 13:36 - 2012-02-29 15:59 - 0881984 ____A (NVIDIA Corporation) C:\Windows\System32\nvgenco32.dll
2012-04-28 09:09 - 2012-04-28 09:09 - 0000000 ____D C:\Users\---\AppData\Roaming\HD Tune Pro
2012-04-28 09:06 - 2012-04-28 09:09 - 0000000 ____D C:\Program Files\HDTune
2012-04-28 08:44 - 2012-04-28 08:44 - 0000000 ____D C:\Users\---\AppData\Local\Western Digital
2012-04-28 08:36 - 2012-04-28 08:36 - 0000000 ____D C:\Users\---\AppData\Roaming\BinarySense
2012-04-28 08:35 - 2012-04-28 08:35 - 0000000 ____D C:\Program Files\HdLife
2012-04-28 08:35 - 2012-04-28 08:35 - 0000000 ____D C:\Program Files\Common Files\BinarySense
2012-04-28 07:47 - 2012-04-28 07:47 - 0000078 ____A C:\Windows\lgfwup.txt
2012-04-28 07:41 - 2012-04-28 07:47 - 0000310 ____A C:\Windows\lgfwup.ini
2012-04-28 07:41 - 2012-04-28 07:47 - 0000000 ____D C:\Program Files\lg_fwupdate
2012-04-28 07:41 - 2012-04-28 07:43 - 0016384 ____A (BitLeader) C:\Windows\System32\lgfwunis.exe
2012-04-28 07:41 - 2001-08-29 11:00 - 0059904 ____A (Microsoft Corporation) C:\Windows\System32\wbemdisp.tlb
2012-04-28 07:41 - 1998-07-21 14:00 - 0102160 ____A (Microsoft Corporation) C:\Windows\System32\VB6KO.DLL
2012-04-28 07:41 - 1998-06-23 14:00 - 0115016 ____A (Microsoft Corporation) C:\Windows\System32\MSINET.OCX
2012-04-28 07:32 - 2012-04-28 07:32 - 0000000 ____D C:\Program Files\DVD Genie

============ 3 Months Modified Files and Folders ===============

2012-05-24 12:11 - 2012-05-23 22:32 - 0000000 ____D C:\FRST
2012-05-24 12:10 - 2009-07-13 18:37 - 0000000 ____D C:\Windows\System32\LogFiles
2012-05-24 02:07 - 2012-05-23 08:05 - 0101988 ____A C:\Windows\WindowsUpdate.log
2012-05-24 01:44 - 2012-05-24 01:40 - 0014661 ____A C:\ComboFix.txt
2012-05-24 01:42 - 2012-05-23 21:48 - 0000894 ____A C:\Windows\PFRO.log
2012-05-24 01:42 - 2012-05-23 21:48 - 0000280 ____A C:\Windows\setupact.log
2012-05-24 01:42 - 2009-07-13 20:53 - 0000006 ___AH C:\Windows\Tasks\SA.DAT
2012-05-24 01:40 - 2012-05-24 00:57 - 0000000 ____D C:\ComboFix
2012-05-24 01:40 - 2012-05-23 08:38 - 0000000 ____D C:\Qoobox
2012-05-24 01:37 - 2012-05-24 01:37 - 0000000 __SHD C:\$RECYCLE.BIN
2012-05-24 01:34 - 2009-07-13 18:04 - 0000215 ____A C:\Windows\system.ini
2012-05-23 21:49 - 2012-05-23 21:48 - 0411784 ____A C:\Windows\System32\FNTCACHE.DAT
2012-05-23 21:48 - 2012-05-23 21:48 - 0000000 ____A C:\Windows\setuperr.log
2012-05-23 18:30 - 2012-05-23 18:30 - 0001530 ____A C:\Windows\System32\config\aswrc1337826605.rcr
2012-05-23 14:13 - 2011-10-30 12:38 - 0000000 ____D C:\Users\---\AppData\Roaming\SPlayer
2012-05-23 12:03 - 2011-10-29 10:11 - 0000107 ____A C:\Windows\System32\_WKERNEL.SYL
2012-05-23 09:25 - 2009-07-13 18:37 - 0000000 ___RD C:\users\Public
2012-05-23 09:17 - 2009-07-13 18:04 - 0000027 ____A C:\Windows\System32\Drivers\etc\hosts
2012-05-23 08:44 - 2009-07-13 20:34 - 0014544 ___AH C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2012-05-23 08:44 - 2009-07-13 20:34 - 0014544 ___AH C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2012-05-23 08:05 - 2012-05-23 07:25 - 0000000 ____D C:\Windows\ERDNT
2012-05-23 05:55 - 2012-05-23 05:54 - 0000000 ____D C:\Program Files\SUPERAntiSpyware
2012-05-23 05:54 - 2012-05-23 05:54 - 0000000 ____D C:\Program Files\Common Files\Wise Installation Wizard
2012-05-23 05:54 - 2012-02-01 10:19 - 0000000 ____D C:\Users\---\AppData\Roaming\SUPERAntiSpyware.com
2012-05-23 04:58 - 2011-10-29 07:21 - 0000000 ___RD C:\Users\---\Desktop\Clnr
2012-05-23 02:20 - 2012-05-23 02:20 - 0000000 ____A C:\Users\---\defogger_reenable
2012-05-23 02:20 - 2011-10-29 05:58 - 0000000 ____D C:\users\---
2012-05-22 12:18 - 2011-12-17 09:16 - 0000000 ____D C:\Users\---\AppData\Roaming\Skype
2012-05-22 08:11 - 2012-01-14 11:03 - 0000000 ____D C:\Users\---\AppData\Roaming\Mozilla
2012-05-22 07:47 - 2012-05-22 07:47 - 0012982 ____A C:\Windows\System32\config\aswrc1337701662.rcr
2012-05-22 05:26 - 2011-10-29 07:48 - 2755072 ____A (Microsoft Corporation) C:\Windows\System32\themeui.dll
2012-05-22 05:26 - 2009-07-13 15:40 - 0249856 ____A (Microsoft Corporation) C:\Windows\System32\uxtheme.dll
2012-05-22 05:26 - 2009-07-13 15:39 - 0037376 ____A (Microsoft Corporation) C:\Windows\System32\themeservice.dll
2012-05-22 05:12 - 2012-05-22 05:12 - 0000000 ____D C:\Users\---\AppData\Roaming\GlarySoft
2012-05-22 05:04 - 2012-05-22 05:04 - 0000000 ____D C:\Program Files\Uniblue
2012-05-22 04:21 - 2012-05-22 04:21 - 0000000 ____D C:\Program Files\Glarysoft
2012-05-22 04:12 - 2011-12-06 09:56 - 0013824 ____A C:\Users\---\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
2012-05-21 03:12 - 2011-10-29 06:03 - 0730320 ____A C:\Windows\System32\PerfStringBackup.INI
2012-05-21 02:12 - 2012-05-21 02:12 - 0000000 ____D C:\Program Files\Passcape
2012-05-20 10:27 - 2012-03-23 08:36 - 0000000 ___RD C:\Users\---\Desktop\Misc
2012-05-18 03:58 - 2012-05-18 03:58 - 0024165 ____A C:\Users\---\AppData\Roaming\sound.wav
2012-05-18 03:58 - 2012-05-18 03:58 - 0000000 ____D C:\Users\---\AppData\Roaming\Skins
2012-05-18 03:58 - 2012-05-18 03:58 - 0000000 ____D C:\Users\---\AppData\Roaming\Settings
2012-05-18 03:58 - 2012-05-18 03:58 - 0000000 ____D C:\Users\---\AppData\Roaming\Language
2012-05-14 02:50 - 2011-10-29 10:04 - 0000000 ____D C:\Program Files\IrfanView
2012-05-11 04:48 - 2009-07-13 18:37 - 0000000 ____D C:\Windows\Microsoft.NET
2012-05-10 12:44 - 2009-07-13 23:20 - 0000000 ____D C:\Program Files\Windows Journal
2012-05-09 22:54 - 2012-04-17 08:54 - 0419488 ____A (Adobe Systems Incorporated) C:\Windows\System32\FlashPlayerApp.exe
2012-05-09 22:54 - 2011-10-29 10:01 - 0070304 ____A (Adobe Systems Incorporated) C:\Windows\System32\FlashPlayerCPLApp.cpl
2012-05-07 04:00 - 2009-07-13 18:37 - 0000000 ____D C:\Windows\System32\NDF
2012-05-07 03:30 - 2009-07-13 18:37 - 0000000 ____D C:\Windows\System32\config\TxR
2012-05-07 00:35 - 2012-01-20 09:08 - 0000000 ____D C:\Users\---\AppData\Roaming\FileZilla
2012-05-05 06:44 - 2011-10-29 05:58 - 3145728 ____A C:\Users\---\NTUSER.bak
2012-05-05 06:44 - 2009-07-13 18:03 - 44826624 ____A C:\Windows\System32\config\SOFTWARE.bak
2012-05-05 06:44 - 2009-07-13 18:03 - 14155776 ____A C:\Windows\System32\config\SYSTEM.bak
2012-05-05 06:44 - 2009-07-13 18:03 - 0262144 ____A C:\Windows\System32\config\DEFAULT.bak
2012-05-05 06:44 - 2009-07-13 18:03 - 0061440 ____A C:\Windows\System32\config\SAM.bak
2012-05-05 06:44 - 2009-07-13 18:03 - 0028672 ____A C:\Windows\System32\config\SECURITY.bak
2012-05-05 06:40 - 2011-10-29 14:38 - 0035840 __ASH C:\Windows\System32\config\SYSTEM.tmp.LOG1
2012-05-05 05:06 - 2011-12-30 07:40 - 0007605 ____A C:\Users\---\AppData\Local\Resmon.ResmonCfg
2012-05-05 04:56 - 2009-07-13 18:37 - 0000000 ____D C:\Windows\Resources
2012-05-05 04:35 - 2012-05-05 04:35 - 0000000 ____D C:\Program Files\Common Files\SpeechEngines
2012-05-05 04:35 - 2012-05-05 04:35 - 0000000 ____D C:\Program Files\Common Files\Services
2012-05-05 04:35 - 2012-01-29 11:08 - 0000000 ____D C:\Program Files\Common Files\SYSTEM
2012-05-05 04:35 - 2012-01-29 11:07 - 0000000 ____D C:\Program Files\Common Files\Microsoft Shared
2012-05-05 00:42 - 2012-05-05 00:42 - 0000000 ___SD C:\Users\---\Documents\My Data Sources
2012-05-03 15:38 - 2012-05-03 10:50 - 0002038 ___AH C:\Users\---\Documents\Default.rdp
2012-05-03 08:38 - 2011-10-29 09:53 - 0000000 ____D C:\Program Files\SRWare Iron
2012-05-02 10:50 - 2012-05-02 10:50 - 0000857 ____A C:\Windows\System32\runkgb.lnk
2012-05-02 10:50 - 2012-05-02 10:50 - 0000000 __SHD C:\Program Files\KGB
2012-05-01 19:32 - 2012-05-01 19:32 - 0028278 ____A C:\Windows\System32\config\aswrc1335929570.rcr
2012-05-01 10:39 - 2009-07-13 18:37 - 0000000 ____D C:\Windows\SchCache
2012-05-01 09:51 - 2011-10-29 12:31 - 0000000 ____D C:\Program Files\Malwarebytes' Anti-Malware
2012-04-30 13:37 - 2012-04-30 13:37 - 0000000 ____D C:\Users\All Users\NVIDIA Corporation
2012-04-30 13:37 - 2011-11-26 15:10 - 0000000 ____D C:\Users\All Users\NVIDIA
2012-04-30 13:37 - 2011-11-26 15:09 - 0000000 ____D C:\Program Files\NVIDIA Corporation
2012-04-30 13:37 - 2009-07-13 18:37 - 0000000 ____D C:\Windows\System32\DriverStore
2012-04-30 03:45 - 2009-07-13 20:53 - 0032608 ____A C:\Windows\Tasks\SCHEDLGU.TXT
2012-04-28 09:09 - 2012-04-28 09:09 - 0000000 ____D C:\Users\---\AppData\Roaming\HD Tune Pro
2012-04-28 09:09 - 2012-04-28 09:06 - 0000000 ____D C:\Program Files\HDTune
2012-04-28 08:44 - 2012-04-28 08:44 - 0000000 ____D C:\Users\---\AppData\Local\Western Digital
2012-04-28 08:36 - 2012-04-28 08:36 - 0000000 ____D C:\Users\---\AppData\Roaming\BinarySense
2012-04-28 08:35 - 2012-04-28 08:35 - 0000000 ____D C:\Program Files\HdLife
2012-04-28 08:35 - 2012-04-28 08:35 - 0000000 ____D C:\Program Files\Common Files\BinarySense
2012-04-28 07:47 - 2012-04-28 07:47 - 0000078 ____A C:\Windows\lgfwup.txt
2012-04-28 07:47 - 2012-04-28 07:41 - 0000310 ____A C:\Windows\lgfwup.ini
2012-04-28 07:47 - 2012-04-28 07:41 - 0000000 ____D C:\Program Files\lg_fwupdate
2012-04-28 07:43 - 2012-04-28 07:41 - 0016384 ____A (BitLeader) C:\Windows\System32\lgfwunis.exe
2012-04-28 07:41 - 2012-04-01 11:28 - 0000000 ____D C:\Program Files\Common Files\InstallShield
2012-04-28 07:41 - 2011-11-11 10:57 - 0000000 ___HD C:\Program Files\InstallShield Installation Information
2012-04-28 07:32 - 2012-04-28 07:32 - 0000000 ____D C:\Program Files\DVD Genie
2012-04-26 03:57 - 2012-01-13 16:22 - 0000000 ____D C:\Users\---\AppData\Roaming\Bitcoin
2012-04-25 06:48 - 2011-10-29 07:24 - 0000000 ____D C:\Program Files\CCleaner
2012-04-19 06:32 - 2012-04-19 06:32 - 0000000 ____D C:\Users\---\AppData\Local\Apps\2.0
2012-04-18 12:52 - 2012-04-18 12:52 - 0708132 ____A C:\Windows\System32\config\aswrc1334782341.rcr
2012-04-18 10:25 - 2012-01-04 15:51 - 0000000 ____D C:\Program Files\WinPcap
2012-04-18 02:23 - 2009-07-13 18:04 - 0002577 ____A C:\Windows\System32\config.nt
2012-04-18 02:22 - 2012-04-18 02:22 - 0000000 ____D C:\Users\All Users\Alwil Software
2012-04-18 02:22 - 2012-04-18 02:22 - 0000000 ____D C:\Program Files\Alwil Software
2012-04-14 03:45 - 2012-04-14 03:45 - 0000641 ____A C:\Users\---\Desktop\Dwnlds.lnk
2012-04-12 07:02 - 2009-07-13 18:03 - 12582912 ____A C:\Windows\System32\config\COMPONENTS.bak
2012-04-11 10:10 - 2012-04-11 10:08 - 0000000 ____D C:\Users\---\Documents\Command and Conquer Generals Data
2012-04-09 04:40 - 2012-04-09 02:28 - 0000000 ____D C:\Program Files\DVDFab 8 Qt
2012-04-09 04:30 - 2012-04-09 04:30 - 0000000 ____D C:\Users\All Users\vsosdk
2012-04-09 02:33 - 2012-04-09 02:33 - 0000000 ____D C:\Users\All Users\dvdfab
2012-04-09 02:32 - 2012-04-09 02:28 - 0000000 ____D C:\Users\---\Documents\DVDFab
2012-04-08 08:35 - 2012-03-24 03:40 - 0060416 ____A (Realtek Semiconductor Corp.) C:\Windows\ALCFDRTM.VER
2012-04-04 10:51 - 2012-04-04 10:51 - 0000000 ____D C:\Users\---\New folder
2012-04-04 06:20 - 2012-04-04 06:20 - 0000000 ____D C:\Users\---\AppData\Roaming\MozillaControl
2012-04-04 05:56 - 2011-10-29 12:31 - 0022344 ____A (Malwarebytes Corporation) C:\Windows\System32\Drivers\mbam.sys
2012-04-03 06:29 - 2012-04-01 11:40 - 0000000 ____D C:\Users\---\Documents\Command and Conquer Generals Zero Hour Data
2012-04-02 03:41 - 2012-04-01 11:38 - 0000000 ___RD C:\Users\---\Desktop\Gms
2012-04-01 11:37 - 2012-04-01 11:31 - 0000977 ____A C:\Windows\eReg.dat
2012-04-01 11:18 - 2012-04-01 11:18 - 0000632 ____A C:\Users\---\Desktop\Ntwrk.lnk
2012-03-30 20:39 - 2012-05-10 12:37 - 3968368 ____A (Microsoft Corporation) C:\Windows\System32\ntkrnlpa.exe
2012-03-30 20:39 - 2012-05-10 12:37 - 3913072 ____A (Microsoft Corporation) C:\Windows\System32\ntoskrnl.exe
2012-03-30 18:36 - 2012-05-10 12:37 - 2343424 ____A (Microsoft Corporation) C:\Windows\System32\win32k.sys
2012-03-30 11:38 - 2012-03-22 07:25 - 0000000 ____D C:\Users\All Users\NokiaInstallerCache
2012-03-30 02:23 - 2012-05-10 12:37 - 1291632 ____A (Microsoft Corporation) C:\Windows\System32\Drivers\tcpip.sys
2012-03-29 08:01 - 2012-03-29 08:01 - 0000000 ___AH C:\Windows\System32\Drivers\Msft_User_WpdMtpDr_01_09_00.Wdf
2012-03-28 10:06 - 2011-10-29 14:02 - 0000000 ____D C:\Users\---\AppData\Local\IM
2012-03-27 06:32 - 2012-03-27 06:28 - 0000000 ____D C:\Users\---\AppData\Roaming\WordToPDF
2012-03-27 06:31 - 2012-03-27 06:31 - 0000000 ____D C:\Program Files\gs
2012-03-27 06:28 - 2012-03-27 06:28 - 0000000 ____D C:\Program Files\WordToPDF
2012-03-27 05:21 - 2012-03-27 04:54 - 0000000 ____D C:\Program Files\Java
2012-03-27 04:58 - 2012-02-06 17:43 - 0000000 ____D C:\Windows\Sun
2012-03-27 04:54 - 2012-03-27 04:54 - 0224136 ____A (Oracle Corporation) C:\Windows\System32\javaws.exe
2012-03-27 04:54 - 2012-03-27 04:54 - 0173960 ____A (Oracle Corporation) C:\Windows\System32\javaw.exe
2012-03-27 04:54 - 2012-03-27 04:54 - 0173960 ____A (Oracle Corporation) C:\Windows\System32\java.exe
2012-03-27 04:54 - 2012-03-27 04:54 - 0000000 ____D C:\Users\All Users\Sun
2012-03-27 04:54 - 2012-03-27 04:54 - 0000000 ____D C:\Program Files\Common Files\Java
2012-03-27 04:54 - 2012-02-06 06:09 - 0637848 ____A (Oracle Corporation) C:\Windows\System32\npdeployJava1.dll
2012-03-27 04:54 - 2012-02-06 06:09 - 0567696 ____A (Oracle Corporation) C:\Windows\System32\deployJava1.dll
2012-03-24 03:40 - 2012-03-24 03:40 - 0060416 ____A (Realtek Semiconductor Corp.) C:\Windows\ALCFDRTM.EXE
2012-03-24 03:16 - 2012-03-24 03:16 - 0000000 ____D C:\Windows\PixArt
2012-03-24 03:16 - 2009-07-13 20:52 - 0000000 ____D C:\Windows\twain_32
2012-03-24 02:19 - 2009-07-13 18:37 - 0000000 ____D C:\Windows\system
2012-03-22 12:03 - 2011-10-30 08:56 - 0000000 ____D C:\Program Files\Samsung
2012-03-22 12:02 - 2012-03-22 12:02 - 0000000 ____D C:\Users\---\Documents\Samsung
2012-03-22 12:02 - 2012-03-22 12:02 - 0000000 ____D C:\Users\---\Documents\My NPS Files
2012-03-22 12:02 - 2012-03-22 12:02 - 0000000 ____D C:\Users\---\AppData\Roaming\Samsung
2012-03-22 12:02 - 2012-03-22 12:02 - 0000000 ____D C:\Users\All Users\Samsung
2012-03-22 12:01 - 2012-03-22 12:01 - 0000000 ____D C:\Program Files\MarkAny
2012-03-22 11:23 - 2012-03-22 11:23 - 0000000 ____D C:\Users\---\AppData\Local\Downloaded Installations
2012-03-22 10:07 - 2009-07-13 18:37 - 0000000 ____D C:\Windows\ModemLogs
2012-03-22 07:53 - 2012-03-22 07:53 - 0000000 ____D C:\Users\---\Documents\Nokia Suite
2012-03-22 07:44 - 2012-03-22 07:44 - 0000000 ____D C:\Users\---\AppData\Roaming\Nokia Suite
2012-03-22 07:44 - 2012-03-22 07:29 - 0000000 ____D C:\Users\---\AppData\Roaming\Nokia
2012-03-22 07:42 - 2012-03-22 07:29 - 0000000 ____D C:\Users\---\AppData\Roaming\PC Suite
2012-03-22 07:42 - 2012-03-22 07:29 - 0000000 ____D C:\Users\---\AppData\Local\NokiaAccount
2012-03-22 07:32 - 2012-03-22 07:29 - 0000000 ____D C:\Users\All Users\PC Suite
2012-03-22 07:29 - 2012-03-22 07:29 - 0000000 ____D C:\Users\---\AppData\Local\Nokia
2012-03-22 07:28 - 2012-03-22 07:28 - 0000000 ____D C:\Users\All Users\Nokia
2012-03-22 07:28 - 2012-03-22 07:28 - 0000000 ____D C:\Program Files\Common Files\Nokia
2012-03-22 07:28 - 2012-03-22 07:25 - 0000000 ____D C:\Program Files\Nokia
2012-03-22 07:26 - 2012-03-22 07:26 - 0000000 ____D C:\Program Files\PC Connectivity Solution
2012-03-22 07:12 - 2012-03-22 07:12 - 0000000 ____D C:\Users\---\Documents\Bluetooth Exchange Folder
2012-03-22 07:12 - 2012-03-22 07:12 - 0000000 ____D C:\Users\---\Bluetooth Software
2012-03-22 07:10 - 2012-03-22 07:10 - 0000000 ____D C:\Windows\System32\es-MX
2012-03-22 07:10 - 2012-03-22 07:10 - 0000000 ____D C:\Windows\System32\es-AR
2012-03-22 07:10 - 2012-03-22 07:10 - 0000000 ____D C:\Program Files\WIDCOMM
2012-03-22 07:10 - 2009-07-13 18:37 - 0000000 ____D C:\Windows\System32\zh-TW
2012-03-22 07:10 - 2009-07-13 18:37 - 0000000 ____D C:\Windows\System32\zh-CN
2012-03-22 07:10 - 2009-07-13 18:37 - 0000000 ____D C:\Windows\System32\sv-SE
2012-03-22 07:10 - 2009-07-13 18:37 - 0000000 ____D C:\Windows\System32\ru-RU
2012-03-22 07:10 - 2009-07-13 18:37 - 0000000 ____D C:\Windows\System32\pt-BR
2012-03-22 07:10 - 2009-07-13 18:37 - 0000000 ____D C:\Windows\System32\pl-PL
2012-03-22 07:10 - 2009-07-13 18:37 - 0000000 ____D C:\Windows\System32\nl-NL
2012-03-22 07:10 - 2009-07-13 18:37 - 0000000 ____D C:\Windows\System32\nb-NO
2012-03-22 07:10 - 2009-07-13 18:37 - 0000000 ____D C:\Windows\System32\ko-KR
2012-03-22 07:10 - 2009-07-13 18:37 - 0000000 ____D C:\Windows\System32\ja-JP
2012-03-22 07:10 - 2009-07-13 18:37 - 0000000 ____D C:\Windows\System32\it-IT
2012-03-22 07:10 - 2009-07-13 18:37 - 0000000 ____D C:\Windows\System32\fr-FR
2012-03-22 07:10 - 2009-07-13 18:37 - 0000000 ____D C:\Windows\System32\fi-FI
2012-03-22 07:10 - 2009-07-13 18:37 - 0000000 ____D C:\Windows\System32\de-DE
2012-03-18 12:11 - 2012-03-18 12:11 - 0000000 ____D C:\Program Files\PantsOff
2012-03-17 03:14 - 2012-03-17 03:14 - 0000000 ___HD C:\Users\All Users\CanonBJ
2012-03-17 02:13 - 2011-10-29 14:02 - 0000000 ____D C:\Users\All Users\IM
2012-03-16 23:27 - 2012-05-10 12:36 - 0056176 ____A (Microsoft Corporation) C:\Windows\System32\Drivers\partmgr.sys
2012-03-11 02:49 - 2012-03-07 11:44 - 0000000 ____D C:\Users\---\AppData\Roaming\Notepad++
2012-03-07 13:10 - 2012-02-28 11:30 - 0000000 ____D C:\Users\---\AppData\Roaming\TeamViewer
2012-03-07 12:40 - 2012-03-07 12:40 - 1010720 ___RS (Microsoft Corporation) C:\Windows\System32\MSCHRT20.OCX
2012-03-07 12:40 - 2012-03-07 12:40 - 0000000 ____D C:\Program Files\Technitium
2012-03-07 11:04 - 2012-03-07 11:04 - 0002252 ____R C:\Windows\RouterControl_Uninstall.in
2012-03-04 15:33 - 2012-03-04 15:33 - 1123304 ____A C:\Windows\System32\config\aswrc1330904033.rcr
2012-03-02 21:31 - 2012-05-10 12:36 - 1077248 ____A (Microsoft Corporation) C:\Windows\System32\DWrite.dll
2012-02-29 21:46 - 2012-04-12 06:39 - 0019824 ____A (Microsoft Corporation) C:\Windows\System32\Drivers\fs_rec.sys
2012-02-29 21:37 - 2012-04-12 06:39 - 0172544 ____A (Microsoft Corporation) C:\Windows\System32\wintrust.dll
2012-02-29 21:33 - 2012-04-12 06:39 - 0159232 ____A (Microsoft Corporation) C:\Windows\System32\imagehlp.dll
2012-02-29 21:29 - 2012-04-12 06:39 - 0005120 ____A (Microsoft Corporation) C:\Windows\System32\wmi.dll
2012-02-29 15:59 - 2012-04-30 13:36 - 19444544 ____A (NVIDIA Corporation) C:\Windows\System32\nvoglv32.dll
2012-02-29 15:59 - 2012-04-30 13:36 - 1000256 ____A (NVIDIA Corporation) C:\Windows\System32\nvdispco32.dll
2012-02-29 15:59 - 2012-04-30 13:36 - 0881984 ____A (NVIDIA Corporation) C:\Windows\System32\nvgenco32.dll
2012-02-29 15:59 - 2011-11-26 15:10 - 5892928 ____A (NVIDIA Corporation) C:\Windows\System32\nvcuda.dll
2012-02-29 15:59 - 2011-11-26 15:10 - 2517312 ____A (NVIDIA Corporation) C:\Windows\System32\nvcuvid.dll
2012-02-29 15:59 - 2011-11-26 15:10 - 2437440 ____A (NVIDIA Corporation) C:\Windows\System32\nvcuvenc.dll
2012-02-29 15:59 - 2011-11-26 15:10 - 2301248 ____A (NVIDIA Corporation) C:\Windows\System32\nvapi.dll
2012-02-29 15:59 - 2011-11-26 15:10 - 17543488 ____A (NVIDIA Corporation) C:\Windows\System32\nvcompiler.dll
2012-02-29 15:59 - 2011-11-26 15:10 - 10819392 ____A (NVIDIA Corporation) C:\Windows\System32\Drivers\nvlddmkm.sys
2012-02-29 15:59 - 2011-11-26 15:10 - 0061248 ____A (Khronos Group) C:\Windows\System32\OpenCL.dll
2012-02-29 15:59 - 2011-11-26 15:10 - 0008772 ____A C:\Windows\System32\nvinfo.pb
2012-02-29 15:59 - 2009-06-10 13:19 - 15009600 ____A (NVIDIA Corporation) C:\Windows\System32\nvd3dum.dll
2012-02-29 12:56 - 2011-11-26 15:10 - 3881792 ____A (NVIDIA Corporation) C:\Windows\System32\nvcpl.dll
2012-02-29 12:55 - 2011-11-26 15:10 - 2719040 ____A (NVIDIA Corporation) C:\Windows\System32\nvsvc.dll
2012-02-29 12:53 - 2011-11-26 15:10 - 0645440 ____A (NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe
2012-02-29 12:53 - 2011-11-26 15:10 - 0108352 ____A (NVIDIA Corporation) C:\Windows\System32\nvmctray.dll
2012-02-29 12:53 - 2011-11-26 15:10 - 0062272 ____A (NVIDIA Corporation) C:\Windows\System32\nvshext.dll
2012-02-28 11:28 - 2012-02-28 11:28 - 0000000 ____D C:\Program Files\TeamViewer
2012-02-27 23:40 - 2012-02-27 23:40 - 0000000 ____D C:\Program Files\Notepad++
2012-02-27 17:52 - 2012-04-12 06:42 - 12281856 ____A (Microsoft Corporation) C:\Windows\System32\mshtml.dll
2012-02-27 17:27 - 2012-04-12 06:42 - 9705984 ____A (Microsoft Corporation) C:\Windows\System32\ieframe.dll
2012-02-27 17:18 - 2012-04-12 06:42 - 1799168 ____A (Microsoft Corporation) C:\Windows\System32\jscript9.dll
2012-02-27 17:12 - 2012-04-12 06:42 - 1103360 ____A (Microsoft Corporation) C:\Windows\System32\urlmon.dll
2012-02-27 17:11 - 2012-04-12 06:42 - 1427456 ____A (Microsoft Corporation) C:\Windows\System32\inetcpl.cpl
2012-02-27 17:11 - 2012-04-12 06:42 - 1127424 ____A (Microsoft Corporation) C:\Windows\System32\wininet.dll
2012-02-27 17:09 - 2012-04-12 06:42 - 0231936 ____A (Microsoft Corporation) C:\Windows\System32\url.dll
2012-02-27 17:08 - 2012-04-12 06:42 - 0065024 ____A (Microsoft Corporation) C:\Windows\System32\jsproxy.dll
2012-02-27 17:06 - 2012-04-12 06:42 - 0716800 ____A (Microsoft Corporation) C:\Windows\System32\jscript.dll
2012-02-27 17:04 - 2012-04-12 06:42 - 1792000 ____A (Microsoft Corporation) C:\Windows\System32\iertutil.dll
2012-02-27 17:03 - 2012-04-12 06:42 - 2382848 ____A (Microsoft Corporation) C:\Windows\System32\mshtml.tlb
2012-02-27 17:03 - 2012-04-12 06:42 - 0072704 ____A (Microsoft Corporation) C:\Windows\System32\mshtmled.dll
2012-02-27 16:59 - 2012-04-12 06:42 - 0176640 ____A (Microsoft Corporation) C:\Windows\System32\ieui.dll

========================= Known DLLs (Whitelisted) ============


========================= Bamital & volsnap Check ============

C:\Windows\explorer.exe
[2011-10-29 06:48] - [2011-02-24 21:30] - 2616320 ____A (Microsoft Corporation) C159B521C73AA1E786DE7CE8DB0FCDF2

C:\Windows\System32\winlogon.exe => MD5 is legit

C:\Windows\System32\wininit.exe => MD5 is legit

C:\Windows\System32\svchost.exe => MD5 is legit

C:\Windows\System32\User32.dll => MD5 is legit

C:\Windows\System32\userinit.exe => MD5 is legit

C:\Windows\System32\Drivers\volsnap.sys => MD5 is legit

==================== EXE ASSOCIATION =====================

HKLM\...\.exe: exefile => OK
HKLM\...\exefile\DefaultIcon: %1 => OK
HKLM\...\exefile\open\command: "%1" %* => OK

========================= Memory info ======================

Percentage of memory in use: 17%
Total physical RAM: 2559.56 MB
Available physical RAM: 2120.11 MB
Total Pagefile: 2555.77 MB
Available Pagefile: 2125.68 MB
Total Virtual: 2047.88 MB
Available Virtual: 1968.48 MB

======================= Partitions =========================

1 Drive c: (Main) (Fixed) (Total:55.91 GB) (Free:35.75 GB) NTFS ==>[Drive with boot components (obtained from BCD)]
2 Drive d: (Data) (Fixed) (Total:37.26 GB) (Free:14.66 GB) NTFS
3 Drive e: (Dwnlds) (Fixed) (Total:55.9 GB) (Free:39.88 GB) NTFS
4 Drive f: (GRMCULFRER_EN_DVD) (CDROM) (Total:3.73 GB) (Free:0 GB) UDF
6 Drive h: (AVAST) (Removable) (Total:3.74 GB) (Free:3.74 GB) FAT32
7 Drive x: (Boot) (Fixed) (Total:0.03 GB) (Free:0.03 GB) NTFS

  Disk ###  Status        Size    Free    Dyn  Gpt
  --------  -------------  -------  -------  ---  ---
  Disk 0    Online          111 GB    9 MB       
  Disk 1    Online          37 GB    9 MB       
  Disk 2    Online        3839 MB      0 B       

Partitions of Disk 0:
===============

  Partition ###  Type              Size    Offset
  -------------  ----------------  -------  -------
  Partition 1    Primary            55 GB    31 KB
  Partition 0    Extended            55 GB    55 GB
  Partition 2    Logical            55 GB    55 GB

======================================================================================================

Disk: 0
Partition 1
Type  : 07
Hidden: No
Active: Yes

  Volume ###  Ltr  Label        Fs    Type        Size    Status    Info
  ----------  ---  -----------  -----  ----------  -------  ---------  --------
* Volume 2    C  Main        NTFS  Partition    55 GB  Healthy           

======================================================================================================

Disk: 0
Partition 2
Type  : 07
Hidden: No
Active: No

  Volume ###  Ltr  Label        Fs    Type        Size    Status    Info
  ----------  ---  -----------  -----  ----------  -------  ---------  --------
* Volume 3    E  Dwnlds      NTFS  Partition    55 GB  Healthy           

======================================================================================================

Partitions of Disk 1:
===============

  Partition ###  Type              Size    Offset
  -------------  ----------------  -------  -------
  Partition 1    Primary            37 GB    31 KB

======================================================================================================

Disk: 1
Partition 1
Type  : 07
Hidden: No
Active: No

  Volume ###  Ltr  Label        Fs    Type        Size    Status    Info
  ----------  ---  -----------  -----  ----------  -------  ---------  --------
* Volume 4    D  Data        NTFS  Partition    37 GB  Healthy           

======================================================================================================

Partitions of Disk 2:
===============

  Partition ###  Type              Size    Offset
  -------------  ----------------  -------  -------
* Partition 1    Primary          3839 MB      0 B

======================================================================================================

Disk: 2
There is no partition selected.

There is no partition selected.
Please select a partition and try again.

======================================================================================================

==========================================================

Last Boot: 2012-05-19 00:24

======================= End Of Log ==========================

aswer:

Code:

avast! Antirootkit, version 0.9.6
Scan started: 24 May 2012 12:23:41

File C:\Qoobox\BackEnv\AppData.folder.dat  **HIDDEN**
File C:\Qoobox\BackEnv\Cache.folder.dat  **HIDDEN**
File C:\Qoobox\BackEnv\Cookies.folder.dat  **HIDDEN**
File C:\Qoobox\BackEnv\Desktop.folder.dat  **HIDDEN**
File C:\Qoobox\BackEnv\Favorites.folder.dat  **HIDDEN**
File C:\Qoobox\BackEnv\History.folder.dat  **HIDDEN**
File C:\Qoobox\BackEnv\LocalAppData.folder.dat  **HIDDEN**
File C:\Qoobox\BackEnv\LocalSettings.folder.dat  **HIDDEN**
File C:\Qoobox\BackEnv\Music.folder.dat  **HIDDEN**
File C:\Qoobox\BackEnv\NetHood.folder.dat  **HIDDEN**
File C:\Qoobox\BackEnv\Personal.folder.dat  **HIDDEN**
File C:\Qoobox\BackEnv\Pictures.folder.dat  **HIDDEN**
File C:\Qoobox\BackEnv\PrintHood.folder.dat  **HIDDEN**
File C:\Qoobox\BackEnv\Profiles.Folder.dat  **HIDDEN**
File C:\Qoobox\BackEnv\Profiles.Folder.folder.dat  **HIDDEN**
File C:\Qoobox\BackEnv\Programs.folder.dat  **HIDDEN**
File C:\Qoobox\BackEnv\Recent.folder.dat  **HIDDEN**
File C:\Qoobox\BackEnv\SendTo.folder.dat  **HIDDEN**
File C:\Qoobox\BackEnv\SetPath.bat  **HIDDEN**
File C:\Qoobox\BackEnv\StartMenu.folder.dat  **HIDDEN**
File C:\Qoobox\BackEnv\StartUp.folder.dat  **HIDDEN**
File C:\Qoobox\BackEnv\SysPath.dat  **HIDDEN**
File C:\Qoobox\BackEnv\Templates.folder.dat  **HIDDEN**
File C:\Qoobox\BackEnv\VikPev00  **HIDDEN**

Scan finished: 24 May 2012 12:30:11
Hidden files found: 24
Hidden registry items found: 0
Hidden processes found: 0
Hidden services found: 0
Hidden boot sectors found: 0


----------

Psychotic 24.05.2012 13:35
Hm...ich muss da mal Rücksprache halten, da scheint mehr im Argen zu liegen.
standby!

ThimoS. 24.05.2012 15:13
vielen lieben dank fuer deine bemuehungen, das system laeuft eigentlich einwandfrei, diese "C:\Qoobox" eintraege kommen von dem combofix tool.
das avast antiroot tool hatte 7 eintraege gefunden, die namen waren alle so avastaehnliche "avas5" irgendwie so, weis es nicht mehr.

wie ich auch scanne, egal mit avast bart, malwarebytes, oder superantispyware im abgesicherten modus, bei deaktivierter auslagerungsdatei, es wird nichts gefunden.

das einzigste problem was jetzt noch ist, ich kann uniblue speed up my pc nicht mehr starten, auch nicht nach neuinstallation, es tut sich erst was, danach brichts ab ohne fehlermeldung.

ich vermute eine verpfuschte registry.

Psychotic 24.05.2012 15:15
Zitat:
ComboFix 12-05-23.06 - --- 24/05/2012 11:07:21.3.1 - x86
Running from: e:\dwnlds\ComboFix.exe
* Created a new restore point
.
.
((((((((((((((((((((((((( Files Created from 2012-04-24 to 2012-05-24 )))))))))))))))))))))))))))))))
.
Warts lieber ab - Der CF-Header ist unvollständig, das ist nicht normal

Die Verzeichnisse von CF entfernen wir zum Schluß, diese nicht löschen!

ThimoS. 24.05.2012 15:23
diese hatte ich beim erstem mal schon geloescht gehabt, diese boot-bcd per avast bart cd, danach musste ich mit windows cd reparieren.

ich weis das ist amateurhaft, es war nachts ich bin ungeduldiger mensch.

soll ich combofix nochmal ausfuehren?
im abgesicherten modus oder so?

Psychotic 24.05.2012 15:26
Hör doch mal auf, ständig selbst rumzufummeln, sonst hör ich auf, mich um deinen Rechner zu bemühen.

Ich gebe klare Anweisungen - wenn ich nix sage, muss auch derzeit nix getan werden! :balla:

ThimoS. 24.05.2012 15:30
ja, in ordnung.
falls es zur sache tut wegem combofix header, systemwiederherstellung ist deaktiviert.

Psychotic 24.05.2012 19:44
Schritt 1: OTL


Falls noch nicht vorhanden, lade Dir bitte OTL von Oldtimer herunter und speichere es auf Deinem Desktop
Code:
activex
netsvcs
msconfig
%SYSTEMDRIVE%\*.
%PROGRAMFILES%\*.exe
%LOCALAPPDATA%\*.exe
%systemroot%\*. /mp /s
/md5start
explorer.exe
regedit.exe
winlogon.exe
wininit.exe
userinit.exe
/md5stop
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Session Manager\SubSystems|Windows /rs
HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\WindowsUpdate\AU
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\WindowsUpdate\Auto Update\Results\Install|LastSuccessTime /rs
CREATERESTOREPOINT
  • Schliesse bitte nun alle Programme. (Wichtig)
  • Klicke nun bitte auf den Quick Scan Button.
  • Kopiere nun den Inhalt aus OTL.txt und Extra.txt hier in Deinen Thread

ThimoS. 24.05.2012 20:04
http://i.imgur.com/J3pnl.jpg

Psychotic 24.05.2012 20:13
Starte den Rechner neu und versuche es erneut!

ThimoS. 24.05.2012 20:24
passiert das gleiche

Psychotic 24.05.2012 20:28
Versuchs mal so:

Lade Dir bitte OTL von Oldtimer herunter und speichere es auf Deinem Desktop ( falls noch nicht vorhanden)
  • Doppelklick auf die OTL.exe
    Vista und Win7 User mit Rechtsklick "als Administrator starten"
  • Oben findest Du ein Kästchen mit Output. Wähle bitte Minimal Output
  • Unter Extra Registry, wähle bitte Use SafeList
  • Klicke nun auf Run Scan links oben
  • Wenn der Scan beendet wurde werden 2 Logfiles erstellt
  • Poste die Logfiles hier in den Thread.

ThimoS. 24.05.2012 20:40
die fehlermeldung kommt direkt nach dem doppelklick, auch bei rechtsklick als administrator.

Psychotic 24.05.2012 20:44
Führe eine Datenträgerüberprüfung per chkdsk /f durch.
Lösche die vorhandene OTL.exe und lade dir eine neue herunter.

Versuche es erneut!

ThimoS. 24.05.2012 21:30
ohne erfolg, gleiche fehlermeldung.

Psychotic 24.05.2012 22:24
Machen wir was anderes:


CF-Script


Hinweis für Mitleser:
Folgendes ComboFix Skript ist ausschließlich für diesen User in dieser Situtation erstellt worden.
Auf keinen Fall auf anderen Rechnern anwenden, das kann andere Systeme nachhaltig schädigen!

Lösche die vorhandene Combofix.exe von deinem Desktop und lade das Programm von einem der folgenden Download-Spiegel neu herunter:
BleepingComputer.com - ForoSpyware.com
und speichere es erneut auf dem Desktop (nicht woanders hin, das ist wichtig)!

Drücke die Windows + R Taste --> Notepad (hinein schreiben) --> OK

Kopiere nun den Text aus der folgenden Codebox komplett in das leere Textdokument.
Code:
SRPeek::
C:\Windows\explorer.exe
Speichere dies als CFScript.txt auf Deinem Desktop.

Wichtig:
  • Stelle deine Anti Viren Software temprär ab. Dies kann ComboFix nämlich bei der Arbeit behindern.
    Danach wieder anstellen nicht vergessen!
  • Bewege nicht die Maus über das ComboFix-Fenster oder klicke in dieses hinein.
    Dies kann dazu führen, dass ComboFix sich aufhängt.
  • Schließe alle laufenden Programme. Gehe sicher das ComboFix ungehindert arbeiten kann.
  • Mache nichts am PC solange ComboFix läuft.
http://i266.photobucket.com/albums/i.../CFScriptB.gif
  • In Bezug auf obiges Bild, ziehe CFScript.txt in die ComboFix.exe
  • Wenn ComboFix fertig ist, wird es ein Log erstellen, C:\ComboFix.txt. Bitte füge es hier als Antwort ein.
Falls im Skript die Anweisung Suspect:: oder Collect:: enthalten ist, wird eine Message-Box erscheinen, nachdem Combofix fertig ist. Klicke OK und folge den Aufforderungen/Anweisungen, um die Dateien hochzuladen.

ThimoS. 24.05.2012 23:45
[code]
Combofix Logfile:
Code:
ComboFix 12-05-24.03 - --- 25/05/2012  0:04.4.1 - x86
Running from: c:\users\---\Desktop\ComboFix.exe
Command switches used :: c:\users\---\Desktop\CFScript.txt
 * Created a new restore point
.
.
(((((((((((((((((((((((((  Files Created from 2012-04-24 to 2012-05-24  )))))))))))))))))))))))))))))))
.
.
2012-05-24 22:30 . 2012-05-24 22:30        --------        d-----w-        c:\users\Default\AppData\Local\temp
2012-05-24 20:27 . 2012-05-24 20:27        56200        ----a-w-        c:\programdata\Microsoft\Windows Defender\Definition Updates\{B925106A-176E-4833-9007-DA752802C034}\offreg.dll
2012-05-24 06:32 . 2012-05-24 20:11        --------        d-----w-        C:\FRST
2012-05-24 02:34 . 2012-05-24 20:10        --------        d-----w-        C:\Boot
2012-05-23 20:48 . 2012-05-24 22:30        --------        d-----w-        c:\users\---\AppData\Local\Temp
2012-05-23 13:54 . 2012-05-23 13:55        --------        d-----w-        c:\program files\SUPERAntiSpyware
2012-05-23 13:54 . 2012-05-23 13:54        --------        d-----w-        c:\program files\Common Files\Wise Installation Wizard
2012-05-22 13:12 . 2012-05-22 13:12        --------        d-----w-        c:\users\---\AppData\Roaming\GlarySoft
2012-05-22 13:04 . 2012-05-22 13:04        --------        d-----w-        c:\program files\Uniblue
2012-05-22 12:21 . 2012-05-22 12:21        --------        d-----w-        c:\program files\Glarysoft
2012-05-21 10:12 . 2012-05-21 10:12        --------        d-----w-        c:\program files\Passcape
2012-05-18 11:58 . 2012-05-18 12:03        --------        d-----w-        c:\users\---\AppData\Roaming\Profiles
2012-05-18 11:58 . 2012-05-18 11:58        --------        d-----w-        c:\users\---\AppData\Roaming\Skins
2012-05-18 11:58 . 2012-05-18 11:58        --------        d-----w-        c:\users\---\AppData\Roaming\Settings
2012-05-18 11:58 . 2012-05-18 11:58        --------        d-----w-        c:\users\---\AppData\Roaming\Language
2012-05-10 20:37 . 2012-03-30 10:23        1291632        ----a-w-        c:\windows\system32\drivers\tcpip.sys
2012-05-10 20:37 . 2012-03-31 04:29        936960        ----a-w-        c:\program files\Common Files\Microsoft Shared\Ink\journal.dll
2012-05-10 20:37 . 2012-03-31 04:30        1221632        ----a-w-        c:\program files\Windows Journal\NBDoc.DLL
2012-05-10 20:37 . 2012-03-31 04:29        989184        ----a-w-        c:\program files\Windows Journal\JNTFiltr.dll
2012-05-10 20:37 . 2012-03-31 04:29        969216        ----a-w-        c:\program files\Windows Journal\JNWDRV.dll
2012-05-10 20:37 . 2012-03-31 04:39        3968368        ----a-w-        c:\windows\system32\ntkrnlpa.exe
2012-05-10 20:37 . 2012-03-31 04:39        3913072        ----a-w-        c:\windows\system32\ntoskrnl.exe
2012-05-10 20:37 . 2012-03-31 02:36        2343424        ----a-w-        c:\windows\system32\win32k.sys
2012-05-10 20:36 . 2012-03-17 07:27        56176        ----a-w-        c:\windows\system32\drivers\partmgr.sys
2012-05-10 20:36 . 2012-03-03 05:31        1077248        ----a-w-        c:\windows\system32\DWrite.dll
2012-05-02 18:50 . 2012-05-02 18:50        --------        d-sh--w-        c:\program files\KGB
2012-04-30 21:37 . 2012-04-30 21:37        --------        d-----w-        c:\programdata\NVIDIA Corporation
2012-04-30 21:36 . 2012-02-29 23:59        881984        ----a-w-        c:\windows\system32\nvgenco32.dll
2012-04-30 21:36 . 2012-02-29 23:59        19444544        ----a-w-        c:\windows\system32\nvoglv32.dll
2012-04-30 21:36 . 2012-02-29 23:59        1000256        ----a-w-        c:\windows\system32\nvdispco32.dll
2012-04-28 17:09 . 2012-04-28 17:09        --------        d-----w-        c:\users\---\AppData\Roaming\HD Tune Pro
2012-04-28 17:06 . 2012-04-28 17:09        --------        d-----w-        c:\program files\HDTune
2012-04-28 16:44 . 2012-04-28 16:44        --------        d-----w-        c:\users\---\AppData\Local\Western Digital
2012-04-28 16:36 . 2012-04-28 16:36        --------        d-----w-        c:\users\---\AppData\Roaming\BinarySense
2012-04-28 16:35 . 2012-04-28 16:35        --------        d-----w-        c:\program files\HdLife
2012-04-28 16:35 . 2012-04-28 16:35        --------        d-----w-        c:\program files\Common Files\BinarySense
2012-04-28 15:41 . 2001-08-29 19:00        59904        ----a-w-        c:\windows\system32\wbemdisp.tlb
2012-04-28 15:41 . 1998-07-21 22:00        102160        ----a-w-        c:\windows\system32\VB6KO.DLL
2012-04-28 15:41 . 2012-04-28 15:47        --------        d-----w-        c:\program files\lg_fwupdate
2012-04-28 15:41 . 2012-04-28 15:43        16384        ----a-w-        c:\windows\system32\lgfwunis.exe
2012-04-28 15:41 . 1998-06-23 22:00        115016        ----a-w-        c:\windows\system32\MSINET.OCX
2012-04-28 15:41 . 2001-09-05 01:18        77824        ----a-w-        c:\program files\Common Files\InstallShield\Engine\6\Intel 32\ctor.dll
2012-04-28 15:41 . 2001-09-05 01:18        225280        ------w-        c:\program files\Common Files\InstallShield\IScript\iscript.dll
2012-04-28 15:41 . 2001-09-05 01:14        176128        ------w-        c:\program files\Common Files\InstallShield\Engine\6\Intel 32\iuser.dll
2012-04-28 15:41 . 2001-09-05 01:13        32768        ------w-        c:\program files\Common Files\InstallShield\Engine\6\Intel 32\objectps.dll
2012-04-28 15:41 . 2006-01-10 21:35        614532        ----a-w-        c:\program files\Common Files\InstallShield\Engine\6\Intel 32\IKernel.exe
2012-04-28 15:32 . 2012-04-28 15:32        --------        d-----w-        c:\program files\DVD Genie
.
.
.
((((((((((((((((((((((((((((((((((((((((  Find3M Report  ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2012-05-22 13:26 . 2009-07-13 23:40        249856        ----a-w-        c:\windows\system32\uxtheme.dll
2012-05-22 13:26 . 2011-10-29 15:48        2755072        ----a-w-        c:\windows\system32\themeui.dll
2012-05-22 13:26 . 2009-07-13 23:39        37376        ----a-w-        c:\windows\system32\themeservice.dll
2012-05-10 06:54 . 2012-04-17 16:54        419488        ----a-w-        c:\windows\system32\FlashPlayerApp.exe
2012-05-10 06:54 . 2011-10-29 18:01        70304        ----a-w-        c:\windows\system32\FlashPlayerCPLApp.cpl
2012-04-08 16:35 . 2012-03-24 11:40        60416        ----a-w-        c:\windows\ALCFDRTM.VER
2012-04-04 13:56 . 2011-10-29 20:31        22344        ----a-w-        c:\windows\system32\drivers\mbam.sys
2012-03-27 12:54 . 2012-02-06 14:09        637848        ----a-w-        c:\windows\system32\npdeployJava1.dll
2012-03-27 12:54 . 2012-02-06 14:09        567696        ----a-w-        c:\windows\system32\deployJava1.dll
2012-03-24 11:40 . 2012-03-24 11:40        60416        ----a-w-        c:\windows\ALCFDRTM.EXE
2012-03-07 20:40 . 2012-03-07 20:40        1010720        --s---r-        c:\windows\system32\MSCHRT20.OCX
2012-03-01 05:46 . 2012-04-12 14:39        19824        ----a-w-        c:\windows\system32\drivers\fs_rec.sys
2012-03-01 05:37 . 2012-04-12 14:39        172544        ----a-w-        c:\windows\system32\wintrust.dll
2012-03-01 05:33 . 2012-04-12 14:39        159232        ----a-w-        c:\windows\system32\imagehlp.dll
2012-03-01 05:29 . 2012-04-12 14:39        5120        ----a-w-        c:\windows\system32\wmi.dll
2012-02-29 23:59 . 2011-11-26 23:10        61248        ----a-w-        c:\windows\system32\OpenCL.dll
2012-02-29 23:59 . 2011-11-26 23:10        5892928        ----a-w-        c:\windows\system32\nvcuda.dll
2012-02-29 23:59 . 2011-11-26 23:10        2517312        ----a-w-        c:\windows\system32\nvcuvid.dll
2012-02-29 23:59 . 2011-11-26 23:10        2437440        ----a-w-        c:\windows\system32\nvcuvenc.dll
2012-02-29 23:59 . 2011-11-26 23:10        2301248        ----a-w-        c:\windows\system32\nvapi.dll
2012-02-29 23:59 . 2011-11-26 23:10        17543488        ----a-w-        c:\windows\system32\nvcompiler.dll
2012-02-29 23:59 . 2011-11-26 23:10        10819392        ----a-w-        c:\windows\system32\drivers\nvlddmkm.sys
2012-02-29 23:59 . 2009-06-10 21:19        15009600        ----a-w-        c:\windows\system32\nvd3dum.dll
2012-02-29 20:56 . 2011-11-26 23:10        3881792        ----a-w-        c:\windows\system32\nvcpl.dll
2012-02-29 20:55 . 2011-11-26 23:10        2719040        ----a-w-        c:\windows\system32\nvsvc.dll
2012-02-29 20:53 . 2011-11-26 23:10        108352        ----a-w-        c:\windows\system32\nvmctray.dll
2012-02-29 20:53 . 2011-11-26 23:10        645440        ----a-w-        c:\windows\system32\nvvsvc.exe
2012-02-29 20:53 . 2011-11-26 23:10        62272        ----a-w-        c:\windows\system32\nvshext.dll
2012-02-28 01:18 . 2012-04-12 14:42        1799168        ----a-w-        c:\windows\system32\jscript9.dll
2012-02-28 01:11 . 2012-04-12 14:42        1427456        ----a-w-        c:\windows\system32\inetcpl.cpl
2012-02-28 01:11 . 2012-04-12 14:42        1127424        ----a-w-        c:\windows\system32\wininet.dll
2012-02-28 01:03 . 2012-04-12 14:42        2382848        ----a-w-        c:\windows\system32\mshtml.tlb
.
.
------- Sigcheck -------
Note: Unsigned files aren't necessarily malware.
.
[7] 2011-02-26 . 0FB9C74046656D1579A64660AD67B746 . 2616320 . . [6.1.7600.16385] . . c:\windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.1.7601.21669_none_54149f9ef14031fc\explorer.exe
[-] 2011-02-25 . C159B521C73AA1E786DE7CE8DB0FCDF2 . 2616320 . . [6.1.7600.16385] . . c:\windows\explorer.exe
[7] 2011-02-25 . 8B88EBBB05A0E56B7DCC708498C02B3E . 2616320 . . [6.1.7600.16385] . . c:\windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.1.7601.17567_none_5389023fd8245f84\explorer.exe
[7] 2010-11-20 . 40D777B7A95E00593EB1568C68514493 . 2616320 . . [6.1.7600.16385] . . c:\windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.1.7601.17514_none_53bc10fdd7fe87ca\explorer.exe
.
(((((((((((((((((((((((((((((((((((((  Reg Loading Points  ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\snxPluginsShell]
@="{F4B3B0AA-13D1-4a36-BDA2-2055B0F3D5DE}"
[HKEY_CLASSES_ROOT\CLSID\{F4B3B0AA-13D1-4a36-BDA2-2055B0F3D5DE}]
2010-09-07 15:14        152160        ----a-w-        c:\program files\Alwil Software\Avast5\snxPlugins.dll
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"AvastUI.exe"="c:\program files\Alwil Software\Avast5\AvastUI.exe" [2010-09-07 2838912]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 0 (0x0)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableLUA"= 0 (0x0)
"EnableUIADesktopToggle"= 0 (0x0)
"PromptOnSecureDesktop"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\explorer]
"NoResolveTrack"= 1 (0x1)
"NoFileAssociate"= 0 (0x0)
.
[hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks]
"{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}"= "c:\program files\SUPERAntiSpyware\SASSEH.DLL" [2008-05-13 77824]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\!SASWinLogon]
2009-09-03 12:21        548352        ----a-w-        c:\program files\SUPERAntiSpyware\SASWINLO.dll
.
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\session manager]
BootExecute        REG_MULTI_SZ          PDBoot.exe\0autocheck autochk *\0ROBoot \??\c:\windows\system32\ASOROSet.bin
.
R2 avast! Firewall;avast! Firewall;c:\program files\Alwil Software\Avast5\afwServ.exe [2010-09-07 119200]
R2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-03-18 130384]
R3 aswArKrn;aswArKrn;c:\users\---\AppData\Local\Temp\aswArKrn.sys [x]
R3 FsUsbExDisk;FsUsbExDisk;c:\windows\system32\FsUsbExDisk.SYS [2010-06-14 36608]
R3 HH10Help.sys;HH10Help.sys;c:\windows\system32\drivers\HH10Help.sys [2008-11-06 18432]
R3 KMWDFILTERx86;HIDServiceDesc;c:\windows\system32\DRIVERS\KMWDFILTER.sys [2009-04-29 25088]
R3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [2012-04-04 22344]
R3 MBAMService;MBAMService;c:\program files\Malwarebytes' Anti-Malware\mbamservice.exe [2012-04-04 654408]
R3 nmwcdnsu;Nokia USB Flashing Phone Parent;c:\windows\system32\drivers\nmwcdnsu.sys [2011-11-01 137600]
R3 nmwcdnsuc;Nokia USB Flashing Generic;c:\windows\system32\drivers\nmwcdnsuc.sys [2011-11-01 8576]
R3 NPF;NetGroup Packet Filter Driver;c:\windows\system32\drivers\npf.sys [2010-06-25 35088]
R3 nvUpdatusService;NVIDIA Update Service Daemon;c:\program files\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe [2012-02-29 2348352]
R3 PAC7311;Trust Webcam 14839;c:\windows\system32\DRIVERS\PA707UCM.SYS [2005-10-18 154752]
R3 RdpVideoMiniport;Remote Desktop Video Miniport Driver;c:\windows\system32\drivers\rdpvideominiport.sys [2010-11-20 15872]
R3 SASENUM;SASENUM;c:\program files\SUPERAntiSpyware\SASENUM.SYS [2009-11-11 7408]
R3 TeamViewer7;TeamViewer 7;c:\program files\TeamViewer\Version7\TeamViewer_Service.exe [2012-02-06 3027840]
R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys [2010-11-20 52224]
R3 TuneUp.UtilitiesSvc;TuneUp Utilities Service;c:\program files\TuneUp Utilities 2011\TuneUpUtilitiesService32.exe [2010-10-27 1483072]
R3 TuneUpUtilitiesDrv;TuneUpUtilitiesDrv;c:\program files\TuneUp Utilities 2011\TuneUpUtilitiesDriver32.sys [2010-10-07 10064]
R3 VC10SecS;Virtual CD v10 Management Service;c:\program files\Virtual CD v10\System\VC10SecS.exe [2010-02-24 144712]
R4 FsUsbExService;FsUsbExService;c:\windows\system32\FsUsbExService.Exe [2010-07-04 238952]
S0 aswNdis;avast! Firewall NDIS Filter Service;c:\windows\system32\DRIVERS\aswNdis.sys [2010-09-07 12112]
S0 aswNdis2;avast! Firewall Core Firewall Service; [x]
S1 aswFW;avast! TDI Firewall driver; [x]
S1 aswSnx;aswSnx; [x]
S1 aswSP;aswSP; [x]
S1 SASDIFSV;SASDIFSV;c:\program files\SUPERAntiSpyware\SASDIFSV.SYS [2009-11-11 9968]
S1 SASKUTIL;SASKUTIL;c:\program files\SUPERAntiSpyware\SASKUTIL.sys [2009-11-11 74480]
S2 aswFsBlk;aswFsBlk; [x]
S2 aswMonFlt;aswMonFlt;c:\windows\system32\drivers\aswMonFlt.sys [2010-09-07 50768]
S3 teamviewervpn;TeamViewer VPN Adapter;c:\windows\system32\DRIVERS\teamviewervpn.sys [2011-12-16 25088]
S3 yukonw7;NDIS6.2 Miniport Driver for Marvell Yukon Ethernet Controller;c:\windows\system32\DRIVERS\yk62x86.sys [2009-09-28 315392]
.
.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Svchost  - NetSvcs
UxTuneUp
.
.
------- Supplementary Scan -------
.
IE: Download with FileServe Manager - c:\program files\FileServe Manager\GetUrl.htm
IE: E&xport to Microsoft Excel - c:\progra~1\Microsoft Office\Office12\EXCEL.EXE/3000
IE: Send image to &Bluetooth Device... - c:\program files\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm
IE: Send page to &Bluetooth Device... - c:\program files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
TCP: Interfaces\{177994D8-96D5-4F24-AA0A-66B749006129}: NameServer = 208.67.222.222,208.67.220.220
.
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0001\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0002\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
Completion time: 2012-05-25  00:36:50
ComboFix-quarantined-files.txt  2012-05-24 22:36
.
Pre-Run: 38,444,429,312 bytes free
Post-Run: 38,382,166,016 bytes free
.
- - End Of File - - FC761E22BCE6106DB54648E6B2C7FA12
--- --- ---

Psychotic 25.05.2012 06:33
Schritt 1: CF-Script


Hinweis für Mitleser:
Folgendes ComboFix Skript ist ausschließlich für diesen User in dieser Situtation erstellt worden.
Auf keinen Fall auf anderen Rechnern anwenden, das kann andere Systeme nachhaltig schädigen!

Lösche die vorhandene Combofix.exe von deinem Desktop und lade das Programm von einem der folgenden Download-Spiegel neu herunter:
BleepingComputer.com - ForoSpyware.com
und speichere es erneut auf dem Desktop (nicht woanders hin, das ist wichtig)!

Drücke die Windows + R Taste --> Notepad (hinein schreiben) --> OK

Kopiere nun den Text aus der folgenden Codebox komplett in das leere Textdokument.
Code:
FCOPY::
c:\windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.1.7601.21669_none_54149f9ef14031fc\explorer.exe | C:\windows\explorer.exe
Speichere dies als CFScript.txt auf Deinem Desktop.

Wichtig:
  • Stelle deine Anti Viren Software temprär ab. Dies kann ComboFix nämlich bei der Arbeit behindern.
    Danach wieder anstellen nicht vergessen!
  • Bewege nicht die Maus über das ComboFix-Fenster oder klicke in dieses hinein.
    Dies kann dazu führen, dass ComboFix sich aufhängt.
  • Schließe alle laufenden Programme. Gehe sicher das ComboFix ungehindert arbeiten kann.
  • Mache nichts am PC solange ComboFix läuft.
http://i266.photobucket.com/albums/i.../CFScriptB.gif
  • In Bezug auf obiges Bild, ziehe CFScript.txt in die ComboFix.exe
  • Wenn ComboFix fertig ist, wird es ein Log erstellen, C:\ComboFix.txt. Bitte füge es hier als Antwort ein.
Falls im Skript die Anweisung Suspect:: oder Collect:: enthalten ist, wird eine Message-Box erscheinen, nachdem Combofix fertig ist. Klicke OK und folge den Aufforderungen/Anweisungen, um die Dateien hochzuladen.




Schritt 2: OTL (custom)



Falls noch nicht vorhanden, lade Dir bitte OTL von Oldtimer herunter und speichere es auf Deinem Desktop
Code:
activex
netsvcs
msconfig
%SYSTEMDRIVE%\*.
%PROGRAMFILES%\*.exe
%LOCALAPPDATA%\*.exe
%systemroot%\*. /mp /s
/md5start
explorer.exe
regedit.exe
winlogon.exe
wininit.exe
userinit.exe
/md5stop
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Session Manager\SubSystems|Windows /rs
HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\WindowsUpdate\AU
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\WindowsUpdate\Auto Update\Results\Install|LastSuccessTime /rs
CREATERESTOREPOINT
  • Schliesse bitte nun alle Programme. (Wichtig)
  • Klicke nun bitte auf den Quick Scan Button.
  • Kopiere nun den Inhalt aus OTL.txt und Extra.txt hier in Deinen Thread

ThimoS. 25.05.2012 11:17
Combofix:

[code]
Combofix Logfile:
Code:
ComboFix 12-05-25.02 - --- 25/05/2012  11:28:06.5.1 - x86
Running from: c:\users\---\Desktop\ComboFix.exe
Command switches used :: c:\users\---\Desktop\CFScript.txt
 * Created a new restore point
.
.
(((((((((((((((((((((((((((((((((((((((  Other Deletions  )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
.
--------------- FCopy ---------------
.
c:\windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.1.7601.21669_none_54149f9ef14031fc\explorer.exe --> c:\windows\explorer.exe
.
(((((((((((((((((((((((((  Files Created from 2012-04-25 to 2012-05-25  )))))))))))))))))))))))))))))))
.
.
2012-05-25 09:57 . 2012-05-25 09:57        --------        d-----w-        c:\users\Default\AppData\Local\temp
2012-05-25 08:45 . 2012-05-25 08:45        56200        ----a-w-        c:\programdata\Microsoft\Windows Defender\Definition Updates\{B925106A-176E-4833-9007-DA752802C034}\offreg.dll
2012-05-24 06:32 . 2012-05-24 20:11        --------        d-----w-        C:\FRST
2012-05-24 02:34 . 2012-05-24 20:10        --------        d-----w-        C:\Boot
2012-05-23 20:48 . 2012-05-25 09:57        --------        d-----w-        c:\users\---\AppData\Local\Temp
2012-05-23 13:54 . 2012-05-23 13:55        --------        d-----w-        c:\program files\SUPERAntiSpyware
2012-05-23 13:54 . 2012-05-23 13:54        --------        d-----w-        c:\program files\Common Files\Wise Installation Wizard
2012-05-22 13:12 . 2012-05-22 13:12        --------        d-----w-        c:\users\---\AppData\Roaming\GlarySoft
2012-05-22 13:04 . 2012-05-22 13:04        --------        d-----w-        c:\program files\Uniblue
2012-05-22 12:21 . 2012-05-22 12:21        --------        d-----w-        c:\program files\Glarysoft
2012-05-21 10:12 . 2012-05-21 10:12        --------        d-----w-        c:\program files\Passcape
2012-05-18 11:58 . 2012-05-18 12:03        --------        d-----w-        c:\users\---\AppData\Roaming\Profiles
2012-05-18 11:58 . 2012-05-18 11:58        --------        d-----w-        c:\users\---\AppData\Roaming\Skins
2012-05-18 11:58 . 2012-05-18 11:58        --------        d-----w-        c:\users\---\AppData\Roaming\Settings
2012-05-18 11:58 . 2012-05-18 11:58        --------        d-----w-        c:\users\---\AppData\Roaming\Language
2012-05-10 20:37 . 2012-03-30 10:23        1291632        ----a-w-        c:\windows\system32\drivers\tcpip.sys
2012-05-10 20:37 . 2012-03-31 04:29        936960        ----a-w-        c:\program files\Common Files\Microsoft Shared\Ink\journal.dll
2012-05-10 20:37 . 2012-03-31 04:30        1221632        ----a-w-        c:\program files\Windows Journal\NBDoc.DLL
2012-05-10 20:37 . 2012-03-31 04:29        989184        ----a-w-        c:\program files\Windows Journal\JNTFiltr.dll
2012-05-10 20:37 . 2012-03-31 04:29        969216        ----a-w-        c:\program files\Windows Journal\JNWDRV.dll
2012-05-10 20:37 . 2012-03-31 04:39        3968368        ----a-w-        c:\windows\system32\ntkrnlpa.exe
2012-05-10 20:37 . 2012-03-31 04:39        3913072        ----a-w-        c:\windows\system32\ntoskrnl.exe
2012-05-10 20:37 . 2012-03-31 02:36        2343424        ----a-w-        c:\windows\system32\win32k.sys
2012-05-10 20:36 . 2012-03-17 07:27        56176        ----a-w-        c:\windows\system32\drivers\partmgr.sys
2012-05-10 20:36 . 2012-03-03 05:31        1077248        ----a-w-        c:\windows\system32\DWrite.dll
2012-05-02 18:50 . 2012-05-02 18:50        --------        d-sh--w-        c:\program files\KGB
2012-04-30 21:37 . 2012-04-30 21:37        --------        d-----w-        c:\programdata\NVIDIA Corporation
2012-04-30 21:36 . 2012-02-29 23:59        881984        ----a-w-        c:\windows\system32\nvgenco32.dll
2012-04-30 21:36 . 2012-02-29 23:59        19444544        ----a-w-        c:\windows\system32\nvoglv32.dll
2012-04-30 21:36 . 2012-02-29 23:59        1000256        ----a-w-        c:\windows\system32\nvdispco32.dll
2012-04-28 17:09 . 2012-04-28 17:09        --------        d-----w-        c:\users\---\AppData\Roaming\HD Tune Pro
2012-04-28 17:06 . 2012-04-28 17:09        --------        d-----w-        c:\program files\HDTune
2012-04-28 16:44 . 2012-04-28 16:44        --------        d-----w-        c:\users\---\AppData\Local\Western Digital
2012-04-28 16:36 . 2012-04-28 16:36        --------        d-----w-        c:\users\---\AppData\Roaming\BinarySense
2012-04-28 16:35 . 2012-04-28 16:35        --------        d-----w-        c:\program files\HdLife
2012-04-28 16:35 . 2012-04-28 16:35        --------        d-----w-        c:\program files\Common Files\BinarySense
2012-04-28 15:41 . 2001-08-29 19:00        59904        ----a-w-        c:\windows\system32\wbemdisp.tlb
2012-04-28 15:41 . 1998-07-21 22:00        102160        ----a-w-        c:\windows\system32\VB6KO.DLL
2012-04-28 15:41 . 2012-04-28 15:47        --------        d-----w-        c:\program files\lg_fwupdate
2012-04-28 15:41 . 2012-04-28 15:43        16384        ----a-w-        c:\windows\system32\lgfwunis.exe
2012-04-28 15:41 . 1998-06-23 22:00        115016        ----a-w-        c:\windows\system32\MSINET.OCX
2012-04-28 15:41 . 2001-09-05 01:18        77824        ----a-w-        c:\program files\Common Files\InstallShield\Engine\6\Intel 32\ctor.dll
2012-04-28 15:41 . 2001-09-05 01:18        225280        ------w-        c:\program files\Common Files\InstallShield\IScript\iscript.dll
2012-04-28 15:41 . 2001-09-05 01:14        176128        ------w-        c:\program files\Common Files\InstallShield\Engine\6\Intel 32\iuser.dll
2012-04-28 15:41 . 2001-09-05 01:13        32768        ------w-        c:\program files\Common Files\InstallShield\Engine\6\Intel 32\objectps.dll
2012-04-28 15:41 . 2006-01-10 21:35        614532        ----a-w-        c:\program files\Common Files\InstallShield\Engine\6\Intel 32\IKernel.exe
2012-04-28 15:32 . 2012-04-28 15:32        --------        d-----w-        c:\program files\DVD Genie
.
.
.
((((((((((((((((((((((((((((((((((((((((  Find3M Report  ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2012-05-22 13:26 . 2009-07-13 23:40        249856        ----a-w-        c:\windows\system32\uxtheme.dll
2012-05-22 13:26 . 2011-10-29 15:48        2755072        ----a-w-        c:\windows\system32\themeui.dll
2012-05-22 13:26 . 2009-07-13 23:39        37376        ----a-w-        c:\windows\system32\themeservice.dll
2012-05-10 06:54 . 2012-04-17 16:54        419488        ----a-w-        c:\windows\system32\FlashPlayerApp.exe
2012-05-10 06:54 . 2011-10-29 18:01        70304        ----a-w-        c:\windows\system32\FlashPlayerCPLApp.cpl
2012-04-08 16:35 . 2012-03-24 11:40        60416        ----a-w-        c:\windows\ALCFDRTM.VER
2012-04-04 13:56 . 2011-10-29 20:31        22344        ----a-w-        c:\windows\system32\drivers\mbam.sys
2012-03-27 12:54 . 2012-02-06 14:09        637848        ----a-w-        c:\windows\system32\npdeployJava1.dll
2012-03-27 12:54 . 2012-02-06 14:09        567696        ----a-w-        c:\windows\system32\deployJava1.dll
2012-03-24 11:40 . 2012-03-24 11:40        60416        ----a-w-        c:\windows\ALCFDRTM.EXE
2012-03-07 20:40 . 2012-03-07 20:40        1010720        --s---r-        c:\windows\system32\MSCHRT20.OCX
2012-03-01 05:46 . 2012-04-12 14:39        19824        ----a-w-        c:\windows\system32\drivers\fs_rec.sys
2012-03-01 05:37 . 2012-04-12 14:39        172544        ----a-w-        c:\windows\system32\wintrust.dll
2012-03-01 05:33 . 2012-04-12 14:39        159232        ----a-w-        c:\windows\system32\imagehlp.dll
2012-03-01 05:29 . 2012-04-12 14:39        5120        ----a-w-        c:\windows\system32\wmi.dll
2012-02-29 23:59 . 2011-11-26 23:10        61248        ----a-w-        c:\windows\system32\OpenCL.dll
2012-02-29 23:59 . 2011-11-26 23:10        5892928        ----a-w-        c:\windows\system32\nvcuda.dll
2012-02-29 23:59 . 2011-11-26 23:10        2517312        ----a-w-        c:\windows\system32\nvcuvid.dll
2012-02-29 23:59 . 2011-11-26 23:10        2437440        ----a-w-        c:\windows\system32\nvcuvenc.dll
2012-02-29 23:59 . 2011-11-26 23:10        2301248        ----a-w-        c:\windows\system32\nvapi.dll
2012-02-29 23:59 . 2011-11-26 23:10        17543488        ----a-w-        c:\windows\system32\nvcompiler.dll
2012-02-29 23:59 . 2011-11-26 23:10        10819392        ----a-w-        c:\windows\system32\drivers\nvlddmkm.sys
2012-02-29 23:59 . 2009-06-10 21:19        15009600        ----a-w-        c:\windows\system32\nvd3dum.dll
2012-02-29 20:56 . 2011-11-26 23:10        3881792        ----a-w-        c:\windows\system32\nvcpl.dll
2012-02-29 20:55 . 2011-11-26 23:10        2719040        ----a-w-        c:\windows\system32\nvsvc.dll
2012-02-29 20:53 . 2011-11-26 23:10        108352        ----a-w-        c:\windows\system32\nvmctray.dll
2012-02-29 20:53 . 2011-11-26 23:10        645440        ----a-w-        c:\windows\system32\nvvsvc.exe
2012-02-29 20:53 . 2011-11-26 23:10        62272        ----a-w-        c:\windows\system32\nvshext.dll
2012-02-28 01:18 . 2012-04-12 14:42        1799168        ----a-w-        c:\windows\system32\jscript9.dll
2012-02-28 01:11 . 2012-04-12 14:42        1427456        ----a-w-        c:\windows\system32\inetcpl.cpl
2012-02-28 01:11 . 2012-04-12 14:42        1127424        ----a-w-        c:\windows\system32\wininet.dll
2012-02-28 01:03 . 2012-04-12 14:42        2382848        ----a-w-        c:\windows\system32\mshtml.tlb
.
.
(((((((((((((((((((((((((((((((((((((  Reg Loading Points  ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\snxPluginsShell]
@="{F4B3B0AA-13D1-4a36-BDA2-2055B0F3D5DE}"
[HKEY_CLASSES_ROOT\CLSID\{F4B3B0AA-13D1-4a36-BDA2-2055B0F3D5DE}]
2010-09-07 15:14        152160        ----a-w-        c:\program files\Alwil Software\Avast5\snxPlugins.dll
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"AvastUI.exe"="c:\program files\Alwil Software\Avast5\AvastUI.exe" [2010-09-07 2838912]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 0 (0x0)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableLUA"= 0 (0x0)
"EnableUIADesktopToggle"= 0 (0x0)
"PromptOnSecureDesktop"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\explorer]
"NoResolveTrack"= 1 (0x1)
"NoFileAssociate"= 0 (0x0)
.
[hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks]
"{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}"= "c:\program files\SUPERAntiSpyware\SASSEH.DLL" [2008-05-13 77824]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\!SASWinLogon]
2009-09-03 12:21        548352        ----a-w-        c:\program files\SUPERAntiSpyware\SASWINLO.dll
.
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\session manager]
BootExecute        REG_MULTI_SZ          PDBoot.exe\0autocheck autochk *\0ROBoot \??\c:\windows\system32\ASOROSet.bin
.
R2 avast! Firewall;avast! Firewall;c:\program files\Alwil Software\Avast5\afwServ.exe [2010-09-07 119200]
R2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-03-18 130384]
R3 aswArKrn;aswArKrn;c:\users\---\AppData\Local\Temp\aswArKrn.sys [x]
R3 FsUsbExDisk;FsUsbExDisk;c:\windows\system32\FsUsbExDisk.SYS [2010-06-14 36608]
R3 HH10Help.sys;HH10Help.sys;c:\windows\system32\drivers\HH10Help.sys [2008-11-06 18432]
R3 KMWDFILTERx86;HIDServiceDesc;c:\windows\system32\DRIVERS\KMWDFILTER.sys [2009-04-29 25088]
R3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [2012-04-04 22344]
R3 MBAMService;MBAMService;c:\program files\Malwarebytes' Anti-Malware\mbamservice.exe [2012-04-04 654408]
R3 nmwcdnsu;Nokia USB Flashing Phone Parent;c:\windows\system32\drivers\nmwcdnsu.sys [2011-11-01 137600]
R3 nmwcdnsuc;Nokia USB Flashing Generic;c:\windows\system32\drivers\nmwcdnsuc.sys [2011-11-01 8576]
R3 NPF;NetGroup Packet Filter Driver;c:\windows\system32\drivers\npf.sys [2010-06-25 35088]
R3 nvUpdatusService;NVIDIA Update Service Daemon;c:\program files\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe [2012-02-29 2348352]
R3 PAC7311;Trust Webcam 14839;c:\windows\system32\DRIVERS\PA707UCM.SYS [2005-10-18 154752]
R3 RdpVideoMiniport;Remote Desktop Video Miniport Driver;c:\windows\system32\drivers\rdpvideominiport.sys [2010-11-20 15872]
R3 SASENUM;SASENUM;c:\program files\SUPERAntiSpyware\SASENUM.SYS [2009-11-11 7408]
R3 TeamViewer7;TeamViewer 7;c:\program files\TeamViewer\Version7\TeamViewer_Service.exe [2012-02-06 3027840]
R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys [2010-11-20 52224]
R3 TuneUp.UtilitiesSvc;TuneUp Utilities Service;c:\program files\TuneUp Utilities 2011\TuneUpUtilitiesService32.exe [2010-10-27 1483072]
R3 TuneUpUtilitiesDrv;TuneUpUtilitiesDrv;c:\program files\TuneUp Utilities 2011\TuneUpUtilitiesDriver32.sys [2010-10-07 10064]
R3 VC10SecS;Virtual CD v10 Management Service;c:\program files\Virtual CD v10\System\VC10SecS.exe [2010-02-24 144712]
R4 FsUsbExService;FsUsbExService;c:\windows\system32\FsUsbExService.Exe [2010-07-04 238952]
S0 aswNdis;avast! Firewall NDIS Filter Service;c:\windows\system32\DRIVERS\aswNdis.sys [2010-09-07 12112]
S0 aswNdis2;avast! Firewall Core Firewall Service; [x]
S1 aswFW;avast! TDI Firewall driver; [x]
S1 aswSnx;aswSnx; [x]
S1 aswSP;aswSP; [x]
S1 SASDIFSV;SASDIFSV;c:\program files\SUPERAntiSpyware\SASDIFSV.SYS [2009-11-11 9968]
S1 SASKUTIL;SASKUTIL;c:\program files\SUPERAntiSpyware\SASKUTIL.sys [2009-11-11 74480]
S2 aswFsBlk;aswFsBlk; [x]
S2 aswMonFlt;aswMonFlt;c:\windows\system32\drivers\aswMonFlt.sys [2010-09-07 50768]
S3 teamviewervpn;TeamViewer VPN Adapter;c:\windows\system32\DRIVERS\teamviewervpn.sys [2011-12-16 25088]
S3 yukonw7;NDIS6.2 Miniport Driver for Marvell Yukon Ethernet Controller;c:\windows\system32\DRIVERS\yk62x86.sys [2009-09-28 315392]
.
.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Svchost  - NetSvcs
UxTuneUp
.
.
------- Supplementary Scan -------
.
IE: Download with FileServe Manager - c:\program files\FileServe Manager\GetUrl.htm
IE: E&xport to Microsoft Excel - c:\progra~1\Microsoft Office\Office12\EXCEL.EXE/3000
IE: Send image to &Bluetooth Device... - c:\program files\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm
IE: Send page to &Bluetooth Device... - c:\program files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
TCP: Interfaces\{177994D8-96D5-4F24-AA0A-66B749006129}: NameServer = 208.67.222.222,208.67.220.220
.
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0001\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0002\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
Completion time: 2012-05-25  12:03:18
ComboFix-quarantined-files.txt  2012-05-25 10:03
.
Pre-Run: 38,443,749,376 bytes free
Post-Run: 38,367,154,176 bytes free
.
- - End Of File - - 58942FF680F7EB4799245B3A4F4D31D7
--- --- ---


Otl:

http://i.imgur.com/blMyt.jpg

nach dem combofix war der windows startbutton unten links wieder auf standardfarbe, ich hatte mit dem tool "reshack" die farbe geandert gehabt, falls die info was hilft.

Psychotic 27.05.2012 10:01
OK, warte bitte - ich muss mal Rücksprache halten!

ThimoS. 27.05.2012 11:13
in ordnung

Psychotic 28.05.2012 11:35
Klicke Start-->schreibe cmd-->das System wird danach suchen und dir den Eintrag anzeigen. Rechtsklick drauf-->Als Administrator ausführen.

Gib dort einmal folgendes ein:


Code:
net start winmgmt
Danach:

Lösche die vorhandene Combofix, lade eine neue auf den Desktop herunter und führe sie nach Anleitung aus.


Berichte!

ThimoS. 28.05.2012 11:50
Code:
The requested service has already been started.
combofix folgt...

Zitat:
Zitat von PsYcHoTiC (Beitrag 835030)
Lösche die vorhandene Combofix, lade eine neue auf den Desktop herunter und führe sie nach Anleitung aus.
[code]
Combofix Logfile:
Code:
ComboFix 12-05-28.01 - --- 28/05/2012  13:24:53.6.1 - x86
Running from: c:\users\---\Desktop\ComboFix.exe
 * Created a new restore point
.
.
(((((((((((((((((((((((((  Files Created from 2012-04-28 to 2012-05-28  )))))))))))))))))))))))))))))))
.
.
2012-05-28 11:50 . 2012-05-28 11:50        --------        d-----w-        c:\users\Default\AppData\Local\temp
2012-05-28 11:14 . 2012-05-28 11:14        56200        ----a-w-        c:\programdata\Microsoft\Windows Defender\Definition Updates\{B925106A-176E-4833-9007-DA752802C034}\offreg.dll
2012-05-27 10:20 . 2010-09-07 14:52        165584        ----a-w-        c:\windows\system32\drivers\aswSP.sys
2012-05-27 10:20 . 2010-09-07 14:47        17744        ----a-w-        c:\windows\system32\drivers\aswFsBlk.sys
2012-05-27 10:20 . 2010-09-07 14:53        340048        ----a-w-        c:\windows\system32\drivers\aswSnx.sys
2012-05-27 10:20 . 2010-09-07 14:54        99792        ----a-w-        c:\windows\system32\drivers\aswFW.sys
2012-05-27 10:20 . 2010-09-07 14:53        190416        ----a-w-        c:\windows\system32\drivers\aswNdis2.sys
2012-05-27 10:20 . 2010-09-07 14:47        23376        ----a-w-        c:\windows\system32\drivers\aswRdr.sys
2012-05-27 10:20 . 2010-09-07 14:52        46672        ----a-w-        c:\windows\system32\drivers\aswTdi.sys
2012-05-27 10:20 . 2010-09-07 14:47        50768        ----a-w-        c:\windows\system32\drivers\aswMonFlt.sys
2012-05-27 10:19 . 2010-09-07 15:12        38848        ----a-w-        c:\windows\avastSS.scr
2012-05-27 10:19 . 2010-09-07 15:11        167592        ----a-w-        c:\windows\system32\aswBoot.exe
2012-05-27 10:19 . 2010-09-07 14:24        12112        ----a-w-        c:\windows\system32\drivers\aswNdis.sys
2012-05-27 10:19 . 2012-05-27 10:19        --------        d-----w-        c:\programdata\Alwil Software
2012-05-27 10:19 . 2012-05-27 10:19        --------        d-----w-        c:\program files\Alwil Software
2012-05-27 10:02 . 2012-05-27 10:02        --------        d-----w-        c:\users\---\AppData\Local\Chromium
2012-05-27 10:02 . 2012-05-27 10:02        --------        d-----w-        c:\program files\SRWare Iron
2012-05-26 23:45 . 2012-05-26 23:45        --------        d-----w-        C:\Boot
2012-05-26 23:28 . 2012-05-26 23:28        335504        ----a-w-        c:\windows\system32\drivers\TrufosAlt.sys
2012-05-25 23:17 . 2012-05-25 23:22        --------        d-----w-        c:\program files\GetFLV
2012-05-25 16:23 . 2012-05-25 16:23        --------        d-----w-        c:\program files\Common Files\logishrd
2012-05-23 20:48 . 2012-05-28 11:50        --------        d-----w-        c:\users\---\AppData\Local\Temp
2012-05-23 13:54 . 2012-05-23 13:55        --------        d-----w-        c:\program files\SUPERAntiSpyware
2012-05-23 13:54 . 2012-05-23 13:54        --------        d-----w-        c:\program files\Common Files\Wise Installation Wizard
2012-05-22 13:12 . 2012-05-22 13:12        --------        d-----w-        c:\users\---\AppData\Roaming\GlarySoft
2012-05-22 13:04 . 2012-05-22 13:04        --------        d-----w-        c:\program files\Uniblue
2012-05-22 12:21 . 2012-05-22 12:21        --------        d-----w-        c:\program files\Glarysoft
2012-05-21 10:12 . 2012-05-21 10:12        --------        d-----w-        c:\program files\Passcape
2012-05-18 11:58 . 2012-05-18 12:03        --------        d-----w-        c:\users\---\AppData\Roaming\Profiles
2012-05-18 11:58 . 2012-05-18 11:58        --------        d-----w-        c:\users\---\AppData\Roaming\Skins
2012-05-18 11:58 . 2012-05-18 11:58        --------        d-----w-        c:\users\---\AppData\Roaming\Settings
2012-05-18 11:58 . 2012-05-18 11:58        --------        d-----w-        c:\users\---\AppData\Roaming\Language
2012-05-10 20:37 . 2012-03-30 10:23        1291632        ----a-w-        c:\windows\system32\drivers\tcpip.sys
2012-05-10 20:37 . 2012-03-31 04:29        936960        ----a-w-        c:\program files\Common Files\Microsoft Shared\Ink\journal.dll
2012-05-10 20:37 . 2012-03-31 04:30        1221632        ----a-w-        c:\program files\Windows Journal\NBDoc.DLL
2012-05-10 20:37 . 2012-03-31 04:29        989184        ----a-w-        c:\program files\Windows Journal\JNTFiltr.dll
2012-05-10 20:37 . 2012-03-31 04:29        969216        ----a-w-        c:\program files\Windows Journal\JNWDRV.dll
2012-05-10 20:37 . 2012-03-31 04:39        3968368        ----a-w-        c:\windows\system32\ntkrnlpa.exe
2012-05-10 20:37 . 2012-03-31 04:39        3913072        ----a-w-        c:\windows\system32\ntoskrnl.exe
2012-05-10 20:37 . 2012-03-31 02:36        2343424        ----a-w-        c:\windows\system32\win32k.sys
2012-05-10 20:36 . 2012-03-17 07:27        56176        ----a-w-        c:\windows\system32\drivers\partmgr.sys
2012-05-10 20:36 . 2012-03-03 05:31        1077248        ----a-w-        c:\windows\system32\DWrite.dll
2012-05-02 18:50 . 2012-05-02 18:50        --------        d-sh--w-        c:\program files\KGB
2012-04-30 21:37 . 2012-04-30 21:37        --------        d-----w-        c:\programdata\NVIDIA Corporation
2012-04-30 21:36 . 2012-02-29 23:59        881984        ----a-w-        c:\windows\system32\nvgenco32.dll
2012-04-30 21:36 . 2012-02-29 23:59        19444544        ----a-w-        c:\windows\system32\nvoglv32.dll
2012-04-30 21:36 . 2012-02-29 23:59        1000256        ----a-w-        c:\windows\system32\nvdispco32.dll
2012-04-28 17:09 . 2012-04-28 17:09        --------        d-----w-        c:\users\---\AppData\Roaming\HD Tune Pro
2012-04-28 17:06 . 2012-04-28 17:09        --------        d-----w-        c:\program files\HDTune
2012-04-28 16:44 . 2012-04-28 16:44        --------        d-----w-        c:\users\---\AppData\Local\Western Digital
2012-04-28 16:36 . 2012-04-28 16:36        --------        d-----w-        c:\users\---\AppData\Roaming\BinarySense
2012-04-28 16:35 . 2012-04-28 16:35        --------        d-----w-        c:\program files\HdLife
2012-04-28 16:35 . 2012-04-28 16:35        --------        d-----w-        c:\program files\Common Files\BinarySense
2012-04-28 15:41 . 2001-08-29 19:00        59904        ----a-w-        c:\windows\system32\wbemdisp.tlb
2012-04-28 15:41 . 1998-07-21 22:00        102160        ----a-w-        c:\windows\system32\VB6KO.DLL
2012-04-28 15:41 . 2012-04-28 15:47        --------        d-----w-        c:\program files\lg_fwupdate
2012-04-28 15:41 . 2012-04-28 15:43        16384        ----a-w-        c:\windows\system32\lgfwunis.exe
2012-04-28 15:41 . 1998-06-23 22:00        115016        ----a-w-        c:\windows\system32\MSINET.OCX
2012-04-28 15:41 . 2001-09-05 01:18        77824        ----a-w-        c:\program files\Common Files\InstallShield\Engine\6\Intel 32\ctor.dll
2012-04-28 15:41 . 2001-09-05 01:18        225280        ------w-        c:\program files\Common Files\InstallShield\IScript\iscript.dll
2012-04-28 15:41 . 2001-09-05 01:14        176128        ------w-        c:\program files\Common Files\InstallShield\Engine\6\Intel 32\iuser.dll
2012-04-28 15:41 . 2001-09-05 01:13        32768        ------w-        c:\program files\Common Files\InstallShield\Engine\6\Intel 32\objectps.dll
2012-04-28 15:41 . 2006-01-10 21:35        614532        ----a-w-        c:\program files\Common Files\InstallShield\Engine\6\Intel 32\IKernel.exe
2012-04-28 15:32 . 2012-04-28 15:32        --------        d-----w-        c:\program files\DVD Genie
.
.
.
((((((((((((((((((((((((((((((((((((((((  Find3M Report  ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2012-05-27 10:16 . 2009-07-13 23:40        249856        ----a-w-        c:\windows\system32\uxtheme.dll
2012-05-27 10:16 . 2011-10-29 15:48        2755072        ----a-w-        c:\windows\system32\themeui.dll
2012-05-27 10:16 . 2009-07-13 23:39        37376        ----a-w-        c:\windows\system32\themeservice.dll
2012-05-10 06:54 . 2012-04-17 16:54        419488        ----a-w-        c:\windows\system32\FlashPlayerApp.exe
2012-05-10 06:54 . 2011-10-29 18:01        70304        ----a-w-        c:\windows\system32\FlashPlayerCPLApp.cpl
2012-04-08 16:35 . 2012-03-24 11:40        60416        ----a-w-        c:\windows\ALCFDRTM.VER
2012-04-04 13:56 . 2011-10-29 20:31        22344        ----a-w-        c:\windows\system32\drivers\mbam.sys
2012-03-27 12:54 . 2012-02-06 14:09        637848        ----a-w-        c:\windows\system32\npdeployJava1.dll
2012-03-27 12:54 . 2012-02-06 14:09        567696        ----a-w-        c:\windows\system32\deployJava1.dll
2012-03-24 11:40 . 2012-03-24 11:40        60416        ----a-w-        c:\windows\ALCFDRTM.EXE
2012-03-07 20:40 . 2012-03-07 20:40        1010720        --s---r-        c:\windows\system32\MSCHRT20.OCX
2012-03-01 05:46 . 2012-04-12 14:39        19824        ----a-w-        c:\windows\system32\drivers\fs_rec.sys
2012-03-01 05:37 . 2012-04-12 14:39        172544        ----a-w-        c:\windows\system32\wintrust.dll
2012-03-01 05:33 . 2012-04-12 14:39        159232        ----a-w-        c:\windows\system32\imagehlp.dll
2012-03-01 05:29 . 2012-04-12 14:39        5120        ----a-w-        c:\windows\system32\wmi.dll
2012-02-29 23:59 . 2011-11-26 23:10        61248        ----a-w-        c:\windows\system32\OpenCL.dll
2012-02-29 23:59 . 2011-11-26 23:10        5892928        ----a-w-        c:\windows\system32\nvcuda.dll
2012-02-29 23:59 . 2011-11-26 23:10        2517312        ----a-w-        c:\windows\system32\nvcuvid.dll
2012-02-29 23:59 . 2011-11-26 23:10        2437440        ----a-w-        c:\windows\system32\nvcuvenc.dll
2012-02-29 23:59 . 2011-11-26 23:10        2301248        ----a-w-        c:\windows\system32\nvapi.dll
2012-02-29 23:59 . 2011-11-26 23:10        17543488        ----a-w-        c:\windows\system32\nvcompiler.dll
2012-02-29 23:59 . 2011-11-26 23:10        10819392        ----a-w-        c:\windows\system32\drivers\nvlddmkm.sys
2012-02-29 23:59 . 2009-06-10 21:19        15009600        ----a-w-        c:\windows\system32\nvd3dum.dll
2012-02-29 20:56 . 2011-11-26 23:10        3881792        ----a-w-        c:\windows\system32\nvcpl.dll
2012-02-29 20:55 . 2011-11-26 23:10        2719040        ----a-w-        c:\windows\system32\nvsvc.dll
2012-02-29 20:53 . 2011-11-26 23:10        108352        ----a-w-        c:\windows\system32\nvmctray.dll
2012-02-29 20:53 . 2011-11-26 23:10        645440        ----a-w-        c:\windows\system32\nvvsvc.exe
2012-02-29 20:53 . 2011-11-26 23:10        62272        ----a-w-        c:\windows\system32\nvshext.dll
.
.
(((((((((((((((((((((((((((((((((((((  Reg Loading Points  ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\snxPluginsShell]
@="{F4B3B0AA-13D1-4a36-BDA2-2055B0F3D5DE}"
[HKEY_CLASSES_ROOT\CLSID\{F4B3B0AA-13D1-4a36-BDA2-2055B0F3D5DE}]
2010-09-07 15:14        152160        ----a-w-        c:\program files\Alwil Software\Avast5\snxPlugins.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 0 (0x0)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableLUA"= 0 (0x0)
"EnableUIADesktopToggle"= 0 (0x0)
"PromptOnSecureDesktop"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\explorer]
"NoResolveTrack"= 1 (0x1)
"NoFileAssociate"= 0 (0x0)
.
[hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks]
"{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}"= "c:\program files\SUPERAntiSpyware\SASSEH.DLL" [2008-05-13 77824]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\!SASWinLogon]
2009-09-03 12:21        548352        ----a-w-        c:\program files\SUPERAntiSpyware\SASWINLO.dll
.
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\session manager]
BootExecute        REG_MULTI_SZ          PDBoot.exe\0autocheck autochk *\0ROBoot \??\c:\windows\system32\ASOROSet.bin
.
R2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-03-18 130384]
R3 aswArKrn;aswArKrn;c:\users\---\AppData\Local\Temp\aswArKrn.sys [x]
R3 FsUsbExDisk;FsUsbExDisk;c:\windows\system32\FsUsbExDisk.SYS [2010-06-14 36608]
R3 HH10Help.sys;HH10Help.sys;c:\windows\system32\drivers\HH10Help.sys [2008-11-06 18432]
R3 KMWDFILTERx86;HIDServiceDesc;c:\windows\system32\DRIVERS\KMWDFILTER.sys [2009-04-29 25088]
R3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [2012-04-04 22344]
R3 MBAMService;MBAMService;c:\program files\Malwarebytes' Anti-Malware\mbamservice.exe [2012-04-04 654408]
R3 nmwcdnsu;Nokia USB Flashing Phone Parent;c:\windows\system32\drivers\nmwcdnsu.sys [2011-11-01 137600]
R3 nmwcdnsuc;Nokia USB Flashing Generic;c:\windows\system32\drivers\nmwcdnsuc.sys [2011-11-01 8576]
R3 NPF;NetGroup Packet Filter Driver;c:\windows\system32\drivers\npf.sys [2010-06-25 35088]
R3 nvUpdatusService;NVIDIA Update Service Daemon;c:\program files\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe [2012-02-29 2348352]
R3 PAC7311;Trust Webcam 14839;c:\windows\system32\DRIVERS\PA707UCM.SYS [2005-10-18 154752]
R3 RdpVideoMiniport;Remote Desktop Video Miniport Driver;c:\windows\system32\drivers\rdpvideominiport.sys [2010-11-20 15872]
R3 SASENUM;SASENUM;c:\program files\SUPERAntiSpyware\SASENUM.SYS [2009-11-11 7408]
R3 TeamViewer7;TeamViewer 7;c:\program files\TeamViewer\Version7\TeamViewer_Service.exe [2012-02-06 3027840]
R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys [2010-11-20 52224]
R3 TuneUp.UtilitiesSvc;TuneUp Utilities Service;c:\program files\TuneUp Utilities 2011\TuneUpUtilitiesService32.exe [2010-10-27 1483072]
R3 TuneUpUtilitiesDrv;TuneUpUtilitiesDrv;c:\program files\TuneUp Utilities 2011\TuneUpUtilitiesDriver32.sys [2010-10-07 10064]
R3 VC10SecS;Virtual CD v10 Management Service;c:\program files\Virtual CD v10\System\VC10SecS.exe [2010-02-24 144712]
R4 FsUsbExService;FsUsbExService;c:\windows\system32\FsUsbExService.Exe [2010-07-04 238952]
S0 aswNdis;avast! Firewall NDIS Filter Service;c:\windows\system32\DRIVERS\aswNdis.sys [2010-09-07 12112]
S0 aswNdis2;avast! Firewall Core Firewall Service; [x]
S1 aswFW;avast! TDI Firewall driver; [x]
S1 aswSnx;aswSnx; [x]
S1 aswSP;aswSP; [x]
S1 SASDIFSV;SASDIFSV;c:\program files\SUPERAntiSpyware\SASDIFSV.SYS [2009-11-11 9968]
S1 SASKUTIL;SASKUTIL;c:\program files\SUPERAntiSpyware\SASKUTIL.sys [2009-11-11 74480]
S2 aswFsBlk;aswFsBlk; [x]
S2 aswMonFlt;aswMonFlt;c:\windows\system32\drivers\aswMonFlt.sys [2010-09-07 50768]
S2 avast! Firewall;avast! Firewall;c:\program files\Alwil Software\Avast5\afwServ.exe [2010-09-07 119200]
S3 teamviewervpn;TeamViewer VPN Adapter;c:\windows\system32\DRIVERS\teamviewervpn.sys [2011-12-16 25088]
S3 yukonw7;NDIS6.2 Miniport Driver for Marvell Yukon Ethernet Controller;c:\windows\system32\DRIVERS\yk62x86.sys [2009-09-28 315392]
.
.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Svchost  - NetSvcs
UxTuneUp
.
.
------- Supplementary Scan -------
.
IE: Download with FileServe Manager - c:\program files\FileServe Manager\GetUrl.htm
IE: E&xport to Microsoft Excel - c:\progra~1\Microsoft Office\Office12\EXCEL.EXE/3000
IE: Send image to &Bluetooth Device... - c:\program files\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm
IE: Send page to &Bluetooth Device... - c:\program files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
TCP: Interfaces\{177994D8-96D5-4F24-AA0A-66B749006129}: NameServer = 208.67.222.222,208.67.220.220
.
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0001\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0002\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
Completion time: 2012-05-28  13:55:42
ComboFix-quarantined-files.txt  2012-05-28 11:55
.
Pre-Run: 38,494,691,328 bytes free
Post-Run: 38,433,304,576 bytes free
.
- - End Of File - - E3CE2AE28E8C3657B782F9A3F7C88B04
--- --- ---



vielen lieben dank fuer deine hilfe, waere eine neuinstallation nicht doch besser?

Psychotic 29.05.2012 07:25
Wir gehen der Sache gerade auf den Grund...wenn es dir aber lieber ist, das System neu aufzusetzen, damit es schneller geht, teile mir das bitte mit! ;)

Psychotic 29.05.2012 07:41
FSS


Downloade dir bitte Farbar's Service Scanner
  • Starte das Tool mit Doppelklick auf die FSS.exe
  • Gehe sicher, dass folgende Optionen angehakt sind.
    • Internet Services
    • Windows Firewall
    • System Restore
  • Klicke auf Scan.
  • Wenn das Tool fertig ist, wird es eine FSS.txt in dem Verzeichnis erstellen, wo das Tool gelaufen ist.
Poste bitte den Inhalt hier.

ThimoS. 29.05.2012 12:40
in ordnung, ne ich komm klar mit dem system vorerst, werde die ratschlaege hier befolgen, fss log:


Code:
Farbar Service Scanner Version: 27-05-2012
Ran by --- (administrator) on 29-05-2012 at 13:57:19
Running from "C:\Users\---\Desktop"
Windows 7 Enterprise Service Pack 1 (X86)
Boot Mode: Normal
****************************************************************

Internet Services:
============

Connection Status:
==============
Localhost is accessible.
LAN connected.
Google IP is accessible.
Yahoo IP is accessible.


Windows Firewall:
=============

Firewall Disabled Policy:
==================


System Restore:
============

System Restore Disabled Policy:
========================


File Check:
========
C:\Windows\system32\nsisvc.dll => MD5 is legit
C:\Windows\system32\Drivers\nsiproxy.sys => MD5 is legit
C:\Windows\system32\dhcpcore.dll => MD5 is legit
C:\Windows\system32\Drivers\afd.sys => MD5 is legit
C:\Windows\system32\Drivers\tdx.sys => MD5 is legit
C:\Windows\system32\Drivers\tcpip.sys => MD5 is legit
C:\Windows\system32\dnsrslvr.dll => MD5 is legit
C:\Windows\system32\mpssvc.dll => MD5 is legit
C:\Windows\system32\bfe.dll => MD5 is legit
C:\Windows\system32\Drivers\mpsdrv.sys => MD5 is legit
C:\Windows\system32\SDRSVC.dll => MD5 is legit
C:\Windows\system32\vssvc.exe => MD5 is legit
C:\Windows\system32\svchost.exe => MD5 is legit
C:\Windows\system32\rpcss.dll => MD5 is legit


**** End of log ****

Psychotic 30.05.2012 12:56
Systemwiederherstellung


Du musst das System nun in die System Reparatur Option booten. Über den Boot Manager

Starte den Rechner neu auf.
Während dem Hochfahren drücke mehrmals die F8 Taste
Wähle nun Computer reparieren.
Wähle dein Betriebssystem und Benutzerkonto und klicke jeweils "Weiter".

Mit Windows CD/DVD

Lege die Windows CD in dein Laufwerk.
Starte den Rechner neu auf und starte von der CD
Wähle die Spracheinstellungen und klicke "Weiter".
Klicke auf Computerreparaturoptionen !!
Wähle dein Betriebssystem und Benutzerkonto und klicke jeweils "Weiter".


Klicke Systemwiederherstellung-->zu einem früheren Zeitpunkt-->du siehst mehrere Systemwiederherstellungspunkte - Ist der früheste davon aus der Zeit vor der Infektion? Wenn ja, setze das System auf diesen Punkt zurück.

Wenn nein oder beim Auftreten von Problemen: Berichte!

ThimoS. 30.05.2012 14:56
sytemwiederherstellung ist deaktiviert, es existiert kein wiederherstellungspunkt.

Psychotic 30.05.2012 15:18
Dann starte von der Windows-DVD und führe eine Reparaturinstallation aus. Melde dich, wenn du damit fertig bist.

Psychotic 06.06.2012 07:04
Hallo, benötigst Du noch weiterhin Hilfe ? Sollte ich innerhalb der nächsten 24 Stunden keine Antwort von dir erhalten, werde ich dein Thema aus meinen Abos nehmen und bekomme dadurch keine Nachricht über neue Antworten. Das Verschwinden der Symptome bedeutet nicht, dass dein System schon sauber ist

Psychotic 10.06.2012 23:41
Fehlende Rückmeldung
Dieses Thema wurde aus den Abos gelöscht. Somit bekomm ich keine Benachrichtigung über neue Antworten.
PM an mich falls Du denoch weiter machen willst.

Hinweis: Das Verschwinden der Symptome bedeutet nicht, dass Dein Rechner schon sauber ist.

Jeder andere bitte hier klicken und einen eigenen Thread erstellen


Alle Zeitangaben in WEZ +1. Es ist jetzt 20:09 Uhr.

Copyright ©2000-2025, Trojaner-Board


Search Engine Optimization by vBSEO ©2011, Crawlability, Inc.

1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28 29 30 31 32 33 34 35 36 37 38 39 40 41 42 43 44 45 46 47 48 49 50 51 52 53 54 55 56 57 58 59 60 61 62 63 64 65 66 67 68 69 70 71 72 73 74 75 76 77 78 79 80 81 82 83 84 85 86 87 88 89 90 91 92 93 94 95 96 97 98 99 100 101 102 103 104 105 106 107 108 109 110 111 112 113 114 115 116 117 118 119 120 121 122 123 124 125 126 127 128 129 130 131