Trojaner-Board
Seite 1 von 3 1 23
100 Beiträge dieses Themas auf einer Seite anzeigen

Trojaner-Board (https://www.trojaner-board.de/)
-   Plagegeister aller Art und deren Bekämpfung (https://www.trojaner-board.de/plagegeister-aller-art-deren-bekaempfung/)
-   -   TR/Matsnu.CRZY, TR/Small.Fi,TR/Crypt.Gypikon.B, TR/Atraps.Gen2 - Virenmeldung jede 2. Minute (https://www.trojaner-board.de/116256-tr-matsnu-crzy-tr-small-fi-tr-crypt-gypikon-b-tr-atraps-gen2-virenmeldung-2-minute.html)

Morwen 02.06.2012 07:51
TR/Matsnu.CRZY, TR/Small.Fi,TR/Crypt.Gypikon.B, TR/Atraps.Gen2 - Virenmeldung jede 2. Minute
 
Hallo,


zum Glück habe ich euch gefunden und hoffentlich könnt ihr mir helfen. Seit gestern zeigt mir mein Avira alle paar Minuten die Meldung, dass er TR´s gefunden hat und zwar, wie ihr dem Titel entnehmen könnt, mehrere verschiedene. Ich habe jetzt schon ein bißchen im Internet geschaut und gesucht und wollte schon selber was nachmachen, aber ihr hat ja als Hinweis, dass jeder Fall individuell ist, also poste ich mal hier.

Ich habe nicht wirklich Ahnung von Computern und stehe deshalb ziemlich an. Ich habe bereits den Defogger ausprobiert, es erscheint jedoch eine defogger_disable log. Deshalb poste ich das mal hier:

defogger_disable by jpshortstuff (23.02.10.1)
Log created at 08:22 on 02/06/2012 (Maria)

Checking for autostart values...
HKCU\~\Run values retrieved.
HKLM\~\Run values retrieved.

Checking for services/drivers...


-=E.O.F=-

Ich kann also leider nicht weitermachen, habe den Re-enable Knopf nicht gedrückt.

Zu meinem Computer: Windows Vista Home Basic
Service Pack1, chiliGREEN, Intel(R) Celeron(R) CPU, 530 @ 1.73 GHz, 32. bit Betriebssystem

Als Beispiel poste ich hier ein Log von einem der Funde (Komplettscan wo jedoch nur 2 der bis jetzt schon über 20 Tr´s angezeigt werden):


Avira Free Antivirus
Erstellungsdatum der Reportdatei: Freitag, 01. Juni 2012 12:26

Es wird nach 3776968 Virenstämmen gesucht.

Das Programm läuft als uneingeschränkte Vollversion.
Online-Dienste stehen zur Verfügung.

Lizenznehmer : Avira AntiVir Personal - Free Antivirus
Seriennummer : 0000149996-ADJIE-0000001
Plattform : Windows Vista (TM) Home Basic
Windowsversion : (Service Pack 1) [6.0.6001]
Boot Modus : Normal gebootet
Benutzername : SYSTEM
Computername : MARIA-PC

Versionsinformationen:
BUILD.DAT : 12.0.0.1125 41829 Bytes 02.05.2012 16:34:00
AVSCAN.EXE : 12.3.0.15 466896 Bytes 08.05.2012 09:09:34
AVSCAN.DLL : 12.3.0.15 66256 Bytes 08.05.2012 09:09:34
LUKE.DLL : 12.3.0.15 68304 Bytes 08.05.2012 09:09:42
AVSCPLR.DLL : 12.3.0.14 97032 Bytes 09.05.2012 10:44:53
AVREG.DLL : 12.3.0.17 232200 Bytes 11.05.2012 10:44:53
VBASE000.VDF : 7.10.0.0 19875328 Bytes 06.11.2009 09:49:21
VBASE001.VDF : 7.11.0.0 13342208 Bytes 14.12.2010 06:56:15
VBASE002.VDF : 7.11.19.170 14374912 Bytes 20.12.2011 06:56:21
VBASE003.VDF : 7.11.21.238 4472832 Bytes 01.02.2012 07:16:05
VBASE004.VDF : 7.11.26.44 4329472 Bytes 28.03.2012 07:16:38
VBASE005.VDF : 7.11.29.136 2166272 Bytes 10.05.2012 10:44:44
VBASE006.VDF : 7.11.29.137 2048 Bytes 10.05.2012 10:44:44
VBASE007.VDF : 7.11.29.138 2048 Bytes 10.05.2012 10:44:44
VBASE008.VDF : 7.11.29.139 2048 Bytes 10.05.2012 10:44:44
VBASE009.VDF : 7.11.29.140 2048 Bytes 10.05.2012 10:44:45
VBASE010.VDF : 7.11.29.141 2048 Bytes 10.05.2012 10:44:45
VBASE011.VDF : 7.11.29.142 2048 Bytes 10.05.2012 10:44:45
VBASE012.VDF : 7.11.29.143 2048 Bytes 10.05.2012 10:44:45
VBASE013.VDF : 7.11.29.144 2048 Bytes 10.05.2012 10:44:45
VBASE014.VDF : 7.11.30.3 198144 Bytes 14.05.2012 19:17:54
VBASE015.VDF : 7.11.30.69 186368 Bytes 17.05.2012 19:18:02
VBASE016.VDF : 7.11.30.143 223744 Bytes 21.05.2012 19:18:06
VBASE017.VDF : 7.11.30.207 287744 Bytes 23.05.2012 19:18:34
VBASE018.VDF : 7.11.31.57 188416 Bytes 28.05.2012 15:53:40
VBASE019.VDF : 7.11.31.111 214528 Bytes 30.05.2012 16:01:02
VBASE020.VDF : 7.11.31.151 116736 Bytes 31.05.2012 17:07:20
VBASE021.VDF : 7.11.31.152 2048 Bytes 31.05.2012 17:07:21
VBASE022.VDF : 7.11.31.153 2048 Bytes 31.05.2012 17:07:21
VBASE023.VDF : 7.11.31.154 2048 Bytes 31.05.2012 17:07:21
VBASE024.VDF : 7.11.31.155 2048 Bytes 31.05.2012 17:07:21
VBASE025.VDF : 7.11.31.156 2048 Bytes 31.05.2012 17:07:22
VBASE026.VDF : 7.11.31.157 2048 Bytes 31.05.2012 17:07:22
VBASE027.VDF : 7.11.31.158 2048 Bytes 31.05.2012 17:07:22
VBASE028.VDF : 7.11.31.159 2048 Bytes 31.05.2012 17:07:23
VBASE029.VDF : 7.11.31.160 2048 Bytes 31.05.2012 17:07:27
VBASE030.VDF : 7.11.31.161 2048 Bytes 31.05.2012 17:07:27
VBASE031.VDF : 7.11.31.162 2048 Bytes 31.05.2012 17:07:27
Engineversion : 8.2.10.78
AEVDF.DLL : 8.1.2.6 106868 Bytes 31.05.2012 17:11:14
AESCRIPT.DLL : 8.1.4.24 450939 Bytes 31.05.2012 17:11:13
AESCN.DLL : 8.1.8.2 131444 Bytes 13.04.2012 07:17:20
AESBX.DLL : 8.2.5.10 606580 Bytes 29.05.2012 15:53:55
AERDL.DLL : 8.1.9.15 639348 Bytes 31.01.2012 06:55:37
AEPACK.DLL : 8.2.16.16 807288 Bytes 29.05.2012 15:53:52
AEOFFICE.DLL : 8.1.2.28 201082 Bytes 27.04.2012 07:33:58
AEHEUR.DLL : 8.1.4.36 4874615 Bytes 31.05.2012 17:11:08
AEHELP.DLL : 8.1.21.0 254326 Bytes 11.05.2012 10:44:43
AEGEN.DLL : 8.1.5.28 422260 Bytes 27.04.2012 07:33:06
AEEXP.DLL : 8.1.0.44 82293 Bytes 29.05.2012 15:53:55
AEEMU.DLL : 8.1.3.0 393589 Bytes 31.01.2012 06:55:34
AECORE.DLL : 8.1.25.10 201080 Bytes 31.05.2012 17:07:29
AEBB.DLL : 8.1.1.0 53618 Bytes 31.01.2012 06:55:33
AVWINLL.DLL : 12.3.0.15 27344 Bytes 08.05.2012 09:09:32
AVPREF.DLL : 12.3.0.15 51920 Bytes 08.05.2012 09:09:34
AVREP.DLL : 12.3.0.15 179208 Bytes 09.05.2012 10:44:52
AVARKT.DLL : 12.3.0.15 211408 Bytes 08.05.2012 09:09:33
AVEVTLOG.DLL : 12.3.0.15 169168 Bytes 08.05.2012 09:09:34
SQLITE3.DLL : 3.7.0.1 398288 Bytes 08.05.2012 09:09:43
AVSMTP.DLL : 12.3.0.15 63440 Bytes 08.05.2012 09:09:35
NETNT.DLL : 12.3.0.15 17104 Bytes 08.05.2012 09:09:42
RCIMAGE.DLL : 12.3.0.15 4447952 Bytes 08.05.2012 09:09:32
RCTEXT.DLL : 12.3.0.15 98512 Bytes 08.05.2012 09:09:32

Konfiguration für den aktuellen Suchlauf:
Job Name..............................: Vollständige Systemprüfung
Konfigurationsdatei...................: C:\program files\avira\antivir desktop\sysscan.avp
Protokollierung.......................: standard
Primäre Aktion........................: interaktiv
Sekundäre Aktion......................: ignorieren
Durchsuche Masterbootsektoren.........: ein
Durchsuche Bootsektoren...............: ein
Bootsektoren..........................: C:, E:,
Durchsuche aktive Programme...........: ein
Laufende Programme erweitert..........: ein
Durchsuche Registrierung..............: ein
Suche nach Rootkits...................: ein
Integritätsprüfung von Systemdateien..: aus
Datei Suchmodus.......................: Alle Dateien
Durchsuche Archive....................: ein
Rekursionstiefe einschränken..........: 20
Archiv Smart Extensions...............: ein
Makrovirenheuristik...................: ein
Dateiheuristik........................: erweitert

Beginn des Suchlaufs: Freitag, 01. Juni 2012 12:26

Der Suchlauf über die Masterbootsektoren wird begonnen:
Masterbootsektor HD0
[INFO] Es wurde kein Virus gefunden!

Der Suchlauf über die Bootsektoren wird begonnen:
Bootsektor 'C:\'
[INFO] Es wurde kein Virus gefunden!
Bootsektor 'E:\'
[INFO] Es wurde kein Virus gefunden!

Der Suchlauf nach versteckten Objekten wird begonnen.

Der Suchlauf über gestartete Prozesse wird begonnen:
Durchsuche Prozess 'svchost.exe' - '30' Modul(e) wurden durchsucht
Durchsuche Prozess 'vssvc.exe' - '49' Modul(e) wurden durchsucht
Durchsuche Prozess 'avscan.exe' - '80' Modul(e) wurden durchsucht
Durchsuche Prozess 'avscan.exe' - '29' Modul(e) wurden durchsucht
Durchsuche Prozess 'consent.exe' - '46' Modul(e) wurden durchsucht
Durchsuche Prozess 'B8A2.tmp' - '53' Modul(e) wurden durchsucht
Durchsuche Prozess 'AcroRd32.exe' - '122' Modul(e) wurden durchsucht
Durchsuche Prozess 'plugin-container.exe' - '48' Modul(e) wurden durchsucht
Durchsuche Prozess 'plugin-container.exe' - '77' Modul(e) wurden durchsucht
Durchsuche Prozess 'wuauclt.exe' - '34' Modul(e) wurden durchsucht
Durchsuche Prozess 'firefox.exe' - '101' Modul(e) wurden durchsucht
Durchsuche Prozess 'SynTPEnh.exe' - '28' Modul(e) wurden durchsucht
Durchsuche Prozess 'wmpnetwk.exe' - '73' Modul(e) wurden durchsucht
Durchsuche Prozess 'wmpnscfg.exe' - '29' Modul(e) wurden durchsucht
Durchsuche Prozess 'avshadow.exe' - '33' Modul(e) wurden durchsucht
Durchsuche Prozess 'unsecapp.exe' - '28' Modul(e) wurden durchsucht
Durchsuche Prozess 'wmiprvse.exe' - '34' Modul(e) wurden durchsucht
Durchsuche Prozess 'SearchIndexer.exe' - '63' Modul(e) wurden durchsucht
Durchsuche Prozess 'svchost.exe' - '7' Modul(e) wurden durchsucht
Durchsuche Prozess 'svchost.exe' - '44' Modul(e) wurden durchsucht
Durchsuche Prozess 'HotkeyDriver.exe' - '51' Modul(e) wurden durchsucht
Durchsuche Prozess 'svchost.exe' - '42' Modul(e) wurden durchsucht
Durchsuche Prozess 'LSSrvc.exe' - '20' Modul(e) wurden durchsucht
Durchsuche Prozess 'taskeng.exe' - '55' Modul(e) wurden durchsucht
Durchsuche Prozess 'avguard.exe' - '70' Modul(e) wurden durchsucht
Durchsuche Prozess 'taskeng.exe' - '80' Modul(e) wurden durchsucht
Durchsuche Prozess 'Skype.exe' - '134' Modul(e) wurden durchsucht
Durchsuche Prozess 'sidebar.exe' - '53' Modul(e) wurden durchsucht
Durchsuche Prozess 'SiSTray.exe' - '44' Modul(e) wurden durchsucht
Durchsuche Prozess 'pdf24.exe' - '29' Modul(e) wurden durchsucht
Durchsuche Prozess 'DivXUpdate.exe' - '65' Modul(e) wurden durchsucht
Durchsuche Prozess 'avgnt.exe' - '69' Modul(e) wurden durchsucht
Durchsuche Prozess 'jusched.exe' - '21' Modul(e) wurden durchsucht
Durchsuche Prozess 'RtHDVCpl.exe' - '47' Modul(e) wurden durchsucht
Durchsuche Prozess 'BisonHK.exe' - '39' Modul(e) wurden durchsucht
Durchsuche Prozess 'SynTPStart.exe' - '24' Modul(e) wurden durchsucht
Durchsuche Prozess 'MSASCui.exe' - '40' Modul(e) wurden durchsucht
Durchsuche Prozess 'svchost.exe' - '57' Modul(e) wurden durchsucht
Durchsuche Prozess 'Explorer.EXE' - '121' Modul(e) wurden durchsucht
Durchsuche Prozess 'sched.exe' - '52' Modul(e) wurden durchsucht
Durchsuche Prozess 'Dwm.exe' - '31' Modul(e) wurden durchsucht
Durchsuche Prozess 'taskeng.exe' - '48' Modul(e) wurden durchsucht
Durchsuche Prozess 'spoolsv.exe' - '88' Modul(e) wurden durchsucht
Durchsuche Prozess 'svchost.exe' - '96' Modul(e) wurden durchsucht
Durchsuche Prozess 'svchost.exe' - '81' Modul(e) wurden durchsucht
Durchsuche Prozess 'SLsvc.exe' - '23' Modul(e) wurden durchsucht
Durchsuche Prozess 'svchost.exe' - '154' Modul(e) wurden durchsucht
Durchsuche Prozess 'svchost.exe' - '115' Modul(e) wurden durchsucht
Durchsuche Prozess 'svchost.exe' - '64' Modul(e) wurden durchsucht
Durchsuche Prozess 'svchost.exe' - '48' Modul(e) wurden durchsucht
Durchsuche Prozess 'svchost.exe' - '33' Modul(e) wurden durchsucht
Durchsuche Prozess 'svchost.exe' - '40' Modul(e) wurden durchsucht
Durchsuche Prozess 'winlogon.exe' - '30' Modul(e) wurden durchsucht
Durchsuche Prozess 'lsm.exe' - '22' Modul(e) wurden durchsucht
Durchsuche Prozess 'lsass.exe' - '62' Modul(e) wurden durchsucht
Durchsuche Prozess 'services.exe' - '33' Modul(e) wurden durchsucht
Durchsuche Prozess 'csrss.exe' - '14' Modul(e) wurden durchsucht
Durchsuche Prozess 'wininit.exe' - '26' Modul(e) wurden durchsucht
Durchsuche Prozess 'csrss.exe' - '14' Modul(e) wurden durchsucht
Durchsuche Prozess 'smss.exe' - '2' Modul(e) wurden durchsucht

Der Suchlauf auf Verweise zu ausführbaren Dateien (Registry) wird begonnen:
Die Registry wurde durchsucht ( '1271' Dateien ).


Der Suchlauf über die ausgewählten Dateien wird begonnen:

Beginne mit der Suche in 'C:\' <OS>
C:\Users\Maria\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\2AGMP3RS\00377488[1].cab
[WARNUNG] Der Archivheader ist defekt
C:\Users\Maria\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\3UJ3D4S2\00212583[1].cab
[WARNUNG] Der Archivheader ist defekt
C:\Users\Maria\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\3UJ3D4S2\lionspride1[1].cab
[WARNUNG] Aus diesem Archiv können keine weiteren Dateien ausgepackt werden. Das Archiv wird geschlossen.
C:\Users\Maria\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\3UJ3D4S2\sugarmama1[1].cab
[WARNUNG] Aus diesem Archiv können keine weiteren Dateien ausgepackt werden. Das Archiv wird geschlossen.
C:\Users\Maria\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\3UJ3D4S2\YourLuckyDay1-DE[1].cab
[WARNUNG] Der Archivheader ist defekt
C:\Users\Maria\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\LW4N8NAU\00385496[1].cab
[WARNUNG] Der Archivheader ist defekt
C:\Users\Maria\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\LW4N8NAU\00386700[1].cab
[WARNUNG] Der Archivheader ist defekt
C:\Users\Maria\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\Q1ZFICOZ\00372856[1].cab
[WARNUNG] Der Archivheader ist defekt
C:\Users\Maria\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\Q1ZFICOZ\00392768[1].cab
[WARNUNG] Der Archivheader ist defekt
C:\Users\Maria\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\Q1ZFICOZ\00397624[1].cab
[WARNUNG] Der Archivheader ist defekt
C:\Users\Maria\AppData\Local\Temp\~!#172F.tmp
[FUND] Ist das Trojanische Pferd TR/Matsnu.CRZY
C:\Users\Maria\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\33\aaa0ea1-4c7485e7
[FUND] Ist das Trojanische Pferd TR/Crypt.Gypikon.B
C:\Windows\Temp\22845\5.0.375.86\Installer\chrome.7z
[WARNUNG] Der Archivheader ist defekt
Beginne mit der Suche in 'E:\' <Data>

Beginne mit der Desinfektion:
C:\Users\Maria\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\33\aaa0ea1-4c7485e7
[FUND] Ist das Trojanische Pferd TR/Crypt.Gypikon.B
[HINWEIS] Die Datei konnte nicht ins Quarantäneverzeichnis verschoben werden!
[HINWEIS] Die Datei existiert nicht!
C:\Users\Maria\AppData\Local\Temp\~!#172F.tmp
[FUND] Ist das Trojanische Pferd TR/Matsnu.CRZY
[HINWEIS] Die Datei wurde ins Quarantäneverzeichnis unter dem Namen '51523f92.qua' verschoben!


Ende des Suchlaufs: Freitag, 01. Juni 2012 15:11
Benötigte Zeit: 2:42:51 Stunde(n)

Der Suchlauf wurde vollständig durchgeführt.

26235 Verzeichnisse wurden überprüft
663535 Dateien wurden geprüft
2 Viren bzw. unerwünschte Programme wurden gefunden
0 Dateien wurden als verdächtig eingestuft
0 Dateien wurden gelöscht
0 Viren bzw. unerwünschte Programme wurden repariert
1 Dateien wurden in die Quarantäne verschoben
0 Dateien wurden umbenannt
0 Dateien konnten nicht durchsucht werden
663533 Dateien ohne Befall
5984 Archive wurden durchsucht
11 Warnungen
2 Hinweise
517617 Objekte wurden beim Rootkitscan durchsucht
0 Versteckte Objekte wurden gefunden


Ich hoffe ich habe alles richtig gemacht und dass mir jemand von euch helfen kann. :) Wie soll ich weiter vorgehen?

Lg, Michi

cosinus 03.06.2012 15:31
Bitte erstmal routinemäßig einen Vollscan mit malwarebytes machen und Log posten. =>ALLE lokalen Datenträger (außer CD/DVD) überprüfen lassen!
Denk daran, dass Malwarebytes vor jedem Scan manuell aktualisiert werden muss! Außerdem müssen alle Funde entfernt werden.

Falls Logs aus älteren Scans mit Malwarebytes vorhanden sind, bitte auch davon alle posten!



ESET Online Scanner

  • Hier findest du eine bebilderte Anleitung zu ESET Online Scanner
  • Lade und starte Eset Online Scanner
  • Setze einen Haken bei Ja, ich bin mit den Nutzungsbedingungen einverstanden und klicke auf Starten.
  • Aktiviere die "Erkennung von eventuell unerwünschten Anwendungen" und wähle folgende Einstellungen.
  • Klicke auf Starten.
  • Die Signaturen werden heruntergeladen, der Scan beginnt automatisch.
  • Klicke am Ende des Suchlaufs auf Fertig stellen.
  • Schließe das Fenster von ESET.
  • Explorer öffnen.
  • C:\Programme\Eset\EsetOnlineScanner\log.txt (bei 64 Bit auch C:\Programme (x86)\Eset\EsetOnlineScanner\log.txt) suchen und mit Deinem Editor öffnen (bebildert).
  • Logfile hier posten.
  • Deinstallation: Systemsteuerung => Software / Programme deinstallieren => Eset Online Scanner V3 entfernen.
  • Manuell folgenden Ordner löschen und Papierkorb leeren => C:\Programme\Eset





Bitte alles nach Möglichkeit hier in CODE-Tags posten.

Wird so gemacht:

[code] hier steht das Log [/code]

Und das ganze sieht dann so aus:

Code:
hier steht das Log

Morwen 04.06.2012 14:50
Hier kommt mal das erste Logfile des Vollscans:


Code:
Malwarebytes Anti-Malware 1.61.0.1400
www.malwarebytes.org

Datenbank Version: v2012.06.03.06

Windows Vista Service Pack 1 x86 NTFS
Internet Explorer 7.0.6001.18000
Maria :: MARIA-PC [Administrator]

04.06.2012 09:00:06
mbam-log-2012-06-04 (09-00-06).txt

Art des Suchlaufs: Vollständiger Suchlauf
Aktivierte Suchlaufeinstellungen: Speicher | Autostart | Registrierung | Dateisystem | Heuristiks/Extra | HeuristiKs/Shuriken | PUP | PUM
Deaktivierte Suchlaufeinstellungen: P2P
Durchsuchte Objekte: 569734
Laufzeit: 6 Stunde(n), 26 Minute(n), 27 Sekunde(n)

Infizierte Speicherprozesse: 0
(Keine bösartigen Objekte gefunden)

Infizierte Speichermodule: 0
(Keine bösartigen Objekte gefunden)

Infizierte Registrierungsschlüssel: 0
(Keine bösartigen Objekte gefunden)

Infizierte Registrierungswerte: 0
(Keine bösartigen Objekte gefunden)

Infizierte Dateiobjekte der Registrierung: 0
(Keine bösartigen Objekte gefunden)

Infizierte Verzeichnisse: 0
(Keine bösartigen Objekte gefunden)

Infizierte Dateien: 3
C:\Windows\Installer\{79578ea7-d155-bbd7-c0ee-b19eb8ceeea9}\U\800000cb.@ (Rootkit.0Access) -> Erfolgreich gelöscht und in Quarantäne gestellt.
D:\_Laptop Gerald\Internet\cgi.pege.org\software\Utility Password Revelation V2.exe (HackTool.SnadBoy) -> Erfolgreich gelöscht und in Quarantäne gestellt.
D:\Downloads\SetupCasino_1de7ee_de.exe (PUP.Casino) -> Erfolgreich gelöscht und in Quarantäne gestellt.

(Ende)
Das eset mach ich gleich

Ich habe das mit ESET jetzt gemacht, aber wenn ich ich den von euch angegeben Text ins Ausführen Fenster kopiere, steht da, das Adobe die log. txt Datei nicht öffnen kann.

Wie soll ich weiter vorgehen?

Danke, lg Michi

So, jetzt hab ic da ein wenig rumprobiert, jetzt zeigt es mir da auch was an vom ESET, aber irgendwie ist das wenig?

ESETSmartInstaller@High as CAB hook log:
OnlineScanner.ocx - registred OK



Im Fenster hat er mir 4 infizierte Sachen angezeigt, aber ich habe den Browser ja dann geschlossen wie angeführt.

Was kann ich nun machen? Antivir zeigt mir nach wie vor jede Minute die Warnung über verschiedenste Trojaner. :heulen:

cosinus 10.06.2012 19:02
ESET hast du wahrscheinlich falsch gemacht, da gab es extra einen dicken Hinweis zu

Anmerkung für Vista und Win7 User: Bitte den Browser unbedingt so öffnen: per Rechtsklick => als Administrator ausführen

Morwen 11.06.2012 19:35
Ich habe jetzt ESET hoffentlich richtig ausgeführt und hier das was rausgekommen ist:

Code:
ESETSmartInstaller@High as CAB hook log:
OnlineScanner.ocx - registred OK
# version=7
# iexplore.exe=7.00.6000.16386 (vista_rtm.061101-2205)
# OnlineScanner.ocx=1.0.0.6583
# api_version=3.0.2
# EOSSerial=27e9f072ba84c344bf55a118637e402b
# end=stopped
# remove_checked=false
# archives_checked=true
# unwanted_checked=true
# unsafe_checked=false
# antistealth_checked=true
# utc_time=2012-06-10 07:12:53
# local_time=2012-06-10 09:12:53 (+0100, Mitteleuropäische Sommerzeit)
# country="Austria"
# lang=1033
# osver=6.0.6001 NT Service Pack 1
# compatibility_mode=1792 16777215 100 0 5052186 5052186 0 0
# compatibility_mode=5892 16776574 66 100 794803 176886139 0 0
# compatibility_mode=8192 67108863 100 0 535109 535109 0 0
# scanned=69787
# found=0
# cleaned=0
# scan_time=2206
# version=7
# iexplore.exe=7.00.6000.16386 (vista_rtm.061101-2205)
# OnlineScanner.ocx=1.0.0.6583
# api_version=3.0.2
# EOSSerial=27e9f072ba84c344bf55a118637e402b
# end=finished
# remove_checked=false
# archives_checked=true
# unwanted_checked=true
# unsafe_checked=false
# antistealth_checked=true
# utc_time=2012-06-11 06:24:37
# local_time=2012-06-11 08:24:37 (+0100, Mitteleuropäische Sommerzeit)
# country="Austria"
# lang=1033
# osver=6.0.6001 NT Service Pack 1
# compatibility_mode=1792 16777215 100 0 5122558 5122558 0 0
# compatibility_mode=5892 16776574 66 100 865175 176956511 0 0
# compatibility_mode=8192 67108863 100 0 605481 605481 0 0
# scanned=447103
# found=4
# cleaned=0
# scan_time=15338
C:\Users\Maria\Downloads\pcfix-v205-de.exe        Win32/Adware.PCFixCleaner application (unable to clean)        00000000000000000000000000000000        I
C:\Users\Maria\Downloads\pcfix-v306-de.exe        Win32/Adware.PCFixCleaner application (unable to clean)        00000000000000000000000000000000        I
C:\Windows\Installer\{79578ea7-d155-bbd7-c0ee-b19eb8ceeea9}\U\80000000.@        a variant of Win32/Sirefef.FA trojan (unable to clean)        00000000000000000000000000000000        I
C:\Windows\Installer\{79578ea7-d155-bbd7-c0ee-b19eb8ceeea9}\U\800000cb.@        probably a variant of Win32/Agent.TEO trojan (unable to clean)        00000000000000000000000000000000        I

Danke für die Hilfe, lg Michi

cosinus 11.06.2012 21:06
Hätte da mal zwei Fragen bevor es weiter geht

1.) Geht der normale Modus von Windows (wieder) uneingeschränkt?
2.) Vermisst du irgendwas im Startmenü? Sind da leere Ordner unter alle Programme oder ist alles vorhanden?

Morwen 11.06.2012 22:06
Danke für die schnelle Antwort. Windows funktioniert eigentlich ohne Probleme, er wollte nur ganz anfangs keine Pdfs aufmachen, was jetzt wieder geht.

Im Startmenü vermisse ich nichts, zumindest nichts was mir jetzt auffallen würde. Bin alle Ordner durchgegangen und es gibt einen namens "Autostart", da ist nichts drin, da kommt dann ein Unterordner mit "Leer". Weiß aber nicht für was das sein soll.

Ich habe nur bemerkt, dass meine Firewall genauso wie der Windows Defender nicht "existent" sind, das kann aber auch an was anderem liegen? (habe den Laptop von meinen Eltern). Ich wollt das nur mal erwähnen, könnte ja wichtig sein.

Und, seit einiger Zeit bekomme ich keine Warnung der Trojaner mehr durch Antivir.

Danke nochmal, lg Michi

cosinus 11.06.2012 22:07
Mach bitte ein neues OTL-Log. Bitte alles nach Möglichkeit hier in CODE-Tags posten.

Wird so gemacht:

[code] hier steht das Log [/code]

Und das ganze sieht dann so aus:

Code:
hier steht das Log
CustomScan mit OTL

Falls noch nicht vorhanden, lade Dir bitte OTL von Oldtimer herunter und speichere es auf Deinem Desktop
Code:
netsvcs
msconfig
safebootminimal
safebootnetwork
activex
drivers32
%ALLUSERSPROFILE%\Application Data\*.
%ALLUSERSPROFILE%\Application Data\*.exe /s
%APPDATA%\*.
%APPDATA%\*.exe /s
%SYSTEMDRIVE%\*.exe
/md5start
wininit.exe
userinit.exe
eventlog.dll
scecli.dll
netlogon.dll
cngaudit.dll
ws2ifsl.sys
sceclt.dll
ntelogon.dll
winlogon.exe
logevent.dll
user32.DLL
iaStor.sys
nvstor.sys
atapi.sys
IdeChnDr.sys
viasraid.sys
AGP440.sys
vaxscsi.sys
nvatabus.sys
viamraid.sys
nvata.sys
nvgts.sys
iastorv.sys
ViPrt.sys
eNetHook.dll
ahcix86.sys
KR10N.sys
nvstor32.sys
ahcix86s.sys
/md5stop
%systemroot%\system32\drivers\*.sys /lockedfiles
%systemroot%\System32\config\*.sav
%systemroot%\*. /mp /s
%systemroot%\system32\*.dll /lockedfiles
CREATERESTOREPOINT

Morwen 12.06.2012 09:59
Hier das OTL:

OTL Logfile:
Code:
OTL logfile created on: 12.06.2012 10:03:46 - Run 1
OTL by OldTimer - Version 3.2.48.0    Folder = C:\Users\Maria\Desktop
Windows Vista Home Basic Edition Service Pack 1 (Version = 6.0.6001) - Type = NTWorkstation
Internet Explorer (Version = 7.0.6001.18000)
Locale: 00000C07 | Country: Österreich | Language: DEA | Date Format: dd.MM.yyyy
 
1,87 Gb Total Physical Memory | 1,24 Gb Available Physical Memory | 66,07% Memory free
4,00 Gb Paging File | 3,18 Gb Available in Paging File | 79,58% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 49,01 Gb Total Space | 3,84 Gb Free Space | 7,84% Space Free | Partition Type: NTFS
Drive D: | 149,01 Gb Total Space | 39,54 Gb Free Space | 26,53% Space Free | Partition Type: FAT32
Drive E: | 57,89 Gb Total Space | 56,38 Gb Free Space | 97,39% Space Free | Partition Type: NTFS
 
Computer Name: MARIA-PC | User Name: Maria | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users | Quick Scan
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days
 
========== Processes (SafeList) ==========
 
PRC - [2012.06.12 09:48:15 | 000,596,480 | ---- | M] (OldTimer Tools) -- C:\Users\Maria\Desktop\OTL.exe
PRC - [2012.05.08 11:09:42 | 000,086,224 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\Programme\Avira\AntiVir Desktop\sched.exe
PRC - [2012.05.08 11:09:35 | 000,080,336 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\Programme\Avira\AntiVir Desktop\avshadow.exe
PRC - [2012.05.08 11:09:34 | 000,348,624 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\Programme\Avira\AntiVir Desktop\avgnt.exe
PRC - [2012.05.08 11:09:34 | 000,110,032 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\Programme\Avira\AntiVir Desktop\avguard.exe
PRC - [2012.04.03 18:24:34 | 000,160,840 | ---- | M] (Geek Software GmbH) -- C:\Programme\PDF24\pdf24.exe
PRC - [2011.11.17 19:29:26 | 000,901,800 | ---- | M] (Ask) -- C:\Programme\Ask.com\Updater\Updater.exe
PRC - [2011.07.29 01:08:12 | 001,259,376 | ---- | M] () -- C:\Programme\DivX\DivX Update\DivXUpdate.exe
PRC - [2008.10.29 08:29:41 | 002,927,104 | ---- | M] (Microsoft Corporation) -- C:\Windows\explorer.exe
PRC - [2008.05.23 16:01:16 | 000,552,960 | ---- | M] (Silicon Integrated Systems Corporation) -- C:\Programme\SiS VGA Utilities\SiSTray.exe
PRC - [2008.03.25 04:28:02 | 000,144,784 | ---- | M] (Sun Microsystems, Inc.) -- C:\Programme\Java\jre1.6.0_06\bin\jusched.exe
PRC - [2008.02.26 10:24:06 | 004,939,776 | ---- | M] (Realtek Semiconductor) -- C:\Windows\RtHDVCpl.exe
PRC - [2008.01.21 04:35:20 | 000,896,512 | ---- | M] (Microsoft Corporation) -- C:\Programme\Windows Media Player\wmpnetwk.exe
PRC - [2008.01.21 04:35:20 | 000,202,240 | ---- | M] (Microsoft Corporation) -- C:\Programme\Windows Media Player\wmpnscfg.exe
PRC - [2008.01.21 04:32:56 | 001,233,920 | ---- | M] (Microsoft Corporation) -- C:\Programme\Windows Sidebar\sidebar.exe
PRC - [2007.12.07 19:07:48 | 000,077,824 | ---- | M] (mychat) -- C:\Windows\BisonCam\BisonHK.exe
PRC - [2007.12.07 11:17:40 | 004,706,304 | ---- | M] () -- C:\Programme\Hotkey_Driver\HotKeyDriver.exe
PRC - [2007.08.17 23:40:30 | 000,102,400 | ---- | M] (Synaptics, Inc.) -- C:\Programme\Synaptics\SynTP\SynTPStart.exe
 
 
========== Modules (No Company Name) ==========
 
MOD - [2011.07.29 01:09:42 | 000,096,112 | ---- | M] () -- C:\Programme\DivX\DivX Update\DivXUpdateCheck.dll
MOD - [2011.07.29 01:08:12 | 001,259,376 | ---- | M] () -- C:\Programme\DivX\DivX Update\DivXUpdate.exe
MOD - [2011.06.19 22:21:48 | 005,450,752 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Xml\cfb60f99da570cc494e27e0e8ee747e2\System.Xml.ni.dll
MOD - [2011.06.19 22:20:34 | 012,430,848 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\381fb23cb39e1a61e13b8770eb9800ba\System.Windows.Forms.ni.dll
MOD - [2011.06.19 22:20:05 | 001,587,200 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Drawing\f1aa2385c0109f3059e0e6ba8b58ff68\System.Drawing.ni.dll
MOD - [2011.06.19 22:16:36 | 007,950,848 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System\9dff86a62a525ec8dc827fe9f50298b7\System.ni.dll
MOD - [2011.06.19 22:16:04 | 011,490,816 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\0309936a8e1672d39b9cf14463ce69f9\mscorlib.ni.dll
MOD - [2008.07.27 20:03:08 | 000,315,392 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\mscorlib.resources\2.0.0.0_de_b77a5c561934e089\mscorlib.resources.dll
MOD - [2007.12.07 11:17:40 | 004,706,304 | ---- | M] () -- C:\Programme\Hotkey_Driver\HotKeyDriver.exe
MOD - [2007.11.05 17:23:02 | 000,028,672 | ---- | M] () -- C:\Windows\BisonCam\KBHookDLL.dll
MOD - [2006.12.11 17:10:26 | 000,049,152 | ---- | M] () -- C:\Programme\Hotkey_Driver\AudioControlDLL.dll
 
 
========== Win32 Services (SafeList) ==========
 
SRV - File not found [Disabled | Stopped] -- C:\Program Files\Common Files\Ahead\Lib\NMIndexingService.exe -- (NMIndexingService)
SRV - [2012.05.08 11:09:42 | 000,086,224 | ---- | M] (Avira Operations GmbH & Co. KG) [Auto | Running] -- C:\Programme\Avira\AntiVir Desktop\sched.exe -- (AntiVirSchedulerService)
SRV - [2012.05.08 11:09:34 | 000,110,032 | ---- | M] (Avira Operations GmbH & Co. KG) [Auto | Running] -- C:\Programme\Avira\AntiVir Desktop\avguard.exe -- (AntiVirService)
SRV - [2012.02.29 08:50:48 | 000,158,856 | R--- | M] (Skype Technologies) [Auto | Stopped] -- C:\Programme\Skype\Updater\Updater.exe -- (SkypeUpdate)
SRV - [2008.01.21 04:35:20 | 000,896,512 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\Programme\Windows Media Player\wmpnetwk.exe -- (WMPNetworkSvc)
SRV - [2003.07.28 13:28:22 | 000,089,136 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Programme\Common Files\microsoft shared\Source Engine\OSE.EXE -- (ose)
 
 
========== Driver Services (SafeList) ==========
 
DRV - File not found [Kernel | On_Demand | Stopped] -- system32\DRIVERS\nwlnkfwd.sys -- (NwlnkFwd)
DRV - File not found [Kernel | On_Demand | Stopped] -- system32\DRIVERS\nwlnkflt.sys -- (NwlnkFlt)
DRV - File not found [Kernel | On_Demand | Stopped] -- system32\DRIVERS\ipinip.sys -- (IpInIp)
DRV - [2012.05.08 11:09:43 | 000,137,928 | ---- | M] (Avira GmbH) [Kernel | System | Running] -- C:\Windows\System32\drivers\avipbb.sys -- (avipbb)
DRV - [2012.05.08 11:09:43 | 000,083,392 | ---- | M] (Avira GmbH) [File_System | Auto | Running] -- C:\Windows\System32\drivers\avgntflt.sys -- (avgntflt)
DRV - [2011.09.16 16:08:07 | 000,036,000 | ---- | M] (Avira GmbH) [Kernel | System | Running] -- C:\Windows\System32\drivers\avkmgr.sys -- (avkmgr)
DRV - [2009.10.08 16:55:33 | 000,028,520 | ---- | M] (Avira GmbH) [Kernel | System | Running] -- C:\Windows\System32\drivers\ssmdrv.sys -- (ssmdrv)
DRV - [2008.05.23 15:54:06 | 000,458,752 | ---- | M] (Silicon Integrated Systems Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\SISGRKMD.sys -- (SiS6350)
DRV - [2008.04.23 11:21:08 | 000,058,416 | ---- | M] (Silicon Integrated Systems Corporation) [Kernel | Boot | Running] -- C:\Windows\System32\drivers\SISAGPX.SYS -- (SISAGP)
DRV - [2008.03.10 19:22:32 | 001,075,496 | ---- | M] (Bison Electronics. Inc. ) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\BisonC07.sys -- (Cam5607)
DRV - [2008.01.21 04:32:49 | 000,031,616 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\winusb.sys -- (winusb)
DRV - [2007.12.26 04:20:34 | 000,290,304 | R--- | M] (Realtek Semiconductor Corporation                          ) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\rtl8187B.sys -- (RTL8187B)
DRV - [2007.12.10 15:22:18 | 000,110,632 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\s3017mdm.sys -- (s3017mdm)
DRV - [2007.12.10 15:22:18 | 000,015,016 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\s3017mdfl.sys -- (s3017mdfl)
DRV - [2007.12.10 15:22:14 | 000,083,880 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\s3017bus.sys -- (s3017bus) Sony Ericsson Device 3017 driver (WDM)
DRV - [2007.10.16 09:35:32 | 000,048,128 | ---- | M] (Silicon Integrated Systems Corp.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\SiSGB6.sys -- (SiSGbeLH)
DRV - [2007.04.11 10:40:14 | 000,046,592 | ---- | M] (ENE Technology Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\ESD7SK.sys -- (ESDCR)
DRV - [2007.04.11 10:40:06 | 000,067,584 | ---- | M] (ENE Technology Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\EMS7SK.sys -- (EMSCR)
DRV - [2006.11.02 09:41:49 | 001,010,560 | ---- | M] (Motorola Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\smserial.sys -- (smserial)
 
 
========== Standard Registry (SafeList) ==========
 
 
========== Internet Explorer ==========
 
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = %SystemRoot%\system32\blank.htm
IE - HKLM\..\SearchScopes,DefaultScope = {6A1806CD-94D4-4689-BA73-E35EA1EA9990}
IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://search.live.com/results.aspx?q={searchTerms}&src={referrer:source?}
IE - HKLM\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = hxxp://www.google.com/search?q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&sourceid=ie7
 
 
IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
 
IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
 
 
 
IE - HKU\S-1-5-21-3832732525-3784774232-697464651-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Secondary_Page_URL = www.chiliGREEN.com [binary data]
IE - HKU\S-1-5-21-3832732525-3784774232-697464651-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Search Bar = hxxp://www.google.com/ie
IE - HKU\S-1-5-21-3832732525-3784774232-697464651-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.google.com
IE - HKU\S-1-5-21-3832732525-3784774232-697464651-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.ask.com/?l=dis&o=15768
IE - HKU\S-1-5-21-3832732525-3784774232-697464651-1000\SOFTWARE\Microsoft\Internet Explorer\Main,StartPageCache = 1
IE - HKU\S-1-5-21-3832732525-3784774232-697464651-1000\..\URLSearchHook: {00000000-6E41-4FD3-8538-502F5495E5FC} - C:\Programme\Ask.com\GenericAskToolbar.dll (Ask)
IE - HKU\S-1-5-21-3832732525-3784774232-697464651-1000\..\URLSearchHook: {d40b90b4-d3b1-4d6b-a5d7-dc041c1b76c0} - No CLSID value found
IE - HKU\S-1-5-21-3832732525-3784774232-697464651-1000\..\SearchScopes,DefaultScope = {171DEBEB-C3D4-40b7-AC73-056A5EBA4A7E}
IE - HKU\S-1-5-21-3832732525-3784774232-697464651-1000\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://search.live.com/results.aspx?q={searchTerms}&src={referrer:source?}
IE - HKU\S-1-5-21-3832732525-3784774232-697464651-1000\..\SearchScopes\{171DEBEB-C3D4-40b7-AC73-056A5EBA4A7E}: "URL" = hxxp://websearch.ask.com/redirect?client=ie&tb=NDV&o=15765&src=crm&q={searchTerms}&locale=de_US&apn_ptnrs=NY&apn_dtid=YYYYYYUHAT&apn_uid=020BA272-E1C2-448B-A773-0E41D81800A4&apn_sauid=A26D2F8A-964E-4E03-8AFA-FF0C32815665&
IE - HKU\S-1-5-21-3832732525-3784774232-697464651-1000\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = hxxp://www.google.com/search?q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&sourceid=ie7&rlz=1I7GPEA_deAT291
IE - HKU\S-1-5-21-3832732525-3784774232-697464651-1000\..\SearchScopes\{CFF4DB9B-135F-47c0-9269-B4C6572FD61A}: "URL" = hxxp://mystart.incredimail.com/?search={searchTerms}&loc=search_box&a=1jSpp2L5yWk
IE - HKU\S-1-5-21-3832732525-3784774232-697464651-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
 
========== FireFox ==========
 
FF - prefs.js..browser.search.defaultenginename: "MyStart Search"
FF - prefs.js..browser.search.selectedEngine: "MyStart Search"
FF - prefs.js..browser.startup.homepage: "https://www.startpage.com/"
FF - prefs.js..extensions.enabledItems: engine@conduit.com:3.2.5.2
FF - prefs.js..extensions.enabledItems: {d40b90b4-d3b1-4d6b-a5d7-dc041c1b76c0}:3.2.5.2
FF - prefs.js..extensions.enabledItems: personas@christopher.beard:1.6.1
FF - prefs.js..extensions.enabledItems: {23fcfd51-4958-4f00-80a3-ae97e717ed8b}:2.1.2.145
FF - prefs.js..keyword.URL: "hxxp://mystart.incredimail.com/?loc=ff_address_bar_im2_test_v2&search="
FF - user.js - File not found
 
FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF32_11_2_202_235.dll ()
FF - HKLM\Software\MozillaPlugins\@divx.com/DivX Browser Plugin,version=1.0.0: C:\Program Files\DivX\DivX Plus Web Player\npdivx32.dll (DivX, LLC)
FF - HKLM\Software\MozillaPlugins\@divx.com/DivX VOD Helper,version=1.0.0: C:\Program Files\DivX\DivX OVS Helper\npovshelper.dll (DivX, LLC.)
FF - HKLM\Software\MozillaPlugins\@Google.com/GoogleEarthPlugin: C:\Program Files\Google\Google Earth\plugin\npgeplugin.dll (Google)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WPF,version=3.5: C:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files\Google\Update\1.3.21.111\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files\Google\Update\1.3.21.111\npGoogleUpdate3.dll (Google Inc.)
 
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{23fcfd51-4958-4f00-80a3-ae97e717ed8b}: C:\Program Files\DivX\DivX Plus Web Player\firefox\DivXHTML5 [2012.04.18 19:28:59 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 12.0\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2012.05.23 19:10:27 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 12.0\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2012.05.23 19:10:26 | 000,000,000 | ---D | M]
 
[2009.12.12 15:21:15 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Maria\AppData\Roaming\mozilla\Extensions
[2012.06.05 10:49:03 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Maria\AppData\Roaming\mozilla\Firefox\Profiles\xhrfwojo.default\extensions
[2010.07.27 10:36:31 | 000,000,000 | ---D | M] (Microsoft .NET Framework Assistant) -- C:\Users\Maria\AppData\Roaming\mozilla\Firefox\Profiles\xhrfwojo.default\extensions\{20a82645-c095-46ed-80e3-08825760534b}
[2012.05.30 18:32:32 | 000,000,000 | ---D | M] (IncrediMail MediaBar 2 Community Toolbar) -- C:\Users\Maria\AppData\Roaming\mozilla\Firefox\Profiles\xhrfwojo.default\extensions\{d40b90b4-d3b1-4d6b-a5d7-dc041c1b76c0}
[2011.03.03 20:20:51 | 000,000,000 | ---D | M] (Conduit Engine) -- C:\Users\Maria\AppData\Roaming\mozilla\Firefox\Profiles\xhrfwojo.default\extensions\engine@conduit.com
[2012.06.05 10:49:20 | 000,000,000 | ---D | M] (Ask Toolbar) -- C:\Users\Maria\AppData\Roaming\mozilla\Firefox\Profiles\xhrfwojo.default\extensions\toolbar@ask.com
[2011.11.17 19:25:44 | 000,002,333 | ---- | M] () -- C:\Users\Maria\AppData\Roaming\Mozilla\Firefox\Profiles\xhrfwojo.default\searchplugins\askcom.xml
[2011.08.21 21:18:50 | 000,002,185 | ---- | M] () -- C:\Users\Maria\AppData\Roaming\Mozilla\Firefox\Profiles\xhrfwojo.default\searchplugins\MyStart Search.xml
[2012.05.23 19:10:27 | 000,000,000 | ---D | M] (No name found) -- C:\Programme\Mozilla Firefox\extensions
[2012.04.21 03:18:00 | 000,097,208 | ---- | M] (Mozilla Foundation) -- C:\Program Files\mozilla firefox\components\browsercomps.dll
[2012.04.21 03:54:08 | 000,001,392 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\amazondotcom-de.xml
[2012.04.21 03:54:08 | 000,002,252 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\bing.xml
[2012.04.21 03:54:08 | 000,001,153 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\eBay-de.xml
[2012.04.21 03:54:08 | 000,006,805 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\leo_ende_de.xml
[2012.04.21 03:54:08 | 000,001,178 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\wikipedia-de.xml
[2012.04.21 03:54:08 | 000,001,105 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\yahoo-de.xml
 
O1 HOSTS File: ([2006.09.18 23:41:30 | 000,000,736 | ---- | M]) - C:\Windows\System32\drivers\etc\hosts
O1 - Hosts: ::1            localhost
O2 - BHO: (Adobe PDF Reader) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Programme\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll (Adobe Systems Incorporated)
O2 - BHO: (DivX Plus Web Player HTML5 <video>) - {326E768D-4182-46FD-9C16-1449A49795F4} - C:\Programme\DivX\DivX Plus Web Player\ie\DivXHTML5\DivXHTML5.dll (DivX, LLC)
O2 - BHO: (SSVHelper Class) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Programme\Java\jre1.6.0_06\bin\ssv.dll (Sun Microsystems, Inc.)
O2 - BHO: (Ask Toolbar) - {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Programme\Ask.com\GenericAskToolbar.dll (Ask)
O3 - HKLM\..\Toolbar: (Ask Toolbar) - {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Programme\Ask.com\GenericAskToolbar.dll (Ask)
O3 - HKU\S-1-5-21-3832732525-3784774232-697464651-1000\..\Toolbar\WebBrowser: (no name) - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - No CLSID value found.
O3 - HKU\S-1-5-21-3832732525-3784774232-697464651-1000\..\Toolbar\WebBrowser: (no name) - {30F9B915-B755-4826-820B-08FBA6BD249D} - No CLSID value found.
O3 - HKU\S-1-5-21-3832732525-3784774232-697464651-1000\..\Toolbar\WebBrowser: (Ask Toolbar) - {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Programme\Ask.com\GenericAskToolbar.dll (Ask)
O4 - HKLM..\Run: []  File not found
O4 - HKLM..\Run: [ApnUpdater] C:\Program Files\Ask.com\Updater\Updater.exe (Ask)
O4 - HKLM..\Run: [avgnt] C:\Program Files\Avira\AntiVir Desktop\avgnt.exe (Avira Operations GmbH & Co. KG)
O4 - HKLM..\Run: [BisonHK] C:\Windows\BisonCam\BisonHK.exe (mychat)
O4 - HKLM..\Run: [DivXUpdate] C:\Program Files\DivX\DivX Update\DivXUpdate.exe ()
O4 - HKLM..\Run: [PDFPrint] C:\Programme\PDF24\pdf24.exe (Geek Software GmbH)
O4 - HKLM..\Run: [RtHDVCpl] C:\Windows\RtHDVCpl.exe (Realtek Semiconductor)
O4 - HKLM..\Run: [SiSTray] C:\Programme\SiS VGA Utilities\SiSTray.exe (Silicon Integrated Systems Corporation)
O4 - HKLM..\Run: [SunJavaUpdateSched] C:\Program Files\Java\jre1.6.0_06\bin\jusched.exe (Sun Microsystems, Inc.)
O4 - HKLM..\Run: [SynTPStart] C:\Programme\Synaptics\SynTP\SynTPStart.exe (Synaptics, Inc.)
O4 - HKU\S-1-5-19..\Run: [WindowsWelcomeCenter] C:\Windows\System32\oobefldr.dll (Microsoft Corporation)
O4 - HKU\S-1-5-20..\Run: [WindowsWelcomeCenter] C:\Windows\System32\oobefldr.dll (Microsoft Corporation)
O4 - HKU\S-1-5-21-3832732525-3784774232-697464651-1000..\Run: [BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe" File not found
O8 - Extra context menu item: Nach Microsoft &Excel exportieren - C:\Programme\Microsoft Office\OFFICE11\EXCEL.EXE (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : Sun Java Konsole - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Programme\Java\jre1.6.0_06\bin\ssv.dll (Sun Microsystems, Inc.)
O9 - Extra Button: Europa Casino - {4C826F10-D34B-4ba8-B609-1FB8C6482A05} - C:\Casino\Europa Casino\casino.exe File not found
O9 - Extra 'Tools' menuitem : Europa Casino - {4C826F10-D34B-4ba8-B609-1FB8C6482A05} - C:\Casino\Europa Casino\casino.exe File not found
O9 - Extra Button: Recherchieren - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\Programme\Microsoft Office\OFFICE11\REFIEBAR.DLL (Microsoft Corporation)
O9 - Extra Button: PartyCasino - {B4B52284-A248-4c51-9F7C-F0A0C67FCC9D} - C:\Programs\PartyGaming\PartyCasino\RunApp.exe File not found
O9 - Extra 'Tools' menuitem : PartyCasino - {B4B52284-A248-4c51-9F7C-F0A0C67FCC9D} - C:\Programs\PartyGaming\PartyCasino\RunApp.exe File not found
O13 - gopher Prefix: missing
O15 - HKU\S-1-5-21-3832732525-3784774232-697464651-1000\..Trusted Domains: partyaccount.com ([secure] https in Vertrauenswürdige Sites)
O16 - DPF: {7530BFB8-7293-4D34-9923-61A11451AFC5} hxxp://download.eset.com/special/eos/OnlineScanner.cab (OnlineScanner Control)
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} hxxp://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab (Reg Error: Key error.)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{284625CD-3E8A-4B09-BEC7-FF6B682AB3F8}: DhcpNameServer = 192.168.81.250
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{B480DD12-392A-4028-985C-3227916078F6}: DhcpNameServer = 192.168.1.1
O18 - Protocol\Handler\msdaipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\msdaipp\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\mso-offdap {3D9F03FA-7A94-11D3-BE81-0050048385D1} - C:\Programme\Common Files\microsoft shared\Web Components\10\OWC10.DLL (Microsoft Corporation)
O18 - Protocol\Handler\mso-offdap11 {32505114-5902-49B2-880A-1F7738E5A384} - C:\Programme\Common Files\microsoft shared\Web Components\11\OWC11.DLL (Microsoft Corporation)
O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Programme\Common Files\Skype\Skype4COM.dll (Skype Technologies)
O18 - Protocol\Filter\text/xml {807553E5-5146-11D5-A672-00B0D022E945} - C:\Programme\Common Files\microsoft shared\OFFICE11\MSOXMLMF.DLL (Microsoft Corporation)
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\System32\userinit.exe (Microsoft Corporation)
O24 - Desktop WallPaper: C:\Users\Maria\AppData\Roaming\Mozilla\Firefox\Desktop-Hintergrund.bmp
O24 - Desktop BackupWallPaper: C:\Users\Maria\AppData\Roaming\Mozilla\Firefox\Desktop-Hintergrund.bmp
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2006.09.18 23:43:36 | 000,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ]
O34 - HKLM BootExecute: (autocheck autochk *)
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)
 
NetSvcs: FastUserSwitchingCompatibility -  File not found
NetSvcs: Ias - C:\Windows\System32\ias.dll (Microsoft Corporation)
NetSvcs: Nla -  File not found
NetSvcs: Ntmssvc -  File not found
NetSvcs: NWCWorkstation -  File not found
NetSvcs: Nwsapagent -  File not found
NetSvcs: Sharedaccess -  File not found
NetSvcs: SRService -  File not found
NetSvcs: WmdmPmSp -  File not found
NetSvcs: LogonHours -  File not found
NetSvcs: PCAudit -  File not found
NetSvcs: helpsvc -  File not found
NetSvcs: uploadmgr -  File not found
 
 
SafeBootMin: AppMgmt - Service
SafeBootMin: Base - Driver Group
SafeBootMin: Boot Bus Extender - Driver Group
SafeBootMin: Boot file system - Driver Group
SafeBootMin: File system - Driver Group
SafeBootMin: Filter - Driver Group
SafeBootMin: HelpSvc - Service
SafeBootMin: NTDS -  File not found
SafeBootMin: PCI Configuration - Driver Group
SafeBootMin: PNP Filter - Driver Group
SafeBootMin: Primary disk - Driver Group
SafeBootMin: sacsvr - Service
SafeBootMin: SCSI Class - Driver Group
SafeBootMin: System Bus Extender - Driver Group
SafeBootMin: WinDefend - Service
SafeBootMin: {36FC9E60-C465-11CF-8056-444553540000} - Universal Serial Bus controllers
SafeBootMin: {4D36E965-E325-11CE-BFC1-08002BE10318} - CD-ROM Drive
SafeBootMin: {4D36E967-E325-11CE-BFC1-08002BE10318} - DiskDrive
SafeBootMin: {4D36E969-E325-11CE-BFC1-08002BE10318} - Standard floppy disk controller
SafeBootMin: {4D36E96A-E325-11CE-BFC1-08002BE10318} - Hdc
SafeBootMin: {4D36E96B-E325-11CE-BFC1-08002BE10318} - Keyboard
SafeBootMin: {4D36E96F-E325-11CE-BFC1-08002BE10318} - Mouse
SafeBootMin: {4D36E977-E325-11CE-BFC1-08002BE10318} - PCMCIA Adapters
SafeBootMin: {4D36E97B-E325-11CE-BFC1-08002BE10318} - SCSIAdapter
SafeBootMin: {4D36E97D-E325-11CE-BFC1-08002BE10318} - System
SafeBootMin: {4D36E980-E325-11CE-BFC1-08002BE10318} - Floppy disk drive
SafeBootMin: {533C5B84-EC70-11D2-9505-00C04F79DEAF} - Volume shadow copy
SafeBootMin: {6BDD1FC1-810F-11D0-BEC7-08002BE2092F} - IEEE 1394 Bus host controllers
SafeBootMin: {71A27CDD-812A-11D0-BEC7-08002BE2092F} - Volume
SafeBootMin: {745A17A0-74D3-11D0-B6FE-00A0C90F57DA} - Human Interface Devices
SafeBootMin: {D48179BE-EC20-11D1-B6B8-00C04FA372A7} - SBP2 IEEE 1394 Devices
SafeBootMin: {D94EE5D8-D189-4994-83D2-F68D7D41B0E6} - SecurityDevices
 
SafeBootNet: AppMgmt - Service
SafeBootNet: Base - Driver Group
SafeBootNet: BFE - Service
SafeBootNet: Boot Bus Extender - Driver Group
SafeBootNet: Boot file system - Driver Group
SafeBootNet: File system - Driver Group
SafeBootNet: Filter - Driver Group
SafeBootNet: HelpSvc - Service
SafeBootNet: Messenger - Service
SafeBootNet: MPSSvc - Service
SafeBootNet: NDIS Wrapper - Driver Group
SafeBootNet: NetBIOSGroup - Driver Group
SafeBootNet: NetDDEGroup - Driver Group
SafeBootNet: Network - Driver Group
SafeBootNet: NetworkProvider - Driver Group
SafeBootNet: NTDS -  File not found
SafeBootNet: PCI Configuration - Driver Group
SafeBootNet: PNP Filter - Driver Group
SafeBootNet: PNP_TDI - Driver Group
SafeBootNet: Primary disk - Driver Group
SafeBootNet: rdsessmgr - Service
SafeBootNet: sacsvr - Service
SafeBootNet: SCSI Class - Driver Group
SafeBootNet: SharedAccess -  File not found
SafeBootNet: Streams Drivers - Driver Group
SafeBootNet: System Bus Extender - Driver Group
SafeBootNet: TDI - Driver Group
SafeBootNet: WinDefend - Service
SafeBootNet: {36FC9E60-C465-11CF-8056-444553540000} - Universal Serial Bus controllers
SafeBootNet: {4D36E965-E325-11CE-BFC1-08002BE10318} - CD-ROM Drive
SafeBootNet: {4D36E967-E325-11CE-BFC1-08002BE10318} - DiskDrive
SafeBootNet: {4D36E969-E325-11CE-BFC1-08002BE10318} - Standard floppy disk controller
SafeBootNet: {4D36E96A-E325-11CE-BFC1-08002BE10318} - Hdc
SafeBootNet: {4D36E96B-E325-11CE-BFC1-08002BE10318} - Keyboard
SafeBootNet: {4D36E96F-E325-11CE-BFC1-08002BE10318} - Mouse
SafeBootNet: {4D36E972-E325-11CE-BFC1-08002BE10318} - Net
SafeBootNet: {4D36E973-E325-11CE-BFC1-08002BE10318} - NetClient
SafeBootNet: {4D36E974-E325-11CE-BFC1-08002BE10318} - NetService
SafeBootNet: {4D36E975-E325-11CE-BFC1-08002BE10318} - NetTrans
SafeBootNet: {4D36E977-E325-11CE-BFC1-08002BE10318} - PCMCIA Adapters
SafeBootNet: {4D36E97B-E325-11CE-BFC1-08002BE10318} - SCSIAdapter
SafeBootNet: {4D36E97D-E325-11CE-BFC1-08002BE10318} - System
SafeBootNet: {4D36E980-E325-11CE-BFC1-08002BE10318} - Floppy disk drive
SafeBootNet: {50DD5230-BA8A-11D1-BF5D-0000F805F530} - Smart card readers
SafeBootNet: {533C5B84-EC70-11D2-9505-00C04F79DEAF} - Volume shadow copy
SafeBootNet: {6BDD1FC1-810F-11D0-BEC7-08002BE2092F} - IEEE 1394 Bus host controllers
SafeBootNet: {71A27CDD-812A-11D0-BEC7-08002BE2092F} - Volume
SafeBootNet: {745A17A0-74D3-11D0-B6FE-00A0C90F57DA} - Human Interface Devices
SafeBootNet: {D48179BE-EC20-11D1-B6B8-00C04FA372A7} - SBP2 IEEE 1394 Devices
SafeBootNet: {D94EE5D8-D189-4994-83D2-F68D7D41B0E6} - SecurityDevices
 
ActiveX: {08B0E5C0-4FCB-11CF-AAA5-00401C608500} - Java (Sun)
ActiveX: {2179C5D3-EBFF-11CF-B6FD-00AA00B4E220} -
ActiveX: {22d6f312-b0f6-11d0-94ab-0080c74c7e95} - Microsoft Windows Media Player 11.0
ActiveX: {25FFAAD0-F4A3-4164-95FF-4461E9F35D51} - .NET Framework
ActiveX: {2C7339CF-2B09-4501-B3F3-F3508C9228ED} - %SystemRoot%\system32\regsvr32.exe /s /n /i:/UserInstall %SystemRoot%\system32\themeui.dll
ActiveX: {3af36230-a269-11d1-b5bf-0000f8051515} - Offline Browsing Pack
ActiveX: {3C3901C5-3455-3E0A-A214-0B093A5070A6} - .NET Framework
ActiveX: {44BBA840-CC51-11CF-AAFA-00AA00B6015C} - "%ProgramFiles%\Windows Mail\WinMail.exe" OCInstallUserConfigOE
ActiveX: {44BBA848-CC51-11CF-AAFA-00AA00B6015C} -
ActiveX: {44BBA855-CC51-11CF-AAFA-00AA00B6015F} - DirectDrawEx
ActiveX: {45ea75a0-a269-11d1-b5bf-0000f8051515} - Internet Explorer Help
ActiveX: {4f645220-306d-11d2-995d-00c04f98bbc9} - Microsoft Windows Script 5.7
ActiveX: {5fd399c0-a70a-11d1-9948-00c04f98bbc9} - Internet Explorer Setup Tools
ActiveX: {630b1da0-b465-11d1-9948-00c04f98bbc9} - Browsing Enhancements
ActiveX: {6BF52A52-394A-11d3-B153-00C04F79FAA6} - Microsoft Windows Media Player
ActiveX: {6fab99d0-bab8-11d1-994a-00c04f98bbc9} - MSN Site Access
ActiveX: {73FA19D0-2D75-11D2-995D-00C04F98BBC9} - Webordner
ActiveX: {7790769C-0471-11d2-AF11-00C04FA35D02} - Address Book 7
ActiveX: {7C028AF8-F614-47B3-82DA-BA94E41B1089} - .NET Framework
ActiveX: {89820200-ECBD-11cf-8B85-00AA005B4340} - regsvr32.exe /s /n /i:U shell32.dll
ActiveX: {89820200-ECBD-11cf-8B85-00AA005B4383} - C:\Windows\system32\ie4uinit.exe -BaseSettings
ActiveX: {89B4C1CD-B018-4511-B0A1-5476DBF70820} - C:\Windows\system32\Rundll32.exe C:\Windows\system32\mscories.dll,Install
ActiveX: {9381D8F2-0288-11D0-9501-00AA00B911A5} - Dynamic HTML Data Binding
ActiveX: {C9E9A340-D1F1-11D0-821E-444553540600} - Internet Explorer Core Fonts
ActiveX: {CDD7975E-60F8-41d5-8149-19E51D6F71D0} - Windows Movie Maker v2.1
ActiveX: {D27CDB6E-AE6D-11CF-96B8-444553540000} - Adobe Flash Player
ActiveX: {de5aed00-a4bf-11d1-9948-00c04f98bbc9} - HTML Help
ActiveX: {E92B03AB-B707-11d2-9CBD-0000F87A369E} - Active Directory Service Interface
ActiveX: >{22d6f312-b0f6-11d0-94ab-0080c74c7e95} - C:\Windows\system32\unregmp2.exe /ShowWMP
ActiveX: >{26923b43-4d38-484f-9b9e-de460746276c} - C:\Windows\system32\ie4uinit.exe -UserIconConfig
ActiveX: >{60B49E34-C7CC-11D0-8953-00A0C90347FF} - RunDLL32 IEDKCS32.DLL,BrandIE4 SIGNUP
 
Drivers32: msacm.l3acm - C:\Windows\System32\l3codeca.acm (Fraunhofer Institut Integrierte Schaltungen IIS)
Drivers32: MSVideo8 - C:\Windows\System32\vfwwdm32.dll (Microsoft Corporation)
Drivers32: vidc.cvid - C:\Windows\System32\iccvid.dll (Radius Inc.)
Drivers32: vidc.DIVX - C:\Windows\System32\DivX.dll (DivX, Inc.)
Drivers32: vidc.yv12 - C:\Windows\System32\DivX.dll (DivX, Inc.)
 
CREATERESTOREPOINT
Restore point Set: OTL Restore Point
 
========== Files/Folders - Created Within 30 Days ==========
 
[2012.06.12 09:48:11 | 000,596,480 | ---- | C] (OldTimer Tools) -- C:\Users\Maria\Desktop\OTL.exe
[2012.06.05 11:14:13 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Canon
[2012.06.05 10:49:03 | 000,000,000 | ---D | C] -- C:\Program Files\Ask.com
[2012.06.05 10:48:48 | 000,000,000 | ---D | C] -- C:\Users\Maria\AppData\Roaming\Carambis
[2012.06.05 10:48:25 | 000,000,000 | ---D | C] -- C:\Users\Maria\AppData\Local\TempDIR
[2012.06.04 15:57:38 | 000,000,000 | ---D | C] -- C:\Program Files\ESET
[2012.06.03 19:08:26 | 000,000,000 | ---D | C] -- C:\Users\Maria\AppData\Roaming\Malwarebytes
[2012.06.03 19:08:13 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes' Anti-Malware
[2012.06.03 19:08:13 | 000,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes
[2012.06.03 19:08:12 | 000,022,344 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbam.sys
[2012.06.03 19:08:12 | 000,000,000 | ---D | C] -- C:\Program Files\Malwarebytes' Anti-Malware
[2012.06.03 19:06:41 | 010,063,000 | ---- | C] (Malwarebytes Corporation                                    ) -- C:\Users\Maria\Desktop\mbam-setup-1.61.0.1400.exe
[2012.06.02 07:38:21 | 000,000,000 | ---D | C] -- C:\Users\Maria\Desktop\Desktop_Mici_Juni12
[2012.05.14 10:28:11 | 000,000,000 | ---D | C] -- C:\Users\Maria\AppData\Roaming\OpenOffice.org
[2012.05.14 10:22:56 | 000,000,000 | --SD | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\OpenOffice.org 3.4
[2012.05.14 10:20:44 | 000,000,000 | ---D | C] -- C:\Program Files\OpenOffice.org 3
 
========== Files - Modified Within 30 Days ==========
 
[2012.06.12 09:48:15 | 000,596,480 | ---- | M] (OldTimer Tools) -- C:\Users\Maria\Desktop\OTL.exe
[2012.06.12 09:47:22 | 000,001,096 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job
[2012.06.12 09:33:52 | 000,013,514 | ---- | M] () -- C:\Windows\System32\perfh009.dat
[2012.06.12 09:33:52 | 000,007,324 | ---- | M] () -- C:\Windows\System32\perfc009.dat
[2012.06.12 09:33:51 | 000,061,100 | ---- | M] () -- C:\Windows\System32\perfh007.dat
[2012.06.12 09:33:51 | 000,015,184 | ---- | M] () -- C:\Windows\System32\perfc007.dat
[2012.06.12 09:29:12 | 000,003,216 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0
[2012.06.12 09:29:12 | 000,003,216 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0
[2012.06.12 09:29:06 | 000,001,092 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job
[2012.06.12 09:28:17 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2012.06.11 15:59:25 | 000,000,418 | -H-- | M] () -- C:\Windows\tasks\User_Feed_Synchronization-{26B084A3-132B-4A51-B1B3-6E97889AAEA6}.job
[2012.06.05 10:53:47 | 000,004,140 | ---- | M] () -- C:\ProgramData\mtbjfghn.xbe
[2012.06.04 15:47:37 | 000,004,892 | ---- | M] () -- C:\Users\Maria\Desktop\ESET.htm
[2012.06.03 19:08:14 | 000,000,908 | ---- | M] () -- C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
[2012.06.03 19:07:14 | 010,063,000 | ---- | M] (Malwarebytes Corporation                                    ) -- C:\Users\Maria\Desktop\mbam-setup-1.61.0.1400.exe
[2012.06.02 08:22:32 | 000,050,477 | ---- | M] () -- C:\Users\Maria\Desktop\Defogger.exe
[2012.06.02 08:19:08 | 000,000,000 | ---- | M] () -- C:\Users\Maria\defogger_reenable
[2012.05.23 19:10:29 | 000,000,848 | ---- | M] () -- C:\Users\Public\Desktop\Mozilla Firefox.lnk
[2012.05.22 21:26:49 | 000,071,168 | ---- | M] () -- C:\Users\Maria\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2012.05.14 18:21:55 | 000,345,048 | ---- | M] () -- C:\Windows\System32\FNTCACHE.DAT
 
========== Files Created - No Company Name ==========
 
[2012.06.12 10:03:54 | 000,001,648 | ---- | C] () -- C:\Windows\Installer\{79578ea7-d155-bbd7-c0ee-b19eb8ceeea9}\U\00000001.@
[2012.06.10 20:35:26 | 000,018,944 | ---- | C] () -- C:\Windows\Installer\{79578ea7-d155-bbd7-c0ee-b19eb8ceeea9}\U\800000cb.@
[2012.06.05 10:53:47 | 000,004,140 | ---- | C] () -- C:\ProgramData\mtbjfghn.xbe
[2012.06.04 15:47:35 | 000,004,892 | ---- | C] () -- C:\Users\Maria\Desktop\ESET.htm
[2012.06.04 15:47:26 | 000,012,288 | ---- | C] () -- C:\Windows\Installer\{79578ea7-d155-bbd7-c0ee-b19eb8ceeea9}\U\80000000.@
[2012.06.03 19:08:14 | 000,000,908 | ---- | C] () -- C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
[2012.06.02 08:22:32 | 000,050,477 | ---- | C] () -- C:\Users\Maria\Desktop\Defogger.exe
[2012.06.02 08:19:08 | 000,000,000 | ---- | C] () -- C:\Users\Maria\defogger_reenable
[2012.05.23 19:10:29 | 000,000,860 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Mozilla Firefox.lnk
[2011.10.03 23:47:29 | 000,000,552 | ---- | C] () -- C:\Users\Maria\AppData\Local\d3d8caps.dat
[2011.02.09 18:00:00 | 000,002,048 | -HS- | C] () -- C:\Windows\Installer\{79578ea7-d155-bbd7-c0ee-b19eb8ceeea9}\@
[2011.02.09 18:00:00 | 000,002,048 | -HS- | C] () -- C:\Users\Maria\AppData\Local\{79578ea7-d155-bbd7-c0ee-b19eb8ceeea9}\@
 
========== LOP Check ==========
 
[2012.06.05 10:48:48 | 000,000,000 | ---D | M] -- C:\Users\Maria\AppData\Roaming\Carambis
[2012.05.14 10:28:11 | 000,000,000 | ---D | M] -- C:\Users\Maria\AppData\Roaming\OpenOffice.org
[2010.11.28 18:02:51 | 000,000,000 | ---D | M] -- C:\Users\Maria\AppData\Roaming\PCFix
[2010.11.28 21:51:21 | 000,000,000 | ---D | M] -- C:\Users\Maria\AppData\Roaming\Playrix Entertainment
[2011.11.18 11:30:31 | 000,000,000 | ---D | M] -- C:\Users\Maria\AppData\Roaming\Systweak
[2010.08.08 00:43:14 | 000,000,000 | ---D | M] -- C:\Users\Maria\AppData\Roaming\Zylom
[2012.06.11 23:07:29 | 000,032,554 | ---- | M] () -- C:\Windows\Tasks\SCHEDLGU.TXT
[2012.06.11 15:59:25 | 000,000,418 | -H-- | M] () -- C:\Windows\Tasks\User_Feed_Synchronization-{26B084A3-132B-4A51-B1B3-6E97889AAEA6}.job
 
========== Purity Check ==========
 
 
 
========== Custom Scans ==========
 
< %ALLUSERSPROFILE%\Application Data\*. >
 
< %ALLUSERSPROFILE%\Application Data\*.exe /s >
 
< %APPDATA%\*. >
[2008.07.12 16:38:55 | 000,000,000 | ---D | M] -- C:\Users\Maria\AppData\Roaming\Adobe
[2011.10.23 10:47:53 | 000,000,000 | ---D | M] -- C:\Users\Maria\AppData\Roaming\Ahead
[2012.04.13 09:19:09 | 000,000,000 | ---D | M] -- C:\Users\Maria\AppData\Roaming\Avira
[2012.06.05 10:48:48 | 000,000,000 | ---D | M] -- C:\Users\Maria\AppData\Roaming\Carambis
[2012.05.22 19:17:01 | 000,000,000 | ---D | M] -- C:\Users\Maria\AppData\Roaming\DivX
[2008.09.01 19:31:25 | 000,000,000 | ---D | M] -- C:\Users\Maria\AppData\Roaming\Google
[2010.08.08 00:43:14 | 000,000,000 | ---D | M] -- C:\Users\Maria\AppData\Roaming\Identities
[2008.08.30 21:05:10 | 000,000,000 | ---D | M] -- C:\Users\Maria\AppData\Roaming\InstallShield
[2008.06.26 22:31:22 | 000,000,000 | ---D | M] -- C:\Users\Maria\AppData\Roaming\Macromedia
[2012.06.03 19:08:26 | 000,000,000 | ---D | M] -- C:\Users\Maria\AppData\Roaming\Malwarebytes
[2012.06.11 18:10:12 | 000,000,000 | --SD | M] -- C:\Users\Maria\AppData\Roaming\Microsoft
[2009.12.12 15:21:15 | 000,000,000 | ---D | M] -- C:\Users\Maria\AppData\Roaming\Mozilla
[2010.08.05 22:49:15 | 000,000,000 | ---D | M] -- C:\Users\Maria\AppData\Roaming\Mozilla-Cache
[2012.05.14 10:28:11 | 000,000,000 | ---D | M] -- C:\Users\Maria\AppData\Roaming\OpenOffice.org
[2010.11.28 18:02:51 | 000,000,000 | ---D | M] -- C:\Users\Maria\AppData\Roaming\PCFix
[2010.11.28 21:51:21 | 000,000,000 | ---D | M] -- C:\Users\Maria\AppData\Roaming\Playrix Entertainment
[2012.06.12 10:13:04 | 000,000,000 | ---D | M] -- C:\Users\Maria\AppData\Roaming\Skype
[2011.11.18 11:30:31 | 000,000,000 | ---D | M] -- C:\Users\Maria\AppData\Roaming\Systweak
[2012.05.10 15:57:53 | 000,000,000 | ---D | M] -- C:\Users\Maria\AppData\Roaming\WinRAR
[2010.08.08 00:43:14 | 000,000,000 | ---D | M] -- C:\Users\Maria\AppData\Roaming\Zylom
 
< %APPDATA%\*.exe /s >
 
< %SYSTEMDRIVE%\*.exe >
 
< MD5 for: AGP440.SYS  >
[2008.01.21 04:32:22 | 000,056,376 | ---- | M] (Microsoft Corporation) MD5=13F9E33747E6B41A3FF305C37DB0D360 -- C:\Windows\System32\drivers\AGP440.sys
[2008.01.21 04:32:22 | 000,056,376 | ---- | M] (Microsoft Corporation) MD5=13F9E33747E6B41A3FF305C37DB0D360 -- C:\Windows\System32\DriverStore\FileRepository\machine.inf_f750e484\AGP440.sys
[2008.01.21 04:32:22 | 000,056,376 | ---- | M] (Microsoft Corporation) MD5=13F9E33747E6B41A3FF305C37DB0D360 -- C:\Windows\winsxs\x86_machine.inf_31bf3856ad364e35_6.0.6001.18000_none_ba12ed3bbeb0d97a\AGP440.sys
[2008.01.21 04:32:22 | 000,056,376 | ---- | M] (Microsoft Corporation) MD5=13F9E33747E6B41A3FF305C37DB0D360 -- C:\Windows\winsxs\x86_machine.inf_31bf3856ad364e35_6.0.6002.18005_none_bbfe6647bbd2a4c6\AGP440.sys
[2006.11.02 11:49:52 | 000,053,864 | ---- | M] (Microsoft Corporation) MD5=EF23439CDD587F64C2C1B8825CEAD7D8 -- C:\Windows\System32\DriverStore\FileRepository\machine.inf_920a2c1f\AGP440.sys
 
< MD5 for: ATAPI.SYS  >
[2009.04.11 08:32:26 | 000,019,944 | ---- | M] (Microsoft Corporation) MD5=1F05B78AB91C9075565A9D8A4B880BC4 -- C:\Windows\SoftwareDistribution\Download\cd2b15b1a90e884578188440a1660b12\x86_mshdc.inf_31bf3856ad364e35_6.0.6002.18005_none_df23a1261eab99e8\atapi.sys
[2008.01.21 04:32:21 | 000,021,560 | ---- | M] (Microsoft Corporation) MD5=2D9C903DC76A66813D350A562DE40ED9 -- C:\Windows\System32\drivers\atapi.sys
[2008.01.21 04:32:21 | 000,021,560 | ---- | M] (Microsoft Corporation) MD5=2D9C903DC76A66813D350A562DE40ED9 -- C:\Windows\System32\DriverStore\FileRepository\mshdc.inf_cc18792d\atapi.sys
[2008.01.21 04:32:21 | 000,021,560 | ---- | M] (Microsoft Corporation) MD5=2D9C903DC76A66813D350A562DE40ED9 -- C:\Windows\winsxs\x86_mshdc.inf_31bf3856ad364e35_6.0.6001.18000_none_dd38281a2189ce9c\atapi.sys
[2006.11.02 11:49:36 | 000,019,048 | ---- | M] (Microsoft Corporation) MD5=4F4FCB8B6EA06784FB6D475B7EC7300F -- C:\Windows\System32\DriverStore\FileRepository\mshdc.inf_c6c2e699\atapi.sys
 
< MD5 for: CNGAUDIT.DLL  >
[2006.11.02 11:46:03 | 000,011,776 | ---- | M] (Microsoft Corporation) MD5=7F15B4953378C8B5161D65C26D5FED4D -- C:\Windows\System32\cngaudit.dll
[2006.11.02 11:46:03 | 000,011,776 | ---- | M] (Microsoft Corporation) MD5=7F15B4953378C8B5161D65C26D5FED4D -- C:\Windows\winsxs\x86_microsoft-windows-cngaudit-dll_31bf3856ad364e35_6.0.6000.16386_none_e62d292932a96ce6\cngaudit.dll
 
< MD5 for: IASTORV.SYS  >
[2008.01.21 04:32:49 | 000,235,064 | ---- | M] (Intel Corporation) MD5=54155EA1B0DF185878E0FC9EC3AC3A14 -- C:\Windows\System32\drivers\iaStorV.sys
[2008.01.21 04:32:49 | 000,235,064 | ---- | M] (Intel Corporation) MD5=54155EA1B0DF185878E0FC9EC3AC3A14 -- C:\Windows\System32\DriverStore\FileRepository\iastorv.inf_c9df7691\iaStorV.sys
[2008.01.21 04:32:49 | 000,235,064 | ---- | M] (Intel Corporation) MD5=54155EA1B0DF185878E0FC9EC3AC3A14 -- C:\Windows\winsxs\x86_iastorv.inf_31bf3856ad364e35_6.0.6001.18000_none_af11527887c7fa8f\iaStorV.sys
[2006.11.02 11:51:25 | 000,232,040 | ---- | M] (Intel Corporation) MD5=C957BF4B5D80B46C5017BF0101E6C906 -- C:\Windows\System32\DriverStore\FileRepository\iastorv.inf_37cdafa4\iaStorV.sys
 
< MD5 for: NETLOGON.DLL  >
[2009.04.11 08:28:23 | 000,592,896 | ---- | M] (Microsoft Corporation) MD5=95DAECF0FB120A7B5DA679CC54E37DDE -- C:\Windows\SoftwareDistribution\Download\cd2b15b1a90e884578188440a1660b12\x86_microsoft-windows-security-netlogon_31bf3856ad364e35_6.0.6002.18005_none_ffa3304f351bb3a3\netlogon.dll
[2008.01.21 04:33:41 | 000,592,384 | ---- | M] (Microsoft Corporation) MD5=A8EFC0B6E75B789F7FD3BA5025D4E37F -- C:\Windows\System32\netlogon.dll
[2008.01.21 04:33:41 | 000,592,384 | ---- | M] (Microsoft Corporation) MD5=A8EFC0B6E75B789F7FD3BA5025D4E37F -- C:\Windows\winsxs\x86_microsoft-windows-security-netlogon_31bf3856ad364e35_6.0.6001.18000_none_fdb7b74337f9e857\netlogon.dll
 
< MD5 for: NVSTOR.SYS  >
[2006.11.02 11:50:13 | 000,040,040 | ---- | M] (NVIDIA Corporation) MD5=9E0BA19A28C498A6D323D065DB76DFFC -- C:\Windows\System32\DriverStore\FileRepository\nvraid.inf_733654ff\nvstor.sys
[2008.01.21 04:32:47 | 000,045,112 | ---- | M] (NVIDIA Corporation) MD5=ABED0C09758D1D97DB0042DBB2688177 -- C:\Windows\System32\drivers\nvstor.sys
[2008.01.21 04:32:47 | 000,045,112 | ---- | M] (NVIDIA Corporation) MD5=ABED0C09758D1D97DB0042DBB2688177 -- C:\Windows\System32\DriverStore\FileRepository\nvraid.inf_31c3d71d\nvstor.sys
[2008.01.21 04:32:47 | 000,045,112 | ---- | M] (NVIDIA Corporation) MD5=ABED0C09758D1D97DB0042DBB2688177 -- C:\Windows\winsxs\x86_nvraid.inf_31bf3856ad364e35_6.0.6001.18000_none_39dac327befea467\nvstor.sys
 
< MD5 for: SCECLI.DLL  >
[2008.01.21 04:34:39 | 000,177,152 | ---- | M] (Microsoft Corporation) MD5=28B84EB538F7E8A0FE8B9299D591E0B9 -- C:\Windows\System32\scecli.dll
[2008.01.21 04:34:39 | 000,177,152 | ---- | M] (Microsoft Corporation) MD5=28B84EB538F7E8A0FE8B9299D591E0B9 -- C:\Windows\winsxs\x86_microsoft-windows-s..urationengineclient_31bf3856ad364e35_6.0.6001.18000_none_380de25bd91b6f12\scecli.dll
[2009.04.11 08:28:24 | 000,177,152 | ---- | M] (Microsoft Corporation) MD5=8FC182167381E9915651267044105EE1 -- C:\Windows\SoftwareDistribution\Download\cd2b15b1a90e884578188440a1660b12\x86_microsoft-windows-s..urationengineclient_31bf3856ad364e35_6.0.6002.18005_none_39f95b67d63d3a5e\scecli.dll
 
< MD5 for: USER32.DLL  >
[2009.04.11 08:28:25 | 000,627,712 | ---- | M] (Microsoft Corporation) MD5=75510147B94598407666F4802797C75A -- C:\Windows\SoftwareDistribution\Download\cd2b15b1a90e884578188440a1660b12\x86_microsoft-windows-user32_31bf3856ad364e35_6.0.6002.18005_none_cf23e54d6a7e4a7e\user32.dll
[2008.01.21 04:34:02 | 000,627,200 | ---- | M] (Microsoft Corporation) Unable to obtain MD5 -- C:\Windows\System32\user32.dll
[2008.01.21 04:34:02 | 000,627,200 | ---- | M] (Microsoft Corporation) Unable to obtain MD5 -- C:\Windows\winsxs\x86_microsoft-windows-user32_31bf3856ad364e35_6.0.6001.18000_none_cd386c416d5c7f32\user32.dll
 
< MD5 for: USERINIT.EXE  >
[2008.01.21 04:34:37 | 000,025,088 | ---- | M] (Microsoft Corporation) MD5=0E135526E9785D085BCD9AEDE6FBCBF9 -- C:\Windows\System32\userinit.exe
[2008.01.21 04:34:37 | 000,025,088 | ---- | M] (Microsoft Corporation) MD5=0E135526E9785D085BCD9AEDE6FBCBF9 -- C:\Windows\winsxs\x86_microsoft-windows-userinit_31bf3856ad364e35_6.0.6001.18000_none_dc28ba15d1aff80b\userinit.exe
 
< MD5 for: WININIT.EXE  >
[2008.01.21 04:33:13 | 000,096,768 | ---- | M] (Microsoft Corporation) MD5=101BA3EA053480BB5D957EF37C06B5ED -- C:\Windows\System32\wininit.exe
[2008.01.21 04:33:13 | 000,096,768 | ---- | M] (Microsoft Corporation) MD5=101BA3EA053480BB5D957EF37C06B5ED -- C:\Windows\winsxs\x86_microsoft-windows-wininit_31bf3856ad364e35_6.0.6001.18000_none_30f2b8cf0450a6a2\wininit.exe
 
< MD5 for: WINLOGON.EXE  >
[2012.04.04 15:56:38 | 000,199,240 | ---- | M] () MD5=097D0E812D7A9A3101CE46CB2BE0474D -- C:\Program Files\Malwarebytes' Anti-Malware\Chameleon\winlogon.exe
[2009.04.11 08:28:13 | 000,314,368 | ---- | M] (Microsoft Corporation) MD5=898E7C06A350D4A1A64A9EA264D55452 -- C:\Windows\SoftwareDistribution\Download\cd2b15b1a90e884578188440a1660b12\x86_microsoft-windows-winlogon_31bf3856ad364e35_6.0.6002.18005_none_71ae7a22d2134741\winlogon.exe
[2008.01.21 04:34:38 | 000,314,880 | ---- | M] (Microsoft Corporation) MD5=C2610B6BDBEFC053BBDAB4F1B965CB24 -- C:\Windows\System32\winlogon.exe
[2008.01.21 04:34:38 | 000,314,880 | ---- | M] (Microsoft Corporation) MD5=C2610B6BDBEFC053BBDAB4F1B965CB24 -- C:\Windows\winsxs\x86_microsoft-windows-winlogon_31bf3856ad364e35_6.0.6001.18000_none_6fc30116d4f17bf5\winlogon.exe
 
< MD5 for: WS2IFSL.SYS  >
[2008.01.21 04:34:35 | 000,015,872 | ---- | M] (Microsoft Corporation) MD5=E3A3CB253C0EC2494D4A61F5E43A389C -- C:\Windows\System32\drivers\ws2ifsl.sys
[2008.01.21 04:34:35 | 000,015,872 | ---- | M] (Microsoft Corporation) MD5=E3A3CB253C0EC2494D4A61F5E43A389C -- C:\Windows\winsxs\x86_microsoft-windows-w..rastructure-ws2ifsl_31bf3856ad364e35_6.0.6001.18000_none_4f86a0d4c7cda641\ws2ifsl.sys
 
< %systemroot%\system32\drivers\*.sys /lockedfiles >
 
< %systemroot%\System32\config\*.sav >
[2008.01.21 05:31:11 | 015,716,352 | ---- | M] () -- C:\Windows\System32\config\COMPONENTS.SAV
[2008.01.21 05:31:01 | 000,102,400 | ---- | M] () -- C:\Windows\System32\config\DEFAULT.SAV
[2008.01.21 05:31:12 | 000,020,480 | ---- | M] () -- C:\Windows\System32\config\SECURITY.SAV
[2006.11.02 12:34:08 | 010,133,504 | ---- | M] () -- C:\Windows\System32\config\SOFTWARE.SAV
[2006.11.02 12:34:08 | 001,826,816 | ---- | M] () -- C:\Windows\System32\config\SYSTEM.SAV
 
< %systemroot%\*. /mp /s >
 
< %systemroot%\system32\*.dll /lockedfiles >
[2011.04.21 16:57:48 | 000,193,024 | ---- | M] (Microsoft Corporation) Unable to obtain MD5 -- C:\Windows\system32\iepeers.dll

< End of report >
--- --- ---


Und es hat auch ein Extras.txt gemacht, weiß nicht ob das auch gebraucht wird?

OTL Logfile:
Code:
OTL Extras logfile created on: 12.06.2012 10:03:46 - Run 1
OTL by OldTimer - Version 3.2.48.0    Folder = C:\Users\Maria\Desktop
Windows Vista Home Basic Edition Service Pack 1 (Version = 6.0.6001) - Type = NTWorkstation
Internet Explorer (Version = 7.0.6001.18000)
Locale: 00000C07 | Country: Österreich | Language: DEA | Date Format: dd.MM.yyyy
 
1,87 Gb Total Physical Memory | 1,24 Gb Available Physical Memory | 66,07% Memory free
4,00 Gb Paging File | 3,18 Gb Available in Paging File | 79,58% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 49,01 Gb Total Space | 3,84 Gb Free Space | 7,84% Space Free | Partition Type: NTFS
Drive D: | 149,01 Gb Total Space | 39,54 Gb Free Space | 26,53% Space Free | Partition Type: FAT32
Drive E: | 57,89 Gb Total Space | 56,38 Gb Free Space | 97,39% Space Free | Partition Type: NTFS
 
Computer Name: MARIA-PC | User Name: Maria | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users | Quick Scan
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days
 
========== Extra Registry (SafeList) ==========
 
 
========== File Associations ==========
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- C:\Windows\System32\control.exe (Microsoft Corporation)
.hlp [@ = hlpfile] -- C:\Windows\winhlp32.exe (Microsoft Corporation)
.html [@ = ChromeHTML] -- Reg Error: Key error. File not found
.url [@ = InternetShortcut] -- rundll32.exe ieframe.dll,OpenURL %l
 
[HKEY_USERS\S-1-5-21-3832732525-3784774232-697464651-1000\SOFTWARE\Classes\<extension>]
.html [@ = FirefoxHTML] -- C:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation)
 
========== Shell Spawning ==========
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
hlpfile [open] -- %SystemRoot%\winhlp32.exe %1 (Microsoft Corporation)
http [open] -- Reg Error: Key error.
https [open] -- Reg Error: Key error.
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
InternetShortcut [open] -- rundll32.exe ieframe.dll,OpenURL %l
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [open] -- %SystemRoot%\Explorer.exe /separate,/idlist,%I,%L (Microsoft Corporation)
Folder [explore] -- %SystemRoot%\Explorer.exe /separate,/e,/idlist,%I,%L (Microsoft Corporation)
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
 
========== Security Center Settings ==========
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 0
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"AntiVirusOverride" = 1
"AntiSpywareOverride" = 0
"FirewallOverride" = 0
"VistaSp1" = Reg Error: Unknown registry data type -- File not found
 
========== Firewall Settings ==========
 
========== Authorized Applications List ==========
 
 
========== HKEY_LOCAL_MACHINE Uninstall List ==========
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{01590C21-E8BF-444D-8FC4-DBD132CA1962}" = Windows Vista Upgrade Advisor
"{052FDD78-A6EA-3187-8386-C82F4CA3A929}" = Microsoft .NET Framework 3.5 Language Pack SP1 - deu
"{1199FAD5-9546-44f3-81CF-FFDB8040B7BF}_Canon_iP4800_series" = Canon iP4800 series Printer Driver
"{1199FAD5-9546-44f3-81CF-FFDB8040B7BF}_Canon_MP270_series" = Canon MP270 series MP Drivers
"{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
"{3248F0A8-6813-11D6-A77B-00B0D0160060}" = Java(TM) 6 Update 6
"{3C3901C5-3455-3E0A-A214-0B093A5070A6}" = Microsoft .NET Framework 4 Client Profile
"{4A57592C-FF92-4083-97A9-92783BD5AFB4}" = BisonCam, NB Pro
"{4BB1DCED-84D3-47F9-B718-5947E904593E}" = BisonCam
"{4C552FD3-2CCD-4E00-AC64-0681DBB3F8B5}" = OpenOffice.org 3.4
"{57C39411-6747-489C-A226-46885FB0D2D0}" = DriverBoost
"{5A3C1721-F8ED-11E0-8AFB-B8AC6F97B88E}" = Google Earth
"{5DA8F6CD-C70E-39D8-8430-3D9808D6BD17}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30411
"{81A6F461-0DBA-4F12-B56F-0E977EC10576}_is1" = PDF24 Creator 4.4.3
"{86D4B82A-ABED-442A-BE86-96357B70F4FE}" = Ask Toolbar
"{895722FE-25FE-4854-95AC-B0C42F9DBEDA}" = REALTEK RTL8187B Wireless LAN Driver
"{90110407-6000-11D3-8CFE-0150048383C9}" = Microsoft Office Professional Edition 2003
"{90120000-0020-0407-0000-0000000FF1CE}" = Compatibility Pack für 2007 Office System
"{933B4015-4618-4716-A828-5289FC03165F}" = VC80CRTRedist - 8.0.50727.6195
"{9BE518E6-ECC6-35A9-88E4-87755C07200F}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
"{A87B11AC-4344-4E5D-8B12-8F471A87DAD9}" = LightScribe  1.4.136.1
"{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}" = Google Update Helper
"{AC76BA86-7AD7-1031-7B44-A81200000003}" = Adobe Reader 8.1.2 - Deutsch
"{B729B3C1-55A9-45FB-B7AD-D6A42DA8C883}" = Hotkey_Driver
"{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}" = Microsoft .NET Framework 3.5 SP1
"{EE7257A2-39A2-4D2F-9DAC-F9F25B8AE1D8}" = Skype™ 5.8
"{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}" = Microsoft Visual C++ 2010  x86 Redistributable - 10.0.40219
"{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}" = Realtek High Definition Audio Driver
"{F750C986-5310-3A5A-95F8-4EC71C8AC01C}" = Microsoft .NET Framework 4 Client Profile DEU Language Pack
"Adobe Flash Player ActiveX" = Adobe Flash Player 10 ActiveX
"Adobe Flash Player Plugin" = Adobe Flash Player 11 Plugin
"Avira AntiVir Desktop" = Avira Free Antivirus
"DivX Setup" = DivX-Setup
"ESET Online Scanner" = ESET Online Scanner v3
"Malwarebytes' Anti-Malware_is1" = Malwarebytes Anti-Malware Version 1.61.0.1400
"Microsoft .NET Framework 3.5 Language Pack SP1 - deu" = Microsoft .NET Framework 3.5 Language Pack SP1 - DEU
"Microsoft .NET Framework 3.5 SP1" = Microsoft .NET Framework 3.5 SP1
"Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile
"Microsoft .NET Framework 4 Client Profile DEU Language Pack" = Microsoft .NET Framework 4 Client Profile DEU Language Pack
"Mozilla Firefox 12.0 (x86 de)" = Mozilla Firefox 12.0 (x86 de)
"SiS VGA Utilities" = SiS VGA Utilities
"SynTPDeinstKey" = Synaptics Pointing Device Driver
"WinRAR archiver" = WinRAR 4.11 (32-Bit)
 
========== Last 20 Event Log Errors ==========
 
[ Application Events ]
Error - 05.06.2012 04:52:12 | Computer Name = Maria-PC | Source = WinMgmt | ID = 10
Description =
 
Error - 05.06.2012 05:17:14 | Computer Name = Maria-PC | Source = WinMgmt | ID = 10
Description =
 
Error - 05.06.2012 11:53:41 | Computer Name = Maria-PC | Source = WinMgmt | ID = 10
Description =
 
Error - 06.06.2012 04:06:25 | Computer Name = Maria-PC | Source = WinMgmt | ID = 10
Description =
 
Error - 06.06.2012 08:07:58 | Computer Name = Maria-PC | Source = WinMgmt | ID = 10
Description =
 
Error - 06.06.2012 16:09:22 | Computer Name = Maria-PC | Source = WinMgmt | ID = 10
Description =
 
Error - 07.06.2012 01:22:15 | Computer Name = Maria-PC | Source = WinMgmt | ID = 10
Description =
 
Error - 10.06.2012 08:29:32 | Computer Name = Maria-PC | Source = WinMgmt | ID = 10
Description =
 
Error - 10.06.2012 13:48:24 | Computer Name = Maria-PC | Source = WinMgmt | ID = 10
Description =
 
Error - 11.06.2012 09:54:57 | Computer Name = Maria-PC | Source = WinMgmt | ID = 10
Description =
 
Error - 12.06.2012 03:29:26 | Computer Name = Maria-PC | Source = WinMgmt | ID = 10
Description =
 
[ System Events ]
Error - 11.06.2012 09:54:15 | Computer Name = Maria-PC | Source = HTTP | ID = 15016
Description =
 
Error - 11.06.2012 09:54:57 | Computer Name = Maria-PC | Source = Service Control Manager | ID = 7000
Description =
 
Error - 11.06.2012 09:54:57 | Computer Name = Maria-PC | Source = Service Control Manager | ID = 7023
Description =
 
Error - 11.06.2012 09:54:57 | Computer Name = Maria-PC | Source = Service Control Manager | ID = 7003
Description =
 
Error - 11.06.2012 09:54:57 | Computer Name = Maria-PC | Source = Service Control Manager | ID = 7003
Description =
 
Error - 12.06.2012 03:28:34 | Computer Name = Maria-PC | Source = HTTP | ID = 15016
Description =
 
Error - 12.06.2012 03:29:27 | Computer Name = Maria-PC | Source = Service Control Manager | ID = 7000
Description =
 
Error - 12.06.2012 03:29:27 | Computer Name = Maria-PC | Source = Service Control Manager | ID = 7023
Description =
 
Error - 12.06.2012 03:29:27 | Computer Name = Maria-PC | Source = Service Control Manager | ID = 7003
Description =
 
Error - 12.06.2012 03:29:27 | Computer Name = Maria-PC | Source = Service Control Manager | ID = 7003
Description =
 
 
< End of report >
--- --- ---


Danke, lg Michi

cosinus 12.06.2012 13:46
Mach einen OTL-Fix, beende alle evtl. geöffneten Programme, auch Virenscanner deaktivieren (!), starte OTL und kopiere folgenden Text in die "Custom Scan/Fixes" Box (unten in OTL): (das ":OTL" muss mitkopiert werden!!!)

Hinweis: Falls Du Deinen Benutzernamen unkenntlich gemacht hast, musst Du das Ausgesternte in Deinen richtigen Benutzernamen wieder verwandeln, sonst funktioniert das Script nicht!!

Code:
:OTL
IE - HKU\S-1-5-21-3832732525-3784774232-697464651-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Secondary_Page_URL = www.chiliGREEN.com [binary data]
IE - HKU\S-1-5-21-3832732525-3784774232-697464651-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Search Bar = http://www.google.com/ie
IE - HKU\S-1-5-21-3832732525-3784774232-697464651-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://www.google.com
IE - HKU\S-1-5-21-3832732525-3784774232-697464651-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.ask.com/?l=dis&o=15768
IE - HKU\S-1-5-21-3832732525-3784774232-697464651-1000\SOFTWARE\Microsoft\Internet Explorer\Main,StartPageCache = 1
IE - HKU\S-1-5-21-3832732525-3784774232-697464651-1000\..\URLSearchHook: {00000000-6E41-4FD3-8538-502F5495E5FC} - C:\Programme\Ask.com\GenericAskToolbar.dll (Ask)
IE - HKU\S-1-5-21-3832732525-3784774232-697464651-1000\..\URLSearchHook: {d40b90b4-d3b1-4d6b-a5d7-dc041c1b76c0} - No CLSID value found
IE - HKU\S-1-5-21-3832732525-3784774232-697464651-1000\..\SearchScopes,DefaultScope = {171DEBEB-C3D4-40b7-AC73-056A5EBA4A7E}
IE - HKU\S-1-5-21-3832732525-3784774232-697464651-1000\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://search.live.com/results.aspx?q={searchTerms}&src={referrer:source?}
IE - HKU\S-1-5-21-3832732525-3784774232-697464651-1000\..\SearchScopes\{171DEBEB-C3D4-40b7-AC73-056A5EBA4A7E}: "URL" = http://websearch.ask.com/redirect?client=ie&tb=NDV&o=15765&src=crm&q={searchTerms}&locale=de_US&apn_ptnrs=NY&apn_dtid=YYYYYYUHAT&apn_uid=020BA272-E1C2-448B-A773-0E41D81800A4&apn_sauid=A26D2F8A-964E-4E03-8AFA-FF0C32815665&
IE - HKU\S-1-5-21-3832732525-3784774232-697464651-1000\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = http://www.google.com/search?q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&sourceid=ie7&rlz=1I7GPEA_deAT291
IE - HKU\S-1-5-21-3832732525-3784774232-697464651-1000\..\SearchScopes\{CFF4DB9B-135F-47c0-9269-B4C6572FD61A}: "URL" = http://mystart.incredimail.com/?search={searchTerms}&loc=search_box&a=1jSpp2L5yWk
FF - prefs.js..browser.search.defaultenginename: "MyStart Search"
FF - prefs.js..browser.search.selectedEngine: "MyStart Search"
FF - prefs.js..browser.startup.homepage: "https://www.startpage.com/"
FF - prefs.js..extensions.enabledItems: engine@conduit.com:3.2.5.2
FF - prefs.js..keyword.URL: "http://mystart.incredimail.com/?loc=ff_address_bar_im2_test_v2&search="
FF - user.js - File not found
[2010.07.27 10:36:31 | 000,000,000 | ---D | M] (Microsoft .NET Framework Assistant) -- C:\Users\Maria\AppData\Roaming\mozilla\Firefox\Profiles\xhrfwojo.default\extensions\{20a82645-c095-46ed-80e3-08825760534b}
[2012.05.30 18:32:32 | 000,000,000 | ---D | M] (IncrediMail MediaBar 2 Community Toolbar) -- C:\Users\Maria\AppData\Roaming\mozilla\Firefox\Profiles\xhrfwojo.default\extensions\{d40b90b4-d3b1-4d6b-a5d7-dc041c1b76c0}
[2011.03.03 20:20:51 | 000,000,000 | ---D | M] (Conduit Engine) -- C:\Users\Maria\AppData\Roaming\mozilla\Firefox\Profiles\xhrfwojo.default\extensions\engine@conduit.com
[2012.06.05 10:49:20 | 000,000,000 | ---D | M] (Ask Toolbar) -- C:\Users\Maria\AppData\Roaming\mozilla\Firefox\Profiles\xhrfwojo.default\extensions\toolbar@ask.com
[2011.11.17 19:25:44 | 000,002,333 | ---- | M] () -- C:\Users\Maria\AppData\Roaming\Mozilla\Firefox\Profiles\xhrfwojo.default\searchplugins\askcom.xml
[2011.08.21 21:18:50 | 000,002,185 | ---- | M] () -- C:\Users\Maria\AppData\Roaming\Mozilla\Firefox\Profiles\xhrfwojo.default\searchplugins\MyStart Search.xml
O2 - BHO: (Ask Toolbar) - {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Programme\Ask.com\GenericAskToolbar.dll (Ask)
O3 - HKLM\..\Toolbar: (Ask Toolbar) - {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Programme\Ask.com\GenericAskToolbar.dll (Ask)
O3 - HKU\S-1-5-21-3832732525-3784774232-697464651-1000\..\Toolbar\WebBrowser: (no name) - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - No CLSID value found.
O3 - HKU\S-1-5-21-3832732525-3784774232-697464651-1000\..\Toolbar\WebBrowser: (no name) - {30F9B915-B755-4826-820B-08FBA6BD249D} - No CLSID value found.
O3 - HKU\S-1-5-21-3832732525-3784774232-697464651-1000\..\Toolbar\WebBrowser: (Ask Toolbar) - {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Programme\Ask.com\GenericAskToolbar.dll (Ask)
O4 - HKLM..\Run: []  File not found
O4 - HKLM..\Run: [ApnUpdater] C:\Program Files\Ask.com\Updater\Updater.exe (Ask)
O9 - Extra Button: Europa Casino - {4C826F10-D34B-4ba8-B609-1FB8C6482A05} - C:\Casino\Europa Casino\casino.exe File not found
O9 - Extra 'Tools' menuitem : Europa Casino - {4C826F10-D34B-4ba8-B609-1FB8C6482A05} - C:\Casino\Europa Casino\casino.exe File not found
O9 - Extra Button: PartyCasino - {B4B52284-A248-4c51-9F7C-F0A0C67FCC9D} - C:\Programs\PartyGaming\PartyCasino\RunApp.exe File not found
O9 - Extra 'Tools' menuitem : PartyCasino - {B4B52284-A248-4c51-9F7C-F0A0C67FCC9D} - C:\Programs\PartyGaming\PartyCasino\RunApp.exe File not found
O15 - HKU\S-1-5-21-3832732525-3784774232-697464651-1000\..Trusted Domains: partyaccount.com ([secure] https in Vertrauenswürdige Sites)
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2006.09.18 23:43:36 | 000,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ]
:Files
C:\ProgramData\mtbjfghn.xbe
C:\Programme\Ask.com
:Commands
[purity]
[emptytemp]
[emptyflash]
[resethosts]
Klick dann oben links auf den Button Fix!
Das Logfile müsste geöffnet werden, wenn Du nach dem Fixen auf ok klickst, poste das bitte. Evtl. wird der Rechner neu gestartet.

Die mit diesem Script gefixten Einträge, Dateien und Ordner werden zur Sicherheit nicht vollständig gelöscht, es wird eine Sicherheitskopie auf der Systempartition im Ordner "_OTL" erstellt.

Hinweis: Das obige Script ist nur für diesen einen User in dieser Situtation erstellt worden. Es ist auf keinen anderen Rechner portierbar und darf nicht anderweitig verwandt werden, da es das System nachhaltig schädigen kann!

Morwen 12.06.2012 14:54
Hallo, hier das OTL log:

Code:
All processes killed
========== OTL ==========
HKU\S-1-5-21-3832732525-3784774232-697464651-1000\SOFTWARE\Microsoft\Internet Explorer\Main\\Default_Secondary_Page_URL| /E : value set successfully!
HKU\S-1-5-21-3832732525-3784774232-697464651-1000\SOFTWARE\Microsoft\Internet Explorer\Main\\Search Bar| /E : value set successfully!
HKU\S-1-5-21-3832732525-3784774232-697464651-1000\SOFTWARE\Microsoft\Internet Explorer\Main\\Search Page| /E : value set successfully!
HKU\S-1-5-21-3832732525-3784774232-697464651-1000\SOFTWARE\Microsoft\Internet Explorer\Main\\Start Page| /E : value set successfully!
HKU\S-1-5-21-3832732525-3784774232-697464651-1000\SOFTWARE\Microsoft\Internet Explorer\Main\\StartPageCache| /E : value set successfully!
Registry value HKEY_USERS\S-1-5-21-3832732525-3784774232-697464651-1000\Software\Microsoft\Internet Explorer\URLSearchHooks\\{00000000-6E41-4FD3-8538-502F5495E5FC} not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{00000000-6E41-4FD3-8538-502F5495E5FC}\ not found.
File C:\Programme\Ask.com\GenericAskToolbar.dll not found.
Registry value HKEY_USERS\S-1-5-21-3832732525-3784774232-697464651-1000\Software\Microsoft\Internet Explorer\URLSearchHooks\\{d40b90b4-d3b1-4d6b-a5d7-dc041c1b76c0} not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{d40b90b4-d3b1-4d6b-a5d7-dc041c1b76c0}\ not found.
HKEY_USERS\S-1-5-21-3832732525-3784774232-697464651-1000\Software\Microsoft\Internet Explorer\SearchScopes\\DefaultScope| /E : value set successfully!
Registry key HKEY_USERS\S-1-5-21-3832732525-3784774232-697464651-1000\Software\Microsoft\Internet Explorer\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}\ not found.
Registry key HKEY_USERS\S-1-5-21-3832732525-3784774232-697464651-1000\Software\Microsoft\Internet Explorer\SearchScopes\{171DEBEB-C3D4-40b7-AC73-056A5EBA4A7E}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{171DEBEB-C3D4-40b7-AC73-056A5EBA4A7E}\ not found.
Registry key HKEY_USERS\S-1-5-21-3832732525-3784774232-697464651-1000\Software\Microsoft\Internet Explorer\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}\ not found.
Registry key HKEY_USERS\S-1-5-21-3832732525-3784774232-697464651-1000\Software\Microsoft\Internet Explorer\SearchScopes\{CFF4DB9B-135F-47c0-9269-B4C6572FD61A}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{CFF4DB9B-135F-47c0-9269-B4C6572FD61A}\ not found.
Prefs.js: "MyStart Search" removed from browser.search.defaultenginename
Prefs.js: "MyStart Search" removed from browser.search.selectedEngine
Prefs.js: "https://www.startpage.com/" removed from browser.startup.homepage
Prefs.js: engine@conduit.com:3.2.5.2 removed from extensions.enabledItems
Prefs.js: "hxxp://mystart.incredimail.com/?loc=ff_address_bar_im2_test_v2&search=" removed from keyword.URL
Folder C:\Users\Maria\AppData\Roaming\mozilla\Firefox\Profiles\xhrfwojo.default\extensions\{20a82645-c095-46ed-80e3-08825760534b}\ not found.
Folder C:\Users\Maria\AppData\Roaming\mozilla\Firefox\Profiles\xhrfwojo.default\extensions\{d40b90b4-d3b1-4d6b-a5d7-dc041c1b76c0}\ not found.
Folder C:\Users\Maria\AppData\Roaming\mozilla\Firefox\Profiles\xhrfwojo.default\extensions\engine@conduit.com\ not found.
Folder C:\Users\Maria\AppData\Roaming\mozilla\Firefox\Profiles\xhrfwojo.default\extensions\toolbar@ask.com\ not found.
File C:\Users\Maria\AppData\Roaming\Mozilla\Firefox\Profiles\xhrfwojo.default\searchplugins\askcom.xml not found.
File C:\Users\Maria\AppData\Roaming\Mozilla\Firefox\Profiles\xhrfwojo.default\searchplugins\MyStart Search.xml not found.
Registry key HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{D4027C7F-154A-4066-A1AD-4243D8127440}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{D4027C7F-154A-4066-A1AD-4243D8127440}\ not found.
File C:\Programme\Ask.com\GenericAskToolbar.dll not found.
Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Toolbar\\{D4027C7F-154A-4066-A1AD-4243D8127440} not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{D4027C7F-154A-4066-A1AD-4243D8127440}\ not found.
File C:\Programme\Ask.com\GenericAskToolbar.dll not found.
Registry value HKEY_USERS\S-1-5-21-3832732525-3784774232-697464651-1000\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\\{2318C2B1-4965-11D4-9B18-009027A5CD4F} not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{2318C2B1-4965-11D4-9B18-009027A5CD4F}\ not found.
Registry value HKEY_USERS\S-1-5-21-3832732525-3784774232-697464651-1000\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\\{30F9B915-B755-4826-820B-08FBA6BD249D} not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{30F9B915-B755-4826-820B-08FBA6BD249D}\ not found.
Registry value HKEY_USERS\S-1-5-21-3832732525-3784774232-697464651-1000\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\\{D4027C7F-154A-4066-A1AD-4243D8127440} not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{D4027C7F-154A-4066-A1AD-4243D8127440}\ not found.
File C:\Programme\Ask.com\GenericAskToolbar.dll not found.
Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run\\ not found.
Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run\\ApnUpdater not found.
File C:\Program Files\Ask.com\Updater\Updater.exe not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Extensions\{4C826F10-D34B-4ba8-B609-1FB8C6482A05}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{4C826F10-D34B-4ba8-B609-1FB8C6482A05}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Extensions\{4C826F10-D34B-4ba8-B609-1FB8C6482A05}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{4C826F10-D34B-4ba8-B609-1FB8C6482A05}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Extensions\{B4B52284-A248-4c51-9F7C-F0A0C67FCC9D}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{B4B52284-A248-4c51-9F7C-F0A0C67FCC9D}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Extensions\{B4B52284-A248-4c51-9F7C-F0A0C67FCC9D}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{B4B52284-A248-4c51-9F7C-F0A0C67FCC9D}\ not found.
Registry key HKEY_USERS\S-1-5-21-3832732525-3784774232-697464651-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\partyaccount.com\secure\ not found.
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Cdrom\\AutoRun|DWORD:1 /E : value set successfully!
File C:\autoexec.bat not found.
========== FILES ==========
File\Folder C:\ProgramData\mtbjfghn.xbe not found.
File\Folder C:\Programme\Ask.com not found.
========== COMMANDS ==========
 
[EMPTYTEMP]
 
User: All Users
 
User: Default
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
 
User: Default User
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
 
User: Maria
->Temp folder emptied: 48216 bytes
->Temporary Internet Files folder emptied: 4128634 bytes
->Java cache emptied: 0 bytes
->FireFox cache emptied: 7503270 bytes
->Flash cache emptied: 456 bytes
 
User: Public
 
%systemdrive% .tmp files removed: 0 bytes
%systemroot% .tmp files removed: 0 bytes
%systemroot%\System32 .tmp files removed: 0 bytes
%systemroot%\System32\drivers .tmp files removed: 0 bytes
Windows Temp folder emptied: 124491900 bytes
RecycleBin emptied: 40975717 bytes
 
Total Files Cleaned = 169,00 mb
 
 
[EMPTYFLASH]
 
User: All Users
 
User: Default
 
User: Default User
 
User: Maria
->Flash cache emptied: 0 bytes
 
User: Public
 
Total Flash Files Cleaned = 0,00 mb
 
C:\Windows\System32\drivers\etc\Hosts moved successfully.
HOSTS file reset successfully
 
OTL by OldTimer - Version 3.2.48.0 log created on 06122012_154712

Files\Folders moved on Reboot...

Registry entries deleted on Reboot...

Antivir zeigt Trojaner noch immer an. Lg, Michi

cosinus 12.06.2012 16:21
Bitte nun (im normalen Windows-Modus) dieses Tool von Kaspersky (TDSS-Killer) ausführen und das Log posten Anleitung und Downloadlink hier => http://www.trojaner-board.de/82358-t...entfernen.html

Hinweis: Bitte den Virenscanner abstellen bevor du den TDSS-Killer ausführst, denn v.a. Avira meldet im TDSS-Tool oft einen Fehalalrm!

Das Tool so einstellen wie unten im Bild angegeben - klick auf change parameters und setze die Haken wie im folgenden Screenshot abgebildet,
Dann auf Start Scan klicken und wenn es durch ist auf den Button Report klicken um das Log anzuzeigen. Dieses bitte komplett posten.
Wenn du das Log nicht findest oder den Inhalt kopieren und in dein Posting übertragen kannst, dann schau bitte direkt auf deiner Windows-Systempartition (meistens Laufwerk C:) nach, da speichert der TDSS-Killer seine Logs.

Hinweis: Bitte nichts voreilig mit dem TDSS-Killer löschen! Falls Objekte vom TDSS-Killer bemängelt werden, alle mit der Aktion "skip" behandeln und hier nur das Log posten!

http://saved.im/mtkwmtcxexhp/setting...8_16-25-18.jpg

Morwen 12.06.2012 16:58
Hier das log vom TDSS-Killer:

Code:
17:52:42.0830 3824        TDSS rootkit removing tool 2.7.36.0 May 21 2012 16:40:16
17:52:42.0924 3824        ============================================================
17:52:42.0924 3824        Current date / time: 2012/06/12 17:52:42.0924
17:52:42.0924 3824        SystemInfo:
17:52:42.0924 3824       
17:52:42.0924 3824        OS Version: 6.0.6001 ServicePack: 1.0
17:52:42.0924 3824        Product type: Workstation
17:52:42.0924 3824        ComputerName: MARIA-PC
17:52:42.0924 3824        UserName: Maria
17:52:42.0924 3824        Windows directory: C:\Windows
17:52:42.0924 3824        System windows directory: C:\Windows
17:52:42.0924 3824        Processor architecture: Intel x86
17:52:42.0924 3824        Number of processors: 1
17:52:42.0924 3824        Page size: 0x1000
17:52:42.0924 3824        Boot type: Normal boot
17:52:42.0924 3824        ============================================================
17:52:44.0439 3824        Drive \Device\Harddisk0\DR0 - Size: 0x1BF2976000 (111.79 Gb), SectorSize: 0x200, Cylinders: 0x3901, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000050
17:52:44.0439 3824        ============================================================
17:52:44.0439 3824        \Device\Harddisk0\DR0:
17:52:44.0439 3824        MBR partitions:
17:52:44.0439 3824        \Device\Harddisk0\DR0\Partition0: MBR, Type 0x7, StartLBA 0x9C6800, BlocksNum 0x6207800
17:52:44.0439 3824        \Device\Harddisk0\DR0\Partition1: MBR, Type 0x7, StartLBA 0x6BCE000, BlocksNum 0x73C6000
17:52:44.0439 3824        ============================================================
17:52:44.0486 3824        C: <-> \Device\Harddisk0\DR0\Partition0
17:52:44.0611 3824        E: <-> \Device\Harddisk0\DR0\Partition1
17:52:44.0611 3824        ============================================================
17:52:44.0611 3824        Initialize success
17:52:44.0611 3824        ============================================================
17:52:56.0236 3340        ============================================================
17:52:56.0236 3340        Scan started
17:52:56.0236 3340        Mode: Manual; SigCheck; TDLFS;
17:52:56.0236 3340        ============================================================
17:52:58.0721 3340        ACPI            (fcb8c7210f0135e24c6580f7f649c73c) C:\Windows\system32\drivers\acpi.sys
17:52:58.0846 3340        ACPI - ok
17:52:58.0939 3340        adp94xx        (04f0fcac69c7c71a3ac4eb97fafc8303) C:\Windows\system32\drivers\adp94xx.sys
17:52:58.0971 3340        adp94xx - ok
17:52:59.0033 3340        adpahci        (60505e0041f7751bdbb80f88bf45c2ce) C:\Windows\system32\drivers\adpahci.sys
17:52:59.0064 3340        adpahci - ok
17:52:59.0111 3340        adpu160m        (8a42779b02aec986eab64ecfc98f8bd7) C:\Windows\system32\drivers\adpu160m.sys
17:52:59.0127 3340        adpu160m - ok
17:52:59.0174 3340        adpu320        (241c9e37f8ce45ef51c3de27515ca4e5) C:\Windows\system32\drivers\adpu320.sys
17:52:59.0205 3340        adpu320 - ok
17:52:59.0267 3340        AeLookupSvc    (9d1fda9e086ba64e3c93c9de32461bcf) C:\Windows\System32\aelupsvc.dll
17:52:59.0408 3340        AeLookupSvc - ok
17:52:59.0502 3340        AFD            (48eb99503533c27ac6135648e5474457) C:\Windows\system32\drivers\afd.sys
17:52:59.0611 3340        AFD - ok
17:52:59.0674 3340        aic78xx        (ae1fdf7bf7bb6c6a70f67699d880592a) C:\Windows\system32\drivers\djsvs.sys
17:52:59.0689 3340        aic78xx - ok
17:52:59.0721 3340        ALG            (a1545b731579895d8cc44fc0481c1192) C:\Windows\System32\alg.exe
17:52:59.0892 3340        ALG - ok
17:52:59.0939 3340        aliide          (9eaef5fc9b8e351afa7e78a6fae91f91) C:\Windows\system32\drivers\aliide.sys
17:52:59.0955 3340        aliide - ok
17:53:00.0002 3340        amdagp          (c47344bc706e5f0b9dce369516661578) C:\Windows\system32\drivers\amdagp.sys
17:53:00.0017 3340        amdagp - ok
17:53:00.0049 3340        amdide          (9b78a39a4c173fdbc1321e0dd659b34c) C:\Windows\system32\drivers\amdide.sys
17:53:00.0064 3340        amdide - ok
17:53:00.0096 3340        AmdK7          (18f29b49ad23ecee3d2a826c725c8d48) C:\Windows\system32\drivers\amdk7.sys
17:53:00.0158 3340        AmdK7 - ok
17:53:00.0189 3340        AmdK8          (93ae7f7dd54ab986a6f1a1b37be7442d) C:\Windows\system32\drivers\amdk8.sys
17:53:00.0236 3340        AmdK8 - ok
17:53:00.0986 3340        AntiVirSchedulerService (466a0d95960dad3222c896d2cea99993) C:\Program Files\Avira\AntiVir Desktop\sched.exe
17:53:01.0017 3340        AntiVirSchedulerService - ok
17:53:01.0111 3340        AntiVirService  (a489be6bb0aa1ff406b488b60542314b) C:\Program Files\Avira\AntiVir Desktop\avguard.exe
17:53:01.0127 3340        AntiVirService - ok
17:53:01.0205 3340        Appinfo        (c6d704c7f0434dc791aac37cac4b6e14) C:\Windows\System32\appinfo.dll
17:53:01.0283 3340        Appinfo - ok
17:53:01.0377 3340        arc            (5d2888182fb46632511acee92fdad522) C:\Windows\system32\drivers\arc.sys
17:53:01.0377 3340        arc - ok
17:53:01.0439 3340        arcsas          (5e2a321bd7c8b3624e41fdec3e244945) C:\Windows\system32\drivers\arcsas.sys
17:53:01.0439 3340        arcsas - ok
17:53:01.0486 3340        AsyncMac        (53b202abee6455406254444303e87be1) C:\Windows\system32\DRIVERS\asyncmac.sys
17:53:01.0549 3340        AsyncMac - ok
17:53:01.0596 3340        atapi          (2d9c903dc76a66813d350a562de40ed9) C:\Windows\system32\drivers\atapi.sys
17:53:01.0611 3340        atapi - ok
17:53:01.0721 3340        AudioEndpointBuilder (42076e29aafa0830a2c5d4e310f58dd1) C:\Windows\System32\Audiosrv.dll
17:53:01.0767 3340        AudioEndpointBuilder - ok
17:53:01.0783 3340        Audiosrv        (42076e29aafa0830a2c5d4e310f58dd1) C:\Windows\System32\Audiosrv.dll
17:53:01.0814 3340        Audiosrv - ok
17:53:01.0924 3340        avgntflt        (d5541f0afb767e85fc412fc609d96a74) C:\Windows\system32\DRIVERS\avgntflt.sys
17:53:01.0955 3340        avgntflt - ok
17:53:02.0033 3340        avipbb          (7d967a682d4694df7fa57d63a2db01fe) C:\Windows\system32\DRIVERS\avipbb.sys
17:53:02.0049 3340        avipbb - ok
17:53:02.0080 3340        avkmgr          (271cfd1a989209b1964e24d969552bf7) C:\Windows\system32\DRIVERS\avkmgr.sys
17:53:02.0096 3340        avkmgr - ok
17:53:02.0174 3340        Beep            (67e506b75bd5326a3ec7b70bd014dfb6) C:\Windows\system32\drivers\Beep.sys
17:53:02.0221 3340        Beep - ok
17:53:02.0471 3340        BITS            (02ed7b4dbc2a3232a389106da7515c3d) C:\Windows\System32\qmgr.dll
17:53:02.0580 3340        BITS - ok
17:53:02.0705 3340        blbdrive        (d4df28447741fd3d953526e33a617397) C:\Windows\system32\drivers\blbdrive.sys
17:53:02.0799 3340        blbdrive - ok
17:53:02.0846 3340        bowser          (8153396d5551276227fa146900f734e6) C:\Windows\system32\DRIVERS\bowser.sys
17:53:02.0924 3340        bowser - ok
17:53:02.0971 3340        BrFiltLo        (9f9acc7f7ccde8a15c282d3f88b43309) C:\Windows\system32\drivers\brfiltlo.sys
17:53:03.0017 3340        BrFiltLo - ok
17:53:03.0049 3340        BrFiltUp        (56801ad62213a41f6497f96dee83755a) C:\Windows\system32\drivers\brfiltup.sys
17:53:03.0111 3340        BrFiltUp - ok
17:53:03.0174 3340        Browser        (a3629a0c4226f9e9c72faaeebc3ad33c) C:\Windows\System32\browser.dll
17:53:03.0236 3340        Browser - ok
17:53:03.0455 3340        Brserid        (b304e75cff293029eddf094246747113) C:\Windows\system32\drivers\brserid.sys
17:53:03.0736 3340        Brserid - ok
17:53:03.0783 3340        BrSerWdm        (203f0b1e73adadbbb7b7b1fabd901f6b) C:\Windows\system32\drivers\brserwdm.sys
17:53:03.0877 3340        BrSerWdm - ok
17:53:03.0971 3340        BrUsbMdm        (bd456606156ba17e60a04e18016ae54b) C:\Windows\system32\drivers\brusbmdm.sys
17:53:04.0064 3340        BrUsbMdm - ok
17:53:04.0064 3340        BrUsbSer        (af72ed54503f717a43268b3cc5faec2e) C:\Windows\system32\drivers\brusbser.sys
17:53:04.0189 3340        BrUsbSer - ok
17:53:04.0252 3340        BTHMODEM        (ad07c1ec6665b8b35741ab91200c6b68) C:\Windows\system32\drivers\bthmodem.sys
17:53:04.0330 3340        BTHMODEM - ok
17:53:04.0549 3340        Cam5607        (9d70c145a3a91b3fdec2415bb5c7023d) C:\Windows\system32\Drivers\BisonC07.sys
17:53:04.0736 3340        Cam5607 - ok
17:53:04.0814 3340        cdfs            (7add03e75beb9e6dd102c3081d29840a) C:\Windows\system32\DRIVERS\cdfs.sys
17:53:04.0861 3340        cdfs - ok
17:53:04.0939 3340        cdrom          (1ec25cea0de6ac4718bf89f9e1778b57) C:\Windows\system32\DRIVERS\cdrom.sys
17:53:05.0017 3340        cdrom - ok
17:53:05.0049 3340        CertPropSvc    (87c2d0377b23e2d8a41093c2f5fb1a5b) C:\Windows\System32\certprop.dll
17:53:05.0111 3340        CertPropSvc - ok
17:53:05.0158 3340        circlass        (e5d4133f37219dbcfe102bc61072589d) C:\Windows\system32\drivers\circlass.sys
17:53:05.0189 3340        circlass - ok
17:53:05.0283 3340        CLFS            (465745561c832b29f7c48b488aab3842) C:\Windows\system32\CLFS.sys
17:53:05.0314 3340        CLFS - ok
17:53:06.0502 3340        clr_optimization_v2.0.50727_32 (d87acaed61e417bba546ced5e7e36d9c) C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe
17:53:06.0580 3340        clr_optimization_v2.0.50727_32 - ok
17:53:06.0721 3340        clr_optimization_v4.0.30319_32 (c5a75eb48e2344abdc162bda79e16841) C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe
17:53:06.0736 3340        clr_optimization_v4.0.30319_32 - ok
17:53:06.0799 3340        CmBatt          (99afc3795b58cc478fbbbcdc658fcb56) C:\Windows\system32\DRIVERS\CmBatt.sys
17:53:06.0846 3340        CmBatt - ok
17:53:06.0892 3340        cmdide          (0ca25e686a4928484e9fdabd168ab629) C:\Windows\system32\drivers\cmdide.sys
17:53:06.0908 3340        cmdide - ok
17:53:06.0924 3340        Compbatt        (6afef0b60fa25de07c0968983ee4f60a) C:\Windows\system32\DRIVERS\compbatt.sys
17:53:06.0939 3340        Compbatt - ok
17:53:06.0955 3340        COMSysApp - ok
17:53:06.0986 3340        crcdisk        (741e9dff4f42d2d8477d0fc1dc0df871) C:\Windows\system32\drivers\crcdisk.sys
17:53:07.0002 3340        crcdisk - ok
17:53:07.0033 3340        Crusoe          (1f07becdca750766a96cda811ba86410) C:\Windows\system32\drivers\crusoe.sys
17:53:07.0080 3340        Crusoe - ok
17:53:07.0158 3340        CryptSvc        (6de363f9f99334514c46aec02d3e3678) C:\Windows\system32\cryptsvc.dll
17:53:07.0189 3340        CryptSvc - ok
17:53:07.0596 3340        DcomLaunch      (301ae00e12408650baddc04dbc832830) C:\Windows\system32\rpcss.dll
17:53:07.0689 3340        DcomLaunch - ok
17:53:07.0767 3340        DfsC            (a3e9fa213f443ac77c7746119d13feec) C:\Windows\system32\Drivers\dfsc.sys
17:53:07.0830 3340        DfsC - ok
17:53:08.0314 3340        DFSR            (fa3463f25f9cc9c3bcf1e7912feff099) C:\Windows\system32\DFSR.exe
17:53:08.0549 3340        DFSR - ok
17:53:08.0799 3340        Dhcp            (43a988a9c10333476cb5fb667cbd629d) C:\Windows\System32\dhcpcsvc.dll
17:53:08.0892 3340        Dhcp - ok
17:53:08.0971 3340        disk            (64109e623abd6955c8fb110b592e68b7) C:\Windows\system32\drivers\disk.sys
17:53:08.0986 3340        disk - ok
17:53:09.0049 3340        Dnscache        (4805d9a6d281c7a7defd9094dec6af7d) C:\Windows\System32\dnsrslvr.dll
17:53:09.0127 3340        Dnscache - ok
17:53:09.0189 3340        dot3svc        (5af620a08c614e24206b79e8153cf1a8) C:\Windows\System32\dot3svc.dll
17:53:09.0283 3340        dot3svc - ok
17:53:09.0455 3340        DPS            (a622e888f8aa2f6b49e9bc466f0e5def) C:\Windows\system32\dps.dll
17:53:09.0502 3340        DPS - ok
17:53:09.0564 3340        drmkaud        (97fef831ab90bee128c9af390e243f80) C:\Windows\system32\drivers\drmkaud.sys
17:53:09.0611 3340        drmkaud - ok
17:53:09.0736 3340        DXGKrnl        (85f33880b8cfb554bd3d9ccdb486845a) C:\Windows\System32\drivers\dxgkrnl.sys
17:53:09.0846 3340        DXGKrnl - ok
17:53:09.0908 3340        E1G60          (5425f74ac0c1dbd96a1e04f17d63f94c) C:\Windows\system32\DRIVERS\E1G60I32.sys
17:53:09.0971 3340        E1G60 - ok
17:53:10.0017 3340        EapHost        (c0b95e40d85cd807d614e264248a45b9) C:\Windows\System32\eapsvc.dll
17:53:10.0080 3340        EapHost - ok
17:53:10.0142 3340        Ecache          (dd2cd259d83d8b72c02c5f2331ff9d68) C:\Windows\system32\drivers\ecache.sys
17:53:10.0158 3340        Ecache - ok
17:53:10.0252 3340        elxstor        (23b62471681a124889978f6295b3f4c6) C:\Windows\system32\drivers\elxstor.sys
17:53:10.0314 3340        elxstor - ok
17:53:10.0439 3340        EMDMgmt        (70b1a86df0c8ead17d2bc332edae2c7c) C:\Windows\system32\emdmgmt.dll
17:53:10.0533 3340        EMDMgmt - ok
17:53:10.0611 3340        EMSCR          (fc37a2212b56663bbabef748266a58c7) C:\Windows\system32\DRIVERS\EMS7SK.sys
17:53:10.0658 3340        EMSCR - ok
17:53:10.0689 3340        ErrDev          (3db974f3935483555d7148663f726c61) C:\Windows\system32\drivers\errdev.sys
17:53:10.0752 3340        ErrDev - ok
17:53:10.0783 3340        ESDCR          (a498240d0e1f0b27702e3df77b0c6e56) C:\Windows\system32\DRIVERS\ESD7SK.sys
17:53:10.0830 3340        ESDCR - ok
17:53:10.0955 3340        EventSystem    (3cb3343d720168b575133a0a20dc2465) C:\Windows\system32\es.dll
17:53:11.0064 3340        EventSystem - ok
17:53:11.0111 3340        exfat          (0d858eb20589a34efb25695acaa6aa2d) C:\Windows\system32\drivers\exfat.sys
17:53:11.0174 3340        exfat - ok
17:53:11.0221 3340        fastfat        (3c489390c2e2064563727752af8eab9e) C:\Windows\system32\drivers\fastfat.sys
17:53:11.0283 3340        fastfat - ok
17:53:11.0330 3340        fdc            (afe1e8b9782a0dd7fb46bbd88e43f89a) C:\Windows\system32\DRIVERS\fdc.sys
17:53:11.0392 3340        fdc - ok
17:53:11.0439 3340        fdPHost        (6629b5f0e98151f4afdd87567ea32ba3) C:\Windows\system32\fdPHost.dll
17:53:11.0517 3340        fdPHost - ok
17:53:11.0564 3340        FDResPub        (89ed56dce8e47af40892778a5bd31fd2) C:\Windows\system32\fdrespub.dll
17:53:11.0611 3340        FDResPub - ok
17:53:11.0642 3340        FileInfo        (a8c0139a884861e3aae9cfe73b208a9f) C:\Windows\system32\drivers\fileinfo.sys
17:53:11.0658 3340        FileInfo - ok
17:53:11.0689 3340        Filetrace      (0ae429a696aecbc5970e3cf2c62635ae) C:\Windows\system32\drivers\filetrace.sys
17:53:11.0736 3340        Filetrace - ok
17:53:11.0783 3340        flpydisk        (85b7cf99d532820495d68d747fda9ebd) C:\Windows\system32\DRIVERS\flpydisk.sys
17:53:11.0830 3340        flpydisk - ok
17:53:11.0908 3340        FltMgr          (05ea53afe985443011e36dab07343b46) C:\Windows\system32\drivers\fltmgr.sys
17:53:11.0939 3340        FltMgr - ok
17:53:12.0049 3340        FontCache3.0.0.0 (c9be08664611ddaf98e2331e9288b00b) C:\Windows\Microsoft.Net\Framework\v3.0\WPF\PresentationFontCache.exe
17:53:12.0064 3340        FontCache3.0.0.0 - ok
17:53:12.0096 3340        Fs_Rec          (65ea8b77b5851854f0c55c43fa51a198) C:\Windows\system32\drivers\Fs_Rec.sys
17:53:12.0127 3340        Fs_Rec - ok
17:53:12.0174 3340        gagp30kx        (34582a6e6573d54a07ece5fe24a126b5) C:\Windows\system32\drivers\gagp30kx.sys
17:53:12.0174 3340        gagp30kx - ok
17:53:12.0283 3340        gpsvc          (d9f1113d9401185245573350712f92fc) C:\Windows\System32\gpsvc.dll
17:53:12.0424 3340        gpsvc - ok
17:53:13.0533 3340        gupdate        (8f0de4fef8201e306f9938b0905ac96a) C:\Program Files\Google\Update\GoogleUpdate.exe
17:53:13.0533 3340        gupdate - ok
17:53:13.0564 3340        gupdatem        (8f0de4fef8201e306f9938b0905ac96a) C:\Program Files\Google\Update\GoogleUpdate.exe
17:53:13.0580 3340        gupdatem - ok
17:53:13.0658 3340        HdAudAddService (cb04c744be0a61b1d648faed182c3b59) C:\Windows\system32\drivers\HdAudio.sys
17:53:13.0736 3340        HdAudAddService - ok
17:53:13.0767 3340        HDAudBus        (c87b1ee051c0464491c1a7b03fa0bc99) C:\Windows\system32\DRIVERS\HDAudBus.sys
17:53:13.0830 3340        HDAudBus - ok
17:53:13.0892 3340        HidBth          (1338520e78d90154ed6be8f84de5fceb) C:\Windows\system32\drivers\hidbth.sys
17:53:13.0986 3340        HidBth - ok
17:53:14.0017 3340        HidIr          (ff3160c3a2445128c5a6d9b076da519e) C:\Windows\system32\drivers\hidir.sys
17:53:14.0127 3340        HidIr - ok
17:53:14.0205 3340        hidserv        (8fa640195279ace21bea91396a0054fc) C:\Windows\system32\hidserv.dll
17:53:14.0267 3340        hidserv - ok
17:53:14.0346 3340        HidUsb          (854ca287ab7faf949617a788306d967e) C:\Windows\system32\DRIVERS\hidusb.sys
17:53:14.0392 3340        HidUsb - ok
17:53:14.0439 3340        hkmsvc          (d8ad255b37da92434c26e4876db7d418) C:\Windows\system32\kmsvc.dll
17:53:14.0486 3340        hkmsvc - ok
17:53:14.0533 3340        HpCISSs        (16ee7b23a009e00d835cdb79574a91a6) C:\Windows\system32\drivers\hpcisss.sys
17:53:14.0549 3340        HpCISSs - ok
17:53:14.0627 3340        HTTP            (33b02459e86d0a2b86a6b9fe19139390) C:\Windows\system32\drivers\HTTP.sys
17:53:14.0721 3340        HTTP - ok
17:53:14.0767 3340        i2omp          (c6b032d69650985468160fc9937cf5b4) C:\Windows\system32\drivers\i2omp.sys
17:53:14.0783 3340        i2omp - ok
17:53:14.0846 3340        i8042prt        (22d56c8184586b7a1f6fa60be5f5a2bd) C:\Windows\system32\DRIVERS\i8042prt.sys
17:53:14.0892 3340        i8042prt - ok
17:53:14.0971 3340        iaStorV        (54155ea1b0df185878e0fc9ec3ac3a14) C:\Windows\system32\drivers\iastorv.sys
17:53:14.0986 3340        iaStorV - ok
17:53:15.0580 3340        idsvc          (7b630acaed64fef0c3e1cf255cb56686) C:\Windows\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\infocard.exe
17:53:15.0705 3340        idsvc - ok
17:53:15.0877 3340        iirsp          (2d077bf86e843f901d8db709c95b49a5) C:\Windows\system32\drivers\iirsp.sys
17:53:15.0877 3340        iirsp - ok
17:53:15.0986 3340        IKEEXT          (a3bc480a2bf8aa8e4dabd2d5dce0afac) C:\Windows\System32\ikeext.dll
17:53:16.0096 3340        IKEEXT - ok
17:53:16.0611 3340        IntcAzAudAddService (4de88b49c891f45cd9ea6d83a341d3e3) C:\Windows\system32\drivers\RTKVHDA.sys
17:53:16.0799 3340        IntcAzAudAddService - ok
17:53:17.0017 3340        intelide        (83aa759f3189e6370c30de5dc5590718) C:\Windows\system32\drivers\intelide.sys
17:53:17.0033 3340        intelide - ok
17:53:17.0080 3340        intelppm        (224191001e78c89dfa78924c3ea595ff) C:\Windows\system32\DRIVERS\intelppm.sys
17:53:17.0111 3340        intelppm - ok
17:53:17.0174 3340        IPBusEnum      (9ac218c6e6105477484c6fdbe7d409a4) C:\Windows\system32\ipbusenum.dll
17:53:17.0221 3340        IPBusEnum - ok
17:53:17.0267 3340        IpFilterDriver  (62c265c38769b864cb25b4bcf62df6c3) C:\Windows\system32\DRIVERS\ipfltdrv.sys
17:53:17.0330 3340        IpFilterDriver - ok
17:53:17.0346 3340        IpInIp - ok
17:53:17.0392 3340        IPMIDRV        (b25aaf203552b7b3491139d582b39ad1) C:\Windows\system32\drivers\ipmidrv.sys
17:53:17.0439 3340        IPMIDRV - ok
17:53:17.0486 3340        IPNAT          (8793643a67b42cec66490b2a0cf92d68) C:\Windows\system32\DRIVERS\ipnat.sys
17:53:17.0533 3340        IPNAT - ok
17:53:17.0580 3340        IRENUM          (109c0dfb82c3632fbd11949b73aeeac9) C:\Windows\system32\drivers\irenum.sys
17:53:17.0627 3340        IRENUM - ok
17:53:17.0674 3340        isapnp          (6c70698a3e5c4376c6ab5c7c17fb0614) C:\Windows\system32\drivers\isapnp.sys
17:53:17.0689 3340        isapnp - ok
17:53:17.0736 3340        iScsiPrt        (f247eec28317f6c739c16de420097301) C:\Windows\system32\DRIVERS\msiscsi.sys
17:53:17.0752 3340        iScsiPrt - ok
17:53:17.0783 3340        iteatapi        (bced60d16156e428f8df8cf27b0df150) C:\Windows\system32\drivers\iteatapi.sys
17:53:17.0799 3340        iteatapi - ok
17:53:17.0830 3340        iteraid        (06fa654504a498c30adca8bec4e87e7e) C:\Windows\system32\drivers\iteraid.sys
17:53:17.0846 3340        iteraid - ok
17:53:17.0877 3340        kbdclass        (37605e0a8cf00cbba538e753e4344c6e) C:\Windows\system32\DRIVERS\kbdclass.sys
17:53:17.0892 3340        kbdclass - ok
17:53:17.0939 3340        kbdhid          (18247836959ba67e3511b62846b9c2e0) C:\Windows\system32\DRIVERS\kbdhid.sys
17:53:17.0986 3340        kbdhid - ok
17:53:18.0189 3340        KeyIso          (a911ecac81f94adeafbe8e3f7873edb0) C:\Windows\system32\lsass.exe
17:53:18.0221 3340        KeyIso - ok
17:53:18.0299 3340        KSecDD          (7a0cf7908b6824d6a2a1d313e5ae3dca) C:\Windows\system32\Drivers\ksecdd.sys
17:53:18.0330 3340        KSecDD - ok
17:53:18.0486 3340        KtmRm          (8078f8f8f7a79e2e6b494523a828c585) C:\Windows\system32\msdtckrm.dll
17:53:18.0564 3340        KtmRm - ok
17:53:18.0642 3340        LanmanServer    (1925e63c91cf1610ae41bfd539062079) C:\Windows\system32\srvsvc.dll
17:53:18.0721 3340        LanmanServer - ok
17:53:18.0799 3340        LanmanWorkstation (2ae2e1628c5d3f1c0a46a67c9fa1df15) C:\Windows\System32\wkssvc.dll
17:53:18.0846 3340        LanmanWorkstation - ok
17:53:19.0033 3340        LightScribeService (559c9b7800fac92fc515cd0003d7c631) c:\Program Files\Common Files\LightScribe\LSSrvc.exe
17:53:19.0033 3340        LightScribeService ( UnsignedFile.Multi.Generic ) - warning
17:53:19.0033 3340        LightScribeService - detected UnsignedFile.Multi.Generic (1)
17:53:19.0142 3340        lltdio          (d1c5883087a0c3f1344d9d55a44901f6) C:\Windows\system32\DRIVERS\lltdio.sys
17:53:19.0174 3340        lltdio - ok
17:53:19.0252 3340        lltdsvc        (2d5a428872f1442631d0959a34abff63) C:\Windows\System32\lltdsvc.dll
17:53:19.0314 3340        lltdsvc - ok
17:53:19.0346 3340        lmhosts        (35d40113e4a5b961b6ce5c5857702518) C:\Windows\System32\lmhsvc.dll
17:53:19.0424 3340        lmhosts - ok
17:53:19.0471 3340        LSI_FC          (c7e15e82879bf3235b559563d4185365) C:\Windows\system32\drivers\lsi_fc.sys
17:53:19.0486 3340        LSI_FC - ok
17:53:19.0564 3340        LSI_SAS        (ee01ebae8c9bf0fa072e0ff68718920a) C:\Windows\system32\drivers\lsi_sas.sys
17:53:19.0580 3340        LSI_SAS - ok
17:53:19.0642 3340        LSI_SCSI        (912a04696e9ca30146a62afa1463dd5c) C:\Windows\system32\drivers\lsi_scsi.sys
17:53:19.0658 3340        LSI_SCSI - ok
17:53:19.0689 3340        luafv          (8f5c7426567798e62a3b3614965d62cc) C:\Windows\system32\drivers\luafv.sys
17:53:19.0736 3340        luafv - ok
17:53:19.0767 3340        megasas        (0001ce609d66632fa17b84705f658879) C:\Windows\system32\drivers\megasas.sys
17:53:19.0783 3340        megasas - ok
17:53:19.0846 3340        MegaSR          (c252f32cd9a49dbfc25ecf26ebd51a99) C:\Windows\system32\drivers\megasr.sys
17:53:19.0877 3340        MegaSR - ok
17:53:19.0924 3340        MMCSS          (1076ffcffaae8385fd62dfcb25ac4708) C:\Windows\system32\mmcss.dll
17:53:19.0986 3340        MMCSS - ok
17:53:20.0017 3340        Modem          (e13b5ea0f51ba5b1512ec671393d09ba) C:\Windows\system32\drivers\modem.sys
17:53:20.0080 3340        Modem - ok
17:53:20.0142 3340        monitor        (0a9bb33b56e294f686abb7c1e4e2d8a8) C:\Windows\system32\DRIVERS\monitor.sys
17:53:20.0189 3340        monitor - ok
17:53:20.0236 3340        mouclass        (5bf6a1326a335c5298477754a506d263) C:\Windows\system32\DRIVERS\mouclass.sys
17:53:20.0252 3340        mouclass - ok
17:53:20.0267 3340        mouhid          (93b8d4869e12cfbe663915502900876f) C:\Windows\system32\DRIVERS\mouhid.sys
17:53:20.0314 3340        mouhid - ok
17:53:20.0502 3340        MountMgr        (bdafc88aa6b92f7842416ea6a48e1600) C:\Windows\system32\drivers\mountmgr.sys
17:53:20.0502 3340        MountMgr - ok
17:53:20.0564 3340        mpio            (511d011289755dd9f9a7579fb0b064e6) C:\Windows\system32\drivers\mpio.sys
17:53:20.0580 3340        mpio - ok
17:53:20.0611 3340        mpsdrv          (22241feba9b2defa669c8cb0a8dd7d2e) C:\Windows\system32\drivers\mpsdrv.sys
17:53:20.0658 3340        mpsdrv - ok
17:53:20.0705 3340        Mraid35x        (4fbbb70d30fd20ec51f80061703b001e) C:\Windows\system32\drivers\mraid35x.sys
17:53:20.0705 3340        Mraid35x - ok
17:53:20.0752 3340        MRxDAV          (ae3de84536b6799d2267443cec8edbb9) C:\Windows\system32\drivers\mrxdav.sys
17:53:20.0830 3340        MRxDAV - ok
17:53:20.0877 3340        mrxsmb          (5734a0f2be7e495f7d3ed6efd4b9f5a1) C:\Windows\system32\DRIVERS\mrxsmb.sys
17:53:20.0939 3340        mrxsmb - ok
17:53:21.0049 3340        mrxsmb10        (6b5fa5adfacac9dbbe0991f4566d7d55) C:\Windows\system32\DRIVERS\mrxsmb10.sys
17:53:21.0096 3340        mrxsmb10 - ok
17:53:21.0142 3340        mrxsmb20        (5c80d8159181c7abf1b14ba703b01e0b) C:\Windows\system32\DRIVERS\mrxsmb20.sys
17:53:21.0189 3340        mrxsmb20 - ok
17:53:21.0236 3340        msahci          (28023e86f17001f7cd9b15a5bc9ae07d) C:\Windows\system32\drivers\msahci.sys
17:53:21.0252 3340        msahci - ok
17:53:21.0408 3340        msdsm          (4468b0f385a86ecddaf8d3ca662ec0e7) C:\Windows\system32\drivers\msdsm.sys
17:53:21.0424 3340        msdsm - ok
17:53:21.0486 3340        MSDTC          (fd7520cc3a80c5fc8c48852bb24c6ded) C:\Windows\System32\msdtc.exe
17:53:21.0549 3340        MSDTC - ok
17:53:21.0580 3340        Msfs            (a9927f4a46b816c92f461acb90cf8515) C:\Windows\system32\drivers\Msfs.sys
17:53:21.0627 3340        Msfs - ok
17:53:21.0642 3340        msisadrv        (0f400e306f385c56317357d6dea56f62) C:\Windows\system32\drivers\msisadrv.sys
17:53:21.0658 3340        msisadrv - ok
17:53:21.0721 3340        MSiSCSI        (85466c0757a23d9a9aecdc0755203cb2) C:\Windows\system32\iscsiexe.dll
17:53:21.0799 3340        MSiSCSI - ok
17:53:21.0814 3340        msiserver - ok
17:53:21.0861 3340        MSKSSRV        (d8c63d34d9c9e56c059e24ec7185cc07) C:\Windows\system32\drivers\MSKSSRV.sys
17:53:21.0892 3340        MSKSSRV - ok
17:53:21.0908 3340        MSPCLOCK        (1d373c90d62ddb641d50e55b9e78d65e) C:\Windows\system32\drivers\MSPCLOCK.sys
17:53:21.0939 3340        MSPCLOCK - ok
17:53:21.0971 3340        MSPQM          (b572da05bf4e098d4bba3a4734fb505b) C:\Windows\system32\drivers\MSPQM.sys
17:53:22.0049 3340        MSPQM - ok
17:53:22.0096 3340        MsRPC          (b5614aecb05a9340aa0fb55bf561cc63) C:\Windows\system32\drivers\MsRPC.sys
17:53:22.0127 3340        MsRPC - ok
17:53:22.0158 3340        mssmbios        (e384487cb84be41d09711c30ca79646c) C:\Windows\system32\DRIVERS\mssmbios.sys
17:53:22.0174 3340        mssmbios - ok
17:53:22.0174 3340        MSTEE          (7199c1eec1e4993caf96b8c0a26bd58a) C:\Windows\system32\drivers\MSTEE.sys
17:53:22.0221 3340        MSTEE - ok
17:53:22.0252 3340        Mup            (6dfd1d322de55b0b7db7d21b90bec49c) C:\Windows\system32\Drivers\mup.sys
17:53:22.0267 3340        Mup - ok
17:53:22.0361 3340        napagent        (c43b25863fbd65b6d2a142af3ae320ca) C:\Windows\system32\qagentRT.dll
17:53:22.0408 3340        napagent - ok
17:53:22.0471 3340        NativeWifiP    (3c21ce48ff529bb73dadb98770b54025) C:\Windows\system32\DRIVERS\nwifi.sys
17:53:22.0517 3340        NativeWifiP - ok
17:53:22.0596 3340        NDIS            (9bdc71790fa08f0a0b5f10462b1bd0b1) C:\Windows\system32\drivers\ndis.sys
17:53:22.0658 3340        NDIS - ok
17:53:22.0705 3340        NdisTapi        (0e186e90404980569fb449ba7519ae61) C:\Windows\system32\DRIVERS\ndistapi.sys
17:53:22.0767 3340        NdisTapi - ok
17:53:22.0799 3340        Ndisuio        (d6973aa34c4d5d76c0430b181c3cd389) C:\Windows\system32\DRIVERS\ndisuio.sys
17:53:22.0861 3340        Ndisuio - ok
17:53:22.0908 3340        NdisWan        (3d14c3b3496f88890d431e8aa022a411) C:\Windows\system32\DRIVERS\ndiswan.sys
17:53:22.0939 3340        NdisWan - ok
17:53:22.0971 3340        NDProxy        (71dab552b41936358f3b541ae5997fb3) C:\Windows\system32\drivers\NDProxy.sys
17:53:23.0033 3340        NDProxy - ok
17:53:23.0080 3340        NetBIOS        (bcd093a5a6777cf626434568dc7dba78) C:\Windows\system32\DRIVERS\netbios.sys
17:53:23.0127 3340        NetBIOS - ok
17:53:23.0174 3340        netbt          (7c5fee5b1c5728507cd96fb4a13e7a02) C:\Windows\system32\DRIVERS\netbt.sys
17:53:23.0267 3340        netbt - ok
17:53:23.0330 3340        Netlogon        (a911ecac81f94adeafbe8e3f7873edb0) C:\Windows\system32\lsass.exe
17:53:23.0346 3340        Netlogon - ok
17:53:23.0424 3340        Netman          (c8052711daecc48b982434c5116ca401) C:\Windows\System32\netman.dll
17:53:23.0471 3340        Netman - ok
17:53:23.0533 3340        netprofm        (2ef3bbe22e5a5acd1428ee387a0d0172) C:\Windows\System32\netprofm.dll
17:53:23.0611 3340        netprofm - ok
17:53:23.0705 3340        NetTcpPortSharing (0ad5876ef4e9eb77c8f93eb5b2fff386) C:\Windows\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\SMSvcHost.exe
17:53:23.0705 3340        NetTcpPortSharing - ok
17:53:23.0767 3340        nfrd960        (2e7fb731d4790a1bc6270accefacb36e) C:\Windows\system32\drivers\nfrd960.sys
17:53:23.0783 3340        nfrd960 - ok
17:53:23.0830 3340        NlaSvc          (2997b15415f9bbe05b5a4c1c85e0c6a2) C:\Windows\System32\nlasvc.dll
17:53:23.0924 3340        NlaSvc - ok
17:53:24.0002 3340        NMIndexingService - ok
17:53:24.0049 3340        Npfs            (ecb5003f484f9ed6c608d6d6c7886cbb) C:\Windows\system32\drivers\Npfs.sys
17:53:24.0111 3340        Npfs - ok
17:53:24.0142 3340        nsi            (8bb86f0c7eea2bded6fe095d0b4ca9bd) C:\Windows\system32\nsisvc.dll
17:53:24.0189 3340        nsi - ok
17:53:24.0205 3340        nsiproxy        (609773e344a97410ce4ebf74a8914fcf) C:\Windows\system32\drivers\nsiproxy.sys
17:53:24.0252 3340        nsiproxy - ok
17:53:24.0439 3340        Ntfs            (b4effe29eb4f15538fd8a9681108492d) C:\Windows\system32\drivers\Ntfs.sys
17:53:24.0627 3340        Ntfs - ok
17:53:24.0689 3340        ntrigdigi      (e875c093aec0c978a90f30c9e0dfbb72) C:\Windows\system32\drivers\ntrigdigi.sys
17:53:24.0752 3340        ntrigdigi - ok
17:53:25.0080 3340        Null            (c5dbbcda07d780bda9b685df333bb41e) C:\Windows\system32\drivers\Null.sys
17:53:25.0127 3340        Null - ok
17:53:25.0174 3340        nvraid          (2edf9e7751554b42cbb60116de727101) C:\Windows\system32\drivers\nvraid.sys
17:53:25.0189 3340        nvraid - ok
17:53:25.0221 3340        nvstor          (abed0c09758d1d97db0042dbb2688177) C:\Windows\system32\drivers\nvstor.sys
17:53:25.0236 3340        nvstor - ok
17:53:25.0283 3340        nv_agp          (18bbdf913916b71bd54575bdb6eeac0b) C:\Windows\system32\drivers\nv_agp.sys
17:53:25.0299 3340        nv_agp - ok
17:53:25.0314 3340        NwlnkFlt - ok
17:53:25.0330 3340        NwlnkFwd - ok
17:53:25.0377 3340        ohci1394        (be32da025a0be1878f0ee8d6d9386cd5) C:\Windows\system32\drivers\ohci1394.sys
17:53:25.0455 3340        ohci1394 - ok
17:53:25.0580 3340        ose            (7a56cf3e3f12e8af599963b16f50fb6a) C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE
17:53:25.0596 3340        ose - ok
17:53:25.0705 3340        p2pimsvc        (5de1a3972fd3112c75eb17bdcf454169) C:\Windows\system32\p2psvc.dll
17:53:25.0799 3340        p2pimsvc - ok
17:53:25.0830 3340        p2psvc          (5de1a3972fd3112c75eb17bdcf454169) C:\Windows\system32\p2psvc.dll
17:53:25.0861 3340        p2psvc - ok
17:53:25.0908 3340        Parport        (0fa9b5055484649d63c303fe404e5f4d) C:\Windows\system32\drivers\parport.sys
17:53:25.0971 3340        Parport - ok
17:53:26.0017 3340        partmgr        (3b38467e7c3daed009dfe359e17f139f) C:\Windows\system32\drivers\partmgr.sys
17:53:26.0033 3340        partmgr - ok
17:53:26.0064 3340        Parvdm          (4f9a6a8a31413180d0fcb279ad5d8112) C:\Windows\system32\drivers\parvdm.sys
17:53:26.0142 3340        Parvdm - ok
17:53:26.0174 3340        PcaSvc          (c6276ad11f4bb49b58aa1ed88537f14a) C:\Windows\System32\pcasvc.dll
17:53:26.0205 3340        PcaSvc - ok
17:53:26.0252 3340        pci            (01b94418deb235dff777cc80076354b4) C:\Windows\system32\drivers\pci.sys
17:53:26.0267 3340        pci - ok
17:53:26.0314 3340        pciide          (fc175f5ddab666d7f4d17449a547626f) C:\Windows\system32\drivers\pciide.sys
17:53:26.0330 3340        pciide - ok
17:53:26.0377 3340        pcmcia          (e6f3fb1b86aa519e7698ad05e58b04e5) C:\Windows\system32\drivers\pcmcia.sys
17:53:26.0392 3340        pcmcia - ok
17:53:26.0533 3340        PEAUTH          (6349f6ed9c623b44b52ea3c63c831a92) C:\Windows\system32\drivers\peauth.sys
17:53:26.0689 3340        PEAUTH - ok
17:53:27.0471 3340        pla            (b1689df169143f57053f795390c99db3) C:\Windows\system32\pla.dll
17:53:27.0767 3340        pla - ok
17:53:28.0064 3340        PlugPlay        (78f975cb6d18265be6f492edb2d7bc7b) C:\Windows\system32\umpnpmgr.dll
17:53:28.0096 3340        PlugPlay - ok
17:53:28.0689 3340        PNRPAutoReg    (5de1a3972fd3112c75eb17bdcf454169) C:\Windows\system32\p2psvc.dll
17:53:28.0721 3340        PNRPAutoReg - ok
17:53:28.0736 3340        PNRPsvc        (5de1a3972fd3112c75eb17bdcf454169) C:\Windows\system32\p2psvc.dll
17:53:28.0783 3340        PNRPsvc - ok
17:53:28.0861 3340        PolicyAgent    (47b8f37aa18b74d8c2e1bc1a7a2c8f8a) C:\Windows\System32\ipsecsvc.dll
17:53:28.0908 3340        PolicyAgent - ok
17:53:29.0002 3340        PptpMiniport    (ecfffaec0c1ecd8dbc77f39070ea1db1) C:\Windows\system32\DRIVERS\raspptp.sys
17:53:29.0049 3340        PptpMiniport - ok
17:53:29.0096 3340        Processor      (2027293619dd0f047c584cf2e7df4ffd) C:\Windows\system32\drivers\processr.sys
17:53:29.0142 3340        Processor - ok
17:53:29.0189 3340        ProfSvc        (b627e4fc8585e8843c5905d4d3587a90) C:\Windows\system32\profsvc.dll
17:53:29.0236 3340        ProfSvc - ok
17:53:30.0049 3340        ProtectedStorage (a911ecac81f94adeafbe8e3f7873edb0) C:\Windows\system32\lsass.exe
17:53:30.0064 3340        ProtectedStorage - ok
17:53:30.0142 3340        PSched          (bfef604508a0ed1eae2a73e872555ffb) C:\Windows\system32\DRIVERS\pacer.sys
17:53:30.0221 3340        PSched - ok
17:53:30.0424 3340        ql2300          (0a6db55afb7820c99aa1f3a1d270f4f6) C:\Windows\system32\drivers\ql2300.sys
17:53:30.0674 3340        ql2300 - ok
17:53:30.0752 3340        ql40xx          (81a7e5c076e59995d54bc1ed3a16e60b) C:\Windows\system32\drivers\ql40xx.sys
17:53:30.0767 3340        ql40xx - ok
17:53:30.0830 3340        QWAVE          (e9ecae663f47e6cb43962d18ab18890f) C:\Windows\system32\qwave.dll
17:53:30.0908 3340        QWAVE - ok
17:53:30.0955 3340        QWAVEdrv        (9f5e0e1926014d17486901c88eca2db7) C:\Windows\system32\drivers\qwavedrv.sys
17:53:30.0986 3340        QWAVEdrv - ok
17:53:31.0017 3340        RasAcd          (147d7f9c556d259924351feb0de606c3) C:\Windows\system32\DRIVERS\rasacd.sys
17:53:31.0049 3340        RasAcd - ok
17:53:31.0096 3340        RasAuto        (f6a452eb4ceadbb51c9e0ee6b3ecef0f) C:\Windows\System32\rasauto.dll
17:53:31.0142 3340        RasAuto - ok
17:53:31.0189 3340        Rasl2tp        (a214adbaf4cb47dd2728859ef31f26b0) C:\Windows\system32\DRIVERS\rasl2tp.sys
17:53:31.0236 3340        Rasl2tp - ok
17:53:31.0330 3340        RasMan          (6e7c284fc5c4ec07ad164d93810385a6) C:\Windows\System32\rasmans.dll
17:53:31.0392 3340        RasMan - ok
17:53:31.0424 3340        RasPppoe        (3e9d9b048107b40d87b97df2e48e0744) C:\Windows\system32\DRIVERS\raspppoe.sys
17:53:31.0471 3340        RasPppoe - ok
17:53:31.0517 3340        RasSstp        (a7d141684e9500ac928a772ed8e6b671) C:\Windows\system32\DRIVERS\rassstp.sys
17:53:31.0596 3340        RasSstp - ok
17:53:31.0689 3340        rdbss          (6e1c5d0457622f9ee35f683110e93d14) C:\Windows\system32\DRIVERS\rdbss.sys
17:53:31.0752 3340        rdbss - ok
17:53:31.0783 3340        RDPCDD          (89e59be9a564262a3fb6c4f4f1cd9899) C:\Windows\system32\DRIVERS\RDPCDD.sys
17:53:31.0830 3340        RDPCDD - ok
17:53:31.0939 3340        rdpdr          (fbc0bacd9c3d7f6956853f64a66e252d) C:\Windows\system32\drivers\rdpdr.sys
17:53:32.0002 3340        rdpdr - ok
17:53:32.0017 3340        RDPENCDD        (9d91fe5286f748862ecffa05f8a0710c) C:\Windows\system32\drivers\rdpencdd.sys
17:53:32.0064 3340        RDPENCDD - ok
17:53:32.0111 3340        RDPWD          (e1c18f4097a5abcec941dc4b2f99db7e) C:\Windows\system32\drivers\RDPWD.sys
17:53:32.0158 3340        RDPWD - ok
17:53:32.0221 3340        RemoteAccess    (bcdd6b4804d06b1f7ebf29e53a57ece9) C:\Windows\System32\mprdim.dll
17:53:32.0267 3340        RemoteAccess - ok
17:53:32.0330 3340        RemoteRegistry  (cc4e32400f3c7253400cf8f3f3a0b676) C:\Windows\system32\regsvc.dll
17:53:32.0392 3340        RemoteRegistry - ok
17:53:32.0439 3340        RpcLocator      (5123f83cbc4349d065534eeb6bbdc42b) C:\Windows\system32\locator.exe
17:53:32.0517 3340        RpcLocator - ok
17:53:32.0627 3340        RpcSs          (301ae00e12408650baddc04dbc832830) C:\Windows\system32\rpcss.dll
17:53:32.0689 3340        RpcSs - ok
17:53:32.0783 3340        rspndr          (9c508f4074a39e8b4b31d27198146fad) C:\Windows\system32\DRIVERS\rspndr.sys
17:53:32.0846 3340        rspndr - ok
17:53:32.0955 3340        RTL8187B        (b71d269b9ab5417963e986126c12b9fc) C:\Windows\system32\DRIVERS\RTL8187B.sys
17:53:33.0049 3340        RTL8187B - ok
17:53:33.0127 3340        s3017bus        (aa786ad3a2684d39630744787b00e6f4) C:\Windows\system32\DRIVERS\s3017bus.sys
17:53:33.0127 3340        s3017bus - ok
17:53:33.0189 3340        s3017mdfl      (cba4ca5bce44084e98ce420fd6692d3a) C:\Windows\system32\DRIVERS\s3017mdfl.sys
17:53:33.0205 3340        s3017mdfl - ok
17:53:33.0236 3340        s3017mdm        (68036eff647970d6c0399789c8707cad) C:\Windows\system32\DRIVERS\s3017mdm.sys
17:53:33.0252 3340        s3017mdm - ok
17:53:33.0377 3340        SamSs          (a911ecac81f94adeafbe8e3f7873edb0) C:\Windows\system32\lsass.exe
17:53:33.0392 3340        SamSs - ok
17:53:33.0486 3340        sbp2port        (3ce8f073a557e172b330109436984e30) C:\Windows\system32\drivers\sbp2port.sys
17:53:33.0502 3340        sbp2port - ok
17:53:33.0533 3340        SCardSvr        (11387e32642269c7e62e8b52c060b3c6) C:\Windows\System32\SCardSvr.dll
17:53:33.0596 3340        SCardSvr - ok
17:53:33.0705 3340        Schedule        (7b587b8a6d4a99f79d2902d0385f29bd) C:\Windows\system32\schedsvc.dll
17:53:33.0799 3340        Schedule - ok
17:53:33.0830 3340        SCPolicySvc    (87c2d0377b23e2d8a41093c2f5fb1a5b) C:\Windows\System32\certprop.dll
17:53:33.0861 3340        SCPolicySvc - ok
17:53:33.0939 3340        sdbus          (126ea89bcc413ee45e3004fb0764888f) C:\Windows\system32\DRIVERS\sdbus.sys
17:53:34.0002 3340        sdbus - ok
17:53:34.0080 3340        SDRSVC          (716313d9f6b0529d03f726d5aaf6f191) C:\Windows\System32\SDRSVC.dll
17:53:34.0111 3340        SDRSVC - ok
17:53:34.0127 3340        secdrv          (90a3935d05b494a5a39d37e71f09a677) C:\Windows\system32\drivers\secdrv.sys
17:53:34.0221 3340        secdrv - ok
17:53:34.0252 3340        seclogon        (fd5199d4d8a521005e4b5ee7fe00fa9b) C:\Windows\system32\seclogon.dll
17:53:34.0283 3340        seclogon - ok
17:53:34.0346 3340        SENS            (a9bbab5759771e523f55563d6cbe140f) C:\Windows\System32\sens.dll
17:53:34.0377 3340        SENS - ok
17:53:34.0408 3340        Serenum        (68e44e331d46f0fb38f0863a84cd1a31) C:\Windows\system32\drivers\serenum.sys
17:53:34.0502 3340        Serenum - ok
17:53:34.0627 3340        Serial          (c70d69a918b178d3c3b06339b40c2e1b) C:\Windows\system32\drivers\serial.sys
17:53:34.0674 3340        Serial - ok
17:53:34.0705 3340        sermouse        (8af3d28a879bf75db53a0ee7a4289624) C:\Windows\system32\drivers\sermouse.sys
17:53:34.0736 3340        sermouse - ok
17:53:34.0877 3340        SessionEnv      (d2193326f729b163125610dbf3e17d57) C:\Windows\system32\sessenv.dll
17:53:34.0939 3340        SessionEnv - ok
17:53:34.0986 3340        sffdisk        (3efa810bdca87f6ecc24f9832243fe86) C:\Windows\system32\drivers\sffdisk.sys
17:53:35.0017 3340        sffdisk - ok
17:53:35.0033 3340        sffp_mmc        (e95d451f7ea3e583aec75f3b3ee42dc5) C:\Windows\system32\drivers\sffp_mmc.sys
17:53:35.0096 3340        sffp_mmc - ok
17:53:35.0127 3340        sffp_sd        (3d0ea348784b7ac9ea9bd9f317980979) C:\Windows\system32\drivers\sffp_sd.sys
17:53:35.0189 3340        sffp_sd - ok
17:53:35.0205 3340        sfloppy        (46ed8e91793b2e6f848015445a0ac188) C:\Windows\system32\drivers\sfloppy.sys
17:53:35.0314 3340        sfloppy - ok
17:53:35.0861 3340        ShellHWDetection (1e3fdb80e40a3ce645f229dfbdfb7694) C:\Windows\System32\shsvcs.dll
17:53:35.0986 3340        ShellHWDetection - ok
17:53:36.0080 3340        SiS6350        (3e692d2f6b285adbcb91032363f87f64) C:\Windows\system32\DRIVERS\SISGRKMD.sys
17:53:36.0158 3340        SiS6350 - ok
17:53:36.0221 3340        SISAGP          (c735cbbbc26c1d33c6d7aeb2aa65a52a) C:\Windows\system32\DRIVERS\SISAGPX.sys
17:53:36.0236 3340        SISAGP - ok
17:53:36.0314 3340        SiSGbeLH        (cdc780be3bef4a5ffe52a5d5e098842d) C:\Windows\system32\DRIVERS\SiSGB6.sys
17:53:36.0377 3340        SiSGbeLH - ok
17:53:36.0424 3340        SiSRaid2        (43cb7aa756c7db280d01da9b676cfde2) C:\Windows\system32\drivers\sisraid2.sys
17:53:36.0439 3340        SiSRaid2 - ok
17:53:36.0471 3340        SiSRaid4        (a99c6c8b0baa970d8aa59ddc50b57f94) C:\Windows\system32\drivers\sisraid4.sys
17:53:36.0486 3340        SiSRaid4 - ok
17:53:36.0611 3340        SkypeUpdate    (6128e98eaaed364ed1a32708d2fd22cb) C:\Program Files\Skype\Updater\Updater.exe
17:53:36.0658 3340        SkypeUpdate - ok
17:53:37.0127 3340        slsvc          (0ba91e1358ad25236863039bb2609a2e) C:\Windows\system32\SLsvc.exe
17:53:37.0392 3340        slsvc - ok
17:53:37.0611 3340        SLUINotify      (7c6dc44ca0bfa6291629ab764200d1d4) C:\Windows\system32\SLUINotify.dll
17:53:37.0689 3340        SLUINotify - ok
17:53:37.0799 3340        Smb            (031e6bcd53c9b2b9ace111eafec347b6) C:\Windows\system32\DRIVERS\smb.sys
17:53:37.0877 3340        Smb - ok
17:53:38.0064 3340        smserial        (c8a58fc905c9184fa70e37f71060c64d) C:\Windows\system32\DRIVERS\smserial.sys
17:53:38.0189 3340        smserial - ok
17:53:38.0267 3340        SNMPTRAP        (2a146a055b4401c16ee62d18b8e2a032) C:\Windows\System32\snmptrap.exe
17:53:38.0299 3340        SNMPTRAP - ok
17:53:38.0330 3340        spldr          (7aebdeef071fe28b0eef2cdd69102bff) C:\Windows\system32\drivers\spldr.sys
17:53:38.0346 3340        spldr - ok
17:53:38.0392 3340        Spooler        (3665f79026a3f91fbca63f2c65a09b19) C:\Windows\System32\spoolsv.exe
17:53:38.0471 3340        Spooler - ok
17:53:38.0549 3340        srv            (2252aef839b1093d16761189f45af885) C:\Windows\system32\DRIVERS\srv.sys
17:53:38.0596 3340        srv - ok
17:53:38.0642 3340        srv2            (b7ff59408034119476b00a81bb53d5d1) C:\Windows\system32\DRIVERS\srv2.sys
17:53:38.0752 3340        srv2 - ok
17:53:38.0814 3340        srvnet          (2accc9b12af02030f531e6cca6f8b76e) C:\Windows\system32\DRIVERS\srvnet.sys
17:53:38.0861 3340        srvnet - ok
17:53:38.0924 3340        SSDPSRV        (03d50b37234967433a5ea5ba72bc0b62) C:\Windows\System32\ssdpsrv.dll
17:53:38.0971 3340        SSDPSRV - ok
17:53:39.0033 3340        ssmdrv          (a36ee93698802cd899f98bfd553d8185) C:\Windows\system32\DRIVERS\ssmdrv.sys
17:53:39.0033 3340        ssmdrv - ok
17:53:39.0080 3340        SstpSvc        (6f1a32e7b7b30f004d9a20afadb14944) C:\Windows\system32\sstpsvc.dll
17:53:39.0111 3340        SstpSvc - ok
17:53:39.0174 3340        stisvc          (7dd08a597bc56051f320da0baf69e389) C:\Windows\System32\wiaservc.dll
17:53:39.0205 3340        stisvc - ok
17:53:39.0283 3340        swenum          (7ba58ecf0c0a9a69d44b3dca62becf56) C:\Windows\system32\DRIVERS\swenum.sys
17:53:39.0299 3340        swenum - ok
17:53:39.0502 3340        swprv          (b36c7cdb86f7f7a8e884479219766950) C:\Windows\System32\swprv.dll
17:53:39.0549 3340        swprv - ok
17:53:39.0580 3340        Symc8xx        (192aa3ac01df071b541094f251deed10) C:\Windows\system32\drivers\symc8xx.sys
17:53:39.0596 3340        Symc8xx - ok
17:53:39.0627 3340        Sym_hi          (8c8eb8c76736ebaf3b13b633b2e64125) C:\Windows\system32\drivers\sym_hi.sys
17:53:39.0642 3340        Sym_hi - ok
17:53:39.0674 3340        Sym_u3          (8072af52b5fd103bbba387a1e49f62cb) C:\Windows\system32\drivers\sym_u3.sys
17:53:39.0689 3340        Sym_u3 - ok
17:53:39.0736 3340        SynTP          (db835c324cd488a86e9bfc2c3fd29cd8) C:\Windows\system32\DRIVERS\SynTP.sys
17:53:39.0767 3340        SynTP - ok
17:53:40.0017 3340        SysMain        (8710a92d0024b03b5fb9540df1f71f1d) C:\Windows\system32\sysmain.dll
17:53:40.0096 3340        SysMain - ok
17:53:40.0127 3340        TabletInputService (2dca225eae15f42c0933e998ee0231c3) C:\Windows\System32\TabSvc.dll
17:53:40.0174 3340        TabletInputService - ok
17:53:40.0236 3340        TapiSrv        (680916bb09ee0f3a6aca7c274b0d633f) C:\Windows\System32\tapisrv.dll
17:53:40.0299 3340        TapiSrv - ok
17:53:40.0330 3340        TBS            (cb05822cd9cc6c688168e113c603dbe7) C:\Windows\System32\tbssvc.dll
17:53:40.0361 3340        TBS - ok
17:53:40.0533 3340        Tcpip          (782568ab6a43160a159b6215b70bcce9) C:\Windows\system32\drivers\tcpip.sys
17:53:40.0642 3340        Tcpip - ok
17:53:40.0721 3340        Tcpip6          (782568ab6a43160a159b6215b70bcce9) C:\Windows\system32\DRIVERS\tcpip.sys
17:53:40.0830 3340        Tcpip6 - ok
17:53:40.0924 3340        tcpipreg        (d4a2e4a4b011f3a883af77315a5ae76b) C:\Windows\system32\drivers\tcpipreg.sys
17:53:40.0955 3340        tcpipreg - ok
17:53:41.0002 3340        TDPIPE          (5dcf5e267be67a1ae926f2df77fbcc56) C:\Windows\system32\drivers\tdpipe.sys
17:53:41.0049 3340        TDPIPE - ok
17:53:41.0080 3340        TDTCP          (389c63e32b3cefed425b61ed92d3f021) C:\Windows\system32\drivers\tdtcp.sys
17:53:41.0111 3340        TDTCP - ok
17:53:41.0299 3340        tdx            (d09276b1fab033ce1d40dcbdf303d10f) C:\Windows\system32\DRIVERS\tdx.sys
17:53:41.0361 3340        tdx - ok
17:53:41.0408 3340        TermDD          (a048056f5e1a96a9bf3071b91741a5aa) C:\Windows\system32\DRIVERS\termdd.sys
17:53:41.0424 3340        TermDD - ok
17:53:41.0596 3340        TermService    (d605031e225aaccbceb5b76a4f1603a6) C:\Windows\System32\termsrv.dll
17:53:41.0705 3340        TermService - ok
17:53:41.0767 3340        Themes          (1e3fdb80e40a3ce645f229dfbdfb7694) C:\Windows\system32\shsvcs.dll
17:53:41.0783 3340        Themes - ok
17:53:41.0877 3340        THREADORDER    (1076ffcffaae8385fd62dfcb25ac4708) C:\Windows\system32\mmcss.dll
17:53:41.0908 3340        THREADORDER - ok
17:53:41.0971 3340        TrkWks          (ec74e77d0eb004bd3a809b5f8fb8c2ce) C:\Windows\System32\trkwks.dll
17:53:42.0002 3340        TrkWks - ok
17:53:42.0096 3340        TrustedInstaller (16613a1bad034d4ecf957af18b7c2ff5) C:\Windows\servicing\TrustedInstaller.exe
17:53:42.0142 3340        TrustedInstaller - ok
17:53:42.0174 3340        tssecsrv        (dcf0f056a2e4f52287264f5ab29cf206) C:\Windows\system32\DRIVERS\tssecsrv.sys
17:53:42.0236 3340        tssecsrv - ok
17:53:42.0267 3340        tunmp          (caecc0120ac49e3d2f758b9169872d38) C:\Windows\system32\DRIVERS\tunmp.sys
17:53:42.0330 3340        tunmp - ok
17:53:42.0377 3340        tunnel          (6042505ff6fa9ac1ef7684d0e03b6940) C:\Windows\system32\DRIVERS\tunnel.sys
17:53:42.0424 3340        tunnel - ok
17:53:42.0455 3340        uagp35          (7d33c4db2ce363c8518d2dfcf533941f) C:\Windows\system32\DRIVERS\uagp35.sys
17:53:42.0486 3340        uagp35 - ok
17:53:42.0533 3340        udfs            (8b5088058fa1d1cd897a2113ccff6c58) C:\Windows\system32\DRIVERS\udfs.sys
17:53:42.0580 3340        udfs - ok
17:53:42.0642 3340        UI0Detect      (ecef404f62863755951e09c802c94ad5) C:\Windows\system32\UI0Detect.exe
17:53:42.0721 3340        UI0Detect - ok
17:53:42.0767 3340        uliagpkx        (b0acfdc9e4af279e9116c03e014b2b27) C:\Windows\system32\drivers\uliagpkx.sys
17:53:42.0783 3340        uliagpkx - ok
17:53:42.0830 3340        uliahci        (9224bb254f591de4ca8d572a5f0d635c) C:\Windows\system32\drivers\uliahci.sys
17:53:42.0861 3340        uliahci - ok
17:53:42.0892 3340        UlSata          (8514d0e5cd0534467c5fc61be94a569f) C:\Windows\system32\drivers\ulsata.sys
17:53:42.0908 3340        UlSata - ok
17:53:42.0955 3340        ulsata2        (38c3c6e62b157a6bc46594fada45c62b) C:\Windows\system32\drivers\ulsata2.sys
17:53:42.0971 3340        ulsata2 - ok
17:53:43.0002 3340        umbus          (32cff9f809ae9aed85464492bf3e32d2) C:\Windows\system32\DRIVERS\umbus.sys
17:53:43.0049 3340        umbus - ok
17:53:43.0127 3340        upnphost        (68308183f4ae0be7bf8ecd07cb297999) C:\Windows\System32\upnphost.dll
17:53:43.0189 3340        upnphost - ok
17:53:43.0252 3340        usbccgp        (caf811ae4c147ffcd5b51750c7f09142) C:\Windows\system32\DRIVERS\usbccgp.sys
17:53:43.0267 3340        usbccgp - ok
17:53:43.0299 3340        usbcir          (e9476e6c486e76bc4898074768fb7131) C:\Windows\system32\drivers\usbcir.sys
17:53:43.0361 3340        usbcir - ok
17:53:43.0408 3340        usbehci        (cebe90821810e76320155beba722fcf9) C:\Windows\system32\DRIVERS\usbehci.sys
17:53:43.0471 3340        usbehci - ok
17:53:43.0517 3340        usbhub          (cc6b28e4ce39951357963119ce47b143) C:\Windows\system32\DRIVERS\usbhub.sys
17:53:43.0580 3340        usbhub - ok
17:53:43.0627 3340        usbohci        (7bdb7b0e7d45ac0402d78b90789ef47c) C:\Windows\system32\DRIVERS\usbohci.sys
17:53:43.0689 3340        usbohci - ok
17:53:43.0752 3340        usbprint        (e75c4b5269091d15a2e7dc0b6d35f2f5) C:\Windows\system32\DRIVERS\usbprint.sys
17:53:43.0783 3340        usbprint - ok
17:53:43.0846 3340        usbscan        (a508c9bd8724980512136b039bba65e9) C:\Windows\system32\DRIVERS\usbscan.sys
17:53:43.0892 3340        usbscan - ok
17:53:43.0955 3340        USBSTOR        (87ba6b83c5d19b69160968d07d6e2982) C:\Windows\system32\DRIVERS\USBSTOR.SYS
17:53:43.0986 3340        USBSTOR - ok
17:53:44.0142 3340        usbuhci        (814d653efc4d48be3b04a307eceff56f) C:\Windows\system32\DRIVERS\usbuhci.sys
17:53:44.0205 3340        usbuhci - ok
17:53:44.0252 3340        usbvideo        (e67998e8f14cb0627a769f6530bcb352) C:\Windows\system32\Drivers\usbvideo.sys
17:53:44.0330 3340        usbvideo - ok
17:53:44.0564 3340        UxSms          (032a0acc3909ae7215d524e29d536797) C:\Windows\System32\uxsms.dll
17:53:44.0596 3340        UxSms - ok
17:53:44.0814 3340        vds            (b13bc395b9d6116628f5af47e0802ac4) C:\Windows\System32\vds.exe
17:53:44.0892 3340        vds - ok
17:53:44.0924 3340        vga            (87b06e1f30b749a114f74622d013f8d4) C:\Windows\system32\DRIVERS\vgapnp.sys
17:53:44.0986 3340        vga - ok
17:53:45.0033 3340        VgaSave        (2e93ac0a1d8c79d019db6c51f036636c) C:\Windows\System32\drivers\vga.sys
17:53:45.0064 3340        VgaSave - ok
17:53:45.0096 3340        viaagp          (5d7159def58a800d5781ba3a879627bc) C:\Windows\system32\drivers\viaagp.sys
17:53:45.0111 3340        viaagp - ok
17:53:45.0142 3340        ViaC7          (c4f3a691b5bad343e6249bd8c2d45dee) C:\Windows\system32\drivers\viac7.sys
17:53:45.0174 3340        ViaC7 - ok
17:53:45.0205 3340        viaide          (aadf5587a4063f52c2c3fed7887426fc) C:\Windows\system32\drivers\viaide.sys
17:53:45.0221 3340        viaide - ok
17:53:45.0252 3340        volmgr          (69503668ac66c77c6cd7af86fbdf8c43) C:\Windows\system32\drivers\volmgr.sys
17:53:45.0267 3340        volmgr - ok
17:53:45.0439 3340        volmgrx        (98f5ffe6316bd74e9e2c97206c190196) C:\Windows\system32\drivers\volmgrx.sys
17:53:45.0471 3340        volmgrx - ok
17:53:45.0533 3340        volsnap        (d8b4a53dd2769f226b3eb374374987c9) C:\Windows\system32\drivers\volsnap.sys
17:53:45.0549 3340        volsnap - ok
17:53:45.0596 3340        vsmraid        (587253e09325e6bf226b299774b728a9) C:\Windows\system32\drivers\vsmraid.sys
17:53:45.0627 3340        vsmraid - ok
17:53:45.0830 3340        VSS            (d5fb73d19c46ade183f968e13f186b23) C:\Windows\system32\vssvc.exe
17:53:45.0955 3340        VSS - ok
17:53:46.0017 3340        W32Time        (1cf9206966a8458cda9a8b20df8ab7d3) C:\Windows\system32\w32time.dll
17:53:46.0064 3340        W32Time - ok
17:53:46.0127 3340        WacomPen        (48dfee8f1af7c8235d4e626f0c4fe031) C:\Windows\system32\drivers\wacompen.sys
17:53:46.0205 3340        WacomPen - ok
17:53:46.0236 3340        Wanarp          (55201897378cca7af8b5efd874374a26) C:\Windows\system32\DRIVERS\wanarp.sys
17:53:46.0267 3340        Wanarp - ok
17:53:46.0283 3340        Wanarpv6        (55201897378cca7af8b5efd874374a26) C:\Windows\system32\DRIVERS\wanarp.sys
17:53:46.0314 3340        Wanarpv6 - ok
17:53:46.0424 3340        wcncsvc        (f3a5c2e1a6533192b070d06ecf6be796) C:\Windows\System32\wcncsvc.dll
17:53:46.0502 3340        wcncsvc - ok
17:53:46.0533 3340        WcsPlugInService (11bcb7afcdd7aadacb5746f544d3a9c7) C:\Windows\System32\WcsPlugInService.dll
17:53:46.0596 3340        WcsPlugInService - ok
17:53:46.0642 3340        Wd              (78fe9542363f297b18c027b2d7e7c07f) C:\Windows\system32\drivers\wd.sys
17:53:46.0658 3340        Wd - ok
17:53:46.0736 3340        Wdf01000        (b6f0a7ad6d4bd325fbcd8bac96cd8d96) C:\Windows\system32\drivers\Wdf01000.sys
17:53:46.0767 3340        Wdf01000 - ok
17:53:46.0799 3340        WdiServiceHost  (abfc76b48bb6c96e3338d8943c5d93b5) C:\Windows\system32\wdi.dll
17:53:46.0846 3340        WdiServiceHost - ok
17:53:46.0861 3340        WdiSystemHost  (abfc76b48bb6c96e3338d8943c5d93b5) C:\Windows\system32\wdi.dll
17:53:46.0892 3340        WdiSystemHost - ok
17:53:46.0939 3340        WebClient      (cf9a5f41789b642db967021de06a2713) C:\Windows\System32\webclnt.dll
17:53:46.0971 3340        WebClient - ok
17:53:47.0033 3340        Wecsvc          (ae3736e7e8892241c23e4ebbb7453b60) C:\Windows\system32\wecsvc.dll
17:53:47.0064 3340        Wecsvc - ok
17:53:47.0096 3340        wercplsupport  (670ff720071ed741206d69bd995ea453) C:\Windows\System32\wercplsupport.dll
17:53:47.0174 3340        wercplsupport - ok
17:53:47.0236 3340        WerSvc          (fd1965aaa112c6818a30ab02742d0461) C:\Windows\System32\WerSvc.dll
17:53:47.0299 3340        WerSvc - ok
17:53:47.0330 3340        WinHttpAutoProxySvc - ok
17:53:47.0549 3340        Winmgmt        (00b79a7c984678f24cf052e5beb3a2f5) C:\Windows\system32\wbem\WMIsvc.dll
17:53:47.0596 3340        Winmgmt - ok
17:53:47.0939 3340        WinRM          (7cfe68bdc065e55aa5e8421607037511) C:\Windows\system32\WsmSvc.dll
17:53:48.0080 3340        WinRM - ok
17:53:48.0189 3340        winusb          (f03110711b17ad31271cb2baf0dbb2b1) C:\Windows\system32\DRIVERS\WinUSB.SYS
17:53:48.0267 3340        winusb - ok
17:53:48.0408 3340        Wlansvc        (275f4346e569df56cfb95243bd6f6ff0) C:\Windows\System32\wlansvc.dll
17:53:48.0486 3340        Wlansvc - ok
17:53:48.0549 3340        WmiAcpi        (2e7255d172df0b8283cdfb7b433b864e) C:\Windows\system32\DRIVERS\wmiacpi.sys
17:53:48.0596 3340        WmiAcpi - ok
17:53:48.0721 3340        wmiApSrv        (aba4cf9f856d9a3a25f4ddd7690a6e9d) C:\Windows\system32\wbem\WmiApSrv.exe
17:53:48.0783 3340        wmiApSrv - ok
17:53:49.0158 3340        WMPNetworkSvc  (3978704576a121a9204f8cc49a301a9b) C:\Program Files\Windows Media Player\wmpnetwk.exe
17:53:49.0314 3340        WMPNetworkSvc - ok
17:53:49.0424 3340        WPCSvc          (5d94cd167751294962ba238d82dd1bb8) C:\Windows\System32\wpcsvc.dll
17:53:49.0517 3340        WPCSvc - ok
17:53:49.0549 3340        WPDBusEnum      (396d406292b0cd26e3504ffe82784702) C:\Windows\system32\wpdbusenum.dll
17:53:49.0611 3340        WPDBusEnum - ok
17:53:49.0721 3340        WpdUsb          (0cec23084b51b8288099eb710224e955) C:\Windows\system32\DRIVERS\wpdusb.sys
17:53:49.0767 3340        WpdUsb - ok
17:53:50.0267 3340        WPFFontCache_v0400 (dcf3e3edf5109ee8bc02fe6e1f045795) C:\Windows\Microsoft.NET\Framework\v4.0.30319\WPF\WPFFontCache_v0400.exe
17:53:50.0346 3340        WPFFontCache_v0400 - ok
17:53:50.0392 3340        ws2ifsl        (e3a3cb253c0ec2494d4a61f5e43a389c) C:\Windows\system32\drivers\ws2ifsl.sys
17:53:50.0439 3340        ws2ifsl - ok
17:53:50.0455 3340        WSearch - ok
17:53:50.0705 3340        wuauserv        (6298277b73c77fa99106b271a7525163) C:\Windows\system32\wuaueng.dll
17:53:51.0080 3340        wuauserv - ok
17:53:51.0892 3340        WUDFRd          (ac13cb789d93412106b0fb6c7eb2bcb6) C:\Windows\system32\DRIVERS\WUDFRd.sys
17:53:51.0924 3340        WUDFRd - ok
17:53:51.0986 3340        wudfsvc        (575a4190d989f64732119e4114045a4f) C:\Windows\System32\WUDFSvc.dll
17:53:52.0033 3340        wudfsvc - ok
17:53:52.0111 3340        MBR (0x1B8)    (5c616939100b85e558da92b899a0fc36) \Device\Harddisk0\DR0
17:53:53.0627 3340        \Device\Harddisk0\DR0 - ok
17:53:53.0674 3340        Boot (0x1200)  (b293fad52f4300908078964f3994177e) \Device\Harddisk0\DR0\Partition0
17:53:53.0689 3340        \Device\Harddisk0\DR0\Partition0 - ok
17:53:53.0721 3340        Boot (0x1200)  (a4f57fe1d8553545fdcc6c2c894eae06) \Device\Harddisk0\DR0\Partition1
17:53:53.0721 3340        \Device\Harddisk0\DR0\Partition1 - ok
17:53:53.0721 3340        ============================================================
17:53:53.0721 3340        Scan finished
17:53:53.0721 3340        ============================================================
17:53:53.0752 2464        Detected object count: 1
17:53:53.0752 2464        Actual detected object count: 1
17:55:41.0348 2464        LightScribeService ( UnsignedFile.Multi.Generic ) - skipped by user
17:55:41.0348 2464        LightScribeService ( UnsignedFile.Multi.Generic ) - User select action: Skip

Lg, Michi

cosinus 12.06.2012 21:49
Dann bitte jetzt CF ausführen:

ComboFix

Ein Leitfaden und Tutorium zur Nutzung von ComboFix
  • Schliesse alle Programme, vor allem dein Antivirenprogramm und andere Hintergrundwächter sowie deinen Internetbrowser.
  • Starte combofix.exe von deinem Desktop aus, bestätige die Warnmeldungen, führe die Updates durch (falls vorgeschlagen), installiere die Wiederherstellungskonsole (falls vorgeschlagen) und lass dein System durchsuchen.
    Vermeide es auch während Combofix läuft die Maus und Tastatur zu benutzen.
  • Im Anschluss öffnet sich automatisch eine combofix.txt, diesen Inhalt bitte kopieren ([Strg]a, [Strg]c) und in deinen Beitrag einfügen ([Strg]v). Die Datei findest du außerdem unter: C:\ComboFix.txt.
Wichtiger Hinweis:
Combofix darf ausschließlich ausgeführt werden, wenn ein Kompetenzler dies ausdrücklich empfohlen hat!

Es sollte nie auf eigene Initiative hin ausgeführt werden! Eine falsche Benutzung kann ernsthafte Computerprobleme nach sich ziehen und eine Bereinigung der Infektion noch erschweren.

Solltest du nach der Ausführung von Combofix Probleme beim Starten von Anwendungen haben und Meldungen erhalten wie

Zitat:
Es wurde versucht, einen Registrierungsschlüssel einem ungültigen Vorgang zu unterziehen, der zum Löschen markiert wurde.
startest du Windows dann manuell neu und die Fehlermeldungen sollten nicht mehr auftauchen.

Morwen 13.06.2012 08:56
Hallo,

wenn ich ComboFix ausführen möchte, macht er zwar was, aber dann steht da "Do not run when in compatibility modus. This may damage the machine".

Leider weiß ich nicht, was dieser Kompatibilitätsmodus sein soll, habe schon ein wenig im Internet gesucht, aber bin nicht schlau daraus geworden was ich machen soll :crazy:

Kannst du mir da bitte helfen? Lg, Michi


Alle Zeitangaben in WEZ +1. Es ist jetzt 18:21 Uhr.
Seite 1 von 3 1 23
100 Beiträge dieses Themas auf einer Seite anzeigen

Copyright ©2000-2025, Trojaner-Board


Search Engine Optimization by vBSEO ©2011, Crawlability, Inc.

1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28 29 30 31 32 33 34 35 36 37 38 39 40 41 42 43 44 45 46 47 48 49 50 51 52 53 54 55 56 57 58 59 60 61 62 63 64 65 66 67 68 69 70 71 72 73 74 75 76 77 78 79 80 81 82 83 84 85 86 87 88 89 90 91 92 93 94 95 96 97 98 99 100 101 102 103 104 105 106 107 108 109 110 111 112 113 114 115 116 117 118 119 120 121 122 123 124 125 126 127 128 129 130 131