Zurück   Trojaner-Board > Malware entfernen > Plagegeister aller Art und deren Bekämpfung

Plagegeister aller Art und deren Bekämpfung: TR/Spy.Banker.Gen8

Windows 7 Wenn Du nicht sicher bist, ob Du dir Malware oder Trojaner eingefangen hast, erstelle hier ein Thema. Ein Experte wird sich mit weiteren Anweisungen melden und Dir helfen die Malware zu entfernen oder Unerwünschte Software zu deinstallieren bzw. zu löschen. Bitte schildere dein Problem so genau wie möglich. Sollte es ein Trojaner oder Viren Problem sein wird ein Experte Dir bei der Beseitigug der Infektion helfen.

Antwort
Alt 15.11.2012, 20:03   #1
fandingo
 
TR/Spy.Banker.Gen8 - Standard

TR/Spy.Banker.Gen8



Hi zusammen,

leider habe ich mir den TR/Spy.Banker.Gen8 eingefangen. Ich hoffe mir kann geholfen werden, den Dreck von meinem Laptop sicher und rückstandslos zu entfernen. Die Meldung kam über AVIRA, trotz erfolgtem Entfernen natürlich immer wieder. Mittels Malwarebytes habe ich die Trojaner wie empfohlen bereits in den Quarantäne Ordner verschoben. Die weiteren Schritte habe ich hoffentlich auch alle korrekt durchgeführt.

Meine Daten:

ASUS Notebook M50Vn/M50Vm/M50Vc Series
Intel(R) Core(TM)2 Duo CPU T9400 @ 2,53 GHz 2,53 GHz
Arbeitsspeicher 4,00 GB
32 Bit-System

Pfad aus Quarantäneordner AVIRA: C:\Users\Matthias\AppData\Roaming\BAcroIEHelpe231.dll



EXTRAS.TXTOTL Logfile:
Code:
ATTFilter
OTL Extras logfile created on: 15.11.2012 19:44:01 - Run 1
OTL by OldTimer - Version 3.2.69.0     Folder = C:\Users\Matthias\Desktop\Downloads\Downloads
Windows Vista Home Premium Edition Service Pack 2 (Version = 6.0.6002) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
 
3,00 Gb Total Physical Memory | 1,75 Gb Available Physical Memory | 58,40% Memory free
6,20 Gb Paging File | 4,89 Gb Available in Paging File | 78,96% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 454,04 Gb Total Space | 309,37 Gb Free Space | 68,14% Space Free | Partition Type: NTFS
Drive D: | 6,07 Gb Total Space | 0,00 Gb Free Space | 0,00% Space Free | Partition Type: UDF
 
Computer Name: ASUS | User Name: Matthias | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Quick Scan
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days
 
========== Extra Registry (SafeList) ==========
 
 
========== File Associations ==========
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- C:\Windows\System32\control.exe (Microsoft Corporation)
.hlp [@ = hlpfile] -- C:\Windows\winhlp32.exe (Microsoft Corporation)
 
[HKEY_CURRENT_USER\SOFTWARE\Classes\<extension>]
.html [@ = FirefoxHTML] -- C:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation)
 
========== Shell Spawning ==========
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
hlpfile [open] -- %SystemRoot%\winhlp32.exe %1 (Microsoft Corporation)
htmlfile [edit] -- "C:\Program Files\Microsoft Office 2010\Office14\msohtmed.exe" %1 (Microsoft Corporation)
htmlfile [print] -- "C:\Program Files\Microsoft Office 2010\Office14\msohtmed.exe" /p %1 (Microsoft Corporation)
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [open] -- %SystemRoot%\Explorer.exe /separate,/idlist,%I,%L (Microsoft Corporation)
Folder [explore] -- %SystemRoot%\Explorer.exe /separate,/e,/idlist,%I,%L (Microsoft Corporation)
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
 
========== Security Center Settings ==========
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 1
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"AntiVirusOverride" = 0
"AntiSpywareOverride" = 0
"FirewallOverride" = 0
"VistaSp1" = Reg Error: Unknown registry data type -- File not found
"VistaSp2" = Reg Error: Unknown registry data type -- File not found
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol]
 
========== Firewall Settings ==========
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"EnableFirewall" = 1
"DisableNotifications" = 0
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"EnableFirewall" = 1
"DisableNotifications" = 0
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
"EnableFirewall" = 1
"DisableNotifications" = 0
 
========== Authorized Applications List ==========
 
 
========== Vista Active Open Ports Exception List ==========
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{04078877-F5BE-49DD-9BDF-B9315132F802}" = lport=1900 | protocol=17 | dir=in | name=windows live communications platform (ssdp) | 
"{09AD532A-F7EC-4E6F-AEB4-F6781B66AAA7}" = rport=445 | protocol=6 | dir=out | app=system | 
"{14F58B5B-4986-4E53-B5CD-A4742344D3C7}" = lport=rpc | protocol=6 | dir=in | svc=spooler | app=%systemroot%\system32\spoolsv.exe | 
"{393F852D-8E6C-42BF-AFF9-411FB111E29F}" = lport=137 | protocol=17 | dir=in | app=system | 
"{537FCEA0-F486-4A43-A717-793673726859}" = rport=139 | protocol=6 | dir=out | app=system | 
"{5534C1B2-CBDC-4763-8CA6-BFC02F375102}" = lport=2869 | protocol=6 | dir=in | name=windows live communications platform (upnp) | 
"{5E4D1627-5508-422F-93A9-BDB72F52FE74}" = lport=rpc-epmap | protocol=6 | dir=in | svc=rpcss | name=@firewallapi.dll,-28539 | 
"{8143224F-0E93-499D-BAFC-1E002DA635F5}" = lport=139 | protocol=6 | dir=in | app=system | 
"{9E25230E-1AF7-4CC7-8903-8067D0354022}" = lport=138 | protocol=17 | dir=in | app=system | 
"{9E523F24-81BE-42C5-9EB1-3069EDD64AD8}" = lport=445 | protocol=6 | dir=in | app=system | 
"{A531754D-DAA9-4A74-B7B3-22DFC0DC0857}" = rport=137 | protocol=17 | dir=out | app=system | 
"{EDAB9B74-9BFB-4D27-B69E-3EB08B95B646}" = rport=138 | protocol=17 | dir=out | app=system | 
 
========== Vista Active Application Exception List ==========
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{0A5F9D15-2C26-4D6F-A0FB-B0E142759E94}" = dir=in | app=c:\program files\windows live\messenger\msnmsgr.exe | 
"{2032790A-ED30-44D2-A0AA-C05C0C9F5660}" = protocol=1 | dir=out | name=@firewallapi.dll,-28544 | 
"{285FD47C-449E-4AC4-B0FC-217F481CF715}" = protocol=1 | dir=in | name=@firewallapi.dll,-28543 | 
"{331F0D39-28A8-46D9-930B-3E1DE9A58BFF}" = protocol=58 | dir=in | name=@firewallapi.dll,-28545 | 
"{344DE76B-18D0-4691-9EFC-C1C8CA6B6973}" = protocol=17 | dir=in | app=c:\users\matthias\appdata\roaming\dropbox\bin\dropbox.exe | 
"{3ED69CEA-693E-4350-881F-05C0FB6C0056}" = protocol=6 | dir=in | app=c:\program files\icq7.7\icq.exe | 
"{4DCEDE9F-2D53-42B9-84C4-2AFABAF319E7}" = protocol=6 | dir=in | app=c:\program files\icq7.7\icq.exe | 
"{50B5FB6C-E96C-4F83-A22E-D4BD583EAEAC}" = protocol=17 | dir=in | app=c:\program files\icq7.7\icq.exe | 
"{5639AC6B-7999-4446-AA42-95F03D72F5ED}" = protocol=6 | dir=in | app=c:\program files\microsoft office 2010\office14\groove.exe | 
"{79921021-1A30-479D-814A-E2EC7C8D38C2}" = dir=in | app=c:\program files\windows live\contacts\wlcomm.exe | 
"{7E2E3297-1C3C-4AC0-88D4-54B5EF9C35BF}" = protocol=17 | dir=in | app=c:\program files\microsoft office 2010\office14\groove.exe | 
"{987ED4CC-1B4F-45A2-9F7E-BD2C09F918CE}" = protocol=6 | dir=in | app=c:\windows\system32\muzapp.exe | 
"{B3A551DB-E1C9-456F-87EC-B4AB69B53336}" = protocol=6 | dir=in | app=c:\users\matthias\appdata\roaming\dropbox\bin\dropbox.exe | 
"{B69F190B-21DD-4D0D-B9AB-88F6F9F79D97}" = protocol=17 | dir=in | app=c:\program files\icq7.7\icq.exe | 
"{CF8359D0-3D32-4E86-A493-2B6B9C0EF24D}" = protocol=58 | dir=out | name=@firewallapi.dll,-28546 | 
"{D3CA8C25-ABD2-49E8-913B-0A28FC2D0F71}" = protocol=6 | dir=in | app=c:\program files\icq7.7\icq.exe | 
"{DD9FF5F9-DFAB-4AB7-8171-E963F3BEDB45}" = protocol=17 | dir=in | app=c:\program files\icq7.7\icq.exe | 
"{E15C28A9-98E9-4C7E-BE41-EFD75CA3C03E}" = protocol=17 | dir=in | app=c:\windows\system32\muzapp.exe | 
"TCP Query User{002D993B-38DC-4B9E-AB25-3E6FD84D127D}C:\program files\konami\pro evolution soccer 2013\pes2013.exe" = protocol=6 | dir=in | app=c:\program files\konami\pro evolution soccer 2013\pes2013.exe | 
"TCP Query User{1F27EDA3-0F8B-4EEF-9803-3871A0A1A0A5}C:\games\pes2012.exe" = protocol=6 | dir=in | app=c:\games\pes2012.exe | 
"TCP Query User{E92E9DBA-9CB3-475A-9BBF-2E562DB970FE}C:\program files\sopcast\sopcast.exe" = protocol=6 | dir=in | app=c:\program files\sopcast\sopcast.exe | 
"UDP Query User{24A920A2-5B5E-498E-9E09-F545BF456F01}C:\games\pes2012.exe" = protocol=17 | dir=in | app=c:\games\pes2012.exe | 
"UDP Query User{A53E2580-579B-4471-8314-0BF87B97A03D}C:\program files\sopcast\sopcast.exe" = protocol=17 | dir=in | app=c:\program files\sopcast\sopcast.exe | 
"UDP Query User{B0E180BB-74E6-44DF-8555-CFD12C7BCDA0}C:\program files\konami\pro evolution soccer 2013\pes2013.exe" = protocol=17 | dir=in | app=c:\program files\konami\pro evolution soccer 2013\pes2013.exe | 
 
========== HKEY_LOCAL_MACHINE Uninstall List ==========
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{01E9B2FF-DAF4-4529-9CC9-2101625517C7}" = nero.prerequisites.msi
"{034DCAF9-96E7-4936-9A07-712F80B5181E}" = Nero RescueAgent 11
"{03D1988F-469F-4843-8E6E-E5FE9D17889D}" = WIDCOMM Bluetooth Software
"{052FDD78-A6EA-3187-8386-C82F4CA3A929}" = Microsoft .NET Framework 3.5 Language Pack SP1 - deu
"{0713D1F9-DD77-42C1-8C7D-54D479E2E743}" = Nero SoundTrax 11
"{0B0F231F-CE6A-483D-AA23-77B364F75917}" = Windows Live Installer
"{0D7A4289-99CF-4B8D-B812-86BE50A54552}" = Nero Video 11
"{11D3EF85-63E1-4AE4-A7C1-9241BDB16B51}" = Nero ControlCenter 11
"{1BA1DBDC-5431-46FD-A66F-A17EB1C439EE}" = Windows Live Messenger
"{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
"{200FEC62-3C34-4D60-9CE8-EC372E01C08F}" = Windows Live SOXE Definitions
"{2624B969-7135-4EB1-B0F6-2D8C397B45F7}_is1" = MPC-HC 1.6.4.6052
"{26A24AE4-039D-4CA4-87B4-2F83216031FF}" = Java(TM) 6 Update 31
"{26A24AE4-039D-4CA4-87B4-2F83217007FF}" = Java 7 Update 7
"{2862A3C1-0CD9-4D8B-A28C-8C337D4DD5EB}" = Express Gate
"{2CA7225D-CB12-462A-9DD1-50319E158BA5}" = Nero 11 PiP Effects Basic
"{37B33B16-2535-49E7-8990-32668708A0A3}" = Windows Live UX Platform Language Pack
"{390757AA-8830-43DC-AEE0-4E5B6F8439EB}" = Nero SoundTrax 11 Help (CHM)
"{3B05F2FB-745B-4012-ADF2-439F36B2E70B}" = ATKOSD2
"{3B418709-D688-4E3A-BE0E-7D71FA84C948}" = Nero 11 PiP Effects 1
"{3C3901C5-3455-3E0A-A214-0B093A5070A6}" = Microsoft .NET Framework 4 Client Profile
"{40580068-9B10-40B5-9548-536CE88AB23C}" = ITECIR
"{4382FC76-8100-4951-8658-31834E625E88}" = Nero 11 Video Transitions 1
"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
"{53F7746A-96AA-49A5-86B8-59989680DAC5}" = Nero Burning ROM 11 Help (CHM)
"{55C2143E-FBA5-442F-9AFA-726FF068F39D}" = Nero CoverDesigner 11 Help (CHM)
"{57F80ECF-E27C-4EEE-AB58-E971BACE2639}" = Nero Recode 11 Help (CHM)
"{59F6A514-9813-47A3-948C-8A155460CC2A}" = RICOH R5C83x/84x Flash Media Controller Driver Ver.3.55.03
"{5A212B2D-140D-46F4-B625-2D1CA5A00594}" = Nero 11 Kwik Themes Basic
"{5DD4FCBD-A3C1-4155-9E17-4161C70AAABA}" = Segoe UI
"{5E98FDD6-3672-4DBE-AB8B-2C9A0BED1382}" = Nero 11 Disc Menus 3
"{65BB0407-4CC8-4DC7-952E-3EEFDF05602A}" = Nero Update
"{682B3E4F-696A-42DE-A41C-4C07EA1678B4}" = Windows Live SOXE
"{6AB2427E-A18F-4809-9A12-29F5EBABBB3A}" = Nero BackItUp 11 Help (CHM)
"{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}" = Microsoft Visual C++ 2005 Redistributable
"{758C8301-2696-4855-AF45-534B1200980A}" = Samsung Kies
"{77F665FD-3F60-4B0A-AE14-EC124B7A7FCE}" = ICQ7.7
"{7C05592D-424B-46CB-B505-E0013E8E75C9}" = ATK Hotkey
"{7DF2B5EE-2C16-4E86-9C71-8678068AD805}" = Nero 11 Disc Menus 2
"{8014FACB-1D1D-48C2-94AA-E29EE2E6B9CE}" = Nero WaveEditor 11
"{83C292B7-38A5-440B-A731-07070E81A64F}" = Windows Live PIMT Platform
"{83F73CB1-7705-49D1-9852-84D839CA2A45}" = Wireless Console 2
"{8833FFB6-5B0C-4764-81AA-06DFEED9A476}" = Realtek 8169, 8168, 8101E and 8102E Ethernet Network Card Driver for Windows Vista
"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
"{8DD46C6A-0056-4FEC-B70A-28BB16A1F11F}" = MSVCRT
"{90140000-0011-0000-0000-0000000FF1CE}" = Microsoft Office Professional Plus 2010
"{90140000-0011-0000-0000-0000000FF1CE}_Office14.PROPLUS_{047B0968-E622-4FAA-9B4B-121FA109EDDE}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-0015-0407-0000-0000000FF1CE}" = Microsoft Office Access MUI (German) 2010
"{90140000-0015-0407-0000-0000000FF1CE}_Office14.PROPLUS_{69E54534-4569-4639-89E9-305B60A11601}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-0016-0407-0000-0000000FF1CE}" = Microsoft Office Excel MUI (German) 2010
"{90140000-0016-0407-0000-0000000FF1CE}_Office14.PROPLUS_{69E54534-4569-4639-89E9-305B60A11601}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-0018-0407-0000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (German) 2010
"{90140000-0018-0407-0000-0000000FF1CE}_Office14.PROPLUS_{69E54534-4569-4639-89E9-305B60A11601}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-0019-0407-0000-0000000FF1CE}" = Microsoft Office Publisher MUI (German) 2010
"{90140000-0019-0407-0000-0000000FF1CE}_Office14.PROPLUS_{69E54534-4569-4639-89E9-305B60A11601}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-001A-0407-0000-0000000FF1CE}" = Microsoft Office Outlook MUI (German) 2010
"{90140000-001A-0407-0000-0000000FF1CE}_Office14.PROPLUS_{69E54534-4569-4639-89E9-305B60A11601}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-001B-0407-0000-0000000FF1CE}" = Microsoft Office Word MUI (German) 2010
"{90140000-001B-0407-0000-0000000FF1CE}_Office14.PROPLUS_{69E54534-4569-4639-89E9-305B60A11601}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-001F-0407-0000-0000000FF1CE}" = Microsoft Office Proof (German) 2010
"{90140000-001F-0407-0000-0000000FF1CE}_Office14.PROPLUS_{65A2328E-FDFB-4CA3-8582-357EA6825FEA}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-001F-0409-0000-0000000FF1CE}" = Microsoft Office Proof (English) 2010
"{90140000-001F-0409-0000-0000000FF1CE}_Office14.PROPLUS_{99ACCA38-6DD3-48A8-96AE-A283C9759279}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-001F-040C-0000-0000000FF1CE}" = Microsoft Office Proof (French) 2010
"{90140000-001F-040C-0000-0000000FF1CE}_Office14.PROPLUS_{46298F6A-1E7E-4D4A-B5F5-106A4F0E48C6}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-001F-0410-0000-0000000FF1CE}" = Microsoft Office Proof (Italian) 2010
"{90140000-001F-0410-0000-0000000FF1CE}_Office14.PROPLUS_{C0743197-FFEE-4C19-BAEB-8F7437DC4C8A}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-002C-0407-0000-0000000FF1CE}" = Microsoft Office Proofing (German) 2010
"{90140000-002C-0407-0000-0000000FF1CE}_Office14.PROPLUS_{4275FB46-ABDF-4456-876C-17CF64294D9A}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-0044-0407-0000-0000000FF1CE}" = Microsoft Office InfoPath MUI (German) 2010
"{90140000-0044-0407-0000-0000000FF1CE}_Office14.PROPLUS_{69E54534-4569-4639-89E9-305B60A11601}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-006E-0407-0000-0000000FF1CE}" = Microsoft Office Shared MUI (German) 2010
"{90140000-006E-0407-0000-0000000FF1CE}_Office14.PROPLUS_{98EDFD9F-EA76-40CC-BCE9-92C69413F65B}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-00A1-0407-0000-0000000FF1CE}" = Microsoft Office OneNote MUI (German) 2010
"{90140000-00A1-0407-0000-0000000FF1CE}_Office14.PROPLUS_{69E54534-4569-4639-89E9-305B60A11601}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-00BA-0407-0000-0000000FF1CE}" = Microsoft Office Groove MUI (German) 2010
"{90140000-00BA-0407-0000-0000000FF1CE}_Office14.PROPLUS_{69E54534-4569-4639-89E9-305B60A11601}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{9193490D-5229-4FC4-9BB9-A6D63C09574A}" = High-Definition Video Playback
"{95120000-00B9-0409-0000-0000000FF1CE}" = Microsoft Application Error Reporting
"{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
"{9B6239BF-4E85-4590-8D72-51E30DB1A9AA}" = ASUS Power4Gear eXtreme
"{9BE518E6-ECC6-35A9-88E4-87755C07200F}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
"{9FC86590-AC98-4845-80D4-3EB37B51947B}" = Nero 11
"{A0F34849-D9AB-46DD-B1BE-BB0DB60B1FE8}" = Nero 11 Disc Menus 1
"{A2CDC001-F8B3-4C64-9E74-2E3FA0FAC9D9}" = Nero 11 Video Samples
"{A4F6BE36-4826-45BA-A396-04F265A3B61D}" = Nero 11 Kwik Themes 2
"{A7A0BF2E-31CC-49E3-9913-52C503EB969D}" = Nero Audio Pack 1
"{A9BDCA6B-3653-467B-AC83-94367DA3BFE3}" = Windows Live Photo Common
"{AB2BBC64-8AC8-4E66-BBF3-E22D5EACEECA}" = Nero BackItUp 11
"{AC76BA86-7AD7-1031-7B44-AA1000000001}" = Adobe Reader X (10.1.4) - Deutsch
"{ACD6B383-EC5B-4000-A455-CCB308B447FE}" = Nero 11 Kwik Themes 4
"{B160A672-F326-4414-9BB0-A056C61B357C}" = Nero 11 Cliparts
"{B1846721-A8E6-46C7-83B6-0DCF7ADB4267}" = Nero Burning ROM 11
"{B1F69AF3-B5B5-4CA5-ADC5-8A738EB6E574}" = Nero 11 Kwik Themes 1
"{B9B1BA7F-7E07-49DD-A713-5B397A5BB66B}" = Nero Kwik Media Help (CHM)
"{BA499CC0-12C0-4BA5-9007-76844B721158}" = Nero 11 Kwik Themes 3
"{BE814218-3919-4EA3-868A-2F60BC135CB4}" = Nero Kwik Media
"{BEBEE34D-84A2-4EDD-8BEA-96CC54371263}" = Nero Core Components 11
"{C2523AE6-F335-4D0B-BC15-1C07E4ACE629}" = Pro Evolution Soccer 2013
"{C2AB7DC4-489E-4BE9-887A-52262FBADBE0}" = Windows Live Photo Common
"{C6150D8A-86ED-41D3-87BB-F3BB51B0B77F}" = Windows Live ID Sign-in Assistant
"{CCE210DF-7EEF-4A76-A63C-3EB091FDB992}" = welcome
"{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}" = Microsoft .NET Framework 3.5 SP1
"{CE95A79E-E4FC-4FFF-8A75-29F04B942FF2}" = Windows Live UX Platform
"{D01CE99A-8802-483C-A79F-298B691EB432}" = Nero RescueAgent 11 Help (CHM)
"{D0795B21-0CDA-4a92-AB9E-6E92D8111E44}" = SAMSUNG USB Driver for Mobile Phones
"{D2CBEFA4-F2D3-4E97-A171-8BFD6A31A5EC}" = Nero Express 11 Help (CHM)
"{D3D54F3E-C5C3-443D-978F-87A72E5616E8}" = ATK Generic Function Service
"{D45240D3-B6B3-4FF9-B243-54ECE3E10066}" = Windows Live Communications Platform
"{D4D66270-9147-4BDF-9946-FCA2B303AA8F}" = Nero ControlCenter 11 Help (CHM)
"{DE66EFAD-B9CC-4FD4-9157-6C18E5100161}" = Dolby Control Center
"{E09C4DB7-630C-4F06-A631-8EA7239923AF}" = D3DX10
"{E10AAE4A-98B8-420A-BD93-E0520C23D624}" = Nero Express 11
"{E51BC4B0-EA5E-49CC-AF3B-93B5C627EC22}" = Nero 11 Effects Basic
"{E5B21F11-6933-4E0B-A25C-7963E3C07D11}" = Windows Live Messenger
"{E657B243-9AD4-4ECC-BE81-4CCF8D667FD0}" = ASUS Live Update
"{E737A098-F161-4B6F-AF22-86AAE34F6FBD}" = Pro Evolution Soccer 2012
"{EB8DED20-A887-4A9C-BB5A-F3E7523DFB44}" = Nero WaveEditor 11 Help (CHM)
"{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}" = Microsoft Visual C++ 2010  x86 Redistributable - 10.0.40219
"{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}" = Realtek High Definition Audio Driver
"{F3743A2C-5D5F-4456-8F98-5DF36A954C50}" = Nero 11 Image Samples
"{F40BBEC7-C2A4-4A00-9B24-7A055A2C5262}" = Microsoft Office Live Add-in 1.5
"{F49EF443-B2BD-4F10-8A46-87AFCDB90EDD}" = Nero 11 Disc Menus Basic
"{F69FB940-5031-4FE8-AFAD-085802D0BF63}" = Nero Recode 11
"{F750C986-5310-3A5A-95F8-4EC71C8AC01C}" = Microsoft .NET Framework 4 Client Profile DEU Language Pack
"{F8EF9B71-53E7-41F5-8E54-47B4C979CB38}" = Nero Backup Drivers
"{F95E4EE0-0C6E-4273-B6B9-91FD6F071D76}" = Windows Live Essentials
"{FAC3C37E-EDAB-4F3A-A173-A7C70CC88F09}" = Nero Video 11 Help (CHM)
"{FF44BCE5-5A18-4051-85F0-BC172D7B4695}" = Nero CoverDesigner 11
"1&1 Mail & Media GmbH Toolbar FF" = WEB.DE MailCheck für Mozilla Firefox
"7-Zip" = 7-Zip 9.20
"Adobe Flash Player ActiveX" = Adobe Flash Player 11 ActiveX
"Adobe Flash Player Plugin" = Adobe Flash Player 11 Plugin
"Avira AntiVir Desktop" = Avira Free Antivirus
"DAEMON Tools Lite" = DAEMON Tools Lite
"Digital Editions" = Adobe Digital Editions
"EPSON SX510W Series" = Druckerdeinstallation für EPSON SX510W Series
"InstallShield_{758C8301-2696-4855-AF45-534B1200980A}" = Samsung Kies
"Malwarebytes' Anti-Malware_is1" = Malwarebytes Anti-Malware Version 1.65.1.1000
"Microsoft .NET Framework 3.5 Language Pack SP1 - deu" = Microsoft .NET Framework 3.5 Language Pack SP1 - DEU
"Microsoft .NET Framework 3.5 SP1" = Microsoft .NET Framework 3.5 SP1
"Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile
"Microsoft .NET Framework 4 Client Profile DEU Language Pack" = Microsoft .NET Framework 4 Client Profile DEU Language Pack
"Mozilla Firefox 16.0.2 (x86 de)" = Mozilla Firefox 16.0.2 (x86 de)
"MozillaMaintenanceService" = Mozilla Maintenance Service
"NVIDIA Drivers" = NVIDIA Drivers
"Office14.PROPLUS" = Microsoft Office Professional Plus 2010
"SopCast" = SopCast 3.5.0
"SynTPDeinstKey" = Synaptics Pointing Device Driver
"USB2.0 UVC 1.3M WebCam" = USB2.0 UVC 1.3M WebCam
"WinLiveSuite" = Windows Live Essentials
 
========== HKEY_CURRENT_USER Uninstall List ==========
 
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"Dropbox" = Dropbox
 
========== Last 20 Event Log Errors ==========
 
[ Application Events ]
Error - 29.10.2012 13:16:16 | Computer Name = ASUS | Source = WinMgmt | ID = 10
Description = 
 
Error - 31.10.2012 14:57:56 | Computer Name = ASUS | Source = WinMgmt | ID = 10
Description = 
 
Error - 08.11.2012 16:49:06 | Computer Name = ASUS | Source = Application Error | ID = 1000
Description = Fehlerhafte Anwendung iexplore.exe, Version 9.0.8112.16450, Zeitstempel
 0x503723f6, fehlerhaftes Modul unknown, Version 0.0.0.0, Zeitstempel 0x00000000,
 Ausnahmecode 0xc0000005, Fehleroffset 0x0de70c50,  Prozess-ID 0x1174, Anwendungsstartzeit
 01cdbdf1cabca8b0.
 
Error - 14.11.2012 15:43:53 | Computer Name = ASUS | Source = WinMgmt | ID = 10
Description = 
 
Error - 14.11.2012 15:49:28 | Computer Name = ASUS | Source = WinMgmt | ID = 10
Description = 
 
Error - 14.11.2012 15:57:19 | Computer Name = ASUS | Source = Application Error | ID = 1000
Description = Fehlerhafte Anwendung DllHost.exe, Version 6.0.6000.16386, Zeitstempel
 0x4549b14e, fehlerhaftes Modul ntdll.dll, Version 6.0.6002.18541, Zeitstempel 0x4ec3e3d5,
 Ausnahmecode 0xc0000005, Fehleroffset 0x000641f4,  Prozess-ID 0x1090, Anwendungsstartzeit
 01cdc2a240f7752e.
 
Error - 14.11.2012 16:20:33 | Computer Name = ASUS | Source = WinMgmt | ID = 10
Description = 
 
Error - 14.11.2012 17:33:47 | Computer Name = ASUS | Source = EventSystem | ID = 4609
Description = 
 
Error - 14.11.2012 17:34:37 | Computer Name = ASUS | Source = WinMgmt | ID = 10
Description = 
 
Error - 14.11.2012 17:37:40 | Computer Name = ASUS | Source = WinMgmt | ID = 10
Description = 
 
[ System Events ]
Error - 14.11.2012 17:38:13 | Computer Name = ASUS | Source = Microsoft-Windows-LanguagePackSetup | ID = 1001
Description = 
 
Error - 15.11.2012 13:13:31 | Computer Name = ASUS | Source = DCOM | ID = 10016
Description = 
 
Error - 15.11.2012 13:13:32 | Computer Name = ASUS | Source = DCOM | ID = 10016
Description = 
 
Error - 15.11.2012 13:13:45 | Computer Name = ASUS | Source = Microsoft-Windows-LanguagePackSetup | ID = 1001
Description = 
 
Error - 15.11.2012 13:26:05 | Computer Name = ASUS | Source = DCOM | ID = 10016
Description = 
 
Error - 15.11.2012 13:26:06 | Computer Name = ASUS | Source = DCOM | ID = 10016
Description = 
 
Error - 15.11.2012 13:27:13 | Computer Name = ASUS | Source = Microsoft-Windows-LanguagePackSetup | ID = 1001
Description = 
 
Error - 15.11.2012 14:08:57 | Computer Name = ASUS | Source = DCOM | ID = 10016
Description = 
 
Error - 15.11.2012 14:09:00 | Computer Name = ASUS | Source = DCOM | ID = 10016
Description = 
 
Error - 15.11.2012 14:10:12 | Computer Name = ASUS | Source = Microsoft-Windows-LanguagePackSetup | ID = 1001
Description = 
 
 
< End of report >
         
--- --- ---


OTL.TXTOTL Logfile:
Code:
ATTFilter
OTL logfile created on: 15.11.2012 19:44:01 - Run 1
OTL by OldTimer - Version 3.2.69.0     Folder = C:\Users\Matthias\Desktop\Downloads\Downloads
Windows Vista Home Premium Edition Service Pack 2 (Version = 6.0.6002) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
 
3,00 Gb Total Physical Memory | 1,75 Gb Available Physical Memory | 58,40% Memory free
6,20 Gb Paging File | 4,89 Gb Available in Paging File | 78,96% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 454,04 Gb Total Space | 309,37 Gb Free Space | 68,14% Space Free | Partition Type: NTFS
Drive D: | 6,07 Gb Total Space | 0,00 Gb Free Space | 0,00% Space Free | Partition Type: UDF
 
Computer Name: ASUS | User Name: Matthias | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Quick Scan
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days
 
========== Processes (SafeList) ==========
 
PRC - [2012.11.15 19:34:43 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\Matthias\Desktop\Downloads\Downloads\OTL.exe
PRC - [2012.10.28 13:12:36 | 000,917,984 | ---- | M] (Mozilla Corporation) -- C:\Program Files\Mozilla Firefox\firefox.exe
PRC - [2012.09.29 19:54:26 | 000,981,656 | ---- | M] (Malwarebytes Corporation) -- C:\Program Files\Malwarebytes' Anti-Malware\mbam.exe
PRC - [2012.09.25 11:00:45 | 000,084,256 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\Program Files\Avira\AntiVir Desktop\sched.exe
PRC - [2012.09.25 10:52:56 | 000,108,320 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\Program Files\Avira\AntiVir Desktop\avguard.exe
PRC - [2012.09.25 10:52:48 | 000,386,336 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\Program Files\Avira\AntiVir Desktop\avgnt.exe
PRC - [2012.09.19 19:20:40 | 000,079,136 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\Program Files\Avira\AntiVir Desktop\avshadow.exe
PRC - [2012.07.27 21:51:26 | 000,063,960 | ---- | M] (Adobe Systems Incorporated) -- C:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe
PRC - [2012.04.11 10:54:20 | 002,607,424 | ---- | M] (DT Soft Ltd) -- C:\Program Files\DAEMON Tools Lite\DTShellHlp.exe
PRC - [2011.09.23 17:37:42 | 000,641,832 | ---- | M] (Nero AG) -- C:\Program Files\Nero\Update\NASvc.exe
PRC - [2009.04.11 07:27:36 | 002,926,592 | ---- | M] (Microsoft Corporation) -- C:\Windows\explorer.exe
PRC - [2009.04.11 07:27:28 | 000,069,120 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\conime.exe
PRC - [2008.11.20 07:00:00 | 000,199,680 | ---- | M] (SEIKO EPSON CORPORATION) -- C:\Windows\System32\spool\drivers\w32x86\3\E_FATIFIE.EXE
PRC - [2008.07.29 16:34:34 | 001,845,800 | ---- | M] (Broadcom Corporation.) -- C:\Program Files\WIDCOMM\Bluetooth Software\BtStackServer.exe
PRC - [2008.07.29 16:34:34 | 000,752,168 | ---- | M] (Broadcom Corporation.) -- C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe
PRC - [2008.07.15 10:29:00 | 007,651,328 | ---- | M] (ASUS) -- C:\Program Files\ASUS\ATKOSD2\ATKOSD2.exe
PRC - [2008.07.15 10:22:46 | 000,217,088 | ---- | M] (ASUS) -- C:\Program Files\ASUS\ATK Hotkey\HControl.exe
PRC - [2008.07.09 16:09:26 | 000,191,032 | ---- | M] (ATK) -- C:\Program Files\P4G\BatteryLife.exe
PRC - [2008.06.23 19:16:24 | 002,482,176 | ---- | M] (ASUS) -- C:\Program Files\ASUS\ATK Hotkey\ATKOSD.exe
PRC - [2008.06.13 06:52:52 | 006,183,456 | ---- | M] (Realtek Semiconductor) -- C:\Windows\RtHDVCpl.exe
PRC - [2008.01.23 09:51:28 | 000,151,552 | ---- | M] () -- C:\Program Files\ASUS\ATK Hotkey\WDC.exe
PRC - [2008.01.11 21:40:10 | 000,098,304 | ---- | M] () -- C:\Program Files\ASUS\ATK Hotkey\HControlUser.exe
PRC - [2007.12.17 05:00:00 | 000,143,872 | ---- | M] (SEIKO EPSON CORPORATION) -- C:\ProgramData\EPSON\EPW!3 SSRP\E_S40ST7.EXE
PRC - [2007.11.30 10:20:44 | 000,051,768 | ---- | M] () -- C:\Program Files\ASUS\ASUS Live Update\ALU.exe
PRC - [2007.11.04 18:48:06 | 000,106,496 | ---- | M] () -- C:\Program Files\ASUS\ATK Hotkey\MsgTranAgt.exe
PRC - [2007.10.02 20:53:00 | 000,094,208 | ---- | M] () -- C:\Program Files\ASUS\ATK Hotkey\ASLDRSrv.exe
PRC - [2007.08.15 10:20:16 | 000,106,496 | ---- | M] () -- C:\Program Files\ASUS\ATK Hotkey\KBFiltr.exe
PRC - [2007.08.07 23:08:40 | 000,094,208 | ---- | M] () -- C:\Program Files\ATKGFNEX\GFNEXSrv.exe
PRC - [2007.07.05 15:53:44 | 001,040,384 | ---- | M] () -- C:\Program Files\Wireless Console 2\wcourier.exe
PRC - [2007.01.11 05:02:00 | 000,113,664 | ---- | M] (SEIKO EPSON CORPORATION) -- C:\ProgramData\EPSON\EPW!3 SSRP\E_S40RP7.EXE
 
 
========== Modules (No Company Name) ==========
 
MOD - [2012.10.28 13:12:36 | 002,295,264 | ---- | M] () -- C:\Program Files\Mozilla Firefox\mozjs.dll
MOD - [2011.03.16 23:11:16 | 004,297,568 | ---- | M] () -- C:\PROGRA~1\COMMON~1\MICROS~1\OFFICE14\Cultures\office.odf
MOD - [2008.07.29 16:27:20 | 000,126,976 | ---- | M] () -- C:\Program Files\WIDCOMM\Bluetooth Software\btkeyind.dll
MOD - [2008.01.11 21:40:10 | 000,098,304 | ---- | M] () -- C:\Program Files\ASUS\ATK Hotkey\HControlUser.exe
MOD - [2007.11.30 10:20:44 | 000,051,768 | ---- | M] () -- C:\Program Files\ASUS\ASUS Live Update\ALU.exe
MOD - [2007.11.12 14:41:50 | 000,106,496 | ---- | M] () -- C:\Program Files\ASUS\ATK Hotkey\MsgTran.dll
 
 
========== Services (SafeList) ==========
 
SRV - [2012.10.28 13:12:36 | 000,115,168 | ---- | M] (Mozilla Foundation) [On_Demand | Stopped] -- C:\Program Files\Mozilla Maintenance Service\maintenanceservice.exe -- (MozillaMaintenance)
SRV - [2012.10.11 18:20:21 | 000,250,808 | ---- | M] (Adobe Systems Incorporated) [On_Demand | Stopped] -- C:\Windows\System32\Macromed\Flash\FlashPlayerUpdateService.exe -- (AdobeFlashPlayerUpdateSvc)
SRV - [2012.09.25 11:00:45 | 000,084,256 | ---- | M] (Avira Operations GmbH & Co. KG) [Auto | Running] -- C:\Program Files\Avira\AntiVir Desktop\sched.exe -- (AntiVirSchedulerService)
SRV - [2012.09.25 10:52:56 | 000,108,320 | ---- | M] (Avira Operations GmbH & Co. KG) [Auto | Running] -- C:\Program Files\Avira\AntiVir Desktop\avguard.exe -- (AntiVirService)
SRV - [2012.09.20 13:28:48 | 030,785,672 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Program Files\Microsoft Office 2010\Office14\GROOVE.EXE -- (Microsoft SharePoint Workspace Audit Service)
SRV - [2012.07.27 21:51:26 | 000,063,960 | ---- | M] (Adobe Systems Incorporated) [Auto | Running] -- C:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe -- (AdobeARMservice)
SRV - [2011.09.23 17:37:42 | 000,641,832 | ---- | M] (Nero AG) [Auto | Running] -- C:\Program Files\Nero\Update\NASvc.exe -- (NAUpdate)
SRV - [2008.01.21 03:23:32 | 000,272,952 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Program Files\Windows Defender\mpsvc.dll -- (WinDefend)
SRV - [2007.12.17 05:00:00 | 000,143,872 | ---- | M] (SEIKO EPSON CORPORATION) [Auto | Running] -- C:\ProgramData\EPSON\EPW!3 SSRP\E_S40ST7.EXE -- (EPSON_EB_RPCV4_01)
SRV - [2007.10.02 20:53:00 | 000,094,208 | ---- | M] () [Auto | Running] -- C:\Program Files\ASUS\ATK Hotkey\ASLDRSrv.exe -- (ASLDRService)
SRV - [2007.08.07 23:08:40 | 000,094,208 | ---- | M] () [Auto | Running] -- C:\Program Files\ATKGFNEX\GFNEXSrv.exe -- (ATKGFNEXSrv)
SRV - [2007.01.11 05:02:00 | 000,113,664 | ---- | M] (SEIKO EPSON CORPORATION) [Auto | Running] -- C:\ProgramData\EPSON\EPW!3 SSRP\E_S40RP7.EXE -- (EPSON_PM_RPCV4_01)
 
 
========== Driver Services (SafeList) ==========
 
DRV - File not found [Kernel | On_Demand | Stopped] -- system32\DRIVERS\nwlnkfwd.sys -- (NwlnkFwd)
DRV - File not found [Kernel | On_Demand | Stopped] -- system32\DRIVERS\nwlnkflt.sys -- (NwlnkFlt)
DRV - File not found [Kernel | On_Demand | Stopped] -- system32\DRIVERS\ipinip.sys -- (IpInIp)
DRV - File not found [Kernel | On_Demand | Stopped] -- D:\I386\AsProcOb.sys -- (ASUSProcObsrv)
DRV - [2012.11.15 19:15:40 | 000,040,776 | ---- | M] (Malwarebytes Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\mbamswissarmy.sys -- (MBAMSwissArmy)
DRV - [2012.10.01 17:14:23 | 000,134,184 | ---- | M] (Avira Operations GmbH & Co. KG) [Kernel | System | Running] -- C:\Windows\System32\drivers\avipbb.sys -- (avipbb)
DRV - [2012.09.24 09:58:11 | 000,036,552 | ---- | M] (Avira Operations GmbH & Co. KG) [Kernel | System | Running] -- C:\Windows\System32\drivers\avkmgr.sys -- (avkmgr)
DRV - [2012.09.13 10:58:17 | 000,083,792 | ---- | M] (Avira Operations GmbH & Co. KG) [File_System | Auto | Running] -- C:\Windows\System32\drivers\avgntflt.sys -- (avgntflt)
DRV - [2012.08.27 15:50:24 | 000,028,520 | ---- | M] (Avira GmbH) [Kernel | System | Running] -- C:\Windows\System32\drivers\ssmdrv.sys -- (ssmdrv)
DRV - [2012.05.01 17:57:01 | 000,242,240 | ---- | M] (DT Soft Ltd) [Kernel | System | Running] -- C:\Windows\System32\drivers\dtsoftbus01.sys -- (dtsoftbus01)
DRV - [2011.07.13 12:39:10 | 000,056,496 | ---- | M] (Nero AG) [Kernel | Boot | Running] -- C:\Windows\System32\drivers\NBVol.sys -- (NBVol)
DRV - [2011.07.13 12:39:10 | 000,012,464 | ---- | M] (Nero AG) [Kernel | Boot | Running] -- C:\Windows\System32\drivers\NBVolUp.sys -- (NBVolUp)
DRV - [2011.06.02 06:47:22 | 000,136,808 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\ssadmdm.sys -- (ssadmdm)
DRV - [2011.06.02 06:47:22 | 000,121,064 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\ssadbus.sys -- (ssadbus)
DRV - [2011.06.02 06:47:22 | 000,012,776 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\ssadmdfl.sys -- (ssadmdfl)
DRV - [2009.05.28 21:41:28 | 004,233,728 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\NETw5v32.sys -- (NETw5v32)
DRV - [2009.04.11 06:06:26 | 000,019,968 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\WSDScan.sys -- (WSDScan)
DRV - [2008.07.25 09:31:00 | 007,547,552 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\nvlddmkm.sys -- (nvlddmkm)
DRV - [2008.06.25 06:05:06 | 000,044,064 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\nvhda32v.sys -- (NVHDA)
DRV - [2008.06.24 14:55:12 | 000,047,104 | ---- | M] (REDC) [Kernel | Auto | Running] -- C:\Windows\System32\drivers\rimmptsk.sys -- (rimmptsk)
DRV - [2008.06.03 22:41:52 | 000,015,928 | ---- | M] ( ) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\kbfiltr.sys -- (kbfiltr)
DRV - [2008.05.13 07:35:24 | 001,772,544 | ---- | M] () [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\snp2uvc.sys -- (SNP2UVC)
DRV - [2008.02.14 22:56:02 | 000,118,784 | ---- | M] (Realtek Corporation                                            ) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\Rtlh86.sys -- (RTL8169)
DRV - [2008.01.21 03:23:21 | 000,016,896 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\WSDPrint.sys -- (WSDPrintDevice)
DRV - [2007.12.18 16:12:12 | 000,054,784 | ---- | M] (ITE Tech. Inc. ) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\itecir.sys -- (itecir)
DRV - [2007.07.30 10:54:02 | 000,038,400 | ---- | M] (REDC) [Kernel | Auto | Running] -- C:\Windows\System32\drivers\rixdptsk.sys -- (rismxdp)
DRV - [2007.07.30 09:42:58 | 000,043,008 | ---- | M] (REDC) [Kernel | Auto | Running] -- C:\Windows\System32\drivers\rimsptsk.sys -- (rimsptsk)
DRV - [2007.07.24 10:09:04 | 000,013,880 | ---- | M] () [Kernel | Auto | Running] -- C:\Program Files\ATKGFNEX\ASMMAP.sys -- (ASMMAP)
DRV - [2006.12.14 23:11:58 | 000,007,680 | ---- | M] (ATK0100) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\ATKACPI.sys -- (MTsensor)
DRV - [2006.11.02 08:41:49 | 001,010,560 | ---- | M] (Motorola Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\smserial.sys -- (smserial)
 
 
========== Standard Registry (SafeList) ==========
 
 
========== Internet Explorer ==========
 
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://www.asus.com
IE - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&FORM=IE8SRC
 
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://www.asus.com
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.asus.com/
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,StartPageCache = 1
IE - HKCU\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE - HKCU\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&src=IE-SearchBox&FORM=IE8SRC
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
 
========== FireFox ==========
 
FF - prefs.js..browser.search.update: false
FF - prefs.js..browser.search.useDBForOrder: true
FF - prefs.js..extensions.enabledAddons: DivXWebPlayer@divx.com:2.0.2.039
FF - prefs.js..extensions.enabledAddons: {b9db16a4-6edc-47ec-a1f4-b86292ed211d}:4.9.11
FF - prefs.js..extensions.enabledAddons: toolbar@web.de:2.3.3
FF - prefs.js..extensions.enabledAddons: {33044118-6597-4D2F-ABEA-7974BB185379}:1.0
FF - user.js - File not found
 
FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF32_11_4_402_287.dll ()
FF - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=10.7.2: C:\Windows\system32\npDeployJava1.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin,version=10.7.2: C:\Program Files\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files\Microsoft Silverlight\5.1.10411.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeAuthz,version=14.0: C:\PROGRA~1\MICROS~3\Office14\NPAUTHZ.DLL (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeLive,version=1.5: C:\Program Files\Microsoft\Office Live\npOLW.dll (Microsoft Corp.)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/SharePoint,version=14.0: C:\PROGRA~1\MICROS~3\Office14\NPSPWRAP.DLL (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WPF,version=3.5: c:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@Nero.com/KM: C:\PROGRA~1\COMMON~1\Nero\BROWSE~1\NPBROW~1.DLL (Nero AG)
FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
 
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 16.0.2\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2012.10.28 13:12:36 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 16.0.2\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins
FF - HKEY_CURRENT_USER\software\mozilla\Firefox\extensions\\{33044118-6597-4D2F-ABEA-7974BB185379}: C:\Users\Matthias\AppData\Roaming\16001.010 [2012.11.15 17:58:01 | 000,000,000 | ---D | M]
FF - HKEY_CURRENT_USER\software\mozilla\Mozilla Firefox 16.0.2\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2012.10.28 13:12:36 | 000,000,000 | ---D | M]
FF - HKEY_CURRENT_USER\software\mozilla\Mozilla Firefox 16.0.2\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins
 
[2012.04.29 10:44:22 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Matthias\AppData\Roaming\mozilla\Extensions
[2012.11.14 20:42:58 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Matthias\AppData\Roaming\mozilla\Firefox\Profiles\8wrvuf1v.default\extensions
[2012.10.31 22:38:20 | 000,000,000 | ---D | M] (DownloadHelper) -- C:\Users\Matthias\AppData\Roaming\mozilla\Firefox\Profiles\8wrvuf1v.default\extensions\{b9db16a4-6edc-47ec-a1f4-b86292ed211d}
[2012.09.22 17:34:55 | 000,550,833 | ---- | M] () (No name found) -- C:\Users\Matthias\AppData\Roaming\mozilla\firefox\profiles\8wrvuf1v.default\extensions\DivXWebPlayer@divx.com.xpi
[2012.11.14 20:42:58 | 000,565,762 | ---- | M] () (No name found) -- C:\Users\Matthias\AppData\Roaming\mozilla\firefox\profiles\8wrvuf1v.default\extensions\toolbar@web.de.xpi
[2012.07.27 16:27:22 | 000,741,958 | ---- | M] () (No name found) -- C:\Users\Matthias\AppData\Roaming\mozilla\firefox\profiles\8wrvuf1v.default\extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}.xpi
[2012.11.14 20:43:05 | 000,000,911 | ---- | M] () -- C:\Users\Matthias\AppData\Roaming\mozilla\firefox\profiles\8wrvuf1v.default\searchplugins\11-suche.xml
[2012.11.14 20:43:05 | 000,002,273 | ---- | M] () -- C:\Users\Matthias\AppData\Roaming\mozilla\firefox\profiles\8wrvuf1v.default\searchplugins\englische-ergebnisse.xml
[2012.11.14 20:43:05 | 000,010,563 | ---- | M] () -- C:\Users\Matthias\AppData\Roaming\mozilla\firefox\profiles\8wrvuf1v.default\searchplugins\gmx-suche.xml
[2012.11.14 20:43:05 | 000,002,432 | ---- | M] () -- C:\Users\Matthias\AppData\Roaming\mozilla\firefox\profiles\8wrvuf1v.default\searchplugins\lastminute.xml
[2012.11.14 20:43:05 | 000,005,545 | ---- | M] () -- C:\Users\Matthias\AppData\Roaming\mozilla\firefox\profiles\8wrvuf1v.default\searchplugins\webde-suche.xml
[2012.10.28 13:12:33 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files\mozilla firefox\extensions
[2012.11.15 17:58:01 | 000,000,000 | ---D | M] (Java Link Helper) -- C:\USERS\MATTHIAS\APPDATA\ROAMING\16001.010
[2012.10.28 13:12:36 | 000,261,600 | ---- | M] (Mozilla Foundation) -- C:\Program Files\mozilla firefox\components\browsercomps.dll
[2012.04.21 02:54:08 | 000,001,392 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\amazondotcom-de.xml
[2012.09.28 10:33:05 | 000,002,465 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\bing.xml
[2012.04.21 02:54:08 | 000,001,153 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\eBay-de.xml
[2012.04.21 02:54:08 | 000,006,805 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\leo_ende_de.xml
[2012.04.21 02:54:08 | 000,001,178 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\wikipedia-de.xml
[2012.04.21 02:54:08 | 000,001,105 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\yahoo-de.xml
 
O1 HOSTS File: ([2006.09.18 22:41:30 | 000,000,761 | ---- | M]) - C:\Windows\System32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1       localhost
O1 - Hosts: ::1             localhost
O2 - BHO: (Groove GFS Browser Helper) - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\PROGRA~1\MICROS~3\Office14\GROOVEEX.DLL (Microsoft Corporation)
O2 - BHO: (Java(tm) Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre7\bin\ssv.dll (Oracle Corporation)
O2 - BHO: (Office Document Cache Handler) - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\PROGRA~1\MICROS~3\Office14\URLREDIR.DLL (Microsoft Corporation)
O2 - BHO: (Java(tm) Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
O4 - HKLM..\Run: [ATKOSD2] C:\Program Files\ASUS\ATKOSD2\ATKOSD2.exe (ASUS)
O4 - HKLM..\Run: [avgnt] C:\Program Files\Avira\AntiVir Desktop\avgnt.exe (Avira Operations GmbH & Co. KG)
O4 - HKLM..\Run: [HControlUser] C:\Program Files\ASUS\ATK Hotkey\HControlUser.exe ()
O4 - HKLM..\Run: [NBAgent] C:\Program Files\Nero\Nero 11\Nero BackItUp\NBAgent.exe (Nero AG)
O4 - HKLM..\Run: [NvCplDaemon] C:\Windows\System32\NvCpl.dll (NVIDIA Corporation)
O4 - HKLM..\Run: [NvMediaCenter] C:\Windows\System32\NvMcTray.dll (NVIDIA Corporation)
O4 - HKLM..\Run: [RtHDVCpl] C:\Windows\RtHDVCpl.exe (Realtek Semiconductor)
O4 - HKLM..\Run: [Windows Defender] C:\Program Files\Windows Defender\MSASCui.exe (Microsoft Corporation)
O4 - HKCU..\Run: [EPSON] C:\Windows\System32\spool\DRIVERS\W32X86\3\E_FATIFIE.EXE (SEIKO EPSON CORPORATION)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableLinkedConnections = 1
O8 - Extra context menu item: Nach Microsoft E&xcel exportieren - res://C:\PROGRA~1\MICROS~3\Office14\EXCEL.EXE/3000 File not found
O9 - Extra Button: ICQ7.7 - {77F665FD-3F60-4B0A-AE14-EC124B7A7FCE} - C:\Program Files\ICQ7.7\ICQ.exe (ICQ, LLC.)
O9 - Extra 'Tools' menuitem : ICQ7.7 - {77F665FD-3F60-4B0A-AE14-EC124B7A7FCE} - C:\Program Files\ICQ7.7\ICQ.exe (ICQ, LLC.)
O9 - Extra Button: Recherchieren - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL File not found
O13 - gopher Prefix: missing
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab (Reg Error: Value error.)
O16 - DPF: {CAFEEFAC-0016-0000-0031-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab (Java Plug-in 1.6.0_31)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab (Java Plug-in 10.7.2)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{9215ADB6-5E01-4E39-A131-6199B19897DE}: DhcpNameServer = 192.168.1.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{BF83EC1F-8E10-4E5C-9187-E3EACC26DD97}: DhcpNameServer = 192.168.1.1
O18 - Protocol\Handler\mso-offdap11 {32505114-5902-49B2-880A-1F7738E5A384} - C:\PROGRA~1\COMMON~1\MICROS~1\WEBCOM~1\11\OWC11.DLL (Microsoft Corporation)
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\System32\userinit.exe (Microsoft Corporation)
O24 - Desktop WallPaper: C:\Windows\ASUS\wallpapers\ASUS.jpg
O24 - Desktop BackupWallPaper: C:\Windows\ASUS\wallpapers\ASUS.jpg
O28 - HKLM ShellExecuteHooks: {B5A7F190-DDA6-4420-B3BA-52453494E6CD} - C:\PROGRA~1\MICROS~3\Office14\GROOVEEX.DLL (Microsoft Corporation)
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2006.09.18 22:43:36 | 000,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ]
O32 - AutoRun File - [2012.08.13 19:01:35 | 000,348,080 | R--- | M] (Konami Digital Entertainment Co., Ltd.) - D:\autorun.exe -- [ UDF ]
O32 - AutoRun File - [2012.08.13 19:01:35 | 000,000,047 | R--- | M] () - D:\Autorun.inf -- [ UDF ]
O33 - MountPoints2\{7bc36753-90c2-11e1-8dad-806e6f6e6963}\Shell - "" = AutoRun
O33 - MountPoints2\{7bc36753-90c2-11e1-8dad-806e6f6e6963}\Shell\AutoRun\command - "" = D:\autorun.exe -- [2012.08.13 19:01:35 | 000,348,080 | R--- | M] (Konami Digital Entertainment Co., Ltd.)
O33 - MountPoints2\{a317bcb1-9380-11e1-966e-002243a2dc1e}\Shell - "" = AutoRun
O33 - MountPoints2\{a317bcb1-9380-11e1-966e-002243a2dc1e}\Shell\AutoRun\command - "" = E:\SETUP.EXE
O33 - MountPoints2\{a317bcb1-9380-11e1-966e-002243a2dc1e}\Shell\configure\command - "" = E:\SETUP.EXE
O33 - MountPoints2\{a317bcb1-9380-11e1-966e-002243a2dc1e}\Shell\install\command - "" = E:\SETUP.EXE
O34 - HKLM BootExecute: (autocheck autochk *)
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)
 
========== Files/Folders - Created Within 30 Days ==========
 
[2012.11.15 19:15:40 | 000,040,776 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbamswissarmy.sys
[2012.11.15 18:39:53 | 000,000,000 | ---D | C] -- C:\Users\Matthias\AppData\Roaming\Malwarebytes
[2012.11.15 18:39:40 | 000,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes
[2012.11.15 18:39:38 | 000,022,856 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbam.sys
[2012.11.15 18:39:37 | 000,000,000 | ---D | C] -- C:\Program Files\Malwarebytes' Anti-Malware
[2012.11.15 18:30:48 | 000,000,000 | ---D | C] -- C:\Users\Matthias\AppData\Roaming\Avira
[2012.11.15 18:14:20 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Avira
[2012.11.15 18:14:12 | 000,134,184 | ---- | C] (Avira Operations GmbH & Co. KG) -- C:\Windows\System32\drivers\avipbb.sys
[2012.11.15 18:14:12 | 000,083,792 | ---- | C] (Avira Operations GmbH & Co. KG) -- C:\Windows\System32\drivers\avgntflt.sys
[2012.11.15 18:14:12 | 000,036,552 | ---- | C] (Avira Operations GmbH & Co. KG) -- C:\Windows\System32\drivers\avkmgr.sys
[2012.11.15 18:14:12 | 000,028,520 | ---- | C] (Avira GmbH) -- C:\Windows\System32\drivers\ssmdrv.sys
[2012.11.15 18:14:03 | 000,000,000 | ---D | C] -- C:\ProgramData\Avira
[2012.11.15 18:14:03 | 000,000,000 | ---D | C] -- C:\Program Files\Avira
[2012.11.15 17:58:01 | 000,000,000 | ---D | C] -- C:\Users\Matthias\AppData\Roaming\16001.010
[2012.11.14 22:28:16 | 000,000,000 | ---D | C] -- C:\ProgramData\qlquqeaxzjyjgnv
[2012.11.12 00:53:03 | 000,000,000 | ---D | C] -- C:\Users\Matthias\AppData\Roaming\UAs
[2012.11.09 15:39:54 | 000,000,000 | ---D | C] -- C:\Users\Matthias\AppData\Roaming\16001.009
[2012.11.09 15:39:31 | 000,000,000 | ---D | C] -- C:\Users\Matthias\AppData\Roaming\xmldm
[2012.11.09 15:39:25 | 000,000,000 | ---D | C] -- C:\Users\Matthias\AppData\Roaming\kock
[2012.11.04 23:06:18 | 000,000,000 | ---D | C] -- C:\Users\Matthias\Documents\My Digital Editions
[2012.11.04 22:54:03 | 000,000,000 | ---D | C] -- C:\Program Files\WEB.DE MailCheck
[2012.11.01 17:21:50 | 000,000,000 | ---D | C] -- C:\Users\Matthias\AppData\Local\{D189FE92-C8F3-4072-8A9F-92BD6EA1CBD6}
[2012.10.31 23:29:42 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\7-Zip
[2012.10.31 23:29:42 | 000,000,000 | ---D | C] -- C:\Program Files\7-Zip
[2012.10.29 18:17:17 | 000,000,000 | ---D | C] -- C:\Users\Matthias\AppData\Local\{972C01DF-9F01-4A56-A85B-6BDE1BBC6043}
[2012.10.28 21:54:01 | 000,000,000 | ---D | C] -- C:\Users\Matthias\AppData\Local\{542AE0FF-F127-43E8-9153-C0F5F62DA466}
[2012.10.28 14:08:35 | 000,000,000 | ---D | C] -- C:\Users\Matthias\AppData\Roaming\Media Player Classic
[2012.10.28 14:07:44 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\MPC-HC
[2012.10.28 14:07:43 | 000,000,000 | ---D | C] -- C:\Program Files\MPC-HC
[2012.10.28 13:12:33 | 000,000,000 | ---D | C] -- C:\Program Files\Mozilla Firefox
[2012.10.27 19:06:12 | 000,000,000 | ---D | C] -- C:\Users\Matthias\AppData\Local\{E94F5910-A87C-41EB-A181-8D35A4406D29}
[2012.10.27 13:51:15 | 000,000,000 | ---D | C] -- C:\Users\Matthias\dwhelper
[2012.10.25 21:48:45 | 000,000,000 | ---D | C] -- C:\Users\Matthias\AppData\Local\{7FE135B6-DB31-44A3-9037-3B73CBD0E488}
[2012.10.19 19:13:18 | 000,000,000 | ---D | C] -- C:\Users\Matthias\AppData\Local\{4619A3EB-725F-4A20-9130-858A91EC08CE}
[2 C:\Users\Matthias\AppData\Roaming\*.tmp files -> C:\Users\Matthias\AppData\Roaming\*.tmp -> ]
 
========== Files - Modified Within 30 Days ==========
 
[2012.11.15 19:33:55 | 000,000,000 | ---- | M] () -- C:\Users\Matthias\defogger_reenable
[2012.11.15 19:20:15 | 000,000,884 | ---- | M] () -- C:\Windows\tasks\Adobe Flash Player Updater.job
[2012.11.15 19:15:40 | 000,040,776 | ---- | M] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbamswissarmy.sys
[2012.11.15 19:14:11 | 000,628,742 | ---- | M] () -- C:\Windows\System32\perfh007.dat
[2012.11.15 19:14:11 | 000,595,996 | ---- | M] () -- C:\Windows\System32\perfh009.dat
[2012.11.15 19:14:11 | 000,126,454 | ---- | M] () -- C:\Windows\System32\perfc007.dat
[2012.11.15 19:14:11 | 000,104,070 | ---- | M] () -- C:\Windows\System32\perfc009.dat
[2012.11.15 19:08:40 | 000,028,124 | ---- | M] () -- C:\ProgramData\nvModes.001
[2012.11.15 19:07:57 | 000,003,616 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0
[2012.11.15 19:07:57 | 000,003,616 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0
[2012.11.15 19:07:54 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2012.11.15 19:07:46 | 3220,295,680 | -HS- | M] () -- C:\hiberfil.sys
[2012.11.15 19:00:45 | 000,001,076 | ---- | M] () -- C:\Windows\bthservsdp.dat
[2012.11.15 18:39:41 | 000,000,913 | ---- | M] () -- C:\Users\Public\Desktop\ Malwarebytes Anti-Malware .lnk
[2012.11.15 18:28:29 | 000,000,016 | ---- | M] () -- C:\Users\Matthias\AppData\Roaming\blckdom.res
[2012.11.15 18:20:52 | 000,065,536 | ---- | M] () -- C:\Users\Matthias\AppData\Roaming\8wrvuf1v.default.dat
[2012.11.15 18:14:20 | 000,001,854 | ---- | M] () -- C:\Users\Public\Desktop\Avira Control Center.lnk
[2012.11.14 22:28:16 | 000,076,348 | ---- | M] () -- C:\ProgramData\xlyzzfsifuliryl
[2012.11.14 21:45:09 | 000,028,124 | ---- | M] () -- C:\ProgramData\nvModes.dat
[2012.11.14 21:20:03 | 000,251,008 | ---- | M] () -- C:\Windows\System32\FNTCACHE.DAT
[2012.11.14 16:25:46 | 000,000,680 | ---- | M] () -- C:\Users\Matthias\AppData\Local\d3d9caps.dat
[2012.10.28 14:07:45 | 000,001,677 | ---- | M] () -- C:\Users\Matthias\Desktop\MPC-HC.lnk
[2 C:\Users\Matthias\AppData\Roaming\*.tmp files -> C:\Users\Matthias\AppData\Roaming\*.tmp -> ]
 
========== Files Created - No Company Name ==========
 
[2012.11.15 19:33:55 | 000,000,000 | ---- | C] () -- C:\Users\Matthias\defogger_reenable
[2012.11.15 18:39:41 | 000,000,913 | ---- | C] () -- C:\Users\Public\Desktop\ Malwarebytes Anti-Malware .lnk
[2012.11.15 18:14:20 | 000,001,854 | ---- | C] () -- C:\Users\Public\Desktop\Avira Control Center.lnk
[2012.11.14 22:35:59 | 3220,295,680 | -HS- | C] () -- C:\hiberfil.sys
[2012.11.14 22:28:13 | 000,076,348 | ---- | C] () -- C:\ProgramData\xlyzzfsifuliryl
[2012.11.09 15:39:43 | 000,000,016 | ---- | C] () -- C:\Users\Matthias\AppData\Roaming\blckdom.res
[2012.11.09 15:39:35 | 000,065,536 | ---- | C] () -- C:\Users\Matthias\AppData\Roaming\8wrvuf1v.default.dat
[2012.10.28 14:07:45 | 000,001,677 | ---- | C] () -- C:\Users\Matthias\Desktop\MPC-HC.lnk
[2012.09.05 19:44:39 | 000,004,608 | ---- | C] () -- C:\Users\Matthias\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2012.05.01 19:00:04 | 000,000,400 | ---- | C] () -- C:\Windows\ODBC.INI
[2012.05.01 11:58:43 | 000,117,248 | ---- | C] () -- C:\Windows\System32\EhStorAuthn.dll
[2012.05.01 11:58:43 | 000,107,612 | ---- | C] () -- C:\Windows\System32\StructuredQuerySchema.bin
[2012.04.28 15:48:15 | 000,028,124 | ---- | C] () -- C:\ProgramData\nvModes.001
[2012.04.28 15:41:42 | 000,028,124 | ---- | C] () -- C:\ProgramData\nvModes.dat
[2012.04.28 08:48:22 | 000,018,904 | ---- | C] () -- C:\Windows\System32\StructuredQuerySchemaTrivial.bin
[2012.04.28 01:05:46 | 000,015,928 | ---- | C] ( ) -- C:\Windows\System32\drivers\kbfiltr.sys
[2012.04.28 00:19:37 | 000,001,076 | ---- | C] () -- C:\Windows\bthservsdp.dat
[2012.04.27 21:48:05 | 001,060,424 | ---- | C] () -- C:\Windows\System32\WdfCoInstaller01000.dll
[2012.04.27 21:32:23 | 001,772,544 | ---- | C] () -- C:\Windows\System32\drivers\snp2uvc.sys
[2012.04.27 21:32:23 | 000,176,128 | ---- | C] ( ) -- C:\Windows\System32\csnp2uvc.dll
[2012.04.27 21:32:23 | 000,028,160 | ---- | C] () -- C:\Windows\System32\drivers\sncduvc.sys
[2012.04.27 21:32:23 | 000,015,497 | ---- | C] () -- C:\Windows\snp2uvc.ini
[2012.04.27 15:47:06 | 000,000,680 | ---- | C] () -- C:\Users\Matthias\AppData\Local\d3d9caps.dat
[2012.03.28 21:11:08 | 000,030,568 | ---- | C] () -- C:\Windows\MusiccityDownload.exe
[2012.03.28 21:11:06 | 000,974,848 | ---- | C] () -- C:\Windows\System32\cis-2.4.dll
[2012.03.28 21:11:06 | 000,081,920 | ---- | C] () -- C:\Windows\System32\issacapi_bs-2.3.dll
[2012.03.28 21:11:06 | 000,065,536 | ---- | C] () -- C:\Windows\System32\issacapi_pe-2.3.dll
[2012.03.28 21:11:06 | 000,057,344 | ---- | C] () -- C:\Windows\System32\issacapi_se-2.3.dll
 
========== ZeroAccess Check ==========
 
[2006.11.02 13:54:22 | 000,000,227 | RHS- | M] () -- C:\Windows\assembly\Desktop.ini
 
[HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
 
[HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32]
 
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
"" = %SystemRoot%\system32\shell32.dll -- [2012.06.08 18:47:00 | 011,586,048 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment
 
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32]
"" = %systemroot%\system32\wbem\fastprox.dll -- [2009.04.11 07:28:19 | 000,614,912 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free
 
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32]
"" = %systemroot%\system32\wbem\wbemess.dll -- [2009.04.11 07:28:25 | 000,347,648 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Both
 
========== LOP Check ==========
 
[2012.11.09 15:39:55 | 000,000,000 | ---D | M] -- C:\Users\Matthias\AppData\Roaming\16001.009
[2012.11.15 17:58:01 | 000,000,000 | ---D | M] -- C:\Users\Matthias\AppData\Roaming\16001.010
[2012.05.01 18:38:06 | 000,000,000 | ---D | M] -- C:\Users\Matthias\AppData\Roaming\DAEMON Tools Lite
[2012.11.14 20:43:57 | 000,000,000 | ---D | M] -- C:\Users\Matthias\AppData\Roaming\Dropbox
[2012.11.04 23:12:55 | 000,000,000 | ---D | M] -- C:\Users\Matthias\AppData\Roaming\ICQ
[2012.11.09 15:39:25 | 000,000,000 | ---D | M] -- C:\Users\Matthias\AppData\Roaming\kock
[2012.09.24 18:47:11 | 000,000,000 | ---D | M] -- C:\Users\Matthias\AppData\Roaming\Samsung
[2012.11.12 01:33:43 | 000,000,000 | ---D | M] -- C:\Users\Matthias\AppData\Roaming\UAs
[2012.11.15 18:28:30 | 000,000,000 | ---D | M] -- C:\Users\Matthias\AppData\Roaming\xmldm
 
========== Purity Check ==========
 
 

< End of report >
         
--- --- ---



LEIDER FUNKTIONIERT BEI MIR GMER nicht. Aufgrund eines Problems muss das Programm abgebrochen werden. Woran könnte das liegen?

Vielen Dank für den Support!

Geändert von fandingo (15.11.2012 um 20:43 Uhr)

Alt 15.11.2012, 21:51   #2
fandingo
 
TR/Spy.Banker.Gen8 - Standard

TR/Spy.Banker.Gen8



Hat nun doch geklappt ... die GMER als gepackte Datei
__________________


Alt 18.11.2012, 23:09   #3
cosinus
/// Winkelfunktion
/// TB-Süch-Tiger™
 
TR/Spy.Banker.Gen8 - Standard

TR/Spy.Banker.Gen8



Hallo und

Bevor wir uns an die Arbeit machen, möchte ich dich bitten, folgende Punkte vollständig und aufmerksam zu lesen.
  • Lies dir meine Anleitungen, die ich im Laufe dieses Strangs hier posten werde, aufmerksam durch. Frag umgehend nach, wenn dir irgendetwas unklar sein sollte, bevor du anfängst meine Anleitungen umzusetzen.

  • Solltest du bei einem Schritt Probleme haben, stoppe dort und beschreib mir das Problem so gut du kannst. Manchmal erfordert ein Schritt den vorhergehenden.

  • Bitte nur Scans durchführen zu denen du von einem Helfer aufgefordert wurdest! Installiere / Deinstalliere keine Software ohne Aufforderung!

  • Poste die Logfiles direkt in deinen Thread (bitte in CODE-Tags) und nicht als Anhang, ausser du wurdest dazu aufgefordert. Logs in Anhängen erschweren mir das Auswerten!

  • Beachte bitte auch => Löschen von Logfiles und andere Anfragen

Note:
Sollte ich drei Tage nichts von mir hören lassen, so melde dich bitte in diesem Strang => Erinnerung an meinem Thread.
Nervige "Wann geht es weiter" Nachrichten enden mit Schließung deines Themas. Auch ich habe ein Leben abseits des Trojaner-Boards.


Zitat:
Mittels Malwarebytes habe ich die Trojaner wie empfohlen bereits in den Quarantäne Ordner verschoben.
Schön und wo sind die Logs dazu?

Solche Angaben reichen nicht, bitte poste die vollständigen Angaben/Logs der Virenscanner siehe http://www.trojaner-board.de/125889-...tml#post941520


Bitte alles nach Möglichkeit hier in CODE-Tags posten.

Wird so gemacht:

[code] hier steht das Log [/code]

Und das ganze sieht dann so aus:

Code:
ATTFilter
 hier steht das Log
         
__________________
__________________

Alt 18.11.2012, 23:34   #4
fandingo
 
TR/Spy.Banker.Gen8 - Standard

TR/Spy.Banker.Gen8



Code:
ATTFilter
 Malwarebytes Anti-Malware 1.65.1.1000
www.malwarebytes.org

Datenbank Version: v2012.11.15.07

Windows Vista Service Pack 2 x86 NTFS
Internet Explorer 9.0.8112.16421
Matthias :: ASUS [Administrator]

15.11.2012 18:41:18
mbam-log-2012-11-15 (18-41-18).txt

Art des Suchlaufs: Quick-Scan
Aktivierte Suchlaufeinstellungen: Speicher | Autostart | Registrierung | Dateisystem | Heuristiks/Extra | HeuristiKs/Shuriken | PUP | PUM
Deaktivierte Suchlaufeinstellungen: P2P
Durchsuchte Objekte: 192773
Laufzeit: 16 Minute(n), 47 Sekunde(n)

Infizierte Speicherprozesse: 0
(Keine bösartigen Objekte gefunden)

Infizierte Speichermodule: 0
(Keine bösartigen Objekte gefunden)

Infizierte Registrierungsschlüssel: 4
HKCR\CLSID\{C0F1636E-13A8-4C84-BB11-774BE45E1F83} (Trojan.Banker) -> Erfolgreich gelöscht und in Quarantäne gestellt.
HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{C0F1636E-13A8-4C84-BB11-774BE45E1F83} (Trojan.Banker) -> Erfolgreich gelöscht und in Quarantäne gestellt.
HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Settings\{C0F1636E-13A8-4C84-BB11-774BE45E1F83} (Trojan.Banker) -> Erfolgreich gelöscht und in Quarantäne gestellt.
HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{C0F1636E-13A8-4C84-BB11-774BE45E1F83} (Trojan.Banker) -> Erfolgreich gelöscht und in Quarantäne gestellt.

Infizierte Registrierungswerte: 1
HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Run|Userinit (Backdoor.Agent) -> Daten: C:\Users\Matthias\AppData\Roaming\appConf32.exe -> Erfolgreich gelöscht und in Quarantäne gestellt.

Infizierte Dateiobjekte der Registrierung: 0
(Keine bösartigen Objekte gefunden)

Infizierte Verzeichnisse: 0
(Keine bösartigen Objekte gefunden)

Infizierte Dateien: 2
C:\Users\Matthias\AppData\Roaming\AcroIEHelpe231.dll (Trojan.Banker) -> Erfolgreich gelöscht und in Quarantäne gestellt.
C:\Users\Matthias\AppData\Roaming\appConf32.exe (Backdoor.Agent) -> Löschen bei Neustart.

(Ende)
         
Hier mal auch noch von AVIRA. Der Trojaner wurde in 33 min. 6 mal gefunden. Habe nur das letzte log kopiert.

Code:
ATTFilter
 Avira Free Antivirus
Erstellungsdatum der Reportdatei: Donnerstag, 15. November 2012  18:54


Das Programm läuft als uneingeschränkte Vollversion.
Online-Dienste stehen zur Verfügung.

Lizenznehmer   : Avira Free Antivirus
Seriennummer   : 0000149996-ADJIE-0000001
Plattform      : Windows Vista (TM) Home Premium
Windowsversion : (Service Pack 2)  [6.0.6002]
Boot Modus     : Normal gebootet
Benutzername   : SYSTEM
Computername   : ASUS

Versionsinformationen:
BUILD.DAT      : 13.0.0.2693    48279 Bytes  01.10.2012 17:25:00
AVSCAN.EXE     : 13.4.0.200    625952 Bytes  01.10.2012 14:15:49
AVSCANRC.DLL   : 13.4.0.163     64800 Bytes  19.09.2012 18:20:53
LUKE.DLL       : 13.4.0.184     66848 Bytes  25.09.2012 10:00:15
AVSCPLR.DLL    : 13.4.0.262     93984 Bytes  15.11.2012 17:15:54
AVREG.DLL      : 13.4.0.244    245536 Bytes  15.11.2012 17:15:54
avlode.dll     : 13.4.0.255    426272 Bytes  15.11.2012 17:15:55
avlode.rdf     : 13.0.0.24       7196 Bytes  27.09.2012 10:30:38
VBASE000.VDF   : 7.10.0.0    19875328 Bytes  06.11.2009 14:50:29
VBASE001.VDF   : 7.11.0.0    13342208 Bytes  14.12.2010 14:50:31
VBASE002.VDF   : 7.11.19.170 14374912 Bytes  20.12.2011 14:50:34
VBASE003.VDF   : 7.11.21.238  4472832 Bytes  01.02.2012 14:50:36
VBASE004.VDF   : 7.11.26.44   4329472 Bytes  28.03.2012 14:50:37
VBASE005.VDF   : 7.11.34.116  4034048 Bytes  29.06.2012 14:42:40
VBASE006.VDF   : 7.11.41.250  4902400 Bytes  06.09.2012 14:42:40
VBASE007.VDF   : 7.11.45.207  2363904 Bytes  11.10.2012 17:15:40
VBASE008.VDF   : 7.11.45.208     2048 Bytes  11.10.2012 17:15:40
VBASE009.VDF   : 7.11.45.209     2048 Bytes  11.10.2012 17:15:40
VBASE010.VDF   : 7.11.45.210     2048 Bytes  11.10.2012 17:15:40
VBASE011.VDF   : 7.11.45.211     2048 Bytes  11.10.2012 17:15:40
VBASE012.VDF   : 7.11.45.212     2048 Bytes  11.10.2012 17:15:40
VBASE013.VDF   : 7.11.45.213     2048 Bytes  11.10.2012 17:15:40
VBASE014.VDF   : 7.11.46.65    220160 Bytes  16.10.2012 17:15:41
VBASE015.VDF   : 7.11.46.153   173568 Bytes  18.10.2012 17:15:41
VBASE016.VDF   : 7.11.46.223   162304 Bytes  19.10.2012 17:15:42
VBASE017.VDF   : 7.11.47.35    126464 Bytes  22.10.2012 17:15:42
VBASE018.VDF   : 7.11.47.95    175616 Bytes  24.10.2012 17:15:43
VBASE019.VDF   : 7.11.47.177   164352 Bytes  26.10.2012 17:15:43
VBASE020.VDF   : 7.11.47.229   143360 Bytes  28.10.2012 17:15:43
VBASE021.VDF   : 7.11.48.47    138240 Bytes  30.10.2012 17:15:43
VBASE022.VDF   : 7.11.48.135   122880 Bytes  01.11.2012 17:15:44
VBASE023.VDF   : 7.11.48.209   142848 Bytes  05.11.2012 17:15:45
VBASE024.VDF   : 7.11.48.243   119296 Bytes  05.11.2012 17:15:45
VBASE025.VDF   : 7.11.49.47    136704 Bytes  07.11.2012 17:15:45
VBASE026.VDF   : 7.11.49.135   194560 Bytes  09.11.2012 17:15:46
VBASE027.VDF   : 7.11.49.209   188416 Bytes  12.11.2012 17:15:46
VBASE028.VDF   : 7.11.50.27    212992 Bytes  14.11.2012 17:15:46
VBASE029.VDF   : 7.11.50.28      2048 Bytes  14.11.2012 17:15:46
VBASE030.VDF   : 7.11.50.29      2048 Bytes  14.11.2012 17:15:46
VBASE031.VDF   : 7.11.50.48     70656 Bytes  15.11.2012 17:15:46
Engineversion  : 8.2.10.202
AEVDF.DLL      : 8.1.2.10      102772 Bytes  19.09.2012 14:42:55
AESCRIPT.DLL   : 8.1.4.66      463227 Bytes  15.11.2012 17:15:54
AESCN.DLL      : 8.1.9.4       131445 Bytes  15.11.2012 17:15:53
AESBX.DLL      : 8.2.5.12      606578 Bytes  28.08.2012 16:58:06
AERDL.DLL      : 8.2.0.74      643445 Bytes  15.11.2012 17:15:53
AEPACK.DLL     : 8.3.0.40      815479 Bytes  15.11.2012 17:15:52
AEOFFICE.DLL   : 8.1.2.50      201084 Bytes  15.11.2012 17:15:52
AEHEUR.DLL     : 8.1.4.138    5542265 Bytes  15.11.2012 17:15:51
AEHELP.DLL     : 8.1.25.2      258423 Bytes  15.11.2012 17:15:48
AEGEN.DLL      : 8.1.6.10      438646 Bytes  15.11.2012 17:15:48
AEEXP.DLL      : 8.2.0.10      119158 Bytes  15.11.2012 17:15:54
AEEMU.DLL      : 8.1.3.2       393587 Bytes  19.09.2012 14:42:55
AECORE.DLL     : 8.1.29.2      201079 Bytes  15.11.2012 17:15:47
AEBB.DLL       : 8.1.1.4        53619 Bytes  15.11.2012 17:15:47
AVWINLL.DLL    : 13.4.0.163     25888 Bytes  19.09.2012 18:09:30
AVPREF.DLL     : 13.4.0.163     50464 Bytes  19.09.2012 18:07:51
AVREP.DLL      : 13.4.0.244    177952 Bytes  15.11.2012 17:15:54
AVARKT.DLL     : 13.4.0.184    260384 Bytes  25.09.2012 09:51:51
AVEVTLOG.DLL   : 13.4.0.185    167200 Bytes  25.09.2012 09:52:37
SQLITE3.DLL    : 3.7.0.1       397088 Bytes  19.09.2012 18:17:40
AVSMTP.DLL     : 13.4.0.163     62240 Bytes  19.09.2012 18:08:54
NETNT.DLL      : 13.4.0.163     15648 Bytes  19.09.2012 18:16:26
RCIMAGE.DLL    : 13.4.0.163   4780832 Bytes  19.09.2012 18:21:16
RCTEXT.DLL     : 13.4.0.163     68384 Bytes  19.09.2012 18:21:16

Konfiguration für den aktuellen Suchlauf:
Job Name..............................: AVGuardAsyncScan
Konfigurationsdatei...................: C:\ProgramData\Avira\AntiVir Desktop\TEMP\AVGUARD_50a52572\guard_slideup.avp
Protokollierung.......................: standard
Primäre Aktion........................: reparieren
Sekundäre Aktion......................: quarantäne
Durchsuche Masterbootsektoren.........: ein
Durchsuche Bootsektoren...............: aus
Durchsuche aktive Programme...........: ein
Durchsuche Registrierung..............: aus
Suche nach Rootkits...................: aus
Integritätsprüfung von Systemdateien..: aus
Datei Suchmodus.......................: Alle Dateien
Durchsuche Archive....................: ein
Rekursionstiefe einschränken..........: 20
Archiv Smart Extensions...............: ein
Makrovirenheuristik...................: ein
Dateiheuristik........................: vollständig

Beginn des Suchlaufs: Donnerstag, 15. November 2012  18:54

Der Suchlauf über gestartete Prozesse wird begonnen:
Durchsuche Prozess 'avscan.exe' - '94' Modul(e) wurden durchsucht
Durchsuche Prozess 'firefox.exe' - '62' Modul(e) wurden durchsucht
Durchsuche Prozess 'firefox.exe' - '72' Modul(e) wurden durchsucht
Durchsuche Prozess 'firefox.exe' - '72' Modul(e) wurden durchsucht
Durchsuche Prozess 'mbam.exe' - '55' Modul(e) wurden durchsucht
Durchsuche Prozess 'svchost.exe' - '30' Modul(e) wurden durchsucht
Durchsuche Prozess 'vssvc.exe' - '49' Modul(e) wurden durchsucht
Durchsuche Prozess 'avscan.exe' - '108' Modul(e) wurden durchsucht
Durchsuche Prozess 'avscan.exe' - '53' Modul(e) wurden durchsucht
Durchsuche Prozess 'firefox.exe' - '138' Modul(e) wurden durchsucht
Durchsuche Prozess 'mscorsvw.exe' - '25' Modul(e) wurden durchsucht
Durchsuche Prozess 'DTShellHlp.exe' - '54' Modul(e) wurden durchsucht
Durchsuche Prozess 'SynTPHelper.exe' - '14' Modul(e) wurden durchsucht
Durchsuche Prozess 'svchost.exe' - '21' Modul(e) wurden durchsucht
Durchsuche Prozess 'avshadow.exe' - '33' Modul(e) wurden durchsucht
Durchsuche Prozess 'BtStackServer.exe' - '71' Modul(e) wurden durchsucht
Durchsuche Prozess 'sidebar.exe' - '97' Modul(e) wurden durchsucht
Durchsuche Prozess 'BTTray.exe' - '70' Modul(e) wurden durchsucht
Durchsuche Prozess 'WDC.exe' - '27' Modul(e) wurden durchsucht
Durchsuche Prozess 'KBFiltr.exe' - '13' Modul(e) wurden durchsucht
Durchsuche Prozess 'ATKOSD.exe' - '13' Modul(e) wurden durchsucht
Durchsuche Prozess 'E_FATIFIE.EXE' - '38' Modul(e) wurden durchsucht
Durchsuche Prozess 'sidebar.exe' - '104' Modul(e) wurden durchsucht
Durchsuche Prozess 'avgnt.exe' - '90' Modul(e) wurden durchsucht
Durchsuche Prozess 'jusched.exe' - '32' Modul(e) wurden durchsucht
Durchsuche Prozess 'SynTPEnh.exe' - '45' Modul(e) wurden durchsucht
Durchsuche Prozess 'RtHDVCpl.exe' - '49' Modul(e) wurden durchsucht
Durchsuche Prozess 'rundll32.exe' - '47' Modul(e) wurden durchsucht
Durchsuche Prozess 'ATKOSD2.exe' - '21' Modul(e) wurden durchsucht
Durchsuche Prozess 'HControlUser.exe' - '17' Modul(e) wurden durchsucht
Durchsuche Prozess 'BatteryLife.exe' - '26' Modul(e) wurden durchsucht
Durchsuche Prozess 'wcourier.exe' - '22' Modul(e) wurden durchsucht
Durchsuche Prozess 'HControl.exe' - '59' Modul(e) wurden durchsucht
Durchsuche Prozess 'MsgTranAgt.exe' - '13' Modul(e) wurden durchsucht
Durchsuche Prozess 'ALU.exe' - '44' Modul(e) wurden durchsucht
Durchsuche Prozess 'Explorer.EXE' - '136' Modul(e) wurden durchsucht
Durchsuche Prozess 'taskeng.exe' - '25' Modul(e) wurden durchsucht
Durchsuche Prozess 'Dwm.exe' - '40' Modul(e) wurden durchsucht
Durchsuche Prozess 'taskeng.exe' - '89' Modul(e) wurden durchsucht
Durchsuche Prozess 'WLIDSvcM.exe' - '16' Modul(e) wurden durchsucht
Durchsuche Prozess 'SearchIndexer.exe' - '59' Modul(e) wurden durchsucht
Durchsuche Prozess 'WLIDSVC.EXE' - '52' Modul(e) wurden durchsucht
Durchsuche Prozess 'svchost.exe' - '9' Modul(e) wurden durchsucht
Durchsuche Prozess 'svchost.exe' - '45' Modul(e) wurden durchsucht
Durchsuche Prozess 'svchost.exe' - '42' Modul(e) wurden durchsucht
Durchsuche Prozess 'NASvc.exe' - '38' Modul(e) wurden durchsucht
Durchsuche Prozess 'E_S40RP7.EXE' - '14' Modul(e) wurden durchsucht
Durchsuche Prozess 'E_S40ST7.EXE' - '20' Modul(e) wurden durchsucht
Durchsuche Prozess 'rundll32.exe' - '42' Modul(e) wurden durchsucht
Durchsuche Prozess 'btwdins.exe' - '27' Modul(e) wurden durchsucht
Durchsuche Prozess 'svchost.exe' - '43' Modul(e) wurden durchsucht
Durchsuche Prozess 'avguard.exe' - '71' Modul(e) wurden durchsucht
Durchsuche Prozess 'armsvc.exe' - '24' Modul(e) wurden durchsucht
Durchsuche Prozess 'svchost.exe' - '59' Modul(e) wurden durchsucht
Durchsuche Prozess 'sched.exe' - '56' Modul(e) wurden durchsucht
Durchsuche Prozess 'spoolsv.exe' - '87' Modul(e) wurden durchsucht
Durchsuche Prozess 'taskeng.exe' - '49' Modul(e) wurden durchsucht
Durchsuche Prozess 'GFNEXSrv.exe' - '12' Modul(e) wurden durchsucht
Durchsuche Prozess 'ASLDRSrv.exe' - '25' Modul(e) wurden durchsucht
Durchsuche Prozess 'svchost.exe' - '88' Modul(e) wurden durchsucht
Durchsuche Prozess 'svchost.exe' - '77' Modul(e) wurden durchsucht
Durchsuche Prozess 'SLsvc.exe' - '23' Modul(e) wurden durchsucht
Durchsuche Prozess 'svchost.exe' - '37' Modul(e) wurden durchsucht
Durchsuche Prozess 'svchost.exe' - '149' Modul(e) wurden durchsucht
Durchsuche Prozess 'svchost.exe' - '108' Modul(e) wurden durchsucht
Durchsuche Prozess 'svchost.exe' - '64' Modul(e) wurden durchsucht
Durchsuche Prozess 'svchost.exe' - '33' Modul(e) wurden durchsucht
Durchsuche Prozess 'nvvsvc.exe' - '24' Modul(e) wurden durchsucht
Durchsuche Prozess 'svchost.exe' - '40' Modul(e) wurden durchsucht
Durchsuche Prozess 'winlogon.exe' - '30' Modul(e) wurden durchsucht
Durchsuche Prozess 'lsm.exe' - '22' Modul(e) wurden durchsucht
Durchsuche Prozess 'lsass.exe' - '60' Modul(e) wurden durchsucht
Durchsuche Prozess 'services.exe' - '33' Modul(e) wurden durchsucht
Durchsuche Prozess 'csrss.exe' - '14' Modul(e) wurden durchsucht
Durchsuche Prozess 'wininit.exe' - '26' Modul(e) wurden durchsucht
Durchsuche Prozess 'csrss.exe' - '14' Modul(e) wurden durchsucht
Durchsuche Prozess 'smss.exe' - '2' Modul(e) wurden durchsucht

Der Suchlauf über die ausgewählten Dateien wird begonnen:

Beginne mit der Suche in 'C:\Users\Matthias\AppData\Roaming\16001.010\components\AcroFF010.dll'
C:\Users\Matthias\AppData\Roaming\16001.010\components\AcroFF010.dll
  [FUND]      Ist das Trojanische Pferd TR/Spy.Banker.Gen8
  [HINWEIS]   Die Datei wurde ins Quarantäneverzeichnis unter dem Namen '563fb265.qua' verschoben!


Ende des Suchlaufs: Donnerstag, 15. November 2012  18:54
Benötigte Zeit: 00:12 Minute(n)

Der Suchlauf wurde vollständig durchgeführt.

      0 Verzeichnisse wurden überprüft
    599 Dateien wurden geprüft
      1 Viren bzw. unerwünschte Programme wurden gefunden
      0 Dateien wurden als verdächtig eingestuft
      0 Dateien wurden gelöscht
      0 Viren bzw. unerwünschte Programme wurden repariert
      1 Dateien wurden in die Quarantäne verschoben
      0 Dateien wurden umbenannt
      0 Dateien konnten nicht durchsucht werden
    598 Dateien ohne Befall
      3 Archive wurden durchsucht
      0 Warnungen
      1 Hinweise
         

Alt 19.11.2012, 10:23   #5
cosinus
/// Winkelfunktion
/// TB-Süch-Tiger™
 
TR/Spy.Banker.Gen8 - Standard

TR/Spy.Banker.Gen8



1. aswMBR

Downloade dir bitte aswMBR.exe und speichere die Datei auf deinem Desktop.

Hinweis: Bitte den Virenscanner abstellen bevor du aswMBR ausführst, denn v.a. Avira meldet darin oft einen Fehlalarm!
  • Starte die aswMBR.exe Vista und Win7 User aswMBR per Rechtsklick "als Administrator ausführen"
  • Das Tool wird dich fragen, ob Du mit der aktuellen Virendefinition von AVAST! dein System scannen willst. Beantworte diese Frage bitte mit Ja. (Sollte deine Firewall fragen, bitte den Zugriff auf das Internet zulassen) Der Download der Definitionen kann je nach Verbindung eine Weile dauern.
  • Klicke auf Scan.
  • Warte bitte bis Scan finished successfully im DOS Fenster steht.
  • Drücke auf Save Log und speichere diese auf dem Desktop.
Poste mir die aswMBR.txt in deiner nächsten Antwort. Wichtig: Drücke keinesfalls einen der Fix Buttons ohne Anweisung Hinweis: Sollte der Scan Button ausgeblendet sein, schließe das Tool und starte es erneut. Sollte es erneut nicht klappen teile mir das bitte mit.

Noch ein Hinweis: Sollte aswMBR abstürzen und es kommt eine Meldung wie "aswMBR.exe funktioniert nicht mehr, dann mach Folgendes:
Starte aswMBR neu, wähle unten links im Drop-Down-Menü (unten links im Fenster von aswMBR) bei "AV scan" (none) aus und klick nochmal auf den Scan-Button.


2. TDSS-Killer

Download TDSS-Killer auf Desktop siehe => http://www.trojaner-board.de/82358-t...entfernen.html

Hinweis: Bitte den Virenscanner abstellen bevor du den TDSS-Killer ausführst, denn v.a. Avira meldet im TDSS-Tool oft einen Fehalalrm!

Das Tool so einstellen wie unten im Bild angegeben - klick auf change parameters und setze die Haken wie im folgenden Screenshot abgebildet,
Dann auf Start Scan klicken und wenn es durch ist auf den Button Report klicken um das Log anzuzeigen. Dieses bitte komplett posten.

Wenn du das Log nicht findest oder den Inhalt kopieren und in dein Posting übertragen kannst, dann schau bitte direkt auf deiner Windows-Systempartition ( meistens Laufwerk C: ) nach, da speichert der TDSS-Killer seine Logs.

Hinweis: Bitte nichts voreilig mit dem TDSS-Killer löschen! Falls Objekte vom TDSS-Killer bemängelt werden, alle mit der Aktion "skip" behandeln und hier nur das Log posten!


__________________
Logfiles bitte immer in CODE-Tags posten

Alt 19.11.2012, 21:20   #6
fandingo
 
TR/Spy.Banker.Gen8 - Standard

TR/Spy.Banker.Gen8



Code:
ATTFilter
 aswMBR version 0.9.9.1707 Copyright(c) 2011 AVAST Software
Run date: 2012-11-19 20:56:54
-----------------------------
20:56:54.186    OS Version: Windows 6.0.6002 Service Pack 2
20:56:54.186    Number of processors: 2 586 0x1706
20:56:54.186    ComputerName: ASUS  UserName: 
20:56:57.477    Initialize success
20:59:33.498    AVAST engine defs: 12111900
20:59:41.111    Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\Ide\IAAStorageDevice-1
20:59:41.111    Disk 0 Vendor: ST950032 0001 Size: 476940MB BusType: 3
20:59:41.127    Disk 0 MBR read successfully
20:59:41.142    Disk 0 MBR scan
20:59:41.142    Disk 0 unknown MBR code
20:59:41.158    Disk 0 Partition 1 00     1C Hidd FAT32 LBA MSDOS5.0    12001 MB offset 63
20:59:41.173    Disk 0 Partition 2 80 (A) 07    HPFS/NTFS NTFS       464937 MB offset 24580096
20:59:41.173    Disk 0 scanning sectors +976771072
20:59:41.298    Disk 0 scanning C:\Windows\system32\drivers
20:59:59.659    Service scanning
21:00:37.255    Modules scanning
21:00:45.508    Disk 0 trace - called modules:
21:00:45.539    ntkrnlpa.exe CLASSPNP.SYS disk.sys acpi.sys hal.dll iaStor.sys 
21:00:46.038    1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0x860b14e8]
21:00:46.054    3 CLASSPNP.SYS[8a9b18b3] -> nt!IofCallDriver -> [0x84b90f08]
21:00:46.069    5 acpi.sys[8069a6bc] -> nt!IofCallDriver -> \Device\Ide\IAAStorageDevice-1[0x85590028]
21:00:52.325    AVAST engine scan C:\Windows
21:00:56.506    AVAST engine scan C:\Windows\system32
21:07:40.187    AVAST engine scan C:\Windows\system32\drivers
21:08:07.799    AVAST engine scan C:\Users\Matthias
21:11:33.781    File: C:\Users\Matthias\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\32\565e8ce0-28a35793  **INFECTED** Win32:Banker-JYD [Trj]
21:14:05.601    AVAST engine scan C:\ProgramData
21:15:06.425    Scan finished successfully
21:15:24.193    Disk 0 MBR has been saved successfully to "C:\Users\Matthias\Desktop\MBR.dat"
21:15:24.209    The log file has been saved successfully to "C:\Users\Matthias\Desktop\aswMBR.txt"
         
Code:
ATTFilter
 21:18:43.0004 5308  TDSS rootkit removing tool 2.8.15.0 Oct 31 2012 21:47:35
21:18:43.0207 5308  ============================================================
21:18:43.0207 5308  Current date / time: 2012/11/19 21:18:43.0207
21:18:43.0207 5308  SystemInfo:
21:18:43.0207 5308  
21:18:43.0207 5308  OS Version: 6.0.6002 ServicePack: 2.0
21:18:43.0207 5308  Product type: Workstation
21:18:43.0207 5308  ComputerName: ASUS
21:18:43.0207 5308  UserName: Matthias
21:18:43.0207 5308  Windows directory: C:\Windows
21:18:43.0207 5308  System windows directory: C:\Windows
21:18:43.0207 5308  Processor architecture: Intel x86
21:18:43.0207 5308  Number of processors: 2
21:18:43.0207 5308  Page size: 0x1000
21:18:43.0207 5308  Boot type: Normal boot
21:18:43.0207 5308  ============================================================
21:18:44.0346 5308  Drive \Device\Harddisk0\DR0 - Size: 0x7470C06000 (465.76 Gb), SectorSize: 0x200, Cylinders: 0xED81, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000050
21:18:44.0346 5308  ============================================================
21:18:44.0346 5308  \Device\Harddisk0\DR0:
21:18:44.0362 5308  MBR partitions:
21:18:44.0362 5308  \Device\Harddisk0\DR0\Partition1: MBR, Type 0x7, StartLBA 0x1771000, BlocksNum 0x38C14800
21:18:44.0362 5308  ============================================================
21:18:44.0393 5308  C: <-> \Device\Harddisk0\DR0\Partition1
21:18:44.0393 5308  ============================================================
21:18:44.0393 5308  Initialize success
21:18:44.0393 5308  ============================================================
21:19:26.0622 1124  ============================================================
21:19:26.0622 1124  Scan started
21:19:26.0622 1124  Mode: Manual; SigCheck; TDLFS; 
21:19:26.0622 1124  ============================================================
21:19:27.0246 1124  ================ Scan system memory ========================
21:19:27.0246 1124  System memory - ok
21:19:27.0246 1124  ================ Scan services =============================
21:19:27.0386 1124  [ 82B296AE1892FE3DBEE00C9CF92F8AC7 ] ACPI            C:\Windows\system32\drivers\acpi.sys
21:19:27.0464 1124  ACPI - ok
21:19:27.0574 1124  [ D19C4EE2AC7C47B8F5F84FFF1A789D8A ] AdobeARMservice C:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe
21:19:27.0574 1124  AdobeARMservice - ok
21:19:27.0636 1124  [ 44C00A385CA9DBC1D5CF3781F8C26AEA ] AdobeFlashPlayerUpdateSvc C:\Windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe
21:19:27.0652 1124  AdobeFlashPlayerUpdateSvc - ok
21:19:27.0698 1124  [ 04F0FCAC69C7C71A3AC4EB97FAFC8303 ] adp94xx         C:\Windows\system32\drivers\adp94xx.sys
21:19:27.0714 1124  adp94xx - ok
21:19:27.0761 1124  [ 60505E0041F7751BDBB80F88BF45C2CE ] adpahci         C:\Windows\system32\drivers\adpahci.sys
21:19:27.0776 1124  adpahci - ok
21:19:27.0792 1124  [ 8A42779B02AEC986EAB64ECFC98F8BD7 ] adpu160m        C:\Windows\system32\drivers\adpu160m.sys
21:19:27.0808 1124  adpu160m - ok
21:19:27.0839 1124  [ 241C9E37F8CE45EF51C3DE27515CA4E5 ] adpu320         C:\Windows\system32\drivers\adpu320.sys
21:19:27.0854 1124  adpu320 - ok
21:19:27.0886 1124  [ 9D1FDA9E086BA64E3C93C9DE32461BCF ] AeLookupSvc     C:\Windows\System32\aelupsvc.dll
21:19:28.0010 1124  AeLookupSvc - ok
21:19:28.0042 1124  [ 3911B972B55FEA0478476B2E777B29FA ] AFD             C:\Windows\system32\drivers\afd.sys
21:19:28.0073 1124  AFD - ok
21:19:28.0135 1124  [ 13F9E33747E6B41A3FF305C37DB0D360 ] agp440          C:\Windows\system32\drivers\agp440.sys
21:19:28.0135 1124  agp440 - ok
21:19:28.0198 1124  [ AE1FDF7BF7BB6C6A70F67699D880592A ] aic78xx         C:\Windows\system32\drivers\djsvs.sys
21:19:28.0213 1124  aic78xx - ok
21:19:28.0229 1124  [ A1545B731579895D8CC44FC0481C1192 ] ALG             C:\Windows\System32\alg.exe
21:19:28.0260 1124  ALG - ok
21:19:28.0307 1124  [ 9EAEF5FC9B8E351AFA7E78A6FAE91F91 ] aliide          C:\Windows\system32\drivers\aliide.sys
21:19:28.0307 1124  aliide - ok
21:19:28.0338 1124  [ C47344BC706E5F0B9DCE369516661578 ] amdagp          C:\Windows\system32\drivers\amdagp.sys
21:19:28.0354 1124  amdagp - ok
21:19:28.0369 1124  [ 9B78A39A4C173FDBC1321E0DD659B34C ] amdide          C:\Windows\system32\drivers\amdide.sys
21:19:28.0385 1124  amdide - ok
21:19:28.0385 1124  [ 18F29B49AD23ECEE3D2A826C725C8D48 ] AmdK7           C:\Windows\system32\drivers\amdk7.sys
21:19:28.0447 1124  AmdK7 - ok
21:19:28.0463 1124  [ 93AE7F7DD54AB986A6F1A1B37BE7442D ] AmdK8           C:\Windows\system32\drivers\amdk8.sys
21:19:28.0494 1124  AmdK8 - ok
21:19:28.0666 1124  [ A5569C4429D1C5494049FBFE2B2D20FF ] AntiVirSchedulerService C:\Program Files\Avira\AntiVir Desktop\sched.exe
21:19:28.0666 1124  AntiVirSchedulerService - ok
21:19:28.0697 1124  [ CB7EA00A4E70DF6828EBB68633D000D2 ] AntiVirService  C:\Program Files\Avira\AntiVir Desktop\avguard.exe
21:19:28.0697 1124  AntiVirService - ok
21:19:28.0728 1124  [ C6D704C7F0434DC791AAC37CAC4B6E14 ] Appinfo         C:\Windows\System32\appinfo.dll
21:19:28.0775 1124  Appinfo - ok
21:19:28.0790 1124  [ 5D2888182FB46632511ACEE92FDAD522 ] arc             C:\Windows\system32\drivers\arc.sys
21:19:28.0806 1124  arc - ok
21:19:28.0837 1124  [ 5E2A321BD7C8B3624E41FDEC3E244945 ] arcsas          C:\Windows\system32\drivers\arcsas.sys
21:19:28.0853 1124  arcsas - ok
21:19:28.0884 1124  [ 5A055A4777CBBC8845DD598CB2EEBF69 ] ASLDRService    C:\Program Files\ASUS\ATK Hotkey\ASLDRSrv.exe
21:19:28.0915 1124  ASLDRService ( UnsignedFile.Multi.Generic ) - warning
21:19:28.0915 1124  ASLDRService - detected UnsignedFile.Multi.Generic (1)
21:19:28.0962 1124  [ 7B4D08D2017AC06689D422E06C43F0AA ] ASMMAP          C:\Program Files\ATKGFNEX\ASMMAP.sys
21:19:28.0962 1124  ASMMAP - ok
21:19:28.0993 1124  ASUSProcObsrv - ok
21:19:29.0024 1124  [ 53B202ABEE6455406254444303E87BE1 ] AsyncMac        C:\Windows\system32\DRIVERS\asyncmac.sys
21:19:29.0056 1124  AsyncMac - ok
21:19:29.0087 1124  [ 1F05B78AB91C9075565A9D8A4B880BC4 ] atapi           C:\Windows\system32\drivers\atapi.sys
21:19:29.0087 1124  atapi - ok
21:19:29.0118 1124  [ 7C157574A181B19B9DCF5F339E25337E ] ATKGFNEXSrv     C:\Program Files\ATKGFNEX\GFNEXSrv.exe
21:19:29.0134 1124  ATKGFNEXSrv ( UnsignedFile.Multi.Generic ) - warning
21:19:29.0134 1124  ATKGFNEXSrv - detected UnsignedFile.Multi.Generic (1)
21:19:29.0180 1124  [ 68E2A1A0407A66CF50DA0300852424AB ] AudioEndpointBuilder C:\Windows\System32\Audiosrv.dll
21:19:29.0196 1124  AudioEndpointBuilder - ok
21:19:29.0212 1124  [ 68E2A1A0407A66CF50DA0300852424AB ] Audiosrv        C:\Windows\System32\Audiosrv.dll
21:19:29.0227 1124  Audiosrv - ok
21:19:29.0258 1124  [ 680B3A1BE559B5D5AAC04C7949469DD6 ] avgntflt        C:\Windows\system32\DRIVERS\avgntflt.sys
21:19:29.0258 1124  avgntflt - ok
21:19:29.0274 1124  [ 6B289080B9752DAD39C1C2B98B479DCE ] avipbb          C:\Windows\system32\DRIVERS\avipbb.sys
21:19:29.0274 1124  avipbb - ok
21:19:29.0290 1124  [ FFB78D74E1EA5F811341A6E7AC547A46 ] avkmgr          C:\Windows\system32\DRIVERS\avkmgr.sys
21:19:29.0305 1124  avkmgr - ok
21:19:29.0336 1124  [ 67E506B75BD5326A3EC7B70BD014DFB6 ] Beep            C:\Windows\system32\drivers\Beep.sys
21:19:29.0383 1124  Beep - ok
21:19:29.0430 1124  [ C789AF0F724FDA5852FB9A7D3A432381 ] BFE             C:\Windows\System32\bfe.dll
21:19:29.0461 1124  BFE - ok
21:19:29.0508 1124  [ 93952506C6D67330367F7E7934B6A02F ] BITS            C:\Windows\System32\qmgr.dll
21:19:29.0555 1124  BITS - ok
21:19:29.0586 1124  [ D4DF28447741FD3D953526E33A617397 ] blbdrive        C:\Windows\system32\drivers\blbdrive.sys
21:19:29.0617 1124  blbdrive - ok
21:19:29.0633 1124  [ 35F376253F687BDE63976CCB3F2108CA ] bowser          C:\Windows\system32\DRIVERS\bowser.sys
21:19:29.0711 1124  bowser - ok
21:19:29.0742 1124  [ 9F9ACC7F7CCDE8A15C282D3F88B43309 ] BrFiltLo        C:\Windows\system32\drivers\brfiltlo.sys
21:19:29.0773 1124  BrFiltLo - ok
21:19:29.0836 1124  [ 56801AD62213A41F6497F96DEE83755A ] BrFiltUp        C:\Windows\system32\drivers\brfiltup.sys
21:19:29.0882 1124  BrFiltUp - ok
21:19:29.0914 1124  [ A3629A0C4226F9E9C72FAAEEBC3AD33C ] Browser         C:\Windows\System32\browser.dll
21:19:29.0960 1124  Browser - ok
21:19:30.0007 1124  [ B304E75CFF293029EDDF094246747113 ] Brserid         C:\Windows\system32\drivers\brserid.sys
21:19:30.0163 1124  Brserid - ok
21:19:30.0179 1124  [ 203F0B1E73ADADBBB7B7B1FABD901F6B ] BrSerWdm        C:\Windows\system32\drivers\brserwdm.sys
21:19:30.0226 1124  BrSerWdm - ok
21:19:30.0241 1124  [ BD456606156BA17E60A04E18016AE54B ] BrUsbMdm        C:\Windows\system32\drivers\brusbmdm.sys
21:19:30.0272 1124  BrUsbMdm - ok
21:19:30.0288 1124  [ AF72ED54503F717A43268B3CC5FAEC2E ] BrUsbSer        C:\Windows\system32\drivers\brusbser.sys
21:19:30.0335 1124  BrUsbSer - ok
21:19:30.0350 1124  [ 6D39C954799B63BA866910234CF7D726 ] BthEnum         C:\Windows\system32\DRIVERS\BthEnum.sys
21:19:30.0382 1124  BthEnum - ok
21:19:30.0397 1124  [ 9A966A8E86D1771911AE34A20D11BFF3 ] BTHMODEM        C:\Windows\system32\DRIVERS\bthmodem.sys
21:19:30.0444 1124  BTHMODEM - ok
21:19:30.0491 1124  [ 5904EFA25F829BF84EA6FB045134A1D8 ] BthPan          C:\Windows\system32\DRIVERS\bthpan.sys
21:19:30.0522 1124  BthPan - ok
21:19:30.0553 1124  [ 611FF3F2F095C8D4A6D4CFD9DCC09793 ] BTHPORT         C:\Windows\system32\Drivers\BTHport.sys
21:19:30.0678 1124  BTHPORT - ok
21:19:30.0694 1124  [ A4C8377FA4A994E07075107DBE2E3DCE ] BthServ         C:\Windows\System32\bthserv.dll
21:19:30.0725 1124  BthServ - ok
21:19:30.0740 1124  [ D330803EAB2A15CAEC7F011F1D4CB30E ] BTHUSB          C:\Windows\system32\Drivers\BTHUSB.sys
21:19:30.0772 1124  BTHUSB - ok
21:19:30.0818 1124  [ 463483285B2D2D345443AAEE7B9391E7 ] btwaudio        C:\Windows\system32\drivers\btwaudio.sys
21:19:30.0834 1124  btwaudio - ok
21:19:30.0850 1124  [ 4F82B6173EF8637CB26CF4E73B90F172 ] btwavdt         C:\Windows\system32\drivers\btwavdt.sys
21:19:30.0865 1124  btwavdt - ok
21:19:30.0912 1124  [ B78D1ACA1BBD0077848D9F87C8207AB1 ] btwdins         C:\Program Files\WIDCOMM\Bluetooth Software\bin\btwdins.exe
21:19:30.0943 1124  btwdins - ok
21:19:30.0990 1124  [ ECB98391C756A7B9CFBAE89D9D1235E1 ] btwl2cap        C:\Windows\system32\DRIVERS\btwl2cap.sys
21:19:30.0990 1124  btwl2cap - ok
21:19:31.0006 1124  [ F771034F5B59A4A5054A2FA6F4E9F28B ] btwrchid        C:\Windows\system32\DRIVERS\btwrchid.sys
21:19:31.0006 1124  btwrchid - ok
21:19:31.0037 1124  [ 7ADD03E75BEB9E6DD102C3081D29840A ] cdfs            C:\Windows\system32\DRIVERS\cdfs.sys
21:19:31.0084 1124  cdfs - ok
21:19:31.0115 1124  [ 6B4BFFB9BECD728097024276430DB314 ] cdrom           C:\Windows\system32\DRIVERS\cdrom.sys
21:19:31.0146 1124  cdrom - ok
21:19:31.0162 1124  [ 312EC3E37A0A1F2006534913E37B4423 ] CertPropSvc     C:\Windows\System32\certprop.dll
21:19:31.0177 1124  CertPropSvc - ok
21:19:31.0208 1124  [ E5D4133F37219DBCFE102BC61072589D ] circlass        C:\Windows\system32\DRIVERS\circlass.sys
21:19:31.0240 1124  circlass - ok
21:19:31.0271 1124  [ D7659D3B5B92C31E84E53C1431F35132 ] CLFS            C:\Windows\system32\CLFS.sys
21:19:31.0286 1124  CLFS - ok
21:19:31.0364 1124  [ 8EE772032E2FE80A924F3B8DD5082194 ] clr_optimization_v2.0.50727_32 C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe
21:19:31.0364 1124  clr_optimization_v2.0.50727_32 - ok
21:19:31.0474 1124  [ C5A75EB48E2344ABDC162BDA79E16841 ] clr_optimization_v4.0.30319_32 C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe
21:19:31.0474 1124  clr_optimization_v4.0.30319_32 - ok
21:19:31.0505 1124  [ 99AFC3795B58CC478FBBBCDC658FCB56 ] CmBatt          C:\Windows\system32\DRIVERS\CmBatt.sys
21:19:31.0536 1124  CmBatt - ok
21:19:31.0567 1124  [ 0CA25E686A4928484E9FDABD168AB629 ] cmdide          C:\Windows\system32\drivers\cmdide.sys
21:19:31.0567 1124  cmdide - ok
21:19:31.0598 1124  [ 6AFEF0B60FA25DE07C0968983EE4F60A ] Compbatt        C:\Windows\system32\DRIVERS\compbatt.sys
21:19:31.0614 1124  Compbatt - ok
21:19:31.0614 1124  COMSysApp - ok
21:19:31.0630 1124  [ 741E9DFF4F42D2D8477D0FC1DC0DF871 ] crcdisk         C:\Windows\system32\drivers\crcdisk.sys
21:19:31.0645 1124  crcdisk - ok
21:19:31.0645 1124  [ 1F07BECDCA750766A96CDA811BA86410 ] Crusoe          C:\Windows\system32\drivers\crusoe.sys
21:19:31.0692 1124  Crusoe - ok
21:19:31.0770 1124  [ F1E8C34892336D33EDDCDFE44E474F64 ] CryptSvc        C:\Windows\system32\cryptsvc.dll
21:19:31.0801 1124  CryptSvc - ok
21:19:31.0848 1124  [ 3B5B4D53FEC14F7476CA29A20CC31AC9 ] DcomLaunch      C:\Windows\system32\rpcss.dll
21:19:31.0879 1124  DcomLaunch - ok
21:19:31.0910 1124  [ 622C41A07CA7E6DD91770F50D532CB6C ] DfsC            C:\Windows\system32\Drivers\dfsc.sys
21:19:31.0973 1124  DfsC - ok
21:19:32.0051 1124  [ 2CC3DCFB533A1035B13DCAB6160AB38B ] DFSR            C:\Windows\system32\DFSR.exe
21:19:32.0191 1124  DFSR - ok
21:19:32.0222 1124  [ 9028559C132146FB75EB7ACF384B086A ] Dhcp            C:\Windows\System32\dhcpcsvc.dll
21:19:32.0254 1124  Dhcp - ok
21:19:32.0285 1124  [ 5D4AEFC3386920236A548271F8F1AF6A ] disk            C:\Windows\system32\drivers\disk.sys
21:19:32.0300 1124  disk - ok
21:19:32.0347 1124  [ 57D762F6F5974AF0DA2BE88A3349BAAA ] Dnscache        C:\Windows\System32\dnsrslvr.dll
21:19:32.0441 1124  Dnscache - ok
21:19:32.0488 1124  [ 324FD74686B1EF5E7C19A8AF49E748F6 ] dot3svc         C:\Windows\System32\dot3svc.dll
21:19:32.0503 1124  dot3svc - ok
21:19:32.0534 1124  [ A622E888F8AA2F6B49E9BC466F0E5DEF ] DPS             C:\Windows\system32\dps.dll
21:19:32.0581 1124  DPS - ok
21:19:32.0628 1124  [ 97FEF831AB90BEE128C9AF390E243F80 ] drmkaud         C:\Windows\system32\drivers\drmkaud.sys
21:19:32.0659 1124  drmkaud - ok
21:19:32.0690 1124  [ 687AF6BB383885FF6A64071B189A7F3E ] dtsoftbus01     C:\Windows\system32\DRIVERS\dtsoftbus01.sys
21:19:32.0690 1124  dtsoftbus01 - ok
21:19:32.0737 1124  [ C68AC676B0EF30CFBB1080ADCE49EB1F ] DXGKrnl         C:\Windows\System32\drivers\dxgkrnl.sys
21:19:32.0753 1124  DXGKrnl - ok
21:19:32.0831 1124  [ 5425F74AC0C1DBD96A1E04F17D63F94C ] E1G60           C:\Windows\system32\DRIVERS\E1G60I32.sys
21:19:32.0909 1124  E1G60 - ok
21:19:32.0956 1124  [ C0B95E40D85CD807D614E264248A45B9 ] EapHost         C:\Windows\System32\eapsvc.dll
21:19:32.0971 1124  EapHost - ok
21:19:33.0002 1124  [ 7F64EA048DCFAC7ACF8B4D7B4E6FE371 ] Ecache          C:\Windows\system32\drivers\ecache.sys
21:19:33.0018 1124  Ecache - ok
21:19:33.0065 1124  [ 9BE3744D295A7701EB425332014F0797 ] ehRecvr         C:\Windows\ehome\ehRecvr.exe
21:19:33.0112 1124  ehRecvr - ok
21:19:33.0127 1124  [ AD1870C8E5D6DD340C829E6074BF3C3F ] ehSched         C:\Windows\ehome\ehsched.exe
21:19:33.0174 1124  ehSched - ok
21:19:33.0174 1124  [ C27C4EE8926E74AA72EFCAB24C5242C3 ] ehstart         C:\Windows\ehome\ehstart.dll
21:19:33.0205 1124  ehstart - ok
21:19:33.0236 1124  [ 23B62471681A124889978F6295B3F4C6 ] elxstor         C:\Windows\system32\drivers\elxstor.sys
21:19:33.0252 1124  elxstor - ok
21:19:33.0283 1124  [ 4E6B23DFC917EA39306B529B773950F4 ] EMDMgmt         C:\Windows\system32\emdmgmt.dll
21:19:33.0330 1124  EMDMgmt - ok
21:19:33.0392 1124  [ EC6A73CD8413F68655E5E0B99C415A21 ] EPSON_EB_RPCV4_01 C:\ProgramData\EPSON\EPW!3 SSRP\E_S40ST7.EXE
21:19:33.0408 1124  EPSON_EB_RPCV4_01 - ok
21:19:33.0424 1124  [ 8FE6AB59CAB8F2C038FEA9522A5EEBA7 ] EPSON_PM_RPCV4_01 C:\ProgramData\EPSON\EPW!3 SSRP\E_S40RP7.EXE
21:19:33.0439 1124  EPSON_PM_RPCV4_01 - ok
21:19:33.0470 1124  [ 3DB974F3935483555D7148663F726C61 ] ErrDev          C:\Windows\system32\drivers\errdev.sys
21:19:33.0486 1124  ErrDev - ok
21:19:33.0517 1124  [ 67058C46504BC12D821F38CF99B7B28F ] EventSystem     C:\Windows\system32\es.dll
21:19:33.0580 1124  EventSystem - ok
21:19:33.0642 1124  [ 22B408651F9123527BCEE54B4F6C5CAE ] exfat           C:\Windows\system32\drivers\exfat.sys
21:19:33.0704 1124  exfat - ok
21:19:33.0720 1124  [ 1E9B9A70D332103C52995E957DC09EF8 ] fastfat         C:\Windows\system32\drivers\fastfat.sys
21:19:33.0751 1124  fastfat - ok
21:19:33.0782 1124  [ AFE1E8B9782A0DD7FB46BBD88E43F89A ] fdc             C:\Windows\system32\DRIVERS\fdc.sys
21:19:33.0814 1124  fdc - ok
21:19:33.0829 1124  [ 6629B5F0E98151F4AFDD87567EA32BA3 ] fdPHost         C:\Windows\system32\fdPHost.dll
21:19:33.0845 1124  fdPHost - ok
21:19:33.0860 1124  [ 89ED56DCE8E47AF40892778A5BD31FD2 ] FDResPub        C:\Windows\system32\fdrespub.dll
21:19:33.0892 1124  FDResPub - ok
21:19:33.0954 1124  [ A8C0139A884861E3AAE9CFE73B208A9F ] FileInfo        C:\Windows\system32\drivers\fileinfo.sys
21:19:33.0970 1124  FileInfo - ok
21:19:33.0985 1124  [ 0AE429A696AECBC5970E3CF2C62635AE ] Filetrace       C:\Windows\system32\drivers\filetrace.sys
21:19:34.0016 1124  Filetrace - ok
21:19:34.0016 1124  [ 85B7CF99D532820495D68D747FDA9EBD ] flpydisk        C:\Windows\system32\DRIVERS\flpydisk.sys
21:19:34.0048 1124  flpydisk - ok
21:19:34.0079 1124  [ 01334F9EA68E6877C4EF05D3EA8ABB05 ] FltMgr          C:\Windows\system32\drivers\fltmgr.sys
21:19:34.0094 1124  FltMgr - ok
21:19:34.0141 1124  [ 8CE364388C8ECA59B14B539179276D44 ] FontCache       C:\Windows\system32\FntCache.dll
21:19:34.0235 1124  FontCache - ok
21:19:34.0297 1124  [ C7FBDD1ED42F82BFA35167A5C9803EA3 ] FontCache3.0.0.0 C:\Windows\Microsoft.Net\Framework\v3.0\WPF\PresentationFontCache.exe
21:19:34.0297 1124  FontCache3.0.0.0 - ok
21:19:34.0313 1124  [ B972A66758577E0BFD1DE0F91AAA27B5 ] Fs_Rec          C:\Windows\system32\drivers\Fs_Rec.sys
21:19:34.0360 1124  Fs_Rec - ok
21:19:34.0391 1124  [ 34582A6E6573D54A07ECE5FE24A126B5 ] gagp30kx        C:\Windows\system32\drivers\gagp30kx.sys
21:19:34.0406 1124  gagp30kx - ok
21:19:34.0453 1124  [ CD5D0AEEE35DFD4E986A5AA1500A6E66 ] gpsvc           C:\Windows\System32\gpsvc.dll
21:19:34.0484 1124  gpsvc - ok
21:19:34.0531 1124  [ CB04C744BE0A61B1D648FAED182C3B59 ] HdAudAddService C:\Windows\system32\drivers\HdAudio.sys
21:19:34.0594 1124  HdAudAddService - ok
21:19:34.0672 1124  [ 062452B7FFD68C8C042A6261FE8DFF4A ] HDAudBus        C:\Windows\system32\DRIVERS\HDAudBus.sys
21:19:34.0718 1124  HDAudBus - ok
21:19:34.0765 1124  [ 1338520E78D90154ED6BE8F84DE5FCEB ] HidBth          C:\Windows\system32\drivers\hidbth.sys
21:19:34.0796 1124  HidBth - ok
21:19:34.0812 1124  [ D8DF3722D5E961BAA1292AA2F12827E2 ] HidIr           C:\Windows\system32\DRIVERS\hidir.sys
21:19:34.0843 1124  HidIr - ok
21:19:34.0874 1124  [ 84067081F3318162797385E11A8F0582 ] hidserv         C:\Windows\system32\hidserv.dll
21:19:34.0906 1124  hidserv - ok
21:19:34.0906 1124  [ CCA4B519B17E23A00B826C55716809CC ] HidUsb          C:\Windows\system32\DRIVERS\hidusb.sys
21:19:34.0921 1124  HidUsb - ok
21:19:34.0937 1124  [ D8AD255B37DA92434C26E4876DB7D418 ] hkmsvc          C:\Windows\system32\kmsvc.dll
21:19:34.0984 1124  hkmsvc - ok
21:19:34.0999 1124  [ 16EE7B23A009E00D835CDB79574A91A6 ] HpCISSs         C:\Windows\system32\drivers\hpcisss.sys
21:19:35.0015 1124  HpCISSs - ok
21:19:35.0046 1124  [ F870AA3E254628EBEAFE754108D664DE ] HTTP            C:\Windows\system32\drivers\HTTP.sys
21:19:35.0077 1124  HTTP - ok
21:19:35.0093 1124  [ C6B032D69650985468160FC9937CF5B4 ] i2omp           C:\Windows\system32\drivers\i2omp.sys
21:19:35.0108 1124  i2omp - ok
21:19:35.0140 1124  [ 22D56C8184586B7A1F6FA60BE5F5A2BD ] i8042prt        C:\Windows\system32\DRIVERS\i8042prt.sys
21:19:35.0155 1124  i8042prt - ok
21:19:35.0233 1124  [ 707C1692214B1C290271067197F075F6 ] iaStor          C:\Windows\system32\DRIVERS\iaStor.sys
21:19:35.0249 1124  iaStor - ok
21:19:35.0342 1124  [ 54155EA1B0DF185878E0FC9EC3AC3A14 ] iaStorV         C:\Windows\system32\drivers\iastorv.sys
21:19:35.0420 1124  iaStorV - ok
21:19:35.0608 1124  [ 98477B08E61945F974ED9FDC4CB6BDAB ] idsvc           C:\Windows\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\infocard.exe
21:19:35.0670 1124  idsvc - ok
21:19:35.0686 1124  [ 2D077BF86E843F901D8DB709C95B49A5 ] iirsp           C:\Windows\system32\drivers\iirsp.sys
21:19:35.0701 1124  iirsp - ok
21:19:35.0732 1124  [ 9908D8A397B76CD8D31D0D383C5773C9 ] IKEEXT          C:\Windows\System32\ikeext.dll
21:19:35.0764 1124  IKEEXT - ok
21:19:35.0920 1124  [ 23EBCEE9AAA4D6C88728791FAB462456 ] IntcAzAudAddService C:\Windows\system32\drivers\RTKVHDA.sys
21:19:36.0060 1124  IntcAzAudAddService - ok
21:19:36.0138 1124  [ 83AA759F3189E6370C30DE5DC5590718 ] intelide        C:\Windows\system32\drivers\intelide.sys
21:19:36.0138 1124  intelide - ok
21:19:36.0154 1124  [ 224191001E78C89DFA78924C3EA595FF ] intelppm        C:\Windows\system32\DRIVERS\intelppm.sys
21:19:36.0185 1124  intelppm - ok
21:19:36.0216 1124  [ 9AC218C6E6105477484C6FDBE7D409A4 ] IPBusEnum       C:\Windows\system32\ipbusenum.dll
21:19:36.0263 1124  IPBusEnum - ok
21:19:36.0263 1124  [ 62C265C38769B864CB25B4BCF62DF6C3 ] IpFilterDriver  C:\Windows\system32\DRIVERS\ipfltdrv.sys
21:19:36.0294 1124  IpFilterDriver - ok
21:19:36.0325 1124  [ 1998BD97F950680BB55F55A7244679C2 ] iphlpsvc        C:\Windows\System32\iphlpsvc.dll
21:19:36.0341 1124  iphlpsvc - ok
21:19:36.0356 1124  IpInIp - ok
21:19:36.0388 1124  [ B25AAF203552B7B3491139D582B39AD1 ] IPMIDRV         C:\Windows\system32\drivers\ipmidrv.sys
21:19:36.0419 1124  IPMIDRV - ok
21:19:36.0450 1124  [ 8793643A67B42CEC66490B2A0CF92D68 ] IPNAT           C:\Windows\system32\DRIVERS\ipnat.sys
21:19:36.0466 1124  IPNAT - ok
21:19:36.0497 1124  [ 109C0DFB82C3632FBD11949B73AEEAC9 ] IRENUM          C:\Windows\system32\drivers\irenum.sys
21:19:36.0512 1124  IRENUM - ok
21:19:36.0512 1124  [ 6C70698A3E5C4376C6AB5C7C17FB0614 ] isapnp          C:\Windows\system32\drivers\isapnp.sys
21:19:36.0528 1124  isapnp - ok
21:19:36.0575 1124  [ 232FA340531D940AAC623B121A595034 ] iScsiPrt        C:\Windows\system32\DRIVERS\msiscsi.sys
21:19:36.0575 1124  iScsiPrt - ok
21:19:36.0606 1124  [ BCED60D16156E428F8DF8CF27B0DF150 ] iteatapi        C:\Windows\system32\drivers\iteatapi.sys
21:19:36.0622 1124  iteatapi - ok
21:19:36.0637 1124  [ 8BCD857C7932AD005D5F9C89329DA2E1 ] itecir          C:\Windows\system32\DRIVERS\itecir.sys
21:19:36.0668 1124  itecir - ok
21:19:36.0684 1124  [ 06FA654504A498C30ADCA8BEC4E87E7E ] iteraid         C:\Windows\system32\drivers\iteraid.sys
21:19:36.0684 1124  iteraid - ok
21:19:36.0715 1124  [ 37605E0A8CF00CBBA538E753E4344C6E ] kbdclass        C:\Windows\system32\DRIVERS\kbdclass.sys
21:19:36.0731 1124  kbdclass - ok
21:19:36.0762 1124  [ EDE59EC70E25C24581ADD1FBEC7325F7 ] kbdhid          C:\Windows\system32\DRIVERS\kbdhid.sys
21:19:36.0840 1124  kbdhid - ok
21:19:36.0871 1124  [ 27BD4AC228EF6C0D490617C32E86A672 ] kbfiltr         C:\Windows\system32\DRIVERS\kbfiltr.sys
21:19:36.0871 1124  kbfiltr - ok
21:19:36.0902 1124  [ A3E186B4B935905B829219502557314E ] KeyIso          C:\Windows\system32\lsass.exe
21:19:36.0980 1124  KeyIso - ok
21:19:36.0996 1124  [ 4A1445EFA932A3BAF5BDB02D7131EE20 ] KSecDD          C:\Windows\system32\Drivers\ksecdd.sys
21:19:37.0012 1124  KSecDD - ok
21:19:37.0058 1124  [ 8078F8F8F7A79E2E6B494523A828C585 ] KtmRm           C:\Windows\system32\msdtckrm.dll
21:19:37.0090 1124  KtmRm - ok
21:19:37.0121 1124  [ 1BF5EEBFD518DD7298434D8C862F825D ] LanmanServer    C:\Windows\system32\srvsvc.dll
21:19:37.0183 1124  LanmanServer - ok
21:19:37.0199 1124  [ 1DB69705B695B987082C8BAEC0C6B34F ] LanmanWorkstation C:\Windows\System32\wkssvc.dll
21:19:37.0277 1124  LanmanWorkstation - ok
21:19:37.0308 1124  [ D1C5883087A0C3F1344D9D55A44901F6 ] lltdio          C:\Windows\system32\DRIVERS\lltdio.sys
21:19:37.0324 1124  lltdio - ok
21:19:37.0386 1124  [ 2D5A428872F1442631D0959A34ABFF63 ] lltdsvc         C:\Windows\System32\lltdsvc.dll
21:19:37.0433 1124  lltdsvc - ok
21:19:37.0448 1124  [ 35D40113E4A5B961B6CE5C5857702518 ] lmhosts         C:\Windows\System32\lmhsvc.dll
21:19:37.0480 1124  lmhosts - ok
21:19:37.0558 1124  [ C7E15E82879BF3235B559563D4185365 ] LSI_FC          C:\Windows\system32\drivers\lsi_fc.sys
21:19:37.0573 1124  LSI_FC - ok
21:19:37.0589 1124  [ EE01EBAE8C9BF0FA072E0FF68718920A ] LSI_SAS         C:\Windows\system32\drivers\lsi_sas.sys
21:19:37.0604 1124  LSI_SAS - ok
21:19:37.0651 1124  [ 912A04696E9CA30146A62AFA1463DD5C ] LSI_SCSI        C:\Windows\system32\drivers\lsi_scsi.sys
21:19:37.0651 1124  LSI_SCSI - ok
21:19:37.0682 1124  [ 8F5C7426567798E62A3B3614965D62CC ] luafv           C:\Windows\system32\drivers\luafv.sys
21:19:37.0714 1124  luafv - ok
21:19:37.0745 1124  [ AEF9BABB8A506BC4CE0451A64AADED46 ] Mcx2Svc         C:\Windows\system32\Mcx2Svc.dll
21:19:37.0807 1124  Mcx2Svc - ok
21:19:37.0838 1124  [ 0001CE609D66632FA17B84705F658879 ] megasas         C:\Windows\system32\drivers\megasas.sys
21:19:37.0854 1124  megasas - ok
21:19:37.0885 1124  [ C252F32CD9A49DBFC25ECF26EBD51A99 ] MegaSR          C:\Windows\system32\drivers\megasr.sys
21:19:37.0901 1124  MegaSR - ok
21:19:37.0948 1124  Microsoft SharePoint Workspace Audit Service - ok
21:19:37.0979 1124  [ 1076FFCFFAAE8385FD62DFCB25AC4708 ] MMCSS           C:\Windows\system32\mmcss.dll
21:19:38.0010 1124  MMCSS - ok
21:19:38.0010 1124  [ E13B5EA0F51BA5B1512EC671393D09BA ] Modem           C:\Windows\system32\drivers\modem.sys
21:19:38.0057 1124  Modem - ok
21:19:38.0088 1124  [ 0A9BB33B56E294F686ABB7C1E4E2D8A8 ] monitor         C:\Windows\system32\DRIVERS\monitor.sys
21:19:38.0135 1124  monitor - ok
21:19:38.0182 1124  [ 5BF6A1326A335C5298477754A506D263 ] mouclass        C:\Windows\system32\DRIVERS\mouclass.sys
21:19:38.0182 1124  mouclass - ok
21:19:38.0197 1124  [ 93B8D4869E12CFBE663915502900876F ] mouhid          C:\Windows\system32\DRIVERS\mouhid.sys
21:19:38.0228 1124  mouhid - ok
21:19:38.0244 1124  [ BDAFC88AA6B92F7842416EA6A48E1600 ] MountMgr        C:\Windows\system32\drivers\mountmgr.sys
21:19:38.0244 1124  MountMgr - ok
21:19:38.0291 1124  [ 8BE15F71DE6FF33FC56DCDE7B2B9EFE8 ] MozillaMaintenance C:\Program Files\Mozilla Maintenance Service\maintenanceservice.exe
21:19:38.0306 1124  MozillaMaintenance - ok
21:19:38.0338 1124  [ 511D011289755DD9F9A7579FB0B064E6 ] mpio            C:\Windows\system32\drivers\mpio.sys
21:19:38.0353 1124  mpio - ok
21:19:38.0384 1124  [ 22241FEBA9B2DEFA669C8CB0A8DD7D2E ] mpsdrv          C:\Windows\system32\drivers\mpsdrv.sys
21:19:38.0416 1124  mpsdrv - ok
21:19:38.0447 1124  [ 5DE62C6E9108F14F6794060A9BDECAEC ] MpsSvc          C:\Windows\system32\mpssvc.dll
21:19:38.0462 1124  MpsSvc - ok
21:19:38.0494 1124  [ 4FBBB70D30FD20EC51F80061703B001E ] Mraid35x        C:\Windows\system32\drivers\mraid35x.sys
21:19:38.0509 1124  Mraid35x - ok
21:19:38.0525 1124  [ 82CEA0395524AACFEB58BA1448E8325C ] MRxDAV          C:\Windows\system32\drivers\mrxdav.sys
21:19:38.0540 1124  MRxDAV - ok
21:19:38.0572 1124  [ 1E94971C4B446AB2290DEB71D01CF0C2 ] mrxsmb          C:\Windows\system32\DRIVERS\mrxsmb.sys
21:19:38.0587 1124  mrxsmb - ok
21:19:38.0603 1124  [ 4FCCB34D793B116423209C0F8B7A3B03 ] mrxsmb10        C:\Windows\system32\DRIVERS\mrxsmb10.sys
21:19:38.0618 1124  mrxsmb10 - ok
21:19:38.0618 1124  [ C3CB1B40AD4A0124D617A1199B0B9D7C ] mrxsmb20        C:\Windows\system32\DRIVERS\mrxsmb20.sys
21:19:38.0650 1124  mrxsmb20 - ok
21:19:38.0696 1124  [ DE77526BDE93142BDC90CFA9F5CEAD36 ] msahci          C:\Windows\system32\drivers\msahci.sys
21:19:38.0712 1124  msahci - ok
21:19:38.0743 1124  [ 4468B0F385A86ECDDAF8D3CA662EC0E7 ] msdsm           C:\Windows\system32\drivers\msdsm.sys
21:19:38.0759 1124  msdsm - ok
21:19:38.0790 1124  [ FD7520CC3A80C5FC8C48852BB24C6DED ] MSDTC           C:\Windows\System32\msdtc.exe
21:19:38.0821 1124  MSDTC - ok
21:19:38.0868 1124  [ A9927F4A46B816C92F461ACB90CF8515 ] Msfs            C:\Windows\system32\drivers\Msfs.sys
21:19:38.0899 1124  Msfs - ok
21:19:38.0915 1124  [ 0F400E306F385C56317357D6DEA56F62 ] msisadrv        C:\Windows\system32\drivers\msisadrv.sys
21:19:38.0915 1124  msisadrv - ok
21:19:38.0962 1124  [ 85466C0757A23D9A9AECDC0755203CB2 ] MSiSCSI         C:\Windows\system32\iscsiexe.dll
21:19:38.0977 1124  MSiSCSI - ok
21:19:38.0977 1124  msiserver - ok
21:19:39.0008 1124  [ D8C63D34D9C9E56C059E24EC7185CC07 ] MSKSSRV         C:\Windows\system32\drivers\MSKSSRV.sys
21:19:39.0040 1124  MSKSSRV - ok
21:19:39.0055 1124  [ 1D373C90D62DDB641D50E55B9E78D65E ] MSPCLOCK        C:\Windows\system32\drivers\MSPCLOCK.sys
21:19:39.0071 1124  MSPCLOCK - ok
21:19:39.0102 1124  [ B572DA05BF4E098D4BBA3A4734FB505B ] MSPQM           C:\Windows\system32\drivers\MSPQM.sys
21:19:39.0118 1124  MSPQM - ok
21:19:39.0180 1124  [ B49456D70555DE905C311BCDA6EC6ADB ] MsRPC           C:\Windows\system32\drivers\MsRPC.sys
21:19:39.0196 1124  MsRPC - ok
21:19:39.0211 1124  [ E384487CB84BE41D09711C30CA79646C ] mssmbios        C:\Windows\system32\DRIVERS\mssmbios.sys
21:19:39.0227 1124  mssmbios - ok
21:19:39.0227 1124  [ 7199C1EEC1E4993CAF96B8C0A26BD58A ] MSTEE           C:\Windows\system32\drivers\MSTEE.sys
21:19:39.0258 1124  MSTEE - ok
21:19:39.0289 1124  [ 97AFFA9D95FFE20EEE6229BC6BE166CF ] MTsensor        C:\Windows\system32\DRIVERS\ATKACPI.sys
21:19:39.0320 1124  MTsensor - ok
21:19:39.0352 1124  [ 6A57B5733D4CB702C8EA4542E836B96C ] Mup             C:\Windows\system32\Drivers\mup.sys
21:19:39.0352 1124  Mup - ok
21:19:39.0383 1124  [ E4EAF0C5C1B41B5C83386CF212CA9584 ] napagent        C:\Windows\system32\qagentRT.dll
21:19:39.0414 1124  napagent - ok
21:19:39.0461 1124  [ 85C44FDFF9CF7E72A40DCB7EC06A4416 ] NativeWifiP     C:\Windows\system32\DRIVERS\nwifi.sys
21:19:39.0508 1124  NativeWifiP - ok
21:19:39.0617 1124  [ 1BBBF640BC0E0B750537BAECE8D66C18 ] NAUpdate        C:\Program Files\Nero\Update\NASvc.exe
21:19:39.0632 1124  NAUpdate - ok
21:19:39.0648 1124  [ E240F3204E86B7B6CCF266B2A2AD32B4 ] NBVol           C:\Windows\system32\DRIVERS\NBVol.sys
21:19:39.0648 1124  NBVol - ok
21:19:39.0664 1124  [ C0CF3CCCCE3C75F7280C89029AB47866 ] NBVolUp         C:\Windows\system32\DRIVERS\NBVolUp.sys
21:19:39.0664 1124  NBVolUp - ok
21:19:39.0695 1124  [ 1357274D1883F68300AEADD15D7BBB42 ] NDIS            C:\Windows\system32\drivers\ndis.sys
21:19:39.0726 1124  NDIS - ok
21:19:39.0742 1124  [ 0E186E90404980569FB449BA7519AE61 ] NdisTapi        C:\Windows\system32\DRIVERS\ndistapi.sys
21:19:39.0773 1124  NdisTapi - ok
21:19:39.0788 1124  [ D6973AA34C4D5D76C0430B181C3CD389 ] Ndisuio         C:\Windows\system32\DRIVERS\ndisuio.sys
21:19:39.0820 1124  Ndisuio - ok
21:19:39.0851 1124  [ 818F648618AE34F729FDB47EC68345C3 ] NdisWan         C:\Windows\system32\DRIVERS\ndiswan.sys
21:19:39.0882 1124  NdisWan - ok
21:19:39.0898 1124  [ 71DAB552B41936358F3B541AE5997FB3 ] NDProxy         C:\Windows\system32\drivers\NDProxy.sys
21:19:39.0913 1124  NDProxy - ok
21:19:39.0929 1124  [ BCD093A5A6777CF626434568DC7DBA78 ] NetBIOS         C:\Windows\system32\DRIVERS\netbios.sys
21:19:39.0944 1124  NetBIOS - ok
21:19:39.0976 1124  [ ECD64230A59CBD93C85F1CD1CAB9F3F6 ] netbt           C:\Windows\system32\DRIVERS\netbt.sys
21:19:39.0991 1124  netbt - ok
21:19:39.0991 1124  [ A3E186B4B935905B829219502557314E ] Netlogon        C:\Windows\system32\lsass.exe
21:19:40.0007 1124  Netlogon - ok
21:19:40.0038 1124  [ C8052711DAECC48B982434C5116CA401 ] Netman          C:\Windows\System32\netman.dll
21:19:40.0069 1124  Netman - ok
21:19:40.0085 1124  [ 2EF3BBE22E5A5ACD1428EE387A0D0172 ] netprofm        C:\Windows\System32\netprofm.dll
21:19:40.0132 1124  netprofm - ok
21:19:40.0194 1124  [ D6C4E4A39A36029AC0813D476FBD0248 ] NetTcpPortSharing C:\Windows\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\SMSvcHost.exe
21:19:40.0194 1124  NetTcpPortSharing - ok
21:19:40.0303 1124  [ F0C42E0CDCE558D658FA53A222B4CCB1 ] NETw5v32        C:\Windows\system32\DRIVERS\NETw5v32.sys
21:19:40.0490 1124  NETw5v32 - ok
21:19:40.0522 1124  [ 2E7FB731D4790A1BC6270ACCEFACB36E ] nfrd960         C:\Windows\system32\drivers\nfrd960.sys
21:19:40.0522 1124  nfrd960 - ok
21:19:40.0553 1124  [ 2997B15415F9BBE05B5A4C1C85E0C6A2 ] NlaSvc          C:\Windows\System32\nlasvc.dll
21:19:40.0584 1124  NlaSvc - ok
21:19:40.0615 1124  [ D36F239D7CCE1931598E8FB90A0DBC26 ] Npfs            C:\Windows\system32\drivers\Npfs.sys
21:19:40.0646 1124  Npfs - ok
21:19:40.0662 1124  [ 8BB86F0C7EEA2BDED6FE095D0B4CA9BD ] nsi             C:\Windows\system32\nsisvc.dll
21:19:40.0693 1124  nsi - ok
21:19:40.0709 1124  [ 609773E344A97410CE4EBF74A8914FCF ] nsiproxy        C:\Windows\system32\drivers\nsiproxy.sys
21:19:40.0740 1124  nsiproxy - ok
21:19:40.0771 1124  [ 6A4A98CEE84CF9E99564510DDA4BAA47 ] Ntfs            C:\Windows\system32\drivers\Ntfs.sys
21:19:40.0802 1124  Ntfs - ok
21:19:40.0849 1124  [ E875C093AEC0C978A90F30C9E0DFBB72 ] ntrigdigi       C:\Windows\system32\drivers\ntrigdigi.sys
21:19:40.0896 1124  ntrigdigi - ok
21:19:40.0943 1124  [ C5DBBCDA07D780BDA9B685DF333BB41E ] Null            C:\Windows\system32\drivers\Null.sys
21:19:40.0974 1124  Null - ok
21:19:41.0005 1124  [ 2C7AC27710E8D41C1EB7D1599187D237 ] NVHDA           C:\Windows\system32\drivers\nvhda32v.sys
21:19:41.0021 1124  NVHDA - ok
21:19:41.0177 1124  [ B5D2B15D3EBA77BEF9392FBEFB3DDDA0 ] nvlddmkm        C:\Windows\system32\DRIVERS\nvlddmkm.sys
21:19:41.0426 1124  nvlddmkm - ok
21:19:41.0473 1124  [ 2EDF9E7751554B42CBB60116DE727101 ] nvraid          C:\Windows\system32\drivers\nvraid.sys
21:19:41.0489 1124  nvraid - ok
21:19:41.0504 1124  [ ABED0C09758D1D97DB0042DBB2688177 ] nvstor          C:\Windows\system32\drivers\nvstor.sys
21:19:41.0520 1124  nvstor - ok
21:19:41.0567 1124  [ C7D36F2077360216D1DB16B1B8F5AEA3 ] nvsvc           C:\Windows\system32\nvvsvc.exe
21:19:41.0598 1124  nvsvc - ok
21:19:41.0629 1124  [ 18BBDF913916B71BD54575BDB6EEAC0B ] nv_agp          C:\Windows\system32\drivers\nv_agp.sys
21:19:41.0629 1124  nv_agp - ok
21:19:41.0645 1124  NwlnkFlt - ok
21:19:41.0645 1124  NwlnkFwd - ok
21:19:41.0676 1124  [ 6F310E890D46E246E0E261A63D9B36B4 ] ohci1394        C:\Windows\system32\DRIVERS\ohci1394.sys
21:19:41.0707 1124  ohci1394 - ok
21:19:41.0770 1124  [ 9D10F99A6712E28F8ACD5641E3A7EA6B ] ose             C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE
21:19:41.0770 1124  ose - ok
21:19:41.0894 1124  [ 358A9CCA612C68EB2F07DDAD4CE1D8D7 ] osppsvc         C:\Program Files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE
21:19:42.0082 1124  osppsvc - ok
21:19:42.0144 1124  [ 0C8E8E61AD1EB0B250B846712C917506 ] p2pimsvc        C:\Windows\system32\p2psvc.dll
21:19:42.0191 1124  p2pimsvc - ok
21:19:42.0206 1124  [ 0C8E8E61AD1EB0B250B846712C917506 ] p2psvc          C:\Windows\system32\p2psvc.dll
21:19:42.0222 1124  p2psvc - ok
21:19:42.0300 1124  [ 0FA9B5055484649D63C303FE404E5F4D ] Parport         C:\Windows\system32\drivers\parport.sys
21:19:42.0347 1124  Parport - ok
21:19:42.0394 1124  [ B9C2B89F08670E159F7181891E449CD9 ] partmgr         C:\Windows\system32\drivers\partmgr.sys
21:19:42.0394 1124  partmgr - ok
21:19:42.0409 1124  [ 4F9A6A8A31413180D0FCB279AD5D8112 ] Parvdm          C:\Windows\system32\drivers\parvdm.sys
21:19:42.0440 1124  Parvdm - ok
21:19:42.0472 1124  [ C6276AD11F4BB49B58AA1ED88537F14A ] PcaSvc          C:\Windows\System32\pcasvc.dll
21:19:42.0518 1124  PcaSvc - ok
21:19:42.0534 1124  [ 941DC1D19E7E8620F40BBC206981EFDB ] pci             C:\Windows\system32\drivers\pci.sys
21:19:42.0550 1124  pci - ok
21:19:42.0581 1124  [ FC175F5DDAB666D7F4D17449A547626F ] pciide          C:\Windows\system32\drivers\pciide.sys
21:19:42.0596 1124  pciide - ok
21:19:42.0612 1124  [ E6F3FB1B86AA519E7698AD05E58B04E5 ] pcmcia          C:\Windows\system32\drivers\pcmcia.sys
21:19:42.0628 1124  pcmcia - ok
21:19:42.0674 1124  [ 6349F6ED9C623B44B52EA3C63C831A92 ] PEAUTH          C:\Windows\system32\drivers\peauth.sys
21:19:42.0737 1124  PEAUTH - ok
21:19:42.0815 1124  [ B1689DF169143F57053F795390C99DB3 ] pla             C:\Windows\system32\pla.dll
21:19:42.0877 1124  pla - ok
21:19:42.0908 1124  [ C5E7F8A996EC0A82D508FD9064A5569E ] PlugPlay        C:\Windows\system32\umpnpmgr.dll
21:19:42.0940 1124  PlugPlay - ok
21:19:43.0002 1124  [ 0C8E8E61AD1EB0B250B846712C917506 ] PNRPAutoReg     C:\Windows\system32\p2psvc.dll
21:19:43.0018 1124  PNRPAutoReg - ok
21:19:43.0049 1124  [ 0C8E8E61AD1EB0B250B846712C917506 ] PNRPsvc         C:\Windows\system32\p2psvc.dll
21:19:43.0111 1124  PNRPsvc - ok
21:19:43.0158 1124  [ D0494460421A03CD5225CCA0059AA146 ] PolicyAgent     C:\Windows\System32\ipsecsvc.dll
21:19:43.0205 1124  PolicyAgent - ok
21:19:43.0220 1124  [ ECFFFAEC0C1ECD8DBC77F39070EA1DB1 ] PptpMiniport    C:\Windows\system32\DRIVERS\raspptp.sys
21:19:43.0252 1124  PptpMiniport - ok
21:19:43.0298 1124  [ 2027293619DD0F047C584CF2E7DF4FFD ] Processor       C:\Windows\system32\drivers\processr.sys
21:19:43.0345 1124  Processor - ok
21:19:43.0439 1124  [ 0508FAA222D28835310B7BFCA7A77346 ] ProfSvc         C:\Windows\system32\profsvc.dll
21:19:43.0454 1124  ProfSvc - ok
21:19:43.0454 1124  [ A3E186B4B935905B829219502557314E ] ProtectedStorage C:\Windows\system32\lsass.exe
21:19:43.0470 1124  ProtectedStorage - ok
21:19:43.0486 1124  [ 99514FAA8DF93D34B5589187DB3AA0BA ] PSched          C:\Windows\system32\DRIVERS\pacer.sys
21:19:43.0517 1124  PSched - ok
21:19:43.0579 1124  [ 0A6DB55AFB7820C99AA1F3A1D270F4F6 ] ql2300          C:\Windows\system32\drivers\ql2300.sys
21:19:43.0642 1124  ql2300 - ok
21:19:43.0673 1124  [ 81A7E5C076E59995D54BC1ED3A16E60B ] ql40xx          C:\Windows\system32\drivers\ql40xx.sys
21:19:43.0673 1124  ql40xx - ok
21:19:43.0720 1124  [ E9ECAE663F47E6CB43962D18AB18890F ] QWAVE           C:\Windows\system32\qwave.dll
21:19:43.0735 1124  QWAVE - ok
21:19:43.0751 1124  [ 9F5E0E1926014D17486901C88ECA2DB7 ] QWAVEdrv        C:\Windows\system32\drivers\qwavedrv.sys
21:19:43.0782 1124  QWAVEdrv - ok
21:19:43.0813 1124  [ 147D7F9C556D259924351FEB0DE606C3 ] RasAcd          C:\Windows\system32\DRIVERS\rasacd.sys
21:19:43.0844 1124  RasAcd - ok
21:19:43.0860 1124  [ F6A452EB4CEADBB51C9E0EE6B3ECEF0F ] RasAuto         C:\Windows\System32\rasauto.dll
21:19:43.0891 1124  RasAuto - ok
21:19:43.0891 1124  [ A214ADBAF4CB47DD2728859EF31F26B0 ] Rasl2tp         C:\Windows\system32\DRIVERS\rasl2tp.sys
21:19:43.0922 1124  Rasl2tp - ok
21:19:43.0938 1124  [ 75D47445D70CA6F9F894B032FBC64FCF ] RasMan          C:\Windows\System32\rasmans.dll
21:19:43.0985 1124  RasMan - ok
21:19:44.0000 1124  [ 509A98DD18AF4375E1FC40BC175F1DEF ] RasPppoe        C:\Windows\system32\DRIVERS\raspppoe.sys
21:19:44.0016 1124  RasPppoe - ok
21:19:44.0032 1124  [ 2005F4A1E05FA09389AC85840F0A9E4D ] RasSstp         C:\Windows\system32\DRIVERS\rassstp.sys
21:19:44.0047 1124  RasSstp - ok
21:19:44.0063 1124  [ B14C9D5B9ADD2F84F70570BBBFAA7935 ] rdbss           C:\Windows\system32\DRIVERS\rdbss.sys
21:19:44.0094 1124  rdbss - ok
21:19:44.0110 1124  [ 89E59BE9A564262A3FB6C4F4F1CD9899 ] RDPCDD          C:\Windows\system32\DRIVERS\RDPCDD.sys
21:19:44.0156 1124  RDPCDD - ok
21:19:44.0219 1124  [ FBC0BACD9C3D7F6956853F64A66E252D ] rdpdr           C:\Windows\system32\drivers\rdpdr.sys
21:19:44.0234 1124  rdpdr - ok
21:19:44.0234 1124  [ 9D91FE5286F748862ECFFA05F8A0710C ] RDPENCDD        C:\Windows\system32\drivers\rdpencdd.sys
21:19:44.0281 1124  RDPENCDD - ok
21:19:44.0328 1124  [ C127EBD5AFAB31524662C48DFCEB773A ] RDPWD           C:\Windows\system32\drivers\RDPWD.sys
21:19:44.0390 1124  RDPWD - ok
21:19:44.0422 1124  [ BCDD6B4804D06B1F7EBF29E53A57ECE9 ] RemoteAccess    C:\Windows\System32\mprdim.dll
21:19:44.0437 1124  RemoteAccess - ok
21:19:44.0453 1124  [ 9E6894EA18DAFF37B63E1005F83AE4AB ] RemoteRegistry  C:\Windows\system32\regsvc.dll
21:19:44.0500 1124  RemoteRegistry - ok
21:19:44.0546 1124  [ 6482707F9F4DA0ECBAB43B2E0398A101 ] RFCOMM          C:\Windows\system32\DRIVERS\rfcomm.sys
21:19:44.0593 1124  RFCOMM - ok
21:19:44.0624 1124  [ DED01A389926A89540B82373E4C550EE ] rimmptsk        C:\Windows\system32\DRIVERS\rimmptsk.sys
21:19:44.0656 1124  rimmptsk - ok
21:19:44.0671 1124  [ C398BCA91216755B098679A8DA8A2300 ] rimsptsk        C:\Windows\system32\DRIVERS\rimsptsk.sys
21:19:44.0702 1124  rimsptsk - ok
21:19:44.0718 1124  [ 2A2554CB24506E0A0508FC395C4A1B42 ] rismxdp         C:\Windows\system32\DRIVERS\rixdptsk.sys
21:19:44.0765 1124  rismxdp - ok
21:19:44.0780 1124  [ 5123F83CBC4349D065534EEB6BBDC42B ] RpcLocator      C:\Windows\system32\locator.exe
21:19:44.0812 1124  RpcLocator - ok
21:19:44.0827 1124  [ 3B5B4D53FEC14F7476CA29A20CC31AC9 ] RpcSs           C:\Windows\system32\rpcss.dll
21:19:44.0858 1124  RpcSs - ok
21:19:44.0874 1124  [ 9C508F4074A39E8B4B31D27198146FAD ] rspndr          C:\Windows\system32\DRIVERS\rspndr.sys
21:19:44.0890 1124  rspndr - ok
21:19:44.0905 1124  [ ABBE0F54BA3A378262C9CB86CF7D91F8 ] RTL8169         C:\Windows\system32\DRIVERS\Rtlh86.sys
21:19:44.0936 1124  RTL8169 - ok
21:19:44.0952 1124  [ A3E186B4B935905B829219502557314E ] SamSs           C:\Windows\system32\lsass.exe
21:19:44.0968 1124  SamSs - ok
21:19:44.0983 1124  [ 3CE8F073A557E172B330109436984E30 ] sbp2port        C:\Windows\system32\drivers\sbp2port.sys
21:19:44.0999 1124  sbp2port - ok
21:19:45.0014 1124  [ 77B7A11A0C3D78D3386398FBBEA1B632 ] SCardSvr        C:\Windows\System32\SCardSvr.dll
21:19:45.0030 1124  SCardSvr - ok
21:19:45.0061 1124  [ 1A58069DB21D05EB2AB58EE5753EBE8D ] Schedule        C:\Windows\system32\schedsvc.dll
21:19:45.0108 1124  Schedule - ok
21:19:45.0124 1124  [ 312EC3E37A0A1F2006534913E37B4423 ] SCPolicySvc     C:\Windows\System32\certprop.dll
21:19:45.0139 1124  SCPolicySvc - ok
21:19:45.0186 1124  [ 8F36B54688C31EED4580129040C6A3D3 ] sdbus           C:\Windows\system32\DRIVERS\sdbus.sys
21:19:45.0202 1124  sdbus - ok
21:19:45.0233 1124  [ 716313D9F6B0529D03F726D5AAF6F191 ] SDRSVC          C:\Windows\System32\SDRSVC.dll
21:19:45.0248 1124  SDRSVC - ok
21:19:45.0264 1124  [ 90A3935D05B494A5A39D37E71F09A677 ] secdrv          C:\Windows\system32\drivers\secdrv.sys
21:19:45.0326 1124  secdrv - ok
21:19:45.0342 1124  [ FD5199D4D8A521005E4B5EE7FE00FA9B ] seclogon        C:\Windows\system32\seclogon.dll
21:19:45.0373 1124  seclogon - ok
21:19:45.0389 1124  [ A9BBAB5759771E523F55563D6CBE140F ] SENS            C:\Windows\System32\sens.dll
21:19:45.0420 1124  SENS - ok
21:19:45.0436 1124  [ 68E44E331D46F0FB38F0863A84CD1A31 ] Serenum         C:\Windows\system32\drivers\serenum.sys
21:19:45.0482 1124  Serenum - ok
21:19:45.0514 1124  [ C70D69A918B178D3C3B06339B40C2E1B ] Serial          C:\Windows\system32\drivers\serial.sys
21:19:45.0560 1124  Serial - ok
21:19:45.0576 1124  [ 8AF3D28A879BF75DB53A0EE7A4289624 ] sermouse        C:\Windows\system32\drivers\sermouse.sys
21:19:45.0607 1124  sermouse - ok
21:19:45.0638 1124  [ D2193326F729B163125610DBF3E17D57 ] SessionEnv      C:\Windows\system32\sessenv.dll
21:19:45.0670 1124  SessionEnv - ok
21:19:45.0670 1124  [ 3EFA810BDCA87F6ECC24F9832243FE86 ] sffdisk         C:\Windows\system32\drivers\sffdisk.sys
21:19:45.0685 1124  sffdisk - ok
21:19:45.0716 1124  [ E95D451F7EA3E583AEC75F3B3EE42DC5 ] sffp_mmc        C:\Windows\system32\drivers\sffp_mmc.sys
21:19:45.0763 1124  sffp_mmc - ok
21:19:45.0779 1124  [ 3D0EA348784B7AC9EA9BD9F317980979 ] sffp_sd         C:\Windows\system32\drivers\sffp_sd.sys
21:19:45.0794 1124  sffp_sd - ok
21:19:45.0794 1124  [ C33BFBD6E9E41FCD9FFEF9729E9FAED6 ] sfloppy         C:\Windows\system32\DRIVERS\sfloppy.sys
21:19:45.0826 1124  sfloppy - ok
21:19:45.0857 1124  [ E1499BD0FF76B1B2FBBF1AF339D91165 ] SharedAccess    C:\Windows\System32\ipnathlp.dll
21:19:45.0888 1124  SharedAccess - ok
21:19:45.0935 1124  [ C7230FBEE14437716701C15BE02C27B8 ] ShellHWDetection C:\Windows\System32\shsvcs.dll
21:19:45.0950 1124  ShellHWDetection - ok
21:19:45.0982 1124  [ 1D76624A09A054F682D746B924E2DBC3 ] sisagp          C:\Windows\system32\drivers\sisagp.sys
21:19:45.0997 1124  sisagp - ok
21:19:46.0044 1124  [ 43CB7AA756C7DB280D01DA9B676CFDE2 ] SiSRaid2        C:\Windows\system32\drivers\sisraid2.sys
21:19:46.0060 1124  SiSRaid2 - ok
21:19:46.0075 1124  [ A99C6C8B0BAA970D8AA59DDC50B57F94 ] SiSRaid4        C:\Windows\system32\drivers\sisraid4.sys
21:19:46.0091 1124  SiSRaid4 - ok
21:19:46.0184 1124  [ 862BB4CBC05D80C5B45BE430E5EF872F ] slsvc           C:\Windows\system32\SLsvc.exe
21:19:46.0387 1124  slsvc - ok
21:19:46.0418 1124  [ 6EDC422215CD78AA8A9CDE6B30ABBD35 ] SLUINotify      C:\Windows\system32\SLUINotify.dll
21:19:46.0450 1124  SLUINotify - ok
21:19:46.0481 1124  [ 7B75299A4D201D6A6533603D6914AB04 ] Smb             C:\Windows\system32\DRIVERS\smb.sys
21:19:46.0496 1124  Smb - ok
21:19:46.0559 1124  [ C8A58FC905C9184FA70E37F71060C64D ] smserial        C:\Windows\system32\DRIVERS\smserial.sys
21:19:46.0652 1124  smserial - ok
21:19:46.0684 1124  [ 2A146A055B4401C16EE62D18B8E2A032 ] SNMPTRAP        C:\Windows\System32\snmptrap.exe
21:19:46.0715 1124  SNMPTRAP - ok
21:19:46.0762 1124  [ A709DFA1674C1ED61EF7B5F29B38EEB1 ] SNP2UVC         C:\Windows\system32\DRIVERS\snp2uvc.sys
21:19:46.0871 1124  SNP2UVC - ok
21:19:46.0886 1124  [ 7AEBDEEF071FE28B0EEF2CDD69102BFF ] spldr           C:\Windows\system32\drivers\spldr.sys
21:19:46.0902 1124  spldr - ok
21:19:46.0918 1124  [ 8554097E5136C3BF9F69FE578A1B35F4 ] Spooler         C:\Windows\System32\spoolsv.exe
21:19:46.0949 1124  Spooler - ok
21:19:46.0980 1124  [ 41987F9FC0E61ADF54F581E15029AD91 ] srv             C:\Windows\system32\DRIVERS\srv.sys
21:19:47.0011 1124  srv - ok
21:19:47.0042 1124  [ FF33AFF99564B1AA534F58868CBE41EF ] srv2            C:\Windows\system32\DRIVERS\srv2.sys
21:19:47.0089 1124  srv2 - ok
21:19:47.0120 1124  [ 7605C0E1D01A08F3ECD743F38B834A44 ] srvnet          C:\Windows\system32\DRIVERS\srvnet.sys
21:19:47.0152 1124  srvnet - ok
21:19:47.0183 1124  [ 64E44ACD8C238FCBBB78F0BA4BDC4B05 ] ssadbus         C:\Windows\system32\DRIVERS\ssadbus.sys
21:19:47.0230 1124  ssadbus - ok
21:19:47.0276 1124  [ BB2C84A15C765DA89FD832B0E73F26CE ] ssadmdfl        C:\Windows\system32\DRIVERS\ssadmdfl.sys
21:19:47.0292 1124  ssadmdfl - ok
21:19:47.0370 1124  [ 6D0D132DDC6F43EDA00DCED6D8B1CA31 ] ssadmdm         C:\Windows\system32\DRIVERS\ssadmdm.sys
21:19:47.0386 1124  ssadmdm - ok
21:19:47.0417 1124  [ 03D50B37234967433A5EA5BA72BC0B62 ] SSDPSRV         C:\Windows\System32\ssdpsrv.dll
21:19:47.0448 1124  SSDPSRV - ok
21:19:47.0479 1124  [ A36EE93698802CD899F98BFD553D8185 ] ssmdrv          C:\Windows\system32\DRIVERS\ssmdrv.sys
21:19:47.0495 1124  ssmdrv - ok
21:19:47.0495 1124  [ 6F1A32E7B7B30F004D9A20AFADB14944 ] SstpSvc         C:\Windows\system32\sstpsvc.dll
21:19:47.0510 1124  SstpSvc - ok
21:19:47.0557 1124  [ 5DE7D67E49B88F5F07F3E53C4B92A352 ] stisvc          C:\Windows\System32\wiaservc.dll
21:19:47.0573 1124  stisvc - ok
21:19:47.0604 1124  [ 7BA58ECF0C0A9A69D44B3DCA62BECF56 ] swenum          C:\Windows\system32\DRIVERS\swenum.sys
21:19:47.0620 1124  swenum - ok
21:19:47.0651 1124  [ F21FD248040681CCA1FB6C9A03AAA93D ] swprv           C:\Windows\System32\swprv.dll
21:19:47.0666 1124  swprv - ok
21:19:47.0698 1124  [ 192AA3AC01DF071B541094F251DEED10 ] Symc8xx         C:\Windows\system32\drivers\symc8xx.sys
21:19:47.0713 1124  Symc8xx - ok
21:19:47.0729 1124  [ 8C8EB8C76736EBAF3B13B633B2E64125 ] Sym_hi          C:\Windows\system32\drivers\sym_hi.sys
21:19:47.0744 1124  Sym_hi - ok
21:19:47.0760 1124  [ 8072AF52B5FD103BBBA387A1E49F62CB ] Sym_u3          C:\Windows\system32\drivers\sym_u3.sys
21:19:47.0760 1124  Sym_u3 - ok
21:19:47.0791 1124  [ BE78198C69135EF1FA157E08FD5C90FF ] SynTP           C:\Windows\system32\DRIVERS\SynTP.sys
21:19:47.0807 1124  SynTP - ok
21:19:47.0838 1124  [ 9A51B04E9886AA4EE90093586B0BA88D ] SysMain         C:\Windows\system32\sysmain.dll
21:19:47.0885 1124  SysMain - ok
21:19:47.0900 1124  [ 2DCA225EAE15F42C0933E998EE0231C3 ] TabletInputService C:\Windows\System32\TabSvc.dll
21:19:47.0916 1124  TabletInputService - ok
21:19:47.0932 1124  [ D7673E4B38CE21EE54C59EEEB65E2483 ] TapiSrv         C:\Windows\System32\tapisrv.dll
21:19:47.0963 1124  TapiSrv - ok
21:19:47.0978 1124  [ CB05822CD9CC6C688168E113C603DBE7 ] TBS             C:\Windows\System32\tbssvc.dll
21:19:48.0010 1124  TBS - ok
21:19:48.0041 1124  [ 27D470DABC77BC60D0A3B0E4DEB6CB91 ] Tcpip           C:\Windows\system32\drivers\tcpip.sys
21:19:48.0072 1124  Tcpip - ok
21:19:48.0103 1124  [ 27D470DABC77BC60D0A3B0E4DEB6CB91 ] Tcpip6          C:\Windows\system32\DRIVERS\tcpip.sys
21:19:48.0134 1124  Tcpip6 - ok
21:19:48.0166 1124  [ 608C345A255D82A6289C2D468EB41FD7 ] tcpipreg        C:\Windows\system32\drivers\tcpipreg.sys
21:19:48.0212 1124  tcpipreg - ok
21:19:48.0259 1124  [ 5DCF5E267BE67A1AE926F2DF77FBCC56 ] TDPIPE          C:\Windows\system32\drivers\tdpipe.sys
21:19:48.0290 1124  TDPIPE - ok
21:19:48.0306 1124  [ 389C63E32B3CEFED425B61ED92D3F021 ] TDTCP           C:\Windows\system32\drivers\tdtcp.sys
21:19:48.0322 1124  TDTCP - ok
21:19:48.0337 1124  [ 76B06EB8A01FC8624D699E7045303E54 ] tdx             C:\Windows\system32\DRIVERS\tdx.sys
21:19:48.0384 1124  tdx - ok
21:19:48.0415 1124  [ 3CAD38910468EAB9A6479E2F01DB43C7 ] TermDD          C:\Windows\system32\DRIVERS\termdd.sys
21:19:48.0431 1124  TermDD - ok
21:19:48.0462 1124  [ BB95DA09BEF6E7A131BFF3BA5032090D ] TermService     C:\Windows\System32\termsrv.dll
21:19:48.0493 1124  TermService - ok
21:19:48.0509 1124  [ C7230FBEE14437716701C15BE02C27B8 ] Themes          C:\Windows\system32\shsvcs.dll
21:19:48.0524 1124  Themes - ok
21:19:48.0540 1124  [ 1076FFCFFAAE8385FD62DFCB25AC4708 ] THREADORDER     C:\Windows\system32\mmcss.dll
21:19:48.0571 1124  THREADORDER - ok
21:19:48.0618 1124  [ EC74E77D0EB004BD3A809B5F8FB8C2CE ] TrkWks          C:\Windows\System32\trkwks.dll
21:19:48.0649 1124  TrkWks - ok
21:19:48.0696 1124  [ 97D9D6A04E3AD9B6C626B9931DB78DBA ] TrustedInstaller C:\Windows\servicing\TrustedInstaller.exe
21:19:48.0727 1124  TrustedInstaller - ok
21:19:48.0758 1124  [ DCF0F056A2E4F52287264F5AB29CF206 ] tssecsrv        C:\Windows\system32\DRIVERS\tssecsrv.sys
21:19:48.0774 1124  tssecsrv - ok
21:19:48.0805 1124  [ CAECC0120AC49E3D2F758B9169872D38 ] tunmp           C:\Windows\system32\DRIVERS\tunmp.sys
21:19:48.0821 1124  tunmp - ok
21:19:48.0836 1124  [ 300DB877AC094FEAB0BE7688C3454A9C ] tunnel          C:\Windows\system32\DRIVERS\tunnel.sys
21:19:48.0868 1124  tunnel - ok
21:19:48.0883 1124  [ 7D33C4DB2CE363C8518D2DFCF533941F ] uagp35          C:\Windows\system32\drivers\uagp35.sys
21:19:48.0899 1124  uagp35 - ok
21:19:48.0930 1124  [ D9728AF68C4C7693CB100B8441CBDEC6 ] udfs            C:\Windows\system32\DRIVERS\udfs.sys
21:19:48.0946 1124  udfs - ok
21:19:48.0992 1124  [ ECEF404F62863755951E09C802C94AD5 ] UI0Detect       C:\Windows\system32\UI0Detect.exe
21:19:49.0008 1124  UI0Detect - ok
21:19:49.0039 1124  [ B0ACFDC9E4AF279E9116C03E014B2B27 ] uliagpkx        C:\Windows\system32\drivers\uliagpkx.sys
21:19:49.0055 1124  uliagpkx - ok
21:19:49.0070 1124  [ 9224BB254F591DE4CA8D572A5F0D635C ] uliahci         C:\Windows\system32\drivers\uliahci.sys
21:19:49.0086 1124  uliahci - ok
21:19:49.0102 1124  [ 8514D0E5CD0534467C5FC61BE94A569F ] UlSata          C:\Windows\system32\drivers\ulsata.sys
21:19:49.0117 1124  UlSata - ok
21:19:49.0133 1124  [ 38C3C6E62B157A6BC46594FADA45C62B ] ulsata2         C:\Windows\system32\drivers\ulsata2.sys
21:19:49.0148 1124  ulsata2 - ok
21:19:49.0180 1124  [ 32CFF9F809AE9AED85464492BF3E32D2 ] umbus           C:\Windows\system32\DRIVERS\umbus.sys
21:19:49.0195 1124  umbus - ok
21:19:49.0211 1124  [ 68308183F4AE0BE7BF8ECD07CB297999 ] upnphost        C:\Windows\System32\upnphost.dll
21:19:49.0242 1124  upnphost - ok
21:19:49.0273 1124  [ CAF811AE4C147FFCD5B51750C7F09142 ] usbccgp         C:\Windows\system32\DRIVERS\usbccgp.sys
21:19:49.0320 1124  usbccgp - ok
21:19:49.0382 1124  [ E9476E6C486E76BC4898074768FB7131 ] usbcir          C:\Windows\system32\drivers\usbcir.sys
21:19:49.0445 1124  usbcir - ok
21:19:49.0476 1124  [ 79E96C23A97CE7B8F14D310DA2DB0C9B ] usbehci         C:\Windows\system32\DRIVERS\usbehci.sys
21:19:49.0523 1124  usbehci - ok
21:19:49.0554 1124  [ 4673BBCB006AF60E7ABDDBE7A130BA42 ] usbhub          C:\Windows\system32\DRIVERS\usbhub.sys
21:19:49.0585 1124  usbhub - ok
21:19:49.0616 1124  [ 38DBC7DD6CC5A72011F187425384388B ] usbohci         C:\Windows\system32\drivers\usbohci.sys
21:19:49.0648 1124  usbohci - ok
21:19:49.0663 1124  [ B51E52ACF758BE00EF3A58EA452FE360 ] usbprint        C:\Windows\system32\drivers\usbprint.sys
21:19:49.0726 1124  usbprint - ok
21:19:49.0757 1124  [ BE3DA31C191BC222D9AD503C5224F2AD ] USBSTOR         C:\Windows\system32\DRIVERS\USBSTOR.SYS
21:19:49.0804 1124  USBSTOR - ok
21:19:49.0819 1124  [ 814D653EFC4D48BE3B04A307ECEFF56F ] usbuhci         C:\Windows\system32\DRIVERS\usbuhci.sys
21:19:49.0850 1124  usbuhci - ok
21:19:49.0897 1124  [ E67998E8F14CB0627A769F6530BCB352 ] usbvideo        C:\Windows\system32\Drivers\usbvideo.sys
21:19:49.0928 1124  usbvideo - ok
21:19:49.0960 1124  [ 1509E705F3AC1D474C92454A5C2DD81F ] UxSms           C:\Windows\System32\uxsms.dll
21:19:49.0975 1124  UxSms - ok
21:19:50.0006 1124  [ CD88D1B7776DC17A119049742EC07EB4 ] vds             C:\Windows\System32\vds.exe
21:19:50.0038 1124  vds - ok
21:19:50.0069 1124  [ 87B06E1F30B749A114F74622D013F8D4 ] vga             C:\Windows\system32\DRIVERS\vgapnp.sys
21:19:50.0116 1124  vga - ok
21:19:50.0162 1124  [ 2E93AC0A1D8C79D019DB6C51F036636C ] VgaSave         C:\Windows\System32\drivers\vga.sys
21:19:50.0178 1124  VgaSave - ok
21:19:50.0194 1124  [ 5D7159DEF58A800D5781BA3A879627BC ] viaagp          C:\Windows\system32\drivers\viaagp.sys
21:19:50.0209 1124  viaagp - ok
21:19:50.0225 1124  [ C4F3A691B5BAD343E6249BD8C2D45DEE ] ViaC7           C:\Windows\system32\drivers\viac7.sys
21:19:50.0240 1124  ViaC7 - ok
21:19:50.0272 1124  [ AADF5587A4063F52C2C3FED7887426FC ] viaide          C:\Windows\system32\drivers\viaide.sys
21:19:50.0287 1124  viaide - ok
21:19:50.0303 1124  [ 69503668AC66C77C6CD7AF86FBDF8C43 ] volmgr          C:\Windows\system32\drivers\volmgr.sys
21:19:50.0303 1124  volmgr - ok
21:19:50.0334 1124  [ 23E41B834759917BFD6B9A0D625D0C28 ] volmgrx         C:\Windows\system32\drivers\volmgrx.sys
21:19:50.0350 1124  volmgrx - ok
21:19:50.0365 1124  [ 147281C01FCB1DF9252DE2A10D5E7093 ] volsnap         C:\Windows\system32\drivers\volsnap.sys
21:19:50.0365 1124  volsnap - ok
21:19:50.0381 1124  [ 587253E09325E6BF226B299774B728A9 ] vsmraid         C:\Windows\system32\drivers\vsmraid.sys
21:19:50.0396 1124  vsmraid - ok
21:19:50.0443 1124  [ DB3D19F850C6EB32BDCB9BC0836ACDDB ] VSS             C:\Windows\system32\vssvc.exe
21:19:50.0506 1124  VSS - ok
21:19:50.0568 1124  [ 96EA68B9EB310A69C25EBB0282B2B9DE ] W32Time         C:\Windows\system32\w32time.dll
21:19:50.0599 1124  W32Time - ok
21:19:50.0615 1124  [ 48DFEE8F1AF7C8235D4E626F0C4FE031 ] WacomPen        C:\Windows\system32\drivers\wacompen.sys
21:19:50.0646 1124  WacomPen - ok
21:19:50.0677 1124  [ 55201897378CCA7AF8B5EFD874374A26 ] Wanarp          C:\Windows\system32\DRIVERS\wanarp.sys
21:19:50.0708 1124  Wanarp - ok
21:19:50.0708 1124  [ 55201897378CCA7AF8B5EFD874374A26 ] Wanarpv6        C:\Windows\system32\DRIVERS\wanarp.sys
21:19:50.0724 1124  Wanarpv6 - ok
21:19:50.0755 1124  [ A3CD60FD826381B49F03832590E069AF ] wcncsvc         C:\Windows\System32\wcncsvc.dll
21:19:50.0786 1124  wcncsvc - ok
21:19:50.0802 1124  [ 11BCB7AFCDD7AADACB5746F544D3A9C7 ] WcsPlugInService C:\Windows\System32\WcsPlugInService.dll
21:19:50.0818 1124  WcsPlugInService - ok
21:19:50.0849 1124  [ 78FE9542363F297B18C027B2D7E7C07F ] Wd              C:\Windows\system32\drivers\wd.sys
21:19:50.0864 1124  Wd - ok
21:19:50.0896 1124  [ B6F0A7AD6D4BD325FBCD8BAC96CD8D96 ] Wdf01000        C:\Windows\system32\drivers\Wdf01000.sys
21:19:50.0911 1124  Wdf01000 - ok
21:19:50.0927 1124  [ ABFC76B48BB6C96E3338D8943C5D93B5 ] WdiServiceHost  C:\Windows\system32\wdi.dll
21:19:50.0942 1124  WdiServiceHost - ok
21:19:50.0942 1124  [ ABFC76B48BB6C96E3338D8943C5D93B5 ] WdiSystemHost   C:\Windows\system32\wdi.dll
21:19:50.0974 1124  WdiSystemHost - ok
21:19:50.0989 1124  [ 04C37D8107320312FBAE09926103D5E2 ] WebClient       C:\Windows\System32\webclnt.dll
21:19:51.0020 1124  WebClient - ok
21:19:51.0036 1124  [ AE3736E7E8892241C23E4EBBB7453B60 ] Wecsvc          C:\Windows\system32\wecsvc.dll
21:19:51.0052 1124  Wecsvc - ok
21:19:51.0083 1124  [ 670FF720071ED741206D69BD995EA453 ] wercplsupport   C:\Windows\System32\wercplsupport.dll
21:19:51.0098 1124  wercplsupport - ok
21:19:51.0130 1124  [ 32B88481D3B326DA6DEB07B1D03481E7 ] WerSvc          C:\Windows\System32\WerSvc.dll
21:19:51.0145 1124  WerSvc - ok
21:19:51.0192 1124  [ 4575AA12561C5648483403541D0D7F2B ] WinDefend       C:\Program Files\Windows Defender\mpsvc.dll
21:19:51.0208 1124  WinDefend - ok
21:19:51.0208 1124  WinHttpAutoProxySvc - ok
21:19:51.0254 1124  [ 6B2A1D0E80110E3D04E6863C6E62FD8A ] Winmgmt         C:\Windows\system32\wbem\WMIsvc.dll
21:19:51.0270 1124  Winmgmt - ok
21:19:51.0317 1124  [ 7CFE68BDC065E55AA5E8421607037511 ] WinRM           C:\Windows\system32\WsmSvc.dll
21:19:51.0442 1124  WinRM - ok
21:19:51.0473 1124  [ C008405E4FEEB069E30DA1D823910234 ] Wlansvc         C:\Windows\System32\wlansvc.dll
21:19:51.0551 1124  Wlansvc - ok
21:19:51.0613 1124  [ FB01D4AE207B9EFDBABFC55DC95C7E31 ] wlidsvc         C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
21:19:51.0676 1124  wlidsvc - ok
21:19:51.0754 1124  [ 2E7255D172DF0B8283CDFB7B433B864E ] WmiAcpi         C:\Windows\system32\DRIVERS\wmiacpi.sys
21:19:51.0785 1124  WmiAcpi - ok
21:19:51.0800 1124  [ 43BE3875207DCB62A85C8C49970B66CC ] wmiApSrv        C:\Windows\system32\wbem\WmiApSrv.exe
21:19:51.0832 1124  wmiApSrv - ok
21:19:51.0894 1124  [ 3978704576A121A9204F8CC49A301A9B ] WMPNetworkSvc   C:\Program Files\Windows Media Player\wmpnetwk.exe
21:19:51.0941 1124  WMPNetworkSvc - ok
21:19:51.0972 1124  [ CFC5A04558F5070CEE3E3A7809F3FF52 ] WPCSvc          C:\Windows\System32\wpcsvc.dll
21:19:52.0019 1124  WPCSvc - ok
21:19:52.0050 1124  [ 801FBDB89D472B3C467EB112A0FC9246 ] WPDBusEnum      C:\Windows\system32\wpdbusenum.dll
21:19:52.0081 1124  WPDBusEnum - ok
21:19:52.0159 1124  [ DE9D36F91A4DF3D911626643DEBF11EA ] WpdUsb          C:\Windows\system32\DRIVERS\wpdusb.sys
21:19:52.0175 1124  WpdUsb - ok
21:19:52.0268 1124  [ DCF3E3EDF5109EE8BC02FE6E1F045795 ] WPFFontCache_v0400 C:\Windows\Microsoft.NET\Framework\v4.0.30319\WPF\WPFFontCache_v0400.exe
21:19:52.0300 1124  WPFFontCache_v0400 - ok
21:19:52.0300 1124  [ E3A3CB253C0EC2494D4A61F5E43A389C ] ws2ifsl         C:\Windows\system32\drivers\ws2ifsl.sys
21:19:52.0331 1124  ws2ifsl - ok
21:19:52.0362 1124  [ 1CA6C40261DDC0425987980D0CD2AAAB ] wscsvc          C:\Windows\System32\wscsvc.dll
21:19:52.0378 1124  wscsvc - ok
21:19:52.0424 1124  [ 4422AC5ED8D4C2F0DB63E71D4C069DD7 ] WSDPrintDevice  C:\Windows\system32\DRIVERS\WSDPrint.sys
21:19:52.0456 1124  WSDPrintDevice - ok
21:19:52.0502 1124  [ 65D1FF8AAFF4A7D8F787A290E5087816 ] WSDScan         C:\Windows\system32\DRIVERS\WSDScan.sys
21:19:52.0518 1124  WSDScan - ok
21:19:52.0534 1124  WSearch - ok
21:19:52.0612 1124  [ FC3EC24FCE372C89423E015A2AC1A31E ] wuauserv        C:\Windows\system32\wuaueng.dll
21:19:52.0705 1124  wuauserv - ok
21:19:52.0752 1124  [ AC13CB789D93412106B0FB6C7EB2BCB6 ] WUDFRd          C:\Windows\system32\DRIVERS\WUDFRd.sys
21:19:52.0768 1124  WUDFRd - ok
21:19:52.0814 1124  [ 575A4190D989F64732119E4114045A4F ] wudfsvc         C:\Windows\System32\WUDFSvc.dll
21:19:52.0846 1124  wudfsvc - ok
21:19:52.0877 1124  [ A640C90B007762939507C28A021BE3B3 ] xusb21          C:\Windows\system32\DRIVERS\xusb21.sys
21:19:52.0892 1124  xusb21 - ok
21:19:52.0924 1124  [ 7D1F3B131D503EF43EE594B5A2B9B427 ] yukonwlh        C:\Windows\system32\DRIVERS\yk60x86.sys
21:19:52.0970 1124  yukonwlh - ok
21:19:52.0986 1124  ================ Scan global ===============================
21:19:53.0017 1124  [ F31EEBC1A1C81FD04005489CC3DCDFE7 ] C:\Windows\system32\basesrv.dll
21:19:53.0064 1124  [ D2293B069E4B63DC17B2F08D45E71124 ] C:\Windows\system32\winsrv.dll
21:19:53.0064 1124  [ D2293B069E4B63DC17B2F08D45E71124 ] C:\Windows\system32\winsrv.dll
21:19:53.0095 1124  [ D4E6D91C1349B7BFB3599A6ADA56851B ] C:\Windows\system32\services.exe
21:19:53.0095 1124  [Global] - ok
21:19:53.0095 1124  ================ Scan MBR ==================================
21:19:53.0111 1124  [ 64B1E91C5C6C2157642651010728F90F ] \Device\Harddisk0\DR0
21:19:53.0579 1124  \Device\Harddisk0\DR0 - ok
21:19:53.0579 1124  ================ Scan VBR ==================================
21:19:53.0579 1124  [ EFAE6A1E8BA3080A2E6C34DD74E8C517 ] \Device\Harddisk0\DR0\Partition1
21:19:53.0579 1124  \Device\Harddisk0\DR0\Partition1 - ok
21:19:53.0579 1124  ============================================================
21:19:53.0579 1124  Scan finished
21:19:53.0579 1124  ============================================================
21:19:53.0579 9608  Detected object count: 2
21:19:53.0579 9608  Actual detected object count: 2
21:20:06.0324 9608  ASLDRService ( UnsignedFile.Multi.Generic ) - skipped by user
21:20:06.0324 9608  ASLDRService ( UnsignedFile.Multi.Generic ) - User select action: Skip 
21:20:06.0324 9608  ATKGFNEXSrv ( UnsignedFile.Multi.Generic ) - skipped by user
21:20:06.0324 9608  ATKGFNEXSrv ( UnsignedFile.Multi.Generic ) - User select action: Skip
         

Alt 19.11.2012, 21:55   #7
cosinus
/// Winkelfunktion
/// TB-Süch-Tiger™
 
TR/Spy.Banker.Gen8 - Standard

TR/Spy.Banker.Gen8



Dann bitte jetzt CF ausführen:

ComboFix

Ein Leitfaden und Tutorium zur Nutzung von ComboFix
  • Schliesse alle Programme, vor allem dein Antivirenprogramm und andere Hintergrundwächter sowie deinen Internetbrowser.
  • Starte combofix.exe von deinem Desktop aus, bestätige die Warnmeldungen, führe die Updates durch (falls vorgeschlagen), installiere die Wiederherstellungskonsole (falls vorgeschlagen) und lass dein System durchsuchen.
    Vermeide es auch während Combofix läuft die Maus und Tastatur zu benutzen.
  • Im Anschluss öffnet sich automatisch eine combofix.txt, diesen Inhalt bitte kopieren ([Strg]a, [Strg]c) und in deinen Beitrag einfügen ([Strg]v). Die Datei findest du außerdem unter: C:\ComboFix.txt.
Wichtiger Hinweis:
Combofix darf ausschließlich ausgeführt werden, wenn ein Kompetenzler dies ausdrücklich empfohlen hat!

Es sollte nie auf eigene Initiative hin ausgeführt werden! Eine falsche Benutzung kann ernsthafte Computerprobleme nach sich ziehen und eine Bereinigung der Infektion noch erschweren.

Solltest du nach der Ausführung von Combofix Probleme beim Starten von Anwendungen haben und Meldungen erhalten wie

Zitat:
Es wurde versucht, einen Registrierungsschlüssel einem ungültigen Vorgang zu unterziehen, der zum Löschen markiert wurde.
startest du Windows dann manuell neu und die Fehlermeldungen sollten nicht mehr auftauchen.
__________________
Logfiles bitte immer in CODE-Tags posten

Alt 20.11.2012, 19:55   #8
fandingo
 
TR/Spy.Banker.Gen8 - Standard

TR/Spy.Banker.Gen8



Combofix Logfile:
Code:
ATTFilter
ComboFix 12-11-20.02 - Matthias 20.11.2012  19:34:37.1.2 - x86
Microsoft® Windows Vista™ Home Premium   6.0.6002.2.1252.49.1031.18.3070.1900 [GMT 1:00]
ausgeführt von:: c:\users\Matthias\Desktop\ComboFix.exe
AV: Avira Desktop *Disabled/Updated* {F67B4DE5-C0B4-6C3F-0EFF-6C83BD5D0C2C}
SP: Avira Desktop *Disabled/Updated* {4D1AAC01-E68E-63B1-344F-57F1C6DA4691}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
.
((((((((((((((((((((((((((((((((((((   Weitere Löschungen   ))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\users\Matthias\AppData\Roaming\8wrvuf1v.default.tmp
c:\users\Matthias\AppData\Roaming\AcroIEHelpe.txt
c:\users\Matthias\AppData\Roaming\srvblck5.tmp
c:\windows\system32\muzapp.exe
c:\windows\system32\System32\MASetupCleaner.exe
c:\windows\system32\System32\muzapp.exe
.
.
(((((((((((((((((((((((   Dateien erstellt von 2012-10-20 bis 2012-11-20  ))))))))))))))))))))))))))))))
.
.
2012-11-20 18:45 . 2012-11-20 18:45	--------	d-----w-	c:\users\Matthias\AppData\Local\temp
2012-11-20 18:45 . 2012-11-20 18:45	--------	d-----w-	c:\users\Default\AppData\Local\temp
2012-11-15 17:39 . 2012-11-15 17:39	--------	d-----w-	c:\users\Matthias\AppData\Roaming\Malwarebytes
2012-11-15 17:39 . 2012-11-15 17:39	--------	d-----w-	c:\programdata\Malwarebytes
2012-11-15 17:39 . 2012-09-29 18:54	22856	----a-w-	c:\windows\system32\drivers\mbam.sys
2012-11-15 17:39 . 2012-11-15 17:39	--------	d-----w-	c:\program files\Malwarebytes' Anti-Malware
2012-11-15 17:30 . 2012-11-15 17:30	--------	d-----w-	c:\users\Matthias\AppData\Roaming\Avira
2012-11-15 17:14 . 2012-11-16 15:49	83432	----a-w-	c:\windows\system32\drivers\avgntflt.sys
2012-11-15 17:14 . 2012-11-16 15:49	36552	----a-w-	c:\windows\system32\drivers\avkmgr.sys
2012-11-15 17:14 . 2012-11-16 15:49	133824	----a-w-	c:\windows\system32\drivers\avipbb.sys
2012-11-15 17:14 . 2012-11-15 17:14	--------	d-----w-	c:\programdata\Avira
2012-11-15 17:14 . 2012-11-15 17:14	--------	d-----w-	c:\program files\Avira
2012-11-15 16:58 . 2012-11-15 16:58	--------	d-----w-	c:\users\Matthias\AppData\Roaming\16001.010
2012-11-14 21:28 . 2012-11-14 21:28	--------	d-----w-	c:\programdata\qlquqeaxzjyjgnv
2012-11-14 20:03 . 2012-10-12 14:29	2047488	----a-w-	c:\windows\system32\win32k.sys
2012-11-14 20:03 . 2012-09-25 16:19	75776	----a-w-	c:\windows\system32\synceng.dll
2012-11-14 15:28 . 2012-10-17 00:32	6918632	----a-w-	c:\programdata\Microsoft\Windows Defender\Definition Updates\{22B4ED7C-7C35-4A97-A15A-99156D1E6FDF}\mpengine.dll
2012-11-11 23:53 . 2012-11-12 00:33	--------	d-----w-	c:\users\Matthias\AppData\Roaming\UAs
2012-11-09 14:39 . 2012-11-09 14:39	--------	d-----w-	c:\users\Matthias\AppData\Roaming\16001.009
2012-11-09 14:39 . 2012-11-15 17:28	--------	d-----w-	c:\users\Matthias\AppData\Roaming\xmldm
2012-11-09 14:39 . 2012-11-09 14:39	--------	d-----w-	c:\users\Matthias\AppData\Roaming\kock
2012-11-04 21:54 . 2012-11-04 21:54	--------	d-----w-	c:\program files\WEB.DE MailCheck
2012-10-31 22:29 . 2012-10-31 22:29	--------	d-----w-	c:\program files\7-Zip
2012-10-28 13:08 . 2012-10-28 13:08	--------	d-----w-	c:\users\Matthias\AppData\Roaming\Media Player Classic
2012-10-28 13:07 . 2012-10-28 13:07	--------	d-----w-	c:\program files\MPC-HC
2012-10-27 12:51 . 2012-10-27 12:51	--------	d-----w-	c:\users\Matthias\dwhelper
.
.
.
((((((((((((((((((((((((((((((((((((   Find3M Bericht   ))))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2012-10-11 17:20 . 2012-04-28 06:38	73656	----a-w-	c:\windows\system32\FlashPlayerCPLApp.cpl
2012-10-11 17:20 . 2012-04-28 06:38	696760	----a-w-	c:\windows\system32\FlashPlayerApp.exe
2012-09-13 13:28 . 2012-10-09 19:13	2048	----a-w-	c:\windows\system32\tzres.dll
2012-08-31 06:00 . 2012-08-31 06:00	93672	----a-w-	c:\windows\system32\WindowsAccessBridge.dll
2012-08-31 06:00 . 2012-08-26 13:26	821736	----a-w-	c:\windows\system32\npDeployJava1.dll
2012-08-31 06:00 . 2012-04-30 17:01	746984	----a-w-	c:\windows\system32\deployJava1.dll
2012-08-29 11:27 . 2012-10-09 19:13	3602816	----a-w-	c:\windows\system32\ntkrnlpa.exe
2012-08-29 11:27 . 2012-10-09 19:13	3550080	----a-w-	c:\windows\system32\ntoskrnl.exe
2012-08-24 15:53 . 2012-10-09 19:13	172544	----a-w-	c:\windows\system32\wintrust.dll
2012-10-28 12:12 . 2012-10-28 12:12	261600	----a-w-	c:\program files\mozilla firefox\components\browsercomps.dll
.
.
((((((((((((((((((((((((((((   Autostartpunkte der Registrierung   ))))))))))))))))))))))))))))))))))))))))
.
.
*Hinweis* leere Einträge & legitime Standardeinträge werden nicht angezeigt. 
REGEDIT4
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt1]
@="{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}]
2012-02-15 00:32	94208	----a-w-	c:\users\Matthias\AppData\Roaming\Dropbox\bin\DropboxExt.14.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt2]
@="{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}]
2012-02-15 00:32	94208	----a-w-	c:\users\Matthias\AppData\Roaming\Dropbox\bin\DropboxExt.14.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt3]
@="{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}]
2012-02-15 00:32	94208	----a-w-	c:\users\Matthias\AppData\Roaming\Dropbox\bin\DropboxExt.14.dll
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Sidebar"="c:\program files\Windows Sidebar\sidebar.exe" [2009-04-11 1233920]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"HControlUser"="c:\program files\ASUS\ATK Hotkey\HControlUser.exe" [2008-01-11 98304]
"ATKOSD2"="c:\program files\ASUS\ATKOSD2\ATKOSD2.exe" [2008-07-15 7651328]
"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2008-07-25 13548064]
"NvMediaCenter"="c:\windows\system32\NvMcTray.dll" [2008-07-25 92704]
"RtHDVCpl"="RtHDVCpl.exe" [2008-06-13 6183456]
"Skytel"="Skytel.exe" [2007-11-20 1826816]
"SynTPEnh"="c:\program files\Synaptics\SynTP\SynTPEnh.exe" [2008-07-03 1328424]
"Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2012-07-27 919008]
"NBAgent"="c:\program files\Nero\Nero 11\Nero BackItUp\NBAgent.exe" [2011-09-20 1493288]
"SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2012-07-03 252848]
"avgnt"="c:\program files\Avira\AntiVir Desktop\avgnt.exe" [2012-11-16 384800]
.
c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
BTTray.lnk - c:\program files\WIDCOMM\Bluetooth Software\BTTray.exe [2008-7-29 752168]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"EnableUIADesktopToggle"= 0 (0x0)
"EnableLinkedConnections"= 1 (0x1)
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"aux"=wdmaud.drv
.
[HKLM\~\startupfolder\C:^Users^Matthias^AppData^Roaming^Microsoft^Windows^Start Menu^Programs^Startup^Dropbox.lnk]
path=c:\users\Matthias\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dropbox.lnk
backup=c:\windows\pss\Dropbox.lnk.Startup
backupExtension=.Startup
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DAEMON Tools Lite]
2012-04-11 09:54	3672384	----a-w-	c:\program files\DAEMON Tools Lite\DTLite.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ICQ]
2012-05-01 16:35	127040	----a-w-	c:\program files\ICQ7.7\ICQ.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\KiesPDLR]
2012-08-31 00:52	21432	----a-w-	c:\program files\Samsung\Kies\External\FirmwareUpdate\KiesPDLR.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\KiesPreload]
2012-08-31 00:52	964024	----a-w-	c:\program files\Samsung\Kies\Kies.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\KiesTrayAgent]
2012-08-31 00:52	3524536	----a-w-	c:\program files\Samsung\Kies\KiesTrayAgent.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\msnmsgr]
2012-03-08 16:50	4280184	----a-w-	c:\program files\Windows Live\Messenger\msnmsgr.exe
.
--- Andere Dienste/Treiber im Speicher ---
.
*NewlyCreated* - 51704162
*NewlyCreated* - ASWMBR
*Deregistered* - 51704162
*Deregistered* - aswMBR
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
bthsvcs	REG_MULTI_SZ   	BthServ
LocalServiceAndNoImpersonation	REG_MULTI_SZ   	FontCache
.
Inhalt des "geplante Tasks" Ordners
.
2012-11-20 c:\windows\Tasks\Adobe Flash Player Updater.job
- c:\windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [2012-04-28 17:20]
.
.
------- Zusätzlicher Suchlauf -------
.
uStart Page = hxxp://www.asus.com/
IE: Nach Microsoft E&xcel exportieren - c:\progra~1\MICROS~3\Office14\EXCEL.EXE/3000
IE: {{77F665FD-3F60-4B0A-AE14-EC124B7A7FCE} - c:\program files\ICQ7.7\ICQ.exe
TCP: DhcpNameServer = 192.168.1.1
FF - ProfilePath - c:\users\Matthias\AppData\Roaming\Mozilla\Firefox\Profiles\8wrvuf1v.default\
FF - ExtSQL: 2012-09-22 18:34; DivXWebPlayer@divx.com; c:\users\Matthias\AppData\Roaming\Mozilla\Firefox\Profiles\8wrvuf1v.default\extensions\DivXWebPlayer@divx.com.xpi
FF - ExtSQL: 2012-10-27 14:49; {b9db16a4-6edc-47ec-a1f4-b86292ed211d}; c:\users\Matthias\AppData\Roaming\Mozilla\Firefox\Profiles\8wrvuf1v.default\extensions\{b9db16a4-6edc-47ec-a1f4-b86292ed211d}
FF - ExtSQL: 2012-11-04 22:54; toolbar@web.de; c:\users\Matthias\AppData\Roaming\Mozilla\Firefox\Profiles\8wrvuf1v.default\extensions\toolbar@web.de.xpi
.
- - - - Entfernte verwaiste Registrierungseinträge - - - -
.
MSConfigStartUp-pgooyjgfzahsvvw - c:\programdata\pgooyjgf.exe
AddRemove-01_Simmental - c:\program files\Samsung\USB Drivers\01_Simmental\Uninstall.exe
AddRemove-02_Siberian - c:\program files\Samsung\USB Drivers\02_Siberian\Uninstall.exe
AddRemove-03_Swallowtail - c:\program files\Samsung\USB Drivers\03_Swallowtail\Uninstall.exe
AddRemove-04_semseyite - c:\program files\Samsung\USB Drivers\04_semseyite\Uninstall.exe
AddRemove-05_Sloan - c:\program files\Samsung\USB Drivers\05_Sloan\Uninstall.exe
AddRemove-06_Spencer - c:\program files\Samsung\USB Drivers\06_Spencer\Uninstall.exe
AddRemove-07_Schorl - c:\program files\Samsung\USB Drivers\07_Schorl\Uninstall.exe
AddRemove-08_EMPChipset - c:\program files\Samsung\USB Drivers\08_EMPChipset\Uninstall.exe
AddRemove-09_Hsp - c:\program files\Samsung\USB Drivers\09_Hsp\Uninstall.exe
AddRemove-11_HSP_Plus_Default - c:\program files\Samsung\USB Drivers\11_HSP_Plus_Default\Uninstall.exe
AddRemove-16_Shrewsbury - c:\program files\Samsung\USB Drivers\16_Shrewsbury\Uninstall.exe
AddRemove-17_EMP_Chipset2 - c:\program files\Samsung\USB Drivers\17_EMP_Chipset2\Uninstall.exe
AddRemove-18_Zinia_Serial_Driver - c:\program files\Samsung\USB Drivers\18_Zinia_Serial_Driver\Uninstall.exe
AddRemove-19_VIA_driver - c:\program files\Samsung\USB Drivers\19_VIA_driver\Uninstall.exe
AddRemove-20_NXP_Driver - c:\program files\Samsung\USB Drivers\20_NXP_Driver\Uninstall.exe
AddRemove-22_WiBro_WiMAX - c:\program files\Samsung\USB Drivers\22_WiBro_WiMAX\Uninstall.exe
AddRemove-24_flashusbdriver - c:\program files\Samsung\USB Drivers\24_flashusbdriver\Uninstall.exe
.
.
.
**************************************************************************
.
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, hxxp://www.gmer.net
Rootkit scan 2012-11-20 19:45
Windows 6.0.6002 Service Pack 2 NTFS
.
Scanne versteckte Prozesse... 
.
Scanne versteckte Autostarteinträge... 
.
Scanne versteckte Dateien... 
.
.
c:\users\Matthias\AppData\Local\Temp\catchme.dll 53248 bytes executable
.
Scan erfolgreich abgeschlossen
versteckte Dateien: 1
.
**************************************************************************
.
--------------------- Gesperrte Registrierungsschluessel ---------------------
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil32_11_4_402_287_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32]
@="c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil32_11_4_402_287_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="IFlashBroker5"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0001\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
Zeit der Fertigstellung: 2012-11-20  19:53:03
ComboFix-quarantined-files.txt  2012-11-20 18:52
.
Vor Suchlauf: 8 Verzeichnis(se), 331.455.557.632 Bytes frei
Nach Suchlauf: 14 Verzeichnis(se), 345.622.274.048 Bytes frei
.
- - End Of File - - 2DF719D40A3E53EE49CCBF3D3AE23D8C
         
--- --- ---

Alt 20.11.2012, 19:59   #9
cosinus
/// Winkelfunktion
/// TB-Süch-Tiger™
 
TR/Spy.Banker.Gen8 - Standard

TR/Spy.Banker.Gen8



Combofix - Scripten

1. Starte das Notepad (Start / Ausführen / notepad[Enter])

2. Jetzt füge mit copy/paste den ganzen Inhalt der untenstehenden Codebox in das Notepad Fenster ein.

Code:
ATTFilter
Folder::
c:\users\Matthias\AppData\Roaming\16001.010
c:\programdata\qlquqeaxzjyjgnv
c:\users\Matthias\AppData\Roaming\UAs
c:\users\Matthias\AppData\Roaming\16001.009
c:\users\Matthias\AppData\Roaming\xmldm
c:\users\Matthias\AppData\Roaming\kock
         
3. Speichere im Notepad als CFScript.txt auf dem Desktop.

4. Deaktivere den Guard Deines Antivirenprogramms und eine eventuell vorhandene Software Firewall.
(Auch Guards von Ad-, Spyware Programmen und den Tea Timer (wenn vorhanden) !)

5. Dann ziehe die CFScript.txt auf die cofi.exe, so wie es im unteren Bild zu sehen ist. Damit wird Combofix neu gestartet.



6. Nach dem Neustart (es wird gefragt ob Du neustarten willst), poste bitte die folgenden Log Dateien:
Combofix.txt

Hinweis: Das obige Script ist nur für diesen einen User in dieser Situtation erstellt worden. Es ist auf keinen anderen Rechner portierbar und darf nicht anderweitig verwandt werden, da es das System nachhaltig schädigen kann!
__________________
Logfiles bitte immer in CODE-Tags posten

Alt 20.11.2012, 23:15   #10
fandingo
 
TR/Spy.Banker.Gen8 - Standard

TR/Spy.Banker.Gen8



[code] Combofix Logfile:
Code:
ATTFilter
ComboFix 12-11-20.02 - Matthias 20.11.2012  23:05:16.2.2 - x86
Microsoft® Windows Vista™ Home Premium   6.0.6002.2.1252.49.1031.18.3070.2017 [GMT 1:00]
ausgeführt von:: c:\users\Matthias\Desktop\ComboFix.exe
Benutzte Befehlsschalter :: c:\users\Matthias\Desktop\CFScript.txt
AV: Avira Desktop *Disabled/Updated* {F67B4DE5-C0B4-6C3F-0EFF-6C83BD5D0C2C}
SP: Avira Desktop *Disabled/Updated* {4D1AAC01-E68E-63B1-344F-57F1C6DA4691}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
.
((((((((((((((((((((((((((((((((((((   Weitere Löschungen   ))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\programdata\qlquqeaxzjyjgnv
c:\programdata\qlquqeaxzjyjgnv\btn-green.png
c:\programdata\qlquqeaxzjyjgnv\corners-btn.png
c:\programdata\qlquqeaxzjyjgnv\corners1.png
c:\programdata\qlquqeaxzjyjgnv\corners2.png
c:\programdata\qlquqeaxzjyjgnv\corners3.png
c:\programdata\qlquqeaxzjyjgnv\corners4.png
c:\programdata\qlquqeaxzjyjgnv\de-flag.png
c:\programdata\qlquqeaxzjyjgnv\de-image.png
c:\programdata\qlquqeaxzjyjgnv\ie6-7.css
c:\programdata\qlquqeaxzjyjgnv\jquery.main.js
c:\programdata\qlquqeaxzjyjgnv\main.html
c:\programdata\qlquqeaxzjyjgnv\McAfee.png
c:\programdata\qlquqeaxzjyjgnv\pays-de.png
c:\programdata\qlquqeaxzjyjgnv\steps-de.png
c:\programdata\qlquqeaxzjyjgnv\steps-en.png
c:\programdata\qlquqeaxzjyjgnv\style.css
c:\programdata\qlquqeaxzjyjgnv\tabs.png
c:\programdata\qlquqeaxzjyjgnv\wait.html
c:\users\Matthias\AppData\Roaming\16001.009
c:\users\Matthias\AppData\Roaming\16001.009\chrome.manifest
c:\users\Matthias\AppData\Roaming\16001.009\components\AcroFF.txt
c:\users\Matthias\AppData\Roaming\16001.009\install.rdf
c:\users\Matthias\AppData\Roaming\16001.010
c:\users\Matthias\AppData\Roaming\16001.010\chrome.manifest
c:\users\Matthias\AppData\Roaming\16001.010\components\AcroFF.txt
c:\users\Matthias\AppData\Roaming\16001.010\install.rdf
c:\users\Matthias\AppData\Roaming\kock
c:\users\Matthias\AppData\Roaming\UAs
c:\users\Matthias\AppData\Roaming\UAs\As_UAs001.dat
c:\users\Matthias\AppData\Roaming\UAs\As_UAs002.dat
c:\users\Matthias\AppData\Roaming\UAs\As_UAs003.dat
c:\users\Matthias\AppData\Roaming\xmldm
.
.
(((((((((((((((((((((((   Dateien erstellt von 2012-10-20 bis 2012-11-20  ))))))))))))))))))))))))))))))
.
.
2012-11-20 22:11 . 2012-11-20 22:11	--------	d-----w-	c:\users\Matthias\AppData\Local\temp
2012-11-20 22:11 . 2012-11-20 22:11	--------	d-----w-	c:\users\Default\AppData\Local\temp
2012-11-15 17:39 . 2012-11-15 17:39	--------	d-----w-	c:\users\Matthias\AppData\Roaming\Malwarebytes
2012-11-15 17:39 . 2012-11-15 17:39	--------	d-----w-	c:\programdata\Malwarebytes
2012-11-15 17:39 . 2012-09-29 18:54	22856	----a-w-	c:\windows\system32\drivers\mbam.sys
2012-11-15 17:39 . 2012-11-15 17:39	--------	d-----w-	c:\program files\Malwarebytes' Anti-Malware
2012-11-15 17:30 . 2012-11-15 17:30	--------	d-----w-	c:\users\Matthias\AppData\Roaming\Avira
2012-11-15 17:14 . 2012-11-16 15:49	83432	----a-w-	c:\windows\system32\drivers\avgntflt.sys
2012-11-15 17:14 . 2012-11-16 15:49	36552	----a-w-	c:\windows\system32\drivers\avkmgr.sys
2012-11-15 17:14 . 2012-11-16 15:49	133824	----a-w-	c:\windows\system32\drivers\avipbb.sys
2012-11-15 17:14 . 2012-11-15 17:14	--------	d-----w-	c:\programdata\Avira
2012-11-15 17:14 . 2012-11-15 17:14	--------	d-----w-	c:\program files\Avira
2012-11-14 20:03 . 2012-10-12 14:29	2047488	----a-w-	c:\windows\system32\win32k.sys
2012-11-14 20:03 . 2012-09-25 16:19	75776	----a-w-	c:\windows\system32\synceng.dll
2012-11-14 15:28 . 2012-10-17 00:32	6918632	----a-w-	c:\programdata\Microsoft\Windows Defender\Definition Updates\{22B4ED7C-7C35-4A97-A15A-99156D1E6FDF}\mpengine.dll
2012-11-04 21:54 . 2012-11-04 21:54	--------	d-----w-	c:\program files\WEB.DE MailCheck
2012-10-31 22:29 . 2012-10-31 22:29	--------	d-----w-	c:\program files\7-Zip
2012-10-28 13:08 . 2012-10-28 13:08	--------	d-----w-	c:\users\Matthias\AppData\Roaming\Media Player Classic
2012-10-28 13:07 . 2012-10-28 13:07	--------	d-----w-	c:\program files\MPC-HC
2012-10-27 12:51 . 2012-10-27 12:51	--------	d-----w-	c:\users\Matthias\dwhelper
.
.
.
((((((((((((((((((((((((((((((((((((   Find3M Bericht   ))))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2012-10-11 17:20 . 2012-04-28 06:38	73656	----a-w-	c:\windows\system32\FlashPlayerCPLApp.cpl
2012-10-11 17:20 . 2012-04-28 06:38	696760	----a-w-	c:\windows\system32\FlashPlayerApp.exe
2012-09-13 13:28 . 2012-10-09 19:13	2048	----a-w-	c:\windows\system32\tzres.dll
2012-08-31 06:00 . 2012-08-31 06:00	93672	----a-w-	c:\windows\system32\WindowsAccessBridge.dll
2012-08-31 06:00 . 2012-08-26 13:26	821736	----a-w-	c:\windows\system32\npDeployJava1.dll
2012-08-31 06:00 . 2012-04-30 17:01	746984	----a-w-	c:\windows\system32\deployJava1.dll
2012-08-29 11:27 . 2012-10-09 19:13	3602816	----a-w-	c:\windows\system32\ntkrnlpa.exe
2012-08-29 11:27 . 2012-10-09 19:13	3550080	----a-w-	c:\windows\system32\ntoskrnl.exe
2012-08-24 15:53 . 2012-10-09 19:13	172544	----a-w-	c:\windows\system32\wintrust.dll
2012-10-28 12:12 . 2012-10-28 12:12	261600	----a-w-	c:\program files\mozilla firefox\components\browsercomps.dll
.
.
((((((((((((((((((((((((((((   Autostartpunkte der Registrierung   ))))))))))))))))))))))))))))))))))))))))
.
.
*Hinweis* leere Einträge & legitime Standardeinträge werden nicht angezeigt. 
REGEDIT4
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt1]
@="{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}]
2012-02-15 00:32	94208	----a-w-	c:\users\Matthias\AppData\Roaming\Dropbox\bin\DropboxExt.14.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt2]
@="{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}]
2012-02-15 00:32	94208	----a-w-	c:\users\Matthias\AppData\Roaming\Dropbox\bin\DropboxExt.14.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt3]
@="{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}]
2012-02-15 00:32	94208	----a-w-	c:\users\Matthias\AppData\Roaming\Dropbox\bin\DropboxExt.14.dll
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Sidebar"="c:\program files\Windows Sidebar\sidebar.exe" [2009-04-11 1233920]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"HControlUser"="c:\program files\ASUS\ATK Hotkey\HControlUser.exe" [2008-01-11 98304]
"ATKOSD2"="c:\program files\ASUS\ATKOSD2\ATKOSD2.exe" [2008-07-15 7651328]
"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2008-07-25 13548064]
"NvMediaCenter"="c:\windows\system32\NvMcTray.dll" [2008-07-25 92704]
"RtHDVCpl"="RtHDVCpl.exe" [2008-06-13 6183456]
"Skytel"="Skytel.exe" [2007-11-20 1826816]
"SynTPEnh"="c:\program files\Synaptics\SynTP\SynTPEnh.exe" [2008-07-03 1328424]
"Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2012-07-27 919008]
"NBAgent"="c:\program files\Nero\Nero 11\Nero BackItUp\NBAgent.exe" [2011-09-20 1493288]
"SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2012-07-03 252848]
"avgnt"="c:\program files\Avira\AntiVir Desktop\avgnt.exe" [2012-11-16 384800]
.
c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
BTTray.lnk - c:\program files\WIDCOMM\Bluetooth Software\BTTray.exe [2008-7-29 752168]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"EnableUIADesktopToggle"= 0 (0x0)
"EnableLinkedConnections"= 1 (0x1)
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"aux"=wdmaud.drv
.
[HKLM\~\startupfolder\C:^Users^Matthias^AppData^Roaming^Microsoft^Windows^Start Menu^Programs^Startup^Dropbox.lnk]
path=c:\users\Matthias\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dropbox.lnk
backup=c:\windows\pss\Dropbox.lnk.Startup
backupExtension=.Startup
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DAEMON Tools Lite]
2012-04-11 09:54	3672384	----a-w-	c:\program files\DAEMON Tools Lite\DTLite.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ICQ]
2012-05-01 16:35	127040	----a-w-	c:\program files\ICQ7.7\ICQ.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\KiesPDLR]
2012-08-31 00:52	21432	----a-w-	c:\program files\Samsung\Kies\External\FirmwareUpdate\KiesPDLR.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\KiesPreload]
2012-08-31 00:52	964024	----a-w-	c:\program files\Samsung\Kies\Kies.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\KiesTrayAgent]
2012-08-31 00:52	3524536	----a-w-	c:\program files\Samsung\Kies\KiesTrayAgent.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\msnmsgr]
2012-03-08 16:50	4280184	----a-w-	c:\program files\Windows Live\Messenger\msnmsgr.exe
.
--- Andere Dienste/Treiber im Speicher ---
.
*NewlyCreated* - WS2IFSL
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
bthsvcs	REG_MULTI_SZ   	BthServ
LocalServiceAndNoImpersonation	REG_MULTI_SZ   	FontCache
.
Inhalt des "geplante Tasks" Ordners
.
2012-11-20 c:\windows\Tasks\Adobe Flash Player Updater.job
- c:\windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [2012-04-28 17:20]
.
.
------- Zusätzlicher Suchlauf -------
.
uStart Page = hxxp://www.asus.com/
IE: Nach Microsoft E&xcel exportieren - c:\progra~1\MICROS~3\Office14\EXCEL.EXE/3000
IE: {{77F665FD-3F60-4B0A-AE14-EC124B7A7FCE} - c:\program files\ICQ7.7\ICQ.exe
TCP: DhcpNameServer = 192.168.1.1
FF - ProfilePath - c:\users\Matthias\AppData\Roaming\Mozilla\Firefox\Profiles\8wrvuf1v.default\
FF - ExtSQL: 2012-09-22 18:34; DivXWebPlayer@divx.com; c:\users\Matthias\AppData\Roaming\Mozilla\Firefox\Profiles\8wrvuf1v.default\extensions\DivXWebPlayer@divx.com.xpi
FF - ExtSQL: 2012-10-27 14:49; {b9db16a4-6edc-47ec-a1f4-b86292ed211d}; c:\users\Matthias\AppData\Roaming\Mozilla\Firefox\Profiles\8wrvuf1v.default\extensions\{b9db16a4-6edc-47ec-a1f4-b86292ed211d}
FF - ExtSQL: 2012-11-04 22:54; toolbar@web.de; c:\users\Matthias\AppData\Roaming\Mozilla\Firefox\Profiles\8wrvuf1v.default\extensions\toolbar@web.de.xpi
.
.
**************************************************************************
Scanne versteckte Prozesse... 
.
Scanne versteckte Autostarteinträge... 
.
Scanne versteckte Dateien... 
.
Scan erfolgreich abgeschlossen
versteckte Dateien: 
.
**************************************************************************
.
--------------------- Gesperrte Registrierungsschluessel ---------------------
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil32_11_4_402_287_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32]
@="c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil32_11_4_402_287_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="IFlashBroker5"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0001\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
Zeit der Fertigstellung: 2012-11-20  23:13:57
ComboFix-quarantined-files.txt  2012-11-20 22:13
ComboFix2.txt  2012-11-20 18:53
.
Vor Suchlauf: 13 Verzeichnis(se), 346.093.780.992 Bytes frei
Nach Suchlauf: 14 Verzeichnis(se), 346.065.240.064 Bytes frei
.
- - End Of File - - 43EF351188EAF9D5BEBED3B42FB7617C
         
--- --- ---

Alt 21.11.2012, 11:27   #11
cosinus
/// Winkelfunktion
/// TB-Süch-Tiger™
 
TR/Spy.Banker.Gen8 - Standard

TR/Spy.Banker.Gen8



adwCleaner - Toolbars und ungewollte Start-/Suchseiten aufspüren

Downloade Dir bitte AdwCleaner auf deinen Desktop.

Falls der adwCleaner schon mal in der runtergeladen wurde, bitte die alte adwcleaner.exe löschen und neu runterladen!!
  • Starte die adwcleaner.exe mit einem Doppelklick.
  • Klicke auf Suche.
  • Nach Ende des Suchlaufs öffnet sich eine Textdatei.
  • Poste mir den Inhalt mit deiner nächsten Antwort.
  • Die Logdatei findest du auch unter C:\AdwCleaner[Rx].txt. (x=fortlaufende Nummer)
__________________
Logfiles bitte immer in CODE-Tags posten

Alt 22.11.2012, 19:16   #12
fandingo
 
TR/Spy.Banker.Gen8 - Standard

TR/Spy.Banker.Gen8



Code:
ATTFilter
 

# AdwCleaner v2.008 - Datei am 22/11/2012 um 19:18:23 erstellt
# Aktualisiert am 17/11/2012 von Xplode
# Betriebssystem : Windows Vista (TM) Home Premium Service Pack 2 (32 bits)
# Benutzer : Matthias - ASUS
# Bootmodus : Normal
# Ausgeführt unter : C:\Users\Matthias\Desktop\adwcleaner.exe
# Option [Suche]


**** [Dienste] ****


***** [Dateien / Ordner] *****

Datei Gefunden : C:\Users\Matthias\AppData\Roaming\Mozilla\Firefox\Profiles\8wrvuf1v.default\searchplugins\11-suche.xml

***** [Registrierungsdatenbank] *****

Schlüssel Gefunden : HKCU\Software\Softonic
Schlüssel Gefunden : HKLM\SOFTWARE\Classes\Interface\{66EEF543-A9AC-4A9D-AA3C-1ED148AC8EEE}
Schlüssel Gefunden : HKLM\SOFTWARE\Classes\Interface\{79FB5FC8-44B9-4AF5-BADD-CCE547F953E5}

***** [Internet Browser] *****

-\\ Internet Explorer v9.0.8112.16421

[OK] Die Registrierungsdatenbank ist sauber.

-\\ Mozilla Firefox v16.0.2 (de)

Profilname : default 
Datei : C:\Users\Matthias\AppData\Roaming\Mozilla\Firefox\Profiles\8wrvuf1v.default\prefs.js

Gefunden : user_pref("extensions.enabledAddons", "DivXWebPlayer@divx.com:2.0.2.039,{b9db16a4-6edc-47ec-a1f4-b86[...]

*************************

AdwCleaner[R1].txt - [1202 octets] - [22/11/2012 19:18:23]

########## EOF - C:\AdwCleaner[R1].txt - [1262 octets] ##########
         

Geändert von fandingo (22.11.2012 um 19:21 Uhr)

Alt 22.11.2012, 20:22   #13
cosinus
/// Winkelfunktion
/// TB-Süch-Tiger™
 
TR/Spy.Banker.Gen8 - Standard

TR/Spy.Banker.Gen8



adwCleaner - Toolbars und ungewollte Start-/Suchseiten entfernen
  • Schließe alle offenen Programme und Browser.
  • Starte die adwcleaner.exe mit einem Doppelklick.
  • Klicke auf Löschen.
  • Bestätige jeweils mit Ok.
  • Dein Rechner wird neu gestartet. Nach dem Neustart öffnet sich eine Textdatei.
  • Poste mir den Inhalt mit deiner nächsten Antwort.
  • Die Logdatei findest du auch unter C:\AdwCleaner[Sx].txt. (x=fortlaufende Nummer)

Danach eine Kontrolle mit OTL bitte:
  • Doppelklick auf die OTL.exe
  • Vista User: Rechtsklick auf die OTL.exe und "als Administrator ausführen" wählen
  • Setze oben mittig den Haken bei Scanne alle Benutzer
  • Oben findest Du ein Kästchen mit Output. Wähle bitte Minimal Output
  • Unter Extra Registry, wähle bitte Use SafeList
  • Klicke nun auf Run Scan links oben
  • Wenn der Scan beendet wurde werden 2 Logfiles erstellt
  • Poste die Logfiles in CODE-Tags hier in den Thread.
__________________
Logfiles bitte immer in CODE-Tags posten

Alt 22.11.2012, 21:00   #14
fandingo
 
TR/Spy.Banker.Gen8 - Standard

TR/Spy.Banker.Gen8



Code:
ATTFilter
# AdwCleaner v2.008 - Datei am 22/11/2012 um 20:56:40 erstellt
# Aktualisiert am 17/11/2012 von Xplode
# Betriebssystem : Windows Vista (TM) Home Premium Service Pack 2 (32 bits)
# Benutzer : Matthias - ASUS
# Bootmodus : Normal
# Ausgeführt unter : C:\Users\Matthias\Desktop\adwcleaner.exe
# Option [Löschen]


**** [Dienste] ****


***** [Dateien / Ordner] *****

Datei Gelöscht : C:\Users\Matthias\AppData\Roaming\Mozilla\Firefox\Profiles\8wrvuf1v.default\searchplugins\11-suche.xml

***** [Registrierungsdatenbank] *****

Schlüssel Gelöscht : HKCU\Software\Softonic
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{66EEF543-A9AC-4A9D-AA3C-1ED148AC8EEE}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{79FB5FC8-44B9-4AF5-BADD-CCE547F953E5}

***** [Internet Browser] *****

-\\ Internet Explorer v9.0.8112.16421

[OK] Die Registrierungsdatenbank ist sauber.

-\\ Mozilla Firefox v16.0.2 (de)

Profilname : default 
Datei : C:\Users\Matthias\AppData\Roaming\Mozilla\Firefox\Profiles\8wrvuf1v.default\prefs.js

Gelöscht : user_pref("extensions.enabledAddons", "DivXWebPlayer@divx.com:2.0.2.039,{b9db16a4-6edc-47ec-a1f4-b86[...]

*************************

AdwCleaner[R1].txt - [1331 octets] - [22/11/2012 19:18:23]
AdwCleaner[S1].txt - [1264 octets] - [22/11/2012 20:56:40]

########## EOF - C:\AdwCleaner[S1].txt - [1324 octets] ##########
         
und hier OTL

OTL EXTRAS Logfile:
Code:
ATTFilter
OTL Extras logfile created on: 22.11.2012 21:06:07 - Run 2
OTL by OldTimer - Version 3.2.69.0     Folder = c:\Users\Matthias\Desktop\Downloads\Downloads
Windows Vista Home Premium Edition Service Pack 2 (Version = 6.0.6002) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
 
3,00 Gb Total Physical Memory | 1,66 Gb Available Physical Memory | 55,42% Memory free
6,19 Gb Paging File | 4,91 Gb Available in Paging File | 79,32% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 454,04 Gb Total Space | 322,08 Gb Free Space | 70,94% Space Free | Partition Type: NTFS
Drive D: | 6,07 Gb Total Space | 0,00 Gb Free Space | 0,00% Space Free | Partition Type: UDF
 
Computer Name: ASUS | User Name: Matthias | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days
 
========== Extra Registry (SafeList) ==========
 
 
========== File Associations ==========
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- rundll32.exe shell32.dll,Control_RunDLL "%1",%*
.hlp [@ = hlpfile] -- C:\Windows\winhlp32.exe (Microsoft Corporation)
 
[HKEY_USERS\S-1-5-21-3828175926-1959102714-3155801051-1000\SOFTWARE\Classes\<extension>]
.html [@ = FirefoxHTML] -- C:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation)
 
========== Shell Spawning ==========
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- rundll32.exe shell32.dll,Control_RunDLL "%1",%*
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
hlpfile [open] -- %SystemRoot%\winhlp32.exe %1 (Microsoft Corporation)
htmlfile [edit] -- "C:\Program Files\Microsoft Office 2010\Office14\msohtmed.exe" %1 (Microsoft Corporation)
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [open] -- %SystemRoot%\Explorer.exe /separate,/idlist,%I,%L (Microsoft Corporation)
Folder [explore] -- %SystemRoot%\Explorer.exe /separate,/e,/idlist,%I,%L (Microsoft Corporation)
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
 
========== Security Center Settings ==========
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 1
"FirewallDisableNotify" = 0
"AntiVirusDisableNotify" = 0
"UpdatesDisableNotify" = 0
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"AntiVirusOverride" = 0
"AntiSpywareOverride" = 0
"FirewallOverride" = 0
"VistaSp1" = Reg Error: Unknown registry data type -- File not found
"VistaSp2" = Reg Error: Unknown registry data type -- File not found
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol]
 
========== System Restore Settings ==========
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SystemRestore]
"DisableSR" = 0
 
========== Firewall Settings ==========
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\DomainProfile]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\StandardProfile]
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"EnableFirewall" = 1
"DisableNotifications" = 0
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"EnableFirewall" = 1
"DisableNotifications" = 0
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List]
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
"EnableFirewall" = 1
"DisableNotifications" = 0
 
========== Authorized Applications List ==========
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
 
 
========== Vista Active Open Ports Exception List ==========
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{04078877-F5BE-49DD-9BDF-B9315132F802}" = lport=1900 | protocol=17 | dir=in | name=windows live communications platform (ssdp) | 
"{09AD532A-F7EC-4E6F-AEB4-F6781B66AAA7}" = rport=445 | protocol=6 | dir=out | app=system | 
"{14F58B5B-4986-4E53-B5CD-A4742344D3C7}" = lport=rpc | protocol=6 | dir=in | svc=spooler | app=%systemroot%\system32\spoolsv.exe | 
"{393F852D-8E6C-42BF-AFF9-411FB111E29F}" = lport=137 | protocol=17 | dir=in | app=system | 
"{537FCEA0-F486-4A43-A717-793673726859}" = rport=139 | protocol=6 | dir=out | app=system | 
"{5534C1B2-CBDC-4763-8CA6-BFC02F375102}" = lport=2869 | protocol=6 | dir=in | name=windows live communications platform (upnp) | 
"{5E4D1627-5508-422F-93A9-BDB72F52FE74}" = lport=rpc-epmap | protocol=6 | dir=in | svc=rpcss | name=@firewallapi.dll,-28539 | 
"{8143224F-0E93-499D-BAFC-1E002DA635F5}" = lport=139 | protocol=6 | dir=in | app=system | 
"{9E25230E-1AF7-4CC7-8903-8067D0354022}" = lport=138 | protocol=17 | dir=in | app=system | 
"{9E523F24-81BE-42C5-9EB1-3069EDD64AD8}" = lport=445 | protocol=6 | dir=in | app=system | 
"{A531754D-DAA9-4A74-B7B3-22DFC0DC0857}" = rport=137 | protocol=17 | dir=out | app=system | 
"{EDAB9B74-9BFB-4D27-B69E-3EB08B95B646}" = rport=138 | protocol=17 | dir=out | app=system | 
 
========== Vista Active Application Exception List ==========
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{0A5F9D15-2C26-4D6F-A0FB-B0E142759E94}" = dir=in | app=c:\program files\windows live\messenger\msnmsgr.exe | 
"{2032790A-ED30-44D2-A0AA-C05C0C9F5660}" = protocol=1 | dir=out | name=@firewallapi.dll,-28544 | 
"{285FD47C-449E-4AC4-B0FC-217F481CF715}" = protocol=1 | dir=in | name=@firewallapi.dll,-28543 | 
"{331F0D39-28A8-46D9-930B-3E1DE9A58BFF}" = protocol=58 | dir=in | name=@firewallapi.dll,-28545 | 
"{344DE76B-18D0-4691-9EFC-C1C8CA6B6973}" = protocol=17 | dir=in | app=c:\users\matthias\appdata\roaming\dropbox\bin\dropbox.exe | 
"{3ED69CEA-693E-4350-881F-05C0FB6C0056}" = protocol=6 | dir=in | app=c:\program files\icq7.7\icq.exe | 
"{4DCEDE9F-2D53-42B9-84C4-2AFABAF319E7}" = protocol=6 | dir=in | app=c:\program files\icq7.7\icq.exe | 
"{50B5FB6C-E96C-4F83-A22E-D4BD583EAEAC}" = protocol=17 | dir=in | app=c:\program files\icq7.7\icq.exe | 
"{5639AC6B-7999-4446-AA42-95F03D72F5ED}" = protocol=6 | dir=in | app=c:\program files\microsoft office 2010\office14\groove.exe | 
"{79921021-1A30-479D-814A-E2EC7C8D38C2}" = dir=in | app=c:\program files\windows live\contacts\wlcomm.exe | 
"{7E2E3297-1C3C-4AC0-88D4-54B5EF9C35BF}" = protocol=17 | dir=in | app=c:\program files\microsoft office 2010\office14\groove.exe | 
"{987ED4CC-1B4F-45A2-9F7E-BD2C09F918CE}" = protocol=6 | dir=in | app=c:\windows\system32\muzapp.exe | 
"{B3A551DB-E1C9-456F-87EC-B4AB69B53336}" = protocol=6 | dir=in | app=c:\users\matthias\appdata\roaming\dropbox\bin\dropbox.exe | 
"{B69F190B-21DD-4D0D-B9AB-88F6F9F79D97}" = protocol=17 | dir=in | app=c:\program files\icq7.7\icq.exe | 
"{CF8359D0-3D32-4E86-A493-2B6B9C0EF24D}" = protocol=58 | dir=out | name=@firewallapi.dll,-28546 | 
"{D3CA8C25-ABD2-49E8-913B-0A28FC2D0F71}" = protocol=6 | dir=in | app=c:\program files\icq7.7\icq.exe | 
"{DD9FF5F9-DFAB-4AB7-8171-E963F3BEDB45}" = protocol=17 | dir=in | app=c:\program files\icq7.7\icq.exe | 
"{E15C28A9-98E9-4C7E-BE41-EFD75CA3C03E}" = protocol=17 | dir=in | app=c:\windows\system32\muzapp.exe | 
"TCP Query User{002D993B-38DC-4B9E-AB25-3E6FD84D127D}C:\program files\konami\pro evolution soccer 2013\pes2013.exe" = protocol=6 | dir=in | app=c:\program files\konami\pro evolution soccer 2013\pes2013.exe | 
"TCP Query User{1F27EDA3-0F8B-4EEF-9803-3871A0A1A0A5}C:\games\pes2012.exe" = protocol=6 | dir=in | app=c:\games\pes2012.exe | 
"TCP Query User{E92E9DBA-9CB3-475A-9BBF-2E562DB970FE}C:\program files\sopcast\sopcast.exe" = protocol=6 | dir=in | app=c:\program files\sopcast\sopcast.exe | 
"UDP Query User{24A920A2-5B5E-498E-9E09-F545BF456F01}C:\games\pes2012.exe" = protocol=17 | dir=in | app=c:\games\pes2012.exe | 
"UDP Query User{A53E2580-579B-4471-8314-0BF87B97A03D}C:\program files\sopcast\sopcast.exe" = protocol=17 | dir=in | app=c:\program files\sopcast\sopcast.exe | 
"UDP Query User{B0E180BB-74E6-44DF-8555-CFD12C7BCDA0}C:\program files\konami\pro evolution soccer 2013\pes2013.exe" = protocol=17 | dir=in | app=c:\program files\konami\pro evolution soccer 2013\pes2013.exe | 
 
========== HKEY_LOCAL_MACHINE Uninstall List ==========
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{01E9B2FF-DAF4-4529-9CC9-2101625517C7}" = nero.prerequisites.msi
"{034DCAF9-96E7-4936-9A07-712F80B5181E}" = Nero RescueAgent 11
"{03D1988F-469F-4843-8E6E-E5FE9D17889D}" = WIDCOMM Bluetooth Software
"{052FDD78-A6EA-3187-8386-C82F4CA3A929}" = Microsoft .NET Framework 3.5 Language Pack SP1 - deu
"{0713D1F9-DD77-42C1-8C7D-54D479E2E743}" = Nero SoundTrax 11
"{0B0F231F-CE6A-483D-AA23-77B364F75917}" = Windows Live Installer
"{0D7A4289-99CF-4B8D-B812-86BE50A54552}" = Nero Video 11
"{11D3EF85-63E1-4AE4-A7C1-9241BDB16B51}" = Nero ControlCenter 11
"{1BA1DBDC-5431-46FD-A66F-A17EB1C439EE}" = Windows Live Messenger
"{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
"{200FEC62-3C34-4D60-9CE8-EC372E01C08F}" = Windows Live SOXE Definitions
"{2624B969-7135-4EB1-B0F6-2D8C397B45F7}_is1" = MPC-HC 1.6.4.6052
"{26A24AE4-039D-4CA4-87B4-2F83216031FF}" = Java(TM) 6 Update 31
"{26A24AE4-039D-4CA4-87B4-2F83217007FF}" = Java 7 Update 7
"{2862A3C1-0CD9-4D8B-A28C-8C337D4DD5EB}" = Express Gate
"{2CA7225D-CB12-462A-9DD1-50319E158BA5}" = Nero 11 PiP Effects Basic
"{37B33B16-2535-49E7-8990-32668708A0A3}" = Windows Live UX Platform Language Pack
"{390757AA-8830-43DC-AEE0-4E5B6F8439EB}" = Nero SoundTrax 11 Help (CHM)
"{3B05F2FB-745B-4012-ADF2-439F36B2E70B}" = ATKOSD2
"{3B418709-D688-4E3A-BE0E-7D71FA84C948}" = Nero 11 PiP Effects 1
"{3C3901C5-3455-3E0A-A214-0B093A5070A6}" = Microsoft .NET Framework 4 Client Profile
"{40580068-9B10-40B5-9548-536CE88AB23C}" = ITECIR
"{4382FC76-8100-4951-8658-31834E625E88}" = Nero 11 Video Transitions 1
"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
"{53F7746A-96AA-49A5-86B8-59989680DAC5}" = Nero Burning ROM 11 Help (CHM)
"{55C2143E-FBA5-442F-9AFA-726FF068F39D}" = Nero CoverDesigner 11 Help (CHM)
"{57F80ECF-E27C-4EEE-AB58-E971BACE2639}" = Nero Recode 11 Help (CHM)
"{59F6A514-9813-47A3-948C-8A155460CC2A}" = RICOH R5C83x/84x Flash Media Controller Driver Ver.3.55.03
"{5A212B2D-140D-46F4-B625-2D1CA5A00594}" = Nero 11 Kwik Themes Basic
"{5DD4FCBD-A3C1-4155-9E17-4161C70AAABA}" = Segoe UI
"{5E98FDD6-3672-4DBE-AB8B-2C9A0BED1382}" = Nero 11 Disc Menus 3
"{65BB0407-4CC8-4DC7-952E-3EEFDF05602A}" = Nero Update
"{682B3E4F-696A-42DE-A41C-4C07EA1678B4}" = Windows Live SOXE
"{6AB2427E-A18F-4809-9A12-29F5EBABBB3A}" = Nero BackItUp 11 Help (CHM)
"{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}" = Microsoft Visual C++ 2005 Redistributable
"{758C8301-2696-4855-AF45-534B1200980A}" = Samsung Kies
"{77F665FD-3F60-4B0A-AE14-EC124B7A7FCE}" = ICQ7.7
"{7C05592D-424B-46CB-B505-E0013E8E75C9}" = ATK Hotkey
"{7DF2B5EE-2C16-4E86-9C71-8678068AD805}" = Nero 11 Disc Menus 2
"{8014FACB-1D1D-48C2-94AA-E29EE2E6B9CE}" = Nero WaveEditor 11
"{83C292B7-38A5-440B-A731-07070E81A64F}" = Windows Live PIMT Platform
"{83F73CB1-7705-49D1-9852-84D839CA2A45}" = Wireless Console 2
"{8833FFB6-5B0C-4764-81AA-06DFEED9A476}" = Realtek 8169, 8168, 8101E and 8102E Ethernet Network Card Driver for Windows Vista
"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
"{8DD46C6A-0056-4FEC-B70A-28BB16A1F11F}" = MSVCRT
"{90140000-0011-0000-0000-0000000FF1CE}" = Microsoft Office Professional Plus 2010
"{90140000-0011-0000-0000-0000000FF1CE}_Office14.PROPLUS_{047B0968-E622-4FAA-9B4B-121FA109EDDE}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-0015-0407-0000-0000000FF1CE}" = Microsoft Office Access MUI (German) 2010
"{90140000-0015-0407-0000-0000000FF1CE}_Office14.PROPLUS_{69E54534-4569-4639-89E9-305B60A11601}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-0016-0407-0000-0000000FF1CE}" = Microsoft Office Excel MUI (German) 2010
"{90140000-0016-0407-0000-0000000FF1CE}_Office14.PROPLUS_{69E54534-4569-4639-89E9-305B60A11601}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-0018-0407-0000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (German) 2010
"{90140000-0018-0407-0000-0000000FF1CE}_Office14.PROPLUS_{69E54534-4569-4639-89E9-305B60A11601}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-0019-0407-0000-0000000FF1CE}" = Microsoft Office Publisher MUI (German) 2010
"{90140000-0019-0407-0000-0000000FF1CE}_Office14.PROPLUS_{69E54534-4569-4639-89E9-305B60A11601}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-001A-0407-0000-0000000FF1CE}" = Microsoft Office Outlook MUI (German) 2010
"{90140000-001A-0407-0000-0000000FF1CE}_Office14.PROPLUS_{69E54534-4569-4639-89E9-305B60A11601}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-001B-0407-0000-0000000FF1CE}" = Microsoft Office Word MUI (German) 2010
"{90140000-001B-0407-0000-0000000FF1CE}_Office14.PROPLUS_{69E54534-4569-4639-89E9-305B60A11601}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-001F-0407-0000-0000000FF1CE}" = Microsoft Office Proof (German) 2010
"{90140000-001F-0407-0000-0000000FF1CE}_Office14.PROPLUS_{65A2328E-FDFB-4CA3-8582-357EA6825FEA}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-001F-0409-0000-0000000FF1CE}" = Microsoft Office Proof (English) 2010
"{90140000-001F-0409-0000-0000000FF1CE}_Office14.PROPLUS_{99ACCA38-6DD3-48A8-96AE-A283C9759279}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-001F-040C-0000-0000000FF1CE}" = Microsoft Office Proof (French) 2010
"{90140000-001F-040C-0000-0000000FF1CE}_Office14.PROPLUS_{46298F6A-1E7E-4D4A-B5F5-106A4F0E48C6}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-001F-0410-0000-0000000FF1CE}" = Microsoft Office Proof (Italian) 2010
"{90140000-001F-0410-0000-0000000FF1CE}_Office14.PROPLUS_{C0743197-FFEE-4C19-BAEB-8F7437DC4C8A}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-002C-0407-0000-0000000FF1CE}" = Microsoft Office Proofing (German) 2010
"{90140000-002C-0407-0000-0000000FF1CE}_Office14.PROPLUS_{4275FB46-ABDF-4456-876C-17CF64294D9A}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-0044-0407-0000-0000000FF1CE}" = Microsoft Office InfoPath MUI (German) 2010
"{90140000-0044-0407-0000-0000000FF1CE}_Office14.PROPLUS_{69E54534-4569-4639-89E9-305B60A11601}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-006E-0407-0000-0000000FF1CE}" = Microsoft Office Shared MUI (German) 2010
"{90140000-006E-0407-0000-0000000FF1CE}_Office14.PROPLUS_{98EDFD9F-EA76-40CC-BCE9-92C69413F65B}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-00A1-0407-0000-0000000FF1CE}" = Microsoft Office OneNote MUI (German) 2010
"{90140000-00A1-0407-0000-0000000FF1CE}_Office14.PROPLUS_{69E54534-4569-4639-89E9-305B60A11601}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-00BA-0407-0000-0000000FF1CE}" = Microsoft Office Groove MUI (German) 2010
"{90140000-00BA-0407-0000-0000000FF1CE}_Office14.PROPLUS_{69E54534-4569-4639-89E9-305B60A11601}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{9193490D-5229-4FC4-9BB9-A6D63C09574A}" = High-Definition Video Playback
"{95120000-00B9-0409-0000-0000000FF1CE}" = Microsoft Application Error Reporting
"{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
"{9B6239BF-4E85-4590-8D72-51E30DB1A9AA}" = ASUS Power4Gear eXtreme
"{9BE518E6-ECC6-35A9-88E4-87755C07200F}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
"{9FC86590-AC98-4845-80D4-3EB37B51947B}" = Nero 11
"{A0F34849-D9AB-46DD-B1BE-BB0DB60B1FE8}" = Nero 11 Disc Menus 1
"{A2CDC001-F8B3-4C64-9E74-2E3FA0FAC9D9}" = Nero 11 Video Samples
"{A4F6BE36-4826-45BA-A396-04F265A3B61D}" = Nero 11 Kwik Themes 2
"{A7A0BF2E-31CC-49E3-9913-52C503EB969D}" = Nero Audio Pack 1
"{A9BDCA6B-3653-467B-AC83-94367DA3BFE3}" = Windows Live Photo Common
"{AB2BBC64-8AC8-4E66-BBF3-E22D5EACEECA}" = Nero BackItUp 11
"{AC76BA86-7AD7-1031-7B44-AA1000000001}" = Adobe Reader X (10.1.4) - Deutsch
"{ACD6B383-EC5B-4000-A455-CCB308B447FE}" = Nero 11 Kwik Themes 4
"{B160A672-F326-4414-9BB0-A056C61B357C}" = Nero 11 Cliparts
"{B1846721-A8E6-46C7-83B6-0DCF7ADB4267}" = Nero Burning ROM 11
"{B1F69AF3-B5B5-4CA5-ADC5-8A738EB6E574}" = Nero 11 Kwik Themes 1
"{B9B1BA7F-7E07-49DD-A713-5B397A5BB66B}" = Nero Kwik Media Help (CHM)
"{BA499CC0-12C0-4BA5-9007-76844B721158}" = Nero 11 Kwik Themes 3
"{BE814218-3919-4EA3-868A-2F60BC135CB4}" = Nero Kwik Media
"{BEBEE34D-84A2-4EDD-8BEA-96CC54371263}" = Nero Core Components 11
"{C2523AE6-F335-4D0B-BC15-1C07E4ACE629}" = Pro Evolution Soccer 2013
"{C2AB7DC4-489E-4BE9-887A-52262FBADBE0}" = Windows Live Photo Common
"{C6150D8A-86ED-41D3-87BB-F3BB51B0B77F}" = Windows Live ID Sign-in Assistant
"{CCE210DF-7EEF-4A76-A63C-3EB091FDB992}" = welcome
"{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}" = Microsoft .NET Framework 3.5 SP1
"{CE95A79E-E4FC-4FFF-8A75-29F04B942FF2}" = Windows Live UX Platform
"{D01CE99A-8802-483C-A79F-298B691EB432}" = Nero RescueAgent 11 Help (CHM)
"{D0795B21-0CDA-4a92-AB9E-6E92D8111E44}" = SAMSUNG USB Driver for Mobile Phones
"{D2CBEFA4-F2D3-4E97-A171-8BFD6A31A5EC}" = Nero Express 11 Help (CHM)
"{D3D54F3E-C5C3-443D-978F-87A72E5616E8}" = ATK Generic Function Service
"{D45240D3-B6B3-4FF9-B243-54ECE3E10066}" = Windows Live Communications Platform
"{D4D66270-9147-4BDF-9946-FCA2B303AA8F}" = Nero ControlCenter 11 Help (CHM)
"{DE66EFAD-B9CC-4FD4-9157-6C18E5100161}" = Dolby Control Center
"{E09C4DB7-630C-4F06-A631-8EA7239923AF}" = D3DX10
"{E10AAE4A-98B8-420A-BD93-E0520C23D624}" = Nero Express 11
"{E51BC4B0-EA5E-49CC-AF3B-93B5C627EC22}" = Nero 11 Effects Basic
"{E5B21F11-6933-4E0B-A25C-7963E3C07D11}" = Windows Live Messenger
"{E657B243-9AD4-4ECC-BE81-4CCF8D667FD0}" = ASUS Live Update
"{E737A098-F161-4B6F-AF22-86AAE34F6FBD}" = Pro Evolution Soccer 2012
"{EB8DED20-A887-4A9C-BB5A-F3E7523DFB44}" = Nero WaveEditor 11 Help (CHM)
"{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}" = Microsoft Visual C++ 2010  x86 Redistributable - 10.0.40219
"{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}" = Realtek High Definition Audio Driver
"{F3743A2C-5D5F-4456-8F98-5DF36A954C50}" = Nero 11 Image Samples
"{F40BBEC7-C2A4-4A00-9B24-7A055A2C5262}" = Microsoft Office Live Add-in 1.5
"{F49EF443-B2BD-4F10-8A46-87AFCDB90EDD}" = Nero 11 Disc Menus Basic
"{F69FB940-5031-4FE8-AFAD-085802D0BF63}" = Nero Recode 11
"{F750C986-5310-3A5A-95F8-4EC71C8AC01C}" = Microsoft .NET Framework 4 Client Profile DEU Language Pack
"{F8EF9B71-53E7-41F5-8E54-47B4C979CB38}" = Nero Backup Drivers
"{F95E4EE0-0C6E-4273-B6B9-91FD6F071D76}" = Windows Live Essentials
"{FAC3C37E-EDAB-4F3A-A173-A7C70CC88F09}" = Nero Video 11 Help (CHM)
"{FF44BCE5-5A18-4051-85F0-BC172D7B4695}" = Nero CoverDesigner 11
"1&1 Mail & Media GmbH Toolbar FF" = WEB.DE MailCheck für Mozilla Firefox
"7-Zip" = 7-Zip 9.20
"Adobe Flash Player ActiveX" = Adobe Flash Player 11 ActiveX
"Adobe Flash Player Plugin" = Adobe Flash Player 11 Plugin
"Avira AntiVir Desktop" = Avira Free Antivirus
"DAEMON Tools Lite" = DAEMON Tools Lite
"Digital Editions" = Adobe Digital Editions
"EPSON SX510W Series" = Druckerdeinstallation für EPSON SX510W Series
"InstallShield_{758C8301-2696-4855-AF45-534B1200980A}" = Samsung Kies
"Malwarebytes' Anti-Malware_is1" = Malwarebytes Anti-Malware Version 1.65.1.1000
"Microsoft .NET Framework 3.5 Language Pack SP1 - deu" = Microsoft .NET Framework 3.5 Language Pack SP1 - DEU
"Microsoft .NET Framework 3.5 SP1" = Microsoft .NET Framework 3.5 SP1
"Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile
"Microsoft .NET Framework 4 Client Profile DEU Language Pack" = Microsoft .NET Framework 4 Client Profile DEU Language Pack
"Mozilla Firefox 16.0.2 (x86 de)" = Mozilla Firefox 16.0.2 (x86 de)
"MozillaMaintenanceService" = Mozilla Maintenance Service
"NVIDIA Drivers" = NVIDIA Drivers
"Office14.PROPLUS" = Microsoft Office Professional Plus 2010
"SopCast" = SopCast 3.5.0
"SynTPDeinstKey" = Synaptics Pointing Device Driver
"USB2.0 UVC 1.3M WebCam" = USB2.0 UVC 1.3M WebCam
"WinLiveSuite" = Windows Live Essentials
 
========== HKEY_USERS Uninstall List ==========
 
[HKEY_USERS\S-1-5-21-3828175926-1959102714-3155801051-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"Dropbox" = Dropbox
 
========== Last 20 Event Log Errors ==========
 
[ Application Events ]
Error - 15.11.2012 13:20:28 | Computer Name = ASUS | Source = VSS | ID = 12289
Description = 
 
Error - 15.11.2012 13:20:29 | Computer Name = ASUS | Source = VSS | ID = 12289
Description = 
 
Error - 15.11.2012 13:26:32 | Computer Name = ASUS | Source = WinMgmt | ID = 10
Description = 
 
Error - 15.11.2012 14:09:27 | Computer Name = ASUS | Source = WinMgmt | ID = 10
Description = 
 
Error - 15.11.2012 15:17:36 | Computer Name = ASUS | Source = Application Error | ID = 1000
Description = Fehlerhafte Anwendung dqvfnd8d.exe, Version 1.0.15.15641, Zeitstempel
 0x4e21f2b1, fehlerhaftes Modul dqvfnd8d.exe, Version 1.0.15.15641, Zeitstempel 
0x4e21f2b1, Ausnahmecode 0xc0000005, Fehleroffset 0x0000c676,  Prozess-ID 0xc50, Anwendungsstartzeit
 01cdc36547f2cc4d.
 
Error - 15.11.2012 15:21:03 | Computer Name = ASUS | Source = WinMgmt | ID = 10
Description = 
 
Error - 15.11.2012 15:29:30 | Computer Name = ASUS | Source = Application Error | ID = 1000
Description = Fehlerhafte Anwendung wv05wrbt.exe, Version 1.0.15.15641, Zeitstempel
 0x4e21f2b1, fehlerhaftes Modul wv05wrbt.exe, Version 1.0.15.15641, Zeitstempel 
0x4e21f2b1, Ausnahmecode 0xc0000005, Fehleroffset 0x0000c676,  Prozess-ID 0x132c, 
Anwendungsstartzeit 01cdc3667e81f8f3.
 
Error - 15.11.2012 15:34:52 | Computer Name = ASUS | Source = Application Error | ID = 1000
Description = Fehlerhafte Anwendung wv05wrbt.exe, Version 1.0.15.15641, Zeitstempel
 0x4e21f2b1, fehlerhaftes Modul wv05wrbt.exe, Version 1.0.15.15641, Zeitstempel 
0x4e21f2b1, Ausnahmecode 0xc0000005, Fehleroffset 0x0000c676,  Prozess-ID 0x1300, 
Anwendungsstartzeit 01cdc367a2973a13.
 
Error - 15.11.2012 15:39:17 | Computer Name = ASUS | Source = Application Error | ID = 1000
Description = Fehlerhafte Anwendung wv05wrbt.exe, Version 1.0.15.15641, Zeitstempel
 0x4e21f2b1, fehlerhaftes Modul wv05wrbt.exe, Version 1.0.15.15641, Zeitstempel 
0x4e21f2b1, Ausnahmecode 0xc0000005, Fehleroffset 0x0000c676,  Prozess-ID 0x16cc, 
Anwendungsstartzeit 01cdc36872069703.
 
Error - 15.11.2012 15:51:45 | Computer Name = ASUS | Source = Application Error | ID = 1000
Description = Fehlerhafte Anwendung gmer.exe, Version 1.0.15.15641, Zeitstempel 
0x4e21f2b1, fehlerhaftes Modul gmer.exe, Version 1.0.15.15641, Zeitstempel 0x4e21f2b1,
 Ausnahmecode 0xc0000005, Fehleroffset 0x0000c676,  Prozess-ID 0x1794, Anwendungsstartzeit
 01cdc369ecd61593.
 
[ System Events ]
Error - 20.11.2012 18:03:44 | Computer Name = ASUS | Source = Service Control Manager | ID = 7030
Description = 
 
Error - 20.11.2012 18:08:15 | Computer Name = ASUS | Source = Service Control Manager | ID = 7030
Description = 
 
Error - 20.11.2012 18:11:44 | Computer Name = ASUS | Source = Service Control Manager | ID = 7030
Description = 
 
Error - 21.11.2012 05:23:33 | Computer Name = ASUS | Source = DCOM | ID = 10016
Description = 
 
Error - 21.11.2012 05:23:34 | Computer Name = ASUS | Source = DCOM | ID = 10016
Description = 
 
Error - 21.11.2012 05:23:58 | Computer Name = ASUS | Source = Microsoft-Windows-LanguagePackSetup | ID = 1001
Description = 
 
Error - 21.11.2012 07:54:37 | Computer Name = ASUS | Source = Service Control Manager | ID = 7011
Description = 
 
Error - 22.11.2012 15:59:35 | Computer Name = ASUS | Source = DCOM | ID = 10016
Description = 
 
Error - 22.11.2012 15:59:36 | Computer Name = ASUS | Source = DCOM | ID = 10016
Description = 
 
Error - 22.11.2012 16:00:14 | Computer Name = ASUS | Source = Microsoft-Windows-LanguagePackSetup | ID = 1001
Description = 
 
 
< End of report >
         
--- --- ---

OTL Logfile:
Code:
ATTFilter
OTL logfile created on: 22.11.2012 21:06:07 - Run 2
OTL by OldTimer - Version 3.2.69.0     Folder = c:\Users\Matthias\Desktop\Downloads\Downloads
Windows Vista Home Premium Edition Service Pack 2 (Version = 6.0.6002) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
 
3,00 Gb Total Physical Memory | 1,66 Gb Available Physical Memory | 55,42% Memory free
6,19 Gb Paging File | 4,91 Gb Available in Paging File | 79,32% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 454,04 Gb Total Space | 322,08 Gb Free Space | 70,94% Space Free | Partition Type: NTFS
Drive D: | 6,07 Gb Total Space | 0,00 Gb Free Space | 0,00% Space Free | Partition Type: UDF
 
Computer Name: ASUS | User Name: Matthias | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days
 
========== Processes (SafeList) ==========
 
PRC - C:\Program Files\Avira\AntiVir Desktop\sched.exe (Avira Operations GmbH & Co. KG)
PRC - C:\Program Files\Avira\AntiVir Desktop\avgnt.exe (Avira Operations GmbH & Co. KG)
PRC - C:\Program Files\Avira\AntiVir Desktop\avguard.exe (Avira Operations GmbH & Co. KG)
PRC - c:\Users\Matthias\Desktop\Downloads\Downloads\OTL.exe (OldTimer Tools)
PRC - C:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation)
PRC - C:\Program Files\Avira\AntiVir Desktop\avshadow.exe (Avira Operations GmbH & Co. KG)
PRC - C:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe (Adobe Systems Incorporated)
PRC - C:\Program Files\DAEMON Tools Lite\DTShellHlp.exe (DT Soft Ltd)
PRC - C:\Program Files\Nero\Update\NASvc.exe (Nero AG)
PRC - C:\Windows\explorer.exe (Microsoft Corporation)
PRC - C:\Windows\System32\spool\drivers\w32x86\3\E_FATIFIE.EXE (SEIKO EPSON CORPORATION)
PRC - C:\Program Files\WIDCOMM\Bluetooth Software\BtStackServer.exe (Broadcom Corporation.)
PRC - C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe (Broadcom Corporation.)
PRC - C:\Program Files\ASUS\ATKOSD2\ATKOSD2.exe (ASUS)
PRC - C:\Program Files\ASUS\ATK Hotkey\HControl.exe (ASUS)
PRC - C:\Program Files\P4G\BatteryLife.exe (ATK)
PRC - C:\Program Files\ASUS\ATK Hotkey\ATKOSD.exe (ASUS)
PRC - C:\Windows\RtHDVCpl.exe (Realtek Semiconductor)
PRC - C:\Program Files\ASUS\ATK Hotkey\WDC.exe ()
PRC - C:\Program Files\ASUS\ATK Hotkey\HControlUser.exe ()
PRC - C:\ProgramData\EPSON\EPW!3 SSRP\E_S40ST7.EXE (SEIKO EPSON CORPORATION)
PRC - C:\Program Files\ASUS\ASUS Live Update\ALU.exe ()
PRC - C:\Program Files\ASUS\ATK Hotkey\MsgTranAgt.exe ()
PRC - C:\Program Files\ASUS\ATK Hotkey\ASLDRSrv.exe ()
PRC - C:\Program Files\ASUS\ATK Hotkey\KBFiltr.exe ()
PRC - C:\Program Files\ATKGFNEX\GFNEXSrv.exe ()
PRC - C:\Program Files\Wireless Console 2\wcourier.exe ()
PRC - C:\ProgramData\EPSON\EPW!3 SSRP\E_S40RP7.EXE (SEIKO EPSON CORPORATION)
 
 
========== Modules (No Company Name) ==========
 
MOD - C:\Program Files\Mozilla Firefox\mozjs.dll ()
MOD - C:\PROGRA~1\COMMON~1\MICROS~1\OFFICE14\Cultures\office.odf ()
MOD - C:\Program Files\WIDCOMM\Bluetooth Software\btkeyind.dll ()
MOD - C:\Program Files\ASUS\ATK Hotkey\HControlUser.exe ()
MOD - C:\Program Files\ASUS\ASUS Live Update\ALU.exe ()
MOD - C:\Program Files\ASUS\ATK Hotkey\MsgTran.dll ()
 
 
========== Services (SafeList) ==========
 
SRV - (AntiVirSchedulerService) -- C:\Program Files\Avira\AntiVir Desktop\sched.exe (Avira Operations GmbH & Co. KG)
SRV - (AntiVirService) -- C:\Program Files\Avira\AntiVir Desktop\avguard.exe (Avira Operations GmbH & Co. KG)
SRV - (MozillaMaintenance) -- C:\Program Files\Mozilla Maintenance Service\maintenanceservice.exe (Mozilla Foundation)
SRV - (AdobeFlashPlayerUpdateSvc) -- C:\Windows\System32\Macromed\Flash\FlashPlayerUpdateService.exe (Adobe Systems Incorporated)
SRV - (Microsoft SharePoint Workspace Audit Service) -- C:\Program Files\Microsoft Office 2010\Office14\GROOVE.EXE (Microsoft Corporation)
SRV - (AdobeARMservice) -- C:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe (Adobe Systems Incorporated)
SRV - (WinHttpAutoProxySvc) -- winhttp.dll (Microsoft Corporation)
SRV - (NAUpdate) -- C:\Program Files\Nero\Update\NASvc.exe (Nero AG)
SRV - (WinDefend) -- C:\Program Files\Windows Defender\mpsvc.dll (Microsoft Corporation)
SRV - (EPSON_EB_RPCV4_01) -- C:\ProgramData\EPSON\EPW!3 SSRP\E_S40ST7.EXE (SEIKO EPSON CORPORATION)
SRV - (ASLDRService) -- C:\Program Files\ASUS\ATK Hotkey\ASLDRSrv.exe ()
SRV - (ATKGFNEXSrv) -- C:\Program Files\ATKGFNEX\GFNEXSrv.exe ()
SRV - (EPSON_PM_RPCV4_01) -- C:\ProgramData\EPSON\EPW!3 SSRP\E_S40RP7.EXE (SEIKO EPSON CORPORATION)
 
 
========== Driver Services (SafeList) ==========
 
DRV - (NwlnkFwd) -- system32\DRIVERS\nwlnkfwd.sys File not found
DRV - (NwlnkFlt) -- system32\DRIVERS\nwlnkflt.sys File not found
DRV - (IpInIp) -- system32\DRIVERS\ipinip.sys File not found
DRV - (catchme) -- C:\Users\Matthias\AppData\Local\Temp\catchme.sys File not found
DRV - (ASUSProcObsrv) -- D:\I386\AsProcOb.sys File not found
DRV - (avipbb) -- C:\Windows\System32\drivers\avipbb.sys (Avira Operations GmbH & Co. KG)
DRV - (avgntflt) -- C:\Windows\System32\drivers\avgntflt.sys (Avira Operations GmbH & Co. KG)
DRV - (avkmgr) -- C:\Windows\System32\drivers\avkmgr.sys (Avira Operations GmbH & Co. KG)
DRV - (ssmdrv) -- C:\Windows\System32\drivers\ssmdrv.sys (Avira GmbH)
DRV - (dtsoftbus01) -- C:\Windows\System32\drivers\dtsoftbus01.sys (DT Soft Ltd)
DRV - (NBVol) -- C:\Windows\System32\drivers\NBVol.sys (Nero AG)
DRV - (NBVolUp) -- C:\Windows\System32\drivers\NBVolUp.sys (Nero AG)
DRV - (ssadmdm) -- C:\Windows\System32\drivers\ssadmdm.sys (MCCI Corporation)
DRV - (ssadbus) -- C:\Windows\System32\drivers\ssadbus.sys (MCCI Corporation)
DRV - (ssadmdfl) -- C:\Windows\System32\drivers\ssadmdfl.sys (MCCI Corporation)
DRV - (NETw5v32) -- C:\Windows\System32\drivers\NETw5v32.sys (Intel Corporation)
DRV - (WSDScan) -- C:\Windows\System32\drivers\WSDScan.sys (Microsoft Corporation)
DRV - (nvlddmkm) -- C:\Windows\System32\drivers\nvlddmkm.sys (NVIDIA Corporation)
DRV - (NVHDA) -- C:\Windows\System32\drivers\nvhda32v.sys (NVIDIA Corporation)
DRV - (rimmptsk) -- C:\Windows\System32\drivers\rimmptsk.sys (REDC)
DRV - (kbfiltr) -- C:\Windows\System32\drivers\kbfiltr.sys ( )
DRV - (SNP2UVC) -- C:\Windows\System32\drivers\snp2uvc.sys ()
DRV - (RTL8169) -- C:\Windows\System32\drivers\Rtlh86.sys (Realtek Corporation                                            )
DRV - (WSDPrintDevice) -- C:\Windows\System32\drivers\WSDPrint.sys (Microsoft Corporation)
DRV - (itecir) -- C:\Windows\System32\drivers\itecir.sys (ITE Tech. Inc. )
DRV - (rismxdp) -- C:\Windows\System32\drivers\rixdptsk.sys (REDC)
DRV - (rimsptsk) -- C:\Windows\System32\drivers\rimsptsk.sys (REDC)
DRV - (ASMMAP) -- C:\Program Files\ATKGFNEX\ASMMAP.sys ()
DRV - (MTsensor) -- C:\Windows\System32\drivers\ATKACPI.sys (ATK0100)
DRV - (smserial) -- C:\Windows\System32\drivers\smserial.sys (Motorola Inc.)
 
 
========== Standard Registry (SafeList) ==========
 
 
========== Internet Explorer ==========
 
IE - HKLM\..\SearchScopes,DefaultScope = 
IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&FORM=IE8SRC
 
 
IE - HKU\.DEFAULT\..\SearchScopes,DefaultScope = 
IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
 
IE - HKU\S-1-5-18\..\SearchScopes,DefaultScope = 
IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
 
IE - HKU\S-1-5-19\..\SearchScopes,DefaultScope = 
 
IE - HKU\S-1-5-20\..\SearchScopes,DefaultScope = 
 
IE - HKU\S-1-5-21-3828175926-1959102714-3155801051-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.asus.com/
IE - HKU\S-1-5-21-3828175926-1959102714-3155801051-1000\SOFTWARE\Microsoft\Internet Explorer\Main,StartPageCache = 1
IE - HKU\S-1-5-21-3828175926-1959102714-3155801051-1000\..\SearchScopes,DefaultScope = 
IE - HKU\S-1-5-21-3828175926-1959102714-3155801051-1000\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&src=IE-SearchBox&FORM=IE8SRC
IE - HKU\S-1-5-21-3828175926-1959102714-3155801051-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
 
========== FireFox ==========
 
FF - prefs.js..browser.search.update: false
FF - prefs.js..browser.search.useDBForOrder: true
FF - user.js - File not found
 
FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF32_11_4_402_287.dll ()
FF - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=10.7.2: C:\Windows\system32\npDeployJava1.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin,version=10.7.2: C:\Program Files\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files\Microsoft Silverlight\5.1.10411.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeAuthz,version=14.0: C:\PROGRA~1\MICROS~3\Office14\NPAUTHZ.DLL (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeLive,version=1.5: C:\Program Files\Microsoft\Office Live\npOLW.dll (Microsoft Corp.)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/SharePoint,version=14.0: C:\PROGRA~1\MICROS~3\Office14\NPSPWRAP.DLL (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WPF,version=3.5: c:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@Nero.com/KM: C:\PROGRA~1\COMMON~1\Nero\BROWSE~1\NPBROW~1.DLL (Nero AG)
FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
 
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 16.0.2\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2012.10.28 13:12:36 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 16.0.2\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins
FF - HKEY_CURRENT_USER\software\mozilla\Firefox\extensions\\{33044118-6597-4D2F-ABEA-7974BB185379}: C:\Users\Matthias\AppData\Roaming\16001.010
FF - HKEY_CURRENT_USER\software\mozilla\Mozilla Firefox 16.0.2\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2012.10.28 13:12:36 | 000,000,000 | ---D | M]
FF - HKEY_CURRENT_USER\software\mozilla\Mozilla Firefox 16.0.2\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins
 
[2012.04.29 10:44:22 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Matthias\AppData\Roaming\mozilla\Extensions
[2012.11.14 20:42:58 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Matthias\AppData\Roaming\mozilla\Firefox\Profiles\8wrvuf1v.default\extensions
[2012.10.31 22:38:20 | 000,000,000 | ---D | M] (DownloadHelper) -- C:\Users\Matthias\AppData\Roaming\mozilla\Firefox\Profiles\8wrvuf1v.default\extensions\{b9db16a4-6edc-47ec-a1f4-b86292ed211d}
[2012.09.22 17:34:55 | 000,550,833 | ---- | M] () (No name found) -- C:\Users\Matthias\AppData\Roaming\mozilla\firefox\profiles\8wrvuf1v.default\extensions\DivXWebPlayer@divx.com.xpi
[2012.11.14 20:42:58 | 000,565,762 | ---- | M] () (No name found) -- C:\Users\Matthias\AppData\Roaming\mozilla\firefox\profiles\8wrvuf1v.default\extensions\toolbar@web.de.xpi
[2012.07.27 16:27:22 | 000,741,958 | ---- | M] () (No name found) -- C:\Users\Matthias\AppData\Roaming\mozilla\firefox\profiles\8wrvuf1v.default\extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}.xpi
[2012.11.14 20:43:05 | 000,002,273 | ---- | M] () -- C:\Users\Matthias\AppData\Roaming\mozilla\firefox\profiles\8wrvuf1v.default\searchplugins\englische-ergebnisse.xml
[2012.11.14 20:43:05 | 000,010,563 | ---- | M] () -- C:\Users\Matthias\AppData\Roaming\mozilla\firefox\profiles\8wrvuf1v.default\searchplugins\gmx-suche.xml
[2012.11.14 20:43:05 | 000,002,432 | ---- | M] () -- C:\Users\Matthias\AppData\Roaming\mozilla\firefox\profiles\8wrvuf1v.default\searchplugins\lastminute.xml
[2012.11.14 20:43:05 | 000,005,545 | ---- | M] () -- C:\Users\Matthias\AppData\Roaming\mozilla\firefox\profiles\8wrvuf1v.default\searchplugins\webde-suche.xml
[2012.10.28 13:12:33 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files\mozilla firefox\extensions
[2012.10.28 13:12:36 | 000,261,600 | ---- | M] (Mozilla Foundation) -- C:\Program Files\mozilla firefox\components\browsercomps.dll
[2012.04.21 02:54:08 | 000,001,392 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\amazondotcom-de.xml
[2012.09.28 10:33:05 | 000,002,465 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\bing.xml
[2012.04.21 02:54:08 | 000,001,153 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\eBay-de.xml
[2012.04.21 02:54:08 | 000,006,805 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\leo_ende_de.xml
[2012.04.21 02:54:08 | 000,001,178 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\wikipedia-de.xml
[2012.04.21 02:54:08 | 000,001,105 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\yahoo-de.xml
 
O1 HOSTS File: ([2012.11.20 23:11:41 | 000,000,027 | ---- | M]) - C:\Windows\System32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1       localhost
O2 - BHO: (Groove GFS Browser Helper) - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\PROGRA~1\MICROS~3\Office14\GROOVEEX.DLL (Microsoft Corporation)
O2 - BHO: (Java(tm) Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre7\bin\ssv.dll (Oracle Corporation)
O2 - BHO: (Office Document Cache Handler) - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\PROGRA~1\MICROS~3\Office14\URLREDIR.DLL (Microsoft Corporation)
O2 - BHO: (Java(tm) Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
O4 - HKLM..\Run: [ATKOSD2] C:\Program Files\ASUS\ATKOSD2\ATKOSD2.exe (ASUS)
O4 - HKLM..\Run: [avgnt] C:\Program Files\Avira\AntiVir Desktop\avgnt.exe (Avira Operations GmbH & Co. KG)
O4 - HKLM..\Run: [HControlUser] C:\Program Files\ASUS\ATK Hotkey\HControlUser.exe ()
O4 - HKLM..\Run: [NBAgent] C:\Program Files\Nero\Nero 11\Nero BackItUp\NBAgent.exe (Nero AG)
O4 - HKLM..\Run: [NvCplDaemon] C:\Windows\System32\NvCpl.dll (NVIDIA Corporation)
O4 - HKLM..\Run: [NvMediaCenter] C:\Windows\System32\NvMcTray.dll (NVIDIA Corporation)
O4 - HKLM..\Run: [RtHDVCpl] C:\Windows\RtHDVCpl.exe (Realtek Semiconductor)
O4 - HKU\S-1-5-21-3828175926-1959102714-3155801051-1000..\Run: [EPSON] C:\Windows\System32\spool\DRIVERS\W32X86\3\E_FATIFIE.EXE (SEIKO EPSON CORPORATION)
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableLinkedConnections = 1
O7 - HKU\.DEFAULT\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-18\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-19\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-20\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-21-3828175926-1959102714-3155801051-1000\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-21-3828175926-1959102714-3155801051-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O8 - Extra context menu item: Nach Microsoft E&xcel exportieren - res://C:\PROGRA~1\MICROS~3\Office14\EXCEL.EXE/3000 File not found
O9 - Extra Button: ICQ7.7 - {77F665FD-3F60-4B0A-AE14-EC124B7A7FCE} - C:\Program Files\ICQ7.7\ICQ.exe (ICQ, LLC.)
O9 - Extra 'Tools' menuitem : ICQ7.7 - {77F665FD-3F60-4B0A-AE14-EC124B7A7FCE} - C:\Program Files\ICQ7.7\ICQ.exe (ICQ, LLC.)
O9 - Extra Button: Recherchieren - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL File not found
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab (Reg Error: Value error.)
O16 - DPF: {CAFEEFAC-0016-0000-0031-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab (Java Plug-in 1.6.0_31)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab (Java Plug-in 10.7.2)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{9215ADB6-5E01-4E39-A131-6199B19897DE}: DhcpNameServer = 192.168.1.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{BF83EC1F-8E10-4E5C-9187-E3EACC26DD97}: DhcpNameServer = 192.168.1.1
O18 - Protocol\Handler\mso-offdap11 {32505114-5902-49B2-880A-1F7738E5A384} - C:\PROGRA~1\COMMON~1\MICROS~1\WEBCOM~1\11\OWC11.DLL (Microsoft Corporation)
O18 - Protocol\Filter\application/octet-stream {1E66F26B-79EE-11D2-8710-00C04F79ED0D} - mscoree.dll (Microsoft Corporation)
O18 - Protocol\Filter\application/x-complus {1E66F26B-79EE-11D2-8710-00C04F79ED0D} - mscoree.dll (Microsoft Corporation)
O18 - Protocol\Filter\application/x-msdownload {1E66F26B-79EE-11D2-8710-00C04F79ED0D} - mscoree.dll (Microsoft Corporation)
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\System32\userinit.exe (Microsoft Corporation)
O24 - Desktop WallPaper: C:\Windows\ASUS\wallpapers\ASUS.jpg
O24 - Desktop BackupWallPaper: C:\Windows\ASUS\wallpapers\ASUS.jpg
O28 - HKLM ShellExecuteHooks: {B5A7F190-DDA6-4420-B3BA-52453494E6CD} - C:\PROGRA~1\MICROS~3\Office14\GROOVEEX.DLL (Microsoft Corporation)
O29 - HKLM SecurityProviders - (credssp.dll) - credssp.dll (Microsoft Corporation)
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2006.09.18 22:43:36 | 000,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ]
O32 - AutoRun File - [2012.08.13 19:01:35 | 000,348,080 | R--- | M] (Konami Digital Entertainment Co., Ltd.) - D:\autorun.exe -- [ UDF ]
O32 - AutoRun File - [2012.08.13 19:01:35 | 000,000,047 | R--- | M] () - D:\Autorun.inf -- [ UDF ]
O34 - HKLM BootExecute: (autocheck autochk *)
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = ComFile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)
 
========== Files/Folders - Created Within 30 Days ==========
 
[2012.11.20 23:14:00 | 000,000,000 | -HSD | C] -- C:\$RECYCLE.BIN
[2012.11.20 23:13:59 | 000,000,000 | ---D | C] -- C:\Windows\temp
[2012.11.20 23:13:59 | 000,000,000 | ---D | C] -- C:\Users\Matthias\AppData\Local\temp
[2012.11.20 23:02:40 | 000,000,000 | ---D | C] -- C:\ComboFix
[2012.11.20 19:32:45 | 000,518,144 | ---- | C] (SteelWerX) -- C:\Windows\SWREG.exe
[2012.11.20 19:32:45 | 000,406,528 | ---- | C] (SteelWerX) -- C:\Windows\SWSC.exe
[2012.11.20 19:32:45 | 000,060,416 | ---- | C] (NirSoft) -- C:\Windows\NIRCMD.exe
[2012.11.20 19:32:38 | 000,000,000 | ---D | C] -- C:\Qoobox
[2012.11.20 19:32:11 | 000,000,000 | ---D | C] -- C:\Windows\erdnt
[2012.11.20 19:29:44 | 005,004,421 | R--- | C] (Swearware) -- C:\Users\Matthias\Desktop\ComboFix.exe
[2012.11.19 21:16:53 | 002,213,976 | ---- | C] (Kaspersky Lab ZAO) -- C:\Users\Matthias\Desktop\tdsskiller.exe
[2012.11.19 20:55:35 | 004,732,416 | ---- | C] (AVAST Software) -- C:\Users\Matthias\Desktop\aswMBR.exe
[2012.11.15 18:39:53 | 000,000,000 | ---D | C] -- C:\Users\Matthias\AppData\Roaming\Malwarebytes
[2012.11.15 18:39:40 | 000,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes
[2012.11.15 18:39:38 | 000,022,856 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbam.sys
[2012.11.15 18:39:37 | 000,000,000 | ---D | C] -- C:\Program Files\Malwarebytes' Anti-Malware
[2012.11.15 18:30:48 | 000,000,000 | ---D | C] -- C:\Users\Matthias\AppData\Roaming\Avira
[2012.11.15 18:14:20 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Avira
[2012.11.15 18:14:12 | 000,133,824 | ---- | C] (Avira Operations GmbH & Co. KG) -- C:\Windows\System32\drivers\avipbb.sys
[2012.11.15 18:14:12 | 000,083,432 | ---- | C] (Avira Operations GmbH & Co. KG) -- C:\Windows\System32\drivers\avgntflt.sys
[2012.11.15 18:14:12 | 000,036,552 | ---- | C] (Avira Operations GmbH & Co. KG) -- C:\Windows\System32\drivers\avkmgr.sys
[2012.11.15 18:14:12 | 000,028,520 | ---- | C] (Avira GmbH) -- C:\Windows\System32\drivers\ssmdrv.sys
[2012.11.15 18:14:03 | 000,000,000 | ---D | C] -- C:\ProgramData\Avira
[2012.11.15 18:14:03 | 000,000,000 | ---D | C] -- C:\Program Files\Avira
[2012.11.14 21:06:24 | 002,382,848 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mshtml.tlb
[2012.11.14 21:06:24 | 000,176,640 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ieui.dll
[2012.11.14 21:06:24 | 000,142,848 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ieUnatt.exe
[2012.11.14 21:06:24 | 000,065,024 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\jsproxy.dll
[2012.11.14 21:06:23 | 001,800,704 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\jscript9.dll
[2012.11.14 21:06:23 | 000,607,744 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\msfeeds.dll
[2012.11.14 21:06:23 | 000,231,936 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\url.dll
[2012.11.14 21:06:22 | 001,427,968 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\inetcpl.cpl
[2012.11.14 21:03:10 | 002,047,488 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\win32k.sys
[2012.11.14 21:03:10 | 000,075,776 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\synceng.dll
[2012.11.04 23:06:18 | 000,000,000 | ---D | C] -- C:\Users\Matthias\Documents\My Digital Editions
[2012.11.04 22:54:03 | 000,000,000 | ---D | C] -- C:\Program Files\WEB.DE MailCheck
[2012.11.01 17:21:50 | 000,000,000 | ---D | C] -- C:\Users\Matthias\AppData\Local\{D189FE92-C8F3-4072-8A9F-92BD6EA1CBD6}
[2012.10.31 23:29:42 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\7-Zip
[2012.10.31 23:29:42 | 000,000,000 | ---D | C] -- C:\Program Files\7-Zip
[2012.10.29 18:17:17 | 000,000,000 | ---D | C] -- C:\Users\Matthias\AppData\Local\{972C01DF-9F01-4A56-A85B-6BDE1BBC6043}
[2012.10.28 21:54:01 | 000,000,000 | ---D | C] -- C:\Users\Matthias\AppData\Local\{542AE0FF-F127-43E8-9153-C0F5F62DA466}
[2012.10.28 14:08:35 | 000,000,000 | ---D | C] -- C:\Users\Matthias\AppData\Roaming\Media Player Classic
[2012.10.28 14:07:44 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\MPC-HC
[2012.10.28 14:07:43 | 000,000,000 | ---D | C] -- C:\Program Files\MPC-HC
[2012.10.28 13:12:33 | 000,000,000 | ---D | C] -- C:\Program Files\Mozilla Firefox
[2012.10.27 19:06:12 | 000,000,000 | ---D | C] -- C:\Users\Matthias\AppData\Local\{E94F5910-A87C-41EB-A181-8D35A4406D29}
[2012.10.27 13:51:15 | 000,000,000 | ---D | C] -- C:\Users\Matthias\dwhelper
[2012.10.25 21:48:45 | 000,000,000 | ---D | C] -- C:\Users\Matthias\AppData\Local\{7FE135B6-DB31-44A3-9037-3B73CBD0E488}
 
========== Files - Modified Within 30 Days ==========
 
[2012.11.22 21:04:18 | 000,628,742 | ---- | M] () -- C:\Windows\System32\perfh007.dat
[2012.11.22 21:04:18 | 000,595,996 | ---- | M] () -- C:\Windows\System32\perfh009.dat
[2012.11.22 21:04:18 | 000,126,454 | ---- | M] () -- C:\Windows\System32\perfc007.dat
[2012.11.22 21:04:18 | 000,104,070 | ---- | M] () -- C:\Windows\System32\perfc009.dat
[2012.11.22 20:58:45 | 000,028,124 | ---- | M] () -- C:\ProgramData\nvModes.001
[2012.11.22 20:58:35 | 000,003,616 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0
[2012.11.22 20:58:35 | 000,003,616 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0
[2012.11.22 20:58:32 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2012.11.22 20:58:25 | 3220,295,680 | -HS- | M] () -- C:\hiberfil.sys
[2012.11.22 20:57:18 | 000,001,076 | ---- | M] () -- C:\Windows\bthservsdp.dat
[2012.11.22 20:54:37 | 000,000,884 | ---- | M] () -- C:\Windows\tasks\Adobe Flash Player Updater.job
[2012.11.22 19:17:59 | 000,543,531 | ---- | M] () -- C:\Users\Matthias\Desktop\adwcleaner.exe
[2012.11.21 17:22:45 | 000,028,124 | ---- | M] () -- C:\ProgramData\nvModes.dat
[2012.11.20 23:11:41 | 000,000,027 | ---- | M] () -- C:\Windows\System32\drivers\etc\hosts
[2012.11.20 19:30:06 | 005,004,421 | R--- | M] (Swearware) -- C:\Users\Matthias\Desktop\ComboFix.exe
[2012.11.19 21:16:56 | 002,213,976 | ---- | M] (Kaspersky Lab ZAO) -- C:\Users\Matthias\Desktop\tdsskiller.exe
[2012.11.19 21:15:24 | 000,000,512 | ---- | M] () -- C:\Users\Matthias\Desktop\MBR.dat
[2012.11.19 20:56:08 | 004,732,416 | ---- | M] (AVAST Software) -- C:\Users\Matthias\Desktop\aswMBR.exe
[2012.11.16 16:49:34 | 000,133,824 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\Windows\System32\drivers\avipbb.sys
[2012.11.16 16:49:34 | 000,083,432 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\Windows\System32\drivers\avgntflt.sys
[2012.11.16 16:49:34 | 000,036,552 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\Windows\System32\drivers\avkmgr.sys
[2012.11.15 21:48:29 | 000,037,186 | ---- | M] () -- C:\Users\Matthias\Desktop\gmer.7z
[2012.11.15 21:47:57 | 000,352,680 | ---- | M] () -- C:\Users\Matthias\Desktop\gmer.zip
[2012.11.15 19:33:55 | 000,000,000 | ---- | M] () -- C:\Users\Matthias\defogger_reenable
[2012.11.15 18:39:41 | 000,000,913 | ---- | M] () -- C:\Users\Public\Desktop\ Malwarebytes Anti-Malware .lnk
[2012.11.15 18:28:29 | 000,000,016 | ---- | M] () -- C:\Users\Matthias\AppData\Roaming\blckdom.res
[2012.11.15 18:20:52 | 000,065,536 | ---- | M] () -- C:\Users\Matthias\AppData\Roaming\8wrvuf1v.default.dat
[2012.11.15 18:14:20 | 000,001,854 | ---- | M] () -- C:\Users\Public\Desktop\Avira Control Center.lnk
[2012.11.14 22:28:16 | 000,076,348 | ---- | M] () -- C:\ProgramData\xlyzzfsifuliryl
[2012.11.14 21:20:03 | 000,251,008 | ---- | M] () -- C:\Windows\System32\FNTCACHE.DAT
[2012.11.14 16:25:46 | 000,000,680 | ---- | M] () -- C:\Users\Matthias\AppData\Local\d3d9caps.dat
[2012.10.28 14:07:45 | 000,001,677 | ---- | M] () -- C:\Users\Matthias\Desktop\MPC-HC.lnk
 
========== Files Created - No Company Name ==========
 
[2012.11.22 19:17:58 | 000,543,531 | ---- | C] () -- C:\Users\Matthias\Desktop\adwcleaner.exe
[2012.11.20 19:32:45 | 000,256,000 | ---- | C] () -- C:\Windows\PEV.exe
[2012.11.20 19:32:45 | 000,208,896 | ---- | C] () -- C:\Windows\MBR.exe
[2012.11.20 19:32:45 | 000,098,816 | ---- | C] () -- C:\Windows\sed.exe
[2012.11.20 19:32:45 | 000,080,412 | ---- | C] () -- C:\Windows\grep.exe
[2012.11.20 19:32:45 | 000,068,096 | ---- | C] () -- C:\Windows\zip.exe
[2012.11.19 21:15:24 | 000,000,512 | ---- | C] () -- C:\Users\Matthias\Desktop\MBR.dat
[2012.11.15 21:48:28 | 000,037,186 | ---- | C] () -- C:\Users\Matthias\Desktop\gmer.7z
[2012.11.15 20:46:26 | 000,302,592 | ---- | C] () -- C:\Users\Matthias\Desktop\gmer.exe
[2012.11.15 20:45:06 | 000,352,680 | ---- | C] () -- C:\Users\Matthias\Desktop\gmer.zip
[2012.11.15 19:33:55 | 000,000,000 | ---- | C] () -- C:\Users\Matthias\defogger_reenable
[2012.11.15 18:39:41 | 000,000,913 | ---- | C] () -- C:\Users\Public\Desktop\ Malwarebytes Anti-Malware .lnk
[2012.11.15 18:14:20 | 000,001,854 | ---- | C] () -- C:\Users\Public\Desktop\Avira Control Center.lnk
[2012.11.14 22:35:59 | 3220,295,680 | -HS- | C] () -- C:\hiberfil.sys
[2012.11.14 22:28:13 | 000,076,348 | ---- | C] () -- C:\ProgramData\xlyzzfsifuliryl
[2012.11.09 15:39:43 | 000,000,016 | ---- | C] () -- C:\Users\Matthias\AppData\Roaming\blckdom.res
[2012.11.09 15:39:35 | 000,065,536 | ---- | C] () -- C:\Users\Matthias\AppData\Roaming\8wrvuf1v.default.dat
[2012.10.28 14:07:45 | 000,001,677 | ---- | C] () -- C:\Users\Matthias\Desktop\MPC-HC.lnk
[2012.09.05 19:44:39 | 000,004,608 | ---- | C] () -- C:\Users\Matthias\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2012.05.01 19:00:04 | 000,000,400 | ---- | C] () -- C:\Windows\ODBC.INI
[2012.05.01 11:58:43 | 000,117,248 | ---- | C] () -- C:\Windows\System32\EhStorAuthn.dll
[2012.05.01 11:58:43 | 000,107,612 | ---- | C] () -- C:\Windows\System32\StructuredQuerySchema.bin
[2012.04.28 15:48:15 | 000,028,124 | ---- | C] () -- C:\ProgramData\nvModes.001
[2012.04.28 15:41:42 | 000,028,124 | ---- | C] () -- C:\ProgramData\nvModes.dat
[2012.04.28 08:48:22 | 000,018,904 | ---- | C] () -- C:\Windows\System32\StructuredQuerySchemaTrivial.bin
[2012.04.28 01:05:46 | 000,015,928 | ---- | C] ( ) -- C:\Windows\System32\drivers\kbfiltr.sys
[2012.04.28 00:19:37 | 000,001,076 | ---- | C] () -- C:\Windows\bthservsdp.dat
[2012.04.27 21:48:05 | 001,060,424 | ---- | C] () -- C:\Windows\System32\WdfCoInstaller01000.dll
[2012.04.27 21:32:23 | 001,772,544 | ---- | C] () -- C:\Windows\System32\drivers\snp2uvc.sys
[2012.04.27 21:32:23 | 000,176,128 | ---- | C] ( ) -- C:\Windows\System32\csnp2uvc.dll
[2012.04.27 21:32:23 | 000,028,160 | ---- | C] () -- C:\Windows\System32\drivers\sncduvc.sys
[2012.04.27 21:32:23 | 000,015,497 | ---- | C] () -- C:\Windows\snp2uvc.ini
[2012.04.27 15:47:06 | 000,000,680 | ---- | C] () -- C:\Users\Matthias\AppData\Local\d3d9caps.dat
[2012.03.28 21:11:08 | 000,030,568 | ---- | C] () -- C:\Windows\MusiccityDownload.exe
[2012.03.28 21:11:06 | 000,974,848 | ---- | C] () -- C:\Windows\System32\cis-2.4.dll
[2012.03.28 21:11:06 | 000,081,920 | ---- | C] () -- C:\Windows\System32\issacapi_bs-2.3.dll
[2012.03.28 21:11:06 | 000,065,536 | ---- | C] () -- C:\Windows\System32\issacapi_pe-2.3.dll
[2012.03.28 21:11:06 | 000,057,344 | ---- | C] () -- C:\Windows\System32\issacapi_se-2.3.dll
 
========== ZeroAccess Check ==========
 
[2006.11.02 13:54:22 | 000,000,227 | RHS- | M] () -- C:\Windows\assembly\Desktop.ini
 
[HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
 
[HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32]
 
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
"" = %SystemRoot%\system32\shell32.dll -- [2012.06.08 18:47:00 | 011,586,048 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment
 
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32]
"" = %systemroot%\system32\wbem\fastprox.dll -- [2009.04.11 07:28:19 | 000,614,912 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free
 
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32]
"" = %systemroot%\system32\wbem\wbemess.dll -- [2009.04.11 07:28:25 | 000,347,648 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Both

< End of report >
         
--- --- ---

Alt 22.11.2012, 21:21   #15
cosinus
/// Winkelfunktion
/// TB-Süch-Tiger™
 
TR/Spy.Banker.Gen8 - Standard

TR/Spy.Banker.Gen8



Fixen mit OTL

  • Starte bitte die OTL.exe.
  • Kopiere nun den Inhalt aus der Codebox in die Textbox.
Code:
ATTFilter
:Files
C:\ProgramData\xlyzzfsifuliryl
C:\Users\Matthias\AppData\Roaming\blckdom.res
C:\Users\Matthias\AppData\Roaming\8wrvuf1v.default.dat
ipconfig /flushdns /c
:Commands
[purity]
[emptytemp]
[resethosts]
         
  • Solltest du deinen Benutzernamen z. B. durch "*****" unkenntlich gemacht haben, so füge an entsprechender Stelle deinen richtigen Benutzernamen ein. Andernfalls wird der Fix nicht funktionieren.
  • Schließe bitte nun alle Programme.
  • Klicke nun bitte auf den Fix Button.
  • OTL kann gegebenfalls einen Neustart verlangen. Bitte dies zulassen.
  • Nach dem Neustart findest Du ein Textdokument auf deinem Desktop.
    ( Auch zu finden unter C:\_OTL\MovedFiles\<Uhrzeit_Datum>.txt)
    Kopiere nun den Inhalt hier in Deinen Thread
__________________
Logfiles bitte immer in CODE-Tags posten

Antwort

Themen zu TR/Spy.Banker.Gen8
7-zip, adobe, autorun, avira, backdoor.agent, defender, desktop, dllhost.exe, error, excel, flash player, format, home, iexplore.exe, install.exe, logfile, mozilla, ntdll.dll, plug-in, realtek, registry, rundll, scan, security, software, trojan.banker, udp, usb, vista, wallpapers




Ähnliche Themen: TR/Spy.Banker.Gen8


  1. TR/Patched/Ren.Gen8 - Befall!
    Plagegeister aller Art und deren Bekämpfung - 19.02.2015 (7)
  2. TR/Crypt.ZPACK.Gen8 + TR/Injector.M
    Plagegeister aller Art und deren Bekämpfung - 14.05.2013 (9)
  3. C:TR/Crypt.ZPACK.Gen8
    Log-Analyse und Auswertung - 12.03.2013 (23)
  4. TR/Crypt.EPACK.Gen2 / TR/Spy.Banker.Gen8
    Plagegeister aller Art und deren Bekämpfung - 22.11.2012 (5)
  5. Avira findet TR/Spy.Banker.Gen8 und TR/Crypt.EPACK.Gen2 - wie werd ich die wieder los?
    Log-Analyse und Auswertung - 14.11.2012 (8)
  6. Avira findet TR/Crypt.ZPACK.Gen8, TR/Vcaredrix.A.3 und Tr/Crpyt.EPACK.Gen8
    Plagegeister aller Art und deren Bekämpfung - 30.08.2012 (21)
  7. Trojan.Banker / Spy.Banker - weitere Vorgehensweise?
    Plagegeister aller Art und deren Bekämpfung - 17.07.2012 (7)
  8. TR/Crypt.ZPACK.GEN8
    Log-Analyse und Auswertung - 09.06.2012 (6)
  9. TR/Crypt.ZPACK.Gen8 - Virusproblem
    Log-Analyse und Auswertung - 17.05.2012 (10)
  10. TR/ATRAPS.Gen + TR/Rootkit.Gen8
    Plagegeister aller Art und deren Bekämpfung - 25.04.2012 (20)
  11. TR/Crypt.ZPack.Gen8 - Entfernung
    Plagegeister aller Art und deren Bekämpfung - 25.04.2012 (1)
  12. TR/Rootkit.Gen8 plötzlich erschienen
    Plagegeister aller Art und deren Bekämpfung - 23.04.2012 (7)
  13. TR/MediyesH.A.9 TR/Rootkit.Gen8 TR/ATRAPS.gen
    Log-Analyse und Auswertung - 08.04.2012 (16)
  14. erst TR/Spy.Banker.Gen2 gefunden, dann TR/PSW.Banker.O.33
    Log-Analyse und Auswertung - 28.03.2012 (26)
  15. Trojanisches Pferd TR/Banker.Banker.aywq gefunden
    Plagegeister aller Art und deren Bekämpfung - 10.11.2010 (7)
  16. TR/Banker.MultiBanker.acv, TR/Banker/MultiBankerack und TR/Kazy.2369.7
    Plagegeister aller Art und deren Bekämpfung - 09.11.2010 (1)
  17. TR/Banker.Banker.aits in iexplore.exe
    Plagegeister aller Art und deren Bekämpfung - 03.06.2009 (1)

Zum Thema TR/Spy.Banker.Gen8 - Hi zusammen, leider habe ich mir den TR/Spy.Banker.Gen8 eingefangen. Ich hoffe mir kann geholfen werden, den Dreck von meinem Laptop sicher und rückstandslos zu entfernen. Die Meldung kam über AVIRA, - TR/Spy.Banker.Gen8...
Archiv
Du betrachtest: TR/Spy.Banker.Gen8 auf Trojaner-Board

Search Engine Optimization by vBSEO ©2011, Crawlability, Inc.