Zurück   Trojaner-Board > Malware entfernen > Log-Analyse und Auswertung
Gema-Trojaner und weitere Funde

Gema-Trojaner und weitere Funde


Log-Analyse und Auswertung: Gema-Trojaner und weitere Funde

Windows 7 Wenn Du Dir einen Trojaner eingefangen hast oder ständig Viren Warnungen bekommst, kannst Du hier die Logs unserer Diagnose Tools zwecks Auswertung durch unsere Experten posten. Um Viren und Trojaner entfernen zu können, muss das infizierte System zuerst untersucht werden: Erste Schritte zur Hilfe. Beachte dass ein infiziertes System nicht vertrauenswürdig ist und bis zur vollständigen Entfernung der Malware nicht verwendet werden sollte.XML.

Antwort
Seite 1 von 2 1 2
Alt 18.11.2011, 10:04   #1
BastianX75
 
Gema-Trojaner und weitere Funde - Standard

Gema-Trojaner und weitere Funde


Hallo,

ich habe den Laptop von meiner Tante bekommen um diesen wieder zum laufen zu bekommen.

Der Gema-Trojaner hatte den Zugriff darauf blockiert. Mit Hilfe der Norton Bootable Recovery Toools CD bin ich wieder rein gekommen.

Das erste was ich festgestellt habe, war das komplette Fehlen einer Antiviren-Softare. Daraufhin habe ich Avira-Free installieren wollen. Diese meldete mir, daß ich zuerst Norton Internet Security deinstallieren müsste. Norton war aber nicht in der installierten Software vorhanen. Daher habe ich mit CC-Cleaner die Registry bereinigt (Log vorhanden falls benötigt) und Avira dann installiert.

Daraufhin wurden von Avira einige Treffer gemeldet, die dann gelöscht wurden. (Logs vorhanden falls benötigt)

Zitat:
Die Datei 'C:\Windows\System32\config\systemprofile\AppData\Local\keraipx.dll'
enthielt einen Virus oder unerwünschtes Programm 'TR/Spy.Gen' [trojan].
Durchgeführte Aktion(en):
Die Datei wurde gelöscht.

Die Datei 'C:\Windows\Temp\gwqhhc\setup.exe'
enthielt einen Virus oder unerwünschtes Programm 'TR/Proxy.Sefbov.E.22' [trojan].
Durchgeführte Aktion(en):
Die Datei wurde gelöscht.

In der Datei 'C:\Users\Brigitte\M-1-52-5782-8752-5245\winsvc .exe'
wurde ein Virus oder unerwünschtes Programm 'WORM/Phorpiex.B.41' [worm] gefunden.
Ausgeführte Aktion: Zugriff verweigern

In der Datei 'C:\Users\Brigitte\M-1-54-6324-575-5275\winsvc .exe'
wurde ein Virus oder unerwünschtes Programm 'WORM/Phorpiex.B.1' [worm] gefunden.
Ausgeführte Aktion: Zugriff verweigern

Die Datei 'C:\Users\Brigitte\M-1-52-5782-8752-5245\winsvc .exe'
enthielt einen Virus oder unerwünschtes Programm 'WORM/Phorpiex.B.41' [worm].
Durchgeführte Aktion(en):
Die Datei wurde ins Quarantäneverzeichnis unter dem Namen '4a50a2e7.qua' verschoben!

Die Datei 'C:\Users\Brigitte\M-1-54-6324-575-5275\winsvc .exe'
enthielt einen Virus oder unerwünschtes Programm 'WORM/Phorpiex.B.1' [worm].
Durchgeführte Aktion(en):
Die Datei wurde ins Quarantäneverzeichnis unter dem Namen '4a64bcb8.qua' verschoben!
Auf Grund der fehlenden Antiviren-Software und der vielen Funde habe ich mich dann an dieses tolle Forum erinnert. Hoffentlich nicht zu spät.

Der Laptop wird nur zum spielen, surfen, Bildbearbeitung und Musikverwaltung genutzt. Onlienbanking und ähnliches wird nicht gemacht. Seht ihr hier noch Rettungschancen oder muß ich in den sauren Apfel beißen und neu installieren?

Vielen Dank schon mal vorab.

Zitat:
OTL logfile created on: 17.11.2011 15:21:10 - Run 1
OTL by OldTimer - Version 3.2.31.0 Folder = C:\Users\Brigitte\Desktop
Windows Vista Home Premium Edition Service Pack 2 (Version = 6.0.6002) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy

3,00 Gb Total Physical Memory | 2,07 Gb Available Physical Memory | 69,14% Memory free
6,19 Gb Paging File | 5,22 Gb Available in Paging File | 84,29% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 232,88 Gb Total Space | 119,76 Gb Free Space | 51,42% Space Free | Partition Type: NTFS
Drive D: | 221,16 Gb Total Space | 221,00 Gb Free Space | 99,93% Space Free | Partition Type: NTFS

Computer Name: BrigitteSPC | User Name: Brigitte | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Quick Scan
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - [2011.11.17 15:18:11 | 000,584,192 | ---- | M] (OldTimer Tools) -- C:\Users\Brigitte\Desktop\OTL.exe
PRC - [2011.10.19 16:56:15 | 000,080,336 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\Program Files\Avira\AntiVir Desktop\avshadow.exe
PRC - [2011.10.19 16:56:01 | 000,086,224 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\Program Files\Avira\AntiVir Desktop\sched.exe
PRC - [2011.10.19 16:55:48 | 000,258,512 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\Program Files\Avira\AntiVir Desktop\avgnt.exe
PRC - [2011.10.19 16:55:48 | 000,110,032 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\Program Files\Avira\AntiVir Desktop\avguard.exe
PRC - [2011.09.27 21:34:02 | 000,894,304 | ---- | M] (Spigot, Inc.) -- C:\Program Files\Common Files\Spigot\Search Settings\SearchSettings.exe
PRC - [2011.09.27 20:08:40 | 000,745,880 | ---- | M] (Spigot, Inc.) -- C:\Program Files\Application Updater\ApplicationUpdater.exe
PRC - [2009.04.11 07:27:36 | 002,926,592 | ---- | M] (Microsoft Corporation) -- C:\Windows\explorer.exe
PRC - [2008.12.09 23:00:58 | 000,297,528 | ---- | M] (ASUS) -- C:\Program Files\ASUS\SmartLogon\sensorsrv.exe
PRC - [2008.10.21 17:57:30 | 000,307,200 | -H-- | M] (DeviceVM) -- C:\ASUS.SYS\DVMExportService.exe
PRC - [2008.07.10 01:09:26 | 000,191,032 | ---- | M] (ATK) -- C:\Program Files\P4G\BatteryLife.exe
PRC - [2008.06.19 20:18:12 | 000,154,168 | ---- | M] (ASUS) -- C:\Program Files\ASUS\ASUS CopyProtect\aspg.exe
PRC - [2008.06.04 01:29:08 | 000,851,968 | ---- | M] (ATK) -- C:\Program Files\ASUS\Splendid\ACMON.exe
PRC - [2008.03.31 10:55:48 | 000,225,280 | ---- | M] (ASUSTek Computer Inc.) -- C:\Program Files\ASUS\ASUS Data Security Manager\ADSMSrv.exe
PRC - [2008.02.01 23:17:26 | 000,233,472 | ---- | M] (ATK0100) -- C:\Program Files\ATK Hotkey\Hcontrol.exe
PRC - [2008.01.23 18:51:28 | 000,151,552 | ---- | M] () -- C:\Program Files\ATK Hotkey\WDC.exe
PRC - [2008.01.21 03:23:32 | 001,008,184 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Windows Defender\MSASCui.exe
PRC - [2007.12.04 18:57:06 | 002,486,272 | ---- | M] () -- C:\Program Files\ATK Hotkey\ATKOSD.exe
PRC - [2007.11.05 03:48:06 | 000,106,496 | ---- | M] () -- C:\Program Files\ATK Hotkey\MsgTranAgt.exe
PRC - [2007.10.12 05:44:28 | 000,106,496 | ---- | M] (ASUS) -- C:\Windows\System32\ASUSTPE.exe
PRC - [2007.10.03 05:53:00 | 000,094,208 | ---- | M] () -- C:\Program Files\ATK Hotkey\ASLDRSrv.exe
PRC - [2007.08.15 19:20:16 | 000,106,496 | ---- | M] () -- C:\Program Files\ATK Hotkey\KBFiltr.exe
PRC - [2007.08.08 08:08:40 | 000,094,208 | ---- | M] () -- C:\Program Files\ATKGFNEX\GFNEXSrv.exe
PRC - [2005.07.06 23:43:42 | 000,155,648 | ---- | M] (ASUSTeK) -- C:\Windows\System32\ACEngSvr.exe
PRC - [2005.01.21 16:44:06 | 000,065,536 | ---- | M] (OLYMPUS IMAGING CORP.) -- C:\Windows\System32\MrobeService.exe


========== Modules (No Company Name) ==========

MOD - [2008.10.24 14:13:01 | 000,159,744 | ---- | M] () -- C:\Windows\System32\atitmmxx.dll
MOD - [2007.06.15 18:28:36 | 000,147,456 | ---- | M] () -- C:\Program Files\ASUS\ASUS Data Security Manager\OverlayIconShlExt.dll
MOD - [2007.06.02 01:08:18 | 000,143,360 | ---- | M] () -- C:\Program Files\ASUS\ASUS Data Security Manager\OverlayIconShlExt1.dll


========== Win32 Services (SafeList) ==========

SRV - [2011.10.19 16:56:01 | 000,086,224 | ---- | M] (Avira Operations GmbH & Co. KG) [Auto | Running] -- C:\Program Files\Avira\AntiVir Desktop\sched.exe -- (AntiVirSchedulerService)
SRV - [2011.10.19 16:55:48 | 000,110,032 | ---- | M] (Avira Operations GmbH & Co. KG) [Auto | Running] -- C:\Program Files\Avira\AntiVir Desktop\avguard.exe -- (AntiVirService)
SRV - [2011.09.27 20:08:40 | 000,745,880 | ---- | M] (Spigot, Inc.) [Auto | Running] -- C:\Program Files\Application Updater\ApplicationUpdater.exe -- (Application Updater)
SRV - [2008.10.21 17:57:30 | 000,307,200 | -H-- | M] (DeviceVM) [Auto | Running] -- C:\ASUS.SYS\DVMExportService.exe -- (MDES)
SRV - [2008.03.31 10:55:48 | 000,225,280 | ---- | M] (ASUSTek Computer Inc.) [Auto | Running] -- C:\Program Files\ASUS\ASUS Data Security Manager\ADSMSrv.exe -- (ADSMService)
SRV - [2008.01.21 03:23:32 | 000,272,952 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files\Windows Defender\mpsvc.dll -- (WinDefend)
SRV - [2007.10.03 05:53:00 | 000,094,208 | ---- | M] () [Auto | Running] -- C:\Program Files\ATK Hotkey\ASLDRSrv.exe -- (ASLDRService)
SRV - [2007.08.08 08:08:40 | 000,094,208 | ---- | M] () [Auto | Running] -- C:\Program Files\ATKGFNEX\GFNEXSrv.exe -- (ATKGFNEXSrv)
SRV - [2005.01.21 16:44:06 | 000,065,536 | ---- | M] (OLYMPUS IMAGING CORP.) [Auto | Running] -- C:\Windows\System32\MrobeService.exe -- (MrobeService)


========== Driver Services (SafeList) ==========

DRV - [2011.10.19 16:56:15 | 000,134,344 | ---- | M] (Avira GmbH) [Kernel | System | Running] -- C:\Windows\System32\drivers\avipbb.sys -- (avipbb)
DRV - [2011.10.19 16:56:15 | 000,074,640 | ---- | M] (Avira GmbH) [File_System | Auto | Running] -- C:\Windows\System32\drivers\avgntflt.sys -- (avgntflt)
DRV - [2011.10.19 16:56:15 | 000,036,000 | ---- | M] (Avira GmbH) [Kernel | System | Running] -- C:\Windows\System32\drivers\avkmgr.sys -- (avkmgr)
DRV - [2010.06.17 15:14:27 | 000,028,520 | ---- | M] (Avira GmbH) [Kernel | System | Running] -- C:\Windows\System32\drivers\ssmdrv.sys -- (ssmdrv)
DRV - [2008.10.24 17:16:31 | 004,017,152 | ---- | M] (ATI Technologies Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\atikmdag.sys -- (atikmdag)
DRV - [2008.08.11 03:14:11 | 001,752,704 | ---- | M] () [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\snp2uvc.sys -- (SNP2UVC) USB2.0 PC Camera (SNP2UVC)
DRV - [2008.06.03 07:41:51 | 000,015,928 | ---- | M] ( ) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\kbfiltr.sys -- (kbfiltr)
DRV - [2008.05.29 18:21:02 | 000,015,416 | ---- | M] (Windows (R) Codename Longhorn DDK provider) [File_System | Boot | Running] -- C:\Windows\system32\DRIVERS\lullaby.sys -- (lullaby)
DRV - [2008.05.02 09:07:53 | 000,048,128 | ---- | M] (Silicon Integrated Systems Corp.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\SiSGB6.sys -- (SiSGbeLH)
DRV - [2008.04.27 19:07:44 | 000,909,824 | ---- | M] (Atheros Communications, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\athr.sys -- (athr)
DRV - [2007.08.11 04:19:26 | 000,029,752 | ---- | M] (Windows (R) Codename Longhorn DDK provider) [File_System | Boot | Running] -- C:\Windows\System32\drivers\AsDsm.sys -- (AsDsm)
DRV - [2007.07.24 19:09:04 | 000,013,880 | ---- | M] () [Kernel | Auto | Running] -- C:\Program Files\ATKGFNEX\ASMMAP.sys -- (ASMMAP)
DRV - [2006.12.14 08:11:57 | 000,007,680 | ---- | M] (ATK0100) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\ATKACPI.sys -- (MTsensor)
DRV - [2006.11.02 08:41:49 | 001,010,560 | ---- | M] (Motorola Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\smserial.sys -- (smserial)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://www.google.com/ig/redirectdomain?brand=ASUS&bmod=ASUS
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.google.com/ig/redirectdomain?brand=ASUS&bmod=ASUS

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://www.google.com/ig/redirectdomain?brand=ASUS&bmod=ASUS
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.google.com/ig/redirectdomain?brand=ASUS&bmod=ASUS
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,StartPageCache = 1
IE - HKCU\..\URLSearchHook: {01398B87-61AF-4FFB-9AB5-1A1C5FB39A9C} - C:\Program Files\Dealio Toolbar\IE\4.7\dealioToolbarIE.dll (Spigot, Inc.)
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

========== FireFox ==========


FF - HKLM\Software\MozillaPlugins\@google.com/npPicasa3,version=3.0.0: C:\Program Files\Google\Picasa3\npPicasa3.dll (Google, Inc.)
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: C:\Program Files\Microsoft Silverlight\4.0.60831.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeLive,version=1.5: C:\Program Files\Microsoft\Office Live\npOLW.dll (Microsoft Corp.)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=14.0.8051.1204: C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WPF,version=3.5: C:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files\Google\Update\1.3.21.79\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files\Google\Update\1.3.21.79\npGoogleUpdate3.dll (Google Inc.)

FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Thunderbird 3.0.1\extensions\\Components: C:\Program Files\Mozilla Thunderbird\components [2010.03.27 20:45:38 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Thunderbird 3.0.1\extensions\\Plugins: C:\Program Files\Mozilla Thunderbird\plugins

[2010.01.04 16:17:47 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Brigitte\AppData\Roaming\mozilla\Extensions
[2010.01.04 16:17:47 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Brigitte\AppData\Roaming\mozilla\Extensions\{3550f703-e582-4d05-9a08-453d09bdfdc6}

========== Chrome ==========


Hosts file not found
O2 - BHO: (Dealio Toolbar) - {01398B87-61AF-4FFB-9AB5-1A1C5FB39A9C} - C:\Program Files\Dealio Toolbar\IE\4.7\dealioToolbarIE.dll (Spigot, Inc.)
O2 - BHO: (Adobe PDF Reader) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll (Adobe Systems Incorporated)
O2 - BHO: (Adobe Reader) - {147FEC3F-6DE9-437C-8FC1-6B8A20AA0A72} - C:\Users\Brigitte\AppData\Roaming\AdobeReader\IE\AdobeReader.dll (Adobe Systems, Incorporated)
O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - No CLSID value found.
O2 - BHO: (Google Toolbar Notifier BHO) - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.7.6406.1642\swg.dll (Google Inc.)
O3 - HKLM\..\Toolbar: (Dealio Toolbar) - {01398B87-61AF-4FFB-9AB5-1A1C5FB39A9C} - C:\Program Files\Dealio Toolbar\IE\4.7\dealioToolbarIE.dll (Spigot, Inc.)
O4 - HKLM..\Run: [] File not found
O4 - HKLM..\Run: [ASUSTPE] C:\Windows\System32\ASUSTPE.exe (ASUS)
O4 - HKLM..\Run: [avgnt] C:\Program Files\Avira\AntiVir Desktop\avgnt.exe (Avira Operations GmbH & Co. KG)
O4 - HKLM..\Run: [ISUSScheduler] -start File not found
O4 - HKLM..\Run: [SearchSettings] C:\Program Files\Common Files\Spigot\Search Settings\SearchSettings.exe (Spigot, Inc.)
O4 - HKLM..\Run: [StartCCC] MSRun File not found
O4 - HKLM..\Run: [Windows Defender] C:\Program Files\Windows Defender\MSASCui.exe (Microsoft Corporation)
O8 - Extra context menu item: Add to Google Photos Screensa&ver - C:\Windows\System32\GPhotos.scr (Google Inc.)
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000 File not found
O8 - Extra context menu item: Google Sidewiki... - C:\Program Files\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_7461B1589E8B4FB7.dll (Google Inc.)
O9 - Extra Button: An OneNote senden - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : An OneNote s&enden - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll (Microsoft Corporation)
O9 - Extra Button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL (Microsoft Corporation)
O13 - gopher Prefix: missing
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} hxxp://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab (Reg Error: Key error.)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.2.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{1250BE79-04B2-47E0-8C54-ED163386EFEA}: DhcpNameServer = 192.168.2.1
O18 - Protocol\Handler\livecall {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\WI1F86~1\MESSEN~1\MSGRAP~1.DLL (Microsoft Corporation)
O18 - Protocol\Handler\msnim {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\WI1F86~1\MESSEN~1\MSGRAP~1.DLL (Microsoft Corporation)
O18 - Protocol\Filter\text/xml {807563E5-5146-11D5-A672-00B0D022E945} - C:\PROGRA~1\COMMON~1\MICROS~1\OFFICE12\MSOXMLMF.DLL (Microsoft Corporation)
O20 - HKLM Winlogon: Shell - (Explorer.exe) -C:\Windows\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) -C:\Windows\System32\userinit.exe (Microsoft Corporation)
O20 - Winlogon\Notify\keraipx: DllName - (Reg Error: Value error.) - Reg Error: Value error. File not found
O24 - Desktop WallPaper: C:\Users\Brigitte\AppData\Roaming\Microsoft\Windows Photo Gallery\Hintergrundbild der Windows-Fotogalerie.jpg
O24 - Desktop BackupWallPaper: C:\Users\Brigitte\AppData\Roaming\Microsoft\Windows Photo Gallery\Hintergrundbild der Windows-Fotogalerie.jpg
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2006.09.18 22:43:36 | 000,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ]
O34 - HKLM BootExecute: (autocheck autochk *)
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*

ActiveX: {10880D85-AAD9-4558-ABDC-2AB1552D831F} - "C:\Program Files\Common Files\LightScribe\LSRunOnce.exe"
ActiveX: {2179C5D3-EBFF-11CF-B6FD-00AA00B4E220} -
ActiveX: {22d6f312-b0f6-11d0-94ab-0080c74c7e95} - Microsoft Windows Media Player 11.0
ActiveX: {25FFAAD0-F4A3-4164-95FF-4461E9F35D51} - .NET Framework
ActiveX: {2C7339CF-2B09-4501-B3F3-F3508C9228ED} - %SystemRoot%\system32\regsvr32.exe /s /n /i:/UserInstall %SystemRoot%\system32\themeui.dll
ActiveX: {3af36230-a269-11d1-b5bf-0000f8051515} - Offline Browsing Pack
ActiveX: {3C3901C5-3455-3E0A-A214-0B093A5070A6} - .NET Framework
ActiveX: {44BBA840-CC51-11CF-AAFA-00AA00B6015C} - "%ProgramFiles%\Windows Mail\WinMail.exe" OCInstallUserConfigOE
ActiveX: {44BBA848-CC51-11CF-AAFA-00AA00B6015C} -
ActiveX: {44BBA855-CC51-11CF-AAFA-00AA00B6015F} - DirectDrawEx
ActiveX: {45ea75a0-a269-11d1-b5bf-0000f8051515} - Internet Explorer Help
ActiveX: {4f645220-306d-11d2-995d-00c04f98bbc9} - Microsoft Windows Script 5.6
ActiveX: {5fd399c0-a70a-11d1-9948-00c04f98bbc9} - Internet Explorer Setup Tools
ActiveX: {630b1da0-b465-11d1-9948-00c04f98bbc9} - Browsing Enhancements
ActiveX: {6BF52A52-394A-11d3-B153-00C04F79FAA6} - Microsoft Windows Media Player
ActiveX: {6fab99d0-bab8-11d1-994a-00c04f98bbc9} - MSN Site Access
ActiveX: {7790769C-0471-11d2-AF11-00C04FA35D02} - Address Book 7
ActiveX: {7C028AF8-F614-47B3-82DA-BA94E41B1089} - .NET Framework
ActiveX: {89820200-ECBD-11cf-8B85-00AA005B4340} - regsvr32.exe /s /n /i:U shell32.dll
ActiveX: {89820200-ECBD-11cf-8B85-00AA005B4383} - C:\Windows\system32\ie4uinit.exe -BaseSettings
ActiveX: {89B4C1CD-B018-4511-B0A1-5476DBF70820} - C:\Windows\system32\Rundll32.exe C:\Windows\system32\mscories.dll,Install
ActiveX: {9381D8F2-0288-11D0-9501-00AA00B911A5} - Dynamic HTML Data Binding
ActiveX: {C9E9A340-D1F1-11D0-821E-444553540600} - Internet Explorer Core Fonts
ActiveX: {CDD7975E-60F8-41d5-8149-19E51D6F71D0} - Windows Movie Maker v2.1
ActiveX: {D27CDB6E-AE6D-11CF-96B8-444553540000} - Adobe Flash Player 9 ActiveX
ActiveX: {de5aed00-a4bf-11d1-9948-00c04f98bbc9} - HTML Help
ActiveX: {E92B03AB-B707-11d2-9CBD-0000F87A369E} - Active Directory Service Interface
ActiveX: {tkILaiAG-Z968-IeXL-outj-7zkVqmn5RUHY} -
ActiveX: >{22d6f312-b0f6-11d0-94ab-0080c74c7e95} - C:\Windows\system32\unregmp2.exe /ShowWMP
ActiveX: >{26923b43-4d38-484f-9b9e-de460746276c} - C:\Windows\system32\ie4uinit.exe -UserIconConfig
ActiveX: >{60B49E34-C7CC-11D0-8953-00A0C90347FF} - "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\iedkcs32.dll",BrandIEActiveSetup SIGNUP

NetSvcs: FastUserSwitchingCompatibility - File not found
NetSvcs: Ias - C:\Windows\System32\ias.dll (Microsoft Corporation)
NetSvcs: Nla - File not found
NetSvcs: Ntmssvc - File not found
NetSvcs: NWCWorkstation - File not found
NetSvcs: Nwsapagent - File not found
NetSvcs: SRService - File not found
NetSvcs: WmdmPmSp - File not found
NetSvcs: LogonHours - File not found
NetSvcs: PCAudit - File not found
NetSvcs: helpsvc - File not found
NetSvcs: uploadmgr - File not found


CREATERESTOREPOINT
Restore point Set: OTL Restore Point

========== Files/Folders - Created Within 30 Days ==========

[2011.11.17 19:49:51 | 000,000,000 | ---D | C] -- C:\NBRT
[2011.11.17 15:18:04 | 000,584,192 | ---- | C] (OldTimer Tools) -- C:\Users\Brigitte\Desktop\OTL.exe
[2011.11.17 15:05:13 | 000,000,000 | -H-D | C] -- C:\dvmexp
[2011.11.17 14:18:50 | 000,000,000 | ---D | C] -- C:\Users\Brigitte\AppData\Roaming\Avira
[2011.11.17 14:14:00 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Avira
[2011.11.17 14:13:41 | 000,028,520 | ---- | C] (Avira GmbH) -- C:\Windows\System32\drivers\ssmdrv.sys
[2011.11.17 14:13:40 | 000,134,344 | ---- | C] (Avira GmbH) -- C:\Windows\System32\drivers\avipbb.sys
[2011.11.17 14:13:40 | 000,074,640 | ---- | C] (Avira GmbH) -- C:\Windows\System32\drivers\avgntflt.sys
[2011.11.17 14:13:40 | 000,036,000 | ---- | C] (Avira GmbH) -- C:\Windows\System32\drivers\avkmgr.sys
[2011.11.17 14:13:39 | 000,000,000 | ---D | C] -- C:\ProgramData\Avira
[2011.11.17 14:13:39 | 000,000,000 | ---D | C] -- C:\Program Files\Avira
[2011.11.17 14:08:07 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\CCleaner
[2011.11.17 14:08:07 | 000,000,000 | ---D | C] -- C:\Program Files\CCleaner
[2011.11.14 18:57:36 | 000,095,744 | ---- | C] (Kassl GmbH) -- C:\Users\Brigitte\AppData\Roaming\dwlGina3.dll
[2011.11.13 20:43:55 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\DEUTSCHLAND SPIELT
[2011.11.13 20:43:52 | 000,000,000 | ---D | C] -- C:\Program Files\DEUTSCHLAND SPIELT
[2011.11.13 20:43:27 | 000,000,000 | ---D | C] -- C:\Program Files\OXXOGames
[2011.11.13 20:41:06 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Purplehills
[2011.11.07 19:01:38 | 000,000,000 | ---D | C] -- C:\Program Files\Application Updater
[2011.11.07 19:01:36 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Spigot
[2011.11.07 19:01:36 | 000,000,000 | ---D | C] -- C:\Program Files\Dealio Toolbar
[2008.06.03 07:41:51 | 000,015,928 | ---- | C] ( ) -- C:\Windows\System32\drivers\kbfiltr.sys

========== Files - Modified Within 30 Days ==========

[2011.11.17 15:21:04 | 000,000,921 | ---- | M] () -- C:\Users\Brigitte\Desktop\Für alle Hilfesuchenden! Was muss ich vor der Eröffnung eines Themas beachten - Trojaner-Board.website
[2011.11.17 15:18:11 | 000,584,192 | ---- | M] (OldTimer Tools) -- C:\Users\Brigitte\Desktop\OTL.exe
[2011.11.17 15:13:24 | 000,623,904 | ---- | M] () -- C:\Windows\System32\perfh007.dat
[2011.11.17 15:13:24 | 000,591,854 | ---- | M] () -- C:\Windows\System32\perfh009.dat
[2011.11.17 15:13:24 | 000,123,918 | ---- | M] () -- C:\Windows\System32\perfc007.dat
[2011.11.17 15:13:24 | 000,102,126 | ---- | M] () -- C:\Windows\System32\perfc009.dat
[2011.11.17 15:06:11 | 000,001,098 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job
[2011.11.17 15:05:01 | 000,045,056 | ---- | M] () -- C:\Windows\System32\acovcnt.exe
[2011.11.17 15:04:50 | 000,001,094 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job
[2011.11.17 15:04:49 | 000,003,616 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0
[2011.11.17 15:04:49 | 000,003,616 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0
[2011.11.17 15:04:38 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2011.11.17 15:04:30 | 3220,463,616 | -HS- | M] () -- C:\hiberfil.sys
[2011.11.17 14:52:39 | 000,000,000 | ---- | M] () -- C:\Users\Brigitte\defogger_reenable
[2011.11.17 14:50:46 | 000,050,477 | ---- | M] () -- C:\Users\Brigitte\Desktop\Defogger.exe
[2011.11.17 14:41:00 | 000,000,350 | ---- | M] () -- C:\Windows\tasks\At15.job
[2011.11.17 14:14:00 | 000,001,854 | ---- | M] () -- C:\Users\Public\Desktop\Avira Control Center.lnk
[2011.11.17 14:09:51 | 000,143,458 | ---- | M] () -- C:\Users\Brigitte\Documents\registry_backup_17_11_2011.reg
[2011.11.14 18:57:36 | 000,095,744 | ---- | M] (Kassl GmbH) -- C:\Users\Brigitte\AppData\Roaming\dwlGina3.dll
[2011.11.14 18:40:59 | 000,000,350 | ---- | M] () -- C:\Windows\tasks\At19.job
[2011.11.13 21:41:03 | 000,000,350 | ---- | M] () -- C:\Windows\tasks\At22.job
[2011.11.13 21:19:25 | 000,000,931 | ---- | M] () -- C:\Users\Public\Desktop\GAME CENTER.lnk
[2011.11.13 21:19:24 | 000,001,046 | ---- | M] () -- C:\Users\Public\Desktop\Mini Golf Pro.lnk
[2011.11.13 21:16:43 | 000,000,982 | ---- | M] () -- C:\Users\Public\Desktop\3D Pool Billiard.lnk
[2011.11.13 20:43:55 | 000,001,031 | ---- | M] () -- C:\Users\Public\Desktop\Super Puzzle.lnk
[2011.11.13 20:41:06 | 000,001,031 | ---- | M] () -- C:\Users\Brigitte\Desktop\Rune of Fate.lnk
[2011.11.13 20:41:00 | 000,000,350 | ---- | M] () -- C:\Windows\tasks\At21.job
[2011.11.13 19:41:00 | 000,000,350 | ---- | M] () -- C:\Windows\tasks\At20.job
[2011.11.13 17:40:59 | 000,000,350 | ---- | M] () -- C:\Windows\tasks\At18.job
[2011.11.13 15:41:07 | 000,000,350 | ---- | M] () -- C:\Windows\tasks\At16.job
[2011.11.13 15:17:52 | 000,000,129 | ---- | M] () -- C:\Windows\System32\MRT.INI
[2011.11.12 23:40:59 | 000,000,350 | ---- | M] () -- C:\Windows\tasks\At24.job
[2011.11.06 22:59:15 | 000,373,456 | ---- | M] () -- C:\Windows\System32\FNTCACHE.DAT
[2011.11.06 22:51:03 | 000,008,798 | ---- | M] () -- C:\Windows\System32\icrav03.rat
[2011.11.06 22:51:03 | 000,001,988 | ---- | M] () -- C:\Windows\System32\ticrf.rat
[2011.11.06 22:50:45 | 000,072,822 | ---- | M] () -- C:\Windows\System32\ieuinit.inf
[2011.11.06 22:41:04 | 000,000,350 | ---- | M] () -- C:\Windows\tasks\At23.job
[2011.11.06 00:40:59 | 000,000,350 | ---- | M] () -- C:\Windows\tasks\At1.job
[2011.11.02 20:07:32 | 000,001,978 | ---- | M] () -- C:\Users\Public\Desktop\Google Chrome.lnk
[2011.10.19 16:56:15 | 000,134,344 | ---- | M] (Avira GmbH) -- C:\Windows\System32\drivers\avipbb.sys
[2011.10.19 16:56:15 | 000,074,640 | ---- | M] (Avira GmbH) -- C:\Windows\System32\drivers\avgntflt.sys
[2011.10.19 16:56:15 | 000,036,000 | ---- | M] (Avira GmbH) -- C:\Windows\System32\drivers\avkmgr.sys

========== Files Created - No Company Name ==========

[2011.11.17 14:52:39 | 000,000,000 | ---- | C] () -- C:\Users\Brigitte\defogger_reenable
[2011.11.17 14:52:02 | 000,000,921 | ---- | C] () -- C:\Users\Brigitte\Desktop\Für alle Hilfesuchenden! Was muss ich vor der Eröffnung eines Themas beachten - Trojaner-Board.website
[2011.11.17 14:50:46 | 000,050,477 | ---- | C] () -- C:\Users\Brigitte\Desktop\Defogger.exe
[2011.11.17 14:14:00 | 000,001,854 | ---- | C] () -- C:\Users\Public\Desktop\Avira Control Center.lnk
[2011.11.17 14:09:43 | 000,143,458 | ---- | C] () -- C:\Users\Brigitte\Documents\registry_backup_17_11_2011.reg
[2011.11.17 10:11:42 | 3220,463,616 | -HS- | C] () -- C:\hiberfil.sys
[2011.11.13 21:16:43 | 000,000,982 | ---- | C] () -- C:\Users\Public\Desktop\3D Pool Billiard.lnk
[2011.11.13 20:48:03 | 000,001,046 | ---- | C] () -- C:\Users\Public\Desktop\Mini Golf Pro.lnk
[2011.11.13 20:43:56 | 000,000,931 | ---- | C] () -- C:\Users\Public\Desktop\GAME CENTER.lnk
[2011.11.13 20:43:55 | 000,001,031 | ---- | C] () -- C:\Users\Public\Desktop\Super Puzzle.lnk
[2011.11.13 20:41:06 | 000,001,031 | ---- | C] () -- C:\Users\Brigitte\Desktop\Rune of Fate.lnk
[2011.11.06 22:50:45 | 000,072,822 | ---- | C] () -- C:\Windows\System32\ieuinit.inf
[2011.11.06 20:43:34 | 000,000,129 | ---- | C] () -- C:\Windows\System32\MRT.INI
[2011.09.20 18:17:32 | 000,000,112 | ---- | C] () -- C:\ProgramData\rp6acykG.dat
[2010.08.11 19:25:49 | 000,053,248 | ---- | C] () -- C:\Windows\System32\unrar.dll
[2010.01.11 19:46:42 | 000,117,248 | ---- | C] () -- C:\Windows\System32\EhStorAuthn.dll
[2010.01.11 19:46:42 | 000,107,612 | ---- | C] () -- C:\Windows\System32\StructuredQuerySchema.bin
[2009.10.02 18:12:02 | 000,014,848 | ---- | C] () -- C:\Users\Brigitte\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2009.09.18 20:39:42 | 000,000,024 | ---- | C] () -- C:\Windows\ATKPF.ini
[2009.09.18 19:24:31 | 000,045,056 | ---- | C] () -- C:\Windows\System32\acovcnt.exe
[2009.04.11 10:45:16 | 000,033,136 | ---- | C] () -- C:\Windows\ASScrPro .exe
[2009.04.11 10:45:06 | 000,047,672 | ---- | C] () -- C:\Windows\AsScrProlog .exe
[2009.04.11 10:15:27 | 000,000,000 | ---- | C] () -- C:\Windows\ativpsrm.bin
[2009.04.11 09:52:55 | 000,018,904 | ---- | C] () -- C:\Windows\System32\StructuredQuerySchemaTrivial.bin
[2008.10.28 22:16:00 | 000,362,029 | ---- | C] () -- C:\Windows\System32\sqlite3.dll
[2008.10.24 14:13:01 | 000,159,744 | ---- | C] () -- C:\Windows\System32\atitmmxx.dll
[2008.10.24 13:36:05 | 003,107,788 | ---- | C] () -- C:\Windows\System32\atiumdva.dat
[2008.10.21 04:39:59 | 000,081,920 | ---- | C] () -- C:\Windows\System32\ATIODE.exe
[2008.10.21 04:39:59 | 000,045,056 | ---- | C] () -- C:\Windows\System32\ATIODCLI.exe
[2008.08.14 05:42:21 | 000,176,214 | ---- | C] () -- C:\Windows\System32\atiicdxx.dat
[2008.08.11 03:14:11 | 001,752,704 | ---- | C] () -- C:\Windows\System32\drivers\snp2uvc.sys
[2008.07.02 03:28:38 | 000,061,440 | ---- | C] () -- C:\Program Files\Common Files\CPInstallAction.dll
[2008.05.22 17:35:54 | 000,051,962 | ---- | C] () -- C:\Program Files\Common Files\banner.jpg
[2008.05.12 04:20:31 | 000,028,672 | ---- | C] () -- C:\Windows\System32\drivers\sncduvc.sys
[2008.04.16 12:11:34 | 000,623,904 | ---- | C] () -- C:\Windows\System32\perfh007.dat
[2008.04.16 12:11:34 | 000,290,748 | ---- | C] () -- C:\Windows\System32\perfi007.dat
[2008.04.16 12:11:34 | 000,123,918 | ---- | C] () -- C:\Windows\System32\perfc007.dat
[2008.04.16 12:11:34 | 000,036,916 | ---- | C] () -- C:\Windows\System32\perfd007.dat
[2008.04.16 11:43:39 | 000,000,010 | ---- | C] () -- C:\Windows\System32\ABLKSR.ini
[2007.08.06 18:18:31 | 000,081,920 | ---- | C] () -- C:\Windows\PGMonitor.exe
[2007.07.23 09:03:32 | 000,053,248 | ---- | C] () -- C:\Windows\System32\AgCPanelTraditionalChinese.dll
[2007.07.23 09:03:32 | 000,053,248 | ---- | C] () -- C:\Windows\System32\AgCPanelSwedish.dll
[2007.07.23 09:03:32 | 000,053,248 | ---- | C] () -- C:\Windows\System32\AgCPanelSpanish.dll
[2007.07.23 09:03:30 | 000,053,248 | ---- | C] () -- C:\Windows\System32\AgCPanelSimplifiedChinese.dll
[2007.07.23 09:03:30 | 000,053,248 | ---- | C] () -- C:\Windows\System32\AgCPanelPortugese.dll
[2007.07.23 09:03:30 | 000,053,248 | ---- | C] () -- C:\Windows\System32\AgCPanelKorean.dll
[2007.07.23 09:03:30 | 000,053,248 | ---- | C] () -- C:\Windows\System32\AgCPanelJapanese.dll
[2007.07.23 09:03:30 | 000,053,248 | ---- | C] () -- C:\Windows\System32\AgCPanelGerman.dll
[2007.07.23 09:03:30 | 000,053,248 | ---- | C] () -- C:\Windows\System32\AgCPanelFrench.dll
[2006.11.02 13:57:28 | 000,067,584 | --S- | C] () -- C:\Windows\bootstat.dat
[2006.11.02 13:47:37 | 000,373,456 | ---- | C] () -- C:\Windows\System32\FNTCACHE.DAT
[2006.11.02 13:35:32 | 000,005,632 | ---- | C] () -- C:\Windows\System32\sysprepMCE.dll
[2006.11.02 11:33:01 | 000,591,854 | ---- | C] () -- C:\Windows\System32\perfh009.dat
[2006.11.02 11:33:01 | 000,287,440 | ---- | C] () -- C:\Windows\System32\perfi009.dat
[2006.11.02 11:33:01 | 000,102,126 | ---- | C] () -- C:\Windows\System32\perfc009.dat
[2006.11.02 11:33:01 | 000,030,674 | ---- | C] () -- C:\Windows\System32\perfd009.dat
[2006.11.02 11:23:21 | 000,215,943 | ---- | C] () -- C:\Windows\System32\dssec.dat
[2006.11.02 09:58:30 | 000,043,131 | ---- | C] () -- C:\Windows\mib.bin
[2006.11.02 09:19:00 | 000,000,741 | ---- | C] () -- C:\Windows\System32\NOISE.DAT
[2006.11.02 08:40:29 | 000,013,750 | ---- | C] () -- C:\Windows\System32\pacerprf.ini
[2006.11.02 08:25:31 | 000,673,088 | ---- | C] () -- C:\Windows\System32\mlang.dat
[2006.03.09 02:57:59 | 001,060,424 | ---- | C] () -- C:\Windows\System32\WdfCoInstaller01000.dll

========== LOP Check ==========

[2009.10.02 18:19:31 | 000,000,000 | ---D | M] -- C:\Users\Brigitte\AppData\Roaming\EleFun Games
[2010.08.19 18:53:37 | 000,000,000 | ---D | M] -- C:\Users\Brigitte\AppData\Roaming\FreeAudioPack
[2010.03.23 16:08:14 | 000,000,000 | ---D | M] -- C:\Users\Brigitte\AppData\Roaming\OLYMPUS
[2010.01.04 16:17:46 | 000,000,000 | ---D | M] -- C:\Users\Brigitte\AppData\Roaming\Thunderbird
[2009.09.18 20:07:22 | 000,000,000 | ---D | M] -- C:\Users\Brigitte\AppData\Roaming\Zylom
[2011.09.19 19:41:23 | 000,000,224 | ---- | M] () -- C:\Windows\Tasks\1c6bbdb0.job
[2011.11.06 00:40:59 | 000,000,350 | ---- | M] () -- C:\Windows\Tasks\At1.job
[2011.09.20 18:41:33 | 000,000,350 | ---- | M] () -- C:\Windows\Tasks\At10.job
[2011.09.20 18:41:33 | 000,000,350 | ---- | M] () -- C:\Windows\Tasks\At11.job
[2011.09.20 18:41:33 | 000,000,350 | ---- | M] () -- C:\Windows\Tasks\At12.job
[2011.09.20 18:41:33 | 000,000,350 | ---- | M] () -- C:\Windows\Tasks\At13.job
[2011.09.20 18:41:33 | 000,000,350 | ---- | M] () -- C:\Windows\Tasks\At14.job
[2011.11.17 14:41:00 | 000,000,350 | ---- | M] () -- C:\Windows\Tasks\At15.job
[2011.11.13 15:41:07 | 000,000,350 | ---- | M] () -- C:\Windows\Tasks\At16.job
[2011.09.20 18:41:34 | 000,000,350 | ---- | M] () -- C:\Windows\Tasks\At17.job
[2011.11.13 17:40:59 | 000,000,350 | ---- | M] () -- C:\Windows\Tasks\At18.job
[2011.11.14 18:40:59 | 000,000,350 | ---- | M] () -- C:\Windows\Tasks\At19.job
[2011.09.20 18:41:34 | 000,000,350 | ---- | M] () -- C:\Windows\Tasks\At2.job
[2011.11.13 19:41:00 | 000,000,350 | ---- | M] () -- C:\Windows\Tasks\At20.job
[2011.11.13 20:41:00 | 000,000,350 | ---- | M] () -- C:\Windows\Tasks\At21.job
[2011.11.13 21:41:03 | 000,000,350 | ---- | M] () -- C:\Windows\Tasks\At22.job
[2011.11.06 22:41:04 | 000,000,350 | ---- | M] () -- C:\Windows\Tasks\At23.job
[2011.11.12 23:40:59 | 000,000,350 | ---- | M] () -- C:\Windows\Tasks\At24.job
[2011.09.20 18:41:34 | 000,000,350 | ---- | M] () -- C:\Windows\Tasks\At3.job
[2011.09.20 18:41:34 | 000,000,350 | ---- | M] () -- C:\Windows\Tasks\At4.job
[2011.09.20 18:41:34 | 000,000,350 | ---- | M] () -- C:\Windows\Tasks\At5.job
[2011.09.20 18:41:34 | 000,000,350 | ---- | M] () -- C:\Windows\Tasks\At6.job
[2011.09.20 18:41:34 | 000,000,350 | ---- | M] () -- C:\Windows\Tasks\At7.job
[2011.09.20 18:41:34 | 000,000,350 | ---- | M] () -- C:\Windows\Tasks\At8.job
[2011.09.20 18:41:34 | 000,000,350 | ---- | M] () -- C:\Windows\Tasks\At9.job
[2011.11.17 14:57:53 | 000,032,534 | ---- | M] () -- C:\Windows\Tasks\SCHEDLGU.TXT

========== Purity Check ==========



========== Custom Scans ==========


< %SYSTEMDRIVE%\*. >
[2009.09.18 19:38:15 | 000,000,000 | -HSD | M] -- C:\$RECYCLE.BIN
[2009.09.19 18:19:35 | 000,000,000 | -H-D | M] -- C:\ASUS.DAT
[2009.04.11 10:57:12 | 000,000,000 | -H-D | M] -- C:\ASUS.SYS
[2011.09.02 21:40:29 | 000,000,000 | -HSD | M] -- C:\Boot
[2009.09.18 19:10:28 | 000,000,000 | -HSD | M] -- C:\Documents and Settings
[2011.11.17 15:05:13 | 000,000,000 | -H-D | M] -- C:\dvmexp
[2010.03.23 20:07:08 | 000,000,000 | ---D | M] -- C:\Free WMA MP3 Converter
[2009.04.11 09:25:59 | 000,000,000 | RH-D | M] -- C:\MSOCache
[2011.11.17 22:06:30 | 000,000,000 | ---D | M] -- C:\NBRT
[2008.01.21 03:32:31 | 000,000,000 | ---D | M] -- C:\PerfLogs
[2010.08.11 18:51:25 | 000,000,000 | ---D | M] -- C:\Program Brigitte
[2011.11.17 14:13:39 | 000,000,000 | R--D | M] -- C:\Program Files
[2011.11.17 14:13:39 | 000,000,000 | -H-D | M] -- C:\ProgramData
[2009.10.02 19:26:13 | 000,000,000 | ---D | M] -- C:\Programme
[2011.11.17 15:23:10 | 000,000,000 | -HSD | M] -- C:\System Volume Information
[2011.11.17 15:05:13 | 000,000,000 | -H-D | M] -- C:\temp
[2009.09.18 19:24:08 | 000,000,000 | R--D | M] -- C:\Users
[2011.11.17 14:34:18 | 000,000,000 | ---D | M] -- C:\Windows

< %PROGRAMFILES%\*.exe >

< %LOCALAPPDATA%\*.exe >

< %systemroot%\*. /mp /s >

< %systemroot%\system32\*.manifest /3 >


< MD5 for: EXPLORER.EXE >
[2009.04.11 10:04:38 | 002,923,520 | ---- | M] (Microsoft Corporation) MD5=37440D09DEAE0B672A04DCCF7ABF06BE -- C:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.0.6000.16771_none_4f83bb287ccdb7e3\explorer.exe
[2009.04.11 10:04:38 | 002,927,104 | ---- | M] (Microsoft Corporation) MD5=4F554999D7D5F05DAAEBBA7B5BA1089D -- C:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.0.6001.18164_none_5177ca9879e978e8\explorer.exe
[2009.04.11 10:04:38 | 002,927,616 | ---- | M] (Microsoft Corporation) MD5=50BA5850147410CDE89C523AD3BC606E -- C:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.0.6001.22298_none_51e4f8c7931bd1e1\explorer.exe
[2009.04.11 07:27:36 | 002,926,592 | ---- | M] (Microsoft Corporation) MD5=D07D4C3038F3578FFCE1C0237F2A1253 -- C:\Windows\explorer.exe
[2009.04.11 07:27:36 | 002,926,592 | ---- | M] (Microsoft Corporation) MD5=D07D4C3038F3578FFCE1C0237F2A1253 -- C:\Windows\SoftwareDistribution\Download\15d05090e6f876555f2419af621dda9f\x86_microsoft-windows-explorer_31bf3856ad364e35_6.0.6002.18005_none_53a0201e76de3a0b\explorer.exe
[2009.04.11 07:27:36 | 002,926,592 | ---- | M] (Microsoft Corporation) MD5=D07D4C3038F3578FFCE1C0237F2A1253 -- C:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.0.6002.18005_none_53a0201e76de3a0b\explorer.exe
[2009.04.11 10:04:38 | 002,923,520 | ---- | M] (Microsoft Corporation) MD5=E7156B0B74762D9DE0E66BDCDE06E5FB -- C:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.0.6000.20947_none_5033cb5995cd990b\explorer.exe
[2008.01.21 03:24:24 | 002,927,104 | ---- | M] (Microsoft Corporation) MD5=FFA764631CB70A30065C12EF8E174F9F -- C:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.0.6001.18000_none_51b4a71279bc6ebf\explorer.exe

< MD5 for: REGEDIT.EXE >
[2008.01.21 03:24:53 | 000,134,656 | ---- | M] (Microsoft Corporation) MD5=467A3B03E924B7B7EDD16D34740574B0 -- C:\Windows\regedit.exe
[2008.01.21 03:24:53 | 000,134,656 | ---- | M] (Microsoft Corporation) MD5=467A3B03E924B7B7EDD16D34740574B0 -- C:\Windows\winsxs\x86_microsoft-windows-registry-editor_31bf3856ad364e35_6.0.6001.18000_none_f42eb564dbd8a697\regedit.exe

< MD5 for: USERINIT.EXE >
[2008.01.21 03:24:49 | 000,025,088 | ---- | M] (Microsoft Corporation) MD5=0E135526E9785D085BCD9AEDE6FBCBF9 -- C:\Windows\System32\userinit.exe
[2008.01.21 03:24:49 | 000,025,088 | ---- | M] (Microsoft Corporation) MD5=0E135526E9785D085BCD9AEDE6FBCBF9 -- C:\Windows\winsxs\x86_microsoft-windows-userinit_31bf3856ad364e35_6.0.6001.18000_none_dc28ba15d1aff80b\userinit.exe

< MD5 for: WININIT.EXE >
[2008.01.21 03:23:42 | 000,096,768 | ---- | M] (Microsoft Corporation) MD5=101BA3EA053480BB5D957EF37C06B5ED -- C:\Windows\System32\wininit.exe
[2008.01.21 03:23:42 | 000,096,768 | ---- | M] (Microsoft Corporation) MD5=101BA3EA053480BB5D957EF37C06B5ED -- C:\Windows\winsxs\x86_microsoft-windows-wininit_31bf3856ad364e35_6.0.6001.18000_none_30f2b8cf0450a6a2\wininit.exe

< MD5 for: WINLOGON.EXE >
[2009.04.11 07:28:13 | 000,314,368 | ---- | M] (Microsoft Corporation) MD5=898E7C06A350D4A1A64A9EA264D55452 -- C:\Windows\SoftwareDistribution\Download\15d05090e6f876555f2419af621dda9f\x86_microsoft-windows-winlogon_31bf3856ad364e35_6.0.6002.18005_none_71ae7a22d2134741\winlogon.exe
[2009.04.11 07:28:13 | 000,314,368 | ---- | M] (Microsoft Corporation) MD5=898E7C06A350D4A1A64A9EA264D55452 -- C:\Windows\System32\winlogon.exe
[2009.04.11 07:28:13 | 000,314,368 | ---- | M] (Microsoft Corporation) MD5=898E7C06A350D4A1A64A9EA264D55452 -- C:\Windows\winsxs\x86_microsoft-windows-winlogon_31bf3856ad364e35_6.0.6002.18005_none_71ae7a22d2134741\winlogon.exe
[2008.01.21 03:24:49 | 000,314,880 | ---- | M] (Microsoft Corporation) MD5=C2610B6BDBEFC053BBDAB4F1B965CB24 -- C:\Windows\winsxs\x86_microsoft-windows-winlogon_31bf3856ad364e35_6.0.6001.18000_none_6fc30116d4f17bf5\winlogon.exe

< HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Session Manager\SubSystems|Windows /rs >
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Session Manager\SubSystems\\Required: DebugWindows [binary data]
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Session Manager\SubSystems\\Windows: %SystemRoot%\system32\csrss.exe ObjectDirectory=\Windows SharedSection=1024,12288,512 Windows=On SubSystemType=Windows ServerDll=basesrv,1 ServerDll=winsrv:UserServerDllInitialization,3 ServerDll=winsrv:ConServerDllInitialization,2 ProfileControl=Off MaxRequestThreads=16

< HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\WindowsUpdate\AU >

< HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\WindowsUpdate\Auto Update\Results\Install|LastSuccessTime /rs >
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\WindowsUpdate\Auto Update\Results\Install\\LastSuccessTime: 2011-11-17 13:57:48

< End of report >

Alt 18.11.2011, 12:07   #2
cosinus
/// Winkelfunktion
/// TB-Süch-Tiger™
 
Gema-Trojaner und weitere Funde - Standard

Gema-Trojaner und weitere Funde


Bitte nun routinemäßig einen Vollscan mit Malwarebytes machen und Log posten.
Denk daran, dass Malwarebytes vor jedem Scan manuell aktualisiert werden muss!

Falls Logs aus älteren Scans mit Malwarebytes vorhanden sind, bitte auch davon alle posten!



ESET Online Scanner

  • Hier findest du eine bebilderte Anleitung zu ESET Online Scanner
  • Lade und starte Eset Online Scanner
  • Setze einen Haken bei Ja, ich bin mit den Nutzungsbedingungen einverstanden und klicke auf Starten.
  • Aktiviere die "Erkennung von eventuell unerwünschten Anwendungen" und wähle folgende Einstellungen.
  • Klicke auf Starten.
  • Die Signaturen werden heruntergeladen, der Scan beginnt automatisch.
  • Klicke am Ende des Suchlaufs auf Fertig stellen.
  • Schließe das Fenster von ESET.
  • Explorer öffnen.
  • C:\Programme\Eset\EsetOnlineScanner\log.txt (bei 64 Bit auch C:\Programme (x86)\Eset\EsetOnlineScanner\log.txt) suchen und mit Deinem Editor öffnen (bebildert).
  • Logfile hier posten.
  • Deinstallation: Systemsteuerung => Software / Programme deinstallieren => Eset Online Scanner V3 entfernen.
  • Manuell folgenden Ordner löschen und Papierkorb leeren => C:\Programme\Eset

__________________

__________________
Alt 18.11.2011, 16:34   #3
BastianX75
 
Gema-Trojaner und weitere Funde - Standard

Gema-Trojaner und weitere Funde


Hallo Arne,

vielen Dank für deine Hilfe. Hier die Logfiles:

Zitat:
Malwarebytes' Anti-Malware 1.51.2.1300
www.malwarebytes.org

Datenbank Version: 8187

Windows 6.0.6002 Service Pack 2
Internet Explorer 9.0.8112.16421

18.11.2011 14:27:05
mbam-log-2011-11-18 (14-26-34).txt

Art des Suchlaufs: Vollständiger Suchlauf (C:\|D:\|)
Durchsuchte Objekte: 336496
Laufzeit: 1 Stunde(n), 48 Minute(n), 7 Sekunde(n)

Infizierte Speicherprozesse: 0
Infizierte Speichermodule: 0
Infizierte Registrierungsschlüssel: 0
Infizierte Registrierungswerte: 0
Infizierte Dateiobjekte der Registrierung: 0
Infizierte Verzeichnisse: 1
Infizierte Dateien: 4

Infizierte Speicherprozesse:
(Keine bösartigen Objekte gefunden)

Infizierte Speichermodule:
(Keine bösartigen Objekte gefunden)

Infizierte Registrierungsschlüssel:
(Keine bösartigen Objekte gefunden)

Infizierte Registrierungswerte:
(Keine bösartigen Objekte gefunden)

Infizierte Dateiobjekte der Registrierung:
(Keine bösartigen Objekte gefunden)

Infizierte Verzeichnisse:
c:\Users\Brigitte\m-1-52-5782-8752-5245 (Trojan.Agent.Gen) -> No action taken.

Infizierte Dateien:
c:\Users\Brigitte\Music\Musik B\MUSIK\stress.exe (Joke.Stressreducer) -> No action taken.
c:\Users\Brigitte\Spiele\spiele klaus\stress.exe (Joke.Stressreducer) -> No action taken.
c:\Windows\Fonts\b75y5eg5e.com_ (Spyware.Passwords.XGen) -> No action taken.
c:\Users\Brigitte\AppData\Roaming\msnsvconfig.txt (Malware.Trace) -> No action taken.
Zitat:
ESETSmartInstaller@High as CAB hook log:
OnlineScanner.ocx - registred OK
# version=7
# iexplore.exe=9.00.8112.16421 (WIN7_IE9_RTM.110308-0330)
# OnlineScanner.ocx=1.0.0.6583
# api_version=3.0.2
# EOSSerial=f46fc5e54066ec46b9d48d51dadd7bb9
# end=finished
# remove_checked=false
# archives_checked=true
# unwanted_checked=true
# unsafe_checked=false
# antistealth_checked=true
# utc_time=2011-11-18 03:07:52
# local_time=2011-11-18 04:07:52 (+0100, Mitteleuropäische Zeit)
# country="Germany"
# lang=1033
# osver=6.0.6002 NT Service Pack 2
# compatibility_mode=1792 16777215 100 0 91189 91189 0 0
# compatibility_mode=5892 16776573 100 100 22217 159155936 0 0
# compatibility_mode=8192 67108863 100 0 3748 3748 0 0
# scanned=180378
# found=4
# cleaned=0
# scan_time=5663
C:\Program Files\Application Updater\ApplicationUpdater.exe probably a variant of Win32/Adware.Toolbar.Dealio application (unable to clean) 00000000000000000000000000000000 I
C:\Program Files\Common Files\Spigot\Search Settings\SearchSettings.exe a variant of Win32/Adware.Toolbar.Dealio application (unable to clean) 00000000000000000000000000000000 I
C:\Windows\Fonts\b75Y5eG5E.com_ a variant of Win32/Injector.JQV trojan (unable to clean) 00000000000000000000000000000000 I
${Memory} a variant of Win32/Adware.Toolbar.Dealio application 00000000000000000000000000000000 I
__________________
Alt 18.11.2011, 16:35   #4
cosinus
/// Winkelfunktion
/// TB-Süch-Tiger™
 
Gema-Trojaner und weitere Funde - Standard

Gema-Trojaner und weitere Funde


Zitat:
-> No action taken.
Die Funde müssen mit Malwarebytes entfernt waren! Bitte nachholen falls noch nicht getan!
__________________
Logfiles bitte immer in CODE-Tags posten

Alt 18.11.2011, 17:35   #5
BastianX75
 
Gema-Trojaner und weitere Funde - Standard

Gema-Trojaner und weitere Funde


Hallo,

Malwarebytes scannt gerade nochmal, damit ich damit dann auch löschen kann. Oder geht das auch "von Hand"?

Soll ich den ESET danach auch nochmal laufen lassen?


Alt 18.11.2011, 18:45   #6
cosinus
/// Winkelfunktion
/// TB-Süch-Tiger™
 
Gema-Trojaner und weitere Funde - Standard

Gema-Trojaner und weitere Funde


Poste erstmal das neue Log von Malwarebytes.
__________________
--> Gema-Trojaner und weitere Funde

Alt 18.11.2011, 19:10   #7
BastianX75
 
Gema-Trojaner und weitere Funde - Standard

Gema-Trojaner und weitere Funde


OK,

hier das neue Log

Zitat:
Malwarebytes' Anti-Malware 1.51.2.1300
www.malwarebytes.org

Datenbank Version: 8187

Windows 6.0.6002 Service Pack 2
Internet Explorer 9.0.8112.16421

18.11.2011 19:10:18
mbam-log-2011-11-18 (19-10-18).txt

Art des Suchlaufs: Vollständiger Suchlauf (C:\|D:\|)
Durchsuchte Objekte: 336721
Laufzeit: 1 Stunde(n), 35 Minute(n), 29 Sekunde(n)

Infizierte Speicherprozesse: 0
Infizierte Speichermodule: 0
Infizierte Registrierungsschlüssel: 0
Infizierte Registrierungswerte: 0
Infizierte Dateiobjekte der Registrierung: 0
Infizierte Verzeichnisse: 1
Infizierte Dateien: 4

Infizierte Speicherprozesse:
(Keine bösartigen Objekte gefunden)

Infizierte Speichermodule:
(Keine bösartigen Objekte gefunden)

Infizierte Registrierungsschlüssel:
(Keine bösartigen Objekte gefunden)

Infizierte Registrierungswerte:
(Keine bösartigen Objekte gefunden)

Infizierte Dateiobjekte der Registrierung:
(Keine bösartigen Objekte gefunden)

Infizierte Verzeichnisse:
c:\Users\Brigitte\m-1-52-5782-8752-5245 (Trojan.Agent.Gen) -> Quarantined and deleted successfully.

Infizierte Dateien:
c:\Users\Brigitte\Music\Musik B\MUSIK\stress.exe (Joke.Stressreducer) -> Quarantined and deleted successfully.
c:\Users\Brigitte\Spiele\spiele klaus\stress.exe (Joke.Stressreducer) -> Quarantined and deleted successfully.
c:\Windows\Fonts\b75y5eg5e.com_ (Spyware.Passwords.XGen) -> Quarantined and deleted successfully.
c:\Users\Brigitte\AppData\Roaming\msnsvconfig.txt (Malware.Trace) -> Quarantined and deleted successfully.

Alt 18.11.2011, 19:13   #8
cosinus
/// Winkelfunktion
/// TB-Süch-Tiger™
 
Gema-Trojaner und weitere Funde - Standard

Gema-Trojaner und weitere Funde


Ok, mach bitte ein neues OTL-Log:

CustomScan mit OTL

Falls noch nicht vorhanden, lade Dir bitte OTL von Oldtimer herunter und speichere es auf Deinem Desktop
  • Starte bitte die OTL.exe.
    Vista und Win7 User mit Rechtsklick "als Administrator starten"
  • Kopiere nun den kompletten Inhalt aus der untenstehenden Codebox in die Textbox von OTL - wenn OTL auf deutsch ist wird sie mit beschriftet
Code:
ATTFilter
netsvcs
msconfig
safebootminimal
safebootnetwork
activex
drivers32
%ALLUSERSPROFILE%\Application Data\*.
%ALLUSERSPROFILE%\Application Data\*.exe /s
%APPDATA%\*.
%APPDATA%\*.exe /s
%SYSTEMDRIVE%\*.exe
/md5start
wininit.exe
userinit.exe
eventlog.dll
scecli.dll
netlogon.dll
cngaudit.dll
ws2ifsl.sys
sceclt.dll
ntelogon.dll
winlogon.exe
logevent.dll
user32.DLL
iaStor.sys
nvstor.sys
atapi.sys
IdeChnDr.sys
viasraid.sys
AGP440.sys
vaxscsi.sys
nvatabus.sys
viamraid.sys
nvata.sys
nvgts.sys
iastorv.sys
ViPrt.sys
eNetHook.dll
ahcix86.sys
KR10N.sys
nvstor32.sys
ahcix86s.sys
/md5stop
%systemroot%\system32\drivers\*.sys /lockedfiles
%systemroot%\System32\config\*.sav
%systemroot%\*. /mp /s
%systemroot%\system32\*.dll /lockedfiles
CREATERESTOREPOINT
  • Schliesse bitte nun alle Programme. (Wichtig)
  • Klicke nun bitte auf den Quick Scan Button.
  • Klick auf .
  • Kopiere nun den Inhalt aus OTL.txt hier in Deinen Thread
__________________
Logfiles bitte immer in CODE-Tags posten

Alt 18.11.2011, 19:43   #9
BastianX75
 
Gema-Trojaner und weitere Funde - Standard

Gema-Trojaner und weitere Funde


Hallo,

OTL.txt:

OTL Logfile:
Code:
ATTFilter
OTL logfile created on: 18.11.2011 19:21:59 - Run 2
OTL by OldTimer - Version 3.2.31.0     Folder = C:\Users\Brigitte\Desktop
Windows Vista Home Premium Edition Service Pack 2 (Version = 6.0.6002) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
 
3,00 Gb Total Physical Memory | 1,95 Gb Available Physical Memory | 64,96% Memory free
6,19 Gb Paging File | 5,15 Gb Available in Paging File | 83,20% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 232,88 Gb Total Space | 120,46 Gb Free Space | 51,73% Space Free | Partition Type: NTFS
Drive D: | 221,16 Gb Total Space | 221,00 Gb Free Space | 99,93% Space Free | Partition Type: NTFS
 
Computer Name: BRIGITTESPC | User Name: Brigitte | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Quick Scan
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days
 
========== Processes (SafeList) ==========
 
PRC - [2011.11.17 15:18:11 | 000,584,192 | ---- | M] (OldTimer Tools) -- C:\Users\Brigitte\Desktop\OTL.exe
PRC - [2011.10.19 16:56:15 | 000,080,336 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\Program Files\Avira\AntiVir Desktop\avshadow.exe
PRC - [2011.10.19 16:56:01 | 000,086,224 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\Program Files\Avira\AntiVir Desktop\sched.exe
PRC - [2011.10.19 16:55:48 | 000,258,512 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\Program Files\Avira\AntiVir Desktop\avgnt.exe
PRC - [2011.10.19 16:55:48 | 000,110,032 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\Program Files\Avira\AntiVir Desktop\avguard.exe
PRC - [2011.09.27 21:34:02 | 000,894,304 | ---- | M] (Spigot, Inc.) -- C:\Program Files\Common Files\Spigot\Search Settings\SearchSettings.exe
PRC - [2011.09.27 20:08:40 | 000,745,880 | ---- | M] (Spigot, Inc.) -- C:\Program Files\Application Updater\ApplicationUpdater.exe
PRC - [2009.04.11 07:27:36 | 002,926,592 | ---- | M] (Microsoft Corporation) -- C:\Windows\explorer.exe
PRC - [2008.12.09 23:00:58 | 000,297,528 | ---- | M] (ASUS) -- C:\Program Files\ASUS\SmartLogon\sensorsrv.exe
PRC - [2008.10.21 17:57:30 | 000,307,200 | -H-- | M] (DeviceVM) -- C:\ASUS.SYS\DVMExportService.exe
PRC - [2008.07.10 01:09:26 | 000,191,032 | ---- | M] (ATK) -- C:\Program Files\P4G\BatteryLife.exe
PRC - [2008.06.19 20:18:12 | 000,154,168 | ---- | M] (ASUS) -- C:\Program Files\ASUS\ASUS CopyProtect\aspg.exe
PRC - [2008.06.04 01:29:08 | 000,851,968 | ---- | M] (ATK) -- C:\Program Files\ASUS\Splendid\ACMON.exe
PRC - [2008.03.31 10:55:48 | 000,225,280 | ---- | M] (ASUSTek Computer Inc.) -- C:\Program Files\ASUS\ASUS Data Security Manager\ADSMSrv.exe
PRC - [2008.02.01 23:17:26 | 000,233,472 | ---- | M] (ATK0100) -- C:\Program Files\ATK Hotkey\Hcontrol.exe
PRC - [2008.01.23 18:51:28 | 000,151,552 | ---- | M] () -- C:\Program Files\ATK Hotkey\WDC.exe
PRC - [2008.01.21 03:23:32 | 001,008,184 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Windows Defender\MSASCui.exe
PRC - [2007.12.04 18:57:06 | 002,486,272 | ---- | M] () -- C:\Program Files\ATK Hotkey\ATKOSD.exe
PRC - [2007.11.05 03:48:06 | 000,106,496 | ---- | M] () -- C:\Program Files\ATK Hotkey\MsgTranAgt.exe
PRC - [2007.10.12 05:44:28 | 000,106,496 | ---- | M] (ASUS) -- C:\Windows\System32\ASUSTPE.exe
PRC - [2007.10.03 05:53:00 | 000,094,208 | ---- | M] () -- C:\Program Files\ATK Hotkey\ASLDRSrv.exe
PRC - [2007.08.15 19:20:16 | 000,106,496 | ---- | M] () -- C:\Program Files\ATK Hotkey\KBFiltr.exe
PRC - [2007.08.08 08:08:40 | 000,094,208 | ---- | M] () -- C:\Program Files\ATKGFNEX\GFNEXSrv.exe
PRC - [2005.07.06 23:43:42 | 000,155,648 | ---- | M] (ASUSTeK) -- C:\Windows\System32\ACEngSvr.exe
PRC - [2005.01.21 16:44:06 | 000,065,536 | ---- | M] (OLYMPUS IMAGING CORP.) -- C:\Windows\System32\MrobeService.exe
 
 
========== Modules (No Company Name) ==========
 
MOD - [2008.10.24 14:13:01 | 000,159,744 | ---- | M] () -- C:\Windows\System32\atitmmxx.dll
MOD - [2007.06.15 18:28:36 | 000,147,456 | ---- | M] () -- C:\Program Files\ASUS\ASUS Data Security Manager\OverlayIconShlExt.dll
MOD - [2007.06.02 01:08:18 | 000,143,360 | ---- | M] () -- C:\Program Files\ASUS\ASUS Data Security Manager\OverlayIconShlExt1.dll
 
 
========== Win32 Services (SafeList) ==========
 
SRV - [2011.10.19 16:56:01 | 000,086,224 | ---- | M] (Avira Operations GmbH & Co. KG) [Auto | Running] -- C:\Program Files\Avira\AntiVir Desktop\sched.exe -- (AntiVirSchedulerService)
SRV - [2011.10.19 16:55:48 | 000,110,032 | ---- | M] (Avira Operations GmbH & Co. KG) [Auto | Running] -- C:\Program Files\Avira\AntiVir Desktop\avguard.exe -- (AntiVirService)
SRV - [2011.09.27 20:08:40 | 000,745,880 | ---- | M] (Spigot, Inc.) [Auto | Running] -- C:\Program Files\Application Updater\ApplicationUpdater.exe -- (Application Updater)
SRV - [2008.10.21 17:57:30 | 000,307,200 | -H-- | M] (DeviceVM) [Auto | Running] -- C:\ASUS.SYS\DVMExportService.exe -- (MDES)
SRV - [2008.03.31 10:55:48 | 000,225,280 | ---- | M] (ASUSTek Computer Inc.) [Auto | Running] -- C:\Program Files\ASUS\ASUS Data Security Manager\ADSMSrv.exe -- (ADSMService)
SRV - [2008.01.21 03:23:32 | 000,272,952 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files\Windows Defender\mpsvc.dll -- (WinDefend)
SRV - [2007.10.03 05:53:00 | 000,094,208 | ---- | M] () [Auto | Running] -- C:\Program Files\ATK Hotkey\ASLDRSrv.exe -- (ASLDRService)
SRV - [2007.08.08 08:08:40 | 000,094,208 | ---- | M] () [Auto | Running] -- C:\Program Files\ATKGFNEX\GFNEXSrv.exe -- (ATKGFNEXSrv)
SRV - [2005.01.21 16:44:06 | 000,065,536 | ---- | M] (OLYMPUS IMAGING CORP.) [Auto | Running] -- C:\Windows\System32\MrobeService.exe -- (MrobeService)
 
 
========== Driver Services (SafeList) ==========
 
DRV - [2011.10.19 16:56:15 | 000,134,344 | ---- | M] (Avira GmbH) [Kernel | System | Running] -- C:\Windows\System32\drivers\avipbb.sys -- (avipbb)
DRV - [2011.10.19 16:56:15 | 000,074,640 | ---- | M] (Avira GmbH) [File_System | Auto | Running] -- C:\Windows\System32\drivers\avgntflt.sys -- (avgntflt)
DRV - [2011.10.19 16:56:15 | 000,036,000 | ---- | M] (Avira GmbH) [Kernel | System | Running] -- C:\Windows\System32\drivers\avkmgr.sys -- (avkmgr)
DRV - [2010.06.17 15:14:27 | 000,028,520 | ---- | M] (Avira GmbH) [Kernel | System | Running] -- C:\Windows\System32\drivers\ssmdrv.sys -- (ssmdrv)
DRV - [2008.10.24 17:16:31 | 004,017,152 | ---- | M] (ATI Technologies Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\atikmdag.sys -- (atikmdag)
DRV - [2008.08.11 03:14:11 | 001,752,704 | ---- | M] () [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\snp2uvc.sys -- (SNP2UVC) USB2.0 PC Camera (SNP2UVC)
DRV - [2008.06.03 07:41:51 | 000,015,928 | ---- | M] ( ) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\kbfiltr.sys -- (kbfiltr)
DRV - [2008.05.29 18:21:02 | 000,015,416 | ---- | M] (Windows (R) Codename Longhorn DDK provider) [File_System | Boot | Running] -- C:\Windows\system32\DRIVERS\lullaby.sys -- (lullaby)
DRV - [2008.05.02 09:07:53 | 000,048,128 | ---- | M] (Silicon Integrated Systems Corp.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\SiSGB6.sys -- (SiSGbeLH)
DRV - [2008.04.27 19:07:44 | 000,909,824 | ---- | M] (Atheros Communications, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\athr.sys -- (athr)
DRV - [2007.08.11 04:19:26 | 000,029,752 | ---- | M] (Windows (R) Codename Longhorn DDK provider) [File_System | Boot | Running] -- C:\Windows\System32\drivers\AsDsm.sys -- (AsDsm)
DRV - [2007.07.24 19:09:04 | 000,013,880 | ---- | M] () [Kernel | Auto | Running] -- C:\Program Files\ATKGFNEX\ASMMAP.sys -- (ASMMAP)
DRV - [2006.12.14 08:11:57 | 000,007,680 | ---- | M] (ATK0100) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\ATKACPI.sys -- (MTsensor)
DRV - [2006.11.02 08:41:49 | 001,010,560 | ---- | M] (Motorola Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\smserial.sys -- (smserial)
 
 
========== Standard Registry (SafeList) ==========
 
 
========== Internet Explorer ==========
 
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://www.google.com/ig/redirectdomain?brand=ASUS&bmod=ASUS
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.google.com/ig/redirectdomain?brand=ASUS&bmod=ASUS
 
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://www.google.com/ig/redirectdomain?brand=ASUS&bmod=ASUS
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.google.com/ig/redirectdomain?brand=ASUS&bmod=ASUS
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,StartPageCache = 1
IE - HKCU\..\URLSearchHook: {01398B87-61AF-4FFB-9AB5-1A1C5FB39A9C} - C:\Program Files\Dealio Toolbar\IE\4.7\dealioToolbarIE.dll (Spigot, Inc.)
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
 
========== FireFox ==========
 
 
FF - HKLM\Software\MozillaPlugins\@google.com/npPicasa3,version=3.0.0: C:\Program Files\Google\Picasa3\npPicasa3.dll (Google, Inc.)
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: C:\Program Files\Microsoft Silverlight\4.0.60831.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeLive,version=1.5: C:\Program Files\Microsoft\Office Live\npOLW.dll (Microsoft Corp.)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=14.0.8051.1204: C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WPF,version=3.5: C:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files\Google\Update\1.3.21.79\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files\Google\Update\1.3.21.79\npGoogleUpdate3.dll (Google Inc.)
 
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Thunderbird 3.0.1\extensions\\Components: C:\Program Files\Mozilla Thunderbird\components [2010.03.27 20:45:38 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Thunderbird 3.0.1\extensions\\Plugins: C:\Program Files\Mozilla Thunderbird\plugins
 
[2010.01.04 16:17:47 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Brigitte\AppData\Roaming\mozilla\Extensions
[2010.01.04 16:17:47 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Brigitte\AppData\Roaming\mozilla\Extensions\{3550f703-e582-4d05-9a08-453d09bdfdc6}
 
========== Chrome  ==========
 
 
Hosts file not found
O2 - BHO: (Dealio Toolbar) - {01398B87-61AF-4FFB-9AB5-1A1C5FB39A9C} - C:\Program Files\Dealio Toolbar\IE\4.7\dealioToolbarIE.dll (Spigot, Inc.)
O2 - BHO: (Adobe PDF Reader) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll (Adobe Systems Incorporated)
O2 - BHO: (Adobe Reader) - {147FEC3F-6DE9-437C-8FC1-6B8A20AA0A72} - C:\Users\Brigitte\AppData\Roaming\AdobeReader\IE\AdobeReader.dll (Adobe Systems, Incorporated)
O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - No CLSID value found.
O2 - BHO: (Google Toolbar Notifier BHO) - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.7.6406.1642\swg.dll (Google Inc.)
O3 - HKLM\..\Toolbar: (Dealio Toolbar) - {01398B87-61AF-4FFB-9AB5-1A1C5FB39A9C} - C:\Program Files\Dealio Toolbar\IE\4.7\dealioToolbarIE.dll (Spigot, Inc.)
O4 - HKLM..\Run: []  File not found
O4 - HKLM..\Run: [ASUSTPE] C:\Windows\System32\ASUSTPE.exe (ASUS)
O4 - HKLM..\Run: [avgnt] C:\Program Files\Avira\AntiVir Desktop\avgnt.exe (Avira Operations GmbH & Co. KG)
O4 - HKLM..\Run: [ISUSScheduler] -start File not found
O4 - HKLM..\Run: [Malwarebytes' Anti-Malware (reboot)] C:\Program Files\Malwarebytes' Anti-Malware\mbam.exe (Malwarebytes Corporation)
O4 - HKLM..\Run: [SearchSettings] C:\Program Files\Common Files\Spigot\Search Settings\SearchSettings.exe (Spigot, Inc.)
O4 - HKLM..\Run: [StartCCC] MSRun File not found
O4 - HKLM..\Run: [Windows Defender] C:\Program Files\Windows Defender\MSASCui.exe (Microsoft Corporation)
O8 - Extra context menu item: Add to Google Photos Screensa&ver - C:\Windows\System32\GPhotos.scr (Google Inc.)
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000 File not found
O8 - Extra context menu item: Google Sidewiki... - C:\Program Files\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_7461B1589E8B4FB7.dll (Google Inc.)
O9 - Extra Button: An OneNote senden - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : An OneNote s&enden - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll (Microsoft Corporation)
O9 - Extra Button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL (Microsoft Corporation)
O13 - gopher Prefix: missing
O16 - DPF: {7530BFB8-7293-4D34-9923-61A11451AFC5} hxxp://download.eset.com/special/eos/OnlineScanner.cab (OnlineScanner Control)
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} hxxp://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab (Reg Error: Key error.)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.2.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{1250BE79-04B2-47E0-8C54-ED163386EFEA}: DhcpNameServer = 192.168.2.1
O18 - Protocol\Handler\livecall {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\WI1F86~1\MESSEN~1\MSGRAP~1.DLL (Microsoft Corporation)
O18 - Protocol\Handler\msnim {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\WI1F86~1\MESSEN~1\MSGRAP~1.DLL (Microsoft Corporation)
O18 - Protocol\Filter\text/xml {807563E5-5146-11D5-A672-00B0D022E945} - C:\PROGRA~1\COMMON~1\MICROS~1\OFFICE12\MSOXMLMF.DLL (Microsoft Corporation)
O20 - HKLM Winlogon: Shell - (Explorer.exe) -C:\Windows\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) -C:\Windows\System32\userinit.exe (Microsoft Corporation)
O20 - Winlogon\Notify\keraipx: DllName - (Reg Error: Value error.) - Reg Error: Value error. File not found
O24 - Desktop WallPaper: C:\Users\Brigitte\AppData\Roaming\Microsoft\Windows Photo Gallery\Hintergrundbild der Windows-Fotogalerie.jpg
O24 - Desktop BackupWallPaper: C:\Users\Brigitte\AppData\Roaming\Microsoft\Windows Photo Gallery\Hintergrundbild der Windows-Fotogalerie.jpg
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2006.09.18 22:43:36 | 000,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ]
O34 - HKLM BootExecute: (autocheck autochk *)
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
 
NetSvcs: FastUserSwitchingCompatibility -  File not found
NetSvcs: Ias - C:\Windows\System32\ias.dll (Microsoft Corporation)
NetSvcs: Nla -  File not found
NetSvcs: Ntmssvc -  File not found
NetSvcs: NWCWorkstation -  File not found
NetSvcs: Nwsapagent -  File not found
NetSvcs: SRService -  File not found
NetSvcs: WmdmPmSp -  File not found
NetSvcs: LogonHours -  File not found
NetSvcs: PCAudit -  File not found
NetSvcs: helpsvc -  File not found
NetSvcs: uploadmgr -  File not found
 
 
SafeBootMin: AppMgmt - Service
SafeBootMin: Base - Driver Group
SafeBootMin: Boot Bus Extender - Driver Group
SafeBootMin: Boot file system - Driver Group
SafeBootMin: File system - Driver Group
SafeBootMin: Filter - Driver Group
SafeBootMin: HelpSvc - Service
SafeBootMin: NTDS -  File not found
SafeBootMin: PCI Configuration - Driver Group
SafeBootMin: PNP Filter - Driver Group
SafeBootMin: Primary disk - Driver Group
SafeBootMin: sacsvr - Service
SafeBootMin: SCSI Class - Driver Group
SafeBootMin: System Bus Extender - Driver Group
SafeBootMin: WinDefend - C:\Program Files\Windows Defender\mpsvc.dll (Microsoft Corporation)
SafeBootMin: {36FC9E60-C465-11CF-8056-444553540000} - Universal Serial Bus controllers
SafeBootMin: {4D36E965-E325-11CE-BFC1-08002BE10318} - CD-ROM Drive
SafeBootMin: {4D36E967-E325-11CE-BFC1-08002BE10318} - DiskDrive
SafeBootMin: {4D36E969-E325-11CE-BFC1-08002BE10318} - Standard floppy disk controller
SafeBootMin: {4D36E96A-E325-11CE-BFC1-08002BE10318} - Hdc
SafeBootMin: {4D36E96B-E325-11CE-BFC1-08002BE10318} - Keyboard
SafeBootMin: {4D36E96F-E325-11CE-BFC1-08002BE10318} - Mouse
SafeBootMin: {4D36E977-E325-11CE-BFC1-08002BE10318} - PCMCIA Adapters
SafeBootMin: {4D36E97B-E325-11CE-BFC1-08002BE10318} - SCSIAdapter
SafeBootMin: {4D36E97D-E325-11CE-BFC1-08002BE10318} - System
SafeBootMin: {4D36E980-E325-11CE-BFC1-08002BE10318} - Floppy disk drive
SafeBootMin: {533C5B84-EC70-11D2-9505-00C04F79DEAF} - Volume shadow copy
SafeBootMin: {6BDD1FC1-810F-11D0-BEC7-08002BE2092F} - IEEE 1394 Bus host controllers
SafeBootMin: {71A27CDD-812A-11D0-BEC7-08002BE2092F} - Volume
SafeBootMin: {745A17A0-74D3-11D0-B6FE-00A0C90F57DA} - Human Interface Devices
SafeBootMin: {D48179BE-EC20-11D1-B6B8-00C04FA372A7} - SBP2 IEEE 1394 Devices
SafeBootMin: {D94EE5D8-D189-4994-83D2-F68D7D41B0E6} - SecurityDevices
 
SafeBootNet: AppMgmt - Service
SafeBootNet: Base - Driver Group
SafeBootNet: Boot Bus Extender - Driver Group
SafeBootNet: Boot file system - Driver Group
SafeBootNet: File system - Driver Group
SafeBootNet: Filter - Driver Group
SafeBootNet: HelpSvc - Service
SafeBootNet: Messenger - Service
SafeBootNet: NDIS Wrapper - Driver Group
SafeBootNet: NetBIOSGroup - Driver Group
SafeBootNet: NetDDEGroup - Driver Group
SafeBootNet: Network - Driver Group
SafeBootNet: NetworkProvider - Driver Group
SafeBootNet: NTDS -  File not found
SafeBootNet: PCI Configuration - Driver Group
SafeBootNet: PNP Filter - Driver Group
SafeBootNet: PNP_TDI - Driver Group
SafeBootNet: Primary disk - Driver Group
SafeBootNet: rdsessmgr - Service
SafeBootNet: sacsvr - Service
SafeBootNet: SCSI Class - Driver Group
SafeBootNet: Streams Drivers - Driver Group
SafeBootNet: System Bus Extender - Driver Group
SafeBootNet: TDI - Driver Group
SafeBootNet: WinDefend - C:\Program Files\Windows Defender\mpsvc.dll (Microsoft Corporation)
SafeBootNet: WudfPf - Driver
SafeBootNet: WudfUsbccidDriver - Driver
SafeBootNet: {36FC9E60-C465-11CF-8056-444553540000} - Universal Serial Bus controllers
SafeBootNet: {4D36E965-E325-11CE-BFC1-08002BE10318} - CD-ROM Drive
SafeBootNet: {4D36E967-E325-11CE-BFC1-08002BE10318} - DiskDrive
SafeBootNet: {4D36E969-E325-11CE-BFC1-08002BE10318} - Standard floppy disk controller
SafeBootNet: {4D36E96A-E325-11CE-BFC1-08002BE10318} - Hdc
SafeBootNet: {4D36E96B-E325-11CE-BFC1-08002BE10318} - Keyboard
SafeBootNet: {4D36E96F-E325-11CE-BFC1-08002BE10318} - Mouse
SafeBootNet: {4D36E972-E325-11CE-BFC1-08002BE10318} - Net
SafeBootNet: {4D36E973-E325-11CE-BFC1-08002BE10318} - NetClient
SafeBootNet: {4D36E974-E325-11CE-BFC1-08002BE10318} - NetService
SafeBootNet: {4D36E975-E325-11CE-BFC1-08002BE10318} - NetTrans
SafeBootNet: {4D36E977-E325-11CE-BFC1-08002BE10318} - PCMCIA Adapters
SafeBootNet: {4D36E97B-E325-11CE-BFC1-08002BE10318} - SCSIAdapter
SafeBootNet: {4D36E97D-E325-11CE-BFC1-08002BE10318} - System
SafeBootNet: {4D36E980-E325-11CE-BFC1-08002BE10318} - Floppy disk drive
SafeBootNet: {50DD5230-BA8A-11D1-BF5D-0000F805F530} - Smart card readers
SafeBootNet: {533C5B84-EC70-11D2-9505-00C04F79DEAF} - Volume shadow copy
SafeBootNet: {6BDD1FC1-810F-11D0-BEC7-08002BE2092F} - IEEE 1394 Bus host controllers
SafeBootNet: {71A27CDD-812A-11D0-BEC7-08002BE2092F} - Volume
SafeBootNet: {745A17A0-74D3-11D0-B6FE-00A0C90F57DA} - Human Interface Devices
SafeBootNet: {D48179BE-EC20-11D1-B6B8-00C04FA372A7} - SBP2 IEEE 1394 Devices
SafeBootNet: {D94EE5D8-D189-4994-83D2-F68D7D41B0E6} - SecurityDevices
 
ActiveX: {10880D85-AAD9-4558-ABDC-2AB1552D831F} - "C:\Program Files\Common Files\LightScribe\LSRunOnce.exe"
ActiveX: {2179C5D3-EBFF-11CF-B6FD-00AA00B4E220} - 
ActiveX: {22d6f312-b0f6-11d0-94ab-0080c74c7e95} - Microsoft Windows Media Player 11.0
ActiveX: {25FFAAD0-F4A3-4164-95FF-4461E9F35D51} - .NET Framework
ActiveX: {2C7339CF-2B09-4501-B3F3-F3508C9228ED} - %SystemRoot%\system32\regsvr32.exe /s /n /i:/UserInstall %SystemRoot%\system32\themeui.dll
ActiveX: {3af36230-a269-11d1-b5bf-0000f8051515} - Offline Browsing Pack
ActiveX: {3C3901C5-3455-3E0A-A214-0B093A5070A6} - .NET Framework
ActiveX: {44BBA840-CC51-11CF-AAFA-00AA00B6015C} - "%ProgramFiles%\Windows Mail\WinMail.exe" OCInstallUserConfigOE
ActiveX: {44BBA848-CC51-11CF-AAFA-00AA00B6015C} - 
ActiveX: {44BBA855-CC51-11CF-AAFA-00AA00B6015F} - DirectDrawEx
ActiveX: {45ea75a0-a269-11d1-b5bf-0000f8051515} - Internet Explorer Help
ActiveX: {4f645220-306d-11d2-995d-00c04f98bbc9} - Microsoft Windows Script 5.6
ActiveX: {5fd399c0-a70a-11d1-9948-00c04f98bbc9} - Internet Explorer Setup Tools
ActiveX: {630b1da0-b465-11d1-9948-00c04f98bbc9} - Browsing Enhancements
ActiveX: {6BF52A52-394A-11d3-B153-00C04F79FAA6} - Microsoft Windows Media Player
ActiveX: {6fab99d0-bab8-11d1-994a-00c04f98bbc9} - MSN Site Access
ActiveX: {7790769C-0471-11d2-AF11-00C04FA35D02} - Address Book 7
ActiveX: {7C028AF8-F614-47B3-82DA-BA94E41B1089} - .NET Framework
ActiveX: {89820200-ECBD-11cf-8B85-00AA005B4340} - regsvr32.exe /s /n /i:U shell32.dll
ActiveX: {89820200-ECBD-11cf-8B85-00AA005B4383} - C:\Windows\system32\ie4uinit.exe -BaseSettings
ActiveX: {89B4C1CD-B018-4511-B0A1-5476DBF70820} - C:\Windows\system32\Rundll32.exe C:\Windows\system32\mscories.dll,Install
ActiveX: {9381D8F2-0288-11D0-9501-00AA00B911A5} - Dynamic HTML Data Binding
ActiveX: {C9E9A340-D1F1-11D0-821E-444553540600} - Internet Explorer Core Fonts
ActiveX: {CDD7975E-60F8-41d5-8149-19E51D6F71D0} - Windows Movie Maker v2.1
ActiveX: {D27CDB6E-AE6D-11CF-96B8-444553540000} - Adobe Flash Player 9 ActiveX
ActiveX: {de5aed00-a4bf-11d1-9948-00c04f98bbc9} - HTML Help
ActiveX: {E92B03AB-B707-11d2-9CBD-0000F87A369E} - Active Directory Service Interface
ActiveX: {tkILaiAG-Z968-IeXL-outj-7zkVqmn5RUHY} - 
ActiveX: >{22d6f312-b0f6-11d0-94ab-0080c74c7e95} - C:\Windows\system32\unregmp2.exe /ShowWMP
ActiveX: >{26923b43-4d38-484f-9b9e-de460746276c} - C:\Windows\system32\ie4uinit.exe -UserIconConfig
ActiveX: >{60B49E34-C7CC-11D0-8953-00A0C90347FF} - "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\iedkcs32.dll",BrandIEActiveSetup SIGNUP
 
Drivers32: msacm.l3acm - C:\Windows\System32\l3codeca.acm (Fraunhofer Institut Integrierte Schaltungen IIS)
Drivers32: msacm.l3codecp - C:\Windows\System32\l3codecp.acm (Fraunhofer Institut Integrierte Schaltungen IIS)
Drivers32: MSVideo8 - C:\Windows\System32\vfwwdm32.dll (Microsoft Corporation)
Drivers32: vidc.cvid - C:\Windows\System32\iccvid.dll (Radius Inc.)
 
CREATERESTOREPOINT
Restore point Set: OTL Restore Point
 
========== Files/Folders - Created Within 30 Days ==========
 
[2011.11.18 19:18:10 | 000,000,000 | -H-D | C] -- C:\dvmexp
[2011.11.18 14:31:00 | 000,000,000 | ---D | C] -- C:\Program Files\ESET
[2011.11.18 12:25:45 | 000,000,000 | ---D | C] -- C:\Users\Brigitte\AppData\Roaming\Malwarebytes
[2011.11.18 12:25:24 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes' Anti-Malware
[2011.11.18 12:25:23 | 000,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes
[2011.11.18 12:25:20 | 000,022,216 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbam.sys
[2011.11.18 12:25:19 | 000,000,000 | ---D | C] -- C:\Program Files\Malwarebytes' Anti-Malware
[2011.11.17 19:49:51 | 000,000,000 | ---D | C] -- C:\NBRT
[2011.11.17 15:18:04 | 000,584,192 | ---- | C] (OldTimer Tools) -- C:\Users\Brigitte\Desktop\OTL.exe
[2011.11.17 14:18:50 | 000,000,000 | ---D | C] -- C:\Users\Brigitte\AppData\Roaming\Avira
[2011.11.17 14:14:00 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Avira
[2011.11.17 14:13:41 | 000,028,520 | ---- | C] (Avira GmbH) -- C:\Windows\System32\drivers\ssmdrv.sys
[2011.11.17 14:13:40 | 000,134,344 | ---- | C] (Avira GmbH) -- C:\Windows\System32\drivers\avipbb.sys
[2011.11.17 14:13:40 | 000,074,640 | ---- | C] (Avira GmbH) -- C:\Windows\System32\drivers\avgntflt.sys
[2011.11.17 14:13:40 | 000,036,000 | ---- | C] (Avira GmbH) -- C:\Windows\System32\drivers\avkmgr.sys
[2011.11.17 14:13:39 | 000,000,000 | ---D | C] -- C:\ProgramData\Avira
[2011.11.17 14:13:39 | 000,000,000 | ---D | C] -- C:\Program Files\Avira
[2011.11.17 14:08:07 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\CCleaner
[2011.11.17 14:08:07 | 000,000,000 | ---D | C] -- C:\Program Files\CCleaner
[2011.11.14 18:57:36 | 000,095,744 | ---- | C] (Kassl GmbH) -- C:\Users\Brigitte\AppData\Roaming\dwlGina3.dll
[2011.11.13 20:43:55 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\DEUTSCHLAND SPIELT
[2011.11.13 20:43:52 | 000,000,000 | ---D | C] -- C:\Program Files\DEUTSCHLAND SPIELT
[2011.11.13 20:43:27 | 000,000,000 | ---D | C] -- C:\Program Files\OXXOGames
[2011.11.13 20:41:06 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Purplehills
[2011.11.07 19:01:38 | 000,000,000 | ---D | C] -- C:\Program Files\Application Updater
[2011.11.07 19:01:36 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Spigot
[2011.11.07 19:01:36 | 000,000,000 | ---D | C] -- C:\Program Files\Dealio Toolbar
[2008.06.03 07:41:51 | 000,015,928 | ---- | C] ( ) -- C:\Windows\System32\drivers\kbfiltr.sys
 
========== Files - Modified Within 30 Days ==========
 
[2011.11.18 19:18:33 | 000,045,056 | ---- | M] () -- C:\Windows\System32\acovcnt.exe
[2011.11.18 19:18:09 | 000,001,094 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job
[2011.11.18 19:18:06 | 000,003,616 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0
[2011.11.18 19:18:06 | 000,003,616 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0
[2011.11.18 19:17:59 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2011.11.18 19:17:52 | 3218,403,328 | -HS- | M] () -- C:\hiberfil.sys
[2011.11.18 19:08:08 | 000,001,098 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job
[2011.11.18 19:07:49 | 000,001,978 | ---- | M] () -- C:\Users\Public\Desktop\Google Chrome.lnk
[2011.11.18 18:41:00 | 000,000,350 | ---- | M] () -- C:\Windows\tasks\At19.job
[2011.11.18 17:41:00 | 000,000,350 | ---- | M] () -- C:\Windows\tasks\At18.job
[2011.11.18 16:41:00 | 000,000,350 | ---- | M] () -- C:\Windows\tasks\At17.job
[2011.11.18 15:41:17 | 000,000,350 | ---- | M] () -- C:\Windows\tasks\At16.job
[2011.11.18 14:41:00 | 000,000,350 | ---- | M] () -- C:\Windows\tasks\At15.job
[2011.11.18 13:41:00 | 000,000,350 | ---- | M] () -- C:\Windows\tasks\At14.job
[2011.11.18 12:41:00 | 000,000,350 | ---- | M] () -- C:\Windows\tasks\At13.job
[2011.11.18 12:23:45 | 000,000,350 | ---- | M] () -- C:\Windows\tasks\At12.job
[2011.11.18 12:23:45 | 000,000,350 | ---- | M] () -- C:\Windows\tasks\At11.job
[2011.11.18 10:02:57 | 000,000,921 | ---- | M] () -- C:\Users\Brigitte\Desktop\Für alle Hilfesuchenden! Was muss ich vor der Eröffnung eines Themas beachten - Trojaner-Board.website
[2011.11.18 10:02:01 | 000,001,063 | ---- | M] () -- C:\Users\Brigitte\Desktop\Gmer.zip
[2011.11.18 10:01:40 | 000,017,553 | ---- | M] () -- C:\Users\Brigitte\Desktop\Extras.zip
[2011.11.18 09:41:00 | 000,000,350 | ---- | M] () -- C:\Windows\tasks\At10.job
[2011.11.18 09:29:57 | 000,623,904 | ---- | M] () -- C:\Windows\System32\perfh007.dat
[2011.11.18 09:29:57 | 000,591,854 | ---- | M] () -- C:\Windows\System32\perfh009.dat
[2011.11.18 09:29:57 | 000,123,918 | ---- | M] () -- C:\Windows\System32\perfc007.dat
[2011.11.18 09:29:57 | 000,102,126 | ---- | M] () -- C:\Windows\System32\perfc009.dat
[2011.11.18 08:41:00 | 000,000,350 | ---- | M] () -- C:\Windows\tasks\At9.job
[2011.11.18 08:19:37 | 000,000,350 | ---- | M] () -- C:\Windows\tasks\At8.job
[2011.11.18 08:19:37 | 000,000,350 | ---- | M] () -- C:\Windows\tasks\At7.job
[2011.11.18 08:19:37 | 000,000,350 | ---- | M] () -- C:\Windows\tasks\At6.job
[2011.11.18 08:19:37 | 000,000,350 | ---- | M] () -- C:\Windows\tasks\At5.job
[2011.11.18 03:41:00 | 000,000,350 | ---- | M] () -- C:\Windows\tasks\At4.job
[2011.11.18 03:00:52 | 000,000,350 | ---- | M] () -- C:\Windows\tasks\At3.job
[2011.11.18 02:12:57 | 000,000,350 | ---- | M] () -- C:\Windows\tasks\At22.job
[2011.11.18 02:12:56 | 000,000,350 | ---- | M] () -- C:\Windows\tasks\At24.job
[2011.11.18 02:12:56 | 000,000,350 | ---- | M] () -- C:\Windows\tasks\At23.job
[2011.11.18 02:12:56 | 000,000,350 | ---- | M] () -- C:\Windows\tasks\At2.job
[2011.11.18 02:12:56 | 000,000,350 | ---- | M] () -- C:\Windows\tasks\At1.job
[2011.11.17 20:41:00 | 000,000,350 | ---- | M] () -- C:\Windows\tasks\At21.job
[2011.11.17 20:22:35 | 000,000,350 | ---- | M] () -- C:\Windows\tasks\At20.job
[2011.11.17 16:01:06 | 000,302,592 | ---- | M] () -- C:\Users\Brigitte\Desktop\g4ws5333.exe
[2011.11.17 15:18:11 | 000,584,192 | ---- | M] (OldTimer Tools) -- C:\Users\Brigitte\Desktop\OTL.exe
[2011.11.17 14:52:39 | 000,000,000 | ---- | M] () -- C:\Users\Brigitte\defogger_reenable
[2011.11.17 14:50:46 | 000,050,477 | ---- | M] () -- C:\Users\Brigitte\Desktop\Defogger.exe
[2011.11.17 14:14:00 | 000,001,854 | ---- | M] () -- C:\Users\Public\Desktop\Avira Control Center.lnk
[2011.11.17 14:09:51 | 000,143,458 | ---- | M] () -- C:\Users\Brigitte\Desktop\registry_backup_17_11_2011.reg
[2011.11.14 18:57:36 | 000,095,744 | ---- | M] (Kassl GmbH) -- C:\Users\Brigitte\AppData\Roaming\dwlGina3.dll
[2011.11.13 21:19:25 | 000,000,931 | ---- | M] () -- C:\Users\Public\Desktop\GAME CENTER.lnk
[2011.11.13 21:19:24 | 000,001,046 | ---- | M] () -- C:\Users\Public\Desktop\Mini Golf Pro.lnk
[2011.11.13 21:16:43 | 000,000,982 | ---- | M] () -- C:\Users\Public\Desktop\3D Pool Billiard.lnk
[2011.11.13 20:43:55 | 000,001,031 | ---- | M] () -- C:\Users\Public\Desktop\Super Puzzle.lnk
[2011.11.13 20:41:06 | 000,001,031 | ---- | M] () -- C:\Users\Brigitte\Desktop\Rune of Fate.lnk
[2011.11.13 15:17:52 | 000,000,129 | ---- | M] () -- C:\Windows\System32\MRT.INI
[2011.11.06 22:59:15 | 000,373,456 | ---- | M] () -- C:\Windows\System32\FNTCACHE.DAT
[2011.11.06 22:51:03 | 000,008,798 | ---- | M] () -- C:\Windows\System32\icrav03.rat
[2011.11.06 22:51:03 | 000,001,988 | ---- | M] () -- C:\Windows\System32\ticrf.rat
[2011.11.06 22:50:45 | 000,072,822 | ---- | M] () -- C:\Windows\System32\ieuinit.inf
 
========== Files Created - No Company Name ==========
 
[2011.11.18 10:02:01 | 000,001,063 | ---- | C] () -- C:\Users\Brigitte\Desktop\Gmer.zip
[2011.11.18 10:01:40 | 000,017,553 | ---- | C] () -- C:\Users\Brigitte\Desktop\Extras.zip
[2011.11.17 16:01:05 | 000,302,592 | ---- | C] () -- C:\Users\Brigitte\Desktop\g4ws5333.exe
[2011.11.17 14:52:39 | 000,000,000 | ---- | C] () -- C:\Users\Brigitte\defogger_reenable
[2011.11.17 14:52:02 | 000,000,921 | ---- | C] () -- C:\Users\Brigitte\Desktop\Für alle Hilfesuchenden! Was muss ich vor der Eröffnung eines Themas beachten - Trojaner-Board.website
[2011.11.17 14:50:46 | 000,050,477 | ---- | C] () -- C:\Users\Brigitte\Desktop\Defogger.exe
[2011.11.17 14:14:00 | 000,001,854 | ---- | C] () -- C:\Users\Public\Desktop\Avira Control Center.lnk
[2011.11.17 14:09:43 | 000,143,458 | ---- | C] () -- C:\Users\Brigitte\Desktop\registry_backup_17_11_2011.reg
[2011.11.17 10:11:42 | 3218,403,328 | -HS- | C] () -- C:\hiberfil.sys
[2011.11.13 21:16:43 | 000,000,982 | ---- | C] () -- C:\Users\Public\Desktop\3D Pool Billiard.lnk
[2011.11.13 20:48:03 | 000,001,046 | ---- | C] () -- C:\Users\Public\Desktop\Mini Golf Pro.lnk
[2011.11.13 20:43:56 | 000,000,931 | ---- | C] () -- C:\Users\Public\Desktop\GAME CENTER.lnk
[2011.11.13 20:43:55 | 000,001,031 | ---- | C] () -- C:\Users\Public\Desktop\Super Puzzle.lnk
[2011.11.13 20:41:06 | 000,001,031 | ---- | C] () -- C:\Users\Brigitte\Desktop\Rune of Fate.lnk
[2011.11.06 22:50:45 | 000,072,822 | ---- | C] () -- C:\Windows\System32\ieuinit.inf
[2011.11.06 20:43:34 | 000,000,129 | ---- | C] () -- C:\Windows\System32\MRT.INI
[2011.09.20 18:17:32 | 000,000,112 | ---- | C] () -- C:\ProgramData\rp6acykG.dat
[2010.08.11 19:25:49 | 000,053,248 | ---- | C] () -- C:\Windows\System32\unrar.dll
[2010.01.11 19:46:42 | 000,117,248 | ---- | C] () -- C:\Windows\System32\EhStorAuthn.dll
[2010.01.11 19:46:42 | 000,107,612 | ---- | C] () -- C:\Windows\System32\StructuredQuerySchema.bin
[2009.10.02 18:12:02 | 000,014,848 | ---- | C] () -- C:\Users\Brigitte\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2009.09.18 20:39:42 | 000,000,024 | ---- | C] () -- C:\Windows\ATKPF.ini
[2009.09.18 19:24:31 | 000,045,056 | ---- | C] () -- C:\Windows\System32\acovcnt.exe
[2009.04.11 10:45:16 | 000,033,136 | ---- | C] () -- C:\Windows\ASScrPro .exe
[2009.04.11 10:45:06 | 000,047,672 | ---- | C] () -- C:\Windows\AsScrProlog .exe
[2009.04.11 10:15:27 | 000,000,000 | ---- | C] () -- C:\Windows\ativpsrm.bin
[2009.04.11 09:52:55 | 000,018,904 | ---- | C] () -- C:\Windows\System32\StructuredQuerySchemaTrivial.bin
[2008.10.28 22:16:00 | 000,362,029 | ---- | C] () -- C:\Windows\System32\sqlite3.dll
[2008.10.24 14:13:01 | 000,159,744 | ---- | C] () -- C:\Windows\System32\atitmmxx.dll
[2008.10.24 13:36:05 | 003,107,788 | ---- | C] () -- C:\Windows\System32\atiumdva.dat
[2008.10.21 04:39:59 | 000,081,920 | ---- | C] () -- C:\Windows\System32\ATIODE.exe
[2008.10.21 04:39:59 | 000,045,056 | ---- | C] () -- C:\Windows\System32\ATIODCLI.exe
[2008.08.14 05:42:21 | 000,176,214 | ---- | C] () -- C:\Windows\System32\atiicdxx.dat
[2008.08.11 03:14:11 | 001,752,704 | ---- | C] () -- C:\Windows\System32\drivers\snp2uvc.sys
[2008.07.02 03:28:38 | 000,061,440 | ---- | C] () -- C:\Program Files\Common Files\CPInstallAction.dll
[2008.05.22 17:35:54 | 000,051,962 | ---- | C] () -- C:\Program Files\Common Files\banner.jpg
[2008.05.12 04:20:31 | 000,028,672 | ---- | C] () -- C:\Windows\System32\drivers\sncduvc.sys
[2008.04.16 12:11:34 | 000,623,904 | ---- | C] () -- C:\Windows\System32\perfh007.dat
[2008.04.16 12:11:34 | 000,290,748 | ---- | C] () -- C:\Windows\System32\perfi007.dat
[2008.04.16 12:11:34 | 000,123,918 | ---- | C] () -- C:\Windows\System32\perfc007.dat
[2008.04.16 12:11:34 | 000,036,916 | ---- | C] () -- C:\Windows\System32\perfd007.dat
[2008.04.16 11:43:39 | 000,000,010 | ---- | C] () -- C:\Windows\System32\ABLKSR.ini
[2007.08.06 18:18:31 | 000,081,920 | ---- | C] () -- C:\Windows\PGMonitor.exe
[2007.07.23 09:03:32 | 000,053,248 | ---- | C] () -- C:\Windows\System32\AgCPanelTraditionalChinese.dll
[2007.07.23 09:03:32 | 000,053,248 | ---- | C] () -- C:\Windows\System32\AgCPanelSwedish.dll
[2007.07.23 09:03:32 | 000,053,248 | ---- | C] () -- C:\Windows\System32\AgCPanelSpanish.dll
[2007.07.23 09:03:30 | 000,053,248 | ---- | C] () -- C:\Windows\System32\AgCPanelSimplifiedChinese.dll
[2007.07.23 09:03:30 | 000,053,248 | ---- | C] () -- C:\Windows\System32\AgCPanelPortugese.dll
[2007.07.23 09:03:30 | 000,053,248 | ---- | C] () -- C:\Windows\System32\AgCPanelKorean.dll
[2007.07.23 09:03:30 | 000,053,248 | ---- | C] () -- C:\Windows\System32\AgCPanelJapanese.dll
[2007.07.23 09:03:30 | 000,053,248 | ---- | C] () -- C:\Windows\System32\AgCPanelGerman.dll
[2007.07.23 09:03:30 | 000,053,248 | ---- | C] () -- C:\Windows\System32\AgCPanelFrench.dll
[2006.11.02 13:57:28 | 000,067,584 | --S- | C] () -- C:\Windows\bootstat.dat
[2006.11.02 13:47:37 | 000,373,456 | ---- | C] () -- C:\Windows\System32\FNTCACHE.DAT
[2006.11.02 13:35:32 | 000,005,632 | ---- | C] () -- C:\Windows\System32\sysprepMCE.dll
[2006.11.02 11:33:01 | 000,591,854 | ---- | C] () -- C:\Windows\System32\perfh009.dat
[2006.11.02 11:33:01 | 000,287,440 | ---- | C] () -- C:\Windows\System32\perfi009.dat
[2006.11.02 11:33:01 | 000,102,126 | ---- | C] () -- C:\Windows\System32\perfc009.dat
[2006.11.02 11:33:01 | 000,030,674 | ---- | C] () -- C:\Windows\System32\perfd009.dat
[2006.11.02 11:23:21 | 000,215,943 | ---- | C] () -- C:\Windows\System32\dssec.dat
[2006.11.02 09:58:30 | 000,043,131 | ---- | C] () -- C:\Windows\mib.bin
[2006.11.02 09:19:00 | 000,000,741 | ---- | C] () -- C:\Windows\System32\NOISE.DAT
[2006.11.02 08:40:29 | 000,013,750 | ---- | C] () -- C:\Windows\System32\pacerprf.ini
[2006.11.02 08:25:31 | 000,673,088 | ---- | C] () -- C:\Windows\System32\mlang.dat
[2006.03.09 02:57:59 | 001,060,424 | ---- | C] () -- C:\Windows\System32\WdfCoInstaller01000.dll
 
========== LOP Check ==========
 
[2009.10.02 18:19:31 | 000,000,000 | ---D | M] -- C:\Users\Brigitte\AppData\Roaming\EleFun Games
[2010.08.19 18:53:37 | 000,000,000 | ---D | M] -- C:\Users\Brigitte\AppData\Roaming\FreeAudioPack
[2010.03.23 16:08:14 | 000,000,000 | ---D | M] -- C:\Users\Brigitte\AppData\Roaming\OLYMPUS
[2010.01.04 16:17:46 | 000,000,000 | ---D | M] -- C:\Users\Brigitte\AppData\Roaming\Thunderbird
[2009.09.18 20:07:22 | 000,000,000 | ---D | M] -- C:\Users\Brigitte\AppData\Roaming\Zylom
[2011.09.19 19:41:23 | 000,000,224 | ---- | M] () -- C:\Windows\Tasks\1c6bbdb0.job
[2011.11.18 02:12:56 | 000,000,350 | ---- | M] () -- C:\Windows\Tasks\At1.job
[2011.11.18 09:41:00 | 000,000,350 | ---- | M] () -- C:\Windows\Tasks\At10.job
[2011.11.18 12:23:45 | 000,000,350 | ---- | M] () -- C:\Windows\Tasks\At11.job
[2011.11.18 12:23:45 | 000,000,350 | ---- | M] () -- C:\Windows\Tasks\At12.job
[2011.11.18 12:41:00 | 000,000,350 | ---- | M] () -- C:\Windows\Tasks\At13.job
[2011.11.18 13:41:00 | 000,000,350 | ---- | M] () -- C:\Windows\Tasks\At14.job
[2011.11.18 14:41:00 | 000,000,350 | ---- | M] () -- C:\Windows\Tasks\At15.job
[2011.11.18 15:41:17 | 000,000,350 | ---- | M] () -- C:\Windows\Tasks\At16.job
[2011.11.18 16:41:00 | 000,000,350 | ---- | M] () -- C:\Windows\Tasks\At17.job
[2011.11.18 17:41:00 | 000,000,350 | ---- | M] () -- C:\Windows\Tasks\At18.job
[2011.11.18 18:41:00 | 000,000,350 | ---- | M] () -- C:\Windows\Tasks\At19.job
[2011.11.18 02:12:56 | 000,000,350 | ---- | M] () -- C:\Windows\Tasks\At2.job
[2011.11.17 20:22:35 | 000,000,350 | ---- | M] () -- C:\Windows\Tasks\At20.job
[2011.11.17 20:41:00 | 000,000,350 | ---- | M] () -- C:\Windows\Tasks\At21.job
[2011.11.18 02:12:57 | 000,000,350 | ---- | M] () -- C:\Windows\Tasks\At22.job
[2011.11.18 02:12:56 | 000,000,350 | ---- | M] () -- C:\Windows\Tasks\At23.job
[2011.11.18 02:12:56 | 000,000,350 | ---- | M] () -- C:\Windows\Tasks\At24.job
[2011.11.18 03:00:52 | 000,000,350 | ---- | M] () -- C:\Windows\Tasks\At3.job
[2011.11.18 03:41:00 | 000,000,350 | ---- | M] () -- C:\Windows\Tasks\At4.job
[2011.11.18 08:19:37 | 000,000,350 | ---- | M] () -- C:\Windows\Tasks\At5.job
[2011.11.18 08:19:37 | 000,000,350 | ---- | M] () -- C:\Windows\Tasks\At6.job
[2011.11.18 08:19:37 | 000,000,350 | ---- | M] () -- C:\Windows\Tasks\At7.job
[2011.11.18 08:19:37 | 000,000,350 | ---- | M] () -- C:\Windows\Tasks\At8.job
[2011.11.18 08:41:00 | 000,000,350 | ---- | M] () -- C:\Windows\Tasks\At9.job
[2011.11.18 19:17:03 | 000,032,534 | ---- | M] () -- C:\Windows\Tasks\SCHEDLGU.TXT
 
========== Purity Check ==========
 
 
 
========== Custom Scans ==========
 
 
< %ALLUSERSPROFILE%\Application Data\*. >
 
< %ALLUSERSPROFILE%\Application Data\*.exe /s >
 
< %APPDATA%\*. >
[2011.02.03 14:19:29 | 000,000,000 | ---D | M] -- C:\Users\Brigitte\AppData\Roaming\Adobe
[2010.04.02 10:38:48 | 000,000,000 | ---D | M] -- C:\Users\Brigitte\AppData\Roaming\AdobeReader
[2009.09.18 19:39:02 | 000,000,000 | ---D | M] -- C:\Users\Brigitte\AppData\Roaming\ATI
[2011.11.17 14:18:50 | 000,000,000 | ---D | M] -- C:\Users\Brigitte\AppData\Roaming\Avira
[2009.09.20 20:18:37 | 000,000,000 | ---D | M] -- C:\Users\Brigitte\AppData\Roaming\CyberLink
[2009.10.02 18:19:31 | 000,000,000 | ---D | M] -- C:\Users\Brigitte\AppData\Roaming\EleFun Games
[2010.08.19 18:53:37 | 000,000,000 | ---D | M] -- C:\Users\Brigitte\AppData\Roaming\FreeAudioPack
[2009.09.18 19:52:16 | 000,000,000 | ---D | M] -- C:\Users\Brigitte\AppData\Roaming\Google
[2009.09.18 20:07:22 | 000,000,000 | ---D | M] -- C:\Users\Brigitte\AppData\Roaming\Identities
[2009.09.18 19:38:23 | 000,000,000 | ---D | M] -- C:\Users\Brigitte\AppData\Roaming\Macromedia
[2011.11.18 12:25:45 | 000,000,000 | ---D | M] -- C:\Users\Brigitte\AppData\Roaming\Malwarebytes
[2006.11.02 13:37:34 | 000,000,000 | ---D | M] -- C:\Users\Brigitte\AppData\Roaming\Media Center Programs
[2011.11.17 14:05:06 | 000,000,000 | --SD | M] -- C:\Users\Brigitte\AppData\Roaming\Microsoft
[2010.01.04 16:17:47 | 000,000,000 | ---D | M] -- C:\Users\Brigitte\AppData\Roaming\Mozilla
[2010.03.23 16:08:14 | 000,000,000 | ---D | M] -- C:\Users\Brigitte\AppData\Roaming\OLYMPUS
[2009.12.27 20:21:38 | 000,000,000 | RH-D | M] -- C:\Users\Brigitte\AppData\Roaming\SecuROM
[2010.01.04 16:17:46 | 000,000,000 | ---D | M] -- C:\Users\Brigitte\AppData\Roaming\Thunderbird
[2011.03.25 18:45:36 | 000,000,000 | ---D | M] -- C:\Users\Brigitte\AppData\Roaming\vlc
[2009.09.18 20:07:22 | 000,000,000 | ---D | M] -- C:\Users\Brigitte\AppData\Roaming\Zylom
 
< %APPDATA%\*.exe /s >
 
< %SYSTEMDRIVE%\*.exe >
 
 
< MD5 for: AGP440.SYS  >
[2008.01.21 03:23:01 | 000,056,376 | ---- | M] (Microsoft Corporation) MD5=13F9E33747E6B41A3FF305C37DB0D360 -- C:\Windows\System32\drivers\AGP440.sys
[2008.01.21 03:23:01 | 000,056,376 | ---- | M] (Microsoft Corporation) MD5=13F9E33747E6B41A3FF305C37DB0D360 -- C:\Windows\System32\DriverStore\FileRepository\machine.inf_51b95d75\AGP440.sys
[2008.01.21 03:23:01 | 000,056,376 | ---- | M] (Microsoft Corporation) MD5=13F9E33747E6B41A3FF305C37DB0D360 -- C:\Windows\System32\DriverStore\FileRepository\machine.inf_f750e484\AGP440.sys
[2008.01.21 03:23:01 | 000,056,376 | ---- | M] (Microsoft Corporation) MD5=13F9E33747E6B41A3FF305C37DB0D360 -- C:\Windows\winsxs\x86_machine.inf_31bf3856ad364e35_6.0.6001.18000_none_ba12ed3bbeb0d97a\AGP440.sys
[2008.01.21 03:23:01 | 000,056,376 | ---- | M] (Microsoft Corporation) MD5=13F9E33747E6B41A3FF305C37DB0D360 -- C:\Windows\winsxs\x86_machine.inf_31bf3856ad364e35_6.0.6002.18005_none_bbfe6647bbd2a4c6\AGP440.sys
[2006.11.02 10:49:52 | 000,053,864 | ---- | M] (Microsoft Corporation) MD5=EF23439CDD587F64C2C1B8825CEAD7D8 -- C:\Windows\System32\DriverStore\FileRepository\machine.inf_920a2c1f\AGP440.sys
 
< MD5 for: ATAPI.SYS  >
[2009.04.11 07:32:26 | 000,019,944 | ---- | M] (Microsoft Corporation) MD5=1F05B78AB91C9075565A9D8A4B880BC4 -- C:\Windows\SoftwareDistribution\Download\15d05090e6f876555f2419af621dda9f\x86_mshdc.inf_31bf3856ad364e35_6.0.6002.18005_none_df23a1261eab99e8\atapi.sys
[2009.04.11 07:32:26 | 000,019,944 | ---- | M] (Microsoft Corporation) MD5=1F05B78AB91C9075565A9D8A4B880BC4 -- C:\Windows\System32\drivers\atapi.sys
[2009.04.11 07:32:26 | 000,019,944 | ---- | M] (Microsoft Corporation) MD5=1F05B78AB91C9075565A9D8A4B880BC4 -- C:\Windows\System32\DriverStore\FileRepository\mshdc.inf_b12d8e84\atapi.sys
[2009.04.11 07:32:26 | 000,019,944 | ---- | M] (Microsoft Corporation) MD5=1F05B78AB91C9075565A9D8A4B880BC4 -- C:\Windows\winsxs\x86_mshdc.inf_31bf3856ad364e35_6.0.6002.18005_none_df23a1261eab99e8\atapi.sys
[2008.01.21 03:23:00 | 000,021,560 | ---- | M] (Microsoft Corporation) MD5=2D9C903DC76A66813D350A562DE40ED9 -- C:\Windows\System32\DriverStore\FileRepository\mshdc.inf_cc18792d\atapi.sys
[2008.01.21 03:23:00 | 000,021,560 | ---- | M] (Microsoft Corporation) MD5=2D9C903DC76A66813D350A562DE40ED9 -- C:\Windows\winsxs\x86_mshdc.inf_31bf3856ad364e35_6.0.6001.18000_none_dd38281a2189ce9c\atapi.sys
[2006.11.02 10:49:36 | 000,019,048 | ---- | M] (Microsoft Corporation) MD5=4F4FCB8B6EA06784FB6D475B7EC7300F -- C:\Windows\System32\DriverStore\FileRepository\mshdc.inf_c6c2e699\atapi.sys
 
< MD5 for: CNGAUDIT.DLL  >
[2006.11.02 10:46:03 | 000,011,776 | ---- | M] (Microsoft Corporation) MD5=7F15B4953378C8B5161D65C26D5FED4D -- C:\Windows\System32\cngaudit.dll
[2006.11.02 10:46:03 | 000,011,776 | ---- | M] (Microsoft Corporation) MD5=7F15B4953378C8B5161D65C26D5FED4D -- C:\Windows\winsxs\x86_microsoft-windows-cngaudit-dll_31bf3856ad364e35_6.0.6000.16386_none_e62d292932a96ce6\cngaudit.dll
 
< MD5 for: IASTORV.SYS  >
[2008.01.21 03:23:23 | 000,235,064 | ---- | M] (Intel Corporation) MD5=54155EA1B0DF185878E0FC9EC3AC3A14 -- C:\Windows\System32\drivers\iaStorV.sys
[2008.01.21 03:23:23 | 000,235,064 | ---- | M] (Intel Corporation) MD5=54155EA1B0DF185878E0FC9EC3AC3A14 -- C:\Windows\System32\DriverStore\FileRepository\iastorv.inf_c9df7691\iaStorV.sys
[2008.01.21 03:23:23 | 000,235,064 | ---- | M] (Intel Corporation) MD5=54155EA1B0DF185878E0FC9EC3AC3A14 -- C:\Windows\winsxs\x86_iastorv.inf_31bf3856ad364e35_6.0.6001.18000_none_af11527887c7fa8f\iaStorV.sys
[2006.11.02 10:51:25 | 000,232,040 | ---- | M] (Intel Corporation) MD5=C957BF4B5D80B46C5017BF0101E6C906 -- C:\Windows\System32\DriverStore\FileRepository\iastorv.inf_37cdafa4\iaStorV.sys
 
< MD5 for: NETLOGON.DLL  >
[2009.04.11 07:28:23 | 000,592,896 | ---- | M] (Microsoft Corporation) MD5=95DAECF0FB120A7B5DA679CC54E37DDE -- C:\Windows\SoftwareDistribution\Download\15d05090e6f876555f2419af621dda9f\x86_microsoft-windows-security-netlogon_31bf3856ad364e35_6.0.6002.18005_none_ffa3304f351bb3a3\netlogon.dll
[2009.04.11 07:28:23 | 000,592,896 | ---- | M] (Microsoft Corporation) MD5=95DAECF0FB120A7B5DA679CC54E37DDE -- C:\Windows\System32\netlogon.dll
[2009.04.11 07:28:23 | 000,592,896 | ---- | M] (Microsoft Corporation) MD5=95DAECF0FB120A7B5DA679CC54E37DDE -- C:\Windows\winsxs\x86_microsoft-windows-security-netlogon_31bf3856ad364e35_6.0.6002.18005_none_ffa3304f351bb3a3\netlogon.dll
[2008.01.21 03:24:05 | 000,592,384 | ---- | M] (Microsoft Corporation) MD5=A8EFC0B6E75B789F7FD3BA5025D4E37F -- C:\Windows\winsxs\x86_microsoft-windows-security-netlogon_31bf3856ad364e35_6.0.6001.18000_none_fdb7b74337f9e857\netlogon.dll
 
< MD5 for: NVSTOR.SYS  >
[2006.11.02 10:50:13 | 000,040,040 | ---- | M] (NVIDIA Corporation) MD5=9E0BA19A28C498A6D323D065DB76DFFC -- C:\Windows\System32\DriverStore\FileRepository\nvraid.inf_733654ff\nvstor.sys
[2008.01.21 03:23:21 | 000,045,112 | ---- | M] (NVIDIA Corporation) MD5=ABED0C09758D1D97DB0042DBB2688177 -- C:\Windows\System32\drivers\nvstor.sys
[2008.01.21 03:23:21 | 000,045,112 | ---- | M] (NVIDIA Corporation) MD5=ABED0C09758D1D97DB0042DBB2688177 -- C:\Windows\System32\DriverStore\FileRepository\nvraid.inf_31c3d71d\nvstor.sys
[2008.01.21 03:23:21 | 000,045,112 | ---- | M] (NVIDIA Corporation) MD5=ABED0C09758D1D97DB0042DBB2688177 -- C:\Windows\winsxs\x86_nvraid.inf_31bf3856ad364e35_6.0.6001.18000_none_39dac327befea467\nvstor.sys
 
< MD5 for: SCECLI.DLL  >
[2008.01.21 03:24:50 | 000,177,152 | ---- | M] (Microsoft Corporation) MD5=28B84EB538F7E8A0FE8B9299D591E0B9 -- C:\Windows\winsxs\x86_microsoft-windows-s..urationengineclient_31bf3856ad364e35_6.0.6001.18000_none_380de25bd91b6f12\scecli.dll
[2009.04.11 07:28:24 | 000,177,152 | ---- | M] (Microsoft Corporation) MD5=8FC182167381E9915651267044105EE1 -- C:\Windows\SoftwareDistribution\Download\15d05090e6f876555f2419af621dda9f\x86_microsoft-windows-s..urationengineclient_31bf3856ad364e35_6.0.6002.18005_none_39f95b67d63d3a5e\scecli.dll
[2009.04.11 07:28:24 | 000,177,152 | ---- | M] (Microsoft Corporation) MD5=8FC182167381E9915651267044105EE1 -- C:\Windows\System32\scecli.dll
[2009.04.11 07:28:24 | 000,177,152 | ---- | M] (Microsoft Corporation) MD5=8FC182167381E9915651267044105EE1 -- C:\Windows\winsxs\x86_microsoft-windows-s..urationengineclient_31bf3856ad364e35_6.0.6002.18005_none_39f95b67d63d3a5e\scecli.dll
 
< MD5 for: USER32.DLL  >
[2009.04.11 07:28:25 | 000,627,712 | ---- | M] (Microsoft Corporation) MD5=75510147B94598407666F4802797C75A -- C:\Windows\SoftwareDistribution\Download\15d05090e6f876555f2419af621dda9f\x86_microsoft-windows-user32_31bf3856ad364e35_6.0.6002.18005_none_cf23e54d6a7e4a7e\user32.dll
[2008.01.21 03:24:21 | 000,627,200 | ---- | M] (Microsoft Corporation) MD5=B974D9F06DC7D1908E825DC201681269 -- C:\Windows\winsxs\x86_microsoft-windows-user32_31bf3856ad364e35_6.0.6001.18000_none_cd386c416d5c7f32\user32.dll
[2009.04.11 07:28:25 | 000,627,712 | ---- | M] (Microsoft Corporation) Unable to obtain MD5 -- C:\Windows\System32\user32.dll
[2009.04.11 07:28:25 | 000,627,712 | ---- | M] (Microsoft Corporation) Unable to obtain MD5 -- C:\Windows\winsxs\x86_microsoft-windows-user32_31bf3856ad364e35_6.0.6002.18005_none_cf23e54d6a7e4a7e\user32.dll
 
< MD5 for: USERINIT.EXE  >
[2008.01.21 03:24:49 | 000,025,088 | ---- | M] (Microsoft Corporation) MD5=0E135526E9785D085BCD9AEDE6FBCBF9 -- C:\Windows\System32\userinit.exe
[2008.01.21 03:24:49 | 000,025,088 | ---- | M] (Microsoft Corporation) MD5=0E135526E9785D085BCD9AEDE6FBCBF9 -- C:\Windows\winsxs\x86_microsoft-windows-userinit_31bf3856ad364e35_6.0.6001.18000_none_dc28ba15d1aff80b\userinit.exe
 
< MD5 for: WININIT.EXE  >
[2008.01.21 03:23:42 | 000,096,768 | ---- | M] (Microsoft Corporation) MD5=101BA3EA053480BB5D957EF37C06B5ED -- C:\Windows\System32\wininit.exe
[2008.01.21 03:23:42 | 000,096,768 | ---- | M] (Microsoft Corporation) MD5=101BA3EA053480BB5D957EF37C06B5ED -- C:\Windows\winsxs\x86_microsoft-windows-wininit_31bf3856ad364e35_6.0.6001.18000_none_30f2b8cf0450a6a2\wininit.exe
 
< MD5 for: WINLOGON.EXE  >
[2009.04.11 07:28:13 | 000,314,368 | ---- | M] (Microsoft Corporation) MD5=898E7C06A350D4A1A64A9EA264D55452 -- C:\Windows\SoftwareDistribution\Download\15d05090e6f876555f2419af621dda9f\x86_microsoft-windows-winlogon_31bf3856ad364e35_6.0.6002.18005_none_71ae7a22d2134741\winlogon.exe
[2009.04.11 07:28:13 | 000,314,368 | ---- | M] (Microsoft Corporation) MD5=898E7C06A350D4A1A64A9EA264D55452 -- C:\Windows\System32\winlogon.exe
[2009.04.11 07:28:13 | 000,314,368 | ---- | M] (Microsoft Corporation) MD5=898E7C06A350D4A1A64A9EA264D55452 -- C:\Windows\winsxs\x86_microsoft-windows-winlogon_31bf3856ad364e35_6.0.6002.18005_none_71ae7a22d2134741\winlogon.exe
[2008.01.21 03:24:49 | 000,314,880 | ---- | M] (Microsoft Corporation) MD5=C2610B6BDBEFC053BBDAB4F1B965CB24 -- C:\Windows\winsxs\x86_microsoft-windows-winlogon_31bf3856ad364e35_6.0.6001.18000_none_6fc30116d4f17bf5\winlogon.exe
 
< MD5 for: WS2IFSL.SYS  >
[2008.01.21 03:24:47 | 000,015,872 | ---- | M] (Microsoft Corporation) MD5=E3A3CB253C0EC2494D4A61F5E43A389C -- C:\Windows\System32\drivers\ws2ifsl.sys
[2008.01.21 03:24:47 | 000,015,872 | ---- | M] (Microsoft Corporation) MD5=E3A3CB253C0EC2494D4A61F5E43A389C -- C:\Windows\winsxs\x86_microsoft-windows-w..rastructure-ws2ifsl_31bf3856ad364e35_6.0.6001.18000_none_4f86a0d4c7cda641\ws2ifsl.sys
 
< %systemroot%\system32\drivers\*.sys /lockedfiles >
 
< %systemroot%\System32\config\*.sav >
[2008.01.21 04:14:18 | 016,846,848 | ---- | M] () -- C:\Windows\System32\config\COMPONENTS.SAV
[2008.01.21 04:14:08 | 000,106,496 | ---- | M] () -- C:\Windows\System32\config\DEFAULT.SAV
[2008.01.21 04:14:18 | 000,020,480 | ---- | M] () -- C:\Windows\System32\config\SECURITY.SAV
[2006.11.02 11:34:08 | 010,133,504 | ---- | M] () -- C:\Windows\System32\config\SOFTWARE.SAV
[2006.11.02 11:34:08 | 001,826,816 | ---- | M] () -- C:\Windows\System32\config\SYSTEM.SAV
 
< %systemroot%\*. /mp /s >
 
< %systemroot%\system32\*.dll /lockedfiles >
 
<           >

< End of report >
--- --- ---
[/QUOTE]

Alt 18.11.2011, 21:20   #10
cosinus
/// Winkelfunktion
/// TB-Süch-Tiger™
 
Gema-Trojaner und weitere Funde - Standard

Gema-Trojaner und weitere Funde


Mach einen OTL-Fix, beende alle evtl. geöffneten Programme, auch Virenscanner deaktivieren (!), starte OTL und kopiere folgenden Text in die "Custom Scan/Fixes" Box (unten in OTL): (das ":OTL" muss mitkopiert werden!!!)

Code:
ATTFilter
:OTL
PRC - [2011.09.27 21:34:02 | 000,894,304 | ---- | M] (Spigot, Inc.) -- C:\Program Files\Common Files\Spigot\Search Settings\SearchSettings.exe
PRC - [2011.09.27 20:08:40 | 000,745,880 | ---- | M] (Spigot, Inc.) -- C:\Program Files\Application Updater\ApplicationUpdater.exe
SRV - [2011.09.27 20:08:40 | 000,745,880 | ---- | M] (Spigot, Inc.) [Auto | Running] -- C:\Program Files\Application Updater\ApplicationUpdater.exe -- (Application Updater)
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,StartPageCache = 1
IE - HKCU\..\URLSearchHook: {01398B87-61AF-4FFB-9AB5-1A1C5FB39A9C} - C:\Program Files\Dealio Toolbar\IE\4.7\dealioToolbarIE.dll (Spigot, Inc.)
O2 - BHO: (Dealio Toolbar) - {01398B87-61AF-4FFB-9AB5-1A1C5FB39A9C} - C:\Program Files\Dealio Toolbar\IE\4.7\dealioToolbarIE.dll (Spigot, Inc.)
O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - No CLSID value found.
O3 - HKLM\..\Toolbar: (Dealio Toolbar) - {01398B87-61AF-4FFB-9AB5-1A1C5FB39A9C} - C:\Program Files\Dealio Toolbar\IE\4.7\dealioToolbarIE.dll (Spigot, Inc.)
O4 - HKLM..\Run: []  File not found
O4 - HKLM..\Run: [SearchSettings] C:\Program Files\Common Files\Spigot\Search Settings\SearchSettings.exe (Spigot, Inc.)
O4 - HKLM..\Run: [StartCCC] MSRun File not found
O20 - Winlogon\Notify\keraipx: DllName - (Reg Error: Value error.) - Reg Error: Value error. File not found
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2006.09.18 22:43:36 | 000,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ]
[2011.11.18 19:18:10 | 000,000,000 | -H-D | C] -- C:\dvmexp
[2011.11.17 19:49:51 | 000,000,000 | ---D | C] -- C:\NBRT
[2011.11.14 18:57:36 | 000,095,744 | ---- | C] (Kassl GmbH) -- C:\Users\Brigitte\AppData\Roaming\dwlGina3.dll
[2011.11.07 19:01:38 | 000,000,000 | ---D | C] -- C:\Program Files\Application Updater
[2011.11.07 19:01:36 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Spigot
[2011.11.07 19:01:36 | 000,000,000 | ---D | C] -- C:\Program Files\Dealio Toolbar
[2011.11.18 19:18:33 | 000,045,056 | ---- | M] () -- C:\Windows\System32\acovcnt.exe
[2011.09.19 19:41:23 | 000,000,224 | ---- | M] () -- C:\Windows\Tasks\1c6bbdb0.job
:Files
C:\Windows\tasks\At*.job
:Commands
[emptytemp]
[resethosts]
Klick dann oben links auf den Button Fix!
Das Logfile müsste geöffnet werden, wenn Du nach dem Fixen auf ok klickst, poste das bitte. Evtl. wird der Rechner neu gestartet.

Die mit diesem Script gefixten Einträge, Dateien und Ordner werden zur Sicherheit nicht vollständig gelöscht, es wird eine Sicherheitskopie auf der Systempartition im Ordner "_OTL" erstellt.

Hinweis: Das obige Script ist nur für diesen einen User in dieser Situtation erstellt worden. Es ist auf keinen anderen Rechner portierbar und darf nicht anderweitig verwandt werden, da es das System nachhaltig schädigen kann!
__________________
Logfiles bitte immer in CODE-Tags posten

Alt 19.11.2011, 00:57   #11
BastianX75
 
Gema-Trojaner und weitere Funde - Standard

Gema-Trojaner und weitere Funde


Neustart wurde durchgeführt. Nun bekomme ich die Fehlermeldung:

Zitat:
Avira In Product Messaging funktioniert nicht mehr

Das Programm wird aufgrund eines Problems nicht richtig ausgeführt. Das Programm wird geschlossen und Sie werden benachrichtigt, wenn eine Lösung verfügbar ist.
Log von OTL:

Code:
ATTFilter
All processes killed
========== OTL ==========
No active process named SearchSettings.exe was found!
Process ApplicationUpdater.exe killed successfully!
Service Application Updater stopped successfully!
Service Application Updater deleted successfully!
C:\Program Files\Application Updater\ApplicationUpdater.exe moved successfully.
HKCU\SOFTWARE\Microsoft\Internet Explorer\Main\\StartPageCache| /E : value set successfully!
Registry value HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\URLSearchHooks\\{01398B87-61AF-4FFB-9AB5-1A1C5FB39A9C} deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{01398B87-61AF-4FFB-9AB5-1A1C5FB39A9C}\ deleted successfully.
C:\Program Files\Dealio Toolbar\IE\4.7\dealioToolbarIE.dll moved successfully.
Registry key HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{01398B87-61AF-4FFB-9AB5-1A1C5FB39A9C}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{01398B87-61AF-4FFB-9AB5-1A1C5FB39A9C}\ not found.
File C:\Program Files\Dealio Toolbar\IE\4.7\dealioToolbarIE.dll not found.
Registry key HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{5C255C8A-E604-49b4-9D64-90988571CECB}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{5C255C8A-E604-49b4-9D64-90988571CECB}\ not found.
Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Toolbar\\{01398B87-61AF-4FFB-9AB5-1A1C5FB39A9C} deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{01398B87-61AF-4FFB-9AB5-1A1C5FB39A9C}\ not found.
File C:\Program Files\Dealio Toolbar\IE\4.7\dealioToolbarIE.dll not found.
Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run\\ deleted successfully.
Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run\\SearchSettings deleted successfully.
C:\Program Files\Common Files\Spigot\Search Settings\SearchSettings.exe moved successfully.
Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run\\StartCCC deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\keraipx\ deleted successfully.
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Cdrom\\AutoRun|DWORD:1 /E : value set successfully!
C:\autoexec.bat moved successfully.
C:\dvmexp folder moved successfully.
C:\NBRT\VirusDef\newdefs-trigger folder moved successfully.
C:\NBRT\VirusDef folder moved successfully.
C:\NBRT folder moved successfully.
C:\Users\Brigitte\AppData\Roaming\dwlGina3.dll moved successfully.
C:\Program Files\Application Updater folder moved successfully.
C:\Program Files\Common Files\Spigot\Search Settings\Res folder moved successfully.
C:\Program Files\Common Files\Spigot\Search Settings\Lang folder moved successfully.
C:\Program Files\Common Files\Spigot\Search Settings folder moved successfully.
C:\Program Files\Common Files\Spigot folder moved successfully.
C:\Program Files\Dealio Toolbar\Res\Lang folder moved successfully.
C:\Program Files\Dealio Toolbar\Res folder moved successfully.
C:\Program Files\Dealio Toolbar\IE\4.7 folder moved successfully.
C:\Program Files\Dealio Toolbar\IE folder moved successfully.
C:\Program Files\Dealio Toolbar folder moved successfully.
C:\Windows\System32\acovcnt.exe moved successfully.
C:\Windows\Tasks\1c6bbdb0.job moved successfully.
========== FILES ==========
C:\Windows\tasks\At1.job moved successfully.
C:\Windows\tasks\At10.job moved successfully.
C:\Windows\tasks\At11.job moved successfully.
C:\Windows\tasks\At12.job moved successfully.
C:\Windows\tasks\At13.job moved successfully.
C:\Windows\tasks\At14.job moved successfully.
C:\Windows\tasks\At15.job moved successfully.
C:\Windows\tasks\At16.job moved successfully.
C:\Windows\tasks\At17.job moved successfully.
C:\Windows\tasks\At18.job moved successfully.
C:\Windows\tasks\At19.job moved successfully.
C:\Windows\tasks\At2.job moved successfully.
C:\Windows\tasks\At20.job moved successfully.
C:\Windows\tasks\At21.job moved successfully.
C:\Windows\tasks\At22.job moved successfully.
C:\Windows\tasks\At23.job moved successfully.
C:\Windows\tasks\At24.job moved successfully.
C:\Windows\tasks\At3.job moved successfully.
C:\Windows\tasks\At4.job moved successfully.
C:\Windows\tasks\At5.job moved successfully.
C:\Windows\tasks\At6.job moved successfully.
C:\Windows\tasks\At7.job moved successfully.
C:\Windows\tasks\At8.job moved successfully.
C:\Windows\tasks\At9.job moved successfully.
========== COMMANDS ==========
 
[EMPTYTEMP]
 
User: All Users
 
User: Brigitte
->Temp folder emptied: 2067556 bytes
->Google Chrome cache emptied: 0 bytes
->Flash cache emptied: 470 bytes
 
User: Default
->Temp folder emptied: 0 bytes
 
User: Default User
->Temp folder emptied: 0 bytes
 
User: Public
 
%systemdrive% .tmp files removed: 0 bytes
%systemroot% .tmp files removed: 0 bytes
%systemroot%\System32 .tmp files removed: 0 bytes
%systemroot%\System32\drivers .tmp files removed: 0 bytes
Windows Temp folder emptied: 16226069 bytes
RecycleBin emptied: 0 bytes
 
Total Files Cleaned = 17,00 mb
 
HOSTS file reset successfully
 
OTL by OldTimer - Version 3.2.31.0 log created on 11192011_005001

Files\Folders moved on Reboot...

Registry entries deleted on Reboot...

Alt 20.11.2011, 12:18   #12
cosinus
/// Winkelfunktion
/// TB-Süch-Tiger™
 
Gema-Trojaner und weitere Funde - Standard

Gema-Trojaner und weitere Funde


Avira ist erstmal nebensächlich. Wichtiger ist sich um die Infektion zu kümmern. Deinstallier das also erstmal komplett, wenn wir durch sind, kann wieder ein Virenscanner rauf. Und nein, es ist nicht gefährlich wenn man vorübergehend ohne Virenscanner ist.

Nach der Deinstallation von Avira bitte mit dem TDSS-Killer weitermachen:

Bitte nun dieses Tool von Kaspersky ausführen und das Log posten => http://www.trojaner-board.de/82358-t...entfernen.html

Das Tool so einstellen wie unten im Bild angegeben - klick auf change parameters und setze die Haken wie im folgenden Screenshot abgebildet,
Dann auf Start Scan klicken und wenn es durch ist auf den Button Report klicken um das Log anzuzeigen. Dieses bitte komplett posten.
Wenn du das Log nicht findest oder den Inhalt kopieren und in dein Posting übertragen kannst, dann schau bitte direkt auf deiner Windows-Systempartition nach, da speichert der TDSS-Killer seine Logs.

Hinweis: Bitte nichts voreilig mit dem TDSS-Killer löschen! Falls Objekte vom TDSS-Killer bemängelt werden, alle mit der Aktion "skip" behandeln und hier nur das Log posten!




Falls du durch die Infektion auf deine Dokumente/Eigenen Dateien nicht zugreifen kannst, Verknüpfungen auf dem Desktop oder im Startmenü unter "alle Programme" fehlen, bitte unhide ausführen:
Downloade dir bitte unhide.exe und speichere diese Datei auf deinem Desktop.
Starte das Tool und es sollten alle Dateien und Ordner wieder sichtbar sein. ( Könnte eine Weile dauern )
Windows-Vista und Windows-7-User müssen das Tool per Rechtsklick als Administrator ausführen!
__________________
Logfiles bitte immer in CODE-Tags posten

Alt 20.11.2011, 12:48   #13
BastianX75
 
Gema-Trojaner und weitere Funde - Standard

Gema-Trojaner und weitere Funde


Hallo,

Avira ist deinstalliert. Hier das Log:

Code:
ATTFilter
12:45:35.0520 0528	TDSS rootkit removing tool 2.6.19.0 Nov 16 2011 12:18:50
12:45:35.0785 0528	============================================================
12:45:35.0785 0528	Current date / time: 2011/11/20 12:45:35.0785
12:45:35.0785 0528	SystemInfo:
12:45:35.0785 0528	
12:45:35.0785 0528	OS Version: 6.0.6002 ServicePack: 2.0
12:45:35.0785 0528	Product type: Workstation
12:45:35.0785 0528	ComputerName: BRIGITTESPC
12:45:35.0785 0528	UserName: Brigitte
12:45:35.0785 0528	Windows directory: C:\Windows
12:45:35.0785 0528	System windows directory: C:\Windows
12:45:35.0785 0528	Processor architecture: Intel x86
12:45:35.0785 0528	Number of processors: 2
12:45:35.0785 0528	Page size: 0x1000
12:45:35.0785 0528	Boot type: Normal boot
12:45:35.0785 0528	============================================================
12:45:37.0221 0528	Initialize success
12:45:56.0097 3624	============================================================
12:45:56.0097 3624	Scan started
12:45:56.0097 3624	Mode: Manual; SigCheck; TDLFS; 
12:45:56.0097 3624	============================================================
12:45:57.0766 3624	ACPI            (82b296ae1892fe3dbee00c9cf92f8ac7) C:\Windows\system32\drivers\acpi.sys
12:45:57.0875 3624	ACPI - ok
12:45:57.0953 3624	adp94xx         (04f0fcac69c7c71a3ac4eb97fafc8303) C:\Windows\system32\drivers\adp94xx.sys
12:45:58.0000 3624	adp94xx - ok
12:45:58.0093 3624	adpahci         (60505e0041f7751bdbb80f88bf45c2ce) C:\Windows\system32\drivers\adpahci.sys
12:45:58.0109 3624	adpahci - ok
12:45:58.0140 3624	adpu160m        (8a42779b02aec986eab64ecfc98f8bd7) C:\Windows\system32\drivers\adpu160m.sys
12:45:58.0156 3624	adpu160m - ok
12:45:58.0203 3624	adpu320         (241c9e37f8ce45ef51c3de27515ca4e5) C:\Windows\system32\drivers\adpu320.sys
12:45:58.0218 3624	adpu320 - ok
12:45:58.0452 3624	AFD             (3911b972b55fea0478476b2e777b29fa) C:\Windows\system32\drivers\afd.sys
12:45:58.0515 3624	AFD - ok
12:45:58.0561 3624	agp440          (13f9e33747e6b41a3ff305c37db0d360) C:\Windows\system32\drivers\agp440.sys
12:45:58.0577 3624	agp440 - ok
12:45:58.0624 3624	aic78xx         (ae1fdf7bf7bb6c6a70f67699d880592a) C:\Windows\system32\drivers\djsvs.sys
12:45:58.0639 3624	aic78xx - ok
12:45:58.0671 3624	aliide          (9eaef5fc9b8e351afa7e78a6fae91f91) C:\Windows\system32\drivers\aliide.sys
12:45:58.0686 3624	aliide - ok
12:45:58.0717 3624	amdagp          (c47344bc706e5f0b9dce369516661578) C:\Windows\system32\drivers\amdagp.sys
12:45:58.0733 3624	amdagp - ok
12:45:58.0749 3624	amdide          (9b78a39a4c173fdbc1321e0dd659b34c) C:\Windows\system32\drivers\amdide.sys
12:45:58.0780 3624	amdide - ok
12:45:58.0811 3624	AmdK7           (18f29b49ad23ecee3d2a826c725c8d48) C:\Windows\system32\drivers\amdk7.sys
12:45:58.0936 3624	AmdK7 - ok
12:45:58.0983 3624	AmdK8           (93ae7f7dd54ab986a6f1a1b37be7442d) C:\Windows\system32\drivers\amdk8.sys
12:45:59.0029 3624	AmdK8 - ok
12:45:59.0107 3624	arc             (5d2888182fb46632511acee92fdad522) C:\Windows\system32\drivers\arc.sys
12:45:59.0123 3624	arc - ok
12:45:59.0232 3624	arcsas          (5e2a321bd7c8b3624e41fdec3e244945) C:\Windows\system32\drivers\arcsas.sys
12:45:59.0248 3624	arcsas - ok
12:45:59.0295 3624	AsDsm           (4385e371c25c94c804e9d3152bd9e1f7) C:\Windows\system32\drivers\AsDsm.sys
12:45:59.0341 3624	AsDsm - ok
12:45:59.0435 3624	ASMMAP          (7b4d08d2017ac06689d422e06c43f0aa) C:\Program Files\ATKGFNEX\ASMMAP.sys
12:45:59.0451 3624	ASMMAP - ok
12:45:59.0544 3624	AsyncMac        (53b202abee6455406254444303e87be1) C:\Windows\system32\DRIVERS\asyncmac.sys
12:45:59.0591 3624	AsyncMac - ok
12:45:59.0638 3624	atapi           (1f05b78ab91c9075565a9d8a4b880bc4) C:\Windows\system32\drivers\atapi.sys
12:45:59.0653 3624	atapi - ok
12:45:59.0763 3624	athr            (600efe56f37adbd65a0fb076b50d1b8d) C:\Windows\system32\DRIVERS\athr.sys
12:45:59.0872 3624	athr - ok
12:46:00.0090 3624	atikmdag        (b6f3e32c0a1c38cd7526265221de192c) C:\Windows\system32\DRIVERS\atikmdag.sys
12:46:00.0293 3624	atikmdag - ok
12:46:00.0433 3624	Beep            (67e506b75bd5326a3ec7b70bd014dfb6) C:\Windows\system32\drivers\Beep.sys
12:46:00.0480 3624	Beep - ok
12:46:00.0574 3624	blbdrive        (d4df28447741fd3d953526e33a617397) C:\Windows\system32\drivers\blbdrive.sys
12:46:00.0621 3624	blbdrive - ok
12:46:00.0699 3624	bowser          (35f376253f687bde63976ccb3f2108ca) C:\Windows\system32\DRIVERS\bowser.sys
12:46:00.0745 3624	bowser - ok
12:46:00.0839 3624	BrFiltLo        (9f9acc7f7ccde8a15c282d3f88b43309) C:\Windows\system32\drivers\brfiltlo.sys
12:46:00.0870 3624	BrFiltLo - ok
12:46:00.0901 3624	BrFiltUp        (56801ad62213a41f6497f96dee83755a) C:\Windows\system32\drivers\brfiltup.sys
12:46:00.0917 3624	BrFiltUp - ok
12:46:00.0948 3624	Brserid         (b304e75cff293029eddf094246747113) C:\Windows\system32\drivers\brserid.sys
12:46:01.0073 3624	Brserid - ok
12:46:01.0213 3624	BrSerWdm        (203f0b1e73adadbbb7b7b1fabd901f6b) C:\Windows\system32\drivers\brserwdm.sys
12:46:01.0260 3624	BrSerWdm - ok
12:46:01.0369 3624	BrUsbMdm        (bd456606156ba17e60a04e18016ae54b) C:\Windows\system32\drivers\brusbmdm.sys
12:46:01.0416 3624	BrUsbMdm - ok
12:46:01.0463 3624	BrUsbSer        (af72ed54503f717a43268b3cc5faec2e) C:\Windows\system32\drivers\brusbser.sys
12:46:01.0510 3624	BrUsbSer - ok
12:46:01.0557 3624	BTHMODEM        (ad07c1ec6665b8b35741ab91200c6b68) C:\Windows\system32\drivers\bthmodem.sys
12:46:01.0619 3624	BTHMODEM - ok
12:46:01.0650 3624	cdfs            (7add03e75beb9e6dd102c3081d29840a) C:\Windows\system32\DRIVERS\cdfs.sys
12:46:01.0681 3624	cdfs - ok
12:46:01.0728 3624	cdrom           (6b4bffb9becd728097024276430db314) C:\Windows\system32\DRIVERS\cdrom.sys
12:46:01.0759 3624	cdrom - ok
12:46:01.0806 3624	circlass        (e5d4133f37219dbcfe102bc61072589d) C:\Windows\system32\drivers\circlass.sys
12:46:01.0822 3624	circlass - ok
12:46:01.0884 3624	CLFS            (d7659d3b5b92c31e84e53c1431f35132) C:\Windows\system32\CLFS.sys
12:46:01.0900 3624	CLFS - ok
12:46:02.0040 3624	CmBatt          (99afc3795b58cc478fbbbcdc658fcb56) C:\Windows\system32\DRIVERS\CmBatt.sys
12:46:02.0071 3624	CmBatt - ok
12:46:02.0087 3624	cmdide          (0ca25e686a4928484e9fdabd168ab629) C:\Windows\system32\drivers\cmdide.sys
12:46:02.0103 3624	cmdide - ok
12:46:02.0118 3624	Compbatt        (6afef0b60fa25de07c0968983ee4f60a) C:\Windows\system32\DRIVERS\compbatt.sys
12:46:02.0134 3624	Compbatt - ok
12:46:02.0165 3624	crcdisk         (741e9dff4f42d2d8477d0fc1dc0df871) C:\Windows\system32\drivers\crcdisk.sys
12:46:02.0181 3624	crcdisk - ok
12:46:02.0212 3624	Crusoe          (1f07becdca750766a96cda811ba86410) C:\Windows\system32\drivers\crusoe.sys
12:46:02.0243 3624	Crusoe - ok
12:46:02.0337 3624	DfsC            (622c41a07ca7e6dd91770f50d532cb6c) C:\Windows\system32\Drivers\dfsc.sys
12:46:02.0368 3624	DfsC - ok
12:46:02.0493 3624	disk            (5d4aefc3386920236a548271f8f1af6a) C:\Windows\system32\drivers\disk.sys
12:46:02.0508 3624	disk - ok
12:46:02.0555 3624	drmkaud         (97fef831ab90bee128c9af390e243f80) C:\Windows\system32\drivers\drmkaud.sys
12:46:02.0571 3624	drmkaud - ok
12:46:02.0633 3624	DXGKrnl         (c68ac676b0ef30cfbb1080adce49eb1f) C:\Windows\System32\drivers\dxgkrnl.sys
12:46:02.0680 3624	DXGKrnl - ok
12:46:02.0773 3624	E1G60           (5425f74ac0c1dbd96a1e04f17d63f94c) C:\Windows\system32\DRIVERS\E1G60I32.sys
12:46:02.0805 3624	E1G60 - ok
12:46:02.0929 3624	Ecache          (7f64ea048dcfac7acf8b4d7b4e6fe371) C:\Windows\system32\drivers\ecache.sys
12:46:02.0945 3624	Ecache - ok
12:46:03.0007 3624	elxstor         (23b62471681a124889978f6295b3f4c6) C:\Windows\system32\drivers\elxstor.sys
12:46:03.0070 3624	elxstor - ok
12:46:03.0163 3624	ErrDev          (3db974f3935483555d7148663f726c61) C:\Windows\system32\drivers\errdev.sys
12:46:03.0210 3624	ErrDev - ok
12:46:03.0273 3624	exfat           (22b408651f9123527bcee54b4f6c5cae) C:\Windows\system32\drivers\exfat.sys
12:46:03.0319 3624	exfat - ok
12:46:03.0413 3624	fastfat         (1e9b9a70d332103c52995e957dc09ef8) C:\Windows\system32\drivers\fastfat.sys
12:46:03.0444 3624	fastfat - ok
12:46:03.0522 3624	fdc             (afe1e8b9782a0dd7fb46bbd88e43f89a) C:\Windows\system32\DRIVERS\fdc.sys
12:46:03.0569 3624	fdc - ok
12:46:03.0663 3624	FileInfo        (a8c0139a884861e3aae9cfe73b208a9f) C:\Windows\system32\drivers\fileinfo.sys
12:46:03.0678 3624	FileInfo - ok
12:46:03.0709 3624	Filetrace       (0ae429a696aecbc5970e3cf2c62635ae) C:\Windows\system32\drivers\filetrace.sys
12:46:03.0756 3624	Filetrace - ok
12:46:03.0772 3624	flpydisk        (85b7cf99d532820495d68d747fda9ebd) C:\Windows\system32\DRIVERS\flpydisk.sys
12:46:03.0803 3624	flpydisk - ok
12:46:03.0850 3624	FltMgr          (01334f9ea68e6877c4ef05d3ea8abb05) C:\Windows\system32\drivers\fltmgr.sys
12:46:03.0865 3624	FltMgr - ok
12:46:03.0959 3624	fssfltr         (17829180deebf703ec7f445ac3abea99) C:\Windows\system32\DRIVERS\fssfltr.sys
12:46:03.0975 3624	fssfltr - ok
12:46:04.0006 3624	Fs_Rec          (65ea8b77b5851854f0c55c43fa51a198) C:\Windows\system32\drivers\Fs_Rec.sys
12:46:04.0021 3624	Fs_Rec - ok
12:46:04.0099 3624	gagp30kx        (34582a6e6573d54a07ece5fe24a126b5) C:\Windows\system32\drivers\gagp30kx.sys
12:46:04.0099 3624	gagp30kx - ok
12:46:04.0411 3624	HdAudAddService (3f90e001369a07243763bd5a523d8722) C:\Windows\system32\drivers\HdAudio.sys
12:46:04.0489 3624	HdAudAddService - ok
12:46:04.0692 3624	HDAudBus        (062452b7ffd68c8c042a6261fe8dff4a) C:\Windows\system32\DRIVERS\HDAudBus.sys
12:46:04.0739 3624	HDAudBus - ok
12:46:04.0770 3624	HidBth          (1338520e78d90154ed6be8f84de5fceb) C:\Windows\system32\drivers\hidbth.sys
12:46:04.0833 3624	HidBth - ok
12:46:04.0864 3624	HidIr           (ff3160c3a2445128c5a6d9b076da519e) C:\Windows\system32\drivers\hidir.sys
12:46:04.0911 3624	HidIr - ok
12:46:05.0020 3624	HidUsb          (cca4b519b17e23a00b826c55716809cc) C:\Windows\system32\DRIVERS\hidusb.sys
12:46:05.0051 3624	HidUsb - ok
12:46:05.0082 3624	HpCISSs         (16ee7b23a009e00d835cdb79574a91a6) C:\Windows\system32\drivers\hpcisss.sys
12:46:05.0098 3624	HpCISSs - ok
12:46:05.0145 3624	HTTP            (f870aa3e254628ebeafe754108d664de) C:\Windows\system32\drivers\HTTP.sys
12:46:05.0223 3624	HTTP - ok
12:46:05.0301 3624	i2omp           (c6b032d69650985468160fc9937cf5b4) C:\Windows\system32\drivers\i2omp.sys
12:46:05.0316 3624	i2omp - ok
12:46:05.0363 3624	i8042prt        (22d56c8184586b7a1f6fa60be5f5a2bd) C:\Windows\system32\DRIVERS\i8042prt.sys
12:46:05.0394 3624	i8042prt - ok
12:46:05.0425 3624	iaStorV         (54155ea1b0df185878e0fc9ec3ac3a14) C:\Windows\system32\drivers\iastorv.sys
12:46:05.0441 3624	iaStorV - ok
12:46:05.0472 3624	iirsp           (2d077bf86e843f901d8db709c95b49a5) C:\Windows\system32\drivers\iirsp.sys
12:46:05.0488 3624	iirsp - ok
12:46:05.0628 3624	IntcAzAudAddService (d9b869a909cc93aec507d4f7dfa24434) C:\Windows\system32\drivers\RTKVHDA.sys
12:46:05.0769 3624	IntcAzAudAddService - ok
12:46:05.0878 3624	intelide        (83aa759f3189e6370c30de5dc5590718) C:\Windows\system32\drivers\intelide.sys
12:46:05.0909 3624	intelide - ok
12:46:05.0940 3624	intelppm        (224191001e78c89dfa78924c3ea595ff) C:\Windows\system32\DRIVERS\intelppm.sys
12:46:05.0971 3624	intelppm - ok
12:46:06.0018 3624	IpFilterDriver  (62c265c38769b864cb25b4bcf62df6c3) C:\Windows\system32\DRIVERS\ipfltdrv.sys
12:46:06.0065 3624	IpFilterDriver - ok
12:46:06.0096 3624	IpInIp - ok
12:46:06.0112 3624	IPMIDRV         (b25aaf203552b7b3491139d582b39ad1) C:\Windows\system32\drivers\ipmidrv.sys
12:46:06.0174 3624	IPMIDRV - ok
12:46:06.0205 3624	IPNAT           (8793643a67b42cec66490b2a0cf92d68) C:\Windows\system32\DRIVERS\ipnat.sys
12:46:06.0252 3624	IPNAT - ok
12:46:06.0283 3624	IRENUM          (109c0dfb82c3632fbd11949b73aeeac9) C:\Windows\system32\drivers\irenum.sys
12:46:06.0330 3624	IRENUM - ok
12:46:06.0361 3624	isapnp          (6c70698a3e5c4376c6ab5c7c17fb0614) C:\Windows\system32\drivers\isapnp.sys
12:46:06.0377 3624	isapnp - ok
12:46:06.0439 3624	iScsiPrt        (232fa340531d940aac623b121a595034) C:\Windows\system32\DRIVERS\msiscsi.sys
12:46:06.0471 3624	iScsiPrt - ok
12:46:06.0502 3624	iteatapi        (bced60d16156e428f8df8cf27b0df150) C:\Windows\system32\drivers\iteatapi.sys
12:46:06.0517 3624	iteatapi - ok
12:46:06.0549 3624	iteraid         (06fa654504a498c30adca8bec4e87e7e) C:\Windows\system32\drivers\iteraid.sys
12:46:06.0580 3624	iteraid - ok
12:46:06.0611 3624	kbdclass        (37605e0a8cf00cbba538e753e4344c6e) C:\Windows\system32\DRIVERS\kbdclass.sys
12:46:06.0627 3624	kbdclass - ok
12:46:06.0658 3624	kbdhid          (18247836959ba67e3511b62846b9c2e0) C:\Windows\system32\drivers\kbdhid.sys
12:46:06.0705 3624	kbdhid - ok
12:46:06.0798 3624	kbfiltr         (27bd4ac228ef6c0d490617c32e86a672) C:\Windows\system32\DRIVERS\kbfiltr.sys
12:46:06.0814 3624	kbfiltr - ok
12:46:06.0861 3624	KSecDD          (86165728af9bf72d6442a894fdfb4f8b) C:\Windows\system32\Drivers\ksecdd.sys
12:46:06.0907 3624	KSecDD - ok
12:46:07.0017 3624	lltdio          (d1c5883087a0c3f1344d9d55a44901f6) C:\Windows\system32\DRIVERS\lltdio.sys
12:46:07.0063 3624	lltdio - ok
12:46:07.0110 3624	LSI_FC          (c7e15e82879bf3235b559563d4185365) C:\Windows\system32\drivers\lsi_fc.sys
12:46:07.0141 3624	LSI_FC - ok
12:46:07.0157 3624	LSI_SAS         (ee01ebae8c9bf0fa072e0ff68718920a) C:\Windows\system32\drivers\lsi_sas.sys
12:46:07.0188 3624	LSI_SAS - ok
12:46:07.0251 3624	LSI_SCSI        (912a04696e9ca30146a62afa1463dd5c) C:\Windows\system32\drivers\lsi_scsi.sys
12:46:07.0282 3624	LSI_SCSI - ok
12:46:07.0313 3624	luafv           (8f5c7426567798e62a3b3614965d62cc) C:\Windows\system32\drivers\luafv.sys
12:46:07.0375 3624	luafv - ok
12:46:07.0422 3624	lullaby         (8039f480c192dd99fed4ebc71ffbf795) C:\Windows\system32\DRIVERS\lullaby.sys
12:46:07.0438 3624	lullaby - ok
12:46:07.0469 3624	MBAMSwissArmy - ok
12:46:07.0594 3624	megasas         (0001ce609d66632fa17b84705f658879) C:\Windows\system32\drivers\megasas.sys
12:46:07.0609 3624	megasas - ok
12:46:07.0687 3624	MegaSR          (c252f32cd9a49dbfc25ecf26ebd51a99) C:\Windows\system32\drivers\megasr.sys
12:46:07.0750 3624	MegaSR - ok
12:46:07.0859 3624	Modem           (e13b5ea0f51ba5b1512ec671393d09ba) C:\Windows\system32\drivers\modem.sys
12:46:07.0906 3624	Modem - ok
12:46:07.0953 3624	monitor         (0a9bb33b56e294f686abb7c1e4e2d8a8) C:\Windows\system32\DRIVERS\monitor.sys
12:46:07.0999 3624	monitor - ok
12:46:08.0031 3624	mouclass        (5bf6a1326a335c5298477754a506d263) C:\Windows\system32\DRIVERS\mouclass.sys
12:46:08.0062 3624	mouclass - ok
12:46:08.0077 3624	mouhid          (93b8d4869e12cfbe663915502900876f) C:\Windows\system32\DRIVERS\mouhid.sys
12:46:08.0124 3624	mouhid - ok
12:46:08.0155 3624	MountMgr        (bdafc88aa6b92f7842416ea6a48e1600) C:\Windows\system32\drivers\mountmgr.sys
12:46:08.0171 3624	MountMgr - ok
12:46:08.0218 3624	mpio            (511d011289755dd9f9a7579fb0b064e6) C:\Windows\system32\drivers\mpio.sys
12:46:08.0233 3624	mpio - ok
12:46:08.0280 3624	mpsdrv          (22241feba9b2defa669c8cb0a8dd7d2e) C:\Windows\system32\drivers\mpsdrv.sys
12:46:08.0311 3624	mpsdrv - ok
12:46:08.0343 3624	Mraid35x        (4fbbb70d30fd20ec51f80061703b001e) C:\Windows\system32\drivers\mraid35x.sys
12:46:08.0358 3624	Mraid35x - ok
12:46:08.0421 3624	MRxDAV          (82cea0395524aacfeb58ba1448e8325c) C:\Windows\system32\drivers\mrxdav.sys
12:46:08.0452 3624	MRxDAV - ok
12:46:08.0514 3624	mrxsmb          (1e94971c4b446ab2290deb71d01cf0c2) C:\Windows\system32\DRIVERS\mrxsmb.sys
12:46:08.0545 3624	mrxsmb - ok
12:46:08.0639 3624	mrxsmb10        (4fccb34d793b116423209c0f8b7a3b03) C:\Windows\system32\DRIVERS\mrxsmb10.sys
12:46:08.0655 3624	mrxsmb10 - ok
12:46:08.0733 3624	mrxsmb20        (c3cb1b40ad4a0124d617a1199b0b9d7c) C:\Windows\system32\DRIVERS\mrxsmb20.sys
12:46:08.0748 3624	mrxsmb20 - ok
12:46:08.0826 3624	msahci          (28023e86f17001f7cd9b15a5bc9ae07d) C:\Windows\system32\drivers\msahci.sys
12:46:08.0842 3624	msahci - ok
12:46:08.0873 3624	msdsm           (4468b0f385a86ecddaf8d3ca662ec0e7) C:\Windows\system32\drivers\msdsm.sys
12:46:08.0904 3624	msdsm - ok
12:46:08.0967 3624	Msfs            (a9927f4a46b816c92f461acb90cf8515) C:\Windows\system32\drivers\Msfs.sys
12:46:09.0013 3624	Msfs - ok
12:46:09.0076 3624	msisadrv        (0f400e306f385c56317357d6dea56f62) C:\Windows\system32\drivers\msisadrv.sys
12:46:09.0091 3624	msisadrv - ok
12:46:09.0154 3624	MSKSSRV         (d8c63d34d9c9e56c059e24ec7185cc07) C:\Windows\system32\drivers\MSKSSRV.sys
12:46:09.0201 3624	MSKSSRV - ok
12:46:09.0216 3624	MSPCLOCK        (1d373c90d62ddb641d50e55b9e78d65e) C:\Windows\system32\drivers\MSPCLOCK.sys
12:46:09.0247 3624	MSPCLOCK - ok
12:46:09.0279 3624	MSPQM           (b572da05bf4e098d4bba3a4734fb505b) C:\Windows\system32\drivers\MSPQM.sys
12:46:09.0310 3624	MSPQM - ok
12:46:09.0341 3624	MsRPC           (b49456d70555de905c311bcda6ec6adb) C:\Windows\system32\drivers\MsRPC.sys
12:46:09.0357 3624	MsRPC - ok
12:46:09.0403 3624	mssmbios        (e384487cb84be41d09711c30ca79646c) C:\Windows\system32\DRIVERS\mssmbios.sys
12:46:09.0403 3624	mssmbios - ok
12:46:09.0435 3624	MSTEE           (7199c1eec1e4993caf96b8c0a26bd58a) C:\Windows\system32\drivers\MSTEE.sys
12:46:09.0466 3624	MSTEE - ok
12:46:09.0497 3624	MTsensor        (97affa9d95ffe20eee6229bc6be166cf) C:\Windows\system32\DRIVERS\ATKACPI.sys
12:46:09.0528 3624	MTsensor - ok
12:46:09.0575 3624	Mup             (6a57b5733d4cb702c8ea4542e836b96c) C:\Windows\system32\Drivers\mup.sys
12:46:09.0575 3624	Mup - ok
12:46:09.0747 3624	NativeWifiP     (85c44fdff9cf7e72a40dcb7ec06a4416) C:\Windows\system32\DRIVERS\nwifi.sys
12:46:09.0762 3624	NativeWifiP - ok
12:46:09.0840 3624	NDIS            (1357274d1883f68300aeadd15d7bbb42) C:\Windows\system32\drivers\ndis.sys
12:46:09.0871 3624	NDIS - ok
12:46:09.0918 3624	NdisTapi        (0e186e90404980569fb449ba7519ae61) C:\Windows\system32\DRIVERS\ndistapi.sys
12:46:09.0949 3624	NdisTapi - ok
12:46:09.0965 3624	Ndisuio         (d6973aa34c4d5d76c0430b181c3cd389) C:\Windows\system32\DRIVERS\ndisuio.sys
12:46:10.0012 3624	Ndisuio - ok
12:46:10.0090 3624	NdisWan         (818f648618ae34f729fdb47ec68345c3) C:\Windows\system32\DRIVERS\ndiswan.sys
12:46:10.0121 3624	NdisWan - ok
12:46:10.0152 3624	NDProxy         (71dab552b41936358f3b541ae5997fb3) C:\Windows\system32\drivers\NDProxy.sys
12:46:10.0183 3624	NDProxy - ok
12:46:10.0215 3624	NetBIOS         (bcd093a5a6777cf626434568dc7dba78) C:\Windows\system32\DRIVERS\netbios.sys
12:46:10.0261 3624	NetBIOS - ok
12:46:10.0293 3624	netbt           (ecd64230a59cbd93c85f1cd1cab9f3f6) C:\Windows\system32\DRIVERS\netbt.sys
12:46:10.0324 3624	netbt - ok
12:46:10.0371 3624	nfrd960         (2e7fb731d4790a1bc6270accefacb36e) C:\Windows\system32\drivers\nfrd960.sys
12:46:10.0386 3624	nfrd960 - ok
12:46:10.0433 3624	Npfs            (d36f239d7cce1931598e8fb90a0dbc26) C:\Windows\system32\drivers\Npfs.sys
12:46:10.0464 3624	Npfs - ok
12:46:10.0480 3624	nsiproxy        (609773e344a97410ce4ebf74a8914fcf) C:\Windows\system32\drivers\nsiproxy.sys
12:46:10.0527 3624	nsiproxy - ok
12:46:10.0589 3624	Ntfs            (6a4a98cee84cf9e99564510dda4baa47) C:\Windows\system32\drivers\Ntfs.sys
12:46:10.0729 3624	Ntfs - ok
12:46:10.0839 3624	ntrigdigi       (e875c093aec0c978a90f30c9e0dfbb72) C:\Windows\system32\drivers\ntrigdigi.sys
12:46:10.0917 3624	ntrigdigi - ok
12:46:10.0963 3624	Null            (c5dbbcda07d780bda9b685df333bb41e) C:\Windows\system32\drivers\Null.sys
12:46:11.0010 3624	Null - ok
12:46:11.0041 3624	nvraid          (2edf9e7751554b42cbb60116de727101) C:\Windows\system32\drivers\nvraid.sys
12:46:11.0073 3624	nvraid - ok
12:46:11.0088 3624	nvstor          (abed0c09758d1d97db0042dbb2688177) C:\Windows\system32\drivers\nvstor.sys
12:46:11.0104 3624	nvstor - ok
12:46:11.0213 3624	nv_agp          (18bbdf913916b71bd54575bdb6eeac0b) C:\Windows\system32\drivers\nv_agp.sys
12:46:11.0229 3624	nv_agp - ok
12:46:11.0229 3624	NwlnkFlt - ok
12:46:11.0260 3624	NwlnkFwd - ok
12:46:11.0307 3624	ohci1394        (790e27c3db53410b40ff9ef2fd10a1d9) C:\Windows\system32\DRIVERS\ohci1394.sys
12:46:11.0338 3624	ohci1394 - ok
12:46:11.0385 3624	Parport         (0fa9b5055484649d63c303fe404e5f4d) C:\Windows\system32\drivers\parport.sys
12:46:11.0431 3624	Parport - ok
12:46:11.0478 3624	partmgr         (57389fa59a36d96b3eb09d0cb91e9cdc) C:\Windows\system32\drivers\partmgr.sys
12:46:11.0494 3624	partmgr - ok
12:46:11.0525 3624	Parvdm          (4f9a6a8a31413180d0fcb279ad5d8112) C:\Windows\system32\drivers\parvdm.sys
12:46:11.0587 3624	Parvdm - ok
12:46:11.0665 3624	pci             (941dc1d19e7e8620f40bbc206981efdb) C:\Windows\system32\drivers\pci.sys
12:46:11.0697 3624	pci - ok
12:46:11.0743 3624	pciide          (1636d43f10416aeb483bc6001097b26c) C:\Windows\system32\drivers\pciide.sys
12:46:11.0759 3624	pciide - ok
12:46:11.0806 3624	pcmcia          (e6f3fb1b86aa519e7698ad05e58b04e5) C:\Windows\system32\drivers\pcmcia.sys
12:46:11.0821 3624	pcmcia - ok
12:46:11.0868 3624	PEAUTH          (6349f6ed9c623b44b52ea3c63c831a92) C:\Windows\system32\drivers\peauth.sys
12:46:11.0962 3624	PEAUTH - ok
12:46:12.0102 3624	PptpMiniport    (ecfffaec0c1ecd8dbc77f39070ea1db1) C:\Windows\system32\DRIVERS\raspptp.sys
12:46:12.0149 3624	PptpMiniport - ok
12:46:12.0180 3624	Processor       (2027293619dd0f047c584cf2e7df4ffd) C:\Windows\system32\drivers\processr.sys
12:46:12.0227 3624	Processor - ok
12:46:12.0321 3624	PSched          (99514faa8df93d34b5589187db3aa0ba) C:\Windows\system32\DRIVERS\pacer.sys
12:46:12.0367 3624	PSched - ok
12:46:12.0477 3624	ql2300          (0a6db55afb7820c99aa1f3a1d270f4f6) C:\Windows\system32\drivers\ql2300.sys
12:46:12.0555 3624	ql2300 - ok
12:46:12.0664 3624	ql40xx          (81a7e5c076e59995d54bc1ed3a16e60b) C:\Windows\system32\drivers\ql40xx.sys
12:46:12.0695 3624	ql40xx - ok
12:46:12.0726 3624	QWAVEdrv        (9f5e0e1926014d17486901c88eca2db7) C:\Windows\system32\drivers\qwavedrv.sys
12:46:12.0789 3624	QWAVEdrv - ok
12:46:12.0820 3624	RasAcd          (147d7f9c556d259924351feb0de606c3) C:\Windows\system32\DRIVERS\rasacd.sys
12:46:12.0867 3624	RasAcd - ok
12:46:12.0913 3624	Rasl2tp         (a214adbaf4cb47dd2728859ef31f26b0) C:\Windows\system32\DRIVERS\rasl2tp.sys
12:46:12.0960 3624	Rasl2tp - ok
12:46:13.0038 3624	RasPppoe        (509a98dd18af4375e1fc40bc175f1def) C:\Windows\system32\DRIVERS\raspppoe.sys
12:46:13.0085 3624	RasPppoe - ok
12:46:13.0163 3624	RasSstp         (2005f4a1e05fa09389ac85840f0a9e4d) C:\Windows\system32\DRIVERS\rassstp.sys
12:46:13.0194 3624	RasSstp - ok
12:46:13.0241 3624	rdbss           (b14c9d5b9add2f84f70570bbbfaa7935) C:\Windows\system32\DRIVERS\rdbss.sys
12:46:13.0288 3624	rdbss - ok
12:46:13.0335 3624	RDPCDD          (89e59be9a564262a3fb6c4f4f1cd9899) C:\Windows\system32\DRIVERS\RDPCDD.sys
12:46:13.0381 3624	RDPCDD - ok
12:46:13.0413 3624	rdpdr           (fbc0bacd9c3d7f6956853f64a66e252d) C:\Windows\system32\drivers\rdpdr.sys
12:46:13.0475 3624	rdpdr - ok
12:46:13.0491 3624	RDPENCDD        (9d91fe5286f748862ecffa05f8a0710c) C:\Windows\system32\drivers\rdpencdd.sys
12:46:13.0522 3624	RDPENCDD - ok
12:46:13.0569 3624	RDPWD           (30bfbdfb7f95559ede971f9ddb9a00ba) C:\Windows\system32\drivers\RDPWD.sys
12:46:13.0584 3624	RDPWD - ok
12:46:13.0631 3624	rspndr          (9c508f4074a39e8b4b31d27198146fad) C:\Windows\system32\DRIVERS\rspndr.sys
12:46:13.0662 3624	rspndr - ok
12:46:13.0678 3624	sbp2port        (3ce8f073a557e172b330109436984e30) C:\Windows\system32\drivers\sbp2port.sys
12:46:13.0693 3624	sbp2port - ok
12:46:13.0818 3624	sdbus           (126ea89bcc413ee45e3004fb0764888f) C:\Windows\system32\DRIVERS\sdbus.sys
12:46:13.0849 3624	sdbus - ok
12:46:13.0881 3624	secdrv          (90a3935d05b494a5a39d37e71f09a677) C:\Windows\system32\drivers\secdrv.sys
12:46:13.0943 3624	secdrv - ok
12:46:13.0974 3624	Serenum         (68e44e331d46f0fb38f0863a84cd1a31) C:\Windows\system32\drivers\serenum.sys
12:46:14.0037 3624	Serenum - ok
12:46:14.0083 3624	Serial          (c70d69a918b178d3c3b06339b40c2e1b) C:\Windows\system32\drivers\serial.sys
12:46:14.0130 3624	Serial - ok
12:46:14.0193 3624	sermouse        (8af3d28a879bf75db53a0ee7a4289624) C:\Windows\system32\drivers\sermouse.sys
12:46:14.0208 3624	sermouse - ok
12:46:14.0255 3624	sffdisk         (3efa810bdca87f6ecc24f9832243fe86) C:\Windows\system32\drivers\sffdisk.sys
12:46:14.0271 3624	sffdisk - ok
12:46:14.0302 3624	sffp_mmc        (e95d451f7ea3e583aec75f3b3ee42dc5) C:\Windows\system32\drivers\sffp_mmc.sys
12:46:14.0333 3624	sffp_mmc - ok
12:46:14.0395 3624	sffp_sd         (3d0ea348784b7ac9ea9bd9f317980979) C:\Windows\system32\drivers\sffp_sd.sys
12:46:14.0427 3624	sffp_sd - ok
12:46:14.0489 3624	sfloppy         (c33bfbd6e9e41fcd9ffef9729e9faed6) C:\Windows\system32\DRIVERS\sfloppy.sys
12:46:14.0520 3624	sfloppy - ok
12:46:14.0551 3624	sisagp          (1d76624a09a054f682d746b924e2dbc3) C:\Windows\system32\drivers\sisagp.sys
12:46:14.0567 3624	sisagp - ok
12:46:14.0614 3624	SiSGbeLH        (f7da61bd62a16510227656c3477e2b52) C:\Windows\system32\DRIVERS\SiSGB6.sys
12:46:14.0629 3624	SiSGbeLH - ok
12:46:14.0739 3624	SiSRaid2        (43cb7aa756c7db280d01da9b676cfde2) C:\Windows\system32\drivers\sisraid2.sys
12:46:14.0754 3624	SiSRaid2 - ok
12:46:14.0785 3624	SiSRaid4        (a99c6c8b0baa970d8aa59ddc50b57f94) C:\Windows\system32\drivers\sisraid4.sys
12:46:14.0801 3624	SiSRaid4 - ok
12:46:14.0863 3624	Smb             (7b75299a4d201d6a6533603d6914ab04) C:\Windows\system32\DRIVERS\smb.sys
12:46:14.0895 3624	Smb - ok
12:46:15.0004 3624	smserial        (c8a58fc905c9184fa70e37f71060c64d) C:\Windows\system32\DRIVERS\smserial.sys
12:46:15.0175 3624	smserial - ok
12:46:15.0363 3624	SNP2UVC         (060f51141b20b8156804446a04ab8b2a) C:\Windows\system32\DRIVERS\snp2uvc.sys
12:46:15.0456 3624	SNP2UVC - ok
12:46:15.0550 3624	spldr           (7aebdeef071fe28b0eef2cdd69102bff) C:\Windows\system32\drivers\spldr.sys
12:46:15.0581 3624	spldr - ok
12:46:15.0643 3624	srv             (41987f9fc0e61adf54f581e15029ad91) C:\Windows\system32\DRIVERS\srv.sys
12:46:15.0690 3624	srv - ok
12:46:15.0799 3624	srv2            (ff33aff99564b1aa534f58868cbe41ef) C:\Windows\system32\DRIVERS\srv2.sys
12:46:15.0846 3624	srv2 - ok
12:46:15.0862 3624	srvnet          (7605c0e1d01a08f3ecd743f38b834a44) C:\Windows\system32\DRIVERS\srvnet.sys
12:46:15.0909 3624	srvnet - ok
12:46:15.0971 3624	swenum          (7ba58ecf0c0a9a69d44b3dca62becf56) C:\Windows\system32\DRIVERS\swenum.sys
12:46:16.0002 3624	swenum - ok
12:46:16.0049 3624	Symc8xx         (192aa3ac01df071b541094f251deed10) C:\Windows\system32\drivers\symc8xx.sys
12:46:16.0080 3624	Symc8xx - ok
12:46:16.0143 3624	Sym_hi          (8c8eb8c76736ebaf3b13b633b2e64125) C:\Windows\system32\drivers\sym_hi.sys
12:46:16.0158 3624	Sym_hi - ok
12:46:16.0221 3624	Sym_u3          (8072af52b5fd103bbba387a1e49f62cb) C:\Windows\system32\drivers\sym_u3.sys
12:46:16.0252 3624	Sym_u3 - ok
12:46:16.0361 3624	SynTP           (55f6e55cc2430ca8713387106fa79817) C:\Windows\system32\DRIVERS\SynTP.sys
12:46:16.0392 3624	SynTP - ok
12:46:16.0486 3624	Tcpip           (814a1c66fbd4e1b310a517221f1456bf) C:\Windows\system32\drivers\tcpip.sys
12:46:16.0564 3624	Tcpip - ok
12:46:16.0642 3624	Tcpip6          (814a1c66fbd4e1b310a517221f1456bf) C:\Windows\system32\DRIVERS\tcpip.sys
12:46:16.0704 3624	Tcpip6 - ok
12:46:16.0782 3624	tcpipreg        (608c345a255d82a6289c2d468eb41fd7) C:\Windows\system32\drivers\tcpipreg.sys
12:46:16.0829 3624	tcpipreg - ok
12:46:16.0891 3624	TDPIPE          (5dcf5e267be67a1ae926f2df77fbcc56) C:\Windows\system32\drivers\tdpipe.sys
12:46:16.0954 3624	TDPIPE - ok
12:46:16.0969 3624	TDTCP           (389c63e32b3cefed425b61ed92d3f021) C:\Windows\system32\drivers\tdtcp.sys
12:46:17.0016 3624	TDTCP - ok
12:46:17.0047 3624	tdx             (76b06eb8a01fc8624d699e7045303e54) C:\Windows\system32\DRIVERS\tdx.sys
12:46:17.0063 3624	tdx - ok
12:46:17.0110 3624	TermDD          (3cad38910468eab9a6479e2f01db43c7) C:\Windows\system32\DRIVERS\termdd.sys
12:46:17.0125 3624	TermDD - ok
12:46:17.0188 3624	tssecsrv        (dcf0f056a2e4f52287264f5ab29cf206) C:\Windows\system32\DRIVERS\tssecsrv.sys
12:46:17.0219 3624	tssecsrv - ok
12:46:17.0250 3624	tunmp           (caecc0120ac49e3d2f758b9169872d38) C:\Windows\system32\DRIVERS\tunmp.sys
12:46:17.0281 3624	tunmp - ok
12:46:17.0313 3624	tunnel          (300db877ac094feab0be7688c3454a9c) C:\Windows\system32\DRIVERS\tunnel.sys
12:46:17.0344 3624	tunnel - ok
12:46:17.0391 3624	uagp35          (7d33c4db2ce363c8518d2dfcf533941f) C:\Windows\system32\drivers\uagp35.sys
12:46:17.0406 3624	uagp35 - ok
12:46:17.0453 3624	udfs            (d9728af68c4c7693cb100b8441cbdec6) C:\Windows\system32\DRIVERS\udfs.sys
12:46:17.0484 3624	udfs - ok
12:46:17.0531 3624	uliagpkx        (b0acfdc9e4af279e9116c03e014b2b27) C:\Windows\system32\drivers\uliagpkx.sys
12:46:17.0547 3624	uliagpkx - ok
12:46:17.0625 3624	uliahci         (9224bb254f591de4ca8d572a5f0d635c) C:\Windows\system32\drivers\uliahci.sys
12:46:17.0656 3624	uliahci - ok
12:46:17.0671 3624	UlSata          (8514d0e5cd0534467c5fc61be94a569f) C:\Windows\system32\drivers\ulsata.sys
12:46:17.0703 3624	UlSata - ok
12:46:17.0718 3624	ulsata2         (38c3c6e62b157a6bc46594fada45c62b) C:\Windows\system32\drivers\ulsata2.sys
12:46:17.0734 3624	ulsata2 - ok
12:46:17.0765 3624	umbus           (32cff9f809ae9aed85464492bf3e32d2) C:\Windows\system32\DRIVERS\umbus.sys
12:46:17.0812 3624	umbus - ok
12:46:17.0921 3624	usbccgp         (caf811ae4c147ffcd5b51750c7f09142) C:\Windows\system32\DRIVERS\usbccgp.sys
12:46:17.0968 3624	usbccgp - ok
12:46:18.0015 3624	usbcir          (e9476e6c486e76bc4898074768fb7131) C:\Windows\system32\drivers\usbcir.sys
12:46:18.0077 3624	usbcir - ok
12:46:18.0124 3624	usbehci         (79e96c23a97ce7b8f14d310da2db0c9b) C:\Windows\system32\DRIVERS\usbehci.sys
12:46:18.0171 3624	usbehci - ok
12:46:18.0217 3624	usbhub          (4673bbcb006af60e7abddbe7a130ba42) C:\Windows\system32\DRIVERS\usbhub.sys
12:46:18.0264 3624	usbhub - ok
12:46:18.0280 3624	usbohci         (ce697fee0d479290d89bec80dfe793b7) C:\Windows\system32\DRIVERS\usbohci.sys
12:46:18.0311 3624	usbohci - ok
12:46:18.0342 3624	usbprint        (b51e52acf758be00ef3a58ea452fe360) C:\Windows\system32\drivers\usbprint.sys
12:46:18.0420 3624	usbprint - ok
12:46:18.0451 3624	USBSTOR         (be3da31c191bc222d9ad503c5224f2ad) C:\Windows\system32\DRIVERS\USBSTOR.SYS
12:46:18.0483 3624	USBSTOR - ok
12:46:18.0514 3624	usbuhci         (814d653efc4d48be3b04a307eceff56f) C:\Windows\system32\DRIVERS\usbuhci.sys
12:46:18.0529 3624	usbuhci - ok
12:46:18.0623 3624	usbvideo        (e67998e8f14cb0627a769f6530bcb352) C:\Windows\system32\Drivers\usbvideo.sys
12:46:18.0654 3624	usbvideo - ok
12:46:18.0685 3624	vga             (87b06e1f30b749a114f74622d013f8d4) C:\Windows\system32\DRIVERS\vgapnp.sys
12:46:18.0717 3624	vga - ok
12:46:18.0732 3624	VgaSave         (2e93ac0a1d8c79d019db6c51f036636c) C:\Windows\System32\drivers\vga.sys
12:46:18.0763 3624	VgaSave - ok
12:46:18.0841 3624	viaagp          (5d7159def58a800d5781ba3a879627bc) C:\Windows\system32\drivers\viaagp.sys
12:46:18.0857 3624	viaagp - ok
12:46:18.0888 3624	ViaC7           (c4f3a691b5bad343e6249bd8c2d45dee) C:\Windows\system32\drivers\viac7.sys
12:46:18.0919 3624	ViaC7 - ok
12:46:18.0997 3624	viaide          (aadf5587a4063f52c2c3fed7887426fc) C:\Windows\system32\drivers\viaide.sys
12:46:19.0013 3624	viaide - ok
12:46:19.0044 3624	volmgr          (69503668ac66c77c6cd7af86fbdf8c43) C:\Windows\system32\drivers\volmgr.sys
12:46:19.0060 3624	volmgr - ok
12:46:19.0107 3624	volmgrx         (23e41b834759917bfd6b9a0d625d0c28) C:\Windows\system32\drivers\volmgrx.sys
12:46:19.0122 3624	volmgrx - ok
12:46:19.0185 3624	volsnap         (147281c01fcb1df9252de2a10d5e7093) C:\Windows\system32\drivers\volsnap.sys
12:46:19.0216 3624	volsnap - ok
12:46:19.0231 3624	vsmraid         (587253e09325e6bf226b299774b728a9) C:\Windows\system32\drivers\vsmraid.sys
12:46:19.0263 3624	vsmraid - ok
12:46:19.0341 3624	WacomPen        (48dfee8f1af7c8235d4e626f0c4fe031) C:\Windows\system32\drivers\wacompen.sys
12:46:19.0403 3624	WacomPen - ok
12:46:19.0434 3624	Wanarp          (55201897378cca7af8b5efd874374a26) C:\Windows\system32\DRIVERS\wanarp.sys
12:46:19.0465 3624	Wanarp - ok
12:46:19.0497 3624	Wanarpv6        (55201897378cca7af8b5efd874374a26) C:\Windows\system32\DRIVERS\wanarp.sys
12:46:19.0528 3624	Wanarpv6 - ok
12:46:19.0606 3624	Wd              (78fe9542363f297b18c027b2d7e7c07f) C:\Windows\system32\drivers\wd.sys
12:46:19.0637 3624	Wd - ok
12:46:19.0684 3624	Wdf01000        (b6f0a7ad6d4bd325fbcd8bac96cd8d96) C:\Windows\system32\drivers\Wdf01000.sys
12:46:19.0746 3624	Wdf01000 - ok
12:46:19.0933 3624	WmiAcpi         (2e7255d172df0b8283cdfb7b433b864e) C:\Windows\system32\DRIVERS\wmiacpi.sys
12:46:19.0980 3624	WmiAcpi - ok
12:46:20.0043 3624	WpdUsb          (de9d36f91a4df3d911626643debf11ea) C:\Windows\system32\DRIVERS\wpdusb.sys
12:46:20.0089 3624	WpdUsb - ok
12:46:20.0199 3624	ws2ifsl         (e3a3cb253c0ec2494d4a61f5e43a389c) C:\Windows\system32\drivers\ws2ifsl.sys
12:46:20.0245 3624	ws2ifsl - ok
12:46:20.0292 3624	WUDFRd          (ac13cb789d93412106b0fb6c7eb2bcb6) C:\Windows\system32\DRIVERS\WUDFRd.sys
12:46:20.0339 3624	WUDFRd - ok
12:46:20.0495 3624	yukonwlh        (7d1f3b131d503ef43ee594b5a2b9b427) C:\Windows\system32\DRIVERS\yk60x86.sys
12:46:20.0604 3624	yukonwlh - ok
12:46:20.0620 3624	MBR (0x1B8)     (64b1e91c5c6c2157642651010728f90f) \Device\Harddisk0\DR0
12:46:20.0682 3624	\Device\Harddisk0\DR0 ( TDSS File System ) - warning
12:46:20.0682 3624	\Device\Harddisk0\DR0 - detected TDSS File System (1)
12:46:20.0682 3624	Boot (0x1200)   (47f05db3e583f2e14c557b175fc0e758) \Device\Harddisk0\DR0\Partition0
12:46:20.0682 3624	\Device\Harddisk0\DR0\Partition0 - ok
12:46:20.0713 3624	Boot (0x1200)   (028934841232509797acb27ff1ec47b3) \Device\Harddisk0\DR0\Partition1
12:46:20.0713 3624	\Device\Harddisk0\DR0\Partition1 - ok
12:46:20.0713 3624	============================================================
12:46:20.0713 3624	Scan finished
12:46:20.0713 3624	============================================================
12:46:20.0729 3020	Detected object count: 1
12:46:20.0729 3020	Actual detected object count: 1
12:46:44.0503 3020	\Device\Harddisk0\DR0 ( TDSS File System ) - skipped by user
12:46:44.0503 3020	\Device\Harddisk0\DR0 ( TDSS File System ) - User select action: Skip

Alt 20.11.2011, 13:07   #14
cosinus
/// Winkelfunktion
/// TB-Süch-Tiger™
 
Gema-Trojaner und weitere Funde - Standard

Gema-Trojaner und weitere Funde


Zitat:
12:46:44.0503 3020 \Device\Harddisk0\DR0 ( TDSS File System ) - skipped by user
12:46:44.0503 3020 \Device\Harddisk0\DR0 ( TDSS File System ) - User select action: Skip
Das TDSS File System mit dem TDSS-Killer unbedingt löschen.
Es folgt ein Windows-Neustart, mach danach ein neues Log mit dem TDSS-Killer und poste es.
__________________
Logfiles bitte immer in CODE-Tags posten

Alt 20.11.2011, 13:24   #15
BastianX75
 
Gema-Trojaner und weitere Funde - Standard

Gema-Trojaner und weitere Funde


Das Skip hatte ich gemacht, weil es in deinem Post so drin stand.

Neustart erfolgte nicht automatisch. Habe ich dann von Hand gemacht.

Neuer Log:

Code:
ATTFilter
13:20:22.0589 2640	TDSS rootkit removing tool 2.6.19.0 Nov 16 2011 12:18:50
13:20:23.0119 2640	============================================================
13:20:23.0119 2640	Current date / time: 2011/11/20 13:20:23.0119
13:20:23.0119 2640	SystemInfo:
13:20:23.0119 2640	
13:20:23.0119 2640	OS Version: 6.0.6002 ServicePack: 2.0
13:20:23.0119 2640	Product type: Workstation
13:20:23.0119 2640	ComputerName: BRIGITTESPC
13:20:23.0119 2640	UserName: Brigitte
13:20:23.0119 2640	Windows directory: C:\Windows
13:20:23.0119 2640	System windows directory: C:\Windows
13:20:23.0119 2640	Processor architecture: Intel x86
13:20:23.0119 2640	Number of processors: 2
13:20:23.0119 2640	Page size: 0x1000
13:20:23.0119 2640	Boot type: Normal boot
13:20:23.0119 2640	============================================================
13:20:29.0344 2640	Initialize success
13:20:54.0584 2724	============================================================
13:20:54.0584 2724	Scan started
13:20:54.0584 2724	Mode: Manual; SigCheck; TDLFS; 
13:20:54.0584 2724	============================================================
13:20:55.0146 2724	ACPI            (82b296ae1892fe3dbee00c9cf92f8ac7) C:\Windows\system32\drivers\acpi.sys
13:20:55.0318 2724	ACPI - ok
13:20:55.0489 2724	adp94xx         (04f0fcac69c7c71a3ac4eb97fafc8303) C:\Windows\system32\drivers\adp94xx.sys
13:20:55.0520 2724	adp94xx - ok
13:20:55.0676 2724	adpahci         (60505e0041f7751bdbb80f88bf45c2ce) C:\Windows\system32\drivers\adpahci.sys
13:20:55.0692 2724	adpahci - ok
13:20:55.0801 2724	adpu160m        (8a42779b02aec986eab64ecfc98f8bd7) C:\Windows\system32\drivers\adpu160m.sys
13:20:55.0817 2724	adpu160m - ok
13:20:55.0957 2724	adpu320         (241c9e37f8ce45ef51c3de27515ca4e5) C:\Windows\system32\drivers\adpu320.sys
13:20:55.0973 2724	adpu320 - ok
13:20:56.0191 2724	AFD             (3911b972b55fea0478476b2e777b29fa) C:\Windows\system32\drivers\afd.sys
13:20:56.0238 2724	AFD - ok
13:20:56.0363 2724	agp440          (13f9e33747e6b41a3ff305c37db0d360) C:\Windows\system32\drivers\agp440.sys
13:20:56.0378 2724	agp440 - ok
13:20:56.0488 2724	aic78xx         (ae1fdf7bf7bb6c6a70f67699d880592a) C:\Windows\system32\drivers\djsvs.sys
13:20:56.0503 2724	aic78xx - ok
13:20:56.0597 2724	aliide          (9eaef5fc9b8e351afa7e78a6fae91f91) C:\Windows\system32\drivers\aliide.sys
13:20:56.0628 2724	aliide - ok
13:20:56.0737 2724	amdagp          (c47344bc706e5f0b9dce369516661578) C:\Windows\system32\drivers\amdagp.sys
13:20:56.0753 2724	amdagp - ok
13:20:56.0846 2724	amdide          (9b78a39a4c173fdbc1321e0dd659b34c) C:\Windows\system32\drivers\amdide.sys
13:20:56.0862 2724	amdide - ok
13:20:56.0956 2724	AmdK7           (18f29b49ad23ecee3d2a826c725c8d48) C:\Windows\system32\drivers\amdk7.sys
13:20:57.0018 2724	AmdK7 - ok
13:20:57.0174 2724	AmdK8           (93ae7f7dd54ab986a6f1a1b37be7442d) C:\Windows\system32\drivers\amdk8.sys
13:20:57.0236 2724	AmdK8 - ok
13:20:57.0424 2724	arc             (5d2888182fb46632511acee92fdad522) C:\Windows\system32\drivers\arc.sys
13:20:57.0439 2724	arc - ok
13:20:57.0611 2724	arcsas          (5e2a321bd7c8b3624e41fdec3e244945) C:\Windows\system32\drivers\arcsas.sys
13:20:57.0642 2724	arcsas - ok
13:20:57.0829 2724	AsDsm           (4385e371c25c94c804e9d3152bd9e1f7) C:\Windows\system32\drivers\AsDsm.sys
13:20:57.0892 2724	AsDsm - ok
13:20:57.0985 2724	ASMMAP          (7b4d08d2017ac06689d422e06c43f0aa) C:\Program Files\ATKGFNEX\ASMMAP.sys
13:20:57.0985 2724	ASMMAP - ok
13:20:58.0079 2724	AsyncMac        (53b202abee6455406254444303e87be1) C:\Windows\system32\DRIVERS\asyncmac.sys
13:20:58.0141 2724	AsyncMac - ok
13:20:58.0297 2724	atapi           (1f05b78ab91c9075565a9d8a4b880bc4) C:\Windows\system32\drivers\atapi.sys
13:20:58.0313 2724	atapi - ok
13:20:58.0547 2724	athr            (600efe56f37adbd65a0fb076b50d1b8d) C:\Windows\system32\DRIVERS\athr.sys
13:20:58.0609 2724	athr - ok
13:20:58.0890 2724	atikmdag        (b6f3e32c0a1c38cd7526265221de192c) C:\Windows\system32\DRIVERS\atikmdag.sys
13:20:59.0046 2724	atikmdag - ok
13:20:59.0311 2724	Beep            (67e506b75bd5326a3ec7b70bd014dfb6) C:\Windows\system32\drivers\Beep.sys
13:20:59.0374 2724	Beep - ok
13:20:59.0498 2724	blbdrive        (d4df28447741fd3d953526e33a617397) C:\Windows\system32\drivers\blbdrive.sys
13:20:59.0561 2724	blbdrive - ok
13:20:59.0686 2724	bowser          (35f376253f687bde63976ccb3f2108ca) C:\Windows\system32\DRIVERS\bowser.sys
13:20:59.0717 2724	bowser - ok
13:20:59.0842 2724	BrFiltLo        (9f9acc7f7ccde8a15c282d3f88b43309) C:\Windows\system32\drivers\brfiltlo.sys
13:20:59.0873 2724	BrFiltLo - ok
13:20:59.0920 2724	BrFiltUp        (56801ad62213a41f6497f96dee83755a) C:\Windows\system32\drivers\brfiltup.sys
13:20:59.0951 2724	BrFiltUp - ok
13:21:00.0138 2724	Brserid         (b304e75cff293029eddf094246747113) C:\Windows\system32\drivers\brserid.sys
13:21:00.0216 2724	Brserid - ok
13:21:00.0372 2724	BrSerWdm        (203f0b1e73adadbbb7b7b1fabd901f6b) C:\Windows\system32\drivers\brserwdm.sys
13:21:00.0466 2724	BrSerWdm - ok
13:21:00.0824 2724	BrUsbMdm        (bd456606156ba17e60a04e18016ae54b) C:\Windows\system32\drivers\brusbmdm.sys
13:21:00.0902 2724	BrUsbMdm - ok
13:21:01.0121 2724	BrUsbSer        (af72ed54503f717a43268b3cc5faec2e) C:\Windows\system32\drivers\brusbser.sys
13:21:01.0214 2724	BrUsbSer - ok
13:21:01.0511 2724	BTHMODEM        (ad07c1ec6665b8b35741ab91200c6b68) C:\Windows\system32\drivers\bthmodem.sys
13:21:01.0604 2724	BTHMODEM - ok
13:21:01.0745 2724	cdfs            (7add03e75beb9e6dd102c3081d29840a) C:\Windows\system32\DRIVERS\cdfs.sys
13:21:01.0807 2724	cdfs - ok
13:21:01.0994 2724	cdrom           (6b4bffb9becd728097024276430db314) C:\Windows\system32\DRIVERS\cdrom.sys
13:21:02.0041 2724	cdrom - ok
13:21:02.0275 2724	circlass        (e5d4133f37219dbcfe102bc61072589d) C:\Windows\system32\drivers\circlass.sys
13:21:02.0338 2724	circlass - ok
13:21:02.0618 2724	CLFS            (d7659d3b5b92c31e84e53c1431f35132) C:\Windows\system32\CLFS.sys
13:21:02.0681 2724	CLFS - ok
13:21:02.0821 2724	CmBatt          (99afc3795b58cc478fbbbcdc658fcb56) C:\Windows\system32\DRIVERS\CmBatt.sys
13:21:02.0868 2724	CmBatt - ok
13:21:02.0899 2724	cmdide          (0ca25e686a4928484e9fdabd168ab629) C:\Windows\system32\drivers\cmdide.sys
13:21:02.0915 2724	cmdide - ok
13:21:02.0946 2724	Compbatt        (6afef0b60fa25de07c0968983ee4f60a) C:\Windows\system32\DRIVERS\compbatt.sys
13:21:02.0962 2724	Compbatt - ok
13:21:02.0993 2724	crcdisk         (741e9dff4f42d2d8477d0fc1dc0df871) C:\Windows\system32\drivers\crcdisk.sys
13:21:03.0008 2724	crcdisk - ok
13:21:03.0024 2724	Crusoe          (1f07becdca750766a96cda811ba86410) C:\Windows\system32\drivers\crusoe.sys
13:21:03.0086 2724	Crusoe - ok
13:21:03.0211 2724	DfsC            (622c41a07ca7e6dd91770f50d532cb6c) C:\Windows\system32\Drivers\dfsc.sys
13:21:03.0242 2724	DfsC - ok
13:21:03.0414 2724	disk            (5d4aefc3386920236a548271f8f1af6a) C:\Windows\system32\drivers\disk.sys
13:21:03.0430 2724	disk - ok
13:21:03.0492 2724	drmkaud         (97fef831ab90bee128c9af390e243f80) C:\Windows\system32\drivers\drmkaud.sys
13:21:03.0508 2724	drmkaud - ok
13:21:03.0570 2724	DXGKrnl         (c68ac676b0ef30cfbb1080adce49eb1f) C:\Windows\System32\drivers\dxgkrnl.sys
13:21:03.0617 2724	DXGKrnl - ok
13:21:03.0742 2724	E1G60           (5425f74ac0c1dbd96a1e04f17d63f94c) C:\Windows\system32\DRIVERS\E1G60I32.sys
13:21:03.0773 2724	E1G60 - ok
13:21:03.0913 2724	Ecache          (7f64ea048dcfac7acf8b4d7b4e6fe371) C:\Windows\system32\drivers\ecache.sys
13:21:03.0944 2724	Ecache - ok
13:21:04.0147 2724	elxstor         (23b62471681a124889978f6295b3f4c6) C:\Windows\system32\drivers\elxstor.sys
13:21:04.0178 2724	elxstor - ok
13:21:04.0334 2724	ErrDev          (3db974f3935483555d7148663f726c61) C:\Windows\system32\drivers\errdev.sys
13:21:04.0381 2724	ErrDev - ok
13:21:04.0490 2724	exfat           (22b408651f9123527bcee54b4f6c5cae) C:\Windows\system32\drivers\exfat.sys
13:21:04.0568 2724	exfat - ok
13:21:04.0802 2724	fastfat         (1e9b9a70d332103c52995e957dc09ef8) C:\Windows\system32\drivers\fastfat.sys
13:21:04.0849 2724	fastfat - ok
13:21:04.0974 2724	fdc             (afe1e8b9782a0dd7fb46bbd88e43f89a) C:\Windows\system32\DRIVERS\fdc.sys
13:21:05.0021 2724	fdc - ok
13:21:05.0114 2724	FileInfo        (a8c0139a884861e3aae9cfe73b208a9f) C:\Windows\system32\drivers\fileinfo.sys
13:21:05.0130 2724	FileInfo - ok
13:21:05.0255 2724	Filetrace       (0ae429a696aecbc5970e3cf2c62635ae) C:\Windows\system32\drivers\filetrace.sys
13:21:05.0317 2724	Filetrace - ok
13:21:05.0442 2724	flpydisk        (85b7cf99d532820495d68d747fda9ebd) C:\Windows\system32\DRIVERS\flpydisk.sys
13:21:05.0504 2724	flpydisk - ok
13:21:05.0770 2724	FltMgr          (01334f9ea68e6877c4ef05d3ea8abb05) C:\Windows\system32\drivers\fltmgr.sys
13:21:05.0801 2724	FltMgr - ok
13:21:05.0972 2724	fssfltr         (17829180deebf703ec7f445ac3abea99) C:\Windows\system32\DRIVERS\fssfltr.sys
13:21:05.0988 2724	fssfltr - ok
13:21:06.0160 2724	Fs_Rec          (65ea8b77b5851854f0c55c43fa51a198) C:\Windows\system32\drivers\Fs_Rec.sys
13:21:06.0206 2724	Fs_Rec - ok
13:21:06.0347 2724	gagp30kx        (34582a6e6573d54a07ece5fe24a126b5) C:\Windows\system32\drivers\gagp30kx.sys
13:21:06.0362 2724	gagp30kx - ok
13:21:06.0565 2724	HdAudAddService (3f90e001369a07243763bd5a523d8722) C:\Windows\system32\drivers\HdAudio.sys
13:21:06.0612 2724	HdAudAddService - ok
13:21:06.0737 2724	HDAudBus        (062452b7ffd68c8c042a6261fe8dff4a) C:\Windows\system32\DRIVERS\HDAudBus.sys
13:21:06.0799 2724	HDAudBus - ok
13:21:06.0955 2724	HidBth          (1338520e78d90154ed6be8f84de5fceb) C:\Windows\system32\drivers\hidbth.sys
13:21:07.0049 2724	HidBth - ok
13:21:07.0220 2724	HidIr           (ff3160c3a2445128c5a6d9b076da519e) C:\Windows\system32\drivers\hidir.sys
13:21:07.0330 2724	HidIr - ok
13:21:07.0454 2724	HidUsb          (cca4b519b17e23a00b826c55716809cc) C:\Windows\system32\DRIVERS\hidusb.sys
13:21:07.0486 2724	HidUsb - ok
13:21:07.0532 2724	HpCISSs         (16ee7b23a009e00d835cdb79574a91a6) C:\Windows\system32\drivers\hpcisss.sys
13:21:07.0564 2724	HpCISSs - ok
13:21:07.0642 2724	HTTP            (f870aa3e254628ebeafe754108d664de) C:\Windows\system32\drivers\HTTP.sys
13:21:07.0735 2724	HTTP - ok
13:21:07.0813 2724	i2omp           (c6b032d69650985468160fc9937cf5b4) C:\Windows\system32\drivers\i2omp.sys
13:21:07.0844 2724	i2omp - ok
13:21:07.0891 2724	i8042prt        (22d56c8184586b7a1f6fa60be5f5a2bd) C:\Windows\system32\DRIVERS\i8042prt.sys
13:21:07.0938 2724	i8042prt - ok
13:21:07.0969 2724	iaStorV         (54155ea1b0df185878e0fc9ec3ac3a14) C:\Windows\system32\drivers\iastorv.sys
13:21:08.0000 2724	iaStorV - ok
13:21:08.0047 2724	iirsp           (2d077bf86e843f901d8db709c95b49a5) C:\Windows\system32\drivers\iirsp.sys
13:21:08.0078 2724	iirsp - ok
13:21:08.0266 2724	IntcAzAudAddService (d9b869a909cc93aec507d4f7dfa24434) C:\Windows\system32\drivers\RTKVHDA.sys
13:21:08.0406 2724	IntcAzAudAddService - ok
13:21:08.0515 2724	intelide        (83aa759f3189e6370c30de5dc5590718) C:\Windows\system32\drivers\intelide.sys
13:21:08.0546 2724	intelide - ok
13:21:08.0578 2724	intelppm        (224191001e78c89dfa78924c3ea595ff) C:\Windows\system32\DRIVERS\intelppm.sys
13:21:08.0624 2724	intelppm - ok
13:21:08.0702 2724	IpFilterDriver  (62c265c38769b864cb25b4bcf62df6c3) C:\Windows\system32\DRIVERS\ipfltdrv.sys
13:21:08.0749 2724	IpFilterDriver - ok
13:21:08.0843 2724	IpInIp - ok
13:21:08.0905 2724	IPMIDRV         (b25aaf203552b7b3491139d582b39ad1) C:\Windows\system32\drivers\ipmidrv.sys
13:21:08.0968 2724	IPMIDRV - ok
13:21:09.0014 2724	IPNAT           (8793643a67b42cec66490b2a0cf92d68) C:\Windows\system32\DRIVERS\ipnat.sys
13:21:09.0077 2724	IPNAT - ok
13:21:09.0124 2724	IRENUM          (109c0dfb82c3632fbd11949b73aeeac9) C:\Windows\system32\drivers\irenum.sys
13:21:09.0186 2724	IRENUM - ok
13:21:09.0280 2724	isapnp          (6c70698a3e5c4376c6ab5c7c17fb0614) C:\Windows\system32\drivers\isapnp.sys
13:21:09.0295 2724	isapnp - ok
13:21:09.0373 2724	iScsiPrt        (232fa340531d940aac623b121a595034) C:\Windows\system32\DRIVERS\msiscsi.sys
13:21:09.0404 2724	iScsiPrt - ok
13:21:09.0607 2724	iteatapi        (bced60d16156e428f8df8cf27b0df150) C:\Windows\system32\drivers\iteatapi.sys
13:21:09.0623 2724	iteatapi - ok
13:21:09.0763 2724	iteraid         (06fa654504a498c30adca8bec4e87e7e) C:\Windows\system32\drivers\iteraid.sys
13:21:09.0810 2724	iteraid - ok
13:21:09.0904 2724	kbdclass        (37605e0a8cf00cbba538e753e4344c6e) C:\Windows\system32\DRIVERS\kbdclass.sys
13:21:09.0935 2724	kbdclass - ok
13:21:10.0060 2724	kbdhid          (18247836959ba67e3511b62846b9c2e0) C:\Windows\system32\drivers\kbdhid.sys
13:21:10.0122 2724	kbdhid - ok
13:21:10.0262 2724	kbfiltr         (27bd4ac228ef6c0d490617c32e86a672) C:\Windows\system32\DRIVERS\kbfiltr.sys
13:21:10.0278 2724	kbfiltr - ok
13:21:10.0496 2724	KSecDD          (86165728af9bf72d6442a894fdfb4f8b) C:\Windows\system32\Drivers\ksecdd.sys
13:21:10.0543 2724	KSecDD - ok
13:21:10.0699 2724	lltdio          (d1c5883087a0c3f1344d9d55a44901f6) C:\Windows\system32\DRIVERS\lltdio.sys
13:21:10.0762 2724	lltdio - ok
13:21:10.0949 2724	LSI_FC          (c7e15e82879bf3235b559563d4185365) C:\Windows\system32\drivers\lsi_fc.sys
13:21:10.0980 2724	LSI_FC - ok
13:21:11.0042 2724	LSI_SAS         (ee01ebae8c9bf0fa072e0ff68718920a) C:\Windows\system32\drivers\lsi_sas.sys
13:21:11.0074 2724	LSI_SAS - ok
13:21:11.0120 2724	LSI_SCSI        (912a04696e9ca30146a62afa1463dd5c) C:\Windows\system32\drivers\lsi_scsi.sys
13:21:11.0152 2724	LSI_SCSI - ok
13:21:11.0183 2724	luafv           (8f5c7426567798e62a3b3614965d62cc) C:\Windows\system32\drivers\luafv.sys
13:21:11.0230 2724	luafv - ok
13:21:11.0448 2724	lullaby         (8039f480c192dd99fed4ebc71ffbf795) C:\Windows\system32\DRIVERS\lullaby.sys
13:21:11.0464 2724	lullaby - ok
13:21:11.0510 2724	MBAMSwissArmy - ok
13:21:11.0620 2724	megasas         (0001ce609d66632fa17b84705f658879) C:\Windows\system32\drivers\megasas.sys
13:21:11.0651 2724	megasas - ok
13:21:11.0682 2724	MegaSR          (c252f32cd9a49dbfc25ecf26ebd51a99) C:\Windows\system32\drivers\megasr.sys
13:21:11.0729 2724	MegaSR - ok
13:21:11.0791 2724	Modem           (e13b5ea0f51ba5b1512ec671393d09ba) C:\Windows\system32\drivers\modem.sys
13:21:11.0854 2724	Modem - ok
13:21:11.0963 2724	monitor         (0a9bb33b56e294f686abb7c1e4e2d8a8) C:\Windows\system32\DRIVERS\monitor.sys
13:21:12.0025 2724	monitor - ok
13:21:12.0197 2724	mouclass        (5bf6a1326a335c5298477754a506d263) C:\Windows\system32\DRIVERS\mouclass.sys
13:21:12.0228 2724	mouclass - ok
13:21:12.0431 2724	mouhid          (93b8d4869e12cfbe663915502900876f) C:\Windows\system32\DRIVERS\mouhid.sys
13:21:12.0478 2724	mouhid - ok
13:21:12.0524 2724	MountMgr        (bdafc88aa6b92f7842416ea6a48e1600) C:\Windows\system32\drivers\mountmgr.sys
13:21:12.0556 2724	MountMgr - ok
13:21:12.0649 2724	mpio            (511d011289755dd9f9a7579fb0b064e6) C:\Windows\system32\drivers\mpio.sys
13:21:12.0680 2724	mpio - ok
13:21:12.0836 2724	mpsdrv          (22241feba9b2defa669c8cb0a8dd7d2e) C:\Windows\system32\drivers\mpsdrv.sys
13:21:12.0883 2724	mpsdrv - ok
13:21:13.0024 2724	Mraid35x        (4fbbb70d30fd20ec51f80061703b001e) C:\Windows\system32\drivers\mraid35x.sys
13:21:13.0055 2724	Mraid35x - ok
13:21:13.0164 2724	MRxDAV          (82cea0395524aacfeb58ba1448e8325c) C:\Windows\system32\drivers\mrxdav.sys
13:21:13.0211 2724	MRxDAV - ok
13:21:13.0258 2724	mrxsmb          (1e94971c4b446ab2290deb71d01cf0c2) C:\Windows\system32\DRIVERS\mrxsmb.sys
13:21:13.0320 2724	mrxsmb - ok
13:21:13.0382 2724	mrxsmb10        (4fccb34d793b116423209c0f8b7a3b03) C:\Windows\system32\DRIVERS\mrxsmb10.sys
13:21:13.0429 2724	mrxsmb10 - ok
13:21:13.0616 2724	mrxsmb20        (c3cb1b40ad4a0124d617a1199b0b9d7c) C:\Windows\system32\DRIVERS\mrxsmb20.sys
13:21:13.0648 2724	mrxsmb20 - ok
13:21:13.0772 2724	msahci          (28023e86f17001f7cd9b15a5bc9ae07d) C:\Windows\system32\drivers\msahci.sys
13:21:13.0804 2724	msahci - ok
13:21:13.0835 2724	msdsm           (4468b0f385a86ecddaf8d3ca662ec0e7) C:\Windows\system32\drivers\msdsm.sys
13:21:13.0866 2724	msdsm - ok
13:21:14.0038 2724	Msfs            (a9927f4a46b816c92f461acb90cf8515) C:\Windows\system32\drivers\Msfs.sys
13:21:14.0100 2724	Msfs - ok
13:21:14.0240 2724	msisadrv        (0f400e306f385c56317357d6dea56f62) C:\Windows\system32\drivers\msisadrv.sys
13:21:14.0272 2724	msisadrv - ok
13:21:14.0396 2724	MSKSSRV         (d8c63d34d9c9e56c059e24ec7185cc07) C:\Windows\system32\drivers\MSKSSRV.sys
13:21:14.0443 2724	MSKSSRV - ok
13:21:14.0490 2724	MSPCLOCK        (1d373c90d62ddb641d50e55b9e78d65e) C:\Windows\system32\drivers\MSPCLOCK.sys
13:21:14.0537 2724	MSPCLOCK - ok
13:21:14.0568 2724	MSPQM           (b572da05bf4e098d4bba3a4734fb505b) C:\Windows\system32\drivers\MSPQM.sys
13:21:14.0615 2724	MSPQM - ok
13:21:14.0662 2724	MsRPC           (b49456d70555de905c311bcda6ec6adb) C:\Windows\system32\drivers\MsRPC.sys
13:21:14.0693 2724	MsRPC - ok
13:21:14.0755 2724	mssmbios        (e384487cb84be41d09711c30ca79646c) C:\Windows\system32\DRIVERS\mssmbios.sys
13:21:14.0771 2724	mssmbios - ok
13:21:14.0864 2724	MSTEE           (7199c1eec1e4993caf96b8c0a26bd58a) C:\Windows\system32\drivers\MSTEE.sys
13:21:14.0896 2724	MSTEE - ok
13:21:14.0989 2724	MTsensor        (97affa9d95ffe20eee6229bc6be166cf) C:\Windows\system32\DRIVERS\ATKACPI.sys
13:21:15.0005 2724	MTsensor - ok
13:21:15.0052 2724	Mup             (6a57b5733d4cb702c8ea4542e836b96c) C:\Windows\system32\Drivers\mup.sys
13:21:15.0067 2724	Mup - ok
13:21:15.0208 2724	NativeWifiP     (85c44fdff9cf7e72a40dcb7ec06a4416) C:\Windows\system32\DRIVERS\nwifi.sys
13:21:15.0239 2724	NativeWifiP - ok
13:21:15.0332 2724	NDIS            (1357274d1883f68300aeadd15d7bbb42) C:\Windows\system32\drivers\ndis.sys
13:21:15.0379 2724	NDIS - ok
13:21:15.0488 2724	NdisTapi        (0e186e90404980569fb449ba7519ae61) C:\Windows\system32\DRIVERS\ndistapi.sys
13:21:15.0535 2724	NdisTapi - ok
13:21:15.0676 2724	Ndisuio         (d6973aa34c4d5d76c0430b181c3cd389) C:\Windows\system32\DRIVERS\ndisuio.sys
13:21:15.0738 2724	Ndisuio - ok
13:21:15.0863 2724	NdisWan         (818f648618ae34f729fdb47ec68345c3) C:\Windows\system32\DRIVERS\ndiswan.sys
13:21:15.0910 2724	NdisWan - ok
13:21:15.0972 2724	NDProxy         (71dab552b41936358f3b541ae5997fb3) C:\Windows\system32\drivers\NDProxy.sys
13:21:16.0019 2724	NDProxy - ok
13:21:16.0081 2724	NetBIOS         (bcd093a5a6777cf626434568dc7dba78) C:\Windows\system32\DRIVERS\netbios.sys
13:21:16.0144 2724	NetBIOS - ok
13:21:16.0190 2724	netbt           (ecd64230a59cbd93c85f1cd1cab9f3f6) C:\Windows\system32\DRIVERS\netbt.sys
13:21:16.0237 2724	netbt - ok
13:21:16.0424 2724	nfrd960         (2e7fb731d4790a1bc6270accefacb36e) C:\Windows\system32\drivers\nfrd960.sys
13:21:16.0456 2724	nfrd960 - ok
13:21:16.0596 2724	Npfs            (d36f239d7cce1931598e8fb90a0dbc26) C:\Windows\system32\drivers\Npfs.sys
13:21:16.0643 2724	Npfs - ok
13:21:16.0736 2724	nsiproxy        (609773e344a97410ce4ebf74a8914fcf) C:\Windows\system32\drivers\nsiproxy.sys
13:21:16.0783 2724	nsiproxy - ok
13:21:17.0064 2724	Ntfs            (6a4a98cee84cf9e99564510dda4baa47) C:\Windows\system32\drivers\Ntfs.sys
13:21:17.0142 2724	Ntfs - ok
13:21:17.0267 2724	ntrigdigi       (e875c093aec0c978a90f30c9e0dfbb72) C:\Windows\system32\drivers\ntrigdigi.sys
13:21:17.0376 2724	ntrigdigi - ok
13:21:17.0579 2724	Null            (c5dbbcda07d780bda9b685df333bb41e) C:\Windows\system32\drivers\Null.sys
13:21:17.0626 2724	Null - ok
13:21:17.0828 2724	nvraid          (2edf9e7751554b42cbb60116de727101) C:\Windows\system32\drivers\nvraid.sys
13:21:17.0860 2724	nvraid - ok
13:21:17.0984 2724	nvstor          (abed0c09758d1d97db0042dbb2688177) C:\Windows\system32\drivers\nvstor.sys
13:21:18.0016 2724	nvstor - ok
13:21:18.0125 2724	nv_agp          (18bbdf913916b71bd54575bdb6eeac0b) C:\Windows\system32\drivers\nv_agp.sys
13:21:18.0156 2724	nv_agp - ok
13:21:18.0203 2724	NwlnkFlt - ok
13:21:18.0250 2724	NwlnkFwd - ok
13:21:18.0499 2724	ohci1394        (790e27c3db53410b40ff9ef2fd10a1d9) C:\Windows\system32\DRIVERS\ohci1394.sys
13:21:18.0577 2724	ohci1394 - ok
13:21:18.0796 2724	Parport         (0fa9b5055484649d63c303fe404e5f4d) C:\Windows\system32\drivers\parport.sys
13:21:18.0905 2724	Parport - ok
13:21:19.0108 2724	partmgr         (57389fa59a36d96b3eb09d0cb91e9cdc) C:\Windows\system32\drivers\partmgr.sys
13:21:19.0139 2724	partmgr - ok
13:21:19.0201 2724	Parvdm          (4f9a6a8a31413180d0fcb279ad5d8112) C:\Windows\system32\drivers\parvdm.sys
13:21:19.0295 2724	Parvdm - ok
13:21:19.0482 2724	pci             (941dc1d19e7e8620f40bbc206981efdb) C:\Windows\system32\drivers\pci.sys
13:21:19.0529 2724	pci - ok
13:21:19.0607 2724	pciide          (1636d43f10416aeb483bc6001097b26c) C:\Windows\system32\drivers\pciide.sys
13:21:19.0638 2724	pciide - ok
13:21:19.0810 2724	pcmcia          (e6f3fb1b86aa519e7698ad05e58b04e5) C:\Windows\system32\drivers\pcmcia.sys
13:21:19.0841 2724	pcmcia - ok
13:21:20.0090 2724	PEAUTH          (6349f6ed9c623b44b52ea3c63c831a92) C:\Windows\system32\drivers\peauth.sys
13:21:20.0200 2724	PEAUTH - ok
13:21:20.0480 2724	PptpMiniport    (ecfffaec0c1ecd8dbc77f39070ea1db1) C:\Windows\system32\DRIVERS\raspptp.sys
13:21:20.0512 2724	PptpMiniport - ok
13:21:20.0683 2724	Processor       (2027293619dd0f047c584cf2e7df4ffd) C:\Windows\system32\drivers\processr.sys
13:21:20.0714 2724	Processor - ok
13:21:20.0824 2724	PSched          (99514faa8df93d34b5589187db3aa0ba) C:\Windows\system32\DRIVERS\pacer.sys
13:21:20.0855 2724	PSched - ok
13:21:21.0120 2724	ql2300          (0a6db55afb7820c99aa1f3a1d270f4f6) C:\Windows\system32\drivers\ql2300.sys
13:21:21.0214 2724	ql2300 - ok
13:21:21.0463 2724	ql40xx          (81a7e5c076e59995d54bc1ed3a16e60b) C:\Windows\system32\drivers\ql40xx.sys
13:21:21.0479 2724	ql40xx - ok
13:21:21.0635 2724	QWAVEdrv        (9f5e0e1926014d17486901c88eca2db7) C:\Windows\system32\drivers\qwavedrv.sys
13:21:21.0666 2724	QWAVEdrv - ok
13:21:21.0760 2724	RasAcd          (147d7f9c556d259924351feb0de606c3) C:\Windows\system32\DRIVERS\rasacd.sys
13:21:21.0822 2724	RasAcd - ok
13:21:21.0853 2724	Rasl2tp         (a214adbaf4cb47dd2728859ef31f26b0) C:\Windows\system32\DRIVERS\rasl2tp.sys
13:21:21.0916 2724	Rasl2tp - ok
13:21:21.0978 2724	RasPppoe        (509a98dd18af4375e1fc40bc175f1def) C:\Windows\system32\DRIVERS\raspppoe.sys
13:21:22.0040 2724	RasPppoe - ok
13:21:22.0103 2724	RasSstp         (2005f4a1e05fa09389ac85840f0a9e4d) C:\Windows\system32\DRIVERS\rassstp.sys
13:21:22.0134 2724	RasSstp - ok
13:21:22.0196 2724	rdbss           (b14c9d5b9add2f84f70570bbbfaa7935) C:\Windows\system32\DRIVERS\rdbss.sys
13:21:22.0259 2724	rdbss - ok
13:21:22.0368 2724	RDPCDD          (89e59be9a564262a3fb6c4f4f1cd9899) C:\Windows\system32\DRIVERS\RDPCDD.sys
13:21:22.0430 2724	RDPCDD - ok
13:21:22.0742 2724	rdpdr           (fbc0bacd9c3d7f6956853f64a66e252d) C:\Windows\system32\drivers\rdpdr.sys
13:21:22.0883 2724	rdpdr - ok
13:21:23.0132 2724	RDPENCDD        (9d91fe5286f748862ecffa05f8a0710c) C:\Windows\system32\drivers\rdpencdd.sys
13:21:23.0210 2724	RDPENCDD - ok
13:21:23.0507 2724	RDPWD           (30bfbdfb7f95559ede971f9ddb9a00ba) C:\Windows\system32\drivers\RDPWD.sys
13:21:23.0569 2724	RDPWD - ok
13:21:23.0803 2724	rspndr          (9c508f4074a39e8b4b31d27198146fad) C:\Windows\system32\DRIVERS\rspndr.sys
13:21:23.0866 2724	rspndr - ok
13:21:24.0115 2724	sbp2port        (3ce8f073a557e172b330109436984e30) C:\Windows\system32\drivers\sbp2port.sys
13:21:24.0162 2724	sbp2port - ok
13:21:24.0396 2724	sdbus           (126ea89bcc413ee45e3004fb0764888f) C:\Windows\system32\DRIVERS\sdbus.sys
13:21:24.0521 2724	sdbus - ok
13:21:24.0770 2724	secdrv          (90a3935d05b494a5a39d37e71f09a677) C:\Windows\system32\drivers\secdrv.sys
13:21:24.0864 2724	secdrv - ok
13:21:25.0051 2724	Serenum         (68e44e331d46f0fb38f0863a84cd1a31) C:\Windows\system32\drivers\serenum.sys
13:21:25.0145 2724	Serenum - ok
13:21:25.0270 2724	Serial          (c70d69a918b178d3c3b06339b40c2e1b) C:\Windows\system32\drivers\serial.sys
13:21:25.0394 2724	Serial - ok
13:21:25.0613 2724	sermouse        (8af3d28a879bf75db53a0ee7a4289624) C:\Windows\system32\drivers\sermouse.sys
13:21:25.0675 2724	sermouse - ok
13:21:25.0862 2724	sffdisk         (3efa810bdca87f6ecc24f9832243fe86) C:\Windows\system32\drivers\sffdisk.sys
13:21:25.0909 2724	sffdisk - ok
13:21:26.0112 2724	sffp_mmc        (e95d451f7ea3e583aec75f3b3ee42dc5) C:\Windows\system32\drivers\sffp_mmc.sys
13:21:26.0190 2724	sffp_mmc - ok
13:21:26.0284 2724	sffp_sd         (3d0ea348784b7ac9ea9bd9f317980979) C:\Windows\system32\drivers\sffp_sd.sys
13:21:26.0346 2724	sffp_sd - ok
13:21:26.0440 2724	sfloppy         (c33bfbd6e9e41fcd9ffef9729e9faed6) C:\Windows\system32\DRIVERS\sfloppy.sys
13:21:26.0502 2724	sfloppy - ok
13:21:26.0658 2724	sisagp          (1d76624a09a054f682d746b924e2dbc3) C:\Windows\system32\drivers\sisagp.sys
13:21:26.0689 2724	sisagp - ok
13:21:26.0798 2724	SiSGbeLH        (f7da61bd62a16510227656c3477e2b52) C:\Windows\system32\DRIVERS\SiSGB6.sys
13:21:26.0830 2724	SiSGbeLH - ok
13:21:26.0892 2724	SiSRaid2        (43cb7aa756c7db280d01da9b676cfde2) C:\Windows\system32\drivers\sisraid2.sys
13:21:26.0923 2724	SiSRaid2 - ok
13:21:27.0079 2724	SiSRaid4        (a99c6c8b0baa970d8aa59ddc50b57f94) C:\Windows\system32\drivers\sisraid4.sys
13:21:27.0110 2724	SiSRaid4 - ok
13:21:27.0251 2724	Smb             (7b75299a4d201d6a6533603d6914ab04) C:\Windows\system32\DRIVERS\smb.sys
13:21:27.0298 2724	Smb - ok
13:21:27.0500 2724	smserial        (c8a58fc905c9184fa70e37f71060c64d) C:\Windows\system32\DRIVERS\smserial.sys
13:21:27.0641 2724	smserial - ok
13:21:27.0828 2724	SNP2UVC         (060f51141b20b8156804446a04ab8b2a) C:\Windows\system32\DRIVERS\snp2uvc.sys
13:21:28.0000 2724	SNP2UVC - ok
13:21:28.0109 2724	spldr           (7aebdeef071fe28b0eef2cdd69102bff) C:\Windows\system32\drivers\spldr.sys
13:21:28.0140 2724	spldr - ok
13:21:28.0296 2724	srv             (41987f9fc0e61adf54f581e15029ad91) C:\Windows\system32\DRIVERS\srv.sys
13:21:28.0358 2724	srv - ok
13:21:28.0468 2724	srv2            (ff33aff99564b1aa534f58868cbe41ef) C:\Windows\system32\DRIVERS\srv2.sys
13:21:28.0514 2724	srv2 - ok
13:21:28.0639 2724	srvnet          (7605c0e1d01a08f3ecd743f38b834a44) C:\Windows\system32\DRIVERS\srvnet.sys
13:21:28.0670 2724	srvnet - ok
13:21:28.0795 2724	swenum          (7ba58ecf0c0a9a69d44b3dca62becf56) C:\Windows\system32\DRIVERS\swenum.sys
13:21:28.0811 2724	swenum - ok
13:21:29.0123 2724	Symc8xx         (192aa3ac01df071b541094f251deed10) C:\Windows\system32\drivers\symc8xx.sys
13:21:29.0154 2724	Symc8xx - ok
13:21:29.0294 2724	Sym_hi          (8c8eb8c76736ebaf3b13b633b2e64125) C:\Windows\system32\drivers\sym_hi.sys
13:21:29.0326 2724	Sym_hi - ok
13:21:29.0482 2724	Sym_u3          (8072af52b5fd103bbba387a1e49f62cb) C:\Windows\system32\drivers\sym_u3.sys
13:21:29.0513 2724	Sym_u3 - ok
13:21:29.0606 2724	SynTP           (55f6e55cc2430ca8713387106fa79817) C:\Windows\system32\DRIVERS\SynTP.sys
13:21:29.0622 2724	SynTP - ok
13:21:29.0887 2724	Tcpip           (814a1c66fbd4e1b310a517221f1456bf) C:\Windows\system32\drivers\tcpip.sys
13:21:30.0012 2724	Tcpip - ok
13:21:30.0184 2724	Tcpip6          (814a1c66fbd4e1b310a517221f1456bf) C:\Windows\system32\DRIVERS\tcpip.sys
13:21:30.0277 2724	Tcpip6 - ok
13:21:30.0464 2724	tcpipreg        (608c345a255d82a6289c2d468eb41fd7) C:\Windows\system32\drivers\tcpipreg.sys
13:21:30.0527 2724	tcpipreg - ok
13:21:30.0683 2724	TDPIPE          (5dcf5e267be67a1ae926f2df77fbcc56) C:\Windows\system32\drivers\tdpipe.sys
13:21:30.0745 2724	TDPIPE - ok
13:21:30.0995 2724	TDTCP           (389c63e32b3cefed425b61ed92d3f021) C:\Windows\system32\drivers\tdtcp.sys
13:21:31.0057 2724	TDTCP - ok
13:21:31.0307 2724	tdx             (76b06eb8a01fc8624d699e7045303e54) C:\Windows\system32\DRIVERS\tdx.sys
13:21:31.0369 2724	tdx - ok
13:21:31.0432 2724	TermDD          (3cad38910468eab9a6479e2f01db43c7) C:\Windows\system32\DRIVERS\termdd.sys
13:21:31.0463 2724	TermDD - ok
13:21:31.0603 2724	tssecsrv        (dcf0f056a2e4f52287264f5ab29cf206) C:\Windows\system32\DRIVERS\tssecsrv.sys
13:21:31.0666 2724	tssecsrv - ok
13:21:31.0915 2724	tunmp           (caecc0120ac49e3d2f758b9169872d38) C:\Windows\system32\DRIVERS\tunmp.sys
13:21:31.0978 2724	tunmp - ok
13:21:32.0149 2724	tunnel          (300db877ac094feab0be7688c3454a9c) C:\Windows\system32\DRIVERS\tunnel.sys
13:21:32.0212 2724	tunnel - ok
13:21:32.0446 2724	uagp35          (7d33c4db2ce363c8518d2dfcf533941f) C:\Windows\system32\drivers\uagp35.sys
13:21:32.0477 2724	uagp35 - ok
13:21:32.0586 2724	udfs            (d9728af68c4c7693cb100b8441cbdec6) C:\Windows\system32\DRIVERS\udfs.sys
13:21:32.0633 2724	udfs - ok
13:21:32.0758 2724	uliagpkx        (b0acfdc9e4af279e9116c03e014b2b27) C:\Windows\system32\drivers\uliagpkx.sys
13:21:32.0804 2724	uliagpkx - ok
13:21:32.0867 2724	uliahci         (9224bb254f591de4ca8d572a5f0d635c) C:\Windows\system32\drivers\uliahci.sys
13:21:32.0914 2724	uliahci - ok
13:21:32.0945 2724	UlSata          (8514d0e5cd0534467c5fc61be94a569f) C:\Windows\system32\drivers\ulsata.sys
13:21:32.0976 2724	UlSata - ok
13:21:33.0007 2724	ulsata2         (38c3c6e62b157a6bc46594fada45c62b) C:\Windows\system32\drivers\ulsata2.sys
13:21:33.0038 2724	ulsata2 - ok
13:21:33.0070 2724	umbus           (32cff9f809ae9aed85464492bf3e32d2) C:\Windows\system32\DRIVERS\umbus.sys
13:21:33.0116 2724	umbus - ok
13:21:33.0179 2724	usbccgp         (caf811ae4c147ffcd5b51750c7f09142) C:\Windows\system32\DRIVERS\usbccgp.sys
13:21:33.0241 2724	usbccgp - ok
13:21:33.0288 2724	usbcir          (e9476e6c486e76bc4898074768fb7131) C:\Windows\system32\drivers\usbcir.sys
13:21:33.0350 2724	usbcir - ok
13:21:33.0428 2724	usbehci         (79e96c23a97ce7b8f14d310da2db0c9b) C:\Windows\system32\DRIVERS\usbehci.sys
13:21:33.0444 2724	usbehci - ok
13:21:33.0506 2724	usbhub          (4673bbcb006af60e7abddbe7a130ba42) C:\Windows\system32\DRIVERS\usbhub.sys
13:21:33.0538 2724	usbhub - ok
13:21:33.0600 2724	usbohci         (ce697fee0d479290d89bec80dfe793b7) C:\Windows\system32\DRIVERS\usbohci.sys
13:21:33.0616 2724	usbohci - ok
13:21:33.0694 2724	usbprint        (b51e52acf758be00ef3a58ea452fe360) C:\Windows\system32\drivers\usbprint.sys
13:21:33.0740 2724	usbprint - ok
13:21:33.0818 2724	USBSTOR         (be3da31c191bc222d9ad503c5224f2ad) C:\Windows\system32\DRIVERS\USBSTOR.SYS
13:21:33.0850 2724	USBSTOR - ok
13:21:33.0928 2724	usbuhci         (814d653efc4d48be3b04a307eceff56f) C:\Windows\system32\DRIVERS\usbuhci.sys
13:21:33.0959 2724	usbuhci - ok
13:21:34.0084 2724	usbvideo        (e67998e8f14cb0627a769f6530bcb352) C:\Windows\system32\Drivers\usbvideo.sys
13:21:34.0130 2724	usbvideo - ok
13:21:34.0193 2724	vga             (87b06e1f30b749a114f74622d013f8d4) C:\Windows\system32\DRIVERS\vgapnp.sys
13:21:34.0240 2724	vga - ok
13:21:34.0302 2724	VgaSave         (2e93ac0a1d8c79d019db6c51f036636c) C:\Windows\System32\drivers\vga.sys
13:21:34.0349 2724	VgaSave - ok
13:21:34.0411 2724	viaagp          (5d7159def58a800d5781ba3a879627bc) C:\Windows\system32\drivers\viaagp.sys
13:21:34.0427 2724	viaagp - ok
13:21:34.0552 2724	ViaC7           (c4f3a691b5bad343e6249bd8c2d45dee) C:\Windows\system32\drivers\viac7.sys
13:21:34.0598 2724	ViaC7 - ok
13:21:34.0661 2724	viaide          (aadf5587a4063f52c2c3fed7887426fc) C:\Windows\system32\drivers\viaide.sys
13:21:34.0692 2724	viaide - ok
13:21:34.0723 2724	volmgr          (69503668ac66c77c6cd7af86fbdf8c43) C:\Windows\system32\drivers\volmgr.sys
13:21:34.0754 2724	volmgr - ok
13:21:34.0879 2724	volmgrx         (23e41b834759917bfd6b9a0d625d0c28) C:\Windows\system32\drivers\volmgrx.sys
13:21:34.0910 2724	volmgrx - ok
13:21:34.0988 2724	volsnap         (147281c01fcb1df9252de2a10d5e7093) C:\Windows\system32\drivers\volsnap.sys
13:21:35.0035 2724	volsnap - ok
13:21:35.0113 2724	vsmraid         (587253e09325e6bf226b299774b728a9) C:\Windows\system32\drivers\vsmraid.sys
13:21:35.0160 2724	vsmraid - ok
13:21:35.0207 2724	WacomPen        (48dfee8f1af7c8235d4e626f0c4fe031) C:\Windows\system32\drivers\wacompen.sys
13:21:35.0300 2724	WacomPen - ok
13:21:35.0347 2724	Wanarp          (55201897378cca7af8b5efd874374a26) C:\Windows\system32\DRIVERS\wanarp.sys
13:21:35.0394 2724	Wanarp - ok
13:21:35.0410 2724	Wanarpv6        (55201897378cca7af8b5efd874374a26) C:\Windows\system32\DRIVERS\wanarp.sys
13:21:35.0472 2724	Wanarpv6 - ok
13:21:35.0534 2724	Wd              (78fe9542363f297b18c027b2d7e7c07f) C:\Windows\system32\drivers\wd.sys
13:21:35.0550 2724	Wd - ok
13:21:35.0644 2724	Wdf01000        (b6f0a7ad6d4bd325fbcd8bac96cd8d96) C:\Windows\system32\drivers\Wdf01000.sys
13:21:35.0675 2724	Wdf01000 - ok
13:21:35.0893 2724	WmiAcpi         (2e7255d172df0b8283cdfb7b433b864e) C:\Windows\system32\DRIVERS\wmiacpi.sys
13:21:35.0909 2724	WmiAcpi - ok
13:21:36.0002 2724	WpdUsb          (de9d36f91a4df3d911626643debf11ea) C:\Windows\system32\DRIVERS\wpdusb.sys
13:21:36.0049 2724	WpdUsb - ok
13:21:36.0143 2724	ws2ifsl         (e3a3cb253c0ec2494d4a61f5e43a389c) C:\Windows\system32\drivers\ws2ifsl.sys
13:21:36.0190 2724	ws2ifsl - ok
13:21:36.0236 2724	WUDFRd          (ac13cb789d93412106b0fb6c7eb2bcb6) C:\Windows\system32\DRIVERS\WUDFRd.sys
13:21:36.0283 2724	WUDFRd - ok
13:21:36.0439 2724	yukonwlh        (7d1f3b131d503ef43ee594b5a2b9b427) C:\Windows\system32\DRIVERS\yk60x86.sys
13:21:36.0502 2724	yukonwlh - ok
13:21:36.0533 2724	MBR (0x1B8)     (64b1e91c5c6c2157642651010728f90f) \Device\Harddisk0\DR0
13:21:37.0001 2724	\Device\Harddisk0\DR0 - ok
13:21:37.0032 2724	Boot (0x1200)   (47f05db3e583f2e14c557b175fc0e758) \Device\Harddisk0\DR0\Partition0
13:21:37.0048 2724	\Device\Harddisk0\DR0\Partition0 - ok
13:21:37.0063 2724	Boot (0x1200)   (028934841232509797acb27ff1ec47b3) \Device\Harddisk0\DR0\Partition1
13:21:37.0063 2724	\Device\Harddisk0\DR0\Partition1 - ok
13:21:37.0063 2724	============================================================
13:21:37.0063 2724	Scan finished
13:21:37.0063 2724	============================================================
13:21:37.0094 1276	Detected object count: 0
13:21:37.0094 1276	Actual detected object count: 0

Antwort
Seite 1 von 2 1 2

Themen zu Gema-Trojaner und weitere Funde
autorun, bho, c:\windows\system32\rundll32.exe, error, excel, firefox, flash player, format, home, internet, logfile, mozilla thunderbird, mp3, olympus, programm, registry, required, rundll, scan, security, senden, software, spielen, super, system, usb, version=1.0, virus, vista, windows, wma


« Bundespolizei Trojaner ucash | Rootkit Problem - PC startet weder IE, noch Thunderbird und Firefox (nur ganz selten) oder Links fe »


Ähnliche Themen: Gema-Trojaner und weitere Funde


  1. Win 7 x64: Setup[1].exe (Win32/Injected.F trojan) in Temporary Internet Files und weitere Funde
    Log-Analyse und Auswertung - 16.03.2014 (13)
  2. Funde durch AdwCleaner...weitere Schritte nötig?
    Plagegeister aller Art und deren Bekämpfung - 24.11.2013 (3)
  3. TR/Fakeadb.A und weitere Funde bei Antivir (Premium)
    Log-Analyse und Auswertung - 15.09.2013 (14)
  4. PUP.FakeFlash.Domaiq- und weitere Malware-Funde
    Plagegeister aller Art und deren Bekämpfung - 11.06.2013 (7)
  5. yontoo, y2desktop, xoywm.exe und weitere Funde WIRKLICH eliminiert?
    Log-Analyse und Auswertung - 30.05.2013 (10)
  6. Weitere Funde
    Log-Analyse und Auswertung - 01.04.2012 (34)
  7. GEMA-Trojaner mit Tool bereinigt, weitere Schritte?
    Plagegeister aller Art und deren Bekämpfung - 25.03.2012 (1)
  8. Antivir meldet BDS/ZAccess.AX.1 sowie nach einem Scan 4 weitere Funde
    Plagegeister aller Art und deren Bekämpfung - 19.03.2012 (10)
  9. TR/Trash.Gen (Systemfix, Gema, und weitere Viren)
    Log-Analyse und Auswertung - 29.12.2011 (22)
  10. GEMA Virus vorerst bekämpft! Weitere Schritte?
    Plagegeister aller Art und deren Bekämpfung - 08.12.2011 (1)
  11. TR/Agen.Y.20 in OTL.exe und weitere Funde
    Plagegeister aller Art und deren Bekämpfung - 04.12.2011 (2)
  12. 'EXP/Pidief.41322.A' [exploit] ausgeführt + weitere Funde
    Plagegeister aller Art und deren Bekämpfung - 01.03.2011 (21)
  13. TR/Rootkit.Gen3 zund weitere Funde
    Log-Analyse und Auswertung - 15.10.2010 (15)
  14. avira funde =( HTML/Infected.WebPage.Gen2 und weitere =(
    Plagegeister aller Art und deren Bekämpfung - 23.08.2010 (19)
  15. Trojan.Agent/Gen-Reader_S und weitere Funde
    Log-Analyse und Auswertung - 15.04.2010 (9)
  16. JAVA/ClassLoad.AD.2 und weitere Funde
    Log-Analyse und Auswertung - 15.04.2010 (11)
  17. Nach Win32/Cryptor Entfernung bei Malwarebytes Scan mehrere weitere Funde
    Log-Analyse und Auswertung - 18.12.2009 (1)
Anleitungen und Tipps

- Für alle Hilfesuchenden! Was beachten?

- Anleitung: MyStartSearch.com entfernen

- Anleitung: WebSearches löschen

- Hilfe: iStartSurf entfernen – so gehts!

- Anleitung: Omiga Plus richtig entfernen

- Browser Viren entfernen


Zum Thema Gema-Trojaner und weitere Funde - Hallo, ich habe den Laptop von meiner Tante bekommen um diesen wieder zum laufen zu bekommen. Der Gema-Trojaner hatte den Zugriff darauf blockiert. Mit Hilfe der Norton Bootable Recovery Toools - Gema-Trojaner und weitere Funde...
Archiv
Du betrachtest: Gema-Trojaner und weitere Funde auf Trojaner-Board

Search Engine Optimization by vBSEO ©2011, Crawlability, Inc.

1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28 29 30 31 32 33 34 35 36 37 38 39 40 41 42 43 44 45 46 47 48 49 50 51 52 53 54 55 56 57 58 59 60 61 62 63 64 65 66 67 68 69 70 71 72 73 74 75 76 77 78 79 80 81 82 83 84 85 86 87 88 89 90 91 92 93 94 95 96 97 98 99 100 101 102 103 104 105 106 107 108 109 110 111 112 113 114 115 116 117 118 119 120 121 122 123 124 125 126 127 128 129 130 131