BKA-Trojaner; Offline-Scanner findet keine Viren, Online-Scanner jedoch...

Paclib · 22.01.2012, 14:35

Hallo.

Mein Laptop hat vorgestern einen BKA-Trojaner bekommen.

Ich konnte meinen Laptop nicht mehr nutzen, ich schaltete das Laptop aus,
später konnte ich ihn wieder normal öffnen. Jedoch kam die Fehlermeldung,
dass wpbt0.dll nicht funktioniert.

Ich startete gleich danach die Avira, um das Virus ausfindig zu machen.
Sie sind ausfindig gemacht worden. Da waren 2 Viren. In die Quarantäne versetzt worden. Ich habe sie dann gelöscht.
Das könnt ihr im Text "avira" einsehen. In dem Text seht ihr den einen Virus Leider finde ich in Berichte von Avira den anderen Virus nicht mehr. Dieser Virus war in einer PDF-Datei, irgendetwas mit q.....pdf, in einer Cache.

Bevor mit fsescure startete, habe ich auch noch Malwarebytes genommen. da wurde auch einiges gefunden. Ebenfalls unter "malwarebytes" einzusehen.

Ich startete dann nochmal einen Scancheck via Online.
Bei Eset wurde keine gefunden, ich dachte, ich check sicherheitshalber nochmal mit einer anderen. F-Secure fand dann einen. Das könnt ihr auch einsehen in Text "fsecure".

Hm... ich hätte wohl nichts machen sollen und gleich an euch wenden sollen. Ich dachte, das Programm macht es schon. Seufz...

Da kam ich zu eurer Seite, machte also defogger, otl und gmer.
defogger startete nicht neu, und keine fehlermeldung kam raus. ich hoffe, da stimmt alles.

Anbei auch, wie von euch gebeten, die drei Texte von defooger, otl und gmer.

Ich hoffe, ihr wisst, was ich noch zu tun habe...

Hm... Das war alles...

cosinus · 23.01.2012, 14:26

Bitte nun routinemäßig einen Vollscan mit Malwarebytes machen und Log posten.
Denk daran, dass Malwarebytes vor jedem Scan manuell aktualisiert werden muss! Außerdem müssen alle Funde entfernt werden.

Falls Logs aus älteren Scans mit Malwarebytes vorhanden sind, bitte auch davon alle posten!

ESET Online Scanner

Hier findest du eine bebilderte Anleitung zu ESET Online Scanner
Lade und starte Eset Online Scanner
Setze einen Haken bei Ja, ich bin mit den Nutzungsbedingungen einverstanden und klicke auf Starten.
Aktiviere die "Erkennung von eventuell unerwünschten Anwendungen" und wähle folgende Einstellungen.
Klicke auf Starten.
Die Signaturen werden heruntergeladen, der Scan beginnt automatisch.
Klicke am Ende des Suchlaufs auf Fertig stellen.
Schließe das Fenster von ESET.
Explorer öffnen.
C:\Programme\Eset\EsetOnlineScanner\log.txt (bei 64 Bit auch C:\Programme (x86)\Eset\EsetOnlineScanner\log.txt) suchen und mit Deinem Editor öffnen (bebildert).
Logfile hier posten.
Deinstallation: Systemsteuerung => Software / Programme deinstallieren => Eset Online Scanner V3 entfernen.
Manuell folgenden Ordner löschen und Papierkorb leeren => C:\Programme\Eset

Bitte alles nach Möglichkeit hier in CODE-Tags posten.

Wird so gemacht:

[code] hier steht das Log [/code]

Und das ganze sieht dann so aus:

Code:

ATTFilter

 hier steht das Log

Paclib · 23.01.2012, 18:54

Hallo.

Vielen Dank für die Antwort.

Hier sind die Ergebnisse:

Malwarebytes:

Code:

ATTFilter

 Malwarebytes Anti-Malware  (Test) 1.60.0.1800
www.malwarebytes.org

Datenbank Version: v2012.01.23.03

Windows 7 x86 NTFS
Internet Explorer 8.0.7600.16385
MR :: MR-PC [Administrator]

Schutz: Aktiviert

23.01.2012 15:44:37
mbam-log-2012-01-23 (15-44-37).txt

Art des Suchlaufs: Vollständiger Suchlauf
Aktivierte Suchlaufeinstellungen: Speicher | Autostart | Registrierung | Dateisystem | Heuristiks/Extra | HeuristiKs/Shuriken | PUP | PUM
Deaktivierte Suchlaufeinstellungen: P2P
Durchsuchte Objekte: 261315
Laufzeit: 47 Minute(n), 58 Sekunde(n)

Infizierte Speicherprozesse: 0
(Keine bösartigen Objekte gefunden)

Infizierte Speichermodule: 0
(Keine bösartigen Objekte gefunden)

Infizierte Registrierungsschlüssel: 0
(Keine bösartigen Objekte gefunden)

Infizierte Registrierungswerte: 0
(Keine bösartigen Objekte gefunden)

Infizierte Dateiobjekte der Registrierung: 0
(Keine bösartigen Objekte gefunden)

Infizierte Verzeichnisse: 0
(Keine bösartigen Objekte gefunden)

Infizierte Dateien: 0
(Keine bösartigen Objekte gefunden)

(Ende)

Und hier der erste Scan von Malwarebytes:

Code:

ATTFilter

 Malwarebytes Anti-Malware  (Test) 1.60.0.1800
www.malwarebytes.org

Datenbank Version: v2012.01.21.02

Windows 7 x86 NTFS
Internet Explorer 8.0.7600.16385
MR :: MR-PC [Administrator]

Schutz: Aktiviert

21.01.2012 21:21:04
mbam-log-2012-01-21 (21-21-04).txt

Art des Suchlaufs: Quick-Scan
Aktivierte Suchlaufeinstellungen: Speicher | Autostart | Registrierung | Dateisystem | Heuristiks/Extra | HeuristiKs/Shuriken | PUP | PUM
Deaktivierte Suchlaufeinstellungen: P2P
Durchsuchte Objekte: 163780
Laufzeit: 6 Minute(n), 4 Sekunde(n)

Infizierte Speicherprozesse: 0
(Keine bösartigen Objekte gefunden)

Infizierte Speichermodule: 0
(Keine bösartigen Objekte gefunden)

Infizierte Registrierungsschlüssel: 0
(Keine bösartigen Objekte gefunden)

Infizierte Registrierungswerte: 1
HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Run|Update (Exploit.Drop) -> Daten: C:\Users\MR\AppData\Roaming\wpbt0.dll -> Erfolgreich gelöscht und in Quarantäne gestellt.

Infizierte Dateiobjekte der Registrierung: 0
(Keine bösartigen Objekte gefunden)

Infizierte Verzeichnisse: 0
(Keine bösartigen Objekte gefunden)

Infizierte Dateien: 1
C:\Users\MR\AppData\Roaming\wpbt0.dll (Exploit.Drop) -> Erfolgreich gelöscht und in Quarantäne gestellt.

(Ende)

Hier Eset-Scan:

Code:

ATTFilter

ESETSmartInstaller@High as CAB hook log:
OnlineScanner.ocx - registred OK
esets_scanner_update returned -1 esets_gle=53251

Ich versteh den Inhalt von diesem log-datei nicht, daher hab ich sicherheitshalber die 2 funde von eset mit den viren hier:

Code:

ATTFilter

C:\Windows\Installer\e3ae.msi	a variant of Win32/Adware.Toolbar.Dealio application
D:\MR-PC\Backup Set 2012-01-07 152733\Backup Files 2012-01-07 152733\Backup files 3.zip	multiple threats

Und? Was jetzt?

cosinus · 23.01.2012, 21:32

Du hast ESET garantiert so ausgeführt:

Anmerkung für Vista und Win7 User: Bitte den Browser unbedingt so öffnen: per Rechtsklick => als Administrator ausführen

Das Log sieht nämlich nicht danach aus

Paclib · 24.01.2012, 16:16

Hallo.

Diesmal hat der eset-scan funktioniert. hier das ergebnis:

Code:

ATTFilter

ESETSmartInstaller@High as CAB hook log:
OnlineScanner.ocx - registred OK
esets_scanner_update returned -1 esets_gle=53251
# version=7
# iexplore.exe=8.00.7600.16385 (win7_rtm.090713-1255)
# OnlineScanner.ocx=1.0.0.6583
# api_version=3.0.2
# EOSSerial=4bd3a822f3e8d940a56dc8dbe543d090
# end=finished
# remove_checked=false
# archives_checked=true
# unwanted_checked=true
# unsafe_checked=false
# antistealth_checked=true
# utc_time=2012-01-24 02:59:07
# local_time=2012-01-24 03:59:07 (+0100, Mitteleuropäische Zeit)
# country="Germany"
# lang=1033
# osver=6.1.7600 NT 
# compatibility_mode=1792 16777215 100 0 8832849 8832849 0 0
# compatibility_mode=5893 16776573 100 94 4072 79849269 0 0
# compatibility_mode=8192 67108863 100 0 281549 281549 0 0
# scanned=104410
# found=2
# cleaned=0
# scan_time=6643
C:\Windows\Installer\e3ae.msi	a variant of Win32/Adware.Toolbar.Dealio application (unable to clean)	00000000000000000000000000000000	I
D:\MR-PC\Backup Set 2012-01-07 152733\Backup Files 2012-01-07 152733\Backup files 3.zip	multiple threats (unable to clean)	00000000000000000000000000000000	I

und jetzt???

cosinus · 24.01.2012, 16:19

Du brauchst nicht nach jedem Posting zu fragen "was jetzt ist"
Wie es weiter geht weiß ich aus den Logs und nicht aus der Frage

Mach bitte ein neues OTL-Log. Bitte alles nach Möglichkeit hier in CODE-Tags posten.

Wird so gemacht:

[code] hier steht das Log [/code]

Und das ganze sieht dann so aus:

Code:

ATTFilter

 hier steht das Log

CustomScan mit OTL

Falls noch nicht vorhanden, lade Dir bitte OTL von Oldtimer herunter und speichere es auf Deinem Desktop

Starte bitte die OTL.exe.
Vista und Win7 User mit Rechtsklick "als Administrator starten"
Kopiere nun den kompletten Inhalt aus der untenstehenden Codebox in die Textbox von OTL - wenn OTL auf deutsch ist wird sie mit beschriftet

Code:

ATTFilter

netsvcs
msconfig
safebootminimal
safebootnetwork
activex
drivers32
%ALLUSERSPROFILE%\Application Data\*.
%ALLUSERSPROFILE%\Application Data\*.exe /s
%APPDATA%\*.
%APPDATA%\*.exe /s
%SYSTEMDRIVE%\*.exe
/md5start
wininit.exe
userinit.exe
eventlog.dll
scecli.dll
netlogon.dll
cngaudit.dll
ws2ifsl.sys
sceclt.dll
ntelogon.dll
winlogon.exe
logevent.dll
user32.DLL
iaStor.sys
nvstor.sys
atapi.sys
IdeChnDr.sys
viasraid.sys
AGP440.sys
vaxscsi.sys
nvatabus.sys
viamraid.sys
nvata.sys
nvgts.sys
iastorv.sys
ViPrt.sys
eNetHook.dll
ahcix86.sys
KR10N.sys
nvstor32.sys
ahcix86s.sys
/md5stop
%systemroot%\system32\drivers\*.sys /lockedfiles
%systemroot%\System32\config\*.sav
%systemroot%\*. /mp /s
%systemroot%\system32\*.dll /lockedfiles
CREATERESTOREPOINT

Schliesse bitte nun alle Programme. (Wichtig)
Klicke nun bitte auf den Quick Scan Button.
Klick auf .
Kopiere nun den Inhalt aus OTL.txt hier in Deinen Thread

Paclib · 24.01.2012, 17:13

Code:

ATTFilter

OTL logfile created on: 24.01.2012 16:59:15 - Run 2
OTL by OldTimer - Version 3.2.31.0     Folder = C:\Users\MR\Downloads\Scan-Virus-Programme\otl
 Professional  (Version = 6.1.7600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.7600.16385)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
 
1,99 Gb Total Physical Memory | 1,22 Gb Available Physical Memory | 61,41% Memory free
3,98 Gb Paging File | 3,02 Gb Available in Paging File | 75,78% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 87,79 Gb Total Space | 40,87 Gb Free Space | 46,55% Space Free | Partition Type: NTFS
Drive D: | 61,16 Gb Total Space | 28,77 Gb Free Space | 47,05% Space Free | Partition Type: NTFS
 
Computer Name: MR-PC | User Name: MR | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Quick Scan
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days
 
========== Processes (SafeList) ==========
 
PRC - [2012.01.22 13:07:14 | 000,584,192 | ---- | M] (OldTimer Tools) -- C:\Users\MR\Downloads\Scan-Virus-Programme\otl\OTL.exe
PRC - [2012.01.11 09:31:33 | 000,735,608 | ---- | M] (BitTorrent, Inc.) -- C:\Programme\uTorrent\uTorrent.exe
PRC - [2012.01.04 10:11:21 | 000,020,480 | ---- | M] (RealNetworks, Inc.) -- C:\Programme\Real\RealPlayer\realplay.exe
PRC - [2011.12.24 17:50:18 | 000,652,872 | ---- | M] (Malwarebytes Corporation) -- C:\Programme\Malwarebytes' Anti-Malware\mbamservice.exe
PRC - [2011.12.24 17:50:18 | 000,460,872 | ---- | M] (Malwarebytes Corporation) -- C:\Programme\Malwarebytes' Anti-Malware\mbamgui.exe
PRC - [2011.10.11 14:00:02 | 000,080,336 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\Programme\Avira\AntiVir Desktop\avshadow.exe
PRC - [2011.10.11 13:59:49 | 000,086,224 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\Programme\Avira\AntiVir Desktop\sched.exe
PRC - [2011.10.11 13:59:37 | 000,258,512 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\Programme\Avira\AntiVir Desktop\avgnt.exe
PRC - [2011.10.11 13:59:37 | 000,110,032 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\Programme\Avira\AntiVir Desktop\avguard.exe
PRC - [2011.07.16 05:31:12 | 000,271,360 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\conhost.exe
PRC - [2011.02.26 06:33:07 | 002,614,784 | ---- | M] (Microsoft Corporation) -- C:\Windows\explorer.exe
PRC - [2010.10.02 03:50:36 | 000,557,568 | ---- | M] (Hauppauge Computer Works) -- C:\Programme\WinTV\TVServer\HauppaugeTVServer.exe
PRC - [2010.09.07 18:00:20 | 000,082,944 | ---- | M] (Hauppauge Computer Works, Inc.) -- C:\Programme\WinTV\WinTV7\WinTVTray.exe
PRC - [2010.01.15 13:49:20 | 000,255,536 | ---- | M] (McAfee, Inc.) -- C:\Programme\McAfee Security Scan\2.0.181\SSScheduler.exe
PRC - [2009.07.14 02:14:47 | 001,121,280 | ---- | M] (Microsoft Corporation) -- C:\Programme\Windows Media Player\wmpnetwk.exe
PRC - [2009.07.14 02:14:42 | 000,049,152 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\taskhost.exe
PRC - [2001.09.24 09:39:28 | 000,098,304 | ---- | M] (Logitech Inc.) -- C:\Programme\Common Files\Logitech\QCDriver\LVComS.exe
 
 
========== Modules (No Company Name) ==========
 
MOD - [2012.01.04 10:11:27 | 000,036,352 | ---- | M] () -- C:\Programme\Real\RealPlayer\psethvy_gr.dll
MOD - [2012.01.04 10:11:27 | 000,029,184 | ---- | M] () -- C:\Programme\Real\RealPlayer\rplvstpn_gr.dll
MOD - [2012.01.04 10:11:27 | 000,009,728 | ---- | M] () -- C:\Programme\Real\RealPlayer\rpwfalzr_gr.dll
MOD - [2011.12.10 11:49:03 | 012,431,360 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\d76221993c2fdfb991b8c12ae50a30eb\System.Windows.Forms.ni.dll
MOD - [2011.12.10 11:48:20 | 001,586,688 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Drawing\0e245eb9c1067cabd5673fe832d28613\System.Drawing.ni.dll
MOD - [2011.12.10 11:47:44 | 005,452,800 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Xml\275680f2b9db0501d53c50ea7d7a43f0\System.Xml.ni.dll
MOD - [2011.12.10 11:47:29 | 007,949,312 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System\95b9866ab6e4437ef5dc5855ebab4e33\System.ni.dll
MOD - [2011.12.10 11:47:17 | 011,490,304 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\1b31ced9bb880d94fff1c6d47c16a81e\mscorlib.ni.dll
MOD - [2010.09.01 08:33:54 | 000,019,456 | ---- | M] () -- C:\Programme\WinTV\TVServer\HauppaugeTVServerps.dll
 
 
========== Win32 Services (SafeList) ==========
 
SRV - [2011.12.24 17:50:18 | 000,652,872 | ---- | M] (Malwarebytes Corporation) [Auto | Running] -- C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe -- (MBAMService)
SRV - [2011.10.11 13:59:49 | 000,086,224 | ---- | M] (Avira Operations GmbH & Co. KG) [Auto | Running] -- C:\Program Files\Avira\AntiVir Desktop\sched.exe -- (AntiVirSchedulerService)
SRV - [2011.10.11 13:59:37 | 000,110,032 | ---- | M] (Avira Operations GmbH & Co. KG) [Auto | Running] -- C:\Program Files\Avira\AntiVir Desktop\avguard.exe -- (AntiVirService)
SRV - [2010.10.02 03:50:36 | 000,557,568 | ---- | M] (Hauppauge Computer Works) [Auto | Running] -- C:\Programme\WinTV\TVServer\HauppaugeTVServer.exe -- (HauppaugeTVServer)
SRV - [2010.01.15 13:49:20 | 000,227,232 | ---- | M] (McAfee, Inc.) [On_Demand | Stopped] -- C:\Program Files\McAfee Security Scan\2.0.181\McCHSvc.exe -- (McComponentHostService)
SRV - [2009.07.14 02:16:15 | 000,016,384 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\StorSvc.dll -- (StorSvc)
SRV - [2009.07.14 02:16:13 | 000,025,088 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\sensrsvc.dll -- (SensrSvc)
SRV - [2009.07.14 02:16:12 | 001,004,544 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\PeerDistSvc.dll -- (PeerDistSvc)
SRV - [2009.07.14 02:15:41 | 000,680,960 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Programme\Windows Defender\MpSvc.dll -- (WinDefend)
 
 
========== Driver Services (SafeList) ==========
 
DRV - [2011.12.10 15:24:06 | 000,020,464 | ---- | M] (Malwarebytes Corporation) [File_System | On_Demand | Running] -- C:\Windows\System32\drivers\mbam.sys -- (MBAMProtector)
DRV - [2011.12.09 20:51:34 | 000,134,856 | ---- | M] (Avira GmbH) [Kernel | System | Running] -- C:\Windows\System32\drivers\avipbb.sys -- (avipbb)
DRV - [2011.12.05 19:47:09 | 000,076,928 | ---- | M] (ENE Technology Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\ESM7SK.sys -- (ESMCR)
DRV - [2011.12.05 19:47:09 | 000,062,208 | ---- | M] (ENE Technology Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\EMS7SK.sys -- (EMSCR)
DRV - [2011.12.05 19:47:09 | 000,042,240 | ---- | M] (ENE Technology Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\ESD7SK.sys -- (ESDCR)
DRV - [2011.10.11 14:00:01 | 000,074,640 | ---- | M] (Avira GmbH) [File_System | Auto | Running] -- C:\Windows\System32\drivers\avgntflt.sys -- (avgntflt)
DRV - [2011.10.11 14:00:01 | 000,036,000 | ---- | M] (Avira GmbH) [Kernel | System | Running] -- C:\Windows\System32\drivers\avkmgr.sys -- (avkmgr)
DRV - [2010.06.17 14:14:27 | 000,028,520 | ---- | M] (Avira GmbH) [Kernel | System | Running] -- C:\Windows\System32\drivers\ssmdrv.sys -- (ssmdrv)
DRV - [2009.08.13 04:19:58 | 000,032,896 | ---- | M] (AVerMedia TECHNOLOGIES, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\AVPolCIR.sys -- (AVPolCIR)
DRV - [2009.08.13 04:19:54 | 000,314,752 | ---- | M] (AVerMedia TECHNOLOGIES, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\AVerPola.sys -- (AVerPola)
DRV - [2009.07.14 02:19:10 | 000,175,824 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\vmbus.sys -- (vmbus)
DRV - [2009.07.14 02:19:10 | 000,040,896 | ---- | M] (Microsoft Corporation) [Kernel | Boot | Running] -- C:\Windows\system32\DRIVERS\vmstorfl.sys -- (storflt)
DRV - [2009.07.14 02:19:10 | 000,028,224 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\storvsc.sys -- (storvsc)
DRV - [2009.07.14 00:28:47 | 000,005,632 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\vms3cap.sys -- (s3cap)
DRV - [2009.07.14 00:28:45 | 000,017,920 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\VMBusHID.sys -- (VMBusHID)
DRV - [2009.07.13 23:02:51 | 004,231,168 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\netw5v32.sys -- (netw5v32) Intel(R)
DRV - [2009.07.13 23:02:49 | 000,046,080 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\bcm4sbxp.sys -- (bcm4sbxp)
DRV - [2009.07.06 15:33:40 | 000,015,616 | ---- | M] (Hauppauge Computer Works, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\hcw95rc.sys -- (hcw95rc)
DRV - [2009.07.06 15:30:58 | 000,573,440 | ---- | M] (Hauppauge Computer Works, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\hcw95bda.sys -- (hcw95bda)
DRV - [2001.09.24 09:39:04 | 000,044,032 | ---- | M] (Logitech Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\lvce.sys -- (QCEmerald) Logitech QuickCam Web(PID_0850)
 
 
========== Standard Registry (SafeList) ==========
 
 
========== Internet Explorer ==========
 
 
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.niewieder.de!!!!!/
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = hxxp://de.msn.com/?ocid=iehp
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = de
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = 7B 49 AC 9A C7 D6 CC 01  [binary data]
IE - HKCU\..\URLSearchHook: {F3FEE66E-E034-436a-86E4-9690573BEE8A} - C:\Programme\YouTube Downloader Toolbar\IE\4.9\youtubedownloaderToolbarIE.dll (Spigot, Inc.)
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
 
========== FireFox ==========
 
FF - prefs.js..browser.search.defaultenginename: "Yahoo"
FF - prefs.js..browser.search.param.yahoo-fr: "chr-greentree_ff&type=937811&ilc=12"
FF - prefs.js..browser.search.selectedEngine: "Yahoo"
FF - prefs.js..keyword.URL: "hxxp://de.search.yahoo.com/search?fr=greentree_ff1&ei=utf-8&ilc=12&type=937811&p="
FF - prefs.js..network.proxy.type: 0
 
FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF32.dll ()
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files\Java\jre7\bin\new_plugin\npjp2.dll (Oracle Corporation)
 
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 9.0.1\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2012.01.08 09:14:29 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 9.0.1\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins
 
[2011.10.13 16:43:36 | 000,000,000 | ---D | M] (No name found) -- C:\Users\MR\AppData\Roaming\mozilla\Extensions
[2012.01.22 11:38:42 | 000,000,000 | ---D | M] (No name found) -- C:\Users\MR\AppData\Roaming\mozilla\Firefox\Profiles\yukpx4mi.default\extensions
[2012.01.22 11:38:42 | 000,000,000 | ---D | M] (BitDefender QuickScan) -- C:\Users\MR\AppData\Roaming\mozilla\Firefox\Profiles\yukpx4mi.default\extensions\{e001c731-5e37-4538-a5cb-8168736a2360}
[2012.01.08 09:14:32 | 000,000,000 | ---D | M] (No name found) -- C:\Programme\Mozilla Firefox\extensions
[2012.01.08 09:14:29 | 000,121,816 | ---- | M] (Mozilla Foundation) -- C:\Program Files\mozilla firefox\components\browsercomps.dll
[2011.09.29 02:24:37 | 000,001,392 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\amazondotcom-de.xml
[2011.09.29 02:16:42 | 000,002,252 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\bing.xml
[2011.09.29 02:24:37 | 000,001,153 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\eBay-de.xml
[2011.09.29 02:24:37 | 000,006,805 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\leo_ende_de.xml
[2011.09.29 02:24:37 | 000,001,178 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\wikipedia-de.xml
[2011.09.29 02:24:37 | 000,001,105 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\yahoo-de.xml
 
O1 HOSTS File: ([2009.06.10 22:39:37 | 000,000,824 | ---- | M]) - C:\Windows\System32\drivers\etc\hosts
O2 - BHO: (Adobe PDF Reader) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Programme\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll (Adobe Systems Incorporated)
O2 - BHO: (Java(tm) Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Programme\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
O2 - BHO: (YouTube Downloader Toolbar) - {F3FEE66E-E034-436a-86E4-9690573BEE8A} - C:\Programme\YouTube Downloader Toolbar\IE\4.9\youtubedownloaderToolbarIE.dll (Spigot, Inc.)
O3 - HKLM\..\Toolbar: (YouTube Downloader Toolbar) - {F3FEE66E-E034-436a-86E4-9690573BEE8A} - C:\Programme\YouTube Downloader Toolbar\IE\4.9\youtubedownloaderToolbarIE.dll (Spigot, Inc.)
O4 - HKLM..\Run: []  File not found
O4 - HKLM..\Run: [APSDaemon] C:\Program Files\Common Files\Apple\Apple Application Support\APSDaemon.exe (Apple Inc.)
O4 - HKLM..\Run: [avgnt] C:\Program Files\Avira\AntiVir Desktop\avgnt.exe (Avira Operations GmbH & Co. KG)
O4 - HKLM..\Run: [DXM6Patch_981116] C:\Windows\p_981116.exe (Microsoft Corporation)
O4 - HKLM..\Run: [LVCOMS] C:\Programme\Common Files\Logitech\QCDriver\LVComS.exe (Logitech Inc.)
O4 - HKLM..\Run: [Malwarebytes' Anti-Malware] C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe (Malwarebytes Corporation)
O4 - HKLM..\Run: [QCDriverInstaller] C:\Programme\Common Files\Logitech\QCDriver\Lqdsw.exe (Logitech Inc.)
O4 - HKLM..\Run: [RealTray] C:\Program Files\Real\RealPlayer\RealPlay.exe (RealNetworks, Inc.)
O4 - HKCU..\Run: [uTorrent] C:\Program Files\uTorrent\uTorrent.exe (BitTorrent, Inc.)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
O13 - gopher Prefix: missing
O16 - DPF: {7530BFB8-7293-4D34-9923-61A11451AFC5} hxxp://download.eset.com/special/eos/OnlineScanner.cab (OnlineScanner Control)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.7.0/jinstall-1_7_0_01-windows-i586.cab (Java Plug-in 10.1.0)
O16 - DPF: {CAFEEFAC-0017-0000-0001-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.7.0/jinstall-1_7_0_01-windows-i586.cab (Java Plug-in 1.7.0_01)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.7.0/jinstall-1_7_0_01-windows-i586.cab (Java Plug-in 1.7.0_01)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{1E07E1F2-EB66-4B38-B496-2E3CD95742D5}: DhcpNameServer = 192.168.1.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{5BB701F0-71E7-416C-85A6-90C05EEE5545}: DhcpNameServer = 192.168.1.1
O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Programme\Common Files\Skype\Skype4COM.dll (Skype Technologies)
O20 - HKLM Winlogon: Shell - (explorer.exe) -C:\Windows\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) -C:\Windows\System32\userinit.exe (Microsoft Corporation)
O20 - HKLM Winlogon: VMApplet - (SystemPropertiesPerformance.exe) -C:\Windows\System32\SystemPropertiesPerformance.exe (Microsoft Corporation)
O20 - HKLM Winlogon: VMApplet - (/pagefile) - File not found
O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2009.06.10 22:42:20 | 000,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ]
O33 - MountPoints2\{5705f481-f5b0-11e0-bce6-0016d4db80ff}\Shell - "" = AutoRun
O33 - MountPoints2\{5705f481-f5b0-11e0-bce6-0016d4db80ff}\Shell\AutoRun\command - "" = F:\LaunchU3.exe -a
O34 - HKLM BootExecute: (autocheck autochk *)
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
 
ActiveX: {08B0E5C0-4FCB-11CF-AAA5-00401C608500} - Java (Sun)
ActiveX: {2179C5D3-EBFF-11CF-B6FD-00AA00B4E220} - NetShow
ActiveX: {22d6f312-b0f6-11d0-94ab-0080c74c7e95} - Windows Media Player 5.2
ActiveX: {25FFAAD0-F4A3-4164-95FF-4461E9F35D51} - .NET Framework
ActiveX: {2C7339CF-2B09-4501-B3F3-F3508C9228ED} - %SystemRoot%\system32\regsvr32.exe /s /n /i:/UserInstall %SystemRoot%\system32\themeui.dll
ActiveX: {3af36230-a269-11d1-b5bf-0000f8051515} - Offline Browsing Pack
ActiveX: {3C3901C5-3455-3E0A-A214-0B093A5070A6} - .NET Framework
ActiveX: {44BBA840-CC51-11CF-AAFA-00AA00B6015C} - "%ProgramFiles%\Windows Mail\WinMail.exe" OCInstallUserConfigOE
ActiveX: {44BBA848-CC51-11CF-AAFA-00AA00B6015C} - DirectShow
ActiveX: {44BBA855-CC51-11CF-AAFA-00AA00B6015F} - DirectDrawEx
ActiveX: {45ea75a0-a269-11d1-b5bf-0000f8051515} - Internet Explorer Help
ActiveX: {4f645220-306d-11d2-995d-00c04f98bbc9} - Microsoft Windows Script 5.6
ActiveX: {5fd399c0-a70a-11d1-9948-00c04f98bbc9} - Internet Explorer Setup Tools
ActiveX: {630b1da0-b465-11d1-9948-00c04f98bbc9} - Browsing Enhancements
ActiveX: {6BF52A52-394A-11d3-B153-00C04F79FAA6} - Microsoft Windows Media Player
ActiveX: {6fab99d0-bab8-11d1-994a-00c04f98bbc9} - MSN Site Access
ActiveX: {7790769C-0471-11d2-AF11-00C04FA35D02} - Address Book 7
ActiveX: {7C028AF8-F614-47B3-82DA-BA94E41B1089} - .NET Framework
ActiveX: {89820200-ECBD-11cf-8B85-00AA005B4340} - regsvr32.exe /s /n /i:U shell32.dll
ActiveX: {89820200-ECBD-11cf-8B85-00AA005B4383} - C:\Windows\System32\ie4uinit.exe -BaseSettings
ActiveX: {89B4C1CD-B018-4511-B0A1-5476DBF70820} - C:\Windows\system32\Rundll32.exe C:\Windows\system32\mscories.dll,Install
ActiveX: {9381D8F2-0288-11D0-9501-00AA00B911A5} - Dynamic HTML Data Binding
ActiveX: {C9E9A340-D1F1-11D0-821E-444553540600} - Internet Explorer Core Fonts
ActiveX: {de5aed00-a4bf-11d1-9948-00c04f98bbc9} - HTML Help
ActiveX: {E92B03AB-B707-11d2-9CBD-0000F87A369E} - Active Directory Service Interface
ActiveX: >{22d6f312-b0f6-11d0-94ab-0080c74c7e95} - %SystemRoot%\system32\unregmp2.exe /ShowWMP
ActiveX: >{26923b43-4d38-484f-9b9e-de460746276c} - C:\Windows\System32\ie4uinit.exe -UserIconConfig
ActiveX: >{60B49E34-C7CC-11D0-8953-00A0C90347FF} - "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\iedkcs32.dll",BrandIEActiveSetup SIGNUP
 
NetSvcs: FastUserSwitchingCompatibility -  File not found
NetSvcs: Ias - C:\Windows\System32\ias.dll (Microsoft Corporation)
NetSvcs: Nla -  File not found
NetSvcs: Ntmssvc -  File not found
NetSvcs: NWCWorkstation -  File not found
NetSvcs: Nwsapagent -  File not found
NetSvcs: SRService -  File not found
NetSvcs: WmdmPmSp -  File not found
NetSvcs: LogonHours -  File not found
NetSvcs: PCAudit -  File not found
NetSvcs: helpsvc -  File not found
NetSvcs: uploadmgr -  File not found
 
 
CREATERESTOREPOINT
Restore point Set: OTL Restore Point
 
========== Files/Folders - Created Within 30 Days ==========
 
[2012.01.22 11:53:27 | 000,000,000 | ---D | C] -- C:\Users\MR\AppData\Roaming\f-secure
[2012.01.22 11:52:50 | 000,000,000 | ---D | C] -- C:\ProgramData\F-Secure
[2012.01.22 11:41:34 | 000,000,000 | ---D | C] -- C:\Users\MR\AppData\Roaming\QuickScan
[2012.01.21 21:17:53 | 000,000,000 | ---D | C] -- C:\Users\MR\AppData\Roaming\Malwarebytes
[2012.01.21 21:17:44 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes' Anti-Malware
[2012.01.21 21:17:42 | 000,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes
[2012.01.21 21:17:40 | 000,020,464 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbam.sys
[2012.01.21 21:17:40 | 000,000,000 | ---D | C] -- C:\Program Files\Malwarebytes' Anti-Malware
[2012.01.21 08:56:17 | 000,000,000 | ---D | C] -- C:\Program Files\ESET
[2012.01.16 21:25:30 | 000,000,000 | ---D | C] -- C:\Users\MR\Documents\Abrechn
[2012.01.16 20:42:31 | 000,000,000 | ---D | C] -- C:\Users\MR\Documents\Neuer Ordner
[2012.01.16 20:42:17 | 000,000,000 | ---D | C] -- C:\Users\MR\Documents\Projekt Spiritualität
[2012.01.16 20:41:03 | 000,000,000 | ---D | C] -- C:\Users\MR\Documents\Projekt Meditation
[2012.01.07 15:14:17 | 000,000,000 | ---D | C] -- C:\Program Files\uTorrent
[2012.01.07 15:13:14 | 000,000,000 | ---D | C] -- C:\Users\MR\AppData\Roaming\uTorrent
[2012.01.04 10:12:09 | 000,000,000 | ---D | C] -- C:\Program Files\Windows Media Components
[2012.01.04 10:11:44 | 000,140,800 | ---- | C] (The Duck Corporation) -- C:\Windows\System32\tm20dec.ax
[2012.01.04 10:11:28 | 000,000,000 | ---D | C] -- C:\My Music
[2012.01.04 10:11:21 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Real
[2012.01.04 10:11:19 | 000,000,000 | ---D | C] -- C:\Program Files\Real
[2012.01.04 10:11:18 | 000,278,528 | ---- | C] (Real Networks, Inc) -- C:\Windows\System32\pncrt.dll
[2012.01.04 10:11:17 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Real
[2012.01.04 10:10:17 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Logitech
[2012.01.04 10:09:57 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Logitech QuickCam
[2012.01.04 10:09:48 | 000,000,000 | ---D | C] -- C:\Program Files\Logitech
[2012.01.04 10:03:34 | 000,000,000 | ---D | C] -- C:\Users\MR\Documents\Chakren
[2012.01.03 20:32:14 | 000,000,000 | ---D | C] -- C:\Program Files\YouTube Downloader Toolbar
[2012.01.03 20:32:14 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Spigot
[2012.01.03 20:32:14 | 000,000,000 | ---D | C] -- C:\Program Files\Application Updater
 
========== Files - Modified Within 30 Days ==========
 
[2012.01.24 14:33:58 | 000,021,693 | ---- | M] () -- C:\Users\MR\Documents\Anschreiben.odt
[2012.01.24 14:04:27 | 001,540,916 | ---- | M] () -- C:\Users\MR\Documents\Gefesselte_Jugend.pdf
[2012.01.24 14:03:35 | 000,018,752 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
[2012.01.24 14:03:35 | 000,018,752 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
[2012.01.24 13:55:52 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2012.01.24 13:55:44 | 1602,838,528 | -HS- | M] () -- C:\hiberfil.sys
[2012.01.22 20:31:54 | 000,654,166 | ---- | M] () -- C:\Windows\System32\perfh007.dat
[2012.01.22 20:31:54 | 000,616,008 | ---- | M] () -- C:\Windows\System32\perfh009.dat
[2012.01.22 20:31:54 | 000,130,006 | ---- | M] () -- C:\Windows\System32\perfc007.dat
[2012.01.22 20:31:54 | 000,106,388 | ---- | M] () -- C:\Windows\System32\perfc009.dat
[2012.01.22 14:30:10 | 000,024,410 | ---- | M] () -- C:\Users\MR\Files.zip
[2012.01.22 13:11:10 | 000,000,000 | ---- | M] () -- C:\Users\MR\defogger_reenable
[2012.01.22 12:35:56 | 000,080,877 | ---- | M] () -- C:\Users\MR\Documents\Ausweis0001.jpg
[2012.01.22 12:35:56 | 000,072,731 | ---- | M] () -- C:\Users\MR\Documents\Ausweis0002.jpg
[2012.01.22 12:35:08 | 000,080,877 | ---- | M] () -- C:\Users\MR\Documents\Ausweis.jpg
[2012.01.22 12:30:02 | 000,181,149 | ---- | M] () -- C:\Users\MR\Documents\paysafecard.jpg
[2012.01.21 23:47:56 | 000,455,897 | ---- | M] () -- C:\Users\MR\Documents\nachhaltiges-u-soziales-lernen-in-naturverbind.pdf
[2012.01.21 21:17:45 | 000,001,067 | ---- | M] () -- C:\Users\Public\Desktop\ Malwarebytes Anti-Malware .lnk
[2012.01.20 20:13:56 | 000,109,068 | ---- | M] () -- C:\Users\MR\Documents\material_literaturmodul_buddhism.pdf
[2012.01.20 13:08:35 | 000,142,966 | ---- | M] () -- C:\Users\MR\Documents\PDF_Rechnung_M211120033032952_01-2012.pdf
[2012.01.19 10:32:09 | 000,040,073 | ---- | M] () -- C:\Users\MR\Documents\Einladung_Antrittsvorlesung.pdf
[2012.01.19 09:45:18 | 001,631,714 | ---- | M] () -- C:\Users\MR\Documents\S1_Wahrnehmung.pdf
[2012.01.13 17:18:08 | 000,636,550 | ---- | M] () -- C:\Users\MR\Documents\un-konv_infobrosch_web.pdf
[2012.01.04 10:11:18 | 000,278,528 | ---- | M] (Real Networks, Inc) -- C:\Windows\System32\pncrt.dll
[2012.01.04 10:10:13 | 000,000,256 | ---- | M] () -- C:\Windows\_delis32.ini
 
========== Files Created - No Company Name ==========
 
[2012.01.24 14:04:27 | 001,540,916 | ---- | C] () -- C:\Users\MR\Documents\Gefesselte_Jugend.pdf
[2012.01.22 14:30:10 | 000,024,410 | ---- | C] () -- C:\Users\MR\Files.zip
[2012.01.22 13:11:10 | 000,000,000 | ---- | C] () -- C:\Users\MR\defogger_reenable
[2012.01.22 12:35:56 | 000,080,877 | ---- | C] () -- C:\Users\MR\Documents\Ausweis0001.jpg
[2012.01.22 12:35:56 | 000,072,731 | ---- | C] () -- C:\Users\MR\Documents\Ausweis0002.jpg
[2012.01.22 12:35:08 | 000,080,877 | ---- | C] () -- C:\Users\MR\Documents\Ausweis.jpg
[2012.01.22 12:30:02 | 000,181,149 | ---- | C] () -- C:\Users\MR\Documents\paysafecard.jpg
[2012.01.21 23:47:56 | 000,455,897 | ---- | C] () -- C:\Users\MR\Documents\nachhaltiges-u-soziales-lernen-in-naturverbind.pdf
[2012.01.21 21:17:45 | 000,001,067 | ---- | C] () -- C:\Users\Public\Desktop\ Malwarebytes Anti-Malware .lnk
[2012.01.20 20:13:56 | 000,109,068 | ---- | C] () -- C:\Users\MR\Documents\material_literaturmodul_buddhism.pdf
[2012.01.20 13:08:35 | 000,142,966 | ---- | C] () -- C:\Users\MR\Documents\PDF_Rechnung_M211120033032952_01-2012.pdf
[2012.01.19 10:32:09 | 000,040,073 | ---- | C] () -- C:\Users\MR\Documents\Einladung_Antrittsvorlesung.pdf
[2012.01.19 09:45:18 | 001,631,714 | ---- | C] () -- C:\Users\MR\Documents\S1_Wahrnehmung.pdf
[2012.01.16 14:32:19 | 000,021,693 | ---- | C] () -- C:\Users\MR\Documents\Anschreiben.odt
[2012.01.13 17:18:08 | 000,636,550 | ---- | C] () -- C:\Users\MR\Documents\un-konv_infobrosch_web.pdf
[2012.01.05 12:31:36 | 000,645,564 | ---- | C] () -- C:\Users\MR\Desktop\praktikumsbericht jaaaaaaaa =).odt
[2012.01.04 10:11:39 | 000,010,240 | ---- | C] () -- C:\Windows\System32\vidx16.dll
[2012.01.04 10:11:39 | 000,005,672 | ---- | C] () -- C:\Windows\System32\quartz.vxd
[2012.01.04 10:10:18 | 000,069,632 | ---- | C] () -- C:\Windows\System32\LVUI2RC.dll
[2012.01.04 10:10:13 | 000,000,256 | ---- | C] () -- C:\Windows\_delis32.ini
[2011.12.05 19:48:11 | 000,356,352 | ---- | C] () -- C:\Windows\EMCRI.dll
[2011.10.18 13:08:38 | 000,000,135 | ---- | C] () -- C:\Windows\ODBC.INI
[2011.10.18 13:08:37 | 000,000,209 | ---- | C] () -- C:\Windows\ODBCINST.INI
[2011.10.18 13:07:52 | 000,037,574 | ---- | C] () -- C:\Windows\Irremote.ini
[2011.10.18 13:07:40 | 000,142,337 | ---- | C] () -- C:\Windows\System32\Wait.exe
[2011.10.18 13:07:14 | 000,007,328 | ---- | C] () -- C:\Windows\HCWPNP.INI
[2009.07.14 09:47:43 | 000,654,166 | ---- | C] () -- C:\Windows\System32\perfh007.dat
[2009.07.14 09:47:43 | 000,295,922 | ---- | C] () -- C:\Windows\System32\perfi007.dat
[2009.07.14 09:47:43 | 000,130,006 | ---- | C] () -- C:\Windows\System32\perfc007.dat
[2009.07.14 09:47:43 | 000,038,104 | ---- | C] () -- C:\Windows\System32\perfd007.dat
[2009.07.14 05:57:37 | 000,067,584 | --S- | C] () -- C:\Windows\bootstat.dat
[2009.07.14 05:33:53 | 000,300,976 | ---- | C] () -- C:\Windows\System32\FNTCACHE.DAT
[2009.07.14 03:05:48 | 000,616,008 | ---- | C] () -- C:\Windows\System32\perfh009.dat
[2009.07.14 03:05:48 | 000,291,294 | ---- | C] () -- C:\Windows\System32\perfi009.dat
[2009.07.14 03:05:48 | 000,106,388 | ---- | C] () -- C:\Windows\System32\perfc009.dat
[2009.07.14 03:05:48 | 000,031,548 | ---- | C] () -- C:\Windows\System32\perfd009.dat
[2009.07.14 03:05:05 | 000,000,741 | ---- | C] () -- C:\Windows\System32\NOISE.DAT
[2009.07.14 03:04:11 | 000,215,943 | ---- | C] () -- C:\Windows\System32\dssec.dat
[2009.07.14 01:19:49 | 000,066,048 | ---- | C] () -- C:\Windows\System32\PrintBrmUi.exe
[2009.07.14 00:55:01 | 000,043,131 | ---- | C] () -- C:\Windows\mib.bin
[2009.07.14 00:51:43 | 000,073,728 | ---- | C] () -- C:\Windows\System32\BthpanContextHandler.dll
[2009.07.14 00:42:10 | 000,064,000 | ---- | C] () -- C:\Windows\System32\BWContextHandler.dll
[2009.06.10 22:26:10 | 000,673,088 | ---- | C] () -- C:\Windows\System32\mlang.dat
 
========== LOP Check ==========
 
[2012.01.22 11:53:27 | 000,000,000 | ---D | M] -- C:\Users\MR\AppData\Roaming\f-secure
[2011.10.14 09:07:50 | 000,000,000 | ---D | M] -- C:\Users\MR\AppData\Roaming\LibreOffice
[2011.11.09 21:07:36 | 000,000,000 | ---D | M] -- C:\Users\MR\AppData\Roaming\Lingo4u
[2012.01.22 11:41:40 | 000,000,000 | ---D | M] -- C:\Users\MR\AppData\Roaming\QuickScan
[2012.01.24 16:59:30 | 000,000,000 | ---D | M] -- C:\Users\MR\AppData\Roaming\uTorrent
[2012.01.20 16:03:07 | 000,032,630 | ---- | M] () -- C:\Windows\Tasks\SCHEDLGU.TXT
 
========== Purity Check ==========
 
 
 
========== Custom Scans ==========
 
 
< %SYSTEMDRIVE%\*. >
[2011.10.13 16:32:55 | 000,000,000 | -HSD | M] -- C:\$Recycle.Bin
[2009.07.14 05:53:55 | 000,000,000 | -HSD | M] -- C:\Documents and Settings
[2011.10.13 16:32:27 | 000,000,000 | -HSD | M] -- C:\Dokumente und Einstellungen
[2011.11.12 15:20:26 | 000,000,000 | ---D | M] -- C:\Intel
[2012.01.04 10:11:28 | 000,000,000 | ---D | M] -- C:\My Music
[2009.07.14 03:37:05 | 000,000,000 | ---D | M] -- C:\PerfLogs
[2012.01.21 21:17:40 | 000,000,000 | R--D | M] -- C:\Program Files
[2012.01.22 11:52:50 | 000,000,000 | -H-D | M] -- C:\ProgramData
[2011.10.13 16:32:27 | 000,000,000 | -HSD | M] -- C:\Programme
[2011.10.13 16:32:27 | 000,000,000 | -HSD | M] -- C:\Recovery
[2012.01.24 17:02:07 | 000,000,000 | -HSD | M] -- C:\System Volume Information
[2011.10.17 18:44:00 | 000,000,000 | R--D | M] -- C:\Users
[2012.01.21 09:01:03 | 000,000,000 | ---D | M] -- C:\Windows
 
< %PROGRAMFILES%\*.exe >
 
< %LOCALAPPDATA%\*.exe >
 
< %systemroot%\*. /mp /s >
 
< %systemroot%\system32\*.manifest /3 >
 
 
< MD5 for: AFD.SYS  >
[2011.04.25 03:35:40 | 000,338,944 | ---- | M] (Microsoft Corporation) MD5=0DB7A48388D54D154EBEC120461A0FCD -- C:\Windows\System32\drivers\afd.sys
[2011.04.25 03:35:40 | 000,338,944 | ---- | M] (Microsoft Corporation) MD5=0DB7A48388D54D154EBEC120461A0FCD -- C:\Windows\winsxs\x86_microsoft-windows-winsock-core_31bf3856ad364e35_6.1.7600.16802_none_d81220b5bf827af7\afd.sys
[2010.11.20 09:40:03 | 000,338,944 | ---- | M] (Microsoft Corporation) MD5=1151FD4FB0216CFED887BFDE29EBD516 -- C:\Windows\SoftwareDistribution\Download\18e2c83e42cc8f0cc17b5dbfaf982690\x86_microsoft-windows-winsock-core_31bf3856ad364e35_6.1.7601.17514_none_d9efac7dbcaf385b\afd.sys
[2011.04.25 03:18:03 | 000,338,944 | ---- | M] (Microsoft Corporation) MD5=9EBBBA55060F786F0FCAA3893BFA2806 -- C:\Windows\winsxs\x86_microsoft-windows-winsock-core_31bf3856ad364e35_6.1.7601.17603_none_d9f97e05bca8003a\afd.sys
[2011.04.25 03:27:23 | 000,338,944 | ---- | M] (Microsoft Corporation) MD5=C114AB7A1550D42EA1700FFD4179CF5A -- C:\Windows\winsxs\x86_microsoft-windows-winsock-core_31bf3856ad364e35_6.1.7600.20951_none_d864ad9ad8c98d1f\afd.sys
[2011.04.25 04:24:09 | 000,338,944 | ---- | M] (Microsoft Corporation) MD5=C427F91A748CD342A2B3F9278D9FD6A5 -- C:\Windows\winsxs\x86_microsoft-windows-winsock-core_31bf3856ad364e35_6.1.7601.21712_none_da774a9ad5cea29e\afd.sys
[2009.07.14 00:12:38 | 000,338,944 | ---- | M] (Microsoft Corporation) MD5=DDC040FDB01EF1712A6B13E52AFB104C -- C:\Windows\winsxs\x86_microsoft-windows-winsock-core_31bf3856ad364e35_6.1.7600.16385_none_d7be98b5bfc0b4c1\afd.sys
 
< MD5 for: EXPLORER.EXE  >
[2011.02.26 06:19:21 | 002,616,320 | ---- | M] (Microsoft Corporation) MD5=0FB9C74046656D1579A64660AD67B746 -- C:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.1.7601.21669_none_54149f9ef14031fc\explorer.exe
[2009.07.14 02:14:20 | 002,613,248 | ---- | M] (Microsoft Corporation) MD5=15BC38A7492BEFE831966ADB477CF76F -- C:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.16385_none_518afd35db100430\explorer.exe
[2011.02.26 06:51:13 | 002,614,784 | ---- | M] (Microsoft Corporation) MD5=255CF508D7CFB10E0794D6AC93280BD8 -- C:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.20910_none_525b5180f3f95373\explorer.exe
[2009.10.31 06:45:39 | 002,614,272 | ---- | M] (Microsoft Corporation) MD5=2626FC9755BE22F805D3CFA0CE3EE727 -- C:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.16450_none_51a66d6ddafc2ed1\explorer.exe
[2011.02.26 06:33:07 | 002,614,784 | ---- | M] (Microsoft Corporation) MD5=2AF58D15EDC06EC6FDACCE1F19482BBF -- C:\Windows\explorer.exe
[2011.02.26 06:33:07 | 002,614,784 | ---- | M] (Microsoft Corporation) MD5=2AF58D15EDC06EC6FDACCE1F19482BBF -- C:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.16768_none_51a3a583dafd0cef\explorer.exe
[2010.11.20 13:17:09 | 002,616,320 | ---- | M] (Microsoft Corporation) MD5=40D777B7A95E00593EB1568C68514493 -- C:\Windows\SoftwareDistribution\Download\18e2c83e42cc8f0cc17b5dbfaf982690\x86_microsoft-windows-explorer_31bf3856ad364e35_6.1.7601.17514_none_53bc10fdd7fe87ca\explorer.exe
[2011.02.25 06:30:54 | 002,616,320 | ---- | M] (Microsoft Corporation) MD5=8B88EBBB05A0E56B7DCC708498C02B3E -- C:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.1.7601.17567_none_5389023fd8245f84\explorer.exe
[2009.08.03 06:49:47 | 002,613,248 | ---- | M] (Microsoft Corporation) MD5=9FF6C4C91A3711C0A3B18F87B08B518D -- C:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.20500_none_526619d4f3f142e6\explorer.exe
[2009.08.03 06:35:50 | 002,613,248 | ---- | M] (Microsoft Corporation) MD5=B95EEB0F4E5EFBF1038A35B3351CF047 -- C:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.16404_none_51e07e31dad00878\explorer.exe
[2009.10.31 07:00:51 | 002,614,272 | ---- | M] (Microsoft Corporation) MD5=C76153C7ECA00FA852BB0C193378F917 -- C:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.20563_none_52283b2af41f3691\explorer.exe
 
< MD5 for: REGEDIT.EXE  >
[2009.07.14 02:14:30 | 000,398,336 | ---- | M] (Microsoft Corporation) MD5=8A4883F5E7AC37444F23279239553878 -- C:\Windows\regedit.exe
[2009.07.14 02:14:30 | 000,398,336 | ---- | M] (Microsoft Corporation) MD5=8A4883F5E7AC37444F23279239553878 -- C:\Windows\winsxs\x86_microsoft-windows-registry-editor_31bf3856ad364e35_6.1.7600.16385_none_f4050b883d2c3c08\regedit.exe
 
< MD5 for: USERINIT.EXE  >
[2010.11.20 13:17:48 | 000,026,624 | ---- | M] (Microsoft Corporation) MD5=61AC3EFDFACFDD3F0F11DD4FD4044223 -- C:\Windows\SoftwareDistribution\Download\18e2c83e42cc8f0cc17b5dbfaf982690\x86_microsoft-windows-userinit_31bf3856ad364e35_6.1.7601.17514_none_de3024012ff21116\userinit.exe
[2009.07.14 02:14:43 | 000,026,112 | ---- | M] (Microsoft Corporation) MD5=6DE80F60D7DE9CE6B8C2DDFDF79EF175 -- C:\Windows\System32\userinit.exe
[2009.07.14 02:14:43 | 000,026,112 | ---- | M] (Microsoft Corporation) MD5=6DE80F60D7DE9CE6B8C2DDFDF79EF175 -- C:\Windows\winsxs\x86_microsoft-windows-userinit_31bf3856ad364e35_6.1.7600.16385_none_dbff103933038d7c\userinit.exe
 
< MD5 for: WININIT.EXE  >
[2009.07.14 02:14:45 | 000,096,256 | ---- | M] (Microsoft Corporation) MD5=B5C5DCAD3899512020D135600129D665 -- C:\Windows\System32\wininit.exe
[2009.07.14 02:14:45 | 000,096,256 | ---- | M] (Microsoft Corporation) MD5=B5C5DCAD3899512020D135600129D665 -- C:\Windows\winsxs\x86_microsoft-windows-wininit_31bf3856ad364e35_6.1.7600.16385_none_30c90ef265a43c13\wininit.exe
 
< MD5 for: WINLOGON.EXE  >
[2009.10.28 07:17:59 | 000,285,696 | ---- | M] (Microsoft Corporation) MD5=37CDB7E72EB66BA85A87CBE37E7F03FD -- C:\Windows\System32\winlogon.exe
[2009.10.28 07:17:59 | 000,285,696 | ---- | M] (Microsoft Corporation) MD5=37CDB7E72EB66BA85A87CBE37E7F03FD -- C:\Windows\winsxs\x86_microsoft-windows-winlogon_31bf3856ad364e35_6.1.7600.16447_none_6fc699643622d177\winlogon.exe
[2009.10.28 06:52:08 | 000,285,696 | ---- | M] (Microsoft Corporation) MD5=3BABE6767C78FBF5FB8435FEED187F30 -- C:\Windows\winsxs\x86_microsoft-windows-winlogon_31bf3856ad364e35_6.1.7600.20560_none_703394514f56f7c2\winlogon.exe
[2010.11.20 13:17:54 | 000,286,720 | ---- | M] (Microsoft Corporation) MD5=6D13E1406F50C66E2A95D97F22C47560 -- C:\Windows\SoftwareDistribution\Download\18e2c83e42cc8f0cc17b5dbfaf982690\x86_microsoft-windows-winlogon_31bf3856ad364e35_6.1.7601.17514_none_71ca6b0233339500\winlogon.exe
[2009.07.14 02:14:45 | 000,285,696 | ---- | M] (Microsoft Corporation) MD5=8EC6A4AB12B8F3759E21F8E3A388F2CF -- C:\Windows\winsxs\x86_microsoft-windows-winlogon_31bf3856ad364e35_6.1.7600.16385_none_6f99573a36451166\winlogon.exe
[2011.12.24 17:50:20 | 000,182,856 | ---- | M] () MD5=B382935AB01B27D0E14F267DBF288896 -- C:\Program Files\Malwarebytes' Anti-Malware\Chameleon\winlogon.exe
 
< HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Session Manager\SubSystems|Windows /rs >
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Session Manager\SubSystems\\Required: DebugWindows [binary data]
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Session Manager\SubSystems\\Windows: %SystemRoot%\system32\csrss.exe ObjectDirectory=\Windows SharedSection=1024,12288,512 Windows=On SubSystemType=Windows ServerDll=basesrv,1 ServerDll=winsrv:UserServerDllInitialization,3 ServerDll=winsrv:ConServerDllInitialization,2 ServerDll=sxssrv,4 ProfileControl=Off MaxRequestThreads=16
 
< HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\WindowsUpdate\AU >
 
< HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\WindowsUpdate\Auto Update\Results\Install|LastSuccessTime /rs >
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\WindowsUpdate\Auto Update\Results\Install\\LastSuccessTime: 2012-01-24 13:01:04
 
<           >

< End of report >

Paclib · 24.01.2012, 17:42

Mir ist vorhin aufgefallen, dass ich die falsche Inhalt kopiet habe (der falsche Inhalt kam von: http://www.trojaner-board.de/69886-a...-beachten.html )

Ich habe nun die Inhalt, wie du sie hier angegeben hast, eingegeben.

Entschuldigung für den Umstand.

Code:

ATTFilter

OTL logfile created on: 24.01.2012 17:23:17 - Run 3
OTL by OldTimer - Version 3.2.31.0     Folder = C:\Users\MR\Downloads\Scan-Virus-Programme\otl
 Professional  (Version = 6.1.7600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.7600.16385)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
 
1,99 Gb Total Physical Memory | 1,09 Gb Available Physical Memory | 54,92% Memory free
3,98 Gb Paging File | 2,97 Gb Available in Paging File | 74,51% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 87,79 Gb Total Space | 40,60 Gb Free Space | 46,25% Space Free | Partition Type: NTFS
Drive D: | 61,16 Gb Total Space | 28,77 Gb Free Space | 47,05% Space Free | Partition Type: NTFS
 
Computer Name: MR-PC | User Name: MR | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Quick Scan
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days
 
========== Processes (SafeList) ==========
 
PRC - [2012.01.22 13:07:14 | 000,584,192 | ---- | M] (OldTimer Tools) -- C:\Users\MR\Downloads\Scan-Virus-Programme\otl\OTL.exe
PRC - [2012.01.11 09:31:33 | 000,735,608 | ---- | M] (BitTorrent, Inc.) -- C:\Programme\uTorrent\uTorrent.exe
PRC - [2012.01.04 10:11:21 | 000,020,480 | ---- | M] (RealNetworks, Inc.) -- C:\Programme\Real\RealPlayer\realplay.exe
PRC - [2011.12.24 17:50:18 | 000,652,872 | ---- | M] (Malwarebytes Corporation) -- C:\Programme\Malwarebytes' Anti-Malware\mbamservice.exe
PRC - [2011.12.24 17:50:18 | 000,460,872 | ---- | M] (Malwarebytes Corporation) -- C:\Programme\Malwarebytes' Anti-Malware\mbamgui.exe
PRC - [2011.10.11 14:00:02 | 000,080,336 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\Programme\Avira\AntiVir Desktop\avshadow.exe
PRC - [2011.10.11 13:59:49 | 000,086,224 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\Programme\Avira\AntiVir Desktop\sched.exe
PRC - [2011.10.11 13:59:37 | 000,258,512 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\Programme\Avira\AntiVir Desktop\avgnt.exe
PRC - [2011.10.11 13:59:37 | 000,110,032 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\Programme\Avira\AntiVir Desktop\avguard.exe
PRC - [2011.07.16 05:31:12 | 000,271,360 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\conhost.exe
PRC - [2011.02.26 06:33:07 | 002,614,784 | ---- | M] (Microsoft Corporation) -- C:\Windows\explorer.exe
PRC - [2010.10.02 03:50:36 | 000,557,568 | ---- | M] (Hauppauge Computer Works) -- C:\Programme\WinTV\TVServer\HauppaugeTVServer.exe
PRC - [2010.09.07 18:00:20 | 000,082,944 | ---- | M] (Hauppauge Computer Works, Inc.) -- C:\Programme\WinTV\WinTV7\WinTVTray.exe
PRC - [2010.01.15 13:49:20 | 000,255,536 | ---- | M] (McAfee, Inc.) -- C:\Programme\McAfee Security Scan\2.0.181\SSScheduler.exe
PRC - [2009.07.14 02:14:47 | 001,121,280 | ---- | M] (Microsoft Corporation) -- C:\Programme\Windows Media Player\wmpnetwk.exe
PRC - [2009.07.14 02:14:42 | 000,049,152 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\taskhost.exe
PRC - [2001.09.24 09:39:28 | 000,098,304 | ---- | M] (Logitech Inc.) -- C:\Programme\Common Files\Logitech\QCDriver\LVComS.exe
 
 
========== Modules (No Company Name) ==========
 
MOD - [2012.01.04 10:11:27 | 000,036,352 | ---- | M] () -- C:\Programme\Real\RealPlayer\psethvy_gr.dll
MOD - [2012.01.04 10:11:27 | 000,029,184 | ---- | M] () -- C:\Programme\Real\RealPlayer\rplvstpn_gr.dll
MOD - [2012.01.04 10:11:27 | 000,009,728 | ---- | M] () -- C:\Programme\Real\RealPlayer\rpwfalzr_gr.dll
MOD - [2011.12.10 11:49:03 | 012,431,360 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\d76221993c2fdfb991b8c12ae50a30eb\System.Windows.Forms.ni.dll
MOD - [2011.12.10 11:48:20 | 001,586,688 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Drawing\0e245eb9c1067cabd5673fe832d28613\System.Drawing.ni.dll
MOD - [2011.12.10 11:47:44 | 005,452,800 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Xml\275680f2b9db0501d53c50ea7d7a43f0\System.Xml.ni.dll
MOD - [2011.12.10 11:47:29 | 007,949,312 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System\95b9866ab6e4437ef5dc5855ebab4e33\System.ni.dll
MOD - [2011.12.10 11:47:17 | 011,490,304 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\1b31ced9bb880d94fff1c6d47c16a81e\mscorlib.ni.dll
MOD - [2010.09.01 08:33:54 | 000,019,456 | ---- | M] () -- C:\Programme\WinTV\TVServer\HauppaugeTVServerps.dll
 
 
========== Win32 Services (SafeList) ==========
 
SRV - [2011.12.24 17:50:18 | 000,652,872 | ---- | M] (Malwarebytes Corporation) [Auto | Running] -- C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe -- (MBAMService)
SRV - [2011.10.11 13:59:49 | 000,086,224 | ---- | M] (Avira Operations GmbH & Co. KG) [Auto | Running] -- C:\Program Files\Avira\AntiVir Desktop\sched.exe -- (AntiVirSchedulerService)
SRV - [2011.10.11 13:59:37 | 000,110,032 | ---- | M] (Avira Operations GmbH & Co. KG) [Auto | Running] -- C:\Program Files\Avira\AntiVir Desktop\avguard.exe -- (AntiVirService)
SRV - [2010.10.02 03:50:36 | 000,557,568 | ---- | M] (Hauppauge Computer Works) [Auto | Running] -- C:\Programme\WinTV\TVServer\HauppaugeTVServer.exe -- (HauppaugeTVServer)
SRV - [2010.01.15 13:49:20 | 000,227,232 | ---- | M] (McAfee, Inc.) [On_Demand | Stopped] -- C:\Program Files\McAfee Security Scan\2.0.181\McCHSvc.exe -- (McComponentHostService)
SRV - [2009.07.14 02:16:15 | 000,016,384 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\StorSvc.dll -- (StorSvc)
SRV - [2009.07.14 02:16:13 | 000,025,088 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\sensrsvc.dll -- (SensrSvc)
SRV - [2009.07.14 02:16:12 | 001,004,544 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\PeerDistSvc.dll -- (PeerDistSvc)
SRV - [2009.07.14 02:15:41 | 000,680,960 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Programme\Windows Defender\MpSvc.dll -- (WinDefend)
 
 
========== Driver Services (SafeList) ==========
 
DRV - [2011.12.10 15:24:06 | 000,020,464 | ---- | M] (Malwarebytes Corporation) [File_System | On_Demand | Running] -- C:\Windows\System32\drivers\mbam.sys -- (MBAMProtector)
DRV - [2011.12.09 20:51:34 | 000,134,856 | ---- | M] (Avira GmbH) [Kernel | System | Running] -- C:\Windows\System32\drivers\avipbb.sys -- (avipbb)
DRV - [2011.12.05 19:47:09 | 000,076,928 | ---- | M] (ENE Technology Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\ESM7SK.sys -- (ESMCR)
DRV - [2011.12.05 19:47:09 | 000,062,208 | ---- | M] (ENE Technology Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\EMS7SK.sys -- (EMSCR)
DRV - [2011.12.05 19:47:09 | 000,042,240 | ---- | M] (ENE Technology Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\ESD7SK.sys -- (ESDCR)
DRV - [2011.10.11 14:00:01 | 000,074,640 | ---- | M] (Avira GmbH) [File_System | Auto | Running] -- C:\Windows\System32\drivers\avgntflt.sys -- (avgntflt)
DRV - [2011.10.11 14:00:01 | 000,036,000 | ---- | M] (Avira GmbH) [Kernel | System | Running] -- C:\Windows\System32\drivers\avkmgr.sys -- (avkmgr)
DRV - [2010.06.17 14:14:27 | 000,028,520 | ---- | M] (Avira GmbH) [Kernel | System | Running] -- C:\Windows\System32\drivers\ssmdrv.sys -- (ssmdrv)
DRV - [2009.08.13 04:19:58 | 000,032,896 | ---- | M] (AVerMedia TECHNOLOGIES, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\AVPolCIR.sys -- (AVPolCIR)
DRV - [2009.08.13 04:19:54 | 000,314,752 | ---- | M] (AVerMedia TECHNOLOGIES, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\AVerPola.sys -- (AVerPola)
DRV - [2009.07.14 02:19:10 | 000,175,824 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\vmbus.sys -- (vmbus)
DRV - [2009.07.14 02:19:10 | 000,040,896 | ---- | M] (Microsoft Corporation) [Kernel | Boot | Running] -- C:\Windows\system32\DRIVERS\vmstorfl.sys -- (storflt)
DRV - [2009.07.14 02:19:10 | 000,028,224 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\storvsc.sys -- (storvsc)
DRV - [2009.07.14 00:28:47 | 000,005,632 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\vms3cap.sys -- (s3cap)
DRV - [2009.07.14 00:28:45 | 000,017,920 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\VMBusHID.sys -- (VMBusHID)
DRV - [2009.07.13 23:02:51 | 004,231,168 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\netw5v32.sys -- (netw5v32) Intel(R)
DRV - [2009.07.13 23:02:49 | 000,046,080 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\bcm4sbxp.sys -- (bcm4sbxp)
DRV - [2009.07.06 15:33:40 | 000,015,616 | ---- | M] (Hauppauge Computer Works, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\hcw95rc.sys -- (hcw95rc)
DRV - [2009.07.06 15:30:58 | 000,573,440 | ---- | M] (Hauppauge Computer Works, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\hcw95bda.sys -- (hcw95bda)
DRV - [2001.09.24 09:39:04 | 000,044,032 | ---- | M] (Logitech Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\lvce.sys -- (QCEmerald) Logitech QuickCam Web(PID_0850)
 
 
========== Standard Registry (SafeList) ==========
 
 
========== Internet Explorer ==========
 
 
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.niewieder.de!!!!!/
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = hxxp://de.msn.com/?ocid=iehp
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = de
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = 7B 49 AC 9A C7 D6 CC 01  [binary data]
IE - HKCU\..\URLSearchHook: {F3FEE66E-E034-436a-86E4-9690573BEE8A} - C:\Programme\YouTube Downloader Toolbar\IE\4.9\youtubedownloaderToolbarIE.dll (Spigot, Inc.)
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
 
========== FireFox ==========
 
FF - prefs.js..browser.search.defaultenginename: "Yahoo"
FF - prefs.js..browser.search.param.yahoo-fr: "chr-greentree_ff&type=937811&ilc=12"
FF - prefs.js..browser.search.selectedEngine: "Yahoo"
FF - prefs.js..keyword.URL: "hxxp://de.search.yahoo.com/search?fr=greentree_ff1&ei=utf-8&ilc=12&type=937811&p="
FF - prefs.js..network.proxy.type: 0
 
FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF32.dll ()
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files\Java\jre7\bin\new_plugin\npjp2.dll (Oracle Corporation)
 
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 9.0.1\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2012.01.08 09:14:29 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 9.0.1\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins
 
[2011.10.13 16:43:36 | 000,000,000 | ---D | M] (No name found) -- C:\Users\MR\AppData\Roaming\mozilla\Extensions
[2012.01.22 11:38:42 | 000,000,000 | ---D | M] (No name found) -- C:\Users\MR\AppData\Roaming\mozilla\Firefox\Profiles\yukpx4mi.default\extensions
[2012.01.22 11:38:42 | 000,000,000 | ---D | M] (BitDefender QuickScan) -- C:\Users\MR\AppData\Roaming\mozilla\Firefox\Profiles\yukpx4mi.default\extensions\{e001c731-5e37-4538-a5cb-8168736a2360}
[2012.01.08 09:14:32 | 000,000,000 | ---D | M] (No name found) -- C:\Programme\Mozilla Firefox\extensions
[2012.01.08 09:14:29 | 000,121,816 | ---- | M] (Mozilla Foundation) -- C:\Program Files\mozilla firefox\components\browsercomps.dll
[2011.09.29 02:24:37 | 000,001,392 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\amazondotcom-de.xml
[2011.09.29 02:16:42 | 000,002,252 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\bing.xml
[2011.09.29 02:24:37 | 000,001,153 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\eBay-de.xml
[2011.09.29 02:24:37 | 000,006,805 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\leo_ende_de.xml
[2011.09.29 02:24:37 | 000,001,178 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\wikipedia-de.xml
[2011.09.29 02:24:37 | 000,001,105 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\yahoo-de.xml
 
O1 HOSTS File: ([2009.06.10 22:39:37 | 000,000,824 | ---- | M]) - C:\Windows\System32\drivers\etc\hosts
O2 - BHO: (Adobe PDF Reader) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Programme\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll (Adobe Systems Incorporated)
O2 - BHO: (Java(tm) Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Programme\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
O2 - BHO: (YouTube Downloader Toolbar) - {F3FEE66E-E034-436a-86E4-9690573BEE8A} - C:\Programme\YouTube Downloader Toolbar\IE\4.9\youtubedownloaderToolbarIE.dll (Spigot, Inc.)
O3 - HKLM\..\Toolbar: (YouTube Downloader Toolbar) - {F3FEE66E-E034-436a-86E4-9690573BEE8A} - C:\Programme\YouTube Downloader Toolbar\IE\4.9\youtubedownloaderToolbarIE.dll (Spigot, Inc.)
O4 - HKLM..\Run: []  File not found
O4 - HKLM..\Run: [APSDaemon] C:\Program Files\Common Files\Apple\Apple Application Support\APSDaemon.exe (Apple Inc.)
O4 - HKLM..\Run: [avgnt] C:\Program Files\Avira\AntiVir Desktop\avgnt.exe (Avira Operations GmbH & Co. KG)
O4 - HKLM..\Run: [DXM6Patch_981116] C:\Windows\p_981116.exe (Microsoft Corporation)
O4 - HKLM..\Run: [LVCOMS] C:\Programme\Common Files\Logitech\QCDriver\LVComS.exe (Logitech Inc.)
O4 - HKLM..\Run: [Malwarebytes' Anti-Malware] C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe (Malwarebytes Corporation)
O4 - HKLM..\Run: [QCDriverInstaller] C:\Programme\Common Files\Logitech\QCDriver\Lqdsw.exe (Logitech Inc.)
O4 - HKLM..\Run: [RealTray] C:\Program Files\Real\RealPlayer\RealPlay.exe (RealNetworks, Inc.)
O4 - HKCU..\Run: [uTorrent] C:\Program Files\uTorrent\uTorrent.exe (BitTorrent, Inc.)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
O13 - gopher Prefix: missing
O16 - DPF: {7530BFB8-7293-4D34-9923-61A11451AFC5} hxxp://download.eset.com/special/eos/OnlineScanner.cab (OnlineScanner Control)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.7.0/jinstall-1_7_0_01-windows-i586.cab (Java Plug-in 10.1.0)
O16 - DPF: {CAFEEFAC-0017-0000-0001-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.7.0/jinstall-1_7_0_01-windows-i586.cab (Java Plug-in 1.7.0_01)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.7.0/jinstall-1_7_0_01-windows-i586.cab (Java Plug-in 1.7.0_01)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{1E07E1F2-EB66-4B38-B496-2E3CD95742D5}: DhcpNameServer = 192.168.1.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{5BB701F0-71E7-416C-85A6-90C05EEE5545}: DhcpNameServer = 192.168.1.1
O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Programme\Common Files\Skype\Skype4COM.dll (Skype Technologies)
O20 - HKLM Winlogon: Shell - (explorer.exe) -C:\Windows\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) -C:\Windows\System32\userinit.exe (Microsoft Corporation)
O20 - HKLM Winlogon: VMApplet - (SystemPropertiesPerformance.exe) -C:\Windows\System32\SystemPropertiesPerformance.exe (Microsoft Corporation)
O20 - HKLM Winlogon: VMApplet - (/pagefile) - File not found
O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2009.06.10 22:42:20 | 000,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ]
O33 - MountPoints2\{5705f481-f5b0-11e0-bce6-0016d4db80ff}\Shell - "" = AutoRun
O33 - MountPoints2\{5705f481-f5b0-11e0-bce6-0016d4db80ff}\Shell\AutoRun\command - "" = F:\LaunchU3.exe -a
O34 - HKLM BootExecute: (autocheck autochk *)
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
 
NetSvcs: FastUserSwitchingCompatibility -  File not found
NetSvcs: Ias - C:\Windows\System32\ias.dll (Microsoft Corporation)
NetSvcs: Nla -  File not found
NetSvcs: Ntmssvc -  File not found
NetSvcs: NWCWorkstation -  File not found
NetSvcs: Nwsapagent -  File not found
NetSvcs: SRService -  File not found
NetSvcs: WmdmPmSp -  File not found
NetSvcs: LogonHours -  File not found
NetSvcs: PCAudit -  File not found
NetSvcs: helpsvc -  File not found
NetSvcs: uploadmgr -  File not found
 
 
SafeBootMin: Base - Driver Group
SafeBootMin: Boot Bus Extender - Driver Group
SafeBootMin: Boot file system - Driver Group
SafeBootMin: File system - Driver Group
SafeBootMin: Filter - Driver Group
SafeBootMin: HelpSvc - Service
SafeBootMin: NTDS -  File not found
SafeBootMin: PCI Configuration - Driver Group
SafeBootMin: PNP Filter - Driver Group
SafeBootMin: Primary disk - Driver Group
SafeBootMin: sacsvr - Service
SafeBootMin: SCSI Class - Driver Group
SafeBootMin: System Bus Extender - Driver Group
SafeBootMin: vmms - Service
SafeBootMin: WinDefend - C:\Programme\Windows Defender\MpSvc.dll (Microsoft Corporation)
SafeBootMin: {36FC9E60-C465-11CF-8056-444553540000} - Universal Serial Bus controllers
SafeBootMin: {4D36E965-E325-11CE-BFC1-08002BE10318} - CD-ROM Drive
SafeBootMin: {4D36E967-E325-11CE-BFC1-08002BE10318} - DiskDrive
SafeBootMin: {4D36E969-E325-11CE-BFC1-08002BE10318} - Standard floppy disk controller
SafeBootMin: {4D36E96A-E325-11CE-BFC1-08002BE10318} - Hdc
SafeBootMin: {4D36E96B-E325-11CE-BFC1-08002BE10318} - Keyboard
SafeBootMin: {4D36E96F-E325-11CE-BFC1-08002BE10318} - Mouse
SafeBootMin: {4D36E977-E325-11CE-BFC1-08002BE10318} - PCMCIA Adapters
SafeBootMin: {4D36E97B-E325-11CE-BFC1-08002BE10318} - SCSIAdapter
SafeBootMin: {4D36E97D-E325-11CE-BFC1-08002BE10318} - System
SafeBootMin: {4D36E980-E325-11CE-BFC1-08002BE10318} - Floppy disk drive
SafeBootMin: {533C5B84-EC70-11D2-9505-00C04F79DEAF} - Volume shadow copy
SafeBootMin: {6BDD1FC1-810F-11D0-BEC7-08002BE2092F} - IEEE 1394 Bus host controllers
SafeBootMin: {71A27CDD-812A-11D0-BEC7-08002BE2092F} - Volume
SafeBootMin: {745A17A0-74D3-11D0-B6FE-00A0C90F57DA} - Human Interface Devices
SafeBootMin: {D48179BE-EC20-11D1-B6B8-00C04FA372A7} - SBP2 IEEE 1394 Devices
SafeBootMin: {D94EE5D8-D189-4994-83D2-F68D7D41B0E6} - SecurityDevices
 
SafeBootNet: Base - Driver Group
SafeBootNet: Boot Bus Extender - Driver Group
SafeBootNet: Boot file system - Driver Group
SafeBootNet: File system - Driver Group
SafeBootNet: Filter - Driver Group
SafeBootNet: HelpSvc - Service
SafeBootNet: Messenger - Service
SafeBootNet: NDIS Wrapper - Driver Group
SafeBootNet: NetBIOSGroup - Driver Group
SafeBootNet: NetDDEGroup - Driver Group
SafeBootNet: Network - Driver Group
SafeBootNet: NetworkProvider - Driver Group
SafeBootNet: NTDS -  File not found
SafeBootNet: PCI Configuration - Driver Group
SafeBootNet: PNP Filter - Driver Group
SafeBootNet: PNP_TDI - Driver Group
SafeBootNet: Primary disk - Driver Group
SafeBootNet: rdsessmgr - Service
SafeBootNet: sacsvr - Service
SafeBootNet: SCSI Class - Driver Group
SafeBootNet: Streams Drivers - Driver Group
SafeBootNet: System Bus Extender - Driver Group
SafeBootNet: TDI - Driver Group
SafeBootNet: vmms - Service
SafeBootNet: WinDefend - C:\Programme\Windows Defender\MpSvc.dll (Microsoft Corporation)
SafeBootNet: WudfUsbccidDriver - Driver
SafeBootNet: {36FC9E60-C465-11CF-8056-444553540000} - Universal Serial Bus controllers
SafeBootNet: {4D36E965-E325-11CE-BFC1-08002BE10318} - CD-ROM Drive
SafeBootNet: {4D36E967-E325-11CE-BFC1-08002BE10318} - DiskDrive
SafeBootNet: {4D36E969-E325-11CE-BFC1-08002BE10318} - Standard floppy disk controller
SafeBootNet: {4D36E96A-E325-11CE-BFC1-08002BE10318} - Hdc
SafeBootNet: {4D36E96B-E325-11CE-BFC1-08002BE10318} - Keyboard
SafeBootNet: {4D36E96F-E325-11CE-BFC1-08002BE10318} - Mouse
SafeBootNet: {4D36E972-E325-11CE-BFC1-08002BE10318} - Net
SafeBootNet: {4D36E973-E325-11CE-BFC1-08002BE10318} - NetClient
SafeBootNet: {4D36E974-E325-11CE-BFC1-08002BE10318} - NetService
SafeBootNet: {4D36E975-E325-11CE-BFC1-08002BE10318} - NetTrans
SafeBootNet: {4D36E977-E325-11CE-BFC1-08002BE10318} - PCMCIA Adapters
SafeBootNet: {4D36E97B-E325-11CE-BFC1-08002BE10318} - SCSIAdapter
SafeBootNet: {4D36E97D-E325-11CE-BFC1-08002BE10318} - System
SafeBootNet: {4D36E980-E325-11CE-BFC1-08002BE10318} - Floppy disk drive
SafeBootNet: {50DD5230-BA8A-11D1-BF5D-0000F805F530} - Smart card readers
SafeBootNet: {533C5B84-EC70-11D2-9505-00C04F79DEAF} - Volume shadow copy
SafeBootNet: {6BDD1FC1-810F-11D0-BEC7-08002BE2092F} - IEEE 1394 Bus host controllers
SafeBootNet: {71A27CDD-812A-11D0-BEC7-08002BE2092F} - Volume
SafeBootNet: {745A17A0-74D3-11D0-B6FE-00A0C90F57DA} - Human Interface Devices
SafeBootNet: {D48179BE-EC20-11D1-B6B8-00C04FA372A7} - SBP2 IEEE 1394 Devices
SafeBootNet: {D94EE5D8-D189-4994-83D2-F68D7D41B0E6} - SecurityDevices
 
ActiveX: {08B0E5C0-4FCB-11CF-AAA5-00401C608500} - Java (Sun)
ActiveX: {2179C5D3-EBFF-11CF-B6FD-00AA00B4E220} - NetShow
ActiveX: {22d6f312-b0f6-11d0-94ab-0080c74c7e95} - Windows Media Player 5.2
ActiveX: {25FFAAD0-F4A3-4164-95FF-4461E9F35D51} - .NET Framework
ActiveX: {2C7339CF-2B09-4501-B3F3-F3508C9228ED} - %SystemRoot%\system32\regsvr32.exe /s /n /i:/UserInstall %SystemRoot%\system32\themeui.dll
ActiveX: {3af36230-a269-11d1-b5bf-0000f8051515} - Offline Browsing Pack
ActiveX: {3C3901C5-3455-3E0A-A214-0B093A5070A6} - .NET Framework
ActiveX: {44BBA840-CC51-11CF-AAFA-00AA00B6015C} - "%ProgramFiles%\Windows Mail\WinMail.exe" OCInstallUserConfigOE
ActiveX: {44BBA848-CC51-11CF-AAFA-00AA00B6015C} - DirectShow
ActiveX: {44BBA855-CC51-11CF-AAFA-00AA00B6015F} - DirectDrawEx
ActiveX: {45ea75a0-a269-11d1-b5bf-0000f8051515} - Internet Explorer Help
ActiveX: {4f645220-306d-11d2-995d-00c04f98bbc9} - Microsoft Windows Script 5.6
ActiveX: {5fd399c0-a70a-11d1-9948-00c04f98bbc9} - Internet Explorer Setup Tools
ActiveX: {630b1da0-b465-11d1-9948-00c04f98bbc9} - Browsing Enhancements
ActiveX: {6BF52A52-394A-11d3-B153-00C04F79FAA6} - Microsoft Windows Media Player
ActiveX: {6fab99d0-bab8-11d1-994a-00c04f98bbc9} - MSN Site Access
ActiveX: {7790769C-0471-11d2-AF11-00C04FA35D02} - Address Book 7
ActiveX: {7C028AF8-F614-47B3-82DA-BA94E41B1089} - .NET Framework
ActiveX: {89820200-ECBD-11cf-8B85-00AA005B4340} - regsvr32.exe /s /n /i:U shell32.dll
ActiveX: {89820200-ECBD-11cf-8B85-00AA005B4383} - C:\Windows\System32\ie4uinit.exe -BaseSettings
ActiveX: {89B4C1CD-B018-4511-B0A1-5476DBF70820} - C:\Windows\system32\Rundll32.exe C:\Windows\system32\mscories.dll,Install
ActiveX: {9381D8F2-0288-11D0-9501-00AA00B911A5} - Dynamic HTML Data Binding
ActiveX: {C9E9A340-D1F1-11D0-821E-444553540600} - Internet Explorer Core Fonts
ActiveX: {de5aed00-a4bf-11d1-9948-00c04f98bbc9} - HTML Help
ActiveX: {E92B03AB-B707-11d2-9CBD-0000F87A369E} - Active Directory Service Interface
ActiveX: >{22d6f312-b0f6-11d0-94ab-0080c74c7e95} - %SystemRoot%\system32\unregmp2.exe /ShowWMP
ActiveX: >{26923b43-4d38-484f-9b9e-de460746276c} - C:\Windows\System32\ie4uinit.exe -UserIconConfig
ActiveX: >{60B49E34-C7CC-11D0-8953-00A0C90347FF} - "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\iedkcs32.dll",BrandIEActiveSetup SIGNUP
 
Drivers32: msacm.l3acm - C:\Windows\System32\l3codeca.acm (Fraunhofer Institut Integrierte Schaltungen IIS)
Drivers32: msacm.voxacm160 - C:\Windows\System32\vct3216.acm (Voxware, Inc.)
Drivers32: MSVideo - C:\Windows\System32\vfwwdm32.dll (Microsoft Corporation)
Drivers32: MSVideo8 - C:\Windows\System32\vfwwdm32.dll (Microsoft Corporation)
Drivers32: vidc.cvid - C:\Windows\System32\iccvid.dll (Radius Inc.)
Drivers32: VIDC.I420 - C:\Windows\System32\lvcodec2.dll (Logitech Inc.)
 
CREATERESTOREPOINT
Restore point Set: OTL Restore Point
 
========== Files/Folders - Created Within 30 Days ==========
 
[2012.01.22 11:53:27 | 000,000,000 | ---D | C] -- C:\Users\MR\AppData\Roaming\f-secure
[2012.01.22 11:52:50 | 000,000,000 | ---D | C] -- C:\ProgramData\F-Secure
[2012.01.22 11:41:34 | 000,000,000 | ---D | C] -- C:\Users\MR\AppData\Roaming\QuickScan
[2012.01.21 21:17:53 | 000,000,000 | ---D | C] -- C:\Users\MR\AppData\Roaming\Malwarebytes
[2012.01.21 21:17:44 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes' Anti-Malware
[2012.01.21 21:17:42 | 000,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes
[2012.01.21 21:17:40 | 000,020,464 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbam.sys
[2012.01.21 21:17:40 | 000,000,000 | ---D | C] -- C:\Program Files\Malwarebytes' Anti-Malware
[2012.01.21 08:56:17 | 000,000,000 | ---D | C] -- C:\Program Files\ESET
[2012.01.16 21:25:30 | 000,000,000 | ---D | C] -- C:\Users\MR\Documents\Abrechn
[2012.01.16 20:42:31 | 000,000,000 | ---D | C] -- C:\Users\MR\Documents\Neuer Ordner
[2012.01.16 20:42:17 | 000,000,000 | ---D | C] -- C:\Users\MR\Documents\Projekt Spiritualität
[2012.01.16 20:41:03 | 000,000,000 | ---D | C] -- C:\Users\MR\Documents\Projekt Meditation
[2012.01.07 15:14:17 | 000,000,000 | ---D | C] -- C:\Program Files\uTorrent
[2012.01.07 15:13:14 | 000,000,000 | ---D | C] -- C:\Users\MR\AppData\Roaming\uTorrent
[2012.01.04 10:12:09 | 000,000,000 | ---D | C] -- C:\Program Files\Windows Media Components
[2012.01.04 10:11:44 | 000,140,800 | ---- | C] (The Duck Corporation) -- C:\Windows\System32\tm20dec.ax
[2012.01.04 10:11:28 | 000,000,000 | ---D | C] -- C:\My Music
[2012.01.04 10:11:21 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Real
[2012.01.04 10:11:19 | 000,000,000 | ---D | C] -- C:\Program Files\Real
[2012.01.04 10:11:18 | 000,278,528 | ---- | C] (Real Networks, Inc) -- C:\Windows\System32\pncrt.dll
[2012.01.04 10:11:17 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Real
[2012.01.04 10:10:17 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Logitech
[2012.01.04 10:09:57 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Logitech QuickCam
[2012.01.04 10:09:48 | 000,000,000 | ---D | C] -- C:\Program Files\Logitech
[2012.01.04 10:03:34 | 000,000,000 | ---D | C] -- C:\Users\MR\Documents\Chakren
[2012.01.03 20:32:14 | 000,000,000 | ---D | C] -- C:\Program Files\YouTube Downloader Toolbar
[2012.01.03 20:32:14 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Spigot
[2012.01.03 20:32:14 | 000,000,000 | ---D | C] -- C:\Program Files\Application Updater
 
========== Files - Modified Within 30 Days ==========
 
[2012.01.24 14:33:58 | 000,021,693 | ---- | M] () -- C:\Users\MR\Documents\Anschreiben.odt
[2012.01.24 14:04:27 | 001,540,916 | ---- | M] () -- C:\Users\MR\Documents\Gefesselte_Jugend.pdf
[2012.01.24 14:03:35 | 000,018,752 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
[2012.01.24 14:03:35 | 000,018,752 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
[2012.01.24 13:55:52 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2012.01.24 13:55:44 | 1602,838,528 | -HS- | M] () -- C:\hiberfil.sys
[2012.01.22 20:31:54 | 000,654,166 | ---- | M] () -- C:\Windows\System32\perfh007.dat
[2012.01.22 20:31:54 | 000,616,008 | ---- | M] () -- C:\Windows\System32\perfh009.dat
[2012.01.22 20:31:54 | 000,130,006 | ---- | M] () -- C:\Windows\System32\perfc007.dat
[2012.01.22 20:31:54 | 000,106,388 | ---- | M] () -- C:\Windows\System32\perfc009.dat
[2012.01.22 14:30:10 | 000,024,410 | ---- | M] () -- C:\Users\MR\Files.zip
[2012.01.22 13:11:10 | 000,000,000 | ---- | M] () -- C:\Users\MR\defogger_reenable
[2012.01.22 12:35:56 | 000,080,877 | ---- | M] () -- C:\Users\MR\Documents\Ausweis0001.jpg
[2012.01.22 12:35:56 | 000,072,731 | ---- | M] () -- C:\Users\MR\Documents\Ausweis0002.jpg
[2012.01.22 12:35:08 | 000,080,877 | ---- | M] () -- C:\Users\MR\Documents\Ausweis.jpg
[2012.01.22 12:30:02 | 000,181,149 | ---- | M] () -- C:\Users\MR\Documents\paysafecard.jpg
[2012.01.21 23:47:56 | 000,455,897 | ---- | M] () -- C:\Users\MR\Documents\nachhaltiges-u-soziales-lernen-in-naturverbind.pdf
[2012.01.21 21:17:45 | 000,001,067 | ---- | M] () -- C:\Users\Public\Desktop\ Malwarebytes Anti-Malware .lnk
[2012.01.20 20:13:56 | 000,109,068 | ---- | M] () -- C:\Users\MR\Documents\material_literaturmodul_buddhism.pdf
[2012.01.20 13:08:35 | 000,142,966 | ---- | M] () -- C:\Users\MR\Documents\PDF_Rechnung_M211120033032952_01-2012.pdf
[2012.01.19 10:32:09 | 000,040,073 | ---- | M] () -- C:\Users\MR\Documents\Einladung_Antrittsvorlesung.pdf
[2012.01.19 09:45:18 | 001,631,714 | ---- | M] () -- C:\Users\MR\Documents\S1_Wahrnehmung.pdf
[2012.01.13 17:18:08 | 000,636,550 | ---- | M] () -- C:\Users\MR\Documents\un-konv_infobrosch_web.pdf
[2012.01.04 10:11:18 | 000,278,528 | ---- | M] (Real Networks, Inc) -- C:\Windows\System32\pncrt.dll
[2012.01.04 10:10:13 | 000,000,256 | ---- | M] () -- C:\Windows\_delis32.ini
 
========== Files Created - No Company Name ==========
 
[2012.01.24 14:04:27 | 001,540,916 | ---- | C] () -- C:\Users\MR\Documents\Gefesselte_Jugend.pdf
[2012.01.22 14:30:10 | 000,024,410 | ---- | C] () -- C:\Users\MR\Files.zip
[2012.01.22 13:11:10 | 000,000,000 | ---- | C] () -- C:\Users\MR\defogger_reenable
[2012.01.22 12:35:56 | 000,080,877 | ---- | C] () -- C:\Users\MR\Documents\Ausweis0001.jpg
[2012.01.22 12:35:56 | 000,072,731 | ---- | C] () -- C:\Users\MR\Documents\Ausweis0002.jpg
[2012.01.22 12:35:08 | 000,080,877 | ---- | C] () -- C:\Users\MR\Documents\Ausweis.jpg
[2012.01.22 12:30:02 | 000,181,149 | ---- | C] () -- C:\Users\MR\Documents\paysafecard.jpg
[2012.01.21 23:47:56 | 000,455,897 | ---- | C] () -- C:\Users\MR\Documents\nachhaltiges-u-soziales-lernen-in-naturverbind.pdf
[2012.01.21 21:17:45 | 000,001,067 | ---- | C] () -- C:\Users\Public\Desktop\ Malwarebytes Anti-Malware .lnk
[2012.01.20 20:13:56 | 000,109,068 | ---- | C] () -- C:\Users\MR\Documents\material_literaturmodul_buddhism.pdf
[2012.01.20 13:08:35 | 000,142,966 | ---- | C] () -- C:\Users\MR\Documents\PDF_Rechnung_M211120033032952_01-2012.pdf
[2012.01.19 10:32:09 | 000,040,073 | ---- | C] () -- C:\Users\MR\Documents\Einladung_Antrittsvorlesung.pdf
[2012.01.19 09:45:18 | 001,631,714 | ---- | C] () -- C:\Users\MR\Documents\S1_Wahrnehmung.pdf
[2012.01.16 14:32:19 | 000,021,693 | ---- | C] () -- C:\Users\MR\Documents\Anschreiben.odt
[2012.01.13 17:18:08 | 000,636,550 | ---- | C] () -- C:\Users\MR\Documents\un-konv_infobrosch_web.pdf
[2012.01.05 12:31:36 | 000,645,564 | ---- | C] () -- C:\Users\MR\Desktop\praktikumsbericht jaaaaaaaa =).odt
[2012.01.04 10:11:39 | 000,010,240 | ---- | C] () -- C:\Windows\System32\vidx16.dll
[2012.01.04 10:11:39 | 000,005,672 | ---- | C] () -- C:\Windows\System32\quartz.vxd
[2012.01.04 10:10:18 | 000,069,632 | ---- | C] () -- C:\Windows\System32\LVUI2RC.dll
[2012.01.04 10:10:13 | 000,000,256 | ---- | C] () -- C:\Windows\_delis32.ini
[2011.12.05 19:48:11 | 000,356,352 | ---- | C] () -- C:\Windows\EMCRI.dll
[2011.10.18 13:08:38 | 000,000,135 | ---- | C] () -- C:\Windows\ODBC.INI
[2011.10.18 13:08:37 | 000,000,209 | ---- | C] () -- C:\Windows\ODBCINST.INI
[2011.10.18 13:07:52 | 000,037,574 | ---- | C] () -- C:\Windows\Irremote.ini
[2011.10.18 13:07:40 | 000,142,337 | ---- | C] () -- C:\Windows\System32\Wait.exe
[2011.10.18 13:07:14 | 000,007,328 | ---- | C] () -- C:\Windows\HCWPNP.INI
[2009.07.14 09:47:43 | 000,654,166 | ---- | C] () -- C:\Windows\System32\perfh007.dat
[2009.07.14 09:47:43 | 000,295,922 | ---- | C] () -- C:\Windows\System32\perfi007.dat
[2009.07.14 09:47:43 | 000,130,006 | ---- | C] () -- C:\Windows\System32\perfc007.dat
[2009.07.14 09:47:43 | 000,038,104 | ---- | C] () -- C:\Windows\System32\perfd007.dat
[2009.07.14 05:57:37 | 000,067,584 | --S- | C] () -- C:\Windows\bootstat.dat
[2009.07.14 05:33:53 | 000,300,976 | ---- | C] () -- C:\Windows\System32\FNTCACHE.DAT
[2009.07.14 03:05:48 | 000,616,008 | ---- | C] () -- C:\Windows\System32\perfh009.dat
[2009.07.14 03:05:48 | 000,291,294 | ---- | C] () -- C:\Windows\System32\perfi009.dat
[2009.07.14 03:05:48 | 000,106,388 | ---- | C] () -- C:\Windows\System32\perfc009.dat
[2009.07.14 03:05:48 | 000,031,548 | ---- | C] () -- C:\Windows\System32\perfd009.dat
[2009.07.14 03:05:05 | 000,000,741 | ---- | C] () -- C:\Windows\System32\NOISE.DAT
[2009.07.14 03:04:11 | 000,215,943 | ---- | C] () -- C:\Windows\System32\dssec.dat
[2009.07.14 01:19:49 | 000,066,048 | ---- | C] () -- C:\Windows\System32\PrintBrmUi.exe
[2009.07.14 00:55:01 | 000,043,131 | ---- | C] () -- C:\Windows\mib.bin
[2009.07.14 00:51:43 | 000,073,728 | ---- | C] () -- C:\Windows\System32\BthpanContextHandler.dll
[2009.07.14 00:42:10 | 000,064,000 | ---- | C] () -- C:\Windows\System32\BWContextHandler.dll
[2009.06.10 22:26:10 | 000,673,088 | ---- | C] () -- C:\Windows\System32\mlang.dat
 
========== LOP Check ==========
 
[2012.01.22 11:53:27 | 000,000,000 | ---D | M] -- C:\Users\MR\AppData\Roaming\f-secure
[2011.10.14 09:07:50 | 000,000,000 | ---D | M] -- C:\Users\MR\AppData\Roaming\LibreOffice
[2011.11.09 21:07:36 | 000,000,000 | ---D | M] -- C:\Users\MR\AppData\Roaming\Lingo4u
[2012.01.22 11:41:40 | 000,000,000 | ---D | M] -- C:\Users\MR\AppData\Roaming\QuickScan
[2012.01.24 17:26:04 | 000,000,000 | ---D | M] -- C:\Users\MR\AppData\Roaming\uTorrent
[2012.01.20 16:03:07 | 000,032,630 | ---- | M] () -- C:\Windows\Tasks\SCHEDLGU.TXT
 
========== Purity Check ==========
 
 
 
========== Custom Scans ==========
 
 
< %ALLUSERSPROFILE%\Application Data\*. >
 
< %ALLUSERSPROFILE%\Application Data\*.exe /s >
 
< %APPDATA%\*. >
[2011.11.08 13:41:15 | 000,000,000 | ---D | M] -- C:\Users\MR\AppData\Roaming\Adobe
[2011.11.10 07:39:55 | 000,000,000 | ---D | M] -- C:\Users\MR\AppData\Roaming\Apple Computer
[2011.10.14 08:35:09 | 000,000,000 | ---D | M] -- C:\Users\MR\AppData\Roaming\Avira
[2012.01.22 11:53:27 | 000,000,000 | ---D | M] -- C:\Users\MR\AppData\Roaming\f-secure
[2011.11.15 21:23:47 | 000,000,000 | ---D | M] -- C:\Users\MR\AppData\Roaming\HpUpdate
[2011.10.13 16:33:04 | 000,000,000 | ---D | M] -- C:\Users\MR\AppData\Roaming\Identities
[2011.10.14 09:07:50 | 000,000,000 | ---D | M] -- C:\Users\MR\AppData\Roaming\LibreOffice
[2011.11.09 21:07:36 | 000,000,000 | ---D | M] -- C:\Users\MR\AppData\Roaming\Lingo4u
[2011.11.08 13:41:15 | 000,000,000 | ---D | M] -- C:\Users\MR\AppData\Roaming\Macromedia
[2012.01.21 21:17:53 | 000,000,000 | ---D | M] -- C:\Users\MR\AppData\Roaming\Malwarebytes
[2009.07.14 09:56:56 | 000,000,000 | ---D | M] -- C:\Users\MR\AppData\Roaming\Media Center Programs
[2011.11.12 14:45:06 | 000,000,000 | --SD | M] -- C:\Users\MR\AppData\Roaming\Microsoft
[2011.10.13 16:43:36 | 000,000,000 | ---D | M] -- C:\Users\MR\AppData\Roaming\Mozilla
[2012.01.22 11:41:40 | 000,000,000 | ---D | M] -- C:\Users\MR\AppData\Roaming\QuickScan
[2012.01.12 16:02:23 | 000,000,000 | ---D | M] -- C:\Users\MR\AppData\Roaming\Skype
[2012.01.24 17:26:04 | 000,000,000 | ---D | M] -- C:\Users\MR\AppData\Roaming\uTorrent
[2012.01.22 22:26:48 | 000,000,000 | ---D | M] -- C:\Users\MR\AppData\Roaming\vlc
 
< %APPDATA%\*.exe /s >
 
< %SYSTEMDRIVE%\*.exe >
 
 
< MD5 for: AGP440.SYS  >
[2009.07.14 02:26:15 | 000,053,312 | ---- | M] (Microsoft Corporation) MD5=507812C3054C21CEF746B6EE3D04DD6E -- C:\Windows\System32\drivers\AGP440.sys
[2009.07.14 02:26:15 | 000,053,312 | ---- | M] (Microsoft Corporation) MD5=507812C3054C21CEF746B6EE3D04DD6E -- C:\Windows\System32\DriverStore\FileRepository\machine.inf_x86_neutral_65848c2d7375a720\AGP440.sys
[2009.07.14 02:26:15 | 000,053,312 | ---- | M] (Microsoft Corporation) MD5=507812C3054C21CEF746B6EE3D04DD6E -- C:\Windows\winsxs\x86_machine.inf_31bf3856ad364e35_6.1.7600.16385_none_b9e9435f20046eeb\AGP440.sys
[2009.07.14 02:26:15 | 000,053,312 | ---- | M] (Microsoft Corporation) MD5=507812C3054C21CEF746B6EE3D04DD6E -- C:\Windows\winsxs\x86_machine.inf_31bf3856ad364e35_6.1.7601.17514_none_bc1a57271cf2f285\AGP440.sys
 
< MD5 for: ATAPI.SYS  >
[2009.07.14 02:26:15 | 000,021,584 | ---- | M] (Microsoft Corporation) MD5=338C86357871C167A96AB976519BF59E -- C:\Windows\System32\drivers\atapi.sys
[2009.07.14 02:26:15 | 000,021,584 | ---- | M] (Microsoft Corporation) MD5=338C86357871C167A96AB976519BF59E -- C:\Windows\System32\DriverStore\FileRepository\mshdc.inf_x86_neutral_f64b9c35a3a5be81\atapi.sys
[2009.07.14 02:26:15 | 000,021,584 | ---- | M] (Microsoft Corporation) MD5=338C86357871C167A96AB976519BF59E -- C:\Windows\winsxs\x86_mshdc.inf_31bf3856ad364e35_6.1.7600.16385_none_dd0e7e3d82dd640d\atapi.sys
[2009.07.14 02:26:15 | 000,021,584 | ---- | M] (Microsoft Corporation) MD5=338C86357871C167A96AB976519BF59E -- C:\Windows\winsxs\x86_mshdc.inf_31bf3856ad364e35_6.1.7601.17514_none_df3f92057fcbe7a7\atapi.sys
 
< MD5 for: CNGAUDIT.DLL  >
[2009.07.14 02:15:06 | 000,012,288 | ---- | M] (Microsoft Corporation) MD5=50BA656134F78AF64E4DD3C8B6FEFD7E -- C:\Windows\System32\cngaudit.dll
[2009.07.14 02:15:06 | 000,012,288 | ---- | M] (Microsoft Corporation) MD5=50BA656134F78AF64E4DD3C8B6FEFD7E -- C:\Windows\winsxs\x86_microsoft-windows-cngaudit-dll_31bf3856ad364e35_6.1.7600.16385_none_e83a414890e8132b\cngaudit.dll
 
< MD5 for: IASTORV.SYS  >
[2011.03.11 06:38:51 | 000,332,160 | ---- | M] (Intel Corporation) MD5=5CD5F9A5444E6CDCB0AC89BD62D8B76E -- C:\Windows\winsxs\x86_iastorv.inf_31bf3856ad364e35_6.1.7601.17577_none_b0daddb9e6380745\iaStorV.sys
[2011.03.11 06:43:55 | 000,332,160 | ---- | M] (Intel Corporation) MD5=71F1A494FEDF4B33C02C4A6A28D6D9E9 -- C:\Windows\System32\drivers\iaStorV.sys
[2011.03.11 06:43:55 | 000,332,160 | ---- | M] (Intel Corporation) MD5=71F1A494FEDF4B33C02C4A6A28D6D9E9 -- C:\Windows\System32\DriverStore\FileRepository\iastorv.inf_x86_neutral_0033117673c16921\iaStorV.sys
[2011.03.11 06:43:55 | 000,332,160 | ---- | M] (Intel Corporation) MD5=71F1A494FEDF4B33C02C4A6A28D6D9E9 -- C:\Windows\winsxs\x86_iastorv.inf_31bf3856ad364e35_6.1.7600.16778_none_aef580fde910b4b0\iaStorV.sys
[2011.03.11 06:28:00 | 000,332,160 | ---- | M] (Intel Corporation) MD5=778D0E6D7D9EBA0C403BADBAAD41DB20 -- C:\Windows\winsxs\x86_iastorv.inf_31bf3856ad364e35_6.1.7601.21680_none_b152a892ff64119f\iaStorV.sys
[2009.07.14 02:20:36 | 000,332,352 | ---- | M] (Intel Corporation) MD5=934AF4D7C5F457B9F0743F4299B77B67 -- C:\Windows\System32\DriverStore\FileRepository\iastorv.inf_x86_neutral_18cccb83b34e1453\iaStorV.sys
[2009.07.14 02:20:36 | 000,332,352 | ---- | M] (Intel Corporation) MD5=934AF4D7C5F457B9F0743F4299B77B67 -- C:\Windows\winsxs\x86_iastorv.inf_31bf3856ad364e35_6.1.7600.16385_none_aee7a89be91b9000\iaStorV.sys
[2010.11.20 13:29:54 | 000,332,160 | ---- | M] (Intel Corporation) MD5=A3CAE5D281DB4CFF7CFF8233507EE5AD -- C:\Windows\SoftwareDistribution\Download\18e2c83e42cc8f0cc17b5dbfaf982690\x86_iastorv.inf_31bf3856ad364e35_6.1.7601.17514_none_b118bc63e60a139a\iaStorV.sys
[2011.03.11 06:52:21 | 000,332,160 | ---- | M] (Intel Corporation) MD5=B9039A34C2F8769490DCC494E2402445 -- C:\Windows\winsxs\x86_iastorv.inf_31bf3856ad364e35_6.1.7600.20921_none_afae2d45020c148b\iaStorV.sys
 
< MD5 for: NETLOGON.DLL  >
[2010.11.20 13:20:28 | 000,563,712 | ---- | M] (Microsoft Corporation) MD5=C1809B9907ADEDAF16F50C894100883B -- C:\Windows\SoftwareDistribution\Download\18e2c83e42cc8f0cc17b5dbfaf982690\x86_microsoft-windows-security-netlogon_31bf3856ad364e35_6.1.7601.17514_none_ffbf212e963c0162\netlogon.dll
[2009.07.14 02:16:02 | 000,563,712 | ---- | M] (Microsoft Corporation) MD5=EAA75D9000B71F10EEC04D2AE6C60E81 -- C:\Windows\System32\netlogon.dll
[2009.07.14 02:16:02 | 000,563,712 | ---- | M] (Microsoft Corporation) MD5=EAA75D9000B71F10EEC04D2AE6C60E81 -- C:\Windows\winsxs\x86_microsoft-windows-security-netlogon_31bf3856ad364e35_6.1.7600.16385_none_fd8e0d66994d7dc8\netlogon.dll
 
< MD5 for: NVSTOR.SYS  >
[2011.03.11 06:39:00 | 000,143,744 | ---- | M] (NVIDIA Corporation) MD5=4380E59A170D88C4F1022EFF6719A8A4 -- C:\Windows\winsxs\x86_nvraid.inf_31bf3856ad364e35_6.1.7601.17577_none_3ba44e691d6eb11d\nvstor.sys
[2011.03.11 06:44:01 | 000,143,744 | ---- | M] (NVIDIA Corporation) MD5=4520B63899E867F354EE012D34E11536 -- C:\Windows\System32\drivers\nvstor.sys
[2011.03.11 06:44:01 | 000,143,744 | ---- | M] (NVIDIA Corporation) MD5=4520B63899E867F354EE012D34E11536 -- C:\Windows\System32\DriverStore\FileRepository\nvraid.inf_x86_neutral_38e464dbe521cc7f\nvstor.sys
[2011.03.11 06:44:01 | 000,143,744 | ---- | M] (NVIDIA Corporation) MD5=4520B63899E867F354EE012D34E11536 -- C:\Windows\winsxs\x86_nvraid.inf_31bf3856ad364e35_6.1.7600.16778_none_39bef1ad20475e88\nvstor.sys
[2011.03.11 06:28:10 | 000,143,744 | ---- | M] (NVIDIA Corporation) MD5=66D468654A58594F5F3BA63D5AD5B1AF -- C:\Windows\winsxs\x86_nvraid.inf_31bf3856ad364e35_6.1.7601.21680_none_3c1c1942369abb77\nvstor.sys
[2011.03.11 06:52:25 | 000,143,744 | ---- | M] (NVIDIA Corporation) MD5=8A7583A3B58D3EEB28BB26626526BC91 -- C:\Windows\winsxs\x86_nvraid.inf_31bf3856ad364e35_6.1.7600.20921_none_3a779df43942be63\nvstor.sys
[2010.11.20 13:30:06 | 000,143,744 | ---- | M] (NVIDIA Corporation) MD5=9283C58EBAA2618F93482EB5DABCEC82 -- C:\Windows\SoftwareDistribution\Download\18e2c83e42cc8f0cc17b5dbfaf982690\x86_nvraid.inf_31bf3856ad364e35_6.1.7601.17514_none_3be22d131d40bd72\nvstor.sys
[2009.07.14 02:20:44 | 000,142,416 | ---- | M] (NVIDIA Corporation) MD5=C99F251A5DE63C6F129CF71933ACED0F -- C:\Windows\System32\DriverStore\FileRepository\nvraid.inf_x86_neutral_5bde3fe2945bce9e\nvstor.sys
[2009.07.14 02:20:44 | 000,142,416 | ---- | M] (NVIDIA Corporation) MD5=C99F251A5DE63C6F129CF71933ACED0F -- C:\Windows\winsxs\x86_nvraid.inf_31bf3856ad364e35_6.1.7600.16385_none_39b1194b205239d8\nvstor.sys
 
< MD5 for: SCECLI.DLL  >
[2009.07.14 02:16:13 | 000,175,616 | ---- | M] (Microsoft Corporation) MD5=26073302DAEA83CC5B944C546D6B47D2 -- C:\Windows\System32\scecli.dll
[2009.07.14 02:16:13 | 000,175,616 | ---- | M] (Microsoft Corporation) MD5=26073302DAEA83CC5B944C546D6B47D2 -- C:\Windows\winsxs\x86_microsoft-windows-s..urationengineclient_31bf3856ad364e35_6.1.7600.16385_none_37e4387f3a6f0483\scecli.dll
[2010.11.20 13:21:04 | 000,175,616 | ---- | M] (Microsoft Corporation) MD5=8124944EC89D6A1815E4E53F5B96AAF4 -- C:\Windows\SoftwareDistribution\Download\18e2c83e42cc8f0cc17b5dbfaf982690\x86_microsoft-windows-s..urationengineclient_31bf3856ad364e35_6.1.7601.17514_none_3a154c47375d881d\scecli.dll
 
< MD5 for: USER32.DLL  >
[2009.07.14 02:16:17 | 000,811,520 | ---- | M] (Microsoft Corporation) MD5=34B7E222E81FAFA885F0C5F2CFA56861 -- C:\Windows\System32\user32.dll
[2009.07.14 02:16:17 | 000,811,520 | ---- | M] (Microsoft Corporation) MD5=34B7E222E81FAFA885F0C5F2CFA56861 -- C:\Windows\winsxs\x86_microsoft-windows-user32_31bf3856ad364e35_6.1.7600.16385_none_cd0ec264ceb014a3\user32.dll
[2010.11.20 13:21:33 | 000,811,520 | ---- | M] (Microsoft Corporation) MD5=F1DD3ACAEE5E6B4BBC69BC6DF75CEF66 -- C:\Windows\SoftwareDistribution\Download\18e2c83e42cc8f0cc17b5dbfaf982690\x86_microsoft-windows-user32_31bf3856ad364e35_6.1.7601.17514_none_cf3fd62ccb9e983d\user32.dll
 
< MD5 for: USERINIT.EXE  >
[2010.11.20 13:17:48 | 000,026,624 | ---- | M] (Microsoft Corporation) MD5=61AC3EFDFACFDD3F0F11DD4FD4044223 -- C:\Windows\SoftwareDistribution\Download\18e2c83e42cc8f0cc17b5dbfaf982690\x86_microsoft-windows-userinit_31bf3856ad364e35_6.1.7601.17514_none_de3024012ff21116\userinit.exe
[2009.07.14 02:14:43 | 000,026,112 | ---- | M] (Microsoft Corporation) MD5=6DE80F60D7DE9CE6B8C2DDFDF79EF175 -- C:\Windows\System32\userinit.exe
[2009.07.14 02:14:43 | 000,026,112 | ---- | M] (Microsoft Corporation) MD5=6DE80F60D7DE9CE6B8C2DDFDF79EF175 -- C:\Windows\winsxs\x86_microsoft-windows-userinit_31bf3856ad364e35_6.1.7600.16385_none_dbff103933038d7c\userinit.exe
 
< MD5 for: WININIT.EXE  >
[2009.07.14 02:14:45 | 000,096,256 | ---- | M] (Microsoft Corporation) MD5=B5C5DCAD3899512020D135600129D665 -- C:\Windows\System32\wininit.exe
[2009.07.14 02:14:45 | 000,096,256 | ---- | M] (Microsoft Corporation) MD5=B5C5DCAD3899512020D135600129D665 -- C:\Windows\winsxs\x86_microsoft-windows-wininit_31bf3856ad364e35_6.1.7600.16385_none_30c90ef265a43c13\wininit.exe
 
< MD5 for: WINLOGON.EXE  >
[2009.10.28 07:17:59 | 000,285,696 | ---- | M] (Microsoft Corporation) MD5=37CDB7E72EB66BA85A87CBE37E7F03FD -- C:\Windows\System32\winlogon.exe
[2009.10.28 07:17:59 | 000,285,696 | ---- | M] (Microsoft Corporation) MD5=37CDB7E72EB66BA85A87CBE37E7F03FD -- C:\Windows\winsxs\x86_microsoft-windows-winlogon_31bf3856ad364e35_6.1.7600.16447_none_6fc699643622d177\winlogon.exe
[2009.10.28 06:52:08 | 000,285,696 | ---- | M] (Microsoft Corporation) MD5=3BABE6767C78FBF5FB8435FEED187F30 -- C:\Windows\winsxs\x86_microsoft-windows-winlogon_31bf3856ad364e35_6.1.7600.20560_none_703394514f56f7c2\winlogon.exe
[2010.11.20 13:17:54 | 000,286,720 | ---- | M] (Microsoft Corporation) MD5=6D13E1406F50C66E2A95D97F22C47560 -- C:\Windows\SoftwareDistribution\Download\18e2c83e42cc8f0cc17b5dbfaf982690\x86_microsoft-windows-winlogon_31bf3856ad364e35_6.1.7601.17514_none_71ca6b0233339500\winlogon.exe
[2009.07.14 02:14:45 | 000,285,696 | ---- | M] (Microsoft Corporation) MD5=8EC6A4AB12B8F3759E21F8E3A388F2CF -- C:\Windows\winsxs\x86_microsoft-windows-winlogon_31bf3856ad364e35_6.1.7600.16385_none_6f99573a36451166\winlogon.exe
[2011.12.24 17:50:20 | 000,182,856 | ---- | M] () MD5=B382935AB01B27D0E14F267DBF288896 -- C:\Program Files\Malwarebytes' Anti-Malware\Chameleon\winlogon.exe
 
< MD5 for: WS2IFSL.SYS  >
[2009.07.14 00:55:02 | 000,016,384 | ---- | M] (Microsoft Corporation) MD5=6DB3276587B853BF886B69528FDB048C -- C:\Windows\System32\drivers\ws2ifsl.sys
[2009.07.14 00:55:02 | 000,016,384 | ---- | M] (Microsoft Corporation) MD5=6DB3276587B853BF886B69528FDB048C -- C:\Windows\winsxs\x86_microsoft-windows-w..rastructure-ws2ifsl_31bf3856ad364e35_6.1.7600.16385_none_4f5cf6f829213bb2\ws2ifsl.sys
 
< %systemroot%\system32\drivers\*.sys /lockedfiles >
 
< %systemroot%\System32\config\*.sav >
 
< %systemroot%\*. /mp /s >
 
< %systemroot%\system32\*.dll /lockedfiles >
 
<           >

< End of report >

cosinus · 24.01.2012, 20:31

Mach einen OTL-Fix, beende alle evtl. geöffneten Programme, auch Virenscanner deaktivieren (!), starte OTL und kopiere folgenden Text in die "Custom Scan/Fixes" Box (unten in OTL): (das ":OTL" muss mitkopiert werden!!!)

Code:

ATTFilter

:OTL
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.niewieder.de!!!!!/
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = http://de.msn.com/?ocid=iehp
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = de
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = 7B 49 AC 9A C7 D6 CC 01  [binary data]
IE - HKCU\..\URLSearchHook: {F3FEE66E-E034-436a-86E4-9690573BEE8A} - C:\Programme\YouTube Downloader Toolbar\IE\4.9\youtubedownloaderToolbarIE.dll (Spigot, Inc.)
FF - prefs.js..browser.search.defaultenginename: "Yahoo"
FF - prefs.js..browser.search.param.yahoo-fr: "chr-greentree_ff&type=937811&ilc=12"
FF - prefs.js..browser.search.selectedEngine: "Yahoo"
FF - prefs.js..keyword.URL: "http://de.search.yahoo.com/search?fr=greentree_ff1&ei=utf-8&ilc=12&type=937811&p="
O4 - HKLM..\Run: []  File not found
O4 - HKLM..\Run: [DXM6Patch_981116] C:\Windows\p_981116.exe (Microsoft Corporation)
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2009.06.10 22:42:20 | 000,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ]
O33 - MountPoints2\{5705f481-f5b0-11e0-bce6-0016d4db80ff}\Shell - "" = AutoRun
O33 - MountPoints2\{5705f481-f5b0-11e0-bce6-0016d4db80ff}\Shell\AutoRun\command - "" = F:\LaunchU3.exe -a

:Commands
[emptytemp]
[resethosts]

Klick dann oben links auf den Button Fix!
Das Logfile müsste geöffnet werden, wenn Du nach dem Fixen auf ok klickst, poste das bitte. Evtl. wird der Rechner neu gestartet.

Die mit diesem Script gefixten Einträge, Dateien und Ordner werden zur Sicherheit nicht vollständig gelöscht, es wird eine Sicherheitskopie auf der Systempartition im Ordner "_OTL" erstellt.

Hinweis: Das obige Script ist nur für diesen einen User in dieser Situtation erstellt worden. Es ist auf keinen anderen Rechner portierbar und darf nicht anderweitig verwandt werden, da es das System nachhaltig schädigen kann!

Paclib · 24.01.2012, 20:47

Gefixt, und das hier ist rausgekommen:

Code:

ATTFilter

All processes killed
========== OTL ==========
HKCU\SOFTWARE\Microsoft\Internet Explorer\Main\\Start Page| /E : value set successfully!
HKCU\SOFTWARE\Microsoft\Internet Explorer\Main\\Start Page Redirect Cache| /E : value set successfully!
HKCU\SOFTWARE\Microsoft\Internet Explorer\Main\\Start Page Redirect Cache AcceptLangs| /E : value set successfully!
HKCU\SOFTWARE\Microsoft\Internet Explorer\Main\\Start Page Redirect Cache_TIMESTAMP| /E : value set successfully!
Registry value HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\URLSearchHooks\\{F3FEE66E-E034-436a-86E4-9690573BEE8A} deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{F3FEE66E-E034-436a-86E4-9690573BEE8A}\ deleted successfully.
C:\Programme\YouTube Downloader Toolbar\IE\4.9\youtubedownloaderToolbarIE.dll moved successfully.
Prefs.js: "Yahoo" removed from browser.search.defaultenginename
Prefs.js: "chr-greentree_ff&type=937811&ilc=12" removed from browser.search.param.yahoo-fr
Prefs.js: "Yahoo" removed from browser.search.selectedEngine
Prefs.js: "hxxp://de.search.yahoo.com/search?fr=greentree_ff1&ei=utf-8&ilc=12&type=937811&p=" removed from keyword.URL
Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run\\ deleted successfully.
Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run\\DXM6Patch_981116 deleted successfully.
C:\Windows\p_981116.exe moved successfully.
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Cdrom\\AutoRun|DWORD:1 /E : value set successfully!
C:\autoexec.bat moved successfully.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{5705f481-f5b0-11e0-bce6-0016d4db80ff}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{5705f481-f5b0-11e0-bce6-0016d4db80ff}\ not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{5705f481-f5b0-11e0-bce6-0016d4db80ff}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{5705f481-f5b0-11e0-bce6-0016d4db80ff}\ not found.
File F:\LaunchU3.exe -a not found.
========== COMMANDS ==========
 
[EMPTYTEMP]
 
User: All Users
 
User: Default
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
 
User: Default User
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
 
User: MR
->Temp folder emptied: 373232104 bytes
->Temporary Internet Files folder emptied: 32943276 bytes
->Java cache emptied: 713216 bytes
->FireFox cache emptied: 470688220 bytes
->Flash cache emptied: 985 bytes
 
User: Public
 
User: user
 
%systemdrive% .tmp files removed: 0 bytes
%systemroot% .tmp files removed: 0 bytes
%systemroot%\System32 .tmp files removed: 0 bytes
%systemroot%\System32\drivers .tmp files removed: 0 bytes
Windows Temp folder emptied: 57322564 bytes
RecycleBin emptied: 999339 bytes
 
Total Files Cleaned = 893,00 mb
 
C:\Windows\System32\drivers\etc\Hosts moved successfully.
HOSTS file reset successfully
 
OTL by OldTimer - Version 3.2.31.0 log created on 01242012_204009

Files\Folders moved on Reboot...
C:\Windows\temp\JET7FCA.tmp moved successfully.
C:\Windows\temp\JETA820.tmp moved successfully.

Registry entries deleted on Reboot...

cosinus · 24.01.2012, 21:10

Bitte nun (im normalen Windows-Modus) dieses Tool von Kaspersky (TDSS-Killer) ausführen und das Log posten => http://www.trojaner-board.de/82358-t...entfernen.html

Das Tool so einstellen wie unten im Bild angegeben - klick auf change parameters und setze die Haken wie im folgenden Screenshot abgebildet,
Dann auf Start Scan klicken und wenn es durch ist auf den Button Report klicken um das Log anzuzeigen. Dieses bitte komplett posten.
Wenn du das Log nicht findest oder den Inhalt kopieren und in dein Posting übertragen kannst, dann schau bitte direkt auf deiner Windows-Systempartition (meistens Laufwerk C

nach, da speichert der TDSS-Killer seine Logs.

Hinweis: Bitte nichts voreilig mit dem TDSS-Killer löschen! Falls Objekte vom TDSS-Killer bemängelt werden, alle mit der Aktion "skip" behandeln und hier nur das Log posten!

Falls du durch die Infektion auf deine Dokumente/Eigenen Dateien nicht zugreifen kannst, Verknüpfungen auf dem Desktop oder im Startmenü unter "alle Programme" fehlen, bitte unhide ausführen:
Downloade dir bitte unhide.exe und speichere diese Datei auf deinem Desktop.
Starte das Tool und es sollten alle Dateien und Ordner wieder sichtbar sein. ( Könnte eine Weile dauern )

Windows-Vista und Windows-7-User müssen das Tool per Rechtsklick als Administrator ausführen!

Paclib · 24.01.2012, 22:40

Code:

ATTFilter

22:25:04.0434 2112	TDSS rootkit removing tool 2.7.7.0 Jan 24 2012 16:44:27
22:25:04.0683 2112	============================================================
22:25:04.0683 2112	Current date / time: 2012/01/24 22:25:04.0683
22:25:04.0683 2112	SystemInfo:
22:25:04.0683 2112	
22:25:04.0683 2112	OS Version: 6.1.7600 ServicePack: 0.0
22:25:04.0683 2112	Product type: Workstation
22:25:04.0684 2112	ComputerName: MR-PC
22:25:04.0684 2112	UserName: MR
22:25:04.0684 2112	Windows directory: C:\Windows
22:25:04.0684 2112	System windows directory: C:\Windows
22:25:04.0684 2112	Processor architecture: Intel x86
22:25:04.0684 2112	Number of processors: 2
22:25:04.0684 2112	Page size: 0x1000
22:25:04.0684 2112	Boot type: Normal boot
22:25:04.0684 2112	============================================================
22:25:06.0234 2112	Drive \Device\Harddisk0\DR0 - Size: 0x25433D6000 (149.05 Gb), SectorSize: 0x200, Cylinders: 0x4C01, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000050
22:25:06.0301 2112	Initialize success
22:36:25.0087 3744	============================================================
22:36:25.0087 3744	Scan started
22:36:25.0087 3744	Mode: Manual; SigCheck; TDLFS; 
22:36:25.0087 3744	============================================================
22:36:25.0789 3744	1394ohci        (6d2aca41739bfe8cb86ee8e85f29697d) C:\Windows\system32\DRIVERS\1394ohci.sys
22:36:25.0961 3744	1394ohci - ok
22:36:25.0992 3744	ACPI            (f0e07d144c8685b8774bc32fc8da4df0) C:\Windows\system32\DRIVERS\ACPI.sys
22:36:26.0023 3744	ACPI - ok
22:36:26.0054 3744	AcpiPmi         (98d81ca942d19f7d9153b095162ac013) C:\Windows\system32\DRIVERS\acpipmi.sys
22:36:26.0132 3744	AcpiPmi - ok
22:36:26.0210 3744	adp94xx         (21e785ebd7dc90a06391141aac7892fb) C:\Windows\system32\DRIVERS\adp94xx.sys
22:36:26.0273 3744	adp94xx - ok
22:36:26.0288 3744	adpahci         (0c676bc278d5b59ff5abd57bbe9123f2) C:\Windows\system32\DRIVERS\adpahci.sys
22:36:26.0351 3744	adpahci - ok
22:36:26.0382 3744	adpu320         (7c7b5ee4b7b822ec85321fe23a27db33) C:\Windows\system32\DRIVERS\adpu320.sys
22:36:26.0413 3744	adpu320 - ok
22:36:26.0491 3744	AFD             (0db7a48388d54d154ebec120461a0fcd) C:\Windows\system32\drivers\afd.sys
22:36:26.0678 3744	AFD - ok
22:36:26.0709 3744	agp440          (507812c3054c21cef746b6ee3d04dd6e) C:\Windows\system32\DRIVERS\agp440.sys
22:36:26.0741 3744	agp440 - ok
22:36:26.0772 3744	aic78xx         (8b30250d573a8f6b4bd23195160d8707) C:\Windows\system32\DRIVERS\djsvs.sys
22:36:26.0819 3744	aic78xx - ok
22:36:26.0850 3744	aliide          (0d40bcf52ea90fc7df2aeab6503dea44) C:\Windows\system32\DRIVERS\aliide.sys
22:36:26.0881 3744	aliide - ok
22:36:26.0897 3744	amdagp          (3c6600a0696e90a463771c7422e23ab5) C:\Windows\system32\DRIVERS\amdagp.sys
22:36:26.0928 3744	amdagp - ok
22:36:26.0943 3744	amdide          (cd5914170297126b6266860198d1d4f0) C:\Windows\system32\DRIVERS\amdide.sys
22:36:26.0975 3744	amdide - ok
22:36:27.0006 3744	AmdK8           (00dda200d71bac534bf56a9db5dfd666) C:\Windows\system32\DRIVERS\amdk8.sys
22:36:27.0053 3744	AmdK8 - ok
22:36:27.0068 3744	AmdPPM          (3cbf30f5370fda40dd3e87df38ea53b6) C:\Windows\system32\DRIVERS\amdppm.sys
22:36:27.0131 3744	AmdPPM - ok
22:36:27.0177 3744	amdsata         (19ce906b4cdc11fc4fef5745f33a63b6) C:\Windows\system32\drivers\amdsata.sys
22:36:27.0224 3744	amdsata - ok
22:36:27.0255 3744	amdsbs          (ea43af0c423ff267355f74e7a53bdaba) C:\Windows\system32\DRIVERS\amdsbs.sys
22:36:27.0287 3744	amdsbs - ok
22:36:27.0318 3744	amdxata         (869e67d66be326a5a9159fba8746fa70) C:\Windows\system32\drivers\amdxata.sys
22:36:27.0349 3744	amdxata - ok
22:36:27.0396 3744	AppID           (feb834c02ce1e84b6a38f953ca067706) C:\Windows\system32\drivers\appid.sys
22:36:27.0489 3744	AppID - ok
22:36:27.0536 3744	arc             (2932004f49677bd84dbc72edb754ffb3) C:\Windows\system32\DRIVERS\arc.sys
22:36:27.0583 3744	arc - ok
22:36:27.0599 3744	arcsas          (5d6f36c46fd283ae1b57bd2e9feb0bc7) C:\Windows\system32\DRIVERS\arcsas.sys
22:36:27.0645 3744	arcsas - ok
22:36:27.0677 3744	AsyncMac        (add2ade1c2b285ab8378d2daaf991481) C:\Windows\system32\DRIVERS\asyncmac.sys
22:36:27.0801 3744	AsyncMac - ok
22:36:27.0817 3744	atapi           (338c86357871c167a96ab976519bf59e) C:\Windows\system32\DRIVERS\atapi.sys
22:36:27.0848 3744	atapi - ok
22:36:27.0926 3744	AVerPola        (5b7297abcea83c058ce1713849642804) C:\Windows\system32\DRIVERS\AVerPola.sys
22:36:28.0004 3744	AVerPola ( UnsignedFile.Multi.Generic ) - warning
22:36:28.0004 3744	AVerPola - detected UnsignedFile.Multi.Generic (1)
22:36:28.0051 3744	avgntflt        (7713e4eb0276702faa08e52a6e23f2a6) C:\Windows\system32\DRIVERS\avgntflt.sys
22:36:28.0160 3744	avgntflt - ok
22:36:28.0191 3744	avipbb          (475fbb85956534720858ae72010c0a43) C:\Windows\system32\DRIVERS\avipbb.sys
22:36:28.0223 3744	avipbb - ok
22:36:28.0254 3744	avkmgr          (271cfd1a989209b1964e24d969552bf7) C:\Windows\system32\DRIVERS\avkmgr.sys
22:36:28.0285 3744	avkmgr - ok
22:36:28.0347 3744	AVPolCIR        (ae130449d9562183ad1bcc070de93fbc) C:\Windows\system32\DRIVERS\AVPolCIR.sys
22:36:28.0394 3744	AVPolCIR ( UnsignedFile.Multi.Generic ) - warning
22:36:28.0394 3744	AVPolCIR - detected UnsignedFile.Multi.Generic (1)
22:36:28.0488 3744	b06bdrv         (1a231abec60fd316ec54c66715543cec) C:\Windows\system32\DRIVERS\bxvbdx.sys
22:36:28.0581 3744	b06bdrv - ok
22:36:28.0628 3744	b57nd60x        (bd8869eb9cde6bbe4508d869929869ee) C:\Windows\system32\DRIVERS\b57nd60x.sys
22:36:28.0706 3744	b57nd60x - ok
22:36:28.0769 3744	bcm4sbxp        (82dd21bfa8bbe0a3a3833a1bd8e86158) C:\Windows\system32\DRIVERS\bcm4sbxp.sys
22:36:28.0831 3744	bcm4sbxp - ok
22:36:28.0893 3744	Beep            (505506526a9d467307b3c393dedaf858) C:\Windows\system32\drivers\Beep.sys
22:36:28.0971 3744	Beep - ok
22:36:29.0018 3744	blbdrive        (2287078ed48fcfc477b05b20cf38f36f) C:\Windows\system32\DRIVERS\blbdrive.sys
22:36:29.0081 3744	blbdrive - ok
22:36:29.0112 3744	bowser          (9a5c671b7fbae4865149bb11f59b91b2) C:\Windows\system32\DRIVERS\bowser.sys
22:36:29.0174 3744	bowser - ok
22:36:29.0205 3744	BrFiltLo        (9f9acc7f7ccde8a15c282d3f88b43309) C:\Windows\system32\DRIVERS\BrFiltLo.sys
22:36:29.0268 3744	BrFiltLo - ok
22:36:29.0283 3744	BrFiltUp        (56801ad62213a41f6497f96dee83755a) C:\Windows\system32\DRIVERS\BrFiltUp.sys
22:36:29.0330 3744	BrFiltUp - ok
22:36:29.0361 3744	Brserid         (845b8ce732e67f3b4133164868c666ea) C:\Windows\System32\Drivers\Brserid.sys
22:36:29.0455 3744	Brserid - ok
22:36:29.0471 3744	BrSerWdm        (203f0b1e73adadbbb7b7b1fabd901f6b) C:\Windows\System32\Drivers\BrSerWdm.sys
22:36:29.0549 3744	BrSerWdm - ok
22:36:29.0549 3744	BrUsbMdm        (bd456606156ba17e60a04e18016ae54b) C:\Windows\System32\Drivers\BrUsbMdm.sys
22:36:29.0627 3744	BrUsbMdm - ok
22:36:29.0642 3744	BrUsbSer        (af72ed54503f717a43268b3cc5faec2e) C:\Windows\System32\Drivers\BrUsbSer.sys
22:36:29.0673 3744	BrUsbSer - ok
22:36:29.0689 3744	BTHMODEM        (ed3df7c56ce0084eb2034432fc56565a) C:\Windows\system32\DRIVERS\bthmodem.sys
22:36:29.0751 3744	BTHMODEM - ok
22:36:29.0798 3744	cdfs            (77ea11b065e0a8ab902d78145ca51e10) C:\Windows\system32\DRIVERS\cdfs.sys
22:36:29.0861 3744	cdfs - ok
22:36:29.0907 3744	cdrom           (ba6e70aa0e6091bc39de29477d866a77) C:\Windows\system32\DRIVERS\cdrom.sys
22:36:29.0954 3744	cdrom - ok
22:36:29.0985 3744	circlass        (3fe3fe94a34df6fb06e6418d0f6a0060) C:\Windows\system32\DRIVERS\circlass.sys
22:36:30.0048 3744	circlass - ok
22:36:30.0095 3744	CLFS            (635181e0e9bbf16871bf5380d71db02d) C:\Windows\system32\CLFS.sys
22:36:30.0141 3744	CLFS - ok
22:36:30.0219 3744	CmBatt          (dea805815e587dad1dd2c502220b5616) C:\Windows\system32\DRIVERS\CmBatt.sys
22:36:30.0266 3744	CmBatt - ok
22:36:30.0297 3744	cmdide          (c537b1db64d495b9b4717b4d6d9edbf2) C:\Windows\system32\DRIVERS\cmdide.sys
22:36:30.0313 3744	cmdide - ok
22:36:30.0375 3744	CNG             (36c252e474b2ffa0f0fbbff20d92a640) C:\Windows\system32\Drivers\cng.sys
22:36:30.0453 3744	CNG - ok
22:36:30.0469 3744	Compbatt        (a6023d3823c37043986713f118a89bee) C:\Windows\system32\DRIVERS\compbatt.sys
22:36:30.0500 3744	Compbatt - ok
22:36:30.0547 3744	CompositeBus    (f1724ba27e97d627f808fb0ba77a28a6) C:\Windows\system32\DRIVERS\CompositeBus.sys
22:36:30.0594 3744	CompositeBus - ok
22:36:30.0641 3744	crcdisk         (2c4ebcfc84a9b44f209dff6c6e6c61d1) C:\Windows\system32\DRIVERS\crcdisk.sys
22:36:30.0672 3744	crcdisk - ok
22:36:30.0719 3744	CSC             (27c9490bdd0ae48911ab8cf1932591ed) C:\Windows\system32\drivers\csc.sys
22:36:30.0828 3744	CSC - ok
22:36:30.0906 3744	DfsC            (83d1ecea8faae75604c0fa49ac7ad996) C:\Windows\system32\Drivers\dfsc.sys
22:36:30.0968 3744	DfsC - ok
22:36:30.0999 3744	discache        (1a050b0274bfb3890703d490f330c0da) C:\Windows\system32\drivers\discache.sys
22:36:31.0077 3744	discache - ok
22:36:31.0093 3744	Disk            (565003f326f99802e68ca78f2a68e9ff) C:\Windows\system32\DRIVERS\disk.sys
22:36:31.0140 3744	Disk - ok
22:36:31.0187 3744	drmkaud         (b918e7c5f9bf77202f89e1a9539f2eb4) C:\Windows\system32\drivers\drmkaud.sys
22:36:31.0233 3744	drmkaud - ok
22:36:31.0311 3744	DXGKrnl         (1679a4669326cb1a67cc95658d273234) C:\Windows\System32\drivers\dxgkrnl.sys
22:36:31.0421 3744	DXGKrnl - ok
22:36:31.0592 3744	ebdrv           (024e1b5cac09731e4d868e64dbfb4ab0) C:\Windows\system32\DRIVERS\evbdx.sys
22:36:31.0842 3744	ebdrv - ok
22:36:31.0904 3744	elxstor         (0ed67910c8c326796faa00b2bf6d9d3c) C:\Windows\system32\DRIVERS\elxstor.sys
22:36:31.0982 3744	elxstor - ok
22:36:32.0045 3744	EMSCR           (1fa3f9df8983873746fa6b72dd7e3c2c) C:\Windows\system32\DRIVERS\EMS7SK.sys
22:36:32.0091 3744	EMSCR - ok
22:36:32.0091 3744	ErrDev          (8fc3208352dd3912c94367a206ab3f11) C:\Windows\system32\DRIVERS\errdev.sys
22:36:32.0154 3744	ErrDev - ok
22:36:32.0201 3744	ESDCR           (9c7487253aad6bf61f9bc83d50e32ccc) C:\Windows\system32\DRIVERS\ESD7SK.sys
22:36:32.0263 3744	ESDCR - ok
22:36:32.0294 3744	ESMCR           (99589d975da04f8bd31f124428fcc797) C:\Windows\system32\DRIVERS\ESM7SK.sys
22:36:32.0357 3744	ESMCR - ok
22:36:32.0419 3744	exfat           (2dc9108d74081149cc8b651d3a26207f) C:\Windows\system32\drivers\exfat.sys
22:36:32.0481 3744	exfat - ok
22:36:32.0497 3744	fastfat         (7e0ab74553476622fb6ae36f73d97d35) C:\Windows\system32\drivers\fastfat.sys
22:36:32.0575 3744	fastfat - ok
22:36:32.0606 3744	fdc             (e817a017f82df2a1f8cfdbda29388b29) C:\Windows\system32\DRIVERS\fdc.sys
22:36:32.0653 3744	fdc - ok
22:36:32.0684 3744	FileInfo        (6cf00369c97f3cf563be99be983d13d8) C:\Windows\system32\drivers\fileinfo.sys
22:36:32.0731 3744	FileInfo - ok
22:36:32.0747 3744	Filetrace       (42c51dc94c91da21cb9196eb64c45db9) C:\Windows\system32\drivers\filetrace.sys
22:36:32.0840 3744	Filetrace - ok
22:36:32.0856 3744	flpydisk        (87907aa70cb3c56600f1c2fb8841579b) C:\Windows\system32\DRIVERS\flpydisk.sys
22:36:32.0918 3744	flpydisk - ok
22:36:32.0949 3744	FltMgr          (7520ec808e0c35e0ee6f841294316653) C:\Windows\system32\drivers\fltmgr.sys
22:36:32.0996 3744	FltMgr - ok
22:36:33.0027 3744	FsDepends       (1a16b57943853e598cff37fe2b8cbf1d) C:\Windows\system32\drivers\FsDepends.sys
22:36:33.0074 3744	FsDepends - ok
22:36:33.0090 3744	Fs_Rec          (a574b4360e438977038aae4bf60d79a2) C:\Windows\system32\drivers\Fs_Rec.sys
22:36:33.0121 3744	Fs_Rec - ok
22:36:33.0152 3744	fvevol          (dafbd9fe39197495aed6d51f3b85b5d2) C:\Windows\system32\DRIVERS\fvevol.sys
22:36:33.0215 3744	fvevol - ok
22:36:33.0261 3744	gagp30kx        (65ee0c7a58b65e74ae05637418153938) C:\Windows\system32\DRIVERS\gagp30kx.sys
22:36:33.0293 3744	gagp30kx - ok
22:36:33.0355 3744	hcw85cir        (c44e3c2bab6837db337ddee7544736db) C:\Windows\system32\drivers\hcw85cir.sys
22:36:33.0417 3744	hcw85cir - ok
22:36:33.0480 3744	hcw95bda        (a9157afe4b6f32dcce9bd18fecd53a0d) C:\Windows\system32\Drivers\hcw95bda.sys
22:36:33.0558 3744	hcw95bda - ok
22:36:33.0589 3744	hcw95rc         (eb77f3c96c62e65cc25f04220b9a204a) C:\Windows\system32\DRIVERS\hcw95rc.sys
22:36:33.0636 3744	hcw95rc - ok
22:36:33.0745 3744	HdAudAddService (3530cad25deba7dc7de8bb51632cbc5f) C:\Windows\system32\drivers\HdAudio.sys
22:36:33.0839 3744	HdAudAddService - ok
22:36:33.0901 3744	HDAudBus        (717a2207fd6f13ad3e664c7d5a43c7bf) C:\Windows\system32\DRIVERS\HDAudBus.sys
22:36:33.0948 3744	HDAudBus - ok
22:36:33.0963 3744	HidBatt         (1d58a7f3e11a9731d0eaaaa8405acc36) C:\Windows\system32\DRIVERS\HidBatt.sys
22:36:34.0010 3744	HidBatt - ok
22:36:34.0026 3744	HidBth          (89448f40e6df260c206a193a4683ba78) C:\Windows\system32\DRIVERS\hidbth.sys
22:36:34.0104 3744	HidBth - ok
22:36:34.0119 3744	HidIr           (cf50b4cf4a4f229b9f3c08351f99ca5e) C:\Windows\system32\DRIVERS\hidir.sys
22:36:34.0182 3744	HidIr - ok
22:36:34.0229 3744	HidUsb          (25072fb35ac90b25f9e4e3bacf774102) C:\Windows\system32\DRIVERS\hidusb.sys
22:36:34.0275 3744	HidUsb - ok
22:36:34.0322 3744	HpSAMD          (295fdc419039090eb8b49ffdbb374549) C:\Windows\system32\DRIVERS\HpSAMD.sys
22:36:34.0369 3744	HpSAMD - ok
22:36:34.0416 3744	HTTP            (c531c7fd9e8b62021112787c4e2c5a5a) C:\Windows\system32\drivers\HTTP.sys
22:36:34.0541 3744	HTTP - ok
22:36:34.0572 3744	hwpolicy        (8305f33cde89ad6c7a0763ed0b5a8d42) C:\Windows\system32\drivers\hwpolicy.sys
22:36:34.0587 3744	hwpolicy - ok
22:36:34.0619 3744	i8042prt        (f151f0bdc47f4a28b1b20a0818ea36d6) C:\Windows\system32\DRIVERS\i8042prt.sys
22:36:34.0681 3744	i8042prt - ok
22:36:34.0759 3744	iaStorV         (71f1a494fedf4b33c02c4a6a28d6d9e9) C:\Windows\system32\drivers\iaStorV.sys
22:36:34.0821 3744	iaStorV - ok
22:36:35.0040 3744	igfx            (9467514ea189475a6e7fdc5d7bde9d3f) C:\Windows\system32\DRIVERS\igdkmd32.sys
22:36:35.0367 3744	igfx - ok
22:36:35.0477 3744	iirsp           (4173ff5708f3236cf25195fecd742915) C:\Windows\system32\DRIVERS\iirsp.sys
22:36:35.0508 3744	iirsp - ok
22:36:35.0555 3744	intelide        (a0f12f2c9ba6c72f3987ce780e77c130) C:\Windows\system32\DRIVERS\intelide.sys
22:36:35.0586 3744	intelide - ok
22:36:35.0617 3744	intelppm        (3b514d27bfc4accb4037bc6685f766e0) C:\Windows\system32\DRIVERS\intelppm.sys
22:36:35.0664 3744	intelppm - ok
22:36:35.0679 3744	IpFilterDriver  (709d1761d3b19a932ff0238ea6d50200) C:\Windows\system32\DRIVERS\ipfltdrv.sys
22:36:35.0789 3744	IpFilterDriver - ok
22:36:35.0804 3744	IPMIDRV         (e4454b6c37d7ffd5649611f6496308a7) C:\Windows\system32\DRIVERS\IPMIDrv.sys
22:36:35.0867 3744	IPMIDRV - ok
22:36:35.0882 3744	IPNAT           (a5fa468d67abcdaa36264e463a7bb0cd) C:\Windows\system32\drivers\ipnat.sys
22:36:35.0960 3744	IPNAT - ok
22:36:36.0007 3744	IRENUM          (42996cff20a3084a56017b7902307e9f) C:\Windows\system32\drivers\irenum.sys
22:36:36.0069 3744	IRENUM - ok
22:36:36.0101 3744	isapnp          (1f32bb6b38f62f7df1a7ab7292638a35) C:\Windows\system32\DRIVERS\isapnp.sys
22:36:36.0132 3744	isapnp - ok
22:36:36.0163 3744	iScsiPrt        (ed46c223ae46c6866ab77cdc41c404b7) C:\Windows\system32\DRIVERS\msiscsi.sys
22:36:36.0210 3744	iScsiPrt - ok
22:36:36.0241 3744	kbdclass        (adef52ca1aeae82b50df86b56413107e) C:\Windows\system32\DRIVERS\kbdclass.sys
22:36:36.0272 3744	kbdclass - ok
22:36:36.0303 3744	kbdhid          (3d9f0ebf350edcfd6498057301455964) C:\Windows\system32\DRIVERS\kbdhid.sys
22:36:36.0366 3744	kbdhid - ok
22:36:36.0413 3744	KSecDD          (0263364acb9c834ace52fb85c2c064ec) C:\Windows\system32\Drivers\ksecdd.sys
22:36:36.0444 3744	KSecDD - ok
22:36:36.0475 3744	KSecPkg         (27391db553be2a4e2b0adeea2873b2af) C:\Windows\system32\Drivers\ksecpkg.sys
22:36:36.0522 3744	KSecPkg - ok
22:36:36.0584 3744	lltdio          (f7611ec07349979da9b0ae1f18ccc7a6) C:\Windows\system32\DRIVERS\lltdio.sys
22:36:36.0662 3744	lltdio - ok
22:36:36.0725 3744	LSI_FC          (eb119a53ccf2acc000ac71b065b78fef) C:\Windows\system32\DRIVERS\lsi_fc.sys
22:36:36.0771 3744	LSI_FC - ok
22:36:36.0787 3744	LSI_SAS         (8ade1c877256a22e49b75d1cc9161f9c) C:\Windows\system32\DRIVERS\lsi_sas.sys
22:36:36.0818 3744	LSI_SAS - ok
22:36:36.0834 3744	LSI_SAS2        (dc9dc3d3daa0e276fd2ec262e38b11e9) C:\Windows\system32\DRIVERS\lsi_sas2.sys
22:36:36.0881 3744	LSI_SAS2 - ok
22:36:36.0896 3744	LSI_SCSI        (0a036c7d7cab643a7f07135ac47e0524) C:\Windows\system32\DRIVERS\lsi_scsi.sys
22:36:36.0927 3744	LSI_SCSI - ok
22:36:36.0959 3744	luafv           (6703e366cc18d3b6e534f5cf7df39cee) C:\Windows\system32\drivers\luafv.sys
22:36:37.0037 3744	luafv - ok
22:36:37.0115 3744	MBAMProtector   (b7ca8cc3f978201856b6ab82f40953c3) C:\Windows\system32\drivers\mbam.sys
22:36:37.0130 3744	MBAMProtector - ok
22:36:37.0208 3744	megasas         (0fff5b045293002ab38eb1fd1fc2fb74) C:\Windows\system32\DRIVERS\megasas.sys
22:36:37.0239 3744	megasas - ok
22:36:37.0271 3744	MegaSR          (dcbab2920c75f390caf1d29f675d03d6) C:\Windows\system32\DRIVERS\MegaSR.sys
22:36:37.0317 3744	MegaSR - ok
22:36:37.0333 3744	Modem           (f001861e5700ee84e2d4e52c712f4964) C:\Windows\system32\drivers\modem.sys
22:36:37.0411 3744	Modem - ok
22:36:37.0442 3744	monitor         (79d10964de86b292320e9dfe02282a23) C:\Windows\system32\DRIVERS\monitor.sys
22:36:37.0489 3744	monitor - ok
22:36:37.0505 3744	mouclass        (fb18cc1d4c2e716b6b903b0ac0cc0609) C:\Windows\system32\DRIVERS\mouclass.sys
22:36:37.0551 3744	mouclass - ok
22:36:37.0567 3744	mouhid          (2c388d2cd01c9042596cf3c8f3c7b24d) C:\Windows\system32\DRIVERS\mouhid.sys
22:36:37.0614 3744	mouhid - ok
22:36:37.0629 3744	mountmgr        (921c18727c5920d6c0300736646931c2) C:\Windows\system32\drivers\mountmgr.sys
22:36:37.0676 3744	mountmgr - ok
22:36:37.0692 3744	mpio            (2af5997438c55fb79d33d015c30e1974) C:\Windows\system32\DRIVERS\mpio.sys
22:36:37.0739 3744	mpio - ok
22:36:37.0754 3744	mpsdrv          (ad2723a7b53dd1aacae6ad8c0bfbf4d0) C:\Windows\system32\drivers\mpsdrv.sys
22:36:37.0957 3744	mpsdrv - ok
22:36:37.0973 3744	MRxDAV          (b1be47008d20e43da3adc37c24cdb89d) C:\Windows\system32\drivers\mrxdav.sys
22:36:38.0051 3744	MRxDAV - ok
22:36:38.0097 3744	mrxsmb          (ca7570e42522e24324a12161db14ec02) C:\Windows\system32\DRIVERS\mrxsmb.sys
22:36:38.0207 3744	mrxsmb - ok
22:36:38.0222 3744	mrxsmb10        (f965c3ab2b2ae5c378f4562486e35051) C:\Windows\system32\DRIVERS\mrxsmb10.sys
22:36:38.0300 3744	mrxsmb10 - ok
22:36:38.0331 3744	mrxsmb20        (25c38264a3c72594dd21d355d70d7a5d) C:\Windows\system32\DRIVERS\mrxsmb20.sys
22:36:38.0378 3744	mrxsmb20 - ok
22:36:38.0409 3744	msahci          (4326d168944123f38dd3b2d9c37a0b12) C:\Windows\system32\DRIVERS\msahci.sys
22:36:38.0441 3744	msahci - ok
22:36:38.0456 3744	msdsm           (455029c7174a2dbb03dba8a0d8bddd9a) C:\Windows\system32\DRIVERS\msdsm.sys
22:36:38.0487 3744	msdsm - ok
22:36:38.0550 3744	Msfs            (daefb28e3af5a76abcc2c3078c07327f) C:\Windows\system32\drivers\Msfs.sys
22:36:38.0612 3744	Msfs - ok
22:36:38.0643 3744	mshidkmdf       (3e1e5767043c5af9367f0056295e9f84) C:\Windows\System32\drivers\mshidkmdf.sys
22:36:38.0706 3744	mshidkmdf - ok
22:36:38.0737 3744	msisadrv        (0a4e5757ae09fa9622e3158cc1aef114) C:\Windows\system32\DRIVERS\msisadrv.sys
22:36:38.0753 3744	msisadrv - ok
22:36:38.0799 3744	MSKSSRV         (8c0860d6366aaffb6c5bb9df9448e631) C:\Windows\system32\drivers\MSKSSRV.sys
22:36:38.0862 3744	MSKSSRV - ok
22:36:38.0877 3744	MSPCLOCK        (3ea8b949f963562cedbb549eac0c11ce) C:\Windows\system32\drivers\MSPCLOCK.sys
22:36:38.0940 3744	MSPCLOCK - ok
22:36:38.0955 3744	MSPQM           (f456e973590d663b1073e9c463b40932) C:\Windows\system32\drivers\MSPQM.sys
22:36:39.0018 3744	MSPQM - ok
22:36:39.0049 3744	MsRPC           (0e008fc4819d238c51d7c93e7b41e560) C:\Windows\system32\drivers\MsRPC.sys
22:36:39.0080 3744	MsRPC - ok
22:36:39.0096 3744	mssmbios        (fc6b9ff600cc585ea38b12589bd4e246) C:\Windows\system32\DRIVERS\mssmbios.sys
22:36:39.0127 3744	mssmbios - ok
22:36:39.0143 3744	MSTEE           (b42c6b921f61a6e55159b8be6cd54a36) C:\Windows\system32\drivers\MSTEE.sys
22:36:39.0189 3744	MSTEE - ok
22:36:39.0221 3744	MTConfig        (33599130f44e1f34631cea241de8ac84) C:\Windows\system32\DRIVERS\MTConfig.sys
22:36:39.0252 3744	MTConfig - ok
22:36:39.0267 3744	Mup             (159fad02f64e6381758c990f753bcc80) C:\Windows\system32\Drivers\mup.sys
22:36:39.0299 3744	Mup - ok
22:36:39.0330 3744	NativeWifiP     (26384429fcd85d83746f63e798ab1480) C:\Windows\system32\DRIVERS\nwifi.sys
22:36:39.0408 3744	NativeWifiP - ok
22:36:39.0455 3744	NDIS            (23759d175a0a9baaf04d05047bc135a8) C:\Windows\system32\drivers\ndis.sys
22:36:39.0501 3744	NDIS - ok
22:36:39.0517 3744	NdisCap         (0e1787aa6c9191d3d319e8bafe86f80c) C:\Windows\system32\DRIVERS\ndiscap.sys
22:36:39.0611 3744	NdisCap - ok
22:36:39.0642 3744	NdisTapi        (e4a8aec125a2e43a9e32afeea7c9c888) C:\Windows\system32\DRIVERS\ndistapi.sys
22:36:39.0720 3744	NdisTapi - ok
22:36:39.0751 3744	Ndisuio         (b30ae7f2b6d7e343b0df32e6c08fce75) C:\Windows\system32\DRIVERS\ndisuio.sys
22:36:39.0813 3744	Ndisuio - ok
22:36:39.0829 3744	NdisWan         (267c415eadcbe53c9ca873dee39cf3a4) C:\Windows\system32\DRIVERS\ndiswan.sys
22:36:39.0923 3744	NdisWan - ok
22:36:40.0001 3744	NDProxy         (af7e7c63dcef3f8772726f86039d6eb4) C:\Windows\system32\drivers\NDProxy.sys
22:36:40.0079 3744	NDProxy - ok
22:36:40.0281 3744	NetBIOS         (80b275b1ce3b0e79909db7b39af74d51) C:\Windows\system32\DRIVERS\netbios.sys
22:36:40.0375 3744	NetBIOS - ok
22:36:40.0406 3744	NetBT           (dd52a733bf4ca5af84562a5e2f963b91) C:\Windows\system32\DRIVERS\netbt.sys
22:36:40.0484 3744	NetBT - ok
22:36:40.0703 3744	netw5v32        (58218ec6b61b1169cf54aab0d00f5fe2) C:\Windows\system32\DRIVERS\netw5v32.sys
22:36:40.0968 3744	netw5v32 - ok
22:36:41.0061 3744	nfrd960         (1d85c4b390b0ee09c7a46b91efb2c097) C:\Windows\system32\DRIVERS\nfrd960.sys
22:36:41.0108 3744	nfrd960 - ok
22:36:41.0139 3744	Npfs            (1db262a9f8c087e8153d89bef3d2235f) C:\Windows\system32\drivers\Npfs.sys
22:36:41.0217 3744	Npfs - ok
22:36:41.0249 3744	nsiproxy        (e9a0a4d07e53d8fea2bb8387a3293c58) C:\Windows\system32\drivers\nsiproxy.sys
22:36:41.0327 3744	nsiproxy - ok
22:36:41.0405 3744	Ntfs            (187002ce05693c306f43c873f821381f) C:\Windows\system32\drivers\Ntfs.sys
22:36:41.0545 3744	Ntfs - ok
22:36:41.0576 3744	Null            (f9756a98d69098dca8945d62858a812c) C:\Windows\system32\drivers\Null.sys
22:36:41.0639 3744	Null - ok
22:36:41.0717 3744	nvraid          (f1b0bed906f97e16f6d0c3629d2f21c6) C:\Windows\system32\drivers\nvraid.sys
22:36:41.0795 3744	nvraid - ok
22:36:41.0841 3744	nvstor          (4520b63899e867f354ee012d34e11536) C:\Windows\system32\drivers\nvstor.sys
22:36:41.0873 3744	nvstor - ok
22:36:41.0904 3744	nv_agp          (5a0983915f02bae73267cc2a041f717d) C:\Windows\system32\DRIVERS\nv_agp.sys
22:36:41.0951 3744	nv_agp - ok
22:36:41.0982 3744	ohci1394        (08a70a1f2cdde9bb49b885cb817a66eb) C:\Windows\system32\DRIVERS\ohci1394.sys
22:36:42.0044 3744	ohci1394 - ok
22:36:42.0075 3744	Parport         (2ea877ed5dd9713c5ac74e8ea7348d14) C:\Windows\system32\DRIVERS\parport.sys
22:36:42.0138 3744	Parport - ok
22:36:42.0153 3744	partmgr         (ff4218952b51de44fe910953a3e686b9) C:\Windows\system32\drivers\partmgr.sys
22:36:42.0185 3744	partmgr - ok
22:36:42.0200 3744	Parvdm          (eb0a59f29c19b86479d36b35983daadc) C:\Windows\system32\DRIVERS\parvdm.sys
22:36:42.0231 3744	Parvdm - ok
22:36:42.0263 3744	pci             (c858cb77c577780ecc456a892e7e7d0f) C:\Windows\system32\DRIVERS\pci.sys
22:36:42.0309 3744	pci - ok
22:36:42.0325 3744	pciide          (afe86f419014db4e5593f69ffe26ce0a) C:\Windows\system32\DRIVERS\pciide.sys
22:36:42.0356 3744	pciide - ok
22:36:42.0387 3744	pcmcia          (f396431b31693e71e8a80687ef523506) C:\Windows\system32\DRIVERS\pcmcia.sys
22:36:42.0419 3744	pcmcia - ok
22:36:42.0434 3744	pcw             (250f6b43d2b613172035c6747aeeb19f) C:\Windows\system32\drivers\pcw.sys
22:36:42.0481 3744	pcw - ok
22:36:42.0528 3744	PEAUTH          (9e0104ba49f4e6973749a02bf41344ed) C:\Windows\system32\drivers\peauth.sys
22:36:42.0653 3744	PEAUTH - ok
22:36:42.0746 3744	PptpMiniport    (631e3e205ad6d86f2aed6a4a8e69f2db) C:\Windows\system32\DRIVERS\raspptp.sys
22:36:42.0840 3744	PptpMiniport - ok
22:36:42.0855 3744	Processor       (85b1e3a0c7585bc4aae6899ec6fcf011) C:\Windows\system32\DRIVERS\processr.sys
22:36:42.0918 3744	Processor - ok
22:36:42.0980 3744	Psched          (6270ccae2a86de6d146529fe55b3246a) C:\Windows\system32\DRIVERS\pacer.sys
22:36:43.0058 3744	Psched - ok
22:36:43.0121 3744	QCEmerald       (7a48ee359f8f2d6de6e11a01074180b0) C:\Windows\system32\DRIVERS\LVCE.sys
22:36:43.0183 3744	QCEmerald - ok
22:36:43.0245 3744	ql2300          (ab95ecf1f6659a60ddc166d8315b0751) C:\Windows\system32\DRIVERS\ql2300.sys
22:36:43.0401 3744	ql2300 - ok
22:36:43.0448 3744	ql40xx          (b4dd51dd25182244b86737dc51af2270) C:\Windows\system32\DRIVERS\ql40xx.sys
22:36:43.0479 3744	ql40xx - ok
22:36:43.0495 3744	QWAVEdrv        (584078ca1b95ca72df2a27c336f9719d) C:\Windows\system32\drivers\qwavedrv.sys
22:36:43.0542 3744	QWAVEdrv - ok
22:36:43.0557 3744	RasAcd          (30a81b53c766d0133bb86d234e5556ab) C:\Windows\system32\DRIVERS\rasacd.sys
22:36:43.0635 3744	RasAcd - ok
22:36:43.0682 3744	RasAgileVpn     (57ec4aef73660166074d8f7f31c0d4fd) C:\Windows\system32\DRIVERS\AgileVpn.sys
22:36:43.0760 3744	RasAgileVpn - ok
22:36:43.0791 3744	Rasl2tp         (d9f91eafec2815365cbe6d167e4e332a) C:\Windows\system32\DRIVERS\rasl2tp.sys
22:36:43.0854 3744	Rasl2tp - ok
22:36:43.0901 3744	RasPppoe        (0fe8b15916307a6ac12bfb6a63e45507) C:\Windows\system32\DRIVERS\raspppoe.sys
22:36:43.0994 3744	RasPppoe - ok
22:36:44.0010 3744	RasSstp         (44101f495a83ea6401d886e7fd70096b) C:\Windows\system32\DRIVERS\rassstp.sys
22:36:44.0103 3744	RasSstp - ok
22:36:44.0119 3744	rdbss           (835d7e81bf517a3b72384bdcc85e1ce6) C:\Windows\system32\DRIVERS\rdbss.sys
22:36:44.0213 3744	rdbss - ok
22:36:44.0228 3744	rdpbus          (0d8f05481cb76e70e1da06ee9f0da9df) C:\Windows\system32\DRIVERS\rdpbus.sys
22:36:44.0275 3744	rdpbus - ok
22:36:44.0291 3744	RDPCDD          (1e016846895b15a99f9a176a05029075) C:\Windows\system32\DRIVERS\RDPCDD.sys
22:36:44.0384 3744	RDPCDD - ok
22:36:44.0415 3744	RDPDR           (c5ff95883ffef704d50c40d21cfb3ab5) C:\Windows\system32\drivers\rdpdr.sys
22:36:44.0478 3744	RDPDR - ok
22:36:44.0525 3744	RDPENCDD        (5a53ca1598dd4156d44196d200c94b8a) C:\Windows\system32\drivers\rdpencdd.sys
22:36:44.0587 3744	RDPENCDD - ok
22:36:44.0618 3744	RDPREFMP        (44b0a53cd4f27d50ed461dae0c0b4e1f) C:\Windows\system32\drivers\rdprefmp.sys
22:36:44.0681 3744	RDPREFMP - ok
22:36:44.0696 3744	RDPWD           (801371ba9782282892d00aadb08ee367) C:\Windows\system32\drivers\RDPWD.sys
22:36:44.0790 3744	RDPWD - ok
22:36:44.0837 3744	rdyboost        (4ea225bf1cf05e158853f30a99ca29a7) C:\Windows\system32\drivers\rdyboost.sys
22:36:44.0883 3744	rdyboost - ok
22:36:44.0993 3744	rspndr          (032b0d36ad92b582d869879f5af5b928) C:\Windows\system32\DRIVERS\rspndr.sys
22:36:45.0086 3744	rspndr - ok
22:36:45.0289 3744	s3cap           (5423d8437051e89dd34749f242c98648) C:\Windows\system32\DRIVERS\vms3cap.sys
22:36:45.0336 3744	s3cap - ok
22:36:45.0398 3744	sbp2port        (34ee0c44b724e3e4ce2eff29126de5b5) C:\Windows\system32\DRIVERS\sbp2port.sys
22:36:45.0445 3744	sbp2port - ok
22:36:45.0461 3744	scfilter        (a95c54b2ac3cc9c73fcdf9e51a1d6b51) C:\Windows\system32\DRIVERS\scfilter.sys
22:36:45.0554 3744	scfilter - ok
22:36:45.0617 3744	sdbus           (7b48cff3a475fe849dea65ec4d35c425) C:\Windows\system32\DRIVERS\sdbus.sys
22:36:45.0679 3744	sdbus - ok
22:36:45.0726 3744	secdrv          (90a3935d05b494a5a39d37e71f09a677) C:\Windows\system32\drivers\secdrv.sys
22:36:45.0819 3744	secdrv - ok
22:36:45.0866 3744	Serenum         (9ad8b8b515e3df6acd4212ef465de2d1) C:\Windows\system32\DRIVERS\serenum.sys
22:36:45.0929 3744	Serenum - ok
22:36:45.0944 3744	Serial          (5fb7fcea0490d821f26f39cc5ea3d1e2) C:\Windows\system32\DRIVERS\serial.sys
22:36:46.0007 3744	Serial - ok
22:36:46.0038 3744	sermouse        (79bffb520327ff916a582dfea17aa813) C:\Windows\system32\DRIVERS\sermouse.sys
22:36:46.0069 3744	sermouse - ok
22:36:46.0116 3744	sffdisk         (9f976e1eb233df46fce808d9dea3eb9c) C:\Windows\system32\DRIVERS\sffdisk.sys
22:36:46.0163 3744	sffdisk - ok
22:36:46.0178 3744	sffp_mmc        (932a68ee27833cfd57c1639d375f2731) C:\Windows\system32\DRIVERS\sffp_mmc.sys
22:36:46.0225 3744	sffp_mmc - ok
22:36:46.0241 3744	sffp_sd         (4f1e5b0fe7c8050668dbfade8999aefb) C:\Windows\system32\DRIVERS\sffp_sd.sys
22:36:46.0303 3744	sffp_sd - ok
22:36:46.0319 3744	sfloppy         (db96666cc8312ebc45032f30b007a547) C:\Windows\system32\DRIVERS\sfloppy.sys
22:36:46.0365 3744	sfloppy - ok
22:36:46.0381 3744	sisagp          (2565cac0dc9fe0371bdce60832582b2e) C:\Windows\system32\DRIVERS\sisagp.sys
22:36:46.0428 3744	sisagp - ok
22:36:46.0443 3744	SiSRaid2        (a9f0486851becb6dda1d89d381e71055) C:\Windows\system32\DRIVERS\SiSRaid2.sys
22:36:46.0490 3744	SiSRaid2 - ok
22:36:46.0506 3744	SiSRaid4        (3727097b55738e2f554972c3be5bc1aa) C:\Windows\system32\DRIVERS\sisraid4.sys
22:36:46.0553 3744	SiSRaid4 - ok
22:36:46.0584 3744	Smb             (3e21c083b8a01cb70ba1f09303010fce) C:\Windows\system32\DRIVERS\smb.sys
22:36:46.0677 3744	Smb - ok
22:36:46.0740 3744	spldr           (95cf1ae7527fb70f7816563cbc09d942) C:\Windows\system32\drivers\spldr.sys
22:36:46.0771 3744	spldr - ok
22:36:46.0880 3744	srv             (c4a027b8c0bd3fc0699f41fa5e9e0c87) C:\Windows\system32\DRIVERS\srv.sys
22:36:46.0989 3744	srv - ok
22:36:47.0036 3744	srv2            (414bb592cad8a79649d01f9d94318fb3) C:\Windows\system32\DRIVERS\srv2.sys
22:36:47.0114 3744	srv2 - ok
22:36:47.0177 3744	SrvHsfHDA       (e00fdfaff025e94f9821153750c35a6d) C:\Windows\system32\DRIVERS\VSTAZL3.SYS
22:36:47.0223 3744	SrvHsfHDA - ok
22:36:47.0286 3744	SrvHsfV92       (ceb4e3b6890e1e42dca6694d9e59e1a0) C:\Windows\system32\DRIVERS\VSTDPV3.SYS
22:36:47.0379 3744	SrvHsfV92 - ok
22:36:47.0426 3744	SrvHsfWinac     (bc0c7ea89194c299f051c24119000e17) C:\Windows\system32\DRIVERS\VSTCNXT3.SYS
22:36:47.0489 3744	SrvHsfWinac - ok
22:36:47.0535 3744	srvnet          (ff207d67700aa18242aaf985d3e7d8f4) C:\Windows\system32\DRIVERS\srvnet.sys
22:36:47.0598 3744	srvnet - ok
22:36:47.0660 3744	ssmdrv          (a36ee93698802cd899f98bfd553d8185) C:\Windows\system32\DRIVERS\ssmdrv.sys
22:36:47.0691 3744	ssmdrv - ok
22:36:47.0738 3744	stexstor        (db32d325c192b801df274bfd12a7e72b) C:\Windows\system32\DRIVERS\stexstor.sys
22:36:47.0769 3744	stexstor - ok
22:36:47.0816 3744	StillCam        (edb05bd63148796f23ea78506404a538) C:\Windows\system32\DRIVERS\serscan.sys
22:36:47.0879 3744	StillCam - ok
22:36:47.0925 3744	storflt         (957e346ca948668f2496a6ccf6ff82cc) C:\Windows\system32\DRIVERS\vmstorfl.sys
22:36:47.0957 3744	storflt - ok
22:36:47.0972 3744	storvsc         (d5751969dc3e4b88bf482ac8ec9fe019) C:\Windows\system32\DRIVERS\storvsc.sys
22:36:48.0003 3744	storvsc - ok
22:36:48.0035 3744	swenum          (e58c78a848add9610a4db6d214af5224) C:\Windows\system32\DRIVERS\swenum.sys
22:36:48.0066 3744	swenum - ok
22:36:48.0191 3744	Tcpip           (56c198ac82efa622dd93e9e43575f79c) C:\Windows\system32\drivers\tcpip.sys
22:36:48.0331 3744	Tcpip - ok
22:36:48.0393 3744	TCPIP6          (56c198ac82efa622dd93e9e43575f79c) C:\Windows\system32\DRIVERS\tcpip.sys
22:36:48.0456 3744	TCPIP6 - ok
22:36:48.0487 3744	tcpipreg        (e64444523add154f86567c469bc0b17f) C:\Windows\system32\drivers\tcpipreg.sys
22:36:48.0581 3744	tcpipreg - ok
22:36:48.0612 3744	TDPIPE          (1875c1490d99e70e449e3afae9fcbadf) C:\Windows\system32\drivers\tdpipe.sys
22:36:48.0690 3744	TDPIPE - ok
22:36:48.0705 3744	TDTCP           (7551e91ea999ee9a8e9c331d5a9c31f3) C:\Windows\system32\drivers\tdtcp.sys
22:36:48.0799 3744	TDTCP - ok
22:36:48.0815 3744	tdx             (cb39e896a2a83702d1737bfd402b3542) C:\Windows\system32\DRIVERS\tdx.sys
22:36:48.0893 3744	tdx - ok
22:36:48.0908 3744	TermDD          (c36f41ee20e6999dbf4b0425963268a5) C:\Windows\system32\DRIVERS\termdd.sys
22:36:48.0955 3744	TermDD - ok
22:36:49.0002 3744	tssecsrv        (98ae6fa07d12cb4ec5cf4a9bfa5f4242) C:\Windows\system32\DRIVERS\tssecsrv.sys
22:36:49.0064 3744	tssecsrv - ok
22:36:49.0111 3744	tunnel          (3e461d890a97f9d4c168f5fda36e1d00) C:\Windows\system32\DRIVERS\tunnel.sys
22:36:49.0189 3744	tunnel - ok
22:36:49.0220 3744	uagp35          (750fbcb269f4d7dd2e420c56b795db6d) C:\Windows\system32\DRIVERS\uagp35.sys
22:36:49.0251 3744	uagp35 - ok
22:36:49.0267 3744	udfs            (09cc3e16f8e5ee7168e01cf8fcbe061a) C:\Windows\system32\DRIVERS\udfs.sys
22:36:49.0376 3744	udfs - ok
22:36:49.0423 3744	uliagpkx        (44e8048ace47befbfdc2e9be4cbc8880) C:\Windows\system32\DRIVERS\uliagpkx.sys
22:36:49.0454 3744	uliagpkx - ok
22:36:49.0485 3744	umbus           (049b3a50b3d646baeeee9eec9b0668dc) C:\Windows\system32\DRIVERS\umbus.sys
22:36:49.0563 3744	umbus - ok
22:36:49.0579 3744	UmPass          (7550ad0c6998ba1cb4843e920ee0feac) C:\Windows\system32\DRIVERS\umpass.sys
22:36:49.0610 3744	UmPass - ok
22:36:49.0673 3744	usbccgp         (c31ae588e403042632dc796cf09e30b0) C:\Windows\system32\DRIVERS\usbccgp.sys
22:36:49.0719 3744	usbccgp - ok
22:36:49.0735 3744	usbcir          (04ec7cec62ec3b6d9354eee93327fc82) C:\Windows\system32\DRIVERS\usbcir.sys
22:36:49.0813 3744	usbcir - ok
22:36:49.0860 3744	usbehci         (e4c436d914768ce965d5e659ba7eebd8) C:\Windows\system32\drivers\usbehci.sys
22:36:49.0891 3744	usbehci - ok
22:36:49.0938 3744	usbhub          (bdcd7156ec37448f08633fd899823620) C:\Windows\system32\DRIVERS\usbhub.sys
22:36:49.0985 3744	usbhub - ok
22:36:50.0031 3744	usbohci         (eb2d819a639015253c871cda09d91d58) C:\Windows\system32\drivers\usbohci.sys
22:36:50.0078 3744	usbohci - ok
22:36:50.0141 3744	usbprint        (797d862fe0875e75c7cc4c1ad7b30252) C:\Windows\system32\DRIVERS\usbprint.sys
22:36:50.0187 3744	usbprint - ok
22:36:50.0219 3744	usbscan         (576096ccbc07e7c4ea4f5e6686d6888f) C:\Windows\system32\DRIVERS\usbscan.sys
22:36:50.0297 3744	usbscan - ok
22:36:50.0328 3744	USBSTOR         (1c4287739a93594e57e2a9e6a3ed7353) C:\Windows\system32\DRIVERS\USBSTOR.SYS
22:36:50.0375 3744	USBSTOR - ok
22:36:50.0421 3744	usbuhci         (22480bf4e5a09192e5e30ba4dde79fa4) C:\Windows\system32\drivers\usbuhci.sys
22:36:50.0453 3744	usbuhci - ok
22:36:50.0515 3744	vdrvroot        (a059c4c3edb09e07d21a8e5c0aabd3cb) C:\Windows\system32\DRIVERS\vdrvroot.sys
22:36:50.0546 3744	vdrvroot - ok
22:36:50.0577 3744	vga             (17c408214ea61696cec9c66e388b14f3) C:\Windows\system32\DRIVERS\vgapnp.sys
22:36:50.0624 3744	vga - ok
22:36:50.0640 3744	VgaSave         (8e38096ad5c8570a6f1570a61e251561) C:\Windows\System32\drivers\vga.sys
22:36:50.0718 3744	VgaSave - ok
22:36:50.0733 3744	vhdmp           (3be6e1f3a4f1afec8cee0d7883f93583) C:\Windows\system32\DRIVERS\vhdmp.sys
22:36:50.0780 3744	vhdmp - ok
22:36:50.0796 3744	viaagp          (c829317a37b4bea8f39735d4b076e923) C:\Windows\system32\DRIVERS\viaagp.sys
22:36:50.0843 3744	viaagp - ok
22:36:50.0858 3744	ViaC7           (e02f079a6aa107f06b16549c6e5c7b74) C:\Windows\system32\DRIVERS\viac7.sys
22:36:50.0921 3744	ViaC7 - ok
22:36:50.0936 3744	viaide          (e43574f6a56a0ee11809b48c09e4fd3c) C:\Windows\system32\DRIVERS\viaide.sys
22:36:50.0967 3744	viaide - ok
22:36:50.0999 3744	vmbus           (379b349f65f453d2a6e75ea6b7448e49) C:\Windows\system32\DRIVERS\vmbus.sys
22:36:51.0045 3744	vmbus - ok
22:36:51.0061 3744	VMBusHID        (ec2bbab4b84d0738c6c83d2234dc36fe) C:\Windows\system32\DRIVERS\VMBusHID.sys
22:36:51.0108 3744	VMBusHID - ok
22:36:51.0123 3744	volmgr          (384e5a2aa49934295171e499f86ba6f3) C:\Windows\system32\DRIVERS\volmgr.sys
22:36:51.0170 3744	volmgr - ok
22:36:51.0186 3744	volmgrx         (b5bb72067ddddbbfb04b2f89ff8c3c87) C:\Windows\system32\drivers\volmgrx.sys
22:36:51.0233 3744	volmgrx - ok
22:36:51.0264 3744	volsnap         (58df9d2481a56edde167e51b334d44fd) C:\Windows\system32\DRIVERS\volsnap.sys
22:36:51.0326 3744	volsnap - ok
22:36:51.0373 3744	vsmraid         (9dfa0cc2f8855a04816729651175b631) C:\Windows\system32\DRIVERS\vsmraid.sys
22:36:51.0420 3744	vsmraid - ok
22:36:51.0435 3744	vwifibus        (90567b1e658001e79d7c8bbd3dde5aa6) C:\Windows\System32\drivers\vwifibus.sys
22:36:51.0482 3744	vwifibus - ok
22:36:51.0498 3744	WacomPen        (de3721e89c653aa281428c8a69745d90) C:\Windows\system32\DRIVERS\wacompen.sys
22:36:51.0545 3744	WacomPen - ok
22:36:51.0576 3744	WANARP          (692a712062146e96d28ba0b7d75de31b) C:\Windows\system32\DRIVERS\wanarp.sys
22:36:51.0654 3744	WANARP - ok
22:36:51.0654 3744	Wanarpv6        (692a712062146e96d28ba0b7d75de31b) C:\Windows\system32\DRIVERS\wanarp.sys
22:36:51.0716 3744	Wanarpv6 - ok
22:36:51.0763 3744	Wd              (1112a9badacb47b7c0bb0392e3158dff) C:\Windows\system32\DRIVERS\wd.sys
22:36:51.0794 3744	Wd - ok
22:36:51.0825 3744	Wdf01000        (9950e3d0f08141c7e89e64456ae7dc73) C:\Windows\system32\drivers\Wdf01000.sys
22:36:51.0888 3744	Wdf01000 - ok
22:36:51.0966 3744	WfpLwf          (8b9a943f3b53861f2bfaf6c186168f79) C:\Windows\system32\DRIVERS\wfplwf.sys
22:36:52.0044 3744	WfpLwf - ok
22:36:52.0075 3744	WIMMount        (5cf95b35e59e2a38023836fff31be64c) C:\Windows\system32\drivers\wimmount.sys
22:36:52.0106 3744	WIMMount - ok
22:36:52.0184 3744	WmiAcpi         (0217679b8fca58714c3bf2726d2ca84e) C:\Windows\system32\DRIVERS\wmiacpi.sys
22:36:52.0215 3744	WmiAcpi - ok
22:36:52.0278 3744	ws2ifsl         (6db3276587b853bf886b69528fdb048c) C:\Windows\system32\drivers\ws2ifsl.sys
22:36:52.0356 3744	ws2ifsl - ok
22:36:52.0387 3744	WudfPf          (6f9b6c0c93232cff47d0f72d6db1d21e) C:\Windows\system32\drivers\WudfPf.sys
22:36:52.0465 3744	WudfPf - ok
22:36:52.0496 3744	WUDFRd          (f91ff1e51fca30b3c3981db7d5924252) C:\Windows\system32\DRIVERS\WUDFRd.sys
22:36:52.0574 3744	WUDFRd - ok
22:36:52.0652 3744	MBR (0x1B8)     (a36c5e4f47e84449ff07ed3517b43a31) \Device\Harddisk0\DR0
22:36:52.0808 3744	\Device\Harddisk0\DR0 - ok
22:36:52.0808 3744	Boot (0x1200)   (e13cf040a8df8aecd3ac1f82db69a764) \Device\Harddisk0\DR0\Partition0
22:36:52.0808 3744	\Device\Harddisk0\DR0\Partition0 - ok
22:36:52.0839 3744	Boot (0x1200)   (1ae3d2a350265ecfe3836ddcbf2d708b) \Device\Harddisk0\DR0\Partition1
22:36:52.0855 3744	\Device\Harddisk0\DR0\Partition1 - ok
22:36:52.0871 3744	Boot (0x1200)   (038e85c4e79dc3643ab4dc300589dd87) \Device\Harddisk0\DR0\Partition2
22:36:52.0871 3744	\Device\Harddisk0\DR0\Partition2 - ok
22:36:52.0871 3744	============================================================
22:36:52.0871 3744	Scan finished
22:36:52.0871 3744	============================================================
22:36:52.0886 3800	Detected object count: 2
22:36:52.0886 3800	Actual detected object count: 2
22:37:13.0759 3800	AVerPola ( UnsignedFile.Multi.Generic ) - skipped by user
22:37:13.0759 3800	AVerPola ( UnsignedFile.Multi.Generic ) - User select action: Skip 
22:37:13.0759 3800	AVPolCIR ( UnsignedFile.Multi.Generic ) - skipped by user
22:37:13.0759 3800	AVPolCIR ( UnsignedFile.Multi.Generic ) - User select action: Skip

cosinus · 25.01.2012, 10:05

Dann bitte jetzt CF ausführen:

ComboFix

Ein Leitfaden und Tutorium zur Nutzung von ComboFix

Lade dir ComboFix hier herunter auf deinen Desktop.

Schliesse alle Programme, vor allem dein Antivirenprogramm und andere Hintergrundwächter sowie deinen Internetbrowser.

Starte cofi.exe von deinem Desktop aus, bestätige die Warnmeldungen, führe die Updates durch (falls vorgeschlagen), installiere die Wiederherstellungskonsole (falls vorgeschlagen) und lass dein System durchsuchen.
Vermeide es auch während Combofix läuft die Maus und Tastatur zu benutzen.

Im Anschluss öffnet sich automatisch eine combofix.txt, diesen Inhalt bitte kopieren ([Strg]a, [Strg]c) und in deinen Beitrag einfügen ([Strg]v). Die Datei findest du außerdem unter: C:\ComboFix.txt.

Wichtiger Hinweis:

Combofix darf ausschließlich ausgeführt werden, wenn ein Kompetenzler dies ausdrücklich empfohlen hat!

Es sollte nie auf eigene Initiative hin ausgeführt werden! Eine falsche Benutzung kann ernsthafte Computerprobleme nach sich ziehen und eine Bereinigung der Infektion noch erschweren.

Solltest du nach der Ausführung von Combofix Probleme beim Starten von Anwendungen haben und Meldungen erhalten wie

Zitat:

Es wurde versucht, einen Registrierungsschlüssel einem ungültigen Vorgang zu unterziehen, der zum Löschen markiert wurde.

startest du Windows dann manuell neu und die Fehlermeldungen sollten nicht mehr auftauchen.

Paclib · 25.01.2012, 17:32

Code:

ATTFilter

ComboFix 12-01-23.02 - MR 25.01.2012  17:19:59.1.2 - x86
Microsoft Windows 7 Professional   6.1.7600.0.1252.49.1031.18.2038.1254 [GMT 1:00]
ausgeführt von:: c:\users\MR\Desktop\ComboFix.exe
AV: Avira Desktop *Enabled/Updated* {F67B4DE5-C0B4-6C3F-0EFF-6C83BD5D0C2C}
SP: Avira Desktop *Enabled/Updated* {4D1AAC01-E68E-63B1-344F-57F1C6DA4691}
SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
.
((((((((((((((((((((((((((((((((((((   Weitere Löschungen   ))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\windows\IsUn0407.exe
.
.
(((((((((((((((((((((((   Dateien erstellt von 2011-12-25 bis 2012-01-25  ))))))))))))))))))))))))))))))
.
.
2012-01-25 16:27 . 2012-01-25 16:27	--------	d-----w-	c:\users\MR\AppData\Local\temp
2012-01-25 16:27 . 2012-01-25 16:27	--------	d-----w-	c:\users\Default\AppData\Local\temp
2012-01-24 19:40 . 2012-01-24 19:40	--------	d-----w-	C:\_OTL
2012-01-24 13:00 . 2012-01-06 04:19	6557240	----a-w-	c:\programdata\Microsoft\Windows Defender\Definition Updates\{5F5976B6-94F5-4F0E-A085-1A13458EE9CE}\mpengine.dll
2012-01-22 10:53 . 2012-01-22 10:53	--------	d-----w-	c:\users\MR\AppData\Roaming\f-secure
2012-01-22 10:52 . 2012-01-22 10:52	--------	d-----w-	c:\programdata\F-Secure
2012-01-22 10:41 . 2012-01-22 10:41	--------	d-----w-	c:\users\MR\AppData\Roaming\QuickScan
2012-01-21 20:17 . 2012-01-21 20:17	--------	d-----w-	c:\users\MR\AppData\Roaming\Malwarebytes
2012-01-21 20:17 . 2012-01-21 20:17	--------	d-----w-	c:\programdata\Malwarebytes
2012-01-21 20:17 . 2012-01-21 20:17	--------	d-----w-	c:\program files\Malwarebytes' Anti-Malware
2012-01-21 20:17 . 2011-12-10 14:24	20464	----a-w-	c:\windows\system32\drivers\mbam.sys
2012-01-21 07:56 . 2012-01-21 07:56	--------	d-----w-	c:\program files\ESET
2012-01-11 14:27 . 2011-11-17 05:41	1288984	----a-w-	c:\windows\system32\ntdll.dll
2012-01-11 14:27 . 2011-11-19 14:06	67072	----a-w-	c:\windows\system32\packager.dll
2012-01-11 14:27 . 2011-10-26 04:28	1328640	----a-w-	c:\windows\system32\quartz.dll
2012-01-11 14:27 . 2011-10-26 04:28	514560	----a-w-	c:\windows\system32\qdvd.dll
2012-01-08 08:14 . 2012-01-08 08:14	626688	----a-w-	c:\program files\Mozilla Firefox\msvcr80.dll
2012-01-08 08:14 . 2012-01-08 08:14	548864	----a-w-	c:\program files\Mozilla Firefox\msvcp80.dll
2012-01-08 08:14 . 2012-01-08 08:14	479232	----a-w-	c:\program files\Mozilla Firefox\msvcm80.dll
2012-01-08 08:14 . 2012-01-08 08:14	43992	----a-w-	c:\program files\Mozilla Firefox\mozutils.dll
2012-01-07 14:14 . 2012-01-07 14:14	--------	d-----w-	c:\program files\uTorrent
2012-01-07 14:13 . 2012-01-25 16:25	--------	d-----w-	c:\users\MR\AppData\Roaming\uTorrent
2012-01-04 09:12 . 2012-01-04 09:12	--------	d-----w-	c:\program files\Windows Media Components
2012-01-04 09:10 . 2001-09-24 08:41	69632	----a-w-	c:\windows\system32\LVUI2RC.dll
2012-01-04 09:10 . 2001-09-24 08:39	44032	----a-w-	c:\windows\system32\drivers\lvce.sys
2012-01-04 09:10 . 2001-09-24 08:38	59904	----a-w-	c:\windows\system32\drivers\lvcam2.dll
2012-01-04 09:10 . 2001-09-24 08:38	33280	----a-w-	c:\windows\system32\drivers\LVSound2.sys
2012-01-04 09:10 . 2001-09-24 08:38	412672	----a-w-	c:\windows\system32\drivers\lvcodek2.dll
2012-01-04 09:10 . 2012-01-04 09:10	--------	d-----w-	c:\program files\Common Files\Logitech
2012-01-04 09:10 . 2001-09-24 08:41	200704	----a-w-	c:\windows\system32\LVUI2.dll
2012-01-04 09:10 . 2001-09-24 08:40	172032	----a-w-	c:\windows\system32\lvcodec2.dll
2012-01-04 09:10 . 2001-09-24 08:39	57344	----a-w-	c:\windows\system32\LVComC.dll
2012-01-04 09:10 . 2001-09-24 08:39	98304	----a-w-	c:\windows\system32\LVComS.exe
2012-01-04 09:09 . 2012-01-04 09:09	--------	d-----w-	c:\program files\Logitech
2012-01-04 09:08 . 2012-01-04 09:08	53248	------w-	c:\program files\Common Files\InstallShield\engine\6\Intel 32\msihook.dll
2012-01-04 09:08 . 2012-01-04 09:08	32768	------w-	c:\program files\Common Files\InstallShield\engine\6\Intel 32\objectps.dll
2012-01-04 09:08 . 2012-01-04 09:08	221184	------w-	c:\program files\Common Files\InstallShield\IScript\iscript.dll
2012-01-04 09:08 . 2012-01-04 09:08	217088	------w-	c:\program files\Common Files\InstallShield\engine\6\Intel 32\iuser.dll
2012-01-04 09:08 . 2012-01-04 09:08	126976	------w-	c:\program files\Common Files\InstallShield\engine\6\Intel 32\knlwrap.exe
2012-01-04 09:08 . 2012-01-04 09:08	598016	------w-	c:\program files\Common Files\InstallShield\engine\6\Intel 32\ikernel.exe
2012-01-04 09:08 . 2012-01-04 09:08	114688	------w-	c:\program files\Common Files\InstallShield\engine\6\Intel 32\scpthdlr.dll
2012-01-03 19:32 . 2012-01-21 08:00	--------	d-----w-	c:\program files\Application Updater
2012-01-03 19:32 . 2012-01-03 19:32	--------	d-----w-	c:\program files\YouTube Downloader Toolbar
2012-01-03 19:32 . 2012-01-03 19:32	--------	d-----w-	c:\program files\Common Files\Spigot
.
.
.
((((((((((((((((((((((((((((((((((((   Find3M Bericht   ))))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2011-12-14 09:08 . 2011-11-09 14:17	1248080	----a-w-	c:\programdata\Microsoft\eHome\Packages\MCESpotlight\MCESpotlight\SpotlightResources.dll
2011-12-09 19:51 . 2011-10-14 07:34	134856	----a-w-	c:\windows\system32\drivers\avipbb.sys
2011-12-08 00:25 . 2011-11-09 14:17	2300696	----a-w-	c:\programdata\Microsoft\eHome\Packages\MCEClientUX\UpdateableMarkup\markup.dll
2011-12-08 00:25 . 2011-11-09 14:17	42776	----a-w-	c:\programdata\Microsoft\eHome\Packages\MCEClientUX\dSM\StartResources.dll
2011-12-08 00:25 . 2011-12-08 00:25	1092400	----a-w-	c:\programdata\Microsoft\eHome\Packages\MCESpotlight\MCESpotlight-2\SpotlightResources.dll
2011-12-05 18:47 . 2006-10-24 21:36	42240	----a-w-	c:\windows\system32\drivers\ESD7SK.sys
2011-12-05 18:47 . 2006-10-24 21:36	76928	----a-w-	c:\windows\system32\drivers\ESM7SK.sys
2011-12-05 18:47 . 2006-10-24 21:36	62208	----a-w-	c:\windows\system32\drivers\EMS7SK.sys
2011-12-05 18:47 . 2011-12-05 18:48	356352	----a-w-	c:\windows\EMCRI.dll
2011-11-24 18:27 . 2011-11-24 18:27	2300696	----a-w-	c:\programdata\Microsoft\eHome\Packages\MCEClientUX\UpdateableMarkup-2\markup.dll
2011-11-24 18:27 . 2011-11-24 18:27	42776	----a-w-	c:\programdata\Microsoft\eHome\Packages\MCEClientUX\dSM-2\StartResources.dll
2011-11-24 04:23 . 2011-12-14 09:07	2340352	----a-w-	c:\windows\system32\win32k.sys
2011-11-15 13:29 . 2011-10-14 07:44	222080	------w-	c:\windows\system32\MpSigStub.exe
2011-11-12 08:59 . 2011-11-12 08:59	98304	----a-w-	c:\windows\system32\CmdLineExt.dll
2011-11-09 16:57 . 2011-11-09 16:57	544656	----a-w-	c:\windows\system32\deployJava1.dll
2011-11-08 12:42 . 2011-11-08 12:41	414368	----a-w-	c:\windows\system32\FlashPlayerCPLApp.cpl
2011-11-05 04:35 . 2011-12-14 09:07	981504	----a-w-	c:\windows\system32\wininet.dll
2011-11-05 04:34 . 2011-12-14 09:07	44544	----a-w-	c:\windows\system32\licmgr10.dll
2011-11-05 04:30 . 2011-12-14 09:07	2048	----a-w-	c:\windows\system32\tzres.dll
2011-11-05 03:28 . 2011-12-14 09:07	386048	----a-w-	c:\windows\system32\html.iec
2011-11-05 02:55 . 2011-12-14 09:07	1638912	----a-w-	c:\windows\system32\mshtml.tlb
2012-01-08 08:14 . 2011-10-13 15:43	121816	----a-w-	c:\program files\mozilla firefox\components\browsercomps.dll
.
.
((((((((((((((((((((((((((((   Autostartpunkte der Registrierung   ))))))))))))))))))))))))))))))))))))))))
.
.
*Hinweis* leere Einträge & legitime Standardeinträge werden nicht angezeigt. 
REGEDIT4
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"uTorrent"="c:\program files\uTorrent\uTorrent.exe" [2012-01-11 735608]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"avgnt"="c:\program files\Avira\AntiVir Desktop\avgnt.exe" [2011-10-11 258512]
"HP Software Update"="c:\program files\Hp\HP Software Update\HPWuSchd2.exe" [2010-06-09 49208]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2008-01-11 39792]
"SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2011-05-04 252136]
"APSDaemon"="c:\program files\Common Files\Apple\Apple Application Support\APSDaemon.exe" [2011-09-27 59240]
"QuickTime Task"="c:\program files\QuickTime\QTTask.exe" [2011-10-24 421888]
"IgfxTray"="c:\windows\system32\igfxtray.exe" [2009-10-02 141848]
"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2009-10-02 173592]
"Persistence"="c:\windows\system32\igfxpers.exe" [2009-10-02 150552]
"LVCOMS"="c:\program files\Common Files\Logitech\QCDriver\LVCOMS.EXE" [2001-09-24 98304]
"QCDriverInstaller"="c:\progra~1\COMMON~1\Logitech\QCDriver\Lqdsw.exe" [2001-09-24 634880]
"RealTray"="c:\program files\Real\RealPlayer\RealPlay.exe" [2012-01-04 20480]
"Malwarebytes' Anti-Malware"="c:\program files\Malwarebytes' Anti-Malware\mbamgui.exe" [2011-12-24 460872]
.
c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
AutoStart IR.lnk - c:\program files\WinTV\Ir.exe [2011-10-18 117344]
McAfee Security Scan Plus.lnk - c:\program files\McAfee Security Scan\2.0.181\SSScheduler.exe [2010-1-15 255536]
WinTV Recording Status..lnk - c:\program files\WinTV\WinTV7\WinTVTray.exe [2011-10-18 82944]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 5 (0x5)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableUIADesktopToggle"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"aux"=wdmaud.drv
.
R2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-03-18 130384]
R3 AVerPola;AVerMedia USB Polaris Series Capture Service;c:\windows\system32\DRIVERS\AVerPola.sys [2009-08-13 314752]
R3 AVPolCIR;AVerMedia USB Polaris Series Custom IR Service;c:\windows\system32\DRIVERS\AVPolCIR.sys [2009-08-13 32896]
R3 hcw95bda;Hauppauge MOD7700 Tuner Driver;c:\windows\system32\Drivers\hcw95bda.sys [2009-07-06 573440]
R3 hcw95rc;Hauppauge MOD7700 IR Driver;c:\windows\system32\DRIVERS\hcw95rc.sys [2009-07-06 15616]
R3 McComponentHostService;McAfee Security Scan Component Host Service;c:\program files\McAfee Security Scan\2.0.181\McCHSvc.exe [2010-01-15 227232]
R3 QCEmerald;Logitech QuickCam Web(PID_0850);c:\windows\system32\DRIVERS\LVCE.sys [2001-09-24 44032]
S1 avkmgr;avkmgr;c:\windows\system32\DRIVERS\avkmgr.sys [2011-10-11 36000]
S2 AntiVirSchedulerService;Avira Planer;c:\program files\Avira\AntiVir Desktop\sched.exe [2011-10-11 86224]
S2 MBAMService;MBAMService;c:\program files\Malwarebytes' Anti-Malware\mbamservice.exe [2011-12-24 652872]
S3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [2011-12-10 20464]
S3 netw5v32;Intel(R) Wireless WiFi Link 5000-Serie - Adaptertreiber für Windows Vista 32 Bit;c:\windows\system32\DRIVERS\netw5v32.sys [2009-07-13 4231168]
S3 SrvHsfHDA;SrvHsfHDA;c:\windows\system32\DRIVERS\VSTAZL3.SYS [2009-07-13 207360]
S3 SrvHsfV92;SrvHsfV92;c:\windows\system32\DRIVERS\VSTDPV3.SYS [2009-07-13 980992]
S3 SrvHsfWinac;SrvHsfWinac;c:\windows\system32\DRIVERS\VSTCNXT3.SYS [2009-07-13 661504]
.
.
.
------- Zusätzlicher Suchlauf -------
.
uStart Page = 
TCP: DhcpNameServer = 192.168.1.1
FF - ProfilePath - c:\users\MR\AppData\Roaming\Mozilla\Firefox\Profiles\yukpx4mi.default\
FF - prefs.js: browser.search.selectedEngine - 
FF - prefs.js: network.proxy.type - 0
.
.
--------------------- Gesperrte Registrierungsschluessel ---------------------
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
Zeit der Fertigstellung: 2012-01-25  17:29:18
ComboFix-quarantined-files.txt  2012-01-25 16:29
.
Vor Suchlauf: 8 Verzeichnis(se), 43.177.443.328 Bytes frei
Nach Suchlauf: 11 Verzeichnis(se), 43.087.785.984 Bytes frei
.
- - End Of File - - 379EEE0941F69B80C4F227E76B134AE3

cosinus · 25.01.2012, 19:27

Ok. Bitte nun Logs mit GMER und OSAM erstellen und posten.
GMER stürzt häufiger ab, wenn das Tool auch beim 2. Mal nicht will, lass es einfach weg und führ nur OSAM aus - die Online-Abfrage durch OSAM bitte überspringen.
Bei OSAM bitte darauf auch achten, dass Du das Log auch als *.log und nicht *.html oder so abspeicherst.

Hinweis: Zum Entpacken von OSAM bitte WinRAR oder 7zip verwenden! Stell auch unbedingt den Virenscanner ab, besonders der Scanner von McAfee meldet oft einen Fehalarm in OSAM!

Downloade dir bitte

aswMBR.exe und speichere die Datei auf deinem Desktop.

Starte die aswMBR.exe - (aswMBR.exe Anleitung)
Ab Windows Vista (oder höher) bitte mit Rechtsklick "als Administrator ausführen" starten".
Das Tool wird dich fragen, ob Du mit der aktuellen Virendefinition von AVAST! dein System scannen willst. Beantworte diese Frage bitte mit Ja. (Sollte deine Firewall fragen, bitte den Zugriff auf das Internet zulassen )
Der Download der Definitionen kann je nach Verbindung eine Weile dauern.
Klicke auf Scan.
Warte bitte bis Scan finished successfully im DOS-Fenster steht.
Drücke auf Save Log und speichere diese auf dem Desktop.

Poste mir die aswMBR.txt in deiner nächsten Antwort.

Wichtig: Drücke keinesfalls einen der Fix Buttons ohne Anweisung

Hinweis: Sollte der Scan Button ausgeblendet sein, schließe das Tool und starte es erneut. Sollte der Scan abbrechen und das Programm abstürzen, dann teile mir das mit und wähle unter AV Scan die Einstellung (none).

23.01.2012, 21:32	#4
cosinus /// Winkelfunktion /// TB-Süch-Tiger™	BKA-Trojaner; Offline-Scanner findet keine Viren, Online-Scanner jedoch... Du hast ESET garantiert so ausgeführt: Anmerkung für Vista und Win7 User: Bitte den Browser unbedingt so öffnen: per Rechtsklick => als Administrator ausführen Das Log sieht nämlich nicht danach aus __________________ Logfiles bitte immer in CODE-Tags posten

BKA-Trojaner; Offline-Scanner findet keine Viren, Online-Scanner jedoch...

Plagegeister aller Art und deren Bekämpfung: BKA-Trojaner; Offline-Scanner findet keine Viren, Online-Scanner jedoch...