Avira findet folgendes...

Tim1987 · 09.03.2012, 16:45

Sehr geehrte Damen und Herren,
hab leider folgendes Problem: hab vor ungefähr zwei Stunden Probleme mit dem Internet in das ich nicht mehr reinkam. Habe dann einen Systemüberprüfung mit Avira Antivirus durchgeführt und folgendes Ergebnis erhalten:
Avira Free Antivirus
Erstellungsdatum der Reportdatei: Freitag, 9. März 2012 14:31

Es wird nach 3534048 Virenstämmen gesucht.

Das Programm läuft als uneingeschränkte Vollversion.
Online-Dienste stehen zur Verfügung.

Lizenznehmer : Avira AntiVir Personal - Free Antivirus
Seriennummer : 0000149996-ADJIE-0000001
Plattform : Windows 7
Windowsversion : (plain) [6.1.7600]
Boot Modus : Normal gebootet
Benutzername : Tim1
Computername : TIM1-PC

Versionsinformationen:
BUILD.DAT : 12.0.0.898 Bytes 31.01.2012 13:51:00
AVSCAN.EXE : 12.1.0.20 492496 Bytes 17.02.2012 16:59:30
AVSCAN.DLL : 12.1.0.18 65744 Bytes 17.02.2012 16:59:13
LUKE.DLL : 12.1.0.19 68304 Bytes 17.02.2012 16:59:33
AVSCPLR.DLL : 12.1.0.22 100048 Bytes 17.02.2012 16:59:44
AVREG.DLL : 12.1.0.29 228048 Bytes 17.02.2012 16:59:41
VBASE000.VDF : 7.10.0.0 19875328 Bytes 06.11.2009 18:18:34
VBASE001.VDF : 7.11.0.0 13342208 Bytes 14.12.2010 09:07:39
VBASE002.VDF : 7.11.19.170 14374912 Bytes 20.12.2011 15:44:32
VBASE003.VDF : 7.11.21.238 4472832 Bytes 01.02.2012 07:01:38
VBASE004.VDF : 7.11.21.239 2048 Bytes 01.02.2012 07:01:38
VBASE005.VDF : 7.11.21.240 2048 Bytes 01.02.2012 07:01:38
VBASE006.VDF : 7.11.21.241 2048 Bytes 01.02.2012 07:01:38
VBASE007.VDF : 7.11.21.242 2048 Bytes 01.02.2012 07:01:38
VBASE008.VDF : 7.11.21.243 2048 Bytes 01.02.2012 07:01:38
VBASE009.VDF : 7.11.21.244 2048 Bytes 01.02.2012 07:01:39
VBASE010.VDF : 7.11.21.245 2048 Bytes 01.02.2012 07:01:39
VBASE011.VDF : 7.11.21.246 2048 Bytes 01.02.2012 07:01:39
VBASE012.VDF : 7.11.21.247 2048 Bytes 01.02.2012 07:01:39
VBASE013.VDF : 7.11.22.33 1486848 Bytes 03.02.2012 07:01:53
VBASE014.VDF : 7.11.22.56 687616 Bytes 03.02.2012 07:01:59
VBASE015.VDF : 7.11.22.92 178176 Bytes 06.02.2012 21:56:53
VBASE016.VDF : 7.11.22.154 144896 Bytes 08.02.2012 21:56:54
VBASE017.VDF : 7.11.22.220 183296 Bytes 13.02.2012 16:56:39
VBASE018.VDF : 7.11.23.34 202752 Bytes 15.02.2012 16:56:48
VBASE019.VDF : 7.11.23.98 126464 Bytes 17.02.2012 16:56:53
VBASE020.VDF : 7.11.23.150 148480 Bytes 20.02.2012 18:43:29
VBASE021.VDF : 7.11.23.224 172544 Bytes 23.02.2012 21:42:04
VBASE022.VDF : 7.11.24.52 219648 Bytes 28.02.2012 16:08:53
VBASE023.VDF : 7.11.24.152 165888 Bytes 05.03.2012 16:08:54
VBASE024.VDF : 7.11.24.204 177664 Bytes 07.03.2012 16:35:21
VBASE025.VDF : 7.11.24.205 2048 Bytes 07.03.2012 16:35:21
VBASE026.VDF : 7.11.24.206 2048 Bytes 07.03.2012 16:35:21
VBASE027.VDF : 7.11.24.207 2048 Bytes 07.03.2012 16:35:21
VBASE028.VDF : 7.11.24.208 2048 Bytes 07.03.2012 16:35:22
VBASE029.VDF : 7.11.24.209 2048 Bytes 07.03.2012 16:35:22
VBASE030.VDF : 7.11.24.210 2048 Bytes 07.03.2012 16:35:23
VBASE031.VDF : 7.11.24.234 69632 Bytes 08.03.2012 16:10:49
Engineversion : 8.2.10.14
AEVDF.DLL : 8.1.2.2 106868 Bytes 29.10.2011 09:07:03
AESCRIPT.DLL : 8.1.4.8 455034 Bytes 08.03.2012 16:11:14
AESCN.DLL : 8.1.8.2 131444 Bytes 04.02.2012 07:02:28
AESBX.DLL : 8.2.4.5 434549 Bytes 02.12.2011 18:40:19
AERDL.DLL : 8.1.9.15 639348 Bytes 08.09.2011 21:16:06
AEPACK.DLL : 8.2.16.5 803190 Bytes 08.03.2012 16:11:12
AEOFFICE.DLL : 8.1.2.25 201084 Bytes 30.12.2011 13:26:09
AEHEUR.DLL : 8.1.4.3 4444534 Bytes 08.03.2012 16:11:09
AEHELP.DLL : 8.1.19.0 254327 Bytes 20.01.2012 20:25:45
AEGEN.DLL : 8.1.5.23 409973 Bytes 08.03.2012 16:10:52
AEEXP.DLL : 8.1.0.24 74101 Bytes 08.03.2012 16:11:14
AEEMU.DLL : 8.1.3.0 393589 Bytes 01.09.2011 21:46:01
AECORE.DLL : 8.1.25.5 201079 Bytes 08.03.2012 16:10:50
AEBB.DLL : 8.1.1.0 53618 Bytes 01.09.2011 21:46:01
AVWINLL.DLL : 12.1.0.17 27344 Bytes 11.10.2011 12:59:41
AVPREF.DLL : 12.1.0.17 51920 Bytes 11.10.2011 12:59:38
AVREP.DLL : 12.1.0.17 179408 Bytes 11.10.2011 12:59:38
AVARKT.DLL : 12.1.0.23 209360 Bytes 17.02.2012 16:59:11
AVEVTLOG.DLL : 12.1.0.17 169168 Bytes 11.10.2011 12:59:37
SQLITE3.DLL : 3.7.0.0 398288 Bytes 11.10.2011 12:59:51
AVSMTP.DLL : 12.1.0.17 62928 Bytes 11.10.2011 12:59:39
NETNT.DLL : 12.1.0.17 17104 Bytes 11.10.2011 12:59:47
RCIMAGE.DLL : 12.1.0.17 4447952 Bytes 11.10.2011 13:00:00
RCTEXT.DLL : 12.1.0.16 98512 Bytes 11.10.2011 13:00:00

Konfiguration für den aktuellen Suchlauf:
Job Name..............................: Vollständige Systemprüfung
Konfigurationsdatei...................: C:\program files\avira\antivir desktop\sysscan.avp
Protokollierung.......................: standard
Primäre Aktion........................: interaktiv
Sekundäre Aktion......................: ignorieren
Durchsuche Masterbootsektoren.........: ein
Durchsuche Bootsektoren...............: ein
Bootsektoren..........................: C:, Z:,
Durchsuche aktive Programme...........: ein
Laufende Programme erweitert..........: ein
Durchsuche Registrierung..............: ein
Suche nach Rootkits...................: ein
Integritätsprüfung von Systemdateien..: aus
Datei Suchmodus.......................: Alle Dateien
Durchsuche Archive....................: ein
Rekursionstiefe einschränken..........: 20
Archiv Smart Extensions...............: ein
Makrovirenheuristik...................: ein
Dateiheuristik........................: erweitert

Beginn des Suchlaufs: Freitag, 9. März 2012 14:31

Der Suchlauf über die Masterbootsektoren wird begonnen:
Masterbootsektor HD0
[INFO] Es wurde kein Virus gefunden!
[INFO] Bitte starten Sie den Suchlauf erneut mit Administratorrechten
Masterbootsektor HD1
[INFO] Es wurde kein Virus gefunden!
[INFO] Bitte starten Sie den Suchlauf erneut mit Administratorrechten

Der Suchlauf über die Bootsektoren wird begonnen:
Bootsektor 'C:\'
[INFO] Es wurde kein Virus gefunden!
[INFO] Bitte starten Sie den Suchlauf erneut mit Administratorrechten
Bootsektor 'Z:\'
[INFO] Es wurde kein Virus gefunden!
[INFO] Bitte starten Sie den Suchlauf erneut mit Administratorrechten

Der Suchlauf nach versteckten Objekten wird begonnen.
c:\windows\system32\drivers\vsdatant.sys
c:\windows\system32\drivers\vsdatant.sys
[HINWEIS] Der Registrierungseintrag ist nicht sichtbar.
c:\program files\checkpoint\zonealarm\vsmon.exe -service
c:\program files\checkpoint\zonealarm\vsmon.exe -service
[HINWEIS] Der Registrierungseintrag ist nicht sichtbar.
HKEY_LOCAL_MACHINE\Software\Microsoft\Windows Media Player NSS\3.0\Events\{300A7360-1153-40E8-AD3A-7B80A041C45F}
[HINWEIS] Der Registrierungseintrag ist nicht sichtbar.
HKEY_LOCAL_MACHINE\Software\Microsoft\Windows Media Player NSS\3.0\Servers\5B807253-7783-4341-A6E6-7B7F3E398E1B\IPAddress
[HINWEIS] Der Registrierungseintrag ist nicht sichtbar.
HKEY_LOCAL_MACHINE\System\ControlSet002\Control\Class\{4D36E972-E325-11CE-BFC1-08002BE10318}\0005\Linkage\FilterList
[HINWEIS] Der Registrierungseintrag ist nicht sichtbar.
HKEY_LOCAL_MACHINE\System\ControlSet002\Control\Network\Config
[HINWEIS] Der Registrierungseintrag ist nicht sichtbar.
HKEY_LOCAL_MACHINE\System\ControlSet002\Control\Network\{4d36e974-e325-11ce-bfc1-08002be10318}\{AC30BFB5-834B-46D2-B912-6CE71684EB2D}
[HINWEIS] Der Registrierungseintrag ist nicht sichtbar.
HKEY_LOCAL_MACHINE\System\ControlSet002\Control\SafeBoot\Network\vsmon
[HINWEIS] Der Registrierungseintrag ist nicht sichtbar.
HKEY_LOCAL_MACHINE\System\ControlSet002\services\Vsdatant
[HINWEIS] Der Registrierungseintrag ist nicht sichtbar.
HKEY_LOCAL_MACHINE\System\ControlSet002\services\vsmon
[HINWEIS] Der Registrierungseintrag ist nicht sichtbar.
HKEY_USERS\.DEFAULT\Software\Classes\Local Settings\MuiCache\105
[HINWEIS] Der Registrierungseintrag ist nicht sichtbar.
HKEY_USERS\S-1-5-21-610027521-1406275652-907453515-1000\Software\APN\Updater\lastchecktime
[HINWEIS] Der Registrierungseintrag ist nicht sichtbar.
HKEY_USERS\S-1-5-21-610027521-1406275652-907453515-1000\Software\Microsoft\Windows\CurrentVersion\Action Center\Checks\{E8433B72-5842-4d43-8645-BC2C35960837}.check.100\CheckSetting
[HINWEIS] Der Registrierungseintrag ist nicht sichtbar.
HKEY_USERS\S-1-5-21-610027521-1406275652-907453515-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Connections\SavedLegacySettings
[HINWEIS] Der Registrierungseintrag ist nicht sichtbar.
Versteckter Treiber
[HINWEIS] Eine Speicherveränderung wurde entdeckt, die möglicherweise zur versteckten Dateizugriffen missbraucht werden könnte.

Der Suchlauf über gestartete Prozesse wird begonnen:
Durchsuche Prozess 'avscan.exe' - '73' Modul(e) wurden durchsucht
Durchsuche Prozess 'avcenter.exe' - '105' Modul(e) wurden durchsucht
Durchsuche Prozess 'plugin-container.exe' - '76' Modul(e) wurden durchsucht
Durchsuche Prozess 'firefox.exe' - '115' Modul(e) wurden durchsucht
Durchsuche Prozess 'NotiMan.exe' - '24' Modul(e) wurden durchsucht
Durchsuche Prozess 'TrueCrypt.exe' - '30' Modul(e) wurden durchsucht
Durchsuche Prozess 'sidebar.exe' - '101' Modul(e) wurden durchsucht
Durchsuche Prozess 'avgnt.exe' - '78' Modul(e) wurden durchsucht
Durchsuche Prozess 'Updater.exe' - '32' Modul(e) wurden durchsucht
Durchsuche Prozess 'rundll32.exe' - '45' Modul(e) wurden durchsucht
Durchsuche Prozess 'DLLML.exe' - '70' Modul(e) wurden durchsucht
Durchsuche Prozess 'VolPanlu.exe' - '63' Modul(e) wurden durchsucht
Durchsuche Prozess 'jusched.exe' - '40' Modul(e) wurden durchsucht
Durchsuche Prozess 'Explorer.EXE' - '193' Modul(e) wurden durchsucht
Durchsuche Prozess 'taskhost.exe' - '38' Modul(e) wurden durchsucht
Durchsuche Prozess 'Dwm.exe' - '36' Modul(e) wurden durchsucht

Der Suchlauf auf Verweise zu ausführbaren Dateien (Registry) wird begonnen:
Die Registry wurde durchsucht ( '493' Dateien ).

Der Suchlauf über die ausgewählten Dateien wird begonnen:

Beginne mit der Suche in 'C:\'
Beginne mit der Suche in 'Z:\'

Ende des Suchlaufs: Freitag, 9. März 2012 15:54
Benötigte Zeit: 1:23:55 Stunde(n)

Der Suchlauf wurde vollständig durchgeführt.

18117 Verzeichnisse wurden überprüft
378019 Dateien wurden geprüft
0 Viren bzw. unerwünschte Programme wurden gefunden
0 Dateien wurden als verdächtig eingestuft
0 Dateien wurden gelöscht
0 Viren bzw. unerwünschte Programme wurden repariert
0 Dateien wurden in die Quarantäne verschoben
0 Dateien wurden umbenannt
0 Dateien konnten nicht durchsucht werden
378019 Dateien ohne Befall
3328 Archive wurden durchsucht
0 Warnungen
15 Hinweise
430578 Objekte wurden beim Rootkitscan durchsucht
15 Versteckte Objekte wurden gefunden

Ich bin nun besorgt und hoffe um Hilfe!
Handelt es sich hier um einen Trojaner oder ähnliches?
Vielen Dank im voraus!
MFG
TIM

Tim1987 · 09.03.2012, 21:57

Hab wie im Forum befolgt die Logdaten mittels den beschrieben Progammen erhalten:

.
DDS (Ver_2011-08-26.01) - NTFSx86
Internet Explorer: 8.0.7600.16385 BrowserJavaVersion: 1.6.0_20
Run by Tim1 at 17:13:56 on 2012-03-09
Microsoft Windows 7 Ultimate 6.1.7600.0.1252.49.1031.18.2047.1345 [GMT 1:00]
.
AV: Avira Desktop *Disabled/Updated* {F67B4DE5-C0B4-6C3F-0EFF-6C83BD5D0C2C}
SP: Avira Desktop *Disabled/Updated* {4D1AAC01-E68E-63B1-344F-57F1C6DA4691}
SP: Windows Defender *Enabled/Outdated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
============== Running Processes ===============
.
C:\Windows\system32\wininit.exe
C:\Windows\system32\lsm.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\nvvsvc.exe
C:\Windows\system32\svchost.exe -k RPCSS
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k netsvcs
C:\Windows\system32\svchost.exe -k LocalService
C:\Windows\system32\nvvsvc.exe
C:\Windows\system32\svchost.exe -k NetworkService
C:\Windows\System32\spoolsv.exe
C:\Program Files\Avira\AntiVir Desktop\sched.exe
C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
C:\Program Files\Avira\AntiVir Desktop\avguard.exe
C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
C:\Windows\system32\svchost.exe -k imgsvc
C:\Program Files\Avira\AntiVir Desktop\avshadow.exe
C:\Windows\system32\conhost.exe
C:\Program Files\Avira\AntiVir Desktop\AVWEBGRD.EXE
C:\Windows\system32\taskhost.exe
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Program Files\Google\Update\1.3.21.99\GoogleCrashHandler.exe
C:\Program Files\Common Files\Java\Java Update\jusched.exe
C:\Program Files\Creative\Sound Blaster X-Fi Surround 5.1\Volume Panel\VolPanlu.exe
C:\Program Files\Creative\Shared Files\Module Loader\DLLML.exe
C:\Windows\System32\rundll32.exe
C:\Program Files\Ask.com\Updater\Updater.exe
C:\Program Files\Avira\AntiVir Desktop\avgnt.exe
C:\Program Files\Windows Sidebar\sidebar.exe
C:\Program Files\Creative\ShareDLL\CADI\NotiMan.exe
C:\Windows\system32\SearchIndexer.exe
C:\Program Files\Windows Media Player\wmpnetwk.exe
C:\Program Files\TrueCrypt\TrueCrypt.exe
C:\Windows\System32\svchost.exe -k LocalServicePeerNet
C:\Windows\System32\svchost.exe -k secsvcs
C:\Windows\system32\wbem\wmiprvse.exe
C:\Windows\system32\vssvc.exe
C:\Windows\System32\svchost.exe -k swprv
C:\program files\avira\antivir desktop\avcenter.exe
C:\Windows\System32\svchost.exe -k WerSvcGroup
C:\Windows\system32\DllHost.exe
C:\Windows\system32\DllHost.exe
C:\Windows\system32\conhost.exe
.
============== Pseudo HJT Report ===============
.
uStart Page = hxxp://start.icq.com/
uURLSearchHooks: H - No File
uURLSearchHooks: H - No File
mURLSearchHooks: H - No File
mURLSearchHooks: H - No File
BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelperShim.dll
BHO: Groove GFS Browser Helper: {72853161-30c5-4d22-b7f9-0bbc1d38a37e} - z:\progra~1\micros~1\office12\GR469A~1.DLL
BHO: ZoneAlarm Security Engine Registrar: {8a4a36c2-0535-4d2c-bd3d-496cb7eed6e3} - c:\program files\checkpoint\zaforcefield\trustchecker\bin\TrustCheckerIEPlugin.dll
BHO: Avira SearchFree Toolbar plus Web Protection: {d4027c7f-154a-4066-a1ad-4243d8127440} - c:\program files\ask.com\GenericAskToolbar.dll
BHO: Java(tm) Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dll
BHO: Google Gears Helper: {e0fefe40-fbf9-42ae-ba58-794ca7e3fb53} - c:\program files\google\google gears\internet explorer\0.5.36.0\gears.dll
TB: Avira SearchFree Toolbar plus Web Protection: {d4027c7f-154a-4066-a1ad-4243d8127440} - c:\program files\ask.com\GenericAskToolbar.dll
TB: ZoneAlarm Security Engine: {ee2ac4e5-b0b0-4ec6-88a9-bca1a32ab107} - c:\program files\checkpoint\zaforcefield\trustchecker\bin\TrustCheckerIEPlugin.dll
TB: {32099AAC-C132-4136-9E9A-4E364A424E17} - No File
TB: {FC2B76FC-2132-4D80-A9A3-1F5C6E49066B} - No File
uRun: [Sidebar] c:\program files\windows sidebar\sidebar.exe /autoRun
uRun: [AdobeBridge]
uRun: [KiesHelper] z:\program files\kies\KiesHelper.exe /s
uRun: [KiesPDLR] z:\program files\kies\external\firmwareupdate\KiesPDLR.exe
mRun: [SunJavaUpdateSched] "c:\program files\common files\java\java update\jusched.exe"
mRun: [GrooveMonitor] "z:\program files\microsoft office\office12\GrooveMonitor.exe"
mRun: [VolPanel] "c:\program files\creative\sound blaster x-fi surround 5.1\volume panel\VolPanlu.exe" /r
mRun: [Module Loader] c:\program files\creative\shared files\module loader\DLLML.exe -StartUpRun
mRun: [Creative SB Monitoring Utility] RunDll32 sbavmon.dll,SBAVMonitor
mRun: [WinampAgent] "z:\program files\winamp\winampa.exe"
mRun: [<NO NAME>]
mRun: [ApnUpdater] "c:\program files\ask.com\updater\Updater.exe"
mRun: [avgnt] "c:\program files\avira\antivir desktop\avgnt.exe" /min
mRun: [ISW] c:\program files\checkpoint\zaforcefield\ForceField.exe /icon="hidden"
mRun: [KiesTrayAgent] z:\program files\kies\KiesTrayAgent.exe
mRun: [Adobe Reader Speed Launcher] "c:\program files\adobe\reader 9.0\reader\Reader_sl.exe"
mRun: [Adobe ARM] "c:\program files\common files\adobe\arm\1.0\AdobeARM.exe"
StartupFolder: c:\users\tim1\appdata\roaming\micros~1\windows\startm~1\programs\startup\onenot~1.lnk - z:\program files\microsoft office\office12\ONENOTEM.EXE
mPolicies-system: ConsentPromptBehaviorAdmin = 5 (0x5)
mPolicies-system: ConsentPromptBehaviorUser = 3 (0x3)
mPolicies-system: EnableUIADesktopToggle = 0 (0x0)
mPolicies-system: PromptOnSecureDesktop = 0 (0x0)
IE: Nach Microsoft E&xel exportieren - z:\progra~1\micros~1\office12\EXCEL.EXE/3000
IE: {72EFBFE4-C74F-4187-AEFD-73EA3BE968D6} - c:\program files\icq7.2\ICQ.exe
IE: {09C04DA7-5B76-4EBC-BBEE-B25EAC5965F5} - {0B4350D1-055F-47A3-B112-5F2F2B0D6F08} - c:\program files\google\google gears\internet explorer\0.5.36.0\gears.dll
IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - z:\progra~1\micros~1\office12\ONBttnIE.dll
IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - z:\progra~1\micros~1\office12\REFIEBAR.DLL
LSP: c:\program files\avira\antivir desktop\avsda.dll
Trusted Zone: marecum.de\www
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_20-windows-i586.cab
TCP: DhcpNameServer = 192.168.178.1
TCP: Interfaces\{2650FE33-8D2F-4D49-972C-79DE2256643A} : DhcpNameServer = 192.168.178.1
Handler: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - z:\progra~1\micros~1\office12\GRA32A~1.DLL
SEH: Groove GFS Stub Execution Hook: {b5a7f190-dda6-4420-b3ba-52453494e6cd} - z:\progra~1\micros~1\office12\GR469A~1.DLL
.
================= FIREFOX ===================
.
FF - ProfilePath - c:\users\tim1\appdata\roaming\mozilla\firefox\profiles\pbyfwtim.default\
FF - prefs.js: browser.search.defaulturl - hxxp://search.icq.com/search/afe_results.php?ch_id=afex&tb_ver=1.2.9&q=
FF - prefs.js: browser.search.selectedEngine - Google
FF - prefs.js: browser.startup.homepage - hxxp://www.spiegel.de/
FF - prefs.js: keyword.URL - hxxp://search.icq.com/search/afe_results.php?ch_id=afex&tb_ver=1.2.9&q=
FF - prefs.js: network.proxy.type - 0
FF - plugin: c:\program files\adobe\reader 9.0\reader\air\nppdf32.dll
FF - plugin: c:\program files\google\update\1.3.21.99\npGoogleUpdate3.dll
FF - plugin: c:\program files\mozilla firefox\plugins\npdeployJava1.dll
FF - plugin: c:\program files\veetle\player\npvlc.dll
FF - plugin: c:\program files\veetle\plugins\npVeetle.dll
FF - plugin: c:\program files\virtools\3d life player\npvirtools.dll
FF - plugin: c:\windows\system32\tvuax\npTVUAx.dll
.
============= SERVICES / DRIVERS ==========

Hoffe um Eure Hilfe!
MFG Tim

cosinus · 14.03.2012, 15:58

Bitte nun routinemäßig einen Vollscan mit Malwarebytes machen und Log posten. =>ALLE lokalen Datenträger (außer CD/DVD) überprüfen lassen!
Denk daran, dass Malwarebytes vor jedem Scan manuell aktualisiert werden muss! Außerdem müssen alle Funde entfernt werden.

Falls Logs aus älteren Scans mit Malwarebytes vorhanden sind, bitte auch davon alle posten!

ESET Online Scanner

Hier findest du eine bebilderte Anleitung zu ESET Online Scanner
Lade und starte Eset Online Scanner
Setze einen Haken bei Ja, ich bin mit den Nutzungsbedingungen einverstanden und klicke auf Starten.
Aktiviere die "Erkennung von eventuell unerwünschten Anwendungen" und wähle folgende Einstellungen.
Klicke auf Starten.
Die Signaturen werden heruntergeladen, der Scan beginnt automatisch.
Klicke am Ende des Suchlaufs auf Fertig stellen.
Schließe das Fenster von ESET.
Explorer öffnen.
C:\Programme\Eset\EsetOnlineScanner\log.txt (bei 64 Bit auch C:\Programme (x86)\Eset\EsetOnlineScanner\log.txt) suchen und mit Deinem Editor öffnen (bebildert).
Logfile hier posten.
Deinstallation: Systemsteuerung => Software / Programme deinstallieren => Eset Online Scanner V3 entfernen.
Manuell folgenden Ordner löschen und Papierkorb leeren => C:\Programme\Eset

Bitte alles nach Möglichkeit hier in CODE-Tags posten.

Wird so gemacht:

[code] hier steht das Log [/code]

Und das ganze sieht dann so aus:

Code:

ATTFilter

 hier steht das Log

Tim1987 · 16.03.2012, 15:38

Ich hoffe, dass ist so richtig und du kannst mir helfen... Danke schonmal!

Code:

ATTFilter

 Malwarebytes Anti-Malware  (Test) 1.60.1.1000
www.malwarebytes.org

Datenbank Version: v2012.03.16.02

Windows 7 x86 NTFS
Internet Explorer 8.0.7600.16385
Tim1 :: TIM1-PC [Administrator]

Schutz: Aktiviert

16.03.2012 13:12:53
mbam-log-2012-03-16 (13-12-53).txt

Art des Suchlaufs: Vollständiger Suchlauf
Aktivierte Suchlaufeinstellungen: Speicher | Autostart | Registrierung | Dateisystem | Heuristiks/Extra | HeuristiKs/Shuriken | PUP | PUM
Deaktivierte Suchlaufeinstellungen: P2P
Durchsuchte Objekte: 292940
Laufzeit: 1 Stunde(n), 8 Minute(n), 1 Sekunde(n)

Infizierte Speicherprozesse: 0
(Keine bösartigen Objekte gefunden)

Infizierte Speichermodule: 0
(Keine bösartigen Objekte gefunden)

Infizierte Registrierungsschlüssel: 0
(Keine bösartigen Objekte gefunden)

Infizierte Registrierungswerte: 0
(Keine bösartigen Objekte gefunden)

Infizierte Dateiobjekte der Registrierung: 0
(Keine bösartigen Objekte gefunden)

Infizierte Verzeichnisse: 0
(Keine bösartigen Objekte gefunden)

Infizierte Dateien: 0
(Keine bösartigen Objekte gefunden)

(Ende)

und

Code:

ATTFilter

 ESETSmartInstaller@High as downloader log:
all ok
# version=7
# OnlineScannerApp.exe=1.0.0.1
# OnlineScanner.ocx=1.0.0.6583
# api_version=3.0.2
# EOSSerial=4f0d083293a1fc48bc07b0639ca6a22a
# end=finished
# remove_checked=false
# archives_checked=true
# unwanted_checked=true
# unsafe_checked=false
# antistealth_checked=true
# utc_time=2012-03-16 02:35:00
# local_time=2012-03-16 03:35:00 (+0100, Mitteleuropäische Zeit)
# country="Germany"
# lang=1033
# osver=6.1.7600 NT 
# compatibility_mode=1792 16777215 100 0 12025705 12025705 0 0
# compatibility_mode=5893 16776573 100 94 69881257 83535901 0 0
# compatibility_mode=8192 67108863 100 0 4085 4085 0 0
# scanned=128825
# found=3
# cleaned=0
# scan_time=3791
C:\Users\Tim1\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\20\7bb99554-1f659d67	probably a variant of Win32/Agent.DYXWUMY trojan (unable to clean)	00000000000000000000000000000000	I
C:\Users\Tim1\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\49\1eff1eb1-4f514983	probably a variant of Win32/Agent.DYXWUMY trojan (unable to clean)	00000000000000000000000000000000	I
C:\Users\Tim1\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\58\fa8f07a-7143b8c6	probably a variant of Win32/Agent.DYXWUMY trojan (unable to clean)	00000000000000000000000000000000	I

cosinus · 16.03.2012, 17:12

Malwarebytes erstellt bei jedem Scanvorgang genau ein Log. Hast du in der Vergangenheit schonmal mit Malwarebytes gescannt?
Wenn ja dann stehen auch alle Logs zu jedem Scanvorgang im Reiter Logdateien. Bitte alle posten, die dort sichtbar sind.

Tim1987 · 17.03.2012, 12:50

Nein habe ich noch nicht.

cosinus · 17.03.2012, 15:15

CustomScan mit OTL

Falls noch nicht vorhanden, lade Dir bitte OTL von Oldtimer herunter und speichere es auf Deinem Desktop

Starte bitte die OTL.exe.
Vista und Win7 User mit Rechtsklick "als Administrator starten"
Setze oben mittig den Haken bei Scanne alle Benutzer
Kopiere nun den kompletten Inhalt aus der untenstehenden Codebox in die Textbox von OTL - wenn OTL auf deutsch ist wird sie mit beschriftet

Code:

ATTFilter

netsvcs
msconfig
safebootminimal
safebootnetwork
activex
drivers32
%ALLUSERSPROFILE%\Application Data\*.
%ALLUSERSPROFILE%\Application Data\*.exe /s
%APPDATA%\*.
%APPDATA%\*.exe /s
%SYSTEMDRIVE%\*.exe
/md5start
wininit.exe
userinit.exe
eventlog.dll
scecli.dll
netlogon.dll
cngaudit.dll
ws2ifsl.sys
sceclt.dll
ntelogon.dll
winlogon.exe
logevent.dll
user32.DLL
iaStor.sys
nvstor.sys
atapi.sys
IdeChnDr.sys
viasraid.sys
AGP440.sys
vaxscsi.sys
nvatabus.sys
viamraid.sys
nvata.sys
nvgts.sys
iastorv.sys
ViPrt.sys
eNetHook.dll
ahcix86.sys
KR10N.sys
nvstor32.sys
ahcix86s.sys
/md5stop
%systemroot%\system32\drivers\*.sys /lockedfiles
%systemroot%\System32\config\*.sav
%systemroot%\*. /mp /s
%systemroot%\system32\*.dll /lockedfiles
CREATERESTOREPOINT

Schliesse bitte nun alle Programme. (Wichtig)
Klicke nun bitte auf den Quick Scan Button.
Klick auf .
Kopiere nun den Inhalt aus OTL.txt hier in Deinen Thread

Tim1987 · 18.03.2012, 09:20

OTL Logfile:

Code:

ATTFilter

OTL logfile created on: 18.03.2012 08:34:04 - Run 1
OTL by OldTimer - Version 3.2.39.1     Folder = Z:\Filme
 Ultimate Edition  (Version = 6.1.7600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.7600.16385)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
 
2,00 Gb Total Physical Memory | 1,50 Gb Available Physical Memory | 75,01% Memory free
4,00 Gb Paging File | 3,16 Gb Available in Paging File | 79,09% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 15,62 Gb Total Space | 1,74 Gb Free Space | 11,12% Space Free | Partition Type: NTFS
Drive Z: | 41,64 Gb Total Space | 10,97 Gb Free Space | 26,34% Space Free | Partition Type: NTFS
 
Computer Name: TIM1-PC | User Name: Tim1 | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users | Quick Scan
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days
 
========== Processes (SafeList) ==========
 
PRC - Z:\Filme\OTL.exe (OldTimer Tools)
PRC - C:\Programme\Google\Update\1.3.21.99\GoogleCrashHandler.exe (Google Inc.)
PRC - C:\Programme\Malwarebytes' Anti-Malware\mbamservice.exe (Malwarebytes Corporation)
PRC - C:\Programme\Avira\AntiVir Desktop\avshadow.exe (Avira Operations GmbH & Co. KG)
PRC - C:\Programme\Avira\AntiVir Desktop\sched.exe (Avira Operations GmbH & Co. KG)
PRC - C:\Programme\Avira\AntiVir Desktop\avwebgrd.exe (Avira Operations GmbH & Co. KG)
PRC - C:\Programme\Avira\AntiVir Desktop\avgnt.exe (Avira Operations GmbH & Co. KG)
PRC - C:\Programme\Avira\AntiVir Desktop\avguard.exe (Avira Operations GmbH & Co. KG)
PRC - C:\Programme\Ask.com\Updater\Updater.exe ({StringFileInfo_CompanyName})
PRC - C:\Programme\TrueCrypt\TrueCrypt.exe (TrueCrypt Foundation)
PRC - C:\Programme\Windows Media Player\wmpnetwk.exe (Microsoft Corporation)
PRC - C:\Windows\System32\taskhost.exe (Microsoft Corporation)
PRC - C:\Programme\Windows Sidebar\sidebar.exe (Microsoft Corporation)
PRC - C:\Windows\explorer.exe (Microsoft Corporation)
PRC - C:\Windows\System32\conhost.exe (Microsoft Corporation)
PRC - C:\Programme\Creative\Sound Blaster X-Fi Surround 5.1\Volume Panel\VolPanlu.exe (Creative Technology Ltd)
PRC - C:\Programme\Creative\Shared Files\Module Loader\DLLML.exe (Creative Technology Ltd.)
PRC - C:\Programme\Creative\ShareDLL\CADI\NotiMan.exe (Creative Technology Ltd.)
 
 
========== Modules (No Company Name) ==========
 
MOD - C:\Windows\System32\APOMngr.DLL ()
MOD - C:\Windows\System32\CmdRtr.DLL ()
 
 
========== Win32 Services (SafeList) ==========
 
SRV - (IswSvc) -- C:\Program Files\CheckPoint\ZAForceField\IswSvc.exe File not found
SRV - (MBAMService) -- C:\Programme\Malwarebytes' Anti-Malware\mbamservice.exe (Malwarebytes Corporation)
SRV - (AntiVirSchedulerService) -- C:\Programme\Avira\AntiVir Desktop\sched.exe (Avira Operations GmbH & Co. KG)
SRV - (AntiVirWebService) -- C:\Programme\Avira\AntiVir Desktop\avwebgrd.exe (Avira Operations GmbH & Co. KG)
SRV - (AntiVirService) -- C:\Programme\Avira\AntiVir Desktop\avguard.exe (Avira Operations GmbH & Co. KG)
SRV - (Creative Media Toolbox 6 Licensing Service) -- C:\Programme\Common Files\Creative Labs Shared\Service\MT6Licensing.exe (Creative Labs)
SRV - (Creative Audio Engine Licensing Service) -- C:\Programme\Common Files\Creative Labs Shared\Service\CTAELicensing.exe (Creative Labs)
SRV - (ServiceLayer) -- C:\Programme\PC Connectivity Solution\ServiceLayer.exe (Nokia)
SRV - (SensrSvc) -- C:\Windows\System32\sensrsvc.dll (Microsoft Corporation)
SRV - (PeerDistSvc) -- C:\Windows\System32\PeerDistSvc.dll (Microsoft Corporation)
SRV - (WinDefend) -- C:\Programme\Windows Defender\MpSvc.dll (Microsoft Corporation)
SRV - (WMPNetworkSvc) -- C:\Programme\Windows Media Player\wmpnetwk.exe (Microsoft Corporation)
SRV - (Microsoft Office Groove Audit Service) -- Z:\Program Files\Microsoft Office\Office12\GrooveAuditService.exe (Microsoft Corporation)
SRV - (odserv) -- C:\Programme\Common Files\microsoft shared\OFFICE12\ODSERV.EXE (Microsoft Corporation)
SRV - (ose) -- C:\Programme\Common Files\microsoft shared\Source Engine\OSE.EXE (Microsoft Corporation)
 
 
========== Driver Services (SafeList) ==========
 
DRV - (ISWKL) -- C:\Program Files\CheckPoint\ZAForceField\ISWKL.sys File not found
DRV - (gel90xne) -- C:\Users\Tim1\AppData\Local\Temp\gel90xne.sys File not found
DRV - (avipbb) -- C:\Windows\System32\drivers\avipbb.sys (Avira GmbH)
DRV - (MBAMProtector) -- C:\Windows\System32\drivers\mbam.sys (Malwarebytes Corporation)
DRV - (ssudobex) SAMSUNG Mobile USB OBEX Serial Port(DEVGURU Ver.) -- C:\Windows\System32\drivers\ssudobex.sys (DEVGURU Co., LTD.(www.devguru.co.kr))
DRV - (ssudmdm) SAMSUNG  Mobile USB Modem Drivers (DEVGURU Ver.) -- C:\Windows\System32\drivers\ssudmdm.sys (DEVGURU Co., LTD.(www.devguru.co.kr))
DRV - (dg_ssudbus) SAMSUNG Mobile USB Composite Device Driver (DEVGURU Ver.) -- C:\Windows\System32\drivers\ssudbus.sys (DEVGURU Co., LTD.(www.devguru.co.kr))
DRV - (avgntflt) -- C:\Windows\System32\drivers\avgntflt.sys (Avira GmbH)
DRV - (avkmgr) -- C:\Windows\System32\drivers\avkmgr.sys (Avira GmbH)
DRV - (ssmdrv) -- C:\Windows\System32\drivers\ssmdrv.sys (Avira GmbH)
DRV - (ivusb) -- C:\Windows\System32\drivers\ivusb.sys (Initio Corporation)
DRV - (sptd) -- C:\Windows\System32\drivers\sptd.sys (Duplex Secure Ltd.)
DRV - (truecrypt) -- C:\Windows\System32\drivers\truecrypt.sys (TrueCrypt Foundation)
DRV - (nvlddmkm) -- C:\Windows\System32\drivers\nvlddmkm.sys (NVIDIA Corporation)
DRV - (nmwcdnsu) -- C:\Windows\System32\drivers\nmwcdnsu.sys (Nokia)
DRV - (nmwcdnsuc) -- C:\Windows\System32\drivers\nmwcdnsuc.sys (Nokia)
DRV - (UsbserFilt) -- C:\Windows\System32\drivers\usbser_lowerfltj.sys (Nokia)
DRV - (nmwcdc) -- C:\Windows\System32\drivers\ccdcmbo.sys (Nokia)
DRV - (nmwcd) -- C:\Windows\System32\drivers\ccdcmb.sys (Nokia)
DRV - (upperdev) -- C:\Windows\System32\drivers\usbser_lowerflt.sys (Nokia)
DRV - (ksaud) -- C:\Windows\System32\drivers\ksaud.sys (Creative Technology Ltd.)
DRV - (vmbus) -- C:\Windows\System32\drivers\vmbus.sys (Microsoft Corporation)
DRV - (storflt) -- C:\Windows\System32\drivers\vmstorfl.sys (Microsoft Corporation)
DRV - (storvsc) -- C:\Windows\System32\drivers\storvsc.sys (Microsoft Corporation)
DRV - (WinUsb) -- C:\Windows\System32\drivers\winusb.sys (Microsoft Corporation)
DRV - (s3cap) -- C:\Windows\System32\drivers\vms3cap.sys (Microsoft Corporation)
DRV - (VMBusHID) -- C:\Windows\System32\drivers\VMBusHID.sys (Microsoft Corporation)
DRV - (NVENETFD) -- C:\Windows\System32\drivers\nvm60x32.sys (NVIDIA Corporation)
DRV - (DNE) -- C:\Windows\System32\drivers\dne2000.sys (Deterministic Networks, Inc.)
DRV - (pccsmcfd) -- C:\Windows\System32\drivers\pccsmcfd.sys (Nokia)
DRV - (CVirtA) -- C:\Windows\System32\drivers\CVirtA.sys (Cisco Systems, Inc.)
 
 
========== Standard Registry (SafeList) ==========
 
 
========== Internet Explorer ==========
 
IE - HKLM\..\URLSearchHook:  - No CLSID value found
IE - HKLM\..\URLSearchHook: {855F3B16-6D32-4fe6-8A56-BBB695989046} - No CLSID value found
IE - HKLM\..\SearchScopes,DefaultScope = {afdbddaa-5d3f-42ee-b79c-185a7020515b}
IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&FORM=IE8SRC
IE - HKLM\..\SearchScopes\{afdbddaa-5d3f-42ee-b79c-185a7020515b}: "URL" = hxxp://search.conduit.com/ResultsExt.aspx?q={searchTerms}&SearchSource=4&ctid=CT2613550
 
 
IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
 
IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
 
 
 
IE - HKU\S-1-5-21-610027521-1406275652-907453515-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://start.icq.com/
IE - HKU\S-1-5-21-610027521-1406275652-907453515-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = hxxp://de.msn.com/?ocid=iehp
IE - HKU\S-1-5-21-610027521-1406275652-907453515-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = de
IE - HKU\S-1-5-21-610027521-1406275652-907453515-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = A6 DD F3 2A EE 87 CA 01  [binary data]
IE - HKU\S-1-5-21-610027521-1406275652-907453515-1000\..\URLSearchHook:  - No CLSID value found
IE - HKU\S-1-5-21-610027521-1406275652-907453515-1000\..\URLSearchHook: {fc2b76fc-2132-4d80-a9a3-1f5c6e49066b} - No CLSID value found
IE - HKU\S-1-5-21-610027521-1406275652-907453515-1000\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE - HKU\S-1-5-21-610027521-1406275652-907453515-1000\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&src=IE-SearchBox&FORM=IE8SRC
IE - HKU\S-1-5-21-610027521-1406275652-907453515-1000\..\SearchScopes\{6552C7DD-90A4-4387-B795-F8F96747DE19}: "URL" = hxxp://search.icq.com/search/results.php?q={searchTerms}&ch_id=osd
IE - HKU\S-1-5-21-610027521-1406275652-907453515-1000\..\SearchScopes\{AD22EBAF-0D18-4fc7-90CC-5EA0ABBE9EB8}: "URL" = hxxp://www.daemon-search.com/search?q={searchTerms}
IE - HKU\S-1-5-21-610027521-1406275652-907453515-1000\..\SearchScopes\{afdbddaa-5d3f-42ee-b79c-185a7020515b}: "URL" = hxxp://search.conduit.com/ResultsExt.aspx?q={searchTerms}&SearchSource=4&ctid=CT2613550
IE - HKU\S-1-5-21-610027521-1406275652-907453515-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
 
========== FireFox ==========
 
FF - prefs.js..CommunityToolbar.SearchFromAddressBarSavedUrl: "data:text/plain,keyword.URL=hxxp://de.search.yahoo.com/search?ei=UTF-8&fr=ffpro&type=moz35awe&p="
FF - prefs.js..browser.search.defaultenginename: "ICQ Search"
FF - prefs.js..browser.search.defaulturl: "hxxp://search.icq.com/search/afe_results.php?ch_id=afex&tb_ver=1.2.9&q="
FF - prefs.js..browser.search.selectedEngine: "Google"
FF - prefs.js..browser.search.useDBForOrder: true
FF - prefs.js..browser.startup.homepage: "hxxp://www.spiegel.de/"
FF - prefs.js..extensions.enabledItems: DTToolbar@toolbarnet.com:1.1.1.0014
FF - prefs.js..extensions.enabledItems: {000a9d1c-beef-4f90-9363-039d445309b8}:0.5.36.0
FF - prefs.js..extensions.enabledItems: {800b5000-a755-47e1-992b-48a1c1357f07}:1.1.7
FF - prefs.js..extensions.enabledItems: firefox@tvunetworks.com:2
FF - prefs.js..extensions.enabledItems: 5
FF - prefs.js..extensions.enabledItems: 2
FF - prefs.js..extensions.enabledItems: 2
FF - prefs.js..extensions.enabledItems: {7b13ec3e-999a-4b70-b9cb-2617b8323822}:2.5.7.3
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}:6.0.20
FF - prefs.js..extensions.enabledItems: vshare@toolbar:1.0.0
FF - prefs.js..extensions.enabledItems: {b749fc7c-e949-447f-926c-3f4eed6accfe}:0.7.0.2
FF - prefs.js..extensions.enabledItems: {fc2b76fc-2132-4d80-a9a3-1f5c6e49066b}:3.3.3.2
FF - prefs.js..extensions.enabledItems: {FFB96CC1-7EB3-449D-B827-DB661701C6BB}:1.5.265.2
FF - prefs.js..keyword.URL: "hxxp://search.icq.com/search/afe_results.php?ch_id=afex&tb_ver=1.2.9&q="
FF - prefs.js..network.proxy.autoconfig_url: "hxxp://www.medma.uni-heidelberg.de/proxy.pac"
FF - prefs.js..network.proxy.type: 0
FF - user.js - File not found
 
FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF32.dll ()
FF - HKLM\Software\MozillaPlugins\@adobe.com/ShockwavePlayer: C:\Windows\system32\Adobe\Director\np32dsw.dll (Adobe Systems, Inc.)
FF - HKLM\Software\MozillaPlugins\@checkpoint.com/FFApi: C:\Program Files\CheckPoint\ZAForceField\TrustChecker\bin\npFFApi.dll File not found
FF - HKLM\Software\MozillaPlugins\@pages.tvunetworks.com/WebPlayer: C:\Windows\system32\TVUAx\npTVUAx.dll (TVU networks)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files\Google\Update\1.3.21.99\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files\Google\Update\1.3.21.99\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@veetle.com/veetleCorePlugin,version=0.9.18: C:\Program Files\Veetle\plugins\npVeetle.dll (Veetle Inc)
FF - HKLM\Software\MozillaPlugins\@veetle.com/veetlePlayerPlugin,version=0.9.18: C:\Program Files\Veetle\Player\npvlc.dll (Veetle Inc)
FF - HKLM\Software\MozillaPlugins\@virtools.com/3DviaPlayer: C:\Program Files\Virtools\3D Life Player\npvirtools.dll (Dassault Systèmes)
FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files\Adobe\Reader 9.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF - HKCU\Software\MozillaPlugins\@facebook.com/FBPlugin,version=1.0.3: C:\Users\Tim1\AppData\Roaming\Facebook\npfbplugin_1_0_3.dll File not found
 
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{000a9d1c-beef-4f90-9363-039d445309b8}: C:\Program Files\Google\Google Gears\Firefox\ [2010.03.04 22:15:53 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{FFB96CC1-7EB3-449D-B827-DB661701C6BB}: C:\Program Files\CheckPoint\ZAForceField\TrustChecker
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 11.0\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2012.03.17 17:45:27 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 11.0\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2012.02.22 06:02:03 | 000,000,000 | ---D | M]
 
[2009.12.28 19:49:16 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Tim1\AppData\Roaming\mozilla\Extensions
[2012.03.09 06:49:42 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Tim1\AppData\Roaming\mozilla\Firefox\Profiles\pbyfwtim.default\extensions
[2012.03.09 06:49:42 | 000,000,000 | ---D | M] (ZoneAlarm-Sicherheit Community Toolbar) -- C:\Users\Tim1\AppData\Roaming\mozilla\Firefox\Profiles\pbyfwtim.default\extensions\{fc2b76fc-2132-4d80-a9a3-1f5c6e49066b}
[2011.09.13 19:28:08 | 000,000,000 | ---D | M] (Gutscheinrausch.de) -- C:\Users\Tim1\AppData\Roaming\mozilla\Firefox\Profiles\pbyfwtim.default\extensions\e0y2wy1i.ngu
[2010.03.09 20:28:03 | 000,000,000 | ---D | M] (TVU Web Player) -- C:\Users\Tim1\AppData\Roaming\mozilla\Firefox\Profiles\pbyfwtim.default\extensions\firefox@tvunetworks.com
[2010.11.06 15:38:40 | 000,000,000 | ---D | M] (vShare) -- C:\Users\Tim1\AppData\Roaming\mozilla\Firefox\Profiles\pbyfwtim.default\extensions\vshare@toolbar
[2012.01.08 14:31:19 | 000,000,933 | ---- | M] () -- C:\Users\Tim1\AppData\Roaming\Mozilla\Firefox\Profiles\pbyfwtim.default\searchplugins\11-suche.xml
[2009.12.28 21:57:00 | 000,002,055 | ---- | M] () -- C:\Users\Tim1\AppData\Roaming\Mozilla\Firefox\Profiles\pbyfwtim.default\searchplugins\daemon-search.xml
[2012.01.08 14:31:19 | 000,002,419 | ---- | M] () -- C:\Users\Tim1\AppData\Roaming\Mozilla\Firefox\Profiles\pbyfwtim.default\searchplugins\englische-ergebnisse.xml
[2012.01.08 14:31:19 | 000,010,525 | ---- | M] () -- C:\Users\Tim1\AppData\Roaming\Mozilla\Firefox\Profiles\pbyfwtim.default\searchplugins\gmx-suche.xml
[2012.03.16 13:08:37 | 000,000,950 | ---- | M] () -- C:\Users\Tim1\AppData\Roaming\Mozilla\Firefox\Profiles\pbyfwtim.default\searchplugins\icqplugin-1.xml
[2011.03.10 17:49:28 | 000,000,950 | ---- | M] () -- C:\Users\Tim1\AppData\Roaming\Mozilla\Firefox\Profiles\pbyfwtim.default\searchplugins\icqplugin-2.xml
[2011.03.24 07:00:57 | 000,000,950 | ---- | M] () -- C:\Users\Tim1\AppData\Roaming\Mozilla\Firefox\Profiles\pbyfwtim.default\searchplugins\icqplugin-3.xml
[2011.06.13 08:41:17 | 000,000,950 | ---- | M] () -- C:\Users\Tim1\AppData\Roaming\Mozilla\Firefox\Profiles\pbyfwtim.default\searchplugins\icqplugin-4.xml
[2011.07.03 18:32:15 | 000,000,950 | ---- | M] () -- C:\Users\Tim1\AppData\Roaming\Mozilla\Firefox\Profiles\pbyfwtim.default\searchplugins\icqplugin-5.xml
[2011.08.18 11:55:35 | 000,000,950 | ---- | M] () -- C:\Users\Tim1\AppData\Roaming\Mozilla\Firefox\Profiles\pbyfwtim.default\searchplugins\icqplugin-6.xml
[2010.12.10 22:33:23 | 000,001,056 | ---- | M] () -- C:\Users\Tim1\AppData\Roaming\Mozilla\Firefox\Profiles\pbyfwtim.default\searchplugins\icqplugin.xml
[2012.01.08 14:31:19 | 000,002,457 | ---- | M] () -- C:\Users\Tim1\AppData\Roaming\Mozilla\Firefox\Profiles\pbyfwtim.default\searchplugins\lastminute.xml
[2010.11.06 15:38:58 | 000,001,583 | ---- | M] () -- C:\Users\Tim1\AppData\Roaming\Mozilla\Firefox\Profiles\pbyfwtim.default\searchplugins\web-search.xml
[2012.01.08 14:31:19 | 000,005,508 | ---- | M] () -- C:\Users\Tim1\AppData\Roaming\Mozilla\Firefox\Profiles\pbyfwtim.default\searchplugins\webde-suche.xml
[2011.11.13 10:28:01 | 000,000,000 | ---D | M] (No name found) -- C:\Programme\Mozilla Firefox\extensions
[2009.12.28 21:05:58 | 000,000,000 | ---D | M] ("ICQ Toolbar") -- C:\Programme\Mozilla Firefox\extensions\{800b5000-a755-47e1-992b-48a1c1357f07}
() (No name found) -- C:\USERS\TIM1\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\PBYFWTIM.DEFAULT\EXTENSIONS\{B749FC7C-E949-447F-926C-3F4EED6ACCFE}.XPI
() (No name found) -- C:\USERS\TIM1\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\PBYFWTIM.DEFAULT\EXTENSIONS\{DD05FD3D-18DF-4CE4-AE53-E795339C5F01}.XPI
() (No name found) -- C:\USERS\TIM1\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\PBYFWTIM.DEFAULT\EXTENSIONS\TOOLBAR@WEB.DE.XPI
[2012.03.17 17:45:27 | 000,097,208 | ---- | M] (Mozilla Foundation) -- C:\Program Files\mozilla firefox\components\browsercomps.dll
[2010.04.12 16:29:19 | 000,411,368 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files\mozilla firefox\plugins\npdeployJava1.dll
[2012.02.18 18:06:43 | 000,001,392 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\amazondotcom-de.xml
[2012.02.18 18:06:43 | 000,002,252 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\bing.xml
[2012.02.18 18:06:43 | 000,001,153 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\eBay-de.xml
[2012.02.18 18:06:43 | 000,006,805 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\leo_ende_de.xml
[2012.02.18 18:06:43 | 000,001,178 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\wikipedia-de.xml
[2012.02.18 18:06:43 | 000,001,105 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\yahoo-de.xml
 
========== Chrome  ==========
 
CHR - plugin: Chrome PDF Viewer (Enabled) = C:\Program Files\Google\Chrome\Application\8.0.552.224\pdf.dll
CHR - plugin: Google Gears 0.5.33.0 (Enabled) = C:\Program Files\Google\Chrome\Application\8.0.552.224\gears.dll
CHR - plugin: Shockwave Flash (Enabled) = C:\Program Files\Google\Chrome\Application\8.0.552.224\gcswf32.dll
CHR - plugin: Adobe Acrobat (Disabled) = C:\Program Files\Adobe\Reader 9.0\Reader\Browser\nppdf32.dll
CHR - plugin: Java(TM) Platform SE 6 U20 (Enabled) = C:\Program Files\Java\jre6\bin\new_plugin\npjp2.dll
CHR - plugin: Java Deployment Toolkit 6.0.200.2 (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npdeployJava1.dll
CHR - plugin: 2007 Microsoft Office system (Enabled) = C:\Program Files\Mozilla Firefox\plugins\NPOFF12.DLL
CHR - plugin: Google Update (Enabled) = C:\Program Files\Google\Update\1.2.183.39\npGoogleOneClick8.dll
CHR - plugin: Veetle TV Player (Enabled) = C:\Program Files\Veetle\Player\npvlc.dll
CHR - plugin: Veetle TV Core (Enabled) = C:\Program Files\Veetle\plugins\npVeetle.dll
CHR - plugin: 3DVIA player (Enabled) = C:\Program Files\Virtools\3D Life Player\npvirtools.dll
CHR - plugin: Facebook Plugin (Enabled) = C:\Users\Tim1\AppData\Roaming\Facebook\npfbplugin_1_0_3.dll
CHR - plugin: Shockwave Flash (Enabled) = C:\Windows\system32\Macromed\Flash\NPSWF32.dll
CHR - plugin: TVU Web Player for FireFox (Enabled) = C:\Windows\system32\TVUAx\npTVUAx.dll
CHR - plugin: Silverlight Plug-In (Enabled) = c:\Program Files\Microsoft Silverlight\3.0.40818.0\npctrl.dll
CHR - plugin: Default Plug-in (Enabled) = default_plugin
 
O1 HOSTS File: ([2009.06.10 22:39:37 | 000,000,824 | ---- | M]) - C:\Windows\System32\drivers\etc\hosts
O2 - BHO: (Groove GFS Browser Helper) - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - Z:\Program Files\Microsoft Office\Office12\GrooveShellExtensions.dll (Microsoft Corporation)
O2 - BHO: (ZoneAlarm Security Engine Registrar) - {8A4A36C2-0535-4D2C-BD3D-496CB7EED6E3} - C:\Program Files\CheckPoint\ZAForceField\TrustChecker\bin\TrustCheckerIEPlugin.dll File not found
O2 - BHO: (Avira SearchFree Toolbar plus Web Protection) - {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Programme\Ask.com\GenericAskToolbar.dll (Ask)
O2 - BHO: (Google Gears Helper) - {E0FEFE40-FBF9-42AE-BA58-794CA7E3FB53} - C:\Programme\Google\Google Gears\Internet Explorer\0.5.36.0\gears.dll (Google Inc.)
O3 - HKLM\..\Toolbar: (Avira SearchFree Toolbar plus Web Protection) - {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Programme\Ask.com\GenericAskToolbar.dll (Ask)
O3 - HKLM\..\Toolbar: (ZoneAlarm Security Engine) - {EE2AC4E5-B0B0-4EC6-88A9-BCA1A32AB107} - C:\Program Files\CheckPoint\ZAForceField\TrustChecker\bin\TrustCheckerIEPlugin.dll File not found
O3 - HKU\S-1-5-21-610027521-1406275652-907453515-1000\..\Toolbar\WebBrowser: (no name) - {32099AAC-C132-4136-9E9A-4E364A424E17} - No CLSID value found.
O3 - HKU\S-1-5-21-610027521-1406275652-907453515-1000\..\Toolbar\WebBrowser: (Avira SearchFree Toolbar plus Web Protection) - {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Programme\Ask.com\GenericAskToolbar.dll (Ask)
O3 - HKU\S-1-5-21-610027521-1406275652-907453515-1000\..\Toolbar\WebBrowser: (ZoneAlarm Security Engine) - {EE2AC4E5-B0B0-4EC6-88A9-BCA1A32AB107} - C:\Program Files\CheckPoint\ZAForceField\TrustChecker\bin\TrustCheckerIEPlugin.dll File not found
O4 - HKLM..\Run: []  File not found
O4 - HKLM..\Run: [ApnUpdater] C:\Program Files\Ask.com\Updater\Updater.exe ({StringFileInfo_CompanyName})
O4 - HKLM..\Run: [avgnt] C:\Program Files\Avira\AntiVir Desktop\avgnt.exe (Avira Operations GmbH & Co. KG)
O4 - HKLM..\Run: [Creative SB Monitoring Utility] C:\Windows\System32\SBAVMon.dll (Creative Technology Ltd.)
O4 - HKLM..\Run: [GrooveMonitor] Z:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe (Microsoft Corporation)
O4 - HKLM..\Run: [ISW] C:\Program Files\CheckPoint\ZAForceField\ForceField.exe /icon="hidden" File not found
O4 - HKLM..\Run: [KiesTrayAgent] Z:\Program Files\Kies\KiesTrayAgent.exe (Samsung Electronics Co., Ltd.)
O4 - HKLM..\Run: [Malwarebytes' Anti-Malware] C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe (Malwarebytes Corporation)
O4 - HKLM..\Run: [Module Loader] C:\Program Files\Creative\Shared Files\Module Loader\DLLML.exe (Creative Technology Ltd.)
O4 - HKLM..\Run: [VolPanel] C:\Program Files\Creative\Sound Blaster X-Fi Surround 5.1\Volume Panel\VolPanlu.exe (Creative Technology Ltd)
O4 - HKLM..\Run: [WinampAgent] Z:\Program Files\Winamp\winampa.exe ()
O4 - HKU\S-1-5-21-610027521-1406275652-907453515-1000..\Run: [AdobeBridge]  File not found
O4 - HKU\S-1-5-21-610027521-1406275652-907453515-1000..\Run: [KiesHelper] Z:\Program Files\Kies\KiesHelper.exe (Samsung)
O4 - HKU\S-1-5-21-610027521-1406275652-907453515-1000..\Run: [KiesPDLR] Z:\Program Files\Kies\External\FirmwareUpdate\KiesPDLR.exe ()
O4 - HKU\S-1-5-19..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (Microsoft Corporation)
O4 - HKU\S-1-5-20..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (Microsoft Corporation)
O4 - Startup: C:\Users\Tim1\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\OneNote 2007 Bildschirmausschnitt- und Startprogramm.lnk = Z:\Program Files\Microsoft Office\Office12\ONENOTEM.EXE (Microsoft Corporation)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: PromptOnSecureDesktop = 0
O8 - Extra context menu item: Nach Microsoft E&xel exportieren - Z:\Program Files\Microsoft Office\Office12\EXCEL.EXE (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : &Gears-Einstellungen - {09C04DA7-5B76-4EBC-BBEE-B25EAC5965F5} - C:\Programme\Google\Google Gears\Internet Explorer\0.5.36.0\gears.dll (Google Inc.)
O9 - Extra Button: An OneNote senden - {2670000A-7350-4f3c-8081-5663EE0C6C49} - Z:\Program Files\Microsoft Office\Office12\ONBttnIE.dll (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : An OneNote s&enden - {2670000A-7350-4f3c-8081-5663EE0C6C49} - Z:\Program Files\Microsoft Office\Office12\ONBttnIE.dll (Microsoft Corporation)
O9 - Extra Button: ICQ7.2 - {72EFBFE4-C74F-4187-AEFD-73EA3BE968D6} - C:\Programme\ICQ7.2\ICQ.exe (ICQ, LLC.)
O9 - Extra 'Tools' menuitem : ICQ7.2 - {72EFBFE4-C74F-4187-AEFD-73EA3BE968D6} - C:\Programme\ICQ7.2\ICQ.exe (ICQ, LLC.)
O9 - Extra Button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - Z:\Program Files\Microsoft Office\Office12\REFIEBAR.DLL (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000001 - C:\Program Files\Avira\AntiVir Desktop\avsda.dll (Avira Operations GmbH & Co. KG)
O10 - Protocol_Catalog9\Catalog_Entries\000000000002 - C:\Program Files\Avira\AntiVir Desktop\avsda.dll (Avira Operations GmbH & Co. KG)
O10 - Protocol_Catalog9\Catalog_Entries\000000000003 - C:\Program Files\Avira\AntiVir Desktop\avsda.dll (Avira Operations GmbH & Co. KG)
O10 - Protocol_Catalog9\Catalog_Entries\000000000004 - C:\Program Files\Avira\AntiVir Desktop\avsda.dll (Avira Operations GmbH & Co. KG)
O10 - Protocol_Catalog9\Catalog_Entries\000000000015 - C:\Program Files\Avira\AntiVir Desktop\avsda.dll (Avira Operations GmbH & Co. KG)
O13 - gopher Prefix: missing
O15 - HKU\S-1-5-21-610027521-1406275652-907453515-1000\..Trusted Domains: marecum.de ([www] https in Vertrauenswürdige Sites)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_20-windows-i586.cab (Java Plug-in 1.6.0_20)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.178.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{2650FE33-8D2F-4D49-972C-79DE2256643A}: DhcpNameServer = 192.168.178.1
O18 - Protocol\Handler\grooveLocalGWS {88FED34C-F0CA-4636-A375-3CB6248B04CD} - Z:\Program Files\Microsoft Office\Office12\GrooveSystemServices.dll (Microsoft Corporation)
O18 - Protocol\Handler\ms-help {314111c7-a502-11d2-bbca-00c04f8ec294} - C:\Programme\Common Files\microsoft shared\Help\hxds.dll (Microsoft Corporation)
O18 - Protocol\Filter\text/xml {807563E5-5146-11D5-A672-00B0D022E945} - C:\Programme\Common Files\microsoft shared\OFFICE12\MSOXMLMF.DLL (Microsoft Corporation)
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\System32\userinit.exe (Microsoft Corporation)
O20 - HKLM Winlogon: VMApplet - (SystemPropertiesPerformance.exe) - C:\Windows\System32\SystemPropertiesPerformance.exe (Microsoft Corporation)
O20 - HKLM Winlogon: VMApplet - (/pagefile) -  File not found
O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O28 - HKLM ShellExecuteHooks: {B5A7F190-DDA6-4420-B3BA-52453494E6CD} - Z:\Program Files\Microsoft Office\Office12\GrooveShellExtensions.dll (Microsoft Corporation)
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2009.06.10 22:42:20 | 000,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ]
O33 - MountPoints2\{cdca5e11-de32-11e0-b654-00196643e9e2}\Shell - "" = AutoRun
O33 - MountPoints2\{cdca5e11-de32-11e0-b654-00196643e9e2}\Shell\AutoRun\command - "" = D:\ANNOfinder.exe
O34 - HKLM BootExecute: (autocheck autochk *)
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
 
NetSvcs: FastUserSwitchingCompatibility -  File not found
NetSvcs: Ias - C:\Windows\System32\ias.dll (Microsoft Corporation)
NetSvcs: Nla -  File not found
NetSvcs: Ntmssvc -  File not found
NetSvcs: NWCWorkstation -  File not found
NetSvcs: Nwsapagent -  File not found
NetSvcs: SRService -  File not found
NetSvcs: WmdmPmSp -  File not found
NetSvcs: LogonHours -  File not found
NetSvcs: PCAudit -  File not found
NetSvcs: helpsvc -  File not found
NetSvcs: uploadmgr -  File not found
 
 
SafeBootMin: Base - Driver Group
SafeBootMin: Boot Bus Extender - Driver Group
SafeBootMin: Boot file system - Driver Group
SafeBootMin: File system - Driver Group
SafeBootMin: Filter - Driver Group
SafeBootMin: HelpSvc - Service
SafeBootMin: NTDS -  File not found
SafeBootMin: PCI Configuration - Driver Group
SafeBootMin: PNP Filter - Driver Group
SafeBootMin: Primary disk - Driver Group
SafeBootMin: sacsvr - Service
SafeBootMin: SCSI Class - Driver Group
SafeBootMin: System Bus Extender - Driver Group
SafeBootMin: vmms - Service
SafeBootMin: WinDefend - C:\Programme\Windows Defender\MpSvc.dll (Microsoft Corporation)
SafeBootMin: {36FC9E60-C465-11CF-8056-444553540000} - Universal Serial Bus controllers
SafeBootMin: {4D36E965-E325-11CE-BFC1-08002BE10318} - CD-ROM Drive
SafeBootMin: {4D36E967-E325-11CE-BFC1-08002BE10318} - DiskDrive
SafeBootMin: {4D36E969-E325-11CE-BFC1-08002BE10318} - Standard floppy disk controller
SafeBootMin: {4D36E96A-E325-11CE-BFC1-08002BE10318} - Hdc
SafeBootMin: {4D36E96B-E325-11CE-BFC1-08002BE10318} - Keyboard
SafeBootMin: {4D36E96F-E325-11CE-BFC1-08002BE10318} - Mouse
SafeBootMin: {4D36E977-E325-11CE-BFC1-08002BE10318} - PCMCIA Adapters
SafeBootMin: {4D36E97B-E325-11CE-BFC1-08002BE10318} - SCSIAdapter
SafeBootMin: {4D36E97D-E325-11CE-BFC1-08002BE10318} - System
SafeBootMin: {4D36E980-E325-11CE-BFC1-08002BE10318} - Floppy disk drive
SafeBootMin: {533C5B84-EC70-11D2-9505-00C04F79DEAF} - Volume shadow copy
SafeBootMin: {6BDD1FC1-810F-11D0-BEC7-08002BE2092F} - IEEE 1394 Bus host controllers
SafeBootMin: {71A27CDD-812A-11D0-BEC7-08002BE2092F} - Volume
SafeBootMin: {745A17A0-74D3-11D0-B6FE-00A0C90F57DA} - Human Interface Devices
SafeBootMin: {D48179BE-EC20-11D1-B6B8-00C04FA372A7} - SBP2 IEEE 1394 Devices
SafeBootMin: {D94EE5D8-D189-4994-83D2-F68D7D41B0E6} - SecurityDevices
 
SafeBootNet: Base - Driver Group
SafeBootNet: Boot Bus Extender - Driver Group
SafeBootNet: Boot file system - Driver Group
SafeBootNet: File system - Driver Group
SafeBootNet: Filter - Driver Group
SafeBootNet: HelpSvc - Service
SafeBootNet: Messenger - Service
SafeBootNet: NDIS Wrapper - Driver Group
SafeBootNet: NetBIOSGroup - Driver Group
SafeBootNet: NetDDEGroup - Driver Group
SafeBootNet: Network - Driver Group
SafeBootNet: NetworkProvider - Driver Group
SafeBootNet: NTDS -  File not found
SafeBootNet: PCI Configuration - Driver Group
SafeBootNet: PNP Filter - Driver Group
SafeBootNet: PNP_TDI - Driver Group
SafeBootNet: Primary disk - Driver Group
SafeBootNet: rdsessmgr - Service
SafeBootNet: sacsvr - Service
SafeBootNet: SCSI Class - Driver Group
SafeBootNet: Streams Drivers - Driver Group
SafeBootNet: System Bus Extender - Driver Group
SafeBootNet: TDI - Driver Group
SafeBootNet: vmms - Service
SafeBootNet: WinDefend - C:\Programme\Windows Defender\MpSvc.dll (Microsoft Corporation)
SafeBootNet: WudfUsbccidDriver - Driver
SafeBootNet: {36FC9E60-C465-11CF-8056-444553540000} - Universal Serial Bus controllers
SafeBootNet: {4D36E965-E325-11CE-BFC1-08002BE10318} - CD-ROM Drive
SafeBootNet: {4D36E967-E325-11CE-BFC1-08002BE10318} - DiskDrive
SafeBootNet: {4D36E969-E325-11CE-BFC1-08002BE10318} - Standard floppy disk controller
SafeBootNet: {4D36E96A-E325-11CE-BFC1-08002BE10318} - Hdc
SafeBootNet: {4D36E96B-E325-11CE-BFC1-08002BE10318} - Keyboard
SafeBootNet: {4D36E96F-E325-11CE-BFC1-08002BE10318} - Mouse
SafeBootNet: {4D36E972-E325-11CE-BFC1-08002BE10318} - Net
SafeBootNet: {4D36E973-E325-11CE-BFC1-08002BE10318} - NetClient
SafeBootNet: {4D36E974-E325-11CE-BFC1-08002BE10318} - NetService
SafeBootNet: {4D36E975-E325-11CE-BFC1-08002BE10318} - NetTrans
SafeBootNet: {4D36E977-E325-11CE-BFC1-08002BE10318} - PCMCIA Adapters
SafeBootNet: {4D36E97B-E325-11CE-BFC1-08002BE10318} - SCSIAdapter
SafeBootNet: {4D36E97D-E325-11CE-BFC1-08002BE10318} - System
SafeBootNet: {4D36E980-E325-11CE-BFC1-08002BE10318} - Floppy disk drive
SafeBootNet: {50DD5230-BA8A-11D1-BF5D-0000F805F530} - Smart card readers
SafeBootNet: {533C5B84-EC70-11D2-9505-00C04F79DEAF} - Volume shadow copy
SafeBootNet: {6BDD1FC1-810F-11D0-BEC7-08002BE2092F} - IEEE 1394 Bus host controllers
SafeBootNet: {71A27CDD-812A-11D0-BEC7-08002BE2092F} - Volume
SafeBootNet: {745A17A0-74D3-11D0-B6FE-00A0C90F57DA} - Human Interface Devices
SafeBootNet: {D48179BE-EC20-11D1-B6B8-00C04FA372A7} - SBP2 IEEE 1394 Devices
SafeBootNet: {D94EE5D8-D189-4994-83D2-F68D7D41B0E6} - SecurityDevices
 
ActiveX: {08B0E5C0-4FCB-11CF-AAA5-00401C608500} - Java (Sun)
ActiveX: {22d6f312-b0f6-11d0-94ab-0080c74c7e95} - Microsoft Windows Media Player 12.0
ActiveX: {25FFAAD0-F4A3-4164-95FF-4461E9F35D51} - .NET Framework
ActiveX: {2C7339CF-2B09-4501-B3F3-F3508C9228ED} - %SystemRoot%\system32\regsvr32.exe /s /n /i:/UserInstall %SystemRoot%\system32\themeui.dll
ActiveX: {3af36230-a269-11d1-b5bf-0000f8051515} - Offline Browsing Pack
ActiveX: {44BBA840-CC51-11CF-AAFA-00AA00B6015C} - "%ProgramFiles%\Windows Mail\WinMail.exe" OCInstallUserConfigOE
ActiveX: {44BBA855-CC51-11CF-AAFA-00AA00B6015F} - DirectDrawEx
ActiveX: {45ea75a0-a269-11d1-b5bf-0000f8051515} - Internet Explorer Help
ActiveX: {4f645220-306d-11d2-995d-00c04f98bbc9} - Microsoft Windows Script 5.6
ActiveX: {5fd399c0-a70a-11d1-9948-00c04f98bbc9} - Internet Explorer Setup Tools
ActiveX: {630b1da0-b465-11d1-9948-00c04f98bbc9} - Browsing Enhancements
ActiveX: {6BF52A52-394A-11d3-B153-00C04F79FAA6} - Microsoft Windows Media Player
ActiveX: {6fab99d0-bab8-11d1-994a-00c04f98bbc9} - MSN Site Access
ActiveX: {7790769C-0471-11d2-AF11-00C04FA35D02} - Address Book 7
ActiveX: {7C028AF8-F614-47B3-82DA-BA94E41B1089} - .NET Framework
ActiveX: {89820200-ECBD-11cf-8B85-00AA005B4340} - regsvr32.exe /s /n /i:U shell32.dll
ActiveX: {89820200-ECBD-11cf-8B85-00AA005B4383} - C:\Windows\System32\ie4uinit.exe -BaseSettings
ActiveX: {89B4C1CD-B018-4511-B0A1-5476DBF70820} - C:\Windows\system32\Rundll32.exe C:\Windows\system32\mscories.dll,Install
ActiveX: {9381D8F2-0288-11D0-9501-00AA00B911A5} - Dynamic HTML Data Binding
ActiveX: {950249E3-83B2-9CBF-FA4A-EF918D7D5204} - Microsoft Windows Media Player 12.0
ActiveX: {C9E9A340-D1F1-11D0-821E-444553540600} - Internet Explorer Core Fonts
ActiveX: {D27CDB6E-AE6D-11CF-96B8-444553540000} - Adobe Flash Player
ActiveX: {de5aed00-a4bf-11d1-9948-00c04f98bbc9} - HTML Help
ActiveX: {E92B03AB-B707-11d2-9CBD-0000F87A369E} - Active Directory Service Interface
ActiveX: {FC60836E-A2D2-652A-20BB-873D8442E97B} - Microsoft Windows Media Player
ActiveX: >{22d6f312-b0f6-11d0-94ab-0080c74c7e95} - %SystemRoot%\system32\unregmp2.exe /ShowWMP
ActiveX: >{26923b43-4d38-484f-9b9e-de460746276c} - C:\Windows\System32\ie4uinit.exe -UserIconConfig
ActiveX: >{60B49E34-C7CC-11D0-8953-00A0C90347FF} - "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\iedkcs32.dll",BrandIEActiveSetup SIGNUP
 
Drivers32: msacm.l3acm - C:\Windows\System32\l3codeca.acm (Fraunhofer Institut Integrierte Schaltungen IIS)
Drivers32: vidc.cvid - C:\Windows\System32\iccvid.dll (Radius Inc.)
 
CREATERESTOREPOINT
Restore point Set: OTL Restore Point
 
========== Files/Folders - Created Within 30 Days ==========
 
[2012.03.16 14:23:45 | 000,000,000 | ---D | C] -- C:\Program Files\ESET
[2012.03.16 13:10:29 | 000,000,000 | ---D | C] -- C:\Users\Tim1\AppData\Roaming\Malwarebytes
[2012.03.16 13:10:22 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes' Anti-Malware
[2012.03.16 13:10:20 | 000,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes
[2012.03.16 13:10:19 | 000,020,464 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbam.sys
[2012.03.16 13:10:19 | 000,000,000 | ---D | C] -- C:\Program Files\Malwarebytes' Anti-Malware
[2012.03.09 21:52:31 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\7-Zip
[2012.03.09 21:52:31 | 000,000,000 | ---D | C] -- C:\Program Files\7-Zip
[2012.03.09 14:22:01 | 000,000,000 | -HSD | C] -- C:\Config.Msi
[2012.03.09 13:26:17 | 000,000,000 | ---D | C] -- C:\Users\Tim1\AppData\Local\Lidl_Fotos
[2012.02.22 06:01:57 | 000,000,000 | ---D | C] -- C:\Program Files\Adobe
[2 C:\Windows\System32\*.tmp files -> C:\Windows\System32\*.tmp -> ]
 
========== Files - Modified Within 30 Days ==========
 
[2012.03.18 08:24:53 | 000,016,944 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
[2012.03.18 08:24:53 | 000,016,944 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
[2012.03.18 08:17:52 | 000,001,090 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job
[2012.03.18 08:17:30 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2012.03.18 08:17:23 | 1610,063,872 | -HS- | M] () -- C:\hiberfil.sys
[2012.03.17 22:58:02 | 000,001,094 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job
[2012.03.17 17:50:00 | 000,108,119 | ---- | M] () -- C:\Users\Tim1\Desktop\Fahrplan-zum-PJ-Aug-12.pdf
[2012.03.17 17:49:45 | 000,070,186 | ---- | M] () -- C:\Users\Tim1\Desktop\FAQ1.pdf
[2012.03.17 17:49:26 | 000,008,556 | ---- | M] () -- C:\Users\Tim1\Desktop\Spielregeln-PJ-Verteilung1.pdf
[2012.03.17 13:51:17 | 000,643,628 | ---- | M] () -- C:\Windows\System32\perfh007.dat
[2012.03.17 13:51:17 | 000,606,992 | ---- | M] () -- C:\Windows\System32\perfh009.dat
[2012.03.17 13:51:17 | 000,126,188 | ---- | M] () -- C:\Windows\System32\perfc007.dat
[2012.03.17 13:51:17 | 000,103,370 | ---- | M] () -- C:\Windows\System32\perfc009.dat
[2012.03.09 17:03:01 | 000,000,020 | ---- | M] () -- C:\Users\Tim1\defogger_reenable
[2012.03.09 14:12:26 | 000,001,594 | ---- | M] () -- C:\Windows\VPNUnInstall.MIF
[2012.03.09 13:24:34 | 000,086,547 | ---- | M] () -- C:\Users\Tim1\AppData\Roaming\mdbu.bin
[2012.02.17 17:59:35 | 000,137,416 | ---- | M] (Avira GmbH) -- C:\Windows\System32\drivers\avipbb.sys
[2 C:\Windows\System32\*.tmp files -> C:\Windows\System32\*.tmp -> ]
 
========== Files Created - No Company Name ==========
 
[2012.03.17 17:50:00 | 000,108,119 | ---- | C] () -- C:\Users\Tim1\Desktop\Fahrplan-zum-PJ-Aug-12.pdf
[2012.03.17 17:49:45 | 000,070,186 | ---- | C] () -- C:\Users\Tim1\Desktop\FAQ1.pdf
[2012.03.17 17:49:26 | 000,008,556 | ---- | C] () -- C:\Users\Tim1\Desktop\Spielregeln-PJ-Verteilung1.pdf
[2012.03.09 17:02:17 | 000,000,020 | ---- | C] () -- C:\Users\Tim1\defogger_reenable
[2012.02.22 06:02:03 | 000,002,441 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe Reader 9.lnk
[2012.02.18 11:27:10 | 137,323,493 | ---- | C] () -- C:\Users\Tim1\Desktop\Herold 2012.pdf
[2011.12.23 20:58:28 | 000,030,568 | ---- | C] () -- C:\Windows\MusiccityDownload.exe
[2011.12.23 20:58:24 | 000,974,848 | ---- | C] () -- C:\Windows\System32\cis-2.4.dll
[2011.12.23 20:58:24 | 000,081,920 | ---- | C] () -- C:\Windows\System32\issacapi_bs-2.3.dll
[2011.12.23 20:58:24 | 000,065,536 | ---- | C] () -- C:\Windows\System32\issacapi_pe-2.3.dll
[2011.12.23 20:58:24 | 000,057,344 | ---- | C] () -- C:\Windows\System32\issacapi_se-2.3.dll
[2011.09.13 18:14:06 | 000,043,520 | ---- | C] () -- C:\Windows\System32\CmdLineExt03.dll
[2010.11.20 15:22:17 | 000,086,547 | ---- | C] () -- C:\Users\Tim1\AppData\Roaming\mdbu.bin
[2010.06.12 19:43:02 | 000,017,408 | ---- | C] () -- C:\Users\Tim1\AppData\Local\WebpageIcons.db
 
========== LOP Check ==========
 
[2011.04.23 16:47:15 | 000,000,000 | ---D | M] -- C:\Users\Tim1\AppData\Roaming\CheckPoint
[2009.12.28 22:15:07 | 000,000,000 | ---D | M] -- C:\Users\Tim1\AppData\Roaming\DAEMON Tools Lite
[2012.03.17 13:00:06 | 000,000,000 | ---D | M] -- C:\Users\Tim1\AppData\Roaming\Dropbox
[2011.04.07 10:16:01 | 000,000,000 | ---D | M] -- C:\Users\Tim1\AppData\Roaming\EndNote
[2012.03.08 13:25:41 | 000,000,000 | ---D | M] -- C:\Users\Tim1\AppData\Roaming\ICQ
[2009.12.28 22:21:56 | 000,000,000 | ---D | M] -- C:\Users\Tim1\AppData\Roaming\Leadertech
[2012.01.20 21:36:16 | 000,000,000 | ---D | M] -- C:\Users\Tim1\AppData\Roaming\Nokia
[2010.02.14 10:26:49 | 000,000,000 | ---D | M] -- C:\Users\Tim1\AppData\Roaming\PC Suite
[2012.01.21 13:13:28 | 000,000,000 | ---D | M] -- C:\Users\Tim1\AppData\Roaming\Samsung
[2012.01.21 13:58:35 | 000,000,000 | ---D | M] -- C:\Users\Tim1\AppData\Roaming\Temp
[2009.12.28 20:04:02 | 000,000,000 | ---D | M] -- C:\Users\Tim1\AppData\Roaming\TrueCrypt
[2012.03.07 07:11:35 | 000,032,640 | ---- | M] () -- C:\Windows\Tasks\SCHEDLGU.TXT
 
========== Purity Check ==========
 
 
 
========== Custom Scans ==========
 
< %ALLUSERSPROFILE%\Application Data\*. >
 
< %ALLUSERSPROFILE%\Application Data\*.exe /s >
 
< %APPDATA%\*. >
[2011.08.10 17:51:16 | 000,000,000 | ---D | M] -- C:\Users\Tim1\AppData\Roaming\Adobe
[2011.10.29 10:05:57 | 000,000,000 | ---D | M] -- C:\Users\Tim1\AppData\Roaming\Avira
[2011.04.23 16:47:15 | 000,000,000 | ---D | M] -- C:\Users\Tim1\AppData\Roaming\CheckPoint
[2009.12.31 10:03:58 | 000,000,000 | ---D | M] -- C:\Users\Tim1\AppData\Roaming\Creative
[2009.12.28 22:15:07 | 000,000,000 | ---D | M] -- C:\Users\Tim1\AppData\Roaming\DAEMON Tools Lite
[2011.03.14 07:30:07 | 000,000,000 | ---D | M] -- C:\Users\Tim1\AppData\Roaming\DivX
[2012.03.17 13:00:06 | 000,000,000 | ---D | M] -- C:\Users\Tim1\AppData\Roaming\Dropbox
[2010.12.28 18:35:05 | 000,000,000 | ---D | M] -- C:\Users\Tim1\AppData\Roaming\dvdcss
[2011.04.07 10:16:01 | 000,000,000 | ---D | M] -- C:\Users\Tim1\AppData\Roaming\EndNote
[2012.03.08 13:25:41 | 000,000,000 | ---D | M] -- C:\Users\Tim1\AppData\Roaming\ICQ
[2009.12.28 19:46:10 | 000,000,000 | ---D | M] -- C:\Users\Tim1\AppData\Roaming\Identities
[2011.08.14 07:32:38 | 000,000,000 | ---D | M] -- C:\Users\Tim1\AppData\Roaming\InstallShield
[2009.12.28 22:21:56 | 000,000,000 | ---D | M] -- C:\Users\Tim1\AppData\Roaming\Leadertech
[2009.12.28 19:51:24 | 000,000,000 | ---D | M] -- C:\Users\Tim1\AppData\Roaming\Macromedia
[2012.03.16 13:10:29 | 000,000,000 | ---D | M] -- C:\Users\Tim1\AppData\Roaming\Malwarebytes
[2009.07.14 08:48:45 | 000,000,000 | ---D | M] -- C:\Users\Tim1\AppData\Roaming\Media Center Programs
[2012.01.03 11:43:43 | 000,000,000 | --SD | M] -- C:\Users\Tim1\AppData\Roaming\Microsoft
[2009.12.28 19:49:16 | 000,000,000 | ---D | M] -- C:\Users\Tim1\AppData\Roaming\Mozilla
[2012.01.20 21:36:16 | 000,000,000 | ---D | M] -- C:\Users\Tim1\AppData\Roaming\Nokia
[2010.02.14 10:26:49 | 000,000,000 | ---D | M] -- C:\Users\Tim1\AppData\Roaming\PC Suite
[2012.01.21 13:13:28 | 000,000,000 | ---D | M] -- C:\Users\Tim1\AppData\Roaming\Samsung
[2012.03.09 13:58:51 | 000,000,000 | ---D | M] -- C:\Users\Tim1\AppData\Roaming\Skype
[2012.01.03 10:35:55 | 000,000,000 | ---D | M] -- C:\Users\Tim1\AppData\Roaming\skypePM
[2012.01.21 13:58:35 | 000,000,000 | ---D | M] -- C:\Users\Tim1\AppData\Roaming\Temp
[2009.12.28 20:04:02 | 000,000,000 | ---D | M] -- C:\Users\Tim1\AppData\Roaming\TrueCrypt
[2010.07.18 20:32:28 | 000,000,000 | ---D | M] -- C:\Users\Tim1\AppData\Roaming\vlc
[2011.10.08 21:59:04 | 000,000,000 | ---D | M] -- C:\Users\Tim1\AppData\Roaming\Winamp
[2009.12.28 21:13:55 | 000,000,000 | ---D | M] -- C:\Users\Tim1\AppData\Roaming\WinRAR
 
< %APPDATA%\*.exe /s >
[2012.02.15 00:03:14 | 024,246,216 | ---- | M] (Dropbox, Inc.) -- C:\Users\Tim1\AppData\Roaming\Dropbox\bin\Dropbox.exe
[2012.02.15 00:03:44 | 000,174,752 | ---- | M] (Dropbox, Inc.) -- C:\Users\Tim1\AppData\Roaming\Dropbox\bin\Uninstall.exe
[2010.04.03 07:06:02 | 001,925,088 | ---- | M] (Adobe Systems Incorporated) -- C:\Users\Tim1\AppData\Roaming\Macromedia\Flash Player\www.macromedia.com\bin\fpupdatepl\fpupdatepl.exe
[2010.02.27 08:53:03 | 000,119,808 | R--- | M] () -- C:\Users\Tim1\AppData\Roaming\Microsoft\Installer\{CCF298AF-9CE1-4B26-B251-486E98A34789}\icons.exe
[2011.12.27 23:21:22 | 000,371,088 | ---- | M] (ml) -- C:\Users\Tim1\AppData\Roaming\Samsung\Kies\UpdateTemp\Temp\Kies.Update.exe
[2011.12.27 23:21:22 | 000,371,088 | ---- | M] (ml) -- C:\Users\Tim1\AppData\Roaming\Samsung\Kies\UpdateTemp\Updater\Kies.Update.exe
 
< %SYSTEMDRIVE%\*.exe >
 
< MD5 for: AGP440.SYS  >
[2009.07.14 02:26:15 | 000,053,312 | ---- | M] (Microsoft Corporation) MD5=507812C3054C21CEF746B6EE3D04DD6E -- C:\Windows\System32\drivers\AGP440.sys
[2009.07.14 02:26:15 | 000,053,312 | ---- | M] (Microsoft Corporation) MD5=507812C3054C21CEF746B6EE3D04DD6E -- C:\Windows\System32\DriverStore\FileRepository\machine.inf_x86_neutral_65848c2d7375a720\AGP440.sys
[2009.07.14 02:26:15 | 000,053,312 | ---- | M] (Microsoft Corporation) MD5=507812C3054C21CEF746B6EE3D04DD6E -- C:\Windows\winsxs\x86_machine.inf_31bf3856ad364e35_6.1.7600.16385_none_b9e9435f20046eeb\AGP440.sys
 
< MD5 for: ATAPI.SYS  >
[2009.07.14 02:26:15 | 000,021,584 | ---- | M] (Microsoft Corporation) MD5=338C86357871C167A96AB976519BF59E -- C:\Windows\System32\drivers\atapi.sys
[2009.07.14 02:26:15 | 000,021,584 | ---- | M] (Microsoft Corporation) MD5=338C86357871C167A96AB976519BF59E -- C:\Windows\System32\DriverStore\FileRepository\mshdc.inf_x86_neutral_f64b9c35a3a5be81\atapi.sys
[2009.07.14 02:26:15 | 000,021,584 | ---- | M] (Microsoft Corporation) MD5=338C86357871C167A96AB976519BF59E -- C:\Windows\winsxs\x86_mshdc.inf_31bf3856ad364e35_6.1.7600.16385_none_dd0e7e3d82dd640d\atapi.sys
 
< MD5 for: CNGAUDIT.DLL  >
[2009.07.14 02:15:06 | 000,012,288 | ---- | M] (Microsoft Corporation) MD5=50BA656134F78AF64E4DD3C8B6FEFD7E -- C:\Windows\System32\cngaudit.dll
[2009.07.14 02:15:06 | 000,012,288 | ---- | M] (Microsoft Corporation) MD5=50BA656134F78AF64E4DD3C8B6FEFD7E -- C:\Windows\winsxs\x86_microsoft-windows-cngaudit-dll_31bf3856ad364e35_6.1.7600.16385_none_e83a414890e8132b\cngaudit.dll
 
< MD5 for: IASTORV.SYS  >
[2009.07.14 02:20:36 | 000,332,352 | ---- | M] (Intel Corporation) MD5=934AF4D7C5F457B9F0743F4299B77B67 -- C:\Windows\System32\drivers\iaStorV.sys
[2009.07.14 02:20:36 | 000,332,352 | ---- | M] (Intel Corporation) MD5=934AF4D7C5F457B9F0743F4299B77B67 -- C:\Windows\System32\DriverStore\FileRepository\iastorv.inf_x86_neutral_18cccb83b34e1453\iaStorV.sys
[2009.07.14 02:20:36 | 000,332,352 | ---- | M] (Intel Corporation) MD5=934AF4D7C5F457B9F0743F4299B77B67 -- C:\Windows\winsxs\x86_iastorv.inf_31bf3856ad364e35_6.1.7600.16385_none_aee7a89be91b9000\iaStorV.sys
 
< MD5 for: NETLOGON.DLL  >
[2009.07.14 02:16:02 | 000,563,712 | ---- | M] (Microsoft Corporation) MD5=EAA75D9000B71F10EEC04D2AE6C60E81 -- C:\Windows\System32\netlogon.dll
[2009.07.14 02:16:02 | 000,563,712 | ---- | M] (Microsoft Corporation) MD5=EAA75D9000B71F10EEC04D2AE6C60E81 -- C:\Windows\winsxs\x86_microsoft-windows-security-netlogon_31bf3856ad364e35_6.1.7600.16385_none_fd8e0d66994d7dc8\netlogon.dll
 
< MD5 for: NVSTOR.SYS  >
[2009.07.14 02:20:44 | 000,142,416 | ---- | M] (NVIDIA Corporation) MD5=C99F251A5DE63C6F129CF71933ACED0F -- C:\Windows\System32\drivers\nvstor.sys
[2009.07.14 02:20:44 | 000,142,416 | ---- | M] (NVIDIA Corporation) MD5=C99F251A5DE63C6F129CF71933ACED0F -- C:\Windows\System32\DriverStore\FileRepository\nvraid.inf_x86_neutral_5bde3fe2945bce9e\nvstor.sys
[2009.07.14 02:20:44 | 000,142,416 | ---- | M] (NVIDIA Corporation) MD5=C99F251A5DE63C6F129CF71933ACED0F -- C:\Windows\winsxs\x86_nvraid.inf_31bf3856ad364e35_6.1.7600.16385_none_39b1194b205239d8\nvstor.sys
 
< MD5 for: SCECLI.DLL  >
[2009.07.14 02:16:13 | 000,175,616 | ---- | M] (Microsoft Corporation) MD5=26073302DAEA83CC5B944C546D6B47D2 -- C:\Windows\System32\scecli.dll
[2009.07.14 02:16:13 | 000,175,616 | ---- | M] (Microsoft Corporation) MD5=26073302DAEA83CC5B944C546D6B47D2 -- C:\Windows\winsxs\x86_microsoft-windows-s..urationengineclient_31bf3856ad364e35_6.1.7600.16385_none_37e4387f3a6f0483\scecli.dll
 
< MD5 for: USER32.DLL  >
[2009.07.14 02:16:17 | 000,811,520 | ---- | M] (Microsoft Corporation) MD5=34B7E222E81FAFA885F0C5F2CFA56861 -- C:\Windows\System32\user32.dll
[2009.07.14 02:16:17 | 000,811,520 | ---- | M] (Microsoft Corporation) MD5=34B7E222E81FAFA885F0C5F2CFA56861 -- C:\Windows\winsxs\x86_microsoft-windows-user32_31bf3856ad364e35_6.1.7600.16385_none_cd0ec264ceb014a3\user32.dll
 
< MD5 for: USERINIT.EXE  >
[2009.07.14 02:14:43 | 000,026,112 | ---- | M] (Microsoft Corporation) MD5=6DE80F60D7DE9CE6B8C2DDFDF79EF175 -- C:\Windows\System32\userinit.exe
[2009.07.14 02:14:43 | 000,026,112 | ---- | M] (Microsoft Corporation) MD5=6DE80F60D7DE9CE6B8C2DDFDF79EF175 -- C:\Windows\winsxs\x86_microsoft-windows-userinit_31bf3856ad364e35_6.1.7600.16385_none_dbff103933038d7c\userinit.exe
 
< MD5 for: WININIT.EXE  >
[2009.07.14 02:14:45 | 000,096,256 | ---- | M] (Microsoft Corporation) MD5=B5C5DCAD3899512020D135600129D665 -- C:\Windows\System32\wininit.exe
[2009.07.14 02:14:45 | 000,096,256 | ---- | M] (Microsoft Corporation) MD5=B5C5DCAD3899512020D135600129D665 -- C:\Windows\winsxs\x86_microsoft-windows-wininit_31bf3856ad364e35_6.1.7600.16385_none_30c90ef265a43c13\wininit.exe
 
< MD5 for: WINLOGON.EXE  >
[2012.01.13 14:53:20 | 000,182,856 | ---- | M] () MD5=63EEC8A8B221AB79045E776E5F592868 -- C:\Program Files\Malwarebytes' Anti-Malware\Chameleon\winlogon.exe
[2009.07.14 02:14:45 | 000,285,696 | ---- | M] (Microsoft Corporation) MD5=8EC6A4AB12B8F3759E21F8E3A388F2CF -- C:\Windows\System32\winlogon.exe
[2009.07.14 02:14:45 | 000,285,696 | ---- | M] (Microsoft Corporation) MD5=8EC6A4AB12B8F3759E21F8E3A388F2CF -- C:\Windows\winsxs\x86_microsoft-windows-winlogon_31bf3856ad364e35_6.1.7600.16385_none_6f99573a36451166\winlogon.exe
 
< MD5 for: WS2IFSL.SYS  >
[2009.07.14 00:55:02 | 000,016,384 | ---- | M] (Microsoft Corporation) MD5=6DB3276587B853BF886B69528FDB048C -- C:\Windows\System32\drivers\ws2ifsl.sys
[2009.07.14 00:55:02 | 000,016,384 | ---- | M] (Microsoft Corporation) MD5=6DB3276587B853BF886B69528FDB048C -- C:\Windows\winsxs\x86_microsoft-windows-w..rastructure-ws2ifsl_31bf3856ad364e35_6.1.7600.16385_none_4f5cf6f829213bb2\ws2ifsl.sys
 
< %systemroot%\system32\drivers\*.sys /lockedfiles >
 
< %systemroot%\System32\config\*.sav >
 
< %systemroot%\*. /mp /s >
 
< %systemroot%\system32\*.dll /lockedfiles >
[2009.07.14 02:15:13 | 000,346,112 | ---- | M] (Microsoft Corporation) Unable to obtain MD5 -- C:\Windows\system32\dxtmsft.dll
[2009.07.14 02:15:13 | 000,215,552 | ---- | M] (Microsoft Corporation) Unable to obtain MD5 -- C:\Windows\system32\dxtrans.dll
[2009.07.14 02:15:36 | 000,226,816 | ---- | M] (Microsoft Corporation) Unable to obtain MD5 -- C:\Windows\system32\LocationApi.dll
[2 C:\Windows\system32\*.tmp files -> C:\Windows\system32\*.tmp -> ]

< End of report >

--- --- ---

Tim1987 · 18.03.2012, 09:21

OTL EXTRAS Logfile:

Code:

ATTFilter

OTL Extras logfile created on: 18.03.2012 08:34:04 - Run 1
OTL by OldTimer - Version 3.2.39.1     Folder = Z:\Filme
 Ultimate Edition  (Version = 6.1.7600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.7600.16385)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
 
2,00 Gb Total Physical Memory | 1,50 Gb Available Physical Memory | 75,01% Memory free
4,00 Gb Paging File | 3,16 Gb Available in Paging File | 79,09% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 15,62 Gb Total Space | 1,74 Gb Free Space | 11,12% Space Free | Partition Type: NTFS
Drive Z: | 41,64 Gb Total Space | 10,97 Gb Free Space | 26,34% Space Free | Partition Type: NTFS
 
Computer Name: TIM1-PC | User Name: Tim1 | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users | Quick Scan
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days
 
========== Extra Registry (SafeList) ==========
 
 
========== File Associations ==========
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- C:\Windows\System32\control.exe (Microsoft Corporation)
.hlp [@ = hlpfile] -- C:\Windows\winhlp32.exe (Microsoft Corporation)
 
[HKEY_USERS\S-1-5-21-610027521-1406275652-907453515-1000\SOFTWARE\Classes\<extension>]
.html [@ = FirefoxHTML] -- C:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation)
 
========== Shell Spawning ==========
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
hlpfile [open] -- %SystemRoot%\winhlp32.exe %1 (Microsoft Corporation)
htmlfile [edit] -- "Z:\Program Files\Microsoft Office\Office12\msohtmed.exe" %1 (Microsoft Corporation)
htmlfile [print] -- "Z:\Program Files\Microsoft Office\Office12\msohtmed.exe" /p %1 (Microsoft Corporation)
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [AddToPlaylistVLC] -- z:\Program Files\VideoLAN\VLC\vlc.exe --started-from-file --playlist-enqueue "%1" ()
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [OneNote.Open] -- Z:\PROGRA~1\MICROS~1\Office12\ONENOTE.EXE "%L" (Microsoft Corporation)
Directory [PlayWithVLC] -- z:\Program Files\VideoLAN\VLC\vlc.exe --started-from-file --no-playlist-enqueue "%1" ()
Directory [Winamp.Bookmark] -- "Z:\Program Files\Winamp\winamp.exe" /BOOKMARK "%1" (Nullsoft)
Directory [Winamp.Enqueue] -- "Z:\Program Files\Winamp\winamp.exe" /ADD "%1" (Nullsoft)
Directory [Winamp.Play] -- "Z:\Program Files\Winamp\winamp.exe" "%1" (Nullsoft)
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
 
========== Security Center Settings ==========
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 1
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"VistaSp1" = Reg Error: Unknown registry data type -- File not found
"AntiVirusOverride" = 0
"AntiSpywareOverride" = 0
"FirewallOverride" = 0
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol]
 
========== Firewall Settings ==========
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1
 
========== Authorized Applications List ==========
 
 
========== HKEY_LOCAL_MACHINE Uninstall List ==========
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{0001B4FD-9EA3-4D90-A79E-FD14BA3AB01D}" = PDFCreator
"{02E89EFC-7B07-4D5A-AA03-9EC0902914EE}" = VC 9.0 Runtime
"{12BEF00E-ECFF-4820-BEDF-CCB9CC06A955}" = Sound Blaster X-Fi Surround 5.1
"{1D29F4C4-4477-4863-8376-4CCF3444B73D}" = Thrustmaster Internet Phone TM507 Webcam Drivers
"{26A24AE4-039D-4CA4-87B4-2F83216017FF}" = Java(TM) 6 Update 20
"{2FA41EBB-3F5A-35C3-85D6-51EC72A11FBD}" = Google Gears
"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
"{4E868D3D-6EEB-4273-926C-2287236B5B79}" = 3DVIA player 5.0
"{6AFCA4E1-9B78-3640-8F72-A7BF33448200}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729
"{6D3245B1-8DB8-4A23-9CD2-2C90F40ABAF6}" = MSVC80_x86_v2
"{6E0352EE-6F0D-4FBC-B1B8-4FF032C78BE0}" = PC Connectivity Solution
"{72EFBFE4-C74F-4187-AEFD-73EA3BE968D6}" = ICQ7.2
"{758C8301-2696-4855-AF45-534B1200980A}" = Samsung Kies
"{86B3F2D6-AC2B-0014-8AE1-F2F77F781B0C}" = EndNote X4
"{86D4B82A-ABED-442A-BE86-96357B70F4FE}" = Ask Toolbar
"{90120000-0015-0407-0000-0000000FF1CE}" = Microsoft Office Access MUI (German) 2007
"{90120000-0016-0407-0000-0000000FF1CE}" = Microsoft Office Excel MUI (German) 2007
"{90120000-0018-0407-0000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (German) 2007
"{90120000-0019-0407-0000-0000000FF1CE}" = Microsoft Office Publisher MUI (German) 2007
"{90120000-001A-0407-0000-0000000FF1CE}" = Microsoft Office Outlook MUI (German) 2007
"{90120000-001B-0407-0000-0000000FF1CE}" = Microsoft Office Word MUI (German) 2007
"{90120000-001F-0407-0000-0000000FF1CE}" = Microsoft Office Proof (German) 2007
"{90120000-001F-0409-0000-0000000FF1CE}" = Microsoft Office Proof (English) 2007
"{90120000-001F-040C-0000-0000000FF1CE}" = Microsoft Office Proof (French) 2007
"{90120000-001F-0410-0000-0000000FF1CE}" = Microsoft Office Proof (Italian) 2007
"{90120000-002C-0407-0000-0000000FF1CE}" = Microsoft Office Proofing (German) 2007
"{90120000-0030-0000-0000-0000000FF1CE}" = Microsoft Office Enterprise 2007
"{90120000-0044-0407-0000-0000000FF1CE}" = Microsoft Office InfoPath MUI (German) 2007
"{90120000-006E-0407-0000-0000000FF1CE}" = Microsoft Office Shared MUI (German) 2007
"{90120000-00A1-0407-0000-0000000FF1CE}" = Microsoft Office OneNote MUI (German) 2007
"{90120000-00B2-0407-0000-0000000FF1CE}" = Microsoft – Speichern als PDF oder XPS – Add-In für 2007 Microsoft Office-Programme
"{90120000-00BA-0407-0000-0000000FF1CE}" = Microsoft Office Groove MUI (German) 2007
"{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
"{A49F249F-0C91-497F-86DF-B2585E8E76B7}" = Microsoft Visual C++ 2005 Redistributable
"{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}" = Google Update Helper
"{AA59DDE4-B672-4621-A016-4C248204957A}" = Skype™ 5.5
"{AC76BA86-7AD7-1031-7B44-A95000000001}" = Adobe Reader 9.5.0 - Deutsch
"{BEEFC4F8-2909-48B3-AFAA-55D3533FDEDD}" = Creative MediaSource 5
"{CCF298AF-9CE1-4B26-B251-486E98A34789}" = Windows 7 USB/DVD Download Tool
"{D0795B21-0CDA-4a92-AB9E-6E92D8111E44}" = SAMSUNG USB Driver for Mobile Phones
"{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}" = Microsoft Visual C++ 2010  x86 Redistributable - 10.0.40219
"{F1A14CB2-A048-45A6-AFDA-3571296E1D76}" = Creative Media Toolbox 6
"504244733D18C8F63FF584AEB290E3904E791693" = Windows-Treiberpaket - Nokia pccsmcfd  (08/22/2008 7.0.0.0)
"7-Zip" = 7-Zip 9.20
"Adobe Flash Player ActiveX" = Adobe Flash Player 10 ActiveX
"Adobe Flash Player Plugin" = Adobe Flash Player 11 Plugin
"Adobe Shockwave Player" = Adobe Shockwave Player 11.5
"Avira AntiVir Desktop" = Avira Free Antivirus
"Clone Manager Suite 7" = Clone Manager Suite 7
"Creative Software AutoUpdate" = Creative Software AutoUpdate
"ENTERPRISE" = Microsoft Office Enterprise 2007
"ESET Online Scanner" = ESET Online Scanner v3
"InstallShield_{758C8301-2696-4855-AF45-534B1200980A}" = Samsung Kies
"Kill Winamp_is1" = KillWinamp 1.61
"Malwarebytes' Anti-Malware_is1" = Malwarebytes Anti-Malware Version 1.60.1.1000
"Mozilla Firefox 11.0 (x86 de)" = Mozilla Firefox 11.0 (x86 de)
"NVIDIA Display Control Panel" = NVIDIA Display Control Panel
"NVIDIA Drivers" = NVIDIA Drivers
"ResearchSoft Direct Export Helper" = ResearchSoft Direct Export Helper
"SopCast" = SopCast 3.2.4
"SysInfo" = Creative Systeminformationen
"TrueCrypt" = TrueCrypt
"Uninstaller_B4736000_Creative Media Toolbox 6" = Creative Media Toolbox 6 (Shared Components)
"Veetle TV" = Veetle TV
"VLC media player" = VLC media player 0.9.2
"Winamp" = Winamp
"WinRAR archiver" = WinRAR
"ZoneAlarm Toolbar" = ZoneAlarm Toolbar
 
========== HKEY_USERS Uninstall List ==========
 
[HKEY_USERS\S-1-5-21-610027521-1406275652-907453515-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"Dropbox" = Dropbox
 
========== Last 10 Event Log Errors ==========
 
[ Application Events ]
Error - 09.03.2012 09:21:55 | Computer Name = Tim1-PC | Source = Microsoft-Windows-RestartManager | ID = 10006
Description = Die Anwendung oder der Dienst "ZoneAlarm Toolbar IswSvc" konnte nicht
 heruntergefahren werden.
 
Error - 09.03.2012 09:22:25 | Computer Name = Tim1-PC | Source = Microsoft-Windows-RestartManager | ID = 10006
Description = Die Anwendung oder der Dienst "Check Point Install Utility" konnte
 nicht heruntergefahren werden.
 
Error - 09.03.2012 09:22:25 | Computer Name = Tim1-PC | Source = Microsoft-Windows-RestartManager | ID = 10006
Description = Die Anwendung oder der Dienst "ZoneAlarm Toolbar IswSvc" konnte nicht
 heruntergefahren werden.
 
Error - 09.03.2012 10:29:24 | Computer Name = Tim1-PC | Source = VSS | ID = 12293
Description = 
 
Error - 09.03.2012 13:54:54 | Computer Name = Tim1-PC | Source = Application Hang | ID = 1002
Description = Programm 90s3p25y.exe, Version 1.0.15.15641 kann nicht mehr unter 
Windows ausgeführt werden und wurde beendet. Überprüfen Sie den Problemverlauf in
 der Wartungscenter-Systemsteuerung, um nach weiteren Informationen zum Problem 
zu suchen.    Prozess-ID: ab0    Startzeit: 01ccfe10a1d05704    Endzeit: 63    Anwendungspfad: Z:\Filme\90s3p25y.exe

Berichts-ID:
 f4a884b3-6a10-11e1-8447-00196643e9e2  
 
Error - 09.03.2012 18:02:52 | Computer Name = Tim1-PC | Source = VSS | ID = 12293
Description = 
 
Error - 09.03.2012 18:02:53 | Computer Name = Tim1-PC | Source = VSS | ID = 12293
Description = 
 
Error - 10.03.2012 04:26:03 | Computer Name = Tim1-PC | Source = VSS | ID = 12293
Description = 
 
Error - 10.03.2012 05:04:58 | Computer Name = Tim1-PC | Source = VSS | ID = 12293
Description = 
 
Error - 17.03.2012 06:13:05 | Computer Name = Tim1-PC | Source = Application Hang | ID = 1002
Description = Programm DllHost.exe, Version 6.1.7600.16385 kann nicht mehr unter
 Windows ausgeführt werden und wurde beendet. Überprüfen Sie den Problemverlauf 
in der Wartungscenter-Systemsteuerung, um nach weiteren Informationen zum Problem
 zu suchen.    Prozess-ID: b98    Startzeit: 01cd042683a906fd    Endzeit: 15    Anwendungspfad: 
C:\Windows\system32\DllHost.exe    Berichts-ID: c717001c-7019-11e1-8ef8-00196643e9e2

 
[ OSession Events ]
Error - 07.11.2010 13:48:37 | Computer Name = Tim1-PC | Source = Microsoft Office 12 Sessions | ID = 7001
Description = ID: 6, Application Name: Microsoft Office Outlook, Application Version:
 12.0.4518.1014, Microsoft Office Version: 12.0.4518.1014. This session lasted 0
 seconds with 0 seconds of active time.  This session ended with a crash.
 
[ System Events ]
Error - 17.03.2012 09:43:09 | Computer Name = Tim1-PC | Source = Ntfs | ID = 262281
Description = Auf dem Volume "Z:" konnte der Transaktionsressourcen-Manager aufgrund
 eines nicht wiederholbaren Fehlers nicht gestartet werden. Der Fehlercode ist in
 den Daten enthalten.
 
Error - 17.03.2012 10:33:32 | Computer Name = Tim1-PC | Source = Microsoft-Windows-Kernel-Processor-Power | ID = 6
Description = Einige Funktionen zur Energieverwaltung im Leistungsstatus wurden 
im Prozessor aufgrund eines bekannten Firmwareproblems deaktiviert. Wenden Sie sich
 an den Computerhersteller, um aktualisierte Firmware zu erhalten.
 
Error - 17.03.2012 10:33:45 | Computer Name = Tim1-PC | Source = Service Control Manager | ID = 7000
Description = Der Dienst "ZoneAlarm Toolbar ISWKL" wurde aufgrund folgenden Fehlers
 nicht gestartet:   %%3
 
Error - 17.03.2012 10:33:45 | Computer Name = Tim1-PC | Source = Service Control Manager | ID = 7001
Description = Der Dienst "ZoneAlarm Toolbar IswSvc" ist vom Dienst "ZoneAlarm Toolbar
 ISWKL" abhängig, der aufgrund folgenden Fehlers nicht gestartet wurde:   %%3
 
Error - 17.03.2012 14:17:45 | Computer Name = Tim1-PC | Source = BROWSER | ID = 8032
Description = 
 
Error - 17.03.2012 16:32:39 | Computer Name = Tim1-PC | Source = volsnap | ID = 393252
Description = Die Schattenkopien von Volume "C:" wurden abgebrochen, weil der Schattenkopiespeicher
 nicht auf ein benutzerdefiniertes Limit vergrößert werden konnte.
 
Error - 17.03.2012 18:02:16 | Computer Name = Tim1-PC | Source = Ntfs | ID = 262281
Description = Auf dem Volume "Z:" konnte der Transaktionsressourcen-Manager aufgrund
 eines nicht wiederholbaren Fehlers nicht gestartet werden. Der Fehlercode ist in
 den Daten enthalten.
 
Error - 18.03.2012 03:17:19 | Computer Name = Tim1-PC | Source = Microsoft-Windows-Kernel-Processor-Power | ID = 6
Description = Einige Funktionen zur Energieverwaltung im Leistungsstatus wurden 
im Prozessor aufgrund eines bekannten Firmwareproblems deaktiviert. Wenden Sie sich
 an den Computerhersteller, um aktualisierte Firmware zu erhalten.
 
Error - 18.03.2012 03:17:31 | Computer Name = Tim1-PC | Source = Service Control Manager | ID = 7000
Description = Der Dienst "ZoneAlarm Toolbar ISWKL" wurde aufgrund folgenden Fehlers
 nicht gestartet:   %%3
 
Error - 18.03.2012 03:17:31 | Computer Name = Tim1-PC | Source = Service Control Manager | ID = 7001
Description = Der Dienst "ZoneAlarm Toolbar IswSvc" ist vom Dienst "ZoneAlarm Toolbar
 ISWKL" abhängig, der aufgrund folgenden Fehlers nicht gestartet wurde:   %%3
 
 
< End of report >

--- --- ---

cosinus · 19.03.2012, 16:14

Mach einen OTL-Fix, beende alle evtl. geöffneten Programme, auch Virenscanner deaktivieren (!), starte OTL und kopiere folgenden Text in die "Custom Scan/Fixes" Box (unten in OTL): (das ":OTL" muss mitkopiert werden!!!)

Code:

ATTFilter

:OTL
SRV - (IswSvc) -- C:\Program Files\CheckPoint\ZAForceField\IswSvc.exe File not found
DRV - (ISWKL) -- C:\Program Files\CheckPoint\ZAForceField\ISWKL.sys File not found
DRV - (gel90xne) -- C:\Users\Tim1\AppData\Local\Temp\gel90xne.sys File not found
IE - HKLM\..\URLSearchHook:  - No CLSID value found
IE - HKLM\..\URLSearchHook: {855F3B16-6D32-4fe6-8A56-BBB695989046} - No CLSID value found
IE - HKLM\..\SearchScopes,DefaultScope = {afdbddaa-5d3f-42ee-b79c-185a7020515b}
IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/search?q={searchTerms}&FORM=IE8SRC
IE - HKLM\..\SearchScopes\{afdbddaa-5d3f-42ee-b79c-185a7020515b}: "URL" = http://search.conduit.com/ResultsExt.aspx?q={searchTerms}&SearchSource=4&ctid=CT2613550
IE - HKU\S-1-5-21-610027521-1406275652-907453515-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://start.icq.com/
IE - HKU\S-1-5-21-610027521-1406275652-907453515-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = http://de.msn.com/?ocid=iehp
IE - HKU\S-1-5-21-610027521-1406275652-907453515-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = de
IE - HKU\S-1-5-21-610027521-1406275652-907453515-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = A6 DD F3 2A EE 87 CA 01  [binary data]
IE - HKU\S-1-5-21-610027521-1406275652-907453515-1000\..\URLSearchHook:  - No CLSID value found
IE - HKU\S-1-5-21-610027521-1406275652-907453515-1000\..\URLSearchHook: {fc2b76fc-2132-4d80-a9a3-1f5c6e49066b} - No CLSID value found
IE - HKU\S-1-5-21-610027521-1406275652-907453515-1000\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE - HKU\S-1-5-21-610027521-1406275652-907453515-1000\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/search?q={searchTerms}&src=IE-SearchBox&FORM=IE8SRC
IE - HKU\S-1-5-21-610027521-1406275652-907453515-1000\..\SearchScopes\{6552C7DD-90A4-4387-B795-F8F96747DE19}: "URL" = http://search.icq.com/search/results.php?q={searchTerms}&ch_id=osd
IE - HKU\S-1-5-21-610027521-1406275652-907453515-1000\..\SearchScopes\{AD22EBAF-0D18-4fc7-90CC-5EA0ABBE9EB8}: "URL" = http://www.daemon-search.com/search?q={searchTerms}
IE - HKU\S-1-5-21-610027521-1406275652-907453515-1000\..\SearchScopes\{afdbddaa-5d3f-42ee-b79c-185a7020515b}: "URL" = http://search.conduit.com/ResultsExt.aspx?q={searchTerms}&SearchSource=4&ctid=CT2613550
FF - prefs.js..CommunityToolbar.SearchFromAddressBarSavedUrl: "data:text/plain,keyword.URL=http://de.search.yahoo.com/search?ei=UTF-8&fr=ffpro&type=moz35awe&p="
FF - prefs.js..browser.search.defaultenginename: "ICQ Search"
FF - prefs.js..browser.search.defaulturl: "http://search.icq.com/search/afe_results.php?ch_id=afex&tb_ver=1.2.9&q="
FF - prefs.js..extensions.enabledItems: DTToolbar@toolbarnet.com:1.1.1.0014
FF - prefs.js..extensions.enabledItems: vshare@toolbar:1.0.0
FF - prefs.js..keyword.URL: "http://search.icq.com/search/afe_results.php?ch_id=afex&tb_ver=1.2.9&q="
FF - HKLM\Software\MozillaPlugins\@checkpoint.com/FFApi: C:\Program Files\CheckPoint\ZAForceField\TrustChecker\bin\npFFApi.dll File not found
[2012.03.09 06:49:42 | 000,000,000 | ---D | M] (ZoneAlarm-Sicherheit Community Toolbar) -- C:\Users\Tim1\AppData\Roaming\mozilla\Firefox\Profiles\pbyfwtim.default\extensions\{fc2b76fc-2132-4d80-a9a3-1f5c6e49066b}
[2011.09.13 19:28:08 | 000,000,000 | ---D | M] (Gutscheinrausch.de) -- C:\Users\Tim1\AppData\Roaming\mozilla\Firefox\Profiles\pbyfwtim.default\extensions\e0y2wy1i.ngu
[2010.03.09 20:28:03 | 000,000,000 | ---D | M] (TVU Web Player) -- C:\Users\Tim1\AppData\Roaming\mozilla\Firefox\Profiles\pbyfwtim.default\extensions\firefox@tvunetworks.com
[2010.11.06 15:38:40 | 000,000,000 | ---D | M] (vShare) -- C:\Users\Tim1\AppData\Roaming\mozilla\Firefox\Profiles\pbyfwtim.default\extensions\vshare@toolbar
[2012.01.08 14:31:19 | 000,000,933 | ---- | M] () -- C:\Users\Tim1\AppData\Roaming\Mozilla\Firefox\Profiles\pbyfwtim.default\searchplugins\11-suche.xml
[2009.12.28 21:57:00 | 000,002,055 | ---- | M] () -- C:\Users\Tim1\AppData\Roaming\Mozilla\Firefox\Profiles\pbyfwtim.default\searchplugins\daemon-search.xml
[2012.01.08 14:31:19 | 000,002,419 | ---- | M] () -- C:\Users\Tim1\AppData\Roaming\Mozilla\Firefox\Profiles\pbyfwtim.default\searchplugins\englische-ergebnisse.xml
[2012.01.08 14:31:19 | 000,010,525 | ---- | M] () -- C:\Users\Tim1\AppData\Roaming\Mozilla\Firefox\Profiles\pbyfwtim.default\searchplugins\gmx-suche.xml
[2012.03.16 13:08:37 | 000,000,950 | ---- | M] () -- C:\Users\Tim1\AppData\Roaming\Mozilla\Firefox\Profiles\pbyfwtim.default\searchplugins\icqplugin-1.xml
[2011.03.10 17:49:28 | 000,000,950 | ---- | M] () -- C:\Users\Tim1\AppData\Roaming\Mozilla\Firefox\Profiles\pbyfwtim.default\searchplugins\icqplugin-2.xml
[2011.03.24 07:00:57 | 000,000,950 | ---- | M] () -- C:\Users\Tim1\AppData\Roaming\Mozilla\Firefox\Profiles\pbyfwtim.default\searchplugins\icqplugin-3.xml
[2011.06.13 08:41:17 | 000,000,950 | ---- | M] () -- C:\Users\Tim1\AppData\Roaming\Mozilla\Firefox\Profiles\pbyfwtim.default\searchplugins\icqplugin-4.xml
[2011.07.03 18:32:15 | 000,000,950 | ---- | M] () -- C:\Users\Tim1\AppData\Roaming\Mozilla\Firefox\Profiles\pbyfwtim.default\searchplugins\icqplugin-5.xml
[2011.08.18 11:55:35 | 000,000,950 | ---- | M] () -- C:\Users\Tim1\AppData\Roaming\Mozilla\Firefox\Profiles\pbyfwtim.default\searchplugins\icqplugin-6.xml
[2010.12.10 22:33:23 | 000,001,056 | ---- | M] () -- C:\Users\Tim1\AppData\Roaming\Mozilla\Firefox\Profiles\pbyfwtim.default\searchplugins\icqplugin.xml
[2012.01.08 14:31:19 | 000,002,457 | ---- | M] () -- C:\Users\Tim1\AppData\Roaming\Mozilla\Firefox\Profiles\pbyfwtim.default\searchplugins\lastminute.xml
[2010.11.06 15:38:58 | 000,001,583 | ---- | M] () -- C:\Users\Tim1\AppData\Roaming\Mozilla\Firefox\Profiles\pbyfwtim.default\searchplugins\web-search.xml
[2012.01.08 14:31:19 | 000,005,508 | ---- | M] () -- C:\Users\Tim1\AppData\Roaming\Mozilla\Firefox\Profiles\pbyfwtim.default\searchplugins\webde-suche.xml
O2 - BHO: (ZoneAlarm Security Engine Registrar) - {8A4A36C2-0535-4D2C-BD3D-496CB7EED6E3} - C:\Program Files\CheckPoint\ZAForceField\TrustChecker\bin\TrustCheckerIEPlugin.dll File not found
O2 - BHO: (Avira SearchFree Toolbar plus Web Protection) - {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Programme\Ask.com\GenericAskToolbar.dll (Ask)
O2 - BHO: (Google Gears Helper) - {E0FEFE40-FBF9-42AE-BA58-794CA7E3FB53} - C:\Programme\Google\Google Gears\Internet Explorer\0.5.36.0\gears.dll (Google Inc.)
O3 - HKLM\..\Toolbar: (Avira SearchFree Toolbar plus Web Protection) - {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Programme\Ask.com\GenericAskToolbar.dll (Ask)
O3 - HKLM\..\Toolbar: (ZoneAlarm Security Engine) - {EE2AC4E5-B0B0-4EC6-88A9-BCA1A32AB107} - C:\Program Files\CheckPoint\ZAForceField\TrustChecker\bin\TrustCheckerIEPlugin.dll File not found
O3 - HKU\S-1-5-21-610027521-1406275652-907453515-1000\..\Toolbar\WebBrowser: (no name) - {32099AAC-C132-4136-9E9A-4E364A424E17} - No CLSID value found.
O3 - HKU\S-1-5-21-610027521-1406275652-907453515-1000\..\Toolbar\WebBrowser: (Avira SearchFree Toolbar plus Web Protection) - {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Programme\Ask.com\GenericAskToolbar.dll (Ask)
O3 - HKU\S-1-5-21-610027521-1406275652-907453515-1000\..\Toolbar\WebBrowser: (ZoneAlarm Security Engine) - {EE2AC4E5-B0B0-4EC6-88A9-BCA1A32AB107} - C:\Program Files\CheckPoint\ZAForceField\TrustChecker\bin\TrustCheckerIEPlugin.dll File not found
O4 - HKLM..\Run: []  File not found
O4 - HKLM..\Run: [ApnUpdater] C:\Program Files\Ask.com\Updater\Updater.exe ({StringFileInfo_CompanyName})
O4 - HKLM..\Run: [WinampAgent] Z:\Program Files\Winamp\winampa.exe ()
O4 - HKU\S-1-5-21-610027521-1406275652-907453515-1000..\Run: [AdobeBridge]  File not found
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: PromptOnSecureDesktop = 0
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2009.06.10 22:42:20 | 000,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ]
O33 - MountPoints2\{cdca5e11-de32-11e0-b654-00196643e9e2}\Shell - "" = AutoRun
O33 - MountPoints2\{cdca5e11-de32-11e0-b654-00196643e9e2}\Shell\AutoRun\command - "" = D:\ANNOfinder.exe
[2011.04.23 16:47:15 | 000,000,000 | ---D | M] -- C:\Users\Tim1\AppData\Roaming\CheckPoint
:Commands
[emptytemp]
[resethosts]

Klick dann oben links auf den Button Fix!
Das Logfile müsste geöffnet werden, wenn Du nach dem Fixen auf ok klickst, poste das bitte. Evtl. wird der Rechner neu gestartet.

Die mit diesem Script gefixten Einträge, Dateien und Ordner werden zur Sicherheit nicht vollständig gelöscht, es wird eine Sicherheitskopie auf der Systempartition im Ordner "_OTL" erstellt.

Hinweis: Das obige Script ist nur für diesen einen User in dieser Situtation erstellt worden. Es ist auf keinen anderen Rechner portierbar und darf nicht anderweitig verwandt werden, da es das System nachhaltig schädigen kann!

Tim1987 · 23.03.2012, 13:05

Code:

ATTFilter

All processes killed
========== OTL ==========
Service IswSvc stopped successfully!
Service IswSvc deleted successfully!
File  C:\Program Files\CheckPoint\ZAForceField\IswSvc.exe File not found not found.
Service ISWKL stopped successfully!
Service ISWKL deleted successfully!
File  C:\Program Files\CheckPoint\ZAForceField\ISWKL.sys File not found not found.
Service gel90xne stopped successfully!
Service gel90xne deleted successfully!
File  C:\Users\Tim1\AppData\Local\Temp\gel90xne.sys File not found not found.
Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\URLSearchHooks\\ deleted successfully.
Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\URLSearchHooks\\{855F3B16-6D32-4fe6-8A56-BBB695989046} deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{855F3B16-6D32-4fe6-8A56-BBB695989046}\ not found.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\\DefaultScope| /E : value set successfully!
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{afdbddaa-5d3f-42ee-b79c-185a7020515b}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{afdbddaa-5d3f-42ee-b79c-185a7020515b}\ not found.
HKU\S-1-5-21-610027521-1406275652-907453515-1000\SOFTWARE\Microsoft\Internet Explorer\Main\\Start Page| /E : value set successfully!
HKU\S-1-5-21-610027521-1406275652-907453515-1000\SOFTWARE\Microsoft\Internet Explorer\Main\\Start Page Redirect Cache| /E : value set successfully!
HKU\S-1-5-21-610027521-1406275652-907453515-1000\SOFTWARE\Microsoft\Internet Explorer\Main\\Start Page Redirect Cache AcceptLangs| /E : value set successfully!
HKU\S-1-5-21-610027521-1406275652-907453515-1000\SOFTWARE\Microsoft\Internet Explorer\Main\\Start Page Redirect Cache_TIMESTAMP| /E : value set successfully!
Registry value HKEY_USERS\S-1-5-21-610027521-1406275652-907453515-1000\Software\Microsoft\Internet Explorer\URLSearchHooks\\ deleted successfully.
Registry value HKEY_USERS\S-1-5-21-610027521-1406275652-907453515-1000\Software\Microsoft\Internet Explorer\URLSearchHooks\\{fc2b76fc-2132-4d80-a9a3-1f5c6e49066b} deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{fc2b76fc-2132-4d80-a9a3-1f5c6e49066b}\ not found.
HKEY_USERS\S-1-5-21-610027521-1406275652-907453515-1000\Software\Microsoft\Internet Explorer\SearchScopes\\DefaultScope| /E : value set successfully!
Registry key HKEY_USERS\S-1-5-21-610027521-1406275652-907453515-1000\Software\Microsoft\Internet Explorer\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}\ not found.
Registry key HKEY_USERS\S-1-5-21-610027521-1406275652-907453515-1000\Software\Microsoft\Internet Explorer\SearchScopes\{6552C7DD-90A4-4387-B795-F8F96747DE19}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{6552C7DD-90A4-4387-B795-F8F96747DE19}\ not found.
Registry key HKEY_USERS\S-1-5-21-610027521-1406275652-907453515-1000\Software\Microsoft\Internet Explorer\SearchScopes\{AD22EBAF-0D18-4fc7-90CC-5EA0ABBE9EB8}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{AD22EBAF-0D18-4fc7-90CC-5EA0ABBE9EB8}\ not found.
Registry key HKEY_USERS\S-1-5-21-610027521-1406275652-907453515-1000\Software\Microsoft\Internet Explorer\SearchScopes\{afdbddaa-5d3f-42ee-b79c-185a7020515b}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{afdbddaa-5d3f-42ee-b79c-185a7020515b}\ not found.
Prefs.js: "data:text/plain,keyword.URL=hxxp://de.search.yahoo.com/search?ei=UTF-8&fr=ffpro&type=moz35awe&p=" removed from CommunityToolbar.SearchFromAddressBarSavedUrl
Prefs.js: "ICQ Search" removed from browser.search.defaultenginename
Prefs.js: "hxxp://search.icq.com/search/afe_results.php?ch_id=afex&tb_ver=1.2.9&q=" removed from browser.search.defaulturl
Prefs.js: DTToolbar@toolbarnet.com:1.1.1.0014 removed from extensions.enabledItems
Prefs.js: vshare@toolbar:1.0.0 removed from extensions.enabledItems
Prefs.js: "hxxp://search.icq.com/search/afe_results.php?ch_id=afex&tb_ver=1.2.9&q=" removed from keyword.URL
Registry key HKEY_LOCAL_MACHINE\Software\MozillaPlugins\@checkpoint.com/FFApi\ deleted successfully.
C:\Users\Tim1\AppData\Roaming\mozilla\Firefox\Profiles\pbyfwtim.default\extensions\{fc2b76fc-2132-4d80-a9a3-1f5c6e49066b}\searchplugin folder moved successfully.
C:\Users\Tim1\AppData\Roaming\mozilla\Firefox\Profiles\pbyfwtim.default\extensions\{fc2b76fc-2132-4d80-a9a3-1f5c6e49066b}\modules folder moved successfully.
C:\Users\Tim1\AppData\Roaming\mozilla\Firefox\Profiles\pbyfwtim.default\extensions\{fc2b76fc-2132-4d80-a9a3-1f5c6e49066b}\META-INF folder moved successfully.
C:\Users\Tim1\AppData\Roaming\mozilla\Firefox\Profiles\pbyfwtim.default\extensions\{fc2b76fc-2132-4d80-a9a3-1f5c6e49066b}\defaults folder moved successfully.
C:\Users\Tim1\AppData\Roaming\mozilla\Firefox\Profiles\pbyfwtim.default\extensions\{fc2b76fc-2132-4d80-a9a3-1f5c6e49066b}\components folder moved successfully.
C:\Users\Tim1\AppData\Roaming\mozilla\Firefox\Profiles\pbyfwtim.default\extensions\{fc2b76fc-2132-4d80-a9a3-1f5c6e49066b}\chrome folder moved successfully.
C:\Users\Tim1\AppData\Roaming\mozilla\Firefox\Profiles\pbyfwtim.default\extensions\{fc2b76fc-2132-4d80-a9a3-1f5c6e49066b} folder moved successfully.
C:\Users\Tim1\AppData\Roaming\mozilla\Firefox\Profiles\pbyfwtim.default\extensions\e0y2wy1i.ngu\chrome\content\skin folder moved successfully.
C:\Users\Tim1\AppData\Roaming\mozilla\Firefox\Profiles\pbyfwtim.default\extensions\e0y2wy1i.ngu\chrome\content folder moved successfully.
C:\Users\Tim1\AppData\Roaming\mozilla\Firefox\Profiles\pbyfwtim.default\extensions\e0y2wy1i.ngu\chrome folder moved successfully.
C:\Users\Tim1\AppData\Roaming\mozilla\Firefox\Profiles\pbyfwtim.default\extensions\e0y2wy1i.ngu folder moved successfully.
C:\Users\Tim1\AppData\Roaming\mozilla\Firefox\Profiles\pbyfwtim.default\extensions\firefox@tvunetworks.com\plugins folder moved successfully.
C:\Users\Tim1\AppData\Roaming\mozilla\Firefox\Profiles\pbyfwtim.default\extensions\firefox@tvunetworks.com folder moved successfully.
C:\Users\Tim1\AppData\Roaming\mozilla\Firefox\Profiles\pbyfwtim.default\extensions\vshare@toolbar\modules folder moved successfully.
C:\Users\Tim1\AppData\Roaming\mozilla\Firefox\Profiles\pbyfwtim.default\extensions\vshare@toolbar\locale\en-US folder moved successfully.
C:\Users\Tim1\AppData\Roaming\mozilla\Firefox\Profiles\pbyfwtim.default\extensions\vshare@toolbar\locale folder moved successfully.
C:\Users\Tim1\AppData\Roaming\mozilla\Firefox\Profiles\pbyfwtim.default\extensions\vshare@toolbar\components folder moved successfully.
C:\Users\Tim1\AppData\Roaming\mozilla\Firefox\Profiles\pbyfwtim.default\extensions\vshare@toolbar\chrome folder moved successfully.
C:\Users\Tim1\AppData\Roaming\mozilla\Firefox\Profiles\pbyfwtim.default\extensions\vshare@toolbar folder moved successfully.
C:\Users\Tim1\AppData\Roaming\Mozilla\Firefox\Profiles\pbyfwtim.default\searchplugins\11-suche.xml moved successfully.
C:\Users\Tim1\AppData\Roaming\Mozilla\Firefox\Profiles\pbyfwtim.default\searchplugins\daemon-search.xml moved successfully.
C:\Users\Tim1\AppData\Roaming\Mozilla\Firefox\Profiles\pbyfwtim.default\searchplugins\englische-ergebnisse.xml moved successfully.
C:\Users\Tim1\AppData\Roaming\Mozilla\Firefox\Profiles\pbyfwtim.default\searchplugins\gmx-suche.xml moved successfully.
C:\Users\Tim1\AppData\Roaming\Mozilla\Firefox\Profiles\pbyfwtim.default\searchplugins\icqplugin-1.xml moved successfully.
C:\Users\Tim1\AppData\Roaming\Mozilla\Firefox\Profiles\pbyfwtim.default\searchplugins\icqplugin-2.xml moved successfully.
C:\Users\Tim1\AppData\Roaming\Mozilla\Firefox\Profiles\pbyfwtim.default\searchplugins\icqplugin-3.xml moved successfully.
C:\Users\Tim1\AppData\Roaming\Mozilla\Firefox\Profiles\pbyfwtim.default\searchplugins\icqplugin-4.xml moved successfully.
C:\Users\Tim1\AppData\Roaming\Mozilla\Firefox\Profiles\pbyfwtim.default\searchplugins\icqplugin-5.xml moved successfully.
C:\Users\Tim1\AppData\Roaming\Mozilla\Firefox\Profiles\pbyfwtim.default\searchplugins\icqplugin-6.xml moved successfully.
C:\Users\Tim1\AppData\Roaming\Mozilla\Firefox\Profiles\pbyfwtim.default\searchplugins\icqplugin.xml moved successfully.
C:\Users\Tim1\AppData\Roaming\Mozilla\Firefox\Profiles\pbyfwtim.default\searchplugins\lastminute.xml moved successfully.
C:\Users\Tim1\AppData\Roaming\Mozilla\Firefox\Profiles\pbyfwtim.default\searchplugins\web-search.xml moved successfully.
C:\Users\Tim1\AppData\Roaming\Mozilla\Firefox\Profiles\pbyfwtim.default\searchplugins\webde-suche.xml moved successfully.
Registry key HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{8A4A36C2-0535-4D2C-BD3D-496CB7EED6E3}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{8A4A36C2-0535-4D2C-BD3D-496CB7EED6E3}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{D4027C7F-154A-4066-A1AD-4243D8127440}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{D4027C7F-154A-4066-A1AD-4243D8127440}\ deleted successfully.
C:\Programme\Ask.com\GenericAskToolbar.dll moved successfully.
Registry key HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{E0FEFE40-FBF9-42AE-BA58-794CA7E3FB53}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{E0FEFE40-FBF9-42AE-BA58-794CA7E3FB53}\ deleted successfully.
C:\Programme\Google\Google Gears\Internet Explorer\0.5.36.0\gears.dll moved successfully.
Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Toolbar\\{D4027C7F-154A-4066-A1AD-4243D8127440} deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{D4027C7F-154A-4066-A1AD-4243D8127440}\ not found.
File C:\Programme\Ask.com\GenericAskToolbar.dll not found.
Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Toolbar\\{EE2AC4E5-B0B0-4EC6-88A9-BCA1A32AB107} deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{EE2AC4E5-B0B0-4EC6-88A9-BCA1A32AB107}\ deleted successfully.
Registry value HKEY_USERS\S-1-5-21-610027521-1406275652-907453515-1000\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\\{32099AAC-C132-4136-9E9A-4E364A424E17} deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{32099AAC-C132-4136-9E9A-4E364A424E17}\ not found.
Registry value HKEY_USERS\S-1-5-21-610027521-1406275652-907453515-1000\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\\{D4027C7F-154A-4066-A1AD-4243D8127440} deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{D4027C7F-154A-4066-A1AD-4243D8127440}\ not found.
File C:\Programme\Ask.com\GenericAskToolbar.dll not found.
Registry value HKEY_USERS\S-1-5-21-610027521-1406275652-907453515-1000\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\\{EE2AC4E5-B0B0-4EC6-88A9-BCA1A32AB107} deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{EE2AC4E5-B0B0-4EC6-88A9-BCA1A32AB107}\ not found.
Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run\\ deleted successfully.
Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run\\ApnUpdater deleted successfully.
C:\Programme\Ask.com\Updater\Updater.exe moved successfully.
Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run\\WinampAgent deleted successfully.
Z:\Program Files\Winamp\winampa.exe moved successfully.
Registry value HKEY_USERS\S-1-5-21-610027521-1406275652-907453515-1000\Software\Microsoft\Windows\CurrentVersion\Run\\AdobeBridge deleted successfully.
Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\\ConsentPromptBehaviorAdmin deleted successfully.
Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\\ConsentPromptBehaviorUser deleted successfully.
Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\\PromptOnSecureDesktop deleted successfully.
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Cdrom\\AutoRun|DWORD:1 /E : value set successfully!
C:\autoexec.bat moved successfully.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{cdca5e11-de32-11e0-b654-00196643e9e2}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{cdca5e11-de32-11e0-b654-00196643e9e2}\ not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{cdca5e11-de32-11e0-b654-00196643e9e2}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{cdca5e11-de32-11e0-b654-00196643e9e2}\ not found.
File D:\ANNOfinder.exe not found.
C:\Users\Tim1\AppData\Roaming\CheckPoint\ZoneAlarm Toolbar\TrustChecker folder moved successfully.
C:\Users\Tim1\AppData\Roaming\CheckPoint\ZoneAlarm Toolbar\PTPCACHE folder moved successfully.
C:\Users\Tim1\AppData\Roaming\CheckPoint\ZoneAlarm Toolbar folder moved successfully.
C:\Users\Tim1\AppData\Roaming\CheckPoint folder moved successfully.
========== COMMANDS ==========
 
[EMPTYTEMP]
 
User: All Users
 
User: Default
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 400807 bytes
 
User: Default User
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
 
User: Public
 
User: Tim1
->Temp folder emptied: 95639732 bytes
->Temporary Internet Files folder emptied: 157838648 bytes
->Java cache emptied: 33815964 bytes
->FireFox cache emptied: 238429491 bytes
->Google Chrome cache emptied: 6234651 bytes
->Flash cache emptied: 1953038 bytes
 
%systemdrive% .tmp files removed: 0 bytes
%systemroot% .tmp files removed: 0 bytes
%systemroot%\System32 .tmp files removed: 1564672 bytes
%systemroot%\System32\drivers .tmp files removed: 0 bytes
Windows Temp folder emptied: 26117610 bytes
RecycleBin emptied: 0 bytes
 
Total Files Cleaned = 536,00 mb
 
C:\Windows\System32\drivers\etc\Hosts moved successfully.
HOSTS file reset successfully
 
OTL by OldTimer - Version 3.2.39.1 log created on 03232012_125559

cosinus · 23.03.2012, 21:27

Bitte nun (im normalen Windows-Modus) dieses Tool von Kaspersky (TDSS-Killer) ausführen und das Log posten => http://www.trojaner-board.de/82358-t...entfernen.html

Hinweis: Bitte den Virenscanner abstellen bevor du den TDSS-Killer ausführst, denn v.a. Avira meldet im TDSS-Tool oft einen Fehalalrm!

Das Tool so einstellen wie unten im Bild angegeben - klick auf change parameters und setze die Haken wie im folgenden Screenshot abgebildet,
Dann auf Start Scan klicken und wenn es durch ist auf den Button Report klicken um das Log anzuzeigen. Dieses bitte komplett posten.
Wenn du das Log nicht findest oder den Inhalt kopieren und in dein Posting übertragen kannst, dann schau bitte direkt auf deiner Windows-Systempartition (meistens Laufwerk C

nach, da speichert der TDSS-Killer seine Logs.

Hinweis: Bitte nichts voreilig mit dem TDSS-Killer löschen! Falls Objekte vom TDSS-Killer bemängelt werden, alle mit der Aktion "skip" behandeln und hier nur das Log posten!

Tim1987 · 24.03.2012, 07:44

Code:

ATTFilter

07:40:33.0479 1968	TDSS rootkit removing tool 2.7.22.0 Mar 21 2012 17:40:00
07:40:33.0831 1968	============================================================
07:40:33.0831 1968	Current date / time: 2012/03/24 07:40:33.0831
07:40:33.0831 1968	SystemInfo:
07:40:33.0831 1968	
07:40:33.0831 1968	OS Version: 6.1.7600 ServicePack: 0.0
07:40:33.0831 1968	Product type: Workstation
07:40:33.0832 1968	ComputerName: TIM1-PC
07:40:33.0832 1968	UserName: Tim1
07:40:33.0832 1968	Windows directory: C:\Windows
07:40:33.0832 1968	System windows directory: C:\Windows
07:40:33.0832 1968	Processor architecture: Intel x86
07:40:33.0832 1968	Number of processors: 2
07:40:33.0832 1968	Page size: 0x1000
07:40:33.0832 1968	Boot type: Normal boot
07:40:33.0832 1968	============================================================
07:40:35.0671 1968	Drive \Device\Harddisk0\DR0 - Size: 0xE51424000 (57.27 Gb), SectorSize: 0x200, Cylinders: 0xF83A, SectorsPerTrack: 0xE, TracksPerCylinder: 0x87, Type 'K0', Flags 0x00000050
07:40:35.0673 1968	\Device\Harddisk0\DR0:
07:40:35.0673 1968	MBR used
07:40:35.0673 1968	\Device\Harddisk0\DR0\Partition0: MBR, Type 0x6, StartLBA 0x800, BlocksNum 0x5349000
07:40:35.0673 1968	\Device\Harddisk0\DR0\Partition1: MBR, Type 0x7, StartLBA 0x534A000, BlocksNum 0x1F3F800
07:40:35.0705 1968	Initialize success
07:40:35.0705 1968	============================================================
07:41:28.0185 1728	============================================================
07:41:28.0185 1728	Scan started
07:41:28.0185 1728	Mode: Manual; SigCheck; TDLFS; 
07:41:28.0185 1728	============================================================
07:41:29.0006 1728	1394ohci        (6d2aca41739bfe8cb86ee8e85f29697d) C:\Windows\system32\DRIVERS\1394ohci.sys
07:41:29.0071 1728	1394ohci - ok
07:41:29.0189 1728	ACPI            (f0e07d144c8685b8774bc32fc8da4df0) C:\Windows\system32\DRIVERS\ACPI.sys
07:41:29.0207 1728	ACPI - ok
07:41:29.0310 1728	AcpiPmi         (98d81ca942d19f7d9153b095162ac013) C:\Windows\system32\DRIVERS\acpipmi.sys
07:41:29.0336 1728	AcpiPmi - ok
07:41:29.0451 1728	adp94xx         (21e785ebd7dc90a06391141aac7892fb) C:\Windows\system32\DRIVERS\adp94xx.sys
07:41:29.0471 1728	adp94xx - ok
07:41:29.0802 1728	adpahci         (0c676bc278d5b59ff5abd57bbe9123f2) C:\Windows\system32\DRIVERS\adpahci.sys
07:41:29.0856 1728	adpahci - ok
07:41:29.0963 1728	adpu320         (7c7b5ee4b7b822ec85321fe23a27db33) C:\Windows\system32\DRIVERS\adpu320.sys
07:41:29.0977 1728	adpu320 - ok
07:41:30.0073 1728	AeLookupSvc     (8b5eefeec1e6d1a72a06c526628ad161) C:\Windows\System32\aelupsvc.dll
07:41:30.0115 1728	AeLookupSvc - ok
07:41:30.0227 1728	AFD             (ddc040fdb01ef1712a6b13e52afb104c) C:\Windows\system32\drivers\afd.sys
07:41:30.0285 1728	AFD - ok
07:41:30.0408 1728	agp440          (507812c3054c21cef746b6ee3d04dd6e) C:\Windows\system32\DRIVERS\agp440.sys
07:41:30.0418 1728	agp440 - ok
07:41:30.0533 1728	aic78xx         (8b30250d573a8f6b4bd23195160d8707) C:\Windows\system32\DRIVERS\djsvs.sys
07:41:30.0543 1728	aic78xx - ok
07:41:30.0655 1728	ALG             (18a54e132947cd98fea9accc57f98f13) C:\Windows\System32\alg.exe
07:41:30.0705 1728	ALG - ok
07:41:30.0796 1728	aliide          (0d40bcf52ea90fc7df2aeab6503dea44) C:\Windows\system32\DRIVERS\aliide.sys
07:41:30.0806 1728	aliide - ok
07:41:30.0912 1728	amdagp          (3c6600a0696e90a463771c7422e23ab5) C:\Windows\system32\DRIVERS\amdagp.sys
07:41:30.0922 1728	amdagp - ok
07:41:31.0026 1728	amdide          (cd5914170297126b6266860198d1d4f0) C:\Windows\system32\DRIVERS\amdide.sys
07:41:31.0035 1728	amdide - ok
07:41:31.0151 1728	AmdK8           (00dda200d71bac534bf56a9db5dfd666) C:\Windows\system32\DRIVERS\amdk8.sys
07:41:31.0175 1728	AmdK8 - ok
07:41:31.0270 1728	AmdPPM          (3cbf30f5370fda40dd3e87df38ea53b6) C:\Windows\system32\DRIVERS\amdppm.sys
07:41:31.0301 1728	AmdPPM - ok
07:41:31.0403 1728	amdsata         (2101a86c25c154f8314b24ef49d7fbc2) C:\Windows\system32\DRIVERS\amdsata.sys
07:41:31.0416 1728	amdsata - ok
07:41:31.0525 1728	amdsbs          (ea43af0c423ff267355f74e7a53bdaba) C:\Windows\system32\DRIVERS\amdsbs.sys
07:41:31.0541 1728	amdsbs - ok
07:41:31.0639 1728	amdxata         (b81c2b5616f6420a9941ea093a92b150) C:\Windows\system32\DRIVERS\amdxata.sys
07:41:31.0648 1728	amdxata - ok
07:41:31.0758 1728	AntiVirSchedulerService (a122d68ea2541453f787f341877cb40b) C:\Program Files\Avira\AntiVir Desktop\sched.exe
07:41:31.0794 1728	AntiVirSchedulerService - ok
07:41:31.0908 1728	AntiVirService  (2fe359edeb34efcf42574752f8aebd3f) C:\Program Files\Avira\AntiVir Desktop\avguard.exe
07:41:31.0916 1728	AntiVirService - ok
07:41:32.0031 1728	AntiVirWebService (cc62fdc25725267a702f48c90c5cdf31) C:\Program Files\Avira\AntiVir Desktop\AVWEBGRD.EXE
07:41:32.0047 1728	AntiVirWebService - ok
07:41:32.0164 1728	AppID           (feb834c02ce1e84b6a38f953ca067706) C:\Windows\system32\drivers\appid.sys
07:41:32.0201 1728	AppID - ok
07:41:32.0294 1728	AppIDSvc        (62a9c86cb6085e20db4823e4e97826f5) C:\Windows\System32\appidsvc.dll
07:41:32.0336 1728	AppIDSvc - ok
07:41:32.0427 1728	Appinfo         (7dead9e3f65dcb2794f2711003bbf650) C:\Windows\System32\appinfo.dll
07:41:32.0465 1728	Appinfo - ok
07:41:32.0569 1728	AppMgmt         (a45d184df6a8803da13a0b329517a64a) C:\Windows\System32\appmgmts.dll
07:41:32.0606 1728	AppMgmt - ok
07:41:32.0712 1728	arc             (2932004f49677bd84dbc72edb754ffb3) C:\Windows\system32\DRIVERS\arc.sys
07:41:32.0724 1728	arc - ok
07:41:32.0816 1728	arcsas          (5d6f36c46fd283ae1b57bd2e9feb0bc7) C:\Windows\system32\DRIVERS\arcsas.sys
07:41:32.0827 1728	arcsas - ok
07:41:32.0932 1728	AsyncMac        (add2ade1c2b285ab8378d2daaf991481) C:\Windows\system32\DRIVERS\asyncmac.sys
07:41:33.0004 1728	AsyncMac - ok
07:41:33.0116 1728	atapi           (338c86357871c167a96ab976519bf59e) C:\Windows\system32\DRIVERS\atapi.sys
07:41:33.0125 1728	atapi - ok
07:41:33.0235 1728	AudioEndpointBuilder (510c873bfa135aa829f4180352772734) C:\Windows\System32\Audiosrv.dll
07:41:33.0283 1728	AudioEndpointBuilder - ok
07:41:33.0296 1728	Audiosrv        (510c873bfa135aa829f4180352772734) C:\Windows\System32\Audiosrv.dll
07:41:33.0333 1728	Audiosrv - ok
07:41:33.0460 1728	avgntflt        (7713e4eb0276702faa08e52a6e23f2a6) C:\Windows\system32\DRIVERS\avgntflt.sys
07:41:33.0925 1728	avgntflt - ok
07:41:34.0056 1728	avipbb          (13b02b9b969dde270cd7c351203dad3c) C:\Windows\system32\DRIVERS\avipbb.sys
07:41:34.0067 1728	avipbb - ok
07:41:34.0210 1728	avkmgr          (271cfd1a989209b1964e24d969552bf7) C:\Windows\system32\DRIVERS\avkmgr.sys
07:41:34.0219 1728	avkmgr - ok
07:41:34.0304 1728	AxInstSV        (dd6a431b43e34b91a767d1ce33728175) C:\Windows\System32\AxInstSV.dll
07:41:34.0361 1728	AxInstSV - ok
07:41:34.0476 1728	b06bdrv         (1a231abec60fd316ec54c66715543cec) C:\Windows\system32\DRIVERS\bxvbdx.sys
07:41:34.0506 1728	b06bdrv - ok
07:41:34.0604 1728	b57nd60x        (bd8869eb9cde6bbe4508d869929869ee) C:\Windows\system32\DRIVERS\b57nd60x.sys
07:41:34.0637 1728	b57nd60x - ok
07:41:34.0757 1728	BDESVC          (ee1e9c3bb8228ae423dd38db69128e71) C:\Windows\System32\bdesvc.dll
07:41:34.0785 1728	BDESVC - ok
07:41:34.0921 1728	Beep            (505506526a9d467307b3c393dedaf858) C:\Windows\system32\drivers\Beep.sys
07:41:34.0960 1728	Beep - ok
07:41:35.0067 1728	BFE             (85ac71c045ceb054ed48a7841aae0c11) C:\Windows\System32\bfe.dll
07:41:35.0116 1728	BFE - ok
07:41:35.0218 1728	BITS            (53f476476f55a27f580661bde09c4ec4) C:\Windows\System32\qmgr.dll
07:41:35.0275 1728	BITS - ok
07:41:35.0369 1728	blbdrive        (2287078ed48fcfc477b05b20cf38f36f) C:\Windows\system32\DRIVERS\blbdrive.sys
07:41:35.0389 1728	blbdrive - ok
07:41:35.0525 1728	bowser          (fcafaef6798d7b51ff029f99a9898961) C:\Windows\system32\DRIVERS\bowser.sys
07:41:35.0568 1728	bowser - ok
07:41:35.0657 1728	BrFiltLo        (9f9acc7f7ccde8a15c282d3f88b43309) C:\Windows\system32\DRIVERS\BrFiltLo.sys
07:41:35.0680 1728	BrFiltLo - ok
07:41:35.0777 1728	BrFiltUp        (56801ad62213a41f6497f96dee83755a) C:\Windows\system32\DRIVERS\BrFiltUp.sys
07:41:35.0805 1728	BrFiltUp - ok
07:41:35.0889 1728	Browser         (598e1280e7ff3744f4b8329366cc5635) C:\Windows\System32\browser.dll
07:41:35.0919 1728	Browser - ok
07:41:36.0034 1728	Brserid         (845b8ce732e67f3b4133164868c666ea) C:\Windows\System32\Drivers\Brserid.sys
07:41:36.0076 1728	Brserid - ok
07:41:36.0202 1728	BrSerWdm        (203f0b1e73adadbbb7b7b1fabd901f6b) C:\Windows\System32\Drivers\BrSerWdm.sys
07:41:36.0228 1728	BrSerWdm - ok
07:41:36.0320 1728	BrUsbMdm        (bd456606156ba17e60a04e18016ae54b) C:\Windows\System32\Drivers\BrUsbMdm.sys
07:41:36.0343 1728	BrUsbMdm - ok
07:41:36.0443 1728	BrUsbSer        (af72ed54503f717a43268b3cc5faec2e) C:\Windows\System32\Drivers\BrUsbSer.sys
07:41:36.0468 1728	BrUsbSer - ok
07:41:36.0570 1728	BTHMODEM        (ed3df7c56ce0084eb2034432fc56565a) C:\Windows\system32\DRIVERS\bthmodem.sys
07:41:36.0596 1728	BTHMODEM - ok
07:41:36.0682 1728	bthserv         (1df19c96eef6c29d1c3e1a8678e07190) C:\Windows\system32\bthserv.dll
07:41:36.0721 1728	bthserv - ok
07:41:36.0827 1728	cdfs            (77ea11b065e0a8ab902d78145ca51e10) C:\Windows\system32\DRIVERS\cdfs.sys
07:41:36.0873 1728	cdfs - ok
07:41:36.0976 1728	cdrom           (ba6e70aa0e6091bc39de29477d866a77) C:\Windows\system32\DRIVERS\cdrom.sys
07:41:37.0003 1728	cdrom - ok
07:41:37.0090 1728	CertPropSvc     (628a9e30ec5e18dd5de6be4dbdc12198) C:\Windows\System32\certprop.dll
07:41:37.0143 1728	CertPropSvc - ok
07:41:37.0255 1728	circlass        (3fe3fe94a34df6fb06e6418d0f6a0060) C:\Windows\system32\DRIVERS\circlass.sys
07:41:37.0287 1728	circlass - ok
07:41:37.0378 1728	CLFS            (635181e0e9bbf16871bf5380d71db02d) C:\Windows\system32\CLFS.sys
07:41:37.0396 1728	CLFS - ok
07:41:37.0486 1728	clr_optimization_v2.0.50727_32 (d88040f816fda31c3b466f0fa0918f29) C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe
07:41:37.0498 1728	clr_optimization_v2.0.50727_32 - ok
07:41:37.0576 1728	CmBatt          (dea805815e587dad1dd2c502220b5616) C:\Windows\system32\DRIVERS\CmBatt.sys
07:41:37.0587 1728	CmBatt - ok
07:41:37.0685 1728	cmdide          (c537b1db64d495b9b4717b4d6d9edbf2) C:\Windows\system32\DRIVERS\cmdide.sys
07:41:37.0694 1728	cmdide - ok
07:41:37.0811 1728	CNG             (1b675691ed940766149c93e8f4488d68) C:\Windows\system32\Drivers\cng.sys
07:41:37.0845 1728	CNG - ok
07:41:37.0945 1728	Compbatt        (a6023d3823c37043986713f118a89bee) C:\Windows\system32\DRIVERS\compbatt.sys
07:41:37.0955 1728	Compbatt - ok
07:41:38.0058 1728	CompositeBus    (f1724ba27e97d627f808fb0ba77a28a6) C:\Windows\system32\DRIVERS\CompositeBus.sys
07:41:38.0073 1728	CompositeBus - ok
07:41:38.0146 1728	COMSysApp - ok
07:41:38.0193 1728	crcdisk         (2c4ebcfc84a9b44f209dff6c6e6c61d1) C:\Windows\system32\DRIVERS\crcdisk.sys
07:41:38.0203 1728	crcdisk - ok
07:41:38.0263 1728	Creative Audio Engine Licensing Service (c0ead9f8ab83d41ff07303c75589c2b8) C:\Program Files\Common Files\Creative Labs Shared\Service\CTAELicensing.exe
07:41:38.0281 1728	Creative Audio Engine Licensing Service ( UnsignedFile.Multi.Generic ) - warning
07:41:38.0281 1728	Creative Audio Engine Licensing Service - detected UnsignedFile.Multi.Generic (1)
07:41:38.0317 1728	Creative Media Toolbox 6 Licensing Service (d03466c36ef0e5c7694ff38b45271d9d) C:\Program Files\Common Files\Creative Labs Shared\Service\MT6Licensing.exe
07:41:38.0341 1728	Creative Media Toolbox 6 Licensing Service ( UnsignedFile.Multi.Generic ) - warning
07:41:38.0341 1728	Creative Media Toolbox 6 Licensing Service - detected UnsignedFile.Multi.Generic (1)
07:41:38.0441 1728	CryptSvc        (9c231178ce4fb385f4b54b0a9080b8a4) C:\Windows\system32\cryptsvc.dll
07:41:38.0483 1728	CryptSvc - ok
07:41:38.0586 1728	CSC             (27c9490bdd0ae48911ab8cf1932591ed) C:\Windows\system32\drivers\csc.sys
07:41:38.0616 1728	CSC - ok
07:41:38.0709 1728	CscService      (56fb5f222ea30d3d3fc459879772cb73) C:\Windows\System32\cscsvc.dll
07:41:38.0740 1728	CscService - ok
07:41:38.0851 1728	CVirtA          (b5ecadf7708960f1818c7fa015f4c239) C:\Windows\system32\DRIVERS\CVirtA.sys
07:41:38.0876 1728	CVirtA - ok
07:41:38.0969 1728	DcomLaunch      (b82cd39e336973359d7c9bf911e8e84f) C:\Windows\system32\rpcss.dll
07:41:39.0020 1728	DcomLaunch - ok
07:41:39.0107 1728	defragsvc       (8d6e10a2d9a5eed59562d9b82cf804e1) C:\Windows\System32\defragsvc.dll
07:41:39.0152 1728	defragsvc - ok
07:41:39.0256 1728	DfsC            (8e09e52ee2e3ceb199ef3dd99cf9e3fb) C:\Windows\system32\Drivers\dfsc.sys
07:41:39.0298 1728	DfsC - ok
07:41:39.0417 1728	dg_ssudbus      (919f338fd36f47d860775368d0748780) C:\Windows\system32\DRIVERS\ssudbus.sys
07:41:39.0427 1728	dg_ssudbus - ok
07:41:39.0525 1728	Dhcp            (c56495fbd770712367cad35e5de72da6) C:\Windows\system32\dhcpcore.dll
07:41:39.0543 1728	Dhcp - ok
07:41:39.0629 1728	discache        (1a050b0274bfb3890703d490f330c0da) C:\Windows\system32\drivers\discache.sys
07:41:39.0668 1728	discache - ok
07:41:39.0778 1728	Disk            (565003f326f99802e68ca78f2a68e9ff) C:\Windows\system32\DRIVERS\disk.sys
07:41:39.0789 1728	Disk - ok
07:41:39.0911 1728	DNE             (b5aa5aa5ac327bd7c1aec0c58f0c1144) C:\Windows\system32\DRIVERS\dne2000.sys
07:41:39.0966 1728	DNE - ok
07:41:40.0173 1728	Dnscache        (d0722e963d3c6145446874241401b209) C:\Windows\System32\dnsrslvr.dll
07:41:40.0215 1728	Dnscache - ok
07:41:40.0305 1728	dot3svc         (4408c85c21eea48eb0ce486baeef0502) C:\Windows\System32\dot3svc.dll
07:41:40.0351 1728	dot3svc - ok
07:41:40.0430 1728	DPS             (7fa81c6e11caa594adb52084da73a1e5) C:\Windows\system32\dps.dll
07:41:40.0468 1728	DPS - ok
07:41:40.0576 1728	drmkaud         (b918e7c5f9bf77202f89e1a9539f2eb4) C:\Windows\system32\drivers\drmkaud.sys
07:41:40.0601 1728	drmkaud - ok
07:41:40.0732 1728	DXGKrnl         (39806cfeddcc55e686a49bccd2972f23) C:\Windows\System32\drivers\dxgkrnl.sys
07:41:40.0787 1728	DXGKrnl - ok
07:41:40.0865 1728	EapHost         (8600142fa91c1b96367d3300ad0f3f3a) C:\Windows\System32\eapsvc.dll
07:41:40.0909 1728	EapHost - ok
07:41:41.0180 1728	ebdrv           (024e1b5cac09731e4d868e64dbfb4ab0) C:\Windows\system32\DRIVERS\evbdx.sys
07:41:41.0359 1728	ebdrv - ok
07:41:41.0426 1728	EFS             (f42309c4191c506b71db5d1126d26318) C:\Windows\System32\lsass.exe
07:41:41.0448 1728	EFS - ok
07:41:41.0531 1728	ehRecvr         (3a74a6e33685662b125a3269b1f2114f) C:\Windows\ehome\ehRecvr.exe
07:41:41.0573 1728	ehRecvr - ok
07:41:41.0626 1728	ehSched         (d389bff34f80caede417bf9d1507996a) C:\Windows\ehome\ehsched.exe
07:41:41.0648 1728	ehSched - ok
07:41:41.0786 1728	elxstor         (0ed67910c8c326796faa00b2bf6d9d3c) C:\Windows\system32\DRIVERS\elxstor.sys
07:41:41.0807 1728	elxstor - ok
07:41:41.0910 1728	ErrDev          (8fc3208352dd3912c94367a206ab3f11) C:\Windows\system32\DRIVERS\errdev.sys
07:41:41.0930 1728	ErrDev - ok
07:41:42.0027 1728	EventSystem     (f6916efc29d9953d5d0df06882ae8e16) C:\Windows\system32\es.dll
07:41:42.0073 1728	EventSystem - ok
07:41:42.0182 1728	exfat           (2dc9108d74081149cc8b651d3a26207f) C:\Windows\system32\drivers\exfat.sys
07:41:42.0213 1728	exfat - ok
07:41:42.0321 1728	fastfat         (7e0ab74553476622fb6ae36f73d97d35) C:\Windows\system32\drivers\fastfat.sys
07:41:42.0364 1728	fastfat - ok
07:41:42.0461 1728	Fax             (f7ea23cc5e6bf2181f3f399d54f6efc1) C:\Windows\system32\fxssvc.exe
07:41:42.0509 1728	Fax - ok
07:41:42.0611 1728	fdc             (e817a017f82df2a1f8cfdbda29388b29) C:\Windows\system32\DRIVERS\fdc.sys
07:41:42.0629 1728	fdc - ok
07:41:42.0705 1728	fdPHost         (f3222c893bd2f5821a0179e5c71e88fb) C:\Windows\system32\fdPHost.dll
07:41:42.0749 1728	fdPHost - ok
07:41:42.0827 1728	FDResPub        (7dbe8cbfe79efbdeb98c9fb08d3a9a5b) C:\Windows\system32\fdrespub.dll
07:41:42.0855 1728	FDResPub - ok
07:41:42.0910 1728	FileInfo        (6cf00369c97f3cf563be99be983d13d8) C:\Windows\system32\drivers\fileinfo.sys
07:41:42.0920 1728	FileInfo - ok
07:41:43.0017 1728	Filetrace       (42c51dc94c91da21cb9196eb64c45db9) C:\Windows\system32\drivers\filetrace.sys
07:41:43.0044 1728	Filetrace - ok
07:41:43.0155 1728	flpydisk        (87907aa70cb3c56600f1c2fb8841579b) C:\Windows\system32\DRIVERS\flpydisk.sys
07:41:43.0182 1728	flpydisk - ok
07:41:43.0318 1728	FltMgr          (7520ec808e0c35e0ee6f841294316653) C:\Windows\system32\drivers\fltmgr.sys
07:41:43.0347 1728	FltMgr - ok
07:41:43.0450 1728	FontCache       (b6512a85815fdc3d560c3705f5bdb93d) C:\Windows\system32\FntCache.dll
07:41:43.0506 1728	FontCache - ok
07:41:43.0579 1728	FontCache3.0.0.0 (e56f39f6b7fda0ac77a79b0fd3de1a2f) C:\Windows\Microsoft.Net\Framework\v3.0\WPF\PresentationFontCache.exe
07:41:43.0587 1728	FontCache3.0.0.0 - ok
07:41:43.0670 1728	FsDepends       (1a16b57943853e598cff37fe2b8cbf1d) C:\Windows\system32\drivers\FsDepends.sys
07:41:43.0680 1728	FsDepends - ok
07:41:43.0793 1728	Fs_Rec          (a574b4360e438977038aae4bf60d79a2) C:\Windows\system32\drivers\Fs_Rec.sys
07:41:43.0803 1728	Fs_Rec - ok
07:41:43.0909 1728	fvevol          (5592f5dba26282d24d2b080eb438a4d7) C:\Windows\system32\DRIVERS\fvevol.sys
07:41:43.0924 1728	fvevol - ok
07:41:44.0030 1728	gagp30kx        (65ee0c7a58b65e74ae05637418153938) C:\Windows\system32\DRIVERS\gagp30kx.sys
07:41:44.0040 1728	gagp30kx - ok
07:41:44.0132 1728	gpsvc           (8ba3c04702bf8f927ab36ae8313ca4ee) C:\Windows\System32\gpsvc.dll
07:41:44.0169 1728	gpsvc - ok
07:41:44.0285 1728	gupdate         (8f0de4fef8201e306f9938b0905ac96a) C:\Program Files\Google\Update\GoogleUpdate.exe
07:41:44.0293 1728	gupdate - ok
07:41:44.0310 1728	gupdatem        (8f0de4fef8201e306f9938b0905ac96a) C:\Program Files\Google\Update\GoogleUpdate.exe
07:41:44.0318 1728	gupdatem - ok
07:41:44.0428 1728	hcw85cir        (c44e3c2bab6837db337ddee7544736db) C:\Windows\system32\drivers\hcw85cir.sys
07:41:44.0459 1728	hcw85cir - ok
07:41:44.0567 1728	HDAudBus        (717a2207fd6f13ad3e664c7d5a43c7bf) C:\Windows\system32\DRIVERS\HDAudBus.sys
07:41:44.0592 1728	HDAudBus - ok
07:41:44.0680 1728	HidBatt         (1d58a7f3e11a9731d0eaaaa8405acc36) C:\Windows\system32\DRIVERS\HidBatt.sys
07:41:44.0700 1728	HidBatt - ok
07:41:44.0794 1728	HidBth          (89448f40e6df260c206a193a4683ba78) C:\Windows\system32\DRIVERS\hidbth.sys
07:41:44.0817 1728	HidBth - ok
07:41:44.0939 1728	HidIr           (cf50b4cf4a4f229b9f3c08351f99ca5e) C:\Windows\system32\DRIVERS\hidir.sys
07:41:44.0954 1728	HidIr - ok
07:41:45.0041 1728	hidserv         (2bc6f6a1992b3a77f5f41432ca6b3b6b) C:\Windows\system32\hidserv.dll
07:41:45.0088 1728	hidserv - ok
07:41:45.0280 1728	HidUsb          (25072fb35ac90b25f9e4e3bacf774102) C:\Windows\system32\DRIVERS\hidusb.sys
07:41:45.0307 1728	HidUsb - ok
07:41:45.0399 1728	hkmsvc          (741c2a45ca8407e374aaba3e330b7872) C:\Windows\system32\kmsvc.dll
07:41:45.0444 1728	hkmsvc - ok
07:41:45.0548 1728	HomeGroupListener (a768ca158bb06782a2835b907f4873c3) C:\Windows\system32\ListSvc.dll
07:41:45.0592 1728	HomeGroupListener - ok
07:41:45.0705 1728	HomeGroupProvider (fb08dec5ef43d0c66d83b8e9694e7549) C:\Windows\system32\provsvc.dll
07:41:45.0722 1728	HomeGroupProvider - ok
07:41:45.0834 1728	HpSAMD          (295fdc419039090eb8b49ffdbb374549) C:\Windows\system32\DRIVERS\HpSAMD.sys
07:41:45.0849 1728	HpSAMD - ok
07:41:45.0973 1728	HTTP            (c531c7fd9e8b62021112787c4e2c5a5a) C:\Windows\system32\drivers\HTTP.sys
07:41:46.0037 1728	HTTP - ok
07:41:46.0151 1728	hwpolicy        (8305f33cde89ad6c7a0763ed0b5a8d42) C:\Windows\system32\drivers\hwpolicy.sys
07:41:46.0174 1728	hwpolicy - ok
07:41:46.0279 1728	i8042prt        (f151f0bdc47f4a28b1b20a0818ea36d6) C:\Windows\system32\DRIVERS\i8042prt.sys
07:41:46.0314 1728	i8042prt - ok
07:41:46.0450 1728	iaStorV         (934af4d7c5f457b9f0743f4299b77b67) C:\Windows\system32\DRIVERS\iaStorV.sys
07:41:46.0473 1728	iaStorV - ok
07:41:46.0591 1728	idsvc           (5af815eb5bc9802e5a064e2ba62bfc0c) C:\Windows\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\infocard.exe
07:41:46.0638 1728	idsvc - ok
07:41:46.0761 1728	iirsp           (4173ff5708f3236cf25195fecd742915) C:\Windows\system32\DRIVERS\iirsp.sys
07:41:46.0776 1728	iirsp - ok
07:41:46.0902 1728	IKEEXT          (fac0ee6562b121b1399d6e855583f7a5) C:\Windows\System32\ikeext.dll
07:41:46.0947 1728	IKEEXT - ok
07:41:47.0056 1728	intelide        (a0f12f2c9ba6c72f3987ce780e77c130) C:\Windows\system32\DRIVERS\intelide.sys
07:41:47.0067 1728	intelide - ok
07:41:47.0245 1728	intelppm        (3b514d27bfc4accb4037bc6685f766e0) C:\Windows\system32\DRIVERS\intelppm.sys
07:41:47.0269 1728	intelppm - ok
07:41:47.0356 1728	IPBusEnum       (acb364b9075a45c0736e5c47be5cae19) C:\Windows\system32\ipbusenum.dll
07:41:47.0400 1728	IPBusEnum - ok
07:41:47.0518 1728	IpFilterDriver  (709d1761d3b19a932ff0238ea6d50200) C:\Windows\system32\DRIVERS\ipfltdrv.sys
07:41:47.0550 1728	IpFilterDriver - ok
07:41:47.0671 1728	iphlpsvc        (477397b432a256a50ee7e4339eb9ea14) C:\Windows\System32\iphlpsvc.dll
07:41:47.0733 1728	iphlpsvc - ok
07:41:47.0847 1728	IPMIDRV         (e4454b6c37d7ffd5649611f6496308a7) C:\Windows\system32\DRIVERS\IPMIDrv.sys
07:41:47.0865 1728	IPMIDRV - ok
07:41:47.0978 1728	IPNAT           (a5fa468d67abcdaa36264e463a7bb0cd) C:\Windows\system32\drivers\ipnat.sys
07:41:48.0027 1728	IPNAT - ok
07:41:48.0137 1728	IRENUM          (42996cff20a3084a56017b7902307e9f) C:\Windows\system32\drivers\irenum.sys
07:41:48.0153 1728	IRENUM - ok
07:41:48.0273 1728	isapnp          (1f32bb6b38f62f7df1a7ab7292638a35) C:\Windows\system32\DRIVERS\isapnp.sys
07:41:48.0285 1728	isapnp - ok
07:41:48.0381 1728	iScsiPrt        (ed46c223ae46c6866ab77cdc41c404b7) C:\Windows\system32\DRIVERS\msiscsi.sys
07:41:48.0402 1728	iScsiPrt - ok
07:41:48.0529 1728	ivusb           (37412294ea4b70ed8b4a9338ebaeecaa) C:\Windows\system32\DRIVERS\ivusb.sys
07:41:48.0538 1728	ivusb - ok
07:41:48.0675 1728	kbdclass        (adef52ca1aeae82b50df86b56413107e) C:\Windows\system32\DRIVERS\kbdclass.sys
07:41:48.0690 1728	kbdclass - ok
07:41:48.0815 1728	kbdhid          (3d9f0ebf350edcfd6498057301455964) C:\Windows\system32\DRIVERS\kbdhid.sys
07:41:48.0838 1728	kbdhid - ok
07:41:48.0944 1728	KeyIso          (f42309c4191c506b71db5d1126d26318) C:\Windows\system32\lsass.exe
07:41:48.0961 1728	KeyIso - ok
07:41:49.0108 1728	ksaud           (130022e649bc3dd177568b4022c29354) C:\Windows\system32\drivers\ksaud.sys
07:41:49.0163 1728	ksaud - ok
07:41:49.0277 1728	KSecDD          (e36a061ec11b373826905b21be10948f) C:\Windows\system32\Drivers\ksecdd.sys
07:41:49.0291 1728	KSecDD - ok
07:41:49.0417 1728	KSecPkg         (26c046977e85b95036453d7b88ba1820) C:\Windows\system32\Drivers\ksecpkg.sys
07:41:49.0432 1728	KSecPkg - ok
07:41:49.0536 1728	KtmRm           (89a7b9cc98d0d80c6f31b91c0a310fcd) C:\Windows\system32\msdtckrm.dll
07:41:49.0590 1728	KtmRm - ok
07:41:49.0709 1728	LanmanServer    (bca92cb047a4326925ecef759dbaa233) C:\Windows\system32\srvsvc.dll
07:41:49.0760 1728	LanmanServer - ok
07:41:49.0867 1728	LanmanWorkstation (b9891f885dcf1f0513a51cb58493cb1f) C:\Windows\System32\wkssvc.dll
07:41:49.0904 1728	LanmanWorkstation - ok
07:41:50.0037 1728	lltdio          (f7611ec07349979da9b0ae1f18ccc7a6) C:\Windows\system32\DRIVERS\lltdio.sys
07:41:50.0075 1728	lltdio - ok
07:41:50.0166 1728	lltdsvc         (5700673e13a2117fa3b9020c852c01e2) C:\Windows\System32\lltdsvc.dll
07:41:50.0202 1728	lltdsvc - ok
07:41:50.0249 1728	lmhosts         (55ca01ba19d0006c8f2639b6c045e08b) C:\Windows\System32\lmhsvc.dll
07:41:50.0295 1728	lmhosts - ok
07:41:50.0423 1728	LSI_FC          (eb119a53ccf2acc000ac71b065b78fef) C:\Windows\system32\DRIVERS\lsi_fc.sys
07:41:50.0435 1728	LSI_FC - ok
07:41:50.0540 1728	LSI_SAS         (8ade1c877256a22e49b75d1cc9161f9c) C:\Windows\system32\DRIVERS\lsi_sas.sys
07:41:50.0555 1728	LSI_SAS - ok
07:41:50.0664 1728	LSI_SAS2        (dc9dc3d3daa0e276fd2ec262e38b11e9) C:\Windows\system32\DRIVERS\lsi_sas2.sys
07:41:50.0676 1728	LSI_SAS2 - ok
07:41:50.0789 1728	LSI_SCSI        (0a036c7d7cab643a7f07135ac47e0524) C:\Windows\system32\DRIVERS\lsi_scsi.sys
07:41:50.0802 1728	LSI_SCSI - ok
07:41:50.0970 1728	luafv           (6703e366cc18d3b6e534f5cf7df39cee) C:\Windows\system32\drivers\luafv.sys
07:41:51.0015 1728	luafv - ok
07:41:51.0142 1728	MBAMProtector   (b7ca8cc3f978201856b6ab82f40953c3) C:\Windows\system32\drivers\mbam.sys
07:41:51.0157 1728	MBAMProtector - ok
07:41:51.0288 1728	MBAMService     (056b19651bd7b7ce5f89a3ac46dbdc08) C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe
07:41:51.0308 1728	MBAMService - ok
07:41:51.0391 1728	Mcx2Svc         (e2b0887816ed336685954e3d8fdaa51d) C:\Windows\system32\Mcx2Svc.dll
07:41:51.0410 1728	Mcx2Svc - ok
07:41:51.0526 1728	megasas         (0fff5b045293002ab38eb1fd1fc2fb74) C:\Windows\system32\DRIVERS\megasas.sys
07:41:51.0538 1728	megasas - ok
07:41:51.0661 1728	MegaSR          (dcbab2920c75f390caf1d29f675d03d6) C:\Windows\system32\DRIVERS\MegaSR.sys
07:41:51.0679 1728	MegaSR - ok
07:41:51.0687 1728	Microsoft Office Groove Audit Service - ok
07:41:51.0785 1728	MMCSS           (146b6f43a673379a3c670e86d89be5ea) C:\Windows\system32\mmcss.dll
07:41:51.0815 1728	MMCSS - ok
07:41:51.0922 1728	Modem           (f001861e5700ee84e2d4e52c712f4964) C:\Windows\system32\drivers\modem.sys
07:41:51.0977 1728	Modem - ok
07:41:52.0088 1728	monitor         (79d10964de86b292320e9dfe02282a23) C:\Windows\system32\DRIVERS\monitor.sys
07:41:52.0117 1728	monitor - ok
07:41:52.0229 1728	mouclass        (fb18cc1d4c2e716b6b903b0ac0cc0609) C:\Windows\system32\DRIVERS\mouclass.sys
07:41:52.0241 1728	mouclass - ok
07:41:52.0363 1728	mouhid          (2c388d2cd01c9042596cf3c8f3c7b24d) C:\Windows\system32\DRIVERS\mouhid.sys
07:41:52.0389 1728	mouhid - ok
07:41:52.0486 1728	mountmgr        (921c18727c5920d6c0300736646931c2) C:\Windows\system32\drivers\mountmgr.sys
07:41:52.0500 1728	mountmgr - ok
07:41:52.0606 1728	mpio            (2af5997438c55fb79d33d015c30e1974) C:\Windows\system32\DRIVERS\mpio.sys
07:41:52.0619 1728	mpio - ok
07:41:52.0733 1728	mpsdrv          (ad2723a7b53dd1aacae6ad8c0bfbf4d0) C:\Windows\system32\drivers\mpsdrv.sys
07:41:52.0774 1728	mpsdrv - ok
07:41:52.0876 1728	MpsSvc          (5cd996cecf45cbc3e8d109c86b82d69e) C:\Windows\system32\mpssvc.dll
07:41:52.0939 1728	MpsSvc - ok
07:41:53.0044 1728	MRxDAV          (b1be47008d20e43da3adc37c24cdb89d) C:\Windows\system32\drivers\mrxdav.sys
07:41:53.0070 1728	MRxDAV - ok
07:41:53.0231 1728	mrxsmb          (f4a054be78af7f410129c4b64b07dc9b) C:\Windows\system32\DRIVERS\mrxsmb.sys
07:41:53.0277 1728	mrxsmb - ok
07:41:53.0402 1728	mrxsmb10        (deffa295bd1895c6ed8e3078412ac60b) C:\Windows\system32\DRIVERS\mrxsmb10.sys
07:41:53.0438 1728	mrxsmb10 - ok
07:41:53.0541 1728	mrxsmb20        (24d76abe5dcad22f19d105f76fdf0ce1) C:\Windows\system32\DRIVERS\mrxsmb20.sys
07:41:53.0572 1728	mrxsmb20 - ok
07:41:53.0682 1728	msahci          (4326d168944123f38dd3b2d9c37a0b12) C:\Windows\system32\DRIVERS\msahci.sys
07:41:53.0697 1728	msahci - ok
07:41:53.0783 1728	msdsm           (455029c7174a2dbb03dba8a0d8bddd9a) C:\Windows\system32\DRIVERS\msdsm.sys
07:41:53.0802 1728	msdsm - ok
07:41:53.0850 1728	MSDTC           (e1bce74a3bd9902b72599c0192a07e27) C:\Windows\System32\msdtc.exe
07:41:53.0883 1728	MSDTC - ok
07:41:53.0995 1728	Msfs            (daefb28e3af5a76abcc2c3078c07327f) C:\Windows\system32\drivers\Msfs.sys
07:41:54.0026 1728	Msfs - ok
07:41:54.0139 1728	mshidkmdf       (3e1e5767043c5af9367f0056295e9f84) C:\Windows\System32\drivers\mshidkmdf.sys
07:41:54.0186 1728	mshidkmdf - ok
07:41:54.0273 1728	msisadrv        (0a4e5757ae09fa9622e3158cc1aef114) C:\Windows\system32\DRIVERS\msisadrv.sys
07:41:54.0284 1728	msisadrv - ok
07:41:54.0386 1728	MSiSCSI         (90f7d9e6b6f27e1a707d4a297f077828) C:\Windows\system32\iscsiexe.dll
07:41:54.0422 1728	MSiSCSI - ok
07:41:54.0494 1728	msiserver - ok
07:41:54.0592 1728	MSKSSRV         (8c0860d6366aaffb6c5bb9df9448e631) C:\Windows\system32\drivers\MSKSSRV.sys
07:41:54.0640 1728	MSKSSRV - ok
07:41:54.0757 1728	MSPCLOCK        (3ea8b949f963562cedbb549eac0c11ce) C:\Windows\system32\drivers\MSPCLOCK.sys
07:41:54.0800 1728	MSPCLOCK - ok
07:41:54.0916 1728	MSPQM           (f456e973590d663b1073e9c463b40932) C:\Windows\system32\drivers\MSPQM.sys
07:41:54.0957 1728	MSPQM - ok
07:41:55.0071 1728	MsRPC           (0e008fc4819d238c51d7c93e7b41e560) C:\Windows\system32\drivers\MsRPC.sys
07:41:55.0087 1728	MsRPC - ok
07:41:55.0203 1728	mssmbios        (fc6b9ff600cc585ea38b12589bd4e246) C:\Windows\system32\DRIVERS\mssmbios.sys
07:41:55.0213 1728	mssmbios - ok
07:41:55.0332 1728	MSTEE           (b42c6b921f61a6e55159b8be6cd54a36) C:\Windows\system32\drivers\MSTEE.sys
07:41:55.0361 1728	MSTEE - ok
07:41:55.0458 1728	MTConfig        (33599130f44e1f34631cea241de8ac84) C:\Windows\system32\DRIVERS\MTConfig.sys
07:41:55.0494 1728	MTConfig - ok
07:41:55.0601 1728	Mup             (159fad02f64e6381758c990f753bcc80) C:\Windows\system32\Drivers\mup.sys
07:41:55.0615 1728	Mup - ok
07:41:55.0713 1728	napagent        (80284f1985c70c86f0b5f86da2dfe1df) C:\Windows\system32\qagentRT.dll
07:41:55.0768 1728	napagent - ok
07:41:55.0891 1728	NativeWifiP     (26384429fcd85d83746f63e798ab1480) C:\Windows\system32\DRIVERS\nwifi.sys
07:41:55.0926 1728	NativeWifiP - ok
07:41:56.0061 1728	NDIS            (23759d175a0a9baaf04d05047bc135a8) C:\Windows\system32\drivers\ndis.sys
07:41:56.0088 1728	NDIS - ok
07:41:56.0265 1728	NdisCap         (0e1787aa6c9191d3d319e8bafe86f80c) C:\Windows\system32\DRIVERS\ndiscap.sys
07:41:56.0301 1728	NdisCap - ok
07:41:56.0413 1728	NdisTapi        (e4a8aec125a2e43a9e32afeea7c9c888) C:\Windows\system32\DRIVERS\ndistapi.sys
07:41:56.0453 1728	NdisTapi - ok
07:41:56.0561 1728	Ndisuio         (b30ae7f2b6d7e343b0df32e6c08fce75) C:\Windows\system32\DRIVERS\ndisuio.sys
07:41:56.0597 1728	Ndisuio - ok
07:41:56.0711 1728	NdisWan         (267c415eadcbe53c9ca873dee39cf3a4) C:\Windows\system32\DRIVERS\ndiswan.sys
07:41:56.0745 1728	NdisWan - ok
07:41:56.0851 1728	NDProxy         (af7e7c63dcef3f8772726f86039d6eb4) C:\Windows\system32\drivers\NDProxy.sys
07:41:56.0887 1728	NDProxy - ok
07:41:57.0003 1728	NetBIOS         (80b275b1ce3b0e79909db7b39af74d51) C:\Windows\system32\DRIVERS\netbios.sys
07:41:57.0032 1728	NetBIOS - ok
07:41:57.0161 1728	NetBT           (dd52a733bf4ca5af84562a5e2f963b91) C:\Windows\system32\DRIVERS\netbt.sys
07:41:57.0196 1728	NetBT - ok
07:41:57.0293 1728	Netlogon        (f42309c4191c506b71db5d1126d26318) C:\Windows\system32\lsass.exe
07:41:57.0307 1728	Netlogon - ok
07:41:57.0415 1728	Netman          (7cccfca7510684768da22092d1fa4db2) C:\Windows\System32\netman.dll
07:41:57.0465 1728	Netman - ok
07:41:57.0560 1728	netprofm        (8c338238c16777a802d6a9211eb2ba50) C:\Windows\System32\netprofm.dll
07:41:57.0612 1728	netprofm - ok
07:41:57.0691 1728	NetTcpPortSharing (fe2aa5a684b0dd9b1fae57b7817c198b) C:\Windows\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\SMSvcHost.exe
07:41:57.0706 1728	NetTcpPortSharing - ok
07:41:57.0813 1728	nfrd960         (1d85c4b390b0ee09c7a46b91efb2c097) C:\Windows\system32\DRIVERS\nfrd960.sys
07:41:57.0831 1728	nfrd960 - ok
07:41:57.0936 1728	NlaSvc          (2226496e34bd40734946a054b1cd657f) C:\Windows\System32\nlasvc.dll
07:41:57.0993 1728	NlaSvc - ok
07:41:58.0119 1728	nmwcd           (357ddb51e03cae598c096d95497373d0) C:\Windows\system32\drivers\ccdcmb.sys
07:41:58.0184 1728	nmwcd - ok
07:41:58.0322 1728	nmwcdc          (7cd443f9d36c80e152fadb274089577a) C:\Windows\system32\drivers\ccdcmbo.sys
07:41:58.0362 1728	nmwcdc - ok
07:41:58.0496 1728	nmwcdnsu        (02120406f27f5895dfce4c640e6ee237) C:\Windows\system32\drivers\nmwcdnsu.sys
07:41:58.0539 1728	nmwcdnsu - ok
07:41:58.0671 1728	nmwcdnsuc       (9c5de8b7cf5680307bbdf512c9258ecc) C:\Windows\system32\drivers\nmwcdnsuc.sys
07:41:58.0712 1728	nmwcdnsuc - ok
07:41:58.0829 1728	Npfs            (1db262a9f8c087e8153d89bef3d2235f) C:\Windows\system32\drivers\Npfs.sys
07:41:58.0875 1728	Npfs - ok
07:41:58.0959 1728	nsi             (ba387e955e890c8a88306d9b8d06bf17) C:\Windows\system32\nsisvc.dll
07:41:58.0996 1728	nsi - ok
07:41:59.0092 1728	nsiproxy        (e9a0a4d07e53d8fea2bb8387a3293c58) C:\Windows\system32\drivers\nsiproxy.sys
07:41:59.0143 1728	nsiproxy - ok
07:41:59.0326 1728	Ntfs            (3795dcd21f740ee799fb7223234215af) C:\Windows\system32\drivers\Ntfs.sys
07:41:59.0372 1728	Ntfs - ok
07:41:59.0469 1728	Null            (f9756a98d69098dca8945d62858a812c) C:\Windows\system32\drivers\Null.sys
07:41:59.0511 1728	Null - ok
07:41:59.0653 1728	NVENETFD        (1657f3fbd9061526c14ff37e79306f98) C:\Windows\system32\DRIVERS\nvm60x32.sys
07:41:59.0684 1728	NVENETFD - ok
07:42:00.0429 1728	nvlddmkm        (19f5c4949b2e4cbd2e95b8ecdfc84d25) C:\Windows\system32\DRIVERS\nvlddmkm.sys
07:42:01.0015 1728	nvlddmkm - ok
07:42:01.0165 1728	nvraid          (3f3d04b1d08d43c16ea7963954ec768d) C:\Windows\system32\DRIVERS\nvraid.sys
07:42:01.0177 1728	nvraid - ok
07:42:01.0300 1728	nvstor          (c99f251a5de63c6f129cf71933aced0f) C:\Windows\system32\DRIVERS\nvstor.sys
07:42:01.0317 1728	nvstor - ok
07:42:01.0447 1728	nvsvc           (7a68320fa236ed0479eff93540391568) C:\Windows\system32\nvvsvc.exe
07:42:01.0458 1728	nvsvc - ok
07:42:01.0578 1728	nv_agp          (5a0983915f02bae73267cc2a041f717d) C:\Windows\system32\DRIVERS\nv_agp.sys
07:42:01.0594 1728	nv_agp - ok
07:42:01.0689 1728	odserv          (84de1dd996b48b05ace31ad015fa108a) C:\Program Files\Common Files\Microsoft Shared\OFFICE12\ODSERV.EXE
07:42:01.0716 1728	odserv - ok
07:42:01.0807 1728	ohci1394        (08a70a1f2cdde9bb49b885cb817a66eb) C:\Windows\system32\DRIVERS\ohci1394.sys
07:42:01.0837 1728	ohci1394 - ok
07:42:01.0906 1728	ose             (5a432a042dae460abe7199b758e8606c) C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE
07:42:01.0930 1728	ose - ok
07:42:02.0043 1728	p2pimsvc        (82a8521ddc60710c3d3d3e7325209bec) C:\Windows\system32\pnrpsvc.dll
07:42:02.0083 1728	p2pimsvc - ok
07:42:02.0183 1728	p2psvc          (59c3ddd501e39e006dac31bf55150d91) C:\Windows\system32\p2psvc.dll
07:42:02.0216 1728	p2psvc - ok
07:42:02.0340 1728	Parport         (2ea877ed5dd9713c5ac74e8ea7348d14) C:\Windows\system32\DRIVERS\parport.sys
07:42:02.0355 1728	Parport - ok
07:42:02.0465 1728	partmgr         (ff4218952b51de44fe910953a3e686b9) C:\Windows\system32\drivers\partmgr.sys
07:42:02.0476 1728	partmgr - ok
07:42:02.0566 1728	Parvdm          (eb0a59f29c19b86479d36b35983daadc) C:\Windows\system32\DRIVERS\parvdm.sys
07:42:02.0589 1728	Parvdm - ok
07:42:02.0668 1728	PcaSvc          (358ab7956d3160000726574083dfc8a6) C:\Windows\System32\pcasvc.dll
07:42:02.0691 1728	PcaSvc - ok
07:42:02.0849 1728	pccsmcfd        (fd2041e9ba03db7764b2248f02475079) C:\Windows\system32\DRIVERS\pccsmcfd.sys
07:42:02.0879 1728	pccsmcfd - ok
07:42:02.0990 1728	pci             (c858cb77c577780ecc456a892e7e7d0f) C:\Windows\system32\DRIVERS\pci.sys
07:42:03.0011 1728	pci - ok
07:42:03.0159 1728	pciide          (afe86f419014db4e5593f69ffe26ce0a) C:\Windows\system32\DRIVERS\pciide.sys
07:42:03.0167 1728	pciide - ok
07:42:03.0305 1728	pcmcia          (f396431b31693e71e8a80687ef523506) C:\Windows\system32\DRIVERS\pcmcia.sys
07:42:03.0322 1728	pcmcia - ok
07:42:03.0428 1728	pcw             (250f6b43d2b613172035c6747aeeb19f) C:\Windows\system32\drivers\pcw.sys
07:42:03.0440 1728	pcw - ok
07:42:03.0583 1728	PEAUTH          (9e0104ba49f4e6973749a02bf41344ed) C:\Windows\system32\drivers\peauth.sys
07:42:03.0643 1728	PEAUTH - ok
07:42:03.0780 1728	PeerDistSvc     (af4d64d2a57b9772cf3801950b8058a6) C:\Windows\system32\peerdistsvc.dll
07:42:03.0840 1728	PeerDistSvc - ok
07:42:04.0010 1728	pla             (9c1bff7910c89a1d12e57343475840cb) C:\Windows\system32\pla.dll
07:42:04.0090 1728	pla - ok
07:42:04.0197 1728	PlugPlay        (2cc2008f1296968fba162ed9f9afe328) C:\Windows\system32\umpnpmgr.dll
07:42:04.0242 1728	PlugPlay - ok
07:42:04.0318 1728	PNRPAutoReg     (63ff8572611249931eb16bb8eed6afc8) C:\Windows\system32\pnrpauto.dll
07:42:04.0345 1728	PNRPAutoReg - ok
07:42:04.0446 1728	PNRPsvc         (82a8521ddc60710c3d3d3e7325209bec) C:\Windows\system32\pnrpsvc.dll
07:42:04.0467 1728	PNRPsvc - ok
07:42:04.0569 1728	PolicyAgent     (48e1b75c6dc0232fd92baae4bd344721) C:\Windows\System32\ipsecsvc.dll
07:42:04.0620 1728	PolicyAgent - ok
07:42:04.0715 1728	Power           (dbff83f709a91049621c1d35dd45c92c) C:\Windows\system32\umpo.dll
07:42:04.0751 1728	Power - ok
07:42:04.0877 1728	PptpMiniport    (631e3e205ad6d86f2aed6a4a8e69f2db) C:\Windows\system32\DRIVERS\raspptp.sys
07:42:04.0916 1728	PptpMiniport - ok
07:42:05.0007 1728	Processor       (85b1e3a0c7585bc4aae6899ec6fcf011) C:\Windows\system32\DRIVERS\processr.sys
07:42:05.0028 1728	Processor - ok
07:42:05.0135 1728	ProfSvc         (630cf26f0227498b7d5a92b12548960f) C:\Windows\system32\profsvc.dll
07:42:05.0172 1728	ProfSvc - ok
07:42:05.0386 1728	ProtectedStorage (f42309c4191c506b71db5d1126d26318) C:\Windows\system32\lsass.exe
07:42:05.0402 1728	ProtectedStorage - ok
07:42:05.0507 1728	Psched          (6270ccae2a86de6d146529fe55b3246a) C:\Windows\system32\DRIVERS\pacer.sys
07:42:05.0555 1728	Psched - ok
07:42:05.0708 1728	ql2300          (ab95ecf1f6659a60ddc166d8315b0751) C:\Windows\system32\DRIVERS\ql2300.sys
07:42:05.0762 1728	ql2300 - ok
07:42:05.0885 1728	ql40xx          (b4dd51dd25182244b86737dc51af2270) C:\Windows\system32\DRIVERS\ql40xx.sys
07:42:05.0905 1728	ql40xx - ok
07:42:06.0000 1728	QWAVE           (31ac809e7707eb580b2bdb760390765a) C:\Windows\system32\qwave.dll
07:42:06.0036 1728	QWAVE - ok
07:42:06.0119 1728	QWAVEdrv        (584078ca1b95ca72df2a27c336f9719d) C:\Windows\system32\drivers\qwavedrv.sys
07:42:06.0134 1728	QWAVEdrv - ok
07:42:06.0243 1728	RasAcd          (30a81b53c766d0133bb86d234e5556ab) C:\Windows\system32\DRIVERS\rasacd.sys
07:42:06.0285 1728	RasAcd - ok
07:42:06.0386 1728	RasAgileVpn     (57ec4aef73660166074d8f7f31c0d4fd) C:\Windows\system32\DRIVERS\AgileVpn.sys
07:42:06.0458 1728	RasAgileVpn - ok
07:42:06.0551 1728	RasAuto         (a60f1839849c0c00739787fd5ec03f13) C:\Windows\System32\rasauto.dll
07:42:06.0590 1728	RasAuto - ok
07:42:06.0710 1728	Rasl2tp         (d9f91eafec2815365cbe6d167e4e332a) C:\Windows\system32\DRIVERS\rasl2tp.sys
07:42:06.0755 1728	Rasl2tp - ok
07:42:06.0860 1728	RasMan          (0ce66ec736b7fc526d78f7624c7d2a94) C:\Windows\System32\rasmans.dll
07:42:06.0903 1728	RasMan - ok
07:42:07.0018 1728	RasPppoe        (0fe8b15916307a6ac12bfb6a63e45507) C:\Windows\system32\DRIVERS\raspppoe.sys
07:42:07.0053 1728	RasPppoe - ok
07:42:07.0252 1728	RasSstp         (44101f495a83ea6401d886e7fd70096b) C:\Windows\system32\DRIVERS\rassstp.sys
07:42:07.0287 1728	RasSstp - ok
07:42:07.0404 1728	rdbss           (835d7e81bf517a3b72384bdcc85e1ce6) C:\Windows\system32\DRIVERS\rdbss.sys
07:42:07.0447 1728	rdbss - ok
07:42:07.0552 1728	rdpbus          (0d8f05481cb76e70e1da06ee9f0da9df) C:\Windows\system32\DRIVERS\rdpbus.sys
07:42:07.0577 1728	rdpbus - ok
07:42:07.0681 1728	RDPCDD          (1e016846895b15a99f9a176a05029075) C:\Windows\system32\DRIVERS\RDPCDD.sys
07:42:07.0736 1728	RDPCDD - ok
07:42:07.0840 1728	RDPDR           (c5ff95883ffef704d50c40d21cfb3ab5) C:\Windows\system32\drivers\rdpdr.sys
07:42:07.0881 1728	RDPDR - ok
07:42:07.0985 1728	RDPENCDD        (5a53ca1598dd4156d44196d200c94b8a) C:\Windows\system32\drivers\rdpencdd.sys
07:42:08.0013 1728	RDPENCDD - ok
07:42:08.0121 1728	RDPREFMP        (44b0a53cd4f27d50ed461dae0c0b4e1f) C:\Windows\system32\drivers\rdprefmp.sys
07:42:08.0170 1728	RDPREFMP - ok
07:42:08.0291 1728	RDPWD           (801371ba9782282892d00aadb08ee367) C:\Windows\system32\drivers\RDPWD.sys
07:42:08.0332 1728	RDPWD - ok
07:42:08.0456 1728	rdyboost        (4ea225bf1cf05e158853f30a99ca29a7) C:\Windows\system32\drivers\rdyboost.sys
07:42:08.0474 1728	rdyboost - ok
07:42:08.0563 1728	RemoteAccess    (7b5e1419717fac363a31cc302895217a) C:\Windows\System32\mprdim.dll
07:42:08.0608 1728	RemoteAccess - ok
07:42:08.0704 1728	RemoteRegistry  (cb9a8683f4ef2bf99e123d79950d7935) C:\Windows\system32\regsvc.dll
07:42:08.0742 1728	RemoteRegistry - ok
07:42:08.0782 1728	RpcEptMapper    (78d072f35bc45d9e4e1b61895c152234) C:\Windows\System32\RpcEpMap.dll
07:42:08.0827 1728	RpcEptMapper - ok
07:42:08.0911 1728	RpcLocator      (94d36c0e44677dd26981d2bfeef2a29d) C:\Windows\system32\locator.exe
07:42:08.0938 1728	RpcLocator - ok
07:42:09.0034 1728	RpcSs           (b82cd39e336973359d7c9bf911e8e84f) C:\Windows\system32\rpcss.dll
07:42:09.0070 1728	RpcSs - ok
07:42:09.0175 1728	rspndr          (032b0d36ad92b582d869879f5af5b928) C:\Windows\system32\DRIVERS\rspndr.sys
07:42:09.0208 1728	rspndr - ok
07:42:09.0312 1728	s3cap           (5423d8437051e89dd34749f242c98648) C:\Windows\system32\DRIVERS\vms3cap.sys
07:42:09.0335 1728	s3cap - ok
07:42:09.0423 1728	SamSs           (f42309c4191c506b71db5d1126d26318) C:\Windows\system32\lsass.exe
07:42:09.0437 1728	SamSs - ok
07:42:09.0547 1728	sbp2port        (34ee0c44b724e3e4ce2eff29126de5b5) C:\Windows\system32\DRIVERS\sbp2port.sys
07:42:09.0563 1728	sbp2port - ok
07:42:09.0667 1728	SCardSvr        (8fc518ffe9519c2631d37515a68009c4) C:\Windows\System32\SCardSvr.dll
07:42:09.0722 1728	SCardSvr - ok
07:42:09.0843 1728	scfilter        (a95c54b2ac3cc9c73fcdf9e51a1d6b51) C:\Windows\system32\DRIVERS\scfilter.sys
07:42:09.0877 1728	scfilter - ok
07:42:09.0988 1728	Schedule        (3e8b0c453e25613a1f59762a5c42aa75) C:\Windows\system32\schedsvc.dll
07:42:10.0038 1728	Schedule - ok
07:42:10.0125 1728	SCPolicySvc     (628a9e30ec5e18dd5de6be4dbdc12198) C:\Windows\System32\certprop.dll
07:42:10.0157 1728	SCPolicySvc - ok
07:42:10.0236 1728	SDRSVC          (5fd90abdbfaee85986802622cbb03446) C:\Windows\System32\SDRSVC.dll
07:42:10.0281 1728	SDRSVC - ok
07:42:10.0468 1728	secdrv          (90a3935d05b494a5a39d37e71f09a677) C:\Windows\system32\drivers\secdrv.sys
07:42:10.0516 1728	secdrv - ok
07:42:10.0595 1728	seclogon        (a59b3a4442c52060cc7a85293aa3546f) C:\Windows\system32\seclogon.dll
07:42:10.0634 1728	seclogon - ok
07:42:10.0730 1728	SENS            (dcb7fcdcc97f87360f75d77425b81737) C:\Windows\System32\sens.dll
07:42:10.0774 1728	SENS - ok
07:42:10.0861 1728	SensrSvc        (50087fe1ee447009c9cc2997b90de53f) C:\Windows\system32\sensrsvc.dll
07:42:10.0898 1728	SensrSvc - ok
07:42:11.0011 1728	Serenum         (9ad8b8b515e3df6acd4212ef465de2d1) C:\Windows\system32\DRIVERS\serenum.sys
07:42:11.0032 1728	Serenum - ok
07:42:11.0158 1728	Serial          (5fb7fcea0490d821f26f39cc5ea3d1e2) C:\Windows\system32\DRIVERS\serial.sys
07:42:11.0192 1728	Serial - ok
07:42:11.0301 1728	sermouse        (79bffb520327ff916a582dfea17aa813) C:\Windows\system32\DRIVERS\sermouse.sys
07:42:11.0313 1728	sermouse - ok
07:42:11.0430 1728	ServiceLayer    (8988d1f32f56b3cd3f0f6c39f8a91a98) C:\Program Files\PC Connectivity Solution\ServiceLayer.exe
07:42:11.0463 1728	ServiceLayer ( UnsignedFile.Multi.Generic ) - warning
07:42:11.0463 1728	ServiceLayer - detected UnsignedFile.Multi.Generic (1)
07:42:11.0587 1728	SessionEnv      (8f55ce568c543d5adf45c409d16718fc) C:\Windows\system32\sessenv.dll
07:42:11.0645 1728	SessionEnv - ok
07:42:11.0749 1728	sffdisk         (9f976e1eb233df46fce808d9dea3eb9c) C:\Windows\system32\DRIVERS\sffdisk.sys
07:42:11.0782 1728	sffdisk - ok
07:42:11.0881 1728	sffp_mmc        (932a68ee27833cfd57c1639d375f2731) C:\Windows\system32\DRIVERS\sffp_mmc.sys
07:42:11.0912 1728	sffp_mmc - ok
07:42:12.0010 1728	sffp_sd         (4f1e5b0fe7c8050668dbfade8999aefb) C:\Windows\system32\DRIVERS\sffp_sd.sys
07:42:12.0038 1728	sffp_sd - ok
07:42:12.0144 1728	sfloppy         (db96666cc8312ebc45032f30b007a547) C:\Windows\system32\DRIVERS\sfloppy.sys
07:42:12.0172 1728	sfloppy - ok
07:42:12.0278 1728	SharedAccess    (d1a079a0de2ea524513b6930c24527a2) C:\Windows\System32\ipnathlp.dll
07:42:12.0318 1728	SharedAccess - ok
07:42:12.0420 1728	ShellHWDetection (cd2e48fa5b29ee2b3b5858056d246ef2) C:\Windows\System32\shsvcs.dll
07:42:12.0457 1728	ShellHWDetection - ok
07:42:12.0568 1728	sisagp          (2565cac0dc9fe0371bdce60832582b2e) C:\Windows\system32\DRIVERS\sisagp.sys
07:42:12.0579 1728	sisagp - ok
07:42:12.0689 1728	SiSRaid2        (a9f0486851becb6dda1d89d381e71055) C:\Windows\system32\DRIVERS\SiSRaid2.sys
07:42:12.0701 1728	SiSRaid2 - ok
07:42:12.0808 1728	SiSRaid4        (3727097b55738e2f554972c3be5bc1aa) C:\Windows\system32\DRIVERS\sisraid4.sys
07:42:12.0824 1728	SiSRaid4 - ok
07:42:12.0926 1728	Smb             (3e21c083b8a01cb70ba1f09303010fce) C:\Windows\system32\DRIVERS\smb.sys
07:42:12.0977 1728	Smb - ok
07:42:13.0088 1728	SNMPTRAP        (6a984831644eca1a33ffeae4126f4f37) C:\Windows\System32\snmptrap.exe
07:42:13.0123 1728	SNMPTRAP - ok
07:42:13.0247 1728	spldr           (95cf1ae7527fb70f7816563cbc09d942) C:\Windows\system32\drivers\spldr.sys
07:42:13.0257 1728	spldr - ok
07:42:13.0401 1728	Spooler         (49b6dd6ab3715b7a67965f17194e98a9) C:\Windows\System32\spoolsv.exe
07:42:13.0428 1728	Spooler - ok
07:42:13.0711 1728	sppsvc          (4c287f9069fedbd791178876ee9de536) C:\Windows\system32\sppsvc.exe
07:42:13.0853 1728	sppsvc - ok
07:42:13.0939 1728	sppuinotify     (d8e3e19eebdab49dd4a8d3062ead4ec7) C:\Windows\system32\sppuinotify.dll
07:42:13.0971 1728	sppuinotify - ok
07:42:14.0150 1728	sptd            (cdddec541bc3c96f91ecb48759673505) C:\Windows\System32\Drivers\sptd.sys
07:42:14.0183 1728	sptd - ok
07:42:14.0330 1728	srv             (2ba4ebc7dfba845a1edbe1f75913be33) C:\Windows\system32\DRIVERS\srv.sys
07:42:14.0366 1728	srv - ok
07:42:14.0510 1728	srv2            (dce7e10feaabd4cae95948b3de5340bb) C:\Windows\system32\DRIVERS\srv2.sys
07:42:14.0555 1728	srv2 - ok
07:42:14.0691 1728	srvnet          (b5665baa2120b8a54e22e9cd07c05106) C:\Windows\system32\DRIVERS\srvnet.sys
07:42:14.0757 1728	srvnet - ok
07:42:14.0857 1728	SSDPSRV         (d887c9fd02ac9fa880f6e5027a43e118) C:\Windows\System32\ssdpsrv.dll
07:42:14.0914 1728	SSDPSRV - ok
07:42:15.0085 1728	ssmdrv          (a36ee93698802cd899f98bfd553d8185) C:\Windows\system32\DRIVERS\ssmdrv.sys
07:42:15.0092 1728	ssmdrv - ok
07:42:15.0205 1728	SstpSvc         (d318f23be45d5e3a107469eb64815b50) C:\Windows\system32\sstpsvc.dll
07:42:15.0257 1728	SstpSvc - ok
07:42:15.0400 1728	ssudmdm         (8f299012ef58246f1c98de7b7e48dbf0) C:\Windows\system32\DRIVERS\ssudmdm.sys
07:42:15.0413 1728	ssudmdm - ok
07:42:15.0541 1728	ssudobex        (741b3bed19aadaf2625c937955ea659b) C:\Windows\system32\DRIVERS\ssudobex.sys
07:42:15.0560 1728	ssudobex - ok
07:42:15.0657 1728	stexstor        (db32d325c192b801df274bfd12a7e72b) C:\Windows\system32\DRIVERS\stexstor.sys
07:42:15.0667 1728	stexstor - ok
07:42:15.0791 1728	StiSvc          (a22825e7bb7018e8af3e229a5af17221) C:\Windows\System32\wiaservc.dll
07:42:15.0826 1728	StiSvc - ok
07:42:15.0927 1728	storflt         (957e346ca948668f2496a6ccf6ff82cc) C:\Windows\system32\DRIVERS\vmstorfl.sys
07:42:15.0939 1728	storflt - ok
07:42:16.0041 1728	storvsc         (d5751969dc3e4b88bf482ac8ec9fe019) C:\Windows\system32\DRIVERS\storvsc.sys
07:42:16.0051 1728	storvsc - ok
07:42:16.0166 1728	swenum          (e58c78a848add9610a4db6d214af5224) C:\Windows\system32\DRIVERS\swenum.sys
07:42:16.0178 1728	swenum - ok
07:42:16.0271 1728	swprv           (a28bd92df340e57b024ba433165d34d7) C:\Windows\System32\swprv.dll
07:42:16.0315 1728	swprv - ok
07:42:16.0418 1728	SysMain         (04105c8da62353589c29bdaeb8d88bd8) C:\Windows\system32\sysmain.dll
07:42:16.0480 1728	SysMain - ok
07:42:16.0578 1728	TabletInputService (fcfb6c552fbc0da299799cbd50ad9fd4) C:\Windows\System32\TabSvc.dll
07:42:16.0616 1728	TabletInputService - ok
07:42:16.0772 1728	TapiSrv         (2f46b0c70a4adc8c90cf825da3b4feaf) C:\Windows\System32\tapisrv.dll
07:42:16.0821 1728	TapiSrv - ok
07:42:16.0921 1728	TBS             (b799d9fdb26111737f58288d8dc172d9) C:\Windows\System32\tbssvc.dll
07:42:16.0991 1728	TBS - ok
07:42:17.0185 1728	Tcpip           (63170b9ee1d0ef0032f0408605671d1a) C:\Windows\system32\drivers\tcpip.sys
07:42:17.0274 1728	Tcpip - ok
07:42:17.0451 1728	TCPIP6          (63170b9ee1d0ef0032f0408605671d1a) C:\Windows\system32\DRIVERS\tcpip.sys
07:42:17.0482 1728	TCPIP6 - ok
07:42:17.0625 1728	tcpipreg        (e64444523add154f86567c469bc0b17f) C:\Windows\system32\drivers\tcpipreg.sys
07:42:17.0680 1728	tcpipreg - ok
07:42:17.0780 1728	TDPIPE          (1875c1490d99e70e449e3afae9fcbadf) C:\Windows\system32\drivers\tdpipe.sys
07:42:17.0827 1728	TDPIPE - ok
07:42:17.0955 1728	TDTCP           (7551e91ea999ee9a8e9c331d5a9c31f3) C:\Windows\system32\drivers\tdtcp.sys
07:42:17.0990 1728	TDTCP - ok
07:42:18.0132 1728	tdx             (cb39e896a2a83702d1737bfd402b3542) C:\Windows\system32\DRIVERS\tdx.sys
07:42:18.0179 1728	tdx - ok
07:42:18.0303 1728	TermDD          (c36f41ee20e6999dbf4b0425963268a5) C:\Windows\system32\DRIVERS\termdd.sys
07:42:18.0341 1728	TermDD - ok
07:42:18.0450 1728	TermService     (a01e50a04d7b1960b33e92b9080e6a94) C:\Windows\System32\termsrv.dll
07:42:18.0516 1728	TermService - ok
07:42:18.0616 1728	Themes          (42fb6afd6b79d9fe07381609172e7ca4) C:\Windows\system32\themeservice.dll
07:42:18.0641 1728	Themes - ok
07:42:18.0729 1728	THREADORDER     (146b6f43a673379a3c670e86d89be5ea) C:\Windows\system32\mmcss.dll
07:42:18.0768 1728	THREADORDER - ok
07:42:18.0858 1728	TrkWks          (4792c0378db99a9bc2ae2de6cfff0c3a) C:\Windows\System32\trkwks.dll
07:42:18.0916 1728	TrkWks - ok
07:42:19.0048 1728	truecrypt       (aceb4f4f83b895e15c8c1a2f55009783) C:\Windows\system32\drivers\truecrypt.sys
07:42:19.0072 1728	truecrypt - ok
07:42:19.0174 1728	TrustedInstaller (41a4c781d2286208d397d72099304133) C:\Windows\servicing\TrustedInstaller.exe
07:42:19.0197 1728	TrustedInstaller - ok
07:42:19.0358 1728	tssecsrv        (98ae6fa07d12cb4ec5cf4a9bfa5f4242) C:\Windows\system32\DRIVERS\tssecsrv.sys
07:42:19.0388 1728	tssecsrv - ok
07:42:19.0543 1728	tunnel          (3e461d890a97f9d4c168f5fda36e1d00) C:\Windows\system32\DRIVERS\tunnel.sys
07:42:19.0576 1728	tunnel - ok
07:42:19.0686 1728	uagp35          (750fbcb269f4d7dd2e420c56b795db6d) C:\Windows\system32\DRIVERS\uagp35.sys
07:42:19.0708 1728	uagp35 - ok
07:42:19.0849 1728	udfs            (09cc3e16f8e5ee7168e01cf8fcbe061a) C:\Windows\system32\DRIVERS\udfs.sys
07:42:19.0886 1728	udfs - ok
07:42:19.0993 1728	UI0Detect       (8344fd4fce927880aa1aa7681d4927e5) C:\Windows\system32\UI0Detect.exe
07:42:20.0024 1728	UI0Detect - ok
07:42:20.0146 1728	uliagpkx        (44e8048ace47befbfdc2e9be4cbc8880) C:\Windows\system32\DRIVERS\uliagpkx.sys
07:42:20.0175 1728	uliagpkx - ok
07:42:20.0304 1728	umbus           (049b3a50b3d646baeeee9eec9b0668dc) C:\Windows\system32\DRIVERS\umbus.sys
07:42:20.0333 1728	umbus - ok
07:42:20.0453 1728	UmPass          (7550ad0c6998ba1cb4843e920ee0feac) C:\Windows\system32\DRIVERS\umpass.sys
07:42:20.0494 1728	UmPass - ok
07:42:20.0585 1728	UmRdpService    (8ecaca5454844f66386f7be4ae0d7cd1) C:\Windows\System32\umrdp.dll
07:42:20.0606 1728	UmRdpService - ok
07:42:20.0716 1728	upnphost        (833fbb672460efce8011d262175fad33) C:\Windows\System32\upnphost.dll
07:42:20.0752 1728	upnphost - ok
07:42:20.0874 1728	upperdev        (15629e4d65f97ab5432d6d9597cf6a33) C:\Windows\system32\DRIVERS\usbser_lowerflt.sys
07:42:20.0900 1728	upperdev - ok
07:42:21.0021 1728	usbaudio        (2436a42aab4ad48a9b714e5b0f344627) C:\Windows\system32\drivers\usbaudio.sys
07:42:21.0049 1728	usbaudio - ok
07:42:21.0164 1728	usbccgp         (8455c4ed038efd09e99327f9d2d48ffa) C:\Windows\system32\DRIVERS\usbccgp.sys
07:42:21.0197 1728	usbccgp - ok
07:42:21.0341 1728	usbcir          (04ec7cec62ec3b6d9354eee93327fc82) C:\Windows\system32\DRIVERS\usbcir.sys
07:42:21.0372 1728	usbcir - ok
07:42:21.0466 1728	usbehci         (1c333bfd60f2fed2c7ad5daf533cb742) C:\Windows\system32\DRIVERS\usbehci.sys
07:42:21.0498 1728	usbehci - ok
07:42:21.0635 1728	usbhub          (ee6ef93ccfa94fae8c6ab298273d8ae2) C:\Windows\system32\DRIVERS\usbhub.sys
07:42:21.0671 1728	usbhub - ok
07:42:21.0777 1728	usbohci         (a6fb7957ea7afb1165991e54ce934b74) C:\Windows\system32\DRIVERS\usbohci.sys
07:42:21.0791 1728	usbohci - ok
07:42:21.0963 1728	usbprint        (797d862fe0875e75c7cc4c1ad7b30252) C:\Windows\system32\DRIVERS\usbprint.sys
07:42:21.0992 1728	usbprint - ok
07:42:22.0127 1728	UsbserFilt      (5c17e6a11aa8be53f79fd364ba19f0ce) C:\Windows\system32\DRIVERS\usbser_lowerfltj.sys
07:42:22.0178 1728	UsbserFilt - ok
07:42:22.0295 1728	USBSTOR         (d8889d56e0d27e57ed4591837fe71d27) C:\Windows\system32\DRIVERS\USBSTOR.SYS
07:42:22.0337 1728	USBSTOR - ok
07:42:22.0462 1728	usbuhci         (78780c3ebce17405b1ccd07a3a8a7d72) C:\Windows\system32\DRIVERS\usbuhci.sys
07:42:22.0486 1728	usbuhci - ok
07:42:22.0568 1728	UxSms           (081e6e1c91aec36758902a9f727cd23c) C:\Windows\System32\uxsms.dll
07:42:22.0620 1728	UxSms - ok
07:42:22.0712 1728	VaultSvc        (f42309c4191c506b71db5d1126d26318) C:\Windows\system32\lsass.exe
07:42:22.0750 1728	VaultSvc - ok
07:42:22.0865 1728	vdrvroot        (a059c4c3edb09e07d21a8e5c0aabd3cb) C:\Windows\system32\DRIVERS\vdrvroot.sys
07:42:22.0882 1728	vdrvroot - ok
07:42:22.0996 1728	vds             (8c4e7c49d3641bc9e299e466a7f8867d) C:\Windows\System32\vds.exe
07:42:23.0040 1728	vds - ok
07:42:23.0151 1728	vga             (17c408214ea61696cec9c66e388b14f3) C:\Windows\system32\DRIVERS\vgapnp.sys
07:42:23.0178 1728	vga - ok
07:42:23.0274 1728	VgaSave         (8e38096ad5c8570a6f1570a61e251561) C:\Windows\System32\drivers\vga.sys
07:42:23.0322 1728	VgaSave - ok
07:42:23.0485 1728	vhdmp           (3be6e1f3a4f1afec8cee0d7883f93583) C:\Windows\system32\DRIVERS\vhdmp.sys
07:42:23.0501 1728	vhdmp - ok
07:42:23.0617 1728	viaagp          (c829317a37b4bea8f39735d4b076e923) C:\Windows\system32\DRIVERS\viaagp.sys
07:42:23.0630 1728	viaagp - ok
07:42:23.0750 1728	ViaC7           (e02f079a6aa107f06b16549c6e5c7b74) C:\Windows\system32\DRIVERS\viac7.sys
07:42:23.0776 1728	ViaC7 - ok
07:42:23.0876 1728	viaide          (e43574f6a56a0ee11809b48c09e4fd3c) C:\Windows\system32\DRIVERS\viaide.sys
07:42:23.0889 1728	viaide - ok
07:42:23.0993 1728	vmbus           (379b349f65f453d2a6e75ea6b7448e49) C:\Windows\system32\DRIVERS\vmbus.sys
07:42:24.0010 1728	vmbus - ok
07:42:24.0327 1728	VMBusHID        (ec2bbab4b84d0738c6c83d2234dc36fe) C:\Windows\system32\DRIVERS\VMBusHID.sys
07:42:24.0371 1728	VMBusHID - ok
07:42:24.0484 1728	volmgr          (384e5a2aa49934295171e499f86ba6f3) C:\Windows\system32\DRIVERS\volmgr.sys
07:42:24.0500 1728	volmgr - ok
07:42:24.0610 1728	volmgrx         (b5bb72067ddddbbfb04b2f89ff8c3c87) C:\Windows\system32\drivers\volmgrx.sys
07:42:24.0632 1728	volmgrx - ok
07:42:24.0765 1728	volsnap         (58df9d2481a56edde167e51b334d44fd) C:\Windows\system32\DRIVERS\volsnap.sys
07:42:24.0782 1728	volsnap - ok
07:42:24.0900 1728	vsmraid         (9dfa0cc2f8855a04816729651175b631) C:\Windows\system32\DRIVERS\vsmraid.sys
07:42:24.0919 1728	vsmraid - ok
07:42:25.0041 1728	VSS             (7ea2bcd94d9cfaf4c556f5cc94532a6c) C:\Windows\system32\vssvc.exe
07:42:25.0106 1728	VSS - ok
07:42:25.0222 1728	vwifibus        (90567b1e658001e79d7c8bbd3dde5aa6) C:\Windows\System32\drivers\vwifibus.sys
07:42:25.0246 1728	vwifibus - ok
07:42:25.0350 1728	W32Time         (55187fd710e27d5095d10a472c8baf1c) C:\Windows\system32\w32time.dll
07:42:25.0396 1728	W32Time - ok
07:42:25.0493 1728	WacomPen        (de3721e89c653aa281428c8a69745d90) C:\Windows\system32\DRIVERS\wacompen.sys
07:42:25.0505 1728	WacomPen - ok
07:42:25.0633 1728	WANARP          (692a712062146e96d28ba0b7d75de31b) C:\Windows\system32\DRIVERS\wanarp.sys
07:42:25.0669 1728	WANARP - ok
07:42:25.0688 1728	Wanarpv6        (692a712062146e96d28ba0b7d75de31b) C:\Windows\system32\DRIVERS\wanarp.sys
07:42:25.0735 1728	Wanarpv6 - ok
07:42:25.0873 1728	wbengine        (7790b77fe1e5ee47dcc66247095bb4c9) C:\Windows\system32\wbengine.exe
07:42:25.0931 1728	wbengine - ok
07:42:26.0024 1728	WbioSrvc        (9614b5d29dc76ac3c29f6d2d3aa70e67) C:\Windows\System32\wbiosrvc.dll
07:42:26.0045 1728	WbioSrvc - ok
07:42:26.0083 1728	wcncsvc         (d0f88aa11ee1a62bcc6d6a8a7783ca11) C:\Windows\System32\wcncsvc.dll
07:42:26.0130 1728	wcncsvc - ok
07:42:26.0227 1728	WcsPlugInService (5d930b6357a6d2af4d7653bdabbf352f) C:\Windows\System32\WcsPlugInService.dll
07:42:26.0253 1728	WcsPlugInService - ok
07:42:26.0345 1728	Wd              (1112a9badacb47b7c0bb0392e3158dff) C:\Windows\system32\DRIVERS\wd.sys
07:42:26.0355 1728	Wd - ok
07:42:26.0502 1728	Wdf01000        (9950e3d0f08141c7e89e64456ae7dc73) C:\Windows\system32\drivers\Wdf01000.sys
07:42:26.0532 1728	Wdf01000 - ok
07:42:26.0611 1728	WdiServiceHost  (46ef9dc96265fd0b423db72e7c38c2a5) C:\Windows\system32\wdi.dll
07:42:26.0638 1728	WdiServiceHost - ok
07:42:26.0645 1728	WdiSystemHost   (46ef9dc96265fd0b423db72e7c38c2a5) C:\Windows\system32\wdi.dll
07:42:26.0667 1728	WdiSystemHost - ok
07:42:26.0704 1728	WebClient       (d87c7d2c517f82a5ab7a73e203063d9e) C:\Windows\System32\webclnt.dll
07:42:26.0728 1728	WebClient - ok
07:42:26.0817 1728	Wecsvc          (760f0afe937a77cff27153206534f275) C:\Windows\system32\wecsvc.dll
07:42:26.0866 1728	Wecsvc - ok
07:42:26.0951 1728	wercplsupport   (ac804569bb2364fb6017370258a4091b) C:\Windows\System32\wercplsupport.dll
07:42:26.0990 1728	wercplsupport - ok
07:42:27.0083 1728	WerSvc          (08e420d873e4fd85241ee2421b02c4a4) C:\Windows\System32\WerSvc.dll
07:42:27.0136 1728	WerSvc - ok
07:42:27.0259 1728	WfpLwf          (8b9a943f3b53861f2bfaf6c186168f79) C:\Windows\system32\DRIVERS\wfplwf.sys
07:42:27.0290 1728	WfpLwf - ok
07:42:27.0408 1728	WIMMount        (5cf95b35e59e2a38023836fff31be64c) C:\Windows\system32\drivers\wimmount.sys
07:42:27.0423 1728	WIMMount - ok
07:42:27.0536 1728	WinDefend       (3fae8f94296001c32eab62cd7d82e0fd) C:\Program Files\Windows Defender\mpsvc.dll
07:42:27.0565 1728	WinDefend - ok
07:42:27.0583 1728	WinHttpAutoProxySvc - ok
07:42:27.0702 1728	Winmgmt         (f62e510b6ad4c21eb9fe8668ed251826) C:\Windows\system32\wbem\WMIsvc.dll
07:42:27.0742 1728	Winmgmt - ok
07:42:27.0887 1728	WinRM           (c4f5d3901d1b41d602ddc196e0b95b51) C:\Windows\system32\WsmSvc.dll
07:42:27.0963 1728	WinRM - ok
07:42:28.0096 1728	WinUsb          (30fc6e5448d0cbaaa95280eeef7fedae) C:\Windows\system32\DRIVERS\WinUsb.sys
07:42:28.0114 1728	WinUsb - ok
07:42:28.0245 1728	Wlansvc         (16935c98ff639d185086a3529b1f2067) C:\Windows\System32\wlansvc.dll
07:42:28.0283 1728	Wlansvc - ok
07:42:28.0375 1728	WmiAcpi         (0217679b8fca58714c3bf2726d2ca84e) C:\Windows\system32\DRIVERS\wmiacpi.sys
07:42:28.0398 1728	WmiAcpi - ok
07:42:28.0516 1728	wmiApSrv        (6eb6b66517b048d87dc1856ddf1f4c3f) C:\Windows\system32\wbem\WmiApSrv.exe
07:42:28.0541 1728	wmiApSrv - ok
07:42:28.0659 1728	WMPNetworkSvc   (77fbd400984cf72ba0fc4b3489d65f74) C:\Program Files\Windows Media Player\wmpnetwk.exe
07:42:28.0717 1728	WMPNetworkSvc - ok
07:42:28.0801 1728	WPCSvc          (a2f0ec770a92f2b3f9de6d518e11409c) C:\Windows\System32\wpcsvc.dll
07:42:28.0822 1728	WPCSvc - ok
07:42:28.0908 1728	WPDBusEnum      (b7f658a2ebc07129538ad9ab35212637) C:\Windows\system32\wpdbusenum.dll
07:42:28.0925 1728	WPDBusEnum - ok
07:42:29.0048 1728	ws2ifsl         (6db3276587b853bf886b69528fdb048c) C:\Windows\system32\drivers\ws2ifsl.sys
07:42:29.0100 1728	ws2ifsl - ok
07:42:29.0199 1728	wscsvc          (6f5d49efe0e7164e03ae773a3fe25340) C:\Windows\System32\wscsvc.dll
07:42:29.0229 1728	wscsvc - ok
07:42:29.0304 1728	WSearch - ok
07:42:29.0464 1728	wuauserv        (a33408cc036f9c08142b11be5e93f0a1) C:\Windows\system32\wuaueng.dll
07:42:29.0580 1728	wuauserv - ok
07:42:29.0688 1728	WudfPf          (6f9b6c0c93232cff47d0f72d6db1d21e) C:\Windows\system32\drivers\WudfPf.sys
07:42:29.0729 1728	WudfPf - ok
07:42:29.0837 1728	WUDFRd          (f91ff1e51fca30b3c3981db7d5924252) C:\Windows\system32\DRIVERS\WUDFRd.sys
07:42:29.0872 1728	WUDFRd - ok
07:42:29.0967 1728	wudfsvc         (ddee3682fe97037c45f4d7ab467cb8b6) C:\Windows\System32\WUDFSvc.dll
07:42:30.0014 1728	wudfsvc - ok
07:42:30.0113 1728	WwanSvc         (ff2d745b560f7c71b31f30f4d49f73d2) C:\Windows\System32\wwansvc.dll
07:42:30.0152 1728	WwanSvc - ok
07:42:30.0202 1728	MBR (0x1B8)     (a36c5e4f47e84449ff07ed3517b43a31) \Device\Harddisk0\DR0
07:42:30.0268 1728	\Device\Harddisk0\DR0 - ok
07:42:30.0300 1728	Boot (0x1200)   (22278244eba1e9d32a6c9fa9d6ae5721) \Device\Harddisk0\DR0\Partition0
07:42:30.0300 1728	\Device\Harddisk0\DR0\Partition0 - ok
07:42:30.0305 1728	Boot (0x1200)   (224393dcbe6f26735a09d6fe44f38c45) \Device\Harddisk0\DR0\Partition1
07:42:30.0306 1728	\Device\Harddisk0\DR0\Partition1 - ok
07:42:30.0310 1728	============================================================
07:42:30.0310 1728	Scan finished
07:42:30.0310 1728	============================================================
07:42:30.0369 6040	Detected object count: 3
07:42:30.0369 6040	Actual detected object count: 3
07:42:43.0823 6040	Creative Audio Engine Licensing Service ( UnsignedFile.Multi.Generic ) - skipped by user
07:42:43.0823 6040	Creative Audio Engine Licensing Service ( UnsignedFile.Multi.Generic ) - User select action: Skip 
07:42:43.0827 6040	Creative Media Toolbox 6 Licensing Service ( UnsignedFile.Multi.Generic ) - skipped by user
07:42:43.0828 6040	Creative Media Toolbox 6 Licensing Service ( UnsignedFile.Multi.Generic ) - User select action: Skip 
07:42:43.0831 6040	ServiceLayer ( UnsignedFile.Multi.Generic ) - skipped by user
07:42:43.0831 6040	ServiceLayer ( UnsignedFile.Multi.Generic ) - User select action: Skip 
07:42:55.0897 5748	Deinitialize success

cosinus · 24.03.2012, 18:26

Dann bitte jetzt CF ausführen:

ComboFix

Ein Leitfaden und Tutorium zur Nutzung von ComboFix

Lade dir ComboFix hier herunter auf deinen Desktop.

Schliesse alle Programme, vor allem dein Antivirenprogramm und andere Hintergrundwächter sowie deinen Internetbrowser.

Starte combofix.exe von deinem Desktop aus, bestätige die Warnmeldungen, führe die Updates durch (falls vorgeschlagen), installiere die Wiederherstellungskonsole (falls vorgeschlagen) und lass dein System durchsuchen.
Vermeide es auch während Combofix läuft die Maus und Tastatur zu benutzen.

Im Anschluss öffnet sich automatisch eine combofix.txt, diesen Inhalt bitte kopieren ([Strg]a, [Strg]c) und in deinen Beitrag einfügen ([Strg]v). Die Datei findest du außerdem unter: C:\ComboFix.txt.

Wichtiger Hinweis:

Combofix darf ausschließlich ausgeführt werden, wenn ein Kompetenzler dies ausdrücklich empfohlen hat!

Es sollte nie auf eigene Initiative hin ausgeführt werden! Eine falsche Benutzung kann ernsthafte Computerprobleme nach sich ziehen und eine Bereinigung der Infektion noch erschweren.

Solltest du nach der Ausführung von Combofix Probleme beim Starten von Anwendungen haben und Meldungen erhalten wie

Zitat:

Es wurde versucht, einen Registrierungsschlüssel einem ungültigen Vorgang zu unterziehen, der zum Löschen markiert wurde.

startest du Windows dann manuell neu und die Fehlermeldungen sollten nicht mehr auftauchen.

Tim1987 · 25.03.2012, 10:08

Code:

ATTFilter

ComboFix 12-03-22.01 - Tim1 25.03.2012  10:32:14.1.2 - x86
Microsoft Windows 7 Ultimate   6.1.7600.0.1252.49.1031.18.2047.1414 [GMT 2:00]
ausgeführt von:: z:\filme\ComboFix.exe
AV: Avira Desktop *Enabled/Updated* {F67B4DE5-C0B4-6C3F-0EFF-6C83BD5D0C2C}
SP: Avira Desktop *Enabled/Updated* {4D1AAC01-E68E-63B1-344F-57F1C6DA4691}
SP: Windows Defender *Enabled/Outdated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
.
((((((((((((((((((((((((((((((((((((   Weitere Löschungen   ))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\windows\system32\muzapp.exe
.
.
(((((((((((((((((((((((   Dateien erstellt von 2012-02-25 bis 2012-03-25  ))))))))))))))))))))))))))))))
.
.
2012-03-25 08:42 . 2012-03-25 08:42	--------	d-----w-	c:\users\Tim1\AppData\Local\temp
2012-03-25 08:42 . 2012-03-25 08:42	--------	d-----w-	c:\users\Default\AppData\Local\temp
2012-03-17 16:45 . 2012-03-17 16:45	592824	----a-w-	c:\program files\Mozilla Firefox\gkmedias.dll
2012-03-17 16:45 . 2012-03-17 16:45	44472	----a-w-	c:\program files\Mozilla Firefox\mozglue.dll
2012-03-16 13:23 . 2012-03-16 13:23	--------	d-----w-	c:\program files\ESET
2012-03-16 12:10 . 2012-03-16 12:10	--------	d-----w-	c:\users\Tim1\AppData\Roaming\Malwarebytes
2012-03-16 12:10 . 2012-03-16 12:10	--------	d-----w-	c:\programdata\Malwarebytes
2012-03-16 12:10 . 2012-03-16 12:10	--------	d-----w-	c:\program files\Malwarebytes' Anti-Malware
2012-03-16 12:10 . 2011-12-10 14:24	20464	----a-w-	c:\windows\system32\drivers\mbam.sys
2012-03-09 20:52 . 2012-03-09 20:52	--------	d-----w-	c:\program files\7-Zip
2012-03-09 12:26 . 2012-03-09 12:26	--------	d-----w-	c:\users\Tim1\AppData\Local\Lidl_Fotos
.
.
.
((((((((((((((((((((((((((((((((((((   Find3M Bericht   ))))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2012-03-09 12:24 . 2010-11-20 14:22	86547	----a-w-	c:\users\Tim1\AppData\Roaming\mdbu.bin
2012-02-17 16:59 . 2011-10-29 09:04	137416	----a-w-	c:\windows\system32\drivers\avipbb.sys
2011-12-27 14:43 . 2011-05-13 19:48	414368	----a-w-	c:\windows\system32\FlashPlayerCPLApp.cpl
2012-03-17 16:45 . 2011-06-13 07:39	97208	----a-w-	c:\program files\mozilla firefox\components\browsercomps.dll
.
.
((((((((((((((((((((((((((((   Autostartpunkte der Registrierung   ))))))))))))))))))))))))))))))))))))))))
.
.
*Hinweis* leere Einträge & legitime Standardeinträge werden nicht angezeigt. 
REGEDIT4
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt1]
@="{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}]
2011-02-18 05:12	94208	----a-w-	c:\users\Tim1\AppData\Roaming\Dropbox\bin\DropboxExt.14.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt2]
@="{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}]
2011-02-18 05:12	94208	----a-w-	c:\users\Tim1\AppData\Roaming\Dropbox\bin\DropboxExt.14.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt3]
@="{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}]
2011-02-18 05:12	94208	----a-w-	c:\users\Tim1\AppData\Roaming\Dropbox\bin\DropboxExt.14.dll
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Sidebar"="c:\program files\Windows Sidebar\sidebar.exe" [2009-07-14 1173504]
"KiesHelper"="z:\program files\Kies\KiesHelper.exe" [2011-12-27 937360]
"KiesPDLR"="z:\program files\Kies\External\FirmwareUpdate\KiesPDLR.exe" [2011-12-27 21392]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2010-02-18 248040]
"GrooveMonitor"="z:\program files\Microsoft Office\Office12\GrooveMonitor.exe" [2006-10-26 31016]
"VolPanel"="c:\program files\Creative\Sound Blaster X-Fi Surround 5.1\Volume Panel\VolPanlu.exe" [2008-11-24 237693]
"Module Loader"="c:\program files\Creative\Shared Files\Module Loader\DLLML.exe" [2007-07-23 57344]
"Creative SB Monitoring Utility"="sbavmon.dll" [2008-12-01 94720]
"avgnt"="c:\program files\Avira\AntiVir Desktop\avgnt.exe" [2011-10-11 258512]
"KiesTrayAgent"="z:\program files\Kies\KiesTrayAgent.exe" [2011-12-27 3508624]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2012-01-03 37296]
"Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2012-01-02 843712]
"Malwarebytes' Anti-Malware"="c:\program files\Malwarebytes' Anti-Malware\mbamgui.exe" [2012-01-13 460872]
.
c:\users\Tim1\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
OneNote 2007 Bildschirmausschnitt- und Startprogramm.lnk - z:\program files\Microsoft Office\Office12\ONENOTEM.EXE [2006-10-26 98632]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"EnableUIADesktopToggle"= 0 (0x0)
.
R2 gupdate;Google Update Service (gupdate);c:\program files\Google\Update\GoogleUpdate.exe [2010-01-17 135664]
R3 Creative Audio Engine Licensing Service;Creative Audio Engine Licensing Service;c:\program files\Common Files\Creative Labs Shared\Service\CTAELicensing.exe [2009-12-28 79360]
R3 Creative Media Toolbox 6 Licensing Service;Creative Media Toolbox 6 Licensing Service;c:\program files\Common Files\Creative Labs Shared\Service\MT6Licensing.exe [2009-12-28 79360]
R3 dg_ssudbus;SAMSUNG Mobile USB Composite Device Driver (DEVGURU Ver.);c:\windows\system32\DRIVERS\ssudbus.sys [2011-12-08 80184]
R3 gupdatem;Google Update-Dienst (gupdatem);c:\program files\Google\Update\GoogleUpdate.exe [2010-01-17 135664]
R3 ivusb;Initio Driver for USB Default Controller;c:\windows\system32\DRIVERS\ivusb.sys [2010-03-10 25112]
R3 nmwcdnsu;Nokia USB Flashing Phone Parent;c:\windows\system32\drivers\nmwcdnsu.sys [2009-10-06 136704]
R3 nmwcdnsuc;Nokia USB Flashing Generic;c:\windows\system32\drivers\nmwcdnsuc.sys [2009-10-06 8320]
R3 ssudmdm;SAMSUNG  Mobile USB Modem Drivers (DEVGURU Ver.);c:\windows\system32\DRIVERS\ssudmdm.sys [2011-12-08 181432]
R3 ssudobex;SAMSUNG Mobile USB OBEX Serial Port(DEVGURU Ver.);c:\windows\system32\DRIVERS\ssudobex.sys [2011-12-08 181432]
R4 sptd;sptd;c:\windows\System32\Drivers\sptd.sys [2009-12-28 691696]
S1 avkmgr;avkmgr;c:\windows\system32\DRIVERS\avkmgr.sys [2011-10-11 36000]
S2 AntiVirSchedulerService;Avira Planer;c:\program files\Avira\AntiVir Desktop\sched.exe [2011-10-11 86224]
S2 AntiVirWebService;Avira Browser Schutz;c:\program files\Avira\AntiVir Desktop\AVWEBGRD.EXE [2011-10-11 463824]
S2 MBAMService;MBAMService;c:\program files\Malwarebytes' Anti-Malware\mbamservice.exe [2012-01-13 652360]
S3 ksaud;Creative USB Audio Driver;c:\windows\system32\drivers\ksaud.sys [2009-08-05 886912]
S3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [2011-12-10 20464]
.
.
Inhalt des "geplante Tasks" Ordners
.
2012-03-25 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files\Google\Update\GoogleUpdate.exe [2010-01-17 12:03]
.
2012-03-25 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files\Google\Update\GoogleUpdate.exe [2010-01-17 12:03]
.
.
------- Zusätzlicher Suchlauf -------
.
uStart Page = 
IE: Nach Microsoft E&xel exportieren - z:\progra~1\MICROS~1\Office12\EXCEL.EXE/3000
LSP: c:\program files\Avira\AntiVir Desktop\avsda.dll
Trusted Zone: marecum.de\www
TCP: DhcpNameServer = 192.168.178.1
FF - ProfilePath - c:\users\Tim1\AppData\Roaming\Mozilla\Firefox\Profiles\pbyfwtim.default\
FF - prefs.js: browser.search.defaulturl - 
FF - prefs.js: browser.search.selectedEngine - Google
FF - prefs.js: browser.startup.homepage - hxxp://www.spiegel.de/
.
- - - - Entfernte verwaiste Registrierungseinträge - - - -
.
WebBrowser-{FC2B76FC-2132-4D80-A9A3-1F5C6E49066B} - (no file)
HKLM-Run-ISW - c:\program files\CheckPoint\ZAForceField\ForceField.exe
AddRemove-ZoneAlarm Toolbar - c:\program files\CheckPoint\ZAForceField\Clean_tool.exe
AddRemove-01_Simmental - z:\program files\USB Drivers\01_Simmental\Uninstall.exe
AddRemove-02_Siberian - z:\program files\USB Drivers\02_Siberian\Uninstall.exe
AddRemove-03_Swallowtail - z:\program files\USB Drivers\03_Swallowtail\Uninstall.exe
AddRemove-04_semseyite - z:\program files\USB Drivers\04_semseyite\Uninstall.exe
AddRemove-05_Sloan - z:\program files\USB Drivers\05_Sloan\Uninstall.exe
AddRemove-06_Spencer - z:\program files\USB Drivers\06_Spencer\Uninstall.exe
AddRemove-07_Schorl - z:\program files\USB Drivers\07_Schorl\Uninstall.exe
AddRemove-08_EMPChipset - z:\program files\USB Drivers\08_EMPChipset\Uninstall.exe
AddRemove-09_Hsp - z:\program files\USB Drivers\09_Hsp\Uninstall.exe
AddRemove-11_HSP_Plus_Default - z:\program files\USB Drivers\11_HSP_Plus_Default\Uninstall.exe
AddRemove-16_Shrewsbury - z:\program files\USB Drivers\16_Shrewsbury\Uninstall.exe
AddRemove-17_EMP_Chipset2 - z:\program files\USB Drivers\17_EMP_Chipset2\Uninstall.exe
AddRemove-18_Zinia_Serial_Driver - z:\program files\USB Drivers\18_Zinia_Serial_Driver\Uninstall.exe
AddRemove-19_VIA_driver - z:\program files\USB Drivers\19_VIA_driver\Uninstall.exe
AddRemove-20_NXP_Driver - z:\program files\USB Drivers\20_NXP_Driver\Uninstall.exe
AddRemove-21_Searsburg - z:\program files\USB Drivers\21_Searsburg\Uninstall.exe
AddRemove-22_WiBro_WiMAX - z:\program files\USB Drivers\22_WiBro_WiMAX\Uninstall.exe
AddRemove-24_flashusbdriver - z:\program files\USB Drivers\24_flashusbdriver\Uninstall.exe
AddRemove-25_escape - z:\program files\USB Drivers\25_escape\Uninstall.exe
.
.
.
--------------------- Gesperrte Registrierungsschluessel ---------------------
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0001\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0002\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0003\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
Zeit der Fertigstellung: 2012-03-25  10:50:39
ComboFix-quarantined-files.txt  2012-03-25 08:50
.
Vor Suchlauf: 1.638.182.912 Bytes frei
Nach Suchlauf: 1.539.776.512 Bytes frei
.
- - End Of File - - CC8E2332155B07C1C833163B47A291CE

16.03.2012, 17:12	#5
cosinus /// Winkelfunktion /// TB-Süch-Tiger™	Avira findet folgendes... Malwarebytes erstellt bei jedem Scanvorgang genau ein Log. Hast du in der Vergangenheit schonmal mit Malwarebytes gescannt? Wenn ja dann stehen auch alle Logs zu jedem Scanvorgang im Reiter Logdateien. Bitte alle posten, die dort sichtbar sind. __________________ Logfiles bitte immer in CODE-Tags posten

Avira findet folgendes...

Plagegeister aller Art und deren Bekämpfung: Avira findet folgendes...