"Aus Sicherheitsgründen wurde Ihr Windowssystem blockiert"

jade · 24.03.2012, 10:28

Hallo ihr Lieben,
habe vorhin diesen netten schwarzen Screen mit "Achtung! Ihr Windowssystem wird aus Sicherheitsgründen blockiert" (+Bezahlen und runterladen - Button) bekommen...
Bisher habe ich im abgesicherten Modus Malwarebytes (Quick-Scan) laufen lassen und die gefundenen 5 Objekte gelöscht(Log im Anhang). Jetzt kommt die "Achtung!"-Meldung zwar nicht mehr, aber Avira hat sich noch ein paar Male mit neuen Funden gemeldet.
Wie gehe ich nun weiter vor? Nur weil die Meldung nicht mehr kommt, ist dieser Mist ja immernoch irgendwo...

Vielen Dank schon mal für eure Hilfe!

cosinus · 25.03.2012, 16:35

Bitte erstmal routinemäßig einen Vollscan mit Malwarebytes machen und Log posten. =>ALLE lokalen Datenträger (außer CD/DVD) überprüfen lassen!
Denk daran, dass Malwarebytes vor jedem Scan manuell aktualisiert werden muss! Außerdem müssen alle Funde entfernt werden.

Falls Logs aus älteren Scans mit Malwarebytes vorhanden sind, bitte auch davon alle posten!

ESET Online Scanner

Hier findest du eine bebilderte Anleitung zu ESET Online Scanner
Lade und starte Eset Online Scanner
Setze einen Haken bei Ja, ich bin mit den Nutzungsbedingungen einverstanden und klicke auf Starten.
Aktiviere die "Erkennung von eventuell unerwünschten Anwendungen" und wähle folgende Einstellungen.
Klicke auf Starten.
Die Signaturen werden heruntergeladen, der Scan beginnt automatisch.
Klicke am Ende des Suchlaufs auf Fertig stellen.
Schließe das Fenster von ESET.
Explorer öffnen.
C:\Programme\Eset\EsetOnlineScanner\log.txt (bei 64 Bit auch C:\Programme (x86)\Eset\EsetOnlineScanner\log.txt) suchen und mit Deinem Editor öffnen (bebildert).
Logfile hier posten.
Deinstallation: Systemsteuerung => Software / Programme deinstallieren => Eset Online Scanner V3 entfernen.
Manuell folgenden Ordner löschen und Papierkorb leeren => C:\Programme\Eset

Bitte alles nach Möglichkeit hier in CODE-Tags posten.

Wird so gemacht:

[code] hier steht das Log [/code]

Und das ganze sieht dann so aus:

Code:

ATTFilter

 hier steht das Log

jade · 26.03.2012, 20:34

Vielen Dank schon mal...
Hier der Vollscan von Malewarebytes:

Code:

ATTFilter

Malwarebytes Anti-Malware 1.60.1.1000
www.malwarebytes.org

Datenbank Version: v2012.03.23.05

Windows Vista x86 NTFS
Internet Explorer 7.0.6000.17037
* :: * [Administrator]

24.03.2012 11:10:01
mbam-log-2012-03-24 (11-10-01).txt

Art des Suchlaufs: Vollständiger Suchlauf
Aktivierte Suchlaufeinstellungen: Speicher | Autostart | Registrierung | Dateisystem | Heuristiks/Extra | HeuristiKs/Shuriken | PUP | PUM
Deaktivierte Suchlaufeinstellungen: P2P
Durchsuchte Objekte: 357123
Laufzeit: 4 Stunde(n), 40 Minute(n), 21 Sekunde(n)

Infizierte Speicherprozesse: 0
(Keine bösartigen Objekte gefunden)

Infizierte Speichermodule: 0
(Keine bösartigen Objekte gefunden)

Infizierte Registrierungsschlüssel: 0
(Keine bösartigen Objekte gefunden)

Infizierte Registrierungswerte: 0
(Keine bösartigen Objekte gefunden)

Infizierte Dateiobjekte der Registrierung: 0
(Keine bösartigen Objekte gefunden)

Infizierte Verzeichnisse: 0
(Keine bösartigen Objekte gefunden)

Infizierte Dateien: 0
(Keine bösartigen Objekte gefunden)

(Ende)

ESET scannt gerade noch, hat bisher 5 infizierte Files gefunden...
Wäre ja auch zu schön gewesen.

Hier das Ergebnis von ESET:

Code:

ATTFilter

ESETSmartInstaller@High as downloader log:
all ok
# version=7
# OnlineScannerApp.exe=1.0.0.1
# OnlineScanner.ocx=1.0.0.6583
# api_version=3.0.2
# EOSSerial=2010bb90100f9d4bb9f262b0e497a452
# end=finished
# remove_checked=false
# archives_checked=true
# unwanted_checked=true
# unsafe_checked=false
# antistealth_checked=true
# utc_time=2012-03-26 10:49:55
# local_time=2012-03-27 12:49:55 (+0100, Mitteleuropäische Sommerzeit)
# country="Germany"
# lang=1033
# osver=6.0.6000 NT 
# compatibility_mode=512 16777215 100 0 48835132 48835132 0 0
# compatibility_mode=1792 16777191 100 0 3785686 3785686 0 0
# compatibility_mode=5892 16776573 100 100 26489 170317062 0 0
# compatibility_mode=8192 67108863 100 0 284 284 0 0
# scanned=191904
# found=6
# cleaned=0
# scan_time=17862
C:\Users\*\AppData\Local\Temp\jar_cache5714293808212891567.tmp	a variant of Java/TrojanDownloader.Agent.NDR trojan (unable to clean)	00000000000000000000000000000000	I
C:\Users\*\AppData\Local\Temp\jar_cache7811024365845757029.tmp	Java/Exploit.Blacole.AN trojan (unable to clean)	00000000000000000000000000000000	I
C:\Users\*\AppData\Local\Temp\Main.class	probably a variant of Java/Exploit.CVE-2011-3544.BF trojan (unable to clean)	00000000000000000000000000000000	I
C:\Users\*\AppData\Roaming\696737317CB889FB6A28F6275874920D\enemies-names.txt	Win32/Adware.AntimalwareDoctor.AE.Gen application (unable to clean)	00000000000000000000000000000000	I
C:\Users\*\AppData\Roaming\696737317CB889FB6A28F6275874920D\local.ini	Win32/Adware.AntimalwareDoctor.AE.Gen application (unable to clean)	00000000000000000000000000000000	I
C:\_OTL\MovedFiles\09082010_004114\C_Dokumente und Einstellungen\*\Lokale Einstellungen\Anwendungsdaten\Windows Server\hlp.dat	Win32/Bamital.DZ trojan (unable to clean)	00000000000000000000000000000000	I

cosinus · 27.03.2012, 10:03

CustomScan mit OTL

Falls noch nicht vorhanden, lade Dir bitte OTL von Oldtimer herunter und speichere es auf Deinem Desktop

Starte bitte die OTL.exe.
Vista und Win7 User mit Rechtsklick "als Administrator starten"
Setze oben mittig den Haken bei Scanne alle Benutzer
Kopiere nun den kompletten Inhalt aus der untenstehenden Codebox in die Textbox von OTL - wenn OTL auf deutsch ist wird sie mit beschriftet

Code:

ATTFilter

netsvcs
msconfig
safebootminimal
safebootnetwork
activex
drivers32
%ALLUSERSPROFILE%\Application Data\*.
%ALLUSERSPROFILE%\Application Data\*.exe /s
%APPDATA%\*.
%APPDATA%\*.exe /s
%SYSTEMDRIVE%\*.exe
/md5start
wininit.exe
userinit.exe
eventlog.dll
scecli.dll
netlogon.dll
cngaudit.dll
ws2ifsl.sys
sceclt.dll
ntelogon.dll
winlogon.exe
logevent.dll
user32.DLL
iaStor.sys
nvstor.sys
atapi.sys
IdeChnDr.sys
viasraid.sys
AGP440.sys
vaxscsi.sys
nvatabus.sys
viamraid.sys
nvata.sys
nvgts.sys
iastorv.sys
ViPrt.sys
eNetHook.dll
ahcix86.sys
KR10N.sys
nvstor32.sys
ahcix86s.sys
/md5stop
%systemroot%\system32\drivers\*.sys /lockedfiles
%systemroot%\System32\config\*.sav
%systemroot%\*. /mp /s
%systemroot%\system32\*.dll /lockedfiles
CREATERESTOREPOINT

Schliesse bitte nun alle Programme. (Wichtig)
Klicke nun bitte auf den Quick Scan Button.
Klick auf .
Kopiere nun den Inhalt aus OTL.txt hier in Deinen Thread

jade · 27.03.2012, 18:08

Hier die Ergebnisse von OTL:

OTL Logfile:

Code:

ATTFilter

OTL logfile created on: 27.03.2012 18:15:43 - Run 4
OTL by OldTimer - Version 3.2.39.2     Folder = C:\Users\*\Downloads
Windows Vista Home Premium Edition  (Version = 6.0.6000) - Type = NTWorkstation
Internet Explorer (Version = 7.0.6000.17037)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
 
3,00 Gb Total Physical Memory | 1,81 Gb Available Physical Memory | 60,49% Memory free
6,19 Gb Paging File | 4,99 Gb Available in Paging File | 80,55% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 144,09 Gb Total Space | 63,48 Gb Free Space | 44,06% Space Free | Partition Type: NTFS
Drive D: | 144,00 Gb Total Space | 99,10 Gb Free Space | 68,82% Space Free | Partition Type: NTFS
 
Computer Name: * | User Name: * | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users | Quick Scan
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days
 
========== Processes (SafeList) ==========
 
PRC - C:\Users\*\Downloads\OTL(1).exe (OldTimer Tools)
PRC - C:\Users\*\AppData\Roaming\Dropbox\bin\Dropbox.exe (Dropbox, Inc.)
PRC - C:\Program Files\Avira\AntiVir Desktop\avshadow.exe (Avira Operations GmbH & Co. KG)
PRC - C:\Program Files\Avira\AntiVir Desktop\sched.exe (Avira Operations GmbH & Co. KG)
PRC - C:\Program Files\Avira\AntiVir Desktop\avguard.exe (Avira Operations GmbH & Co. KG)
PRC - C:\Program Files\Avira\AntiVir Desktop\avgnt.exe (Avira Operations GmbH & Co. KG)
PRC - C:\Program Files\Microsoft\BingBar\SeaPort.EXE (Microsoft Corporation)
PRC - C:\Windows\explorer.exe (Microsoft Corporation)
PRC - C:\Program Files\Windows Defender\MSASCui.exe (Microsoft Corporation)
PRC - C:\Program Files\Microsoft Small Business\Business Contact Manager\BcmSqlStartupSvc.exe (Microsoft Corporation)
PRC - C:\Program Files\Samsung\EBM\EasyBatteryMgr3.exe (SAMSUNG Electronics co., LTD.)
PRC - C:\Program Files\Samsung\EasySpeedUpManager\EasySpeedUpManager.exe (Samsung Electronics Co., Ltd.)
PRC - C:\Program Files\Samsung\Samsung Magic Doctor\MagicDoctorKbdHk.exe (Samsung Electronics Co., Ltd.)
PRC - C:\Program Files\Samsung\Samsung Update Plus\SLUTrayNotifier.exe ()
PRC - C:\Windows\RtHDVCpl.exe (Realtek Semiconductor)
PRC - C:\Program Files\Samsung\Easy Display Manager\dmhkcore.exe (SAMSUNG Electronics)
PRC - C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe (Broadcom Corporation.)
 
 
========== Modules (No Company Name) ==========
 
MOD - C:\Program Files\Common Files\Apple\Apple Application Support\zlib1.dll ()
MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Web\03858406f9a9514402888707e8b93abe\System.Web.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Runtime.Remo#\23281812ddf7a1fab881b5322e577ac4\System.Runtime.Remoting.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Xml\7208ffa39630e9b923331f9df0947a12\System.Xml.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\1941d7639299344ae28fb6b23da65247\System.Windows.Forms.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Drawing\6312464f64727a2a50d5ce3fd73ad1bb\System.Drawing.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\System\52e1ea3c7491e05cda766d7b3ce3d559\System.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\17f572b09facdc5fda9431558eb7a26e\mscorlib.ni.dll ()
MOD - C:\Windows\assembly\GAC_MSIL\System.Windows.Forms.resources\2.0.0.0_de_b77a5c561934e089\System.Windows.Forms.resources.dll ()
MOD - C:\Windows\assembly\GAC_MSIL\mscorlib.resources\2.0.0.0_de_b77a5c561934e089\mscorlib.resources.dll ()
MOD - C:\Windows\assembly\GAC_MSIL\CLI.Aspect.DisplaysManager.Graphics.Wizard\2.0.2999.36899__90ba9c70f846762e\CLI.Aspect.DisplaysManager.Graphics.Wizard.dll ()
MOD - C:\Windows\assembly\GAC_MSIL\CLI.Caste.Graphics.Runtime\2.0.2999.36858__90ba9c70f846762e\CLI.Caste.Graphics.Runtime.dll ()
MOD - C:\Windows\assembly\GAC_MSIL\CLI.Aspect.InfoCentre.Graphics.Wizard\2.0.2999.36911__90ba9c70f846762e\CLI.Aspect.InfoCentre.Graphics.Wizard.dll ()
MOD - C:\Windows\assembly\GAC_MSIL\CLI.Aspect.DeviceTV.Graphics.Runtime\2.0.2999.37087__90ba9c70f846762e\CLI.Aspect.DeviceTV.Graphics.Runtime.dll ()
MOD - C:\Windows\assembly\GAC_MSIL\CLI.Caste.Graphics.Wizard\2.0.2999.36892__90ba9c70f846762e\CLI.Caste.Graphics.Wizard.dll ()
MOD - C:\Windows\assembly\GAC_MSIL\CLI.Aspect.HotkeysHandling.Graphics.Runtime\2.0.2999.36878__90ba9c70f846762e\CLI.Aspect.HotkeysHandling.Graphics.Runtime.dll ()
MOD - C:\Windows\assembly\GAC_MSIL\CLI.Aspect.DeviceCV.Graphics.Runtime\2.0.2999.37051__90ba9c70f846762e\CLI.Aspect.DeviceCV.Graphics.Runtime.dll ()
MOD - C:\Windows\assembly\GAC_MSIL\CLI.Aspect.DeviceProperty.Graphics.Runtime\2.0.2999.37008__90ba9c70f846762e\CLI.Aspect.DeviceProperty.Graphics.Runtime.dll ()
MOD - C:\Windows\assembly\GAC_MSIL\CLI.Aspect.TransCode.Graphics.Wizard\2.0.2999.37120__90ba9c70f846762e\CLI.Aspect.TransCode.Graphics.Wizard.dll ()
MOD - C:\Windows\assembly\GAC_MSIL\CLI.Aspect.Welcome.Graphics.Dashboard\2.0.2999.37127__90ba9c70f846762e\CLI.Aspect.Welcome.Graphics.Dashboard.dll ()
MOD - C:\Windows\assembly\GAC_MSIL\CLI.Aspect.Radeon3D.Graphics.Wizard\2.0.2999.37065__90ba9c70f846762e\CLI.Aspect.Radeon3D.Graphics.Wizard.dll ()
MOD - C:\Windows\assembly\GAC_MSIL\CLI.Caste.Graphics.Dashboard\2.0.2999.36872__90ba9c70f846762e\CLI.Caste.Graphics.Dashboard.dll ()
MOD - C:\Windows\assembly\GAC_MSIL\CLI.Aspect.Radeon3D.Graphics.Dashboard\2.0.2999.37059__90ba9c70f846762e\CLI.Aspect.Radeon3D.Graphics.Dashboard.dll ()
MOD - C:\Windows\assembly\GAC_MSIL\CLI.Aspect.Radeon3D.Graphics.Runtime\2.0.2999.37058__90ba9c70f846762e\CLI.Aspect.Radeon3D.Graphics.Runtime.dll ()
MOD - C:\Windows\assembly\GAC_MSIL\CLI.Aspect.PowerPlayDPPE.Graphics.Runtime\2.0.2999.37118__90ba9c70f846762e\CLI.Aspect.PowerPlayDPPE.Graphics.Runtime.dll ()
MOD - C:\Windows\assembly\GAC_MSIL\CLI.Aspect.MMVideo.Graphics.Dashboard\2.0.2999.37017__90ba9c70f846762e\CLI.Aspect.MMVideo.Graphics.Dashboard.dll ()
MOD - C:\Windows\assembly\GAC_MSIL\CLI.Aspect.DisplaysColour2.Graphics.Dashboard\2.0.2999.36923__90ba9c70f846762e\CLI.Aspect.DisplaysColour2.Graphics.Dashboard.dll ()
MOD - C:\Windows\assembly\GAC_MSIL\CLI.Aspect.DisplaysManager.Graphics.Dashboard\2.0.2999.36879__90ba9c70f846762e\CLI.Aspect.DisplaysManager.Graphics.Dashboard.dll ()
MOD - C:\Windows\assembly\GAC_MSIL\CLI.Aspect.MMVideo.Graphics.Wizard\2.0.2999.37079__90ba9c70f846762e\CLI.Aspect.MMVideo.Graphics.Wizard.dll ()
MOD - C:\Windows\assembly\GAC_MSIL\CLI.Aspect.InfoCentre.Graphics.Dashboard\2.0.2999.36917__90ba9c70f846762e\CLI.Aspect.InfoCentre.Graphics.Dashboard.dll ()
MOD - C:\Windows\assembly\GAC_MSIL\CLI.Aspect.DisplaysOptions.Graphics.Dashboard\2.0.2999.37030__90ba9c70f846762e\CLI.Aspect.DisplaysOptions.Graphics.Dashboard.dll ()
MOD - C:\Windows\assembly\GAC_MSIL\CLI.Aspect.MMVideo.Graphics.Runtime\2.0.2999.37016__90ba9c70f846762e\CLI.Aspect.MMVideo.Graphics.Runtime.dll ()
MOD - C:\Windows\assembly\GAC_MSIL\CLI.Aspect.DisplaysColour2.Graphics.Runtime\2.0.2999.36929__90ba9c70f846762e\CLI.Aspect.DisplaysColour2.Graphics.Runtime.dll ()
MOD - C:\Windows\assembly\GAC_MSIL\CLI.Aspect.DisplaysOptions.Graphics.Runtime\2.0.2999.37030__90ba9c70f846762e\CLI.Aspect.DisplaysOptions.Graphics.Runtime.dll ()
MOD - C:\Windows\assembly\GAC_MSIL\CLI.Aspect.DeviceCRT.Graphics.Dashboard\2.0.2999.37010__90ba9c70f846762e\CLI.Aspect.DeviceCRT.Graphics.Dashboard.dll ()
MOD - C:\Windows\assembly\GAC_MSIL\CLI.Aspect.DeviceLCD.Graphics.Dashboard\2.0.2999.37045__90ba9c70f846762e\CLI.Aspect.DeviceLCD.Graphics.Dashboard.dll ()
MOD - C:\Windows\assembly\GAC_MSIL\CLI.Aspect.DeviceLCD.Graphics.Wizard\2.0.2999.36929__90ba9c70f846762e\CLI.Aspect.DeviceLCD.Graphics.Wizard.dll ()
MOD - C:\Windows\assembly\GAC_MSIL\CLI.Aspect.DeviceDFP.Graphics.Runtime\2.0.2999.37009__90ba9c70f846762e\CLI.Aspect.DeviceDFP.Graphics.Runtime.dll ()
MOD - C:\Windows\assembly\GAC_MSIL\CLI.Aspect.DeviceLCD.Graphics.Runtime\2.0.2999.37044__90ba9c70f846762e\CLI.Aspect.DeviceLCD.Graphics.Runtime.dll ()
MOD - C:\Windows\assembly\GAC_MSIL\CLI.Aspect.DeviceCRT.Graphics.Runtime\2.0.2999.37016__90ba9c70f846762e\CLI.Aspect.DeviceCRT.Graphics.Runtime.dll ()
MOD - C:\Windows\assembly\GAC_MSIL\AEM.Plugin.Hotkeys.Shared\2.0.2939.23687__90ba9c70f846762e\AEM.Plugin.Hotkeys.Shared.dll ()
MOD - C:\Windows\assembly\GAC_MSIL\AEM.Actions.CCAA.Shared\2.0.2939.23679__90ba9c70f846762e\AEM.Actions.CCAA.Shared.dll ()
MOD - C:\Windows\assembly\GAC_MSIL\AEM.Plugin.GD.Shared\2.0.2939.23767__90ba9c70f846762e\AEM.Plugin.GD.Shared.dll ()
MOD - C:\Windows\assembly\GAC_MSIL\AEM.Plugin.EEU.Shared\2.0.2939.23710__90ba9c70f846762e\AEM.Plugin.EEU.Shared.dll ()
MOD - C:\Windows\assembly\GAC_MSIL\AEM.Plugin.DPPE.Shared\2.0.2939.23768__90ba9c70f846762e\AEM.Plugin.DPPE.Shared.dll ()
MOD - C:\Windows\assembly\GAC_MSIL\atixclib\1.0.0.0__90ba9c70f846762e\atixclib.dll ()
MOD - C:\Windows\assembly\GAC_MSIL\CLI.Foundation\2.0.2939.23668__90ba9c70f846762e\CLI.Foundation.dll ()
MOD - C:\Windows\assembly\GAC_MSIL\DEM.Graphics.I0601\2.0.2573.17685__90ba9c70f846762e\DEM.Graphics.I0601.dll ()
MOD - C:\Windows\assembly\GAC_MSIL\LOG.Foundation\2.0.2939.23662__90ba9c70f846762e\LOG.Foundation.dll ()
MOD - C:\Windows\assembly\GAC_MSIL\CLI.Foundation.XManifest\2.0.2939.23802__90ba9c70f846762e\CLI.Foundation.XManifest.dll ()
MOD - C:\Windows\assembly\GAC_MSIL\NEWAEM.Foundation\2.0.2939.23667__90ba9c70f846762e\NEWAEM.Foundation.dll ()
MOD - C:\Windows\assembly\GAC_MSIL\DEM.OS.I0602\2.0.2939.23717__90ba9c70f846762e\DEM.OS.I0602.dll ()
MOD - C:\Windows\assembly\GAC_MSIL\CLI.Component.Wizard.Shared\2.0.2939.23693__90ba9c70f846762e\CLI.Component.Wizard.Shared.dll ()
MOD - C:\Windows\assembly\GAC_MSIL\CLI.Component.Dashboard.Shared\2.0.2939.23687__90ba9c70f846762e\CLI.Component.Dashboard.Shared.dll ()
MOD - C:\Windows\assembly\GAC_MSIL\CLI.Component.Client.Shared\2.0.2939.23679__90ba9c70f846762e\CLI.Component.Client.Shared.dll ()
MOD - C:\Windows\assembly\GAC_MSIL\MOM.Foundation\2.0.2939.23707__90ba9c70f846762e\MOM.Foundation.dll ()
MOD - C:\Windows\assembly\GAC_MSIL\DEM.OS\2.0.2939.23717__90ba9c70f846762e\DEM.OS.dll ()
MOD - C:\Windows\assembly\GAC_MSIL\DEM.Graphics.I0706\2.0.2743.23304__90ba9c70f846762e\DEM.Graphics.I0706.dll ()
MOD - C:\Windows\assembly\GAC_MSIL\DEM.Graphics\2.0.2939.23718__90ba9c70f846762e\DEM.Graphics.dll ()
MOD - C:\Windows\assembly\GAC_MSIL\DEM.Foundation\2.0.2573.17684__90ba9c70f846762e\DEM.Foundation.dll ()
MOD - C:\Windows\assembly\GAC_MSIL\CLI.Component.Runtime.Shared\2.0.2939.23688__90ba9c70f846762e\CLI.Component.Runtime.Shared.dll ()
MOD - C:\Windows\assembly\GAC_MSIL\CLI.Caste.Graphics.Wizard.Shared\2.0.2939.23734__90ba9c70f846762e\CLI.Caste.Graphics.Wizard.Shared.dll ()
MOD - C:\Windows\assembly\GAC_MSIL\CLI.Aspect.DeviceTV.Graphics.Shared\2.0.2965.22300__90ba9c70f846762e\CLI.Aspect.DeviceTV.Graphics.Shared.dll ()
MOD - C:\Windows\assembly\GAC_MSIL\CLI.Caste.Graphics.Shared\2.0.2939.23689__90ba9c70f846762e\CLI.Caste.Graphics.Shared.dll ()
MOD - C:\Windows\assembly\GAC_MSIL\CLI.Aspect.Radeon3D.Graphics.Shared\2.0.2939.23743__90ba9c70f846762e\CLI.Aspect.Radeon3D.Graphics.Shared.dll ()
MOD - C:\Windows\assembly\GAC_MSIL\CLI.Aspect.DeviceCRT.Graphics.Shared\2.0.2939.23739__90ba9c70f846762e\CLI.Aspect.DeviceCRT.Graphics.Shared.dll ()
MOD - C:\Windows\assembly\GAC_MSIL\CLI.Aspect.MMVideo.Graphics.Shared\2.0.2939.23740__90ba9c70f846762e\CLI.Aspect.MMVideo.Graphics.Shared.dll ()
MOD - C:\Windows\assembly\GAC_MSIL\CLI.Aspect.DeviceDFP.Graphics.Shared\2.0.2939.23738__90ba9c70f846762e\CLI.Aspect.DeviceDFP.Graphics.Shared.dll ()
MOD - C:\Windows\assembly\GAC_MSIL\CLI.Aspect.TransCode.Graphics.Shared\2.0.2939.23764__90ba9c70f846762e\CLI.Aspect.TransCode.Graphics.Shared.dll ()
MOD - C:\Windows\assembly\GAC_MSIL\CLI.Aspect.DeviceCV.Graphics.Shared\2.0.2939.23742__90ba9c70f846762e\CLI.Aspect.DeviceCV.Graphics.Shared.dll ()
MOD - C:\Windows\assembly\GAC_MSIL\CLI.Aspect.DeviceProperty.Graphics.Shared\2.0.2939.23708__90ba9c70f846762e\CLI.Aspect.DeviceProperty.Graphics.Shared.dll ()
MOD - C:\Windows\assembly\GAC_MSIL\CLI.Aspect.PowerPlayDPPE.Graphics.Shared\2.0.2939.23763__90ba9c70f846762e\CLI.Aspect.PowerPlayDPPE.Graphics.Shared.dll ()
MOD - C:\Windows\assembly\GAC_MSIL\CLI.Aspect.DisplaysColour2.Graphics.Shared\2.0.2939.23735__90ba9c70f846762e\CLI.Aspect.DisplaysColour2.Graphics.Shared.dll ()
MOD - C:\Windows\assembly\GAC_MSIL\CLI.Aspect.DeviceLCD.Graphics.Shared\2.0.2939.23719__90ba9c70f846762e\CLI.Aspect.DeviceLCD.Graphics.Shared.dll ()
MOD - C:\Windows\assembly\GAC_MSIL\CLI.Aspect.DisplaysOptions.Graphics.Shared\2.0.2939.23741__90ba9c70f846762e\CLI.Aspect.DisplaysOptions.Graphics.Shared.dll ()
MOD - C:\Windows\assembly\GAC_MSIL\CLI.Aspect.CustomFormats.Graphics.Shared\2.0.2939.23711__90ba9c70f846762e\CLI.Aspect.CustomFormats.Graphics.Shared.dll ()
MOD - C:\Windows\assembly\GAC_MSIL\CLI.Aspect.HotkeysHandling.Graphics.Shared\2.0.2939.23719__90ba9c70f846762e\CLI.Aspect.HotkeysHandling.Graphics.Shared.dll ()
MOD - C:\Windows\assembly\GAC_MSIL\CLI.Caste.Graphics.Dashboard.Shared\2.0.2939.23718__90ba9c70f846762e\CLI.Caste.Graphics.Dashboard.Shared.dll ()
MOD - C:\Windows\assembly\GAC_MSIL\AEM.Foundation\2.0.2939.23665__90ba9c70f846762e\AEM.Foundation.dll ()
MOD - C:\Windows\assembly\GAC_MSIL\ACE.Graphics.DisplaysManager.Shared\2.0.2573.17685__90ba9c70f846762e\ACE.Graphics.DisplaysManager.Shared.dll ()
MOD - C:\Windows\assembly\GAC_MSIL\APM.Foundation\2.0.2939.23709__90ba9c70f846762e\APM.Foundation.dll ()
MOD - C:\Windows\assembly\GAC_MSIL\AEM.Server.Shared\2.0.2939.23687__90ba9c70f846762e\AEM.Server.Shared.dll ()
MOD - C:\Windows\assembly\GAC_MSIL\CLI.Component.Systemtray.resources\2.0.2999.37102_de_90ba9c70f846762e\CLI.Component.Systemtray.resources.dll ()
MOD - C:\Windows\assembly\GAC_MSIL\AEM.Plugin.Source.Kit.Server\2.0.2999.37138__90ba9c70f846762e\AEM.Plugin.Source.Kit.Server.dll ()
MOD - C:\Windows\assembly\GAC_MSIL\LOCALIZATION.Foundation.Implementation\2.0.2999.37149__90ba9c70f846762e\LOCALIZATION.Foundation.Implementation.dll ()
MOD - C:\Windows\assembly\GAC_MSIL\CLI.Component.Runtime.Extension.EEU\2.0.2999.36850__90ba9c70f846762e\CLI.Component.Runtime.Extension.EEU.dll ()
MOD - C:\Windows\assembly\GAC_MSIL\LOCALIZATION.Foundation.Private\2.0.2939.23677__90ba9c70f846762e\LOCALIZATION.Foundation.Private.dll ()
MOD - C:\Windows\assembly\GAC_MSIL\MOM.Implementation\2.0.2999.37110__90ba9c70f846762e\MOM.Implementation.dll ()
MOD - C:\Windows\assembly\GAC_MSIL\LOG.Foundation.Private\2.0.2939.23679__90ba9c70f846762e\LOG.Foundation.Private.dll ()
MOD - C:\Windows\assembly\GAC_MSIL\LOG.Foundation.Implementation\2.0.2999.37109__90ba9c70f846762e\LOG.Foundation.Implementation.dll ()
MOD - C:\Windows\assembly\GAC_MSIL\CLI.Foundation.Private\2.0.2939.23678__90ba9c70f846762e\CLI.Foundation.Private.dll ()
MOD - C:\Windows\assembly\GAC_MSIL\LOG.Foundation.Implementation.Private\2.0.2939.23712__90ba9c70f846762e\LOG.Foundation.Implementation.Private.dll ()
MOD - C:\Windows\assembly\GAC_MSIL\CLI.Component.Wizard\2.0.2999.36886__90ba9c70f846762e\CLI.Component.Wizard.dll ()
MOD - C:\Windows\assembly\GAC_MSIL\CLI.Component.Systemtray\2.0.2999.37102__90ba9c70f846762e\CLI.Component.Systemtray.dll ()
MOD - C:\Windows\assembly\GAC_MSIL\CLI.Component.Wizard.Shared.Private\2.0.2939.23694__90ba9c70f846762e\CLI.Component.Wizard.Shared.Private.dll ()
MOD - C:\Windows\assembly\GAC_MSIL\CLI.Component.Runtime.Shared.Private\2.0.2939.23713__90ba9c70f846762e\CLI.Component.Runtime.Shared.Private.dll ()
MOD - C:\Windows\assembly\GAC_MSIL\CLI.Component.Runtime\2.0.2999.36850__90ba9c70f846762e\CLI.Component.Runtime.dll ()
MOD - C:\Windows\assembly\GAC_MSIL\CLI.Component.Dashboard.Shared.Private\2.0.2939.23711__90ba9c70f846762e\CLI.Component.Dashboard.Shared.Private.dll ()
MOD - C:\Windows\assembly\GAC_MSIL\CLI.Component.Dashboard\2.0.2999.36865__90ba9c70f846762e\CLI.Component.Dashboard.dll ()
MOD - C:\Windows\assembly\GAC_MSIL\ATIDEMOS\2.0.2999.36850__90ba9c70f846762e\ATIDEMOS.dll ()
MOD - C:\Windows\assembly\GAC_MSIL\CLI.Component.Client.Shared.Private\2.0.2939.23689__90ba9c70f846762e\CLI.Component.Client.Shared.Private.dll ()
MOD - C:\Windows\assembly\GAC_MSIL\CCC.Implementation\2.0.2999.37110__90ba9c70f846762e\CCC.Implementation.dll ()
MOD - C:\Windows\assembly\GAC_MSIL\ATICCCom\2.0.0.0__90ba9c70f846762e\ATICCCom.dll ()
MOD - C:\Windows\assembly\GAC_MSIL\CLI.Caste.Graphics.Runtime.Shared.Private\2.0.2939.23746__90ba9c70f846762e\CLI.Caste.Graphics.Runtime.Shared.Private.dll ()
MOD - C:\Windows\assembly\GAC_MSIL\APM.Server\2.0.2999.36849__90ba9c70f846762e\APM.Server.dll ()
MOD - C:\Windows\assembly\GAC_MSIL\AEM.Server\2.0.2999.36849__90ba9c70f846762e\AEM.Server.dll ()
MOD - C:\Windows\System32\atitmmxx.dll ()
MOD - C:\Program Files\ATI Technologies\ATI.ACE\Branding\Branding.dll ()
MOD - C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\atiacmxx.dll ()
MOD - C:\Program Files\Samsung\Samsung Update Plus\SLUTrayNotifier.exe ()
MOD - C:\Windows\System32\btwhidcs.dll ()
MOD - C:\Program Files\Common Files\LightScribe\QtGui4.dll ()
MOD - C:\Program Files\Common Files\LightScribe\QtCore4.dll ()
MOD - C:\Program Files\Samsung\Easy Display Manager\WinMove.dll ()
MOD - C:\Program Files\Samsung\Samsung Magic Doctor\HookDllPS2.dll ()
MOD - C:\Program Files\Samsung\EasySpeedUpManager\HookDllPS2.dll ()
MOD - C:\Program Files\Samsung\Easy Display Manager\HookDllPS2.dll ()
 
 
========== Win32 Services (SafeList) ==========
 
SRV - (AntiVirSchedulerService) -- C:\Program Files\Avira\AntiVir Desktop\sched.exe (Avira Operations GmbH & Co. KG)
SRV - (AntiVirService) -- C:\Program Files\Avira\AntiVir Desktop\avguard.exe (Avira Operations GmbH & Co. KG)
SRV - (BBSvc) -- C:\Program Files\Microsoft\BingBar\BBSvc.EXE (Microsoft Corporation.)
SRV - (SeaPort) -- C:\Program Files\Microsoft\BingBar\SeaPort.EXE (Microsoft Corporation)
SRV - (OpenVPNService) -- C:\Program Files\OpenVPN\bin\openvpnserv.exe ()
SRV - (WinDefend) -- C:\Program Files\Windows Defender\MpSvc.dll (Microsoft Corporation)
SRV - (BcmSqlStartupSvc) -- C:\Program Files\Microsoft Small Business\Business Contact Manager\BcmSqlStartupSvc.exe (Microsoft Corporation)
SRV - (Samsung Update Plus) -- C:\Program Files\Samsung\Samsung Update Plus\SLUBackgroundService.exe ()
 
 
========== Driver Services (SafeList) ==========
 
DRV - (NwlnkFwd) -- system32\DRIVERS\nwlnkfwd.sys File not found
DRV - (NwlnkFlt) -- system32\DRIVERS\nwlnkflt.sys File not found
DRV - (IpInIp) -- system32\DRIVERS\ipinip.sys File not found
DRV - (blbdrive) -- C:\Windows\system32\drivers\blbdrive.sys File not found
DRV - (avipbb) -- C:\Windows\System32\drivers\avipbb.sys (Avira GmbH)
DRV - (avgntflt) -- C:\Windows\System32\drivers\avgntflt.sys (Avira GmbH)
DRV - (avkmgr) -- C:\Windows\System32\drivers\avkmgr.sys (Avira GmbH)
DRV - (seehcri) -- C:\Windows\System32\drivers\seehcri.sys (Sony Ericsson Mobile Communications)
DRV - (ggsemc) -- C:\Windows\System32\drivers\ggsemc.sys (Sony Ericsson Mobile Communications)
DRV - (ggflt) -- C:\Windows\System32\drivers\ggflt.sys (Sony Ericsson Mobile Communications)
DRV - (ssmdrv) -- C:\Windows\System32\drivers\ssmdrv.sys (Avira GmbH)
DRV - (sptd) -- C:\Windows\System32\drivers\sptd.sys ()
DRV - (PzWDM) -- C:\Windows\System32\drivers\PzWDM.sys (Prassi Technology)
DRV - (KMDFMEMIO) -- C:\Windows\System32\drivers\KMDFMEMIO.sys (SAMSUNG ELECTRONICS CO., LTD.)
DRV - (R300) -- C:\Windows\System32\drivers\atikmdag.sys (ATI Technologies Inc.)
DRV - (atikmdag) -- C:\Windows\System32\drivers\atikmdag.sys (ATI Technologies Inc.)
DRV - (VMC302) -- C:\Windows\System32\drivers\vmc302.sys (Vimicro Corporation)
DRV - (athr) -- C:\Windows\System32\drivers\athr.sys (Atheros Communications, Inc.)
DRV - (AtiPcie) ATI PCI Express (3GIO) -- C:\Windows\System32\drivers\AtiPcie.sys (ATI Technologies Inc.)
DRV - (AgereSoftModem) -- C:\Windows\System32\drivers\AGRSM.sys (Agere Systems)
DRV - (NETw2v32) Intel(R) -- C:\Windows\System32\drivers\NETw2v32.sys (Intel® Corporation)
DRV - (RTL8023xp) -- C:\Windows\System32\drivers\Rtnicxp.sys (Realtek Semiconductor Corporation                           )
 
 
========== Standard Registry (SafeList) ==========
 
 
========== Internet Explorer ==========
 
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http:\\www.samsungcomputer.com
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = %SystemRoot%\system32\blank.htm
IE - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://search.live.com/results.aspx?q={searchTerms}&src={referrer:source?}
 
 
IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
 
IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
 
 
 
IE - HKU\S-1-5-21-2695662200-722587133-2900711219-1003\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http:\\www.samsungcomputer.com
IE - HKU\S-1-5-21-2695662200-722587133-2900711219-1003\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Search_URL = hxxp://www.google.com/ie
IE - HKU\S-1-5-21-2695662200-722587133-2900711219-1003\SOFTWARE\Microsoft\Internet Explorer\Main,Search Bar = hxxp://www.google.com/ie
IE - HKU\S-1-5-21-2695662200-722587133-2900711219-1003\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.google.com
IE - HKU\S-1-5-21-2695662200-722587133-2900711219-1003\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http:\\www.samsungcomputer.com
IE - HKU\S-1-5-21-2695662200-722587133-2900711219-1003\SOFTWARE\Microsoft\Internet Explorer\Main,StartPageCache = 1
IE - HKU\S-1-5-21-2695662200-722587133-2900711219-1003\SOFTWARE\Microsoft\Internet Explorer\Search,Default_Search_URL = hxxp://www.google.com/ie
IE - HKU\S-1-5-21-2695662200-722587133-2900711219-1003\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant = hxxp://www.google.com/ie
IE - HKU\S-1-5-21-2695662200-722587133-2900711219-1003\..\URLSearchHook:  - No CLSID value found
IE - HKU\S-1-5-21-2695662200-722587133-2900711219-1003\..\SearchScopes,DefaultScope = {EBB836D7-F359-4057-997A-EF314E7BA572}
IE - HKU\S-1-5-21-2695662200-722587133-2900711219-1003\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://search.live.com/results.aspx?q={searchTerms}&src={referrer:source?}
IE - HKU\S-1-5-21-2695662200-722587133-2900711219-1003\..\SearchScopes\{6552C7DD-90A4-4387-B795-F8F96747DE19}: "URL" = hxxp://www.icq.com/search/results.php?q={searchTerms}&ch_id=osd
IE - HKU\S-1-5-21-2695662200-722587133-2900711219-1003\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = hxxp://www.google.com/search?q={sear
IE - HKU\S-1-5-21-2695662200-722587133-2900711219-1003\..\SearchScopes\{EBB836D7-F359-4057-997A-EF314E7BA572}: "URL" = hxxp://www.google.com/search?q={searchTerms}&sourceid=ie7&rls=com.microsoft:en-US&ie=utf8&oe=utf8
IE - HKU\S-1-5-21-2695662200-722587133-2900711219-1003\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKU\S-1-5-21-2695662200-722587133-2900711219-1003\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local
 
========== FireFox ==========
 
FF - prefs.js..browser.search.defaultenginename: "ICQ Search"
FF - prefs.js..browser.search.selectedEngine: "Google"
FF - prefs.js..browser.search.useDBForOrder: true
FF - prefs.js..browser.startup.homepage: "hxxp://google.de/"
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA}:6.0.21
FF - prefs.js..extensions.enabledItems: {ACAA314B-EEBA-48e4-AD47-84E31C44796C}:1.0.1
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA}:6.0.22
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA}:6.0.23
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA}:6.0.24
FF - prefs.js..keyword.URL: "hxxp://search.icq.com/search/afe_results.php?ch_id=afex&q="
FF - user.js - File not found
 
FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF32.dll ()
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=:  File not found
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=1.0: C:\Program Files\iTunes\Mozilla Plugins\npitunes.dll ()
FF - HKLM\Software\MozillaPlugins\@divx.com/DivX Player Plugin,version=1.0.0:  File not found
FF - HKLM\Software\MozillaPlugins\@google.com/npPicasa3,version=3.0.0: C:\Program Files\Google\Picasa3\npPicasa3.dll (Google, Inc.)
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files\Java\jre6\bin\new_plugin\npjp2.dll (Sun Microsystems, Inc.)
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: C:\Program Files\Microsoft Silverlight\4.1.10111.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WPF,version=3.5: C:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files\Google\Update\1.3.21.111\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files\Google\Update\1.3.21.111\npGoogleUpdate3.dll (Google Inc.)
 
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 11.0\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2012.03.18 13:30:50 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 11.0\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2012.01.27 13:20:54 | 000,000,000 | ---D | M]
 
[2008.09.25 14:58:21 | 000,000,000 | ---D | M] (No name found) -- C:\Users\*\AppData\Roaming\mozilla\Extensions
[2012.02.08 20:19:52 | 000,000,000 | ---D | M] (No name found) -- C:\Users\*\AppData\Roaming\mozilla\Firefox\Profiles\kh6forey.default\extensions
[2010.09.16 14:47:31 | 000,000,000 | ---D | M] ("Free YouTube Download (Free Studio) Menu") -- C:\Users\*\AppData\Roaming\mozilla\Firefox\Profiles\kh6forey.default\extensions\{ACAA314B-EEBA-48e4-AD47-84E31C44796C}
[2012.03.24 13:16:36 | 000,000,944 | ---- | M] () -- C:\Users\*\AppData\Roaming\Mozilla\Firefox\Profiles\kh6forey.default\searchplugins\icqplugin.xml
[2012.02.03 18:50:07 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files\Mozilla Firefox\extensions
[2008.12.26 11:23:11 | 000,000,000 | ---D | M] ("ICQ Toolbar") -- C:\Program Files\Mozilla Firefox\extensions\{800b5000-a755-47e1-992b-48a1c1357f07}
() (No name found) -- C:\USERS\*\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\KH6FOREY.DEFAULT\EXTENSIONS\FIREBUG@SOFTWARE.JOEHEWITT.COM.XPI
[2012.03.18 13:30:49 | 000,097,208 | ---- | M] (Mozilla Foundation) -- C:\Program Files\mozilla firefox\components\browsercomps.dll
[2011.11.10 06:54:13 | 000,476,904 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files\mozilla firefox\plugins\npdeployJava1.dll
[2011.05.18 19:14:33 | 000,001,392 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\amazondotcom-de.xml
[2011.05.18 19:14:33 | 000,002,252 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\bing.xml
[2011.05.18 19:14:33 | 000,001,153 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\eBay-de.xml
[2011.05.18 19:14:33 | 000,006,805 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\leo_ende_de.xml
[2011.05.18 19:14:33 | 000,001,178 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\wikipedia-de.xml
[2011.05.18 19:14:33 | 000,001,105 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\yahoo-de.xml
 
O1 HOSTS File: ([2006.09.18 23:41:30 | 000,000,761 | ---- | M]) - C:\Windows\System32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1       localhost
O1 - Hosts: ::1             localhost
O2 - BHO: (Adobe PDF Reader) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll (Adobe Systems Incorporated)
O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - No CLSID value found.
O2 - BHO: (Java(tm) Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre6\bin\ssv.dll (Sun Microsystems, Inc.)
O2 - BHO: (Bing Bar Helper) - {d2ce3e00-f94a-4740-988e-03dc2f38c34f} - C:\Program Files\Microsoft\BingBar\BingExt.dll (Microsoft Corporation.)
O3 - HKLM\..\Toolbar: (Bing Bar) - {8dcb7100-df86-4384-8842-8fa844297b3f} - C:\Program Files\Microsoft\BingBar\BingExt.dll (Microsoft Corporation.)
O4 - HKLM..\Run: [avgnt] C:\Program Files\Avira\AntiVir Desktop\avgnt.exe (Avira Operations GmbH & Co. KG)
O4 - HKLM..\Run: [LanguageShortcut] C:\Program Files\CyberLink\PowerDVD\Language\Language.exe ()
O4 - HKLM..\Run: [ Malwarebytes Anti-Malware  (reboot)] C:\Program Files\Malwarebytes' Anti-Malware\mbam.exe (Malwarebytes Corporation)
O4 - HKLM..\Run: [MBBalloon] C:\Program Files\HOTALBUMMyBOX\MBBalloon.exe (PLANNING Co., Ltd.)
O4 - HKLM..\Run: [MSConfig] C:\Windows\System32\msconfig.exe (Microsoft Corporation)
O4 - HKLM..\Run: [RtHDVCpl] C:\Windows\RtHDVCpl.exe (Realtek Semiconductor)
O4 - HKLM..\Run: [StartCCC] C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe (Advanced Micro Devices, Inc.)
O4 - HKLM..\Run: [Windows Defender] C:\Program Files\Windows Defender\MSASCui.exe (Microsoft Corporation)
O4 - HKU\S-1-5-19..\Run: [WindowsWelcomeCenter] C:\Windows\System32\oobefldr.dll (Microsoft Corporation)
O4 - HKU\S-1-5-20..\Run: [WindowsWelcomeCenter] C:\Windows\System32\oobefldr.dll (Microsoft Corporation)
F3 - HKU\S-1-5-21-2695662200-722587133-2900711219-1003 WinNT: Load - (C:\Users\jess\LOCALS~1\Temp\mssxkoiuu.pif) -  File not found
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: NoHotStart = 0
O8 - Extra context menu item: Add to Google Photos Screensa&ver - C:\Windows\System32\GPhotos.scr (Google Inc.)
O8 - Extra context menu item: Free YouTube Download - C:\Users\*\AppData\Roaming\DVDVideoSoftIEHelpers\youtubedownload.htm ()
O8 - Extra context menu item: Free YouTube to Mp3 Converter - C:\Users\*\AppData\Roaming\DVDVideoSoftIEHelpers\freeyoutubetomp3converter.htm ()
O9 - Extra Button: @btrez.dll,-4015 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm ()
O9 - Extra 'Tools' menuitem : @btrez.dll,-12650 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm ()
O10 - NameSpace_Catalog5\Catalog_Entries\000000000008 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)
O13 - gopher Prefix: missing
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_30-windows-i586.cab (Java Plug-in 1.6.0_30)
O16 - DPF: {CAFEEFAC-0016-0000-0030-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_30-windows-i586.cab (Java Plug-in 1.6.0_30)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_30-windows-i586.cab (Java Plug-in 1.6.0_30)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.2.1 78.42.43.62 82.212.62.62
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{7044E990-DB48-44BA-B743-E604CF9DB3DB}: DhcpNameServer = 192.168.2.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{769E267F-D595-4D68-B831-FEC1872E800B}: DhcpNameServer = 192.168.2.1 78.42.43.62 82.212.62.62
O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files\Common Files\Skype\Skype4COM.dll (Skype Technologies)
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\System32\userinit.exe (Microsoft Corporation)
O24 - Desktop WallPaper: C:\Users\jess\AppData\Roaming\Microsoft\Windows Photo Gallery\Hintergrundbild der Windows-Fotogalerie.jpg
O24 - Desktop BackupWallPaper: C:\Users\jess\AppData\Roaming\Microsoft\Windows Photo Gallery\Hintergrundbild der Windows-Fotogalerie.jpg
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2006.09.18 23:43:36 | 000,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ]
O33 - MountPoints2\{673e6cfe-29ff-11de-8d2f-0013779d79c3}\Shell\AutoRun\command - "" = H:\START.exe
O33 - MountPoints2\{77e039ad-eb5a-11df-989f-0013779d79c3}\Shell - "" = AutoRun
O33 - MountPoints2\{77e039ad-eb5a-11df-989f-0013779d79c3}\Shell\AutoRun\command - "" = I:\Startme.exe
O33 - MountPoints2\{8ce13330-463f-11df-bc61-0013779d79c3}\Shell - "" = AutoRun
O33 - MountPoints2\{8ce13330-463f-11df-bc61-0013779d79c3}\Shell\AutoRun\command - "" = I:\LaunchU3.exe -a
O34 - HKLM BootExecute: (autocheck autochk *)
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
 
NetSvcs: FastUserSwitchingCompatibility -  File not found
NetSvcs: Ias - C:\Windows\System32\ias.dll (Microsoft Corporation)
NetSvcs: Nla -  File not found
NetSvcs: Ntmssvc -  File not found
NetSvcs: NWCWorkstation -  File not found
NetSvcs: Nwsapagent -  File not found
NetSvcs: SRService -  File not found
NetSvcs: WmdmPmSp -  File not found
NetSvcs: LogonHours -  File not found
NetSvcs: PCAudit -  File not found
NetSvcs: helpsvc -  File not found
NetSvcs: uploadmgr -  File not found
 
MsConfig - StartUpReg: Ulead Photo Express 5 SE Calendar Checker - hkey= - key= - C:\Program Files\Ulead Systems\Ulead Photo Express 5 SE\CalCheck.exe (Ulead Systems, Inc.)
MsConfig - State: "startup" - 2
 
SafeBootMin: AppMgmt - Service
SafeBootMin: Base - Driver Group
SafeBootMin: Boot Bus Extender - Driver Group
SafeBootMin: Boot file system - Driver Group
SafeBootMin: File system - Driver Group
SafeBootMin: Filter - Driver Group
SafeBootMin: HelpSvc - Service
SafeBootMin: NTDS -  File not found
SafeBootMin: PCI Configuration - Driver Group
SafeBootMin: PNP Filter - Driver Group
SafeBootMin: Primary disk - Driver Group
SafeBootMin: sacsvr - Service
SafeBootMin: SCSI Class - Driver Group
SafeBootMin: System Bus Extender - Driver Group
SafeBootMin: WinDefend - C:\Program Files\Windows Defender\MpSvc.dll (Microsoft Corporation)
SafeBootMin: {36FC9E60-C465-11CF-8056-444553540000} - Universal Serial Bus controllers
SafeBootMin: {4D36E965-E325-11CE-BFC1-08002BE10318} - CD-ROM Drive
SafeBootMin: {4D36E967-E325-11CE-BFC1-08002BE10318} - DiskDrive
SafeBootMin: {4D36E969-E325-11CE-BFC1-08002BE10318} - Standard floppy disk controller
SafeBootMin: {4D36E96A-E325-11CE-BFC1-08002BE10318} - Hdc
SafeBootMin: {4D36E96B-E325-11CE-BFC1-08002BE10318} - Keyboard
SafeBootMin: {4D36E96F-E325-11CE-BFC1-08002BE10318} - Mouse
SafeBootMin: {4D36E977-E325-11CE-BFC1-08002BE10318} - PCMCIA Adapters
SafeBootMin: {4D36E97B-E325-11CE-BFC1-08002BE10318} - SCSIAdapter
SafeBootMin: {4D36E97D-E325-11CE-BFC1-08002BE10318} - System
SafeBootMin: {4D36E980-E325-11CE-BFC1-08002BE10318} - Floppy disk drive
SafeBootMin: {533C5B84-EC70-11D2-9505-00C04F79DEAF} - Volume shadow copy
SafeBootMin: {6BDD1FC1-810F-11D0-BEC7-08002BE2092F} - IEEE 1394 Bus host controllers
SafeBootMin: {71A27CDD-812A-11D0-BEC7-08002BE2092F} - Volume
SafeBootMin: {745A17A0-74D3-11D0-B6FE-00A0C90F57DA} - Human Interface Devices
SafeBootMin: {D48179BE-EC20-11D1-B6B8-00C04FA372A7} - SBP2 IEEE 1394 Devices
SafeBootMin: {D94EE5D8-D189-4994-83D2-F68D7D41B0E6} - SecurityDevices
 
SafeBootNet: AppMgmt - Service
SafeBootNet: Base - Driver Group
SafeBootNet: Boot Bus Extender - Driver Group
SafeBootNet: Boot file system - Driver Group
SafeBootNet: File system - Driver Group
SafeBootNet: Filter - Driver Group
SafeBootNet: HelpSvc - Service
SafeBootNet: Messenger - Service
SafeBootNet: NDIS Wrapper - Driver Group
SafeBootNet: NetBIOSGroup - Driver Group
SafeBootNet: NetDDEGroup - Driver Group
SafeBootNet: Network - Driver Group
SafeBootNet: NetworkProvider - Driver Group
SafeBootNet: NTDS -  File not found
SafeBootNet: PCI Configuration - Driver Group
SafeBootNet: PNP Filter - Driver Group
SafeBootNet: PNP_TDI - Driver Group
SafeBootNet: Primary disk - Driver Group
SafeBootNet: rdsessmgr - Service
SafeBootNet: sacsvr - Service
SafeBootNet: SCSI Class - Driver Group
SafeBootNet: Streams Drivers - Driver Group
SafeBootNet: System Bus Extender - Driver Group
SafeBootNet: TDI - Driver Group
SafeBootNet: WinDefend - C:\Program Files\Windows Defender\MpSvc.dll (Microsoft Corporation)
SafeBootNet: {36FC9E60-C465-11CF-8056-444553540000} - Universal Serial Bus controllers
SafeBootNet: {4D36E965-E325-11CE-BFC1-08002BE10318} - CD-ROM Drive
SafeBootNet: {4D36E967-E325-11CE-BFC1-08002BE10318} - DiskDrive
SafeBootNet: {4D36E969-E325-11CE-BFC1-08002BE10318} - Standard floppy disk controller
SafeBootNet: {4D36E96A-E325-11CE-BFC1-08002BE10318} - Hdc
SafeBootNet: {4D36E96B-E325-11CE-BFC1-08002BE10318} - Keyboard
SafeBootNet: {4D36E96F-E325-11CE-BFC1-08002BE10318} - Mouse
SafeBootNet: {4D36E972-E325-11CE-BFC1-08002BE10318} - Net
SafeBootNet: {4D36E973-E325-11CE-BFC1-08002BE10318} - NetClient
SafeBootNet: {4D36E974-E325-11CE-BFC1-08002BE10318} - NetService
SafeBootNet: {4D36E975-E325-11CE-BFC1-08002BE10318} - NetTrans
SafeBootNet: {4D36E977-E325-11CE-BFC1-08002BE10318} - PCMCIA Adapters
SafeBootNet: {4D36E97B-E325-11CE-BFC1-08002BE10318} - SCSIAdapter
SafeBootNet: {4D36E97D-E325-11CE-BFC1-08002BE10318} - System
SafeBootNet: {4D36E980-E325-11CE-BFC1-08002BE10318} - Floppy disk drive
SafeBootNet: {50DD5230-BA8A-11D1-BF5D-0000F805F530} - Smart card readers
SafeBootNet: {533C5B84-EC70-11D2-9505-00C04F79DEAF} - Volume shadow copy
SafeBootNet: {6BDD1FC1-810F-11D0-BEC7-08002BE2092F} - IEEE 1394 Bus host controllers
SafeBootNet: {71A27CDD-812A-11D0-BEC7-08002BE2092F} - Volume
SafeBootNet: {745A17A0-74D3-11D0-B6FE-00A0C90F57DA} - Human Interface Devices
SafeBootNet: {D48179BE-EC20-11D1-B6B8-00C04FA372A7} - SBP2 IEEE 1394 Devices
SafeBootNet: {D94EE5D8-D189-4994-83D2-F68D7D41B0E6} - SecurityDevices
 
ActiveX: {08B0E5C0-4FCB-11CF-AAA5-00401C608500} - Microsoft VM
ActiveX: {10880D85-AAD9-4558-ABDC-2AB1552D831F} - "C:\Program Files\Common Files\LightScribe\LSRunOnce.exe"
ActiveX: {2179C5D3-EBFF-11CF-B6FD-00AA00B4E220} - 
ActiveX: {22d6f312-b0f6-11d0-94ab-0080c74c7e95} - Microsoft Windows Media Player 11.0
ActiveX: {25FFAAD0-F4A3-4164-95FF-4461E9F35D51} - .NET Framework
ActiveX: {2C7339CF-2B09-4501-B3F3-F3508C9228ED} - %SystemRoot%\system32\regsvr32.exe /s /n /i:/UserInstall %SystemRoot%\system32\themeui.dll
ActiveX: {3af36230-a269-11d1-b5bf-0000f8051515} - Offline Browsing Pack
ActiveX: {44BBA840-CC51-11CF-AAFA-00AA00B6015C} - "%ProgramFiles%\Windows Mail\WinMail.exe" OCInstallUserConfigOE
ActiveX: {44BBA848-CC51-11CF-AAFA-00AA00B6015C} - 
ActiveX: {44BBA855-CC51-11CF-AAFA-00AA00B6015F} - DirectDrawEx
ActiveX: {45ea75a0-a269-11d1-b5bf-0000f8051515} - Internet Explorer Help
ActiveX: {4f645220-306d-11d2-995d-00c04f98bbc9} - Microsoft Windows Script 5.6
ActiveX: {5fd399c0-a70a-11d1-9948-00c04f98bbc9} - Internet Explorer Setup Tools
ActiveX: {630b1da0-b465-11d1-9948-00c04f98bbc9} - Browsing Enhancements
ActiveX: {6BF52A52-394A-11d3-B153-00C04F79FAA6} - Microsoft Windows Media Player
ActiveX: {6fab99d0-bab8-11d1-994a-00c04f98bbc9} - MSN Site Access
ActiveX: {7790769C-0471-11d2-AF11-00C04FA35D02} - Address Book 7
ActiveX: {7C028AF8-F614-47B3-82DA-BA94E41B1089} - .NET Framework
ActiveX: {89820200-ECBD-11cf-8B85-00AA005B4340} - regsvr32.exe /s /n /i:U shell32.dll
ActiveX: {89820200-ECBD-11cf-8B85-00AA005B4383} - C:\Windows\system32\ie4uinit.exe -BaseSettings
ActiveX: {89B4C1CD-B018-4511-B0A1-5476DBF70820} - C:\Windows\system32\Rundll32.exe C:\Windows\system32\mscories.dll,Install
ActiveX: {9381D8F2-0288-11D0-9501-00AA00B911A5} - Dynamic HTML Data Binding
ActiveX: {C9E9A340-D1F1-11D0-821E-444553540600} - Internet Explorer Core Fonts
ActiveX: {CDD7975E-60F8-41d5-8149-19E51D6F71D0} - Windows Movie Maker v2.1
ActiveX: {D27CDB6E-AE6D-11CF-96B8-444553540000} - Macromedia Shockwave Flash
ActiveX: {de5aed00-a4bf-11d1-9948-00c04f98bbc9} - HTML Help
ActiveX: {E92B03AB-B707-11d2-9CBD-0000F87A369E} - Active Directory Service Interface
ActiveX: >{22d6f312-b0f6-11d0-94ab-0080c74c7e95} - C:\Windows\system32\unregmp2.exe /ShowWMP
ActiveX: >{26923b43-4d38-484f-9b9e-de460746276c} - C:\Windows\system32\ie4uinit.exe -UserIconConfig
ActiveX: >{60B49E34-C7CC-11D0-8953-00A0C90347FF} - RunDLL32 IEDKCS32.DLL,BrandIE4 SIGNUP
 
Drivers32: msacm.l3acm - C:\Windows\System32\l3codeca.acm (Fraunhofer Institut Integrierte Schaltungen IIS)
Drivers32: MSVideo8 - C:\Windows\System32\vfwwdm32.dll (Microsoft Corporation)
Drivers32: vidc.cvid - C:\Windows\System32\iccvid.dll (Radius Inc.)
 
CREATERESTOREPOINT
Restore point Set: OTL Restore Point
 
========== Files/Folders - Created Within 30 Days ==========
 
[2012.03.26 19:47:30 | 000,000,000 | ---D | C] -- C:\Program Files\ESET
[2012.03.20 22:38:31 | 000,000,000 | ---D | C] -- C:\Users\*\Local Settings
 
========== Files - Modified Within 30 Days ==========
 
[2012.03.27 18:08:59 | 000,698,314 | ---- | M] () -- C:\Windows\System32\perfh007.dat
[2012.03.27 18:08:59 | 000,656,850 | ---- | M] () -- C:\Windows\System32\perfh009.dat
[2012.03.27 18:08:59 | 000,140,232 | ---- | M] () -- C:\Windows\System32\perfc007.dat
[2012.03.27 18:08:59 | 000,121,446 | ---- | M] () -- C:\Windows\System32\perfc009.dat
[2012.03.27 18:04:06 | 000,001,090 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job
[2012.03.27 18:01:54 | 000,003,072 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0
[2012.03.27 18:01:53 | 000,003,072 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0
[2012.03.27 18:01:38 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2012.03.27 18:01:32 | 3219,308,544 | -HS- | M] () -- C:\hiberfil.sys
[2012.03.27 08:52:25 | 000,000,012 | ---- | M] () -- C:\Windows\bthservsdp.dat
[2012.03.27 08:39:00 | 000,001,094 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job
[2012.03.26 19:47:02 | 000,000,416 | -H-- | M] () -- C:\Windows\tasks\User_Feed_Synchronization-{B8DF09FC-AA2A-42C8-AAFD-FBF970487B24}.job
[2012.03.24 10:28:40 | 000,000,866 | ---- | M] () -- C:\Users\Public\Desktop\ Malwarebytes Anti-Malware .lnk
[2012.03.01 18:51:34 | 006,454,744 | ---- | M] () -- C:\Users\*\Desktop\2.JPG
[2012.03.01 18:44:39 | 004,655,684 | ---- | M] () -- C:\Users\*\Desktop\1.JPG
[2012.03.01 17:01:13 | 000,000,916 | ---- | M] () -- C:\Users\*\Desktop\Dropbox.lnk
 
========== Files Created - No Company Name ==========
 
[2012.03.24 10:46:41 | 3219,308,544 | -HS- | C] () -- C:\hiberfil.sys
[2012.03.24 10:28:40 | 000,000,866 | ---- | C] () -- C:\Users\Public\Desktop\ Malwarebytes Anti-Malware .lnk
[2012.03.20 17:07:40 | 000,001,094 | ---- | C] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job
[2012.03.20 17:07:38 | 000,001,090 | ---- | C] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job
[2012.03.01 18:51:31 | 006,454,744 | ---- | C] () -- C:\Users\*\Desktop\2.JPG
 
========== LOP Check ==========
 
[2010.09.07 23:25:29 | 000,000,000 | ---D | M] -- C:\Users\*\AppData\Roaming\696737317CB889FB6A28F6275874920D
[2011.06.28 09:47:37 | 000,000,000 | ---D | M] -- C:\Users\*\AppData\Roaming\com.adobe.downloadassistant.AdobeDownloadAssistant
[2010.03.31 12:35:47 | 000,000,000 | ---D | M] -- C:\Users\*\AppData\Roaming\DAEMON Tools Lite
[2009.10.15 18:33:03 | 000,000,000 | ---D | M] -- C:\Users\*\AppData\Roaming\DAEMON Tools Pro
[2012.03.27 18:06:17 | 000,000,000 | ---D | M] -- C:\Users\*\AppData\Roaming\Dropbox
[2011.11.30 22:20:44 | 000,000,000 | ---D | M] -- C:\Users\*\AppData\Roaming\DVDVideoSoft
[2011.07.04 23:25:37 | 000,000,000 | ---D | M] -- C:\Users\*\AppData\Roaming\DVDVideoSoftIEHelpers
[2011.06.28 11:09:30 | 000,000,000 | ---D | M] -- C:\Users\*\AppData\Roaming\gtk-2.0
[2011.01.15 18:24:12 | 000,000,000 | ---D | M] -- C:\Users\*\AppData\Roaming\MySQL
[2008.11.18 15:24:34 | 000,000,000 | ---D | M] -- C:\Users\*\AppData\Roaming\OpenOffice.org
[2011.07.07 00:47:56 | 000,000,000 | ---D | M] -- C:\Users\*\AppData\Roaming\PhotoScape
[2011.05.01 19:22:46 | 000,000,000 | ---D | M] -- C:\Users\*\AppData\Roaming\Scribus
[2010.03.31 18:25:19 | 000,000,000 | ---D | M] -- C:\Users\*\AppData\Roaming\TeamViewer
[2012.03.27 08:52:28 | 000,032,620 | ---- | M] () -- C:\Windows\Tasks\SCHEDLGU.TXT
[2012.03.26 19:47:02 | 000,000,416 | -H-- | M] () -- C:\Windows\Tasks\User_Feed_Synchronization-{B8DF09FC-AA2A-42C8-AAFD-FBF970487B24}.job
 
========== Purity Check ==========
 
 
 
========== Custom Scans ==========
 
< %ALLUSERSPROFILE%\Application Data\*. >
 
< %ALLUSERSPROFILE%\Application Data\*.exe /s >
 
< %APPDATA%\*. >
[2010.09.07 23:25:29 | 000,000,000 | ---D | M] -- C:\Users\*\AppData\Roaming\696737317CB889FB6A28F6275874920D
[2011.06.28 10:23:14 | 000,000,000 | ---D | M] -- C:\Users\*\AppData\Roaming\Adobe
[2010.10.29 11:03:42 | 000,000,000 | ---D | M] -- C:\Users\*\AppData\Roaming\Apple Computer
[2008.09.25 14:30:06 | 000,000,000 | ---D | M] -- C:\Users\*\AppData\Roaming\ATI
[2012.02.12 00:24:37 | 000,000,000 | ---D | M] -- C:\Users\*\AppData\Roaming\Avira
[2011.06.28 09:47:37 | 000,000,000 | ---D | M] -- C:\Users\*\AppData\Roaming\com.adobe.downloadassistant.AdobeDownloadAssistant
[2009.01.28 23:19:53 | 000,000,000 | ---D | M] -- C:\Users\*\AppData\Roaming\CyberLink
[2010.03.31 12:35:47 | 000,000,000 | ---D | M] -- C:\Users\*\AppData\Roaming\DAEMON Tools Lite
[2009.10.15 18:33:03 | 000,000,000 | ---D | M] -- C:\Users\*\AppData\Roaming\DAEMON Tools Pro
[2009.01.28 15:38:30 | 000,000,000 | ---D | M] -- C:\Users\*\AppData\Roaming\DivX
[2012.03.27 18:06:17 | 000,000,000 | ---D | M] -- C:\Users\*\AppData\Roaming\Dropbox
[2011.11.30 22:20:44 | 000,000,000 | ---D | M] -- C:\Users\*\AppData\Roaming\DVDVideoSoft
[2011.07.04 23:25:37 | 000,000,000 | ---D | M] -- C:\Users\*\AppData\Roaming\DVDVideoSoftIEHelpers
[2011.06.28 11:09:30 | 000,000,000 | ---D | M] -- C:\Users\*\AppData\Roaming\gtk-2.0
[2008.09.25 14:28:50 | 000,000,000 | ---D | M] -- C:\Users\*\AppData\Roaming\Identities
[2008.09.25 14:51:44 | 000,000,000 | ---D | M] -- C:\Users\*\AppData\Roaming\Macromedia
[2010.09.07 16:37:59 | 000,000,000 | ---D | M] -- C:\Users\*\AppData\Roaming\Malwarebytes
[2006.11.02 14:37:34 | 000,000,000 | ---D | M] -- C:\Users\*\AppData\Roaming\Media Center Programs
[2012.03.24 10:38:30 | 000,000,000 | --SD | M] -- C:\Users\*\AppData\Roaming\Microsoft
[2008.09.25 14:58:21 | 000,000,000 | ---D | M] -- C:\Users\*\AppData\Roaming\Mozilla
[2011.01.15 18:24:12 | 000,000,000 | ---D | M] -- C:\Users\*\AppData\Roaming\MySQL
[2008.11.18 15:24:34 | 000,000,000 | ---D | M] -- C:\Users\*\AppData\Roaming\OpenOffice.org
[2011.07.07 00:47:56 | 000,000,000 | ---D | M] -- C:\Users\*\AppData\Roaming\PhotoScape
[2011.05.01 19:22:46 | 000,000,000 | ---D | M] -- C:\Users\*\AppData\Roaming\Scribus
[2012.01.31 22:45:10 | 000,000,000 | ---D | M] -- C:\Users\*\AppData\Roaming\Skype
[2012.01.31 22:45:04 | 000,000,000 | ---D | M] -- C:\Users\*\AppData\Roaming\skypePM
[2010.03.31 18:25:19 | 000,000,000 | ---D | M] -- C:\Users\*\AppData\Roaming\TeamViewer
[2010.09.04 19:38:10 | 000,000,000 | ---D | M] -- C:\Users\*\AppData\Roaming\U3
[2011.04.28 22:01:31 | 000,000,000 | ---D | M] -- C:\Users\*\AppData\Roaming\WinRAR
 
< %APPDATA%\*.exe /s >
[2012.02.15 01:03:14 | 024,246,216 | ---- | M] (Dropbox, Inc.) -- C:\Users\*\AppData\Roaming\Dropbox\bin\Dropbox.exe
[2012.02.15 01:03:44 | 000,174,752 | ---- | M] (Dropbox, Inc.) -- C:\Users\*\AppData\Roaming\Dropbox\bin\Uninstall.exe
[2008.05.04 16:02:26 | 004,603,904 | ---- | M] () -- C:\Users\*\AppData\Roaming\U3\087762189640D884\LaunchPad.exe
[2007.10.23 09:27:20 | 000,110,592 | ---- | M] () -- C:\Users\*\AppData\Roaming\U3\temp\cleanup.exe
[2008.05.02 10:41:48 | 003,493,888 | -H-- | M] (SanDisk Corporation) -- C:\Users\*\AppData\Roaming\U3\temp\Launchpad Removal.exe
 
< %SYSTEMDRIVE%\*.exe >
 
< MD5 for: AGP440.SYS  >
[2008.01.19 09:42:25 | 000,056,376 | ---- | M] (Microsoft Corporation) MD5=13F9E33747E6B41A3FF305C37DB0D360 -- C:\Windows\SoftwareDistribution\Download\df81987ce1972154ab659b2f560f1610\x86_machine.inf_31bf3856ad364e35_6.0.6001.18000_none_ba12ed3bbeb0d97a\AGP440.sys
[2008.04.16 02:43:34 | 000,053,864 | ---- | M] (Microsoft Corporation) MD5=313FF294978EA6AF715722D708FB249F -- C:\Windows\winsxs\x86_machine.inf_31bf3856ad364e35_6.0.6000.20494_none_b858f78adaed51b3\AGP440.sys
[2008.04.16 02:45:08 | 000,053,864 | ---- | M] (Microsoft Corporation) MD5=8B10CE1C1F9F1D47E4DEB1A547A00CD4 -- C:\Windows\System32\DriverStore\FileRepository\machine.inf_8ed06b47\AGP440.sys
[2008.04.16 02:45:08 | 000,053,864 | ---- | M] (Microsoft Corporation) MD5=8B10CE1C1F9F1D47E4DEB1A547A00CD4 -- C:\Windows\winsxs\x86_machine.inf_31bf3856ad364e35_6.0.6000.16400_none_b82caac9c18a4e3b\AGP440.sys
[2008.04.16 02:45:07 | 000,053,864 | ---- | M] (Microsoft Corporation) MD5=BF34B4A0E0B64440C5389AA6B902F4AD -- C:\Windows\winsxs\x86_machine.inf_31bf3856ad364e35_6.0.6000.20496_none_b85af81edaeb8461\AGP440.sys
[2008.04.16 02:43:35 | 000,053,864 | ---- | M] (Microsoft Corporation) MD5=CE71AFD6738AA025D742CDBCFBDC8B9C -- C:\Windows\System32\DriverStore\FileRepository\machine.inf_f2490cb0\AGP440.sys
[2008.04.16 02:43:35 | 000,053,864 | ---- | M] (Microsoft Corporation) MD5=CE71AFD6738AA025D742CDBCFBDC8B9C -- C:\Windows\winsxs\x86_machine.inf_31bf3856ad364e35_6.0.6000.16399_none_b7d45c31c1cb309c\AGP440.sys
[2006.11.02 11:49:52 | 000,053,864 | ---- | M] (Microsoft Corporation) MD5=EF23439CDD587F64C2C1B8825CEAD7D8 -- C:\Windows\System32\drivers\AGP440.sys
[2006.11.02 11:49:52 | 000,053,864 | ---- | M] (Microsoft Corporation) MD5=EF23439CDD587F64C2C1B8825CEAD7D8 -- C:\Windows\System32\DriverStore\FileRepository\machine.inf_920a2c1f\AGP440.sys
 
< MD5 for: ATAPI.SYS  >
[2008.01.19 09:41:30 | 000,021,560 | ---- | M] (Microsoft Corporation) MD5=2D9C903DC76A66813D350A562DE40ED9 -- C:\Windows\SoftwareDistribution\Download\df81987ce1972154ab659b2f560f1610\x86_mshdc.inf_31bf3856ad364e35_6.0.6001.18000_none_dd38281a2189ce9c\atapi.sys
[2006.11.02 11:49:36 | 000,019,048 | ---- | M] (Microsoft Corporation) MD5=4F4FCB8B6EA06784FB6D475B7EC7300F -- C:\Windows\System32\DriverStore\FileRepository\mshdc.inf_c6c2e699\atapi.sys
[2008.04.16 03:05:39 | 000,021,688 | ---- | M] (Microsoft Corporation) MD5=78620BDA3EC87816E5D1FA86F920BC3A -- C:\Windows\System32\DriverStore\FileRepository\mshdc.inf_c2a1b5ae\atapi.sys
[2008.04.16 03:05:39 | 000,021,688 | ---- | M] (Microsoft Corporation) MD5=78620BDA3EC87816E5D1FA86F920BC3A -- C:\Windows\winsxs\x86_mshdc.inf_31bf3856ad364e35_6.0.6000.20518_none_dbd8b4d73d81c9d0\atapi.sys
[2008.04.16 02:23:50 | 000,021,560 | ---- | M] (Microsoft Corporation) MD5=B35CFCEF838382AB6490B321C87EDF17 -- C:\Windows\System32\DriverStore\FileRepository\mshdc.inf_7de13c21\atapi.sys
[2008.04.16 02:23:50 | 000,021,560 | ---- | M] (Microsoft Corporation) MD5=B35CFCEF838382AB6490B321C87EDF17 -- C:\Windows\winsxs\x86_mshdc.inf_31bf3856ad364e35_6.0.6000.16632_none_db337a442479c42c\atapi.sys
[2008.04.16 02:23:49 | 000,021,560 | ---- | M] (Microsoft Corporation) MD5=E03E8C99D15D0381E02743C36AFC7C6F -- C:\Windows\System32\drivers\atapi.sys
[2008.04.16 02:23:49 | 000,021,560 | ---- | M] (Microsoft Corporation) MD5=E03E8C99D15D0381E02743C36AFC7C6F -- C:\Windows\System32\DriverStore\FileRepository\mshdc.inf_64dfd8ea\atapi.sys
[2008.04.16 02:23:49 | 000,021,560 | ---- | M] (Microsoft Corporation) MD5=E03E8C99D15D0381E02743C36AFC7C6F -- C:\Windows\winsxs\x86_mshdc.inf_31bf3856ad364e35_6.0.6000.20757_none_dbac78a93da31a8b\atapi.sys
 
< MD5 for: CNGAUDIT.DLL  >
[2006.11.02 11:46:03 | 000,011,776 | ---- | M] (Microsoft Corporation) MD5=7F15B4953378C8B5161D65C26D5FED4D -- C:\Windows\System32\cngaudit.dll
[2006.11.02 11:46:03 | 000,011,776 | ---- | M] (Microsoft Corporation) MD5=7F15B4953378C8B5161D65C26D5FED4D -- C:\Windows\winsxs\x86_microsoft-windows-cngaudit-dll_31bf3856ad364e35_6.0.6000.16386_none_e62d292932a96ce6\cngaudit.dll
 
< MD5 for: EVENTLOG.DLL  >
[2009.12.20 01:00:00 | 000,037,520 | ---- | M] (perl.org) MD5=2852D57385C4709EAAE2F9DB01AD3672 -- C:\xampp\perl\site\lib\auto\Win32\EventLog\EventLog.dll
 
< MD5 for: IASTORV.SYS  >
[2008.01.19 09:42:51 | 000,235,064 | ---- | M] (Intel Corporation) MD5=54155EA1B0DF185878E0FC9EC3AC3A14 -- C:\Windows\SoftwareDistribution\Download\df81987ce1972154ab659b2f560f1610\x86_iastorv.inf_31bf3856ad364e35_6.0.6001.18000_none_af11527887c7fa8f\iaStorV.sys
[2006.11.02 11:51:25 | 000,232,040 | ---- | M] (Intel Corporation) MD5=C957BF4B5D80B46C5017BF0101E6C906 -- C:\Windows\System32\drivers\iaStorV.sys
[2006.11.02 11:51:25 | 000,232,040 | ---- | M] (Intel Corporation) MD5=C957BF4B5D80B46C5017BF0101E6C906 -- C:\Windows\System32\DriverStore\FileRepository\iastorv.inf_37cdafa4\iaStorV.sys
 
< MD5 for: NETLOGON.DLL  >
[2006.11.02 11:46:11 | 000,559,616 | ---- | M] (Microsoft Corporation) MD5=889A2C9F2AACCD8F64EF50AC0B3D553B -- C:\Windows\System32\netlogon.dll
[2006.11.02 11:46:11 | 000,559,616 | ---- | M] (Microsoft Corporation) MD5=889A2C9F2AACCD8F64EF50AC0B3D553B -- C:\Windows\winsxs\x86_microsoft-windows-security-netlogon_31bf3856ad364e35_6.0.6000.16386_none_fb80f5473b0ed783\netlogon.dll
[2008.01.19 09:35:36 | 000,592,384 | ---- | M] (Microsoft Corporation) MD5=A8EFC0B6E75B789F7FD3BA5025D4E37F -- C:\Windows\SoftwareDistribution\Download\df81987ce1972154ab659b2f560f1610\x86_microsoft-windows-security-netlogon_31bf3856ad364e35_6.0.6001.18000_none_fdb7b74337f9e857\netlogon.dll
 
< MD5 for: NVSTOR.SYS  >
[2006.11.02 11:50:13 | 000,040,040 | ---- | M] (NVIDIA Corporation) MD5=9E0BA19A28C498A6D323D065DB76DFFC -- C:\Windows\System32\drivers\nvstor.sys
[2006.11.02 11:50:13 | 000,040,040 | ---- | M] (NVIDIA Corporation) MD5=9E0BA19A28C498A6D323D065DB76DFFC -- C:\Windows\System32\DriverStore\FileRepository\nvraid.inf_733654ff\nvstor.sys
[2008.01.19 09:42:09 | 000,045,112 | ---- | M] (NVIDIA Corporation) MD5=ABED0C09758D1D97DB0042DBB2688177 -- C:\Windows\SoftwareDistribution\Download\df81987ce1972154ab659b2f560f1610\x86_nvraid.inf_31bf3856ad364e35_6.0.6001.18000_none_39dac327befea467\nvstor.sys
 
< MD5 for: SCECLI.DLL  >
[2008.01.19 09:36:19 | 000,177,152 | ---- | M] (Microsoft Corporation) MD5=28B84EB538F7E8A0FE8B9299D591E0B9 -- C:\Windows\SoftwareDistribution\Download\df81987ce1972154ab659b2f560f1610\x86_microsoft-windows-s..urationengineclient_31bf3856ad364e35_6.0.6001.18000_none_380de25bd91b6f12\scecli.dll
[2006.11.02 11:46:12 | 000,176,640 | ---- | M] (Microsoft Corporation) MD5=80E2839D05CA5970A86D7BE2A08BFF61 -- C:\Windows\System32\scecli.dll
[2006.11.02 11:46:12 | 000,176,640 | ---- | M] (Microsoft Corporation) MD5=80E2839D05CA5970A86D7BE2A08BFF61 -- C:\Windows\winsxs\x86_microsoft-windows-s..urationengineclient_31bf3856ad364e35_6.0.6000.16386_none_35d7205fdc305e3e\scecli.dll
 
< MD5 for: USER32.DLL  >
[2008.04.16 01:47:00 | 000,633,856 | ---- | M] (Microsoft Corporation) MD5=9D9F061EDA75425FC67F0365E3467C86 -- C:\Windows\winsxs\x86_microsoft-windows-user32_31bf3856ad364e35_6.0.6000.20537_none_cbc258dc896598f1\user32.dll
[2008.01.19 09:36:46 | 000,627,200 | ---- | M] (Microsoft Corporation) MD5=B974D9F06DC7D1908E825DC201681269 -- C:\Windows\SoftwareDistribution\Download\df81987ce1972154ab659b2f560f1610\x86_microsoft-windows-user32_31bf3856ad364e35_6.0.6001.18000_none_cd386c416d5c7f32\user32.dll
[2006.11.02 11:46:13 | 000,633,856 | ---- | M] (Microsoft Corporation) MD5=E698A5437B89A285ACA3FF022356810A -- C:\Windows\winsxs\x86_microsoft-windows-user32_31bf3856ad364e35_6.0.6000.16386_none_cb01aa4570716e5e\user32.dll
[2008.04.16 01:47:00 | 000,633,856 | ---- | M] (Microsoft Corporation) Unable to obtain MD5 -- C:\Windows\System32\user32.dll
[2008.04.16 01:47:00 | 000,633,856 | ---- | M] (Microsoft Corporation) Unable to obtain MD5 -- C:\Windows\winsxs\x86_microsoft-windows-user32_31bf3856ad364e35_6.0.6000.16438_none_cb39bc5b7047127e\user32.dll
 
< MD5 for: USERINIT.EXE  >
[2008.01.19 09:33:33 | 000,025,088 | ---- | M] (Microsoft Corporation) MD5=0E135526E9785D085BCD9AEDE6FBCBF9 -- C:\Windows\SoftwareDistribution\Download\df81987ce1972154ab659b2f560f1610\x86_microsoft-windows-userinit_31bf3856ad364e35_6.0.6001.18000_none_dc28ba15d1aff80b\userinit.exe
[2006.11.02 11:45:50 | 000,024,576 | ---- | M] (Microsoft Corporation) MD5=22027835939F86C3E47AD8E3FBDE3D11 -- C:\Windows\System32\userinit.exe
[2006.11.02 11:45:50 | 000,024,576 | ---- | M] (Microsoft Corporation) MD5=22027835939F86C3E47AD8E3FBDE3D11 -- C:\Windows\winsxs\x86_microsoft-windows-userinit_31bf3856ad364e35_6.0.6000.16386_none_d9f1f819d4c4e737\userinit.exe
 
< MD5 for: VIAMRAID.SYS  >
[2006.03.06 12:45:10 | 000,060,928 | R--- | M] (VIA Technologies inc,.ltd) MD5=0363E216E4EB5052969C96608934DBDE -- C:\router arcor dsl\VIAHYPERION\VIA_HyperionPro_V5.00A.0\DrvDisk\i386\NT5\viamraid.sys
[2006.03.06 12:45:12 | 000,060,928 | R--- | M] (VIA Technologies inc,.ltd) MD5=0363E216E4EB5052969C96608934DBDE -- C:\router arcor dsl\VIAHYPERION\VIA_HyperionPro_V5.00A.0\VIARaid\driver\Winxp\viamraid.sys
[2006.03.06 12:45:10 | 000,067,664 | R--- | M] (VIA Technologies inc,.ltd) MD5=26583CDFF008A60FAE217400FF342DB4 -- C:\router arcor dsl\VIAHYPERION\VIA_HyperionPro_V5.00A.0\DrvDisk\i386\NT4\viamraid.sys
[2006.03.06 12:45:12 | 000,067,664 | R--- | M] (VIA Technologies inc,.ltd) MD5=26583CDFF008A60FAE217400FF342DB4 -- C:\router arcor dsl\VIAHYPERION\VIA_HyperionPro_V5.00A.0\VIARaid\driver\Winnt40\viamraid.sys
 
< MD5 for: WININIT.EXE  >
[2008.01.19 09:33:37 | 000,096,768 | ---- | M] (Microsoft Corporation) MD5=101BA3EA053480BB5D957EF37C06B5ED -- C:\Windows\SoftwareDistribution\Download\df81987ce1972154ab659b2f560f1610\x86_microsoft-windows-wininit_31bf3856ad364e35_6.0.6001.18000_none_30f2b8cf0450a6a2\wininit.exe
[2006.11.02 11:45:57 | 000,095,744 | ---- | M] (Microsoft Corporation) MD5=D4385B03E8CCCEE6F0EE249F827C1F3E -- C:\Windows\System32\wininit.exe
[2006.11.02 11:45:57 | 000,095,744 | ---- | M] (Microsoft Corporation) MD5=D4385B03E8CCCEE6F0EE249F827C1F3E -- C:\Windows\winsxs\x86_microsoft-windows-wininit_31bf3856ad364e35_6.0.6000.16386_none_2ebbf6d3076595ce\wininit.exe
 
< MD5 for: WINLOGON.EXE  >
[2012.01.13 15:53:20 | 000,182,856 | ---- | M] () MD5=63EEC8A8B221AB79045E776E5F592868 -- C:\Program Files\Malwarebytes' Anti-Malware\Chameleon\winlogon.exe
[2006.11.02 11:45:57 | 000,308,224 | ---- | M] (Microsoft Corporation) MD5=9F75392B9128A91ABAFB044EA350BAAD -- C:\Windows\System32\winlogon.exe
[2006.11.02 11:45:57 | 000,308,224 | ---- | M] (Microsoft Corporation) MD5=9F75392B9128A91ABAFB044EA350BAAD -- C:\Windows\winsxs\x86_microsoft-windows-winlogon_31bf3856ad364e35_6.0.6000.16386_none_6d8c3f1ad8066b21\winlogon.exe
[2008.01.19 09:33:37 | 000,314,880 | ---- | M] (Microsoft Corporation) MD5=C2610B6BDBEFC053BBDAB4F1B965CB24 -- C:\Windows\SoftwareDistribution\Download\df81987ce1972154ab659b2f560f1610\x86_microsoft-windows-winlogon_31bf3856ad364e35_6.0.6001.18000_none_6fc30116d4f17bf5\winlogon.exe
 
< MD5 for: WS2IFSL.SYS  >
[2006.11.02 10:58:26 | 000,015,872 | ---- | M] (Microsoft Corporation) MD5=84620AECDCFD2A7A14E6263927D8C0ED -- C:\Windows\System32\drivers\ws2ifsl.sys
[2006.11.02 10:58:26 | 000,015,872 | ---- | M] (Microsoft Corporation) MD5=84620AECDCFD2A7A14E6263927D8C0ED -- C:\Windows\winsxs\x86_microsoft-windows-w..rastructure-ws2ifsl_31bf3856ad364e35_6.0.6000.16386_none_4d4fded8cae2956d\ws2ifsl.sys
[2008.01.19 07:56:49 | 000,015,872 | ---- | M] (Microsoft Corporation) MD5=E3A3CB253C0EC2494D4A61F5E43A389C -- C:\Windows\SoftwareDistribution\Download\df81987ce1972154ab659b2f560f1610\x86_microsoft-windows-w..rastructure-ws2ifsl_31bf3856ad364e35_6.0.6001.18000_none_4f86a0d4c7cda641\ws2ifsl.sys
 
< %systemroot%\system32\drivers\*.sys /lockedfiles >
[2009.12.09 16:55:44 | 000,691,696 | ---- | M] () Unable to obtain MD5 -- C:\Windows\system32\drivers\sptd.sys
 
< %systemroot%\System32\config\*.sav >
[2006.11.02 12:34:05 | 000,008,192 | ---- | M] () -- C:\Windows\System32\config\COMPONENTS.SAV
[2006.11.02 12:34:05 | 000,020,480 | ---- | M] () -- C:\Windows\System32\config\DEFAULT.SAV
[2006.11.02 12:34:05 | 000,008,192 | ---- | M] () -- C:\Windows\System32\config\SECURITY.SAV
[2006.11.02 12:34:08 | 010,133,504 | ---- | M] () -- C:\Windows\System32\config\SOFTWARE.SAV
[2006.11.02 12:34:08 | 001,826,816 | ---- | M] () -- C:\Windows\System32\config\SYSTEM.SAV
 
< %systemroot%\*. /mp /s >
 
< %systemroot%\system32\*.dll /lockedfiles >
[2008.03.18 15:05:02 | 000,372,736 | ---- | M] (Advanced Micro Devices, Inc.) Unable to obtain MD5 -- C:\Windows\system32\ATIDEMGX.dll
[2010.03.09 18:49:34 | 000,347,136 | ---- | M] (Microsoft Corporation) Unable to obtain MD5 -- C:\Windows\system32\dxtmsft.dll
[2010.03.09 18:49:34 | 000,214,528 | ---- | M] (Microsoft Corporation) Unable to obtain MD5 -- C:\Windows\system32\dxtrans.dll
[2008.04.16 01:51:41 | 000,392,192 | ---- | M] (Microsoft Corporation) Unable to obtain MD5 -- C:\Windows\system32\FirewallAPI.dll

< End of report >

--- --- ---

Ich hoffe das passt so!
Vieeeeelen Dank!

cosinus · 27.03.2012, 19:40

Zitat:

Windows Vista Home Premium Edition (Version = 6.0.6000) - Type = NTWorkstation
Internet Explorer (Version = 7.0.6000.17037)

Wieso hat dien Vista eigentlich offensichtlich kein einziges Update gesehen?

Keine Spur vom SP2, nichtmal SP1 und sogar der IE7 ist in der uralten Version 7 noch drauf!
Warum hast du das System so vernachlässigt?
Die Updates müssen später (nicht jetzt) unbedingt eingespielt werden!

jade · 28.03.2012, 17:39

Ich weiß, dass ich da nachlässig war - aber ich finde, ich habe meine Strafe hiermit bekommen!
Kann ich noch irgendetwas machen?

cosinus · 28.03.2012, 20:31

Mach einen OTL-Fix, beende alle evtl. geöffneten Programme, auch Virenscanner deaktivieren (!), starte OTL und kopiere folgenden Text in die "Custom Scan/Fixes" Box (unten in OTL): (das ":OTL" muss mitkopiert werden!!!)

Hinweis: Falls Du Deinen Benutzernamen unkenntlich gemacht hast, musst Du das Ausgesternte in Deinen richtigen Benutzernamen wieder verwandeln, sonst funktioniert das Script nicht!!

Code:

ATTFilter

:OTL
F3 - HKU\S-1-5-21-2695662200-722587133-2900711219-1003 WinNT: Load - (C:\Users\jess\LOCALS~1\Temp\mssxkoiuu.pif) -  File not found
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: NoHotStart = 0
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2006.09.18 23:43:36 | 000,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ]
O33 - MountPoints2\{673e6cfe-29ff-11de-8d2f-0013779d79c3}\Shell\AutoRun\command - "" = H:\START.exe
O33 - MountPoints2\{77e039ad-eb5a-11df-989f-0013779d79c3}\Shell - "" = AutoRun
O33 - MountPoints2\{77e039ad-eb5a-11df-989f-0013779d79c3}\Shell\AutoRun\command - "" = I:\Startme.exe
O33 - MountPoints2\{8ce13330-463f-11df-bc61-0013779d79c3}\Shell - "" = AutoRun
O33 - MountPoints2\{8ce13330-463f-11df-bc61-0013779d79c3}\Shell\AutoRun\command - "" = I:\LaunchU3.exe -a
[2010.09.07 23:25:29 | 000,000,000 | ---D | M] -- C:\Users\*\AppData\Roaming\696737317CB889FB6A28F6275874920D
:Commands
[purity]
[resethosts]

Klick dann oben links auf den Button Fix!
Das Logfile müsste geöffnet werden, wenn Du nach dem Fixen auf ok klickst, poste das bitte. Evtl. wird der Rechner neu gestartet.

Die mit diesem Script gefixten Einträge, Dateien und Ordner werden zur Sicherheit nicht vollständig gelöscht, es wird eine Sicherheitskopie auf der Systempartition im Ordner "_OTL" erstellt.

Hinweis: Das obige Script ist nur für diesen einen User in dieser Situtation erstellt worden. Es ist auf keinen anderen Rechner portierbar und darf nicht anderweitig verwandt werden, da es das System nachhaltig schädigen kann!

jade · 28.03.2012, 21:06

Wow - das ging schneller als gedacht(höchstens 2 Sekunden)
"Deleted successfully" lese ich sehr gerne(v.a. bei diesem mssxkoiuu.pif-da kam nach dem Hochfahren immer eine Fehlermeldung)
Aber"not found"? Was ist mit denen?

Code:

ATTFilter

========== OTL ==========
Registry value HKEY_USERS\S-1-5-21-2695662200-722587133-2900711219-1003\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows\\Load:C:\Users\*\LOCALS~1\Temp\mssxkoiuu.pif deleted successfully.
Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\\NoHotStart deleted successfully.
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Cdrom\\AutoRun|DWORD:1 /E : value set successfully!
C:\autoexec.bat moved successfully.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{673e6cfe-29ff-11de-8d2f-0013779d79c3}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{673e6cfe-29ff-11de-8d2f-0013779d79c3}\ not found.
File H:\START.exe not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{77e039ad-eb5a-11df-989f-0013779d79c3}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{77e039ad-eb5a-11df-989f-0013779d79c3}\ not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{77e039ad-eb5a-11df-989f-0013779d79c3}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{77e039ad-eb5a-11df-989f-0013779d79c3}\ not found.
File I:\Startme.exe not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{8ce13330-463f-11df-bc61-0013779d79c3}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{8ce13330-463f-11df-bc61-0013779d79c3}\ not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{8ce13330-463f-11df-bc61-0013779d79c3}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{8ce13330-463f-11df-bc61-0013779d79c3}\ not found.
File I:\LaunchU3.exe -a not found.
C:\Users\*\AppData\Roaming\696737317CB889FB6A28F6275874920D folder moved successfully.
========== COMMANDS ==========
C:\Windows\System32\drivers\etc\Hosts moved successfully.
HOSTS file reset successfully
 
OTL by OldTimer - Version 3.2.39.2 log created on 03282012_215547

cosinus · 29.03.2012, 12:19

Ja was heißt wohl "not found"

Bitte nun (im normalen Windows-Modus) dieses Tool von Kaspersky (TDSS-Killer) ausführen und das Log posten => http://www.trojaner-board.de/82358-t...entfernen.html

Hinweis: Bitte den Virenscanner abstellen bevor du den TDSS-Killer ausführst, denn v.a. Avira meldet im TDSS-Tool oft einen Fehalalrm!

Das Tool so einstellen wie unten im Bild angegeben - klick auf change parameters und setze die Haken wie im folgenden Screenshot abgebildet,
Dann auf Start Scan klicken und wenn es durch ist auf den Button Report klicken um das Log anzuzeigen. Dieses bitte komplett posten.
Wenn du das Log nicht findest oder den Inhalt kopieren und in dein Posting übertragen kannst, dann schau bitte direkt auf deiner Windows-Systempartition (meistens Laufwerk C

nach, da speichert der TDSS-Killer seine Logs.

Hinweis: Bitte nichts voreilig mit dem TDSS-Killer löschen! Falls Objekte vom TDSS-Killer bemängelt werden, alle mit der Aktion "skip" behandeln und hier nur das Log posten!

jade · 29.03.2012, 13:15

Nur weil ich hier Hilfe suche, bin ich nicht dumm - natürlich ist mir klar, was "not found" heißt. Ich wollte nur wissen, was nicht gefunden werden konnte&was das bedeutet.

Code:

ATTFilter

14:03:15.0792 5848	TDSS rootkit removing tool 2.7.23.0 Mar 26 2012 13:40:18
14:03:17.0305 5848	============================================================
14:03:17.0305 5848	Current date / time: 2012/03/29 14:03:17.0305
14:03:17.0305 5848	SystemInfo:
14:03:17.0305 5848	
14:03:17.0305 5848	OS Version: 6.0.6000 ServicePack: 0.0
14:03:17.0305 5848	Product type: Workstation
14:03:17.0305 5848	ComputerName: *
14:03:17.0305 5848	UserName: *
14:03:17.0305 5848	Windows directory: C:\Windows
14:03:17.0305 5848	System windows directory: C:\Windows
14:03:17.0305 5848	Processor architecture: Intel x86
14:03:17.0305 5848	Number of processors: 2
14:03:17.0305 5848	Page size: 0x1000
14:03:17.0305 5848	Boot type: Normal boot
14:03:17.0305 5848	============================================================
14:03:18.0615 5848	Drive \Device\Harddisk0\DR0 - Size: 0x4A85D56000 (298.09 Gb), SectorSize: 0x200, Cylinders: 0x9801, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000050
14:03:18.0615 5848	\Device\Harddisk0\DR0:
14:03:18.0615 5848	MBR used
14:03:18.0615 5848	\Device\Harddisk0\DR0\Partition0: MBR, Type 0x7, StartLBA 0x1400800, BlocksNum 0x1202E000
14:03:18.0615 5848	\Device\Harddisk0\DR0\Partition1: MBR, Type 0x7, StartLBA 0x1342E800, BlocksNum 0x11FFF800
14:03:18.0709 5848	Initialize success
14:03:18.0709 5848	============================================================
14:03:34.0169 4404	============================================================
14:03:34.0169 4404	Scan started
14:03:34.0169 4404	Mode: Manual; SigCheck; TDLFS; 
14:03:34.0169 4404	============================================================
14:03:34.0886 4404	ACPI            (84fc6df81212d16be5c4f441682feccc) C:\Windows\system32\drivers\acpi.sys
14:03:35.0120 4404	ACPI - ok
14:03:35.0214 4404	adp94xx         (2edc5bbac6c651ece337bde8ed97c9fb) C:\Windows\system32\drivers\adp94xx.sys
14:03:35.0261 4404	adp94xx - ok
14:03:35.0323 4404	adpahci         (b84088ca3cdca97da44a984c6ce1ccad) C:\Windows\system32\drivers\adpahci.sys
14:03:35.0370 4404	adpahci - ok
14:03:35.0448 4404	adpu160m        (7880c67bccc27c86fd05aa2afb5ea469) C:\Windows\system32\drivers\adpu160m.sys
14:03:35.0479 4404	adpu160m - ok
14:03:35.0526 4404	adpu320         (9ae713f8e30efc2abccd84904333df4d) C:\Windows\system32\drivers\adpu320.sys
14:03:35.0541 4404	adpu320 - ok
14:03:35.0604 4404	AeLookupSvc     (9d1fda9e086ba64e3c93c9de32461bcf) C:\Windows\System32\aelupsvc.dll
14:03:35.0775 4404	AeLookupSvc - ok
14:03:35.0885 4404	AFD             (5d24caf8efd924a875698ff28384db8b) C:\Windows\system32\drivers\afd.sys
14:03:36.0009 4404	AFD - ok
14:03:36.0087 4404	AgereSoftModem  (ce91b158fa490cf4c4d487a4130f4660) C:\Windows\system32\DRIVERS\AGRSM.sys
14:03:36.0243 4404	AgereSoftModem - ok
14:03:36.0353 4404	agp440          (ef23439cdd587f64c2c1b8825cead7d8) C:\Windows\system32\drivers\agp440.sys
14:03:36.0384 4404	agp440 - ok
14:03:36.0431 4404	aic78xx         (ae1fdf7bf7bb6c6a70f67699d880592a) C:\Windows\system32\drivers\djsvs.sys
14:03:36.0462 4404	aic78xx - ok
14:03:36.0509 4404	ALG             (e69fb0e3112c40fdc0ef7d21a52dc951) C:\Windows\System32\alg.exe
14:03:36.0555 4404	ALG - ok
14:03:36.0665 4404	aliide          (90395b64600ebb4552e26e178c94b2e4) C:\Windows\system32\drivers\aliide.sys
14:03:36.0680 4404	aliide - ok
14:03:36.0727 4404	amdagp          (2b13e304c9dfdfa5eb582f6a149fa2c7) C:\Windows\system32\drivers\amdagp.sys
14:03:36.0743 4404	amdagp - ok
14:03:36.0774 4404	amdide          (0577df1d323fe75a739c787893d300ea) C:\Windows\system32\drivers\amdide.sys
14:03:36.0789 4404	amdide - ok
14:03:36.0836 4404	AmdK7           (dc487885bcef9f28eece6fac0e5ddfc5) C:\Windows\system32\drivers\amdk7.sys
14:03:36.0945 4404	AmdK7 - ok
14:03:37.0039 4404	AmdK8           (0ca0071da4315b00fc1328ca86b425da) C:\Windows\system32\drivers\amdk8.sys
14:03:37.0148 4404	AmdK8 - ok
14:03:37.0257 4404	AntiVirSchedulerService (a122d68ea2541453f787f341877cb40b) C:\Program Files\Avira\AntiVir Desktop\sched.exe
14:03:37.0273 4404	AntiVirSchedulerService - ok
14:03:37.0320 4404	AntiVirService  (2fe359edeb34efcf42574752f8aebd3f) C:\Program Files\Avira\AntiVir Desktop\avguard.exe
14:03:37.0335 4404	AntiVirService - ok
14:03:37.0445 4404	Appinfo         (cfa455816879f06f1c4e5bbf9e8aef7d) C:\Windows\System32\appinfo.dll
14:03:37.0569 4404	Appinfo - ok
14:03:37.0647 4404	Apple Mobile Device (20f6f19fe9e753f2780dc2fa083ad597) C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
14:03:37.0663 4404	Apple Mobile Device - ok
14:03:37.0741 4404	arc             (5f673180268bb1fdb69c99b6619fe379) C:\Windows\system32\drivers\arc.sys
14:03:37.0772 4404	arc - ok
14:03:37.0850 4404	arcsas          (957f7540b5e7f602e44648c7de5a1c05) C:\Windows\system32\drivers\arcsas.sys
14:03:37.0866 4404	arcsas - ok
14:03:37.0913 4404	AsyncMac        (e86cf7ce67d5de898f27ef884dc357d8) C:\Windows\system32\DRIVERS\asyncmac.sys
14:03:38.0037 4404	AsyncMac - ok
14:03:38.0131 4404	atapi           (e03e8c99d15d0381e02743c36afc7c6f) C:\Windows\system32\drivers\atapi.sys
14:03:38.0147 4404	atapi - ok
14:03:38.0209 4404	athr            (91e15b0a1d6f7b99ace55d04c6d1544a) C:\Windows\system32\DRIVERS\athr.sys
14:03:38.0334 4404	athr - ok
14:03:38.0459 4404	Ati External Event Utility (a80ecb306802572fd2d6659da010b037) C:\Windows\system32\Ati2evxx.exe
14:03:38.0599 4404	Ati External Event Utility - ok
14:03:38.0786 4404	atikmdag        (976d32226fc4dd1187110b763f913a69) C:\Windows\system32\DRIVERS\atikmdag.sys
14:03:39.0036 4404	atikmdag - ok
14:03:39.0145 4404	AtiPcie         (4aa1eb65481c392955939e735d27118b) C:\Windows\system32\DRIVERS\AtiPcie.sys
14:03:39.0176 4404	AtiPcie - ok
14:03:39.0254 4404	AudioEndpointBuilder (e760fc1bd68f7f6f1b17eb4e8d9480b0) C:\Windows\System32\Audiosrv.dll
14:03:39.0410 4404	AudioEndpointBuilder - ok
14:03:39.0426 4404	Audiosrv        (e760fc1bd68f7f6f1b17eb4e8d9480b0) C:\Windows\System32\Audiosrv.dll
14:03:39.0582 4404	Audiosrv - ok
14:03:39.0707 4404	avgntflt        (7713e4eb0276702faa08e52a6e23f2a6) C:\Windows\system32\DRIVERS\avgntflt.sys
14:03:39.0785 4404	avgntflt - ok
14:03:39.0831 4404	avipbb          (13b02b9b969dde270cd7c351203dad3c) C:\Windows\system32\DRIVERS\avipbb.sys
14:03:39.0863 4404	avipbb - ok
14:03:39.0925 4404	avkmgr          (271cfd1a989209b1964e24d969552bf7) C:\Windows\system32\DRIVERS\avkmgr.sys
14:03:39.0941 4404	avkmgr - ok
14:03:40.0190 4404	BBSvc           (825f81a6f7dd073509db101f0ba6dc59) C:\Program Files\Microsoft\BingBar\BBSvc.EXE
14:03:40.0221 4404	BBSvc - ok
14:03:40.0284 4404	BcmSqlStartupSvc (6163664c7e9cd110af70180c126c3fdc) C:\Program Files\Microsoft Small Business\Business Contact Manager\BcmSqlStartupSvc.exe
14:03:40.0299 4404	BcmSqlStartupSvc - ok
14:03:40.0409 4404	Beep            (ac3dd1708b22761ebd7cbe14dcc3b5d7) C:\Windows\system32\drivers\Beep.sys
14:03:40.0533 4404	Beep - ok
14:03:40.0627 4404	BFE             (98ebdffb824a7c265337d68dd480e45c) C:\Windows\System32\bfe.dll
14:03:40.0736 4404	BFE - ok
14:03:40.0861 4404	BITS            (da551697e34d2b9943c8b1c8eaffe89a) C:\Windows\System32\qmgr.dll
14:03:40.0955 4404	BITS - ok
14:03:41.0001 4404	blbdrive - ok
14:03:41.0111 4404	Bonjour Service (f2060a34c8a75bc24a9222eb4f8c07bd) C:\Program Files\Bonjour\mDNSResponder.exe
14:03:41.0126 4404	Bonjour Service - ok
14:03:41.0173 4404	bowser          (913cd06fbe9105ce6077e90fd4418561) C:\Windows\system32\DRIVERS\bowser.sys
14:03:41.0282 4404	bowser - ok
14:03:41.0345 4404	BrFiltLo        (9f9acc7f7ccde8a15c282d3f88b43309) C:\Windows\system32\drivers\brfiltlo.sys
14:03:41.0438 4404	BrFiltLo - ok
14:03:41.0532 4404	BrFiltUp        (56801ad62213a41f6497f96dee83755a) C:\Windows\system32\drivers\brfiltup.sys
14:03:41.0610 4404	BrFiltUp - ok
14:03:41.0657 4404	Browser         (beb6470532b7461d7bb426e3facb424f) C:\Windows\System32\browser.dll
14:03:41.0781 4404	Browser - ok
14:03:41.0828 4404	Brserid         (b304e75cff293029eddf094246747113) C:\Windows\system32\drivers\brserid.sys
14:03:41.0937 4404	Brserid - ok
14:03:42.0047 4404	BrSerWdm        (203f0b1e73adadbbb7b7b1fabd901f6b) C:\Windows\system32\drivers\brserwdm.sys
14:03:42.0171 4404	BrSerWdm - ok
14:03:42.0265 4404	BrUsbMdm        (bd456606156ba17e60a04e18016ae54b) C:\Windows\system32\drivers\brusbmdm.sys
14:03:42.0390 4404	BrUsbMdm - ok
14:03:42.0515 4404	BrUsbSer        (af72ed54503f717a43268b3cc5faec2e) C:\Windows\system32\drivers\brusbser.sys
14:03:42.0639 4404	BrUsbSer - ok
14:03:42.0702 4404	BthEnum         (064fbc56921051de1075495d628b815f) C:\Windows\system32\DRIVERS\BthEnum.sys
14:03:42.0749 4404	BthEnum - ok
14:03:42.0873 4404	BTHMODEM        (ad07c1ec6665b8b35741ab91200c6b68) C:\Windows\system32\drivers\bthmodem.sys
14:03:43.0014 4404	BTHMODEM - ok
14:03:43.0076 4404	BthPan          (b8c3d9ddf85fd197c3e5f849fef71144) C:\Windows\system32\DRIVERS\bthpan.sys
14:03:43.0185 4404	BthPan - ok
14:03:43.0248 4404	BTHPORT         (b24757d9154cca035e1bbd3db92966d7) C:\Windows\system32\Drivers\BTHport.sys
14:03:43.0295 4404	BTHPORT - ok
14:03:43.0419 4404	BthServ         (58ee7f5e68310bc8d4e7cebd8358c12e) C:\Windows\System32\bthserv.dll
14:03:43.0513 4404	BthServ - ok
14:03:43.0622 4404	BTHUSB          (d42cf5f0c7635b3f1578810fe34d9e41) C:\Windows\system32\Drivers\BTHUSB.sys
14:03:43.0669 4404	BTHUSB - ok
14:03:43.0794 4404	btwaudio        (636f45a8500c1438cfa7dee15fc5c184) C:\Windows\system32\drivers\btwaudio.sys
14:03:43.0809 4404	btwaudio - ok
14:03:43.0841 4404	btwavdt         (bf9256ff01b093a5d90bb7a35ec90410) C:\Windows\system32\drivers\btwavdt.sys
14:03:43.0856 4404	btwavdt - ok
14:03:43.0997 4404	btwdins         (7fe64b44b0249a64597f5588bc2a09be) C:\Program Files\WIDCOMM\Bluetooth Software\bin\btwdins.exe
14:03:44.0043 4404	btwdins - ok
14:03:44.0153 4404	btwrchid        (0ab8c1ac177afb27309e1072faf34a37) C:\Windows\system32\DRIVERS\btwrchid.sys
14:03:44.0168 4404	btwrchid - ok
14:03:44.0231 4404	cdfs            (6c3a437fc873c6f6a4fc620b6888cb86) C:\Windows\system32\DRIVERS\cdfs.sys
14:03:44.0340 4404	cdfs - ok
14:03:44.0402 4404	cdrom           (8d1866e61af096ae8b582454f5e4d303) C:\Windows\system32\DRIVERS\cdrom.sys
14:03:44.0511 4404	cdrom - ok
14:03:44.0589 4404	CertPropSvc     (0600e04315fe543802a379d5d23c8be0) C:\Windows\System32\certprop.dll
14:03:44.0714 4404	CertPropSvc - ok
14:03:44.0792 4404	circlass        (da8e0afc7baa226c538ef53ac2f90897) C:\Windows\system32\drivers\circlass.sys
14:03:44.0901 4404	circlass - ok
14:03:44.0979 4404	CLFS            (1b84fd0937d3b99af9ba38ddff3daf54) C:\Windows\system32\CLFS.sys
14:03:45.0011 4404	CLFS - ok
14:03:45.0073 4404	clr_optimization_v2.0.50727_32 (d87acaed61e417bba546ced5e7e36d9c) C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe
14:03:45.0089 4404	clr_optimization_v2.0.50727_32 - ok
14:03:45.0213 4404	CmBatt          (ed97ad3df1b9005989eaf149bf06c821) C:\Windows\system32\DRIVERS\CmBatt.sys
14:03:45.0291 4404	CmBatt - ok
14:03:45.0338 4404	cmdide          (45201046c776ffdaf3fc8a0029c581c8) C:\Windows\system32\drivers\cmdide.sys
14:03:45.0369 4404	cmdide - ok
14:03:45.0401 4404	Compbatt        (722936afb75a7f509662b69b5632f48a) C:\Windows\system32\DRIVERS\compbatt.sys
14:03:45.0416 4404	Compbatt - ok
14:03:45.0447 4404	COMSysApp - ok
14:03:45.0525 4404	crcdisk         (2a213ae086bbec5e937553c7d9a2b22c) C:\Windows\system32\drivers\crcdisk.sys
14:03:45.0541 4404	crcdisk - ok
14:03:45.0588 4404	Crusoe          (22a7f883508176489f559ee745b5bf5d) C:\Windows\system32\drivers\crusoe.sys
14:03:45.0713 4404	Crusoe - ok
14:03:45.0775 4404	CryptSvc        (1c26fb097170a2a91066d1e3a24366e3) C:\Windows\system32\cryptsvc.dll
14:03:45.0900 4404	CryptSvc - ok
14:03:46.0009 4404	DcomLaunch      (7b981222a257d076885bffb66f19b7ce) C:\Windows\system32\rpcss.dll
14:03:46.0087 4404	DcomLaunch - ok
14:03:46.0134 4404	DfsC            (a7179de59ae269ab70345527894ccd7c) C:\Windows\system32\Drivers\dfsc.sys
14:03:46.0259 4404	DfsC - ok
14:03:46.0368 4404	DFSR            (e0d584aa76c7d845ba9f3a788260528f) C:\Windows\system32\DFSR.exe
14:03:46.0571 4404	DFSR - ok
14:03:46.0664 4404	Dhcp            (dc45739bc22d528d2b3e50d3f6761750) C:\Windows\System32\dhcpcsvc.dll
14:03:46.0727 4404	Dhcp - ok
14:03:46.0805 4404	disk            (841af4c4d41d3e3b2f244e976b0f7963) C:\Windows\system32\drivers\disk.sys
14:03:46.0836 4404	disk - ok
14:03:46.0883 4404	Dnscache        (eecba1dd142bf8693c476be8f32fe253) C:\Windows\System32\dnsrslvr.dll
14:03:46.0929 4404	Dnscache - ok
14:03:46.0992 4404	dot3svc         (1f795d214820e496bf1124434a6db546) C:\Windows\System32\dot3svc.dll
14:03:47.0101 4404	dot3svc - ok
14:03:47.0241 4404	dot4            (57b2d433a08b95e4f1b53a919937f3e5) C:\Windows\system32\DRIVERS\Dot4.sys
14:03:47.0366 4404	dot4 - ok
14:03:47.0413 4404	Dot4Print       (d93fa484bb62fbe7e5ef335c5415d3cf) C:\Windows\system32\DRIVERS\Dot4Prt.sys
14:03:47.0522 4404	Dot4Print - ok
14:03:47.0569 4404	dot4usb         (599742c4260fb3e8edb3be148b8ce856) C:\Windows\system32\DRIVERS\dot4usb.sys
14:03:47.0694 4404	dot4usb - ok
14:03:47.0756 4404	DPS             (032c90ad677bf7b7a8013d6087c7a921) C:\Windows\system32\dps.dll
14:03:47.0819 4404	DPS - ok
14:03:47.0897 4404	drmkaud         (ee472cd2c01f6f8e8aa1fa06ffef61b6) C:\Windows\system32\drivers\drmkaud.sys
14:03:48.0006 4404	drmkaud - ok
14:03:48.0099 4404	DXGKrnl         (334988883de69adb27e2cf9f9715bbdb) C:\Windows\System32\drivers\dxgkrnl.sys
14:03:48.0193 4404	DXGKrnl - ok
14:03:48.0240 4404	E1G60           (f88fb26547fd2ce6d0a5af2985892c48) C:\Windows\system32\DRIVERS\E1G60I32.sys
14:03:48.0349 4404	E1G60 - ok
14:03:48.0396 4404	EapHost         (90a0a875642e18618010645311b4e89e) C:\Windows\System32\eapsvc.dll
14:03:48.0505 4404	EapHost - ok
14:03:48.0630 4404	Ecache          (0efc7531b936ee57fdb4e837664c509f) C:\Windows\system32\drivers\ecache.sys
14:03:48.0645 4404	Ecache - ok
14:03:48.0692 4404	ehRecvr         (792f72e8b63df55ce98445d464874986) C:\Windows\ehome\ehRecvr.exe
14:03:48.0755 4404	ehRecvr - ok
14:03:48.0786 4404	ehSched         (ad1870c8e5d6dd340c829e6074bf3c3f) C:\Windows\ehome\ehsched.exe
14:03:48.0848 4404	ehSched - ok
14:03:48.0895 4404	ehstart         (c27c4ee8926e74aa72efcab24c5242c3) C:\Windows\ehome\ehstart.dll
14:03:48.0911 4404	ehstart - ok
14:03:49.0020 4404	elxstor         (e8f3f21a71720c84bcf423b80028359f) C:\Windows\system32\drivers\elxstor.sys
14:03:49.0051 4404	elxstor - ok
14:03:49.0113 4404	EMDMgmt         (3226fda08988526e819e364e8cce4cee) C:\Windows\system32\emdmgmt.dll
14:03:49.0207 4404	EMDMgmt - ok
14:03:49.0285 4404	EventSystem     (7b4971c3d43525175a4ea0d143e0412e) C:\Windows\system32\es.dll
14:03:49.0347 4404	EventSystem - ok
14:03:49.0425 4404	fastfat         (84a317cb0b3954d3768cdcd018dbf670) C:\Windows\system32\drivers\fastfat.sys
14:03:49.0550 4404	fastfat - ok
14:03:49.0597 4404	fdc             (63bdada84951b9c03e641800e176898a) C:\Windows\system32\DRIVERS\fdc.sys
14:03:49.0706 4404	fdc - ok
14:03:49.0769 4404	fdPHost         (e43bce1a77d6fd4ed5f8e0482b9e7df1) C:\Windows\system32\fdPHost.dll
14:03:49.0878 4404	fdPHost - ok
14:03:49.0940 4404	FDResPub        (89ed56dce8e47af40892778a5bd31fd2) C:\Windows\system32\fdrespub.dll
14:03:50.0049 4404	FDResPub - ok
14:03:50.0127 4404	FileInfo        (65773d6115c037ffd7ef8280ae85eb9d) C:\Windows\system32\drivers\fileinfo.sys
14:03:50.0143 4404	FileInfo - ok
14:03:50.0190 4404	Filetrace       (c226dd0de060745f3e042f58dcf78402) C:\Windows\system32\drivers\filetrace.sys
14:03:50.0299 4404	Filetrace - ok
14:03:50.0330 4404	flpydisk        (6603957eff5ec62d25075ea8ac27de68) C:\Windows\system32\DRIVERS\flpydisk.sys
14:03:50.0455 4404	flpydisk - ok
14:03:50.0517 4404	FltMgr          (a6a8da7ae4d53394ab22ac3ab6d3f5d3) C:\Windows\system32\drivers\fltmgr.sys
14:03:50.0549 4404	FltMgr - ok
14:03:50.0595 4404	FontCache3.0.0.0 (c9be08664611ddaf98e2331e9288b00b) C:\Windows\Microsoft.Net\Framework\v3.0\WPF\PresentationFontCache.exe
14:03:50.0627 4404	FontCache3.0.0.0 - ok
14:03:50.0673 4404	Fs_Rec          (66a078591208baa210c7634b11eb392c) C:\Windows\system32\drivers\Fs_Rec.sys
14:03:50.0720 4404	Fs_Rec - ok
14:03:50.0783 4404	gagp30kx        (4e1cd0a45c50a8882616cae5bf82f3c5) C:\Windows\system32\drivers\gagp30kx.sys
14:03:50.0798 4404	gagp30kx - ok
14:03:50.0907 4404	GEARAspiWDM     (8182ff89c65e4d38b2de4bb0fb18564e) C:\Windows\system32\DRIVERS\GEARAspiWDM.sys
14:03:50.0907 4404	GEARAspiWDM - ok
14:03:51.0001 4404	ggflt           (007aea2e06e7cef7372e40c277163959) C:\Windows\system32\DRIVERS\ggflt.sys
14:03:51.0017 4404	ggflt - ok
14:03:51.0048 4404	ggsemc          (c73de35960ca75c5ab4ae636b127c64e) C:\Windows\system32\DRIVERS\ggsemc.sys
14:03:51.0063 4404	ggsemc - ok
14:03:51.0157 4404	gpsvc           (bcf6589c42d8f6a20f33ef133ffe0524) C:\Windows\System32\gpsvc.dll
14:03:51.0282 4404	gpsvc - ok
14:03:51.0407 4404	gupdate         (f02a533f517eb38333cb12a9e8963773) C:\Program Files\Google\Update\GoogleUpdate.exe
14:03:51.0422 4404	gupdate - ok
14:03:51.0438 4404	gupdatem        (f02a533f517eb38333cb12a9e8963773) C:\Program Files\Google\Update\GoogleUpdate.exe
14:03:51.0469 4404	gupdatem - ok
14:03:51.0516 4404	gusvc           (c1b577b2169900f4cf7190c39f085794) C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
14:03:51.0531 4404	gusvc - ok
14:03:51.0641 4404	HdAudAddService (cb04c744be0a61b1d648faed182c3b59) C:\Windows\system32\drivers\HdAudio.sys
14:03:51.0765 4404	HdAudAddService - ok
14:03:51.0828 4404	HDAudBus        (0db613a7e427b5663563677796fd5258) C:\Windows\system32\DRIVERS\HDAudBus.sys
14:03:51.0859 4404	HDAudBus - ok
14:03:51.0890 4404	HidBth          (1338520e78d90154ed6be8f84de5fceb) C:\Windows\system32\drivers\hidbth.sys
14:03:52.0015 4404	HidBth - ok
14:03:52.0124 4404	HidIr           (ff3160c3a2445128c5a6d9b076da519e) C:\Windows\system32\drivers\hidir.sys
14:03:52.0233 4404	HidIr - ok
14:03:52.0311 4404	hidserv         (8fa640195279ace21bea91396a0054fc) C:\Windows\system32\hidserv.dll
14:03:52.0421 4404	hidserv - ok
14:03:52.0499 4404	HidUsb          (01e7971e9f4bd6ac6a08db52d0ea0418) C:\Windows\system32\DRIVERS\hidusb.sys
14:03:52.0530 4404	HidUsb - ok
14:03:52.0592 4404	hkmsvc          (d40aa05e29bf6ed29b139f044b461e9b) C:\Windows\system32\kmsvc.dll
14:03:52.0717 4404	hkmsvc - ok
14:03:52.0779 4404	HpCISSs         (df353b401001246853763c4b7aaa6f50) C:\Windows\system32\drivers\hpcisss.sys
14:03:52.0795 4404	HpCISSs - ok
14:03:52.0857 4404	HTTP            (ea24fe637d974a8a31bc650f478e3533) C:\Windows\system32\drivers\HTTP.sys
14:03:52.0920 4404	HTTP - ok
14:03:52.0998 4404	i2omp           (324c2152ff2c61abae92d09f3cca4d63) C:\Windows\system32\drivers\i2omp.sys
14:03:53.0013 4404	i2omp - ok
14:03:53.0107 4404	i8042prt        (1c9ee072baa3abb460b91d7ee9152660) C:\Windows\system32\DRIVERS\i8042prt.sys
14:03:53.0154 4404	i8042prt - ok
14:03:53.0216 4404	iaStorV         (c957bf4b5d80b46c5017bf0101e6c906) C:\Windows\system32\drivers\iastorv.sys
14:03:53.0247 4404	iaStorV - ok
14:03:53.0341 4404	idsvc           (7b630acaed64fef0c3e1cf255cb56686) C:\Windows\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\infocard.exe
14:03:53.0450 4404	idsvc - ok
14:03:53.0544 4404	iirsp           (2d077bf86e843f901d8db709c95b49a5) C:\Windows\system32\drivers\iirsp.sys
14:03:53.0559 4404	iirsp - ok
14:03:53.0637 4404	IKEEXT          (35662fe4d8622f667aa5a5568f7f1b40) C:\Windows\System32\ikeext.dll
14:03:53.0793 4404	IKEEXT - ok
14:03:54.0105 4404	IntcAzAudAddService (7bd4e0428776d11c8e8e26f9f5508690) C:\Windows\system32\drivers\RTKVHDA.sys
14:03:54.0293 4404	IntcAzAudAddService - ok
14:03:54.0371 4404	intelide        (97469037714070e45194ed318d636401) C:\Windows\system32\drivers\intelide.sys
14:03:54.0402 4404	intelide - ok
14:03:54.0449 4404	intelppm        (ce44cc04262f28216dd4341e9e36a16f) C:\Windows\system32\DRIVERS\intelppm.sys
14:03:54.0573 4404	intelppm - ok
14:03:54.0620 4404	IPBusEnum       (88cf5281ed9880d74dc9011cf8b5262d) C:\Windows\system32\ipbusenum.dll
14:03:54.0729 4404	IPBusEnum - ok
14:03:54.0823 4404	IpFilterDriver  (880c6f86cc3f551b8fea2c11141268c0) C:\Windows\system32\DRIVERS\ipfltdrv.sys
14:03:54.0948 4404	IpFilterDriver - ok
14:03:55.0026 4404	iphlpsvc        (ecc9ad72cfc4ab41cf6a9bcc11f9fef6) C:\Windows\System32\iphlpsvc.dll
14:03:55.0057 4404	iphlpsvc - ok
14:03:55.0119 4404	IpInIp - ok
14:03:55.0166 4404	IPMIDRV         (40f34f8aba2a015d780e4b09138b6c17) C:\Windows\system32\drivers\ipmidrv.sys
14:03:55.0260 4404	IPMIDRV - ok
14:03:55.0338 4404	IPNAT           (10077c35845101548037df04fd1a420b) C:\Windows\system32\DRIVERS\ipnat.sys
14:03:55.0447 4404	IPNAT - ok
14:03:55.0556 4404	iPod Service    (b84a28b3984185eda8867541af14cddb) C:\Program Files\iPod\bin\iPodService.exe
14:03:55.0619 4404	iPod Service - ok
14:03:55.0697 4404	IRENUM          (a82f328f4792304184642d6d397bb1e3) C:\Windows\system32\drivers\irenum.sys
14:03:55.0806 4404	IRENUM - ok
14:03:55.0837 4404	isapnp          (350fca7e73cf65bcef43fae1e4e91293) C:\Windows\system32\drivers\isapnp.sys
14:03:55.0868 4404	isapnp - ok
14:03:55.0899 4404	iScsiPrt        (4dca456d4d5723f8fa9c6760d240b0df) C:\Windows\system32\DRIVERS\msiscsi.sys
14:03:55.0931 4404	iScsiPrt - ok
14:03:55.0977 4404	iteatapi        (bced60d16156e428f8df8cf27b0df150) C:\Windows\system32\drivers\iteatapi.sys
14:03:55.0993 4404	iteatapi - ok
14:03:56.0102 4404	iteraid         (06fa654504a498c30adca8bec4e87e7e) C:\Windows\system32\drivers\iteraid.sys
14:03:56.0133 4404	iteraid - ok
14:03:56.0180 4404	kbdclass        (b076b2ab806b3f696dab21375389101c) C:\Windows\system32\DRIVERS\kbdclass.sys
14:03:56.0211 4404	kbdclass - ok
14:03:56.0258 4404	kbdhid          (ed61dbc6603f612b7338283edbacbc4b) C:\Windows\system32\DRIVERS\kbdhid.sys
14:03:56.0289 4404	kbdhid - ok
14:03:56.0352 4404	KeyIso          (c731b1fe449d4e9cea358c9d55b69be9) C:\Windows\system32\lsass.exe
14:03:56.0414 4404	KeyIso - ok
14:03:56.0492 4404	KMDFMEMIO       (ebc507f129df8f0e0ca270dcfc0cf87f) C:\Windows\system32\DRIVERS\kmdfmemio.sys
14:03:56.0539 4404	KMDFMEMIO - ok
14:03:56.0586 4404	KSecDD          (0a829977b078dea11641fc2af87ceade) C:\Windows\system32\Drivers\ksecdd.sys
14:03:56.0633 4404	KSecDD - ok
14:03:56.0711 4404	KtmRm           (45c537fe5dde9a0146aeff76e615737d) C:\Windows\system32\msdtckrm.dll
14:03:56.0835 4404	KtmRm - ok
14:03:56.0882 4404	LanmanServer    (53d1482fc1aa36ac015a85e6cf2146bd) C:\Windows\system32\srvsvc.dll
14:03:56.0991 4404	LanmanServer - ok
14:03:57.0069 4404	LanmanWorkstation (435f0f6dc87a4b5da78f1fa309884189) C:\Windows\System32\wkssvc.dll
14:03:57.0132 4404	LanmanWorkstation - ok
14:03:57.0225 4404	LightScribeService (f34b35f6f74e28a460749da11d1117f8) C:\Program Files\Common Files\LightScribe\LSSrvc.exe
14:03:57.0241 4404	LightScribeService - ok
14:03:57.0335 4404	lltdio          (fd015b4f95daa2b712f0e372a116fbad) C:\Windows\system32\DRIVERS\lltdio.sys
14:03:57.0428 4404	lltdio - ok
14:03:57.0491 4404	lltdsvc         (7450dbcf754391dd6363fffd5ef0e789) C:\Windows\System32\lltdsvc.dll
14:03:57.0615 4404	lltdsvc - ok
14:03:57.0647 4404	lmhosts         (35d40113e4a5b961b6ce5c5857702518) C:\Windows\System32\lmhsvc.dll
14:03:57.0756 4404	lmhosts - ok
14:03:57.0849 4404	LSI_FC          (a2262fb9f28935e862b4db46438c80d2) C:\Windows\system32\drivers\lsi_fc.sys
14:03:57.0881 4404	LSI_FC - ok
14:03:57.0959 4404	LSI_SAS         (30d73327d390f72a62f32c103daf1d6d) C:\Windows\system32\drivers\lsi_sas.sys
14:03:57.0974 4404	LSI_SAS - ok
14:03:58.0021 4404	LSI_SCSI        (e1e36fefd45849a95f1ab81de0159fe3) C:\Windows\system32\drivers\lsi_scsi.sys
14:03:58.0037 4404	LSI_SCSI - ok
14:03:58.0083 4404	luafv           (42885bb44b6e065b8575a8dd6c430c52) C:\Windows\system32\drivers\luafv.sys
14:03:58.0208 4404	luafv - ok
14:03:58.0255 4404	Mcx2Svc         (e93c1ad58e88a0846eaee10671c2a8f3) C:\Windows\system32\Mcx2Svc.dll
14:03:58.0286 4404	Mcx2Svc - ok
14:03:58.0395 4404	megasas         (d153b14fc6598eae8422a2037553adce) C:\Windows\system32\drivers\megasas.sys
14:03:58.0411 4404	megasas - ok
14:03:58.0458 4404	MMCSS           (9dfa3a459af0954aa85b4f7622ad87bb) C:\Windows\system32\mmcss.dll
14:03:58.0583 4404	MMCSS - ok
14:03:58.0614 4404	Modem           (21755967298a46fb6adfec9db6012211) C:\Windows\system32\drivers\modem.sys
14:03:58.0739 4404	Modem - ok
14:03:58.0848 4404	monitor         (7446e104a5fe5987ca9e4983fbac4f97) C:\Windows\system32\DRIVERS\monitor.sys
14:03:58.0895 4404	monitor - ok
14:03:58.0941 4404	mouclass        (5fba13c1a1841b0885d316ed3589489d) C:\Windows\system32\DRIVERS\mouclass.sys
14:03:58.0957 4404	mouclass - ok
14:03:59.0004 4404	mouhid          (b569b5c5d3bde545df3a6af512cccdba) C:\Windows\system32\DRIVERS\mouhid.sys
14:03:59.0066 4404	mouhid - ok
14:03:59.0160 4404	MountMgr        (01f1e5a3e4877c931cbb31613fec16a6) C:\Windows\system32\drivers\mountmgr.sys
14:03:59.0175 4404	MountMgr - ok
14:03:59.0222 4404	mpio            (583a41f26278d9e0ea548163d6139397) C:\Windows\system32\drivers\mpio.sys
14:03:59.0253 4404	mpio - ok
14:03:59.0300 4404	mpsdrv          (6e7a7f0c1193ee5648443fe2d4b789ec) C:\Windows\system32\drivers\mpsdrv.sys
14:03:59.0347 4404	mpsdrv - ok
14:03:59.0425 4404	MpsSvc          (563ed845885c6a7c09a7715d8bd0585c) C:\Windows\system32\mpssvc.dll
14:03:59.0487 4404	MpsSvc - ok
14:03:59.0581 4404	Mraid35x        (4fbbb70d30fd20ec51f80061703b001e) C:\Windows\system32\drivers\mraid35x.sys
14:03:59.0597 4404	Mraid35x - ok
14:03:59.0643 4404	MRxDAV          (1d8828b98ee309d65e006f0829e280e5) C:\Windows\system32\drivers\mrxdav.sys
14:03:59.0706 4404	MRxDAV - ok
14:03:59.0768 4404	mrxsmb          (8af705ce1bb907932157fab821170f27) C:\Windows\system32\DRIVERS\mrxsmb.sys
14:03:59.0815 4404	mrxsmb - ok
14:03:59.0877 4404	mrxsmb10        (47e13ab23371be3279eef22bbfa2c1be) C:\Windows\system32\DRIVERS\mrxsmb10.sys
14:03:59.0940 4404	mrxsmb10 - ok
14:03:59.0987 4404	mrxsmb20        (90b3fc7bd6b3d7ee7635debba2187f66) C:\Windows\system32\DRIVERS\mrxsmb20.sys
14:04:00.0033 4404	mrxsmb20 - ok
14:04:00.0096 4404	msahci          (742aed7939e734c36b7e8d6228ce26b7) C:\Windows\system32\drivers\msahci.sys
14:04:00.0111 4404	msahci - ok
14:04:00.0158 4404	msdsm           (3fc82a2ae4cc149165a94699183d3028) C:\Windows\system32\drivers\msdsm.sys
14:04:00.0174 4404	msdsm - ok
14:04:00.0221 4404	MSDTC           (bc64a92d821efea8bab8e8caf1b668bc) C:\Windows\System32\msdtc.exe
14:04:00.0267 4404	MSDTC - ok
14:04:00.0330 4404	Msfs            (729eafefd4e7417165f353a18dbe947d) C:\Windows\system32\drivers\Msfs.sys
14:04:00.0439 4404	Msfs - ok
14:04:00.0533 4404	msisadrv        (207df26dbb2537c20276da0e15892274) C:\Windows\system32\drivers\msisadrv.sys
14:04:00.0548 4404	msisadrv - ok
14:04:00.0595 4404	MSiSCSI         (8acf956d9154e893e789881430c12632) C:\Windows\system32\iscsiexe.dll
14:04:00.0720 4404	MSiSCSI - ok
14:04:00.0735 4404	msiserver - ok
14:04:00.0860 4404	MSKSSRV         (892cedefa7e0ffe7be8da651b651d047) C:\Windows\system32\drivers\MSKSSRV.sys
14:04:00.0954 4404	MSKSSRV - ok
14:04:01.0047 4404	MSPCLOCK        (ae2cb1da69b2676b4cee2a501af5871c) C:\Windows\system32\drivers\MSPCLOCK.sys
14:04:01.0157 4404	MSPCLOCK - ok
14:04:01.0235 4404	MSPQM           (f910da84fa90c44a3addb7cd874463fd) C:\Windows\system32\drivers\MSPQM.sys
14:04:01.0344 4404	MSPQM - ok
14:04:01.0391 4404	MsRPC           (84571c0ae07647ba38d493f5f0015df7) C:\Windows\system32\drivers\MsRPC.sys
14:04:01.0406 4404	MsRPC - ok
14:04:01.0500 4404	mssmbios        (7dbaa028f625aa46b95dda4fbe4b602b) C:\Windows\system32\DRIVERS\mssmbios.sys
14:04:01.0515 4404	mssmbios - ok
14:04:01.0578 4404	MSSQL$MSSMLBIZ - ok
14:04:01.0656 4404	MSSQLServerADHelper (c06ea83f6fc2959e897c117255b6b1d5) C:\Program Files\Microsoft SQL Server\90\Shared\sqladhlp90.exe
14:04:01.0671 4404	MSSQLServerADHelper - ok
14:04:01.0796 4404	MSTEE           (c826dd1373f38afd9ca46ec3c436a14e) C:\Windows\system32\drivers\MSTEE.sys
14:04:01.0890 4404	MSTEE - ok
14:04:01.0937 4404	Mup             (fa7aa70050cf5e2d15de00941e5665e5) C:\Windows\system32\Drivers\mup.sys
14:04:01.0952 4404	Mup - ok
14:04:02.0015 4404	napagent        (1cdbb5d002fe2bc5300aa20550d8a52e) C:\Windows\system32\qagentRT.dll
14:04:02.0124 4404	napagent - ok
14:04:02.0233 4404	NativeWifiP     (6da4a0fc7c0e83df0cb3cfd0a514c3bc) C:\Windows\system32\DRIVERS\nwifi.sys
14:04:02.0264 4404	NativeWifiP - ok
14:04:02.0373 4404	NDIS            (fffe00134c554e113ee186eeddb0ff30) C:\Windows\system32\drivers\ndis.sys
14:04:02.0420 4404	NDIS - ok
14:04:02.0483 4404	NdisTapi        (81659cdcbd0f9a9e07e6878ad8c78d3f) C:\Windows\system32\DRIVERS\ndistapi.sys
14:04:02.0545 4404	NdisTapi - ok
14:04:02.0607 4404	Ndisuio         (5de5ee546bf40838ebe0e01cb629df64) C:\Windows\system32\DRIVERS\ndisuio.sys
14:04:02.0717 4404	Ndisuio - ok
14:04:02.0810 4404	NdisWan         (397402adcbb8946223a1950101f6cd94) C:\Windows\system32\DRIVERS\ndiswan.sys
14:04:02.0919 4404	NdisWan - ok
14:04:02.0966 4404	NDProxy         (1b24fa907af283199a81b3bb37e5e526) C:\Windows\system32\drivers\NDProxy.sys
14:04:02.0997 4404	NDProxy - ok
14:04:03.0060 4404	NetBIOS         (356dbb9f98e8dc1028dd3092fceeb877) C:\Windows\system32\DRIVERS\netbios.sys
14:04:03.0185 4404	NetBIOS - ok
14:04:03.0231 4404	netbt           (e3a168912e7eefc3bd3b814720d68b41) C:\Windows\system32\DRIVERS\netbt.sys
14:04:03.0341 4404	netbt - ok
14:04:03.0434 4404	Netlogon        (c731b1fe449d4e9cea358c9d55b69be9) C:\Windows\system32\lsass.exe
14:04:03.0465 4404	Netlogon - ok
14:04:03.0528 4404	Netman          (90a4dae28b94497f83bea0f2a3b77092) C:\Windows\System32\netman.dll
14:04:03.0684 4404	Netman - ok
14:04:03.0746 4404	netprofm        (7c5c3d9ceee838856b828ab6f98a2857) C:\Windows\System32\netprofm.dll
14:04:03.0871 4404	netprofm - ok
14:04:03.0933 4404	NetTcpPortSharing (0ad5876ef4e9eb77c8f93eb5b2fff386) C:\Windows\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\SMSvcHost.exe
14:04:03.0949 4404	NetTcpPortSharing - ok
14:04:04.0121 4404	NETw2v32        (6e9edc1020b319e7676387b8cdf2398c) C:\Windows\system32\DRIVERS\NETw2v32.sys
14:04:04.0386 4404	NETw2v32 - ok
14:04:04.0433 4404	nfrd960         (2e7fb731d4790a1bc6270accefacb36e) C:\Windows\system32\drivers\nfrd960.sys
14:04:04.0464 4404	nfrd960 - ok
14:04:04.0526 4404	NlaSvc          (c424117a562f2de37a42266894c79aeb) C:\Windows\System32\nlasvc.dll
14:04:04.0651 4404	NlaSvc - ok
14:04:04.0745 4404	Npfs            (4f9832beb9fafd8ceb0e541f1323b26e) C:\Windows\system32\drivers\Npfs.sys
14:04:04.0854 4404	Npfs - ok
14:04:04.0901 4404	nsi             (23b8201a363de0e649fc75ee9874dee2) C:\Windows\system32\nsisvc.dll
14:04:05.0025 4404	nsi - ok
14:04:05.0057 4404	nsiproxy        (b488dfec274de1fc9d653870ef2587be) C:\Windows\system32\drivers\nsiproxy.sys
14:04:05.0181 4404	nsiproxy - ok
14:04:05.0306 4404	Ntfs            (37430aa7a66d7a63407adc2c0d05e9f6) C:\Windows\system32\drivers\Ntfs.sys
14:04:05.0384 4404	Ntfs - ok
14:04:05.0478 4404	ntrigdigi       (e875c093aec0c978a90f30c9e0dfbb72) C:\Windows\system32\drivers\ntrigdigi.sys
14:04:05.0587 4404	ntrigdigi - ok
14:04:05.0618 4404	Null            (ec5efb3c60f1b624648344a328bce596) C:\Windows\system32\drivers\Null.sys
14:04:05.0727 4404	Null - ok
14:04:05.0821 4404	nvraid          (e69e946f80c1c31c53003bfbf50cbb7c) C:\Windows\system32\drivers\nvraid.sys
14:04:05.0837 4404	nvraid - ok
14:04:05.0883 4404	nvstor          (9e0ba19a28c498a6d323d065db76dffc) C:\Windows\system32\drivers\nvstor.sys
14:04:05.0899 4404	nvstor - ok
14:04:05.0961 4404	nv_agp          (07c186427eb8fcc3d8d7927187f260f7) C:\Windows\system32\drivers\nv_agp.sys
14:04:05.0977 4404	nv_agp - ok
14:04:06.0055 4404	NwlnkFlt - ok
14:04:06.0086 4404	NwlnkFwd - ok
14:04:06.0180 4404	odserv          (785f487a64950f3cb8e9f16253ba3b7b) C:\Program Files\Common Files\Microsoft Shared\OFFICE12\ODSERV.EXE
14:04:06.0227 4404	odserv - ok
14:04:06.0289 4404	ohci1394        (be32da025a0be1878f0ee8d6d9386cd5) C:\Windows\system32\drivers\ohci1394.sys
14:04:06.0383 4404	ohci1394 - ok
14:04:06.0523 4404	OpenVPNService  (207263e9b61267e21fa2748ed38889a3) C:\Program Files\OpenVPN\bin\openvpnserv.exe
14:04:06.0539 4404	OpenVPNService ( UnsignedFile.Multi.Generic ) - warning
14:04:06.0539 4404	OpenVPNService - detected UnsignedFile.Multi.Generic (1)
14:04:06.0617 4404	ose             (5a432a042dae460abe7199b758e8606c) C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE
14:04:06.0648 4404	ose - ok
14:04:06.0741 4404	p2pimsvc        (016d01d3b8fb976a193c7434bed8dccf) C:\Windows\system32\p2psvc.dll
14:04:06.0866 4404	p2pimsvc - ok
14:04:06.0929 4404	p2psvc          (016d01d3b8fb976a193c7434bed8dccf) C:\Windows\system32\p2psvc.dll
14:04:06.0975 4404	p2psvc - ok
14:04:07.0053 4404	Parport         (0fa9b5055484649d63c303fe404e5f4d) C:\Windows\system32\drivers\parport.sys
14:04:07.0163 4404	Parport - ok
14:04:07.0225 4404	partmgr         (555a5b2c8022983bc7467bc925b222ee) C:\Windows\system32\drivers\partmgr.sys
14:04:07.0241 4404	partmgr - ok
14:04:07.0287 4404	Parvdm          (4f9a6a8a31413180d0fcb279ad5d8112) C:\Windows\system32\drivers\parvdm.sys
14:04:07.0397 4404	Parvdm - ok
14:04:07.0443 4404	PcaSvc          (d8c5c215c932233a4f1d7f368f4e4e65) C:\Windows\System32\pcasvc.dll
14:04:07.0475 4404	PcaSvc - ok
14:04:07.0521 4404	pci             (bdd96f9cf34d58958aff1be6ef4c8020) C:\Windows\system32\drivers\pci.sys
14:04:07.0537 4404	pci - ok
14:04:07.0599 4404	pciide          (b2fc76090ef1003463ccb07cabb35cff) C:\Windows\system32\drivers\pciide.sys
14:04:07.0615 4404	pciide - ok
14:04:07.0693 4404	pcmcia          (e6f3fb1b86aa519e7698ad05e58b04e5) C:\Windows\system32\DRIVERS\pcmcia.sys
14:04:07.0709 4404	pcmcia - ok
14:04:07.0787 4404	PEAUTH          (6349f6ed9c623b44b52ea3c63c831a92) C:\Windows\system32\drivers\peauth.sys
14:04:07.0943 4404	PEAUTH - ok
14:04:08.0083 4404	pla             (cd05a38d166beade18030bafc0c0a939) C:\Windows\system32\pla.dll
14:04:08.0301 4404	pla - ok
14:04:08.0379 4404	PlugPlay        (747bb4c31f3b6e8d1b5ed0ad61518cb5) C:\Windows\system32\umpnpmgr.dll
14:04:08.0411 4404	PlugPlay - ok
14:04:08.0489 4404	Pml Driver HPZ12 (9dc0eb6e111c15886fe753061b8a2f61) C:\Windows\system32\HPZipm12.dll
14:04:08.0613 4404	Pml Driver HPZ12 - ok
14:04:08.0691 4404	PNRPAutoReg     (016d01d3b8fb976a193c7434bed8dccf) C:\Windows\system32\p2psvc.dll
14:04:08.0769 4404	PNRPAutoReg - ok
14:04:08.0832 4404	PNRPsvc         (016d01d3b8fb976a193c7434bed8dccf) C:\Windows\system32\p2psvc.dll
14:04:08.0894 4404	PNRPsvc - ok
14:04:08.0972 4404	PolicyAgent     (5ebdec613bd377ce9a85382be5c6b83b) C:\Windows\System32\ipsecsvc.dll
14:04:09.0035 4404	PolicyAgent - ok
14:04:09.0144 4404	PptpMiniport    (c04dec5ace67c5247b150c4223970bb7) C:\Windows\system32\DRIVERS\raspptp.sys
14:04:09.0191 4404	PptpMiniport - ok
14:04:09.0253 4404	Processor       (0e3cef5d28b40cf273281d620c50700a) C:\Windows\system32\drivers\processr.sys
14:04:09.0362 4404	Processor - ok
14:04:09.0425 4404	ProfSvc         (8b8e8f4734c5c576e3b910db73756cf1) C:\Windows\system32\profsvc.dll
14:04:09.0471 4404	ProfSvc - ok
14:04:09.0549 4404	ProtectedStorage (c731b1fe449d4e9cea358c9d55b69be9) C:\Windows\system32\lsass.exe
14:04:09.0581 4404	ProtectedStorage - ok
14:04:09.0612 4404	PSched          (2c8bae55247c4e09352e870292e4d1ab) C:\Windows\system32\DRIVERS\pacer.sys
14:04:09.0643 4404	PSched - ok
14:04:09.0705 4404	PzWDM           (36cf3653d367cbc72a38625543f3d4d1) C:\Windows\system32\Drivers\PzWDM.sys
14:04:09.0737 4404	PzWDM ( UnsignedFile.Multi.Generic ) - warning
14:04:09.0737 4404	PzWDM - detected UnsignedFile.Multi.Generic (1)
14:04:09.0815 4404	ql2300          (ccdac889326317792480c0a67156a1ec) C:\Windows\system32\drivers\ql2300.sys
14:04:09.0893 4404	ql2300 - ok
14:04:09.0971 4404	ql40xx          (81a7e5c076e59995d54bc1ed3a16e60b) C:\Windows\system32\drivers\ql40xx.sys
14:04:10.0002 4404	ql40xx - ok
14:04:10.0064 4404	QWAVE           (ca61bdfd3713a7ce75f2812afc431594) C:\Windows\system32\qwave.dll
14:04:10.0111 4404	QWAVE - ok
14:04:10.0142 4404	QWAVEdrv        (d2b3e2b7426dc23e185fbc73c8936c12) C:\Windows\system32\drivers\qwavedrv.sys
14:04:10.0173 4404	QWAVEdrv - ok
14:04:10.0345 4404	R300            (976d32226fc4dd1187110b763f913a69) C:\Windows\system32\DRIVERS\atikmdag.sys
14:04:10.0548 4404	R300 - ok
14:04:10.0641 4404	RasAcd          (bd7b30f55b3649506dd8b3d38f571d2a) C:\Windows\system32\DRIVERS\rasacd.sys
14:04:10.0751 4404	RasAcd - ok
14:04:10.0829 4404	RasAuto         (f14f4aab9f54d099fe99192bdb100ac9) C:\Windows\System32\rasauto.dll
14:04:10.0938 4404	RasAuto - ok
14:04:11.0031 4404	Rasl2tp         (68b0019fee429ec49d29017af937e482) C:\Windows\system32\DRIVERS\rasl2tp.sys
14:04:11.0078 4404	Rasl2tp - ok
14:04:11.0125 4404	RasMan          (11d65e29bc9d1e4114d18fe68194394c) C:\Windows\System32\rasmans.dll
14:04:11.0234 4404	RasMan - ok
14:04:11.0328 4404	RasPppoe        (ccf4e9c6cbbac81437f88cb2ae0b6c96) C:\Windows\system32\DRIVERS\raspppoe.sys
14:04:11.0437 4404	RasPppoe - ok
14:04:11.0499 4404	rdbss           (54129c5d9581bbec8bd1ebd3ba813f47) C:\Windows\system32\DRIVERS\rdbss.sys
14:04:11.0609 4404	rdbss - ok
14:04:11.0671 4404	RDPCDD          (794585276b5d7fca9f3fc15543f9f0b9) C:\Windows\system32\DRIVERS\RDPCDD.sys
14:04:11.0780 4404	RDPCDD - ok
14:04:11.0874 4404	rdpdr           (e8bd98d46f2ed77132ba927fccb47d8b) C:\Windows\system32\drivers\rdpdr.sys
14:04:11.0983 4404	rdpdr - ok
14:04:12.0061 4404	RDPENCDD        (980b56e2e273e19d3a9d72d5c420f008) C:\Windows\system32\drivers\rdpencdd.sys
14:04:12.0170 4404	RDPENCDD - ok
14:04:12.0248 4404	RDPWD           (8830e790a74a96605faba74f9665bb3c) C:\Windows\system32\drivers\RDPWD.sys
14:04:12.0373 4404	RDPWD - ok
14:04:12.0435 4404	RemoteAccess    (6c1a43c589ee8011a1ebfd51c01b77ce) C:\Windows\System32\mprdim.dll
14:04:12.0545 4404	RemoteAccess - ok
14:04:12.0607 4404	RemoteRegistry  (9a043808667c8c1893da7275af373f0e) C:\Windows\system32\regsvc.dll
14:04:12.0716 4404	RemoteRegistry - ok
14:04:12.0810 4404	RFCOMM          (7ec90c316177ba3f1bce92005264b447) C:\Windows\system32\DRIVERS\rfcomm.sys
14:04:12.0919 4404	RFCOMM - ok
14:04:12.0997 4404	RichVideo       (4d05898896ec49cf663dda61041ab096) C:\Program Files\CyberLink\Shared Files\RichVideo.exe
14:04:13.0013 4404	RichVideo - ok
14:04:13.0091 4404	RpcLocator      (5123f83cbc4349d065534eeb6bbdc42b) C:\Windows\system32\locator.exe
14:04:13.0137 4404	RpcLocator - ok
14:04:13.0231 4404	RpcSs           (7b981222a257d076885bffb66f19b7ce) C:\Windows\system32\rpcss.dll
14:04:13.0278 4404	RpcSs - ok
14:04:13.0340 4404	rspndr          (97e939d2128fec5d5a3e6e79b290a2f4) C:\Windows\system32\DRIVERS\rspndr.sys
14:04:13.0449 4404	rspndr - ok
14:04:13.0496 4404	RTL8023xp       (959ef612d2ccfdb6d9e443f8e3655013) C:\Windows\system32\DRIVERS\Rtnicxp.sys
14:04:13.0605 4404	RTL8023xp - ok
14:04:13.0715 4404	SamSs           (c731b1fe449d4e9cea358c9d55b69be9) C:\Windows\system32\lsass.exe
14:04:13.0746 4404	SamSs - ok
14:04:13.0839 4404	Samsung Update Plus (4bfb51cdb25d4d4b9e8fccab635f262e) C:\Program Files\Samsung\Samsung Update Plus\SLUBackgroundService.exe
14:04:13.0855 4404	Samsung Update Plus ( UnsignedFile.Multi.Generic ) - warning
14:04:13.0855 4404	Samsung Update Plus - detected UnsignedFile.Multi.Generic (1)
14:04:13.0902 4404	sbp2port        (3ce8f073a557e172b330109436984e30) C:\Windows\system32\drivers\sbp2port.sys
14:04:13.0917 4404	sbp2port - ok
14:04:13.0964 4404	SCardSvr        (565b4b9e5ad2f2f18a4f8aafa6c06bbb) C:\Windows\System32\SCardSvr.dll
14:04:14.0073 4404	SCardSvr - ok
14:04:14.0183 4404	Schedule        (886cec884b5be29ab9828b8ab46b11f7) C:\Windows\system32\schedsvc.dll
14:04:14.0261 4404	Schedule - ok
14:04:14.0323 4404	SCPolicySvc     (0600e04315fe543802a379d5d23c8be0) C:\Windows\System32\certprop.dll
14:04:14.0417 4404	SCPolicySvc - ok
14:04:14.0526 4404	sdbus           (4339a2585708c7d9b0c0ce5aad3dd6ff) C:\Windows\system32\DRIVERS\sdbus.sys
14:04:14.0635 4404	sdbus - ok
14:04:14.0682 4404	SDRSVC          (f7b6bf02240d0a764adf8c8966735552) C:\Windows\System32\SDRSVC.dll
14:04:14.0729 4404	SDRSVC - ok
14:04:14.0869 4404	SeaPort         (cc781378e7eda615d2cdca3b17829fa4) C:\Program Files\Microsoft\BingBar\SeaPort.EXE
14:04:14.0900 4404	SeaPort - ok
14:04:14.0978 4404	secdrv          (90a3935d05b494a5a39d37e71f09a677) C:\Windows\system32\drivers\secdrv.sys
14:04:15.0087 4404	secdrv - ok
14:04:15.0150 4404	seclogon        (8388c4133ddbe62ad7bc3ec9f14271ed) C:\Windows\system32\seclogon.dll
14:04:15.0259 4404	seclogon - ok
14:04:15.0321 4404	seehcri         (e5b56569a9f79b70314fede6c953641e) C:\Windows\system32\DRIVERS\seehcri.sys
14:04:15.0384 4404	seehcri - ok
14:04:15.0415 4404	SENS            (34350ae2c1d33d21c7305f861bd8dad8) C:\Windows\System32\sens.dll
14:04:15.0540 4404	SENS - ok
14:04:15.0618 4404	Serenum         (68e44e331d46f0fb38f0863a84cd1a31) C:\Windows\system32\drivers\serenum.sys
14:04:15.0727 4404	Serenum - ok
14:04:15.0758 4404	Serial          (c70d69a918b178d3c3b06339b40c2e1b) C:\Windows\system32\drivers\serial.sys
14:04:15.0867 4404	Serial - ok
14:04:15.0961 4404	sermouse        (450accd77ec5cea720c1cdb9e26b953b) C:\Windows\system32\drivers\sermouse.sys
14:04:16.0008 4404	sermouse - ok
14:04:16.0086 4404	SessionEnv      (78878235da4df0d116e86837a0a21df8) C:\Windows\system32\sessenv.dll
14:04:16.0195 4404	SessionEnv - ok
14:04:16.0304 4404	sffdisk         (103b79418da647736ee95645f305f68a) C:\Windows\system32\drivers\sffdisk.sys
14:04:16.0413 4404	sffdisk - ok
14:04:16.0476 4404	sffp_mmc        (8fd08a310645fe872eeec6e08c6bf3ee) C:\Windows\system32\drivers\sffp_mmc.sys
14:04:16.0585 4404	sffp_mmc - ok
14:04:16.0632 4404	sffp_sd         (9cfa05fcfcb7124e69cfc812b72f9614) C:\Windows\system32\drivers\sffp_sd.sys
14:04:16.0741 4404	sffp_sd - ok
14:04:16.0788 4404	sfloppy         (46ed8e91793b2e6f848015445a0ac188) C:\Windows\system32\drivers\sfloppy.sys
14:04:16.0913 4404	sfloppy - ok
14:04:16.0959 4404	SharedAccess    (9a82bf4c90b00a63150a606a1e2fd82b) C:\Windows\System32\ipnathlp.dll
14:04:16.0991 4404	SharedAccess - ok
14:04:17.0053 4404	ShellHWDetection (b264dfa21677728613267fe63802b332) C:\Windows\System32\shsvcs.dll
14:04:17.0100 4404	ShellHWDetection - ok
14:04:17.0178 4404	sisagp          (d2a595d6eebeeaf4334f8e50efbc9931) C:\Windows\system32\drivers\sisagp.sys
14:04:17.0209 4404	sisagp - ok
14:04:17.0271 4404	SiSRaid2        (cedd6f4e7d84e9f98b34b3fe988373aa) C:\Windows\system32\drivers\sisraid2.sys
14:04:17.0287 4404	SiSRaid2 - ok
14:04:17.0334 4404	SiSRaid4        (df843c528c4f69d12ce41ce462e973a7) C:\Windows\system32\drivers\sisraid4.sys
14:04:17.0365 4404	SiSRaid4 - ok
14:04:17.0505 4404	slsvc           (a1dcd30534835cb67733ad00175125a6) C:\Windows\system32\SLsvc.exe
14:04:17.0739 4404	slsvc - ok
14:04:17.0833 4404	SLUINotify      (56da296e7b376a727e7bdc5ac7fbee02) C:\Windows\system32\SLUINotify.dll
14:04:17.0880 4404	SLUINotify - ok
14:04:17.0958 4404	Smb             (46baf398809a0f3b2d3300a1760e4b91) C:\Windows\system32\DRIVERS\smb.sys
14:04:18.0005 4404	Smb - ok
14:04:18.0051 4404	SNMPTRAP        (2a146a055b4401c16ee62d18b8e2a032) C:\Windows\System32\snmptrap.exe
14:04:18.0098 4404	SNMPTRAP - ok
14:04:18.0145 4404	spldr           (426f9b029aa9162ceccf65369457d046) C:\Windows\system32\drivers\spldr.sys
14:04:18.0176 4404	spldr - ok
14:04:18.0207 4404	Spooler         (da612ef2556776df2630b68bf2d48935) C:\Windows\System32\spoolsv.exe
14:04:18.0239 4404	Spooler - ok
14:04:18.0332 4404	sptd            (cdddec541bc3c96f91ecb48759673505) C:\Windows\system32\Drivers\sptd.sys
14:04:18.0332 4404	Suspicious file (NoAccess): C:\Windows\system32\Drivers\sptd.sys. md5: cdddec541bc3c96f91ecb48759673505
14:04:18.0348 4404	sptd ( LockedFile.Multi.Generic ) - warning
14:04:18.0348 4404	sptd - detected LockedFile.Multi.Generic (1)
14:04:18.0441 4404	SQLBrowser      (b2ec3e1deac5f0a764bd3486d213a0af) C:\Program Files\Microsoft SQL Server\90\Shared\sqlbrowser.exe
14:04:18.0473 4404	SQLBrowser - ok
14:04:18.0519 4404	SQLWriter       (d2f4f32b59440011174b4f8137af4e0c) C:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe
14:04:18.0535 4404	SQLWriter - ok
14:04:18.0660 4404	srv             (038579c35f7cad4a4bbf735dbf83277d) C:\Windows\system32\DRIVERS\srv.sys
14:04:18.0722 4404	srv - ok
14:04:18.0785 4404	srv2            (6971a757af8cb5e2cbcbb76cc530db6c) C:\Windows\system32\DRIVERS\srv2.sys
14:04:18.0831 4404	srv2 - ok
14:04:18.0878 4404	srvnet          (9e1a4603b874eebce0298113951abefb) C:\Windows\system32\DRIVERS\srvnet.sys
14:04:18.0909 4404	srvnet - ok
14:04:18.0972 4404	SSDPSRV         (8d3e4baff8b3997138c38eb1b600519a) C:\Windows\System32\ssdpsrv.dll
14:04:19.0097 4404	SSDPSRV - ok
14:04:19.0237 4404	ssmdrv          (a36ee93698802cd899f98bfd553d8185) C:\Windows\system32\DRIVERS\ssmdrv.sys
14:04:19.0253 4404	ssmdrv - ok
14:04:19.0315 4404	stisvc          (a941e099ef46e3cc12f898cbe1c39910) C:\Windows\System32\wiaservc.dll
14:04:19.0393 4404	stisvc - ok
14:04:19.0455 4404	swenum          (3b80b4383c9bce13279c8482734b32b2) C:\Windows\system32\DRIVERS\swenum.sys
14:04:19.0471 4404	swenum - ok
14:04:19.0549 4404	swprv           (749ada8d6c18a08adfede69cbf5db2e0) C:\Windows\System32\swprv.dll
14:04:19.0674 4404	swprv - ok
14:04:19.0752 4404	Symc8xx         (192aa3ac01df071b541094f251deed10) C:\Windows\system32\drivers\symc8xx.sys
14:04:19.0783 4404	Symc8xx - ok
14:04:19.0830 4404	Sym_hi          (8c8eb8c76736ebaf3b13b633b2e64125) C:\Windows\system32\drivers\sym_hi.sys
14:04:19.0845 4404	Sym_hi - ok
14:04:19.0877 4404	Sym_u3          (8072af52b5fd103bbba387a1e49f62cb) C:\Windows\system32\drivers\sym_u3.sys
14:04:19.0908 4404	Sym_u3 - ok
14:04:19.0955 4404	SynTP           (451e8037e2eb6da6bdf0a66f65d1810b) C:\Windows\system32\DRIVERS\SynTP.sys
14:04:19.0986 4404	SynTP - ok
14:04:20.0064 4404	SysMain         (8f2b5fede18bd3c4c926cbf88e6f1264) C:\Windows\system32\sysmain.dll
14:04:20.0126 4404	SysMain - ok
14:04:20.0189 4404	TabletInputService (2dca225eae15f42c0933e998ee0231c3) C:\Windows\System32\TabSvc.dll
14:04:20.0235 4404	TabletInputService - ok
14:04:20.0282 4404	TapiSrv         (ef3dd33c740fc2f82e7e4622f1c49289) C:\Windows\System32\tapisrv.dll
14:04:20.0407 4404	TapiSrv - ok
14:04:20.0469 4404	TBS             (68fa52794ae9acc61bde16fe0956b414) C:\Windows\System32\tbssvc.dll
14:04:20.0594 4404	TBS - ok
14:04:20.0703 4404	Tcpip           (4a82fa8f0df67aa354580c3faaf8bde3) C:\Windows\system32\drivers\tcpip.sys
14:04:20.0781 4404	Tcpip - ok
14:04:20.0859 4404	Tcpip6          (4a82fa8f0df67aa354580c3faaf8bde3) C:\Windows\system32\DRIVERS\tcpip.sys
14:04:20.0922 4404	Tcpip6 - ok
14:04:20.0969 4404	tcpipreg        (5ce0c4a7b12d0067dad527d72b68c726) C:\Windows\system32\drivers\tcpipreg.sys
14:04:21.0062 4404	tcpipreg - ok
14:04:21.0171 4404	TDPIPE          (964248aef49c31fa6a93201a73ffaf50) C:\Windows\system32\drivers\tdpipe.sys
14:04:21.0296 4404	TDPIPE - ok
14:04:21.0374 4404	TDTCP           (7d2c1ae1648a60fce4aa0f7982e419d3) C:\Windows\system32\drivers\tdtcp.sys
14:04:21.0468 4404	TDTCP - ok
14:04:21.0530 4404	tdx             (ab4fde8af4a0270a46a001c08cbce1c2) C:\Windows\system32\DRIVERS\tdx.sys
14:04:21.0639 4404	tdx - ok
14:04:21.0717 4404	TermDD          (849ed71967d45f15c3e0abfc633fdf2a) C:\Windows\system32\DRIVERS\termdd.sys
14:04:21.0749 4404	TermDD - ok
14:04:21.0827 4404	TermService     (fad71c1e8e4047b154e899ae31eb8caa) C:\Windows\System32\termsrv.dll
14:04:21.0967 4404	TermService - ok
14:04:21.0998 4404	Themes          (b264dfa21677728613267fe63802b332) C:\Windows\system32\shsvcs.dll
14:04:22.0045 4404	Themes - ok
14:04:22.0107 4404	THREADORDER     (9dfa3a459af0954aa85b4f7622ad87bb) C:\Windows\system32\mmcss.dll
14:04:22.0217 4404	THREADORDER - ok
14:04:22.0310 4404	TrkWks          (6bba0582c0025d43729a1112d3b57897) C:\Windows\System32\trkwks.dll
14:04:22.0419 4404	TrkWks - ok
14:04:22.0451 4404	TrustedInstaller (34e388a395fedba1d0511ed39bbf4074) C:\Windows\servicing\TrustedInstaller.exe
14:04:22.0497 4404	TrustedInstaller - ok
14:04:22.0575 4404	tssecsrv        (29f0eca726f0d51f7e048bdb0b372f29) C:\Windows\system32\DRIVERS\tssecsrv.sys
14:04:22.0685 4404	tssecsrv - ok
14:04:22.0747 4404	tunmp           (65e953bc0084d44498b51f59784d2a82) C:\Windows\system32\DRIVERS\tunmp.sys
14:04:22.0794 4404	tunmp - ok
14:04:22.0825 4404	tunnel          (4a39bda5e0fd30bdf4884f9d33ae6105) C:\Windows\system32\DRIVERS\tunnel.sys
14:04:22.0856 4404	tunnel - ok
14:04:22.0903 4404	uagp35          (c3ade15414120033a36c0f293d4a4121) C:\Windows\system32\drivers\uagp35.sys
14:04:22.0919 4404	uagp35 - ok
14:04:22.0965 4404	udfs            (6348da98707ceda8a0dfb05820e17732) C:\Windows\system32\DRIVERS\udfs.sys
14:04:23.0090 4404	udfs - ok
14:04:23.0199 4404	UI0Detect       (24a333f4f14dcfb6ff6d5a1b9e5d79dd) C:\Windows\system32\UI0Detect.exe
14:04:23.0246 4404	UI0Detect - ok
14:04:23.0309 4404	uliagpkx        (75e6890ebfce0841d3291b02e7a8bdb0) C:\Windows\system32\drivers\uliagpkx.sys
14:04:23.0324 4404	uliagpkx - ok
14:04:23.0387 4404	uliahci         (3cd4ea35a6221b85dcc25daa46313f8d) C:\Windows\system32\drivers\uliahci.sys
14:04:23.0418 4404	uliahci - ok
14:04:23.0465 4404	UlSata          (8514d0e5cd0534467c5fc61be94a569f) C:\Windows\system32\drivers\ulsata.sys
14:04:23.0480 4404	UlSata - ok
14:04:23.0527 4404	ulsata2         (38c3c6e62b157a6bc46594fada45c62b) C:\Windows\system32\drivers\ulsata2.sys
14:04:23.0558 4404	ulsata2 - ok
14:04:23.0589 4404	umbus           (3fb78f1d1dd86d87bececd9dffa24dd9) C:\Windows\system32\DRIVERS\umbus.sys
14:04:23.0714 4404	umbus - ok
14:04:23.0808 4404	upnphost        (8eb871a3deb6b3d5a85eb6ddfc390b59) C:\Windows\System32\upnphost.dll
14:04:23.0933 4404	upnphost - ok
14:04:24.0026 4404	USBAAPL         (4b8a9c16b6d9258ed99c512aecb8c555) C:\Windows\system32\Drivers\usbaapl.sys
14:04:24.0057 4404	USBAAPL ( UnsignedFile.Multi.Generic ) - warning
14:04:24.0057 4404	USBAAPL - detected UnsignedFile.Multi.Generic (1)
14:04:24.0120 4404	usbccgp         (03b01e8dbd2da2b49157b7e51912aaf2) C:\Windows\system32\DRIVERS\usbccgp.sys
14:04:24.0167 4404	usbccgp - ok
14:04:24.0213 4404	usbcir          (e9476e6c486e76bc4898074768fb7131) C:\Windows\system32\drivers\usbcir.sys
14:04:24.0323 4404	usbcir - ok
14:04:24.0447 4404	usbehci         (2f83363f98484f8edaf49f9b41520d14) C:\Windows\system32\DRIVERS\usbehci.sys
14:04:24.0494 4404	usbehci - ok
14:04:24.0557 4404	usbhub          (14d2a4dcd92c0b3368667aed6893463d) C:\Windows\system32\DRIVERS\usbhub.sys
14:04:24.0603 4404	usbhub - ok
14:04:24.0666 4404	usbohci         (51dc36722172d45f2f935ce5cc18a812) C:\Windows\system32\DRIVERS\usbohci.sys
14:04:24.0697 4404	usbohci - ok
14:04:24.0744 4404	usbprint        (b51e52acf758be00ef3a58ea452fe360) C:\Windows\system32\DRIVERS\usbprint.sys
14:04:24.0853 4404	usbprint - ok
14:04:24.0947 4404	usbscan         (b1f95285c08ddfe00c0b955462637ec7) C:\Windows\system32\DRIVERS\usbscan.sys
14:04:25.0071 4404	usbscan - ok
14:04:25.0118 4404	USBSTOR         (7887ce56934e7f104e98c975f47353c5) C:\Windows\system32\DRIVERS\USBSTOR.SYS
14:04:25.0181 4404	USBSTOR - ok
14:04:25.0227 4404	usbuhci         (325dbbacb8a36af9988ccf40eac228cc) C:\Windows\system32\DRIVERS\usbuhci.sys
14:04:25.0337 4404	usbuhci - ok
14:04:25.0446 4404	usbvideo        (0a6b81f01bc86399482e27e6fda7b33b) C:\Windows\system32\Drivers\usbvideo.sys
14:04:25.0555 4404	usbvideo - ok
14:04:25.0617 4404	UxSms           (f79d0d7c9004474cb42746d9b2c30a2b) C:\Windows\System32\uxsms.dll
14:04:25.0758 4404	UxSms - ok
14:04:25.0820 4404	vds             (c9d0bafee0d0a2681f048ca61bc0da96) C:\Windows\System32\vds.exe
14:04:25.0867 4404	vds - ok
14:04:25.0961 4404	vga             (7d92be0028ecdedec74617009084b5ef) C:\Windows\system32\DRIVERS\vgapnp.sys
14:04:26.0054 4404	vga - ok
14:04:26.0117 4404	VgaSave         (17a8f877314e4067f8c8172cc6d9101c) C:\Windows\System32\drivers\vga.sys
14:04:26.0241 4404	VgaSave - ok
14:04:26.0288 4404	viaagp          (045d9961e591cf0674a920b6ba3ba5cb) C:\Windows\system32\drivers\viaagp.sys
14:04:26.0304 4404	viaagp - ok
14:04:26.0351 4404	ViaC7           (56a4de5f02f2e88182b0981119b4dd98) C:\Windows\system32\drivers\viac7.sys
14:04:26.0460 4404	ViaC7 - ok
14:04:26.0522 4404	viaide          (fd2e3175fcada350c7ab4521dca187ec) C:\Windows\system32\drivers\viaide.sys
14:04:26.0538 4404	viaide - ok
14:04:26.0631 4404	VMC302          (2dff4efa8e65b257c171c362c1256db8) C:\Windows\system32\Drivers\VMC302.sys
14:04:26.0678 4404	VMC302 - ok
14:04:26.0741 4404	volmgr          (fd16fac15f9f165ac19a618e7b391f5c) C:\Windows\system32\drivers\volmgr.sys
14:04:26.0772 4404	volmgr - ok
14:04:26.0819 4404	volmgrx         (294da8d3f965f6a8db934a83c7b461ff) C:\Windows\system32\drivers\volmgrx.sys
14:04:26.0850 4404	volmgrx - ok
14:04:26.0897 4404	volsnap         (80dc0c9bcb579ed9815001a4d37cbfd5) C:\Windows\system32\drivers\volsnap.sys
14:04:26.0912 4404	volsnap - ok
14:04:26.0975 4404	vsmraid         (d984439746d42b30fc65a4c3546c6829) C:\Windows\system32\drivers\vsmraid.sys
14:04:27.0006 4404	vsmraid - ok
14:04:27.0068 4404	VSS             (e0e29d9ef2524abd11749c7c2fd7f607) C:\Windows\system32\vssvc.exe
14:04:27.0162 4404	VSS - ok
14:04:27.0240 4404	W32Time         (62b0d0f6f5580d9d0dfa5e0b466ff2ed) C:\Windows\system32\w32time.dll
14:04:27.0365 4404	W32Time - ok
14:04:27.0458 4404	WacomPen        (48dfee8f1af7c8235d4e626f0c4fe031) C:\Windows\system32\drivers\wacompen.sys
14:04:27.0567 4404	WacomPen - ok
14:04:27.0770 4404	Wanarp          (6798c1209a53b5a0ded8d437c45145ff) C:\Windows\system32\DRIVERS\wanarp.sys
14:04:27.0786 4404	Wanarp - ok
14:04:27.0801 4404	Wanarpv6        (6798c1209a53b5a0ded8d437c45145ff) C:\Windows\system32\DRIVERS\wanarp.sys
14:04:27.0833 4404	Wanarpv6 - ok
14:04:27.0879 4404	wcncsvc         (c1b19162e0509ceab4cdf664e139d956) C:\Windows\System32\wcncsvc.dll
14:04:27.0926 4404	wcncsvc - ok
14:04:27.0957 4404	WcsPlugInService (11bcb7afcdd7aadacb5746f544d3a9c7) C:\Windows\System32\WcsPlugInService.dll
14:04:28.0020 4404	WcsPlugInService - ok
14:04:28.0051 4404	Wd              (afc5ad65b991c1e205cf25cfdbf7a6f4) C:\Windows\system32\drivers\wd.sys
14:04:28.0082 4404	Wd - ok
14:04:28.0145 4404	Wdf01000        (b6f0a7ad6d4bd325fbcd8bac96cd8d96) C:\Windows\system32\drivers\Wdf01000.sys
14:04:28.0191 4404	Wdf01000 - ok
14:04:28.0269 4404	WdiServiceHost  (2a424b89b14ef17a3d06bcb5a8f79601) C:\Windows\system32\wdi.dll
14:04:28.0301 4404	WdiServiceHost - ok
14:04:28.0316 4404	WdiSystemHost   (2a424b89b14ef17a3d06bcb5a8f79601) C:\Windows\system32\wdi.dll
14:04:28.0347 4404	WdiSystemHost - ok
14:04:28.0394 4404	WebClient       (01e41c264eedcb827820a1909162579f) C:\Windows\System32\webclnt.dll
14:04:28.0441 4404	WebClient - ok
14:04:28.0488 4404	Wecsvc          (9cf67ff7f8d34cbf115d0c278b9f74aa) C:\Windows\system32\wecsvc.dll
14:04:28.0597 4404	Wecsvc - ok
14:04:28.0659 4404	wercplsupport   (b68cab45db1dab59d92acadfad6364a8) C:\Windows\System32\wercplsupport.dll
14:04:28.0784 4404	wercplsupport - ok
14:04:28.0847 4404	WerSvc          (36ba0707680ef4236fd752bee982cc25) C:\Windows\System32\WerSvc.dll
14:04:28.0971 4404	WerSvc - ok
14:04:29.0049 4404	WinDefend       (0d5ad0e71ff5ddac5dd2f443b499abd0) C:\Program Files\Windows Defender\mpsvc.dll
14:04:29.0081 4404	WinDefend - ok
14:04:29.0096 4404	WinHttpAutoProxySvc - ok
14:04:29.0190 4404	Winmgmt         (38a7b89de4e3417c122317949667fdd8) C:\Windows\system32\wbem\WMIsvc.dll
14:04:29.0315 4404	Winmgmt - ok
14:04:29.0393 4404	WinRM           (3f6823040030c3e4da1cf11cd40b7534) C:\Windows\system32\WsmSvc.dll
14:04:29.0517 4404	WinRM - ok
14:04:29.0642 4404	Wlansvc         (7640acea41348bfef34b76e245501261) C:\Windows\System32\wlansvc.dll
14:04:29.0720 4404	Wlansvc - ok
14:04:29.0876 4404	wlidsvc         (5144ae67d60ec653f97ddf3feed29e77) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
14:04:30.0001 4404	wlidsvc - ok
14:04:30.0079 4404	WmiAcpi         (701a9f884a294327e9141d73746ee279) C:\Windows\system32\drivers\wmiacpi.sys
14:04:30.0188 4404	WmiAcpi - ok
14:04:30.0282 4404	wmiApSrv        (a279323bee5fffafda222910bce92132) C:\Windows\system32\wbem\WmiApSrv.exe
14:04:30.0313 4404	wmiApSrv - ok
14:04:30.0391 4404	WMPNetworkSvc   (acb2e63d50157e3ea7140f29d9e76a48) C:\Program Files\Windows Media Player\wmpnetwk.exe
14:04:30.0516 4404	WMPNetworkSvc - ok
14:04:30.0594 4404	WPCSvc          (3d3b3b80c12abe506f56930c46422c28) C:\Windows\System32\wpcsvc.dll
14:04:30.0656 4404	WPCSvc - ok
14:04:30.0703 4404	WPDBusEnum      (c24844a1d0d9528b19d5bc266b8cd572) C:\Windows\system32\wpdbusenum.dll
14:04:30.0750 4404	WPDBusEnum - ok
14:04:30.0843 4404	WpdUsb          (2d27171b16a577ef14c1273668753485) C:\Windows\system32\DRIVERS\wpdusb.sys
14:04:30.0953 4404	WpdUsb - ok
14:04:31.0015 4404	ws2ifsl         (84620aecdcfd2a7a14e6263927d8c0ed) C:\Windows\system32\drivers\ws2ifsl.sys
14:04:31.0124 4404	ws2ifsl - ok
14:04:31.0218 4404	wscsvc          (f97cbb919af6d0a6643d1a59c15014d1) C:\Windows\System32\wscsvc.dll
14:04:31.0280 4404	wscsvc - ok
14:04:31.0311 4404	WSearch - ok
14:04:31.0452 4404	wuauserv        (6298277b73c77fa99106b271a7525163) C:\Windows\system32\wuaueng.dll
14:04:31.0639 4404	wuauserv - ok
14:04:31.0733 4404	WUDFRd          (a2aafcc8a204736296d937c7c545b53f) C:\Windows\system32\DRIVERS\WUDFRd.sys
14:04:31.0842 4404	WUDFRd - ok
14:04:31.0935 4404	wudfsvc         (db5bf5aab72b1b99b5331231d09ebb26) C:\Windows\System32\WUDFSvc.dll
14:04:32.0060 4404	wudfsvc - ok
14:04:32.0169 4404	yukonwlh        (ade7a4943003020216952b56a6741ec7) C:\Windows\system32\DRIVERS\yk60x86.sys
14:04:32.0216 4404	yukonwlh - ok
14:04:32.0247 4404	MBR (0x1B8)     (61a349592c4728853f4a90ff78f7628e) \Device\Harddisk0\DR0
14:04:32.0825 4404	\Device\Harddisk0\DR0 - ok
14:04:32.0871 4404	Boot (0x1200)   (39f1c8d7cb96ca8956459235f6edafcf) \Device\Harddisk0\DR0\Partition0
14:04:32.0871 4404	\Device\Harddisk0\DR0\Partition0 - ok
14:04:32.0887 4404	Boot (0x1200)   (92836443a2c29378b7f248aad6cb16da) \Device\Harddisk0\DR0\Partition1
14:04:32.0887 4404	\Device\Harddisk0\DR0\Partition1 - ok
14:04:32.0903 4404	============================================================
14:04:32.0903 4404	Scan finished
14:04:32.0903 4404	============================================================
14:04:32.0918 5464	Detected object count: 5
14:04:32.0918 5464	Actual detected object count: 5
14:04:58.0986 5464	OpenVPNService ( UnsignedFile.Multi.Generic ) - skipped by user
14:04:58.0986 5464	OpenVPNService ( UnsignedFile.Multi.Generic ) - User select action: Skip 
14:04:58.0986 5464	PzWDM ( UnsignedFile.Multi.Generic ) - skipped by user
14:04:58.0986 5464	PzWDM ( UnsignedFile.Multi.Generic ) - User select action: Skip 
14:04:58.0986 5464	Samsung Update Plus ( UnsignedFile.Multi.Generic ) - skipped by user
14:04:58.0986 5464	Samsung Update Plus ( UnsignedFile.Multi.Generic ) - User select action: Skip 
14:04:59.0001 5464	sptd ( LockedFile.Multi.Generic ) - skipped by user
14:04:59.0001 5464	sptd ( LockedFile.Multi.Generic ) - User select action: Skip 
14:04:59.0001 5464	USBAAPL ( UnsignedFile.Multi.Generic ) - skipped by user
14:04:59.0001 5464	USBAAPL ( UnsignedFile.Multi.Generic ) - User select action: Skip

cosinus · 29.03.2012, 15:02

Zitat:

Nur weil ich hier Hilfe suche, bin ich nicht dumm - natürlich ist mir klar, was "not found" heißt. Ich wollte nur wissen, was nicht gefunden werden konnte&was das bedeutet.

Na dann überleg doch mal "not found" = nicht gefunden = Objekt ist nicht mehr vorhanden!

Dann bitte jetzt CF ausführen:

ComboFix

Ein Leitfaden und Tutorium zur Nutzung von ComboFix

Lade dir ComboFix hier herunter auf deinen Desktop.

Schliesse alle Programme, vor allem dein Antivirenprogramm und andere Hintergrundwächter sowie deinen Internetbrowser.

Starte combofix.exe von deinem Desktop aus, bestätige die Warnmeldungen, führe die Updates durch (falls vorgeschlagen), installiere die Wiederherstellungskonsole (falls vorgeschlagen) und lass dein System durchsuchen.
Vermeide es auch während Combofix läuft die Maus und Tastatur zu benutzen.

Im Anschluss öffnet sich automatisch eine combofix.txt, diesen Inhalt bitte kopieren ([Strg]a, [Strg]c) und in deinen Beitrag einfügen ([Strg]v). Die Datei findest du außerdem unter: C:\ComboFix.txt.

Wichtiger Hinweis:

Combofix darf ausschließlich ausgeführt werden, wenn ein Kompetenzler dies ausdrücklich empfohlen hat!

Es sollte nie auf eigene Initiative hin ausgeführt werden! Eine falsche Benutzung kann ernsthafte Computerprobleme nach sich ziehen und eine Bereinigung der Infektion noch erschweren.

Solltest du nach der Ausführung von Combofix Probleme beim Starten von Anwendungen haben und Meldungen erhalten wie

Zitat:

Es wurde versucht, einen Registrierungsschlüssel einem ungültigen Vorgang zu unterziehen, der zum Löschen markiert wurde.

startest du Windows dann manuell neu und die Fehlermeldungen sollten nicht mehr auftauchen.

jade · 29.03.2012, 15:51

Faszinierend, seitdem hab ich wieder den IE auf dem Desktop.

[CODE]
Combofix Logfile:

Code:

ATTFilter

ComboFix 12-03-29.02 - * 29.03.2012  16:24:10.1.2 - x86
Microsoft® Windows Vista™ Home Premium   6.0.6000.0.1252.49.1031.18.3070.2160 [GMT 2:00]
ausgeführt von:: c:\users\*\Desktop\ComboFix.exe
.
.
(((((((((((((((((((((((   Dateien erstellt von 2012-02-28 bis 2012-03-29  ))))))))))))))))))))))))))))))
.
.
2012-03-29 13:22 . 2012-03-29 13:22	63115	----a-w-	c:\programdata\Microsoft\IdentityCRL\production\temp\wlidui_WLIDSVC\USERTILE.JS
2012-03-29 13:22 . 2012-03-29 13:22	9310	----a-w-	c:\programdata\Microsoft\IdentityCRL\production\temp\wlidui_WLIDSVC\TEXTBOX.JS
2012-03-29 13:22 . 2012-03-29 13:22	8646	----a-w-	c:\programdata\Microsoft\IdentityCRL\production\temp\wlidui_WLIDSVC\TILEBOX.JS
2012-03-29 13:22 . 2012-03-29 13:22	6429	----a-w-	c:\programdata\Microsoft\IdentityCRL\production\temp\wlidui_WLIDSVC\UICORE.JS
2012-03-29 13:22 . 2012-03-29 13:22	5927	----a-w-	c:\programdata\Microsoft\IdentityCRL\production\temp\wlidui_WLIDSVC\TEXT.JS
2012-03-29 13:22 . 2012-03-29 13:22	4599	----a-w-	c:\programdata\Microsoft\IdentityCRL\production\temp\wlidui_WLIDSVC\UIRESOURCE.JS
2012-03-29 13:22 . 2012-03-29 13:22	8613	----a-w-	c:\programdata\Microsoft\IdentityCRL\production\temp\wlidui_WLIDSVC\SAVEDUSER.JS
2012-03-29 13:22 . 2012-03-29 13:22	1651	----a-w-	c:\programdata\Microsoft\IdentityCRL\production\temp\wlidui_WLIDSVC\QUERYSTRING.JS
2012-03-29 13:22 . 2012-03-29 13:22	6910	----a-w-	c:\programdata\Microsoft\IdentityCRL\production\temp\wlidui_WLIDSVC\NEWUSERCOMM.JS
2012-03-29 13:21 . 2012-03-29 13:21	8288	----a-w-	c:\programdata\Microsoft\IdentityCRL\production\temp\wlidui_WLIDSVC\IMAGE.JS
2012-03-29 13:21 . 2012-03-29 13:21	6208	----a-w-	c:\programdata\Microsoft\IdentityCRL\production\temp\wlidui_WLIDSVC\LINK.JS
2012-03-29 13:21 . 2012-03-29 13:21	18541	----a-w-	c:\programdata\Microsoft\IdentityCRL\production\temp\wlidui_WLIDSVC\LOCALIZATION.JS
2012-03-29 13:21 . 2012-03-29 13:21	51852	----a-w-	c:\programdata\Microsoft\IdentityCRL\production\temp\wlidui_WLIDSVC\EXTERNALWRAPPER.JS
2012-03-29 13:21 . 2012-03-29 13:21	7271	----a-w-	c:\programdata\Microsoft\IdentityCRL\production\temp\wlidui_WLIDSVC\CHECKBOX.JS
2012-03-29 13:21 . 2012-03-29 13:21	23327	----a-w-	c:\programdata\Microsoft\IdentityCRL\production\temp\wlidui_WLIDSVC\COMBOBOX.JS
2012-03-29 13:21 . 2012-03-29 13:21	20719	----a-w-	c:\programdata\Microsoft\IdentityCRL\production\temp\wlidui_WLIDSVC\DIVWRAPPER.JS
2012-03-29 13:21 . 2012-03-29 13:21	8782	----a-w-	c:\programdata\Microsoft\IdentityCRL\production\temp\wlidui_WLIDSVC\BUTTON.JS
2012-03-27 16:10 . 2012-03-14 02:15	6582328	----a-w-	c:\programdata\Microsoft\Windows Defender\Definition Updates\{1EDAECD4-62A1-4AF8-A21D-F19E1379403D}\mpengine.dll
2012-03-26 17:47 . 2012-03-26 17:47	--------	d-----w-	c:\program files\ESET
2012-03-18 11:30 . 2012-03-18 11:30	592824	----a-w-	c:\program files\Mozilla Firefox\gkmedias.dll
2012-03-18 11:30 . 2012-03-18 11:30	44472	----a-w-	c:\program files\Mozilla Firefox\mozglue.dll
.
.
.
((((((((((((((((((((((((((((((((((((   Find3M Bericht   ))))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2012-02-23 08:18 . 2009-10-03 10:03	237072	------w-	c:\windows\system32\MpSigStub.exe
2012-02-16 17:51 . 2012-02-11 22:17	137416	----a-w-	c:\windows\system32\drivers\avipbb.sys
2012-03-18 11:30 . 2011-05-18 17:14	97208	----a-w-	c:\program files\mozilla firefox\components\browsercomps.dll
.
.
((((((((((((((((((((((((((((   Autostartpunkte der Registrierung   ))))))))))))))))))))))))))))))))))))))))
.
.
*Hinweis* leere Einträge & legitime Standardeinträge werden nicht angezeigt. 
REGEDIT4
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt1]
@="{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}]
2010-10-06 23:36	94208	----a-w-	c:\users\*\AppData\Roaming\Dropbox\bin\DropboxExt.14.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt2]
@="{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}]
2010-10-06 23:36	94208	----a-w-	c:\users\*\AppData\Roaming\Dropbox\bin\DropboxExt.14.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt3]
@="{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}]
2010-10-06 23:36	94208	----a-w-	c:\users\*\AppData\Roaming\Dropbox\bin\DropboxExt.14.dll
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Sidebar"="c:\program files\Windows Sidebar\sidebar.exe" [2008-04-16 1232896]
"LightScribe Control Panel"="c:\program files\Common Files\LightScribe\LightScribeControlPanel.exe" [2007-07-18 451872]
"WMPNSCFG"="c:\program files\Windows Media Player\WMPNSCFG.exe" [2006-11-02 201728]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"StartCCC"="c:\program files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" [2008-01-21 61440]
"RtHDVCpl"="RtHDVCpl.exe" [2007-06-13 4489216]
"SynTPEnh"="c:\program files\Synaptics\SynTP\SynTPEnh.exe" [2007-10-26 1029416]
"RemoteControl"="c:\program files\CyberLink\PowerDVD\PDVDServ.exe" [2007-01-08 68640]
"LanguageShortcut"="c:\program files\CyberLink\PowerDVD\Language\Language.exe" [2007-01-08 52256]
"MBBalloon"="c:\program files\HOTALBUMMyBOX\MBBalloon.exe" [2007-12-21 791392]
" Malwarebytes Anti-Malware  (reboot)"="c:\program files\Malwarebytes' Anti-Malware\mbam.exe" [2012-01-13 981680]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2011-08-31 40368]
"Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2011-03-29 937920]
"QuickTime Task"="c:\program files\QuickTime\QTTask.exe" [2010-11-29 421888]
"iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2011-06-07 421160]
"SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2011-06-09 254696]
"avgnt"="c:\program files\Avira\AntiVir Desktop\avgnt.exe" [2011-12-15 258512]
.
c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
BTTray.lnk - c:\program files\WIDCOMM\Bluetooth Software\BTTray.exe [2007-4-24 723760]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"aux"=wdmaud.drv
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Ulead Photo Express 5 SE Calendar Checker]
2004-01-12 19:40	69632	----a-w-	c:\program files\Ulead Systems\Ulead Photo Express 5 SE\CalCheck.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\McAfeeAntiSpyware]
"DisableMonitoring"=dword:00000001
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
bthsvcs	REG_MULTI_SZ   	BthServ
HPZ12	REG_MULTI_SZ   	Pml Driver HPZ12 Net Driver HPZ12
.
[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{10880D85-AAD9-4558-ABDC-2AB1552D831F}]
2007-07-18 08:53	451872	----a-w-	c:\program files\Common Files\LightScribe\LSRunOnce.exe
.
Inhalt des "geplante Tasks" Ordners
.
2012-03-29 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files\Google\Update\GoogleUpdate.exe [2012-03-20 15:06]
.
2012-03-29 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files\Google\Update\GoogleUpdate.exe [2012-03-20 15:06]
.
2012-03-29 c:\windows\Tasks\User_Feed_Synchronization-{B8DF09FC-AA2A-42C8-AAFD-FBF970487B24}.job
- c:\windows\system32\msfeedssync.exe [2006-11-02 09:45]
.
.
------- Zusätzlicher Suchlauf -------
.
uStart Page = hxxp:\\www.samsungcomputer.com
uDefault_Search_URL = hxxp://www.google.com/ie
uInternet Settings,ProxyOverride = *.local
uSearchAssistant = hxxp://www.google.com/ie
uSearchURL,(Default) = hxxp://www.google.com/search?q=%s
IE: Add to Google Photos Screensa&ver - c:\windows\system32\GPhotos.scr/200
IE: Free YouTube Download - c:\users\*\AppData\Roaming\DVDVideoSoftIEHelpers\youtubedownload.htm
IE: Free YouTube to Mp3 Converter - c:\users\*\AppData\Roaming\DVDVideoSoftIEHelpers\freeyoutubetomp3converter.htm
IE: Nach Microsoft E&xel exportieren - c:\progra~1\MICROS~2\Office12\EXCEL.EXE/3000
TCP: DhcpNameServer = 192.168.2.1 78.42.43.62 82.212.62.62
FF - ProfilePath - c:\users\*\AppData\Roaming\Mozilla\Firefox\Profiles\kh6forey.default\
FF - prefs.js: browser.search.selectedEngine - Google
FF - prefs.js: browser.startup.homepage - hxxp://google.de/
FF - prefs.js: keyword.URL - hxxp://search.icq.com/search/afe_results.php?ch_id=afex&q=
.
.
**************************************************************************
.
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, hxxp://www.gmer.net
Rootkit scan 2012-03-29 16:35
Windows 6.0.6000  NTFS
.
Scanne versteckte Prozesse... 
.
Scanne versteckte Autostarteinträge... 
.
Scanne versteckte Dateien... 
.
Scan erfolgreich abgeschlossen
versteckte Dateien: 0
.
**************************************************************************
.
--------------------- Durch laufende Prozesse gestartete DLLs ---------------------
.
- - - - - - - > 'Explorer.exe'(2208)
c:\users\*\AppData\Roaming\Dropbox\bin\DropboxExt.14.dll
c:\windows\system32\btmmhook.dll
.
Zeit der Fertigstellung: 2012-03-29  16:39:39
ComboFix-quarantined-files.txt  2012-03-29 14:39
.
Vor Suchlauf: 18 Verzeichnis(se), 67.773.440.000 Bytes frei
Nach Suchlauf: 22 Verzeichnis(se), 68.315.021.312 Bytes frei
.
- - End Of File - - 741F613D63D0CE9B0114AE7D04FDE775

--- --- ---

cosinus · 29.03.2012, 19:21

Bitte nun Logs mit GMER und OSAM erstellen und posten.
GMER stürzt häufiger ab, wenn das Tool auch beim 2. Mal nicht will, lass es einfach weg und führ nur OSAM aus - die Online-Abfrage durch OSAM bitte überspringen.
Bei OSAM bitte darauf auch achten, dass Du das Log auch als *.log und nicht *.html oder so abspeicherst.

Hinweis: Zum Entpacken von OSAM bitte WinRAR oder 7zip verwenden! Stell auch unbedingt den Virenscanner ab, besonders der Scanner von McAfee meldet oft einen Fehalarm in OSAM!

Downloade dir bitte

aswMBR.exe und speichere die Datei auf deinem Desktop.

Starte die aswMBR.exe - (aswMBR.exe Anleitung)
Ab Windows Vista (oder höher) bitte mit Rechtsklick "als Administrator ausführen" starten".
Das Tool wird dich fragen, ob Du mit der aktuellen Virendefinition von AVAST! dein System scannen willst. Beantworte diese Frage bitte mit Ja. (Sollte deine Firewall fragen, bitte den Zugriff auf das Internet zulassen )
Der Download der Definitionen kann je nach Verbindung eine Weile dauern.
Klicke auf Scan.
Warte bitte bis Scan finished successfully im DOS-Fenster steht.
Drücke auf Save Log und speichere diese auf dem Desktop.

Poste mir die aswMBR.txt in deiner nächsten Antwort.

Wichtig: Drücke keinesfalls einen der Fix Buttons ohne Anweisung

Hinweis: Sollte der Scan Button ausgeblendet sein, schließe das Tool und starte es erneut. Sollte der Scan abbrechen und das Programm abstürzen, dann teile mir das mit und wähle unter AV Scan die Einstellung (none).

jade · 30.03.2012, 20:22

Osam - Log:

Code:

ATTFilter

OSAM Logfile:

	Code: 

 ATTFilter

  
	Report of OSAM: Autorun Manager v5.0.11926.0
hxxp://www.online-solutions.ru/en/
Saved at 21:18:30 on 30.03.2012

OS: Windows Vista Home Premium Edition (Build 6000), 32-bit
Default Browser: Mozilla Corporation Firefox 11.0

Scanner Settings
[x] Rootkits detection (hidden registry)
[x] Rootkits detection (hidden files)
[x] Retrieve files information
[x] Check Microsoft signatures

Filters
[ ] Trusted entries
[ ] Empty entries
[x] Hidden registry entries (rootkit activity)
[x] Exclusively opened files
[x] Not found files
[x] Files without detailed information
[x] Existing files
[ ] Non-startable services
[ ] Non-startable drivers
[x] Active entries
[x] Disabled entries


[Common]
-----( %SystemRoot%\Tasks )-----
"GoogleUpdateTaskMachineCore.job" - "Google Inc." - C:\Program Files\Google\Update\GoogleUpdate.exe
"GoogleUpdateTaskMachineUA.job" - "Google Inc." - C:\Program Files\Google\Update\GoogleUpdate.exe

[Control Panel Objects]
-----( %SystemRoot%\system32 )-----
"FlashPlayerCPLApp.cpl" - "Adobe Systems Incorporated" - C:\Windows\system32\FlashPlayerCPLApp.cpl
-----( HKLM\Software\Microsoft\Windows\CurrentVersion\Control Panel\Cpls )-----
"mlcfg32.cpl" - "Microsoft Corporation" - C:\PROGRA~1\MICROS~2\Office12\MLCFG32.CPL
"QuickTime" - "Apple Inc." - C:\Program Files\QuickTime\QTSystem\QuickTime.cpl

[Drivers]
-----( HKLM\SYSTEM\CurrentControlSet\Services )-----
"Apple Mobile USB Driver" (USBAAPL) - "Apple, Inc." - C:\Windows\System32\Drivers\usbaapl.sys
"avgntflt" (avgntflt) - "Avira GmbH" - C:\Windows\System32\DRIVERS\avgntflt.sys
"avipbb" (avipbb) - "Avira GmbH" - C:\Windows\System32\DRIVERS\avipbb.sys
"avkmgr" (avkmgr) - "Avira GmbH" - C:\Windows\System32\DRIVERS\avkmgr.sys
"catchme" (catchme) - ? - C:\Users\jess\AppData\Local\Temp\catchme.sys  (File not found)
"IP in IP Tunnel Driver" (IpInIp) - ? - C:\Windows\System32\DRIVERS\ipinip.sys  (File not found)
"IPX Traffic Filter Driver" (NwlnkFlt) - ? - C:\Windows\System32\DRIVERS\nwlnkflt.sys  (File not found)
"IPX Traffic Forwarder Driver" (NwlnkFwd) - ? - C:\Windows\System32\DRIVERS\nwlnkfwd.sys  (File not found)
"PzWDM" (PzWDM) - "Prassi Technology" - C:\Windows\System32\Drivers\PzWDM.sys
"sptd" (sptd) - "Duplex Secure Ltd." - C:\Windows\System32\Drivers\sptd.sys  (File is exclusively opened, access blocked)
"ssmdrv" (ssmdrv) - "Avira GmbH" - C:\Windows\System32\DRIVERS\ssmdrv.sys

[Explorer]
-----( HKCU\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved )-----
{FB314ED9-A251-47B7-93E1-CDD82E34AF8B} "DropboxExt" - ? -   (File not found | COM-object registry key not found)
{FB314EDA-A251-47B7-93E1-CDD82E34AF8B} "DropboxExt" - ? -   (File not found | COM-object registry key not found)
{FB314EDB-A251-47B7-93E1-CDD82E34AF8B} "DropboxExt" - ? -   (File not found | COM-object registry key not found)
{FB314EDC-A251-47B7-93E1-CDD82E34AF8B} "DropboxExt" - ? -   (File not found | COM-object registry key not found)
-----( HKLM\SOFTWARE\Microsoft\Active Setup\Installed Components )-----
{10880D85-AAD9-4558-ABDC-2AB1552D831F} "LightScribe Control Panel" - "Hewlett-Packard Company" - "C:\Program Files\Common Files\LightScribe\LSRunOnce.exe"
-----( HKLM\Software\Classes\Folder\shellex\ColumnHandlers )-----
{F9DB5320-233E-11D1-9F84-707F02C10627} "PDF Shell Extension" - "Adobe Systems, Inc." - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\PDFShell.dll
{C52AF81D-F7A0-4AAB-8E87-F80A60CCD396} "{C52AF81D-F7A0-4AAB-8E87-F80A60CCD396}" - ? - C:\Program Files\OpenOffice.org 3\Basis\program\shlxthdl\shlxthdl.dll
-----( HKLM\Software\Classes\Protocols\Filter )-----
{807563E5-5146-11D5-A672-00B0D022E945} "Microsoft Office InfoPath XML Mime Filter" - "Microsoft Corporation" - C:\PROGRA~1\COMMON~1\MICROS~1\OFFICE12\MSOXMLMF.DLL
-----( HKLM\Software\Classes\Protocols\Handler )-----
{32505114-5902-49B2-880A-1F7738E5A384} "Data Page Plugable Protocal mso-offdap11 Handler" - "Microsoft Corporation" - C:\PROGRA~1\COMMON~1\MICROS~1\WEBCOM~1\11\OWC11.DLL
{314111c7-a502-11d2-bbca-00c04f8ec294} "HxProtocol Class" - "Microsoft Corporation" - C:\Program Files\Common Files\Microsoft Shared\Help\hxds.dll
{FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} "IEProtocolHandler Class" - "Skype Technologies" - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
{828030A1-22C1-4009-854F-8E305202313F} "livecall" - "Microsoft Corporation" - C:\PROGRA~1\WI1F86~1\MESSEN~1\MSGRAP~1.DLL
{828030A1-22C1-4009-854F-8E305202313F} "msnim" - "Microsoft Corporation" - C:\PROGRA~1\WI1F86~1\MESSEN~1\MSGRAP~1.DLL
-----( HKLM\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved )-----
{911051fa-c21c-4246-b470-070cd8df6dc4} ".cab or .zip files" - ? -   (File not found | COM-object registry key not found)
{23170F69-40C1-278A-1000-000100020000} "7-Zip Shell Extension" - "Igor Pavlov" - C:\Program Files\7-Zip\7-zip.dll
{1b24a030-9b20-49bc-97ac-1be4426f9e59} "ActiveDirectory Folder" - ? -   (File not found | COM-object registry key not found)
{34449847-FD14-4fc8-A75A-7432F5181EFB} "ActiveDirectory Folder" - ? -   (File not found | COM-object registry key not found)
{0F8604A5-4ECE-4DE1-BA7D-CF10F8AA4F48} "Contacts folder" - ? -   (File not found | COM-object registry key not found)
{2C2577C2-63A7-40e3-9B7F-586602617ECB} "Explorer Query Band" - ? -   (File not found | COM-object registry key not found)
{B9E1D2CB-CCFF-4AA6-9579-D7A4754030EF} "iTunes" - "Apple Inc." - C:\Program Files\iTunes\iTunesMiniPlayer.dll
{42042206-2D85-11D3-8CFF-005004838597} "Microsoft Office HTML Icon Handler" - "Microsoft Corporation" - C:\Program Files\Microsoft Office\Office12\msohevi.dll
{993BE281-6695-4BA5-8A2A-7AACBFAAB69E} "Microsoft Office Metadata Handler" - "Microsoft Corporation" - C:\PROGRA~1\COMMON~1\MICROS~1\OFFICE12\msoshext.dll
{00020d75-0000-0000-c000-000000000046} "Microsoft Office Outlook" - "Microsoft Corporation" - C:\PROGRA~1\MICROS~2\Office12\MLSHEXT.DLL
{C41662BB-1FA0-4CE0-8DC5-9B7F8279FF97} "Microsoft Office Thumbnail Handler" - "Microsoft Corporation" - C:\PROGRA~1\COMMON~1\MICROS~1\OFFICE12\msoshext.dll
{7842554E-6BED-11D2-8CDB-B05550C10000} "Monitor Class" - "Broadcom Corporation." - C:\Windows\system32\btncopy.dll
{C52AF81D-F7A0-4AAB-8E87-F80A60CCD396} "OpenOffice.org Column Handler" - ? - C:\Program Files\OpenOffice.org 3\Basis\program\shlxthdl\shlxthdl.dll
{087B3AE3-E237-4467-B8DB-5A38AB959AC9} "OpenOffice.org Infotip Handler" - ? - C:\Program Files\OpenOffice.org 3\Basis\program\shlxthdl\shlxthdl.dll
{63542C48-9552-494A-84F7-73AA6A7C99C1} "OpenOffice.org Property Sheet Handler" - ? - C:\Program Files\OpenOffice.org 3\Basis\program\shlxthdl\shlxthdl.dll
{3B092F0C-7696-40E3-A80F-68D74DA84210} "OpenOffice.org Thumbnail Viewer" - ? - C:\Program Files\OpenOffice.org 3\Basis\program\shlxthdl\shlxthdl.dll
{0006F045-0000-0000-C000-000000000046} "Outlook File Icon Extension" - "Microsoft Corporation" - C:\PROGRA~1\MICROS~2\Office12\OLKFSTUB.DLL
{C8494E42-ACDD-4739-B0FB-217361E4894F} "Sam Account Folder" - ? -   (File not found | COM-object registry key not found)
{E29F9716-5C08-4FCD-955A-119FDB5A522D} "Sam Account Folder" - ? -   (File not found | COM-object registry key not found)
{45AC2688-0253-4ED8-97DE-B5370FA7D48A} "Shell Extension for Malware scanning" - "Avira Operations GmbH & Co. KG" - C:\Program Files\Avira\AntiVir Desktop\shlext.dll
{5E2121EE-0300-11D4-8D3B-444553540000} "SimpleShlExt Class" - ? - C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\atiacmxx.dll
{da67b8ad-e81b-4c70-9b91b417b5e33527} "Windows Search Shell Service" - ? -   (File not found | COM-object registry key not found)

[Internet Explorer]
-----( HKCU\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser )-----
<binary data> "ITBar7Layout" - ? -   (File not found | COM-object registry key not found)
-----( HKLM\SOFTWARE\Microsoft\Code Store Database\Distribution Units )-----
{8AD9C840-044E-11D1-B3E9-00805F499D93} "Java Plug-in 1.6.0_30" - "Sun Microsystems, Inc." - C:\Program Files\Java\jre6\bin\jp2iexp.dll / hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_30-windows-i586.cab
{CAFEEFAC-0016-0000-0030-ABCDEFFEDCBA} "Java Plug-in 1.6.0_30" - "Sun Microsystems, Inc." - C:\Program Files\Java\jre6\bin\jp2iexp.dll / hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_30-windows-i586.cab
{CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} "Java Plug-in 1.6.0_30" - "Sun Microsystems, Inc." - C:\Program Files\Java\jre6\bin\npjpi160_30.dll / hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_30-windows-i586.cab
-----( HKLM\SOFTWARE\Microsoft\Internet Explorer\Extensions )-----
"@btrez.dll,-4015" - ? - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
{FF059E31-CC5A-4E2E-BF3B-96E929D65503} "Research" - "Microsoft Corporation" - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL
-----( HKLM\SOFTWARE\Microsoft\Internet Explorer\Toolbar )-----
{8dcb7100-df86-4384-8842-8fa844297b3f} "Bing Bar" - "Microsoft Corporation." - C:\Program Files\Microsoft\BingBar\BingExt.dll
-----( HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects )-----
{06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} "Adobe PDF Reader" - "Adobe Systems Incorporated" - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
{d2ce3e00-f94a-4740-988e-03dc2f38c34f} "Bing Bar Helper" - "Microsoft Corporation." - C:\Program Files\Microsoft\BingBar\BingExt.dll
{DBC80044-A445-435b-BC74-9C25C1C588A9} "Java(tm) Plug-In 2 SSV Helper" - "Sun Microsystems, Inc." - C:\Program Files\Java\jre6\bin\jp2ssv.dll
{761497BB-D6F0-462C-B6EB-D4DAF1D92D43} "Java(tm) Plug-In SSV Helper" - "Sun Microsystems, Inc." - C:\Program Files\Java\jre6\bin\ssv.dll
{9030D464-4C02-4ABF-8ECC-5164760863C6} "Windows Live ID Sign-in Helper" - "Microsoft Corporation" - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
{5C255C8A-E604-49b4-9D64-90988571CECB} "{5C255C8A-E604-49b4-9D64-90988571CECB}" - ? -   (File not found | COM-object registry key not found)

[Logon]
-----( %APPDATA%\Microsoft\Windows\Start Menu\Programs\Startup )-----
"desktop.ini" - ? - C:\Users\*\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\desktop.ini
-----( %AllUsersProfile%\Microsoft\Windows\Start Menu\Programs\Startup )-----
"desktop.ini" - ? - C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\desktop.ini
"BTTray.lnk" - "Broadcom Corporation." - C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe  (Shortcut exists | File exists)
-----( %UserProfile%\AppData\Local\Windows )-----
"Dropbox.lnk" - "Dropbox, Inc." - C:\Users\*\AppData\Roaming\Dropbox\bin\Dropbox.exe  (Shortcut exists | File exists)
-----( HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Run )-----
"LightScribe Control Panel" - "Hewlett-Packard Company" - C:\Program Files\Common Files\LightScribe\LightScribeControlPanel.exe -hidden
-----( HKLM\SYSTEM\CurrentControlSet\Control\Terminal Server\Wds\rdpwd )-----
"StartupPrograms" - ? - rdpclip  (File not found)
-----( HKLM\Software\Microsoft\Windows\CurrentVersion\Run )-----
"Adobe ARM" - "Adobe Systems Incorporated" - "C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
"Adobe Reader Speed Launcher" - "Adobe Systems Incorporated" - "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
"avgnt" - "Avira Operations GmbH & Co. KG" - "C:\Program Files\Avira\AntiVir Desktop\avgnt.exe" /min
"iTunesHelper" - "Apple Inc." - "C:\Program Files\iTunes\iTunesHelper.exe"
"LanguageShortcut" - ? - "C:\Program Files\CyberLink\PowerDVD\Language\Language.exe"
" Malwarebytes Anti-Malware  (reboot)" - "Malwarebytes Corporation" - "C:\Program Files\Malwarebytes' Anti-Malware\mbam.exe" /runcleanupscript
"MBBalloon" - "PLANNING Co., Ltd." - C:\Program Files\HOTALBUMMyBOX\MBBalloon.exe
"QuickTime Task" - "Apple Inc." - "C:\Program Files\QuickTime\QTTask.exe" -atboottime
"RemoteControl" - "Cyberlink Corp." - "C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe"
"StartCCC" - "Advanced Micro Devices, Inc." - "C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe"
"SunJavaUpdateSched" - "Sun Microsystems, Inc." - "C:\Program Files\Common Files\Java\Java Update\jusched.exe"

[Print Monitors]
-----( HKLM\SYSTEM\CurrentControlSet\Control\Print\Monitors )-----
"HP 8711 Status Monitor" - "Hewlett-Packard Co." - C:\Windows\system32\hpinksts8711LM.dll

[Services]
-----( HKLM\SYSTEM\CurrentControlSet\Services )-----
"Apple Mobile Device" (Apple Mobile Device) - "Apple Inc." - C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
"Avira Echtzeit Scanner" (AntiVirService) - "Avira Operations GmbH & Co. KG" - C:\Program Files\Avira\AntiVir Desktop\avguard.exe
"Avira Planer" (AntiVirSchedulerService) - "Avira Operations GmbH & Co. KG" - C:\Program Files\Avira\AntiVir Desktop\sched.exe
"Bing Bar Update Service" (BBSvc) - "Microsoft Corporation." - C:\Program Files\Microsoft\BingBar\BBSvc.EXE
"Bluetooth Service" (btwdins) - "Broadcom Corporation." - C:\Program Files\WIDCOMM\Bluetooth Software\bin\btwdins.exe
"Cyberlink RichVideo Service(CRVS)" (RichVideo) - ? - C:\Program Files\CyberLink\Shared Files\RichVideo.exe
"Dienst "Bonjour"" (Bonjour Service) - "Apple Inc." - C:\Program Files\Bonjour\mDNSResponder.exe
"Google Update-Dienst (gupdate)" (gupdate) - "Google Inc." - C:\Program Files\Google\Update\GoogleUpdate.exe
"Google Update-Dienst (gupdatem)" (gupdatem) - "Google Inc." - C:\Program Files\Google\Update\GoogleUpdate.exe
"Google Updater Service" (gusvc) - "Google" - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
"iPod-Dienst" (iPod Service) - "Apple Inc." - C:\Program Files\iPod\bin\iPodService.exe
"LightScribeService Direct Disc Labeling Service" (LightScribeService) - "Hewlett-Packard Company" - C:\Program Files\Common Files\LightScribe\LSSrvc.exe
"Microsoft Office Diagnostics Service" (odserv) - "Microsoft Corporation" - C:\Program Files\Common Files\Microsoft Shared\OFFICE12\ODSERV.EXE
"Office Source Engine" (ose) - "Microsoft Corporation" - C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE
"OpenVPN Service" (OpenVPNService) - ? - C:\Program Files\OpenVPN\bin\openvpnserv.exe  (File found, but it contains no detailed information)
"Samsung Update Plus" (Samsung Update Plus) - ? - C:\Program Files\Samsung\Samsung Update Plus\SLUBackgroundService.exe  (File found, but it contains no detailed information)
"SeaPort" (SeaPort) - "Microsoft Corporation" - C:\Program Files\Microsoft\BingBar\SeaPort.EXE
"SQL Server (MSSMLBIZ)" (MSSQL$MSSMLBIZ) - ? - C:\Program Files\Microsoft SQL Server\MSSQL.1\MSSQL\Binn\sqlservr.exe
"SQL Server VSS Writer" (SQLWriter) - ? - C:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe
"SQL Server-Browser" (SQLBrowser) - ? - C:\Program Files\Microsoft SQL Server\90\Shared\sqlbrowser.exe
"SQL Server-Startdienst für Business Contact Manager" (BcmSqlStartupSvc) - "Microsoft Corporation" - C:\Program Files\Microsoft Small Business\Business Contact Manager\BcmSqlStartupSvc.exe
"Windows Live ID Sign-in Assistant" (wlidsvc) - "Microsoft Corporation" - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE

[Winsock Providers]
-----( HKLM\SYSTEM\CurrentControlSet\Services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries )-----
"mdnsNSP" - "Apple Inc." - C:\Program Files\Bonjour\mdnsNSP.dll

===[ Logfile end ]=========================================[ Logfile end ]===
         
 --- --- ---

If You have questions or want to get some help, You can visit hxxp://forum.online-solutions.ru

"Aus Sicherheitsgründen wurde Ihr Windowssystem blockiert"

Plagegeister aller Art und deren Bekämpfung: "Aus Sicherheitsgründen wurde Ihr Windowssystem blockiert"