Windows wurde blockiert - Avira - 50 Euro Virus

Stepi85 · 28.03.2012, 08:29

Hallo,

mir ist klar, dass dieses Thema schon oft durchgesprochen wurde, ich wollte auch auf einen bestehenden Thread posten, ging aber leider nicht.

Ich habe seit vorhin scheinbar einen Virus oder Malware drauf, welcher mein Windows blockiert.

Von welchen Programmen braucht Ihr ein Log-File?
Werde diese dann heute abend einstellen.

Wenn ich bei den Porgrammen bestimmte Einstellungen vornehmen muss, lasst mich dies bitte wissen, damit wir schnell zum Ziel kommen.

Vielen Dank

MfG

Frank

markusg · 28.03.2012, 11:45

hi,
kein problem, du wirst auch nicht der letzte sein nehme ich an :-)
neustart, f8 drücken abgesicherter modus mit netzwerk wählen, im betroffenen konto anmelden, inet verbindung herstellen.
Falls noch nicht vorhanden, lade Dir bitte OTL von Oldtimer herunter und speichere es auf Deinem Desktop

Starte bitte die
OTL.exe
.
Vista und Win7 User mit Rechtsklick "als Administrator starten"
Kopiere nun den Inhalt in die
Textbox.

Code:

ATTFilter

activex
netsvcs
msconfig
%SYSTEMDRIVE%\*.
%PROGRAMFILES%\*.exe
%LOCALAPPDATA%\*.exe
%systemroot%\*. /mp /s
/md5start
userinit.exe
eventlog.dll
scecli.dll
netlogon.dll
cngaudit.dll
ws2ifsl.sys
sceclt.dll
ntelogon.dll
winlogon.exe
logevent.dll
user32.DLL
explorer.exe
iaStor.sys
nvstor.sys
atapi.sys
IdeChnDr.sys
viasraid.sys
AGP440.sys
vaxscsi.sys
nvatabus.sys
viamraid.sys
nvata.sys
nvgts.sys
iastorv.sys
ViPrt.sys
eNetHook.dll
ahcix86.sys
KR10N.sys
nvstor32.sys
ahcix86s.sys
/md5stop
%systemroot%\system32\drivers\*.sys /lockedfiles
%systemroot%\System32\config\*.sav
%systemroot%\system32\*.dll /lockedfiles
%USERPROFILE%\*.*
%USERPROFILE%\Local Settings\Temp\*.exe
%USERPROFILE%\Local Settings\Temp\*.dll
%USERPROFILE%\Application Data\*.exe
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Session Manager\SubSystems|Windows /rs
CREATERESTOREPOINT

Schliesse bitte nun alle Programme. (Wichtig)
Klicke nun bitte auf den Quick Scan Button.
Kopiere
nun den Inhalt aus OTL.txt und Extra.txt hier in Deinen Thread

Stepi85 · 28.03.2012, 19:18

Hallo,

erstmal die OTL.txt:

Code:

ATTFilter

OTL logfile created on: 28.03.2012 19:57:39 - Run 2
OTL by OldTimer - Version 3.2.39.2     Folder = C:\Users\Stepi\Desktop\OTL
 Ultimate Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
 
3,00 Gb Total Physical Memory | 2,41 Gb Available Physical Memory | 80,39% Memory free
5,99 Gb Paging File | 5,48 Gb Available in Paging File | 91,52% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 297,99 Gb Total Space | 158,68 Gb Free Space | 53,25% Space Free | Partition Type: NTFS
 
Computer Name: HANGOVERPC | User Name: Stepi | Logged in as Administrator.
Boot Mode: SafeMode with Networking | Scan Mode: Current user | Quick Scan
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days
 
========== Processes (SafeList) ==========
 
PRC - C:\Users\Stepi\Desktop\OTL\OTL.exe (OldTimer Tools)
PRC - C:\Programme\Mozilla Firefox\firefox.exe (Mozilla Corporation)
PRC - C:\Windows\explorer.exe (Microsoft Corporation)
 
 
========== Modules (No Company Name) ==========
 
MOD - C:\Programme\Mozilla Firefox\mozjs.dll ()
MOD - C:\Windows\System32\Macromed\Flash\NPSWF32.dll ()
MOD - C:\Programme\Adobe\Reader 9.0\Reader\ViewerPS.dll ()
MOD - C:\Programme\WinRAR\RarExt.dll ()
 
 
========== Win32 Services (SafeList) ==========
 
SRV - (FLEXnet Licensing Service) -- C:\Programme\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe (Acresso Software Inc.)
SRV - (a2AntiMalware) -- C:\Programme\Emsisoft Anti-Malware\a2service.exe (Emsi Software GmbH)
SRV - (AntiVirSchedulerService) -- C:\Programme\Avira\AntiVir Desktop\sched.exe (Avira Operations GmbH & Co. KG)
SRV - (AntiVirService) -- C:\Programme\Avira\AntiVir Desktop\avguard.exe (Avira Operations GmbH & Co. KG)
SRV - (odserv) -- C:\Programme\Common Files\microsoft shared\OFFICE12\ODSERV.EXE (Microsoft Corporation)
SRV - (WMPNetworkSvc) -- C:\Programme\Windows Media Player\wmpnetwk.exe (Microsoft Corporation)
SRV - (STacSV) -- C:\Windows\System32\DriverStore\FileRepository\stwrt.inf_x86_neutral_8e7d5b9d3a91d8c5\stacsv.exe (IDT, Inc.)
SRV - (SensrSvc) -- C:\Windows\System32\sensrsvc.dll (Microsoft Corporation)
SRV - (PeerDistSvc) -- C:\Windows\System32\PeerDistSvc.dll (Microsoft Corporation)
SRV - (WinDefend) -- C:\Programme\Windows Defender\MpSvc.dll (Microsoft Corporation)
SRV - (Nero BackItUp Scheduler 4.0) -- C:\Programme\Common Files\Nero\Nero BackItUp 4\NBService.exe (Nero AG)
SRV - (AESTFilters) -- C:\Windows\System32\DriverStore\FileRepository\stwrt.inf_x86_neutral_8e7d5b9d3a91d8c5\AEstSrv.exe (Andrea Electronics Corporation)
SRV - (Microsoft Office Groove Audit Service) -- C:\Programme\Microsoft Office\Office12\GrooveAuditService.exe (Microsoft Corporation)
SRV - (ose) -- C:\Programme\Common Files\microsoft shared\Source Engine\OSE.EXE (Microsoft Corporation)
 
 
========== Driver Services (SafeList) ==========
 
DRV - (VGPU) -- System32\drivers\rdvgkmd.sys File not found
DRV - (tsusbhub) -- system32\drivers\tsusbhub.sys File not found
DRV - (Synth3dVsc) -- System32\drivers\synth3dvsc.sys File not found
DRV - (avipbb) -- C:\Windows\System32\drivers\avipbb.sys (Avira GmbH)
DRV - (a2acc) -- C:\Programme\Emsisoft Anti-Malware\a2accx86.sys (Emsi Software GmbH)
DRV - (avgntflt) -- C:\Windows\System32\drivers\avgntflt.sys (Avira GmbH)
DRV - (avkmgr) -- C:\Windows\System32\drivers\avkmgr.sys (Avira GmbH)
DRV - (A2DDA) -- C:\Programme\Emsisoft Anti-Malware\a2ddax86.sys (Emsi Software GmbH)
DRV - (dc3d) -- C:\Windows\System32\drivers\dc3d.sys (Microsoft Corporation)
DRV - (FTDIBUS) -- C:\Windows\System32\drivers\ftdibus.sys (FTDI Ltd.)
DRV - (FTSER2K) -- C:\Windows\System32\drivers\ftser2k.sys (FTDI Ltd.)
DRV - (vmbus) -- C:\Windows\System32\drivers\vmbus.sys (Microsoft Corporation)
DRV - (storflt) -- C:\Windows\System32\drivers\vmstorfl.sys (Microsoft Corporation)
DRV - (storvsc) -- C:\Windows\System32\drivers\storvsc.sys (Microsoft Corporation)
DRV - (TsUsbFlt) -- C:\Windows\System32\drivers\TsUsbFlt.sys (Microsoft Corporation)
DRV - (RdpVideoMiniport) -- C:\Windows\System32\drivers\rdpvideominiport.sys (Microsoft Corporation)
DRV - (WinUsb) -- C:\Windows\System32\drivers\winusb.sys (Microsoft Corporation)
DRV - (VMBusHID) -- C:\Windows\System32\drivers\VMBusHID.sys (Microsoft Corporation)
DRV - (s3cap) -- C:\Windows\System32\drivers\vms3cap.sys (Microsoft Corporation)
DRV - (ssmdrv) -- C:\Windows\System32\drivers\ssmdrv.sys (Avira GmbH)
DRV - (sscdmdm) -- C:\Windows\System32\drivers\sscdmdm.sys (MCCI Corporation)
DRV - (sscdbus) SAMSUNG USB Composite Device driver (WDM) -- C:\Windows\System32\drivers\sscdbus.sys (MCCI Corporation)
DRV - (sscdmdfl) -- C:\Windows\System32\drivers\sscdmdfl.sys (MCCI Corporation)
DRV - (NETw5s32) Intel(R) -- C:\Windows\System32\drivers\NETw5s32.sys (Intel Corporation)
DRV - (ewusbnet) -- C:\Windows\System32\drivers\ewusbnet.sys (Huawei Technologies Co., Ltd.)
DRV - (hwdatacard) -- C:\Windows\System32\drivers\ewusbmdm.sys (Huawei Technologies Co., Ltd.)
DRV - (hwusbfake) -- C:\Windows\System32\drivers\ewusbfake.sys (Huawei Technologies Co., Ltd.)
DRV - (nvlddmkm) -- C:\Windows\System32\drivers\nvlddmkm.sys (NVIDIA Corporation)
DRV - (STHDA) -- C:\Windows\System32\drivers\stwrt.sys (IDT, Inc.)
DRV - (netw5v32) Intel(R) -- C:\Windows\System32\drivers\netw5v32.sys (Intel Corporation)
DRV - (hpdskflt) -- C:\Windows\System32\drivers\hpdskflt.sys (Hewlett-Packard)
DRV - (Accelerometer) -- C:\Windows\System32\drivers\Accelerometer.sys (Hewlett-Packard)
DRV - (HpqKbFiltr) -- C:\Windows\System32\drivers\HpqKbFiltr.sys (Hewlett-Packard Development Company, L.P.)
DRV - (JMCR) -- C:\Windows\System32\drivers\jmcr.sys (JMicron Technology Corporation)
 
 
========== Standard Registry (SafeList) ==========
 
 
========== Internet Explorer ==========
 
IE - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&FORM=IE8SRC
 
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Search Bar = 
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = 
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.google.de/
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = hxxp://de.msn.com/?ocid=iehp
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = de
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = 55 D5 A3 53 56 86 CA 01  [binary data]
IE - HKCU\..\URLSearchHook:  - No CLSID value found
IE - HKCU\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE - HKCU\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&src=IE-SearchBox&FORM=IE8SRC
IE - HKCU\..\SearchScopes\{6552C7DD-90A4-4387-B795-F8F96747DE19}: "URL" = hxxp://search.icq.com/search/results.php?q={searchTerms}&ch_id=osd
IE - HKCU\..\SearchScopes\{AD22EBAF-0D18-4fc7-90CC-5EA0ABBE9EB8}: "URL" = hxxp://www.daemon-search.com/search?q={searchTerms}
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local
 
========== FireFox ==========
 
FF - prefs.js..browser.search.defaultenginename: "ICQ Search"
FF - prefs.js..browser.search.selectedEngine: "Google"
FF - prefs.js..browser.startup.homepage: "hxxp://www.facebook.com/home.php?ref=hp"
FF - prefs.js..extensions.enabledItems: piclens@cooliris.com:1.12.0.36949
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA}:6.0.21
FF - prefs.js..extensions.enabledItems: ff-bmboc@bytemobile.com:4.2.2
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA}:6.0.22
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA}:6.0.24
FF - prefs.js..keyword.URL: "hxxp://search.icq.com/search/afe_results.php?ch_id=afex&tb_ver=1.1.7&q="
FF - user.js - File not found
 
FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF32.dll ()
FF - HKLM\Software\MozillaPlugins\@adobe.com/ShockwavePlayer: C:\Windows\system32\Adobe\Director\np32dsw.dll (Adobe Systems, Inc.)
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=:  File not found
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=1.0: C:\Program Files\iTunes\Mozilla Plugins\npitunes.dll ()
FF - HKLM\Software\MozillaPlugins\@divx.com/DivX Browser Plugin,version=1.0.0: C:\Program Files\DivX\DivX Plus Web Player\npdivx32.dll (DivX,Inc.)
FF - HKLM\Software\MozillaPlugins\@divx.com/DivX Player Plugin,version=1.0.0: C:\Program Files\DivX\DivX Player\npDivxPlayerPlugin.dll (DivX, Inc)
FF - HKLM\Software\MozillaPlugins\@Google.com/GoogleEarthPlugin: C:\Program Files\Google\Google Earth\plugin\npgeplugin.dll (Google)
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files\Java\jre6\bin\new_plugin\npjp2.dll (Sun Microsystems, Inc.)
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files\Microsoft Silverlight\4.1.10111.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@real.com/nppl3260;version=6.0.12.450: C:\Program Files\Real\RealPlayer\Netscape6\nppl3260.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nprjplug;version=1.0.3.448: C:\Program Files\Real\RealPlayer\Netscape6\nprjplug.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nprpjplug;version=6.0.12.448: C:\Program Files\Real\RealPlayer\Netscape6\nprpjplug.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nsJSRealPlayerPlugin;version=:  File not found
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files\Google\Update\1.3.21.111\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files\Google\Update\1.3.21.111\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files\Adobe\Reader 9.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
 
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\ff-bmboc@bytemobile.com: C:\Program Files\Vodafone\HighPerformance Client\addon\ [2010.11.07 15:18:49 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 10.0.2\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2012.02.17 09:39:28 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 10.0.2\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2011.06.24 08:29:45 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Thunderbird 8.0\extensions\\Components: C:\Program Files\Mozilla Thunderbird\components [2011.09.01 07:35:09 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Thunderbird 8.0\extensions\\Plugins: C:\Program Files\Mozilla Thunderbird\plugins [2011.06.24 08:29:45 | 000,000,000 | ---D | M]
 
[2010.12.26 13:17:15 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Stepi\AppData\Roaming\mozilla\Extensions
[2010.12.26 13:17:15 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Stepi\AppData\Roaming\mozilla\Extensions\{3550f703-e582-4d05-9a08-453d09bdfdc6}
[2012.02.10 11:11:39 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Stepi\AppData\Roaming\mozilla\Firefox\Profiles\s99fhapg.default\extensions
[2012.02.10 11:11:39 | 000,000,000 | ---D | M] (Cooliris) -- C:\Users\Stepi\AppData\Roaming\mozilla\Firefox\Profiles\s99fhapg.default\extensions\piclens@cooliris.com
[2009.12.27 20:21:18 | 000,002,055 | ---- | M] () -- C:\Users\Stepi\AppData\Roaming\Mozilla\Firefox\Profiles\s99fhapg.default\searchplugins\daemon-search.xml
[2012.03.21 20:25:43 | 000,001,056 | ---- | M] () -- C:\Users\Stepi\AppData\Roaming\Mozilla\Firefox\Profiles\s99fhapg.default\searchplugins\icqplugin.xml
[2011.11.10 09:45:22 | 000,000,000 | ---D | M] (No name found) -- C:\Programme\Mozilla Firefox\extensions
[2010.11.07 15:18:49 | 000,000,000 | ---D | M] (Bytemobile Optimization Client) -- C:\PROGRAM FILES\VODAFONE\HIGHPERFORMANCE CLIENT\ADDON
() (No name found) -- C:\USERS\STEPI\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\S99FHAPG.DEFAULT\EXTENSIONS\{5FF60652-3079-4D1A-8328-3126890EAE58}.XPI
[2012.02.17 09:39:28 | 000,134,104 | ---- | M] (Mozilla Foundation) -- C:\Program Files\mozilla firefox\components\browsercomps.dll
[2011.02.02 22:40:24 | 000,472,808 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files\mozilla firefox\plugins\npdeployJava1.dll
[2009.12.21 07:47:02 | 000,063,488 | ---- | M] (Nullsoft) -- C:\Program Files\mozilla firefox\plugins\npwachk.dll
[2011.10.04 09:01:43 | 000,001,392 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\amazondotcom-de.xml
[2011.10.04 09:01:43 | 000,002,252 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\bing.xml
[2011.10.04 09:01:43 | 000,001,153 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\eBay-de.xml
[2011.10.04 09:01:43 | 000,006,805 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\leo_ende_de.xml
[2011.10.04 09:01:43 | 000,001,178 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\wikipedia-de.xml
[2011.10.04 09:01:43 | 000,001,105 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\yahoo-de.xml
 
O1 HOSTS File: ([2011.10.25 20:11:18 | 000,438,080 | R--- | M]) - C:\Windows\System32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1	www.007guard.com
O1 - Hosts: 127.0.0.1	007guard.com
O1 - Hosts: 127.0.0.1	008i.com
O1 - Hosts: 127.0.0.1	www.008k.com
O1 - Hosts: 127.0.0.1	008k.com
O1 - Hosts: 127.0.0.1	www.00hq.com
O1 - Hosts: 127.0.0.1	00hq.com
O1 - Hosts: 127.0.0.1	010402.com
O1 - Hosts: 127.0.0.1	www.032439.com
O1 - Hosts: 127.0.0.1	032439.com
O1 - Hosts: 127.0.0.1	www.0scan.com
O1 - Hosts: 127.0.0.1	0scan.com
O1 - Hosts: 127.0.0.1	1000gratisproben.com
O1 - Hosts: 127.0.0.1	www.1000gratisproben.com
O1 - Hosts: 127.0.0.1	1001namen.com
O1 - Hosts: 127.0.0.1	www.1001namen.com
O1 - Hosts: 127.0.0.1	100888290cs.com
O1 - Hosts: 127.0.0.1	www.100888290cs.com
O1 - Hosts: 127.0.0.1	www.100sexlinks.com
O1 - Hosts: 127.0.0.1	100sexlinks.com
O1 - Hosts: 127.0.0.1	10sek.com
O1 - Hosts: 127.0.0.1	www.10sek.com
O1 - Hosts: 127.0.0.1	www.1-2005-search.com
O1 - Hosts: 127.0.0.1	1-2005-search.com
O1 - Hosts: 127.0.0.1	123fporn.info
O1 - Hosts: 15065 more lines...
O2 - BHO: (Groove GFS Browser Helper) - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Programme\Microsoft Office\Office12\GrooveShellExtensions.dll (Microsoft Corporation)
O3 - HKLM\..\Toolbar: (DAEMON Tools Toolbar) - {32099AAC-C132-4136-9E9A-4E364A424E17} - C:\Programme\DAEMON Tools Toolbar\DTToolbar.dll ()
O3 - HKCU\..\Toolbar\WebBrowser: (DAEMON Tools Toolbar) - {32099AAC-C132-4136-9E9A-4E364A424E17} - C:\Programme\DAEMON Tools Toolbar\DTToolbar.dll ()
O4 - HKLM..\Run: [AdobeCS4ServiceManager] C:\Program Files\Common Files\Adobe\CS4ServiceManager\CS4ServiceManager.exe (Adobe Systems Incorporated)
O4 - HKLM..\Run: [avgnt] C:\Program Files\Avira\AntiVir Desktop\avgnt.exe (Avira Operations GmbH & Co. KG)
O4 - HKLM..\Run: [EPSON Stylus DX4200 Series] C:\Windows\System32\spool\DRIVERS\W32X86\3\E_FATIAEE.EXE (SEIKO EPSON CORPORATION)
O4 - HKLM..\Run: [NPSStartup]  File not found
O4 - HKLM..\Run: [SysTrayApp] C:\Programme\IDT\WDM\sttray.exe (IDT, Inc.)
O4 - HKCU..\Run: [Microsoft® Windows Update] C:\Users\Stepi\M-1-52-5782-8752-5245\winsvc.exe File not found
O4 - HKCU..\Run: [SkypePM] C:\Users\Stepi\AppData\Local\Skype\SkypePM.exe ()
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
O8 - Extra context menu item: Nach Microsoft E&xel exportieren - C:\Programme\Microsoft Office\Office12\EXCEL.EXE (Microsoft Corporation)
O9 - Extra Button: An OneNote senden - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Programme\Microsoft Office\Office12\ONBttnIE.dll (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : An OneNote s&enden - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Programme\Microsoft Office\Office12\ONBttnIE.dll (Microsoft Corporation)
O9 - Extra Button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\Programme\Microsoft Office\Office12\REFIEBAR.DLL (Microsoft Corporation)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000005 [] - C:\Programme\Bonjour\mdnsNSP.dll (Apple Inc.)
O13 - gopher Prefix: missing
O16 - DPF: {79E0C1C0-316D-11D5-A72A-006097BFA1AC} hxxp://esupport.epson-europe.com/selftest/de/Prg/ESTPTest.cab (EPSON Web Printer-SelfTest Control Class)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_24-windows-i586.cab (Java Plug-in 1.6.0_24)
O16 - DPF: {CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_24-windows-i586.cab (Java Plug-in 1.6.0_24)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_24-windows-i586.cab (Java Plug-in 1.6.0_24)
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} hxxp://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab (Shockwave Flash Object)
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} hxxp://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab (Reg Error: Key error.)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.178.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{76F2D1EC-287B-4028-878B-EB182BA62129}: DhcpNameServer = 139.7.30.126 139.7.30.125
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{8647D11A-86D8-411D-9CD2-4D6E4D596001}: DhcpNameServer = 192.168.178.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{97BC4B9E-574B-485B-8535-09BFCD79F0CD}: DhcpNameServer = 139.7.30.126 139.7.30.125
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{C097D8A3-297D-4733-9FEA-C43D0C194E58}: DhcpNameServer = 139.7.30.126 139.7.30.125
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{DF2AE491-AD3C-4F33-BF32-2537E9D6F83B}: DhcpNameServer = 139.7.30.126 139.7.30.125
O18 - Protocol\Handler\grooveLocalGWS {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\Programme\Microsoft Office\Office12\GrooveSystemServices.dll (Microsoft Corporation)
O18 - Protocol\Handler\msdaipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Common Files\System\Ole DB\msdaipp.dll (Microsoft Corporation)
O18 - Protocol\Handler\msdaipp\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Common Files\System\Ole DB\msdaipp.dll (Microsoft Corporation)
O18 - Protocol\Handler\ms-help {314111c7-a502-11d2-bbca-00c04f8ec294} - C:\Programme\Common Files\microsoft shared\Help\hxds.dll (Microsoft Corporation)
O18 - Protocol\Filter\text/xml {807563E5-5146-11D5-A672-00B0D022E945} - C:\Programme\Common Files\microsoft shared\OFFICE12\MSOXMLMF.DLL (Microsoft Corporation)
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\System32\userinit.exe (Microsoft Corporation)
O20 - HKLM Winlogon: VMApplet - (SystemPropertiesPerformance.exe) - C:\Windows\System32\SystemPropertiesPerformance.exe (Microsoft Corporation)
O20 - HKLM Winlogon: VMApplet - (/pagefile) -  File not found
O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O28 - HKLM ShellExecuteHooks: {B5A7F190-DDA6-4420-B3BA-52453494E6CD} - C:\Programme\Microsoft Office\Office12\GrooveShellExtensions.dll (Microsoft Corporation)
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2009.06.10 23:42:20 | 000,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ]
O33 - MountPoints2\{02c2d451-9b39-11df-8cc8-00238b1327d9}\Shell - "" = AutoRun
O33 - MountPoints2\{02c2d451-9b39-11df-8cc8-00238b1327d9}\Shell\AutoRun\command - "" = H:\StartVMCLite.exe
O33 - MountPoints2\{02c2d458-9b39-11df-8cc8-00238b1327d9}\Shell - "" = AutoRun
O33 - MountPoints2\{02c2d458-9b39-11df-8cc8-00238b1327d9}\Shell\AutoRun\command - "" = H:\StartVMCLite.exe
O33 - MountPoints2\{21efc0bc-2c81-11df-8c87-00238b1327d9}\Shell - "" = AutoRun
O33 - MountPoints2\{21efc0bc-2c81-11df-8c87-00238b1327d9}\Shell\AutoRun\command - "" = F:\StartVMCLite.exe
O33 - MountPoints2\{21efc0be-2c81-11df-8c87-00238b1327d9}\Shell - "" = AutoRun
O33 - MountPoints2\{21efc0be-2c81-11df-8c87-00238b1327d9}\Shell\AutoRun\command - "" = F:\StartVMCLite.exe
O33 - MountPoints2\{2600c923-3ac6-11e0-bcd9-00238b1327d9}\Shell - "" = AutoRun
O33 - MountPoints2\{2600c923-3ac6-11e0-bcd9-00238b1327d9}\Shell\AutoRun\command - "" = I:\NPSAI.exe
O33 - MountPoints2\{6ca6c560-68de-11e0-bacd-00238b1327d9}\Shell - "" = AutoRun
O33 - MountPoints2\{6ca6c560-68de-11e0-bacd-00238b1327d9}\Shell\AutoRun\command - "" = I:\setup_vmc_lite.exe /checkApplicationPresence
O33 - MountPoints2\{86aff880-eb04-11df-b836-00238b1327d9}\Shell - "" = AutoRun
O33 - MountPoints2\{86aff880-eb04-11df-b836-00238b1327d9}\Shell\AutoRun\command - "" = I:\setup_vmc_lite.exe /checkApplicationPresence
O33 - MountPoints2\{8e2eaec3-0303-11e0-93f4-00238b1327d9}\Shell - "" = AutoRun
O33 - MountPoints2\{8e2eaec3-0303-11e0-93f4-00238b1327d9}\Shell\AutoRun\command - "" = H:\Setup.EXE
O33 - MountPoints2\{a1a6f2be-e092-11df-8f20-001e101f2500}\Shell - "" = AutoRun
O33 - MountPoints2\{a1a6f2be-e092-11df-8f20-001e101f2500}\Shell\AutoRun\command - "" = I:\setup_vmc_lite.exe /checkApplicationPresence
O33 - MountPoints2\{b6bad2a3-27de-11df-91fd-00238b1327d9}\Shell - "" = AutoRun
O33 - MountPoints2\{b6bad2a3-27de-11df-91fd-00238b1327d9}\Shell\AutoRun\command - "" = F:\StartVMCLite.exe
O33 - MountPoints2\{b6bad2ec-27de-11df-91fd-00238b1327d9}\Shell - "" = AutoRun
O33 - MountPoints2\{b6bad2ec-27de-11df-91fd-00238b1327d9}\Shell\AutoRun\command - "" = F:\StartVMCLite.exe
O33 - MountPoints2\{c15053fe-f314-11de-8f04-00238b1327d9}\Shell - "" = AutoRun
O33 - MountPoints2\{c15053fe-f314-11de-8f04-00238b1327d9}\Shell\AutoRun\command - "" = E:\Setup.EXE
O33 - MountPoints2\{e4fe62b1-e08c-11df-911e-00238b1327d9}\Shell - "" = AutoRun
O33 - MountPoints2\{e4fe62b1-e08c-11df-911e-00238b1327d9}\Shell\AutoRun\command - "" = H:\setup_vmc_lite.exe /checkApplicationPresence
O33 - MountPoints2\{e4fe62be-e08c-11df-911e-00238b1327d9}\Shell - "" = AutoRun
O33 - MountPoints2\{e4fe62be-e08c-11df-911e-00238b1327d9}\Shell\AutoRun\command - "" = I:\setup_vmc_lite.exe /checkApplicationPresence
O33 - MountPoints2\H\Shell - "" = AutoRun
O33 - MountPoints2\H\Shell\AutoRun\command - "" = H:\setup_vmc_lite.exe /checkApplicationPresence
O33 - MountPoints2\I\Shell - "" = AutoRun
O33 - MountPoints2\I\Shell\AutoRun\command - "" = I:\setup_vmc_lite.exe /checkApplicationPresence
O34 - HKLM BootExecute: (autocheck autochk *)
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
 
ActiveX: {08B0E5C0-4FCB-11CF-AAA5-00401C608500} - Java (Sun)
ActiveX: {10880D85-AAD9-4558-ABDC-2AB1552D831F} - "C:\Program Files\Common Files\LightScribe\LSRunOnce.exe"
ActiveX: {22d6f312-b0f6-11d0-94ab-0080c74c7e95} - Microsoft Windows Media Player 12.0
ActiveX: {25FFAAD0-F4A3-4164-95FF-4461E9F35D51} - .NET Framework
ActiveX: {2C7339CF-2B09-4501-B3F3-F3508C9228ED} - %SystemRoot%\system32\regsvr32.exe /s /n /i:/UserInstall %SystemRoot%\system32\themeui.dll
ActiveX: {3af36230-a269-11d1-b5bf-0000f8051515} - Offline Browsing Pack
ActiveX: {3C3901C5-3455-3E0A-A214-0B093A5070A6} - .NET Framework
ActiveX: {44BBA840-CC51-11CF-AAFA-00AA00B6015C} - "%ProgramFiles%\Windows Mail\WinMail.exe" OCInstallUserConfigOE
ActiveX: {44BBA855-CC51-11CF-AAFA-00AA00B6015F} - DirectDrawEx
ActiveX: {45ea75a0-a269-11d1-b5bf-0000f8051515} - Internet Explorer Help
ActiveX: {4f645220-306d-11d2-995d-00c04f98bbc9} - Microsoft Windows Script 5.6
ActiveX: {5fd399c0-a70a-11d1-9948-00c04f98bbc9} - Internet Explorer Setup Tools
ActiveX: {630b1da0-b465-11d1-9948-00c04f98bbc9} - Browsing Enhancements
ActiveX: {6BF52A52-394A-11d3-B153-00C04F79FAA6} - Microsoft Windows Media Player
ActiveX: {6fab99d0-bab8-11d1-994a-00c04f98bbc9} - MSN Site Access
ActiveX: {73FA19D0-2D75-11D2-995D-00C04F98BBC9} - Web Folders
ActiveX: {7790769C-0471-11d2-AF11-00C04FA35D02} - Address Book 7
ActiveX: {7C028AF8-F614-47B3-82DA-BA94E41B1089} - .NET Framework
ActiveX: {89820200-ECBD-11cf-8B85-00AA005B4340} - regsvr32.exe /s /n /i:U shell32.dll
ActiveX: {89820200-ECBD-11cf-8B85-00AA005B4383} - C:\Windows\System32\ie4uinit.exe -BaseSettings
ActiveX: {89B4C1CD-B018-4511-B0A1-5476DBF70820} - C:\Windows\system32\Rundll32.exe C:\Windows\system32\mscories.dll,Install
ActiveX: {9381D8F2-0288-11D0-9501-00AA00B911A5} - Dynamic HTML Data Binding
ActiveX: {C9E9A340-D1F1-11D0-821E-444553540600} - Internet Explorer Core Fonts
ActiveX: {D27CDB6E-AE6D-11CF-96B8-444553540000} - Adobe Flash Player
ActiveX: {de5aed00-a4bf-11d1-9948-00c04f98bbc9} - HTML Help
ActiveX: {E92B03AB-B707-11d2-9CBD-0000F87A369E} - Active Directory Service Interface
ActiveX: {FF1F3E98-5F69-43D1-CA47-EB306110F3A4} - Browser Customizations
ActiveX: >{22d6f312-b0f6-11d0-94ab-0080c74c7e95} - %SystemRoot%\system32\unregmp2.exe /ShowWMP
ActiveX: >{26923b43-4d38-484f-9b9e-de460746276c} - C:\Windows\System32\ie4uinit.exe -UserIconConfig
ActiveX: >{60B49E34-C7CC-11D0-8953-00A0C90347FF} - "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\iedkcs32.dll",BrandIEActiveSetup SIGNUP
 
NetSvcs: FastUserSwitchingCompatibility -  File not found
NetSvcs: Ias - C:\Windows\System32\ias.dll (Microsoft Corporation)
NetSvcs: Nla -  File not found
NetSvcs: Ntmssvc -  File not found
NetSvcs: NWCWorkstation -  File not found
NetSvcs: Nwsapagent -  File not found
NetSvcs: SRService -  File not found
NetSvcs: WmdmPmSp -  File not found
NetSvcs: LogonHours -  File not found
NetSvcs: PCAudit -  File not found
NetSvcs: helpsvc -  File not found
NetSvcs: uploadmgr -  File not found
 
MsConfig - StartUpReg: Adobe ARM - hkey= - key= - C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe (Adobe Systems Incorporated)
MsConfig - StartUpReg: Adobe Reader Speed Launcher - hkey= - key= - C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe (Adobe Systems Incorporated)
MsConfig - StartUpReg: AlcoholAutomount - hkey= - key= - C:\Program Files\Alcohol Soft\Alcohol 120\axcmd.exe (Alcohol Soft Development Team)
MsConfig - StartUpReg: AutoStartNPSAgent - hkey= - key= - C:\Programme\Samsung\Samsung New PC Studio\NPSAgent.exe (Samsung Electronics Co., Ltd.)
MsConfig - StartUpReg: DAEMON Tools Lite - hkey= - key= - C:\Program Files\DAEMON Tools Lite\DTLite.exe (DT Soft Ltd)
MsConfig - StartUpReg: ISUSPM - hkey= - key= - C:\ProgramData\Macrovision\FLEXnet Connect\6\ISUSPM.exe (Macrovision Corporation)
MsConfig - StartUpReg: iTunesHelper - hkey= - key= - C:\Program Files\iTunes\iTunesHelper.exe (Apple Inc.)
MsConfig - StartUpReg: LightScribe Control Panel - hkey= - key= - C:\Program Files\Common Files\LightScribe\LightScribeControlPanel.exe (Hewlett-Packard Company)
MsConfig - StartUpReg: MobileConnect - hkey= - key= -  File not found
MsConfig - StartUpReg: NvCplDaemon - hkey= - key= -  File not found
MsConfig - StartUpReg: PDFPrint - hkey= - key= - C:\Programme\pdf24\pdf24.exe (Geek Software GmbH)
MsConfig - StartUpReg: QuickTime Task - hkey= - key= - C:\Program Files\QuickTime\QTTask.exe (Apple Inc.)
MsConfig - StartUpReg: Sidebar - hkey= - key= - C:\Program Files\Windows Sidebar\sidebar.exe (Microsoft Corporation)
MsConfig - StartUpReg: TkBellExe - hkey= - key= - C:\Program Files\Common Files\Real\Update_OB\realsched.exe (RealNetworks, Inc.)
MsConfig - StartUpReg: {2136E952-826A-440D-A56F-BF568930D5EA} - hkey= - key= - C:\Program Files\Vodafone\HighPerformance Client\bmoc.exe (Bytemobile, Inc.)
 
CREATERESTOREPOINT
Error creating restore point.
 
========== Files/Folders - Created Within 30 Days ==========
 
[2012.03.28 19:54:30 | 000,000,000 | ---D | C] -- C:\Users\Stepi\Desktop\OTL
[2012.03.28 09:03:20 | 000,000,000 | ---D | C] -- C:\TDSSKiller_Quarantine
[2012.03.28 09:00:41 | 002,068,016 | ---- | C] (Kaspersky Lab ZAO) -- C:\Users\Stepi\Desktop\TDSSKiller.exe
[2012.03.19 22:57:57 | 000,000,000 | ---D | C] -- C:\Users\Stepi\Desktop\Adobe
[2012.03.19 08:54:18 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Macrovision Shared
[2012.03.05 22:08:05 | 000,000,000 | ---D | C] -- C:\Users\Stepi\Desktop\Forum Tiffy
[2012.03.05 19:13:23 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Rossmann Fotowelt Software
[2012.03.05 19:11:43 | 000,000,000 | ---D | C] -- C:\Program Files\Rossmann Fotowelt Software
[2012.03.04 15:27:53 | 000,000,000 | ---D | C] -- C:\Users\Stepi\Desktop\Hochzeit von Rene und Sandra
[2 C:\Windows\System32\*.tmp files -> C:\Windows\System32\*.tmp -> ]
[1 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ]
[1 C:\*.tmp files -> C:\*.tmp -> ]
 
========== Files - Modified Within 30 Days ==========
 
[2012.03.28 19:52:26 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2012.03.28 19:52:19 | 2413,719,552 | -HS- | M] () -- C:\hiberfil.sys
[2012.03.28 09:30:24 | 000,014,016 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
[2012.03.28 09:30:23 | 000,014,016 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
[2012.03.28 09:22:08 | 000,001,092 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job
[2012.03.28 08:32:07 | 000,001,096 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job
[2012.03.28 07:07:41 | 000,654,166 | ---- | M] () -- C:\Windows\System32\perfh007.dat
[2012.03.28 07:07:41 | 000,616,008 | ---- | M] () -- C:\Windows\System32\perfh009.dat
[2012.03.28 07:07:41 | 000,130,006 | ---- | M] () -- C:\Windows\System32\perfc007.dat
[2012.03.28 07:07:41 | 000,106,388 | ---- | M] () -- C:\Windows\System32\perfc009.dat
[2012.03.26 13:41:12 | 002,068,016 | ---- | M] (Kaspersky Lab ZAO) -- C:\Users\Stepi\Desktop\TDSSKiller.exe
[2012.03.22 12:01:27 | 043,036,933 | ---- | M] () -- C:\Users\Stepi\Desktop\test1.psd
[2012.03.21 23:09:42 | 003,501,622 | ---- | M] () -- C:\Users\Stepi\Desktop\test1.jpg
[2012.03.19 14:41:11 | 002,339,944 | ---- | M] () -- C:\Windows\System32\FNTCACHE.DAT
[2012.03.03 12:00:56 | 003,344,384 | ---- | M] () -- C:\Users\Stepi\Desktop\IMG_4191.JPG
[2 C:\Windows\System32\*.tmp files -> C:\Windows\System32\*.tmp -> ]
[1 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ]
[1 C:\*.tmp files -> C:\*.tmp -> ]
 
========== Files Created - No Company Name ==========
 
[2012.03.22 12:01:20 | 043,036,933 | ---- | C] () -- C:\Users\Stepi\Desktop\test1.psd
[2012.03.21 23:07:27 | 003,501,622 | ---- | C] () -- C:\Users\Stepi\Desktop\test1.jpg
[2012.03.21 13:30:54 | 003,344,384 | ---- | C] () -- C:\Users\Stepi\Desktop\IMG_4191.JPG
[2012.03.19 09:01:46 | 000,001,095 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe Photoshop CS4.lnk
[2012.03.19 09:00:59 | 000,001,057 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe Bridge CS4.lnk
[2012.03.19 09:00:25 | 000,001,394 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe Drive CS4.lnk
[2012.03.19 08:58:52 | 000,001,150 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe Device Central CS4.lnk
[2012.03.19 08:56:18 | 000,001,241 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe Extension Manager CS4.lnk
[2012.03.19 08:55:47 | 000,001,365 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe ExtendScript Toolkit CS4.lnk
[2011.10.25 20:48:41 | 000,044,544 | ---- | C] () -- C:\Windows\System32\Gif89.dll
[2011.07.19 21:45:14 | 000,000,000 | ---- | C] () -- C:\Users\Stepi\AppData\Local\{6A09781F-FEB0-414F-A5DC-DE160E30D380}
[2011.06.09 08:59:02 | 000,080,896 | ---- | C] () -- C:\Windows\System32\RDVGHelper.exe
[2011.06.09 08:58:02 | 000,066,048 | ---- | C] () -- C:\Windows\System32\PrintBrmUi.exe
 
========== LOP Check ==========
 
[2011.12.29 19:05:58 | 000,000,000 | ---D | M] -- C:\Users\Stepi\AppData\Roaming\AquaCalculator
[2011.06.25 11:48:03 | 000,000,000 | ---D | M] -- C:\Users\Stepi\AppData\Roaming\Azureus
[2010.10.26 01:40:26 | 000,000,000 | ---D | M] -- C:\Users\Stepi\AppData\Roaming\Bytemobile
[2010.11.07 00:35:59 | 000,000,000 | ---D | M] -- C:\Users\Stepi\AppData\Roaming\DAEMON Tools Lite
[2010.04.13 17:02:24 | 000,000,000 | ---D | M] -- C:\Users\Stepi\AppData\Roaming\Desktopicon
[2010.11.27 00:00:48 | 000,000,000 | ---D | M] -- C:\Users\Stepi\AppData\Roaming\Friday's games
[2011.01.08 22:20:12 | 000,000,000 | ---D | M] -- C:\Users\Stepi\AppData\Roaming\Hotel-Manager
[2009.12.26 20:11:17 | 000,000,000 | ---D | M] -- C:\Users\Stepi\AppData\Roaming\IrfanView
[2010.11.26 21:07:31 | 000,000,000 | ---D | M] -- C:\Users\Stepi\AppData\Roaming\Plan It Green Files
[2011.02.17 22:30:38 | 000,000,000 | ---D | M] -- C:\Users\Stepi\AppData\Roaming\Samsung
[2010.11.27 22:50:26 | 000,000,000 | ---D | M] -- C:\Users\Stepi\AppData\Roaming\Settlement. Colossus
[2010.12.26 13:17:14 | 000,000,000 | ---D | M] -- C:\Users\Stepi\AppData\Roaming\Thunderbird
[2010.04.15 08:04:33 | 000,000,000 | ---D | M] -- C:\Users\Stepi\AppData\Roaming\Toolbars
[2010.04.21 23:43:04 | 000,000,000 | ---D | M] -- C:\Users\Stepi\AppData\Roaming\Tropico 3
[2010.11.07 15:19:12 | 000,000,000 | ---D | M] -- C:\Users\Stepi\AppData\Roaming\Vodafone
[2010.11.03 09:32:40 | 000,000,000 | ---D | M] -- C:\Users\Stepi\AppData\Roaming\Vodafone Mobile Connect
[2010.11.26 00:52:24 | 000,000,000 | ---D | M] -- C:\Users\Stepi\AppData\Roaming\World-Loom
[2010.11.27 22:50:10 | 000,000,000 | ---D | M] -- C:\Users\Stepi\AppData\Roaming\Zylom
[2012.02.07 10:40:03 | 000,032,640 | ---- | M] () -- C:\Windows\Tasks\SCHEDLGU.TXT
 
========== Purity Check ==========
 
 
 
========== Custom Scans ==========
 
< %SYSTEMDRIVE%\*. >
[2010.01.20 09:54:16 | 000,000,000 | -HSD | M] -- C:\$Recycle.Bin
[2009.12.26 19:37:47 | 000,000,000 | -HSD | M] -- C:\Dokumente und Einstellungen
[2010.12.08 23:47:55 | 000,000,000 | ---D | M] -- C:\emanager
[2010.12.05 23:23:40 | 000,000,000 | ---D | M] -- C:\Games
[2009.12.26 20:43:54 | 000,000,000 | ---D | M] -- C:\HP
[2009.12.26 20:28:39 | 000,000,000 | ---D | M] -- C:\Intel
[2010.01.06 22:10:52 | 000,000,000 | RH-D | M] -- C:\MSOCache
[2009.07.14 04:37:05 | 000,000,000 | ---D | M] -- C:\PerfLogs
[2012.03.27 05:27:12 | 000,000,000 | R--D | M] -- C:\Program Files
[2012.03.28 09:22:12 | 000,000,000 | -H-D | M] -- C:\ProgramData
[2009.12.26 19:37:47 | 000,000,000 | -HSD | M] -- C:\Programme
[2009.12.26 19:37:47 | 000,000,000 | -HSD | M] -- C:\Recovery
[2011.10.27 19:54:28 | 000,000,000 | ---D | M] -- C:\Spiele
[2011.02.13 14:47:02 | 000,000,000 | ---D | M] -- C:\SWSetup
[2012.03.27 09:14:06 | 000,000,000 | -HSD | M] -- C:\System Volume Information
[2012.03.28 09:18:58 | 000,000,000 | ---D | M] -- C:\TDSSKiller_Quarantine
[2009.12.26 19:39:26 | 000,000,000 | R--D | M] -- C:\Users
[2012.03.28 19:52:20 | 000,000,000 | ---D | M] -- C:\Windows
[2010.01.08 02:27:52 | 000,000,000 | -H-D | M] -- C:\WindowsLiveSyncTemp
 
< %PROGRAMFILES%\*.exe >
 
< %LOCALAPPDATA%\*.exe >
 
< %systemroot%\*. /mp /s >
 
< MD5 for: AGP440.SYS  >
[2009.07.14 03:26:15 | 000,053,312 | ---- | M] (Microsoft Corporation) MD5=507812C3054C21CEF746B6EE3D04DD6E -- C:\Windows\System32\drivers\AGP440.sys
[2009.07.14 03:26:15 | 000,053,312 | ---- | M] (Microsoft Corporation) MD5=507812C3054C21CEF746B6EE3D04DD6E -- C:\Windows\System32\DriverStore\FileRepository\machine.inf_x86_neutral_a97a2a0d0fbc6696\AGP440.sys
[2009.07.14 03:26:15 | 000,053,312 | ---- | M] (Microsoft Corporation) MD5=507812C3054C21CEF746B6EE3D04DD6E -- C:\Windows\winsxs\x86_machine.inf_31bf3856ad364e35_6.1.7600.16385_none_b9e9435f20046eeb\AGP440.sys
[2009.07.14 03:26:15 | 000,053,312 | ---- | M] (Microsoft Corporation) MD5=507812C3054C21CEF746B6EE3D04DD6E -- C:\Windows\winsxs\x86_machine.inf_31bf3856ad364e35_6.1.7601.17514_none_bc1a57271cf2f285\AGP440.sys
 
< MD5 for: ATAPI.SYS  >
[2009.07.14 03:26:15 | 000,021,584 | ---- | M] (Microsoft Corporation) MD5=338C86357871C167A96AB976519BF59E -- C:\Windows\System32\drivers\atapi.sys
[2009.07.14 03:26:15 | 000,021,584 | ---- | M] (Microsoft Corporation) MD5=338C86357871C167A96AB976519BF59E -- C:\Windows\System32\DriverStore\FileRepository\mshdc.inf_x86_neutral_fab873f3e8a3315c\atapi.sys
[2009.07.14 03:26:15 | 000,021,584 | ---- | M] (Microsoft Corporation) MD5=338C86357871C167A96AB976519BF59E -- C:\Windows\winsxs\x86_mshdc.inf_31bf3856ad364e35_6.1.7600.16385_none_dd0e7e3d82dd640d\atapi.sys
[2009.07.14 03:26:15 | 000,021,584 | ---- | M] (Microsoft Corporation) MD5=338C86357871C167A96AB976519BF59E -- C:\Windows\winsxs\x86_mshdc.inf_31bf3856ad364e35_6.1.7601.17514_none_df3f92057fcbe7a7\atapi.sys
 
< MD5 for: CNGAUDIT.DLL  >
[2009.07.14 03:15:06 | 000,012,288 | ---- | M] (Microsoft Corporation) MD5=50BA656134F78AF64E4DD3C8B6FEFD7E -- C:\Windows\System32\cngaudit.dll
[2009.07.14 03:15:06 | 000,012,288 | ---- | M] (Microsoft Corporation) MD5=50BA656134F78AF64E4DD3C8B6FEFD7E -- C:\Windows\winsxs\x86_microsoft-windows-cngaudit-dll_31bf3856ad364e35_6.1.7600.16385_none_e83a414890e8132b\cngaudit.dll
 
< MD5 for: EXPLORER.EXE  >
[2011.02.26 07:19:21 | 002,616,320 | ---- | M] (Microsoft Corporation) MD5=0FB9C74046656D1579A64660AD67B746 -- C:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.1.7601.21669_none_54149f9ef14031fc\explorer.exe
[2009.07.14 03:14:20 | 002,613,248 | ---- | M] (Microsoft Corporation) MD5=15BC38A7492BEFE831966ADB477CF76F -- C:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.16385_none_518afd35db100430\explorer.exe
[2011.02.26 07:51:13 | 002,614,784 | ---- | M] (Microsoft Corporation) MD5=255CF508D7CFB10E0794D6AC93280BD8 -- C:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.20910_none_525b5180f3f95373\explorer.exe
[2009.10.31 07:45:39 | 002,614,272 | ---- | M] (Microsoft Corporation) MD5=2626FC9755BE22F805D3CFA0CE3EE727 -- C:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.16450_none_51a66d6ddafc2ed1\explorer.exe
[2011.02.26 07:33:07 | 002,614,784 | ---- | M] (Microsoft Corporation) MD5=2AF58D15EDC06EC6FDACCE1F19482BBF -- C:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.16768_none_51a3a583dafd0cef\explorer.exe
[2010.11.20 14:17:09 | 002,616,320 | ---- | M] (Microsoft Corporation) MD5=40D777B7A95E00593EB1568C68514493 -- C:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.1.7601.17514_none_53bc10fdd7fe87ca\explorer.exe
[2011.02.25 07:30:54 | 002,616,320 | ---- | M] (Microsoft Corporation) MD5=8B88EBBB05A0E56B7DCC708498C02B3E -- C:\Windows\explorer.exe
[2011.02.25 07:30:54 | 002,616,320 | ---- | M] (Microsoft Corporation) MD5=8B88EBBB05A0E56B7DCC708498C02B3E -- C:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.1.7601.17567_none_5389023fd8245f84\explorer.exe
[2009.11.09 11:38:18 | 002,613,248 | ---- | M] (Microsoft Corporation) MD5=9FF6C4C91A3711C0A3B18F87B08B518D -- C:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.20500_none_526619d4f3f142e6\explorer.exe
[2009.11.09 11:38:18 | 002,613,248 | ---- | M] (Microsoft Corporation) MD5=B95EEB0F4E5EFBF1038A35B3351CF047 -- C:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.16404_none_51e07e31dad00878\explorer.exe
[2009.10.31 08:00:51 | 002,614,272 | ---- | M] (Microsoft Corporation) MD5=C76153C7ECA00FA852BB0C193378F917 -- C:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.20563_none_52283b2af41f3691\explorer.exe
 
< MD5 for: IASTORV.SYS  >
[2011.03.11 07:38:51 | 000,332,160 | ---- | M] (Intel Corporation) MD5=5CD5F9A5444E6CDCB0AC89BD62D8B76E -- C:\Windows\System32\drivers\iaStorV.sys
[2011.03.11 07:38:51 | 000,332,160 | ---- | M] (Intel Corporation) MD5=5CD5F9A5444E6CDCB0AC89BD62D8B76E -- C:\Windows\System32\DriverStore\FileRepository\iastorv.inf_x86_neutral_0bcee2057afcc090\iaStorV.sys
[2011.03.11 07:38:51 | 000,332,160 | ---- | M] (Intel Corporation) MD5=5CD5F9A5444E6CDCB0AC89BD62D8B76E -- C:\Windows\winsxs\x86_iastorv.inf_31bf3856ad364e35_6.1.7601.17577_none_b0daddb9e6380745\iaStorV.sys
[2011.03.11 07:43:55 | 000,332,160 | ---- | M] (Intel Corporation) MD5=71F1A494FEDF4B33C02C4A6A28D6D9E9 -- C:\Windows\winsxs\x86_iastorv.inf_31bf3856ad364e35_6.1.7600.16778_none_aef580fde910b4b0\iaStorV.sys
[2011.03.11 07:28:00 | 000,332,160 | ---- | M] (Intel Corporation) MD5=778D0E6D7D9EBA0C403BADBAAD41DB20 -- C:\Windows\winsxs\x86_iastorv.inf_31bf3856ad364e35_6.1.7601.21680_none_b152a892ff64119f\iaStorV.sys
[2009.07.14 03:20:36 | 000,332,352 | ---- | M] (Intel Corporation) MD5=934AF4D7C5F457B9F0743F4299B77B67 -- C:\Windows\winsxs\x86_iastorv.inf_31bf3856ad364e35_6.1.7600.16385_none_aee7a89be91b9000\iaStorV.sys
[2010.11.20 14:29:54 | 000,332,160 | ---- | M] (Intel Corporation) MD5=A3CAE5D281DB4CFF7CFF8233507EE5AD -- C:\Windows\System32\DriverStore\FileRepository\iastorv.inf_x86_neutral_668286aa35d55928\iaStorV.sys
[2010.11.20 14:29:54 | 000,332,160 | ---- | M] (Intel Corporation) MD5=A3CAE5D281DB4CFF7CFF8233507EE5AD -- C:\Windows\winsxs\x86_iastorv.inf_31bf3856ad364e35_6.1.7601.17514_none_b118bc63e60a139a\iaStorV.sys
[2011.03.11 07:52:21 | 000,332,160 | ---- | M] (Intel Corporation) MD5=B9039A34C2F8769490DCC494E2402445 -- C:\Windows\winsxs\x86_iastorv.inf_31bf3856ad364e35_6.1.7600.20921_none_afae2d45020c148b\iaStorV.sys
 
< MD5 for: NETLOGON.DLL  >
[2010.11.20 14:20:28 | 000,563,712 | ---- | M] (Microsoft Corporation) MD5=C1809B9907ADEDAF16F50C894100883B -- C:\Windows\System32\netlogon.dll
[2010.11.20 14:20:28 | 000,563,712 | ---- | M] (Microsoft Corporation) MD5=C1809B9907ADEDAF16F50C894100883B -- C:\Windows\winsxs\x86_microsoft-windows-security-netlogon_31bf3856ad364e35_6.1.7601.17514_none_ffbf212e963c0162\netlogon.dll
[2009.07.14 03:16:02 | 000,563,712 | ---- | M] (Microsoft Corporation) MD5=EAA75D9000B71F10EEC04D2AE6C60E81 -- C:\Windows\winsxs\x86_microsoft-windows-security-netlogon_31bf3856ad364e35_6.1.7600.16385_none_fd8e0d66994d7dc8\netlogon.dll
 
< MD5 for: NVSTOR.SYS  >
[2011.03.11 07:39:00 | 000,143,744 | ---- | M] (NVIDIA Corporation) MD5=4380E59A170D88C4F1022EFF6719A8A4 -- C:\Windows\System32\drivers\nvstor.sys
[2011.03.11 07:39:00 | 000,143,744 | ---- | M] (NVIDIA Corporation) MD5=4380E59A170D88C4F1022EFF6719A8A4 -- C:\Windows\System32\DriverStore\FileRepository\nvraid.inf_x86_neutral_0276fc3b3ea60d41\nvstor.sys
[2011.03.11 07:39:00 | 000,143,744 | ---- | M] (NVIDIA Corporation) MD5=4380E59A170D88C4F1022EFF6719A8A4 -- C:\Windows\winsxs\x86_nvraid.inf_31bf3856ad364e35_6.1.7601.17577_none_3ba44e691d6eb11d\nvstor.sys
[2011.03.11 07:44:01 | 000,143,744 | ---- | M] (NVIDIA Corporation) MD5=4520B63899E867F354EE012D34E11536 -- C:\Windows\winsxs\x86_nvraid.inf_31bf3856ad364e35_6.1.7600.16778_none_39bef1ad20475e88\nvstor.sys
[2011.03.11 07:28:10 | 000,143,744 | ---- | M] (NVIDIA Corporation) MD5=66D468654A58594F5F3BA63D5AD5B1AF -- C:\Windows\winsxs\x86_nvraid.inf_31bf3856ad364e35_6.1.7601.21680_none_3c1c1942369abb77\nvstor.sys
[2011.03.11 07:52:25 | 000,143,744 | ---- | M] (NVIDIA Corporation) MD5=8A7583A3B58D3EEB28BB26626526BC91 -- C:\Windows\winsxs\x86_nvraid.inf_31bf3856ad364e35_6.1.7600.20921_none_3a779df43942be63\nvstor.sys
[2010.11.20 14:30:06 | 000,143,744 | ---- | M] (NVIDIA Corporation) MD5=9283C58EBAA2618F93482EB5DABCEC82 -- C:\Windows\System32\DriverStore\FileRepository\nvraid.inf_x86_neutral_dd659ed032d28a14\nvstor.sys
[2010.11.20 14:30:06 | 000,143,744 | ---- | M] (NVIDIA Corporation) MD5=9283C58EBAA2618F93482EB5DABCEC82 -- C:\Windows\winsxs\x86_nvraid.inf_31bf3856ad364e35_6.1.7601.17514_none_3be22d131d40bd72\nvstor.sys
[2009.07.14 03:20:44 | 000,142,416 | ---- | M] (NVIDIA Corporation) MD5=C99F251A5DE63C6F129CF71933ACED0F -- C:\Windows\winsxs\x86_nvraid.inf_31bf3856ad364e35_6.1.7600.16385_none_39b1194b205239d8\nvstor.sys
 
< MD5 for: SCECLI.DLL  >
[2009.07.14 03:16:13 | 000,175,616 | ---- | M] (Microsoft Corporation) MD5=26073302DAEA83CC5B944C546D6B47D2 -- C:\Windows\winsxs\x86_microsoft-windows-s..urationengineclient_31bf3856ad364e35_6.1.7600.16385_none_37e4387f3a6f0483\scecli.dll
[2010.11.20 14:21:04 | 000,175,616 | ---- | M] (Microsoft Corporation) MD5=8124944EC89D6A1815E4E53F5B96AAF4 -- C:\Windows\System32\scecli.dll
[2010.11.20 14:21:04 | 000,175,616 | ---- | M] (Microsoft Corporation) MD5=8124944EC89D6A1815E4E53F5B96AAF4 -- C:\Windows\winsxs\x86_microsoft-windows-s..urationengineclient_31bf3856ad364e35_6.1.7601.17514_none_3a154c47375d881d\scecli.dll
 
< MD5 for: USER32.DLL  >
[2009.07.14 03:16:17 | 000,811,520 | ---- | M] (Microsoft Corporation) MD5=34B7E222E81FAFA885F0C5F2CFA56861 -- C:\Windows\winsxs\x86_microsoft-windows-user32_31bf3856ad364e35_6.1.7600.16385_none_cd0ec264ceb014a3\user32.dll
[2010.11.20 14:21:33 | 000,811,520 | ---- | M] (Microsoft Corporation) MD5=F1DD3ACAEE5E6B4BBC69BC6DF75CEF66 -- C:\Windows\System32\user32.dll
[2010.11.20 14:21:33 | 000,811,520 | ---- | M] (Microsoft Corporation) MD5=F1DD3ACAEE5E6B4BBC69BC6DF75CEF66 -- C:\Windows\winsxs\x86_microsoft-windows-user32_31bf3856ad364e35_6.1.7601.17514_none_cf3fd62ccb9e983d\user32.dll
 
< MD5 for: USERINIT.EXE  >
[2010.11.20 14:17:48 | 000,026,624 | ---- | M] (Microsoft Corporation) MD5=61AC3EFDFACFDD3F0F11DD4FD4044223 -- C:\Windows\System32\userinit.exe
[2010.11.20 14:17:48 | 000,026,624 | ---- | M] (Microsoft Corporation) MD5=61AC3EFDFACFDD3F0F11DD4FD4044223 -- C:\Windows\winsxs\x86_microsoft-windows-userinit_31bf3856ad364e35_6.1.7601.17514_none_de3024012ff21116\userinit.exe
[2009.07.14 03:14:43 | 000,026,112 | ---- | M] (Microsoft Corporation) MD5=6DE80F60D7DE9CE6B8C2DDFDF79EF175 -- C:\Windows\winsxs\x86_microsoft-windows-userinit_31bf3856ad364e35_6.1.7600.16385_none_dbff103933038d7c\userinit.exe
 
< MD5 for: WINLOGON.EXE  >
[2009.10.28 08:17:59 | 000,285,696 | ---- | M] (Microsoft Corporation) MD5=37CDB7E72EB66BA85A87CBE37E7F03FD -- C:\Windows\winsxs\x86_microsoft-windows-winlogon_31bf3856ad364e35_6.1.7600.16447_none_6fc699643622d177\winlogon.exe
[2009.10.28 07:52:08 | 000,285,696 | ---- | M] (Microsoft Corporation) MD5=3BABE6767C78FBF5FB8435FEED187F30 -- C:\Windows\winsxs\x86_microsoft-windows-winlogon_31bf3856ad364e35_6.1.7600.20560_none_703394514f56f7c2\winlogon.exe
[2010.11.20 14:17:54 | 000,286,720 | ---- | M] (Microsoft Corporation) MD5=6D13E1406F50C66E2A95D97F22C47560 -- C:\Windows\System32\winlogon.exe
[2010.11.20 14:17:54 | 000,286,720 | ---- | M] (Microsoft Corporation) MD5=6D13E1406F50C66E2A95D97F22C47560 -- C:\Windows\winsxs\x86_microsoft-windows-winlogon_31bf3856ad364e35_6.1.7601.17514_none_71ca6b0233339500\winlogon.exe
[2009.07.14 03:14:45 | 000,285,696 | ---- | M] (Microsoft Corporation) MD5=8EC6A4AB12B8F3759E21F8E3A388F2CF -- C:\Windows\winsxs\x86_microsoft-windows-winlogon_31bf3856ad364e35_6.1.7600.16385_none_6f99573a36451166\winlogon.exe
 
< MD5 for: WS2IFSL.SYS  >
[2009.07.14 01:55:02 | 000,016,384 | ---- | M] (Microsoft Corporation) MD5=6DB3276587B853BF886B69528FDB048C -- C:\Windows\System32\drivers\ws2ifsl.sys
[2009.07.14 01:55:02 | 000,016,384 | ---- | M] (Microsoft Corporation) MD5=6DB3276587B853BF886B69528FDB048C -- C:\Windows\winsxs\x86_microsoft-windows-w..rastructure-ws2ifsl_31bf3856ad364e35_6.1.7600.16385_none_4f5cf6f829213bb2\ws2ifsl.sys
 
< %systemroot%\system32\drivers\*.sys /lockedfiles >
 
< %systemroot%\System32\config\*.sav >
 
< %systemroot%\system32\*.dll /lockedfiles >
[2 C:\Windows\system32\*.tmp files -> C:\Windows\system32\*.tmp -> ]
 
< %USERPROFILE%\*.* >
[2012.03.28 20:05:40 | 008,126,464 | -HS- | M] () -- C:\Users\Stepi\NTUSER.DAT
[2012.03.28 20:05:40 | 000,262,144 | -HS- | M] () -- C:\Users\Stepi\ntuser.dat.LOG1
[2009.12.26 19:39:27 | 000,000,000 | -HS- | M] () -- C:\Users\Stepi\ntuser.dat.LOG2
[2009.12.26 19:45:06 | 000,065,536 | -HS- | M] () -- C:\Users\Stepi\NTUSER.DAT{6cced2f1-6e01-11de-8bed-001e0bcd1824}.TM.blf
[2009.12.26 19:45:06 | 000,524,288 | -HS- | M] () -- C:\Users\Stepi\NTUSER.DAT{6cced2f1-6e01-11de-8bed-001e0bcd1824}.TMContainer00000000000000000001.regtrans-ms
[2009.12.26 19:45:06 | 000,524,288 | -HS- | M] () -- C:\Users\Stepi\NTUSER.DAT{6cced2f1-6e01-11de-8bed-001e0bcd1824}.TMContainer00000000000000000002.regtrans-ms
[2011.02.17 00:33:36 | 000,065,536 | -HS- | M] () -- C:\Users\Stepi\NTUSER.DAT{e0783f23-3a0f-11e0-a66c-00238b1327d9}.TM.blf
[2011.02.17 00:33:36 | 000,524,288 | -HS- | M] () -- C:\Users\Stepi\NTUSER.DAT{e0783f23-3a0f-11e0-a66c-00238b1327d9}.TMContainer00000000000000000001.regtrans-ms
[2011.02.17 00:33:36 | 000,524,288 | -HS- | M] () -- C:\Users\Stepi\NTUSER.DAT{e0783f23-3a0f-11e0-a66c-00238b1327d9}.TMContainer00000000000000000002.regtrans-ms
[2009.12.26 19:39:27 | 000,000,020 | -HS- | M] () -- C:\Users\Stepi\ntuser.ini
[2010.11.20 14:17:47 | 000,227,328 | ---- | M] (Microsoft Corporation) -- C:\Users\Stepi\taskmgr.exe
 
< %USERPROFILE%\Local Settings\Temp\*.exe >
 
< %USERPROFILE%\Local Settings\Temp\*.dll >
 
< %USERPROFILE%\Application Data\*.exe >
 
< HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Session Manager\SubSystems|Windows /rs >
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Session Manager\SubSystems\\Required: DebugWindows [binary data]
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Session Manager\SubSystems\\Windows: %SystemRoot%\system32\csrss.exe ObjectDirectory=\Windows SharedSection=1024,12288,512 Windows=On SubSystemType=Windows ServerDll=basesrv,1 ServerDll=winsrv:UserServerDllInitialization,3 ServerDll=winsrv:ConServerDllInitialization,2 ServerDll=sxssrv,4 ProfileControl=Off MaxRequestThreads=16
 
<           >

< End of report >

Leider hat er mir keine Extra.txt ausgegeben!?

MfG

Frank

markusg · 28.03.2012, 19:27

hi

dieses script sowie evtl. folgende scripts sind nur für den jeweiligen user.
wenn ihr probleme habt, eröffnet eigene topics und wartet auf, für euch angepasste scripts.

• Starte bitte die OTL.exe
• Kopiere nun das Folgende in die Textbox.

Code:

ATTFilter

:OTL
O4 - HKCU..\Run: [SkypePM] C:\Users\Stepi\AppData\Local\Skype\SkypePM.exe ()
 :Files
C:\Users\Stepi\AppData\Local\Skype
:Commands
[purity]
[EMPTYFLASH] 
[emptytemp]
[Reboot]

• Schliesse bitte nun alle Programme.
• Klicke nun bitte auf den Fix Button.
• OTL kann gegebenfalls einen Neustart verlangen. Bitte dies zulassen.
• Nach dem Neustart findest Du ein Textdokument, dessen inhalt in deiner nächsten antwort hier reinkopieren.
starte in den normalen modus.

falls du keine symbole hast, dann rechtsklick, ansicht, desktop symbole einblenden

Hinweis: Die Datei bitte wie in der Anleitung zum UpChannel angegeben auch da hochladen. Bitte NICHT die ZIP-Datei hier als Anhang
in den Thread posten!

Drücke bitte die

+ E Taste.

Öffne dein Systemlaufwerk ( meistens C: )
Suche nun
folgenden Ordner: _OTL und öffne diesen.
Mache einen Rechtsklick auf den Ordner Movedfiles --> Senden an --> Zip-Komprimierter Ordner
Dies wird eine Movedfiles.zip Datei in _OTL erstellen
Lade diese bitte in unseren Uploadchannel
hoch. ( Durchsuchen --> C:\_OTL\Movedfiles.zip )

Teile mir mit ob der Upload problemlos geklappt hat. Danke im voraus

Stepi85 · 28.03.2012, 19:42

Hallo,

anbei die Antwort vom OTL:

Code:

ATTFilter

All processes killed
========== OTL ==========
Registry value HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run\\SkypePM deleted successfully.
C:\Users\Stepi\AppData\Local\Skype\SkypePM.exe moved successfully.
========== COMMANDS ==========
 
[EMPTYFLASH]
 
User: All Users
 
User: Default
->Flash cache emptied: 56475 bytes
 
User: Default User
->Flash cache emptied: 0 bytes
 
User: Public
 
User: Stepi
->Flash cache emptied: 3410121 bytes
 
Total Flash Files Cleaned = 3,00 mb
 
 
[EMPTYTEMP]
 
User: All Users
 
User: Default
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 33170 bytes
->Flash cache emptied: 0 bytes
 
User: Default User
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
->Flash cache emptied: 0 bytes
 
User: Public
 
User: Stepi
->Temp folder emptied: 301378381 bytes
->Temporary Internet Files folder emptied: 2481999193 bytes
->Java cache emptied: 8209845 bytes
->FireFox cache emptied: 57796002 bytes
->Flash cache emptied: 0 bytes
 
%systemdrive% .tmp files removed: 102352 bytes
%systemroot% .tmp files removed: 0 bytes
%systemroot%\System32 .tmp files removed: 976896 bytes
%systemroot%\System32\drivers .tmp files removed: 0 bytes
Windows Temp folder emptied: 137845849 bytes
RecycleBin emptied: 44649727 bytes
 
Total Files Cleaned = 2.892,00 mb
 
 
OTL by OldTimer - Version 3.2.39.2 log created on 03282012_203447

Files\Folders moved on Reboot...

Registry entries deleted on Reboot...

Der Upload hat auch geklappt.

MfG

Frank

markusg · 29.03.2012, 12:08

danke dir

Combofix darf ausschließlich ausgeführt werden, wenn dies von einem Team Mitglied angewiesen wurde!
Es sollte nie auf eigene Initiative hin ausgeführt werden! Eine falsche Benutzung kann ernsthafte Computerprobleme nach sich
ziehen und eine Bereinigung der Infektion noch erschweren.

Downloade dir bitte Combofix von einem dieser Downloadspiegel

Link 1
Link 2

WICHTIG - Speichere Combofix auf deinem Desktop

Deaktiviere bitte all deine Anti Viren sowie Anti Malware/Spyware Scanner. Diese können Combofix bei der Arbeit stören.

Starte die Combofix.exe und folge den Anweisungen auf dem Bildschirm.

Wenn Combofix fertig ist, wird es eine Logfile erstellen. Bitte poste die C:\Combofix.txt in deiner nächsten Antwort.

Hinweis: Solltest du nach dem Neustart folgende Fehlermeldung erhalten

Zitat:

Es wurde versucht, einen Registrierungsschlüssel einem ungültigen Vorgang zu unterziehen, der zum Löschen markiert wurde.

starte den Rechner einfach neu. Dies sollte das Problem beheben.

Stepi85 · 29.03.2012, 19:36

Hallo,

das kam raus:

Code:

ATTFilter

ComboFix 12-03-29.02 - Stepi 29.03.2012  20:26:15.1.2 - x86
Microsoft Windows 7 Ultimate   6.1.7601.1.1252.49.1031.18.3069.1938 [GMT 2:00]
ausgeführt von:: c:\users\Stepi\Desktop\ComboFix.exe
AV: Avira Desktop *Disabled/Updated* {F67B4DE5-C0B4-6C3F-0EFF-6C83BD5D0C2C}
SP: Avira Desktop *Disabled/Updated* {4D1AAC01-E68E-63B1-344F-57F1C6DA4691}
SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
 * Neuer Wiederherstellungspunkt wurde erstellt
.
.
((((((((((((((((((((((((((((((((((((   Weitere Löschungen   ))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\users\Stepi\AppData\Roaming\Desktopicon
c:\users\Stepi\AppData\Roaming\Desktopicon\eBayShortcuts.exe
c:\users\Stepi\Taskmgr.exe
.
.
(((((((((((((((((((((((   Dateien erstellt von 2012-02-28 bis 2012-03-29  ))))))))))))))))))))))))))))))
.
.
2012-03-29 18:31 . 2012-03-29 18:32	--------	d-----w-	c:\users\Stepi\AppData\Local\temp
2012-03-29 18:31 . 2012-03-29 18:31	--------	d-----w-	c:\users\Default\AppData\Local\temp
2012-03-28 18:34 . 2012-03-28 18:40	--------	d-----w-	C:\_OTL
2012-03-28 07:03 . 2012-03-28 07:18	--------	d-----w-	C:\TDSSKiller_Quarantine
2012-03-27 14:20 . 2012-03-14 02:15	6582328	----a-w-	c:\programdata\Microsoft\Windows Defender\Definition Updates\{C033E238-752B-4E39-B515-78A88CFE5067}\mpengine.dll
2012-03-19 06:54 . 2012-03-19 06:54	--------	d-----w-	c:\program files\Common Files\Macrovision Shared
2012-03-14 21:56 . 2011-11-19 14:50	3968368	----a-w-	c:\windows\system32\ntkrnlpa.exe
2012-03-14 21:56 . 2011-11-19 14:50	3913584	----a-w-	c:\windows\system32\ntoskrnl.exe
2012-03-14 09:05 . 2012-02-03 03:54	2343424	----a-w-	c:\windows\system32\win32k.sys
2012-03-14 09:05 . 2012-02-10 05:38	1077248	----a-w-	c:\windows\system32\DWrite.dll
2012-03-14 09:04 . 2012-01-25 05:32	58880	----a-w-	c:\windows\system32\rdpwsx.dll
2012-03-14 09:04 . 2012-01-25 05:32	129536	----a-w-	c:\windows\system32\rdpcorekmts.dll
2012-03-14 09:04 . 2012-01-25 05:27	8192	----a-w-	c:\windows\system32\rdrmemptylst.exe
2012-03-14 09:04 . 2012-02-17 05:34	919040	----a-w-	c:\windows\system32\rdpcorets.dll
2012-03-14 09:04 . 2012-02-17 05:34	826880	----a-w-	c:\windows\system32\rdpcore.dll
2012-03-14 09:04 . 2012-02-17 04:14	183808	----a-w-	c:\windows\system32\drivers\rdpwd.sys
2012-03-14 09:04 . 2012-02-17 04:13	24576	----a-w-	c:\windows\system32\drivers\tdtcp.sys
2012-03-05 17:11 . 2012-03-05 17:13	--------	d-----w-	c:\program files\Rossmann Fotowelt Software
.
.
.
((((((((((((((((((((((((((((((((((((   Find3M Bericht   ))))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2012-02-23 08:18 . 2009-11-09 10:03	237072	------w-	c:\windows\system32\MpSigStub.exe
2012-02-16 03:30 . 2011-10-27 19:11	137416	----a-w-	c:\windows\system32\drivers\avipbb.sys
2012-01-04 08:58 . 2012-02-16 14:59	442880	----a-w-	c:\windows\system32\ntshrui.dll
2012-02-17 07:39 . 2011-04-30 22:38	134104	----a-w-	c:\program files\mozilla firefox\components\browsercomps.dll
.
.
((((((((((((((((((((((((((((   Autostartpunkte der Registrierung   ))))))))))))))))))))))))))))))))))))))))
.
.
*Hinweis* leere Einträge & legitime Standardeinträge werden nicht angezeigt. 
REGEDIT4
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SynTPEnh"="c:\program files\Synaptics\SynTP\SynTPEnh.exe" [2010-05-27 1721640]
"WirelessAssistant"="c:\program files\Hewlett-Packard\HP Wireless Assistant\HPWAMain.exe" [2009-07-23 498744]
"GrooveMonitor"="c:\program files\Microsoft Office\Office12\GrooveMonitor.exe" [2009-02-26 30040]
"QlbCtrl.exe"="c:\program files\Hewlett-Packard\HP Quick Launch Buttons\QlbCtrl.exe" [2009-07-27 321080]
"SysTrayApp"="c:\program files\IDT\WDM\sttray.exe" [2009-07-21 458844]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2011-09-07 37296]
"Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2011-03-30 937920]
"IntelliPoint"="c:\program files\Microsoft IntelliPoint\ipoint.exe" [2011-04-13 1808784]
"avgnt"="c:\program files\Avira\AntiVir Desktop\avgnt.exe" [2011-10-19 258512]
"AdobeCS4ServiceManager"="c:\program files\Common Files\Adobe\CS4ServiceManager\CS4ServiceManager.exe" [2008-08-14 611712]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 5 (0x5)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableUIADesktopToggle"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys]
@="Driver"
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\{2136E952-826A-440D-A56F-BF568930D5EA}]
c:\program files\Vodafone\HighPerformance Client\bmoc -d [X]
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe ARM]
2011-03-30 04:59	937920	----a-r-	c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe Reader Speed Launcher]
2011-09-07 22:58	37296	----a-w-	c:\program files\Adobe\Reader 9.0\Reader\reader_sl.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AlcoholAutomount]
2009-04-24 03:16	203928	----a-w-	c:\program files\Alcohol Soft\Alcohol 120\AxCmd.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AutoStartNPSAgent]
2010-03-30 07:37	116056	----a-w-	c:\program files\Samsung\Samsung New PC Studio\NPSAgent.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DAEMON Tools Lite]
2009-10-30 11:57	369200	----a-w-	c:\program files\DAEMON Tools Lite\DTLite.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ISUSPM]
2007-03-29 14:41	222128	----a-w-	c:\programdata\Macrovision\FLEXnet Connect\6\ISUSPM.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\iTunesHelper]
2011-01-25 14:08	421160	----a-w-	c:\program files\iTunes\iTunesHelper.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\LightScribe Control Panel]
2009-08-20 12:25	2363392	----a-w-	c:\program files\Common Files\LightScribe\LightScribeControlPanel.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NvCplDaemon]
2009-10-03 10:40	13826664	----a-w-	c:\windows\System32\nvcpl.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\PDFPrint]
2010-06-21 06:06	199488	----a-w-	c:\program files\pdf24\pdf24.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]
2010-11-29 16:38	421888	----a-w-	c:\program files\QuickTime\QTTask.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Sidebar]
2010-11-20 12:17	1174016	----a-w-	c:\program files\Windows Sidebar\sidebar.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\TkBellExe]
2010-01-03 13:56	198160	----a-w-	c:\program files\Common Files\Real\Update_OB\realsched.exe
.
R2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-03-18 130384]
R2 gupdate;Google Update Service (gupdate);c:\program files\Google\Update\GoogleUpdate.exe [2011-01-02 136176]
R3 a2acc;a2acc;c:\program files\EMSISOFT ANTI-MALWARE\a2accx86.sys [2012-01-31 51632]
R3 ewusbnet;HUAWEI USB-NDIS miniport;c:\windows\system32\DRIVERS\ewusbnet.sys [2009-11-04 112640]
R3 gupdatem;Google Update-Dienst (gupdatem);c:\program files\Google\Update\GoogleUpdate.exe [2011-01-02 136176]
R3 hwusbfake;Huawei DataCard USB Fake;c:\windows\system32\DRIVERS\ewusbfake.sys [2009-11-04 101120]
R3 netw5v32;Intel(R) Wireless WiFi Link 5000-Serie - Adaptertreiber für Windows Vista 32 Bit;c:\windows\system32\DRIVERS\netw5v32.sys [2009-07-13 4231168]
R3 RdpVideoMiniport;Remote Desktop Video Miniport Driver;c:\windows\system32\drivers\rdpvideominiport.sys [2010-11-20 15872]
R3 Synth3dVsc;Synth3dVsc;c:\windows\system32\drivers\synth3dvsc.sys [x]
R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys [2010-11-20 52224]
R3 tsusbhub;tsusbhub;c:\windows\system32\drivers\tsusbhub.sys [x]
R3 VGPU;VGPU;c:\windows\system32\drivers\rdvgkmd.sys [x]
R4 Asyatmoe_net;Asyatmoe_net; [x]
S1 A2DDA;A2 Direct Disk Access Support Driver;c:\program files\Emsisoft Anti-Malware\a2ddax86.sys [2011-05-19 17904]
S1 avkmgr;avkmgr;c:\windows\system32\DRIVERS\avkmgr.sys [2011-10-19 36000]
S1 vwififlt;Virtual WiFi Filter Driver;c:\windows\system32\DRIVERS\vwififlt.sys [2009-07-13 48128]
S2 a2AntiMalware;Emsisoft Anti-Malware 6.0 - Service;c:\program files\Emsisoft Anti-Malware\a2service.exe [2012-02-02 3025112]
S2 AESTFilters;Andrea ST Filters Service;c:\windows\System32\DriverStore\FileRepository\stwrt.inf_x86_neutral_8e7d5b9d3a91d8c5\aestsrv.exe [2009-03-02 81920]
S2 AntiVirSchedulerService;Avira Scheduler;c:\program files\Avira\AntiVir Desktop\sched.exe [2011-10-19 86224]
S2 hpsrv;HP Service;c:\windows\system32\Hpservice.exe [2009-07-08 26168]
S3 dc3d;Microsoft-Hardware – Geräteerkennungstreiber;c:\windows\system32\DRIVERS\dc3d.sys [2011-04-08 40448]
S3 JMCR;JMCR;c:\windows\system32\DRIVERS\jmcr.sys [2008-08-07 97536]
S3 NETw5s32;Intel(R) Wireless WiFi Link Adaptertreiber für Windows 7 32-Bit;c:\windows\system32\DRIVERS\NETw5s32.sys [2010-01-13 6755840]
S3 RTL8167;Realtek 8167 NT Driver;c:\windows\system32\DRIVERS\Rt86win7.sys [2009-03-01 139776]
.
.
[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{10880D85-AAD9-4558-ABDC-2AB1552D831F}]
2009-08-20 12:24	451872	----a-w-	c:\program files\Common Files\LightScribe\LSRunOnce.exe
.
Inhalt des "geplante Tasks" Ordners
.
2012-03-29 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files\Google\Update\GoogleUpdate.exe [2011-01-02 14:26]
.
2012-03-29 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files\Google\Update\GoogleUpdate.exe [2011-01-02 14:26]
.
.
------- Zusätzlicher Suchlauf -------
.
uStart Page = hxxp://www.google.de/
uInternet Settings,ProxyOverride = *.local
IE: Nach Microsoft E&xel exportieren - c:\progra~1\MICROS~2\Office12\EXCEL.EXE/3000
TCP: DhcpNameServer = 192.168.178.1
FF - ProfilePath - c:\users\Stepi\AppData\Roaming\Mozilla\Firefox\Profiles\s99fhapg.default\
FF - prefs.js: browser.search.selectedEngine - Google
FF - prefs.js: browser.startup.homepage - hxxp://www.facebook.com/home.php?ref=hp
FF - prefs.js: keyword.URL - hxxp://search.icq.com/search/afe_results.php?ch_id=afex&tb_ver=1.1.7&q=
.
- - - - Entfernte verwaiste Registrierungseinträge - - - -
.
WebBrowser-{D4027C7F-154A-4066-A1AD-4243D8127440} - (no file)
HKCU-Run-Microsoft® Windows Update - c:\users\Stepi\M-1-52-5782-8752-5245\winsvc.exe
HKLM-Run-NPSStartup - (no file)
SafeBoot-41290999.sys
SafeBoot-93950131.sys
MSConfigStartUp-MobileConnect - c:\program files\Vodafone\Vodafone Mobile Connect\Bin\MobileConnect.exe
AddRemove-03_Swallowtail - c:\program files\SAMSUNG\USB Drivers\03_Swallowtail\Uninstall.exe
.
.
.
--------------------- Gesperrte Registrierungsschluessel ---------------------
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0001\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0002\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0003\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0004\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0005\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0006\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
Zeit der Fertigstellung: 2012-03-29  20:34:43
ComboFix-quarantined-files.txt  2012-03-29 18:34
.
Vor Suchlauf: 13 Verzeichnis(se), 175.441.797.120 Bytes frei
Nach Suchlauf: 18 Verzeichnis(se), 174.948.720.640 Bytes frei
.
- - End Of File - - 853B191EE8A7122C5659531A5B300EBF

MfG

Frank

markusg · 29.03.2012, 19:37

wieso wurde der tdss killer eingesetzt und wo ist der bericht?
liegt auf c:

Stepi85 · 29.03.2012, 19:42

Hi,

hatte da irgendwo etwas drüber gelesen, bevor ich auf diese Forum traf.
Bericht finde ich leider nicht mehr. soll ich den nochmal durchlaufen lassen?

MfG

Frank

markusg · 29.03.2012, 19:43

der bericht liegt auf c: tdsskiller-datum-version.txt

Stepi85 · 29.03.2012, 19:44

Hi,

woher weißt du da?

Code:

ATTFilter

09:00:48.0405 0736	TDSS rootkit removing tool 2.7.23.0 Mar 26 2012 13:40:18
09:00:48.0896 0736	============================================================
09:00:48.0896 0736	Current date / time: 2012/03/28 09:00:48.0896
09:00:48.0896 0736	SystemInfo:
09:00:48.0896 0736	
09:00:48.0896 0736	OS Version: 6.1.7601 ServicePack: 1.0
09:00:48.0896 0736	Product type: Workstation
09:00:48.0896 0736	ComputerName: HANGOVERPC
09:00:48.0896 0736	UserName: Stepi
09:00:48.0897 0736	Windows directory: C:\Windows
09:00:48.0897 0736	System windows directory: C:\Windows
09:00:48.0897 0736	Processor architecture: Intel x86
09:00:48.0897 0736	Number of processors: 2
09:00:48.0897 0736	Page size: 0x1000
09:00:48.0897 0736	Boot type: Normal boot
09:00:48.0897 0736	============================================================
09:00:50.0592 0736	Drive \Device\Harddisk0\DR0 - Size: 0x4A85D56000 (298.09 Gb), SectorSize: 0x200, Cylinders: 0x9801, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000050
09:00:50.0596 0736	\Device\Harddisk0\DR0:
09:00:50.0597 0736	MBR used
09:00:50.0597 0736	\Device\Harddisk0\DR0\Partition0: MBR, Type 0x7, StartLBA 0x800, BlocksNum 0x32000
09:00:50.0597 0736	\Device\Harddisk0\DR0\Partition1: MBR, Type 0x7, StartLBA 0x32800, BlocksNum 0x253FB800
09:00:50.0652 0736	Initialize success
09:00:50.0652 0736	============================================================
09:00:59.0112 2388	============================================================
09:00:59.0112 2388	Scan started
09:00:59.0112 2388	Mode: Manual; SigCheck; TDLFS; 
09:00:59.0112 2388	============================================================
09:01:00.0926 2388	1394ohci        (1b133875b8aa8ac48969bd3458afe9f5) C:\Windows\system32\drivers\1394ohci.sys
09:01:01.0127 2388	1394ohci - ok
09:01:01.0420 2388	a2acc           (05dac43a484272de87eac038814a7840) C:\PROGRAM FILES\EMSISOFT ANTI-MALWARE\a2accx86.sys
09:01:01.0480 2388	a2acc - ok
09:01:01.0717 2388	a2AntiMalware   (5a65a77f7a4a091e896c21db4ef18e1f) C:\Program Files\Emsisoft Anti-Malware\a2service.exe
09:01:01.0779 2388	a2AntiMalware - ok
09:01:01.0947 2388	A2DDA           (f7eabca8375ea2dc6f35c4bca4757515) C:\Program Files\Emsisoft Anti-Malware\a2ddax86.sys
09:01:01.0967 2388	A2DDA - ok
09:01:02.0390 2388	Accelerometer   (4df5e6215a102a192b2b6dbb61f2fba5) C:\Windows\system32\DRIVERS\Accelerometer.sys
09:01:02.0412 2388	Accelerometer - ok
09:01:02.0578 2388	ACPI            (cea80c80bed809aa0da6febc04733349) C:\Windows\system32\drivers\ACPI.sys
09:01:02.0606 2388	ACPI - ok
09:01:02.0779 2388	AcpiPmi         (1efbc664abff416d1d07db115dcb264f) C:\Windows\system32\drivers\acpipmi.sys
09:01:02.0875 2388	AcpiPmi - ok
09:01:03.0037 2388	adfs            (6d7f09cd92a9fef3a8efce66231fdd79) C:\Windows\system32\drivers\adfs.sys
09:01:03.0047 2388	adfs - ok
09:01:03.0263 2388	adp94xx         (21e785ebd7dc90a06391141aac7892fb) C:\Windows\system32\DRIVERS\adp94xx.sys
09:01:03.0286 2388	adp94xx - ok
09:01:03.0488 2388	adpahci         (0c676bc278d5b59ff5abd57bbe9123f2) C:\Windows\system32\DRIVERS\adpahci.sys
09:01:03.0507 2388	adpahci - ok
09:01:03.0692 2388	adpu320         (7c7b5ee4b7b822ec85321fe23a27db33) C:\Windows\system32\DRIVERS\adpu320.sys
09:01:03.0707 2388	adpu320 - ok
09:01:03.0882 2388	AeLookupSvc     (8b5eefeec1e6d1a72a06c526628ad161) C:\Windows\System32\aelupsvc.dll
09:01:03.0962 2388	AeLookupSvc - ok
09:01:04.0276 2388	AESTFilters     (827dbc22c96eecf6d36a13162fabafd3) C:\Windows\System32\DriverStore\FileRepository\stwrt.inf_x86_neutral_8e7d5b9d3a91d8c5\aestsrv.exe
09:01:04.0401 2388	AESTFilters - ok
09:01:04.0563 2388	AFD             (9ebbba55060f786f0fcaa3893bfa2806) C:\Windows\system32\drivers\afd.sys
09:01:04.0649 2388	AFD - ok
09:01:04.0784 2388	agp440          (507812c3054c21cef746b6ee3d04dd6e) C:\Windows\system32\drivers\agp440.sys
09:01:04.0797 2388	agp440 - ok
09:01:05.0071 2388	aic78xx         (8b30250d573a8f6b4bd23195160d8707) C:\Windows\system32\DRIVERS\djsvs.sys
09:01:05.0084 2388	aic78xx - ok
09:01:05.0313 2388	ALG             (18a54e132947cd98fea9accc57f98f13) C:\Windows\System32\alg.exe
09:01:05.0376 2388	ALG - ok
09:01:05.0522 2388	aliide          (0d40bcf52ea90fc7df2aeab6503dea44) C:\Windows\system32\drivers\aliide.sys
09:01:05.0534 2388	aliide - ok
09:01:05.0621 2388	amdagp          (3c6600a0696e90a463771c7422e23ab5) C:\Windows\system32\drivers\amdagp.sys
09:01:05.0634 2388	amdagp - ok
09:01:05.0678 2388	amdide          (cd5914170297126b6266860198d1d4f0) C:\Windows\system32\drivers\amdide.sys
09:01:05.0690 2388	amdide - ok
09:01:05.0819 2388	AmdK8           (00dda200d71bac534bf56a9db5dfd666) C:\Windows\system32\DRIVERS\amdk8.sys
09:01:05.0894 2388	AmdK8 - ok
09:01:05.0920 2388	AmdPPM          (3cbf30f5370fda40dd3e87df38ea53b6) C:\Windows\system32\DRIVERS\amdppm.sys
09:01:06.0015 2388	AmdPPM - ok
09:01:06.0263 2388	amdsata         (d320bf87125326f996d4904fe24300fc) C:\Windows\system32\drivers\amdsata.sys
09:01:06.0280 2388	amdsata - ok
09:01:06.0516 2388	amdsbs          (ea43af0c423ff267355f74e7a53bdaba) C:\Windows\system32\DRIVERS\amdsbs.sys
09:01:06.0552 2388	amdsbs - ok
09:01:06.0666 2388	amdxata         (46387fb17b086d16dea267d5be23a2f2) C:\Windows\system32\drivers\amdxata.sys
09:01:06.0685 2388	amdxata - ok
09:01:06.0825 2388	AntiVirSchedulerService (72709089a54bdc1c5b16bc4a4b926567) C:\Program Files\Avira\AntiVir Desktop\sched.exe
09:01:06.0853 2388	AntiVirSchedulerService - ok
09:01:06.0934 2388	AntiVirService  (42f88bfbb76f7a63e381829479b18518) C:\Program Files\Avira\AntiVir Desktop\avguard.exe
09:01:06.0952 2388	AntiVirService - ok
09:01:07.0123 2388	AppID           (aea177f783e20150ace5383ee368da19) C:\Windows\system32\drivers\appid.sys
09:01:07.0378 2388	AppID - ok
09:01:07.0791 2388	AppIDSvc        (62a9c86cb6085e20db4823e4e97826f5) C:\Windows\System32\appidsvc.dll
09:01:07.0972 2388	AppIDSvc - ok
09:01:08.0160 2388	Appinfo         (fb1959012294d6ad43e5304df65e3c26) C:\Windows\System32\appinfo.dll
09:01:08.0274 2388	Appinfo - ok
09:01:08.0477 2388	Apple Mobile Device (5aa788d5a2c6737bb9c45933985bc1b8) C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
09:01:08.0500 2388	Apple Mobile Device - ok
09:01:08.0700 2388	AppMgmt         (a45d184df6a8803da13a0b329517a64a) C:\Windows\System32\appmgmts.dll
09:01:08.0784 2388	AppMgmt - ok
09:01:08.0895 2388	arc             (2932004f49677bd84dbc72edb754ffb3) C:\Windows\system32\DRIVERS\arc.sys
09:01:08.0926 2388	arc - ok
09:01:09.0116 2388	arcsas          (5d6f36c46fd283ae1b57bd2e9feb0bc7) C:\Windows\system32\DRIVERS\arcsas.sys
09:01:09.0141 2388	arcsas - ok
09:01:09.0349 2388	Asyatmoe_net - ok
09:01:09.0459 2388	AsyncMac        (add2ade1c2b285ab8378d2daaf991481) C:\Windows\system32\DRIVERS\asyncmac.sys
09:01:09.0687 2388	AsyncMac - ok
09:01:09.0991 2388	atapi           (338c86357871c167a96ab976519bf59e) C:\Windows\system32\drivers\atapi.sys
09:01:10.0020 2388	atapi - ok
09:01:10.0349 2388	AudioEndpointBuilder (ce3b4e731638d2ef62fcb419be0d39f0) C:\Windows\System32\Audiosrv.dll
09:01:10.0459 2388	AudioEndpointBuilder - ok
09:01:10.0582 2388	Audiosrv        (ce3b4e731638d2ef62fcb419be0d39f0) C:\Windows\System32\Audiosrv.dll
09:01:10.0614 2388	Audiosrv - ok
09:01:10.0768 2388	avgntflt        (7713e4eb0276702faa08e52a6e23f2a6) C:\Windows\system32\DRIVERS\avgntflt.sys
09:01:10.0789 2388	avgntflt - ok
09:01:10.0890 2388	avipbb          (13b02b9b969dde270cd7c351203dad3c) C:\Windows\system32\DRIVERS\avipbb.sys
09:01:10.0912 2388	avipbb - ok
09:01:11.0090 2388	avkmgr          (271cfd1a989209b1964e24d969552bf7) C:\Windows\system32\DRIVERS\avkmgr.sys
09:01:11.0115 2388	avkmgr - ok
09:01:11.0235 2388	AxInstSV        (6e30d02aac9cac84f421622e3a2f6178) C:\Windows\System32\AxInstSV.dll
09:01:11.0354 2388	AxInstSV - ok
09:01:11.0607 2388	b06bdrv         (1a231abec60fd316ec54c66715543cec) C:\Windows\system32\DRIVERS\bxvbdx.sys
09:01:11.0679 2388	b06bdrv - ok
09:01:11.0821 2388	b57nd60x        (bd8869eb9cde6bbe4508d869929869ee) C:\Windows\system32\DRIVERS\b57nd60x.sys
09:01:11.0862 2388	b57nd60x - ok
09:01:11.0980 2388	BDESVC          (ee1e9c3bb8228ae423dd38db69128e71) C:\Windows\System32\bdesvc.dll
09:01:12.0216 2388	BDESVC - ok
09:01:12.0325 2388	Beep            (505506526a9d467307b3c393dedaf858) C:\Windows\system32\drivers\Beep.sys
09:01:12.0531 2388	Beep - ok
09:01:12.0813 2388	BFE             (1e2bac209d184bb851e1a187d8a29136) C:\Windows\System32\bfe.dll
09:01:12.0982 2388	BFE - ok
09:01:13.0201 2388	BITS            (e585445d5021971fae10393f0f1c3961) C:\Windows\System32\qmgr.dll
09:01:13.0347 2388	BITS - ok
09:01:13.0586 2388	blbdrive        (2287078ed48fcfc477b05b20cf38f36f) C:\Windows\system32\DRIVERS\blbdrive.sys
09:01:13.0877 2388	blbdrive - ok
09:01:14.0171 2388	BMLoad          (a6d35ff84e024d6d3f12aaf6c9814314) C:\Windows\system32\drivers\BMLoad.sys
09:01:14.0219 2388	BMLoad ( UnsignedFile.Multi.Generic ) - warning
09:01:14.0219 2388	BMLoad - detected UnsignedFile.Multi.Generic (1)
09:01:14.0430 2388	Bonjour Service (f832f1505ad8b83474bd9a5b1b985e01) C:\Program Files\Bonjour\mDNSResponder.exe
09:01:14.0461 2388	Bonjour Service - ok
09:01:14.0748 2388	bowser          (8f2da3028d5fcbd1a060a3de64cd6506) C:\Windows\system32\DRIVERS\bowser.sys
09:01:14.0896 2388	bowser - ok
09:01:15.0235 2388	BrFiltLo        (9f9acc7f7ccde8a15c282d3f88b43309) C:\Windows\system32\DRIVERS\BrFiltLo.sys
09:01:15.0392 2388	BrFiltLo - ok
09:01:15.0652 2388	BrFiltUp        (56801ad62213a41f6497f96dee83755a) C:\Windows\system32\DRIVERS\BrFiltUp.sys
09:01:15.0710 2388	BrFiltUp - ok
09:01:15.0968 2388	Browser         (6e11f33d14d020f58d5e02e4d67dfa19) C:\Windows\System32\browser.dll
09:01:16.0135 2388	Browser - ok
09:01:16.0349 2388	Brserid         (845b8ce732e67f3b4133164868c666ea) C:\Windows\System32\Drivers\Brserid.sys
09:01:16.0478 2388	Brserid - ok
09:01:16.0595 2388	BrSerWdm        (203f0b1e73adadbbb7b7b1fabd901f6b) C:\Windows\System32\Drivers\BrSerWdm.sys
09:01:16.0636 2388	BrSerWdm - ok
09:01:16.0709 2388	BrUsbMdm        (bd456606156ba17e60a04e18016ae54b) C:\Windows\System32\Drivers\BrUsbMdm.sys
09:01:16.0813 2388	BrUsbMdm - ok
09:01:16.0965 2388	BrUsbSer        (af72ed54503f717a43268b3cc5faec2e) C:\Windows\System32\Drivers\BrUsbSer.sys
09:01:17.0028 2388	BrUsbSer - ok
09:01:17.0103 2388	BTHMODEM        (ed3df7c56ce0084eb2034432fc56565a) C:\Windows\system32\DRIVERS\bthmodem.sys
09:01:17.0189 2388	BTHMODEM - ok
09:01:17.0345 2388	bthserv         (1df19c96eef6c29d1c3e1a8678e07190) C:\Windows\system32\bthserv.dll
09:01:17.0457 2388	bthserv - ok
09:01:17.0560 2388	cdfs            (77ea11b065e0a8ab902d78145ca51e10) C:\Windows\system32\DRIVERS\cdfs.sys
09:01:17.0666 2388	cdfs - ok
09:01:18.0238 2388	cdrom           (be167ed0fdb9c1fa1133953c18d5a6c9) C:\Windows\system32\drivers\cdrom.sys
09:01:18.0315 2388	cdrom - ok
09:01:18.0656 2388	CertPropSvc     (319c6b309773d063541d01df8ac6f55f) C:\Windows\System32\certprop.dll
09:01:18.0834 2388	CertPropSvc - ok
09:01:19.0204 2388	circlass        (3fe3fe94a34df6fb06e6418d0f6a0060) C:\Windows\system32\DRIVERS\circlass.sys
09:01:19.0358 2388	circlass - ok
09:01:19.0697 2388	CLFS            (635181e0e9bbf16871bf5380d71db02d) C:\Windows\system32\CLFS.sys
09:01:19.0730 2388	CLFS - ok
09:01:19.0945 2388	clr_optimization_v2.0.50727_32 (d88040f816fda31c3b466f0fa0918f29) C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe
09:01:19.0974 2388	clr_optimization_v2.0.50727_32 - ok
09:01:20.0455 2388	clr_optimization_v4.0.30319_32 (c5a75eb48e2344abdc162bda79e16841) C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe
09:01:20.0491 2388	clr_optimization_v4.0.30319_32 - ok
09:01:20.0632 2388	CmBatt          (dea805815e587dad1dd2c502220b5616) C:\Windows\system32\DRIVERS\CmBatt.sys
09:01:20.0668 2388	CmBatt - ok
09:01:20.0775 2388	cmdide          (c537b1db64d495b9b4717b4d6d9edbf2) C:\Windows\system32\drivers\cmdide.sys
09:01:20.0788 2388	cmdide - ok
09:01:20.0870 2388	CNG             (6427525d76f61d0c519b008d3680e8e7) C:\Windows\system32\Drivers\cng.sys
09:01:20.0939 2388	CNG - ok
09:01:21.0068 2388	Compbatt        (a6023d3823c37043986713f118a89bee) C:\Windows\system32\DRIVERS\compbatt.sys
09:01:21.0099 2388	Compbatt - ok
09:01:21.0271 2388	CompositeBus    (cbe8c58a8579cfe5fccf809e6f114e89) C:\Windows\system32\drivers\CompositeBus.sys
09:01:21.0319 2388	CompositeBus - ok
09:01:21.0403 2388	COMSysApp - ok
09:01:21.0467 2388	crcdisk         (2c4ebcfc84a9b44f209dff6c6e6c61d1) C:\Windows\system32\DRIVERS\crcdisk.sys
09:01:21.0496 2388	crcdisk - ok
09:01:21.0645 2388	CryptSvc        (a585bebf7d054bd9618eda0922d5484a) C:\Windows\system32\cryptsvc.dll
09:01:21.0829 2388	CryptSvc - ok
09:01:22.0030 2388	CSC             (3c2177a897b4ca2788c6fb0c3fd81d4b) C:\Windows\system32\drivers\csc.sys
09:01:22.0107 2388	CSC - ok
09:01:22.0232 2388	CscService      (15f93b37f6801943360d9eb42485d5d3) C:\Windows\System32\cscsvc.dll
09:01:22.0331 2388	CscService - ok
09:01:22.0600 2388	dc3d            (94010220445f181ade8e7ca9c3a98bf4) C:\Windows\system32\DRIVERS\dc3d.sys
09:01:22.0671 2388	dc3d - ok
09:01:22.0785 2388	DcomLaunch      (7660f01d3b38aca1747e397d21d790af) C:\Windows\system32\rpcss.dll
09:01:22.0945 2388	DcomLaunch - ok
09:01:23.0211 2388	defragsvc       (8d6e10a2d9a5eed59562d9b82cf804e1) C:\Windows\System32\defragsvc.dll
09:01:23.0261 2388	defragsvc - ok
09:01:23.0353 2388	DfsC            (f024449c97ec1e464aaffda18593db88) C:\Windows\system32\Drivers\dfsc.sys
09:01:23.0402 2388	DfsC - ok
09:01:23.0479 2388	Dhcp            (e9e01eb683c132f7fa27cd607b8a2b63) C:\Windows\system32\dhcpcore.dll
09:01:23.0535 2388	Dhcp - ok
09:01:23.0571 2388	discache        (1a050b0274bfb3890703d490f330c0da) C:\Windows\system32\drivers\discache.sys
09:01:23.0620 2388	discache - ok
09:01:23.0712 2388	Disk            (565003f326f99802e68ca78f2a68e9ff) C:\Windows\system32\DRIVERS\disk.sys
09:01:23.0725 2388	Disk - ok
09:01:23.0786 2388	Dnscache        (33ef4861f19a0736b11314aad9ae28d0) C:\Windows\System32\dnsrslvr.dll
09:01:23.0876 2388	Dnscache - ok
09:01:23.0965 2388	dot3svc         (366ba8fb4b7bb7435e3b9eacb3843f67) C:\Windows\System32\dot3svc.dll
09:01:24.0013 2388	dot3svc - ok
09:01:24.0094 2388	DPS             (8ec04ca86f1d68da9e11952eb85973d6) C:\Windows\system32\dps.dll
09:01:24.0156 2388	DPS - ok
09:01:24.0265 2388	drmkaud         (b918e7c5f9bf77202f89e1a9539f2eb4) C:\Windows\system32\drivers\drmkaud.sys
09:01:24.0440 2388	drmkaud - ok
09:01:24.0662 2388	DXGKrnl         (23f5d28378a160352ba8f817bd8c71cb) C:\Windows\System32\drivers\dxgkrnl.sys
09:01:24.0686 2388	DXGKrnl - ok
09:01:24.0735 2388	E1G60           (22ef8965101685add128f03a2b03ce16) C:\Windows\system32\DRIVERS\E1G60I32.sys
09:01:24.0777 2388	E1G60 - ok
09:01:24.0831 2388	EapHost         (8600142fa91c1b96367d3300ad0f3f3a) C:\Windows\System32\eapsvc.dll
09:01:24.0862 2388	EapHost - ok
09:01:25.0047 2388	ebdrv           (024e1b5cac09731e4d868e64dbfb4ab0) C:\Windows\system32\DRIVERS\evbdx.sys
09:01:25.0199 2388	ebdrv - ok
09:01:25.0291 2388	EFS             (81951f51e318aecc2d68559e47485cc4) C:\Windows\System32\lsass.exe
09:01:25.0377 2388	EFS - ok
09:01:25.0598 2388	ehRecvr         (a8c362018efc87beb013ee28f29c0863) C:\Windows\ehome\ehRecvr.exe
09:01:25.0698 2388	ehRecvr - ok
09:01:25.0886 2388	ehSched         (d389bff34f80caede417bf9d1507996a) C:\Windows\ehome\ehsched.exe
09:01:25.0925 2388	ehSched - ok
09:01:26.0307 2388	elxstor         (0ed67910c8c326796faa00b2bf6d9d3c) C:\Windows\system32\DRIVERS\elxstor.sys
09:01:26.0359 2388	elxstor - ok
09:01:26.0528 2388	ErrDev          (8fc3208352dd3912c94367a206ab3f11) C:\Windows\system32\drivers\errdev.sys
09:01:26.0611 2388	ErrDev - ok
09:01:26.0721 2388	EventSystem     (f6916efc29d9953d5d0df06882ae8e16) C:\Windows\system32\es.dll
09:01:26.0820 2388	EventSystem - ok
09:01:27.0079 2388	ewusbnet        (1fc8c55255d197aa3a423624786d090c) C:\Windows\system32\DRIVERS\ewusbnet.sys
09:01:27.0110 2388	ewusbnet - ok
09:01:27.0169 2388	exfat           (2dc9108d74081149cc8b651d3a26207f) C:\Windows\system32\drivers\exfat.sys
09:01:27.0298 2388	exfat - ok
09:01:27.0560 2388	fastfat         (7e0ab74553476622fb6ae36f73d97d35) C:\Windows\system32\drivers\fastfat.sys
09:01:27.0657 2388	fastfat - ok
09:01:27.0790 2388	Fax             (967ea5b213e9984cbe270205df37755b) C:\Windows\system32\fxssvc.exe
09:01:27.0956 2388	Fax - ok
09:01:28.0150 2388	fdc             (e817a017f82df2a1f8cfdbda29388b29) C:\Windows\system32\DRIVERS\fdc.sys
09:01:28.0186 2388	fdc - ok
09:01:28.0273 2388	fdPHost         (f3222c893bd2f5821a0179e5c71e88fb) C:\Windows\system32\fdPHost.dll
09:01:28.0345 2388	fdPHost - ok
09:01:28.0391 2388	FDResPub        (7dbe8cbfe79efbdeb98c9fb08d3a9a5b) C:\Windows\system32\fdrespub.dll
09:01:28.0478 2388	FDResPub - ok
09:01:28.0575 2388	FileInfo        (6cf00369c97f3cf563be99be983d13d8) C:\Windows\system32\drivers\fileinfo.sys
09:01:28.0606 2388	FileInfo - ok
09:01:28.0645 2388	Filetrace       (42c51dc94c91da21cb9196eb64c45db9) C:\Windows\system32\drivers\filetrace.sys
09:01:28.0734 2388	Filetrace - ok
09:01:29.0260 2388	FLEXnet Licensing Service (1f63900e2eb00101b9aca2b7a870704e) C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
09:01:29.0306 2388	FLEXnet Licensing Service - ok
09:01:29.0570 2388	flpydisk        (87907aa70cb3c56600f1c2fb8841579b) C:\Windows\system32\DRIVERS\flpydisk.sys
09:01:29.0789 2388	flpydisk - ok
09:01:29.0966 2388	FltMgr          (7520ec808e0c35e0ee6f841294316653) C:\Windows\system32\drivers\fltmgr.sys
09:01:29.0994 2388	FltMgr - ok
09:01:30.0166 2388	FontCache       (b3a5ec6b6b6673db7e87c2bcdbddc074) C:\Windows\system32\FntCache.dll
09:01:30.0287 2388	FontCache - ok
09:01:30.0650 2388	FontCache3.0.0.0 (e56f39f6b7fda0ac77a79b0fd3de1a2f) C:\Windows\Microsoft.Net\Framework\v3.0\WPF\PresentationFontCache.exe
09:01:30.0674 2388	FontCache3.0.0.0 - ok
09:01:30.0868 2388	FsDepends       (1a16b57943853e598cff37fe2b8cbf1d) C:\Windows\system32\drivers\FsDepends.sys
09:01:30.0899 2388	FsDepends - ok
09:01:30.0960 2388	Fs_Rec          (a574b4360e438977038aae4bf60d79a2) C:\Windows\system32\drivers\Fs_Rec.sys
09:01:30.0990 2388	Fs_Rec - ok
09:01:31.0167 2388	FTDIBUS         (aae37f0f2f613218dce17b42a18c38db) C:\Windows\system32\drivers\ftdibus.sys
09:01:31.0256 2388	FTDIBUS - ok
09:01:31.0308 2388	FTSER2K         (48bfd1ba45c9c9e7ab339e25abfba1d2) C:\Windows\system32\drivers\ftser2k.sys
09:01:31.0332 2388	FTSER2K - ok
09:01:31.0463 2388	fvevol          (8a73e79089b282100b9393b644cb853b) C:\Windows\system32\DRIVERS\fvevol.sys
09:01:31.0497 2388	fvevol - ok
09:01:31.0669 2388	gagp30kx        (65ee0c7a58b65e74ae05637418153938) C:\Windows\system32\DRIVERS\gagp30kx.sys
09:01:31.0697 2388	gagp30kx - ok
09:01:31.0987 2388	GEARAspiWDM     (8182ff89c65e4d38b2de4bb0fb18564e) C:\Windows\system32\DRIVERS\GEARAspiWDM.sys
09:01:32.0008 2388	GEARAspiWDM - ok
09:01:32.0225 2388	gpsvc           (e897eaf5ed6ba41e081060c9b447a673) C:\Windows\System32\gpsvc.dll
09:01:32.0434 2388	gpsvc - ok
09:01:33.0054 2388	gupdate         (f02a533f517eb38333cb12a9e8963773) C:\Program Files\Google\Update\GoogleUpdate.exe
09:01:33.0078 2388	gupdate - ok
09:01:33.0164 2388	gupdatem        (f02a533f517eb38333cb12a9e8963773) C:\Program Files\Google\Update\GoogleUpdate.exe
09:01:33.0187 2388	gupdatem - ok
09:01:33.0321 2388	hcw85cir        (c44e3c2bab6837db337ddee7544736db) C:\Windows\system32\drivers\hcw85cir.sys
09:01:33.0444 2388	hcw85cir - ok
09:01:33.0707 2388	HdAudAddService (a5ef29d5315111c80a5c1abad14c8972) C:\Windows\system32\drivers\HdAudio.sys
09:01:33.0744 2388	HdAudAddService - ok
09:01:34.0019 2388	HDAudBus        (9036377b8a6c15dc2eec53e489d159b5) C:\Windows\system32\drivers\HDAudBus.sys
09:01:34.0091 2388	HDAudBus - ok
09:01:34.0192 2388	HidBatt         (1d58a7f3e11a9731d0eaaaa8405acc36) C:\Windows\system32\DRIVERS\HidBatt.sys
09:01:34.0245 2388	HidBatt - ok
09:01:34.0272 2388	HidBth          (89448f40e6df260c206a193a4683ba78) C:\Windows\system32\DRIVERS\hidbth.sys
09:01:34.0335 2388	HidBth - ok
09:01:34.0437 2388	HidIr           (cf50b4cf4a4f229b9f3c08351f99ca5e) C:\Windows\system32\DRIVERS\hidir.sys
09:01:34.0458 2388	HidIr - ok
09:01:34.0515 2388	hidserv         (2bc6f6a1992b3a77f5f41432ca6b3b6b) C:\Windows\system32\hidserv.dll
09:01:34.0617 2388	hidserv - ok
09:01:34.0917 2388	HidUsb          (10c19f8290891af023eaec0832e1eb4d) C:\Windows\system32\DRIVERS\hidusb.sys
09:01:34.0953 2388	HidUsb - ok
09:01:35.0175 2388	hkmsvc          (196b4e3f4cccc24af836ce58facbb699) C:\Windows\system32\kmsvc.dll
09:01:35.0253 2388	hkmsvc - ok
09:01:35.0513 2388	HomeGroupListener (6658f4404de03d75fe3ba09f7aba6a30) C:\Windows\system32\ListSvc.dll
09:01:35.0574 2388	HomeGroupListener - ok
09:01:35.0739 2388	HomeGroupProvider (dbc02d918fff1cad628acbe0c0eaa8e8) C:\Windows\system32\provsvc.dll
09:01:35.0882 2388	HomeGroupProvider - ok
09:01:36.0149 2388	hpdskflt        (e1d82f0c8456abb03b7df5d623ca47d1) C:\Windows\system32\DRIVERS\hpdskflt.sys
09:01:36.0170 2388	hpdskflt - ok
09:01:36.0271 2388	HpqKbFiltr      (1210960ff8928950d2a786895b0c424a) C:\Windows\system32\DRIVERS\HpqKbFiltr.sys
09:01:36.0350 2388	HpqKbFiltr - ok
09:01:36.0492 2388	hpqwmiex        (fdf273a845f1ffcceadf363aaf47582f) C:\Program Files\Hewlett-Packard\Shared\hpqwmiex.exe
09:01:36.0509 2388	hpqwmiex - ok
09:01:36.0722 2388	HpSAMD          (295fdc419039090eb8b49ffdbb374549) C:\Windows\system32\drivers\HpSAMD.sys
09:01:36.0754 2388	HpSAMD - ok
09:01:37.0005 2388	hpsrv           (d1f817e61d52816996b8f1eba9a38276) C:\Windows\system32\Hpservice.exe
09:01:37.0028 2388	hpsrv - ok
09:01:37.0238 2388	HTTP            (871917b07a141bff43d76d8844d48106) C:\Windows\system32\drivers\HTTP.sys
09:01:37.0275 2388	HTTP - ok
09:01:37.0409 2388	hwdatacard      (0515065a3c7e8869dd01253e987c5bd1) C:\Windows\system32\DRIVERS\ewusbmdm.sys
09:01:37.0448 2388	hwdatacard - ok
09:01:37.0533 2388	hwpolicy        (0c4e035c7f105f1299258c90886c64c5) C:\Windows\system32\drivers\hwpolicy.sys
09:01:37.0564 2388	hwpolicy - ok
09:01:37.0697 2388	hwusbfake       (a259d3619aa23d4562581067f85e2006) C:\Windows\system32\DRIVERS\ewusbfake.sys
09:01:37.0764 2388	hwusbfake - ok
09:01:37.0953 2388	i8042prt        (f151f0bdc47f4a28b1b20a0818ea36d6) C:\Windows\system32\drivers\i8042prt.sys
09:01:38.0035 2388	i8042prt - ok
09:01:38.0367 2388	iaStorV         (5cd5f9a5444e6cdcb0ac89bd62d8b76e) C:\Windows\system32\drivers\iaStorV.sys
09:01:38.0390 2388	iaStorV - ok
09:01:38.0676 2388	idsvc           (c521d7eb6497bb1af6afa89e322fb43c) C:\Windows\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\infocard.exe
09:01:38.0747 2388	idsvc - ok
09:01:38.0922 2388	iirsp           (4173ff5708f3236cf25195fecd742915) C:\Windows\system32\DRIVERS\iirsp.sys
09:01:38.0953 2388	iirsp - ok
09:01:39.0078 2388	IKEEXT          (f95622f161474511b8d80d6b093aa610) C:\Windows\System32\ikeext.dll
09:01:39.0245 2388	IKEEXT - ok
09:01:39.0486 2388	intelide        (a0f12f2c9ba6c72f3987ce780e77c130) C:\Windows\system32\drivers\intelide.sys
09:01:39.0515 2388	intelide - ok
09:01:39.0841 2388	intelppm        (3b514d27bfc4accb4037bc6685f766e0) C:\Windows\system32\DRIVERS\intelppm.sys
09:01:39.0878 2388	intelppm - ok
09:01:40.0001 2388	IPBusEnum       (acb364b9075a45c0736e5c47be5cae19) C:\Windows\system32\ipbusenum.dll
09:01:40.0084 2388	IPBusEnum - ok
09:01:40.0146 2388	IpFilterDriver  (709d1761d3b19a932ff0238ea6d50200) C:\Windows\system32\DRIVERS\ipfltdrv.sys
09:01:40.0229 2388	IpFilterDriver - ok
09:01:40.0375 2388	iphlpsvc        (4d65a07b795d6674312f879d09aa7663) C:\Windows\System32\iphlpsvc.dll
09:01:40.0483 2388	iphlpsvc - ok
09:01:40.0661 2388	IPMIDRV         (4bd7134618c1d2a27466a099062547bf) C:\Windows\system32\drivers\IPMIDrv.sys
09:01:40.0725 2388	IPMIDRV - ok
09:01:40.0761 2388	IPNAT           (a5fa468d67abcdaa36264e463a7bb0cd) C:\Windows\system32\drivers\ipnat.sys
09:01:41.0004 2388	IPNAT - ok
09:01:41.0388 2388	iPod Service    (8e5e5a8cc84da3f683e3bbc045138d52) C:\Program Files\iPod\bin\iPodService.exe
09:01:41.0451 2388	iPod Service - ok
09:01:41.0740 2388	IRENUM          (42996cff20a3084a56017b7902307e9f) C:\Windows\system32\drivers\irenum.sys
09:01:41.0778 2388	IRENUM - ok
09:01:41.0958 2388	isapnp          (1f32bb6b38f62f7df1a7ab7292638a35) C:\Windows\system32\drivers\isapnp.sys
09:01:41.0987 2388	isapnp - ok
09:01:42.0184 2388	iScsiPrt        (cb7a9abb12b8415bce5d74994c7ba3ae) C:\Windows\system32\drivers\msiscsi.sys
09:01:42.0273 2388	iScsiPrt - ok
09:01:42.0507 2388	JMCR            (a69a1b991824b98f744913555f665893) C:\Windows\system32\DRIVERS\jmcr.sys
09:01:42.0677 2388	JMCR - ok
09:01:42.0998 2388	kbdclass        (adef52ca1aeae82b50df86b56413107e) C:\Windows\system32\drivers\kbdclass.sys
09:01:43.0028 2388	kbdclass - ok
09:01:43.0345 2388	kbdhid          (9e3ced91863e6ee98c24794d05e27a71) C:\Windows\system32\drivers\kbdhid.sys
09:01:43.0518 2388	kbdhid - ok
09:01:43.0781 2388	KeyIso          (81951f51e318aecc2d68559e47485cc4) C:\Windows\system32\lsass.exe
09:01:43.0816 2388	KeyIso - ok
09:01:43.0894 2388	KSecDD          (f4647bb23db9038a7536cf6b68f4207f) C:\Windows\system32\Drivers\ksecdd.sys
09:01:43.0926 2388	KSecDD - ok
09:01:44.0025 2388	KSecPkg         (e73cae53bbb72ba26918492c6b4c229d) C:\Windows\system32\Drivers\ksecpkg.sys
09:01:44.0057 2388	KSecPkg - ok
09:01:44.0110 2388	KtmRm           (89a7b9cc98d0d80c6f31b91c0a310fcd) C:\Windows\system32\msdtckrm.dll
09:01:44.0196 2388	KtmRm - ok
09:01:44.0427 2388	LanmanServer    (d64af876d53eca3668bb97b51b4e70ab) C:\Windows\system32\srvsvc.dll
09:01:44.0474 2388	LanmanServer - ok
09:01:44.0625 2388	LanmanWorkstation (58405e4f68ba8e4057c6e914f326aba2) C:\Windows\System32\wkssvc.dll
09:01:44.0725 2388	LanmanWorkstation - ok
09:01:45.0048 2388	LightScribeService (2238b91ac1a12cc6cc4c4fed41258b2a) C:\Program Files\Common Files\LightScribe\LSSrvc.exe
09:01:45.0060 2388	LightScribeService ( UnsignedFile.Multi.Generic ) - warning
09:01:45.0061 2388	LightScribeService - detected UnsignedFile.Multi.Generic (1)
09:01:45.0360 2388	lltdio          (f7611ec07349979da9b0ae1f18ccc7a6) C:\Windows\system32\DRIVERS\lltdio.sys
09:01:45.0477 2388	lltdio - ok
09:01:45.0638 2388	lltdsvc         (5700673e13a2117fa3b9020c852c01e2) C:\Windows\System32\lltdsvc.dll
09:01:45.0693 2388	lltdsvc - ok
09:01:45.0732 2388	lmhosts         (55ca01ba19d0006c8f2639b6c045e08b) C:\Windows\System32\lmhsvc.dll
09:01:45.0761 2388	lmhosts - ok
09:01:45.0935 2388	LSI_FC          (eb119a53ccf2acc000ac71b065b78fef) C:\Windows\system32\DRIVERS\lsi_fc.sys
09:01:45.0969 2388	LSI_FC - ok
09:01:46.0053 2388	LSI_SAS         (8ade1c877256a22e49b75d1cc9161f9c) C:\Windows\system32\DRIVERS\lsi_sas.sys
09:01:46.0076 2388	LSI_SAS - ok
09:01:46.0119 2388	LSI_SAS2        (dc9dc3d3daa0e276fd2ec262e38b11e9) C:\Windows\system32\DRIVERS\lsi_sas2.sys
09:01:46.0135 2388	LSI_SAS2 - ok
09:01:46.0174 2388	LSI_SCSI        (0a036c7d7cab643a7f07135ac47e0524) C:\Windows\system32\DRIVERS\lsi_scsi.sys
09:01:46.0191 2388	LSI_SCSI - ok
09:01:46.0239 2388	luafv           (6703e366cc18d3b6e534f5cf7df39cee) C:\Windows\system32\drivers\luafv.sys
09:01:46.0277 2388	luafv - ok
09:01:46.0455 2388	Mcx2Svc         (bfb9ee8ee977efe85d1a3105abef6dd1) C:\Windows\system32\Mcx2Svc.dll
09:01:46.0490 2388	Mcx2Svc - ok
09:01:46.0539 2388	megasas         (0fff5b045293002ab38eb1fd1fc2fb74) C:\Windows\system32\DRIVERS\megasas.sys
09:01:46.0551 2388	megasas - ok
09:01:46.0692 2388	MegaSR          (dcbab2920c75f390caf1d29f675d03d6) C:\Windows\system32\DRIVERS\MegaSR.sys
09:01:46.0728 2388	MegaSR - ok
09:01:47.0221 2388	Microsoft Office Groove Audit Service (123271bd5237ab991dc5c21fdf8835eb) C:\Program Files\Microsoft Office\Office12\GrooveAuditService.exe
09:01:47.0246 2388	Microsoft Office Groove Audit Service - ok
09:01:47.0545 2388	MMCSS           (146b6f43a673379a3c670e86d89be5ea) C:\Windows\system32\mmcss.dll
09:01:47.0668 2388	MMCSS - ok
09:01:47.0777 2388	Modem           (f001861e5700ee84e2d4e52c712f4964) C:\Windows\system32\drivers\modem.sys
09:01:47.0871 2388	Modem - ok
09:01:48.0230 2388	monitor         (79d10964de86b292320e9dfe02282a23) C:\Windows\system32\DRIVERS\monitor.sys
09:01:48.0467 2388	monitor - ok
09:01:48.0656 2388	mouclass        (fb18cc1d4c2e716b6b903b0ac0cc0609) C:\Windows\system32\DRIVERS\mouclass.sys
09:01:48.0668 2388	mouclass - ok
09:01:48.0773 2388	mouhid          (2c388d2cd01c9042596cf3c8f3c7b24d) C:\Windows\system32\DRIVERS\mouhid.sys
09:01:48.0827 2388	mouhid - ok
09:01:49.0080 2388	mountmgr        (fc8771f45ecccfd89684e38842539b9b) C:\Windows\system32\drivers\mountmgr.sys
09:01:49.0113 2388	mountmgr - ok
09:01:49.0210 2388	mpio            (2d699fb6e89ce0d8da14ecc03b3edfe0) C:\Windows\system32\drivers\mpio.sys
09:01:49.0229 2388	mpio - ok
09:01:49.0297 2388	mpsdrv          (ad2723a7b53dd1aacae6ad8c0bfbf4d0) C:\Windows\system32\drivers\mpsdrv.sys
09:01:49.0465 2388	mpsdrv - ok
09:01:49.0688 2388	MpsSvc          (9835584e999d25004e1ee8e5f3e3b881) C:\Windows\system32\mpssvc.dll
09:01:49.0812 2388	MpsSvc - ok
09:01:50.0045 2388	MRxDAV          (ceb46ab7c01c9f825f8cc6babc18166a) C:\Windows\system32\drivers\mrxdav.sys
09:01:50.0069 2388	MRxDAV - ok
09:01:50.0238 2388	mrxsmb          (5d16c921e3671636c0eba3bbaac5fd25) C:\Windows\system32\DRIVERS\mrxsmb.sys
09:01:50.0379 2388	mrxsmb - ok
09:01:50.0601 2388	mrxsmb10        (6d17a4791aca19328c685d256349fefc) C:\Windows\system32\DRIVERS\mrxsmb10.sys
09:01:50.0778 2388	mrxsmb10 - ok
09:01:51.0154 2388	mrxsmb20        (b81f204d146000be76651a50670a5e9e) C:\Windows\system32\DRIVERS\mrxsmb20.sys
09:01:51.0211 2388	mrxsmb20 - ok
09:01:51.0471 2388	msahci          (012c5f4e9349e711e11e0f19a8589f0a) C:\Windows\system32\drivers\msahci.sys
09:01:51.0498 2388	msahci - ok
09:01:51.0592 2388	msdsm           (55055f8ad8be27a64c831322a780a228) C:\Windows\system32\drivers\msdsm.sys
09:01:51.0621 2388	msdsm - ok
09:01:51.0673 2388	MSDTC           (e1bce74a3bd9902b72599c0192a07e27) C:\Windows\System32\msdtc.exe
09:01:51.0728 2388	MSDTC - ok
09:01:51.0959 2388	Msfs            (daefb28e3af5a76abcc2c3078c07327f) C:\Windows\system32\drivers\Msfs.sys
09:01:52.0079 2388	Msfs - ok
09:01:52.0248 2388	mshidkmdf       (3e1e5767043c5af9367f0056295e9f84) C:\Windows\System32\drivers\mshidkmdf.sys
09:01:52.0370 2388	mshidkmdf - ok
09:01:52.0726 2388	msisadrv        (0a4e5757ae09fa9622e3158cc1aef114) C:\Windows\system32\drivers\msisadrv.sys
09:01:52.0755 2388	msisadrv - ok
09:01:52.0896 2388	MSiSCSI         (90f7d9e6b6f27e1a707d4a297f077828) C:\Windows\system32\iscsiexe.dll
09:01:52.0980 2388	MSiSCSI - ok
09:01:53.0054 2388	msiserver - ok
09:01:53.0333 2388	MSKSSRV         (8c0860d6366aaffb6c5bb9df9448e631) C:\Windows\system32\drivers\MSKSSRV.sys
09:01:53.0514 2388	MSKSSRV - ok
09:01:53.0677 2388	MSPCLOCK        (3ea8b949f963562cedbb549eac0c11ce) C:\Windows\system32\drivers\MSPCLOCK.sys
09:01:53.0856 2388	MSPCLOCK - ok
09:01:54.0477 2388	MSPQM           (f456e973590d663b1073e9c463b40932) C:\Windows\system32\drivers\MSPQM.sys
09:01:54.0634 2388	MSPQM - ok
09:01:54.0923 2388	MsRPC           (0e008fc4819d238c51d7c93e7b41e560) C:\Windows\system32\drivers\MsRPC.sys
09:01:54.0952 2388	MsRPC - ok
09:01:55.0341 2388	mssmbios        (fc6b9ff600cc585ea38b12589bd4e246) C:\Windows\system32\drivers\mssmbios.sys
09:01:55.0367 2388	mssmbios - ok
09:01:55.0674 2388	MSTEE           (b42c6b921f61a6e55159b8be6cd54a36) C:\Windows\system32\drivers\MSTEE.sys
09:01:55.0720 2388	MSTEE - ok
09:01:55.0826 2388	MTConfig        (33599130f44e1f34631cea241de8ac84) C:\Windows\system32\DRIVERS\MTConfig.sys
09:01:55.0949 2388	MTConfig - ok
09:01:56.0003 2388	Mup             (159fad02f64e6381758c990f753bcc80) C:\Windows\system32\Drivers\mup.sys
09:01:56.0019 2388	Mup - ok
09:01:56.0092 2388	napagent        (61d57a5d7c6d9afe10e77dae6e1b445e) C:\Windows\system32\qagentRT.dll
09:01:56.0144 2388	napagent - ok
09:01:56.0264 2388	NativeWifiP     (26384429fcd85d83746f63e798ab1480) C:\Windows\system32\DRIVERS\nwifi.sys
09:01:56.0303 2388	NativeWifiP - ok
09:01:56.0624 2388	NDIS            (e7c54812a2aaf43316eb6930c1ffa108) C:\Windows\system32\drivers\ndis.sys
09:01:56.0672 2388	NDIS - ok
09:01:56.0860 2388	NdisCap         (0e1787aa6c9191d3d319e8bafe86f80c) C:\Windows\system32\DRIVERS\ndiscap.sys
09:01:57.0028 2388	NdisCap - ok
09:01:57.0192 2388	NdisTapi        (e4a8aec125a2e43a9e32afeea7c9c888) C:\Windows\system32\DRIVERS\ndistapi.sys
09:01:57.0292 2388	NdisTapi - ok
09:01:57.0456 2388	Ndisuio         (d8a65dafb3eb41cbb622745676fcd072) C:\Windows\system32\DRIVERS\ndisuio.sys
09:01:57.0507 2388	Ndisuio - ok
09:01:57.0593 2388	NdisWan         (38fbe267e7e6983311179230facb1017) C:\Windows\system32\DRIVERS\ndiswan.sys
09:01:57.0741 2388	NdisWan - ok
09:01:57.0886 2388	NDProxy         (a4bdc541e69674fbff1a8ff00be913f2) C:\Windows\system32\drivers\NDProxy.sys
09:01:58.0345 2388	NDProxy - ok
09:01:58.0940 2388	Nero BackItUp Scheduler 4.0 (b90e093e7a7250906f1054418b5339c0) C:\Program Files\Common Files\Nero\Nero BackItUp 4\NBService.exe
09:01:59.0027 2388	Nero BackItUp Scheduler 4.0 - ok
09:01:59.0211 2388	NetBIOS         (80b275b1ce3b0e79909db7b39af74d51) C:\Windows\system32\DRIVERS\netbios.sys
09:01:59.0334 2388	NetBIOS - ok
09:01:59.0524 2388	NetBT           (280122ddcf04b378edd1ad54d71c1e54) C:\Windows\system32\DRIVERS\netbt.sys
09:01:59.0763 2388	NetBT - ok
09:02:00.0092 2388	Netlogon        (81951f51e318aecc2d68559e47485cc4) C:\Windows\system32\lsass.exe
09:02:00.0129 2388	Netlogon - ok
09:02:00.0285 2388	Netman          (7cccfca7510684768da22092d1fa4db2) C:\Windows\System32\netman.dll
09:02:00.0569 2388	Netman - ok
09:02:00.0786 2388	netprofm        (8c338238c16777a802d6a9211eb2ba50) C:\Windows\System32\netprofm.dll
09:02:00.0906 2388	netprofm - ok
09:02:01.0354 2388	NetTcpPortSharing (f476ec40033cdb91efbe73eb99b8362d) C:\Windows\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\SMSvcHost.exe
09:02:01.0380 2388	NetTcpPortSharing - ok
09:02:02.0008 2388	NETw5s32        (5b2dfa9c5c02ddf2a113cc0f551b59df) C:\Windows\system32\DRIVERS\NETw5s32.sys
09:02:02.0390 2388	NETw5s32 - ok
09:02:02.0748 2388	netw5v32        (58218ec6b61b1169cf54aab0d00f5fe2) C:\Windows\system32\DRIVERS\netw5v32.sys
09:02:03.0280 2388	netw5v32 - ok
09:02:03.0508 2388	nfrd960         (1d85c4b390b0ee09c7a46b91efb2c097) C:\Windows\system32\DRIVERS\nfrd960.sys
09:02:03.0539 2388	nfrd960 - ok
09:02:03.0845 2388	NlaSvc          (912084381d30d8b89ec4e293053f4710) C:\Windows\System32\nlasvc.dll
09:02:04.0142 2388	NlaSvc - ok
09:02:04.0325 2388	Npfs            (1db262a9f8c087e8153d89bef3d2235f) C:\Windows\system32\drivers\Npfs.sys
09:02:04.0433 2388	Npfs - ok
09:02:04.0560 2388	nsi             (ba387e955e890c8a88306d9b8d06bf17) C:\Windows\system32\nsisvc.dll
09:02:04.0617 2388	nsi - ok
09:02:04.0830 2388	nsiproxy        (e9a0a4d07e53d8fea2bb8387a3293c58) C:\Windows\system32\drivers\nsiproxy.sys
09:02:04.0943 2388	nsiproxy - ok
09:02:05.0334 2388	Ntfs            (81189c3d7763838e55c397759d49007a) C:\Windows\system32\drivers\Ntfs.sys
09:02:05.0429 2388	Ntfs - ok
09:02:05.0785 2388	NuidFltr        (37be10ff10a92031fc5a01e8363925cc) C:\Windows\system32\DRIVERS\NuidFltr.sys
09:02:05.0809 2388	NuidFltr - ok
09:02:05.0986 2388	Null            (f9756a98d69098dca8945d62858a812c) C:\Windows\system32\drivers\Null.sys
09:02:06.0113 2388	Null - ok
09:02:06.0676 2388	nvlddmkm        (24000b817cc84ac1555f41929879af5a) C:\Windows\system32\DRIVERS\nvlddmkm.sys
09:02:06.0844 2388	nvlddmkm - ok
09:02:07.0029 2388	nvraid          (b3e25ee28883877076e0e1ff877d02e0) C:\Windows\system32\drivers\nvraid.sys
09:02:07.0064 2388	nvraid - ok
09:02:07.0242 2388	nvstor          (4380e59a170d88c4f1022eff6719a8a4) C:\Windows\system32\drivers\nvstor.sys
09:02:07.0276 2388	nvstor - ok
09:02:07.0476 2388	nvsvc           (c4d17f11526f87bc762f31da5bd2580b) C:\Windows\system32\nvvsvc.exe
09:02:07.0510 2388	nvsvc - ok
09:02:07.0872 2388	nv_agp          (5a0983915f02bae73267cc2a041f717d) C:\Windows\system32\drivers\nv_agp.sys
09:02:07.0906 2388	nv_agp - ok
09:02:08.0208 2388	odserv          (785f487a64950f3cb8e9f16253ba3b7b) C:\Program Files\Common Files\Microsoft Shared\OFFICE12\ODSERV.EXE
09:02:08.0247 2388	odserv - ok
09:02:08.0484 2388	ohci1394        (08a70a1f2cdde9bb49b885cb817a66eb) C:\Windows\system32\drivers\ohci1394.sys
09:02:08.0598 2388	ohci1394 - ok
09:02:08.0811 2388	ose             (5a432a042dae460abe7199b758e8606c) C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE
09:02:08.0827 2388	ose - ok
09:02:09.0067 2388	p2pimsvc        (82a8521ddc60710c3d3d3e7325209bec) C:\Windows\system32\pnrpsvc.dll
09:02:09.0137 2388	p2pimsvc - ok
09:02:09.0248 2388	p2psvc          (59c3ddd501e39e006dac31bf55150d91) C:\Windows\system32\p2psvc.dll
09:02:09.0307 2388	p2psvc - ok
09:02:09.0485 2388	Parport         (2ea877ed5dd9713c5ac74e8ea7348d14) C:\Windows\system32\DRIVERS\parport.sys
09:02:09.0557 2388	Parport - ok
09:02:09.0670 2388	partmgr         (bf8f6af06da75b336f07e23aef97d93b) C:\Windows\system32\drivers\partmgr.sys
09:02:09.0702 2388	partmgr - ok
09:02:09.0778 2388	Parvdm          (eb0a59f29c19b86479d36b35983daadc) C:\Windows\system32\DRIVERS\parvdm.sys
09:02:09.0875 2388	Parvdm - ok
09:02:09.0922 2388	PcaSvc          (358ab7956d3160000726574083dfc8a6) C:\Windows\System32\pcasvc.dll
09:02:09.0958 2388	PcaSvc - ok
09:02:10.0124 2388	pci             (673e55c3498eb970088e812ea820aa8f) C:\Windows\system32\drivers\pci.sys
09:02:10.0156 2388	pci - ok
09:02:10.0213 2388	pciide          (afe86f419014db4e5593f69ffe26ce0a) C:\Windows\system32\drivers\pciide.sys
09:02:10.0225 2388	pciide - ok
09:02:10.0291 2388	pcmcia          (f396431b31693e71e8a80687ef523506) C:\Windows\system32\DRIVERS\pcmcia.sys
09:02:10.0307 2388	pcmcia - ok
09:02:10.0345 2388	pcw             (250f6b43d2b613172035c6747aeeb19f) C:\Windows\system32\drivers\pcw.sys
09:02:10.0358 2388	pcw - ok
09:02:10.0438 2388	PEAUTH          (9e0104ba49f4e6973749a02bf41344ed) C:\Windows\system32\drivers\peauth.sys
09:02:10.0507 2388	PEAUTH - ok
09:02:10.0619 2388	PeerDistSvc     (af4d64d2a57b9772cf3801950b8058a6) C:\Windows\system32\peerdistsvc.dll
09:02:10.0672 2388	PeerDistSvc - ok
09:02:10.0792 2388	pla             (414bba67a3ded1d28437eb66aeb8a720) C:\Windows\system32\pla.dll
09:02:10.0917 2388	pla - ok
09:02:11.0321 2388	PlugPlay        (ec7bc28d207da09e79b3e9faf8b232ca) C:\Windows\system32\umpnpmgr.dll
09:02:11.0401 2388	PlugPlay - ok
09:02:11.0696 2388	PNRPAutoReg     (63ff8572611249931eb16bb8eed6afc8) C:\Windows\system32\pnrpauto.dll
09:02:11.0826 2388	PNRPAutoReg - ok
09:02:11.0947 2388	PNRPsvc         (82a8521ddc60710c3d3d3e7325209bec) C:\Windows\system32\pnrpsvc.dll
09:02:11.0973 2388	PNRPsvc - ok
09:02:12.0218 2388	Point32         (7d7a9c17d5455203dea11e5ef886cc59) C:\Windows\system32\DRIVERS\point32.sys
09:02:12.0241 2388	Point32 - ok
09:02:12.0361 2388	PolicyAgent     (53946b69ba0836bd95b03759530c81ec) C:\Windows\System32\ipsecsvc.dll
09:02:12.0453 2388	PolicyAgent - ok
09:02:12.0577 2388	Power           (f87d30e72e03d579a5199ccb3831d6ea) C:\Windows\system32\umpo.dll
09:02:12.0630 2388	Power - ok
09:02:12.0788 2388	PptpMiniport    (631e3e205ad6d86f2aed6a4a8e69f2db) C:\Windows\system32\DRIVERS\raspptp.sys
09:02:12.0957 2388	PptpMiniport - ok
09:02:13.0109 2388	Processor       (85b1e3a0c7585bc4aae6899ec6fcf011) C:\Windows\system32\DRIVERS\processr.sys
09:02:13.0209 2388	Processor - ok
09:02:13.0457 2388	ProfSvc         (43ca4ccc22d52fb58e8988f0198851d0) C:\Windows\system32\profsvc.dll
09:02:13.0527 2388	ProfSvc - ok
09:02:13.0834 2388	ProtectedStorage (81951f51e318aecc2d68559e47485cc4) C:\Windows\system32\lsass.exe
09:02:13.0871 2388	ProtectedStorage - ok
09:02:14.0163 2388	Psched          (6270ccae2a86de6d146529fe55b3246a) C:\Windows\system32\DRIVERS\pacer.sys
09:02:14.0346 2388	Psched - ok
09:02:14.0569 2388	ql2300          (ab95ecf1f6659a60ddc166d8315b0751) C:\Windows\system32\DRIVERS\ql2300.sys
09:02:14.0668 2388	ql2300 - ok
09:02:14.0728 2388	ql40xx          (b4dd51dd25182244b86737dc51af2270) C:\Windows\system32\DRIVERS\ql40xx.sys
09:02:14.0753 2388	ql40xx - ok
09:02:14.0990 2388	QWAVE           (31ac809e7707eb580b2bdb760390765a) C:\Windows\system32\qwave.dll
09:02:15.0054 2388	QWAVE - ok
09:02:15.0218 2388	QWAVEdrv        (584078ca1b95ca72df2a27c336f9719d) C:\Windows\system32\drivers\qwavedrv.sys
09:02:15.0257 2388	QWAVEdrv - ok
09:02:15.0286 2388	RasAcd          (30a81b53c766d0133bb86d234e5556ab) C:\Windows\system32\DRIVERS\rasacd.sys
09:02:15.0331 2388	RasAcd - ok
09:02:15.0390 2388	RasAgileVpn     (57ec4aef73660166074d8f7f31c0d4fd) C:\Windows\system32\DRIVERS\AgileVpn.sys
09:02:15.0439 2388	RasAgileVpn - ok
09:02:15.0484 2388	RasAuto         (a60f1839849c0c00739787fd5ec03f13) C:\Windows\System32\rasauto.dll
09:02:15.0517 2388	RasAuto - ok
09:02:15.0549 2388	Rasl2tp         (d9f91eafec2815365cbe6d167e4e332a) C:\Windows\system32\DRIVERS\rasl2tp.sys
09:02:15.0580 2388	Rasl2tp - ok
09:02:15.0663 2388	RasMan          (cb9e04dc05eacf5b9a36ca276d475006) C:\Windows\System32\rasmans.dll
09:02:15.0804 2388	RasMan - ok
09:02:15.0990 2388	RasPppoe        (0fe8b15916307a6ac12bfb6a63e45507) C:\Windows\system32\DRIVERS\raspppoe.sys
09:02:16.0344 2388	RasPppoe - ok
09:02:16.0646 2388	RasSstp         (44101f495a83ea6401d886e7fd70096b) C:\Windows\system32\DRIVERS\rassstp.sys
09:02:16.0970 2388	RasSstp - ok
09:02:17.0180 2388	rdbss           (d528bc58a489409ba40334ebf96a311b) C:\Windows\system32\DRIVERS\rdbss.sys
09:02:17.0253 2388	rdbss - ok
09:02:17.0331 2388	rdpbus          (0d8f05481cb76e70e1da06ee9f0da9df) C:\Windows\system32\DRIVERS\rdpbus.sys
09:02:17.0537 2388	rdpbus - ok
09:02:17.0699 2388	RDPCDD          (23dae03f29d253ae74c44f99e515f9a1) C:\Windows\system32\DRIVERS\RDPCDD.sys
09:02:17.0791 2388	RDPCDD - ok
09:02:17.0969 2388	RDPDR           (b973fcfc50dc1434e1970a146f7e3885) C:\Windows\system32\drivers\rdpdr.sys
09:02:18.0007 2388	RDPDR - ok
09:02:18.0141 2388	RDPENCDD        (5a53ca1598dd4156d44196d200c94b8a) C:\Windows\system32\drivers\rdpencdd.sys
09:02:18.0319 2388	RDPENCDD - ok
09:02:18.0544 2388	RDPREFMP        (44b0a53cd4f27d50ed461dae0c0b4e1f) C:\Windows\system32\drivers\rdprefmp.sys
09:02:18.0595 2388	RDPREFMP - ok
09:02:18.0891 2388	RdpVideoMiniport (68a0387f58e226deee23d9715955572a) C:\Windows\system32\drivers\rdpvideominiport.sys
09:02:19.0126 2388	RdpVideoMiniport - ok
09:02:19.0384 2388	RDPWD           (244c83332f44589ae98fc347f11b2693) C:\Windows\system32\drivers\RDPWD.sys
09:02:19.0462 2388	RDPWD - ok
09:02:19.0625 2388	rdyboost        (518395321dc96fe2c9f0e96ac743b656) C:\Windows\system32\drivers\rdyboost.sys
09:02:19.0662 2388	rdyboost - ok
09:02:19.0931 2388	RemoteAccess    (7b5e1419717fac363a31cc302895217a) C:\Windows\System32\mprdim.dll
09:02:20.0011 2388	RemoteAccess - ok
09:02:20.0134 2388	RemoteRegistry  (cb9a8683f4ef2bf99e123d79950d7935) C:\Windows\system32\regsvc.dll
09:02:20.0191 2388	RemoteRegistry - ok
09:02:20.0219 2388	RpcEptMapper    (78d072f35bc45d9e4e1b61895c152234) C:\Windows\System32\RpcEpMap.dll
09:02:20.0250 2388	RpcEptMapper - ok
09:02:20.0329 2388	RpcLocator      (94d36c0e44677dd26981d2bfeef2a29d) C:\Windows\system32\locator.exe
09:02:20.0407 2388	RpcLocator - ok
09:02:20.0502 2388	RpcSs           (7660f01d3b38aca1747e397d21d790af) C:\Windows\system32\rpcss.dll
09:02:20.0554 2388	RpcSs - ok
09:02:20.0676 2388	rspndr          (032b0d36ad92b582d869879f5af5b928) C:\Windows\system32\DRIVERS\rspndr.sys
09:02:20.0766 2388	rspndr - ok
09:02:21.0035 2388	RTL8167         (3983cea05bb855351d75f5482b6c42ce) C:\Windows\system32\DRIVERS\Rt86win7.sys
09:02:21.0121 2388	RTL8167 - ok
09:02:21.0319 2388	s3cap           (7fa7f2e249a5dcbb7970630e15e1f482) C:\Windows\system32\drivers\vms3cap.sys
09:02:21.0419 2388	s3cap - ok
09:02:21.0516 2388	SamSs           (81951f51e318aecc2d68559e47485cc4) C:\Windows\system32\lsass.exe
09:02:21.0535 2388	SamSs - ok
09:02:21.0744 2388	sbp2port        (05d860da1040f111503ac416ccef2bca) C:\Windows\system32\drivers\sbp2port.sys
09:02:21.0771 2388	sbp2port - ok
09:02:21.0973 2388	SCardSvr        (8fc518ffe9519c2631d37515a68009c4) C:\Windows\System32\SCardSvr.dll
09:02:22.0012 2388	SCardSvr - ok
09:02:22.0226 2388	scfilter        (0693b5ec673e34dc147e195779a4dcf6) C:\Windows\system32\DRIVERS\scfilter.sys
09:02:22.0323 2388	scfilter - ok
09:02:22.0504 2388	Schedule        (a04bb13f8a72f8b6e8b4071723e4e336) C:\Windows\system32\schedsvc.dll
09:02:22.0651 2388	Schedule - ok
09:02:22.0741 2388	SCPolicySvc     (319c6b309773d063541d01df8ac6f55f) C:\Windows\System32\certprop.dll
09:02:22.0776 2388	SCPolicySvc - ok
09:02:22.0934 2388	sdbus           (0328be1c7f1cba23848179f8762e391c) C:\Windows\system32\drivers\sdbus.sys
09:02:23.0177 2388	sdbus - ok
09:02:23.0393 2388	SDRSVC          (08236c4bce5edd0a0318a438af28e0f7) C:\Windows\System32\SDRSVC.dll
09:02:23.0465 2388	SDRSVC - ok
09:02:23.0597 2388	secdrv          (90a3935d05b494a5a39d37e71f09a677) C:\Windows\system32\drivers\secdrv.sys
09:02:23.0661 2388	secdrv - ok
09:02:23.0715 2388	seclogon        (a59b3a4442c52060cc7a85293aa3546f) C:\Windows\system32\seclogon.dll
09:02:23.0797 2388	seclogon - ok
09:02:23.0874 2388	SENS            (dcb7fcdcc97f87360f75d77425b81737) C:\Windows\System32\sens.dll
09:02:23.0957 2388	SENS - ok
09:02:23.0982 2388	SensrSvc        (50087fe1ee447009c9cc2997b90de53f) C:\Windows\system32\sensrsvc.dll
09:02:24.0065 2388	SensrSvc - ok
09:02:24.0236 2388	Serenum         (9ad8b8b515e3df6acd4212ef465de2d1) C:\Windows\system32\DRIVERS\serenum.sys
09:02:24.0255 2388	Serenum - ok
09:02:24.0283 2388	Serial          (5fb7fcea0490d821f26f39cc5ea3d1e2) C:\Windows\system32\DRIVERS\serial.sys
09:02:24.0344 2388	Serial - ok
09:02:24.0432 2388	sermouse        (79bffb520327ff916a582dfea17aa813) C:\Windows\system32\DRIVERS\sermouse.sys
09:02:24.0447 2388	sermouse - ok
09:02:24.0517 2388	SessionEnv      (4ae380f39a0032eab7dd953030b26d28) C:\Windows\system32\sessenv.dll
09:02:24.0600 2388	SessionEnv - ok
09:02:24.0700 2388	sffdisk         (9f976e1eb233df46fce808d9dea3eb9c) C:\Windows\system32\drivers\sffdisk.sys
09:02:24.0747 2388	sffdisk - ok
09:02:24.0782 2388	sffp_mmc        (932a68ee27833cfd57c1639d375f2731) C:\Windows\system32\drivers\sffp_mmc.sys
09:02:24.0830 2388	sffp_mmc - ok
09:02:24.0877 2388	sffp_sd         (6d4ccaedc018f1cf52866bbbaa235982) C:\Windows\system32\drivers\sffp_sd.sys
09:02:24.0895 2388	sffp_sd - ok
09:02:24.0923 2388	sfloppy         (db96666cc8312ebc45032f30b007a547) C:\Windows\system32\DRIVERS\sfloppy.sys
09:02:24.0938 2388	sfloppy - ok
09:02:24.0988 2388	SharedAccess    (d1a079a0de2ea524513b6930c24527a2) C:\Windows\System32\ipnathlp.dll
09:02:25.0051 2388	SharedAccess - ok
09:02:25.0163 2388	ShellHWDetection (414da952a35bf5d50192e28263b40577) C:\Windows\System32\shsvcs.dll
09:02:25.0221 2388	ShellHWDetection - ok
09:02:25.0356 2388	sisagp          (2565cac0dc9fe0371bdce60832582b2e) C:\Windows\system32\drivers\sisagp.sys
09:02:25.0369 2388	sisagp - ok
09:02:25.0446 2388	SiSRaid2        (a9f0486851becb6dda1d89d381e71055) C:\Windows\system32\DRIVERS\SiSRaid2.sys
09:02:25.0460 2388	SiSRaid2 - ok
09:02:25.0485 2388	SiSRaid4        (3727097b55738e2f554972c3be5bc1aa) C:\Windows\system32\DRIVERS\sisraid4.sys
09:02:25.0499 2388	SiSRaid4 - ok
09:02:25.0563 2388	Smb             (3e21c083b8a01cb70ba1f09303010fce) C:\Windows\system32\DRIVERS\smb.sys
09:02:25.0594 2388	Smb - ok
09:02:25.0681 2388	SNMPTRAP        (6a984831644eca1a33ffeae4126f4f37) C:\Windows\System32\snmptrap.exe
09:02:25.0698 2388	SNMPTRAP - ok
09:02:25.0765 2388	spldr           (95cf1ae7527fb70f7816563cbc09d942) C:\Windows\system32\drivers\spldr.sys
09:02:25.0791 2388	spldr - ok
09:02:25.0886 2388	Spooler         (866a43013535dc8587c258e43579c764) C:\Windows\System32\spoolsv.exe
09:02:25.0919 2388	Spooler - ok
09:02:26.0087 2388	sppsvc          (cf87a1de791347e75b98885214ced2b8) C:\Windows\system32\sppsvc.exe
09:02:26.0227 2388	sppsvc - ok
09:02:26.0323 2388	sppuinotify     (b0180b20b065d89232a78a40fe56eaa6) C:\Windows\system32\sppuinotify.dll
09:02:26.0353 2388	sppuinotify - ok
09:02:26.0496 2388	sptd            (cdddec541bc3c96f91ecb48759673505) C:\Windows\system32\Drivers\sptd.sys
09:02:26.0497 2388	Suspicious file (NoAccess): C:\Windows\system32\Drivers\sptd.sys. md5: cdddec541bc3c96f91ecb48759673505
09:02:26.0500 2388	sptd ( LockedFile.Multi.Generic ) - warning
09:02:26.0500 2388	sptd - detected LockedFile.Multi.Generic (1)
09:02:26.0576 2388	srv             (e4c2764065d66ea1d2d3ebc28fe99c46) C:\Windows\system32\DRIVERS\srv.sys
09:02:26.0650 2388	srv - ok
09:02:26.0729 2388	srv2            (03f0545bd8d4c77fa0ae1ceedfcc71ab) C:\Windows\system32\DRIVERS\srv2.sys
09:02:26.0785 2388	srv2 - ok
09:02:26.0852 2388	srvnet          (be6bd660caa6f291ae06a718a4fa8abc) C:\Windows\system32\DRIVERS\srvnet.sys
09:02:26.0867 2388	srvnet - ok
09:02:26.0960 2388	sscdbus         (ffe42941e0326c322f40b0b79a46493c) C:\Windows\system32\DRIVERS\sscdbus.sys
09:02:26.0972 2388	sscdbus - ok
09:02:27.0063 2388	sscdmdfl        (a68e7d87adfbb8c50d88cd58230c6819) C:\Windows\system32\DRIVERS\sscdmdfl.sys
09:02:27.0075 2388	sscdmdfl - ok
09:02:27.0135 2388	sscdmdm         (b534b24151281856ec2f69ed3d6d60dd) C:\Windows\system32\DRIVERS\sscdmdm.sys
09:02:27.0147 2388	sscdmdm - ok
09:02:27.0221 2388	SSDPSRV         (d887c9fd02ac9fa880f6e5027a43e118) C:\Windows\System32\ssdpsrv.dll
09:02:27.0284 2388	SSDPSRV - ok
09:02:27.0423 2388	ssmdrv          (a36ee93698802cd899f98bfd553d8185) C:\Windows\system32\DRIVERS\ssmdrv.sys
09:02:27.0434 2388	ssmdrv - ok
09:02:27.0513 2388	SstpSvc         (d318f23be45d5e3a107469eb64815b50) C:\Windows\system32\sstpsvc.dll
09:02:27.0595 2388	SstpSvc - ok
09:02:27.0771 2388	STacSV          (05ae358cd777bf8857f512a18e1de7aa) C:\Windows\System32\DriverStore\FileRepository\stwrt.inf_x86_neutral_8e7d5b9d3a91d8c5\STacSV.exe
09:02:27.0833 2388	STacSV - ok
09:02:28.0061 2388	StarWindServiceAE (b1691af4a072cb674d600db16dd7308e) C:\Program Files\Alcohol Soft\Alcohol 120\StarWind\StarWindServiceAE.exe
09:02:28.0109 2388	StarWindServiceAE ( UnsignedFile.Multi.Generic ) - warning
09:02:28.0109 2388	StarWindServiceAE - detected UnsignedFile.Multi.Generic (1)
09:02:28.0271 2388	stexstor        (db32d325c192b801df274bfd12a7e72b) C:\Windows\system32\DRIVERS\stexstor.sys
09:02:28.0288 2388	stexstor - ok
09:02:28.0616 2388	STHDA           (e69a606872650b46de54ec15dcc93529) C:\Windows\system32\DRIVERS\stwrt.sys
09:02:28.0668 2388	STHDA - ok
09:02:28.0918 2388	StiSvc          (e1fb3706030fb4578a0d72c2fc3689e4) C:\Windows\System32\wiaservc.dll
09:02:28.0993 2388	StiSvc - ok
09:02:29.0214 2388	storflt         (472af0311073dceceaa8fa18ba2bdf89) C:\Windows\system32\drivers\vmstorfl.sys
09:02:29.0239 2388	storflt - ok
09:02:29.0433 2388	storvsc         (dcaffd62259e0bdb433dd67b5bb37619) C:\Windows\system32\drivers\storvsc.sys
09:02:29.0454 2388	storvsc - ok
09:02:29.0602 2388	swenum          (e58c78a848add9610a4db6d214af5224) C:\Windows\system32\drivers\swenum.sys
09:02:29.0627 2388	swenum - ok
09:02:29.0691 2388	swprv           (a28bd92df340e57b024ba433165d34d7) C:\Windows\System32\swprv.dll
09:02:29.0762 2388	swprv - ok
09:02:29.0823 2388	Synth3dVsc - ok
09:02:30.0027 2388	SynTP           (067cb9d745407a8c1b26e89a6a2ce152) C:\Windows\system32\DRIVERS\SynTP.sys
09:02:30.0052 2388	SynTP - ok
09:02:30.0239 2388	SysMain         (36650d618ca34c9d357dfd3d89b2c56f) C:\Windows\system32\sysmain.dll
09:02:30.0296 2388	SysMain - ok
09:02:30.0448 2388	TabletInputService (763fecdc3d30c815fe72dd57936c6cd1) C:\Windows\System32\TabSvc.dll
09:02:30.0561 2388	TabletInputService - ok
09:02:30.0727 2388	TapiSrv         (613bf4820361543956909043a265c6ac) C:\Windows\System32\tapisrv.dll
09:02:30.0774 2388	TapiSrv - ok
09:02:30.0805 2388	TBS             (b799d9fdb26111737f58288d8dc172d9) C:\Windows\System32\tbssvc.dll
09:02:30.0837 2388	TBS - ok
09:02:31.0114 2388	Tcpip           (65d10b191c59c5501a1263fc33f6894b) C:\Windows\system32\drivers\tcpip.sys
09:02:31.0214 2388	Tcpip - ok
09:02:31.0558 2388	TCPIP6          (65d10b191c59c5501a1263fc33f6894b) C:\Windows\system32\DRIVERS\tcpip.sys
09:02:31.0600 2388	TCPIP6 - ok
09:02:31.0893 2388	tcpipBM         (fbf08035b75e52d99d81ea8eddba5f9c) C:\Windows\system32\drivers\tcpipBM.sys
09:02:32.0076 2388	tcpipBM ( UnsignedFile.Multi.Generic ) - warning
09:02:32.0076 2388	tcpipBM - detected UnsignedFile.Multi.Generic (1)
09:02:32.0415 2388	tcpipreg        (cca24162e055c3714ce5a88b100c64ed) C:\Windows\system32\drivers\tcpipreg.sys
09:02:32.0542 2388	tcpipreg - ok
09:02:32.0882 2388	TDPIPE          (1cb91b2bd8f6dd367dfc2ef26fd751b2) C:\Windows\system32\drivers\tdpipe.sys
09:02:33.0045 2388	TDPIPE - ok
09:02:33.0590 2388	TDTCP           (2c2c5afe7ee4f620d69c23c0617651a8) C:\Windows\system32\drivers\tdtcp.sys
09:02:33.0764 2388	TDTCP - ok
09:02:34.0210 2388	tdx             (b459575348c20e8121d6039da063c704) C:\Windows\system32\DRIVERS\tdx.sys
09:02:34.0550 2388	tdx - ok
09:02:34.0733 2388	TermDD          (04dbf4b01ea4bf25a9a3e84affac9b20) C:\Windows\system32\drivers\termdd.sys
09:02:34.0759 2388	TermDD - ok
09:02:34.0905 2388	TermService     (382c804c92811be57829d8e550a900e2) C:\Windows\System32\termsrv.dll
09:02:35.0017 2388	TermService - ok
09:02:35.0156 2388	Themes          (42fb6afd6b79d9fe07381609172e7ca4) C:\Windows\system32\themeservice.dll
09:02:35.0204 2388	Themes - ok
09:02:35.0309 2388	THREADORDER     (146b6f43a673379a3c670e86d89be5ea) C:\Windows\system32\mmcss.dll
09:02:35.0347 2388	THREADORDER - ok
09:02:35.0456 2388	TrkWks          (4792c0378db99a9bc2ae2de6cfff0c3a) C:\Windows\System32\trkwks.dll
09:02:35.0579 2388	TrkWks - ok
09:02:35.0752 2388	TrustedInstaller (2c49b175aee1d4364b91b531417fe583) C:\Windows\servicing\TrustedInstaller.exe
09:02:35.0824 2388	TrustedInstaller - ok
09:02:35.0989 2388	tssecsrv        (254bb140eee3c59d6114c1a86b636877) C:\Windows\system32\DRIVERS\tssecsrv.sys
09:02:36.0036 2388	tssecsrv - ok
09:02:36.0209 2388	TsUsbFlt        (fd1d6c73e6333be727cbcc6054247654) C:\Windows\system32\drivers\tsusbflt.sys
09:02:36.0317 2388	TsUsbFlt - ok
09:02:36.0516 2388	tsusbhub - ok
09:02:36.0681 2388	tunnel          (b2fa25d9b17a68bb93d58b0556e8c90d) C:\Windows\system32\DRIVERS\tunnel.sys
09:02:36.0926 2388	tunnel - ok
09:02:37.0053 2388	uagp35          (750fbcb269f4d7dd2e420c56b795db6d) C:\Windows\system32\DRIVERS\uagp35.sys
09:02:37.0085 2388	uagp35 - ok
09:02:37.0309 2388	udfs            (ee43346c7e4b5e63e54f927babbb32ff) C:\Windows\system32\DRIVERS\udfs.sys
09:02:37.0412 2388	udfs - ok
09:02:37.0540 2388	UI0Detect       (8344fd4fce927880aa1aa7681d4927e5) C:\Windows\system32\UI0Detect.exe
09:02:37.0616 2388	UI0Detect - ok
09:02:37.0836 2388	uliagpkx        (44e8048ace47befbfdc2e9be4cbc8880) C:\Windows\system32\drivers\uliagpkx.sys
09:02:37.0857 2388	uliagpkx - ok
09:02:38.0001 2388	umbus           (d295bed4b898f0fd999fcfa9b32b071b) C:\Windows\system32\drivers\umbus.sys
09:02:38.0218 2388	umbus - ok
09:02:38.0391 2388	UmPass          (7550ad0c6998ba1cb4843e920ee0feac) C:\Windows\system32\DRIVERS\umpass.sys
09:02:38.0421 2388	UmPass - ok
09:02:38.0578 2388	UmRdpService    (409994a8eaceee4e328749c0353527a0) C:\Windows\System32\umrdp.dll
09:02:38.0681 2388	UmRdpService - ok
09:02:38.0925 2388	upnphost        (833fbb672460efce8011d262175fad33) C:\Windows\System32\upnphost.dll
09:02:38.0982 2388	upnphost - ok
09:02:39.0088 2388	USBAAPL         (5c2bdc152bbab34f36473deaf7713f22) C:\Windows\system32\Drivers\usbaapl.sys
09:02:39.0165 2388	USBAAPL - ok
09:02:39.0357 2388	usbccgp         (bd9c55d7023c5de374507acc7a14e2ac) C:\Windows\system32\DRIVERS\usbccgp.sys
09:02:39.0402 2388	usbccgp - ok
09:02:39.0634 2388	usbcir          (04ec7cec62ec3b6d9354eee93327fc82) C:\Windows\system32\drivers\usbcir.sys
09:02:39.0737 2388	usbcir - ok
09:02:39.0846 2388	usbehci         (f92de757e4b7ce9c07c5e65423f3ae3b) C:\Windows\system32\drivers\usbehci.sys
09:02:39.0870 2388	usbehci - ok
09:02:39.0974 2388	usbhub          (8dc94aec6a7e644a06135ae7506dc2e9) C:\Windows\system32\DRIVERS\usbhub.sys
09:02:40.0031 2388	usbhub - ok
09:02:40.0105 2388	usbohci         (e185d44fac515a18d9deddc23c2cdf44) C:\Windows\system32\drivers\usbohci.sys
09:02:40.0231 2388	usbohci - ok
09:02:40.0291 2388	usbprint        (797d862fe0875e75c7cc4c1ad7b30252) C:\Windows\system32\DRIVERS\usbprint.sys
09:02:40.0311 2388	usbprint - ok
09:02:40.0366 2388	usbscan         (576096ccbc07e7c4ea4f5e6686d6888f) C:\Windows\system32\DRIVERS\usbscan.sys
09:02:40.0411 2388	usbscan - ok
09:02:40.0531 2388	USBSTOR         (f991ab9cc6b908db552166768176896a) C:\Windows\system32\DRIVERS\USBSTOR.SYS
09:02:40.0556 2388	USBSTOR - ok
09:02:40.0683 2388	usbuhci         (68df884cf41cdada664beb01daf67e3d) C:\Windows\system32\drivers\usbuhci.sys
09:02:40.0718 2388	usbuhci - ok
09:02:40.0910 2388	usbvideo        (45f4e7bf43db40a6c6b4d92c76cbc3f2) C:\Windows\System32\Drivers\usbvideo.sys
09:02:41.0053 2388	usbvideo - ok
09:02:41.0236 2388	UxSms           (081e6e1c91aec36758902a9f727cd23c) C:\Windows\System32\uxsms.dll
09:02:41.0288 2388	UxSms - ok
09:02:41.0441 2388	VaultSvc        (81951f51e318aecc2d68559e47485cc4) C:\Windows\system32\lsass.exe
09:02:41.0456 2388	VaultSvc - ok
09:02:41.0731 2388	vdrvroot        (a059c4c3edb09e07d21a8e5c0aabd3cb) C:\Windows\system32\drivers\vdrvroot.sys
09:02:41.0766 2388	vdrvroot - ok
09:02:41.0972 2388	vds             (c3cd30495687c2a2f66a65ca6fd89be9) C:\Windows\System32\vds.exe
09:02:42.0136 2388	vds - ok
09:02:42.0403 2388	vga             (17c408214ea61696cec9c66e388b14f3) C:\Windows\system32\DRIVERS\vgapnp.sys
09:02:42.0690 2388	vga - ok
09:02:42.0818 2388	VgaSave         (8e38096ad5c8570a6f1570a61e251561) C:\Windows\System32\drivers\vga.sys
09:02:42.0869 2388	VgaSave - ok
09:02:42.0919 2388	VGPU - ok
09:02:43.0044 2388	vhdmp           (5461686cca2fda57b024547733ab42e3) C:\Windows\system32\drivers\vhdmp.sys
09:02:43.0073 2388	vhdmp - ok
09:02:43.0367 2388	viaagp          (c829317a37b4bea8f39735d4b076e923) C:\Windows\system32\drivers\viaagp.sys
09:02:43.0398 2388	viaagp - ok
09:02:43.0536 2388	ViaC7           (e02f079a6aa107f06b16549c6e5c7b74) C:\Windows\system32\DRIVERS\viac7.sys
09:02:43.0619 2388	ViaC7 - ok
09:02:43.0815 2388	viaide          (e43574f6a56a0ee11809b48c09e4fd3c) C:\Windows\system32\drivers\viaide.sys
09:02:43.0845 2388	viaide - ok
09:02:43.0969 2388	vmbus           (c2f2911156fdc7817c52829c86da494e) C:\Windows\system32\drivers\vmbus.sys
09:02:44.0001 2388	vmbus - ok
09:02:44.0122 2388	VMBusHID        (d4d77455211e204f370d08f4963063ce) C:\Windows\system32\drivers\VMBusHID.sys
09:02:44.0157 2388	VMBusHID - ok
09:02:44.0241 2388	volmgr          (4c63e00f2f4b5f86ab48a58cd990f212) C:\Windows\system32\drivers\volmgr.sys
09:02:44.0257 2388	volmgr - ok
09:02:44.0322 2388	volmgrx         (b5bb72067ddddbbfb04b2f89ff8c3c87) C:\Windows\system32\drivers\volmgrx.sys
09:02:44.0346 2388	volmgrx - ok
09:02:44.0471 2388	volsnap         (f497f67932c6fa693d7de2780631cfe7) C:\Windows\system32\drivers\volsnap.sys
09:02:44.0508 2388	volsnap - ok
09:02:44.0767 2388	vsmraid         (9dfa0cc2f8855a04816729651175b631) C:\Windows\system32\DRIVERS\vsmraid.sys
09:02:44.0804 2388	vsmraid - ok
09:02:44.0956 2388	VSS             (209a3b1901b83aeb8527ed211cce9e4c) C:\Windows\system32\vssvc.exe
09:02:45.0199 2388	VSS - ok
09:02:45.0393 2388	vwifibus        (90567b1e658001e79d7c8bbd3dde5aa6) C:\Windows\system32\DRIVERS\vwifibus.sys
09:02:45.0512 2388	vwifibus - ok
09:02:45.0624 2388	vwififlt        (7090d3436eeb4e7da3373090a23448f7) C:\Windows\system32\DRIVERS\vwififlt.sys
09:02:45.0668 2388	vwififlt - ok
09:02:45.0761 2388	W32Time         (55187fd710e27d5095d10a472c8baf1c) C:\Windows\system32\w32time.dll
09:02:45.0842 2388	W32Time - ok
09:02:45.0939 2388	WacomPen        (de3721e89c653aa281428c8a69745d90) C:\Windows\system32\DRIVERS\wacompen.sys
09:02:46.0138 2388	WacomPen - ok
09:02:46.0387 2388	WANARP          (3c3c78515f5ab448b022bdf5b8ffdd2e) C:\Windows\system32\DRIVERS\wanarp.sys
09:02:46.0437 2388	WANARP - ok
09:02:46.0441 2388	Wanarpv6        (3c3c78515f5ab448b022bdf5b8ffdd2e) C:\Windows\system32\DRIVERS\wanarp.sys
09:02:46.0469 2388	Wanarpv6 - ok
09:02:46.0659 2388	wbengine        (691e3285e53dca558e1a84667f13e15a) C:\Windows\system32\wbengine.exe
09:02:46.0763 2388	wbengine - ok
09:02:46.0846 2388	WbioSrvc        (9614b5d29dc76ac3c29f6d2d3aa70e67) C:\Windows\System32\wbiosrvc.dll
09:02:46.0937 2388	WbioSrvc - ok
09:02:46.0997 2388	wcncsvc         (34eee0dfaadb4f691d6d5308a51315dc) C:\Windows\System32\wcncsvc.dll
09:02:47.0177 2388	wcncsvc - ok
09:02:47.0317 2388	WcsPlugInService (5d930b6357a6d2af4d7653bdabbf352f) C:\Windows\System32\WcsPlugInService.dll
09:02:47.0403 2388	WcsPlugInService - ok
09:02:47.0524 2388	Wd              (1112a9badacb47b7c0bb0392e3158dff) C:\Windows\system32\DRIVERS\wd.sys
09:02:47.0556 2388	Wd - ok
09:02:47.0594 2388	Wdf01000        (9950e3d0f08141c7e89e64456ae7dc73) C:\Windows\system32\drivers\Wdf01000.sys
09:02:47.0621 2388	Wdf01000 - ok
09:02:47.0720 2388	WdiServiceHost  (46ef9dc96265fd0b423db72e7c38c2a5) C:\Windows\system32\wdi.dll
09:02:47.0831 2388	WdiServiceHost - ok
09:02:47.0837 2388	WdiSystemHost   (46ef9dc96265fd0b423db72e7c38c2a5) C:\Windows\system32\wdi.dll
09:02:47.0857 2388	WdiSystemHost - ok
09:02:47.0932 2388	WebClient       (a9d880f97530d5b8fee278923349929d) C:\Windows\System32\webclnt.dll
09:02:47.0961 2388	WebClient - ok
09:02:48.0031 2388	Wecsvc          (760f0afe937a77cff27153206534f275) C:\Windows\system32\wecsvc.dll
09:02:48.0086 2388	Wecsvc - ok
09:02:48.0128 2388	wercplsupport   (ac804569bb2364fb6017370258a4091b) C:\Windows\System32\wercplsupport.dll
09:02:48.0178 2388	wercplsupport - ok
09:02:48.0236 2388	WerSvc          (08e420d873e4fd85241ee2421b02c4a4) C:\Windows\System32\WerSvc.dll
09:02:48.0268 2388	WerSvc - ok
09:02:48.0422 2388	WfpLwf          (8b9a943f3b53861f2bfaf6c186168f79) C:\Windows\system32\DRIVERS\wfplwf.sys
09:02:48.0476 2388	WfpLwf - ok
09:02:48.0499 2388	WIMMount        (5cf95b35e59e2a38023836fff31be64c) C:\Windows\system32\drivers\wimmount.sys
09:02:48.0512 2388	WIMMount - ok
09:02:48.0696 2388	WinDefend       (3fae8f94296001c32eab62cd7d82e0fd) C:\Program Files\Windows Defender\mpsvc.dll
09:02:48.0764 2388	WinDefend - ok
09:02:48.0769 2388	WinHttpAutoProxySvc - ok
09:02:49.0336 2388	Winmgmt         (f62e510b6ad4c21eb9fe8668ed251826) C:\Windows\system32\wbem\WMIsvc.dll
09:02:49.0526 2388	Winmgmt - ok
09:02:49.0783 2388	WinRM           (1b91cd34ea3a90ab6a4ef0550174f4cc) C:\Windows\system32\WsmSvc.dll
09:02:49.0919 2388	WinRM - ok
09:02:50.0052 2388	WinUsb          (a67e5f9a400f3bd1be3d80613b45f708) C:\Windows\system32\DRIVERS\WinUsb.sys
09:02:50.0089 2388	WinUsb - ok
09:02:50.0163 2388	Wlansvc         (16935c98ff639d185086a3529b1f2067) C:\Windows\System32\wlansvc.dll
09:02:50.0236 2388	Wlansvc - ok
09:02:50.0373 2388	WmiAcpi         (0217679b8fca58714c3bf2726d2ca84e) C:\Windows\system32\drivers\wmiacpi.sys
09:02:50.0387 2388	WmiAcpi - ok
09:02:50.0541 2388	wmiApSrv        (6eb6b66517b048d87dc1856ddf1f4c3f) C:\Windows\system32\wbem\WmiApSrv.exe
09:02:50.0626 2388	wmiApSrv - ok
09:02:50.0894 2388	WMPNetworkSvc   (3b40d3a61aa8c21b88ae57c58ab3122e) C:\Program Files\Windows Media Player\wmpnetwk.exe
09:02:51.0044 2388	WMPNetworkSvc - ok
09:02:51.0263 2388	WPCSvc          (a2f0ec770a92f2b3f9de6d518e11409c) C:\Windows\System32\wpcsvc.dll
09:02:51.0294 2388	WPCSvc - ok
09:02:51.0390 2388	WPDBusEnum      (aa53356d60af47eacc85bc617a4f3f66) C:\Windows\system32\wpdbusenum.dll
09:02:51.0498 2388	WPDBusEnum - ok
09:02:51.0577 2388	ws2ifsl         (6db3276587b853bf886b69528fdb048c) C:\Windows\system32\drivers\ws2ifsl.sys
09:02:51.0707 2388	ws2ifsl - ok
09:02:51.0807 2388	wscsvc          (6f5d49efe0e7164e03ae773a3fe25340) C:\Windows\System32\wscsvc.dll
09:02:51.0886 2388	wscsvc - ok
09:02:51.0897 2388	WSearch - ok
09:02:52.0099 2388	wuauserv        (3026418a50c5b4761befa632cedb7406) C:\Windows\system32\wuaueng.dll
09:02:52.0207 2388	wuauserv - ok
09:02:52.0544 2388	WudfPf          (e714a1c0354636837e20ccbf00888ee7) C:\Windows\system32\drivers\WudfPf.sys
09:02:52.0591 2388	WudfPf - ok
09:02:52.0713 2388	WUDFRd          (1023ee888c9b47178c5293ed5336ab69) C:\Windows\system32\DRIVERS\WUDFRd.sys
09:02:52.0743 2388	WUDFRd - ok
09:02:52.0809 2388	wudfsvc         (8d1e1e529a2c9e9b6a85b55a345f7629) C:\Windows\System32\WUDFSvc.dll
09:02:52.0892 2388	wudfsvc - ok
09:02:52.0948 2388	WwanSvc         (ff2d745b560f7c71b31f30f4d49f73d2) C:\Windows\System32\wwansvc.dll
09:02:53.0137 2388	WwanSvc - ok
09:02:53.0205 2388	MBR (0x1B8)     (a36c5e4f47e84449ff07ed3517b43a31) \Device\Harddisk0\DR0
09:02:56.0219 2388	\Device\Harddisk0\DR0 - ok
09:02:56.0245 2388	Boot (0x1200)   (226aea7f0afbbf7d90d02c9272f22594) \Device\Harddisk0\DR0\Partition0
09:02:56.0300 2388	\Device\Harddisk0\DR0\Partition0 - ok
09:02:56.0387 2388	Boot (0x1200)   (e06c94c6534cf080d5a412d5dd7ca123) \Device\Harddisk0\DR0\Partition1
09:02:56.0474 2388	\Device\Harddisk0\DR0\Partition1 - ok
09:02:56.0475 2388	============================================================
09:02:56.0476 2388	Scan finished
09:02:56.0476 2388	============================================================
09:02:56.0505 2128	Detected object count: 5
09:02:56.0505 2128	Actual detected object count: 5
09:03:20.0148 2128	C:\Windows\system32\drivers\BMLoad.sys - copied to quarantine
09:03:20.0149 2128	HKLM\SYSTEM\ControlSet001\services\BMLoad - will be deleted on reboot
09:03:20.0202 2128	HKLM\SYSTEM\ControlSet002\services\BMLoad - will be deleted on reboot
09:03:20.0366 2128	C:\Windows\system32\drivers\BMLoad.sys - will be deleted on reboot
09:03:20.0366 2128	BMLoad ( UnsignedFile.Multi.Generic ) - User select action: Delete 
09:03:20.0366 2128	LightScribeService ( UnsignedFile.Multi.Generic ) - skipped by user
09:03:20.0366 2128	LightScribeService ( UnsignedFile.Multi.Generic ) - User select action: Skip 
09:03:20.0528 2128	C:\Windows\system32\Drivers\sptd.sys - copied to quarantine
09:03:20.0529 2128	HKLM\SYSTEM\ControlSet001\services\sptd - will be deleted on reboot
09:03:20.0529 2128	HKLM\SYSTEM\ControlSet002\services\sptd - will be deleted on reboot
09:03:20.0534 2128	C:\Windows\system32\Drivers\sptd.sys - will be deleted on reboot
09:03:20.0534 2128	sptd ( LockedFile.Multi.Generic ) - User select action: Delete 
09:03:20.0655 2128	C:\Program Files\Alcohol Soft\Alcohol 120\StarWind\StarWindServiceAE.exe - copied to quarantine
09:03:20.0655 2128	HKLM\SYSTEM\ControlSet001\services\StarWindServiceAE - will be deleted on reboot
09:03:20.0666 2128	HKLM\SYSTEM\ControlSet002\services\StarWindServiceAE - will be deleted on reboot
09:03:20.0671 2128	C:\Program Files\Alcohol Soft\Alcohol 120\StarWind\StarWindServiceAE.exe - will be deleted on reboot
09:03:20.0671 2128	StarWindServiceAE ( UnsignedFile.Multi.Generic ) - User select action: Delete 
09:03:20.0784 2128	C:\Windows\system32\drivers\tcpipBM.sys - copied to quarantine
09:03:20.0784 2128	HKLM\SYSTEM\ControlSet001\services\tcpipBM - will be deleted on reboot
09:03:20.0785 2128	HKLM\SYSTEM\ControlSet002\services\tcpipBM - will be deleted on reboot
09:03:20.0789 2128	C:\Windows\system32\drivers\tcpipBM.sys - will be deleted on reboot
09:03:20.0789 2128	tcpipBM ( UnsignedFile.Multi.Generic ) - User select action: Delete

MfG

Frank

markusg · 29.03.2012, 19:47

das kommt davon wenn man einfach drauf los löscht.
alle dateien waren sauber.
malwarebytes:
Downloade Dir bitte Malwarebytes

Installiere
das Programm in den vorgegebenen Pfad.
Vista und Win7 User mit Rechtsklick "als Administrator starten"
Starte Malwarebytes, klicke auf Aktualisierung --> Suche
nach Aktualisierung
Wenn das Update beendet wurde, aktiviere vollständiger Scan durchführen und drücke auf Scannen.
Wenn der Scan beendet
ist, klicke auf Ergebnisse anzeigen.
Versichere Dich, dass alle Funde markiert sind und drücke Entferne Auswahl.
Poste
das Logfile, welches sich in Notepad öffnet, hier in den Thread.
Nachträglich kannst du den Bericht unter "Log Dateien" finden.

Stepi85 · 29.03.2012, 19:52

Ist dabei.

Wie ist das eigentlich? Ich arbeite bezüglich Viren mit Antivir - reicht der aus?
Sollte ich nebenbei irgendwelche Antimalware Systeme laufen haben?
Muss ich meinen Rechner nun neu aufspielen?

MfG

Frank

Code:

ATTFilter

 Malwarebytes Anti-Malware  (Test) 1.60.1.1000
www.malwarebytes.org

Datenbank Version: v2012.03.29.07

Windows 7 Service Pack 1 x86 NTFS
Internet Explorer 9.0.8112.16421
Stepi :: HANGOVERPC [Administrator]

Schutz: Aktiviert

29.03.2012 20:50:45
mbam-log-2012-03-29 (20-50-45).txt

Art des Suchlaufs: Vollständiger Suchlauf
Aktivierte Suchlaufeinstellungen: Speicher | Autostart | Registrierung | Dateisystem | Heuristiks/Extra | HeuristiKs/Shuriken | PUP | PUM
Deaktivierte Suchlaufeinstellungen: P2P
Durchsuchte Objekte: 356252
Laufzeit: 1 Stunde(n), 7 Minute(n), 44 Sekunde(n)

Infizierte Speicherprozesse: 0
(Keine bösartigen Objekte gefunden)

Infizierte Speichermodule: 0
(Keine bösartigen Objekte gefunden)

Infizierte Registrierungsschlüssel: 0
(Keine bösartigen Objekte gefunden)

Infizierte Registrierungswerte: 0
(Keine bösartigen Objekte gefunden)

Infizierte Dateiobjekte der Registrierung: 0
(Keine bösartigen Objekte gefunden)

Infizierte Verzeichnisse: 1
C:\Users\Stepi\M-1-52-5782-8752-5245 (Trojan.Agent.Gen) -> Erfolgreich gelöscht und in Quarantäne gestellt.

Infizierte Dateien: 5
C:\Program Files\Alcohol Soft\Alcohol 120\Langs\AX_RU.dll (Malware.Packer.GenX) -> Erfolgreich gelöscht und in Quarantäne gestellt.
C:\Qoobox\Quarantine\C\Users\Stepi\AppData\Roaming\Desktopicon\eBayShortcuts.exe.vir (Adware.ADON) -> Erfolgreich gelöscht und in Quarantäne gestellt.
C:\Users\Stepi\Desktop\Adobe\Adobe Photoshop\Adobe.Photoshop.Elements.v7.0.German.Incl.Keymaker-CORE\CORE10k.EXE (Dont.Steal.Our.Software) -> Erfolgreich gelöscht und in Quarantäne gestellt.
C:\Users\Stepi\Desktop\Bilder Laptop Franzi\RIMG0404.JPG (Extension.Mismatch) -> Erfolgreich gelöscht und in Quarantäne gestellt.
C:\_OTL\MovedFiles\03282012_203447\C_Users\Stepi\AppData\Local\Skype\SkypePM.exe (Trojan.Agent) -> Erfolgreich gelöscht und in Quarantäne gestellt.

(Ende)

markusg · 30.03.2012, 12:20

C:\Users\Stepi\Desktop\Adobe\Adobe Photoshop\Adobe.Photoshop.Elements.v7.0.German.Incl.Keymaker-CORE\CORE10k.EXE (Dont.Steal.Our.Software) -> Erfolgreich
gelöscht und in Quarantäne gestellt.
da diese software illegal ist, ist hiermit der suport beendet, und es gibt nur hilfe beim daten sichern, formatieren, neu aufsetzen und absichern des geräts

Stepi85 · 30.03.2012, 12:31

Hi,

aber der Virus ist nun runter?

MfG

Frank

29.03.2012, 19:43	#10
markusg /// Malware-holic	Windows wurde blockiert - Avira - 50 Euro Virus der bericht liegt auf c: tdsskiller-datum-version.txt __________________ -Verdächtige mails bitte an uns zur Analyse weiterleiten: markusg.trojaner-board@web.de Weiterleiten Anleitung: http://markusg.trojaner-board.de Mails bitte vorerst nach obiger Anleitung an markusg.trojaner-board@web.de Weiterleiten Wenn Ihr uns unterstützen möchtet

Windows wurde blockiert - Avira - 50 Euro Virus

Plagegeister aller Art und deren Bekämpfung: Windows wurde blockiert - Avira - 50 Euro Virus