So als erstes hallo einmal, leider konnte ich keinen konkreteren Titel wählen, weil ich von der Materie wirklich keine Ahnung habe.

Nun mein Problem:

Nachdem ich heute morgen auf einigen dubiosen Internetseiten gestöbert habe (Ich denke es weiß jeder, was gemeint ist, wer mich dafür verurteilen will, soll dies tun, hilft mir aber an der Stelle nicht weiter), begann das Problem. Plötzlich öffneten sich mehrere Internetseiten. Anschließend wurde noch eine Fullscreen internetseite geöffnet. Erst nach mehreren Versuchen konnte ich alles mit ALT+F4 schließen. Da war es aber shcon zu spät, erkennbar daran, dass ich keine Taskleiste oder Desktop Icons mehr hatte. Auch als per STRG+ALT+ENTF den Taskmanager (Win 7 32 Bit) starten wollte, tat sich nichts. Also habe ich die Netztaste paar Sekunden gedrückt und habe den Laptop neu gestartet. Kurz nach dem Start öffente sich sofort wieder eine Internetseite im Fullscreen, Inhalt konnte nicht angezeigt werden. Auch diese konnte ich nur mittels ALT+F4 schließen. Aber es tat sich das gleiche Bild auf. Keine Taskleiste o.ä. Anschließend habe ich den PC diesmal per STR+ALT+ENTF und dann über den ausschaltknopf beendet. Also normal herunterfahren. Erst dann habe ich erste Hinweise bekommen, denn nachdem ich den Knopf gedrückt habe, wurde das "Bild" meines Dekstops beendet und ich konnte wieder meinen normalen Desktop sehen mit allen Icons und so weiter, natürlich nur für wenige Sekunden, da mein Lappi am herunterfahren war. Auch den Taskmanager konnte ich sehen. Es scheint sich also irgendwie um ein Bild zu handeln, welches vor den realen Desktop geschoeben wird. Jedenfalls machte ich mir beim darauffolgenden herunterfahren dies zu nutze, indem ich den Vorgang des herunterfahren irgendwie abbrechen konnte. Danach habe ich natürlich direkt versucht den Taskmanager zu starten, dies ging aber zunächst immernoch nicht. Immerhin konnte ich schonmal Antivir laufen lassen, und habe gleich 11 Viren gelöscht. Jedoch glaube ich, dass diese nach jedem Neustart wieder kommen und auch das Problem erneut auftaucehn wird. Daher sitze ich hier nun, mit halb heruntergefahrenem Windows, kann zwar alles machen, selbst der Taskmanager funzt nun wieder, aber ka was passiert wenn ich den PC neustarte. Meiner Erfahrung nach habe ich das Problem noch nicht überstanden, habe aber auch keine ahnung wo ich anfangen soll zu suchen.
Eine genauere Beschreibung kann ich kaum geben, aber hoffe ich kann alle weiteren Fragen beantworten.

So nun die anderen Schritte:

Werde es hoffentlich bald einfügen, posteden Teil aber nun schon einmal, damit dieser bei den Neustarts von gewissen Programmen nicht velroren geht.

Schritt 2:

Bei Defogger auf Disbaled geklickt, anschließend Ok und gewartet. Dann erschien ein Fenster mit finished. Auch ok gedrückt. Kein Log oder ähnliches aufm Dekstop oder sonst wo aufgetaucht.

Schritt 3:

DDS Text:

.DDS Logfile:
DDS Logfile:
DDS Logfile:
DDS Logfile:
DDS Logfile:

Code: Alles auswählenAufklappen

ATTFilter

DDS (Ver_2011-08-26.01) - NTFSx86 
Internet Explorer: 9.0.8112.16421  BrowserJavaVersion: 1.6.0_30
Run by xxx at 11:41:42 on 2012-03-28
Microsoft Windows 7 Ultimate   6.1.7601.1.1252.49.1031.18.2046.1238 [GMT 2:00]
.
AV: AntiVir Desktop *Enabled/Updated* {090F9C29-64CE-6C6F-379C-5901B49A85B7}
SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
SP: AntiVir Desktop *Enabled/Updated* {B26E7DCD-42F4-63E1-0D2C-6273CF1DCF0A}
.
============== Running Processes ===============
.
C:\Windows\system32\wininit.exe
C:\Windows\system32\lsm.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\svchost.exe -k RPCSS
C:\Windows\system32\Ati2evxx.exe
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k netsvcs
C:\Windows\system32\svchost.exe -k LocalService
C:\Windows\system32\svchost.exe -k NetworkService
C:\Windows\system32\Ati2evxx.exe
C:\Windows\System32\spoolsv.exe
C:\Program Files\Avira\AntiVir Desktop\sched.exe
C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
C:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe
C:\Windows\system32\taskhost.exe
C:\Windows\System32\svchost.exe -k Akamai
C:\Program Files\Avira\AntiVir Desktop\avguard.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
C:\Program Files\Avira\AntiVir Desktop\avshadow.exe
C:\Windows\system32\conhost.exe
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
C:\Windows\system32\svchost.exe -k hpdevmgmt
C:\Windows\System32\svchost.exe -k HPZ12
C:\Windows\System32\svchost.exe -k HPZ12
C:\Program Files\SigmaTel\C-Major Audio\WDM\STacSV.exe
C:\Windows\system32\svchost.exe -k imgsvc
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe
C:\Windows\sttray.exe
C:\Program Files\Avira\AntiVir Desktop\avgnt.exe
C:\Program Files\Winamp\winampa.exe
C:\Program Files\Common Files\Java\Java Update\jusched.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\Windows Sidebar\sidebar.exe
C:\Users\Marvin\AppData\Local\Akamai\netsession_win.exe
C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
C:\Program Files\Dell\QuickSet\quickset.exe
C:\Users\Marvin\AppData\Local\Akamai\netsession_win.exe
C:\Windows\explorer.exe
C:\Windows\System32\notepad.exe
C:\Windows\system32\wbem\wmiprvse.exe
C:\Windows\system32\SearchIndexer.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Windows\system32\svchost.exe -k HPService
C:\Program Files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE
C:\Windows\system32\svchost.exe -k bthsvcs
C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k secsvcs
C:\Program Files\Windows Media Player\wmpnetwk.exe
C:\Windows\system32\LogonUI.exe
C:\Windows\system32\svchost.exe -k SDRSVC
C:\Windows\system32\taskeng.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Windows\system32\DllHost.exe
C:\Windows\system32\DllHost.exe
C:\Windows\system32\conhost.exe
C:\Windows\system32\wbem\wmiprvse.exe
.
============== Pseudo HJT Report ===============
.
uStart Page = hxxp://start.icq.com/
uInternet Settings,ProxyOverride = *.local;127.0.0.1:9421;<local>
uURLSearchHooks: H - No File
BHO: {02478D38-C3F9-4efb-9B51-7695ECA05670} - No File
BHO: HP Print Enhancer: {0347c33e-8762-4905-bf09-768834316c61} - c:\program files\hp\digital imaging\smart web printing\hpswp_printenhancer.dll
BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelperShim.dll
BHO: Groove GFS Browser Helper: {72853161-30c5-4d22-b7f9-0bbc1d38a37e} - c:\progra~1\micros~2\office14\GROOVEEX.DLL
BHO: Java(tm) Plug-In SSV Helper: {761497bb-d6f0-462c-b6eb-d4daf1d92d43} - c:\program files\java\jre6\bin\ssv.dll
BHO: Windows Live ID Sign-in Helper: {9030d464-4c02-4abf-8ecc-5164760863c6} - c:\program files\common files\microsoft shared\windows live\WindowsLiveLogin.dll
BHO: Office Document Cache Handler: {b4f3a835-0e21-4959-ba22-42b3008e02ff} - c:\progra~1\micros~2\office14\URLREDIR.DLL
BHO: Java(tm) Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dll
BHO: HP Smart BHO Class: {ffffffff-cf4e-4f2b-bdc2-0e72e116a856} - c:\program files\hp\digital imaging\smart web printing\hpswp_BHO.dll
EB: HP Smart Web Printing: {555d4d79-4bd2-4094-a395-cfc534424a05} - c:\program files\hp\digital imaging\smart web printing\hpswp_bho.dll
uRun: [Sidebar] c:\program files\windows sidebar\sidebar.exe /autoRun
uRun: [msnmsgr] "c:\program files\windows live\messenger\msnmsgr.exe" /background
uRun: [Akamai NetSession Interface] "c:\users\marvin\appdata\local\akamai\netsession_win.exe"
mRun: [SigmatelSysTrayApp] sttray.exe
mRun: [avgnt] "c:\program files\avira\antivir desktop\avgnt.exe" /min
mRun: [Adobe ARM] "c:\program files\common files\adobe\arm\1.0\AdobeARM.exe"
mRun: [WinampAgent] "c:\program files\winamp\winampa.exe"
mRun: [BCSSync] "c:\program files\microsoft office\office14\BCSSync.exe" /DelayServices
mRun: [HP Software Update] c:\program files\hp\hp software update\HPWuSchd2.exe
mRun: [hpqSRMon] c:\program files\hp\digital imaging\bin\hpqSRMon.exe
mRun: [AppleSyncNotifier] c:\program files\common files\apple\mobile device support\AppleSyncNotifier.exe
mRun: [APSDaemon] "c:\program files\common files\apple\apple application support\APSDaemon.exe"
mRun: [QuickTime Task] "c:\program files\quicktime\QTTask.exe" -atboottime
mRun: [SunJavaUpdateSched] "c:\program files\common files\java\java update\jusched.exe"
mRun: [Logitech Download Assistant] c:\windows\system32\rundll32.exe c:\windows\system32\LogiLDA.dll,LogiFetch
mRun: [iTunesHelper] "c:\program files\itunes\iTunesHelper.exe"
StartupFolder: c:\users\marvin\appdata\roaming\micros~1\windows\startm~1\programs\startup\cgs8h0~1.lnk - c:\windows\system32\rundll32.exe
StartupFolder: c:\users\marvin\appdata\roaming\micros~1\windows\startm~1\programs\startup\dropbox.lnk - c:\users\marvin\appdata\roaming\dropbox\bin\Dropbox.exe
StartupFolder: c:\progra~2\micros~1\windows\startm~1\programs\startup\hpdigi~1.lnk - c:\program files\hp\digital imaging\bin\hpqtra08.exe
StartupFolder: c:\progra~2\micros~1\windows\startm~1\programs\startup\quickset.lnk - c:\windows\installer\{7f0c4457-8e64-491b-8d7b-991504365d1e}\NewShortcut2_53A01CC614B04512A2E710D39BF83DC4.exe
mPolicies-system: ConsentPromptBehaviorAdmin = 5 (0x5)
mPolicies-system: ConsentPromptBehaviorUser = 3 (0x3)
mPolicies-system: EnableUIADesktopToggle = 0 (0x0)
IE: An OneNote s&enden - c:\progra~1\micros~2\office14\ONBttnIE.dll/105
IE: Nach Microsoft E&xcel exportieren - c:\progra~1\micros~2\office14\EXCEL.EXE/3000
IE: {7644E42D-B096-457F-8B5B-901238FC81AE} - c:\program files\icq7.6\ICQ.exe
IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - c:\program files\microsoft office\office14\ONBttnIE.dll
IE: {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - {FFFDC614-B694-4AE6-AB38-5D6374584B52} - c:\program files\microsoft office\office14\ONBttnIELinkedNotes.dll
IE: {DDE87865-83C5-48c4-8357-2F5B1AA84522} - {DDE87865-83C5-48c4-8357-2F5B1AA84522} - c:\program files\hp\digital imaging\smart web printing\hpswp_BHO.dll
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_30-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0030-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_30-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_30-windows-i586.cab
DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} - hxxp://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
TCP: DhcpNameServer = 192.168.178.1
TCP: Interfaces\{4264AD17-870E-44E7-B4B3-9D6A672CC9E2} : DhcpNameServer = 192.168.178.1
TCP: Interfaces\{4264AD17-870E-44E7-B4B3-9D6A672CC9E2}\56C63747F6 : DhcpNameServer = 192.168.2.1 192.168.2.1
TCP: Interfaces\{4264AD17-870E-44E7-B4B3-9D6A672CC9E2}\64259445A51224F6870264F6E60275C414E40273137303 : DhcpNameServer = 192.168.178.1
TCP: Interfaces\{4264AD17-870E-44E7-B4B3-9D6A672CC9E2}\A4026202A4 : DhcpNameServer = 192.168.2.1
TCP: Interfaces\{D9ACB36D-E54A-4230-BAF0-27FD925EE112} : DhcpNameServer = 192.168.178.1
Filter: text/xml - {807573E5-5146-11D5-A672-00B0D022E945} - c:\program files\common files\microsoft shared\office14\MSOXMLMF.DLL
SEH: Groove GFS Stub Execution Hook: {b5a7f190-dda6-4420-b3ba-52453494e6cd} - c:\progra~1\micros~2\office14\GROOVEEX.DLL
.
================= FIREFOX ===================
.
FF - ProfilePath - c:\users\marvin\appdata\roaming\mozilla\firefox\profiles\5m569w52.default\
FF - plugin: c:\progra~1\micros~2\office14\NPAUTHZ.DLL
FF - plugin: c:\progra~1\micros~2\office14\NPSPWRAP.DLL
FF - plugin: c:\program files\adobe\reader 10.0\reader\air\nppdf32.dll
FF - plugin: c:\program files\google\google earth\plugin\npgeplugin.dll
FF - plugin: c:\program files\google\update\1.3.21.111\npGoogleUpdate3.dll
FF - plugin: c:\program files\java\jre6\bin\new_plugin\npdeployJava1.dll
FF - plugin: c:\program files\microsoft silverlight\4.1.10111.0\npctrlui.dll
FF - plugin: c:\program files\mozilla firefox\plugins\npdeployJava1.dll
FF - plugin: c:\program files\mozilla firefox\plugins\npwachk.dll
.
============= SERVICES / DRIVERS ===============
.
R1 dtsoftbus01;DAEMON Tools Virtual Bus Driver;c:\windows\system32\drivers\dtsoftbus01.sys [2011-12-10 239168]
R2 AdobeARMservice;Adobe Acrobat Update Service;c:\program files\common files\adobe\arm\1.0\armsvc.exe [2011-6-6 64952]
R2 Akamai;Akamai NetSession Interface;c:\windows\system32\svchost.exe -k Akamai [2009-7-14 20992]
R2 AntiVirSchedulerService;Avira AntiVir Planer;c:\program files\avira\antivir desktop\sched.exe [2011-7-30 136360]
R2 AntiVirService;Avira AntiVir Guard;c:\program files\avira\antivir desktop\avguard.exe [2011-7-30 269480]
R2 avgntflt;avgntflt;c:\windows\system32\drivers\avgntflt.sys [2011-7-30 66616]
R3 netw5v32;Intel(R) Wireless WiFi Link 5000-Serie - Adaptertreiber für Windows Vista 32 Bit;c:\windows\system32\drivers\netw5v32.sys [2009-6-10 4231168]
R3 osppsvc;Office Software Protection Platform;c:\program files\common files\microsoft shared\officesoftwareprotectionplatform\OSPPSVC.EXE [2010-1-9 4640000]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\microsoft.net\framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]
S2 gupdate;Google Update-Dienst (gupdate);c:\program files\google\update\GoogleUpdate.exe [2012-3-5 136176]
S3 b57nd60x;Broadcom NetXtreme Gigabit Ethernet - NDIS 6.0;c:\windows\system32\drivers\b57nd60x.sys [2009-7-14 229888]
S3 gupdatem;Google Update-Dienst (gupdatem);c:\program files\google\update\GoogleUpdate.exe [2012-3-5 136176]
S3 ivusb;Initio Driver for USB Default Controller;c:\windows\system32\drivers\ivusb.sys [2010-7-29 25112]
S3 Microsoft SharePoint Workspace Audit Service;Microsoft SharePoint Workspace Audit Service;c:\program files\microsoft office\office14\GROOVE.EXE [2011-6-12 31125880]
S3 RdpVideoMiniport;Remote Desktop Video Miniport Driver;c:\windows\system32\drivers\rdpvideominiport.sys [2011-7-30 15872]
S3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\TsUsbFlt.sys [2011-7-30 52224]
S3 WDC_SAM;WD SCSI Pass Thru driver;c:\windows\system32\drivers\wdcsam.sys [2011-2-16 11520]
.
=============== Created Last 30 ================
.
2012-03-28 07:58:37	--------	d-----w-	c:\program files\PragmaDigm
2012-03-28 07:57:57	--------	d-----w-	c:\users\marvin\appdata\roaming\GetRightToGo
2012-03-28 06:51:14	56200	----a-w-	c:\programdata\microsoft\windows defender\definition updates\{bae8e436-8ba7-4b04-9ee9-75368deb0726}\offreg.dll
2012-03-28 04:54:08	--------	d-----w-	c:\users\marvin\appdata\local\{6B478D41-6385-49E2-AFD2-37B897F891D3}
2012-03-28 04:53:57	--------	d-----w-	c:\users\marvin\appdata\local\{F30C8F37-3398-4E31-BB70-2175B4D6D050}
2012-03-27 09:02:53	6582328	----a-w-	c:\programdata\microsoft\windows defender\definition updates\{bae8e436-8ba7-4b04-9ee9-75368deb0726}\mpengine.dll
2012-03-27 08:55:55	--------	d-----w-	c:\users\marvin\appdata\local\{D97A064D-383B-40E5-8DAF-331C48B83EFF}
2012-03-27 08:55:26	--------	d-----w-	c:\users\marvin\appdata\local\{E5126D34-BCA5-4785-8B60-0620BAFEBC4D}
2012-03-26 08:35:20	--------	d-----w-	c:\users\marvin\appdata\local\{9952C0CF-968C-4C2C-B0D0-74CC76500122}
2012-03-26 08:34:02	--------	d-----w-	c:\users\marvin\appdata\local\{A33850D5-A292-45BD-97E2-4DD1A06EE1A6}
2012-03-25 13:58:44	--------	d-----w-	c:\users\marvin\appdata\local\{1E923058-7697-443E-906E-89C4523FFC68}
2012-03-25 13:58:21	--------	d-----w-	c:\users\marvin\appdata\local\{31BB4AC2-EB71-43DD-97FD-65D1308B17C9}
2012-03-25 09:05:22	--------	d-----w-	c:\users\marvin\appdata\local\{83A4E7F2-E612-4577-82E8-E4B2252E8BA4}
2012-03-24 08:17:33	--------	d-----w-	c:\users\marvin\appdata\local\{DA6AB857-FBB3-46DC-82AE-FD438F8AB445}
2012-03-24 08:17:23	--------	d-----w-	c:\users\marvin\appdata\local\{A1A9C2AB-1DA3-4348-8A4A-9CD9A85D4C4C}
2012-03-23 11:10:51	--------	d-----w-	c:\users\marvin\appdata\local\{2AD72CFE-89E8-46E5-9A68-20FF66A4E388}
2012-03-23 11:10:28	--------	d-----w-	c:\users\marvin\appdata\local\{9C98FEC6-0B9A-4573-903A-4106A5AE556A}
2012-03-23 10:43:43	--------	d-----w-	c:\users\marvin\appdata\local\{5FA18F50-058F-4333-85DE-9D3D83A8A8ED}
2012-03-23 10:43:32	--------	d-----w-	c:\users\marvin\appdata\local\{BF9F9E34-9F55-48F5-BFB2-28D8931C2191}
2012-03-22 20:48:32	--------	d-----w-	c:\users\marvin\appdata\local\{B703C1C0-C410-4E7E-8E93-4C16555B38A8}
2012-03-22 20:48:20	--------	d-----w-	c:\users\marvin\appdata\local\{C88A39E1-1F38-4D91-AB79-BAA8B92C21D6}
2012-03-22 06:16:08	--------	d-----w-	c:\users\marvin\appdata\local\{6DD78724-176A-4409-AC78-E0FA36A7F2F6}
2012-03-22 06:15:58	--------	d-----w-	c:\users\marvin\appdata\local\{A15F2967-32CF-4913-A3FB-C3E9959A4955}
2012-03-21 13:15:38	--------	d-----w-	c:\users\marvin\appdata\local\{E845C22D-6E4D-45CD-AC64-9BC918227566}
2012-03-21 13:15:16	--------	d-----w-	c:\users\marvin\appdata\local\{8B0882B6-78A1-4E9E-9F56-804C27D51AD0}
2012-03-21 00:11:38	--------	d-----w-	c:\users\marvin\appdata\local\{07C1F97C-C60F-4FD6-A50C-002663AA46D9}
2012-03-21 00:11:16	--------	d-----w-	c:\users\marvin\appdata\local\{79D88A6C-CFE9-45B8-B97D-86B96A4161F1}
2012-03-20 21:52:43	--------	d-----w-	c:\users\marvin\appdata\local\{F4CADBE1-8F83-4F4C-A322-A81BDE188919}
2012-03-20 21:52:31	--------	d-----w-	c:\users\marvin\appdata\local\{A95499AB-811E-4B5A-95F3-68178D63E33F}
2012-03-20 08:58:56	--------	d-----w-	c:\users\marvin\appdata\local\{C1ABC5FE-0E12-4023-B6A9-7DD4D21AF489}
2012-03-20 08:58:43	--------	d-----w-	c:\users\marvin\appdata\local\{1D524D46-0D5B-4B8F-A096-B26288BBAC65}
2012-03-19 09:28:52	--------	d-----w-	c:\users\marvin\appdata\local\{B49AFFE3-4FE1-4C81-A960-FF52DC81D5AF}
2012-03-19 09:28:37	--------	d-----w-	c:\users\marvin\appdata\local\{732058B9-3E0D-40DD-A4A2-C7FA85E80A4E}
2012-03-18 12:21:32	--------	d-----w-	c:\users\marvin\appdata\local\{17C43A43-DD1B-4F49-B97B-3BF333DAEF98}
2012-03-18 12:21:21	--------	d-----w-	c:\users\marvin\appdata\local\{EDC2746B-9F8D-453A-AAAB-B131628567D9}
2012-03-17 09:27:12	--------	d-----w-	c:\users\marvin\appdata\local\{2E97017F-D406-44C7-BFF4-543730E9611B}
2012-03-17 09:27:01	--------	d-----w-	c:\users\marvin\appdata\local\{C47EA93C-259E-4E53-A48C-9F76812464F3}
2012-03-16 12:05:53	--------	d-----w-	c:\users\marvin\appdata\local\{F9256981-A09A-4D98-AFCC-3DD69F2E8C55}
2012-03-16 12:05:42	--------	d-----w-	c:\users\marvin\appdata\local\{3649E50C-FA82-4955-ABCE-484AFEB59FCF}
2012-03-16 07:39:46	--------	d-----w-	c:\users\marvin\appdata\local\{E7DBB581-BCA0-47C3-8BA8-26ABE9FF2200}
2012-03-15 16:27:21	592824	----a-w-	c:\program files\mozilla firefox\gkmedias.dll
2012-03-15 16:27:21	44472	----a-w-	c:\program files\mozilla firefox\mozglue.dll
2012-03-15 13:43:15	--------	d-----w-	c:\users\marvin\appdata\local\{CC1C47A3-9195-4D37-A2B7-A23E57C8B165}
2012-03-15 13:43:01	--------	d-----w-	c:\users\marvin\appdata\local\{E33F9328-9F2B-4BDF-9C11-8F8D2B523758}
2012-03-15 08:05:09	--------	d-----w-	c:\users\marvin\appdata\local\{F71FFEEC-0168-483F-8188-C9F65C285C4A}
2012-03-15 08:04:58	--------	d-----w-	c:\users\marvin\appdata\local\{D4FA7C48-3B00-48B2-B407-B69CCC114191}
2012-03-14 18:21:23	--------	d-----w-	c:\users\marvin\appdata\local\{421DED8F-68EF-4C52-8D3D-C50AA40922F9}
2012-03-14 18:21:12	--------	d-----w-	c:\users\marvin\appdata\local\{A43A1EE4-67AA-4419-BAE6-3B1F8A470AE1}
2012-03-14 13:05:18	3968368	----a-w-	c:\windows\system32\ntkrnlpa.exe
2012-03-14 13:05:18	3913584	----a-w-	c:\windows\system32\ntoskrnl.exe
2012-03-14 09:46:06	2343424	----a-w-	c:\windows\system32\win32k.sys
2012-03-14 09:46:05	1077248	----a-w-	c:\windows\system32\DWrite.dll
2012-03-14 09:45:41	8192	----a-w-	c:\windows\system32\rdrmemptylst.exe
2012-03-14 09:45:40	58880	----a-w-	c:\windows\system32\rdpwsx.dll
2012-03-14 09:45:40	129536	----a-w-	c:\windows\system32\rdpcorekmts.dll
2012-03-14 09:45:39	919040	----a-w-	c:\windows\system32\rdpcorets.dll
2012-03-14 09:45:38	826880	----a-w-	c:\windows\system32\rdpcore.dll
2012-03-14 09:45:38	24576	----a-w-	c:\windows\system32\drivers\tdtcp.sys
2012-03-14 09:45:38	183808	----a-w-	c:\windows\system32\drivers\rdpwd.sys
2012-03-13 23:12:50	--------	d-----w-	c:\users\marvin\appdata\local\{89C16AA1-1DA5-4AC1-AFAC-C7F59C28C4F0}
2012-03-13 23:12:39	--------	d-----w-	c:\users\marvin\appdata\local\{8F8F278E-BC1E-4BC1-9FAC-0B22732F04FF}
2012-03-13 21:18:48	--------	d-----w-	c:\users\marvin\appdata\local\{6B9063A0-0B88-4357-8B83-A2BF14C42E56}
2012-03-13 21:18:33	--------	d-----w-	c:\users\marvin\appdata\local\{62C681F8-4DCC-4EBE-B56A-7A7F41AD6E12}
2012-03-13 07:55:14	--------	d-----w-	c:\users\marvin\appdata\local\{C556718A-FF85-4E25-94B9-F765F572F58C}
2012-03-13 07:55:00	--------	d-----w-	c:\users\marvin\appdata\local\{8C07F143-BF34-497F-B6E3-F4D54C11E970}
2012-03-12 15:12:56	--------	d-----w-	c:\users\marvin\appdata\local\{A9D8A3C7-A167-4241-B590-7786EF55D338}
2012-03-12 15:12:44	--------	d-----w-	c:\users\marvin\appdata\local\{C2290593-CDFF-4C2F-99C4-E67B1CC4A22D}
2012-03-11 12:03:19	--------	d-----w-	c:\users\marvin\appdata\local\{606C2F45-8804-479E-B009-2591562DF8D8}
2012-03-11 12:03:08	--------	d-----w-	c:\users\marvin\appdata\local\{642E9A55-C058-4A7E-B445-318EE3754551}
2012-03-11 11:16:51	--------	d-----w-	c:\programdata\Blizzard Entertainment
2012-03-10 21:40:04	--------	d-----w-	c:\program files\common files\Blizzard Entertainment
2012-03-10 18:56:22	--------	d-----w-	c:\program files\common files\Blizzard Entertainment.temp
2012-03-10 14:50:11	--------	d-----w-	c:\programdata\Blizzard
2012-03-10 09:21:54	--------	d-----w-	c:\users\marvin\appdata\local\{9294A2C3-A9CA-4648-814C-E5B8B7E68ACC}
2012-03-10 09:21:43	--------	d-----w-	c:\users\marvin\appdata\local\{5EA6AC99-47B8-492D-8346-E4AFBAEA93E8}
2012-03-09 21:08:40	--------	d-----w-	c:\users\marvin\appdata\local\{B6662F66-3F04-4C11-87B6-2908649B4AD7}
2012-03-09 21:08:30	--------	d-----w-	c:\users\marvin\appdata\local\{AC7E8172-D563-410F-BF83-D1F535F86CA6}
2012-03-09 17:35:10	--------	d-----w-	c:\users\marvin\appdata\local\{C20E010B-4437-4209-AB85-FEE1E8391317}
2012-03-09 16:56:29	--------	d-----w-	c:\users\marvin\appdata\local\{9668208F-CFFB-4E18-83A7-650D8E6B30A2}
2012-03-09 16:56:13	--------	d-----w-	c:\users\marvin\appdata\local\{310E72A9-A882-4CD3-8138-FEBC0BB7D381}
2012-03-09 09:00:26	--------	d-----w-	c:\windows\system32\appmgmt
2012-03-09 08:44:21	--------	d-----w-	c:\users\marvin\appdata\local\{171399EB-B0F4-4A8B-B2F6-DE5E48FB2C9F}
2012-03-09 08:44:09	--------	d-----w-	c:\users\marvin\appdata\local\{E0DEE6AF-6798-4478-8A17-85A1923C7E95}
2012-03-08 09:01:59	--------	d-----w-	c:\users\marvin\appdata\local\{415EC380-A7DE-42E2-8AEE-23348E60BED6}
2012-03-08 09:01:48	--------	d-----w-	c:\users\marvin\appdata\local\{0934A83E-904D-41F8-B731-CECB40C57EF0}
2012-03-07 23:19:03	--------	d-----w-	c:\users\marvin\appdata\local\{D1820A18-9252-41DE-9322-EEA87B6F7C80}
2012-03-07 09:02:03	--------	d-----w-	c:\users\marvin\appdata\local\{D76CCAA2-051D-4309-91FC-D80530903361}
2012-03-07 09:01:51	--------	d-----w-	c:\users\marvin\appdata\local\{458E0185-620D-4FC4-828D-2A1821C5831C}
2012-03-06 10:53:18	--------	d-----w-	c:\users\marvin\appdata\local\{D1CA46BC-5D07-4C27-BD0D-14D0992AECC1}
2012-03-06 10:53:04	--------	d-----w-	c:\users\marvin\appdata\local\{BBD650E5-BD44-4EB1-A146-F6B2CCD9F803}
2012-03-05 16:29:54	--------	d-----w-	c:\users\marvin\appdata\local\Google
2012-03-05 09:05:26	--------	d-----w-	c:\users\marvin\appdata\local\{DF6D0BB4-1CB0-4403-9F2A-B275FA2E6163}
2012-03-05 09:05:14	--------	d-----w-	c:\users\marvin\appdata\local\{41FAE50B-7695-4019-B46D-C6E189EAA271}
2012-03-04 09:22:04	--------	d-----w-	c:\users\marvin\appdata\local\{65538675-995E-4D44-B13A-5858C33D45E2}
2012-03-04 09:21:50	--------	d-----w-	c:\users\marvin\appdata\local\{324D9721-2877-465C-99DE-1B78D814568D}
2012-03-03 12:56:08	--------	d-----w-	c:\users\marvin\appdata\local\{BA2C4A26-1E07-42EC-B8DF-01E9AA594B82}
2012-03-03 12:55:57	--------	d-----w-	c:\users\marvin\appdata\local\{F7F80716-09FB-46C6-8416-DE7F7EE26426}
2012-03-03 10:22:22	--------	d-----w-	c:\users\marvin\appdata\local\{AAC05328-2F91-4DFB-85C9-3A880A0A9CA3}
2012-03-02 08:39:52	--------	d-----w-	c:\users\marvin\appdata\local\{E09C0682-F470-458F-95A7-E1DF13546800}
2012-03-02 08:39:38	--------	d-----w-	c:\users\marvin\appdata\local\{8FD8B687-E382-4E2B-AA71-FBE2743ED79D}
2012-03-01 09:18:19	--------	d-----w-	c:\users\marvin\appdata\local\{B34AEBA1-C52F-4838-A472-CDA3D72AA7CD}
2012-03-01 09:18:08	--------	d-----w-	c:\users\marvin\appdata\local\{8E45E70E-BAE7-4DC4-AB23-9B85225AE16E}
2012-02-29 10:34:12	--------	d-----w-	c:\users\marvin\appdata\local\{356B07D6-AB2E-4D20-BB08-4128D620783F}
2012-02-29 10:34:01	--------	d-----w-	c:\users\marvin\appdata\local\{59AAD032-3A2E-4BCA-957D-93B6C0EB431C}
2012-02-28 10:41:17	--------	d-----w-	c:\users\marvin\appdata\local\{495B7B01-4BD1-4248-98A1-0473341C3EEE}
2012-02-28 10:41:07	--------	d-----w-	c:\users\marvin\appdata\local\{33796C80-5489-443D-91F2-4895D7138E17}
2012-02-27 21:38:48	--------	d-----w-	c:\users\marvin\appdata\local\{71098275-9338-45AD-B671-275E786A70BA}
2012-02-27 21:38:26	--------	d-----w-	c:\users\marvin\appdata\local\{F3736D68-65DF-4500-AF85-2D10A94F958A}
.
==================== Find3M  ====================
.
2012-03-28 07:40:22	77824	----a-w-	c:\windows\KMSEmulator.exe
2012-03-19 20:11:33	414368	----a-w-	c:\windows\system32\FlashPlayerCPLApp.cpl
2012-02-23 08:18:36	237072	------w-	c:\windows\system32\MpSigStub.exe
2012-01-04 18:38:42	2829	----a-w-	c:\windows\War3Unin.pif
2012-01-04 18:38:42	139264	----a-w-	c:\windows\War3Unin.exe
2012-01-04 08:58:41	442880	----a-w-	c:\windows\system32\ntshrui.dll
2011-12-30 05:27:56	478720	----a-w-	c:\windows\system32\timedate.cpl
.
============= FINISH: 11:42:58,20 ===============
         

[/CODE][/CODE][/CODE][/CODE]
--- --- ---
--- --- ---
--- --- ---
--- --- ---
--- --- ---


attach:

.
UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.
IF REQUESTED, ZIP IT UP & ATTACH IT
.
DDS (Ver_2011-08-26.01)
.
Microsoft Windows 7 Ultimate
Boot Device: \Device\HarddiskVolume1
Install Date: 30.07.2011 08:56:49
System Uptime: 28.03.2012 09:38:46 (2 hours ago)
.
Motherboard: Dell Inc. | | 0YD479
Processor: Genuine Intel(R) CPU T2400 @ 1.83GHz | Microprocessor | 1833/166mhz
.
==== Disk Partitions =========================
.
C: is FIXED (NTFS) - 39 GiB total, 2,211 GiB free.
D: is FIXED (NTFS) - 29 GiB total, 3,703 GiB free.
E: is FIXED (NTFS) - 39 GiB total, 12,368 GiB free.
F: is FIXED (NTFS) - 42 GiB total, 22,479 GiB free.
G: is CDROM ()
Q: is CDROM (CDFS)
.
==== Disabled Device Manager Items =============
.
Class GUID: {6bdd1fc6-810f-11d0-bec7-08002be2092f}
Description: Photosmart 2570 series
Device ID: ROOT\IMAGE\0000
Manufacturer: HP
Name: Photosmart 2570 series
PNP Device ID: ROOT\IMAGE\0000
Service: StillCam
.
Class GUID: {4d36e971-e325-11ce-bfc1-08002be10318}
Description: Photosmart 2570 series
Device ID: ROOT\MULTIFUNCTION\0000
Manufacturer: HP
Name: Photosmart 2570 series
PNP Device ID: ROOT\MULTIFUNCTION\0000
Service:
.
==== System Restore Points ===================
.
No restore point in system.
.
==== Installed Programs ======================
.
2570
2570_Help
2570Trb
32 Bit HP CIO Components Installer
Adobe Flash Player 10 ActiveX
Adobe Flash Player 11 Plugin
Adobe Reader X (10.1.0) - Deutsch
AIO_CDB_ProductContext
AIO_CDB_Software
AIO_Scan
Akamai NetSession Interface
Akamai NetSession Interface Service
Apple Application Support
Apple Mobile Device Support
Apple Software Update
Avira AntiVir Personal - Free Antivirus
Ballerburg
Battle Pirates Base Editor
Blender
Bonjour
BufferChm
CelebPoker
Copy
Counter-Strike 1.6
D3DX10
DAEMON Tools Lite
Definition Update for Microsoft Office 2010 (KB982726) 32-Bit Edition
Destinations
DeviceDiscovery
DocProc
Dropbox
Fax
Feedback Tool
Google Chrome
Google Earth
Google Update Helper
GPBaseService2
Guitar Pro 6
HP Customer Participation Program 13.0
HP Imaging Device Functions 13.0
HP Photosmart Essential 3.5
HP Photosmart Officejet and Deskjet All-In-One Driver Software 13.0 Rel. B
HP Smart Web Printing 4.51
HP Solution Center 13.0
HP Update
HPPhotoGadget
HPPhotoSmartDiscLabelContent1
HPPhotosmartEssential
HPProductAssistant
HPSSupply
iCloud
ICQ7.6
iTunes
Java Auto Updater
Java(TM) 6 Update 30
JDownloader 0.9
Junk Mail filter update
MarketResearch
Microsoft .NET Framework 4 Client Profile
Microsoft .NET Framework 4 Client Profile DEU Language Pack
Microsoft Access 2010
Microsoft Application Error Reporting
Microsoft Games for Windows - LIVE Redistributable
Microsoft Games for Windows Marketplace
Microsoft Office 2010 Service Pack 1 (SP1)
Microsoft Office Access 2010
Microsoft Office Access MUI (German) 2010
Microsoft Office Excel MUI (German) 2010
Microsoft Office Groove MUI (German) 2010
Microsoft Office InfoPath MUI (German) 2010
Microsoft Office OneNote MUI (German) 2010
Microsoft Office Outlook MUI (German) 2010
Microsoft Office PowerPoint MUI (German) 2010
Microsoft Office Professional Plus 2010
Microsoft Office Proof (English) 2010
Microsoft Office Proof (French) 2010
Microsoft Office Proof (German) 2010
Microsoft Office Proof (Italian) 2010
Microsoft Office Proofing (German) 2010
Microsoft Office Publisher MUI (German) 2010
Microsoft Office Shared MUI (German) 2010
Microsoft Office Word MUI (German) 2010
Microsoft Silverlight
Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
Microsoft Visual C++ 2005 Redistributable
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
MobileMe Control Panel
Mozilla Firefox 11.0 (x86 de)
MSVCRT
MSXML 4.0 SP2 (KB954430)
MSXML 4.0 SP2 (KB973688)
myBet Poker
Network
OCR Software by I.R.I.S. 13.0
PDFCreator
Process Killer 2011 (3.0 Build 1)
QuickSet
QuickTime
Safari
Scan
Secure Download Manager
Security Update for Microsoft .NET Framework 4 Client Profile (KB2478663)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2518870)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2539636)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2572078)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2633870)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2656351)
Security Update for Microsoft .NET Framework 4 Client Profile DEU Language Pack (KB2478663)
Security Update for Microsoft .NET Framework 4 Client Profile DEU Language Pack (KB2518870)
Security Update for Microsoft Office 2010 (KB2553091)
Security Update for Microsoft Office 2010 (KB2553096)
Security Update for Microsoft Office 2010 (KB2589320) 32-Bit Edition
Security Update for Microsoft PowerPoint 2010 (KB2553185) 32-Bit Edition
Security Update for Microsoft SharePoint Workspace 2010 (KB2566445)
Security Update for Microsoft Visio Viewer 2010 (KB2597170) 32-Bit Edition
SES Driver
Shop for HP Supplies
SigmaTel Audio
SmartWebPrinting
SolutionCenter
Status
TeamSpeak 3 Client
Toolbox
Total Commander (Remove or Repair)
TrayApp
UnloadSupport
Update for Microsoft .NET Framework 4 Client Profile (KB2468871)
Update for Microsoft .NET Framework 4 Client Profile (KB2533523)
Update for Microsoft .NET Framework 4 Client Profile (KB2600217)
Update for Microsoft Excel 2010 (KB2553439) 32-Bit Edition
Update for Microsoft Office 2010 (KB2494150)
Update for Microsoft Office 2010 (KB2553065)
Update for Microsoft Office 2010 (KB2553092)
Update for Microsoft Office 2010 (KB2553181) 32-Bit Edition
Update for Microsoft Office 2010 (KB2553270) 32-Bit Edition
Update for Microsoft Office 2010 (KB2553310) 32-Bit Edition
Update for Microsoft Office 2010 (KB2553385) 32-Bit Edition
Update for Microsoft Office 2010 (KB2566458)
Update for Microsoft Office 2010 (KB2596964) 32-Bit Edition
Update for Microsoft Office 2010 (KB2597091) 32-Bit Edition
Update for Microsoft OneNote 2010 (KB2553290) 32-Bit Edition
Update for Microsoft Outlook 2010 (KB2553323) 32-Bit Edition
Update for Microsoft Outlook Social Connector (KB2583935)
UseNeXT
VLC media player 1.1.11
Warcraft III
Warcraft III: All Products
WebReg
Winamp
Winamp Erkennungs-Plug-in
Windows Live Communications Platform
Windows Live Essentials
Windows Live ID Sign-in Assistant
Windows Live Installer
Windows Live Mail
Windows Live Messenger
Windows Live MIME IFilter
Windows Live Photo Common
Windows Live PIMT Platform
Windows Live SOXE
Windows Live SOXE Definitions
Windows Live UX Platform
Windows Live UX Platform Language Pack
Windows Live Writer
Windows Live Writer Resources
WinRAR 4.01 (32-Bit)
World of Warcraft
.
==== End Of File ===========================

so nun der letzte schritt die GMER datei:
GMER Logfile:

Code: Alles auswählenAufklappen

ATTFilter

GMER 1.0.15.15641 - hxxp://www.gmer.net
Rootkit scan 2012-03-28 12:18:21
Windows 6.1.7601 Service Pack 1 Harddisk0\DR0 -> \Device\Ide\IdeDeviceP0T0L0-0 ST9160823ASG rev.3.AAB
Running: ybifddw5.exe; Driver: C:\Users\Marvin\AppData\Local\Temp\pgliakog.sys


---- System - GMER 1.0.15 ----

SSDT            90FF0AAE                                                                                         ZwCreateSection
SSDT            90FF0AB3                                                                                         ZwSetContextThread
SSDT            90FF0A4F                                                                                         ZwTerminateProcess

---- Kernel code sections - GMER 1.0.15 ----

.text           ntkrnlpa.exe!ZwSaveKey + 13C1                                                                    82C493D9 1 Byte  [06]
.text           ntkrnlpa.exe!KiDispatchInterrupt + 5A2                                                           82C82D52 19 Bytes  [E0, 0F, BA, F0, 07, 73, 09, ...] {LOOPNZ 0x11; MOV EDX, 0x97307f0; MOV CR4, EAX; OR AL, 0x80; MOV CR4, EAX; RET ; MOV ECX, CR3}
.text           ntkrnlpa.exe!KeRemoveQueueEx + 11F7                                                              82C89EEC 4 Bytes  [AE, 0A, FF, 90] {SCASB ; OR BH, BH; NOP }
.text           ntkrnlpa.exe!KeRemoveQueueEx + 1597                                                              82C8A28C 4 Bytes  [B3, 0A, FF, 90]
.text           ntkrnlpa.exe!KeRemoveQueueEx + 166F                                                              82C8A364 4 Bytes  [4F, 0A, FF, 90] {DEC EDI; OR BH, BH; NOP }
?               C:\Users\Marvin\AppData\Local\Temp\mbr.sys                                                       Das System kann die angegebene Datei nicht finden. !

---- User code sections - GMER 1.0.15 ----

.text           C:\Program Files\Mozilla Firefox\firefox.exe[5668] ntdll.dll!LdrLoadDll                          76E9223E 5 Bytes  JMP 5EC19720 C:\Program Files\Mozilla Firefox\xul.dll (Mozilla Foundation)
.text           C:\Program Files\Mozilla Firefox\firefox.exe[5668] kernel32.dll!MapViewOfFile                    76D993DB 5 Bytes  JMP 5EE4E1F4 C:\Program Files\Mozilla Firefox\xul.dll (Mozilla Foundation)
.text           C:\Program Files\Mozilla Firefox\firefox.exe[5668] kernel32.dll!VirtualAlloc                     76D9C43A 5 Bytes  JMP 5EE4E21B C:\Program Files\Mozilla Firefox\xul.dll (Mozilla Foundation)
.text           C:\Program Files\Mozilla Firefox\firefox.exe[5668] GDI32.dll!CreateDIBSection                    76998850 5 Bytes  JMP 5EE4E17E C:\Program Files\Mozilla Firefox\xul.dll (Mozilla Foundation)
.text           C:\Program Files\Mozilla Firefox\plugin-container.exe[5840] USER32.dll!GetWindowInfo             752D4B5E 5 Bytes  JMP 5ED8FE0A C:\Program Files\Mozilla Firefox\xul.dll (Mozilla Foundation)
.text           C:\Program Files\Mozilla Firefox\plugin-container.exe[5840] USER32.dll!TrackPopupMenu            752E2228 5 Bytes  JMP 5ED903C5 C:\Program Files\Mozilla Firefox\xul.dll (Mozilla Foundation)

---- Devices - GMER 1.0.15 ----

Device          \Driver\ACPI_HAL \Device\00000049                                                                halmacpi.dll (Hardware Abstraction Layer DLL/Microsoft Corporation)

AttachedDevice  \Driver\volmgr \Device\HarddiskVolume1                                                           fvevol.sys (BitLocker Drive Encryption Driver/Microsoft Corporation)
AttachedDevice  \Driver\volmgr \Device\HarddiskVolume1                                                           rdyboost.sys (ReadyBoost Driver/Microsoft Corporation)
AttachedDevice  \Driver\volmgr \Device\HarddiskVolume2                                                           fvevol.sys (BitLocker Drive Encryption Driver/Microsoft Corporation)
AttachedDevice  \Driver\volmgr \Device\HarddiskVolume2                                                           rdyboost.sys (ReadyBoost Driver/Microsoft Corporation)
AttachedDevice  \Driver\volmgr \Device\HarddiskVolume3                                                           fvevol.sys (BitLocker Drive Encryption Driver/Microsoft Corporation)
AttachedDevice  \Driver\volmgr \Device\HarddiskVolume3                                                           rdyboost.sys (ReadyBoost Driver/Microsoft Corporation)
AttachedDevice  \Driver\volmgr \Device\HarddiskVolume4                                                           fvevol.sys (BitLocker Drive Encryption Driver/Microsoft Corporation)
AttachedDevice  \Driver\volmgr \Device\HarddiskVolume4                                                           rdyboost.sys (ReadyBoost Driver/Microsoft Corporation)
AttachedDevice  \Driver\volmgr \Device\HarddiskVolume5                                                           fvevol.sys (BitLocker Drive Encryption Driver/Microsoft Corporation)
AttachedDevice  \Driver\volmgr \Device\HarddiskVolume5                                                           rdyboost.sys (ReadyBoost Driver/Microsoft Corporation)

---- Registry - GMER 1.0.15 ----

Reg             HKLM\SYSTEM\CurrentControlSet\services\BTHPORT\Parameters\Keys\0016415d254f                      
Reg             HKLM\SYSTEM\CurrentControlSet\services\BTHPORT\Parameters\Keys\0016415d254f@7ced8d697e1d         0x39 0x50 0x75 0x01 ...
Reg             HKLM\SYSTEM\ControlSet002\services\BTHPORT\Parameters\Keys\0016415d254f (not active ControlSet)  
Reg             HKLM\SYSTEM\ControlSet002\services\BTHPORT\Parameters\Keys\0016415d254f@7ced8d697e1d             0x39 0x50 0x75 0x01 ...

---- EOF - GMER 1.0.15 ----
         

--- --- ---


Ich hoffe wirklich ihr könnt mir helfen... werde jetzt mal rebooten um zu sehen ob das problem trotz löschung durch antivir noch vorhanden ist... ich denke zwar schon, aber hoffnung besteht ja immer..

MfG

Creekie

/edit: Also selbst nach mehrmaligem reboot ist das problem noch immer anwesend... leider wie bereits beschrieben kann ich, solange der prozess aktiv ist, kaum etwas öffnen. Taskmanager und so weiter geht ned... muss nu ersma gucken das ich den stand wie vorhin hinbekomme, also möglichst viel öffnen, und während des herunterfahrens schnell auf abbrechen klicken -.-

Kann leider nimma editieren, daehr auf diesem wege.

Also habe mich natürlich bissl durchgelesen, und habe festgestellt, dass die anderen mit dem gleichen prob son bundespolizei trojaner haben. kann ich das evtl auch haben? wenn ja wie ifnd ich das raus? Weil bei mir öffnet sich ja auch immer ne inet seite, aer das steht dieser quelle wird nicht vertraut.

Mein Name ist Marius und ich werde dir bei deinem Problem helfen.

Eines vorneweg:

Hinweis: Wir können hier nie dafür garantieren, dass wir sämtliche Reste von Schadsoftware gefunden haben. Eine Formatierung ist meist der schnellere und immer der sicherste Weg.

Solltest Du Dich für eine Bereinigung entscheiden, arbeite solange mit, bis dir jemand vom Team sagt, dass du clean bist.

Eine Bereinigung ist mitunter mit viel Arbeit für dich verbunden.

• Bitte arbeite alle Schritte der Reihe nach ab.
• Lese die Anleitungen sorgfältig. Sollte es Probleme geben, bitte stoppen und hier so gut es geht beschreiben.
• Nur Scans durchführen zu denen du von einem Helfer aufgefordert wirst.
• Bitte kein Crossposting ( posten in mehreren Foren).
• Installiere oder Deinstalliere während der Bereinigung keine Software (ausser, du wurdest dazu aufgefordert).
• Lese Dir die Anleitung zuerst vollständig durch. Sollte etwas unklar sein, frage bevor Du beginnst.
• Poste die Logfiles direkt in deinen Thread. Nicht anhängen, außer, ich fordere dich dazu auf. Erschwert mir nämlich das Auswerten.

Vista und Win7 User
Alle Tools mit Rechtsklick "als Administrator ausführen" starten.


ComboFix

Combofix darf ausschließlich ausgeführt werden, wenn dies von einem Team Mitglied angewiesen wurde!
Es sollte nie auf eigene Initiative hin ausgeführt werden! Eine falsche Benutzung kann ernsthafte Computerprobleme nach sich ziehen und eine Bereinigung der Infektion noch erschweren.

Downloade dir bitte Combofix von einem dieser Downloadspiegel

Link 1
Link 2


WICHTIG - Speichere Combofix auf deinem Desktop

• Deaktiviere bitte all deine Anti Viren sowie Anti Malware/Spyware Scanner. Diese können Combofix bei der Arbeit stören.

Starte die Combofix.exe und folge den Anweisungen auf dem Bildschirm.

Wenn Combofix fertig ist, wird es eine Logfile erstellen. Bitte poste die C:\Combofix.txt in deiner nächsten Antwort.


Hinweis: Solltest du nach dem Neustart folgende Fehlermeldung erhalten

Zitat:

Es wurde versucht, einen Registrierungsschlüssel einem ungültigen Vorgang zu unterziehen, der zum Löschen markiert wurde.

starte den Rechner einfach neu. Dies sollte das Problem beheben.

So habe wie angewiesen die Combofix datei ausgeführt, hier die Log-Datei:

Combofix Logfile:

Code: Alles auswählenAufklappen

ATTFilter

ComboFix 12-03-29.01 - Marvin 29.03.2012  11:02:53.1.2 - x86
Microsoft Windows 7 Ultimate   6.1.7601.1.1252.49.1031.18.2046.1096 [GMT 2:00]
ausgeführt von:: c:\users\Marvin\Downloads\ComboFix.exe
AV: AntiVir Desktop *Disabled/Updated* {090F9C29-64CE-6C6F-379C-5901B49A85B7}
SP: AntiVir Desktop *Disabled/Updated* {B26E7DCD-42F4-63E1-0D2C-6273CF1DCF0A}
SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
 * Neuer Wiederherstellungspunkt wurde erstellt
.
.
((((((((((((((((((((((((((((((((((((   Weitere Löschungen   ))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\users\Marvin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Notizen.Gadget
c:\users\Marvin\AppData\Local\Microsoft\Windows\Temporary Internet Files\unit_converter.gadget
c:\users\Marvin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\cgs8h0.exe.lnk
c:\windows\pkunzip.pif
c:\windows\pkzip.pif
.
.
(((((((((((((((((((((((   Dateien erstellt von 2012-02-28 bis 2012-03-29  ))))))))))))))))))))))))))))))
.
.
2012-03-28 07:58 . 2012-03-28 07:58	--------	d-----w-	c:\program files\PragmaDigm
2012-03-28 07:57 . 2012-03-28 08:02	--------	d-----w-	c:\users\Marvin\AppData\Roaming\GetRightToGo
2012-03-27 09:02 . 2012-03-14 02:15	6582328	----a-w-	c:\programdata\Microsoft\Windows Defender\Definition Updates\{BAE8E436-8BA7-4B04-9EE9-75368DEB0726}\mpengine.dll
2012-03-15 16:27 . 2012-03-15 16:27	592824	----a-w-	c:\program files\Mozilla Firefox\gkmedias.dll
2012-03-15 16:27 . 2012-03-15 16:27	44472	----a-w-	c:\program files\Mozilla Firefox\mozglue.dll
2012-03-14 13:05 . 2011-11-19 14:50	3968368	----a-w-	c:\windows\system32\ntkrnlpa.exe
2012-03-14 13:05 . 2011-11-19 14:50	3913584	----a-w-	c:\windows\system32\ntoskrnl.exe
2012-03-14 09:46 . 2012-02-03 03:54	2343424	----a-w-	c:\windows\system32\win32k.sys
2012-03-14 09:46 . 2012-02-10 05:38	1077248	----a-w-	c:\windows\system32\DWrite.dll
2012-03-14 09:45 . 2012-01-25 05:27	8192	----a-w-	c:\windows\system32\rdrmemptylst.exe
2012-03-14 09:45 . 2012-01-25 05:32	58880	----a-w-	c:\windows\system32\rdpwsx.dll
2012-03-14 09:45 . 2012-01-25 05:32	129536	----a-w-	c:\windows\system32\rdpcorekmts.dll
2012-03-14 09:45 . 2012-02-17 05:34	919040	----a-w-	c:\windows\system32\rdpcorets.dll
2012-03-14 09:45 . 2012-02-17 05:34	826880	----a-w-	c:\windows\system32\rdpcore.dll
2012-03-14 09:45 . 2012-02-17 04:14	183808	----a-w-	c:\windows\system32\drivers\rdpwd.sys
2012-03-14 09:45 . 2012-02-17 04:13	24576	----a-w-	c:\windows\system32\drivers\tdtcp.sys
2012-03-11 11:16 . 2012-03-11 11:17	--------	d-----w-	c:\programdata\Blizzard Entertainment
2012-03-10 21:40 . 2012-03-11 02:27	--------	d-----w-	c:\program files\Common Files\Blizzard Entertainment
2012-03-10 14:50 . 2012-03-10 14:50	--------	d-----w-	c:\programdata\Blizzard
2012-03-05 16:31 . 2012-03-05 16:33	--------	d-----w-	c:\program files\Google
2012-03-05 16:29 . 2012-03-05 16:34	--------	d-----w-	c:\users\Marvin\AppData\Local\Google
.
.
.
((((((((((((((((((((((((((((((((((((   Find3M Bericht   ))))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2012-03-29 08:55 . 2011-07-30 10:21	77824	----a-w-	c:\windows\KMSEmulator.exe
2012-03-19 20:11 . 2011-07-30 09:36	414368	----a-w-	c:\windows\system32\FlashPlayerCPLApp.cpl
2012-02-23 08:18 . 2011-07-30 07:18	237072	------w-	c:\windows\system32\MpSigStub.exe
2012-01-04 18:38 . 2012-01-04 18:28	2829	----a-w-	c:\windows\War3Unin.pif
2012-01-04 18:38 . 2012-01-04 18:28	139264	----a-w-	c:\windows\War3Unin.exe
2012-01-04 08:58 . 2012-02-15 09:37	442880	----a-w-	c:\windows\system32\ntshrui.dll
2012-03-15 16:27 . 2012-03-10 21:37	97208	----a-w-	c:\program files\mozilla firefox\components\browsercomps.dll
.
.
((((((((((((((((((((((((((((   Autostartpunkte der Registrierung   ))))))))))))))))))))))))))))))))))))))))
.
.
*Hinweis* leere Einträge & legitime Standardeinträge werden nicht angezeigt. 
REGEDIT4
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt1]
@="{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}]
2011-12-05 19:17	94208	----a-w-	c:\users\Marvin\AppData\Roaming\Dropbox\bin\DropboxExt.14.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt2]
@="{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}]
2011-12-05 19:17	94208	----a-w-	c:\users\Marvin\AppData\Roaming\Dropbox\bin\DropboxExt.14.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt3]
@="{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}]
2011-12-05 19:17	94208	----a-w-	c:\users\Marvin\AppData\Roaming\Dropbox\bin\DropboxExt.14.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt4]
@="{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}]
2011-12-05 19:17	94208	----a-w-	c:\users\Marvin\AppData\Roaming\Dropbox\bin\DropboxExt.14.dll
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Sidebar"="c:\program files\Windows Sidebar\sidebar.exe" [2010-11-20 1174016]
"Akamai NetSession Interface"="c:\users\Marvin\AppData\Local\Akamai\netsession_win.exe" [2012-03-13 3331872]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SigmatelSysTrayApp"="sttray.exe" [2007-01-12 303104]
"avgnt"="c:\program files\Avira\AntiVir Desktop\avgnt.exe" [2011-04-21 281768]
"Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2011-06-06 937920]
"WinampAgent"="c:\program files\Winamp\winampa.exe" [2011-07-11 74752]
"BCSSync"="c:\program files\Microsoft Office\Office14\BCSSync.exe" [2010-03-13 91520]
"HP Software Update"="c:\program files\HP\HP Software Update\HPWuSchd2.exe" [2007-05-08 54840]
"hpqSRMon"="c:\program files\HP\Digital Imaging\bin\hpqSRMon.exe" [2008-07-22 150528]
"AppleSyncNotifier"="c:\program files\Common Files\Apple\Mobile Device Support\AppleSyncNotifier.exe" [2011-10-06 59240]
"APSDaemon"="c:\program files\Common Files\Apple\Apple Application Support\APSDaemon.exe" [2011-11-01 59240]
"QuickTime Task"="c:\program files\QuickTime\QTTask.exe" [2011-10-24 421888]
"SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2011-06-09 254696]
"Logitech Download Assistant"="c:\windows\System32\LogiLDA.dll" [2010-11-03 1246544]
"iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2012-01-16 421736]
.
c:\users\Marvin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
Dropbox.lnk - c:\users\Marvin\AppData\Roaming\Dropbox\bin\Dropbox.exe [2012-2-15 24246216]
.
c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
HP Digital Imaging Monitor.lnk - c:\program files\HP\Digital Imaging\bin\hpqtra08.exe [2009-9-20 270336]
QuickSet.lnk - c:\windows\Installer\{7F0C4457-8E64-491B-8D7B-991504365D1E}\NewShortcut2_53A01CC614B04512A2E710D39BF83DC4.exe [2011-7-30 45056]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 5 (0x5)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableUIADesktopToggle"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"mixer"=wdmaud.drv
.
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]
Security Packages	REG_MULTI_SZ   	kerberos msv1_0 schannel wdigest tspkg pku2u livessp
.
R2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-03-18 130384]
R2 gupdate;Google Update-Dienst (gupdate);c:\program files\Google\Update\GoogleUpdate.exe [2012-03-05 136176]
R3 gupdatem;Google Update-Dienst (gupdatem);c:\program files\Google\Update\GoogleUpdate.exe [2012-03-05 136176]
R3 ivusb;Initio Driver for USB Default Controller;c:\windows\system32\DRIVERS\ivusb.sys [2010-07-28 25112]
R3 Microsoft SharePoint Workspace Audit Service;Microsoft SharePoint Workspace Audit Service;c:\program files\Microsoft Office\Office14\GROOVE.EXE [2011-06-12 31125880]
R3 RdpVideoMiniport;Remote Desktop Video Miniport Driver;c:\windows\system32\drivers\rdpvideominiport.sys [2010-11-20 15872]
R3 Synth3dVsc;Synth3dVsc;c:\windows\system32\drivers\synth3dvsc.sys [x]
R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys [2010-11-20 52224]
R3 tsusbhub;tsusbhub;c:\windows\system32\drivers\tsusbhub.sys [x]
R3 VGPU;VGPU;c:\windows\system32\drivers\rdvgkmd.sys [x]
R3 WDC_SAM;WD SCSI Pass Thru driver;c:\windows\system32\DRIVERS\wdcsam.sys [2011-02-16 11520]
S1 dtsoftbus01;DAEMON Tools Virtual Bus Driver;c:\windows\system32\DRIVERS\dtsoftbus01.sys [2011-12-10 239168]
S2 AdobeARMservice;Adobe Acrobat Update Service;c:\program files\Common Files\Adobe\ARM\1.0\armsvc.exe [2011-06-06 64952]
S2 Akamai;Akamai NetSession Interface;c:\windows\System32\svchost.exe [2009-07-14 20992]
S2 AntiVirSchedulerService;Avira AntiVir Planer;c:\program files\Avira\AntiVir Desktop\sched.exe [2011-04-21 136360]
S3 netw5v32;Intel(R) Wireless WiFi Link 5000-Serie - Adaptertreiber für Windows Vista 32 Bit;c:\windows\system32\DRIVERS\netw5v32.sys [2009-07-13 4231168]
S3 osppsvc;Office Software Protection Platform;c:\program files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE [2010-01-09 4640000]
.
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
HPZ12	REG_MULTI_SZ   	Pml Driver HPZ12 Net Driver HPZ12
HPService	REG_MULTI_SZ   	HPSLPSVC
hpdevmgmt	REG_MULTI_SZ   	hpqcxs08 hpqddsvc
Akamai	REG_MULTI_SZ   	Akamai
.
Inhalt des "geplante Tasks" Ordners
.
2012-03-29 c:\windows\Tasks\AutoKMS.job
- c:\windows\AutoKMS\AutoKMS.exe [2011-07-30 10:22]
.
2012-03-29 c:\windows\Tasks\AutoKMSDaily.job
- c:\windows\AutoKMS\AutoKMS.exe [2011-07-30 10:22]
.
2012-03-29 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files\Google\Update\GoogleUpdate.exe [2012-03-05 16:29]
.
2012-03-28 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files\Google\Update\GoogleUpdate.exe [2012-03-05 16:29]
.
.
------- Zusätzlicher Suchlauf -------
.
uStart Page = hxxp://start.icq.com/
uInternet Settings,ProxyOverride = *.local;127.0.0.1:9421;<local>
IE: An OneNote s&enden - c:\progra~1\MICROS~2\Office14\ONBttnIE.dll/105
IE: Nach Microsoft E&xcel exportieren - c:\progra~1\MICROS~2\Office14\EXCEL.EXE/3000
IE: {{7644E42D-B096-457F-8B5B-901238FC81AE} - c:\program files\ICQ7.6\ICQ.exe
TCP: DhcpNameServer = 192.168.178.1
FF - ProfilePath - c:\users\Marvin\AppData\Roaming\Mozilla\Firefox\Profiles\5m569w52.default\
.
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\Akamai]
"ServiceDll"="c:\program files\common files\akamai/netsession_win_6c825ce.dll"
.
--------------------- Gesperrte Registrierungsschluessel ---------------------
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
Zeit der Fertigstellung: 2012-03-29  11:25:50
ComboFix-quarantined-files.txt  2012-03-29 09:25
.
Vor Suchlauf: 1.804.201.984 Bytes frei
Nach Suchlauf: 3.628.011.520 Bytes frei
.
- - End Of File - - 5F8208CB561E1ABA4F7F40ED6482A505
         

--- --- ---


/edit habe vergessen den windows defender abzuschalten sehr schlimm?? soll ich nochmal machen?

Schritt 1: MBAM


Downloade Dir bitte Malwarebytes

• Installiere das Programm in den vorgegebenen Pfad.
  Vista und Win7 User mit Rechtsklick "als Administrator starten"
• Starte Malwarebytes, klicke auf Aktualisierung --> Suche nach Aktualisierung
• Wenn das Update beendet wurde, aktiviere Vollständigen Suchlauf durchführen und drücke auf Scannen. (Hinweis: Alle Festplatten anhaken!)
• Wenn der Scan beendet ist, klicke auf Ergebnisse anzeigen.
• Versichere Dich, dass alle Funde markiert sind und drücke Entferne Auswahl.
• Poste das Logfile, welches sich in Notepad öffnet, hier in den Thread.
• Nachträglich kannst du den Bericht unter "Log Dateien" finden.

Schritt 2: Scan mit TDSS-Killer


Lese bitte folgende Anweisungen genau. Wir wollen hier noch nichts "fixen" sondern nur einen Scan Report sehen. Downloade dir bitte TDSSKiller.exe und speichere diese Datei auf dem Desktop

• Starte die TDSSKiller.exe
• Drücke Start Scan
• Sollten infizierte Objekte gefunden werden, wähle keinesfalls Cure. Wähle Skip und speichere das Logfile. TDSSKiller wird eine Logfile auf deinem Systemlaufwerk speichern ( Meistens C:\ ) Als Beispiel: C:\TDSSKiller.<version_date_time>log.txt

Poste den Inhalt bitte hier in deinen Thread.



Schritt 3: Neues DDS-Log


Starte bitte DDS

• Wenn der Scan fertig ist, wird DDS 2 Logfiles erstellen. :
  1. DDS.txt
  2. Attach.txt
• Speichere beide auf deinem Desktop und poste diese bitte hier

[/QUOTE]

So wollte mich nur mal melden, hab jetzt erst zeit die schritte durchzuführen. hänge die logs an sobald ich fertig bin. übrigens habe ich heute einfach mal den lappi hochgefahren, und mein problem hat sich scheinbar schon in luft aufgelöst, also es wird keine inet seite mehr geöffnet und der gefakte desktop is auch nimma da. werde aber trotzdem deinen anweisungen folgen, nicht dass sich noch iwass versteckt. bin grad dabei mit mbam zu scannen

vielen dank schonmal für die tolle Hilfe!!!

Schritt 1:

Malwarebytes Anti-Malware (Test) 1.60.1.1000
Malwarebytes : Free anti-malware, anti-virus and spyware removal download

Datenbank Version: v2012.04.01.01

Windows 7 Service Pack 1 x86 NTFS
Internet Explorer 9.0.8112.16421
Marvin :: MARVIN-LAPPI [Administrator]

Schutz: Aktiviert

01.04.2012 09:48:18
mbam-log-2012-04-01 (09-48-18).txt

Art des Suchlaufs: Vollständiger Suchlauf
Aktivierte Suchlaufeinstellungen: Speicher | Autostart | Registrierung | Dateisystem | Heuristiks/Extra | HeuristiKs/Shuriken | PUP | PUM
Deaktivierte Suchlaufeinstellungen: P2P
Durchsuchte Objekte: 370518
Laufzeit: 1 Stunde(n), 36 Minute(n), 18 Sekunde(n)

Infizierte Speicherprozesse: 0
(Keine bösartigen Objekte gefunden)

Infizierte Speichermodule: 0
(Keine bösartigen Objekte gefunden)

Infizierte Registrierungsschlüssel: 2
HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\CelebPoker (PUP.Casino) -> Erfolgreich gelöscht und in Quarantäne gestellt.
HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\myBet Poker (PUP.Casino) -> Erfolgreich gelöscht und in Quarantäne gestellt.

Infizierte Registrierungswerte: 0
(Keine bösartigen Objekte gefunden)

Infizierte Dateiobjekte der Registrierung: 0
(Keine bösartigen Objekte gefunden)

Infizierte Verzeichnisse: 0
(Keine bösartigen Objekte gefunden)

Infizierte Dateien: 13
E:\CelebPoker\_SetupPoker_5b4e3e.exe (PUP.Casino) -> Erfolgreich gelöscht und in Quarantäne gestellt.
E:\Spiele\----LAN PACK----\Command & Conquer Generals\Key Generator For 179 EA Games.exe (RiskWare.Tool.CK) -> Erfolgreich gelöscht und in Quarantäne gestellt.
E:\Spiele\----LAN PACK----\Command & Conquer Generals - Stunde Null\Key Generator For 179 EA Games.exe (RiskWare.Tool.CK) -> Erfolgreich gelöscht und in Quarantäne gestellt.
E:\Spiele\myBet Poker\_SetupCasino_a21255.exe (PUP.Casino) -> Erfolgreich gelöscht und in Quarantäne gestellt.
F:\Zwischenspeicher\SetupCasino_a21255.exe (PUP.Casino) -> Erfolgreich gelöscht und in Quarantäne gestellt.
F:\Zwischenspeicher\Install Allgemein\__Brennen\CloneCD\CloneCD 5.2.7.1\Crack\Patch.exe (RiskWare.Tool.CK) -> Erfolgreich gelöscht und in Quarantäne gestellt.
F:\Zwischenspeicher\Install Allgemein\__Brennen\Nero Burning Rom Ultra Edition 6.6.0.8\Crack\Keygen.exe (Trojan.Agent) -> Erfolgreich gelöscht und in Quarantäne gestellt.
F:\Zwischenspeicher\Install Allgemein\__Grafik\Corel PaintShop Photo Pro X3 v13 Multilingual Incl\CORE10k.EXE (Dont.Steal.Our.Software) -> Erfolgreich gelöscht und in Quarantäne gestellt.
F:\Zwischenspeicher\Install Allgemein\__Grafik\Corel PaintShop Photo Pro X3 v13 Multilingual Incl\keygen.exe (Trojan.Dropper.PGen) -> Erfolgreich gelöscht und in Quarantäne gestellt.
F:\Zwischenspeicher\Install Allgemein\__Grafik\Paintshop Pro X3 Ultimate UltimatePaint\keygen.exe (Trojan.Dropper.PGen) -> Erfolgreich gelöscht und in Quarantäne gestellt.
F:\Zwischenspeicher\Install Allgemein\__Office\Office Professional Plus 2010 x86 & x64 (German)\Activation Patch\mini-KMS_Activator_v1.052.exe (Riskware.Keygen) -> Erfolgreich gelöscht und in Quarantäne gestellt.
F:\Zwischenspeicher\Install Allgemein\__Office\Office Professional Plus 2010 x86 & x64 (German)\Activation Patch\os_x86\bie_o10install86.exe (Trojan.Agent.CK) -> Erfolgreich gelöscht und in Quarantäne gestellt.
F:\Zwischenspeicher\Install Allgemein\__Office\Office Professional Plus 2010 x86 & x64 (German)\Office 2010\BIE\os_x86\bie_o10install86.exe (Trojan.Agent.CK) -> Erfolgreich gelöscht und in Quarantäne gestellt.

(Ende)


Es wurden nun aber viele sachen entfernt die eigentlich nicht entfernt werden sollten ^^

Schritt 2:

11:43:07.0326 2336 TDSS rootkit removing tool 2.7.23.0 Mar 26 2012 13:40:18
11:43:07.0466 2336 ============================================================
11:43:07.0466 2336 Current date / time: 2012/04/01 11:43:07.0466
11:43:07.0466 2336 SystemInfo:
11:43:07.0466 2336
11:43:07.0466 2336 OS Version: 6.1.7601 ServicePack: 1.0
11:43:07.0466 2336 Product type: Workstation
11:43:07.0467 2336 ComputerName: MARVIN-LAPPI
11:43:07.0467 2336 UserName: Marvin
11:43:07.0467 2336 Windows directory: C:\Windows
11:43:07.0467 2336 System windows directory: C:\Windows
11:43:07.0467 2336 Processor architecture: Intel x86
11:43:07.0467 2336 Number of processors: 2
11:43:07.0467 2336 Page size: 0x1000
11:43:07.0467 2336 Boot type: Normal boot
11:43:07.0467 2336 ============================================================
11:43:08.0918 2336 Drive \Device\Harddisk0\DR0 - Size: 0x25433D6000 (149.05 Gb), SectorSize: 0x200, Cylinders: 0x4C01, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000050
11:43:08.0940 2336 \Device\Harddisk0\DR0:
11:43:08.0942 2336 MBR used
11:43:08.0942 2336 \Device\Harddisk0\DR0\Partition0: MBR, Type 0x7, StartLBA 0x800, BlocksNum 0x32000
11:43:08.0942 2336 \Device\Harddisk0\DR0\Partition1: MBR, Type 0x7, StartLBA 0x32800, BlocksNum 0x4DE8000
11:43:08.0952 2336 \Device\Harddisk0\DR0\Partition2: MBR, Type 0x7, StartLBA 0x4E1AFA9, BlocksNum 0x3A962B1
11:43:08.0965 2336 \Device\Harddisk0\DR0\Partition3: MBR, Type 0x7, StartLBA 0x88B1299, BlocksNum 0x4E22CAD
11:43:08.0977 2336 \Device\Harddisk0\DR0\Partition4: MBR, Type 0x7, StartLBA 0xD6D3F85, BlocksNum 0x5344B3C
11:43:09.0217 2336 Initialize success
11:43:09.0217 2336 ============================================================
11:43:20.0178 4292 ============================================================
11:43:20.0178 4292 Scan started
11:43:20.0178 4292 Mode: Manual;
11:43:20.0178 4292 ============================================================
11:43:22.0116 4292 1394ohci (1b133875b8aa8ac48969bd3458afe9f5) C:\Windows\system32\drivers\1394ohci.sys
11:43:22.0135 4292 1394ohci - ok
11:43:22.0244 4292 ACPI (cea80c80bed809aa0da6febc04733349) C:\Windows\system32\drivers\ACPI.sys
11:43:22.0268 4292 ACPI - ok
11:43:22.0337 4292 AcpiPmi (1efbc664abff416d1d07db115dcb264f) C:\Windows\system32\drivers\acpipmi.sys
11:43:22.0354 4292 AcpiPmi - ok
11:43:22.0468 4292 AdobeARMservice (11a52cf7b265631deeb24c6149309eff) C:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe
11:43:22.0489 4292 AdobeARMservice - ok
11:43:22.0669 4292 adp94xx (21e785ebd7dc90a06391141aac7892fb) C:\Windows\system32\DRIVERS\adp94xx.sys
11:43:22.0710 4292 adp94xx - ok
11:43:22.0754 4292 adpahci (0c676bc278d5b59ff5abd57bbe9123f2) C:\Windows\system32\DRIVERS\adpahci.sys
11:43:22.0788 4292 adpahci - ok
11:43:22.0816 4292 adpu320 (7c7b5ee4b7b822ec85321fe23a27db33) C:\Windows\system32\DRIVERS\adpu320.sys
11:43:22.0842 4292 adpu320 - ok
11:43:22.0886 4292 AeLookupSvc (8b5eefeec1e6d1a72a06c526628ad161) C:\Windows\System32\aelupsvc.dll
11:43:22.0888 4292 AeLookupSvc - ok
11:43:22.0959 4292 AFD (9ebbba55060f786f0fcaa3893bfa2806) C:\Windows\system32\drivers\afd.sys
11:43:23.0006 4292 AFD - ok
11:43:23.0062 4292 agp440 (507812c3054c21cef746b6ee3d04dd6e) C:\Windows\system32\drivers\agp440.sys
11:43:23.0069 4292 agp440 - ok
11:43:23.0116 4292 aic78xx (8b30250d573a8f6b4bd23195160d8707) C:\Windows\system32\DRIVERS\djsvs.sys
11:43:23.0128 4292 aic78xx - ok
11:43:23.0336 4292 Akamai (1125c7d9fb8898015829c387c1bc87c7) c:\program files\common files\akamai/netsession_win_6c825ce.dll
11:43:23.0337 4292 Suspicious file (Hidden): c:\program files\common files\akamai/netsession_win_6c825ce.dll. md5: 1125c7d9fb8898015829c387c1bc87c7
11:43:23.0350 4292 Akamai ( HiddenFile.Multi.Generic ) - warning
11:43:23.0350 4292 Akamai - detected HiddenFile.Multi.Generic (1)
11:43:23.0438 4292 ALG (18a54e132947cd98fea9accc57f98f13) C:\Windows\System32\alg.exe
11:43:23.0452 4292 ALG - ok
11:43:23.0527 4292 aliide (0d40bcf52ea90fc7df2aeab6503dea44) C:\Windows\system32\drivers\aliide.sys
11:43:23.0536 4292 aliide - ok
11:43:23.0564 4292 amdagp (3c6600a0696e90a463771c7422e23ab5) C:\Windows\system32\drivers\amdagp.sys
11:43:23.0575 4292 amdagp - ok
11:43:23.0599 4292 amdide (cd5914170297126b6266860198d1d4f0) C:\Windows\system32\drivers\amdide.sys
11:43:23.0607 4292 amdide - ok
11:43:23.0655 4292 AmdK8 (00dda200d71bac534bf56a9db5dfd666) C:\Windows\system32\DRIVERS\amdk8.sys
11:43:23.0668 4292 AmdK8 - ok
11:43:23.0722 4292 AmdPPM (3cbf30f5370fda40dd3e87df38ea53b6) C:\Windows\system32\DRIVERS\amdppm.sys
11:43:23.0734 4292 AmdPPM - ok
11:43:23.0778 4292 amdsata (d320bf87125326f996d4904fe24300fc) C:\Windows\system32\drivers\amdsata.sys
11:43:23.0792 4292 amdsata - ok
11:43:23.0834 4292 amdsbs (ea43af0c423ff267355f74e7a53bdaba) C:\Windows\system32\DRIVERS\amdsbs.sys
11:43:23.0850 4292 amdsbs - ok
11:43:23.0873 4292 amdxata (46387fb17b086d16dea267d5be23a2f2) C:\Windows\system32\drivers\amdxata.sys
11:43:23.0883 4292 amdxata - ok
11:43:23.0977 4292 AntiVirSchedulerService (c27d46b06d340293670450fce9dfb166) C:\Program Files\Avira\AntiVir Desktop\sched.exe
11:43:23.0979 4292 AntiVirSchedulerService - ok
11:43:24.0021 4292 AntiVirService (72d90e56563165984224493069c69ed4) C:\Program Files\Avira\AntiVir Desktop\avguard.exe
11:43:24.0025 4292 AntiVirService - ok
11:43:24.0151 4292 AppID (aea177f783e20150ace5383ee368da19) C:\Windows\system32\drivers\appid.sys
11:43:24.0161 4292 AppID - ok
11:43:24.0210 4292 AppIDSvc (62a9c86cb6085e20db4823e4e97826f5) C:\Windows\System32\appidsvc.dll
11:43:24.0221 4292 AppIDSvc - ok
11:43:24.0257 4292 Appinfo (fb1959012294d6ad43e5304df65e3c26) C:\Windows\System32\appinfo.dll
11:43:24.0269 4292 Appinfo - ok
11:43:24.0361 4292 Apple Mobile Device (3debbecf665dcdde3a95d9b902010817) C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
11:43:24.0374 4292 Apple Mobile Device - ok
11:43:24.0451 4292 AppMgmt (a45d184df6a8803da13a0b329517a64a) C:\Windows\System32\appmgmts.dll
11:43:24.0454 4292 AppMgmt - ok
11:43:24.0536 4292 arc (2932004f49677bd84dbc72edb754ffb3) C:\Windows\system32\DRIVERS\arc.sys
11:43:24.0550 4292 arc - ok
11:43:24.0571 4292 arcsas (5d6f36c46fd283ae1b57bd2e9feb0bc7) C:\Windows\system32\DRIVERS\arcsas.sys
11:43:24.0585 4292 arcsas - ok
11:43:24.0673 4292 AsyncMac (add2ade1c2b285ab8378d2daaf991481) C:\Windows\system32\DRIVERS\asyncmac.sys
11:43:24.0681 4292 AsyncMac - ok
11:43:24.0720 4292 atapi (338c86357871c167a96ab976519bf59e) C:\Windows\system32\drivers\atapi.sys
11:43:24.0721 4292 atapi - ok
11:43:24.0781 4292 Ati External Event Utility (c74d9a831b523ef5a66f4f13b2ddea2e) C:\Windows\system32\Ati2evxx.exe
11:43:24.0790 4292 Ati External Event Utility - ok
11:43:24.0931 4292 atikmdag (184e2b47542badbe5ca606f0fc9a90cc) C:\Windows\system32\DRIVERS\atikmdag.sys
11:43:25.0053 4292 atikmdag - ok
11:43:25.0170 4292 AudioEndpointBuilder (ce3b4e731638d2ef62fcb419be0d39f0) C:\Windows\System32\Audiosrv.dll
11:43:25.0186 4292 AudioEndpointBuilder - ok
11:43:25.0211 4292 Audiosrv (ce3b4e731638d2ef62fcb419be0d39f0) C:\Windows\System32\Audiosrv.dll
11:43:25.0219 4292 Audiosrv - ok
11:43:25.0275 4292 avgntflt (1e4114685de1ffa9675e09c6a1fb3f4b) C:\Windows\system32\DRIVERS\avgntflt.sys
11:43:25.0288 4292 avgntflt - ok
11:43:25.0325 4292 avipbb (0f78d3dae6dedd99ae54c9491c62adf2) C:\Windows\system32\DRIVERS\avipbb.sys
11:43:25.0343 4292 avipbb - ok
11:43:25.0392 4292 AxInstSV (6e30d02aac9cac84f421622e3a2f6178) C:\Windows\System32\AxInstSV.dll
11:43:25.0407 4292 AxInstSV - ok
11:43:25.0488 4292 b06bdrv (1a231abec60fd316ec54c66715543cec) C:\Windows\system32\DRIVERS\bxvbdx.sys
11:43:25.0530 4292 b06bdrv - ok
11:43:25.0586 4292 b57nd60x (bd8869eb9cde6bbe4508d869929869ee) C:\Windows\system32\DRIVERS\b57nd60x.sys
11:43:25.0610 4292 b57nd60x - ok
11:43:25.0686 4292 bcm4sbxp (82dd21bfa8bbe0a3a3833a1bd8e86158) C:\Windows\system32\DRIVERS\bcm4sbxp.sys
11:43:25.0696 4292 bcm4sbxp - ok
11:43:25.0752 4292 BDESVC (ee1e9c3bb8228ae423dd38db69128e71) C:\Windows\System32\bdesvc.dll
11:43:25.0767 4292 BDESVC - ok
11:43:25.0820 4292 Beep (505506526a9d467307b3c393dedaf858) C:\Windows\system32\drivers\Beep.sys
11:43:25.0822 4292 Beep - ok
11:43:25.0896 4292 BFE (1e2bac209d184bb851e1a187d8a29136) C:\Windows\System32\bfe.dll
11:43:25.0907 4292 BFE - ok
11:43:25.0961 4292 BITS (e585445d5021971fae10393f0f1c3961) C:\Windows\system32\qmgr.dll
11:43:25.0985 4292 BITS - ok
11:43:26.0041 4292 blbdrive (2287078ed48fcfc477b05b20cf38f36f) C:\Windows\system32\DRIVERS\blbdrive.sys
11:43:26.0051 4292 blbdrive - ok
11:43:26.0148 4292 Bonjour Service (db5bea73edaf19ac68b2c0fad0f92b1a) C:\Program Files\Bonjour\mDNSResponder.exe
11:43:26.0156 4292 Bonjour Service - ok
11:43:26.0271 4292 bowser (8f2da3028d5fcbd1a060a3de64cd6506) C:\Windows\system32\DRIVERS\bowser.sys
11:43:26.0283 4292 bowser - ok
11:43:26.0326 4292 BrFiltLo (9f9acc7f7ccde8a15c282d3f88b43309) C:\Windows\system32\DRIVERS\BrFiltLo.sys
11:43:26.0333 4292 BrFiltLo - ok
11:43:26.0361 4292 BrFiltUp (56801ad62213a41f6497f96dee83755a) C:\Windows\system32\DRIVERS\BrFiltUp.sys
11:43:26.0367 4292 BrFiltUp - ok
11:43:26.0433 4292 BridgeMP (77361d72a04f18809d0efb6cceb74d4b) C:\Windows\system32\DRIVERS\bridge.sys
11:43:26.0446 4292 BridgeMP - ok
11:43:26.0520 4292 Browser (6e11f33d14d020f58d5e02e4d67dfa19) C:\Windows\System32\browser.dll
11:43:26.0534 4292 Browser - ok
11:43:26.0604 4292 Brserid (845b8ce732e67f3b4133164868c666ea) C:\Windows\System32\Drivers\Brserid.sys
11:43:26.0631 4292 Brserid - ok
11:43:26.0662 4292 BrSerWdm (203f0b1e73adadbbb7b7b1fabd901f6b) C:\Windows\System32\Drivers\BrSerWdm.sys
11:43:26.0673 4292 BrSerWdm - ok
11:43:26.0711 4292 BrUsbMdm (bd456606156ba17e60a04e18016ae54b) C:\Windows\System32\Drivers\BrUsbMdm.sys
11:43:26.0718 4292 BrUsbMdm - ok
11:43:26.0752 4292 BrUsbSer (af72ed54503f717a43268b3cc5faec2e) C:\Windows\System32\Drivers\BrUsbSer.sys
11:43:26.0760 4292 BrUsbSer - ok
11:43:26.0829 4292 BthEnum (2865a5c8e98c70c605f417908cebb3a4) C:\Windows\system32\drivers\BthEnum.sys
11:43:26.0838 4292 BthEnum - ok
11:43:26.0878 4292 BTHMODEM (ed3df7c56ce0084eb2034432fc56565a) C:\Windows\system32\DRIVERS\bthmodem.sys
11:43:26.0889 4292 BTHMODEM - ok
11:43:26.0940 4292 BthPan (ad1872e5829e8a2c3b5b4b641c3eab0e) C:\Windows\system32\DRIVERS\bthpan.sys
11:43:26.0953 4292 BthPan - ok
11:43:27.0019 4292 BTHPORT (c2fbf6d271d9a94d839c416bf186ead9) C:\Windows\System32\Drivers\BTHport.sys
11:43:27.0060 4292 BTHPORT - ok
11:43:27.0121 4292 bthserv (1df19c96eef6c29d1c3e1a8678e07190) C:\Windows\system32\bthserv.dll
11:43:27.0123 4292 bthserv - ok
11:43:27.0174 4292 BTHUSB (c81e9413a25a439f436b1d4b6a0cf9e9) C:\Windows\System32\Drivers\BTHUSB.sys
11:43:27.0186 4292 BTHUSB - ok
11:43:27.0307 4292 catchme - ok
11:43:27.0425 4292 cdfs (77ea11b065e0a8ab902d78145ca51e10) C:\Windows\system32\DRIVERS\cdfs.sys
11:43:27.0439 4292 cdfs - ok
11:43:27.0500 4292 cdrom (be167ed0fdb9c1fa1133953c18d5a6c9) C:\Windows\system32\DRIVERS\cdrom.sys
11:43:27.0503 4292 cdrom - ok
11:43:27.0565 4292 CertPropSvc (319c6b309773d063541d01df8ac6f55f) C:\Windows\System32\certprop.dll
11:43:27.0567 4292 CertPropSvc - ok
11:43:27.0629 4292 circlass (3fe3fe94a34df6fb06e6418d0f6a0060) C:\Windows\system32\DRIVERS\circlass.sys
11:43:27.0641 4292 circlass - ok
11:43:27.0699 4292 CLFS (635181e0e9bbf16871bf5380d71db02d) C:\Windows\system32\CLFS.sys
11:43:27.0726 4292 CLFS - ok
11:43:27.0777 4292 clr_optimization_v2.0.50727_32 (d88040f816fda31c3b466f0fa0918f29) C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe
11:43:27.0796 4292 clr_optimization_v2.0.50727_32 - ok
11:43:27.0855 4292 clr_optimization_v4.0.30319_32 (c5a75eb48e2344abdc162bda79e16841) C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe
11:43:27.0857 4292 clr_optimization_v4.0.30319_32 - ok
11:43:27.0917 4292 CmBatt (dea805815e587dad1dd2c502220b5616) C:\Windows\system32\DRIVERS\CmBatt.sys
11:43:27.0924 4292 CmBatt - ok
11:43:27.0960 4292 cmdide (c537b1db64d495b9b4717b4d6d9edbf2) C:\Windows\system32\drivers\cmdide.sys
11:43:27.0969 4292 cmdide - ok
11:43:28.0015 4292 CNG (6427525d76f61d0c519b008d3680e8e7) C:\Windows\system32\Drivers\cng.sys
11:43:28.0048 4292 CNG - ok
11:43:28.0099 4292 Compbatt (a6023d3823c37043986713f118a89bee) C:\Windows\system32\DRIVERS\compbatt.sys
11:43:28.0109 4292 Compbatt - ok
11:43:28.0147 4292 CompositeBus (cbe8c58a8579cfe5fccf809e6f114e89) C:\Windows\system32\drivers\CompositeBus.sys
11:43:28.0158 4292 CompositeBus - ok
11:43:28.0185 4292 COMSysApp - ok
11:43:28.0245 4292 crcdisk (2c4ebcfc84a9b44f209dff6c6e6c61d1) C:\Windows\system32\DRIVERS\crcdisk.sys
11:43:28.0255 4292 crcdisk - ok
11:43:28.0311 4292 CryptSvc (a585bebf7d054bd9618eda0922d5484a) C:\Windows\system32\cryptsvc.dll
11:43:28.0327 4292 CryptSvc - ok
11:43:28.0396 4292 CSC (3c2177a897b4ca2788c6fb0c3fd81d4b) C:\Windows\system32\drivers\csc.sys
11:43:28.0432 4292 CSC - ok
11:43:28.0487 4292 CscService (15f93b37f6801943360d9eb42485d5d3) C:\Windows\System32\cscsvc.dll
11:43:28.0509 4292 CscService - ok
11:43:28.0573 4292 DcomLaunch (7660f01d3b38aca1747e397d21d790af) C:\Windows\system32\rpcss.dll
11:43:28.0586 4292 DcomLaunch - ok
11:43:28.0634 4292 defragsvc (8d6e10a2d9a5eed59562d9b82cf804e1) C:\Windows\System32\defragsvc.dll
11:43:28.0667 4292 defragsvc - ok
11:43:28.0759 4292 DfsC (f024449c97ec1e464aaffda18593db88) C:\Windows\system32\Drivers\dfsc.sys
11:43:28.0771 4292 DfsC - ok
11:43:28.0844 4292 Dhcp (e9e01eb683c132f7fa27cd607b8a2b63) C:\Windows\system32\dhcpcore.dll
11:43:28.0885 4292 Dhcp - ok
11:43:28.0941 4292 discache (1a050b0274bfb3890703d490f330c0da) C:\Windows\system32\drivers\discache.sys
11:43:28.0950 4292 discache - ok
11:43:28.0998 4292 Disk (565003f326f99802e68ca78f2a68e9ff) C:\Windows\system32\DRIVERS\disk.sys
11:43:29.0012 4292 Disk - ok
11:43:29.0057 4292 Dnscache (33ef4861f19a0736b11314aad9ae28d0) C:\Windows\System32\dnsrslvr.dll
11:43:29.0069 4292 Dnscache - ok
11:43:29.0130 4292 dot3svc (366ba8fb4b7bb7435e3b9eacb3843f67) C:\Windows\System32\dot3svc.dll
11:43:29.0154 4292 dot3svc - ok
11:43:29.0184 4292 DPS (8ec04ca86f1d68da9e11952eb85973d6) C:\Windows\system32\dps.dll
11:43:29.0187 4292 DPS - ok
11:43:29.0224 4292 drmkaud (b918e7c5f9bf77202f89e1a9539f2eb4) C:\Windows\system32\drivers\drmkaud.sys
11:43:29.0228 4292 drmkaud - ok
11:43:29.0277 4292 dtsoftbus01 (fb38473835476a6fb272215a1d972af9) C:\Windows\system32\DRIVERS\dtsoftbus01.sys
11:43:29.0299 4292 dtsoftbus01 - ok
11:43:29.0350 4292 DXGKrnl (23f5d28378a160352ba8f817bd8c71cb) C:\Windows\System32\drivers\dxgkrnl.sys
11:43:29.0436 4292 DXGKrnl - ok
11:43:29.0495 4292 EapHost (8600142fa91c1b96367d3300ad0f3f3a) C:\Windows\System32\eapsvc.dll
11:43:29.0511 4292 EapHost - ok
11:43:29.0695 4292 ebdrv (024e1b5cac09731e4d868e64dbfb4ab0) C:\Windows\system32\DRIVERS\evbdx.sys
11:43:29.0832 4292 ebdrv - ok
11:43:29.0908 4292 EFS (81951f51e318aecc2d68559e47485cc4) C:\Windows\System32\lsass.exe
11:43:29.0920 4292 EFS - ok
11:43:29.0981 4292 ehRecvr (a8c362018efc87beb013ee28f29c0863) C:\Windows\ehome\ehRecvr.exe
11:43:30.0015 4292 ehRecvr - ok
11:43:30.0045 4292 ehSched (d389bff34f80caede417bf9d1507996a) C:\Windows\ehome\ehsched.exe
11:43:30.0061 4292 ehSched - ok
11:43:30.0153 4292 elxstor (0ed67910c8c326796faa00b2bf6d9d3c) C:\Windows\system32\DRIVERS\elxstor.sys
11:43:30.0194 4292 elxstor - ok
11:43:30.0224 4292 ErrDev (8fc3208352dd3912c94367a206ab3f11) C:\Windows\system32\drivers\errdev.sys
11:43:30.0231 4292 ErrDev - ok
11:43:30.0307 4292 EventSystem (f6916efc29d9953d5d0df06882ae8e16) C:\Windows\system32\es.dll
11:43:30.0343 4292 EventSystem - ok
11:43:30.0384 4292 exfat (2dc9108d74081149cc8b651d3a26207f) C:\Windows\system32\drivers\exfat.sys
11:43:30.0402 4292 exfat - ok
11:43:30.0451 4292 fastfat (7e0ab74553476622fb6ae36f73d97d35) C:\Windows\system32\drivers\fastfat.sys
11:43:30.0466 4292 fastfat - ok
11:43:30.0537 4292 Fax (967ea5b213e9984cbe270205df37755b) C:\Windows\system32\fxssvc.exe
11:43:30.0578 4292 Fax - ok
11:43:30.0612 4292 fdc (e817a017f82df2a1f8cfdbda29388b29) C:\Windows\system32\DRIVERS\fdc.sys
11:43:30.0621 4292 fdc - ok
11:43:30.0655 4292 fdPHost (f3222c893bd2f5821a0179e5c71e88fb) C:\Windows\system32\fdPHost.dll
11:43:30.0658 4292 fdPHost - ok
11:43:30.0676 4292 FDResPub (7dbe8cbfe79efbdeb98c9fb08d3a9a5b) C:\Windows\system32\fdrespub.dll
11:43:30.0681 4292 FDResPub - ok
11:43:30.0701 4292 FileInfo (6cf00369c97f3cf563be99be983d13d8) C:\Windows\system32\drivers\fileinfo.sys
11:43:30.0713 4292 FileInfo - ok
11:43:30.0749 4292 Filetrace (42c51dc94c91da21cb9196eb64c45db9) C:\Windows\system32\drivers\filetrace.sys
11:43:30.0759 4292 Filetrace - ok
11:43:30.0788 4292 flpydisk (87907aa70cb3c56600f1c2fb8841579b) C:\Windows\system32\DRIVERS\flpydisk.sys
11:43:30.0796 4292 flpydisk - ok
11:43:30.0880 4292 FltMgr (7520ec808e0c35e0ee6f841294316653) C:\Windows\system32\drivers\fltmgr.sys
11:43:30.0901 4292 FltMgr - ok
11:43:30.0966 4292 FontCache (b3a5ec6b6b6673db7e87c2bcdbddc074) C:\Windows\system32\FntCache.dll
11:43:31.0032 4292 FontCache - ok
11:43:31.0131 4292 FontCache3.0.0.0 (e56f39f6b7fda0ac77a79b0fd3de1a2f) C:\Windows\Microsoft.Net\Framework\v3.0\WPF\PresentationFontCache.exe
11:43:31.0143 4292 FontCache3.0.0.0 - ok
11:43:31.0207 4292 FsDepends (1a16b57943853e598cff37fe2b8cbf1d) C:\Windows\system32\drivers\FsDepends.sys
11:43:31.0222 4292 FsDepends - ok
11:43:31.0250 4292 Fs_Rec (a574b4360e438977038aae4bf60d79a2) C:\Windows\system32\drivers\Fs_Rec.sys
11:43:31.0266 4292 Fs_Rec - ok
11:43:31.0317 4292 fvevol (8a73e79089b282100b9393b644cb853b) C:\Windows\system32\DRIVERS\fvevol.sys
11:43:31.0339 4292 fvevol - ok
11:43:31.0393 4292 gagp30kx (65ee0c7a58b65e74ae05637418153938) C:\Windows\system32\DRIVERS\gagp30kx.sys
11:43:31.0406 4292 gagp30kx - ok
11:43:31.0468 4292 GEARAspiWDM (8182ff89c65e4d38b2de4bb0fb18564e) C:\Windows\system32\DRIVERS\GEARAspiWDM.sys
11:43:31.0477 4292 GEARAspiWDM - ok
11:43:31.0538 4292 gpsvc (e897eaf5ed6ba41e081060c9b447a673) C:\Windows\System32\gpsvc.dll
11:43:31.0548 4292 gpsvc - ok
11:43:31.0648 4292 gupdate (f02a533f517eb38333cb12a9e8963773) C:\Program Files\Google\Update\GoogleUpdate.exe
11:43:31.0651 4292 gupdate - ok
11:43:31.0692 4292 gupdatem (f02a533f517eb38333cb12a9e8963773) C:\Program Files\Google\Update\GoogleUpdate.exe
11:43:31.0695 4292 gupdatem - ok
11:43:31.0794 4292 hcw85cir (c44e3c2bab6837db337ddee7544736db) C:\Windows\system32\drivers\hcw85cir.sys
11:43:31.0804 4292 hcw85cir - ok
11:43:31.0886 4292 HdAudAddService (a5ef29d5315111c80a5c1abad14c8972) C:\Windows\system32\drivers\HdAudio.sys
11:43:31.0910 4292 HdAudAddService - ok
11:43:31.0949 4292 HDAudBus (9036377b8a6c15dc2eec53e489d159b5) C:\Windows\system32\drivers\HDAudBus.sys
11:43:31.0964 4292 HDAudBus - ok
11:43:32.0011 4292 HidBatt (1d58a7f3e11a9731d0eaaaa8405acc36) C:\Windows\system32\DRIVERS\HidBatt.sys
11:43:32.0019 4292 HidBatt - ok
11:43:32.0059 4292 HidBth (89448f40e6df260c206a193a4683ba78) C:\Windows\system32\DRIVERS\hidbth.sys
11:43:32.0072 4292 HidBth - ok
11:43:32.0128 4292 HidIr (cf50b4cf4a4f229b9f3c08351f99ca5e) C:\Windows\system32\DRIVERS\hidir.sys
11:43:32.0138 4292 HidIr - ok
11:43:32.0187 4292 hidserv (2bc6f6a1992b3a77f5f41432ca6b3b6b) C:\Windows\System32\hidserv.dll
11:43:32.0200 4292 hidserv - ok
11:43:32.0258 4292 HidUsb (10c19f8290891af023eaec0832e1eb4d) C:\Windows\system32\DRIVERS\hidusb.sys
11:43:32.0266 4292 HidUsb - ok
11:43:32.0306 4292 hkmsvc (196b4e3f4cccc24af836ce58facbb699) C:\Windows\system32\kmsvc.dll
11:43:32.0308 4292 hkmsvc - ok
11:43:32.0344 4292 HomeGroupListener (6658f4404de03d75fe3ba09f7aba6a30) C:\Windows\system32\ListSvc.dll
11:43:32.0368 4292 HomeGroupListener - ok
11:43:32.0413 4292 HomeGroupProvider (dbc02d918fff1cad628acbe0c0eaa8e8) C:\Windows\system32\provsvc.dll
11:43:32.0421 4292 HomeGroupProvider - ok
11:43:32.0522 4292 hpqcxs08 (1dae5c46d42b02a6d5862e1482efb390) C:\Program Files\HP\Digital Imaging\bin\hpqcxs08.dll
11:43:32.0527 4292 hpqcxs08 - ok
11:43:32.0555 4292 hpqddsvc (99e8eef42fe2f4af29b08c3355dd7685) C:\Program Files\HP\Digital Imaging\bin\hpqddsvc.dll
11:43:32.0558 4292 hpqddsvc - ok
11:43:32.0669 4292 HpSAMD (295fdc419039090eb8b49ffdbb374549) C:\Windows\system32\drivers\HpSAMD.sys
11:43:32.0682 4292 HpSAMD - ok
11:43:32.0786 4292 HPSLPSVC (79737e0f7d25de8405cb34d4c9882253) C:\Program Files\HP\Digital Imaging\bin\HPSLPSVC32.DLL
11:43:32.0811 4292 HPSLPSVC - ok
11:43:32.0931 4292 HTTP (871917b07a141bff43d76d8844d48106) C:\Windows\system32\drivers\HTTP.sys
11:43:32.0979 4292 HTTP - ok
11:43:33.0015 4292 hwpolicy (0c4e035c7f105f1299258c90886c64c5) C:\Windows\system32\drivers\hwpolicy.sys
11:43:33.0023 4292 hwpolicy - ok
11:43:33.0090 4292 i8042prt (f151f0bdc47f4a28b1b20a0818ea36d6) C:\Windows\system32\drivers\i8042prt.sys
11:43:33.0104 4292 i8042prt - ok
11:43:33.0152 4292 iaStorV (5cd5f9a5444e6cdcb0ac89bd62d8b76e) C:\Windows\system32\drivers\iaStorV.sys
11:43:33.0193 4292 iaStorV - ok
11:43:33.0266 4292 idsvc (c521d7eb6497bb1af6afa89e322fb43c) C:\Windows\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\infocard.exe
11:43:33.0348 4292 idsvc - ok
11:43:33.0422 4292 iirsp (4173ff5708f3236cf25195fecd742915) C:\Windows\system32\DRIVERS\iirsp.sys
11:43:33.0434 4292 iirsp - ok
11:43:33.0505 4292 IKEEXT (f95622f161474511b8d80d6b093aa610) C:\Windows\System32\ikeext.dll
11:43:33.0530 4292 IKEEXT - ok
11:43:33.0605 4292 intelide (a0f12f2c9ba6c72f3987ce780e77c130) C:\Windows\system32\drivers\intelide.sys
11:43:33.0614 4292 intelide - ok
11:43:33.0692 4292 intelppm (3b514d27bfc4accb4037bc6685f766e0) C:\Windows\system32\DRIVERS\intelppm.sys
11:43:33.0704 4292 intelppm - ok
11:43:33.0753 4292 IPBusEnum (acb364b9075a45c0736e5c47be5cae19) C:\Windows\system32\ipbusenum.dll
11:43:33.0757 4292 IPBusEnum - ok
11:43:33.0795 4292 IpFilterDriver (709d1761d3b19a932ff0238ea6d50200) C:\Windows\system32\DRIVERS\ipfltdrv.sys
11:43:33.0806 4292 IpFilterDriver - ok
11:43:33.0897 4292 iphlpsvc (4d65a07b795d6674312f879d09aa7663) C:\Windows\System32\iphlpsvc.dll
11:43:33.0913 4292 iphlpsvc - ok
11:43:33.0956 4292 IPMIDRV (4bd7134618c1d2a27466a099062547bf) C:\Windows\system32\drivers\IPMIDrv.sys
11:43:33.0969 4292 IPMIDRV - ok
11:43:34.0030 4292 IPNAT (a5fa468d67abcdaa36264e463a7bb0cd) C:\Windows\system32\drivers\ipnat.sys
11:43:34.0044 4292 IPNAT - ok
11:43:34.0134 4292 iPod Service (49918803b661367023bf325cf602afdc) C:\Program Files\iPod\bin\iPodService.exe
11:43:34.0152 4292 iPod Service - ok
11:43:34.0250 4292 IRENUM (42996cff20a3084a56017b7902307e9f) C:\Windows\system32\drivers\irenum.sys
11:43:34.0257 4292 IRENUM - ok
11:43:34.0321 4292 isapnp (1f32bb6b38f62f7df1a7ab7292638a35) C:\Windows\system32\drivers\isapnp.sys
11:43:34.0333 4292 isapnp - ok
11:43:34.0372 4292 iScsiPrt (cb7a9abb12b8415bce5d74994c7ba3ae) C:\Windows\system32\drivers\msiscsi.sys
11:43:34.0412 4292 iScsiPrt - ok
11:43:34.0508 4292 ivusb (994ebb45c4b438e1f6ea0b958ae9b9a3) C:\Windows\system32\DRIVERS\ivusb.sys
11:43:34.0519 4292 ivusb - ok
11:43:34.0583 4292 kbdclass (adef52ca1aeae82b50df86b56413107e) C:\Windows\system32\DRIVERS\kbdclass.sys
11:43:34.0595 4292 kbdclass - ok
11:43:34.0667 4292 kbdhid (9e3ced91863e6ee98c24794d05e27a71) C:\Windows\system32\DRIVERS\kbdhid.sys
11:43:34.0676 4292 kbdhid - ok
11:43:34.0706 4292 KeyIso (81951f51e318aecc2d68559e47485cc4) C:\Windows\system32\lsass.exe
11:43:34.0710 4292 KeyIso - ok
11:43:34.0741 4292 KSecDD (f4647bb23db9038a7536cf6b68f4207f) C:\Windows\system32\Drivers\ksecdd.sys
11:43:34.0754 4292 KSecDD - ok
11:43:34.0799 4292 KSecPkg (e73cae53bbb72ba26918492c6b4c229d) C:\Windows\system32\Drivers\ksecpkg.sys
11:43:34.0817 4292 KSecPkg - ok
11:43:34.0863 4292 KtmRm (89a7b9cc98d0d80c6f31b91c0a310fcd) C:\Windows\system32\msdtckrm.dll
11:43:34.0896 4292 KtmRm - ok
11:43:34.0947 4292 LanmanServer (d64af876d53eca3668bb97b51b4e70ab) C:\Windows\System32\srvsvc.dll
11:43:34.0955 4292 LanmanServer - ok
11:43:34.0994 4292 LanmanWorkstation (58405e4f68ba8e4057c6e914f326aba2) C:\Windows\System32\wkssvc.dll
11:43:35.0013 4292 LanmanWorkstation - ok
11:43:35.0117 4292 lltdio (f7611ec07349979da9b0ae1f18ccc7a6) C:\Windows\system32\DRIVERS\lltdio.sys
11:43:35.0128 4292 lltdio - ok
11:43:35.0181 4292 lltdsvc (5700673e13a2117fa3b9020c852c01e2) C:\Windows\System32\lltdsvc.dll
11:43:35.0206 4292 lltdsvc - ok
11:43:35.0226 4292 lmhosts (55ca01ba19d0006c8f2639b6c045e08b) C:\Windows\System32\lmhsvc.dll
11:43:35.0237 4292 lmhosts - ok
11:43:35.0294 4292 LSI_FC (eb119a53ccf2acc000ac71b065b78fef) C:\Windows\system32\DRIVERS\lsi_fc.sys
11:43:35.0315 4292 LSI_FC - ok
11:43:35.0349 4292 LSI_SAS (8ade1c877256a22e49b75d1cc9161f9c) C:\Windows\system32\DRIVERS\lsi_sas.sys
11:43:35.0358 4292 LSI_SAS - ok
11:43:35.0403 4292 LSI_SAS2 (dc9dc3d3daa0e276fd2ec262e38b11e9) C:\Windows\system32\DRIVERS\lsi_sas2.sys
11:43:35.0411 4292 LSI_SAS2 - ok
11:43:35.0432 4292 LSI_SCSI (0a036c7d7cab643a7f07135ac47e0524) C:\Windows\system32\DRIVERS\lsi_scsi.sys
11:43:35.0440 4292 LSI_SCSI - ok
11:43:35.0481 4292 luafv (6703e366cc18d3b6e534f5cf7df39cee) C:\Windows\system32\drivers\luafv.sys
11:43:35.0495 4292 luafv - ok
11:43:35.0544 4292 MBAMProtector (b7ca8cc3f978201856b6ab82f40953c3) C:\Windows\system32\drivers\mbam.sys
11:43:35.0553 4292 MBAMProtector - ok
11:43:35.0614 4292 MBAMService (056b19651bd7b7ce5f89a3ac46dbdc08) C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe
11:43:35.0622 4292 MBAMService - ok
11:43:35.0700 4292 Mcx2Svc (bfb9ee8ee977efe85d1a3105abef6dd1) C:\Windows\system32\Mcx2Svc.dll
11:43:35.0717 4292 Mcx2Svc - ok
11:43:35.0781 4292 megasas (0fff5b045293002ab38eb1fd1fc2fb74) C:\Windows\system32\DRIVERS\megasas.sys
11:43:35.0793 4292 megasas - ok
11:43:35.0839 4292 MegaSR (dcbab2920c75f390caf1d29f675d03d6) C:\Windows\system32\DRIVERS\MegaSR.sys
11:43:35.0871 4292 MegaSR - ok
11:43:35.0943 4292 Microsoft SharePoint Workspace Audit Service - ok
11:43:36.0035 4292 MMCSS (146b6f43a673379a3c670e86d89be5ea) C:\Windows\system32\mmcss.dll
11:43:36.0040 4292 MMCSS - ok
11:43:36.0087 4292 Modem (f001861e5700ee84e2d4e52c712f4964) C:\Windows\system32\drivers\modem.sys
11:43:36.0089 4292 Modem - ok
11:43:36.0118 4292 monitor (79d10964de86b292320e9dfe02282a23) C:\Windows\system32\DRIVERS\monitor.sys
11:43:36.0119 4292 monitor - ok
11:43:36.0170 4292 mouclass (fb18cc1d4c2e716b6b903b0ac0cc0609) C:\Windows\system32\DRIVERS\mouclass.sys
11:43:36.0182 4292 mouclass - ok
11:43:36.0234 4292 mouhid (2c388d2cd01c9042596cf3c8f3c7b24d) C:\Windows\system32\DRIVERS\mouhid.sys
11:43:36.0243 4292 mouhid - ok
11:43:36.0286 4292 mountmgr (fc8771f45ecccfd89684e38842539b9b) C:\Windows\system32\drivers\mountmgr.sys
11:43:36.0300 4292 mountmgr - ok
11:43:36.0338 4292 mpio (2d699fb6e89ce0d8da14ecc03b3edfe0) C:\Windows\system32\drivers\mpio.sys
11:43:36.0356 4292 mpio - ok
11:43:36.0405 4292 mpsdrv (ad2723a7b53dd1aacae6ad8c0bfbf4d0) C:\Windows\system32\drivers\mpsdrv.sys
11:43:36.0417 4292 mpsdrv - ok
11:43:36.0470 4292 MpsSvc (9835584e999d25004e1ee8e5f3e3b881) C:\Windows\system32\mpssvc.dll
11:43:36.0519 4292 MpsSvc - ok
11:43:36.0567 4292 MRxDAV (ceb46ab7c01c9f825f8cc6babc18166a) C:\Windows\system32\drivers\mrxdav.sys
11:43:36.0583 4292 MRxDAV - ok
11:43:36.0662 4292 mrxsmb (5d16c921e3671636c0eba3bbaac5fd25) C:\Windows\system32\DRIVERS\mrxsmb.sys
11:43:36.0678 4292 mrxsmb - ok
11:43:36.0717 4292 mrxsmb10 (6d17a4791aca19328c685d256349fefc) C:\Windows\system32\DRIVERS\mrxsmb10.sys
11:43:36.0737 4292 mrxsmb10 - ok
11:43:36.0786 4292 mrxsmb20 (b81f204d146000be76651a50670a5e9e) C:\Windows\system32\DRIVERS\mrxsmb20.sys
11:43:36.0799 4292 mrxsmb20 - ok
11:43:36.0868 4292 msahci (012c5f4e9349e711e11e0f19a8589f0a) C:\Windows\system32\drivers\msahci.sys
11:43:36.0878 4292 msahci - ok
11:43:36.0917 4292 msdsm (55055f8ad8be27a64c831322a780a228) C:\Windows\system32\drivers\msdsm.sys
11:43:36.0935 4292 msdsm - ok
11:43:36.0990 4292 MSDTC (e1bce74a3bd9902b72599c0192a07e27) C:\Windows\System32\msdtc.exe
11:43:37.0018 4292 MSDTC - ok
11:43:37.0095 4292 Msfs (daefb28e3af5a76abcc2c3078c07327f) C:\Windows\system32\drivers\Msfs.sys
11:43:37.0103 4292 Msfs - ok
11:43:37.0136 4292 mshidkmdf (3e1e5767043c5af9367f0056295e9f84) C:\Windows\System32\drivers\mshidkmdf.sys
11:43:37.0142 4292 mshidkmdf - ok
11:43:37.0183 4292 msisadrv (0a4e5757ae09fa9622e3158cc1aef114) C:\Windows\system32\drivers\msisadrv.sys
11:43:37.0192 4292 msisadrv - ok
11:43:37.0242 4292 MSiSCSI (90f7d9e6b6f27e1a707d4a297f077828) C:\Windows\system32\iscsiexe.dll
11:43:37.0259 4292 MSiSCSI - ok
11:43:37.0275 4292 msiserver - ok
11:43:37.0326 4292 MSKSSRV (8c0860d6366aaffb6c5bb9df9448e631) C:\Windows\system32\drivers\MSKSSRV.sys
11:43:37.0333 4292 MSKSSRV - ok
11:43:37.0357 4292 MSPCLOCK (3ea8b949f963562cedbb549eac0c11ce) C:\Windows\system32\drivers\MSPCLOCK.sys
11:43:37.0364 4292 MSPCLOCK - ok
11:43:37.0380 4292 MSPQM (f456e973590d663b1073e9c463b40932) C:\Windows\system32\drivers\MSPQM.sys
11:43:37.0391 4292 MSPQM - ok
11:43:37.0425 4292 MsRPC (0e008fc4819d238c51d7c93e7b41e560) C:\Windows\system32\drivers\MsRPC.sys
11:43:37.0440 4292 MsRPC - ok
11:43:37.0472 4292 mssmbios (fc6b9ff600cc585ea38b12589bd4e246) C:\Windows\system32\drivers\mssmbios.sys
11:43:37.0479 4292 mssmbios - ok
11:43:37.0519 4292 MSTEE (b42c6b921f61a6e55159b8be6cd54a36) C:\Windows\system32\drivers\MSTEE.sys
11:43:37.0526 4292 MSTEE - ok
11:43:37.0550 4292 MTConfig (33599130f44e1f34631cea241de8ac84) C:\Windows\system32\DRIVERS\MTConfig.sys
11:43:37.0560 4292 MTConfig - ok
11:43:37.0675 4292 Mup (159fad02f64e6381758c990f753bcc80) C:\Windows\system32\Drivers\mup.sys
11:43:37.0687 4292 Mup - ok
11:43:37.0753 4292 napagent (61d57a5d7c6d9afe10e77dae6e1b445e) C:\Windows\system32\qagentRT.dll
11:43:37.0769 4292 napagent - ok
11:43:37.0844 4292 NativeWifiP (26384429fcd85d83746f63e798ab1480) C:\Windows\system32\DRIVERS\nwifi.sys
11:43:37.0866 4292 NativeWifiP - ok
11:43:37.0977 4292 NDIS (e7c54812a2aaf43316eb6930c1ffa108) C:\Windows\system32\drivers\ndis.sys
11:43:38.0040 4292 NDIS - ok
11:43:38.0098 4292 NdisCap (0e1787aa6c9191d3d319e8bafe86f80c) C:\Windows\system32\DRIVERS\ndiscap.sys
11:43:38.0107 4292 NdisCap - ok
11:43:38.0144 4292 NdisTapi (e4a8aec125a2e43a9e32afeea7c9c888) C:\Windows\system32\DRIVERS\ndistapi.sys
11:43:38.0152 4292 NdisTapi - ok
11:43:38.0201 4292 Ndisuio (d8a65dafb3eb41cbb622745676fcd072) C:\Windows\system32\DRIVERS\ndisuio.sys
11:43:38.0211 4292 Ndisuio - ok
11:43:38.0258 4292 NdisWan (38fbe267e7e6983311179230facb1017) C:\Windows\system32\DRIVERS\ndiswan.sys
11:43:38.0273 4292 NdisWan - ok
11:43:38.0327 4292 NDProxy (a4bdc541e69674fbff1a8ff00be913f2) C:\Windows\system32\drivers\NDProxy.sys
11:43:38.0338 4292 NDProxy - ok
11:43:38.0380 4292 Net Driver HPZ12 (510c138564486ff926a3f773205c63d1) C:\Windows\system32\HPZinw12.dll
11:43:38.0393 4292 Net Driver HPZ12 - ok
11:43:38.0460 4292 NetBIOS (80b275b1ce3b0e79909db7b39af74d51) C:\Windows\system32\DRIVERS\netbios.sys
11:43:38.0470 4292 NetBIOS - ok
11:43:38.0513 4292 NetBT (280122ddcf04b378edd1ad54d71c1e54) C:\Windows\system32\DRIVERS\netbt.sys
11:43:38.0538 4292 NetBT - ok
11:43:38.0596 4292 Netlogon (81951f51e318aecc2d68559e47485cc4) C:\Windows\system32\lsass.exe
11:43:38.0600 4292 Netlogon - ok
11:43:38.0659 4292 Netman (7cccfca7510684768da22092d1fa4db2) C:\Windows\System32\netman.dll
11:43:38.0700 4292 Netman - ok
11:43:38.0723 4292 netprofm (8c338238c16777a802d6a9211eb2ba50) C:\Windows\System32\netprofm.dll
11:43:38.0756 4292 netprofm - ok
11:43:38.0806 4292 NetTcpPortSharing (f476ec40033cdb91efbe73eb99b8362d) C:\Windows\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\SMSvcHost.exe
11:43:38.0828 4292 NetTcpPortSharing - ok
11:43:39.0015 4292 netw5v32 (58218ec6b61b1169cf54aab0d00f5fe2) C:\Windows\system32\DRIVERS\netw5v32.sys
11:43:39.0177 4292 netw5v32 - ok
11:43:39.0286 4292 nfrd960 (1d85c4b390b0ee09c7a46b91efb2c097) C:\Windows\system32\DRIVERS\nfrd960.sys
11:43:39.0297 4292 nfrd960 - ok
11:43:39.0340 4292 NlaSvc (912084381d30d8b89ec4e293053f4710) C:\Windows\System32\nlasvc.dll
11:43:39.0373 4292 NlaSvc - ok
11:43:39.0424 4292 Npfs (1db262a9f8c087e8153d89bef3d2235f) C:\Windows\system32\drivers\Npfs.sys
11:43:39.0433 4292 Npfs - ok
11:43:39.0481 4292 nsi (ba387e955e890c8a88306d9b8d06bf17) C:\Windows\system32\nsisvc.dll
11:43:39.0488 4292 nsi - ok
11:43:39.0536 4292 nsiproxy (e9a0a4d07e53d8fea2bb8387a3293c58) C:\Windows\system32\drivers\nsiproxy.sys
11:43:39.0543 4292 nsiproxy - ok
11:43:39.0611 4292 Ntfs (81189c3d7763838e55c397759d49007a) C:\Windows\system32\drivers\Ntfs.sys
11:43:39.0694 4292 Ntfs - ok
11:43:39.0753 4292 Null (f9756a98d69098dca8945d62858a812c) C:\Windows\system32\drivers\Null.sys
11:43:39.0759 4292 Null - ok
11:43:39.0801 4292 nvraid (b3e25ee28883877076e0e1ff877d02e0) C:\Windows\system32\drivers\nvraid.sys
11:43:39.0816 4292 nvraid - ok
11:43:39.0846 4292 nvstor (4380e59a170d88c4f1022eff6719a8a4) C:\Windows\system32\drivers\nvstor.sys
11:43:39.0861 4292 nvstor - ok
11:43:39.0890 4292 nv_agp (5a0983915f02bae73267cc2a041f717d) C:\Windows\system32\drivers\nv_agp.sys
11:43:39.0905 4292 nv_agp - ok
11:43:39.0942 4292 ohci1394 (08a70a1f2cdde9bb49b885cb817a66eb) C:\Windows\system32\drivers\ohci1394.sys
11:43:39.0955 4292 ohci1394 - ok
11:43:40.0028 4292 ose (9d10f99a6712e28f8acd5641e3a7ea6b) C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE
11:43:40.0046 4292 ose - ok
11:43:40.0240 4292 osppsvc (358a9cca612c68eb2f07ddad4ce1d8d7) C:\Program Files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE
11:43:40.0520 4292 osppsvc - ok
11:43:40.0612 4292 p2pimsvc (82a8521ddc60710c3d3d3e7325209bec) C:\Windows\system32\pnrpsvc.dll
11:43:40.0621 4292 p2pimsvc - ok
11:43:40.0650 4292 p2psvc (59c3ddd501e39e006dac31bf55150d91) C:\Windows\system32\p2psvc.dll
11:43:40.0659 4292 p2psvc - ok
11:43:40.0710 4292 Parport (2ea877ed5dd9713c5ac74e8ea7348d14) C:\Windows\system32\DRIVERS\parport.sys
11:43:40.0723 4292 Parport - ok
11:43:40.0781 4292 partmgr (bf8f6af06da75b336f07e23aef97d93b) C:\Windows\system32\drivers\partmgr.sys
11:43:40.0797 4292 partmgr - ok
11:43:40.0836 4292 Parvdm (eb0a59f29c19b86479d36b35983daadc) C:\Windows\system32\DRIVERS\parvdm.sys
11:43:40.0843 4292 Parvdm - ok
11:43:40.0903 4292 PcaSvc (358ab7956d3160000726574083dfc8a6) C:\Windows\System32\pcasvc.dll
11:43:40.0924 4292 PcaSvc - ok
11:43:40.0985 4292 pci (673e55c3498eb970088e812ea820aa8f) C:\Windows\system32\drivers\pci.sys
11:43:41.0002 4292 pci - ok
11:43:41.0067 4292 pciide (afe86f419014db4e5593f69ffe26ce0a) C:\Windows\system32\drivers\pciide.sys
11:43:41.0076 4292 pciide - ok
11:43:41.0129 4292 pcmcia (f396431b31693e71e8a80687ef523506) C:\Windows\system32\DRIVERS\pcmcia.sys
11:43:41.0159 4292 pcmcia - ok
11:43:41.0198 4292 pcw (250f6b43d2b613172035c6747aeeb19f) C:\Windows\system32\drivers\pcw.sys
11:43:41.0210 4292 pcw - ok
11:43:41.0264 4292 PEAUTH (9e0104ba49f4e6973749a02bf41344ed) C:\Windows\system32\drivers\peauth.sys
11:43:41.0327 4292 PEAUTH - ok
11:43:41.0400 4292 PeerDistSvc (af4d64d2a57b9772cf3801950b8058a6) C:\Windows\system32\peerdistsvc.dll
11:43:41.0492 4292 PeerDistSvc - ok
11:43:41.0598 4292 pla (414bba67a3ded1d28437eb66aeb8a720) C:\Windows\system32\pla.dll
11:43:41.0679 4292 pla - ok
11:43:41.0792 4292 PlugPlay (ec7bc28d207da09e79b3e9faf8b232ca) C:\Windows\system32\umpnpmgr.dll
11:43:41.0804 4292 PlugPlay - ok
11:43:41.0861 4292 Pml Driver HPZ12 (37e5e8ffbad35605daeec3224ea0e465) C:\Windows\system32\HPZipm12.dll
11:43:41.0864 4292 Pml Driver HPZ12 - ok
11:43:41.0912 4292 PNRPAutoReg (63ff8572611249931eb16bb8eed6afc8) C:\Windows\system32\pnrpauto.dll
11:43:41.0925 4292 PNRPAutoReg - ok
11:43:41.0970 4292 PNRPsvc (82a8521ddc60710c3d3d3e7325209bec) C:\Windows\system32\pnrpsvc.dll
11:43:41.0979 4292 PNRPsvc - ok
11:43:42.0030 4292 PolicyAgent (53946b69ba0836bd95b03759530c81ec) C:\Windows\System32\ipsecsvc.dll
11:43:42.0059 4292 PolicyAgent - ok
11:43:42.0118 4292 Power (f87d30e72e03d579a5199ccb3831d6ea) C:\Windows\system32\umpo.dll
11:43:42.0145 4292 Power - ok
11:43:42.0222 4292 PptpMiniport (631e3e205ad6d86f2aed6a4a8e69f2db) C:\Windows\system32\DRIVERS\raspptp.sys
11:43:42.0234 4292 PptpMiniport - ok
11:43:42.0270 4292 Processor (85b1e3a0c7585bc4aae6899ec6fcf011) C:\Windows\system32\DRIVERS\processr.sys
11:43:42.0282 4292 Processor - ok
11:43:42.0338 4292 ProfSvc (43ca4ccc22d52fb58e8988f0198851d0) C:\Windows\system32\profsvc.dll
11:43:42.0367 4292 ProfSvc - ok
11:43:42.0402 4292 ProtectedStorage (81951f51e318aecc2d68559e47485cc4) C:\Windows\system32\lsass.exe
11:43:42.0407 4292 ProtectedStorage - ok
11:43:42.0478 4292 Psched (6270ccae2a86de6d146529fe55b3246a) C:\Windows\system32\DRIVERS\pacer.sys
11:43:42.0494 4292 Psched - ok
11:43:42.0571 4292 ql2300 (ab95ecf1f6659a60ddc166d8315b0751) C:\Windows\system32\DRIVERS\ql2300.sys
11:43:42.0654 4292 ql2300 - ok
11:43:42.0681 4292 ql40xx (b4dd51dd25182244b86737dc51af2270) C:\Windows\system32\DRIVERS\ql40xx.sys
11:43:42.0697 4292 ql40xx - ok
11:43:42.0737 4292 QWAVE (31ac809e7707eb580b2bdb760390765a) C:\Windows\system32\qwave.dll
11:43:42.0770 4292 QWAVE - ok
11:43:42.0823 4292 QWAVEdrv (584078ca1b95ca72df2a27c336f9719d) C:\Windows\system32\drivers\qwavedrv.sys
11:43:42.0833 4292 QWAVEdrv - ok
11:43:42.0855 4292 RasAcd (30a81b53c766d0133bb86d234e5556ab) C:\Windows\system32\DRIVERS\rasacd.sys
11:43:42.0862 4292 RasAcd - ok
11:43:42.0918 4292 RasAgileVpn (57ec4aef73660166074d8f7f31c0d4fd) C:\Windows\system32\DRIVERS\AgileVpn.sys
11:43:42.0929 4292 RasAgileVpn - ok
11:43:42.0986 4292 RasAuto (a60f1839849c0c00739787fd5ec03f13) C:\Windows\System32\rasauto.dll
11:43:43.0003 4292 RasAuto - ok
11:43:43.0061 4292 Rasl2tp (d9f91eafec2815365cbe6d167e4e332a) C:\Windows\system32\DRIVERS\rasl2tp.sys
11:43:43.0076 4292 Rasl2tp - ok
11:43:43.0138 4292 RasMan (cb9e04dc05eacf5b9a36ca276d475006) C:\Windows\System32\rasmans.dll
11:43:43.0147 4292 RasMan - ok
11:43:43.0216 4292 RasPppoe (0fe8b15916307a6ac12bfb6a63e45507) C:\Windows\system32\DRIVERS\raspppoe.sys
11:43:43.0233 4292 RasPppoe - ok
11:43:43.0280 4292 RasSstp (44101f495a83ea6401d886e7fd70096b) C:\Windows\system32\DRIVERS\rassstp.sys
11:43:43.0293 4292 RasSstp - ok
11:43:43.0351 4292 rdbss (d528bc58a489409ba40334ebf96a311b) C:\Windows\system32\DRIVERS\rdbss.sys
11:43:43.0374 4292 rdbss - ok
11:43:43.0422 4292 rdpbus (0d8f05481cb76e70e1da06ee9f0da9df) C:\Windows\system32\DRIVERS\rdpbus.sys
11:43:43.0430 4292 rdpbus - ok
11:43:43.0477 4292 RDPCDD (23dae03f29d253ae74c44f99e515f9a1) C:\Windows\system32\DRIVERS\RDPCDD.sys
11:43:43.0484 4292 RDPCDD - ok
11:43:43.0526 4292 RDPDR (b973fcfc50dc1434e1970a146f7e3885) C:\Windows\system32\drivers\rdpdr.sys
11:43:43.0539 4292 RDPDR - ok
11:43:43.0581 4292 RDPENCDD (5a53ca1598dd4156d44196d200c94b8a) C:\Windows\system32\drivers\rdpencdd.sys
11:43:43.0586 4292 RDPENCDD - ok
11:43:43.0613 4292 RDPREFMP (44b0a53cd4f27d50ed461dae0c0b4e1f) C:\Windows\system32\drivers\rdprefmp.sys
11:43:43.0618 4292 RDPREFMP - ok
11:43:43.0692 4292 RdpVideoMiniport (68a0387f58e226deee23d9715955572a) C:\Windows\system32\drivers\rdpvideominiport.sys
11:43:43.0699 4292 RdpVideoMiniport - ok
11:43:43.0739 4292 RDPWD (244c83332f44589ae98fc347f11b2693) C:\Windows\system32\drivers\RDPWD.sys
11:43:43.0752 4292 RDPWD - ok
11:43:43.0795 4292 rdyboost (518395321dc96fe2c9f0e96ac743b656) C:\Windows\system32\drivers\rdyboost.sys
11:43:43.0815 4292 rdyboost - ok
11:43:43.0853 4292 RemoteAccess (7b5e1419717fac363a31cc302895217a) C:\Windows\System32\mprdim.dll
11:43:43.0869 4292 RemoteAccess - ok
11:43:43.0912 4292 RemoteRegistry (cb9a8683f4ef2bf99e123d79950d7935) C:\Windows\system32\regsvc.dll
11:43:43.0932 4292 RemoteRegistry - ok
11:43:43.0990 4292 RFCOMM (cb928d9e6daf51879dd6ba8d02f01321) C:\Windows\system32\DRIVERS\rfcomm.sys
11:43:44.0006 4292 RFCOMM - ok
11:43:44.0079 4292 rimmptsk (d85e3fa9f5b1f29bb4ed185c450d1470) C:\Windows\system32\DRIVERS\rimmptsk.sys
11:43:44.0088 4292 rimmptsk - ok
11:43:44.0151 4292 rimsptsk (db8eb01c58c9fada00c70b1775278ae0) C:\Windows\system32\DRIVERS\rimsptsk.sys
11:43:44.0161 4292 rimsptsk - ok
11:43:44.0215 4292 rismxdp (6c1f93c0760c9f79a1869d07233df39d) C:\Windows\system32\DRIVERS\rixdptsk.sys
11:43:44.0225 4292 rismxdp - ok
11:43:44.0266 4292 RpcEptMapper (78d072f35bc45d9e4e1b61895c152234) C:\Windows\System32\RpcEpMap.dll
11:43:44.0281 4292 RpcEptMapper - ok
11:43:44.0339 4292 RpcLocator (94d36c0e44677dd26981d2bfeef2a29d) C:\Windows\system32\locator.exe
11:43:44.0349 4292 RpcLocator - ok
11:43:44.0399 4292 RpcSs (7660f01d3b38aca1747e397d21d790af) C:\Windows\system32\rpcss.dll
11:43:44.0409 4292 RpcSs - ok
11:43:44.0490 4292 rspndr (032b0d36ad92b582d869879f5af5b928) C:\Windows\system32\DRIVERS\rspndr.sys
11:43:44.0502 4292 rspndr - ok
11:43:44.0544 4292 s3cap (7fa7f2e249a5dcbb7970630e15e1f482) C:\Windows\system32\drivers\vms3cap.sys
11:43:44.0550 4292 s3cap - ok
11:43:44.0601 4292 SamSs (81951f51e318aecc2d68559e47485cc4) C:\Windows\system32\lsass.exe
11:43:44.0608 4292 SamSs - ok
11:43:44.0662 4292 sbp2port (05d860da1040f111503ac416ccef2bca) C:\Windows\system32\drivers\sbp2port.sys
11:43:44.0676 4292 sbp2port - ok
11:43:44.0730 4292 SCardSvr (8fc518ffe9519c2631d37515a68009c4) C:\Windows\System32\SCardSvr.dll
11:43:44.0757 4292 SCardSvr - ok
11:43:44.0824 4292 scfilter (0693b5ec673e34dc147e195779a4dcf6) C:\Windows\system32\DRIVERS\scfilter.sys
11:43:44.0835 4292 scfilter - ok
11:43:44.0889 4292 Schedule (a04bb13f8a72f8b6e8b4071723e4e336) C:\Windows\system32\schedsvc.dll
11:43:44.0959 4292 Schedule - ok
11:43:45.0015 4292 SCPolicySvc (319c6b309773d063541d01df8ac6f55f) C:\Windows\System32\certprop.dll
11:43:45.0018 4292 SCPolicySvc - ok
11:43:45.0078 4292 sdbus (0328be1c7f1cba23848179f8762e391c) C:\Windows\system32\drivers\sdbus.sys
11:43:45.0091 4292 sdbus - ok
11:43:45.0148 4292 SDRSVC (08236c4bce5edd0a0318a438af28e0f7) C:\Windows\System32\SDRSVC.dll
11:43:45.0156 4292 SDRSVC - ok
11:43:45.0212 4292 secdrv (90a3935d05b494a5a39d37e71f09a677) C:\Windows\system32\drivers\secdrv.sys
11:43:45.0221 4292 secdrv - ok
11:43:45.0259 4292 seclogon (a59b3a4442c52060cc7a85293aa3546f) C:\Windows\system32\seclogon.dll
11:43:45.0274 4292 seclogon - ok
11:43:45.0345 4292 SENS (dcb7fcdcc97f87360f75d77425b81737) C:\Windows\system32\sens.dll
11:43:45.0351 4292 SENS - ok
11:43:45.0386 4292 SensrSvc (50087fe1ee447009c9cc2997b90de53f) C:\Windows\system32\sensrsvc.dll
11:43:45.0401 4292 SensrSvc - ok
11:43:45.0462 4292 Serenum (9ad8b8b515e3df6acd4212ef465de2d1) C:\Windows\system32\DRIVERS\serenum.sys
11:43:45.0470 4292 Serenum - ok
11:43:45.0500 4292 Serial (5fb7fcea0490d821f26f39cc5ea3d1e2) C:\Windows\system32\DRIVERS\serial.sys
11:43:45.0518 4292 Serial - ok
11:43:45.0579 4292 sermouse (79bffb520327ff916a582dfea17aa813) C:\Windows\system32\DRIVERS\sermouse.sys
11:43:45.0587 4292 sermouse - ok
11:43:45.0634 4292 SessionEnv (4ae380f39a0032eab7dd953030b26d28) C:\Windows\system32\sessenv.dll
11:43:45.0672 4292 SessionEnv - ok
11:43:45.0769 4292 sffdisk (9f976e1eb233df46fce808d9dea3eb9c) C:\Windows\system32\drivers\sffdisk.sys
11:43:45.0776 4292 sffdisk - ok
11:43:45.0800 4292 sffp_mmc (932a68ee27833cfd57c1639d375f2731) C:\Windows\system32\drivers\sffp_mmc.sys
11:43:45.0808 4292 sffp_mmc - ok
11:43:45.0834 4292 sffp_sd (6d4ccaedc018f1cf52866bbbaa235982) C:\Windows\system32\drivers\sffp_sd.sys
11:43:45.0845 4292 sffp_sd - ok
11:43:45.0903 4292 sfloppy (db96666cc8312ebc45032f30b007a547) C:\Windows\system32\DRIVERS\sfloppy.sys
11:43:45.0911 4292 sfloppy - ok
11:43:45.0954 4292 SharedAccess (d1a079a0de2ea524513b6930c24527a2) C:\Windows\System32\ipnathlp.dll
11:43:45.0980 4292 SharedAccess - ok
11:43:46.0052 4292 ShellHWDetection (414da952a35bf5d50192e28263b40577) C:\Windows\System32\shsvcs.dll
11:43:46.0062 4292 ShellHWDetection - ok
11:43:46.0112 4292 sisagp (2565cac0dc9fe0371bdce60832582b2e) C:\Windows\system32\drivers\sisagp.sys
11:43:46.0124 4292 sisagp - ok
11:43:46.0197 4292 SiSRaid2 (a9f0486851becb6dda1d89d381e71055) C:\Windows\system32\DRIVERS\SiSRaid2.sys
11:43:46.0207 4292 SiSRaid2 - ok
11:43:46.0232 4292 SiSRaid4 (3727097b55738e2f554972c3be5bc1aa) C:\Windows\system32\DRIVERS\sisraid4.sys
11:43:46.0245 4292 SiSRaid4 - ok
11:43:46.0325 4292 Smb (3e21c083b8a01cb70ba1f09303010fce) C:\Windows\system32\DRIVERS\smb.sys
11:43:46.0338 4292 Smb - ok
11:43:46.0387 4292 SNMPTRAP (6a984831644eca1a33ffeae4126f4f37) C:\Windows\System32\snmptrap.exe
11:43:46.0400 4292 SNMPTRAP - ok
11:43:46.0475 4292 spldr (95cf1ae7527fb70f7816563cbc09d942) C:\Windows\system32\drivers\spldr.sys
11:43:46.0485 4292 spldr - ok
11:43:46.0527 4292 Spooler (866a43013535dc8587c258e43579c764) C:\Windows\System32\spoolsv.exe
11:43:46.0537 4292 Spooler - ok
11:43:46.0665 4292 sppsvc (cf87a1de791347e75b98885214ced2b8) C:\Windows\system32\sppsvc.exe
11:43:46.0691 4292 sppsvc - ok
11:43:46.0771 4292 sppuinotify (b0180b20b065d89232a78a40fe56eaa6) C:\Windows\system32\sppuinotify.dll
11:43:46.0788 4292 sppuinotify - ok
11:43:46.0860 4292 srv (e4c2764065d66ea1d2d3ebc28fe99c46) C:\Windows\system32\DRIVERS\srv.sys
11:43:46.0909 4292 srv - ok
11:43:46.0972 4292 srv2 (03f0545bd8d4c77fa0ae1ceedfcc71ab) C:\Windows\system32\DRIVERS\srv2.sys
11:43:47.0003 4292 srv2 - ok
11:43:47.0064 4292 srvnet (be6bd660caa6f291ae06a718a4fa8abc) C:\Windows\system32\DRIVERS\srvnet.sys
11:43:47.0081 4292 srvnet - ok
11:43:47.0135 4292 SSDPSRV (d887c9fd02ac9fa880f6e5027a43e118) C:\Windows\System32\ssdpsrv.dll
11:43:47.0144 4292 SSDPSRV - ok
11:43:47.0197 4292 ssmdrv (a36ee93698802cd899f98bfd553d8185) C:\Windows\system32\DRIVERS\ssmdrv.sys
11:43:47.0207 4292 ssmdrv - ok
11:43:47.0236 4292 SstpSvc (d318f23be45d5e3a107469eb64815b50) C:\Windows\system32\sstpsvc.dll
11:43:47.0260 4292 SstpSvc - ok
11:43:47.0342 4292 STacSV (cf26eb925f557d4d70973c702c8e7a49) C:\Program Files\SigmaTel\C-Major Audio\WDM\STacSV.exe
11:43:47.0344 4292 STacSV - ok
11:43:47.0446 4292 stexstor (db32d325c192b801df274bfd12a7e72b) C:\Windows\system32\DRIVERS\stexstor.sys
11:43:47.0456 4292 stexstor - ok
11:43:47.0515 4292 STHDA (9cea131b5eb0ea653f6b3ea80b54956d) C:\Windows\system32\drivers\stwrt.sys
11:43:47.0582 4292 STHDA - ok
11:43:47.0659 4292 StillCam (edb05bd63148796f23ea78506404a538) C:\Windows\system32\DRIVERS\serscan.sys
11:43:47.0666 4292 StillCam - ok
11:43:47.0734 4292 StiSvc (e1fb3706030fb4578a0d72c2fc3689e4) C:\Windows\System32\wiaservc.dll
11:43:47.0785 4292 StiSvc - ok
11:43:47.0852 4292 storflt (472af0311073dceceaa8fa18ba2bdf89) C:\Windows\system32\drivers\vmstorfl.sys
11:43:47.0866 4292 storflt - ok
11:43:47.0930 4292 storvsc (dcaffd62259e0bdb433dd67b5bb37619) C:\Windows\system32\drivers\storvsc.sys
11:43:47.0941 4292 storvsc - ok
11:43:47.0992 4292 swenum (e58c78a848add9610a4db6d214af5224) C:\Windows\system32\drivers\swenum.sys
11:43:48.0001 4292 swenum - ok
11:43:48.0041 4292 swprv (a28bd92df340e57b024ba433165d34d7) C:\Windows\System32\swprv.dll
11:43:48.0072 4292 swprv - ok
11:43:48.0138 4292 Synth3dVsc - ok
11:43:48.0212 4292 SysMain (36650d618ca34c9d357dfd3d89b2c56f) C:\Windows\system32\sysmain.dll
11:43:48.0232 4292 SysMain - ok
11:43:48.0307 4292 TabletInputService (763fecdc3d30c815fe72dd57936c6cd1) C:\Windows\System32\TabSvc.dll
11:43:48.0325 4292 TabletInputService - ok
11:43:48.0363 4292 TapiSrv (613bf4820361543956909043a265c6ac) C:\Windows\System32\tapisrv.dll
11:43:48.0396 4292 TapiSrv - ok
11:43:48.0461 4292 TBS (b799d9fdb26111737f58288d8dc172d9) C:\Windows\System32\tbssvc.dll
11:43:48.0478 4292 TBS - ok
11:43:48.0550 4292 Tcpip (65d10b191c59c5501a1263fc33f6894b) C:\Windows\system32\drivers\tcpip.sys
11:43:48.0639 4292 Tcpip - ok
11:43:48.0767 4292 TCPIP6 (65d10b191c59c5501a1263fc33f6894b) C:\Windows\system32\DRIVERS\tcpip.sys
11:43:48.0783 4292 TCPIP6 - ok
11:43:48.0824 4292 tcpipreg (cca24162e055c3714ce5a88b100c64ed) C:\Windows\system32\drivers\tcpipreg.sys
11:43:48.0834 4292 tcpipreg - ok
11:43:48.0874 4292 TDPIPE (1cb91b2bd8f6dd367dfc2ef26fd751b2) C:\Windows\system32\drivers\tdpipe.sys
11:43:48.0882 4292 TDPIPE - ok
11:43:48.0924 4292 TDTCP (2c2c5afe7ee4f620d69c23c0617651a8) C:\Windows\system32\drivers\tdtcp.sys
11:43:48.0933 4292 TDTCP - ok
11:43:48.0982 4292 tdx (b459575348c20e8121d6039da063c704) C:\Windows\system32\DRIVERS\tdx.sys
11:43:48.0995 4292 tdx - ok
11:43:49.0040 4292 TermDD (04dbf4b01ea4bf25a9a3e84affac9b20) C:\Windows\system32\drivers\termdd.sys
11:43:49.0053 4292 TermDD - ok
11:43:49.0108 4292 TermService (382c804c92811be57829d8e550a900e2) C:\Windows\System32\termsrv.dll
11:43:49.0121 4292 TermService - ok
11:43:49.0168 4292 Themes (42fb6afd6b79d9fe07381609172e7ca4) C:\Windows\system32\themeservice.dll
11:43:49.0183 4292 Themes - ok
11:43:49.0229 4292 THREADORDER (146b6f43a673379a3c670e86d89be5ea) C:\Windows\system32\mmcss.dll
11:43:49.0234 4292 THREADORDER - ok
11:43:49.0270 4292 TrkWks (4792c0378db99a9bc2ae2de6cfff0c3a) C:\Windows\System32\trkwks.dll
11:43:49.0278 4292 TrkWks - ok
11:43:49.0313 4292 TrustedInstaller (2c49b175aee1d4364b91b531417fe583) C:\Windows\servicing\TrustedInstaller.exe
11:43:49.0317 4292 TrustedInstaller - ok
11:43:49.0387 4292 tsakcslf (e6d35f3aa51a65eb35c1f2340154a25e) C:\Windows\system32\drivers\duadnjkl.sys
11:43:49.0388 4292 tsakcslf - ok
11:43:49.0426 4292 tssecsrv (254bb140eee3c59d6114c1a86b636877) C:\Windows\system32\DRIVERS\tssecsrv.sys
11:43:49.0435 4292 tssecsrv - ok
11:43:49.0481 4292 TsUsbFlt (fd1d6c73e6333be727cbcc6054247654) C:\Windows\system32\drivers\tsusbflt.sys
11:43:49.0494 4292 TsUsbFlt - ok
11:43:49.0535 4292 tsusbhub - ok
11:43:49.0605 4292 tunnel (b2fa25d9b17a68bb93d58b0556e8c90d) C:\Windows\system32\DRIVERS\tunnel.sys
11:43:49.0621 4292 tunnel - ok
11:43:49.0691 4292 uagp35 (750fbcb269f4d7dd2e420c56b795db6d) C:\Windows\system32\DRIVERS\uagp35.sys
11:43:49.0703 4292 uagp35 - ok
11:43:49.0743 4292 udfs (ee43346c7e4b5e63e54f927babbb32ff) C:\Windows\system32\DRIVERS\udfs.sys
11:43:49.0772 4292 udfs - ok
11:43:49.0862 4292 UI0Detect (8344fd4fce927880aa1aa7681d4927e5) C:\Windows\system32\UI0Detect.exe
11:43:49.0880 4292 UI0Detect - ok
11:43:49.0962 4292 uliagpkx (44e8048ace47befbfdc2e9be4cbc8880) C:\Windows\system32\drivers\uliagpkx.sys
11:43:49.0974 4292 uliagpkx - ok
11:43:50.0023 4292 umbus (d295bed4b898f0fd999fcfa9b32b071b) C:\Windows\system32\DRIVERS\umbus.sys
11:43:50.0034 4292 umbus - ok
11:43:50.0123 4292 UmPass (7550ad0c6998ba1cb4843e920ee0feac) C:\Windows\system32\DRIVERS\umpass.sys
11:43:50.0134 4292 UmPass - ok
11:43:50.0185 4292 UmRdpService (409994a8eaceee4e328749c0353527a0) C:\Windows\System32\umrdp.dll
11:43:50.0213 4292 UmRdpService - ok
11:43:50.0263 4292 upnphost (833fbb672460efce8011d262175fad33) C:\Windows\System32\upnphost.dll
11:43:50.0274 4292 upnphost - ok
11:43:50.0373 4292 USBAAPL (83cafcb53201bbac04d822f32438e244) C:\Windows\system32\Drivers\usbaapl.sys
11:43:50.0382 4292 USBAAPL - ok
11:43:50.0410 4292 usbccgp (bd9c55d7023c5de374507acc7a14e2ac) C:\Windows\system32\DRIVERS\usbccgp.sys
11:43:50.0423 4292 usbccgp - ok
11:43:50.0457 4292 usbcir (04ec7cec62ec3b6d9354eee93327fc82) C:\Windows\system32\drivers\usbcir.sys
11:43:50.0475 4292 usbcir - ok
11:43:50.0514 4292 usbehci (f92de757e4b7ce9c07c5e65423f3ae3b) C:\Windows\system32\DRIVERS\usbehci.sys
11:43:50.0524 4292 usbehci - ok
11:43:50.0598 4292 usbhub (8dc94aec6a7e644a06135ae7506dc2e9) C:\Windows\system32\DRIVERS\usbhub.sys
11:43:50.0622 4292 usbhub - ok
11:43:50.0652 4292 usbohci (e185d44fac515a18d9deddc23c2cdf44) C:\Windows\system32\drivers\usbohci.sys
11:43:50.0660 4292 usbohci - ok
11:43:50.0713 4292 usbprint (797d862fe0875e75c7cc4c1ad7b30252) C:\Windows\system32\DRIVERS\usbprint.sys
11:43:50.0721 4292 usbprint - ok
11:43:50.0757 4292 USBSTOR (f991ab9cc6b908db552166768176896a) C:\Windows\system32\DRIVERS\USBSTOR.SYS
11:43:50.0759 4292 USBSTOR - ok
11:43:50.0786 4292 usbuhci (68df884cf41cdada664beb01daf67e3d) C:\Windows\system32\DRIVERS\usbuhci.sys
11:43:50.0795 4292 usbuhci - ok
11:43:50.0857 4292 UxSms (081e6e1c91aec36758902a9f727cd23c) C:\Windows\System32\uxsms.dll
11:43:50.0873 4292 UxSms - ok
11:43:50.0924 4292 VaultSvc (81951f51e318aecc2d68559e47485cc4) C:\Windows\system32\lsass.exe
11:43:50.0928 4292 VaultSvc - ok
11:43:50.0988 4292 vdrvroot (a059c4c3edb09e07d21a8e5c0aabd3cb) C:\Windows\system32\drivers\vdrvroot.sys
11:43:50.0999 4292 vdrvroot - ok
11:43:51.0041 4292 vds (c3cd30495687c2a2f66a65ca6fd89be9) C:\Windows\System32\vds.exe
11:43:51.0087 4292 vds - ok
11:43:51.0163 4292 vga (17c408214ea61696cec9c66e388b14f3) C:\Windows\system32\DRIVERS\vgapnp.sys
11:43:51.0172 4292 vga - ok
11:43:51.0199 4292 VgaSave (8e38096ad5c8570a6f1570a61e251561) C:\Windows\System32\drivers\vga.sys
11:43:51.0208 4292 VgaSave - ok
11:43:51.0250 4292 VGPU - ok
11:43:51.0323 4292 vhdmp (5461686cca2fda57b024547733ab42e3) C:\Windows\system32\drivers\vhdmp.sys
11:43:51.0342 4292 vhdmp - ok
11:43:51.0404 4292 viaagp (c829317a37b4bea8f39735d4b076e923) C:\Windows\system32\drivers\viaagp.sys
11:43:51.0416 4292 viaagp - ok
11:43:51.0468 4292 ViaC7 (e02f079a6aa107f06b16549c6e5c7b74) C:\Windows\system32\DRIVERS\viac7.sys
11:43:51.0481 4292 ViaC7 - ok
11:43:51.0537 4292 viaide (e43574f6a56a0ee11809b48c09e4fd3c) C:\Windows\system32\drivers\viaide.sys
11:43:51.0546 4292 viaide - ok
11:43:51.0588 4292 vmbus (c2f2911156fdc7817c52829c86da494e) C:\Windows\system32\drivers\vmbus.sys
11:43:51.0610 4292 vmbus - ok
11:43:51.0663 4292 VMBusHID (d4d77455211e204f370d08f4963063ce) C:\Windows\system32\drivers\VMBusHID.sys
11:43:51.0671 4292 VMBusHID - ok
11:43:51.0702 4292 volmgr (4c63e00f2f4b5f86ab48a58cd990f212) C:\Windows\system32\drivers\volmgr.sys
11:43:51.0714 4292 volmgr - ok
11:43:51.0782 4292 volmgrx (b5bb72067ddddbbfb04b2f89ff8c3c87) C:\Windows\system32\drivers\volmgrx.sys
11:43:51.0814 4292 volmgrx - ok
11:43:51.0852 4292 volsnap (f497f67932c6fa693d7de2780631cfe7) C:\Windows\system32\drivers\volsnap.sys
11:43:51.0878 4292 volsnap - ok
11:43:51.0941 4292 vsmraid (9dfa0cc2f8855a04816729651175b631) C:\Windows\system32\DRIVERS\vsmraid.sys
11:43:51.0956 4292 vsmraid - ok
11:43:52.0038 4292 VSS (209a3b1901b83aeb8527ed211cce9e4c) C:\Windows\system32\vssvc.exe
11:43:52.0114 4292 VSS - ok
11:43:52.0219 4292 vwifibus (90567b1e658001e79d7c8bbd3dde5aa6) C:\Windows\System32\drivers\vwifibus.sys
11:43:52.0230 4292 vwifibus - ok
11:43:52.0295 4292 W32Time (55187fd710e27d5095d10a472c8baf1c) C:\Windows\system32\w32time.dll
11:43:52.0306 4292 W32Time - ok
11:43:52.0382 4292 WacomPen (de3721e89c653aa281428c8a69745d90) C:\Windows\system32\DRIVERS\wacompen.sys
11:43:52.0391 4292 WacomPen - ok
11:43:52.0452 4292 WANARP (3c3c78515f5ab448b022bdf5b8ffdd2e) C:\Windows\system32\DRIVERS\wanarp.sys
11:43:52.0464 4292 WANARP - ok
11:43:52.0474 4292 Wanarpv6 (3c3c78515f5ab448b022bdf5b8ffdd2e) C:\Windows\system32\DRIVERS\wanarp.sys
11:43:52.0477 4292 Wanarpv6 - ok
11:43:52.0571 4292 wbengine (691e3285e53dca558e1a84667f13e15a) C:\Windows\system32\wbengine.exe
11:43:52.0665 4292 wbengine - ok
11:43:52.0729 4292 WbioSrvc (9614b5d29dc76ac3c29f6d2d3aa70e67) C:\Windows\System32\wbiosrvc.dll
11:43:52.0751 4292 WbioSrvc - ok
11:43:52.0795 4292 wcncsvc (34eee0dfaadb4f691d6d5308a51315dc) C:\Windows\System32\wcncsvc.dll
11:43:52.0836 4292 wcncsvc - ok
11:43:52.0922 4292 WcsPlugInService (5d930b6357a6d2af4d7653bdabbf352f) C:\Windows\System32\WcsPlugInService.dll
11:43:52.0939 4292 WcsPlugInService - ok
11:43:53.0009 4292 Wd (1112a9badacb47b7c0bb0392e3158dff) C:\Windows\system32\DRIVERS\wd.sys
11:43:53.0018 4292 Wd - ok
11:43:53.0081 4292 WDC_SAM (d6efaf429fd30c5df613d220e344cce7) C:\Windows\system32\DRIVERS\wdcsam.sys
11:43:53.0088 4292 WDC_SAM - ok
11:43:53.0152 4292 Wdf01000 (9950e3d0f08141c7e89e64456ae7dc73) C:\Windows\system32\drivers\Wdf01000.sys
11:43:53.0193 4292 Wdf01000 - ok
11:43:53.0243 4292 WdiServiceHost (46ef9dc96265fd0b423db72e7c38c2a5) C:\Windows\system32\wdi.dll
11:43:53.0263 4292 WdiServiceHost - ok
11:43:53.0277 4292 WdiSystemHost (46ef9dc96265fd0b423db72e7c38c2a5) C:\Windows\system32\wdi.dll
11:43:53.0284 4292 WdiSystemHost - ok
11:43:53.0324 4292 WebClient (a9d880f97530d5b8fee278923349929d) C:\Windows\System32\webclnt.dll
11:43:53.0348 4292 WebClient - ok
11:43:53.0390 4292 Wecsvc (760f0afe937a77cff27153206534f275) C:\Windows\system32\wecsvc.dll
11:43:53.0419 4292 Wecsvc - ok
11:43:53.0464 4292 wercplsupport (ac804569bb2364fb6017370258a4091b) C:\Windows\System32\wercplsupport.dll
11:43:53.0482 4292 wercplsupport - ok
11:43:53.0519 4292 WerSvc (08e420d873e4fd85241ee2421b02c4a4) C:\Windows\System32\WerSvc.dll
11:43:53.0538 4292 WerSvc - ok
11:43:53.0612 4292 WfpLwf (8b9a943f3b53861f2bfaf6c186168f79) C:\Windows\system32\DRIVERS\wfplwf.sys
11:43:53.0619 4292 WfpLwf - ok
11:43:53.0669 4292 WIMMount (5cf95b35e59e2a38023836fff31be64c) C:\Windows\system32\drivers\wimmount.sys
11:43:53.0686 4292 WIMMount - ok
11:43:53.0784 4292 WinDefend (3fae8f94296001c32eab62cd7d82e0fd) C:\Program Files\Windows Defender\mpsvc.dll
11:43:53.0794 4292 WinDefend - ok
11:43:53.0805 4292 WinHttpAutoProxySvc - ok
11:43:53.0911 4292 Winmgmt (f62e510b6ad4c21eb9fe8668ed251826) C:\Windows\system32\wbem\WMIsvc.dll
11:43:53.0915 4292 Winmgmt - ok
11:43:53.0996 4292 WinRM (1b91cd34ea3a90ab6a4ef0550174f4cc) C:\Windows\system32\WsmSvc.dll
11:43:54.0073 4292 WinRM - ok
11:43:54.0157 4292 WinUsb (a67e5f9a400f3bd1be3d80613b45f708) C:\Windows\system32\DRIVERS\WinUsb.sys
11:43:54.0169 4292 WinUsb - ok
11:43:54.0251 4292 Wlansvc (16935c98ff639d185086a3529b1f2067) C:\Windows\System32\wlansvc.dll
11:43:54.0316 4292 Wlansvc - ok
11:43:54.0458 4292 wlidsvc (fb01d4ae207b9efdbabfc55dc95c7e31) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
11:43:54.0552 4292 wlidsvc - ok
11:43:54.0662 4292 WmiAcpi (0217679b8fca58714c3bf2726d2ca84e) C:\Windows\system32\drivers\wmiacpi.sys
11:43:54.0669 4292 WmiAcpi - ok
11:43:54.0747 4292 wmiApSrv (6eb6b66517b048d87dc1856ddf1f4c3f) C:\Windows\system32\wbem\WmiApSrv.exe
11:43:54.0768 4292 wmiApSrv - ok
11:43:54.0858 4292 WMPNetworkSvc (3b40d3a61aa8c21b88ae57c58ab3122e) C:\Program Files\Windows Media Player\wmpnetwk.exe
11:43:54.0892 4292 WMPNetworkSvc - ok
11:43:54.0970 4292 WPCSvc (a2f0ec770a92f2b3f9de6d518e11409c) C:\Windows\System32\wpcsvc.dll
11:43:54.0983 4292 WPCSvc - ok
11:43:55.0022 4292 WPDBusEnum (aa53356d60af47eacc85bc617a4f3f66) C:\Windows\system32\wpdbusenum.dll
11:43:55.0029 4292 WPDBusEnum - ok
11:43:55.0091 4292 ws2ifsl (6db3276587b853bf886b69528fdb048c) C:\Windows\system32\drivers\ws2ifsl.sys
11:43:55.0099 4292 ws2ifsl - ok
11:43:55.0156 4292 wscsvc (6f5d49efe0e7164e03ae773a3fe25340) C:\Windows\system32\wscsvc.dll
11:43:55.0164 4292 wscsvc - ok
11:43:55.0196 4292 WSearch - ok
11:43:55.0317 4292 wuauserv (3026418a50c5b4761befa632cedb7406) C:\Windows\system32\wuaueng.dll
11:43:55.0387 4292 wuauserv - ok
11:43:55.0433 4292 WudfPf (e714a1c0354636837e20ccbf00888ee7) C:\Windows\system32\drivers\WudfPf.sys
11:43:55.0446 4292 WudfPf - ok
11:43:55.0513 4292 WUDFRd (1023ee888c9b47178c5293ed5336ab69) C:\Windows\system32\DRIVERS\WUDFRd.sys
11:43:55.0529 4292 WUDFRd - ok
11:43:55.0578 4292 wudfsvc (8d1e1e529a2c9e9b6a85b55a345f7629) C:\Windows\System32\WUDFSvc.dll
11:43:55.0604 4292 wudfsvc - ok
11:43:55.0661 4292 WwanSvc (ff2d745b560f7c71b31f30f4d49f73d2) C:\Windows\System32\wwansvc.dll
11:43:55.0690 4292 WwanSvc - ok
11:43:55.0723 4292 MBR (0x1B8) (a36c5e4f47e84449ff07ed3517b43a31) \Device\Harddisk0\DR0
11:43:55.0773 4292 \Device\Harddisk0\DR0 - ok
11:43:55.0780 4292 Boot (0x1200) (497e9ae7da8d521b9d5cb9a9363e8d0f) \Device\Harddisk0\DR0\Partition0
11:43:55.0782 4292 \Device\Harddisk0\DR0\Partition0 - ok
11:43:55.0797 4292 Boot (0x1200) (8f7c16e7f206bb9f5b5ec99566f09a46) \Device\Harddisk0\DR0\Partition1
11:43:55.0800 4292 \Device\Harddisk0\DR0\Partition1 - ok
11:43:55.0823 4292 Boot (0x1200) (ad1f16dfd171231c5edbbe10ba596bc6) \Device\Harddisk0\DR0\Partition2
11:43:55.0825 4292 \Device\Harddisk0\DR0\Partition2 - ok
11:43:55.0845 4292 Boot (0x1200) (244e41f6cce45dac618664a548d808e1) \Device\Harddisk0\DR0\Partition3
11:43:55.0846 4292 \Device\Harddisk0\DR0\Partition3 - ok
11:43:55.0866 4292 Boot (0x1200) (5396ad91e9ac317554b7320217f5775f) \Device\Harddisk0\DR0\Partition4
11:43:55.0868 4292 \Device\Harddisk0\DR0\Partition4 - ok
11:43:55.0868 4292 ============================================================
11:43:55.0868 4292 Scan finished
11:43:55.0868 4292 ============================================================
11:43:55.0883 5540 Detected object count: 1
11:43:55.0883 5540 Actual detected object count: 1
11:44:09.0023 5540 Akamai ( HiddenFile.Multi.Generic ) - skipped by user
11:44:09.0023 5540 Akamai ( HiddenFile.Multi.Generic ) - User select action: Skip

Schritt 3:

dds:
.DDS Logfile:
DDS Logfile:

Code: Alles auswählenAufklappen

ATTFilter

DDS (Ver_2011-08-26.01) - NTFSx86 
Internet Explorer: 9.0.8112.16421  BrowserJavaVersion: 1.6.0_30
Run by Marvin at 11:45:04 on 2012-04-01
Microsoft Windows 7 Ultimate   6.1.7601.1.1252.49.1031.18.2046.1043 [GMT 2:00]
.
AV: AntiVir Desktop *Enabled/Updated* {090F9C29-64CE-6C6F-379C-5901B49A85B7}
SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
SP: AntiVir Desktop *Enabled/Updated* {B26E7DCD-42F4-63E1-0D2C-6273CF1DCF0A}
.
============== Running Processes ===============
.
C:\Windows\system32\wininit.exe
C:\Windows\system32\lsm.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\svchost.exe -k RPCSS
C:\Windows\system32\Ati2evxx.exe
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k netsvcs
C:\Windows\system32\svchost.exe -k LocalService
C:\Windows\system32\svchost.exe -k NetworkService
C:\Windows\System32\spoolsv.exe
C:\Program Files\Avira\AntiVir Desktop\sched.exe
C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
C:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe
C:\Windows\System32\svchost.exe -k Akamai
C:\Program Files\Avira\AntiVir Desktop\avguard.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
C:\Windows\system32\Ati2evxx.exe
C:\Program Files\Avira\AntiVir Desktop\avshadow.exe
C:\Windows\system32\taskhost.exe
C:\Windows\system32\conhost.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
C:\Windows\system32\svchost.exe -k hpdevmgmt
C:\Windows\System32\svchost.exe -k HPZ12
C:\Windows\System32\svchost.exe -k HPZ12
C:\Program Files\SigmaTel\C-Major Audio\WDM\STacSV.exe
C:\Windows\system32\svchost.exe -k imgsvc
C:\Windows\System32\svchost.exe -k secsvcs
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Windows\sttray.exe
C:\Program Files\Avira\AntiVir Desktop\avgnt.exe
C:\Program Files\HP\HP Software Update\hpwuSchd2.exe
C:\Program Files\Common Files\Java\Java Update\jusched.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe
C:\Program Files\Windows Sidebar\sidebar.exe
C:\Users\Marvin\AppData\Local\Akamai\netsession_win.exe
C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
C:\Program Files\Dell\QuickSet\quickset.exe
C:\Users\Marvin\AppData\Local\Akamai\netsession_win.exe
C:\Windows\system32\wbem\wmiprvse.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Windows\system32\svchost.exe -k HPService
C:\Program Files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE
C:\Windows\system32\svchost.exe -k bthsvcs
C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted
C:\Windows\system32\SearchIndexer.exe
C:\Program Files\HP\Digital Imaging\bin\hpqSTE08.exe
C:\Program Files\HP\Digital Imaging\bin\hpqbam08.exe
C:\Program Files\HP\Digital Imaging\bin\hpqgpc01.exe
C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe
C:\Program Files\Windows Media Player\wmpnetwk.exe
C:\Windows\system32\svchost.exe -k SDRSVC
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Windows\system32\taskeng.exe
C:\Program Files\Mozilla Firefox\plugin-container.exe
C:\Windows\system32\NOTEPAD.EXE
C:\Windows\system32\DllHost.exe
C:\Windows\system32\DllHost.exe
C:\Windows\system32\conhost.exe
C:\Windows\system32\wbem\wmiprvse.exe
.
============== Pseudo HJT Report ===============
.
uStart Page = hxxp://start.icq.com/
uInternet Settings,ProxyOverride = *.local;127.0.0.1:9421;<local>
uURLSearchHooks: H - No File
BHO: {02478D38-C3F9-4efb-9B51-7695ECA05670} - No File
BHO: HP Print Enhancer: {0347c33e-8762-4905-bf09-768834316c61} - c:\program files\hp\digital imaging\smart web printing\hpswp_printenhancer.dll
BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelperShim.dll
BHO: Groove GFS Browser Helper: {72853161-30c5-4d22-b7f9-0bbc1d38a37e} - c:\progra~1\micros~2\office14\GROOVEEX.DLL
BHO: Java(tm) Plug-In SSV Helper: {761497bb-d6f0-462c-b6eb-d4daf1d92d43} - c:\program files\java\jre6\bin\ssv.dll
BHO: Windows Live ID Sign-in Helper: {9030d464-4c02-4abf-8ecc-5164760863c6} - c:\program files\common files\microsoft shared\windows live\WindowsLiveLogin.dll
BHO: Office Document Cache Handler: {b4f3a835-0e21-4959-ba22-42b3008e02ff} - c:\progra~1\micros~2\office14\URLREDIR.DLL
BHO: Java(tm) Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dll
BHO: HP Smart BHO Class: {ffffffff-cf4e-4f2b-bdc2-0e72e116a856} - c:\program files\hp\digital imaging\smart web printing\hpswp_BHO.dll
EB: HP Smart Web Printing: {555d4d79-4bd2-4094-a395-cfc534424a05} - c:\program files\hp\digital imaging\smart web printing\hpswp_bho.dll
uRun: [Sidebar] c:\program files\windows sidebar\sidebar.exe /autoRun
uRun: [Akamai NetSession Interface] "c:\users\marvin\appdata\local\akamai\netsession_win.exe"
mRun: [SigmatelSysTrayApp] sttray.exe
mRun: [avgnt] "c:\program files\avira\antivir desktop\avgnt.exe" /min
mRun: [Adobe ARM] "c:\program files\common files\adobe\arm\1.0\AdobeARM.exe"
mRun: [WinampAgent] "c:\program files\winamp\winampa.exe"
mRun: [BCSSync] "c:\program files\microsoft office\office14\BCSSync.exe" /DelayServices
mRun: [HP Software Update] c:\program files\hp\hp software update\HPWuSchd2.exe
mRun: [hpqSRMon] c:\program files\hp\digital imaging\bin\hpqSRMon.exe
mRun: [AppleSyncNotifier] c:\program files\common files\apple\mobile device support\AppleSyncNotifier.exe
mRun: [APSDaemon] "c:\program files\common files\apple\apple application support\APSDaemon.exe"
mRun: [QuickTime Task] "c:\program files\quicktime\QTTask.exe" -atboottime
mRun: [SunJavaUpdateSched] "c:\program files\common files\java\java update\jusched.exe"
mRun: [Logitech Download Assistant] c:\windows\system32\rundll32.exe c:\windows\system32\LogiLDA.dll,LogiFetch
mRun: [iTunesHelper] "c:\program files\itunes\iTunesHelper.exe"
mRun: [Malwarebytes' Anti-Malware] "c:\program files\malwarebytes' anti-malware\mbamgui.exe" /starttray
StartupFolder: c:\users\marvin\appdata\roaming\micros~1\windows\startm~1\programs\startup\dropbox.lnk - c:\users\marvin\appdata\roaming\dropbox\bin\Dropbox.exe
StartupFolder: c:\progra~2\micros~1\windows\startm~1\programs\startup\hpdigi~1.lnk - c:\program files\hp\digital imaging\bin\hpqtra08.exe
StartupFolder: c:\progra~2\micros~1\windows\startm~1\programs\startup\quickset.lnk - c:\windows\installer\{7f0c4457-8e64-491b-8d7b-991504365d1e}\NewShortcut2_53A01CC614B04512A2E710D39BF83DC4.exe
mPolicies-system: ConsentPromptBehaviorAdmin = 5 (0x5)
mPolicies-system: ConsentPromptBehaviorUser = 3 (0x3)
mPolicies-system: EnableUIADesktopToggle = 0 (0x0)
IE: An OneNote s&enden - c:\progra~1\micros~2\office14\ONBttnIE.dll/105
IE: Nach Microsoft E&xcel exportieren - c:\progra~1\micros~2\office14\EXCEL.EXE/3000
IE: {7644E42D-B096-457F-8B5B-901238FC81AE} - c:\program files\icq7.6\ICQ.exe
IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - c:\program files\microsoft office\office14\ONBttnIE.dll
IE: {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - {FFFDC614-B694-4AE6-AB38-5D6374584B52} - c:\program files\microsoft office\office14\ONBttnIELinkedNotes.dll
IE: {DDE87865-83C5-48c4-8357-2F5B1AA84522} - {DDE87865-83C5-48c4-8357-2F5B1AA84522} - c:\program files\hp\digital imaging\smart web printing\hpswp_BHO.dll
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_30-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0030-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_30-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_30-windows-i586.cab
DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} - hxxp://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
TCP: DhcpNameServer = 192.168.178.1
TCP: Interfaces\{4264AD17-870E-44E7-B4B3-9D6A672CC9E2} : DhcpNameServer = 192.168.178.1
TCP: Interfaces\{4264AD17-870E-44E7-B4B3-9D6A672CC9E2}\56C63747F6 : DhcpNameServer = 192.168.2.1 192.168.2.1
TCP: Interfaces\{4264AD17-870E-44E7-B4B3-9D6A672CC9E2}\64259445A51224F6870264F6E60275C414E40273137303 : DhcpNameServer = 192.168.178.1
TCP: Interfaces\{4264AD17-870E-44E7-B4B3-9D6A672CC9E2}\A4026202A4 : DhcpNameServer = 192.168.2.1
TCP: Interfaces\{D9ACB36D-E54A-4230-BAF0-27FD925EE112} : DhcpNameServer = 192.168.178.1
Filter: text/xml - {807573E5-5146-11D5-A672-00B0D022E945} - c:\program files\common files\microsoft shared\office14\MSOXMLMF.DLL
SEH: Groove GFS Stub Execution Hook: {b5a7f190-dda6-4420-b3ba-52453494e6cd} - c:\progra~1\micros~2\office14\GROOVEEX.DLL
.
================= FIREFOX ===================
.
FF - ProfilePath - c:\users\marvin\appdata\roaming\mozilla\firefox\profiles\5m569w52.default\
FF - plugin: c:\progra~1\micros~2\office14\NPAUTHZ.DLL
FF - plugin: c:\progra~1\micros~2\office14\NPSPWRAP.DLL
FF - plugin: c:\program files\adobe\reader 10.0\reader\air\nppdf32.dll
FF - plugin: c:\program files\google\google earth\plugin\npgeplugin.dll
FF - plugin: c:\program files\google\update\1.3.21.111\npGoogleUpdate3.dll
FF - plugin: c:\program files\java\jre6\bin\new_plugin\npdeployJava1.dll
FF - plugin: c:\program files\microsoft silverlight\4.1.10111.0\npctrlui.dll
FF - plugin: c:\program files\mozilla firefox\plugins\npdeployJava1.dll
FF - plugin: c:\program files\mozilla firefox\plugins\npwachk.dll
.
============= SERVICES / DRIVERS ===============
.
R1 dtsoftbus01;DAEMON Tools Virtual Bus Driver;c:\windows\system32\drivers\dtsoftbus01.sys [2011-12-10 239168]
R2 AdobeARMservice;Adobe Acrobat Update Service;c:\program files\common files\adobe\arm\1.0\armsvc.exe [2011-6-6 64952]
R2 Akamai;Akamai NetSession Interface;c:\windows\system32\svchost.exe -k Akamai [2009-7-14 20992]
R2 AntiVirSchedulerService;Avira AntiVir Planer;c:\program files\avira\antivir desktop\sched.exe [2011-7-30 136360]
R2 AntiVirService;Avira AntiVir Guard;c:\program files\avira\antivir desktop\avguard.exe [2011-7-30 269480]
R2 avgntflt;avgntflt;c:\windows\system32\drivers\avgntflt.sys [2011-7-30 66616]
R2 MBAMService;MBAMService;c:\program files\malwarebytes' anti-malware\mbamservice.exe [2012-3-30 652360]
R3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [2012-3-30 20464]
R3 netw5v32;Intel(R) Wireless WiFi Link 5000-Serie - Adaptertreiber für Windows Vista 32 Bit;c:\windows\system32\drivers\netw5v32.sys [2009-6-10 4231168]
R3 osppsvc;Office Software Protection Platform;c:\program files\common files\microsoft shared\officesoftwareprotectionplatform\OSPPSVC.EXE [2010-1-9 4640000]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\microsoft.net\framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]
S2 gupdate;Google Update-Dienst (gupdate);c:\program files\google\update\GoogleUpdate.exe [2012-3-5 136176]
S3 b57nd60x;Broadcom NetXtreme Gigabit Ethernet - NDIS 6.0;c:\windows\system32\drivers\b57nd60x.sys [2009-7-14 229888]
S3 gupdatem;Google Update-Dienst (gupdatem);c:\program files\google\update\GoogleUpdate.exe [2012-3-5 136176]
S3 ivusb;Initio Driver for USB Default Controller;c:\windows\system32\drivers\ivusb.sys [2010-7-29 25112]
S3 Microsoft SharePoint Workspace Audit Service;Microsoft SharePoint Workspace Audit Service;c:\program files\microsoft office\office14\GROOVE.EXE [2011-6-12 31125880]
S3 RdpVideoMiniport;Remote Desktop Video Miniport Driver;c:\windows\system32\drivers\rdpvideominiport.sys [2011-7-30 15872]
S3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\TsUsbFlt.sys [2011-7-30 52224]
S3 WDC_SAM;WD SCSI Pass Thru driver;c:\windows\system32\drivers\wdcsam.sys [2011-2-16 11520]
.
=============== Created Last 30 ================
.
2012-04-01 09:40:23	54016	----a-w-	c:\windows\system32\drivers\duadnjkl.sys
2012-03-30 11:32:04	6582328	----a-w-	c:\programdata\microsoft\windows defender\definition updates\{dc922f54-1a2a-4c71-b187-621737687114}\mpengine.dll
2012-03-30 11:29:21	--------	d-----w-	c:\users\marvin\appdata\roaming\Malwarebytes
2012-03-30 11:29:15	--------	d-----w-	c:\programdata\Malwarebytes
2012-03-30 11:29:14	20464	----a-w-	c:\windows\system32\drivers\mbam.sys
2012-03-30 11:29:14	--------	d-----w-	c:\program files\Malwarebytes' Anti-Malware
2012-03-29 09:25:54	--------	d-sh--w-	C:\$RECYCLE.BIN
2012-03-29 09:25:52	--------	d-----w-	c:\users\marvin\appdata\local\temp
2012-03-29 08:59:50	98816	----a-w-	c:\windows\sed.exe
2012-03-29 08:59:50	518144	----a-w-	c:\windows\SWREG.exe
2012-03-29 08:59:50	256000	----a-w-	c:\windows\PEV.exe
2012-03-29 08:59:50	208896	----a-w-	c:\windows\MBR.exe
2012-03-29 08:54:56	--------	d-----w-	c:\users\marvin\appdata\local\{0B470108-5A73-4978-9AFE-D2CEA39D1667}
2012-03-28 19:04:44	--------	d-----w-	c:\users\marvin\appdata\local\{6B091275-F5A7-4ACD-8AB1-8BF98329A231}
2012-03-28 07:58:37	--------	d-----w-	c:\program files\PragmaDigm
2012-03-28 07:57:57	--------	d-----w-	c:\users\marvin\appdata\roaming\GetRightToGo
2012-03-28 04:54:08	--------	d-----w-	c:\users\marvin\appdata\local\{6B478D41-6385-49E2-AFD2-37B897F891D3}
2012-03-28 04:53:57	--------	d-----w-	c:\users\marvin\appdata\local\{F30C8F37-3398-4E31-BB70-2175B4D6D050}
2012-03-27 08:55:55	--------	d-----w-	c:\users\marvin\appdata\local\{D97A064D-383B-40E5-8DAF-331C48B83EFF}
2012-03-27 08:55:26	--------	d-----w-	c:\users\marvin\appdata\local\{E5126D34-BCA5-4785-8B60-0620BAFEBC4D}
2012-03-26 08:35:20	--------	d-----w-	c:\users\marvin\appdata\local\{9952C0CF-968C-4C2C-B0D0-74CC76500122}
2012-03-26 08:34:02	--------	d-----w-	c:\users\marvin\appdata\local\{A33850D5-A292-45BD-97E2-4DD1A06EE1A6}
2012-03-25 13:58:44	--------	d-----w-	c:\users\marvin\appdata\local\{1E923058-7697-443E-906E-89C4523FFC68}
2012-03-25 13:58:21	--------	d-----w-	c:\users\marvin\appdata\local\{31BB4AC2-EB71-43DD-97FD-65D1308B17C9}
2012-03-25 09:05:22	--------	d-----w-	c:\users\marvin\appdata\local\{83A4E7F2-E612-4577-82E8-E4B2252E8BA4}
2012-03-24 08:17:33	--------	d-----w-	c:\users\marvin\appdata\local\{DA6AB857-FBB3-46DC-82AE-FD438F8AB445}
2012-03-24 08:17:23	--------	d-----w-	c:\users\marvin\appdata\local\{A1A9C2AB-1DA3-4348-8A4A-9CD9A85D4C4C}
2012-03-23 11:10:51	--------	d-----w-	c:\users\marvin\appdata\local\{2AD72CFE-89E8-46E5-9A68-20FF66A4E388}
2012-03-23 11:10:28	--------	d-----w-	c:\users\marvin\appdata\local\{9C98FEC6-0B9A-4573-903A-4106A5AE556A}
2012-03-23 10:43:43	--------	d-----w-	c:\users\marvin\appdata\local\{5FA18F50-058F-4333-85DE-9D3D83A8A8ED}
2012-03-23 10:43:32	--------	d-----w-	c:\users\marvin\appdata\local\{BF9F9E34-9F55-48F5-BFB2-28D8931C2191}
2012-03-22 20:48:32	--------	d-----w-	c:\users\marvin\appdata\local\{B703C1C0-C410-4E7E-8E93-4C16555B38A8}
2012-03-22 20:48:20	--------	d-----w-	c:\users\marvin\appdata\local\{C88A39E1-1F38-4D91-AB79-BAA8B92C21D6}
2012-03-22 06:16:08	--------	d-----w-	c:\users\marvin\appdata\local\{6DD78724-176A-4409-AC78-E0FA36A7F2F6}
2012-03-22 06:15:58	--------	d-----w-	c:\users\marvin\appdata\local\{A15F2967-32CF-4913-A3FB-C3E9959A4955}
2012-03-21 13:15:38	--------	d-----w-	c:\users\marvin\appdata\local\{E845C22D-6E4D-45CD-AC64-9BC918227566}
2012-03-21 13:15:16	--------	d-----w-	c:\users\marvin\appdata\local\{8B0882B6-78A1-4E9E-9F56-804C27D51AD0}
2012-03-21 00:11:38	--------	d-----w-	c:\users\marvin\appdata\local\{07C1F97C-C60F-4FD6-A50C-002663AA46D9}
2012-03-21 00:11:16	--------	d-----w-	c:\users\marvin\appdata\local\{79D88A6C-CFE9-45B8-B97D-86B96A4161F1}
2012-03-20 21:52:43	--------	d-----w-	c:\users\marvin\appdata\local\{F4CADBE1-8F83-4F4C-A322-A81BDE188919}
2012-03-20 21:52:31	--------	d-----w-	c:\users\marvin\appdata\local\{A95499AB-811E-4B5A-95F3-68178D63E33F}
2012-03-20 08:58:56	--------	d-----w-	c:\users\marvin\appdata\local\{C1ABC5FE-0E12-4023-B6A9-7DD4D21AF489}
2012-03-20 08:58:43	--------	d-----w-	c:\users\marvin\appdata\local\{1D524D46-0D5B-4B8F-A096-B26288BBAC65}
2012-03-19 09:28:52	--------	d-----w-	c:\users\marvin\appdata\local\{B49AFFE3-4FE1-4C81-A960-FF52DC81D5AF}
2012-03-19 09:28:37	--------	d-----w-	c:\users\marvin\appdata\local\{732058B9-3E0D-40DD-A4A2-C7FA85E80A4E}
2012-03-18 12:21:32	--------	d-----w-	c:\users\marvin\appdata\local\{17C43A43-DD1B-4F49-B97B-3BF333DAEF98}
2012-03-18 12:21:21	--------	d-----w-	c:\users\marvin\appdata\local\{EDC2746B-9F8D-453A-AAAB-B131628567D9}
2012-03-17 09:27:12	--------	d-----w-	c:\users\marvin\appdata\local\{2E97017F-D406-44C7-BFF4-543730E9611B}
2012-03-17 09:27:01	--------	d-----w-	c:\users\marvin\appdata\local\{C47EA93C-259E-4E53-A48C-9F76812464F3}
2012-03-16 12:05:53	--------	d-----w-	c:\users\marvin\appdata\local\{F9256981-A09A-4D98-AFCC-3DD69F2E8C55}
2012-03-16 12:05:42	--------	d-----w-	c:\users\marvin\appdata\local\{3649E50C-FA82-4955-ABCE-484AFEB59FCF}
2012-03-16 07:39:46	--------	d-----w-	c:\users\marvin\appdata\local\{E7DBB581-BCA0-47C3-8BA8-26ABE9FF2200}
2012-03-15 16:27:21	592824	----a-w-	c:\program files\mozilla firefox\gkmedias.dll
2012-03-15 16:27:21	44472	----a-w-	c:\program files\mozilla firefox\mozglue.dll
2012-03-15 13:43:15	--------	d-----w-	c:\users\marvin\appdata\local\{CC1C47A3-9195-4D37-A2B7-A23E57C8B165}
2012-03-15 13:43:01	--------	d-----w-	c:\users\marvin\appdata\local\{E33F9328-9F2B-4BDF-9C11-8F8D2B523758}
2012-03-15 08:05:09	--------	d-----w-	c:\users\marvin\appdata\local\{F71FFEEC-0168-483F-8188-C9F65C285C4A}
2012-03-15 08:04:58	--------	d-----w-	c:\users\marvin\appdata\local\{D4FA7C48-3B00-48B2-B407-B69CCC114191}
2012-03-14 18:21:23	--------	d-----w-	c:\users\marvin\appdata\local\{421DED8F-68EF-4C52-8D3D-C50AA40922F9}
2012-03-14 18:21:12	--------	d-----w-	c:\users\marvin\appdata\local\{A43A1EE4-67AA-4419-BAE6-3B1F8A470AE1}
2012-03-14 13:05:18	3968368	----a-w-	c:\windows\system32\ntkrnlpa.exe
2012-03-14 13:05:18	3913584	----a-w-	c:\windows\system32\ntoskrnl.exe
2012-03-14 09:46:06	2343424	----a-w-	c:\windows\system32\win32k.sys
2012-03-14 09:46:05	1077248	----a-w-	c:\windows\system32\DWrite.dll
2012-03-14 09:45:41	8192	----a-w-	c:\windows\system32\rdrmemptylst.exe
2012-03-14 09:45:40	58880	----a-w-	c:\windows\system32\rdpwsx.dll
2012-03-14 09:45:40	129536	----a-w-	c:\windows\system32\rdpcorekmts.dll
2012-03-14 09:45:39	919040	----a-w-	c:\windows\system32\rdpcorets.dll
2012-03-14 09:45:38	826880	----a-w-	c:\windows\system32\rdpcore.dll
2012-03-14 09:45:38	24576	----a-w-	c:\windows\system32\drivers\tdtcp.sys
2012-03-14 09:45:38	183808	----a-w-	c:\windows\system32\drivers\rdpwd.sys
2012-03-13 23:12:50	--------	d-----w-	c:\users\marvin\appdata\local\{89C16AA1-1DA5-4AC1-AFAC-C7F59C28C4F0}
2012-03-13 23:12:39	--------	d-----w-	c:\users\marvin\appdata\local\{8F8F278E-BC1E-4BC1-9FAC-0B22732F04FF}
2012-03-13 21:18:48	--------	d-----w-	c:\users\marvin\appdata\local\{6B9063A0-0B88-4357-8B83-A2BF14C42E56}
2012-03-13 21:18:33	--------	d-----w-	c:\users\marvin\appdata\local\{62C681F8-4DCC-4EBE-B56A-7A7F41AD6E12}
2012-03-13 07:55:14	--------	d-----w-	c:\users\marvin\appdata\local\{C556718A-FF85-4E25-94B9-F765F572F58C}
2012-03-13 07:55:00	--------	d-----w-	c:\users\marvin\appdata\local\{8C07F143-BF34-497F-B6E3-F4D54C11E970}
2012-03-12 15:12:56	--------	d-----w-	c:\users\marvin\appdata\local\{A9D8A3C7-A167-4241-B590-7786EF55D338}
2012-03-12 15:12:44	--------	d-----w-	c:\users\marvin\appdata\local\{C2290593-CDFF-4C2F-99C4-E67B1CC4A22D}
2012-03-11 12:03:19	--------	d-----w-	c:\users\marvin\appdata\local\{606C2F45-8804-479E-B009-2591562DF8D8}
2012-03-11 12:03:08	--------	d-----w-	c:\users\marvin\appdata\local\{642E9A55-C058-4A7E-B445-318EE3754551}
2012-03-11 11:16:51	--------	d-----w-	c:\programdata\Blizzard Entertainment
2012-03-10 21:40:04	--------	d-----w-	c:\program files\common files\Blizzard Entertainment
2012-03-10 18:56:22	--------	d-----w-	c:\program files\common files\Blizzard Entertainment.temp
2012-03-10 14:50:11	--------	d-----w-	c:\programdata\Blizzard
2012-03-10 09:21:54	--------	d-----w-	c:\users\marvin\appdata\local\{9294A2C3-A9CA-4648-814C-E5B8B7E68ACC}
2012-03-10 09:21:43	--------	d-----w-	c:\users\marvin\appdata\local\{5EA6AC99-47B8-492D-8346-E4AFBAEA93E8}
2012-03-09 21:08:40	--------	d-----w-	c:\users\marvin\appdata\local\{B6662F66-3F04-4C11-87B6-2908649B4AD7}
2012-03-09 21:08:30	--------	d-----w-	c:\users\marvin\appdata\local\{AC7E8172-D563-410F-BF83-D1F535F86CA6}
2012-03-09 17:35:10	--------	d-----w-	c:\users\marvin\appdata\local\{C20E010B-4437-4209-AB85-FEE1E8391317}
2012-03-09 16:56:29	--------	d-----w-	c:\users\marvin\appdata\local\{9668208F-CFFB-4E18-83A7-650D8E6B30A2}
2012-03-09 16:56:13	--------	d-----w-	c:\users\marvin\appdata\local\{310E72A9-A882-4CD3-8138-FEBC0BB7D381}
2012-03-09 09:00:26	--------	d-----w-	c:\windows\system32\appmgmt
2012-03-09 08:44:21	--------	d-----w-	c:\users\marvin\appdata\local\{171399EB-B0F4-4A8B-B2F6-DE5E48FB2C9F}
2012-03-09 08:44:09	--------	d-----w-	c:\users\marvin\appdata\local\{E0DEE6AF-6798-4478-8A17-85A1923C7E95}
2012-03-08 09:01:59	--------	d-----w-	c:\users\marvin\appdata\local\{415EC380-A7DE-42E2-8AEE-23348E60BED6}
2012-03-08 09:01:48	--------	d-----w-	c:\users\marvin\appdata\local\{0934A83E-904D-41F8-B731-CECB40C57EF0}
2012-03-07 23:19:03	--------	d-----w-	c:\users\marvin\appdata\local\{D1820A18-9252-41DE-9322-EEA87B6F7C80}
2012-03-07 09:02:03	--------	d-----w-	c:\users\marvin\appdata\local\{D76CCAA2-051D-4309-91FC-D80530903361}
2012-03-07 09:01:51	--------	d-----w-	c:\users\marvin\appdata\local\{458E0185-620D-4FC4-828D-2A1821C5831C}
2012-03-06 10:53:18	--------	d-----w-	c:\users\marvin\appdata\local\{D1CA46BC-5D07-4C27-BD0D-14D0992AECC1}
2012-03-06 10:53:04	--------	d-----w-	c:\users\marvin\appdata\local\{BBD650E5-BD44-4EB1-A146-F6B2CCD9F803}
2012-03-05 16:29:54	--------	d-----w-	c:\users\marvin\appdata\local\Google
2012-03-05 09:05:26	--------	d-----w-	c:\users\marvin\appdata\local\{DF6D0BB4-1CB0-4403-9F2A-B275FA2E6163}
2012-03-05 09:05:14	--------	d-----w-	c:\users\marvin\appdata\local\{41FAE50B-7695-4019-B46D-C6E189EAA271}
2012-03-04 09:22:04	--------	d-----w-	c:\users\marvin\appdata\local\{65538675-995E-4D44-B13A-5858C33D45E2}
2012-03-04 09:21:50	--------	d-----w-	c:\users\marvin\appdata\local\{324D9721-2877-465C-99DE-1B78D814568D}
2012-03-03 12:56:08	--------	d-----w-	c:\users\marvin\appdata\local\{BA2C4A26-1E07-42EC-B8DF-01E9AA594B82}
2012-03-03 12:55:57	--------	d-----w-	c:\users\marvin\appdata\local\{F7F80716-09FB-46C6-8416-DE7F7EE26426}
2012-03-03 10:22:22	--------	d-----w-	c:\users\marvin\appdata\local\{AAC05328-2F91-4DFB-85C9-3A880A0A9CA3}
.
==================== Find3M  ====================
.
2012-03-31 14:23:11	77824	----a-w-	c:\windows\KMSEmulator.exe
2012-03-19 20:11:33	414368	----a-w-	c:\windows\system32\FlashPlayerCPLApp.cpl
2012-02-23 08:18:36	237072	------w-	c:\windows\system32\MpSigStub.exe
2012-01-04 18:38:42	2829	----a-w-	c:\windows\War3Unin.pif
2012-01-04 18:38:42	139264	----a-w-	c:\windows\War3Unin.exe
2012-01-04 08:58:41	442880	----a-w-	c:\windows\system32\ntshrui.dll
.
============= FINISH: 11:46:08,81 ===============
         

[/CODE]
--- --- ---
--- --- ---
Attach:
.
UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.
IF REQUESTED, ZIP IT UP & ATTACH IT
.
DDS (Ver_2011-08-26.01)
.
Microsoft Windows 7 Ultimate
Boot Device: \Device\HarddiskVolume1
Install Date: 30.07.2011 08:56:49
System Uptime: 31.03.2012 16:22:09 (19 hours ago)
.
Motherboard: Dell Inc. | | 0YD479
Processor: Genuine Intel(R) CPU T2400 @ 1.83GHz | Microprocessor | 989/166mhz
.
==== Disk Partitions =========================
.
C: is FIXED (NTFS) - 39 GiB total, 3,957 GiB free.
D: is FIXED (NTFS) - 29 GiB total, 13,805 GiB free.
E: is FIXED (NTFS) - 39 GiB total, 12,369 GiB free.
F: is FIXED (NTFS) - 42 GiB total, 1,003 GiB free.
G: is CDROM ()
Q: is CDROM (CDFS)
.
==== Disabled Device Manager Items =============
.
Class GUID: {4d36e971-e325-11ce-bfc1-08002be10318}
Description: Photosmart 2570 series
Device ID: ROOT\MULTIFUNCTION\0000
Manufacturer: HP
Name: Photosmart 2570 series
PNP Device ID: ROOT\MULTIFUNCTION\0000
Service:
.
==== System Restore Points ===================
.
No restore point in system.
.
==== Installed Programs ======================
.
2570
2570_Help
2570Trb
32 Bit HP CIO Components Installer
Adobe Flash Player 10 ActiveX
Adobe Flash Player 11 Plugin
Adobe Reader X (10.1.0) - Deutsch
AIO_CDB_ProductContext
AIO_CDB_Software
AIO_Scan
Akamai NetSession Interface
Akamai NetSession Interface Service
Apple Application Support
Apple Mobile Device Support
Apple Software Update
Avira AntiVir Personal - Free Antivirus
Ballerburg
Battle Pirates Base Editor
Blender
Bonjour
BufferChm
Copy
Counter-Strike 1.6
D3DX10
DAEMON Tools Lite
Definition Update for Microsoft Office 2010 (KB982726) 32-Bit Edition
Destinations
DeviceDiscovery
DocProc
Dropbox
Fax
Feedback Tool
Google Chrome
Google Earth
Google Update Helper
GPBaseService2
Guitar Pro 6
HP Customer Participation Program 13.0
HP Imaging Device Functions 13.0
HP Photosmart Essential 3.5
HP Photosmart Officejet and Deskjet All-In-One Driver Software 13.0 Rel. B
HP Smart Web Printing 4.51
HP Solution Center 13.0
HP Update
HPPhotoGadget
HPPhotoSmartDiscLabelContent1
HPPhotosmartEssential
HPProductAssistant
HPSSupply
iCloud
ICQ7.6
iTunes
Java Auto Updater
Java(TM) 6 Update 30
JDownloader 0.9
Junk Mail filter update
Malwarebytes Anti-Malware Version 1.60.1.1000
MarketResearch
Microsoft .NET Framework 4 Client Profile
Microsoft .NET Framework 4 Client Profile DEU Language Pack
Microsoft Access 2010
Microsoft Application Error Reporting
Microsoft Games for Windows - LIVE Redistributable
Microsoft Games for Windows Marketplace
Microsoft Office 2010 Service Pack 1 (SP1)
Microsoft Office Access 2010
Microsoft Office Access MUI (German) 2010
Microsoft Office Excel MUI (German) 2010
Microsoft Office Groove MUI (German) 2010
Microsoft Office InfoPath MUI (German) 2010
Microsoft Office OneNote MUI (German) 2010
Microsoft Office Outlook MUI (German) 2010
Microsoft Office PowerPoint MUI (German) 2010
Microsoft Office Professional Plus 2010
Microsoft Office Proof (English) 2010
Microsoft Office Proof (French) 2010
Microsoft Office Proof (German) 2010
Microsoft Office Proof (Italian) 2010
Microsoft Office Proofing (German) 2010
Microsoft Office Publisher MUI (German) 2010
Microsoft Office Shared MUI (German) 2010
Microsoft Office Word MUI (German) 2010
Microsoft Silverlight
Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
Microsoft Visual C++ 2005 Redistributable
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
MobileMe Control Panel
Mozilla Firefox 11.0 (x86 de)
MSVCRT
MSXML 4.0 SP2 (KB954430)
MSXML 4.0 SP2 (KB973688)
Network
OCR Software by I.R.I.S. 13.0
PDFCreator
Process Killer 2011 (3.0 Build 1)
QuickSet
QuickTime
Safari
Scan
Secure Download Manager
Security Update for Microsoft .NET Framework 4 Client Profile (KB2478663)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2518870)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2539636)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2572078)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2633870)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2656351)
Security Update for Microsoft .NET Framework 4 Client Profile DEU Language Pack (KB2478663)
Security Update for Microsoft .NET Framework 4 Client Profile DEU Language Pack (KB2518870)
Security Update for Microsoft Office 2010 (KB2553091)
Security Update for Microsoft Office 2010 (KB2553096)
Security Update for Microsoft Office 2010 (KB2589320) 32-Bit Edition
Security Update for Microsoft PowerPoint 2010 (KB2553185) 32-Bit Edition
Security Update for Microsoft SharePoint Workspace 2010 (KB2566445)
Security Update for Microsoft Visio Viewer 2010 (KB2597170) 32-Bit Edition
SES Driver
Shop for HP Supplies
SigmaTel Audio
SmartWebPrinting
SolutionCenter
Status
TeamSpeak 3 Client
Toolbox
Total Commander (Remove or Repair)
TrayApp
UnloadSupport
Update for Microsoft .NET Framework 4 Client Profile (KB2468871)
Update for Microsoft .NET Framework 4 Client Profile (KB2533523)
Update for Microsoft .NET Framework 4 Client Profile (KB2600217)
Update for Microsoft Excel 2010 (KB2553439) 32-Bit Edition
Update for Microsoft Office 2010 (KB2494150)
Update for Microsoft Office 2010 (KB2553065)
Update for Microsoft Office 2010 (KB2553092)
Update for Microsoft Office 2010 (KB2553181) 32-Bit Edition
Update for Microsoft Office 2010 (KB2553270) 32-Bit Edition
Update for Microsoft Office 2010 (KB2553310) 32-Bit Edition
Update for Microsoft Office 2010 (KB2553385) 32-Bit Edition
Update for Microsoft Office 2010 (KB2566458)
Update for Microsoft Office 2010 (KB2596964) 32-Bit Edition
Update for Microsoft Office 2010 (KB2597091) 32-Bit Edition
Update for Microsoft OneNote 2010 (KB2553290) 32-Bit Edition
Update for Microsoft Outlook 2010 (KB2553323) 32-Bit Edition
Update for Microsoft Outlook Social Connector (KB2583935)
UseNeXT
VLC media player 1.1.11
Warcraft III
Warcraft III: All Products
WebReg
Winamp
Winamp Erkennungs-Plug-in
Windows Live Communications Platform
Windows Live Essentials
Windows Live ID Sign-in Assistant
Windows Live Installer
Windows Live Mail
Windows Live Messenger
Windows Live MIME IFilter
Windows Live Photo Common
Windows Live PIMT Platform
Windows Live SOXE
Windows Live SOXE Definitions
Windows Live UX Platform
Windows Live UX Platform Language Pack
Windows Live Writer
Windows Live Writer Resources
WinRAR 4.01 (32-Bit)
World of Warcraft
.
==== End Of File ===========================

Zitat:

F:\Zwischenspeicher\Install Allgemein\__Brennen\CloneCD\CloneCD 5.2.7.1\Crack\Patch.exe
F:\Zwischenspeicher\Install Allgemein\__Brennen\Nero Burning Rom Ultra Edition 6.6.0.8\Crack\Keygen.exe

Alleine der Besuch auf Seiten, welche diese Dateien zum Download anbieten, beinhaltet ein hohes Risiko sich zu infizieren.

Wenn Du den Crack startest, startest du eine ausführbare Datei aus einer sehr dubiosen Quelle. Im Quellcode der Datei kann alles mögliche stehen. ( z.B downloaden und ausführen von Malware Dateien )
Dies ist einer der Hauptgründe wie man sich infiziert.

Ausserdem sind Cracks usw illegal und das ist genauso Diebstahl wie in einem Laden.

Darum haben wir uns darauf geeinigt,

Falls wir Hinweise auf illegal erworbene Software finden, werden wir den Support ohne jegliche Diskussion beenden.

Deshalb beschränkt sich unsere Hilfe für dich auf eine Anleitung zur Neuinstallation und Absicherung des Systems

1. Keiner von euch profis kann mir erzählen er hätte nicht mal nen lied gesownloadet, wer das abstreitet lügt. Und darauf steht dieselbe strafe wie auf software download. Ich weiß es ich studier wirtschaftsrecht

2. Das thema soll sofort gelöscht (nicht geschlossen) werden.
Mfg creekie

Ich gebe für die Löschung dieses Threads eine Frist von 24 Stunden beginnend ab jetzt.

MfG Creekie