weißer Bildschirm + Warten sie während die Verbindung aufgebaut wird. (engl.+ deut.)

Terminator92 · 12.04.2012, 12:27

Ja alles funktioniert wieder uneingeschränkt und es sind keine leeren Ordner o.ä. im Startmenü.Das einzige was mir auffällt ist, dass das Update

"Sicherheitsupdate für Windows Vista (KB2378111)"

nicht installiert werden kann. Alle andren Updates erfolgen ohne Einschränkungen.

Durch eine manuelle Installation des Updates, hat es sich installieren lassen

cosinus · 12.04.2012, 15:14

Mach bitte ein neues OTL-Log. Bitte alles nach Möglichkeit hier in CODE-Tags posten.

Wird so gemacht:

[code] hier steht das Log [/code]

Und das ganze sieht dann so aus:

Code:

ATTFilter

 hier steht das Log

CustomScan mit OTL

Falls noch nicht vorhanden, lade Dir bitte OTL von Oldtimer herunter und speichere es auf Deinem Desktop

Starte bitte die OTL.exe.
Vista und Win7 User mit Rechtsklick "als Administrator starten"
Setze oben mittig den Haken bei Scanne alle Benutzer
Kopiere nun den kompletten Inhalt aus der untenstehenden Codebox in die Textbox von OTL - wenn OTL auf deutsch ist wird sie mit beschriftet

Code:

ATTFilter

netsvcs
msconfig
safebootminimal
safebootnetwork
activex
drivers32
%ALLUSERSPROFILE%\Application Data\*.
%ALLUSERSPROFILE%\Application Data\*.exe /s
%APPDATA%\*.
%APPDATA%\*.exe /s
%SYSTEMDRIVE%\*.exe
/md5start
wininit.exe
userinit.exe
eventlog.dll
scecli.dll
netlogon.dll
cngaudit.dll
ws2ifsl.sys
sceclt.dll
ntelogon.dll
winlogon.exe
logevent.dll
user32.DLL
iaStor.sys
nvstor.sys
atapi.sys
IdeChnDr.sys
viasraid.sys
AGP440.sys
vaxscsi.sys
nvatabus.sys
viamraid.sys
nvata.sys
nvgts.sys
iastorv.sys
ViPrt.sys
eNetHook.dll
ahcix86.sys
KR10N.sys
nvstor32.sys
ahcix86s.sys
/md5stop
%systemroot%\system32\drivers\*.sys /lockedfiles
%systemroot%\System32\config\*.sav
%systemroot%\*. /mp /s
%systemroot%\system32\*.dll /lockedfiles
CREATERESTOREPOINT

Schliesse bitte nun alle Programme. (Wichtig)
Klicke nun bitte auf den Quick Scan Button.
Klick auf .
Kopiere nun den Inhalt aus OTL.txt hier in Deinen Thread

Terminator92 · 12.04.2012, 16:59

Hier der Inhalt der OTL.txt:

Code:

ATTFilter

OTL logfile created on: 12.04.2012 17:47:06 - Run 1
OTL by OldTimer - Version 3.2.39.2     Folder = C:\Users\Patricia Scharf\Desktop
Windows Vista Home Premium Edition Service Pack 2 (Version = 6.0.6002) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
 
3,12 Gb Total Physical Memory | 2,53 Gb Available Physical Memory | 81,06% Memory free
6,47 Gb Paging File | 5,39 Gb Available in Paging File | 83,29% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 298,09 Gb Total Space | 221,89 Gb Free Space | 74,44% Space Free | Partition Type: NTFS
Drive D: | 111,78 Gb Total Space | 68,70 Gb Free Space | 61,46% Space Free | Partition Type: NTFS
 
Computer Name: PATRICIA-PC | User Name: Patricia Scharf | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users | Quick Scan
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days
 
========== Processes (SafeList) ==========
 
PRC - [2012.04.12 17:45:30 | 000,593,920 | ---- | M] (OldTimer Tools) -- C:\Users\Patricia Scharf\Desktop\OTL.exe
PRC - [2012.01.13 14:53:18 | 000,652,360 | ---- | M] (Malwarebytes Corporation) -- C:\Programme\Malwarebytes' Anti-Malware\mbamservice.exe
PRC - [2011.08.04 06:18:43 | 000,126,400 | R--- | M] (Symantec Corporation) -- C:\Programme\Norton Internet Security\Engine\17.9.0.12\ccsvchst.exe
PRC - [2011.01.27 00:55:54 | 000,393,216 | ---- | M] (AMD) -- C:\Windows\System32\atieclxx.exe
PRC - [2011.01.27 00:55:24 | 000,176,128 | ---- | M] (AMD) -- C:\Windows\System32\atiesrxx.exe
PRC - [2010.07.07 10:58:02 | 001,089,664 | ---- | M] (ASUSTeK Computer Inc.) -- C:\Programme\ASUS\TurboV EVO\TurboVHelp.exe
PRC - [2010.06.24 08:19:50 | 000,109,056 | R--- | M] () -- C:\Programme\ASUS\AsSysCtrlService\1.00.05\AsSysCtrlService.exe
PRC - [2010.06.17 05:23:34 | 000,140,224 | ---- | M] (Advanced Micro Devices) -- C:\Programme\ATI Technologies\ATI.ACE\Reservation Manager\AMD Reservation Manager.exe
PRC - [2010.04.27 04:09:52 | 000,113,288 | ---- | M] (Renesas Electronics Corporation) -- C:\Programme\Renesas Electronics\USB 3.0 Host Controller Driver\Application\nusb3mon.exe
PRC - [2010.03.15 04:21:18 | 001,780,224 | R--- | M] (VIA) -- C:\Programme\VIA\VIAudioi\VDeck\VDeck.exe
PRC - [2009.11.10 14:24:22 | 000,105,632 | ---- | M] (Corel) -- C:\Programme\Common Files\Corel\Standby\Standby.exe
PRC - [2009.10.26 13:16:00 | 000,223,464 | ---- | M] (DeviceVM, Inc.) -- C:\Programme\DeviceVM\Browser Configuration Utility\BCUService.exe
PRC - [2009.10.26 13:15:56 | 000,375,000 | ---- | M] (DeviceVM, Inc.) -- C:\Programme\DeviceVM\Browser Configuration Utility\BCU.exe
PRC - [2009.04.10 23:27:38 | 002,926,592 | ---- | M] (Microsoft Corporation) -- C:\Windows\explorer.exe
PRC - [2009.04.10 23:27:22 | 000,088,576 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\audiodg.exe
PRC - [2009.03.30 08:32:40 | 000,032,768 | R--- | M] () -- C:\Windows\DAODx.exe
PRC - [2008.01.21 04:25:33 | 000,896,512 | ---- | M] (Microsoft Corporation) -- C:\Programme\Windows Media Player\wmpnetwk.exe
PRC - [2008.01.21 04:25:33 | 000,202,240 | ---- | M] (Microsoft Corporation) -- C:\Programme\Windows Media Player\wmpnscfg.exe
PRC - [2008.01.21 04:23:32 | 001,008,184 | ---- | M] (Microsoft Corporation) -- C:\Programme\Windows Defender\MSASCui.exe
PRC - [2007.07.24 11:15:14 | 000,185,632 | ---- | M] (Protexis Inc.) -- C:\Programme\Common Files\Protexis\License Service\PsiService_2.exe
 
 
========== Modules (No Company Name) ==========
 
MOD - [2012.04.12 13:04:01 | 000,240,128 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\WindowsFormsIntegra#\03720d4ccc7abcf2145cf3c01e94ddb9\WindowsFormsIntegration.ni.dll
MOD - [2012.04.12 13:03:02 | 011,820,032 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Web\48302596a8c8f2ab396b3be518dbd800\System.Web.ni.dll
MOD - [2012.04.12 12:59:05 | 012,430,848 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\09b9cd1c630210237b5b46d9943e1946\System.Windows.Forms.ni.dll
MOD - [2012.04.12 12:59:00 | 001,591,808 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Drawing\61759b9905aed9a87347d04b5fad046b\System.Drawing.ni.dll
MOD - [2012.04.12 12:58:51 | 014,328,832 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\PresentationFramewo#\e6326da9ba4ba58f72287ad35faa8e09\PresentationFramework.ni.dll
MOD - [2012.04.12 12:58:36 | 012,216,832 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\PresentationCore\0e4e06c619563f0ad56db6c3f6168e29\PresentationCore.ni.dll
MOD - [2012.02.23 19:12:30 | 000,771,584 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Runtime.Remo#\5c3bfd69e0c268baff0d169e11a6a784\System.Runtime.Remoting.ni.dll
MOD - [2012.02.23 19:12:24 | 000,971,264 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Configuration\7fd6c62196829d1e2dce5a253145d51a\System.Configuration.ni.dll
MOD - [2012.02.23 18:53:31 | 005,450,752 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Xml\d9f0f1dc8cbdb81f1ba122d77a6ab710\System.Xml.ni.dll
MOD - [2012.02.23 18:52:47 | 002,295,296 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Core\bc01d91f95947c7f25f3ae4e16db2cb5\System.Core.ni.dll
MOD - [2012.02.23 18:52:44 | 000,368,128 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\PresentationFramewo#\d48e106e015d0f8cb2d5295015cee508\PresentationFramework.Aero.ni.dll
MOD - [2012.02.23 18:52:18 | 003,325,952 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\WindowsBase\1e258a951222c818540b33880ca45f2e\WindowsBase.ni.dll
MOD - [2012.02.23 18:52:15 | 007,953,408 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System\c50133cb67d7c013fa31e1ffb942060b\System.ni.dll
MOD - [2011.10.28 14:49:46 | 000,060,928 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\UIAutomationProvider\5aab9bc687029a908fc01473f8e5f77b\UIAutomationProvider.ni.dll
MOD - [2011.10.28 14:46:30 | 011,490,816 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\b6632a8b2f276a8e31f5b0f6b2006cd1\mscorlib.ni.dll
MOD - [2011.01.27 00:11:58 | 000,023,040 | ---- | M] () -- C:\Windows\System32\atitmpxx.dll
MOD - [2011.01.26 17:48:02 | 000,243,712 | ---- | M] () -- C:\Programme\ATI Technologies\ATI.ACE\Core-Static\CLI.Aspect.CrossDisplay.Graphics.Dashboard.dll
MOD - [2010.06.01 10:38:40 | 000,253,952 | ---- | M] () -- C:\Programme\ASUS\TurboV EVO\pngio.dll
MOD - [2010.03.02 09:30:58 | 064,125,952 | R--- | M] () -- C:\Programme\VIA\VIAudioi\VDeck\skin.dll
MOD - [2010.02.08 17:19:52 | 000,053,248 | ---- | M] () -- C:\Programme\ASUS\TurboV EVO\HookKey32.dll
MOD - [2009.06.27 10:11:12 | 000,503,202 | ---- | M] () -- C:\Programme\DeviceVM\Browser Configuration Utility\sqlite3.dll
MOD - [2009.05.07 10:53:18 | 000,106,496 | R--- | M] () -- C:\Programme\VIA\VIAudioi\VDeck\Dts2ApoApi.dll
MOD - [2009.05.07 10:50:46 | 000,073,728 | R--- | M] () -- C:\Programme\VIA\VIAudioi\VDeck\QsApoApi.dll
MOD - [2009.03.30 08:32:40 | 000,032,768 | R--- | M] () -- C:\Windows\DAODx.exe
MOD - [2009.03.29 21:42:14 | 000,434,176 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\System.Windows.Forms.resources\2.0.0.0_de_b77a5c561934e089\System.Windows.Forms.resources.dll
MOD - [2009.03.29 21:42:14 | 000,212,992 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\System.resources\2.0.0.0_de_b77a5c561934e089\System.resources.dll
MOD - [2009.03.29 21:42:12 | 000,315,392 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\mscorlib.resources\2.0.0.0_de_b77a5c561934e089\mscorlib.resources.dll
MOD - [2009.02.24 18:16:58 | 000,249,856 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\PresentationFramework.resources\3.0.0.0_de_31bf3856ad364e35\PresentationFramework.resources.dll
MOD - [2008.02.14 07:57:00 | 000,094,208 | R--- | M] () -- C:\Programme\VIA\VIAudioi\VDeck\VMicApi.dll
 
 
========== Win32 Services (SafeList) ==========
 
SRV - [2012.04.07 14:49:36 | 000,253,600 | ---- | M] (Adobe Systems Incorporated) [On_Demand | Stopped] -- C:\Windows\System32\Macromed\Flash\FlashPlayerUpdateService.exe -- (AdobeFlashPlayerUpdateSvc)
SRV - [2012.01.13 14:53:18 | 000,652,360 | ---- | M] (Malwarebytes Corporation) [Auto | Running] -- C:\Programme\Malwarebytes' Anti-Malware\mbamservice.exe -- (MBAMService)
SRV - [2011.08.04 06:18:43 | 000,126,400 | R--- | M] (Symantec Corporation) [Auto | Running] -- C:\Program Files\Norton Internet Security\Engine\17.9.0.12\ccSvcHst.exe -- (NIS)
SRV - [2011.01.27 00:55:24 | 000,176,128 | ---- | M] (AMD) [Auto | Running] -- C:\Windows\System32\atiesrxx.exe -- (AMD External Events Utility)
SRV - [2010.06.24 08:19:50 | 000,109,056 | R--- | M] () [Auto | Running] -- C:\Programme\ASUS\AsSysCtrlService\1.00.05\AsSysCtrlService.exe -- (AsSysCtrlService)
SRV - [2010.06.17 05:23:34 | 000,140,224 | ---- | M] (Advanced Micro Devices) [Auto | Running] -- C:\Programme\ATI Technologies\ATI.ACE\Reservation Manager\AMD Reservation Manager.exe -- (AMD Reservation Manager)
SRV - [2009.10.26 13:16:00 | 000,223,464 | ---- | M] (DeviceVM, Inc.) [Auto | Running] -- C:\Programme\DeviceVM\Browser Configuration Utility\BCUService.exe -- (BCUService)
SRV - [2008.01.21 04:25:33 | 000,896,512 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\Programme\Windows Media Player\wmpnetwk.exe -- (WMPNetworkSvc)
SRV - [2008.01.21 04:23:32 | 000,272,952 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Programme\Windows Defender\MpSvc.dll -- (WinDefend)
SRV - [2007.07.24 11:15:14 | 000,185,632 | ---- | M] (Protexis Inc.) [Auto | Running] -- C:\Programme\Common Files\Protexis\License Service\PsiService_2.exe -- (PSI_SVC_2)
 
 
========== Driver Services (SafeList) ==========
 
DRV - File not found [Kernel | On_Demand | Stopped] -- system32\DRIVERS\nwlnkfwd.sys -- (NwlnkFwd)
DRV - File not found [Kernel | On_Demand | Stopped] -- system32\DRIVERS\nwlnkflt.sys -- (NwlnkFlt)
DRV - File not found [Kernel | On_Demand | Stopped] -- system32\DRIVERS\ipinip.sys -- (IpInIp)
DRV - [2011.12.10 15:24:06 | 000,020,464 | ---- | M] (Malwarebytes Corporation) [File_System | On_Demand | Running] -- C:\Windows\System32\drivers\mbam.sys -- (MBAMProtector)
DRV - [2011.11.14 21:28:02 | 000,819,320 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_17.5.0.127\Definitions\BASHDefs\20111221.003\BHDrvx86.sys -- (BHDrvx86)
DRV - [2011.11.09 17:39:45 | 000,374,392 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\Programme\Common Files\Symantec Shared\EENGINE\eeCtrl.sys -- (eeCtrl)
DRV - [2011.11.09 17:39:45 | 000,106,104 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\Programme\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys -- (EraserUtilRebootDrv)
DRV - [2011.09.24 16:43:52 | 001,576,312 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Stopped] -- C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_17.5.0.127\Definitions\VirusDefs\20111223.002\NAVEX15.SYS -- (NAVEX15)
DRV - [2011.09.24 16:43:51 | 000,086,136 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Stopped] -- C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_17.5.0.127\Definitions\VirusDefs\20111223.002\NAVENG.SYS -- (NAVENG)
DRV - [2011.09.24 16:13:11 | 000,124,976 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\SYMEVENT.SYS -- (SymEvent)
DRV - [2011.09.23 09:11:20 | 000,368,248 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_17.5.0.127\Definitions\IPSDefs\20111222.001\IDSvix86.sys -- (IDSVix86)
DRV - [2011.08.22 04:53:36 | 000,340,088 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\Windows\System32\drivers\NIS\1109000.00C\symtdiv.sys -- (SYMTDIv)
DRV - [2011.08.22 04:53:35 | 000,173,176 | ---- | M] (Symantec Corporation) [File_System | Boot | Running] -- C:\Windows\System32\drivers\NIS\1109000.00C\symefa.sys -- (SymEFA)
DRV - [2011.08.04 06:19:30 | 000,485,512 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\Windows\System32\drivers\NIS\1109000.00C\cchpx86.sys -- (ccHP)
DRV - [2011.01.27 01:36:14 | 007,566,848 | ---- | M] (ATI Technologies Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\atikmdag.sys -- (amdkmdag)
DRV - [2011.01.27 00:13:10 | 000,238,592 | ---- | M] (Advanced Micro Devices, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\atikmpag.sys -- (amdkmdap)
DRV - [2010.11.17 14:04:12 | 000,097,296 | ---- | M] (Advanced Micro Devices) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\AtihdLH3.sys -- (AtiHDAudioService)
DRV - [2010.05.31 05:43:16 | 000,252,008 | ---- | M] (Realtek                                            ) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\Rtlh86.sys -- (RTL8169)
DRV - [2010.04.29 07:03:51 | 000,116,784 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\Windows\System32\drivers\NIS\1109000.00C\ironx86.sys -- (SymIRON)
DRV - [2010.04.27 03:28:46 | 000,146,568 | ---- | M] (Renesas Electronics Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\nusb3xhc.sys -- (nusb3xhc)
DRV - [2010.04.27 03:27:50 | 000,064,904 | ---- | M] (Renesas Electronics Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\nusb3hub.sys -- (nusb3hub)
DRV - [2010.04.22 04:29:50 | 000,325,680 | ---- | M] (Symantec Corporation) [File_System | On_Demand | Stopped] -- C:\Windows\System32\drivers\NIS\1109000.00C\srtsp.sys -- (SRTSP)
DRV - [2010.04.22 04:29:50 | 000,043,696 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\Windows\System32\drivers\NIS\1109000.00C\srtspx.sys -- (SRTSPX) Symantec Real Time Storage Protection (PEL)
DRV - [2010.03.02 13:27:28 | 001,127,936 | ---- | M] (VIA Technologies, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\viahduaa.sys -- (VIAHdAudAddService)
DRV - [2010.02.18 09:18:22 | 000,037,944 | ---- | M] (Advanced Micro Devices) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\amdiox86.sys -- (amdiox86)
DRV - [2010.01.11 13:28:30 | 000,099,952 | ---- | M] (JMicron Technology Corp.) [Kernel | Boot | Running] -- C:\Windows\System32\drivers\jraid.sys -- (JRAID)
DRV - [2009.12.22 02:26:36 | 000,030,392 | ---- | M] (Advanced Micro Devices) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\usbfilter.sys -- (usbfilter)
DRV - [2009.10.15 05:50:05 | 000,328,752 | R--- | M] (Symantec Corporation) [Kernel | Boot | Running] -- C:\Windows\System32\drivers\NIS\1109000.00C\symds.sys -- (SymDS)
DRV - [2009.08.04 04:28:18 | 000,011,296 | R--- | M] () [Kernel | System | Running] -- C:\Windows\System32\drivers\AsIO.sys -- (AsIO)
DRV - [2009.05.05 03:00:28 | 000,014,392 | ---- | M] (Advanced Micro Devices Inc.) [Kernel | Boot | Running] -- C:\Windows\System32\drivers\AtiPcie.sys -- (AtiPcie) AMD PCI Express (3GIO)
DRV - [2006.10.18 07:44:48 | 000,007,680 | ---- | M] () [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\ASACPI.sys -- (MTsensor)
 
 
========== Standard Registry (SafeList) ==========
 
 
========== Internet Explorer ==========
 
IE - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&FORM=IE8SRC
 
 
IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
 
IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
 
 
 
IE - HKU\S-1-5-21-2138413153-3778864687-1211121035-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = hxxp://de.msn.com/?ocid=iehp
IE - HKU\S-1-5-21-2138413153-3778864687-1211121035-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = de
IE - HKU\S-1-5-21-2138413153-3778864687-1211121035-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = A6 B0 4E D1 1B 05 CD 01  [binary data]
IE - HKU\S-1-5-21-2138413153-3778864687-1211121035-1000\SOFTWARE\Microsoft\Internet Explorer\Main,StartPageCache = 1
IE - HKU\S-1-5-21-2138413153-3778864687-1211121035-1000\..\URLSearchHook: {BC86E1AB-EDA5-4059-938F-CE307B0C6F0A} - C:\Programme\DeviceVM\Browser Configuration Utility\AddressBarSearch.dll (DeviceVM, Inc.)
IE - HKU\S-1-5-21-2138413153-3778864687-1211121035-1000\..\SearchScopes,DefaultScope = {5753BF03-E608-4603-BB15-9BDF15819347}
IE - HKU\S-1-5-21-2138413153-3778864687-1211121035-1000\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&src=IE-SearchBox&FORM=IE8SRC
IE - HKU\S-1-5-21-2138413153-3778864687-1211121035-1000\..\SearchScopes\{3993786B-DF52-4cb1-9846-2A7307B26782}: "URL" = hxxp://www.google.com/custom?client=pub-3794288947762788&forid=1&channel=5369970905&ie=UTF-8&oe=UTF-8&safe=active&cof=GALT%3A%23008000%3BGL%3A1%3BDIV%3A%23336699%3BVLC%3A663399%3BAH%3Acenter%3BBGC%3AFFFFFF%3BLBGC%3A336699%3BALC%3A0000FF%3BLC%3A0000FF%3BT%3A000000%3BGFNT%3A0000FF%3BGIMP%3A0000FF%3BFORID%3A1&hl=de&q={searchTerms}
IE - HKU\S-1-5-21-2138413153-3778864687-1211121035-1000\..\SearchScopes\{5753BF03-E608-4603-BB15-9BDF15819347}: "URL" = hxxp://de.search.yahoo.com/search?p={searchTerms}&fr=chr-devicevm&type=EGMB
IE - HKU\S-1-5-21-2138413153-3778864687-1211121035-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
 
========== FireFox ==========
 
FF - prefs.js..network.proxy.type: 0
FF - user.js - File not found
 
FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF32_11_2_202_228.dll ()
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files\Java\jre6\bin\new_plugin\npjp2.dll (Sun Microsystems, Inc.)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WPF,version=3.5: c:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)
 
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{BBDA0591-3099-440a-AA10-41764D9DB4DB}: C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_17.5.0.127\IPSFFPlgn\ [2011.09.28 14:21:05 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{2D3F3651-74B9-4795-BDEC-6DA2F431CB62}: C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_17.5.0.127\coFFPlgn_2010_9_0_6 [2012.04.12 13:46:53 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 7.0.1\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2011.11.20 15:00:29 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 7.0.1\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins
 
[2011.09.24 13:15:53 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Patricia Scharf\AppData\Roaming\mozilla\Extensions
[2011.09.25 18:01:49 | 000,000,000 | ---D | M] (No name found) -- C:\Programme\Mozilla Firefox\extensions
[2011.09.25 18:01:49 | 000,000,000 | ---D | M] (Java Console) -- C:\Programme\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA}
[2011.09.28 14:21:05 | 000,000,000 | ---D | M] (Norton IPS) -- C:\PROGRAMDATA\NORTON\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_17.5.0.127\IPSFFPLGN
[2011.09.25 14:29:56 | 000,000,000 | ---D | M] (Microsoft .NET Framework Assistant) -- C:\WINDOWS\MICROSOFT.NET\FRAMEWORK\V3.5\WINDOWS PRESENTATION FOUNDATION\DOTNETASSISTANTEXTENSION
[2011.11.20 15:00:28 | 000,134,104 | ---- | M] (Mozilla Foundation) -- C:\Program Files\mozilla firefox\components\browsercomps.dll
[2011.11.20 15:00:25 | 000,001,392 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\amazondotcom-de.xml
[2011.11.20 15:00:25 | 000,002,252 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\bing.xml
[2011.11.20 15:00:25 | 000,001,153 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\eBay-de.xml
[2011.11.20 15:00:25 | 000,006,805 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\leo_ende_de.xml
[2011.11.20 15:00:25 | 000,001,178 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\wikipedia-de.xml
[2011.11.20 15:00:25 | 000,001,105 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\yahoo-de.xml
 
O1 HOSTS File: ([2012.04.07 02:12:14 | 000,000,098 | ---- | M]) - C:\Windows\System32\drivers\etc\Hosts
O1 - Hosts: 127.0.0.1       localhost
O1 - Hosts: ::1       localhost
O2 - BHO: (Symantec NCO BHO) - {602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} - C:\Programme\Norton Internet Security\Engine\17.9.0.12\coieplg.dll (Symantec Corporation)
O2 - BHO: (Symantec Intrusion Prevention) - {6D53EC84-6AAE-4787-AEEE-F4628F01010C} - C:\Programme\Norton Internet Security\Engine\17.9.0.12\ipsbho.dll (Symantec Corporation)
O3 - HKLM\..\Toolbar: (Norton Toolbar) - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - C:\Programme\Norton Internet Security\Engine\17.9.0.12\coieplg.dll (Symantec Corporation)
O3 - HKU\S-1-5-21-2138413153-3778864687-1211121035-1000\..\Toolbar\WebBrowser: (Norton Toolbar) - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - C:\Programme\Norton Internet Security\Engine\17.9.0.12\coieplg.dll (Symantec Corporation)
O4 - HKLM..\Run: [BCU] C:\Program Files\DeviceVM\Browser Configuration Utility\BCU.exe (DeviceVM, Inc.)
O4 - HKLM..\Run: [HDAudDeck] C:\Program Files\VIA\VIAudioi\VDeck\VDeck.exe (VIA)
O4 - HKLM..\Run: [JMB36X IDE Setup] C:\Windows\RaidTool\xInsIDE.exe ()
O4 - HKLM..\Run: [Malwarebytes' Anti-Malware] C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe (Malwarebytes Corporation)
O4 - HKLM..\Run: [NUSB3MON] C:\Program Files\Renesas Electronics\USB 3.0 Host Controller Driver\Application\nusb3mon.exe (Renesas Electronics Corporation)
O4 - HKLM..\Run: [Six Engine] C:\Program Files\ASUS\EPU\EPU.exe (
ASUSTeK Computer Inc.)
O4 - HKLM..\Run: [Standby] C:\Program Files\Common Files\Corel\Standby\Standby.exe (Corel)
O4 - HKLM..\Run: [StartCCC] C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe (Advanced Micro Devices, Inc.)
O4 - HKLM..\Run: [TurboV EVO] C:\Program Files\ASUS\TurboV EVO\TurboV_EVO.exe (ASUSTeK Computer Inc.)
O4 - HKLM..\Run: [Windows Defender] C:\Program Files\Windows Defender\MSASCui.exe (Microsoft Corporation)
O4 - HKU\S-1-5-19..\Run: [WindowsWelcomeCenter] C:\Windows\System32\oobefldr.dll (Microsoft Corporation)
O4 - HKU\S-1-5-20..\Run: [WindowsWelcomeCenter] C:\Windows\System32\oobefldr.dll (Microsoft Corporation)
O4 - Startup: C:\Users\Patricia Scharf\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\OpenOffice.org 3.3.lnk = C:\Programme\OpenOffice.org 3\program\quickstart.exe ()
O13 - gopher Prefix: missing
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_22-windows-i586.cab (Java Plug-in 1.6.0_22)
O16 - DPF: {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_22-windows-i586.cab (Java Plug-in 1.6.0_22)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_22-windows-i586.cab (Java Plug-in 1.6.0_22)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.2.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{156F4B96-5530-49E8-B55C-BC95A67221DA}: DhcpNameServer = 192.168.2.1
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\System32\userinit.exe (Microsoft Corporation)
O20 - HKU\S-1-5-21-2138413153-3778864687-1211121035-1000 Winlogon: UserInit - (c:\windows\system32\userinit.exe) - C:\Windows\System32\userinit.exe (Microsoft Corporation)
O24 - Desktop WallPaper: C:\Users\Patricia Scharf\AppData\Roaming\Microsoft\Windows Photo Gallery\wallpaper3.jpg
O24 - Desktop BackupWallPaper: C:\Users\Patricia Scharf\AppData\Roaming\Microsoft\Windows Photo Gallery\wallpaper3.jpg
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2006.09.18 23:43:36 | 000,000,024 | ---- | M] () - D:\autoexec.bat -- [ NTFS ]
O34 - HKLM BootExecute: (autocheck autochk *)
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
 
NetSvcs: FastUserSwitchingCompatibility -  File not found
NetSvcs: Ias - C:\Windows\System32\ias.dll (Microsoft Corporation)
NetSvcs: Nla -  File not found
NetSvcs: Ntmssvc -  File not found
NetSvcs: NWCWorkstation -  File not found
NetSvcs: Nwsapagent -  File not found
NetSvcs: SRService -  File not found
NetSvcs: WmdmPmSp -  File not found
NetSvcs: LogonHours -  File not found
NetSvcs: PCAudit -  File not found
NetSvcs: helpsvc -  File not found
NetSvcs: uploadmgr -  File not found
 
 
SafeBootMin: AppMgmt - Service
SafeBootMin: Base - Driver Group
SafeBootMin: Boot Bus Extender - Driver Group
SafeBootMin: Boot file system - Driver Group
SafeBootMin: File system - Driver Group
SafeBootMin: Filter - Driver Group
SafeBootMin: HelpSvc - Service
SafeBootMin: NTDS -  File not found
SafeBootMin: PCI Configuration - Driver Group
SafeBootMin: PNP Filter - Driver Group
SafeBootMin: Primary disk - Driver Group
SafeBootMin: sacsvr - Service
SafeBootMin: SCSI Class - Driver Group
SafeBootMin: System Bus Extender - Driver Group
SafeBootMin: WinDefend - C:\Programme\Windows Defender\MpSvc.dll (Microsoft Corporation)
SafeBootMin: {36FC9E60-C465-11CF-8056-444553540000} - Universal Serial Bus controllers
SafeBootMin: {4D36E965-E325-11CE-BFC1-08002BE10318} - CD-ROM Drive
SafeBootMin: {4D36E967-E325-11CE-BFC1-08002BE10318} - DiskDrive
SafeBootMin: {4D36E969-E325-11CE-BFC1-08002BE10318} - Standard floppy disk controller
SafeBootMin: {4D36E96A-E325-11CE-BFC1-08002BE10318} - Hdc
SafeBootMin: {4D36E96B-E325-11CE-BFC1-08002BE10318} - Keyboard
SafeBootMin: {4D36E96F-E325-11CE-BFC1-08002BE10318} - Mouse
SafeBootMin: {4D36E977-E325-11CE-BFC1-08002BE10318} - PCMCIA Adapters
SafeBootMin: {4D36E97B-E325-11CE-BFC1-08002BE10318} - SCSIAdapter
SafeBootMin: {4D36E97D-E325-11CE-BFC1-08002BE10318} - System
SafeBootMin: {4D36E980-E325-11CE-BFC1-08002BE10318} - Floppy disk drive
SafeBootMin: {533C5B84-EC70-11D2-9505-00C04F79DEAF} - Volume shadow copy
SafeBootMin: {6BDD1FC1-810F-11D0-BEC7-08002BE2092F} - IEEE 1394 Bus host controllers
SafeBootMin: {71A27CDD-812A-11D0-BEC7-08002BE2092F} - Volume
SafeBootMin: {745A17A0-74D3-11D0-B6FE-00A0C90F57DA} - Human Interface Devices
SafeBootMin: {D48179BE-EC20-11D1-B6B8-00C04FA372A7} - SBP2 IEEE 1394 Devices
SafeBootMin: {D94EE5D8-D189-4994-83D2-F68D7D41B0E6} - SecurityDevices
 
SafeBootNet: AppMgmt - Service
SafeBootNet: Base - Driver Group
SafeBootNet: Boot Bus Extender - Driver Group
SafeBootNet: Boot file system - Driver Group
SafeBootNet: File system - Driver Group
SafeBootNet: Filter - Driver Group
SafeBootNet: HelpSvc - Service
SafeBootNet: Messenger - Service
SafeBootNet: NDIS Wrapper - Driver Group
SafeBootNet: NetBIOSGroup - Driver Group
SafeBootNet: NetDDEGroup - Driver Group
SafeBootNet: Network - Driver Group
SafeBootNet: NetworkProvider - Driver Group
SafeBootNet: NTDS -  File not found
SafeBootNet: PCI Configuration - Driver Group
SafeBootNet: PNP Filter - Driver Group
SafeBootNet: PNP_TDI - Driver Group
SafeBootNet: Primary disk - Driver Group
SafeBootNet: rdsessmgr - Service
SafeBootNet: sacsvr - Service
SafeBootNet: SCSI Class - Driver Group
SafeBootNet: Streams Drivers - Driver Group
SafeBootNet: System Bus Extender - Driver Group
SafeBootNet: TDI - Driver Group
SafeBootNet: WinDefend - C:\Programme\Windows Defender\MpSvc.dll (Microsoft Corporation)
SafeBootNet: WudfPf - Driver
SafeBootNet: WudfUsbccidDriver - Driver
SafeBootNet: {36FC9E60-C465-11CF-8056-444553540000} - Universal Serial Bus controllers
SafeBootNet: {4D36E965-E325-11CE-BFC1-08002BE10318} - CD-ROM Drive
SafeBootNet: {4D36E967-E325-11CE-BFC1-08002BE10318} - DiskDrive
SafeBootNet: {4D36E969-E325-11CE-BFC1-08002BE10318} - Standard floppy disk controller
SafeBootNet: {4D36E96A-E325-11CE-BFC1-08002BE10318} - Hdc
SafeBootNet: {4D36E96B-E325-11CE-BFC1-08002BE10318} - Keyboard
SafeBootNet: {4D36E96F-E325-11CE-BFC1-08002BE10318} - Mouse
SafeBootNet: {4D36E972-E325-11CE-BFC1-08002BE10318} - Net
SafeBootNet: {4D36E973-E325-11CE-BFC1-08002BE10318} - NetClient
SafeBootNet: {4D36E974-E325-11CE-BFC1-08002BE10318} - NetService
SafeBootNet: {4D36E975-E325-11CE-BFC1-08002BE10318} - NetTrans
SafeBootNet: {4D36E977-E325-11CE-BFC1-08002BE10318} - PCMCIA Adapters
SafeBootNet: {4D36E97B-E325-11CE-BFC1-08002BE10318} - SCSIAdapter
SafeBootNet: {4D36E97D-E325-11CE-BFC1-08002BE10318} - System
SafeBootNet: {4D36E980-E325-11CE-BFC1-08002BE10318} - Floppy disk drive
SafeBootNet: {50DD5230-BA8A-11D1-BF5D-0000F805F530} - Smart card readers
SafeBootNet: {533C5B84-EC70-11D2-9505-00C04F79DEAF} - Volume shadow copy
SafeBootNet: {6BDD1FC1-810F-11D0-BEC7-08002BE2092F} - IEEE 1394 Bus host controllers
SafeBootNet: {71A27CDD-812A-11D0-BEC7-08002BE2092F} - Volume
SafeBootNet: {745A17A0-74D3-11D0-B6FE-00A0C90F57DA} - Human Interface Devices
SafeBootNet: {D48179BE-EC20-11D1-B6B8-00C04FA372A7} - SBP2 IEEE 1394 Devices
SafeBootNet: {D94EE5D8-D189-4994-83D2-F68D7D41B0E6} - SecurityDevices
 
ActiveX: {08B0E5C0-4FCB-11CF-AAA5-00401C608500} - Java (Sun)
ActiveX: {2179C5D3-EBFF-11CF-B6FD-00AA00B4E220} - 
ActiveX: {22d6f312-b0f6-11d0-94ab-0080c74c7e95} - Microsoft Windows Media Player 11.0
ActiveX: {25FFAAD0-F4A3-4164-95FF-4461E9F35D51} - .NET Framework
ActiveX: {2C7339CF-2B09-4501-B3F3-F3508C9228ED} - %SystemRoot%\system32\regsvr32.exe /s /n /i:/UserInstall %SystemRoot%\system32\themeui.dll
ActiveX: {3af36230-a269-11d1-b5bf-0000f8051515} - Offline Browsing Pack
ActiveX: {3C3901C5-3455-3E0A-A214-0B093A5070A6} - .NET Framework
ActiveX: {44BBA840-CC51-11CF-AAFA-00AA00B6015C} - "%ProgramFiles%\Windows Mail\WinMail.exe" OCInstallUserConfigOE
ActiveX: {44BBA848-CC51-11CF-AAFA-00AA00B6015C} - 
ActiveX: {44BBA855-CC51-11CF-AAFA-00AA00B6015F} - DirectDrawEx
ActiveX: {45ea75a0-a269-11d1-b5bf-0000f8051515} - Internet Explorer Help
ActiveX: {4f645220-306d-11d2-995d-00c04f98bbc9} - Microsoft Windows Script 5.6
ActiveX: {5fd399c0-a70a-11d1-9948-00c04f98bbc9} - Internet Explorer Setup Tools
ActiveX: {630b1da0-b465-11d1-9948-00c04f98bbc9} - Browsing Enhancements
ActiveX: {6BF52A52-394A-11d3-B153-00C04F79FAA6} - Microsoft Windows Media Player
ActiveX: {6fab99d0-bab8-11d1-994a-00c04f98bbc9} - MSN Site Access
ActiveX: {7790769C-0471-11d2-AF11-00C04FA35D02} - Address Book 7
ActiveX: {7C028AF8-F614-47B3-82DA-BA94E41B1089} - .NET Framework
ActiveX: {89820200-ECBD-11cf-8B85-00AA005B4340} - regsvr32.exe /s /n /i:U shell32.dll
ActiveX: {89820200-ECBD-11cf-8B85-00AA005B4383} - C:\Windows\system32\ie4uinit.exe -BaseSettings
ActiveX: {89B4C1CD-B018-4511-B0A1-5476DBF70820} - C:\Windows\system32\Rundll32.exe C:\Windows\system32\mscories.dll,Install
ActiveX: {9381D8F2-0288-11D0-9501-00AA00B911A5} - Dynamic HTML Data Binding
ActiveX: {C9E9A340-D1F1-11D0-821E-444553540600} - Internet Explorer Core Fonts
ActiveX: {CDD7975E-60F8-41d5-8149-19E51D6F71D0} - Windows Movie Maker v2.1
ActiveX: {D27CDB6E-AE6D-11CF-96B8-444553540000} - Adobe Flash Player
ActiveX: {de5aed00-a4bf-11d1-9948-00c04f98bbc9} - HTML Help
ActiveX: {E92B03AB-B707-11d2-9CBD-0000F87A369E} - Active Directory Service Interface
ActiveX: >{22d6f312-b0f6-11d0-94ab-0080c74c7e95} - C:\Windows\system32\unregmp2.exe /ShowWMP
ActiveX: >{26923b43-4d38-484f-9b9e-de460746276c} - C:\Windows\system32\ie4uinit.exe -UserIconConfig
ActiveX: >{60B49E34-C7CC-11D0-8953-00A0C90347FF} - "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\iedkcs32.dll",BrandIEActiveSetup SIGNUP
 
Drivers32: msacm.dvacm - C:\Programme\Common Files\Ulead Systems\VIO\DVACM.acm (Corel TW Corp.)
Drivers32: msacm.l3acm - C:\Windows\System32\l3codeca.acm (Fraunhofer Institut Integrierte Schaltungen IIS)
Drivers32: msacm.MPEGacm - C:\Programme\Common Files\Ulead Systems\MPEG\MPEGACM.acm (Ulead Systems, Inc.)
Drivers32: msacm.ulmp3acm - C:\Programme\Common Files\Ulead Systems\MPEG\ulmp3acm.acm (Ulead systems)
Drivers32: vidc.cvid - C:\Windows\System32\iccvid.dll (Radius Inc.)
 
CREATERESTOREPOINT
Restore point Set: OTL Restore Point
 
========== Files/Folders - Created Within 30 Days ==========
 
[2012.04.12 17:45:50 | 000,593,920 | ---- | C] (OldTimer Tools) -- C:\Users\Patricia Scharf\Desktop\OTL.exe
[2012.04.09 17:44:35 | 000,000,000 | ---D | C] -- C:\Program Files\ESET
[2012.04.07 14:20:19 | 000,000,000 | ---D | C] -- C:\Users\Patricia Scharf\AppData\Roaming\Malwarebytes
[2012.04.07 14:20:06 | 000,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes
[2012.04.07 14:20:05 | 000,020,464 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbam.sys
[2012.04.07 14:20:05 | 000,000,000 | ---D | C] -- C:\Program Files\Malwarebytes' Anti-Malware
[2012.04.06 17:34:29 | 000,000,000 | ---D | C] -- C:\Windows\CheckSur
[2012.03.31 20:18:51 | 000,000,000 | ---D | C] -- C:\001ff1ab907109e295
[2012.03.18 17:54:43 | 000,000,000 | ---D | C] -- C:\Users\Patricia Scharf\AppData\Local\CrashDumps
[1 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ]
 
========== Files - Modified Within 30 Days ==========
 
[2012.04.12 17:48:16 | 000,000,884 | ---- | M] () -- C:\Windows\tasks\Adobe Flash Player Updater.job
[2012.04.12 17:45:30 | 000,593,920 | ---- | M] (OldTimer Tools) -- C:\Users\Patricia Scharf\Desktop\OTL.exe
[2012.04.12 17:44:53 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2012.04.12 13:51:55 | 000,856,182 | ---- | M] () -- C:\Windows\System32\perfh007.dat
[2012.04.12 13:51:55 | 000,663,576 | ---- | M] () -- C:\Windows\System32\perfh009.dat
[2012.04.12 13:51:55 | 000,197,506 | ---- | M] () -- C:\Windows\System32\perfc007.dat
[2012.04.12 13:51:55 | 000,168,770 | ---- | M] () -- C:\Windows\System32\perfc009.dat
[2012.04.12 13:46:52 | 000,004,576 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0
[2012.04.12 13:46:52 | 000,004,576 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0
[2012.04.12 13:46:19 | 3353,534,464 | -HS- | M] () -- C:\hiberfil.sys
[2012.04.06 17:17:19 | 000,000,848 | -HS- | M] () -- C:\ProgramData\KGyGaAvL.sys
[2012.03.15 13:21:26 | 000,288,760 | ---- | M] () -- C:\Windows\System32\FNTCACHE.DAT
[1 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ]
 
========== Files Created - No Company Name ==========
 
[2012.04.07 14:49:37 | 000,000,884 | ---- | C] () -- C:\Windows\tasks\Adobe Flash Player Updater.job
[2012.04.04 16:11:20 | 3353,534,464 | -HS- | C] () -- C:\hiberfil.sys
[2011.11.02 16:01:28 | 000,005,632 | ---- | C] () -- C:\Users\Patricia Scharf\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2011.09.26 15:02:18 | 000,000,848 | -HS- | C] () -- C:\ProgramData\KGyGaAvL.sys
[2011.09.24 16:14:53 | 000,117,248 | ---- | C] () -- C:\Windows\System32\EhStorAuthn.dll
[2011.09.24 16:14:08 | 000,107,612 | ---- | C] () -- C:\Windows\System32\StructuredQuerySchema.bin
[2011.09.24 16:14:08 | 000,018,904 | ---- | C] () -- C:\Windows\System32\StructuredQuerySchemaTrivial.bin
[2011.09.24 12:58:24 | 000,000,000 | ---- | C] () -- C:\Windows\ativpsrm.bin
[2011.09.24 12:02:41 | 000,003,113 | ---- | C] () -- C:\Windows\System32\atipblag.dat
[2011.09.22 20:49:39 | 000,024,576 | R--- | C] () -- C:\Windows\System32\AsIO.dll
[2011.09.22 20:49:39 | 000,011,296 | R--- | C] () -- C:\Windows\System32\drivers\AsIO.sys
[2011.09.22 20:49:37 | 000,011,832 | ---- | C] () -- C:\Windows\System32\drivers\AsInsHelp64.sys
[2011.09.22 20:49:37 | 000,010,216 | ---- | C] () -- C:\Windows\System32\drivers\AsInsHelp32.sys
[2011.09.22 20:49:01 | 000,080,416 | ---- | C] () -- C:\Windows\System32\RtNicProp32.dll
[2011.09.22 20:46:35 | 000,044,650 | ---- | C] () -- C:\Windows\Ascd_log.ini
[2011.09.22 18:04:40 | 000,007,680 | ---- | C] () -- C:\Windows\System32\drivers\ASACPI.sys
[2011.09.22 18:04:37 | 000,001,769 | ---- | C] () -- C:\Windows\Language_trs.ini
[2011.09.22 18:04:34 | 000,030,974 | ---- | C] () -- C:\Windows\Ascd_tmp.ini
[2011.09.22 17:23:21 | 000,000,680 | ---- | C] () -- C:\Users\Patricia Scharf\AppData\Local\d3d9caps.dat
[2011.01.27 00:11:58 | 000,023,040 | ---- | C] () -- C:\Windows\System32\atitmpxx.dll
[2010.12.17 18:00:44 | 000,227,587 | ---- | C] () -- C:\Windows\System32\atiicdxx.dat
 
========== LOP Check ==========
 
[2011.09.25 18:06:09 | 000,000,000 | ---D | M] -- C:\Users\Patricia Scharf\AppData\Roaming\OpenOffice.org
[2011.09.26 15:03:12 | 000,000,000 | ---D | M] -- C:\Users\Patricia Scharf\AppData\Roaming\Ulead Systems
[2012.04.12 13:45:28 | 000,032,616 | ---- | M] () -- C:\Windows\Tasks\SCHEDLGU.TXT
 
========== Purity Check ==========
 
 
 
========== Custom Scans ==========
 
< %ALLUSERSPROFILE%\Application Data\*. >
 
< %ALLUSERSPROFILE%\Application Data\*.exe /s >
 
< %APPDATA%\*. >
[2011.10.21 15:40:40 | 000,000,000 | ---D | M] -- C:\Users\Patricia Scharf\AppData\Roaming\Adobe
[2011.09.25 12:19:52 | 000,000,000 | ---D | M] -- C:\Users\Patricia Scharf\AppData\Roaming\ATI
[2011.09.26 15:02:26 | 000,000,000 | ---D | M] -- C:\Users\Patricia Scharf\AppData\Roaming\Corel
[2011.09.22 17:23:24 | 000,000,000 | ---D | M] -- C:\Users\Patricia Scharf\AppData\Roaming\Identities
[2011.09.24 11:53:30 | 000,000,000 | ---D | M] -- C:\Users\Patricia Scharf\AppData\Roaming\Macromedia
[2012.04.07 14:20:19 | 000,000,000 | ---D | M] -- C:\Users\Patricia Scharf\AppData\Roaming\Malwarebytes
[2006.11.02 14:37:34 | 000,000,000 | ---D | M] -- C:\Users\Patricia Scharf\AppData\Roaming\Media Center Programs
[2012.03.11 19:21:13 | 000,000,000 | --SD | M] -- C:\Users\Patricia Scharf\AppData\Roaming\Microsoft
[2011.09.24 13:15:53 | 000,000,000 | ---D | M] -- C:\Users\Patricia Scharf\AppData\Roaming\Mozilla
[2011.09.25 18:06:09 | 000,000,000 | ---D | M] -- C:\Users\Patricia Scharf\AppData\Roaming\OpenOffice.org
[2011.09.26 15:03:12 | 000,000,000 | ---D | M] -- C:\Users\Patricia Scharf\AppData\Roaming\Ulead Systems
 
< %APPDATA%\*.exe /s >
 
< %SYSTEMDRIVE%\*.exe >
 
< MD5 for: AGP440.SYS  >
[2008.01.21 04:23:01 | 000,056,376 | ---- | M] (Microsoft Corporation) MD5=13F9E33747E6B41A3FF305C37DB0D360 -- C:\Windows\System32\drivers\AGP440.sys
[2008.01.21 04:23:01 | 000,056,376 | ---- | M] (Microsoft Corporation) MD5=13F9E33747E6B41A3FF305C37DB0D360 -- C:\Windows\System32\DriverStore\FileRepository\machine.inf_51b95d75\AGP440.sys
[2008.01.21 04:23:01 | 000,056,376 | ---- | M] (Microsoft Corporation) MD5=13F9E33747E6B41A3FF305C37DB0D360 -- C:\Windows\System32\DriverStore\FileRepository\machine.inf_f750e484\AGP440.sys
[2008.01.21 04:23:01 | 000,056,376 | ---- | M] (Microsoft Corporation) MD5=13F9E33747E6B41A3FF305C37DB0D360 -- C:\Windows\winsxs\x86_machine.inf_31bf3856ad364e35_6.0.6001.18000_none_ba12ed3bbeb0d97a\AGP440.sys
[2008.01.21 04:23:01 | 000,056,376 | ---- | M] (Microsoft Corporation) MD5=13F9E33747E6B41A3FF305C37DB0D360 -- C:\Windows\winsxs\x86_machine.inf_31bf3856ad364e35_6.0.6002.18005_none_bbfe6647bbd2a4c6\AGP440.sys
[2006.11.02 11:49:52 | 000,053,864 | ---- | M] (Microsoft Corporation) MD5=EF23439CDD587F64C2C1B8825CEAD7D8 -- C:\Windows\System32\DriverStore\FileRepository\machine.inf_920a2c1f\AGP440.sys
 
< MD5 for: ATAPI.SYS  >
[2009.04.10 23:32:28 | 000,019,944 | ---- | M] (Microsoft Corporation) MD5=1F05B78AB91C9075565A9D8A4B880BC4 -- C:\Windows\System32\drivers\atapi.sys
[2009.04.10 23:32:28 | 000,019,944 | ---- | M] (Microsoft Corporation) MD5=1F05B78AB91C9075565A9D8A4B880BC4 -- C:\Windows\System32\DriverStore\FileRepository\mshdc.inf_b12d8e84\atapi.sys
[2009.04.10 23:32:28 | 000,019,944 | ---- | M] (Microsoft Corporation) MD5=1F05B78AB91C9075565A9D8A4B880BC4 -- C:\Windows\winsxs\x86_mshdc.inf_31bf3856ad364e35_6.0.6002.18005_none_df23a1261eab99e8\atapi.sys
[2008.01.21 04:23:00 | 000,021,560 | ---- | M] (Microsoft Corporation) MD5=2D9C903DC76A66813D350A562DE40ED9 -- C:\Windows\System32\DriverStore\FileRepository\mshdc.inf_cc18792d\atapi.sys
[2008.01.21 04:23:00 | 000,021,560 | ---- | M] (Microsoft Corporation) MD5=2D9C903DC76A66813D350A562DE40ED9 -- C:\Windows\winsxs\x86_mshdc.inf_31bf3856ad364e35_6.0.6001.18000_none_dd38281a2189ce9c\atapi.sys
[2006.11.02 11:49:36 | 000,019,048 | ---- | M] (Microsoft Corporation) MD5=4F4FCB8B6EA06784FB6D475B7EC7300F -- C:\Windows\System32\DriverStore\FileRepository\mshdc.inf_c6c2e699\atapi.sys
 
< MD5 for: CNGAUDIT.DLL  >
[2006.11.02 11:46:03 | 000,011,776 | ---- | M] (Microsoft Corporation) MD5=7F15B4953378C8B5161D65C26D5FED4D -- C:\Windows\System32\cngaudit.dll
[2006.11.02 11:46:03 | 000,011,776 | ---- | M] (Microsoft Corporation) MD5=7F15B4953378C8B5161D65C26D5FED4D -- C:\Windows\winsxs\x86_microsoft-windows-cngaudit-dll_31bf3856ad364e35_6.0.6000.16386_none_e62d292932a96ce6\cngaudit.dll
 
< MD5 for: IASTORV.SYS  >
[2008.01.21 04:23:23 | 000,235,064 | ---- | M] (Intel Corporation) MD5=54155EA1B0DF185878E0FC9EC3AC3A14 -- C:\Windows\System32\drivers\iaStorV.sys
[2008.01.21 04:23:23 | 000,235,064 | ---- | M] (Intel Corporation) MD5=54155EA1B0DF185878E0FC9EC3AC3A14 -- C:\Windows\System32\DriverStore\FileRepository\iastorv.inf_c9df7691\iaStorV.sys
[2008.01.21 04:23:23 | 000,235,064 | ---- | M] (Intel Corporation) MD5=54155EA1B0DF185878E0FC9EC3AC3A14 -- C:\Windows\winsxs\x86_iastorv.inf_31bf3856ad364e35_6.0.6001.18000_none_af11527887c7fa8f\iaStorV.sys
[2006.11.02 11:51:25 | 000,232,040 | ---- | M] (Intel Corporation) MD5=C957BF4B5D80B46C5017BF0101E6C906 -- C:\Windows\System32\DriverStore\FileRepository\iastorv.inf_37cdafa4\iaStorV.sys
 
< MD5 for: NETLOGON.DLL  >
[2009.04.10 23:28:24 | 000,592,896 | ---- | M] (Microsoft Corporation) MD5=95DAECF0FB120A7B5DA679CC54E37DDE -- C:\Windows\System32\netlogon.dll
[2009.04.10 23:28:24 | 000,592,896 | ---- | M] (Microsoft Corporation) MD5=95DAECF0FB120A7B5DA679CC54E37DDE -- C:\Windows\winsxs\x86_microsoft-windows-security-netlogon_31bf3856ad364e35_6.0.6002.18005_none_ffa3304f351bb3a3\netlogon.dll
[2008.01.21 04:24:05 | 000,592,384 | ---- | M] (Microsoft Corporation) MD5=A8EFC0B6E75B789F7FD3BA5025D4E37F -- C:\Windows\winsxs\x86_microsoft-windows-security-netlogon_31bf3856ad364e35_6.0.6001.18000_none_fdb7b74337f9e857\netlogon.dll
 
< MD5 for: NVSTOR.SYS  >
[2006.11.02 11:50:13 | 000,040,040 | ---- | M] (NVIDIA Corporation) MD5=9E0BA19A28C498A6D323D065DB76DFFC -- C:\Windows\System32\DriverStore\FileRepository\nvraid.inf_733654ff\nvstor.sys
[2008.01.21 04:23:21 | 000,045,112 | ---- | M] (NVIDIA Corporation) MD5=ABED0C09758D1D97DB0042DBB2688177 -- C:\Windows\System32\drivers\nvstor.sys
[2008.01.21 04:23:21 | 000,045,112 | ---- | M] (NVIDIA Corporation) MD5=ABED0C09758D1D97DB0042DBB2688177 -- C:\Windows\System32\DriverStore\FileRepository\nvraid.inf_31c3d71d\nvstor.sys
[2008.01.21 04:23:21 | 000,045,112 | ---- | M] (NVIDIA Corporation) MD5=ABED0C09758D1D97DB0042DBB2688177 -- C:\Windows\winsxs\x86_nvraid.inf_31bf3856ad364e35_6.0.6001.18000_none_39dac327befea467\nvstor.sys
 
< MD5 for: SCECLI.DLL  >
[2008.01.21 04:24:50 | 000,177,152 | ---- | M] (Microsoft Corporation) MD5=28B84EB538F7E8A0FE8B9299D591E0B9 -- C:\Windows\winsxs\x86_microsoft-windows-s..urationengineclient_31bf3856ad364e35_6.0.6001.18000_none_380de25bd91b6f12\scecli.dll
[2009.04.10 23:28:26 | 000,177,152 | ---- | M] (Microsoft Corporation) MD5=8FC182167381E9915651267044105EE1 -- C:\Windows\System32\scecli.dll
[2009.04.10 23:28:26 | 000,177,152 | ---- | M] (Microsoft Corporation) MD5=8FC182167381E9915651267044105EE1 -- C:\Windows\winsxs\x86_microsoft-windows-s..urationengineclient_31bf3856ad364e35_6.0.6002.18005_none_39f95b67d63d3a5e\scecli.dll
 
< MD5 for: USER32.DLL  >
[2008.01.21 04:24:21 | 000,627,200 | ---- | M] (Microsoft Corporation) MD5=B974D9F06DC7D1908E825DC201681269 -- C:\Windows\winsxs\x86_microsoft-windows-user32_31bf3856ad364e35_6.0.6001.18000_none_cd386c416d5c7f32\user32.dll
[2009.04.10 23:28:26 | 000,627,712 | ---- | M] (Microsoft Corporation) Unable to obtain MD5 -- C:\Windows\System32\user32.dll
[2009.04.10 23:28:26 | 000,627,712 | ---- | M] (Microsoft Corporation) Unable to obtain MD5 -- C:\Windows\winsxs\x86_microsoft-windows-user32_31bf3856ad364e35_6.0.6002.18005_none_cf23e54d6a7e4a7e\user32.dll
 
< MD5 for: USERINIT.EXE  >
[2008.01.21 04:24:49 | 000,025,088 | ---- | M] (Microsoft Corporation) MD5=0E135526E9785D085BCD9AEDE6FBCBF9 -- C:\Windows\System32\userinit.exe
[2008.01.21 04:24:49 | 000,025,088 | ---- | M] (Microsoft Corporation) MD5=0E135526E9785D085BCD9AEDE6FBCBF9 -- C:\Windows\winsxs\x86_microsoft-windows-userinit_31bf3856ad364e35_6.0.6001.18000_none_dc28ba15d1aff80b\userinit.exe
 
< MD5 for: WININIT.EXE  >
[2008.01.21 04:23:42 | 000,096,768 | ---- | M] (Microsoft Corporation) MD5=101BA3EA053480BB5D957EF37C06B5ED -- C:\Windows\System32\wininit.exe
[2008.01.21 04:23:42 | 000,096,768 | ---- | M] (Microsoft Corporation) MD5=101BA3EA053480BB5D957EF37C06B5ED -- C:\Windows\winsxs\x86_microsoft-windows-wininit_31bf3856ad364e35_6.0.6001.18000_none_30f2b8cf0450a6a2\wininit.exe
 
< MD5 for: WINLOGON.EXE  >
[2012.01.13 14:53:20 | 000,182,856 | ---- | M] () MD5=63EEC8A8B221AB79045E776E5F592868 -- C:\Program Files\Malwarebytes' Anti-Malware\Chameleon\winlogon.exe
[2009.04.10 23:28:14 | 000,314,368 | ---- | M] (Microsoft Corporation) MD5=898E7C06A350D4A1A64A9EA264D55452 -- C:\Windows\System32\winlogon.exe
[2009.04.10 23:28:14 | 000,314,368 | ---- | M] (Microsoft Corporation) MD5=898E7C06A350D4A1A64A9EA264D55452 -- C:\Windows\winsxs\x86_microsoft-windows-winlogon_31bf3856ad364e35_6.0.6002.18005_none_71ae7a22d2134741\winlogon.exe
[2008.01.21 04:24:49 | 000,314,880 | ---- | M] (Microsoft Corporation) MD5=C2610B6BDBEFC053BBDAB4F1B965CB24 -- C:\Windows\winsxs\x86_microsoft-windows-winlogon_31bf3856ad364e35_6.0.6001.18000_none_6fc30116d4f17bf5\winlogon.exe
 
< MD5 for: WS2IFSL.SYS  >
[2008.01.21 04:24:47 | 000,015,872 | ---- | M] (Microsoft Corporation) MD5=E3A3CB253C0EC2494D4A61F5E43A389C -- C:\Windows\System32\drivers\ws2ifsl.sys
[2008.01.21 04:24:47 | 000,015,872 | ---- | M] (Microsoft Corporation) MD5=E3A3CB253C0EC2494D4A61F5E43A389C -- C:\Windows\winsxs\x86_microsoft-windows-w..rastructure-ws2ifsl_31bf3856ad364e35_6.0.6001.18000_none_4f86a0d4c7cda641\ws2ifsl.sys
 
< %systemroot%\system32\drivers\*.sys /lockedfiles >
 
< %systemroot%\System32\config\*.sav >
[2008.01.21 05:14:18 | 016,846,848 | ---- | M] () -- C:\Windows\System32\config\COMPONENTS.SAV
[2008.01.21 05:14:08 | 000,106,496 | ---- | M] () -- C:\Windows\System32\config\DEFAULT.SAV
[2008.01.21 05:14:18 | 000,020,480 | ---- | M] () -- C:\Windows\System32\config\SECURITY.SAV
[2006.11.02 12:34:08 | 010,133,504 | ---- | M] () -- C:\Windows\System32\config\SOFTWARE.SAV
[2006.11.02 12:34:08 | 001,826,816 | ---- | M] () -- C:\Windows\System32\config\SYSTEM.SAV
 
< %systemroot%\*. /mp /s >
 
< %systemroot%\system32\*.dll /lockedfiles >
[2011.01.27 00:56:30 | 000,462,848 | ---- | M] (Advanced Micro Devices, Inc.) Unable to obtain MD5 -- C:\Windows\system32\ATIDEMGX.dll

< End of report >

Eine Extras.txt Log-Datei mit folgendem Inhalt hat sich zusätzlich geöffnet:

Code:

ATTFilter

OTL Extras logfile created on: 12.04.2012 17:47:06 - Run 1
OTL by OldTimer - Version 3.2.39.2     Folder = C:\Users\Patricia Scharf\Desktop
Windows Vista Home Premium Edition Service Pack 2 (Version = 6.0.6002) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
 
3,12 Gb Total Physical Memory | 2,53 Gb Available Physical Memory | 81,06% Memory free
6,47 Gb Paging File | 5,39 Gb Available in Paging File | 83,29% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 298,09 Gb Total Space | 221,89 Gb Free Space | 74,44% Space Free | Partition Type: NTFS
Drive D: | 111,78 Gb Total Space | 68,70 Gb Free Space | 61,46% Space Free | Partition Type: NTFS
 
Computer Name: PATRICIA-PC | User Name: Patricia Scharf | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users | Quick Scan
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days
 
========== Extra Registry (SafeList) ==========
 
 
========== File Associations ==========
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- C:\Windows\System32\control.exe (Microsoft Corporation)
.hlp [@ = hlpfile] -- C:\Windows\winhlp32.exe (Microsoft Corporation)
 
[HKEY_USERS\S-1-5-21-2138413153-3778864687-1211121035-1000\SOFTWARE\Classes\<extension>]
.html [@ = FirefoxHTML] -- C:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation)
 
========== Shell Spawning ==========
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
hlpfile [open] -- %SystemRoot%\winhlp32.exe %1 (Microsoft Corporation)
htmlfile [edit] -- Reg Error: Key error.
htmlfile [print] -- rundll32.exe %windir%\system32\mshtml.dll,PrintHTML "%1"
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [open] -- %SystemRoot%\Explorer.exe /separate,/idlist,%I,%L (Microsoft Corporation)
Folder [explore] -- %SystemRoot%\Explorer.exe /separate,/e,/idlist,%I,%L (Microsoft Corporation)
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
 
========== Security Center Settings ==========
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 1
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"AntiVirusOverride" = 0
"AntiSpywareOverride" = 0
"FirewallOverride" = 0
"VistaSp1" = Reg Error: Unknown registry data type -- File not found
"VistaSp2" = Reg Error: Unknown registry data type -- File not found
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol]
 
========== Firewall Settings ==========
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"EnableFirewall" = 0
"DisableNotifications" = 0
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"EnableFirewall" = 0
"DisableNotifications" = 0
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
"EnableFirewall" = 0
"DisableNotifications" = 0
 
========== Authorized Applications List ==========
 
 
========== Vista Active Open Ports Exception List ==========
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{0FBD08F7-C0E4-44C4-B1AD-BE60277250EE}" = rport=445 | protocol=6 | dir=out | app=system | 
"{1396CD32-CE4B-43AD-AAB8-3BF3AE723685}" = lport=139 | protocol=6 | dir=in | app=system | 
"{5E580AA7-BC36-496B-A035-6D16D562AC31}" = lport=445 | protocol=6 | dir=in | app=system | 
"{5FA4698E-7084-497A-815A-61D0CA254326}" = lport=137 | protocol=17 | dir=in | app=system | 
"{73BA76C7-1524-44B3-9E36-CEBCCFDEFD27}" = rport=139 | protocol=6 | dir=out | app=system | 
"{869CBF6E-926F-4D08-871B-23827AFC31B5}" = lport=138 | protocol=17 | dir=in | app=system | 
"{9594876E-1E3E-4B66-A0F1-23BB43767B4F}" = lport=rpc | protocol=6 | dir=in | svc=spooler | app=%systemroot%\system32\spoolsv.exe | 
"{9FC228C2-D7B9-44DB-B761-4E85242D9490}" = lport=rpc-epmap | protocol=6 | dir=in | svc=rpcss | name=@firewallapi.dll,-28539 | 
"{C28E2C82-2A61-460A-BFA6-4F82DC97A2E8}" = rport=137 | protocol=17 | dir=out | app=system | 
"{E38964A6-4035-45D6-B9B0-25E7948F2D0E}" = rport=138 | protocol=17 | dir=out | app=system | 
 
========== Vista Active Application Exception List ==========
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{4F73898C-46C2-44F1-82F5-2431D81E6BED}" = protocol=58 | dir=out | name=@firewallapi.dll,-28546 | 
"{A8956110-C79B-41D3-96E4-78B53E191D17}" = protocol=58 | dir=in | name=@firewallapi.dll,-28545 | 
"{CB957BC9-C2B5-4E62-B62E-B5B0F147972F}" = protocol=1 | dir=out | name=@firewallapi.dll,-28544 | 
"{FC9812E4-D387-48E4-B425-AE2CA001072E}" = protocol=1 | dir=in | name=@firewallapi.dll,-28543 | 
 
========== HKEY_LOCAL_MACHINE Uninstall List ==========
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"_{AB84BA61-3D10-4782-B52C-A37DB20532E5}" = Corel PaintShop Photo 2010
"{0053CC02-9A68-C88E-6890-0A749DF9BD7B}" = CCC Help Thai
"{052FDD78-A6EA-3187-8386-C82F4CA3A929}" = Microsoft .NET Framework 3.5 Language Pack SP1 - deu
"{0805B720-5CD0-143C-E569-149D546A92FA}" = CCC Help Chinese Traditional
"{11B79EBE-12F0-7F67-028C-28763D04522C}" = CCC Help Polish
"{19901F0F-3857-5E46-FF17-9B5653860B75}" = CCC Help Turkish
"{1E6A4185-C2E8-1AB7-6C05-806C015FFE7E}" = CCC Help Czech
"{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
"{20D4A895-748C-4D88-871C-FDB1695B0169}" = Platform
"{20DFB114-5520-4BEE-B276-4A4204E1FBB4}" = PureHD
"{26A24AE4-039D-4CA4-87B4-2F83216022FF}" = Java(TM) 6 Update 22
"{2747BEA4-A2E1-6513-7524-4DBBC7823E4A}" = CCC Help Chinese Standard
"{2DD9C2F1-CC6E-449D-935B-4111396EF19F}" = MLE
"{2E443D29-FB41-07FB-21E9-852D477570BE}" = CCC Help English
"{307A2BE0-FC2A-5CFB-C948-058D62F4B39D}" = ccc-utility
"{3776754C-4283-DF7D-F28A-0221CD5F07AE}" = CCC Help Russian
"{3A1B5D40-41E9-43FA-8C7B-A8667F5586EF}" = JMicron JMB36X Driver
"{3C3901C5-3455-3E0A-A214-0B093A5070A6}" = Microsoft .NET Framework 4 Client Profile
"{4286716B-1287-48E7-9078-3DC8248DBA96}" = OpenOffice.org 3.3
"{451D691A-D425-01D3-B1C7-0A3161878ECE}" = CCC Help Hungarian
"{46D19CDC-934A-B652-FC86-C2D4732C6D09}" = AMD Fuel
"{47FDE7DF-E065-EBF3-5CA1-44BB75F05F6A}" = CCC Help Japanese
"{491D92A9-69CA-4EB4-81D3-0106F9337957}" = TurboV EVO
"{49E54A90-948C-D78B-CECE-9A7B380491F0}" = CCC Help Norwegian
"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
"{4A93AD88-E424-F6A3-5620-697FA89AAD14}" = CCC Help Korean
"{4C6B0067-4399-7F36-4C34-18D861D7662E}" = CCC Help French
"{5442DAB8-7177-49E1-8B22-09A049EA5996}" = Renesas Electronics USB 3.0 Host Controller Driver
"{55DE01D1-9E39-292C-8DF8-9F753992D548}" = CCC Help Swedish
"{5A4B0298-6C1A-E615-BE09-D65A63AAB2ED}" = Catalyst Control Center Graphics Previews Common
"{5FD89EA1-99C2-40EE-BBF5-20F8991ED756}" = Catalyst Control Center - Branding
"{624885E1-2458-4F12-A975-EA368C3523FA}" = DeviceIO
"{6BCD1560-6292-4A70-A808-C0FE414A7DB4}" = Contents
"{7299052b-02a4-4627-81f2-1818da5d550d}" = Microsoft Visual C++ 2005 Redistributable
"{7A497FCE-53D2-8D70-C497-CD5585953F62}" = CCC Help Spanish
"{7B15D70E-9449-4CFB-B9BC-798465B2BD5C}" = Norton Internet Security
"{8833FFB6-5B0C-4764-81AA-06DFEED9A476}" = Realtek Ethernet Controller Driver For Windows Vista
"{8DC42D05-680B-41B0-8878-6C14D24602DB}" = QuickTime
"{987B04C4-B5AC-4AD6-A7E9-8D681085B850}" = AMD USB Filter Driver
"{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
"{9C2AC00C-0C06-4B7E-97A4-A833808D54D6}" = EPU
"{A440AC73-43D1-D096-B7B8-051E4282F330}" = CCC Help Finnish
"{A982D950-FAB9-744E-41BE-285082FF86C2}" = CCC Help Italian
"{AAEB8781-5EBD-4332-B86D-428DE7EF6DA2}" = Setup
"{AB84BA61-3D10-4782-B52C-A37DB20532E5}" = ICA
"{AC76BA86-7AD7-1031-7B44-A94000000001}" = Adobe Reader 9.4.0 - Deutsch
"{B1B96C4D-EDE5-4A47-A4E3-01C3504A812B}" = Corel Style Pack 2010-001
"{B39A18D0-296E-2B41-4CCC-58AF0B772F8E}" = CCC Help Greek
"{C6526EF6-214D-20CC-E8B8-2E79BFC0D11E}" = CCC Help Dutch
"{CA212D9E-EDFB-B0D8-B1D5-05ED5838F6B7}" = ccc-core-static
"{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}" = Microsoft .NET Framework 3.5 SP1
"{CF8F619D-9919-4C1A-859D-B9F24C2454AD}" = IPM_P
"{D793423B-FF18-4A54-B9C9-75B3396BAAC4}" = Browser Configuration Utility
"{D95A0957-F389-C180-9660-B48E41FD83D4}" = ATI Catalyst Install Manager
"{DE9069FA-EF9E-25CD-67E7-0242935CCD49}" = HydraVision
"{DEDE10BE-6C0D-6941-95EA-0822D8DE1C90}" = CCC Help Portuguese
"{E0B7F981-EA26-491A-A975-E3AB4748E9FA}" = Share
"{E0EF9C75-60EA-4DFB-A537-2A9E0C2E2056}" = PSPH10
"{E1D8FD24-8CC4-9038-0B15-ADBB922DA352}" = CCC Help Danish
"{E38C00D0-A68B-4318-A8A6-F7D4B5B1DF0E}" = Windows Media Encoder 9 Series
"{F3FA8952-2C42-452A-BA22-2F7BDEC8D310}" = VIO
"{F750C986-5310-3A5A-95F8-4EC71C8AC01C}" = Microsoft .NET Framework 4 Client Profile DEU Language Pack
"{F7725A3F-32F6-85C9-1EFA-92C482B35363}" = ATI AVIVO Codecs
"{FA5E8C25-6204-76B9-AB27-866D6A2131C5}" = Catalyst Control Center Localization All
"{FB45F14F-E6F9-796D-86A3-C096B5BEF842}" = CCC Help German
"{FE33F0E4-33DD-E7E9-78CB-507306FD0463}" = Catalyst Control Center InstallProxy
"Adobe Flash Player ActiveX" = Adobe Flash Player 10 ActiveX
"Adobe Flash Player Plugin" = Adobe Flash Player 11 Plugin
"ALDI Bestellsoftware" = ALDI Bestellsoftware 4.11.0
"ESET Online Scanner" = ESET Online Scanner v3
"InstallShield_{20D4A895-748C-4D88-871C-FDB1695B0169}" = VIA Plattform-Geräte-Manager
"InstallShield_{5442DAB8-7177-49E1-8B22-09A049EA5996}" = Renesas Electronics USB 3.0 Host Controller Driver
"Malwarebytes' Anti-Malware_is1" = Malwarebytes Anti-Malware Version 1.60.1.1000
"Microsoft .NET Framework 3.5 Language Pack SP1 - deu" = Microsoft .NET Framework 3.5 Language Pack SP1 - DEU
"Microsoft .NET Framework 3.5 SP1" = Microsoft .NET Framework 3.5 SP1
"Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile
"Microsoft .NET Framework 4 Client Profile DEU Language Pack" = Microsoft .NET Framework 4 Client Profile DEU Language Pack
"Mozilla Firefox 7.0.1 (x86 de)" = Mozilla Firefox 7.0.1 (x86 de)
"NIS" = Norton Internet Security
"Windows Media Encoder 9" = Windows Media Encoder 9 Series
 
========== Last 10 Event Log Errors ==========
 
[ Application Events ]
Error - 12.04.2012 06:59:58 | Computer Name = Patricia-PC | Source = LoadPerf | ID = 3012
Description = 
 
Error - 12.04.2012 06:59:58 | Computer Name = Patricia-PC | Source = LoadPerf | ID = 3011
Description = 
 
Error - 12.04.2012 07:30:28 | Computer Name = Patricia-PC | Source = WinMgmt | ID = 10
Description = 
 
Error - 12.04.2012 07:34:19 | Computer Name = Patricia-PC | Source = LoadPerf | ID = 3012
Description = 
 
Error - 12.04.2012 07:34:19 | Computer Name = Patricia-PC | Source = LoadPerf | ID = 3012
Description = 
 
Error - 12.04.2012 07:34:19 | Computer Name = Patricia-PC | Source = LoadPerf | ID = 3011
Description = 
 
Error - 12.04.2012 07:47:58 | Computer Name = Patricia-PC | Source = WinMgmt | ID = 10
Description = 
 
Error - 12.04.2012 07:51:52 | Computer Name = Patricia-PC | Source = LoadPerf | ID = 3012
Description = 
 
Error - 12.04.2012 07:51:52 | Computer Name = Patricia-PC | Source = LoadPerf | ID = 3012
Description = 
 
Error - 12.04.2012 07:51:52 | Computer Name = Patricia-PC | Source = LoadPerf | ID = 3011
Description = 
 
[ System Events ]
Error - 03.01.2012 04:51:25 | Computer Name = Patricia-PC | Source = Microsoft-Windows-Servicing | ID = 4375
Description = 
 
Error - 03.01.2012 04:51:25 | Computer Name = Patricia-PC | Source = Microsoft-Windows-Servicing | ID = 4375
Description = 
 
Error - 03.01.2012 04:51:25 | Computer Name = Patricia-PC | Source = Microsoft-Windows-Servicing | ID = 4375
Description = 
 
Error - 03.01.2012 04:51:25 | Computer Name = Patricia-PC | Source = Microsoft-Windows-Servicing | ID = 4375
Description = 
 
Error - 03.01.2012 04:51:58 | Computer Name = Patricia-PC | Source = Microsoft-Windows-WindowsUpdateClient | ID = 20
Description = 
 
Error - 07.01.2012 09:10:52 | Computer Name = Patricia-PC | Source = Microsoft-Windows-Servicing | ID = 4375
Description = 
 
Error - 07.01.2012 09:10:52 | Computer Name = Patricia-PC | Source = Microsoft-Windows-Servicing | ID = 4375
Description = 
 
Error - 07.01.2012 09:10:52 | Computer Name = Patricia-PC | Source = Microsoft-Windows-Servicing | ID = 4375
Description = 
 
Error - 07.01.2012 09:10:52 | Computer Name = Patricia-PC | Source = Microsoft-Windows-Servicing | ID = 4375
Description = 
 
Error - 07.01.2012 09:11:16 | Computer Name = Patricia-PC | Source = Microsoft-Windows-WindowsUpdateClient | ID = 20
Description = 
 
 
< End of report >

cosinus · 12.04.2012, 19:30

Bitte nun (im normalen Windows-Modus) dieses Tool von Kaspersky (TDSS-Killer) ausführen und das Log posten Anleitung und Downloadlink hier => http://www.trojaner-board.de/82358-t...entfernen.html

Hinweis: Bitte den Virenscanner abstellen bevor du den TDSS-Killer ausführst, denn v.a. Avira meldet im TDSS-Tool oft einen Fehalalrm!

Das Tool so einstellen wie unten im Bild angegeben - klick auf change parameters und setze die Haken wie im folgenden Screenshot abgebildet,
Dann auf Start Scan klicken und wenn es durch ist auf den Button Report klicken um das Log anzuzeigen. Dieses bitte komplett posten.
Wenn du das Log nicht findest oder den Inhalt kopieren und in dein Posting übertragen kannst, dann schau bitte direkt auf deiner Windows-Systempartition (meistens Laufwerk C

nach, da speichert der TDSS-Killer seine Logs.

Hinweis: Bitte nichts voreilig mit dem TDSS-Killer löschen! Falls Objekte vom TDSS-Killer bemängelt werden, alle mit der Aktion "skip" behandeln und hier nur das Log posten!

Terminator92 · 12.04.2012, 19:47

Hier der Report vom TDSS-Killer:

Code:

ATTFilter

20:45:16.0194 1400	TDSS rootkit removing tool 2.7.28.0 Apr 10 2012 16:54:05
20:45:16.0419 1400	============================================================
20:45:16.0419 1400	Current date / time: 2012/04/12 20:45:16.0419
20:45:16.0419 1400	SystemInfo:
20:45:16.0419 1400	
20:45:16.0419 1400	OS Version: 6.0.6002 ServicePack: 2.0
20:45:16.0419 1400	Product type: Workstation
20:45:16.0419 1400	ComputerName: PATRICIA-PC
20:45:16.0419 1400	UserName: Patricia Scharf
20:45:16.0420 1400	Windows directory: C:\Windows
20:45:16.0420 1400	System windows directory: C:\Windows
20:45:16.0420 1400	Processor architecture: Intel x86
20:45:16.0420 1400	Number of processors: 2
20:45:16.0420 1400	Page size: 0x1000
20:45:16.0420 1400	Boot type: Normal boot
20:45:16.0420 1400	============================================================
20:45:17.0471 1400	Drive \Device\Harddisk0\DR0 - Size: 0x1BF286DE00 (111.79 Gb), SectorSize: 0x200, Cylinders: 0x3901, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000058
20:45:17.0480 1400	Drive \Device\Harddisk1\DR1 - Size: 0x4A85D56000 (298.09 Gb), SectorSize: 0x200, Cylinders: 0x9801, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000050
20:45:17.0481 1400	\Device\Harddisk0\DR0:
20:45:17.0481 1400	MBR used
20:45:17.0481 1400	\Device\Harddisk0\DR0\Partition0: MBR, Type 0x7, StartLBA 0x3F, BlocksNum 0xDF8F8C1
20:45:17.0481 1400	\Device\Harddisk1\DR1:
20:45:17.0482 1400	MBR used
20:45:17.0482 1400	\Device\Harddisk1\DR1\Partition0: MBR, Type 0x7, StartLBA 0x800, BlocksNum 0x2542D800
20:45:17.0534 1400	Initialize success
20:45:17.0534 1400	============================================================
20:45:36.0244 4148	============================================================
20:45:36.0244 4148	Scan started
20:45:36.0244 4148	Mode: Manual; SigCheck; TDLFS; 
20:45:36.0244 4148	============================================================
20:45:36.0687 4148	ACPI            (82b296ae1892fe3dbee00c9cf92f8ac7) C:\Windows\system32\drivers\acpi.sys
20:45:36.0746 4148	ACPI - ok
20:45:36.0794 4148	AdobeFlashPlayerUpdateSvc (0d4c486a24a711a45fd83acdf4d18506) C:\Windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe
20:45:36.0802 4148	AdobeFlashPlayerUpdateSvc - ok
20:45:36.0837 4148	adp94xx         (04f0fcac69c7c71a3ac4eb97fafc8303) C:\Windows\system32\drivers\adp94xx.sys
20:45:36.0853 4148	adp94xx - ok
20:45:36.0871 4148	adpahci         (60505e0041f7751bdbb80f88bf45c2ce) C:\Windows\system32\drivers\adpahci.sys
20:45:36.0882 4148	adpahci - ok
20:45:36.0898 4148	adpu160m        (8a42779b02aec986eab64ecfc98f8bd7) C:\Windows\system32\drivers\adpu160m.sys
20:45:36.0908 4148	adpu160m - ok
20:45:36.0922 4148	adpu320         (241c9e37f8ce45ef51c3de27515ca4e5) C:\Windows\system32\drivers\adpu320.sys
20:45:36.0931 4148	adpu320 - ok
20:45:36.0963 4148	AeLookupSvc     (9d1fda9e086ba64e3c93c9de32461bcf) C:\Windows\System32\aelupsvc.dll
20:45:37.0053 4148	AeLookupSvc - ok
20:45:37.0092 4148	AFD             (3911b972b55fea0478476b2e777b29fa) C:\Windows\system32\drivers\afd.sys
20:45:37.0146 4148	AFD - ok
20:45:37.0180 4148	agp440          (13f9e33747e6b41a3ff305c37db0d360) C:\Windows\system32\drivers\agp440.sys
20:45:37.0192 4148	agp440 - ok
20:45:37.0209 4148	aic78xx         (ae1fdf7bf7bb6c6a70f67699d880592a) C:\Windows\system32\drivers\djsvs.sys
20:45:37.0220 4148	aic78xx - ok
20:45:37.0233 4148	ALG             (a1545b731579895d8cc44fc0481c1192) C:\Windows\System32\alg.exe
20:45:37.0304 4148	ALG - ok
20:45:37.0320 4148	aliide          (9eaef5fc9b8e351afa7e78a6fae91f91) C:\Windows\system32\drivers\aliide.sys
20:45:37.0330 4148	aliide - ok
20:45:37.0361 4148	AMD External Events Utility (aefeee2e852f2774a4491c8efa6c3b6e) C:\Windows\system32\atiesrxx.exe
20:45:37.0413 4148	AMD External Events Utility - ok
20:45:37.0473 4148	AMD Reservation Manager (9fe76d783a7d47965d086a220b54277b) C:\Program Files\ATI Technologies\ATI.ACE\Reservation Manager\AMD Reservation Manager.exe
20:45:37.0484 4148	AMD Reservation Manager - ok
20:45:37.0510 4148	amdagp          (c47344bc706e5f0b9dce369516661578) C:\Windows\system32\drivers\amdagp.sys
20:45:37.0521 4148	amdagp - ok
20:45:37.0537 4148	amdide          (9b78a39a4c173fdbc1321e0dd659b34c) C:\Windows\system32\drivers\amdide.sys
20:45:37.0548 4148	amdide - ok
20:45:37.0562 4148	amdiox86        (ff258424f0b2ef25eb98f04ee386e6e3) C:\Windows\system32\DRIVERS\amdiox86.sys
20:45:37.0588 4148	amdiox86 - ok
20:45:37.0605 4148	AmdK7           (18f29b49ad23ecee3d2a826c725c8d48) C:\Windows\system32\drivers\amdk7.sys
20:45:37.0633 4148	AmdK7 - ok
20:45:37.0645 4148	AmdK8           (93ae7f7dd54ab986a6f1a1b37be7442d) C:\Windows\system32\drivers\amdk8.sys
20:45:37.0668 4148	AmdK8 - ok
20:45:37.0787 4148	amdkmdag        (d05cf4523e0c04ef82454abfd84fdc1d) C:\Windows\system32\DRIVERS\atikmdag.sys
20:45:37.0963 4148	amdkmdag - ok
20:45:38.0026 4148	amdkmdap        (92dc2e0ae49148f83b24d89c737b0c97) C:\Windows\system32\DRIVERS\atikmpag.sys
20:45:38.0051 4148	amdkmdap - ok
20:45:38.0092 4148	Appinfo         (c6d704c7f0434dc791aac37cac4b6e14) C:\Windows\System32\appinfo.dll
20:45:38.0124 4148	Appinfo - ok
20:45:38.0161 4148	arc             (5d2888182fb46632511acee92fdad522) C:\Windows\system32\drivers\arc.sys
20:45:38.0173 4148	arc - ok
20:45:38.0210 4148	arcsas          (5e2a321bd7c8b3624e41fdec3e244945) C:\Windows\system32\drivers\arcsas.sys
20:45:38.0222 4148	arcsas - ok
20:45:38.0247 4148	AsIO            (9d8cb58b9a9e177ddd599791a58a654d) C:\Windows\system32\drivers\AsIO.sys
20:45:38.0256 4148	AsIO - ok
20:45:38.0293 4148	AsSysCtrlService (8c1fd73cc27edd8d3344c632571c224c) C:\Program Files\ASUS\AsSysCtrlService\1.00.05\AsSysCtrlService.exe
20:45:38.0333 4148	AsSysCtrlService ( UnsignedFile.Multi.Generic ) - warning
20:45:38.0333 4148	AsSysCtrlService - detected UnsignedFile.Multi.Generic (1)
20:45:38.0359 4148	AsyncMac        (53b202abee6455406254444303e87be1) C:\Windows\system32\DRIVERS\asyncmac.sys
20:45:38.0406 4148	AsyncMac - ok
20:45:38.0433 4148	atapi           (1f05b78ab91c9075565a9d8a4b880bc4) C:\Windows\system32\drivers\atapi.sys
20:45:38.0449 4148	atapi - ok
20:45:38.0477 4148	AtiHDAudioService (0c3c2e9136397e1aaa9033dcae25ced2) C:\Windows\system32\drivers\AtihdLH3.sys
20:45:38.0487 4148	AtiHDAudioService - ok
20:45:38.0513 4148	AtiPcie         (b73c832088dd54b55e04ff6f9646ad8c) C:\Windows\system32\DRIVERS\AtiPcie.sys
20:45:38.0522 4148	AtiPcie - ok
20:45:38.0611 4148	AudioEndpointBuilder (68e2a1a0407a66cf50da0300852424ab) C:\Windows\System32\Audiosrv.dll
20:45:38.0653 4148	AudioEndpointBuilder - ok
20:45:38.0659 4148	Audiosrv        (68e2a1a0407a66cf50da0300852424ab) C:\Windows\System32\Audiosrv.dll
20:45:38.0682 4148	Audiosrv - ok
20:45:38.0726 4148	BCUService      (7ed4e1d2e124ad4e6a287cf49dbc9bba) C:\Program Files\DeviceVM\Browser Configuration Utility\BCUService.exe
20:45:38.0740 4148	BCUService - ok
20:45:38.0817 4148	Beep            (67e506b75bd5326a3ec7b70bd014dfb6) C:\Windows\system32\drivers\Beep.sys
20:45:38.0839 4148	Beep - ok
20:45:38.0860 4148	BFE             (c789af0f724fda5852fb9a7d3a432381) C:\Windows\System32\bfe.dll
20:45:38.0904 4148	BFE - ok
20:45:38.0994 4148	BHDrvx86        (9d14d76e4e7b9b2ead17149011db2b11) C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_17.5.0.127\Definitions\BASHDefs\20111221.003\BHDrvx86.sys
20:45:39.0010 4148	BHDrvx86 - ok
20:45:39.0054 4148	BITS            (93952506c6d67330367f7e7934b6a02f) C:\Windows\System32\qmgr.dll
20:45:39.0094 4148	BITS - ok
20:45:39.0107 4148	blbdrive        (d4df28447741fd3d953526e33a617397) C:\Windows\system32\drivers\blbdrive.sys
20:45:39.0122 4148	blbdrive - ok
20:45:39.0154 4148	bowser          (35f376253f687bde63976ccb3f2108ca) C:\Windows\system32\DRIVERS\bowser.sys
20:45:39.0179 4148	bowser - ok
20:45:39.0205 4148	BrFiltLo        (9f9acc7f7ccde8a15c282d3f88b43309) C:\Windows\system32\drivers\brfiltlo.sys
20:45:39.0228 4148	BrFiltLo - ok
20:45:39.0254 4148	BrFiltUp        (56801ad62213a41f6497f96dee83755a) C:\Windows\system32\drivers\brfiltup.sys
20:45:39.0271 4148	BrFiltUp - ok
20:45:39.0291 4148	Browser         (a3629a0c4226f9e9c72faaeebc3ad33c) C:\Windows\System32\browser.dll
20:45:39.0314 4148	Browser - ok
20:45:39.0331 4148	Brserid         (b304e75cff293029eddf094246747113) C:\Windows\system32\drivers\brserid.sys
20:45:39.0435 4148	Brserid - ok
20:45:39.0454 4148	BrSerWdm        (203f0b1e73adadbbb7b7b1fabd901f6b) C:\Windows\system32\drivers\brserwdm.sys
20:45:39.0507 4148	BrSerWdm - ok
20:45:39.0519 4148	BrUsbMdm        (bd456606156ba17e60a04e18016ae54b) C:\Windows\system32\drivers\brusbmdm.sys
20:45:39.0570 4148	BrUsbMdm - ok
20:45:39.0581 4148	BrUsbSer        (af72ed54503f717a43268b3cc5faec2e) C:\Windows\system32\drivers\brusbser.sys
20:45:39.0638 4148	BrUsbSer - ok
20:45:39.0679 4148	BTHMODEM        (ad07c1ec6665b8b35741ab91200c6b68) C:\Windows\system32\drivers\bthmodem.sys
20:45:39.0732 4148	BTHMODEM - ok
20:45:39.0806 4148	ccHP            (1fa1c0e73eca849bed29a47c508f7f17) C:\Windows\system32\drivers\NIS\1109000.00C\ccHPx86.sys
20:45:39.0830 4148	ccHP - ok
20:45:39.0850 4148	cdfs            (7add03e75beb9e6dd102c3081d29840a) C:\Windows\system32\DRIVERS\cdfs.sys
20:45:39.0875 4148	cdfs - ok
20:45:39.0900 4148	cdrom           (6b4bffb9becd728097024276430db314) C:\Windows\system32\DRIVERS\cdrom.sys
20:45:39.0918 4148	cdrom - ok
20:45:39.0948 4148	CertPropSvc     (312ec3e37a0a1f2006534913e37b4423) C:\Windows\System32\certprop.dll
20:45:39.0989 4148	CertPropSvc - ok
20:45:40.0009 4148	circlass        (e5d4133f37219dbcfe102bc61072589d) C:\Windows\system32\drivers\circlass.sys
20:45:40.0028 4148	circlass - ok
20:45:40.0039 4148	CLFS            (d7659d3b5b92c31e84e53c1431f35132) C:\Windows\system32\CLFS.sys
20:45:40.0050 4148	CLFS - ok
20:45:40.0104 4148	clr_optimization_v2.0.50727_32 (8ee772032e2fe80a924f3b8dd5082194) C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe
20:45:40.0110 4148	clr_optimization_v2.0.50727_32 - ok
20:45:40.0165 4148	clr_optimization_v4.0.30319_32 (c5a75eb48e2344abdc162bda79e16841) C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe
20:45:40.0174 4148	clr_optimization_v4.0.30319_32 - ok
20:45:40.0200 4148	cmdide          (0ca25e686a4928484e9fdabd168ab629) C:\Windows\system32\drivers\cmdide.sys
20:45:40.0209 4148	cmdide - ok
20:45:40.0283 4148	Compbatt        (6afef0b60fa25de07c0968983ee4f60a) C:\Windows\system32\drivers\compbatt.sys
20:45:40.0293 4148	Compbatt - ok
20:45:40.0363 4148	COMSysApp - ok
20:45:40.0420 4148	crcdisk         (741e9dff4f42d2d8477d0fc1dc0df871) C:\Windows\system32\drivers\crcdisk.sys
20:45:40.0428 4148	crcdisk - ok
20:45:40.0454 4148	Crusoe          (1f07becdca750766a96cda811ba86410) C:\Windows\system32\drivers\crusoe.sys
20:45:40.0476 4148	Crusoe - ok
20:45:40.0524 4148	CryptSvc        (fb27772beaf8e1d28ccd825c09da939b) C:\Windows\system32\cryptsvc.dll
20:45:40.0556 4148	CryptSvc - ok
20:45:40.0608 4148	DcomLaunch      (3b5b4d53fec14f7476ca29a20cc31ac9) C:\Windows\system32\rpcss.dll
20:45:40.0659 4148	DcomLaunch - ok
20:45:40.0684 4148	DfsC            (622c41a07ca7e6dd91770f50d532cb6c) C:\Windows\system32\Drivers\dfsc.sys
20:45:40.0712 4148	DfsC - ok
20:45:40.0774 4148	DFSR            (2cc3dcfb533a1035b13dcab6160ab38b) C:\Windows\system32\DFSR.exe
20:45:40.0854 4148	DFSR - ok
20:45:40.0911 4148	Dhcp            (9028559c132146fb75eb7acf384b086a) C:\Windows\System32\dhcpcsvc.dll
20:45:40.0937 4148	Dhcp - ok
20:45:40.0961 4148	disk            (5d4aefc3386920236a548271f8f1af6a) C:\Windows\system32\drivers\disk.sys
20:45:40.0974 4148	disk - ok
20:45:41.0012 4148	Dnscache        (57d762f6f5974af0da2be88a3349baaa) C:\Windows\System32\dnsrslvr.dll
20:45:41.0050 4148	Dnscache - ok
20:45:41.0072 4148	dot3svc         (324fd74686b1ef5e7c19a8af49e748f6) C:\Windows\System32\dot3svc.dll
20:45:41.0092 4148	dot3svc - ok
20:45:41.0118 4148	DPS             (a622e888f8aa2f6b49e9bc466f0e5def) C:\Windows\system32\dps.dll
20:45:41.0170 4148	DPS - ok
20:45:41.0201 4148	drmkaud         (97fef831ab90bee128c9af390e243f80) C:\Windows\system32\drivers\drmkaud.sys
20:45:41.0234 4148	drmkaud - ok
20:45:41.0294 4148	DXGKrnl         (c68ac676b0ef30cfbb1080adce49eb1f) C:\Windows\System32\drivers\dxgkrnl.sys
20:45:41.0316 4148	DXGKrnl - ok
20:45:41.0345 4148	E1G60           (5425f74ac0c1dbd96a1e04f17d63f94c) C:\Windows\system32\DRIVERS\E1G60I32.sys
20:45:41.0370 4148	E1G60 - ok
20:45:41.0394 4148	EapHost         (c0b95e40d85cd807d614e264248a45b9) C:\Windows\System32\eapsvc.dll
20:45:41.0419 4148	EapHost - ok
20:45:41.0453 4148	Ecache          (7f64ea048dcfac7acf8b4d7b4e6fe371) C:\Windows\system32\drivers\ecache.sys
20:45:41.0466 4148	Ecache - ok
20:45:41.0564 4148	eeCtrl          (75e8b69f28c813675b16db357f20720f) C:\Program Files\Common Files\Symantec Shared\EENGINE\eeCtrl.sys
20:45:41.0582 4148	eeCtrl - ok
20:45:41.0611 4148	ehRecvr         (9be3744d295a7701eb425332014f0797) C:\Windows\ehome\ehRecvr.exe
20:45:41.0635 4148	ehRecvr - ok
20:45:41.0649 4148	ehSched         (ad1870c8e5d6dd340c829e6074bf3c3f) C:\Windows\ehome\ehsched.exe
20:45:41.0683 4148	ehSched - ok
20:45:41.0694 4148	ehstart         (c27c4ee8926e74aa72efcab24c5242c3) C:\Windows\ehome\ehstart.dll
20:45:41.0715 4148	ehstart - ok
20:45:41.0743 4148	elxstor         (23b62471681a124889978f6295b3f4c6) C:\Windows\system32\drivers\elxstor.sys
20:45:41.0761 4148	elxstor - ok
20:45:41.0794 4148	EMDMgmt         (4e6b23dfc917ea39306b529b773950f4) C:\Windows\system32\emdmgmt.dll
20:45:41.0856 4148	EMDMgmt - ok
20:45:41.0940 4148	EraserUtilRebootDrv (720b18d76de9e603b626dfcd6f1fca7c) C:\Program Files\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys
20:45:41.0950 4148	EraserUtilRebootDrv - ok
20:45:41.0990 4148	ErrDev          (3db974f3935483555d7148663f726c61) C:\Windows\system32\drivers\errdev.sys
20:45:42.0023 4148	ErrDev - ok
20:45:42.0054 4148	EventSystem     (67058c46504bc12d821f38cf99b7b28f) C:\Windows\system32\es.dll
20:45:42.0115 4148	EventSystem - ok
20:45:42.0164 4148	exfat           (22b408651f9123527bcee54b4f6c5cae) C:\Windows\system32\drivers\exfat.sys
20:45:42.0187 4148	exfat - ok
20:45:42.0232 4148	fastfat         (1e9b9a70d332103c52995e957dc09ef8) C:\Windows\system32\drivers\fastfat.sys
20:45:42.0263 4148	fastfat - ok
20:45:42.0287 4148	fdc             (afe1e8b9782a0dd7fb46bbd88e43f89a) C:\Windows\system32\DRIVERS\fdc.sys
20:45:42.0313 4148	fdc - ok
20:45:42.0330 4148	fdPHost         (6629b5f0e98151f4afdd87567ea32ba3) C:\Windows\system32\fdPHost.dll
20:45:42.0345 4148	fdPHost - ok
20:45:42.0354 4148	FDResPub        (89ed56dce8e47af40892778a5bd31fd2) C:\Windows\system32\fdrespub.dll
20:45:42.0380 4148	FDResPub - ok
20:45:42.0388 4148	FileInfo        (a8c0139a884861e3aae9cfe73b208a9f) C:\Windows\system32\drivers\fileinfo.sys
20:45:42.0395 4148	FileInfo - ok
20:45:42.0411 4148	Filetrace       (0ae429a696aecbc5970e3cf2c62635ae) C:\Windows\system32\drivers\filetrace.sys
20:45:42.0434 4148	Filetrace - ok
20:45:42.0452 4148	flpydisk        (85b7cf99d532820495d68d747fda9ebd) C:\Windows\system32\DRIVERS\flpydisk.sys
20:45:42.0477 4148	flpydisk - ok
20:45:42.0484 4148	FltMgr          (01334f9ea68e6877c4ef05d3ea8abb05) C:\Windows\system32\drivers\fltmgr.sys
20:45:42.0493 4148	FltMgr - ok
20:45:42.0538 4148	FontCache       (8ce364388c8eca59b14b539179276d44) C:\Windows\system32\FntCache.dll
20:45:42.0575 4148	FontCache - ok
20:45:42.0632 4148	FontCache3.0.0.0 (c7fbdd1ed42f82bfa35167a5c9803ea3) C:\Windows\Microsoft.Net\Framework\v3.0\WPF\PresentationFontCache.exe
20:45:42.0639 4148	FontCache3.0.0.0 - ok
20:45:42.0658 4148	Fs_Rec          (b972a66758577e0bfd1de0f91aaa27b5) C:\Windows\system32\drivers\Fs_Rec.sys
20:45:42.0684 4148	Fs_Rec - ok
20:45:42.0701 4148	gagp30kx        (34582a6e6573d54a07ece5fe24a126b5) C:\Windows\system32\drivers\gagp30kx.sys
20:45:42.0710 4148	gagp30kx - ok
20:45:42.0744 4148	gpsvc           (cd5d0aeee35dfd4e986a5aa1500a6e66) C:\Windows\System32\gpsvc.dll
20:45:42.0789 4148	gpsvc - ok
20:45:42.0828 4148	HdAudAddService (cb04c744be0a61b1d648faed182c3b59) C:\Windows\system32\drivers\HdAudio.sys
20:45:42.0867 4148	HdAudAddService - ok
20:45:42.0894 4148	HDAudBus        (062452b7ffd68c8c042a6261fe8dff4a) C:\Windows\system32\DRIVERS\HDAudBus.sys
20:45:42.0947 4148	HDAudBus - ok
20:45:42.0959 4148	HidBth          (1338520e78d90154ed6be8f84de5fceb) C:\Windows\system32\drivers\hidbth.sys
20:45:43.0010 4148	HidBth - ok
20:45:43.0035 4148	HidIr           (ff3160c3a2445128c5a6d9b076da519e) C:\Windows\system32\drivers\hidir.sys
20:45:43.0090 4148	HidIr - ok
20:45:43.0111 4148	hidserv         (84067081f3318162797385e11a8f0582) C:\Windows\system32\hidserv.dll
20:45:43.0153 4148	hidserv - ok
20:45:43.0187 4148	HidUsb          (cca4b519b17e23a00b826c55716809cc) C:\Windows\system32\DRIVERS\hidusb.sys
20:45:43.0218 4148	HidUsb - ok
20:45:43.0245 4148	hkmsvc          (d8ad255b37da92434c26e4876db7d418) C:\Windows\system32\kmsvc.dll
20:45:43.0275 4148	hkmsvc - ok
20:45:43.0288 4148	HpCISSs         (16ee7b23a009e00d835cdb79574a91a6) C:\Windows\system32\drivers\hpcisss.sys
20:45:43.0299 4148	HpCISSs - ok
20:45:43.0316 4148	HTTP            (f870aa3e254628ebeafe754108d664de) C:\Windows\system32\drivers\HTTP.sys
20:45:43.0356 4148	HTTP - ok
20:45:43.0379 4148	i2omp           (c6b032d69650985468160fc9937cf5b4) C:\Windows\system32\drivers\i2omp.sys
20:45:43.0390 4148	i2omp - ok
20:45:43.0420 4148	i8042prt        (22d56c8184586b7a1f6fa60be5f5a2bd) C:\Windows\system32\DRIVERS\i8042prt.sys
20:45:43.0444 4148	i8042prt - ok
20:45:43.0457 4148	iaStorV         (54155ea1b0df185878e0fc9ec3ac3a14) C:\Windows\system32\drivers\iastorv.sys
20:45:43.0471 4148	iaStorV - ok
20:45:43.0543 4148	idsvc           (98477b08e61945f974ed9fdc4cb6bdab) C:\Windows\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\infocard.exe
20:45:43.0589 4148	idsvc - ok
20:45:43.0692 4148	IDSVix86        (9bc8840de4140e8e2a6fc3192e054a8c) C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_17.5.0.127\Definitions\IPSDefs\20111222.001\IDSvix86.sys
20:45:43.0707 4148	IDSVix86 - ok
20:45:43.0731 4148	iirsp           (2d077bf86e843f901d8db709c95b49a5) C:\Windows\system32\drivers\iirsp.sys
20:45:43.0741 4148	iirsp - ok
20:45:43.0784 4148	IKEEXT          (9908d8a397b76cd8d31d0d383c5773c9) C:\Windows\System32\ikeext.dll
20:45:43.0840 4148	IKEEXT - ok
20:45:43.0868 4148	intelide        (83aa759f3189e6370c30de5dc5590718) C:\Windows\system32\drivers\intelide.sys
20:45:43.0879 4148	intelide - ok
20:45:43.0892 4148	intelppm        (224191001e78c89dfa78924c3ea595ff) C:\Windows\system32\DRIVERS\intelppm.sys
20:45:43.0920 4148	intelppm - ok
20:45:43.0940 4148	IPBusEnum       (9ac218c6e6105477484c6fdbe7d409a4) C:\Windows\system32\ipbusenum.dll
20:45:43.0976 4148	IPBusEnum - ok
20:45:43.0987 4148	IpFilterDriver  (62c265c38769b864cb25b4bcf62df6c3) C:\Windows\system32\DRIVERS\ipfltdrv.sys
20:45:44.0018 4148	IpFilterDriver - ok
20:45:44.0038 4148	iphlpsvc        (1998bd97f950680bb55f55a7244679c2) C:\Windows\System32\iphlpsvc.dll
20:45:44.0075 4148	iphlpsvc - ok
20:45:44.0081 4148	IpInIp - ok
20:45:44.0114 4148	IPMIDRV         (b25aaf203552b7b3491139d582b39ad1) C:\Windows\system32\drivers\ipmidrv.sys
20:45:44.0175 4148	IPMIDRV - ok
20:45:44.0193 4148	IPNAT           (8793643a67b42cec66490b2a0cf92d68) C:\Windows\system32\DRIVERS\ipnat.sys
20:45:44.0234 4148	IPNAT - ok
20:45:44.0252 4148	IRENUM          (109c0dfb82c3632fbd11949b73aeeac9) C:\Windows\system32\drivers\irenum.sys
20:45:44.0288 4148	IRENUM - ok
20:45:44.0306 4148	isapnp          (6c70698a3e5c4376c6ab5c7c17fb0614) C:\Windows\system32\drivers\isapnp.sys
20:45:44.0321 4148	isapnp - ok
20:45:44.0355 4148	iScsiPrt        (232fa340531d940aac623b121a595034) C:\Windows\system32\DRIVERS\msiscsi.sys
20:45:44.0369 4148	iScsiPrt - ok
20:45:44.0385 4148	iteatapi        (bced60d16156e428f8df8cf27b0df150) C:\Windows\system32\drivers\iteatapi.sys
20:45:44.0395 4148	iteatapi - ok
20:45:44.0411 4148	iteraid         (06fa654504a498c30adca8bec4e87e7e) C:\Windows\system32\drivers\iteraid.sys
20:45:44.0421 4148	iteraid - ok
20:45:44.0443 4148	JRAID           (66b92b9287b9b5d2e8d61f61c8f3b97a) C:\Windows\system32\DRIVERS\jraid.sys
20:45:44.0453 4148	JRAID - ok
20:45:44.0464 4148	kbdclass        (37605e0a8cf00cbba538e753e4344c6e) C:\Windows\system32\DRIVERS\kbdclass.sys
20:45:44.0475 4148	kbdclass - ok
20:45:44.0503 4148	kbdhid          (ede59ec70e25c24581add1fbec7325f7) C:\Windows\system32\DRIVERS\kbdhid.sys
20:45:44.0523 4148	kbdhid - ok
20:45:44.0564 4148	KeyIso          (a3e186b4b935905b829219502557314e) C:\Windows\system32\lsass.exe
20:45:44.0600 4148	KeyIso - ok
20:45:44.0630 4148	KSecDD          (2b2f1638466e8cb091400c9019cc730e) C:\Windows\system32\Drivers\ksecdd.sys
20:45:44.0650 4148	KSecDD - ok
20:45:44.0704 4148	KtmRm           (8078f8f8f7a79e2e6b494523a828c585) C:\Windows\system32\msdtckrm.dll
20:45:44.0786 4148	KtmRm - ok
20:45:44.0857 4148	LanmanServer    (1bf5eebfd518dd7298434d8c862f825d) C:\Windows\system32\srvsvc.dll
20:45:44.0902 4148	LanmanServer - ok
20:45:44.0931 4148	LanmanWorkstation (1db69705b695b987082c8baec0c6b34f) C:\Windows\System32\wkssvc.dll
20:45:44.0959 4148	LanmanWorkstation - ok
20:45:44.0987 4148	lltdio          (d1c5883087a0c3f1344d9d55a44901f6) C:\Windows\system32\DRIVERS\lltdio.sys
20:45:45.0034 4148	lltdio - ok
20:45:45.0053 4148	lltdsvc         (2d5a428872f1442631d0959a34abff63) C:\Windows\System32\lltdsvc.dll
20:45:45.0092 4148	lltdsvc - ok
20:45:45.0107 4148	lmhosts         (35d40113e4a5b961b6ce5c5857702518) C:\Windows\System32\lmhsvc.dll
20:45:45.0149 4148	lmhosts - ok
20:45:45.0183 4148	LSI_FC          (c7e15e82879bf3235b559563d4185365) C:\Windows\system32\drivers\lsi_fc.sys
20:45:45.0195 4148	LSI_FC - ok
20:45:45.0227 4148	LSI_SAS         (ee01ebae8c9bf0fa072e0ff68718920a) C:\Windows\system32\drivers\lsi_sas.sys
20:45:45.0239 4148	LSI_SAS - ok
20:45:45.0267 4148	LSI_SCSI        (912a04696e9ca30146a62afa1463dd5c) C:\Windows\system32\drivers\lsi_scsi.sys
20:45:45.0279 4148	LSI_SCSI - ok
20:45:45.0298 4148	luafv           (8f5c7426567798e62a3b3614965d62cc) C:\Windows\system32\drivers\luafv.sys
20:45:45.0328 4148	luafv - ok
20:45:45.0364 4148	MBAMProtector   (b7ca8cc3f978201856b6ab82f40953c3) C:\Windows\system32\drivers\mbam.sys
20:45:45.0374 4148	MBAMProtector - ok
20:45:45.0425 4148	MBAMService     (056b19651bd7b7ce5f89a3ac46dbdc08) C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe
20:45:45.0452 4148	MBAMService - ok
20:45:45.0472 4148	Mcx2Svc         (aef9babb8a506bc4ce0451a64aaded46) C:\Windows\system32\Mcx2Svc.dll
20:45:45.0491 4148	Mcx2Svc - ok
20:45:45.0505 4148	megasas         (0001ce609d66632fa17b84705f658879) C:\Windows\system32\drivers\megasas.sys
20:45:45.0516 4148	megasas - ok
20:45:45.0531 4148	MegaSR          (c252f32cd9a49dbfc25ecf26ebd51a99) C:\Windows\system32\drivers\megasr.sys
20:45:45.0565 4148	MegaSR - ok
20:45:45.0599 4148	MMCSS           (1076ffcffaae8385fd62dfcb25ac4708) C:\Windows\system32\mmcss.dll
20:45:45.0655 4148	MMCSS - ok
20:45:45.0671 4148	Modem           (e13b5ea0f51ba5b1512ec671393d09ba) C:\Windows\system32\drivers\modem.sys
20:45:45.0698 4148	Modem - ok
20:45:45.0716 4148	monitor         (0a9bb33b56e294f686abb7c1e4e2d8a8) C:\Windows\system32\DRIVERS\monitor.sys
20:45:45.0745 4148	monitor - ok
20:45:45.0758 4148	mouclass        (5bf6a1326a335c5298477754a506d263) C:\Windows\system32\DRIVERS\mouclass.sys
20:45:45.0769 4148	mouclass - ok
20:45:45.0786 4148	mouhid          (93b8d4869e12cfbe663915502900876f) C:\Windows\system32\DRIVERS\mouhid.sys
20:45:45.0810 4148	mouhid - ok
20:45:45.0820 4148	MountMgr        (bdafc88aa6b92f7842416ea6a48e1600) C:\Windows\system32\drivers\mountmgr.sys
20:45:45.0832 4148	MountMgr - ok
20:45:45.0851 4148	mpio            (511d011289755dd9f9a7579fb0b064e6) C:\Windows\system32\drivers\mpio.sys
20:45:45.0863 4148	mpio - ok
20:45:45.0877 4148	mpsdrv          (22241feba9b2defa669c8cb0a8dd7d2e) C:\Windows\system32\drivers\mpsdrv.sys
20:45:45.0894 4148	mpsdrv - ok
20:45:45.0921 4148	MpsSvc          (5de62c6e9108f14f6794060a9bdecaec) C:\Windows\system32\mpssvc.dll
20:45:45.0961 4148	MpsSvc - ok
20:45:45.0974 4148	Mraid35x        (4fbbb70d30fd20ec51f80061703b001e) C:\Windows\system32\drivers\mraid35x.sys
20:45:45.0983 4148	Mraid35x - ok
20:45:45.0999 4148	MRxDAV          (82cea0395524aacfeb58ba1448e8325c) C:\Windows\system32\drivers\mrxdav.sys
20:45:46.0011 4148	MRxDAV - ok
20:45:46.0041 4148	mrxsmb          (1e94971c4b446ab2290deb71d01cf0c2) C:\Windows\system32\DRIVERS\mrxsmb.sys
20:45:46.0077 4148	mrxsmb - ok
20:45:46.0106 4148	mrxsmb10        (4fccb34d793b116423209c0f8b7a3b03) C:\Windows\system32\DRIVERS\mrxsmb10.sys
20:45:46.0148 4148	mrxsmb10 - ok
20:45:46.0170 4148	mrxsmb20        (c3cb1b40ad4a0124d617a1199b0b9d7c) C:\Windows\system32\DRIVERS\mrxsmb20.sys
20:45:46.0189 4148	mrxsmb20 - ok
20:45:46.0219 4148	msahci          (28023e86f17001f7cd9b15a5bc9ae07d) C:\Windows\system32\drivers\msahci.sys
20:45:46.0230 4148	msahci - ok
20:45:46.0245 4148	msdsm           (4468b0f385a86ecddaf8d3ca662ec0e7) C:\Windows\system32\drivers\msdsm.sys
20:45:46.0257 4148	msdsm - ok
20:45:46.0280 4148	MSDTC           (fd7520cc3a80c5fc8c48852bb24c6ded) C:\Windows\System32\msdtc.exe
20:45:46.0311 4148	MSDTC - ok
20:45:46.0326 4148	Msfs            (a9927f4a46b816c92f461acb90cf8515) C:\Windows\system32\drivers\Msfs.sys
20:45:46.0349 4148	Msfs - ok
20:45:46.0365 4148	msisadrv        (0f400e306f385c56317357d6dea56f62) C:\Windows\system32\drivers\msisadrv.sys
20:45:46.0376 4148	msisadrv - ok
20:45:46.0404 4148	MSiSCSI         (85466c0757a23d9a9aecdc0755203cb2) C:\Windows\system32\iscsiexe.dll
20:45:46.0429 4148	MSiSCSI - ok
20:45:46.0435 4148	msiserver - ok
20:45:46.0457 4148	MSKSSRV         (d8c63d34d9c9e56c059e24ec7185cc07) C:\Windows\system32\drivers\MSKSSRV.sys
20:45:46.0489 4148	MSKSSRV - ok
20:45:46.0500 4148	MSPCLOCK        (1d373c90d62ddb641d50e55b9e78d65e) C:\Windows\system32\drivers\MSPCLOCK.sys
20:45:46.0523 4148	MSPCLOCK - ok
20:45:46.0534 4148	MSPQM           (b572da05bf4e098d4bba3a4734fb505b) C:\Windows\system32\drivers\MSPQM.sys
20:45:46.0566 4148	MSPQM - ok
20:45:46.0591 4148	MsRPC           (b49456d70555de905c311bcda6ec6adb) C:\Windows\system32\drivers\MsRPC.sys
20:45:46.0604 4148	MsRPC - ok
20:45:46.0617 4148	mssmbios        (e384487cb84be41d09711c30ca79646c) C:\Windows\system32\DRIVERS\mssmbios.sys
20:45:46.0628 4148	mssmbios - ok
20:45:46.0638 4148	MSTEE           (7199c1eec1e4993caf96b8c0a26bd58a) C:\Windows\system32\drivers\MSTEE.sys
20:45:46.0661 4148	MSTEE - ok
20:45:46.0686 4148	MTsensor        (dcdaab8697a47894a554050ce18d0b56) C:\Windows\system32\DRIVERS\ASACPI.sys
20:45:46.0710 4148	MTsensor - ok
20:45:46.0717 4148	Mup             (6a57b5733d4cb702c8ea4542e836b96c) C:\Windows\system32\Drivers\mup.sys
20:45:46.0729 4148	Mup - ok
20:45:46.0753 4148	napagent        (e4eaf0c5c1b41b5c83386cf212ca9584) C:\Windows\system32\qagentRT.dll
20:45:46.0782 4148	napagent - ok
20:45:46.0807 4148	NativeWifiP     (85c44fdff9cf7e72a40dcb7ec06a4416) C:\Windows\system32\DRIVERS\nwifi.sys
20:45:46.0820 4148	NativeWifiP - ok
20:45:46.0892 4148	NAVENG          (862f55824ac81295837b0ab63f91071f) C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_17.5.0.127\Definitions\VirusDefs\20111223.002\NAVENG.SYS
20:45:46.0901 4148	NAVENG - ok
20:45:46.0931 4148	NAVEX15         (529d571b551cb9da44237389b936f1ae) C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_17.5.0.127\Definitions\VirusDefs\20111223.002\NAVEX15.SYS
20:45:46.0972 4148	NAVEX15 - ok
20:45:47.0031 4148	NDIS            (1357274d1883f68300aeadd15d7bbb42) C:\Windows\system32\drivers\ndis.sys
20:45:47.0052 4148	NDIS - ok
20:45:47.0077 4148	NdisTapi        (0e186e90404980569fb449ba7519ae61) C:\Windows\system32\DRIVERS\ndistapi.sys
20:45:47.0104 4148	NdisTapi - ok
20:45:47.0130 4148	Ndisuio         (d6973aa34c4d5d76c0430b181c3cd389) C:\Windows\system32\DRIVERS\ndisuio.sys
20:45:47.0154 4148	Ndisuio - ok
20:45:47.0174 4148	NdisWan         (818f648618ae34f729fdb47ec68345c3) C:\Windows\system32\DRIVERS\ndiswan.sys
20:45:47.0192 4148	NdisWan - ok
20:45:47.0202 4148	NDProxy         (71dab552b41936358f3b541ae5997fb3) C:\Windows\system32\drivers\NDProxy.sys
20:45:47.0219 4148	NDProxy - ok
20:45:47.0229 4148	NetBIOS         (bcd093a5a6777cf626434568dc7dba78) C:\Windows\system32\DRIVERS\netbios.sys
20:45:47.0266 4148	NetBIOS - ok
20:45:47.0283 4148	netbt           (ecd64230a59cbd93c85f1cd1cab9f3f6) C:\Windows\system32\DRIVERS\netbt.sys
20:45:47.0302 4148	netbt - ok
20:45:47.0346 4148	Netlogon        (a3e186b4b935905b829219502557314e) C:\Windows\system32\lsass.exe
20:45:47.0357 4148	Netlogon - ok
20:45:47.0380 4148	Netman          (c8052711daecc48b982434c5116ca401) C:\Windows\System32\netman.dll
20:45:47.0416 4148	Netman - ok
20:45:47.0432 4148	netprofm        (2ef3bbe22e5a5acd1428ee387a0d0172) C:\Windows\System32\netprofm.dll
20:45:47.0457 4148	netprofm - ok
20:45:47.0518 4148	NetTcpPortSharing (d6c4e4a39a36029ac0813d476fbd0248) C:\Windows\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\SMSvcHost.exe
20:45:47.0528 4148	NetTcpPortSharing - ok
20:45:47.0538 4148	nfrd960         (2e7fb731d4790a1bc6270accefacb36e) C:\Windows\system32\drivers\nfrd960.sys
20:45:47.0545 4148	nfrd960 - ok
20:45:47.0620 4148	NIS             (b4187346f54e362daffe647b25a58d50) C:\Program Files\Norton Internet Security\Engine\17.9.0.12\ccSvcHst.exe
20:45:47.0626 4148	NIS - ok
20:45:47.0635 4148	NlaSvc          (2997b15415f9bbe05b5a4c1c85e0c6a2) C:\Windows\System32\nlasvc.dll
20:45:47.0651 4148	NlaSvc - ok
20:45:47.0669 4148	Npfs            (d36f239d7cce1931598e8fb90a0dbc26) C:\Windows\system32\drivers\Npfs.sys
20:45:47.0690 4148	Npfs - ok
20:45:47.0706 4148	nsi             (8bb86f0c7eea2bded6fe095d0b4ca9bd) C:\Windows\system32\nsisvc.dll
20:45:47.0725 4148	nsi - ok
20:45:47.0737 4148	nsiproxy        (609773e344a97410ce4ebf74a8914fcf) C:\Windows\system32\drivers\nsiproxy.sys
20:45:47.0769 4148	nsiproxy - ok
20:45:47.0807 4148	Ntfs            (6a4a98cee84cf9e99564510dda4baa47) C:\Windows\system32\drivers\Ntfs.sys
20:45:47.0833 4148	Ntfs - ok
20:45:47.0871 4148	ntrigdigi       (e875c093aec0c978a90f30c9e0dfbb72) C:\Windows\system32\drivers\ntrigdigi.sys
20:45:47.0902 4148	ntrigdigi - ok
20:45:47.0912 4148	Null            (c5dbbcda07d780bda9b685df333bb41e) C:\Windows\system32\drivers\Null.sys
20:45:47.0930 4148	Null - ok
20:45:47.0950 4148	nusb3hub        (03ad379554b50fa1802be4ec2e291e92) C:\Windows\system32\DRIVERS\nusb3hub.sys
20:45:47.0957 4148	nusb3hub - ok
20:45:47.0979 4148	nusb3xhc        (06fe87c9d181af5f04d192e604e10e6c) C:\Windows\system32\DRIVERS\nusb3xhc.sys
20:45:47.0987 4148	nusb3xhc - ok
20:45:48.0009 4148	nvraid          (2edf9e7751554b42cbb60116de727101) C:\Windows\system32\drivers\nvraid.sys
20:45:48.0018 4148	nvraid - ok
20:45:48.0032 4148	nvstor          (abed0c09758d1d97db0042dbb2688177) C:\Windows\system32\drivers\nvstor.sys
20:45:48.0040 4148	nvstor - ok
20:45:48.0050 4148	nv_agp          (18bbdf913916b71bd54575bdb6eeac0b) C:\Windows\system32\drivers\nv_agp.sys
20:45:48.0061 4148	nv_agp - ok
20:45:48.0067 4148	NwlnkFlt - ok
20:45:48.0076 4148	NwlnkFwd - ok
20:45:48.0101 4148	ohci1394        (6f310e890d46e246e0e261a63d9b36b4) C:\Windows\system32\DRIVERS\ohci1394.sys
20:45:48.0115 4148	ohci1394 - ok
20:45:48.0161 4148	p2pimsvc        (0c8e8e61ad1eb0b250b846712c917506) C:\Windows\system32\p2psvc.dll
20:45:48.0226 4148	p2pimsvc - ok
20:45:48.0236 4148	p2psvc          (0c8e8e61ad1eb0b250b846712c917506) C:\Windows\system32\p2psvc.dll
20:45:48.0269 4148	p2psvc - ok
20:45:48.0301 4148	Parport         (0fa9b5055484649d63c303fe404e5f4d) C:\Windows\system32\drivers\parport.sys
20:45:48.0343 4148	Parport - ok
20:45:48.0367 4148	partmgr         (57389fa59a36d96b3eb09d0cb91e9cdc) C:\Windows\system32\drivers\partmgr.sys
20:45:48.0379 4148	partmgr - ok
20:45:48.0396 4148	Parvdm          (4f9a6a8a31413180d0fcb279ad5d8112) C:\Windows\system32\drivers\parvdm.sys
20:45:48.0445 4148	Parvdm - ok
20:45:48.0470 4148	PcaSvc          (c6276ad11f4bb49b58aa1ed88537f14a) C:\Windows\System32\pcasvc.dll
20:45:48.0497 4148	PcaSvc - ok
20:45:48.0533 4148	pci             (941dc1d19e7e8620f40bbc206981efdb) C:\Windows\system32\drivers\pci.sys
20:45:48.0546 4148	pci - ok
20:45:48.0558 4148	pciide          (1636d43f10416aeb483bc6001097b26c) C:\Windows\system32\drivers\pciide.sys
20:45:48.0570 4148	pciide - ok
20:45:48.0586 4148	pcmcia          (e6f3fb1b86aa519e7698ad05e58b04e5) C:\Windows\system32\drivers\pcmcia.sys
20:45:48.0598 4148	pcmcia - ok
20:45:48.0635 4148	PEAUTH          (6349f6ed9c623b44b52ea3c63c831a92) C:\Windows\system32\drivers\peauth.sys
20:45:48.0705 4148	PEAUTH - ok
20:45:48.0757 4148	pla             (b1689df169143f57053f795390c99db3) C:\Windows\system32\pla.dll
20:45:48.0832 4148	pla - ok
20:45:48.0869 4148	PlugPlay        (c5e7f8a996ec0a82d508fd9064a5569e) C:\Windows\system32\umpnpmgr.dll
20:45:48.0919 4148	PlugPlay - ok
20:45:48.0964 4148	PNRPAutoReg     (0c8e8e61ad1eb0b250b846712c917506) C:\Windows\system32\p2psvc.dll
20:45:48.0985 4148	PNRPAutoReg - ok
20:45:48.0995 4148	PNRPsvc         (0c8e8e61ad1eb0b250b846712c917506) C:\Windows\system32\p2psvc.dll
20:45:49.0017 4148	PNRPsvc - ok
20:45:49.0059 4148	PolicyAgent     (d0494460421a03cd5225cca0059aa146) C:\Windows\System32\ipsecsvc.dll
20:45:49.0107 4148	PolicyAgent - ok
20:45:49.0154 4148	PptpMiniport    (ecfffaec0c1ecd8dbc77f39070ea1db1) C:\Windows\system32\DRIVERS\raspptp.sys
20:45:49.0185 4148	PptpMiniport - ok
20:45:49.0207 4148	Processor       (2027293619dd0f047c584cf2e7df4ffd) C:\Windows\system32\DRIVERS\processr.sys
20:45:49.0237 4148	Processor - ok
20:45:49.0267 4148	ProfSvc         (0508faa222d28835310b7bfca7a77346) C:\Windows\system32\profsvc.dll
20:45:49.0295 4148	ProfSvc - ok
20:45:49.0322 4148	ProtectedStorage (a3e186b4b935905b829219502557314e) C:\Windows\system32\lsass.exe
20:45:49.0333 4148	ProtectedStorage - ok
20:45:49.0357 4148	PSched          (99514faa8df93d34b5589187db3aa0ba) C:\Windows\system32\DRIVERS\pacer.sys
20:45:49.0387 4148	PSched - ok
20:45:49.0434 4148	PSI_SVC_2       (a6a7ad767bf5141665f5c675f671b3e1) C:\Program Files\Common Files\Protexis\License Service\PsiService_2.exe
20:45:49.0444 4148	PSI_SVC_2 - ok
20:45:49.0477 4148	ql2300          (0a6db55afb7820c99aa1f3a1d270f4f6) C:\Windows\system32\drivers\ql2300.sys
20:45:49.0512 4148	ql2300 - ok
20:45:49.0555 4148	ql40xx          (81a7e5c076e59995d54bc1ed3a16e60b) C:\Windows\system32\drivers\ql40xx.sys
20:45:49.0567 4148	ql40xx - ok
20:45:49.0587 4148	QWAVE           (e9ecae663f47e6cb43962d18ab18890f) C:\Windows\system32\qwave.dll
20:45:49.0605 4148	QWAVE - ok
20:45:49.0623 4148	QWAVEdrv        (9f5e0e1926014d17486901c88eca2db7) C:\Windows\system32\drivers\qwavedrv.sys
20:45:49.0635 4148	QWAVEdrv - ok
20:45:49.0652 4148	RasAcd          (147d7f9c556d259924351feb0de606c3) C:\Windows\system32\DRIVERS\rasacd.sys
20:45:49.0685 4148	RasAcd - ok
20:45:49.0705 4148	RasAuto         (f6a452eb4ceadbb51c9e0ee6b3ecef0f) C:\Windows\System32\rasauto.dll
20:45:49.0730 4148	RasAuto - ok
20:45:49.0749 4148	Rasl2tp         (a214adbaf4cb47dd2728859ef31f26b0) C:\Windows\system32\DRIVERS\rasl2tp.sys
20:45:49.0783 4148	Rasl2tp - ok
20:45:49.0814 4148	RasMan          (75d47445d70ca6f9f894b032fbc64fcf) C:\Windows\System32\rasmans.dll
20:45:49.0852 4148	RasMan - ok
20:45:49.0915 4148	RasPppoe        (509a98dd18af4375e1fc40bc175f1def) C:\Windows\system32\DRIVERS\raspppoe.sys
20:45:49.0942 4148	RasPppoe - ok
20:45:49.0950 4148	RasSstp         (2005f4a1e05fa09389ac85840f0a9e4d) C:\Windows\system32\DRIVERS\rassstp.sys
20:45:49.0963 4148	RasSstp - ok
20:45:49.0983 4148	rdbss           (b14c9d5b9add2f84f70570bbbfaa7935) C:\Windows\system32\DRIVERS\rdbss.sys
20:45:50.0004 4148	rdbss - ok
20:45:50.0018 4148	RDPCDD          (89e59be9a564262a3fb6c4f4f1cd9899) C:\Windows\system32\DRIVERS\RDPCDD.sys
20:45:50.0048 4148	RDPCDD - ok
20:45:50.0068 4148	rdpdr           (fbc0bacd9c3d7f6956853f64a66e252d) C:\Windows\system32\drivers\rdpdr.sys
20:45:50.0093 4148	rdpdr - ok
20:45:50.0101 4148	RDPENCDD        (9d91fe5286f748862ecffa05f8a0710c) C:\Windows\system32\drivers\rdpencdd.sys
20:45:50.0124 4148	RDPENCDD - ok
20:45:50.0174 4148	RDPWD           (79c6df8477250f5c54f7c5ae1d6b814e) C:\Windows\system32\drivers\RDPWD.sys
20:45:50.0221 4148	RDPWD - ok
20:45:50.0258 4148	RemoteAccess    (bcdd6b4804d06b1f7ebf29e53a57ece9) C:\Windows\System32\mprdim.dll
20:45:50.0282 4148	RemoteAccess - ok
20:45:50.0296 4148	RemoteRegistry  (9e6894ea18daff37b63e1005f83ae4ab) C:\Windows\system32\regsvc.dll
20:45:50.0316 4148	RemoteRegistry - ok
20:45:50.0326 4148	RpcLocator      (5123f83cbc4349d065534eeb6bbdc42b) C:\Windows\system32\locator.exe
20:45:50.0377 4148	RpcLocator - ok
20:45:50.0410 4148	RpcSs           (3b5b4d53fec14f7476ca29a20cc31ac9) C:\Windows\system32\rpcss.dll
20:45:50.0436 4148	RpcSs - ok
20:45:50.0448 4148	rspndr          (9c508f4074a39e8b4b31d27198146fad) C:\Windows\system32\DRIVERS\rspndr.sys
20:45:50.0477 4148	rspndr - ok
20:45:50.0506 4148	RTL8169         (03aed3e3888aa2e334119ca4bd8bb5de) C:\Windows\system32\DRIVERS\Rtlh86.sys
20:45:50.0518 4148	RTL8169 - ok
20:45:50.0558 4148	SamSs           (a3e186b4b935905b829219502557314e) C:\Windows\system32\lsass.exe
20:45:50.0569 4148	SamSs - ok
20:45:50.0584 4148	sbp2port        (3ce8f073a557e172b330109436984e30) C:\Windows\system32\drivers\sbp2port.sys
20:45:50.0595 4148	sbp2port - ok
20:45:50.0612 4148	SCardSvr        (77b7a11a0c3d78d3386398fbbea1b632) C:\Windows\System32\SCardSvr.dll
20:45:50.0631 4148	SCardSvr - ok
20:45:50.0666 4148	Schedule        (1a58069db21d05eb2ab58ee5753ebe8d) C:\Windows\system32\schedsvc.dll
20:45:50.0746 4148	Schedule - ok
20:45:50.0793 4148	SCPolicySvc     (312ec3e37a0a1f2006534913e37b4423) C:\Windows\System32\certprop.dll
20:45:50.0810 4148	SCPolicySvc - ok
20:45:50.0845 4148	SDRSVC          (716313d9f6b0529d03f726d5aaf6f191) C:\Windows\System32\SDRSVC.dll
20:45:50.0892 4148	SDRSVC - ok
20:45:50.0904 4148	secdrv          (90a3935d05b494a5a39d37e71f09a677) C:\Windows\system32\drivers\secdrv.sys
20:45:50.0954 4148	secdrv - ok
20:45:50.0961 4148	seclogon        (fd5199d4d8a521005e4b5ee7fe00fa9b) C:\Windows\system32\seclogon.dll
20:45:50.0988 4148	seclogon - ok
20:45:51.0005 4148	SENS            (a9bbab5759771e523f55563d6cbe140f) C:\Windows\System32\sens.dll
20:45:51.0039 4148	SENS - ok
20:45:51.0059 4148	Serenum         (ce9ec966638ef0b10b864ddedf62a099) C:\Windows\system32\DRIVERS\serenum.sys
20:45:51.0082 4148	Serenum - ok
20:45:51.0107 4148	Serial          (6d663022db3e7058907784ae14b69898) C:\Windows\system32\DRIVERS\serial.sys
20:45:51.0159 4148	Serial - ok
20:45:51.0177 4148	sermouse        (8af3d28a879bf75db53a0ee7a4289624) C:\Windows\system32\drivers\sermouse.sys
20:45:51.0201 4148	sermouse - ok
20:45:51.0227 4148	SessionEnv      (d2193326f729b163125610dbf3e17d57) C:\Windows\system32\sessenv.dll
20:45:51.0252 4148	SessionEnv - ok
20:45:51.0271 4148	sffdisk         (3efa810bdca87f6ecc24f9832243fe86) C:\Windows\system32\drivers\sffdisk.sys
20:45:51.0288 4148	sffdisk - ok
20:45:51.0302 4148	sffp_mmc        (e95d451f7ea3e583aec75f3b3ee42dc5) C:\Windows\system32\drivers\sffp_mmc.sys
20:45:51.0325 4148	sffp_mmc - ok
20:45:51.0332 4148	sffp_sd         (3d0ea348784b7ac9ea9bd9f317980979) C:\Windows\system32\drivers\sffp_sd.sys
20:45:51.0355 4148	sffp_sd - ok
20:45:51.0367 4148	sfloppy         (46ed8e91793b2e6f848015445a0ac188) C:\Windows\system32\drivers\sfloppy.sys
20:45:51.0415 4148	sfloppy - ok
20:45:51.0434 4148	SharedAccess    (e1499bd0ff76b1b2fbbf1af339d91165) C:\Windows\System32\ipnathlp.dll
20:45:51.0454 4148	SharedAccess - ok
20:45:51.0481 4148	ShellHWDetection (c7230fbee14437716701c15be02c27b8) C:\Windows\System32\shsvcs.dll
20:45:51.0495 4148	ShellHWDetection - ok
20:45:51.0510 4148	sisagp          (1d76624a09a054f682d746b924e2dbc3) C:\Windows\system32\drivers\sisagp.sys
20:45:51.0521 4148	sisagp - ok
20:45:51.0536 4148	SiSRaid2        (43cb7aa756c7db280d01da9b676cfde2) C:\Windows\system32\drivers\sisraid2.sys
20:45:51.0545 4148	SiSRaid2 - ok
20:45:51.0566 4148	SiSRaid4        (a99c6c8b0baa970d8aa59ddc50b57f94) C:\Windows\system32\drivers\sisraid4.sys
20:45:51.0574 4148	SiSRaid4 - ok
20:45:51.0634 4148	slsvc           (862bb4cbc05d80c5b45be430e5ef872f) C:\Windows\system32\SLsvc.exe
20:45:51.0689 4148	slsvc - ok
20:45:51.0731 4148	SLUINotify      (6edc422215cd78aa8a9cde6b30abbd35) C:\Windows\system32\SLUINotify.dll
20:45:51.0743 4148	SLUINotify - ok
20:45:51.0751 4148	Smb             (7b75299a4d201d6a6533603d6914ab04) C:\Windows\system32\DRIVERS\smb.sys
20:45:51.0777 4148	Smb - ok
20:45:51.0811 4148	SNMPTRAP        (2a146a055b4401c16ee62d18b8e2a032) C:\Windows\System32\snmptrap.exe
20:45:51.0819 4148	SNMPTRAP - ok
20:45:51.0836 4148	spldr           (7aebdeef071fe28b0eef2cdd69102bff) C:\Windows\system32\drivers\spldr.sys
20:45:51.0844 4148	spldr - ok
20:45:51.0873 4148	Spooler         (8554097e5136c3bf9f69fe578a1b35f4) C:\Windows\System32\spoolsv.exe
20:45:51.0912 4148	Spooler - ok
20:45:51.0973 4148	SRTSP           (ec5c3c6260f4019b03dfaa03ec8cbf6a) C:\Windows\System32\Drivers\NIS\1109000.00C\SRTSP.SYS
20:45:51.0985 4148	SRTSP - ok
20:45:52.0004 4148	SRTSPX          (55d5c37ed41231e3ac2063d16df50840) C:\Windows\system32\drivers\NIS\1109000.00C\SRTSPX.SYS
20:45:52.0011 4148	SRTSPX - ok
20:45:52.0028 4148	srv             (41987f9fc0e61adf54f581e15029ad91) C:\Windows\system32\DRIVERS\srv.sys
20:45:52.0066 4148	srv - ok
20:45:52.0095 4148	srv2            (ff33aff99564b1aa534f58868cbe41ef) C:\Windows\system32\DRIVERS\srv2.sys
20:45:52.0119 4148	srv2 - ok
20:45:52.0147 4148	srvnet          (7605c0e1d01a08f3ecd743f38b834a44) C:\Windows\system32\DRIVERS\srvnet.sys
20:45:52.0168 4148	srvnet - ok
20:45:52.0188 4148	SSDPSRV         (03d50b37234967433a5ea5ba72bc0b62) C:\Windows\System32\ssdpsrv.dll
20:45:52.0221 4148	SSDPSRV - ok
20:45:52.0243 4148	SstpSvc         (6f1a32e7b7b30f004d9a20afadb14944) C:\Windows\system32\sstpsvc.dll
20:45:52.0257 4148	SstpSvc - ok
20:45:52.0301 4148	stisvc          (5de7d67e49b88f5f07f3e53c4b92a352) C:\Windows\System32\wiaservc.dll
20:45:52.0358 4148	stisvc - ok
20:45:52.0384 4148	swenum          (7ba58ecf0c0a9a69d44b3dca62becf56) C:\Windows\system32\DRIVERS\swenum.sys
20:45:52.0395 4148	swenum - ok
20:45:52.0423 4148	swprv           (f21fd248040681cca1fb6c9a03aaa93d) C:\Windows\System32\swprv.dll
20:45:52.0457 4148	swprv - ok
20:45:52.0469 4148	Symc8xx         (192aa3ac01df071b541094f251deed10) C:\Windows\system32\drivers\symc8xx.sys
20:45:52.0478 4148	Symc8xx - ok
20:45:52.0524 4148	SymDS           (56890bf9d9204b93042089d4b45ae671) C:\Windows\system32\drivers\NIS\1109000.00C\SYMDS.SYS
20:45:52.0543 4148	SymDS - ok
20:45:52.0569 4148	SymEFA          (10ba64273feff4df0a7ccb0ff3b9b26b) C:\Windows\system32\drivers\NIS\1109000.00C\SYMEFA.SYS
20:45:52.0581 4148	SymEFA - ok
20:45:52.0609 4148	SymEvent        (961b48b86f94d4cc8ceb483f8aa89374) C:\Windows\system32\Drivers\SYMEVENT.SYS
20:45:52.0619 4148	SymEvent - ok
20:45:52.0632 4148	SymIRON         (dc80fbf0a348e54853ef82eed4e11e35) C:\Windows\system32\drivers\NIS\1109000.00C\Ironx86.SYS
20:45:52.0643 4148	SymIRON - ok
20:45:52.0687 4148	SYMTDIv         (b501d61792d8355eae7eb4f7449a9d99) C:\Windows\System32\Drivers\NIS\1109000.00C\SYMTDIV.SYS
20:45:52.0705 4148	SYMTDIv - ok
20:45:52.0721 4148	Sym_hi          (8c8eb8c76736ebaf3b13b633b2e64125) C:\Windows\system32\drivers\sym_hi.sys
20:45:52.0733 4148	Sym_hi - ok
20:45:52.0750 4148	Sym_u3          (8072af52b5fd103bbba387a1e49f62cb) C:\Windows\system32\drivers\sym_u3.sys
20:45:52.0760 4148	Sym_u3 - ok
20:45:52.0781 4148	SysMain         (9a51b04e9886aa4ee90093586b0ba88d) C:\Windows\system32\sysmain.dll
20:45:52.0808 4148	SysMain - ok
20:45:52.0845 4148	TabletInputService (2dca225eae15f42c0933e998ee0231c3) C:\Windows\System32\TabSvc.dll
20:45:52.0868 4148	TabletInputService - ok
20:45:52.0896 4148	TapiSrv         (d7673e4b38ce21ee54c59eeeb65e2483) C:\Windows\System32\tapisrv.dll
20:45:52.0917 4148	TapiSrv - ok
20:45:52.0929 4148	TBS             (cb05822cd9cc6c688168e113c603dbe7) C:\Windows\System32\tbssvc.dll
20:45:52.0964 4148	TBS - ok
20:45:52.0995 4148	Tcpip           (814a1c66fbd4e1b310a517221f1456bf) C:\Windows\system32\drivers\tcpip.sys
20:45:53.0041 4148	Tcpip - ok
20:45:53.0058 4148	Tcpip6          (814a1c66fbd4e1b310a517221f1456bf) C:\Windows\system32\DRIVERS\tcpip.sys
20:45:53.0102 4148	Tcpip6 - ok
20:45:53.0137 4148	tcpipreg        (608c345a255d82a6289c2d468eb41fd7) C:\Windows\system32\drivers\tcpipreg.sys
20:45:53.0176 4148	tcpipreg - ok
20:45:53.0205 4148	TDPIPE          (5dcf5e267be67a1ae926f2df77fbcc56) C:\Windows\system32\drivers\tdpipe.sys
20:45:53.0229 4148	TDPIPE - ok
20:45:53.0243 4148	TDTCP           (389c63e32b3cefed425b61ed92d3f021) C:\Windows\system32\drivers\tdtcp.sys
20:45:53.0266 4148	TDTCP - ok
20:45:53.0283 4148	tdx             (76b06eb8a01fc8624d699e7045303e54) C:\Windows\system32\DRIVERS\tdx.sys
20:45:53.0301 4148	tdx - ok
20:45:53.0323 4148	TermDD          (3cad38910468eab9a6479e2f01db43c7) C:\Windows\system32\DRIVERS\termdd.sys
20:45:53.0335 4148	TermDD - ok
20:45:53.0354 4148	TermService     (bb95da09bef6e7a131bff3ba5032090d) C:\Windows\System32\termsrv.dll
20:45:53.0415 4148	TermService - ok
20:45:53.0435 4148	Themes          (c7230fbee14437716701c15be02c27b8) C:\Windows\system32\shsvcs.dll
20:45:53.0450 4148	Themes - ok
20:45:53.0472 4148	THREADORDER     (1076ffcffaae8385fd62dfcb25ac4708) C:\Windows\system32\mmcss.dll
20:45:53.0497 4148	THREADORDER - ok
20:45:53.0521 4148	TrkWks          (ec74e77d0eb004bd3a809b5f8fb8c2ce) C:\Windows\System32\trkwks.dll
20:45:53.0550 4148	TrkWks - ok
20:45:53.0569 4148	TrustedInstaller (97d9d6a04e3ad9b6c626b9931db78dba) C:\Windows\servicing\TrustedInstaller.exe
20:45:53.0588 4148	TrustedInstaller - ok
20:45:53.0610 4148	tssecsrv        (dcf0f056a2e4f52287264f5ab29cf206) C:\Windows\system32\DRIVERS\tssecsrv.sys
20:45:53.0639 4148	tssecsrv - ok
20:45:53.0651 4148	tunmp           (caecc0120ac49e3d2f758b9169872d38) C:\Windows\system32\DRIVERS\tunmp.sys
20:45:53.0668 4148	tunmp - ok
20:45:53.0689 4148	tunnel          (300db877ac094feab0be7688c3454a9c) C:\Windows\system32\DRIVERS\tunnel.sys
20:45:53.0712 4148	tunnel - ok
20:45:53.0730 4148	uagp35          (7d33c4db2ce363c8518d2dfcf533941f) C:\Windows\system32\drivers\uagp35.sys
20:45:53.0741 4148	uagp35 - ok
20:45:53.0765 4148	udfs            (d9728af68c4c7693cb100b8441cbdec6) C:\Windows\system32\DRIVERS\udfs.sys
20:45:53.0785 4148	udfs - ok
20:45:53.0808 4148	UI0Detect       (ecef404f62863755951e09c802c94ad5) C:\Windows\system32\UI0Detect.exe
20:45:53.0834 4148	UI0Detect - ok
20:45:53.0853 4148	uliagpkx        (b0acfdc9e4af279e9116c03e014b2b27) C:\Windows\system32\drivers\uliagpkx.sys
20:45:53.0865 4148	uliagpkx - ok
20:45:53.0878 4148	uliahci         (9224bb254f591de4ca8d572a5f0d635c) C:\Windows\system32\drivers\uliahci.sys
20:45:53.0893 4148	uliahci - ok
20:45:53.0910 4148	UlSata          (8514d0e5cd0534467c5fc61be94a569f) C:\Windows\system32\drivers\ulsata.sys
20:45:53.0922 4148	UlSata - ok
20:45:53.0940 4148	ulsata2         (38c3c6e62b157a6bc46594fada45c62b) C:\Windows\system32\drivers\ulsata2.sys
20:45:53.0953 4148	ulsata2 - ok
20:45:53.0971 4148	umbus           (32cff9f809ae9aed85464492bf3e32d2) C:\Windows\system32\DRIVERS\umbus.sys
20:45:54.0004 4148	umbus - ok
20:45:54.0018 4148	upnphost        (68308183f4ae0be7bf8ecd07cb297999) C:\Windows\System32\upnphost.dll
20:45:54.0058 4148	upnphost - ok
20:45:54.0069 4148	usbccgp         (8bd3ae150d97ba4e633c6c5c51b41ae1) C:\Windows\system32\drivers\usbccgp.sys
20:45:54.0111 4148	usbccgp - ok
20:45:54.0134 4148	usbcir          (e9476e6c486e76bc4898074768fb7131) C:\Windows\system32\drivers\usbcir.sys
20:45:54.0176 4148	usbcir - ok
20:45:54.0205 4148	usbehci         (79e96c23a97ce7b8f14d310da2db0c9b) C:\Windows\system32\DRIVERS\usbehci.sys
20:45:54.0231 4148	usbehci - ok
20:45:54.0257 4148	usbfilter       (e5b14557793164db879ee56f5b59c3e2) C:\Windows\system32\DRIVERS\usbfilter.sys
20:45:54.0266 4148	usbfilter - ok
20:45:54.0283 4148	usbhub          (4673bbcb006af60e7abddbe7a130ba42) C:\Windows\system32\DRIVERS\usbhub.sys
20:45:54.0321 4148	usbhub - ok
20:45:54.0350 4148	usbohci         (ce697fee0d479290d89bec80dfe793b7) C:\Windows\system32\DRIVERS\usbohci.sys
20:45:54.0375 4148	usbohci - ok
20:45:54.0399 4148	usbprint        (e75c4b5269091d15a2e7dc0b6d35f2f5) C:\Windows\system32\DRIVERS\usbprint.sys
20:45:54.0423 4148	usbprint - ok
20:45:54.0439 4148	USBSTOR         (be3da31c191bc222d9ad503c5224f2ad) C:\Windows\system32\DRIVERS\USBSTOR.SYS
20:45:54.0467 4148	USBSTOR - ok
20:45:54.0480 4148	usbuhci         (814d653efc4d48be3b04a307eceff56f) C:\Windows\system32\DRIVERS\usbuhci.sys
20:45:54.0497 4148	usbuhci - ok
20:45:54.0519 4148	UxSms           (1509e705f3ac1d474c92454a5c2dd81f) C:\Windows\System32\uxsms.dll
20:45:54.0550 4148	UxSms - ok
20:45:54.0569 4148	vds             (cd88d1b7776dc17a119049742ec07eb4) C:\Windows\System32\vds.exe
20:45:54.0620 4148	vds - ok
20:45:54.0657 4148	vga             (87b06e1f30b749a114f74622d013f8d4) C:\Windows\system32\DRIVERS\vgapnp.sys
20:45:54.0686 4148	vga - ok
20:45:54.0699 4148	VgaSave         (2e93ac0a1d8c79d019db6c51f036636c) C:\Windows\System32\drivers\vga.sys
20:45:54.0736 4148	VgaSave - ok
20:45:54.0767 4148	viaagp          (5d7159def58a800d5781ba3a879627bc) C:\Windows\system32\drivers\viaagp.sys
20:45:54.0779 4148	viaagp - ok
20:45:54.0796 4148	ViaC7           (c4f3a691b5bad343e6249bd8c2d45dee) C:\Windows\system32\drivers\viac7.sys
20:45:54.0818 4148	ViaC7 - ok
20:45:54.0854 4148	VIAHdAudAddService (e452632bf8717013f2a5fec53ee5ab48) C:\Windows\system32\drivers\viahduaa.sys
20:45:54.0897 4148	VIAHdAudAddService - ok
20:45:54.0924 4148	viaide          (aadf5587a4063f52c2c3fed7887426fc) C:\Windows\system32\drivers\viaide.sys
20:45:54.0935 4148	viaide - ok
20:45:54.0950 4148	volmgr          (69503668ac66c77c6cd7af86fbdf8c43) C:\Windows\system32\drivers\volmgr.sys
20:45:54.0962 4148	volmgr - ok
20:45:54.0983 4148	volmgrx         (23e41b834759917bfd6b9a0d625d0c28) C:\Windows\system32\drivers\volmgrx.sys
20:45:54.0998 4148	volmgrx - ok
20:45:55.0023 4148	volsnap         (147281c01fcb1df9252de2a10d5e7093) C:\Windows\system32\drivers\volsnap.sys
20:45:55.0038 4148	volsnap - ok
20:45:55.0056 4148	vsmraid         (587253e09325e6bf226b299774b728a9) C:\Windows\system32\drivers\vsmraid.sys
20:45:55.0069 4148	vsmraid - ok
20:45:55.0100 4148	VSS             (db3d19f850c6eb32bdcb9bc0836acddb) C:\Windows\system32\vssvc.exe
20:45:55.0170 4148	VSS - ok
20:45:55.0199 4148	W32Time         (96ea68b9eb310a69c25ebb0282b2b9de) C:\Windows\system32\w32time.dll
20:45:55.0221 4148	W32Time - ok
20:45:55.0244 4148	WacomPen        (48dfee8f1af7c8235d4e626f0c4fe031) C:\Windows\system32\drivers\wacompen.sys
20:45:55.0292 4148	WacomPen - ok
20:45:55.0311 4148	Wanarp          (55201897378cca7af8b5efd874374a26) C:\Windows\system32\DRIVERS\wanarp.sys
20:45:55.0328 4148	Wanarp - ok
20:45:55.0332 4148	Wanarpv6        (55201897378cca7af8b5efd874374a26) C:\Windows\system32\DRIVERS\wanarp.sys
20:45:55.0349 4148	Wanarpv6 - ok
20:45:55.0360 4148	wcncsvc         (a3cd60fd826381b49f03832590e069af) C:\Windows\System32\wcncsvc.dll
20:45:55.0396 4148	wcncsvc - ok
20:45:55.0446 4148	WcsPlugInService (11bcb7afcdd7aadacb5746f544d3a9c7) C:\Windows\System32\WcsPlugInService.dll
20:45:55.0496 4148	WcsPlugInService - ok
20:45:55.0508 4148	Wd              (78fe9542363f297b18c027b2d7e7c07f) C:\Windows\system32\drivers\wd.sys
20:45:55.0519 4148	Wd - ok
20:45:55.0540 4148	Wdf01000        (b6f0a7ad6d4bd325fbcd8bac96cd8d96) C:\Windows\system32\drivers\Wdf01000.sys
20:45:55.0561 4148	Wdf01000 - ok
20:45:55.0575 4148	WdiServiceHost  (abfc76b48bb6c96e3338d8943c5d93b5) C:\Windows\system32\wdi.dll
20:45:55.0611 4148	WdiServiceHost - ok
20:45:55.0616 4148	WdiSystemHost   (abfc76b48bb6c96e3338d8943c5d93b5) C:\Windows\system32\wdi.dll
20:45:55.0641 4148	WdiSystemHost - ok
20:45:55.0663 4148	WebClient       (04c37d8107320312fbae09926103d5e2) C:\Windows\System32\webclnt.dll
20:45:55.0685 4148	WebClient - ok
20:45:55.0715 4148	Wecsvc          (ae3736e7e8892241c23e4ebbb7453b60) C:\Windows\system32\wecsvc.dll
20:45:55.0755 4148	Wecsvc - ok
20:45:55.0769 4148	wercplsupport   (670ff720071ed741206d69bd995ea453) C:\Windows\System32\wercplsupport.dll
20:45:55.0799 4148	wercplsupport - ok
20:45:55.0818 4148	WerSvc          (32b88481d3b326da6deb07b1d03481e7) C:\Windows\System32\WerSvc.dll
20:45:55.0838 4148	WerSvc - ok
20:45:55.0896 4148	WinDefend       (4575aa12561c5648483403541d0d7f2b) C:\Program Files\Windows Defender\mpsvc.dll
20:45:55.0911 4148	WinDefend - ok
20:45:55.0917 4148	WinHttpAutoProxySvc - ok
20:45:55.0952 4148	Winmgmt         (6b2a1d0e80110e3d04e6863c6e62fd8a) C:\Windows\system32\wbem\WMIsvc.dll
20:45:55.0971 4148	Winmgmt - ok
20:45:56.0005 4148	WinRM           (7cfe68bdc065e55aa5e8421607037511) C:\Windows\system32\WsmSvc.dll
20:45:56.0061 4148	WinRM - ok
20:45:56.0110 4148	Wlansvc         (c008405e4feeb069e30da1d823910234) C:\Windows\System32\wlansvc.dll
20:45:56.0163 4148	Wlansvc - ok
20:45:56.0217 4148	WmiAcpi         (2e7255d172df0b8283cdfb7b433b864e) C:\Windows\system32\DRIVERS\wmiacpi.sys
20:45:56.0244 4148	WmiAcpi - ok
20:45:56.0260 4148	wmiApSrv        (43be3875207dcb62a85c8c49970b66cc) C:\Windows\system32\wbem\WmiApSrv.exe
20:45:56.0290 4148	wmiApSrv - ok
20:45:56.0346 4148	WMPNetworkSvc   (3978704576a121a9204f8cc49a301a9b) C:\Program Files\Windows Media Player\wmpnetwk.exe
20:45:56.0417 4148	WMPNetworkSvc - ok
20:45:56.0453 4148	WPCSvc          (cfc5a04558f5070cee3e3a7809f3ff52) C:\Windows\System32\wpcsvc.dll
20:45:56.0501 4148	WPCSvc - ok
20:45:56.0528 4148	WPDBusEnum      (801fbdb89d472b3c467eb112a0fc9246) C:\Windows\system32\wpdbusenum.dll
20:45:56.0557 4148	WPDBusEnum - ok
20:45:56.0656 4148	WPFFontCache_v0400 (dcf3e3edf5109ee8bc02fe6e1f045795) C:\Windows\Microsoft.NET\Framework\v4.0.30319\WPF\WPFFontCache_v0400.exe
20:45:56.0702 4148	WPFFontCache_v0400 - ok
20:45:56.0757 4148	ws2ifsl         (e3a3cb253c0ec2494d4a61f5e43a389c) C:\Windows\system32\drivers\ws2ifsl.sys
20:45:56.0818 4148	ws2ifsl - ok
20:45:56.0831 4148	wscsvc          (1ca6c40261ddc0425987980d0cd2aaab) C:\Windows\System32\wscsvc.dll
20:45:56.0850 4148	wscsvc - ok
20:45:56.0857 4148	WSearch - ok
20:45:56.0910 4148	wuauserv        (6298277b73c77fa99106b271a7525163) C:\Windows\system32\wuaueng.dll
20:45:56.0962 4148	wuauserv - ok
20:45:57.0015 4148	WUDFRd          (ac13cb789d93412106b0fb6c7eb2bcb6) C:\Windows\system32\DRIVERS\WUDFRd.sys
20:45:57.0039 4148	WUDFRd - ok
20:45:57.0062 4148	wudfsvc         (575a4190d989f64732119e4114045a4f) C:\Windows\System32\WUDFSvc.dll
20:45:57.0087 4148	wudfsvc - ok
20:45:57.0096 4148	MBR (0x1B8)     (5c616939100b85e558da92b899a0fc36) \Device\Harddisk0\DR0
20:45:57.0147 4148	\Device\Harddisk0\DR0 - ok
20:45:57.0168 4148	MBR (0x1B8)     (5c616939100b85e558da92b899a0fc36) \Device\Harddisk1\DR1
20:45:57.0258 4148	\Device\Harddisk1\DR1 - ok
20:45:57.0261 4148	Boot (0x1200)   (81e916ff91b2bbd64c8244be1a7b5cbf) \Device\Harddisk0\DR0\Partition0
20:45:57.0262 4148	\Device\Harddisk0\DR0\Partition0 - ok
20:45:57.0266 4148	Boot (0x1200)   (20107a64a8a684681a116cb39f672c87) \Device\Harddisk1\DR1\Partition0
20:45:57.0267 4148	\Device\Harddisk1\DR1\Partition0 - ok
20:45:57.0269 4148	============================================================
20:45:57.0269 4148	Scan finished
20:45:57.0269 4148	============================================================
20:45:57.0281 4348	Detected object count: 1
20:45:57.0281 4348	Actual detected object count: 1
20:46:03.0227 4348	AsSysCtrlService ( UnsignedFile.Multi.Generic ) - skipped by user
20:46:03.0227 4348	AsSysCtrlService ( UnsignedFile.Multi.Generic ) - User select action: Skip

cosinus · 12.04.2012, 20:15

Dann bitte jetzt CF ausführen:

ComboFix

Ein Leitfaden und Tutorium zur Nutzung von ComboFix

Lade dir ComboFix hier herunter auf deinen Desktop.

Schliesse alle Programme, vor allem dein Antivirenprogramm und andere Hintergrundwächter sowie deinen Internetbrowser.

Starte combofix.exe von deinem Desktop aus, bestätige die Warnmeldungen, führe die Updates durch (falls vorgeschlagen), installiere die Wiederherstellungskonsole (falls vorgeschlagen) und lass dein System durchsuchen.
Vermeide es auch während Combofix läuft die Maus und Tastatur zu benutzen.

Im Anschluss öffnet sich automatisch eine combofix.txt, diesen Inhalt bitte kopieren ([Strg]a, [Strg]c) und in deinen Beitrag einfügen ([Strg]v). Die Datei findest du außerdem unter: C:\ComboFix.txt.

Wichtiger Hinweis:

Combofix darf ausschließlich ausgeführt werden, wenn ein Kompetenzler dies ausdrücklich empfohlen hat!

Es sollte nie auf eigene Initiative hin ausgeführt werden! Eine falsche Benutzung kann ernsthafte Computerprobleme nach sich ziehen und eine Bereinigung der Infektion noch erschweren.

Solltest du nach der Ausführung von Combofix Probleme beim Starten von Anwendungen haben und Meldungen erhalten wie

Zitat:

Es wurde versucht, einen Registrierungsschlüssel einem ungültigen Vorgang zu unterziehen, der zum Löschen markiert wurde.

startest du Windows dann manuell neu und die Fehlermeldungen sollten nicht mehr auftauchen.

Terminator92 · 12.04.2012, 21:17

Code:

ATTFilter

ComboFix 12-04-12.03 - Patricia Scharf 12.04.2012  21:40:59.1.2 - x86
Microsoft® Windows Vista™ Home Premium   6.0.6002.2.1252.49.1031.18.3197.2357 [GMT 2:00]
ausgeführt von:: c:\users\Patricia Scharf\Desktop\ComboFix.exe
AV: Norton Internet Security *Disabled/Outdated* {63DF5164-9100-186D-2187-8DC619EFD8BF}
FW: Norton Internet Security *Disabled* {5BE4D041-DB6F-1935-0AD8-24F3E73C9FC4}
SP: Norton Internet Security *Disabled/Updated* {D8BEB080-B73A-17E3-1B37-B6B462689202}
SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
.
(((((((((((((((((((((((   Dateien erstellt von 2012-03-12 bis 2012-04-12  ))))))))))))))))))))))))))))))
.
.
2012-04-12 19:43 . 2012-04-12 19:43	--------	d-----w-	c:\users\Patricia Scharf\AppData\Local\temp
2012-04-12 19:43 . 2012-04-12 19:43	--------	d-----w-	c:\users\Default\AppData\Local\temp
2012-04-12 11:44 . 2010-09-13 13:56	168960	----a-w-	c:\program files\Windows Media Player\wmplayer.exe
2012-04-12 11:44 . 2010-09-13 13:56	8147456	----a-w-	c:\windows\system32\wmploc.DLL
2012-04-12 11:02 . 2012-03-14 02:15	6582328	----a-w-	c:\programdata\Microsoft\Windows Defender\Definition Updates\{C0FEB693-9013-458F-9996-3A2284E56B1D}\mpengine.dll
2012-04-12 10:57 . 2012-03-01 11:01	2409784	----a-w-	c:\program files\Windows Mail\OESpamFilter.dat
2012-04-09 15:44 . 2012-04-09 15:44	--------	d-----w-	c:\program files\ESET
2012-04-07 12:49 . 2012-04-07 12:49	418464	----a-w-	c:\windows\system32\FlashPlayerApp.exe
2012-04-07 12:20 . 2012-04-07 12:20	--------	d-----w-	c:\users\Patricia Scharf\AppData\Roaming\Malwarebytes
2012-04-07 12:20 . 2012-04-07 12:20	--------	d-----w-	c:\programdata\Malwarebytes
2012-04-07 12:20 . 2012-04-07 12:20	--------	d-----w-	c:\program files\Malwarebytes' Anti-Malware
2012-04-07 12:20 . 2011-12-10 13:24	20464	----a-w-	c:\windows\system32\drivers\mbam.sys
2012-04-06 15:34 . 2012-04-06 15:34	--------	d-----w-	c:\windows\CheckSur
2012-03-31 18:18 . 2012-03-31 18:18	--------	d-----w-	C:\001ff1ab907109e295
2012-03-18 15:54 . 2012-03-27 13:06	--------	d-----w-	c:\users\Patricia Scharf\AppData\Local\CrashDumps
2012-03-14 10:41 . 2012-02-02 15:16	2044416	----a-w-	c:\windows\system32\win32k.sys
2012-03-14 10:41 . 2010-02-18 13:30	200704	----a-w-	c:\windows\system32\iphlpsvc.dll
2012-03-14 10:41 . 2010-02-18 11:28	25088	----a-w-	c:\windows\system32\drivers\tunnel.sys
2012-03-14 10:41 . 2012-02-14 15:45	219648	----a-w-	c:\windows\system32\d3d10_1core.dll
2012-03-14 10:41 . 2012-02-14 15:45	160768	----a-w-	c:\windows\system32\d3d10_1.dll
2012-03-14 10:41 . 2012-02-13 14:12	1172480	----a-w-	c:\windows\system32\d3d10warp.dll
2012-03-14 10:41 . 2012-02-13 13:47	683008	----a-w-	c:\windows\system32\d2d1.dll
2012-03-14 10:41 . 2012-02-13 13:44	1068544	----a-w-	c:\windows\system32\DWrite.dll
2012-03-14 10:40 . 2012-01-09 15:54	613376	----a-w-	c:\windows\system32\rdpencom.dll
2012-03-14 10:40 . 2012-01-09 13:58	180736	----a-w-	c:\windows\system32\drivers\rdpwd.sys
.
.
.
((((((((((((((((((((((((((((((((((((   Find3M Bericht   ))))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2012-04-07 12:49 . 2011-10-30 16:52	70304	----a-w-	c:\windows\system32\FlashPlayerCPLApp.cpl
2012-04-06 15:17 . 2011-09-26 13:02	848	--sha-w-	c:\programdata\KGyGaAvL.sys
2012-02-23 07:18 . 2011-09-24 13:24	237072	------w-	c:\windows\system32\MpSigStub.exe
2011-11-20 13:00 . 2011-09-24 11:15	134104	----a-w-	c:\program files\mozilla firefox\components\browsercomps.dll
.
.
((((((((((((((((((((((((((((   Autostartpunkte der Registrierung   ))))))))))))))))))))))))))))))))))))))))
.
.
*Hinweis* leere Einträge & legitime Standardeinträge werden nicht angezeigt. 
REGEDIT4
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"HDAudDeck"="c:\program files\VIA\VIAudioi\VDeck\VDeck.exe" [2010-03-15 1780224]
"TurboV EVO"="c:\program files\ASUS\TurboV EVO\TurboV_EVO.exe" [2010-07-15 9936512]
"Six Engine"="c:\program files\ASUS\EPU\EPU.exe" [2010-03-16 5309056]
"BCU"="c:\program files\DeviceVM\Browser Configuration Utility\BCU.exe" [2009-10-26 375000]
"NUSB3MON"="c:\program files\Renesas Electronics\USB 3.0 Host Controller Driver\Application\nusb3mon.exe" [2010-04-27 113288]
"JMB36X IDE Setup"="c:\windows\RaidTool\xInsIDE.exe" [2010-01-19 43632]
"StartCCC"="c:\program files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" [2011-01-26 336384]
"SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2010-05-14 248552]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2010-09-23 35760]
"Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2010-09-20 932288]
"Standby"="c:\program files\Common Files\Corel\Standby\Standby.exe" [2009-11-10 105632]
"QuickTime Task"="c:\program files\QuickTime\QTTask.exe" [2008-09-06 413696]
"Malwarebytes' Anti-Malware"="c:\program files\Malwarebytes' Anti-Malware\mbamgui.exe" [2012-01-13 460872]
.
c:\users\Patricia Scharf\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
OpenOffice.org 3.3.lnk - c:\program files\OpenOffice.org 3\program\quickstart.exe [2010-12-13 1198592]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"EnableUIADesktopToggle"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"aux"=wdmaud.drv
.
R3 AdobeFlashPlayerUpdateSvc;Adobe Flash Player Update Service;c:\windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [2012-04-07 253600]
.
.
--- Andere Dienste/Treiber im Speicher ---
.
*NewlyCreated* - 97805093
*Deregistered* - 97805093
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
LocalServiceAndNoImpersonation	REG_MULTI_SZ   	FontCache
.
Inhalt des "geplante Tasks" Ordners
.
2012-04-12 c:\windows\Tasks\Adobe Flash Player Updater.job
- c:\windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [2012-04-07 12:49]
.
.
------- Zusätzlicher Suchlauf -------
.
TCP: DhcpNameServer = 192.168.2.1
FF - ProfilePath - c:\users\Patricia Scharf\AppData\Roaming\Mozilla\Firefox\Profiles\2o9172kp.default\
FF - prefs.js: network.proxy.type - 0
.
.
**************************************************************************
.
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, hxxp://www.gmer.net
Rootkit scan 2012-04-12 21:43
Windows 6.0.6002 Service Pack 2 NTFS
.
Scanne versteckte Prozesse... 
.
Scanne versteckte Autostarteinträge... 
.
HKLM\Software\Microsoft\Windows\CurrentVersion\Run
  HDAudDeck = c:\program files\VIA\VIAudioi\VDeck\VDeck.exe -r??????????????????????????????????????????????? 
.
Scanne versteckte Dateien... 
.
Scan erfolgreich abgeschlossen
versteckte Dateien: 0
.
**************************************************************************
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\NIS]
"ImagePath"="\"c:\program files\Norton Internet Security\Engine\17.9.0.12\ccSvcHst.exe\" /s \"NIS\" /m \"c:\program files\Norton Internet Security\Engine\17.9.0.12\diMaster.dll\" /prefetch:1"
.
Zeit der Fertigstellung: 2012-04-12  21:44:52
ComboFix-quarantined-files.txt  2012-04-12 19:44
.
Vor Suchlauf: 7 Verzeichnis(se), 238.720.233.472 Bytes frei
Nach Suchlauf: 10 Verzeichnis(se), 239.164.637.184 Bytes frei
.
- - End Of File - - 61C9C16021A68A80F49778E4CF4EE5BA

cosinus · 12.04.2012, 22:21

Bitte nun Logs mit GMER und OSAM erstellen und posten.
GMER stürzt häufiger ab, wenn das Tool auch beim 2. Mal nicht will, lass es einfach weg und führ nur OSAM aus - die Online-Abfrage durch OSAM bitte überspringen.
Bei OSAM bitte darauf auch achten, dass Du das Log auch als *.log und nicht *.html oder so abspeicherst.

Hinweis: Zum Entpacken von OSAM bitte WinRAR oder 7zip verwenden! Stell auch unbedingt den Virenscanner ab, besonders der Scanner von McAfee meldet oft einen Fehalarm in OSAM!

Downloade dir bitte

aswMBR.exe und speichere die Datei auf deinem Desktop.

Starte die aswMBR.exe - (aswMBR.exe Anleitung)
Ab Windows Vista (oder höher) bitte mit Rechtsklick "als Administrator ausführen" starten".
Das Tool wird dich fragen, ob Du mit der aktuellen Virendefinition von AVAST! dein System scannen willst. Beantworte diese Frage bitte mit Ja. (Sollte deine Firewall fragen, bitte den Zugriff auf das Internet zulassen )
Der Download der Definitionen kann je nach Verbindung eine Weile dauern.
Klicke auf Scan.
Warte bitte bis Scan finished successfully im DOS-Fenster steht.
Drücke auf Save Log und speichere diese auf dem Desktop.

Poste mir die aswMBR.txt in deiner nächsten Antwort.

Wichtig: Drücke keinesfalls einen der Fix Buttons ohne Anweisung

Hinweis: Sollte der Scan Button ausgeblendet sein, schließe das Tool und starte es erneut. Sollte der Scan abbrechen und das Programm abstürzen, dann teile mir das mit und wähle unter AV Scan die Einstellung (none).

Noch ein Hinweis: Sollte aswMBR abstürzen und es kommt eine Meldung wie "aswMBR.exe funktioniert nicht mehr, dann mach Folgendes:
Starte aswMBR neu, wähle unten links im Drop-Down-Menü (unten links im Fenster von aswMBR) bei "AV scan" (none) aus und klick nochmal auf den Scan-Button.

Terminator92 · 13.04.2012, 18:33

So alle 3 Logs:

Code:

ATTFilter

GMER 1.0.15.15641 - hxxp://www.gmer.net
Rootkit scan 2012-04-13 13:41:47
Windows 6.0.6002 Service Pack 2 Harddisk1\DR1 -> \Device\Ide\IdeDeviceP1T0L0-1 SAMSUNG_HD322GJ rev.1AR10001
Running: 42rtcjkl.exe; Driver: C:\Users\PATRIC~1\AppData\Local\Temp\pwlyakob.sys


---- System - GMER 1.0.15 ----

SSDT            86E93318                                          ZwAlpcConnectPort
SSDT            86E992B8                                          ZwLoadDriver

---- Kernel code sections - GMER 1.0.15 ----

.text           ntkrnlpa.exe!KeSetEvent + 13D                     81CF88C0 4 Bytes  [18, 33, E9, 86]
.text           ntkrnlpa.exe!KeSetEvent + 37D                     81CF8B00 4 Bytes  [B8, 92, E9, 86]
.text           C:\Windows\system32\DRIVERS\atikmdag.sys          section is writeable [0x90C05000, 0x37D761, 0xE8000020]
?               C:\Windows\system32\Drivers\PROCEXP113.SYS        Das System kann die angegebene Datei nicht finden. !
?               C:\Users\PATRIC~1\AppData\Local\Temp\catchme.sys  Das System kann die angegebene Datei nicht finden. !

---- Devices - GMER 1.0.15 ----

AttachedDevice  \Driver\tdx \Device\Tcp                           SYMTDIV.SYS (Network Dispatch Driver/Symantec Corporation)
AttachedDevice  \Driver\tdx \Device\Udp                           SYMTDIV.SYS (Network Dispatch Driver/Symantec Corporation)
AttachedDevice  \Driver\tdx \Device\RawIp                         SYMTDIV.SYS (Network Dispatch Driver/Symantec Corporation)

---- EOF - GMER 1.0.15 ----

Code:

ATTFilter

Report of OSAM: Autorun Manager v5.0.11926.0
hxxp://www.online-solutions.ru/en/
Saved at 13:45:36 on 13.04.2012

OS: Windows Vista Home Premium Edition Service Pack 2 (Build 6002), 32-bit
Default Browser: Mozilla Corporation Firefox 7.0.1

Scanner Settings
[x] Rootkits detection (hidden registry)
[x] Rootkits detection (hidden files)
[x] Retrieve files information
[x] Check Microsoft signatures

Filters
[ ] Trusted entries
[ ] Empty entries
[x] Hidden registry entries (rootkit activity)
[x] Exclusively opened files
[x] Not found files
[x] Files without detailed information
[x] Existing files
[ ] Non-startable services
[ ] Non-startable drivers
[x] Active entries
[x] Disabled entries


[Common]
-----( %SystemRoot%\Tasks )-----
"Adobe Flash Player Updater.job" - "Adobe Systems Incorporated" - C:\Windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe

[Control Panel Objects]
-----( %SystemRoot%\system32 )-----
"FlashPlayerCPLApp.cpl" - "Adobe Systems Incorporated" - C:\Windows\system32\FlashPlayerCPLApp.cpl
-----( HKLM\Software\Microsoft\Windows\CurrentVersion\Control Panel\Cpls )-----
"QuickTime" - "Apple Inc." - C:\Program Files\QuickTime\QTSystem\QuickTime.cpl

[Drivers]
-----( HKLM\SYSTEM\CurrentControlSet\Services )-----
"AsIO" (AsIO) - ? - C:\Windows\System32\drivers\AsIO.sys  (File found, but it contains no detailed information)
"BHDrvx86" (BHDrvx86) - "Symantec Corporation" - C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_17.5.0.127\Definitions\BASHDefs\20111221.003\BHDrvx86.sys
"catchme" (catchme) - ? - C:\Users\PATRIC~1\AppData\Local\Temp\catchme.sys  (File not found)
"EraserUtilRebootDrv" (EraserUtilRebootDrv) - "Symantec Corporation" - C:\Program Files\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys
"IDSVix86" (IDSVix86) - "Symantec Corporation" - C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_17.5.0.127\Definitions\IPSDefs\20111222.001\IDSvix86.sys
"IP in IP Tunnel Driver" (IpInIp) - ? - C:\Windows\System32\DRIVERS\ipinip.sys  (File not found)
"IPX Traffic Filter Driver" (NwlnkFlt) - ? - C:\Windows\System32\DRIVERS\nwlnkflt.sys  (File not found)
"IPX Traffic Forwarder Driver" (NwlnkFwd) - ? - C:\Windows\System32\DRIVERS\nwlnkfwd.sys  (File not found)
"MBAMProtector" (MBAMProtector) - "Malwarebytes Corporation" - C:\Windows\system32\drivers\mbam.sys
"mbr" (mbr) - ? - C:\ComboFix\mbr.sys  (Hidden registry entry, rootkit activity | File not found)
"NAVENG" (NAVENG) - "Symantec Corporation" - C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_17.5.0.127\Definitions\VirusDefs\20111223.002\NAVENG.SYS
"NAVEX15" (NAVEX15) - "Symantec Corporation" - C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_17.5.0.127\Definitions\VirusDefs\20111223.002\NAVEX15.SYS
"pwlyakob" (pwlyakob) - ? - C:\Users\PATRIC~1\AppData\Local\Temp\pwlyakob.sys  (Hidden registry entry, rootkit activity | File not found)
"Symantec Data Store" (SymDS) - "Symantec Corporation" - C:\Windows\System32\drivers\NIS\1109000.00C\SYMDS.SYS
"Symantec Eraser Control driver" (eeCtrl) - "Symantec Corporation" - C:\Program Files\Common Files\Symantec Shared\EENGINE\eeCtrl.sys
"Symantec Extended File Attributes" (SymEFA) - "Symantec Corporation" - C:\Windows\System32\drivers\NIS\1109000.00C\SYMEFA.SYS
"Symantec Hash Provider" (ccHP) - "Symantec Corporation" - C:\Windows\system32\drivers\NIS\1109000.00C\ccHPx86.sys
"Symantec Iron Driver" (SymIRON) - "Symantec Corporation" - C:\Windows\system32\drivers\NIS\1109000.00C\Ironx86.SYS
"Symantec Real Time Storage Protection" (SRTSP) - "Symantec Corporation" - C:\Windows\System32\Drivers\NIS\1109000.00C\SRTSP.SYS
"Symantec Real Time Storage Protection (PEL)" (SRTSPX) - "Symantec Corporation" - C:\Windows\system32\drivers\NIS\1109000.00C\SRTSPX.SYS
"Symantec Vista Network Dispatch Driver" (SYMTDIv) - "Symantec Corporation" - C:\Windows\System32\Drivers\NIS\1109000.00C\SYMTDIV.SYS
"SymEvent" (SymEvent) - "Symantec Corporation" - C:\Windows\system32\Drivers\SYMEVENT.SYS

[Explorer]
-----( HKLM\Software\Classes\Folder\shellex\ColumnHandlers )-----
{F9DB5320-233E-11D1-9F84-707F02C10627} "PDF Shell Extension" - "Adobe Systems, Inc." - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\PDFShell.dll
{C52AF81D-F7A0-4AAB-8E87-F80A60CCD396} "{C52AF81D-F7A0-4AAB-8E87-F80A60CCD396}" - ? - C:\Program Files\OpenOffice.org 3\Basis\program\shlxthdl\shlxthdl.dll
-----( HKLM\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved )-----
{911051fa-c21c-4246-b470-070cd8df6dc4} ".cab or .zip files" - ? -   (File not found | COM-object registry key not found)
{23170F69-40C1-278A-1000-000100020000} "7-Zip Shell Extension" - "Igor Pavlov" - C:\Program Files\7-Zip\7-zip.dll
{1b24a030-9b20-49bc-97ac-1be4426f9e59} "ActiveDirectory Folder" - ? -   (File not found | COM-object registry key not found)
{34449847-FD14-4fc8-A75A-7432F5181EFB} "ActiveDirectory Folder" - ? -   (File not found | COM-object registry key not found)
{0F8604A5-4ECE-4DE1-BA7D-CF10F8AA4F48} "Contacts folder" - ? -   (File not found | COM-object registry key not found)
{872A9397-E0D6-4e28-B64D-52B8D0A7EA35} "DisplayCplExt Class" - "Advanced Micro Devices, Inc." - C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\atiamaxx.dll
{2C2577C2-63A7-40e3-9B7F-586602617ECB} "Explorer Query Band" - ? -   (File not found | COM-object registry key not found)
{FAC3CBF6-8697-43d0-BAB9-DCD1FCE19D75} "IE User Assist" - ? -   (File not found | COM-object registry key not found)
{00020d75-0000-0000-c000-000000000046} "lnkfile" - ? -   (File not found | COM-object registry key not found)
{C52AF81D-F7A0-4AAB-8E87-F80A60CCD396} "OpenOffice.org Column Handler" - ? - C:\Program Files\OpenOffice.org 3\Basis\program\shlxthdl\shlxthdl.dll
{087B3AE3-E237-4467-B8DB-5A38AB959AC9} "OpenOffice.org Infotip Handler" - ? - C:\Program Files\OpenOffice.org 3\Basis\program\shlxthdl\shlxthdl.dll
{AE424E85-F6DF-4910-A6A9-438797986431} "OpenOffice.org Property Handler" - ? - C:\Program Files\OpenOffice.org 3\Basis\program\shlxthdl\propertyhdl.dll
{63542C48-9552-494A-84F7-73AA6A7C99C1} "OpenOffice.org Property Sheet Handler" - ? - C:\Program Files\OpenOffice.org 3\Basis\program\shlxthdl\shlxthdl.dll
{3B092F0C-7696-40E3-A80F-68D74DA84210} "OpenOffice.org Thumbnail Viewer" - ? - C:\Program Files\OpenOffice.org 3\Basis\program\shlxthdl\shlxthdl.dll
{C8494E42-ACDD-4739-B0FB-217361E4894F} "Sam Account Folder" - ? -   (File not found | COM-object registry key not found)
{E29F9716-5C08-4FCD-955A-119FDB5A522D} "Sam Account Folder" - ? -   (File not found | COM-object registry key not found)
{5E2121EE-0300-11D4-8D3B-444553540000} "SimpleShlExt Class" - "Advanced Micro Devices, Inc." - C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\atiacmxx.dll
{DBD8E168-244D-448C-9922-25508950D1DC} "USIShellExt Class" - "Ulead Systems, Inc." - C:\Program Files\Common Files\Ulead Systems\DVD\USIShex.dll
{da67b8ad-e81b-4c70-9b91b417b5e33527} "Windows Search Shell Service" - ? -   (File not found | COM-object registry key not found)

[Internet Explorer]
-----( HKCU\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser )-----
ITBar7Height "ITBar7Height" - ? -   (File not found | COM-object registry key not found)
<binary data> "ITBar7Layout" - ? -   (File not found | COM-object registry key not found)
<binary data> "Norton Toolbar" - "Symantec Corporation" - C:\Program Files\Norton Internet Security\Engine\17.9.0.12\coIEPlg.dll
-----( HKCU\Software\Microsoft\Internet Explorer\URLSearchHooks )-----
{BC86E1AB-EDA5-4059-938F-CE307B0C6F0A} "SearchHook Class" - "DeviceVM, Inc." - C:\Program Files\DeviceVM\Browser Configuration Utility\AddressBarSearch.dll
-----( HKLM\SOFTWARE\Microsoft\Code Store Database\Distribution Units )-----
{8AD9C840-044E-11D1-B3E9-00805F499D93} "Java Plug-in 1.6.0_22" - "Sun Microsystems, Inc." - C:\Program Files\Java\jre6\bin\jp2iexp.dll / hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_22-windows-i586.cab
{CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA} "Java Plug-in 1.6.0_22" - "Sun Microsystems, Inc." - C:\Program Files\Java\jre6\bin\jp2iexp.dll / hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_22-windows-i586.cab
{CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} "Java Plug-in 1.6.0_22" - "Sun Microsystems, Inc." - C:\Program Files\Java\jre6\bin\npjpi160_22.dll / hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_22-windows-i586.cab
-----( HKLM\SOFTWARE\Microsoft\Internet Explorer\Toolbar )-----
{7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} "Norton Toolbar" - "Symantec Corporation" - C:\Program Files\Norton Internet Security\Engine\17.9.0.12\coIEPlg.dll
-----( HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects )-----
{18DF081C-E8AD-4283-A596-FA578C2EBDC3} "Adobe PDF Link Helper" - "Adobe Systems Incorporated" - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
{DBC80044-A445-435b-BC74-9C25C1C588A9} "Java(tm) Plug-In 2 SSV Helper" - "Sun Microsystems, Inc." - C:\Program Files\Java\jre6\bin\jp2ssv.dll
{6D53EC84-6AAE-4787-AEEE-F4628F01010C} "Symantec Intrusion Prevention" - "Symantec Corporation" - C:\Program Files\Norton Internet Security\Engine\17.9.0.12\IPSBHO.DLL
{602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} "Symantec NCO BHO" - "Symantec Corporation" - C:\Program Files\Norton Internet Security\Engine\17.9.0.12\coIEPlg.dll

[Logon]
-----( %APPDATA%\Microsoft\Windows\Start Menu\Programs\Startup )-----
"desktop.ini" - ? - C:\Users\Patricia Scharf\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\desktop.ini
"OpenOffice.org 3.3.lnk" - ? - C:\Program Files\OpenOffice.org 3\program\quickstart.exe  (Shortcut exists | File found, but it contains no detailed information | File exists)
-----( %AllUsersProfile%\Microsoft\Windows\Start Menu\Programs\Startup )-----
"desktop.ini" - ? - C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\desktop.ini
-----( HKLM\SYSTEM\CurrentControlSet\Control\Terminal Server\Wds\rdpwd )-----
"StartupPrograms" - ? - rdpclip  (File not found)
-----( HKLM\Software\Microsoft\Windows\CurrentVersion\Run )-----
"Adobe ARM" - "Adobe Systems Incorporated" - "C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
"Adobe Reader Speed Launcher" - "Adobe Systems Incorporated" - "C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe"
"BCU" - "DeviceVM, Inc." - "C:\Program Files\DeviceVM\Browser Configuration Utility\BCU.exe"
"HDAudDeck" - "VIA" - C:\Program Files\VIA\VIAudioi\VDeck\VDeck.exe -r
"JMB36X IDE Setup" - ? - C:\Windows\RaidTool\xInsIDE.exe  (File found, but it contains no detailed information)
"Malwarebytes' Anti-Malware" - "Malwarebytes Corporation" - "C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe" /starttray
"NUSB3MON" - "Renesas Electronics Corporation" - "C:\Program Files\Renesas Electronics\USB 3.0 Host Controller Driver\Application\nusb3mon.exe"
"QuickTime Task" - "Apple Inc." - "C:\Program Files\QuickTime\QTTask.exe" -atboottime
"Six Engine" - "

ASUSTeK Computer Inc." - "C:\Program Files\ASUS\EPU\EPU.exe" -b
"Standby" - "Corel" - "C:\Program Files\Common Files\Corel\Standby\Standby.exe" -START
"StartCCC" - "Advanced Micro Devices, Inc." - "C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" MSRun
"SunJavaUpdateSched" - "Sun Microsystems, Inc." - "C:\Program Files\Common Files\Java\Java Update\jusched.exe"
"TurboV EVO" - "ASUSTeK Computer Inc." - "C:\Program Files\ASUS\TurboV EVO\TurboV_EVO.exe" -b

[Services]
-----( HKLM\SYSTEM\CurrentControlSet\Services )-----
"@c:\Windows\Microsoft.NET\Framework\v4.0.30319\WPF\WPFFontCache_v0400.exe,-100" (WPFFontCache_v0400) - "Microsoft Corporation" - C:\Windows\Microsoft.NET\Framework\v4.0.30319\WPF\WPFFontCache_v0400.exe
"Adobe Flash Player Update Service" (AdobeFlashPlayerUpdateSvc) - "Adobe Systems Incorporated" - C:\Windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe
"AMD Reservation Manager" (AMD Reservation Manager) - "Advanced Micro Devices" - C:\Program Files\ATI Technologies\ATI.ACE\Reservation Manager\AMD Reservation Manager.exe
"ASUS System Control Service" (AsSysCtrlService) - ? - C:\Program Files\ASUS\AsSysCtrlService\1.00.05\AsSysCtrlService.exe  (File found, but it contains no detailed information)
"Browser Configuration Utility Service" (BCUService) - "DeviceVM, Inc." - C:\Program Files\DeviceVM\Browser Configuration Utility\BCUService.exe
"MBAMService" (MBAMService) - "Malwarebytes Corporation" - C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe
"Microsoft .NET Framework NGEN v4.0.30319_X86" (clr_optimization_v4.0.30319_32) - "Microsoft Corporation" - C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe
"Norton Internet Security" (NIS) - "Symantec Corporation" - C:\Program Files\Norton Internet Security\Engine\17.9.0.12\ccSvcHst.exe
"Protexis Licensing V2" (PSI_SVC_2) - "Protexis Inc." - C:\Program Files\Common Files\Protexis\License Service\PsiService_2.exe

===[ Logfile end ]=========================================[ Logfile end ]===

If You have questions or want to get some help, You can visit hxxp://forum.online-solutions.ru

Code:

ATTFilter

aswMBR version 0.9.9.1665 Copyright(c) 2011 AVAST Software
Run date: 2012-04-13 18:40:23
-----------------------------
18:40:23.404    OS Version: Windows 6.0.6002 Service Pack 2
18:40:23.404    Number of processors: 2 586 0x603
18:40:23.404    ComputerName: PATRICIA-PC  UserName: 
18:40:24.574    Initialize success
18:41:07.900    AVAST engine defs: 12041300
18:41:17.993    Disk 0  \Device\Harddisk0\DR0 -> \Device\Scsi\JRAID1Port0Path0Target0Lun0
18:41:17.993    Disk 0 Vendor: WDC_____ 510. Size: 114472MB BusType: 8
18:41:17.993    Disk 1 (boot) \Device\Harddisk1\DR1 -> \Device\Ide\IdeDeviceP1T0L0-1
18:41:17.993    Disk 1 Vendor: SAMSUNG_HD322GJ 1AR10001 Size: 305245MB BusType: 3
18:41:18.211    Disk 1 MBR read successfully
18:41:18.242    Disk 1 MBR scan
18:41:18.274    Disk 1 Windows VISTA default MBR code
18:41:18.336    Disk 1 Partition 1 80 (A) 07    HPFS/NTFS NTFS       305243 MB offset 2048
18:41:18.383    Disk 1 scanning sectors +625139712
18:41:18.695    Disk 1 scanning C:\Windows\system32\drivers
18:42:05.027    Service scanning
18:42:18.677    Modules scanning
18:43:07.832    Disk 1 trace - called modules:
18:43:07.864    ntkrnlpa.exe CLASSPNP.SYS disk.sys acpi.sys hal.dll ataport.SYS pciide.sys PCIIDEX.SYS atapi.sys 
18:43:07.864    1 nt!IofCallDriver -> \Device\Harddisk1\DR1[0x853fbac8]
18:43:07.864    3 CLASSPNP.SYS[8a7ab8b3] -> nt!IofCallDriver -> [0x852cdf08]
18:43:07.864    5 acpi.sys[806146bc] -> nt!IofCallDriver -> \Device\Ide\IdeDeviceP1T0L0-1[0x853e25a8]
18:43:08.378    AVAST engine scan C:\Windows
18:44:16.285    AVAST engine scan C:\Windows\system32
18:50:47.549    AVAST engine scan C:\Windows\system32\drivers
18:51:13.148    AVAST engine scan C:\Users\Patricia Scharf
19:25:24.049    AVAST engine scan C:\ProgramData
19:30:35.332    Disk 1 MBR has been saved successfully to "C:\Users\Patricia Scharf\Desktop\MBR.dat"
19:30:35.332    The log file has been saved successfully to "C:\Users\Patricia Scharf\Desktop\aswMBR.txt"


aswMBR version 0.9.9.1665 Copyright(c) 2011 AVAST Software
Run date: 2012-04-13 18:40:23
-----------------------------
18:40:23.404    OS Version: Windows 6.0.6002 Service Pack 2
18:40:23.404    Number of processors: 2 586 0x603
18:40:23.404    ComputerName: PATRICIA-PC  UserName: 
18:40:24.574    Initialize success
18:41:07.900    AVAST engine defs: 12041300
18:41:17.993    Disk 0  \Device\Harddisk0\DR0 -> \Device\Scsi\JRAID1Port0Path0Target0Lun0
18:41:17.993    Disk 0 Vendor: WDC_____ 510. Size: 114472MB BusType: 8
18:41:17.993    Disk 1 (boot) \Device\Harddisk1\DR1 -> \Device\Ide\IdeDeviceP1T0L0-1
18:41:17.993    Disk 1 Vendor: SAMSUNG_HD322GJ 1AR10001 Size: 305245MB BusType: 3
18:41:18.211    Disk 1 MBR read successfully
18:41:18.242    Disk 1 MBR scan
18:41:18.274    Disk 1 Windows VISTA default MBR code
18:41:18.336    Disk 1 Partition 1 80 (A) 07    HPFS/NTFS NTFS       305243 MB offset 2048
18:41:18.383    Disk 1 scanning sectors +625139712
18:41:18.695    Disk 1 scanning C:\Windows\system32\drivers
18:42:05.027    Service scanning
18:42:18.677    Modules scanning
18:43:07.832    Disk 1 trace - called modules:
18:43:07.864    ntkrnlpa.exe CLASSPNP.SYS disk.sys acpi.sys hal.dll ataport.SYS pciide.sys PCIIDEX.SYS atapi.sys 
18:43:07.864    1 nt!IofCallDriver -> \Device\Harddisk1\DR1[0x853fbac8]
18:43:07.864    3 CLASSPNP.SYS[8a7ab8b3] -> nt!IofCallDriver -> [0x852cdf08]
18:43:07.864    5 acpi.sys[806146bc] -> nt!IofCallDriver -> \Device\Ide\IdeDeviceP1T0L0-1[0x853e25a8]
18:43:08.378    AVAST engine scan C:\Windows
18:44:16.285    AVAST engine scan C:\Windows\system32
18:50:47.549    AVAST engine scan C:\Windows\system32\drivers
18:51:13.148    AVAST engine scan C:\Users\Patricia Scharf
19:25:24.049    AVAST engine scan C:\ProgramData
19:30:35.332    Disk 1 MBR has been saved successfully to "C:\Users\Patricia Scharf\Desktop\MBR.dat"
19:30:35.332    The log file has been saved successfully to "C:\Users\Patricia Scharf\Desktop\aswMBR.txt"
19:31:09.390    Scan finished successfully
19:31:15.786    Disk 1 MBR has been saved successfully to "C:\Users\Patricia Scharf\Desktop\MBR.dat"
19:31:15.786    The log file has been saved successfully to "C:\Users\Patricia Scharf\Desktop\aswMBR.txt"

cosinus · 15.04.2012, 14:59

Sieht ok aus. Mach bitte zur Kontrolle Vollscans mit Malwarebytes und SUPERAntiSpyware und poste die Logs.
Denk dran beide Tools zu updaten vor dem Scan!!

cosinus · 16.04.2012, 20:26

Zitat:

Um das kurz zu klären..das is nicht mein pc ;D

Das sind nur Cookies und ein Fehlalarm...

Cookies sind keine Schädlinge direkt, aber es besteht die Gefahr der missbräuchlichen Verwendung (eindeutige Wiedererkennung zB für gezielte Werbung o.ä. => HTTP-Cookie )

Wegen Cookies und anderer Dinge im Web: Um die Pest von vornherein zu blocken (also TrackingCookies, Werbebanner etc.) müsstest du dir mal sowas wie MVPS Hosts File anschauen => Blocking Unwanted Parasites with a Hosts File - sinnvollerweise solltest du alle 4 Wochen mal bei MVPS nachsehen, ob er eine neue Hosts Datei herausgebracht hat.

Ansonsten gibt es noch gute Cookiemanager, Erweiterungen für den Firefox zB wäre da CookieCuller http://filepony.de/download-cookie_culler/
Wenn du aber damit leben kannst, dich bei jeder Browsersession überall neu einzuloggen (zB Facebook, Ebay, GMX, oder auch Trojaner-Board) dann stell den Browser einfach so ein, dass einfach alles beim Beenden des Browser inkl. Cookies gelöscht wird.

Ich halte es so, dass ich zum "wilden Surfen" den Opera-Browser oder Chromium unter meinem Linux verwende. Mein Hauptbrowser (Firefox) speichert nur die Cookies von den Sites die ich auch will, alles andere lehne ich manuell ab (der FF fragt mich immer) - die anderen Browser nehmen alles an Cookies zwar an, aber spätestens beim nächsten Start von Opera oder Chromium sind keine Cookies mehr da.

Ist dein System nun wieder in Ordnung oder gibt's noch andere Funde oder Probleme?

Terminator92 · 16.04.2012, 20:28

Gut Danke. Gibt keine Probleme mehr.. Dann sind wir soweit fertig?

cosinus · 16.04.2012, 20:30

Dann wären wir durch!

Die Programme, die hier zum Einsatz kamen, können alle wieder runter. CF kann über Start, Ausführen mit combofix /uninstall entfernt werden. Melde dich falls es da Fehlermeldungen zu gibt. Mit Hilfe von OTL kannst du auch viele Tools entfernen:

Starte bitte OTL und klicke auf Bereinigung.
Dies wird die meisten Tools entfernen, die wir zur Bereinigung benötigt haben. Sollte etwas bestehen bleiben, bitte mit Rechtsklick --> Löschen entfernen.

Malwarebytes zu behalten ist zu empfehlen. Kannst ja 1x im Monat damit einen Vollscan machen, aber immer vorher ans Update denken.

Bitte abschließend die Updates prüfen, unten mein Leitfaden dazu. Um in Zukunft die Aktualität der installierten Programme besser im Überblick zu halten, kannst du zB Secunia PSI verwenden.
Für noch mehr Sicherheit solltest Du nach der beseitigten Infektion auch möglichst alle Passwörter ändern.

Microsoftupdate

Windows XP: Besuch mit dem IE die MS-Updateseite und lass Dir alle wichtigen Updates installieren.

Windows Vista/7: Anleitung Windows-Update

PDF-Reader aktualisieren
Ein veralteter AdobeReader stellt ein großes Sicherheitsrisiko dar. Du solltest daher besser alte Versionen vom AdobeReader über Systemsteuerung => Software bzw. Programme und Funktionen deinstallieren, indem Du dort auf "Adobe Reader x.0" klickst und das Programm entfernst. (falls du AdobeReader installiert hast)

Ich empfehle einen alternativen PDF-Reader wie PDF Xchange Viewer, SumatraPDF oder Foxit PDF Reader, die sind sehr viel schlanker und flotter als der AdobeReader.

Bitte überprüf bei der Gelegenheit auch die Aktualität des Flashplayers:

Adobe - Andere Version des Adobe Flash Player installieren

Notfalls kann man auch von Chip.de runterladen => http://filepony.de/?q=Flash+Player

Natürlich auch darauf achten, dass andere installierte Browser wie zB Firefox, Opera oder Chrome aktuell sind.

Java-Update
Veraltete Java-Installationen sind ein Sicherheitsrisiko, daher solltest Du die alten Versionen löschen (falls vorhanden, am besten mit JavaRa) und auf die neuste aktualisieren. Beende dazu alle Programme (v.a. die Browser), klick danach auf Start, Systemsteuerung, Software und deinstalliere darüber alle aufgelisteten Java-Versionen. Lad Dir danach von hier das aktuelle Java SE Runtime Environment (JRE) herunter und installiere es.

15.04.2012, 14:59	#10
cosinus /// Winkelfunktion /// TB-Süch-Tiger™	weißer Bildschirm + Warten sie während die Verbindung aufgebaut wird. (engl.+ deut.) Sieht ok aus. Mach bitte zur Kontrolle Vollscans mit Malwarebytes und SUPERAntiSpyware und poste die Logs. Denk dran beide Tools zu updaten vor dem Scan!! __________________ Logfiles bitte immer in CODE-Tags posten

weißer Bildschirm + Warten sie während die Verbindung aufgebaut wird. (engl.+ deut.)

Log-Analyse und Auswertung: weißer Bildschirm + Warten sie während die Verbindung aufgebaut wird. (engl.+ deut.)