E-Mail verschickt Links von alleine. Immer an die gleiche Person. Malware Scan findet nichts!

Eustace · 11.04.2012, 15:42

Hallo!
Von meiner Mail Adresse wurden innerhalb von 2 Tagen 3 Mal Links an immer nur die gleiche Person aus meiner Kontaktliste versendet. Mitbekommen habe ich es weil eine Meldung (in Form einer E-Mail "Delivery Status Notification") kam in der es hieß die Mail konnte nicht an den Empfänger weitergeleitet werden.

Die Links scheinen keine Viren zu sein, ich hab mal nach den Linkadressen gegoogelt und die gibt es wirklich. (Hier die Adressen, falls es wichtig ist: gwebz.com/perksavvy.com/onlinejobbest.com) auffällig ist ja, dass es immer andere Links waren und immer nur .com

Jetzt habe ich extra eine Software (Malwarebytes) heruntergeladen (Avira hatte ich ja schon) aber die findet auch nichts.

Kennwort habe ich vorhin auch geändert, aber keine Ahnung ob das etwas bringt.

Weiß jemand was es sein könnte??

Danke im Voraus

Jetzt wurde meine E-Mail Adresse blockiert!! D.h. das Ändern des Kennwortes hat nichts gebracht. Keines der Antivirusprogramme findet etwas, ich bin kurz vorm Weinen. Das war meine "Haupt-E-Mail-Adresse"... Bitte um Hilfe, ist dringend!
MfG

cosinus · 12.04.2012, 12:09

Zitat:

Jetzt habe ich extra eine Software (Malwarebytes) heruntergeladen (Avira hatte ich ja schon) aber die findet auch nichts.

Trotzdem alle Logs posten

Bitte alles nach Möglichkeit hier in CODE-Tags posten.

Wird so gemacht:

[code] hier steht das Log [/code]

Und das ganze sieht dann so aus:

Code:

ATTFilter

 hier steht das Log

Eustace · 12.04.2012, 16:45

Ich weiß nicht ob es das Richtige ist, hab ich unter "Logdateien" gefunden.

Code:

ATTFilter

 Malwarebytes Anti-Malware 1.61.0.1400
www.malwarebytes.org

Datenbank Version: v2012.04.11.02

Windows 7 Service Pack 1 x86 NTFS
Internet Explorer 8.0.7601.17514
Alina :: ALINA-PC [Administrator]

11.04.2012 23:36:40
mbam-log-2012-04-11 (23-36-40).txt

Art des Suchlaufs: Vollständiger Suchlauf
Aktivierte Suchlaufeinstellungen: Speicher | Autostart | Registrierung | Dateisystem | Heuristiks/Extra | HeuristiKs/Shuriken | PUP | PUM
Deaktivierte Suchlaufeinstellungen: P2P
Durchsuchte Objekte: 289998
Laufzeit: 2 Stunde(n), 40 Minute(n), 22 Sekunde(n)

Infizierte Speicherprozesse: 0
(Keine bösartigen Objekte gefunden)

Infizierte Speichermodule: 0
(Keine bösartigen Objekte gefunden)

Infizierte Registrierungsschlüssel: 0
(Keine bösartigen Objekte gefunden)

Infizierte Registrierungswerte: 0
(Keine bösartigen Objekte gefunden)

Infizierte Dateiobjekte der Registrierung: 0
(Keine bösartigen Objekte gefunden)

Infizierte Verzeichnisse: 0
(Keine bösartigen Objekte gefunden)

Infizierte Dateien: 0
(Keine bösartigen Objekte gefunden)

(Ende)

Ahja und hier noch von Antivir

Code:

ATTFilter

 Avira Free Antivirus
Erstellungsdatum der Reportdatei: Mittwoch, 11. April 2012  22:16

Es wird nach 3607906 Virenstämmen gesucht.

Das Programm läuft als uneingeschränkte Vollversion.
Online-Dienste stehen zur Verfügung.

Lizenznehmer   : Avira AntiVir Personal - Free Antivirus
Seriennummer   : 0000149996-ADJIE-0000001
Plattform      : Windows 7
Windowsversion : (Service Pack 1)  [6.1.7601]
Boot Modus     : Normal gebootet
Benutzername   : Alina
Computername   : ALINA-PC

Versionsinformationen:
BUILD.DAT      : 12.0.0.898           Bytes  31.01.2012 13:51:00
AVSCAN.EXE     : 12.1.0.20     492496 Bytes  15.02.2012 14:01:48
AVSCAN.DLL     : 12.1.0.18      65744 Bytes  15.02.2012 14:01:48
LUKE.DLL       : 12.1.0.19      68304 Bytes  15.02.2012 14:01:49
AVSCPLR.DLL    : 12.1.0.22     100048 Bytes  15.02.2012 14:01:50
AVREG.DLL      : 12.1.0.36     229128 Bytes  06.04.2012 07:40:17
VBASE000.VDF   : 7.10.0.0    19875328 Bytes  06.11.2009 18:18:34
VBASE001.VDF   : 7.11.0.0    13342208 Bytes  14.12.2010 09:07:39
VBASE002.VDF   : 7.11.19.170 14374912 Bytes  20.12.2011 11:41:29
VBASE003.VDF   : 7.11.21.238  4472832 Bytes  01.02.2012 17:15:18
VBASE004.VDF   : 7.11.26.44   4329472 Bytes  28.03.2012 18:20:16
VBASE005.VDF   : 7.11.26.45      2048 Bytes  28.03.2012 18:20:16
VBASE006.VDF   : 7.11.26.46      2048 Bytes  28.03.2012 18:20:16
VBASE007.VDF   : 7.11.26.47      2048 Bytes  28.03.2012 18:20:16
VBASE008.VDF   : 7.11.26.48      2048 Bytes  28.03.2012 18:20:17
VBASE009.VDF   : 7.11.26.49      2048 Bytes  28.03.2012 18:20:18
VBASE010.VDF   : 7.11.26.50      2048 Bytes  28.03.2012 18:20:18
VBASE011.VDF   : 7.11.26.51      2048 Bytes  28.03.2012 18:20:18
VBASE012.VDF   : 7.11.26.52      2048 Bytes  28.03.2012 18:20:18
VBASE013.VDF   : 7.11.26.53      2048 Bytes  28.03.2012 18:20:19
VBASE014.VDF   : 7.11.26.107   221696 Bytes  30.03.2012 18:51:28
VBASE015.VDF   : 7.11.26.179   224768 Bytes  02.04.2012 18:50:45
VBASE016.VDF   : 7.11.26.241   142336 Bytes  04.04.2012 18:50:51
VBASE017.VDF   : 7.11.27.41    247808 Bytes  08.04.2012 08:29:09
VBASE018.VDF   : 7.11.27.42      2048 Bytes  08.04.2012 08:29:09
VBASE019.VDF   : 7.11.27.43      2048 Bytes  08.04.2012 08:29:09
VBASE020.VDF   : 7.11.27.44      2048 Bytes  08.04.2012 08:29:09
VBASE021.VDF   : 7.11.27.45      2048 Bytes  08.04.2012 08:29:09
VBASE022.VDF   : 7.11.27.46      2048 Bytes  08.04.2012 08:29:09
VBASE023.VDF   : 7.11.27.47      2048 Bytes  08.04.2012 08:29:09
VBASE024.VDF   : 7.11.27.48      2048 Bytes  08.04.2012 08:29:09
VBASE025.VDF   : 7.11.27.49      2048 Bytes  08.04.2012 08:29:09
VBASE026.VDF   : 7.11.27.50      2048 Bytes  08.04.2012 08:29:10
VBASE027.VDF   : 7.11.27.51      2048 Bytes  08.04.2012 08:29:10
VBASE028.VDF   : 7.11.27.52      2048 Bytes  08.04.2012 08:29:10
VBASE029.VDF   : 7.11.27.53      2048 Bytes  08.04.2012 08:29:10
VBASE030.VDF   : 7.11.27.54      2048 Bytes  08.04.2012 08:29:10
VBASE031.VDF   : 7.11.27.88     89600 Bytes  10.04.2012 08:29:12
Engineversion  : 8.2.10.38 
AEVDF.DLL      : 8.1.2.2       106868 Bytes  25.10.2011 16:59:14
AESCRIPT.DLL   : 8.1.4.16      446842 Bytes  04.04.2012 18:56:24
AESCN.DLL      : 8.1.8.2       131444 Bytes  27.01.2012 17:12:19
AESBX.DLL      : 8.2.5.5       606579 Bytes  12.03.2012 16:01:34
AERDL.DLL      : 8.1.9.15      639348 Bytes  08.09.2011 21:16:06
AEPACK.DLL     : 8.2.16.9      807287 Bytes  30.03.2012 18:52:48
AEOFFICE.DLL   : 8.1.2.27      201082 Bytes  04.04.2012 18:56:12
AEHEUR.DLL     : 8.1.4.12     4604278 Bytes  04.04.2012 18:56:07
AEHELP.DLL     : 8.1.19.1      254327 Bytes  04.04.2012 18:51:07
AEGEN.DLL      : 8.1.5.23      409973 Bytes  07.03.2012 20:18:11
AEEXP.DLL      : 8.1.0.28       82292 Bytes  04.04.2012 18:56:25
AEEMU.DLL      : 8.1.3.0       393589 Bytes  01.09.2011 21:46:01
AECORE.DLL     : 8.1.25.6      201078 Bytes  15.03.2012 17:12:13
AEBB.DLL       : 8.1.1.0        53618 Bytes  01.09.2011 21:46:01
AVWINLL.DLL    : 12.1.0.17      27344 Bytes  11.10.2011 12:59:41
AVPREF.DLL     : 12.1.0.17      51920 Bytes  11.10.2011 12:59:38
AVREP.DLL      : 12.1.0.17     179408 Bytes  11.10.2011 12:59:38
AVARKT.DLL     : 12.1.0.23     209360 Bytes  15.02.2012 14:01:48
AVEVTLOG.DLL   : 12.1.0.17     169168 Bytes  11.10.2011 12:59:37
SQLITE3.DLL    : 3.7.0.0       398288 Bytes  11.10.2011 12:59:51
AVSMTP.DLL     : 12.1.0.17      62928 Bytes  11.10.2011 12:59:39
NETNT.DLL      : 12.1.0.17      17104 Bytes  11.10.2011 12:59:47
RCIMAGE.DLL    : 12.1.0.17    4447952 Bytes  11.10.2011 13:00:00
RCTEXT.DLL     : 12.1.0.16      98512 Bytes  11.10.2011 13:00:00

Konfiguration für den aktuellen Suchlauf:
Job Name..............................: Lokale Festplatten
Konfigurationsdatei...................: C:\Program Files\Avira\AntiVir Desktop\alldiscs.avp
Protokollierung.......................: standard
Primäre Aktion........................: interaktiv
Sekundäre Aktion......................: ignorieren
Durchsuche Masterbootsektoren.........: ein
Durchsuche Bootsektoren...............: ein
Bootsektoren..........................: C:, D:, Q:, 
Durchsuche aktive Programme...........: ein
Durchsuche Registrierung..............: ein
Suche nach Rootkits...................: aus
Integritätsprüfung von Systemdateien..: aus
Datei Suchmodus.......................: Intelligente Dateiauswahl
Durchsuche Archive....................: ein
Rekursionstiefe einschränken..........: 20
Archiv Smart Extensions...............: ein
Makrovirenheuristik...................: ein
Dateiheuristik........................: erweitert

Beginn des Suchlaufs: Mittwoch, 11. April 2012  22:16

Der Suchlauf über die Masterbootsektoren wird begonnen:
Masterbootsektor HD0
    [INFO]      Es wurde kein Virus gefunden!
    [INFO]      Bitte starten Sie den Suchlauf erneut mit Administratorrechten

Der Suchlauf über die Bootsektoren wird begonnen:
Bootsektor 'C:\'
    [INFO]      Es wurde kein Virus gefunden!
    [INFO]      Bitte starten Sie den Suchlauf erneut mit Administratorrechten
Bootsektor 'D:\'
    [INFO]      Es wurde kein Virus gefunden!
    [INFO]      Bitte starten Sie den Suchlauf erneut mit Administratorrechten
Bootsektor 'Q:\'
    [INFO]      Es wurde kein Virus gefunden!
    [INFO]      Bitte starten Sie den Suchlauf erneut mit Administratorrechten

Der Suchlauf über gestartete Prozesse wird begonnen:
Durchsuche Prozess 'avscan.exe' - '1' Modul(e) wurden durchsucht
Durchsuche Prozess 'FlashUtil10h_ActiveX.exe' - '1' Modul(e) wurden durchsucht
Durchsuche Prozess 'avcenter.exe' - '1' Modul(e) wurden durchsucht
Durchsuche Prozess 'plugin-container.exe' - '1' Modul(e) wurden durchsucht
Durchsuche Prozess 'BingApp.exe' - '1' Modul(e) wurden durchsucht
Durchsuche Prozess 'BingBar.exe' - '1' Modul(e) wurden durchsucht
Durchsuche Prozess 'iexplore.exe' - '1' Modul(e) wurden durchsucht
Durchsuche Prozess 'iexplore.exe' - '1' Modul(e) wurden durchsucht
Durchsuche Prozess 'wuauclt.exe' - '1' Modul(e) wurden durchsucht
Durchsuche Prozess 'firefox.exe' - '1' Modul(e) wurden durchsucht
Durchsuche Prozess 'BTTray.exe' - '1' Modul(e) wurden durchsucht
Durchsuche Prozess 'jusched.exe' - '1' Modul(e) wurden durchsucht
Durchsuche Prozess 'iTunesHelper.exe' - '1' Modul(e) wurden durchsucht
Durchsuche Prozess 'avgnt.exe' - '1' Modul(e) wurden durchsucht
Durchsuche Prozess 'SynAsusAcpi.exe' - '1' Modul(e) wurden durchsucht
Durchsuche Prozess 'Boingo Wi-Fi.exe' - '1' Modul(e) wurden durchsucht
Durchsuche Prozess 'LivCam.exe' - '1' Modul(e) wurden durchsucht
Durchsuche Prozess 'SynTPEnh.exe' - '1' Modul(e) wurden durchsucht
Durchsuche Prozess 'RtHDVCpl.exe' - '1' Modul(e) wurden durchsucht
Durchsuche Prozess 'igfxsrvc.exe' - '1' Modul(e) wurden durchsucht
Durchsuche Prozess 'igfxpers.exe' - '1' Modul(e) wurden durchsucht
Durchsuche Prozess 'hkcmd.exe' - '1' Modul(e) wurden durchsucht
Durchsuche Prozess 'igfxtray.exe' - '1' Modul(e) wurden durchsucht
Durchsuche Prozess 'Eee Docking.exe' - '1' Modul(e) wurden durchsucht
Durchsuche Prozess 'IAAnotif.exe' - '1' Modul(e) wurden durchsucht
Durchsuche Prozess 'Explorer.EXE' - '1' Modul(e) wurden durchsucht
Durchsuche Prozess 'Dwm.exe' - '1' Modul(e) wurden durchsucht
Durchsuche Prozess 'taskhost.exe' - '1' Modul(e) wurden durchsucht

Der Suchlauf auf Verweise zu ausführbaren Dateien (Registry) wird begonnen:
Die Registry wurde durchsucht ( '510' Dateien ).


Der Suchlauf über die ausgewählten Dateien wird begonnen:

Beginne mit der Suche in 'C:\'
Beginne mit der Suche in 'D:\'
Beginne mit der Suche in 'Q:\'
Der zu durchsuchende Pfad Q:\ konnte nicht geöffnet werden!
Systemfehler [5]: Zugriff verweigert


Ende des Suchlaufs: Mittwoch, 11. April 2012  23:11
Benötigte Zeit: 55:14 Minute(n)

Der Suchlauf wurde vollständig durchgeführt.

  25089 Verzeichnisse wurden überprüft
 213366 Dateien wurden geprüft
      0 Viren bzw. unerwünschte Programme wurden gefunden
      0 Dateien wurden als verdächtig eingestuft
      0 Dateien wurden gelöscht
      0 Viren bzw. unerwünschte Programme wurden repariert
      0 Dateien wurden in die Quarantäne verschoben
      0 Dateien wurden umbenannt
      0 Dateien konnten nicht durchsucht werden
 213366 Dateien ohne Befall
   2271 Archive wurden durchsucht
      0 Warnungen
      0 Hinweise

cosinus · 12.04.2012, 19:22

Führ bitte auch ESET aus, danach sehen wir weiter:

ESET Online Scanner

Hier findest du eine bebilderte Anleitung zu ESET Online Scanner
Lade und starte Eset Online Scanner
Setze einen Haken bei Ja, ich bin mit den Nutzungsbedingungen einverstanden und klicke auf Starten.
Aktiviere die "Erkennung von eventuell unerwünschten Anwendungen" und wähle folgende Einstellungen.
Klicke auf Starten.
Die Signaturen werden heruntergeladen, der Scan beginnt automatisch.
Klicke am Ende des Suchlaufs auf Fertig stellen.
Schließe das Fenster von ESET.
Explorer öffnen.
C:\Programme\Eset\EsetOnlineScanner\log.txt (bei 64 Bit auch C:\Programme (x86)\Eset\EsetOnlineScanner\log.txt) suchen und mit Deinem Editor öffnen (bebildert).
Logfile hier posten.
Deinstallation: Systemsteuerung => Software / Programme deinstallieren => Eset Online Scanner V3 entfernen.
Manuell folgenden Ordner löschen und Papierkorb leeren => C:\Programme\Eset

Eustace · 12.04.2012, 22:06

Also es wurde etwas gefunden

Code:

ATTFilter

 ESETSmartInstaller@High as downloader log:
all ok
# version=7
# OnlineScannerApp.exe=1.0.0.1
# OnlineScanner.ocx=1.0.0.6583
# api_version=3.0.2
# EOSSerial=5981faaafdc3d541bb825c52276d68cd
# end=stopped
# remove_checked=false
# archives_checked=true
# unwanted_checked=true
# unsafe_checked=false
# antistealth_checked=true
# utc_time=2012-04-12 06:56:54
# local_time=2012-04-12 08:56:54 (+0100, Mitteleuropäische Sommerzeit)
# country="Germany"
# lang=1033
# osver=6.1.7601 NT Service Pack 1
# compatibility_mode=512 16777215 100 0 0 0 0 0
# compatibility_mode=1792 16777215 100 0 14953990 14953990 0 0
# compatibility_mode=5893 16776573 100 94 36241 85887868 0 0
# compatibility_mode=8192 67108863 100 0 169 169 0 0
# scanned=4617
# found=0
# cleaned=0
# scan_time=359
ESETSmartInstaller@High as downloader log:
all ok
esets_scanner_update returned -1 esets_gle=53251
# version=7
# OnlineScannerApp.exe=1.0.0.1
# OnlineScanner.ocx=1.0.0.6583
# api_version=3.0.2
# EOSSerial=5981faaafdc3d541bb825c52276d68cd
# end=finished
# remove_checked=false
# archives_checked=true
# unwanted_checked=true
# unsafe_checked=false
# antistealth_checked=true
# utc_time=2012-04-12 09:02:20
# local_time=2012-04-12 11:02:20 (+0100, Mitteleuropäische Sommerzeit)
# country="Germany"
# lang=1033
# osver=6.1.7601 NT Service Pack 1
# compatibility_mode=512 16777215 100 0 0 0 0 0
# compatibility_mode=1792 16777215 100 0 14954392 14954392 0 0
# compatibility_mode=5893 16776573 100 94 36643 85888270 0 0
# compatibility_mode=8192 67108863 100 0 571 571 0 0
# scanned=115956
# found=1
# cleaned=0
# scan_time=7482
C:\Users\Alina\AppData\Local\Temp\Toolbar_Eazel.exe	Win32/Toolbar.Babylon application (unable to clean)	00000000000000000000000000000000	I

cosinus · 12.04.2012, 22:57

CustomScan mit OTL

Falls noch nicht vorhanden, lade Dir bitte OTL von Oldtimer herunter und speichere es auf Deinem Desktop

Starte bitte die OTL.exe.
Vista und Win7 User mit Rechtsklick "als Administrator starten"
Setze oben mittig den Haken bei Scanne alle Benutzer
Kopiere nun den kompletten Inhalt aus der untenstehenden Codebox in die Textbox von OTL - wenn OTL auf deutsch ist wird sie mit beschriftet

Code:

ATTFilter

netsvcs
msconfig
safebootminimal
safebootnetwork
activex
drivers32
%ALLUSERSPROFILE%\Application Data\*.
%ALLUSERSPROFILE%\Application Data\*.exe /s
%APPDATA%\*.
%APPDATA%\*.exe /s
%SYSTEMDRIVE%\*.exe
/md5start
wininit.exe
userinit.exe
eventlog.dll
scecli.dll
netlogon.dll
cngaudit.dll
ws2ifsl.sys
sceclt.dll
ntelogon.dll
winlogon.exe
logevent.dll
user32.DLL
iaStor.sys
nvstor.sys
atapi.sys
IdeChnDr.sys
viasraid.sys
AGP440.sys
vaxscsi.sys
nvatabus.sys
viamraid.sys
nvata.sys
nvgts.sys
iastorv.sys
ViPrt.sys
eNetHook.dll
ahcix86.sys
KR10N.sys
nvstor32.sys
ahcix86s.sys
/md5stop
%systemroot%\system32\drivers\*.sys /lockedfiles
%systemroot%\System32\config\*.sav
%systemroot%\*. /mp /s
%systemroot%\system32\*.dll /lockedfiles
CREATERESTOREPOINT

Schliesse bitte nun alle Programme. (Wichtig)
Klicke nun bitte auf den Quick Scan Button.
Klick auf .
Kopiere nun den Inhalt aus OTL.txt hier in Deinen Thread

Eustace · 13.04.2012, 01:09

OTL Logfile:

Code:

ATTFilter

OTL logfile created on: 13.04.2012 00:48:46 - Run 1
OTL by OldTimer - Version 3.2.39.2     Folder = C:\Users\Alina\Desktop
 Starter Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 8.0.7601.17514)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
 
1014,18 Mb Total Physical Memory | 336,77 Mb Available Physical Memory | 33,21% Memory free
1,99 Gb Paging File | 1,08 Gb Available in Paging File | 54,36% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\windows | %ProgramFiles% = C:\Program Files
Drive C: | 100,00 Gb Total Space | 71,03 Gb Free Space | 71,03% Space Free | Partition Type: NTFS
Drive D: | 117,87 Gb Total Space | 117,77 Gb Free Space | 99,92% Space Free | Partition Type: NTFS
 
Computer Name: ALINA-PC | User Name: Alina | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users | Quick Scan
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days
 
========== Processes (SafeList) ==========
 
PRC - [2012.04.13 00:35:47 | 000,593,920 | ---- | M] (OldTimer Tools) -- C:\Users\Alina\Desktop\OTL.exe
PRC - [2011.10.11 15:00:02 | 000,080,336 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\Program Files\Avira\AntiVir Desktop\avshadow.exe
PRC - [2011.10.11 14:59:49 | 000,086,224 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\Program Files\Avira\AntiVir Desktop\sched.exe
PRC - [2011.10.11 14:59:37 | 000,258,512 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\Program Files\Avira\AntiVir Desktop\avgnt.exe
PRC - [2011.10.11 14:59:37 | 000,110,032 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\Program Files\Avira\AntiVir Desktop\avguard.exe
PRC - [2011.10.01 08:30:42 | 000,219,496 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Microsoft Application Virtualization Client\sftvsa.exe
PRC - [2011.10.01 08:30:36 | 000,508,776 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Microsoft Application Virtualization Client\sftlist.exe
PRC - [2011.06.24 06:22:20 | 000,271,360 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\conhost.exe
PRC - [2011.04.01 12:14:30 | 000,391,432 | ---- | M] (Microsoft Corporation.) -- C:\Program Files\Microsoft\BingBar\BingBar.exe
PRC - [2011.04.01 12:14:30 | 000,259,336 | ---- | M] (Microsoft Corporation.) -- C:\Program Files\Microsoft\BingBar\BingApp.exe
PRC - [2011.03.28 12:21:16 | 000,249,648 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Microsoft\BingBar\SeaPort.EXE
PRC - [2011.02.25 07:30:54 | 002,616,320 | ---- | M] (Microsoft Corporation) -- C:\Windows\explorer.exe
PRC - [2010.11.20 14:17:47 | 000,049,152 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\taskhost.exe
PRC - [2010.09.08 03:45:44 | 001,090,984 | ---- | M] (AsusTek Computer Inc.) -- C:\Program Files\Asus\LiveUpdate\LiveUpdate.exe
PRC - [2010.08.10 00:04:58 | 001,244,592 | ---- | M] (ASUSTeK Computer Inc.) -- C:\Program Files\EeePC\HotkeyService\HotkeyService.exe
PRC - [2010.06.10 22:12:06 | 000,414,384 | ---- | M] () -- C:\Program Files\ASUS\Eee Docking\Eee Docking.exe
PRC - [2010.06.09 23:26:34 | 000,412,600 | ---- | M] (ASUSTeK Computer Inc.) -- C:\Program Files\EeePC\SHE\SuperHybridEngine.exe
PRC - [2010.05.29 01:41:36 | 000,445,344 | ---- | M] (ASUS) -- C:\Program Files\EeePC\CapsHook\CapsHook.exe
PRC - [2009.11.19 15:44:14 | 000,083,240 | ---- | M] (Synaptics Incorporated) -- C:\Program Files\Synaptics\SynTP\SynAsusAcpi.exe
PRC - [2009.11.19 14:05:42 | 000,284,160 | ---- | M] (ASUSTek) -- C:\Program Files\ASUS\LivCam\LivCam.exe
PRC - [2009.09.11 20:41:02 | 000,100,328 | ---- | M] (ASUSTeK Computer Inc.) -- C:\Program Files\EeePC\HotkeyService\HotKeyMon.exe
PRC - [2009.08.19 02:35:56 | 000,219,136 | ---- | M] () -- C:\Windows\System32\AsusService.exe
PRC - [2009.08.12 12:32:56 | 000,365,936 | ---- | M] (Boingo Wireless, Inc.) -- C:\Program Files\Boingo\Boingo Wi-Fi\Boingo Wi-Fi.exe
PRC - [2009.08.03 01:05:24 | 000,795,936 | ---- | M] (Broadcom Corporation.) -- C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe
PRC - [2009.08.03 01:05:24 | 000,582,944 | ---- | M] (Broadcom Corporation.) -- C:\Program Files\WIDCOMM\Bluetooth Software\btwdins.exe
PRC - [2009.06.05 04:03:32 | 000,186,904 | ---- | M] (Intel Corporation) -- C:\Program Files\Intel\Intel Matrix Storage Manager\IAAnotif.exe
PRC - [2009.06.05 04:03:06 | 000,354,840 | ---- | M] (Intel Corporation) -- C:\Program Files\Intel\Intel Matrix Storage Manager\IAANTMon.exe
 
 
========== Modules (No Company Name) ==========
 
MOD - [2011.10.28 16:04:40 | 001,670,144 | ---- | M] () -- C:\windows\assembly\NativeImages_v2.0.50727_32\Microsoft.VisualBas#\08d608378aa405adc844f3cf36974b8c\Microsoft.VisualBasic.ni.dll
MOD - [2011.10.28 07:12:37 | 012,432,896 | ---- | M] () -- C:\windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\3afcd5168c7a6cb02eab99d7fd71e102\System.Windows.Forms.ni.dll
MOD - [2011.10.28 07:12:06 | 001,587,200 | ---- | M] () -- C:\windows\assembly\NativeImages_v2.0.50727_32\System.Drawing\dbfe8642a8ed7b2b103ad28e0c96418a\System.Drawing.ni.dll
MOD - [2011.10.28 07:10:27 | 005,453,312 | ---- | M] () -- C:\windows\assembly\NativeImages_v2.0.50727_32\System.Xml\461d3b6b3f43e6fbe6c897d5936e17e4\System.Xml.ni.dll
MOD - [2011.10.28 07:10:13 | 000,971,264 | ---- | M] () -- C:\windows\assembly\NativeImages_v2.0.50727_32\System.Configuration\bc09ad2d49d8535371845cd7532f9271\System.Configuration.ni.dll
MOD - [2011.10.28 07:10:09 | 007,963,136 | ---- | M] () -- C:\windows\assembly\NativeImages_v2.0.50727_32\System\9e0a3b9b9f457233a335d7fba8f95419\System.ni.dll
MOD - [2011.10.28 07:09:28 | 011,490,304 | ---- | M] () -- C:\windows\assembly\NativeImages_v2.0.50727_32\mscorlib\62a0b3e4b40ec0e8c5cfaa0c8848e64a\mscorlib.ni.dll
MOD - [2011.09.27 08:23:00 | 000,087,912 | ---- | M] () -- C:\Program Files\Common Files\Apple\Apple Application Support\zlib1.dll
MOD - [2011.09.27 08:22:40 | 001,242,472 | ---- | M] () -- C:\Program Files\Common Files\Apple\Apple Application Support\libxml2.dll
MOD - [2010.09.02 13:08:00 | 000,118,784 | ---- | M] () -- C:\PROGRA~1\ASUS\ASUSWE~1\30108~1.222\ASUSWS~1.DLL
MOD - [2010.06.10 22:12:06 | 000,414,384 | ---- | M] () -- C:\Program Files\ASUS\Eee Docking\Eee Docking.exe
MOD - [2009.09.15 14:30:42 | 000,376,832 | ---- | M] () -- C:\Program Files\ASUS\LivCam\SMIUtility.dll
MOD - [2009.08.03 01:05:40 | 000,132,384 | ---- | M] () -- C:\Program Files\WIDCOMM\Bluetooth Software\btkeyind.dll
 
 
========== Win32 Services (SafeList) ==========
 
SRV - [2011.10.11 14:59:49 | 000,086,224 | ---- | M] (Avira Operations GmbH & Co. KG) [Auto | Running] -- C:\Program Files\Avira\AntiVir Desktop\sched.exe -- (AntiVirSchedulerService)
SRV - [2011.10.11 14:59:37 | 000,110,032 | ---- | M] (Avira Operations GmbH & Co. KG) [Auto | Running] -- C:\Program Files\Avira\AntiVir Desktop\avguard.exe -- (AntiVirService)
SRV - [2011.10.01 08:30:42 | 000,219,496 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\Program Files\Microsoft Application Virtualization Client\sftvsa.exe -- (sftvsa)
SRV - [2011.10.01 08:30:36 | 000,508,776 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files\Microsoft Application Virtualization Client\sftlist.exe -- (sftlist)
SRV - [2011.04.01 12:14:30 | 000,183,560 | ---- | M] (Microsoft Corporation.) [On_Demand | Stopped] -- C:\Program Files\Microsoft\BingBar\BBSvc.EXE -- (BBSvc)
SRV - [2011.03.28 12:21:16 | 000,249,648 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files\Microsoft\BingBar\SeaPort.EXE -- (SeaPort)
SRV - [2009.08.19 02:35:56 | 000,219,136 | ---- | M] () [Auto | Running] -- C:\Windows\System32\AsusService.exe -- (AsusService)
SRV - [2009.08.03 01:05:24 | 000,582,944 | ---- | M] (Broadcom Corporation.) [Auto | Running] -- C:\Program Files\WIDCOMM\Bluetooth Software\btwdins.exe -- (btwdins)
SRV - [2009.07.14 03:15:41 | 000,680,960 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files\Windows Defender\mpsvc.dll -- (WinDefend)
SRV - [2009.06.05 04:03:06 | 000,354,840 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\Program Files\Intel\Intel Matrix Storage Manager\IAANTMon.exe -- (IAANTMON) Intel(R)
SRV - [2007.02.05 10:11:18 | 000,075,320 | ---- | M] (Sony Corporation) [On_Demand | Stopped] -- C:\Program Files\Common Files\Sony Shared\AVLib\SSScsiSV.exe -- (SSScsiSV)
SRV - [2007.02.05 10:11:16 | 000,112,184 | ---- | M] (Sony Corporation) [On_Demand | Stopped] -- C:\Program Files\Common Files\Sony Shared\AVLib\SsBeSvc.exe -- (SonicStage Back-End Service)
SRV - [2006.12.14 02:21:20 | 000,045,056 | ---- | M] (Sony Corporation) [On_Demand | Stopped] -- C:\Program Files\Common Files\Sony Shared\AVLib\MSCSPTISRV.exe -- (MSCSPTISRV)
SRV - [2006.12.14 02:02:08 | 000,069,632 | ---- | M] (Sony Corporation) [On_Demand | Stopped] -- C:\Program Files\Common Files\Sony Shared\AVLib\SPTISRV.exe -- (SPTISRV)
SRV - [2006.12.14 01:46:16 | 000,057,344 | ---- | M] () [On_Demand | Stopped] -- C:\Program Files\Common Files\Sony Shared\AVLib\PACSPTISVR.exe -- (PACSPTISVR)
 
 
========== Driver Services (SafeList) ==========
 
DRV - [2012.02.15 16:01:49 | 000,137,416 | ---- | M] (Avira GmbH) [Kernel | System | Running] -- C:\Windows\System32\drivers\avipbb.sys -- (avipbb)
DRV - [2011.10.11 15:00:01 | 000,074,640 | ---- | M] (Avira GmbH) [File_System | Auto | Running] -- C:\Windows\System32\drivers\avgntflt.sys -- (avgntflt)
DRV - [2011.10.11 15:00:01 | 000,036,000 | ---- | M] (Avira GmbH) [Kernel | System | Running] -- C:\Windows\System32\drivers\avkmgr.sys -- (avkmgr)
DRV - [2011.10.01 08:30:42 | 000,019,304 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\Sftvollh.sys -- (Sftvol)
DRV - [2011.10.01 08:30:40 | 000,021,864 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Running] -- C:\Windows\System32\drivers\Sftredirlh.sys -- (Sftredir)
DRV - [2011.10.01 08:30:38 | 000,194,408 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\Sftplaylh.sys -- (Sftplay)
DRV - [2011.10.01 08:30:36 | 000,579,944 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\Sftfslh.sys -- (Sftfs)
DRV - [2010.11.20 12:24:41 | 000,052,224 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\TsUsbFlt.sys -- (TsUsbFlt)
DRV - [2010.06.17 15:14:27 | 000,028,520 | ---- | M] (Avira GmbH) [Kernel | System | Running] -- C:\Windows\System32\drivers\ssmdrv.sys -- (ssmdrv)
DRV - [2010.03.31 03:40:20 | 000,011,520 | ---- | M] () [Kernel | System | Running] -- C:\Windows\System32\drivers\AsUpIO.sys -- (AsUpIO)
DRV - [2009.10.05 18:31:50 | 001,221,632 | ---- | M] (Atheros Communications, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\athr.sys -- (athr)
DRV - [2009.07.27 09:06:46 | 000,051,712 | ---- | M] (Atheros Communications, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\L1C62x86.sys -- (L1C) NDIS Miniport Driver for Atheros AR8131/AR8132 PCI-E Ethernet Controller (NDIS 6.20)
DRV - [2009.07.20 11:29:40 | 000,013,880 | ---- | M] ( ) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\kbfiltr.sys -- (kbfiltr)
DRV - [2009.07.01 06:46:20 | 000,043,944 | ---- | M] (Broadcom Corporation.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\btusbflt.sys -- (btusbflt)
 
 
========== Standard Registry (SafeList) ==========
 
 
========== Internet Explorer ==========
 
IE - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&form=ASUTDF&pc=MAAU&src=IE-SearchBox
 
 
IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
 
IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
 
 
 
IE - HKU\S-1-5-21-172706901-155862144-3271113608-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://asus.msn.com
IE - HKU\S-1-5-21-172706901-155862144-3271113608-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Secondary_Page_URL = hxxp://eeepc.asus.com [binary data]
IE - HKU\S-1-5-21-172706901-155862144-3271113608-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.google.de/
IE - HKU\S-1-5-21-172706901-155862144-3271113608-1000\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE - HKU\S-1-5-21-172706901-155862144-3271113608-1000\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&form=ASUTDF&pc=MAAU&src=IE-SearchBox
IE - HKU\S-1-5-21-172706901-155862144-3271113608-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKU\S-1-5-21-172706901-155862144-3271113608-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local
 
========== FireFox ==========
 
FF - prefs.js..browser.startup.homepage: "hxxp://www.google.de/"
FF - prefs.js..network.proxy.type: 0
FF - user.js - File not found
 
FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\windows\system32\Macromed\Flash\NPSWF32.dll ()
FF - HKLM\Software\MozillaPlugins\@adobe.com/ShockwavePlayer: C:\windows\system32\Adobe\Director\np32dsw.dll (Adobe Systems, Inc.)
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=:  File not found
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=1.0: C:\Program Files\iTunes\Mozilla Plugins\npitunes.dll ()
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files\Java\jre6\bin\plugin2\npjp2.dll (Sun Microsystems, Inc.)
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: C:\Program Files\Microsoft Silverlight\4.1.10111.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/SharePoint,version=14.0: C:\PROGRA~1\MICROS~2\Office14\NPSPWRAP.DLL (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3502.0922: C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll File not found
FF - HKCU\Software\MozillaPlugins\@Skype Limited.com/Facebook Video Calling Plugin: C:\Users\Alina\AppData\Local\Facebook\Video\Skype\npFacebookVideoCalling.dll (Skype Limited)
 
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 11.0\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2012.03.22 15:25:09 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 11.0\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins
 
[2011.10.17 17:32:05 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Alina\AppData\Roaming\mozilla\Extensions
[2012.04.12 23:32:25 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Alina\AppData\Roaming\mozilla\Firefox\Profiles\4v2rjtrr.default\extensions
[2012.01.28 11:39:06 | 000,000,000 | ---D | M] (iMacros for Firefox) -- C:\Users\Alina\AppData\Roaming\mozilla\Firefox\Profiles\4v2rjtrr.default\extensions\{81BF1D23-5F17-408D-AC6B-BD6DF7CAF670}
[2011.10.17 18:08:54 | 000,000,000 | ---D | M] ("Free YouTube Download (Free Studio) Menu") -- C:\Users\Alina\AppData\Roaming\mozilla\Firefox\Profiles\4v2rjtrr.default\extensions\{ACAA314B-EEBA-48e4-AD47-84E31C44796C}
[2012.03.28 22:26:44 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files\mozilla firefox\extensions
[2012.03.28 22:26:45 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0031-ABCDEFFEDCBA}
() (No name found) -- C:\USERS\ALINA\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\4V2RJTRR.DEFAULT\EXTENSIONS\{73A6FE31-595D-460B-A920-FCC0F8843232}.XPI
() (No name found) -- C:\USERS\ALINA\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\4V2RJTRR.DEFAULT\EXTENSIONS\{D10D0BF8-F5B5-C8B4-A8B2-2B9879E08C5D}.XPI
() (No name found) -- C:\USERS\ALINA\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\4V2RJTRR.DEFAULT\EXTENSIONS\ICH@MALTEGOETZ.DE.XPI
[2012.03.22 15:25:08 | 000,097,208 | ---- | M] (Mozilla Foundation) -- C:\Program Files\mozilla firefox\components\browsercomps.dll
[2012.03.22 15:25:01 | 000,001,392 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\amazondotcom-de.xml
[2012.03.22 15:25:01 | 000,002,252 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\bing.xml
[2012.03.22 15:25:01 | 000,001,153 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\eBay-de.xml
[2012.03.22 15:25:01 | 000,006,805 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\leo_ende_de.xml
[2012.03.22 15:25:01 | 000,001,178 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\wikipedia-de.xml
[2012.03.22 15:25:01 | 000,001,105 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\yahoo-de.xml
 
O1 HOSTS File: ([2009.06.10 23:39:37 | 000,000,824 | ---- | M]) - C:\Windows\System32\drivers\etc\hosts
O2 - BHO: (Java(tm) Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre6\bin\ssv.dll (Sun Microsystems, Inc.)
O2 - BHO: (Bing Bar Helper) - {d2ce3e00-f94a-4740-988e-03dc2f38c34f} - C:\Program Files\Microsoft\BingBar\BingExt.dll (Microsoft Corporation.)
O3 - HKLM\..\Toolbar: (Bing Bar) - {8dcb7100-df86-4384-8842-8fa844297b3f} - C:\Program Files\Microsoft\BingBar\BingExt.dll (Microsoft Corporation.)
O3 - HKLM\..\Toolbar: (no name) - Locked - No CLSID value found.
O3 - HKU\S-1-5-21-172706901-155862144-3271113608-1000\..\Toolbar\WebBrowser: (no name) - {21FA44EF-376D-4D53-9B0F-8A89D3229068} - No CLSID value found.
O4 - HKLM..\Run: [APSDaemon] C:\Program Files\Common Files\Apple\Apple Application Support\APSDaemon.exe (Apple Inc.)
O4 - HKLM..\Run: [ASUSPRP] C:\Program Files\ASUS\APRP\APRP.EXE (ASUSTek Computer Inc.)
O4 - HKLM..\Run: [ASUSWebStorage] C:\Program Files\ASUS\ASUS WebStorage\3.0.108.222\AsusWSPanel.exe (ecareme)
O4 - HKLM..\Run: [avgnt] C:\Program Files\Avira\AntiVir Desktop\avgnt.exe (Avira Operations GmbH & Co. KG)
O4 - HKLM..\Run: [Boingo Wi-Fi] C:\Program Files\Boingo\Boingo Wi-Fi\Boingo.lnk ()
O4 - HKLM..\Run: [CapsHook] C:\windows\System32\AsusSender.exe (ASUSTek Computer Inc.)
O4 - HKLM..\Run: [Eee Docking] C:\Program Files\ASUS\Eee Docking\Eee Docking.exe ()
O4 - HKLM..\Run: [EeeSplendidAgent] C:\Program Files\ASUS\EPC\EeeSplendid\AsAgent.exe File not found
O4 - HKLM..\Run: [GraphicsSwitch] C:\windows\System32\AsusSender.exe (ASUSTek Computer Inc.)
O4 - HKLM..\Run: [HotkeyMon] C:\windows\System32\AsusSender.exe (ASUSTek Computer Inc.)
O4 - HKLM..\Run: [HotkeyService] C:\windows\System32\AsusSender.exe (ASUSTek Computer Inc.)
O4 - HKLM..\Run: [IAAnotif] C:\Program Files\Intel\Intel Matrix Storage Manager\iaanotif.exe (Intel Corporation)
O4 - HKLM..\Run: [LivCam] C:\Program Files\ASUS\LivCam\LivCam.exe (ASUSTek)
O4 - HKLM..\Run: [LiveUpdate] C:\windows\System32\AsusSender.exe (ASUSTek Computer Inc.)
O4 - HKLM..\Run: [SuperHybridEngine] C:\windows\System32\AsusSender.exe (ASUSTek Computer Inc.)
O4 - HKLM..\Run: [SynAsusAcpi] C:\Program Files\Synaptics\SynTP\SynAsusAcpi.exe (Synaptics Incorporated)
O4 - HKU\S-1-5-21-172706901-155862144-3271113608-1000..\Run: [Facebook Update] C:\Users\Alina\AppData\Local\Facebook\Update\FacebookUpdate.exe (Facebook Inc.)
O4 - HKU\S-1-5-21-172706901-155862144-3271113608-1000..\Run: [msnmsgr] "C:\Program Files\Windows Live\Messenger\msnmsgr.exe" /background File not found
O4 - HKU\S-1-5-19..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (Microsoft Corporation)
O4 - HKU\S-1-5-20..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (Microsoft Corporation)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
O7 - HKU\S-1-5-21-172706901-155862144-3271113608-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O8 - Extra context menu item: Free YouTube to MP3 Converter - C:\Users\Alina\AppData\Roaming\DVDVideoSoftIEHelpers\freeyoutubetomp3converter.htm ()
O10 - NameSpace_Catalog5\Catalog_Entries\000000000008 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)
O13 - gopher Prefix: missing
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab (Java Plug-in 1.6.0_31)
O16 - DPF: {CAFEEFAC-0016-0000-0031-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab (Java Plug-in 1.6.0_31)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab (Java Plug-in 1.6.0_31)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.2.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{CA83C9A4-50BA-458D-A65D-0E72B89DE5C5}: DhcpNameServer = 192.168.2.1
O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files\Aibelive\Voice Command\Skype4COM.dll (Skype Technologies)
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\windows\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\System32\userinit.exe (Microsoft Corporation)
O20 - HKLM Winlogon: VMApplet - (SystemPropertiesPerformance.exe) - C:\windows\System32\SystemPropertiesPerformance.exe (Microsoft Corporation)
O20 - HKLM Winlogon: VMApplet - (/pagefile) -  File not found
O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2009.06.10 23:42:20 | 000,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ]
O33 - MountPoints2\{d105af45-4f64-11e1-861a-74f06db258d4}\Shell - "" = AutoRun
O33 - MountPoints2\{d105af45-4f64-11e1-861a-74f06db258d4}\Shell\AutoRun\command - "" = E:\zdata\cobi.exe
O34 - HKLM BootExecute: (autocheck autochk *)
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
 
NetSvcs: FastUserSwitchingCompatibility -  File not found
NetSvcs: Ias - C:\windows\System32\ias.dll (Microsoft Corporation)
NetSvcs: Nla -  File not found
NetSvcs: Ntmssvc -  File not found
NetSvcs: NWCWorkstation -  File not found
NetSvcs: Nwsapagent -  File not found
NetSvcs: SRService -  File not found
NetSvcs: WmdmPmSp -  File not found
NetSvcs: LogonHours -  File not found
NetSvcs: PCAudit -  File not found
NetSvcs: helpsvc -  File not found
NetSvcs: uploadmgr -  File not found
 
 
SafeBootMin: AppMgmt - Service
SafeBootMin: Base - Driver Group
SafeBootMin: Boot Bus Extender - Driver Group
SafeBootMin: Boot file system - Driver Group
SafeBootMin: File system - Driver Group
SafeBootMin: Filter - Driver Group
SafeBootMin: HelpSvc - Service
SafeBootMin: NTDS -  File not found
SafeBootMin: PCI Configuration - Driver Group
SafeBootMin: PNP Filter - Driver Group
SafeBootMin: Primary disk - Driver Group
SafeBootMin: sacsvr - Service
SafeBootMin: SCSI Class - Driver Group
SafeBootMin: System Bus Extender - Driver Group
SafeBootMin: vmms - Service
SafeBootMin: WinDefend - C:\Program Files\Windows Defender\mpsvc.dll (Microsoft Corporation)
SafeBootMin: {36FC9E60-C465-11CF-8056-444553540000} - Universal Serial Bus controllers
SafeBootMin: {4D36E965-E325-11CE-BFC1-08002BE10318} - CD-ROM Drive
SafeBootMin: {4D36E967-E325-11CE-BFC1-08002BE10318} - DiskDrive
SafeBootMin: {4D36E969-E325-11CE-BFC1-08002BE10318} - Standard floppy disk controller
SafeBootMin: {4D36E96A-E325-11CE-BFC1-08002BE10318} - Hdc
SafeBootMin: {4D36E96B-E325-11CE-BFC1-08002BE10318} - Keyboard
SafeBootMin: {4D36E96F-E325-11CE-BFC1-08002BE10318} - Mouse
SafeBootMin: {4D36E977-E325-11CE-BFC1-08002BE10318} - PCMCIA Adapters
SafeBootMin: {4D36E97B-E325-11CE-BFC1-08002BE10318} - SCSIAdapter
SafeBootMin: {4D36E97D-E325-11CE-BFC1-08002BE10318} - System
SafeBootMin: {4D36E980-E325-11CE-BFC1-08002BE10318} - Floppy disk drive
SafeBootMin: {533C5B84-EC70-11D2-9505-00C04F79DEAF} - Volume shadow copy
SafeBootMin: {6BDD1FC1-810F-11D0-BEC7-08002BE2092F} - IEEE 1394 Bus host controllers
SafeBootMin: {71A27CDD-812A-11D0-BEC7-08002BE2092F} - Volume
SafeBootMin: {745A17A0-74D3-11D0-B6FE-00A0C90F57DA} - Human Interface Devices
SafeBootMin: {D48179BE-EC20-11D1-B6B8-00C04FA372A7} - SBP2 IEEE 1394 Devices
SafeBootMin: {D94EE5D8-D189-4994-83D2-F68D7D41B0E6} - SecurityDevices
 
SafeBootNet: AppMgmt - Service
SafeBootNet: Base - Driver Group
SafeBootNet: Boot Bus Extender - Driver Group
SafeBootNet: Boot file system - Driver Group
SafeBootNet: File system - Driver Group
SafeBootNet: Filter - Driver Group
SafeBootNet: HelpSvc - Service
SafeBootNet: Messenger - Service
SafeBootNet: NDIS Wrapper - Driver Group
SafeBootNet: NetBIOSGroup - Driver Group
SafeBootNet: NetDDEGroup - Driver Group
SafeBootNet: Network - Driver Group
SafeBootNet: NetworkProvider - Driver Group
SafeBootNet: NTDS -  File not found
SafeBootNet: PCI Configuration - Driver Group
SafeBootNet: PNP Filter - Driver Group
SafeBootNet: PNP_TDI - Driver Group
SafeBootNet: Primary disk - Driver Group
SafeBootNet: rdsessmgr - Service
SafeBootNet: sacsvr - Service
SafeBootNet: SCSI Class - Driver Group
SafeBootNet: Streams Drivers - Driver Group
SafeBootNet: System Bus Extender - Driver Group
SafeBootNet: TDI - Driver Group
SafeBootNet: vmms - Service
SafeBootNet: WinDefend - C:\Program Files\Windows Defender\mpsvc.dll (Microsoft Corporation)
SafeBootNet: WudfUsbccidDriver - Driver
SafeBootNet: {36FC9E60-C465-11CF-8056-444553540000} - Universal Serial Bus controllers
SafeBootNet: {4D36E965-E325-11CE-BFC1-08002BE10318} - CD-ROM Drive
SafeBootNet: {4D36E967-E325-11CE-BFC1-08002BE10318} - DiskDrive
SafeBootNet: {4D36E969-E325-11CE-BFC1-08002BE10318} - Standard floppy disk controller
SafeBootNet: {4D36E96A-E325-11CE-BFC1-08002BE10318} - Hdc
SafeBootNet: {4D36E96B-E325-11CE-BFC1-08002BE10318} - Keyboard
SafeBootNet: {4D36E96F-E325-11CE-BFC1-08002BE10318} - Mouse
SafeBootNet: {4D36E972-E325-11CE-BFC1-08002BE10318} - Net
SafeBootNet: {4D36E973-E325-11CE-BFC1-08002BE10318} - NetClient
SafeBootNet: {4D36E974-E325-11CE-BFC1-08002BE10318} - NetService
SafeBootNet: {4D36E975-E325-11CE-BFC1-08002BE10318} - NetTrans
SafeBootNet: {4D36E977-E325-11CE-BFC1-08002BE10318} - PCMCIA Adapters
SafeBootNet: {4D36E97B-E325-11CE-BFC1-08002BE10318} - SCSIAdapter
SafeBootNet: {4D36E97D-E325-11CE-BFC1-08002BE10318} - System
SafeBootNet: {4D36E980-E325-11CE-BFC1-08002BE10318} - Floppy disk drive
SafeBootNet: {50DD5230-BA8A-11D1-BF5D-0000F805F530} - Smart card readers
SafeBootNet: {533C5B84-EC70-11D2-9505-00C04F79DEAF} - Volume shadow copy
SafeBootNet: {6BDD1FC1-810F-11D0-BEC7-08002BE2092F} - IEEE 1394 Bus host controllers
SafeBootNet: {71A27CDD-812A-11D0-BEC7-08002BE2092F} - Volume
SafeBootNet: {745A17A0-74D3-11D0-B6FE-00A0C90F57DA} - Human Interface Devices
SafeBootNet: {D48179BE-EC20-11D1-B6B8-00C04FA372A7} - SBP2 IEEE 1394 Devices
SafeBootNet: {D94EE5D8-D189-4994-83D2-F68D7D41B0E6} - SecurityDevices
 
ActiveX: {08B0E5C0-4FCB-11CF-AAA5-00401C608500} - Java (Sun)
ActiveX: {22d6f312-b0f6-11d0-94ab-0080c74c7e95} - Microsoft Windows Media Player 12.0
ActiveX: {25FFAAD0-F4A3-4164-95FF-4461E9F35D51} - .NET Framework
ActiveX: {2C7339CF-2B09-4501-B3F3-F3508C9228ED} - %SystemRoot%\system32\regsvr32.exe /s /n /i:/UserInstall %SystemRoot%\system32\themeui.dll
ActiveX: {3af36230-a269-11d1-b5bf-0000f8051515} - Offline Browsing Pack
ActiveX: {3C3901C5-3455-3E0A-A214-0B093A5070A6} - .NET Framework
ActiveX: {44BBA840-CC51-11CF-AAFA-00AA00B6015C} - "%ProgramFiles%\Windows Mail\WinMail.exe" OCInstallUserConfigOE
ActiveX: {44BBA855-CC51-11CF-AAFA-00AA00B6015F} - DirectDrawEx
ActiveX: {45ea75a0-a269-11d1-b5bf-0000f8051515} - Internet Explorer Help
ActiveX: {4f645220-306d-11d2-995d-00c04f98bbc9} - Microsoft Windows Script 5.6
ActiveX: {5fd399c0-a70a-11d1-9948-00c04f98bbc9} - Internet Explorer Setup Tools
ActiveX: {630b1da0-b465-11d1-9948-00c04f98bbc9} - Browsing Enhancements
ActiveX: {6BF52A52-394A-11d3-B153-00C04F79FAA6} - Microsoft Windows Media Player
ActiveX: {6fab99d0-bab8-11d1-994a-00c04f98bbc9} - MSN Site Access
ActiveX: {7790769C-0471-11d2-AF11-00C04FA35D02} - Address Book 7
ActiveX: {7C028AF8-F614-47B3-82DA-BA94E41B1089} - .NET Framework
ActiveX: {89820200-ECBD-11cf-8B85-00AA005B4340} - regsvr32.exe /s /n /i:U shell32.dll
ActiveX: {89820200-ECBD-11cf-8B85-00AA005B4383} - C:\Windows\System32\ie4uinit.exe -BaseSettings
ActiveX: {89B4C1CD-B018-4511-B0A1-5476DBF70820} - C:\Windows\system32\Rundll32.exe C:\Windows\system32\mscories.dll,Install
ActiveX: {9381D8F2-0288-11D0-9501-00AA00B911A5} - Dynamic HTML Data Binding
ActiveX: {C9E9A340-D1F1-11D0-821E-444553540600} - Internet Explorer Core Fonts
ActiveX: {D27CDB6E-AE6D-11CF-96B8-444553540000} - Adobe Flash Player
ActiveX: {de5aed00-a4bf-11d1-9948-00c04f98bbc9} - HTML Help
ActiveX: {E92B03AB-B707-11d2-9CBD-0000F87A369E} - Active Directory Service Interface
ActiveX: >{22d6f312-b0f6-11d0-94ab-0080c74c7e95} - %SystemRoot%\system32\unregmp2.exe /ShowWMP
ActiveX: >{26923b43-4d38-484f-9b9e-de460746276c} - C:\Windows\System32\ie4uinit.exe -UserIconConfig
ActiveX: >{60B49E34-C7CC-11D0-8953-00A0C90347FF} - "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\iedkcs32.dll",BrandIEActiveSetup SIGNUP
 
Drivers32: msacm.l3acm - C:\Windows\System32\l3codeca.acm (Fraunhofer Institut Integrierte Schaltungen IIS)
Drivers32: MSVideo8 - C:\windows\System32\vfwwdm32.dll (Microsoft Corporation)
Drivers32: vidc.cvid - C:\windows\System32\iccvid.dll (Radius Inc.)
 
CREATERESTOREPOINT
Restore point Set: OTL Restore Point
 
========== Files/Folders - Created Within 30 Days ==========
 
[2012.04.13 00:35:25 | 000,593,920 | ---- | C] (OldTimer Tools) -- C:\Users\Alina\Desktop\OTL.exe
[2012.04.12 20:48:28 | 000,000,000 | ---D | C] -- C:\Program Files\ESET
[2012.04.12 20:47:44 | 002,322,184 | ---- | C] (ESET) -- C:\Users\Alina\Desktop\esetsmartinstaller_enu.exe
[2012.04.12 16:49:11 | 000,000,000 | -HSD | C] -- C:\Config.Msi
[2012.04.11 16:02:04 | 000,000,000 | ---D | C] -- C:\Users\Alina\AppData\Roaming\Malwarebytes
[2012.04.11 16:01:50 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes' Anti-Malware
[2012.04.11 16:01:47 | 000,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes
[2012.04.11 16:01:44 | 000,022,344 | ---- | C] (Malwarebytes Corporation) -- C:\windows\System32\drivers\mbam.sys
[2012.04.11 16:01:43 | 000,000,000 | ---D | C] -- C:\Program Files\Malwarebytes' Anti-Malware
[2012.03.28 22:27:03 | 000,000,000 | ---D | C] -- C:\ProgramData\Sun
[2012.03.28 22:27:01 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Java
[2012.03.28 22:25:55 | 000,000,000 | ---D | C] -- C:\Program Files\Java
[2012.03.25 20:17:51 | 000,000,000 | ---D | C] -- C:\Users\Alina\Desktop\Ausflüge, Urlaub, etc
 
========== Files - Modified Within 30 Days ==========
 
[2012.04.13 00:35:47 | 000,593,920 | ---- | M] (OldTimer Tools) -- C:\Users\Alina\Desktop\OTL.exe
[2012.04.12 22:57:12 | 000,000,928 | ---- | M] () -- C:\windows\tasks\FacebookUpdateTaskUserS-1-5-21-172706901-155862144-3271113608-1000UA.job
[2012.04.12 22:57:12 | 000,000,906 | ---- | M] () -- C:\windows\tasks\FacebookUpdateTaskUserS-1-5-21-172706901-155862144-3271113608-1000Core.job
[2012.04.12 22:15:48 | 000,067,584 | --S- | M] () -- C:\windows\bootstat.dat
[2012.04.12 20:57:10 | 000,009,696 | -H-- | M] () -- C:\windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
[2012.04.12 20:57:10 | 000,009,696 | -H-- | M] () -- C:\windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
[2012.04.12 20:47:53 | 002,322,184 | ---- | M] (ESET) -- C:\Users\Alina\Desktop\esetsmartinstaller_enu.exe
[2012.04.12 19:09:26 | 000,654,610 | ---- | M] () -- C:\windows\System32\perfh007.dat
[2012.04.12 19:09:26 | 000,616,452 | ---- | M] () -- C:\windows\System32\perfh009.dat
[2012.04.12 19:09:26 | 000,130,192 | ---- | M] () -- C:\windows\System32\perfc007.dat
[2012.04.12 19:09:26 | 000,106,574 | ---- | M] () -- C:\windows\System32\perfc009.dat
[2012.04.12 16:59:06 | 797,581,312 | -HS- | M] () -- C:\hiberfil.sys
[2012.04.11 17:12:33 | 000,054,361 | ---- | M] () -- C:\Users\Alina\Desktop\run.jpg
[2012.04.11 16:01:51 | 000,001,067 | ---- | M] () -- C:\Users\Public\Desktop\ Malwarebytes Anti-Malware .lnk
[2012.04.09 01:16:21 | 000,123,760 | ---- | M] () -- C:\Users\Alina\Documents\44444chan.jpg
[2012.04.09 01:16:21 | 000,007,837 | ---- | M] () -- C:\Users\Alina\.recently-used.xbel
[2012.04.09 01:15:39 | 000,108,438 | ---- | M] () -- C:\Users\Alina\Documents\4444chan.jpg
[2012.04.09 01:15:10 | 000,115,164 | ---- | M] () -- C:\Users\Alina\Documents\444chan.jpg
[2012.04.09 01:14:21 | 000,119,702 | ---- | M] () -- C:\Users\Alina\Documents\44chan.jpg
[2012.04.09 01:13:14 | 000,122,166 | ---- | M] () -- C:\Users\Alina\Documents\4chan.jpg
[2012.04.05 18:57:25 | 000,200,612 | ---- | M] () -- C:\Users\Alina\Desktop\tumblr_m1t2e5EthW1r2kjgmo1_500.jpg
[2012.04.04 15:56:40 | 000,022,344 | ---- | M] (Malwarebytes Corporation) -- C:\windows\System32\drivers\mbam.sys
[2012.03.14 07:54:26 | 000,001,191 | ---- | M] () -- C:\Users\Alina\Desktop\Führerschein Trainer.lnk
 
========== Files Created - No Company Name ==========
 
[2012.04.11 17:12:30 | 000,054,361 | ---- | C] () -- C:\Users\Alina\Desktop\run.jpg
[2012.04.11 16:01:51 | 000,001,067 | ---- | C] () -- C:\Users\Public\Desktop\ Malwarebytes Anti-Malware .lnk
[2012.04.09 01:16:21 | 000,123,760 | ---- | C] () -- C:\Users\Alina\Documents\44444chan.jpg
[2012.04.09 01:16:21 | 000,007,837 | ---- | C] () -- C:\Users\Alina\.recently-used.xbel
[2012.04.09 01:15:39 | 000,108,438 | ---- | C] () -- C:\Users\Alina\Documents\4444chan.jpg
[2012.04.09 01:15:10 | 000,115,164 | ---- | C] () -- C:\Users\Alina\Documents\444chan.jpg
[2012.04.09 01:14:20 | 000,119,702 | ---- | C] () -- C:\Users\Alina\Documents\44chan.jpg
[2012.04.09 01:13:14 | 000,122,166 | ---- | C] () -- C:\Users\Alina\Documents\4chan.jpg
[2012.04.05 18:57:17 | 000,200,612 | ---- | C] () -- C:\Users\Alina\Desktop\tumblr_m1t2e5EthW1r2kjgmo1_500.jpg
[2011.11.05 15:28:49 | 000,015,873 | ---- | C] () -- C:\windows\System32\Inetde.dll
[2011.10.17 20:02:14 | 000,532,480 | ---- | C] () -- C:\windows\System32\CddbPlaylist2Sony.dll
[2011.10.17 16:59:34 | 000,006,144 | ---- | C] () -- C:\windows\System32\drivers\ASUSHWIO.SYS
[2011.10.17 16:44:52 | 000,004,692 | ---- | C] () -- C:\windows\System32\drivers\SamSfPa.dat
[2010.09.14 23:45:59 | 000,219,136 | ---- | C] () -- C:\windows\System32\AsusService.exe
[2010.09.14 23:45:59 | 000,025,616 | ---- | C] () -- C:\windows\AsAcpiSvrLang.ini
[2010.09.14 23:44:15 | 000,131,984 | ---- | C] () -- C:\ProgramData\FullRemove.exe
[2010.09.14 23:42:21 | 000,011,520 | ---- | C] () -- C:\windows\System32\drivers\AsUpIO.sys
[2010.09.14 23:41:27 | 000,000,702 | ---- | C] () -- C:\windows\Reboot.ini
[2010.09.14 23:27:44 | 000,013,931 | ---- | C] () -- C:\windows\System32\RaCoInst.dat
[2010.07.06 04:50:14 | 000,013,880 | ---- | C] ( ) -- C:\windows\System32\drivers\kbfiltr.sys
 
========== LOP Check ==========
 
[2011.12.08 17:05:48 | 000,000,000 | ---D | M] -- C:\Users\Alina\AppData\Roaming\Amazon
[2010.09.14 23:58:23 | 000,000,000 | ---D | M] -- C:\Users\Alina\AppData\Roaming\ASUS WebStorage
[2012.01.07 23:41:07 | 000,000,000 | ---D | M] -- C:\Users\Alina\AppData\Roaming\BOM
[2011.10.17 18:10:00 | 000,000,000 | ---D | M] -- C:\Users\Alina\AppData\Roaming\DVDVideoSoft
[2011.10.17 18:08:53 | 000,000,000 | ---D | M] -- C:\Users\Alina\AppData\Roaming\DVDVideoSoftIEHelpers
[2012.04.09 01:16:22 | 000,000,000 | ---D | M] -- C:\Users\Alina\AppData\Roaming\gtk-2.0
[2012.03.01 19:51:42 | 000,000,000 | ---D | M] -- C:\Users\Alina\AppData\Roaming\SoftGrid Client
[2011.12.15 16:37:08 | 000,000,000 | ---D | M] -- C:\Users\Alina\AppData\Roaming\TP
[2011.10.17 16:51:35 | 000,000,000 | ---D | M] -- C:\Users\Alina\AppData\Roaming\VoiceCommand
[2011.11.18 16:16:32 | 000,000,000 | ---D | M] -- C:\Users\Alina\AppData\Roaming\Windows Live Writer
[2010.09.14 23:58:23 | 000,000,000 | ---D | M] -- C:\Users\Default\AppData\Roaming\ASUS WebStorage
[2010.09.14 23:58:23 | 000,000,000 | ---D | M] -- C:\Users\Default User\AppData\Roaming\ASUS WebStorage
[2012.04.12 22:57:12 | 000,000,906 | ---- | M] () -- C:\windows\Tasks\FacebookUpdateTaskUserS-1-5-21-172706901-155862144-3271113608-1000Core.job
[2012.04.12 22:57:12 | 000,000,928 | ---- | M] () -- C:\windows\Tasks\FacebookUpdateTaskUserS-1-5-21-172706901-155862144-3271113608-1000UA.job
[2012.03.09 07:40:50 | 000,032,632 | ---- | M] () -- C:\windows\Tasks\SCHEDLGU.TXT
 
========== Purity Check ==========
 
 
 
========== Custom Scans ==========
 
< %ALLUSERSPROFILE%\Application Data\*. >
 
< %ALLUSERSPROFILE%\Application Data\*.exe /s >
 
< %APPDATA%\*. >
[2011.10.17 16:59:13 | 000,000,000 | ---D | M] -- C:\Users\Alina\AppData\Roaming\Adobe
[2011.12.08 17:05:48 | 000,000,000 | ---D | M] -- C:\Users\Alina\AppData\Roaming\Amazon
[2011.12.08 22:36:45 | 000,000,000 | ---D | M] -- C:\Users\Alina\AppData\Roaming\Apple Computer
[2010.09.14 23:58:23 | 000,000,000 | ---D | M] -- C:\Users\Alina\AppData\Roaming\ASUS WebStorage
[2011.10.22 18:58:55 | 000,000,000 | ---D | M] -- C:\Users\Alina\AppData\Roaming\Avira
[2012.01.07 23:41:07 | 000,000,000 | ---D | M] -- C:\Users\Alina\AppData\Roaming\BOM
[2011.10.17 18:10:00 | 000,000,000 | ---D | M] -- C:\Users\Alina\AppData\Roaming\DVDVideoSoft
[2011.10.17 18:08:53 | 000,000,000 | ---D | M] -- C:\Users\Alina\AppData\Roaming\DVDVideoSoftIEHelpers
[2012.04.09 01:16:22 | 000,000,000 | ---D | M] -- C:\Users\Alina\AppData\Roaming\gtk-2.0
[2009.07.14 06:54:12 | 000,000,000 | ---D | M] -- C:\Users\Alina\AppData\Roaming\Identities
[2010.09.14 23:25:29 | 000,000,000 | ---D | M] -- C:\Users\Alina\AppData\Roaming\InstallShield
[2010.09.14 23:42:05 | 000,000,000 | ---D | M] -- C:\Users\Alina\AppData\Roaming\Macromedia
[2012.04.11 16:02:04 | 000,000,000 | ---D | M] -- C:\Users\Alina\AppData\Roaming\Malwarebytes
[2012.02.04 14:30:59 | 000,000,000 | --SD | M] -- C:\Users\Alina\AppData\Roaming\Microsoft
[2011.10.17 17:32:05 | 000,000,000 | ---D | M] -- C:\Users\Alina\AppData\Roaming\Mozilla
[2012.03.28 00:49:16 | 000,000,000 | ---D | M] -- C:\Users\Alina\AppData\Roaming\Skype
[2012.03.01 19:51:42 | 000,000,000 | ---D | M] -- C:\Users\Alina\AppData\Roaming\SoftGrid Client
[2011.10.17 20:05:12 | 000,000,000 | ---D | M] -- C:\Users\Alina\AppData\Roaming\Sony Corporation
[2011.12.15 16:37:08 | 000,000,000 | ---D | M] -- C:\Users\Alina\AppData\Roaming\TP
[2011.10.17 16:51:35 | 000,000,000 | ---D | M] -- C:\Users\Alina\AppData\Roaming\VoiceCommand
[2011.11.18 16:16:32 | 000,000,000 | ---D | M] -- C:\Users\Alina\AppData\Roaming\Windows Live Writer
 
< %APPDATA%\*.exe /s >
[2010.09.14 23:42:03 | 000,038,784 | ---- | M] () -- C:\Users\Alina\AppData\Roaming\Macromedia\Flash Player\www.macromedia.com\bin\airappinstaller\airappinstaller.exe
[2011.12.31 21:45:11 | 003,763,360 | ---- | M] (Adobe Systems, Inc.) -- C:\Users\Alina\AppData\Roaming\Macromedia\Flash Player\www.macromedia.com\bin\fpupdatepl\fpupdatepl.exe
 
< %SYSTEMDRIVE%\*.exe >
 
< MD5 for: AGP440.SYS  >
[2009.07.14 03:26:15 | 000,053,312 | ---- | M] (Microsoft Corporation) MD5=507812C3054C21CEF746B6EE3D04DD6E -- C:\Windows\System32\drivers\AGP440.sys
[2009.07.14 03:26:15 | 000,053,312 | ---- | M] (Microsoft Corporation) MD5=507812C3054C21CEF746B6EE3D04DD6E -- C:\Windows\System32\DriverStore\FileRepository\machine.inf_x86_neutral_a97a2a0d0fbc6696\AGP440.sys
[2009.07.14 03:26:15 | 000,053,312 | ---- | M] (Microsoft Corporation) MD5=507812C3054C21CEF746B6EE3D04DD6E -- C:\Windows\winsxs\x86_machine.inf_31bf3856ad364e35_6.1.7600.16385_none_b9e9435f20046eeb\AGP440.sys
[2009.07.14 03:26:15 | 000,053,312 | ---- | M] (Microsoft Corporation) MD5=507812C3054C21CEF746B6EE3D04DD6E -- C:\Windows\winsxs\x86_machine.inf_31bf3856ad364e35_6.1.7601.17514_none_bc1a57271cf2f285\AGP440.sys
 
< MD5 for: ATAPI.SYS  >
[2009.07.14 03:26:15 | 000,021,584 | ---- | M] (Microsoft Corporation) MD5=338C86357871C167A96AB976519BF59E -- C:\Windows\System32\drivers\atapi.sys
[2009.07.14 03:26:15 | 000,021,584 | ---- | M] (Microsoft Corporation) MD5=338C86357871C167A96AB976519BF59E -- C:\Windows\System32\DriverStore\FileRepository\mshdc.inf_x86_neutral_fab873f3e8a3315c\atapi.sys
[2009.07.14 03:26:15 | 000,021,584 | ---- | M] (Microsoft Corporation) MD5=338C86357871C167A96AB976519BF59E -- C:\Windows\winsxs\x86_mshdc.inf_31bf3856ad364e35_6.1.7600.16385_none_dd0e7e3d82dd640d\atapi.sys
[2009.07.14 03:26:15 | 000,021,584 | ---- | M] (Microsoft Corporation) MD5=338C86357871C167A96AB976519BF59E -- C:\Windows\winsxs\x86_mshdc.inf_31bf3856ad364e35_6.1.7601.17514_none_df3f92057fcbe7a7\atapi.sys
 
< MD5 for: CNGAUDIT.DLL  >
[2009.07.14 03:15:06 | 000,012,288 | ---- | M] (Microsoft Corporation) MD5=50BA656134F78AF64E4DD3C8B6FEFD7E -- C:\Windows\System32\cngaudit.dll
[2009.07.14 03:15:06 | 000,012,288 | ---- | M] (Microsoft Corporation) MD5=50BA656134F78AF64E4DD3C8B6FEFD7E -- C:\Windows\winsxs\x86_microsoft-windows-cngaudit-dll_31bf3856ad364e35_6.1.7600.16385_none_e83a414890e8132b\cngaudit.dll
 
< MD5 for: IASTOR.SYS  >
[2009.06.05 03:54:36 | 000,408,600 | ---- | M] (Intel Corporation) MD5=1D004CB1DA6323B1F55CAEF7F94B61D9 -- C:\Program Files\Intel\Intel Matrix Storage Manager\driver64\IaStor.sys
[2009.06.05 03:43:16 | 000,330,264 | ---- | M] (Intel Corporation) MD5=D483687EACE0C065EE772481A96E05F5 -- C:\Program Files\Intel\Intel Matrix Storage Manager\driver\IaStor.sys
[2009.06.05 03:43:16 | 000,330,264 | ---- | M] (Intel Corporation) MD5=D483687EACE0C065EE772481A96E05F5 -- C:\Windows\System32\drivers\iaStor.sys
[2009.06.05 03:43:16 | 000,330,264 | ---- | M] (Intel Corporation) MD5=D483687EACE0C065EE772481A96E05F5 -- C:\Windows\System32\DriverStore\FileRepository\iaahci.inf_x86_neutral_c1f15fc3e546800a\iaStor.sys
 
< MD5 for: IASTORV.SYS  >
[2011.03.11 07:38:51 | 000,332,160 | ---- | M] (Intel Corporation) MD5=5CD5F9A5444E6CDCB0AC89BD62D8B76E -- C:\Windows\System32\drivers\iaStorV.sys
[2011.03.11 07:38:51 | 000,332,160 | ---- | M] (Intel Corporation) MD5=5CD5F9A5444E6CDCB0AC89BD62D8B76E -- C:\Windows\System32\DriverStore\FileRepository\iastorv.inf_x86_neutral_0bcee2057afcc090\iaStorV.sys
[2011.03.11 07:38:51 | 000,332,160 | ---- | M] (Intel Corporation) MD5=5CD5F9A5444E6CDCB0AC89BD62D8B76E -- C:\Windows\winsxs\x86_iastorv.inf_31bf3856ad364e35_6.1.7601.17577_none_b0daddb9e6380745\iaStorV.sys
[2011.03.11 07:43:55 | 000,332,160 | ---- | M] (Intel Corporation) MD5=71F1A494FEDF4B33C02C4A6A28D6D9E9 -- C:\Windows\winsxs\x86_iastorv.inf_31bf3856ad364e35_6.1.7600.16778_none_aef580fde910b4b0\iaStorV.sys
[2011.03.11 07:28:00 | 000,332,160 | ---- | M] (Intel Corporation) MD5=778D0E6D7D9EBA0C403BADBAAD41DB20 -- C:\Windows\winsxs\x86_iastorv.inf_31bf3856ad364e35_6.1.7601.21680_none_b152a892ff64119f\iaStorV.sys
[2009.07.14 03:20:36 | 000,332,352 | ---- | M] (Intel Corporation) MD5=934AF4D7C5F457B9F0743F4299B77B67 -- C:\Windows\winsxs\x86_iastorv.inf_31bf3856ad364e35_6.1.7600.16385_none_aee7a89be91b9000\iaStorV.sys
[2010.11.20 14:29:54 | 000,332,160 | ---- | M] (Intel Corporation) MD5=A3CAE5D281DB4CFF7CFF8233507EE5AD -- C:\Windows\System32\DriverStore\FileRepository\iastorv.inf_x86_neutral_668286aa35d55928\iaStorV.sys
[2010.11.20 14:29:54 | 000,332,160 | ---- | M] (Intel Corporation) MD5=A3CAE5D281DB4CFF7CFF8233507EE5AD -- C:\Windows\winsxs\x86_iastorv.inf_31bf3856ad364e35_6.1.7601.17514_none_b118bc63e60a139a\iaStorV.sys
[2011.03.11 07:52:21 | 000,332,160 | ---- | M] (Intel Corporation) MD5=B9039A34C2F8769490DCC494E2402445 -- C:\Windows\winsxs\x86_iastorv.inf_31bf3856ad364e35_6.1.7600.20921_none_afae2d45020c148b\iaStorV.sys
 
< MD5 for: NETLOGON.DLL  >
[2010.11.20 14:20:28 | 000,563,712 | ---- | M] (Microsoft Corporation) MD5=C1809B9907ADEDAF16F50C894100883B -- C:\Windows\System32\netlogon.dll
[2010.11.20 14:20:28 | 000,563,712 | ---- | M] (Microsoft Corporation) MD5=C1809B9907ADEDAF16F50C894100883B -- C:\Windows\winsxs\x86_microsoft-windows-security-netlogon_31bf3856ad364e35_6.1.7601.17514_none_ffbf212e963c0162\netlogon.dll
[2009.07.14 03:16:02 | 000,563,712 | ---- | M] (Microsoft Corporation) MD5=EAA75D9000B71F10EEC04D2AE6C60E81 -- C:\Windows\winsxs\x86_microsoft-windows-security-netlogon_31bf3856ad364e35_6.1.7600.16385_none_fd8e0d66994d7dc8\netlogon.dll
 
< MD5 for: NVSTOR.SYS  >
[2011.03.11 07:39:00 | 000,143,744 | ---- | M] (NVIDIA Corporation) MD5=4380E59A170D88C4F1022EFF6719A8A4 -- C:\Windows\System32\drivers\nvstor.sys
[2011.03.11 07:39:00 | 000,143,744 | ---- | M] (NVIDIA Corporation) MD5=4380E59A170D88C4F1022EFF6719A8A4 -- C:\Windows\System32\DriverStore\FileRepository\nvraid.inf_x86_neutral_0276fc3b3ea60d41\nvstor.sys
[2011.03.11 07:39:00 | 000,143,744 | ---- | M] (NVIDIA Corporation) MD5=4380E59A170D88C4F1022EFF6719A8A4 -- C:\Windows\winsxs\x86_nvraid.inf_31bf3856ad364e35_6.1.7601.17577_none_3ba44e691d6eb11d\nvstor.sys
[2011.03.11 07:44:01 | 000,143,744 | ---- | M] (NVIDIA Corporation) MD5=4520B63899E867F354EE012D34E11536 -- C:\Windows\winsxs\x86_nvraid.inf_31bf3856ad364e35_6.1.7600.16778_none_39bef1ad20475e88\nvstor.sys
[2011.03.11 07:28:10 | 000,143,744 | ---- | M] (NVIDIA Corporation) MD5=66D468654A58594F5F3BA63D5AD5B1AF -- C:\Windows\winsxs\x86_nvraid.inf_31bf3856ad364e35_6.1.7601.21680_none_3c1c1942369abb77\nvstor.sys
[2011.03.11 07:52:25 | 000,143,744 | ---- | M] (NVIDIA Corporation) MD5=8A7583A3B58D3EEB28BB26626526BC91 -- C:\Windows\winsxs\x86_nvraid.inf_31bf3856ad364e35_6.1.7600.20921_none_3a779df43942be63\nvstor.sys
[2010.11.20 14:30:06 | 000,143,744 | ---- | M] (NVIDIA Corporation) MD5=9283C58EBAA2618F93482EB5DABCEC82 -- C:\Windows\System32\DriverStore\FileRepository\nvraid.inf_x86_neutral_dd659ed032d28a14\nvstor.sys
[2010.11.20 14:30:06 | 000,143,744 | ---- | M] (NVIDIA Corporation) MD5=9283C58EBAA2618F93482EB5DABCEC82 -- C:\Windows\winsxs\x86_nvraid.inf_31bf3856ad364e35_6.1.7601.17514_none_3be22d131d40bd72\nvstor.sys
[2009.07.14 03:20:44 | 000,142,416 | ---- | M] (NVIDIA Corporation) MD5=C99F251A5DE63C6F129CF71933ACED0F -- C:\Windows\winsxs\x86_nvraid.inf_31bf3856ad364e35_6.1.7600.16385_none_39b1194b205239d8\nvstor.sys
 
< MD5 for: SCECLI.DLL  >
[2009.07.14 03:16:13 | 000,175,616 | ---- | M] (Microsoft Corporation) MD5=26073302DAEA83CC5B944C546D6B47D2 -- C:\Windows\winsxs\x86_microsoft-windows-s..urationengineclient_31bf3856ad364e35_6.1.7600.16385_none_37e4387f3a6f0483\scecli.dll
[2010.11.20 14:21:04 | 000,175,616 | ---- | M] (Microsoft Corporation) MD5=8124944EC89D6A1815E4E53F5B96AAF4 -- C:\Windows\System32\scecli.dll
[2010.11.20 14:21:04 | 000,175,616 | ---- | M] (Microsoft Corporation) MD5=8124944EC89D6A1815E4E53F5B96AAF4 -- C:\Windows\winsxs\x86_microsoft-windows-s..urationengineclient_31bf3856ad364e35_6.1.7601.17514_none_3a154c47375d881d\scecli.dll
 
< MD5 for: USER32.DLL  >
[2009.07.14 03:16:17 | 000,811,520 | ---- | M] (Microsoft Corporation) MD5=34B7E222E81FAFA885F0C5F2CFA56861 -- C:\Windows\winsxs\x86_microsoft-windows-user32_31bf3856ad364e35_6.1.7600.16385_none_cd0ec264ceb014a3\user32.dll
[2010.11.20 14:21:33 | 000,811,520 | ---- | M] (Microsoft Corporation) MD5=F1DD3ACAEE5E6B4BBC69BC6DF75CEF66 -- C:\Windows\System32\user32.dll
[2010.11.20 14:21:33 | 000,811,520 | ---- | M] (Microsoft Corporation) MD5=F1DD3ACAEE5E6B4BBC69BC6DF75CEF66 -- C:\Windows\winsxs\x86_microsoft-windows-user32_31bf3856ad364e35_6.1.7601.17514_none_cf3fd62ccb9e983d\user32.dll
 
< MD5 for: USERINIT.EXE  >
[2010.11.20 14:17:48 | 000,026,624 | ---- | M] (Microsoft Corporation) MD5=61AC3EFDFACFDD3F0F11DD4FD4044223 -- C:\Windows\System32\userinit.exe
[2010.11.20 14:17:48 | 000,026,624 | ---- | M] (Microsoft Corporation) MD5=61AC3EFDFACFDD3F0F11DD4FD4044223 -- C:\Windows\winsxs\x86_microsoft-windows-userinit_31bf3856ad364e35_6.1.7601.17514_none_de3024012ff21116\userinit.exe
[2009.07.14 03:14:43 | 000,026,112 | ---- | M] (Microsoft Corporation) MD5=6DE80F60D7DE9CE6B8C2DDFDF79EF175 -- C:\Windows\winsxs\x86_microsoft-windows-userinit_31bf3856ad364e35_6.1.7600.16385_none_dbff103933038d7c\userinit.exe
 
< MD5 for: WININIT.EXE  >
[2009.07.14 03:14:45 | 000,096,256 | ---- | M] (Microsoft Corporation) MD5=B5C5DCAD3899512020D135600129D665 -- C:\Windows\System32\wininit.exe
[2009.07.14 03:14:45 | 000,096,256 | ---- | M] (Microsoft Corporation) MD5=B5C5DCAD3899512020D135600129D665 -- C:\Windows\winsxs\x86_microsoft-windows-wininit_31bf3856ad364e35_6.1.7600.16385_none_30c90ef265a43c13\wininit.exe
 
< MD5 for: WINLOGON.EXE  >
[2012.04.04 15:56:38 | 000,199,240 | ---- | M] () MD5=097D0E812D7A9A3101CE46CB2BE0474D -- C:\Program Files\Malwarebytes' Anti-Malware\Chameleon\winlogon.exe
[2009.10.28 08:17:59 | 000,285,696 | ---- | M] (Microsoft Corporation) MD5=37CDB7E72EB66BA85A87CBE37E7F03FD -- C:\Windows\winsxs\x86_microsoft-windows-winlogon_31bf3856ad364e35_6.1.7600.16447_none_6fc699643622d177\winlogon.exe
[2009.10.28 07:52:08 | 000,285,696 | ---- | M] (Microsoft Corporation) MD5=3BABE6767C78FBF5FB8435FEED187F30 -- C:\Windows\winsxs\x86_microsoft-windows-winlogon_31bf3856ad364e35_6.1.7600.20560_none_703394514f56f7c2\winlogon.exe
[2010.11.20 14:17:54 | 000,286,720 | ---- | M] (Microsoft Corporation) MD5=6D13E1406F50C66E2A95D97F22C47560 -- C:\Windows\System32\winlogon.exe
[2010.11.20 14:17:54 | 000,286,720 | ---- | M] (Microsoft Corporation) MD5=6D13E1406F50C66E2A95D97F22C47560 -- C:\Windows\winsxs\x86_microsoft-windows-winlogon_31bf3856ad364e35_6.1.7601.17514_none_71ca6b0233339500\winlogon.exe
[2009.07.14 03:14:45 | 000,285,696 | ---- | M] (Microsoft Corporation) MD5=8EC6A4AB12B8F3759E21F8E3A388F2CF -- C:\Windows\winsxs\x86_microsoft-windows-winlogon_31bf3856ad364e35_6.1.7600.16385_none_6f99573a36451166\winlogon.exe
 
< MD5 for: WS2IFSL.SYS  >
[2009.07.14 01:55:02 | 000,016,384 | ---- | M] (Microsoft Corporation) MD5=6DB3276587B853BF886B69528FDB048C -- C:\Windows\System32\drivers\ws2ifsl.sys
[2009.07.14 01:55:02 | 000,016,384 | ---- | M] (Microsoft Corporation) MD5=6DB3276587B853BF886B69528FDB048C -- C:\Windows\winsxs\x86_microsoft-windows-w..rastructure-ws2ifsl_31bf3856ad364e35_6.1.7600.16385_none_4f5cf6f829213bb2\ws2ifsl.sys
 
< %systemroot%\system32\drivers\*.sys /lockedfiles >
 
< %systemroot%\System32\config\*.sav >
 
< %systemroot%\*. /mp /s >
 
< %systemroot%\system32\*.dll /lockedfiles >
 
========== Files - Unicode (All) ==========
[2011.10.17 16:59:26 | 000,000,059 | ---- | M] ()(C:\windows\System32\?A) -- C:\windows\System32\Ǎ
[2011.10.17 16:59:26 | 000,000,059 | ---- | C] ()(C:\windows\System32\?A) -- C:\windows\System32\Ǎ

< End of report >

--- --- ---

cosinus · 13.04.2012, 10:53

Mach einen OTL-Fix, beende alle evtl. geöffneten Programme, auch Virenscanner deaktivieren (!), starte OTL und kopiere folgenden Text in die "Custom Scan/Fixes" Box (unten in OTL): (das ":OTL" muss mitkopiert werden!!!)

Code:

ATTFilter

:OTL
O2 - BHO: (Bing Bar Helper) - {d2ce3e00-f94a-4740-988e-03dc2f38c34f} - C:\Program Files\Microsoft\BingBar\BingExt.dll (Microsoft Corporation.)
O3 - HKLM\..\Toolbar: (Bing Bar) - {8dcb7100-df86-4384-8842-8fa844297b3f} - C:\Program Files\Microsoft\BingBar\BingExt.dll (Microsoft Corporation.)
O3 - HKLM\..\Toolbar: (no name) - Locked - No CLSID value found.
O3 - HKU\S-1-5-21-172706901-155862144-3271113608-1000\..\Toolbar\WebBrowser: (no name) - {21FA44EF-376D-4D53-9B0F-8A89D3229068} - No CLSID value found.
O4 - HKU\S-1-5-21-172706901-155862144-3271113608-1000..\Run: [Facebook Update] C:\Users\Alina\AppData\Local\Facebook\Update\FacebookUpdate.exe (Facebook Inc.)
O4 - HKU\S-1-5-21-172706901-155862144-3271113608-1000..\Run: [msnmsgr] "C:\Program Files\Windows Live\Messenger\msnmsgr.exe" /background File not found
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2009.06.10 23:42:20 | 000,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ]
O33 - MountPoints2\{d105af45-4f64-11e1-861a-74f06db258d4}\Shell - "" = AutoRun
O33 - MountPoints2\{d105af45-4f64-11e1-861a-74f06db258d4}\Shell\AutoRun\command - "" = E:\zdata\cobi.exe
:Commands
[purity]
[emptytemp]
[emptyflash]
[resethosts]

Klick dann oben links auf den Button Fix!
Das Logfile müsste geöffnet werden, wenn Du nach dem Fixen auf ok klickst, poste das bitte. Evtl. wird der Rechner neu gestartet.

Die mit diesem Script gefixten Einträge, Dateien und Ordner werden zur Sicherheit nicht vollständig gelöscht, es wird eine Sicherheitskopie auf der Systempartition im Ordner "_OTL" erstellt.

Hinweis: Das obige Script ist nur für diesen einen User in dieser Situtation erstellt worden. Es ist auf keinen anderen Rechner portierbar und darf nicht anderweitig verwandt werden, da es das System nachhaltig schädigen kann!

Eustace · 13.04.2012, 11:21

Virenscanner habe ich deaktiviert aber Firewall (wie beim ESET) muss ich nicht deaktivieren oder??
Und soll ich wieder auf "als Administrator ausführen klicken (wegen Win7)??

Dankeschön

Habs jetzt gemacht (mit Firewall, da ich denke, dass es da keinen EInfluss drauf hat und hab's so ausgeführt wie immer also mit Rechtsklick etc.)

Das kam dabei heraus
Ist alles wieder in Ordnung? Was genau hat das Programm jetzt gemacht? Kannst Du mir auch sagen wo das Problem war und wie ich es in Zukunft verhindern kann? Tausend Dank für Deine bisherige Hilfe!!!

Code:

ATTFilter

 All processes killed
========== OTL ==========
Registry key HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{d2ce3e00-f94a-4740-988e-03dc2f38c34f}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{d2ce3e00-f94a-4740-988e-03dc2f38c34f}\ deleted successfully.
C:\Program Files\Microsoft\BingBar\BingExt.dll moved successfully.
Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Toolbar\\{8dcb7100-df86-4384-8842-8fa844297b3f} deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{8dcb7100-df86-4384-8842-8fa844297b3f}\ deleted successfully.
File C:\Program Files\Microsoft\BingBar\BingExt.dll not found.
Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Toolbar\\Locked deleted successfully.
Registry value HKEY_USERS\S-1-5-21-172706901-155862144-3271113608-1000\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\\{21FA44EF-376D-4D53-9B0F-8A89D3229068} deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{21FA44EF-376D-4D53-9B0F-8A89D3229068}\ not found.
Registry value HKEY_USERS\S-1-5-21-172706901-155862144-3271113608-1000\Software\Microsoft\Windows\CurrentVersion\Run\\Facebook Update deleted successfully.
C:\Users\Alina\AppData\Local\Facebook\Update\FacebookUpdate.exe moved successfully.
Registry value HKEY_USERS\S-1-5-21-172706901-155862144-3271113608-1000\Software\Microsoft\Windows\CurrentVersion\Run\\msnmsgr deleted successfully.
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Cdrom\\AutoRun|DWORD:1 /E : value set successfully!
C:\autoexec.bat moved successfully.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{d105af45-4f64-11e1-861a-74f06db258d4}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{d105af45-4f64-11e1-861a-74f06db258d4}\ not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{d105af45-4f64-11e1-861a-74f06db258d4}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{d105af45-4f64-11e1-861a-74f06db258d4}\ not found.
File E:\zdata\cobi.exe not found.
========== COMMANDS ==========
 
[EMPTYTEMP]
 
User: Alina
->Temp folder emptied: 341675682 bytes
->Temporary Internet Files folder emptied: 237119474 bytes
->Java cache emptied: 309534 bytes
->FireFox cache emptied: 1009369267 bytes
->Flash cache emptied: 3882072 bytes
 
User: All Users
 
User: Default
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 33170 bytes
->Flash cache emptied: 321 bytes
 
User: Default User
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
->Flash cache emptied: 0 bytes
 
User: Public
 
%systemdrive% .tmp files removed: 0 bytes
%systemroot% .tmp files removed: 0 bytes
%systemroot%\System32 .tmp files removed: 0 bytes
%systemroot%\System32\drivers .tmp files removed: 0 bytes
Windows Temp folder emptied: 371999624 bytes
RecycleBin emptied: 21571817 bytes
 
Total Files Cleaned = 1.894,00 mb
 
 
[EMPTYFLASH]
 
User: Alina
->Flash cache emptied: 0 bytes
 
User: All Users
 
User: Default
->Flash cache emptied: 0 bytes
 
User: Default User
->Flash cache emptied: 0 bytes
 
User: Public
 
Total Flash Files Cleaned = 0,00 mb
 
C:\windows\System32\drivers\etc\Hosts moved successfully.
HOSTS file reset successfully
 
OTL by OldTimer - Version 3.2.39.2 log created on 04132012_125855

Files\Folders moved on Reboot...
C:\windows\temp\HS.log moved successfully.

Registry entries deleted on Reboot...

cosinus · 13.04.2012, 15:29

Bitte nun (im normalen Windows-Modus) dieses Tool von Kaspersky (TDSS-Killer) ausführen und das Log posten, Anleitung und Downloadlink hier => http://www.trojaner-board.de/82358-t...entfernen.html

Hinweis: Bitte den Virenscanner abstellen bevor du den TDSS-Killer ausführst, denn v.a. Avira meldet im TDSS-Tool oft einen Fehalalrm!

Das Tool so einstellen wie unten im Bild angegeben - klick auf change parameters und setze die Haken wie im folgenden Screenshot abgebildet,
Dann auf Start Scan klicken und wenn es durch ist auf den Button Report klicken um das Log anzuzeigen. Dieses bitte komplett posten.
Wenn du das Log nicht findest oder den Inhalt kopieren und in dein Posting übertragen kannst, dann schau bitte direkt auf deiner Windows-Systempartition (meistens Laufwerk C

nach, da speichert der TDSS-Killer seine Logs.

Hinweis: Bitte nichts voreilig mit dem TDSS-Killer löschen! Falls Objekte vom TDSS-Killer bemängelt werden, alle mit der Aktion "skip" behandeln und hier nur das Log posten!

Eustace · 13.04.2012, 18:25

Also ich habe jetzt nichts gelöscht

Code:

ATTFilter

 19:17:30.0754 5592	TDSS rootkit removing tool 2.7.28.0 Apr 10 2012 16:54:05
19:17:30.0910 5592	============================================================
19:17:30.0910 5592	Current date / time: 2012/04/13 19:17:30.0910
19:17:30.0910 5592	SystemInfo:
19:17:30.0910 5592	
19:17:30.0910 5592	OS Version: 6.1.7601 ServicePack: 1.0
19:17:30.0910 5592	Product type: Workstation
19:17:30.0910 5592	ComputerName: ALINA-PC
19:17:30.0910 5592	UserName: Alina
19:17:30.0910 5592	Windows directory: C:\windows
19:17:30.0910 5592	System windows directory: C:\windows
19:17:30.0910 5592	Processor architecture: Intel x86
19:17:30.0910 5592	Number of processors: 4
19:17:30.0910 5592	Page size: 0x1000
19:17:30.0910 5592	Boot type: Normal boot
19:17:30.0910 5592	============================================================
19:17:31.0877 5592	Drive \Device\Harddisk0\DR0 - Size: 0x3A38B2E000 (232.89 Gb), SectorSize: 0x200, Cylinders: 0x76C1, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000050
19:17:31.0892 5592	\Device\Harddisk0\DR0:
19:17:31.0892 5592	MBR used
19:17:31.0892 5592	\Device\Harddisk0\DR0\Partition0: MBR, Type 0x7, StartLBA 0x800, BlocksNum 0xC800000
19:17:31.0892 5592	\Device\Harddisk0\DR0\Partition1: MBR, Type 0x7, StartLBA 0xE600800, BlocksNum 0xEBBB000
19:17:31.0970 5592	Initialize success
19:17:31.0970 5592	============================================================
19:17:39.0740 5640	============================================================
19:17:39.0740 5640	Scan started
19:17:39.0740 5640	Mode: Manual; SigCheck; TDLFS; 
19:17:39.0740 5640	============================================================
19:17:41.0612 5640	1394ohci        (1b133875b8aa8ac48969bd3458afe9f5) C:\windows\system32\drivers\1394ohci.sys
19:17:41.0924 5640	1394ohci - ok
19:17:42.0080 5640	ACPI            (cea80c80bed809aa0da6febc04733349) C:\windows\system32\drivers\ACPI.sys
19:17:42.0174 5640	ACPI - ok
19:17:42.0252 5640	AcpiPmi         (1efbc664abff416d1d07db115dcb264f) C:\windows\system32\drivers\acpipmi.sys
19:17:42.0345 5640	AcpiPmi - ok
19:17:42.0486 5640	adp94xx         (21e785ebd7dc90a06391141aac7892fb) C:\windows\system32\DRIVERS\adp94xx.sys
19:17:42.0579 5640	adp94xx - ok
19:17:42.0720 5640	adpahci         (0c676bc278d5b59ff5abd57bbe9123f2) C:\windows\system32\DRIVERS\adpahci.sys
19:17:42.0767 5640	adpahci - ok
19:17:42.0813 5640	adpu320         (7c7b5ee4b7b822ec85321fe23a27db33) C:\windows\system32\DRIVERS\adpu320.sys
19:17:42.0860 5640	adpu320 - ok
19:17:42.0923 5640	AeLookupSvc     (8b5eefeec1e6d1a72a06c526628ad161) C:\windows\System32\aelupsvc.dll
19:17:43.0001 5640	AeLookupSvc - ok
19:17:43.0079 5640	AFD             (9ebbba55060f786f0fcaa3893bfa2806) C:\windows\system32\drivers\afd.sys
19:17:43.0172 5640	AFD - ok
19:17:43.0250 5640	agp440          (507812c3054c21cef746b6ee3d04dd6e) C:\windows\system32\drivers\agp440.sys
19:17:43.0297 5640	agp440 - ok
19:17:43.0375 5640	aic78xx         (8b30250d573a8f6b4bd23195160d8707) C:\windows\system32\DRIVERS\djsvs.sys
19:17:43.0422 5640	aic78xx - ok
19:17:43.0500 5640	ALG             (18a54e132947cd98fea9accc57f98f13) C:\windows\System32\alg.exe
19:17:43.0578 5640	ALG - ok
19:17:43.0640 5640	aliide          (0d40bcf52ea90fc7df2aeab6503dea44) C:\windows\system32\drivers\aliide.sys
19:17:43.0687 5640	aliide - ok
19:17:43.0718 5640	amdagp          (3c6600a0696e90a463771c7422e23ab5) C:\windows\system32\drivers\amdagp.sys
19:17:43.0765 5640	amdagp - ok
19:17:43.0812 5640	amdide          (cd5914170297126b6266860198d1d4f0) C:\windows\system32\drivers\amdide.sys
19:17:43.0843 5640	amdide - ok
19:17:43.0937 5640	AmdK8           (00dda200d71bac534bf56a9db5dfd666) C:\windows\system32\DRIVERS\amdk8.sys
19:17:44.0030 5640	AmdK8 - ok
19:17:44.0108 5640	AmdPPM          (3cbf30f5370fda40dd3e87df38ea53b6) C:\windows\system32\DRIVERS\amdppm.sys
19:17:44.0171 5640	AmdPPM - ok
19:17:44.0249 5640	amdsata         (d320bf87125326f996d4904fe24300fc) C:\windows\system32\drivers\amdsata.sys
19:17:44.0295 5640	amdsata - ok
19:17:44.0373 5640	amdsbs          (ea43af0c423ff267355f74e7a53bdaba) C:\windows\system32\DRIVERS\amdsbs.sys
19:17:44.0420 5640	amdsbs - ok
19:17:44.0514 5640	amdxata         (46387fb17b086d16dea267d5be23a2f2) C:\windows\system32\drivers\amdxata.sys
19:17:44.0561 5640	amdxata - ok
19:17:44.0670 5640	AntiVirSchedulerService (a122d68ea2541453f787f341877cb40b) C:\Program Files\Avira\AntiVir Desktop\sched.exe
19:17:44.0701 5640	AntiVirSchedulerService - ok
19:17:44.0763 5640	AntiVirService  (2fe359edeb34efcf42574752f8aebd3f) C:\Program Files\Avira\AntiVir Desktop\avguard.exe
19:17:44.0795 5640	AntiVirService - ok
19:17:44.0919 5640	AppID           (aea177f783e20150ace5383ee368da19) C:\windows\system32\drivers\appid.sys
19:17:45.0091 5640	AppID - ok
19:17:45.0169 5640	AppIDSvc        (62a9c86cb6085e20db4823e4e97826f5) C:\windows\System32\appidsvc.dll
19:17:45.0294 5640	AppIDSvc - ok
19:17:45.0341 5640	Appinfo         (fb1959012294d6ad43e5304df65e3c26) C:\windows\System32\appinfo.dll
19:17:45.0465 5640	Appinfo - ok
19:17:45.0559 5640	Apple Mobile Device (3debbecf665dcdde3a95d9b902010817) C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
19:17:45.0590 5640	Apple Mobile Device - ok
19:17:45.0699 5640	arc             (2932004f49677bd84dbc72edb754ffb3) C:\windows\system32\DRIVERS\arc.sys
19:17:45.0731 5640	arc - ok
19:17:45.0762 5640	arcsas          (5d6f36c46fd283ae1b57bd2e9feb0bc7) C:\windows\system32\DRIVERS\arcsas.sys
19:17:45.0793 5640	arcsas - ok
19:17:45.0855 5640	AsUpIO          (561d6b76c045311691b870f6b3f19eab) C:\windows\system32\drivers\AsUpIO.sys
19:17:45.0933 5640	AsUpIO - ok
19:17:45.0980 5640	AsusService     (c4fb2613d3c75364bb159b9c23a00e7a) C:\Windows\System32\AsusService.exe
19:17:46.0011 5640	AsusService ( UnsignedFile.Multi.Generic ) - warning
19:17:46.0011 5640	AsusService - detected UnsignedFile.Multi.Generic (1)
19:17:46.0074 5640	AsyncMac        (add2ade1c2b285ab8378d2daaf991481) C:\windows\system32\DRIVERS\asyncmac.sys
19:17:46.0230 5640	AsyncMac - ok
19:17:46.0339 5640	atapi           (338c86357871c167a96ab976519bf59e) C:\windows\system32\drivers\atapi.sys
19:17:46.0386 5640	atapi - ok
19:17:46.0464 5640	athr            (b01751cc563aecac09bbe36aaa21fbef) C:\windows\system32\DRIVERS\athr.sys
19:17:46.0604 5640	athr - ok
19:17:46.0729 5640	AudioEndpointBuilder (ce3b4e731638d2ef62fcb419be0d39f0) C:\windows\System32\Audiosrv.dll
19:17:46.0916 5640	AudioEndpointBuilder - ok
19:17:46.0947 5640	Audiosrv        (ce3b4e731638d2ef62fcb419be0d39f0) C:\windows\System32\Audiosrv.dll
19:17:47.0119 5640	Audiosrv - ok
19:17:47.0228 5640	avgntflt        (7713e4eb0276702faa08e52a6e23f2a6) C:\windows\system32\DRIVERS\avgntflt.sys
19:17:47.0275 5640	avgntflt - ok
19:17:47.0322 5640	avipbb          (13b02b9b969dde270cd7c351203dad3c) C:\windows\system32\DRIVERS\avipbb.sys
19:17:47.0369 5640	avipbb - ok
19:17:47.0384 5640	avkmgr          (271cfd1a989209b1964e24d969552bf7) C:\windows\system32\DRIVERS\avkmgr.sys
19:17:47.0431 5640	avkmgr - ok
19:17:47.0478 5640	AxInstSV        (6e30d02aac9cac84f421622e3a2f6178) C:\windows\System32\AxInstSV.dll
19:17:47.0587 5640	AxInstSV - ok
19:17:47.0649 5640	b06bdrv         (1a231abec60fd316ec54c66715543cec) C:\windows\system32\DRIVERS\bxvbdx.sys
19:17:47.0712 5640	b06bdrv - ok
19:17:47.0805 5640	b57nd60x        (bd8869eb9cde6bbe4508d869929869ee) C:\windows\system32\DRIVERS\b57nd60x.sys
19:17:47.0868 5640	b57nd60x - ok
19:17:48.0008 5640	BBSvc           (0d1ea7509f394d8b705b239ee71f5118) C:\Program Files\Microsoft\BingBar\BBSvc.EXE
19:17:48.0071 5640	BBSvc - ok
19:17:48.0149 5640	BDESVC          (ee1e9c3bb8228ae423dd38db69128e71) C:\windows\System32\bdesvc.dll
19:17:48.0258 5640	BDESVC - ok
19:17:48.0367 5640	Beep            (505506526a9d467307b3c393dedaf858) C:\windows\system32\drivers\Beep.sys
19:17:48.0461 5640	Beep - ok
19:17:48.0539 5640	BFE             (1e2bac209d184bb851e1a187d8a29136) C:\windows\System32\bfe.dll
19:17:48.0679 5640	BFE - ok
19:17:48.0788 5640	BITS            (e585445d5021971fae10393f0f1c3961) C:\windows\System32\qmgr.dll
19:17:48.0960 5640	BITS - ok
19:17:49.0022 5640	blbdrive        (2287078ed48fcfc477b05b20cf38f36f) C:\windows\system32\DRIVERS\blbdrive.sys
19:17:49.0085 5640	blbdrive - ok
19:17:49.0163 5640	Bonjour Service (db5bea73edaf19ac68b2c0fad0f92b1a) C:\Program Files\Bonjour\mDNSResponder.exe
19:17:49.0225 5640	Bonjour Service - ok
19:17:49.0350 5640	bowser          (8f2da3028d5fcbd1a060a3de64cd6506) C:\windows\system32\DRIVERS\bowser.sys
19:17:49.0412 5640	bowser - ok
19:17:49.0443 5640	BrFiltLo        (9f9acc7f7ccde8a15c282d3f88b43309) C:\windows\system32\DRIVERS\BrFiltLo.sys
19:17:49.0537 5640	BrFiltLo - ok
19:17:49.0584 5640	BrFiltUp        (56801ad62213a41f6497f96dee83755a) C:\windows\system32\DRIVERS\BrFiltUp.sys
19:17:49.0677 5640	BrFiltUp - ok
19:17:49.0771 5640	Browser         (6e11f33d14d020f58d5e02e4d67dfa19) C:\windows\System32\browser.dll
19:17:49.0896 5640	Browser - ok
19:17:49.0974 5640	Brserid         (845b8ce732e67f3b4133164868c666ea) C:\windows\System32\Drivers\Brserid.sys
19:17:50.0036 5640	Brserid - ok
19:17:50.0052 5640	BrSerWdm        (203f0b1e73adadbbb7b7b1fabd901f6b) C:\windows\System32\Drivers\BrSerWdm.sys
19:17:50.0145 5640	BrSerWdm - ok
19:17:50.0161 5640	BrUsbMdm        (bd456606156ba17e60a04e18016ae54b) C:\windows\System32\Drivers\BrUsbMdm.sys
19:17:50.0208 5640	BrUsbMdm - ok
19:17:50.0239 5640	BrUsbSer        (af72ed54503f717a43268b3cc5faec2e) C:\windows\System32\Drivers\BrUsbSer.sys
19:17:50.0333 5640	BrUsbSer - ok
19:17:50.0457 5640	BthEnum         (2865a5c8e98c70c605f417908cebb3a4) C:\windows\system32\drivers\BthEnum.sys
19:17:50.0551 5640	BthEnum - ok
19:17:50.0613 5640	BTHMODEM        (ed3df7c56ce0084eb2034432fc56565a) C:\windows\system32\DRIVERS\bthmodem.sys
19:17:50.0676 5640	BTHMODEM - ok
19:17:50.0785 5640	BthPan          (ad1872e5829e8a2c3b5b4b641c3eab0e) C:\windows\system32\DRIVERS\bthpan.sys
19:17:50.0847 5640	BthPan - ok
19:17:51.0003 5640	BTHPORT         (c2fbf6d271d9a94d839c416bf186ead9) C:\windows\System32\Drivers\BTHport.sys
19:17:51.0081 5640	BTHPORT - ok
19:17:51.0206 5640	bthserv         (1df19c96eef6c29d1c3e1a8678e07190) C:\windows\system32\bthserv.dll
19:17:51.0331 5640	bthserv - ok
19:17:51.0409 5640	BTHUSB          (c81e9413a25a439f436b1d4b6a0cf9e9) C:\windows\System32\Drivers\BTHUSB.sys
19:17:51.0456 5640	BTHUSB - ok
19:17:51.0565 5640	btusbflt        (92c5b845803f3662637eb691ac0b250f) C:\windows\system32\drivers\btusbflt.sys
19:17:51.0596 5640	btusbflt - ok
19:17:51.0705 5640	btwaudio        (d57d29132efe13a83133d9bd449e0cf1) C:\windows\system32\drivers\btwaudio.sys
19:17:51.0737 5640	btwaudio - ok
19:17:51.0783 5640	btwavdt         (d282c14a69357d0e1bafaecc2ca98c3a) C:\windows\system32\drivers\btwavdt.sys
19:17:51.0815 5640	btwavdt - ok
19:17:51.0924 5640	btwdins         (13f2e3bf60fc1eb4e02912582c0b1e3e) C:\Program Files\WIDCOMM\Bluetooth Software\btwdins.exe
19:17:52.0033 5640	btwdins - ok
19:17:52.0142 5640	btwl2cap        (aafd7cb76ba61fbb08e302da208c974a) C:\windows\system32\DRIVERS\btwl2cap.sys
19:17:52.0158 5640	btwl2cap - ok
19:17:52.0220 5640	btwrchid        (02eb4d2b05967df2d32f29c84ab1fb17) C:\windows\system32\DRIVERS\btwrchid.sys
19:17:52.0251 5640	btwrchid - ok
19:17:52.0314 5640	cdfs            (77ea11b065e0a8ab902d78145ca51e10) C:\windows\system32\DRIVERS\cdfs.sys
19:17:52.0439 5640	cdfs - ok
19:17:52.0532 5640	cdrom           (be167ed0fdb9c1fa1133953c18d5a6c9) C:\windows\system32\DRIVERS\cdrom.sys
19:17:52.0626 5640	cdrom - ok
19:17:52.0704 5640	CertPropSvc     (319c6b309773d063541d01df8ac6f55f) C:\windows\System32\certprop.dll
19:17:52.0829 5640	CertPropSvc - ok
19:17:52.0891 5640	circlass        (3fe3fe94a34df6fb06e6418d0f6a0060) C:\windows\system32\DRIVERS\circlass.sys
19:17:52.0969 5640	circlass - ok
19:17:53.0000 5640	CLFS            (635181e0e9bbf16871bf5380d71db02d) C:\windows\system32\CLFS.sys
19:17:53.0078 5640	CLFS - ok
19:17:53.0156 5640	clr_optimization_v2.0.50727_32 (d88040f816fda31c3b466f0fa0918f29) C:\windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe
19:17:53.0203 5640	clr_optimization_v2.0.50727_32 - ok
19:17:53.0297 5640	clr_optimization_v4.0.30319_32 (c5a75eb48e2344abdc162bda79e16841) C:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe
19:17:53.0359 5640	clr_optimization_v4.0.30319_32 - ok
19:17:53.0453 5640	CmBatt          (dea805815e587dad1dd2c502220b5616) C:\windows\system32\DRIVERS\CmBatt.sys
19:17:53.0546 5640	CmBatt - ok
19:17:53.0577 5640	cmdide          (c537b1db64d495b9b4717b4d6d9edbf2) C:\windows\system32\drivers\cmdide.sys
19:17:53.0640 5640	cmdide - ok
19:17:53.0687 5640	CNG             (6427525d76f61d0c519b008d3680e8e7) C:\windows\system32\Drivers\cng.sys
19:17:53.0811 5640	CNG - ok
19:17:53.0858 5640	Compbatt        (a6023d3823c37043986713f118a89bee) C:\windows\system32\DRIVERS\compbatt.sys
19:17:53.0905 5640	Compbatt - ok
19:17:54.0030 5640	CompositeBus    (cbe8c58a8579cfe5fccf809e6f114e89) C:\windows\system32\drivers\CompositeBus.sys
19:17:54.0092 5640	CompositeBus - ok
19:17:54.0108 5640	COMSysApp - ok
19:17:54.0170 5640	crcdisk         (2c4ebcfc84a9b44f209dff6c6e6c61d1) C:\windows\system32\DRIVERS\crcdisk.sys
19:17:54.0217 5640	crcdisk - ok
19:17:54.0279 5640	CryptSvc        (a585bebf7d054bd9618eda0922d5484a) C:\windows\system32\cryptsvc.dll
19:17:54.0404 5640	CryptSvc - ok
19:17:54.0529 5640	cvhsvc          (72794d112cbaff3bc0c29bf7350d4741) C:\Program Files\Common Files\Microsoft Shared\Virtualization Handler\CVHSVC.EXE
19:17:54.0638 5640	cvhsvc - ok
19:17:54.0747 5640	DcomLaunch      (7660f01d3b38aca1747e397d21d790af) C:\windows\system32\rpcss.dll
19:17:54.0919 5640	DcomLaunch - ok
19:17:54.0997 5640	defragsvc       (8d6e10a2d9a5eed59562d9b82cf804e1) C:\windows\System32\defragsvc.dll
19:17:55.0122 5640	defragsvc - ok
19:17:55.0231 5640	DfsC            (f024449c97ec1e464aaffda18593db88) C:\windows\system32\Drivers\dfsc.sys
19:17:55.0325 5640	DfsC - ok
19:17:55.0387 5640	Dhcp            (e9e01eb683c132f7fa27cd607b8a2b63) C:\windows\system32\dhcpcore.dll
19:17:55.0527 5640	Dhcp - ok
19:17:55.0621 5640	discache        (1a050b0274bfb3890703d490f330c0da) C:\windows\system32\drivers\discache.sys
19:17:55.0746 5640	discache - ok
19:17:55.0793 5640	Disk            (565003f326f99802e68ca78f2a68e9ff) C:\windows\system32\DRIVERS\disk.sys
19:17:55.0855 5640	Disk - ok
19:17:55.0902 5640	Dnscache        (33ef4861f19a0736b11314aad9ae28d0) C:\windows\System32\dnsrslvr.dll
19:17:55.0995 5640	Dnscache - ok
19:17:56.0058 5640	dot3svc         (366ba8fb4b7bb7435e3b9eacb3843f67) C:\windows\System32\dot3svc.dll
19:17:56.0183 5640	dot3svc - ok
19:17:56.0229 5640	DPS             (8ec04ca86f1d68da9e11952eb85973d6) C:\windows\system32\dps.dll
19:17:56.0354 5640	DPS - ok
19:17:56.0479 5640	drmkaud         (b918e7c5f9bf77202f89e1a9539f2eb4) C:\windows\system32\drivers\drmkaud.sys
19:17:56.0557 5640	drmkaud - ok
19:17:56.0760 5640	DXGKrnl         (23f5d28378a160352ba8f817bd8c71cb) C:\windows\System32\drivers\dxgkrnl.sys
19:17:56.0885 5640	DXGKrnl - ok
19:17:56.0994 5640	EapHost         (8600142fa91c1b96367d3300ad0f3f3a) C:\windows\System32\eapsvc.dll
19:17:57.0197 5640	EapHost - ok
19:17:57.0399 5640	ebdrv           (024e1b5cac09731e4d868e64dbfb4ab0) C:\windows\system32\DRIVERS\evbdx.sys
19:17:57.0743 5640	ebdrv - ok
19:17:57.0789 5640	EFS             (81951f51e318aecc2d68559e47485cc4) C:\windows\System32\lsass.exe
19:17:57.0883 5640	EFS - ok
19:17:58.0008 5640	elxstor         (0ed67910c8c326796faa00b2bf6d9d3c) C:\windows\system32\DRIVERS\elxstor.sys
19:17:58.0070 5640	elxstor - ok
19:17:58.0101 5640	ErrDev          (8fc3208352dd3912c94367a206ab3f11) C:\windows\system32\drivers\errdev.sys
19:17:58.0195 5640	ErrDev - ok
19:17:58.0382 5640	EventSystem     (f6916efc29d9953d5d0df06882ae8e16) C:\windows\system32\es.dll
19:17:58.0554 5640	EventSystem - ok
19:17:58.0632 5640	exfat           (2dc9108d74081149cc8b651d3a26207f) C:\windows\system32\drivers\exfat.sys
19:17:58.0772 5640	exfat - ok
19:17:58.0850 5640	fastfat         (7e0ab74553476622fb6ae36f73d97d35) C:\windows\system32\drivers\fastfat.sys
19:17:58.0975 5640	fastfat - ok
19:17:59.0069 5640	Fax             (967ea5b213e9984cbe270205df37755b) C:\windows\system32\fxssvc.exe
19:17:59.0162 5640	Fax - ok
19:17:59.0334 5640	fdc             (e817a017f82df2a1f8cfdbda29388b29) C:\windows\system32\DRIVERS\fdc.sys
19:17:59.0412 5640	fdc - ok
19:17:59.0600 5640	fdPHost         (f3222c893bd2f5821a0179e5c71e88fb) C:\windows\system32\fdPHost.dll
19:17:59.0740 5640	fdPHost - ok
19:17:59.0787 5640	FDResPub        (7dbe8cbfe79efbdeb98c9fb08d3a9a5b) C:\windows\system32\fdrespub.dll
19:17:59.0943 5640	FDResPub - ok
19:18:00.0037 5640	FileInfo        (6cf00369c97f3cf563be99be983d13d8) C:\windows\system32\drivers\fileinfo.sys
19:18:00.0084 5640	FileInfo - ok
19:18:00.0115 5640	Filetrace       (42c51dc94c91da21cb9196eb64c45db9) C:\windows\system32\drivers\filetrace.sys
19:18:00.0224 5640	Filetrace - ok
19:18:00.0240 5640	flpydisk        (87907aa70cb3c56600f1c2fb8841579b) C:\windows\system32\DRIVERS\flpydisk.sys
19:18:00.0302 5640	flpydisk - ok
19:18:00.0411 5640	FltMgr          (7520ec808e0c35e0ee6f841294316653) C:\windows\system32\drivers\fltmgr.sys
19:18:00.0458 5640	FltMgr - ok
19:18:00.0552 5640	FontCache       (fa6c66e4364d7da57aade5dcc03bb999) C:\windows\system32\FntCache.dll
19:18:00.0754 5640	FontCache - ok
19:18:00.0864 5640	FontCache3.0.0.0 (e56f39f6b7fda0ac77a79b0fd3de1a2f) C:\windows\Microsoft.Net\Framework\v3.0\WPF\PresentationFontCache.exe
19:18:00.0926 5640	FontCache3.0.0.0 - ok
19:18:01.0051 5640	FsDepends       (1a16b57943853e598cff37fe2b8cbf1d) C:\windows\system32\drivers\FsDepends.sys
19:18:01.0113 5640	FsDepends - ok
19:18:01.0160 5640	Fs_Rec          (7dae5ebcc80e45d3253f4923dc424d05) C:\windows\system32\drivers\Fs_Rec.sys
19:18:01.0254 5640	Fs_Rec - ok
19:18:01.0363 5640	fvevol          (8a73e79089b282100b9393b644cb853b) C:\windows\system32\DRIVERS\fvevol.sys
19:18:01.0425 5640	fvevol - ok
19:18:01.0519 5640	gagp30kx        (65ee0c7a58b65e74ae05637418153938) C:\windows\system32\DRIVERS\gagp30kx.sys
19:18:01.0566 5640	gagp30kx - ok
19:18:01.0628 5640	GEARAspiWDM     (8182ff89c65e4d38b2de4bb0fb18564e) C:\windows\system32\DRIVERS\GEARAspiWDM.sys
19:18:01.0659 5640	GEARAspiWDM - ok
19:18:01.0737 5640	gpsvc           (e897eaf5ed6ba41e081060c9b447a673) C:\windows\System32\gpsvc.dll
19:18:01.0862 5640	gpsvc - ok
19:18:01.0924 5640	hcw85cir        (c44e3c2bab6837db337ddee7544736db) C:\windows\system32\drivers\hcw85cir.sys
19:18:01.0987 5640	hcw85cir - ok
19:18:02.0096 5640	HdAudAddService (a5ef29d5315111c80a5c1abad14c8972) C:\windows\system32\drivers\HdAudio.sys
19:18:02.0190 5640	HdAudAddService - ok
19:18:02.0299 5640	HDAudBus        (9036377b8a6c15dc2eec53e489d159b5) C:\windows\system32\drivers\HDAudBus.sys
19:18:02.0392 5640	HDAudBus - ok
19:18:02.0424 5640	HidBatt         (1d58a7f3e11a9731d0eaaaa8405acc36) C:\windows\system32\DRIVERS\HidBatt.sys
19:18:02.0470 5640	HidBatt - ok
19:18:02.0502 5640	HidBth          (89448f40e6df260c206a193a4683ba78) C:\windows\system32\DRIVERS\hidbth.sys
19:18:02.0564 5640	HidBth - ok
19:18:02.0643 5640	HidIr           (cf50b4cf4a4f229b9f3c08351f99ca5e) C:\windows\system32\DRIVERS\hidir.sys
19:18:02.0705 5640	HidIr - ok
19:18:02.0783 5640	hidserv         (2bc6f6a1992b3a77f5f41432ca6b3b6b) C:\windows\system32\hidserv.dll
19:18:02.0877 5640	hidserv - ok
19:18:03.0002 5640	HidUsb          (10c19f8290891af023eaec0832e1eb4d) C:\windows\system32\drivers\hidusb.sys
19:18:03.0064 5640	HidUsb - ok
19:18:03.0111 5640	hkmsvc          (196b4e3f4cccc24af836ce58facbb699) C:\windows\system32\kmsvc.dll
19:18:03.0205 5640	hkmsvc - ok
19:18:03.0251 5640	HomeGroupListener (6658f4404de03d75fe3ba09f7aba6a30) C:\windows\system32\ListSvc.dll
19:18:03.0329 5640	HomeGroupListener - ok
19:18:03.0376 5640	HomeGroupProvider (dbc02d918fff1cad628acbe0c0eaa8e8) C:\windows\system32\provsvc.dll
19:18:03.0439 5640	HomeGroupProvider - ok
19:18:03.0563 5640	HpSAMD          (295fdc419039090eb8b49ffdbb374549) C:\windows\system32\drivers\HpSAMD.sys
19:18:03.0610 5640	HpSAMD - ok
19:18:03.0704 5640	HTTP            (871917b07a141bff43d76d8844d48106) C:\windows\system32\drivers\HTTP.sys
19:18:03.0813 5640	HTTP - ok
19:18:03.0938 5640	hwpolicy        (0c4e035c7f105f1299258c90886c64c5) C:\windows\system32\drivers\hwpolicy.sys
19:18:03.0969 5640	hwpolicy - ok
19:18:04.0047 5640	i8042prt        (f151f0bdc47f4a28b1b20a0818ea36d6) C:\windows\system32\drivers\i8042prt.sys
19:18:04.0125 5640	i8042prt - ok
19:18:04.0219 5640	IAANTMON        (7548066df68a8a1a56b043359f915f37) C:\Program Files\Intel\Intel Matrix Storage Manager\IAANTMon.exe
19:18:04.0265 5640	IAANTMON - ok
19:18:04.0390 5640	iaStor          (d483687eace0c065ee772481a96e05f5) C:\windows\system32\DRIVERS\iaStor.sys
19:18:04.0437 5640	iaStor - ok
19:18:04.0499 5640	iaStorV         (5cd5f9a5444e6cdcb0ac89bd62d8b76e) C:\windows\system32\drivers\iaStorV.sys
19:18:04.0546 5640	iaStorV - ok
19:18:04.0640 5640	IDriverT        (daf66902f08796f9c694901660e5a64a) C:\Program Files\Common Files\InstallShield\Driver\1150\Intel 32\IDriverT.exe
19:18:04.0671 5640	IDriverT ( UnsignedFile.Multi.Generic ) - warning
19:18:04.0671 5640	IDriverT - detected UnsignedFile.Multi.Generic (1)
19:18:04.0796 5640	idsvc           (c521d7eb6497bb1af6afa89e322fb43c) C:\windows\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\infocard.exe
19:18:04.0889 5640	idsvc - ok
19:18:05.0139 5640	igfx            (d0074897c6bc132f3980ea4654bf7fb9) C:\windows\system32\DRIVERS\igdkmd32.sys
19:18:05.0420 5640	igfx - ok
19:18:05.0545 5640	iirsp           (4173ff5708f3236cf25195fecd742915) C:\windows\system32\DRIVERS\iirsp.sys
19:18:05.0591 5640	iirsp - ok
19:18:05.0669 5640	IKEEXT          (f95622f161474511b8d80d6b093aa610) C:\windows\System32\ikeext.dll
19:18:05.0825 5640	IKEEXT - ok
19:18:06.0059 5640	IntcAzAudAddService (e61611bacbe257c26a8951d6d096a248) C:\windows\system32\drivers\RTKVHDA.sys
19:18:06.0293 5640	IntcAzAudAddService - ok
19:18:06.0356 5640	intelide        (a0f12f2c9ba6c72f3987ce780e77c130) C:\windows\system32\drivers\intelide.sys
19:18:06.0403 5640	intelide - ok
19:18:06.0449 5640	intelppm        (3b514d27bfc4accb4037bc6685f766e0) C:\windows\system32\DRIVERS\intelppm.sys
19:18:06.0496 5640	intelppm - ok
19:18:06.0527 5640	IPBusEnum       (acb364b9075a45c0736e5c47be5cae19) C:\windows\system32\ipbusenum.dll
19:18:06.0683 5640	IPBusEnum - ok
19:18:06.0730 5640	IpFilterDriver  (709d1761d3b19a932ff0238ea6d50200) C:\windows\system32\DRIVERS\ipfltdrv.sys
19:18:06.0855 5640	IpFilterDriver - ok
19:18:06.0964 5640	iphlpsvc        (4d65a07b795d6674312f879d09aa7663) C:\windows\System32\iphlpsvc.dll
19:18:07.0073 5640	iphlpsvc - ok
19:18:07.0167 5640	IPMIDRV         (4bd7134618c1d2a27466a099062547bf) C:\windows\system32\drivers\IPMIDrv.sys
19:18:07.0214 5640	IPMIDRV - ok
19:18:07.0261 5640	IPNAT           (a5fa468d67abcdaa36264e463a7bb0cd) C:\windows\system32\drivers\ipnat.sys
19:18:07.0370 5640	IPNAT - ok
19:18:07.0448 5640	iPod Service    (ca1972397b845b2f53f5dc63c22fd98a) C:\Program Files\iPod\bin\iPodService.exe
19:18:07.0541 5640	iPod Service - ok
19:18:07.0651 5640	IRENUM          (42996cff20a3084a56017b7902307e9f) C:\windows\system32\drivers\irenum.sys
19:18:07.0760 5640	IRENUM - ok
19:18:07.0822 5640	isapnp          (1f32bb6b38f62f7df1a7ab7292638a35) C:\windows\system32\drivers\isapnp.sys
19:18:07.0869 5640	isapnp - ok
19:18:07.0916 5640	iScsiPrt        (cb7a9abb12b8415bce5d74994c7ba3ae) C:\windows\system32\drivers\msiscsi.sys
19:18:07.0978 5640	iScsiPrt - ok
19:18:08.0025 5640	kbdclass        (adef52ca1aeae82b50df86b56413107e) C:\windows\system32\drivers\kbdclass.sys
19:18:08.0056 5640	kbdclass - ok
19:18:08.0103 5640	kbdhid          (9e3ced91863e6ee98c24794d05e27a71) C:\windows\system32\drivers\kbdhid.sys
19:18:08.0165 5640	kbdhid - ok
19:18:08.0275 5640	kbfiltr         (3eb803312987ff44265c87cb960df6ab) C:\windows\system32\DRIVERS\kbfiltr.sys
19:18:08.0306 5640	kbfiltr - ok
19:18:08.0337 5640	KeyIso          (81951f51e318aecc2d68559e47485cc4) C:\windows\system32\lsass.exe
19:18:08.0384 5640	KeyIso - ok
19:18:08.0431 5640	KSecDD          (f4647bb23db9038a7536cf6b68f4207f) C:\windows\system32\Drivers\ksecdd.sys
19:18:08.0477 5640	KSecDD - ok
19:18:08.0524 5640	KSecPkg         (e73cae53bbb72ba26918492c6b4c229d) C:\windows\system32\Drivers\ksecpkg.sys
19:18:08.0571 5640	KSecPkg - ok
19:18:08.0618 5640	KtmRm           (89a7b9cc98d0d80c6f31b91c0a310fcd) C:\windows\system32\msdtckrm.dll
19:18:08.0743 5640	KtmRm - ok
19:18:08.0805 5640	L1C             (a158cea8644b8a5c1ec0e9a81b70f65a) C:\windows\system32\DRIVERS\L1C62x86.sys
19:18:08.0883 5640	L1C - ok
19:18:08.0977 5640	LanmanServer    (d64af876d53eca3668bb97b51b4e70ab) C:\windows\system32\srvsvc.dll
19:18:09.0101 5640	LanmanServer - ok
19:18:09.0195 5640	LanmanWorkstation (58405e4f68ba8e4057c6e914f326aba2) C:\windows\System32\wkssvc.dll
19:18:09.0304 5640	LanmanWorkstation - ok
19:18:09.0429 5640	lltdio          (f7611ec07349979da9b0ae1f18ccc7a6) C:\windows\system32\DRIVERS\lltdio.sys
19:18:09.0538 5640	lltdio - ok
19:18:09.0569 5640	lltdsvc         (5700673e13a2117fa3b9020c852c01e2) C:\windows\System32\lltdsvc.dll
19:18:09.0694 5640	lltdsvc - ok
19:18:09.0725 5640	lmhosts         (55ca01ba19d0006c8f2639b6c045e08b) C:\windows\System32\lmhsvc.dll
19:18:09.0835 5640	lmhosts - ok
19:18:09.0959 5640	LSI_FC          (eb119a53ccf2acc000ac71b065b78fef) C:\windows\system32\DRIVERS\lsi_fc.sys
19:18:10.0006 5640	LSI_FC - ok
19:18:10.0022 5640	LSI_SAS         (8ade1c877256a22e49b75d1cc9161f9c) C:\windows\system32\DRIVERS\lsi_sas.sys
19:18:10.0069 5640	LSI_SAS - ok
19:18:10.0084 5640	LSI_SAS2        (dc9dc3d3daa0e276fd2ec262e38b11e9) C:\windows\system32\DRIVERS\lsi_sas2.sys
19:18:10.0131 5640	LSI_SAS2 - ok
19:18:10.0147 5640	LSI_SCSI        (0a036c7d7cab643a7f07135ac47e0524) C:\windows\system32\DRIVERS\lsi_scsi.sys
19:18:10.0193 5640	LSI_SCSI - ok
19:18:10.0240 5640	luafv           (6703e366cc18d3b6e534f5cf7df39cee) C:\windows\system32\drivers\luafv.sys
19:18:10.0349 5640	luafv - ok
19:18:10.0459 5640	megasas         (0fff5b045293002ab38eb1fd1fc2fb74) C:\windows\system32\DRIVERS\megasas.sys
19:18:10.0490 5640	megasas - ok
19:18:10.0521 5640	MegaSR          (dcbab2920c75f390caf1d29f675d03d6) C:\windows\system32\DRIVERS\MegaSR.sys
19:18:10.0599 5640	MegaSR - ok
19:18:10.0646 5640	MMCSS           (146b6f43a673379a3c670e86d89be5ea) C:\windows\system32\mmcss.dll
19:18:10.0802 5640	MMCSS - ok
19:18:10.0927 5640	Modem           (f001861e5700ee84e2d4e52c712f4964) C:\windows\system32\drivers\modem.sys
19:18:11.0083 5640	Modem - ok
19:18:11.0129 5640	monitor         (79d10964de86b292320e9dfe02282a23) C:\windows\system32\DRIVERS\monitor.sys
19:18:11.0192 5640	monitor - ok
19:18:11.0332 5640	mouclass        (fb18cc1d4c2e716b6b903b0ac0cc0609) C:\windows\system32\drivers\mouclass.sys
19:18:11.0379 5640	mouclass - ok
19:18:11.0473 5640	mouhid          (2c388d2cd01c9042596cf3c8f3c7b24d) C:\windows\system32\DRIVERS\mouhid.sys
19:18:11.0551 5640	mouhid - ok
19:18:11.0738 5640	mountmgr        (fc8771f45ecccfd89684e38842539b9b) C:\windows\system32\drivers\mountmgr.sys
19:18:11.0800 5640	mountmgr - ok
19:18:11.0925 5640	mpio            (2d699fb6e89ce0d8da14ecc03b3edfe0) C:\windows\system32\drivers\mpio.sys
19:18:11.0972 5640	mpio - ok
19:18:12.0065 5640	mpsdrv          (ad2723a7b53dd1aacae6ad8c0bfbf4d0) C:\windows\system32\drivers\mpsdrv.sys
19:18:12.0159 5640	mpsdrv - ok
19:18:12.0331 5640	MpsSvc          (9835584e999d25004e1ee8e5f3e3b881) C:\windows\system32\mpssvc.dll
19:18:12.0487 5640	MpsSvc - ok
19:18:12.0596 5640	MRxDAV          (ceb46ab7c01c9f825f8cc6babc18166a) C:\windows\system32\drivers\mrxdav.sys
19:18:12.0705 5640	MRxDAV - ok
19:18:12.0814 5640	mrxsmb          (5d16c921e3671636c0eba3bbaac5fd25) C:\windows\system32\DRIVERS\mrxsmb.sys
19:18:12.0908 5640	mrxsmb - ok
19:18:12.0955 5640	mrxsmb10        (6d17a4791aca19328c685d256349fefc) C:\windows\system32\DRIVERS\mrxsmb10.sys
19:18:13.0033 5640	mrxsmb10 - ok
19:18:13.0079 5640	mrxsmb20        (b81f204d146000be76651a50670a5e9e) C:\windows\system32\DRIVERS\mrxsmb20.sys
19:18:13.0142 5640	mrxsmb20 - ok
19:18:13.0189 5640	msahci          (012c5f4e9349e711e11e0f19a8589f0a) C:\windows\system32\drivers\msahci.sys
19:18:13.0251 5640	msahci - ok
19:18:13.0345 5640	MSCSPTISRV      (8e46a7bac823dd82d4fb2a34c3df4c1d) C:\Program Files\Common Files\Sony Shared\AVLib\MSCSPTISRV.exe
19:18:13.0376 5640	MSCSPTISRV ( UnsignedFile.Multi.Generic ) - warning
19:18:13.0376 5640	MSCSPTISRV - detected UnsignedFile.Multi.Generic (1)
19:18:13.0485 5640	msdsm           (55055f8ad8be27a64c831322a780a228) C:\windows\system32\drivers\msdsm.sys
19:18:13.0563 5640	msdsm - ok
19:18:13.0610 5640	MSDTC           (e1bce74a3bd9902b72599c0192a07e27) C:\windows\System32\msdtc.exe
19:18:13.0688 5640	MSDTC - ok
19:18:13.0766 5640	Msfs            (daefb28e3af5a76abcc2c3078c07327f) C:\windows\system32\drivers\Msfs.sys
19:18:13.0906 5640	Msfs - ok
19:18:13.0937 5640	mshidkmdf       (3e1e5767043c5af9367f0056295e9f84) C:\windows\System32\drivers\mshidkmdf.sys
19:18:14.0078 5640	mshidkmdf - ok
19:18:14.0125 5640	msisadrv        (0a4e5757ae09fa9622e3158cc1aef114) C:\windows\system32\drivers\msisadrv.sys
19:18:14.0171 5640	msisadrv - ok
19:18:14.0234 5640	MSiSCSI         (90f7d9e6b6f27e1a707d4a297f077828) C:\windows\system32\iscsiexe.dll
19:18:14.0374 5640	MSiSCSI - ok
19:18:14.0405 5640	msiserver - ok
19:18:14.0468 5640	MSKSSRV         (8c0860d6366aaffb6c5bb9df9448e631) C:\windows\system32\drivers\MSKSSRV.sys
19:18:14.0624 5640	MSKSSRV - ok
19:18:14.0827 5640	MSPCLOCK        (3ea8b949f963562cedbb549eac0c11ce) C:\windows\system32\drivers\MSPCLOCK.sys
19:18:14.0920 5640	MSPCLOCK - ok
19:18:15.0014 5640	MSPQM           (f456e973590d663b1073e9c463b40932) C:\windows\system32\drivers\MSPQM.sys
19:18:15.0170 5640	MSPQM - ok
19:18:15.0201 5640	MsRPC           (0e008fc4819d238c51d7c93e7b41e560) C:\windows\system32\drivers\MsRPC.sys
19:18:15.0263 5640	MsRPC - ok
19:18:15.0326 5640	mssmbios        (fc6b9ff600cc585ea38b12589bd4e246) C:\windows\system32\drivers\mssmbios.sys
19:18:15.0373 5640	mssmbios - ok
19:18:15.0419 5640	MSTEE           (b42c6b921f61a6e55159b8be6cd54a36) C:\windows\system32\drivers\MSTEE.sys
19:18:15.0560 5640	MSTEE - ok
19:18:15.0575 5640	MTConfig        (33599130f44e1f34631cea241de8ac84) C:\windows\system32\DRIVERS\MTConfig.sys
19:18:15.0638 5640	MTConfig - ok
19:18:15.0669 5640	Mup             (159fad02f64e6381758c990f753bcc80) C:\windows\system32\Drivers\mup.sys
19:18:15.0731 5640	Mup - ok
19:18:15.0794 5640	napagent        (61d57a5d7c6d9afe10e77dae6e1b445e) C:\windows\system32\qagentRT.dll
19:18:15.0981 5640	napagent - ok
19:18:16.0059 5640	NativeWifiP     (26384429fcd85d83746f63e798ab1480) C:\windows\system32\DRIVERS\nwifi.sys
19:18:16.0137 5640	NativeWifiP - ok
19:18:16.0215 5640	NDIS            (e7c54812a2aaf43316eb6930c1ffa108) C:\windows\system32\drivers\ndis.sys
19:18:16.0340 5640	NDIS - ok
19:18:16.0387 5640	NdisCap         (0e1787aa6c9191d3d319e8bafe86f80c) C:\windows\system32\DRIVERS\ndiscap.sys
19:18:16.0527 5640	NdisCap - ok
19:18:16.0574 5640	NdisTapi        (e4a8aec125a2e43a9e32afeea7c9c888) C:\windows\system32\DRIVERS\ndistapi.sys
19:18:16.0699 5640	NdisTapi - ok
19:18:16.0777 5640	Ndisuio         (d8a65dafb3eb41cbb622745676fcd072) C:\windows\system32\DRIVERS\ndisuio.sys
19:18:16.0918 5640	Ndisuio - ok
19:18:16.0949 5640	NdisWan         (38fbe267e7e6983311179230facb1017) C:\windows\system32\DRIVERS\ndiswan.sys
19:18:17.0090 5640	NdisWan - ok
19:18:17.0136 5640	NDProxy         (a4bdc541e69674fbff1a8ff00be913f2) C:\windows\system32\drivers\NDProxy.sys
19:18:17.0261 5640	NDProxy - ok
19:18:17.0308 5640	Net Driver HPZ12 (69c503c004f49aee8b8e3067cc047ba7) C:\windows\system32\HPZinw12.dll
19:18:17.0339 5640	Net Driver HPZ12 ( UnsignedFile.Multi.Generic ) - warning
19:18:17.0339 5640	Net Driver HPZ12 - detected UnsignedFile.Multi.Generic (1)
19:18:17.0417 5640	NetBIOS         (80b275b1ce3b0e79909db7b39af74d51) C:\windows\system32\DRIVERS\netbios.sys
19:18:17.0558 5640	NetBIOS - ok
19:18:17.0604 5640	NetBT           (280122ddcf04b378edd1ad54d71c1e54) C:\windows\system32\DRIVERS\netbt.sys
19:18:17.0760 5640	NetBT - ok
19:18:17.0807 5640	Netlogon        (81951f51e318aecc2d68559e47485cc4) C:\windows\system32\lsass.exe
19:18:17.0870 5640	Netlogon - ok
19:18:17.0948 5640	Netman          (7cccfca7510684768da22092d1fa4db2) C:\windows\System32\netman.dll
19:18:18.0119 5640	Netman - ok
19:18:18.0150 5640	netprofm        (8c338238c16777a802d6a9211eb2ba50) C:\windows\System32\netprofm.dll
19:18:18.0306 5640	netprofm - ok
19:18:18.0431 5640	NetTcpPortSharing (f476ec40033cdb91efbe73eb99b8362d) C:\windows\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\SMSvcHost.exe
19:18:18.0494 5640	NetTcpPortSharing - ok
19:18:18.0603 5640	nfrd960         (1d85c4b390b0ee09c7a46b91efb2c097) C:\windows\system32\DRIVERS\nfrd960.sys
19:18:18.0665 5640	nfrd960 - ok
19:18:18.0712 5640	NlaSvc          (912084381d30d8b89ec4e293053f4710) C:\windows\System32\nlasvc.dll
19:18:18.0868 5640	NlaSvc - ok
19:18:18.0899 5640	Npfs            (1db262a9f8c087e8153d89bef3d2235f) C:\windows\system32\drivers\Npfs.sys
19:18:19.0055 5640	Npfs - ok
19:18:19.0086 5640	nsi             (ba387e955e890c8a88306d9b8d06bf17) C:\windows\system32\nsisvc.dll
19:18:19.0242 5640	nsi - ok
19:18:19.0305 5640	nsiproxy        (e9a0a4d07e53d8fea2bb8387a3293c58) C:\windows\system32\drivers\nsiproxy.sys
19:18:19.0461 5640	nsiproxy - ok
19:18:19.0554 5640	Ntfs            (81189c3d7763838e55c397759d49007a) C:\windows\system32\drivers\Ntfs.sys
19:18:19.0726 5640	Ntfs - ok
19:18:19.0835 5640	Null            (f9756a98d69098dca8945d62858a812c) C:\windows\system32\drivers\Null.sys
19:18:19.0977 5640	Null - ok
19:18:20.0039 5640	nvraid          (b3e25ee28883877076e0e1ff877d02e0) C:\windows\system32\drivers\nvraid.sys
19:18:20.0101 5640	nvraid - ok
19:18:20.0133 5640	nvstor          (4380e59a170d88c4f1022eff6719a8a4) C:\windows\system32\drivers\nvstor.sys
19:18:20.0211 5640	nvstor - ok
19:18:20.0273 5640	nv_agp          (5a0983915f02bae73267cc2a041f717d) C:\windows\system32\drivers\nv_agp.sys
19:18:20.0335 5640	nv_agp - ok
19:18:20.0382 5640	ohci1394        (08a70a1f2cdde9bb49b885cb817a66eb) C:\windows\system32\drivers\ohci1394.sys
19:18:20.0476 5640	ohci1394 - ok
19:18:20.0569 5640	ose             (9d10f99a6712e28f8acd5641e3a7ea6b) C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE
19:18:20.0616 5640	ose - ok
19:18:20.0835 5640	osppsvc         (358a9cca612c68eb2f07ddad4ce1d8d7) C:\Program Files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE
19:18:21.0240 5640	osppsvc - ok
19:18:21.0490 5640	p2pimsvc        (82a8521ddc60710c3d3d3e7325209bec) C:\windows\system32\pnrpsvc.dll
19:18:21.0599 5640	p2pimsvc - ok
19:18:21.0693 5640	p2psvc          (59c3ddd501e39e006dac31bf55150d91) C:\windows\system32\p2psvc.dll
19:18:21.0786 5640	p2psvc - ok
19:18:21.0880 5640	PACSPTISVR      (753a8f339f231d2b857e2ccd51a6e6ca) C:\Program Files\Common Files\Sony Shared\AVLib\PACSPTISVR.exe
19:18:21.0911 5640	PACSPTISVR ( UnsignedFile.Multi.Generic ) - warning
19:18:21.0911 5640	PACSPTISVR - detected UnsignedFile.Multi.Generic (1)
19:18:22.0020 5640	Parport         (2ea877ed5dd9713c5ac74e8ea7348d14) C:\windows\system32\DRIVERS\parport.sys
19:18:22.0098 5640	Parport - ok
19:18:22.0145 5640	partmgr         (bf8f6af06da75b336f07e23aef97d93b) C:\windows\system32\drivers\partmgr.sys
19:18:22.0207 5640	partmgr - ok
19:18:22.0239 5640	Parvdm          (eb0a59f29c19b86479d36b35983daadc) C:\windows\system32\DRIVERS\parvdm.sys
19:18:22.0317 5640	Parvdm - ok
19:18:22.0348 5640	PcaSvc          (358ab7956d3160000726574083dfc8a6) C:\windows\System32\pcasvc.dll
19:18:22.0441 5640	PcaSvc - ok
19:18:22.0519 5640	pci             (673e55c3498eb970088e812ea820aa8f) C:\windows\system32\drivers\pci.sys
19:18:22.0582 5640	pci - ok
19:18:22.0613 5640	pciide          (afe86f419014db4e5593f69ffe26ce0a) C:\windows\system32\drivers\pciide.sys
19:18:22.0675 5640	pciide - ok
19:18:22.0722 5640	pcmcia          (f396431b31693e71e8a80687ef523506) C:\windows\system32\DRIVERS\pcmcia.sys
19:18:22.0785 5640	pcmcia - ok
19:18:22.0816 5640	pcw             (250f6b43d2b613172035c6747aeeb19f) C:\windows\system32\drivers\pcw.sys
19:18:22.0878 5640	pcw - ok
19:18:22.0941 5640	PEAUTH          (9e0104ba49f4e6973749a02bf41344ed) C:\windows\system32\drivers\peauth.sys
19:18:23.0128 5640	PEAUTH - ok
19:18:23.0299 5640	pla             (414bba67a3ded1d28437eb66aeb8a720) C:\windows\system32\pla.dll
19:18:23.0533 5640	pla - ok
19:18:23.0580 5640	PlugPlay        (ec7bc28d207da09e79b3e9faf8b232ca) C:\windows\system32\umpnpmgr.dll
19:18:23.0705 5640	PlugPlay - ok
19:18:23.0814 5640	Pml Driver HPZ12 (12b4549d515cb26bb8d375038017ca65) C:\windows\system32\HPZipm12.dll
19:18:23.0861 5640	Pml Driver HPZ12 ( UnsignedFile.Multi.Generic ) - warning
19:18:23.0861 5640	Pml Driver HPZ12 - detected UnsignedFile.Multi.Generic (1)
19:18:23.0908 5640	PNRPAutoReg     (63ff8572611249931eb16bb8eed6afc8) C:\windows\system32\pnrpauto.dll
19:18:23.0987 5640	PNRPAutoReg - ok
19:18:24.0034 5640	PNRPsvc         (82a8521ddc60710c3d3d3e7325209bec) C:\windows\system32\pnrpsvc.dll
19:18:24.0112 5640	PNRPsvc - ok
19:18:24.0158 5640	PolicyAgent     (53946b69ba0836bd95b03759530c81ec) C:\windows\System32\ipsecsvc.dll
19:18:24.0314 5640	PolicyAgent - ok
19:18:24.0392 5640	Power           (f87d30e72e03d579a5199ccb3831d6ea) C:\windows\system32\umpo.dll
19:18:24.0548 5640	Power - ok
19:18:24.0658 5640	PptpMiniport    (631e3e205ad6d86f2aed6a4a8e69f2db) C:\windows\system32\DRIVERS\raspptp.sys
19:18:24.0814 5640	PptpMiniport - ok
19:18:24.0923 5640	Processor       (85b1e3a0c7585bc4aae6899ec6fcf011) C:\windows\system32\DRIVERS\processr.sys
19:18:25.0016 5640	Processor - ok
19:18:25.0141 5640	ProfSvc         (43ca4ccc22d52fb58e8988f0198851d0) C:\windows\system32\profsvc.dll
19:18:25.0282 5640	ProfSvc - ok
19:18:25.0328 5640	ProtectedStorage (81951f51e318aecc2d68559e47485cc4) C:\windows\system32\lsass.exe
19:18:25.0406 5640	ProtectedStorage - ok
19:18:25.0469 5640	Psched          (6270ccae2a86de6d146529fe55b3246a) C:\windows\system32\DRIVERS\pacer.sys
19:18:25.0625 5640	Psched - ok
19:18:25.0687 5640	PxHelp20        (1962166e0ceb740704f30fa55ad3d509) C:\windows\system32\Drivers\PxHelp20.sys
19:18:25.0718 5640	PxHelp20 ( UnsignedFile.Multi.Generic ) - warning
19:18:25.0718 5640	PxHelp20 - detected UnsignedFile.Multi.Generic (1)
19:18:25.0796 5640	ql2300          (ab95ecf1f6659a60ddc166d8315b0751) C:\windows\system32\DRIVERS\ql2300.sys
19:18:25.0984 5640	ql2300 - ok
19:18:26.0046 5640	ql40xx          (b4dd51dd25182244b86737dc51af2270) C:\windows\system32\DRIVERS\ql40xx.sys
19:18:26.0108 5640	ql40xx - ok
19:18:26.0186 5640	QWAVE           (31ac809e7707eb580b2bdb760390765a) C:\windows\system32\qwave.dll
19:18:26.0296 5640	QWAVE - ok
19:18:26.0358 5640	QWAVEdrv        (584078ca1b95ca72df2a27c336f9719d) C:\windows\system32\drivers\qwavedrv.sys
19:18:26.0452 5640	QWAVEdrv - ok
19:18:26.0530 5640	RasAcd          (30a81b53c766d0133bb86d234e5556ab) C:\windows\system32\DRIVERS\rasacd.sys
19:18:26.0654 5640	RasAcd - ok
19:18:26.0748 5640	RasAgileVpn     (57ec4aef73660166074d8f7f31c0d4fd) C:\windows\system32\DRIVERS\AgileVpn.sys
19:18:26.0888 5640	RasAgileVpn - ok
19:18:26.0935 5640	RasAuto         (a60f1839849c0c00739787fd5ec03f13) C:\windows\System32\rasauto.dll
19:18:27.0091 5640	RasAuto - ok
19:18:27.0169 5640	Rasl2tp         (d9f91eafec2815365cbe6d167e4e332a) C:\windows\system32\DRIVERS\rasl2tp.sys
19:18:27.0325 5640	Rasl2tp - ok
19:18:27.0388 5640	RasMan          (cb9e04dc05eacf5b9a36ca276d475006) C:\windows\System32\rasmans.dll
19:18:27.0559 5640	RasMan - ok
19:18:27.0653 5640	RasPppoe        (0fe8b15916307a6ac12bfb6a63e45507) C:\windows\system32\DRIVERS\raspppoe.sys
19:18:27.0793 5640	RasPppoe - ok
19:18:27.0824 5640	RasSstp         (44101f495a83ea6401d886e7fd70096b) C:\windows\system32\DRIVERS\rassstp.sys
19:18:27.0965 5640	RasSstp - ok
19:18:28.0012 5640	rdbss           (d528bc58a489409ba40334ebf96a311b) C:\windows\system32\DRIVERS\rdbss.sys
19:18:28.0152 5640	rdbss - ok
19:18:28.0183 5640	rdpbus          (0d8f05481cb76e70e1da06ee9f0da9df) C:\windows\system32\DRIVERS\rdpbus.sys
19:18:28.0277 5640	rdpbus - ok
19:18:28.0324 5640	RDPCDD          (23dae03f29d253ae74c44f99e515f9a1) C:\windows\system32\DRIVERS\RDPCDD.sys
19:18:28.0448 5640	RDPCDD - ok
19:18:28.0511 5640	RDPENCDD        (5a53ca1598dd4156d44196d200c94b8a) C:\windows\system32\drivers\rdpencdd.sys
19:18:28.0651 5640	RDPENCDD - ok
19:18:28.0698 5640	RDPREFMP        (44b0a53cd4f27d50ed461dae0c0b4e1f) C:\windows\system32\drivers\rdprefmp.sys
19:18:28.0823 5640	RDPREFMP - ok
19:18:28.0885 5640	RDPWD           (244c83332f44589ae98fc347f11b2693) C:\windows\system32\drivers\RDPWD.sys
19:18:28.0979 5640	RDPWD - ok
19:18:29.0088 5640	rdyboost        (518395321dc96fe2c9f0e96ac743b656) C:\windows\system32\drivers\rdyboost.sys
19:18:29.0166 5640	rdyboost - ok
19:18:29.0197 5640	RemoteAccess    (7b5e1419717fac363a31cc302895217a) C:\windows\System32\mprdim.dll
19:18:29.0353 5640	RemoteAccess - ok
19:18:29.0400 5640	RemoteRegistry  (cb9a8683f4ef2bf99e123d79950d7935) C:\windows\system32\regsvc.dll
19:18:29.0572 5640	RemoteRegistry - ok
19:18:29.0681 5640	RFCOMM          (cb928d9e6daf51879dd6ba8d02f01321) C:\windows\system32\DRIVERS\rfcomm.sys
19:18:29.0774 5640	RFCOMM - ok
19:18:29.0915 5640	RpcEptMapper    (78d072f35bc45d9e4e1b61895c152234) C:\windows\System32\RpcEpMap.dll
19:18:30.0071 5640	RpcEptMapper - ok
19:18:30.0133 5640	RpcLocator      (94d36c0e44677dd26981d2bfeef2a29d) C:\windows\system32\locator.exe
19:18:30.0227 5640	RpcLocator - ok
19:18:30.0274 5640	RpcSs           (7660f01d3b38aca1747e397d21d790af) C:\windows\system32\rpcss.dll
19:18:30.0430 5640	RpcSs - ok
19:18:30.0492 5640	rspndr          (032b0d36ad92b582d869879f5af5b928) C:\windows\system32\DRIVERS\rspndr.sys
19:18:30.0648 5640	rspndr - ok
19:18:30.0695 5640	SamSs           (81951f51e318aecc2d68559e47485cc4) C:\windows\system32\lsass.exe
19:18:30.0757 5640	SamSs - ok
19:18:30.0835 5640	sbp2port        (05d860da1040f111503ac416ccef2bca) C:\windows\system32\drivers\sbp2port.sys
19:18:30.0898 5640	sbp2port - ok
19:18:30.0929 5640	SCardSvr        (8fc518ffe9519c2631d37515a68009c4) C:\windows\System32\SCardSvr.dll
19:18:31.0085 5640	SCardSvr - ok
19:18:31.0132 5640	scfilter        (0693b5ec673e34dc147e195779a4dcf6) C:\windows\system32\DRIVERS\scfilter.sys
19:18:31.0272 5640	scfilter - ok
19:18:31.0334 5640	Schedule        (a04bb13f8a72f8b6e8b4071723e4e336) C:\windows\system32\schedsvc.dll
19:18:31.0537 5640	Schedule - ok
19:18:31.0615 5640	SCPolicySvc     (319c6b309773d063541d01df8ac6f55f) C:\windows\System32\certprop.dll
19:18:31.0740 5640	SCPolicySvc - ok
19:18:31.0771 5640	SDRSVC          (08236c4bce5edd0a0318a438af28e0f7) C:\windows\System32\SDRSVC.dll
19:18:31.0880 5640	SDRSVC - ok
19:18:31.0990 5640	SeaPort         (78779ee07231c658b483b1f38b5088df) C:\Program Files\Microsoft\BingBar\SeaPort.EXE
19:18:32.0068 5640	SeaPort - ok
19:18:32.0161 5640	secdrv          (90a3935d05b494a5a39d37e71f09a677) C:\windows\system32\drivers\secdrv.sys
19:18:32.0317 5640	secdrv - ok
19:18:32.0364 5640	seclogon        (a59b3a4442c52060cc7a85293aa3546f) C:\windows\system32\seclogon.dll
19:18:32.0504 5640	seclogon - ok
19:18:32.0598 5640	SENS            (dcb7fcdcc97f87360f75d77425b81737) C:\windows\System32\sens.dll
19:18:32.0770 5640	SENS - ok
19:18:32.0848 5640	Serenum         (9ad8b8b515e3df6acd4212ef465de2d1) C:\windows\system32\DRIVERS\serenum.sys
19:18:32.0926 5640	Serenum - ok
19:18:32.0988 5640	Serial          (5fb7fcea0490d821f26f39cc5ea3d1e2) C:\windows\system32\DRIVERS\serial.sys
19:18:33.0082 5640	Serial - ok
19:18:33.0160 5640	sermouse        (79bffb520327ff916a582dfea17aa813) C:\windows\system32\DRIVERS\sermouse.sys
19:18:33.0222 5640	sermouse - ok
19:18:33.0347 5640	SessionEnv      (4ae380f39a0032eab7dd953030b26d28) C:\windows\system32\sessenv.dll
19:18:33.0503 5640	SessionEnv - ok
19:18:33.0581 5640	sffdisk         (9f976e1eb233df46fce808d9dea3eb9c) C:\windows\system32\drivers\sffdisk.sys
19:18:33.0674 5640	sffdisk - ok
19:18:33.0752 5640	sffp_mmc        (932a68ee27833cfd57c1639d375f2731) C:\windows\system32\drivers\sffp_mmc.sys
19:18:33.0830 5640	sffp_mmc - ok
19:18:33.0877 5640	sffp_sd         (6d4ccaedc018f1cf52866bbbaa235982) C:\windows\system32\drivers\sffp_sd.sys
19:18:33.0971 5640	sffp_sd - ok
19:18:34.0049 5640	sfloppy         (db96666cc8312ebc45032f30b007a547) C:\windows\system32\DRIVERS\sfloppy.sys
19:18:34.0127 5640	sfloppy - ok
19:18:34.0252 5640	Sftfs           (d9b734638dd8dba9d59aad3189cd0fad) C:\windows\system32\DRIVERS\Sftfslh.sys
19:18:34.0361 5640	Sftfs - ok
19:18:34.0454 5640	sftlist         (cb73bc422c07fb611f194da18d1e7f36) C:\Program Files\Microsoft Application Virtualization Client\sftlist.exe
19:18:34.0548 5640	sftlist - ok
19:18:34.0673 5640	Sftplay         (2f61bd46c0bff4eb36e1e359ca17bfc5) C:\windows\system32\DRIVERS\Sftplaylh.sys
19:18:34.0735 5640	Sftplay - ok
19:18:34.0766 5640	Sftredir        (518bac0179f94304f422696b47c0ec12) C:\windows\system32\DRIVERS\Sftredirlh.sys
19:18:34.0813 5640	Sftredir - ok
19:18:34.0860 5640	Sftvol          (747325236d88b3f05ffd27ff9ec711c5) C:\windows\system32\DRIVERS\Sftvollh.sys
19:18:34.0907 5640	Sftvol - ok
19:18:35.0032 5640	sftvsa          (a5812f0281ca5081bf696626f9bf324d) C:\Program Files\Microsoft Application Virtualization Client\sftvsa.exe
19:18:35.0094 5640	sftvsa - ok
19:18:35.0203 5640	SharedAccess    (d1a079a0de2ea524513b6930c24527a2) C:\windows\System32\ipnathlp.dll
19:18:35.0359 5640	SharedAccess - ok
19:18:35.0422 5640	ShellHWDetection (414da952a35bf5d50192e28263b40577) C:\windows\System32\shsvcs.dll
19:18:35.0578 5640	ShellHWDetection - ok
19:18:35.0656 5640	sisagp          (2565cac0dc9fe0371bdce60832582b2e) C:\windows\system32\drivers\sisagp.sys
19:18:35.0718 5640	sisagp - ok
19:18:35.0749 5640	SiSRaid2        (a9f0486851becb6dda1d89d381e71055) C:\windows\system32\DRIVERS\SiSRaid2.sys
19:18:35.0812 5640	SiSRaid2 - ok
19:18:35.0843 5640	SiSRaid4        (3727097b55738e2f554972c3be5bc1aa) C:\windows\system32\DRIVERS\sisraid4.sys
19:18:35.0905 5640	SiSRaid4 - ok
19:18:35.0936 5640	Smb             (3e21c083b8a01cb70ba1f09303010fce) C:\windows\system32\DRIVERS\smb.sys
19:18:36.0061 5640	Smb - ok
19:18:36.0155 5640	SNMPTRAP        (6a984831644eca1a33ffeae4126f4f37) C:\windows\System32\snmptrap.exe
19:18:36.0248 5640	SNMPTRAP - ok
19:18:36.0358 5640	SonicStage Back-End Service (977aaa4398d7d6fa65d973f5b3f54e40) C:\Program Files\Common Files\Sony Shared\AVLib\SsBeSvc.exe
19:18:36.0404 5640	SonicStage Back-End Service - ok
19:18:36.0498 5640	spldr           (95cf1ae7527fb70f7816563cbc09d942) C:\windows\system32\drivers\spldr.sys
19:18:36.0560 5640	spldr - ok
19:18:36.0623 5640	Spooler         (866a43013535dc8587c258e43579c764) C:\windows\System32\spoolsv.exe
19:18:36.0794 5640	Spooler - ok
19:18:36.0950 5640	sppsvc          (cf87a1de791347e75b98885214ced2b8) C:\windows\system32\sppsvc.exe
19:18:37.0309 5640	sppsvc - ok
19:18:37.0418 5640	sppuinotify     (b0180b20b065d89232a78a40fe56eaa6) C:\windows\system32\sppuinotify.dll
19:18:37.0559 5640	sppuinotify - ok
19:18:37.0652 5640	SPTISRV         (e3e6c96b0ef4492c3c8fd0deef4e35a1) C:\Program Files\Common Files\Sony Shared\AVLib\SPTISRV.exe
19:18:37.0684 5640	SPTISRV ( UnsignedFile.Multi.Generic ) - warning
19:18:37.0684 5640	SPTISRV - detected UnsignedFile.Multi.Generic (1)
19:18:37.0793 5640	srv             (e4c2764065d66ea1d2d3ebc28fe99c46) C:\windows\system32\DRIVERS\srv.sys
19:18:37.0918 5640	srv - ok
19:18:38.0027 5640	srv2            (03f0545bd8d4c77fa0ae1ceedfcc71ab) C:\windows\system32\DRIVERS\srv2.sys
19:18:38.0136 5640	srv2 - ok
19:18:38.0167 5640	srvnet          (be6bd660caa6f291ae06a718a4fa8abc) C:\windows\system32\DRIVERS\srvnet.sys
19:18:38.0245 5640	srvnet - ok
19:18:38.0292 5640	SSDPSRV         (d887c9fd02ac9fa880f6e5027a43e118) C:\windows\System32\ssdpsrv.dll
19:18:38.0464 5640	SSDPSRV - ok
19:18:38.0510 5640	ssmdrv          (a36ee93698802cd899f98bfd553d8185) C:\windows\system32\DRIVERS\ssmdrv.sys
19:18:38.0557 5640	ssmdrv - ok
19:18:38.0682 5640	SSScsiSV        (756e371b3b86a3d3039926d32eac0e8d) C:\Program Files\Common Files\Sony Shared\AVLib\SSScsiSV.exe
19:18:38.0729 5640	SSScsiSV - ok
19:18:38.0822 5640	SstpSvc         (d318f23be45d5e3a107469eb64815b50) C:\windows\system32\sstpsvc.dll
19:18:38.0994 5640	SstpSvc - ok
19:18:39.0072 5640	stexstor        (db32d325c192b801df274bfd12a7e72b) C:\windows\system32\DRIVERS\stexstor.sys
19:18:39.0119 5640	stexstor - ok
19:18:39.0197 5640	StiSvc          (e1fb3706030fb4578a0d72c2fc3689e4) C:\windows\System32\wiaservc.dll
19:18:39.0337 5640	StiSvc - ok
19:18:39.0400 5640	swenum          (e58c78a848add9610a4db6d214af5224) C:\windows\system32\drivers\swenum.sys
19:18:39.0462 5640	swenum - ok
19:18:39.0524 5640	swprv           (a28bd92df340e57b024ba433165d34d7) C:\windows\System32\swprv.dll
19:18:39.0696 5640	swprv - ok
19:18:39.0790 5640	SynTP           (bd8e7f87de409a745a132a8812de5a96) C:\windows\system32\DRIVERS\SynTP.sys
19:18:39.0852 5640	SynTP - ok
19:18:39.0930 5640	SysMain         (36650d618ca34c9d357dfd3d89b2c56f) C:\windows\system32\sysmain.dll
19:18:40.0086 5640	SysMain - ok
19:18:40.0133 5640	TabletInputService (763fecdc3d30c815fe72dd57936c6cd1) C:\windows\System32\TabSvc.dll
19:18:40.0242 5640	TabletInputService - ok
19:18:40.0289 5640	TapiSrv         (613bf4820361543956909043a265c6ac) C:\windows\System32\tapisrv.dll
19:18:40.0460 5640	TapiSrv - ok
19:18:40.0538 5640	TBS             (b799d9fdb26111737f58288d8dc172d9) C:\windows\System32\tbssvc.dll
19:18:40.0694 5640	TBS - ok
19:18:40.0835 5640	Tcpip           (65d10b191c59c5501a1263fc33f6894b) C:\windows\system32\drivers\tcpip.sys
19:18:41.0022 5640	Tcpip - ok
19:18:41.0162 5640	TCPIP6          (65d10b191c59c5501a1263fc33f6894b) C:\windows\system32\DRIVERS\tcpip.sys
19:18:41.0303 5640	TCPIP6 - ok
19:18:41.0396 5640	tcpipreg        (cca24162e055c3714ce5a88b100c64ed) C:\windows\system32\drivers\tcpipreg.sys
19:18:41.0537 5640	tcpipreg - ok
19:18:41.0646 5640	TDPIPE          (1cb91b2bd8f6dd367dfc2ef26fd751b2) C:\windows\system32\drivers\tdpipe.sys
19:18:41.0708 5640	TDPIPE - ok
19:18:41.0755 5640	TDTCP           (2c2c5afe7ee4f620d69c23c0617651a8) C:\windows\system32\drivers\tdtcp.sys
19:18:41.0818 5640	TDTCP - ok
19:18:41.0864 5640	tdx             (b459575348c20e8121d6039da063c704) C:\windows\system32\DRIVERS\tdx.sys
19:18:41.0989 5640	tdx - ok
19:18:42.0052 5640	TermDD          (04dbf4b01ea4bf25a9a3e84affac9b20) C:\windows\system32\drivers\termdd.sys
19:18:42.0098 5640	TermDD - ok
19:18:42.0176 5640	TermService     (382c804c92811be57829d8e550a900e2) C:\windows\System32\termsrv.dll
19:18:42.0348 5640	TermService - ok
19:18:42.0410 5640	Themes          (42fb6afd6b79d9fe07381609172e7ca4) C:\windows\system32\themeservice.dll
19:18:42.0520 5640	Themes - ok
19:18:42.0566 5640	THREADORDER     (146b6f43a673379a3c670e86d89be5ea) C:\windows\system32\mmcss.dll
19:18:42.0707 5640	THREADORDER - ok
19:18:42.0754 5640	TrkWks          (4792c0378db99a9bc2ae2de6cfff0c3a) C:\windows\System32\trkwks.dll
19:18:42.0910 5640	TrkWks - ok
19:18:42.0988 5640	TrustedInstaller (2c49b175aee1d4364b91b531417fe583) C:\windows\servicing\TrustedInstaller.exe
19:18:43.0128 5640	TrustedInstaller - ok
19:18:43.0253 5640	tssecsrv        (254bb140eee3c59d6114c1a86b636877) C:\windows\system32\DRIVERS\tssecsrv.sys
19:18:43.0409 5640	tssecsrv - ok
19:18:43.0518 5640	TsUsbFlt        (fd1d6c73e6333be727cbcc6054247654) C:\windows\system32\drivers\tsusbflt.sys
19:18:43.0596 5640	TsUsbFlt - ok
19:18:43.0736 5640	tunnel          (b2fa25d9b17a68bb93d58b0556e8c90d) C:\windows\system32\DRIVERS\tunnel.sys
19:18:43.0861 5640	tunnel - ok
19:18:43.0908 5640	uagp35          (750fbcb269f4d7dd2e420c56b795db6d) C:\windows\system32\DRIVERS\uagp35.sys
19:18:43.0970 5640	uagp35 - ok
19:18:44.0017 5640	udfs            (ee43346c7e4b5e63e54f927babbb32ff) C:\windows\system32\DRIVERS\udfs.sys
19:18:44.0173 5640	udfs - ok
19:18:44.0220 5640	UI0Detect       (8344fd4fce927880aa1aa7681d4927e5) C:\windows\system32\UI0Detect.exe
19:18:44.0329 5640	UI0Detect - ok
19:18:44.0454 5640	uliagpkx        (44e8048ace47befbfdc2e9be4cbc8880) C:\windows\system32\drivers\uliagpkx.sys
19:18:44.0516 5640	uliagpkx - ok
19:18:44.0563 5640	umbus           (d295bed4b898f0fd999fcfa9b32b071b) C:\windows\system32\drivers\umbus.sys
19:18:44.0641 5640	umbus - ok
19:18:44.0735 5640	UmPass          (7550ad0c6998ba1cb4843e920ee0feac) C:\windows\system32\DRIVERS\umpass.sys
19:18:44.0797 5640	UmPass - ok
19:18:44.0844 5640	upnphost        (833fbb672460efce8011d262175fad33) C:\windows\System32\upnphost.dll
19:18:45.0016 5640	upnphost - ok
19:18:45.0094 5640	USBAAPL         (83cafcb53201bbac04d822f32438e244) C:\windows\system32\Drivers\usbaapl.sys
19:18:45.0187 5640	USBAAPL - ok
19:18:45.0234 5640	usbccgp         (bd9c55d7023c5de374507acc7a14e2ac) C:\windows\system32\DRIVERS\usbccgp.sys
19:18:45.0328 5640	usbccgp - ok
19:18:45.0452 5640	usbcir          (04ec7cec62ec3b6d9354eee93327fc82) C:\windows\system32\drivers\usbcir.sys
19:18:45.0546 5640	usbcir - ok
19:18:45.0593 5640	usbehci         (f92de757e4b7ce9c07c5e65423f3ae3b) C:\windows\system32\drivers\usbehci.sys
19:18:45.0655 5640	usbehci - ok
19:18:45.0702 5640	usbhub          (8dc94aec6a7e644a06135ae7506dc2e9) C:\windows\system32\DRIVERS\usbhub.sys
19:18:45.0780 5640	usbhub - ok
19:18:45.0827 5640	usbohci         (e185d44fac515a18d9deddc23c2cdf44) C:\windows\system32\drivers\usbohci.sys
19:18:45.0905 5640	usbohci - ok
19:18:45.0952 5640	usbprint        (797d862fe0875e75c7cc4c1ad7b30252) C:\windows\system32\DRIVERS\usbprint.sys
19:18:46.0030 5640	usbprint - ok
19:18:46.0061 5640	USBSTOR         (f991ab9cc6b908db552166768176896a) C:\windows\system32\DRIVERS\USBSTOR.SYS
19:18:46.0154 5640	USBSTOR - ok
19:18:46.0186 5640	usbuhci         (68df884cf41cdada664beb01daf67e3d) C:\windows\system32\drivers\usbuhci.sys
19:18:46.0264 5640	usbuhci - ok
19:18:46.0404 5640	usbvideo        (45f4e7bf43db40a6c6b4d92c76cbc3f2) C:\windows\System32\Drivers\usbvideo.sys
19:18:46.0498 5640	usbvideo - ok
19:18:46.0560 5640	UxSms           (081e6e1c91aec36758902a9f727cd23c) C:\windows\System32\uxsms.dll
19:18:46.0700 5640	UxSms - ok
19:18:46.0747 5640	VaultSvc        (81951f51e318aecc2d68559e47485cc4) C:\windows\system32\lsass.exe
19:18:46.0810 5640	VaultSvc - ok
19:18:46.0888 5640	vdrvroot        (a059c4c3edb09e07d21a8e5c0aabd3cb) C:\windows\system32\drivers\vdrvroot.sys
19:18:46.0950 5640	vdrvroot - ok
19:18:46.0997 5640	vds             (c3cd30495687c2a2f66a65ca6fd89be9) C:\windows\System32\vds.exe
19:18:47.0184 5640	vds - ok
19:18:47.0246 5640	vga             (17c408214ea61696cec9c66e388b14f3) C:\windows\system32\DRIVERS\vgapnp.sys
19:18:47.0324 5640	vga - ok
19:18:47.0371 5640	VgaSave         (8e38096ad5c8570a6f1570a61e251561) C:\windows\System32\drivers\vga.sys
19:18:47.0512 5640	VgaSave - ok
19:18:47.0574 5640	vhdmp           (5461686cca2fda57b024547733ab42e3) C:\windows\system32\drivers\vhdmp.sys
19:18:47.0636 5640	vhdmp - ok
19:18:47.0746 5640	viaagp          (c829317a37b4bea8f39735d4b076e923) C:\windows\system32\drivers\viaagp.sys
19:18:47.0808 5640	viaagp - ok
19:18:47.0855 5640	ViaC7           (e02f079a6aa107f06b16549c6e5c7b74) C:\windows\system32\DRIVERS\viac7.sys
19:18:47.0933 5640	ViaC7 - ok
19:18:47.0980 5640	viaide          (e43574f6a56a0ee11809b48c09e4fd3c) C:\windows\system32\drivers\viaide.sys
19:18:48.0042 5640	viaide - ok
19:18:48.0073 5640	volmgr          (4c63e00f2f4b5f86ab48a58cd990f212) C:\windows\system32\drivers\volmgr.sys
19:18:48.0136 5640	volmgr - ok
19:18:48.0182 5640	volmgrx         (b5bb72067ddddbbfb04b2f89ff8c3c87) C:\windows\system32\drivers\volmgrx.sys
19:18:48.0260 5640	volmgrx - ok
19:18:48.0292 5640	volsnap         (f497f67932c6fa693d7de2780631cfe7) C:\windows\system32\drivers\volsnap.sys
19:18:48.0370 5640	volsnap - ok
19:18:48.0432 5640	vsmraid         (9dfa0cc2f8855a04816729651175b631) C:\windows\system32\DRIVERS\vsmraid.sys
19:18:48.0494 5640	vsmraid - ok
19:18:48.0588 5640	VSS             (209a3b1901b83aeb8527ed211cce9e4c) C:\windows\system32\vssvc.exe
19:18:48.0806 5640	VSS - ok
19:18:48.0853 5640	vwifibus        (90567b1e658001e79d7c8bbd3dde5aa6) C:\windows\system32\DRIVERS\vwifibus.sys
19:18:48.0931 5640	vwifibus - ok
19:18:48.0962 5640	vwififlt        (7090d3436eeb4e7da3373090a23448f7) C:\windows\system32\DRIVERS\vwififlt.sys
19:18:49.0056 5640	vwififlt - ok
19:18:49.0118 5640	W32Time         (55187fd710e27d5095d10a472c8baf1c) C:\windows\system32\w32time.dll
19:18:49.0290 5640	W32Time - ok
19:18:49.0368 5640	WacomPen        (de3721e89c653aa281428c8a69745d90) C:\windows\system32\DRIVERS\wacompen.sys
19:18:49.0430 5640	WacomPen - ok
19:18:49.0540 5640	WANARP          (3c3c78515f5ab448b022bdf5b8ffdd2e) C:\windows\system32\DRIVERS\wanarp.sys
19:18:49.0664 5640	WANARP - ok
19:18:49.0680 5640	Wanarpv6        (3c3c78515f5ab448b022bdf5b8ffdd2e) C:\windows\system32\DRIVERS\wanarp.sys
19:18:49.0805 5640	Wanarpv6 - ok
19:18:49.0883 5640	wbengine        (691e3285e53dca558e1a84667f13e15a) C:\windows\system32\wbengine.exe
19:18:50.0054 5640	wbengine - ok
19:18:50.0117 5640	WbioSrvc        (9614b5d29dc76ac3c29f6d2d3aa70e67) C:\windows\System32\wbiosrvc.dll
19:18:50.0226 5640	WbioSrvc - ok
19:18:50.0288 5640	wcncsvc         (34eee0dfaadb4f691d6d5308a51315dc) C:\windows\System32\wcncsvc.dll
19:18:50.0413 5640	wcncsvc - ok
19:18:50.0444 5640	WcsPlugInService (5d930b6357a6d2af4d7653bdabbf352f) C:\windows\System32\WcsPlugInService.dll
19:18:50.0554 5640	WcsPlugInService - ok
19:18:50.0647 5640	Wd              (1112a9badacb47b7c0bb0392e3158dff) C:\windows\system32\DRIVERS\wd.sys
19:18:50.0710 5640	Wd - ok
19:18:50.0741 5640	Wdf01000        (9950e3d0f08141c7e89e64456ae7dc73) C:\windows\system32\drivers\Wdf01000.sys
19:18:50.0850 5640	Wdf01000 - ok
19:18:50.0881 5640	WdiServiceHost  (46ef9dc96265fd0b423db72e7c38c2a5) C:\windows\system32\wdi.dll
19:18:51.0022 5640	WdiServiceHost - ok
19:18:51.0037 5640	WdiSystemHost   (46ef9dc96265fd0b423db72e7c38c2a5) C:\windows\system32\wdi.dll
19:18:51.0131 5640	WdiSystemHost - ok
19:18:51.0240 5640	WebClient       (a9d880f97530d5b8fee278923349929d) C:\windows\System32\webclnt.dll
19:18:51.0365 5640	WebClient - ok
19:18:51.0443 5640	Wecsvc          (760f0afe937a77cff27153206534f275) C:\windows\system32\wecsvc.dll
19:18:51.0599 5640	Wecsvc - ok
19:18:51.0646 5640	wercplsupport   (ac804569bb2364fb6017370258a4091b) C:\windows\System32\wercplsupport.dll
19:18:51.0802 5640	wercplsupport - ok
19:18:51.0911 5640	WerSvc          (08e420d873e4fd85241ee2421b02c4a4) C:\windows\System32\WerSvc.dll
19:18:52.0051 5640	WerSvc - ok
19:18:52.0145 5640	WfpLwf          (8b9a943f3b53861f2bfaf6c186168f79) C:\windows\system32\DRIVERS\wfplwf.sys
19:18:52.0285 5640	WfpLwf - ok
19:18:52.0316 5640	WIMMount        (5cf95b35e59e2a38023836fff31be64c) C:\windows\system32\drivers\wimmount.sys
19:18:52.0363 5640	WIMMount - ok
19:18:52.0457 5640	WinDefend       (3fae8f94296001c32eab62cd7d82e0fd) C:\Program Files\Windows Defender\mpsvc.dll
19:18:52.0597 5640	WinDefend - ok
19:18:52.0628 5640	WinHttpAutoProxySvc - ok
19:18:52.0753 5640	Winmgmt         (f62e510b6ad4c21eb9fe8668ed251826) C:\windows\system32\wbem\WMIsvc.dll
19:18:52.0894 5640	Winmgmt - ok
19:18:53.0003 5640	WinRM           (1b91cd34ea3a90ab6a4ef0550174f4cc) C:\windows\system32\WsmSvc.dll
19:18:53.0237 5640	WinRM - ok
19:18:53.0393 5640	Wlansvc         (16935c98ff639d185086a3529b1f2067) C:\windows\System32\wlansvc.dll
19:18:53.0549 5640	Wlansvc - ok
19:18:53.0674 5640	WmiAcpi         (0217679b8fca58714c3bf2726d2ca84e) C:\windows\system32\drivers\wmiacpi.sys
19:18:53.0752 5640	WmiAcpi - ok
19:18:53.0830 5640	wmiApSrv        (6eb6b66517b048d87dc1856ddf1f4c3f) C:\windows\system32\wbem\WmiApSrv.exe
19:18:53.0908 5640	wmiApSrv - ok
19:18:54.0032 5640	WMPNetworkSvc   (3b40d3a61aa8c21b88ae57c58ab3122e) C:\Program Files\Windows Media Player\wmpnetwk.exe
19:18:54.0188 5640	WMPNetworkSvc - ok
19:18:54.0282 5640	WPCSvc          (a2f0ec770a92f2b3f9de6d518e11409c) C:\windows\System32\wpcsvc.dll
19:18:54.0391 5640	WPCSvc - ok
19:18:54.0469 5640	WPDBusEnum      (aa53356d60af47eacc85bc617a4f3f66) C:\windows\system32\wpdbusenum.dll
19:18:54.0578 5640	WPDBusEnum - ok
19:18:54.0656 5640	ws2ifsl         (6db3276587b853bf886b69528fdb048c) C:\windows\system32\drivers\ws2ifsl.sys
19:18:54.0797 5640	ws2ifsl - ok
19:18:54.0844 5640	wscsvc          (6f5d49efe0e7164e03ae773a3fe25340) C:\windows\System32\wscsvc.dll
19:18:54.0953 5640	wscsvc - ok
19:18:54.0984 5640	WSearch - ok
19:18:55.0109 5640	wuauserv        (3026418a50c5b4761befa632cedb7406) C:\windows\system32\wuaueng.dll
19:18:55.0358 5640	wuauserv - ok
19:18:55.0421 5640	WudfPf          (e714a1c0354636837e20ccbf00888ee7) C:\windows\system32\drivers\WudfPf.sys
19:18:55.0561 5640	WudfPf - ok
19:18:55.0686 5640	WUDFRd          (1023ee888c9b47178c5293ed5336ab69) C:\windows\system32\DRIVERS\WUDFRd.sys
19:18:55.0826 5640	WUDFRd - ok
19:18:55.0936 5640	wudfsvc         (8d1e1e529a2c9e9b6a85b55a345f7629) C:\windows\System32\WUDFSvc.dll
19:18:56.0092 5640	wudfsvc - ok
19:18:56.0154 5640	WwanSvc         (ff2d745b560f7c71b31f30f4d49f73d2) C:\windows\System32\wwansvc.dll
19:18:56.0263 5640	WwanSvc - ok
19:18:56.0341 5640	MBR (0x1B8)     (a36c5e4f47e84449ff07ed3517b43a31) \Device\Harddisk0\DR0
19:18:56.0482 5640	\Device\Harddisk0\DR0 - ok
19:18:56.0497 5640	Boot (0x1200)   (7f363dc86fabf1d43127dc878f00e2e9) \Device\Harddisk0\DR0\Partition0
19:18:56.0497 5640	\Device\Harddisk0\DR0\Partition0 - ok
19:18:56.0544 5640	Boot (0x1200)   (e561d3855e7409f40c075f86402524ce) \Device\Harddisk0\DR0\Partition1
19:18:56.0544 5640	\Device\Harddisk0\DR0\Partition1 - ok
19:18:56.0560 5640	============================================================
19:18:56.0560 5640	Scan finished
19:18:56.0560 5640	============================================================
19:18:56.0591 5636	Detected object count: 8
19:18:56.0591 5636	Actual detected object count: 8
19:19:35.0279 5636	AsusService ( UnsignedFile.Multi.Generic ) - skipped by user
19:19:35.0279 5636	AsusService ( UnsignedFile.Multi.Generic ) - User select action: Skip 
19:19:35.0279 5636	IDriverT ( UnsignedFile.Multi.Generic ) - skipped by user
19:19:35.0279 5636	IDriverT ( UnsignedFile.Multi.Generic ) - User select action: Skip 
19:19:35.0295 5636	MSCSPTISRV ( UnsignedFile.Multi.Generic ) - skipped by user
19:19:35.0295 5636	MSCSPTISRV ( UnsignedFile.Multi.Generic ) - User select action: Skip 
19:19:35.0295 5636	Net Driver HPZ12 ( UnsignedFile.Multi.Generic ) - skipped by user
19:19:35.0295 5636	Net Driver HPZ12 ( UnsignedFile.Multi.Generic ) - User select action: Skip 
19:19:35.0310 5636	PACSPTISVR ( UnsignedFile.Multi.Generic ) - skipped by user
19:19:35.0310 5636	PACSPTISVR ( UnsignedFile.Multi.Generic ) - User select action: Skip 
19:19:35.0310 5636	Pml Driver HPZ12 ( UnsignedFile.Multi.Generic ) - skipped by user
19:19:35.0310 5636	Pml Driver HPZ12 ( UnsignedFile.Multi.Generic ) - User select action: Skip 
19:19:35.0326 5636	PxHelp20 ( UnsignedFile.Multi.Generic ) - skipped by user
19:19:35.0326 5636	PxHelp20 ( UnsignedFile.Multi.Generic ) - User select action: Skip 
19:19:35.0326 5636	SPTISRV ( UnsignedFile.Multi.Generic ) - skipped by user
19:19:35.0326 5636	SPTISRV ( UnsignedFile.Multi.Generic ) - User select action: Skip

cosinus · 15.04.2012, 14:58

Dann bitte jetzt CF ausführen:

ComboFix

Ein Leitfaden und Tutorium zur Nutzung von ComboFix

Lade dir ComboFix hier herunter auf deinen Desktop.

Schliesse alle Programme, vor allem dein Antivirenprogramm und andere Hintergrundwächter sowie deinen Internetbrowser.

Starte combofix.exe von deinem Desktop aus, bestätige die Warnmeldungen, führe die Updates durch (falls vorgeschlagen), installiere die Wiederherstellungskonsole (falls vorgeschlagen) und lass dein System durchsuchen.
Vermeide es auch während Combofix läuft die Maus und Tastatur zu benutzen.

Im Anschluss öffnet sich automatisch eine combofix.txt, diesen Inhalt bitte kopieren ([Strg]a, [Strg]c) und in deinen Beitrag einfügen ([Strg]v). Die Datei findest du außerdem unter: C:\ComboFix.txt.

Wichtiger Hinweis:

Combofix darf ausschließlich ausgeführt werden, wenn ein Kompetenzler dies ausdrücklich empfohlen hat!

Es sollte nie auf eigene Initiative hin ausgeführt werden! Eine falsche Benutzung kann ernsthafte Computerprobleme nach sich ziehen und eine Bereinigung der Infektion noch erschweren.

Solltest du nach der Ausführung von Combofix Probleme beim Starten von Anwendungen haben und Meldungen erhalten wie

Zitat:

Es wurde versucht, einen Registrierungsschlüssel einem ungültigen Vorgang zu unterziehen, der zum Löschen markiert wurde.

startest du Windows dann manuell neu und die Fehlermeldungen sollten nicht mehr auftauchen.

Eustace · 15.04.2012, 16:00

Combofix Logfile:

Code:

ATTFilter

ComboFix 12-04-15.01 - Alina 15.04.2012  16:40:05.1.4 - x86
Microsoft Windows 7 Starter   6.1.7601.1.1252.49.1031.18.1014.293 [GMT 2:00]
ausgeführt von:: c:\users\Alina\Desktop\ComboFix.exe
AV: Avira Desktop *Disabled/Updated* {F67B4DE5-C0B4-6C3F-0EFF-6C83BD5D0C2C}
SP: Avira Desktop *Disabled/Updated* {4D1AAC01-E68E-63B1-344F-57F1C6DA4691}
SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
.
((((((((((((((((((((((((((((((((((((   Weitere Löschungen   ))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\programdata\FullRemove.exe
c:\users\Alina\esetsmartinstaller_enu.exe
c:\users\Alina\OTL.exe
.
.
(((((((((((((((((((((((   Dateien erstellt von 2012-03-15 bis 2012-04-15  ))))))))))))))))))))))))))))))
.
.
2012-04-15 14:52 . 2012-04-15 14:53	--------	d-----w-	c:\users\Alina\AppData\Local\temp
2012-04-15 14:52 . 2012-04-15 14:52	--------	d-----w-	c:\users\Default\AppData\Local\temp
2012-04-15 14:36 . 2012-04-15 14:36	56200	----a-w-	c:\programdata\Microsoft\Windows Defender\Definition Updates\{B4EB9669-5E78-4D02-88C2-979793E6A732}\offreg.dll
2012-04-13 10:58 . 2012-04-13 10:58	--------	d-----w-	C:\_OTL
2012-04-13 09:21 . 2012-03-20 01:53	6582328	----a-w-	c:\programdata\Microsoft\Windows Defender\Definition Updates\{B4EB9669-5E78-4D02-88C2-979793E6A732}\mpengine.dll
2012-04-12 18:48 . 2012-04-12 18:48	--------	d-----w-	c:\program files\ESET
2012-04-12 09:06 . 2012-03-01 05:46	19824	----a-w-	c:\windows\system32\drivers\fs_rec.sys
2012-04-12 09:06 . 2012-03-01 05:37	172544	----a-w-	c:\windows\system32\wintrust.dll
2012-04-12 09:06 . 2012-03-01 05:33	159232	----a-w-	c:\windows\system32\imagehlp.dll
2012-04-12 09:06 . 2012-03-01 05:29	5120	----a-w-	c:\windows\system32\wmi.dll
2012-04-12 08:58 . 2012-02-03 03:54	2343424	----a-w-	c:\windows\system32\win32k.sys
2012-04-12 08:58 . 2012-02-10 05:38	1077248	----a-w-	c:\windows\system32\DWrite.dll
2012-04-12 08:57 . 2011-09-29 16:03	1290608	----a-w-	c:\windows\system32\drivers\tcpip.sys
2012-04-12 08:57 . 2011-11-17 05:38	1288472	----a-w-	c:\windows\system32\ntdll.dll
2012-04-12 08:57 . 2011-10-01 04:37	708608	----a-w-	c:\program files\Common Files\System\wab32.dll
2012-04-12 08:57 . 2011-12-30 05:27	478720	----a-w-	c:\windows\system32\timedate.cpl
2012-04-12 08:57 . 2011-11-05 04:26	2048	----a-w-	c:\windows\system32\tzres.dll
2012-04-12 08:55 . 2011-11-19 14:01	67072	----a-w-	c:\windows\system32\packager.dll
2012-04-12 08:55 . 2011-10-15 05:38	534528	----a-w-	c:\windows\system32\EncDec.dll
2012-04-12 08:55 . 2011-10-26 04:28	38912	----a-w-	c:\windows\system32\csrsrv.dll
2012-04-12 08:55 . 2011-10-26 04:32	1328128	----a-w-	c:\windows\system32\quartz.dll
2012-04-12 08:55 . 2011-10-26 04:32	514560	----a-w-	c:\windows\system32\qdvd.dll
2012-04-12 08:53 . 2012-03-06 05:59	3968368	----a-w-	c:\windows\system32\ntkrnlpa.exe
2012-04-12 08:53 . 2012-03-06 05:59	3913072	----a-w-	c:\windows\system32\ntoskrnl.exe
2012-04-12 08:44 . 2012-02-28 05:34	860672	----a-w-	c:\program files\Internet Explorer\iedvtool.dll
2012-04-12 08:44 . 2012-02-28 05:38	981504	----a-w-	c:\windows\system32\wininet.dll
2012-04-12 08:44 . 2012-02-28 05:34	163328	----a-w-	c:\program files\Internet Explorer\ieproxy.dll
2012-04-12 08:44 . 2012-02-28 03:52	1638912	----a-w-	c:\windows\system32\mshtml.tlb
2012-04-12 08:41 . 2012-01-25 05:32	58880	----a-w-	c:\windows\system32\rdpwsx.dll
2012-04-12 08:41 . 2012-01-25 05:32	129536	----a-w-	c:\windows\system32\rdpcorekmts.dll
2012-04-12 08:41 . 2012-01-25 05:27	8192	----a-w-	c:\windows\system32\rdrmemptylst.exe
2012-04-12 08:41 . 2012-02-17 05:34	826880	----a-w-	c:\windows\system32\rdpcore.dll
2012-04-12 08:41 . 2012-02-17 04:14	183808	----a-w-	c:\windows\system32\drivers\rdpwd.sys
2012-04-12 08:41 . 2012-02-17 04:13	24576	----a-w-	c:\windows\system32\drivers\tdtcp.sys
2012-04-11 14:02 . 2012-04-11 14:02	--------	d-----w-	c:\users\Alina\AppData\Roaming\Malwarebytes
2012-04-11 14:01 . 2012-04-11 14:01	--------	d-----w-	c:\programdata\Malwarebytes
2012-04-11 14:01 . 2012-04-04 13:56	22344	----a-w-	c:\windows\system32\drivers\mbam.sys
2012-04-11 14:01 . 2012-04-11 14:01	--------	d-----w-	c:\program files\Malwarebytes' Anti-Malware
2012-03-28 20:27 . 2012-03-28 20:27	--------	d-----w-	c:\program files\Common Files\Java
2012-03-28 20:26 . 2012-03-28 20:26	472808	----a-w-	c:\windows\system32\deployJava1.dll
2012-03-28 20:25 . 2012-03-28 20:25	--------	d-----w-	c:\program files\Java
2012-03-22 13:25 . 2012-03-22 13:25	592824	----a-w-	c:\program files\Mozilla Firefox\gkmedias.dll
2012-03-22 13:25 . 2012-03-22 13:25	44472	----a-w-	c:\program files\Mozilla Firefox\mozglue.dll
.
.
.
((((((((((((((((((((((((((((((((((((   Find3M Bericht   ))))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2012-02-23 08:18 . 2011-10-22 17:12	237072	------w-	c:\windows\system32\MpSigStub.exe
2012-02-15 14:01 . 2011-10-22 16:58	137416	----a-w-	c:\windows\system32\drivers\avipbb.sys
2012-03-22 13:25 . 2011-11-12 08:51	97208	----a-w-	c:\program files\mozilla firefox\components\browsercomps.dll
.
.
((((((((((((((((((((((((((((   Autostartpunkte der Registrierung   ))))))))))))))))))))))))))))))))))))))))
.
.
*Hinweis* leere Einträge & legitime Standardeinträge werden nicht angezeigt. 
REGEDIT4
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\AsusWSShellExt_B]
@="{CC5FC992-B0AA-47CD-9DC2-83445083CBB8}"
[HKEY_CLASSES_ROOT\CLSID\{CC5FC992-B0AA-47CD-9DC2-83445083CBB8}]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\AsusWSShellExt_O]
@="{618A47A2-528B-4D9A-AFC8-97D3233511E2}"
[HKEY_CLASSES_ROOT\CLSID\{618A47A2-528B-4D9A-AFC8-97D3233511E2}]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"IAAnotif"="c:\program files\Intel\Intel Matrix Storage Manager\iaanotif.exe" [2009-06-05 186904]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2009-02-28 35696]
"HotkeyMon"="AsusSender.exe" [2010-09-08 34728]
"HotkeyService"="AsusSender.exe" [2010-09-08 34728]
"SuperHybridEngine"="AsusSender.exe" [2010-09-08 34728]
"LiveUpdate"="AsusSender.exe" [2010-09-08 34728]
"CapsHook"="AsusSender.exe" [2010-09-08 34728]
"Eee Docking"="c:\program files\ASUS\Eee Docking\Eee Docking.exe" [2010-06-10 414384]
"GraphicsSwitch"="AsusSender.exe" [2010-09-08 34728]
"IgfxTray"="c:\windows\system32\igfxtray.exe" [2010-05-10 141848]
"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2010-05-10 173592]
"Persistence"="c:\windows\system32\igfxpers.exe" [2010-05-10 150552]
"RtHDVCpl"="c:\program files\Realtek\Audio\HDA\RtHDVCpl.exe" [2010-02-25 8522272]
"SynTPEnh"="c:\program files\Synaptics\SynTP\SynTPEnh.exe" [2009-11-19 1594664]
"LivCam"="c:\program files\ASUS\LivCam\LivCam.exe" [2009-11-19 284160]
"UCam_Menu"="c:\program files\CyberLink\YouCam\MUITransfer\MUIStartMenu.exe" [2009-05-19 222504]
"Boingo Wi-Fi"="c:\program files\Boingo\Boingo Wi-Fi\Boingo.lnk" [2011-10-17 2429]
"ASUSPRP"="c:\program files\ASUS\APRP\APRP.EXE" [2010-09-14 2018032]
"SynAsusAcpi"="c:\program files\Synaptics\SynTP\SynAsusAcpi.exe" [2009-11-19 83240]
"avgnt"="c:\program files\Avira\AntiVir Desktop\avgnt.exe" [2011-10-11 258512]
"ASUSWebStorage"="c:\program files\ASUS\ASUS WebStorage\3.0.108.222\AsusWSPanel.exe" [2011-07-29 737104]
"APSDaemon"="c:\program files\Common Files\Apple\Apple Application Support\APSDaemon.exe" [2011-09-27 59240]
"iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2011-11-12 421736]
"SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2012-01-18 254696]
.
c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
AsusVibeLauncher.lnk - c:\program files\ASUS\AsusVibe\AsusVibeLauncher.exe [2012-3-3 549040]
Bluetooth.lnk - c:\program files\WIDCOMM\Bluetooth Software\BTTray.exe [2009-8-3 795936]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 5 (0x5)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableUIADesktopToggle"= 0 (0x0)
.
R2 AsusService;Asus Launcher Service;c:\windows\System32\AsusService.exe [2009-08-19 219136]
R2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-03-18 130384]
R3 BBSvc;Bing Bar Update Service;c:\program files\Microsoft\BingBar\BBSvc.EXE [2011-04-01 183560]
R3 btusbflt;Bluetooth USB Filter;c:\windows\system32\drivers\btusbflt.sys [2009-07-01 43944]
R3 btwl2cap;Bluetooth L2CAP Service;c:\windows\system32\DRIVERS\btwl2cap.sys [2009-04-07 29472]
R3 osppsvc;Office Software Protection Platform;c:\program files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE [2010-01-09 4640000]
R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys [2010-11-20 52224]
S1 AsUpIO;AsUpIO;c:\windows\system32\drivers\AsUpIO.sys [2010-03-31 11520]
S1 avkmgr;avkmgr;c:\windows\system32\DRIVERS\avkmgr.sys [2011-10-11 36000]
S1 vwififlt;Virtual WiFi Filter Driver;c:\windows\system32\DRIVERS\vwififlt.sys [2009-07-13 48128]
S2 AntiVirSchedulerService;Avira Planer;c:\program files\Avira\AntiVir Desktop\sched.exe [2011-10-11 86224]
S2 cvhsvc;Client Virtualization Handler;c:\program files\Common Files\Microsoft Shared\Virtualization Handler\CVHSVC.EXE [2012-01-04 822624]
S2 sftlist;Application Virtualization Client;c:\program files\Microsoft Application Virtualization Client\sftlist.exe [2011-10-01 508776]
S3 L1C;NDIS Miniport Driver for Atheros AR8131/AR8132 PCI-E Ethernet Controller (NDIS 6.20);c:\windows\system32\DRIVERS\L1C62x86.sys [2009-07-27 51712]
S3 Sftfs;Sftfs;c:\windows\system32\DRIVERS\Sftfslh.sys [2011-10-01 579944]
S3 Sftplay;Sftplay;c:\windows\system32\DRIVERS\Sftplaylh.sys [2011-10-01 194408]
S3 Sftredir;Sftredir;c:\windows\system32\DRIVERS\Sftredirlh.sys [2011-10-01 21864]
S3 Sftvol;Sftvol;c:\windows\system32\DRIVERS\Sftvollh.sys [2011-10-01 19304]
S3 sftvsa;Application Virtualization Service Agent;c:\program files\Microsoft Application Virtualization Client\sftvsa.exe [2011-10-01 219496]
.
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
LocalServiceAndNoImpersonation	REG_MULTI_SZ   	SSDPSRV upnphost SCardSvr TBS FontCache fdrespub AppIDSvc QWAVE wcncsvc
HPZ12	REG_MULTI_SZ   	Pml Driver HPZ12 Net Driver HPZ12
.
Inhalt des "geplante Tasks" Ordners
.
2012-02-05 c:\windows\Tasks\Norton Security Scan for Alina.job
- c:\progra~1\NORTON~2\Engine\351~1.10\Nss.exe [2012-02-04 07:02]
.
.
------- Zusätzlicher Suchlauf -------
.
uStart Page = hxxp://www.google.de/
uInternet Settings,ProxyOverride = *.local
IE: Free YouTube to MP3 Converter - c:\users\Alina\AppData\Roaming\DVDVideoSoftIEHelpers\freeyoutubetomp3converter.htm
TCP: DhcpNameServer = 192.168.2.1
FF - ProfilePath - c:\users\Alina\AppData\Roaming\Mozilla\Firefox\Profiles\4v2rjtrr.default\
FF - prefs.js: browser.startup.homepage - hxxp://www.google.de/
FF - prefs.js: network.proxy.type - 0
.
- - - - Entfernte verwaiste Registrierungseinträge - - - -
.
HKLM-Run-EeeSplendidAgent - c:\program files\ASUS\EPC\EeeSplendid\AsAgent.exe
.
.
.
--------------------- Gesperrte Registrierungsschluessel ---------------------
.
[HKEY_USERS\S-1-5-21-172706901-155862144-3271113608-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.eml\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="WindowsLiveMail.Email.1"
.
[HKEY_USERS\S-1-5-21-172706901-155862144-3271113608-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.vcf\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="WindowsLiveMail.VCard.1"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
Zeit der Fertigstellung: 2012-04-15  16:58:17
ComboFix-quarantined-files.txt  2012-04-15 14:58
.
Vor Suchlauf: 8 Verzeichnis(se), 78.675.783.680 Bytes frei
Nach Suchlauf: 13 Verzeichnis(se), 78.316.023.808 Bytes frei
.
- - End Of File - - FA53B12FEE55F087583E267926A60463

[/CODE]
--- --- ---

cosinus · 15.04.2012, 16:36

Bitte nun Logs mit GMER und OSAM erstellen und posten.
GMER stürzt häufiger ab, wenn das Tool auch beim 2. Mal nicht will, lass es einfach weg und führ nur OSAM aus - die Online-Abfrage durch OSAM bitte überspringen.
Bei OSAM bitte darauf auch achten, dass Du das Log auch als *.log und nicht *.html oder so abspeicherst.

Hinweis: Zum Entpacken von OSAM bitte WinRAR oder 7zip verwenden! Stell auch unbedingt den Virenscanner ab, besonders der Scanner von McAfee meldet oft einen Fehalarm in OSAM!

Downloade dir bitte

aswMBR.exe und speichere die Datei auf deinem Desktop.

Starte die aswMBR.exe - (aswMBR.exe Anleitung)
Ab Windows Vista (oder höher) bitte mit Rechtsklick "als Administrator ausführen" starten".
Das Tool wird dich fragen, ob Du mit der aktuellen Virendefinition von AVAST! dein System scannen willst. Beantworte diese Frage bitte mit Ja. (Sollte deine Firewall fragen, bitte den Zugriff auf das Internet zulassen )
Der Download der Definitionen kann je nach Verbindung eine Weile dauern.
Klicke auf Scan.
Warte bitte bis Scan finished successfully im DOS-Fenster steht.
Drücke auf Save Log und speichere diese auf dem Desktop.

Poste mir die aswMBR.txt in deiner nächsten Antwort.

Wichtig: Drücke keinesfalls einen der Fix Buttons ohne Anweisung

Hinweis: Sollte der Scan Button ausgeblendet sein, schließe das Tool und starte es erneut. Sollte der Scan abbrechen und das Programm abstürzen, dann teile mir das mit und wähle unter AV Scan die Einstellung (none).

Noch ein Hinweis: Sollte aswMBR abstürzen und es kommt eine Meldung wie "aswMBR.exe funktioniert nicht mehr, dann mach Folgendes:
Starte aswMBR neu, wähle unten links im Drop-Down-Menü (unten links im Fenster von aswMBR) bei "AV scan" (none) aus und klick nochmal auf den Scan-Button.

Eustace · 15.04.2012, 19:02

Hier GMER und OSAM
Und als Datei noch aswMBR
Eine Frage - Ich hab jetzt aufm Desktop eine Datei die heißt "MBR.dat" Brauche ich die noch oder was ist das??

GMER Logfile:

Code:

ATTFilter

GMER 1.0.15.15641 - hxxp://www.gmer.net
Rootkit scan 2012-04-15 19:03:52
Windows 6.1.7601 Service Pack 1 Harddisk0\DR0 -> \Device\Ide\IAAStorageDevice-0 ST925031 rev.0003
Running: 4l3bh4ep.exe; Driver: C:\Users\Alina\AppData\Local\Temp\uglorpog.sys


---- System - GMER 1.0.15 ----

SSDT            8ABF015E                                                                                                                                                                                                                           ZwCreateSection
SSDT            8ABF0168                                                                                                                                                                                                                           ZwRequestWaitReplyPort
SSDT            8ABF0163                                                                                                                                                                                                                           ZwSetContextThread
SSDT            8ABF016D                                                                                                                                                                                                                           ZwSetSecurityObject
SSDT            8ABF0172                                                                                                                                                                                                                           ZwSystemDebugControl
SSDT            8ABF00FF                                                                                                                                                                                                                           ZwTerminateProcess

---- Kernel code sections - GMER 1.0.15 ----

.text           ntkrnlpa.exe!ZwSaveKey + 13C1                                                                                                                                                                                                      81C8D359 1 Byte  [06]
.text           ntkrnlpa.exe!KiDispatchInterrupt + 5A2                                                                                                                                                                                             81CC6D52 19 Bytes  [E0, 0F, BA, F0, 07, 73, 09, ...] {LOOPNZ 0x11; MOV EDX, 0x97307f0; MOV CR4, EAX; OR AL, 0x80; MOV CR4, EAX; RET ; MOV ECX, CR3}
.text           ntkrnlpa.exe!KeRemoveQueueEx + 11F7                                                                                                                                                                                                81CCDECC 4 Bytes  [5E, 01, BF, 8A]
.text           ntkrnlpa.exe!KeRemoveQueueEx + 1553                                                                                                                                                                                                81CCE228 4 Bytes  [68, 01, BF, 8A]
.text           ntkrnlpa.exe!KeRemoveQueueEx + 1597                                                                                                                                                                                                81CCE26C 4 Bytes  [63, 01, BF, 8A]
.text           ntkrnlpa.exe!KeRemoveQueueEx + 1613                                                                                                                                                                                                81CCE2E8 4 Bytes  [6D, 01, BF, 8A]
.text           ntkrnlpa.exe!KeRemoveQueueEx + 1667                                                                                                                                                                                                81CCE33C 4 Bytes  [72, 01, BF, 8A]
.text           ...                                                                                                                                                                                                                                
?               C:\windows\system32\Drivers\PROCEXP113.SYS                                                                                                                                                                                         Das System kann die angegebene Datei nicht finden. !
?               C:\Users\Alina\AppData\Local\Temp\catchme.sys                                                                                                                                                                                      Das System kann die angegebene Datei nicht finden. !

---- User IAT/EAT - GMER 1.0.15 ----

IAT             C:\Program Files\Asus\LiveUpdate\LiveUpdate.exe[2424] @ C:\windows\system32\USER32.dll [KERNEL32.dll!GetProcAddress]                                                                                                               [7574FFF6] C:\windows\system32\apphelp.dll (Clientbibliothek für Anwendungskompatibilität/Microsoft Corporation)
IAT             C:\Program Files\Asus\LiveUpdate\LiveUpdate.exe[2424] @ C:\windows\system32\GDI32.dll [KERNEL32.dll!GetProcAddress]                                                                                                                [7574FFF6] C:\windows\system32\apphelp.dll (Clientbibliothek für Anwendungskompatibilität/Microsoft Corporation)
IAT             C:\Program Files\Asus\LiveUpdate\LiveUpdate.exe[2424] @ C:\windows\system32\WININET.dll [KERNEL32.dll!GetProcAddress]                                                                                                              [7574FFF6] C:\windows\system32\apphelp.dll (Clientbibliothek für Anwendungskompatibilität/Microsoft Corporation)
IAT             C:\Program Files\Asus\LiveUpdate\LiveUpdate.exe[2424] @ C:\windows\system32\SHLWAPI.dll [KERNEL32.dll!GetProcAddress]                                                                                                              [7574FFF6] C:\windows\system32\apphelp.dll (Clientbibliothek für Anwendungskompatibilität/Microsoft Corporation)
IAT             C:\Program Files\Asus\LiveUpdate\LiveUpdate.exe[2424] @ C:\windows\system32\ADVAPI32.dll [KERNEL32.dll!GetProcAddress]                                                                                                             [7574FFF6] C:\windows\system32\apphelp.dll (Clientbibliothek für Anwendungskompatibilität/Microsoft Corporation)
IAT             C:\Program Files\Asus\LiveUpdate\LiveUpdate.exe[2424] @ C:\windows\system32\CRYPT32.dll [KERNEL32.dll!GetProcAddress]                                                                                                              [7574FFF6] C:\windows\system32\apphelp.dll (Clientbibliothek für Anwendungskompatibilität/Microsoft Corporation)

---- Devices - GMER 1.0.15 ----

AttachedDevice  \Driver\kbdclass \Device\KeyboardClass0                                                                                                                                                                                            Wdf01000.sys (Kernelmodustreiber-Frameworklaufzeit/Microsoft Corporation)
AttachedDevice  \Driver\kbdclass \Device\KeyboardClass1                                                                                                                                                                                            Wdf01000.sys (Kernelmodustreiber-Frameworklaufzeit/Microsoft Corporation)

Device          \Driver\ACPI_HAL \Device\00000048                                                                                                                                                                                                  halmacpi.dll (Hardware Abstraction Layer DLL/Microsoft Corporation)

AttachedDevice  \Driver\volmgr \Device\HarddiskVolume1                                                                                                                                                                                             fvevol.sys (BitLocker Drive Encryption Driver/Microsoft Corporation)
AttachedDevice  \Driver\volmgr \Device\HarddiskVolume1                                                                                                                                                                                             rdyboost.sys (ReadyBoost Driver/Microsoft Corporation)
AttachedDevice  \Driver\volmgr \Device\HarddiskVolume2                                                                                                                                                                                             fvevol.sys (BitLocker Drive Encryption Driver/Microsoft Corporation)
AttachedDevice  \Driver\volmgr \Device\HarddiskVolume2                                                                                                                                                                                             rdyboost.sys (ReadyBoost Driver/Microsoft Corporation)
AttachedDevice  \Driver\volmgr \Device\HarddiskVolume3                                                                                                                                                                                             fvevol.sys (BitLocker Drive Encryption Driver/Microsoft Corporation)
AttachedDevice  \Driver\volmgr \Device\HarddiskVolume3                                                                                                                                                                                             rdyboost.sys (ReadyBoost Driver/Microsoft Corporation)
AttachedDevice  \Driver\volmgr \Device\HarddiskVolume4                                                                                                                                                                                             fvevol.sys (BitLocker Drive Encryption Driver/Microsoft Corporation)
AttachedDevice  \Driver\volmgr \Device\HarddiskVolume4                                                                                                                                                                                             rdyboost.sys (ReadyBoost Driver/Microsoft Corporation)
AttachedDevice  \FileSystem\fastfat \Fat                                                                                                                                                                                                           fltmgr.sys (Microsoft Dateisystem-Filter-Manager/Microsoft Corporation)

---- Registry - GMER 1.0.15 ----

Reg             HKLM\SYSTEM\CurrentControlSet\services\BTHPORT\Parameters\Keys\1c4bd617faed                                                                                                                                                        
Reg             HKLM\SYSTEM\CurrentControlSet\services\BTHPORT\Parameters\Keys\74f06db258d4                                                                                                                                                        
Reg             HKLM\SYSTEM\ControlSet002\services\BTHPORT\Parameters\Keys\1c4bd617faed (not active ControlSet)                                                                                                                                    
Reg             HKLM\SYSTEM\ControlSet002\services\BTHPORT\Parameters\Keys\74f06db258d4 (not active ControlSet)                                                                                                                                    
Reg             HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\StartPage\NewShortcuts@C:\Users\Administrator\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Intel\xae Matrix Storage Manager\Intel\xae Matrix Storage Console.lnk  1
Reg             HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\StartPage\NewShortcuts@C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Intel\xae Matrix Storage Manager\Intel\xae Matrix Storage Console.lnk                          1

---- EOF - GMER 1.0.15 ----

[/CODE]
--- --- ---

OSAM Logfile:

Code:

ATTFilter

Report of OSAM: Autorun Manager v5.0.11926.0
hxxp://www.online-solutions.ru/en/
Saved at 19:19:06 on 15.04.2012

OS: Windows 7 Starter Edition Service Pack 1 (Build 7601), 32-bit
Default Browser: Mozilla Corporation Firefox 11.0

Scanner Settings
[x] Rootkits detection (hidden registry)
[x] Rootkits detection (hidden files)
[x] Retrieve files information
[x] Check Microsoft signatures

Filters
[ ] Trusted entries
[ ] Empty entries
[x] Hidden registry entries (rootkit activity)
[x] Exclusively opened files
[x] Not found files
[x] Files without detailed information
[x] Existing files
[ ] Non-startable services
[ ] Non-startable drivers
[x] Active entries
[x] Disabled entries


[Common]
-----( %SystemRoot%\Tasks )-----
"Norton Security Scan for Alina.job" - "Symantec Corporation" - C:\PROGRA~1\NORTON~2\Engine\351~1.10\Nss.exe

[Control Panel Objects]
-----( %SystemRoot%\system32 )-----
"FlashPlayerCPLApp.cpl" - "Adobe Systems Incorporated" - C:\windows\system32\FlashPlayerCPLApp.cpl

[Drivers]
-----( HKLM\SYSTEM\CurrentControlSet\Services )-----
"AsUpIO" (AsUpIO) - ? - C:\windows\System32\drivers\AsUpIO.sys  (File found, but it contains no detailed information)
"avgntflt" (avgntflt) - "Avira GmbH" - C:\windows\System32\DRIVERS\avgntflt.sys
"avipbb" (avipbb) - "Avira GmbH" - C:\windows\System32\DRIVERS\avipbb.sys
"avkmgr" (avkmgr) - "Avira GmbH" - C:\windows\System32\DRIVERS\avkmgr.sys
"catchme" (catchme) - ? - C:\Users\Alina\AppData\Local\Temp\catchme.sys  (File not found)
"PxHelp20" (PxHelp20) - "Sonic Solutions" - C:\windows\System32\Drivers\PxHelp20.sys
"Sftfs" (Sftfs) - "Microsoft Corporation" - C:\windows\System32\DRIVERS\Sftfslh.sys
"Sftplay" (Sftplay) - "Microsoft Corporation" - C:\windows\System32\DRIVERS\Sftplaylh.sys
"Sftredir" (Sftredir) - "Microsoft Corporation" - C:\windows\System32\DRIVERS\Sftredirlh.sys
"Sftvol" (Sftvol) - "Microsoft Corporation" - C:\windows\System32\DRIVERS\Sftvollh.sys
"ssmdrv" (ssmdrv) - "Avira GmbH" - C:\windows\System32\DRIVERS\ssmdrv.sys

[Explorer]
-----( HKLM\Software\Classes\Folder\shellex\ColumnHandlers )-----
{F9DB5320-233E-11D1-9F84-707F02C10627} "PDF Shell Extension" - "Adobe Systems, Inc." - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\PDFShell.dll
-----( HKLM\Software\Classes\Protocols\Handler )-----
{FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} "IEProtocolHandler Class" - "Skype Technologies" - C:\Program Files\Aibelive\Voice Command\Skype4COM.dll
-----( HKLM\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved )-----
{23170F69-40C1-278A-1000-000100020000} "7-Zip Shell Extension" - "Igor Pavlov" - C:\Program Files\7-Zip\7-zip.dll
{B9E1D2CB-CCFF-4AA6-9579-D7A4754030EF} "iTunes" - "Apple Inc." - C:\Program Files\iTunes\iTunesMiniPlayer.dll
{0875DCB6-C686-4243-9432-ADCCF0B9F2D7} "Microsoft OneNote Namespace Extension for Windows Desktop Search" - "Microsoft Corporation" - C:\Program Files\Microsoft Office\Office14\ONFILTER.DLL
{45AC2688-0253-4ED8-97DE-B5370FA7D48A} "Shell Extension for Malware scanning" - "Avira Operations GmbH & Co. KG" - C:\Program Files\Avira\AntiVir Desktop\shlext.dll

[Internet Explorer]
-----( HKCU\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser )-----
ITBar7Height "ITBar7Height" - ? -   (File not found | COM-object registry key not found)
<binary data> "ITBar7Layout" - ? -   (File not found | COM-object registry key not found)
-----( HKLM\SOFTWARE\Microsoft\Code Store Database\Distribution Units )-----
{8AD9C840-044E-11D1-B3E9-00805F499D93} "Java Plug-in 1.6.0_31" - "Sun Microsystems, Inc." - C:\Program Files\Java\jre6\bin\jp2iexp.dll / hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab
{CAFEEFAC-0016-0000-0031-ABCDEFFEDCBA} "Java Plug-in 1.6.0_31" - "Sun Microsystems, Inc." - C:\Program Files\Java\jre6\bin\jp2iexp.dll / hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab
{CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} "Java Plug-in 1.6.0_31" - "Sun Microsystems, Inc." - C:\Program Files\Java\jre6\bin\npjpi160_31.dll / hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab
-----( HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects )-----
{18DF081C-E8AD-4283-A596-FA578C2EBDC3} "Adobe PDF Link Helper" - "Adobe Systems Incorporated" - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
{DBC80044-A445-435b-BC74-9C25C1C588A9} "Java(tm) Plug-In 2 SSV Helper" - "Sun Microsystems, Inc." - C:\Program Files\Java\jre6\bin\jp2ssv.dll
{761497BB-D6F0-462C-B6EB-D4DAF1D92D43} "Java(tm) Plug-In SSV Helper" - "Sun Microsystems, Inc." - C:\Program Files\Java\jre6\bin\ssv.dll

[Logon]
-----( %APPDATA%\Microsoft\Windows\Start Menu\Programs\Startup )-----
"desktop.ini" - ? - C:\Users\Alina\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\desktop.ini
-----( %AllUsersProfile%\Microsoft\Windows\Start Menu\Programs\Startup )-----
"AsusVibeLauncher.lnk" - "ASUSTeK Computer Inc." - C:\Program Files\ASUS\AsusVibe\AsusVibeLauncher.exe  (Shortcut exists | File exists)
"desktop.ini" - ? - C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\desktop.ini
"Bluetooth.lnk" - "Broadcom Corporation." - C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe  (Shortcut exists | File exists)
-----( HKLM\SYSTEM\CurrentControlSet\Control\Terminal Server\Wds\rdpwd )-----
"StartupPrograms" - ? - rdpclip  (File not found)
-----( HKLM\Software\Microsoft\Windows\CurrentVersion\Run )-----
"Adobe Reader Speed Launcher" - "Adobe Systems Incorporated" - "C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe"
"APSDaemon" - "Apple Inc." - "C:\Program Files\Common Files\Apple\Apple Application Support\APSDaemon.exe"
"ASUSPRP" - "ASUSTek Computer Inc." - C:\Program Files\ASUS\APRP\APRP.EXE
"ASUSWebStorage" - "ecareme" - C:\Program Files\ASUS\ASUS WebStorage\3.0.108.222\AsusWSPanel.exe /S
"avgnt" - "Avira Operations GmbH & Co. KG" - "C:\Program Files\Avira\AntiVir Desktop\avgnt.exe" /min
"Boingo Wi-Fi" - ? - "C:\Program Files\Boingo\Boingo Wi-Fi\Boingo.lnk"
"CapsHook" - "ASUSTek Computer Inc." - AsusSender.exe C:\Program Files\EeePC\CapsHook\CapsHook.exe
"Eee Docking" - ? - C:\Program Files\ASUS\Eee Docking\Eee Docking.exe autorun
"GraphicsSwitch" - "ASUSTek Computer Inc." - AsusSender.exe C:\Program Files\Asus\GraphicsSwitch\GPUStatusMonitor.exe
"HotkeyMon" - "ASUSTek Computer Inc." - AsusSender.exe C:\Program Files\EeePC\HotkeyService\HotKeyMon.exe
"HotkeyService" - "ASUSTek Computer Inc." - AsusSender.exe C:\Program Files\EeePC\HotkeyService\HotkeyService.exe
"IAAnotif" - "Intel Corporation" - C:\Program Files\Intel\Intel Matrix Storage Manager\iaanotif.exe
"iTunesHelper" - "Apple Inc." - "C:\Program Files\iTunes\iTunesHelper.exe"
"LivCam" - "ASUSTek" - "C:\Program Files\ASUS\LivCam\LivCam.exe"
"LiveUpdate" - "ASUSTek Computer Inc." - AsusSender.exe C:\Program Files\Asus\LiveUpdate\LiveUpdate.exe auto
"SunJavaUpdateSched" - "Sun Microsystems, Inc." - "C:\Program Files\Common Files\Java\Java Update\jusched.exe"
"SuperHybridEngine" - "ASUSTek Computer Inc." - AsusSender.exe C:\Program Files\EeePC\SHE\SuperHybridEngine.exe
"UCam_Menu" - "CyberLink Corp." - "C:\Program Files\CyberLink\YouCam\MUITransfer\MUIStartMenu.exe" "C:\Program Files\CyberLink\YouCam" UpdateWithCreateOnce "Software\CyberLink\YouCam\2.0"

[Services]
-----( HKLM\SYSTEM\CurrentControlSet\Services )-----
"Apple Mobile Device" (Apple Mobile Device) - "Apple Inc." - C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
"Application Virtualization Client" (sftlist) - "Microsoft Corporation" - C:\Program Files\Microsoft Application Virtualization Client\sftlist.exe
"Application Virtualization Service Agent" (sftvsa) - "Microsoft Corporation" - C:\Program Files\Microsoft Application Virtualization Client\sftvsa.exe
"Asus Launcher Service" (AsusService) - ? - C:\Windows\System32\AsusService.exe  (File found, but it contains no detailed information)
"Avira Echtzeit Scanner" (AntiVirService) - "Avira Operations GmbH & Co. KG" - C:\Program Files\Avira\AntiVir Desktop\avguard.exe
"Avira Planer" (AntiVirSchedulerService) - "Avira Operations GmbH & Co. KG" - C:\Program Files\Avira\AntiVir Desktop\sched.exe
"Bing Bar Update Service" (BBSvc) - "Microsoft Corporation." - C:\Program Files\Microsoft\BingBar\BBSvc.EXE
"Bluetooth Service" (btwdins) - "Broadcom Corporation." - C:\Program Files\WIDCOMM\Bluetooth Software\btwdins.exe
"Client Virtualization Handler" (cvhsvc) - "Microsoft Corporation" - C:\Program Files\Common Files\Microsoft Shared\Virtualization Handler\CVHSVC.EXE
"Dienst "Bonjour"" (Bonjour Service) - "Apple Inc." - C:\Program Files\Bonjour\mDNSResponder.exe
"InstallDriver Table Manager" (IDriverT) - "Macrovision Corporation" - C:\Program Files\Common Files\InstallShield\Driver\1150\Intel 32\IDriverT.exe
"Intel(R) Matrix Storage Event Monitor" (IAANTMON) - "Intel Corporation" - C:\Program Files\Intel\Intel Matrix Storage Manager\IAANTMon.exe
"iPod-Dienst" (iPod Service) - "Apple Inc." - C:\Program Files\iPod\bin\iPodService.exe
"Microsoft .NET Framework NGEN v4.0.30319_X86" (clr_optimization_v4.0.30319_32) - "Microsoft Corporation" - C:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe
"MSCSPTISRV" (MSCSPTISRV) - "Sony Corporation" - C:\Program Files\Common Files\Sony Shared\AVLib\MSCSPTISRV.exe
"Net Driver HPZ12" (Net Driver HPZ12) - "Hewlett-Packard" - C:\windows\system32\HPZinw12.dll
"Office  Source Engine" (ose) - "Microsoft Corporation" - C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE
"Office Software Protection Platform" (osppsvc) - "Microsoft Corporation" - C:\Program Files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE
"PACSPTISVR" (PACSPTISVR) - ? - C:\Program Files\Common Files\Sony Shared\AVLib\PACSPTISVR.exe
"Pml Driver HPZ12" (Pml Driver HPZ12) - "Hewlett-Packard" - C:\windows\system32\HPZipm12.dll
"SeaPort" (SeaPort) - "Microsoft Corporation" - C:\Program Files\Microsoft\BingBar\SeaPort.EXE
"SonicStage Back-End Service" (SonicStage Back-End Service) - "Sony Corporation" - C:\Program Files\Common Files\Sony Shared\AVLib\SsBeSvc.exe
"SonicStage SCSI Service" (SSScsiSV) - "Sony Corporation" - C:\Program Files\Common Files\Sony Shared\AVLib\SSScsiSV.exe
"Sony SPTI Service" (SPTISRV) - "Sony Corporation" - C:\Program Files\Common Files\Sony Shared\AVLib\SPTISRV.exe

[Winsock Providers]
-----( HKLM\SYSTEM\CurrentControlSet\Services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries )-----
"mdnsNSP" - "Apple Inc." - C:\Program Files\Bonjour\mdnsNSP.dll

===[ Logfile end ]=========================================[ Logfile end ]===

--- --- ---

If You have questions or want to get some help, You can visit hxxp://forum.online-solutions.ru [/code]

E-Mail verschickt Links von alleine. Immer an die gleiche Person. Malware Scan findet nichts!

Plagegeister aller Art und deren Bekämpfung: E-Mail verschickt Links von alleine. Immer an die gleiche Person. Malware Scan findet nichts!