Mein GMX-Account verschickt Spammails

matjes80 · 05.05.2012, 20:07

Hallo!

Ich hab wenig Ahnung dafür aber ein Problem...

Mein GMX Account verschickt seit dem 1. Mai so ca. 7.00Uhr Spammails an mein gesamtes Adressbuch und an Teile meines "gesendet"- Ordners.

Hab es an diesen "Mail Delivery System"-Mails gemerkt. Diese kommen jetzt übrigens regelmäßig täglich von 8.00-9.00 immer an dieselben Adressen.

Hab Adressbuch und alle Ordner gelöscht. Wechsel fast täglich mein Passwort und mache es immer komplizierter. Kontakt mit GMX-Support aufgenommen aber noch keine Antwort bekommen.

Ich lock mich immer direkt bei GMX ein und benutz kein Outlook oder sowas.

Ich hab AntiVir, Malwarebytes (Vollscan), Spybot, CCleaner und TuneUp "drüber" laufen lassen. Ohne Funde soweit ich das erkenne. Hab jetzt die hier im Forum Empfohlenen Scan-Programme (Eset, OTL und diese drei für alle Hilfsuchenden) mir schon mal besorgt und freue mich auf Ratschläge.

Bei defogger gab es keine Fehlermeldung.

Schon mal im vorraus vielen Dank für die Mühe und Geduld mit mir!

[code]
.DDS Logfile:

Code:

ATTFilter

DDS (Ver_2011-08-26.01) - NTFSx86 
Internet Explorer: 7.0.6000.16982
Run by Matze at 20:04:59 on 2012-05-05
Microsoft® Windows Vista™ Home Premium   6.0.6000.0.1252.49.1031.18.3071.2142 [GMT 2:00]
.
.
============== Running Processes ===============
.
C:\Windows\system32\wininit.exe
C:\Windows\system32\lsm.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\nvvsvc.exe
C:\Windows\system32\svchost.exe -k rpcss
C:\Windows\System32\svchost.exe -k secsvcs
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k netsvcs
C:\Windows\system32\SLsvc.exe
C:\Windows\system32\svchost.exe -k LocalService
C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe
C:\Windows\system32\nvvsvc.exe
C:\Windows\system32\svchost.exe -k NetworkService
C:\Windows\System32\spoolsv.exe
C:\Program Files\Avira\AntiVir Desktop\sched.exe
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
C:\Windows\system32\taskeng.exe
C:\Program Files\Windows Defender\MSASCui.exe
C:\Windows\RtHDVCpl.exe
C:\Program Files\Microsoft IntelliType Pro\itype.exe
C:\Program Files\Microsoft IntelliPoint\ipoint.exe
C:\Program Files\Avira\AntiVir Desktop\avgnt.exe
C:\Program Files\Windows Sidebar\sidebar.exe
C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
C:\Program Files\NVIDIA Corporation\Display\nvtray.exe
C:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe
C:\Program Files\Avira\AntiVir Desktop\avguard.exe
C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted
C:\Windows\system32\svchost.exe -k imgsvc
C:\Program Files\TuneUp Utilities 2010\TuneUpUtilitiesService32.exe
C:\Windows\System32\svchost.exe -k WerSvcGroup
C:\Program Files\Spybot - Search & Destroy\SDWinSec.exe
C:\Program Files\TuneUp Utilities 2010\TuneUpUtilitiesApp32.exe
C:\Windows\system32\WUDFHost.exe
C:\Program Files\Avira\AntiVir Desktop\avshadow.exe
C:\Windows\system32\taskeng.exe
C:\Program Files\NVIDIA Corporation\NVIDIA Updatus\daemonu.exe
C:\Windows\system32\wuauclt.exe
C:\Windows\system32\taskeng.exe
C:\Windows\system32\DllHost.exe
C:\Windows\system32\DllHost.exe
C:\Windows\system32\wbem\wmiprvse.exe
.
============== Pseudo HJT Report ===============
.
uStart Page = hxxp://www.gmx.de/
mStart Page = hxxp://search.searchonme.com/
BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelperShim.dll
BHO: Spybot-S&D IE Protection: {53707962-6f74-2d53-2644-206d7942484f} - c:\progra~1\spybot~1\SDHelper.dll
uRun: [Sidebar] c:\program files\windows sidebar\sidebar.exe /autoRun
uRun: [SpybotSD TeaTimer] c:\program files\spybot - search & destroy\TeaTimer.exe
mRun: [Windows Defender] %ProgramFiles%\Windows Defender\MSASCui.exe -hide
mRun: [RtHDVCpl] RtHDVCpl.exe
mRun: [Skytel] Skytel.exe
mRun: [itype] "c:\program files\microsoft intellitype pro\itype.exe"
mRun: [IntelliPoint] "c:\program files\microsoft intellipoint\ipoint.exe"
mRun: [avgnt] "c:\program files\avira\antivir desktop\avgnt.exe" /min
IE: {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - {53707962-6F74-2D53-2644-206D7942484F} - c:\progra~1\spybot~1\SDHelper.dll
DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} - hxxp://fpdownload2.macromedia.com/get/flashplayer/current/swflash.cab
TCP: DhcpNameServer = 192.168.220.1
TCP: Interfaces\{4C3C6723-963E-4E09-A060-452EE71E4B9C} : DhcpNameServer = 192.168.220.1
.
================= FIREFOX ===================
.
FF - ProfilePath - c:\users\matze\appdata\roaming\mozilla\firefox\profiles\uig1ebrz.default\
FF - prefs.js: browser.search.selectedEngine - Google
FF - prefs.js: browser.startup.homepage - www.gmx.de
FF - prefs.js: keyword.URL - hxxp://search.searchonme.com/?q=
FF - plugin: c:\program files\adobe\reader 10.0\reader\air\nppdf32.dll
FF - plugin: c:\windows\system32\macromed\flash\NPSWF32_11_2_202_235.dll
.
============= SERVICES / DRIVERS ===============
.
R1 avkmgr;avkmgr;c:\windows\system32\drivers\avkmgr.sys [2012-4-24 36000]
R2 AdobeARMservice;Adobe Acrobat Update Service;c:\program files\common files\adobe\arm\1.0\armsvc.exe [2012-1-3 63928]
R2 AntiVirSchedulerService;Avira Planer;c:\program files\avira\antivir desktop\sched.exe [2012-4-24 86224]
R2 AntiVirService;Avira Echtzeit Scanner;c:\program files\avira\antivir desktop\avguard.exe [2012-4-24 110032]
R2 avgntflt;avgntflt;c:\windows\system32\drivers\avgntflt.sys [2012-4-24 74640]
R2 nvUpdatusService;NVIDIA Update Service Daemon;c:\program files\nvidia corporation\nvidia updatus\daemonu.exe [2011-9-8 2253120]
R2 SBSDWSCService;SBSD Security Center Service;c:\program files\spybot - search & destroy\SDWinSec.exe [2012-5-3 1153368]
R2 TuneUp.UtilitiesSvc;TuneUp Utilities Service;c:\program files\tuneup utilities 2010\TuneUpUtilitiesService32.exe [2011-11-21 1052480]
R3 dc3d;MS Hardware Device Detection Driver (USB);c:\windows\system32\drivers\dc3d.sys [2010-12-15 44416]
R3 PhilCap;Pinnacle PCTV service;c:\windows\system32\drivers\PhilCap.sys [2011-9-8 908832]
R3 SIS163u;SiS163 USB Wireless LAN Adapter Driver;c:\windows\system32\drivers\sis163u.sys [2011-9-8 218624]
R3 TuneUpUtilitiesDrv;TuneUpUtilitiesDrv;c:\program files\tuneup utilities 2010\TuneUpUtilitiesDriver32.sys [2010-2-24 10064]
S2 McMPFSvc;McAfee Personal Firewall Service;"c:\program files\common files\mcafee\mcsvchost\mcsvhost.exe" /mccoresvc --> c:\program files\common files\mcafee\mcsvchost\McSvHost.exe [?]
S3 AdobeFlashPlayerUpdateSvc;Adobe Flash Player Update Service;c:\windows\system32\macromed\flash\FlashPlayerUpdateService.exe [2012-3-31 257696]
S3 MozillaMaintenance;Mozilla Maintenance Service;c:\program files\mozilla maintenance service\maintenanceservice.exe [2012-4-25 129976]
.
=============== Created Last 30 ================
.
2012-05-04 13:45:52	--------	d-----w-	c:\program files\Trend Micro
2012-05-04 08:43:38	6734704	----a-w-	c:\programdata\microsoft\windows defender\definition updates\{105d6e60-8865-4bf0-8ab9-138e4067c89a}\mpengine.dll
2012-05-03 17:20:32	--------	d-----w-	c:\programdata\Spybot - Search & Destroy
2012-05-03 17:20:32	--------	d-----w-	c:\program files\Spybot - Search & Destroy
2012-05-02 15:15:42	97208	----a-w-	c:\program files\mozilla firefox\components\browsercomps.dll
2012-05-02 15:15:35	868952	----a-w-	c:\program files\mozilla firefox\uninstall\helper.exe
2012-05-01 13:04:38	--------	d-----w-	c:\users\matze\appdata\roaming\ESET
2012-05-01 13:04:38	--------	d-----w-	c:\users\matze\appdata\local\ESET
2012-04-25 18:48:22	--------	d-----w-	c:\program files\Mozilla Maintenance Service
2012-04-25 18:48:19	157352	----a-w-	c:\program files\mozilla firefox\maintenanceservice_installer.exe
2012-04-25 18:48:19	129976	----a-w-	c:\program files\mozilla firefox\maintenanceservice.exe
2012-04-24 05:13:34	--------	d-----w-	c:\users\matze\appdata\roaming\Avira
2012-04-24 05:09:57	74640	----a-w-	c:\windows\system32\drivers\avgntflt.sys
2012-04-24 05:09:57	36000	----a-w-	c:\windows\system32\drivers\avkmgr.sys
2012-04-24 05:09:52	--------	d-----w-	c:\programdata\Avira
2012-04-24 05:09:52	--------	d-----w-	c:\program files\Avira
.
==================== Find3M  ====================
.
2012-05-05 09:09:24	70304	----a-w-	c:\windows\system32\FlashPlayerCPLApp.cpl
2012-05-05 09:09:24	419488	----a-w-	c:\windows\system32\FlashPlayerApp.exe
2012-04-04 13:56:40	22344	----a-w-	c:\windows\system32\drivers\mbam.sys
2012-02-23 08:18:36	237072	------w-	c:\windows\system32\MpSigStub.exe
2012-02-09 20:43:00	881984	----a-w-	c:\windows\system32\nvgenco32.dll
2012-02-09 20:43:00	7713088	----a-w-	c:\windows\system32\nvwgf2um.dll
2012-02-09 20:43:00	61248	----a-w-	c:\windows\system32\OpenCL.dll
2012-02-09 20:43:00	5892928	----a-w-	c:\windows\system32\nvcuda.dll
2012-02-09 20:43:00	2517312	----a-w-	c:\windows\system32\nvcuvid.dll
2012-02-09 20:43:00	2437440	----a-w-	c:\windows\system32\nvcuvenc.dll
2012-02-09 20:43:00	2301248	----a-w-	c:\windows\system32\nvapi.dll
2012-02-09 20:43:00	19443520	----a-w-	c:\windows\system32\nvoglv32.dll
2012-02-09 20:43:00	17543488	----a-w-	c:\windows\system32\nvcompiler.dll
2012-02-09 20:43:00	15009600	----a-w-	c:\windows\system32\nvd3dum.dll
2012-02-09 20:43:00	10816832	----a-w-	c:\windows\system32\drivers\nvlddmkm.sys
2012-02-09 20:43:00	1000256	----a-w-	c:\windows\system32\nvdispco32.dll
.
============= FINISH: 20:06:12,34 ===============

--- --- ---

Hier der Vollscan von malwarebytes

Code:

ATTFilter

Malwarebytes Anti-Malware 1.61.0.1400
www.malwarebytes.org

Datenbank Version: v2012.05.05.07

Windows Vista x86 NTFS
Internet Explorer 7.0.6000.16982
Matze :: MATZE-PC [Administrator]

05.05.2012 21:31:35
mbam-log-2012-05-05 (21-31-35).txt

Art des Suchlaufs: Vollständiger Suchlauf
Aktivierte Suchlaufeinstellungen: Speicher | Autostart | Registrierung | Dateisystem | Heuristiks/Extra | HeuristiKs/Shuriken | PUP | PUM
Deaktivierte Suchlaufeinstellungen: P2P
Durchsuchte Objekte: 264934
Laufzeit: 29 Minute(n), 14 Sekunde(n)

Infizierte Speicherprozesse: 0
(Keine bösartigen Objekte gefunden)

Infizierte Speichermodule: 0
(Keine bösartigen Objekte gefunden)

Infizierte Registrierungsschlüssel: 0
(Keine bösartigen Objekte gefunden)

Infizierte Registrierungswerte: 0
(Keine bösartigen Objekte gefunden)

Infizierte Dateiobjekte der Registrierung: 0
(Keine bösartigen Objekte gefunden)

Infizierte Verzeichnisse: 0
(Keine bösartigen Objekte gefunden)

Infizierte Dateien: 0
(Keine bösartigen Objekte gefunden)

(Ende)

Gruß Matjes

cosinus · 08.05.2012, 12:15

Führ bitte auch ESET aus, danach sehen wir weiter:

ESET Online Scanner

Hier findest du eine bebilderte Anleitung zu ESET Online Scanner
Lade und starte Eset Online Scanner
Setze einen Haken bei Ja, ich bin mit den Nutzungsbedingungen einverstanden und klicke auf Starten.
Aktiviere die "Erkennung von eventuell unerwünschten Anwendungen" und wähle folgende Einstellungen.
Klicke auf Starten.
Die Signaturen werden heruntergeladen, der Scan beginnt automatisch.
Klicke am Ende des Suchlaufs auf Fertig stellen.
Schließe das Fenster von ESET.
Explorer öffnen.
C:\Programme\Eset\EsetOnlineScanner\log.txt (bei 64 Bit auch C:\Programme (x86)\Eset\EsetOnlineScanner\log.txt) suchen und mit Deinem Editor öffnen (bebildert).
Logfile hier posten.
Deinstallation: Systemsteuerung => Software / Programme deinstallieren => Eset Online Scanner V3 entfernen.
Manuell folgenden Ordner löschen und Papierkorb leeren => C:\Programme\Eset

matjes80 · 08.05.2012, 15:56

Cool das du antwortets.

Kleine Vorabinfo: Seit Sonntag sind keine Mails mehr rausgegangen. Meine Feunde haben das bestätigt. Aber das heißt ja noch nicht das der PC sauber ist.
GMX hat auch geantwortet, aber nichts weltbewegendes beigesteuert. Nach Viren/Trojaner scannen, Passwörter ändern, etc....

Code:

ATTFilter

ESETSmartInstaller@High as downloader log:
all ok
# version=7
# OnlineScannerApp.exe=1.0.0.1
# OnlineScanner.ocx=1.0.0.6583
# api_version=3.0.2
# EOSSerial=cc7574fc31d1cb459c101fd88af0c444
# end=finished
# remove_checked=false
# archives_checked=true
# unwanted_checked=true
# unsafe_checked=false
# antistealth_checked=true
# utc_time=2012-05-08 02:49:42
# local_time=2012-05-08 04:49:42 (+0100, Mitteleuropäische Sommerzeit)
# country="Germany"
# lang=1033
# osver=6.0.6000 NT 
# compatibility_mode=1792 16777191 100 0 1242506 1242506 0 0
# compatibility_mode=5892 16776573 100 100 275509 174019426 0 0
# compatibility_mode=8192 67108863 100 0 277 277 0 0
# scanned=80856
# found=0
# cleaned=0
# scan_time=1884

Danke und Gruß
Matjes

cosinus · 08.05.2012, 17:51

Mach bitte ein neues OTL-Log. Bitte alles nach Möglichkeit hier in CODE-Tags posten.

Wird so gemacht:

[code] hier steht das Log [/code]

Und das ganze sieht dann so aus:

Code:

ATTFilter

 hier steht das Log

CustomScan mit OTL

Falls noch nicht vorhanden, lade Dir bitte OTL von Oldtimer herunter und speichere es auf Deinem Desktop

Starte bitte die OTL.exe.
Vista und Win7 User mit Rechtsklick "als Administrator starten"
Setze oben mittig den Haken bei Scanne alle Benutzer
Kopiere nun den kompletten Inhalt aus der untenstehenden Codebox in die Textbox von OTL - wenn OTL auf deutsch ist wird sie mit beschriftet

Code:

ATTFilter

netsvcs
msconfig
safebootminimal
safebootnetwork
activex
drivers32
%ALLUSERSPROFILE%\Application Data\*.
%ALLUSERSPROFILE%\Application Data\*.exe /s
%APPDATA%\*.
%APPDATA%\*.exe /s
%SYSTEMDRIVE%\*.exe
/md5start
wininit.exe
userinit.exe
eventlog.dll
scecli.dll
netlogon.dll
cngaudit.dll
ws2ifsl.sys
sceclt.dll
ntelogon.dll
winlogon.exe
logevent.dll
user32.DLL
iaStor.sys
nvstor.sys
atapi.sys
IdeChnDr.sys
viasraid.sys
AGP440.sys
vaxscsi.sys
nvatabus.sys
viamraid.sys
nvata.sys
nvgts.sys
iastorv.sys
ViPrt.sys
eNetHook.dll
ahcix86.sys
KR10N.sys
nvstor32.sys
ahcix86s.sys
/md5stop
%systemroot%\system32\drivers\*.sys /lockedfiles
%systemroot%\System32\config\*.sav
%systemroot%\*. /mp /s
%systemroot%\system32\*.dll /lockedfiles
CREATERESTOREPOINT

Schliesse bitte nun alle Programme. (Wichtig)
Klicke nun bitte auf den Quick Scan Button.
Klick auf .
Kopiere nun den Inhalt aus OTL.txt hier in Deinen Thread

matjes80 · 08.05.2012, 18:23

OTL Logfile:

Code:

ATTFilter

OTL logfile created on: 08.05.2012 19:04:25 - Run 2
OTL by OldTimer - Version 3.2.42.2     Folder = C:\Users\Matze\Desktop
Windows Vista Home Premium Edition  (Version = 6.0.6000) - Type = NTWorkstation
Internet Explorer (Version = 7.0.6000.16982)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
 
3,00 Gb Total Physical Memory | 2,30 Gb Available Physical Memory | 76,66% Memory free
6,15 Gb Paging File | 5,15 Gb Available in Paging File | 83,74% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 156,86 Gb Total Space | 97,66 Gb Free Space | 62,26% Space Free | Partition Type: NTFS
Drive D: | 146,48 Gb Total Space | 146,37 Gb Free Space | 99,92% Space Free | Partition Type: NTFS
Drive E: | 150,69 Gb Total Space | 150,41 Gb Free Space | 99,81% Space Free | Partition Type: NTFS
 
Computer Name: MATZE-PC | User Name: Matze | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users | Quick Scan
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days
 
========== Processes (SafeList) ==========
 
PRC - C:\Users\Matze\Desktop\OTL.exe (OldTimer Tools)
PRC - C:\Programme\Avira\AntiVir Desktop\avshadow.exe (Avira Operations GmbH & Co. KG)
PRC - C:\Programme\Avira\AntiVir Desktop\sched.exe (Avira Operations GmbH & Co. KG)
PRC - C:\Programme\Avira\AntiVir Desktop\avgnt.exe (Avira Operations GmbH & Co. KG)
PRC - C:\Programme\Avira\AntiVir Desktop\avguard.exe (Avira Operations GmbH & Co. KG)
PRC - C:\Programme\Common Files\Adobe\ARM\1.0\armsvc.exe (Adobe Systems Incorporated)
PRC - C:\Programme\TuneUp Utilities 2010\TuneUpUtilitiesApp32.exe (TuneUp Software)
PRC - C:\Programme\TuneUp Utilities 2010\TuneUpUtilitiesService32.exe (TuneUp Software)
PRC - C:\Programme\NVIDIA Corporation\NVIDIA Updatus\daemonu.exe (NVIDIA Corporation)
PRC - C:\Programme\NVIDIA Corporation\Display\nvtray.exe (NVIDIA Corporation)
PRC - C:\Programme\NVIDIA Corporation\Display\nvxdsync.exe (NVIDIA Corporation)
PRC - C:\Programme\Windows Defender\MSASCui.exe (Microsoft Corporation)
PRC - C:\Windows\explorer.exe (Microsoft Corporation)
PRC - C:\Programme\Windows Sidebar\sidebar.exe (Microsoft Corporation)
PRC - C:\Programme\Microsoft IntelliType Pro\itype.exe (Microsoft Corporation)
PRC - C:\Programme\Microsoft IntelliPoint\ipoint.exe (Microsoft Corporation)
PRC - C:\Programme\Spybot - Search & Destroy\SDWinSec.exe (Safer Networking Ltd.)
PRC - C:\Windows\RtHDVCpl.exe (Realtek Semiconductor)
 
 
========== Modules (No Company Name) ==========
 
 
========== Win32 Services (SafeList) ==========
 
SRV - (SBSDWSCService) -- C:\Program Files\Spybot File not found
SRV - (McMPFSvc) -- C:\Program Files\Common Files\Mcafee\McSvcHost\McSvHost.exe /McCoreSvc File not found
SRV - (AdobeFlashPlayerUpdateSvc) -- C:\Windows\System32\Macromed\Flash\FlashPlayerUpdateService.exe (Adobe Systems Incorporated)
SRV - (MozillaMaintenance) -- C:\Programme\Mozilla Maintenance Service\maintenanceservice.exe (Mozilla Foundation)
SRV - (AntiVirSchedulerService) -- C:\Programme\Avira\AntiVir Desktop\sched.exe (Avira Operations GmbH & Co. KG)
SRV - (AntiVirService) -- C:\Programme\Avira\AntiVir Desktop\avguard.exe (Avira Operations GmbH & Co. KG)
SRV - (AdobeARMservice) -- C:\Programme\Common Files\Adobe\ARM\1.0\armsvc.exe (Adobe Systems Incorporated)
SRV - (TuneUp.Defrag) -- C:\Programme\TuneUp Utilities 2010\TuneUpDefragService.exe (TuneUp Software)
SRV - (TuneUp.UtilitiesSvc) -- C:\Programme\TuneUp Utilities 2010\TuneUpUtilitiesService32.exe (TuneUp Software)
SRV - (UxTuneUp) -- C:\Windows\System32\uxtuneup.dll (TuneUp Software)
SRV - (nvUpdatusService) -- C:\Programme\NVIDIA Corporation\NVIDIA Updatus\daemonu.exe (NVIDIA Corporation)
SRV - (WinDefend) -- C:\Programme\Windows Defender\MpSvc.dll (Microsoft Corporation)
SRV - (OpenVPNService) -- C:\Programme\Astaro\Astaro SSL VPN Client\bin\openvpnserv.exe ()
SRV - (WMPNetworkSvc) -- C:\Programme\Windows Media Player\wmpnetwk.exe (Microsoft Corporation)
 
 
========== Driver Services (SafeList) ==========
 
DRV - (NwlnkFwd) -- system32\DRIVERS\nwlnkfwd.sys File not found
DRV - (NwlnkFlt) -- system32\DRIVERS\nwlnkflt.sys File not found
DRV - (IpInIp) -- system32\DRIVERS\ipinip.sys File not found
DRV - (blbdrive) -- C:\Windows\system32\drivers\blbdrive.sys File not found
DRV - (aaudstum) -- C:\Users\Matze\AppData\Local\Temp\aaudstum.sys File not found
DRV - (nvlddmkm) -- C:\Windows\System32\drivers\nvlddmkm.sys (NVIDIA Corporation)
DRV - (avipbb) -- C:\Windows\System32\drivers\avipbb.sys (Avira GmbH)
DRV - (avgntflt) -- C:\Windows\System32\drivers\avgntflt.sys (Avira GmbH)
DRV - (avkmgr) -- C:\Windows\System32\drivers\avkmgr.sys (Avira GmbH)
DRV - (atksgt) -- C:\Windows\System32\drivers\atksgt.sys ()
DRV - (lirsgt) -- C:\Windows\System32\drivers\lirsgt.sys ()
DRV - (dc3d) MS Hardware Device Detection Driver (USB) -- C:\Windows\System32\drivers\dc3d.sys (Microsoft Corporation)
DRV - (tap0901) -- C:\Windows\System32\drivers\tap0901.sys (The OpenVPN Project)
DRV - (TuneUpUtilitiesDrv) -- C:\Programme\TuneUp Utilities 2010\TuneUpUtilitiesDriver32.sys (TuneUp Software)
DRV - (ssmdrv) -- C:\Windows\System32\drivers\ssmdrv.sys (Avira GmbH)
DRV - (NVENETFD) -- C:\Windows\System32\drivers\nvmfdx32.sys (NVIDIA Corporation)
DRV - (nvsmu) -- C:\Windows\System32\drivers\nvsmu.sys (NVIDIA Corporation)
DRV - (PhilCap) -- C:\Windows\System32\drivers\PhilCap.sys (NXP Semiconductors Germany GmbH)
DRV - (JRAID) -- C:\Windows\System32\drivers\jraid.sys (JMicron Technology Corp.)
DRV - (SIS163u) -- C:\Windows\System32\drivers\sis163u.sys (Silicon Integrated Systems Corp.)
DRV - (sfsync04) StarForce Protection Synchronization Driver (version 4.x) -- C:\Windows\System32\drivers\sfsync04.sys (Protection Technology (StarForce))
 
 
========== Standard Registry (SafeList) ==========
 
 
========== Internet Explorer ==========
 
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = %SystemRoot%\system32\blank.htm
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://search.searchonme.com/
IE - HKLM\..\SearchScopes,DefaultScope = {BB74DE59-BC4C-4172-9AC4-73315F71CFFE}
IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://search.live.com/results.aspx?q={searchTerms}&src={referrer:source?}
IE - HKLM\..\SearchScopes\{BB74DE59-BC4C-4172-9AC4-73315F71CFFE}: "URL" = hxxp://search.searchonme.com/?q={searchTerms}
 
 
IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
 
IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
 
 
 
IE - HKU\S-1-5-21-534847706-395394252-3581119422-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.gmx.de/
IE - HKU\S-1-5-21-534847706-395394252-3581119422-1000\SOFTWARE\Microsoft\Internet Explorer\Main,StartPageCache = 1
IE - HKU\S-1-5-21-534847706-395394252-3581119422-1000\..\SearchScopes,DefaultScope = {CB614197-6077-44CF-87BA-E3950197C1D4}
IE - HKU\S-1-5-21-534847706-395394252-3581119422-1000\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://search.live.com/results.aspx?q={searchTerms}&src={referrer:source?}
IE - HKU\S-1-5-21-534847706-395394252-3581119422-1000\..\SearchScopes\{BB74DE59-BC4C-4172-9AC4-73315F71CFFE}: "URL" = hxxp://search.searchonme.com/?q={searchTerms}
IE - HKU\S-1-5-21-534847706-395394252-3581119422-1000\..\SearchScopes\{CB614197-6077-44CF-87BA-E3950197C1D4}: "URL" = hxxp://www.google.de/search?q={searchTerms}
IE - HKU\S-1-5-21-534847706-395394252-3581119422-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
 
 
========== FireFox ==========
 
FF - prefs.js..browser.search.defaultenginename: "SearchOnMe"
FF - prefs.js..browser.search.order.1: "SearchOnMe"
FF - prefs.js..browser.search.selectedEngine: "Google"
FF - prefs.js..browser.startup.homepage: "www.gmx.de"
FF - prefs.js..keyword.URL: "hxxp://search.searchonme.com/?q="
FF - user.js - File not found
 
FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF32_11_2_202_235.dll ()
FF - HKLM\Software\MozillaPlugins\@divx.com/DivX Browser Plugin,version=1.0.0: C:\Program Files\DivX\DivX Web Player\npdivx32.dll (DivX,Inc.)
FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
 
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 12.0\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2012.05.02 17:15:42 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 12.0\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2012.04.13 11:07:54 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Thunderbird\Extensions\\eplgTb@eset.com: C:\Program Files\ESET\ESET Smart Security\Mozilla Thunderbird
 
[2011.09.09 12:11:54 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Matze\AppData\Roaming\mozilla\Extensions
[2012.05.02 10:56:59 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Matze\AppData\Roaming\mozilla\Firefox\Profiles\uig1ebrz.default\extensions
[2011.10.29 15:26:41 | 000,000,000 | ---D | M] (Garmin Communicator) -- C:\Users\Matze\AppData\Roaming\mozilla\Firefox\Profiles\uig1ebrz.default\extensions\{195A3098-0BD5-4e90-AE22-BA1C540AFD1E}
[2012.03.18 08:45:03 | 000,000,000 | ---D | M] (Codec-C) -- C:\Users\Matze\AppData\Roaming\mozilla\Firefox\Profiles\uig1ebrz.default\extensions\info@allpremiumplay.info
[2012.03.18 08:45:02 | 000,000,448 | ---- | M] () -- C:\Users\Matze\AppData\Roaming\Mozilla\Firefox\Profiles\uig1ebrz.default\searchplugins\SearchOnMe.xml
[2012.05.02 17:15:35 | 000,000,000 | ---D | M] (No name found) -- C:\Programme\Mozilla Firefox\extensions
[2012.05.02 17:15:35 | 000,000,000 | ---D | M] (No name found) -- C:\Programme\Mozilla Firefox\distribution\extensions
[2012.05.02 17:15:35 | 000,000,000 | ---D | M] (GMX Toolbar) -- C:\Programme\Mozilla Firefox\distribution\extensions\toolbar@gmx.net
() (No name found) -- C:\USERS\MATZE\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\UIG1EBRZ.DEFAULT\EXTENSIONS\{D10D0BF8-F5B5-C8B4-A8B2-2B9879E08C5D}.XPI
[2012.04.21 03:18:00 | 000,097,208 | ---- | M] (Mozilla Foundation) -- C:\Program Files\mozilla firefox\components\browsercomps.dll
[2012.04.21 03:54:08 | 000,001,392 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\amazondotcom-de.xml
[2011.09.13 17:19:39 | 000,002,288 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\babylon.xml
[2012.04.21 03:54:08 | 000,002,252 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\bing.xml
[2012.04.21 03:54:08 | 000,001,153 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\eBay-de.xml
[2012.04.21 03:54:08 | 000,006,805 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\leo_ende_de.xml
[2012.04.21 03:54:08 | 000,001,178 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\wikipedia-de.xml
[2012.04.21 03:54:08 | 000,001,105 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\yahoo-de.xml
 
O1 HOSTS File: ([2006.09.18 23:41:30 | 000,000,761 | ---- | M]) - C:\Windows\System32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1       localhost
O1 - Hosts: ::1             localhost
O2 - BHO: (Spybot-S&D IE Protection) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Programme\Spybot - Search & Destroy\SDHelper.dll (Safer Networking Limited)
O4 - HKLM..\Run: [avgnt] C:\Program Files\Avira\AntiVir Desktop\avgnt.exe (Avira Operations GmbH & Co. KG)
O4 - HKLM..\Run: [RtHDVCpl] C:\Windows\RtHDVCpl.exe (Realtek Semiconductor)
O4 - HKLM..\Run: [Windows Defender] C:\Program Files\Windows Defender\MSASCui.exe (Microsoft Corporation)
O4 - HKU\S-1-5-19..\Run: [WindowsWelcomeCenter] C:\Windows\System32\oobefldr.dll (Microsoft Corporation)
O4 - HKU\S-1-5-20..\Run: [WindowsWelcomeCenter] C:\Windows\System32\oobefldr.dll (Microsoft Corporation)
O4 - HKU\S-1-5-21-534847706-395394252-3581119422-1000..\Run: [SpybotSD TeaTimer] C:\Programme\Spybot - Search & Destroy\TeaTimer.exe (Safer-Networking Ltd.)
O4 - HKU\S-1-5-21-534847706-395394252-3581119422-1001..\Run: [WindowsWelcomeCenter] C:\Windows\System32\oobefldr.dll (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Programme\Spybot - Search & Destroy\SDHelper.dll (Safer Networking Limited)
O13 - gopher Prefix: missing
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} hxxp://fpdownload2.macromedia.com/get/flashplayer/current/swflash.cab (Shockwave Flash Object)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.220.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{4C3C6723-963E-4E09-A060-452EE71E4B9C}: DhcpNameServer = 192.168.220.1
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\System32\userinit.exe (Microsoft Corporation)
O24 - Desktop WallPaper: C:\Users\Matze\AppData\Roaming\Microsoft\Windows Photo Gallery\Hintergrundbild der Windows-Fotogalerie.jpg
O24 - Desktop BackupWallPaper: C:\Users\Matze\AppData\Roaming\Microsoft\Windows Photo Gallery\Hintergrundbild der Windows-Fotogalerie.jpg
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2006.09.18 23:43:36 | 000,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ]
O32 - AutoRun File - [2011.10.17 16:54:03 | 000,000,000 | ---D | M] - E:\Autorun -- [ NTFS ]
O34 - HKLM BootExecute: (autocheck autochk *)
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)
 
NetSvcs: UxTuneUp - C:\Windows\System32\uxtuneup.dll (TuneUp Software)
NetSvcs: FastUserSwitchingCompatibility -  File not found
NetSvcs: Ias - C:\Windows\System32\ias.dll (Microsoft Corporation)
NetSvcs: Nla -  File not found
NetSvcs: Ntmssvc -  File not found
NetSvcs: NWCWorkstation -  File not found
NetSvcs: Nwsapagent -  File not found
NetSvcs: SRService -  File not found
NetSvcs: WmdmPmSp -  File not found
NetSvcs: LogonHours -  File not found
NetSvcs: PCAudit -  File not found
NetSvcs: helpsvc -  File not found
NetSvcs: uploadmgr -  File not found
 
 
SafeBootMin: AppMgmt - Service
SafeBootMin: Base - Driver Group
SafeBootMin: Boot Bus Extender - Driver Group
SafeBootMin: Boot file system - Driver Group
SafeBootMin: File system - Driver Group
SafeBootMin: Filter - Driver Group
SafeBootMin: HelpSvc - Service
SafeBootMin: MCODS - Reg Error: Value error.
SafeBootMin: NTDS -  File not found
SafeBootMin: PCI Configuration - Driver Group
SafeBootMin: PNP Filter - Driver Group
SafeBootMin: Primary disk - Driver Group
SafeBootMin: sacsvr - Service
SafeBootMin: SCSI Class - Driver Group
SafeBootMin: System Bus Extender - Driver Group
SafeBootMin: WinDefend - C:\Programme\Windows Defender\MpSvc.dll (Microsoft Corporation)
SafeBootMin: {36FC9E60-C465-11CF-8056-444553540000} - Universal Serial Bus controllers
SafeBootMin: {4D36E965-E325-11CE-BFC1-08002BE10318} - CD-ROM Drive
SafeBootMin: {4D36E967-E325-11CE-BFC1-08002BE10318} - DiskDrive
SafeBootMin: {4D36E969-E325-11CE-BFC1-08002BE10318} - Standard floppy disk controller
SafeBootMin: {4D36E96A-E325-11CE-BFC1-08002BE10318} - Hdc
SafeBootMin: {4D36E96B-E325-11CE-BFC1-08002BE10318} - Keyboard
SafeBootMin: {4D36E96F-E325-11CE-BFC1-08002BE10318} - Mouse
SafeBootMin: {4D36E977-E325-11CE-BFC1-08002BE10318} - PCMCIA Adapters
SafeBootMin: {4D36E97B-E325-11CE-BFC1-08002BE10318} - SCSIAdapter
SafeBootMin: {4D36E97D-E325-11CE-BFC1-08002BE10318} - System
SafeBootMin: {4D36E980-E325-11CE-BFC1-08002BE10318} - Floppy disk drive
SafeBootMin: {533C5B84-EC70-11D2-9505-00C04F79DEAF} - Volume shadow copy
SafeBootMin: {6BDD1FC1-810F-11D0-BEC7-08002BE2092F} - IEEE 1394 Bus host controllers
SafeBootMin: {71A27CDD-812A-11D0-BEC7-08002BE2092F} - Volume
SafeBootMin: {745A17A0-74D3-11D0-B6FE-00A0C90F57DA} - Human Interface Devices
SafeBootMin: {D48179BE-EC20-11D1-B6B8-00C04FA372A7} - SBP2 IEEE 1394 Devices
SafeBootMin: {D94EE5D8-D189-4994-83D2-F68D7D41B0E6} - SecurityDevices
 
SafeBootNet: AppMgmt - Service
SafeBootNet: Base - Driver Group
SafeBootNet: Boot Bus Extender - Driver Group
SafeBootNet: Boot file system - Driver Group
SafeBootNet: File system - Driver Group
SafeBootNet: Filter - Driver Group
SafeBootNet: HelpSvc - Service
SafeBootNet: McMPFSvc - C:\Program Files\Common Files\Mcafee\McSvcHost\McSvHost.exe /McCoreSvc File not found
SafeBootNet: MCODS - Reg Error: Value error.
SafeBootNet: Messenger - Service
SafeBootNet: NDIS Wrapper - Driver Group
SafeBootNet: NetBIOSGroup - Driver Group
SafeBootNet: NetDDEGroup - Driver Group
SafeBootNet: Network - Driver Group
SafeBootNet: NetworkProvider - Driver Group
SafeBootNet: NTDS -  File not found
SafeBootNet: PCI Configuration - Driver Group
SafeBootNet: PNP Filter - Driver Group
SafeBootNet: PNP_TDI - Driver Group
SafeBootNet: Primary disk - Driver Group
SafeBootNet: rdsessmgr - Service
SafeBootNet: sacsvr - Service
SafeBootNet: SCSI Class - Driver Group
SafeBootNet: Streams Drivers - Driver Group
SafeBootNet: System Bus Extender - Driver Group
SafeBootNet: TDI - Driver Group
SafeBootNet: WinDefend - C:\Programme\Windows Defender\MpSvc.dll (Microsoft Corporation)
SafeBootNet: {36FC9E60-C465-11CF-8056-444553540000} - Universal Serial Bus controllers
SafeBootNet: {4D36E965-E325-11CE-BFC1-08002BE10318} - CD-ROM Drive
SafeBootNet: {4D36E967-E325-11CE-BFC1-08002BE10318} - DiskDrive
SafeBootNet: {4D36E969-E325-11CE-BFC1-08002BE10318} - Standard floppy disk controller
SafeBootNet: {4D36E96A-E325-11CE-BFC1-08002BE10318} - Hdc
SafeBootNet: {4D36E96B-E325-11CE-BFC1-08002BE10318} - Keyboard
SafeBootNet: {4D36E96F-E325-11CE-BFC1-08002BE10318} - Mouse
SafeBootNet: {4D36E972-E325-11CE-BFC1-08002BE10318} - Net
SafeBootNet: {4D36E973-E325-11CE-BFC1-08002BE10318} - NetClient
SafeBootNet: {4D36E974-E325-11CE-BFC1-08002BE10318} - NetService
SafeBootNet: {4D36E975-E325-11CE-BFC1-08002BE10318} - NetTrans
SafeBootNet: {4D36E977-E325-11CE-BFC1-08002BE10318} - PCMCIA Adapters
SafeBootNet: {4D36E97B-E325-11CE-BFC1-08002BE10318} - SCSIAdapter
SafeBootNet: {4D36E97D-E325-11CE-BFC1-08002BE10318} - System
SafeBootNet: {4D36E980-E325-11CE-BFC1-08002BE10318} - Floppy disk drive
SafeBootNet: {50DD5230-BA8A-11D1-BF5D-0000F805F530} - Smart card readers
SafeBootNet: {533C5B84-EC70-11D2-9505-00C04F79DEAF} - Volume shadow copy
SafeBootNet: {6BDD1FC1-810F-11D0-BEC7-08002BE2092F} - IEEE 1394 Bus host controllers
SafeBootNet: {71A27CDD-812A-11D0-BEC7-08002BE2092F} - Volume
SafeBootNet: {745A17A0-74D3-11D0-B6FE-00A0C90F57DA} - Human Interface Devices
SafeBootNet: {D48179BE-EC20-11D1-B6B8-00C04FA372A7} - SBP2 IEEE 1394 Devices
SafeBootNet: {D94EE5D8-D189-4994-83D2-F68D7D41B0E6} - SecurityDevices
 
ActiveX: {2179C5D3-EBFF-11CF-B6FD-00AA00B4E220} - 
ActiveX: {22d6f312-b0f6-11d0-94ab-0080c74c7e95} - Microsoft Windows Media Player 11.0
ActiveX: {25FFAAD0-F4A3-4164-95FF-4461E9F35D51} - .NET Framework
ActiveX: {2C7339CF-2B09-4501-B3F3-F3508C9228ED} - %SystemRoot%\system32\regsvr32.exe /s /n /i:/UserInstall %SystemRoot%\system32\themeui.dll
ActiveX: {3af36230-a269-11d1-b5bf-0000f8051515} - Offline Browsing Pack
ActiveX: {44BBA840-CC51-11CF-AAFA-00AA00B6015C} - "%ProgramFiles%\Windows Mail\WinMail.exe" OCInstallUserConfigOE
ActiveX: {44BBA848-CC51-11CF-AAFA-00AA00B6015C} - 
ActiveX: {44BBA855-CC51-11CF-AAFA-00AA00B6015F} - DirectDrawEx
ActiveX: {45ea75a0-a269-11d1-b5bf-0000f8051515} - Internet Explorer Help
ActiveX: {4f645220-306d-11d2-995d-00c04f98bbc9} - Microsoft Windows Script 5.7
ActiveX: {5fd399c0-a70a-11d1-9948-00c04f98bbc9} - Internet Explorer Setup Tools
ActiveX: {630b1da0-b465-11d1-9948-00c04f98bbc9} - Browsing Enhancements
ActiveX: {6BF52A52-394A-11d3-B153-00C04F79FAA6} - Microsoft Windows Media Player
ActiveX: {6fab99d0-bab8-11d1-994a-00c04f98bbc9} - MSN Site Access
ActiveX: {7790769C-0471-11d2-AF11-00C04FA35D02} - Address Book 7
ActiveX: {7C028AF8-F614-47B3-82DA-BA94E41B1089} - .NET Framework
ActiveX: {89820200-ECBD-11cf-8B85-00AA005B4340} - regsvr32.exe /s /n /i:U shell32.dll
ActiveX: {89820200-ECBD-11cf-8B85-00AA005B4383} - C:\Windows\system32\ie4uinit.exe -BaseSettings
ActiveX: {89B4C1CD-B018-4511-B0A1-5476DBF70820} - C:\Windows\system32\Rundll32.exe C:\Windows\system32\mscories.dll,Install
ActiveX: {9381D8F2-0288-11D0-9501-00AA00B911A5} - Dynamic HTML Data Binding
ActiveX: {C9E9A340-D1F1-11D0-821E-444553540600} - Internet Explorer Core Fonts
ActiveX: {CDD7975E-60F8-41d5-8149-19E51D6F71D0} - Windows Movie Maker v2.1
ActiveX: {de5aed00-a4bf-11d1-9948-00c04f98bbc9} - HTML Help
ActiveX: {E92B03AB-B707-11d2-9CBD-0000F87A369E} - Active Directory Service Interface
ActiveX: >{22d6f312-b0f6-11d0-94ab-0080c74c7e95} - C:\Windows\system32\unregmp2.exe /ShowWMP
ActiveX: >{26923b43-4d38-484f-9b9e-de460746276c} - C:\Windows\system32\ie4uinit.exe -UserIconConfig
ActiveX: >{60B49E34-C7CC-11D0-8953-00A0C90347FF} - RunDLL32 IEDKCS32.DLL,BrandIE4 SIGNUP
 
Drivers32: msacm.l3acm - C:\Windows\System32\l3codeca.acm (Fraunhofer Institut Integrierte Schaltungen IIS)
Drivers32: MSVideo8 - C:\Windows\System32\vfwwdm32.dll (Microsoft Corporation)
Drivers32: vidc.cvid - C:\Windows\System32\iccvid.dll (Radius Inc.)
 
CREATERESTOREPOINT
Restore point Set: OTL Restore Point
 
========== Files/Folders - Created Within 30 Days ==========
 
[2012.05.08 16:13:41 | 000,000,000 | ---D | C] -- C:\Program Files\ESET
[2012.05.05 20:31:12 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\7-Zip
[2012.05.05 20:31:11 | 000,000,000 | ---D | C] -- C:\Program Files\7-Zip
[2012.05.05 19:51:55 | 000,607,260 | R--- | C] (Swearware) -- C:\Users\Matze\Desktop\dds.com
[2012.05.04 16:04:45 | 000,000,000 | -HSD | C] -- C:\Config.Msi
[2012.05.04 16:02:33 | 000,595,456 | ---- | C] (OldTimer Tools) -- C:\Users\Matze\Desktop\OTL.exe
[2012.05.04 15:45:52 | 000,000,000 | ---D | C] -- C:\Program Files\Trend Micro
[2012.05.04 14:40:02 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Avira
[2012.05.03 19:20:47 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Spybot - Search & Destroy
[2012.05.03 19:20:32 | 000,000,000 | ---D | C] -- C:\ProgramData\Spybot - Search & Destroy
[2012.05.03 19:20:32 | 000,000,000 | ---D | C] -- C:\Program Files\Spybot - Search & Destroy
[2012.05.02 17:22:40 | 000,000,000 | ---D | C] -- C:\ProgramData\McAfee
[2012.05.01 15:04:38 | 000,000,000 | ---D | C] -- C:\Users\Matze\AppData\Roaming\ESET
[2012.05.01 15:04:38 | 000,000,000 | ---D | C] -- C:\Users\Matze\AppData\Local\ESET
[2012.04.25 20:48:22 | 000,000,000 | ---D | C] -- C:\Program Files\Mozilla Maintenance Service
[2012.04.25 20:48:22 | 000,000,000 | ---D | C] -- C:\ProgramData\Mozilla
[2012.04.24 07:13:34 | 000,000,000 | ---D | C] -- C:\Users\Matze\AppData\Roaming\Avira
[2012.04.24 07:10:02 | 000,028,520 | ---- | C] (Avira GmbH) -- C:\Windows\System32\drivers\ssmdrv.sys
[2012.04.24 07:09:57 | 000,137,416 | ---- | C] (Avira GmbH) -- C:\Windows\System32\drivers\avipbb.sys
[2012.04.24 07:09:57 | 000,074,640 | ---- | C] (Avira GmbH) -- C:\Windows\System32\drivers\avgntflt.sys
[2012.04.24 07:09:57 | 000,036,000 | ---- | C] (Avira GmbH) -- C:\Windows\System32\drivers\avkmgr.sys
[2012.04.24 07:09:52 | 000,000,000 | ---D | C] -- C:\ProgramData\Avira
[2012.04.24 07:09:52 | 000,000,000 | ---D | C] -- C:\Program Files\Avira
[2012.04.10 17:21:25 | 000,000,000 | ---D | C] -- C:\Users\Matze\Desktop\Suse Bank
[4 C:\Windows\System32\*.tmp files -> C:\Windows\System32\*.tmp -> ]
 
========== Files - Modified Within 30 Days ==========
 
[2012.05.08 19:03:07 | 000,003,552 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0
[2012.05.08 19:03:07 | 000,003,552 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0
[2012.05.08 18:09:00 | 000,000,884 | ---- | M] () -- C:\Windows\tasks\Adobe Flash Player Updater.job
[2012.05.08 17:25:13 | 000,016,278 | ---- | M] () -- C:\Users\Matze\Desktop\image.png
[2012.05.08 17:12:43 | 000,033,499 | ---- | M] () -- C:\Users\Matze\Desktop\Protokoll Triathlon 02052012.pdf
[2012.05.08 17:12:37 | 000,472,357 | ---- | M] () -- C:\Users\Matze\Desktop\Flyer Triathlon 2012 (2).pdf
[2012.05.08 16:08:31 | 000,641,106 | ---- | M] () -- C:\Windows\System32\perfh007.dat
[2012.05.08 16:08:31 | 000,609,944 | ---- | M] () -- C:\Windows\System32\perfh009.dat
[2012.05.08 16:08:31 | 000,116,500 | ---- | M] () -- C:\Windows\System32\perfc007.dat
[2012.05.08 16:08:31 | 000,103,726 | ---- | M] () -- C:\Windows\System32\perfc009.dat
[2012.05.08 16:03:05 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2012.05.08 16:02:31 | 3220,430,848 | -HS- | M] () -- C:\hiberfil.sys
[2012.05.08 13:49:04 | 000,196,608 | ---- | M] () -- C:\Windows\ocsetup_install_NetFx3.etl
[2012.05.06 09:39:44 | 000,058,003 | ---- | M] () -- C:\Users\Matze\Desktop\052.jpg
[2012.05.06 09:33:04 | 000,012,800 | ---- | M] () -- C:\Users\Matze\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2012.05.05 22:05:50 | 000,002,820 | ---- | M] () -- C:\Users\Matze\Desktop\Gmer und Attach.zip
[2012.05.05 20:11:55 | 000,302,592 | ---- | M] () -- C:\Users\Matze\Desktop\ge02kcv6.exe
[2012.05.05 19:52:00 | 000,607,260 | R--- | M] (Swearware) -- C:\Users\Matze\Desktop\dds.com
[2012.05.05 19:50:50 | 000,000,000 | ---- | M] () -- C:\Users\Matze\defogger_reenable
[2012.05.05 19:50:02 | 000,050,477 | ---- | M] () -- C:\Users\Matze\Desktop\Defogger.exe
[2012.05.04 16:02:40 | 000,595,456 | ---- | M] (OldTimer Tools) -- C:\Users\Matze\Desktop\OTL.exe
[2012.05.04 14:40:02 | 000,001,847 | ---- | M] () -- C:\Users\Public\Desktop\Avira Control Center.lnk
[2012.05.04 12:36:43 | 000,000,804 | ---- | M] () -- C:\Users\Public\Desktop\CCleaner.lnk
[2012.05.03 19:20:47 | 000,001,055 | ---- | M] () -- C:\Users\Matze\Desktop\Spybot - Search & Destroy.lnk
[2012.05.02 17:52:44 | 001,447,858 | ---- | M] () -- C:\Users\Matze\Desktop\Servicebogen Neuwinger.jpg
[2012.05.02 17:15:51 | 000,000,846 | ---- | M] () -- C:\Users\Public\Desktop\Mozilla Firefox.lnk
[2012.04.21 16:14:14 | 000,027,446 | ---- | M] () -- C:\Users\Matze\Desktop\010017710.jpg
[2012.04.21 08:20:01 | 000,080,349 | ---- | M] () -- C:\Users\Matze\Desktop\Herzinfakt+und+Schlaganfall+erkennen.pdf
[2012.04.18 18:04:50 | 000,015,414 | ---- | M] () -- C:\Users\Matze\Desktop\22288nc_23.jpg
[2012.04.13 07:18:05 | 000,000,906 | ---- | M] () -- C:\Users\Public\Desktop\ Malwarebytes Anti-Malware .lnk
[2012.04.11 16:31:59 | 000,640,118 | ---- | M] () -- C:\Users\Matze\Desktop\IMG_2608.JPG
[2012.04.11 16:31:57 | 000,473,814 | ---- | M] () -- C:\Users\Matze\Desktop\IMG_2610.JPG
[2012.04.11 16:31:57 | 000,410,658 | ---- | M] () -- C:\Users\Matze\Desktop\IMG_2609.JPG
[2012.04.11 16:31:57 | 000,385,571 | ---- | M] () -- C:\Users\Matze\Desktop\IMG_2612.JPG
[2012.04.11 16:31:56 | 000,372,905 | ---- | M] () -- C:\Users\Matze\Desktop\IMG_2611.JPG
[2012.04.11 16:31:53 | 124,281,402 | ---- | M] () -- C:\Users\Matze\Desktop\MVI_2613.AVI
[4 C:\Windows\System32\*.tmp files -> C:\Windows\System32\*.tmp -> ]
 
========== Files Created - No Company Name ==========
 
[2012.05.08 17:25:13 | 000,016,278 | ---- | C] () -- C:\Users\Matze\Desktop\image.png
[2012.05.08 17:12:42 | 000,033,499 | ---- | C] () -- C:\Users\Matze\Desktop\Protokoll Triathlon 02052012.pdf
[2012.05.08 17:12:34 | 000,472,357 | ---- | C] () -- C:\Users\Matze\Desktop\Flyer Triathlon 2012 (2).pdf
[2012.05.06 09:34:31 | 000,058,003 | ---- | C] () -- C:\Users\Matze\Desktop\052.jpg
[2012.05.05 22:05:50 | 000,002,820 | ---- | C] () -- C:\Users\Matze\Desktop\Gmer und Attach.zip
[2012.05.05 20:11:53 | 000,302,592 | ---- | C] () -- C:\Users\Matze\Desktop\ge02kcv6.exe
[2012.05.05 19:50:50 | 000,000,000 | ---- | C] () -- C:\Users\Matze\defogger_reenable
[2012.05.05 19:50:01 | 000,050,477 | ---- | C] () -- C:\Users\Matze\Desktop\Defogger.exe
[2012.05.03 19:20:47 | 000,001,055 | ---- | C] () -- C:\Users\Matze\Desktop\Spybot - Search & Destroy.lnk
[2012.05.02 18:28:03 | 3220,430,848 | -HS- | C] () -- C:\hiberfil.sys
[2012.05.02 17:52:41 | 001,447,858 | ---- | C] () -- C:\Users\Matze\Desktop\Servicebogen Neuwinger.jpg
[2012.04.24 07:10:19 | 000,001,847 | ---- | C] () -- C:\Users\Public\Desktop\Avira Control Center.lnk
[2012.04.21 16:14:14 | 000,027,446 | ---- | C] () -- C:\Users\Matze\Desktop\010017710.jpg
[2012.04.21 08:19:59 | 000,080,349 | ---- | C] () -- C:\Users\Matze\Desktop\Herzinfakt+und+Schlaganfall+erkennen.pdf
[2012.04.18 18:04:50 | 000,015,414 | ---- | C] () -- C:\Users\Matze\Desktop\22288nc_23.jpg
[2012.04.15 12:30:07 | 001,899,032 | ---- | C] () -- C:\Users\Matze\Desktop\CIMG1520.JPG
[2012.04.15 12:29:53 | 001,864,557 | ---- | C] () -- C:\Users\Matze\Desktop\CIMG1479.JPG
[2012.04.15 12:29:12 | 001,890,448 | ---- | C] () -- C:\Users\Matze\Desktop\CIMG1480.JPG
[2012.04.11 16:31:57 | 000,473,814 | ---- | C] () -- C:\Users\Matze\Desktop\IMG_2610.JPG
[2012.04.11 16:31:57 | 000,410,658 | ---- | C] () -- C:\Users\Matze\Desktop\IMG_2609.JPG
[2012.04.11 16:31:56 | 000,385,571 | ---- | C] () -- C:\Users\Matze\Desktop\IMG_2612.JPG
[2012.04.11 16:31:56 | 000,372,905 | ---- | C] () -- C:\Users\Matze\Desktop\IMG_2611.JPG
[2012.04.11 16:31:45 | 000,640,118 | ---- | C] () -- C:\Users\Matze\Desktop\IMG_2608.JPG
[2012.04.11 16:31:38 | 124,281,402 | ---- | C] () -- C:\Users\Matze\Desktop\MVI_2613.AVI
[2012.02.01 18:23:36 | 000,004,096 | ---- | C] () -- C:\Windows\d3dx.dat
[2012.01.21 11:52:26 | 000,284,160 | ---- | C] () -- C:\Windows\unin0407.exe
[2012.01.19 20:29:40 | 000,000,600 | ---- | C] () -- C:\Windows\Rtcw.INI
[2011.11.18 20:19:10 | 000,000,103 | ---- | C] () -- C:\Windows\wiso.ini
[2011.10.15 01:54:52 | 000,321,856 | ---- | C] () -- C:\Windows\System32\nvStreaming.exe
[2011.10.05 21:00:44 | 000,000,025 | ---- | C] () -- C:\Windows\CDE DX8400DEFGIPS.ini
[2011.09.13 17:13:58 | 000,175,616 | ---- | C] () -- C:\Windows\System32\unrar.dll
[2011.09.10 18:57:12 | 000,278,728 | ---- | C] () -- C:\Windows\System32\drivers\atksgt.sys
[2011.09.10 18:57:12 | 000,025,416 | ---- | C] () -- C:\Windows\System32\drivers\lirsgt.sys
[2011.09.10 12:36:13 | 000,040,960 | ---- | C] () -- C:\Windows\System32\psfind.dll
[2011.09.09 05:06:32 | 000,641,106 | ---- | C] () -- C:\Windows\System32\perfh007.dat
[2011.09.09 05:06:32 | 000,290,748 | ---- | C] () -- C:\Windows\System32\perfi007.dat
[2011.09.09 05:06:32 | 000,116,500 | ---- | C] () -- C:\Windows\System32\perfc007.dat
[2011.09.09 05:06:32 | 000,036,916 | ---- | C] () -- C:\Windows\System32\perfd007.dat
[2011.09.08 20:30:24 | 000,012,800 | ---- | C] () -- C:\Users\Matze\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2011.09.08 19:26:18 | 000,009,760 | ---- | C] () -- C:\Windows\System32\716xCoInstaller.dll
[2011.09.08 19:26:01 | 000,009,216 | ---- | C] () -- C:\Windows\System32\unwlsdrv.exe
[2011.09.08 19:25:54 | 000,003,636 | R--- | C] () -- C:\Windows\System32\drivers\nvphy.bin
[2011.09.08 19:19:55 | 000,000,680 | ---- | C] () -- C:\Users\Matze\AppData\Local\d3d9caps.dat
 
========== LOP Check ==========
 
[2011.11.18 20:33:11 | 000,000,000 | ---D | M] -- C:\Users\Matze\AppData\Roaming\Buhl Data Service
[2011.10.15 08:50:44 | 000,000,000 | ---D | M] -- C:\Users\Matze\AppData\Roaming\DesktopIconForAmazon
[2012.03.28 13:32:40 | 000,000,000 | ---D | M] -- C:\Users\Matze\AppData\Roaming\elsterformular
[2012.05.01 15:04:38 | 000,000,000 | ---D | M] -- C:\Users\Matze\AppData\Roaming\ESET
[2011.10.29 15:26:52 | 000,000,000 | ---D | M] -- C:\Users\Matze\AppData\Roaming\Garmin
[2011.09.09 13:15:32 | 000,000,000 | ---D | M] -- C:\Users\Matze\AppData\Roaming\Opera
[2012.01.25 17:40:30 | 000,000,000 | ---D | M] -- C:\Users\Matze\AppData\Roaming\TeamViewer
[2011.09.09 13:53:46 | 000,000,000 | ---D | M] -- C:\Users\Matze\AppData\Roaming\TuneUp Software
[2012.05.08 14:08:18 | 000,032,638 | ---- | M] () -- C:\Windows\Tasks\SCHEDLGU.TXT
 
========== Purity Check ==========
 
 
 
========== Custom Scans ==========
 
< %ALLUSERSPROFILE%\Application Data\*. >
 
< %ALLUSERSPROFILE%\Application Data\*.exe /s >
 
< %APPDATA%\*. >
[2011.10.05 20:53:00 | 000,000,000 | ---D | M] -- C:\Users\Matze\AppData\Roaming\Adobe
[2012.04.24 07:13:34 | 000,000,000 | ---D | M] -- C:\Users\Matze\AppData\Roaming\Avira
[2011.11.18 20:33:11 | 000,000,000 | ---D | M] -- C:\Users\Matze\AppData\Roaming\Buhl Data Service
[2011.10.15 08:50:44 | 000,000,000 | ---D | M] -- C:\Users\Matze\AppData\Roaming\DesktopIconForAmazon
[2011.09.13 18:41:47 | 000,000,000 | ---D | M] -- C:\Users\Matze\AppData\Roaming\DivX
[2012.03.28 13:32:40 | 000,000,000 | ---D | M] -- C:\Users\Matze\AppData\Roaming\elsterformular
[2012.05.01 15:04:38 | 000,000,000 | ---D | M] -- C:\Users\Matze\AppData\Roaming\ESET
[2011.10.29 15:26:52 | 000,000,000 | ---D | M] -- C:\Users\Matze\AppData\Roaming\Garmin
[2011.09.08 19:19:59 | 000,000,000 | ---D | M] -- C:\Users\Matze\AppData\Roaming\Identities
[2011.09.08 19:30:07 | 000,000,000 | ---D | M] -- C:\Users\Matze\AppData\Roaming\Macromedia
[2011.09.09 12:55:54 | 000,000,000 | ---D | M] -- C:\Users\Matze\AppData\Roaming\Malwarebytes
[2006.11.02 14:37:34 | 000,000,000 | ---D | M] -- C:\Users\Matze\AppData\Roaming\Media Center Programs
[2011.09.13 21:59:10 | 000,000,000 | ---D | M] -- C:\Users\Matze\AppData\Roaming\Media Player Classic
[2012.01.21 12:36:55 | 000,000,000 | --SD | M] -- C:\Users\Matze\AppData\Roaming\Microsoft
[2011.09.09 12:11:54 | 000,000,000 | ---D | M] -- C:\Users\Matze\AppData\Roaming\Mozilla
[2011.11.17 23:55:40 | 000,000,000 | ---D | M] -- C:\Users\Matze\AppData\Roaming\NVIDIA
[2011.09.09 13:15:32 | 000,000,000 | ---D | M] -- C:\Users\Matze\AppData\Roaming\Opera
[2012.01.25 17:40:30 | 000,000,000 | ---D | M] -- C:\Users\Matze\AppData\Roaming\TeamViewer
[2011.09.09 13:53:46 | 000,000,000 | ---D | M] -- C:\Users\Matze\AppData\Roaming\TuneUp Software
[2012.05.01 22:05:42 | 000,000,000 | ---D | M] -- C:\Users\Matze\AppData\Roaming\vlc
[2011.11.22 18:01:52 | 000,000,000 | ---D | M] -- C:\Users\Matze\AppData\Roaming\WinRAR
 
< %APPDATA%\*.exe /s >
[2011.10.15 08:50:44 | 000,753,664 | ---- | M] (Microsoft) -- C:\Users\Matze\AppData\Roaming\DesktopIconForAmazon\IconForAmazon.exe
[2011.09.10 17:47:14 | 000,010,134 | R--- | M] () -- C:\Users\Matze\AppData\Roaming\Microsoft\Installer\{1A4E47DC-6701-4A85-AA16-C1F99A44598C}\ARPPRODUCTICON.exe
[2011.09.10 17:47:14 | 000,045,056 | R--- | M] (InstallShield Software Corp.) -- C:\Users\Matze\AppData\Roaming\Microsoft\Installer\{1A4E47DC-6701-4A85-AA16-C1F99A44598C}\NewShortcut1_1A4E47DC67014A85AA16C1F99A44598C.exe
[2011.09.10 17:47:14 | 000,045,056 | R--- | M] (InstallShield Software Corp.) -- C:\Users\Matze\AppData\Roaming\Microsoft\Installer\{1A4E47DC-6701-4A85-AA16-C1F99A44598C}\NewShortcut5_1A4E47DC67014A85AA16C1F99A44598C.exe
[2011.11.10 20:09:15 | 000,015,360 | R--- | M] () -- C:\Users\Matze\AppData\Roaming\Microsoft\Installer\{DD8408E9-9421-484F-979D-DB6361E3E828}\IconDD8408E910.exe
[2011.11.10 20:09:15 | 000,011,264 | R--- | M] () -- C:\Users\Matze\AppData\Roaming\Microsoft\Installer\{DD8408E9-9421-484F-979D-DB6361E3E828}\IconDD8408E96.exe
 
< %SYSTEMDRIVE%\*.exe >
 
< MD5 for: AGP440.SYS  >
[2006.11.02 11:49:52 | 000,053,864 | ---- | M] (Microsoft Corporation) MD5=EF23439CDD587F64C2C1B8825CEAD7D8 -- C:\Windows\System32\drivers\AGP440.sys
[2006.11.02 11:49:52 | 000,053,864 | ---- | M] (Microsoft Corporation) MD5=EF23439CDD587F64C2C1B8825CEAD7D8 -- C:\Windows\System32\DriverStore\FileRepository\machine.inf_920a2c1f\AGP440.sys
 
< MD5 for: ATAPI.SYS  >
[2006.11.02 11:49:36 | 000,019,048 | ---- | M] (Microsoft Corporation) MD5=4F4FCB8B6EA06784FB6D475B7EC7300F -- C:\Windows\System32\DriverStore\FileRepository\mshdc.inf_c6c2e699\atapi.sys
[2007.08.01 16:22:24 | 000,021,688 | ---- | M] (Microsoft Corporation) MD5=78620BDA3EC87816E5D1FA86F920BC3A -- C:\Windows\System32\DriverStore\FileRepository\mshdc.inf_c2a1b5ae\atapi.sys
[2007.08.01 16:22:24 | 000,021,688 | ---- | M] (Microsoft Corporation) MD5=78620BDA3EC87816E5D1FA86F920BC3A -- C:\Windows\winsxs\x86_mshdc.inf_31bf3856ad364e35_6.0.6000.20518_none_dbd8b4d73d81c9d0\atapi.sys
[2011.09.10 08:24:16 | 000,021,560 | ---- | M] (Microsoft Corporation) MD5=B35CFCEF838382AB6490B321C87EDF17 -- C:\Windows\System32\DriverStore\FileRepository\mshdc.inf_7de13c21\atapi.sys
[2011.09.10 08:24:16 | 000,021,560 | ---- | M] (Microsoft Corporation) MD5=B35CFCEF838382AB6490B321C87EDF17 -- C:\Windows\winsxs\x86_mshdc.inf_31bf3856ad364e35_6.0.6000.16632_none_db337a442479c42c\atapi.sys
[2011.09.10 08:24:16 | 000,021,560 | ---- | M] (Microsoft Corporation) MD5=E03E8C99D15D0381E02743C36AFC7C6F -- C:\Windows\System32\drivers\atapi.sys
[2011.09.10 08:24:16 | 000,021,560 | ---- | M] (Microsoft Corporation) MD5=E03E8C99D15D0381E02743C36AFC7C6F -- C:\Windows\System32\DriverStore\FileRepository\mshdc.inf_64dfd8ea\atapi.sys
[2011.09.10 08:24:16 | 000,021,560 | ---- | M] (Microsoft Corporation) MD5=E03E8C99D15D0381E02743C36AFC7C6F -- C:\Windows\winsxs\x86_mshdc.inf_31bf3856ad364e35_6.0.6000.20757_none_dbac78a93da31a8b\atapi.sys
 
< MD5 for: CNGAUDIT.DLL  >
[2006.11.02 11:46:03 | 000,011,776 | ---- | M] (Microsoft Corporation) MD5=7F15B4953378C8B5161D65C26D5FED4D -- C:\Windows\System32\cngaudit.dll
[2006.11.02 11:46:03 | 000,011,776 | ---- | M] (Microsoft Corporation) MD5=7F15B4953378C8B5161D65C26D5FED4D -- C:\Windows\winsxs\x86_microsoft-windows-cngaudit-dll_31bf3856ad364e35_6.0.6000.16386_none_e62d292932a96ce6\cngaudit.dll
 
< MD5 for: IASTORV.SYS  >
[2006.11.02 11:51:25 | 000,232,040 | ---- | M] (Intel Corporation) MD5=C957BF4B5D80B46C5017BF0101E6C906 -- C:\Windows\System32\drivers\iaStorV.sys
[2006.11.02 11:51:25 | 000,232,040 | ---- | M] (Intel Corporation) MD5=C957BF4B5D80B46C5017BF0101E6C906 -- C:\Windows\System32\DriverStore\FileRepository\iastorv.inf_37cdafa4\iaStorV.sys
 
< MD5 for: NETLOGON.DLL  >
[2006.11.02 11:46:11 | 000,559,616 | ---- | M] (Microsoft Corporation) MD5=889A2C9F2AACCD8F64EF50AC0B3D553B -- C:\Windows\System32\netlogon.dll
[2006.11.02 11:46:11 | 000,559,616 | ---- | M] (Microsoft Corporation) MD5=889A2C9F2AACCD8F64EF50AC0B3D553B -- C:\Windows\winsxs\x86_microsoft-windows-security-netlogon_31bf3856ad364e35_6.0.6000.16386_none_fb80f5473b0ed783\netlogon.dll
 
< MD5 for: NVSTOR.SYS  >
[2007.01.05 22:59:42 | 000,035,920 | ---- | M] (NVIDIA Corporation) MD5=4A5FCAB82D9BF6AF8A023A66802FE9E9 -- C:\Windows\System32\drivers\nvstor.sys
[2007.01.05 22:59:42 | 000,035,920 | ---- | M] (NVIDIA Corporation) MD5=4A5FCAB82D9BF6AF8A023A66802FE9E9 -- C:\Windows\System32\DriverStore\FileRepository\nvraid.inf_45f67928\nvstor.sys
[2006.11.02 11:50:13 | 000,040,040 | ---- | M] (NVIDIA Corporation) MD5=9E0BA19A28C498A6D323D065DB76DFFC -- C:\Windows\System32\DriverStore\FileRepository\nvraid.inf_733654ff\nvstor.sys
 
< MD5 for: SCECLI.DLL  >
[2006.11.02 11:46:12 | 000,176,640 | ---- | M] (Microsoft Corporation) MD5=80E2839D05CA5970A86D7BE2A08BFF61 -- C:\Windows\System32\scecli.dll
[2006.11.02 11:46:12 | 000,176,640 | ---- | M] (Microsoft Corporation) MD5=80E2839D05CA5970A86D7BE2A08BFF61 -- C:\Windows\winsxs\x86_microsoft-windows-s..urationengineclient_31bf3856ad364e35_6.0.6000.16386_none_35d7205fdc305e3e\scecli.dll
 
< MD5 for: USER32.DLL  >
[2011.09.09 12:28:48 | 000,633,856 | ---- | M] (Microsoft Corporation) MD5=9D9F061EDA75425FC67F0365E3467C86 -- C:\Windows\winsxs\x86_microsoft-windows-user32_31bf3856ad364e35_6.0.6000.20537_none_cbc258dc896598f1\user32.dll
[2006.11.02 11:46:13 | 000,633,856 | ---- | M] (Microsoft Corporation) MD5=E698A5437B89A285ACA3FF022356810A -- C:\Windows\winsxs\x86_microsoft-windows-user32_31bf3856ad364e35_6.0.6000.16386_none_cb01aa4570716e5e\user32.dll
[2011.09.09 12:28:48 | 000,633,856 | ---- | M] (Microsoft Corporation) Unable to obtain MD5 -- C:\Windows\System32\user32.dll
[2011.09.09 12:28:48 | 000,633,856 | ---- | M] (Microsoft Corporation) Unable to obtain MD5 -- C:\Windows\winsxs\x86_microsoft-windows-user32_31bf3856ad364e35_6.0.6000.16438_none_cb39bc5b7047127e\user32.dll
 
< MD5 for: USERINIT.EXE  >
[2006.11.02 11:45:50 | 000,024,576 | ---- | M] (Microsoft Corporation) MD5=22027835939F86C3E47AD8E3FBDE3D11 -- C:\Windows\System32\userinit.exe
[2006.11.02 11:45:50 | 000,024,576 | ---- | M] (Microsoft Corporation) MD5=22027835939F86C3E47AD8E3FBDE3D11 -- C:\Windows\winsxs\x86_microsoft-windows-userinit_31bf3856ad364e35_6.0.6000.16386_none_d9f1f819d4c4e737\userinit.exe
 
< MD5 for: WININIT.EXE  >
[2006.11.02 11:45:57 | 000,095,744 | ---- | M] (Microsoft Corporation) MD5=D4385B03E8CCCEE6F0EE249F827C1F3E -- C:\Windows\System32\wininit.exe
[2006.11.02 11:45:57 | 000,095,744 | ---- | M] (Microsoft Corporation) MD5=D4385B03E8CCCEE6F0EE249F827C1F3E -- C:\Windows\winsxs\x86_microsoft-windows-wininit_31bf3856ad364e35_6.0.6000.16386_none_2ebbf6d3076595ce\wininit.exe
 
< MD5 for: WINLOGON.EXE  >
[2012.04.04 15:56:38 | 000,199,240 | ---- | M] () MD5=097D0E812D7A9A3101CE46CB2BE0474D -- C:\Program Files\Malwarebytes' Anti-Malware\Chameleon\winlogon.exe
[2006.11.02 11:45:57 | 000,308,224 | ---- | M] (Microsoft Corporation) MD5=9F75392B9128A91ABAFB044EA350BAAD -- C:\Windows\System32\winlogon.exe
[2006.11.02 11:45:57 | 000,308,224 | ---- | M] (Microsoft Corporation) MD5=9F75392B9128A91ABAFB044EA350BAAD -- C:\Windows\winsxs\x86_microsoft-windows-winlogon_31bf3856ad364e35_6.0.6000.16386_none_6d8c3f1ad8066b21\winlogon.exe
 
< MD5 for: WS2IFSL.SYS  >
[2006.11.02 10:58:26 | 000,015,872 | ---- | M] (Microsoft Corporation) MD5=84620AECDCFD2A7A14E6263927D8C0ED -- C:\Windows\System32\drivers\ws2ifsl.sys
[2006.11.02 10:58:26 | 000,015,872 | ---- | M] (Microsoft Corporation) MD5=84620AECDCFD2A7A14E6263927D8C0ED -- C:\Windows\winsxs\x86_microsoft-windows-w..rastructure-ws2ifsl_31bf3856ad364e35_6.0.6000.16386_none_4d4fded8cae2956d\ws2ifsl.sys
 
< %systemroot%\system32\drivers\*.sys /lockedfiles >
 
< %systemroot%\System32\config\*.sav >
[2006.11.02 12:34:05 | 000,008,192 | ---- | M] () -- C:\Windows\System32\config\COMPONENTS.SAV
[2006.11.02 12:34:05 | 000,020,480 | ---- | M] () -- C:\Windows\System32\config\DEFAULT.SAV
[2006.11.02 12:34:05 | 000,008,192 | ---- | M] () -- C:\Windows\System32\config\SECURITY.SAV
[2006.11.02 12:34:08 | 010,133,504 | ---- | M] () -- C:\Windows\System32\config\SOFTWARE.SAV
[2006.11.02 12:34:08 | 001,826,816 | ---- | M] () -- C:\Windows\System32\config\SYSTEM.SAV
 
< %systemroot%\*. /mp /s >
 
< %systemroot%\system32\*.dll /lockedfiles >
[4 C:\Windows\system32\*.tmp files -> C:\Windows\system32\*.tmp -> ]

< End of report >

--- --- ---

cosinus · 08.05.2012, 18:28

Mach einen OTL-Fix, beende alle evtl. geöffneten Programme, auch Virenscanner deaktivieren (!), starte OTL und kopiere folgenden Text in die "Custom Scan/Fixes" Box (unten in OTL): (das ":OTL" muss mitkopiert werden!!!)

Code:

ATTFilter

:OTL
DRV - (blbdrive) -- C:\Windows\system32\drivers\blbdrive.sys File not found
DRV - (aaudstum) -- C:\Users\Matze\AppData\Local\Temp\aaudstum.sys File not found
IE - HKU\S-1-5-21-534847706-395394252-3581119422-1000\..\SearchScopes\{BB74DE59-BC4C-4172-9AC4-73315F71CFFE}: "URL" = http://search.searchonme.com/?q={searchTerms}
FF - prefs.js..browser.search.defaultenginename: "SearchOnMe"
FF - prefs.js..browser.search.order.1: "SearchOnMe"
FF - prefs.js..keyword.URL: "http://search.searchonme.com/?q="
FF - user.js - File not found
[2012.03.18 08:45:03 | 000,000,000 | ---D | M] (Codec-C) -- C:\Users\Matze\AppData\Roaming\mozilla\Firefox\Profiles\uig1ebrz.default\extensions\info@allpremiumplay.info
[2012.03.18 08:45:02 | 000,000,448 | ---- | M] () -- C:\Users\Matze\AppData\Roaming\Mozilla\Firefox\Profiles\uig1ebrz.default\searchplugins\SearchOnMe.xml
[2012.05.02 17:15:35 | 000,000,000 | ---D | M] (GMX Toolbar) -- C:\Programme\Mozilla Firefox\distribution\extensions\toolbar@gmx.net
[2011.09.13 17:19:39 | 000,002,288 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\babylon.xml
O4 - HKU\S-1-5-21-534847706-395394252-3581119422-1000..\Run: [SpybotSD TeaTimer] C:\Programme\Spybot - Search & Destroy\TeaTimer.exe (Safer-Networking Ltd.)
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2006.09.18 23:43:36 | 000,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ]
O32 - AutoRun File - [2011.10.17 16:54:03 | 000,000,000 | ---D | M] - E:\Autorun -- [ NTFS ]
:Commands
[purity]
[emptytemp]
[emptyflash]
[resethosts]

Klick dann oben links auf den Button Fix!
Das Logfile müsste geöffnet werden, wenn Du nach dem Fixen auf ok klickst, poste das bitte. Evtl. wird der Rechner neu gestartet.

Die mit diesem Script gefixten Einträge, Dateien und Ordner werden zur Sicherheit nicht vollständig gelöscht, es wird eine Sicherheitskopie auf der Systempartition im Ordner "_OTL" erstellt.

Hinweis: Das obige Script ist nur für diesen einen User in dieser Situtation erstellt worden. Es ist auf keinen anderen Rechner portierbar und darf nicht anderweitig verwandt werden, da es das System nachhaltig schädigen kann!

matjes80 · 08.05.2012, 22:54

PC wurde neu gestartet

Code:

ATTFilter

All processes killed
========== OTL ==========
Service blbdrive stopped successfully!
Service blbdrive deleted successfully!
File  C:\Windows\system32\drivers\blbdrive.sys File not found not found.
Service aaudstum stopped successfully!
Service aaudstum deleted successfully!
File  C:\Users\Matze\AppData\Local\Temp\aaudstum.sys File not found not found.
Registry key HKEY_USERS\S-1-5-21-534847706-395394252-3581119422-1000\Software\Microsoft\Internet Explorer\SearchScopes\{BB74DE59-BC4C-4172-9AC4-73315F71CFFE}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{BB74DE59-BC4C-4172-9AC4-73315F71CFFE}\ not found.
Prefs.js: "SearchOnMe" removed from browser.search.defaultenginename
Prefs.js: "SearchOnMe" removed from browser.search.order.1
Prefs.js: "hxxp://search.searchonme.com/?q=" removed from keyword.URL
C:\Users\Matze\AppData\Roaming\mozilla\Firefox\Profiles\uig1ebrz.default\extensions\info@allpremiumplay.info\content folder moved successfully.
C:\Users\Matze\AppData\Roaming\mozilla\Firefox\Profiles\uig1ebrz.default\extensions\info@allpremiumplay.info folder moved successfully.
C:\Users\Matze\AppData\Roaming\Mozilla\Firefox\Profiles\uig1ebrz.default\searchplugins\SearchOnMe.xml moved successfully.
C:\Programme\Mozilla Firefox\distribution\extensions\toolbar@gmx.net\skin\weather folder moved successfully.
C:\Programme\Mozilla Firefox\distribution\extensions\toolbar@gmx.net\skin\ticker folder moved successfully.
C:\Programme\Mozilla Firefox\distribution\extensions\toolbar@gmx.net\skin\shopping folder moved successfully.
C:\Programme\Mozilla Firefox\distribution\extensions\toolbar@gmx.net\skin\search folder moved successfully.
C:\Programme\Mozilla Firefox\distribution\extensions\toolbar@gmx.net\skin\pref folder moved successfully.
C:\Programme\Mozilla Firefox\distribution\extensions\toolbar@gmx.net\skin\phish folder moved successfully.
C:\Programme\Mozilla Firefox\distribution\extensions\toolbar@gmx.net\skin\newtab\initial-thumbs folder moved successfully.
C:\Programme\Mozilla Firefox\distribution\extensions\toolbar@gmx.net\skin\newtab folder moved successfully.
C:\Programme\Mozilla Firefox\distribution\extensions\toolbar@gmx.net\skin\neterror folder moved successfully.
C:\Programme\Mozilla Firefox\distribution\extensions\toolbar@gmx.net\skin\horoscope folder moved successfully.
C:\Programme\Mozilla Firefox\distribution\extensions\toolbar@gmx.net\skin\homebutton folder moved successfully.
C:\Programme\Mozilla Firefox\distribution\extensions\toolbar@gmx.net\skin\highlight folder moved successfully.
C:\Programme\Mozilla Firefox\distribution\extensions\toolbar@gmx.net\skin\help folder moved successfully.
C:\Programme\Mozilla Firefox\distribution\extensions\toolbar@gmx.net\skin\email folder moved successfully.
C:\Programme\Mozilla Firefox\distribution\extensions\toolbar@gmx.net\skin\ebay folder moved successfully.
C:\Programme\Mozilla Firefox\distribution\extensions\toolbar@gmx.net\skin\brand folder moved successfully.
C:\Programme\Mozilla Firefox\distribution\extensions\toolbar@gmx.net\skin folder moved successfully.
C:\Programme\Mozilla Firefox\distribution\extensions\toolbar@gmx.net\locale\en-US\weather folder moved successfully.
C:\Programme\Mozilla Firefox\distribution\extensions\toolbar@gmx.net\locale\en-US\ticker folder moved successfully.
C:\Programme\Mozilla Firefox\distribution\extensions\toolbar@gmx.net\locale\en-US\shopping folder moved successfully.
C:\Programme\Mozilla Firefox\distribution\extensions\toolbar@gmx.net\locale\en-US\search folder moved successfully.
C:\Programme\Mozilla Firefox\distribution\extensions\toolbar@gmx.net\locale\en-US\pref folder moved successfully.
C:\Programme\Mozilla Firefox\distribution\extensions\toolbar@gmx.net\locale\en-US\phish folder moved successfully.
C:\Programme\Mozilla Firefox\distribution\extensions\toolbar@gmx.net\locale\en-US\newtab folder moved successfully.
C:\Programme\Mozilla Firefox\distribution\extensions\toolbar@gmx.net\locale\en-US\neterror folder moved successfully.
C:\Programme\Mozilla Firefox\distribution\extensions\toolbar@gmx.net\locale\en-US\main folder moved successfully.
C:\Programme\Mozilla Firefox\distribution\extensions\toolbar@gmx.net\locale\en-US\horoscope folder moved successfully.
C:\Programme\Mozilla Firefox\distribution\extensions\toolbar@gmx.net\locale\en-US\highlight folder moved successfully.
C:\Programme\Mozilla Firefox\distribution\extensions\toolbar@gmx.net\locale\en-US\help folder moved successfully.
C:\Programme\Mozilla Firefox\distribution\extensions\toolbar@gmx.net\locale\en-US\email folder moved successfully.
C:\Programme\Mozilla Firefox\distribution\extensions\toolbar@gmx.net\locale\en-US\ebay folder moved successfully.
C:\Programme\Mozilla Firefox\distribution\extensions\toolbar@gmx.net\locale\en-US folder moved successfully.
C:\Programme\Mozilla Firefox\distribution\extensions\toolbar@gmx.net\locale\de-DE\weather folder moved successfully.
C:\Programme\Mozilla Firefox\distribution\extensions\toolbar@gmx.net\locale\de-DE\ticker folder moved successfully.
C:\Programme\Mozilla Firefox\distribution\extensions\toolbar@gmx.net\locale\de-DE\shopping folder moved successfully.
C:\Programme\Mozilla Firefox\distribution\extensions\toolbar@gmx.net\locale\de-DE\search folder moved successfully.
C:\Programme\Mozilla Firefox\distribution\extensions\toolbar@gmx.net\locale\de-DE\pref folder moved successfully.
C:\Programme\Mozilla Firefox\distribution\extensions\toolbar@gmx.net\locale\de-DE\phish folder moved successfully.
C:\Programme\Mozilla Firefox\distribution\extensions\toolbar@gmx.net\locale\de-DE\newtab folder moved successfully.
C:\Programme\Mozilla Firefox\distribution\extensions\toolbar@gmx.net\locale\de-DE\neterror folder moved successfully.
C:\Programme\Mozilla Firefox\distribution\extensions\toolbar@gmx.net\locale\de-DE\main folder moved successfully.
C:\Programme\Mozilla Firefox\distribution\extensions\toolbar@gmx.net\locale\de-DE\horoscope folder moved successfully.
C:\Programme\Mozilla Firefox\distribution\extensions\toolbar@gmx.net\locale\de-DE\highlight folder moved successfully.
C:\Programme\Mozilla Firefox\distribution\extensions\toolbar@gmx.net\locale\de-DE\help\page folder moved successfully.
C:\Programme\Mozilla Firefox\distribution\extensions\toolbar@gmx.net\locale\de-DE\help folder moved successfully.
C:\Programme\Mozilla Firefox\distribution\extensions\toolbar@gmx.net\locale\de-DE\email folder moved successfully.
C:\Programme\Mozilla Firefox\distribution\extensions\toolbar@gmx.net\locale\de-DE\ebay folder moved successfully.
C:\Programme\Mozilla Firefox\distribution\extensions\toolbar@gmx.net\locale\de-DE folder moved successfully.
C:\Programme\Mozilla Firefox\distribution\extensions\toolbar@gmx.net\locale folder moved successfully.
C:\Programme\Mozilla Firefox\distribution\extensions\toolbar@gmx.net\defaults\preferences folder moved successfully.
C:\Programme\Mozilla Firefox\distribution\extensions\toolbar@gmx.net\defaults folder moved successfully.
C:\Programme\Mozilla Firefox\distribution\extensions\toolbar@gmx.net\content\weather folder moved successfully.
C:\Programme\Mozilla Firefox\distribution\extensions\toolbar@gmx.net\content\util folder moved successfully.
C:\Programme\Mozilla Firefox\distribution\extensions\toolbar@gmx.net\content\tracking folder moved successfully.
C:\Programme\Mozilla Firefox\distribution\extensions\toolbar@gmx.net\content\ticker folder moved successfully.
C:\Programme\Mozilla Firefox\distribution\extensions\toolbar@gmx.net\content\shopping folder moved successfully.
C:\Programme\Mozilla Firefox\distribution\extensions\toolbar@gmx.net\content\search\mcollect folder moved successfully.
C:\Programme\Mozilla Firefox\distribution\extensions\toolbar@gmx.net\content\search folder moved successfully.
C:\Programme\Mozilla Firefox\distribution\extensions\toolbar@gmx.net\content\pref folder moved successfully.
C:\Programme\Mozilla Firefox\distribution\extensions\toolbar@gmx.net\content\phish folder moved successfully.
C:\Programme\Mozilla Firefox\distribution\extensions\toolbar@gmx.net\content\newtab folder moved successfully.
C:\Programme\Mozilla Firefox\distribution\extensions\toolbar@gmx.net\content\neterror folder moved successfully.
C:\Programme\Mozilla Firefox\distribution\extensions\toolbar@gmx.net\content\main folder moved successfully.
C:\Programme\Mozilla Firefox\distribution\extensions\toolbar@gmx.net\content\hotnews folder moved successfully.
C:\Programme\Mozilla Firefox\distribution\extensions\toolbar@gmx.net\content\horoscope folder moved successfully.
C:\Programme\Mozilla Firefox\distribution\extensions\toolbar@gmx.net\content\highlight folder moved successfully.
C:\Programme\Mozilla Firefox\distribution\extensions\toolbar@gmx.net\content\help folder moved successfully.
C:\Programme\Mozilla Firefox\distribution\extensions\toolbar@gmx.net\content\email folder moved successfully.
C:\Programme\Mozilla Firefox\distribution\extensions\toolbar@gmx.net\content\ebay folder moved successfully.
C:\Programme\Mozilla Firefox\distribution\extensions\toolbar@gmx.net\content folder moved successfully.
C:\Programme\Mozilla Firefox\distribution\extensions\toolbar@gmx.net\components folder moved successfully.
C:\Programme\Mozilla Firefox\distribution\extensions\toolbar@gmx.net folder moved successfully.
C:\Programme\Mozilla Firefox\searchplugins\babylon.xml moved successfully.
Registry value HKEY_USERS\S-1-5-21-534847706-395394252-3581119422-1000\Software\Microsoft\Windows\CurrentVersion\Run\\SpybotSD TeaTimer deleted successfully.
C:\Programme\Spybot - Search & Destroy\TeaTimer.exe moved successfully.
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Cdrom\\AutoRun|DWORD:1 /E : value set successfully!
C:\autoexec.bat moved successfully.
File  not found.
========== COMMANDS ==========
 
[EMPTYTEMP]
 
User: All Users
 
User: Default
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
 
User: Default User
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
 
User: Matze
->Temp folder emptied: 100502 bytes
->Temporary Internet Files folder emptied: 417633 bytes
->FireFox cache emptied: 143018372 bytes
->Opera cache emptied: 3601131 bytes
->Flash cache emptied: 1334 bytes
 
User: Public
 
User: UpdatusUser
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
 
%systemdrive% .tmp files removed: 0 bytes
%systemroot% .tmp files removed: 0 bytes
%systemroot%\System32 .tmp files removed: 17460992 bytes
%systemroot%\System32\drivers .tmp files removed: 0 bytes
Windows Temp folder emptied: 107870 bytes
RecycleBin emptied: 31744 bytes
 
Total Files Cleaned = 157,00 mb
 
 
[EMPTYFLASH]
 
User: All Users
 
User: Default
 
User: Default User
 
User: Matze
->Flash cache emptied: 0 bytes
 
User: Public
 
User: UpdatusUser
 
Total Flash Files Cleaned = 0,00 mb
 
C:\Windows\System32\drivers\etc\Hosts moved successfully.
HOSTS file reset successfully
 
OTL by OldTimer - Version 3.2.42.2 log created on 05082012_234908

Files\Folders moved on Reboot...

Registry entries deleted on Reboot...

Was machen wir hier eigentlich? :-)
Gruß
Matjes

cosinus · 11.05.2012, 10:15

Bitte nun (im normalen Windows-Modus) dieses Tool von Kaspersky (TDSS-Killer) ausführen und das Log posten, Anleitung und Downloadlink hier => http://www.trojaner-board.de/82358-t...entfernen.html

Hinweis: Bitte den Virenscanner abstellen bevor du den TDSS-Killer ausführst, denn v.a. Avira meldet im TDSS-Tool oft einen Fehalalrm!

Das Tool so einstellen wie unten im Bild angegeben - klick auf change parameters und setze die Haken wie im folgenden Screenshot abgebildet,
Dann auf Start Scan klicken und wenn es durch ist auf den Button Report klicken um das Log anzuzeigen. Dieses bitte komplett posten.
Wenn du das Log nicht findest oder den Inhalt kopieren und in dein Posting übertragen kannst, dann schau bitte direkt auf deiner Windows-Systempartition (meistens Laufwerk C

nach, da speichert der TDSS-Killer seine Logs.

Hinweis: Bitte nichts voreilig mit dem TDSS-Killer löschen! Falls Objekte vom TDSS-Killer bemängelt werden, alle mit der Aktion "skip" behandeln und hier nur das Log posten!

matjes80 · 11.05.2012, 12:33

Ah, supi man kommt wieder auf Trojaner-Board.
weiter geht´s...

Code:

ATTFilter

13:27:12.0706 2448	TDSS rootkit removing tool 2.7.34.0 May  2 2012 09:59:18
13:27:12.0851 2448	============================================================
13:27:12.0851 2448	Current date / time: 2012/05/11 13:27:12.0851
13:27:12.0851 2448	SystemInfo:
13:27:12.0851 2448	
13:27:12.0851 2448	OS Version: 6.0.6000 ServicePack: 0.0
13:27:12.0851 2448	Product type: Workstation
13:27:12.0851 2448	ComputerName: MATZE-PC
13:27:12.0851 2448	UserName: Matze
13:27:12.0851 2448	Windows directory: C:\Windows
13:27:12.0851 2448	System windows directory: C:\Windows
13:27:12.0851 2448	Processor architecture: Intel x86
13:27:12.0851 2448	Number of processors: 4
13:27:12.0851 2448	Page size: 0x1000
13:27:12.0851 2448	Boot type: Normal boot
13:27:12.0851 2448	============================================================
13:27:13.0760 2448	Drive \Device\Harddisk0\DR0 - Size: 0x7470C06000 (465.76 Gb), SectorSize: 0x200, Cylinders: 0xED81, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000050
13:27:13.0777 2448	============================================================
13:27:13.0777 2448	\Device\Harddisk0\DR0:
13:27:13.0777 2448	MBR partitions:
13:27:13.0777 2448	\Device\Harddisk0\DR0\Partition0: MBR, Type 0x7, StartLBA 0x1770800, BlocksNum 0x139B9800
13:27:13.0777 2448	\Device\Harddisk0\DR0\Partition1: MBR, Type 0x7, StartLBA 0x1512A000, BlocksNum 0x124F8000
13:27:13.0777 2448	\Device\Harddisk0\DR0\Partition2: MBR, Type 0x7, StartLBA 0x27622000, BlocksNum 0x12D63800
13:27:13.0777 2448	============================================================
13:27:13.0813 2448	C: <-> \Device\Harddisk0\DR0\Partition0
13:27:13.0849 2448	D: <-> \Device\Harddisk0\DR0\Partition1
13:27:13.0961 2448	E: <-> \Device\Harddisk0\DR0\Partition2
13:27:13.0961 2448	============================================================
13:27:13.0961 2448	Initialize success
13:27:13.0961 2448	============================================================
13:27:39.0405 3000	============================================================
13:27:39.0406 3000	Scan started
13:27:39.0406 3000	Mode: Manual; SigCheck; TDLFS; 
13:27:39.0406 3000	============================================================
13:27:39.0815 3000	ACPI            (84fc6df81212d16be5c4f441682feccc) C:\Windows\system32\drivers\acpi.sys
13:27:39.0905 3000	ACPI - ok
13:27:39.0966 3000	AdobeARMservice (62b7936f9036dd6ed36e6a7efa805dc0) C:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe
13:27:39.0973 3000	AdobeARMservice - ok
13:27:40.0041 3000	AdobeFlashPlayerUpdateSvc (76d5a3d2a50402a0b9b6ed13c4371e79) C:\Windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe
13:27:40.0049 3000	AdobeFlashPlayerUpdateSvc - ok
13:27:40.0089 3000	adp94xx         (2edc5bbac6c651ece337bde8ed97c9fb) C:\Windows\system32\drivers\adp94xx.sys
13:27:40.0118 3000	adp94xx - ok
13:27:40.0200 3000	adpahci         (b84088ca3cdca97da44a984c6ce1ccad) C:\Windows\system32\drivers\adpahci.sys
13:27:40.0211 3000	adpahci - ok
13:27:40.0225 3000	adpu160m        (7880c67bccc27c86fd05aa2afb5ea469) C:\Windows\system32\drivers\adpu160m.sys
13:27:40.0233 3000	adpu160m - ok
13:27:40.0254 3000	adpu320         (9ae713f8e30efc2abccd84904333df4d) C:\Windows\system32\drivers\adpu320.sys
13:27:40.0262 3000	adpu320 - ok
13:27:40.0286 3000	AeLookupSvc     (9d1fda9e086ba64e3c93c9de32461bcf) C:\Windows\System32\aelupsvc.dll
13:27:40.0460 3000	AeLookupSvc - ok
13:27:40.0525 3000	AFD             (5d24caf8efd924a875698ff28384db8b) C:\Windows\system32\drivers\afd.sys
13:27:40.0588 3000	AFD - ok
13:27:40.0625 3000	agp440          (ef23439cdd587f64c2c1b8825cead7d8) C:\Windows\system32\drivers\agp440.sys
13:27:40.0632 3000	agp440 - ok
13:27:40.0650 3000	aic78xx         (ae1fdf7bf7bb6c6a70f67699d880592a) C:\Windows\system32\drivers\djsvs.sys
13:27:40.0658 3000	aic78xx - ok
13:27:40.0673 3000	ALG             (e69fb0e3112c40fdc0ef7d21a52dc951) C:\Windows\System32\alg.exe
13:27:40.0723 3000	ALG - ok
13:27:40.0736 3000	aliide          (496eda16a127ac9a38bb285bef17dbb5) C:\Windows\system32\drivers\aliide.sys
13:27:40.0744 3000	aliide - ok
13:27:40.0761 3000	amdagp          (2b13e304c9dfdfa5eb582f6a149fa2c7) C:\Windows\system32\drivers\amdagp.sys
13:27:40.0768 3000	amdagp - ok
13:27:40.0776 3000	amdide          (6f65f4147c54398d7280b18cebbed215) C:\Windows\system32\drivers\amdide.sys
13:27:40.0783 3000	amdide - ok
13:27:40.0826 3000	AmdK7           (dc487885bcef9f28eece6fac0e5ddfc5) C:\Windows\system32\drivers\amdk7.sys
13:27:40.0881 3000	AmdK7 - ok
13:27:40.0901 3000	AmdK8           (0ca0071da4315b00fc1328ca86b425da) C:\Windows\system32\drivers\amdk8.sys
13:27:40.0954 3000	AmdK8 - ok
13:27:41.0064 3000	AntiVirSchedulerService (466a0d95960dad3222c896d2cea99993) C:\Program Files\Avira\AntiVir Desktop\sched.exe
13:27:41.0072 3000	AntiVirSchedulerService - ok
13:27:41.0101 3000	AntiVirService  (a489be6bb0aa1ff406b488b60542314b) C:\Program Files\Avira\AntiVir Desktop\avguard.exe
13:27:41.0108 3000	AntiVirService - ok
13:27:41.0133 3000	Appinfo         (cfa455816879f06f1c4e5bbf9e8aef7d) C:\Windows\System32\appinfo.dll
13:27:41.0182 3000	Appinfo - ok
13:27:41.0210 3000	arc             (5f673180268bb1fdb69c99b6619fe379) C:\Windows\system32\drivers\arc.sys
13:27:41.0217 3000	arc - ok
13:27:41.0262 3000	arcsas          (957f7540b5e7f602e44648c7de5a1c05) C:\Windows\system32\drivers\arcsas.sys
13:27:41.0269 3000	arcsas - ok
13:27:41.0313 3000	AsyncMac        (e86cf7ce67d5de898f27ef884dc357d8) C:\Windows\system32\DRIVERS\asyncmac.sys
13:27:41.0362 3000	AsyncMac - ok
13:27:41.0378 3000	atapi           (e03e8c99d15d0381e02743c36afc7c6f) C:\Windows\system32\drivers\atapi.sys
13:27:41.0386 3000	atapi - ok
13:27:41.0451 3000	atksgt          (72bc628af75c4c3250f2a3bac260265a) C:\Windows\system32\DRIVERS\atksgt.sys
13:27:41.0476 3000	atksgt - ok
13:27:41.0502 3000	AudioEndpointBuilder (e760fc1bd68f7f6f1b17eb4e8d9480b0) C:\Windows\System32\Audiosrv.dll
13:27:41.0555 3000	AudioEndpointBuilder - ok
13:27:41.0560 3000	Audiosrv        (e760fc1bd68f7f6f1b17eb4e8d9480b0) C:\Windows\System32\Audiosrv.dll
13:27:41.0598 3000	Audiosrv - ok
13:27:41.0649 3000	avgntflt        (d5541f0afb767e85fc412fc609d96a74) C:\Windows\system32\DRIVERS\avgntflt.sys
13:27:41.0657 3000	avgntflt - ok
13:27:41.0705 3000	avipbb          (7d967a682d4694df7fa57d63a2db01fe) C:\Windows\system32\DRIVERS\avipbb.sys
13:27:41.0713 3000	avipbb - ok
13:27:41.0724 3000	avkmgr          (271cfd1a989209b1964e24d969552bf7) C:\Windows\system32\DRIVERS\avkmgr.sys
13:27:41.0731 3000	avkmgr - ok
13:27:41.0746 3000	Beep            (ac3dd1708b22761ebd7cbe14dcc3b5d7) C:\Windows\system32\drivers\Beep.sys
13:27:41.0809 3000	Beep - ok
13:27:41.0859 3000	BFE             (98ebdffb824a7c265337d68dd480e45c) C:\Windows\System32\bfe.dll
13:27:41.0937 3000	BFE - ok
13:27:42.0013 3000	BITS            (da551697e34d2b9943c8b1c8eaffe89a) C:\Windows\System32\qmgr.dll
13:27:42.0075 3000	BITS - ok
13:27:42.0080 3000	bowser          (913cd06fbe9105ce6077e90fd4418561) C:\Windows\system32\DRIVERS\bowser.sys
13:27:42.0116 3000	bowser - ok
13:27:42.0155 3000	BrFiltLo        (9f9acc7f7ccde8a15c282d3f88b43309) C:\Windows\system32\drivers\brfiltlo.sys
13:27:42.0217 3000	BrFiltLo - ok
13:27:42.0249 3000	BrFiltUp        (56801ad62213a41f6497f96dee83755a) C:\Windows\system32\drivers\brfiltup.sys
13:27:42.0314 3000	BrFiltUp - ok
13:27:42.0355 3000	Browser         (beb6470532b7461d7bb426e3facb424f) C:\Windows\System32\browser.dll
13:27:42.0405 3000	Browser - ok
13:27:42.0438 3000	Brserid         (b304e75cff293029eddf094246747113) C:\Windows\system32\drivers\brserid.sys
13:27:42.0474 3000	Brserid - ok
13:27:42.0500 3000	BrSerWdm        (203f0b1e73adadbbb7b7b1fabd901f6b) C:\Windows\system32\drivers\brserwdm.sys
13:27:42.0563 3000	BrSerWdm - ok
13:27:42.0586 3000	BrUsbMdm        (bd456606156ba17e60a04e18016ae54b) C:\Windows\system32\drivers\brusbmdm.sys
13:27:42.0639 3000	BrUsbMdm - ok
13:27:42.0656 3000	BrUsbSer        (af72ed54503f717a43268b3cc5faec2e) C:\Windows\system32\drivers\brusbser.sys
13:27:42.0708 3000	BrUsbSer - ok
13:27:42.0741 3000	BTHMODEM        (ad07c1ec6665b8b35741ab91200c6b68) C:\Windows\system32\drivers\bthmodem.sys
13:27:42.0805 3000	BTHMODEM - ok
13:27:42.0821 3000	cdfs            (6c3a437fc873c6f6a4fc620b6888cb86) C:\Windows\system32\DRIVERS\cdfs.sys
13:27:42.0876 3000	cdfs - ok
13:27:42.0909 3000	cdrom           (8d1866e61af096ae8b582454f5e4d303) C:\Windows\system32\DRIVERS\cdrom.sys
13:27:42.0945 3000	cdrom - ok
13:27:42.0978 3000	CertPropSvc     (0600e04315fe543802a379d5d23c8be0) C:\Windows\System32\certprop.dll
13:27:43.0013 3000	CertPropSvc - ok
13:27:43.0023 3000	circlass        (da8e0afc7baa226c538ef53ac2f90897) C:\Windows\system32\drivers\circlass.sys
13:27:43.0058 3000	circlass - ok
13:27:43.0112 3000	CLFS            (1b84fd0937d3b99af9ba38ddff3daf54) C:\Windows\system32\CLFS.sys
13:27:43.0121 3000	CLFS - ok
13:27:43.0175 3000	clr_optimization_v2.0.50727_32 (d87acaed61e417bba546ced5e7e36d9c) C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe
13:27:43.0183 3000	clr_optimization_v2.0.50727_32 - ok
13:27:43.0196 3000	cmdide          (59172a0724f2ab769f31d61b0571d75b) C:\Windows\system32\drivers\cmdide.sys
13:27:43.0203 3000	cmdide - ok
13:27:43.0214 3000	Compbatt        (82b8c91d327cfecf76cb58716f7d4997) C:\Windows\system32\drivers\compbatt.sys
13:27:43.0221 3000	Compbatt - ok
13:27:43.0223 3000	COMSysApp - ok
13:27:43.0229 3000	crcdisk         (2a213ae086bbec5e937553c7d9a2b22c) C:\Windows\system32\drivers\crcdisk.sys
13:27:43.0235 3000	crcdisk - ok
13:27:43.0246 3000	Crusoe          (22a7f883508176489f559ee745b5bf5d) C:\Windows\system32\drivers\crusoe.sys
13:27:43.0281 3000	Crusoe - ok
13:27:43.0300 3000	CryptSvc        (1c26fb097170a2a91066d1e3a24366e3) C:\Windows\system32\cryptsvc.dll
13:27:43.0354 3000	CryptSvc - ok
13:27:43.0419 3000	dc3d            (484ffbcec4091ff617494b6b0cb04eb3) C:\Windows\system32\DRIVERS\dc3d.sys
13:27:43.0426 3000	dc3d - ok
13:27:43.0473 3000	DcomLaunch      (7b981222a257d076885bffb66f19b7ce) C:\Windows\system32\rpcss.dll
13:27:43.0533 3000	DcomLaunch - ok
13:27:43.0554 3000	DfsC            (a7179de59ae269ab70345527894ccd7c) C:\Windows\system32\Drivers\dfsc.sys
13:27:43.0607 3000	DfsC - ok
13:27:43.0732 3000	DFSR            (e0d584aa76c7d845ba9f3a788260528f) C:\Windows\system32\DFSR.exe
13:27:43.0857 3000	DFSR - ok
13:27:43.0982 3000	Dhcp            (dc45739bc22d528d2b3e50d3f6761750) C:\Windows\System32\dhcpcsvc.dll
13:27:44.0047 3000	Dhcp - ok
13:27:44.0068 3000	disk            (841af4c4d41d3e3b2f244e976b0f7963) C:\Windows\system32\drivers\disk.sys
13:27:44.0075 3000	disk - ok
13:27:44.0093 3000	Dnscache        (eecba1dd142bf8693c476be8f32fe253) C:\Windows\System32\dnsrslvr.dll
13:27:44.0138 3000	Dnscache - ok
13:27:44.0161 3000	dot3svc         (1f795d214820e496bf1124434a6db546) C:\Windows\System32\dot3svc.dll
13:27:44.0212 3000	dot3svc - ok
13:27:44.0252 3000	DPS             (032c90ad677bf7b7a8013d6087c7a921) C:\Windows\system32\dps.dll
13:27:44.0268 3000	DPS - ok
13:27:44.0305 3000	drmkaud         (ee472cd2c01f6f8e8aa1fa06ffef61b6) C:\Windows\system32\drivers\drmkaud.sys
13:27:44.0356 3000	drmkaud - ok
13:27:44.0403 3000	DXGKrnl         (a2b160c1bb13ee3303c342e551373c59) C:\Windows\System32\drivers\dxgkrnl.sys
13:27:44.0448 3000	DXGKrnl - ok
13:27:44.0482 3000	E1G60           (f88fb26547fd2ce6d0a5af2985892c48) C:\Windows\system32\DRIVERS\E1G60I32.sys
13:27:44.0535 3000	E1G60 - ok
13:27:44.0547 3000	EapHost         (90a0a875642e18618010645311b4e89e) C:\Windows\System32\eapsvc.dll
13:27:44.0592 3000	EapHost - ok
13:27:44.0632 3000	Ecache          (0efc7531b936ee57fdb4e837664c509f) C:\Windows\system32\drivers\ecache.sys
13:27:44.0640 3000	Ecache - ok
13:27:44.0683 3000	ehRecvr         (b4580122b0a7b263b6ee9acba69c8013) C:\Windows\ehome\ehRecvr.exe
13:27:44.0730 3000	ehRecvr - ok
13:27:44.0737 3000	ehSched         (ad1870c8e5d6dd340c829e6074bf3c3f) C:\Windows\ehome\ehsched.exe
13:27:44.0762 3000	ehSched - ok
13:27:44.0796 3000	ehstart         (c27c4ee8926e74aa72efcab24c5242c3) C:\Windows\ehome\ehstart.dll
13:27:44.0805 3000	ehstart - ok
13:27:44.0858 3000	elxstor         (e8f3f21a71720c84bcf423b80028359f) C:\Windows\system32\drivers\elxstor.sys
13:27:44.0871 3000	elxstor - ok
13:27:44.0907 3000	EMDMgmt         (3226fda08988526e819e364e8cce4cee) C:\Windows\system32\emdmgmt.dll
13:27:44.0998 3000	EMDMgmt - ok
13:27:45.0058 3000	EventSystem     (7b4971c3d43525175a4ea0d143e0412e) C:\Windows\system32\es.dll
13:27:45.0090 3000	EventSystem - ok
13:27:45.0121 3000	fastfat         (84a317cb0b3954d3768cdcd018dbf670) C:\Windows\system32\drivers\fastfat.sys
13:27:45.0185 3000	fastfat - ok
13:27:45.0287 3000	fdc             (63bdada84951b9c03e641800e176898a) C:\Windows\system32\DRIVERS\fdc.sys
13:27:45.0347 3000	fdc - ok
13:27:45.0365 3000	fdPHost         (e43bce1a77d6fd4ed5f8e0482b9e7df1) C:\Windows\system32\fdPHost.dll
13:27:45.0416 3000	fdPHost - ok
13:27:45.0432 3000	FDResPub        (89ed56dce8e47af40892778a5bd31fd2) C:\Windows\system32\fdrespub.dll
13:27:45.0488 3000	FDResPub - ok
13:27:45.0520 3000	FileInfo        (65773d6115c037ffd7ef8280ae85eb9d) C:\Windows\system32\drivers\fileinfo.sys
13:27:45.0526 3000	FileInfo - ok
13:27:45.0538 3000	Filetrace       (c226dd0de060745f3e042f58dcf78402) C:\Windows\system32\drivers\filetrace.sys
13:27:45.0573 3000	Filetrace - ok
13:27:45.0583 3000	flpydisk        (6603957eff5ec62d25075ea8ac27de68) C:\Windows\system32\DRIVERS\flpydisk.sys
13:27:45.0636 3000	flpydisk - ok
13:27:45.0668 3000	FltMgr          (a6a8da7ae4d53394ab22ac3ab6d3f5d3) C:\Windows\system32\drivers\fltmgr.sys
13:27:45.0676 3000	FltMgr - ok
13:27:45.0730 3000	FontCache3.0.0.0 (7ef57375636991f794bf40b522a8e7ef) C:\Windows\Microsoft.Net\Framework\v3.0\WPF\PresentationFontCache.exe
13:27:45.0771 3000	FontCache3.0.0.0 - ok
13:27:45.0796 3000	Fs_Rec          (66a078591208baa210c7634b11eb392c) C:\Windows\system32\drivers\Fs_Rec.sys
13:27:45.0830 3000	Fs_Rec - ok
13:27:45.0851 3000	gagp30kx        (4e1cd0a45c50a8882616cae5bf82f3c5) C:\Windows\system32\drivers\gagp30kx.sys
13:27:45.0858 3000	gagp30kx - ok
13:27:45.0889 3000	gpsvc           (bcf6589c42d8f6a20f33ef133ffe0524) C:\Windows\System32\gpsvc.dll
13:27:45.0973 3000	gpsvc - ok
13:27:46.0025 3000	HdAudAddService (cb04c744be0a61b1d648faed182c3b59) C:\Windows\system32\drivers\HdAudio.sys
13:27:46.0090 3000	HdAudAddService - ok
13:27:46.0104 3000	HDAudBus        (0db613a7e427b5663563677796fd5258) C:\Windows\system32\DRIVERS\HDAudBus.sys
13:27:46.0127 3000	HDAudBus - ok
13:27:46.0144 3000	HidBth          (1338520e78d90154ed6be8f84de5fceb) C:\Windows\system32\drivers\hidbth.sys
13:27:46.0196 3000	HidBth - ok
13:27:46.0213 3000	HidIr           (ff3160c3a2445128c5a6d9b076da519e) C:\Windows\system32\drivers\hidir.sys
13:27:46.0248 3000	HidIr - ok
13:27:46.0255 3000	hidserv         (8fa640195279ace21bea91396a0054fc) C:\Windows\system32\hidserv.dll
13:27:46.0290 3000	hidserv - ok
13:27:46.0302 3000	HidUsb          (3c64042b95e583b366ba4e5d2450235e) C:\Windows\system32\DRIVERS\hidusb.sys
13:27:46.0353 3000	HidUsb - ok
13:27:46.0383 3000	hkmsvc          (d40aa05e29bf6ed29b139f044b461e9b) C:\Windows\system32\kmsvc.dll
13:27:46.0434 3000	hkmsvc - ok
13:27:46.0457 3000	HpCISSs         (df353b401001246853763c4b7aaa6f50) C:\Windows\system32\drivers\hpcisss.sys
13:27:46.0463 3000	HpCISSs - ok
13:27:46.0494 3000	HTTP            (ea24fe637d974a8a31bc650f478e3533) C:\Windows\system32\drivers\HTTP.sys
13:27:46.0531 3000	HTTP - ok
13:27:46.0545 3000	i2omp           (324c2152ff2c61abae92d09f3cca4d63) C:\Windows\system32\drivers\i2omp.sys
13:27:46.0551 3000	i2omp - ok
13:27:46.0599 3000	i8042prt        (1c9ee072baa3abb460b91d7ee9152660) C:\Windows\system32\DRIVERS\i8042prt.sys
13:27:46.0640 3000	i8042prt - ok
13:27:46.0664 3000	iaStorV         (c957bf4b5d80b46c5017bf0101e6c906) C:\Windows\system32\drivers\iastorv.sys
13:27:46.0673 3000	iaStorV - ok
13:27:46.0747 3000	idsvc           (6d1d3cab85ba0c63cb83296a8a1825f9) C:\Windows\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\infocard.exe
13:27:46.0810 3000	idsvc - ok
13:27:46.0814 3000	iirsp           (2d077bf86e843f901d8db709c95b49a5) C:\Windows\system32\drivers\iirsp.sys
13:27:46.0820 3000	iirsp - ok
13:27:46.0879 3000	IKEEXT          (35662fe4d8622f667aa5a5568f7f1b40) C:\Windows\System32\ikeext.dll
13:27:46.0948 3000	IKEEXT - ok
13:27:47.0089 3000	IntcAzAudAddService (a82c70cbaec7b10e4c9c1341d729640f) C:\Windows\system32\drivers\RTKVHDA.sys
13:27:47.0152 3000	IntcAzAudAddService - ok
13:27:47.0256 3000	intelide        (e5ea1c17da5065032e346591ff64f3af) C:\Windows\system32\drivers\intelide.sys
13:27:47.0263 3000	intelide - ok
13:27:47.0302 3000	intelppm        (ce44cc04262f28216dd4341e9e36a16f) C:\Windows\system32\DRIVERS\intelppm.sys
13:27:47.0354 3000	intelppm - ok
13:27:47.0380 3000	IPBusEnum       (88cf5281ed9880d74dc9011cf8b5262d) C:\Windows\system32\ipbusenum.dll
13:27:47.0429 3000	IPBusEnum - ok
13:27:47.0448 3000	IpFilterDriver  (880c6f86cc3f551b8fea2c11141268c0) C:\Windows\system32\DRIVERS\ipfltdrv.sys
13:27:47.0497 3000	IpFilterDriver - ok
13:27:47.0533 3000	iphlpsvc        (ecc9ad72cfc4ab41cf6a9bcc11f9fef6) C:\Windows\System32\iphlpsvc.dll
13:27:47.0580 3000	iphlpsvc - ok
13:27:47.0582 3000	IpInIp - ok
13:27:47.0596 3000	IPMIDRV         (40f34f8aba2a015d780e4b09138b6c17) C:\Windows\system32\drivers\ipmidrv.sys
13:27:47.0632 3000	IPMIDRV - ok
13:27:47.0646 3000	IPNAT           (10077c35845101548037df04fd1a420b) C:\Windows\system32\DRIVERS\ipnat.sys
13:27:47.0696 3000	IPNAT - ok
13:27:47.0712 3000	IRENUM          (a82f328f4792304184642d6d397bb1e3) C:\Windows\system32\drivers\irenum.sys
13:27:47.0761 3000	IRENUM - ok
13:27:47.0781 3000	isapnp          (350fca7e73cf65bcef43fae1e4e91293) C:\Windows\system32\drivers\isapnp.sys
13:27:47.0788 3000	isapnp - ok
13:27:47.0803 3000	iScsiPrt        (4dca456d4d5723f8fa9c6760d240b0df) C:\Windows\system32\DRIVERS\msiscsi.sys
13:27:47.0811 3000	iScsiPrt - ok
13:27:47.0826 3000	iteatapi        (bced60d16156e428f8df8cf27b0df150) C:\Windows\system32\drivers\iteatapi.sys
13:27:47.0833 3000	iteatapi - ok
13:27:47.0869 3000	iteraid         (06fa654504a498c30adca8bec4e87e7e) C:\Windows\system32\drivers\iteraid.sys
13:27:47.0875 3000	iteraid - ok
13:27:47.0887 3000	JRAID           (c1632fe31d1824a43dea29725312e3fa) C:\Windows\system32\drivers\jraid.sys
13:27:47.0915 3000	JRAID - ok
13:27:47.0937 3000	kbdclass        (b076b2ab806b3f696dab21375389101c) C:\Windows\system32\DRIVERS\kbdclass.sys
13:27:47.0944 3000	kbdclass - ok
13:27:47.0960 3000	kbdhid          (ed61dbc6603f612b7338283edbacbc4b) C:\Windows\system32\DRIVERS\kbdhid.sys
13:27:47.0987 3000	kbdhid - ok
13:27:48.0017 3000	KeyIso          (c731b1fe449d4e9cea358c9d55b69be9) C:\Windows\system32\lsass.exe
13:27:48.0066 3000	KeyIso - ok
13:27:48.0100 3000	KSecDD          (0a829977b078dea11641fc2af87ceade) C:\Windows\system32\Drivers\ksecdd.sys
13:27:48.0131 3000	KSecDD - ok
13:27:48.0194 3000	KtmRm           (45c537fe5dde9a0146aeff76e615737d) C:\Windows\system32\msdtckrm.dll
13:27:48.0248 3000	KtmRm - ok
13:27:48.0287 3000	LanmanServer    (53d1482fc1aa36ac015a85e6cf2146bd) C:\Windows\system32\srvsvc.dll
13:27:48.0340 3000	LanmanServer - ok
13:27:48.0384 3000	LanmanWorkstation (435f0f6dc87a4b5da78f1fa309884189) C:\Windows\System32\wkssvc.dll
13:27:48.0427 3000	LanmanWorkstation - ok
13:27:48.0455 3000	lirsgt          (4127e8b6ddb4090e815c1f8852c277d3) C:\Windows\system32\DRIVERS\lirsgt.sys
13:27:48.0461 3000	lirsgt - ok
13:27:48.0474 3000	lltdio          (fd015b4f95daa2b712f0e372a116fbad) C:\Windows\system32\DRIVERS\lltdio.sys
13:27:48.0530 3000	lltdio - ok
13:27:48.0564 3000	lltdsvc         (7450dbcf754391dd6363fffd5ef0e789) C:\Windows\System32\lltdsvc.dll
13:27:48.0622 3000	lltdsvc - ok
13:27:48.0644 3000	lmhosts         (35d40113e4a5b961b6ce5c5857702518) C:\Windows\System32\lmhsvc.dll
13:27:48.0679 3000	lmhosts - ok
13:27:48.0695 3000	LSI_FC          (a2262fb9f28935e862b4db46438c80d2) C:\Windows\system32\drivers\lsi_fc.sys
13:27:48.0702 3000	LSI_FC - ok
13:27:48.0718 3000	LSI_SAS         (30d73327d390f72a62f32c103daf1d6d) C:\Windows\system32\drivers\lsi_sas.sys
13:27:48.0725 3000	LSI_SAS - ok
13:27:48.0767 3000	LSI_SCSI        (e1e36fefd45849a95f1ab81de0159fe3) C:\Windows\system32\drivers\lsi_scsi.sys
13:27:48.0774 3000	LSI_SCSI - ok
13:27:48.0780 3000	luafv           (42885bb44b6e065b8575a8dd6c430c52) C:\Windows\system32\drivers\luafv.sys
13:27:48.0834 3000	luafv - ok
13:27:48.0881 3000	McMPFSvc - ok
13:27:48.0891 3000	Mcx2Svc         (e93c1ad58e88a0846eaee10671c2a8f3) C:\Windows\system32\Mcx2Svc.dll
13:27:48.0920 3000	Mcx2Svc - ok
13:27:48.0946 3000	megasas         (d153b14fc6598eae8422a2037553adce) C:\Windows\system32\drivers\megasas.sys
13:27:48.0953 3000	megasas - ok
13:27:48.0965 3000	MMCSS           (9dfa3a459af0954aa85b4f7622ad87bb) C:\Windows\system32\mmcss.dll
13:27:49.0019 3000	MMCSS - ok
13:27:49.0040 3000	Modem           (21755967298a46fb6adfec9db6012211) C:\Windows\system32\drivers\modem.sys
13:27:49.0089 3000	Modem - ok
13:27:49.0119 3000	monitor         (7446e104a5fe5987ca9e4983fbac4f97) C:\Windows\system32\DRIVERS\monitor.sys
13:27:49.0162 3000	monitor - ok
13:27:49.0182 3000	mouclass        (5fba13c1a1841b0885d316ed3589489d) C:\Windows\system32\DRIVERS\mouclass.sys
13:27:49.0189 3000	mouclass - ok
13:27:49.0200 3000	mouhid          (b569b5c5d3bde545df3a6af512cccdba) C:\Windows\system32\DRIVERS\mouhid.sys
13:27:49.0222 3000	mouhid - ok
13:27:49.0227 3000	MountMgr        (01f1e5a3e4877c931cbb31613fec16a6) C:\Windows\system32\drivers\mountmgr.sys
13:27:49.0234 3000	MountMgr - ok
13:27:49.0282 3000	MozillaMaintenance (96aa8ba23142cc8e2b30f3cae0c80254) C:\Program Files\Mozilla Maintenance Service\maintenanceservice.exe
13:27:49.0290 3000	MozillaMaintenance - ok
13:27:49.0329 3000	mpio            (583a41f26278d9e0ea548163d6139397) C:\Windows\system32\drivers\mpio.sys
13:27:49.0336 3000	mpio - ok
13:27:49.0361 3000	mpsdrv          (6e7a7f0c1193ee5648443fe2d4b789ec) C:\Windows\system32\drivers\mpsdrv.sys
13:27:49.0406 3000	mpsdrv - ok
13:27:49.0438 3000	MpsSvc          (563ed845885c6a7c09a7715d8bd0585c) C:\Windows\system32\mpssvc.dll
13:27:49.0482 3000	MpsSvc - ok
13:27:49.0503 3000	Mraid35x        (4fbbb70d30fd20ec51f80061703b001e) C:\Windows\system32\drivers\mraid35x.sys
13:27:49.0510 3000	Mraid35x - ok
13:27:49.0528 3000	MRxDAV          (1d8828b98ee309d65e006f0829e280e5) C:\Windows\system32\drivers\mrxdav.sys
13:27:49.0569 3000	MRxDAV - ok
13:27:49.0602 3000	mrxsmb          (8af705ce1bb907932157fab821170f27) C:\Windows\system32\DRIVERS\mrxsmb.sys
13:27:49.0650 3000	mrxsmb - ok
13:27:49.0669 3000	mrxsmb10        (47e13ab23371be3279eef22bbfa2c1be) C:\Windows\system32\DRIVERS\mrxsmb10.sys
13:27:49.0693 3000	mrxsmb10 - ok
13:27:49.0719 3000	mrxsmb20        (90b3fc7bd6b3d7ee7635debba2187f66) C:\Windows\system32\DRIVERS\mrxsmb20.sys
13:27:49.0729 3000	mrxsmb20 - ok
13:27:49.0743 3000	msahci          (86068b8b54a5eb092f51657f00b2222a) C:\Windows\system32\drivers\msahci.sys
13:27:49.0750 3000	msahci - ok
13:27:49.0762 3000	msdsm           (3fc82a2ae4cc149165a94699183d3028) C:\Windows\system32\drivers\msdsm.sys
13:27:49.0769 3000	msdsm - ok
13:27:49.0793 3000	MSDTC           (bc64a92d821efea8bab8e8caf1b668bc) C:\Windows\System32\msdtc.exe
13:27:49.0824 3000	MSDTC - ok
13:27:49.0828 3000	Msfs            (729eafefd4e7417165f353a18dbe947d) C:\Windows\system32\drivers\Msfs.sys
13:27:49.0867 3000	Msfs - ok
13:27:49.0892 3000	msisadrv        (5f454a16a5146cd91a176d70f0cfa3ec) C:\Windows\system32\drivers\msisadrv.sys
13:27:49.0898 3000	msisadrv - ok
13:27:49.0922 3000	MSiSCSI         (8acf956d9154e893e789881430c12632) C:\Windows\system32\iscsiexe.dll
13:27:49.0978 3000	MSiSCSI - ok
13:27:49.0980 3000	msiserver - ok
13:27:50.0003 3000	MSKSSRV         (892cedefa7e0ffe7be8da651b651d047) C:\Windows\system32\drivers\MSKSSRV.sys
13:27:50.0037 3000	MSKSSRV - ok
13:27:50.0043 3000	MSPCLOCK        (ae2cb1da69b2676b4cee2a501af5871c) C:\Windows\system32\drivers\MSPCLOCK.sys
13:27:50.0097 3000	MSPCLOCK - ok
13:27:50.0099 3000	MSPQM           (f910da84fa90c44a3addb7cd874463fd) C:\Windows\system32\drivers\MSPQM.sys
13:27:50.0143 3000	MSPQM - ok
13:27:50.0169 3000	MsRPC           (84571c0ae07647ba38d493f5f0015df7) C:\Windows\system32\drivers\MsRPC.sys
13:27:50.0177 3000	MsRPC - ok
13:27:50.0187 3000	mssmbios        (4385c80ede885e25492d408cad91bd6f) C:\Windows\system32\DRIVERS\mssmbios.sys
13:27:50.0193 3000	mssmbios - ok
13:27:50.0201 3000	MSTEE           (c826dd1373f38afd9ca46ec3c436a14e) C:\Windows\system32\drivers\MSTEE.sys
13:27:50.0253 3000	MSTEE - ok
13:27:50.0275 3000	Mup             (fa7aa70050cf5e2d15de00941e5665e5) C:\Windows\system32\Drivers\mup.sys
13:27:50.0282 3000	Mup - ok
13:27:50.0313 3000	napagent        (1cdbb5d002fe2bc5300aa20550d8a52e) C:\Windows\system32\qagentRT.dll
13:27:50.0369 3000	napagent - ok
13:27:50.0462 3000	NativeWifiP     (6da4a0fc7c0e83df0cb3cfd0a514c3bc) C:\Windows\system32\DRIVERS\nwifi.sys
13:27:50.0486 3000	NativeWifiP - ok
13:27:50.0528 3000	NDIS            (227c11e1e7cf6ef8afb2a238d209760c) C:\Windows\system32\drivers\ndis.sys
13:27:50.0556 3000	NDIS - ok
13:27:50.0596 3000	NdisTapi        (81659cdcbd0f9a9e07e6878ad8c78d3f) C:\Windows\system32\DRIVERS\ndistapi.sys
13:27:50.0618 3000	NdisTapi - ok
13:27:50.0633 3000	Ndisuio         (5de5ee546bf40838ebe0e01cb629df64) C:\Windows\system32\DRIVERS\ndisuio.sys
13:27:50.0683 3000	Ndisuio - ok
13:27:50.0690 3000	NdisWan         (397402adcbb8946223a1950101f6cd94) C:\Windows\system32\DRIVERS\ndiswan.sys
13:27:50.0733 3000	NdisWan - ok
13:27:50.0755 3000	NDProxy         (1b24fa907af283199a81b3bb37e5e526) C:\Windows\system32\drivers\NDProxy.sys
13:27:50.0783 3000	NDProxy - ok
13:27:50.0801 3000	NetBIOS         (356dbb9f98e8dc1028dd3092fceeb877) C:\Windows\system32\DRIVERS\netbios.sys
13:27:50.0849 3000	NetBIOS - ok
13:27:50.0876 3000	netbt           (e3a168912e7eefc3bd3b814720d68b41) C:\Windows\system32\DRIVERS\netbt.sys
13:27:50.0913 3000	netbt - ok
13:27:50.0930 3000	Netlogon        (c731b1fe449d4e9cea358c9d55b69be9) C:\Windows\system32\lsass.exe
13:27:50.0941 3000	Netlogon - ok
13:27:50.0969 3000	Netman          (90a4dae28b94497f83bea0f2a3b77092) C:\Windows\System32\netman.dll
13:27:51.0024 3000	Netman - ok
13:27:51.0049 3000	netprofm        (7c5c3d9ceee838856b828ab6f98a2857) C:\Windows\System32\netprofm.dll
13:27:51.0087 3000	netprofm - ok
13:27:51.0125 3000	NetTcpPortSharing (b418382de04ff58567aa07a2b66b2332) C:\Windows\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\SMSvcHost.exe
13:27:51.0152 3000	NetTcpPortSharing - ok
13:27:51.0170 3000	nfrd960         (2e7fb731d4790a1bc6270accefacb36e) C:\Windows\system32\drivers\nfrd960.sys
13:27:51.0177 3000	nfrd960 - ok
13:27:51.0197 3000	NlaSvc          (c424117a562f2de37a42266894c79aeb) C:\Windows\System32\nlasvc.dll
13:27:51.0248 3000	NlaSvc - ok
13:27:51.0252 3000	Npfs            (4f9832beb9fafd8ceb0e541f1323b26e) C:\Windows\system32\drivers\Npfs.sys
13:27:51.0296 3000	Npfs - ok
13:27:51.0330 3000	nsi             (23b8201a363de0e649fc75ee9874dee2) C:\Windows\system32\nsisvc.dll
13:27:51.0385 3000	nsi - ok
13:27:51.0409 3000	nsiproxy        (b488dfec274de1fc9d653870ef2587be) C:\Windows\system32\drivers\nsiproxy.sys
13:27:51.0460 3000	nsiproxy - ok
13:27:51.0540 3000	Ntfs            (37430aa7a66d7a63407adc2c0d05e9f6) C:\Windows\system32\drivers\Ntfs.sys
13:27:51.0573 3000	Ntfs - ok
13:27:51.0577 3000	ntrigdigi       (e875c093aec0c978a90f30c9e0dfbb72) C:\Windows\system32\drivers\ntrigdigi.sys
13:27:51.0628 3000	ntrigdigi - ok
13:27:51.0646 3000	Null            (ec5efb3c60f1b624648344a328bce596) C:\Windows\system32\drivers\Null.sys
13:27:51.0681 3000	Null - ok
13:27:51.0791 3000	NVENETFD        (d668632606d1cebf0b6ec64c1df7ed6f) C:\Windows\system32\DRIVERS\nvmfdx32.sys
13:27:51.0828 3000	NVENETFD - ok
13:27:52.0389 3000	nvlddmkm        (f452e6ad3eda2852f44be492e283c40f) C:\Windows\system32\DRIVERS\nvlddmkm.sys
13:27:52.0784 3000	nvlddmkm - ok
13:27:52.0884 3000	nvraid          (6f785db62a6d8f3fafd3e5695277e849) C:\Windows\system32\drivers\nvraid.sys
13:27:52.0928 3000	nvraid - ok
13:27:52.0945 3000	nvsmu           (c44ee36dd84fa95eb81d79c374756003) C:\Windows\system32\DRIVERS\nvsmu.sys
13:27:52.0963 3000	nvsmu - ok
13:27:52.0975 3000	nvstor          (4a5fcab82d9bf6af8a023a66802fe9e9) C:\Windows\system32\drivers\nvstor.sys
13:27:52.0983 3000	nvstor - ok
13:27:53.0056 3000	nvsvc           (d122f7c5f79c68868f5dc28cefeb2ecf) C:\Windows\system32\nvvsvc.exe
13:27:53.0088 3000	nvsvc - ok
13:27:53.0250 3000	nvUpdatusService (003cb0a155568b4a53a301f07c734233) C:\Program Files\NVIDIA Corporation\NVIDIA Updatus\daemonu.exe
13:27:53.0359 3000	nvUpdatusService - ok
13:27:53.0437 3000	nv_agp          (07c186427eb8fcc3d8d7927187f260f7) C:\Windows\system32\drivers\nv_agp.sys
13:27:53.0444 3000	nv_agp - ok
13:27:53.0446 3000	NwlnkFlt - ok
13:27:53.0448 3000	NwlnkFwd - ok
13:27:53.0472 3000	ohci1394        (be32da025a0be1878f0ee8d6d9386cd5) C:\Windows\system32\DRIVERS\ohci1394.sys
13:27:53.0519 3000	ohci1394 - ok
13:27:53.0561 3000	OpenVPNService  (5952c16dcc36907fe09f0f39311277a1) C:\Program Files\Astaro\Astaro SSL VPN Client\bin\openvpnserv.exe
13:27:53.0581 3000	OpenVPNService ( UnsignedFile.Multi.Generic ) - warning
13:27:53.0581 3000	OpenVPNService - detected UnsignedFile.Multi.Generic (1)
13:27:53.0641 3000	p2pimsvc        (016d01d3b8fb976a193c7434bed8dccf) C:\Windows\system32\p2psvc.dll
13:27:53.0716 3000	p2pimsvc - ok
13:27:53.0721 3000	p2psvc          (016d01d3b8fb976a193c7434bed8dccf) C:\Windows\system32\p2psvc.dll
13:27:53.0740 3000	p2psvc - ok
13:27:53.0776 3000	Parport         (0fa9b5055484649d63c303fe404e5f4d) C:\Windows\system32\drivers\parport.sys
13:27:53.0828 3000	Parport - ok
13:27:53.0854 3000	partmgr         (555a5b2c8022983bc7467bc925b222ee) C:\Windows\system32\drivers\partmgr.sys
13:27:53.0861 3000	partmgr - ok
13:27:53.0875 3000	Parvdm          (4f9a6a8a31413180d0fcb279ad5d8112) C:\Windows\system32\drivers\parvdm.sys
13:27:53.0910 3000	Parvdm - ok
13:27:53.0923 3000	PcaSvc          (d8c5c215c932233a4f1d7f368f4e4e65) C:\Windows\System32\pcasvc.dll
13:27:53.0948 3000	PcaSvc - ok
13:27:53.0956 3000	pci             (1085d75657807e0e8b32f9e19a1647c3) C:\Windows\system32\drivers\pci.sys
13:27:53.0964 3000	pci - ok
13:27:54.0008 3000	pciide          (b2fc76090ef1003463ccb07cabb35cff) C:\Windows\system32\drivers\pciide.sys
13:27:54.0015 3000	pciide - ok
13:27:54.0038 3000	pcmcia          (e6f3fb1b86aa519e7698ad05e58b04e5) C:\Windows\system32\drivers\pcmcia.sys
13:27:54.0046 3000	pcmcia - ok
13:27:54.0135 3000	PEAUTH          (6349f6ed9c623b44b52ea3c63c831a92) C:\Windows\system32\drivers\peauth.sys
13:27:54.0189 3000	PEAUTH - ok
13:27:54.0417 3000	PhilCap         (95c48b0fdb5aa04bfcb70d774f512a71) C:\Windows\system32\DRIVERS\PhilCap.sys
13:27:54.0465 3000	PhilCap - ok
13:27:54.0559 3000	pla             (cd05a38d166beade18030bafc0c0a939) C:\Windows\system32\pla.dll
13:27:54.0656 3000	pla - ok
13:27:54.0759 3000	PlugPlay        (747bb4c31f3b6e8d1b5ed0ad61518cb5) C:\Windows\system32\umpnpmgr.dll
13:27:54.0771 3000	PlugPlay - ok
13:27:54.0811 3000	PNRPAutoReg     (016d01d3b8fb976a193c7434bed8dccf) C:\Windows\system32\p2psvc.dll
13:27:54.0831 3000	PNRPAutoReg - ok
13:27:54.0836 3000	PNRPsvc         (016d01d3b8fb976a193c7434bed8dccf) C:\Windows\system32\p2psvc.dll
13:27:54.0874 3000	PNRPsvc - ok
13:27:54.0913 3000	Point32         (420336f91eb745811cf130c80ede0653) C:\Windows\system32\DRIVERS\point32.sys
13:27:54.0919 3000	Point32 - ok
13:27:54.0961 3000	PolicyAgent     (5ebdec613bd377ce9a85382be5c6b83b) C:\Windows\System32\ipsecsvc.dll
13:27:55.0016 3000	PolicyAgent - ok
13:27:55.0042 3000	PptpMiniport    (6c359ac71d7b550a0d41f9db4563ce05) C:\Windows\system32\DRIVERS\raspptp.sys
13:27:55.0076 3000	PptpMiniport - ok
13:27:55.0109 3000	Processor       (0e3cef5d28b40cf273281d620c50700a) C:\Windows\system32\drivers\processr.sys
13:27:55.0162 3000	Processor - ok
13:27:55.0193 3000	ProfSvc         (213112e152e68f0e4705e36f052a2880) C:\Windows\system32\profsvc.dll
13:27:55.0230 3000	ProfSvc - ok
13:27:55.0254 3000	ProtectedStorage (c731b1fe449d4e9cea358c9d55b69be9) C:\Windows\system32\lsass.exe
13:27:55.0264 3000	ProtectedStorage - ok
13:27:55.0292 3000	PSched          (2c8bae55247c4e09352e870292e4d1ab) C:\Windows\system32\DRIVERS\pacer.sys
13:27:55.0301 3000	PSched - ok
13:27:55.0386 3000	ql2300          (ccdac889326317792480c0a67156a1ec) C:\Windows\system32\drivers\ql2300.sys
13:27:55.0429 3000	ql2300 - ok
13:27:55.0460 3000	ql40xx          (81a7e5c076e59995d54bc1ed3a16e60b) C:\Windows\system32\drivers\ql40xx.sys
13:27:55.0467 3000	ql40xx - ok
13:27:55.0508 3000	QWAVE           (ca61bdfd3713a7ce75f2812afc431594) C:\Windows\system32\qwave.dll
13:27:55.0524 3000	QWAVE - ok
13:27:55.0535 3000	QWAVEdrv        (d2b3e2b7426dc23e185fbc73c8936c12) C:\Windows\system32\drivers\qwavedrv.sys
13:27:55.0546 3000	QWAVEdrv - ok
13:27:55.0556 3000	RasAcd          (bd7b30f55b3649506dd8b3d38f571d2a) C:\Windows\system32\DRIVERS\rasacd.sys
13:27:55.0590 3000	RasAcd - ok
13:27:55.0601 3000	RasAuto         (f14f4aab9f54d099fe99192bdb100ac9) C:\Windows\System32\rasauto.dll
13:27:55.0638 3000	RasAuto - ok
13:27:55.0653 3000	Rasl2tp         (88587dd843e2059848995b407b67f6cf) C:\Windows\system32\DRIVERS\rasl2tp.sys
13:27:55.0688 3000	Rasl2tp - ok
13:27:55.0705 3000	RasMan          (11d65e29bc9d1e4114d18fe68194394c) C:\Windows\System32\rasmans.dll
13:27:55.0743 3000	RasMan - ok
13:27:55.0747 3000	RasPppoe        (ccf4e9c6cbbac81437f88cb2ae0b6c96) C:\Windows\system32\DRIVERS\raspppoe.sys
13:27:55.0795 3000	RasPppoe - ok
13:27:55.0827 3000	rdbss           (54129c5d9581bbec8bd1ebd3ba813f47) C:\Windows\system32\DRIVERS\rdbss.sys
13:27:55.0864 3000	rdbss - ok
13:27:55.0877 3000	RDPCDD          (794585276b5d7fca9f3fc15543f9f0b9) C:\Windows\system32\DRIVERS\RDPCDD.sys
13:27:55.0911 3000	RDPCDD - ok
13:27:55.0936 3000	rdpdr           (e8bd98d46f2ed77132ba927fccb47d8b) C:\Windows\system32\drivers\rdpdr.sys
13:27:55.0985 3000	rdpdr - ok
13:27:55.0988 3000	RDPENCDD        (980b56e2e273e19d3a9d72d5c420f008) C:\Windows\system32\drivers\rdpencdd.sys
13:27:56.0032 3000	RDPENCDD - ok
13:27:56.0055 3000	RDPWD           (8830e790a74a96605faba74f9665bb3c) C:\Windows\system32\drivers\RDPWD.sys
13:27:56.0112 3000	RDPWD - ok
13:27:56.0155 3000	RemoteAccess    (6c1a43c589ee8011a1ebfd51c01b77ce) C:\Windows\System32\mprdim.dll
13:27:56.0191 3000	RemoteAccess - ok
13:27:56.0205 3000	RemoteRegistry  (9a043808667c8c1893da7275af373f0e) C:\Windows\system32\regsvc.dll
13:27:56.0241 3000	RemoteRegistry - ok
13:27:56.0255 3000	RpcLocator      (5123f83cbc4349d065534eeb6bbdc42b) C:\Windows\system32\locator.exe
13:27:56.0265 3000	RpcLocator - ok
13:27:56.0312 3000	RpcSs           (7b981222a257d076885bffb66f19b7ce) C:\Windows\system32\rpcss.dll
13:27:56.0330 3000	RpcSs - ok
13:27:56.0352 3000	rspndr          (97e939d2128fec5d5a3e6e79b290a2f4) C:\Windows\system32\DRIVERS\rspndr.sys
13:27:56.0387 3000	rspndr - ok
13:27:56.0407 3000	SamSs           (c731b1fe449d4e9cea358c9d55b69be9) C:\Windows\system32\lsass.exe
13:27:56.0417 3000	SamSs - ok
13:27:56.0429 3000	sbp2port        (3ce8f073a557e172b330109436984e30) C:\Windows\system32\drivers\sbp2port.sys
13:27:56.0436 3000	sbp2port - ok
13:27:56.0538 3000	SBSDWSCService  (794d4b48dfb6e999537c7c3947863463) C:\Program Files\Spybot - Search & Destroy\SDWinSec.exe
13:27:56.0568 3000	SBSDWSCService - ok
13:27:56.0588 3000	SCardSvr        (565b4b9e5ad2f2f18a4f8aafa6c06bbb) C:\Windows\System32\SCardSvr.dll
13:27:56.0625 3000	SCardSvr - ok
13:27:56.0663 3000	Schedule        (886cec884b5be29ab9828b8ab46b11f7) C:\Windows\system32\schedsvc.dll
13:27:56.0731 3000	Schedule - ok
13:27:56.0762 3000	SCPolicySvc     (0600e04315fe543802a379d5d23c8be0) C:\Windows\System32\certprop.dll
13:27:56.0797 3000	SCPolicySvc - ok
13:27:56.0822 3000	SDRSVC          (f7b6bf02240d0a764adf8c8966735552) C:\Windows\System32\SDRSVC.dll
13:27:56.0865 3000	SDRSVC - ok
13:27:56.0890 3000	secdrv          (90a3935d05b494a5a39d37e71f09a677) C:\Windows\system32\drivers\secdrv.sys
13:27:56.0939 3000	secdrv - ok
13:27:56.0962 3000	seclogon        (8388c4133ddbe62ad7bc3ec9f14271ed) C:\Windows\system32\seclogon.dll
13:27:56.0998 3000	seclogon - ok
13:27:57.0006 3000	SENS            (34350ae2c1d33d21c7305f861bd8dad8) C:\Windows\System32\sens.dll
13:27:57.0060 3000	SENS - ok
13:27:57.0082 3000	Serenum         (68e44e331d46f0fb38f0863a84cd1a31) C:\Windows\system32\drivers\serenum.sys
13:27:57.0133 3000	Serenum - ok
13:27:57.0159 3000	Serial          (c70d69a918b178d3c3b06339b40c2e1b) C:\Windows\system32\drivers\serial.sys
13:27:57.0215 3000	Serial - ok
13:27:57.0241 3000	sermouse        (450accd77ec5cea720c1cdb9e26b953b) C:\Windows\system32\drivers\sermouse.sys
13:27:57.0264 3000	sermouse - ok
13:27:57.0288 3000	SessionEnv      (78878235da4df0d116e86837a0a21df8) C:\Windows\system32\sessenv.dll
13:27:57.0325 3000	SessionEnv - ok
13:27:57.0338 3000	sffdisk         (103b79418da647736ee95645f305f68a) C:\Windows\system32\drivers\sffdisk.sys
13:27:57.0386 3000	sffdisk - ok
13:27:57.0407 3000	sffp_mmc        (8fd08a310645fe872eeec6e08c6bf3ee) C:\Windows\system32\drivers\sffp_mmc.sys
13:27:57.0442 3000	sffp_mmc - ok
13:27:57.0448 3000	sffp_sd         (9cfa05fcfcb7124e69cfc812b72f9614) C:\Windows\system32\drivers\sffp_sd.sys
13:27:57.0483 3000	sffp_sd - ok
13:27:57.0490 3000	sfloppy         (46ed8e91793b2e6f848015445a0ac188) C:\Windows\system32\drivers\sfloppy.sys
13:27:57.0541 3000	sfloppy - ok
13:27:57.0583 3000	sfsync04        (c526ad307ff1900bc4c864f74553f762) C:\Windows\system32\drivers\sfsync04.sys
13:27:57.0590 3000	sfsync04 - ok
13:27:57.0621 3000	SharedAccess    (9a82bf4c90b00a63150a606a1e2fd82b) C:\Windows\System32\ipnathlp.dll
13:27:57.0633 3000	SharedAccess - ok
13:27:57.0645 3000	ShellHWDetection (b264dfa21677728613267fe63802b332) C:\Windows\System32\shsvcs.dll
13:27:57.0660 3000	ShellHWDetection - ok
13:27:57.0719 3000	SIS163u         (370ed82428657a2344aba98a76c06250) C:\Windows\system32\DRIVERS\sis163u.sys
13:27:57.0747 3000	SIS163u - ok
13:27:57.0751 3000	sisagp          (d2a595d6eebeeaf4334f8e50efbc9931) C:\Windows\system32\drivers\sisagp.sys
13:27:57.0758 3000	sisagp - ok
13:27:57.0775 3000	SiSRaid2        (cedd6f4e7d84e9f98b34b3fe988373aa) C:\Windows\system32\drivers\sisraid2.sys
13:27:57.0782 3000	SiSRaid2 - ok
13:27:57.0796 3000	SiSRaid4        (df843c528c4f69d12ce41ce462e973a7) C:\Windows\system32\drivers\sisraid4.sys
13:27:57.0803 3000	SiSRaid4 - ok
13:27:57.0937 3000	slsvc           (a1dcd30534835cb67733ad00175125a6) C:\Windows\system32\SLsvc.exe
13:27:58.0083 3000	slsvc - ok
13:27:58.0194 3000	SLUINotify      (56da296e7b376a727e7bdc5ac7fbee02) C:\Windows\system32\SLUINotify.dll
13:27:58.0224 3000	SLUINotify - ok
13:27:58.0247 3000	Smb             (ac0d90738adb51a6fd12ff00874a2162) C:\Windows\system32\DRIVERS\smb.sys
13:27:58.0282 3000	Smb - ok
13:27:58.0296 3000	SNMPTRAP        (2a146a055b4401c16ee62d18b8e2a032) C:\Windows\System32\snmptrap.exe
13:27:58.0307 3000	SNMPTRAP - ok
13:27:58.0315 3000	spldr           (426f9b029aa9162ceccf65369457d046) C:\Windows\system32\drivers\spldr.sys
13:27:58.0322 3000	spldr - ok
13:27:58.0339 3000	Spooler         (da612ef2556776df2630b68bf2d48935) C:\Windows\System32\spoolsv.exe
13:27:58.0350 3000	Spooler - ok
13:27:58.0392 3000	srv             (038579c35f7cad4a4bbf735dbf83277d) C:\Windows\system32\DRIVERS\srv.sys
13:27:58.0418 3000	srv - ok
13:27:58.0433 3000	srv2            (6971a757af8cb5e2cbcbb76cc530db6c) C:\Windows\system32\DRIVERS\srv2.sys
13:27:58.0477 3000	srv2 - ok
13:27:58.0483 3000	srvnet          (9e1a4603b874eebce0298113951abefb) C:\Windows\system32\DRIVERS\srvnet.sys
13:27:58.0495 3000	srvnet - ok
13:27:58.0514 3000	SSDPSRV         (8d3e4baff8b3997138c38eb1b600519a) C:\Windows\System32\ssdpsrv.dll
13:27:58.0552 3000	SSDPSRV - ok
13:27:58.0561 3000	ssmdrv          (a36ee93698802cd899f98bfd553d8185) C:\Windows\system32\DRIVERS\ssmdrv.sys
13:27:58.0567 3000	ssmdrv - ok
13:27:58.0638 3000	stisvc          (a941e099ef46e3cc12f898cbe1c39910) C:\Windows\System32\wiaservc.dll
13:27:58.0698 3000	stisvc - ok
13:27:58.0717 3000	swenum          (1379bdb336f8158c176a465e30759f57) C:\Windows\system32\DRIVERS\swenum.sys
13:27:58.0723 3000	swenum - ok
13:27:58.0743 3000	swprv           (749ada8d6c18a08adfede69cbf5db2e0) C:\Windows\System32\swprv.dll
13:27:58.0806 3000	swprv - ok
13:27:58.0827 3000	Symc8xx         (192aa3ac01df071b541094f251deed10) C:\Windows\system32\drivers\symc8xx.sys
13:27:58.0834 3000	Symc8xx - ok
13:27:58.0848 3000	Sym_hi          (8c8eb8c76736ebaf3b13b633b2e64125) C:\Windows\system32\drivers\sym_hi.sys
13:27:58.0855 3000	Sym_hi - ok
13:27:58.0870 3000	Sym_u3          (8072af52b5fd103bbba387a1e49f62cb) C:\Windows\system32\drivers\sym_u3.sys
13:27:58.0877 3000	Sym_u3 - ok
13:27:58.0916 3000	SysMain         (8f2b5fede18bd3c4c926cbf88e6f1264) C:\Windows\system32\sysmain.dll
13:27:58.0956 3000	SysMain - ok
13:27:58.0971 3000	TabletInputService (2dca225eae15f42c0933e998ee0231c3) C:\Windows\System32\TabSvc.dll
13:27:58.0998 3000	TabletInputService - ok
13:27:59.0033 3000	tap0901         (d3a66c827b3f729bcbab84eba8570b48) C:\Windows\system32\DRIVERS\tap0901.sys
13:27:59.0040 3000	tap0901 - ok
13:27:59.0063 3000	TapiSrv         (ef3dd33c740fc2f82e7e4622f1c49289) C:\Windows\System32\tapisrv.dll
13:27:59.0102 3000	TapiSrv - ok
13:27:59.0111 3000	TBS             (68fa52794ae9acc61bde16fe0956b414) C:\Windows\System32\tbssvc.dll
13:27:59.0148 3000	TBS - ok
13:27:59.0210 3000	Tcpip           (4a82fa8f0df67aa354580c3faaf8bde3) C:\Windows\system32\drivers\tcpip.sys
13:27:59.0235 3000	Tcpip - ok
13:27:59.0243 3000	Tcpip6          (4a82fa8f0df67aa354580c3faaf8bde3) C:\Windows\system32\DRIVERS\tcpip.sys
13:27:59.0264 3000	Tcpip6 - ok
13:27:59.0291 3000	tcpipreg        (5ce0c4a7b12d0067dad527d72b68c726) C:\Windows\system32\drivers\tcpipreg.sys
13:27:59.0326 3000	tcpipreg - ok
13:27:59.0335 3000	TDPIPE          (964248aef49c31fa6a93201a73ffaf50) C:\Windows\system32\drivers\tdpipe.sys
13:27:59.0388 3000	TDPIPE - ok
13:27:59.0409 3000	TDTCP           (7d2c1ae1648a60fce4aa0f7982e419d3) C:\Windows\system32\drivers\tdtcp.sys
13:27:59.0444 3000	TDTCP - ok
13:27:59.0449 3000	tdx             (ab4fde8af4a0270a46a001c08cbce1c2) C:\Windows\system32\DRIVERS\tdx.sys
13:27:59.0484 3000	tdx - ok
13:27:59.0496 3000	TermDD          (2c549bd9dd091fbfaa0a2a48e82ec2fb) C:\Windows\system32\DRIVERS\termdd.sys
13:27:59.0503 3000	TermDD - ok
13:27:59.0534 3000	TermService     (fad71c1e8e4047b154e899ae31eb8caa) C:\Windows\System32\termsrv.dll
13:27:59.0577 3000	TermService - ok
13:27:59.0603 3000	Themes          (b264dfa21677728613267fe63802b332) C:\Windows\system32\shsvcs.dll
13:27:59.0617 3000	Themes - ok
13:27:59.0637 3000	THREADORDER     (9dfa3a459af0954aa85b4f7622ad87bb) C:\Windows\system32\mmcss.dll
13:27:59.0673 3000	THREADORDER - ok
13:27:59.0687 3000	TrkWks          (6bba0582c0025d43729a1112d3b57897) C:\Windows\System32\trkwks.dll
13:27:59.0723 3000	TrkWks - ok
13:27:59.0754 3000	TrustedInstaller (34e388a395fedba1d0511ed39bbf4074) C:\Windows\servicing\TrustedInstaller.exe
13:27:59.0782 3000	TrustedInstaller - ok
13:27:59.0807 3000	tssecsrv        (29f0eca726f0d51f7e048bdb0b372f29) C:\Windows\system32\DRIVERS\tssecsrv.sys
13:27:59.0856 3000	tssecsrv - ok
13:27:59.0939 3000	TuneUp.Defrag   (c1a64414db4e49d41d9df9359ed9369b) C:\Program Files\TuneUp Utilities 2010\TuneUpDefragService.exe
13:27:59.0952 3000	TuneUp.Defrag - ok
13:28:00.0039 3000	TuneUp.UtilitiesSvc (dc653cf2d70827c4ebc2b157da25cf57) C:\Program Files\TuneUp Utilities 2010\TuneUpUtilitiesService32.exe
13:28:00.0065 3000	TuneUp.UtilitiesSvc - ok
13:28:00.0115 3000	TuneUpUtilitiesDrv (f2107c9d85ec0df116939ccce06ae697) C:\Program Files\TuneUp Utilities 2010\TuneUpUtilitiesDriver32.sys
13:28:00.0121 3000	TuneUpUtilitiesDrv - ok
13:28:00.0197 3000	tunmp           (65e953bc0084d44498b51f59784d2a82) C:\Windows\system32\DRIVERS\tunmp.sys
13:28:00.0207 3000	tunmp - ok
13:28:00.0221 3000	tunnel          (4a39bda5e0fd30bdf4884f9d33ae6105) C:\Windows\system32\DRIVERS\tunnel.sys
13:28:00.0231 3000	tunnel - ok
13:28:00.0250 3000	uagp35          (c3ade15414120033a36c0f293d4a4121) C:\Windows\system32\drivers\uagp35.sys
13:28:00.0258 3000	uagp35 - ok
13:28:00.0279 3000	udfs            (6348da98707ceda8a0dfb05820e17732) C:\Windows\system32\DRIVERS\udfs.sys
13:28:00.0317 3000	udfs - ok
13:28:00.0331 3000	UI0Detect       (24a333f4f14dcfb6ff6d5a1b9e5d79dd) C:\Windows\system32\UI0Detect.exe
13:28:00.0342 3000	UI0Detect - ok
13:28:00.0356 3000	uliagpkx        (75e6890ebfce0841d3291b02e7a8bdb0) C:\Windows\system32\drivers\uliagpkx.sys
13:28:00.0364 3000	uliagpkx - ok
13:28:00.0382 3000	uliahci         (3cd4ea35a6221b85dcc25daa46313f8d) C:\Windows\system32\drivers\uliahci.sys
13:28:00.0392 3000	uliahci - ok
13:28:00.0408 3000	UlSata          (8514d0e5cd0534467c5fc61be94a569f) C:\Windows\system32\drivers\ulsata.sys
13:28:00.0415 3000	UlSata - ok
13:28:00.0430 3000	ulsata2         (38c3c6e62b157a6bc46594fada45c62b) C:\Windows\system32\drivers\ulsata2.sys
13:28:00.0438 3000	ulsata2 - ok
13:28:00.0453 3000	umbus           (3fb78f1d1dd86d87bececd9dffa24dd9) C:\Windows\system32\DRIVERS\umbus.sys
13:28:00.0508 3000	umbus - ok
13:28:00.0541 3000	upnphost        (8eb871a3deb6b3d5a85eb6ddfc390b59) C:\Windows\System32\upnphost.dll
13:28:00.0581 3000	upnphost - ok
13:28:00.0611 3000	usbccgp         (b0ba9caffe9b0555ec0317f30cb79cd2) C:\Windows\system32\DRIVERS\usbccgp.sys
13:28:00.0656 3000	usbccgp - ok
13:28:00.0673 3000	usbcir          (e9476e6c486e76bc4898074768fb7131) C:\Windows\system32\drivers\usbcir.sys
13:28:00.0709 3000	usbcir - ok
13:28:00.0730 3000	usbehci         (c9fcd05b0a80ea08c2768e5a279b14de) C:\Windows\system32\DRIVERS\usbehci.sys
13:28:00.0739 3000	usbehci - ok
13:28:00.0769 3000	usbhub          (5e44f7d957f7560da06bfe6b84b58a35) C:\Windows\system32\DRIVERS\usbhub.sys
13:28:00.0783 3000	usbhub - ok
13:28:00.0787 3000	usbohci         (9333e482a173938788cbde8f81ec52fb) C:\Windows\system32\DRIVERS\usbohci.sys
13:28:00.0812 3000	usbohci - ok
13:28:00.0835 3000	usbprint        (b51e52acf758be00ef3a58ea452fe360) C:\Windows\system32\DRIVERS\usbprint.sys
13:28:00.0872 3000	usbprint - ok
13:28:00.0901 3000	usbscan         (b1f95285c08ddfe00c0b955462637ec7) C:\Windows\system32\DRIVERS\usbscan.sys
13:28:00.0937 3000	usbscan - ok
13:28:00.0962 3000	USBSTOR         (7887ce56934e7f104e98c975f47353c5) C:\Windows\system32\DRIVERS\USBSTOR.SYS
13:28:01.0008 3000	USBSTOR - ok
13:28:01.0027 3000	usbuhci         (325dbbacb8a36af9988ccf40eac228cc) C:\Windows\system32\DRIVERS\usbuhci.sys
13:28:01.0063 3000	usbuhci - ok
13:28:01.0075 3000	UxSms           (f79d0d7c9004474cb42746d9b2c30a2b) C:\Windows\System32\uxsms.dll
13:28:01.0127 3000	UxSms - ok
13:28:01.0146 3000	UxTuneUp        (dc2172accb384c6a3d59342050422102) C:\Windows\System32\uxtuneup.dll
13:28:01.0153 3000	UxTuneUp - ok
13:28:01.0184 3000	vds             (c9d0bafee0d0a2681f048ca61bc0da96) C:\Windows\System32\vds.exe
13:28:01.0201 3000	vds - ok
13:28:01.0231 3000	vga             (7d92be0028ecdedec74617009084b5ef) C:\Windows\system32\DRIVERS\vgapnp.sys
13:28:01.0266 3000	vga - ok
13:28:01.0275 3000	VgaSave         (17a8f877314e4067f8c8172cc6d9101c) C:\Windows\System32\drivers\vga.sys
13:28:01.0311 3000	VgaSave - ok
13:28:01.0325 3000	viaagp          (045d9961e591cf0674a920b6ba3ba5cb) C:\Windows\system32\drivers\viaagp.sys
13:28:01.0332 3000	viaagp - ok
13:28:01.0346 3000	ViaC7           (56a4de5f02f2e88182b0981119b4dd98) C:\Windows\system32\drivers\viac7.sys
13:28:01.0399 3000	ViaC7 - ok
13:28:01.0424 3000	viaide          (7aa7ec9a08dc2c39649c413b1a26e298) C:\Windows\system32\drivers\viaide.sys
13:28:01.0431 3000	viaide - ok
13:28:01.0450 3000	volmgr          (103e84c95832d0ed93507997cc7b54e8) C:\Windows\system32\drivers\volmgr.sys
13:28:01.0457 3000	volmgr - ok
13:28:01.0472 3000	volmgrx         (294da8d3f965f6a8db934a83c7b461ff) C:\Windows\system32\drivers\volmgrx.sys
13:28:01.0483 3000	volmgrx - ok
13:28:01.0496 3000	volsnap         (80dc0c9bcb579ed9815001a4d37cbfd5) C:\Windows\system32\drivers\volsnap.sys
13:28:01.0506 3000	volsnap - ok
13:28:01.0526 3000	vsmraid         (d984439746d42b30fc65a4c3546c6829) C:\Windows\system32\drivers\vsmraid.sys
13:28:01.0533 3000	vsmraid - ok
13:28:01.0593 3000	VSS             (e0e29d9ef2524abd11749c7c2fd7f607) C:\Windows\system32\vssvc.exe
13:28:01.0636 3000	VSS - ok
13:28:01.0665 3000	W32Time         (62b0d0f6f5580d9d0dfa5e0b466ff2ed) C:\Windows\system32\w32time.dll
13:28:01.0705 3000	W32Time - ok
13:28:01.0720 3000	WacomPen        (48dfee8f1af7c8235d4e626f0c4fe031) C:\Windows\system32\drivers\wacompen.sys
13:28:01.0756 3000	WacomPen - ok
13:28:01.0774 3000	Wanarp          (6798c1209a53b5a0ded8d437c45145ff) C:\Windows\system32\DRIVERS\wanarp.sys
13:28:01.0784 3000	Wanarp - ok
13:28:01.0787 3000	Wanarpv6        (6798c1209a53b5a0ded8d437c45145ff) C:\Windows\system32\DRIVERS\wanarp.sys
13:28:01.0798 3000	Wanarpv6 - ok
13:28:01.0816 3000	wcncsvc         (c1b19162e0509ceab4cdf664e139d956) C:\Windows\System32\wcncsvc.dll
13:28:01.0831 3000	wcncsvc - ok
13:28:01.0836 3000	WcsPlugInService (11bcb7afcdd7aadacb5746f544d3a9c7) C:\Windows\System32\WcsPlugInService.dll
13:28:01.0875 3000	WcsPlugInService - ok
13:28:01.0879 3000	Wd              (afc5ad65b991c1e205cf25cfdbf7a6f4) C:\Windows\system32\drivers\wd.sys
13:28:01.0887 3000	Wd - ok
13:28:01.0929 3000	Wdf01000        (9950e3d0f08141c7e89e64456ae7dc73) C:\Windows\system32\drivers\Wdf01000.sys
13:28:01.0946 3000	Wdf01000 - ok
13:28:01.0967 3000	WdiServiceHost  (2a424b89b14ef17a3d06bcb5a8f79601) C:\Windows\system32\wdi.dll
13:28:01.0996 3000	WdiServiceHost - ok
13:28:01.0999 3000	WdiSystemHost   (2a424b89b14ef17a3d06bcb5a8f79601) C:\Windows\system32\wdi.dll
13:28:02.0013 3000	WdiSystemHost - ok
13:28:02.0052 3000	WebClient       (01e41c264eedcb827820a1909162579f) C:\Windows\System32\webclnt.dll
13:28:02.0064 3000	WebClient - ok
13:28:02.0075 3000	Wecsvc          (9cf67ff7f8d34cbf115d0c278b9f74aa) C:\Windows\system32\wecsvc.dll
13:28:02.0113 3000	Wecsvc - ok
13:28:02.0127 3000	wercplsupport   (b68cab45db1dab59d92acadfad6364a8) C:\Windows\System32\wercplsupport.dll
13:28:02.0164 3000	wercplsupport - ok
13:28:02.0185 3000	WerSvc          (36ba0707680ef4236fd752bee982cc25) C:\Windows\System32\WerSvc.dll
13:28:02.0222 3000	WerSvc - ok
13:28:02.0274 3000	WinDefend       (0d5ad0e71ff5ddac5dd2f443b499abd0) C:\Program Files\Windows Defender\mpsvc.dll
13:28:02.0285 3000	WinDefend - ok
13:28:02.0290 3000	WinHttpAutoProxySvc - ok
13:28:02.0336 3000	Winmgmt         (38a7b89de4e3417c122317949667fdd8) C:\Windows\system32\wbem\WMIsvc.dll
13:28:02.0389 3000	Winmgmt - ok
13:28:02.0427 3000	WinRM           (3f6823040030c3e4da1cf11cd40b7534) C:\Windows\system32\WsmSvc.dll
13:28:02.0488 3000	WinRM - ok
13:28:02.0544 3000	Wlansvc         (7640acea41348bfef34b76e245501261) C:\Windows\System32\wlansvc.dll
13:28:02.0622 3000	Wlansvc - ok
13:28:02.0658 3000	WmiAcpi         (17eac0d023a65fa9b02114cc2baacad5) C:\Windows\system32\DRIVERS\wmiacpi.sys
13:28:02.0695 3000	WmiAcpi - ok
13:28:02.0727 3000	wmiApSrv        (a279323bee5fffafda222910bce92132) C:\Windows\system32\wbem\WmiApSrv.exe
13:28:02.0737 3000	wmiApSrv - ok
13:28:02.0830 3000	WMPNetworkSvc   (acb2e63d50157e3ea7140f29d9e76a48) C:\Program Files\Windows Media Player\wmpnetwk.exe
13:28:02.0886 3000	WMPNetworkSvc - ok
13:28:02.0914 3000	WPCSvc          (3d3b3b80c12abe506f56930c46422c28) C:\Windows\System32\wpcsvc.dll
13:28:02.0953 3000	WPCSvc - ok
13:28:02.0975 3000	WPDBusEnum      (c24844a1d0d9528b19d5bc266b8cd572) C:\Windows\system32\wpdbusenum.dll
13:28:03.0007 3000	WPDBusEnum - ok
13:28:03.0039 3000	WpdUsb          (2d27171b16a577ef14c1273668753485) C:\Windows\system32\DRIVERS\wpdusb.sys
13:28:03.0087 3000	WpdUsb - ok
13:28:03.0117 3000	ws2ifsl         (84620aecdcfd2a7a14e6263927d8c0ed) C:\Windows\system32\drivers\ws2ifsl.sys
13:28:03.0154 3000	ws2ifsl - ok
13:28:03.0169 3000	wscsvc          (f97cbb919af6d0a6643d1a59c15014d1) C:\Windows\System32\wscsvc.dll
13:28:03.0199 3000	wscsvc - ok
13:28:03.0203 3000	WSearch - ok
13:28:03.0334 3000	wuauserv        (6298277b73c77fa99106b271a7525163) C:\Windows\system32\wuaueng.dll
13:28:03.0412 3000	wuauserv - ok
13:28:03.0551 3000	WUDFRd          (a2aafcc8a204736296d937c7c545b53f) C:\Windows\system32\DRIVERS\WUDFRd.sys
13:28:03.0604 3000	WUDFRd - ok
13:28:03.0626 3000	wudfsvc         (db5bf5aab72b1b99b5331231d09ebb26) C:\Windows\System32\WUDFSvc.dll
13:28:03.0663 3000	wudfsvc - ok
13:28:03.0686 3000	MBR (0x1B8)     (5c616939100b85e558da92b899a0fc36) \Device\Harddisk0\DR0
13:28:03.0883 3000	\Device\Harddisk0\DR0 - ok
13:28:03.0886 3000	Boot (0x1200)   (3151a58075f1f57f2e5971c9e5b67a96) \Device\Harddisk0\DR0\Partition0
13:28:03.0888 3000	\Device\Harddisk0\DR0\Partition0 - ok
13:28:03.0917 3000	Boot (0x1200)   (04253e24ab4c333404c937f68a18cef5) \Device\Harddisk0\DR0\Partition1
13:28:03.0919 3000	\Device\Harddisk0\DR0\Partition1 - ok
13:28:03.0938 3000	Boot (0x1200)   (57fbe5b0b8bec124b545f81704f294d3) \Device\Harddisk0\DR0\Partition2
13:28:03.0939 3000	\Device\Harddisk0\DR0\Partition2 - ok
13:28:03.0940 3000	============================================================
13:28:03.0940 3000	Scan finished
13:28:03.0940 3000	============================================================
13:28:03.0949 2896	Detected object count: 1
13:28:03.0949 2896	Actual detected object count: 1
13:28:17.0527 2896	OpenVPNService ( UnsignedFile.Multi.Generic ) - skipped by user
13:28:17.0527 2896	OpenVPNService ( UnsignedFile.Multi.Generic ) - User select action: Skip

Danke und Gruß
Matjes

cosinus · 11.05.2012, 13:26

Dann bitte jetzt CF ausführen:

ComboFix

Ein Leitfaden und Tutorium zur Nutzung von ComboFix

Lade dir ComboFix hier herunter auf deinen Desktop.

Schliesse alle Programme, vor allem dein Antivirenprogramm und andere Hintergrundwächter sowie deinen Internetbrowser.

Starte combofix.exe von deinem Desktop aus, bestätige die Warnmeldungen, führe die Updates durch (falls vorgeschlagen), installiere die Wiederherstellungskonsole (falls vorgeschlagen) und lass dein System durchsuchen.
Vermeide es auch während Combofix läuft die Maus und Tastatur zu benutzen.

Im Anschluss öffnet sich automatisch eine combofix.txt, diesen Inhalt bitte kopieren ([Strg]a, [Strg]c) und in deinen Beitrag einfügen ([Strg]v). Die Datei findest du außerdem unter: C:\ComboFix.txt.

Wichtiger Hinweis:

Combofix darf ausschließlich ausgeführt werden, wenn ein Kompetenzler dies ausdrücklich empfohlen hat!

Es sollte nie auf eigene Initiative hin ausgeführt werden! Eine falsche Benutzung kann ernsthafte Computerprobleme nach sich ziehen und eine Bereinigung der Infektion noch erschweren.

Solltest du nach der Ausführung von Combofix Probleme beim Starten von Anwendungen haben und Meldungen erhalten wie

Zitat:

Es wurde versucht, einen Registrierungsschlüssel einem ungültigen Vorgang zu unterziehen, der zum Löschen markiert wurde.

startest du Windows dann manuell neu und die Fehlermeldungen sollten nicht mehr auftauchen.

matjes80 · 11.05.2012, 19:51

Combofix Logfile:

Code:

ATTFilter

ComboFix 12-05-11.03 - Matze 11.05.2012  20:44:03.1.4 - x86
Microsoft® Windows Vista™ Home Premium   6.0.6000.0.1252.49.1031.18.3071.2359 [GMT 2:00]
ausgeführt von:: c:\users\Matze\Desktop\ComboFix.exe
.
.
((((((((((((((((((((((((((((((((((((   Weitere Löschungen   ))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\windows\unin0407.exe
.
.
(((((((((((((((((((((((   Dateien erstellt von 2012-04-11 bis 2012-05-11  ))))))))))))))))))))))))))))))
.
.
2012-05-11 18:47 . 2012-05-11 18:47	--------	d-----w-	c:\users\Matze\AppData\Local\temp
2012-05-09 05:08 . 2012-04-13 07:36	6734704	----a-w-	c:\programdata\Microsoft\Windows Defender\Definition Updates\{9FA75F4E-877D-4E25-9A42-6AD80CCA931D}\mpengine.dll
2012-05-08 21:49 . 2012-05-08 21:49	--------	d-----w-	C:\_OTL
2012-05-05 18:31 . 2012-05-05 18:31	--------	d-----w-	c:\program files\7-Zip
2012-05-04 13:45 . 2012-05-04 13:45	--------	d-----w-	c:\program files\Trend Micro
2012-05-03 17:20 . 2012-05-08 21:49	--------	d-----w-	c:\program files\Spybot - Search & Destroy
2012-05-03 17:20 . 2012-05-06 07:35	--------	d-----w-	c:\programdata\Spybot - Search & Destroy
2012-05-02 15:22 . 2012-05-02 16:28	--------	d-----w-	c:\programdata\McAfee
2012-05-02 15:15 . 2012-04-21 01:18	97208	----a-w-	c:\program files\Mozilla Firefox\components\browsercomps.dll
2012-05-02 15:15 . 2012-04-21 01:54	868952	----a-w-	c:\program files\Mozilla Firefox\uninstall\helper.exe
2012-05-01 13:04 . 2012-05-01 13:04	--------	d-----w-	c:\users\Matze\AppData\Local\ESET
2012-04-25 18:48 . 2012-05-02 15:59	--------	d-----w-	c:\program files\Mozilla Maintenance Service
2012-04-25 18:48 . 2012-04-21 01:16	157352	----a-w-	c:\program files\Mozilla Firefox\maintenanceservice_installer.exe
2012-04-25 18:48 . 2012-04-21 01:16	129976	----a-w-	c:\program files\Mozilla Firefox\maintenanceservice.exe
2012-04-24 05:13 . 2012-04-24 05:13	--------	d-----w-	c:\users\Matze\AppData\Roaming\Avira
2012-04-24 05:09 . 2012-05-08 21:47	83392	----a-w-	c:\windows\system32\drivers\avgntflt.sys
2012-04-24 05:09 . 2012-05-08 21:47	137928	----a-w-	c:\windows\system32\drivers\avipbb.sys
2012-04-24 05:09 . 2011-09-16 14:08	36000	----a-w-	c:\windows\system32\drivers\avkmgr.sys
2012-04-24 05:09 . 2012-04-24 05:09	--------	d-----w-	c:\programdata\Avira
2012-04-24 05:09 . 2012-04-24 05:09	--------	d-----w-	c:\program files\Avira
.
.
.
((((((((((((((((((((((((((((((((((((   Find3M Bericht   ))))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2012-05-05 09:09 . 2012-03-31 15:33	419488	----a-w-	c:\windows\system32\FlashPlayerApp.exe
2012-05-05 09:09 . 2011-09-08 17:30	70304	----a-w-	c:\windows\system32\FlashPlayerCPLApp.cpl
2012-04-04 13:56 . 2011-09-09 10:55	22344	----a-w-	c:\windows\system32\drivers\mbam.sys
2012-02-23 08:18 . 2011-09-09 09:53	237072	------w-	c:\windows\system32\MpSigStub.exe
2009-05-01 21:02 . 2009-05-01 21:02	1044480	----a-w-	c:\program files\mozilla firefox\plugins\libdivx.dll
2009-05-01 21:02 . 2009-05-01 21:02	200704	----a-w-	c:\program files\mozilla firefox\plugins\ssldivx.dll
2012-04-21 01:18 . 2012-05-02 15:15	97208	----a-w-	c:\program files\mozilla firefox\components\browsercomps.dll
.
.
((((((((((((((((((((((((((((   Autostartpunkte der Registrierung   ))))))))))))))))))))))))))))))))))))))))
.
.
*Hinweis* leere Einträge & legitime Standardeinträge werden nicht angezeigt. 
REGEDIT4
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Sidebar"="c:\program files\Windows Sidebar\sidebar.exe" [2011-09-10 1232896]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"RtHDVCpl"="RtHDVCpl.exe" [2007-12-17 4718592]
"Skytel"="Skytel.exe" [2007-11-20 1826816]
"itype"="c:\program files\Microsoft IntelliType Pro\itype.exe" [2011-01-07 1778552]
"IntelliPoint"="c:\program files\Microsoft IntelliPoint\ipoint.exe" [2011-01-07 1797488]
"avgnt"="c:\program files\Avira\AntiVir Desktop\avgnt.exe" [2012-05-08 348624]
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MCODS]
@=""
.
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\run-]
"EPSON Stylus DX8400 Series"=c:\windows\system32\spool\DRIVERS\W32X86\3\E_FATICEE.EXE /FU "c:\windows\TEMP\E_S870F.tmp" /EF "HKCU"
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run-]
"Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
"openvpn-gui"=c:\program files\Astaro\Astaro SSL VPN Client\bin\openvpn-gui.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\McAfeeAntiSpyware]
"DisableMonitoring"=dword:00000001
.
R3 AdobeFlashPlayerUpdateSvc;Adobe Flash Player Update Service;c:\windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [2012-05-05 257696]
S2 AdobeARMservice;Adobe Acrobat Update Service;c:\program files\Common Files\Adobe\ARM\1.0\armsvc.exe [2012-01-03 63928]
.
.
--- Andere Dienste/Treiber im Speicher ---
.
*NewlyCreated* - 35018371
*Deregistered* - 35018371
.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Svchost  - NetSvcs
UxTuneUp
.
Inhalt des "geplante Tasks" Ordners
.
2012-05-11 c:\windows\Tasks\Adobe Flash Player Updater.job
- c:\windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [2012-03-31 09:09]
.
.
------- Zusätzlicher Suchlauf -------
.
uStart Page = hxxp://www.gmx.de/
mStart Page = hxxp://search.searchonme.com/
TCP: DhcpNameServer = 192.168.220.1
FF - ProfilePath - c:\users\Matze\AppData\Roaming\Mozilla\Firefox\Profiles\uig1ebrz.default\
FF - prefs.js: browser.search.selectedEngine - Google
FF - prefs.js: browser.startup.homepage - www.gmx.de
.
.
**************************************************************************
.
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, hxxp://www.gmer.net
Rootkit scan 2012-05-11 20:47
Windows 6.0.6000  NTFS
.
Scanne versteckte Prozesse... 
.
Scanne versteckte Autostarteinträge... 
.
Scanne versteckte Dateien... 
.
Scan erfolgreich abgeschlossen
versteckte Dateien: 0
.
**************************************************************************
.
Zeit der Fertigstellung: 2012-05-11  20:49:05
ComboFix-quarantined-files.txt  2012-05-11 18:49
.
Vor Suchlauf: 10 Verzeichnis(se), 100.436.992.000 Bytes frei
Nach Suchlauf: 14 Verzeichnis(se), 100.403.355.648 Bytes frei
.
- - End Of File - - 94D9D531596522237F9ACA110BC6EBA5

--- --- ---

Danke und gruß
Matjes

cosinus · 11.05.2012, 21:37

Bitte nun Logs mit GMER und OSAM erstellen und posten.
GMER stürzt häufiger ab, wenn das Tool auch beim 2. Mal nicht will, lass es einfach weg und führ nur OSAM aus - die Online-Abfrage durch OSAM bitte überspringen.
Bei OSAM bitte darauf auch achten, dass Du das Log auch als *.log und nicht *.html oder so abspeicherst.

Hinweis: Zum Entpacken von OSAM bitte WinRAR oder 7zip verwenden! Stell auch unbedingt den Virenscanner ab, besonders der Scanner von McAfee meldet oft einen Fehalarm in OSAM!

Downloade dir bitte

aswMBR.exe und speichere die Datei auf deinem Desktop.

Starte die aswMBR.exe - (aswMBR.exe Anleitung)
Ab Windows Vista (oder höher) bitte mit Rechtsklick "als Administrator ausführen" starten".
Das Tool wird dich fragen, ob Du mit der aktuellen Virendefinition von AVAST! dein System scannen willst. Beantworte diese Frage bitte mit Ja. (Sollte deine Firewall fragen, bitte den Zugriff auf das Internet zulassen )
Der Download der Definitionen kann je nach Verbindung eine Weile dauern.
Klicke auf Scan.
Warte bitte bis Scan finished successfully im DOS-Fenster steht.
Drücke auf Save Log und speichere diese auf dem Desktop.

Poste mir die aswMBR.txt in deiner nächsten Antwort.

Wichtig: Drücke keinesfalls einen der Fix Buttons ohne Anweisung

Hinweis: Sollte der Scan Button ausgeblendet sein, schließe das Tool und starte es erneut. Sollte der Scan abbrechen und das Programm abstürzen, dann teile mir das mit und wähle unter AV Scan die Einstellung (none).

Noch ein Hinweis: Sollte aswMBR abstürzen und es kommt eine Meldung wie "aswMBR.exe funktioniert nicht mehr, dann mach Folgendes:
Starte aswMBR neu, wähle unten links im Drop-Down-Menü (unten links im Fenster von aswMBR) bei "AV scan" (none) aus und klick nochmal auf den Scan-Button.

matjes80 · 11.05.2012, 22:02

GMER Logfile:

Code:

ATTFilter

GMER 1.0.15.15641 - hxxp://www.gmer.net
Rootkit scan 2012-05-11 22:58:43
Windows 6.0.6000  Harddisk0\DR0 -> \Device\Ide\IdeDeviceP0T1L0-1 WDC_WD5000AAKS-07YGA0 rev.12.01C02
Running: tgkb0ots.exe; Driver: C:\Users\Matze\AppData\Local\Temp\ugrcypow.sys


---- System - GMER 1.0.15 ----

SSDT     8CF3556C                                       ZwClose
SSDT     8CF35576                                       ZwCreateSection
SSDT     8CF35567                                       ZwDuplicateObject
SSDT     8CF35508                                       ZwOpenProcess
SSDT     8CF3550D                                       ZwOpenThread
SSDT     8CF35580                                       ZwRequestWaitReplyPort
SSDT     8CF3557B                                       ZwSetContextThread
SSDT     8CF35585                                       ZwSetSecurityObject
SSDT     8CF3558A                                       ZwSystemDebugControl
SSDT     8CF35517                                       ZwTerminateProcess

---- Kernel code sections - GMER 1.0.15 ----

.text    ntoskrnl.exe!_alloca_probe + EC                83855E5C 4 Bytes  [6C, 55, F3, 8C]
.text    ntoskrnl.exe!_alloca_probe + 158               83855EC8 4 Bytes  [76, 55, F3, 8C]
.text    ntoskrnl.exe!_alloca_probe + 230               83855FA0 4 Bytes  [67, 55, F3, 8C]
.text    ntoskrnl.exe!_alloca_probe + 334               838560A4 4 Bytes  [08, 55, F3, 8C]
.text    ntoskrnl.exe!_alloca_probe + 350               838560C0 4 Bytes  [0D, 55, F3, 8C]
.text    ...                                            
.xreloc  C:\Windows\System32\drivers\sfsync04.sys       unknown last section [0x80431000, 0xC5E, 0x40000040]
.text    C:\Windows\system32\DRIVERS\atksgt.sys         section is writeable [0xA57BD300, 0x3ACC8, 0xE8000020]
.text    C:\Windows\system32\DRIVERS\lirsgt.sys         section is writeable [0x91AC2300, 0x1B7E, 0xE8000020]
?        C:\Windows\system32\Drivers\PROCEXP113.SYS     Das System kann die angegebene Datei nicht finden. !
?        C:\Users\Matze\AppData\Local\Temp\catchme.sys  Das System kann die angegebene Datei nicht finden. !

---- Devices - GMER 1.0.15 ----

Device   \Driver\USBSTOR \Device\00000063               88EB3660
Device   \Driver\USBSTOR \Device\00000064               88EB3660
Device   \Driver\USBSTOR \Device\00000065               88EB3660
Device   \Driver\atapi \Device\Ide\IdePort0             864E5090
Device   \Driver\atapi \Device\Ide\IdePort1             864E5090
Device   \Driver\atapi \Device\Ide\IdeDeviceP1T0L0-2    864E5090
Device   \Driver\atapi \Device\Ide\IdeDeviceP0T1L0-1    864E5090
Device   \Driver\atapi \Device\Ide\IdeDeviceP1T1L0-3    864E5090
Device   \Driver\USBSTOR \Device\00000066               88EB3660
Device   \Driver\USBSTOR \Device\00000067               88EB3660
Device   \Driver\USBSTOR \Device\00000068               88EB3660

---- EOF - GMER 1.0.15 ----

--- --- ---

OSAM Logfile:

Code:

ATTFilter

Report of OSAM: Autorun Manager v5.0.11926.0
hxxp://www.online-solutions.ru/en/
Saved at 23:37:39 on 11.05.2012

OS: Windows Vista Home Premium Edition (Build 6000), 32-bit
Default Browser: Mozilla Corporation Firefox 12.0

Scanner Settings
[x] Rootkits detection (hidden registry)
[x] Rootkits detection (hidden files)
[x] Retrieve files information
[x] Check Microsoft signatures

Filters
[ ] Trusted entries
[ ] Empty entries
[x] Hidden registry entries (rootkit activity)
[x] Exclusively opened files
[x] Not found files
[x] Files without detailed information
[x] Existing files
[ ] Non-startable services
[ ] Non-startable drivers
[x] Active entries
[x] Disabled entries


[Common]
-----( %SystemRoot%\Tasks )-----
"Adobe Flash Player Updater.job" - "Adobe Systems Incorporated" - C:\Windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe

[Control Panel Objects]
-----( %SystemRoot%\system32 )-----
"FlashPlayerCPLApp.cpl" - "Adobe Systems Incorporated" - C:\Windows\system32\FlashPlayerCPLApp.cpl

[Drivers]
-----( HKLM\SYSTEM\CurrentControlSet\Services )-----
"atksgt" (atksgt) - ? - C:\Windows\System32\DRIVERS\atksgt.sys  (File found, but it contains no detailed information)
"avgntflt" (avgntflt) - "Avira GmbH" - C:\Windows\System32\DRIVERS\avgntflt.sys
"avipbb" (avipbb) - "Avira GmbH" - C:\Windows\System32\DRIVERS\avipbb.sys
"avkmgr" (avkmgr) - "Avira GmbH" - C:\Windows\System32\DRIVERS\avkmgr.sys
"catchme" (catchme) - ? - C:\Users\Matze\AppData\Local\Temp\catchme.sys  (File not found)
"IP in IP Tunnel Driver" (IpInIp) - ? - C:\Windows\System32\DRIVERS\ipinip.sys  (File not found)
"IPX Traffic Filter Driver" (NwlnkFlt) - ? - C:\Windows\System32\DRIVERS\nwlnkflt.sys  (File not found)
"IPX Traffic Forwarder Driver" (NwlnkFwd) - ? - C:\Windows\System32\DRIVERS\nwlnkfwd.sys  (File not found)
"lirsgt" (lirsgt) - ? - C:\Windows\System32\DRIVERS\lirsgt.sys  (File found, but it contains no detailed information)
"mbr" (mbr) - ? - C:\ComboFix\mbr.sys  (Hidden registry entry, rootkit activity | File not found)
"ssmdrv" (ssmdrv) - "Avira GmbH" - C:\Windows\System32\DRIVERS\ssmdrv.sys
"StarForce Protection Synchronization Driver (version 4.x)" (sfsync04) - "Protection Technology (StarForce)" - C:\Windows\System32\drivers\sfsync04.sys
"TuneUpUtilitiesDrv" (TuneUpUtilitiesDrv) - "TuneUp Software" - C:\Program Files\TuneUp Utilities 2010\TuneUpUtilitiesDriver32.sys
"ugrcypow" (ugrcypow) - ? - C:\Users\Matze\AppData\Local\Temp\ugrcypow.sys  (Hidden registry entry, rootkit activity | File not found)

[Explorer]
-----( HKLM\Software\Classes\Folder\shellex\ColumnHandlers )-----
{F9DB5320-233E-11D1-9F84-707F02C10627} "PDF Shell Extension" - "Adobe Systems, Inc." - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\PDFShell.dll
-----( HKLM\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved )-----
{911051fa-c21c-4246-b470-070cd8df6dc4} ".cab or .zip files" - ? -   (File not found | COM-object registry key not found)
{23170F69-40C1-278A-1000-000100020000} "7-Zip Shell Extension" - "Igor Pavlov" - C:\Program Files\7-Zip\7-zip.dll
{1b24a030-9b20-49bc-97ac-1be4426f9e59} "ActiveDirectory Folder" - ? -   (File not found | COM-object registry key not found)
{34449847-FD14-4fc8-A75A-7432F5181EFB} "ActiveDirectory Folder" - ? -   (File not found | COM-object registry key not found)
{653DCCC2-13DB-45B2-A389-427885776CFE} "Activities Property Page" - "Microsoft Corporation" - C:\Program Files\Microsoft IntelliPoint\ipcplact.dll
{124597D8-850A-41AE-849C-017A4FA99CA2} "Buttons Property Page" - "Microsoft Corporation" - C:\Program Files\Microsoft IntelliPoint\ipcplbtn.dll
{0F8604A5-4ECE-4DE1-BA7D-CF10F8AA4F48} "Contacts folder" - ? -   (File not found | COM-object registry key not found)
{A70C977A-BF00-412C-90B7-034C51DA2439} "DesktopContext Class" - "NVIDIA Corporation" - C:\Program Files\NVIDIA Corporation\Display\nvui.dll
{2C2577C2-63A7-40e3-9B7F-586602617ECB} "Explorer Query Band" - ? -   (File not found | COM-object registry key not found)
{3BEABCC1-BF31-42df-88D9-A2955D6B8528} "IntelliPoint Sensitivity Property Page" - "Microsoft Corporation" - C:\Program Files\Microsoft IntelliPoint\ipcplsens.dll
{ED6E87C6-8A83-43aa-8208-8DBC8247F4D2} "IntelliType Pro Key Settings Property Page" - "Microsoft Corporation" - C:\Program Files\Microsoft IntelliType Pro\itcplkey.dll
{111D8120-25EB-4E1C-A4DF-C9EE5FCA35CB} "IntelliType Pro Scrolling Property Page" - "Microsoft Corporation" - C:\Program Files\Microsoft IntelliType Pro\itcplwhl.dll
{1825D0FA-5B0C-4e20-A929-3EFD15B6DF71} "IntelliType Pro Touchpad Control Property Page" - "Microsoft Corporation" - C:\Program Files\Microsoft IntelliType Pro\itcpltp.dll
{A2569D1F-4E06-43EC-9825-0088B471BE47} "IntelliType Pro Wireless Control Panel Property Page" - "Microsoft Corporation" - C:\Program Files\Microsoft IntelliType Pro\itcplwir.dll
{97FA8AA2-EE77-4FF2-9449-424D8924EF21} "IntelliType Pro Zooming Property Page" - "Microsoft Corporation" - C:\Program Files\Microsoft IntelliType Pro\itcplzm.dll
{00020d75-0000-0000-c000-000000000046} "lnkfile" - ? -   (File not found | COM-object registry key not found)
{3D1975AF-48C6-4f8e-A182-BE0E08FA86A9} "NVIDIA CPL Context Menu Extension" - "NVIDIA Corporation" - C:\Windows\system32\nvshext.dll
{C8494E42-ACDD-4739-B0FB-217361E4894F} "Sam Account Folder" - ? -   (File not found | COM-object registry key not found)
{E29F9716-5C08-4FCD-955A-119FDB5A522D} "Sam Account Folder" - ? -   (File not found | COM-object registry key not found)
{45AC2688-0253-4ED8-97DE-B5370FA7D48A} "Shell Extension for Malware scanning" - "Avira Operations GmbH & Co. KG" - C:\Program Files\Avira\AntiVir Desktop\shlext.dll
{1184D0ED-DBCE-4170-8DBB-4D0C3905DA85} "Touch Property Page" - "Microsoft Corporation" - C:\Program Files\Microsoft IntelliPoint\ipcpltouch.dll
{4838CD50-7E5D-4811-9B17-C47A85539F28} "TuneUp Disk Space Explorer Shell Extension" - "TuneUp Software" - C:\Program Files\TuneUp Utilities 2010\DseShExt-x86.dll
{4858E7D9-8E12-45a3-B6A3-1CD128C9D403} "TuneUp Shredder Shell Extension" - "TuneUp Software" - C:\Program Files\TuneUp Utilities 2010\SDShelEx-win32.dll
{44440D00-FF19-4AFC-B765-9A0970567D97} "TuneUp Theme Extension" - "TuneUp Software" - C:\Windows\System32\uxtuneup.dll
{AF90F543-6A3A-4C1B-8B16-ECEC073E69BE} "Wheel Property Page" - "Microsoft Corporation" - C:\Program Files\Microsoft IntelliPoint\ipcplwhl.dll
{da67b8ad-e81b-4c70-9b91b417b5e33527} "Windows Search Shell Service" - ? -   (File not found | COM-object registry key not found)
{20082881-FC36-4E47-9A7A-644C95FF749F} "Wireless Property Page" - "Microsoft Corporation" - C:\Program Files\Microsoft IntelliPoint\ipcplwir.dll

[Internet Explorer]
-----( HKCU\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser )-----
<binary data> "ITBar7Layout" - ? -   (File not found | COM-object registry key not found)
-----( HKLM\SOFTWARE\Microsoft\Code Store Database\Distribution Units )-----
{D27CDB6E-AE6D-11CF-96B8-444553540000} "Shockwave Flash Object" - "Adobe Systems, Inc." - C:\Windows\system32\Macromed\Flash\Flash32_11_2_202_235.ocx / hxxp://fpdownload2.macromedia.com/get/flashplayer/current/swflash.cab
-----( HKLM\SOFTWARE\Microsoft\Internet Explorer\Extensions )-----
{53707962-6F74-2D53-2644-206D7942484F} "ClsidExtension" - "Safer Networking Limited" - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
-----( HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects )-----
{18DF081C-E8AD-4283-A596-FA578C2EBDC3} "Adobe PDF Link Helper" - "Adobe Systems Incorporated" - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
{53707962-6F74-2D53-2644-206D7942484F} "Spybot-S&D IE Protection" - "Safer Networking Limited" - C:\PROGRA~1\SPYBOT~1\SDHelper.dll

[Logon]
-----( %APPDATA%\Microsoft\Windows\Start Menu\Programs\Startup )-----
"desktop.ini" - ? - C:\Users\Matze\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\desktop.ini
-----( %AllUsersProfile%\Microsoft\Windows\Start Menu\Programs\Startup )-----
"desktop.ini" - ? - C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\desktop.ini
-----( HKLM\SYSTEM\CurrentControlSet\Control\Terminal Server\Wds\rdpwd )-----
"StartupPrograms" - ? - rdpclip  (File not found)
-----( HKLM\Software\Microsoft\Windows\CurrentVersion\Run )-----
"avgnt" - "Avira Operations GmbH & Co. KG" - "C:\Program Files\Avira\AntiVir Desktop\avgnt.exe" /min
"IntelliPoint" - "Microsoft Corporation" - "C:\Program Files\Microsoft IntelliPoint\ipoint.exe"
"itype" - "Microsoft Corporation" - "C:\Program Files\Microsoft IntelliType Pro\itype.exe"

[Services]
-----( HKLM\SYSTEM\CurrentControlSet\Services )-----
"@%SystemRoot%\System32\uxtuneup.dll,-4096" (UxTuneUp) - "TuneUp Software" - C:\Windows\System32\uxtuneup.dll
"@C:\Program Files\TuneUp Utilities 2010\TuneUpDefragService.exe,-1" (TuneUp.Defrag) - "TuneUp Software" - C:\Program Files\TuneUp Utilities 2010\TuneUpDefragService.exe
"Adobe Acrobat Update Service" (AdobeARMservice) - "Adobe Systems Incorporated" - C:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe
"Adobe Flash Player Update Service" (AdobeFlashPlayerUpdateSvc) - "Adobe Systems Incorporated" - C:\Windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe
"Avira Echtzeit Scanner" (AntiVirService) - "Avira Operations GmbH & Co. KG" - C:\Program Files\Avira\AntiVir Desktop\avguard.exe
"Avira Planer" (AntiVirSchedulerService) - "Avira Operations GmbH & Co. KG" - C:\Program Files\Avira\AntiVir Desktop\sched.exe
"McAfee Personal Firewall Service" (McMPFSvc) - ? - "C:\Program Files\Common Files\Mcafee\McSvcHost\McSvHost.exe" /McCoreSvc  (File not found)
"Mozilla Maintenance Service" (MozillaMaintenance) - "Mozilla Foundation" - C:\Program Files\Mozilla Maintenance Service\maintenanceservice.exe
"NVIDIA Display Driver Service" (nvsvc) - "NVIDIA Corporation" - C:\Windows\system32\nvvsvc.exe
"NVIDIA Update Service Daemon" (nvUpdatusService) - "NVIDIA Corporation" - C:\Program Files\NVIDIA Corporation\NVIDIA Updatus\daemonu.exe
"OpenVPN Service" (OpenVPNService) - ? - C:\Program Files\Astaro\Astaro SSL VPN Client\bin\openvpnserv.exe  (File found, but it contains no detailed information)
"SBSD Security Center Service" (SBSDWSCService) - "Safer Networking Ltd." - C:\Program Files\Spybot - Search & Destroy\SDWinSec.exe
"TuneUp Utilities Service" (TuneUp.UtilitiesSvc) - "TuneUp Software" - C:\Program Files\TuneUp Utilities 2010\TuneUpUtilitiesService32.exe

===[ Logfile end ]=========================================[ Logfile end ]===

--- --- ---
If You have questions or want to get some help, You can visit hxxp://forum.online-solutions.ru
[/code]

cosinus · 11.05.2012, 22:46

aswMBR kommt noch?

matjes80 · 11.05.2012, 22:53

Code:

ATTFilter

aswMBR version 0.9.9.1665 Copyright(c) 2011 AVAST Software
Run date: 2012-05-11 23:40:41
-----------------------------
23:40:41.933    OS Version: Windows 6.0.6000 
23:40:41.933    Number of processors: 4 586 0xF0B
23:40:41.938    ComputerName: MATZE-PC  UserName: Matze
23:40:42.424    Initialize success
23:44:40.216    AVAST engine defs: 12051101
23:45:17.468    Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\Ide\IdeDeviceP0T1L0-1
23:45:17.471    Disk 0 Vendor: WDC_WD5000AAKS-07YGA0 12.01C02 Size: 476940MB BusType: 3
23:45:17.599    Disk 0 MBR read successfully
23:45:17.601    Disk 0 MBR scan
23:45:17.612    Disk 0 Windows VISTA default MBR code
23:45:17.652    Disk 0 Partition 1 00     27 Hidden NTFS WinRE NTFS        12000 MB offset 2048
23:45:17.668    Disk 0 Partition 2 80 (A) 07    HPFS/NTFS NTFS       160627 MB offset 24578048
23:45:17.714    Disk 0 Partition 3 00     07    HPFS/NTFS NTFS       150000 MB offset 353542144
23:45:17.735    Disk 0 Partition 4 00     07    HPFS/NTFS NTFS       154311 MB offset 660742144
23:45:17.788    Disk 0 scanning sectors +976771072
23:45:18.056    Disk 0 scanning C:\Windows\system32\drivers
23:45:42.190    Service scanning
23:45:59.321    Modules scanning
23:46:05.447    Disk 0 trace - called modules:
23:46:05.465    ntoskrnl.exe CLASSPNP.SYS disk.sys acpi.sys hal.dll >>UNKNOWN [0x864e5090]<<
23:46:05.469    1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0x864e2ad8]
23:46:05.473    3 ntoskrnl.exe[838a80af] -> nt!IofCallDriver -> [0x85a81860]
23:46:05.477    5 acpi.sys[8047f32a] -> nt!IofCallDriver -> \Device\Ide\IdeDeviceP0T1L0-1[0x85a84730]
23:46:05.481    \Driver\atapi[0x864c7030] -> IRP_MJ_INTERNAL_DEVICE_CONTROL -> 0x864e5090
23:46:06.269    AVAST engine scan C:\Windows
23:46:09.553    AVAST engine scan C:\Windows\system32
23:49:32.151    AVAST engine scan C:\Windows\system32\drivers
23:49:43.339    AVAST engine scan C:\Users\Matze
23:51:37.631    AVAST engine scan C:\ProgramData
23:52:27.677    Scan finished successfully
23:52:48.073    Disk 0 MBR has been saved successfully to "C:\Users\Matze\Desktop\MBR.dat"
23:52:48.077    The log file has been saved successfully to "C:\Users\Matze\Desktop\aswMBR.txt"

Danke und Gruß
Matjes

11.05.2012, 22:46	#14
cosinus /// Winkelfunktion /// TB-Süch-Tiger™	Mein GMX-Account verschickt Spammails aswMBR kommt noch? __________________ Logfiles bitte immer in CODE-Tags posten

Mein GMX-Account verschickt Spammails

Log-Analyse und Auswertung: Mein GMX-Account verschickt Spammails