Blue Screen, dann später Virenmeld. v. Antivir (Phish/Paypal.TN; EXP/2008-5353.CN; JAVA/Dldr.Lamar)

cosinus · 19.07.2012, 22:01

Hätte da mal zwei Fragen bevor es weiter geht

1.) Geht der normale Modus von Windows (wieder) uneingeschränkt?
2.) Vermisst du irgendwas im Startmenü? Sind da leere Ordner unter alle Programme oder ist alles vorhanden?

Suggasweet · 19.07.2012, 23:36

Also der normale Modus ging die ganze Zeit eigentlich uneingeschränkt!
Jedoch sind leere Ordner unter "alle Programme" --> Amazon, Autostart u. Fritz Box.
Aber offensichtlich vermisse ich nix im Startmenü.

cosinus · 20.07.2012, 14:15

Mach bitte ein neues OTL-Log. Bitte alles nach Möglichkeit hier in CODE-Tags posten.

Wird so gemacht:

[code] hier steht das Log [/code]

Und das ganze sieht dann so aus:

Code:

ATTFilter

 hier steht das Log

CustomScan mit OTL

Lade Dir bitte OTL von Oldtimer herunter und speichere es auf Deinem Desktop. Falls schon vorhanden, bitte die ältere vorhandene Datei durch die neu heruntergeladene Datei ersetzen, damit du auch wirklich mit einer aktuellen Version von OTL arbeitest.

Starte bitte die OTL.exe.
Vista und Win7 User mit Rechtsklick "als Administrator starten"
Setze oben mittig den Haken bei Scanne alle Benutzer
Kopiere nun den kompletten Inhalt aus der untenstehenden Codebox in die Textbox von OTL - wenn OTL auf deutsch ist wird sie mit beschriftet

Code:

ATTFilter

netsvcs
msconfig
safebootminimal
safebootnetwork
activex
drivers32
%ALLUSERSPROFILE%\Application Data\*.
%ALLUSERSPROFILE%\Application Data\*.exe /s
%APPDATA%\*.
%APPDATA%\*.exe /s
%SYSTEMDRIVE%\*.exe
/md5start
wininit.exe
userinit.exe
eventlog.dll
scecli.dll
netlogon.dll
cngaudit.dll
ws2ifsl.sys
sceclt.dll
ntelogon.dll
winlogon.exe
logevent.dll
user32.DLL
iaStor.sys
nvstor.sys
atapi.sys
IdeChnDr.sys
viasraid.sys
AGP440.sys
vaxscsi.sys
nvatabus.sys
viamraid.sys
nvata.sys
nvgts.sys
iastorv.sys
ViPrt.sys
eNetHook.dll
ahcix86.sys
KR10N.sys
nvstor32.sys
ahcix86s.sys
/md5stop
%systemroot%\system32\drivers\*.sys /lockedfiles
%systemroot%\System32\config\*.sav
%systemroot%\*. /mp /s
%systemroot%\system32\*.dll /lockedfiles
CREATERESTOREPOINT

Schliesse bitte nun alle Programme. (Wichtig)
Klicke nun bitte auf den Quick Scan Button.
Klick auf .
Kopiere nun den Inhalt aus OTL.txt hier in Deinen Thread

Suggasweet · 20.07.2012, 17:02

hier nun die OTL text-datei.

Code:

ATTFilter

OTL logfile created on: 20.07.2012 17:42:48 - Run 5
OTL by OldTimer - Version 3.2.54.0     Folder = C:\Users\Sugga\Desktop
Windows Vista Home Premium Edition Service Pack 2 (Version = 6.0.6002) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.19272)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
 
2,99 Gb Total Physical Memory | 2,00 Gb Available Physical Memory | 66,91% Memory free
6,19 Gb Paging File | 5,21 Gb Available in Paging File | 84,18% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 94,16 Gb Total Space | 42,77 Gb Free Space | 45,43% Space Free | Partition Type: NTFS
Drive D: | 195,14 Gb Total Space | 126,62 Gb Free Space | 64,88% Space Free | Partition Type: NTFS
 
Computer Name: ANJAS-PC | User Name: Sugga | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users | Quick Scan
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days
 
========== Processes (SafeList) ==========
 
PRC - C:\Users\Sugga\Desktop\OTL(1).exe (OldTimer Tools)
PRC - C:\Programme\Avira\AntiVir Desktop\avgnt.exe (Avira Operations GmbH & Co. KG)
PRC - C:\Programme\Avira\AntiVir Desktop\avguard.exe (Avira Operations GmbH & Co. KG)
PRC - C:\Programme\Avira\AntiVir Desktop\sched.exe (Avira Operations GmbH & Co. KG)
PRC - C:\Programme\Avira\AntiVir Desktop\avshadow.exe (Avira Operations GmbH & Co. KG)
PRC - C:\Programme\SUPERAntiSpyware\SASCore.exe (SUPERAntiSpyware.com)
PRC - C:\Programme\DivX\DivX Update\DivXUpdate.exe ()
PRC - C:\Programme\Common Files\Adobe\ARM\1.0\armsvc.exe (Adobe Systems Incorporated)
PRC - C:\Programme\Microsoft SQL Server\90\Shared\sqlwriter.exe (Microsoft Corporation)
PRC - C:\Programme\Microsoft SQL Server\90\Shared\sqlbrowser.exe (Microsoft Corporation)
PRC - C:\Windows\System32\FsUsbExService.Exe (Teruten)
PRC - C:\Windows\explorer.exe (Microsoft Corporation)
PRC - C:\Programme\Fujitsu\SystemDiagnostics\OnlineDiagnostic\TestManager\TestHandler.exe (Fujitsu Technology Solutions)
PRC - C:\Windows\RtHDVCpl.exe (Realtek Semiconductor)
PRC - C:\Programme\OEM\OSD_1.16\OsdService.exe (TODO: <公司名稱>)
PRC - C:\Programme\Windows Media Player\wmpnetwk.exe (Microsoft Corporation)
PRC - C:\Programme\Windows Media Player\wmpnscfg.exe (Microsoft Corporation)
PRC - C:\Programme\Microsoft Small Business\Business Contact Manager\BcmSqlStartupSvc.exe (Microsoft Corporation)
PRC - C:\Programme\Common Files\aol\acs\AOLacsd.exe (AOL LLC)
PRC - C:\Programme\Common Files\aol\1246636931\ee\aolsoftware.exe (America Online, Inc.)
 
 
========== Modules (No Company Name) ==========
 
MOD - C:\Programme\DivX\DivX Update\DivXUpdateCheck.dll ()
MOD - C:\Programme\DivX\DivX Update\DivXUpdate.exe ()
 
 
========== Win32 Services (SafeList) ==========
 
SRV - (MozillaMaintenance) -- C:\Programme\Mozilla Maintenance Service\maintenanceservice.exe (Mozilla Foundation)
SRV - (AdobeFlashPlayerUpdateSvc) -- C:\Windows\System32\Macromed\Flash\FlashPlayerUpdateService.exe (Adobe Systems Incorporated)
SRV - (AntiVirService) -- C:\Programme\Avira\AntiVir Desktop\avguard.exe (Avira Operations GmbH & Co. KG)
SRV - (AntiVirSchedulerService) -- C:\Programme\Avira\AntiVir Desktop\sched.exe (Avira Operations GmbH & Co. KG)
SRV - (!SASCORE) -- C:\Programme\SUPERAntiSpyware\SASCore.exe (SUPERAntiSpyware.com)
SRV - (AdobeARMservice) -- C:\Programme\Common Files\Adobe\ARM\1.0\armsvc.exe (Adobe Systems Incorporated)
SRV - (SQLWriter) -- C:\Programme\Microsoft SQL Server\90\Shared\sqlwriter.exe (Microsoft Corporation)
SRV - (MSSQL$MSSMLBIZ) SQL Server (MSSMLBIZ) -- C:\Programme\Microsoft SQL Server\MSSQL.1\MSSQL\Binn\sqlservr.exe (Microsoft Corporation)
SRV - (SQLBrowser) -- C:\Programme\Microsoft SQL Server\90\Shared\sqlbrowser.exe (Microsoft Corporation)
SRV - (MSSQLServerADHelper) -- C:\Programme\Microsoft SQL Server\90\Shared\sqladhlp90.exe (Microsoft Corporation)
SRV - (FsUsbExService) -- C:\Windows\System32\FsUsbExService.Exe (Teruten)
SRV - (ose) -- C:\Programme\Common Files\microsoft shared\Source Engine\OSE.EXE (Microsoft Corporation)
SRV - (TestHandler) -- C:\Programme\Fujitsu\SystemDiagnostics\OnlineDiagnostic\TestManager\TestHandler.exe (Fujitsu Technology Solutions)
SRV - (OsdService) -- C:\Programme\OEM\OSD_1.16\OsdService.exe (TODO: <公司名稱>)
SRV - (WMPNetworkSvc) -- C:\Programme\Windows Media Player\wmpnetwk.exe (Microsoft Corporation)
SRV - (WinDefend) -- C:\Programme\Windows Defender\MpSvc.dll (Microsoft Corporation)
SRV - (BcmSqlStartupSvc) -- C:\Programme\Microsoft Small Business\Business Contact Manager\BcmSqlStartupSvc.exe (Microsoft Corporation)
SRV - (AOL ACS) -- C:\Programme\Common Files\aol\acs\AOLacsd.exe (AOL LLC)
 
 
========== Driver Services (SafeList) ==========
 
DRV - (WDC_SAM) -- system32\DRIVERS\wdcsam.sys File not found
DRV - (NwlnkFwd) -- system32\DRIVERS\nwlnkfwd.sys File not found
DRV - (NwlnkFlt) -- system32\DRIVERS\nwlnkflt.sys File not found
DRV - (IpInIp) -- system32\DRIVERS\ipinip.sys File not found
DRV - (GpdKbFilter) -- C:\Windows\system32\kbfiltr.sys File not found
DRV - (GpdDevDPort) -- C:\Windows\system32\directport.sys File not found
DRV - (catchme) -- C:\ComboFix\catchme.sys File not found
DRV - (avipbb) -- C:\Windows\System32\drivers\avipbb.sys (Avira GmbH)
DRV - (avgntflt) -- C:\Windows\System32\drivers\avgntflt.sys (Avira GmbH)
DRV - (avkmgr) -- C:\Windows\System32\drivers\avkmgr.sys (Avira GmbH)
DRV - (SASDIFSV) -- C:\Programme\SUPERAntiSpyware\sasdifsv.sys (SUPERAdBlocker.com and SUPERAntiSpyware.com)
DRV - (SASKUTIL) -- C:\Programme\SUPERAntiSpyware\SASKUTIL.SYS (SUPERAdBlocker.com and SUPERAntiSpyware.com)
DRV - (dgderdrv) -- C:\Windows\System32\drivers\dgderdrv.sys (Devguru Co., Ltd)
DRV - (ssadmdm) -- C:\Windows\System32\drivers\ssadmdm.sys (MCCI Corporation)
DRV - (ssadbus) SAMSUNG Android USB Composite Device driver (WDM) -- C:\Windows\System32\drivers\ssadbus.sys (MCCI Corporation)
DRV - (ssadmdfl) SAMSUNG Android USB Modem (Filter) -- C:\Windows\System32\drivers\ssadmdfl.sys (MCCI Corporation)
DRV - (sscdmdm) -- C:\Windows\System32\drivers\sscdmdm.sys (MCCI Corporation)
DRV - (sscdbus) SAMSUNG USB Composite Device driver (WDM) -- C:\Windows\System32\drivers\sscdbus.sys (MCCI Corporation)
DRV - (sscdmdfl) -- C:\Windows\System32\drivers\sscdmdfl.sys (MCCI Corporation)
DRV - (ewusbnet) -- C:\Windows\System32\drivers\ewusbnet.sys (Huawei Technologies Co., Ltd.)
DRV - (hwdatacard) -- C:\Windows\System32\drivers\ewusbmdm.sys (Huawei Technologies Co., Ltd.)
DRV - (huawei_enumerator) -- C:\Windows\System32\drivers\ew_jubusenum.sys (Huawei Technologies Co., Ltd.)
DRV - (ew_hwusbdev) -- C:\Windows\System32\drivers\ew_hwusbdev.sys (Huawei Technologies Co., Ltd.)
DRV - (RTL8169) -- C:\Windows\System32\drivers\Rtlh86.sys (Realtek                                            )
DRV - (ssmdrv) -- C:\Windows\System32\drivers\ssmdrv.sys (Avira GmbH)
DRV - (FsUsbExDisk) -- C:\Windows\System32\FsUsbExDisk.Sys ()
DRV - (nvlddmkm) -- C:\Windows\System32\drivers\nvlddmkm.sys (NVIDIA Corporation)
DRV - (NETw5v32) Intel(R) -- C:\Windows\System32\drivers\NETw5v32.sys (Intel Corporation)
DRV - (ahcix86s) -- C:\Windows\System32\drivers\ahcix86s.sys (AMD Technologies Inc.)
DRV - (JRAID) -- C:\Windows\System32\drivers\jraid.sys (JMicron Technology Corp.)
DRV - (wanatw) WAN Miniport (ATW) -- C:\Windows\System32\drivers\wanatw4.sys (America Online, Inc.)
DRV - (AVMUNET) -- C:\Windows\System32\drivers\avmunet.sys (AVM GmbH)
 
 
========== Standard Registry (SafeList) ==========
 
 
========== Internet Explorer ==========
 
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.google.com/ig/redirectdomain?brand=FUJD&bmod=FUJD
IE - HKLM\..\SearchScopes,DefaultScope = {67A2568C-7A0A-4EED-AECC-B5405DE63B64}
IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://search.live.com/results.aspx?q={searchTerms}&src={referrer:source?}
IE - HKLM\..\SearchScopes\{67A2568C-7A0A-4EED-AECC-B5405DE63B64}: "URL" = hxxp://www.google.com/search?q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&sourceid=ie7&rlz=1I7FUJC
 
 
IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
 
IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
 
 
 
IE - HKU\S-1-5-21-2894495787-1388115591-2515416557-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.google.com
IE - HKU\S-1-5-21-2894495787-1388115591-2515416557-1000\SOFTWARE\Microsoft\Internet Explorer\Main,StartPageCache = 1
IE - HKU\S-1-5-21-2894495787-1388115591-2515416557-1000\..\SearchScopes,DefaultScope = {443789B7-F39C-4b5c-9287-DA72D38F4FE6}
IE - HKU\S-1-5-21-2894495787-1388115591-2515416557-1000\..\SearchScopes\{03B4A44F-29EA-4801-845E-0AFF2214F452}: "URL" = hxxp://de.search.yahoo.com/search?fr=chr-greentree_ie&ei=utf-8&type=827316&p={searchTerms}
IE - HKU\S-1-5-21-2894495787-1388115591-2515416557-1000\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&src=IE-SearchBox&FORM=IE8SRC
IE - HKU\S-1-5-21-2894495787-1388115591-2515416557-1000\..\SearchScopes\{443789B7-F39C-4b5c-9287-DA72D38F4FE6}: "URL" = hxxp://suche.aol.de/suche/web/search.jsp?q={searchTerms}
IE - HKU\S-1-5-21-2894495787-1388115591-2515416557-1000\..\SearchScopes\{67A2568C-7A0A-4EED-AECC-B5405DE63B64}: "URL" = hxxp://www.google.com/search?q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&sourceid=ie7&rlz=1I7FUJC
IE - HKU\S-1-5-21-2894495787-1388115591-2515416557-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKU\S-1-5-21-2894495787-1388115591-2515416557-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local
 
========== FireFox ==========
 
FF - prefs.js..browser.startup.homepage: "hxxp://www.google.de/ig"
FF - user.js - File not found
 
FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF32_11_3_300_265.dll ()
FF - HKLM\Software\MozillaPlugins\@divx.com/DivX Browser Plugin,version=1.0.0: C:\Program Files\DivX\DivX Plus Web Player\npdivx32.dll (DivX, LLC)
FF - HKLM\Software\MozillaPlugins\@divx.com/DivX Player Plugin,version=1.0.0: C:\Program Files\DivX\DivX Player\npDivxPlayerPlugin.dll File not found
FF - HKLM\Software\MozillaPlugins\@divx.com/DivX VOD Helper,version=1.0.0: C:\Program Files\DivX\DivX OVS Helper\npovshelper.dll (DivX, LLC.)
FF - HKLM\Software\MozillaPlugins\@google.com/npPicasa3,version=3.0.0: C:\Program Files\Picasa2\npPicasa3.dll (Google, Inc.)
FF - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=10.5.1: C:\Windows\system32\npDeployJava1.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin,version=10.5.1: C:\Program Files\Oracle\JavaFX 2.1 Runtime\bin\plugin2\npjp2.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: C:\Program Files\Microsoft Silverlight\5.1.10411.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=14.0.8117.0416: C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WPF,version=3.5: C:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files\Google\Update\1.3.21.115\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files\Google\Update\1.3.21.115\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF - HKCU\Software\MozillaPlugins\@facebook.com/FBPlugin,version=1.0.3: C:\Users\Sugga\AppData\Roaming\Facebook\npfbplugin_1_0_3.dll ( )
FF - HKCU\Software\MozillaPlugins\@movenetworks.com/Quantum Media Player:  File not found
 
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{23fcfd51-4958-4f00-80a3-ae97e717ed8b}: C:\Program Files\DivX\DivX Plus Web Player\firefox\DivXHTML5 [2011.12.18 00:41:06 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 14.0.1\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2012.07.19 01:41:27 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 14.0.1\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2012.05.17 14:58:23 | 000,000,000 | ---D | M]
FF - HKEY_CURRENT_USER\software\mozilla\Mozilla Firefox 14.0.1\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2012.07.19 01:41:27 | 000,000,000 | ---D | M]
FF - HKEY_CURRENT_USER\software\mozilla\Mozilla Firefox 14.0.1\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2012.05.17 14:58:23 | 000,000,000 | ---D | M]
 
[2009.07.03 22:47:28 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Sugga\AppData\Roaming\mozilla\Extensions
[2012.06.19 01:10:24 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Sugga\AppData\Roaming\mozilla\Firefox\Profiles\hy2o7129.default\extensions
[2010.04.27 00:54:38 | 000,000,000 | ---D | M] (Microsoft .NET Framework Assistant) -- C:\Users\Sugga\AppData\Roaming\mozilla\Firefox\Profiles\hy2o7129.default\extensions\{20a82645-c095-46ed-80e3-08825760534b}
[2012.03.17 00:43:00 | 000,000,000 | ---D | M] (No name found) -- C:\Programme\Mozilla Firefox\extensions
[2012.07.19 01:41:26 | 000,136,672 | ---- | M] (Mozilla Foundation) -- C:\Program Files\mozilla firefox\components\browsercomps.dll
[2012.06.18 00:04:37 | 000,001,392 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\amazondotcom-de.xml
[2012.06.18 00:04:37 | 000,002,252 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\bing.xml
[2012.05.22 20:36:41 | 000,002,127 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\blekkotb.xml
[2012.06.18 00:04:37 | 000,001,153 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\eBay-de.xml
[2012.06.18 00:04:37 | 000,006,805 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\leo_ende_de.xml
[2012.06.18 00:04:37 | 000,001,178 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\wikipedia-de.xml
[2012.06.18 00:04:37 | 000,001,105 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\yahoo-de.xml
 
O1 HOSTS File: ([2011.10.15 14:19:40 | 000,000,027 | ---- | M]) - C:\Windows\System32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1       localhost
O2 - BHO: (DivX Plus Web Player HTML5 <video>) - {326E768D-4182-46FD-9C16-1449A49795F4} - C:\Programme\DivX\DivX Plus Web Player\ie\DivXHTML5\DivXHTML5.dll (DivX, LLC)
O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - No CLSID value found.
O2 - BHO: (Java(tm) Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Programme\Oracle\JavaFX 2.1 Runtime\bin\ssv.dll (Oracle Corporation)
O2 - BHO: (AOL Toolbar Launcher) - {7C554162-8CB7-45A4-B8F4-8EA1C75885F9} - C:\Programme\AOL\AOL Toolbar 4.0\aoltb.dll (AOL LLC)
O2 - BHO: (Windows Live Anmelde-Hilfsprogramm) - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Programme\Common Files\microsoft shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corporation)
O2 - BHO: (Java(tm) Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Programme\Oracle\JavaFX 2.1 Runtime\bin\jp2ssv.dll (Oracle Corporation)
O3 - HKLM\..\Toolbar: (AOL Toolbar) - {DE9C389F-3316-41A7-809B-AA305ED9D922} - C:\Programme\AOL\AOL Toolbar 4.0\aoltb.dll (AOL LLC)
O3 - HKU\S-1-5-21-2894495787-1388115591-2515416557-1000\..\Toolbar\WebBrowser: (AOL Toolbar) - {DE9C389F-3316-41A7-809B-AA305ED9D922} - C:\Programme\AOL\AOL Toolbar 4.0\aoltb.dll (AOL LLC)
O4 - HKLM..\Run: [APSDaemon] C:\Program Files\Common Files\Apple\Apple Application Support\APSDaemon.exe (Apple Inc.)
O4 - HKLM..\Run: [avgnt] C:\Program Files\Avira\AntiVir Desktop\avgnt.exe (Avira Operations GmbH & Co. KG)
O4 - HKLM..\Run: [DivXUpdate] C:\Program Files\DivX\DivX Update\DivXUpdate.exe ()
O4 - HKLM..\Run: [FSCRecovery] c:\Programme\Fujitsu Siemens Computers\Fujitsu Siemens Computers Recovery\FSCRecoveryReminder.exe (Fujitsu Siemens Computers GmbH)
O4 - HKLM..\Run: [Google EULA Launcher] c:\Program Files\Google\Google EULA\GoogleEULALauncher.exe ( )
O4 - HKLM..\Run: [HostManager] C:\Programme\Common Files\aol\1246636931\ee\aolsoftware.exe (America Online, Inc.)
O4 - HKLM..\Run: [NvCplDaemon] C:\Windows\System32\NvCpl.dll (NVIDIA Corporation)
O4 - HKLM..\Run: [OSD] C:\Programme\OEM\OSD_1.16\osd.exe (ODM)
O4 - HKLM..\Run: [RtHDVCpl] C:\Windows\RtHDVCpl.exe (Realtek Semiconductor)
O4 - HKU\.DEFAULT..\Run: [Picasa Media Detector] C:\Programme\Picasa2\PicasaMediaDetector.exe (Google Inc.)
O4 - HKU\S-1-5-18..\Run: [Picasa Media Detector] C:\Programme\Picasa2\PicasaMediaDetector.exe (Google Inc.)
O4 - HKU\S-1-5-21-2894495787-1388115591-2515416557-1000..\Run: [WMPNSCFG] C:\Programme\Windows Media Player\wmpnscfg.exe (Microsoft Corporation)
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O7 - HKU\.DEFAULT\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-18\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-19\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-20\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-21-2894495787-1388115591-2515416557-1000\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-21-2894495787-1388115591-2515416557-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O8 - Extra context menu item: &AOL Toolbar-Suche - c:\Programme\AOL\AOL Toolbar 4.0\resources\de-DE\local\search.html ()
O8 - Extra context menu item: Add to Google Photos Screensa&ver - C:\Windows\System32\GPhotos.scr (Google Inc.)
O8 - Extra context menu item: Nach Microsoft E&xel exportieren - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000 File not found
O9 - Extra Button: AOL Toolbar - {3369AF0D-62E9-4bda-8103-B4C75499B578} - C:\Programme\AOL\AOL Toolbar 4.0\aoltb.dll (AOL LLC)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000005 [] - C:\Programme\Bonjour\mdnsNSP.dll (Apple Inc.)
O15 - HKU\S-1-5-21-2894495787-1388115591-2515416557-1000\..Trusted Domains: aol.com ([objects] * is out of zone range -  5)
O15 - HKU\S-1-5-21-2894495787-1388115591-2515416557-1000\..Trusted Domains: fritz.box ([]* in Lokales Intranet)
O15 - HKU\S-1-5-21-2894495787-1388115591-2515416557-1000\..Trusted Ranges: GD ([http] in Lokales Intranet)
O15 - HKU\S-1-5-21-2894495787-1388115591-2515416557-1000\..Trusted Ranges: Range1 ([*] in Lokales Intranet)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.7.0/jinstall-1_7_0_04-windows-i586.cab (Java Plug-in 10.5.1)
O16 - DPF: {CAFEEFAC-0017-0000-0004-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.7.0/jinstall-1_7_0_04-windows-i586.cab (Java Plug-in 1.7.0_04)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.7.0/jinstall-1_7_0_04-windows-i586.cab (Java Plug-in 10.5.1)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{25494A71-ECE2-4DEC-9DDD-52D4C30A46BE}: DhcpNameServer = 193.189.244.225 193.189.244.206
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{2CEB6010-890D-4838-8BA4-852E2646EED0}: DhcpNameServer = 192.168.178.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{4EA66961-9A7D-4AEB-995A-AE32E8BB284E}: DhcpNameServer = 192.168.178.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{9AF78774-AD19-485D-A6F3-12F1F82499A9}: DhcpNameServer = 192.168.1.1
O18 - Protocol\Handler\livecall {828030A1-22C1-4009-854F-8E305202313F} - C:\Programme\Windows Live\Messenger\msgrapp.14.0.8117.0416.dll (Microsoft Corporation)
O18 - Protocol\Handler\ms-itss {0A9007C0-4076-11D3-8789-0000F8105754} - c:\Programme\Common Files\microsoft shared\Information Retrieval\msitss.dll (Microsoft Corporation)
O18 - Protocol\Handler\msnim {828030A1-22C1-4009-854F-8E305202313F} - C:\Programme\Windows Live\Messenger\msgrapp.14.0.8117.0416.dll (Microsoft Corporation)
O18 - Protocol\Handler\mso-offdap11 {32505114-5902-49B2-880A-1F7738E5A384} - C:\Programme\Common Files\microsoft shared\Web Components\11\OWC11.DLL (Microsoft Corporation)
O20 - AppInit_DLLs: (C:\PROGRA~1\Google\GOOGLE~2\GOEC62~1.DLL) - C:\Programme\Google\Google Desktop Search\GoogleDesktopNetwork3.dll (Google)
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\System32\userinit.exe (Microsoft Corporation)
O20 - Winlogon\Notify\!SASWinLogon: DllName - (C:\Program Files\SUPERAntiSpyware\SASWINLO.DLL) - C:\Programme\SUPERAntiSpyware\SASWINLO.DLL (SUPERAntiSpyware.com)
O24 - Desktop WallPaper: C:\Users\Sugga\AppData\Roaming\Microsoft\Windows Photo Gallery\Hintergrundbild der Windows-Fotogalerie.jpg
O24 - Desktop BackupWallPaper: C:\Users\Sugga\AppData\Roaming\Microsoft\Windows Photo Gallery\Hintergrundbild der Windows-Fotogalerie.jpg
O28 - HKLM ShellExecuteHooks: {5AE067D3-9AFB-48E0-853A-EBB7F4A000DA} - C:\Programme\SUPERAntiSpyware\SASSEH.DLL (SuperAdBlocker.com)
O32 - HKLM CDRom: AutoRun - 1
O34 - HKLM BootExecute: (autocheck autochk *)
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O37 - HKU\S-1-5-21-2894495787-1388115591-2515416557-1000\...com [@ = ComFile] -- Reg Error: Key error. File not found
O37 - HKU\S-1-5-21-2894495787-1388115591-2515416557-1000\...exe [@ = exefile] -- Reg Error: Key error. File not found
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)
 
NetSvcs: FastUserSwitchingCompatibility -  File not found
NetSvcs: Ias - C:\Windows\System32\ias.dll (Microsoft Corporation)
NetSvcs: Nla -  File not found
NetSvcs: Ntmssvc -  File not found
NetSvcs: NWCWorkstation -  File not found
NetSvcs: Nwsapagent -  File not found
NetSvcs: SRService -  File not found
NetSvcs: WmdmPmSp -  File not found
NetSvcs: LogonHours -  File not found
NetSvcs: PCAudit -  File not found
NetSvcs: helpsvc -  File not found
NetSvcs: uploadmgr -  File not found
 
MsConfig - StartUpReg: KiesHelper - hkey= - key= - C:\Program Files\Samsung\Kies\KiesHelper.exe (Samsung)
MsConfig - StartUpReg: KiesTrayAgent - hkey= - key= - C:\Programme\Samsung\Kies\KiesTrayAgent.exe (Samsung Electronics Co., Ltd.)
 
SafeBootMin: !SASCORE - C:\Programme\SUPERAntiSpyware\SASCore.exe (SUPERAntiSpyware.com)
SafeBootMin: AppMgmt - %SystemRoot%\System32\appmgmts.dll File not found
SafeBootMin: Base - Driver Group
SafeBootMin: Boot Bus Extender - Driver Group
SafeBootMin: Boot file system - Driver Group
SafeBootMin: File system - Driver Group
SafeBootMin: Filter - Driver Group
SafeBootMin: HelpSvc - Service
SafeBootMin: NTDS -  File not found
SafeBootMin: PCI Configuration - Driver Group
SafeBootMin: PNP Filter - Driver Group
SafeBootMin: Primary disk - Driver Group
SafeBootMin: sacsvr - Service
SafeBootMin: SCSI Class - Driver Group
SafeBootMin: System Bus Extender - Driver Group
SafeBootMin: WinDefend - C:\Programme\Windows Defender\MpSvc.dll (Microsoft Corporation)
SafeBootMin: {36FC9E60-C465-11CF-8056-444553540000} - Universal Serial Bus controllers
SafeBootMin: {4D36E965-E325-11CE-BFC1-08002BE10318} - CD-ROM Drive
SafeBootMin: {4D36E967-E325-11CE-BFC1-08002BE10318} - DiskDrive
SafeBootMin: {4D36E969-E325-11CE-BFC1-08002BE10318} - Standard floppy disk controller
SafeBootMin: {4D36E96A-E325-11CE-BFC1-08002BE10318} - Hdc
SafeBootMin: {4D36E96B-E325-11CE-BFC1-08002BE10318} - Keyboard
SafeBootMin: {4D36E96F-E325-11CE-BFC1-08002BE10318} - Mouse
SafeBootMin: {4D36E977-E325-11CE-BFC1-08002BE10318} - PCMCIA Adapters
SafeBootMin: {4D36E97B-E325-11CE-BFC1-08002BE10318} - SCSIAdapter
SafeBootMin: {4D36E97D-E325-11CE-BFC1-08002BE10318} - System
SafeBootMin: {4D36E980-E325-11CE-BFC1-08002BE10318} - Floppy disk drive
SafeBootMin: {533C5B84-EC70-11D2-9505-00C04F79DEAF} - Volume shadow copy
SafeBootMin: {6BDD1FC1-810F-11D0-BEC7-08002BE2092F} - IEEE 1394 Bus host controllers
SafeBootMin: {71A27CDD-812A-11D0-BEC7-08002BE2092F} - Volume
SafeBootMin: {745A17A0-74D3-11D0-B6FE-00A0C90F57DA} - Human Interface Devices
SafeBootMin: {D48179BE-EC20-11D1-B6B8-00C04FA372A7} - SBP2 IEEE 1394 Devices
SafeBootMin: {D94EE5D8-D189-4994-83D2-F68D7D41B0E6} - SecurityDevices
 
SafeBootNet: !SASCORE - C:\Programme\SUPERAntiSpyware\SASCore.exe (SUPERAntiSpyware.com)
SafeBootNet: AppMgmt - %SystemRoot%\System32\appmgmts.dll File not found
SafeBootNet: Base - Driver Group
SafeBootNet: Boot Bus Extender - Driver Group
SafeBootNet: Boot file system - Driver Group
SafeBootNet: File system - Driver Group
SafeBootNet: Filter - Driver Group
SafeBootNet: HelpSvc - Service
SafeBootNet: Messenger - Service
SafeBootNet: NDIS Wrapper - Driver Group
SafeBootNet: NetBIOSGroup - Driver Group
SafeBootNet: NetDDEGroup - Driver Group
SafeBootNet: Network - Driver Group
SafeBootNet: NetworkProvider - Driver Group
SafeBootNet: NTDS -  File not found
SafeBootNet: PCI Configuration - Driver Group
SafeBootNet: PNP Filter - Driver Group
SafeBootNet: PNP_TDI - Driver Group
SafeBootNet: Primary disk - Driver Group
SafeBootNet: rdsessmgr - Service
SafeBootNet: sacsvr - Service
SafeBootNet: SCSI Class - Driver Group
SafeBootNet: Streams Drivers - Driver Group
SafeBootNet: System Bus Extender - Driver Group
SafeBootNet: TDI - Driver Group
SafeBootNet: WinDefend - C:\Programme\Windows Defender\MpSvc.dll (Microsoft Corporation)
SafeBootNet: WudfPf - Driver
SafeBootNet: WudfUsbccidDriver - Driver
SafeBootNet: {36FC9E60-C465-11CF-8056-444553540000} - Universal Serial Bus controllers
SafeBootNet: {4D36E965-E325-11CE-BFC1-08002BE10318} - CD-ROM Drive
SafeBootNet: {4D36E967-E325-11CE-BFC1-08002BE10318} - DiskDrive
SafeBootNet: {4D36E969-E325-11CE-BFC1-08002BE10318} - Standard floppy disk controller
SafeBootNet: {4D36E96A-E325-11CE-BFC1-08002BE10318} - Hdc
SafeBootNet: {4D36E96B-E325-11CE-BFC1-08002BE10318} - Keyboard
SafeBootNet: {4D36E96F-E325-11CE-BFC1-08002BE10318} - Mouse
SafeBootNet: {4D36E972-E325-11CE-BFC1-08002BE10318} - Net
SafeBootNet: {4D36E973-E325-11CE-BFC1-08002BE10318} - NetClient
SafeBootNet: {4D36E974-E325-11CE-BFC1-08002BE10318} - NetService
SafeBootNet: {4D36E975-E325-11CE-BFC1-08002BE10318} - NetTrans
SafeBootNet: {4D36E977-E325-11CE-BFC1-08002BE10318} - PCMCIA Adapters
SafeBootNet: {4D36E97B-E325-11CE-BFC1-08002BE10318} - SCSIAdapter
SafeBootNet: {4D36E97D-E325-11CE-BFC1-08002BE10318} - System
SafeBootNet: {4D36E980-E325-11CE-BFC1-08002BE10318} - Floppy disk drive
SafeBootNet: {50DD5230-BA8A-11D1-BF5D-0000F805F530} - Smart card readers
SafeBootNet: {533C5B84-EC70-11D2-9505-00C04F79DEAF} - Volume shadow copy
SafeBootNet: {6BDD1FC1-810F-11D0-BEC7-08002BE2092F} - IEEE 1394 Bus host controllers
SafeBootNet: {71A27CDD-812A-11D0-BEC7-08002BE2092F} - Volume
SafeBootNet: {745A17A0-74D3-11D0-B6FE-00A0C90F57DA} - Human Interface Devices
SafeBootNet: {D48179BE-EC20-11D1-B6B8-00C04FA372A7} - SBP2 IEEE 1394 Devices
SafeBootNet: {D94EE5D8-D189-4994-83D2-F68D7D41B0E6} - SecurityDevices
 
ActiveX: {08B0E5C0-4FCB-11CF-AAA5-00401C608500} - Java (Sun)
ActiveX: {2179C5D3-EBFF-11CF-B6FD-00AA00B4E220} - 
ActiveX: {22d6f312-b0f6-11d0-94ab-0080c74c7e95} - Microsoft Windows Media Player 11.0
ActiveX: {25FFAAD0-F4A3-4164-95FF-4461E9F35D51} - .NET Framework
ActiveX: {2C7339CF-2B09-4501-B3F3-F3508C9228ED} - %SystemRoot%\system32\regsvr32.exe /s /n /i:/UserInstall %SystemRoot%\system32\themeui.dll
ActiveX: {3af36230-a269-11d1-b5bf-0000f8051515} - Offline Browsing Pack
ActiveX: {3C3901C5-3455-3E0A-A214-0B093A5070A6} - .NET Framework
ActiveX: {44BBA840-CC51-11CF-AAFA-00AA00B6015C} - "%ProgramFiles%\Windows Mail\WinMail.exe" OCInstallUserConfigOE
ActiveX: {44BBA848-CC51-11CF-AAFA-00AA00B6015C} - 
ActiveX: {44BBA855-CC51-11CF-AAFA-00AA00B6015F} - DirectDrawEx
ActiveX: {45ea75a0-a269-11d1-b5bf-0000f8051515} - Internet Explorer Help
ActiveX: {4f645220-306d-11d2-995d-00c04f98bbc9} - Microsoft Windows Script 5.8
ActiveX: {5fd399c0-a70a-11d1-9948-00c04f98bbc9} - Internet Explorer Setup Tools
ActiveX: {630b1da0-b465-11d1-9948-00c04f98bbc9} - Browsing Enhancements
ActiveX: {6BF52A52-394A-11d3-B153-00C04F79FAA6} - Microsoft Windows Media Player
ActiveX: {6fab99d0-bab8-11d1-994a-00c04f98bbc9} - MSN Site Access
ActiveX: {7790769C-0471-11d2-AF11-00C04FA35D02} - Address Book 7
ActiveX: {7C028AF8-F614-47B3-82DA-BA94E41B1089} - .NET Framework
ActiveX: {89820200-ECBD-11cf-8B85-00AA005B4340} - regsvr32.exe /s /n /i:U shell32.dll
ActiveX: {89820200-ECBD-11cf-8B85-00AA005B4383} - C:\Windows\system32\ie4uinit.exe -BaseSettings
ActiveX: {89B4C1CD-B018-4511-B0A1-5476DBF70820} - C:\Windows\system32\Rundll32.exe C:\Windows\system32\mscories.dll,Install
ActiveX: {9381D8F2-0288-11D0-9501-00AA00B911A5} - Dynamic HTML Data Binding
ActiveX: {C9E9A340-D1F1-11D0-821E-444553540600} - Internet Explorer Core Fonts
ActiveX: {CDD7975E-60F8-41d5-8149-19E51D6F71D0} - Windows Movie Maker v2.1
ActiveX: {D27CDB6E-AE6D-11CF-96B8-444553540000} - Adobe Flash Player
ActiveX: {de5aed00-a4bf-11d1-9948-00c04f98bbc9} - HTML Help
ActiveX: {E92B03AB-B707-11d2-9CBD-0000F87A369E} - Active Directory Service Interface
ActiveX: >{22d6f312-b0f6-11d0-94ab-0080c74c7e95} - C:\Windows\system32\unregmp2.exe /ShowWMP
ActiveX: >{26923b43-4d38-484f-9b9e-de460746276c} - C:\Windows\system32\ie4uinit.exe -UserIconConfig
ActiveX: >{60B49E34-C7CC-11D0-8953-00A0C90347FF} - "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\iedkcs32.dll",BrandIEActiveSetup SIGNUP
 
Drivers32: msacm.ac3acm - C:\Windows\System32\ac3acm.acm (fccHandler)
Drivers32: msacm.l3acm - C:\Windows\System32\l3codeca.acm (Fraunhofer Institut Integrierte Schaltungen IIS)
Drivers32: msacm.l3fhg - C:\Windows\System32\mp3fhg.acm (Fraunhofer Institut Integrierte Schaltungen IIS)
Drivers32: MSVideo8 - C:\Windows\System32\vfwwdm32.dll (Microsoft Corporation)
Drivers32: vidc.cvid - C:\Windows\System32\iccvid.dll (Radius Inc.)
Drivers32: vidc.DIVX - C:\Windows\System32\DivX.dll (DivX, Inc.)
Drivers32: VIDC.FFDS - C:\Windows\System32\ff_vfw.dll ()
Drivers32: VIDC.XVID - C:\Windows\System32\xvidvfw.dll ()
Drivers32: vidc.yv12 - C:\Windows\System32\DivX.dll (DivX, Inc.)
 
CREATERESTOREPOINT
Restore point Set: OTL Restore Point
 
========== Files/Folders - Created Within 30 Days ==========
 
[2012.07.20 17:41:01 | 000,596,480 | ---- | C] (OldTimer Tools) -- C:\Users\Sugga\Desktop\OTL(1).exe
[2012.07.18 19:35:29 | 000,000,000 | ---D | C] -- C:\Program Files\ESET
[2012.07.18 19:34:42 | 002,322,184 | ---- | C] (ESET) -- C:\Users\Sugga\Desktop\esetsmartinstaller_enu(3).exe
[2012.07.11 21:55:12 | 000,000,000 | ---D | C] -- C:\Users\Sugga\Desktop\Blue Screen 09.07.12
[2012.07.06 15:56:24 | 000,000,000 | ---D | C] -- C:\Program Files\Oracle
 
========== Files - Modified Within 30 Days ==========
 
[2012.07.20 17:41:02 | 000,596,480 | ---- | M] (OldTimer Tools) -- C:\Users\Sugga\Desktop\OTL(1).exe
[2012.07.20 17:02:00 | 000,000,884 | ---- | M] () -- C:\Windows\tasks\Adobe Flash Player Updater.job
[2012.07.20 16:53:00 | 000,001,096 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job
[2012.07.20 16:17:01 | 000,056,879 | ---- | M] () -- C:\ProgramData\nvModes.001
[2012.07.20 16:16:53 | 000,056,879 | ---- | M] () -- C:\ProgramData\nvModes.dat
[2012.07.20 16:16:48 | 000,001,092 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job
[2012.07.20 16:13:59 | 000,003,216 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0
[2012.07.20 16:13:59 | 000,003,216 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0
[2012.07.20 16:13:53 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2012.07.20 16:13:50 | 3215,613,952 | -HS- | M] () -- C:\hiberfil.sys
[2012.07.19 12:09:40 | 000,624,883 | ---- | M] () -- C:\Users\Sugga\Desktop\adwcleaner.exe
[2012.07.18 19:34:42 | 002,322,184 | ---- | M] (ESET) -- C:\Users\Sugga\Desktop\esetsmartinstaller_enu(3).exe
[2012.07.16 11:18:35 | 000,000,912 | ---- | M] () -- C:\Users\Public\Desktop\ Malwarebytes Anti-Malware .lnk
[2012.07.16 00:29:00 | 000,013,394 | ---- | M] () -- C:\Users\Sugga\Desktop\Std.abrechnung Marktbärbel 2011-2012.ods
[2012.07.11 10:53:20 | 000,399,184 | ---- | M] () -- C:\Windows\System32\FNTCACHE.DAT
[2012.07.11 00:32:56 | 000,000,000 | ---- | M] () -- C:\Users\Sugga\defogger_reenable
[2012.07.09 21:20:18 | 000,675,700 | ---- | M] () -- C:\Windows\System32\perfh007.dat
[2012.07.09 21:20:18 | 000,642,954 | ---- | M] () -- C:\Windows\System32\perfh009.dat
[2012.07.09 21:20:18 | 000,144,226 | ---- | M] () -- C:\Windows\System32\perfc007.dat
[2012.07.09 21:20:18 | 000,121,842 | ---- | M] () -- C:\Windows\System32\perfc009.dat
[2012.07.03 13:46:44 | 000,022,344 | ---- | M] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbam.sys
[2012.06.26 20:12:35 | 000,001,624 | ---- | M] () -- C:\Users\Public\Desktop\jetAudio.lnk
[2012.06.25 18:42:58 | 000,000,810 | ---- | M] () -- C:\Users\Public\Desktop\CCleaner.lnk
 
========== Files Created - No Company Name ==========
 
[2012.07.19 12:09:40 | 000,624,883 | ---- | C] () -- C:\Users\Sugga\Desktop\adwcleaner.exe
[2012.07.16 11:18:35 | 000,000,912 | ---- | C] () -- C:\Users\Public\Desktop\ Malwarebytes Anti-Malware .lnk
[2012.07.11 00:32:56 | 000,000,000 | ---- | C] () -- C:\Users\Sugga\defogger_reenable
[2011.12.31 13:18:40 | 000,022,885 | ---- | C] () -- C:\Users\Sugga\Gizem.odt
[2011.11.03 15:42:20 | 000,036,608 | ---- | C] () -- C:\Windows\System32\FsUsbExDisk.Sys
[2011.10.17 21:45:21 | 000,237,082 | ---- | C] () -- C:\Users\Sugga\Alice Rechnung 15.10.11.pdf
[2011.10.15 14:12:57 | 000,256,000 | ---- | C] () -- C:\Windows\PEV.exe
[2011.10.15 14:12:57 | 000,208,896 | ---- | C] () -- C:\Windows\MBR.exe
[2011.10.15 14:12:57 | 000,098,816 | ---- | C] () -- C:\Windows\sed.exe
[2011.10.15 14:12:57 | 000,080,412 | ---- | C] () -- C:\Windows\grep.exe
[2011.10.15 14:12:57 | 000,068,096 | ---- | C] () -- C:\Windows\zip.exe
[2011.10.11 01:15:43 | 009,762,266 | ---- | C] () -- C:\Users\Sugga\lebenskunst2.mp3
[2011.10.11 01:15:04 | 003,562,586 | ---- | C] () -- C:\Users\Sugga\lebenskunst1.mp3
[2011.10.05 21:21:05 | 000,012,303 | ---- | C] () -- C:\Users\Sugga\Einkünfte aus Gewerbe 2010.ods
[2011.09.06 22:57:22 | 009,793,269 | ---- | C] () -- C:\Users\Sugga\Universalfernbedienungsanleitung.pdf
[2011.08.12 17:08:12 | 000,015,161 | ---- | C] () -- C:\Users\Sugga\Rechnung Anja Ebert v.12.08.2011.odt
[2011.06.07 12:13:38 | 000,974,848 | ---- | C] () -- C:\Windows\System32\cis-2.4.dll
[2011.06.07 12:13:38 | 000,081,920 | ---- | C] () -- C:\Windows\System32\issacapi_bs-2.3.dll
[2011.06.07 12:13:38 | 000,065,536 | ---- | C] () -- C:\Windows\System32\issacapi_pe-2.3.dll
[2011.06.07 12:13:38 | 000,057,344 | ---- | C] () -- C:\Windows\System32\issacapi_se-2.3.dll
[2011.06.07 12:13:38 | 000,030,568 | ---- | C] () -- C:\Windows\MusiccityDownload.exe
[2011.05.05 01:20:14 | 000,018,484 | ---- | C] () -- C:\Users\Sugga\Ernährungstabelle 05.2011.ods
[2011.04.07 00:34:01 | 000,110,592 | ---- | C] () -- C:\Windows\System32\FsUsbExDevice.Dll
[2011.03.01 05:04:08 | 000,053,397 | ---- | C] () -- C:\Users\Sugga\brands4friends_rechnung_703049232.pdf
[2011.01.25 00:00:27 | 000,116,224 | ---- | C] () -- C:\Windows\System32\pdfcmnnt.dll
[2010.12.30 14:38:15 | 000,000,416 | ---- | C] () -- C:\Windows\BRWMARK.INI
[2010.12.30 14:38:15 | 000,000,034 | ---- | C] () -- C:\Windows\System32\BD7030.DAT
[2010.07.25 16:10:57 | 000,165,376 | ---- | C] () -- C:\Windows\System32\unrar.dll
[2010.07.25 16:10:57 | 000,000,038 | ---- | C] () -- C:\Windows\avisplitter.ini
[2010.07.25 16:10:54 | 000,790,528 | ---- | C] () -- C:\Windows\System32\xvidcore.dll
[2010.07.25 16:10:54 | 000,134,144 | ---- | C] () -- C:\Windows\System32\xvidvfw.dll
[2010.07.25 16:10:54 | 000,108,032 | ---- | C] () -- C:\Windows\System32\ff_vfw.dll
[2010.06.11 20:21:42 | 000,000,680 | ---- | C] () -- C:\Users\Sugga\AppData\Local\d3d9caps.dat
[2009.08.10 02:27:13 | 000,025,944 | ---- | C] () -- C:\Users\Sugga\AppData\Roaming\wklnhst.dat
[2009.07.18 01:48:42 | 000,000,056 | -H-- | C] () -- C:\ProgramData\ezsidmv.dat
[2009.07.03 23:42:46 | 000,049,152 | ---- | C] () -- C:\Users\Sugga\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2009.01.12 05:45:40 | 000,056,879 | ---- | C] () -- C:\ProgramData\nvModes.001
[2009.01.12 05:45:37 | 000,056,879 | ---- | C] () -- C:\ProgramData\nvModes.dat
 
========== LOP Check ==========
 
[2011.08.12 00:06:42 | 000,000,000 | ---D | M] -- C:\Users\Sugga\AppData\Roaming\Bibletime
[2009.07.11 00:44:10 | 000,000,000 | ---D | M] -- C:\Users\Sugga\AppData\Roaming\COWON
[2010.06.13 16:30:38 | 000,000,000 | ---D | M] -- C:\Users\Sugga\AppData\Roaming\Facebook
[2010.03.31 16:11:35 | 000,000,000 | ---D | M] -- C:\Users\Sugga\AppData\Roaming\GetRightToGo
[2009.07.04 20:06:21 | 000,000,000 | ---D | M] -- C:\Users\Sugga\AppData\Roaming\IrfanView
[2010.04.03 22:50:24 | 000,000,000 | ---D | M] -- C:\Users\Sugga\AppData\Roaming\OpenOffice.org
[2011.09.13 00:42:47 | 000,000,000 | ---D | M] -- C:\Users\Sugga\AppData\Roaming\PeerNetworking
[2011.11.03 15:48:21 | 000,000,000 | ---D | M] -- C:\Users\Sugga\AppData\Roaming\Samsung
[2011.01.17 12:23:23 | 000,000,000 | ---D | M] -- C:\Users\Sugga\AppData\Roaming\ScreeNet iSaver
[2011.02.16 14:51:30 | 000,000,000 | ---D | M] -- C:\Users\Sugga\AppData\Roaming\SoftGrid Client
[2011.07.01 02:03:43 | 000,000,000 | ---D | M] -- C:\Users\Sugga\AppData\Roaming\Sutape
[2011.06.02 20:17:10 | 000,000,000 | ---D | M] -- C:\Users\Sugga\AppData\Roaming\Sword
[2009.08.10 02:27:20 | 000,000,000 | ---D | M] -- C:\Users\Sugga\AppData\Roaming\Template
[2011.01.24 19:19:46 | 000,000,000 | ---D | M] -- C:\Users\Sugga\AppData\Roaming\TP
[2010.03.05 09:01:43 | 000,000,000 | ---D | M] -- C:\Users\Sugga\AppData\Roaming\UDC Profiles
[2012.07.20 04:22:58 | 000,032,510 | ---- | M] () -- C:\Windows\Tasks\SCHEDLGU.TXT
 
========== Purity Check ==========
 
 
 
========== Custom Scans ==========
 
< %ALLUSERSPROFILE%\Application Data\*. >
 
< %ALLUSERSPROFILE%\Application Data\*.exe /s >
 
< %APPDATA%\*. >
[2011.02.22 00:46:13 | 000,000,000 | ---D | M] -- C:\Users\Sugga\AppData\Roaming\Adobe
[2009.12.13 15:43:10 | 000,000,000 | ---D | M] -- C:\Users\Sugga\AppData\Roaming\AOL
[2012.02.14 00:26:32 | 000,000,000 | ---D | M] -- C:\Users\Sugga\AppData\Roaming\Apple Computer
[2011.10.15 00:43:38 | 000,000,000 | ---D | M] -- C:\Users\Sugga\AppData\Roaming\Avira
[2011.08.12 00:06:42 | 000,000,000 | ---D | M] -- C:\Users\Sugga\AppData\Roaming\Bibletime
[2009.07.11 00:44:10 | 000,000,000 | ---D | M] -- C:\Users\Sugga\AppData\Roaming\COWON
[2009.07.04 03:46:43 | 000,000,000 | ---D | M] -- C:\Users\Sugga\AppData\Roaming\CyberLink
[2010.06.14 12:02:15 | 000,000,000 | ---D | M] -- C:\Users\Sugga\AppData\Roaming\DivX
[2010.06.13 16:30:38 | 000,000,000 | ---D | M] -- C:\Users\Sugga\AppData\Roaming\Facebook
[2010.03.31 16:11:35 | 000,000,000 | ---D | M] -- C:\Users\Sugga\AppData\Roaming\GetRightToGo
[2009.07.03 17:48:40 | 000,000,000 | ---D | M] -- C:\Users\Sugga\AppData\Roaming\Google
[2009.07.01 15:35:53 | 000,000,000 | ---D | M] -- C:\Users\Sugga\AppData\Roaming\Identities
[2009.07.11 00:42:25 | 000,000,000 | ---D | M] -- C:\Users\Sugga\AppData\Roaming\InstallShield
[2009.07.04 20:06:21 | 000,000,000 | ---D | M] -- C:\Users\Sugga\AppData\Roaming\IrfanView
[2009.07.03 17:49:41 | 000,000,000 | ---D | M] -- C:\Users\Sugga\AppData\Roaming\Macromedia
[2011.10.08 21:37:27 | 000,000,000 | ---D | M] -- C:\Users\Sugga\AppData\Roaming\Malwarebytes
[2006.11.02 14:37:34 | 000,000,000 | ---D | M] -- C:\Users\Sugga\AppData\Roaming\Media Center Programs
[2012.07.13 01:24:29 | 000,000,000 | ---D | M] -- C:\Users\Sugga\AppData\Roaming\Media Player Classic
[2011.02.22 00:46:13 | 000,000,000 | --SD | M] -- C:\Users\Sugga\AppData\Roaming\Microsoft
[2009.07.03 22:47:28 | 000,000,000 | ---D | M] -- C:\Users\Sugga\AppData\Roaming\Mozilla
[2009.07.04 03:47:55 | 000,000,000 | ---D | M] -- C:\Users\Sugga\AppData\Roaming\Nero
[2010.04.03 22:50:24 | 000,000,000 | ---D | M] -- C:\Users\Sugga\AppData\Roaming\OpenOffice.org
[2011.09.13 00:42:47 | 000,000,000 | ---D | M] -- C:\Users\Sugga\AppData\Roaming\PeerNetworking
[2011.11.03 15:48:21 | 000,000,000 | ---D | M] -- C:\Users\Sugga\AppData\Roaming\Samsung
[2011.01.17 12:23:23 | 000,000,000 | ---D | M] -- C:\Users\Sugga\AppData\Roaming\ScreeNet iSaver
[2009.07.18 01:48:42 | 000,000,000 | ---D | M] -- C:\Users\Sugga\AppData\Roaming\skypePM
[2011.02.16 14:51:30 | 000,000,000 | ---D | M] -- C:\Users\Sugga\AppData\Roaming\SoftGrid Client
[2011.10.08 21:49:36 | 000,000,000 | ---D | M] -- C:\Users\Sugga\AppData\Roaming\SUPERAntiSpyware.com
[2011.07.01 02:03:43 | 000,000,000 | ---D | M] -- C:\Users\Sugga\AppData\Roaming\Sutape
[2011.06.02 20:17:10 | 000,000,000 | ---D | M] -- C:\Users\Sugga\AppData\Roaming\Sword
[2009.08.10 02:27:20 | 000,000,000 | ---D | M] -- C:\Users\Sugga\AppData\Roaming\Template
[2011.01.24 19:19:46 | 000,000,000 | ---D | M] -- C:\Users\Sugga\AppData\Roaming\TP
[2010.03.05 09:01:43 | 000,000,000 | ---D | M] -- C:\Users\Sugga\AppData\Roaming\UDC Profiles
 
< %APPDATA%\*.exe /s >
[2010.06.13 16:30:38 | 000,050,354 | ---- | M] (Facebook, Inc.) -- C:\Users\Sugga\AppData\Roaming\Facebook\uninstall.exe
[2011.06.28 07:32:22 | 081,122,288 | ---- | M] (Samsung Electronics Co., Ltd.                                ) -- C:\Users\Sugga\AppData\Roaming\Microsoft\Windows\Templates\SamsungKiesSetup.exe
 
< %SYSTEMDRIVE%\*.exe >
 
< MD5 for: AGP440.SYS  >
[2008.01.21 04:23:01 | 000,056,376 | ---- | M] (Microsoft Corporation) MD5=13F9E33747E6B41A3FF305C37DB0D360 -- C:\Windows\ERDNT\cache\AGP440.sys
[2008.01.21 04:23:01 | 000,056,376 | ---- | M] (Microsoft Corporation) MD5=13F9E33747E6B41A3FF305C37DB0D360 -- C:\Windows\System32\drivers\AGP440.sys
[2008.01.21 04:23:01 | 000,056,376 | ---- | M] (Microsoft Corporation) MD5=13F9E33747E6B41A3FF305C37DB0D360 -- C:\Windows\System32\DriverStore\FileRepository\machine.inf_51b95d75\AGP440.sys
[2008.01.21 04:23:01 | 000,056,376 | ---- | M] (Microsoft Corporation) MD5=13F9E33747E6B41A3FF305C37DB0D360 -- C:\Windows\System32\DriverStore\FileRepository\machine.inf_f750e484\AGP440.sys
[2008.01.21 04:23:01 | 000,056,376 | ---- | M] (Microsoft Corporation) MD5=13F9E33747E6B41A3FF305C37DB0D360 -- C:\Windows\winsxs\x86_machine.inf_31bf3856ad364e35_6.0.6001.18000_none_ba12ed3bbeb0d97a\AGP440.sys
[2008.01.21 04:23:01 | 000,056,376 | ---- | M] (Microsoft Corporation) MD5=13F9E33747E6B41A3FF305C37DB0D360 -- C:\Windows\winsxs\x86_machine.inf_31bf3856ad364e35_6.0.6002.18005_none_bbfe6647bbd2a4c6\AGP440.sys
[2006.11.02 11:49:52 | 000,053,864 | ---- | M] (Microsoft Corporation) MD5=EF23439CDD587F64C2C1B8825CEAD7D8 -- C:\Windows\System32\DriverStore\FileRepository\machine.inf_920a2c1f\AGP440.sys
 
< MD5 for: AHCIX86S.SYS  >
[2008.05.27 13:55:54 | 000,173,576 | ---- | M] (AMD Technologies Inc.) MD5=FBE4016F9EF3AB3DB547E40A936B6CD9 -- C:\Windows\System32\drivers\ahcix86s.sys
[2008.05.27 13:55:54 | 000,173,576 | ---- | M] (AMD Technologies Inc.) MD5=FBE4016F9EF3AB3DB547E40A936B6CD9 -- C:\Windows\System32\DriverStore\FileRepository\ahcix86s.inf_c617648e\ahcix86s.sys
 
< MD5 for: ATAPI.SYS  >
[2009.04.11 08:32:26 | 000,019,944 | ---- | M] (Microsoft Corporation) MD5=1F05B78AB91C9075565A9D8A4B880BC4 -- C:\Windows\ERDNT\cache\atapi.sys
[2009.04.11 08:32:26 | 000,019,944 | ---- | M] (Microsoft Corporation) MD5=1F05B78AB91C9075565A9D8A4B880BC4 -- C:\Windows\System32\drivers\atapi.sys
[2009.04.11 08:32:26 | 000,019,944 | ---- | M] (Microsoft Corporation) MD5=1F05B78AB91C9075565A9D8A4B880BC4 -- C:\Windows\System32\DriverStore\FileRepository\mshdc.inf_b12d8e84\atapi.sys
[2009.04.11 08:32:26 | 000,019,944 | ---- | M] (Microsoft Corporation) MD5=1F05B78AB91C9075565A9D8A4B880BC4 -- C:\Windows\winsxs\x86_mshdc.inf_31bf3856ad364e35_6.0.6002.18005_none_df23a1261eab99e8\atapi.sys
[2008.01.21 04:23:00 | 000,021,560 | ---- | M] (Microsoft Corporation) MD5=2D9C903DC76A66813D350A562DE40ED9 -- C:\Windows\System32\DriverStore\FileRepository\mshdc.inf_cc18792d\atapi.sys
[2008.01.21 04:23:00 | 000,021,560 | ---- | M] (Microsoft Corporation) MD5=2D9C903DC76A66813D350A562DE40ED9 -- C:\Windows\winsxs\x86_mshdc.inf_31bf3856ad364e35_6.0.6001.18000_none_dd38281a2189ce9c\atapi.sys
[2006.11.02 11:49:36 | 000,019,048 | ---- | M] (Microsoft Corporation) MD5=4F4FCB8B6EA06784FB6D475B7EC7300F -- C:\Windows\System32\DriverStore\FileRepository\mshdc.inf_c6c2e699\atapi.sys
[2008.08.16 14:03:39 | 000,021,560 | ---- | M] (Microsoft Corporation) MD5=66A1A71D66C5235A31C16F30147E7AF6 -- C:\Windows\System32\DriverStore\FileRepository\mshdc.inf_181d523c\atapi.sys
[2008.08.16 14:03:39 | 000,021,560 | ---- | M] (Microsoft Corporation) MD5=66A1A71D66C5235A31C16F30147E7AF6 -- C:\Windows\winsxs\x86_mshdc.inf_31bf3856ad364e35_6.0.6001.22245_none_dd9b888d3ac35a04\atapi.sys
 
< MD5 for: CNGAUDIT.DLL  >
[2006.11.02 11:46:03 | 000,011,776 | ---- | M] (Microsoft Corporation) MD5=7F15B4953378C8B5161D65C26D5FED4D -- C:\Windows\ERDNT\cache\cngaudit.dll
[2006.11.02 11:46:03 | 000,011,776 | ---- | M] (Microsoft Corporation) MD5=7F15B4953378C8B5161D65C26D5FED4D -- C:\Windows\System32\cngaudit.dll
[2006.11.02 11:46:03 | 000,011,776 | ---- | M] (Microsoft Corporation) MD5=7F15B4953378C8B5161D65C26D5FED4D -- C:\Windows\winsxs\x86_microsoft-windows-cngaudit-dll_31bf3856ad364e35_6.0.6000.16386_none_e62d292932a96ce6\cngaudit.dll
 
< MD5 for: IASTOR.SYS  >
[2007.09.30 00:03:12 | 000,308,248 | ---- | M] (Intel Corporation) MD5=E5A0034847537EAEE3C00349D5C34C5F -- C:\Windows\System32\drivers\iaStor.sys
[2007.09.30 00:03:12 | 000,308,248 | ---- | M] (Intel Corporation) MD5=E5A0034847537EAEE3C00349D5C34C5F -- C:\Windows\System32\DriverStore\FileRepository\iaahci.inf_7baf6192\iaStor.sys
[2007.09.30 00:03:12 | 000,308,248 | ---- | M] (Intel Corporation) MD5=E5A0034847537EAEE3C00349D5C34C5F -- C:\Windows\System32\DriverStore\FileRepository\iastor.inf_41af7b1f\iaStor.sys
 
< MD5 for: IASTORV.SYS  >
[2008.01.21 04:23:23 | 000,235,064 | ---- | M] (Intel Corporation) MD5=54155EA1B0DF185878E0FC9EC3AC3A14 -- C:\Windows\System32\drivers\iaStorV.sys
[2008.01.21 04:23:23 | 000,235,064 | ---- | M] (Intel Corporation) MD5=54155EA1B0DF185878E0FC9EC3AC3A14 -- C:\Windows\System32\DriverStore\FileRepository\iastorv.inf_c9df7691\iaStorV.sys
[2008.01.21 04:23:23 | 000,235,064 | ---- | M] (Intel Corporation) MD5=54155EA1B0DF185878E0FC9EC3AC3A14 -- C:\Windows\winsxs\x86_iastorv.inf_31bf3856ad364e35_6.0.6001.18000_none_af11527887c7fa8f\iaStorV.sys
[2006.11.02 11:51:25 | 000,232,040 | ---- | M] (Intel Corporation) MD5=C957BF4B5D80B46C5017BF0101E6C906 -- C:\Windows\System32\DriverStore\FileRepository\iastorv.inf_37cdafa4\iaStorV.sys
 
< MD5 for: NETLOGON.DLL  >
[2009.04.11 08:28:23 | 000,592,896 | ---- | M] (Microsoft Corporation) MD5=95DAECF0FB120A7B5DA679CC54E37DDE -- C:\Windows\ERDNT\cache\netlogon.dll
[2009.04.11 08:28:23 | 000,592,896 | ---- | M] (Microsoft Corporation) MD5=95DAECF0FB120A7B5DA679CC54E37DDE -- C:\Windows\System32\netlogon.dll
[2009.04.11 08:28:23 | 000,592,896 | ---- | M] (Microsoft Corporation) MD5=95DAECF0FB120A7B5DA679CC54E37DDE -- C:\Windows\winsxs\x86_microsoft-windows-security-netlogon_31bf3856ad364e35_6.0.6002.18005_none_ffa3304f351bb3a3\netlogon.dll
[2008.01.21 04:24:05 | 000,592,384 | ---- | M] (Microsoft Corporation) MD5=A8EFC0B6E75B789F7FD3BA5025D4E37F -- C:\Windows\winsxs\x86_microsoft-windows-security-netlogon_31bf3856ad364e35_6.0.6001.18000_none_fdb7b74337f9e857\netlogon.dll
 
< MD5 for: NVSTOR.SYS  >
[2006.11.02 11:50:13 | 000,040,040 | ---- | M] (NVIDIA Corporation) MD5=9E0BA19A28C498A6D323D065DB76DFFC -- C:\Windows\System32\DriverStore\FileRepository\nvraid.inf_733654ff\nvstor.sys
[2008.01.21 04:23:21 | 000,045,112 | ---- | M] (NVIDIA Corporation) MD5=ABED0C09758D1D97DB0042DBB2688177 -- C:\Windows\System32\drivers\nvstor.sys
[2008.01.21 04:23:21 | 000,045,112 | ---- | M] (NVIDIA Corporation) MD5=ABED0C09758D1D97DB0042DBB2688177 -- C:\Windows\System32\DriverStore\FileRepository\nvraid.inf_31c3d71d\nvstor.sys
[2008.01.21 04:23:21 | 000,045,112 | ---- | M] (NVIDIA Corporation) MD5=ABED0C09758D1D97DB0042DBB2688177 -- C:\Windows\winsxs\x86_nvraid.inf_31bf3856ad364e35_6.0.6001.18000_none_39dac327befea467\nvstor.sys
 
< MD5 for: SCECLI.DLL  >
[2008.01.21 04:24:50 | 000,177,152 | ---- | M] (Microsoft Corporation) MD5=28B84EB538F7E8A0FE8B9299D591E0B9 -- C:\Windows\winsxs\x86_microsoft-windows-s..urationengineclient_31bf3856ad364e35_6.0.6001.18000_none_380de25bd91b6f12\scecli.dll
[2009.04.11 08:28:24 | 000,177,152 | ---- | M] (Microsoft Corporation) MD5=8FC182167381E9915651267044105EE1 -- C:\Windows\ERDNT\cache\scecli.dll
[2009.04.11 08:28:24 | 000,177,152 | ---- | M] (Microsoft Corporation) MD5=8FC182167381E9915651267044105EE1 -- C:\Windows\System32\scecli.dll
[2009.04.11 08:28:24 | 000,177,152 | ---- | M] (Microsoft Corporation) MD5=8FC182167381E9915651267044105EE1 -- C:\Windows\winsxs\x86_microsoft-windows-s..urationengineclient_31bf3856ad364e35_6.0.6002.18005_none_39f95b67d63d3a5e\scecli.dll
 
< MD5 for: USER32.DLL  >
[2009.04.11 08:28:25 | 000,627,712 | ---- | M] (Microsoft Corporation) MD5=75510147B94598407666F4802797C75A -- C:\Windows\ERDNT\cache\user32.dll
[2008.01.21 04:24:21 | 000,627,200 | ---- | M] (Microsoft Corporation) MD5=B974D9F06DC7D1908E825DC201681269 -- C:\Windows\winsxs\x86_microsoft-windows-user32_31bf3856ad364e35_6.0.6001.18000_none_cd386c416d5c7f32\user32.dll
[2009.04.11 08:28:25 | 000,627,712 | ---- | M] (Microsoft Corporation) Unable to obtain MD5 -- C:\Windows\System32\user32.dll
[2009.04.11 08:28:25 | 000,627,712 | ---- | M] (Microsoft Corporation) Unable to obtain MD5 -- C:\Windows\winsxs\x86_microsoft-windows-user32_31bf3856ad364e35_6.0.6002.18005_none_cf23e54d6a7e4a7e\user32.dll
 
< MD5 for: USERINIT.EXE  >
[2008.01.21 04:24:49 | 000,025,088 | ---- | M] (Microsoft Corporation) MD5=0E135526E9785D085BCD9AEDE6FBCBF9 -- C:\Windows\ERDNT\cache\userinit.exe
[2008.01.21 04:24:49 | 000,025,088 | ---- | M] (Microsoft Corporation) MD5=0E135526E9785D085BCD9AEDE6FBCBF9 -- C:\Windows\System32\userinit.exe
[2008.01.21 04:24:49 | 000,025,088 | ---- | M] (Microsoft Corporation) MD5=0E135526E9785D085BCD9AEDE6FBCBF9 -- C:\Windows\winsxs\x86_microsoft-windows-userinit_31bf3856ad364e35_6.0.6001.18000_none_dc28ba15d1aff80b\userinit.exe
 
< MD5 for: WININIT.EXE  >
[2008.01.21 04:23:42 | 000,096,768 | ---- | M] (Microsoft Corporation) MD5=101BA3EA053480BB5D957EF37C06B5ED -- C:\Windows\ERDNT\cache\wininit.exe
[2008.01.21 04:23:42 | 000,096,768 | ---- | M] (Microsoft Corporation) MD5=101BA3EA053480BB5D957EF37C06B5ED -- C:\Windows\System32\wininit.exe
[2008.01.21 04:23:42 | 000,096,768 | ---- | M] (Microsoft Corporation) MD5=101BA3EA053480BB5D957EF37C06B5ED -- C:\Windows\winsxs\x86_microsoft-windows-wininit_31bf3856ad364e35_6.0.6001.18000_none_30f2b8cf0450a6a2\wininit.exe
 
< MD5 for: WINLOGON.EXE  >
[2009.04.11 08:28:13 | 000,314,368 | ---- | M] (Microsoft Corporation) MD5=898E7C06A350D4A1A64A9EA264D55452 -- C:\Windows\ERDNT\cache\winlogon.exe
[2009.04.11 08:28:13 | 000,314,368 | ---- | M] (Microsoft Corporation) MD5=898E7C06A350D4A1A64A9EA264D55452 -- C:\Windows\System32\winlogon.exe
[2009.04.11 08:28:13 | 000,314,368 | ---- | M] (Microsoft Corporation) MD5=898E7C06A350D4A1A64A9EA264D55452 -- C:\Windows\winsxs\x86_microsoft-windows-winlogon_31bf3856ad364e35_6.0.6002.18005_none_71ae7a22d2134741\winlogon.exe
[2012.07.03 13:46:42 | 000,217,672 | ---- | M] () MD5=8A7F34F0BBD076EC3815680A7309114F -- C:\Program Files\Malwarebytes' Anti-Malware\Chameleon\winlogon.exe
[2008.01.21 04:24:49 | 000,314,880 | ---- | M] (Microsoft Corporation) MD5=C2610B6BDBEFC053BBDAB4F1B965CB24 -- C:\Windows\winsxs\x86_microsoft-windows-winlogon_31bf3856ad364e35_6.0.6001.18000_none_6fc30116d4f17bf5\winlogon.exe
 
< MD5 for: WS2IFSL.SYS  >
[2008.01.21 04:24:47 | 000,015,872 | ---- | M] (Microsoft Corporation) MD5=E3A3CB253C0EC2494D4A61F5E43A389C -- C:\Windows\System32\drivers\ws2ifsl.sys
[2008.01.21 04:24:47 | 000,015,872 | ---- | M] (Microsoft Corporation) MD5=E3A3CB253C0EC2494D4A61F5E43A389C -- C:\Windows\winsxs\x86_microsoft-windows-w..rastructure-ws2ifsl_31bf3856ad364e35_6.0.6001.18000_none_4f86a0d4c7cda641\ws2ifsl.sys
 
< %systemroot%\system32\drivers\*.sys /lockedfiles >
 
< %systemroot%\System32\config\*.sav >
[2009.01.12 13:21:38 | 013,115,392 | ---- | M] () -- C:\Windows\System32\config\COMPONENTS.SAV
[2009.01.12 13:21:29 | 000,106,496 | ---- | M] () -- C:\Windows\System32\config\DEFAULT.SAV
[2009.01.12 13:21:39 | 000,020,480 | ---- | M] () -- C:\Windows\System32\config\SECURITY.SAV
[2009.01.12 13:21:48 | 017,633,280 | ---- | M] () -- C:\Windows\System32\config\SOFTWARE.SAV
[2009.01.12 13:21:50 | 006,705,152 | ---- | M] () -- C:\Windows\System32\config\SYSTEM.SAV
 
< %systemroot%\*. /mp /s >
 
< %systemroot%\system32\*.dll /lockedfiles >
 
<           >

< End of report >

cosinus · 21.07.2012, 14:42

Mach einen OTL-Fix, beende alle evtl. geöffneten Programme, auch Virenscanner deaktivieren (!), starte OTL und kopiere folgenden Text in die "Custom Scan/Fixes" Box (unten in OTL): (das ":OTL" muss mitkopiert werden!!!)

Code:

ATTFilter

:OTL
FF - user.js - File not found
O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - No CLSID value found.
O2 - BHO: (AOL Toolbar Launcher) - {7C554162-8CB7-45A4-B8F4-8EA1C75885F9} - C:\Programme\AOL\AOL Toolbar 4.0\aoltb.dll (AOL LLC)
O3 - HKLM\..\Toolbar: (AOL Toolbar) - {DE9C389F-3316-41A7-809B-AA305ED9D922} - C:\Programme\AOL\AOL Toolbar 4.0\aoltb.dll (AOL LLC)
O3 - HKU\S-1-5-21-2894495787-1388115591-2515416557-1000\..\Toolbar\WebBrowser: (AOL Toolbar) - {DE9C389F-3316-41A7-809B-AA305ED9D922} - C:\Programme\AOL\AOL Toolbar 4.0\aoltb.dll (AOL LLC)
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O7 - HKU\.DEFAULT\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-18\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-19\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-20\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-21-2894495787-1388115591-2515416557-1000\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-21-2894495787-1388115591-2515416557-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O8 - Extra context menu item: &AOL Toolbar-Suche - c:\Programme\AOL\AOL Toolbar 4.0\resources\de-DE\local\search.html ()
[2011.07.01 02:03:43 | 000,000,000 | ---D | M] -- C:\Users\Sugga\AppData\Roaming\Sutape
:Files
C:\Users\Sugga\AppData\LocalLow\Sun\Java\Deployment\cache
:Commands
[purity]
[emptytemp]
[emptyflash]
[resethosts]

Klick dann oben links auf den Button Fix!
Das Logfile müsste geöffnet werden, wenn Du nach dem Fixen auf ok klickst, poste das bitte. Evtl. wird der Rechner neu gestartet.

Die mit diesem Script gefixten Einträge, Dateien und Ordner werden zur Sicherheit nicht vollständig gelöscht, es wird eine Sicherheitskopie auf der Systempartition im Ordner "_OTL" erstellt.

Hinweis: Das obige Script ist nur für diesen einen User in dieser Situtation erstellt worden. Es ist auf keinen anderen Rechner portierbar und darf nicht anderweitig verwandt werden, da es das System nachhaltig schädigen kann!

Suggasweet · 21.07.2012, 15:16

Code:

ATTFilter

All processes killed
========== OTL ==========
Registry key HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{5C255C8A-E604-49b4-9D64-90988571CECB}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{5C255C8A-E604-49b4-9D64-90988571CECB}\ not found.
Registry key HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{7C554162-8CB7-45A4-B8F4-8EA1C75885F9}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{7C554162-8CB7-45A4-B8F4-8EA1C75885F9}\ deleted successfully.
C:\Programme\AOL\AOL Toolbar 4.0\aoltb.dll moved successfully.
Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Toolbar\\{DE9C389F-3316-41A7-809B-AA305ED9D922} deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{DE9C389F-3316-41A7-809B-AA305ED9D922}\ deleted successfully.
File C:\Programme\AOL\AOL Toolbar 4.0\aoltb.dll not found.
Registry value HKEY_USERS\S-1-5-21-2894495787-1388115591-2515416557-1000\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\\{DE9C389F-3316-41A7-809B-AA305ED9D922} deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{DE9C389F-3316-41A7-809B-AA305ED9D922}\ not found.
File C:\Programme\AOL\AOL Toolbar 4.0\aoltb.dll not found.
Registry key HKEY_LOCAL_MACHINE\Software\Policies\Microsoft\Internet Explorer\Restrictions\ deleted successfully.
Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\\NoDrives deleted successfully.
Registry key HKEY_USERS\.DEFAULT\Software\Policies\Microsoft\Internet Explorer\Control Panel\ not found.
Registry key HKEY_USERS\S-1-5-18\Software\Policies\Microsoft\Internet Explorer\Control Panel\ not found.
Registry key HKEY_USERS\S-1-5-19\Software\Policies\Microsoft\Internet Explorer\Control Panel\ not found.
Registry key HKEY_USERS\S-1-5-20\Software\Policies\Microsoft\Internet Explorer\Control Panel\ not found.
Registry key HKEY_USERS\S-1-5-21-2894495787-1388115591-2515416557-1000\Software\Policies\Microsoft\Internet Explorer\Control Panel\ deleted successfully.
Registry value HKEY_USERS\S-1-5-21-2894495787-1388115591-2515416557-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\\NoDrives deleted successfully.
Registry key HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\MenuExt\&AOL Toolbar-Suche\ deleted successfully.
File Suche - c:\Programme\AOL\AOL Toolbar 4.0\resources\de-DE\local\search.html not found.
C:\Users\Sugga\AppData\Roaming\Sutape folder moved successfully.
========== FILES ==========
C:\Users\Sugga\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\tmp folder moved successfully.
C:\Users\Sugga\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\muffin folder moved successfully.
C:\Users\Sugga\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\host folder moved successfully.
C:\Users\Sugga\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\9 folder moved successfully.
C:\Users\Sugga\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\8 folder moved successfully.
C:\Users\Sugga\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\7 folder moved successfully.
C:\Users\Sugga\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\63 folder moved successfully.
C:\Users\Sugga\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\62 folder moved successfully.
C:\Users\Sugga\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\61 folder moved successfully.
C:\Users\Sugga\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\60 folder moved successfully.
C:\Users\Sugga\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\6 folder moved successfully.
C:\Users\Sugga\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\59 folder moved successfully.
C:\Users\Sugga\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\58 folder moved successfully.
C:\Users\Sugga\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\57 folder moved successfully.
C:\Users\Sugga\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\56 folder moved successfully.
C:\Users\Sugga\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\55 folder moved successfully.
C:\Users\Sugga\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\54 folder moved successfully.
C:\Users\Sugga\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\53 folder moved successfully.
C:\Users\Sugga\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\52 folder moved successfully.
C:\Users\Sugga\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\51 folder moved successfully.
C:\Users\Sugga\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\50 folder moved successfully.
C:\Users\Sugga\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\5 folder moved successfully.
C:\Users\Sugga\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\49 folder moved successfully.
C:\Users\Sugga\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\48 folder moved successfully.
C:\Users\Sugga\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\47 folder moved successfully.
C:\Users\Sugga\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\46 folder moved successfully.
C:\Users\Sugga\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\45 folder moved successfully.
C:\Users\Sugga\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\44 folder moved successfully.
C:\Users\Sugga\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\43 folder moved successfully.
C:\Users\Sugga\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\42 folder moved successfully.
C:\Users\Sugga\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\41 folder moved successfully.
C:\Users\Sugga\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\40 folder moved successfully.
C:\Users\Sugga\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\4 folder moved successfully.
C:\Users\Sugga\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\39 folder moved successfully.
C:\Users\Sugga\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\38 folder moved successfully.
C:\Users\Sugga\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\37 folder moved successfully.
C:\Users\Sugga\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\36 folder moved successfully.
C:\Users\Sugga\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\35 folder moved successfully.
C:\Users\Sugga\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\34 folder moved successfully.
C:\Users\Sugga\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\33 folder moved successfully.
C:\Users\Sugga\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\32 folder moved successfully.
C:\Users\Sugga\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\31 folder moved successfully.
C:\Users\Sugga\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\30 folder moved successfully.
C:\Users\Sugga\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\3 folder moved successfully.
C:\Users\Sugga\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\29 folder moved successfully.
C:\Users\Sugga\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\28 folder moved successfully.
C:\Users\Sugga\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\27 folder moved successfully.
C:\Users\Sugga\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\26 folder moved successfully.
C:\Users\Sugga\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\25 folder moved successfully.
C:\Users\Sugga\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\24 folder moved successfully.
C:\Users\Sugga\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\23 folder moved successfully.
C:\Users\Sugga\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\22 folder moved successfully.
C:\Users\Sugga\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\21 folder moved successfully.
C:\Users\Sugga\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\20 folder moved successfully.
C:\Users\Sugga\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\2 folder moved successfully.
C:\Users\Sugga\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\19 folder moved successfully.
C:\Users\Sugga\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\18 folder moved successfully.
C:\Users\Sugga\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\17 folder moved successfully.
C:\Users\Sugga\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\16 folder moved successfully.
C:\Users\Sugga\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\15 folder moved successfully.
C:\Users\Sugga\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\14 folder moved successfully.
C:\Users\Sugga\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\13 folder moved successfully.
C:\Users\Sugga\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\12 folder moved successfully.
C:\Users\Sugga\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\11 folder moved successfully.
C:\Users\Sugga\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\10 folder moved successfully.
C:\Users\Sugga\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\1 folder moved successfully.
C:\Users\Sugga\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\0 folder moved successfully.
C:\Users\Sugga\AppData\LocalLow\Sun\Java\Deployment\cache\6.0 folder moved successfully.
C:\Users\Sugga\AppData\LocalLow\Sun\Java\Deployment\cache folder moved successfully.
========== COMMANDS ==========
 
[EMPTYTEMP]
 
User: All Users
 
User: Default
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 33170 bytes
 
User: Default User
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
 
User: Public
->Temp folder emptied: 0 bytes
 
User: Sugga
->Temp folder emptied: 38417 bytes
->Temporary Internet Files folder emptied: 638502 bytes
->FireFox cache emptied: 119846107 bytes
->Flash cache emptied: 2512 bytes
 
%systemdrive% .tmp files removed: 0 bytes
%systemroot% .tmp files removed: 0 bytes
%systemroot%\System32 .tmp files removed: 0 bytes
%systemroot%\System32\drivers .tmp files removed: 0 bytes
Windows Temp folder emptied: 13294 bytes
RecycleBin emptied: 0 bytes
 
Total Files Cleaned = 115,00 mb
 
 
[EMPTYFLASH]
 
User: All Users
 
User: Default
 
User: Default User
 
User: Public
 
User: Sugga
->Flash cache emptied: 0 bytes
 
Total Flash Files Cleaned = 0,00 mb
 
C:\Windows\System32\drivers\etc\Hosts moved successfully.
HOSTS file reset successfully
 
OTL by OldTimer - Version 3.2.54.0 log created on 07212012_161022

Files\Folders moved on Reboot...

PendingFileRenameOperations files...

Registry entries deleted on Reboot...

cosinus · 23.07.2012, 13:40

Bitte nun (im normalen Windows-Modus) dieses Tool von Kaspersky (TDSS-Killer) ausführen und das Log posten Anleitung und Downloadlink hier => http://www.trojaner-board.de/82358-t...entfernen.html

Hinweis: Bitte den Virenscanner abstellen bevor du den TDSS-Killer ausführst, denn v.a. Avira meldet im TDSS-Tool oft einen Fehalalrm!

Das Tool so einstellen wie unten im Bild angegeben - klick auf change parameters und setze die Haken wie im folgenden Screenshot abgebildet,
Dann auf Start Scan klicken und wenn es durch ist auf den Button Report klicken um das Log anzuzeigen. Dieses bitte komplett posten.
Wenn du das Log nicht findest oder den Inhalt kopieren und in dein Posting übertragen kannst, dann schau bitte direkt auf deiner Windows-Systempartition (meistens Laufwerk C

nach, da speichert der TDSS-Killer seine Logs.

Hinweis: Bitte nichts voreilig mit dem TDSS-Killer löschen! Falls Objekte vom TDSS-Killer bemängelt werden, alle mit der Aktion "skip" behandeln und hier nur das Log posten!

Suggasweet · 23.07.2012, 18:01

Code:

ATTFilter

18:57:40.0308 1168	TDSS rootkit removing tool 2.7.47.0 Jul 20 2012 20:36:30
18:57:40.0535 1168	============================================================
18:57:40.0535 1168	Current date / time: 2012/07/23 18:57:40.0535
18:57:40.0535 1168	SystemInfo:
18:57:40.0535 1168	
18:57:40.0535 1168	OS Version: 6.0.6002 ServicePack: 2.0
18:57:40.0535 1168	Product type: Workstation
18:57:40.0535 1168	ComputerName: ANJAS-PC
18:57:40.0535 1168	UserName: Sugga
18:57:40.0535 1168	Windows directory: C:\Windows
18:57:40.0535 1168	System windows directory: C:\Windows
18:57:40.0535 1168	Processor architecture: Intel x86
18:57:40.0535 1168	Number of processors: 2
18:57:40.0535 1168	Page size: 0x1000
18:57:40.0535 1168	Boot type: Normal boot
18:57:40.0535 1168	============================================================
18:57:41.0689 1168	Drive \Device\Harddisk0\DR0 - Size: 0x4A85D56000 (298.09 Gb), SectorSize: 0x200, Cylinders: 0x9801, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000050
18:57:41.0691 1168	============================================================
18:57:41.0691 1168	\Device\Harddisk0\DR0:
18:57:41.0691 1168	MBR partitions:
18:57:41.0691 1168	\Device\Harddisk0\DR0\Partition0: MBR, Type 0x7, StartLBA 0x1194800, BlocksNum 0xBC51800
18:57:41.0691 1168	\Device\Harddisk0\DR0\Partition1: MBR, Type 0x7, StartLBA 0xCDE6000, BlocksNum 0x186482B0
18:57:41.0691 1168	============================================================
18:57:41.0728 1168	C: <-> \Device\Harddisk0\DR0\Partition0
18:57:41.0793 1168	D: <-> \Device\Harddisk0\DR0\Partition1
18:57:41.0793 1168	============================================================
18:57:41.0793 1168	Initialize success
18:57:41.0793 1168	============================================================
18:58:21.0213 0748	============================================================
18:58:21.0213 0748	Scan started
18:58:21.0213 0748	Mode: Manual; SigCheck; TDLFS; 
18:58:21.0213 0748	============================================================
18:58:21.0899 0748	!SASCORE        (c0393eb99a6c72c6bef9bfc4a72b33a6) C:\Program Files\SUPERAntiSpyware\SASCORE.EXE
18:58:21.0977 0748	!SASCORE - ok
18:58:22.0133 0748	ACPI            (82b296ae1892fe3dbee00c9cf92f8ac7) C:\Windows\system32\drivers\acpi.sys
18:58:22.0149 0748	ACPI - ok
18:58:22.0242 0748	AdobeARMservice (11a52cf7b265631deeb24c6149309eff) C:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe
18:58:22.0242 0748	AdobeARMservice - ok
18:58:22.0320 0748	AdobeFlashPlayerUpdateSvc (5e1a953c6472e7bb644892a4d0df5e72) C:\Windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe
18:58:22.0336 0748	AdobeFlashPlayerUpdateSvc - ok
18:58:22.0429 0748	adp94xx         (04f0fcac69c7c71a3ac4eb97fafc8303) C:\Windows\system32\drivers\adp94xx.sys
18:58:22.0476 0748	adp94xx - ok
18:58:22.0539 0748	adpahci         (60505e0041f7751bdbb80f88bf45c2ce) C:\Windows\system32\drivers\adpahci.sys
18:58:22.0570 0748	adpahci - ok
18:58:22.0585 0748	adpu160m        (8a42779b02aec986eab64ecfc98f8bd7) C:\Windows\system32\drivers\adpu160m.sys
18:58:22.0601 0748	adpu160m - ok
18:58:22.0632 0748	adpu320         (241c9e37f8ce45ef51c3de27515ca4e5) C:\Windows\system32\drivers\adpu320.sys
18:58:22.0648 0748	adpu320 - ok
18:58:22.0679 0748	AeLookupSvc     (9d1fda9e086ba64e3c93c9de32461bcf) C:\Windows\System32\aelupsvc.dll
18:58:22.0804 0748	AeLookupSvc - ok
18:58:22.0882 0748	AFD             (3911b972b55fea0478476b2e777b29fa) C:\Windows\system32\drivers\afd.sys
18:58:22.0960 0748	AFD - ok
18:58:23.0007 0748	agp440          (13f9e33747e6b41a3ff305c37db0d360) C:\Windows\system32\drivers\agp440.sys
18:58:23.0022 0748	agp440 - ok
18:58:23.0085 0748	ahcix86s        (fbe4016f9ef3ab3db547e40a936b6cd9) C:\Windows\system32\drivers\ahcix86s.sys
18:58:23.0272 0748	ahcix86s - ok
18:58:23.0287 0748	aic78xx         (ae1fdf7bf7bb6c6a70f67699d880592a) C:\Windows\system32\drivers\djsvs.sys
18:58:23.0303 0748	aic78xx - ok
18:58:23.0334 0748	ALG             (a1545b731579895d8cc44fc0481c1192) C:\Windows\System32\alg.exe
18:58:23.0443 0748	ALG - ok
18:58:23.0490 0748	aliide          (9eaef5fc9b8e351afa7e78a6fae91f91) C:\Windows\system32\drivers\aliide.sys
18:58:23.0490 0748	aliide - ok
18:58:23.0537 0748	amdagp          (c47344bc706e5f0b9dce369516661578) C:\Windows\system32\drivers\amdagp.sys
18:58:23.0553 0748	amdagp - ok
18:58:23.0568 0748	amdide          (9b78a39a4c173fdbc1321e0dd659b34c) C:\Windows\system32\drivers\amdide.sys
18:58:23.0584 0748	amdide - ok
18:58:23.0615 0748	AmdK7           (18f29b49ad23ecee3d2a826c725c8d48) C:\Windows\system32\drivers\amdk7.sys
18:58:23.0662 0748	AmdK7 - ok
18:58:23.0755 0748	AmdK8           (93ae7f7dd54ab986a6f1a1b37be7442d) C:\Windows\system32\drivers\amdk8.sys
18:58:23.0818 0748	AmdK8 - ok
18:58:23.0927 0748	AntiVirSchedulerService (466a0d95960dad3222c896d2cea99993) C:\Program Files\Avira\AntiVir Desktop\sched.exe
18:58:23.0943 0748	AntiVirSchedulerService - ok
18:58:24.0005 0748	AntiVirService  (a489be6bb0aa1ff406b488b60542314b) C:\Program Files\Avira\AntiVir Desktop\avguard.exe
18:58:24.0005 0748	AntiVirService - ok
18:58:24.0130 0748	AOL ACS         (85180cf88c5ebad73b452a43a004ca51) C:\Program Files\Common Files\AOL\ACS\AOLAcsd.exe
18:58:24.0130 0748	AOL ACS - ok
18:58:24.0192 0748	Appinfo         (c6d704c7f0434dc791aac37cac4b6e14) C:\Windows\System32\appinfo.dll
18:58:24.0239 0748	Appinfo - ok
18:58:24.0301 0748	arc             (5d2888182fb46632511acee92fdad522) C:\Windows\system32\drivers\arc.sys
18:58:24.0317 0748	arc - ok
18:58:24.0364 0748	arcsas          (5e2a321bd7c8b3624e41fdec3e244945) C:\Windows\system32\drivers\arcsas.sys
18:58:24.0379 0748	arcsas - ok
18:58:24.0426 0748	AsyncMac        (53b202abee6455406254444303e87be1) C:\Windows\system32\DRIVERS\asyncmac.sys
18:58:24.0473 0748	AsyncMac - ok
18:58:24.0489 0748	atapi           (1f05b78ab91c9075565a9d8a4b880bc4) C:\Windows\system32\drivers\atapi.sys
18:58:24.0504 0748	atapi - ok
18:58:24.0551 0748	AudioEndpointBuilder (68e2a1a0407a66cf50da0300852424ab) C:\Windows\System32\Audiosrv.dll
18:58:24.0582 0748	AudioEndpointBuilder - ok
18:58:24.0598 0748	Audiosrv        (68e2a1a0407a66cf50da0300852424ab) C:\Windows\System32\Audiosrv.dll
18:58:24.0613 0748	Audiosrv - ok
18:58:24.0660 0748	avgntflt        (d5541f0afb767e85fc412fc609d96a74) C:\Windows\system32\DRIVERS\avgntflt.sys
18:58:24.0676 0748	avgntflt - ok
18:58:24.0691 0748	avipbb          (7d967a682d4694df7fa57d63a2db01fe) C:\Windows\system32\DRIVERS\avipbb.sys
18:58:24.0707 0748	avipbb - ok
18:58:24.0723 0748	avkmgr          (271cfd1a989209b1964e24d969552bf7) C:\Windows\system32\DRIVERS\avkmgr.sys
18:58:24.0723 0748	avkmgr - ok
18:58:24.0754 0748	AVMUNET         (980f4c96c73c61cc6fcf657a721b35d3) C:\Windows\system32\DRIVERS\avmunet.sys
18:58:24.0801 0748	AVMUNET - ok
18:58:24.0879 0748	BcmSqlStartupSvc (6163664c7e9cd110af70180c126c3fdc) C:\Program Files\Microsoft Small Business\Business Contact Manager\BcmSqlStartupSvc.exe
18:58:24.0879 0748	BcmSqlStartupSvc - ok
18:58:24.0910 0748	Beep            (67e506b75bd5326a3ec7b70bd014dfb6) C:\Windows\system32\drivers\Beep.sys
18:58:24.0957 0748	Beep - ok
18:58:25.0019 0748	BFE             (c789af0f724fda5852fb9a7d3a432381) C:\Windows\System32\bfe.dll
18:58:25.0081 0748	BFE - ok
18:58:25.0175 0748	BITS            (93952506c6d67330367f7e7934b6a02f) C:\Windows\system32\qmgr.dll
18:58:25.0269 0748	BITS - ok
18:58:25.0300 0748	blbdrive        (d4df28447741fd3d953526e33a617397) C:\Windows\system32\drivers\blbdrive.sys
18:58:25.0315 0748	blbdrive - ok
18:58:25.0362 0748	Bonjour Service (3f56903e124e820aeece6d471583c6c1) C:\Program Files\Bonjour\mDNSResponder.exe
18:58:25.0378 0748	Bonjour Service - ok
18:58:25.0425 0748	bowser          (35f376253f687bde63976ccb3f2108ca) C:\Windows\system32\DRIVERS\bowser.sys
18:58:25.0440 0748	bowser - ok
18:58:25.0471 0748	BrFiltLo        (9f9acc7f7ccde8a15c282d3f88b43309) C:\Windows\system32\drivers\brfiltlo.sys
18:58:25.0503 0748	BrFiltLo - ok
18:58:25.0518 0748	BrFiltUp        (56801ad62213a41f6497f96dee83755a) C:\Windows\system32\drivers\brfiltup.sys
18:58:25.0549 0748	BrFiltUp - ok
18:58:25.0581 0748	Browser         (a3629a0c4226f9e9c72faaeebc3ad33c) C:\Windows\System32\browser.dll
18:58:25.0627 0748	Browser - ok
18:58:25.0659 0748	Brserid         (b304e75cff293029eddf094246747113) C:\Windows\system32\drivers\brserid.sys
18:58:25.0908 0748	Brserid - ok
18:58:25.0939 0748	BrSerWdm        (203f0b1e73adadbbb7b7b1fabd901f6b) C:\Windows\system32\drivers\brserwdm.sys
18:58:25.0986 0748	BrSerWdm - ok
18:58:26.0002 0748	BrUsbMdm        (bd456606156ba17e60a04e18016ae54b) C:\Windows\system32\drivers\brusbmdm.sys
18:58:26.0064 0748	BrUsbMdm - ok
18:58:26.0080 0748	BrUsbSer        (af72ed54503f717a43268b3cc5faec2e) C:\Windows\system32\drivers\brusbser.sys
18:58:26.0142 0748	BrUsbSer - ok
18:58:26.0189 0748	BTHMODEM        (ad07c1ec6665b8b35741ab91200c6b68) C:\Windows\system32\drivers\bthmodem.sys
18:58:26.0236 0748	BTHMODEM - ok
18:58:26.0251 0748	catchme - ok
18:58:26.0267 0748	cdfs            (7add03e75beb9e6dd102c3081d29840a) C:\Windows\system32\DRIVERS\cdfs.sys
18:58:26.0314 0748	cdfs - ok
18:58:26.0345 0748	cdrom           (6b4bffb9becd728097024276430db314) C:\Windows\system32\DRIVERS\cdrom.sys
18:58:26.0361 0748	cdrom - ok
18:58:26.0392 0748	CertPropSvc     (312ec3e37a0a1f2006534913e37b4423) C:\Windows\System32\certprop.dll
18:58:26.0439 0748	CertPropSvc - ok
18:58:26.0470 0748	circlass        (e5d4133f37219dbcfe102bc61072589d) C:\Windows\system32\drivers\circlass.sys
18:58:26.0485 0748	circlass - ok
18:58:26.0532 0748	CLFS            (d7659d3b5b92c31e84e53c1431f35132) C:\Windows\system32\CLFS.sys
18:58:26.0548 0748	CLFS - ok
18:58:26.0626 0748	clr_optimization_v2.0.50727_32 (8ee772032e2fe80a924f3b8dd5082194) C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe
18:58:26.0641 0748	clr_optimization_v2.0.50727_32 - ok
18:58:26.0719 0748	clr_optimization_v4.0.30319_32 (c5a75eb48e2344abdc162bda79e16841) C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe
18:58:26.0719 0748	clr_optimization_v4.0.30319_32 - ok
18:58:26.0766 0748	CmBatt          (99afc3795b58cc478fbbbcdc658fcb56) C:\Windows\system32\DRIVERS\CmBatt.sys
18:58:26.0797 0748	CmBatt - ok
18:58:26.0813 0748	cmdide          (0ca25e686a4928484e9fdabd168ab629) C:\Windows\system32\drivers\cmdide.sys
18:58:26.0829 0748	cmdide - ok
18:58:26.0844 0748	Compbatt        (6afef0b60fa25de07c0968983ee4f60a) C:\Windows\system32\DRIVERS\compbatt.sys
18:58:26.0860 0748	Compbatt - ok
18:58:26.0860 0748	COMSysApp - ok
18:58:26.0860 0748	crcdisk         (741e9dff4f42d2d8477d0fc1dc0df871) C:\Windows\system32\drivers\crcdisk.sys
18:58:26.0875 0748	crcdisk - ok
18:58:26.0891 0748	Crusoe          (1f07becdca750766a96cda811ba86410) C:\Windows\system32\drivers\crusoe.sys
18:58:26.0953 0748	Crusoe - ok
18:58:27.0000 0748	CryptSvc        (75c6a297e364014840b48eccd7525e30) C:\Windows\system32\cryptsvc.dll
18:58:27.0047 0748	CryptSvc - ok
18:58:27.0141 0748	DcomLaunch      (3b5b4d53fec14f7476ca29a20cc31ac9) C:\Windows\system32\rpcss.dll
18:58:27.0203 0748	DcomLaunch - ok
18:58:27.0250 0748	DfsC            (622c41a07ca7e6dd91770f50d532cb6c) C:\Windows\system32\Drivers\dfsc.sys
18:58:27.0297 0748	DfsC - ok
18:58:27.0515 0748	DFSR            (2cc3dcfb533a1035b13dcab6160ab38b) C:\Windows\system32\DFSR.exe
18:58:27.0718 0748	DFSR - ok
18:58:27.0921 0748	dgderdrv        (6216fd7fd227de454238a702b218cec7) C:\Windows\system32\drivers\dgderdrv.sys
18:58:27.0921 0748	dgderdrv - ok
18:58:27.0999 0748	Dhcp            (9028559c132146fb75eb7acf384b086a) C:\Windows\System32\dhcpcsvc.dll
18:58:28.0030 0748	Dhcp - ok
18:58:28.0061 0748	disk            (5d4aefc3386920236a548271f8f1af6a) C:\Windows\system32\drivers\disk.sys
18:58:28.0077 0748	disk - ok
18:58:28.0139 0748	Dnscache        (57d762f6f5974af0da2be88a3349baaa) C:\Windows\System32\dnsrslvr.dll
18:58:28.0186 0748	Dnscache - ok
18:58:28.0233 0748	dot3svc         (324fd74686b1ef5e7c19a8af49e748f6) C:\Windows\System32\dot3svc.dll
18:58:28.0264 0748	dot3svc - ok
18:58:28.0295 0748	DPS             (a622e888f8aa2f6b49e9bc466f0e5def) C:\Windows\system32\dps.dll
18:58:28.0342 0748	DPS - ok
18:58:28.0404 0748	drmkaud         (97fef831ab90bee128c9af390e243f80) C:\Windows\system32\drivers\drmkaud.sys
18:58:28.0451 0748	drmkaud - ok
18:58:28.0669 0748	DXGKrnl         (c68ac676b0ef30cfbb1080adce49eb1f) C:\Windows\System32\drivers\dxgkrnl.sys
18:58:28.0701 0748	DXGKrnl - ok
18:58:28.0747 0748	E1G60           (5425f74ac0c1dbd96a1e04f17d63f94c) C:\Windows\system32\DRIVERS\E1G60I32.sys
18:58:28.0794 0748	E1G60 - ok
18:58:28.0825 0748	EapHost         (c0b95e40d85cd807d614e264248a45b9) C:\Windows\System32\eapsvc.dll
18:58:28.0888 0748	EapHost - ok
18:58:28.0935 0748	Ecache          (7f64ea048dcfac7acf8b4d7b4e6fe371) C:\Windows\system32\drivers\ecache.sys
18:58:28.0950 0748	Ecache - ok
18:58:29.0028 0748	ehRecvr         (9be3744d295a7701eb425332014f0797) C:\Windows\ehome\ehRecvr.exe
18:58:29.0075 0748	ehRecvr - ok
18:58:29.0106 0748	ehSched         (ad1870c8e5d6dd340c829e6074bf3c3f) C:\Windows\ehome\ehsched.exe
18:58:29.0153 0748	ehSched - ok
18:58:29.0200 0748	ehstart         (c27c4ee8926e74aa72efcab24c5242c3) C:\Windows\ehome\ehstart.dll
18:58:29.0231 0748	ehstart - ok
18:58:29.0403 0748	elxstor         (23b62471681a124889978f6295b3f4c6) C:\Windows\system32\drivers\elxstor.sys
18:58:29.0434 0748	elxstor - ok
18:58:29.0543 0748	EMDMgmt         (4e6b23dfc917ea39306b529b773950f4) C:\Windows\system32\emdmgmt.dll
18:58:29.0621 0748	EMDMgmt - ok
18:58:29.0652 0748	ErrDev          (3db974f3935483555d7148663f726c61) C:\Windows\system32\drivers\errdev.sys
18:58:29.0683 0748	ErrDev - ok
18:58:29.0730 0748	EventSystem     (67058c46504bc12d821f38cf99b7b28f) C:\Windows\system32\es.dll
18:58:29.0761 0748	EventSystem - ok
18:58:29.0824 0748	ewusbnet        (e1556af3fb0284c32896b9ac8494d9c2) C:\Windows\system32\DRIVERS\ewusbnet.sys
18:58:29.0871 0748	ewusbnet - ok
18:58:29.0902 0748	ew_hwusbdev     (57c171ea22f0a7f068fcb0caedd1e8e7) C:\Windows\system32\DRIVERS\ew_hwusbdev.sys
18:58:29.0949 0748	ew_hwusbdev - ok
18:58:29.0980 0748	exfat           (22b408651f9123527bcee54b4f6c5cae) C:\Windows\system32\drivers\exfat.sys
18:58:30.0027 0748	exfat - ok
18:58:30.0058 0748	fastfat         (1e9b9a70d332103c52995e957dc09ef8) C:\Windows\system32\drivers\fastfat.sys
18:58:30.0089 0748	fastfat - ok
18:58:30.0120 0748	fdc             (afe1e8b9782a0dd7fb46bbd88e43f89a) C:\Windows\system32\DRIVERS\fdc.sys
18:58:30.0167 0748	fdc - ok
18:58:30.0183 0748	fdPHost         (6629b5f0e98151f4afdd87567ea32ba3) C:\Windows\system32\fdPHost.dll
18:58:30.0198 0748	fdPHost - ok
18:58:30.0214 0748	FDResPub        (89ed56dce8e47af40892778a5bd31fd2) C:\Windows\system32\fdrespub.dll
18:58:30.0245 0748	FDResPub - ok
18:58:30.0276 0748	FileInfo        (a8c0139a884861e3aae9cfe73b208a9f) C:\Windows\system32\drivers\fileinfo.sys
18:58:30.0276 0748	FileInfo - ok
18:58:30.0307 0748	Filetrace       (0ae429a696aecbc5970e3cf2c62635ae) C:\Windows\system32\drivers\filetrace.sys
18:58:30.0339 0748	Filetrace - ok
18:58:30.0354 0748	flpydisk        (85b7cf99d532820495d68d747fda9ebd) C:\Windows\system32\DRIVERS\flpydisk.sys
18:58:30.0385 0748	flpydisk - ok
18:58:30.0432 0748	FltMgr          (01334f9ea68e6877c4ef05d3ea8abb05) C:\Windows\system32\drivers\fltmgr.sys
18:58:30.0448 0748	FltMgr - ok
18:58:30.0557 0748	FontCache       (8ce364388c8eca59b14b539179276d44) C:\Windows\system32\FntCache.dll
18:58:30.0635 0748	FontCache - ok
18:58:30.0729 0748	FontCache3.0.0.0 (c7fbdd1ed42f82bfa35167a5c9803ea3) C:\Windows\Microsoft.Net\Framework\v3.0\WPF\PresentationFontCache.exe
18:58:30.0744 0748	FontCache3.0.0.0 - ok
18:58:30.0775 0748	FsUsbExDisk     (cbe5f69a5e5b918225f420ba748f3742) C:\Windows\system32\FsUsbExDisk.SYS
18:58:30.0791 0748	FsUsbExDisk ( UnsignedFile.Multi.Generic ) - warning
18:58:30.0791 0748	FsUsbExDisk - detected UnsignedFile.Multi.Generic (1)
18:58:30.0853 0748	FsUsbExService  (15ab846886c225fff0376f3cef21188f) C:\Windows\system32\FsUsbExService.Exe
18:58:30.0869 0748	FsUsbExService ( UnsignedFile.Multi.Generic ) - warning
18:58:30.0869 0748	FsUsbExService - detected UnsignedFile.Multi.Generic (1)
18:58:30.0916 0748	Fs_Rec          (b972a66758577e0bfd1de0f91aaa27b5) C:\Windows\system32\drivers\Fs_Rec.sys
18:58:30.0931 0748	Fs_Rec - ok
18:58:30.0963 0748	gagp30kx        (34582a6e6573d54a07ece5fe24a126b5) C:\Windows\system32\drivers\gagp30kx.sys
18:58:30.0978 0748	gagp30kx - ok
18:58:31.0056 0748	GoogleDesktopManager-022208-143751 (b39662e4c237aa25a2cd2379ff508099) C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe
18:58:31.0056 0748	GoogleDesktopManager-022208-143751 - ok
18:58:31.0087 0748	GpdDevDPort - ok
18:58:31.0087 0748	GpdKbFilter - ok
18:58:31.0165 0748	gpsvc           (cd5d0aeee35dfd4e986a5aa1500a6e66) C:\Windows\System32\gpsvc.dll
18:58:31.0228 0748	gpsvc - ok
18:58:31.0290 0748	gupdate         (f02a533f517eb38333cb12a9e8963773) C:\Program Files\Google\Update\GoogleUpdate.exe
18:58:31.0306 0748	gupdate - ok
18:58:31.0306 0748	gupdatem        (f02a533f517eb38333cb12a9e8963773) C:\Program Files\Google\Update\GoogleUpdate.exe
18:58:31.0306 0748	gupdatem - ok
18:58:31.0353 0748	gusvc           (751c1d2ca2abf4a9f5a6b8d7d45b907c) C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
18:58:31.0353 0748	gusvc - ok
18:58:31.0399 0748	HdAudAddService (cb04c744be0a61b1d648faed182c3b59) C:\Windows\system32\drivers\HdAudio.sys
18:58:31.0462 0748	HdAudAddService - ok
18:58:31.0524 0748	HDAudBus        (062452b7ffd68c8c042a6261fe8dff4a) C:\Windows\system32\DRIVERS\HDAudBus.sys
18:58:31.0571 0748	HDAudBus - ok
18:58:31.0602 0748	HidBth          (1338520e78d90154ed6be8f84de5fceb) C:\Windows\system32\drivers\hidbth.sys
18:58:31.0649 0748	HidBth - ok
18:58:31.0665 0748	HidIr           (ff3160c3a2445128c5a6d9b076da519e) C:\Windows\system32\drivers\hidir.sys
18:58:31.0711 0748	HidIr - ok
18:58:31.0743 0748	hidserv         (84067081f3318162797385e11a8f0582) C:\Windows\System32\hidserv.dll
18:58:31.0774 0748	hidserv - ok
18:58:31.0789 0748	HidUsb          (3c64042b95e583b366ba4e5d2450235e) C:\Windows\system32\drivers\hidusb.sys
18:58:31.0852 0748	HidUsb - ok
18:58:31.0867 0748	hkmsvc          (d8ad255b37da92434c26e4876db7d418) C:\Windows\system32\kmsvc.dll
18:58:31.0899 0748	hkmsvc - ok
18:58:31.0914 0748	HpCISSs         (16ee7b23a009e00d835cdb79574a91a6) C:\Windows\system32\drivers\hpcisss.sys
18:58:31.0930 0748	HpCISSs - ok
18:58:31.0992 0748	HTTP            (f870aa3e254628ebeafe754108d664de) C:\Windows\system32\drivers\HTTP.sys
18:58:32.0070 0748	HTTP - ok
18:58:32.0117 0748	huawei_enumerator (92548543d50c9bccdb31ffb7ec39249d) C:\Windows\system32\DRIVERS\ew_jubusenum.sys
18:58:32.0164 0748	huawei_enumerator - ok
18:58:32.0211 0748	hwdatacard      (a89423d0132c8ab69ba621b6ce191714) C:\Windows\system32\DRIVERS\ewusbmdm.sys
18:58:32.0257 0748	hwdatacard - ok
18:58:32.0304 0748	i2omp           (c6b032d69650985468160fc9937cf5b4) C:\Windows\system32\drivers\i2omp.sys
18:58:32.0320 0748	i2omp - ok
18:58:32.0367 0748	i8042prt        (22d56c8184586b7a1f6fa60be5f5a2bd) C:\Windows\system32\DRIVERS\i8042prt.sys
18:58:32.0413 0748	i8042prt - ok
18:58:32.0460 0748	iaStor          (e5a0034847537eaee3c00349d5c34c5f) C:\Windows\system32\drivers\iastor.sys
18:58:32.0476 0748	iaStor - ok
18:58:32.0507 0748	iaStorV         (54155ea1b0df185878e0fc9ec3ac3a14) C:\Windows\system32\drivers\iastorv.sys
18:58:32.0523 0748	iaStorV - ok
18:58:32.0647 0748	idsvc           (98477b08e61945f974ed9fdc4cb6bdab) C:\Windows\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\infocard.exe
18:58:32.0725 0748	idsvc - ok
18:58:32.0757 0748	iirsp           (2d077bf86e843f901d8db709c95b49a5) C:\Windows\system32\drivers\iirsp.sys
18:58:32.0757 0748	iirsp - ok
18:58:32.0835 0748	IKEEXT          (9908d8a397b76cd8d31d0d383c5773c9) C:\Windows\System32\ikeext.dll
18:58:32.0881 0748	IKEEXT - ok
18:58:33.0225 0748	IntcAzAudAddService (fbbe3f1697d393be685cd6192b1ec95a) C:\Windows\system32\drivers\RTKVHDA.sys
18:58:33.0396 0748	IntcAzAudAddService - ok
18:58:33.0552 0748	intelide        (83aa759f3189e6370c30de5dc5590718) C:\Windows\system32\drivers\intelide.sys
18:58:33.0568 0748	intelide - ok
18:58:33.0599 0748	intelppm        (224191001e78c89dfa78924c3ea595ff) C:\Windows\system32\DRIVERS\intelppm.sys
18:58:33.0630 0748	intelppm - ok
18:58:33.0661 0748	IPBusEnum       (9ac218c6e6105477484c6fdbe7d409a4) C:\Windows\system32\ipbusenum.dll
18:58:33.0693 0748	IPBusEnum - ok
18:58:33.0708 0748	IpFilterDriver  (62c265c38769b864cb25b4bcf62df6c3) C:\Windows\system32\DRIVERS\ipfltdrv.sys
18:58:33.0755 0748	IpFilterDriver - ok
18:58:33.0802 0748	iphlpsvc        (1998bd97f950680bb55f55a7244679c2) C:\Windows\System32\iphlpsvc.dll
18:58:33.0833 0748	iphlpsvc - ok
18:58:33.0833 0748	IpInIp - ok
18:58:33.0864 0748	IPMIDRV         (b25aaf203552b7b3491139d582b39ad1) C:\Windows\system32\drivers\ipmidrv.sys
18:58:33.0880 0748	IPMIDRV - ok
18:58:33.0911 0748	IPNAT           (8793643a67b42cec66490b2a0cf92d68) C:\Windows\system32\DRIVERS\ipnat.sys
18:58:33.0942 0748	IPNAT - ok
18:58:33.0973 0748	IRENUM          (109c0dfb82c3632fbd11949b73aeeac9) C:\Windows\system32\drivers\irenum.sys
18:58:34.0005 0748	IRENUM - ok
18:58:34.0020 0748	isapnp          (6c70698a3e5c4376c6ab5c7c17fb0614) C:\Windows\system32\drivers\isapnp.sys
18:58:34.0020 0748	isapnp - ok
18:58:34.0067 0748	iScsiPrt        (232fa340531d940aac623b121a595034) C:\Windows\system32\DRIVERS\msiscsi.sys
18:58:34.0083 0748	iScsiPrt - ok
18:58:34.0098 0748	iteatapi        (bced60d16156e428f8df8cf27b0df150) C:\Windows\system32\drivers\iteatapi.sys
18:58:34.0114 0748	iteatapi - ok
18:58:34.0129 0748	iteraid         (06fa654504a498c30adca8bec4e87e7e) C:\Windows\system32\drivers\iteraid.sys
18:58:34.0129 0748	iteraid - ok
18:58:34.0161 0748	JRAID           (c36f3a1a4e8416ef43f30deab7701730) C:\Windows\system32\drivers\jraid.sys
18:58:34.0223 0748	JRAID - ok
18:58:34.0239 0748	kbdclass        (37605e0a8cf00cbba538e753e4344c6e) C:\Windows\system32\DRIVERS\kbdclass.sys
18:58:34.0254 0748	kbdclass - ok
18:58:34.0270 0748	kbdhid          (18247836959ba67e3511b62846b9c2e0) C:\Windows\system32\drivers\kbdhid.sys
18:58:34.0317 0748	kbdhid - ok
18:58:34.0348 0748	KeyIso          (a3e186b4b935905b829219502557314e) C:\Windows\system32\lsass.exe
18:58:34.0379 0748	KeyIso - ok
18:58:34.0441 0748	KSecDD          (4a1445efa932a3baf5bdb02d7131ee20) C:\Windows\system32\Drivers\ksecdd.sys
18:58:34.0473 0748	KSecDD - ok
18:58:34.0535 0748	KtmRm           (8078f8f8f7a79e2e6b494523a828c585) C:\Windows\system32\msdtckrm.dll
18:58:34.0582 0748	KtmRm - ok
18:58:34.0629 0748	LanmanServer    (1bf5eebfd518dd7298434d8c862f825d) C:\Windows\System32\srvsvc.dll
18:58:34.0660 0748	LanmanServer - ok
18:58:34.0722 0748	LanmanWorkstation (1db69705b695b987082c8baec0c6b34f) C:\Windows\System32\wkssvc.dll
18:58:34.0769 0748	LanmanWorkstation - ok
18:58:34.0816 0748	lltdio          (d1c5883087a0c3f1344d9d55a44901f6) C:\Windows\system32\DRIVERS\lltdio.sys
18:58:34.0831 0748	lltdio - ok
18:58:34.0863 0748	lltdsvc         (2d5a428872f1442631d0959a34abff63) C:\Windows\System32\lltdsvc.dll
18:58:34.0909 0748	lltdsvc - ok
18:58:34.0925 0748	lmhosts         (35d40113e4a5b961b6ce5c5857702518) C:\Windows\System32\lmhsvc.dll
18:58:34.0956 0748	lmhosts - ok
18:58:34.0987 0748	LSI_FC          (c7e15e82879bf3235b559563d4185365) C:\Windows\system32\drivers\lsi_fc.sys
18:58:35.0003 0748	LSI_FC - ok
18:58:35.0019 0748	LSI_SAS         (ee01ebae8c9bf0fa072e0ff68718920a) C:\Windows\system32\drivers\lsi_sas.sys
18:58:35.0034 0748	LSI_SAS - ok
18:58:35.0050 0748	LSI_SCSI        (912a04696e9ca30146a62afa1463dd5c) C:\Windows\system32\drivers\lsi_scsi.sys
18:58:35.0065 0748	LSI_SCSI - ok
18:58:35.0097 0748	luafv           (8f5c7426567798e62a3b3614965d62cc) C:\Windows\system32\drivers\luafv.sys
18:58:35.0128 0748	luafv - ok
18:58:35.0143 0748	Mcx2Svc         (aef9babb8a506bc4ce0451a64aaded46) C:\Windows\system32\Mcx2Svc.dll
18:58:35.0159 0748	Mcx2Svc - ok
18:58:35.0175 0748	megasas         (0001ce609d66632fa17b84705f658879) C:\Windows\system32\drivers\megasas.sys
18:58:35.0190 0748	megasas - ok
18:58:35.0237 0748	MegaSR          (c252f32cd9a49dbfc25ecf26ebd51a99) C:\Windows\system32\drivers\megasr.sys
18:58:35.0284 0748	MegaSR - ok
18:58:35.0299 0748	MMCSS           (1076ffcffaae8385fd62dfcb25ac4708) C:\Windows\system32\mmcss.dll
18:58:35.0346 0748	MMCSS - ok
18:58:35.0362 0748	Modem           (e13b5ea0f51ba5b1512ec671393d09ba) C:\Windows\system32\drivers\modem.sys
18:58:35.0377 0748	Modem - ok
18:58:35.0409 0748	monitor         (0a9bb33b56e294f686abb7c1e4e2d8a8) C:\Windows\system32\DRIVERS\monitor.sys
18:58:35.0440 0748	monitor - ok
18:58:35.0455 0748	mouclass        (5bf6a1326a335c5298477754a506d263) C:\Windows\system32\DRIVERS\mouclass.sys
18:58:35.0455 0748	mouclass - ok
18:58:35.0487 0748	mouhid          (93b8d4869e12cfbe663915502900876f) C:\Windows\system32\drivers\mouhid.sys
18:58:35.0533 0748	mouhid - ok
18:58:35.0549 0748	MountMgr        (bdafc88aa6b92f7842416ea6a48e1600) C:\Windows\system32\drivers\mountmgr.sys
18:58:35.0565 0748	MountMgr - ok
18:58:35.0627 0748	MozillaMaintenance (46297fa8e30a6007f14118fc2b942fbc) C:\Program Files\Mozilla Maintenance Service\maintenanceservice.exe
18:58:35.0643 0748	MozillaMaintenance - ok
18:58:35.0658 0748	mpio            (511d011289755dd9f9a7579fb0b064e6) C:\Windows\system32\drivers\mpio.sys
18:58:35.0674 0748	mpio - ok
18:58:35.0689 0748	mpsdrv          (22241feba9b2defa669c8cb0a8dd7d2e) C:\Windows\system32\drivers\mpsdrv.sys
18:58:35.0721 0748	mpsdrv - ok
18:58:35.0783 0748	MpsSvc          (5de62c6e9108f14f6794060a9bdecaec) C:\Windows\system32\mpssvc.dll
18:58:35.0830 0748	MpsSvc - ok
18:58:35.0861 0748	Mraid35x        (4fbbb70d30fd20ec51f80061703b001e) C:\Windows\system32\drivers\mraid35x.sys
18:58:35.0877 0748	Mraid35x - ok
18:58:35.0908 0748	MRxDAV          (82cea0395524aacfeb58ba1448e8325c) C:\Windows\system32\drivers\mrxdav.sys
18:58:35.0939 0748	MRxDAV - ok
18:58:35.0986 0748	mrxsmb          (1e94971c4b446ab2290deb71d01cf0c2) C:\Windows\system32\DRIVERS\mrxsmb.sys
18:58:36.0017 0748	mrxsmb - ok
18:58:36.0064 0748	mrxsmb10        (4fccb34d793b116423209c0f8b7a3b03) C:\Windows\system32\DRIVERS\mrxsmb10.sys
18:58:36.0095 0748	mrxsmb10 - ok
18:58:36.0111 0748	mrxsmb20        (c3cb1b40ad4a0124d617a1199b0b9d7c) C:\Windows\system32\DRIVERS\mrxsmb20.sys
18:58:36.0142 0748	mrxsmb20 - ok
18:58:36.0189 0748	msahci          (5457dcfa7c0da43522f4d9d4049c1472) C:\Windows\system32\drivers\msahci.sys
18:58:36.0204 0748	msahci - ok
18:58:36.0220 0748	msdsm           (4468b0f385a86ecddaf8d3ca662ec0e7) C:\Windows\system32\drivers\msdsm.sys
18:58:36.0235 0748	msdsm - ok
18:58:36.0267 0748	MSDTC           (fd7520cc3a80c5fc8c48852bb24c6ded) C:\Windows\System32\msdtc.exe
18:58:36.0313 0748	MSDTC - ok
18:58:36.0329 0748	Msfs            (a9927f4a46b816c92f461acb90cf8515) C:\Windows\system32\drivers\Msfs.sys
18:58:36.0360 0748	Msfs - ok
18:58:36.0407 0748	msisadrv        (0f400e306f385c56317357d6dea56f62) C:\Windows\system32\drivers\msisadrv.sys
18:58:36.0423 0748	msisadrv - ok
18:58:36.0454 0748	MSiSCSI         (85466c0757a23d9a9aecdc0755203cb2) C:\Windows\system32\iscsiexe.dll
18:58:36.0469 0748	MSiSCSI - ok
18:58:36.0469 0748	msiserver - ok
18:58:36.0501 0748	MSKSSRV         (d8c63d34d9c9e56c059e24ec7185cc07) C:\Windows\system32\drivers\MSKSSRV.sys
18:58:36.0547 0748	MSKSSRV - ok
18:58:36.0579 0748	MSPCLOCK        (1d373c90d62ddb641d50e55b9e78d65e) C:\Windows\system32\drivers\MSPCLOCK.sys
18:58:36.0610 0748	MSPCLOCK - ok
18:58:36.0625 0748	MSPQM           (b572da05bf4e098d4bba3a4734fb505b) C:\Windows\system32\drivers\MSPQM.sys
18:58:36.0657 0748	MSPQM - ok
18:58:36.0688 0748	MsRPC           (b49456d70555de905c311bcda6ec6adb) C:\Windows\system32\drivers\MsRPC.sys
18:58:36.0703 0748	MsRPC - ok
18:58:36.0719 0748	mssmbios        (e384487cb84be41d09711c30ca79646c) C:\Windows\system32\DRIVERS\mssmbios.sys
18:58:36.0735 0748	mssmbios - ok
18:58:36.0844 0748	MSSQL$MSSMLBIZ - ok
18:58:36.0875 0748	MSSQLServerADHelper (1d89eb4e2a99cabd4e81225f4f4c4b25) C:\Program Files\Microsoft SQL Server\90\Shared\sqladhlp90.exe
18:58:36.0875 0748	MSSQLServerADHelper - ok
18:58:36.0891 0748	MSTEE           (7199c1eec1e4993caf96b8c0a26bd58a) C:\Windows\system32\drivers\MSTEE.sys
18:58:36.0922 0748	MSTEE - ok
18:58:36.0937 0748	Mup             (6a57b5733d4cb702c8ea4542e836b96c) C:\Windows\system32\Drivers\mup.sys
18:58:36.0953 0748	Mup - ok
18:58:36.0984 0748	napagent        (e4eaf0c5c1b41b5c83386cf212ca9584) C:\Windows\system32\qagentRT.dll
18:58:37.0031 0748	napagent - ok
18:58:37.0078 0748	NativeWifiP     (85c44fdff9cf7e72a40dcb7ec06a4416) C:\Windows\system32\DRIVERS\nwifi.sys
18:58:37.0093 0748	NativeWifiP - ok
18:58:37.0171 0748	NDIS            (1357274d1883f68300aeadd15d7bbb42) C:\Windows\system32\drivers\ndis.sys
18:58:37.0187 0748	NDIS - ok
18:58:37.0218 0748	NdisTapi        (0e186e90404980569fb449ba7519ae61) C:\Windows\system32\DRIVERS\ndistapi.sys
18:58:37.0265 0748	NdisTapi - ok
18:58:37.0281 0748	Ndisuio         (d6973aa34c4d5d76c0430b181c3cd389) C:\Windows\system32\DRIVERS\ndisuio.sys
18:58:37.0296 0748	Ndisuio - ok
18:58:37.0327 0748	NdisWan         (818f648618ae34f729fdb47ec68345c3) C:\Windows\system32\DRIVERS\ndiswan.sys
18:58:37.0374 0748	NdisWan - ok
18:58:37.0390 0748	NDProxy         (71dab552b41936358f3b541ae5997fb3) C:\Windows\system32\drivers\NDProxy.sys
18:58:37.0421 0748	NDProxy - ok
18:58:37.0593 0748	Nero BackItUp Scheduler 3 (b044bb341e164da6750a9b8e6a5ff6a1) C:\Program Files\Nero\Nero8\Nero BackItUp\NBService.exe
18:58:37.0624 0748	Nero BackItUp Scheduler 3 - ok
18:58:37.0655 0748	NetBIOS         (bcd093a5a6777cf626434568dc7dba78) C:\Windows\system32\DRIVERS\netbios.sys
18:58:37.0671 0748	NetBIOS - ok
18:58:37.0733 0748	netbt           (ecd64230a59cbd93c85f1cd1cab9f3f6) C:\Windows\system32\DRIVERS\netbt.sys
18:58:37.0780 0748	netbt - ok
18:58:37.0795 0748	Netlogon        (a3e186b4b935905b829219502557314e) C:\Windows\system32\lsass.exe
18:58:37.0811 0748	Netlogon - ok
18:58:37.0858 0748	Netman          (c8052711daecc48b982434c5116ca401) C:\Windows\System32\netman.dll
18:58:37.0905 0748	Netman - ok
18:58:37.0936 0748	netprofm        (2ef3bbe22e5a5acd1428ee387a0d0172) C:\Windows\System32\netprofm.dll
18:58:37.0951 0748	netprofm - ok
18:58:38.0014 0748	NetTcpPortSharing (d6c4e4a39a36029ac0813d476fbd0248) C:\Windows\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\SMSvcHost.exe
18:58:38.0029 0748	NetTcpPortSharing - ok
18:58:38.0451 0748	NETw5v32        (9ca26dccf0b84a6ff2b54fbb2a94520b) C:\Windows\system32\DRIVERS\NETw5v32.sys
18:58:38.0591 0748	NETw5v32 - ok
18:58:38.0747 0748	nfrd960         (2e7fb731d4790a1bc6270accefacb36e) C:\Windows\system32\drivers\nfrd960.sys
18:58:38.0763 0748	nfrd960 - ok
18:58:38.0794 0748	NlaSvc          (2997b15415f9bbe05b5a4c1c85e0c6a2) C:\Windows\System32\nlasvc.dll
18:58:38.0825 0748	NlaSvc - ok
18:58:38.0981 0748	NMIndexingService (eba1b4bf2e2375abdadedb649f283541) C:\Program Files\Common Files\Nero\Lib\NMIndexingService.exe
18:58:39.0028 0748	NMIndexingService - ok
18:58:39.0059 0748	Npfs            (d36f239d7cce1931598e8fb90a0dbc26) C:\Windows\system32\drivers\Npfs.sys
18:58:39.0090 0748	Npfs - ok
18:58:39.0121 0748	nsi             (8bb86f0c7eea2bded6fe095d0b4ca9bd) C:\Windows\system32\nsisvc.dll
18:58:39.0153 0748	nsi - ok
18:58:39.0168 0748	nsiproxy        (609773e344a97410ce4ebf74a8914fcf) C:\Windows\system32\drivers\nsiproxy.sys
18:58:39.0199 0748	nsiproxy - ok
18:58:39.0340 0748	Ntfs            (6a4a98cee84cf9e99564510dda4baa47) C:\Windows\system32\drivers\Ntfs.sys
18:58:39.0371 0748	Ntfs - ok
18:58:39.0387 0748	ntrigdigi       (e875c093aec0c978a90f30c9e0dfbb72) C:\Windows\system32\drivers\ntrigdigi.sys
18:58:39.0433 0748	ntrigdigi - ok
18:58:39.0433 0748	Null            (c5dbbcda07d780bda9b685df333bb41e) C:\Windows\system32\drivers\Null.sys
18:58:39.0465 0748	Null - ok
18:58:40.0291 0748	nvlddmkm        (2713392707e515efb671751fa767ebd2) C:\Windows\system32\DRIVERS\nvlddmkm.sys
18:58:40.0744 0748	nvlddmkm - ok
18:58:40.0869 0748	nvraid          (2edf9e7751554b42cbb60116de727101) C:\Windows\system32\drivers\nvraid.sys
18:58:40.0884 0748	nvraid - ok
18:58:40.0900 0748	nvstor          (abed0c09758d1d97db0042dbb2688177) C:\Windows\system32\drivers\nvstor.sys
18:58:40.0915 0748	nvstor - ok
18:58:40.0962 0748	nvsvc           (d445466c0a10536486fbebbc271d6e34) C:\Windows\system32\nvvsvc.exe
18:58:40.0978 0748	nvsvc - ok
18:58:40.0993 0748	nv_agp          (18bbdf913916b71bd54575bdb6eeac0b) C:\Windows\system32\drivers\nv_agp.sys
18:58:41.0009 0748	nv_agp - ok
18:58:41.0009 0748	NwlnkFlt - ok
18:58:41.0009 0748	NwlnkFwd - ok
18:58:41.0040 0748	ohci1394        (be32da025a0be1878f0ee8d6d9386cd5) C:\Windows\system32\drivers\ohci1394.sys
18:58:41.0071 0748	ohci1394 - ok
18:58:41.0165 0748	OsdService      (b7edd9fd6387802dfaa795372aecf212) C:\Program Files\OEM\OSD_1.16\OsdService.exe
18:58:41.0165 0748	OsdService ( UnsignedFile.Multi.Generic ) - warning
18:58:41.0165 0748	OsdService - detected UnsignedFile.Multi.Generic (1)
18:58:41.0227 0748	ose             (9d10f99a6712e28f8acd5641e3a7ea6b) C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE
18:58:41.0243 0748	ose - ok
18:58:41.0337 0748	p2pimsvc        (0c8e8e61ad1eb0b250b846712c917506) C:\Windows\system32\p2psvc.dll
18:58:41.0399 0748	p2pimsvc - ok
18:58:41.0415 0748	p2psvc          (0c8e8e61ad1eb0b250b846712c917506) C:\Windows\system32\p2psvc.dll
18:58:41.0430 0748	p2psvc - ok
18:58:41.0477 0748	Parport         (0fa9b5055484649d63c303fe404e5f4d) C:\Windows\system32\drivers\parport.sys
18:58:41.0508 0748	Parport - ok
18:58:41.0555 0748	partmgr         (b9c2b89f08670e159f7181891e449cd9) C:\Windows\system32\drivers\partmgr.sys
18:58:41.0555 0748	partmgr - ok
18:58:41.0586 0748	Parvdm          (4f9a6a8a31413180d0fcb279ad5d8112) C:\Windows\system32\drivers\parvdm.sys
18:58:41.0633 0748	Parvdm - ok
18:58:41.0664 0748	PcaSvc          (c6276ad11f4bb49b58aa1ed88537f14a) C:\Windows\System32\pcasvc.dll
18:58:41.0711 0748	PcaSvc - ok
18:58:41.0742 0748	pci             (941dc1d19e7e8620f40bbc206981efdb) C:\Windows\system32\drivers\pci.sys
18:58:41.0758 0748	pci - ok
18:58:41.0773 0748	pciide          (fc175f5ddab666d7f4d17449a547626f) C:\Windows\system32\drivers\pciide.sys
18:58:41.0773 0748	pciide - ok
18:58:41.0820 0748	pcmcia          (e6f3fb1b86aa519e7698ad05e58b04e5) C:\Windows\system32\drivers\pcmcia.sys
18:58:41.0836 0748	pcmcia - ok
18:58:41.0929 0748	PEAUTH          (6349f6ed9c623b44b52ea3c63c831a92) C:\Windows\system32\drivers\peauth.sys
18:58:41.0992 0748	PEAUTH - ok
18:58:42.0148 0748	pla             (b1689df169143f57053f795390c99db3) C:\Windows\system32\pla.dll
18:58:42.0257 0748	pla - ok
18:58:42.0382 0748	PLFlash DeviceIoControl Service (875e4e0661f3a5994df9e5e3a0a4f96b) C:\Windows\system32\IoctlSvc.exe
18:58:42.0397 0748	PLFlash DeviceIoControl Service ( UnsignedFile.Multi.Generic ) - warning
18:58:42.0397 0748	PLFlash DeviceIoControl Service - detected UnsignedFile.Multi.Generic (1)
18:58:42.0429 0748	PlugPlay        (c5e7f8a996ec0a82d508fd9064a5569e) C:\Windows\system32\umpnpmgr.dll
18:58:42.0460 0748	PlugPlay - ok
18:58:42.0553 0748	PNRPAutoReg     (0c8e8e61ad1eb0b250b846712c917506) C:\Windows\system32\p2psvc.dll
18:58:42.0585 0748	PNRPAutoReg - ok
18:58:42.0585 0748	PNRPsvc         (0c8e8e61ad1eb0b250b846712c917506) C:\Windows\system32\p2psvc.dll
18:58:42.0631 0748	PNRPsvc - ok
18:58:42.0709 0748	PolicyAgent     (d0494460421a03cd5225cca0059aa146) C:\Windows\System32\ipsecsvc.dll
18:58:42.0787 0748	PolicyAgent - ok
18:58:42.0865 0748	PptpMiniport    (ecfffaec0c1ecd8dbc77f39070ea1db1) C:\Windows\system32\DRIVERS\raspptp.sys
18:58:42.0912 0748	PptpMiniport - ok
18:58:42.0928 0748	Processor       (2027293619dd0f047c584cf2e7df4ffd) C:\Windows\system32\drivers\processr.sys
18:58:42.0959 0748	Processor - ok
18:58:42.0975 0748	ProfSvc         (0508faa222d28835310b7bfca7a77346) C:\Windows\system32\profsvc.dll
18:58:43.0006 0748	ProfSvc - ok
18:58:43.0021 0748	ProtectedStorage (a3e186b4b935905b829219502557314e) C:\Windows\system32\lsass.exe
18:58:43.0037 0748	ProtectedStorage - ok
18:58:43.0068 0748	PSched          (99514faa8df93d34b5589187db3aa0ba) C:\Windows\system32\DRIVERS\pacer.sys
18:58:43.0084 0748	PSched - ok
18:58:43.0115 0748	PxHelp20        (49452bfcec22f36a7a9b9c2181bc3042) C:\Windows\system32\Drivers\PxHelp20.sys
18:58:43.0131 0748	PxHelp20 - ok
18:58:43.0255 0748	ql2300          (0a6db55afb7820c99aa1f3a1d270f4f6) C:\Windows\system32\drivers\ql2300.sys
18:58:43.0333 0748	ql2300 - ok
18:58:43.0349 0748	ql40xx          (81a7e5c076e59995d54bc1ed3a16e60b) C:\Windows\system32\drivers\ql40xx.sys
18:58:43.0365 0748	ql40xx - ok
18:58:43.0427 0748	QWAVE           (e9ecae663f47e6cb43962d18ab18890f) C:\Windows\system32\qwave.dll
18:58:43.0443 0748	QWAVE - ok
18:58:43.0458 0748	QWAVEdrv        (9f5e0e1926014d17486901c88eca2db7) C:\Windows\system32\drivers\qwavedrv.sys
18:58:43.0489 0748	QWAVEdrv - ok
18:58:43.0505 0748	RasAcd          (147d7f9c556d259924351feb0de606c3) C:\Windows\system32\DRIVERS\rasacd.sys
18:58:43.0552 0748	RasAcd - ok
18:58:43.0567 0748	RasAuto         (f6a452eb4ceadbb51c9e0ee6b3ecef0f) C:\Windows\System32\rasauto.dll
18:58:43.0614 0748	RasAuto - ok
18:58:43.0630 0748	Rasl2tp         (a214adbaf4cb47dd2728859ef31f26b0) C:\Windows\system32\DRIVERS\rasl2tp.sys
18:58:43.0661 0748	Rasl2tp - ok
18:58:43.0708 0748	RasMan          (75d47445d70ca6f9f894b032fbc64fcf) C:\Windows\System32\rasmans.dll
18:58:43.0723 0748	RasMan - ok
18:58:43.0755 0748	RasPppoe        (509a98dd18af4375e1fc40bc175f1def) C:\Windows\system32\DRIVERS\raspppoe.sys
18:58:43.0770 0748	RasPppoe - ok
18:58:43.0801 0748	RasSstp         (2005f4a1e05fa09389ac85840f0a9e4d) C:\Windows\system32\DRIVERS\rassstp.sys
18:58:43.0817 0748	RasSstp - ok
18:58:43.0864 0748	rdbss           (b14c9d5b9add2f84f70570bbbfaa7935) C:\Windows\system32\DRIVERS\rdbss.sys
18:58:43.0879 0748	rdbss - ok
18:58:43.0879 0748	RDPCDD          (89e59be9a564262a3fb6c4f4f1cd9899) C:\Windows\system32\DRIVERS\RDPCDD.sys
18:58:43.0911 0748	RDPCDD - ok
18:58:43.0942 0748	rdpdr           (fbc0bacd9c3d7f6956853f64a66e252d) C:\Windows\system32\drivers\rdpdr.sys
18:58:43.0957 0748	rdpdr - ok
18:58:43.0973 0748	RDPENCDD        (9d91fe5286f748862ecffa05f8a0710c) C:\Windows\system32\drivers\rdpencdd.sys
18:58:44.0004 0748	RDPENCDD - ok
18:58:44.0051 0748	RDPWD           (c127ebd5afab31524662c48dfceb773a) C:\Windows\system32\drivers\RDPWD.sys
18:58:44.0098 0748	RDPWD - ok
18:58:44.0129 0748	RemoteAccess    (bcdd6b4804d06b1f7ebf29e53a57ece9) C:\Windows\System32\mprdim.dll
18:58:44.0176 0748	RemoteAccess - ok
18:58:44.0191 0748	RemoteRegistry  (9e6894ea18daff37b63e1005f83ae4ab) C:\Windows\system32\regsvc.dll
18:58:44.0223 0748	RemoteRegistry - ok
18:58:44.0238 0748	RpcLocator      (5123f83cbc4349d065534eeb6bbdc42b) C:\Windows\system32\locator.exe
18:58:44.0269 0748	RpcLocator - ok
18:58:44.0347 0748	RpcSs           (3b5b4d53fec14f7476ca29a20cc31ac9) C:\Windows\system32\rpcss.dll
18:58:44.0379 0748	RpcSs - ok
18:58:44.0394 0748	rspndr          (9c508f4074a39e8b4b31d27198146fad) C:\Windows\system32\DRIVERS\rspndr.sys
18:58:44.0441 0748	rspndr - ok
18:58:44.0488 0748	RTL8169         (2d19a7469ea19993d0c12e627f4530bc) C:\Windows\system32\DRIVERS\Rtlh86.sys
18:58:44.0503 0748	RTL8169 - ok
18:58:44.0503 0748	SamSs           (a3e186b4b935905b829219502557314e) C:\Windows\system32\lsass.exe
18:58:44.0519 0748	SamSs - ok
18:58:44.0597 0748	SASDIFSV        (39763504067962108505bff25f024345) C:\Program Files\SUPERAntiSpyware\SASDIFSV.SYS
18:58:44.0613 0748	SASDIFSV - ok
18:58:44.0628 0748	SASKUTIL        (77b9fc20084b48408ad3e87570eb4a85) C:\Program Files\SUPERAntiSpyware\SASKUTIL.SYS
18:58:44.0628 0748	SASKUTIL - ok
18:58:44.0659 0748	sbp2port        (3ce8f073a557e172b330109436984e30) C:\Windows\system32\drivers\sbp2port.sys
18:58:44.0675 0748	sbp2port - ok
18:58:44.0706 0748	SCardSvr        (77b7a11a0c3d78d3386398fbbea1b632) C:\Windows\System32\SCardSvr.dll
18:58:44.0722 0748	SCardSvr - ok
18:58:44.0800 0748	Schedule        (1a58069db21d05eb2ab58ee5753ebe8d) C:\Windows\system32\schedsvc.dll
18:58:44.0862 0748	Schedule - ok
18:58:44.0893 0748	SCPolicySvc     (312ec3e37a0a1f2006534913e37b4423) C:\Windows\System32\certprop.dll
18:58:44.0925 0748	SCPolicySvc - ok
18:58:44.0956 0748	SDRSVC          (716313d9f6b0529d03f726d5aaf6f191) C:\Windows\System32\SDRSVC.dll
18:58:45.0003 0748	SDRSVC - ok
18:58:45.0018 0748	secdrv          (90a3935d05b494a5a39d37e71f09a677) C:\Windows\system32\drivers\secdrv.sys
18:58:45.0081 0748	secdrv - ok
18:58:45.0096 0748	seclogon        (fd5199d4d8a521005e4b5ee7fe00fa9b) C:\Windows\system32\seclogon.dll
18:58:45.0127 0748	seclogon - ok
18:58:45.0143 0748	SENS            (a9bbab5759771e523f55563d6cbe140f) C:\Windows\system32\sens.dll
18:58:45.0174 0748	SENS - ok
18:58:45.0190 0748	Serenum         (68e44e331d46f0fb38f0863a84cd1a31) C:\Windows\system32\drivers\serenum.sys
18:58:45.0237 0748	Serenum - ok
18:58:45.0252 0748	Serial          (c70d69a918b178d3c3b06339b40c2e1b) C:\Windows\system32\drivers\serial.sys
18:58:45.0283 0748	Serial - ok
18:58:45.0299 0748	sermouse        (8af3d28a879bf75db53a0ee7a4289624) C:\Windows\system32\drivers\sermouse.sys
18:58:45.0330 0748	sermouse - ok
18:58:45.0346 0748	SessionEnv      (d2193326f729b163125610dbf3e17d57) C:\Windows\system32\sessenv.dll
18:58:45.0377 0748	SessionEnv - ok
18:58:45.0393 0748	sffdisk         (3efa810bdca87f6ecc24f9832243fe86) C:\Windows\system32\drivers\sffdisk.sys
18:58:45.0408 0748	sffdisk - ok
18:58:45.0424 0748	sffp_mmc        (e95d451f7ea3e583aec75f3b3ee42dc5) C:\Windows\system32\drivers\sffp_mmc.sys
18:58:45.0455 0748	sffp_mmc - ok
18:58:45.0471 0748	sffp_sd         (3d0ea348784b7ac9ea9bd9f317980979) C:\Windows\system32\drivers\sffp_sd.sys
18:58:45.0517 0748	sffp_sd - ok
18:58:45.0549 0748	sfloppy         (46ed8e91793b2e6f848015445a0ac188) C:\Windows\system32\drivers\sfloppy.sys
18:58:45.0611 0748	sfloppy - ok
18:58:45.0658 0748	SharedAccess    (e1499bd0ff76b1b2fbbf1af339d91165) C:\Windows\System32\ipnathlp.dll
18:58:45.0689 0748	SharedAccess - ok
18:58:45.0736 0748	ShellHWDetection (c7230fbee14437716701c15be02c27b8) C:\Windows\System32\shsvcs.dll
18:58:45.0767 0748	ShellHWDetection - ok
18:58:45.0783 0748	sisagp          (1d76624a09a054f682d746b924e2dbc3) C:\Windows\system32\drivers\sisagp.sys
18:58:45.0798 0748	sisagp - ok
18:58:45.0814 0748	SiSRaid2        (43cb7aa756c7db280d01da9b676cfde2) C:\Windows\system32\drivers\sisraid2.sys
18:58:45.0829 0748	SiSRaid2 - ok
18:58:45.0845 0748	SiSRaid4        (a99c6c8b0baa970d8aa59ddc50b57f94) C:\Windows\system32\drivers\sisraid4.sys
18:58:45.0845 0748	SiSRaid4 - ok
18:58:46.0157 0748	slsvc           (862bb4cbc05d80c5b45be430e5ef872f) C:\Windows\system32\SLsvc.exe
18:58:46.0313 0748	slsvc - ok
18:58:46.0438 0748	SLUINotify      (6edc422215cd78aa8a9cde6b30abbd35) C:\Windows\system32\SLUINotify.dll
18:58:46.0469 0748	SLUINotify - ok
18:58:46.0500 0748	Smb             (7b75299a4d201d6a6533603d6914ab04) C:\Windows\system32\DRIVERS\smb.sys
18:58:46.0516 0748	Smb - ok
18:58:46.0547 0748	SNMPTRAP        (2a146a055b4401c16ee62d18b8e2a032) C:\Windows\System32\snmptrap.exe
18:58:46.0563 0748	SNMPTRAP - ok
18:58:46.0578 0748	spldr           (7aebdeef071fe28b0eef2cdd69102bff) C:\Windows\system32\drivers\spldr.sys
18:58:46.0594 0748	spldr - ok
18:58:46.0625 0748	Spooler         (8554097e5136c3bf9f69fe578a1b35f4) C:\Windows\System32\spoolsv.exe
18:58:46.0672 0748	Spooler - ok
18:58:46.0750 0748	SQLBrowser      (86ebd8b1f23e743aad21f4d5b4d40985) C:\Program Files\Microsoft SQL Server\90\Shared\sqlbrowser.exe
18:58:46.0750 0748	SQLBrowser - ok
18:58:46.0797 0748	SQLWriter       (d89083c4eb02daca8f944b0e05e57f9d) C:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe
18:58:46.0812 0748	SQLWriter - ok
18:58:46.0875 0748	srv             (41987f9fc0e61adf54f581e15029ad91) C:\Windows\system32\DRIVERS\srv.sys
18:58:46.0906 0748	srv - ok
18:58:46.0937 0748	srv2            (ff33aff99564b1aa534f58868cbe41ef) C:\Windows\system32\DRIVERS\srv2.sys
18:58:46.0968 0748	srv2 - ok
18:58:46.0999 0748	srvnet          (7605c0e1d01a08f3ecd743f38b834a44) C:\Windows\system32\DRIVERS\srvnet.sys
18:58:47.0031 0748	srvnet - ok
18:58:47.0093 0748	ssadbus         (64e44acd8c238fcbbb78f0ba4bdc4b05) C:\Windows\system32\DRIVERS\ssadbus.sys
18:58:47.0109 0748	ssadbus - ok
18:58:47.0124 0748	ssadmdfl        (bb2c84a15c765da89fd832b0e73f26ce) C:\Windows\system32\DRIVERS\ssadmdfl.sys
18:58:47.0155 0748	ssadmdfl - ok
18:58:47.0187 0748	ssadmdm         (6d0d132ddc6f43eda00dced6d8b1ca31) C:\Windows\system32\DRIVERS\ssadmdm.sys
18:58:47.0202 0748	ssadmdm - ok
18:58:47.0249 0748	sscdbus         (069351a1d7d291013177a90ae6edccbc) C:\Windows\system32\DRIVERS\sscdbus.sys
18:58:47.0265 0748	sscdbus - ok
18:58:47.0296 0748	sscdmdfl        (1c925be223a5c0f9f469252292a48df6) C:\Windows\system32\DRIVERS\sscdmdfl.sys
18:58:47.0296 0748	sscdmdfl - ok
18:58:47.0343 0748	sscdmdm         (ae3e77ae0fbdb07eb1ac3fed74a0695e) C:\Windows\system32\DRIVERS\sscdmdm.sys
18:58:47.0358 0748	sscdmdm - ok
18:58:47.0405 0748	SSDPSRV         (03d50b37234967433a5ea5ba72bc0b62) C:\Windows\System32\ssdpsrv.dll
18:58:47.0436 0748	SSDPSRV - ok
18:58:47.0467 0748	ssmdrv          (a36ee93698802cd899f98bfd553d8185) C:\Windows\system32\DRIVERS\ssmdrv.sys
18:58:47.0467 0748	ssmdrv - ok
18:58:47.0499 0748	SstpSvc         (6f1a32e7b7b30f004d9a20afadb14944) C:\Windows\system32\sstpsvc.dll
18:58:47.0514 0748	SstpSvc - ok
18:58:47.0577 0748	stisvc          (5de7d67e49b88f5f07f3e53c4b92a352) C:\Windows\System32\wiaservc.dll
18:58:47.0608 0748	stisvc - ok
18:58:47.0639 0748	swenum          (7ba58ecf0c0a9a69d44b3dca62becf56) C:\Windows\system32\DRIVERS\swenum.sys
18:58:47.0655 0748	swenum - ok
18:58:47.0717 0748	swprv           (f21fd248040681cca1fb6c9a03aaa93d) C:\Windows\System32\swprv.dll
18:58:47.0764 0748	swprv - ok
18:58:47.0779 0748	Symc8xx         (192aa3ac01df071b541094f251deed10) C:\Windows\system32\drivers\symc8xx.sys
18:58:47.0795 0748	Symc8xx - ok
18:58:47.0811 0748	Sym_hi          (8c8eb8c76736ebaf3b13b633b2e64125) C:\Windows\system32\drivers\sym_hi.sys
18:58:47.0811 0748	Sym_hi - ok
18:58:47.0842 0748	Sym_u3          (8072af52b5fd103bbba387a1e49f62cb) C:\Windows\system32\drivers\sym_u3.sys
18:58:47.0842 0748	Sym_u3 - ok
18:58:47.0920 0748	SysMain         (9a51b04e9886aa4ee90093586b0ba88d) C:\Windows\system32\sysmain.dll
18:58:47.0998 0748	SysMain - ok
18:58:48.0029 0748	TabletInputService (2dca225eae15f42c0933e998ee0231c3) C:\Windows\System32\TabSvc.dll
18:58:48.0045 0748	TabletInputService - ok
18:58:48.0076 0748	TapiSrv         (d7673e4b38ce21ee54c59eeeb65e2483) C:\Windows\System32\tapisrv.dll
18:58:48.0123 0748	TapiSrv - ok
18:58:48.0138 0748	TBS             (cb05822cd9cc6c688168e113c603dbe7) C:\Windows\System32\tbssvc.dll
18:58:48.0185 0748	TBS - ok
18:58:48.0279 0748	Tcpip           (27d470dabc77bc60d0a3b0e4deb6cb91) C:\Windows\system32\drivers\tcpip.sys
18:58:48.0325 0748	Tcpip - ok
18:58:48.0341 0748	Tcpip6          (27d470dabc77bc60d0a3b0e4deb6cb91) C:\Windows\system32\DRIVERS\tcpip.sys
18:58:48.0372 0748	Tcpip6 - ok
18:58:48.0403 0748	tcpipreg        (608c345a255d82a6289c2d468eb41fd7) C:\Windows\system32\drivers\tcpipreg.sys
18:58:48.0435 0748	tcpipreg - ok
18:58:48.0450 0748	TDPIPE          (5dcf5e267be67a1ae926f2df77fbcc56) C:\Windows\system32\drivers\tdpipe.sys
18:58:48.0481 0748	TDPIPE - ok
18:58:48.0497 0748	TDTCP           (389c63e32b3cefed425b61ed92d3f021) C:\Windows\system32\drivers\tdtcp.sys
18:58:48.0513 0748	TDTCP - ok
18:58:48.0544 0748	tdx             (76b06eb8a01fc8624d699e7045303e54) C:\Windows\system32\DRIVERS\tdx.sys
18:58:48.0559 0748	tdx - ok
18:58:48.0575 0748	TermDD          (3cad38910468eab9a6479e2f01db43c7) C:\Windows\system32\DRIVERS\termdd.sys
18:58:48.0591 0748	TermDD - ok
18:58:48.0653 0748	TermService     (bb95da09bef6e7a131bff3ba5032090d) C:\Windows\System32\termsrv.dll
18:58:48.0715 0748	TermService - ok
18:58:48.0840 0748	TestHandler     (76468df7a7a92413a57c998de5c39290) C:\Program Files\Fujitsu\SystemDiagnostics\OnlineDiagnostic\TestManager\TestHandler.exe
18:58:48.0856 0748	TestHandler - ok
18:58:48.0918 0748	Themes          (c7230fbee14437716701c15be02c27b8) C:\Windows\system32\shsvcs.dll
18:58:48.0934 0748	Themes - ok
18:58:48.0981 0748	THREADORDER     (1076ffcffaae8385fd62dfcb25ac4708) C:\Windows\system32\mmcss.dll
18:58:49.0012 0748	THREADORDER - ok
18:58:49.0043 0748	TrkWks          (ec74e77d0eb004bd3a809b5f8fb8c2ce) C:\Windows\System32\trkwks.dll
18:58:49.0074 0748	TrkWks - ok
18:58:49.0121 0748	TrustedInstaller (97d9d6a04e3ad9b6c626b9931db78dba) C:\Windows\servicing\TrustedInstaller.exe
18:58:49.0137 0748	TrustedInstaller - ok
18:58:49.0183 0748	tssecsrv        (dcf0f056a2e4f52287264f5ab29cf206) C:\Windows\system32\DRIVERS\tssecsrv.sys
18:58:49.0215 0748	tssecsrv - ok
18:58:49.0230 0748	tunmp           (caecc0120ac49e3d2f758b9169872d38) C:\Windows\system32\DRIVERS\tunmp.sys
18:58:49.0246 0748	tunmp - ok
18:58:49.0293 0748	tunnel          (300db877ac094feab0be7688c3454a9c) C:\Windows\system32\DRIVERS\tunnel.sys
18:58:49.0308 0748	tunnel - ok
18:58:49.0339 0748	uagp35          (7d33c4db2ce363c8518d2dfcf533941f) C:\Windows\system32\drivers\uagp35.sys
18:58:49.0355 0748	uagp35 - ok
18:58:49.0386 0748	udfs            (d9728af68c4c7693cb100b8441cbdec6) C:\Windows\system32\DRIVERS\udfs.sys
18:58:49.0402 0748	udfs - ok
18:58:49.0433 0748	UI0Detect       (ecef404f62863755951e09c802c94ad5) C:\Windows\system32\UI0Detect.exe
18:58:49.0449 0748	UI0Detect - ok
18:58:49.0464 0748	uliagpkx        (b0acfdc9e4af279e9116c03e014b2b27) C:\Windows\system32\drivers\uliagpkx.sys
18:58:49.0480 0748	uliagpkx - ok
18:58:49.0527 0748	uliahci         (9224bb254f591de4ca8d572a5f0d635c) C:\Windows\system32\drivers\uliahci.sys
18:58:49.0542 0748	uliahci - ok
18:58:49.0573 0748	UlSata          (8514d0e5cd0534467c5fc61be94a569f) C:\Windows\system32\drivers\ulsata.sys
18:58:49.0573 0748	UlSata - ok
18:58:49.0589 0748	ulsata2         (38c3c6e62b157a6bc46594fada45c62b) C:\Windows\system32\drivers\ulsata2.sys
18:58:49.0605 0748	ulsata2 - ok
18:58:49.0620 0748	umbus           (32cff9f809ae9aed85464492bf3e32d2) C:\Windows\system32\DRIVERS\umbus.sys
18:58:49.0667 0748	umbus - ok
18:58:49.0698 0748	upnphost        (68308183f4ae0be7bf8ecd07cb297999) C:\Windows\System32\upnphost.dll
18:58:49.0729 0748	upnphost - ok
18:58:49.0776 0748	usbccgp         (caf811ae4c147ffcd5b51750c7f09142) C:\Windows\system32\DRIVERS\usbccgp.sys
18:58:49.0807 0748	usbccgp - ok
18:58:49.0839 0748	usbcir          (e9476e6c486e76bc4898074768fb7131) C:\Windows\system32\drivers\usbcir.sys
18:58:49.0901 0748	usbcir - ok
18:58:49.0932 0748	usbehci         (79e96c23a97ce7b8f14d310da2db0c9b) C:\Windows\system32\DRIVERS\usbehci.sys
18:58:49.0948 0748	usbehci - ok
18:58:49.0979 0748	usbhub          (4673bbcb006af60e7abddbe7a130ba42) C:\Windows\system32\DRIVERS\usbhub.sys
18:58:50.0010 0748	usbhub - ok
18:58:50.0026 0748	usbohci         (38dbc7dd6cc5a72011f187425384388b) C:\Windows\system32\drivers\usbohci.sys
18:58:50.0073 0748	usbohci - ok
18:58:50.0104 0748	usbprint        (e75c4b5269091d15a2e7dc0b6d35f2f5) C:\Windows\system32\DRIVERS\usbprint.sys
18:58:50.0119 0748	usbprint - ok
18:58:50.0182 0748	usbscan         (a508c9bd8724980512136b039bba65e9) C:\Windows\system32\DRIVERS\usbscan.sys
18:58:50.0197 0748	usbscan - ok
18:58:50.0213 0748	USBSTOR         (be3da31c191bc222d9ad503c5224f2ad) C:\Windows\system32\DRIVERS\USBSTOR.SYS
18:58:50.0260 0748	USBSTOR - ok
18:58:50.0275 0748	usbuhci         (814d653efc4d48be3b04a307eceff56f) C:\Windows\system32\DRIVERS\usbuhci.sys
18:58:50.0322 0748	usbuhci - ok
18:58:50.0353 0748	usbvideo        (e67998e8f14cb0627a769f6530bcb352) C:\Windows\system32\Drivers\usbvideo.sys
18:58:50.0400 0748	usbvideo - ok
18:58:50.0447 0748	usb_rndisx      (35c9095fa7076466afbfc5b9ec4b779e) C:\Windows\system32\DRIVERS\usb8023x.sys
18:58:50.0463 0748	usb_rndisx - ok
18:58:50.0494 0748	UxSms           (1509e705f3ac1d474c92454a5c2dd81f) C:\Windows\System32\uxsms.dll
18:58:50.0525 0748	UxSms - ok
18:58:50.0587 0748	vds             (cd88d1b7776dc17a119049742ec07eb4) C:\Windows\System32\vds.exe
18:58:50.0650 0748	vds - ok
18:58:50.0681 0748	vga             (87b06e1f30b749a114f74622d013f8d4) C:\Windows\system32\DRIVERS\vgapnp.sys
18:58:50.0712 0748	vga - ok
18:58:50.0728 0748	VgaSave         (2e93ac0a1d8c79d019db6c51f036636c) C:\Windows\System32\drivers\vga.sys
18:58:50.0775 0748	VgaSave - ok
18:58:50.0790 0748	viaagp          (5d7159def58a800d5781ba3a879627bc) C:\Windows\system32\drivers\viaagp.sys
18:58:50.0806 0748	viaagp - ok
18:58:50.0821 0748	ViaC7           (c4f3a691b5bad343e6249bd8c2d45dee) C:\Windows\system32\drivers\viac7.sys
18:58:50.0837 0748	ViaC7 - ok
18:58:50.0868 0748	viaide          (aadf5587a4063f52c2c3fed7887426fc) C:\Windows\system32\drivers\viaide.sys
18:58:50.0884 0748	viaide - ok
18:58:50.0899 0748	volmgr          (69503668ac66c77c6cd7af86fbdf8c43) C:\Windows\system32\drivers\volmgr.sys
18:58:50.0915 0748	volmgr - ok
18:58:50.0946 0748	volmgrx         (23e41b834759917bfd6b9a0d625d0c28) C:\Windows\system32\drivers\volmgrx.sys
18:58:50.0962 0748	volmgrx - ok
18:58:51.0009 0748	volsnap         (147281c01fcb1df9252de2a10d5e7093) C:\Windows\system32\drivers\volsnap.sys
18:58:51.0024 0748	volsnap - ok
18:58:51.0055 0748	vsmraid         (587253e09325e6bf226b299774b728a9) C:\Windows\system32\drivers\vsmraid.sys
18:58:51.0071 0748	vsmraid - ok
18:58:51.0196 0748	VSS             (db3d19f850c6eb32bdcb9bc0836acddb) C:\Windows\system32\vssvc.exe
18:58:51.0305 0748	VSS - ok
18:58:51.0367 0748	W32Time         (96ea68b9eb310a69c25ebb0282b2b9de) C:\Windows\system32\w32time.dll
18:58:51.0430 0748	W32Time - ok
18:58:51.0492 0748	WacomPen        (48dfee8f1af7c8235d4e626f0c4fe031) C:\Windows\system32\drivers\wacompen.sys
18:58:51.0555 0748	WacomPen - ok
18:58:51.0586 0748	Wanarp          (55201897378cca7af8b5efd874374a26) C:\Windows\system32\DRIVERS\wanarp.sys
18:58:51.0601 0748	Wanarp - ok
18:58:51.0617 0748	Wanarpv6        (55201897378cca7af8b5efd874374a26) C:\Windows\system32\DRIVERS\wanarp.sys
18:58:51.0633 0748	Wanarpv6 - ok
18:58:51.0679 0748	wanatw          (0a716c08cb13c3a8f4f51e882dbf7416) C:\Windows\system32\DRIVERS\wanatw4.sys
18:58:51.0711 0748	wanatw - ok
18:58:51.0773 0748	wcncsvc         (a3cd60fd826381b49f03832590e069af) C:\Windows\System32\wcncsvc.dll
18:58:51.0789 0748	wcncsvc - ok
18:58:51.0820 0748	WcsPlugInService (11bcb7afcdd7aadacb5746f544d3a9c7) C:\Windows\System32\WcsPlugInService.dll
18:58:51.0835 0748	WcsPlugInService - ok
18:58:51.0867 0748	Wd              (78fe9542363f297b18c027b2d7e7c07f) C:\Windows\system32\drivers\wd.sys
18:58:51.0882 0748	Wd - ok
18:58:51.0898 0748	WDC_SAM - ok
18:58:51.0960 0748	Wdf01000        (9950e3d0f08141c7e89e64456ae7dc73) C:\Windows\system32\drivers\Wdf01000.sys
18:58:52.0007 0748	Wdf01000 - ok
18:58:52.0038 0748	WdiServiceHost  (abfc76b48bb6c96e3338d8943c5d93b5) C:\Windows\system32\wdi.dll
18:58:52.0069 0748	WdiServiceHost - ok
18:58:52.0069 0748	WdiSystemHost   (abfc76b48bb6c96e3338d8943c5d93b5) C:\Windows\system32\wdi.dll
18:58:52.0101 0748	WdiSystemHost - ok
18:58:52.0132 0748	WebClient       (04c37d8107320312fbae09926103d5e2) C:\Windows\System32\webclnt.dll
18:58:52.0147 0748	WebClient - ok
18:58:52.0194 0748	Wecsvc          (ae3736e7e8892241c23e4ebbb7453b60) C:\Windows\system32\wecsvc.dll
18:58:52.0225 0748	Wecsvc - ok
18:58:52.0241 0748	wercplsupport   (670ff720071ed741206d69bd995ea453) C:\Windows\System32\wercplsupport.dll
18:58:52.0288 0748	wercplsupport - ok
18:58:52.0335 0748	WerSvc          (32b88481d3b326da6deb07b1d03481e7) C:\Windows\System32\WerSvc.dll
18:58:52.0366 0748	WerSvc - ok
18:58:52.0444 0748	WinDefend       (4575aa12561c5648483403541d0d7f2b) C:\Program Files\Windows Defender\mpsvc.dll
18:58:52.0459 0748	WinDefend - ok
18:58:52.0459 0748	WinHttpAutoProxySvc - ok
18:58:52.0506 0748	Winmgmt         (6b2a1d0e80110e3d04e6863c6e62fd8a) C:\Windows\system32\wbem\WMIsvc.dll
18:58:52.0522 0748	Winmgmt - ok
18:58:52.0662 0748	WinRM           (7cfe68bdc065e55aa5e8421607037511) C:\Windows\system32\WsmSvc.dll
18:58:52.0756 0748	WinRM - ok
18:58:52.0849 0748	Wlansvc         (c008405e4feeb069e30da1d823910234) C:\Windows\System32\wlansvc.dll
18:58:52.0912 0748	Wlansvc - ok
18:58:52.0990 0748	WmiAcpi         (2e7255d172df0b8283cdfb7b433b864e) C:\Windows\system32\drivers\wmiacpi.sys
18:58:53.0005 0748	WmiAcpi - ok
18:58:53.0083 0748	wmiApSrv        (43be3875207dcb62a85c8c49970b66cc) C:\Windows\system32\wbem\WmiApSrv.exe
18:58:53.0115 0748	wmiApSrv - ok
18:58:53.0255 0748	WMPNetworkSvc   (3978704576a121a9204f8cc49a301a9b) C:\Program Files\Windows Media Player\wmpnetwk.exe
18:58:53.0317 0748	WMPNetworkSvc - ok
18:58:53.0349 0748	WPCSvc          (cfc5a04558f5070cee3e3a7809f3ff52) C:\Windows\System32\wpcsvc.dll
18:58:53.0395 0748	WPCSvc - ok
18:58:53.0427 0748	WPDBusEnum      (801fbdb89d472b3c467eb112a0fc9246) C:\Windows\system32\wpdbusenum.dll
18:58:53.0458 0748	WPDBusEnum - ok
18:58:53.0520 0748	WpdUsb          (de9d36f91a4df3d911626643debf11ea) C:\Windows\system32\DRIVERS\wpdusb.sys
18:58:53.0520 0748	WpdUsb - ok
18:58:53.0754 0748	WPFFontCache_v0400 (dcf3e3edf5109ee8bc02fe6e1f045795) C:\Windows\Microsoft.NET\Framework\v4.0.30319\WPF\WPFFontCache_v0400.exe
18:58:53.0801 0748	WPFFontCache_v0400 - ok
18:58:53.0832 0748	ws2ifsl         (e3a3cb253c0ec2494d4a61f5e43a389c) C:\Windows\system32\drivers\ws2ifsl.sys
18:58:53.0863 0748	ws2ifsl - ok
18:58:53.0895 0748	wscsvc          (1ca6c40261ddc0425987980d0cd2aaab) C:\Windows\system32\wscsvc.dll
18:58:53.0926 0748	wscsvc - ok
18:58:53.0926 0748	WSearch - ok
18:58:54.0129 0748	wuauserv        (fc3ec24fce372c89423e015a2ac1a31e) C:\Windows\system32\wuaueng.dll
18:58:54.0238 0748	wuauserv - ok
18:58:54.0363 0748	WUDFRd          (ac13cb789d93412106b0fb6c7eb2bcb6) C:\Windows\system32\DRIVERS\WUDFRd.sys
18:58:54.0409 0748	WUDFRd - ok
18:58:54.0425 0748	wudfsvc         (575a4190d989f64732119e4114045a4f) C:\Windows\System32\WUDFSvc.dll
18:58:54.0456 0748	wudfsvc - ok
18:58:54.0487 0748	MBR (0x1B8)     (5c616939100b85e558da92b899a0fc36) \Device\Harddisk0\DR0
18:58:55.0096 0748	\Device\Harddisk0\DR0 - ok
18:58:55.0111 0748	Boot (0x1200)   (e230ade5bf25f6132963ab9bc4630419) \Device\Harddisk0\DR0\Partition0
18:58:55.0111 0748	\Device\Harddisk0\DR0\Partition0 - ok
18:58:55.0127 0748	Boot (0x1200)   (2e8119675e5f4a5d83e35072bae43e85) \Device\Harddisk0\DR0\Partition1
18:58:55.0127 0748	\Device\Harddisk0\DR0\Partition1 - ok
18:58:55.0127 0748	============================================================
18:58:55.0127 0748	Scan finished
18:58:55.0127 0748	============================================================
18:58:55.0143 1356	Detected object count: 4
18:58:55.0143 1356	Actual detected object count: 4
18:59:09.0822 1356	FsUsbExDisk ( UnsignedFile.Multi.Generic ) - skipped by user
18:59:09.0822 1356	FsUsbExDisk ( UnsignedFile.Multi.Generic ) - User select action: Skip 
18:59:09.0822 1356	FsUsbExService ( UnsignedFile.Multi.Generic ) - skipped by user
18:59:09.0822 1356	FsUsbExService ( UnsignedFile.Multi.Generic ) - User select action: Skip 
18:59:09.0838 1356	OsdService ( UnsignedFile.Multi.Generic ) - skipped by user
18:59:09.0838 1356	OsdService ( UnsignedFile.Multi.Generic ) - User select action: Skip 
18:59:09.0838 1356	PLFlash DeviceIoControl Service ( UnsignedFile.Multi.Generic ) - skipped by user
18:59:09.0838 1356	PLFlash DeviceIoControl Service ( UnsignedFile.Multi.Generic ) - User select action: Skip 
19:00:07.0870 3612	Deinitialize success

cosinus · 24.07.2012, 13:39

Dann bitte jetzt CF ausführen:

ComboFix

Ein Leitfaden und Tutorium zur Nutzung von ComboFix

Lade dir ComboFix hier herunter auf deinen Desktop.

Schliesse alle Programme, vor allem dein Antivirenprogramm und andere Hintergrundwächter sowie deinen Internetbrowser.

Starte combofix.exe von deinem Desktop aus, bestätige die Warnmeldungen, führe die Updates durch (falls vorgeschlagen), installiere die Wiederherstellungskonsole (falls vorgeschlagen) und lass dein System durchsuchen.
Vermeide es auch während Combofix läuft die Maus und Tastatur zu benutzen.

Im Anschluss öffnet sich automatisch eine combofix.txt, diesen Inhalt bitte kopieren ([Strg]a, [Strg]c) und in deinen Beitrag einfügen ([Strg]v). Die Datei findest du außerdem unter: C:\ComboFix.txt.

Wichtiger Hinweis:

Combofix darf ausschließlich ausgeführt werden, wenn ein Kompetenzler dies ausdrücklich empfohlen hat!

Es sollte nie auf eigene Initiative hin ausgeführt werden! Eine falsche Benutzung kann ernsthafte Computerprobleme nach sich ziehen und eine Bereinigung der Infektion noch erschweren.

Solltest du nach der Ausführung von Combofix Probleme beim Starten von Anwendungen haben und Meldungen erhalten wie

Zitat:

Es wurde versucht, einen Registrierungsschlüssel einem ungültigen Vorgang zu unterziehen, der zum Löschen markiert wurde.

startest du Windows dann manuell neu und die Fehlermeldungen sollten nicht mehr auftauchen.

Suggasweet · 24.07.2012, 14:50

Code:

ATTFilter

ComboFix 12-07-25.04 - Sugga 24.07.2012  15:36:24.1.2 - x86
Microsoft® Windows Vista™ Home Premium   6.0.6002.2.1252.49.1031.18.3066.2057 [GMT 2:00]
ausgeführt von:: c:\users\Sugga\Desktop\ComboFix.exe
AV: Avira Desktop *Disabled/Updated* {F67B4DE5-C0B4-6C3F-0EFF-6C83BD5D0C2C}
SP: Avira Desktop *Disabled/Updated* {4D1AAC01-E68E-63B1-344F-57F1C6DA4691}
SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
.
((((((((((((((((((((((((((((((((((((   Weitere Löschungen   ))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\windows\system32\drivers\etc\hosts.ics
c:\windows\system32\muzapp.exe
.
.
(((((((((((((((((((((((   Dateien erstellt von 2012-06-24 bis 2012-07-24  ))))))))))))))))))))))))))))))
.
.
2012-07-24 13:42 . 2012-07-24 13:42	--------	d-----w-	c:\users\Sugga\AppData\Local\temp
2012-07-24 13:42 . 2012-07-24 13:42	--------	d-----w-	c:\users\Public\AppData\Local\temp
2012-07-24 13:42 . 2012-07-24 13:42	--------	d-----w-	c:\users\Default\AppData\Local\temp
2012-07-24 13:18 . 2012-06-29 08:44	6891424	----a-w-	c:\programdata\Microsoft\Windows Defender\Definition Updates\{0011B9F4-2E75-4179-BBC2-595DF9028B7A}\mpengine.dll
2012-07-18 17:35 . 2012-07-18 17:35	--------	d-----w-	c:\program files\ESET
2012-07-11 08:09 . 2012-06-13 13:40	2047488	----a-w-	c:\windows\system32\win32k.sys
2012-07-11 07:59 . 2012-06-05 16:47	708608	----a-w-	c:\program files\Common Files\System\ado\msado15.dll
2012-07-11 07:59 . 2012-06-05 16:47	1401856	----a-w-	c:\windows\system32\msxml6.dll
2012-07-11 07:59 . 2012-06-05 16:47	1248768	----a-w-	c:\windows\system32\msxml3.dll
2012-07-11 07:59 . 2012-06-04 15:26	440704	----a-w-	c:\windows\system32\drivers\ksecdd.sys
2012-07-11 07:59 . 2012-06-02 00:03	204288	----a-w-	c:\windows\system32\ncrypt.dll
2012-07-11 07:59 . 2012-06-02 00:04	278528	----a-w-	c:\windows\system32\schannel.dll
2012-07-06 13:56 . 2012-07-06 13:56	--------	d-----w-	c:\program files\Oracle
.
.
.
((((((((((((((((((((((((((((((((((((   Find3M Bericht   ))))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2012-07-11 23:02 . 2012-04-04 08:35	426184	----a-w-	c:\windows\system32\FlashPlayerApp.exe
2012-07-11 23:02 . 2011-05-16 21:04	70344	----a-w-	c:\windows\system32\FlashPlayerCPLApp.cpl
2012-07-03 11:46 . 2011-10-08 19:30	22344	----a-w-	c:\windows\system32\drivers\mbam.sys
2012-06-02 22:19 . 2012-06-21 19:06	53784	----a-w-	c:\windows\system32\wuauclt.exe
2012-06-02 22:19 . 2012-06-21 19:06	45080	----a-w-	c:\windows\system32\wups2.dll
2012-06-02 22:19 . 2012-06-21 19:06	35864	----a-w-	c:\windows\system32\wups.dll
2012-06-02 22:19 . 2012-06-21 19:06	577048	----a-w-	c:\windows\system32\wuapi.dll
2012-06-02 22:19 . 2012-06-21 19:06	1933848	----a-w-	c:\windows\system32\wuaueng.dll
2012-06-02 22:12 . 2012-06-21 19:06	2422272	----a-w-	c:\windows\system32\wucltux.dll
2012-06-02 22:12 . 2012-06-21 19:06	88576	----a-w-	c:\windows\system32\wudriver.dll
2012-06-02 13:19 . 2012-06-21 19:06	171904	----a-w-	c:\windows\system32\wuwebv.dll
2012-06-02 13:12 . 2012-06-21 19:06	33792	----a-w-	c:\windows\system32\wuapp.exe
2012-05-31 10:25 . 2009-10-03 12:38	237072	------w-	c:\windows\system32\MpSigStub.exe
2012-05-15 06:37 . 2012-06-13 14:44	916992	----a-w-	c:\windows\system32\wininet.dll
2012-05-15 06:32 . 2012-06-13 14:44	43520	----a-w-	c:\windows\system32\licmgr10.dll
2012-05-15 06:32 . 2012-06-13 14:44	1469440	----a-w-	c:\windows\system32\inetcpl.cpl
2012-05-15 06:31 . 2012-06-13 14:44	109056	----a-w-	c:\windows\system32\iesysprep.dll
2012-05-15 06:31 . 2012-06-13 14:44	71680	----a-w-	c:\windows\system32\iesetup.dll
2012-05-15 05:01 . 2012-06-13 14:44	385024	----a-w-	c:\windows\system32\html.iec
2012-05-15 03:26 . 2012-06-13 14:44	133632	----a-w-	c:\windows\system32\ieUnatt.exe
2012-05-15 03:23 . 2012-06-13 14:44	1638912	----a-w-	c:\windows\system32\mshtml.tlb
2012-05-08 08:41 . 2011-10-14 22:43	83392	----a-w-	c:\windows\system32\drivers\avgntflt.sys
2012-05-08 08:41 . 2011-10-14 22:43	137928	----a-w-	c:\windows\system32\drivers\avipbb.sys
2012-05-04 17:29 . 2012-05-14 18:03	772504	----a-w-	c:\windows\system32\npDeployJava1.dll
2012-05-04 17:29 . 2010-05-23 16:20	687504	----a-w-	c:\windows\system32\deployJava1.dll
2012-05-01 14:03 . 2012-06-13 14:44	180736	----a-w-	c:\windows\system32\drivers\rdpwd.sys
2012-07-18 23:41 . 2011-05-02 22:53	136672	----a-w-	c:\program files\mozilla firefox\components\browsercomps.dll
.
.
((((((((((((((((((((((((((((   Autostartpunkte der Registrierung   ))))))))))))))))))))))))))))))))))))))))
.
.
*Hinweis* leere Einträge & legitime Standardeinträge werden nicht angezeigt. 
REGEDIT4
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ehTray.exe"="c:\windows\ehome\ehTray.exe" [2008-01-21 125952]
"WMPNSCFG"="c:\program files\Windows Media Player\WMPNSCFG.exe" [2008-01-21 202240]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"FSCRecovery"="c:\program files\Fujitsu Siemens Computers\Fujitsu Siemens Computers Recovery\FSCRecoveryReminder.exe" [2008-06-18 268096]
"Google EULA Launcher"="c:\program files\Google\Google EULA\GoogleEULALauncher.exe" [2008-05-28 20480]
"OSD"="c:\program files\OEM\OSD_1.16\osd.exe" [2008-06-18 376832]
"HostManager"="c:\program files\Common Files\AOL\1246636931\ee\AOLSoftware.exe" [2006-09-26 50736]
"RtHDVCpl"="RtHDVCpl.exe" [2008-05-13 6139904]
"Skytel"="Skytel.exe" [2007-11-20 1826816]
"Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2011-06-06 937920]
"DivXUpdate"="c:\program files\DivX\DivX Update\DivXUpdate.exe" [2011-07-28 1259376]
"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2009-09-01 13797992]
"avgnt"="c:\program files\Avira\AntiVir Desktop\avgnt.exe" [2012-05-08 348624]
"APSDaemon"="c:\program files\Common Files\Apple\Apple Application Support\APSDaemon.exe" [2012-02-20 59240]
"QuickTime Task"="c:\program files\QuickTime\QTTask.exe" [2012-04-18 421888]
"SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2012-01-17 252296]
.
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"Picasa Media Detector"="c:\program files\Picasa2\PicasaMediaDetector.exe" [2008-02-26 443968]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"EnableUIADesktopToggle"= 0 (0x0)
.
[hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks]
"{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}"= "c:\program files\SUPERAntiSpyware\SASSEH.DLL" [2011-07-19 113024]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\!SASWinLogon]
2011-05-04 17:54	551296	----a-w-	c:\program files\SUPERAntiSpyware\SASWINLO.DLL
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows]
"AppInit_DLLs"=c:\progra~1\Google\GOOGLE~2\GOEC62~1.DLL
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"aux"=wdmaud.drv
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\!SASCORE]
@=""
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\KiesHelper]
2011-06-24 14:54	941968	----a-w-	c:\program files\Samsung\Kies\KiesHelper.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\KiesTrayAgent]
2011-06-24 14:54	3373968	----a-w-	c:\program files\Samsung\Kies\KiesTrayAgent.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Svc\S-1-5-21-2894495787-1388115591-2515416557-1000]
"EnableNotifications"=dword:00000001
"EnableNotificationsRef"=dword:00000002
.
R3 AdobeFlashPlayerUpdateSvc;Adobe Flash Player Update Service;c:\windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [x]
S2 !SASCORE;SAS Core Service;c:\program files\SUPERAntiSpyware\SASCORE.EXE [x]
S2 AdobeARMservice;Adobe Acrobat Update Service;c:\program files\Common Files\Adobe\ARM\1.0\armsvc.exe [x]
.
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
LocalServiceAndNoImpersonation	REG_MULTI_SZ   	FontCache
.
Inhalt des "geplante Tasks" Ordners
.
2012-07-24 c:\windows\Tasks\Adobe Flash Player Updater.job
- c:\windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [2012-04-04 23:02]
.
2012-07-24 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files\Google\Update\GoogleUpdate.exe [2011-08-21 14:10]
.
2012-07-24 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files\Google\Update\GoogleUpdate.exe [2011-08-21 14:10]
.
.
------- Zusätzlicher Suchlauf -------
.
uStart Page = hxxp://www.google.com
mStart Page = hxxp://www.google.com/ig/redirectdomain?brand=FUJD&bmod=FUJD
uInternet Settings,ProxyOverride = *.local
IE: Add to Google Photos Screensa&ver - c:\windows\system32\GPhotos.scr/200
IE: Nach Microsoft E&xel exportieren - c:\progra~1\MICROS~2\Office12\EXCEL.EXE/3000
TCP: DhcpNameServer = 192.168.1.1
FF - ProfilePath - c:\users\Sugga\AppData\Roaming\Mozilla\Firefox\Profiles\hy2o7129.default\
FF - prefs.js: browser.startup.homepage - hxxp://www.google.de/ig
.
- - - - Entfernte verwaiste Registrierungseinträge - - - -
.
AddRemove-05_Sloan - c:\program files\Samsung\USB Drivers\05_Sloan\Uninstall.exe
AddRemove-06_Spencer - c:\program files\Samsung\USB Drivers\06_Spencer\Uninstall.exe
AddRemove-08_EMPChipset - c:\program files\Samsung\USB Drivers\08_EMPChipset\Uninstall.exe
AddRemove-09_Hsp - c:\program files\Samsung\USB Drivers\09_Hsp\Uninstall.exe
AddRemove-11_HSP_Plus_Default - c:\program files\Samsung\USB Drivers\11_HSP_Plus_Default\Uninstall.exe
AddRemove-17_EMP_Chipset2 - c:\program files\Samsung\USB Drivers\17_EMP_Chipset2\Uninstall.exe
AddRemove-18_Zinia_Serial_Driver - c:\program files\Samsung\USB Drivers\18_Zinia_Serial_Driver\Uninstall.exe
AddRemove-19_VIA_driver - c:\program files\Samsung\USB Drivers\19_VIA_driver\Uninstall.exe
AddRemove-20_NXP_Driver - c:\program files\Samsung\USB Drivers\20_NXP_Driver\Uninstall.exe
AddRemove-22_WiBro_WiMAX - c:\program files\Samsung\USB Drivers\22_WiBro_WiMAX\Uninstall.exe
.
.
.
**************************************************************************
.
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, hxxp://www.gmer.net
Rootkit scan 2012-07-24 15:42
Windows 6.0.6002 Service Pack 2 NTFS
.
Scanne versteckte Prozesse... 
.
Scanne versteckte Autostarteinträge... 
.
Scanne versteckte Dateien... 
.
Scan erfolgreich abgeschlossen
versteckte Dateien: 0
.
**************************************************************************
.
--------------------- Gesperrte Registrierungsschluessel ---------------------
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0001\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0004\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
Zeit der Fertigstellung: 2012-07-24  15:43:43
ComboFix-quarantined-files.txt  2012-07-24 13:43
.
Vor Suchlauf: 20 Verzeichnis(se), 43.657.842.688 Bytes frei
Nach Suchlauf: 21 Verzeichnis(se), 43.630.710.784 Bytes frei
.
- - End Of File - - 7648B1A2C63F65281DB7F19D0897056A

cosinus · 24.07.2012, 20:39

Bitte nun Logs mit GMER und OSAM erstellen und posten.
GMER stürzt häufiger ab, wenn das Tool auch beim 2. Mal nicht will, lass es einfach weg und führ nur OSAM aus - die Online-Abfrage durch OSAM bitte überspringen.
Bei OSAM bitte darauf auch achten, dass Du das Log auch als *.log und nicht *.html oder so abspeicherst.

Hinweis: Zum Entpacken von OSAM bitte WinRAR oder 7zip verwenden! Stell auch unbedingt den Virenscanner ab, besonders der Scanner von McAfee meldet oft einen Fehalarm in OSAM!

Downloade dir bitte

aswMBR.exe und speichere die Datei auf deinem Desktop.

Starte die aswMBR.exe - (aswMBR.exe Anleitung)
Ab Windows Vista (oder höher) bitte mit Rechtsklick "als Administrator ausführen" starten".
Das Tool wird dich fragen, ob Du mit der aktuellen Virendefinition von AVAST! dein System scannen willst. Beantworte diese Frage bitte mit Ja. (Sollte deine Firewall fragen, bitte den Zugriff auf das Internet zulassen )
Der Download der Definitionen kann je nach Verbindung eine Weile dauern.
Klicke auf Scan.
Warte bitte bis Scan finished successfully im DOS-Fenster steht.
Drücke auf Save Log und speichere diese auf dem Desktop.

Poste mir die aswMBR.txt in deiner nächsten Antwort.

Wichtig: Drücke keinesfalls einen der Fix Buttons ohne Anweisung

Hinweis: Sollte der Scan Button ausgeblendet sein, schließe das Tool und starte es erneut. Sollte der Scan abbrechen und das Programm abstürzen, dann teile mir das mit und wähle unter AV Scan die Einstellung (none).

Noch ein Hinweis: Sollte aswMBR abstürzen und es kommt eine Meldung wie "aswMBR.exe funktioniert nicht mehr, dann mach Folgendes:
Starte aswMBR neu, wähle unten links im Drop-Down-Menü (unten links im Fenster von aswMBR) bei "AV scan" (none) aus und klick nochmal auf den Scan-Button.

Suggasweet · 25.07.2012, 17:26

Gmer Log:

Code:

ATTFilter

GMER 1.0.15.15641 - hxxp://www.gmer.net
Rootkit scan 2012-07-25 18:23:33
Windows 6.0.6002 Service Pack 2 Harddisk0\DR0 -> \Device\Ide\IdeDeviceP0T0L0-0 FUJITSU_MHZ2320BH_G2 rev.00000009
Running: fec8p93n.exe; Driver: C:\Users\Sugga\AppData\Local\Temp\kwlorpow.sys


---- User IAT/EAT - GMER 1.0.15 ----

IAT  C:\Program Files\Common Files\AOL\ACS\AOLAcsd.exe[1984] @ C:\Windows\system32\msvcrt.dll [KERNEL32.dll!LoadLibraryA]                                 [6BFA9979] C:\Program Files\Common Files\AOL\AOLDiag\tbdiag.dll (AOL Diagnostics/AOL LLC)
IAT  C:\Program Files\Common Files\AOL\ACS\AOLAcsd.exe[1984] @ C:\Windows\system32\msvcrt.dll [KERNEL32.dll!SetUnhandledExceptionFilter]                  [6BFA9A27] C:\Program Files\Common Files\AOL\AOLDiag\tbdiag.dll (AOL Diagnostics/AOL LLC)
IAT  C:\Program Files\Common Files\AOL\ACS\AOLAcsd.exe[1984] @ C:\Windows\system32\USER32.dll [KERNEL32.dll!LoadLibraryA]                                 [6BFA9979] C:\Program Files\Common Files\AOL\AOLDiag\tbdiag.dll (AOL Diagnostics/AOL LLC)
IAT  C:\Program Files\Common Files\AOL\ACS\AOLAcsd.exe[1984] @ C:\Windows\system32\USER32.dll [KERNEL32.dll!SetUnhandledExceptionFilter]                  [6BFA9A27] C:\Program Files\Common Files\AOL\AOLDiag\tbdiag.dll (AOL Diagnostics/AOL LLC)
IAT  C:\Program Files\Common Files\AOL\ACS\AOLAcsd.exe[1984] @ C:\Windows\system32\GDI32.dll [KERNEL32.dll!SetUnhandledExceptionFilter]                   [6BFA9A27] C:\Program Files\Common Files\AOL\AOLDiag\tbdiag.dll (AOL Diagnostics/AOL LLC)
IAT  C:\Program Files\Common Files\AOL\ACS\AOLAcsd.exe[1984] @ C:\Windows\system32\GDI32.dll [KERNEL32.dll!LoadLibraryA]                                  [6BFA9979] C:\Program Files\Common Files\AOL\AOLDiag\tbdiag.dll (AOL Diagnostics/AOL LLC)
IAT  C:\Program Files\Common Files\AOL\ACS\AOLAcsd.exe[1984] @ C:\Windows\system32\ADVAPI32.dll [KERNEL32.dll!LoadLibraryA]                               [6BFA9979] C:\Program Files\Common Files\AOL\AOLDiag\tbdiag.dll (AOL Diagnostics/AOL LLC)
IAT  C:\Program Files\Common Files\AOL\ACS\AOLAcsd.exe[1984] @ C:\Windows\system32\ADVAPI32.dll [KERNEL32.dll!SetUnhandledExceptionFilter]                [6BFA9A27] C:\Program Files\Common Files\AOL\AOLDiag\tbdiag.dll (AOL Diagnostics/AOL LLC)
IAT  C:\Program Files\Common Files\AOL\ACS\AOLAcsd.exe[1984] @ C:\Windows\system32\RPCRT4.dll [KERNEL32.dll!SetUnhandledExceptionFilter]                  [6BFA9A27] C:\Program Files\Common Files\AOL\AOLDiag\tbdiag.dll (AOL Diagnostics/AOL LLC)
IAT  C:\Program Files\Common Files\AOL\ACS\AOLAcsd.exe[1984] @ C:\Windows\system32\RPCRT4.dll [KERNEL32.dll!LoadLibraryA]                                 [6BFA9979] C:\Program Files\Common Files\AOL\AOLDiag\tbdiag.dll (AOL Diagnostics/AOL LLC)
IAT  C:\Program Files\Common Files\AOL\ACS\AOLAcsd.exe[1984] @ C:\Windows\system32\ole32.dll [KERNEL32.dll!SetUnhandledExceptionFilter]                   [6BFA9A27] C:\Program Files\Common Files\AOL\AOLDiag\tbdiag.dll (AOL Diagnostics/AOL LLC)
IAT  C:\Program Files\Common Files\AOL\ACS\AOLAcsd.exe[1984] @ C:\Windows\system32\ole32.dll [KERNEL32.dll!LoadLibraryA]                                  [6BFA9979] C:\Program Files\Common Files\AOL\AOLDiag\tbdiag.dll (AOL Diagnostics/AOL LLC)
IAT  C:\Program Files\Common Files\AOL\ACS\AOLAcsd.exe[1984] @ C:\Windows\system32\SHLWAPI.dll [KERNEL32.dll!SetUnhandledExceptionFilter]                 [6BFA9A27] C:\Program Files\Common Files\AOL\AOLDiag\tbdiag.dll (AOL Diagnostics/AOL LLC)
IAT  C:\Program Files\Common Files\AOL\ACS\AOLAcsd.exe[1984] @ C:\Windows\system32\SHLWAPI.dll [KERNEL32.dll!LoadLibraryA]                                [6BFA9979] C:\Program Files\Common Files\AOL\AOLDiag\tbdiag.dll (AOL Diagnostics/AOL LLC)
IAT  C:\Program Files\Common Files\AOL\ACS\AOLAcsd.exe[1984] @ C:\Windows\system32\WS2_32.dll [KERNEL32.dll!SetUnhandledExceptionFilter]                  [6BFA9A27] C:\Program Files\Common Files\AOL\AOLDiag\tbdiag.dll (AOL Diagnostics/AOL LLC)
IAT  C:\Program Files\Common Files\AOL\ACS\AOLAcsd.exe[1984] @ C:\Windows\system32\WS2_32.dll [KERNEL32.dll!LoadLibraryA]                                 [6BFA9979] C:\Program Files\Common Files\AOL\AOLDiag\tbdiag.dll (AOL Diagnostics/AOL LLC)
IAT  C:\Program Files\Common Files\AOL\ACS\AOLAcsd.exe[1984] @ C:\Windows\system32\SHELL32.dll [KERNEL32.dll!SetUnhandledExceptionFilter]                 [6BFA9A27] C:\Program Files\Common Files\AOL\AOLDiag\tbdiag.dll (AOL Diagnostics/AOL LLC)
IAT  C:\Program Files\Common Files\AOL\ACS\AOLAcsd.exe[1984] @ C:\Windows\system32\SHELL32.dll [KERNEL32.dll!LoadLibraryA]                                [6BFA9979] C:\Program Files\Common Files\AOL\AOLDiag\tbdiag.dll (AOL Diagnostics/AOL LLC)
IAT  C:\Program Files\Common Files\AOL\ACS\AOLAcsd.exe[1984] @ C:\Windows\system32\USERENV.dll [KERNEL32.dll!LoadLibraryA]                                [6BFA9979] C:\Program Files\Common Files\AOL\AOLDiag\tbdiag.dll (AOL Diagnostics/AOL LLC)
IAT  C:\Program Files\Common Files\AOL\ACS\AOLAcsd.exe[1984] @ C:\Windows\system32\USERENV.dll [KERNEL32.dll!SetUnhandledExceptionFilter]                 [6BFA9A27] C:\Program Files\Common Files\AOL\AOLDiag\tbdiag.dll (AOL Diagnostics/AOL LLC)
IAT  C:\Program Files\Common Files\AOL\ACS\AOLAcsd.exe[1984] @ C:\Windows\system32\Secur32.dll [KERNEL32.dll!SetUnhandledExceptionFilter]                 [6BFA9A27] C:\Program Files\Common Files\AOL\AOLDiag\tbdiag.dll (AOL Diagnostics/AOL LLC)
IAT  C:\Program Files\Common Files\AOL\ACS\AOLAcsd.exe[1984] @ C:\Windows\system32\Secur32.dll [KERNEL32.dll!LoadLibraryA]                                [6BFA9979] C:\Program Files\Common Files\AOL\AOLDiag\tbdiag.dll (AOL Diagnostics/AOL LLC)
IAT  C:\Program Files\Common Files\AOL\ACS\AOLAcsd.exe[1984] @ C:\Windows\system32\psapi.dll [KERNEL32.dll!SetUnhandledExceptionFilter]                   [6BFA9A27] C:\Program Files\Common Files\AOL\AOLDiag\tbdiag.dll (AOL Diagnostics/AOL LLC)
IAT  C:\Program Files\Common Files\aol\1246636931\ee\aolsoftware.exe[3436] @ C:\Windows\system32\ADVAPI32.dll [KERNEL32.dll!LoadLibraryA]                 [6BFA9979] C:\Program Files\Common Files\AOL\AOLDiag\tbdiag.dll (AOL Diagnostics/AOL LLC)
IAT  C:\Program Files\Common Files\aol\1246636931\ee\aolsoftware.exe[3436] @ C:\Windows\system32\ADVAPI32.dll [KERNEL32.dll!SetUnhandledExceptionFilter]  [6BFA9A27] C:\Program Files\Common Files\AOL\AOLDiag\tbdiag.dll (AOL Diagnostics/AOL LLC)
IAT  C:\Program Files\Common Files\aol\1246636931\ee\aolsoftware.exe[3436] @ C:\Windows\system32\RPCRT4.dll [KERNEL32.dll!SetUnhandledExceptionFilter]    [6BFA9A27] C:\Program Files\Common Files\AOL\AOLDiag\tbdiag.dll (AOL Diagnostics/AOL LLC)
IAT  C:\Program Files\Common Files\aol\1246636931\ee\aolsoftware.exe[3436] @ C:\Windows\system32\RPCRT4.dll [KERNEL32.dll!LoadLibraryA]                   [6BFA9979] C:\Program Files\Common Files\AOL\AOLDiag\tbdiag.dll (AOL Diagnostics/AOL LLC)
IAT  C:\Program Files\Common Files\aol\1246636931\ee\aolsoftware.exe[3436] @ C:\Windows\system32\MSVCRT.dll [KERNEL32.dll!LoadLibraryA]                   [6BFA9979] C:\Program Files\Common Files\AOL\AOLDiag\tbdiag.dll (AOL Diagnostics/AOL LLC)
IAT  C:\Program Files\Common Files\aol\1246636931\ee\aolsoftware.exe[3436] @ C:\Windows\system32\MSVCRT.dll [KERNEL32.dll!SetUnhandledExceptionFilter]    [6BFA9A27] C:\Program Files\Common Files\AOL\AOLDiag\tbdiag.dll (AOL Diagnostics/AOL LLC)
IAT  C:\Program Files\Common Files\aol\1246636931\ee\aolsoftware.exe[3436] @ C:\Windows\system32\USER32.dll [KERNEL32.dll!LoadLibraryA]                   [6BFA9979] C:\Program Files\Common Files\AOL\AOLDiag\tbdiag.dll (AOL Diagnostics/AOL LLC)
IAT  C:\Program Files\Common Files\aol\1246636931\ee\aolsoftware.exe[3436] @ C:\Windows\system32\USER32.dll [KERNEL32.dll!SetUnhandledExceptionFilter]    [6BFA9A27] C:\Program Files\Common Files\AOL\AOLDiag\tbdiag.dll (AOL Diagnostics/AOL LLC)
IAT  C:\Program Files\Common Files\aol\1246636931\ee\aolsoftware.exe[3436] @ C:\Windows\system32\GDI32.dll [KERNEL32.dll!SetUnhandledExceptionFilter]     [6BFA9A27] C:\Program Files\Common Files\AOL\AOLDiag\tbdiag.dll (AOL Diagnostics/AOL LLC)
IAT  C:\Program Files\Common Files\aol\1246636931\ee\aolsoftware.exe[3436] @ C:\Windows\system32\GDI32.dll [KERNEL32.dll!LoadLibraryA]                    [6BFA9979] C:\Program Files\Common Files\AOL\AOLDiag\tbdiag.dll (AOL Diagnostics/AOL LLC)
IAT  C:\Program Files\Common Files\aol\1246636931\ee\aolsoftware.exe[3436] @ C:\Windows\system32\ole32.dll [KERNEL32.dll!SetUnhandledExceptionFilter]     [6BFA9A27] C:\Program Files\Common Files\AOL\AOLDiag\tbdiag.dll (AOL Diagnostics/AOL LLC)
IAT  C:\Program Files\Common Files\aol\1246636931\ee\aolsoftware.exe[3436] @ C:\Windows\system32\ole32.dll [KERNEL32.dll!LoadLibraryA]                    [6BFA9979] C:\Program Files\Common Files\AOL\AOLDiag\tbdiag.dll (AOL Diagnostics/AOL LLC)
IAT  C:\Program Files\Common Files\aol\1246636931\ee\aolsoftware.exe[3436] @ C:\Windows\system32\Secur32.dll [KERNEL32.dll!SetUnhandledExceptionFilter]   [6BFA9A27] C:\Program Files\Common Files\AOL\AOLDiag\tbdiag.dll (AOL Diagnostics/AOL LLC)
IAT  C:\Program Files\Common Files\aol\1246636931\ee\aolsoftware.exe[3436] @ C:\Windows\system32\Secur32.dll [KERNEL32.dll!LoadLibraryA]                  [6BFA9979] C:\Program Files\Common Files\AOL\AOLDiag\tbdiag.dll (AOL Diagnostics/AOL LLC)

---- EOF - GMER 1.0.15 ----

osam log:

Code:

ATTFilter

Report of OSAM: Autorun Manager v5.0.11926.0
hxxp://www.online-solutions.ru/en/
Saved at 18:48:11 on 25.07.2012

OS: Windows Vista Home Premium Edition Service Pack 2 (Build 6002), 32-bit
Default Browser: Microsoft Corporation Internet Explorer 8.00.6001.18702

Scanner Settings
[x] Rootkits detection (hidden registry)
[x] Rootkits detection (hidden files)
[x] Retrieve files information
[x] Check Microsoft signatures

Filters
[ ] Trusted entries
[ ] Empty entries
[x] Hidden registry entries (rootkit activity)
[x] Exclusively opened files
[x] Not found files
[x] Files without detailed information
[x] Existing files
[ ] Non-startable services
[ ] Non-startable drivers
[x] Active entries
[x] Disabled entries


[AppInit DLLs]
-----( HKLM\Software\Microsoft\Windows NT\CurrentVersion\Windows )-----
"AppInit_DLLs" - "Google" - C:\PROGRA~1\Google\GOOGLE~2\GOEC62~1.DLL

[Common]
-----( %SystemRoot%\Tasks )-----
"GoogleUpdateTaskMachineCore.job" - "Google Inc." - C:\Program Files\Google\Update\GoogleUpdate.exe
"GoogleUpdateTaskMachineUA.job" - "Google Inc." - C:\Program Files\Google\Update\GoogleUpdate.exe
"Adobe Flash Player Updater.job" - "Adobe Systems Incorporated" - C:\Windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe

[Control Panel Objects]
-----( %SystemRoot%\system32 )-----
"DivXControlPanelApplet.cpl" - "DivX, Inc." - C:\Windows\system32\DivXControlPanelApplet.cpl
"FlashPlayerCPLApp.cpl" - "Adobe Systems Incorporated" - C:\Windows\system32\FlashPlayerCPLApp.cpl
"nvcpl.cpl" - "NVIDIA Corporation" - C:\Windows\system32\nvcpl.cpl
-----( HKLM\Software\Microsoft\Windows\CurrentVersion\Control Panel\Cpls )-----
"Nero BurnRights" - "Nero AG" - C:\Program Files\Nero\Nero8\Nero Toolkit\NeroBurnRights.cpl
"QuickTime" - "Apple Inc." - C:\Program Files\QuickTime\QTSystem\QuickTime.cpl

[Drivers]
-----( HKLM\SYSTEM\CurrentControlSet\Services )-----
"avgntflt" (avgntflt) - "Avira GmbH" - C:\Windows\System32\DRIVERS\avgntflt.sys
"avipbb" (avipbb) - "Avira GmbH" - C:\Windows\System32\DRIVERS\avipbb.sys
"avkmgr" (avkmgr) - "Avira GmbH" - C:\Windows\System32\DRIVERS\avkmgr.sys
"catchme" (catchme) - ? - C:\Users\Sugga\AppData\Local\Temp\catchme.sys  (File not found)
"dgderdrv" (dgderdrv) - "Devguru Co., Ltd" - C:\Windows\System32\drivers\dgderdrv.sys
"FsUsbExDisk" (FsUsbExDisk) - ? - C:\Windows\system32\FsUsbExDisk.SYS  (File found, but it contains no detailed information)
"GpdDevDPort" (GpdDevDPort) - ? - C:\Windows\system32\directport.sys  (File not found)
"GpdKbFilter" (GpdKbFilter) - ? - C:\Windows\system32\kbfiltr.sys  (File not found)
"IP in IP Tunnel Driver" (IpInIp) - ? - C:\Windows\System32\DRIVERS\ipinip.sys  (File not found)
"IPX Traffic Filter Driver" (NwlnkFlt) - ? - C:\Windows\System32\DRIVERS\nwlnkflt.sys  (File not found)
"IPX Traffic Forwarder Driver" (NwlnkFwd) - ? - C:\Windows\System32\DRIVERS\nwlnkfwd.sys  (File not found)
"kwlorpow" (kwlorpow) - ? - C:\Users\Sugga\AppData\Local\Temp\kwlorpow.sys  (Hidden registry entry, rootkit activity | File not found)
"PxHelp20" (PxHelp20) - "Sonic Solutions" - C:\Windows\System32\Drivers\PxHelp20.sys
"SASDIFSV" (SASDIFSV) - "SUPERAdBlocker.com and SUPERAntiSpyware.com" - C:\Program Files\SUPERAntiSpyware\SASDIFSV.SYS
"SASKUTIL" (SASKUTIL) - "SUPERAdBlocker.com and SUPERAntiSpyware.com" - C:\Program Files\SUPERAntiSpyware\SASKUTIL.SYS
"ssmdrv" (ssmdrv) - "Avira GmbH" - C:\Windows\System32\DRIVERS\ssmdrv.sys
"WD SCSI Pass Thru driver" (WDC_SAM) - ? - C:\Windows\System32\DRIVERS\wdcsam.sys  (File not found)

[Explorer]
-----( HKLM\Software\Classes\Folder\shellex\ColumnHandlers )-----
{F9DB5320-233E-11D1-9F84-707F02C10627} "PDF Shell Extension" - "Adobe Systems, Inc." - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\PDFShell.dll
{C52AF81D-F7A0-4AAB-8E87-F80A60CCD396} "{C52AF81D-F7A0-4AAB-8E87-F80A60CCD396}" - ? - C:\Program Files\OpenOffice.org 3\Basis\program\shlxthdl\shlxthdl.dll
-----( HKLM\Software\Classes\Protocols\Handler )-----
{32505114-5902-49B2-880A-1F7738E5A384} "Data Page Plugable Protocal mso-offdap11 Handler" - "Microsoft Corporation" - C:\PROGRA~1\COMMON~1\MICROS~1\WEBCOM~1\11\OWC11.DLL
{828030A1-22C1-4009-854F-8E305202313F} "livecall" - "Microsoft Corporation" - C:\PROGRA~1\WI1F86~1\MESSEN~1\MSGRAP~1.DLL
{0A9007C0-4076-11D3-8789-0000F8105754} "Microsoft Infotech Storage Protocol for IE 4.0" - "Microsoft Corporation" - c:\Program Files\Common Files\Microsoft Shared\Information Retrieval\msitss.dll
{828030A1-22C1-4009-854F-8E305202313F} "msnim" - "Microsoft Corporation" - C:\PROGRA~1\WI1F86~1\MESSEN~1\MSGRAP~1.DLL
-----( HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks )-----
{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA} "SABShellExecuteHook Class" - "SuperAdBlocker.com" - C:\Program Files\SUPERAntiSpyware\SASSEH.DLL
-----( HKLM\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved )-----
{911051fa-c21c-4246-b470-070cd8df6dc4} ".cab or .zip files" - ? -   (File not found | COM-object registry key not found)
{23170F69-40C1-278A-1000-000100020000} "7-Zip Shell Extension" - "Igor Pavlov" - C:\Program Files\7-Zip\7-zip.dll
{1b24a030-9b20-49bc-97ac-1be4426f9e59} "ActiveDirectory Folder" - ? -   (File not found | COM-object registry key not found)
{34449847-FD14-4fc8-A75A-7432F5181EFB} "ActiveDirectory Folder" - ? -   (File not found | COM-object registry key not found)
{0F8604A5-4ECE-4DE1-BA7D-CF10F8AA4F48} "Contacts folder" - ? -   (File not found | COM-object registry key not found)
{A70C977A-BF00-412C-90B7-034C51DA2439} "DesktopContext Class" - "NVIDIA Corporation" - C:\Windows\system32\nvcpl.dll
{2C2577C2-63A7-40e3-9B7F-586602617ECB} "Explorer Query Band" - ? -   (File not found | COM-object registry key not found)
{FAC3CBF6-8697-43d0-BAB9-DCD1FCE19D75} "IE User Assist" - ? -   (File not found | COM-object registry key not found)
{8D1636FD-CA49-4B4E-90E4-0A20E03A15E8} "JetFlExt Class" - "JetAudio" - C:\Program Files\JetAudio\JetFlExt.dll
{993BE281-6695-4BA5-8A2A-7AACBFAAB69E} "Microsoft Office Metadata Handler" - "Microsoft Corporation" - C:\PROGRA~1\COMMON~1\MICROS~1\OFFICE12\msoshext.dll
{C41662BB-1FA0-4CE0-8DC5-9B7F8279FF97} "Microsoft Office Thumbnail Handler" - "Microsoft Corporation" - C:\PROGRA~1\COMMON~1\MICROS~1\OFFICE12\msoshext.dll
{97F68CE3-7146-45FF-BE24-D9A7DD7CB8A2} "NeroCoverEdLiveIcons Class" - "Nero AG" - C:\Program Files\Nero\Nero8\Nero CoverDesigner\CoverEdExtension.dll
{3D1975AF-48C6-4f8e-A182-BE0E08FA86A9} "NVIDIA CPL Context Menu Extension" - "NVIDIA Corporation" - C:\Windows\system32\nvshext.dll
{FFB699E0-306A-11d3-8BD1-00104B6F7516} "NVIDIA CPL Extension" - "NVIDIA Corporation" - C:\Windows\system32\nvcpl.dll
{C52AF81D-F7A0-4AAB-8E87-F80A60CCD396} "OpenOffice.org Column Handler" - ? - C:\Program Files\OpenOffice.org 3\Basis\program\shlxthdl\shlxthdl.dll
{087B3AE3-E237-4467-B8DB-5A38AB959AC9} "OpenOffice.org Infotip Handler" - ? - C:\Program Files\OpenOffice.org 3\Basis\program\shlxthdl\shlxthdl.dll
{63542C48-9552-494A-84F7-73AA6A7C99C1} "OpenOffice.org Property Sheet Handler" - ? - C:\Program Files\OpenOffice.org 3\Basis\program\shlxthdl\shlxthdl.dll
{3B092F0C-7696-40E3-A80F-68D74DA84210} "OpenOffice.org Thumbnail Viewer" - ? - C:\Program Files\OpenOffice.org 3\Basis\program\shlxthdl\shlxthdl.dll
{C8494E42-ACDD-4739-B0FB-217361E4894F} "Sam Account Folder" - ? -   (File not found | COM-object registry key not found)
{E29F9716-5C08-4FCD-955A-119FDB5A522D} "Sam Account Folder" - ? -   (File not found | COM-object registry key not found)
{45AC2688-0253-4ED8-97DE-B5370FA7D48A} "Shell Extension for Malware scanning" - "Avira Operations GmbH & Co. KG" - C:\Program Files\Avira\AntiVir Desktop\shlext.dll
{2BE99FD4-A181-4996-BFA9-58C5FFD11F6C} "Windows Live Photo Gallery Autoplay Drop Target" - "Microsoft Corporation" - C:\Program Files\Windows Live\Photo Gallery\WLXPhotoGallery.exe
{00F30F64-AC33-42F5-8FD1-5DC2D3FDE06C} "Windows Live Photo Gallery Editor Drop Target" - "Microsoft Corporation" - C:\Program Files\Windows Live\Photo Gallery\WLXPhotoGallery.exe
{00F3712A-CA79-45B4-9E4D-D7891E7F8B9D} "Windows Live Photo Gallery Editor Shim" - "Microsoft Corporation" - C:\Program Files\Windows Live\Photo Gallery\PhotoViewerShim.dll
{00F30F90-3E96-453B-AFCD-D71989ECC2C7} "Windows Live Photo Gallery Viewer Autoplay Shim" - "Microsoft Corporation" - C:\Program Files\Windows Live\Photo Gallery\PhotoViewerShim.dll
{00F33137-EE26-412F-8D71-F84E4C2C6625} "Windows Live Photo Gallery Viewer Autoplay Shim" - "Microsoft Corporation" - C:\Program Files\Windows Live\Photo Gallery\PhotoViewerShim.dll
{00F374B7-B390-4884-B372-2FC349F2172B} "Windows Live Photo Gallery Viewer Drop Target" - "Microsoft Corporation" - C:\Program Files\Windows Live\Photo Gallery\WLXPhotoGallery.exe
{00F346CB-35A4-465B-8B8F-65A29DBAB1F6} "Windows Live Photo Gallery Viewer Shim" - "Microsoft Corporation" - C:\Program Files\Windows Live\Photo Gallery\PhotoViewerShim.dll
{da67b8ad-e81b-4c70-9b91b417b5e33527} "Windows Search Shell Service" - ? -   (File not found | COM-object registry key not found)
{06A2568A-CED6-4187-BB20-400B8C02BE5A} "{06A2568A-CED6-4187-BB20-400B8C02BE5A}" - "Microsoft Corporation" - C:\Program Files\Windows Live\Photo Gallery\WLXPhotoAcquireWizard.exe

[Internet Explorer]
-----( HKCU\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser )-----
ITBar7Height "ITBar7Height" - ? -   (File not found | COM-object registry key not found)
<binary data> "ITBar7Layout" - ? -   (File not found | COM-object registry key not found)
-----( HKLM\SOFTWARE\Microsoft\Code Store Database\Distribution Units )-----
{CAFEEFAC-0017-0000-0004-ABCDEFFEDCBA} "Java Plug-in 1.7.0_04" - "Oracle Corporation" - C:\Program Files\Oracle\JavaFX 2.1 Runtime\bin\jp2iexp.dll / hxxp://java.sun.com/update/1.7.0/jinstall-1_7_0_04-windows-i586.cab
{8AD9C840-044E-11D1-B3E9-00805F499D93} "Java Plug-in 10.5.1" - "Oracle Corporation" - C:\Program Files\Oracle\JavaFX 2.1 Runtime\bin\jp2iexp.dll / hxxp://java.sun.com/update/1.7.0/jinstall-1_7_0_04-windows-i586.cab
{CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} "Java Plug-in 10.5.1" - "Oracle Corporation" - C:\Program Files\Oracle\JavaFX 2.1 Runtime\bin\jp2iexp.dll / hxxp://java.sun.com/update/1.7.0/jinstall-1_7_0_04-windows-i586.cab
-----( HKLM\SOFTWARE\Microsoft\Internet Explorer\Extensions )-----
{DE9C389F-3316-41A7-809B-AA305ED9D922} "AOL Toolbar" - ? -   (File not found | COM-object registry key not found)
-----( HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects )-----
{18DF081C-E8AD-4283-A596-FA578C2EBDC3} "Adobe PDF Link Helper" - "Adobe Systems Incorporated" - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
{326E768D-4182-46FD-9C16-1449A49795F4} "DivX Plus Web Player HTML5 <video>" - "DivX, LLC" - C:\Program Files\DivX\DivX Plus Web Player\ie\DivXHTML5\DivXHTML5.dll
{DBC80044-A445-435b-BC74-9C25C1C588A9} "Java(tm) Plug-In 2 SSV Helper" - "Oracle Corporation" - C:\Program Files\Oracle\JavaFX 2.1 Runtime\bin\jp2ssv.dll
{761497BB-D6F0-462C-B6EB-D4DAF1D92D43} "Java(tm) Plug-In SSV Helper" - "Oracle Corporation" - C:\Program Files\Oracle\JavaFX 2.1 Runtime\bin\ssv.dll
{9030D464-4C02-4ABF-8ECC-5164760863C6} "Windows Live Anmelde-Hilfsprogramm" - "Microsoft Corporation" - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll

[Logon]
-----( %APPDATA%\Microsoft\Windows\Start Menu\Programs\Startup )-----
"desktop.ini" - ? - C:\Users\Sugga\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\desktop.ini
-----( %AllUsersProfile%\Microsoft\Windows\Start Menu\Programs\Startup )-----
"desktop.ini" - ? - C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\desktop.ini
-----( HKLM\SYSTEM\CurrentControlSet\Control\Terminal Server\Wds\rdpwd )-----
"StartupPrograms" - ? - rdpclip  (File not found)
-----( HKLM\Software\Microsoft\Windows\CurrentVersion\Run )-----
"Adobe ARM" - "Adobe Systems Incorporated" - "C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
"APSDaemon" - "Apple Inc." - "C:\Program Files\Common Files\Apple\Apple Application Support\APSDaemon.exe"
"avgnt" - "Avira Operations GmbH & Co. KG" - "C:\Program Files\Avira\AntiVir Desktop\avgnt.exe" /min
"DivXUpdate" - ? - "C:\Program Files\DivX\DivX Update\DivXUpdate.exe" /CHECKNOW
"FSCRecovery" - "Fujitsu Siemens Computers GmbH" - c:\Program Files\Fujitsu Siemens Computers\Fujitsu Siemens Computers Recovery\FSCRecoveryReminder.exe
"Google EULA Launcher" - " " - c:\Program Files\Google\Google EULA\GoogleEULALauncher.exe IE PA
"HostManager" - "America Online, Inc." - C:\Program Files\Common Files\AOL\1246636931\ee\AOLSoftware.exe
"NvCplDaemon" - "NVIDIA Corporation" - RUNDLL32.EXE C:\Windows\system32\NvCpl.dll,NvStartup
"OSD" - "ODM" - C:\Program Files\OEM\OSD_1.16\osd.exe
"QuickTime Task" - "Apple Inc." - "C:\Program Files\QuickTime\QTTask.exe" -atboottime
"SunJavaUpdateSched" - "Sun Microsystems, Inc." - "C:\Program Files\Common Files\Java\Java Update\jusched.exe"

[Print Monitors]
-----( HKLM\SYSTEM\CurrentControlSet\Control\Print\Monitors )-----
"PDFCreator" - ? - C:\Windows\system32\pdfcmnnt.dll  (File found, but it contains no detailed information)

[Services]
-----( HKLM\SYSTEM\CurrentControlSet\Services )-----
"@C:\Windows\Microsoft.NET\Framework\v4.0.30319\WPF\WPFFontCache_v0400.exe,-100" (WPFFontCache_v0400) - "Microsoft Corporation" - C:\Windows\Microsoft.NET\Framework\v4.0.30319\WPF\WPFFontCache_v0400.exe
"Adobe Acrobat Update Service" (AdobeARMservice) - "Adobe Systems Incorporated" - C:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe
"Adobe Flash Player Update Service" (AdobeFlashPlayerUpdateSvc) - "Adobe Systems Incorporated" - C:\Windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe
"AOL Connectivity Service" (AOL ACS) - "AOL LLC" - C:\Program Files\Common Files\AOL\ACS\AOLAcsd.exe
"Avira Echtzeit Scanner" (AntiVirService) - "Avira Operations GmbH & Co. KG" - C:\Program Files\Avira\AntiVir Desktop\avguard.exe
"Avira Planer" (AntiVirSchedulerService) - "Avira Operations GmbH & Co. KG" - C:\Program Files\Avira\AntiVir Desktop\sched.exe
"Bonjour-Dienst" (Bonjour Service) - "Apple Inc." - C:\Program Files\Bonjour\mDNSResponder.exe
"Business Contact Manager SQL Server Startup Service" (BcmSqlStartupSvc) - "Microsoft Corporation" - C:\Program Files\Microsoft Small Business\Business Contact Manager\BcmSqlStartupSvc.exe
"FsUsbExService" (FsUsbExService) - "Teruten" - C:\Windows\system32\FsUsbExService.Exe
"Fujitsu Diagnostic Testhandler" (TestHandler) - "Fujitsu Technology Solutions" - C:\Program Files\Fujitsu\SystemDiagnostics\OnlineDiagnostic\TestManager\TestHandler.exe
"Google Desktop Manager 5.7.802.22438" (GoogleDesktopManager-022208-143751) - "Google" - C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe
"Google Update-Dienst (gupdate)" (gupdate) - "Google Inc." - C:\Program Files\Google\Update\GoogleUpdate.exe
"Google Update-Dienst (gupdatem)" (gupdatem) - "Google Inc." - C:\Program Files\Google\Update\GoogleUpdate.exe
"Google Updater Service" (gusvc) - "Google" - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
"Microsoft .NET Framework NGEN v4.0.30319_X86" (clr_optimization_v4.0.30319_32) - "Microsoft Corporation" - C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe
"Mozilla Maintenance Service" (MozillaMaintenance) - "Mozilla Foundation" - C:\Program Files\Mozilla Maintenance Service\maintenanceservice.exe
"Nero BackItUp Scheduler 3" (Nero BackItUp Scheduler 3) - "Nero AG" - C:\Program Files\Nero\Nero8\Nero BackItUp\NBService.exe
"NMIndexingService" (NMIndexingService) - "Nero AG" - C:\Program Files\Common Files\Nero\Lib\NMIndexingService.exe
"NVIDIA Display Driver Service" (nvsvc) - "NVIDIA Corporation" - C:\Windows\system32\nvvsvc.exe
"Office  Source Engine" (ose) - "Microsoft Corporation" - C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE
"OSD Service" (OsdService) - "TODO: <公司名稱>" - C:\Program Files\OEM\OSD_1.16\OsdService.exe
"PLFlash DeviceIoControl Service" (PLFlash DeviceIoControl Service) - "Prolific Technology Inc." - C:\Windows\system32\IoctlSvc.exe
"SAS Core Service" (!SASCORE) - "SUPERAntiSpyware.com" - C:\Program Files\SUPERAntiSpyware\SASCORE.EXE
"SQL Server (MSSMLBIZ)" (MSSQL$MSSMLBIZ) - "Microsoft Corporation" - C:\Program Files\Microsoft SQL Server\MSSQL.1\MSSQL\Binn\sqlservr.exe
"SQL Server Browser" (SQLBrowser) - "Microsoft Corporation" - C:\Program Files\Microsoft SQL Server\90\Shared\sqlbrowser.exe
"SQL Server VSS Writer" (SQLWriter) - "Microsoft Corporation" - C:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe

[Winlogon]
-----( HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify )-----
"!SASWinLogon" - "SUPERAntiSpyware.com" - C:\Program Files\SUPERAntiSpyware\SASWINLO.DLL

[Winsock Providers]
-----( HKLM\SYSTEM\CurrentControlSet\Services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries )-----
"mdnsNSP" - "Apple Inc." - C:\Program Files\Bonjour\mdnsNSP.dll

===[ Logfile end ]=========================================[ Logfile end ]===

If You have questions or want to get some help, You can visit hxxp://forum.online-solutions.ru

Suggasweet · 25.07.2012, 20:43

hier nun die text-file von asw.MBR als Anhang

Suggasweet · 25.07.2012, 20:44

oder als code-tag

Code:

ATTFilter

aswMBR version 0.9.9.1665 Copyright(c) 2011 AVAST Software
Run date: 2012-07-25 18:50:59
-----------------------------
18:50:59.514    OS Version: Windows 6.0.6002 Service Pack 2
18:50:59.514    Number of processors: 2 586 0x1706
18:50:59.514    ComputerName: ANJAS-PC  UserName: Sugga
18:51:01.090    Initialize success
18:52:19.536    AVAST engine defs: 12072500
18:54:17.067    Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\Ide\IdeDeviceP0T0L0-0
18:54:17.067    Disk 0 Vendor: FUJITSU_MHZ2320BH_G2 00000009 Size: 305245MB BusType: 3
18:54:17.301    Disk 0 MBR read successfully
18:54:17.316    Disk 0 MBR scan
18:54:17.316    Disk 0 Windows VISTA default MBR code
18:54:17.394    Disk 0 Partition 1 00     27 Hidden NTFS WinRE NTFS         9000 MB offset 2048
18:54:17.457    Disk 0 Partition 2 80 (A) 07    HPFS/NTFS NTFS        96419 MB offset 18434048
18:54:17.519    Disk 0 Partition 3 00     07    HPFS/NTFS NTFS       199824 MB offset 215900160
18:54:17.628    Disk 0 scanning sectors +625140400
18:54:18.143    Disk 0 scanning C:\Windows\system32\drivers
18:55:27.828    Service scanning
18:55:56.485    Modules scanning
18:57:03.191    Disk 0 trace - called modules:
18:57:03.253    ntkrnlpa.exe CLASSPNP.SYS disk.sys ataport.SYS hal.dll PCIIDEX.SYS msahci.sys 
18:57:03.253    1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0x85d78ac8]
18:57:03.269    3 CLASSPNP.SYS[8a9a78b3] -> nt!IofCallDriver -> \Device\Ide\IdeDeviceP0T0L0-0[0x84d94b98]
18:57:03.971    AVAST engine scan C:\Windows
18:57:44.765    AVAST engine scan C:\Windows\system32
19:19:00.361    AVAST engine scan C:\Windows\system32\drivers
19:21:44.271    AVAST engine scan C:\Users\Sugga
20:09:32.128    AVAST engine scan C:\ProgramData
20:12:54.881    Scan finished successfully
21:41:01.955    Disk 0 MBR has been saved successfully to "C:\Users\Sugga\Desktop\MBR.dat"
21:41:01.955    The log file has been saved successfully to "C:\Users\Sugga\Desktop\aswMBR.txt"

cosinus · 26.07.2012, 14:03

Sieht ok aus. Wir sollten fast durch sein. Mach bitte zur Kontrolle Vollscans mit Malwarebytes und SUPERAntiSpyware und poste die Logs.
Denk dran beide Tools zu updaten vor dem Scan!!

19.07.2012, 22:01	#16
cosinus /// Winkelfunktion /// TB-Süch-Tiger™	Blue Screen, dann später Virenmeld. v. Antivir (Phish/Paypal.TN; EXP/2008-5353.CN; JAVA/Dldr.Lamar) Hätte da mal zwei Fragen bevor es weiter geht 1.) Geht der normale Modus von Windows (wieder) uneingeschränkt? 2.) Vermisst du irgendwas im Startmenü? Sind da leere Ordner unter alle Programme oder ist alles vorhanden? __________________ Logfiles bitte immer in CODE-Tags posten

26.07.2012, 14:03	#30
cosinus /// Winkelfunktion /// TB-Süch-Tiger™	Blue Screen, dann später Virenmeld. v. Antivir (Phish/Paypal.TN; EXP/2008-5353.CN; JAVA/Dldr.Lamar) Sieht ok aus. Wir sollten fast durch sein. Mach bitte zur Kontrolle Vollscans mit Malwarebytes und SUPERAntiSpyware und poste die Logs. Denk dran beide Tools zu updaten vor dem Scan!! __________________ Logfiles bitte immer in CODE-Tags posten

Blue Screen, dann später Virenmeld. v. Antivir (Phish/Paypal.TN; EXP/2008-5353.CN; JAVA/Dldr.Lamar)

Plagegeister aller Art und deren Bekämpfung: Blue Screen, dann später Virenmeld. v. Antivir (Phish/Paypal.TN; EXP/2008-5353.CN; JAVA/Dldr.Lamar)