Mach einen OTL-Fix, beende alle evtl. geöffneten Programme, auch Virenscanner deaktivieren (!), starte OTL und kopiere folgenden Text in die "Custom Scan/Fixes" Box (unten in OTL): (das ":OTL" muss mitkopiert werden!!!)

Code: Alles auswählenAufklappen

ATTFilter

:OTL
IE - HKU\S-1-5-21-2546707314-2983746973-2447176769-1000\..\SearchScopes\{70D46D94-BF1E-45ED-B567-48701376298E}: "URL" = http://127.0.0.1:4664/search&s=rYr4iRqPYrzD9-DDVx6rSQwn8Hk?q={searchTerms}
FF - user.js - File not found
O3 - HKU\S-1-5-21-2546707314-2983746973-2447176769-1000\..\Toolbar\WebBrowser: (no name) - {8FF5E180-ABDE-46EB-B09E-D2AAB95CABE3} - No CLSID value found.
O4 - HKU\S-1-5-21-2546707314-2983746973-2447176769-1000..\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe (Safer-Networking Ltd.)
O4 - Startup: C:\Users\Gogi\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\CurseClientStartup.ccip ()
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O7 - HKU\.DEFAULT\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-18\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-19\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-20\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-21-2546707314-2983746973-2447176769-1000\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-21-2546707314-2983746973-2447176769-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-21-2546707314-2983746973-2447176769-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O8 - Extra context menu item: Google Sidewiki... - res://C:\Program Files\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_60D6097707281E79.dll/cmsidewiki.html File not found
O8 - Extra context menu item: LastPass Ausfüllformulare - file://C:\Program Files\LastPass\context.html?cmd=fillforms File not found
O9 - Extra Button: ICQ7.4 - {73C6DCFB-B606-47F3-BDFA-9A4FBF931E37} - C:\Program Files\ICQ7.4\ICQ.exe File not found
O9 - Extra 'Tools' menuitem : ICQ7.4 - {73C6DCFB-B606-47F3-BDFA-9A4FBF931E37} - C:\Program Files\ICQ7.4\ICQ.exe File not found
O28 - HKLM ShellExecuteHooks: {AEB6717E-7E19-11d0-97EE-00C04FD91972} - No CLSID value found.
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2006.09.18 23:43:36 | 000,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ]
@Alternate Data Stream - 146 bytes -> C:\ProgramData\Temp:157E1AD3
:Files
C:\Users\Gogi\AppData\Roaming\mIRC\downloads
C:\Users\Gogi\AppData\Roaming\hwzypv.dat
:Commands
[purity]
[emptytemp]
[emptyflash]
[resethosts]
         

Klick dann oben links auf den Button Fix!
Das Logfile müsste geöffnet werden, wenn Du nach dem Fixen auf ok klickst, poste das bitte. Evtl. wird der Rechner neu gestartet.

Die mit diesem Script gefixten Einträge, Dateien und Ordner werden zur Sicherheit nicht vollständig gelöscht, es wird eine Sicherheitskopie auf der Systempartition im Ordner "_OTL" erstellt.

Hinweis: Das obige Script ist nur für diesen einen User in dieser Situtation erstellt worden. Es ist auf keinen anderen Rechner portierbar und darf nicht anderweitig verwandt werden, da es das System nachhaltig schädigen kann!

Erledigt!

Code: Alles auswählenAufklappen

ATTFilter

All processes killed
========== OTL ==========
Registry key HKEY_USERS\S-1-5-21-2546707314-2983746973-2447176769-1000\Software\Microsoft\Internet Explorer\SearchScopes\{70D46D94-BF1E-45ED-B567-48701376298E}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{70D46D94-BF1E-45ED-B567-48701376298E}\ not found.
Registry value HKEY_USERS\S-1-5-21-2546707314-2983746973-2447176769-1000\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\\{8FF5E180-ABDE-46EB-B09E-D2AAB95CABE3} not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{8FF5E180-ABDE-46EB-B09E-D2AAB95CABE3}\ not found.
Registry value HKEY_USERS\S-1-5-21-2546707314-2983746973-2447176769-1000\Software\Microsoft\Windows\CurrentVersion\Run\\SpybotSD TeaTimer not found.
File C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe not found.
File C:\Users\Gogi\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\CurseClientStartup.ccip not found.
Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\\NoDrives not found.
Registry key HKEY_USERS\.DEFAULT\Software\Policies\Microsoft\Internet Explorer\Control Panel\ not found.
Registry key HKEY_USERS\S-1-5-18\Software\Policies\Microsoft\Internet Explorer\Control Panel\ not found.
Registry key HKEY_USERS\S-1-5-19\Software\Policies\Microsoft\Internet Explorer\Control Panel\ not found.
Registry key HKEY_USERS\S-1-5-20\Software\Policies\Microsoft\Internet Explorer\Control Panel\ not found.
Registry key HKEY_USERS\S-1-5-21-2546707314-2983746973-2447176769-1000\Software\Policies\Microsoft\Internet Explorer\Control Panel\ not found.
Registry value HKEY_USERS\S-1-5-21-2546707314-2983746973-2447176769-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\\NoDriveTypeAutoRun not found.
Registry value HKEY_USERS\S-1-5-21-2546707314-2983746973-2447176769-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\\NoDrives not found.
Registry key HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\MenuExt\Google Sidewiki...\ not found.
Registry key HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\MenuExt\LastPass Ausfüllformulare\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Extensions\{73C6DCFB-B606-47F3-BDFA-9A4FBF931E37}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C6DCFB-B606-47F3-BDFA-9A4FBF931E37}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Extensions\{73C6DCFB-B606-47F3-BDFA-9A4FBF931E37}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C6DCFB-B606-47F3-BDFA-9A4FBF931E37}\ not found.
Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks\\{AEB6717E-7E19-11d0-97EE-00C04FD91972} not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{AEB6717E-7E19-11d0-97EE-00C04FD91972}\ not found.
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Cdrom\\AutoRun|DWORD:1 /E : value set successfully!
File C:\autoexec.bat not found.
Unable to delete ADS C:\ProgramData\Temp:157E1AD3 .
========== FILES ==========
File\Folder C:\Users\Gogi\AppData\Roaming\mIRC\downloads not found.
File\Folder C:\Users\Gogi\AppData\Roaming\hwzypv.dat not found.
========== COMMANDS ==========
 
[EMPTYTEMP]
 
User: All Users
 
User: Default
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
->Flash cache emptied: 0 bytes
 
User: Default User
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
->Flash cache emptied: 0 bytes
 
User: Gogi
->Temp folder emptied: 3113110087 bytes
->Temporary Internet Files folder emptied: 1862962555 bytes
->Java cache emptied: 104553 bytes
->FireFox cache emptied: 621368403 bytes
->Google Chrome cache emptied: 468910833 bytes
->Apple Safari cache emptied: 170294272 bytes
->Opera cache emptied: 2118076 bytes
->Flash cache emptied: 463136 bytes
 
User: Public
 
%systemdrive% .tmp files removed: 0 bytes
%systemroot% .tmp files removed: 0 bytes
%systemroot%\System32 .tmp files removed: 0 bytes
%systemroot%\System32\drivers .tmp files removed: 0 bytes
Windows Temp folder emptied: 293570871 bytes
RecycleBin emptied: 514044603 bytes
 
Total Files Cleaned = 6.720,00 mb
 
 
[EMPTYFLASH]
 
User: All Users
 
User: Default
->Flash cache emptied: 0 bytes
 
User: Default User
->Flash cache emptied: 0 bytes
 
User: Gogi
->Flash cache emptied: 0 bytes
 
User: Public
 
Total Flash Files Cleaned = 0,00 mb
 
C:\Windows\System32\drivers\etc\Hosts moved successfully.
HOSTS file reset successfully
 
OTL by OldTimer - Version 3.2.54.1 log created on 08042012_212852

Files\Folders moved on Reboot...

PendingFileRenameOperations files...

Registry entries deleted on Reboot...
         

Bitte nun (im normalen Windows-Modus) dieses Tool von Kaspersky (TDSS-Killer) ausführen und das Log posten Anleitung und Downloadlink hier => http://www.trojaner-board.de/82358-t...entfernen.html

Hinweis: Bitte den Virenscanner abstellen bevor du den TDSS-Killer ausführst, denn v.a. Avira meldet im TDSS-Tool oft einen Fehalalrm!

Das Tool so einstellen wie unten im Bild angegeben - klick auf change parameters und setze die Haken wie im folgenden Screenshot abgebildet,
Dann auf Start Scan klicken und wenn es durch ist auf den Button Report klicken um das Log anzuzeigen. Dieses bitte komplett posten.
Wenn du das Log nicht findest oder den Inhalt kopieren und in dein Posting übertragen kannst, dann schau bitte direkt auf deiner Windows-Systempartition (meistens Laufwerk C nach, da speichert der TDSS-Killer seine Logs.

Hinweis: Bitte nichts voreilig mit dem TDSS-Killer löschen! Falls Objekte vom TDSS-Killer bemängelt werden, alle mit der Aktion "skip" behandeln und hier nur das Log posten!

OK, hab alles geskippt. Hier das Log:

Code: Alles auswählenAufklappen

ATTFilter

20:25:12.0752 6056	TDSS rootkit removing tool 2.7.48.0 Jul 24 2012 13:16:32
20:25:12.0939 6056	============================================================
20:25:12.0939 6056	Current date / time: 2012/08/05 20:25:12.0939
20:25:12.0939 6056	SystemInfo:
20:25:12.0939 6056	
20:25:12.0939 6056	OS Version: 6.0.6002 ServicePack: 2.0
20:25:12.0939 6056	Product type: Workstation
20:25:12.0939 6056	ComputerName: GOGI-PC
20:25:12.0939 6056	UserName: Gogi
20:25:12.0939 6056	Windows directory: C:\Windows
20:25:12.0939 6056	System windows directory: C:\Windows
20:25:12.0939 6056	Processor architecture: Intel x86
20:25:12.0939 6056	Number of processors: 4
20:25:12.0939 6056	Page size: 0x1000
20:25:12.0939 6056	Boot type: Normal boot
20:25:12.0939 6056	============================================================
20:25:14.0702 6056	Drive \Device\Harddisk0\DR0 - Size: 0x950B056000 (596.17 Gb), SectorSize: 0x200, Cylinders: 0x13001, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000050
20:25:14.0796 6056	============================================================
20:25:14.0796 6056	\Device\Harddisk0\DR0:
20:25:14.0796 6056	MBR partitions:
20:25:14.0796 6056	\Device\Harddisk0\DR0\Partition0: MBR, Type 0x7, StartLBA 0x1194800, BlocksNum 0x18A31800
20:25:14.0796 6056	\Device\Harddisk0\DR0\Partition1: MBR, Type 0x7, StartLBA 0x19BC6000, BlocksNum 0x30C91AB0
20:25:14.0796 6056	============================================================
20:25:14.0921 6056	C: <-> \Device\Harddisk0\DR0\Partition0
20:25:14.0983 6056	D: <-> \Device\Harddisk0\DR0\Partition1
20:25:15.0014 6056	============================================================
20:25:15.0014 6056	Initialize success
20:25:15.0014 6056	============================================================
20:26:14.0453 6788	============================================================
20:26:14.0453 6788	Scan started
20:26:14.0453 6788	Mode: Manual; SigCheck; TDLFS; 
20:26:14.0453 6788	============================================================
20:26:17.0635 6788	ACPI            (82b296ae1892fe3dbee00c9cf92f8ac7) C:\Windows\system32\drivers\acpi.sys
20:26:17.0791 6788	ACPI - ok
20:26:17.0979 6788	AdobeARMservice (62b7936f9036dd6ed36e6a7efa805dc0) C:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe
20:26:18.0010 6788	AdobeARMservice - ok
20:26:18.0696 6788	AdobeFlashPlayerUpdateSvc (f19c98ad81d2c0e1bbfd8153d2c80ee8) C:\Windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe
20:26:18.0712 6788	AdobeFlashPlayerUpdateSvc - ok
20:26:18.0774 6788	adp94xx         (04f0fcac69c7c71a3ac4eb97fafc8303) C:\Windows\system32\drivers\adp94xx.sys
20:26:18.0806 6788	adp94xx - ok
20:26:18.0868 6788	adpahci         (60505e0041f7751bdbb80f88bf45c2ce) C:\Windows\system32\drivers\adpahci.sys
20:26:18.0899 6788	adpahci - ok
20:26:18.0915 6788	adpu160m        (8a42779b02aec986eab64ecfc98f8bd7) C:\Windows\system32\drivers\adpu160m.sys
20:26:18.0930 6788	adpu160m - ok
20:26:18.0962 6788	adpu320         (241c9e37f8ce45ef51c3de27515ca4e5) C:\Windows\system32\drivers\adpu320.sys
20:26:18.0977 6788	adpu320 - ok
20:26:19.0008 6788	AeLookupSvc     (9d1fda9e086ba64e3c93c9de32461bcf) C:\Windows\System32\aelupsvc.dll
20:26:19.0071 6788	AeLookupSvc - ok
20:26:19.0133 6788	AFD             (3911b972b55fea0478476b2e777b29fa) C:\Windows\system32\drivers\afd.sys
20:26:19.0196 6788	AFD - ok
20:26:19.0258 6788	agp440          (13f9e33747e6b41a3ff305c37db0d360) C:\Windows\system32\drivers\agp440.sys
20:26:19.0274 6788	agp440 - ok
20:26:19.0383 6788	ahcix86s        (fbe4016f9ef3ab3db547e40a936b6cd9) C:\Windows\system32\drivers\ahcix86s.sys
20:26:19.0398 6788	ahcix86s - ok
20:26:19.0445 6788	aic78xx         (ae1fdf7bf7bb6c6a70f67699d880592a) C:\Windows\system32\drivers\djsvs.sys
20:26:19.0461 6788	aic78xx - ok
20:26:19.0476 6788	ALG             (a1545b731579895d8cc44fc0481c1192) C:\Windows\System32\alg.exe
20:26:19.0586 6788	ALG - ok
20:26:19.0601 6788	aliide          (9eaef5fc9b8e351afa7e78a6fae91f91) C:\Windows\system32\drivers\aliide.sys
20:26:19.0617 6788	aliide - ok
20:26:19.0648 6788	amdagp          (c47344bc706e5f0b9dce369516661578) C:\Windows\system32\drivers\amdagp.sys
20:26:19.0664 6788	amdagp - ok
20:26:19.0679 6788	amdide          (9b78a39a4c173fdbc1321e0dd659b34c) C:\Windows\system32\drivers\amdide.sys
20:26:19.0679 6788	amdide - ok
20:26:19.0710 6788	AmdK7           (18f29b49ad23ecee3d2a826c725c8d48) C:\Windows\system32\drivers\amdk7.sys
20:26:19.0757 6788	AmdK7 - ok
20:26:19.0773 6788	AmdK8           (93ae7f7dd54ab986a6f1a1b37be7442d) C:\Windows\system32\drivers\amdk8.sys
20:26:19.0820 6788	AmdK8 - ok
20:26:20.0007 6788	AntiVirSchedulerService (466a0d95960dad3222c896d2cea99993) C:\Program Files\Avira\AntiVir Desktop\sched.exe
20:26:20.0038 6788	AntiVirSchedulerService - ok
20:26:20.0085 6788	AntiVirService  (a489be6bb0aa1ff406b488b60542314b) C:\Program Files\Avira\AntiVir Desktop\avguard.exe
20:26:20.0101 6788	AntiVirService - ok
20:26:20.0147 6788	Appinfo         (c6d704c7f0434dc791aac37cac4b6e14) C:\Windows\System32\appinfo.dll
20:26:20.0194 6788	Appinfo - ok
20:26:20.0288 6788	Apple Mobile Device (f401929ee0cc92bfe7f15161ca535383) C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
20:26:20.0303 6788	Apple Mobile Device - ok
20:26:20.0366 6788	arc             (5d2888182fb46632511acee92fdad522) C:\Windows\system32\drivers\arc.sys
20:26:20.0381 6788	arc - ok
20:26:20.0444 6788	arcsas          (5e2a321bd7c8b3624e41fdec3e244945) C:\Windows\system32\drivers\arcsas.sys
20:26:20.0459 6788	arcsas - ok
20:26:20.0569 6788	aspnet_state    (40c145f12ff461a0220303bda134f598) C:\Windows\Microsoft.NET\Framework\v2.0.50727\aspnet_state.exe
20:26:20.0584 6788	aspnet_state - ok
20:26:20.0600 6788	AsyncMac        (53b202abee6455406254444303e87be1) C:\Windows\system32\DRIVERS\asyncmac.sys
20:26:20.0647 6788	AsyncMac - ok
20:26:20.0678 6788	atapi           (1f05b78ab91c9075565a9d8a4b880bc4) C:\Windows\system32\drivers\atapi.sys
20:26:20.0693 6788	atapi - ok
20:26:20.0787 6788	Ati External Event Utility (86fb6b8ddbcb6e025ce8a90f77af1ff1) C:\Windows\system32\Ati2evxx.exe
20:26:20.0896 6788	Ati External Event Utility - ok
20:26:22.0722 6788	atikmdag        (a23efb72057fed7128eb558866055fdf) C:\Windows\system32\DRIVERS\atikmdag.sys
20:26:22.0909 6788	atikmdag - ok
20:26:23.0580 6788	AudioEndpointBuilder (68e2a1a0407a66cf50da0300852424ab) C:\Windows\System32\Audiosrv.dll
20:26:23.0627 6788	AudioEndpointBuilder - ok
20:26:23.0627 6788	Audiosrv        (68e2a1a0407a66cf50da0300852424ab) C:\Windows\System32\Audiosrv.dll
20:26:23.0658 6788	Audiosrv - ok
20:26:23.0751 6788	avgntflt        (d5541f0afb767e85fc412fc609d96a74) C:\Windows\system32\DRIVERS\avgntflt.sys
20:26:23.0751 6788	avgntflt - ok
20:26:23.0814 6788	avipbb          (7d967a682d4694df7fa57d63a2db01fe) C:\Windows\system32\DRIVERS\avipbb.sys
20:26:23.0829 6788	avipbb - ok
20:26:23.0861 6788	avkmgr          (271cfd1a989209b1964e24d969552bf7) C:\Windows\system32\DRIVERS\avkmgr.sys
20:26:23.0876 6788	avkmgr - ok
20:26:23.0954 6788	Beep            (67e506b75bd5326a3ec7b70bd014dfb6) C:\Windows\system32\drivers\Beep.sys
20:26:24.0017 6788	Beep - ok
20:26:24.0064 6788	BFE             (c789af0f724fda5852fb9a7d3a432381) C:\Windows\System32\bfe.dll
20:26:24.0142 6788	BFE - ok
20:26:24.0360 6788	BITS            (93952506c6d67330367f7e7934b6a02f) C:\Windows\system32\qmgr.dll
20:26:24.0469 6788	BITS - ok
20:26:24.0532 6788	blbdrive        (d4df28447741fd3d953526e33a617397) C:\Windows\system32\drivers\blbdrive.sys
20:26:24.0547 6788	blbdrive - ok
20:26:25.0218 6788	Bonjour Service (db5bea73edaf19ac68b2c0fad0f92b1a) C:\Program Files\Bonjour\mDNSResponder.exe
20:26:25.0249 6788	Bonjour Service - ok
20:26:25.0281 6788	bowser          (35f376253f687bde63976ccb3f2108ca) C:\Windows\system32\DRIVERS\bowser.sys
20:26:25.0327 6788	bowser - ok
20:26:25.0359 6788	BrFiltLo        (9f9acc7f7ccde8a15c282d3f88b43309) C:\Windows\system32\drivers\brfiltlo.sys
20:26:25.0405 6788	BrFiltLo - ok
20:26:25.0421 6788	BrFiltUp        (56801ad62213a41f6497f96dee83755a) C:\Windows\system32\drivers\brfiltup.sys
20:26:25.0468 6788	BrFiltUp - ok
20:26:25.0561 6788	Browser         (a3629a0c4226f9e9c72faaeebc3ad33c) C:\Windows\System32\browser.dll
20:26:25.0593 6788	Browser - ok
20:26:25.0639 6788	Brserid         (b304e75cff293029eddf094246747113) C:\Windows\system32\drivers\brserid.sys
20:26:25.0780 6788	Brserid - ok
20:26:25.0795 6788	BrSerWdm        (203f0b1e73adadbbb7b7b1fabd901f6b) C:\Windows\system32\drivers\brserwdm.sys
20:26:25.0858 6788	BrSerWdm - ok
20:26:25.0873 6788	BrUsbMdm        (bd456606156ba17e60a04e18016ae54b) C:\Windows\system32\drivers\brusbmdm.sys
20:26:25.0936 6788	BrUsbMdm - ok
20:26:25.0951 6788	BrUsbSer        (af72ed54503f717a43268b3cc5faec2e) C:\Windows\system32\drivers\brusbser.sys
20:26:26.0014 6788	BrUsbSer - ok
20:26:26.0045 6788	BTHMODEM        (ad07c1ec6665b8b35741ab91200c6b68) C:\Windows\system32\drivers\bthmodem.sys
20:26:26.0107 6788	BTHMODEM - ok
20:26:26.0217 6788	cdfs            (7add03e75beb9e6dd102c3081d29840a) C:\Windows\system32\DRIVERS\cdfs.sys
20:26:26.0248 6788	cdfs - ok
20:26:26.0295 6788	cdrom           (6b4bffb9becd728097024276430db314) C:\Windows\system32\DRIVERS\cdrom.sys
20:26:26.0326 6788	cdrom - ok
20:26:26.0388 6788	CertPropSvc     (312ec3e37a0a1f2006534913e37b4423) C:\Windows\System32\certprop.dll
20:26:26.0419 6788	CertPropSvc - ok
20:26:26.0451 6788	circlass        (e5d4133f37219dbcfe102bc61072589d) C:\Windows\system32\drivers\circlass.sys
20:26:26.0497 6788	circlass - ok
20:26:26.0747 6788	CLFS            (d7659d3b5b92c31e84e53c1431f35132) C:\Windows\system32\CLFS.sys
20:26:26.0763 6788	CLFS - ok
20:26:26.0841 6788	clr_optimization_v2.0.50727_32 (8ee772032e2fe80a924f3b8dd5082194) C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe
20:26:26.0856 6788	clr_optimization_v2.0.50727_32 - ok
20:26:27.0168 6788	clr_optimization_v4.0.30319_32 (c5a75eb48e2344abdc162bda79e16841) C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe
20:26:27.0184 6788	clr_optimization_v4.0.30319_32 - ok
20:26:27.0231 6788	cmdide          (0ca25e686a4928484e9fdabd168ab629) C:\Windows\system32\drivers\cmdide.sys
20:26:27.0246 6788	cmdide - ok
20:26:27.0278 6788	Compbatt        (6afef0b60fa25de07c0968983ee4f60a) C:\Windows\system32\drivers\compbatt.sys
20:26:27.0278 6788	Compbatt - ok
20:26:27.0309 6788	COMSysApp - ok
20:26:27.0324 6788	crcdisk         (741e9dff4f42d2d8477d0fc1dc0df871) C:\Windows\system32\drivers\crcdisk.sys
20:26:27.0340 6788	crcdisk - ok
20:26:27.0356 6788	Crusoe          (1f07becdca750766a96cda811ba86410) C:\Windows\system32\drivers\crusoe.sys
20:26:27.0402 6788	Crusoe - ok
20:26:27.0449 6788	CryptSvc        (75c6a297e364014840b48eccd7525e30) C:\Windows\system32\cryptsvc.dll
20:26:27.0496 6788	CryptSvc - ok
20:26:27.0590 6788	DcomLaunch      (3b5b4d53fec14f7476ca29a20cc31ac9) C:\Windows\system32\rpcss.dll
20:26:27.0652 6788	DcomLaunch - ok
20:26:27.0668 6788	DfsC            (622c41a07ca7e6dd91770f50d532cb6c) C:\Windows\system32\Drivers\dfsc.sys
20:26:27.0714 6788	DfsC - ok
20:26:29.0134 6788	DFSR            (2cc3dcfb533a1035b13dcab6160ab38b) C:\Windows\system32\DFSR.exe
20:26:29.0322 6788	DFSR - ok
20:26:29.0446 6788	Dhcp            (9028559c132146fb75eb7acf384b086a) C:\Windows\System32\dhcpcsvc.dll
20:26:29.0509 6788	Dhcp - ok
20:26:29.0587 6788	disk            (5d4aefc3386920236a548271f8f1af6a) C:\Windows\system32\drivers\disk.sys
20:26:29.0602 6788	disk - ok
20:26:29.0618 6788	Dnscache        (57d762f6f5974af0da2be88a3349baaa) C:\Windows\System32\dnsrslvr.dll
20:26:29.0651 6788	Dnscache - ok
20:26:29.0706 6788	dot3svc         (324fd74686b1ef5e7c19a8af49e748f6) C:\Windows\System32\dot3svc.dll
20:26:29.0742 6788	dot3svc - ok
20:26:29.0811 6788	DPS             (a622e888f8aa2f6b49e9bc466f0e5def) C:\Windows\system32\dps.dll
20:26:29.0850 6788	DPS - ok
20:26:29.0913 6788	drmkaud         (97fef831ab90bee128c9af390e243f80) C:\Windows\system32\drivers\drmkaud.sys
20:26:29.0955 6788	drmkaud - ok
20:26:30.0348 6788	DXGKrnl         (c68ac676b0ef30cfbb1080adce49eb1f) C:\Windows\System32\drivers\dxgkrnl.sys
20:26:30.0527 6788	DXGKrnl - ok
20:26:30.0635 6788	E1G60           (5425f74ac0c1dbd96a1e04f17d63f94c) C:\Windows\system32\DRIVERS\E1G60I32.sys
20:26:30.0772 6788	E1G60 - ok
20:26:30.0928 6788	EapHost         (c0b95e40d85cd807d614e264248a45b9) C:\Windows\System32\eapsvc.dll
20:26:30.0975 6788	EapHost - ok
20:26:31.0178 6788	Ecache          (7f64ea048dcfac7acf8b4d7b4e6fe371) C:\Windows\system32\drivers\ecache.sys
20:26:31.0193 6788	Ecache - ok
20:26:31.0318 6788	ehRecvr         (9be3744d295a7701eb425332014f0797) C:\Windows\ehome\ehRecvr.exe
20:26:31.0365 6788	ehRecvr - ok
20:26:31.0381 6788	ehSched         (ad1870c8e5d6dd340c829e6074bf3c3f) C:\Windows\ehome\ehsched.exe
20:26:31.0427 6788	ehSched - ok
20:26:31.0443 6788	ehstart         (c27c4ee8926e74aa72efcab24c5242c3) C:\Windows\ehome\ehstart.dll
20:26:31.0459 6788	ehstart - ok
20:26:31.0521 6788	elxstor         (23b62471681a124889978f6295b3f4c6) C:\Windows\system32\drivers\elxstor.sys
20:26:31.0583 6788	elxstor - ok
20:26:31.0818 6788	EMDMgmt         (4e6b23dfc917ea39306b529b773950f4) C:\Windows\system32\emdmgmt.dll
20:26:31.0864 6788	EMDMgmt - ok
20:26:31.0927 6788	ErrDev          (3db974f3935483555d7148663f726c61) C:\Windows\system32\drivers\errdev.sys
20:26:31.0958 6788	ErrDev - ok
20:26:32.0145 6788	EventSystem     (67058c46504bc12d821f38cf99b7b28f) C:\Windows\system32\es.dll
20:26:32.0192 6788	EventSystem - ok
20:26:32.0239 6788	exfat           (22b408651f9123527bcee54b4f6c5cae) C:\Windows\system32\drivers\exfat.sys
20:26:32.0286 6788	exfat - ok
20:26:32.0332 6788	fastfat         (1e9b9a70d332103c52995e957dc09ef8) C:\Windows\system32\drivers\fastfat.sys
20:26:32.0348 6788	fastfat - ok
20:26:32.0379 6788	fdc             (afe1e8b9782a0dd7fb46bbd88e43f89a) C:\Windows\system32\DRIVERS\fdc.sys
20:26:32.0410 6788	fdc - ok
20:26:32.0442 6788	fdPHost         (6629b5f0e98151f4afdd87567ea32ba3) C:\Windows\system32\fdPHost.dll
20:26:32.0473 6788	fdPHost - ok
20:26:32.0473 6788	FDResPub        (89ed56dce8e47af40892778a5bd31fd2) C:\Windows\system32\fdrespub.dll
20:26:32.0535 6788	FDResPub - ok
20:26:32.0566 6788	FileInfo        (a8c0139a884861e3aae9cfe73b208a9f) C:\Windows\system32\drivers\fileinfo.sys
20:26:32.0582 6788	FileInfo - ok
20:26:32.0598 6788	Filetrace       (0ae429a696aecbc5970e3cf2c62635ae) C:\Windows\system32\drivers\filetrace.sys
20:26:32.0629 6788	Filetrace - ok
20:26:32.0644 6788	flpydisk        (85b7cf99d532820495d68d747fda9ebd) C:\Windows\system32\DRIVERS\flpydisk.sys
20:26:32.0691 6788	flpydisk - ok
20:26:32.0722 6788	FltMgr          (01334f9ea68e6877c4ef05d3ea8abb05) C:\Windows\system32\drivers\fltmgr.sys
20:26:32.0754 6788	FltMgr - ok
20:26:32.0832 6788	FontCache       (8ce364388c8eca59b14b539179276d44) C:\Windows\system32\FntCache.dll
20:26:32.0894 6788	FontCache - ok
20:26:33.0035 6788	FontCache3.0.0.0 (c7fbdd1ed42f82bfa35167a5c9803ea3) C:\Windows\Microsoft.Net\Framework\v3.0\WPF\PresentationFontCache.exe
20:26:33.0050 6788	FontCache3.0.0.0 - ok
20:26:33.0050 6788	Fs_Rec          (b972a66758577e0bfd1de0f91aaa27b5) C:\Windows\system32\drivers\Fs_Rec.sys
20:26:33.0097 6788	Fs_Rec - ok
20:26:33.0113 6788	gagp30kx        (34582a6e6573d54a07ece5fe24a126b5) C:\Windows\system32\drivers\gagp30kx.sys
20:26:33.0128 6788	gagp30kx - ok
20:26:33.0144 6788	GEARAspiWDM     (8182ff89c65e4d38b2de4bb0fb18564e) C:\Windows\system32\DRIVERS\GEARAspiWDM.sys
20:26:33.0159 6788	GEARAspiWDM - ok
20:26:33.0269 6788	GoogleDesktopManager-110309-193829 (f0187e45268e86aaaa932cbd9087bea8) C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe
20:26:33.0284 6788	GoogleDesktopManager-110309-193829 - ok
20:26:33.0315 6788	gpsvc           (cd5d0aeee35dfd4e986a5aa1500a6e66) C:\Windows\System32\gpsvc.dll
20:26:33.0409 6788	gpsvc - ok
20:26:33.0487 6788	gupdate1ca08a3ac5dc7e8 (626a24ed1228580b9518c01930936df9) C:\Program Files\Google\Update\GoogleUpdate.exe
20:26:33.0503 6788	gupdate1ca08a3ac5dc7e8 - ok
20:26:33.0518 6788	gupdatem        (626a24ed1228580b9518c01930936df9) C:\Program Files\Google\Update\GoogleUpdate.exe
20:26:33.0534 6788	gupdatem - ok
20:26:33.0581 6788	HdAudAddService (cb04c744be0a61b1d648faed182c3b59) C:\Windows\system32\drivers\HdAudio.sys
20:26:33.0643 6788	HdAudAddService - ok
20:26:33.0705 6788	HDAudBus        (062452b7ffd68c8c042a6261fe8dff4a) C:\Windows\system32\DRIVERS\HDAudBus.sys
20:26:33.0768 6788	HDAudBus - ok
20:26:33.0830 6788	HidBth          (1338520e78d90154ed6be8f84de5fceb) C:\Windows\system32\drivers\hidbth.sys
20:26:33.0877 6788	HidBth - ok
20:26:33.0908 6788	HidIr           (ff3160c3a2445128c5a6d9b076da519e) C:\Windows\system32\drivers\hidir.sys
20:26:33.0955 6788	HidIr - ok
20:26:33.0986 6788	hidserv         (84067081f3318162797385e11a8f0582) C:\Windows\system32\hidserv.dll
20:26:34.0033 6788	hidserv - ok
20:26:34.0049 6788	HidUsb          (cca4b519b17e23a00b826c55716809cc) C:\Windows\system32\DRIVERS\hidusb.sys
20:26:34.0064 6788	HidUsb - ok
20:26:34.0080 6788	hkmsvc          (d8ad255b37da92434c26e4876db7d418) C:\Windows\system32\kmsvc.dll
20:26:34.0111 6788	hkmsvc - ok
20:26:34.0142 6788	HpCISSs         (16ee7b23a009e00d835cdb79574a91a6) C:\Windows\system32\drivers\hpcisss.sys
20:26:34.0142 6788	HpCISSs - ok
20:26:34.0205 6788	HTTP            (f870aa3e254628ebeafe754108d664de) C:\Windows\system32\drivers\HTTP.sys
20:26:34.0283 6788	HTTP - ok
20:26:34.0314 6788	i2omp           (c6b032d69650985468160fc9937cf5b4) C:\Windows\system32\drivers\i2omp.sys
20:26:34.0330 6788	i2omp - ok
20:26:34.0361 6788	i8042prt        (22d56c8184586b7a1f6fa60be5f5a2bd) C:\Windows\system32\DRIVERS\i8042prt.sys
20:26:34.0392 6788	i8042prt - ok
20:26:34.0439 6788	iaStor          (e5a0034847537eaee3c00349d5c34c5f) C:\Windows\system32\drivers\iastor.sys
20:26:34.0454 6788	iaStor - ok
20:26:34.0657 6788	iaStorV         (54155ea1b0df185878e0fc9ec3ac3a14) C:\Windows\system32\drivers\iastorv.sys
20:26:34.0673 6788	iaStorV - ok
20:26:34.0876 6788	idsvc           (98477b08e61945f974ed9fdc4cb6bdab) C:\Windows\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\infocard.exe
20:26:34.0922 6788	idsvc - ok
20:26:34.0938 6788	iirsp           (2d077bf86e843f901d8db709c95b49a5) C:\Windows\system32\drivers\iirsp.sys
20:26:34.0938 6788	iirsp - ok
20:26:35.0000 6788	IKEEXT          (9908d8a397b76cd8d31d0d383c5773c9) C:\Windows\System32\ikeext.dll
20:26:35.0063 6788	IKEEXT - ok
20:26:35.0843 6788	IntcAzAudAddService (5d26ccb06e1f3b5c26e863df3f4f2611) C:\Windows\system32\drivers\RTKVHDA.sys
20:26:36.0015 6788	IntcAzAudAddService - ok
20:26:37.0403 6788	intelide        (83aa759f3189e6370c30de5dc5590718) C:\Windows\system32\drivers\intelide.sys
20:26:37.0419 6788	intelide - ok
20:26:37.0466 6788	intelppm        (224191001e78c89dfa78924c3ea595ff) C:\Windows\system32\DRIVERS\intelppm.sys
20:26:37.0512 6788	intelppm - ok
20:26:37.0590 6788	IPBusEnum       (9ac218c6e6105477484c6fdbe7d409a4) C:\Windows\system32\ipbusenum.dll
20:26:37.0637 6788	IPBusEnum - ok
20:26:37.0668 6788	IpFilterDriver  (62c265c38769b864cb25b4bcf62df6c3) C:\Windows\system32\DRIVERS\ipfltdrv.sys
20:26:37.0700 6788	IpFilterDriver - ok
20:26:37.0762 6788	iphlpsvc        (1998bd97f950680bb55f55a7244679c2) C:\Windows\System32\iphlpsvc.dll
20:26:37.0809 6788	iphlpsvc - ok
20:26:37.0809 6788	IpInIp - ok
20:26:37.0824 6788	IPMIDRV         (b25aaf203552b7b3491139d582b39ad1) C:\Windows\system32\drivers\ipmidrv.sys
20:26:37.0871 6788	IPMIDRV - ok
20:26:37.0887 6788	IPNAT           (8793643a67b42cec66490b2a0cf92d68) C:\Windows\system32\DRIVERS\ipnat.sys
20:26:37.0918 6788	IPNAT - ok
20:26:38.0948 6788	iPod Service    (e6be7a41a28d8f2db174957454d32448) C:\Program Files\iPod\bin\iPodService.exe
20:26:39.0010 6788	iPod Service - ok
20:26:39.0026 6788	IRENUM          (109c0dfb82c3632fbd11949b73aeeac9) C:\Windows\system32\drivers\irenum.sys
20:26:39.0057 6788	IRENUM - ok
20:26:39.0088 6788	isapnp          (6c70698a3e5c4376c6ab5c7c17fb0614) C:\Windows\system32\drivers\isapnp.sys
20:26:39.0104 6788	isapnp - ok
20:26:39.0151 6788	iScsiPrt        (232fa340531d940aac623b121a595034) C:\Windows\system32\DRIVERS\msiscsi.sys
20:26:39.0182 6788	iScsiPrt - ok
20:26:39.0213 6788	iteatapi        (bced60d16156e428f8df8cf27b0df150) C:\Windows\system32\drivers\iteatapi.sys
20:26:39.0229 6788	iteatapi - ok
20:26:39.0260 6788	iteraid         (06fa654504a498c30adca8bec4e87e7e) C:\Windows\system32\drivers\iteraid.sys
20:26:39.0275 6788	iteraid - ok
20:26:39.0307 6788	JRAID           (c36f3a1a4e8416ef43f30deab7701730) C:\Windows\system32\drivers\jraid.sys
20:26:39.0431 6788	JRAID - ok
20:26:39.0447 6788	kbdclass        (37605e0a8cf00cbba538e753e4344c6e) C:\Windows\system32\DRIVERS\kbdclass.sys
20:26:39.0463 6788	kbdclass - ok
20:26:39.0494 6788	kbdhid          (ede59ec70e25c24581add1fbec7325f7) C:\Windows\system32\DRIVERS\kbdhid.sys
20:26:39.0541 6788	kbdhid - ok
20:26:39.0572 6788	KeyIso          (a3e186b4b935905b829219502557314e) C:\Windows\system32\lsass.exe
20:26:39.0619 6788	KeyIso - ok
20:26:40.0321 6788	KSecDD          (4a1445efa932a3baf5bdb02d7131ee20) C:\Windows\system32\Drivers\ksecdd.sys
20:26:40.0352 6788	KSecDD - ok
20:26:40.0399 6788	KtmRm           (8078f8f8f7a79e2e6b494523a828c585) C:\Windows\system32\msdtckrm.dll
20:26:40.0477 6788	KtmRm - ok
20:26:40.0726 6788	LanmanServer    (1bf5eebfd518dd7298434d8c862f825d) C:\Windows\System32\srvsvc.dll
20:26:40.0789 6788	LanmanServer - ok
20:26:40.0836 6788	LanmanWorkstation (1db69705b695b987082c8baec0c6b34f) C:\Windows\System32\wkssvc.dll
20:26:40.0898 6788	LanmanWorkstation - ok
20:26:40.0960 6788	Lbd - ok
20:26:40.0992 6788	lltdio          (d1c5883087a0c3f1344d9d55a44901f6) C:\Windows\system32\DRIVERS\lltdio.sys
20:26:41.0023 6788	lltdio - ok
20:26:41.0054 6788	lltdsvc         (2d5a428872f1442631d0959a34abff63) C:\Windows\System32\lltdsvc.dll
20:26:41.0101 6788	lltdsvc - ok
20:26:41.0117 6788	lmhosts         (35d40113e4a5b961b6ce5c5857702518) C:\Windows\System32\lmhsvc.dll
20:26:41.0163 6788	lmhosts - ok
20:26:41.0210 6788	LSI_FC          (c7e15e82879bf3235b559563d4185365) C:\Windows\system32\drivers\lsi_fc.sys
20:26:41.0226 6788	LSI_FC - ok
20:26:41.0257 6788	LSI_SAS         (ee01ebae8c9bf0fa072e0ff68718920a) C:\Windows\system32\drivers\lsi_sas.sys
20:26:41.0273 6788	LSI_SAS - ok
20:26:41.0304 6788	LSI_SCSI        (912a04696e9ca30146a62afa1463dd5c) C:\Windows\system32\drivers\lsi_scsi.sys
20:26:41.0304 6788	LSI_SCSI - ok
20:26:41.0335 6788	luafv           (8f5c7426567798e62a3b3614965d62cc) C:\Windows\system32\drivers\luafv.sys
20:26:41.0382 6788	luafv - ok
20:26:41.0413 6788	MBAMProtector   (6dfe7f2e8e8a337263aa5c92a215f161) C:\Windows\system32\drivers\mbam.sys
20:26:41.0429 6788	MBAMProtector - ok
20:26:41.0959 6788	MBAMService     (43683e970f008c93c9429ef428147a54) C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe
20:26:42.0021 6788	MBAMService - ok
20:26:42.0053 6788	Mcx2Svc         (aef9babb8a506bc4ce0451a64aaded46) C:\Windows\system32\Mcx2Svc.dll
20:26:42.0084 6788	Mcx2Svc - ok
20:26:42.0162 6788	megasas         (0001ce609d66632fa17b84705f658879) C:\Windows\system32\drivers\megasas.sys
20:26:42.0162 6788	megasas - ok
20:26:42.0224 6788	MegaSR          (c252f32cd9a49dbfc25ecf26ebd51a99) C:\Windows\system32\drivers\megasr.sys
20:26:42.0240 6788	MegaSR - ok
20:26:42.0333 6788	MMCSS           (1076ffcffaae8385fd62dfcb25ac4708) C:\Windows\system32\mmcss.dll
20:26:42.0380 6788	MMCSS - ok
20:26:42.0411 6788	Modem           (e13b5ea0f51ba5b1512ec671393d09ba) C:\Windows\system32\drivers\modem.sys
20:26:42.0443 6788	Modem - ok
20:26:42.0474 6788	monitor         (0a9bb33b56e294f686abb7c1e4e2d8a8) C:\Windows\system32\DRIVERS\monitor.sys
20:26:42.0505 6788	monitor - ok
20:26:42.0536 6788	mouclass        (5bf6a1326a335c5298477754a506d263) C:\Windows\system32\DRIVERS\mouclass.sys
20:26:42.0552 6788	mouclass - ok
20:26:42.0583 6788	mouhid          (93b8d4869e12cfbe663915502900876f) C:\Windows\system32\DRIVERS\mouhid.sys
20:26:42.0630 6788	mouhid - ok
20:26:42.0724 6788	MountMgr        (bdafc88aa6b92f7842416ea6a48e1600) C:\Windows\system32\drivers\mountmgr.sys
20:26:42.0739 6788	MountMgr - ok
20:26:42.0942 6788	MozillaMaintenance (46297fa8e30a6007f14118fc2b942fbc) C:\Program Files\Mozilla Maintenance Service\maintenanceservice.exe
20:26:42.0958 6788	MozillaMaintenance - ok
20:26:42.0973 6788	mpio            (511d011289755dd9f9a7579fb0b064e6) C:\Windows\system32\drivers\mpio.sys
20:26:42.0989 6788	mpio - ok
20:26:43.0004 6788	mpsdrv          (22241feba9b2defa669c8cb0a8dd7d2e) C:\Windows\system32\drivers\mpsdrv.sys
20:26:43.0051 6788	mpsdrv - ok
20:26:43.0098 6788	MpsSvc          (5de62c6e9108f14f6794060a9bdecaec) C:\Windows\system32\mpssvc.dll
20:26:43.0160 6788	MpsSvc - ok
20:26:43.0176 6788	Mraid35x        (4fbbb70d30fd20ec51f80061703b001e) C:\Windows\system32\drivers\mraid35x.sys
20:26:43.0192 6788	Mraid35x - ok
20:26:43.0207 6788	MRxDAV          (82cea0395524aacfeb58ba1448e8325c) C:\Windows\system32\drivers\mrxdav.sys
20:26:43.0238 6788	MRxDAV - ok
20:26:43.0270 6788	mrxsmb          (1e94971c4b446ab2290deb71d01cf0c2) C:\Windows\system32\DRIVERS\mrxsmb.sys
20:26:43.0316 6788	mrxsmb - ok
20:26:43.0332 6788	mrxsmb10        (4fccb34d793b116423209c0f8b7a3b03) C:\Windows\system32\DRIVERS\mrxsmb10.sys
20:26:43.0394 6788	mrxsmb10 - ok
20:26:43.0410 6788	mrxsmb20        (c3cb1b40ad4a0124d617a1199b0b9d7c) C:\Windows\system32\DRIVERS\mrxsmb20.sys
20:26:43.0441 6788	mrxsmb20 - ok
20:26:43.0457 6788	msahci          (28023e86f17001f7cd9b15a5bc9ae07d) C:\Windows\system32\drivers\msahci.sys
20:26:43.0472 6788	msahci - ok
20:26:43.0488 6788	msdsm           (4468b0f385a86ecddaf8d3ca662ec0e7) C:\Windows\system32\drivers\msdsm.sys
20:26:43.0504 6788	msdsm - ok
20:26:43.0535 6788	MSDTC           (fd7520cc3a80c5fc8c48852bb24c6ded) C:\Windows\System32\msdtc.exe
20:26:43.0582 6788	MSDTC - ok
20:26:43.0628 6788	Msfs            (a9927f4a46b816c92f461acb90cf8515) C:\Windows\system32\drivers\Msfs.sys
20:26:43.0660 6788	Msfs - ok
20:26:43.0675 6788	msisadrv        (0f400e306f385c56317357d6dea56f62) C:\Windows\system32\drivers\msisadrv.sys
20:26:43.0691 6788	msisadrv - ok
20:26:43.0738 6788	MSiSCSI         (85466c0757a23d9a9aecdc0755203cb2) C:\Windows\system32\iscsiexe.dll
20:26:43.0784 6788	MSiSCSI - ok
20:26:43.0800 6788	msiserver - ok
20:26:43.0816 6788	MSKSSRV         (d8c63d34d9c9e56c059e24ec7185cc07) C:\Windows\system32\drivers\MSKSSRV.sys
20:26:43.0847 6788	MSKSSRV - ok
20:26:43.0878 6788	MSPCLOCK        (1d373c90d62ddb641d50e55b9e78d65e) C:\Windows\system32\drivers\MSPCLOCK.sys
20:26:43.0909 6788	MSPCLOCK - ok
20:26:43.0941 6788	MSPQM           (b572da05bf4e098d4bba3a4734fb505b) C:\Windows\system32\drivers\MSPQM.sys
20:26:43.0972 6788	MSPQM - ok
20:26:44.0003 6788	MsRPC           (b49456d70555de905c311bcda6ec6adb) C:\Windows\system32\drivers\MsRPC.sys
20:26:44.0019 6788	MsRPC - ok
20:26:44.0034 6788	mssmbios        (e384487cb84be41d09711c30ca79646c) C:\Windows\system32\DRIVERS\mssmbios.sys
20:26:44.0050 6788	mssmbios - ok
20:26:44.0050 6788	MSTEE           (7199c1eec1e4993caf96b8c0a26bd58a) C:\Windows\system32\drivers\MSTEE.sys
20:26:44.0081 6788	MSTEE - ok
20:26:44.0112 6788	Mup             (6a57b5733d4cb702c8ea4542e836b96c) C:\Windows\system32\Drivers\mup.sys
20:26:44.0128 6788	Mup - ok
20:26:44.0159 6788	napagent        (e4eaf0c5c1b41b5c83386cf212ca9584) C:\Windows\system32\qagentRT.dll
20:26:44.0206 6788	napagent - ok
20:26:44.0268 6788	NativeWifiP     (85c44fdff9cf7e72a40dcb7ec06a4416) C:\Windows\system32\DRIVERS\nwifi.sys
20:26:44.0299 6788	NativeWifiP - ok
20:26:44.0549 6788	NDIS            (1357274d1883f68300aeadd15d7bbb42) C:\Windows\system32\drivers\ndis.sys
20:26:44.0565 6788	NDIS - ok
20:26:44.0596 6788	NdisTapi        (0e186e90404980569fb449ba7519ae61) C:\Windows\system32\DRIVERS\ndistapi.sys
20:26:44.0627 6788	NdisTapi - ok
20:26:44.0658 6788	Ndisuio         (d6973aa34c4d5d76c0430b181c3cd389) C:\Windows\system32\DRIVERS\ndisuio.sys
20:26:44.0674 6788	Ndisuio - ok
20:26:44.0721 6788	NdisWan         (818f648618ae34f729fdb47ec68345c3) C:\Windows\system32\DRIVERS\ndiswan.sys
20:26:44.0752 6788	NdisWan - ok
20:26:44.0752 6788	NDProxy         (71dab552b41936358f3b541ae5997fb3) C:\Windows\system32\drivers\NDProxy.sys
20:26:44.0783 6788	NDProxy - ok
20:26:44.0783 6788	NetBIOS         (bcd093a5a6777cf626434568dc7dba78) C:\Windows\system32\DRIVERS\netbios.sys
20:26:44.0830 6788	NetBIOS - ok
20:26:44.0861 6788	netbt           (ecd64230a59cbd93c85f1cd1cab9f3f6) C:\Windows\system32\DRIVERS\netbt.sys
20:26:44.0923 6788	netbt - ok
20:26:44.0939 6788	Netlogon        (a3e186b4b935905b829219502557314e) C:\Windows\system32\lsass.exe
20:26:44.0955 6788	Netlogon - ok
20:26:45.0001 6788	Netman          (c8052711daecc48b982434c5116ca401) C:\Windows\System32\netman.dll
20:26:45.0048 6788	Netman - ok
20:26:45.0079 6788	netprofm        (2ef3bbe22e5a5acd1428ee387a0d0172) C:\Windows\System32\netprofm.dll
20:26:45.0111 6788	netprofm - ok
20:26:45.0173 6788	NetTcpPortSharing (d6c4e4a39a36029ac0813d476fbd0248) C:\Windows\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\SMSvcHost.exe
20:26:45.0189 6788	NetTcpPortSharing - ok
20:26:45.0220 6788	nfrd960         (2e7fb731d4790a1bc6270accefacb36e) C:\Windows\system32\drivers\nfrd960.sys
20:26:45.0236 6788	nfrd960 - ok
20:26:45.0267 6788	NlaSvc          (2997b15415f9bbe05b5a4c1c85e0c6a2) C:\Windows\System32\nlasvc.dll
20:26:45.0314 6788	NlaSvc - ok
20:26:45.0376 6788	NPF             (b9730495e0cf674680121e34bd95a73b) C:\Windows\system32\drivers\npf.sys
20:26:45.0376 6788	NPF - ok
20:26:45.0392 6788	Npfs            (d36f239d7cce1931598e8fb90a0dbc26) C:\Windows\system32\drivers\Npfs.sys
20:26:45.0438 6788	Npfs - ok
20:26:45.0470 6788	nsi             (8bb86f0c7eea2bded6fe095d0b4ca9bd) C:\Windows\system32\nsisvc.dll
20:26:45.0501 6788	nsi - ok
20:26:45.0532 6788	nsiproxy        (609773e344a97410ce4ebf74a8914fcf) C:\Windows\system32\drivers\nsiproxy.sys
20:26:45.0563 6788	nsiproxy - ok
20:26:47.0077 6788	Ntfs            (6a4a98cee84cf9e99564510dda4baa47) C:\Windows\system32\drivers\Ntfs.sys
20:26:47.0170 6788	Ntfs - ok
20:26:47.0248 6788	ntrigdigi       (e875c093aec0c978a90f30c9e0dfbb72) C:\Windows\system32\drivers\ntrigdigi.sys
20:26:47.0279 6788	ntrigdigi - ok
20:26:47.0311 6788	Null            (c5dbbcda07d780bda9b685df333bb41e) C:\Windows\system32\drivers\Null.sys
20:26:47.0342 6788	Null - ok
20:26:47.0389 6788	nvraid          (2edf9e7751554b42cbb60116de727101) C:\Windows\system32\drivers\nvraid.sys
20:26:47.0404 6788	nvraid - ok
20:26:47.0420 6788	nvstor          (abed0c09758d1d97db0042dbb2688177) C:\Windows\system32\drivers\nvstor.sys
20:26:47.0435 6788	nvstor - ok
20:26:47.0467 6788	nv_agp          (18bbdf913916b71bd54575bdb6eeac0b) C:\Windows\system32\drivers\nv_agp.sys
20:26:47.0482 6788	nv_agp - ok
20:26:47.0482 6788	NwlnkFlt - ok
20:26:47.0482 6788	NwlnkFwd - ok
20:26:47.0545 6788	ohci1394        (6f310e890d46e246e0e261a63d9b36b4) C:\Windows\system32\DRIVERS\ohci1394.sys
20:26:47.0576 6788	ohci1394 - ok
20:26:47.0669 6788	ose             (7a56cf3e3f12e8af599963b16f50fb6a) C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE
20:26:47.0685 6788	ose - ok
20:26:47.0747 6788	p2pimsvc        (0c8e8e61ad1eb0b250b846712c917506) C:\Windows\system32\p2psvc.dll
20:26:47.0857 6788	p2pimsvc - ok
20:26:47.0872 6788	p2psvc          (0c8e8e61ad1eb0b250b846712c917506) C:\Windows\system32\p2psvc.dll
20:26:47.0935 6788	p2psvc - ok
20:26:47.0997 6788	Parport         (8a79fdf04a73428597e2caf9d0d67850) C:\Windows\system32\DRIVERS\parport.sys
20:26:48.0028 6788	Parport - ok
20:26:48.0138 6788	partmgr         (b9c2b89f08670e159f7181891e449cd9) C:\Windows\system32\drivers\partmgr.sys
20:26:48.0169 6788	partmgr - ok
20:26:48.0200 6788	Parvdm          (6c580025c81caf3ae9e3617c22cad00e) C:\Windows\system32\DRIVERS\parvdm.sys
20:26:48.0231 6788	Parvdm - ok
20:26:48.0278 6788	PcaSvc          (c6276ad11f4bb49b58aa1ed88537f14a) C:\Windows\System32\pcasvc.dll
20:26:48.0340 6788	PcaSvc - ok
20:26:48.0356 6788	pci             (941dc1d19e7e8620f40bbc206981efdb) C:\Windows\system32\drivers\pci.sys
20:26:48.0387 6788	pci - ok
20:26:48.0403 6788	pciide          (fc175f5ddab666d7f4d17449a547626f) C:\Windows\system32\drivers\pciide.sys
20:26:48.0403 6788	pciide - ok
20:26:48.0450 6788	pcmcia          (e6f3fb1b86aa519e7698ad05e58b04e5) C:\Windows\system32\drivers\pcmcia.sys
20:26:48.0465 6788	pcmcia - ok
20:26:48.0559 6788	PEAUTH          (6349f6ed9c623b44b52ea3c63c831a92) C:\Windows\system32\drivers\peauth.sys
20:26:48.0637 6788	PEAUTH - ok
20:26:49.0589 6788	pla             (b1689df169143f57053f795390c99db3) C:\Windows\system32\pla.dll
20:26:49.0698 6788	pla - ok
20:26:50.0197 6788	PlugPlay        (c5e7f8a996ec0a82d508fd9064a5569e) C:\Windows\system32\umpnpmgr.dll
20:26:50.0244 6788	PlugPlay - ok
20:26:50.0291 6788	PNRPAutoReg     (0c8e8e61ad1eb0b250b846712c917506) C:\Windows\system32\p2psvc.dll
20:26:50.0337 6788	PNRPAutoReg - ok
20:26:50.0353 6788	PNRPsvc         (0c8e8e61ad1eb0b250b846712c917506) C:\Windows\system32\p2psvc.dll
20:26:50.0400 6788	PNRPsvc - ok
20:26:50.0962 6788	PolicyAgent     (d0494460421a03cd5225cca0059aa146) C:\Windows\System32\ipsecsvc.dll
20:26:51.0024 6788	PolicyAgent - ok
20:26:51.0164 6788	PptpMiniport    (ecfffaec0c1ecd8dbc77f39070ea1db1) C:\Windows\system32\DRIVERS\raspptp.sys
20:26:51.0211 6788	PptpMiniport - ok
20:26:51.0242 6788	Processor       (2027293619dd0f047c584cf2e7df4ffd) C:\Windows\system32\drivers\processr.sys
20:26:51.0274 6788	Processor - ok
20:26:51.0445 6788	ProfSvc         (0508faa222d28835310b7bfca7a77346) C:\Windows\system32\profsvc.dll
20:26:51.0492 6788	ProfSvc - ok
20:26:51.0508 6788	ProtectedStorage (a3e186b4b935905b829219502557314e) C:\Windows\system32\lsass.exe
20:26:51.0523 6788	ProtectedStorage - ok
20:26:51.0648 6788	ProtexisLicensing (f115af58abe5605d7d709cbfbd83f418) C:\Windows\system32\PSIService.exe
20:26:51.0664 6788	ProtexisLicensing - ok
20:26:51.0695 6788	PSched          (99514faa8df93d34b5589187db3aa0ba) C:\Windows\system32\DRIVERS\pacer.sys
20:26:51.0742 6788	PSched - ok
20:26:51.0804 6788	PxHelp20        (e42e3433dbb4cffe8fdd91eab29aea8e) C:\Windows\system32\Drivers\PxHelp20.sys
20:26:51.0804 6788	PxHelp20 - ok
20:26:51.0913 6788	ql2300          (0a6db55afb7820c99aa1f3a1d270f4f6) C:\Windows\system32\drivers\ql2300.sys
20:26:51.0976 6788	ql2300 - ok
20:26:52.0054 6788	ql40xx          (81a7e5c076e59995d54bc1ed3a16e60b) C:\Windows\system32\drivers\ql40xx.sys
20:26:52.0054 6788	ql40xx - ok
20:26:52.0101 6788	QWAVE           (e9ecae663f47e6cb43962d18ab18890f) C:\Windows\system32\qwave.dll
20:26:52.0132 6788	QWAVE - ok
20:26:52.0147 6788	QWAVEdrv        (9f5e0e1926014d17486901c88eca2db7) C:\Windows\system32\drivers\qwavedrv.sys
20:26:52.0163 6788	QWAVEdrv - ok
20:26:52.0194 6788	RasAcd          (147d7f9c556d259924351feb0de606c3) C:\Windows\system32\DRIVERS\rasacd.sys
20:26:52.0241 6788	RasAcd - ok
20:26:52.0272 6788	RasAuto         (f6a452eb4ceadbb51c9e0ee6b3ecef0f) C:\Windows\System32\rasauto.dll
20:26:52.0319 6788	RasAuto - ok
20:26:52.0444 6788	Rasl2tp         (a214adbaf4cb47dd2728859ef31f26b0) C:\Windows\system32\DRIVERS\rasl2tp.sys
20:26:52.0491 6788	Rasl2tp - ok
20:26:52.0522 6788	RasMan          (75d47445d70ca6f9f894b032fbc64fcf) C:\Windows\System32\rasmans.dll
20:26:52.0569 6788	RasMan - ok
20:26:52.0662 6788	RasPppoe        (509a98dd18af4375e1fc40bc175f1def) C:\Windows\system32\DRIVERS\raspppoe.sys
20:26:52.0693 6788	RasPppoe - ok
20:26:52.0725 6788	RasSstp         (2005f4a1e05fa09389ac85840f0a9e4d) C:\Windows\system32\DRIVERS\rassstp.sys
20:26:52.0740 6788	RasSstp - ok
20:26:52.0771 6788	rdbss           (b14c9d5b9add2f84f70570bbbfaa7935) C:\Windows\system32\DRIVERS\rdbss.sys
20:26:52.0834 6788	rdbss - ok
20:26:52.0865 6788	RDPCDD          (89e59be9a564262a3fb6c4f4f1cd9899) C:\Windows\system32\DRIVERS\RDPCDD.sys
20:26:52.0896 6788	RDPCDD - ok
20:26:52.0927 6788	rdpdr           (fbc0bacd9c3d7f6956853f64a66e252d) C:\Windows\system32\drivers\rdpdr.sys
20:26:52.0959 6788	rdpdr - ok
20:26:52.0959 6788	RDPENCDD        (9d91fe5286f748862ecffa05f8a0710c) C:\Windows\system32\drivers\rdpencdd.sys
20:26:52.0990 6788	RDPENCDD - ok
20:26:53.0021 6788	RDPWD           (c127ebd5afab31524662c48dfceb773a) C:\Windows\system32\drivers\RDPWD.sys
20:26:53.0068 6788	RDPWD - ok
20:26:53.0115 6788	RemoteAccess    (bcdd6b4804d06b1f7ebf29e53a57ece9) C:\Windows\System32\mprdim.dll
20:26:53.0161 6788	RemoteAccess - ok
20:26:53.0208 6788	RemoteRegistry  (9e6894ea18daff37b63e1005f83ae4ab) C:\Windows\system32\regsvc.dll
20:26:53.0239 6788	RemoteRegistry - ok
20:26:53.0474 6788	rpcapd          (a780d3eaa74582ea1deb6bd9c7a3d9c9) C:\Program Files\WinPcap\rpcapd.exe
20:26:53.0489 6788	rpcapd - ok
20:26:53.0520 6788	RpcLocator      (5123f83cbc4349d065534eeb6bbdc42b) C:\Windows\system32\locator.exe
20:26:53.0552 6788	RpcLocator - ok
20:26:53.0598 6788	RpcSs           (3b5b4d53fec14f7476ca29a20cc31ac9) C:\Windows\system32\rpcss.dll
20:26:53.0630 6788	RpcSs - ok
20:26:53.0661 6788	rspndr          (9c508f4074a39e8b4b31d27198146fad) C:\Windows\system32\DRIVERS\rspndr.sys
20:26:53.0708 6788	rspndr - ok
20:26:53.0770 6788	RTHDMIAzAudService (1aa29238d4b14f4a20b2c4aaea6e0f6e) C:\Windows\system32\drivers\RtHDMIV.sys
20:26:53.0786 6788	RTHDMIAzAudService - ok
20:26:53.0848 6788	RTL8169         (2d19a7469ea19993d0c12e627f4530bc) C:\Windows\system32\DRIVERS\Rtlh86.sys
20:26:53.0879 6788	RTL8169 - ok
20:26:53.0879 6788	SamSs           (a3e186b4b935905b829219502557314e) C:\Windows\system32\lsass.exe
20:26:53.0895 6788	SamSs - ok
20:26:53.0910 6788	sbp2port        (3ce8f073a557e172b330109436984e30) C:\Windows\system32\drivers\sbp2port.sys
20:26:53.0926 6788	sbp2port - ok
20:26:53.0957 6788	SCardSvr        (77b7a11a0c3d78d3386398fbbea1b632) C:\Windows\System32\SCardSvr.dll
20:26:53.0973 6788	SCardSvr - ok
20:26:54.0020 6788	Schedule        (1a58069db21d05eb2ab58ee5753ebe8d) C:\Windows\system32\schedsvc.dll
20:26:54.0098 6788	Schedule - ok
20:26:54.0144 6788	SCPolicySvc     (312ec3e37a0a1f2006534913e37b4423) C:\Windows\System32\certprop.dll
20:26:54.0160 6788	SCPolicySvc - ok
20:26:54.0347 6788	SDRSVC          (716313d9f6b0529d03f726d5aaf6f191) C:\Windows\System32\SDRSVC.dll
20:26:54.0394 6788	SDRSVC - ok
20:26:54.0410 6788	secdrv          (90a3935d05b494a5a39d37e71f09a677) C:\Windows\system32\drivers\secdrv.sys
20:26:54.0472 6788	secdrv - ok
20:26:54.0503 6788	seclogon        (fd5199d4d8a521005e4b5ee7fe00fa9b) C:\Windows\system32\seclogon.dll
20:26:54.0534 6788	seclogon - ok
20:26:54.0550 6788	SENS            (a9bbab5759771e523f55563d6cbe140f) C:\Windows\system32\sens.dll
20:26:54.0597 6788	SENS - ok
20:26:54.0628 6788	Serenum         (ce9ec966638ef0b10b864ddedf62a099) C:\Windows\system32\DRIVERS\serenum.sys
20:26:54.0659 6788	Serenum - ok
20:26:54.0706 6788	Serial          (6d663022db3e7058907784ae14b69898) C:\Windows\system32\DRIVERS\serial.sys
20:26:54.0753 6788	Serial - ok
20:26:54.0769 6788	sermouse        (8af3d28a879bf75db53a0ee7a4289624) C:\Windows\system32\drivers\sermouse.sys
20:26:54.0800 6788	sermouse - ok
20:26:54.0831 6788	SessionEnv      (d2193326f729b163125610dbf3e17d57) C:\Windows\system32\sessenv.dll
20:26:54.0878 6788	SessionEnv - ok
20:26:54.0893 6788	sffdisk         (3efa810bdca87f6ecc24f9832243fe86) C:\Windows\system32\drivers\sffdisk.sys
20:26:54.0909 6788	sffdisk - ok
20:26:54.0925 6788	sffp_mmc        (e95d451f7ea3e583aec75f3b3ee42dc5) C:\Windows\system32\drivers\sffp_mmc.sys
20:26:54.0956 6788	sffp_mmc - ok
20:26:54.0971 6788	sffp_sd         (3d0ea348784b7ac9ea9bd9f317980979) C:\Windows\system32\drivers\sffp_sd.sys
20:26:55.0003 6788	sffp_sd - ok
20:26:55.0018 6788	sfloppy         (46ed8e91793b2e6f848015445a0ac188) C:\Windows\system32\drivers\sfloppy.sys
20:26:55.0081 6788	sfloppy - ok
20:26:55.0533 6788	SharedAccess    (e1499bd0ff76b1b2fbbf1af339d91165) C:\Windows\System32\ipnathlp.dll
20:26:55.0564 6788	SharedAccess - ok
20:26:56.0017 6788	ShellHWDetection (c7230fbee14437716701c15be02c27b8) C:\Windows\System32\shsvcs.dll
20:26:56.0064 6788	ShellHWDetection - ok
20:26:56.0079 6788	sisagp          (1d76624a09a054f682d746b924e2dbc3) C:\Windows\system32\drivers\sisagp.sys
20:26:56.0095 6788	sisagp - ok
20:26:56.0126 6788	SiSRaid2        (43cb7aa756c7db280d01da9b676cfde2) C:\Windows\system32\drivers\sisraid2.sys
20:26:56.0142 6788	SiSRaid2 - ok
20:26:56.0157 6788	SiSRaid4        (a99c6c8b0baa970d8aa59ddc50b57f94) C:\Windows\system32\drivers\sisraid4.sys
20:26:56.0173 6788	SiSRaid4 - ok
20:26:57.0312 6788	slsvc           (862bb4cbc05d80c5b45be430e5ef872f) C:\Windows\system32\SLsvc.exe
20:26:57.0468 6788	slsvc - ok
20:26:57.0764 6788	SLUINotify      (6edc422215cd78aa8a9cde6b30abbd35) C:\Windows\system32\SLUINotify.dll
20:26:57.0795 6788	SLUINotify - ok
20:26:57.0842 6788	Smb             (7b75299a4d201d6a6533603d6914ab04) C:\Windows\system32\DRIVERS\smb.sys
20:26:57.0873 6788	Smb - ok
20:26:57.0920 6788	SNMPTRAP        (2a146a055b4401c16ee62d18b8e2a032) C:\Windows\System32\snmptrap.exe
20:26:57.0936 6788	SNMPTRAP - ok
20:26:57.0967 6788	spldr           (7aebdeef071fe28b0eef2cdd69102bff) C:\Windows\system32\drivers\spldr.sys
20:26:57.0983 6788	spldr - ok
20:26:57.0998 6788	Spooler         (8554097e5136c3bf9f69fe578a1b35f4) C:\Windows\System32\spoolsv.exe
20:26:58.0061 6788	Spooler - ok
20:26:58.0092 6788	srv             (41987f9fc0e61adf54f581e15029ad91) C:\Windows\system32\DRIVERS\srv.sys
20:26:58.0139 6788	srv - ok
20:26:58.0170 6788	srv2            (ff33aff99564b1aa534f58868cbe41ef) C:\Windows\system32\DRIVERS\srv2.sys
20:26:58.0185 6788	srv2 - ok
20:26:58.0217 6788	srvnet          (7605c0e1d01a08f3ecd743f38b834a44) C:\Windows\system32\DRIVERS\srvnet.sys
20:26:58.0232 6788	srvnet - ok
20:26:58.0248 6788	SSDPSRV         (03d50b37234967433a5ea5ba72bc0b62) C:\Windows\System32\ssdpsrv.dll
20:26:58.0295 6788	SSDPSRV - ok
20:26:58.0341 6788	ssmdrv          (a36ee93698802cd899f98bfd553d8185) C:\Windows\system32\DRIVERS\ssmdrv.sys
20:26:58.0357 6788	ssmdrv - ok
20:26:58.0388 6788	SstpSvc         (6f1a32e7b7b30f004d9a20afadb14944) C:\Windows\system32\sstpsvc.dll
20:26:58.0419 6788	SstpSvc - ok
20:26:58.0466 6788	ss_bus          (5a1d0ca8a5f1e7b4ec50b9d76c001f0e) C:\Windows\system32\DRIVERS\ss_bus.sys
20:26:58.0482 6788	ss_bus - ok
20:26:58.0544 6788	ss_mdfl         (f0a85580e36a3a85059037d39a9cf079) C:\Windows\system32\DRIVERS\ss_mdfl.sys
20:26:58.0544 6788	ss_mdfl - ok
20:26:58.0575 6788	ss_mdm          (84c3dbfd1bfa4adc0a950b3d5506cb00) C:\Windows\system32\DRIVERS\ss_mdm.sys
20:26:58.0591 6788	ss_mdm - ok
20:26:58.0622 6788	StarOpen        (306521935042fc0a6988d528643619b3) C:\Windows\system32\drivers\StarOpen.sys
20:26:58.0653 6788	StarOpen ( UnsignedFile.Multi.Generic ) - warning
20:26:58.0653 6788	StarOpen - detected UnsignedFile.Multi.Generic (1)
20:26:58.0700 6788	stisvc          (5de7d67e49b88f5f07f3e53c4b92a352) C:\Windows\System32\wiaservc.dll
20:26:58.0763 6788	stisvc - ok
20:26:58.0794 6788	swenum          (7ba58ecf0c0a9a69d44b3dca62becf56) C:\Windows\system32\DRIVERS\swenum.sys
20:26:58.0794 6788	swenum - ok
20:26:58.0856 6788	swprv           (f21fd248040681cca1fb6c9a03aaa93d) C:\Windows\System32\swprv.dll
20:26:58.0888 6788	swprv - ok
20:26:58.0919 6788	Symc8xx         (192aa3ac01df071b541094f251deed10) C:\Windows\system32\drivers\symc8xx.sys
20:26:58.0934 6788	Symc8xx - ok
20:26:58.0950 6788	Sym_hi          (8c8eb8c76736ebaf3b13b633b2e64125) C:\Windows\system32\drivers\sym_hi.sys
20:26:58.0966 6788	Sym_hi - ok
20:26:58.0997 6788	Sym_u3          (8072af52b5fd103bbba387a1e49f62cb) C:\Windows\system32\drivers\sym_u3.sys
20:26:59.0012 6788	Sym_u3 - ok
20:26:59.0044 6788	SysMain         (9a51b04e9886aa4ee90093586b0ba88d) C:\Windows\system32\sysmain.dll
20:26:59.0106 6788	SysMain - ok
20:26:59.0278 6788	TabletInputService (2dca225eae15f42c0933e998ee0231c3) C:\Windows\System32\TabSvc.dll
20:26:59.0324 6788	TabletInputService - ok
20:26:59.0356 6788	TapiSrv         (d7673e4b38ce21ee54c59eeeb65e2483) C:\Windows\System32\tapisrv.dll
20:26:59.0387 6788	TapiSrv - ok
20:26:59.0418 6788	TBS             (cb05822cd9cc6c688168e113c603dbe7) C:\Windows\System32\tbssvc.dll
20:26:59.0449 6788	TBS - ok
20:27:00.0105 6788	Tcpip           (27d470dabc77bc60d0a3b0e4deb6cb91) C:\Windows\system32\drivers\tcpip.sys
20:27:00.0167 6788	Tcpip - ok
20:27:00.0167 6788	Tcpip6          (27d470dabc77bc60d0a3b0e4deb6cb91) C:\Windows\system32\DRIVERS\tcpip.sys
20:27:00.0261 6788	Tcpip6 - ok
20:27:00.0307 6788	tcpipreg        (608c345a255d82a6289c2d468eb41fd7) C:\Windows\system32\drivers\tcpipreg.sys
20:27:00.0339 6788	tcpipreg - ok
20:27:00.0354 6788	TDPIPE          (5dcf5e267be67a1ae926f2df77fbcc56) C:\Windows\system32\drivers\tdpipe.sys
20:27:00.0385 6788	TDPIPE - ok
20:27:00.0401 6788	TDTCP           (389c63e32b3cefed425b61ed92d3f021) C:\Windows\system32\drivers\tdtcp.sys
20:27:00.0417 6788	TDTCP - ok
20:27:00.0463 6788	tdx             (76b06eb8a01fc8624d699e7045303e54) C:\Windows\system32\DRIVERS\tdx.sys
20:27:00.0510 6788	tdx - ok
20:27:00.0541 6788	TermDD          (3cad38910468eab9a6479e2f01db43c7) C:\Windows\system32\DRIVERS\termdd.sys
20:27:00.0557 6788	TermDD - ok
20:27:00.0619 6788	TermService     (bb95da09bef6e7a131bff3ba5032090d) C:\Windows\System32\termsrv.dll
20:27:00.0666 6788	TermService - ok
20:27:01.0197 6788	TestHandler     (250b9120c7c103afdc0c6643f9691055) C:\Program Files\Fujitsu Siemens Computers\SystemDiagnostics\OnlineDiagnostic\TestManager\TestHandler.exe
20:27:01.0243 6788	TestHandler ( UnsignedFile.Multi.Generic ) - warning
20:27:01.0243 6788	TestHandler - detected UnsignedFile.Multi.Generic (1)
20:27:01.0275 6788	Themes          (c7230fbee14437716701c15be02c27b8) C:\Windows\system32\shsvcs.dll
20:27:01.0290 6788	Themes - ok
20:27:01.0321 6788	THREADORDER     (1076ffcffaae8385fd62dfcb25ac4708) C:\Windows\system32\mmcss.dll
20:27:01.0337 6788	THREADORDER - ok
20:27:01.0384 6788	TrkWks          (ec74e77d0eb004bd3a809b5f8fb8c2ce) C:\Windows\System32\trkwks.dll
20:27:01.0431 6788	TrkWks - ok
20:27:01.0556 6788	TrustedInstaller (97d9d6a04e3ad9b6c626b9931db78dba) C:\Windows\servicing\TrustedInstaller.exe
20:27:01.0602 6788	TrustedInstaller - ok
20:27:01.0634 6788	tssecsrv        (dcf0f056a2e4f52287264f5ab29cf206) C:\Windows\system32\DRIVERS\tssecsrv.sys
20:27:01.0665 6788	tssecsrv - ok
20:27:01.0696 6788	tunmp           (caecc0120ac49e3d2f758b9169872d38) C:\Windows\system32\DRIVERS\tunmp.sys
20:27:01.0727 6788	tunmp - ok
20:27:01.0758 6788	tunnel          (300db877ac094feab0be7688c3454a9c) C:\Windows\system32\DRIVERS\tunnel.sys
20:27:01.0774 6788	tunnel - ok
20:27:01.0852 6788	U6000ALL        (8d05125fe197ce6e2440e82e433da4cc) C:\Windows\system32\DRIVERS\U6000ALL.sys
20:27:01.0946 6788	U6000ALL - ok
20:27:01.0961 6788	uagp35          (7d33c4db2ce363c8518d2dfcf533941f) C:\Windows\system32\drivers\uagp35.sys
20:27:01.0977 6788	uagp35 - ok
20:27:02.0008 6788	udfs            (d9728af68c4c7693cb100b8441cbdec6) C:\Windows\system32\DRIVERS\udfs.sys
20:27:02.0039 6788	udfs - ok
20:27:02.0117 6788	UI0Detect       (ecef404f62863755951e09c802c94ad5) C:\Windows\system32\UI0Detect.exe
20:27:02.0180 6788	UI0Detect - ok
20:27:02.0180 6788	uliagpkx        (b0acfdc9e4af279e9116c03e014b2b27) C:\Windows\system32\drivers\uliagpkx.sys
20:27:02.0195 6788	uliagpkx - ok
20:27:02.0226 6788	uliahci         (9224bb254f591de4ca8d572a5f0d635c) C:\Windows\system32\drivers\uliahci.sys
20:27:02.0258 6788	uliahci - ok
20:27:02.0273 6788	UlSata          (8514d0e5cd0534467c5fc61be94a569f) C:\Windows\system32\drivers\ulsata.sys
20:27:02.0304 6788	UlSata - ok
20:27:02.0336 6788	ulsata2         (38c3c6e62b157a6bc46594fada45c62b) C:\Windows\system32\drivers\ulsata2.sys
20:27:02.0351 6788	ulsata2 - ok
20:27:02.0367 6788	umbus           (32cff9f809ae9aed85464492bf3e32d2) C:\Windows\system32\DRIVERS\umbus.sys
20:27:02.0398 6788	umbus - ok
20:27:02.0429 6788	upnphost        (68308183f4ae0be7bf8ecd07cb297999) C:\Windows\System32\upnphost.dll
20:27:02.0476 6788	upnphost - ok
20:27:02.0819 6788	UPnPService     (7ce0fe34fd8fb7f52d1e503b0c1e4fa9) C:\Program Files\Common Files\MAGIX Shared\UPnPService\UPnPService.exe
20:27:02.0897 6788	UPnPService ( UnsignedFile.Multi.Generic ) - warning
20:27:02.0897 6788	UPnPService - detected UnsignedFile.Multi.Generic (1)
20:27:02.0944 6788	USBAAPL         (eafe1e00739afe6c51487a050e772e17) C:\Windows\system32\Drivers\usbaapl.sys
20:27:02.0960 6788	USBAAPL - ok
20:27:03.0038 6788	usbaudio        (32db9517628ff0d070682aab61e688f0) C:\Windows\system32\drivers\usbaudio.sys
20:27:03.0069 6788	usbaudio - ok
20:27:03.0147 6788	usbccgp         (caf811ae4c147ffcd5b51750c7f09142) C:\Windows\system32\DRIVERS\usbccgp.sys
20:27:03.0163 6788	usbccgp - ok
20:27:03.0194 6788	usbcir          (e9476e6c486e76bc4898074768fb7131) C:\Windows\system32\drivers\usbcir.sys
20:27:03.0256 6788	usbcir - ok
20:27:03.0287 6788	usbehci         (79e96c23a97ce7b8f14d310da2db0c9b) C:\Windows\system32\DRIVERS\usbehci.sys
20:27:03.0334 6788	usbehci - ok
20:27:03.0350 6788	usbhub          (4673bbcb006af60e7abddbe7a130ba42) C:\Windows\system32\DRIVERS\usbhub.sys
20:27:03.0397 6788	usbhub - ok
20:27:03.0412 6788	usbohci         (38dbc7dd6cc5a72011f187425384388b) C:\Windows\system32\drivers\usbohci.sys
20:27:03.0443 6788	usbohci - ok
20:27:03.0475 6788	usbprint        (e75c4b5269091d15a2e7dc0b6d35f2f5) C:\Windows\system32\DRIVERS\usbprint.sys
20:27:03.0521 6788	usbprint - ok
20:27:03.0553 6788	usbscan         (a508c9bd8724980512136b039bba65e9) C:\Windows\system32\DRIVERS\usbscan.sys
20:27:03.0584 6788	usbscan - ok
20:27:03.0615 6788	USBSTOR         (be3da31c191bc222d9ad503c5224f2ad) C:\Windows\system32\DRIVERS\USBSTOR.SYS
20:27:03.0631 6788	USBSTOR - ok
20:27:03.0631 6788	usbuhci         (814d653efc4d48be3b04a307eceff56f) C:\Windows\system32\DRIVERS\usbuhci.sys
20:27:03.0677 6788	usbuhci - ok
20:27:03.0693 6788	UxSms           (1509e705f3ac1d474c92454a5c2dd81f) C:\Windows\System32\uxsms.dll
20:27:03.0724 6788	UxSms - ok
20:27:03.0771 6788	vds             (cd88d1b7776dc17a119049742ec07eb4) C:\Windows\System32\vds.exe
20:27:03.0833 6788	vds - ok
20:27:03.0833 6788	vga             (87b06e1f30b749a114f74622d013f8d4) C:\Windows\system32\DRIVERS\vgapnp.sys
20:27:03.0865 6788	vga - ok
20:27:03.0880 6788	VgaSave         (2e93ac0a1d8c79d019db6c51f036636c) C:\Windows\System32\drivers\vga.sys
20:27:03.0927 6788	VgaSave - ok
20:27:03.0943 6788	viaagp          (5d7159def58a800d5781ba3a879627bc) C:\Windows\system32\drivers\viaagp.sys
20:27:03.0958 6788	viaagp - ok
20:27:03.0974 6788	ViaC7           (c4f3a691b5bad343e6249bd8c2d45dee) C:\Windows\system32\drivers\viac7.sys
20:27:04.0005 6788	ViaC7 - ok
20:27:04.0052 6788	viaide          (aadf5587a4063f52c2c3fed7887426fc) C:\Windows\system32\drivers\viaide.sys
20:27:04.0067 6788	viaide - ok
20:27:04.0067 6788	volmgr          (69503668ac66c77c6cd7af86fbdf8c43) C:\Windows\system32\drivers\volmgr.sys
20:27:04.0083 6788	volmgr - ok
20:27:04.0114 6788	volmgrx         (23e41b834759917bfd6b9a0d625d0c28) C:\Windows\system32\drivers\volmgrx.sys
20:27:04.0161 6788	volmgrx - ok
20:27:04.0192 6788	volsnap         (147281c01fcb1df9252de2a10d5e7093) C:\Windows\system32\drivers\volsnap.sys
20:27:04.0208 6788	volsnap - ok
20:27:04.0255 6788	vsmraid         (587253e09325e6bf226b299774b728a9) C:\Windows\system32\drivers\vsmraid.sys
20:27:04.0255 6788	vsmraid - ok
20:27:04.0348 6788	VSS             (db3d19f850c6eb32bdcb9bc0836acddb) C:\Windows\system32\vssvc.exe
20:27:04.0473 6788	VSS - ok
20:27:04.0504 6788	W32Time         (96ea68b9eb310a69c25ebb0282b2b9de) C:\Windows\system32\w32time.dll
20:27:04.0536 6788	W32Time - ok
20:27:04.0567 6788	WacomPen        (48dfee8f1af7c8235d4e626f0c4fe031) C:\Windows\system32\drivers\wacompen.sys
20:27:04.0614 6788	WacomPen - ok
20:27:04.0629 6788	Wanarp          (55201897378cca7af8b5efd874374a26) C:\Windows\system32\DRIVERS\wanarp.sys
20:27:04.0660 6788	Wanarp - ok
20:27:04.0660 6788	Wanarpv6        (55201897378cca7af8b5efd874374a26) C:\Windows\system32\DRIVERS\wanarp.sys
20:27:04.0676 6788	Wanarpv6 - ok
20:27:04.0707 6788	wcncsvc         (a3cd60fd826381b49f03832590e069af) C:\Windows\System32\wcncsvc.dll
20:27:04.0738 6788	wcncsvc - ok
20:27:04.0801 6788	WcsPlugInService (11bcb7afcdd7aadacb5746f544d3a9c7) C:\Windows\System32\WcsPlugInService.dll
20:27:04.0832 6788	WcsPlugInService - ok
20:27:04.0848 6788	Wd              (78fe9542363f297b18c027b2d7e7c07f) C:\Windows\system32\drivers\wd.sys
20:27:04.0863 6788	Wd - ok
20:27:05.0378 6788	Wdf01000        (b6f0a7ad6d4bd325fbcd8bac96cd8d96) C:\Windows\system32\drivers\Wdf01000.sys
20:27:05.0409 6788	Wdf01000 - ok
20:27:05.0456 6788	WdiServiceHost  (abfc76b48bb6c96e3338d8943c5d93b5) C:\Windows\system32\wdi.dll
20:27:05.0503 6788	WdiServiceHost - ok
20:27:05.0503 6788	WdiSystemHost   (abfc76b48bb6c96e3338d8943c5d93b5) C:\Windows\system32\wdi.dll
20:27:05.0534 6788	WdiSystemHost - ok
20:27:05.0550 6788	WebClient       (04c37d8107320312fbae09926103d5e2) C:\Windows\System32\webclnt.dll
20:27:05.0597 6788	WebClient - ok
20:27:05.0628 6788	Wecsvc          (ae3736e7e8892241c23e4ebbb7453b60) C:\Windows\system32\wecsvc.dll
20:27:05.0721 6788	Wecsvc - ok
20:27:05.0799 6788	wercplsupport   (670ff720071ed741206d69bd995ea453) C:\Windows\System32\wercplsupport.dll
20:27:05.0846 6788	wercplsupport - ok
20:27:05.0862 6788	WerSvc          (32b88481d3b326da6deb07b1d03481e7) C:\Windows\System32\WerSvc.dll
20:27:05.0893 6788	WerSvc - ok
20:27:06.0283 6788	WinDefend       (4575aa12561c5648483403541d0d7f2b) C:\Program Files\Windows Defender\mpsvc.dll
20:27:06.0299 6788	WinDefend - ok
20:27:06.0299 6788	WinHttpAutoProxySvc - ok
20:27:06.0751 6788	Winmgmt         (6b2a1d0e80110e3d04e6863c6e62fd8a) C:\Windows\system32\wbem\WMIsvc.dll
20:27:06.0782 6788	Winmgmt - ok
20:27:07.0828 6788	WinRM           (7cfe68bdc065e55aa5e8421607037511) C:\Windows\system32\WsmSvc.dll
20:27:07.0921 6788	WinRM - ok
20:27:08.0296 6788	Wlansvc         (c008405e4feeb069e30da1d823910234) C:\Windows\System32\wlansvc.dll
20:27:08.0374 6788	Wlansvc - ok
20:27:09.0872 6788	wlidsvc         (fb01d4ae207b9efdbabfc55dc95c7e31) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
20:27:09.0950 6788	wlidsvc - ok
20:27:10.0168 6788	WmiAcpi         (2e7255d172df0b8283cdfb7b433b864e) C:\Windows\system32\drivers\wmiacpi.sys
20:27:10.0199 6788	WmiAcpi - ok
20:27:10.0262 6788	wmiApSrv        (43be3875207dcb62a85c8c49970b66cc) C:\Windows\system32\wbem\WmiApSrv.exe
20:27:10.0293 6788	wmiApSrv - ok
20:27:10.0480 6788	WMPNetworkSvc   (3978704576a121a9204f8cc49a301a9b) C:\Program Files\Windows Media Player\wmpnetwk.exe
20:27:10.0558 6788	WMPNetworkSvc - ok
20:27:10.0589 6788	WPCSvc          (cfc5a04558f5070cee3e3a7809f3ff52) C:\Windows\System32\wpcsvc.dll
20:27:10.0652 6788	WPCSvc - ok
20:27:10.0667 6788	WPDBusEnum      (801fbdb89d472b3c467eb112a0fc9246) C:\Windows\system32\wpdbusenum.dll
20:27:10.0698 6788	WPDBusEnum - ok
20:27:10.0823 6788	WpdUsb          (de9d36f91a4df3d911626643debf11ea) C:\Windows\system32\DRIVERS\wpdusb.sys
20:27:10.0839 6788	WpdUsb - ok
20:27:11.0057 6788	WPFFontCache_v0400 (dcf3e3edf5109ee8bc02fe6e1f045795) C:\Windows\Microsoft.NET\Framework\v4.0.30319\WPF\WPFFontCache_v0400.exe
20:27:11.0135 6788	WPFFontCache_v0400 - ok
20:27:11.0182 6788	ws2ifsl         (e3a3cb253c0ec2494d4a61f5e43a389c) C:\Windows\system32\drivers\ws2ifsl.sys
20:27:11.0213 6788	ws2ifsl - ok
20:27:11.0260 6788	wscsvc          (1ca6c40261ddc0425987980d0cd2aaab) C:\Windows\system32\wscsvc.dll
20:27:11.0307 6788	wscsvc - ok
20:27:11.0307 6788	WSearch - ok
20:27:12.0852 6788	wuauserv        (fc3ec24fce372c89423e015a2ac1a31e) C:\Windows\system32\wuaueng.dll
20:27:12.0930 6788	wuauserv - ok
20:27:13.0273 6788	WUDFRd          (ac13cb789d93412106b0fb6c7eb2bcb6) C:\Windows\system32\DRIVERS\WUDFRd.sys
20:27:13.0304 6788	WUDFRd - ok
20:27:13.0320 6788	wudfsvc         (575a4190d989f64732119e4114045a4f) C:\Windows\System32\WUDFSvc.dll
20:27:13.0382 6788	wudfsvc - ok
20:27:13.0398 6788	MBR (0x1B8)     (5c616939100b85e558da92b899a0fc36) \Device\Harddisk0\DR0
20:27:15.0800 6788	\Device\Harddisk0\DR0 - ok
20:27:15.0847 6788	Boot (0x1200)   (bc6fe28d5945db40d385f44ed9b4e835) \Device\Harddisk0\DR0\Partition0
20:27:15.0863 6788	\Device\Harddisk0\DR0\Partition0 - ok
20:27:15.0878 6788	Boot (0x1200)   (9cc4818abe260c4037ea3dbd870f6038) \Device\Harddisk0\DR0\Partition1
20:27:15.0910 6788	\Device\Harddisk0\DR0\Partition1 - ok
20:27:15.0910 6788	============================================================
20:27:15.0910 6788	Scan finished
20:27:15.0910 6788	============================================================
20:27:15.0910 7800	Detected object count: 3
20:27:15.0910 7800	Actual detected object count: 3
20:28:22.0879 7800	StarOpen ( UnsignedFile.Multi.Generic ) - skipped by user
20:28:22.0879 7800	StarOpen ( UnsignedFile.Multi.Generic ) - User select action: Skip 
20:28:22.0881 7800	TestHandler ( UnsignedFile.Multi.Generic ) - skipped by user
20:28:22.0881 7800	TestHandler ( UnsignedFile.Multi.Generic ) - User select action: Skip 
20:28:22.0882 7800	UPnPService ( UnsignedFile.Multi.Generic ) - skipped by user
20:28:22.0883 7800	UPnPService ( UnsignedFile.Multi.Generic ) - User select action: Skip
         

Dann bitte jetzt CF ausführen:

ComboFix

Ein Leitfaden und Tutorium zur Nutzung von ComboFix

• Lade dir ComboFix hier herunter auf deinen Desktop.

• Schliesse alle Programme, vor allem dein Antivirenprogramm und andere Hintergrundwächter sowie deinen Internetbrowser.

• Starte combofix.exe von deinem Desktop aus, bestätige die Warnmeldungen, führe die Updates durch (falls vorgeschlagen), installiere die Wiederherstellungskonsole (falls vorgeschlagen) und lass dein System durchsuchen.
  Vermeide es auch während Combofix läuft die Maus und Tastatur zu benutzen.

• Im Anschluss öffnet sich automatisch eine combofix.txt, diesen Inhalt bitte kopieren ([Strg]a, [Strg]c) und in deinen Beitrag einfügen ([Strg]v). Die Datei findest du außerdem unter: C:\ComboFix.txt.

Wichtiger Hinweis:

Combofix darf ausschließlich ausgeführt werden, wenn ein Kompetenzler dies ausdrücklich empfohlen hat!

Es sollte nie auf eigene Initiative hin ausgeführt werden! Eine falsche Benutzung kann ernsthafte Computerprobleme nach sich ziehen und eine Bereinigung der Infektion noch erschweren.

Solltest du nach der Ausführung von Combofix Probleme beim Starten von Anwendungen haben und Meldungen erhalten wie

Zitat:

Es wurde versucht, einen Registrierungsschlüssel einem ungültigen Vorgang zu unterziehen, der zum Löschen markiert wurde.

startest du Windows dann manuell neu und die Fehlermeldungen sollten nicht mehr auftauchen.

Die Combofix-Auswertung:

Code: Alles auswählenAufklappen

ATTFilter

ComboFix 12-08-05.02 - Gogi 06.08.2012  20:54:55.3.4 - x86
Microsoft® Windows Vista™ Home Premium   6.0.6002.2.1252.49.1031.18.3327.2381 [GMT 2:00]
ausgeführt von:: c:\users\Gogi\Desktop\ComboFix.exe
AV: Avira Desktop *Disabled/Updated* {F67B4DE5-C0B4-6C3F-0EFF-6C83BD5D0C2C}
SP: Avira Desktop *Disabled/Updated* {4D1AAC01-E68E-63B1-344F-57F1C6DA4691}
SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
.
((((((((((((((((((((((((((((((((((((   Weitere Löschungen   ))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\programdata\EBD1821E4F.sys
c:\users\Gogi\AppData\Roaming\mIRC\logs\status.log
c:\windows\IsUn0407.exe
c:\windows\system32\URTTemp
c:\windows\system32\URTTemp\regtlib.exe
.
.
(((((((((((((((((((((((   Dateien erstellt von 2012-07-06 bis 2012-08-06  ))))))))))))))))))))))))))))))
.
.
2012-08-06 19:03 . 2012-08-06 19:03	--------	d-----w-	c:\users\Gogi\AppData\Local\temp
2012-08-06 19:03 . 2012-08-06 19:03	--------	d-----w-	c:\users\Default\AppData\Local\temp
2012-08-06 17:15 . 2012-08-06 17:15	56200	----a-w-	c:\programdata\Microsoft\Windows Defender\Definition Updates\{6AB90D36-6782-45AE-9B82-A43CD699C07A}\offreg.dll
2012-08-04 19:20 . 2012-08-04 19:20	--------	d-----w-	C:\_OTL
2012-08-03 13:51 . 2012-06-29 08:44	6891424	----a-w-	c:\programdata\Microsoft\Windows Defender\Definition Updates\{6AB90D36-6782-45AE-9B82-A43CD699C07A}\mpengine.dll
2012-07-31 18:34 . 2012-07-31 18:34	--------	d-----w-	c:\program files\ESET
2012-07-23 21:50 . 2012-07-23 21:50	--------	d-----w-	c:\program files\Malwarebytes' Anti-Malware
2012-07-23 21:50 . 2012-07-03 11:46	22344	----a-w-	c:\windows\system32\drivers\mbam.sys
2012-07-23 21:31 . 2012-07-23 21:31	--------	d-----w-	c:\users\Gogi\AppData\Roaming\Malwarebytes
2012-07-23 21:31 . 2012-07-23 21:31	--------	d-----w-	c:\programdata\Malwarebytes
2012-07-14 20:46 . 2012-07-14 20:45	476976	----a-w-	c:\windows\system32\npdeployJava1.dll
2012-07-11 23:44 . 2012-06-13 13:40	2047488	----a-w-	c:\windows\system32\win32k.sys
2012-07-11 21:33 . 2012-06-05 16:47	708608	----a-w-	c:\program files\Common Files\System\ado\msado15.dll
2012-07-11 21:33 . 2012-06-05 16:47	1401856	----a-w-	c:\windows\system32\msxml6.dll
2012-07-11 21:33 . 2012-06-05 16:47	1248768	----a-w-	c:\windows\system32\msxml3.dll
2012-07-11 21:33 . 2012-06-04 15:26	440704	----a-w-	c:\windows\system32\drivers\ksecdd.sys
2012-07-11 21:33 . 2012-06-02 00:04	278528	----a-w-	c:\windows\system32\schannel.dll
2012-07-11 21:33 . 2012-06-02 00:03	204288	----a-w-	c:\windows\system32\ncrypt.dll
.
.
.
((((((((((((((((((((((((((((((((((((   Find3M Bericht   ))))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2012-08-02 17:09 . 2012-05-22 15:28	70344	----a-w-	c:\windows\system32\FlashPlayerCPLApp.cpl
2012-08-02 17:09 . 2012-05-22 15:28	426184	----a-w-	c:\windows\system32\FlashPlayerApp.exe
2012-07-14 20:45 . 2012-02-19 12:53	472880	----a-w-	c:\windows\system32\deployJava1.dll
2012-06-02 22:19 . 2012-06-21 05:42	53784	----a-w-	c:\windows\system32\wuauclt.exe
2012-06-02 22:19 . 2012-06-21 05:42	45080	----a-w-	c:\windows\system32\wups2.dll
2012-06-02 22:19 . 2012-06-21 05:42	35864	----a-w-	c:\windows\system32\wups.dll
2012-06-02 22:19 . 2012-06-21 05:42	577048	----a-w-	c:\windows\system32\wuapi.dll
2012-06-02 22:19 . 2012-06-21 05:42	1933848	----a-w-	c:\windows\system32\wuaueng.dll
2012-06-02 22:12 . 2012-06-21 05:42	2422272	----a-w-	c:\windows\system32\wucltux.dll
2012-06-02 22:12 . 2012-06-21 05:42	88576	----a-w-	c:\windows\system32\wudriver.dll
2012-06-02 13:19 . 2012-06-21 05:42	171904	----a-w-	c:\windows\system32\wuwebv.dll
2012-06-02 13:12 . 2012-06-21 05:42	33792	----a-w-	c:\windows\system32\wuapp.exe
2012-05-31 10:25 . 2009-10-02 18:59	237072	------w-	c:\windows\system32\MpSigStub.exe
2012-05-08 20:04 . 2012-04-08 10:26	83392	----a-w-	c:\windows\system32\drivers\avgntflt.sys
2012-05-08 20:04 . 2012-04-08 10:26	137928	----a-w-	c:\windows\system32\drivers\avipbb.sys
2012-07-24 17:28 . 2012-02-26 03:26	136672	----a-w-	c:\program files\mozilla firefox\components\browsercomps.dll
2009-11-17 21:46 . 2009-11-17 21:46	119808	----a-w-	c:\program files\mozilla firefox\components\GoogleDesktopMozilla.dll
.
.
((((((((((((((((((((((((((((   Autostartpunkte der Registrierung   ))))))))))))))))))))))))))))))))))))))))
.
.
*Hinweis* leere Einträge & legitime Standardeinträge werden nicht angezeigt. 
REGEDIT4
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ehTray.exe"="c:\windows\ehome\ehTray.exe" [2008-01-21 125952]
"Sidebar"="c:\program files\Windows Sidebar\sidebar.exe" [2009-04-11 1233920]
"Spotify Web Helper"="c:\users\Gogi\AppData\Roaming\Spotify\Data\SpotifyWebHelper.exe" [2012-07-19 1193176]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"RtHDVCpl"="RtHDVCpl.exe" [2008-07-03 6266880]
"DivXUpdate"="c:\program files\DivX\DivX Update\DivXUpdate.exe" [2011-07-28 1259376]
"QuickTime Task"="c:\program files\QuickTime\QTTask.exe" [2011-07-05 421888]
"APSDaemon"="c:\program files\Common Files\Apple\Apple Application Support\APSDaemon.exe" [2012-05-30 59280]
"avgnt"="c:\program files\Avira\AntiVir Desktop\avgnt.exe" [2012-05-08 348624]
"iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2012-06-07 421776]
"SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2012-01-18 254696]
"Malwarebytes' Anti-Malware"="c:\program files\Malwarebytes' Anti-Malware\mbamgui.exe" [2012-07-03 462920]
"Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2012-04-04 843712]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"EnableUIADesktopToggle"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows]
"AppInit_DLLs"=c:\progra~1\Google\GOOGLE~2\GoogleDesktopNetwork3.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"aux2"=wdmaud.drv
HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\T-Online_Software_6
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe ARM]
2012-04-04 05:53	843712	----a-w-	c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DivXUpdate]
2011-07-28 23:08	1259376	----a-w-	c:\program files\DivX\DivX Update\DivXUpdate.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Google Desktop Search]
2009-11-17 21:46	30192	----a-w-	c:\program files\Google\Google Desktop Search\GoogleDesktop.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Google EULA Launcher]
2008-05-28 11:40	20480	----a-w-	c:\program files\Google\Google EULA\GoogleEULALauncher.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Google Update]
2010-03-18 08:27	136176	----atw-	c:\users\Gogi\AppData\Local\Google\Update\GoogleUpdate.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\OpwareSE2]
2003-05-08 11:00	49152	----a-w-	c:\program files\ScanSoft\OmniPageSE2.0\opwareSE2.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]
2011-07-05 16:36	421888	----a-w-	c:\program files\QuickTime\QTTask.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\StartCCC]
2008-01-21 10:17	61440	----a-w-	c:\program files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe
.
R3 AdobeFlashPlayerUpdateSvc;Adobe Flash Player Update Service;c:\windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [x]
S2 AdobeARMservice;Adobe Acrobat Update Service;c:\program files\Common Files\Adobe\ARM\1.0\armsvc.exe [x]
.
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
LocalServiceAndNoImpersonation	REG_MULTI_SZ   	FontCache
.
Inhalt des "geplante Tasks" Ordners
.
2012-08-06 c:\windows\Tasks\Adobe Flash Player Updater.job
- c:\windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [2012-05-22 17:09]
.
2012-08-06 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files\Google\Update\GoogleUpdate.exe [2009-07-19 19:03]
.
2012-08-06 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files\Google\Update\GoogleUpdate.exe [2009-07-19 19:03]
.
2012-08-05 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-2546707314-2983746973-2447176769-1000Core.job
- c:\users\Gogi\AppData\Local\Google\Update\GoogleUpdate.exe [2010-06-16 08:27]
.
2012-08-06 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-2546707314-2983746973-2447176769-1000UA.job
- c:\users\Gogi\AppData\Local\Google\Update\GoogleUpdate.exe [2010-06-16 08:27]
.
.
------- Zusätzlicher Suchlauf -------
.
uStart Page = hxxp://www.google.de/
mStart Page = hxxp://www.google.com/ig/redirectdomain?brand=FUJD&bmod=FUJD
uInternet Settings,ProxyOverride = *.local
TCP: DhcpNameServer = 83.169.184.161 83.169.184.225
FF - ProfilePath - c:\users\Gogi\AppData\Roaming\Mozilla\Firefox\Profiles\q40g44d4.default\
.
- - - - Entfernte verwaiste Registrierungseinträge - - - -
.
MSConfigStartUp-Adobe Reader Speed Launcher - c:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe
MSConfigStartUp-AppleSyncNotifier - c:\program files\Common Files\Apple\Mobile Device Support\AppleSyncNotifier.exe
MSConfigStartUp-BDRegion - c:\program files\Cyberlink\Shared files\brs.exe
MSConfigStartUp-LifeChat - c:\program files\Microsoft LifeChat\LifeChat.exe
MSConfigStartUp-RemoteControl10 - c:\program files\CyberLink\PowerDVD10\PDVD10Serv.exe
MSConfigStartUp-SunJavaUpdateSched - c:\program files\Java\jre6\bin\jusched.exe
MSConfigStartUp-swg - c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
MSConfigStartUp-TkBellExe - c:\program files\Common Files\Real\Update_OB\realsched.exe
AddRemove-Adobe Acrobat 5.0 - c:\windows\ISUN0407.EXE
AddRemove-FormatFactory - c:\program files\FreeTime\FormatFactory\uninst.exe
AddRemove-Sprill - c:\progra~3\PURPLE~1\Sprill\UNWISE.EXE
.
.
.
**************************************************************************
.
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, hxxp://www.gmer.net
Rootkit scan 2012-08-06 21:03
Windows 6.0.6002 Service Pack 2 NTFS
.
Scanne versteckte Prozesse... 
.
Scanne versteckte Autostarteinträge... 
.
Scanne versteckte Dateien... 
.
.
c:\users\Gogi\AppData\Local\Temp\catchme.dll 53248 bytes executable
.
Scan erfolgreich abgeschlossen
versteckte Dateien: 1
.
**************************************************************************
.
--------------------- Gesperrte Registrierungsschluessel ---------------------
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0001\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0002\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
Zeit der Fertigstellung: 2012-08-06  21:05:34
ComboFix-quarantined-files.txt  2012-08-06 19:05
.
Vor Suchlauf: 20 Verzeichnis(se), 111.306.338.304 Bytes frei
Nach Suchlauf: 22 Verzeichnis(se), 110.734.389.248 Bytes frei
.
- - End Of File - - 2812919A7020623DD495BB042018765B
         

Bitte nun Logs mit GMER und OSAM erstellen und posten.
GMER stürzt häufiger ab, wenn das Tool auch beim 2. Mal nicht will, lass es einfach weg und führ nur OSAM aus - die Online-Abfrage durch OSAM bitte überspringen.
Bei OSAM bitte darauf auch achten, dass Du das Log auch als *.log und nicht *.html oder so abspeicherst.

Hinweis: Zum Entpacken von OSAM bitte WinRAR oder 7zip verwenden! Stell auch unbedingt den Virenscanner ab, besonders der Scanner von McAfee meldet oft einen Fehalarm in OSAM!

Downloade dir bitte aswMBR.exe und speichere die Datei auf deinem Desktop.

• Starte die aswMBR.exe - (aswMBR.exe Anleitung)
  Ab Windows Vista (oder höher) bitte mit Rechtsklick "als Administrator ausführen" starten".
• Das Tool wird dich fragen, ob Du mit der aktuellen Virendefinition von AVAST! dein System scannen willst. Beantworte diese Frage bitte mit Ja. (Sollte deine Firewall fragen, bitte den Zugriff auf das Internet zulassen )
  Der Download der Definitionen kann je nach Verbindung eine Weile dauern.
  
• Klicke auf Scan.
• Warte bitte bis Scan finished successfully im DOS-Fenster steht.
• Drücke auf Save Log und speichere diese auf dem Desktop.

Poste mir die aswMBR.txt in deiner nächsten Antwort.

Wichtig: Drücke keinesfalls einen der Fix Buttons ohne Anweisung

Hinweis: Sollte der Scan Button ausgeblendet sein, schließe das Tool und starte es erneut. Sollte der Scan abbrechen und das Programm abstürzen, dann teile mir das mit und wähle unter AV Scan die Einstellung (none).



Noch ein Hinweis: Sollte aswMBR abstürzen und es kommt eine Meldung wie "aswMBR.exe funktioniert nicht mehr, dann mach Folgendes:
Starte aswMBR neu, wähle unten links im Drop-Down-Menü (unten links im Fenster von aswMBR) bei "AV scan" (none) aus und klick nochmal auf den Scan-Button.