RootKit.0Access.H bzw. TR/Atraps.Gen2

rocket112 · 10.08.2012, 17:54

Hallo Fachleute!

Bin über Google auf dieses Board hier gestossen und hoffe Ihr könnt mir helfen. Habe seit vorgestern ein Problem, dass Avira mir alle 5min einen bzw. zwei Fehler/Viren meldet. Das laptop funktioniert ansonsten einwandfrei. Der Virus kann mit Avira nicht entfernt werden. Die Meldung lautet TR/Atraps.Gen2. Habe ESET und MBAM prüfen lassen. Die Protokolle findet Ihr unten:

ESET

Code:

ATTFilter

C:\Users\**\AppData\Local\{e6c151e9-5d36-b062-be16-911dc8c390e6}\U\80000000.@	Win64/Sirefef.AL Trojaner

MBAM

Code:

ATTFilter

 Malwarebytes Anti-Malware  (Test) 1.62.0.1300
www.malwarebytes.org

Datenbank Version: v2012.08.10.07

Windows 7 Service Pack 1 x64 NTFS
Internet Explorer 8.0.7601.17514
** :: **-PC [Administrator]

Schutz: Deaktiviert

10.08.2012 16:44:29
mbam-log-2012-08-10 (18-29-03).txt

Art des Suchlaufs: Vollständiger Suchlauf (C:\|D:\|)
Aktivierte Suchlaufeinstellungen: Speicher | Autostart | Registrierung | Dateisystem | Heuristiks/Extra | HeuristiKs/Shuriken | PUP | PUM
Deaktivierte Suchlaufeinstellungen: P2P
Durchsuchte Objekte: 399108
Laufzeit: 52 Minute(n), 32 Sekunde(n)

Infizierte Speicherprozesse: 0
(Keine bösartigen Objekte gefunden)

Infizierte Speichermodule: 0
(Keine bösartigen Objekte gefunden)

Infizierte Registrierungsschlüssel: 0
(Keine bösartigen Objekte gefunden)

Infizierte Registrierungswerte: 0
(Keine bösartigen Objekte gefunden)

Infizierte Dateiobjekte der Registrierung: 0
(Keine bösartigen Objekte gefunden)

Infizierte Verzeichnisse: 0
(Keine bösartigen Objekte gefunden)

Infizierte Dateien: 1
C:\Users\**\AppData\Local\{e6c151e9-5d36-b062-be16-911dc8c390e6}\U\00000001.@ (RootKit.0Access.H) -> Keine Aktion durchgeführt.

(Ende)

Ich hoffe Ihr könnt mir helfen. Aber nach allem was ich gelesen habe ist mit einem Rootkit nicht zu spaßen, oder!

Vielen Dank vorab!

Euer Rocket

cosinus · 14.08.2012, 12:33

Malwarebytes erstellt bei jedem Scanvorgang genau ein Log. Hast du in der Vergangenheit schonmal mit Malwarebytes gescannt?
Wenn ja dann stehen auch alle Logs zu jedem Scanvorgang im Reiter Logdateien. Bitte alle posten, die dort sichtbar sind.

rocket112 · 14.08.2012, 17:41

Ok! Der Vollständigkeit halber poste ich mal alle logs:

Code:

ATTFilter

 Malwarebytes Anti-Malware  (Test) 1.62.0.1300
www.malwarebytes.org

Datenbank Version: v2012.08.08.08

Windows 7 Service Pack 1 x64 NTFS
Internet Explorer 8.0.7601.17514
GR :: GR-PC [Administrator]

Schutz: Aktiviert

08.08.2012 21:09:45
mbam-log-2012-08-08 (21-09-45).txt

Art des Suchlaufs: Quick-Scan
Aktivierte Suchlaufeinstellungen: Speicher | Autostart | Registrierung | Dateisystem | Heuristiks/Extra | HeuristiKs/Shuriken | PUP | PUM
Deaktivierte Suchlaufeinstellungen: P2P
Durchsuchte Objekte: 193072
Laufzeit: 3 Minute(n), 32 Sekunde(n)

Infizierte Speicherprozesse: 0
(Keine bösartigen Objekte gefunden)

Infizierte Speichermodule: 0
(Keine bösartigen Objekte gefunden)

Infizierte Registrierungsschlüssel: 0
(Keine bösartigen Objekte gefunden)

Infizierte Registrierungswerte: 0
(Keine bösartigen Objekte gefunden)

Infizierte Dateiobjekte der Registrierung: 0
(Keine bösartigen Objekte gefunden)

Infizierte Verzeichnisse: 0
(Keine bösartigen Objekte gefunden)

Infizierte Dateien: 0
(Keine bösartigen Objekte gefunden)

(Ende)

Code:

ATTFilter

 Malwarebytes Anti-Malware  (Test) 1.62.0.1300
www.malwarebytes.org

Datenbank Version: v2012.08.08.08

Windows 7 Service Pack 1 x64 NTFS
Internet Explorer 8.0.7601.17514
GR :: GR-PC [Administrator]

Schutz: Aktiviert

08.08.2012 22:18:42
mbam-log-2012-08-08 (22-18-42).txt

Art des Suchlaufs: Quick-Scan
Aktivierte Suchlaufeinstellungen: Speicher | Autostart | Registrierung | Dateisystem | Heuristiks/Extra | HeuristiKs/Shuriken | PUP | PUM
Deaktivierte Suchlaufeinstellungen: P2P
Durchsuchte Objekte: 193066
Laufzeit: 2 Minute(n), 43 Sekunde(n)

Infizierte Speicherprozesse: 0
(Keine bösartigen Objekte gefunden)

Infizierte Speichermodule: 0
(Keine bösartigen Objekte gefunden)

Infizierte Registrierungsschlüssel: 0
(Keine bösartigen Objekte gefunden)

Infizierte Registrierungswerte: 0
(Keine bösartigen Objekte gefunden)

Infizierte Dateiobjekte der Registrierung: 0
(Keine bösartigen Objekte gefunden)

Infizierte Verzeichnisse: 0
(Keine bösartigen Objekte gefunden)

Infizierte Dateien: 0
(Keine bösartigen Objekte gefunden)

(Ende)

Code:

ATTFilter

 Malwarebytes Anti-Malware  (Test) 1.62.0.1300
www.malwarebytes.org

Datenbank Version: v2012.08.08.08

Windows 7 Service Pack 1 x64 NTFS
Internet Explorer 8.0.7601.17514
GR :: GR-PC [Administrator]

Schutz: Aktiviert

08.08.2012 22:28:05
mbam-log-2012-08-08 (22-28-05).txt

Art des Suchlaufs: Vollständiger Suchlauf (C:\|D:\|)
Aktivierte Suchlaufeinstellungen: Speicher | Autostart | Registrierung | Dateisystem | Heuristiks/Extra | HeuristiKs/Shuriken | PUP | PUM
Deaktivierte Suchlaufeinstellungen: P2P
Durchsuchte Objekte: 39802
Laufzeit: 2 Minute(n), 22 Sekunde(n) [Abgebrochen]

Infizierte Speicherprozesse: 0
(Keine bösartigen Objekte gefunden)

Infizierte Speichermodule: 0
(Keine bösartigen Objekte gefunden)

Infizierte Registrierungsschlüssel: 0
(Keine bösartigen Objekte gefunden)

Infizierte Registrierungswerte: 0
(Keine bösartigen Objekte gefunden)

Infizierte Dateiobjekte der Registrierung: 0
(Keine bösartigen Objekte gefunden)

Infizierte Verzeichnisse: 0
(Keine bösartigen Objekte gefunden)

Code:

ATTFilter

2012/08/08 21:08:53 +0200	GR-PC	GR	MESSAGE	Starting protection
2012/08/08 21:08:53 +0200	GR-PC	GR	MESSAGE	Executing scheduled update:  Daily
2012/08/08 21:08:57 +0200	GR-PC	GR	MESSAGE	Protection started successfully
2012/08/08 21:09:00 +0200	GR-PC	GR	MESSAGE	Starting IP protection
2012/08/08 21:09:03 +0200	GR-PC	GR	MESSAGE	IP Protection started successfully
2012/08/08 21:09:13 +0200	GR-PC	GR	MESSAGE	Scheduled update executed successfully:  database updated from version v2012.07.03.05 to version v2012.08.08.08
2012/08/08 21:09:13 +0200	GR-PC	GR	MESSAGE	Starting database refresh
2012/08/08 21:09:13 +0200	GR-PC	GR	MESSAGE	Stopping IP protection
2012/08/08 21:13:07 +0200	GR-PC	GR	MESSAGE	IP Protection stopped
2012/08/08 21:13:10 +0200	GR-PC	GR	MESSAGE	Database refreshed successfully
2012/08/08 21:13:10 +0200	GR-PC	GR	MESSAGE	Starting IP protection
2012/08/08 21:13:13 +0200	GR-PC	GR	MESSAGE	IP Protection started successfully
2012/08/08 21:13:34 +0200	GR-PC	GR	IP-BLOCK	88.254.254.254 (Type: outgoing, Port: 58732, Process: explorer.exe)
2012/08/08 21:13:35 +0200	GR-PC	GR	IP-BLOCK	117.254.254.254 (Type: outgoing, Port: 58732, Process: explorer.exe)
2012/08/08 21:13:43 +0200	GR-PC	GR	IP-BLOCK	88.254.254.254 (Type: outgoing, Port: 58732, Process: explorer.exe)
2012/08/08 21:13:43 +0200	GR-PC	GR	IP-BLOCK	119.244.254.254 (Type: outgoing, Port: 58732, Process: explorer.exe)
2012/08/08 21:16:55 +0200	GR-PC	GR	IP-BLOCK	117.254.254.254 (Type: outgoing, Port: 58732, Process: explorer.exe)
2012/08/08 21:16:55 +0200	GR-PC	GR	IP-BLOCK	119.244.254.254 (Type: outgoing, Port: 58732, Process: explorer.exe)
2012/08/08 21:16:55 +0200	GR-PC	GR	IP-BLOCK	88.254.254.254 (Type: outgoing, Port: 58732, Process: explorer.exe)
2012/08/08 21:17:19 +0200	GR-PC	GR	IP-BLOCK	88.254.254.254 (Type: outgoing, Port: 58732, Process: explorer.exe)
2012/08/08 21:17:19 +0200	GR-PC	GR	IP-BLOCK	117.254.254.254 (Type: outgoing, Port: 58732, Process: explorer.exe)
2012/08/08 21:17:27 +0200	GR-PC	GR	IP-BLOCK	119.244.254.254 (Type: outgoing, Port: 58732, Process: explorer.exe)
2012/08/08 21:17:36 +0200	GR-PC	GR	IP-BLOCK	117.254.254.254 (Type: outgoing, Port: 58732, Process: explorer.exe)
2012/08/08 21:17:52 +0200	GR-PC	GR	IP-BLOCK	88.254.254.254 (Type: outgoing, Port: 58732, Process: explorer.exe)
2012/08/08 21:17:52 +0200	GR-PC	GR	IP-BLOCK	117.254.254.254 (Type: outgoing, Port: 58732, Process: explorer.exe)
2012/08/08 21:18:16 +0200	GR-PC	GR	IP-BLOCK	117.254.254.254 (Type: outgoing, Port: 58732, Process: explorer.exe)
2012/08/08 21:18:16 +0200	GR-PC	GR	IP-BLOCK	119.244.254.254 (Type: outgoing, Port: 58732, Process: explorer.exe)
2012/08/08 21:18:24 +0200	GR-PC	GR	IP-BLOCK	88.254.254.254 (Type: outgoing, Port: 58732, Process: explorer.exe)
2012/08/08 21:18:32 +0200	GR-PC	GR	IP-BLOCK	88.254.254.254 (Type: outgoing, Port: 58732, Process: explorer.exe)
2012/08/08 21:18:32 +0200	GR-PC	GR	IP-BLOCK	117.254.254.254 (Type: outgoing, Port: 58732, Process: explorer.exe)
2012/08/08 21:18:32 +0200	GR-PC	GR	IP-BLOCK	119.244.254.254 (Type: outgoing, Port: 58732, Process: explorer.exe)
2012/08/08 21:18:40 +0200	GR-PC	GR	IP-BLOCK	88.254.254.254 (Type: outgoing, Port: 58732, Process: explorer.exe)
2012/08/08 21:18:56 +0200	GR-PC	GR	IP-BLOCK	117.254.254.254 (Type: outgoing, Port: 58732, Process: explorer.exe)
2012/08/08 21:18:56 +0200	GR-PC	GR	IP-BLOCK	88.254.254.254 (Type: outgoing, Port: 58732, Process: explorer.exe)
2012/08/08 21:21:13 +0200	GR-PC	GR	IP-BLOCK	117.254.254.254 (Type: outgoing, Port: 58732, Process: explorer.exe)
2012/08/08 21:21:13 +0200	GR-PC	GR	IP-BLOCK	88.254.254.254 (Type: outgoing, Port: 58732, Process: explorer.exe)
2012/08/08 21:21:13 +0200	GR-PC	GR	IP-BLOCK	119.244.254.254 (Type: outgoing, Port: 58732, Process: explorer.exe)
2012/08/08 21:21:37 +0200	GR-PC	GR	IP-BLOCK	88.254.254.254 (Type: outgoing, Port: 58732, Process: explorer.exe)
2012/08/08 21:21:37 +0200	GR-PC	GR	IP-BLOCK	117.254.254.254 (Type: outgoing, Port: 58732, Process: explorer.exe)
2012/08/08 21:21:45 +0200	GR-PC	GR	IP-BLOCK	117.254.254.254 (Type: outgoing, Port: 58732, Process: explorer.exe)
2012/08/08 21:22:02 +0200	GR-PC	GR	IP-BLOCK	119.244.254.254 (Type: outgoing, Port: 58732, Process: explorer.exe)
2012/08/08 21:22:10 +0200	GR-PC	GR	IP-BLOCK	88.254.254.254 (Type: outgoing, Port: 58732, Process: explorer.exe)
2012/08/08 21:22:10 +0200	GR-PC	GR	IP-BLOCK	117.254.254.254 (Type: outgoing, Port: 58732, Process: explorer.exe)
2012/08/08 21:25:23 +0200	GR-PC	GR	IP-BLOCK	117.254.254.254 (Type: outgoing, Port: 58732, Process: explorer.exe)
2012/08/08 21:25:23 +0200	GR-PC	GR	IP-BLOCK	119.244.254.254 (Type: outgoing, Port: 58732, Process: explorer.exe)
2012/08/08 21:25:31 +0200	GR-PC	GR	IP-BLOCK	88.254.254.254 (Type: outgoing, Port: 58732, Process: explorer.exe)
2012/08/08 21:25:56 +0200	GR-PC	GR	IP-BLOCK	88.254.254.254 (Type: outgoing, Port: 58732, Process: explorer.exe)
2012/08/08 21:25:56 +0200	GR-PC	GR	IP-BLOCK	117.254.254.254 (Type: outgoing, Port: 58732, Process: explorer.exe)
2012/08/08 21:26:05 +0200	GR-PC	GR	IP-BLOCK	88.254.254.254 (Type: outgoing, Port: 58732, Process: explorer.exe)
2012/08/08 21:26:05 +0200	GR-PC	GR	IP-BLOCK	117.254.254.254 (Type: outgoing, Port: 58732, Process: explorer.exe)
2012/08/08 21:29:43 +0200	GR-PC	GR	IP-BLOCK	88.254.254.254 (Type: outgoing, Port: 58732, Process: explorer.exe)
2012/08/08 21:29:51 +0200	GR-PC	GR	IP-BLOCK	119.244.254.254 (Type: outgoing, Port: 58732, Process: explorer.exe)
2012/08/08 21:30:39 +0200	GR-PC	GR	IP-BLOCK	119.244.254.254 (Type: outgoing, Port: 58732, Process: explorer.exe)
2012/08/08 21:30:39 +0200	GR-PC	GR	IP-BLOCK	119.244.254.254 (Type: outgoing, Port: 58732, Process: explorer.exe)
2012/08/08 21:30:56 +0200	GR-PC	GR	IP-BLOCK	88.254.254.254 (Type: outgoing, Port: 58732, Process: explorer.exe)
2012/08/08 21:30:56 +0200	GR-PC	GR	IP-BLOCK	117.254.254.254 (Type: outgoing, Port: 58732, Process: explorer.exe)
2012/08/08 21:31:04 +0200	GR-PC	GR	IP-BLOCK	88.254.254.254 (Type: outgoing, Port: 58732, Process: explorer.exe)
2012/08/08 21:31:04 +0200	GR-PC	GR	IP-BLOCK	117.254.254.254 (Type: outgoing, Port: 58732, Process: explorer.exe)
2012/08/08 21:31:12 +0200	GR-PC	GR	IP-BLOCK	119.244.254.254 (Type: outgoing, Port: 58732, Process: explorer.exe)
2012/08/08 21:33:54 +0200	GR-PC	GR	IP-BLOCK	117.254.254.254 (Type: outgoing, Port: 58732, Process: explorer.exe)
2012/08/08 21:34:03 +0200	GR-PC	GR	IP-BLOCK	88.254.254.254 (Type: outgoing, Port: 58732, Process: explorer.exe)
2012/08/08 21:34:20 +0200	GR-PC	GR	IP-BLOCK	88.254.254.254 (Type: outgoing, Port: 58732, Process: explorer.exe)
2012/08/08 21:34:28 +0200	GR-PC	GR	IP-BLOCK	117.254.254.254 (Type: outgoing, Port: 58732, Process: explorer.exe)
2012/08/08 21:34:36 +0200	GR-PC	GR	IP-BLOCK	88.254.254.254 (Type: outgoing, Port: 58732, Process: explorer.exe)
2012/08/08 21:34:36 +0200	GR-PC	GR	IP-BLOCK	117.254.254.254 (Type: outgoing, Port: 58732, Process: explorer.exe)
2012/08/08 21:38:14 +0200	GR-PC	GR	IP-BLOCK	117.254.254.254 (Type: outgoing, Port: 58732, Process: explorer.exe)
2012/08/08 21:38:14 +0200	GR-PC	GR	IP-BLOCK	88.254.254.254 (Type: outgoing, Port: 58732, Process: explorer.exe)
2012/08/08 21:38:14 +0200	GR-PC	GR	IP-BLOCK	119.244.254.254 (Type: outgoing, Port: 58732, Process: explorer.exe)
2012/08/08 21:38:31 +0200	GR-PC	GR	IP-BLOCK	117.254.254.254 (Type: outgoing, Port: 58732, Process: explorer.exe)
2012/08/08 21:38:39 +0200	GR-PC	GR	IP-BLOCK	119.244.254.254 (Type: outgoing, Port: 58732, Process: explorer.exe)
2012/08/08 21:38:48 +0200	GR-PC	GR	IP-BLOCK	88.254.254.254 (Type: outgoing, Port: 58732, Process: explorer.exe)
2012/08/08 21:38:57 +0200	GR-PC	GR	IP-BLOCK	119.244.254.254 (Type: outgoing, Port: 58732, Process: explorer.exe)
2012/08/08 21:39:05 +0200	GR-PC	GR	IP-BLOCK	88.254.254.254 (Type: outgoing, Port: 58732, Process: explorer.exe)
2012/08/08 21:39:14 +0200	GR-PC	GR	IP-BLOCK	117.254.254.254 (Type: outgoing, Port: 58732, Process: explorer.exe)
2012/08/08 21:39:23 +0200	GR-PC	GR	IP-BLOCK	88.254.254.254 (Type: outgoing, Port: 58732, Process: explorer.exe)
2012/08/08 21:39:23 +0200	GR-PC	GR	IP-BLOCK	117.254.254.254 (Type: outgoing, Port: 58732, Process: explorer.exe)
2012/08/08 21:43:58 +0200	GR-PC	GR	IP-BLOCK	77.78.242.89 (Type: outgoing, Port: 58732, Process: explorer.exe)
2012/08/08 21:46:47 +0200	GR-PC	GR	IP-BLOCK	117.254.254.254 (Type: outgoing, Port: 58732, Process: explorer.exe)
2012/08/08 21:46:47 +0200	GR-PC	GR	IP-BLOCK	119.244.254.254 (Type: outgoing, Port: 58732, Process: explorer.exe)
2012/08/08 21:46:47 +0200	GR-PC	GR	IP-BLOCK	88.254.254.254 (Type: outgoing, Port: 58732, Process: explorer.exe)
2012/08/08 21:48:00 +0200	GR-PC	GR	IP-BLOCK	88.254.254.254 (Type: outgoing, Port: 58732, Process: explorer.exe)
2012/08/08 21:48:00 +0200	GR-PC	GR	IP-BLOCK	117.254.254.254 (Type: outgoing, Port: 58732, Process: explorer.exe)
2012/08/08 21:48:08 +0200	GR-PC	GR	IP-BLOCK	119.244.254.254 (Type: outgoing, Port: 58732, Process: explorer.exe)
2012/08/08 21:51:28 +0200	GR-PC	GR	IP-BLOCK	88.254.254.254 (Type: outgoing, Port: 58732, Process: explorer.exe)
2012/08/08 21:51:28 +0200	GR-PC	GR	IP-BLOCK	117.254.254.254 (Type: outgoing, Port: 58732, Process: explorer.exe)
2012/08/08 21:52:33 +0200	GR-PC	GR	IP-BLOCK	88.254.254.254 (Type: outgoing, Port: 58732, Process: explorer.exe)
2012/08/08 21:52:33 +0200	GR-PC	GR	IP-BLOCK	117.254.254.254 (Type: outgoing, Port: 58732, Process: explorer.exe)
2012/08/08 21:55:14 +0200	GR-PC	GR	IP-BLOCK	117.254.254.254 (Type: outgoing, Port: 58732, Process: explorer.exe)
2012/08/08 21:55:14 +0200	GR-PC	GR	IP-BLOCK	88.254.254.254 (Type: outgoing, Port: 58732, Process: explorer.exe)
2012/08/08 21:55:30 +0200	GR-PC	GR	IP-BLOCK	119.244.254.254 (Type: outgoing, Port: 58732, Process: explorer.exe)
2012/08/08 21:55:47 +0200	GR-PC	GR	IP-BLOCK	88.254.254.254 (Type: outgoing, Port: 58732, Process: explorer.exe)
2012/08/08 21:55:47 +0200	GR-PC	GR	IP-BLOCK	117.254.254.254 (Type: outgoing, Port: 58732, Process: explorer.exe)
2012/08/08 21:55:48 +0200	GR-PC	GR	IP-BLOCK	117.254.254.254 (Type: outgoing, Port: 58732, Process: explorer.exe)
2012/08/08 21:55:57 +0200	GR-PC	GR	IP-BLOCK	88.254.254.254 (Type: outgoing, Port: 58732, Process: explorer.exe)
2012/08/08 21:55:57 +0200	GR-PC	GR	IP-BLOCK	119.244.254.254 (Type: outgoing, Port: 58732, Process: explorer.exe)
2012/08/08 21:56:14 +0200	GR-PC	GR	IP-BLOCK	88.254.254.254 (Type: outgoing, Port: 58732, Process: explorer.exe)
2012/08/08 21:56:14 +0200	GR-PC	GR	IP-BLOCK	117.254.254.254 (Type: outgoing, Port: 58732, Process: explorer.exe)
2012/08/08 21:56:14 +0200	GR-PC	GR	IP-BLOCK	119.244.254.254 (Type: outgoing, Port: 58732, Process: explorer.exe)
2012/08/08 21:56:30 +0200	GR-PC	GR	IP-BLOCK	88.254.254.254 (Type: outgoing, Port: 58732, Process: explorer.exe)
2012/08/08 21:56:30 +0200	GR-PC	GR	IP-BLOCK	117.254.254.254 (Type: outgoing, Port: 58732, Process: explorer.exe)
2012/08/08 21:56:30 +0200	GR-PC	GR	IP-BLOCK	119.244.254.254 (Type: outgoing, Port: 58732, Process: explorer.exe)
2012/08/08 21:56:38 +0200	GR-PC	GR	IP-BLOCK	88.254.254.254 (Type: outgoing, Port: 58732, Process: explorer.exe)
2012/08/08 21:56:39 +0200	GR-PC	GR	IP-BLOCK	117.254.254.254 (Type: outgoing, Port: 58732, Process: explorer.exe)
2012/08/08 21:56:39 +0200	GR-PC	GR	IP-BLOCK	119.244.254.254 (Type: outgoing, Port: 58732, Process: explorer.exe)
2012/08/08 21:56:55 +0200	GR-PC	GR	IP-BLOCK	88.254.254.254 (Type: outgoing, Port: 58732, Process: explorer.exe)
2012/08/08 21:56:55 +0200	GR-PC	GR	IP-BLOCK	117.254.254.254 (Type: outgoing, Port: 58732, Process: explorer.exe)
2012/08/08 21:57:03 +0200	GR-PC	GR	IP-BLOCK	119.244.254.254 (Type: outgoing, Port: 58732, Process: explorer.exe)
2012/08/08 21:59:36 +0200	GR-PC	GR	IP-BLOCK	119.244.254.254 (Type: outgoing, Port: 58732, Process: explorer.exe)
2012/08/08 21:59:36 +0200	GR-PC	GR	IP-BLOCK	88.254.254.254 (Type: outgoing, Port: 58732, Process: explorer.exe)
2012/08/08 21:59:44 +0200	GR-PC	GR	IP-BLOCK	119.244.254.254 (Type: outgoing, Port: 58732, Process: explorer.exe)
2012/08/08 22:00:01 +0200	GR-PC	GR	IP-BLOCK	88.254.254.254 (Type: outgoing, Port: 58732, Process: explorer.exe)
2012/08/08 22:00:01 +0200	GR-PC	GR	IP-BLOCK	117.254.254.254 (Type: outgoing, Port: 58732, Process: explorer.exe)
2012/08/08 22:00:17 +0200	GR-PC	GR	IP-BLOCK	88.254.254.254 (Type: outgoing, Port: 58732, Process: explorer.exe)
2012/08/08 22:00:17 +0200	GR-PC	GR	IP-BLOCK	117.254.254.254 (Type: outgoing, Port: 58732, Process: explorer.exe)
2012/08/08 22:03:47 +0200	GR-PC	GR	IP-BLOCK	117.254.254.254 (Type: outgoing, Port: 58732, Process: explorer.exe)
2012/08/08 22:03:55 +0200	GR-PC	GR	IP-BLOCK	88.254.254.254 (Type: outgoing, Port: 58732, Process: explorer.exe)
2012/08/08 22:03:55 +0200	GR-PC	GR	IP-BLOCK	119.244.254.254 (Type: outgoing, Port: 58732, Process: explorer.exe)
2012/08/08 22:04:19 +0200	GR-PC	GR	IP-BLOCK	88.254.254.254 (Type: outgoing, Port: 58732, Process: explorer.exe)
2012/08/08 22:04:19 +0200	GR-PC	GR	IP-BLOCK	117.254.254.254 (Type: outgoing, Port: 58732, Process: explorer.exe)
2012/08/08 22:04:27 +0200	GR-PC	GR	IP-BLOCK	88.254.254.254 (Type: outgoing, Port: 58732, Process: explorer.exe)
2012/08/08 22:04:44 +0200	GR-PC	GR	IP-BLOCK	117.254.254.254 (Type: outgoing, Port: 58732, Process: explorer.exe)
2012/08/08 22:08:05 +0200	GR-PC	GR	IP-BLOCK	117.254.254.254 (Type: outgoing, Port: 58732, Process: explorer.exe)
2012/08/08 22:08:05 +0200	GR-PC	GR	IP-BLOCK	88.254.254.254 (Type: outgoing, Port: 58732, Process: explorer.exe)
2012/08/08 22:08:05 +0200	GR-PC	GR	IP-BLOCK	119.244.254.254 (Type: outgoing, Port: 58732, Process: explorer.exe)
2012/08/08 22:08:21 +0200	GR-PC	GR	IP-BLOCK	119.244.254.254 (Type: outgoing, Port: 58732, Process: explorer.exe)
2012/08/08 22:08:30 +0200	GR-PC	GR	IP-BLOCK	88.254.254.254 (Type: outgoing, Port: 58732, Process: explorer.exe)
2012/08/08 22:08:30 +0200	GR-PC	GR	IP-BLOCK	117.254.254.254 (Type: outgoing, Port: 58732, Process: explorer.exe)
2012/08/08 22:08:46 +0200	GR-PC	GR	IP-BLOCK	88.254.254.254 (Type: outgoing, Port: 58732, Process: explorer.exe)
2012/08/08 22:08:46 +0200	GR-PC	GR	IP-BLOCK	117.254.254.254 (Type: outgoing, Port: 58732, Process: explorer.exe)
2012/08/08 22:09:02 +0200	GR-PC	GR	IP-BLOCK	88.254.254.254 (Type: outgoing, Port: 58732, Process: explorer.exe)
2012/08/08 22:09:02 +0200	GR-PC	GR	IP-BLOCK	117.254.254.254 (Type: outgoing, Port: 58732, Process: explorer.exe)
2012/08/08 22:09:18 +0200	GR-PC	GR	IP-BLOCK	88.254.254.254 (Type: outgoing, Port: 58732, Process: explorer.exe)
2012/08/08 22:09:18 +0200	GR-PC	GR	IP-BLOCK	117.254.254.254 (Type: outgoing, Port: 58732, Process: explorer.exe)
2012/08/08 22:12:24 +0200	GR-PC	GR	IP-BLOCK	117.254.254.254 (Type: outgoing, Port: 58732, Process: explorer.exe)
2012/08/08 22:12:24 +0200	GR-PC	GR	IP-BLOCK	88.254.254.254 (Type: outgoing, Port: 58732, Process: explorer.exe)
2012/08/08 22:12:32 +0200	GR-PC	GR	IP-BLOCK	119.244.254.254 (Type: outgoing, Port: 58732, Process: explorer.exe)
2012/08/08 22:12:40 +0200	GR-PC	GR	IP-BLOCK	119.244.254.254 (Type: outgoing, Port: 58732, Process: explorer.exe)
2012/08/08 22:12:48 +0200	GR-PC	GR	IP-BLOCK	88.254.254.254 (Type: outgoing, Port: 58732, Process: explorer.exe)
2012/08/08 22:12:48 +0200	GR-PC	GR	IP-BLOCK	117.254.254.254 (Type: outgoing, Port: 58732, Process: explorer.exe)
2012/08/08 22:13:12 +0200	GR-PC	GR	IP-BLOCK	119.244.254.254 (Type: outgoing, Port: 58732, Process: explorer.exe)
2012/08/08 22:13:28 +0200	GR-PC	GR	IP-BLOCK	117.254.254.254 (Type: outgoing, Port: 58732, Process: explorer.exe)
2012/08/08 22:14:17 +0200	GR-PC	GR	IP-BLOCK	119.244.254.254 (Type: outgoing, Port: 58732, Process: explorer.exe)
2012/08/08 22:14:17 +0200	GR-PC	GR	IP-BLOCK	88.254.254.254 (Type: outgoing, Port: 58732, Process: explorer.exe)
2012/08/08 22:14:17 +0200	GR-PC	GR	IP-BLOCK	117.254.254.254 (Type: outgoing, Port: 58732, Process: explorer.exe)
2012/08/08 22:16:34 +0200	GR-PC	GR	IP-BLOCK	117.254.254.254 (Type: outgoing, Port: 58732, Process: explorer.exe)
2012/08/08 22:16:42 +0200	GR-PC	GR	IP-BLOCK	88.254.254.254 (Type: outgoing, Port: 58732, Process: explorer.exe)
2012/08/08 22:17:07 +0200	GR-PC	GR	IP-BLOCK	88.254.254.254 (Type: outgoing, Port: 58732, Process: explorer.exe)
2012/08/08 22:17:07 +0200	GR-PC	GR	IP-BLOCK	117.254.254.254 (Type: outgoing, Port: 58732, Process: explorer.exe)
2012/08/08 22:17:55 +0200	GR-PC	GR	IP-BLOCK	88.254.254.254 (Type: outgoing, Port: 58732, Process: explorer.exe)
2012/08/08 22:17:55 +0200	GR-PC	GR	IP-BLOCK	117.254.254.254 (Type: outgoing, Port: 58732, Process: explorer.exe)
2012/08/08 22:20:46 +0200	GR-PC	GR	IP-BLOCK	91.188.37.21 (Type: outgoing, Port: 58732, Process: explorer.exe)
2012/08/08 22:21:18 +0200	GR-PC	GR	IP-BLOCK	88.254.254.254 (Type: outgoing, Port: 58732, Process: explorer.exe)
2012/08/08 22:21:18 +0200	GR-PC	GR	IP-BLOCK	117.254.254.254 (Type: outgoing, Port: 58732, Process: explorer.exe)
2012/08/08 22:21:34 +0200	GR-PC	GR	IP-BLOCK	88.254.254.254 (Type: outgoing, Port: 58732, Process: explorer.exe)
2012/08/08 22:21:34 +0200	GR-PC	GR	IP-BLOCK	117.254.254.254 (Type: outgoing, Port: 58732, Process: explorer.exe)
2012/08/08 22:21:42 +0200	GR-PC	GR	IP-BLOCK	88.254.254.254 (Type: outgoing, Port: 58732, Process: explorer.exe)
2012/08/08 22:21:50 +0200	GR-PC	GR	IP-BLOCK	119.244.254.254 (Type: outgoing, Port: 58732, Process: explorer.exe)
2012/08/08 22:22:07 +0200	GR-PC	GR	IP-BLOCK	88.254.254.254 (Type: outgoing, Port: 58732, Process: explorer.exe)
2012/08/08 22:22:07 +0200	GR-PC	GR	IP-BLOCK	117.254.254.254 (Type: outgoing, Port: 58732, Process: explorer.exe)
2012/08/08 22:22:15 +0200	GR-PC	GR	IP-BLOCK	88.254.254.254 (Type: outgoing, Port: 58732, Process: explorer.exe)
2012/08/08 22:22:15 +0200	GR-PC	GR	IP-BLOCK	117.254.254.254 (Type: outgoing, Port: 58732, Process: explorer.exe)
2012/08/08 22:22:23 +0200	GR-PC	GR	IP-BLOCK	119.244.254.254 (Type: outgoing, Port: 58732, Process: explorer.exe)
2012/08/08 22:22:31 +0200	GR-PC	GR	IP-BLOCK	88.254.254.254 (Type: outgoing, Port: 58732, Process: explorer.exe)
2012/08/08 22:22:31 +0200	GR-PC	GR	IP-BLOCK	117.254.254.254 (Type: outgoing, Port: 58732, Process: explorer.exe)
2012/08/08 22:22:39 +0200	GR-PC	GR	IP-BLOCK	119.244.254.254 (Type: outgoing, Port: 58732, Process: explorer.exe)
2012/08/08 22:22:55 +0200	GR-PC	GR	IP-BLOCK	88.254.254.254 (Type: outgoing, Port: 58732, Process: explorer.exe)
2012/08/08 22:22:55 +0200	GR-PC	GR	IP-BLOCK	117.254.254.254 (Type: outgoing, Port: 58732, Process: explorer.exe)
2012/08/08 22:22:55 +0200	GR-PC	GR	IP-BLOCK	119.244.254.254 (Type: outgoing, Port: 58732, Process: explorer.exe)
2012/08/08 22:25:12 +0200	GR-PC	GR	IP-BLOCK	117.254.254.254 (Type: outgoing, Port: 58732, Process: explorer.exe)
2012/08/08 22:25:12 +0200	GR-PC	GR	IP-BLOCK	119.244.254.254 (Type: outgoing, Port: 58732, Process: explorer.exe)
2012/08/08 22:25:12 +0200	GR-PC	GR	IP-BLOCK	88.254.254.254 (Type: outgoing, Port: 58732, Process: explorer.exe)
2012/08/08 22:25:36 +0200	GR-PC	GR	IP-BLOCK	88.254.254.254 (Type: outgoing, Port: 58732, Process: explorer.exe)
2012/08/08 22:25:36 +0200	GR-PC	GR	IP-BLOCK	117.254.254.254 (Type: outgoing, Port: 58732, Process: explorer.exe)
2012/08/08 22:25:53 +0200	GR-PC	GR	IP-BLOCK	88.254.254.254 (Type: outgoing, Port: 58732, Process: explorer.exe)
2012/08/08 22:25:53 +0200	GR-PC	GR	IP-BLOCK	117.254.254.254 (Type: outgoing, Port: 58732, Process: explorer.exe)
2012/08/08 22:29:30 +0200	GR-PC	GR	IP-BLOCK	88.254.254.254 (Type: outgoing, Port: 58732, Process: explorer.exe)
2012/08/08 22:29:30 +0200	GR-PC	GR	IP-BLOCK	119.244.254.254 (Type: outgoing, Port: 58732, Process: explorer.exe)
2012/08/08 22:29:46 +0200	GR-PC	GR	IP-BLOCK	88.254.254.254 (Type: outgoing, Port: 58732, Process: explorer.exe)
2012/08/08 22:29:54 +0200	GR-PC	GR	IP-BLOCK	119.244.254.254 (Type: outgoing, Port: 58732, Process: explorer.exe)
2012/08/08 22:31:22 +0200	GR-PC	GR	IP-BLOCK	117.254.254.254 (Type: outgoing, Port: 58732, Process: explorer.exe)
2012/08/08 22:31:31 +0200	GR-PC	GR	IP-BLOCK	88.254.254.254 (Type: outgoing, Port: 58732, Process: explorer.exe)
2012/08/08 22:31:31 +0200	GR-PC	GR	IP-BLOCK	117.254.254.254 (Type: outgoing, Port: 58732, Process: explorer.exe)

Code:

ATTFilter

2012/08/09 18:37:31 +0200	GR-PC	GR	MESSAGE	Starting protection
2012/08/09 18:37:34 +0200	GR-PC	GR	MESSAGE	Protection started successfully
2012/08/09 18:37:37 +0200	GR-PC	GR	MESSAGE	Starting IP protection
2012/08/09 18:37:41 +0200	GR-PC	GR	MESSAGE	IP Protection started successfully
2012/08/09 19:22:05 +0200	GR-PC	GR	MESSAGE	Executing scheduled update:  Daily
2012/08/09 19:22:16 +0200	GR-PC	GR	MESSAGE	Starting database refresh
2012/08/09 19:22:16 +0200	GR-PC	GR	MESSAGE	Scheduled update executed successfully:  database updated from version v2012.08.08.08 to version v2012.08.09.09
2012/08/09 19:22:16 +0200	GR-PC	GR	MESSAGE	Stopping IP protection
2012/08/09 19:26:40 +0200	GR-PC	GR	MESSAGE	IP Protection stopped
2012/08/09 19:26:43 +0200	GR-PC	GR	MESSAGE	Database refreshed successfully
2012/08/09 19:26:43 +0200	GR-PC	GR	MESSAGE	Starting IP protection
2012/08/09 19:26:47 +0200	GR-PC	GR	MESSAGE	IP Protection started successfully

Code:

ATTFilter

2012/08/10 19:25:29 +0200	GR-PC	GR	MESSAGE	Executing scheduled update:  Daily
2012/08/10 19:25:30 +0200	GR-PC	GR	MESSAGE	Database already up-to-date
2012/08/10 21:46:30 +0200	GR-PC	GR	MESSAGE	Starting protection
2012/08/10 21:46:33 +0200	GR-PC	GR	MESSAGE	Protection started successfully
2012/08/10 21:46:36 +0200	GR-PC	GR	MESSAGE	Starting IP protection
2012/08/10 21:46:40 +0200	GR-PC	GR	MESSAGE	IP Protection started successfully

Code:

ATTFilter

2012/08/11 07:45:23 +0200	GR-PC	GR	MESSAGE	Starting protection
2012/08/11 07:45:26 +0200	GR-PC	GR	MESSAGE	Protection started successfully
2012/08/11 07:45:29 +0200	GR-PC	GR	MESSAGE	Starting IP protection
2012/08/11 07:45:32 +0200	GR-PC	GR	MESSAGE	IP Protection started successfully
2012/08/11 16:44:27 +0200	GR-PC	GR	MESSAGE	Starting protection
2012/08/11 16:44:30 +0200	GR-PC	GR	MESSAGE	Protection started successfully
2012/08/11 16:44:33 +0200	GR-PC	GR	MESSAGE	Starting IP protection
2012/08/11 16:44:36 +0200	GR-PC	GR	MESSAGE	IP Protection started successfully

Code:

ATTFilter

2012/08/12 07:49:26 +0200	GR-PC	GR	MESSAGE	Starting protection
2012/08/12 07:49:28 +0200	GR-PC	GR	MESSAGE	Executing scheduled update:  Daily
2012/08/12 07:49:29 +0200	GR-PC	GR	MESSAGE	Protection started successfully
2012/08/12 07:49:32 +0200	GR-PC	GR	MESSAGE	Starting IP protection
2012/08/12 07:49:36 +0200	GR-PC	GR	MESSAGE	IP Protection started successfully
2012/08/12 07:49:38 +0200	GR-PC	GR	MESSAGE	Starting database refresh
2012/08/12 07:49:38 +0200	GR-PC	GR	MESSAGE	Scheduled update executed successfully:  database updated from version v2012.08.10.07 to version v2012.08.12.01
2012/08/12 07:49:38 +0200	GR-PC	GR	MESSAGE	Stopping IP protection
2012/08/12 07:53:39 +0200	GR-PC	GR	MESSAGE	IP Protection stopped
2012/08/12 07:53:42 +0200	GR-PC	GR	MESSAGE	Database refreshed successfully
2012/08/12 07:53:42 +0200	GR-PC	GR	MESSAGE	Starting IP protection
2012/08/12 07:53:46 +0200	GR-PC	GR	MESSAGE	IP Protection started successfully
2012/08/12 13:57:30 +0200	GR-PC	GR	MESSAGE	Starting protection
2012/08/12 13:57:33 +0200	GR-PC	GR	MESSAGE	Protection started successfully
2012/08/12 13:57:36 +0200	GR-PC	GR	MESSAGE	Starting IP protection
2012/08/12 13:57:39 +0200	GR-PC	GR	MESSAGE	IP Protection started successfully
2012/08/12 18:19:53 +0200	GR-PC	GR	MESSAGE	Starting protection
2012/08/12 18:19:56 +0200	GR-PC	GR	MESSAGE	Protection started successfully
2012/08/12 18:19:59 +0200	GR-PC	GR	MESSAGE	Starting IP protection
2012/08/12 18:20:02 +0200	GR-PC	GR	MESSAGE	IP Protection started successfully

Code:

ATTFilter

2012/08/13 21:30:08 +0200	GR-PC	GR	MESSAGE	Starting protection
2012/08/13 21:30:11 +0200	GR-PC	GR	MESSAGE	Executing scheduled update:  Daily
2012/08/13 21:30:12 +0200	GR-PC	GR	MESSAGE	Protection started successfully
2012/08/13 21:30:15 +0200	GR-PC	GR	MESSAGE	Starting IP protection
2012/08/13 21:30:21 +0200	GR-PC	GR	MESSAGE	IP Protection started successfully
2012/08/13 21:30:24 +0200	GR-PC	GR	MESSAGE	Starting database refresh
2012/08/13 21:30:24 +0200	GR-PC	GR	MESSAGE	Scheduled update executed successfully:  database updated from version v2012.08.12.01 to version v2012.08.13.06
2012/08/13 21:30:24 +0200	GR-PC	GR	MESSAGE	Stopping IP protection
2012/08/13 21:34:44 +0200	GR-PC	GR	MESSAGE	IP Protection stopped
2012/08/13 21:34:47 +0200	GR-PC	GR	MESSAGE	Database refreshed successfully
2012/08/13 21:34:47 +0200	GR-PC	GR	MESSAGE	Starting IP protection
2012/08/13 21:34:50 +0200	GR-PC	GR	MESSAGE	IP Protection started successfully

Code:

ATTFilter

2012/08/14 18:24:58 +0200	GR-PC	GR	MESSAGE	Starting protection
2012/08/14 18:25:01 +0200	GR-PC	GR	MESSAGE	Protection started successfully
2012/08/14 18:25:04 +0200	GR-PC	GR	MESSAGE	Starting IP protection
2012/08/14 18:25:07 +0200	GR-PC	GR	MESSAGE	IP Protection started successfully

Ok. Das wars. Danke für die Unterstützung.

Rocket

cosinus · 14.08.2012, 18:04

adwCleaner - Toolbars und ungewollte Start-/Suchseiten aufspüren

Downloade Dir bitte AdwCleaner auf deinen Desktop.

Starte die adwcleaner.exe mit einem Doppelklick.
Klicke auf Search.
Nach Ende des Suchlaufs öffnet sich eine Textdatei.
Poste mir den Inhalt mit deiner nächsten Antwort.
Die Logdatei findest du auch unter C:\AdwCleaner[R1].txt.

rocket112 · 14.08.2012, 20:41

Ok!

Code:

ATTFilter

# AdwCleaner v1.801 - Logfile created 08/14/2012 at 21:40:36
# Updated 14/08/2012 by Xplode
# Operating system : Windows 7 Home Premium Service Pack 1 (64 bits)
# User : GR - GR-PC
# Boot Mode : Normal
# Running from : C:\Users\GR\Downloads\adwcleaner.exe
# Option [Search]


***** [Services] *****


***** [Files / Folders] *****


***** [Registry] *****

Key Found : HKLM\SOFTWARE\Microsoft\Active Setup\Installed Components\{03F998B2-0E00-11D3-A498-00104B6EB52E}
Key Found : HKLM\SOFTWARE\Microsoft\Active Setup\Installed Components\{1B00725B-C455-4DE6-BFB6-AD540AD427CD}
Key Found : HKLM\SOFTWARE\Viewpoint

***** [Registre - GUID] *****


***** [Internet Browsers] *****

-\\ Internet Explorer v8.0.7601.17514

[OK] Registry is clean.

-\\ Mozilla Firefox v14.0.1 (de)

Profile name : default 
File : C:\Users\GR\AppData\Roaming\Mozilla\Firefox\Profiles\wdaz1coy.default\prefs.js

Found : user_pref("aol_toolbar.surf.date", "22");
Found : user_pref("aol_toolbar.surf.lastDate", "14");
Found : user_pref("aol_toolbar.surf.lastMonth", "7");
Found : user_pref("aol_toolbar.surf.lastYear", "2012");
Found : user_pref("aol_toolbar.surf.month", "897");
Found : user_pref("aol_toolbar.surf.prevMonth", "926");
Found : user_pref("aol_toolbar.surf.total", "7760");
Found : user_pref("aol_toolbar.surf.week", "82");
Found : user_pref("aol_toolbar.surf.year", "7637");

*************************

AdwCleaner[R1].txt - [1438 octets] - [14/08/2012 21:40:36]

########## EOF - C:\AdwCleaner[R1].txt - [1566 octets] ##########

cosinus · 15.08.2012, 13:40

adwCleaner - Toolbars und ungewollte Start-/Suchseiten entfernen

Schließe alle offenen Programme und Browser.
Starte die adwcleaner.exe mit einem Doppelklick.
Klicke auf Delete.
Bestätige jeweils mit Ok.
Dein Rechner wird neu gestartet. Nach dem Neustart öffnet sich eine Textdatei.
Poste mir den Inhalt mit deiner nächsten Antwort.
Die Logdatei findest du auch unter C:\AdwCleaner[S1].txt.

rocket112 · 15.08.2012, 16:55

Bitte:

Code:

ATTFilter

# AdwCleaner v1.801 - Logfile created 08/15/2012 at 17:50:09
# Updated 14/08/2012 by Xplode
# Operating system : Windows 7 Home Premium Service Pack 1 (64 bits)
# User : GR - GR-PC
# Boot Mode : Normal
# Running from : C:\Users\GR\Downloads\adwcleaner(1).exe
# Option [Delete]


***** [Services] *****


***** [Files / Folders] *****


***** [Registry] *****

Key Deleted : HKLM\SOFTWARE\Microsoft\Active Setup\Installed Components\{03F998B2-0E00-11D3-A498-00104B6EB52E}
Key Deleted : HKLM\SOFTWARE\Microsoft\Active Setup\Installed Components\{1B00725B-C455-4DE6-BFB6-AD540AD427CD}
Key Deleted : HKLM\SOFTWARE\Viewpoint

***** [Registre - GUID] *****


***** [Internet Browsers] *****

-\\ Internet Explorer v8.0.7601.17514

[OK] Registry is clean.

-\\ Mozilla Firefox v14.0.1 (de)

Profile name : default 
File : C:\Users\GR\AppData\Roaming\Mozilla\Firefox\Profiles\wdaz1coy.default\prefs.js

C:\Users\GR\AppData\Roaming\Mozilla\Firefox\Profiles\wdaz1coy.default\user.js ... Deleted !

Deleted : user_pref("aol_toolbar.surf.date", "8");
Deleted : user_pref("aol_toolbar.surf.lastDate", "15");
Deleted : user_pref("aol_toolbar.surf.lastMonth", "7");
Deleted : user_pref("aol_toolbar.surf.lastYear", "2012");
Deleted : user_pref("aol_toolbar.surf.month", "931");
Deleted : user_pref("aol_toolbar.surf.prevMonth", "926");
Deleted : user_pref("aol_toolbar.surf.total", "7795");
Deleted : user_pref("aol_toolbar.surf.week", "116");
Deleted : user_pref("aol_toolbar.surf.year", "7671");

*************************

AdwCleaner[R1].txt - [1567 octets] - [14/08/2012 21:40:36]
AdwCleaner[S1].txt - [1620 octets] - [15/08/2012 17:50:09]

########## EOF - C:\AdwCleaner[S1].txt - [1748 octets] ##########

cosinus · 15.08.2012, 20:42

Hätte da mal zwei Fragen bevor es weiter geht

1.) Geht der normale Modus von Windows (wieder) uneingeschränkt?
2.) Vermisst du irgendwas im Startmenü? Sind da leere Ordner unter alle Programme oder ist alles vorhanden?

rocket112 · 16.08.2012, 18:26

Hi,

1) alles ok, wie immer,
2) alle Ordner komplett.

cosinus · 17.08.2012, 19:15

Mach bitte ein neues OTL-Log. Bitte alles nach Möglichkeit hier in CODE-Tags posten.

Wird so gemacht:

[code] hier steht das Log [/code]

Und das ganze sieht dann so aus:

Code:

ATTFilter

 hier steht das Log

CustomScan mit OTL

Lade Dir bitte OTL von Oldtimer herunter und speichere es auf Deinem Desktop. Falls schon vorhanden, bitte die ältere vorhandene Datei durch die neu heruntergeladene Datei ersetzen, damit du auch wirklich mit einer aktuellen Version von OTL arbeitest.

Starte bitte die OTL.exe.
Vista und Win7 User mit Rechtsklick "als Administrator starten"
Setze oben mittig den Haken bei Scanne alle Benutzer
Kopiere nun den kompletten Inhalt aus der untenstehenden Codebox in die Textbox von OTL - wenn OTL auf deutsch ist wird sie mit beschriftet

Code:

ATTFilter

netsvcs
msconfig
safebootminimal
safebootnetwork
activex
drivers32
%ALLUSERSPROFILE%\Application Data\*.
%ALLUSERSPROFILE%\Application Data\*.exe /s
%APPDATA%\*.
%APPDATA%\*.exe /s
%SYSTEMDRIVE%\*.exe
/md5start
wininit.exe
userinit.exe
eventlog.dll
scecli.dll
netlogon.dll
cngaudit.dll
ws2ifsl.sys
sceclt.dll
ntelogon.dll
winlogon.exe
logevent.dll
user32.DLL
iaStor.sys
nvstor.sys
atapi.sys
IdeChnDr.sys
viasraid.sys
AGP440.sys
vaxscsi.sys
nvatabus.sys
viamraid.sys
nvata.sys
nvgts.sys
iastorv.sys
ViPrt.sys
eNetHook.dll
ahcix86.sys
KR10N.sys
nvstor32.sys
ahcix86s.sys
/md5stop
%systemroot%\system32\drivers\*.sys /lockedfiles
%systemroot%\System32\config\*.sav
%systemroot%\*. /mp /s
%systemroot%\system32\*.dll /lockedfiles
CREATERESTOREPOINT

Schliesse bitte nun alle Programme. (Wichtig)
Klicke nun bitte auf den Quick Scan Button.
Klick auf .
Kopiere nun den Inhalt aus OTL.txt hier in Deinen Thread

rocket112 · 17.08.2012, 21:30

Code:

ATTFilter

OTL logfile created on: 8/17/2012 10:06:03 PM - Run 1
OTL by OldTimer - Version 3.2.57.0     Folder = C:\Users\GR\Downloads
64bit- Home Premium Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 8.0.7601.17514)
Locale: 00000409 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
 
4.00 Gb Total Physical Memory | 2.58 Gb Available Physical Memory | 64.41% Memory free
8.00 Gb Paging File | 6.42 Gb Available in Paging File | 80.33% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 116.44 Gb Total Space | 74.15 Gb Free Space | 63.68% Space Free | Partition Type: NTFS
Drive D: | 334.67 Gb Total Space | 290.53 Gb Free Space | 86.81% Space Free | Partition Type: NTFS
 
Computer Name: GR-PC | User Name: GR | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users | Quick Scan | Include 64bit Scans
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days
 
========== Processes (SafeList) ==========
 
PRC - [2012/08/17 22:04:03 | 000,596,992 | ---- | M] (OldTimer Tools) -- C:\Users\GR\Downloads\OTL.exe
PRC - [2012/08/08 19:50:04 | 000,348,664 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe
PRC - [2012/07/27 22:51:26 | 000,063,960 | ---- | M] (Adobe Systems Incorporated) -- C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
PRC - [2012/07/03 13:46:44 | 000,655,944 | ---- | M] (Malwarebytes Corporation) -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe
PRC - [2012/07/03 13:46:44 | 000,462,920 | ---- | M] (Malwarebytes Corporation) -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe
PRC - [2012/05/09 17:37:46 | 000,110,032 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe
PRC - [2012/05/09 17:37:46 | 000,086,224 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe
PRC - [2011/10/21 16:23:42 | 000,196,176 | ---- | M] (Microsoft Corporation.) -- C:\Program Files (x86)\Microsoft\BingBar\BBSvc.EXE
PRC - [2011/10/13 18:21:52 | 000,249,648 | ---- | M] (Microsoft Corporation) -- C:\Program Files (x86)\Microsoft\BingBar\SeaPort.EXE
PRC - [2010/03/02 20:52:00 | 000,140,640 | ---- | M] (CANON INC.) -- C:\Program Files (x86)\Canon\Canon IJ Network Scan Utility\CNMNSUT.exe
PRC - [2009/11/14 15:05:24 | 003,058,304 | ---- | M] (ASUS) -- C:\Windows\AsScrPro.exe
PRC - [2009/10/09 20:27:44 | 006,937,216 | ---- | M] (ASUS) -- C:\Program Files (x86)\ASUS\ATKOSD2\ATKOSD2.exe
PRC - [2009/09/25 19:24:36 | 000,174,720 | ---- | M] (ASUS) -- C:\Program Files (x86)\ASUS\ATK Hotkey\HControl.exe
PRC - [2009/09/24 23:50:02 | 000,053,888 | ---- | M] () -- C:\Program Files (x86)\ASUS\ControlDeck\ControlDeckStartUp.exe
PRC - [2009/09/16 03:34:34 | 001,593,344 | ---- | M] () -- C:\Program Files (x86)\ASUS\Wireless Console 3\wcourier.exe
PRC - [2009/08/20 06:31:48 | 000,170,624 | ---- | M] (ASUS) -- C:\Program Files (x86)\ASUS\ATK Media\DMedia.exe
PRC - [2009/06/24 22:30:18 | 000,272,952 | ---- | M] (ASUSTek Computer Inc.) -- C:\Program Files (x86)\ASUS\ASUS Data Security Manager\ADSMTray.exe
PRC - [2009/06/19 20:29:42 | 000,105,016 | ---- | M] (ASUS) -- C:\Program Files (x86)\ASUS\ATK Hotkey\HControlUser.exe
PRC - [2009/06/19 20:29:26 | 002,488,888 | ---- | M] (ASUS) -- C:\Program Files (x86)\ASUS\ATK Hotkey\ATKOSD.exe
PRC - [2009/06/16 03:30:42 | 000,084,536 | ---- | M] (ASUS) -- C:\Program Files (x86)\ASUS\ATK Hotkey\ASLDRSrv.exe
PRC - [2009/05/19 01:58:38 | 000,305,720 | ---- | M] (ASUS) -- C:\Program Files (x86)\ASUS\SmartLogon\sensorsrv.exe
PRC - [2009/04/28 06:41:58 | 000,087,336 | ---- | M] (CyberLink Corp.) -- C:\Program Files (x86)\CyberLink\PowerDVD9\PDVD9Serv.exe
PRC - [2008/12/23 03:15:34 | 000,174,648 | ---- | M] (ASUS) -- C:\Program Files (x86)\ASUS\ATK Hotkey\WDC.exe
PRC - [2008/08/14 07:00:08 | 000,113,208 | ---- | M] (ASUS) -- C:\Program Files (x86)\ASUS\ATK Hotkey\KBFiltr.exe
PRC - [2008/07/19 05:52:16 | 000,104,936 | ---- | M] (CyberLink) -- C:\Program Files (x86)\CyberLink\Power2Go\CLMLSvc.exe
PRC - [2008/03/31 12:55:48 | 000,225,280 | ---- | M] (ASUSTek Computer Inc.) -- C:\Program Files (x86)\ASUS\ASUS Data Security Manager\ADSMSrv.exe
PRC - [2007/08/08 10:08:40 | 000,094,208 | ---- | M] () -- C:\Program Files\ATKGFNEX\GFNEXSrv.exe
 
 
========== Modules (No Company Name) ==========
 
MOD - [2009/09/24 23:50:02 | 000,053,888 | ---- | M] () -- C:\Program Files (x86)\ASUS\ControlDeck\ControlDeckStartUp.exe
MOD - [2009/09/16 03:34:34 | 001,593,344 | ---- | M] () -- C:\Program Files (x86)\ASUS\Wireless Console 3\wcourier.exe
MOD - [2008/08/28 02:32:36 | 000,619,816 | ---- | M] () -- C:\Program Files (x86)\CyberLink\Power2Go\CLMediaLibrary.dll
MOD - [2008/06/09 19:55:08 | 000,013,096 | ---- | M] () -- C:\Program Files (x86)\CyberLink\Power2Go\CLMLSvcPS.dll
 
 
========== Win32 Services (SafeList) ==========
 
SRV:64bit: - [2009/09/17 21:36:34 | 000,359,552 | ---- | M] (ASUSTeK Computer Inc.) [Auto | Running] -- C:\Windows\SysNative\FBAgent.exe -- (AFBAgent)
SRV:64bit: - [2009/07/14 03:41:27 | 001,011,712 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Program Files\Windows Defender\mpsvc.dll -- (WinDefend)
SRV:64bit: - [2007/08/08 10:08:40 | 000,094,208 | ---- | M] () [Auto | Running] -- C:\Program Files\ATKGFNEX\GFNEXSrv.exe -- (ATKGFNEXSrv)
SRV - [2012/08/15 19:50:05 | 000,250,056 | ---- | M] (Adobe Systems Incorporated) [On_Demand | Stopped] -- C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe -- (AdobeFlashPlayerUpdateSvc)
SRV - [2012/07/27 22:51:26 | 000,063,960 | ---- | M] (Adobe Systems Incorporated) [Auto | Running] -- C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe -- (AdobeARMservice)
SRV - [2012/07/24 20:27:04 | 000,113,120 | ---- | M] (Mozilla Foundation) [On_Demand | Stopped] -- C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe -- (MozillaMaintenance)
SRV - [2012/07/03 13:46:44 | 000,655,944 | ---- | M] (Malwarebytes Corporation) [Auto | Running] -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe -- (MBAMService)
SRV - [2012/05/09 17:37:46 | 000,110,032 | ---- | M] (Avira Operations GmbH & Co. KG) [Auto | Running] -- C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe -- (AntiVirService)
SRV - [2012/05/09 17:37:46 | 000,086,224 | ---- | M] (Avira Operations GmbH & Co. KG) [Auto | Running] -- C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe -- (AntiVirSchedulerService)
SRV - [2011/10/21 16:23:42 | 000,196,176 | ---- | M] (Microsoft Corporation.) [Auto | Running] -- C:\Program Files (x86)\Microsoft\BingBar\BBSvc.EXE -- (BBSvc)
SRV - [2011/10/13 18:21:52 | 000,249,648 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files (x86)\Microsoft\BingBar\SeaPort.EXE -- (BBUpdate)
SRV - [2010/03/18 13:16:28 | 000,130,384 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe -- (clr_optimization_v4.0.30319_32)
SRV - [2009/09/15 03:03:42 | 000,044,312 | ---- | M] () [Auto | Running] -- C:\Program Files (x86)\Asus\Game Park\GameConsole\OberonGameConsoleService.exe -- (OberonGameConsoleService)
SRV - [2009/06/16 03:30:42 | 000,084,536 | ---- | M] (ASUS) [Auto | Running] -- C:\Program Files (x86)\ASUS\ATK Hotkey\ASLDRSrv.exe -- (ASLDRService)
SRV - [2009/06/10 23:23:09 | 000,066,384 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe -- (clr_optimization_v2.0.50727_32)
SRV - [2008/03/31 12:55:48 | 000,225,280 | ---- | M] (ASUSTek Computer Inc.) [On_Demand | Running] -- C:\Program Files (x86)\ASUS\ASUS Data Security Manager\ADSMSrv.exe -- (ADSMService)
 
 
========== Driver Services (SafeList) ==========
 
DRV:64bit: - [2012/07/03 13:46:44 | 000,024,904 | ---- | M] (Malwarebytes Corporation) [File_System | On_Demand | Running] -- C:\Windows\SysNative\drivers\mbam.sys -- (MBAMProtector)
DRV:64bit: - [2012/05/09 17:37:47 | 000,132,832 | ---- | M] (Avira GmbH) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\avipbb.sys -- (avipbb)
DRV:64bit: - [2012/05/09 17:37:47 | 000,098,848 | ---- | M] (Avira GmbH) [File_System | Auto | Running] -- C:\Windows\SysNative\drivers\avgntflt.sys -- (avgntflt)
DRV:64bit: - [2012/03/01 08:46:16 | 000,023,408 | ---- | M] (Microsoft Corporation) [Recognizer | Boot | Unknown] -- C:\Windows\SysNative\drivers\fs_rec.sys -- (Fs_Rec)
DRV:64bit: - [2011/12/09 13:40:20 | 000,027,760 | ---- | M] (Avira GmbH) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\avkmgr.sys -- (avkmgr)
DRV:64bit: - [2010/11/20 15:33:35 | 000,078,720 | ---- | M] (Hewlett-Packard Company) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\HpSAMD.sys -- (HpSAMD)
DRV:64bit: - [2010/11/20 15:32:47 | 000,027,008 | ---- | M] (Advanced Micro Devices) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\amdxata.sys -- (amdxata)
DRV:64bit: - [2010/11/20 15:32:46 | 000,107,904 | ---- | M] (Advanced Micro Devices) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsata.sys -- (amdsata)
DRV:64bit: - [2010/11/20 13:07:05 | 000,059,392 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\TsUsbFlt.sys -- (TsUsbFlt)
DRV:64bit: - [2009/11/14 15:05:33 | 000,035,384 | ---- | M] (ASUSTek Computer Inc) [File_System | Boot | Running] -- C:\Windows\SysNative\drivers\AsDsm.sys -- (AsDsm)
DRV:64bit: - [2009/10/05 03:33:59 | 001,542,656 | ---- | M] (Atheros Communications, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\athrx.sys -- (athr)
DRV:64bit: - [2009/09/04 07:39:07 | 000,062,464 | ---- | M] (Atheros Communications, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\L1C62x64.sys -- (L1C)
DRV:64bit: - [2009/08/21 08:48:17 | 000,044,032 | ---- | M] (Alcor Micro, Corp.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\AmUStor.sys -- (AmUStor)
DRV:64bit: - [2009/08/06 23:24:13 | 000,408,600 | ---- | M] (Intel Corporation) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\iaStor.sys -- (iaStor)
DRV:64bit: - [2009/07/20 11:29:39 | 000,015,416 | ---- | M] ( ) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\kbfiltr.sys -- (kbfiltr)
DRV:64bit: - [2009/07/14 03:52:20 | 000,194,128 | ---- | M] (AMD Technologies Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsbs.sys -- (amdsbs)
DRV:64bit: - [2009/07/14 03:48:04 | 000,065,600 | ---- | M] (LSI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\lsi_sas2.sys -- (LSI_SAS2)
DRV:64bit: - [2009/07/14 03:45:55 | 000,024,656 | ---- | M] (Promise Technology) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\stexstor.sys -- (stexstor)
DRV:64bit: - [2009/07/09 05:11:41 | 000,140,800 | ---- | M] (ELAN Microelectronic Corp.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\ETD.sys -- (ETD)
DRV:64bit: - [2009/06/26 22:25:09 | 000,083,488 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\nvhda64v.sys -- (NVHDA)
DRV:64bit: - [2009/06/18 22:18:10 | 000,015,928 | ---- | M] (Windows (R) Win 7 DDK provider) [File_System | Boot | Running] -- C:\Windows\SysNative\drivers\lullaby.sys -- (lullaby)
DRV:64bit: - [2009/06/10 22:35:57 | 000,056,832 | ---- | M] (Silicon Integrated Systems Corp.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\SiSG664.sys -- (SiSGbeLH)
DRV:64bit: - [2009/06/10 22:34:33 | 003,286,016 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\evbda.sys -- (ebdrv)
DRV:64bit: - [2009/06/10 22:34:28 | 000,468,480 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\bxvbda.sys -- (b06bdrv)
DRV:64bit: - [2009/06/10 22:34:23 | 000,270,848 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\b57nd60a.sys -- (b57nd60a)
DRV:64bit: - [2009/06/10 22:31:59 | 000,031,232 | ---- | M] (Hauppauge Computer Works, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\hcw85cir.sys -- (hcw85cir)
DRV:64bit: - [2009/06/05 12:15:55 | 001,806,400 | ---- | M] () [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\snp2uvc.sys -- (SNP2UVC)
DRV:64bit: - [2009/05/13 03:07:19 | 000,015,928 | ---- | M] (ASUS) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\ATK64AMD.sys -- (MTsensor)
DRV:64bit: - [2008/05/24 03:27:28 | 000,154,168 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\WimFltr.sys -- (WimFltr)
DRV:64bit: - [2007/07/24 21:11:32 | 000,014,904 | ---- | M] () [Kernel | Auto | Running] -- C:\Program Files\ATKGFNEX\ASMMAP64.sys -- (ASMMAP64)
DRV:64bit: - [2006/11/30 00:24:49 | 000,024,064 | ---- | M] (America Online, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\wanatw64.sys -- (wanatw)
DRV - [2009/07/14 03:19:10 | 000,019,008 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Stopped] -- C:\Windows\SysWOW64\drivers\wimmount.sys -- (WIMMount)
 
 
========== Standard Registry (SafeList) ==========
 
 
========== Internet Explorer ==========
 
IE:64bit: - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE:64bit: - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&FORM=IE8SRC
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
IE - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&FORM=IE8SRC
 
 
IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
 
IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
 
 
 
IE - HKU\S-1-5-21-3145086955-3171580623-383447730-1001\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://asus.msn.com
IE - HKU\S-1-5-21-3145086955-3171580623-383447730-1001\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://asus.msn.com
IE - HKU\S-1-5-21-3145086955-3171580623-383447730-1001\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE - HKU\S-1-5-21-3145086955-3171580623-383447730-1001\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&src=IE-SearchBox&FORM=IE8SRC
IE - HKU\S-1-5-21-3145086955-3171580623-383447730-1001\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
 
========== FireFox ==========
 
FF - prefs.js..browser.search.useDBForOrder: true
FF - prefs.js..browser.startup.homepage: "hxxp://www.az-web.de/sixcms/detail.php?template=az_home"
FF - user.js - File not found
 
FF:64bit: - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF64_11_3_300_271.dll File not found
FF:64bit: - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: C:\Program Files\Microsoft Silverlight\5.1.10411.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_3_300_271.dll ()
FF - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=1.6.0_32: C:\Windows\SysWOW64\npdeployJava1.dll (Sun Microsystems, Inc.)
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files (x86)\Java\jre6\bin\plugin2\npjp2.dll (Sun Microsystems, Inc.)
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: C:\Program Files (x86)\Microsoft Silverlight\5.1.10411.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeLive,version=1.5: C:\Program Files (x86)\Microsoft\Office Live\npOLW.dll (Microsoft Corp.)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3502.0922: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll File not found
FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files (x86)\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
 
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 14.0.1\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components [2012/07/24 20:27:04 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 14.0.1\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins [2012/08/17 18:10:00 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Thunderbird 14.0\extensions\\Components: C:\Program Files (x86)\Mozilla Thunderbird\components [2012/07/08 13:27:10 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Thunderbird 14.0\extensions\\Plugins: C:\Program Files (x86)\Mozilla Thunderbird\plugins
FF - HKEY_CURRENT_USER\software\mozilla\Mozilla Firefox 14.0.1\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components [2012/07/24 20:27:04 | 000,000,000 | ---D | M]
FF - HKEY_CURRENT_USER\software\mozilla\Mozilla Firefox 14.0.1\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins [2012/08/17 18:10:00 | 000,000,000 | ---D | M]
 
[2011/12/11 16:51:35 | 000,000,000 | ---D | M] (No name found) -- C:\Users\GR\AppData\Roaming\mozilla\Extensions
[2012/05/03 19:05:44 | 000,000,000 | ---D | M] (No name found) -- C:\Users\GR\AppData\Roaming\mozilla\Firefox\Profiles\wdaz1coy.default\extensions
[2012/03/09 21:40:40 | 000,000,000 | ---D | M] (AOL Deutschland Toolbar) -- C:\Users\GR\AppData\Roaming\mozilla\Firefox\Profiles\wdaz1coy.default\extensions\{43196362-5378-448b-8944-f097fa65e932}
[2012/03/10 15:47:44 | 000,000,000 | ---D | M] (No name found) -- C:\Users\GR\AppData\Roaming\mozilla\SeaMonkey\Profiles\b9q2smqt.default\extensions
[2012/03/09 21:41:06 | 000,002,058 | ---- | M] () -- C:\Users\GR\AppData\Roaming\Mozilla\Firefox\Profiles\wdaz1coy.default\searchplugins\aol-suche.xml
[2012/05/05 20:06:45 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files (x86)\mozilla firefox\extensions
[2012/07/24 20:27:04 | 000,136,672 | ---- | M] (Mozilla Foundation) -- C:\Program Files (x86)\mozilla firefox\components\browsercomps.dll
[2012/06/18 19:35:34 | 000,001,392 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\amazondotcom-de.xml
[2012/06/18 19:35:34 | 000,002,252 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\bing.xml
[2012/06/18 19:35:34 | 000,001,153 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\eBay-de.xml
[2012/06/18 19:35:34 | 000,006,805 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\leo_ende_de.xml
[2012/06/18 19:35:34 | 000,001,178 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\wikipedia-de.xml
[2012/06/18 19:35:34 | 000,001,105 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\yahoo-de.xml
 
O1 HOSTS File: ([2009/06/10 23:00:26 | 000,000,824 | ---- | M]) - C:\Windows\SysNative\drivers\etc\hosts
O2 - BHO: (Java(tm) Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre6\bin\ssv.dll (Sun Microsystems, Inc.)
O2 - BHO: (Bing Bar Helper) - {d2ce3e00-f94a-4740-988e-03dc2f38c34f} - C:\Program Files (x86)\Microsoft\BingBar\BingExt.dll (Microsoft Corporation.)
O3:64bit: - HKLM\..\Toolbar: (no name) - Locked - No CLSID value found.
O3 - HKLM\..\Toolbar: (Bing Bar) - {8dcb7100-df86-4384-8842-8fa844297b3f} - C:\Program Files (x86)\Microsoft\BingBar\BingExt.dll (Microsoft Corporation.)
O3 - HKLM\..\Toolbar: (no name) - Locked - No CLSID value found.
O4:64bit: - HKLM..\Run: [AmIcoSinglun64] C:\Program Files (x86)\AmIcoSingLun\AmIcoSinglun64.exe (AlcorMicro Co., Ltd.)
O4:64bit: - HKLM..\Run: [CanonMyPrinter] C:\Program Files\Canon\MyPrinter\BJMyPrt.exe (CANON INC.)
O4:64bit: - HKLM..\Run: [ETDWare] C:\Program Files\Elantech\ETDCtrl.exe (ELAN Microelectronic Corp.)
O4:64bit: - HKLM..\Run: [NvCplDaemon] C:\Windows\SysNative\NvCpl.dll (NVIDIA Corporation)
O4 - HKLM..\Run: [ATKMEDIA] C:\Program Files (x86)\ASUS\ATK Media\DMedia.exe (ASUS)
O4 - HKLM..\Run: [ATKOSD2] C:\Program Files (x86)\ASUS\ATKOSD2\ATKOSD2.exe (ASUS)
O4 - HKLM..\Run: [avgnt] C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe (Avira Operations GmbH & Co. KG)
O4 - HKLM..\Run: [HControlUser] C:\Program Files (x86)\ASUS\ATK Hotkey\HControlUser.exe (ASUS)
O4 - HKLM..\Run: [IJNetworkScanUtility] C:\Program Files (x86)\Canon\Canon IJ Network Scan Utility\CNMNSUT.exe (CANON INC.)
O4 - HKLM..\Run: [Malwarebytes' Anti-Malware] C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe (Malwarebytes Corporation)
O4 - HKLM..\Run: [MDS_Menu] C:\Program Files (x86)\Cyberlink\MediaShowEspresso\MUITransfer\MUIStartMenu.exe (CyberLink Corp.)
O4 - HKLM..\Run: [RemoteControl9] C:\Program Files (x86)\Cyberlink\PowerDVD9\PDVD9Serv.exe (CyberLink Corp.)
O4 - HKLM..\Run: [UpdateP2GoShortCut] C:\Program Files (x86)\CyberLink\Power2Go\MUITransfer\MUIStartMenu.exe (CyberLink Corp.)
O4 - HKLM..\Run: [UpdatePDRShortCut] C:\Program Files (x86)\Cyberlink\PowerDirector\MUITransfer\MUIStartMenu.exe (CyberLink Corp.)
O4 - HKU\S-1-5-19..\Run: [Sidebar] C:\Program Files (x86)\Windows Sidebar\Sidebar.exe (Microsoft Corporation)
O4 - HKU\S-1-5-20..\Run: [Sidebar] C:\Program Files (x86)\Windows Sidebar\Sidebar.exe (Microsoft Corporation)
O4 - HKU\S-1-5-19..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe File not found
O4 - HKU\S-1-5-20..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe File not found
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktop = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktopChanges = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
O8:64bit: - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~2\MICROS~1\Office12\EXCEL.EXE/3000 File not found
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~2\MICROS~1\Office12\EXCEL.EXE/3000 File not found
O9 - Extra Button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~2\MICROS~1\Office12\REFIEBAR.DLL (Microsoft Corporation)
O1364bit: - gopher Prefix: missing
O13 - gopher Prefix: missing
O15 - HKU\S-1-5-21-3145086955-3171580623-383447730-1001\..Trusted Domains: aol.com ([objects] * is out of zone range -  5)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_32-windows-i586.cab (Java Plug-in 1.6.0_32)
O16 - DPF: {CAFEEFAC-0016-0000-0032-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_32-windows-i586.cab (Java Plug-in 1.6.0_32)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_32-windows-i586.cab (Java Plug-in 1.6.0_32)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.2.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{9B591C05-10F1-46FC-A35E-48ED1944BE94}: DhcpNameServer = 192.168.2.1
O18:64bit: - Protocol\Handler\ms-help - No CLSID value found
O18:64bit: - Protocol\Filter\text/xml {807563E5-5146-11D5-A672-00B0D022E945} - C:\PROGRA~1\COMMON~1\MICROS~1\OFFICE12\MSOXMLMF.DLL (Microsoft Corporation)
O18 - Protocol\Filter\text/xml {807563E5-5146-11D5-A672-00B0D022E945} - C:\PROGRA~2\COMMON~1\MICROS~1\OFFICE12\MSOXMLMF.DLL (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysNative\userinit.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: VMApplet - (/pagefile) -  File not found
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\SysWow64\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (userinit.exe) - C:\Windows\SysWow64\userinit.exe (Microsoft Corporation)
O20 - HKLM Winlogon: VMApplet - (/pagefile) -  File not found
O21:64bit: - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O32 - HKLM CDRom: AutoRun - 1
O33 - MountPoints2\{6f00c460-4d02-11e1-a2bd-90e6baf2921a}\Shell - "" = AutoRun
O33 - MountPoints2\{6f00c460-4d02-11e1-a2bd-90e6baf2921a}\Shell\AutoRun\command - "" = F:\LaunchU3.exe -a
O34 - HKLM BootExecute: (autocheck autochk *)
O35:64bit: - HKLM\..comfile [open] -- "%1" %*
O35:64bit: - HKLM\..exefile [open] -- "%1" %*
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37:64bit: - HKLM\...com [@ = comfile] -- "%1" %*
O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)
O38 - SubSystems\\Windows: (ServerDll=sxssrv,4)
 
 
MsConfig:64bit - StartUpReg: Adobe Reader Speed Launcher - hkey= - key= -  File not found
MsConfig:64bit - StartUpReg: ADSMTray - hkey= - key= - C:\Program Files (x86)\ASUS\ASUS Data Security Manager\ADSMTray.exe (ASUSTek Computer Inc.)
MsConfig:64bit - StartUpReg: ASUS Screen Saver Protector - hkey= - key= - C:\Windows\AsScrPro.exe (ASUS)
MsConfig:64bit - StartUpReg: CLMLServer - hkey= - key= - C:\Program Files (x86)\CyberLink\Power2Go\CLMLSvc.exe (CyberLink)
MsConfig:64bit - StartUpReg: EeeStorageBackup - hkey= - key= - C:\Program Files (x86)\ASUS\Asus WebStorage\BackupService.exe (ECAREME)
MsConfig:64bit - StartUpReg: PDVD9LanguageShortcut - hkey= - key= - C:\Program Files (x86)\Cyberlink\PowerDVD9\Language\Language.exe (CyberLink Corp.)
MsConfig:64bit - StartUpReg: RtHDVCpl - hkey= - key= - C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe (Realtek Semiconductor)
MsConfig:64bit - StartUpReg: SunJavaUpdateSched - hkey= - key= -  File not found
MsConfig:64bit - StartUpReg: UpdateLBPShortCut - hkey= - key= - C:\Program Files (x86)\CyberLink\LabelPrint\MUITransfer\MUIStartMenu.exe (CyberLink Corp.)
MsConfig:64bit - StartUpReg: UpdatePSTShortCut - hkey= - key= - C:\Program Files (x86)\Cyberlink\DVD Suite\MUITransfer\MUIStartMenu.exe (CyberLink Corp.)
 
SafeBootMin:64bit: AppMgmt - Service
SafeBootMin:64bit: Base - Driver Group
SafeBootMin:64bit: Boot Bus Extender - Driver Group
SafeBootMin:64bit: Boot file system - Driver Group
SafeBootMin:64bit: File system - Driver Group
SafeBootMin:64bit: Filter - Driver Group
SafeBootMin:64bit: HelpSvc - Service
SafeBootMin:64bit: PCI Configuration - Driver Group
SafeBootMin:64bit: PNP Filter - Driver Group
SafeBootMin:64bit: Primary disk - Driver Group
SafeBootMin:64bit: sacsvr - Service
SafeBootMin:64bit: SCSI Class - Driver Group
SafeBootMin:64bit: System Bus Extender - Driver Group
SafeBootMin:64bit: vmms - Service
SafeBootMin:64bit: WinDefend - C:\Program Files\Windows Defender\mpsvc.dll (Microsoft Corporation)
SafeBootMin:64bit: {36FC9E60-C465-11CF-8056-444553540000} - Universal Serial Bus controllers
SafeBootMin:64bit: {4D36E965-E325-11CE-BFC1-08002BE10318} - CD-ROM Drive
SafeBootMin:64bit: {4D36E967-E325-11CE-BFC1-08002BE10318} - DiskDrive
SafeBootMin:64bit: {4D36E969-E325-11CE-BFC1-08002BE10318} - Standard floppy disk controller
SafeBootMin:64bit: {4D36E96A-E325-11CE-BFC1-08002BE10318} - Hdc
SafeBootMin:64bit: {4D36E96B-E325-11CE-BFC1-08002BE10318} - Keyboard
SafeBootMin:64bit: {4D36E96F-E325-11CE-BFC1-08002BE10318} - Mouse
SafeBootMin:64bit: {4D36E977-E325-11CE-BFC1-08002BE10318} - PCMCIA Adapters
SafeBootMin:64bit: {4D36E97B-E325-11CE-BFC1-08002BE10318} - SCSIAdapter
SafeBootMin:64bit: {4D36E97D-E325-11CE-BFC1-08002BE10318} - System
SafeBootMin:64bit: {4D36E980-E325-11CE-BFC1-08002BE10318} - Floppy disk drive
SafeBootMin:64bit: {533C5B84-EC70-11D2-9505-00C04F79DEAF} - Volume shadow copy
SafeBootMin:64bit: {6BDD1FC1-810F-11D0-BEC7-08002BE2092F} - IEEE 1394 Bus host controllers
SafeBootMin:64bit: {71A27CDD-812A-11D0-BEC7-08002BE2092F} - Volume
SafeBootMin:64bit: {745A17A0-74D3-11D0-B6FE-00A0C90F57DA} - Human Interface Devices
SafeBootMin:64bit: {D48179BE-EC20-11D1-B6B8-00C04FA372A7} - SBP2 IEEE 1394 Devices
SafeBootMin:64bit: {D94EE5D8-D189-4994-83D2-F68D7D41B0E6} - SecurityDevices
SafeBootMin: AppMgmt - Service
SafeBootMin: Base - Driver Group
SafeBootMin: Boot Bus Extender - Driver Group
SafeBootMin: Boot file system - Driver Group
SafeBootMin: File system - Driver Group
SafeBootMin: Filter - Driver Group
SafeBootMin: HelpSvc - Service
SafeBootMin: PCI Configuration - Driver Group
SafeBootMin: PNP Filter - Driver Group
SafeBootMin: Primary disk - Driver Group
SafeBootMin: sacsvr - Service
SafeBootMin: SCSI Class - Driver Group
SafeBootMin: System Bus Extender - Driver Group
SafeBootMin: vmms - Service
SafeBootMin: {36FC9E60-C465-11CF-8056-444553540000} - Universal Serial Bus controllers
SafeBootMin: {4D36E965-E325-11CE-BFC1-08002BE10318} - CD-ROM Drive
SafeBootMin: {4D36E967-E325-11CE-BFC1-08002BE10318} - DiskDrive
SafeBootMin: {4D36E969-E325-11CE-BFC1-08002BE10318} - Standard floppy disk controller
SafeBootMin: {4D36E96A-E325-11CE-BFC1-08002BE10318} - Hdc
SafeBootMin: {4D36E96B-E325-11CE-BFC1-08002BE10318} - Keyboard
SafeBootMin: {4D36E96F-E325-11CE-BFC1-08002BE10318} - Mouse
SafeBootMin: {4D36E977-E325-11CE-BFC1-08002BE10318} - PCMCIA Adapters
SafeBootMin: {4D36E97B-E325-11CE-BFC1-08002BE10318} - SCSIAdapter
SafeBootMin: {4D36E97D-E325-11CE-BFC1-08002BE10318} - System
SafeBootMin: {4D36E980-E325-11CE-BFC1-08002BE10318} - Floppy disk drive
SafeBootMin: {533C5B84-EC70-11D2-9505-00C04F79DEAF} - Volume shadow copy
SafeBootMin: {6BDD1FC1-810F-11D0-BEC7-08002BE2092F} - IEEE 1394 Bus host controllers
SafeBootMin: {71A27CDD-812A-11D0-BEC7-08002BE2092F} - Volume
SafeBootMin: {745A17A0-74D3-11D0-B6FE-00A0C90F57DA} - Human Interface Devices
SafeBootMin: {D48179BE-EC20-11D1-B6B8-00C04FA372A7} - SBP2 IEEE 1394 Devices
SafeBootMin: {D94EE5D8-D189-4994-83D2-F68D7D41B0E6} - SecurityDevices
 
SafeBootNet:64bit: AppMgmt - Service
SafeBootNet:64bit: Base - Driver Group
SafeBootNet:64bit: Boot Bus Extender - Driver Group
SafeBootNet:64bit: Boot file system - Driver Group
SafeBootNet:64bit: File system - Driver Group
SafeBootNet:64bit: Filter - Driver Group
SafeBootNet:64bit: HelpSvc - Service
SafeBootNet:64bit: Messenger - Service
SafeBootNet:64bit: NDIS Wrapper - Driver Group
SafeBootNet:64bit: NetBIOSGroup - Driver Group
SafeBootNet:64bit: NetDDEGroup - Driver Group
SafeBootNet:64bit: Network - Driver Group
SafeBootNet:64bit: NetworkProvider - Driver Group
SafeBootNet:64bit: PCI Configuration - Driver Group
SafeBootNet:64bit: PNP Filter - Driver Group
SafeBootNet:64bit: PNP_TDI - Driver Group
SafeBootNet:64bit: Primary disk - Driver Group
SafeBootNet:64bit: rdsessmgr - Service
SafeBootNet:64bit: sacsvr - Service
SafeBootNet:64bit: SCSI Class - Driver Group
SafeBootNet:64bit: Streams Drivers - Driver Group
SafeBootNet:64bit: System Bus Extender - Driver Group
SafeBootNet:64bit: TDI - Driver Group
SafeBootNet:64bit: vmms - Service
SafeBootNet:64bit: WinDefend - C:\Program Files\Windows Defender\mpsvc.dll (Microsoft Corporation)
SafeBootNet:64bit: WudfUsbccidDriver - Driver
SafeBootNet:64bit: {36FC9E60-C465-11CF-8056-444553540000} - Universal Serial Bus controllers
SafeBootNet:64bit: {4D36E965-E325-11CE-BFC1-08002BE10318} - CD-ROM Drive
SafeBootNet:64bit: {4D36E967-E325-11CE-BFC1-08002BE10318} - DiskDrive
SafeBootNet:64bit: {4D36E969-E325-11CE-BFC1-08002BE10318} - Standard floppy disk controller
SafeBootNet:64bit: {4D36E96A-E325-11CE-BFC1-08002BE10318} - Hdc
SafeBootNet:64bit: {4D36E96B-E325-11CE-BFC1-08002BE10318} - Keyboard
SafeBootNet:64bit: {4D36E96F-E325-11CE-BFC1-08002BE10318} - Mouse
SafeBootNet:64bit: {4D36E972-E325-11CE-BFC1-08002BE10318} - Net
SafeBootNet:64bit: {4D36E973-E325-11CE-BFC1-08002BE10318} - NetClient
SafeBootNet:64bit: {4D36E974-E325-11CE-BFC1-08002BE10318} - NetService
SafeBootNet:64bit: {4D36E975-E325-11CE-BFC1-08002BE10318} - NetTrans
SafeBootNet:64bit: {4D36E977-E325-11CE-BFC1-08002BE10318} - PCMCIA Adapters
SafeBootNet:64bit: {4D36E97B-E325-11CE-BFC1-08002BE10318} - SCSIAdapter
SafeBootNet:64bit: {4D36E97D-E325-11CE-BFC1-08002BE10318} - System
SafeBootNet:64bit: {4D36E980-E325-11CE-BFC1-08002BE10318} - Floppy disk drive
SafeBootNet:64bit: {50DD5230-BA8A-11D1-BF5D-0000F805F530} - Smart card readers
SafeBootNet:64bit: {533C5B84-EC70-11D2-9505-00C04F79DEAF} - Volume shadow copy
SafeBootNet:64bit: {6BDD1FC1-810F-11D0-BEC7-08002BE2092F} - IEEE 1394 Bus host controllers
SafeBootNet:64bit: {71A27CDD-812A-11D0-BEC7-08002BE2092F} - Volume
SafeBootNet:64bit: {745A17A0-74D3-11D0-B6FE-00A0C90F57DA} - Human Interface Devices
SafeBootNet:64bit: {D48179BE-EC20-11D1-B6B8-00C04FA372A7} - SBP2 IEEE 1394 Devices
SafeBootNet:64bit: {D94EE5D8-D189-4994-83D2-F68D7D41B0E6} - SecurityDevices
SafeBootNet: AppMgmt - Service
SafeBootNet: Base - Driver Group
SafeBootNet: Boot Bus Extender - Driver Group
SafeBootNet: Boot file system - Driver Group
SafeBootNet: File system - Driver Group
SafeBootNet: Filter - Driver Group
SafeBootNet: HelpSvc - Service
SafeBootNet: Messenger - Service
SafeBootNet: NDIS Wrapper - Driver Group
SafeBootNet: NetBIOSGroup - Driver Group
SafeBootNet: NetDDEGroup - Driver Group
SafeBootNet: Network - Driver Group
SafeBootNet: NetworkProvider - Driver Group
SafeBootNet: PCI Configuration - Driver Group
SafeBootNet: PNP Filter - Driver Group
SafeBootNet: PNP_TDI - Driver Group
SafeBootNet: Primary disk - Driver Group
SafeBootNet: rdsessmgr - Service
SafeBootNet: sacsvr - Service
SafeBootNet: SCSI Class - Driver Group
SafeBootNet: Streams Drivers - Driver Group
SafeBootNet: System Bus Extender - Driver Group
SafeBootNet: TDI - Driver Group
SafeBootNet: vmms - Service
SafeBootNet: WudfUsbccidDriver - Driver
SafeBootNet: {36FC9E60-C465-11CF-8056-444553540000} - Universal Serial Bus controllers
SafeBootNet: {4D36E965-E325-11CE-BFC1-08002BE10318} - CD-ROM Drive
SafeBootNet: {4D36E967-E325-11CE-BFC1-08002BE10318} - DiskDrive
SafeBootNet: {4D36E969-E325-11CE-BFC1-08002BE10318} - Standard floppy disk controller
SafeBootNet: {4D36E96A-E325-11CE-BFC1-08002BE10318} - Hdc
SafeBootNet: {4D36E96B-E325-11CE-BFC1-08002BE10318} - Keyboard
SafeBootNet: {4D36E96F-E325-11CE-BFC1-08002BE10318} - Mouse
SafeBootNet: {4D36E972-E325-11CE-BFC1-08002BE10318} - Net
SafeBootNet: {4D36E973-E325-11CE-BFC1-08002BE10318} - NetClient
SafeBootNet: {4D36E974-E325-11CE-BFC1-08002BE10318} - NetService
SafeBootNet: {4D36E975-E325-11CE-BFC1-08002BE10318} - NetTrans
SafeBootNet: {4D36E977-E325-11CE-BFC1-08002BE10318} - PCMCIA Adapters
SafeBootNet: {4D36E97B-E325-11CE-BFC1-08002BE10318} - SCSIAdapter
SafeBootNet: {4D36E97D-E325-11CE-BFC1-08002BE10318} - System
SafeBootNet: {4D36E980-E325-11CE-BFC1-08002BE10318} - Floppy disk drive
SafeBootNet: {50DD5230-BA8A-11D1-BF5D-0000F805F530} - Smart card readers
SafeBootNet: {533C5B84-EC70-11D2-9505-00C04F79DEAF} - Volume shadow copy
SafeBootNet: {6BDD1FC1-810F-11D0-BEC7-08002BE2092F} - IEEE 1394 Bus host controllers
SafeBootNet: {71A27CDD-812A-11D0-BEC7-08002BE2092F} - Volume
SafeBootNet: {745A17A0-74D3-11D0-B6FE-00A0C90F57DA} - Human Interface Devices
SafeBootNet: {D48179BE-EC20-11D1-B6B8-00C04FA372A7} - SBP2 IEEE 1394 Devices
SafeBootNet: {D94EE5D8-D189-4994-83D2-F68D7D41B0E6} - SecurityDevices
 
ActiveX:64bit: {22d6f312-b0f6-11d0-94ab-0080c74c7e95} - Microsoft Windows Media Player 12.0
ActiveX:64bit: {2C7339CF-2B09-4501-B3F3-F3508C9228ED} - %SystemRoot%\system32\regsvr32.exe /s /n /i:/UserInstall %SystemRoot%\system32\themeui.dll
ActiveX:64bit: {3af36230-a269-11d1-b5bf-0000f8051515} - Offline Browsing Pack
ActiveX:64bit: {44BBA840-CC51-11CF-AAFA-00AA00B6015C} - "%ProgramFiles%\Windows Mail\WinMail.exe" OCInstallUserConfigOE
ActiveX:64bit: {44BBA855-CC51-11CF-AAFA-00AA00B6015F} - DirectDrawEx
ActiveX:64bit: {45ea75a0-a269-11d1-b5bf-0000f8051515} - Internet Explorer Help
ActiveX:64bit: {4f645220-306d-11d2-995d-00c04f98bbc9} - Microsoft Windows Script 5.6
ActiveX:64bit: {5fd399c0-a70a-11d1-9948-00c04f98bbc9} - Internet Explorer Setup Tools
ActiveX:64bit: {630b1da0-b465-11d1-9948-00c04f98bbc9} - Browsing Enhancements
ActiveX:64bit: {6BF52A52-394A-11d3-B153-00C04F79FAA6} - Microsoft Windows Media Player
ActiveX:64bit: {6fab99d0-bab8-11d1-994a-00c04f98bbc9} - MSN Site Access
ActiveX:64bit: {7790769C-0471-11d2-AF11-00C04FA35D02} - Address Book 7
ActiveX:64bit: {89820200-ECBD-11cf-8B85-00AA005B4340} - regsvr32.exe /s /n /i:U shell32.dll
ActiveX:64bit: {89820200-ECBD-11cf-8B85-00AA005B4383} - C:\Windows\System32\ie4uinit.exe -BaseSettings
ActiveX:64bit: {89B4C1CD-B018-4511-B0A1-5476DBF70820} - C:\Windows\system32\Rundll32.exe C:\Windows\system32\mscories.dll,Install
ActiveX:64bit: {9381D8F2-0288-11D0-9501-00AA00B911A5} - Dynamic HTML Data Binding
ActiveX:64bit: {C9E9A340-D1F1-11D0-821E-444553540600} - Internet Explorer Core Fonts
ActiveX:64bit: {de5aed00-a4bf-11d1-9948-00c04f98bbc9} - HTML Help
ActiveX:64bit: {E92B03AB-B707-11d2-9CBD-0000F87A369E} - Active Directory Service Interface
ActiveX:64bit: {F5B09CFD-F0B2-36AF-8DF4-1DF6B63FC7B4} - .NET Framework
ActiveX:64bit: {FEBEF00C-046D-438D-8A88-BF94A6C9E703} - .NET Framework
ActiveX:64bit: >{22d6f312-b0f6-11d0-94ab-0080c74c7e95} - %SystemRoot%\system32\unregmp2.exe /ShowWMP
ActiveX:64bit: >{26923b43-4d38-484f-9b9e-de460746276c} - C:\Windows\System32\ie4uinit.exe -UserIconConfig
ActiveX:64bit: >{60B49E34-C7CC-11D0-8953-00A0C90347FF} - "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\iedkcs32.dll",BrandIEActiveSetup SIGNUP
ActiveX: {08B0E5C0-4FCB-11CF-AAA5-00401C608500} - Java (Sun)
ActiveX: {22d6f312-b0f6-11d0-94ab-0080c74c7e95} - Microsoft Windows Media Player 12.0
ActiveX: {25FFAAD0-F4A3-4164-95FF-4461E9F35D51} - .NET Framework
ActiveX: {2C7339CF-2B09-4501-B3F3-F3508C9228ED} - %SystemRoot%\system32\regsvr32.exe /s /n /i:/UserInstall %SystemRoot%\system32\themeui.dll
ActiveX: {3af36230-a269-11d1-b5bf-0000f8051515} - Offline Browsing Pack
ActiveX: {44BBA840-CC51-11CF-AAFA-00AA00B6015C} - "%ProgramFiles(x86)%\Windows Mail\WinMail.exe" OCInstallUserConfigOE
ActiveX: {44BBA855-CC51-11CF-AAFA-00AA00B6015F} - DirectDrawEx
ActiveX: {45ea75a0-a269-11d1-b5bf-0000f8051515} - Internet Explorer Help
ActiveX: {4f645220-306d-11d2-995d-00c04f98bbc9} - Microsoft Windows Script 5.6
ActiveX: {5fd399c0-a70a-11d1-9948-00c04f98bbc9} - Internet Explorer Setup Tools
ActiveX: {630b1da0-b465-11d1-9948-00c04f98bbc9} - Browsing Enhancements
ActiveX: {6BF52A52-394A-11d3-B153-00C04F79FAA6} - Microsoft Windows Media Player
ActiveX: {6fab99d0-bab8-11d1-994a-00c04f98bbc9} - MSN Site Access
ActiveX: {7790769C-0471-11d2-AF11-00C04FA35D02} - Address Book 7
ActiveX: {7C028AF8-F614-47B3-82DA-BA94E41B1089} - .NET Framework
ActiveX: {89820200-ECBD-11cf-8B85-00AA005B4340} - regsvr32.exe /s /n /i:U shell32.dll
ActiveX: {89820200-ECBD-11cf-8B85-00AA005B4383} - C:\Windows\SysWOW64\ie4uinit.exe -BaseSettings
ActiveX: {89B4C1CD-B018-4511-B0A1-5476DBF70820} - C:\Windows\SysWOW64\Rundll32.exe C:\Windows\SysWOW64\mscories.dll,Install
ActiveX: {9381D8F2-0288-11D0-9501-00AA00B911A5} - Dynamic HTML Data Binding
ActiveX: {C9E9A340-D1F1-11D0-821E-444553540600} - Internet Explorer Core Fonts
ActiveX: {D27CDB6E-AE6D-11CF-96B8-444553540000} - Adobe Flash Player
ActiveX: {de5aed00-a4bf-11d1-9948-00c04f98bbc9} - HTML Help
ActiveX: {E92B03AB-B707-11d2-9CBD-0000F87A369E} - Active Directory Service Interface
ActiveX: {F5B09CFD-F0B2-36AF-8DF4-1DF6B63FC7B4} - .NET Framework
ActiveX: >{22d6f312-b0f6-11d0-94ab-0080c74c7e95} - %SystemRoot%\system32\unregmp2.exe /ShowWMP
ActiveX: >{26923b43-4d38-484f-9b9e-de460746276c} - C:\Windows\SysWOW64\ie4uinit.exe -UserIconConfig
ActiveX: >{60B49E34-C7CC-11D0-8953-00A0C90347FF} - "C:\Windows\SysWOW64\rundll32.exe" "C:\Windows\SysWOW64\iedkcs32.dll",BrandIEActiveSetup SIGNUP
 
Drivers32:64bit: msacm.l3acm - C:\Windows\System32\l3codeca.acm (Fraunhofer Institut Integrierte Schaltungen IIS)
Drivers32: msacm.l3acm - C:\Windows\SysWOW64\l3codeca.acm (Fraunhofer Institut Integrierte Schaltungen IIS)
Drivers32: vidc.cvid - C:\Windows\SysWow64\iccvid.dll (Radius Inc.)
 
CREATERESTOREPOINT
Restore point Set: OTL Restore Point
 
========== Files/Folders - Created Within 30 Days ==========
 
[2012/08/17 18:09:47 | 000,000,000 | -HSD | C] -- C:\Config.Msi
[2012/08/10 16:41:21 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes' Anti-Malware
[2012/08/10 16:41:20 | 000,024,904 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\SysNative\drivers\mbam.sys
[2012/08/10 16:41:20 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Malwarebytes' Anti-Malware
[2012/08/08 21:08:47 | 000,000,000 | ---D | C] -- C:\Users\GR\AppData\Roaming\Malwarebytes
[2012/08/08 21:08:32 | 000,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes
[2012/08/08 19:51:30 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Avira
[2008/08/12 07:45:20 | 000,155,648 | ---- | C] (ASUS) -- C:\Program Files (x86)\Common Files\MSIactionall.dll
 
========== Files - Modified Within 30 Days ==========
 
[2012/08/17 22:07:02 | 000,010,016 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
[2012/08/17 22:07:02 | 000,010,016 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
[2012/08/17 21:59:30 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2012/08/17 21:59:20 | 3220,623,360 | -HS- | M] () -- C:\hiberfil.sys
[2012/08/16 22:31:45 | 000,000,884 | ---- | M] () -- C:\Windows\tasks\Adobe Flash Player Updater.job
[2012/08/16 19:23:35 | 000,563,904 | ---- | M] () -- C:\Windows\SysNative\FNTCACHE.DAT
[2012/08/10 16:41:21 | 000,001,111 | ---- | M] () -- C:\Users\Public\Desktop\ Malwarebytes Anti-Malware .lnk
[2012/08/09 18:37:25 | 000,001,357 | ---- | M] () -- C:\Windows\SysNative\ServiceFilter.ini
[2012/08/09 18:37:24 | 000,002,012 | ---- | M] () -- C:\Windows\SysNative\AutoRunFilter.ini
[2012/08/08 19:51:30 | 000,002,068 | ---- | M] () -- C:\Users\Public\Desktop\Avira Control Center.lnk
[2012/07/26 13:28:15 | 001,612,484 | ---- | M] () -- C:\Windows\SysNative\PerfStringBackup.INI
[2012/07/26 13:28:15 | 000,696,870 | ---- | M] () -- C:\Windows\SysNative\perfh007.dat
[2012/07/26 13:28:15 | 000,652,148 | ---- | M] () -- C:\Windows\SysNative\perfh009.dat
[2012/07/26 13:28:15 | 000,148,134 | ---- | M] () -- C:\Windows\SysNative\perfc007.dat
[2012/07/26 13:28:15 | 000,121,080 | ---- | M] () -- C:\Windows\SysNative\perfc009.dat
[2012/07/20 18:29:22 | 000,038,473 | ---- | M] () -- C:\Users\GR\Desktop\Heizung.ods
 
========== Files Created - No Company Name ==========
 
[2012/08/16 19:22:50 | 000,563,904 | ---- | C] () -- C:\Windows\SysNative\FNTCACHE.DAT
[2012/08/10 16:41:21 | 000,001,111 | ---- | C] () -- C:\Users\Public\Desktop\ Malwarebytes Anti-Malware .lnk
[2012/08/08 21:08:18 | 000,023,552 | ---- | C] () -- C:\Users\GR\AppData\Local\{e6c151e9-5d36-b062-be16-911dc8c390e6}\U\800000cb.@
[2012/08/08 21:08:18 | 000,016,896 | ---- | C] () -- C:\Users\GR\AppData\Local\{e6c151e9-5d36-b062-be16-911dc8c390e6}\U\80000000.@
[2012/08/08 20:46:57 | 000,001,712 | ---- | C] () -- C:\Users\GR\AppData\Local\{e6c151e9-5d36-b062-be16-911dc8c390e6}\U\00000001.@
[2012/05/30 15:06:27 | 001,589,650 | ---- | C] () -- C:\Windows\SysWow64\PerfStringBackup.INI
[2012/03/04 15:27:43 | 000,000,002 | ---- | C] () -- C:\Windows\msoffice.ini
[2012/03/04 14:31:51 | 000,000,335 | ---- | C] () -- C:\Windows\nsreg.dat
[2012/01/11 20:40:42 | 000,002,048 | -HS- | C] () -- C:\Users\GR\AppData\Local\{e6c151e9-5d36-b062-be16-911dc8c390e6}\@
[2009/11/14 14:48:03 | 000,131,368 | ---- | C] () -- C:\ProgramData\FullRemove.exe
[2009/04/08 20:31:56 | 000,106,496 | ---- | C] () -- C:\Program Files (x86)\Common Files\CPInstallAction.dll
[2008/05/22 18:35:54 | 000,051,962 | ---- | C] () -- C:\Program Files (x86)\Common Files\banner.jpg
 
========== LOP Check ==========
 
[2011/12/11 14:42:19 | 000,000,000 | ---D | M] -- C:\Users\GR\AppData\Roaming\Asus WebStorage
[2012/03/03 20:43:31 | 000,000,000 | ---D | M] -- C:\Users\GR\AppData\Roaming\Canon
[2012/03/31 16:19:53 | 000,000,000 | ---D | M] -- C:\Users\GR\AppData\Roaming\DVDVideoSoft
[2012/02/12 20:46:40 | 000,000,000 | ---D | M] -- C:\Users\GR\AppData\Roaming\elsterformular
[2011/12/11 17:28:15 | 000,000,000 | ---D | M] -- C:\Users\GR\AppData\Roaming\OpenOffice.org
[2011/12/11 16:53:01 | 000,000,000 | ---D | M] -- C:\Users\GR\AppData\Roaming\Thunderbird
[2012/05/18 19:43:56 | 000,000,000 | ---D | M] -- C:\Users\GR\AppData\Roaming\wargaming.net
[2012/03/09 21:21:23 | 000,000,000 | ---D | M] -- C:\Users\GR\AppData\Roaming\Windows Live Writer
[2012/06/28 07:27:34 | 000,032,632 | ---- | M] () -- C:\Windows\Tasks\SCHEDLGU.TXT
 
========== Purity Check ==========
 
 
 
========== Custom Scans ==========
 
< %ALLUSERSPROFILE%\Application Data\*. >
 
< %ALLUSERSPROFILE%\Application Data\*.exe /s >
 
< %APPDATA%\*. >
[2012/02/05 18:26:22 | 000,000,000 | ---D | M] -- C:\Users\GR\AppData\Roaming\Adobe
[2012/03/04 15:27:44 | 000,000,000 | ---D | M] -- C:\Users\GR\AppData\Roaming\AOL
[2011/12/11 14:42:19 | 000,000,000 | ---D | M] -- C:\Users\GR\AppData\Roaming\Asus WebStorage
[2011/12/11 17:10:15 | 000,000,000 | ---D | M] -- C:\Users\GR\AppData\Roaming\Avira
[2012/03/03 20:43:31 | 000,000,000 | ---D | M] -- C:\Users\GR\AppData\Roaming\Canon
[2012/05/30 15:34:53 | 000,000,000 | ---D | M] -- C:\Users\GR\AppData\Roaming\Corel
[2012/03/31 16:19:53 | 000,000,000 | ---D | M] -- C:\Users\GR\AppData\Roaming\DVDVideoSoft
[2012/02/12 20:46:40 | 000,000,000 | ---D | M] -- C:\Users\GR\AppData\Roaming\elsterformular
[2011/12/11 14:41:28 | 000,000,000 | ---D | M] -- C:\Users\GR\AppData\Roaming\Identities
[2011/12/25 13:12:20 | 000,000,000 | ---D | M] -- C:\Users\GR\AppData\Roaming\InstallShield
[2011/12/11 16:03:20 | 000,000,000 | ---D | M] -- C:\Users\GR\AppData\Roaming\Macromedia
[2012/08/08 21:08:47 | 000,000,000 | ---D | M] -- C:\Users\GR\AppData\Roaming\Malwarebytes
[2009/07/14 09:44:38 | 000,000,000 | ---D | M] -- C:\Users\GR\AppData\Roaming\Media Center Programs
[2012/08/05 16:57:42 | 000,000,000 | --SD | M] -- C:\Users\GR\AppData\Roaming\Microsoft
[2012/03/10 15:47:34 | 000,000,000 | ---D | M] -- C:\Users\GR\AppData\Roaming\Mozilla
[2011/12/11 17:28:15 | 000,000,000 | ---D | M] -- C:\Users\GR\AppData\Roaming\OpenOffice.org
[2011/12/11 16:53:01 | 000,000,000 | ---D | M] -- C:\Users\GR\AppData\Roaming\Thunderbird
[2012/05/18 19:43:56 | 000,000,000 | ---D | M] -- C:\Users\GR\AppData\Roaming\wargaming.net
[2012/03/09 21:21:23 | 000,000,000 | ---D | M] -- C:\Users\GR\AppData\Roaming\Windows Live Writer
 
< %APPDATA%\*.exe /s >
[2012/05/05 15:41:06 | 005,480,584 | ---- | M] (Landesfinanzdirektion Thueringen) -- C:\Users\GR\AppData\Roaming\elsterformular\pluginmanager\tmp\update_est_09_8086_8623.exe
[2012/05/05 15:41:24 | 006,388,152 | ---- | M] (Landesfinanzdirektion Thueringen) -- C:\Users\GR\AppData\Roaming\elsterformular\pluginmanager\tmp\update_est_10_8086_8623.exe
[2012/05/05 15:41:43 | 007,634,320 | ---- | M] (Landesfinanzdirektion Thueringen) -- C:\Users\GR\AppData\Roaming\elsterformular\pluginmanager\tmp\update_est_11_8086_8623.exe
[2012/05/05 15:40:40 | 007,941,880 | ---- | M] (Landesfinanzdirektion Thueringen) -- C:\Users\GR\AppData\Roaming\elsterformular\pluginmanager\tmp\update_pica_0_8086_8623.exe
 
< %SYSTEMDRIVE%\*.exe >
 
< MD5 for: AGP440.SYS  >
[2009/07/14 03:52:21 | 000,061,008 | ---- | M] (Microsoft Corporation) MD5=608C14DBA7299D8CB6ED035A68A15799 -- C:\Windows\SysNative\drivers\AGP440.sys
[2009/07/14 03:52:21 | 000,061,008 | ---- | M] (Microsoft Corporation) MD5=608C14DBA7299D8CB6ED035A68A15799 -- C:\Windows\SysNative\DriverStore\FileRepository\machine.inf_amd64_neutral_a2f120466549d68b\AGP440.sys
[2009/07/14 03:52:21 | 000,061,008 | ---- | M] (Microsoft Corporation) MD5=608C14DBA7299D8CB6ED035A68A15799 -- C:\Windows\winsxs\amd64_machine.inf_31bf3856ad364e35_6.1.7600.16385_none_1607dee2d861e021\AGP440.sys
[2009/07/14 03:52:21 | 000,061,008 | ---- | M] (Microsoft Corporation) MD5=608C14DBA7299D8CB6ED035A68A15799 -- C:\Windows\winsxs\amd64_machine.inf_31bf3856ad364e35_6.1.7601.17514_none_1838f2aad55063bb\AGP440.sys
 
< MD5 for: ATAPI.SYS  >
[2009/07/14 03:52:21 | 000,024,128 | ---- | M] (Microsoft Corporation) MD5=02062C0B390B7729EDC9E69C680A6F3C -- C:\Windows\SysNative\drivers\atapi.sys
[2009/07/14 03:52:21 | 000,024,128 | ---- | M] (Microsoft Corporation) MD5=02062C0B390B7729EDC9E69C680A6F3C -- C:\Windows\SysNative\DriverStore\FileRepository\mshdc.inf_amd64_neutral_aad30bdeec04ea5e\atapi.sys
[2009/07/14 03:52:21 | 000,024,128 | ---- | M] (Microsoft Corporation) MD5=02062C0B390B7729EDC9E69C680A6F3C -- C:\Windows\winsxs\amd64_mshdc.inf_31bf3856ad364e35_6.1.7600.16385_none_392d19c13b3ad543\atapi.sys
[2009/07/14 03:52:21 | 000,024,128 | ---- | M] (Microsoft Corporation) MD5=02062C0B390B7729EDC9E69C680A6F3C -- C:\Windows\winsxs\amd64_mshdc.inf_31bf3856ad364e35_6.1.7601.17514_none_3b5e2d89382958dd\atapi.sys
 
< MD5 for: CNGAUDIT.DLL  >
[2009/07/14 03:15:06 | 000,012,288 | ---- | M] (Microsoft Corporation) MD5=50BA656134F78AF64E4DD3C8B6FEFD7E -- C:\Windows\SysWOW64\cngaudit.dll
[2009/07/14 03:15:06 | 000,012,288 | ---- | M] (Microsoft Corporation) MD5=50BA656134F78AF64E4DD3C8B6FEFD7E -- C:\Windows\winsxs\x86_microsoft-windows-cngaudit-dll_31bf3856ad364e35_6.1.7600.16385_none_e83a414890e8132b\cngaudit.dll
[2009/07/14 03:40:20 | 000,018,944 | ---- | M] (Microsoft Corporation) MD5=86FE1B1F8FD42CD0DB641AB1CDB13093 -- C:\Windows\SysNative\cngaudit.dll
[2009/07/14 03:40:20 | 000,018,944 | ---- | M] (Microsoft Corporation) MD5=86FE1B1F8FD42CD0DB641AB1CDB13093 -- C:\Windows\winsxs\amd64_microsoft-windows-cngaudit-dll_31bf3856ad364e35_6.1.7600.16385_none_4458dccc49458461\cngaudit.dll
 
< MD5 for: EVENTLOG.DLL  >
[2007/05/18 07:34:04 | 000,007,216 | ---- | M] () MD5=C2A279A458A06DE2C83D842AA042B5A8 -- C:\Program Files (x86)\CyberLink\PowerDirector\EventLog.dll
 
< MD5 for: IASTOR.SYS  >
[2009/08/06 23:24:13 | 000,408,600 | ---- | M] (Intel Corporation) MD5=BBB3B6DF1ABB0FE35802EDE85CC1C011 -- C:\Windows\SysNative\drivers\iaStor.sys
[2009/08/06 23:24:13 | 000,408,600 | ---- | M] (Intel Corporation) MD5=BBB3B6DF1ABB0FE35802EDE85CC1C011 -- C:\Windows\SysNative\DriverStore\FileRepository\iaahci.inf_amd64_neutral_4fa22a1c88c09097\iaStor.sys
 
< MD5 for: IASTORV.SYS  >
[2010/11/20 15:33:38 | 000,410,496 | ---- | M] (Intel Corporation) MD5=3DF4395A7CF8B7A72A5F4606366B8C2D -- C:\Windows\SysNative\drivers\iaStorV.sys
[2010/11/20 15:33:38 | 000,410,496 | ---- | M] (Intel Corporation) MD5=3DF4395A7CF8B7A72A5F4606366B8C2D -- C:\Windows\SysNative\DriverStore\FileRepository\iastorv.inf_amd64_neutral_668286aa35d55928\iaStorV.sys
[2010/11/20 15:33:38 | 000,410,496 | ---- | M] (Intel Corporation) MD5=3DF4395A7CF8B7A72A5F4606366B8C2D -- C:\Windows\winsxs\amd64_iastorv.inf_31bf3856ad364e35_6.1.7601.17514_none_0d3757e79e6784d0\iaStorV.sys
[2009/07/14 03:48:04 | 000,410,688 | ---- | M] (Intel Corporation) MD5=D83EFB6FD45DF9D55E9A1AFC63640D50 -- C:\Windows\winsxs\amd64_iastorv.inf_31bf3856ad364e35_6.1.7600.16385_none_0b06441fa1790136\iaStorV.sys
 
< MD5 for: NETLOGON.DLL  >
[2009/07/14 03:41:52 | 000,692,736 | ---- | M] (Microsoft Corporation) MD5=956D030D375F207B22FB111E06EF9C35 -- C:\Windows\winsxs\amd64_microsoft-windows-security-netlogon_31bf3856ad364e35_6.1.7600.16385_none_59aca8ea51aaeefe\netlogon.dll
[2010/11/20 15:27:22 | 000,695,808 | ---- | M] (Microsoft Corporation) MD5=AA339DD8BB128EF66660DFBBB59043D3 -- C:\Windows\SysNative\netlogon.dll
[2010/11/20 15:27:22 | 000,695,808 | ---- | M] (Microsoft Corporation) MD5=AA339DD8BB128EF66660DFBBB59043D3 -- C:\Windows\winsxs\amd64_microsoft-windows-security-netlogon_31bf3856ad364e35_6.1.7601.17514_none_5bddbcb24e997298\netlogon.dll
[2010/11/20 14:20:28 | 000,563,712 | ---- | M] (Microsoft Corporation) MD5=C1809B9907ADEDAF16F50C894100883B -- C:\Windows\SysWOW64\netlogon.dll
[2010/11/20 14:20:28 | 000,563,712 | ---- | M] (Microsoft Corporation) MD5=C1809B9907ADEDAF16F50C894100883B -- C:\Windows\winsxs\wow64_microsoft-windows-security-netlogon_31bf3856ad364e35_6.1.7601.17514_none_6632670482fa3493\netlogon.dll
[2009/07/14 03:16:02 | 000,563,712 | ---- | M] (Microsoft Corporation) MD5=EAA75D9000B71F10EEC04D2AE6C60E81 -- C:\Windows\winsxs\wow64_microsoft-windows-security-netlogon_31bf3856ad364e35_6.1.7600.16385_none_6401533c860bb0f9\netlogon.dll
 
< MD5 for: NVSTOR.SYS  >
[2009/07/14 03:45:45 | 000,167,488 | ---- | M] (NVIDIA Corporation) MD5=477DC4D6DEB99BE37084C9AC6D013DA1 -- C:\Windows\winsxs\amd64_nvraid.inf_31bf3856ad364e35_6.1.7600.16385_none_95cfb4ced8afab0e\nvstor.sys
[2010/11/20 15:33:48 | 000,166,272 | ---- | M] (NVIDIA Corporation) MD5=F7CD50FE7139F07E77DA8AC8033D1832 -- C:\Windows\SysNative\drivers\nvstor.sys
[2010/11/20 15:33:48 | 000,166,272 | ---- | M] (NVIDIA Corporation) MD5=F7CD50FE7139F07E77DA8AC8033D1832 -- C:\Windows\SysNative\DriverStore\FileRepository\nvraid.inf_amd64_neutral_dd659ed032d28a14\nvstor.sys
[2010/11/20 15:33:48 | 000,166,272 | ---- | M] (NVIDIA Corporation) MD5=F7CD50FE7139F07E77DA8AC8033D1832 -- C:\Windows\winsxs\amd64_nvraid.inf_31bf3856ad364e35_6.1.7601.17514_none_9800c896d59e2ea8\nvstor.sys
 
< MD5 for: SCECLI.DLL  >
[2009/07/14 03:16:13 | 000,175,616 | ---- | M] (Microsoft Corporation) MD5=26073302DAEA83CC5B944C546D6B47D2 -- C:\Windows\winsxs\wow64_microsoft-windows-s..urationengineclient_31bf3856ad364e35_6.1.7600.16385_none_9e577e55272d37b4\scecli.dll
[2009/07/14 03:41:53 | 000,232,448 | ---- | M] (Microsoft Corporation) MD5=398712DDDAEFB85EDF61DF6A07B65C79 -- C:\Windows\winsxs\amd64_microsoft-windows-s..urationengineclient_31bf3856ad364e35_6.1.7600.16385_none_9402d402f2cc75b9\scecli.dll
[2010/11/20 14:21:04 | 000,175,616 | ---- | M] (Microsoft Corporation) MD5=8124944EC89D6A1815E4E53F5B96AAF4 -- C:\Windows\SysWOW64\scecli.dll
[2010/11/20 14:21:04 | 000,175,616 | ---- | M] (Microsoft Corporation) MD5=8124944EC89D6A1815E4E53F5B96AAF4 -- C:\Windows\winsxs\wow64_microsoft-windows-s..urationengineclient_31bf3856ad364e35_6.1.7601.17514_none_a088921d241bbb4e\scecli.dll
[2010/11/20 15:27:25 | 000,232,960 | ---- | M] (Microsoft Corporation) MD5=ED78427259134C63ED69804D2132B86C -- C:\Windows\SysNative\scecli.dll
[2010/11/20 15:27:25 | 000,232,960 | ---- | M] (Microsoft Corporation) MD5=ED78427259134C63ED69804D2132B86C -- C:\Windows\winsxs\amd64_microsoft-windows-s..urationengineclient_31bf3856ad364e35_6.1.7601.17514_none_9633e7caefbaf953\scecli.dll
 
< MD5 for: USER32.DLL  >
[2010/11/20 14:08:57 | 000,833,024 | ---- | M] (Microsoft Corporation) MD5=5E0DB2D8B2750543CD2EBB9EA8E6CDD3 -- C:\Windows\SysWOW64\user32.dll
[2010/11/20 14:08:57 | 000,833,024 | ---- | M] (Microsoft Corporation) MD5=5E0DB2D8B2750543CD2EBB9EA8E6CDD3 -- C:\Windows\winsxs\wow64_microsoft-windows-user32_31bf3856ad364e35_6.1.7601.17514_none_35b31c02b85ccb6e\user32.dll
[2009/07/14 03:41:56 | 001,008,640 | ---- | M] (Microsoft Corporation) MD5=72D7B3EA16946E8F0CF7458150031CC6 -- C:\Windows\winsxs\amd64_microsoft-windows-user32_31bf3856ad364e35_6.1.7600.16385_none_292d5de8870d85d9\user32.dll
[2009/07/14 03:11:24 | 000,833,024 | ---- | M] (Microsoft Corporation) MD5=E8B0FFC209E504CB7E79FC24E6C085F0 -- C:\Windows\winsxs\wow64_microsoft-windows-user32_31bf3856ad364e35_6.1.7600.16385_none_3382083abb6e47d4\user32.dll
[2010/11/20 15:27:27 | 001,008,128 | ---- | M] (Microsoft Corporation) MD5=FE70103391A64039A921DBFFF9C7AB1B -- C:\Windows\SysNative\user32.dll
[2010/11/20 15:27:27 | 001,008,128 | ---- | M] (Microsoft Corporation) MD5=FE70103391A64039A921DBFFF9C7AB1B -- C:\Windows\winsxs\amd64_microsoft-windows-user32_31bf3856ad364e35_6.1.7601.17514_none_2b5e71b083fc0973\user32.dll
 
< MD5 for: USERINIT.EXE  >
[2010/11/20 14:17:48 | 000,026,624 | ---- | M] (Microsoft Corporation) MD5=61AC3EFDFACFDD3F0F11DD4FD4044223 -- C:\Windows\SysWOW64\userinit.exe
[2010/11/20 14:17:48 | 000,026,624 | ---- | M] (Microsoft Corporation) MD5=61AC3EFDFACFDD3F0F11DD4FD4044223 -- C:\Windows\winsxs\x86_microsoft-windows-userinit_31bf3856ad364e35_6.1.7601.17514_none_de3024012ff21116\userinit.exe
[2009/07/14 03:14:43 | 000,026,112 | ---- | M] (Microsoft Corporation) MD5=6DE80F60D7DE9CE6B8C2DDFDF79EF175 -- C:\Windows\winsxs\x86_microsoft-windows-userinit_31bf3856ad364e35_6.1.7600.16385_none_dbff103933038d7c\userinit.exe
[2009/07/14 03:39:48 | 000,030,208 | ---- | M] (Microsoft Corporation) MD5=6F8F1376A13114CC10C0E69274F5A4DE -- C:\Windows\winsxs\amd64_microsoft-windows-userinit_31bf3856ad364e35_6.1.7600.16385_none_381dabbceb60feb2\userinit.exe
[2010/11/20 15:25:24 | 000,030,720 | ---- | M] (Microsoft Corporation) MD5=BAFE84E637BF7388C96EF48D4D3FDD53 -- C:\Windows\SysNative\userinit.exe
[2010/11/20 15:25:24 | 000,030,720 | ---- | M] (Microsoft Corporation) MD5=BAFE84E637BF7388C96EF48D4D3FDD53 -- C:\Windows\winsxs\amd64_microsoft-windows-userinit_31bf3856ad364e35_6.1.7601.17514_none_3a4ebf84e84f824c\userinit.exe
 
< MD5 for: WININIT.EXE  >
[2009/07/14 03:39:52 | 000,129,024 | ---- | M] (Microsoft Corporation) MD5=94355C28C1970635A31B3FE52EB7CEBA -- C:\Windows\SysNative\wininit.exe
[2009/07/14 03:39:52 | 000,129,024 | ---- | M] (Microsoft Corporation) MD5=94355C28C1970635A31B3FE52EB7CEBA -- C:\Windows\winsxs\amd64_microsoft-windows-wininit_31bf3856ad364e35_6.1.7600.16385_none_8ce7aa761e01ad49\wininit.exe
[2009/07/14 03:14:45 | 000,096,256 | ---- | M] (Microsoft Corporation) MD5=B5C5DCAD3899512020D135600129D665 -- C:\Windows\SysWOW64\wininit.exe
[2009/07/14 03:14:45 | 000,096,256 | ---- | M] (Microsoft Corporation) MD5=B5C5DCAD3899512020D135600129D665 -- C:\Windows\winsxs\x86_microsoft-windows-wininit_31bf3856ad364e35_6.1.7600.16385_none_30c90ef265a43c13\wininit.exe
 
< MD5 for: WINLOGON.EXE  >
[2010/11/20 15:25:30 | 000,390,656 | ---- | M] (Microsoft Corporation) MD5=1151B1BAA6F350B1DB6598E0FEA7C457 -- C:\Windows\SysNative\winlogon.exe
[2010/11/20 15:25:30 | 000,390,656 | ---- | M] (Microsoft Corporation) MD5=1151B1BAA6F350B1DB6598E0FEA7C457 -- C:\Windows\winsxs\amd64_microsoft-windows-winlogon_31bf3856ad364e35_6.1.7601.17514_none_cde90685eb910636\winlogon.exe
[2009/07/14 03:39:52 | 000,389,120 | ---- | M] (Microsoft Corporation) MD5=132328DF455B0028F13BF0ABEE51A63A -- C:\Windows\winsxs\amd64_microsoft-windows-winlogon_31bf3856ad364e35_6.1.7600.16385_none_cbb7f2bdeea2829c\winlogon.exe
[2012/07/03 13:46:42 | 000,217,672 | ---- | M] () MD5=8A7F34F0BBD076EC3815680A7309114F -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\Chameleon\winlogon.exe
[2009/10/28 09:01:57 | 000,389,632 | ---- | M] (Microsoft Corporation) MD5=A93D41A4D4B0D91C072D11DD8AF266DE -- C:\Windows\winsxs\amd64_microsoft-windows-winlogon_31bf3856ad364e35_6.1.7600.20560_none_cc522fd507b468f8\winlogon.exe
[2009/10/28 08:24:40 | 000,389,632 | ---- | M] (Microsoft Corporation) MD5=DA3E2A6FA9660CC75B471530CE88453A -- C:\Windows\winsxs\amd64_microsoft-windows-winlogon_31bf3856ad364e35_6.1.7600.16447_none_cbe534e7ee8042ad\winlogon.exe
 
< MD5 for: WS2IFSL.SYS  >
[2009/07/14 02:10:33 | 000,021,504 | ---- | M] (Microsoft Corporation) MD5=6BCC1D7D2FD2453957C5479A32364E52 -- C:\Windows\SysNative\drivers\ws2ifsl.sys
[2009/07/14 02:10:33 | 000,021,504 | ---- | M] (Microsoft Corporation) MD5=6BCC1D7D2FD2453957C5479A32364E52 -- C:\Windows\winsxs\amd64_microsoft-windows-w..rastructure-ws2ifsl_31bf3856ad364e35_6.1.7600.16385_none_ab7b927be17eace8\ws2ifsl.sys
 
< %systemroot%\system32\drivers\*.sys /lockedfiles >
 
< %systemroot%\System32\config\*.sav >
 
< %systemroot%\*. /mp /s >
 
< %systemroot%\system32\*.dll /lockedfiles >

< End of report >

cosinus · 18.08.2012, 13:02

Mach einen OTL-Fix, beende alle evtl. geöffneten Programme, auch Virenscanner deaktivieren (!), starte OTL und kopiere folgenden Text in die "Custom Scan/Fixes" Box (unten in OTL): (das ":OTL" muss mitkopiert werden!!!)

Code:

ATTFilter

:OTL
FF - prefs.js..browser.startup.homepage: "http://www.az-web.de/sixcms/detail.php?template=az_home"
FF - user.js - File not found
[2012/03/09 21:40:40 | 000,000,000 | ---D | M] (AOL Deutschland Toolbar) -- C:\Users\GR\AppData\Roaming\mozilla\Firefox\Profiles\wdaz1coy.default\extensions\{43196362-5378-448b-8944-f097fa65e932}
[2012/03/09 21:41:06 | 000,002,058 | ---- | M] () -- C:\Users\GR\AppData\Roaming\Mozilla\Firefox\Profiles\wdaz1coy.default\searchplugins\aol-suche.xml
O3:64bit: - HKLM\..\Toolbar: (no name) - Locked - No CLSID value found.
O3 - HKLM\..\Toolbar: (no name) - Locked - No CLSID value found.
O4 - HKU\S-1-5-19..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe File not found
O4 - HKU\S-1-5-20..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe File not found
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktop = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktopChanges = 1
O32 - HKLM CDRom: AutoRun - 1
O33 - MountPoints2\{6f00c460-4d02-11e1-a2bd-90e6baf2921a}\Shell - "" = AutoRun
O33 - MountPoints2\{6f00c460-4d02-11e1-a2bd-90e6baf2921a}\Shell\AutoRun\command - "" = F:\LaunchU3.exe -a
:Files
C:\Users\GR\AppData\Local\{e6c151e9-5d36-b062-be16-911dc8c390e6}\L
C:\Users\GR\AppData\Local\{e6c151e9-5d36-b062-be16-911dc8c390e6}\U
C:\Users\GR\AppData\Local\{e6c151e9-5d36-b062-be16-911dc8c390e6}\n
C:\Users\GR\AppData\Local\{e6c151e9-5d36-b062-be16-911dc8c390e6}\@
:Commands
[purity]
[emptytemp]
[emptyflash]
[resethosts]

Klick dann oben links auf den Button Fix!
Das Logfile müsste geöffnet werden, wenn Du nach dem Fixen auf ok klickst, poste das bitte. Evtl. wird der Rechner neu gestartet.

Die mit diesem Script gefixten Einträge, Dateien und Ordner werden zur Sicherheit nicht vollständig gelöscht, es wird eine Sicherheitskopie auf der Systempartition im Ordner "_OTL" erstellt.

Hinweis: Das obige Script ist nur für diesen einen User in dieser Situtation erstellt worden. Es ist auf keinen anderen Rechner portierbar und darf nicht anderweitig verwandt werden, da es das System nachhaltig schädigen kann!

rocket112 · 18.08.2012, 16:06

Code:

ATTFilter

All processes killed
========== OTL ==========
Prefs.js: "hxxp://www.az-web.de/sixcms/detail.php?template=az_home" removed from browser.startup.homepage
C:\Users\GR\AppData\Roaming\mozilla\Firefox\Profiles\wdaz1coy.default\extensions\{43196362-5378-448b-8944-f097fa65e932}\META-INF folder moved successfully.
C:\Users\GR\AppData\Roaming\mozilla\Firefox\Profiles\wdaz1coy.default\extensions\{43196362-5378-448b-8944-f097fa65e932}\components folder moved successfully.
C:\Users\GR\AppData\Roaming\mozilla\Firefox\Profiles\wdaz1coy.default\extensions\{43196362-5378-448b-8944-f097fa65e932}\chrome folder moved successfully.
C:\Users\GR\AppData\Roaming\mozilla\Firefox\Profiles\wdaz1coy.default\extensions\{43196362-5378-448b-8944-f097fa65e932} folder moved successfully.
C:\Users\GR\AppData\Roaming\Mozilla\Firefox\Profiles\wdaz1coy.default\searchplugins\aol-suche.xml moved successfully.
64bit-Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Toolbar\\Locked deleted successfully.
Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Toolbar\\Locked deleted successfully.
Registry value HKEY_USERS\S-1-5-19\Software\Microsoft\Windows\CurrentVersion\RunOnce\\mctadmin deleted successfully.
Registry value HKEY_USERS\S-1-5-20\Software\Microsoft\Windows\CurrentVersion\RunOnce\\mctadmin deleted successfully.
Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\\NoActiveDesktop deleted successfully.
Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\\NoActiveDesktopChanges deleted successfully.
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Cdrom\\AutoRun|DWORD:1 /E : value set successfully!
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{6f00c460-4d02-11e1-a2bd-90e6baf2921a}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{6f00c460-4d02-11e1-a2bd-90e6baf2921a}\ not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{6f00c460-4d02-11e1-a2bd-90e6baf2921a}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{6f00c460-4d02-11e1-a2bd-90e6baf2921a}\ not found.
File F:\LaunchU3.exe -a not found.
========== FILES ==========
C:\Users\GR\AppData\Local\{e6c151e9-5d36-b062-be16-911dc8c390e6}\L folder moved successfully.
C:\Users\GR\AppData\Local\{e6c151e9-5d36-b062-be16-911dc8c390e6}\U folder moved successfully.
File\Folder C:\Users\GR\AppData\Local\{e6c151e9-5d36-b062-be16-911dc8c390e6}\n not found.
C:\Users\GR\AppData\Local\{e6c151e9-5d36-b062-be16-911dc8c390e6}\@ moved successfully.
========== COMMANDS ==========
 
[EMPTYTEMP]
 
User: All Users
 
User: Default
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 33170 bytes
 
User: Default User
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
 
User: GR
->Temp folder emptied: 688 bytes
->Temporary Internet Files folder emptied: 101426 bytes
->Java cache emptied: 3398667 bytes
->FireFox cache emptied: 58333698 bytes
->Flash cache emptied: 529 bytes
 
User: Public
 
%systemdrive% .tmp files removed: 0 bytes
%systemroot% .tmp files removed: 0 bytes
%systemroot%\System32 .tmp files removed: 0 bytes
%systemroot%\System32 (64bit) .tmp files removed: 0 bytes
%systemroot%\System32\drivers .tmp files removed: 0 bytes
Windows Temp folder emptied: 608 bytes
%systemroot%\sysnative\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files folder emptied: 50434 bytes
RecycleBin emptied: 0 bytes
 
Total Files Cleaned = 59.00 mb
 
 
[EMPTYFLASH]
 
User: All Users
 
User: Default
 
User: Default User
 
User: GR
->Flash cache emptied: 0 bytes
 
User: Public
 
Total Flash Files Cleaned = 0.00 mb
 
C:\Windows\System32\drivers\etc\Hosts moved successfully.
HOSTS file reset successfully
 
OTL by OldTimer - Version 3.2.57.0 log created on 08182012_170229

Files\Folders moved on Reboot...
C:\Users\GR\AppData\Local\Temp\FXSAPIDebugLogFile.txt moved successfully.

PendingFileRenameOperations files...
File C:\Users\GR\AppData\Local\Temp\FXSAPIDebugLogFile.txt not found!

Registry entries deleted on Reboot...

cosinus · 19.08.2012, 18:10

Bitte nun (im normalen Windows-Modus) dieses Tool von Kaspersky (TDSS-Killer) ausführen und das Log posten Anleitung und Downloadlink hier => http://www.trojaner-board.de/82358-t...entfernen.html

Hinweis: Bitte den Virenscanner abstellen bevor du den TDSS-Killer ausführst, denn v.a. Avira meldet im TDSS-Tool oft einen Fehalalrm!

Das Tool so einstellen wie unten im Bild angegeben - klick auf change parameters und setze die Haken wie im folgenden Screenshot abgebildet,
Dann auf Start Scan klicken und wenn es durch ist auf den Button Report klicken um das Log anzuzeigen. Dieses bitte komplett posten.
Wenn du das Log nicht findest oder den Inhalt kopieren und in dein Posting übertragen kannst, dann schau bitte direkt auf deiner Windows-Systempartition (meistens Laufwerk C

nach, da speichert der TDSS-Killer seine Logs.

Hinweis: Bitte nichts voreilig mit dem TDSS-Killer löschen! Falls Objekte vom TDSS-Killer bemängelt werden, alle mit der Aktion "skip" behandeln und hier nur das Log posten!

rocket112 · 19.08.2012, 18:24

Code:

ATTFilter

19:21:54.0835 4328  TDSS rootkit removing tool 2.8.6.0 Aug 13 2012 17:24:05
19:21:55.0413 4328  ============================================================
19:21:55.0413 4328  Current date / time: 2012/08/19 19:21:55.0413
19:21:55.0413 4328  SystemInfo:
19:21:55.0413 4328  
19:21:55.0413 4328  OS Version: 6.1.7601 ServicePack: 1.0
19:21:55.0413 4328  Product type: Workstation
19:21:55.0413 4328  ComputerName: GR-PC
19:21:55.0413 4328  UserName: GR
19:21:55.0413 4328  Windows directory: C:\Windows
19:21:55.0413 4328  System windows directory: C:\Windows
19:21:55.0413 4328  Running under WOW64
19:21:55.0413 4328  Processor architecture: Intel x64
19:21:55.0413 4328  Number of processors: 2
19:21:55.0413 4328  Page size: 0x1000
19:21:55.0413 4328  Boot type: Normal boot
19:21:55.0413 4328  ============================================================
19:21:57.0487 4328  Drive \Device\Harddisk0\DR0 - Size: 0x7470C06000 (465.76 Gb), SectorSize: 0x200, Cylinders: 0xED81, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000040
19:21:57.0503 4328  ============================================================
19:21:57.0503 4328  \Device\Harddisk0\DR0:
19:21:57.0503 4328  MBR partitions:
19:21:57.0503 4328  \Device\Harddisk0\DR0\Partition1: MBR, Type 0x7, StartLBA 0x1D4B178, BlocksNum 0xE8E0360
19:21:57.0519 4328  \Device\Harddisk0\DR0\Partition2: MBR, Type 0x7, StartLBA 0x1062B517, BlocksNum 0x29D5972A
19:21:57.0519 4328  ============================================================
19:21:57.0565 4328  C: <-> \Device\Harddisk0\DR0\Partition1
19:21:57.0628 4328  D: <-> \Device\Harddisk0\DR0\Partition2
19:21:57.0628 4328  ============================================================
19:21:57.0628 4328  Initialize success
19:21:57.0628 4328  ============================================================
19:23:00.0916 2908  ============================================================
19:23:00.0916 2908  Scan started
19:23:00.0916 2908  Mode: Manual; SigCheck; TDLFS; 
19:23:00.0916 2908  ============================================================
19:23:01.0774 2908  ================ Scan services =============================
19:23:02.0289 2908  [ a87d604aea360176311474c87a63bb88 ] 1394ohci        C:\Windows\system32\drivers\1394ohci.sys
19:23:02.0445 2908  1394ohci - ok
19:23:02.0492 2908  [ d81d9e70b8a6dd14d42d7b4efa65d5f2 ] ACPI            C:\Windows\system32\drivers\ACPI.sys
19:23:02.0507 2908  ACPI - ok
19:23:02.0554 2908  [ 99f8e788246d495ce3794d7e7821d2ca ] AcpiPmi         C:\Windows\system32\drivers\acpipmi.sys
19:23:02.0648 2908  AcpiPmi - ok
19:23:02.0819 2908  [ d19c4ee2ac7c47b8f5f84fff1a789d8a ] AdobeARMservice C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
19:23:02.0835 2908  AdobeARMservice - ok
19:23:03.0272 2908  [ a9d3b95e8466bd58eeb8a1154654e162 ] AdobeFlashPlayerUpdateSvc C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
19:23:03.0287 2908  AdobeFlashPlayerUpdateSvc - ok
19:23:03.0443 2908  [ 2f6b34b83843f0c5118b63ac634f5bf4 ] adp94xx         C:\Windows\system32\DRIVERS\adp94xx.sys
19:23:03.0506 2908  adp94xx - ok
19:23:03.0521 2908  [ 597f78224ee9224ea1a13d6350ced962 ] adpahci         C:\Windows\system32\DRIVERS\adpahci.sys
19:23:03.0553 2908  adpahci - ok
19:23:03.0568 2908  [ e109549c90f62fb570b9540c4b148e54 ] adpu320         C:\Windows\system32\DRIVERS\adpu320.sys
19:23:03.0615 2908  adpu320 - ok
19:23:03.0677 2908  [ c0bf554d2277f7a4c735d475ade2e3b2 ] ADSMService     C:\Program Files (x86)\ASUS\ASUS Data Security Manager\ADSMSrv.exe
19:23:03.0709 2908  ADSMService ( UnsignedFile.Multi.Generic ) - warning
19:23:03.0709 2908  ADSMService - detected UnsignedFile.Multi.Generic (1)
19:23:03.0740 2908  [ 4b78b431f225fd8624c5655cb1de7b61 ] AeLookupSvc     C:\Windows\System32\aelupsvc.dll
19:23:03.0943 2908  AeLookupSvc - ok
19:23:03.0974 2908  [ fb2be0bae9b3f248080cdbf91ef16c7f ] AFBAgent        C:\Windows\system32\FBAgent.exe
19:23:04.0005 2908  AFBAgent - ok
19:23:04.0067 2908  [ 1c7857b62de5994a75b054a9fd4c3825 ] AFD             C:\Windows\system32\drivers\afd.sys
19:23:04.0145 2908  AFD - ok
19:23:04.0192 2908  [ 608c14dba7299d8cb6ed035a68a15799 ] agp440          C:\Windows\system32\drivers\agp440.sys
19:23:04.0208 2908  agp440 - ok
19:23:04.0239 2908  [ 3290d6946b5e30e70414990574883ddb ] ALG             C:\Windows\System32\alg.exe
19:23:04.0286 2908  ALG - ok
19:23:04.0348 2908  [ 5812713a477a3ad7363c7438ca2ee038 ] aliide          C:\Windows\system32\drivers\aliide.sys
19:23:04.0364 2908  aliide - ok
19:23:04.0411 2908  [ 1ff8b4431c353ce385c875f194924c0c ] amdide          C:\Windows\system32\drivers\amdide.sys
19:23:04.0426 2908  amdide - ok
19:23:04.0473 2908  [ 7024f087cff1833a806193ef9d22cda9 ] AmdK8           C:\Windows\system32\DRIVERS\amdk8.sys
19:23:04.0535 2908  AmdK8 - ok
19:23:04.0535 2908  [ 1e56388b3fe0d031c44144eb8c4d6217 ] AmdPPM          C:\Windows\system32\DRIVERS\amdppm.sys
19:23:04.0582 2908  AmdPPM - ok
19:23:04.0613 2908  [ 6ec6d772eae38dc17c14aed9b178d24b ] amdsata         C:\Windows\system32\drivers\amdsata.sys
19:23:04.0629 2908  amdsata - ok
19:23:04.0660 2908  [ f67f933e79241ed32ff46a4f29b5120b ] amdsbs          C:\Windows\system32\DRIVERS\amdsbs.sys
19:23:04.0676 2908  amdsbs - ok
19:23:04.0707 2908  [ 1142a21db581a84ea5597b03a26ebaa0 ] amdxata         C:\Windows\system32\drivers\amdxata.sys
19:23:04.0723 2908  amdxata - ok
19:23:04.0754 2908  [ 9c7f164b49cadc658d1b3c575782f346 ] AmUStor         C:\Windows\system32\drivers\AmUStor.SYS
19:23:04.0816 2908  AmUStor - ok
19:23:04.0910 2908  [ 466a0d95960dad3222c896d2cea99993 ] AntiVirSchedulerService C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe
19:23:04.0925 2908  AntiVirSchedulerService - ok
19:23:04.0972 2908  [ a489be6bb0aa1ff406b488b60542314b ] AntiVirService  C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe
19:23:04.0972 2908  AntiVirService - ok
19:23:05.0019 2908  [ 89a69c3f2f319b43379399547526d952 ] AppID           C:\Windows\system32\drivers\appid.sys
19:23:05.0191 2908  AppID - ok
19:23:05.0222 2908  [ 0bc381a15355a3982216f7172f545de1 ] AppIDSvc        C:\Windows\System32\appidsvc.dll
19:23:05.0269 2908  AppIDSvc - ok
19:23:05.0331 2908  [ 3977d4a871ca0d4f2ed1e7db46829731 ] Appinfo         C:\Windows\System32\appinfo.dll
19:23:05.0378 2908  Appinfo - ok
19:23:05.0425 2908  [ c484f8ceb1717c540242531db7845c4e ] arc             C:\Windows\system32\DRIVERS\arc.sys
19:23:05.0440 2908  arc - ok
19:23:05.0456 2908  [ 019af6924aefe7839f61c830227fe79c ] arcsas          C:\Windows\system32\DRIVERS\arcsas.sys
19:23:05.0471 2908  arcsas - ok
19:23:05.0503 2908  [ 88fbc8bebfd38566235eaa5e4dbc4e05 ] AsDsm           C:\Windows\system32\drivers\AsDsm.sys
19:23:05.0503 2908  AsDsm - ok
19:23:05.0549 2908  [ 18e5c2f937f9deb8c282df66a3761925 ] ASLDRService    C:\Program Files (x86)\ASUS\ATK Hotkey\ASLDRSrv.exe
19:23:05.0565 2908  ASLDRService - ok
19:23:05.0596 2908  [ 2db34edd17d3a8da7105a19c95a3dd68 ] ASMMAP64        C:\Program Files\ATKGFNEX\ASMMAP64.sys
19:23:05.0612 2908  ASMMAP64 - ok
19:23:05.0861 2908  [ 9217d874131ae6ff8f642f124f00a555 ] aspnet_state    C:\Windows\Microsoft.NET\Framework64\v4.0.30319\aspnet_state.exe
19:23:05.0939 2908  aspnet_state - ok
19:23:05.0971 2908  [ 769765ce2cc62867468cea93969b2242 ] AsyncMac        C:\Windows\system32\DRIVERS\asyncmac.sys
19:23:06.0033 2908  AsyncMac - ok
19:23:06.0080 2908  [ 02062c0b390b7729edc9e69c680a6f3c ] atapi           C:\Windows\system32\drivers\atapi.sys
19:23:06.0095 2908  atapi - ok
19:23:06.0142 2908  [ 0acc06fcf46f64ed4f11e57ee461c1f4 ] athr            C:\Windows\system32\DRIVERS\athrx.sys
19:23:06.0236 2908  athr - ok
19:23:06.0251 2908  [ 7c157574a181b19b9dcf5f339e25337e ] ATKGFNEXSrv     C:\Program Files\ATKGFNEX\GFNEXSrv.exe
19:23:06.0283 2908  ATKGFNEXSrv ( UnsignedFile.Multi.Generic ) - warning
19:23:06.0283 2908  ATKGFNEXSrv - detected UnsignedFile.Multi.Generic (1)
19:23:06.0345 2908  [ f23fef6d569fce88671949894a8becf1 ] AudioEndpointBuilder C:\Windows\System32\Audiosrv.dll
19:23:06.0423 2908  AudioEndpointBuilder - ok
19:23:06.0454 2908  [ f23fef6d569fce88671949894a8becf1 ] AudioSrv        C:\Windows\System32\Audiosrv.dll
19:23:06.0485 2908  AudioSrv - ok
19:23:06.0548 2908  [ 26e38b5a58c6c55fafbc563eeddb0867 ] avgntflt        C:\Windows\system32\DRIVERS\avgntflt.sys
19:23:06.0563 2908  avgntflt - ok
19:23:06.0610 2908  [ 9d1f00beff84cbbf46d7f052bc7e0565 ] avipbb          C:\Windows\system32\DRIVERS\avipbb.sys
19:23:06.0610 2908  avipbb - ok
19:23:06.0641 2908  [ 248db59fc86de44d2779f4c7fb1a567d ] avkmgr          C:\Windows\system32\DRIVERS\avkmgr.sys
19:23:06.0641 2908  avkmgr - ok
19:23:06.0688 2908  [ a6bf31a71b409dfa8cac83159e1e2aff ] AxInstSV        C:\Windows\System32\AxInstSV.dll
19:23:06.0766 2908  AxInstSV - ok
19:23:06.0813 2908  [ 3e5b191307609f7514148c6832bb0842 ] b06bdrv         C:\Windows\system32\DRIVERS\bxvbda.sys
19:23:06.0891 2908  b06bdrv - ok
19:23:06.0938 2908  [ b5ace6968304a3900eeb1ebfd9622df2 ] b57nd60a        C:\Windows\system32\DRIVERS\b57nd60a.sys
19:23:06.0969 2908  b57nd60a - ok
19:23:07.0063 2908  [ 01a24b415926bb5f772dbe12459d97de ] BBSvc           C:\Program Files (x86)\Microsoft\BingBar\BBSvc.EXE
19:23:07.0109 2908  BBSvc - ok
19:23:07.0172 2908  [ 785de7abda13309d6065305542829e76 ] BBUpdate        C:\Program Files (x86)\Microsoft\BingBar\SeaPort.EXE
19:23:07.0187 2908  BBUpdate - ok
19:23:07.0265 2908  [ fde360167101b4e45a96f939f388aeb0 ] BDESVC          C:\Windows\System32\bdesvc.dll
19:23:07.0312 2908  BDESVC - ok
19:23:07.0328 2908  [ 16a47ce2decc9b099349a5f840654746 ] Beep            C:\Windows\system32\drivers\Beep.sys
19:23:07.0390 2908  Beep - ok
19:23:07.0499 2908  [ 82974d6a2fd19445cc5171fc378668a4 ] BFE             C:\Windows\System32\bfe.dll
19:23:07.0593 2908  BFE - ok
19:23:07.0640 2908  [ 1ea7969e3271cbc59e1730697dc74682 ] BITS            C:\Windows\System32\qmgr.dll
19:23:07.0718 2908  BITS - ok
19:23:07.0765 2908  [ 61583ee3c3a17003c4acd0475646b4d3 ] blbdrive        C:\Windows\system32\DRIVERS\blbdrive.sys
19:23:07.0796 2908  blbdrive - ok
19:23:07.0827 2908  [ 6c02a83164f5cc0a262f4199f0871cf5 ] bowser          C:\Windows\system32\DRIVERS\bowser.sys
19:23:07.0874 2908  bowser - ok
19:23:07.0921 2908  [ f09eee9edc320b5e1501f749fde686c8 ] BrFiltLo        C:\Windows\system32\DRIVERS\BrFiltLo.sys
19:23:07.0999 2908  BrFiltLo - ok
19:23:08.0014 2908  [ b114d3098e9bdb8bea8b053685831be6 ] BrFiltUp        C:\Windows\system32\DRIVERS\BrFiltUp.sys
19:23:08.0030 2908  BrFiltUp - ok
19:23:08.0061 2908  [ 05f5a0d14a2ee1d8255c2aa0e9e8e694 ] Browser         C:\Windows\System32\browser.dll
19:23:08.0092 2908  Browser - ok
19:23:08.0139 2908  [ 43bea8d483bf1870f018e2d02e06a5bd ] Brserid         C:\Windows\System32\Drivers\Brserid.sys
19:23:08.0170 2908  Brserid - ok
19:23:08.0170 2908  [ a6eca2151b08a09caceca35c07f05b42 ] BrSerWdm        C:\Windows\System32\Drivers\BrSerWdm.sys
19:23:08.0201 2908  BrSerWdm - ok
19:23:08.0217 2908  [ b79968002c277e869cf38bd22cd61524 ] BrUsbMdm        C:\Windows\System32\Drivers\BrUsbMdm.sys
19:23:08.0264 2908  BrUsbMdm - ok
19:23:08.0264 2908  [ a87528880231c54e75ea7a44943b38bf ] BrUsbSer        C:\Windows\System32\Drivers\BrUsbSer.sys
19:23:08.0311 2908  BrUsbSer - ok
19:23:08.0342 2908  [ 9da669f11d1f894ab4eb69bf546a42e8 ] BTHMODEM        C:\Windows\system32\DRIVERS\bthmodem.sys
19:23:08.0357 2908  BTHMODEM - ok
19:23:08.0404 2908  [ 95f9c2976059462cbbf227f7aab10de9 ] bthserv         C:\Windows\system32\bthserv.dll
19:23:08.0482 2908  bthserv - ok
19:23:08.0498 2908  [ b8bd2bb284668c84865658c77574381a ] cdfs            C:\Windows\system32\DRIVERS\cdfs.sys
19:23:08.0560 2908  cdfs - ok
19:23:08.0607 2908  [ f036ce71586e93d94dab220d7bdf4416 ] cdrom           C:\Windows\system32\drivers\cdrom.sys
19:23:08.0638 2908  cdrom - ok
19:23:08.0701 2908  [ f17d1d393bbc69c5322fbfafaca28c7f ] CertPropSvc     C:\Windows\System32\certprop.dll
19:23:08.0763 2908  CertPropSvc - ok
19:23:08.0810 2908  [ d7cd5c4e1b71fa62050515314cfb52cf ] circlass        C:\Windows\system32\DRIVERS\circlass.sys
19:23:08.0825 2908  circlass - ok
19:23:08.0872 2908  [ fe1ec06f2253f691fe36217c592a0206 ] CLFS            C:\Windows\system32\CLFS.sys
19:23:08.0888 2908  CLFS - ok
19:23:08.0935 2908  [ d88040f816fda31c3b466f0fa0918f29 ] clr_optimization_v2.0.50727_32 C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe
19:23:08.0981 2908  clr_optimization_v2.0.50727_32 - ok
19:23:09.0028 2908  [ d1ceea2b47cb998321c579651ce3e4f8 ] clr_optimization_v2.0.50727_64 C:\Windows\Microsoft.NET\Framework64\v2.0.50727\mscorsvw.exe
19:23:09.0059 2908  clr_optimization_v2.0.50727_64 - ok
19:23:09.0137 2908  [ c5a75eb48e2344abdc162bda79e16841 ] clr_optimization_v4.0.30319_32 C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe
19:23:09.0215 2908  clr_optimization_v4.0.30319_32 - ok
19:23:09.0247 2908  [ c6f9af94dcd58122a4d7e89db6bed29d ] clr_optimization_v4.0.30319_64 C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe
19:23:09.0278 2908  clr_optimization_v4.0.30319_64 - ok
19:23:09.0325 2908  [ 0840155d0bddf1190f84a663c284bd33 ] CmBatt          C:\Windows\system32\DRIVERS\CmBatt.sys
19:23:09.0371 2908  CmBatt - ok
19:23:09.0403 2908  [ e19d3f095812725d88f9001985b94edd ] cmdide          C:\Windows\system32\drivers\cmdide.sys
19:23:09.0418 2908  cmdide - ok
19:23:09.0449 2908  [ 9ac4f97c2d3e93367e2148ea940cd2cd ] CNG             C:\Windows\system32\Drivers\cng.sys
19:23:09.0481 2908  CNG - ok
19:23:09.0512 2908  [ 102de219c3f61415f964c88e9085ad14 ] Compbatt        C:\Windows\system32\DRIVERS\compbatt.sys
19:23:09.0527 2908  Compbatt - ok
19:23:09.0559 2908  [ 03edb043586cceba243d689bdda370a8 ] CompositeBus    C:\Windows\system32\drivers\CompositeBus.sys
19:23:09.0605 2908  CompositeBus - ok
19:23:09.0621 2908  COMSysApp - ok
19:23:09.0652 2908  [ 1c827878a998c18847245fe1f34ee597 ] crcdisk         C:\Windows\system32\DRIVERS\crcdisk.sys
19:23:09.0668 2908  crcdisk - ok
19:23:09.0699 2908  [ 4f5414602e2544a4554d95517948b705 ] CryptSvc        C:\Windows\system32\cryptsvc.dll
19:23:09.0746 2908  CryptSvc - ok
19:23:09.0793 2908  [ 5c627d1b1138676c0a7ab2c2c190d123 ] DcomLaunch      C:\Windows\system32\rpcss.dll
19:23:09.0855 2908  DcomLaunch - ok
19:23:09.0902 2908  [ 3cec7631a84943677aa8fa8ee5b6b43d ] defragsvc       C:\Windows\System32\defragsvc.dll
19:23:09.0980 2908  defragsvc - ok
19:23:10.0011 2908  [ 9bb2ef44eaa163b29c4a4587887a0fe4 ] DfsC            C:\Windows\system32\Drivers\dfsc.sys
19:23:10.0089 2908  DfsC - ok
19:23:10.0136 2908  [ 43d808f5d9e1a18e5eeb5ebc83969e4e ] Dhcp            C:\Windows\system32\dhcpcore.dll
19:23:10.0214 2908  Dhcp - ok
19:23:10.0261 2908  [ 13096b05847ec78f0977f2c0f79e9ab3 ] discache        C:\Windows\system32\drivers\discache.sys
19:23:10.0323 2908  discache - ok
19:23:10.0354 2908  [ 9819eee8b5ea3784ec4af3b137a5244c ] Disk            C:\Windows\system32\DRIVERS\disk.sys
19:23:10.0385 2908  Disk - ok
19:23:10.0401 2908  [ 16835866aaa693c7d7fceba8fff706e4 ] Dnscache        C:\Windows\System32\dnsrslvr.dll
19:23:10.0463 2908  Dnscache - ok
19:23:10.0510 2908  [ b1fb3ddca0fdf408750d5843591afbc6 ] dot3svc         C:\Windows\System32\dot3svc.dll
19:23:10.0573 2908  dot3svc - ok
19:23:10.0619 2908  [ b26f4f737e8f9df4f31af6cf31d05820 ] DPS             C:\Windows\system32\dps.dll
19:23:10.0666 2908  DPS - ok
19:23:10.0697 2908  [ 9b19f34400d24df84c858a421c205754 ] drmkaud         C:\Windows\system32\drivers\drmkaud.sys
19:23:10.0744 2908  drmkaud - ok
19:23:10.0791 2908  [ f5bee30450e18e6b83a5012c100616fd ] DXGKrnl         C:\Windows\System32\drivers\dxgkrnl.sys
19:23:10.0822 2908  DXGKrnl - ok
19:23:10.0853 2908  [ e2dda8726da9cb5b2c4000c9018a9633 ] EapHost         C:\Windows\System32\eapsvc.dll
19:23:10.0900 2908  EapHost - ok
19:23:10.0994 2908  [ dc5d737f51be844d8c82c695eb17372f ] ebdrv           C:\Windows\system32\DRIVERS\evbda.sys
19:23:11.0119 2908  ebdrv - ok
19:23:11.0165 2908  [ c118a82cd78818c29ab228366ebf81c3 ] EFS             C:\Windows\System32\lsass.exe
19:23:11.0228 2908  EFS - ok
19:23:11.0290 2908  [ c4002b6b41975f057d98c439030cea07 ] ehRecvr         C:\Windows\ehome\ehRecvr.exe
19:23:11.0368 2908  ehRecvr - ok
19:23:11.0399 2908  [ 4705e8ef9934482c5bb488ce28afc681 ] ehSched         C:\Windows\ehome\ehsched.exe
19:23:11.0446 2908  ehSched - ok
19:23:11.0493 2908  [ 0e5da5369a0fcaea12456dd852545184 ] elxstor         C:\Windows\system32\DRIVERS\elxstor.sys
19:23:11.0524 2908  elxstor - ok
19:23:11.0571 2908  [ 34a3c54752046e79a126e15c51db409b ] ErrDev          C:\Windows\system32\drivers\errdev.sys
19:23:11.0602 2908  ErrDev - ok
19:23:11.0665 2908  [ 1299d1ea00b7a4bf69c5869dca31e0f6 ] ETD             C:\Windows\system32\DRIVERS\ETD.sys
19:23:11.0696 2908  ETD - ok
19:23:11.0727 2908  [ 4166f82be4d24938977dd1746be9b8a0 ] EventSystem     C:\Windows\system32\es.dll
19:23:11.0805 2908  EventSystem - ok
19:23:11.0867 2908  [ a510c654ec00c1e9bdd91eeb3a59823b ] exfat           C:\Windows\system32\drivers\exfat.sys
19:23:11.0930 2908  exfat - ok
19:23:11.0961 2908  [ 0adc83218b66a6db380c330836f3e36d ] fastfat         C:\Windows\system32\drivers\fastfat.sys
19:23:12.0039 2908  fastfat - ok
19:23:12.0101 2908  [ dbefd454f8318a0ef691fdd2eaab44eb ] Fax             C:\Windows\system32\fxssvc.exe
19:23:12.0179 2908  Fax - ok
19:23:12.0211 2908  [ d765d19cd8ef61f650c384f62fac00ab ] fdc             C:\Windows\system32\DRIVERS\fdc.sys
19:23:12.0257 2908  fdc - ok
19:23:12.0304 2908  [ 0438cab2e03f4fb61455a7956026fe86 ] fdPHost         C:\Windows\system32\fdPHost.dll
19:23:12.0351 2908  fdPHost - ok
19:23:12.0382 2908  [ 802496cb59a30349f9a6dd22d6947644 ] FDResPub        C:\Windows\system32\fdrespub.dll
19:23:12.0429 2908  FDResPub - ok
19:23:12.0445 2908  [ 655661be46b5f5f3fd454e2c3095b930 ] FileInfo        C:\Windows\system32\drivers\fileinfo.sys
19:23:12.0460 2908  FileInfo - ok
19:23:12.0476 2908  [ 5f671ab5bc87eea04ec38a6cd5962a47 ] Filetrace       C:\Windows\system32\drivers\filetrace.sys
19:23:12.0538 2908  Filetrace - ok
19:23:12.0569 2908  [ c172a0f53008eaeb8ea33fe10e177af5 ] flpydisk        C:\Windows\system32\DRIVERS\flpydisk.sys
19:23:12.0601 2908  flpydisk - ok
19:23:12.0632 2908  [ da6b67270fd9db3697b20fce94950741 ] FltMgr          C:\Windows\system32\drivers\fltmgr.sys
19:23:12.0663 2908  FltMgr - ok
19:23:12.0772 2908  [ b4447f606bb19fd8ad0bafb59b90f5d9 ] FontCache       C:\Windows\system32\FntCache.dll
19:23:12.0866 2908  FontCache - ok
19:23:12.0959 2908  [ a8b7f3818ab65695e3a0bb3279f6dce6 ] FontCache3.0.0.0 C:\Windows\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe
19:23:12.0975 2908  FontCache3.0.0.0 - ok
19:23:13.0006 2908  [ d43703496149971890703b4b1b723eac ] FsDepends       C:\Windows\system32\drivers\FsDepends.sys
19:23:13.0022 2908  FsDepends - ok
19:23:13.0037 2908  [ 6bd9295cc032dd3077c671fccf579a7b ] Fs_Rec          C:\Windows\system32\drivers\Fs_Rec.sys
19:23:13.0053 2908  Fs_Rec - ok
19:23:13.0100 2908  [ 1f7b25b858fa27015169fe95e54108ed ] fvevol          C:\Windows\system32\DRIVERS\fvevol.sys
19:23:13.0131 2908  fvevol - ok
19:23:13.0162 2908  [ 8c778d335c9d272cfd3298ab02abe3b6 ] gagp30kx        C:\Windows\system32\DRIVERS\gagp30kx.sys
19:23:13.0178 2908  gagp30kx - ok
19:23:13.0240 2908  [ 277bbc7e1aa1ee957f573a10eca7ef3a ] gpsvc           C:\Windows\System32\gpsvc.dll
19:23:13.0318 2908  gpsvc - ok
19:23:13.0318 2908  [ f2523ef6460fc42405b12248338ab2f0 ] hcw85cir        C:\Windows\system32\drivers\hcw85cir.sys
19:23:13.0365 2908  hcw85cir - ok
19:23:13.0443 2908  [ 975761c778e33cd22498059b91e7373a ] HdAudAddService C:\Windows\system32\drivers\HdAudio.sys
19:23:13.0474 2908  HdAudAddService - ok
19:23:13.0505 2908  [ 97bfed39b6b79eb12cddbfeed51f56bb ] HDAudBus        C:\Windows\system32\drivers\HDAudBus.sys
19:23:13.0537 2908  HDAudBus - ok
19:23:13.0568 2908  [ 78e86380454a7b10a5eb255dc44a355f ] HidBatt         C:\Windows\system32\DRIVERS\HidBatt.sys
19:23:13.0599 2908  HidBatt - ok
19:23:13.0630 2908  [ 7fd2a313f7afe5c4dab14798c48dd104 ] HidBth          C:\Windows\system32\DRIVERS\hidbth.sys
19:23:13.0677 2908  HidBth - ok
19:23:13.0693 2908  [ 0a77d29f311b88cfae3b13f9c1a73825 ] HidIr           C:\Windows\system32\DRIVERS\hidir.sys
19:23:13.0724 2908  HidIr - ok
19:23:13.0755 2908  [ bd9eb3958f213f96b97b1d897dee006d ] hidserv         C:\Windows\system32\hidserv.dll
19:23:13.0817 2908  hidserv - ok
19:23:13.0880 2908  [ 9592090a7e2b61cd582b612b6df70536 ] HidUsb          C:\Windows\system32\drivers\hidusb.sys
19:23:13.0895 2908  HidUsb - ok
19:23:13.0927 2908  [ 387e72e739e15e3d37907a86d9ff98e2 ] hkmsvc          C:\Windows\system32\kmsvc.dll
19:23:13.0958 2908  hkmsvc - ok
19:23:13.0989 2908  [ efdfb3dd38a4376f93e7985173813abd ] HomeGroupListener C:\Windows\system32\ListSvc.dll
19:23:14.0036 2908  HomeGroupListener - ok
19:23:14.0083 2908  [ 908acb1f594274965a53926b10c81e89 ] HomeGroupProvider C:\Windows\system32\provsvc.dll
19:23:14.0114 2908  HomeGroupProvider - ok
19:23:14.0161 2908  [ 39d2abcd392f3d8a6dce7b60ae7b8efc ] HpSAMD          C:\Windows\system32\drivers\HpSAMD.sys
19:23:14.0176 2908  HpSAMD - ok
19:23:14.0223 2908  [ 0ea7de1acb728dd5a369fd742d6eee28 ] HTTP            C:\Windows\system32\drivers\HTTP.sys
19:23:14.0317 2908  HTTP - ok
19:23:14.0348 2908  [ a5462bd6884960c9dc85ed49d34ff392 ] hwpolicy        C:\Windows\system32\drivers\hwpolicy.sys
19:23:14.0363 2908  hwpolicy - ok
19:23:14.0410 2908  [ fa55c73d4affa7ee23ac4be53b4592d3 ] i8042prt        C:\Windows\system32\drivers\i8042prt.sys
19:23:14.0426 2908  i8042prt - ok
19:23:14.0457 2908  [ bbb3b6df1abb0fe35802ede85cc1c011 ] iaStor          C:\Windows\system32\DRIVERS\iaStor.sys
19:23:14.0473 2908  iaStor - ok
19:23:14.0535 2908  [ 3df4395a7cf8b7a72a5f4606366b8c2d ] iaStorV         C:\Windows\system32\drivers\iaStorV.sys
19:23:14.0551 2908  iaStorV - ok
19:23:14.0629 2908  [ 5988fc40f8db5b0739cd1e3a5d0d78bd ] idsvc           C:\Windows\Microsoft.NET\Framework64\v3.0\Windows Communication Foundation\infocard.exe
19:23:14.0691 2908  idsvc - ok
19:23:14.0738 2908  [ 5c18831c61933628f5bb0ea2675b9d21 ] iirsp           C:\Windows\system32\DRIVERS\iirsp.sys
19:23:14.0753 2908  iirsp - ok
19:23:14.0863 2908  [ fcd84c381e0140af901e58d48882d26b ] IKEEXT          C:\Windows\System32\ikeext.dll
19:23:14.0972 2908  IKEEXT - ok
19:23:15.0065 2908  [ 9c1d5314d42b7f1bd6ad6fb1ba8870a8 ] IntcAzAudAddService C:\Windows\system32\drivers\RTKVHD64.sys
19:23:15.0112 2908  IntcAzAudAddService - ok
19:23:15.0143 2908  [ f00f20e70c6ec3aa366910083a0518aa ] intelide        C:\Windows\system32\drivers\intelide.sys
19:23:15.0159 2908  intelide - ok
19:23:15.0175 2908  [ ada036632c664caa754079041cf1f8c1 ] intelppm        C:\Windows\system32\DRIVERS\intelppm.sys
19:23:15.0221 2908  intelppm - ok
19:23:15.0253 2908  [ 098a91c54546a3b878dad6a7e90a455b ] IPBusEnum       C:\Windows\system32\ipbusenum.dll
19:23:15.0299 2908  IPBusEnum - ok
19:23:15.0362 2908  [ c9f0e1bd74365a8771590e9008d22ab6 ] IpFilterDriver  C:\Windows\system32\DRIVERS\ipfltdrv.sys
19:23:15.0409 2908  IpFilterDriver - ok
19:23:15.0502 2908  [ a34a587fffd45fa649fba6d03784d257 ] iphlpsvc        C:\Windows\System32\iphlpsvc.dll
19:23:15.0565 2908  iphlpsvc - ok
19:23:15.0580 2908  [ 0fc1aea580957aa8817b8f305d18ca3a ] IPMIDRV         C:\Windows\system32\drivers\IPMIDrv.sys
19:23:15.0627 2908  IPMIDRV - ok
19:23:15.0658 2908  [ af9b39a7e7b6caa203b3862582e9f2d0 ] IPNAT           C:\Windows\system32\drivers\ipnat.sys
19:23:15.0705 2908  IPNAT - ok
19:23:15.0736 2908  [ 3abf5e7213eb28966d55d58b515d5ce9 ] IRENUM          C:\Windows\system32\drivers\irenum.sys
19:23:15.0814 2908  IRENUM - ok
19:23:15.0845 2908  [ 2f7b28dc3e1183e5eb418df55c204f38 ] isapnp          C:\Windows\system32\drivers\isapnp.sys
19:23:15.0861 2908  isapnp - ok
19:23:15.0923 2908  [ d931d7309deb2317035b07c9f9e6b0bd ] iScsiPrt        C:\Windows\system32\drivers\msiscsi.sys
19:23:15.0939 2908  iScsiPrt - ok
19:23:15.0955 2908  [ bc02336f1cba7dcc7d1213bb588a68a5 ] kbdclass        C:\Windows\system32\drivers\kbdclass.sys
19:23:15.0970 2908  kbdclass - ok
19:23:15.0986 2908  [ 0705eff5b42a9db58548eec3b26bb484 ] kbdhid          C:\Windows\system32\drivers\kbdhid.sys
19:23:16.0017 2908  kbdhid - ok
19:23:16.0064 2908  [ e63ef8c3271d014f14e2469ce75fecb4 ] kbfiltr         C:\Windows\system32\DRIVERS\kbfiltr.sys
19:23:16.0064 2908  kbfiltr - ok
19:23:16.0079 2908  [ c118a82cd78818c29ab228366ebf81c3 ] KeyIso          C:\Windows\system32\lsass.exe
19:23:16.0095 2908  KeyIso - ok
19:23:16.0126 2908  [ 97a7070aea4c058b6418519e869a63b4 ] KSecDD          C:\Windows\system32\Drivers\ksecdd.sys
19:23:16.0142 2908  KSecDD - ok
19:23:16.0142 2908  [ 26c43a7c2862447ec59deda188d1da07 ] KSecPkg         C:\Windows\system32\Drivers\ksecpkg.sys
19:23:16.0157 2908  KSecPkg - ok
19:23:16.0189 2908  [ 6869281e78cb31a43e969f06b57347c4 ] ksthunk         C:\Windows\system32\drivers\ksthunk.sys
19:23:16.0251 2908  ksthunk - ok
19:23:16.0282 2908  [ 6ab66e16aa859232f64deb66887a8c9c ] KtmRm           C:\Windows\system32\msdtckrm.dll
19:23:16.0360 2908  KtmRm - ok
19:23:16.0391 2908  [ b4a3a05b0f9c81d098b96ab6aa915042 ] L1C             C:\Windows\system32\DRIVERS\L1C62x64.sys
19:23:16.0438 2908  L1C - ok
19:23:16.0469 2908  [ d9f42719019740baa6d1c6d536cbdaa6 ] LanmanServer    C:\Windows\system32\srvsvc.dll
19:23:16.0532 2908  LanmanServer - ok
19:23:16.0563 2908  [ 851a1382eed3e3a7476db004f4ee3e1a ] LanmanWorkstation C:\Windows\System32\wkssvc.dll
19:23:16.0625 2908  LanmanWorkstation - ok
19:23:16.0657 2908  [ 1538831cf8ad2979a04c423779465827 ] lltdio          C:\Windows\system32\DRIVERS\lltdio.sys
19:23:16.0703 2908  lltdio - ok
19:23:16.0735 2908  [ c1185803384ab3feed115f79f109427f ] lltdsvc         C:\Windows\System32\lltdsvc.dll
19:23:16.0813 2908  lltdsvc - ok
19:23:16.0844 2908  [ f993a32249b66c9d622ea5592a8b76b8 ] lmhosts         C:\Windows\System32\lmhsvc.dll
19:23:16.0891 2908  lmhosts - ok
19:23:16.0922 2908  [ 1a93e54eb0ece102495a51266dcdb6a6 ] LSI_FC          C:\Windows\system32\DRIVERS\lsi_fc.sys
19:23:16.0937 2908  LSI_FC - ok
19:23:16.0969 2908  [ 1047184a9fdc8bdbff857175875ee810 ] LSI_SAS         C:\Windows\system32\DRIVERS\lsi_sas.sys
19:23:16.0984 2908  LSI_SAS - ok
19:23:16.0984 2908  [ 30f5c0de1ee8b5bc9306c1f0e4a75f93 ] LSI_SAS2        C:\Windows\system32\DRIVERS\lsi_sas2.sys
19:23:17.0000 2908  LSI_SAS2 - ok
19:23:17.0015 2908  [ 0504eacaff0d3c8aed161c4b0d369d4a ] LSI_SCSI        C:\Windows\system32\DRIVERS\lsi_scsi.sys
19:23:17.0031 2908  LSI_SCSI - ok
19:23:17.0062 2908  [ 43d0f98e1d56ccddb0d5254cff7b356e ] luafv           C:\Windows\system32\drivers\luafv.sys
19:23:17.0109 2908  luafv - ok
19:23:17.0140 2908  [ 085435ae1a124361304044029b5cc644 ] lullaby         C:\Windows\system32\DRIVERS\lullaby.sys
19:23:17.0156 2908  lullaby - ok
19:23:17.0218 2908  [ dc8490812a3b72811ae534f423b4c206 ] MBAMProtector   C:\Windows\system32\drivers\mbam.sys
19:23:17.0234 2908  MBAMProtector - ok
19:23:17.0296 2908  [ 43683e970f008c93c9429ef428147a54 ] MBAMService     C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe
19:23:17.0327 2908  MBAMService - ok
19:23:17.0359 2908  [ 0be09cd858abf9df6ed259d57a1a1663 ] Mcx2Svc         C:\Windows\system32\Mcx2Svc.dll
19:23:17.0390 2908  Mcx2Svc - ok
19:23:17.0421 2908  [ a55805f747c6edb6a9080d7c633bd0f4 ] megasas         C:\Windows\system32\DRIVERS\megasas.sys
19:23:17.0437 2908  megasas - ok
19:23:17.0452 2908  [ baf74ce0072480c3b6b7c13b2a94d6b3 ] MegaSR          C:\Windows\system32\DRIVERS\MegaSR.sys
19:23:17.0468 2908  MegaSR - ok
19:23:17.0499 2908  [ e40e80d0304a73e8d269f7141d77250b ] MMCSS           C:\Windows\system32\mmcss.dll
19:23:17.0577 2908  MMCSS - ok
19:23:17.0593 2908  [ 800ba92f7010378b09f9ed9270f07137 ] Modem           C:\Windows\system32\drivers\modem.sys
19:23:17.0655 2908  Modem - ok
19:23:17.0686 2908  [ b03d591dc7da45ece20b3b467e6aadaa ] monitor         C:\Windows\system32\DRIVERS\monitor.sys
19:23:17.0733 2908  monitor - ok
19:23:17.0749 2908  [ 7d27ea49f3c1f687d357e77a470aea99 ] mouclass        C:\Windows\system32\drivers\mouclass.sys
19:23:17.0764 2908  mouclass - ok
19:23:17.0795 2908  [ d3bf052c40b0c4166d9fd86a4288c1e6 ] mouhid          C:\Windows\system32\DRIVERS\mouhid.sys
19:23:17.0842 2908  mouhid - ok
19:23:17.0873 2908  [ 32e7a3d591d671a6df2db515a5cbe0fa ] mountmgr        C:\Windows\system32\drivers\mountmgr.sys
19:23:17.0889 2908  mountmgr - ok
19:23:17.0951 2908  [ 46297fa8e30a6007f14118fc2b942fbc ] MozillaMaintenance C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe
19:23:17.0967 2908  MozillaMaintenance - ok
19:23:17.0998 2908  [ a44b420d30bd56e145d6a2bc8768ec58 ] mpio            C:\Windows\system32\drivers\mpio.sys
19:23:18.0029 2908  mpio - ok
19:23:18.0045 2908  [ 6c38c9e45ae0ea2fa5e551f2ed5e978f ] mpsdrv          C:\Windows\system32\drivers\mpsdrv.sys
19:23:18.0092 2908  mpsdrv - ok
19:23:18.0201 2908  [ 54ffc9c8898113ace189d4aa7199d2c1 ] MpsSvc          C:\Windows\system32\mpssvc.dll
19:23:18.0279 2908  MpsSvc - ok
19:23:18.0341 2908  [ dc722758b8261e1abafd31a3c0a66380 ] MRxDAV          C:\Windows\system32\drivers\mrxdav.sys
19:23:18.0404 2908  MRxDAV - ok
19:23:18.0435 2908  [ a5d9106a73dc88564c825d317cac68ac ] mrxsmb          C:\Windows\system32\DRIVERS\mrxsmb.sys
19:23:18.0482 2908  mrxsmb - ok
19:23:18.0513 2908  [ d711b3c1d5f42c0c2415687be09fc163 ] mrxsmb10        C:\Windows\system32\DRIVERS\mrxsmb10.sys
19:23:18.0529 2908  mrxsmb10 - ok
19:23:18.0560 2908  [ 9423e9d355c8d303e76b8cfbd8a5c30c ] mrxsmb20        C:\Windows\system32\DRIVERS\mrxsmb20.sys
19:23:18.0607 2908  mrxsmb20 - ok
19:23:18.0638 2908  [ c25f0bafa182cbca2dd3c851c2e75796 ] msahci          C:\Windows\system32\drivers\msahci.sys
19:23:18.0638 2908  msahci - ok
19:23:18.0669 2908  [ db801a638d011b9633829eb6f663c900 ] msdsm           C:\Windows\system32\drivers\msdsm.sys
19:23:18.0685 2908  msdsm - ok
19:23:18.0716 2908  [ de0ece52236cfa3ed2dbfc03f28253a8 ] MSDTC           C:\Windows\System32\msdtc.exe
19:23:18.0747 2908  MSDTC - ok
19:23:18.0809 2908  [ aa3fb40e17ce1388fa1bedab50ea8f96 ] Msfs            C:\Windows\system32\drivers\Msfs.sys
19:23:18.0856 2908  Msfs - ok
19:23:18.0887 2908  [ f9d215a46a8b9753f61767fa72a20326 ] mshidkmdf       C:\Windows\System32\drivers\mshidkmdf.sys
19:23:18.0934 2908  mshidkmdf - ok
19:23:18.0997 2908  [ d916874bbd4f8b07bfb7fa9b3ccae29d ] msisadrv        C:\Windows\system32\drivers\msisadrv.sys
19:23:18.0997 2908  msisadrv - ok
19:23:19.0043 2908  [ 808e98ff49b155c522e6400953177b08 ] MSiSCSI         C:\Windows\system32\iscsiexe.dll
19:23:19.0106 2908  MSiSCSI - ok
19:23:19.0121 2908  msiserver - ok
19:23:19.0137 2908  [ 49ccf2c4fea34ffad8b1b59d49439366 ] MSKSSRV         C:\Windows\system32\drivers\MSKSSRV.sys
19:23:19.0184 2908  MSKSSRV - ok
19:23:19.0215 2908  [ bdd71ace35a232104ddd349ee70e1ab3 ] MSPCLOCK        C:\Windows\system32\drivers\MSPCLOCK.sys
19:23:19.0246 2908  MSPCLOCK - ok
19:23:19.0262 2908  [ 4ed981241db27c3383d72092b618a1d0 ] MSPQM           C:\Windows\system32\drivers\MSPQM.sys
19:23:19.0324 2908  MSPQM - ok
19:23:19.0355 2908  [ 759a9eeb0fa9ed79da1fb7d4ef78866d ] MsRPC           C:\Windows\system32\drivers\MsRPC.sys
19:23:19.0387 2908  MsRPC - ok
19:23:19.0418 2908  [ 0eed230e37515a0eaee3c2e1bc97b288 ] mssmbios        C:\Windows\system32\drivers\mssmbios.sys
19:23:19.0418 2908  mssmbios - ok
19:23:19.0465 2908  [ 2e66f9ecb30b4221a318c92ac2250779 ] MSTEE           C:\Windows\system32\drivers\MSTEE.sys
19:23:19.0527 2908  MSTEE - ok
19:23:19.0543 2908  [ 7ea404308934e675bffde8edf0757bcd ] MTConfig        C:\Windows\system32\DRIVERS\MTConfig.sys
19:23:19.0589 2908  MTConfig - ok
19:23:19.0621 2908  [ 032d35c996f21d19a205a7c8f0b76f3c ] MTsensor        C:\Windows\system32\DRIVERS\ATK64AMD.sys
19:23:19.0636 2908  MTsensor - ok
19:23:19.0652 2908  [ f9a18612fd3526fe473c1bda678d61c8 ] Mup             C:\Windows\system32\Drivers\mup.sys
19:23:19.0667 2908  Mup - ok
19:23:19.0730 2908  [ 582ac6d9873e31dfa28a4547270862dd ] napagent        C:\Windows\system32\qagentRT.dll
19:23:19.0808 2908  napagent - ok
19:23:19.0839 2908  [ 1ea3749c4114db3e3161156ffffa6b33 ] NativeWifiP     C:\Windows\system32\DRIVERS\nwifi.sys
19:23:19.0870 2908  NativeWifiP - ok
19:23:19.0933 2908  [ 79b47fd40d9a817e932f9d26fac0a81c ] NDIS            C:\Windows\system32\drivers\ndis.sys
19:23:19.0979 2908  NDIS - ok
19:23:20.0011 2908  [ 9f9a1f53aad7da4d6fef5bb73ab811ac ] NdisCap         C:\Windows\system32\DRIVERS\ndiscap.sys
19:23:20.0057 2908  NdisCap - ok
19:23:20.0089 2908  [ 30639c932d9fef22b31268fe25a1b6e5 ] NdisTapi        C:\Windows\system32\DRIVERS\ndistapi.sys
19:23:20.0135 2908  NdisTapi - ok
19:23:20.0167 2908  [ 136185f9fb2cc61e573e676aa5402356 ] Ndisuio         C:\Windows\system32\DRIVERS\ndisuio.sys
19:23:20.0213 2908  Ndisuio - ok
19:23:20.0245 2908  [ 53f7305169863f0a2bddc49e116c2e11 ] NdisWan         C:\Windows\system32\DRIVERS\ndiswan.sys
19:23:20.0307 2908  NdisWan - ok
19:23:20.0338 2908  [ 015c0d8e0e0421b4cfd48cffe2825879 ] NDProxy         C:\Windows\system32\drivers\NDProxy.sys
19:23:20.0385 2908  NDProxy - ok
19:23:20.0416 2908  [ 86743d9f5d2b1048062b14b1d84501c4 ] NetBIOS         C:\Windows\system32\DRIVERS\netbios.sys
19:23:20.0479 2908  NetBIOS - ok
19:23:20.0510 2908  [ 09594d1089c523423b32a4229263f068 ] NetBT           C:\Windows\system32\DRIVERS\netbt.sys
19:23:20.0557 2908  NetBT - ok
19:23:20.0588 2908  [ c118a82cd78818c29ab228366ebf81c3 ] Netlogon        C:\Windows\system32\lsass.exe
19:23:20.0603 2908  Netlogon - ok
19:23:20.0635 2908  [ 847d3ae376c0817161a14a82c8922a9e ] Netman          C:\Windows\System32\netman.dll
19:23:20.0713 2908  Netman - ok
19:23:20.0759 2908  [ d22cd77d4f0d63d1169bb35911bff12d ] NetMsmqActivator C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe
19:23:20.0822 2908  NetMsmqActivator - ok
19:23:20.0822 2908  [ d22cd77d4f0d63d1169bb35911bff12d ] NetPipeActivator C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe
19:23:20.0837 2908  NetPipeActivator - ok
19:23:20.0869 2908  [ 5f28111c648f1e24f7dbc87cdeb091b8 ] netprofm        C:\Windows\System32\netprofm.dll
19:23:20.0915 2908  netprofm - ok
19:23:20.0915 2908  [ d22cd77d4f0d63d1169bb35911bff12d ] NetTcpActivator C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe
19:23:20.0931 2908  NetTcpActivator - ok
19:23:20.0931 2908  [ d22cd77d4f0d63d1169bb35911bff12d ] NetTcpPortSharing C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe
19:23:20.0947 2908  NetTcpPortSharing - ok
19:23:20.0993 2908  [ 77889813be4d166cdab78ddba990da92 ] nfrd960         C:\Windows\system32\DRIVERS\nfrd960.sys
19:23:21.0009 2908  nfrd960 - ok
19:23:21.0056 2908  [ 1ee99a89cc788ada662441d1e9830529 ] NlaSvc          C:\Windows\System32\nlasvc.dll
19:23:21.0103 2908  NlaSvc - ok
19:23:21.0134 2908  [ 1e4c4ab5c9b8dd13179bbdc75a2a01f7 ] Npfs            C:\Windows\system32\drivers\Npfs.sys
19:23:21.0165 2908  Npfs - ok
19:23:21.0181 2908  [ d54bfdf3e0c953f823b3d0bfe4732528 ] nsi             C:\Windows\system32\nsisvc.dll
19:23:21.0243 2908  nsi - ok
19:23:21.0274 2908  [ e7f5ae18af4168178a642a9247c63001 ] nsiproxy        C:\Windows\system32\drivers\nsiproxy.sys
19:23:21.0321 2908  nsiproxy - ok
19:23:21.0383 2908  [ 05d78aa5cb5f3f5c31160bdb955d0b7c ] Ntfs            C:\Windows\system32\drivers\Ntfs.sys
19:23:21.0446 2908  Ntfs - ok
19:23:21.0461 2908  [ 9899284589f75fa8724ff3d16aed75c1 ] Null            C:\Windows\system32\drivers\Null.sys
19:23:21.0524 2908  Null - ok
19:23:21.0555 2908  [ cb599955ce2ce9694721562f9481cd84 ] NVHDA           C:\Windows\system32\drivers\nvhda64v.sys
19:23:21.0571 2908  NVHDA - ok
19:23:22.0288 2908  [ 0d3f6e25c658530a2ad4b648849f1483 ] nvlddmkm        C:\Windows\system32\DRIVERS\nvlddmkm.sys
19:23:22.0475 2908  nvlddmkm - ok
19:23:22.0507 2908  [ 5d9fd91f3d38dc9da01e3cb5fa89cd48 ] nvraid          C:\Windows\system32\drivers\nvraid.sys
19:23:22.0522 2908  nvraid - ok
19:23:22.0553 2908  [ f7cd50fe7139f07e77da8ac8033d1832 ] nvstor          C:\Windows\system32\drivers\nvstor.sys
19:23:22.0569 2908  nvstor - ok
19:23:22.0616 2908  [ 7dd5a1a53bb2d1b1b85c9c543d05e222 ] nvsvc           C:\Windows\system32\nvvsvc.exe
19:23:22.0631 2908  nvsvc - ok
19:23:22.0678 2908  [ 270d7cd42d6e3979f6dd0146650f0e05 ] nv_agp          C:\Windows\system32\drivers\nv_agp.sys
19:23:22.0694 2908  nv_agp - ok
19:23:22.0756 2908  [ 649791f5b905e6a8ecced15ad8efd436 ] OberonGameConsoleService C:\Program Files (x86)\Asus\Game Park\GameConsole\OberonGameConsoleService.exe
19:23:22.0772 2908  OberonGameConsoleService - ok
19:23:22.0865 2908  [ 785f487a64950f3cb8e9f16253ba3b7b ] odserv          C:\Program Files (x86)\Common Files\Microsoft Shared\OFFICE12\ODSERV.EXE
19:23:22.0975 2908  odserv - ok
19:23:22.0990 2908  [ 3589478e4b22ce21b41fa1bfc0b8b8a0 ] ohci1394        C:\Windows\system32\drivers\ohci1394.sys
19:23:23.0021 2908  ohci1394 - ok
19:23:23.0068 2908  [ 5a432a042dae460abe7199b758e8606c ] ose             C:\Program Files (x86)\Common Files\Microsoft Shared\Source Engine\OSE.EXE
19:23:23.0084 2908  ose - ok
19:23:23.0115 2908  [ 3eac4455472cc2c97107b5291e0dcafe ] p2pimsvc        C:\Windows\system32\pnrpsvc.dll
19:23:23.0162 2908  p2pimsvc - ok
19:23:23.0177 2908  [ 927463ecb02179f88e4b9a17568c63c3 ] p2psvc          C:\Windows\system32\p2psvc.dll
19:23:23.0224 2908  p2psvc - ok
19:23:23.0255 2908  [ 0086431c29c35be1dbc43f52cc273887 ] Parport         C:\Windows\system32\DRIVERS\parport.sys
19:23:23.0287 2908  Parport - ok
19:23:23.0302 2908  [ e9766131eeade40a27dc27d2d68fba9c ] partmgr         C:\Windows\system32\drivers\partmgr.sys
19:23:23.0318 2908  partmgr - ok
19:23:23.0349 2908  [ 3aeaa8b561e63452c655dc0584922257 ] PcaSvc          C:\Windows\System32\pcasvc.dll
19:23:23.0396 2908  PcaSvc - ok
19:23:23.0411 2908  [ 94575c0571d1462a0f70bde6bd6ee6b3 ] pci             C:\Windows\system32\drivers\pci.sys
19:23:23.0443 2908  pci - ok
19:23:23.0458 2908  [ b5b8b5ef2e5cb34df8dcf8831e3534fa ] pciide          C:\Windows\system32\drivers\pciide.sys
19:23:23.0474 2908  pciide - ok
19:23:23.0505 2908  [ b2e81d4e87ce48589f98cb8c05b01f2f ] pcmcia          C:\Windows\system32\DRIVERS\pcmcia.sys
19:23:23.0536 2908  pcmcia - ok
19:23:23.0552 2908  [ d6b9c2e1a11a3a4b26a182ffef18f603 ] pcw             C:\Windows\system32\drivers\pcw.sys
19:23:23.0567 2908  pcw - ok
19:23:23.0599 2908  [ 68769c3356b3be5d1c732c97b9a80d6e ] PEAUTH          C:\Windows\system32\drivers\peauth.sys
19:23:23.0661 2908  PEAUTH - ok
19:23:23.0770 2908  [ e495e408c93141e8fc72dc0c6046ddfa ] PerfHost        C:\Windows\SysWow64\perfhost.exe
19:23:23.0801 2908  PerfHost - ok
19:23:23.0957 2908  [ c7cf6a6e137463219e1259e3f0f0dd6c ] pla             C:\Windows\system32\pla.dll
19:23:24.0051 2908  pla - ok
19:23:24.0082 2908  [ 25fbdef06c4d92815b353f6e792c8129 ] PlugPlay        C:\Windows\system32\umpnpmgr.dll
19:23:24.0145 2908  PlugPlay - ok
19:23:24.0160 2908  [ 7195581cec9bb7d12abe54036acc2e38 ] PNRPAutoReg     C:\Windows\system32\pnrpauto.dll
19:23:24.0191 2908  PNRPAutoReg - ok
19:23:24.0207 2908  [ 3eac4455472cc2c97107b5291e0dcafe ] PNRPsvc         C:\Windows\system32\pnrpsvc.dll
19:23:24.0223 2908  PNRPsvc - ok
19:23:24.0269 2908  [ 4f15d75adf6156bf56eced6d4a55c389 ] PolicyAgent     C:\Windows\System32\ipsecsvc.dll
19:23:24.0332 2908  PolicyAgent - ok
19:23:24.0363 2908  [ 6ba9d927dded70bd1a9caded45f8b184 ] Power           C:\Windows\system32\umpo.dll
19:23:24.0425 2908  Power - ok
19:23:24.0457 2908  [ f92a2c41117a11a00be01ca01a7fcde9 ] PptpMiniport    C:\Windows\system32\DRIVERS\raspptp.sys
19:23:24.0503 2908  PptpMiniport - ok
19:23:24.0535 2908  [ 0d922e23c041efb1c3fac2a6f943c9bf ] Processor       C:\Windows\system32\DRIVERS\processr.sys
19:23:24.0550 2908  Processor - ok
19:23:24.0597 2908  [ 5c78838b4d166d1a27db3a8a820c799a ] ProfSvc         C:\Windows\system32\profsvc.dll
19:23:24.0659 2908  ProfSvc - ok
19:23:24.0675 2908  [ c118a82cd78818c29ab228366ebf81c3 ] ProtectedStorage C:\Windows\system32\lsass.exe
19:23:24.0691 2908  ProtectedStorage - ok
19:23:24.0737 2908  [ 0557cf5a2556bd58e26384169d72438d ] Psched          C:\Windows\system32\DRIVERS\pacer.sys
19:23:24.0784 2908  Psched - ok
19:23:24.0862 2908  [ a53a15a11ebfd21077463ee2c7afeef0 ] ql2300          C:\Windows\system32\DRIVERS\ql2300.sys
19:23:24.0940 2908  ql2300 - ok
19:23:24.0956 2908  [ 4f6d12b51de1aaeff7dc58c4d75423c8 ] ql40xx          C:\Windows\system32\DRIVERS\ql40xx.sys
19:23:24.0971 2908  ql40xx - ok
19:23:25.0018 2908  [ 906191634e99aea92c4816150bda3732 ] QWAVE           C:\Windows\system32\qwave.dll
19:23:25.0049 2908  QWAVE - ok
19:23:25.0065 2908  [ 76707bb36430888d9ce9d705398adb6c ] QWAVEdrv        C:\Windows\system32\drivers\qwavedrv.sys
19:23:25.0112 2908  QWAVEdrv - ok
19:23:25.0127 2908  [ 5a0da8ad5762fa2d91678a8a01311704 ] RasAcd          C:\Windows\system32\DRIVERS\rasacd.sys
19:23:25.0190 2908  RasAcd - ok
19:23:25.0221 2908  [ 7ecff9b22276b73f43a99a15a6094e90 ] RasAgileVpn     C:\Windows\system32\DRIVERS\AgileVpn.sys
19:23:25.0268 2908  RasAgileVpn - ok
19:23:25.0299 2908  [ 8f26510c5383b8dbe976de1cd00fc8c7 ] RasAuto         C:\Windows\System32\rasauto.dll
19:23:25.0361 2908  RasAuto - ok
19:23:25.0424 2908  [ 471815800ae33e6f1c32fb1b97c490ca ] Rasl2tp         C:\Windows\system32\DRIVERS\rasl2tp.sys
19:23:25.0486 2908  Rasl2tp - ok
19:23:25.0517 2908  [ ee867a0870fc9e4972ba9eaad35651e2 ] RasMan          C:\Windows\System32\rasmans.dll
19:23:25.0580 2908  RasMan - ok
19:23:25.0611 2908  [ 855c9b1cd4756c5e9a2aa58a15f58c25 ] RasPppoe        C:\Windows\system32\DRIVERS\raspppoe.sys
19:23:25.0658 2908  RasPppoe - ok
19:23:25.0673 2908  [ e8b1e447b008d07ff47d016c2b0eeecb ] RasSstp         C:\Windows\system32\DRIVERS\rassstp.sys
19:23:25.0736 2908  RasSstp - ok
19:23:25.0783 2908  [ 77f665941019a1594d887a74f301fa2f ] rdbss           C:\Windows\system32\DRIVERS\rdbss.sys
19:23:25.0829 2908  rdbss - ok
19:23:25.0845 2908  [ 302da2a0539f2cf54d7c6cc30c1f2d8d ] rdpbus          C:\Windows\system32\DRIVERS\rdpbus.sys
19:23:25.0876 2908  rdpbus - ok
19:23:25.0907 2908  [ cea6cc257fc9b7715f1c2b4849286d24 ] RDPCDD          C:\Windows\system32\DRIVERS\RDPCDD.sys
19:23:25.0954 2908  RDPCDD - ok
19:23:25.0970 2908  [ bb5971a4f00659529a5c44831af22365 ] RDPENCDD        C:\Windows\system32\drivers\rdpencdd.sys
19:23:26.0017 2908  RDPENCDD - ok
19:23:26.0048 2908  [ 216f3fa57533d98e1f74ded70113177a ] RDPREFMP        C:\Windows\system32\drivers\rdprefmp.sys
19:23:26.0079 2908  RDPREFMP - ok
19:23:26.0110 2908  [ e61608aa35e98999af9aaeeea6114b0a ] RDPWD           C:\Windows\system32\drivers\RDPWD.sys
19:23:26.0173 2908  RDPWD - ok
19:23:26.0219 2908  [ 34ed295fa0121c241bfef24764fc4520 ] rdyboost        C:\Windows\system32\drivers\rdyboost.sys
19:23:26.0235 2908  rdyboost - ok
19:23:26.0266 2908  [ 254fb7a22d74e5511c73a3f6d802f192 ] RemoteAccess    C:\Windows\System32\mprdim.dll
19:23:26.0313 2908  RemoteAccess - ok
19:23:26.0360 2908  [ e4d94f24081440b5fc5aa556c7c62702 ] RemoteRegistry  C:\Windows\system32\regsvc.dll
19:23:26.0422 2908  RemoteRegistry - ok
19:23:26.0547 2908  [ 7ccaebcab6fc1ed0206c07e083e79207 ] RichVideo       C:\Program Files (x86)\CyberLink\Shared files\RichVideo.exe
19:23:26.0578 2908  RichVideo - ok
19:23:26.0609 2908  [ e4dc58cf7b3ea515ae917ff0d402a7bb ] RpcEptMapper    C:\Windows\System32\RpcEpMap.dll
19:23:26.0672 2908  RpcEptMapper - ok
19:23:26.0703 2908  [ d5ba242d4cf8e384db90e6a8ed850b8c ] RpcLocator      C:\Windows\system32\locator.exe
19:23:26.0719 2908  RpcLocator - ok
19:23:26.0765 2908  [ 5c627d1b1138676c0a7ab2c2c190d123 ] RpcSs           C:\Windows\system32\rpcss.dll
19:23:26.0812 2908  RpcSs - ok
19:23:26.0859 2908  [ ddc86e4f8e7456261e637e3552e804ff ] rspndr          C:\Windows\system32\DRIVERS\rspndr.sys
19:23:26.0906 2908  rspndr - ok
19:23:26.0921 2908  [ c118a82cd78818c29ab228366ebf81c3 ] SamSs           C:\Windows\system32\lsass.exe
19:23:26.0937 2908  SamSs - ok
19:23:26.0968 2908  [ ac03af3329579fffb455aa2daabbe22b ] sbp2port        C:\Windows\system32\drivers\sbp2port.sys
19:23:26.0999 2908  sbp2port - ok
19:23:27.0031 2908  [ 9b7395789e3791a3b6d000fe6f8b131e ] SCardSvr        C:\Windows\System32\SCardSvr.dll
19:23:27.0077 2908  SCardSvr - ok
19:23:27.0109 2908  [ 253f38d0d7074c02ff8deb9836c97d2b ] scfilter        C:\Windows\system32\DRIVERS\scfilter.sys
19:23:27.0155 2908  scfilter - ok
19:23:27.0218 2908  [ 262f6592c3299c005fd6bec90fc4463a ] Schedule        C:\Windows\system32\schedsvc.dll
19:23:27.0296 2908  Schedule - ok
19:23:27.0327 2908  [ f17d1d393bbc69c5322fbfafaca28c7f ] SCPolicySvc     C:\Windows\System32\certprop.dll
19:23:27.0358 2908  SCPolicySvc - ok
19:23:27.0374 2908  [ 6ea4234dc55346e0709560fe7c2c1972 ] SDRSVC          C:\Windows\System32\SDRSVC.dll
19:23:27.0436 2908  SDRSVC - ok
19:23:27.0483 2908  [ 3ea8a16169c26afbeb544e0e48421186 ] secdrv          C:\Windows\system32\drivers\secdrv.sys
19:23:27.0530 2908  secdrv - ok
19:23:27.0577 2908  [ bc617a4e1b4fa8df523a061739a0bd87 ] seclogon        C:\Windows\system32\seclogon.dll
19:23:27.0639 2908  seclogon - ok
19:23:27.0655 2908  [ c32ab8fa018ef34c0f113bd501436d21 ] SENS            C:\Windows\System32\sens.dll
19:23:27.0717 2908  SENS - ok
19:23:27.0748 2908  [ 0336cffafaab87a11541f1cf1594b2b2 ] SensrSvc        C:\Windows\system32\sensrsvc.dll
19:23:27.0779 2908  SensrSvc - ok
19:23:27.0795 2908  [ cb624c0035412af0debec78c41f5ca1b ] Serenum         C:\Windows\system32\DRIVERS\serenum.sys
19:23:27.0826 2908  Serenum - ok
19:23:27.0857 2908  [ c1d8e28b2c2adfaec4ba89e9fda69bd6 ] Serial          C:\Windows\system32\DRIVERS\serial.sys
19:23:27.0889 2908  Serial - ok
19:23:27.0935 2908  [ 1c545a7d0691cc4a027396535691c3e3 ] sermouse        C:\Windows\system32\DRIVERS\sermouse.sys
19:23:27.0967 2908  sermouse - ok
19:23:28.0029 2908  [ 0b6231bf38174a1628c4ac812cc75804 ] SessionEnv      C:\Windows\system32\sessenv.dll
19:23:28.0076 2908  SessionEnv - ok
19:23:28.0107 2908  [ a554811bcd09279536440c964ae35bbf ] sffdisk         C:\Windows\system32\drivers\sffdisk.sys
19:23:28.0138 2908  sffdisk - ok
19:23:28.0138 2908  [ ff414f0baefeba59bc6c04b3db0b87bf ] sffp_mmc        C:\Windows\system32\drivers\sffp_mmc.sys
19:23:28.0169 2908  sffp_mmc - ok
19:23:28.0169 2908  [ dd85b78243a19b59f0637dcf284da63c ] sffp_sd         C:\Windows\system32\drivers\sffp_sd.sys
19:23:28.0201 2908  sffp_sd - ok
19:23:28.0216 2908  [ a9d601643a1647211a1ee2ec4e433ff4 ] sfloppy         C:\Windows\system32\DRIVERS\sfloppy.sys
19:23:28.0263 2908  sfloppy - ok
19:23:28.0279 2908  [ b95f6501a2f8b2e78c697fec401970ce ] SharedAccess    C:\Windows\System32\ipnathlp.dll
19:23:28.0325 2908  SharedAccess - ok
19:23:28.0388 2908  [ aaf932b4011d14052955d4b212a4da8d ] ShellHWDetection C:\Windows\System32\shsvcs.dll
19:23:28.0466 2908  ShellHWDetection - ok
19:23:28.0497 2908  [ 1bc348cf6baa90ec8e533ef6e6a69933 ] SiSGbeLH        C:\Windows\system32\DRIVERS\SiSG664.sys
19:23:28.0528 2908  SiSGbeLH - ok
19:23:28.0544 2908  [ 843caf1e5fde1ffd5ff768f23a51e2e1 ] SiSRaid2        C:\Windows\system32\DRIVERS\SiSRaid2.sys
19:23:28.0559 2908  SiSRaid2 - ok
19:23:28.0575 2908  [ 6a6c106d42e9ffff8b9fcb4f754f6da4 ] SiSRaid4        C:\Windows\system32\DRIVERS\sisraid4.sys
19:23:28.0591 2908  SiSRaid4 - ok
19:23:28.0606 2908  [ 548260a7b8654e024dc30bf8a7c5baa4 ] Smb             C:\Windows\system32\DRIVERS\smb.sys
19:23:28.0653 2908  Smb - ok
19:23:28.0731 2908  [ 6313f223e817cc09aa41811daa7f541d ] SNMPTRAP        C:\Windows\System32\snmptrap.exe
19:23:28.0762 2908  SNMPTRAP - ok
19:23:28.0856 2908  [ 1d8474722cdffbb8fca5fa12c50a05a2 ] SNP2UVC         C:\Windows\system32\DRIVERS\snp2uvc.sys
19:23:28.0887 2908  SNP2UVC - ok
19:23:28.0903 2908  [ b9e31e5cacdfe584f34f730a677803f9 ] spldr           C:\Windows\system32\drivers\spldr.sys
19:23:28.0918 2908  spldr - ok
19:23:29.0012 2908  [ b96c17b5dc1424d56eea3a99e97428cd ] Spooler         C:\Windows\System32\spoolsv.exe
19:23:29.0059 2908  Spooler - ok
19:23:29.0261 2908  [ e17e0188bb90fae42d83e98707efa59c ] sppsvc          C:\Windows\system32\sppsvc.exe
19:23:29.0386 2908  sppsvc - ok
19:23:29.0402 2908  [ 93d7d61317f3d4bc4f4e9f8a96a7de45 ] sppuinotify     C:\Windows\system32\sppuinotify.dll
19:23:29.0464 2908  sppuinotify - ok
19:23:29.0527 2908  [ 441fba48bff01fdb9d5969ebc1838f0b ] srv             C:\Windows\system32\DRIVERS\srv.sys
19:23:29.0573 2908  srv - ok
19:23:29.0605 2908  [ b4adebbf5e3677cce9651e0f01f7cc28 ] srv2            C:\Windows\system32\DRIVERS\srv2.sys
19:23:29.0636 2908  srv2 - ok
19:23:29.0683 2908  [ 27e461f0be5bff5fc737328f749538c3 ] srvnet          C:\Windows\system32\DRIVERS\srvnet.sys
19:23:29.0714 2908  srvnet - ok
19:23:29.0745 2908  [ 51b52fbd583cde8aa9ba62b8b4298f33 ] SSDPSRV         C:\Windows\System32\ssdpsrv.dll
19:23:29.0807 2908  SSDPSRV - ok
19:23:29.0823 2908  [ ab7aebf58dad8daab7a6c45e6a8885cb ] SstpSvc         C:\Windows\system32\sstpsvc.dll
19:23:29.0885 2908  SstpSvc - ok
19:23:29.0917 2908  [ f3817967ed533d08327dc73bc4d5542a ] stexstor        C:\Windows\system32\DRIVERS\stexstor.sys
19:23:29.0932 2908  stexstor - ok
19:23:29.0995 2908  [ 8dd52e8e6128f4b2da92ce27402871c1 ] stisvc          C:\Windows\System32\wiaservc.dll
19:23:30.0057 2908  stisvc - ok
19:23:30.0088 2908  [ d01ec09b6711a5f8e7e6564a4d0fbc90 ] swenum          C:\Windows\system32\drivers\swenum.sys
19:23:30.0119 2908  swenum - ok
19:23:30.0151 2908  [ e08e46fdd841b7184194011ca1955a0b ] swprv           C:\Windows\System32\swprv.dll
19:23:30.0197 2908  swprv - ok
19:23:30.0260 2908  [ bf9ccc0bf39b418c8d0ae8b05cf95b7d ] SysMain         C:\Windows\system32\sysmain.dll
19:23:30.0338 2908  SysMain - ok
19:23:30.0369 2908  [ e3c61fd7b7c2557e1f1b0b4cec713585 ] TabletInputService C:\Windows\System32\TabSvc.dll
19:23:30.0400 2908  TabletInputService - ok
19:23:30.0431 2908  [ 40f0849f65d13ee87b9a9ae3c1dd6823 ] TapiSrv         C:\Windows\System32\tapisrv.dll
19:23:30.0525 2908  TapiSrv - ok
19:23:30.0541 2908  [ 1be03ac720f4d302ea01d40f588162f6 ] TBS             C:\Windows\System32\tbssvc.dll
19:23:30.0603 2908  TBS - ok
19:23:30.0665 2908  [ acb82bda8f46c84f465c1afa517dc4b9 ] Tcpip           C:\Windows\system32\drivers\tcpip.sys
19:23:30.0743 2908  Tcpip - ok
19:23:30.0806 2908  [ acb82bda8f46c84f465c1afa517dc4b9 ] TCPIP6          C:\Windows\system32\DRIVERS\tcpip.sys
19:23:30.0837 2908  TCPIP6 - ok
19:23:30.0884 2908  [ df687e3d8836bfb04fcc0615bf15a519 ] tcpipreg        C:\Windows\system32\drivers\tcpipreg.sys
19:23:30.0915 2908  tcpipreg - ok
19:23:30.0946 2908  [ 3371d21011695b16333a3934340c4e7c ] TDPIPE          C:\Windows\system32\drivers\tdpipe.sys
19:23:30.0993 2908  TDPIPE - ok
19:23:31.0009 2908  [ 51c5eceb1cdee2468a1748be550cfbc8 ] TDTCP           C:\Windows\system32\drivers\tdtcp.sys
19:23:31.0040 2908  TDTCP - ok
19:23:31.0087 2908  [ ddad5a7ab24d8b65f8d724f5c20fd806 ] tdx             C:\Windows\system32\DRIVERS\tdx.sys
19:23:31.0133 2908  tdx - ok
19:23:31.0165 2908  [ 561e7e1f06895d78de991e01dd0fb6e5 ] TermDD          C:\Windows\system32\drivers\termdd.sys
19:23:31.0180 2908  TermDD - ok
19:23:31.0227 2908  [ 2e648163254233755035b46dd7b89123 ] TermService     C:\Windows\System32\termsrv.dll
19:23:31.0305 2908  TermService - ok
19:23:31.0336 2908  [ f0344071948d1a1fa732231785a0664c ] Themes          C:\Windows\system32\themeservice.dll
19:23:31.0383 2908  Themes - ok
19:23:31.0399 2908  [ e40e80d0304a73e8d269f7141d77250b ] THREADORDER     C:\Windows\system32\mmcss.dll
19:23:31.0445 2908  THREADORDER - ok
19:23:31.0508 2908  [ 7e7afd841694f6ac397e99d75cead49d ] TrkWks          C:\Windows\System32\trkwks.dll
19:23:31.0555 2908  TrkWks - ok
19:23:31.0648 2908  [ 773212b2aaa24c1e31f10246b15b276c ] TrustedInstaller C:\Windows\servicing\TrustedInstaller.exe
19:23:31.0773 2908  TrustedInstaller - ok
19:23:31.0820 2908  [ ce18b2cdfc837c99e5fae9ca6cba5d30 ] tssecsrv        C:\Windows\system32\DRIVERS\tssecsrv.sys
19:23:31.0867 2908  tssecsrv - ok
19:23:31.0898 2908  [ d11c783e3ef9a3c52c0ebe83cc5000e9 ] TsUsbFlt        C:\Windows\system32\drivers\tsusbflt.sys
19:23:31.0960 2908  TsUsbFlt - ok
19:23:32.0007 2908  [ 3566a8daafa27af944f5d705eaa64894 ] tunnel          C:\Windows\system32\DRIVERS\tunnel.sys
19:23:32.0054 2908  tunnel - ok
19:23:32.0069 2908  [ b4dd609bd7e282bfc683cec7eaaaad67 ] uagp35          C:\Windows\system32\DRIVERS\uagp35.sys
19:23:32.0101 2908  uagp35 - ok
19:23:32.0132 2908  [ ff4232a1a64012baa1fd97c7b67df593 ] udfs            C:\Windows\system32\DRIVERS\udfs.sys
19:23:32.0179 2908  udfs - ok
19:23:32.0225 2908  [ 3cbdec8d06b9968aba702eba076364a1 ] UI0Detect       C:\Windows\system32\UI0Detect.exe
19:23:32.0257 2908  UI0Detect - ok
19:23:32.0288 2908  [ 4bfe1bc28391222894cbf1e7d0e42320 ] uliagpkx        C:\Windows\system32\drivers\uliagpkx.sys
19:23:32.0303 2908  uliagpkx - ok
19:23:32.0350 2908  [ dc54a574663a895c8763af0fa1ff7561 ] umbus           C:\Windows\system32\drivers\umbus.sys
19:23:32.0381 2908  umbus - ok
19:23:32.0397 2908  [ b2e8e8cb557b156da5493bbddcc1474d ] UmPass          C:\Windows\system32\DRIVERS\umpass.sys
19:23:32.0428 2908  UmPass - ok
19:23:32.0475 2908  [ d47ec6a8e81633dd18d2436b19baf6de ] upnphost        C:\Windows\System32\upnphost.dll
19:23:32.0537 2908  upnphost - ok
19:23:32.0569 2908  [ 481dff26b4dca8f4cbac1f7dce1d6829 ] usbccgp         C:\Windows\system32\drivers\usbccgp.sys
19:23:32.0615 2908  usbccgp - ok
19:23:32.0647 2908  [ af0892a803fdda7492f595368e3b68e7 ] usbcir          C:\Windows\system32\drivers\usbcir.sys
19:23:32.0693 2908  usbcir - ok
19:23:32.0725 2908  [ 74ee782b1d9c241efe425565854c661c ] usbehci         C:\Windows\system32\drivers\usbehci.sys
19:23:32.0756 2908  usbehci - ok
19:23:32.0787 2908  [ dc96bd9ccb8403251bcf25047573558e ] usbhub          C:\Windows\system32\drivers\usbhub.sys
19:23:32.0818 2908  usbhub - ok
19:23:32.0834 2908  [ 58e546bbaf87664fc57e0f6081e4f609 ] usbohci         C:\Windows\system32\drivers\usbohci.sys
19:23:32.0849 2908  usbohci - ok
19:23:32.0881 2908  [ 73188f58fb384e75c4063d29413cee3d ] usbprint        C:\Windows\system32\DRIVERS\usbprint.sys
19:23:32.0927 2908  usbprint - ok
19:23:32.0943 2908  [ d76510cfa0fc09023077f22c2f979d86 ] USBSTOR         C:\Windows\system32\DRIVERS\USBSTOR.SYS
19:23:32.0974 2908  USBSTOR - ok
19:23:32.0990 2908  [ 81fb2216d3a60d1284455d511797db3d ] usbuhci         C:\Windows\system32\drivers\usbuhci.sys
19:23:33.0021 2908  usbuhci - ok
19:23:33.0068 2908  [ 454800c2bc7f3927ce030141ee4f4c50 ] usbvideo        C:\Windows\System32\Drivers\usbvideo.sys
19:23:33.0099 2908  usbvideo - ok
19:23:33.0130 2908  [ edbb23cbcf2cdf727d64ff9b51a6070e ] UxSms           C:\Windows\System32\uxsms.dll
19:23:33.0177 2908  UxSms - ok
19:23:33.0208 2908  [ c118a82cd78818c29ab228366ebf81c3 ] VaultSvc        C:\Windows\system32\lsass.exe
19:23:33.0224 2908  VaultSvc - ok
19:23:33.0255 2908  [ c5c876ccfc083ff3b128f933823e87bd ] vdrvroot        C:\Windows\system32\drivers\vdrvroot.sys
19:23:33.0255 2908  vdrvroot - ok
19:23:33.0302 2908  [ 8d6b481601d01a456e75c3210f1830be ] vds             C:\Windows\System32\vds.exe
19:23:33.0364 2908  vds - ok
19:23:33.0395 2908  [ da4da3f5e02943c2dc8c6ed875de68dd ] vga             C:\Windows\system32\DRIVERS\vgapnp.sys
19:23:33.0411 2908  vga - ok
19:23:33.0442 2908  [ 53e92a310193cb3c03bea963de7d9cfc ] VgaSave         C:\Windows\System32\drivers\vga.sys
19:23:33.0489 2908  VgaSave - ok
19:23:33.0520 2908  [ 2ce2df28c83aeaf30084e1b1eb253cbb ] vhdmp           C:\Windows\system32\drivers\vhdmp.sys
19:23:33.0536 2908  vhdmp - ok
19:23:33.0567 2908  [ e5689d93ffe4e5d66c0178761240dd54 ] viaide          C:\Windows\system32\drivers\viaide.sys
19:23:33.0583 2908  viaide - ok
19:23:33.0598 2908  [ d2aafd421940f640b407aefaaebd91b0 ] volmgr          C:\Windows\system32\drivers\volmgr.sys
19:23:33.0614 2908  volmgr - ok
19:23:33.0645 2908  [ a255814907c89be58b79ef2f189b843b ] volmgrx         C:\Windows\system32\drivers\volmgrx.sys
19:23:33.0676 2908  volmgrx - ok
19:23:33.0723 2908  [ 0d08d2f3b3ff84e433346669b5e0f639 ] volsnap         C:\Windows\system32\drivers\volsnap.sys
19:23:33.0739 2908  volsnap - ok
19:23:33.0785 2908  [ 5e2016ea6ebaca03c04feac5f330d997 ] vsmraid         C:\Windows\system32\DRIVERS\vsmraid.sys
19:23:33.0801 2908  vsmraid - ok
19:23:33.0988 2908  [ b60ba0bc31b0cb414593e169f6f21cc2 ] VSS             C:\Windows\system32\vssvc.exe
19:23:34.0097 2908  VSS - ok
19:23:34.0113 2908  [ 36d4720b72b5c5d9cb2b9c29e9df67a1 ] vwifibus        C:\Windows\system32\DRIVERS\vwifibus.sys
19:23:34.0129 2908  vwifibus - ok
19:23:34.0144 2908  [ 6a3d66263414ff0d6fa754c646612f3f ] vwififlt        C:\Windows\system32\DRIVERS\vwififlt.sys
19:23:34.0160 2908  vwififlt - ok
19:23:34.0191 2908  [ 1c9d80cc3849b3788048078c26486e1a ] W32Time         C:\Windows\system32\w32time.dll
19:23:34.0253 2908  W32Time - ok
19:23:34.0285 2908  [ 4e9440f4f152a7b944cb1663d3935a3e ] WacomPen        C:\Windows\system32\DRIVERS\wacompen.sys
19:23:34.0316 2908  WacomPen - ok
19:23:34.0363 2908  [ 356afd78a6ed4457169241ac3965230c ] WANARP          C:\Windows\system32\DRIVERS\wanarp.sys
19:23:34.0409 2908  WANARP - ok
19:23:34.0409 2908  [ 356afd78a6ed4457169241ac3965230c ] Wanarpv6        C:\Windows\system32\DRIVERS\wanarp.sys
19:23:34.0456 2908  Wanarpv6 - ok
19:23:34.0487 2908  [ eceb715bece47e101ddec06b11126066 ] wanatw          C:\Windows\system32\DRIVERS\wanatw64.sys
19:23:34.0534 2908  wanatw - ok
19:23:34.0612 2908  [ 78f4e7f5c56cb9716238eb57da4b6a75 ] wbengine        C:\Windows\system32\wbengine.exe
19:23:34.0721 2908  wbengine - ok
19:23:34.0768 2908  [ 3aa101e8edab2db4131333f4325c76a3 ] WbioSrvc        C:\Windows\System32\wbiosrvc.dll
19:23:34.0799 2908  WbioSrvc - ok
19:23:34.0846 2908  [ 7368a2afd46e5a4481d1de9d14848edd ] wcncsvc         C:\Windows\System32\wcncsvc.dll
19:23:34.0909 2908  wcncsvc - ok
19:23:34.0940 2908  [ 20f7441334b18cee52027661df4a6129 ] WcsPlugInService C:\Windows\System32\WcsPlugInService.dll
19:23:34.0987 2908  WcsPlugInService - ok
19:23:35.0018 2908  [ 72889e16ff12ba0f235467d6091b17dc ] Wd              C:\Windows\system32\DRIVERS\wd.sys
19:23:35.0033 2908  Wd - ok
19:23:35.0049 2908  [ 441bd2d7b4f98134c3a4f9fa570fd250 ] Wdf01000        C:\Windows\system32\drivers\Wdf01000.sys
19:23:35.0080 2908  Wdf01000 - ok
19:23:35.0096 2908  [ bf1fc3f79b863c914687a737c2f3d681 ] WdiServiceHost  C:\Windows\system32\wdi.dll
19:23:35.0189 2908  WdiServiceHost - ok
19:23:35.0205 2908  [ bf1fc3f79b863c914687a737c2f3d681 ] WdiSystemHost   C:\Windows\system32\wdi.dll
19:23:35.0221 2908  WdiSystemHost - ok
19:23:35.0252 2908  [ 3db6d04e1c64272f8b14eb8bc4616280 ] WebClient       C:\Windows\System32\webclnt.dll
19:23:35.0283 2908  WebClient - ok
19:23:35.0314 2908  [ c749025a679c5103e575e3b48e092c43 ] Wecsvc          C:\Windows\system32\wecsvc.dll
19:23:35.0377 2908  Wecsvc - ok
19:23:35.0392 2908  [ 7e591867422dc788b9e5bd337a669a08 ] wercplsupport   C:\Windows\System32\wercplsupport.dll
19:23:35.0455 2908  wercplsupport - ok
19:23:35.0486 2908  [ 6d137963730144698cbd10f202e9f251 ] WerSvc          C:\Windows\System32\WerSvc.dll
19:23:35.0533 2908  WerSvc - ok
19:23:35.0564 2908  [ 611b23304bf067451a9fdee01fbdd725 ] WfpLwf          C:\Windows\system32\DRIVERS\wfplwf.sys
19:23:35.0611 2908  WfpLwf - ok
19:23:35.0642 2908  [ 52ded146e4797e6ccf94799e8e22bb2a ] WimFltr         C:\Windows\system32\DRIVERS\wimfltr.sys
19:23:35.0657 2908  WimFltr - ok
19:23:35.0673 2908  [ 05ecaec3e4529a7153b3136ceb49f0ec ] WIMMount        C:\Windows\system32\drivers\wimmount.sys
19:23:35.0689 2908  WIMMount - ok
19:23:35.0720 2908  WinDefend - ok
19:23:35.0720 2908  WinHttpAutoProxySvc - ok
19:23:35.0891 2908  [ 19b07e7e8915d701225da41cb3877306 ] Winmgmt         C:\Windows\system32\wbem\WMIsvc.dll
19:23:35.0985 2908  Winmgmt - ok
19:23:36.0063 2908  [ bcb1310604aa415c4508708975b3931e ] WinRM           C:\Windows\system32\WsmSvc.dll
19:23:36.0172 2908  WinRM - ok
19:23:36.0235 2908  [ 4fada86e62f18a1b2f42ba18ae24e6aa ] Wlansvc         C:\Windows\System32\wlansvc.dll
19:23:36.0281 2908  Wlansvc - ok
19:23:36.0313 2908  [ f6ff8944478594d0e414d3f048f0d778 ] WmiAcpi         C:\Windows\system32\drivers\wmiacpi.sys
19:23:36.0328 2908  WmiAcpi - ok
19:23:36.0359 2908  [ 38b84c94c5a8af291adfea478ae54f93 ] wmiApSrv        C:\Windows\system32\wbem\WmiApSrv.exe
19:23:36.0406 2908  wmiApSrv - ok
19:23:36.0422 2908  WMPNetworkSvc - ok
19:23:36.0453 2908  [ 96c6e7100d724c69fcf9e7bf590d1dca ] WPCSvc          C:\Windows\System32\wpcsvc.dll
19:23:36.0484 2908  WPCSvc - ok
19:23:36.0531 2908  [ 93221146d4ebbf314c29b23cd6cc391d ] WPDBusEnum      C:\Windows\system32\wpdbusenum.dll
19:23:36.0547 2908  WPDBusEnum - ok
19:23:36.0578 2908  [ 6bcc1d7d2fd2453957c5479a32364e52 ] ws2ifsl         C:\Windows\system32\drivers\ws2ifsl.sys
19:23:36.0625 2908  ws2ifsl - ok
19:23:36.0640 2908  [ e8b1fe6669397d1772d8196df0e57a9e ] wscsvc          C:\Windows\System32\wscsvc.dll
19:23:36.0687 2908  wscsvc - ok
19:23:36.0687 2908  WSearch - ok
19:23:36.0781 2908  [ d9ef901dca379cfe914e9fa13b73b4c4 ] wuauserv        C:\Windows\system32\wuaueng.dll
19:23:36.0905 2908  wuauserv - ok
19:23:36.0937 2908  [ d3381dc54c34d79b22cee0d65ba91b7c ] WudfPf          C:\Windows\system32\drivers\WudfPf.sys
19:23:36.0983 2908  WudfPf - ok
19:23:37.0015 2908  [ cf8d590be3373029d57af80914190682 ] WUDFRd          C:\Windows\system32\DRIVERS\WUDFRd.sys
19:23:37.0077 2908  WUDFRd - ok
19:23:37.0108 2908  [ 7a95c95b6c4cf292d689106bcae49543 ] wudfsvc         C:\Windows\System32\WUDFSvc.dll
19:23:37.0171 2908  wudfsvc - ok
19:23:37.0217 2908  [ 9a3452b3c2a46c073166c5cf49fad1ae ] WwanSvc         C:\Windows\System32\wwansvc.dll
19:23:37.0264 2908  WwanSvc - ok
19:23:37.0280 2908  ================ Scan global ===============================
19:23:37.0327 2908  (ba0cd8c393e8c9f83354106093832c7b) C:\Windows\system32\basesrv.dll
19:23:37.0358 2908  (eb6a48cc998e1090e44e8e7f1009a640) C:\Windows\system32\winsrv.dll
19:23:37.0373 2908  (eb6a48cc998e1090e44e8e7f1009a640) C:\Windows\system32\winsrv.dll
19:23:37.0389 2908  (d6160f9d869ba3af0b787f971db56368) C:\Windows\system32\sxssrv.dll
19:23:37.0420 2908  (24acb7e5be595468e3b9aa488b9b4fcb) C:\Windows\system32\services.exe
19:23:37.0436 2908  [Global] - ok
19:23:37.0436 2908  ================ Scan MBR ==================================
19:23:37.0436 2908  MBR (0x1B8)     (5c616939100b85e558da92b899a0fc36) \Device\Harddisk0\DR0
19:23:38.0637 2908  \Device\Harddisk0\DR0 - ok
19:23:38.0653 2908  ================ Scan VBR ==================================
19:23:38.0684 2908  Boot (0x1200)   (41df7337f026bc6cbf98e65cffafd64d) \Device\Harddisk0\DR0\Partition1
19:23:38.0684 2908  \Device\Harddisk0\DR0\Partition1 - ok
19:23:38.0699 2908  Boot (0x1200)   (f2cafb49def3871ab3d6c376807971f1) \Device\Harddisk0\DR0\Partition2
19:23:38.0715 2908  \Device\Harddisk0\DR0\Partition2 - ok
19:23:38.0715 2908  ============================================================
19:23:38.0715 2908  Scan finished
19:23:38.0715 2908  ============================================================
19:23:38.0715 4300  Detected object count: 2
19:23:38.0715 4300  Actual detected object count: 2
19:23:52.0521 4300  ADSMService ( UnsignedFile.Multi.Generic ) - skipped by user
19:23:52.0521 4300  ADSMService ( UnsignedFile.Multi.Generic ) - User select action: Skip 
19:23:52.0537 4300  ATKGFNEXSrv ( UnsignedFile.Multi.Generic ) - skipped by user
19:23:52.0537 4300  ATKGFNEXSrv ( UnsignedFile.Multi.Generic ) - User select action: Skip

14.08.2012, 12:33	#2
cosinus /// Winkelfunktion /// TB-Süch-Tiger™	RootKit.0Access.H bzw. TR/Atraps.Gen2 Malwarebytes erstellt bei jedem Scanvorgang genau ein Log. Hast du in der Vergangenheit schonmal mit Malwarebytes gescannt? Wenn ja dann stehen auch alle Logs zu jedem Scanvorgang im Reiter Logdateien. Bitte alle posten, die dort sichtbar sind. __________________ __________________

15.08.2012, 20:42	#8
cosinus /// Winkelfunktion /// TB-Süch-Tiger™	RootKit.0Access.H bzw. TR/Atraps.Gen2 Hätte da mal zwei Fragen bevor es weiter geht 1.) Geht der normale Modus von Windows (wieder) uneingeschränkt? 2.) Vermisst du irgendwas im Startmenü? Sind da leere Ordner unter alle Programme oder ist alles vorhanden? __________________ Logfiles bitte immer in CODE-Tags posten

RootKit.0Access.H bzw. TR/Atraps.Gen2

Plagegeister aller Art und deren Bekämpfung: RootKit.0Access.H bzw. TR/Atraps.Gen2