PUP.VShareRedir gefunden, Rechner versendet evtl. Spam-Mails

cosinus · 03.09.2012, 19:58

Zitat:

Was mir davon bekannt vorkommt ist die IP "10.0.0.138". Damit kommt man auf die Konfigurationsseite von unserem WLAN-Router.

Solche 10er Netze sind auch rein privat aber für Heimrouter ungewöhnlich, da verwendet man eher sowas wie 192.168.x.y
10er Netze findet man wahrscheinlich eher in Unternehmensnetzwerken und da du eine Pro Edition von Windows hast hat sich der Verdaht auf Büro-PC nunmal erhärtet

puntaara · 04.09.2012, 02:49

Achso, wieder was gelernt

Bin gerade zu Besuch in Australien und ohne Einfluss auf das WLAN-Setup. Vielleicht machen die das hier so? Hier läuft so einiges anders (z.B. teilweise Internetbanking ohne TANs oder andere Absicherungen

) - aber das ist ein anderes Thema...

Beim Internetexplorer (den ich nur selten nutze) ist mir aufgefallen, dass man bei einer Suchanfrage in der Adressleiste immer noch zu startsear.ch bzw. startpins umgeleitet wird.

cosinus · 04.09.2012, 14:52

Warum hast du denn jetzt ne Pro Edition von Windows?

Die benötigt man im Heimbereich eigentlich garnicht, das ist fast raus
geschmissenes Geld

Mach bitte einen neuen Suchlauf mit adwCleaner
Wenn der nichts mehr findet müssen wir manuell ran um startsearch und anderen Müll zu kicken

puntaara · 05.09.2012, 10:05

Meine Uni in Deutschland ist in dieser Microsoft Academic Alliance (MSDNAA). Weil ich von Vista weg wollte, habe ich mir Windows 7 darüber besorgt und wenn ich mich richtig erinnern kann, hatte ich sogar nur die Professional-Version zur Auswahl.

Habe den AdWCleaner nochmal laufen lassen:

Code:

ATTFilter

# AdwCleaner v2.000 - Datei am 09/05/2012 um 18:58:47 erstellt
# Aktualisiert am 30/08/2012 von Xplode
# Betriebssystem : Windows 7 Professional Service Pack 1 (32 bits)
# Benutzer : *** - ***-PC
# Normaler Modus : Normal
# Ausgeführt unter : C:\Users\***\Desktop\adwcleaner.exe
# Option [Suche]


**** [Dienste] ****


***** [Dateien / Ordner] *****


***** [Registrierungsdatenbank] *****


***** [Internet Browser] *****

-\\ Internet Explorer v9.0.8112.16421

[OK] Die Registrierungsdatenbank ist sauber.

-\\ Mozilla Firefox v15.0 (de)

Profilname : default [Profil par défaut]
Datei : C:\Users\***\AppData\Roaming\Mozilla\Firefox\Profiles\17f4qzsw.default\prefs.js

[OK] Die Datei ist sauber.

*************************

AdwCleaner[R1].txt - [3396 octets] - [01/09/2012 20:19:43]
AdwCleaner[S1].txt - [3715 octets] - [01/09/2012 21:41:31]
AdwCleaner[R2].txt - [900 octets] - [05/09/2012 18:58:47]

########## EOF - C:\AdwCleaner[R2].txt - [959 octets] ##########

cosinus · 05.09.2012, 14:32

Hätte da mal zwei Fragen bevor es weiter geht

1.) Geht der normale Modus von Windows (wieder) uneingeschränkt?
2.) Vermisst du irgendwas im Startmenü? Sind da leere Ordner unter alle Programme oder ist alles vorhanden?

puntaara · 06.09.2012, 10:00

Windows läuft normal, auch das Startmenü scheint soweit in Ordnung zu sein.

cosinus · 06.09.2012, 15:04

Mach bitte ein neues OTL-Log. Bitte alles nach Möglichkeit hier in CODE-Tags posten.

Wird so gemacht:

[code] hier steht das Log [/code]

Und das ganze sieht dann so aus:

Code:

ATTFilter

 hier steht das Log

CustomScan mit OTL

Lade Dir bitte OTL von Oldtimer herunter und speichere es auf Deinem Desktop. Falls schon vorhanden, bitte die ältere vorhandene Datei durch die neu heruntergeladene Datei ersetzen, damit du auch wirklich mit einer aktuellen Version von OTL arbeitest.

Starte bitte die OTL.exe.
Vista und Win7 User mit Rechtsklick "als Administrator starten"
Setze oben mittig den Haken bei Scanne alle Benutzer
Kopiere nun den kompletten Inhalt aus der untenstehenden Codebox in die Textbox von OTL - wenn OTL auf deutsch ist wird sie mit beschriftet

Code:

ATTFilter

netsvcs
msconfig
safebootminimal
safebootnetwork
activex
drivers32
%ALLUSERSPROFILE%\Application Data\*.
%ALLUSERSPROFILE%\Application Data\*.exe /s
%APPDATA%\*.
%APPDATA%\*.exe /s
%SYSTEMDRIVE%\*.exe
/md5start
wininit.exe
userinit.exe
eventlog.dll
scecli.dll
netlogon.dll
cngaudit.dll
ws2ifsl.sys
sceclt.dll
ntelogon.dll
winlogon.exe
logevent.dll
user32.DLL
iaStor.sys
nvstor.sys
atapi.sys
IdeChnDr.sys
viasraid.sys
AGP440.sys
vaxscsi.sys
nvatabus.sys
viamraid.sys
nvata.sys
nvgts.sys
iastorv.sys
ViPrt.sys
eNetHook.dll
ahcix86.sys
KR10N.sys
nvstor32.sys
ahcix86s.sys
/md5stop
%systemroot%\system32\drivers\*.sys /lockedfiles
%systemroot%\System32\config\*.sav
%systemroot%\*. /mp /s
%systemroot%\system32\*.dll /lockedfiles
CREATERESTOREPOINT

Schliesse bitte nun alle Programme. (Wichtig)
Klicke nun bitte auf den Quick Scan Button.
Klick auf .
Kopiere nun den Inhalt aus OTL.txt hier in Deinen Thread

puntaara · 07.09.2012, 01:23

OTL Logfile:

Code:

ATTFilter

OTL logfile created on: 07.09.2012 08:54:06 - Run 3
OTL by OldTimer - Version 3.2.61.0     Folder = C:\Users\***\Desktop
 Professional Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
 
2,00 Gb Total Physical Memory | 1,15 Gb Available Physical Memory | 57,40% Memory free
4,00 Gb Paging File | 2,89 Gb Available in Paging File | 72,24% Paging File free
Paging file location(s): C:\pagefile.sys 0 0 [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 88,31 Gb Total Space | 10,29 Gb Free Space | 11,65% Space Free | Partition Type: NTFS
Drive D: | 88,00 Gb Total Space | 1,12 Gb Free Space | 1,28% Space Free | Partition Type: NTFS
Drive E: | 7,71 Gb Total Space | 0,00 Gb Free Space | 0,00% Space Free | Partition Type: UDF
 
Computer Name: ******-PC | User Name: *** | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users | Quick Scan
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days
 
========== Processes (SafeList) ==========
 
PRC - [2012.09.07 08:37:23 | 000,599,040 | ---- | M] (OldTimer Tools) -- C:\Users\***\Desktop\otl.exe
PRC - [2012.08.13 13:33:30 | 003,064,000 | ---- | M] (Skype Technologies S.A.) -- C:\ProgramData\Skype\Toolbars\Skype C2C Service\c2c_service.exe
PRC - [2012.08.03 16:06:06 | 001,086,376 | ---- | M] (Nokia) -- C:\Program Files\Nokia\Nokia Suite\NokiaSuite.exe
PRC - [2012.08.01 16:07:16 | 000,724,888 | ---- | M] (Nokia) -- C:\Program Files\PC Connectivity Solution\ServiceLayer.exe
PRC - [2012.08.01 16:07:06 | 000,174,488 | ---- | M] (Nokia) -- C:\Program Files\PC Connectivity Solution\Transports\NclUSBSrv.exe
PRC - [2012.08.01 16:06:58 | 000,148,888 | ---- | M] (Nokia) -- C:\Program Files\PC Connectivity Solution\Transports\NclMSBTSrvEx.exe
PRC - [2012.07.28 06:51:26 | 000,063,960 | ---- | M] (Adobe Systems Incorporated) -- C:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe
PRC - [2012.07.03 13:46:44 | 000,655,944 | ---- | M] (Malwarebytes Corporation) -- C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe
PRC - [2012.06.16 12:24:19 | 000,138,272 | R--- | M] (Symantec Corporation) -- C:\Program Files\Norton Internet Security\Engine\19.8.0.14\ccsvchst.exe
PRC - [2012.05.15 19:27:34 | 000,857,920 | ---- | M] (NVIDIA Corporation) -- C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe
PRC - [2011.12.02 02:11:48 | 000,743,936 | ---- | M] () -- C:\Program Files\CPUCooL\CooLSRV.exe
PRC - [2011.07.09 06:32:14 | 000,666,696 | ---- | M] (Juniper Networks) -- C:\Program Files\Juniper Networks\Common Files\dsNcService.exe
PRC - [2011.07.01 19:46:40 | 000,458,752 | ---- | M] () -- C:\Program Files\ShellfireVPN\openvpn\openvpn.exe
PRC - [2011.06.24 14:22:20 | 000,271,360 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\conhost.exe
PRC - [2011.05.04 12:52:32 | 000,145,184 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files\ShellfireVPN\jre6\bin\java.exe
PRC - [2011.02.25 15:30:54 | 002,616,320 | ---- | M] (Microsoft Corporation) -- C:\Windows\explorer.exe
PRC - [2010.11.20 22:17:47 | 000,049,152 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\taskhost.exe
PRC - [2010.11.07 04:34:12 | 000,009,216 | ---- | M] (Agere Systems) -- C:\Windows\System32\agrsmsvc.exe
PRC - [2009.01.27 00:31:10 | 001,153,368 | ---- | M] (Safer Networking Ltd.) -- C:\Program Files\Spybot - Search & Destroy\SDWinSec.exe
PRC - [2008.01.03 14:33:50 | 000,372,736 | ---- | M] (SAMSUNG Electronics Co., Ltd.) -- C:\Program Files\SamSung\MagicKBD\MagicKBD.exe
PRC - [2008.01.03 02:40:14 | 000,348,160 | ---- | M] (SAMSUNG Electronics co., LTD.) -- C:\Program Files\SamSung\EBM\EasyBatteryMgr3.exe
PRC - [2007.12.28 19:44:10 | 000,565,248 | ---- | M] (Samsung Electronics Co., Ltd.) -- C:\Program Files\SamSung\EasySpeedUpManager\EasySpeedUpManager.exe
PRC - [2007.10.17 16:28:08 | 000,692,224 | ---- | M] (SAMSUNG Electronics) -- C:\Program Files\SamSung\Easy Display Manager\dmhkcore.exe
 
 
========== Modules (No Company Name) ==========
 
MOD - [2012.08.03 16:07:06 | 000,276,392 | ---- | M] () -- C:\Program Files\Nokia\Nokia Suite\phonon4.dll
MOD - [2012.08.03 16:06:50 | 002,652,584 | ---- | M] () -- C:\Program Files\Nokia\Nokia Suite\QtXmlPatterns4.dll
MOD - [2012.08.03 16:06:50 | 000,363,944 | ---- | M] () -- C:\Program Files\Nokia\Nokia Suite\QtXml4.dll
MOD - [2012.08.03 16:06:48 | 011,166,120 | ---- | M] () -- C:\Program Files\Nokia\Nokia Suite\QtWebKit4.dll
MOD - [2012.08.03 16:06:46 | 000,205,736 | ---- | M] () -- C:\Program Files\Nokia\Nokia Suite\QtSql4.dll
MOD - [2012.08.03 16:06:44 | 001,346,472 | ---- | M] () -- C:\Program Files\Nokia\Nokia Suite\QtScript4.dll
MOD - [2012.08.03 16:06:44 | 000,720,296 | ---- | M] () -- C:\Program Files\Nokia\Nokia Suite\QtOpenGL4.dll
MOD - [2012.08.03 16:06:42 | 008,506,792 | ---- | M] () -- C:\Program Files\Nokia\Nokia Suite\QtGui4.dll
MOD - [2012.08.03 16:06:42 | 001,013,672 | ---- | M] () -- C:\Program Files\Nokia\Nokia Suite\QtNetwork4.dll
MOD - [2012.08.03 16:06:42 | 000,520,104 | ---- | M] () -- C:\Program Files\Nokia\Nokia Suite\QtMultimediaKit1.dll
MOD - [2012.08.03 16:06:40 | 002,480,552 | ---- | M] () -- C:\Program Files\Nokia\Nokia Suite\QtDeclarative4.dll
MOD - [2012.08.03 16:06:40 | 002,353,576 | ---- | M] () -- C:\Program Files\Nokia\Nokia Suite\QtCore4.dll
MOD - [2012.08.03 16:06:36 | 000,445,864 | ---- | M] () -- C:\Program Files\Nokia\Nokia Suite\sqldrivers\qsqlite4.dll
MOD - [2012.08.03 16:06:32 | 000,206,760 | ---- | M] () -- C:\Program Files\Nokia\Nokia Suite\Imageformats\qjpeg4.dll
MOD - [2012.08.03 16:06:32 | 000,035,240 | ---- | M] () -- C:\Program Files\Nokia\Nokia Suite\Imageformats\qico4.dll
MOD - [2012.08.03 16:06:30 | 000,032,680 | ---- | M] () -- C:\Program Files\Nokia\Nokia Suite\Imageformats\qgif4.dll
MOD - [2012.08.03 16:06:02 | 000,437,672 | ---- | M] () -- C:\Program Files\Nokia\Nokia Suite\NService.dll
MOD - [2012.08.03 16:05:24 | 000,604,072 | ---- | M] () -- C:\Program Files\Nokia\Nokia Suite\CommonUpdateChecker.dll
MOD - [2012.07.02 11:29:08 | 000,391,600 | ---- | M] () -- C:\Program Files\Nokia\Nokia Suite\ssoengine.dll
MOD - [2012.07.02 11:29:08 | 000,059,280 | ---- | M] () -- C:\Program Files\Nokia\Nokia Suite\securestorage.dll
MOD - [2012.07.02 11:28:20 | 000,110,080 | ---- | M] () -- C:\Program Files\Nokia\Nokia Suite\mediaservice\dsengine.dll
MOD - [2006.09.19 09:52:46 | 000,028,672 | ---- | M] () -- C:\Program Files\SamSung\Easy Display Manager\WinMove.dll
MOD - [2006.08.12 21:48:40 | 000,049,152 | ---- | M] () -- C:\Program Files\SamSung\EasySpeedUpManager\HookDllPS2.dll
MOD - [2006.08.12 12:48:40 | 000,049,152 | ---- | M] () -- C:\Program Files\SamSung\Easy Display Manager\HookDllPS2.dll
MOD - [2005.07.12 16:34:22 | 000,045,056 | ---- | M] () -- C:\Program Files\SamSung\MagicKBD\EasyBoxDll.dll
 
 
========== Services (SafeList) ==========
 
SRV - File not found [Auto | Running] -- C:\Program Files\Spybot -- (SBSDWSCService)
SRV - [2012.08.31 09:08:33 | 000,114,144 | ---- | M] (Mozilla Foundation) [On_Demand | Stopped] -- C:\Program Files\Mozilla Maintenance Service\maintenanceservice.exe -- (MozillaMaintenance)
SRV - [2012.08.13 13:33:30 | 003,064,000 | ---- | M] (Skype Technologies S.A.) [Auto | Running] -- C:\ProgramData\Skype\Toolbars\Skype C2C Service\c2c_service.exe -- (Skype C2C Service)
SRV - [2012.08.01 16:07:16 | 000,724,888 | ---- | M] (Nokia) [On_Demand | Running] -- C:\Program Files\PC Connectivity Solution\ServiceLayer.exe -- (ServiceLayer)
SRV - [2012.07.28 06:51:26 | 000,063,960 | ---- | M] (Adobe Systems Incorporated) [Auto | Running] -- C:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe -- (AdobeARMservice)
SRV - [2012.07.03 13:46:44 | 000,655,944 | ---- | M] (Malwarebytes Corporation) [Auto | Running] -- C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe -- (MBAMService)
SRV - [2012.07.03 13:19:28 | 000,160,944 | R--- | M] (Skype Technologies) [Auto | Stopped] -- C:\Program Files\Skype\Updater\Updater.exe -- (SkypeUpdate)
SRV - [2012.06.16 12:24:19 | 000,138,272 | R--- | M] (Symantec Corporation) [Auto | Running] -- C:\Program Files\Norton Internet Security\Engine\19.8.0.14\ccSvcHst.exe -- (NIS)
SRV - [2011.12.02 02:11:48 | 000,743,936 | ---- | M] () [Auto | Running] -- C:\Program Files\CPUCooL\CooLSRV.exe -- (CPUCooLServer)
SRV - [2011.09.01 11:13:02 | 001,343,400 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\Wat\WatAdminSvc.exe -- (WatAdminSvc)
SRV - [2011.07.09 06:32:14 | 000,666,696 | ---- | M] (Juniper Networks) [Auto | Running] -- C:\Program Files\Juniper Networks\Common Files\dsNcService.exe -- (dsNcService)
SRV - [2011.07.05 10:25:08 | 002,428,968 | ---- | M] (mobile concepts GmbH) [On_Demand | Stopped] -- C:\Program Files\CyberGhost VPN\CGVPNCliService.exe -- (CGVPNCliSrvc)
SRV - [2011.05.04 12:52:32 | 000,145,184 | ---- | M] (Sun Microsystems, Inc.) [Auto | Running] -- C:\Program Files\ShellfireVPN\jre6\bin\java.exe -- (ShellfireVPN2Service)
SRV - [2010.11.07 04:34:12 | 000,009,216 | ---- | M] (Agere Systems) [Auto | Running] -- C:\Windows\System32\agrsmsvc.exe -- (AgereModemAudio)
SRV - [2009.07.14 11:16:15 | 000,016,384 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\StorSvc.dll -- (StorSvc)
SRV - [2009.07.14 11:16:13 | 000,025,088 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\sensrsvc.dll -- (SensrSvc)
SRV - [2009.07.14 11:16:12 | 001,004,544 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\PeerDistSvc.dll -- (PeerDistSvc)
SRV - [2009.07.14 11:15:41 | 000,680,960 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Program Files\Windows Defender\MpSvc.dll -- (WinDefend)
SRV - [2007.06.29 03:54:42 | 000,073,728 | ---- | M] () [Disabled | Stopped] -- C:\Program Files\SamSung\Samsung Update Plus\SLUBackgroundService.exe -- (Samsung Update Plus)
 
 
========== Driver Services (SafeList) ==========
 
DRV - File not found [Kernel | On_Demand | Stopped] -- C:\Users\***\AppData\Local\Temp\cpuz132\cpuz132_x32.sys -- (cpuz132)
DRV - File not found [Kernel | On_Demand | Stopped] -- C:\Users\***\AppData\Local\Temp\__Samsung_Update\ADDMEM.SYS -- (ADDMEM)
DRV - [2012.09.06 04:54:30 | 000,386,720 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_19.1.0.28\Definitions\IPSDefs\20120906.002\IDSvix86.sys -- (IDSVix86)
DRV - [2012.09.01 08:09:14 | 000,995,488 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_19.1.0.28\Definitions\BASHDefs\20120905.001\BHDrvx86.sys -- (BHDrvx86)
DRV - [2012.08.21 11:39:34 | 001,601,184 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_19.1.0.28\Definitions\VirusDefs\20120906.002\NAVEX15.SYS -- (NAVEX15)
DRV - [2012.08.21 11:39:34 | 000,092,704 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_19.1.0.28\Definitions\VirusDefs\20120906.002\NAVENG.SYS -- (NAVENG)
DRV - [2012.08.09 15:54:24 | 000,106,656 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\Program Files\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys -- (EraserUtilRebootDrv)
DRV - [2012.08.09 15:54:23 | 000,376,480 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\Program Files\Common Files\Symantec Shared\EENGINE\eeCtrl.sys -- (eeCtrl)
DRV - [2012.07.06 12:17:57 | 000,574,112 | ---- | M] (Symantec Corporation) [File_System | On_Demand | Running] -- C:\Windows\System32\drivers\NIS\1308000.00E\srtsp.sys -- (SRTSP)
DRV - [2012.07.06 12:17:57 | 000,032,928 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\Windows\System32\drivers\NIS\1308000.00E\srtspx.sys -- (SRTSPX)
DRV - [2012.07.03 13:46:44 | 000,022,344 | ---- | M] (Malwarebytes Corporation) [File_System | On_Demand | Running] -- C:\Windows\System32\drivers\mbam.sys -- (MBAMProtector)
DRV - [2012.06.27 15:18:52 | 000,019,072 | ---- | M] (Nokia) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\pccsmcfd.sys -- (pccsmcfd)
DRV - [2012.06.07 14:43:43 | 000,132,768 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\Windows\System32\drivers\NIS\1308000.00E\ccsetx86.sys -- (ccSet_NIS)
DRV - [2012.05.22 11:37:12 | 000,924,320 | ---- | M] (Symantec Corporation) [File_System | Boot | Running] -- C:\Windows\System32\drivers\NIS\1308000.00E\symefa.sys -- (SymEFA)
DRV - [2012.05.15 20:26:00 | 011,354,944 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\nvlddmkm.sys -- (nvlddmkm)
DRV - [2012.04.18 12:13:32 | 000,318,584 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\Windows\System32\drivers\NIS\1308000.00E\symnets.sys -- (SymNetS)
DRV - [2012.04.18 11:42:14 | 000,149,624 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\Windows\System32\drivers\NIS\1308000.00E\ironx86.sys -- (SymIRON)
DRV - [2012.03.27 10:32:31 | 000,141,944 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\SYMEVENT.SYS -- (SymEvent)
DRV - [2012.01.09 17:28:20 | 000,137,600 | ---- | M] (Nokia) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\nmwcdnsu.sys -- (nmwcdnsu)
DRV - [2012.01.09 17:28:20 | 000,023,168 | ---- | M] (Nokia) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\ccdcmbo.sys -- (nmwcdc)
DRV - [2012.01.09 17:28:20 | 000,018,176 | ---- | M] (Nokia) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\ccdcmb.sys -- (nmwcd)
DRV - [2012.01.09 17:28:20 | 000,008,576 | ---- | M] (Nokia) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\nmwcdnsuc.sys -- (nmwcdnsuc)
DRV - [2012.01.09 17:28:20 | 000,008,192 | ---- | M] (Nokia) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\usbser_lowerfltj.sys -- (UsbserFilt)
DRV - [2012.01.09 17:28:20 | 000,008,192 | ---- | M] (Nokia) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\usbser_lowerflt.sys -- (upperdev)
DRV - [2011.08.19 00:46:06 | 000,026,112 | ---- | M] (The OpenVPN Project) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\tapoas.sys -- (tapoas)
DRV - [2011.07.26 04:18:36 | 000,340,088 | R--- | M] (Symantec Corporation) [Kernel | Boot | Running] -- C:\Windows\System32\drivers\NIS\1308000.00E\symds.sys -- (SymDS)
DRV - [2011.07.01 19:46:40 | 000,026,624 | ---- | M] (The OpenVPN Project) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\tap0901.sys -- (tap0901)
DRV - [2010.11.20 22:30:15 | 000,175,360 | ---- | M] (Microsoft Corporation) [Kernel | Boot | Running] -- C:\Windows\System32\drivers\vmbus.sys -- (vmbus)
DRV - [2010.11.20 22:30:15 | 000,040,704 | ---- | M] (Microsoft Corporation) [Kernel | Boot | Running] -- C:\Windows\System32\drivers\vmstorfl.sys -- (storflt)
DRV - [2010.11.20 22:30:15 | 000,028,032 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\storvsc.sys -- (storvsc)
DRV - [2010.11.20 20:24:41 | 000,052,224 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\TsUsbFlt.sys -- (TsUsbFlt)
DRV - [2010.11.20 19:59:44 | 000,035,968 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\winusb.sys -- (WinUsb)
DRV - [2010.11.20 19:14:45 | 000,017,920 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\VMBusHID.sys -- (VMBusHID)
DRV - [2010.11.20 19:14:41 | 000,005,632 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\vms3cap.sys -- (s3cap)
DRV - [2010.11.12 05:19:24 | 000,021,080 | ---- | M] () [Kernel | System | Running] -- C:\Windows\System32\drivers\ntiopnp.sys -- (ntiopnp)
DRV - [2010.11.07 04:36:22 | 000,042,496 | ---- | M] (REDC) [Kernel | Auto | Running] -- C:\Windows\System32\drivers\rimsptsk.sys -- (rimsptsk)
DRV - [2010.11.07 04:36:22 | 000,039,936 | ---- | M] (REDC) [Kernel | Auto | Running] -- C:\Windows\System32\drivers\rimmptsk.sys -- (rimmptsk)
DRV - [2010.11.07 04:36:22 | 000,037,376 | ---- | M] (REDC) [Kernel | Auto | Running] -- C:\Windows\System32\drivers\rixdptsk.sys -- (rismxdp)
DRV - [2010.11.07 04:34:12 | 001,161,888 | ---- | M] (Agere Systems) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\AGRSM.sys -- (AgereSoftModem)
DRV - [2010.11.07 04:01:27 | 000,243,840 | ---- | M] (Vimicro Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\vmc302.sys -- (VMC302)
DRV - [2009.12.09 23:10:40 | 000,026,624 | ---- | M] (Juniper Networks) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\dsNcAdpt.sys -- (dsNcAdpt)
DRV - [2009.09.28 18:22:00 | 000,315,392 | ---- | M] () [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\yk62x86.sys -- (yukonw7)
DRV - [2009.07.14 10:18:07 | 000,017,920 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\WSDPrint.sys -- (WSDPrintDevice)
DRV - [2009.07.14 10:14:49 | 000,020,480 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\WSDScan.sys -- (WSDScan)
DRV - [2009.07.14 08:02:51 | 004,231,168 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\netw5v32.sys -- (netw5v32)
DRV - [2009.06.23 05:01:02 | 000,112,128 | ---- | M] (Huawei Technologies Co., Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\ewusbnet.sys -- (ewusbnet)
DRV - [2009.06.23 04:38:24 | 000,102,912 | ---- | M] (Huawei Technologies Co., Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\ewusbmdm.sys -- (hwdatacard)
DRV - [2009.06.23 04:26:06 | 000,100,736 | ---- | M] (Huawei Technologies Co., Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\ewusbdev.sys -- (hwusbdev)
DRV - [2009.03.02 22:12:10 | 000,038,400 | ---- | M] (Samsung Electronics Co., Ltd.) [Kernel | Auto | Stopped] -- C:\Windows\System32\drivers\DGIVECP.SYS -- (DgiVecp)
DRV - [2009.03.02 22:12:10 | 000,005,120 | ---- | M] (Samsung Electronics) [Kernel | Auto | Running] -- C:\Windows\System32\drivers\SSPORT.SYS -- (SSPORT)
DRV - [2008.04.05 03:34:26 | 000,014,208 | ---- | M] (MAGIX) [Kernel | Boot | Running] -- C:\Windows\System32\drivers\disksec.sys -- (DiskSec)
DRV - [2007.09.26 22:12:22 | 002,251,776 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\NETw4v32.sys -- (NETw4v32)
DRV - [2006.11.14 18:11:54 | 000,013,312 | ---- | M] (SAMSUNG ELECTRONICS CO., LTD.) [Kernel | Auto | Running] -- C:\Windows\System32\drivers\KMDFMEMIO.sys -- (KMDFMEMIO)
DRV - [2000.08.24 10:19:38 | 000,004,300 | ---- | M] () [Kernel | Auto | Running] -- C:\Windows\System32\MEMIO.SYS -- (DOSMEMIO)
 
 
========== Standard Registry (SafeList) ==========
 
 
========== Internet Explorer ==========
 
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.google.com
IE - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE - HKLM\..\SearchScopes\{12458CC8-5583-49A9-8F64-0951EB59D6C9}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&FORM=IE8SRC
 
 
IE - HKU\.DEFAULT\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
 
IE - HKU\S-1-5-18\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
 
IE - HKU\S-1-5-19\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
 
IE - HKU\S-1-5-20\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
 
IE - HKU\S-1-5-21-2791256138-4108016520-4061832491-1001\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.spiegel.de/
IE - HKU\S-1-5-21-2791256138-4108016520-4061832491-1001\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = hxxp://de.msn.com/?ocid=iehp
IE - HKU\S-1-5-21-2791256138-4108016520-4061832491-1001\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = de
IE - HKU\S-1-5-21-2791256138-4108016520-4061832491-1001\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = DF CA C6 BA 62 DC CB 01  [binary data]
IE - HKU\S-1-5-21-2791256138-4108016520-4061832491-1001\..\URLSearchHook: {ba14329e-9550-4989-b3f2-9732e92d17cc} - No CLSID value found
IE - HKU\S-1-5-21-2791256138-4108016520-4061832491-1001\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE - HKU\S-1-5-21-2791256138-4108016520-4061832491-1001\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://startsear.ch/?aff=1&q={searchTerms}
IE - HKU\S-1-5-21-2791256138-4108016520-4061832491-1001\..\SearchScopes\{12458CC8-5583-49A9-8F64-0951EB59D6C9}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&src=IE-SearchBox&FORM=IE8SRC
IE - HKU\S-1-5-21-2791256138-4108016520-4061832491-1001\..\SearchScopes\{822D8992-2E48-49BA-B3E2-E2946D8B5C98}: "URL" = hxxp://de.search.yahoo.com/search?fr=chr-greentree_ie&ei=utf-8&type=302398&p={searchTerms}
IE - HKU\S-1-5-21-2791256138-4108016520-4061832491-1001\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKU\S-1-5-21-2791256138-4108016520-4061832491-1001\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local
 
========== FireFox ==========
 
FF - prefs.js..browser.search.selectedEngine: "Google"
FF - prefs.js..browser.search.useDBForOrder: true
FF - prefs.js..browser.startup.homepage: "hxxp://www.spiegel.de/"
FF - prefs.js..extensions.enabledAddons: foxyproxy@eric.h.jung:3.6.2
FF - prefs.js..extensions.enabledAddons: {b9db16a4-6edc-47ec-a1f4-b86292ed211d}:4.9.9
FF - prefs.js..extensions.enabledAddons: {BBDA0591-3099-440a-AA10-41764D9DB4DB}:11.1.1.5 - 1
FF - user.js - File not found
 
FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF32_11_4_402_265.dll ()
FF - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=10.5.1: C:\Windows\system32\npDeployJava1.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin,version=10.5.1: C:\Program Files\Oracle\JavaFX 2.1 Runtime\bin\plugin2\npjp2.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files\Microsoft Silverlight\5.1.10411.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeAuthz,version=14.0: C:\PROGRA~1\MICROS~2\Office14\NPAUTHZ.DLL (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeLive,version=1.5: C:\Program Files\Microsoft\Office Live\npOLW.dll (Microsoft Corp.)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/SharePoint,version=14.0: C:\PROGRA~1\MICROS~2\Office14\NPSPWRAP.DLL (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@nokia.com/EnablerPlugin: C:\Program Files\Nokia\Nokia Suite\npNokiaSuiteEnabler.dll ( )
FF - HKLM\Software\MozillaPlugins\@veetle.com/veetleCorePlugin,version=0.9.18: C:\Program Files\Veetle\plugins\npVeetle.dll (Veetle Inc)
FF - HKLM\Software\MozillaPlugins\@veetle.com/veetlePlayerPlugin,version=0.9.18: C:\Program Files\Veetle\Player\npvlc.dll (Veetle Inc)
FF - HKLM\Software\MozillaPlugins\@videolan.org/vlc,version=2.0.1: C:\Program Files\VideoLAN\VLC\npvlc.dll (VideoLAN)
FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
 
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{BBDA0591-3099-440a-AA10-41764D9DB4DB}: C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_19.1.0.28\IPSFFPlgn\ [2012.02.01 08:43:34 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{2D3F3651-74B9-4795-BDEC-6DA2F431CB62}: C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_19.1.0.28\coFFPlgn\ [2012.09.07 08:13:36 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 15.0\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2012.08.31 09:08:34 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 15.0\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2012.09.01 21:41:33 | 000,000,000 | ---D | M]
FF - HKEY_CURRENT_USER\software\mozilla\Mozilla Firefox 15.0\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2012.08.31 09:08:34 | 000,000,000 | ---D | M]
FF - HKEY_CURRENT_USER\software\mozilla\Mozilla Firefox 15.0\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2012.09.01 21:41:33 | 000,000,000 | ---D | M]
 
[2011.07.17 18:02:07 | 000,000,000 | ---D | M] (No name found) -- C:\Users\***\AppData\Roaming\mozilla\Extensions
[2012.08.10 23:33:42 | 000,000,000 | ---D | M] (No name found) -- C:\Users\***\AppData\Roaming\mozilla\Firefox\Profiles\17f4qzsw.default\extensions
[2012.04.01 07:41:13 | 000,000,000 | ---D | M] (DownloadHelper) -- C:\Users\***\AppData\Roaming\mozilla\Firefox\Profiles\17f4qzsw.default\extensions\{b9db16a4-6edc-47ec-a1f4-b86292ed211d}
[2012.05.23 14:47:26 | 000,000,000 | ---D | M] (FoxyProxy Standard) -- C:\Users\***\AppData\Roaming\mozilla\Firefox\Profiles\17f4qzsw.default\extensions\foxyproxy@eric.h.jung
[2012.08.10 23:33:42 | 000,526,409 | ---- | M] () (No name found) -- C:\Users\***\AppData\Roaming\mozilla\firefox\profiles\17f4qzsw.default\extensions\toolbar@web.de.xpi
[2012.04.25 00:36:07 | 000,061,705 | ---- | M] () (No name found) -- C:\Users\***\AppData\Roaming\mozilla\firefox\profiles\17f4qzsw.default\extensions\{b749fc7c-e949-447f-926c-3f4eed6accfe}.xpi
[2012.07.25 23:27:44 | 000,741,958 | ---- | M] () (No name found) -- C:\Users\***\AppData\Roaming\mozilla\firefox\profiles\17f4qzsw.default\extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}.xpi
[2012.07.10 10:48:26 | 000,000,853 | ---- | M] () -- C:\Users\***\AppData\Roaming\mozilla\firefox\profiles\17f4qzsw.default\searchplugins\11-suche.xml
[2012.07.10 10:48:26 | 000,002,209 | ---- | M] () -- C:\Users\***\AppData\Roaming\mozilla\firefox\profiles\17f4qzsw.default\searchplugins\englische-ergebnisse.xml
[2012.07.10 10:48:26 | 000,010,506 | ---- | M] () -- C:\Users\***\AppData\Roaming\mozilla\firefox\profiles\17f4qzsw.default\searchplugins\gmx-suche.xml
[2012.07.10 10:48:26 | 000,002,368 | ---- | M] () -- C:\Users\***\AppData\Roaming\mozilla\firefox\profiles\17f4qzsw.default\searchplugins\lastminute.xml
[2012.07.10 10:48:26 | 000,005,489 | ---- | M] () -- C:\Users\***\AppData\Roaming\mozilla\firefox\profiles\17f4qzsw.default\searchplugins\webde-suche.xml
[2012.06.11 20:17:28 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files\Mozilla Firefox\extensions
[2012.08.24 20:49:10 | 000,000,000 | ---D | M] (Skype Click to Call) -- C:\Program Files\Mozilla Firefox\extensions\{82AF8DCA-6DE9-405D-BD5E-43525BDAD38A}
[2012.02.01 08:43:34 | 000,000,000 | ---D | M] (Norton Vulnerability Protection) -- C:\PROGRAMDATA\NORTON\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_19.1.0.28\IPSFFPLGN
[2012.08.31 09:08:33 | 000,266,720 | ---- | M] (Mozilla Foundation) -- C:\Program Files\mozilla firefox\components\browsercomps.dll
[2012.06.25 13:24:55 | 000,001,392 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\amazondotcom-de.xml
[2012.08.31 09:08:32 | 000,002,465 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\bing.xml
[2012.06.25 13:24:55 | 000,001,153 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\eBay-de.xml
[2012.06.25 13:24:55 | 000,006,805 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\leo_ende_de.xml
[2012.06.25 13:24:55 | 000,001,178 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\wikipedia-de.xml
[2012.06.25 13:24:55 | 000,001,105 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\yahoo-de.xml
 
O1 HOSTS File: ([2012.08.25 16:25:26 | 000,000,824 | ---- | M]) - C:\Windows\System32\drivers\etc\hosts
O2 - BHO: (Norton Identity Protection) - {602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} - C:\Program Files\Norton Internet Security\Engine\19.8.0.14\coieplg.dll (Symantec Corporation)
O2 - BHO: (Norton Vulnerability Protection) - {6D53EC84-6AAE-4787-AEEE-F4628F01010C} - C:\Program Files\Norton Internet Security\Engine\19.8.0.14\ips\ipsbho.dll (Symantec Corporation)
O2 - BHO: (Java(tm) Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre7\bin\ssv.dll (Oracle Corporation)
O2 - BHO: (Skype Browser Helper) - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O2 - BHO: (Office Document Cache Handler) - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\Program Files\Microsoft Office\Office14\URLREDIR.DLL (Microsoft Corporation)
O2 - BHO: (Java(tm) Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
O3 - HKLM\..\Toolbar: (Norton Toolbar) - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - C:\Program Files\Norton Internet Security\Engine\19.8.0.14\coieplg.dll (Symantec Corporation)
O3 - HKU\S-1-5-21-2791256138-4108016520-4061832491-1001\..\Toolbar\WebBrowser: (Norton Toolbar) - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - C:\Program Files\Norton Internet Security\Engine\19.8.0.14\coieplg.dll (Symantec Corporation)
O4 - HKLM..\Run: [APSDaemon] C:\Program Files\Common Files\Apple\Apple Application Support\APSDaemon.exe (Apple Inc.)
O4 - HKLM..\Run: [MagicKeyboard] C:\Program Files\SamSung\MagicKBD\PreMKbd.exe ()
O4 - HKLM..\Run: [Malwarebytes' Anti-Malware] C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe (Malwarebytes Corporation)
O4 - HKU\S-1-5-21-2791256138-4108016520-4061832491-1001..\Run: []  File not found
O4 - HKU\S-1-5-21-2791256138-4108016520-4061832491-1001..\Run: [NokiaSuite.exe] C:\Program Files\Nokia\Nokia Suite\NokiaSuite.exe (Nokia)
O4 - HKU\S-1-5-19..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (Microsoft Corporation)
O4 - HKU\S-1-5-20..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (Microsoft Corporation)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
O7 - HKU\S-1-5-21-2791256138-4108016520-4061832491-1001\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutorun = 0
O8 - Extra context menu item: add to &BOM - C:\\PROGRA~1\\BIET-O~1\\\\AddToBOM.hta ()
O8 - Extra context menu item: Bild an &Bluetooth-Gerät senden... - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm ()
O8 - Extra context menu item: Nach Microsoft &Excel exportieren - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000 File not found
O8 - Extra context menu item: Seite an &Bluetooth-Gerät senden... - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm ()
O9 - Extra Button: ICQ7.2 - {72EFBFE4-C74F-4187-AEFD-73EA3BE968D6} - C:\Program Files\ICQ7.2\ICQ.exe (ICQ, LLC.)
O9 - Extra 'Tools' menuitem : ICQ7.2 - {72EFBFE4-C74F-4187-AEFD-73EA3BE968D6} - C:\Program Files\ICQ7.2\ICQ.exe (ICQ, LLC.)
O9 - Extra Button: Skype Click to Call - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O9 - Extra Button: @btrez.dll,-4015 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm ()
O9 - Extra 'Tools' menuitem : @btrez.dll,-12650 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm ()
O10 - NameSpace_Catalog5\Catalog_Entries\000000000010 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)
O13 - gopher Prefix: missing
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.7.0/jinstall-1_7_0_05-windows-i586.cab (Java Plug-in 10.5.0)
O16 - DPF: {CAFEEFAC-0017-0000-0005-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.7.0/jinstall-1_7_0_05-windows-i586.cab (Java Plug-in 1.7.0_05)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.7.0/jinstall-1_7_0_05-windows-i586.cab (Java Plug-in 1.7.0_05)
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} hxxp://fpdownload2.macromedia.com/pub/shockwave/cabs/flash/swflash.cab (Shockwave Flash Object)
O16 - DPF: {F27237D7-93C8-44C2-AC6E-D6057B9A918F} https://juniper.net/dana-cached/sc/JuniperSetupClient.cab (JuniperSetupClientControl Class)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 213.133.98.98 213.133.100.100
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{09C68E53-34CD-4CC3-B251-22352C5969F1}: DhcpNameServer = 10.0.0.138
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{3865F505-6934-4437-ADDE-F80EE878262E}: DhcpNameServer = 10.0.0.138
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{444AB6EB-4802-4F64-9945-107C1C941A0C}: DhcpNameServer = 139.7.30.125 139.7.30.126
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{E8AC0218-C72D-4B60-9739-E8B62587AD30}: DhcpNameServer = 213.133.98.98 213.133.100.100
O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files\Common Files\Skype\Skype4COM.dll (Skype Technologies)
O18 - Protocol\Handler\skype-ie-addon-data {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\System32\userinit.exe (Microsoft Corporation)
O20 - HKLM Winlogon: VMApplet - (SystemPropertiesPerformance.exe) - C:\Windows\System32\SystemPropertiesPerformance.exe (Microsoft Corporation)
O20 - HKLM Winlogon: VMApplet - (/pagefile) -  File not found
O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2009.06.11 07:42:20 | 000,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ]
O33 - MountPoints2\{53d02919-c40c-11e1-b90e-0002787565a0}\Shell - "" = AutoRun
O33 - MountPoints2\{53d02919-c40c-11e1-b90e-0002787565a0}\Shell\AutoRun\command - "" = F:\iStudio.exe
O33 - MountPoints2\{6c24c42d-ea56-11df-aaa6-0002787565a0}\Shell - "" = AutoRun
O33 - MountPoints2\{6c24c42d-ea56-11df-aaa6-0002787565a0}\Shell\AutoRun\command - "" = G:\AutoRun.exe
O33 - MountPoints2\{fe502f8a-e8d2-11df-af29-0002787565a0}\Shell - "" = AutoRun
O33 - MountPoints2\{fe502f8a-e8d2-11df-af29-0002787565a0}\Shell\AutoRun\command - "" = F:\AutoRun.exe
O33 - MountPoints2\F\Shell - "" = AutoRun
O33 - MountPoints2\F\Shell\AutoRun\command - "" = F:\AutoRun.exe
O33 - MountPoints2\G\Shell - "" = AutoRun
O33 - MountPoints2\G\Shell\AutoRun\command - "" = G:\AutoRun.exe
O34 - HKLM BootExecute: (autocheck autochk *)
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)
O38 - SubSystems\\Windows: (ServerDll=sxssrv,4)
 
NetSvcs: FastUserSwitchingCompatibility -  File not found
NetSvcs: Ias - C:\Windows\System32\ias.dll (Microsoft Corporation)
NetSvcs: Nla -  File not found
NetSvcs: Ntmssvc -  File not found
NetSvcs: NWCWorkstation -  File not found
NetSvcs: Nwsapagent -  File not found
NetSvcs: SRService -  File not found
NetSvcs: WmdmPmSp -  File not found
NetSvcs: LogonHours -  File not found
NetSvcs: PCAudit -  File not found
NetSvcs: helpsvc -  File not found
NetSvcs: uploadmgr -  File not found
 
MsConfig - StartUpFolder: C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^BTTray.lnk - C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe - (Broadcom Corporation.)
MsConfig - StartUpReg: Adobe Reader Speed Launcher - hkey= - key= - C:\Program Files\Adobe\Reader 10.0\Reader\Reader_sl.exe (Adobe Systems Incorporated)
MsConfig - StartUpReg: CanonMyPrinter - hkey= - key= - C:\Program Files\Canon\MyPrinter\BJMyPrt.exe (CANON INC.)
MsConfig - StartUpReg: GMX SMS-Manager - hkey= - key= -  File not found
MsConfig - StartUpReg: IJNetworkScanUtility - hkey= - key= - C:\Program Files\Canon\Canon IJ Network Scan Utility\CNMNSUT.exe (CANON INC.)
MsConfig - StartUpReg: Malwarebytes' Anti-Malware - hkey= - key= - C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe (Malwarebytes Corporation)
MsConfig - StartUpReg: Malwarebytes' Anti-Malware (reboot) - hkey= - key= - C:\Program Files\Malwarebytes' Anti-Malware\mbam.exe (Malwarebytes Corporation)
MsConfig - StartUpReg: msnmsgr - hkey= - key= - C:\Program Files\Windows Live\Messenger\msnmsgr.exe (Microsoft Corporation)
MsConfig - StartUpReg: NokiaMServer - hkey= - key= -  File not found
MsConfig - StartUpReg: NokiaOviSuite2 - hkey= - key= -  File not found
MsConfig - StartUpReg: PC Suite Tray - hkey= - key= -  File not found
MsConfig - StartUpReg: PDFPrint - hkey= - key= - C:\Program Files\PDF24\pdf24.exe (Geek Software GmbH)
MsConfig - State: "startup" - 2
MsConfig - State: "services" - 2
 
SafeBootMin: Base - Driver Group
SafeBootMin: Boot Bus Extender - Driver Group
SafeBootMin: Boot file system - Driver Group
SafeBootMin: File system - Driver Group
SafeBootMin: Filter - Driver Group
SafeBootMin: HelpSvc - Service
SafeBootMin: NTDS -  File not found
SafeBootMin: PCI Configuration - Driver Group
SafeBootMin: PNP Filter - Driver Group
SafeBootMin: Primary disk - Driver Group
SafeBootMin: sacsvr - Service
SafeBootMin: SCSI Class - Driver Group
SafeBootMin: System Bus Extender - Driver Group
SafeBootMin: vmms - Service
SafeBootMin: WinDefend - C:\Program Files\Windows Defender\MpSvc.dll (Microsoft Corporation)
SafeBootMin: {36FC9E60-C465-11CF-8056-444553540000} - Universal Serial Bus controllers
SafeBootMin: {4D36E965-E325-11CE-BFC1-08002BE10318} - CD-ROM Drive
SafeBootMin: {4D36E967-E325-11CE-BFC1-08002BE10318} - DiskDrive
SafeBootMin: {4D36E969-E325-11CE-BFC1-08002BE10318} - Standard floppy disk controller
SafeBootMin: {4D36E96A-E325-11CE-BFC1-08002BE10318} - Hdc
SafeBootMin: {4D36E96B-E325-11CE-BFC1-08002BE10318} - Keyboard
SafeBootMin: {4D36E96F-E325-11CE-BFC1-08002BE10318} - Mouse
SafeBootMin: {4D36E977-E325-11CE-BFC1-08002BE10318} - PCMCIA Adapters
SafeBootMin: {4D36E97B-E325-11CE-BFC1-08002BE10318} - SCSIAdapter
SafeBootMin: {4D36E97D-E325-11CE-BFC1-08002BE10318} - System
SafeBootMin: {4D36E980-E325-11CE-BFC1-08002BE10318} - Floppy disk drive
SafeBootMin: {533C5B84-EC70-11D2-9505-00C04F79DEAF} - Volume shadow copy
SafeBootMin: {6BDD1FC1-810F-11D0-BEC7-08002BE2092F} - IEEE 1394 Bus host controllers
SafeBootMin: {71A27CDD-812A-11D0-BEC7-08002BE2092F} - Volume
SafeBootMin: {745A17A0-74D3-11D0-B6FE-00A0C90F57DA} - Human Interface Devices
SafeBootMin: {D48179BE-EC20-11D1-B6B8-00C04FA372A7} - SBP2 IEEE 1394 Devices
SafeBootMin: {D94EE5D8-D189-4994-83D2-F68D7D41B0E6} - SecurityDevices
 
SafeBootNet: Base - Driver Group
SafeBootNet: Boot Bus Extender - Driver Group
SafeBootNet: Boot file system - Driver Group
SafeBootNet: File system - Driver Group
SafeBootNet: Filter - Driver Group
SafeBootNet: HelpSvc - Service
SafeBootNet: Messenger - Service
SafeBootNet: NDIS Wrapper - Driver Group
SafeBootNet: NetBIOSGroup - Driver Group
SafeBootNet: NetDDEGroup - Driver Group
SafeBootNet: Network - Driver Group
SafeBootNet: NetworkProvider - Driver Group
SafeBootNet: NTDS -  File not found
SafeBootNet: PCI Configuration - Driver Group
SafeBootNet: PNP Filter - Driver Group
SafeBootNet: PNP_TDI - Driver Group
SafeBootNet: Primary disk - Driver Group
SafeBootNet: rdsessmgr - Service
SafeBootNet: sacsvr - Service
SafeBootNet: SCSI Class - Driver Group
SafeBootNet: Streams Drivers - Driver Group
SafeBootNet: System Bus Extender - Driver Group
SafeBootNet: TDI - Driver Group
SafeBootNet: vmms - Service
SafeBootNet: WinDefend - C:\Program Files\Windows Defender\MpSvc.dll (Microsoft Corporation)
SafeBootNet: WudfUsbccidDriver - Driver
SafeBootNet: {36FC9E60-C465-11CF-8056-444553540000} - Universal Serial Bus controllers
SafeBootNet: {4D36E965-E325-11CE-BFC1-08002BE10318} - CD-ROM Drive
SafeBootNet: {4D36E967-E325-11CE-BFC1-08002BE10318} - DiskDrive
SafeBootNet: {4D36E969-E325-11CE-BFC1-08002BE10318} - Standard floppy disk controller
SafeBootNet: {4D36E96A-E325-11CE-BFC1-08002BE10318} - Hdc
SafeBootNet: {4D36E96B-E325-11CE-BFC1-08002BE10318} - Keyboard
SafeBootNet: {4D36E96F-E325-11CE-BFC1-08002BE10318} - Mouse
SafeBootNet: {4D36E972-E325-11CE-BFC1-08002BE10318} - Net
SafeBootNet: {4D36E973-E325-11CE-BFC1-08002BE10318} - NetClient
SafeBootNet: {4D36E974-E325-11CE-BFC1-08002BE10318} - NetService
SafeBootNet: {4D36E975-E325-11CE-BFC1-08002BE10318} - NetTrans
SafeBootNet: {4D36E977-E325-11CE-BFC1-08002BE10318} - PCMCIA Adapters
SafeBootNet: {4D36E97B-E325-11CE-BFC1-08002BE10318} - SCSIAdapter
SafeBootNet: {4D36E97D-E325-11CE-BFC1-08002BE10318} - System
SafeBootNet: {4D36E980-E325-11CE-BFC1-08002BE10318} - Floppy disk drive
SafeBootNet: {50DD5230-BA8A-11D1-BF5D-0000F805F530} - Smart card readers
SafeBootNet: {533C5B84-EC70-11D2-9505-00C04F79DEAF} - Volume shadow copy
SafeBootNet: {6BDD1FC1-810F-11D0-BEC7-08002BE2092F} - IEEE 1394 Bus host controllers
SafeBootNet: {71A27CDD-812A-11D0-BEC7-08002BE2092F} - Volume
SafeBootNet: {745A17A0-74D3-11D0-B6FE-00A0C90F57DA} - Human Interface Devices
SafeBootNet: {D48179BE-EC20-11D1-B6B8-00C04FA372A7} - SBP2 IEEE 1394 Devices
SafeBootNet: {D94EE5D8-D189-4994-83D2-F68D7D41B0E6} - SecurityDevices
 
ActiveX: {08B0E5C0-4FCB-11CF-AAA5-00401C608500} - Java (Sun)
ActiveX: {22d6f312-b0f6-11d0-94ab-0080c74c7e95} - Microsoft Windows Media Player 12.0
ActiveX: {25FFAAD0-F4A3-4164-95FF-4461E9F35D51} - .NET Framework
ActiveX: {2C7339CF-2B09-4501-B3F3-F3508C9228ED} - %SystemRoot%\system32\regsvr32.exe /s /n /i:/UserInstall %SystemRoot%\system32\themeui.dll
ActiveX: {3af36230-a269-11d1-b5bf-0000f8051515} - Offline Browsing Pack
ActiveX: {3C3901C5-3455-3E0A-A214-0B093A5070A6} - .NET Framework
ActiveX: {44BBA840-CC51-11CF-AAFA-00AA00B6015C} - "%ProgramFiles%\Windows Mail\WinMail.exe" OCInstallUserConfigOE
ActiveX: {44BBA855-CC51-11CF-AAFA-00AA00B6015F} - DirectDrawEx
ActiveX: {45ea75a0-a269-11d1-b5bf-0000f8051515} - Internet Explorer Help
ActiveX: {4f645220-306d-11d2-995d-00c04f98bbc9} - Microsoft Windows Script 5.6
ActiveX: {5fd399c0-a70a-11d1-9948-00c04f98bbc9} - Internet Explorer Setup Tools
ActiveX: {630b1da0-b465-11d1-9948-00c04f98bbc9} - Browsing Enhancements
ActiveX: {6BF52A52-394A-11d3-B153-00C04F79FAA6} - Microsoft Windows Media Player
ActiveX: {6fab99d0-bab8-11d1-994a-00c04f98bbc9} - MSN Site Access
ActiveX: {73FA19D0-2D75-11D2-995D-00C04F98BBC9} - Webordner
ActiveX: {7790769C-0471-11d2-AF11-00C04FA35D02} - Address Book 7
ActiveX: {7C028AF8-F614-47B3-82DA-BA94E41B1089} - .NET Framework
ActiveX: {89820200-ECBD-11cf-8B85-00AA005B4340} - regsvr32.exe /s /n /i:U shell32.dll
ActiveX: {89820200-ECBD-11cf-8B85-00AA005B4383} - C:\Windows\System32\ie4uinit.exe -BaseSettings
ActiveX: {89B4C1CD-B018-4511-B0A1-5476DBF70820} - C:\Windows\system32\Rundll32.exe C:\Windows\system32\mscories.dll,Install
ActiveX: {9381D8F2-0288-11D0-9501-00AA00B911A5} - Dynamic HTML Data Binding
ActiveX: {C9E9A340-D1F1-11D0-821E-444553540600} - Internet Explorer Core Fonts
ActiveX: {de5aed00-a4bf-11d1-9948-00c04f98bbc9} - HTML Help
ActiveX: {E92B03AB-B707-11d2-9CBD-0000F87A369E} - Active Directory Service Interface
ActiveX: >{22d6f312-b0f6-11d0-94ab-0080c74c7e95} - %SystemRoot%\system32\unregmp2.exe /ShowWMP
ActiveX: >{26923b43-4d38-484f-9b9e-de460746276c} - C:\Windows\System32\ie4uinit.exe -UserIconConfig
ActiveX: >{60B49E34-C7CC-11D0-8953-00A0C90347FF} - "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\iedkcs32.dll",BrandIEActiveSetup SIGNUP
 
Drivers32: msacm.l3acm - C:\Windows\System32\l3codeca.acm (Fraunhofer Institut Integrierte Schaltungen IIS)
Drivers32: MSVideo8 - C:\Windows\System32\vfwwdm32.dll (Microsoft Corporation)
Drivers32: vidc.cvid - C:\Windows\System32\iccvid.dll (Radius Inc.)
 
CREATERESTOREPOINT
Restore point Set: OTL Restore Point
 
========== Files/Folders - Created Within 30 Days ==========
 
[2012.09.01 22:55:23 | 000,599,040 | ---- | C] (OldTimer Tools) -- C:\Users\***\Desktop\otl.exe
[2012.08.31 20:40:28 | 000,000,000 | ---D | C] -- C:\Program Files\ESET
[2012.08.31 20:40:14 | 002,322,184 | ---- | C] (ESET) -- C:\Users\***\Desktop\esetsmartinstaller_enu.exe
[2012.08.30 19:06:14 | 000,000,000 | ---D | C] -- C:\Users\***\AppData\Roaming\Nokia Suite
[2012.08.30 18:41:24 | 000,000,000 | ---D | C] -- C:\Users\***\Documents\Nokia Suite
[2012.08.30 18:27:03 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Nokia
[2012.08.30 18:22:33 | 000,019,072 | ---- | C] (Nokia) -- C:\Windows\System32\drivers\pccsmcfd.sys
[2012.08.30 18:22:24 | 000,000,000 | ---D | C] -- C:\Program Files\PC Connectivity Solution
[2012.08.28 11:04:03 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes' Anti-Malware
[2012.08.28 11:04:02 | 000,022,344 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbam.sys
[2012.08.28 11:04:02 | 000,000,000 | ---D | C] -- C:\Program Files\Malwarebytes' Anti-Malware
[2012.08.26 11:11:17 | 000,000,000 | ---D | C] -- C:\Users\***\Desktop\fotos marlies
[2012.08.25 16:29:01 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\ShellfireVPN
[2012.08.24 10:48:07 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\DESIGNER
[2012.08.24 10:47:15 | 000,000,000 | ---D | C] -- C:\Program Files\Microsoft Analysis Services
[2012.08.23 10:18:38 | 000,061,248 | ---- | C] (Khronos Group) -- C:\Windows\System32\OpenCL.dll
[2012.08.23 10:18:27 | 000,000,000 | ---D | C] -- C:\ProgramData\NVIDIA Corporation
[2012.08.22 19:40:51 | 000,000,000 | ---D | C] -- C:\Users\***\Desktop\eeepc
[2012.08.22 16:21:57 | 000,000,000 | ---D | C] -- C:\Users\***\Desktop\fotos heiner
[2012.08.16 02:51:56 | 000,000,000 | ---D | C] -- C:\Users\***\AppData\Local\e-academy Inc
[2012.08.16 02:51:55 | 000,000,000 | ---D | C] -- C:\Users\***\AppData\Roaming\e-academy Inc
[2012.08.13 01:41:24 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Java
[2012.08.13 01:39:10 | 000,000,000 | ---D | C] -- C:\Program Files\Oracle
[2012.08.12 19:56:41 | 000,000,000 | ---D | C] -- C:\Users\***\Desktop\Software EEE PC
[2012.08.12 18:29:33 | 000,000,000 | ---D | C] -- C:\Users\***\Desktop\2012_08_12 Auslagerung USB-Stick
[2012.08.09 22:02:56 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\PDFCreator
[2012.08.09 22:02:53 | 000,081,920 | ---- | C] (pdfforge GbR) -- C:\Windows\System32\pdfcmon.dll
[2 C:\Windows\System32\*.tmp files -> C:\Windows\System32\*.tmp -> ]
 
========== Files - Modified Within 30 Days ==========
 
[2012.09.07 08:37:23 | 000,599,040 | ---- | M] (OldTimer Tools) -- C:\Users\***\Desktop\otl.exe
[2012.09.07 08:19:56 | 000,014,976 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
[2012.09.07 08:19:56 | 000,014,976 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
[2012.09.07 08:12:01 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2012.09.07 08:11:52 | 1609,375,744 | -HS- | M] () -- C:\hiberfil.sys
[2012.09.05 23:07:54 | 000,654,166 | ---- | M] () -- C:\Windows\System32\perfh007.dat
[2012.09.05 23:07:54 | 000,616,008 | ---- | M] () -- C:\Windows\System32\perfh009.dat
[2012.09.05 23:07:54 | 000,130,006 | ---- | M] () -- C:\Windows\System32\perfc007.dat
[2012.09.05 23:07:54 | 000,106,388 | ---- | M] () -- C:\Windows\System32\perfc009.dat
[2012.09.05 18:57:54 | 000,511,265 | ---- | M] () -- C:\Users\***\Desktop\adwcleaner.exe
[2012.08.31 20:40:20 | 002,322,184 | ---- | M] (ESET) -- C:\Users\***\Desktop\esetsmartinstaller_enu.exe
[2012.08.31 09:01:27 | 001,514,648 | ---- | M] () -- C:\Windows\System32\drivers\NIS\1308000.00E\Cat.DB
[2012.08.30 18:27:00 | 000,002,007 | ---- | M] () -- C:\Users\Public\Desktop\Nokia Suite.lnk
[2012.08.28 16:08:56 | 000,302,592 | ---- | M] () -- C:\Users\***\Desktop\yzem5q48.exe
[2012.08.28 15:45:46 | 000,000,000 | ---- | M] () -- C:\Users\***\defogger_reenable
[2012.08.28 15:44:44 | 000,050,477 | ---- | M] () -- C:\Users\***\Desktop\Defogger.exe
[2012.08.28 11:04:05 | 000,001,031 | ---- | M] () -- C:\Users\Public\Desktop\ Malwarebytes Anti-Malware .lnk
[2012.08.26 21:16:49 | 000,196,922 | ---- | M] () -- C:\Users\***\Desktop\Handyrechnung.pdf
[2012.08.25 16:29:02 | 000,000,982 | ---- | M] () -- C:\Users\Public\Desktop\ShellfireVPN.lnk
[2012.08.25 08:25:32 | 000,315,272 | ---- | M] () -- C:\Windows\System32\FNTCACHE.DAT
[2012.08.24 01:44:43 | 000,000,493 | ---- | M] () -- C:\Users\***\Desktop\Energieoptionen - Verknüpfung.lnk
[2012.08.18 20:58:16 | 000,074,325 | ---- | M] () -- C:\Users\***\Desktop\mhtml_{6BC759DB-AAAD-4564-9B77-71BD4CBBAEE8}mid___00000002_.pdf
[2012.08.17 17:41:46 | 000,103,635 | ---- | M] () -- C:\Users\***\Desktop\antrag_de_fz_pdf.pdf
[2012.08.17 17:40:16 | 000,103,635 | ---- | M] () -- C:\Users\***\Desktop\antrag_de_fz_ausgefuellt.pdf
[2012.08.16 05:06:51 | 000,008,942 | ---- | M] () -- C:\Windows\System32\drivers\NIS\1308000.00E\VT20120731.038
[2012.08.16 02:51:56 | 000,003,153 | ---- | M] () -- C:\Users\***\Desktop\Secure Download Manager.lnk
[2012.08.15 23:55:59 | 000,002,383 | ---- | M] () -- C:\Users\Public\Desktop\Norton Internet Security.lnk
[2012.08.10 15:28:35 | 000,000,172 | ---- | M] () -- C:\Windows\System32\drivers\NIS\1308000.00E\isolate.ini
[2012.08.09 22:02:58 | 000,001,122 | ---- | M] () -- C:\Users\Public\Desktop\PDFArchitect.lnk
[2012.08.09 22:02:58 | 000,000,953 | ---- | M] () -- C:\Users\Public\Desktop\PDFCreator.lnk
[2 C:\Windows\System32\*.tmp files -> C:\Windows\System32\*.tmp -> ]
 
========== Files Created - No Company Name ==========
 
[2012.09.01 20:10:02 | 000,511,265 | ---- | C] () -- C:\Users\***\Desktop\adwcleaner.exe
[2012.08.30 18:26:58 | 000,002,007 | ---- | C] () -- C:\Users\Public\Desktop\Nokia Suite.lnk
[2012.08.28 16:08:55 | 000,302,592 | ---- | C] () -- C:\Users\***\Desktop\yzem5q48.exe
[2012.08.28 15:45:46 | 000,000,000 | ---- | C] () -- C:\Users\***\defogger_reenable
[2012.08.28 15:44:43 | 000,050,477 | ---- | C] () -- C:\Users\***\Desktop\Defogger.exe
[2012.08.28 11:04:05 | 000,001,031 | ---- | C] () -- C:\Users\Public\Desktop\ Malwarebytes Anti-Malware .lnk
[2012.08.26 21:16:49 | 000,196,922 | ---- | C] () -- C:\Users\***\Desktop\Handyrechnung.pdf
[2012.08.24 01:44:43 | 000,000,493 | ---- | C] () -- C:\Users\***\Desktop\Energieoptionen - Verknüpfung.lnk
[2012.08.23 09:39:00 | 000,011,190 | ---- | C] () -- C:\Windows\System32\nvinfo.pb
[2012.08.18 20:58:12 | 000,074,325 | ---- | C] () -- C:\Users\***\Desktop\mhtml_{6BC759DB-AAAD-4564-9B77-71BD4CBBAEE8}mid___00000002_.pdf
[2012.08.17 17:41:44 | 000,103,635 | ---- | C] () -- C:\Users\***\Desktop\antrag_de_fz_pdf.pdf
[2012.08.17 17:40:12 | 000,103,635 | ---- | C] () -- C:\Users\***\Desktop\antrag_de_fz_ausgefuellt.pdf
[2012.08.16 02:51:56 | 000,003,153 | ---- | C] () -- C:\Users\***\Desktop\Secure Download Manager.lnk
[2012.08.09 22:02:58 | 000,001,122 | ---- | C] () -- C:\Users\Public\Desktop\PDFArchitect.lnk
[2012.08.09 22:02:58 | 000,000,953 | ---- | C] () -- C:\Users\Public\Desktop\PDFCreator.lnk
[2012.05.23 17:01:03 | 813,785,088 | ---- | C] () -- C:\Users\***\Polizeiruf_110-Bullenklatschen-format282349.f4v.flv
[2012.05.02 12:15:05 | 000,000,135 | R--- | C] () -- C:\Windows\System32\lngEng.ini
[2012.05.02 12:15:05 | 000,000,117 | ---- | C] () -- C:\Windows\System32\lngKor.ini
[2012.05.02 12:09:19 | 000,003,425 | ---- | C] () -- C:\Windows\System32\KBDR.INI
[2012.05.02 12:09:19 | 000,002,699 | ---- | C] () -- C:\Windows\System32\KBDO.INI
[2012.05.02 12:09:19 | 000,002,236 | ---- | C] () -- C:\Windows\System32\KBDQ.INI
[2012.05.02 12:09:19 | 000,001,885 | ---- | C] () -- C:\Windows\System32\KBDP.INI
[2012.05.02 12:09:19 | 000,001,857 | ---- | C] () -- C:\Windows\System32\KBDUU.INI
[2012.05.02 12:09:19 | 000,001,835 | ---- | C] () -- C:\Windows\System32\KBDA.INI
[2012.05.02 12:09:19 | 000,001,834 | ---- | C] () -- C:\Windows\System32\KBDU.INI
[2012.05.02 12:09:19 | 000,001,819 | ---- | C] () -- C:\Windows\System32\KBDN.INI
[2012.05.02 12:09:19 | 000,001,699 | ---- | C] () -- C:\Windows\System32\KBDT.INI
[2012.05.02 12:09:19 | 000,001,697 | ---- | C] () -- C:\Windows\System32\KBDV.INI
[2012.05.02 12:09:19 | 000,001,522 | ---- | C] () -- C:\Windows\System32\KBDS.INI
[2012.05.02 12:09:19 | 000,001,476 | ---- | C] () -- C:\Windows\System32\KBDF.INI
[2012.05.02 12:09:18 | 000,002,741 | ---- | C] () -- C:\Windows\System32\KBDD.INI
[2012.05.02 12:09:18 | 000,002,699 | ---- | C] () -- C:\Windows\System32\KBDC.INI
[2012.05.02 12:09:18 | 000,002,606 | ---- | C] () -- C:\Windows\System32\KBDB.INI
[2012.05.02 12:09:18 | 000,001,956 | ---- | C] () -- C:\Windows\System32\KBDE.INI
[2012.05.02 12:09:18 | 000,001,835 | ---- | C] () -- C:\Windows\System32\KBDG.INI
[2012.02.28 14:54:34 | 000,200,468 | ---- | C] () -- C:\Windows\System32\drivers\RTAIODAT.DAT
[2011.11.27 15:27:56 | 000,000,839 | ---- | C] () -- C:\Users\***\.recently-used.xbel
[2011.07.17 18:05:04 | 000,000,000 | ---- | C] () -- C:\Windows\nsreg.dat
[2011.07.15 08:38:09 | 000,022,723 | ---- | C] () -- C:\Windows\System32\SSGR3l3.dll
[2011.07.02 01:53:55 | 000,008,192 | ---- | C] () -- C:\Users\***\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2011.06.26 09:34:31 | 000,000,600 | ---- | C] () -- C:\Users\***\AppData\Local\PUTTY.RND
[2011.06.26 07:38:07 | 000,000,600 | ---- | C] () -- C:\Users\***\AppData\Roaming\winscp.rnd
[2011.06.25 01:23:52 | 000,116,224 | ---- | C] () -- C:\Windows\System32\pdfcmnnt.dll
[2011.06.07 10:45:11 | 000,001,024 | ---- | C] () -- C:\Windows\System32\clauth2.dll
[2011.06.07 10:45:11 | 000,001,024 | ---- | C] () -- C:\Windows\System32\clauth1.dll
[2011.06.07 10:45:11 | 000,000,000 | ---- | C] () -- C:\Windows\System32\ssprs.dll
[2011.06.07 10:45:11 | 000,000,000 | ---- | C] () -- C:\Windows\System32\serauth2.dll
[2011.06.07 10:45:11 | 000,000,000 | ---- | C] () -- C:\Windows\System32\serauth1.dll
[2011.06.07 10:45:11 | 000,000,000 | ---- | C] () -- C:\Windows\System32\nsprs.dll
[2011.03.14 09:37:35 | 000,001,520 | ---- | C] () -- C:\Windows\System32\MagicKBD.INI
[2011.03.14 09:36:15 | 000,004,300 | ---- | C] () -- C:\Windows\System32\MEMIO.SYS
[2011.03.11 03:46:04 | 000,001,025 | ---- | C] () -- C:\Windows\System32\sysprs7.dll
[2011.03.11 03:46:04 | 000,000,205 | ---- | C] () -- C:\Windows\System32\lsprst7.dll
[2011.02.24 19:27:30 | 000,066,048 | ---- | C] () -- C:\Windows\System32\PrintBrmUi.exe
[2011.02.05 23:02:38 | 000,007,605 | ---- | C] () -- C:\Users\***\AppData\Local\Resmon.ResmonCfg
[2011.01.17 08:54:14 | 000,000,000 | ---- | C] () -- C:\Windows\HPMProp.INI
[2010.12.29 09:57:54 | 000,120,200 | ---- | C] () -- C:\Windows\System32\DLLDEV32i.dll
[2010.12.20 07:46:48 | 000,043,653 | ---- | C] () -- C:\Users\***\AppData\Roaming\nvModes.001
[2010.12.20 07:46:30 | 000,043,653 | ---- | C] () -- C:\Users\***\AppData\Roaming\nvModes.dat
[2010.12.03 06:45:07 | 000,015,873 | ---- | C] () -- C:\Windows\System32\Inetde.dll
[2010.11.29 22:59:23 | 000,000,400 | ---- | C] () -- C:\Windows\ODBC.INI
[2010.11.12 05:19:24 | 000,021,080 | ---- | C] () -- C:\Windows\System32\drivers\ntiopnp.sys
[2010.11.06 09:45:54 | 000,000,056 | -H-- | C] () -- C:\ProgramData\ezsidmv.dat
 
========== LOP Check ==========
 
[2011.06.28 08:16:17 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\Azureus
[2011.03.18 19:42:47 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\BOM
[2011.02.24 08:21:14 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\Canneverbe Limited
[2011.11.24 16:46:59 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\Canon
[2012.04.13 10:53:28 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\com.unitedinternet.ums.sms-mms-manager
[2012.08.16 02:51:56 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\e-academy Inc
[2011.10.09 21:38:36 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\elsterformular
[2011.02.06 09:38:03 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\FileZilla
[2010.12.07 23:38:36 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\GMX
[2011.11.27 15:27:56 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\gtk-2.0
[2011.07.11 08:02:32 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\ICQ
[2010.11.06 10:04:01 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\IrfanView
[2012.04.22 18:33:23 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\JonDo
[2011.09.19 17:58:52 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\Juniper Networks
[2011.10.19 18:07:19 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\lingenio
[2010.12.29 09:59:56 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\MAGIX
[2011.09.25 16:55:23 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\Nokia
[2011.09.25 16:55:25 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\Nokia Ovi Suite
[2012.08.30 19:06:14 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\Nokia Suite
[2011.09.25 16:55:15 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\PC Suite
[2011.10.27 20:06:42 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\Publish Providers
[2012.04.27 22:02:12 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\ShellfireVPN
[2011.09.28 14:10:46 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\Simfy
[2011.10.27 22:50:09 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\Sony
[2012.08.24 08:48:04 | 000,032,640 | ---- | M] () -- C:\Windows\Tasks\SCHEDLGU.TXT
 
========== Purity Check ==========
 
 
 
========== Custom Scans ==========
 
< %ALLUSERSPROFILE%\Application Data\*. >
 
< %ALLUSERSPROFILE%\Application Data\*.exe /s >
 
< %APPDATA%\*. >
[2011.09.28 14:10:03 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\Adobe
[2011.12.25 13:05:10 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\Apple Computer
[2011.06.28 08:16:17 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\Azureus
[2011.03.18 19:42:47 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\BOM
[2011.02.24 08:21:14 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\Canneverbe Limited
[2011.11.24 16:46:59 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\Canon
[2012.04.13 10:53:28 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\com.unitedinternet.ums.sms-mms-manager
[2012.08.16 02:51:56 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\e-academy Inc
[2011.10.09 21:38:36 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\elsterformular
[2011.02.06 09:38:03 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\FileZilla
[2010.12.07 23:38:36 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\GMX
[2011.11.27 15:27:56 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\gtk-2.0
[2011.02.14 08:33:52 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\Help
[2011.07.11 08:02:32 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\ICQ
[2010.11.05 09:57:42 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\Identities
[2010.11.07 04:01:41 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\InstallShield
[2010.11.07 04:41:33 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\Intel
[2010.11.06 10:04:01 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\IrfanView
[2012.04.22 18:33:23 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\JonDo
[2011.09.19 17:58:52 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\Juniper Networks
[2011.10.19 18:07:19 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\lingenio
[2010.11.05 11:15:36 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\Macromedia
[2010.12.29 09:59:56 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\MAGIX
[2011.10.01 13:51:06 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\Malwarebytes
[2009.07.14 18:56:56 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\Media Center Programs
[2012.08.24 11:20:54 | 000,000,000 | --SD | M] -- C:\Users\***\AppData\Roaming\Microsoft
[2011.07.17 18:02:07 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\Mozilla
[2011.09.25 16:55:23 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\Nokia
[2011.09.25 16:55:25 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\Nokia Ovi Suite
[2012.08.30 19:06:14 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\Nokia Suite
[2011.10.27 23:02:19 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\NVIDIA
[2011.09.25 16:55:15 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\PC Suite
[2011.10.27 20:06:42 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\Publish Providers
[2012.04.27 22:02:12 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\ShellfireVPN
[2011.09.28 14:10:46 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\Simfy
[2012.09.02 23:56:44 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\Skype
[2011.07.03 09:32:15 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\skypePM
[2011.10.27 22:50:09 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\Sony
[2012.08.04 04:10:23 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\vlc
[2011.02.24 20:55:50 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\WinRAR
 
< %APPDATA%\*.exe /s >
[2011.06.27 15:13:22 | 000,310,208 | ---- | M] (Georgia Institute of Technology) -- C:\Users\***\AppData\Roaming\Azureus\plugins\mlab\ShaperProbeC.exe
[2012.05.25 16:28:02 | 008,535,664 | ---- | M] (Landesfinanzdirektion Thueringen) -- C:\Users\***\AppData\Roaming\elsterformular\pluginmanager\tmp\update_est_09_7094_8623.exe
[2012.05.25 16:30:02 | 007,482,584 | ---- | M] (Landesfinanzdirektion Thueringen) -- C:\Users\***\AppData\Roaming\elsterformular\pluginmanager\tmp\update_est_10_7094_8623.exe
[2012.05.25 16:25:41 | 012,522,584 | ---- | M] (Landesfinanzdirektion Thueringen) -- C:\Users\***\AppData\Roaming\elsterformular\pluginmanager\tmp\update_pica_0_7094_8623.exe
[2011.06.04 03:32:28 | 000,149,368 | ---- | M] () -- C:\Users\***\AppData\Roaming\Juniper Networks\Setup Client\dsmmf.exe
[2011.06.04 03:32:42 | 000,265,384 | ---- | M] (Juniper Networks) -- C:\Users\***\AppData\Roaming\Juniper Networks\Setup Client\JuniperCompMgrInstaller.exe
[2011.06.04 03:32:24 | 000,530,296 | ---- | M] (Juniper Networks) -- C:\Users\***\AppData\Roaming\Juniper Networks\Setup Client\JuniperSetupClient.exe
[2011.06.04 03:31:08 | 000,335,496 | ---- | M] () -- C:\Users\***\AppData\Roaming\Juniper Networks\Setup Client\JuniperSetupClientOCX.exe
[2011.06.04 03:18:12 | 000,225,816 | ---- | M] () -- C:\Users\***\AppData\Roaming\Juniper Networks\Setup Client\JuniperSetupXP.exe
[2011.06.04 03:32:46 | 000,051,360 | ---- | M] (Juniper Networks) -- C:\Users\***\AppData\Roaming\Juniper Networks\Setup Client\uninstall.exe
[2012.04.15 22:06:05 | 000,053,632 | ---- | M] (Adobe Systems Inc.) -- C:\Users\***\AppData\Roaming\Macromedia\Flash Player\www.macromedia.com\bin\airappinstaller\airappinstaller.exe
[2012.08.16 02:51:56 | 000,009,662 | R--- | M] () -- C:\Users\***\AppData\Roaming\Microsoft\Installer\{9268B41D-6045-4F5F-A14E-3F8E51CD2666}\_112D608FD02CD87FDC7735.exe
[2012.08.16 02:51:56 | 000,009,662 | R--- | M] () -- C:\Users\***\AppData\Roaming\Microsoft\Installer\{9268B41D-6045-4F5F-A14E-3F8E51CD2666}\_30C8F0A9D59F1A9A11FFC4.exe
[2012.08.16 02:51:56 | 000,009,662 | R--- | M] () -- C:\Users\***\AppData\Roaming\Microsoft\Installer\{9268B41D-6045-4F5F-A14E-3F8E51CD2666}\_853F67D554F05449430E7E.exe
[2011.04.15 18:55:01 | 000,045,126 | R--- | M] () -- C:\Users\***\AppData\Roaming\Microsoft\Installer\{A12EA295-32EA-42BB-8442-2C2BE852D4AA}\_00A2B159EC25728DD0F170.exe
[2011.04.15 18:55:01 | 000,045,126 | R--- | M] () -- C:\Users\***\AppData\Roaming\Microsoft\Installer\{A12EA295-32EA-42BB-8442-2C2BE852D4AA}\_0F16B68AE7780754B68FFC.exe
[2011.04.15 18:55:01 | 000,045,126 | R--- | M] () -- C:\Users\***\AppData\Roaming\Microsoft\Installer\{A12EA295-32EA-42BB-8442-2C2BE852D4AA}\_6FEFF9B68218417F98F549.exe
 
< %SYSTEMDRIVE%\*.exe >
[2007.11.07 16:03:18 | 000,562,688 | ---- | M] (Microsoft Corporation) -- C:\install.exe
 
< MD5 for: AGP440.SYS  >
[2009.07.14 11:26:15 | 000,053,312 | ---- | M] (Microsoft Corporation) MD5=507812C3054C21CEF746B6EE3D04DD6E -- C:\Windows\System32\drivers\AGP440.sys
[2009.07.14 11:26:15 | 000,053,312 | ---- | M] (Microsoft Corporation) MD5=507812C3054C21CEF746B6EE3D04DD6E -- C:\Windows\System32\DriverStore\FileRepository\machine.inf_x86_neutral_a97a2a0d0fbc6696\AGP440.sys
[2009.07.14 11:26:15 | 000,053,312 | ---- | M] (Microsoft Corporation) MD5=507812C3054C21CEF746B6EE3D04DD6E -- C:\Windows\winsxs\x86_machine.inf_31bf3856ad364e35_6.1.7600.16385_none_b9e9435f20046eeb\AGP440.sys
[2009.07.14 11:26:15 | 000,053,312 | ---- | M] (Microsoft Corporation) MD5=507812C3054C21CEF746B6EE3D04DD6E -- C:\Windows\winsxs\x86_machine.inf_31bf3856ad364e35_6.1.7601.17514_none_bc1a57271cf2f285\AGP440.sys
 
< MD5 for: ATAPI.SYS  >
[2009.07.14 11:26:15 | 000,021,584 | ---- | M] (Microsoft Corporation) MD5=338C86357871C167A96AB976519BF59E -- C:\Windows\System32\drivers\atapi.sys
[2009.07.14 11:26:15 | 000,021,584 | ---- | M] (Microsoft Corporation) MD5=338C86357871C167A96AB976519BF59E -- C:\Windows\System32\DriverStore\FileRepository\mshdc.inf_x86_neutral_fab873f3e8a3315c\atapi.sys
[2009.07.14 11:26:15 | 000,021,584 | ---- | M] (Microsoft Corporation) MD5=338C86357871C167A96AB976519BF59E -- C:\Windows\winsxs\x86_mshdc.inf_31bf3856ad364e35_6.1.7600.16385_none_dd0e7e3d82dd640d\atapi.sys
[2009.07.14 11:26:15 | 000,021,584 | ---- | M] (Microsoft Corporation) MD5=338C86357871C167A96AB976519BF59E -- C:\Windows\winsxs\x86_mshdc.inf_31bf3856ad364e35_6.1.7601.17514_none_df3f92057fcbe7a7\atapi.sys
 
< MD5 for: CNGAUDIT.DLL  >
[2009.07.14 11:15:06 | 000,012,288 | ---- | M] (Microsoft Corporation) MD5=50BA656134F78AF64E4DD3C8B6FEFD7E -- C:\Windows\System32\cngaudit.dll
[2009.07.14 11:15:06 | 000,012,288 | ---- | M] (Microsoft Corporation) MD5=50BA656134F78AF64E4DD3C8B6FEFD7E -- C:\Windows\winsxs\x86_microsoft-windows-cngaudit-dll_31bf3856ad364e35_6.1.7600.16385_none_e83a414890e8132b\cngaudit.dll
 
< MD5 for: IASTORV.SYS  >
[2011.03.11 15:38:51 | 000,332,160 | ---- | M] (Intel Corporation) MD5=5CD5F9A5444E6CDCB0AC89BD62D8B76E -- C:\Windows\System32\drivers\iaStorV.sys
[2011.03.11 15:38:51 | 000,332,160 | ---- | M] (Intel Corporation) MD5=5CD5F9A5444E6CDCB0AC89BD62D8B76E -- C:\Windows\System32\DriverStore\FileRepository\iastorv.inf_x86_neutral_0bcee2057afcc090\iaStorV.sys
[2011.03.11 15:38:51 | 000,332,160 | ---- | M] (Intel Corporation) MD5=5CD5F9A5444E6CDCB0AC89BD62D8B76E -- C:\Windows\winsxs\x86_iastorv.inf_31bf3856ad364e35_6.1.7601.17577_none_b0daddb9e6380745\iaStorV.sys
[2011.03.11 15:43:55 | 000,332,160 | ---- | M] (Intel Corporation) MD5=71F1A494FEDF4B33C02C4A6A28D6D9E9 -- C:\Windows\winsxs\x86_iastorv.inf_31bf3856ad364e35_6.1.7600.16778_none_aef580fde910b4b0\iaStorV.sys
[2011.03.11 15:28:00 | 000,332,160 | ---- | M] (Intel Corporation) MD5=778D0E6D7D9EBA0C403BADBAAD41DB20 -- C:\Windows\winsxs\x86_iastorv.inf_31bf3856ad364e35_6.1.7601.21680_none_b152a892ff64119f\iaStorV.sys
[2009.07.14 11:20:36 | 000,332,352 | ---- | M] (Intel Corporation) MD5=934AF4D7C5F457B9F0743F4299B77B67 -- C:\Windows\winsxs\x86_iastorv.inf_31bf3856ad364e35_6.1.7600.16385_none_aee7a89be91b9000\iaStorV.sys
[2010.11.20 22:29:54 | 000,332,160 | ---- | M] (Intel Corporation) MD5=A3CAE5D281DB4CFF7CFF8233507EE5AD -- C:\Windows\System32\DriverStore\FileRepository\iastorv.inf_x86_neutral_668286aa35d55928\iaStorV.sys
[2010.11.20 22:29:54 | 000,332,160 | ---- | M] (Intel Corporation) MD5=A3CAE5D281DB4CFF7CFF8233507EE5AD -- C:\Windows\winsxs\x86_iastorv.inf_31bf3856ad364e35_6.1.7601.17514_none_b118bc63e60a139a\iaStorV.sys
[2011.03.11 15:52:21 | 000,332,160 | ---- | M] (Intel Corporation) MD5=B9039A34C2F8769490DCC494E2402445 -- C:\Windows\winsxs\x86_iastorv.inf_31bf3856ad364e35_6.1.7600.20921_none_afae2d45020c148b\iaStorV.sys
 
< MD5 for: NETLOGON.DLL  >
[2010.11.20 22:20:28 | 000,563,712 | ---- | M] (Microsoft Corporation) MD5=C1809B9907ADEDAF16F50C894100883B -- C:\Windows\System32\netlogon.dll
[2010.11.20 22:20:28 | 000,563,712 | ---- | M] (Microsoft Corporation) MD5=C1809B9907ADEDAF16F50C894100883B -- C:\Windows\winsxs\x86_microsoft-windows-security-netlogon_31bf3856ad364e35_6.1.7601.17514_none_ffbf212e963c0162\netlogon.dll
[2009.07.14 11:16:02 | 000,563,712 | ---- | M] (Microsoft Corporation) MD5=EAA75D9000B71F10EEC04D2AE6C60E81 -- C:\Windows\winsxs\x86_microsoft-windows-security-netlogon_31bf3856ad364e35_6.1.7600.16385_none_fd8e0d66994d7dc8\netlogon.dll
 
< MD5 for: NVSTOR.SYS  >
[2011.03.11 15:39:00 | 000,143,744 | ---- | M] (NVIDIA Corporation) MD5=4380E59A170D88C4F1022EFF6719A8A4 -- C:\Windows\System32\drivers\nvstor.sys
[2011.03.11 15:39:00 | 000,143,744 | ---- | M] (NVIDIA Corporation) MD5=4380E59A170D88C4F1022EFF6719A8A4 -- C:\Windows\System32\DriverStore\FileRepository\nvraid.inf_x86_neutral_0276fc3b3ea60d41\nvstor.sys
[2011.03.11 15:39:00 | 000,143,744 | ---- | M] (NVIDIA Corporation) MD5=4380E59A170D88C4F1022EFF6719A8A4 -- C:\Windows\winsxs\x86_nvraid.inf_31bf3856ad364e35_6.1.7601.17577_none_3ba44e691d6eb11d\nvstor.sys
[2011.03.11 15:44:01 | 000,143,744 | ---- | M] (NVIDIA Corporation) MD5=4520B63899E867F354EE012D34E11536 -- C:\Windows\winsxs\x86_nvraid.inf_31bf3856ad364e35_6.1.7600.16778_none_39bef1ad20475e88\nvstor.sys
[2011.03.11 15:28:10 | 000,143,744 | ---- | M] (NVIDIA Corporation) MD5=66D468654A58594F5F3BA63D5AD5B1AF -- C:\Windows\winsxs\x86_nvraid.inf_31bf3856ad364e35_6.1.7601.21680_none_3c1c1942369abb77\nvstor.sys
[2011.03.11 15:52:25 | 000,143,744 | ---- | M] (NVIDIA Corporation) MD5=8A7583A3B58D3EEB28BB26626526BC91 -- C:\Windows\winsxs\x86_nvraid.inf_31bf3856ad364e35_6.1.7600.20921_none_3a779df43942be63\nvstor.sys
[2010.11.20 22:30:06 | 000,143,744 | ---- | M] (NVIDIA Corporation) MD5=9283C58EBAA2618F93482EB5DABCEC82 -- C:\Windows\System32\DriverStore\FileRepository\nvraid.inf_x86_neutral_dd659ed032d28a14\nvstor.sys
[2010.11.20 22:30:06 | 000,143,744 | ---- | M] (NVIDIA Corporation) MD5=9283C58EBAA2618F93482EB5DABCEC82 -- C:\Windows\winsxs\x86_nvraid.inf_31bf3856ad364e35_6.1.7601.17514_none_3be22d131d40bd72\nvstor.sys
[2009.07.14 11:20:44 | 000,142,416 | ---- | M] (NVIDIA Corporation) MD5=C99F251A5DE63C6F129CF71933ACED0F -- C:\Windows\winsxs\x86_nvraid.inf_31bf3856ad364e35_6.1.7600.16385_none_39b1194b205239d8\nvstor.sys
 
< MD5 for: SCECLI.DLL  >
[2009.07.14 11:16:13 | 000,175,616 | ---- | M] (Microsoft Corporation) MD5=26073302DAEA83CC5B944C546D6B47D2 -- C:\Windows\winsxs\x86_microsoft-windows-s..urationengineclient_31bf3856ad364e35_6.1.7600.16385_none_37e4387f3a6f0483\scecli.dll
[2010.11.20 22:21:04 | 000,175,616 | ---- | M] (Microsoft Corporation) MD5=8124944EC89D6A1815E4E53F5B96AAF4 -- C:\Windows\System32\scecli.dll
[2010.11.20 22:21:04 | 000,175,616 | ---- | M] (Microsoft Corporation) MD5=8124944EC89D6A1815E4E53F5B96AAF4 -- C:\Windows\winsxs\x86_microsoft-windows-s..urationengineclient_31bf3856ad364e35_6.1.7601.17514_none_3a154c47375d881d\scecli.dll
 
< MD5 for: USER32.DLL  >
[2009.07.14 11:16:17 | 000,811,520 | ---- | M] (Microsoft Corporation) MD5=34B7E222E81FAFA885F0C5F2CFA56861 -- C:\Windows\winsxs\x86_microsoft-windows-user32_31bf3856ad364e35_6.1.7600.16385_none_cd0ec264ceb014a3\user32.dll
[2010.11.20 22:21:33 | 000,811,520 | ---- | M] (Microsoft Corporation) MD5=F1DD3ACAEE5E6B4BBC69BC6DF75CEF66 -- C:\Windows\System32\user32.dll
[2010.11.20 22:21:33 | 000,811,520 | ---- | M] (Microsoft Corporation) MD5=F1DD3ACAEE5E6B4BBC69BC6DF75CEF66 -- C:\Windows\winsxs\x86_microsoft-windows-user32_31bf3856ad364e35_6.1.7601.17514_none_cf3fd62ccb9e983d\user32.dll
 
< MD5 for: USERINIT.EXE  >
[2010.11.20 22:17:48 | 000,026,624 | ---- | M] (Microsoft Corporation) MD5=61AC3EFDFACFDD3F0F11DD4FD4044223 -- C:\Windows\System32\userinit.exe
[2010.11.20 22:17:48 | 000,026,624 | ---- | M] (Microsoft Corporation) MD5=61AC3EFDFACFDD3F0F11DD4FD4044223 -- C:\Windows\winsxs\x86_microsoft-windows-userinit_31bf3856ad364e35_6.1.7601.17514_none_de3024012ff21116\userinit.exe
[2009.07.14 11:14:43 | 000,026,112 | ---- | M] (Microsoft Corporation) MD5=6DE80F60D7DE9CE6B8C2DDFDF79EF175 -- C:\Windows\winsxs\x86_microsoft-windows-userinit_31bf3856ad364e35_6.1.7600.16385_none_dbff103933038d7c\userinit.exe
 
< MD5 for: WININIT.EXE  >
[2009.07.14 11:14:45 | 000,096,256 | ---- | M] (Microsoft Corporation) MD5=B5C5DCAD3899512020D135600129D665 -- C:\Windows\System32\wininit.exe
[2009.07.14 11:14:45 | 000,096,256 | ---- | M] (Microsoft Corporation) MD5=B5C5DCAD3899512020D135600129D665 -- C:\Windows\winsxs\x86_microsoft-windows-wininit_31bf3856ad364e35_6.1.7600.16385_none_30c90ef265a43c13\wininit.exe
 
< MD5 for: WINLOGON.EXE  >
[2009.10.28 16:17:59 | 000,285,696 | ---- | M] (Microsoft Corporation) MD5=37CDB7E72EB66BA85A87CBE37E7F03FD -- C:\Windows\winsxs\x86_microsoft-windows-winlogon_31bf3856ad364e35_6.1.7600.16447_none_6fc699643622d177\winlogon.exe
[2009.10.28 15:52:08 | 000,285,696 | ---- | M] (Microsoft Corporation) MD5=3BABE6767C78FBF5FB8435FEED187F30 -- C:\Windows\winsxs\x86_microsoft-windows-winlogon_31bf3856ad364e35_6.1.7600.20560_none_703394514f56f7c2\winlogon.exe
[2010.11.20 22:17:54 | 000,286,720 | ---- | M] (Microsoft Corporation) MD5=6D13E1406F50C66E2A95D97F22C47560 -- C:\Windows\System32\winlogon.exe
[2010.11.20 22:17:54 | 000,286,720 | ---- | M] (Microsoft Corporation) MD5=6D13E1406F50C66E2A95D97F22C47560 -- C:\Windows\winsxs\x86_microsoft-windows-winlogon_31bf3856ad364e35_6.1.7601.17514_none_71ca6b0233339500\winlogon.exe
[2012.07.03 13:46:42 | 000,217,672 | ---- | M] () MD5=8A7F34F0BBD076EC3815680A7309114F -- C:\Program Files\Malwarebytes' Anti-Malware\Chameleon\winlogon.exe
[2009.07.14 11:14:45 | 000,285,696 | ---- | M] (Microsoft Corporation) MD5=8EC6A4AB12B8F3759E21F8E3A388F2CF -- C:\Windows\winsxs\x86_microsoft-windows-winlogon_31bf3856ad364e35_6.1.7600.16385_none_6f99573a36451166\winlogon.exe
 
< MD5 for: WS2IFSL.SYS  >
[2009.07.14 09:55:02 | 000,016,384 | ---- | M] (Microsoft Corporation) MD5=6DB3276587B853BF886B69528FDB048C -- C:\Windows\System32\drivers\ws2ifsl.sys
[2009.07.14 09:55:02 | 000,016,384 | ---- | M] (Microsoft Corporation) MD5=6DB3276587B853BF886B69528FDB048C -- C:\Windows\winsxs\x86_microsoft-windows-w..rastructure-ws2ifsl_31bf3856ad364e35_6.1.7600.16385_none_4f5cf6f829213bb2\ws2ifsl.sys
 
< %systemroot%\system32\drivers\*.sys /lockedfiles >
 
< %systemroot%\System32\config\*.sav >
 
< %systemroot%\*. /mp /s >
 
< %systemroot%\system32\*.dll /lockedfiles >
[2 C:\Windows\system32\*.tmp files -> C:\Windows\system32\*.tmp -> ]
 
<           >

< End of report >

--- --- ---

cosinus · 07.09.2012, 11:33

Mach einen OTL-Fix, beende alle evtl. geöffneten Programme, auch Virenscanner deaktivieren (!), starte OTL und kopiere folgenden Text in die "Custom Scan/Fixes" Box (unten in OTL): (das ":OTL" muss mitkopiert werden!!!)

Code:

ATTFilter

:OTL
IE - HKU\S-1-5-21-2791256138-4108016520-4061832491-1001\..\URLSearchHook: {ba14329e-9550-4989-b3f2-9732e92d17cc} - No CLSID value found
IE - HKU\S-1-5-21-2791256138-4108016520-4061832491-1001\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE - HKU\S-1-5-21-2791256138-4108016520-4061832491-1001\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://startsear.ch/?aff=1&q={searchTerms}
FF - user.js - File not found
O4 - HKU\S-1-5-21-2791256138-4108016520-4061832491-1001..\Run: []  File not found
O7 - HKU\S-1-5-21-2791256138-4108016520-4061832491-1001\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutorun = 0
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2009.06.11 07:42:20 | 000,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ]
O33 - MountPoints2\{53d02919-c40c-11e1-b90e-0002787565a0}\Shell - "" = AutoRun
O33 - MountPoints2\{53d02919-c40c-11e1-b90e-0002787565a0}\Shell\AutoRun\command - "" = F:\iStudio.exe
O33 - MountPoints2\{6c24c42d-ea56-11df-aaa6-0002787565a0}\Shell - "" = AutoRun
O33 - MountPoints2\{6c24c42d-ea56-11df-aaa6-0002787565a0}\Shell\AutoRun\command - "" = G:\AutoRun.exe
O33 - MountPoints2\{fe502f8a-e8d2-11df-af29-0002787565a0}\Shell - "" = AutoRun
O33 - MountPoints2\{fe502f8a-e8d2-11df-af29-0002787565a0}\Shell\AutoRun\command - "" = F:\AutoRun.exe
O33 - MountPoints2\F\Shell - "" = AutoRun
O33 - MountPoints2\F\Shell\AutoRun\command - "" = F:\AutoRun.exe
O33 - MountPoints2\G\Shell - "" = AutoRun
O33 - MountPoints2\G\Shell\AutoRun\command - "" = G:\AutoRun.exe
:Files
ipconfig /flushdns /c
:Commands
[purity]
[emptytemp]
[emptyflash]
[resethosts]

Klick dann oben links auf den Button Fix!
Das Logfile müsste geöffnet werden, wenn Du nach dem Fixen auf ok klickst, poste das bitte. Evtl. wird der Rechner neu gestartet.

Die mit diesem Script gefixten Einträge, Dateien und Ordner werden zur Sicherheit nicht vollständig gelöscht, es wird eine Sicherheitskopie auf der Systempartition im Ordner "_OTL" erstellt.

Hinweis: Das obige Script ist nur für diesen einen User in dieser Situtation erstellt worden. Es ist auf keinen anderen Rechner portierbar und darf nicht anderweitig verwandt werden, da es das System nachhaltig schädigen kann!

puntaara · 09.09.2012, 04:27

Code:

ATTFilter

All processes killed
========== OTL ==========
Registry value HKEY_USERS\S-1-5-21-2791256138-4108016520-4061832491-1001\Software\Microsoft\Internet Explorer\URLSearchHooks\\{ba14329e-9550-4989-b3f2-9732e92d17cc} deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{ba14329e-9550-4989-b3f2-9732e92d17cc}\ not found.
HKEY_USERS\S-1-5-21-2791256138-4108016520-4061832491-1001\Software\Microsoft\Internet Explorer\SearchScopes\\DefaultScope| /E : value set successfully!
Registry key HKEY_USERS\S-1-5-21-2791256138-4108016520-4061832491-1001\Software\Microsoft\Internet Explorer\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}\ not found.
Registry value HKEY_USERS\S-1-5-21-2791256138-4108016520-4061832491-1001\Software\Microsoft\Windows\CurrentVersion\Run\\ deleted successfully.
Registry value HKEY_USERS\S-1-5-21-2791256138-4108016520-4061832491-1001\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\\NoDriveAutorun deleted successfully.
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Cdrom\\AutoRun|DWORD:1 /E : value set successfully!
C:\autoexec.bat moved successfully.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{53d02919-c40c-11e1-b90e-0002787565a0}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{53d02919-c40c-11e1-b90e-0002787565a0}\ not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{53d02919-c40c-11e1-b90e-0002787565a0}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{53d02919-c40c-11e1-b90e-0002787565a0}\ not found.
File F:\iStudio.exe not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{6c24c42d-ea56-11df-aaa6-0002787565a0}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{6c24c42d-ea56-11df-aaa6-0002787565a0}\ not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{6c24c42d-ea56-11df-aaa6-0002787565a0}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{6c24c42d-ea56-11df-aaa6-0002787565a0}\ not found.
File G:\AutoRun.exe not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{fe502f8a-e8d2-11df-af29-0002787565a0}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{fe502f8a-e8d2-11df-af29-0002787565a0}\ not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{fe502f8a-e8d2-11df-af29-0002787565a0}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{fe502f8a-e8d2-11df-af29-0002787565a0}\ not found.
File F:\AutoRun.exe not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\F\ deleted successfully.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\F\ not found.
File F:\AutoRun.exe not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\G\ deleted successfully.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\G\ not found.
File G:\AutoRun.exe not found.
========== FILES ==========
< ipconfig /flushdns /c >
Windows-IP-Konfiguration
Der DNS-Aufl”sungscache wurde geleert.
C:\Users\***\Desktop\cmd.bat deleted successfully.
C:\Users\***\Desktop\cmd.txt deleted successfully.
========== COMMANDS ==========
 
[EMPTYTEMP]
 
User: All Users
 
User: Default
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 33170 bytes
->Flash cache emptied: 56466 bytes
 
User: Default User
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
->Flash cache emptied: 0 bytes
 
User: ***
->Temp folder emptied: 129546129 bytes
->Temporary Internet Files folder emptied: 68782641 bytes
->Java cache emptied: 22718692 bytes
->FireFox cache emptied: 83375552 bytes
->Flash cache emptied: 57582 bytes
 
User: Public
 
%systemdrive% .tmp files removed: 0 bytes
%systemroot% .tmp files removed: 0 bytes
%systemroot%\System32 .tmp files removed: 619520 bytes
%systemroot%\System32\drivers .tmp files removed: 0 bytes
Windows Temp folder emptied: 74560923 bytes
RecycleBin emptied: 12151197 bytes
 
Total Files Cleaned = 374,00 mb
 
 
[EMPTYFLASH]
 
User: All Users
 
User: Default
->Flash cache emptied: 0 bytes
 
User: Default User
->Flash cache emptied: 0 bytes
 
User: ***
->Flash cache emptied: 0 bytes
 
User: Public
 
Total Flash Files Cleaned = 0,00 mb
 
C:\Windows\System32\drivers\etc\Hosts moved successfully.
HOSTS file reset successfully
 
OTL by OldTimer - Version 3.2.61.0 log created on 09092012_131736

Files\Folders moved on Reboot...
File\Folder C:\Windows\temp\hsperfdata_******-PC$\2260 not found!
File\Folder C:\Windows\temp\hsperfdata_******-PC$\460 not found!
C:\Windows\temp\err_-7256246394272389755$1347146923054 moved successfully.
C:\Windows\temp\in_-7256246394272389755$1347146923054 moved successfully.
C:\Windows\temp\jna1968276155001218267.dll moved successfully.
C:\Windows\temp\jna7511334370877363505.dll moved successfully.
C:\Windows\temp\out_-7256246394272389755$1347146923054 moved successfully.

PendingFileRenameOperations files...

Registry entries deleted on Reboot...

cosinus · 10.09.2012, 15:45

Bitte nun (im normalen Windows-Modus) dieses Tool von Kaspersky (TDSS-Killer) ausführen und das Log posten Anleitung und Downloadlink hier => http://www.trojaner-board.de/82358-t...entfernen.html

Hinweis: Bitte den Virenscanner abstellen bevor du den TDSS-Killer ausführst, denn v.a. Avira meldet im TDSS-Tool oft einen Fehalalrm!

Das Tool so einstellen wie unten im Bild angegeben - klick auf change parameters und setze die Haken wie im folgenden Screenshot abgebildet,
Dann auf Start Scan klicken und wenn es durch ist auf den Button Report klicken um das Log anzuzeigen. Dieses bitte komplett posten.

Wenn du das Log nicht findest oder den Inhalt kopieren und in dein Posting übertragen kannst, dann schau bitte direkt auf deiner Windows-Systempartition ( meistens Laufwerk C: ) nach, da speichert der TDSS-Killer seine Logs.

Hinweis: Bitte nichts voreilig mit dem TDSS-Killer löschen! Falls Objekte vom TDSS-Killer bemängelt werden, alle mit der Aktion "skip" behandeln und hier nur das Log posten!

puntaara · 11.09.2012, 02:48

Hier das Ergebnis vom TDSS-Scan:

Code:

ATTFilter

11:42:09.0235 2928  TDSS rootkit removing tool 2.8.8.0 Aug 24 2012 13:27:48
11:42:10.0180 2928  ============================================================
11:42:10.0180 2928  Current date / time: 2012/09/11 11:42:10.0180
11:42:10.0181 2928  SystemInfo:
11:42:10.0181 2928  
11:42:10.0181 2928  OS Version: 6.1.7601 ServicePack: 1.0
11:42:10.0181 2928  Product type: Workstation
11:42:10.0181 2928  ComputerName: ******-PC
11:42:10.0181 2928  UserName: ***
11:42:10.0181 2928  Windows directory: C:\Windows
11:42:10.0182 2928  System windows directory: C:\Windows
11:42:10.0182 2928  Processor architecture: Intel x86
11:42:10.0182 2928  Number of processors: 2
11:42:10.0182 2928  Page size: 0x1000
11:42:10.0182 2928  Boot type: Normal boot
11:42:10.0182 2928  ============================================================
11:42:13.0161 2928  Drive \Device\Harddisk0\DR0 - Size: 0x2E93E36000 (186.31 Gb), SectorSize: 0x200, Cylinders: 0x5F01, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000050
11:42:13.0168 2928  ============================================================
11:42:13.0168 2928  \Device\Harddisk0\DR0:
11:42:13.0194 2928  MBR partitions:
11:42:13.0194 2928  \Device\Harddisk0\DR0\Partition1: MBR, Type 0x7, StartLBA 0x1400800, BlocksNum 0xB09E800
11:42:13.0194 2928  \Device\Harddisk0\DR0\Partition2: MBR, Type 0x7, StartLBA 0xC49F000, BlocksNum 0xAFFF800
11:42:13.0194 2928  ============================================================
11:42:13.0231 2928  C: <-> \Device\Harddisk0\DR0\Partition1
11:42:13.0282 2928  D: <-> \Device\Harddisk0\DR0\Partition2
11:42:13.0283 2928  ============================================================
11:42:13.0283 2928  Initialize success
11:42:13.0283 2928  ============================================================
11:42:32.0006 2776  ============================================================
11:42:32.0007 2776  Scan started
11:42:32.0007 2776  Mode: Manual; SigCheck; TDLFS; 
11:42:32.0007 2776  ============================================================
11:42:34.0343 2776  ================ Scan system memory ========================
11:42:34.0343 2776  System memory - ok
11:42:34.0344 2776  ================ Scan services =============================
11:42:34.0722 2776  [ 1B133875B8AA8AC48969BD3458AFE9F5 ] 1394ohci        C:\Windows\system32\drivers\1394ohci.sys
11:42:34.0900 2776  1394ohci - ok
11:42:34.0992 2776  [ CEA80C80BED809AA0DA6FEBC04733349 ] ACPI            C:\Windows\system32\drivers\ACPI.sys
11:42:35.0055 2776  ACPI - ok
11:42:35.0122 2776  [ 1EFBC664ABFF416D1D07DB115DCB264F ] AcpiPmi         C:\Windows\system32\drivers\acpipmi.sys
11:42:35.0370 2776  AcpiPmi - ok
11:42:35.0729 2776  ADDMEM - ok
11:42:35.0912 2776  [ D19C4EE2AC7C47B8F5F84FFF1A789D8A ] AdobeARMservice C:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe
11:42:35.0946 2776  AdobeARMservice - ok
11:42:36.0070 2776  [ 21E785EBD7DC90A06391141AAC7892FB ] adp94xx         C:\Windows\system32\DRIVERS\adp94xx.sys
11:42:36.0190 2776  adp94xx - ok
11:42:36.0226 2776  [ 0C676BC278D5B59FF5ABD57BBE9123F2 ] adpahci         C:\Windows\system32\DRIVERS\adpahci.sys
11:42:36.0315 2776  adpahci - ok
11:42:36.0397 2776  [ 7C7B5EE4B7B822EC85321FE23A27DB33 ] adpu320         C:\Windows\system32\DRIVERS\adpu320.sys
11:42:36.0490 2776  adpu320 - ok
11:42:36.0583 2776  [ 8B5EEFEEC1E6D1A72A06C526628AD161 ] AeLookupSvc     C:\Windows\System32\aelupsvc.dll
11:42:36.0757 2776  AeLookupSvc - ok
11:42:36.0945 2776  [ 9EBBBA55060F786F0FCAA3893BFA2806 ] AFD             C:\Windows\system32\drivers\afd.sys
11:42:37.0081 2776  AFD - ok
11:42:37.0186 2776  [ 39E435C90C9C4F780FA0ED05CA3C3A1B ] AgereModemAudio C:\Windows\system32\agrsmsvc.exe
11:42:37.0286 2776  AgereModemAudio - ok
11:42:37.0469 2776  [ CE91B158FA490CF4C4D487A4130F4660 ] AgereSoftModem  C:\Windows\system32\DRIVERS\AGRSM.sys
11:42:37.0629 2776  AgereSoftModem - ok
11:42:37.0725 2776  [ 507812C3054C21CEF746B6EE3D04DD6E ] agp440          C:\Windows\system32\drivers\agp440.sys
11:42:37.0777 2776  agp440 - ok
11:42:37.0864 2776  [ 8B30250D573A8F6B4BD23195160D8707 ] aic78xx         C:\Windows\system32\DRIVERS\djsvs.sys
11:42:37.0930 2776  aic78xx - ok
11:42:38.0068 2776  [ 18A54E132947CD98FEA9ACCC57F98F13 ] ALG             C:\Windows\System32\alg.exe
11:42:38.0257 2776  ALG - ok
11:42:38.0320 2776  [ 0D40BCF52EA90FC7DF2AEAB6503DEA44 ] aliide          C:\Windows\system32\drivers\aliide.sys
11:42:38.0380 2776  aliide - ok
11:42:38.0408 2776  [ 3C6600A0696E90A463771C7422E23AB5 ] amdagp          C:\Windows\system32\drivers\amdagp.sys
11:42:38.0475 2776  amdagp - ok
11:42:38.0502 2776  [ CD5914170297126B6266860198D1D4F0 ] amdide          C:\Windows\system32\drivers\amdide.sys
11:42:38.0595 2776  amdide - ok
11:42:38.0689 2776  [ 00DDA200D71BAC534BF56A9DB5DFD666 ] AmdK8           C:\Windows\system32\DRIVERS\amdk8.sys
11:42:38.0833 2776  AmdK8 - ok
11:42:38.0865 2776  [ 3CBF30F5370FDA40DD3E87DF38EA53B6 ] AmdPPM          C:\Windows\system32\DRIVERS\amdppm.sys
11:42:39.0019 2776  AmdPPM - ok
11:42:39.0104 2776  [ D320BF87125326F996D4904FE24300FC ] amdsata         C:\Windows\system32\drivers\amdsata.sys
11:42:39.0177 2776  amdsata - ok
11:42:39.0231 2776  [ EA43AF0C423FF267355F74E7A53BDABA ] amdsbs          C:\Windows\system32\DRIVERS\amdsbs.sys
11:42:39.0315 2776  amdsbs - ok
11:42:39.0365 2776  [ 46387FB17B086D16DEA267D5BE23A2F2 ] amdxata         C:\Windows\system32\drivers\amdxata.sys
11:42:39.0399 2776  amdxata - ok
11:42:39.0521 2776  [ AEA177F783E20150ACE5383EE368DA19 ] AppID           C:\Windows\system32\drivers\appid.sys
11:42:39.0997 2776  AppID - ok
11:42:40.0051 2776  [ 62A9C86CB6085E20DB4823E4E97826F5 ] AppIDSvc        C:\Windows\System32\appidsvc.dll
11:42:40.0217 2776  AppIDSvc - ok
11:42:40.0357 2776  [ FB1959012294D6AD43E5304DF65E3C26 ] Appinfo         C:\Windows\System32\appinfo.dll
11:42:40.0461 2776  Appinfo - ok
11:42:40.0660 2776  [ 3DEBBECF665DCDDE3A95D9B902010817 ] Apple Mobile Device C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
11:42:40.0743 2776  Apple Mobile Device - ok
11:42:40.0871 2776  [ A45D184DF6A8803DA13A0B329517A64A ] AppMgmt         C:\Windows\System32\appmgmts.dll
11:42:41.0040 2776  AppMgmt - ok
11:42:41.0147 2776  [ 2932004F49677BD84DBC72EDB754FFB3 ] arc             C:\Windows\system32\DRIVERS\arc.sys
11:42:41.0210 2776  arc - ok
11:42:41.0283 2776  [ 5D6F36C46FD283AE1B57BD2E9FEB0BC7 ] arcsas          C:\Windows\system32\DRIVERS\arcsas.sys
11:42:41.0381 2776  arcsas - ok
11:42:41.0421 2776  [ ADD2ADE1C2B285AB8378D2DAAF991481 ] AsyncMac        C:\Windows\system32\DRIVERS\asyncmac.sys
11:42:41.0777 2776  AsyncMac - ok
11:42:41.0821 2776  [ 338C86357871C167A96AB976519BF59E ] atapi           C:\Windows\system32\drivers\atapi.sys
11:42:41.0836 2776  atapi - ok
11:42:41.0912 2776  [ CE3B4E731638D2EF62FCB419BE0D39F0 ] AudioEndpointBuilder C:\Windows\System32\Audiosrv.dll
11:42:41.0988 2776  AudioEndpointBuilder - ok
11:42:42.0001 2776  [ CE3B4E731638D2EF62FCB419BE0D39F0 ] Audiosrv        C:\Windows\System32\Audiosrv.dll
11:42:42.0034 2776  Audiosrv - ok
11:42:42.0106 2776  [ 6E30D02AAC9CAC84F421622E3A2F6178 ] AxInstSV        C:\Windows\System32\AxInstSV.dll
11:42:42.0225 2776  AxInstSV - ok
11:42:42.0301 2776  [ 1A231ABEC60FD316EC54C66715543CEC ] b06bdrv         C:\Windows\system32\DRIVERS\bxvbdx.sys
11:42:42.0372 2776  b06bdrv - ok
11:42:42.0417 2776  [ BD8869EB9CDE6BBE4508D869929869EE ] b57nd60x        C:\Windows\system32\DRIVERS\b57nd60x.sys
11:42:42.0450 2776  b57nd60x - ok
11:42:42.0507 2776  [ EE1E9C3BB8228AE423DD38DB69128E71 ] BDESVC          C:\Windows\System32\bdesvc.dll
11:42:42.0580 2776  BDESVC - ok
11:42:42.0614 2776  [ 505506526A9D467307B3C393DEDAF858 ] Beep            C:\Windows\system32\drivers\Beep.sys
11:42:42.0661 2776  Beep - ok
11:42:42.0743 2776  [ 1E2BAC209D184BB851E1A187D8A29136 ] BFE             C:\Windows\System32\bfe.dll
11:42:42.0836 2776  BFE - ok
11:42:43.0062 2776  [ C364F02969E9A842321DD91BCFF749D4 ] BHDrvx86        C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_19.1.0.28\Definitions\BASHDefs\20120905.001\BHDrvx86.sys
11:42:43.0132 2776  BHDrvx86 - ok
11:42:43.0194 2776  [ E585445D5021971FAE10393F0F1C3961 ] BITS            C:\Windows\System32\qmgr.dll
11:42:43.0299 2776  BITS - ok
11:42:43.0316 2776  [ 2287078ED48FCFC477B05B20CF38F36F ] blbdrive        C:\Windows\system32\DRIVERS\blbdrive.sys
11:42:43.0353 2776  blbdrive - ok
11:42:43.0453 2776  [ DB5BEA73EDAF19AC68B2C0FAD0F92B1A ] Bonjour Service C:\Program Files\Bonjour\mDNSResponder.exe
11:42:43.0484 2776  Bonjour Service - ok
11:42:43.0506 2776  [ 8F2DA3028D5FCBD1A060A3DE64CD6506 ] bowser          C:\Windows\system32\DRIVERS\bowser.sys
11:42:43.0571 2776  bowser - ok
11:42:43.0627 2776  [ 9F9ACC7F7CCDE8A15C282D3F88B43309 ] BrFiltLo        C:\Windows\system32\DRIVERS\BrFiltLo.sys
11:42:43.0733 2776  BrFiltLo - ok
11:42:43.0757 2776  [ 56801AD62213A41F6497F96DEE83755A ] BrFiltUp        C:\Windows\system32\DRIVERS\BrFiltUp.sys
11:42:43.0819 2776  BrFiltUp - ok
11:42:43.0856 2776  [ 3DAA727B5B0A45039B0E1C9A211B8400 ] Browser         C:\Windows\System32\browser.dll
11:42:43.0938 2776  Browser - ok
11:42:43.0986 2776  [ 845B8CE732E67F3B4133164868C666EA ] Brserid         C:\Windows\System32\Drivers\Brserid.sys
11:42:44.0060 2776  Brserid - ok
11:42:44.0075 2776  [ 203F0B1E73ADADBBB7B7B1FABD901F6B ] BrSerWdm        C:\Windows\System32\Drivers\BrSerWdm.sys
11:42:44.0095 2776  BrSerWdm - ok
11:42:44.0118 2776  [ BD456606156BA17E60A04E18016AE54B ] BrUsbMdm        C:\Windows\System32\Drivers\BrUsbMdm.sys
11:42:44.0174 2776  BrUsbMdm - ok
11:42:44.0199 2776  [ AF72ED54503F717A43268B3CC5FAEC2E ] BrUsbSer        C:\Windows\System32\Drivers\BrUsbSer.sys
11:42:44.0261 2776  BrUsbSer - ok
11:42:44.0319 2776  [ 2865A5C8E98C70C605F417908CEBB3A4 ] BthEnum         C:\Windows\system32\drivers\BthEnum.sys
11:42:44.0425 2776  BthEnum - ok
11:42:44.0455 2776  [ ED3DF7C56CE0084EB2034432FC56565A ] BTHMODEM        C:\Windows\system32\DRIVERS\bthmodem.sys
11:42:44.0495 2776  BTHMODEM - ok
11:42:44.0534 2776  [ AD1872E5829E8A2C3B5B4B641C3EAB0E ] BthPan          C:\Windows\system32\DRIVERS\bthpan.sys
11:42:44.0589 2776  BthPan - ok
11:42:44.0655 2776  [ 1153DE2E4F5941E10C399CB5592F78A1 ] BTHPORT         C:\Windows\System32\Drivers\BTHport.sys
11:42:44.0731 2776  BTHPORT - ok
11:42:44.0799 2776  [ 1DF19C96EEF6C29D1C3E1A8678E07190 ] bthserv         C:\Windows\system32\bthserv.dll
11:42:44.0865 2776  bthserv - ok
11:42:44.0892 2776  [ C81E9413A25A439F436B1D4B6A0CF9E9 ] BTHUSB          C:\Windows\System32\Drivers\BTHUSB.sys
11:42:44.0928 2776  BTHUSB - ok
11:42:45.0026 2776  [ 3EA1A20DC0CA1AD23E7AA8C37A91BCD1 ] btwaudio        C:\Windows\system32\drivers\btwaudio.sys
11:42:45.0059 2776  btwaudio - ok
11:42:45.0091 2776  [ 195872E48A7FB01F8BC9B800F70F4054 ] btwavdt         C:\Windows\system32\DRIVERS\btwavdt.sys
11:42:45.0105 2776  btwavdt - ok
11:42:45.0127 2776  [ 0724E7D6C9B6A289EDDDA33FA8176E80 ] btwrchid        C:\Windows\system32\DRIVERS\btwrchid.sys
11:42:45.0139 2776  btwrchid - ok
11:42:45.0246 2776  [ ACE85AF1C31F68BDFEE9333F6592917E ] ccSet_NIS       C:\Windows\system32\drivers\NIS\1308000.00E\ccSetx86.sys
11:42:45.0279 2776  ccSet_NIS - ok
11:42:45.0296 2776  [ 77EA11B065E0A8AB902D78145CA51E10 ] cdfs            C:\Windows\system32\DRIVERS\cdfs.sys
11:42:45.0348 2776  cdfs - ok
11:42:45.0431 2776  [ BE167ED0FDB9C1FA1133953C18D5A6C9 ] cdrom           C:\Windows\system32\DRIVERS\cdrom.sys
11:42:45.0492 2776  cdrom - ok
11:42:45.0544 2776  [ 319C6B309773D063541D01DF8AC6F55F ] CertPropSvc     C:\Windows\System32\certprop.dll
11:42:45.0611 2776  CertPropSvc - ok
11:42:45.0811 2776  [ 3D23B88A78A22DD32895FC8E2ACDA244 ] CGVPNCliSrvc    C:\Program Files\CyberGhost VPN\CGVPNCliService.exe
11:42:45.0918 2776  CGVPNCliSrvc - ok
11:42:45.0986 2776  [ 3FE3FE94A34DF6FB06E6418D0F6A0060 ] circlass        C:\Windows\system32\DRIVERS\circlass.sys
11:42:46.0034 2776  circlass - ok
11:42:46.0085 2776  [ 635181E0E9BBF16871BF5380D71DB02D ] CLFS            C:\Windows\system32\CLFS.sys
11:42:46.0111 2776  CLFS - ok
11:42:46.0244 2776  [ D88040F816FDA31C3B466F0FA0918F29 ] clr_optimization_v2.0.50727_32 C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe
11:42:46.0276 2776  clr_optimization_v2.0.50727_32 - ok
11:42:46.0411 2776  [ C5A75EB48E2344ABDC162BDA79E16841 ] clr_optimization_v4.0.30319_32 C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe
11:42:46.0447 2776  clr_optimization_v4.0.30319_32 - ok
11:42:46.0481 2776  [ DEA805815E587DAD1DD2C502220B5616 ] CmBatt          C:\Windows\system32\DRIVERS\CmBatt.sys
11:42:46.0498 2776  CmBatt - ok
11:42:46.0519 2776  [ C537B1DB64D495B9B4717B4D6D9EDBF2 ] cmdide          C:\Windows\system32\drivers\cmdide.sys
11:42:46.0535 2776  cmdide - ok
11:42:46.0584 2776  [ 247B4CE2DAB1160CD422D532D5241E1F ] CNG             C:\Windows\system32\Drivers\cng.sys
11:42:46.0615 2776  CNG - ok
11:42:46.0654 2776  [ A6023D3823C37043986713F118A89BEE ] Compbatt        C:\Windows\system32\DRIVERS\compbatt.sys
11:42:46.0688 2776  Compbatt - ok
11:42:46.0749 2776  [ CBE8C58A8579CFE5FCCF809E6F114E89 ] CompositeBus    C:\Windows\system32\drivers\CompositeBus.sys
11:42:46.0768 2776  CompositeBus - ok
11:42:46.0783 2776  COMSysApp - ok
11:42:46.0877 2776  [ F4FD82F5D6617A45CC3C4B9D4E7DF2C0 ] CPUCooLServer   C:\Program Files\CPUCooL\CooLSrv.exe
11:42:46.0906 2776  CPUCooLServer ( UnsignedFile.Multi.Generic ) - warning
11:42:46.0906 2776  CPUCooLServer - detected UnsignedFile.Multi.Generic (1)
11:42:46.0948 2776  cpuz132 - ok
11:42:46.0995 2776  [ 2C4EBCFC84A9B44F209DFF6C6E6C61D1 ] crcdisk         C:\Windows\system32\DRIVERS\crcdisk.sys
11:42:47.0011 2776  crcdisk - ok
11:42:47.0064 2776  [ 06E771AA596B8761107AB57E99F128D7 ] CryptSvc        C:\Windows\system32\cryptsvc.dll
11:42:47.0115 2776  CryptSvc - ok
11:42:47.0178 2776  [ 3C2177A897B4CA2788C6FB0C3FD81D4B ] CSC             C:\Windows\system32\drivers\csc.sys
11:42:47.0258 2776  CSC - ok
11:42:47.0320 2776  [ 15F93B37F6801943360D9EB42485D5D3 ] CscService      C:\Windows\System32\cscsvc.dll
11:42:47.0384 2776  CscService - ok
11:42:47.0416 2776  [ 7660F01D3B38ACA1747E397D21D790AF ] DcomLaunch      C:\Windows\system32\rpcss.dll
11:42:47.0477 2776  DcomLaunch - ok
11:42:47.0520 2776  [ 8D6E10A2D9A5EED59562D9B82CF804E1 ] defragsvc       C:\Windows\System32\defragsvc.dll
11:42:47.0577 2776  defragsvc - ok
11:42:47.0646 2776  [ F024449C97EC1E464AAFFDA18593DB88 ] DfsC            C:\Windows\system32\Drivers\dfsc.sys
11:42:47.0719 2776  DfsC - ok
11:42:47.0821 2776  [ 7F19DBA1A467B838CCB23124A2C55568 ] DgiVecp         C:\Windows\system32\Drivers\DgiVecp.sys
11:42:47.0848 2776  DgiVecp ( UnsignedFile.Multi.Generic ) - warning
11:42:47.0848 2776  DgiVecp - detected UnsignedFile.Multi.Generic (1)
11:42:47.0907 2776  [ E9E01EB683C132F7FA27CD607B8A2B63 ] Dhcp            C:\Windows\system32\dhcpcore.dll
11:42:47.0958 2776  Dhcp - ok
11:42:47.0992 2776  [ 1A050B0274BFB3890703D490F330C0DA ] discache        C:\Windows\system32\drivers\discache.sys
11:42:48.0053 2776  discache - ok
11:42:48.0095 2776  [ 565003F326F99802E68CA78F2A68E9FF ] Disk            C:\Windows\system32\DRIVERS\disk.sys
11:42:48.0112 2776  Disk - ok
11:42:48.0188 2776  [ F6010162368D9BEF934F1647F2430446 ] DiskSec         C:\Windows\system32\drivers\DiskSec.sys
11:42:48.0220 2776  DiskSec ( UnsignedFile.Multi.Generic ) - warning
11:42:48.0220 2776  DiskSec - detected UnsignedFile.Multi.Generic (1)
11:42:48.0262 2776  [ 33EF4861F19A0736B11314AAD9AE28D0 ] Dnscache        C:\Windows\System32\dnsrslvr.dll
11:42:48.0315 2776  Dnscache - ok
11:42:48.0366 2776  [ 8A4CB9438571814B128B6DC30D698064 ] DOSMEMIO        C:\Windows\system32\MEMIO.SYS
11:42:48.0402 2776  DOSMEMIO ( UnsignedFile.Multi.Generic ) - warning
11:42:48.0402 2776  DOSMEMIO - detected UnsignedFile.Multi.Generic (1)
11:42:48.0451 2776  [ 366BA8FB4B7BB7435E3B9EACB3843F67 ] dot3svc         C:\Windows\System32\dot3svc.dll
11:42:48.0517 2776  dot3svc - ok
11:42:48.0563 2776  [ 8EC04CA86F1D68DA9E11952EB85973D6 ] DPS             C:\Windows\system32\dps.dll
11:42:48.0619 2776  DPS - ok
11:42:48.0691 2776  [ B918E7C5F9BF77202F89E1A9539F2EB4 ] drmkaud         C:\Windows\system32\drivers\drmkaud.sys
11:42:48.0722 2776  drmkaud - ok
11:42:48.0769 2776  [ B2C3F71B86E25C3DF78339DDB40A7562 ] dsNcAdpt        C:\Windows\system32\DRIVERS\dsNcAdpt.sys
11:42:48.0825 2776  dsNcAdpt - ok
11:42:48.0895 2776  [ 60AE3D932BC594FF9CDC91F7CD2C2015 ] dsNcService     C:\Program Files\Juniper Networks\Common Files\dsNcService.exe
11:42:48.0946 2776  dsNcService - ok
11:42:49.0021 2776  [ 23F5D28378A160352BA8F817BD8C71CB ] DXGKrnl         C:\Windows\System32\drivers\dxgkrnl.sys
11:42:49.0067 2776  DXGKrnl - ok
11:42:49.0129 2776  [ 8600142FA91C1B96367D3300AD0F3F3A ] EapHost         C:\Windows\System32\eapsvc.dll
11:42:49.0209 2776  EapHost - ok
11:42:49.0387 2776  [ 024E1B5CAC09731E4D868E64DBFB4AB0 ] ebdrv           C:\Windows\system32\DRIVERS\evbdx.sys
11:42:49.0504 2776  ebdrv - ok
11:42:49.0616 2776  [ 85B8B4032A895A746D46A288A9B30DED ] eeCtrl          C:\Program Files\Common Files\Symantec Shared\EENGINE\eeCtrl.sys
11:42:49.0659 2776  eeCtrl - ok
11:42:49.0698 2776  [ 81951F51E318AECC2D68559E47485CC4 ] EFS             C:\Windows\System32\lsass.exe
11:42:49.0765 2776  EFS - ok
11:42:49.0863 2776  [ A8C362018EFC87BEB013EE28F29C0863 ] ehRecvr         C:\Windows\ehome\ehRecvr.exe
11:42:49.0954 2776  ehRecvr - ok
11:42:49.0994 2776  [ D389BFF34F80CAEDE417BF9D1507996A ] ehSched         C:\Windows\ehome\ehsched.exe
11:42:50.0055 2776  ehSched - ok
11:42:50.0137 2776  [ 0ED67910C8C326796FAA00B2BF6D9D3C ] elxstor         C:\Windows\system32\DRIVERS\elxstor.sys
11:42:50.0179 2776  elxstor - ok
11:42:50.0286 2776  [ B5A8A04A6E5B4E86B95B1553AA918F5F ] EraserUtilRebootDrv C:\Program Files\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys
11:42:50.0319 2776  EraserUtilRebootDrv - ok
11:42:50.0375 2776  [ 8FC3208352DD3912C94367A206AB3F11 ] ErrDev          C:\Windows\system32\drivers\errdev.sys
11:42:50.0420 2776  ErrDev - ok
11:42:50.0491 2776  [ F6916EFC29D9953D5D0DF06882AE8E16 ] EventSystem     C:\Windows\system32\es.dll
11:42:50.0563 2776  EventSystem - ok
11:42:50.0689 2776  [ F98BBFDC4BACCC8ECB8839A11B4DF1AF ] EvtEng          C:\Program Files\Intel\Wireless\Bin\EvtEng.exe
11:42:50.0742 2776  EvtEng ( UnsignedFile.Multi.Generic ) - warning
11:42:50.0742 2776  EvtEng - detected UnsignedFile.Multi.Generic (1)
11:42:50.0818 2776  [ 82E7EB9F12321052CD9A904B13724EE2 ] ewusbnet        C:\Windows\system32\DRIVERS\ewusbnet.sys
11:42:50.0915 2776  ewusbnet - ok
11:42:50.0940 2776  [ 2DC9108D74081149CC8B651D3A26207F ] exfat           C:\Windows\system32\drivers\exfat.sys
11:42:50.0986 2776  exfat - ok
11:42:51.0008 2776  [ 7E0AB74553476622FB6AE36F73D97D35 ] fastfat         C:\Windows\system32\drivers\fastfat.sys
11:42:51.0058 2776  fastfat - ok
11:42:51.0134 2776  [ 967EA5B213E9984CBE270205DF37755B ] Fax             C:\Windows\system32\fxssvc.exe
11:42:51.0197 2776  Fax - ok
11:42:51.0238 2776  [ E817A017F82DF2A1F8CFDBDA29388B29 ] fdc             C:\Windows\system32\DRIVERS\fdc.sys
11:42:51.0280 2776  fdc - ok
11:42:51.0320 2776  [ F3222C893BD2F5821A0179E5C71E88FB ] fdPHost         C:\Windows\system32\fdPHost.dll
11:42:51.0377 2776  fdPHost - ok
11:42:51.0396 2776  [ 7DBE8CBFE79EFBDEB98C9FB08D3A9A5B ] FDResPub        C:\Windows\system32\fdrespub.dll
11:42:51.0448 2776  FDResPub - ok
11:42:51.0471 2776  [ 6CF00369C97F3CF563BE99BE983D13D8 ] FileInfo        C:\Windows\system32\drivers\fileinfo.sys
11:42:51.0492 2776  FileInfo - ok
11:42:51.0518 2776  [ 42C51DC94C91DA21CB9196EB64C45DB9 ] Filetrace       C:\Windows\system32\drivers\filetrace.sys
11:42:51.0558 2776  Filetrace - ok
11:42:51.0571 2776  [ 87907AA70CB3C56600F1C2FB8841579B ] flpydisk        C:\Windows\system32\DRIVERS\flpydisk.sys
11:42:51.0611 2776  flpydisk - ok
11:42:51.0661 2776  [ 7520EC808E0C35E0EE6F841294316653 ] FltMgr          C:\Windows\system32\drivers\fltmgr.sys
11:42:51.0700 2776  FltMgr - ok
11:42:51.0773 2776  [ B3A5EC6B6B6673DB7E87C2BCDBDDC074 ] FontCache       C:\Windows\system32\FntCache.dll
11:42:51.0861 2776  FontCache - ok
11:42:51.0956 2776  [ E56F39F6B7FDA0AC77A79B0FD3DE1A2F ] FontCache3.0.0.0 C:\Windows\Microsoft.Net\Framework\v3.0\WPF\PresentationFontCache.exe
11:42:51.0993 2776  FontCache3.0.0.0 - ok
11:42:52.0020 2776  [ 1A16B57943853E598CFF37FE2B8CBF1D ] FsDepends       C:\Windows\system32\drivers\FsDepends.sys
11:42:52.0037 2776  FsDepends - ok
11:42:52.0074 2776  [ 7DAE5EBCC80E45D3253F4923DC424D05 ] Fs_Rec          C:\Windows\system32\drivers\Fs_Rec.sys
11:42:52.0090 2776  Fs_Rec - ok
11:42:52.0143 2776  [ 8A73E79089B282100B9393B644CB853B ] fvevol          C:\Windows\system32\DRIVERS\fvevol.sys
11:42:52.0184 2776  fvevol - ok
11:42:52.0238 2776  [ 65EE0C7A58B65E74AE05637418153938 ] gagp30kx        C:\Windows\system32\DRIVERS\gagp30kx.sys
11:42:52.0271 2776  gagp30kx - ok
11:42:52.0337 2776  [ E897EAF5ED6BA41E081060C9B447A673 ] gpsvc           C:\Windows\System32\gpsvc.dll
11:42:52.0406 2776  gpsvc - ok
11:42:52.0423 2776  [ C44E3C2BAB6837DB337DDEE7544736DB ] hcw85cir        C:\Windows\system32\drivers\hcw85cir.sys
11:42:52.0464 2776  hcw85cir - ok
11:42:52.0555 2776  [ A5EF29D5315111C80A5C1ABAD14C8972 ] HdAudAddService C:\Windows\system32\drivers\HdAudio.sys
11:42:52.0603 2776  HdAudAddService - ok
11:42:52.0637 2776  [ 9036377B8A6C15DC2EEC53E489D159B5 ] HDAudBus        C:\Windows\system32\drivers\HDAudBus.sys
11:42:52.0674 2776  HDAudBus - ok
11:42:52.0723 2776  [ 1D58A7F3E11A9731D0EAAAA8405ACC36 ] HidBatt         C:\Windows\system32\DRIVERS\HidBatt.sys
11:42:52.0767 2776  HidBatt - ok
11:42:52.0795 2776  [ 89448F40E6DF260C206A193A4683BA78 ] HidBth          C:\Windows\system32\DRIVERS\hidbth.sys
11:42:52.0834 2776  HidBth - ok
11:42:52.0866 2776  [ CF50B4CF4A4F229B9F3C08351F99CA5E ] HidIr           C:\Windows\system32\DRIVERS\hidir.sys
11:42:52.0897 2776  HidIr - ok
11:42:52.0942 2776  [ 2BC6F6A1992B3A77F5F41432CA6B3B6B ] hidserv         C:\Windows\system32\hidserv.dll
11:42:52.0984 2776  hidserv - ok
11:42:53.0056 2776  [ 10C19F8290891AF023EAEC0832E1EB4D ] HidUsb          C:\Windows\system32\DRIVERS\hidusb.sys
11:42:53.0087 2776  HidUsb - ok
11:42:53.0142 2776  [ 196B4E3F4CCCC24AF836CE58FACBB699 ] hkmsvc          C:\Windows\system32\kmsvc.dll
11:42:53.0219 2776  hkmsvc - ok
11:42:53.0259 2776  [ 6658F4404DE03D75FE3BA09F7ABA6A30 ] HomeGroupListener C:\Windows\system32\ListSvc.dll
11:42:53.0333 2776  HomeGroupListener - ok
11:42:53.0391 2776  [ DBC02D918FFF1CAD628ACBE0C0EAA8E8 ] HomeGroupProvider C:\Windows\system32\provsvc.dll
11:42:53.0467 2776  HomeGroupProvider - ok
11:42:53.0536 2776  [ 295FDC419039090EB8B49FFDBB374549 ] HpSAMD          C:\Windows\system32\drivers\HpSAMD.sys
11:42:53.0566 2776  HpSAMD - ok
11:42:53.0648 2776  [ 871917B07A141BFF43D76D8844D48106 ] HTTP            C:\Windows\system32\drivers\HTTP.sys
11:42:53.0707 2776  HTTP - ok
11:42:53.0770 2776  [ 348C3A9D01E68A0222A246346924AA55 ] hwdatacard      C:\Windows\system32\DRIVERS\ewusbmdm.sys
11:42:53.0833 2776  hwdatacard - ok
11:42:53.0889 2776  [ 0C4E035C7F105F1299258C90886C64C5 ] hwpolicy        C:\Windows\system32\drivers\hwpolicy.sys
11:42:53.0904 2776  hwpolicy - ok
11:42:53.0973 2776  [ 460B1945C3E6B0419A76E1B507B90B71 ] hwusbdev        C:\Windows\system32\DRIVERS\ewusbdev.sys
11:42:54.0056 2776  hwusbdev - ok
11:42:54.0131 2776  [ F151F0BDC47F4A28B1B20A0818EA36D6 ] i8042prt        C:\Windows\system32\drivers\i8042prt.sys
11:42:54.0183 2776  i8042prt - ok
11:42:54.0246 2776  [ 5CD5F9A5444E6CDCB0AC89BD62D8B76E ] iaStorV         C:\Windows\system32\drivers\iaStorV.sys
11:42:54.0281 2776  iaStorV - ok
11:42:54.0402 2776  [ DAF66902F08796F9C694901660E5A64A ] IDriverT        C:\Program Files\Common Files\InstallShield\Driver\1150\Intel 32\IDriverT.exe
11:42:54.0441 2776  IDriverT ( UnsignedFile.Multi.Generic ) - warning
11:42:54.0441 2776  IDriverT - detected UnsignedFile.Multi.Generic (1)
11:42:54.0538 2776  [ C521D7EB6497BB1AF6AFA89E322FB43C ] idsvc           C:\Windows\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\infocard.exe
11:42:54.0591 2776  idsvc - ok
11:42:54.0700 2776  [ 404FB2AAF532BC7BBACC8880BE401C74 ] IDSVix86        C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_19.1.0.28\Definitions\IPSDefs\20120908.001\IDSvix86.sys
11:42:54.0727 2776  IDSVix86 - ok
11:42:54.0780 2776  [ 4173FF5708F3236CF25195FECD742915 ] iirsp           C:\Windows\system32\DRIVERS\iirsp.sys
11:42:54.0796 2776  iirsp - ok
11:42:54.0864 2776  [ F95622F161474511B8D80D6B093AA610 ] IKEEXT          C:\Windows\System32\ikeext.dll
11:42:54.0943 2776  IKEEXT - ok
11:42:55.0174 2776  [ 0DBEF9CD5A2CD71240DD5AFCEE56D073 ] IntcAzAudAddService C:\Windows\system32\drivers\RTKVHDA.sys
11:42:55.0380 2776  IntcAzAudAddService - ok
11:42:55.0431 2776  [ A0F12F2C9BA6C72F3987CE780E77C130 ] intelide        C:\Windows\system32\drivers\intelide.sys
11:42:55.0462 2776  intelide - ok
11:42:55.0513 2776  [ 3B514D27BFC4ACCB4037BC6685F766E0 ] intelppm        C:\Windows\system32\DRIVERS\intelppm.sys
11:42:55.0563 2776  intelppm - ok
11:42:55.0629 2776  [ ACB364B9075A45C0736E5C47BE5CAE19 ] IPBusEnum       C:\Windows\system32\ipbusenum.dll
11:42:55.0672 2776  IPBusEnum - ok
11:42:55.0689 2776  [ 709D1761D3B19A932FF0238EA6D50200 ] IpFilterDriver  C:\Windows\system32\DRIVERS\ipfltdrv.sys
11:42:55.0734 2776  IpFilterDriver - ok
11:42:55.0867 2776  [ 4D65A07B795D6674312F879D09AA7663 ] iphlpsvc        C:\Windows\System32\iphlpsvc.dll
11:42:55.0927 2776  iphlpsvc - ok
11:42:55.0986 2776  [ 4BD7134618C1D2A27466A099062547BF ] IPMIDRV         C:\Windows\system32\drivers\IPMIDrv.sys
11:42:56.0040 2776  IPMIDRV - ok
11:42:56.0060 2776  [ A5FA468D67ABCDAA36264E463A7BB0CD ] IPNAT           C:\Windows\system32\drivers\ipnat.sys
11:42:56.0111 2776  IPNAT - ok
11:42:56.0173 2776  [ 42996CFF20A3084A56017B7902307E9F ] IRENUM          C:\Windows\system32\drivers\irenum.sys
11:42:56.0265 2776  IRENUM - ok
11:42:56.0292 2776  [ 1F32BB6B38F62F7DF1A7AB7292638A35 ] isapnp          C:\Windows\system32\drivers\isapnp.sys
11:42:56.0312 2776  isapnp - ok
11:42:56.0353 2776  [ CB7A9ABB12B8415BCE5D74994C7BA3AE ] iScsiPrt        C:\Windows\system32\drivers\msiscsi.sys
11:42:56.0389 2776  iScsiPrt - ok
11:42:56.0434 2776  [ ADEF52CA1AEAE82B50DF86B56413107E ] kbdclass        C:\Windows\system32\DRIVERS\kbdclass.sys
11:42:56.0455 2776  kbdclass - ok
11:42:56.0509 2776  [ 9E3CED91863E6EE98C24794D05E27A71 ] kbdhid          C:\Windows\system32\DRIVERS\kbdhid.sys
11:42:56.0560 2776  kbdhid - ok
11:42:56.0583 2776  [ 81951F51E318AECC2D68559E47485CC4 ] KeyIso          C:\Windows\system32\lsass.exe
11:42:56.0610 2776  KeyIso - ok
11:42:56.0667 2776  [ EBC507F129DF8F0E0CA270DCFC0CF87F ] KMDFMEMIO       C:\Windows\system32\DRIVERS\kmdfmemio.sys
11:42:56.0726 2776  KMDFMEMIO - ok
11:42:56.0773 2776  [ B7895B4182C0D16F6EFADEB8081E8D36 ] KSecDD          C:\Windows\system32\Drivers\ksecdd.sys
11:42:56.0794 2776  KSecDD - ok
11:42:56.0835 2776  [ D30159AC9237519FBC62C6EC247D2D46 ] KSecPkg         C:\Windows\system32\Drivers\ksecpkg.sys
11:42:56.0872 2776  KSecPkg - ok
11:42:56.0930 2776  [ 89A7B9CC98D0D80C6F31B91C0A310FCD ] KtmRm           C:\Windows\system32\msdtckrm.dll
11:42:57.0009 2776  KtmRm - ok
11:42:57.0057 2776  [ D64AF876D53ECA3668BB97B51B4E70AB ] LanmanServer    C:\Windows\system32\srvsvc.dll
11:42:57.0091 2776  LanmanServer - ok
11:42:57.0104 2776  [ 58405E4F68BA8E4057C6E914F326ABA2 ] LanmanWorkstation C:\Windows\System32\wkssvc.dll
11:42:57.0161 2776  LanmanWorkstation - ok
11:42:57.0234 2776  [ F7611EC07349979DA9B0AE1F18CCC7A6 ] lltdio          C:\Windows\system32\DRIVERS\lltdio.sys
11:42:57.0308 2776  lltdio - ok
11:42:57.0349 2776  [ 5700673E13A2117FA3B9020C852C01E2 ] lltdsvc         C:\Windows\System32\lltdsvc.dll
11:42:57.0407 2776  lltdsvc - ok
11:42:57.0426 2776  [ 55CA01BA19D0006C8F2639B6C045E08B ] lmhosts         C:\Windows\System32\lmhsvc.dll
11:42:57.0469 2776  lmhosts - ok
11:42:57.0513 2776  [ EB119A53CCF2ACC000AC71B065B78FEF ] LSI_FC          C:\Windows\system32\DRIVERS\lsi_fc.sys
11:42:57.0531 2776  LSI_FC - ok
11:42:57.0548 2776  [ 8ADE1C877256A22E49B75D1CC9161F9C ] LSI_SAS         C:\Windows\system32\DRIVERS\lsi_sas.sys
11:42:57.0566 2776  LSI_SAS - ok
11:42:57.0628 2776  [ DC9DC3D3DAA0E276FD2EC262E38B11E9 ] LSI_SAS2        C:\Windows\system32\DRIVERS\lsi_sas2.sys
11:42:57.0646 2776  LSI_SAS2 - ok
11:42:57.0670 2776  [ 0A036C7D7CAB643A7F07135AC47E0524 ] LSI_SCSI        C:\Windows\system32\DRIVERS\lsi_scsi.sys
11:42:57.0688 2776  LSI_SCSI - ok
11:42:57.0703 2776  [ 6703E366CC18D3B6E534F5CF7DF39CEE ] luafv           C:\Windows\system32\drivers\luafv.sys
11:42:57.0736 2776  luafv - ok
11:42:57.0809 2776  [ 6DFE7F2E8E8A337263AA5C92A215F161 ] MBAMProtector   C:\Windows\system32\drivers\mbam.sys
11:42:57.0834 2776  MBAMProtector - ok
11:42:57.0904 2776  [ 43683E970F008C93C9429EF428147A54 ] MBAMService     C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe
11:42:57.0933 2776  MBAMService - ok
11:42:57.0983 2776  [ BFB9EE8EE977EFE85D1A3105ABEF6DD1 ] Mcx2Svc         C:\Windows\system32\Mcx2Svc.dll
11:42:58.0018 2776  Mcx2Svc - ok
11:42:58.0135 2776  [ 11F714F85530A2BD134074DC30E99FCA ] MDM             C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
11:42:58.0162 2776  MDM - ok
11:42:58.0212 2776  [ 0FFF5B045293002AB38EB1FD1FC2FB74 ] megasas         C:\Windows\system32\DRIVERS\megasas.sys
11:42:58.0247 2776  megasas - ok
11:42:58.0290 2776  [ DCBAB2920C75F390CAF1D29F675D03D6 ] MegaSR          C:\Windows\system32\DRIVERS\MegaSR.sys
11:42:58.0330 2776  MegaSR - ok
11:42:58.0367 2776  [ 146B6F43A673379A3C670E86D89BE5EA ] MMCSS           C:\Windows\system32\mmcss.dll
11:42:58.0416 2776  MMCSS - ok
11:42:58.0438 2776  [ F001861E5700EE84E2D4E52C712F4964 ] Modem           C:\Windows\system32\drivers\modem.sys
11:42:58.0468 2776  Modem - ok
11:42:58.0495 2776  [ 79D10964DE86B292320E9DFE02282A23 ] monitor         C:\Windows\system32\DRIVERS\monitor.sys
11:42:58.0535 2776  monitor - ok
11:42:58.0566 2776  [ FB18CC1D4C2E716B6B903B0AC0CC0609 ] mouclass        C:\Windows\system32\DRIVERS\mouclass.sys
11:42:58.0582 2776  mouclass - ok
11:42:58.0644 2776  [ 2C388D2CD01C9042596CF3C8F3C7B24D ] mouhid          C:\Windows\system32\DRIVERS\mouhid.sys
11:42:58.0695 2776  mouhid - ok
11:42:58.0739 2776  [ FC8771F45ECCCFD89684E38842539B9B ] mountmgr        C:\Windows\system32\drivers\mountmgr.sys
11:42:58.0767 2776  mountmgr - ok
11:42:58.0876 2776  [ CB8AF049AC9BE419A77ADAE288673359 ] MozillaMaintenance C:\Program Files\Mozilla Maintenance Service\maintenanceservice.exe
11:42:58.0895 2776  MozillaMaintenance - ok
11:42:58.0909 2776  [ 2D699FB6E89CE0D8DA14ECC03B3EDFE0 ] mpio            C:\Windows\system32\drivers\mpio.sys
11:42:58.0928 2776  mpio - ok
11:42:58.0948 2776  [ AD2723A7B53DD1AACAE6AD8C0BFBF4D0 ] mpsdrv          C:\Windows\system32\drivers\mpsdrv.sys
11:42:59.0035 2776  mpsdrv - ok
11:42:59.0102 2776  [ 9835584E999D25004E1EE8E5F3E3B881 ] MpsSvc          C:\Windows\system32\mpssvc.dll
11:42:59.0192 2776  MpsSvc - ok
11:42:59.0227 2776  [ CEB46AB7C01C9F825F8CC6BABC18166A ] MRxDAV          C:\Windows\system32\drivers\mrxdav.sys
11:42:59.0266 2776  MRxDAV - ok
11:42:59.0303 2776  [ 5D16C921E3671636C0EBA3BBAAC5FD25 ] mrxsmb          C:\Windows\system32\DRIVERS\mrxsmb.sys
11:42:59.0353 2776  mrxsmb - ok
11:42:59.0399 2776  [ 6D17A4791ACA19328C685D256349FEFC ] mrxsmb10        C:\Windows\system32\DRIVERS\mrxsmb10.sys
11:42:59.0441 2776  mrxsmb10 - ok
11:42:59.0469 2776  [ B81F204D146000BE76651A50670A5E9E ] mrxsmb20        C:\Windows\system32\DRIVERS\mrxsmb20.sys
11:42:59.0499 2776  mrxsmb20 - ok
11:42:59.0513 2776  [ 012C5F4E9349E711E11E0F19A8589F0A ] msahci          C:\Windows\system32\drivers\msahci.sys
11:42:59.0528 2776  msahci - ok
11:42:59.0583 2776  [ 55055F8AD8BE27A64C831322A780A228 ] msdsm           C:\Windows\system32\drivers\msdsm.sys
11:42:59.0619 2776  msdsm - ok
11:42:59.0665 2776  [ E1BCE74A3BD9902B72599C0192A07E27 ] MSDTC           C:\Windows\System32\msdtc.exe
11:42:59.0699 2776  MSDTC - ok
11:42:59.0752 2776  [ DAEFB28E3AF5A76ABCC2C3078C07327F ] Msfs            C:\Windows\system32\drivers\Msfs.sys
11:42:59.0783 2776  Msfs - ok
11:42:59.0794 2776  [ 3E1E5767043C5AF9367F0056295E9F84 ] mshidkmdf       C:\Windows\System32\drivers\mshidkmdf.sys
11:42:59.0825 2776  mshidkmdf - ok
11:42:59.0862 2776  [ 0A4E5757AE09FA9622E3158CC1AEF114 ] msisadrv        C:\Windows\system32\drivers\msisadrv.sys
11:42:59.0878 2776  msisadrv - ok
11:42:59.0951 2776  [ 90F7D9E6B6F27E1A707D4A297F077828 ] MSiSCSI         C:\Windows\system32\iscsiexe.dll
11:43:00.0022 2776  MSiSCSI - ok
11:43:00.0026 2776  msiserver - ok
11:43:00.0060 2776  [ 8C0860D6366AAFFB6C5BB9DF9448E631 ] MSKSSRV         C:\Windows\system32\drivers\MSKSSRV.sys
11:43:00.0102 2776  MSKSSRV - ok
11:43:00.0121 2776  [ 3EA8B949F963562CEDBB549EAC0C11CE ] MSPCLOCK        C:\Windows\system32\drivers\MSPCLOCK.sys
11:43:00.0167 2776  MSPCLOCK - ok
11:43:00.0188 2776  [ F456E973590D663B1073E9C463B40932 ] MSPQM           C:\Windows\system32\drivers\MSPQM.sys
11:43:00.0219 2776  MSPQM - ok
11:43:00.0260 2776  [ 0E008FC4819D238C51D7C93E7B41E560 ] MsRPC           C:\Windows\system32\drivers\MsRPC.sys
11:43:00.0280 2776  MsRPC - ok
11:43:00.0318 2776  [ FC6B9FF600CC585EA38B12589BD4E246 ] mssmbios        C:\Windows\system32\drivers\mssmbios.sys
11:43:00.0333 2776  mssmbios - ok
11:43:00.0339 2776  [ B42C6B921F61A6E55159B8BE6CD54A36 ] MSTEE           C:\Windows\system32\drivers\MSTEE.sys
11:43:00.0371 2776  MSTEE - ok
11:43:00.0395 2776  [ 33599130F44E1F34631CEA241DE8AC84 ] MTConfig        C:\Windows\system32\DRIVERS\MTConfig.sys
11:43:00.0449 2776  MTConfig - ok
11:43:00.0484 2776  [ 159FAD02F64E6381758C990F753BCC80 ] Mup             C:\Windows\system32\Drivers\mup.sys
11:43:00.0500 2776  Mup - ok
11:43:00.0545 2776  [ 61D57A5D7C6D9AFE10E77DAE6E1B445E ] napagent        C:\Windows\system32\qagentRT.dll
11:43:00.0597 2776  napagent - ok
11:43:00.0676 2776  [ 26384429FCD85D83746F63E798AB1480 ] NativeWifiP     C:\Windows\system32\DRIVERS\nwifi.sys
11:43:00.0715 2776  NativeWifiP - ok
11:43:00.0804 2776  [ FA0B7D801E71CE79B915BAE5A90DE224 ] NAVENG          C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_19.1.0.28\Definitions\VirusDefs\20120910.018\NAVENG.SYS
11:43:00.0831 2776  NAVENG - ok
11:43:00.0917 2776  [ 80BB71A7D14CF14B54514A201BF5B985 ] NAVEX15         C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_19.1.0.28\Definitions\VirusDefs\20120910.018\NAVEX15.SYS
11:43:00.0961 2776  NAVEX15 - ok
11:43:01.0027 2776  [ E7C54812A2AAF43316EB6930C1FFA108 ] NDIS            C:\Windows\system32\drivers\ndis.sys
11:43:01.0070 2776  NDIS - ok
11:43:01.0130 2776  [ 0E1787AA6C9191D3D319E8BAFE86F80C ] NdisCap         C:\Windows\system32\DRIVERS\ndiscap.sys
11:43:01.0211 2776  NdisCap - ok
11:43:01.0232 2776  [ E4A8AEC125A2E43A9E32AFEEA7C9C888 ] NdisTapi        C:\Windows\system32\DRIVERS\ndistapi.sys
11:43:01.0277 2776  NdisTapi - ok
11:43:01.0335 2776  [ D8A65DAFB3EB41CBB622745676FCD072 ] Ndisuio         C:\Windows\system32\DRIVERS\ndisuio.sys
11:43:01.0395 2776  Ndisuio - ok
11:43:01.0437 2776  [ 38FBE267E7E6983311179230FACB1017 ] NdisWan         C:\Windows\system32\DRIVERS\ndiswan.sys
11:43:01.0480 2776  NdisWan - ok
11:43:01.0506 2776  [ A4BDC541E69674FBFF1A8FF00BE913F2 ] NDProxy         C:\Windows\system32\drivers\NDProxy.sys
11:43:01.0536 2776  NDProxy - ok
11:43:01.0587 2776  [ A081CB6FB9A12668F233EB5414BE3A0E ] Net Driver HPZ12 C:\Windows\system32\HPZinw12.dll
11:43:01.0618 2776  Net Driver HPZ12 ( UnsignedFile.Multi.Generic ) - warning
11:43:01.0618 2776  Net Driver HPZ12 - detected UnsignedFile.Multi.Generic (1)
11:43:01.0692 2776  [ 80B275B1CE3B0E79909DB7B39AF74D51 ] NetBIOS         C:\Windows\system32\DRIVERS\netbios.sys
11:43:01.0755 2776  NetBIOS - ok
11:43:01.0814 2776  [ 280122DDCF04B378EDD1AD54D71C1E54 ] NetBT           C:\Windows\system32\DRIVERS\netbt.sys
11:43:01.0891 2776  NetBT - ok
11:43:01.0913 2776  [ 81951F51E318AECC2D68559E47485CC4 ] Netlogon        C:\Windows\system32\lsass.exe
11:43:01.0930 2776  Netlogon - ok
11:43:02.0001 2776  [ 7CCCFCA7510684768DA22092D1FA4DB2 ] Netman          C:\Windows\System32\netman.dll
11:43:02.0080 2776  Netman - ok
11:43:02.0115 2776  [ 8C338238C16777A802D6A9211EB2BA50 ] netprofm        C:\Windows\System32\netprofm.dll
11:43:02.0174 2776  netprofm - ok
11:43:02.0217 2776  [ F476EC40033CDB91EFBE73EB99B8362D ] NetTcpPortSharing C:\Windows\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\SMSvcHost.exe
11:43:02.0234 2776  NetTcpPortSharing - ok
11:43:02.0356 2776  [ 6522DD40A5F67CED020BD81B856613FB ] NETw4v32        C:\Windows\system32\DRIVERS\NETw4v32.sys
11:43:02.0461 2776  NETw4v32 - ok
11:43:02.0657 2776  [ 58218EC6B61B1169CF54AAB0D00F5FE2 ] netw5v32        C:\Windows\system32\DRIVERS\netw5v32.sys
11:43:02.0908 2776  netw5v32 - ok
11:43:02.0974 2776  [ 1D85C4B390B0EE09C7A46B91EFB2C097 ] nfrd960         C:\Windows\system32\DRIVERS\nfrd960.sys
11:43:02.0992 2776  nfrd960 - ok
11:43:03.0078 2776  [ F2840DBFE9322F35557219AE82CC4597 ] NIS             C:\Program Files\Norton Internet Security\Engine\19.8.0.14\ccSvcHst.exe
11:43:03.0092 2776  NIS - ok
11:43:03.0147 2776  [ 912084381D30D8B89EC4E293053F4710 ] NlaSvc          C:\Windows\System32\nlasvc.dll
11:43:03.0216 2776  NlaSvc - ok
11:43:03.0401 2776  [ F6C40E0A565EE3CE5AEEB325E10054F2 ] nmwcd           C:\Windows\system32\drivers\ccdcmb.sys
11:43:03.0482 2776  nmwcd - ok
11:43:03.0535 2776  [ 2A394E9E1FA3565E4B2FEA470FFE4D6B ] nmwcdc          C:\Windows\system32\drivers\ccdcmbo.sys
11:43:03.0595 2776  nmwcdc - ok
11:43:03.0641 2776  [ 99B224F8026CB534724AA3C408561E45 ] nmwcdnsu        C:\Windows\system32\drivers\nmwcdnsu.sys
11:43:03.0716 2776  nmwcdnsu - ok
11:43:03.0771 2776  [ D23257682D349A5E2E4507ED33DECC16 ] nmwcdnsuc       C:\Windows\system32\drivers\nmwcdnsuc.sys
11:43:03.0809 2776  nmwcdnsuc - ok
11:43:03.0854 2776  [ 1DB262A9F8C087E8153D89BEF3D2235F ] Npfs            C:\Windows\system32\drivers\Npfs.sys
11:43:03.0907 2776  Npfs - ok
11:43:03.0951 2776  [ BA387E955E890C8A88306D9B8D06BF17 ] nsi             C:\Windows\system32\nsisvc.dll
11:43:03.0984 2776  nsi - ok
11:43:03.0998 2776  [ E9A0A4D07E53D8FEA2BB8387A3293C58 ] nsiproxy        C:\Windows\system32\drivers\nsiproxy.sys
11:43:04.0048 2776  nsiproxy - ok
11:43:04.0131 2776  [ 81189C3D7763838E55C397759D49007A ] Ntfs            C:\Windows\system32\drivers\Ntfs.sys
11:43:04.0187 2776  Ntfs - ok
11:43:04.0255 2776  [ 5850C28057DDEA04390B88F8CC482504 ] ntiopnp         C:\Windows\system32\drivers\ntiopnp.sys
11:43:04.0292 2776  ntiopnp - ok
11:43:04.0342 2776  [ F9756A98D69098DCA8945D62858A812C ] Null            C:\Windows\system32\drivers\Null.sys
11:43:04.0418 2776  Null - ok
11:43:04.0836 2776  [ AFB33A823AABC112FC7BD62AFBCDB0CD ] nvlddmkm        C:\Windows\system32\DRIVERS\nvlddmkm.sys
11:43:05.0350 2776  nvlddmkm - ok
11:43:05.0371 2776  [ B3E25EE28883877076E0E1FF877D02E0 ] nvraid          C:\Windows\system32\drivers\nvraid.sys
11:43:05.0390 2776  nvraid - ok
11:43:05.0422 2776  [ 4380E59A170D88C4F1022EFF6719A8A4 ] nvstor          C:\Windows\system32\drivers\nvstor.sys
11:43:05.0442 2776  nvstor - ok
11:43:05.0541 2776  [ 782945716AD010AC3D41758E8E52C735 ] nvsvc           C:\Windows\system32\nvvsvc.exe
11:43:05.0580 2776  nvsvc - ok
11:43:05.0633 2776  [ 5A0983915F02BAE73267CC2A041F717D ] nv_agp          C:\Windows\system32\drivers\nv_agp.sys
11:43:05.0666 2776  nv_agp - ok
11:43:05.0738 2776  [ 785F487A64950F3CB8E9F16253BA3B7B ] odserv          C:\Program Files\Common Files\Microsoft Shared\OFFICE12\ODSERV.EXE
11:43:05.0773 2776  odserv - ok
11:43:05.0819 2776  [ 08A70A1F2CDDE9BB49B885CB817A66EB ] ohci1394        C:\Windows\system32\drivers\ohci1394.sys
11:43:05.0860 2776  ohci1394 - ok
11:43:05.0908 2776  [ 9D10F99A6712E28F8ACD5641E3A7EA6B ] ose             C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE
11:43:05.0925 2776  ose - ok
11:43:06.0170 2776  [ 358A9CCA612C68EB2F07DDAD4CE1D8D7 ] osppsvc         C:\Program Files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE
11:43:06.0475 2776  osppsvc - ok
11:43:06.0554 2776  [ 82A8521DDC60710C3D3D3E7325209BEC ] p2pimsvc        C:\Windows\system32\pnrpsvc.dll
11:43:06.0639 2776  p2pimsvc - ok
11:43:06.0670 2776  [ 59C3DDD501E39E006DAC31BF55150D91 ] p2psvc          C:\Windows\system32\p2psvc.dll
11:43:06.0713 2776  p2psvc - ok
11:43:06.0760 2776  [ 2EA877ED5DD9713C5AC74E8EA7348D14 ] Parport         C:\Windows\system32\DRIVERS\parport.sys
11:43:06.0834 2776  Parport - ok
11:43:06.0877 2776  [ 3F34A1B4C5F6475F320C275E63AFCE9B ] partmgr         C:\Windows\system32\drivers\partmgr.sys
11:43:06.0911 2776  partmgr - ok
11:43:06.0936 2776  [ EB0A59F29C19B86479D36B35983DAADC ] Parvdm          C:\Windows\system32\DRIVERS\parvdm.sys
11:43:06.0968 2776  Parvdm - ok
11:43:07.0021 2776  [ 358AB7956D3160000726574083DFC8A6 ] PcaSvc          C:\Windows\System32\pcasvc.dll
11:43:07.0043 2776  PcaSvc - ok
11:43:07.0136 2776  [ F451DCACBAA67F3307305EBD4A39EA07 ] pccsmcfd        C:\Windows\system32\DRIVERS\pccsmcfd.sys
11:43:07.0177 2776  pccsmcfd - ok
11:43:07.0226 2776  [ 673E55C3498EB970088E812EA820AA8F ] pci             C:\Windows\system32\drivers\pci.sys
11:43:07.0251 2776  pci - ok
11:43:07.0266 2776  [ AFE86F419014DB4E5593F69FFE26CE0A ] pciide          C:\Windows\system32\drivers\pciide.sys
11:43:07.0283 2776  pciide - ok
11:43:07.0348 2776  [ F396431B31693E71E8A80687EF523506 ] pcmcia          C:\Windows\system32\DRIVERS\pcmcia.sys
11:43:07.0381 2776  pcmcia - ok
11:43:07.0407 2776  [ 250F6B43D2B613172035C6747AEEB19F ] pcw             C:\Windows\system32\drivers\pcw.sys
11:43:07.0424 2776  pcw - ok
11:43:07.0461 2776  [ 9E0104BA49F4E6973749A02BF41344ED ] PEAUTH          C:\Windows\system32\drivers\peauth.sys
11:43:07.0523 2776  PEAUTH - ok
11:43:07.0606 2776  [ AF4D64D2A57B9772CF3801950B8058A6 ] PeerDistSvc     C:\Windows\system32\peerdistsvc.dll
11:43:07.0694 2776  PeerDistSvc - ok
11:43:07.0808 2776  [ 414BBA67A3DED1D28437EB66AEB8A720 ] pla             C:\Windows\system32\pla.dll
11:43:07.0929 2776  pla - ok
11:43:07.0983 2776  [ EC7BC28D207DA09E79B3E9FAF8B232CA ] PlugPlay        C:\Windows\system32\umpnpmgr.dll
11:43:08.0049 2776  PlugPlay - ok
11:43:08.0075 2776  [ 65BC271F337637731D3C71455AE1F476 ] Pml Driver HPZ12 C:\Windows\system32\HPZipm12.dll
11:43:08.0104 2776  Pml Driver HPZ12 ( UnsignedFile.Multi.Generic ) - warning
11:43:08.0104 2776  Pml Driver HPZ12 - detected UnsignedFile.Multi.Generic (1)
11:43:08.0147 2776  [ 63FF8572611249931EB16BB8EED6AFC8 ] PNRPAutoReg     C:\Windows\system32\pnrpauto.dll
11:43:08.0196 2776  PNRPAutoReg - ok
11:43:08.0225 2776  [ 82A8521DDC60710C3D3D3E7325209BEC ] PNRPsvc         C:\Windows\system32\pnrpsvc.dll
11:43:08.0245 2776  PNRPsvc - ok
11:43:08.0310 2776  [ 53946B69BA0836BD95B03759530C81EC ] PolicyAgent     C:\Windows\System32\ipsecsvc.dll
11:43:08.0381 2776  PolicyAgent - ok
11:43:08.0484 2776  [ F87D30E72E03D579A5199CCB3831D6EA ] Power           C:\Windows\system32\umpo.dll
11:43:08.0533 2776  Power - ok
11:43:08.0594 2776  [ 631E3E205AD6D86F2AED6A4A8E69F2DB ] PptpMiniport    C:\Windows\system32\DRIVERS\raspptp.sys
11:43:08.0682 2776  PptpMiniport - ok
11:43:08.0735 2776  [ 85B1E3A0C7585BC4AAE6899EC6FCF011 ] Processor       C:\Windows\system32\DRIVERS\processr.sys
11:43:08.0793 2776  Processor - ok
11:43:08.0845 2776  [ CADEFAC453040E370A1BDFF3973BE00D ] ProfSvc         C:\Windows\system32\profsvc.dll
11:43:08.0894 2776  ProfSvc - ok
11:43:08.0912 2776  [ 81951F51E318AECC2D68559E47485CC4 ] ProtectedStorage C:\Windows\system32\lsass.exe
11:43:08.0930 2776  ProtectedStorage - ok
11:43:08.0958 2776  [ 6270CCAE2A86DE6D146529FE55B3246A ] Psched          C:\Windows\system32\DRIVERS\pacer.sys
11:43:08.0990 2776  Psched - ok
11:43:09.0057 2776  [ AB95ECF1F6659A60DDC166D8315B0751 ] ql2300          C:\Windows\system32\DRIVERS\ql2300.sys
11:43:09.0120 2776  ql2300 - ok
11:43:09.0160 2776  [ B4DD51DD25182244B86737DC51AF2270 ] ql40xx          C:\Windows\system32\DRIVERS\ql40xx.sys
11:43:09.0193 2776  ql40xx - ok
11:43:09.0253 2776  [ 31AC809E7707EB580B2BDB760390765A ] QWAVE           C:\Windows\system32\qwave.dll
11:43:09.0317 2776  QWAVE - ok
11:43:09.0342 2776  [ 584078CA1B95CA72DF2A27C336F9719D ] QWAVEdrv        C:\Windows\system32\drivers\qwavedrv.sys
11:43:09.0366 2776  QWAVEdrv - ok
11:43:09.0383 2776  [ 30A81B53C766D0133BB86D234E5556AB ] RasAcd          C:\Windows\system32\DRIVERS\rasacd.sys
11:43:09.0422 2776  RasAcd - ok
11:43:09.0478 2776  [ 57EC4AEF73660166074D8F7F31C0D4FD ] RasAgileVpn     C:\Windows\system32\DRIVERS\AgileVpn.sys
11:43:09.0532 2776  RasAgileVpn - ok
11:43:09.0564 2776  [ A60F1839849C0C00739787FD5EC03F13 ] RasAuto         C:\Windows\System32\rasauto.dll
11:43:09.0598 2776  RasAuto - ok
11:43:09.0656 2776  [ D9F91EAFEC2815365CBE6D167E4E332A ] Rasl2tp         C:\Windows\system32\DRIVERS\rasl2tp.sys
11:43:09.0725 2776  Rasl2tp - ok
11:43:09.0807 2776  [ CB9E04DC05EACF5B9A36CA276D475006 ] RasMan          C:\Windows\System32\rasmans.dll
11:43:09.0878 2776  RasMan - ok
11:43:09.0910 2776  [ 0FE8B15916307A6AC12BFB6A63E45507 ] RasPppoe        C:\Windows\system32\DRIVERS\raspppoe.sys
11:43:09.0954 2776  RasPppoe - ok
11:43:09.0974 2776  [ 44101F495A83EA6401D886E7FD70096B ] RasSstp         C:\Windows\system32\DRIVERS\rassstp.sys
11:43:10.0024 2776  RasSstp - ok
11:43:10.0076 2776  [ D528BC58A489409BA40334EBF96A311B ] rdbss           C:\Windows\system32\DRIVERS\rdbss.sys
11:43:10.0141 2776  rdbss - ok
11:43:10.0191 2776  [ 0D8F05481CB76E70E1DA06EE9F0DA9DF ] rdpbus          C:\Windows\system32\DRIVERS\rdpbus.sys
11:43:10.0227 2776  rdpbus - ok
11:43:10.0279 2776  [ 23DAE03F29D253AE74C44F99E515F9A1 ] RDPCDD          C:\Windows\system32\DRIVERS\RDPCDD.sys
11:43:10.0351 2776  RDPCDD - ok
11:43:10.0393 2776  [ B973FCFC50DC1434E1970A146F7E3885 ] RDPDR           C:\Windows\system32\drivers\rdpdr.sys
11:43:10.0426 2776  RDPDR - ok
11:43:10.0453 2776  [ 5A53CA1598DD4156D44196D200C94B8A ] RDPENCDD        C:\Windows\system32\drivers\rdpencdd.sys
11:43:10.0501 2776  RDPENCDD - ok
11:43:10.0522 2776  [ 44B0A53CD4F27D50ED461DAE0C0B4E1F ] RDPREFMP        C:\Windows\system32\drivers\rdprefmp.sys
11:43:10.0559 2776  RDPREFMP - ok
11:43:10.0595 2776  [ F031683E6D1FEA157ABB2FF260B51E61 ] RDPWD           C:\Windows\system32\drivers\RDPWD.sys
11:43:10.0658 2776  RDPWD - ok
11:43:10.0710 2776  [ 518395321DC96FE2C9F0E96AC743B656 ] rdyboost        C:\Windows\system32\drivers\rdyboost.sys
11:43:10.0742 2776  rdyboost - ok
11:43:10.0800 2776  [ 796D6727F09AC61536EFB90DF68F5132 ] RegSrvc         C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe
11:43:10.0822 2776  RegSrvc ( UnsignedFile.Multi.Generic ) - warning
11:43:10.0823 2776  RegSrvc - detected UnsignedFile.Multi.Generic (1)
11:43:10.0875 2776  [ 7B5E1419717FAC363A31CC302895217A ] RemoteAccess    C:\Windows\System32\mprdim.dll
11:43:10.0936 2776  RemoteAccess - ok
11:43:10.0985 2776  [ CB9A8683F4EF2BF99E123D79950D7935 ] RemoteRegistry  C:\Windows\system32\regsvc.dll
11:43:11.0038 2776  RemoteRegistry - ok
11:43:11.0108 2776  [ CB928D9E6DAF51879DD6BA8D02F01321 ] RFCOMM          C:\Windows\system32\DRIVERS\rfcomm.sys
11:43:11.0156 2776  RFCOMM - ok
11:43:11.0203 2776  [ B39F1BD472E4992382875BAF0B645C6D ] rimmptsk        C:\Windows\system32\DRIVERS\rimmptsk.sys
11:43:11.0252 2776  rimmptsk - ok
11:43:11.0272 2776  [ A4216C71DD4F60B26418CCFD99CD0815 ] rimsptsk        C:\Windows\system32\DRIVERS\rimsptsk.sys
11:43:11.0294 2776  rimsptsk - ok
11:43:11.0327 2776  [ C663AF77E2F4EABF8EB08B388D2F1F36 ] rismxdp         C:\Windows\system32\DRIVERS\rixdptsk.sys
11:43:11.0360 2776  rismxdp - ok
11:43:11.0405 2776  [ 78D072F35BC45D9E4E1B61895C152234 ] RpcEptMapper    C:\Windows\System32\RpcEpMap.dll
11:43:11.0472 2776  RpcEptMapper - ok
11:43:11.0506 2776  [ 94D36C0E44677DD26981D2BFEEF2A29D ] RpcLocator      C:\Windows\system32\locator.exe
11:43:11.0532 2776  RpcLocator - ok
11:43:11.0558 2776  [ 7660F01D3B38ACA1747E397D21D790AF ] RpcSs           C:\Windows\system32\rpcss.dll
11:43:11.0592 2776  RpcSs - ok
11:43:11.0661 2776  [ 032B0D36AD92B582D869879F5AF5B928 ] rspndr          C:\Windows\system32\DRIVERS\rspndr.sys
11:43:11.0733 2776  rspndr - ok
11:43:11.0784 2776  [ 7FA7F2E249A5DCBB7970630E15E1F482 ] s3cap           C:\Windows\system32\drivers\vms3cap.sys
11:43:11.0850 2776  s3cap - ok
11:43:11.0869 2776  [ 81951F51E318AECC2D68559E47485CC4 ] SamSs           C:\Windows\system32\lsass.exe
11:43:11.0885 2776  SamSs - ok
11:43:11.0968 2776  [ 4BFB51CDB25D4D4B9E8FCCAB635F262E ] Samsung Update Plus C:\Program Files\Samsung\Samsung Update Plus\SLUBackgroundService.exe
11:43:12.0006 2776  Samsung Update Plus ( UnsignedFile.Multi.Generic ) - warning
11:43:12.0006 2776  Samsung Update Plus - detected UnsignedFile.Multi.Generic (1)
11:43:12.0059 2776  [ 05D860DA1040F111503AC416CCEF2BCA ] sbp2port        C:\Windows\system32\drivers\sbp2port.sys
11:43:12.0098 2776  sbp2port - ok
11:43:12.0238 2776  [ 794D4B48DFB6E999537C7C3947863463 ] SBSDWSCService  C:\Program Files\Spybot - Search & Destroy\SDWinSec.exe
11:43:12.0288 2776  SBSDWSCService - ok
11:43:12.0344 2776  [ 8FC518FFE9519C2631D37515A68009C4 ] SCardSvr        C:\Windows\System32\SCardSvr.dll
11:43:12.0395 2776  SCardSvr - ok
11:43:12.0414 2776  [ 0693B5EC673E34DC147E195779A4DCF6 ] scfilter        C:\Windows\system32\DRIVERS\scfilter.sys
11:43:12.0459 2776  scfilter - ok
11:43:12.0531 2776  [ A04BB13F8A72F8B6E8B4071723E4E336 ] Schedule        C:\Windows\system32\schedsvc.dll
11:43:12.0615 2776  Schedule - ok
11:43:12.0658 2776  [ 319C6B309773D063541D01DF8AC6F55F ] SCPolicySvc     C:\Windows\System32\certprop.dll
11:43:12.0687 2776  SCPolicySvc - ok
11:43:12.0747 2776  [ 0328BE1C7F1CBA23848179F8762E391C ] sdbus           C:\Windows\system32\drivers\sdbus.sys
11:43:12.0782 2776  sdbus - ok
11:43:12.0825 2776  [ 08236C4BCE5EDD0A0318A438AF28E0F7 ] SDRSVC          C:\Windows\System32\SDRSVC.dll
11:43:12.0901 2776  SDRSVC - ok
11:43:12.0940 2776  [ 90A3935D05B494A5A39D37E71F09A677 ] secdrv          C:\Windows\system32\drivers\secdrv.sys
11:43:12.0990 2776  secdrv - ok
11:43:13.0035 2776  [ A59B3A4442C52060CC7A85293AA3546F ] seclogon        C:\Windows\system32\seclogon.dll
11:43:13.0099 2776  seclogon - ok
11:43:13.0137 2776  [ DCB7FCDCC97F87360F75D77425B81737 ] SENS            C:\Windows\System32\sens.dll
11:43:13.0193 2776  SENS - ok
11:43:13.0266 2776  [ 50087FE1EE447009C9CC2997B90DE53F ] SensrSvc        C:\Windows\system32\sensrsvc.dll
11:43:13.0316 2776  SensrSvc - ok
11:43:13.0361 2776  [ 9AD8B8B515E3DF6ACD4212EF465DE2D1 ] Serenum         C:\Windows\system32\DRIVERS\serenum.sys
11:43:13.0408 2776  Serenum - ok
11:43:13.0425 2776  [ 5FB7FCEA0490D821F26F39CC5EA3D1E2 ] Serial          C:\Windows\system32\DRIVERS\serial.sys
11:43:13.0465 2776  Serial - ok
11:43:13.0527 2776  [ 79BFFB520327FF916A582DFEA17AA813 ] sermouse        C:\Windows\system32\DRIVERS\sermouse.sys
11:43:13.0631 2776  sermouse - ok
11:43:13.0850 2776  [ E90CE237E99C5D26CB3872318A7799D0 ] ServiceLayer    C:\Program Files\PC Connectivity Solution\ServiceLayer.exe
11:43:13.0943 2776  ServiceLayer - ok
11:43:14.0001 2776  [ 4AE380F39A0032EAB7DD953030B26D28 ] SessionEnv      C:\Windows\system32\sessenv.dll
11:43:14.0046 2776  SessionEnv - ok
11:43:14.0096 2776  [ 9F976E1EB233DF46FCE808D9DEA3EB9C ] sffdisk         C:\Windows\system32\DRIVERS\sffdisk.sys
11:43:14.0170 2776  sffdisk - ok
11:43:14.0189 2776  [ 932A68EE27833CFD57C1639D375F2731 ] sffp_mmc        C:\Windows\system32\drivers\sffp_mmc.sys
11:43:14.0234 2776  sffp_mmc - ok
11:43:14.0257 2776  [ 6D4CCAEDC018F1CF52866BBBAA235982 ] sffp_sd         C:\Windows\system32\DRIVERS\sffp_sd.sys
11:43:14.0293 2776  sffp_sd - ok
11:43:14.0325 2776  [ DB96666CC8312EBC45032F30B007A547 ] sfloppy         C:\Windows\system32\DRIVERS\sfloppy.sys
11:43:14.0381 2776  sfloppy - ok
11:43:14.0443 2776  [ D1A079A0DE2EA524513B6930C24527A2 ] SharedAccess    C:\Windows\System32\ipnathlp.dll
11:43:14.0513 2776  SharedAccess - ok
11:43:14.0623 2776  [ 414DA952A35BF5D50192E28263B40577 ] ShellHWDetection C:\Windows\System32\shsvcs.dll
11:43:14.0692 2776  ShellHWDetection - ok
11:43:14.0741 2776  [ 2565CAC0DC9FE0371BDCE60832582B2E ] sisagp          C:\Windows\system32\drivers\sisagp.sys
11:43:14.0776 2776  sisagp - ok
11:43:14.0848 2776  [ A9F0486851BECB6DDA1D89D381E71055 ] SiSRaid2        C:\Windows\system32\DRIVERS\SiSRaid2.sys
11:43:14.0865 2776  SiSRaid2 - ok
11:43:14.0904 2776  [ 3727097B55738E2F554972C3BE5BC1AA ] SiSRaid4        C:\Windows\system32\DRIVERS\sisraid4.sys
11:43:14.0922 2776  SiSRaid4 - ok
11:43:15.0158 2776  [ 753D254205E0A62100A050BD8B458D06 ] Skype C2C Service C:\ProgramData\Skype\Toolbars\Skype C2C Service\c2c_service.exe
11:43:15.0266 2776  Skype C2C Service - ok
11:43:15.0325 2776  [ EA396139541706B4B433641D62EA53CE ] SkypeUpdate     C:\Program Files\Skype\Updater\Updater.exe
11:43:15.0351 2776  SkypeUpdate - ok
11:43:15.0391 2776  [ 3E21C083B8A01CB70BA1F09303010FCE ] Smb             C:\Windows\system32\DRIVERS\smb.sys
11:43:15.0437 2776  Smb - ok
11:43:15.0500 2776  [ 6A984831644ECA1A33FFEAE4126F4F37 ] SNMPTRAP        C:\Windows\System32\snmptrap.exe
11:43:15.0536 2776  SNMPTRAP - ok
11:43:15.0587 2776  [ 95CF1AE7527FB70F7816563CBC09D942 ] spldr           C:\Windows\system32\drivers\spldr.sys
11:43:15.0616 2776  spldr - ok
11:43:15.0663 2776  [ 9AEA093B8F9C37CF45538382CABA2475 ] Spooler         C:\Windows\System32\spoolsv.exe
11:43:15.0698 2776  Spooler - ok
11:43:15.0835 2776  [ CF87A1DE791347E75B98885214CED2B8 ] sppsvc          C:\Windows\system32\sppsvc.exe
11:43:15.0959 2776  sppsvc - ok
11:43:15.0999 2776  [ B0180B20B065D89232A78A40FE56EAA6 ] sppuinotify     C:\Windows\system32\sppuinotify.dll
11:43:16.0077 2776  sppuinotify - ok
11:43:16.0184 2776  [ 7BB297CADA42903328E92425D9761DA6 ] SRTSP           C:\Windows\System32\Drivers\NIS\1308000.00E\SRTSP.SYS
11:43:16.0224 2776  SRTSP - ok
11:43:16.0261 2776  [ 475FCF0F28D845BF1C8ABAC27F19003E ] SRTSPX          C:\Windows\system32\drivers\NIS\1308000.00E\SRTSPX.SYS
11:43:16.0274 2776  SRTSPX - ok
11:43:16.0311 2776  [ E4C2764065D66EA1D2D3EBC28FE99C46 ] srv             C:\Windows\system32\DRIVERS\srv.sys
11:43:16.0385 2776  srv - ok
11:43:16.0418 2776  [ 03F0545BD8D4C77FA0AE1CEEDFCC71AB ] srv2            C:\Windows\system32\DRIVERS\srv2.sys
11:43:16.0467 2776  srv2 - ok
11:43:16.0500 2776  [ BE6BD660CAA6F291AE06A718A4FA8ABC ] srvnet          C:\Windows\system32\DRIVERS\srvnet.sys
11:43:16.0518 2776  srvnet - ok
11:43:16.0576 2776  [ D887C9FD02AC9FA880F6E5027A43E118 ] SSDPSRV         C:\Windows\System32\ssdpsrv.dll
11:43:16.0647 2776  SSDPSRV - ok
11:43:16.0732 2776  [ EF3458337D7341A05169CEFC73709264 ] SSPORT          C:\Windows\system32\Drivers\SSPORT.sys
11:43:16.0751 2776  SSPORT ( UnsignedFile.Multi.Generic ) - warning
11:43:16.0752 2776  SSPORT - detected UnsignedFile.Multi.Generic (1)
11:43:16.0775 2776  [ D318F23BE45D5E3A107469EB64815B50 ] SstpSvc         C:\Windows\system32\sstpsvc.dll
11:43:16.0820 2776  SstpSvc - ok
11:43:16.0859 2776  [ DB32D325C192B801DF274BFD12A7E72B ] stexstor        C:\Windows\system32\DRIVERS\stexstor.sys
11:43:16.0875 2776  stexstor - ok
11:43:16.0944 2776  [ E1FB3706030FB4578A0D72C2FC3689E4 ] StiSvc          C:\Windows\System32\wiaservc.dll
11:43:16.0998 2776  StiSvc - ok
11:43:17.0025 2776  [ 472AF0311073DCECEAA8FA18BA2BDF89 ] storflt         C:\Windows\system32\drivers\vmstorfl.sys
11:43:17.0041 2776  storflt - ok
11:43:17.0092 2776  [ 0BF669F0A910BEDA4A32258D363AF2A5 ] StorSvc         C:\Windows\system32\storsvc.dll
11:43:17.0138 2776  StorSvc - ok
11:43:17.0177 2776  [ DCAFFD62259E0BDB433DD67B5BB37619 ] storvsc         C:\Windows\system32\drivers\storvsc.sys
11:43:17.0200 2776  storvsc - ok
11:43:17.0215 2776  [ E58C78A848ADD9610A4DB6D214AF5224 ] swenum          C:\Windows\system32\drivers\swenum.sys
11:43:17.0231 2776  swenum - ok
11:43:17.0286 2776  [ A28BD92DF340E57B024BA433165D34D7 ] swprv           C:\Windows\System32\swprv.dll
11:43:17.0325 2776  swprv - ok
11:43:17.0376 2776  [ 690FA0E61B90084C4D9A721BD4F3D779 ] SymDS           C:\Windows\system32\drivers\NIS\1308000.00E\SYMDS.SYS
11:43:17.0412 2776  SymDS - ok
11:43:17.0469 2776  [ 8F88EDB211B12537D2DC2A6D73D6067C ] SymEFA          C:\Windows\system32\drivers\NIS\1308000.00E\SYMEFA.SYS
11:43:17.0520 2776  SymEFA - ok
11:43:17.0594 2776  [ 555FB450FE6908600310E990738B41D6 ] SymEvent        C:\Windows\system32\Drivers\SYMEVENT.SYS
11:43:17.0623 2776  SymEvent - ok
11:43:17.0641 2776  [ 2C356CCA706505CF63CBE39D532B9236 ] SymIRON         C:\Windows\system32\drivers\NIS\1308000.00E\Ironx86.SYS
11:43:17.0659 2776  SymIRON - ok
11:43:17.0707 2776  [ 3EE215D6FE821E3EDF0F7134D9AE905A ] SymNetS         C:\Windows\System32\Drivers\NIS\1308000.00E\SYMNETS.SYS
11:43:17.0731 2776  SymNetS - ok
11:43:17.0786 2776  [ 094B872D466C6CC60CBDF12EC6FAEFAF ] SynTP           C:\Windows\system32\DRIVERS\SynTP.sys
11:43:17.0805 2776  SynTP - ok
11:43:17.0886 2776  [ 36650D618CA34C9D357DFD3D89B2C56F ] SysMain         C:\Windows\system32\sysmain.dll
11:43:17.0952 2776  SysMain - ok
11:43:17.0991 2776  [ 763FECDC3D30C815FE72DD57936C6CD1 ] TabletInputService C:\Windows\System32\TabSvc.dll
11:43:18.0013 2776  TabletInputService - ok
11:43:18.0046 2776  [ 98A1E6BC9F766B0B0A5BF00AF847EF20 ] tap0901         C:\Windows\system32\DRIVERS\tap0901.sys
11:43:18.0121 2776  tap0901 - ok
11:43:18.0176 2776  [ 613BF4820361543956909043A265C6AC ] TapiSrv         C:\Windows\System32\tapisrv.dll
11:43:18.0228 2776  TapiSrv - ok
11:43:18.0271 2776  [ 827C8058C284FF0013E4462EFE2591A3 ] tapoas          C:\Windows\system32\DRIVERS\tapoas.sys
11:43:18.0292 2776  tapoas - ok
11:43:18.0345 2776  [ B799D9FDB26111737F58288D8DC172D9 ] TBS             C:\Windows\System32\tbssvc.dll
11:43:18.0420 2776  TBS - ok
11:43:18.0498 2776  [ 7FA2E0F8B072BD04B77B421480B6CC22 ] Tcpip           C:\Windows\system32\drivers\tcpip.sys
11:43:18.0569 2776  Tcpip - ok
11:43:18.0606 2776  [ 7FA2E0F8B072BD04B77B421480B6CC22 ] TCPIP6          C:\Windows\system32\DRIVERS\tcpip.sys
11:43:18.0641 2776  TCPIP6 - ok
11:43:18.0691 2776  [ CCA24162E055C3714CE5A88B100C64ED ] tcpipreg        C:\Windows\system32\drivers\tcpipreg.sys
11:43:18.0745 2776  tcpipreg - ok
11:43:18.0791 2776  [ 1CB91B2BD8F6DD367DFC2EF26FD751B2 ] TDPIPE          C:\Windows\system32\drivers\tdpipe.sys
11:43:18.0858 2776  TDPIPE - ok
11:43:18.0891 2776  [ 2C2C5AFE7EE4F620D69C23C0617651A8 ] TDTCP           C:\Windows\system32\drivers\tdtcp.sys
11:43:18.0908 2776  TDTCP - ok
11:43:18.0946 2776  [ B459575348C20E8121D6039DA063C704 ] tdx             C:\Windows\system32\DRIVERS\tdx.sys
11:43:19.0067 2776  tdx - ok
11:43:19.0097 2776  [ 04DBF4B01EA4BF25A9A3E84AFFAC9B20 ] TermDD          C:\Windows\system32\drivers\termdd.sys
11:43:19.0150 2776  TermDD - ok
11:43:19.0285 2776  [ 382C804C92811BE57829D8E550A900E2 ] TermService     C:\Windows\System32\termsrv.dll
11:43:19.0361 2776  TermService - ok
11:43:19.0391 2776  [ 42FB6AFD6B79D9FE07381609172E7CA4 ] Themes          C:\Windows\system32\themeservice.dll
11:43:19.0412 2776  Themes - ok
11:43:19.0425 2776  [ 146B6F43A673379A3C670E86D89BE5EA ] THREADORDER     C:\Windows\system32\mmcss.dll
11:43:19.0457 2776  THREADORDER - ok
11:43:19.0482 2776  [ 4792C0378DB99A9BC2AE2DE6CFFF0C3A ] TrkWks          C:\Windows\System32\trkwks.dll
11:43:19.0536 2776  TrkWks - ok
11:43:19.0619 2776  [ 2C49B175AEE1D4364B91B531417FE583 ] TrustedInstaller C:\Windows\servicing\TrustedInstaller.exe
11:43:19.0688 2776  TrustedInstaller - ok
11:43:19.0707 2776  [ 254BB140EEE3C59D6114C1A86B636877 ] tssecsrv        C:\Windows\system32\DRIVERS\tssecsrv.sys
11:43:19.0749 2776  tssecsrv - ok
11:43:19.0836 2776  [ FD1D6C73E6333BE727CBCC6054247654 ] TsUsbFlt        C:\Windows\system32\drivers\tsusbflt.sys
11:43:19.0904 2776  TsUsbFlt - ok
11:43:19.0981 2776  [ B2FA25D9B17A68BB93D58B0556E8C90D ] tunnel          C:\Windows\system32\DRIVERS\tunnel.sys
11:43:20.0052 2776  tunnel - ok
11:43:20.0087 2776  [ 750FBCB269F4D7DD2E420C56B795DB6D ] uagp35          C:\Windows\system32\DRIVERS\uagp35.sys
11:43:20.0103 2776  uagp35 - ok
11:43:20.0152 2776  [ EE43346C7E4B5E63E54F927BABBB32FF ] udfs            C:\Windows\system32\DRIVERS\udfs.sys
11:43:20.0220 2776  udfs - ok
11:43:20.0272 2776  [ 8344FD4FCE927880AA1AA7681D4927E5 ] UI0Detect       C:\Windows\system32\UI0Detect.exe
11:43:20.0322 2776  UI0Detect - ok
11:43:20.0352 2776  [ 44E8048ACE47BEFBFDC2E9BE4CBC8880 ] uliagpkx        C:\Windows\system32\drivers\uliagpkx.sys
11:43:20.0369 2776  uliagpkx - ok
11:43:20.0428 2776  [ D295BED4B898F0FD999FCFA9B32B071B ] umbus           C:\Windows\system32\DRIVERS\umbus.sys
11:43:20.0458 2776  umbus - ok
11:43:20.0515 2776  [ 7550AD0C6998BA1CB4843E920EE0FEAC ] UmPass          C:\Windows\system32\DRIVERS\umpass.sys
11:43:20.0560 2776  UmPass - ok
11:43:20.0614 2776  [ 409994A8EACEEE4E328749C0353527A0 ] UmRdpService    C:\Windows\System32\umrdp.dll
11:43:20.0660 2776  UmRdpService - ok
11:43:20.0715 2776  [ 833FBB672460EFCE8011D262175FAD33 ] upnphost        C:\Windows\System32\upnphost.dll
11:43:20.0772 2776  upnphost - ok
11:43:20.0832 2776  [ 47F5F9D837D80FFD5882A14DB9DA0A67 ] upperdev        C:\Windows\system32\DRIVERS\usbser_lowerflt.sys
11:43:20.0863 2776  upperdev - ok
11:43:20.0886 2776  [ BD9C55D7023C5DE374507ACC7A14E2AC ] usbccgp         C:\Windows\system32\DRIVERS\usbccgp.sys
11:43:20.0950 2776  usbccgp - ok
11:43:21.0003 2776  [ 04EC7CEC62EC3B6D9354EEE93327FC82 ] usbcir          C:\Windows\system32\drivers\usbcir.sys
11:43:21.0047 2776  usbcir - ok
11:43:21.0076 2776  [ F92DE757E4B7CE9C07C5E65423F3AE3B ] usbehci         C:\Windows\system32\drivers\usbehci.sys
11:43:21.0092 2776  usbehci - ok
11:43:21.0133 2776  [ 8DC94AEC6A7E644A06135AE7506DC2E9 ] usbhub          C:\Windows\system32\DRIVERS\usbhub.sys
11:43:21.0192 2776  usbhub - ok
11:43:21.0212 2776  [ E185D44FAC515A18D9DEDDC23C2CDF44 ] usbohci         C:\Windows\system32\drivers\usbohci.sys
11:43:21.0247 2776  usbohci - ok
11:43:21.0299 2776  [ 797D862FE0875E75C7CC4C1AD7B30252 ] usbprint        C:\Windows\system32\DRIVERS\usbprint.sys
11:43:21.0322 2776  usbprint - ok
11:43:21.0362 2776  [ 576096CCBC07E7C4EA4F5E6686D6888F ] usbscan         C:\Windows\system32\DRIVERS\usbscan.sys
11:43:21.0380 2776  usbscan - ok
11:43:21.0430 2776  [ 31181DE6190B39FC8007DFFD1A48FFD6 ] usbser          C:\Windows\system32\drivers\usbser.sys
11:43:21.0484 2776  usbser - ok
11:43:21.0498 2776  [ E44F0D17BE0908B58DCC99CCB99C6C32 ] UsbserFilt      C:\Windows\system32\DRIVERS\usbser_lowerfltj.sys
11:43:21.0542 2776  UsbserFilt - ok
11:43:21.0570 2776  [ F991AB9CC6B908DB552166768176896A ] USBSTOR         C:\Windows\system32\DRIVERS\USBSTOR.SYS
11:43:21.0640 2776  USBSTOR - ok
11:43:21.0674 2776  [ 68DF884CF41CDADA664BEB01DAF67E3D ] usbuhci         C:\Windows\system32\drivers\usbuhci.sys
11:43:21.0693 2776  usbuhci - ok
11:43:21.0762 2776  [ 45F4E7BF43DB40A6C6B4D92C76CBC3F2 ] usbvideo        C:\Windows\System32\Drivers\usbvideo.sys
11:43:21.0804 2776  usbvideo - ok
11:43:21.0853 2776  [ D82F43D15FDAA666856C0190CB73E7C9 ] usb_rndisx      C:\Windows\system32\DRIVERS\usb8023x.sys
11:43:21.0871 2776  usb_rndisx - ok
11:43:21.0912 2776  [ 081E6E1C91AEC36758902A9F727CD23C ] UxSms           C:\Windows\System32\uxsms.dll
11:43:21.0974 2776  UxSms - ok
11:43:21.0998 2776  [ 81951F51E318AECC2D68559E47485CC4 ] VaultSvc        C:\Windows\system32\lsass.exe
11:43:22.0014 2776  VaultSvc - ok
11:43:22.0059 2776  [ A059C4C3EDB09E07D21A8E5C0AABD3CB ] vdrvroot        C:\Windows\system32\drivers\vdrvroot.sys
11:43:22.0092 2776  vdrvroot - ok
11:43:22.0152 2776  [ C3CD30495687C2A2F66A65CA6FD89BE9 ] vds             C:\Windows\System32\vds.exe
11:43:22.0204 2776  vds - ok
11:43:22.0269 2776  [ 17C408214EA61696CEC9C66E388B14F3 ] vga             C:\Windows\system32\DRIVERS\vgapnp.sys
11:43:22.0304 2776  vga - ok
11:43:22.0335 2776  [ 8E38096AD5C8570A6F1570A61E251561 ] VgaSave         C:\Windows\System32\drivers\vga.sys
11:43:22.0366 2776  VgaSave - ok
11:43:22.0405 2776  [ 5461686CCA2FDA57B024547733AB42E3 ] vhdmp           C:\Windows\system32\drivers\vhdmp.sys
11:43:22.0425 2776  vhdmp - ok
11:43:22.0465 2776  [ C829317A37B4BEA8F39735D4B076E923 ] viaagp          C:\Windows\system32\drivers\viaagp.sys
11:43:22.0481 2776  viaagp - ok
11:43:22.0501 2776  [ E02F079A6AA107F06B16549C6E5C7B74 ] ViaC7           C:\Windows\system32\DRIVERS\viac7.sys
11:43:22.0532 2776  ViaC7 - ok
11:43:22.0569 2776  [ E43574F6A56A0EE11809B48C09E4FD3C ] viaide          C:\Windows\system32\drivers\viaide.sys
11:43:22.0601 2776  viaide - ok
11:43:22.0650 2776  [ C2F2911156FDC7817C52829C86DA494E ] vmbus           C:\Windows\system32\drivers\vmbus.sys
11:43:22.0670 2776  vmbus - ok
11:43:22.0692 2776  [ D4D77455211E204F370D08F4963063CE ] VMBusHID        C:\Windows\system32\drivers\VMBusHID.sys
11:43:22.0719 2776  VMBusHID - ok
11:43:22.0809 2776  [ 86721C65A2010A9E34E3DC59DA0183CF ] VMC302          C:\Windows\system32\Drivers\VMC302.sys
11:43:22.0857 2776  VMC302 - ok
11:43:22.0884 2776  [ 4C63E00F2F4B5F86AB48A58CD990F212 ] volmgr          C:\Windows\system32\drivers\volmgr.sys
11:43:22.0935 2776  volmgr - ok
11:43:22.0983 2776  [ B5BB72067DDDDBBFB04B2F89FF8C3C87 ] volmgrx         C:\Windows\system32\drivers\volmgrx.sys
11:43:23.0023 2776  volmgrx - ok
11:43:23.0041 2776  [ F497F67932C6FA693D7DE2780631CFE7 ] volsnap         C:\Windows\system32\drivers\volsnap.sys
11:43:23.0063 2776  volsnap - ok
11:43:23.0100 2776  [ 9DFA0CC2F8855A04816729651175B631 ] vsmraid         C:\Windows\system32\DRIVERS\vsmraid.sys
11:43:23.0119 2776  vsmraid - ok
11:43:23.0211 2776  [ 209A3B1901B83AEB8527ED211CCE9E4C ] VSS             C:\Windows\system32\vssvc.exe
11:43:23.0290 2776  VSS - ok
11:43:23.0313 2776  [ 90567B1E658001E79D7C8BBD3DDE5AA6 ] vwifibus        C:\Windows\System32\drivers\vwifibus.sys
11:43:23.0341 2776  vwifibus - ok
11:43:23.0423 2776  [ 55187FD710E27D5095D10A472C8BAF1C ] W32Time         C:\Windows\system32\w32time.dll
11:43:23.0502 2776  W32Time - ok
11:43:23.0555 2776  [ DE3721E89C653AA281428C8A69745D90 ] WacomPen        C:\Windows\system32\DRIVERS\wacompen.sys
11:43:23.0605 2776  WacomPen - ok
11:43:23.0660 2776  [ 3C3C78515F5AB448B022BDF5B8FFDD2E ] WANARP          C:\Windows\system32\DRIVERS\wanarp.sys
11:43:23.0704 2776  WANARP - ok
11:43:23.0708 2776  [ 3C3C78515F5AB448B022BDF5B8FFDD2E ] Wanarpv6        C:\Windows\system32\DRIVERS\wanarp.sys
11:43:23.0737 2776  Wanarpv6 - ok
11:43:23.0840 2776  [ 353A04C273EC58475D8633E75CCD5604 ] WatAdminSvc     C:\Windows\system32\Wat\WatAdminSvc.exe
11:43:23.0895 2776  WatAdminSvc - ok
11:43:23.0981 2776  [ 691E3285E53DCA558E1A84667F13E15A ] wbengine        C:\Windows\system32\wbengine.exe
11:43:24.0055 2776  wbengine - ok
11:43:24.0106 2776  [ 9614B5D29DC76AC3C29F6D2D3AA70E67 ] WbioSrvc        C:\Windows\System32\wbiosrvc.dll
11:43:24.0150 2776  WbioSrvc - ok
11:43:24.0199 2776  [ 34EEE0DFAADB4F691D6D5308A51315DC ] wcncsvc         C:\Windows\System32\wcncsvc.dll
11:43:24.0262 2776  wcncsvc - ok
11:43:24.0285 2776  [ 5D930B6357A6D2AF4D7653BDABBF352F ] WcsPlugInService C:\Windows\System32\WcsPlugInService.dll
11:43:24.0404 2776  WcsPlugInService - ok
11:43:24.0455 2776  [ 1112A9BADACB47B7C0BB0392E3158DFF ] Wd              C:\Windows\system32\DRIVERS\wd.sys
11:43:24.0481 2776  Wd - ok
11:43:24.0516 2776  [ 9950E3D0F08141C7E89E64456AE7DC73 ] Wdf01000        C:\Windows\system32\drivers\Wdf01000.sys
11:43:24.0543 2776  Wdf01000 - ok
11:43:24.0591 2776  [ 46EF9DC96265FD0B423DB72E7C38C2A5 ] WdiServiceHost  C:\Windows\system32\wdi.dll
11:43:24.0678 2776  WdiServiceHost - ok
11:43:24.0684 2776  [ 46EF9DC96265FD0B423DB72E7C38C2A5 ] WdiSystemHost   C:\Windows\system32\wdi.dll
11:43:24.0704 2776  WdiSystemHost - ok
11:43:24.0750 2776  [ A9D880F97530D5B8FEE278923349929D ] WebClient       C:\Windows\System32\webclnt.dll
11:43:24.0775 2776  WebClient - ok
11:43:24.0803 2776  [ 760F0AFE937A77CFF27153206534F275 ] Wecsvc          C:\Windows\system32\wecsvc.dll
11:43:24.0840 2776  Wecsvc - ok
11:43:24.0856 2776  [ AC804569BB2364FB6017370258A4091B ] wercplsupport   C:\Windows\System32\wercplsupport.dll
11:43:24.0900 2776  wercplsupport - ok
11:43:24.0941 2776  [ 08E420D873E4FD85241EE2421B02C4A4 ] WerSvc          C:\Windows\System32\WerSvc.dll
11:43:25.0008 2776  WerSvc - ok
11:43:25.0032 2776  [ 8B9A943F3B53861F2BFAF6C186168F79 ] WfpLwf          C:\Windows\system32\DRIVERS\wfplwf.sys
11:43:25.0063 2776  WfpLwf - ok
11:43:25.0086 2776  [ 5CF95B35E59E2A38023836FFF31BE64C ] WIMMount        C:\Windows\system32\drivers\wimmount.sys
11:43:25.0102 2776  WIMMount - ok
11:43:25.0187 2776  [ 3FAE8F94296001C32EAB62CD7D82E0FD ] WinDefend       C:\Program Files\Windows Defender\mpsvc.dll
11:43:25.0248 2776  WinDefend - ok
11:43:25.0255 2776  WinHttpAutoProxySvc - ok
11:43:25.0372 2776  [ F62E510B6AD4C21EB9FE8668ED251826 ] Winmgmt         C:\Windows\system32\wbem\WMIsvc.dll
11:43:25.0423 2776  Winmgmt - ok
11:43:25.0506 2776  [ 1B91CD34EA3A90AB6A4EF0550174F4CC ] WinRM           C:\Windows\system32\WsmSvc.dll
11:43:25.0582 2776  WinRM - ok
11:43:25.0624 2776  [ A67E5F9A400F3BD1BE3D80613B45F708 ] WinUsb          C:\Windows\system32\DRIVERS\WinUsb.sys
11:43:25.0670 2776  WinUsb - ok
11:43:25.0740 2776  [ 16935C98FF639D185086A3529B1F2067 ] Wlansvc         C:\Windows\System32\wlansvc.dll
11:43:25.0813 2776  Wlansvc - ok
11:43:25.0948 2776  [ 0A70F4022EC2E14C159EFC4F69AA2477 ] wlidsvc         C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
11:43:26.0015 2776  wlidsvc - ok
11:43:26.0069 2776  [ 0217679B8FCA58714C3BF2726D2CA84E ] WmiAcpi         C:\Windows\system32\drivers\wmiacpi.sys
11:43:26.0098 2776  WmiAcpi - ok
11:43:26.0155 2776  [ 6EB6B66517B048D87DC1856DDF1F4C3F ] wmiApSrv        C:\Windows\system32\wbem\WmiApSrv.exe
11:43:26.0197 2776  wmiApSrv - ok
11:43:26.0344 2776  [ 3B40D3A61AA8C21B88AE57C58AB3122E ] WMPNetworkSvc   C:\Program Files\Windows Media Player\wmpnetwk.exe
11:43:26.0417 2776  WMPNetworkSvc - ok
11:43:26.0466 2776  [ A2F0EC770A92F2B3F9DE6D518E11409C ] WPCSvc          C:\Windows\System32\wpcsvc.dll
11:43:26.0515 2776  WPCSvc - ok
11:43:26.0561 2776  [ AA53356D60AF47EACC85BC617A4F3F66 ] WPDBusEnum      C:\Windows\system32\wpdbusenum.dll
11:43:26.0652 2776  WPDBusEnum - ok
11:43:26.0695 2776  [ 6DB3276587B853BF886B69528FDB048C ] ws2ifsl         C:\Windows\system32\drivers\ws2ifsl.sys
11:43:26.0770 2776  ws2ifsl - ok
11:43:26.0777 2776  [ 6F5D49EFE0E7164E03AE773A3FE25340 ] wscsvc          C:\Windows\System32\wscsvc.dll
11:43:26.0817 2776  wscsvc - ok
11:43:26.0867 2776  [ 553F6CCD7C58EB98D4A8FBDAF283D7A9 ] WSDPrintDevice  C:\Windows\system32\DRIVERS\WSDPrint.sys
11:43:26.0920 2776  WSDPrintDevice - ok
11:43:26.0950 2776  [ 7DC0270CFD4A05B4112E3EBBF083B595 ] WSDScan         C:\Windows\system32\DRIVERS\WSDScan.sys
11:43:26.0968 2776  WSDScan - ok
11:43:26.0972 2776  WSearch - ok
11:43:27.0076 2776  [ FC3EC24FCE372C89423E015A2AC1A31E ] wuauserv        C:\Windows\system32\wuaueng.dll
11:43:27.0155 2776  wuauserv - ok
11:43:27.0202 2776  [ E714A1C0354636837E20CCBF00888EE7 ] WudfPf          C:\Windows\system32\drivers\WudfPf.sys
11:43:27.0233 2776  WudfPf - ok
11:43:27.0272 2776  [ 1023EE888C9B47178C5293ED5336AB69 ] WUDFRd          C:\Windows\system32\DRIVERS\WUDFRd.sys
11:43:27.0322 2776  WUDFRd - ok
11:43:27.0353 2776  [ 8D1E1E529A2C9E9B6A85B55A345F7629 ] wudfsvc         C:\Windows\System32\WUDFSvc.dll
11:43:27.0385 2776  wudfsvc - ok
11:43:27.0431 2776  [ FF2D745B560F7C71B31F30F4D49F73D2 ] WwanSvc         C:\Windows\System32\wwansvc.dll
11:43:27.0489 2776  WwanSvc - ok
11:43:27.0570 2776  [ 30B73EB97218A16CBC6DE535782A1B35 ] yukonw7         C:\Windows\system32\DRIVERS\yk62x86.sys
11:43:27.0627 2776  yukonw7 - ok
11:43:27.0687 2776  [ 69222091B6285906AFF82E43681CF826 ] yukonwlh        C:\Windows\system32\DRIVERS\yk60x86.sys
11:43:27.0737 2776  yukonwlh - ok
11:43:27.0784 2776  ================ Scan global ===============================
11:43:27.0835 2776  [ DAB748AE0439955ED2FA22357533DDDB ] C:\Windows\system32\basesrv.dll
11:43:27.0889 2776  [ 183B4188D5D91B271613EC3EFD1B3CEF ] C:\Windows\system32\winsrv.dll
11:43:27.0904 2776  [ 183B4188D5D91B271613EC3EFD1B3CEF ] C:\Windows\system32\winsrv.dll
11:43:27.0947 2776  [ 364455805E64882844EE9ACB72522830 ] C:\Windows\system32\sxssrv.dll
11:43:28.0002 2776  [ 5F1B6A9C35D3D5CA72D6D6FDEF9747D6 ] C:\Windows\system32\services.exe
11:43:28.0012 2776  [Global] - ok
11:43:28.0013 2776  ================ Scan MBR ==================================
11:43:28.0033 2776  [ C31400769DEFC61154F08815BCB5E020 ] \Device\Harddisk0\DR0
11:43:28.0549 2776  \Device\Harddisk0\DR0 - ok
11:43:28.0550 2776  ================ Scan VBR ==================================
11:43:28.0557 2776  [ 465710F0D7AF1AB834D757B28275C005 ] \Device\Harddisk0\DR0\Partition1
11:43:28.0561 2776  \Device\Harddisk0\DR0\Partition1 - ok
11:43:28.0588 2776  [ DB4DED86AA6E4EA9F8F2A5F9D13F6010 ] \Device\Harddisk0\DR0\Partition2
11:43:28.0590 2776  \Device\Harddisk0\DR0\Partition2 - ok
11:43:28.0593 2776  ============================================================
11:43:28.0593 2776  Scan finished
11:43:28.0593 2776  ============================================================
11:43:28.0606 4492  Detected object count: 11
11:43:28.0606 4492  Actual detected object count: 11
11:44:02.0989 4492  CPUCooLServer ( UnsignedFile.Multi.Generic ) - skipped by user
11:44:02.0989 4492  CPUCooLServer ( UnsignedFile.Multi.Generic ) - User select action: Skip 
11:44:02.0990 4492  DgiVecp ( UnsignedFile.Multi.Generic ) - skipped by user
11:44:02.0990 4492  DgiVecp ( UnsignedFile.Multi.Generic ) - User select action: Skip 
11:44:02.0990 4492  DiskSec ( UnsignedFile.Multi.Generic ) - skipped by user
11:44:02.0990 4492  DiskSec ( UnsignedFile.Multi.Generic ) - User select action: Skip 
11:44:02.0991 4492  DOSMEMIO ( UnsignedFile.Multi.Generic ) - skipped by user
11:44:02.0991 4492  DOSMEMIO ( UnsignedFile.Multi.Generic ) - User select action: Skip 
11:44:02.0994 4492  EvtEng ( UnsignedFile.Multi.Generic ) - skipped by user
11:44:02.0994 4492  EvtEng ( UnsignedFile.Multi.Generic ) - User select action: Skip 
11:44:02.0996 4492  IDriverT ( UnsignedFile.Multi.Generic ) - skipped by user
11:44:02.0996 4492  IDriverT ( UnsignedFile.Multi.Generic ) - User select action: Skip 
11:44:02.0997 4492  Net Driver HPZ12 ( UnsignedFile.Multi.Generic ) - skipped by user
11:44:02.0997 4492  Net Driver HPZ12 ( UnsignedFile.Multi.Generic ) - User select action: Skip 
11:44:02.0998 4492  Pml Driver HPZ12 ( UnsignedFile.Multi.Generic ) - skipped by user
11:44:02.0998 4492  Pml Driver HPZ12 ( UnsignedFile.Multi.Generic ) - User select action: Skip 
11:44:03.0000 4492  RegSrvc ( UnsignedFile.Multi.Generic ) - skipped by user
11:44:03.0000 4492  RegSrvc ( UnsignedFile.Multi.Generic ) - User select action: Skip 
11:44:03.0002 4492  Samsung Update Plus ( UnsignedFile.Multi.Generic ) - skipped by user
11:44:03.0002 4492  Samsung Update Plus ( UnsignedFile.Multi.Generic ) - User select action: Skip 
11:44:03.0006 4492  SSPORT ( UnsignedFile.Multi.Generic ) - skipped by user
11:44:03.0006 4492  SSPORT ( UnsignedFile.Multi.Generic ) - User select action: Skip

cosinus · 11.09.2012, 15:46

Dann bitte jetzt CF ausführen:

ComboFix

Ein Leitfaden und Tutorium zur Nutzung von ComboFix

Lade dir ComboFix hier herunter auf deinen Desktop.

Schliesse alle Programme, vor allem dein Antivirenprogramm und andere Hintergrundwächter sowie deinen Internetbrowser.

Starte combofix.exe von deinem Desktop aus, bestätige die Warnmeldungen, führe die Updates durch (falls vorgeschlagen), installiere die Wiederherstellungskonsole (falls vorgeschlagen) und lass dein System durchsuchen.
Vermeide es auch während Combofix läuft die Maus und Tastatur zu benutzen.

Im Anschluss öffnet sich automatisch eine combofix.txt, diesen Inhalt bitte kopieren ([Strg]a, [Strg]c) und in deinen Beitrag einfügen ([Strg]v). Die Datei findest du außerdem unter: C:\ComboFix.txt.

Wichtiger Hinweis:

Combofix darf ausschließlich ausgeführt werden, wenn ein Kompetenzler dies ausdrücklich empfohlen hat!

Es sollte nie auf eigene Initiative hin ausgeführt werden! Eine falsche Benutzung kann ernsthafte Computerprobleme nach sich ziehen und eine Bereinigung der Infektion noch erschweren.

Solltest du nach der Ausführung von Combofix Probleme beim Starten von Anwendungen haben und Meldungen erhalten wie

Zitat:

Es wurde versucht, einen Registrierungsschlüssel einem ungültigen Vorgang zu unterziehen, der zum Löschen markiert wurde.

startest du Windows dann manuell neu und die Fehlermeldungen sollten nicht mehr auftauchen.

puntaara · 12.09.2012, 03:17

Hier das ComboFix-Log:

Code:

ATTFilter

ComboFix 12-09-11.02 - *** 12.09.2012  11:45:52.1.2 - x86
Microsoft Windows 7 Professional   6.1.7601.1.1252.49.1031.18.2046.1181 [GMT 10:00]
ausgeführt von:: c:\users\***\Desktop\ComboFix.exe
AV: Norton Internet Security Online *Disabled/Updated* {63DF5164-9100-186D-2187-8DC619EFD8BF}
FW: Norton Internet Security Online *Disabled* {5BE4D041-DB6F-1935-0AD8-24F3E73C9FC4}
SP: Norton Internet Security Online *Enabled/Updated* {D8BEB080-B73A-17E3-1B37-B6B462689202}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
.
((((((((((((((((((((((((((((((((((((   Weitere Löschungen   ))))))))))))))))))))))))))))))))))))))))))))))))
.
.
C:\install.exe
c:\programdata\Roaming
c:\programdata\Roaming\Intel\Wireless\Settings\Settings.ini
c:\users\***\4.0
c:\windows\TEMP\jna3415689090984947409.dll
c:\windows\TEMP\jna738982221704005020.dll
.
.
(((((((((((((((((((((((   Dateien erstellt von 2012-08-12 bis 2012-09-12  ))))))))))))))))))))))))))))))
.
.
2012-09-12 01:57 . 2012-09-12 01:57	--------	d-----w-	c:\users\Default\AppData\Local\temp
2012-09-10 13:22 . 2012-09-10 13:22	--------	d-----w-	c:\program files\QuickTime
2012-09-09 22:39 . 2012-09-09 22:40	--------	d-----w-	c:\users\***\AppData\Roaming\hdbADS
2012-09-09 13:53 . 2012-09-09 23:21	--------	d-----w-	c:\program files\phase5
2012-09-09 13:52 . 2012-09-09 13:52	--------	d-----w-	c:\users\***\AppData\Roaming\Systemberatung Schommer
2012-09-09 03:17 . 2012-09-09 03:17	--------	d-----w-	C:\_OTL
2012-08-31 10:40 . 2012-08-31 10:40	--------	d-----w-	c:\program files\ESET
2012-08-30 09:06 . 2012-08-30 09:06	--------	d-----w-	c:\users\***\AppData\Roaming\Nokia Suite
2012-08-30 08:22 . 2012-06-27 05:18	19072	----a-w-	c:\windows\system32\drivers\pccsmcfd.sys
2012-08-30 08:22 . 2012-08-30 08:22	--------	d-----w-	c:\program files\PC Connectivity Solution
2012-08-28 01:04 . 2012-08-28 01:04	--------	d-----w-	c:\program files\Malwarebytes' Anti-Malware
2012-08-28 01:04 . 2012-07-03 03:46	22344	----a-w-	c:\windows\system32\drivers\mbam.sys
2012-08-24 00:47 . 2012-08-24 00:47	--------	d-----w-	c:\program files\Microsoft Analysis Services
2012-08-23 00:19 . 2012-05-15 09:28	2561344	----a-w-	c:\windows\system32\nvsvcr.dll
2012-08-23 00:19 . 2012-05-15 09:28	645440	----a-w-	c:\windows\system32\nvvsvc.exe
2012-08-23 00:19 . 2012-05-15 09:28	62272	----a-w-	c:\windows\system32\nvshext.dll
2012-08-23 00:19 . 2012-05-15 09:28	108352	----a-w-	c:\windows\system32\nvmctray.dll
2012-08-23 00:19 . 2012-05-15 09:28	3931456	----a-w-	c:\windows\system32\nvcpl.dll
2012-08-23 00:19 . 2012-05-15 09:27	2759488	----a-w-	c:\windows\system32\nvsvc.dll
2012-08-23 00:18 . 2012-05-15 10:26	61248	----a-w-	c:\windows\system32\OpenCL.dll
2012-08-23 00:18 . 2012-08-23 00:18	--------	d-----w-	c:\programdata\NVIDIA Corporation
2012-08-22 23:39 . 2012-05-15 10:26	883008	----a-w-	c:\windows\system32\nvgenco32.dll
2012-08-22 23:39 . 2012-05-15 10:26	8105280	----a-w-	c:\windows\system32\nvwgf2um.dll
2012-08-22 23:39 . 2012-05-15 10:26	5982528	----a-w-	c:\windows\system32\nvcuda.dll
2012-08-22 23:39 . 2012-05-15 10:26	2524992	----a-w-	c:\windows\system32\nvcuvid.dll
2012-08-22 23:39 . 2012-05-15 10:26	2445120	----a-w-	c:\windows\system32\nvcuvenc.dll
2012-08-22 23:39 . 2012-05-15 10:26	2368832	----a-w-	c:\windows\system32\nvapi.dll
2012-08-22 23:39 . 2012-05-15 10:26	19607872	----a-w-	c:\windows\system32\nvoglv32.dll
2012-08-22 23:39 . 2012-05-15 10:26	17551680	----a-w-	c:\windows\system32\nvcompiler.dll
2012-08-22 23:39 . 2012-05-15 10:26	15322432	----a-w-	c:\windows\system32\nvd3dum.dll
2012-08-22 23:39 . 2012-05-15 10:26	11354944	----a-w-	c:\windows\system32\drivers\nvlddmkm.sys
2012-08-22 23:39 . 2012-05-15 10:26	1000768	----a-w-	c:\windows\system32\nvdispco32.dll
2012-08-15 16:51 . 2012-08-15 16:51	--------	d-----w-	c:\users\***\AppData\Local\e-academy Inc
2012-08-15 16:51 . 2012-08-15 16:51	--------	d-----w-	c:\users\***\AppData\Roaming\e-academy Inc
2012-08-15 00:56 . 2012-08-15 19:07	--------	d-----w-	c:\windows\system32\drivers\NIS\1308000.00E
2012-08-15 00:22 . 2012-07-06 19:23	393728	----a-w-	c:\windows\system32\drivers\bthport.sys
2012-08-15 00:17 . 2012-02-11 05:37	317440	----a-w-	c:\windows\system32\spoolsv.exe
2012-08-15 00:17 . 2012-05-05 07:46	400896	----a-w-	c:\windows\system32\srcore.dll
2012-08-15 00:17 . 2012-07-04 21:14	41984	----a-w-	c:\windows\system32\browcli.dll
2012-08-15 00:17 . 2012-07-04 21:14	102912	----a-w-	c:\windows\system32\browser.dll
2012-08-15 00:16 . 2012-05-14 04:33	769024	----a-w-	c:\windows\system32\localspl.dll
.
.
.
((((((((((((((((((((((((((((((((((((   Find3M Bericht   ))))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2012-08-26 22:15 . 2012-04-05 01:32	696520	----a-w-	c:\windows\system32\FlashPlayerApp.exe
2012-08-26 22:15 . 2011-05-15 09:53	73416	----a-w-	c:\windows\system32\FlashPlayerCPLApp.cpl
2012-07-18 17:47 . 2012-08-15 00:17	2345984	----a-w-	c:\windows\system32\win32k.sys
2012-07-05 12:06 . 2012-08-12 15:38	772544	----a-w-	c:\windows\system32\npDeployJava1.dll
2012-07-05 12:06 . 2010-12-01 11:22	687544	----a-w-	c:\windows\system32\deployJava1.dll
2012-06-29 22:46 . 2012-08-09 12:02	81920	----a-w-	c:\windows\system32\pdfcmon.dll
2012-06-29 00:09 . 2012-08-15 00:21	1129472	----a-w-	c:\windows\system32\wininet.dll
2012-09-09 00:12 . 2012-09-09 00:12	266720	----a-w-	c:\program files\mozilla firefox\components\browsercomps.dll
.
.
((((((((((((((((((((((((((((   Autostartpunkte der Registrierung   ))))))))))))))))))))))))))))))))))))))))
.
.
*Hinweis* leere Einträge & legitime Standardeinträge werden nicht angezeigt. 
REGEDIT4
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"NokiaSuite.exe"="c:\program files\Nokia\Nokia Suite\NokiaSuite.exe" [2012-08-03 1086376]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"APSDaemon"="c:\program files\Common Files\Apple\Apple Application Support\APSDaemon.exe" [2011-11-01 59240]
"Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2012-07-27 919008]
"RTHDVCPL"="c:\program files\Realtek\Audio\HDA\RtHDVCpl.exe" [2011-12-13 11487848]
"MagicKeyboard"="c:\program files\SAMSUNG\MagicKBD\PreMKBD.exe" [2006-05-14 151552]
"Malwarebytes' Anti-Malware"="c:\program files\Malwarebytes' Anti-Malware\mbamgui.exe" [2012-07-03 462920]
.
c:\users\***\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
OneNote 2007 Bildschirmausschnitt- und Startprogramm.lnk - c:\program files\Microsoft Office\Office12\ONENOTEM.EXE [2009-2-27 97680]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 5 (0x5)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableUIADesktopToggle"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]
Security Packages	REG_MULTI_SZ   	kerberos msv1_0 schannel wdigest tspkg pku2u livessp
.
[HKLM\~\startupfolder\C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^BTTray.lnk]
path=c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\BTTray.lnk
backup=c:\windows\pss\BTTray.lnk.CommonStartup
backupExtension=.CommonStartup
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NokiaMServer]
c:\program files\Common Files\Nokia\MPlatform\NokiaMServer [X]
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe Reader Speed Launcher]
2012-07-27 20:51	35768	----a-w-	c:\program files\Adobe\Reader 10.0\Reader\reader_sl.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\CanonMyPrinter]
2010-07-25 16:08	2569616	----a-w-	c:\program files\Canon\MyPrinter\BJMYPRT.EXE
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\IJNetworkScanUtility]
2010-08-22 23:11	206240	----a-w-	c:\program files\Canon\Canon IJ Network Scan Utility\CNMNSUT.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Malwarebytes' Anti-Malware]
2012-07-03 03:46	462920	----a-w-	c:\program files\Malwarebytes' Anti-Malware\mbamgui.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Malwarebytes' Anti-Malware (reboot)]
2012-07-03 03:46	973488	----a-w-	c:\program files\Malwarebytes' Anti-Malware\mbam.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\msnmsgr]
2010-11-10 00:54	4240760	----a-w-	c:\program files\Windows Live\Messenger\msnmsgr.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\PDFPrint]
2011-08-05 11:01	220552	----a-w-	c:\program files\PDF24\pdf24.exe
.
R2 SkypeUpdate;Skype Updater;c:\program files\Skype\Updater\Updater.exe [x]
R3 ADDMEM;ADDMEM;c:\users\***\AppData\Local\Temp\__Samsung_Update\ADDMEM.SYS [x]
R3 CGVPNCliSrvc;CyberGhost VPN Client;c:\program files\CyberGhost VPN\CGVPNCliService.exe [x]
R3 ewusbnet;HUAWEI USB-NDIS miniport;c:\windows\system32\DRIVERS\ewusbnet.sys [x]
R3 hwusbdev;Huawei DataCard USB PNP Device;c:\windows\system32\DRIVERS\ewusbdev.sys [x]
R3 MozillaMaintenance;Mozilla Maintenance Service;c:\program files\Mozilla Maintenance Service\maintenanceservice.exe [x]
R3 netw5v32;Intel(R) Wireless WiFi Link 5000-Serie - Adaptertreiber für Windows Vista 32 Bit;c:\windows\system32\DRIVERS\netw5v32.sys [x]
R3 nmwcdnsu;Nokia USB Flashing Phone Parent;c:\windows\system32\drivers\nmwcdnsu.sys [x]
R3 nmwcdnsuc;Nokia USB Flashing Generic;c:\windows\system32\drivers\nmwcdnsuc.sys [x]
R3 osppsvc;Office Software Protection Platform;c:\program files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE [x]
R3 tapoas;TAP-Win32 Adapter OAS;c:\windows\system32\DRIVERS\tapoas.sys [x]
R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys [x]
R3 WatAdminSvc;Windows-Aktivierungstechnologieservice;c:\windows\system32\Wat\WatAdminSvc.exe [x]
S0 DiskSec;Magix Volume Filter Driver; [x]
S0 SymDS;Symantec Data Store;c:\windows\system32\drivers\NIS\1308000.00E\SYMDS.SYS [x]
S0 SymEFA;Symantec Extended File Attributes;c:\windows\system32\drivers\NIS\1308000.00E\SYMEFA.SYS [x]
S1 BHDrvx86;BHDrvx86;c:\programdata\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_19.1.0.28\Definitions\BASHDefs\20120905.001\BHDrvx86.sys [x]
S1 ccSet_NIS;Norton Internet Security Settings Manager;c:\windows\system32\drivers\NIS\1308000.00E\ccSetx86.sys [x]
S1 IDSVix86;IDSVix86;c:\programdata\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_19.1.0.28\Definitions\IPSDefs\20120911.001\IDSvix86.sys [x]
S1 SymIRON;Symantec Iron Driver;c:\windows\system32\drivers\NIS\1308000.00E\Ironx86.SYS [x]
S1 SymNetS;Symantec Network Security WFP Driver;c:\windows\System32\Drivers\NIS\1308000.00E\SYMNETS.SYS [x]
S2 AdobeARMservice;Adobe Acrobat Update Service;c:\program files\Common Files\Adobe\ARM\1.0\armsvc.exe [x]
S2 DOSMEMIO;MEMIO;c:\windows\system32\MEMIO.SYS [x]
S2 KMDFMEMIO;SAMSUNG Kernel Driver;c:\windows\system32\DRIVERS\kmdfmemio.sys [x]
S2 MBAMService;MBAMService;c:\program files\Malwarebytes' Anti-Malware\mbamservice.exe [x]
S2 NIS;Norton Internet Security;c:\program files\Norton Internet Security\Engine\19.8.0.14\ccSvcHst.exe [x]
S2 SBSDWSCService;SBSD Security Center Service;c:\program files\Spybot - Search & Destroy\SDWinSec.exe [x]
S2 ShellfireVPN2Service;ShellfireVPN2Service;c:\program files\ShellfireVPN\jre6\bin\java -classpath c:\program files\ShellfireVPN\ShellfireVPN2.exe [x]
S2 Skype C2C Service;Skype C2C Service;c:\programdata\Skype\Toolbars\Skype C2C Service\c2c_service.exe [x]
S2 SSPORT;SSPORT;c:\windows\system32\Drivers\SSPORT.sys [x]
S3 EraserUtilRebootDrv;EraserUtilRebootDrv;c:\program files\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys [x]
S3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [x]
S3 VMC302;Vimicro Camera Service VMC302;c:\windows\system32\Drivers\VMC302.sys [x]
S3 WSDPrintDevice;WSD-Druckunterstützung durch UMB;c:\windows\system32\DRIVERS\WSDPrint.sys [x]
S3 WSDScan;WSD-Scanunterstützung durch UMB;c:\windows\system32\DRIVERS\WSDScan.sys [x]
S3 yukonw7;NDIS6.2 Miniport Driver for Marvell Yukon Ethernet Controller;c:\windows\system32\DRIVERS\yk62x86.sys [x]
.
.
--- Andere Dienste/Treiber im Speicher ---
.
*NewlyCreated* - WS2IFSL
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
HPZ12	REG_MULTI_SZ   	Pml Driver HPZ12 Net Driver HPZ12
.
.
------- Zusätzlicher Suchlauf -------
.
uStart Page = hxxp://www.spiegel.de/
mStart Page = hxxp://www.google.com
uInternet Settings,ProxyOverride = *.local
IE: add to &BOM - c:\\PROGRA~1\\BIET-O~1\\\\AddToBOM.hta
IE: Bild an &Bluetooth-Gerät senden... - c:\program files\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm
IE: Nach Microsoft &Excel exportieren - c:\progra~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
IE: Nach Microsoft E&xel exportieren - c:\progra~1\MICROS~2\Office12\EXCEL.EXE/3000
IE: Seite an &Bluetooth-Gerät senden... - c:\program files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
TCP: DhcpNameServer = 10.0.0.138
FF - ProfilePath - c:\users\***\AppData\Roaming\Mozilla\Firefox\Profiles\17f4qzsw.default\
FF - prefs.js: browser.search.selectedEngine - Google
FF - prefs.js: browser.startup.homepage - hxxp://www.spiegel.de/
.
- - - - Entfernte verwaiste Registrierungseinträge - - - -
.
MSConfigStartUp-GMX SMS-Manager - c:\program files\GMX\GMX SMS-Manager\SMSMngr.exe
MSConfigStartUp-NokiaOviSuite2 - c:\program files\Nokia\Nokia Ovi Suite\NokiaOviSuite.exe
MSConfigStartUp-PC Suite Tray - c:\program files\Nokia\Nokia PC Suite 7\PCSuite.exe
AddRemove-vShare.tv plugin - c:\program files\vShare.tv plugin\uninst.exe
.
.
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\NIS]
"ImagePath"="\"c:\program files\Norton Internet Security\Engine\19.8.0.14\ccSvcHst.exe\" /s \"NIS\" /m \"c:\program files\Norton Internet Security\Engine\19.8.0.14\diMaster.dll\" /prefetch:1"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\ShellfireVPN2Service]
"ImagePath"="\"c:\program files\ShellfireVPN\jre6\bin\java\" \"-classpath\" \"c:\program files\ShellfireVPN\ShellfireVPN2.exe\" \"-Xrs\" \"-Dwrapper.service=true\" \"-Dwrapper.working.dir=c:\program files\ShellfireVPN\" \"-Dwrapper.config=c:\users\***\AppData\Roaming\ShellfireVPN\start.conf\" \"-Dwrapper.additional.1x=-Xrs\" \"-Dwrapper.stop.conf=c:\users\***\AppData\Roaming\ShellfireVPN\stop.conf\" \"org.rzo.yajsw.boot.WrapperServiceBooter\" "
.
--------------------- Gesperrte Registrierungsschluessel ---------------------
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\System*]
"OOSAFEERASE02.07.00.01MSWINDOWS"="94FAAF35EAAEBE0D24AF713C27573F7D04EC34C1F75CE29BA5665444A1C0C8AADB32DAD087ADDF0A7E6B0D4BD70645A29828120BC03D2C29223EA03B32085B2B53D6461EBC5432F30452B68BEF1BC9B9137F31CE557A1B9D6DFEBC9E127BECC74CFEBC9E127BECC74CFEBC9E127BECC74CFEBC9E127BECC74CFEBC9E127BECC74CFEBC9E127BECC74C5D575E7D6A3B98089DB7CE019D40AA5CFEBC9E127BECC74CBA7FD869164D6794DEB610F28445FCA8A767D61F60F40B794DA07ADED7563BC79613D174BFA2D4F44DBC580EB8EE12D1ED4F83B8D55CA521AF9D69EA80CB02A95624BE9736AF03CCD81919D79CE2DABFD30D0C1DD1104F3D4F9F8F7DA2B2505F5441B884069E5279CD05C21E63190504C106660AB483CD9FD25506E3F0191EA093FE9FBA4BB40FAEAD1F19323AB15375D77F5DC158CEF85E144CBBF390AD7A62CBD7A53E195D1CE62CE9B76BBF709D2E65A60E0C88AD3DD522FB748398C785E1E728549873A3EEDD334B08A086BA4F0DEF09EA3205811BA5BF3A466E18DD752008320856D6BB93165D0ECC32969DE734B29BB80482CB2530E2451B958F8F9360001BED88B07BA6D47BE19A7FE945F8871AB511D3A835859CB53D335C729B3B2BD6EC8C4362DADB2213D65A70EF86ACB4471162F7928BF8D518A4A0292C675FCBC7133A9FC1F9774B5C6447EC0BD73CA690CEEECA52BB4D8B9B664AE8187C865443E0A23A9919D5E24365F4E21454F6117FF1CBACE9DBE8B0864E6B0A8887C6976C8BC533A620E4BBE89745C4543A41E950E162FD52A3C37C538B92024159CF2D1A2BF72F1D16A571221EF2080CEC11EBF5E9F1A7F7ECE86A32B3A146FB6662F1D83F605722ABAFDE767D09A56DF2F21495398A123A3A793904BE5054E4485306E7A67B584EB1AD2723236A1C9F7785268863132DEC2E2A6C600A29AB9E3B0CCDBA299762B11EDAAE195B4AEB3D49FB265D60C46BD71143C990540BCE3DA00AF1F8EED9AACC0A8D9DFB58331CD65B9DDF538A2EC3B84E9F5E1442A7464A7EDE5D7D06B96917B4A96224B10036EDC4C5E1E1A1AFB03E76B1F79CDC881D42FA2EC058DD035B79FEA9AE9F61E0C67A41647CB2C900AF0DBCFBAA129185E395E43410CDCED541D1EE1CF52CC55D5F66ADFB47210929C5BCF817CD8D2ECE2DA92DBB045390A45F722FA37242A14C18918EA39B41CC88F6D828307BDDE9E691D8E7A61916C13900228D76A0071ADB07CF89871758E15050E1E9069286DB25ACEECEEA0E76E1AD6D1AFA5DC2D83B0B4DE56B661E5D7E065F4C016FB83DFE331DACBD90E606D672F9888D385DC6F1300990A01355803882B500D5D1516C361086C737376D0DEA4B7910807A39969272637F3E7626228974EB58752B8BB245901369DE0D2D074BCEC4463028E2C051500453F98940D8D45E1C260E0BD26353D7EAAEFD59"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
"MSCurrentCountry"=dword:000000b5
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0001\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0002\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
--------------------- Durch laufende Prozesse gestartete DLLs ---------------------
.
- - - - - - - > 'Explorer.exe'(3428)
c:\windows\system32\btncopy.dll
c:\program files\WinSCP\DragExt.dll
.
------------------------ Weitere laufende Prozesse ------------------------
.
c:\windows\system32\nvvsvc.exe
c:\windows\system32\WLANExt.exe
c:\program files\NVIDIA Corporation\Display\nvxdsync.exe
c:\windows\system32\nvvsvc.exe
c:\windows\system32\conhost.exe
c:\windows\system32\agrsmsvc.exe
c:\program files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
c:\program files\Bonjour\mDNSResponder.exe
c:\program files\CPUCooL\CooLSrv.exe
c:\program files\Juniper Networks\Common Files\dsNcService.exe
c:\program files\Intel\Wireless\Bin\EvtEng.exe
c:\program files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
c:\program files\Intel\Wireless\Bin\RegSrvc.exe
c:\program files\ShellfireVPN\jre6\bin\java.exe
c:\windows\system32\taskhost.exe
c:\program files\ShellfireVPN\jre6\bin\java.exe
c:\windows\system32\conhost.exe
c:\program files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
c:\program files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe
c:\windows\system32\conhost.exe
c:\program files\Windows Media Player\wmpnetwk.exe
c:\program files\PC Connectivity Solution\ServiceLayer.exe
c:\program files\PC Connectivity Solution\Transports\NclUSBSrv.exe
c:\program files\PC Connectivity Solution\Transports\NclMSBTSrvEx.exe
c:\windows\system32\DllHost.exe
c:\windows\system32\sppsvc.exe
.
**************************************************************************
.
Zeit der Fertigstellung: 2012-09-12  12:09:15 - PC wurde neu gestartet
ComboFix-quarantined-files.txt  2012-09-12 02:09
.
Vor Suchlauf: 18 Verzeichnis(se), 12.437.348.352 Bytes frei
Nach Suchlauf: 26 Verzeichnis(se), 12.332.908.544 Bytes frei
.
- - End Of File - - 3F1ECDCC53E5ECA9E112E9815A58DEF8

cosinus · 12.09.2012, 13:03

Combofix - Scripten

1. Starte das Notepad (Start / Ausführen / notepad[Enter])

2. Jetzt füge mit copy/paste den ganzen Inhalt der untenstehenden Codebox in das Notepad Fenster ein.

Hinweis: Falls Du Deinen Benutzernamen unkenntlich gemacht hast, musst Du das Ausgesternte in Deinen richtigen Benutzernamen wieder verwandeln, sonst funktioniert das Script nicht!!

Code:

ATTFilter

Dirlook::
c:\users\***\AppData\Roaming\hdbADS

3. Speichere im Notepad als CFScript.txt auf dem Desktop.

4. Deaktivere den Guard Deines Antivirenprogramms und eine eventuell vorhandene Software Firewall.
(Auch Guards von Ad-, Spyware Programmen und den Tea Timer (wenn vorhanden) !)

5. Dann ziehe die CFScript.txt auf die cofi.exe, so wie es im unteren Bild zu sehen ist. Damit wird Combofix neu gestartet.

6. Nach dem Neustart (es wird gefragt ob Du neustarten willst), poste bitte die folgenden Log Dateien:
Combofix.txt

Hinweis: Das obige Script ist nur für diesen einen User in dieser Situtation erstellt worden. Es ist auf keinen anderen Rechner portierbar und darf nicht anderweitig verwandt werden, da es das System nachhaltig schädigen kann!

04.09.2012, 14:52	#18
cosinus /// Winkelfunktion /// TB-Süch-Tiger™	PUP.VShareRedir gefunden, Rechner versendet evtl. Spam-Mails Warum hast du denn jetzt ne Pro Edition von Windows? Die benötigt man im Heimbereich eigentlich garnicht, das ist fast raus geschmissenes Geld Mach bitte einen neuen Suchlauf mit adwCleaner Wenn der nichts mehr findet müssen wir manuell ran um startsearch und anderen Müll zu kicken __________________ __________________

05.09.2012, 14:32	#20
cosinus /// Winkelfunktion /// TB-Süch-Tiger™	PUP.VShareRedir gefunden, Rechner versendet evtl. Spam-Mails Hätte da mal zwei Fragen bevor es weiter geht 1.) Geht der normale Modus von Windows (wieder) uneingeschränkt? 2.) Vermisst du irgendwas im Startmenü? Sind da leere Ordner unter alle Programme oder ist alles vorhanden? __________________ Logfiles bitte immer in CODE-Tags posten

PUP.VShareRedir gefunden, Rechner versendet evtl. Spam-Mails

Plagegeister aller Art und deren Bekämpfung: PUP.VShareRedir gefunden, Rechner versendet evtl. Spam-Mails