Zurück   Trojaner-Board > Malware entfernen > Plagegeister aller Art und deren Bekämpfung

Plagegeister aller Art und deren Bekämpfung: Security Shield Befall

Windows 7 Wenn Du nicht sicher bist, ob Du dir Malware oder Trojaner eingefangen hast, erstelle hier ein Thema. Ein Experte wird sich mit weiteren Anweisungen melden und Dir helfen die Malware zu entfernen oder Unerwünschte Software zu deinstallieren bzw. zu löschen. Bitte schildere dein Problem so genau wie möglich. Sollte es ein Trojaner oder Viren Problem sein wird ein Experte Dir bei der Beseitigug der Infektion helfen.

Antwort
Alt 15.10.2012, 19:58   #31
Seprom
 
Security Shield Befall - Standard

Security Shield Befall



Hier die OTL-Log:

Code:
ATTFilter
OTL logfile created on: 15.10.2012 20:14:15 - Run 3
OTL by OldTimer - Version 3.2.69.0     Folder = C:\Users\Roman\Downloads
Windows Vista Business Edition Service Pack 2 (Version = 6.0.6002) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
 
1,99 Gb Total Physical Memory | 1,11 Gb Available Physical Memory | 55,70% Memory free
4,22 Gb Paging File | 2,91 Gb Available in Paging File | 69,11% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 102,28 Gb Total Space | 23,48 Gb Free Space | 22,95% Space Free | Partition Type: NTFS
Drive E: | 1,55 Gb Total Space | 1,32 Gb Free Space | 84,89% Space Free | Partition Type: NTFS
Drive F: | 7,95 Gb Total Space | 0,98 Gb Free Space | 12,34% Space Free | Partition Type: NTFS
 
Computer Name: 6720S-RV | User Name: Roman | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users | Quick Scan
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days
 
========== Processes (SafeList) ==========
 
PRC - [2012.10.15 20:11:42 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\Roman\Downloads\OTL.exe
PRC - [2012.09.07 17:04:46 | 000,676,936 | ---- | M] (Malwarebytes Corporation) -- C:\Programme\Malwarebytes' Anti-Malware\mbamservice.exe
PRC - [2012.09.07 17:04:46 | 000,399,432 | ---- | M] (Malwarebytes Corporation) -- C:\Programme\Malwarebytes' Anti-Malware\mbamscheduler.exe
PRC - [2012.09.07 17:04:44 | 000,766,536 | ---- | M] (Malwarebytes Corporation) -- C:\Programme\Malwarebytes' Anti-Malware\mbamgui.exe
PRC - [2012.08.08 13:06:44 | 000,348,664 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\Programme\Avira\AntiVir Desktop\avgnt.exe
PRC - [2012.07.27 22:51:26 | 000,063,960 | ---- | M] (Adobe Systems Incorporated) -- C:\Programme\Common Files\Adobe\ARM\1.0\armsvc.exe
PRC - [2012.07.16 16:31:32 | 002,673,064 | ---- | M] (TeamViewer GmbH) -- C:\Programme\TeamViewer\Version7\TeamViewer_Service.exe
PRC - [2012.05.24 20:39:22 | 027,112,840 | ---- | M] (Dropbox, Inc.) -- C:\Users\Roman\AppData\Roaming\Dropbox\bin\Dropbox.exe
PRC - [2012.05.08 19:57:03 | 000,086,224 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\Programme\Avira\AntiVir Desktop\sched.exe
PRC - [2012.05.08 19:57:02 | 000,110,032 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\Programme\Avira\AntiVir Desktop\avguard.exe
PRC - [2012.05.08 19:57:02 | 000,080,336 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\Programme\Avira\AntiVir Desktop\avshadow.exe
PRC - [2010.12.10 19:30:50 | 000,086,880 | ---- | M] (Microsoft Corporation) -- c:\Programme\Microsoft SQL Server\90\Shared\sqlwriter.exe
PRC - [2010.12.10 19:29:30 | 000,238,944 | ---- | M] (Microsoft Corporation) -- c:\Programme\Microsoft SQL Server\90\Shared\sqlbrowser.exe
PRC - [2010.08.19 10:52:14 | 000,241,664 | ---- | M] (Huawei Technologies Co., Ltd.) -- C:\ProgramData\DatacardService\DCSHelper.exe
PRC - [2010.08.19 10:52:04 | 000,229,376 | ---- | M] () -- C:\ProgramData\DatacardService\DCService.exe
PRC - [2009.11.11 14:00:54 | 000,076,856 | ---- | M] ( Hewlett-Packard Development Company, L.P.) -- C:\Programme\Hewlett-Packard\HP Quick Launch Buttons\VolCtrl.exe
PRC - [2009.08.18 11:29:22 | 001,529,728 | ---- | M] (Microsoft Corporation) -- C:\Programme\Common Files\microsoft shared\Windows Live\WLIDSVC.EXE
PRC - [2009.08.18 11:29:22 | 000,183,152 | ---- | M] (Microsoft Corporation) -- C:\Programme\Common Files\microsoft shared\Windows Live\WLIDSVCM.EXE
PRC - [2009.04.11 08:28:03 | 001,233,920 | ---- | M] (Microsoft Corporation) -- C:\Programme\Windows Sidebar\sidebar.exe
PRC - [2009.04.11 08:27:36 | 002,926,592 | ---- | M] (Microsoft Corporation) -- C:\Windows\explorer.exe
PRC - [2008.03.18 17:27:12 | 000,013,312 | ---- | M] (Agere Systems) -- C:\Windows\System32\agrsmsvc.exe
PRC - [2008.01.19 09:38:38 | 001,008,184 | ---- | M] (Microsoft Corporation) -- C:\Programme\Windows Defender\MSASCui.exe
PRC - [2008.01.16 10:51:44 | 000,030,312 | ---- | M] (Microsoft Corporation) -- C:\Programme\Microsoft Small Business\Business Contact Manager\BcmSqlStartupSvc.exe
PRC - [2007.06.06 15:34:02 | 000,715,912 | ---- | M] () -- C:\Windows\SMINST\Scheduler.exe
PRC - [2007.03.29 13:11:50 | 000,719,664 | ---- | M] (Broadcom Corporation.) -- C:\Programme\WIDCOMM\Bluetooth Software\BTTray.exe
PRC - [2007.02.06 08:44:24 | 000,069,632 | ---- | M] (Andrea Electronics Corporation) -- C:\Windows\System32\AEADISRV.EXE
PRC - [2007.01.09 16:52:36 | 000,145,184 | ---- | M] (Hewlett-Packard Development Company, L.P.) -- C:\Programme\Hewlett-Packard\HP ProtectTools Security Manager\pthosttr.exe
PRC - [2007.01.04 19:48:52 | 000,112,152 | R--- | M] (InterVideo) -- C:\Programme\Common Files\InterVideo\RegMgr\iviRegMgr.exe
 
 
========== Modules (No Company Name) ==========
 
MOD - [2009.07.02 00:46:06 | 000,093,696 | ---- | M] () -- C:\Programme\FileZilla FTP Client\fzshellext.dll
MOD - [2007.08.24 14:28:04 | 000,249,856 | ---- | M] () -- C:\Windows\System32\igfxTMM.dll
MOD - [2007.06.08 10:05:38 | 000,274,432 | ---- | M] () -- C:\Windows\System32\flcdlmsg.dll
MOD - [2007.06.06 15:34:02 | 000,715,912 | ---- | M] () -- C:\Windows\SMINST\Scheduler.exe
MOD - [2007.03.29 13:02:48 | 000,126,976 | ---- | M] () -- C:\Programme\WIDCOMM\Bluetooth Software\BTKeyInd.dll
MOD - [2007.03.29 12:42:38 | 000,389,120 | ---- | M] () -- C:\Windows\System32\btwhidcs.dll
MOD - [2007.02.15 17:37:00 | 000,446,464 | ---- | M] () -- C:\Windows\SMINST\naspp.dll
 
 
========== Services (SafeList) ==========
 
SRV - [2012.10.13 15:10:31 | 000,115,168 | ---- | M] (Mozilla Foundation) [On_Demand | Stopped] -- C:\Programme\Mozilla Maintenance Service\maintenanceservice.exe -- (MozillaMaintenance)
SRV - [2012.10.12 13:13:23 | 000,250,808 | ---- | M] (Adobe Systems Incorporated) [On_Demand | Stopped] -- C:\Windows\System32\Macromed\Flash\FlashPlayerUpdateService.exe -- (AdobeFlashPlayerUpdateSvc)
SRV - [2012.09.07 17:04:46 | 000,676,936 | ---- | M] (Malwarebytes Corporation) [Auto | Running] -- C:\Programme\Malwarebytes' Anti-Malware\mbamservice.exe -- (MBAMService)
SRV - [2012.09.07 17:04:46 | 000,399,432 | ---- | M] (Malwarebytes Corporation) [Auto | Running] -- C:\Programme\Malwarebytes' Anti-Malware\mbamscheduler.exe -- (MBAMScheduler)
SRV - [2012.07.27 22:51:26 | 000,063,960 | ---- | M] (Adobe Systems Incorporated) [Auto | Running] -- C:\Programme\Common Files\Adobe\ARM\1.0\armsvc.exe -- (AdobeARMservice)
SRV - [2012.07.16 16:31:32 | 002,673,064 | ---- | M] (TeamViewer GmbH) [Auto | Running] -- C:\Programme\TeamViewer\Version7\TeamViewer_Service.exe -- (TeamViewer7)
SRV - [2012.07.03 13:19:28 | 000,160,944 | R--- | M] (Skype Technologies) [Auto | Stopped] -- C:\Programme\Skype\Updater\Updater.exe -- (SkypeUpdate)
SRV - [2012.05.08 19:57:03 | 000,086,224 | ---- | M] (Avira Operations GmbH & Co. KG) [Auto | Running] -- C:\Programme\Avira\AntiVir Desktop\sched.exe -- (AntiVirSchedulerService)
SRV - [2012.05.08 19:57:02 | 000,110,032 | ---- | M] (Avira Operations GmbH & Co. KG) [Auto | Running] -- C:\Programme\Avira\AntiVir Desktop\avguard.exe -- (AntiVirService)
SRV - [2011.07.20 05:18:24 | 000,440,696 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Programme\Common Files\microsoft shared\OFFICE12\ODSERV.EXE -- (odserv)
SRV - [2010.12.10 19:30:50 | 000,086,880 | ---- | M] (Microsoft Corporation) [Auto | Running] -- c:\Programme\Microsoft SQL Server\90\Shared\sqlwriter.exe -- (SQLWriter)
SRV - [2010.12.10 19:29:30 | 029,293,408 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- c:\Programme\Microsoft SQL Server\MSSQL.1\MSSQL\Binn\sqlservr.exe -- (MSSQL$MSSMLBIZ)
SRV - [2010.12.10 19:29:30 | 000,238,944 | ---- | M] (Microsoft Corporation) [Auto | Running] -- c:\Programme\Microsoft SQL Server\90\Shared\sqlbrowser.exe -- (SQLBrowser)
SRV - [2010.12.10 19:29:30 | 000,044,384 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- c:\Programme\Microsoft SQL Server\90\Shared\sqladhlp90.exe -- (MSSQLServerADHelper)
SRV - [2010.08.19 10:52:04 | 000,229,376 | ---- | M] () [Auto | Running] -- C:\ProgramData\DatacardService\DCService.exe -- (DCService.exe)
SRV - [2009.08.18 11:29:22 | 001,529,728 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Programme\Common Files\microsoft shared\Windows Live\WLIDSVC.EXE -- (wlidsvc)
SRV - [2008.03.18 17:27:12 | 000,013,312 | ---- | M] (Agere Systems) [Auto | Running] -- C:\Windows\System32\agrsmsvc.exe -- (AgereModemAudio)
SRV - [2008.01.19 09:38:24 | 000,272,952 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Programme\Windows Defender\MpSvc.dll -- (WinDefend)
SRV - [2008.01.19 09:33:39 | 000,896,512 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Programme\Windows Media Player\wmpnetwk.exe -- (WMPNetworkSvc)
SRV - [2008.01.16 10:51:44 | 000,030,312 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Programme\Microsoft Small Business\Business Contact Manager\BcmSqlStartupSvc.exe -- (BcmSqlStartupSvc)
SRV - [2007.06.08 10:06:42 | 000,172,131 | R--- | M] (Hewlett-Packard Ltd) [On_Demand | Stopped] -- C:\Windows\System32\flcdlock.exe -- (FLCDLOCK)
SRV - [2007.02.06 08:44:24 | 000,069,632 | ---- | M] (Andrea Electronics Corporation) [Auto | Running] -- C:\Windows\System32\AEADISRV.EXE -- (AEADIFilters)
SRV - [2007.01.04 19:48:52 | 000,112,152 | R--- | M] (InterVideo) [Auto | Running] -- C:\Programme\Common Files\InterVideo\RegMgr\iviRegMgr.exe -- (IviRegMgr)
SRV - [2006.10.26 15:03:08 | 000,145,184 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Programme\Common Files\microsoft shared\Source Engine\OSE.EXE -- (ose)
 
 
========== Driver Services (SafeList) ==========
 
DRV - File not found [Kernel | On_Demand | Stopped] -- system32\DRIVERS\nwlnkfwd.sys -- (NwlnkFwd)
DRV - File not found [Kernel | On_Demand | Stopped] -- system32\DRIVERS\nwlnkflt.sys -- (NwlnkFlt)
DRV - File not found [Kernel | On_Demand | Stopped] -- system32\DRIVERS\ipinip.sys -- (IpInIp)
DRV - File not found [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\blbdrive.sys -- (blbdrive)
DRV - [2012.09.07 17:04:46 | 000,022,856 | ---- | M] (Malwarebytes Corporation) [File_System | On_Demand | Running] -- C:\Windows\System32\drivers\mbam.sys -- (MBAMProtector)
DRV - [2012.05.08 19:57:03 | 000,137,928 | ---- | M] (Avira GmbH) [Kernel | System | Running] -- C:\Windows\System32\drivers\avipbb.sys -- (avipbb)
DRV - [2012.05.08 19:57:03 | 000,083,392 | ---- | M] (Avira GmbH) [File_System | Auto | Running] -- C:\Windows\System32\drivers\avgntflt.sys -- (avgntflt)
DRV - [2011.10.19 17:56:15 | 000,036,000 | ---- | M] (Avira GmbH) [Kernel | System | Running] -- C:\Windows\System32\drivers\avkmgr.sys -- (avkmgr)
DRV - [2010.08.27 13:53:46 | 000,116,736 | ---- | M] (Huawei Technologies Co., Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\ewusbnet.sys -- (ewusbnet)
DRV - [2010.08.07 17:48:42 | 000,106,880 | ---- | M] (Huawei Technologies Co., Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\ewusbmdm.sys -- (hwdatacard)
DRV - [2010.07.27 15:25:48 | 000,072,832 | ---- | M] (Huawei Technologies Co., Ltd.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\ew_jubusenum.sys -- (huawei_enumerator)
DRV - [2010.07.27 09:52:02 | 000,102,784 | ---- | M] (Huawei Technologies Co., Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\ew_hwusbdev.sys -- (ew_hwusbdev)
DRV - [2010.07.27 08:14:58 | 006,842,464 | ---- | M] (Logitech Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\lvuvc.sys -- (LVUVC)
DRV - [2010.07.27 08:12:50 | 000,282,336 | ---- | M] (Logitech Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\lvrs.sys -- (LVRS)
DRV - [2010.07.27 08:12:26 | 000,114,784 | ---- | M] (Logitech Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\lvpopflt.sys -- (lvpopflt)
DRV - [2010.06.17 16:14:27 | 000,028,520 | ---- | M] (Avira GmbH) [Kernel | System | Running] -- C:\Windows\System32\drivers\ssmdrv.sys -- (ssmdrv)
DRV - [2010.03.11 11:17:14 | 000,025,088 | ---- | M] (TeamViewer GmbH) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\teamviewervpn.sys -- (teamviewervpn)
DRV - [2010.02.25 01:03:16 | 000,014,904 | ---- | M] (Hewlett-Packard Company) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\CPQBTTN.sys -- (HBtnKey)
DRV - [2009.08.24 10:14:30 | 000,044,544 | ---- | M] (AzureWave Technologies, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\azvusb.sys -- (azvusb)
DRV - [2009.04.29 07:46:54 | 000,015,872 | ---- | M] (Hewlett-Packard Development Company, L.P.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\HpqKbFiltr.sys -- (HpqKbFiltr)
DRV - [2008.12.05 07:55:40 | 000,217,728 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\e1e6032.sys -- (e1express)
DRV - [2008.11.21 21:53:40 | 001,204,128 | ---- | M] (Agere Systems) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\AGRSM.sys -- (AgereSoftModem)
DRV - [2008.11.17 16:40:22 | 003,668,480 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\NETw5v32.sys -- (NETw5v32)
DRV - [2008.10.09 16:42:42 | 000,017,408 | ---- | M] (Windows (R) Codename Longhorn DDK provider) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\KMWDFILTER.sys -- (KMWDFILTER)
DRV - [2008.03.29 17:36:28 | 000,125,328 | ---- | M] (Deterministic Networks, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\System32\drivers\dne2000.sys -- (DNE)
DRV - [2007.10.12 03:00:44 | 000,041,752 | ---- | M] (Logitech Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\LVUSBSta.sys -- (LVUSBSta)
DRV - [2007.10.12 02:56:22 | 000,490,776 | ---- | M] (Logitech Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\LV561AV.SYS -- (PID_0928)
DRV - [2007.09.14 17:42:04 | 002,222,080 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\NETw4v32.sys -- (NETw4v32)
DRV - [2007.06.08 09:49:46 | 000,030,008 | R--- | M] (Hewlett-Packard Development Company L.P.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\DAMDrv.sys -- (DAMDrv)
DRV - [2007.01.29 20:20:04 | 000,361,728 | ---- | M] (eMPIA Technology, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\emBDA.sys -- (USB28xxBGA)
DRV - [2007.01.29 20:19:48 | 000,039,680 | ---- | M] (eMPIA Technology, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\emOEM.sys -- (USB28xxOEM)
DRV - [2007.01.18 17:28:02 | 000,005,275 | ---- | M] (Cisco Systems, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\CVirtA.sys -- (CVirtA)
DRV - [2006.11.02 09:36:43 | 002,028,032 | ---- | M] (ATI Technologies Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\atikmdag.sys -- (R300)
DRV - [2006.11.02 09:30:53 | 000,045,056 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\bcm4sbxp.sys -- (bcm4sbxp)
DRV - [2006.11.02 03:50:52 | 000,128,104 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Stopped] -- C:\Windows\System32\drivers\WimFltr.sys -- (WimFltr)
 
 
========== Standard Registry (SafeList) ==========
 
 
========== Internet Explorer ==========
 
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=DE_DE&c=74&bd=smb&pf=laptop
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=DE_DE&c=74&bd=smb&pf=laptop
IE - HKLM\..\SearchScopes,DefaultScope = 
IE - HKLM\..\SearchScopes\{2B837857-67A1-4C72-9DB1-2D2A378C9A78}: "URL" = hxxp://slirsredirect.search.aol.com/slirs_http/sredir?sredir=1145&query={searchTerms}&invocationType=tb50hpcmnbie7-de-de
 
 
IE - HKU\.DEFAULT\..\SearchScopes,DefaultScope = 
IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
 
IE - HKU\S-1-5-18\..\SearchScopes,DefaultScope = 
IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
 
IE - HKU\S-1-5-19\..\SearchScopes,DefaultScope = 
 
IE - HKU\S-1-5-20\..\SearchScopes,DefaultScope = 
 
IE - HKU\S-1-5-21-3045474442-3283016014-914664241-1006\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = about:blank
IE - HKU\S-1-5-21-3045474442-3283016014-914664241-1006\SOFTWARE\Microsoft\Internet Explorer\Main,StartPageCache = 1
IE - HKU\S-1-5-21-3045474442-3283016014-914664241-1006\..\SearchScopes,DefaultScope = 
IE - HKU\S-1-5-21-3045474442-3283016014-914664241-1006\..\SearchScopes\{0579B8E0-5480-4051-A82C-8636BF5C2F2B}: "URL" = hxxp://search.ebay.de/search/search.dll?satitle={searchTerms}
IE - HKU\S-1-5-21-3045474442-3283016014-914664241-1006\..\SearchScopes\{169537B5-61AE-469C-BB97-83FD10990702}: "URL" = hxxp://www.amazon.de/gp/search?search-alias=aps&field-keywords={searchTerms}
IE - HKU\S-1-5-21-3045474442-3283016014-914664241-1006\..\SearchScopes\{2B837857-67A1-4C72-9DB1-2D2A378C9A78}: "URL" = hxxp://slirsredirect.search.aol.com/slirs_http/sredir?sredir=1145&query={searchTerms}&invocationType=tb50hpcmnbie7-de-de
IE - HKU\S-1-5-21-3045474442-3283016014-914664241-1006\..\SearchScopes\{4C6E59F8-C3A3-48C7-AA8E-C321635D00E4}: "URL" = hxxp://de.wikipedia.org/wiki/Spezial:Search?search={searchTerms}
IE - HKU\S-1-5-21-3045474442-3283016014-914664241-1006\..\SearchScopes\{6247DA3A-9DCB-4910-A6D3-9BB1D862BB58}: "URL" = hxxp://de.search.yahoo.com/search?p={searchTerms}
IE - HKU\S-1-5-21-3045474442-3283016014-914664241-1006\..\SearchScopes\{D60D28A7-939B-4DA6-A7F2-7FD457008A6B}: "URL" = hxxp://www.google.de/search?q={searchTerms}
IE - HKU\S-1-5-21-3045474442-3283016014-914664241-1006\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
 
========== FireFox ==========
 
FF - prefs.js..browser.search.useDBForOrder: true
FF - prefs.js..browser.startup.homepage: "about:home"
FF - prefs.js..extensions.enabledAddons: en-GB@dictionaries.addons.mozilla.org:1.19.1
FF - user.js - File not found
 
FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF32_11_4_402_287.dll ()
FF - HKLM\Software\MozillaPlugins\@divx.com/DivX Browser Plugin,version=1.0.0: C:\Program Files\DivX\DivX Web Player\npdivx32.dll (DivX,Inc.)
FF - HKLM\Software\MozillaPlugins\@Google.com/GoogleEarthPlugin: C:\Program Files\Google\Google Earth\plugin\npgeplugin.dll (Google)
FF - HKLM\Software\MozillaPlugins\@google.com/npPicasa3,version=3.0.0: C:\Program Files\Google\Picasa3\npPicasa3.dll (Google, Inc.)
FF - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=10.7.2: C:\Program Files\Java\jre7\bin\dtplugin\npDeployJava1.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin,version=10.7.2: C:\Program Files\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files\Microsoft Silverlight\5.1.10411.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeLive,version=1.5: C:\Program Files\Microsoft\Office Live\npOLW.dll (Microsoft Corp.)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WPF,version=3.5: c:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files\Google\Update\1.3.21.123\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files\Google\Update\1.3.21.123\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@videolan.org/vlc,version=2.0.3: C:\Program Files\VideoLAN\VLC\npvlc.dll (VideoLAN)
FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF - HKCU\Software\MozillaPlugins\@talk.google.com/GoogleTalkPlugin: C:\Users\Roman\AppData\Roaming\Mozilla\plugins\npgoogletalk.dll (Google)
FF - HKCU\Software\MozillaPlugins\@talk.google.com/O3DPlugin: C:\Users\Roman\AppData\Roaming\Mozilla\plugins\npgtpo3dautoplugin.dll ()
FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Users\Roman\AppData\Local\Google\Update\1.3.21.123\npGoogleUpdate3.dll (Google Inc.)
FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Users\Roman\AppData\Local\Google\Update\1.3.21.123\npGoogleUpdate3.dll (Google Inc.)
 
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{000a9d1c-beef-4f90-9363-039d445309b8}: C:\Program Files\Google\Google Gears\Firefox\ [2010.03.05 14:29:36 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\smartwebprinting@hp.com: C:\Program Files\HP\Digital Imaging\Smart Web Printing\MozillaAddOn2 [2011.01.06 15:43:02 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 15.0\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2012.10.13 15:10:32 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 15.0\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2012.10.13 15:10:24 | 000,000,000 | ---D | M]
FF - HKEY_CURRENT_USER\software\mozilla\Firefox\Extensions\\smartwebprinting@hp.com: C:\Program Files\HP\Digital Imaging\Smart Web Printing\MozillaAddOn2 [2011.01.06 15:43:02 | 000,000,000 | ---D | M]
FF - HKEY_CURRENT_USER\software\mozilla\Mozilla Firefox 16.0.1\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2012.10.13 15:10:32 | 000,000,000 | ---D | M]
FF - HKEY_CURRENT_USER\software\mozilla\Mozilla Firefox 16.0.1\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2012.10.13 15:10:24 | 000,000,000 | ---D | M]
 
[2012.04.18 13:36:54 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Roman\AppData\Roaming\mozilla\Extensions
[2012.10.13 14:00:07 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Roman\AppData\Roaming\mozilla\Firefox\Profiles\m4f927su.default\extensions
[2012.10.13 14:00:07 | 000,000,000 | ---D | M] (German Dictionary) -- C:\Users\Roman\AppData\Roaming\mozilla\Firefox\Profiles\m4f927su.default\extensions\de-DE@dictionaries.addons.mozilla.org
[2012.04.18 13:59:34 | 000,000,000 | ---D | M] (British English Dictionary) -- C:\Users\Roman\AppData\Roaming\mozilla\Firefox\Profiles\m4f927su.default\extensions\en-GB@dictionaries.addons.mozilla.org
[2012.08.30 17:06:25 | 000,088,614 | ---- | M] () (No name found) -- C:\Users\Roman\AppData\Roaming\mozilla\firefox\profiles\m4f927su.default\extensions\extension@ciuvo.com.xpi
[2012.07.26 12:26:28 | 000,741,958 | ---- | M] () (No name found) -- C:\Users\Roman\AppData\Roaming\mozilla\firefox\profiles\m4f927su.default\extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}.xpi
[2012.04.18 14:10:35 | 000,001,692 | ---- | M] () -- C:\Users\Roman\AppData\Roaming\mozilla\firefox\profiles\m4f927su.default\searchplugins\alle-preise---guenstigerde.xml
[2012.08.19 20:32:45 | 000,012,703 | ---- | M] () -- C:\Users\Roman\AppData\Roaming\mozilla\firefox\profiles\m4f927su.default\searchplugins\imdb.xml
[2012.04.18 14:06:26 | 000,002,322 | ---- | M] () -- C:\Users\Roman\AppData\Roaming\mozilla\firefox\profiles\m4f927su.default\searchplugins\openthesaurus.xml
[2012.04.18 14:02:19 | 000,002,006 | ---- | M] () -- C:\Users\Roman\AppData\Roaming\mozilla\firefox\profiles\m4f927su.default\searchplugins\urban-dictionary.xml
[2012.04.18 14:02:41 | 000,001,330 | ---- | M] () -- C:\Users\Roman\AppData\Roaming\mozilla\firefox\profiles\m4f927su.default\searchplugins\wikipedia-en.xml
[2012.04.18 14:02:55 | 000,002,446 | ---- | M] () -- C:\Users\Roman\AppData\Roaming\mozilla\firefox\profiles\m4f927su.default\searchplugins\wiktionary-de.xml
[2012.04.18 14:01:58 | 000,001,997 | ---- | M] () -- C:\Users\Roman\AppData\Roaming\mozilla\firefox\profiles\m4f927su.default\searchplugins\wolframalpha.xml
[2012.04.22 21:15:19 | 000,002,057 | ---- | M] () -- C:\Users\Roman\AppData\Roaming\mozilla\firefox\profiles\m4f927su.default\searchplugins\youtube-videosuche.xml
[2012.10.13 15:10:20 | 000,000,000 | ---D | M] (No name found) -- C:\Programme\Mozilla Firefox\extensions
[2012.10.13 15:10:31 | 000,261,600 | ---- | M] (Mozilla Foundation) -- C:\Program Files\mozilla firefox\components\browsercomps.dll
[2012.07.14 02:45:08 | 000,001,392 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\amazondotcom-de.xml
[2012.08.31 01:20:01 | 000,002,465 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\bing.xml
[2012.07.14 02:45:08 | 000,001,153 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\eBay-de.xml
[2012.07.14 02:45:08 | 000,006,805 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\leo_ende_de.xml
[2012.07.14 02:45:08 | 000,001,178 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\wikipedia-de.xml
[2012.07.14 02:45:07 | 000,001,105 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\yahoo-de.xml
 
========== Chrome  ==========
 
CHR - default_search_provider: Google ()
CHR - default_search_provider: search_url = {google:baseURL}search?{google:RLZ}{google:acceptedSuggestion}{google:originalQueryForSuggestion}sourceid=chrome&ie={inputEncoding}&q={searchTerms}
CHR - default_search_provider: suggest_url = {google:baseSuggestURL}search?client=chrome&output=chrome&hl={language}&q={searchTerms}
 
O1 HOSTS File: ([2006.09.18 23:41:30 | 000,000,736 | ---- | M]) - C:\Windows\System32\drivers\etc\hosts
O1 - Hosts: ::1             localhost
O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - No CLSID value found.
O2 - BHO: (Java(tm) Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Programme\Java\jre7\bin\ssv.dll (Oracle Corporation)
O2 - BHO: (Windows Live ID-Anmelde-Hilfsprogramm) - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Programme\Common Files\microsoft shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corporation)
O2 - BHO: (Java(tm) Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Programme\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
O2 - BHO: (Google Gears Helper) - {E0FEFE40-FBF9-42AE-BA58-794CA7E3FB53} - C:\Programme\Google\Google Gears\Internet Explorer\0.5.36.0\gears.dll (Google Inc.)
O4 - HKLM..\Run: []  File not found
O4 - HKLM..\Run: [avgnt] C:\Program Files\Avira\AntiVir Desktop\avgnt.exe (Avira Operations GmbH & Co. KG)
O4 - HKLM..\Run: [HP Health Check Scheduler] c:\Programme\Hewlett-Packard\HP Health Check\HPHC_Scheduler.exe (Hewlett-Packard)
O4 - HKLM..\Run: [PTHOSTTR] C:\Program Files\Hewlett-Packard\HP ProtectTools Security Manager\PTHOSTTR.EXE (Hewlett-Packard Development Company, L.P.)
O4 - HKLM..\Run: [Windows Defender] C:\Program Files\Windows Defender\MSASCui.exe (Microsoft Corporation)
O4 - HKU\S-1-5-19..\Run: [WindowsWelcomeCenter] C:\Windows\System32\oobefldr.dll (Microsoft Corporation)
O4 - HKU\S-1-5-20..\Run: [WindowsWelcomeCenter] C:\Windows\System32\oobefldr.dll (Microsoft Corporation)
O4 - HKLM..\RunOnce: [ST Recovery Launcher] C:\Windows\SMINST\Launcher.exe (soft thinks)
O4 - Startup: C:\Users\Roman\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dropbox.lnk = C:\Users\Roman\AppData\Roaming\Dropbox\bin\Dropbox.exe (Dropbox, Inc.)
O8 - Extra context menu item: Add to Google Photos Screensa&ver - C:\Windows\System32\GPhotos.scr (Google Inc.)
O8 - Extra context menu item: Bild an &Bluetooth-Gerät senden... - C:\Programme\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm ()
O8 - Extra context menu item: Nach Microsoft E&xel exportieren - C:\Programme\Microsoft Office\Office12\EXCEL.EXE (Microsoft Corporation)
O8 - Extra context menu item: Seite an &Bluetooth-Gerät senden... - C:\Programme\WIDCOMM\Bluetooth Software\btsendto_ie.htm ()
O9 - Extra 'Tools' menuitem : &Gears-Einstellungen - {09C04DA7-5B76-4EBC-BBEE-B25EAC5965F5} - C:\Programme\Google\Google Gears\Internet Explorer\0.5.36.0\gears.dll (Google Inc.)
O9 - Extra Button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\Programme\Microsoft Office\Office12\REFIEBAR.DLL (Microsoft Corporation)
O9 - Extra Button: @btrez.dll,-4015 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Programme\WIDCOMM\Bluetooth Software\btsendto_ie.htm ()
O9 - Extra 'Tools' menuitem : @btrez.dll,-12650 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Programme\WIDCOMM\Bluetooth Software\btsendto_ie.htm ()
O13 - gopher Prefix: missing
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.7.0/jinstall-1_7_0_05-windows-i586.cab (Java Plug-in 10.7.2)
O16 - DPF: {CAFEEFAC-0017-0000-0005-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.7.0/jinstall-1_7_0_05-windows-i586.cab (Java Plug-in 1.7.0_05)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.7.0/jinstall-1_7_0_05-windows-i586.cab (Java Plug-in 10.7.2)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{1AE68D5B-3AD6-42B3-A1A7-304EE002046D}: DhcpNameServer = 193.189.244.225 193.189.244.206
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{3992FE55-F80B-4794-AA86-7FF9206DA54C}: DhcpNameServer = 192.168.1.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{62E1A4B8-18E1-400D-85B6-74F40BA9D696}: DhcpNameServer = 192.168.1.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{B6863DED-BCB9-4047-820F-43F1C596DE39}: DhcpNameServer = 193.189.244.225 193.189.244.206
O18 - Protocol\Handler\livecall {828030A1-22C1-4009-854F-8E305202313F} - C:\Programme\Windows Live\Messenger\msgrapp.14.0.8117.0416.dll (Microsoft Corporation)
O18 - Protocol\Handler\ms-help {314111c7-a502-11d2-bbca-00c04f8ec294} - C:\Programme\Common Files\microsoft shared\Help\hxds.dll (Microsoft Corporation)
O18 - Protocol\Handler\msnim {828030A1-22C1-4009-854F-8E305202313F} - C:\Programme\Windows Live\Messenger\msgrapp.14.0.8117.0416.dll (Microsoft Corporation)
O18 - Protocol\Handler\mso-offdap11 {32505114-5902-49B2-880A-1F7738E5A384} - C:\Programme\Common Files\microsoft shared\Web Components\11\OWC11.DLL (Microsoft Corporation)
O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Programme\Common Files\Skype\Skype4COM.dll (Skype Technologies)
O18 - Protocol\Filter\text/xml {807563E5-5146-11D5-A672-00B0D022E945} - C:\Programme\Common Files\microsoft shared\OFFICE12\MSOXMLMF.DLL (Microsoft Corporation)
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (c:\windows\system32\userinit.exe) - C:\Windows\System32\userinit.exe (Microsoft Corporation)
O20 - Winlogon\Notify\DeviceNP: DllName - (DeviceNP.dll) - C:\Windows\System32\DeviceNP.dll (Hewlett-Packard Limited)
O24 - Desktop WallPaper: 
O24 - Desktop BackupWallPaper: 
O32 - HKLM CDRom: AutoRun - 1
O32 - Unable to obtain root file information for disk F:\
O33 - MountPoints2\{034c157c-b0f4-11de-9a1b-001f2991aeb0}\Shell\AutoRun\command - "" = H:\SamsungSoftware\APPInst.exe
O33 - MountPoints2\{4ab35dfd-fcaf-11e0-ac37-001f3c5d8866}\Shell - "" = AutoRun
O33 - MountPoints2\{4ab35dfd-fcaf-11e0-ac37-001f3c5d8866}\Shell\AutoRun\command - "" = G:\AutoRun.exe
O33 - MountPoints2\{4ab35e48-fcaf-11e0-ac37-001e101f2b52}\Shell - "" = AutoRun
O33 - MountPoints2\{4ab35e48-fcaf-11e0-ac37-001e101f2b52}\Shell\AutoRun\command - "" = G:\AutoRun.exe
O33 - MountPoints2\{67af874b-956d-11de-800b-001f2991aeb0}\Shell - "" = AutoRun
O33 - MountPoints2\{67af874b-956d-11de-800b-001f2991aeb0}\Shell\AutoRun\command - "" = G:\StartVMCLite.exe
O33 - MountPoints2\{67af876d-956d-11de-800b-001f2991aeb0}\Shell - "" = AutoRun
O33 - MountPoints2\{67af876d-956d-11de-800b-001f2991aeb0}\Shell\AutoRun\command - "" = G:\StartVMCLite.exe
O33 - MountPoints2\{94a89076-a150-11de-851b-001f2991aeb0}\Shell\AutoRun\command - "" = ps.bat
O33 - MountPoints2\{94a89076-a150-11de-851b-001f2991aeb0}\Shell\explore\Command - "" = ps.bat
O33 - MountPoints2\{94a89076-a150-11de-851b-001f2991aeb0}\Shell\open\Command - "" = ps.bat
O33 - MountPoints2\{98fda891-21ae-11e1-a3ff-001e101f50a4}\Shell - "" = AutoRun
O33 - MountPoints2\{98fda891-21ae-11e1-a3ff-001e101f50a4}\Shell\AutoRun\command - "" = G:\AutoRun.exe
O33 - MountPoints2\{f530994e-ce03-11de-99bc-001f2991aeb0}\Shell\AutoRun\command - "" = G:\avira.exe
O34 - HKLM BootExecute: (autocheck autochk *)
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)
 
NetSvcs: FastUserSwitchingCompatibility -  File not found
NetSvcs: Ias - C:\Windows\System32\ias.dll (Microsoft Corporation)
NetSvcs: Nla -  File not found
NetSvcs: Ntmssvc -  File not found
NetSvcs: NWCWorkstation -  File not found
NetSvcs: Nwsapagent -  File not found
NetSvcs: SRService -  File not found
NetSvcs: WmdmPmSp -  File not found
NetSvcs: LogonHours -  File not found
NetSvcs: PCAudit -  File not found
NetSvcs: helpsvc -  File not found
NetSvcs: uploadmgr -  File not found
 
MsConfig - StartUpFolder: C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^DVD Check.lnk - C:\Programme\InterVideo\DVD Check\DVDCheck.exe - (InterVideo Inc.)
MsConfig - StartUpFolder: C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^HP Digital Imaging Monitor.lnk - C:\Programme\Hp\Digital Imaging\bin\hpqtra08.exe - (Hewlett-Packard Co.)
MsConfig - StartUpFolder: C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^VPN Client.lnk -  - File not found
MsConfig - StartUpReg: Adobe ARM - hkey= - key= - C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe (Adobe Systems Incorporated)
MsConfig - StartUpReg: Adobe Reader Speed Launcher - hkey= - key= -  File not found
MsConfig - StartUpReg: DivXUpdate - hkey= - key= -  File not found
MsConfig - StartUpReg: Google Update - hkey= - key= - C:\Users\Roman\AppData\Local\Google\Update\GoogleUpdate.exe (Google Inc.)
MsConfig - StartUpReg: HotKeysCmds - hkey= - key= -  File not found
MsConfig - StartUpReg: IgfxTray - hkey= - key= -  File not found
MsConfig - StartUpReg: ISUSPM - hkey= - key= - C:\ProgramData\Macrovision\FLEXnet Connect\6\ISUSPM.exe (Macrovision Corporation)
MsConfig - StartUpReg: LightScribe Control Panel - hkey= - key= - C:\Program Files\Common Files\LightScribe\LightScribeControlPanel.exe (Hewlett-Packard Company)
MsConfig - StartUpReg: LogitechCommunicationsManager - hkey= - key= -  File not found
MsConfig - StartUpReg: LogitechQuickCamRibbon - hkey= - key= -  File not found
MsConfig - StartUpReg: msnmsgr - hkey= - key= - C:\Program Files\Windows Live\Messenger\msnmsgr.exe (Microsoft Corporation)
MsConfig - StartUpReg: Persistence - hkey= - key= -  File not found
MsConfig - StartUpReg: PMCLoader - hkey= - key= - C:\Programme\Pinnacle\TVCenter Pro\PMCLoader.exe (Pinnacle Systems GmbH)
MsConfig - StartUpReg: PMCRemote - hkey= - key= - C:\Programme\Pinnacle\Shared Files\Programs\Remote\remoterm.exe (Pinnacle Systems)
MsConfig - StartUpReg: RemoTerm.exe - hkey= - key= -  File not found
MsConfig - StartUpReg: Skype - hkey= - key= - C:\Program Files\Skype\Phone\Skype.exe (Skype Technologies S.A.)
MsConfig - StartUpReg: SoundMAXPnP - hkey= - key= - C:\Programme\Analog Devices\Core\smax4pnp.exe (Analog Devices, Inc.)
MsConfig - StartUpReg: SunJavaUpdateSched - hkey= - key= - C:\Program Files\Common Files\Java\Java Update\jusched.exe (Sun Microsystems, Inc.)
MsConfig - StartUpReg: WatchDog - hkey= - key= - C:\Programme\InterVideo\DVD Check\DVDCheck.exe (InterVideo Inc.)
MsConfig - State: "startup" - 2
 
SafeBootMin: Base - Driver Group
SafeBootMin: Boot Bus Extender - Driver Group
SafeBootMin: Boot file system - Driver Group
SafeBootMin: File system - Driver Group
SafeBootMin: Filter - Driver Group
SafeBootMin: HelpSvc - Service
SafeBootMin: NTDS -  File not found
SafeBootMin: PCI Configuration - Driver Group
SafeBootMin: PNP Filter - Driver Group
SafeBootMin: Primary disk - Driver Group
SafeBootMin: sacsvr - Service
SafeBootMin: SCSI Class - Driver Group
SafeBootMin: System Bus Extender - Driver Group
SafeBootMin: WinDefend - C:\Programme\Windows Defender\MpSvc.dll (Microsoft Corporation)
SafeBootMin: {36FC9E60-C465-11CF-8056-444553540000} - Universal Serial Bus controllers
SafeBootMin: {4D36E965-E325-11CE-BFC1-08002BE10318} - CD-ROM Drive
SafeBootMin: {4D36E967-E325-11CE-BFC1-08002BE10318} - DiskDrive
SafeBootMin: {4D36E969-E325-11CE-BFC1-08002BE10318} - Standard floppy disk controller
SafeBootMin: {4D36E96A-E325-11CE-BFC1-08002BE10318} - Hdc
SafeBootMin: {4D36E96B-E325-11CE-BFC1-08002BE10318} - Keyboard
SafeBootMin: {4D36E96F-E325-11CE-BFC1-08002BE10318} - Mouse
SafeBootMin: {4D36E977-E325-11CE-BFC1-08002BE10318} - PCMCIA Adapters
SafeBootMin: {4D36E97B-E325-11CE-BFC1-08002BE10318} - SCSIAdapter
SafeBootMin: {4D36E97D-E325-11CE-BFC1-08002BE10318} - System
SafeBootMin: {4D36E980-E325-11CE-BFC1-08002BE10318} - Floppy disk drive
SafeBootMin: {533C5B84-EC70-11D2-9505-00C04F79DEAF} - Volume shadow copy
SafeBootMin: {6BDD1FC1-810F-11D0-BEC7-08002BE2092F} - IEEE 1394 Bus host controllers
SafeBootMin: {71A27CDD-812A-11D0-BEC7-08002BE2092F} - Volume
SafeBootMin: {745A17A0-74D3-11D0-B6FE-00A0C90F57DA} - Human Interface Devices
SafeBootMin: {D48179BE-EC20-11D1-B6B8-00C04FA372A7} - SBP2 IEEE 1394 Devices
SafeBootMin: {D94EE5D8-D189-4994-83D2-F68D7D41B0E6} - SecurityDevices
 
SafeBootNet: Base - Driver Group
SafeBootNet: Boot Bus Extender - Driver Group
SafeBootNet: Boot file system - Driver Group
SafeBootNet: File system - Driver Group
SafeBootNet: Filter - Driver Group
SafeBootNet: HelpSvc - Service
SafeBootNet: Messenger - Service
SafeBootNet: NDIS Wrapper - Driver Group
SafeBootNet: NetBIOSGroup - Driver Group
SafeBootNet: NetDDEGroup - Driver Group
SafeBootNet: Network - Driver Group
SafeBootNet: NetworkProvider - Driver Group
SafeBootNet: NTDS -  File not found
SafeBootNet: PCI Configuration - Driver Group
SafeBootNet: PNP Filter - Driver Group
SafeBootNet: PNP_TDI - Driver Group
SafeBootNet: Primary disk - Driver Group
SafeBootNet: rdsessmgr - Service
SafeBootNet: sacsvr - Service
SafeBootNet: SCSI Class - Driver Group
SafeBootNet: Streams Drivers - Driver Group
SafeBootNet: System Bus Extender - Driver Group
SafeBootNet: TDI - Driver Group
SafeBootNet: WinDefend - C:\Programme\Windows Defender\MpSvc.dll (Microsoft Corporation)
SafeBootNet: WudfPf - Driver
SafeBootNet: WudfUsbccidDriver - Driver
SafeBootNet: {36FC9E60-C465-11CF-8056-444553540000} - Universal Serial Bus controllers
SafeBootNet: {4D36E965-E325-11CE-BFC1-08002BE10318} - CD-ROM Drive
SafeBootNet: {4D36E967-E325-11CE-BFC1-08002BE10318} - DiskDrive
SafeBootNet: {4D36E969-E325-11CE-BFC1-08002BE10318} - Standard floppy disk controller
SafeBootNet: {4D36E96A-E325-11CE-BFC1-08002BE10318} - Hdc
SafeBootNet: {4D36E96B-E325-11CE-BFC1-08002BE10318} - Keyboard
SafeBootNet: {4D36E96F-E325-11CE-BFC1-08002BE10318} - Mouse
SafeBootNet: {4D36E972-E325-11CE-BFC1-08002BE10318} - Net
SafeBootNet: {4D36E973-E325-11CE-BFC1-08002BE10318} - NetClient
SafeBootNet: {4D36E974-E325-11CE-BFC1-08002BE10318} - NetService
SafeBootNet: {4D36E975-E325-11CE-BFC1-08002BE10318} - NetTrans
SafeBootNet: {4D36E977-E325-11CE-BFC1-08002BE10318} - PCMCIA Adapters
SafeBootNet: {4D36E97B-E325-11CE-BFC1-08002BE10318} - SCSIAdapter
SafeBootNet: {4D36E97D-E325-11CE-BFC1-08002BE10318} - System
SafeBootNet: {4D36E980-E325-11CE-BFC1-08002BE10318} - Floppy disk drive
SafeBootNet: {50DD5230-BA8A-11D1-BF5D-0000F805F530} - Smart card readers
SafeBootNet: {533C5B84-EC70-11D2-9505-00C04F79DEAF} - Volume shadow copy
SafeBootNet: {6BDD1FC1-810F-11D0-BEC7-08002BE2092F} - IEEE 1394 Bus host controllers
SafeBootNet: {71A27CDD-812A-11D0-BEC7-08002BE2092F} - Volume
SafeBootNet: {745A17A0-74D3-11D0-B6FE-00A0C90F57DA} - Human Interface Devices
SafeBootNet: {D48179BE-EC20-11D1-B6B8-00C04FA372A7} - SBP2 IEEE 1394 Devices
SafeBootNet: {D94EE5D8-D189-4994-83D2-F68D7D41B0E6} - SecurityDevices
 
ActiveX: {0213C6AF-5562-4D09-884C-2ADCFC8C2F35} - Microsoft .NET Framework 1.1 Security Update (KB2656353)
ActiveX: {08B0E5C0-4FCB-11CF-AAA5-00401C608500} - Java (Sun)
ActiveX: {10880D85-AAD9-4558-ABDC-2AB1552D831F} - "C:\Program Files\Common Files\LightScribe\LSRunOnce.exe"
ActiveX: {1897C549-AE52-4571-8996-44854F5612B2} - Microsoft .NET Framework 1.1 Security Update (KB2656370)
ActiveX: {2179C5D3-EBFF-11CF-B6FD-00AA00B4E220} - 
ActiveX: {22d6f312-b0f6-11d0-94ab-0080c74c7e95} - Microsoft Windows Media Player 11.0
ActiveX: {25FFAAD0-F4A3-4164-95FF-4461E9F35D51} - .NET Framework
ActiveX: {2A3320D6-C805-4280-B423-B665BDE33D8F} - Microsoft .NET Framework 1.1 Security Update (KB979906)
ActiveX: {2C7339CF-2B09-4501-B3F3-F3508C9228ED} - %SystemRoot%\system32\regsvr32.exe /s /n /i:/UserInstall %SystemRoot%\system32\themeui.dll
ActiveX: {3af36230-a269-11d1-b5bf-0000f8051515} - Offline Browsing Pack
ActiveX: {3C3901C5-3455-3E0A-A214-0B093A5070A6} - .NET Framework
ActiveX: {411EDCF7-755D-414E-A74B-3DCD6583F589} - Microsoft .NET Framework 1.1 Service Pack 1 (KB867460)
ActiveX: {44BBA840-CC51-11CF-AAFA-00AA00B6015C} - "%ProgramFiles%\Windows Mail\WinMail.exe" OCInstallUserConfigOE
ActiveX: {44BBA848-CC51-11CF-AAFA-00AA00B6015C} - 
ActiveX: {44BBA855-CC51-11CF-AAFA-00AA00B6015F} - DirectDrawEx
ActiveX: {45ea75a0-a269-11d1-b5bf-0000f8051515} - Internet Explorer Help
ActiveX: {4f645220-306d-11d2-995d-00c04f98bbc9} - Microsoft Windows Script 5.8
ActiveX: {5fd399c0-a70a-11d1-9948-00c04f98bbc9} - Internet Explorer Setup Tools
ActiveX: {630b1da0-b465-11d1-9948-00c04f98bbc9} - Browsing Enhancements
ActiveX: {6BF52A52-394A-11d3-B153-00C04F79FAA6} - Microsoft Windows Media Player
ActiveX: {6fab99d0-bab8-11d1-994a-00c04f98bbc9} - MSN Site Access
ActiveX: {7790769C-0471-11d2-AF11-00C04FA35D02} - Address Book 7
ActiveX: {7C028AF8-F614-47B3-82DA-BA94E41B1089} - .NET Framework
ActiveX: {89820200-ECBD-11cf-8B85-00AA005B4340} - regsvr32.exe /s /n /i:U shell32.dll
ActiveX: {89820200-ECBD-11cf-8B85-00AA005B4383} - C:\Windows\system32\ie4uinit.exe -BaseSettings
ActiveX: {89B4C1CD-B018-4511-B0A1-5476DBF70820} - C:\Windows\system32\Rundll32.exe C:\Windows\system32\mscories.dll,Install
ActiveX: {9381D8F2-0288-11D0-9501-00AA00B911A5} - Dynamic HTML Data Binding
ActiveX: {C9E9A340-D1F1-11D0-821E-444553540600} - Internet Explorer Core Fonts
ActiveX: {CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1} - .NET Framework
ActiveX: {CDD7975E-60F8-41d5-8149-19E51D6F71D0} - Windows Movie Maker v2.1
ActiveX: {D27CDB6E-AE6D-11CF-96B8-444553540000} - Adobe Flash Player
ActiveX: {de5aed00-a4bf-11d1-9948-00c04f98bbc9} - HTML Help
ActiveX: {E78BFA60-5393-4C38-82AB-E8019E464EB4} - .NET Framework
ActiveX: {E92B03AB-B707-11d2-9CBD-0000F87A369E} - Active Directory Service Interface
ActiveX: >{22d6f312-b0f6-11d0-94ab-0080c74c7e95} - C:\Windows\system32\unregmp2.exe /HideWMP
ActiveX: >{26923b43-4d38-484f-9b9e-de460746276c} - C:\Windows\system32\ie4uinit.exe -UserIconConfig
ActiveX: >{60B49E34-C7CC-11D0-8953-00A0C90347FF} - "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\iedkcs32.dll",BrandIEActiveSetup SIGNUP
 
Drivers32: msacm.l3acm - C:\Windows\System32\l3codeca.acm (Fraunhofer Institut Integrierte Schaltungen IIS)
Drivers32: MSVideo - C:\Windows\System32\vfwwdm32.dll (Microsoft Corporation)
Drivers32: MSVideo8 - C:\Windows\System32\vfwwdm32.dll (Microsoft Corporation)
Drivers32: vidc.cvid - C:\Windows\System32\iccvid.dll (Radius Inc.)
Drivers32: vidc.DIVX - C:\Windows\System32\DivX.dll (DivX, Inc.)
Drivers32: VIDC.I420 - C:\Windows\System32\lvcodec2.dll (Logitech Inc.)
Drivers32: vidc.yv12 - C:\Windows\System32\DivX.dll (DivX, Inc.)
 
CREATERESTOREPOINT
Restore point Set: OTL Restore Point
 
========== Files/Folders - Created Within 30 Days ==========
 
[2012.10.14 21:44:04 | 000,000,000 | ---D | C] -- C:\Users\Roman\Desktop\Uni Sport FFM
[2012.10.13 15:10:19 | 000,000,000 | ---D | C] -- C:\Program Files\Mozilla Firefox
[2012.10.12 13:29:36 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\PDFCreator
[2012.10.12 13:29:28 | 000,081,920 | ---- | C] (pdfforge GbR) -- C:\Windows\System32\pdfcmon.dll
[2012.10.03 17:48:48 | 000,000,000 | ---D | C] -- C:\Users\Roman\Documents\Villa Andreae-Dateien
[2012.09.21 14:19:05 | 000,000,000 | ---D | C] -- C:\Users\Roman\AppData\Roaming\elsterformular
[2012.09.21 14:17:53 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\ElsterFormular
[2012.09.21 14:17:53 | 000,000,000 | ---D | C] -- C:\ProgramData\elsterformular
[2012.09.21 14:17:34 | 000,000,000 | ---D | C] -- C:\Program Files\ElsterFormular
[2012.09.19 21:32:10 | 000,000,000 | ---D | C] -- C:\Windows\QLB
 
========== Files - Modified Within 30 Days ==========
 
[2012.10.15 20:13:00 | 000,000,884 | ---- | M] () -- C:\Windows\tasks\Adobe Flash Player Updater.job
[2012.10.15 19:25:00 | 000,001,120 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-3045474442-3283016014-914664241-1006UA.job
[2012.10.15 19:25:00 | 000,001,096 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job
[2012.10.15 18:21:34 | 000,003,168 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0
[2012.10.15 18:21:34 | 000,003,168 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0
[2012.10.15 14:22:17 | 000,001,092 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job
[2012.10.15 14:21:32 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2012.10.15 14:21:25 | 2138,365,952 | -HS- | M] () -- C:\hiberfil.sys
[2012.10.15 14:18:56 | 000,000,012 | ---- | M] () -- C:\Windows\bthservsdp.dat
[2012.10.13 20:25:00 | 000,001,068 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-3045474442-3283016014-914664241-1006Core.job
[2012.10.12 13:34:06 | 000,051,718 | ---- | M] () -- C:\Users\Roman\Documents\Studienbescheinigung FFM_WS 2012.pdf
[2012.10.12 13:19:37 | 001,358,815 | ---- | M] () -- C:\Users\Roman\Documents\Studienbescheinigung FFM_WS 2012.jpg
[2012.10.03 17:48:59 | 000,195,120 | ---- | M] () -- C:\Users\Roman\Documents\Villa Andreae.htm
[2012.10.02 18:23:15 | 000,695,968 | ---- | M] () -- C:\Windows\System32\perfh007.dat
[2012.10.02 18:23:15 | 000,651,282 | ---- | M] () -- C:\Windows\System32\perfh009.dat
[2012.10.02 18:23:15 | 000,154,444 | ---- | M] () -- C:\Windows\System32\perfc007.dat
[2012.10.02 18:23:15 | 000,125,532 | ---- | M] () -- C:\Windows\System32\perfc009.dat
[2012.09.21 14:17:55 | 000,001,022 | ---- | M] () -- C:\Users\Public\Desktop\ElsterFormular.lnk
[2012.09.21 12:00:45 | 000,008,798 | ---- | M] () -- C:\Windows\System32\icrav03.rat
[2012.09.21 12:00:45 | 000,001,988 | ---- | M] () -- C:\Windows\System32\ticrf.rat
[2012.09.21 12:00:33 | 000,072,822 | ---- | M] () -- C:\Windows\System32\ieuinit.inf
 
========== Files Created - No Company Name ==========
 
[2012.10.12 13:32:00 | 000,051,718 | ---- | C] () -- C:\Users\Roman\Documents\Studienbescheinigung FFM_WS 2012.pdf
[2012.10.12 13:19:36 | 001,358,815 | ---- | C] () -- C:\Users\Roman\Documents\Studienbescheinigung FFM_WS 2012.jpg
[2012.10.03 17:48:48 | 000,195,120 | ---- | C] () -- C:\Users\Roman\Documents\Villa Andreae.htm
[2012.09.21 14:17:55 | 000,001,022 | ---- | C] () -- C:\Users\Public\Desktop\ElsterFormular.lnk
[2012.09.21 12:00:33 | 000,072,822 | ---- | C] () -- C:\Windows\System32\ieuinit.inf
[2012.08.02 14:19:21 | 000,000,218 | ---- | C] () -- C:\Users\Roman\.recently-used.xbel
[2012.08.02 14:19:18 | 000,000,314 | ---- | C] () -- C:\Users\Roman\AppData\Roaming\psppirerc
[2012.03.26 23:22:05 | 000,000,093 | ---- | C] () -- C:\Users\Roman\AppData\Local\fusioncache.dat
[2012.03.26 23:22:00 | 000,138,752 | ---- | C] () -- C:\Windows\System32\MASE32.DLL
[2012.03.26 23:22:00 | 000,057,856 | ---- | C] () -- C:\Windows\System32\MASD32.DLL
[2012.03.26 23:21:59 | 000,196,096 | ---- | C] () -- C:\Windows\System32\MACD32.DLL
[2012.03.26 23:21:59 | 000,136,192 | ---- | C] () -- C:\Windows\System32\MAMC32.DLL
[2012.03.26 23:21:59 | 000,027,648 | ---- | C] () -- C:\Windows\System32\MA32.DLL
[2011.11.06 22:08:42 | 000,278,386 | ---- | C] () -- C:\Users\Roman\AppData\Local\census.cache
[2011.11.06 22:08:14 | 000,201,735 | ---- | C] () -- C:\Users\Roman\AppData\Local\ars.cache
[2011.11.06 21:57:45 | 000,000,036 | ---- | C] () -- C:\Users\Roman\AppData\Local\housecall.guid.cache
[2011.10.18 21:19:07 | 000,116,224 | ---- | C] () -- C:\Windows\System32\pdfcmnnt.dll
[2011.01.06 22:59:20 | 000,078,210 | ---- | C] () -- C:\Windows\hpqins05.dat
[2011.01.06 15:15:07 | 000,214,743 | ---- | C] () -- C:\Windows\hpwins23.dat
[2010.01.18 21:49:03 | 000,024,206 | ---- | C] () -- C:\Users\Roman\AppData\Roaming\UserTile.png
[2009.12.29 14:42:28 | 000,000,056 | -H-- | C] () -- C:\ProgramData\ezsidmv.dat
[2008.12.18 16:56:53 | 000,000,680 | ---- | C] () -- C:\Users\Roman\AppData\Local\d3d9caps.dat
[2008.08.31 23:15:11 | 000,038,442 | ---- | C] () -- C:\Users\Roman\AppData\Roaming\Tabulatorgetrennte Werte (Windows).ADR
[2008.08.31 21:23:24 | 000,038,437 | ---- | C] () -- C:\Users\Roman\AppData\Roaming\Kommagetrennte Werte (Windows).ADR
[2008.08.28 20:20:29 | 000,000,466 | RHS- | C] () -- C:\ProgramData\ntuser.pol
[2008.08.27 20:07:43 | 000,211,968 | ---- | C] () -- C:\Users\Roman\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2008.08.25 22:13:44 | 000,001,074 | RH-- | C] () -- C:\Users\Roman\XrxWm.ini
[2008.08.25 22:13:44 | 000,000,522 | RH-- | C] () -- C:\Users\Roman\xw45cpdy.dyc
 
========== ZeroAccess Check ==========
 
[2006.11.02 14:54:18 | 000,000,227 | RHS- | M] () -- C:\Windows\assembly\Desktop.ini
 
[HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
 
[HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32]
 
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
"" = %SystemRoot%\system32\shell32.dll -- [2012.06.08 19:47:00 | 011,586,048 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment
 
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32]
"" = %systemroot%\system32\wbem\fastprox.dll -- [2009.04.11 08:28:19 | 000,614,912 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free
 
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32]
"" = %systemroot%\system32\wbem\wbemess.dll -- [2009.04.11 08:28:25 | 000,347,648 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Both
 
========== LOP Check ==========
 
[2012.10.15 14:24:51 | 000,000,000 | ---D | M] -- C:\Users\Roman\AppData\Roaming\Dropbox
[2012.09.21 14:19:21 | 000,000,000 | ---D | M] -- C:\Users\Roman\AppData\Roaming\elsterformular
[2012.10.15 10:02:25 | 000,000,000 | ---D | M] -- C:\Users\Roman\AppData\Roaming\EndNote
[2011.06.09 09:56:20 | 000,000,000 | ---D | M] -- C:\Users\Roman\AppData\Roaming\FileZilla
[2011.10.18 21:23:34 | 000,000,000 | ---D | M] -- C:\Users\Roman\AppData\Roaming\FreePDF
[2011.09.30 15:30:04 | 000,000,000 | ---D | M] -- C:\Users\Roman\AppData\Roaming\gtk-2.0
[2008.08.22 13:30:21 | 000,000,000 | ---D | M] -- C:\Users\Roman\AppData\Roaming\Hewlett Packard
[2011.02.01 13:46:20 | 000,000,000 | ---D | M] -- C:\Users\Roman\AppData\Roaming\ICAClient
[2009.02.25 00:03:04 | 000,000,000 | ---D | M] -- C:\Users\Roman\AppData\Roaming\InterVideo
[2009.03.17 21:23:37 | 000,000,000 | ---D | M] -- C:\Users\Roman\AppData\Roaming\Leadertech
[2010.12.29 23:04:49 | 000,000,000 | ---D | M] -- C:\Users\Roman\AppData\Roaming\Local
[2010.04.13 11:17:59 | 000,000,000 | ---D | M] -- C:\Users\Roman\AppData\Roaming\M-HTOEFL
[2008.08.31 19:10:27 | 000,000,000 | ---D | M] -- C:\Users\Roman\AppData\Roaming\Nokia
[2008.08.31 19:10:29 | 000,000,000 | ---D | M] -- C:\Users\Roman\AppData\Roaming\PC Suite
[2010.01.18 21:49:03 | 000,000,000 | ---D | M] -- C:\Users\Roman\AppData\Roaming\PeerNetworking
[2012.03.26 23:23:23 | 000,000,000 | ---D | M] -- C:\Users\Roman\AppData\Roaming\Pinnacle
[2011.03.28 13:02:02 | 000,000,000 | ---D | M] -- C:\Users\Roman\AppData\Roaming\QuickScan
[2008.08.27 07:03:52 | 000,000,000 | ---D | M] -- C:\Users\Roman\AppData\Roaming\SampleView
[2011.03.14 23:25:41 | 000,000,000 | ---D | M] -- C:\Users\Roman\AppData\Roaming\TeamViewer
[2010.03.01 13:35:34 | 000,000,000 | ---D | M] -- C:\Users\Roman\AppData\Roaming\Vensim
[2009.11.19 01:09:39 | 000,000,000 | ---D | M] -- C:\Users\Roman\AppData\Roaming\Vensim Demo
 
========== Purity Check ==========
 
 
 
========== Custom Scans ==========
 
< %ALLUSERSPROFILE%\Application Data\*. >
 
< %ALLUSERSPROFILE%\Application Data\*.exe /s >
 
< %APPDATA%\*. >
[2010.12.10 14:42:50 | 000,000,000 | ---D | M] -- C:\Users\Roman\AppData\Roaming\Adobe
[2011.11.22 13:34:51 | 000,000,000 | ---D | M] -- C:\Users\Roman\AppData\Roaming\Avira
[2010.03.22 13:53:41 | 000,000,000 | ---D | M] -- C:\Users\Roman\AppData\Roaming\DivX
[2012.10.15 14:24:51 | 000,000,000 | ---D | M] -- C:\Users\Roman\AppData\Roaming\Dropbox
[2010.11.05 17:49:32 | 000,000,000 | ---D | M] -- C:\Users\Roman\AppData\Roaming\dvdcss
[2012.09.21 14:19:21 | 000,000,000 | ---D | M] -- C:\Users\Roman\AppData\Roaming\elsterformular
[2012.10.15 10:02:25 | 000,000,000 | ---D | M] -- C:\Users\Roman\AppData\Roaming\EndNote
[2011.06.09 09:56:20 | 000,000,000 | ---D | M] -- C:\Users\Roman\AppData\Roaming\FileZilla
[2011.10.18 21:23:34 | 000,000,000 | ---D | M] -- C:\Users\Roman\AppData\Roaming\FreePDF
[2008.12.10 11:11:51 | 000,000,000 | ---D | M] -- C:\Users\Roman\AppData\Roaming\GTek
[2011.09.30 15:30:04 | 000,000,000 | ---D | M] -- C:\Users\Roman\AppData\Roaming\gtk-2.0
[2008.08.22 13:30:21 | 000,000,000 | ---D | M] -- C:\Users\Roman\AppData\Roaming\Hewlett Packard
[2008.12.10 12:33:46 | 000,000,000 | ---D | M] -- C:\Users\Roman\AppData\Roaming\Hewlett-Packard
[2009.12.13 22:59:30 | 000,000,000 | ---D | M] -- C:\Users\Roman\AppData\Roaming\HP
[2011.03.29 20:18:31 | 000,000,000 | ---D | M] -- C:\Users\Roman\AppData\Roaming\HpUpdate
[2011.02.01 13:46:20 | 000,000,000 | ---D | M] -- C:\Users\Roman\AppData\Roaming\ICAClient
[2008.08.22 13:37:48 | 000,000,000 | ---D | M] -- C:\Users\Roman\AppData\Roaming\Identities
[2008.08.22 13:27:02 | 000,000,000 | ---D | M] -- C:\Users\Roman\AppData\Roaming\InstallShield
[2012.03.26 23:19:54 | 000,000,000 | ---D | M] -- C:\Users\Roman\AppData\Roaming\InstallShield Installation Information
[2009.02.25 00:03:04 | 000,000,000 | ---D | M] -- C:\Users\Roman\AppData\Roaming\InterVideo
[2009.03.17 21:23:37 | 000,000,000 | ---D | M] -- C:\Users\Roman\AppData\Roaming\Leadertech
[2010.12.29 23:04:49 | 000,000,000 | ---D | M] -- C:\Users\Roman\AppData\Roaming\Local
[2010.04.13 11:17:59 | 000,000,000 | ---D | M] -- C:\Users\Roman\AppData\Roaming\M-HTOEFL
[2008.08.22 13:37:28 | 000,000,000 | ---D | M] -- C:\Users\Roman\AppData\Roaming\Macromedia
[2009.08.31 09:14:09 | 000,000,000 | ---D | M] -- C:\Users\Roman\AppData\Roaming\Macrovision
[2011.11.07 19:58:45 | 000,000,000 | ---D | M] -- C:\Users\Roman\AppData\Roaming\Malwarebytes
[2011.01.26 00:53:16 | 000,000,000 | --SD | M] -- C:\Users\Roman\AppData\Roaming\Microsoft
[2012.10.12 17:25:08 | 000,000,000 | ---D | M] -- C:\Users\Roman\AppData\Roaming\Mozilla
[2008.08.31 19:10:27 | 000,000,000 | ---D | M] -- C:\Users\Roman\AppData\Roaming\Nokia
[2008.08.31 19:10:29 | 000,000,000 | ---D | M] -- C:\Users\Roman\AppData\Roaming\PC Suite
[2010.01.18 21:49:03 | 000,000,000 | ---D | M] -- C:\Users\Roman\AppData\Roaming\PeerNetworking
[2012.03.26 23:23:23 | 000,000,000 | ---D | M] -- C:\Users\Roman\AppData\Roaming\Pinnacle
[2011.03.28 13:02:02 | 000,000,000 | ---D | M] -- C:\Users\Roman\AppData\Roaming\QuickScan
[2012.03.11 18:25:59 | 000,000,000 | ---D | M] -- C:\Users\Roman\AppData\Roaming\Roxio
[2008.08.27 07:03:52 | 000,000,000 | ---D | M] -- C:\Users\Roman\AppData\Roaming\SampleView
[2012.09.21 13:07:33 | 000,000,000 | ---D | M] -- C:\Users\Roman\AppData\Roaming\Skype
[2010.11.28 17:11:45 | 000,000,000 | ---D | M] -- C:\Users\Roman\AppData\Roaming\skypePM
[2011.03.14 23:25:41 | 000,000,000 | ---D | M] -- C:\Users\Roman\AppData\Roaming\TeamViewer
[2010.03.01 13:35:34 | 000,000,000 | ---D | M] -- C:\Users\Roman\AppData\Roaming\Vensim
[2009.11.19 01:09:39 | 000,000,000 | ---D | M] -- C:\Users\Roman\AppData\Roaming\Vensim Demo
[2012.08.15 16:40:19 | 000,000,000 | ---D | M] -- C:\Users\Roman\AppData\Roaming\vlc
 
< %APPDATA%\*.exe /s >
[2012.05.24 20:39:22 | 027,112,840 | ---- | M] (Dropbox, Inc.) -- C:\Users\Roman\AppData\Roaming\Dropbox\bin\Dropbox.exe
[2012.05.24 20:39:24 | 000,872,144 | ---- | M] (Dropbox, Inc.) -- C:\Users\Roman\AppData\Roaming\Dropbox\bin\DropboxUpdateHelper.exe
[2012.05.24 20:39:56 | 000,177,280 | ---- | M] (Dropbox, Inc.) -- C:\Users\Roman\AppData\Roaming\Dropbox\bin\Uninstall.exe
[2007.02.15 14:32:38 | 000,114,176 | ---- | M] (InstallShield Software Corporation) -- C:\Users\Roman\AppData\Roaming\InstallShield Installation Information\{F38ADCA4-AF7C-4C73-9021-6F1EA15D15EA}\setup.exe
[2011.11.16 17:41:18 | 000,045,126 | R--- | M] () -- C:\Users\Roman\AppData\Roaming\Microsoft\Installer\{A12EA295-32EA-42BB-8442-2C2BE852D4AA}\_00A2B159EC25728DD0F170.exe
[2011.11.16 17:41:18 | 000,045,126 | R--- | M] () -- C:\Users\Roman\AppData\Roaming\Microsoft\Installer\{A12EA295-32EA-42BB-8442-2C2BE852D4AA}\_0F16B68AE7780754B68FFC.exe
[2011.11.16 17:41:18 | 000,045,126 | R--- | M] () -- C:\Users\Roman\AppData\Roaming\Microsoft\Installer\{A12EA295-32EA-42BB-8442-2C2BE852D4AA}\_6FEFF9B68218417F98F549.exe
[2011.01.26 00:53:16 | 000,038,480 | R--- | M] () -- C:\Users\Roman\AppData\Roaming\Microsoft\Installer\{C49067A8-8212-4A82-A4D9-1519701644F0}\ARPICON.80486C74_ABED_4227_AF5C_9B1791CFA89C.exe
[2011.01.26 00:53:16 | 000,038,480 | R--- | M] () -- C:\Users\Roman\AppData\Roaming\Microsoft\Installer\{C49067A8-8212-4A82-A4D9-1519701644F0}\Icon80951CEC.exe.20FBBF0A_A7E5_4BDE_9798_9811C3D135AC.exe
[2011.01.26 00:53:16 | 000,038,480 | R--- | M] () -- C:\Users\Roman\AppData\Roaming\Microsoft\Installer\{C49067A8-8212-4A82-A4D9-1519701644F0}\Icon80951CEC.exe.C76E2E86_AE54_4AF5_997C_63EBB83C7651.exe
[2011.01.26 00:53:16 | 000,026,192 | R--- | M] () -- C:\Users\Roman\AppData\Roaming\Microsoft\Installer\{C49067A8-8212-4A82-A4D9-1519701644F0}\Iconlights.ico.827545C6_7013_4DE1_8E6C_DAEE4C57F54A.exe
 
< %SYSTEMDRIVE%\*.exe >
 
< MD5 for: AGP440.SYS  >
[2008.01.19 09:42:25 | 000,056,376 | ---- | M] (Microsoft Corporation) MD5=13F9E33747E6B41A3FF305C37DB0D360 -- C:\Windows\System32\DriverStore\FileRepository\machine.inf_51b95d75\AGP440.sys
[2008.01.19 09:42:25 | 000,056,376 | ---- | M] (Microsoft Corporation) MD5=13F9E33747E6B41A3FF305C37DB0D360 -- C:\Windows\System32\DriverStore\FileRepository\machine.inf_f750e484\AGP440.sys
[2008.01.19 09:42:25 | 000,056,376 | ---- | M] (Microsoft Corporation) MD5=13F9E33747E6B41A3FF305C37DB0D360 -- C:\Windows\winsxs\x86_machine.inf_31bf3856ad364e35_6.0.6001.18000_none_ba12ed3bbeb0d97a\AGP440.sys
[2008.01.19 09:42:25 | 000,056,376 | ---- | M] (Microsoft Corporation) MD5=13F9E33747E6B41A3FF305C37DB0D360 -- C:\Windows\winsxs\x86_machine.inf_31bf3856ad364e35_6.0.6002.18005_none_bbfe6647bbd2a4c6\AGP440.sys
[2007.12.14 02:32:14 | 000,053,864 | ---- | M] (Microsoft Corporation) MD5=313FF294978EA6AF715722D708FB249F -- C:\Windows\winsxs\x86_machine.inf_31bf3856ad364e35_6.0.6000.20494_none_b858f78adaed51b3\AGP440.sys
[2007.12.14 02:32:15 | 000,053,864 | ---- | M] (Microsoft Corporation) MD5=CE71AFD6738AA025D742CDBCFBDC8B9C -- C:\Windows\System32\DriverStore\FileRepository\machine.inf_f2490cb0\AGP440.sys
[2007.12.14 02:32:15 | 000,053,864 | ---- | M] (Microsoft Corporation) MD5=CE71AFD6738AA025D742CDBCFBDC8B9C -- C:\Windows\winsxs\x86_machine.inf_31bf3856ad364e35_6.0.6000.16399_none_b7d45c31c1cb309c\AGP440.sys
[2006.11.02 11:49:52 | 000,053,864 | ---- | M] (Microsoft Corporation) MD5=EF23439CDD587F64C2C1B8825CEAD7D8 -- C:\Windows\System32\drivers\AGP440.sys
[2006.11.02 11:49:52 | 000,053,864 | ---- | M] (Microsoft Corporation) MD5=EF23439CDD587F64C2C1B8825CEAD7D8 -- C:\Windows\System32\DriverStore\FileRepository\machine.inf_920a2c1f\AGP440.sys
 
< MD5 for: ATAPI.SYS  >
[2009.04.11 08:32:26 | 000,019,944 | ---- | M] (Microsoft Corporation) MD5=1F05B78AB91C9075565A9D8A4B880BC4 -- C:\Windows\System32\drivers\atapi.sys
[2009.04.11 08:32:26 | 000,019,944 | ---- | M] (Microsoft Corporation) MD5=1F05B78AB91C9075565A9D8A4B880BC4 -- C:\Windows\System32\DriverStore\FileRepository\mshdc.inf_b12d8e84\atapi.sys
[2009.04.11 08:32:26 | 000,019,944 | ---- | M] (Microsoft Corporation) MD5=1F05B78AB91C9075565A9D8A4B880BC4 -- C:\Windows\winsxs\x86_mshdc.inf_31bf3856ad364e35_6.0.6002.18005_none_df23a1261eab99e8\atapi.sys
[2008.01.19 09:41:30 | 000,021,560 | ---- | M] (Microsoft Corporation) MD5=2D9C903DC76A66813D350A562DE40ED9 -- C:\Windows\System32\DriverStore\FileRepository\mshdc.inf_cc18792d\atapi.sys
[2008.01.19 09:41:30 | 000,021,560 | ---- | M] (Microsoft Corporation) MD5=2D9C903DC76A66813D350A562DE40ED9 -- C:\Windows\winsxs\x86_mshdc.inf_31bf3856ad364e35_6.0.6001.18000_none_dd38281a2189ce9c\atapi.sys
[2006.11.02 11:49:36 | 000,019,048 | ---- | M] (Microsoft Corporation) MD5=4F4FCB8B6EA06784FB6D475B7EC7300F -- C:\Windows\System32\DriverStore\FileRepository\mshdc.inf_c6c2e699\atapi.sys
[2008.08.22 16:49:51 | 000,021,560 | ---- | M] (Microsoft Corporation) MD5=B35CFCEF838382AB6490B321C87EDF17 -- C:\Windows\System32\DriverStore\FileRepository\mshdc.inf_7de13c21\atapi.sys
[2008.08.22 16:49:51 | 000,021,560 | ---- | M] (Microsoft Corporation) MD5=B35CFCEF838382AB6490B321C87EDF17 -- C:\Windows\winsxs\x86_mshdc.inf_31bf3856ad364e35_6.0.6000.16632_none_db337a442479c42c\atapi.sys
[2008.08.22 16:49:50 | 000,021,560 | ---- | M] (Microsoft Corporation) MD5=E03E8C99D15D0381E02743C36AFC7C6F -- C:\Windows\winsxs\x86_mshdc.inf_31bf3856ad364e35_6.0.6000.20757_none_dbac78a93da31a8b\atapi.sys
 
< MD5 for: CNGAUDIT.DLL  >
[2006.11.02 11:46:03 | 000,011,776 | ---- | M] (Microsoft Corporation) MD5=7F15B4953378C8B5161D65C26D5FED4D -- C:\Windows\System32\cngaudit.dll
[2006.11.02 11:46:03 | 000,011,776 | ---- | M] (Microsoft Corporation) MD5=7F15B4953378C8B5161D65C26D5FED4D -- C:\Windows\winsxs\x86_microsoft-windows-cngaudit-dll_31bf3856ad364e35_6.0.6000.16386_none_e62d292932a96ce6\cngaudit.dll
 
< MD5 for: IASTOR.SYS  >
[2007.03.21 14:58:56 | 000,304,920 | ---- | M] (Intel Corporation) MD5=997E8F5939F2D12CD9F2E6B395724C16 -- C:\SwSetup\Drivers\32\HDD\iastor.sys
[2007.03.21 14:58:56 | 000,304,920 | ---- | M] (Intel Corporation) MD5=997E8F5939F2D12CD9F2E6B395724C16 -- C:\Windows\System32\drivers\iaStor.sys
[2007.03.21 14:58:56 | 000,304,920 | ---- | M] (Intel Corporation) MD5=997E8F5939F2D12CD9F2E6B395724C16 -- C:\Windows\System32\DriverStore\FileRepository\iaahci.inf_3a63e5a6\iaStor.sys
[2007.03.21 14:58:56 | 000,304,920 | ---- | M] (Intel Corporation) MD5=997E8F5939F2D12CD9F2E6B395724C16 -- C:\Windows\System32\DriverStore\FileRepository\iastor.inf_5f6e7be5\iaStor.sys
 
< MD5 for: IASTORV.SYS  >
[2008.01.19 09:42:51 | 000,235,064 | ---- | M] (Intel Corporation) MD5=54155EA1B0DF185878E0FC9EC3AC3A14 -- C:\Windows\System32\DriverStore\FileRepository\iastorv.inf_c9df7691\iaStorV.sys
[2008.01.19 09:42:51 | 000,235,064 | ---- | M] (Intel Corporation) MD5=54155EA1B0DF185878E0FC9EC3AC3A14 -- C:\Windows\winsxs\x86_iastorv.inf_31bf3856ad364e35_6.0.6001.18000_none_af11527887c7fa8f\iaStorV.sys
[2006.11.02 11:51:25 | 000,232,040 | ---- | M] (Intel Corporation) MD5=C957BF4B5D80B46C5017BF0101E6C906 -- C:\Windows\System32\drivers\iaStorV.sys
[2006.11.02 11:51:25 | 000,232,040 | ---- | M] (Intel Corporation) MD5=C957BF4B5D80B46C5017BF0101E6C906 -- C:\Windows\System32\DriverStore\FileRepository\iastorv.inf_37cdafa4\iaStorV.sys
 
< MD5 for: NETLOGON.DLL  >
[2006.11.02 11:46:11 | 000,559,616 | ---- | M] (Microsoft Corporation) MD5=889A2C9F2AACCD8F64EF50AC0B3D553B -- C:\Windows\winsxs\x86_microsoft-windows-security-netlogon_31bf3856ad364e35_6.0.6000.16386_none_fb80f5473b0ed783\netlogon.dll
[2009.04.11 08:28:23 | 000,592,896 | ---- | M] (Microsoft Corporation) MD5=95DAECF0FB120A7B5DA679CC54E37DDE -- C:\Windows\System32\netlogon.dll
[2009.04.11 08:28:23 | 000,592,896 | ---- | M] (Microsoft Corporation) MD5=95DAECF0FB120A7B5DA679CC54E37DDE -- C:\Windows\winsxs\x86_microsoft-windows-security-netlogon_31bf3856ad364e35_6.0.6002.18005_none_ffa3304f351bb3a3\netlogon.dll
[2008.01.19 09:35:36 | 000,592,384 | ---- | M] (Microsoft Corporation) MD5=A8EFC0B6E75B789F7FD3BA5025D4E37F -- C:\Windows\winsxs\x86_microsoft-windows-security-netlogon_31bf3856ad364e35_6.0.6001.18000_none_fdb7b74337f9e857\netlogon.dll
 
< MD5 for: NVSTOR.SYS  >
[2006.11.02 11:50:13 | 000,040,040 | ---- | M] (NVIDIA Corporation) MD5=9E0BA19A28C498A6D323D065DB76DFFC -- C:\Windows\System32\drivers\nvstor.sys
[2006.11.02 11:50:13 | 000,040,040 | ---- | M] (NVIDIA Corporation) MD5=9E0BA19A28C498A6D323D065DB76DFFC -- C:\Windows\System32\DriverStore\FileRepository\nvraid.inf_733654ff\nvstor.sys
[2008.01.19 09:42:09 | 000,045,112 | ---- | M] (NVIDIA Corporation) MD5=ABED0C09758D1D97DB0042DBB2688177 -- C:\Windows\System32\DriverStore\FileRepository\nvraid.inf_31c3d71d\nvstor.sys
[2008.01.19 09:42:09 | 000,045,112 | ---- | M] (NVIDIA Corporation) MD5=ABED0C09758D1D97DB0042DBB2688177 -- C:\Windows\winsxs\x86_nvraid.inf_31bf3856ad364e35_6.0.6001.18000_none_39dac327befea467\nvstor.sys
 
< MD5 for: SCECLI.DLL  >
[2008.01.19 09:36:19 | 000,177,152 | ---- | M] (Microsoft Corporation) MD5=28B84EB538F7E8A0FE8B9299D591E0B9 -- C:\Windows\winsxs\x86_microsoft-windows-s..urationengineclient_31bf3856ad364e35_6.0.6001.18000_none_380de25bd91b6f12\scecli.dll
[2006.11.02 11:46:12 | 000,176,640 | ---- | M] (Microsoft Corporation) MD5=80E2839D05CA5970A86D7BE2A08BFF61 -- C:\Windows\winsxs\x86_microsoft-windows-s..urationengineclient_31bf3856ad364e35_6.0.6000.16386_none_35d7205fdc305e3e\scecli.dll
[2009.04.11 08:28:24 | 000,177,152 | ---- | M] (Microsoft Corporation) MD5=8FC182167381E9915651267044105EE1 -- C:\Windows\System32\scecli.dll
[2009.04.11 08:28:24 | 000,177,152 | ---- | M] (Microsoft Corporation) MD5=8FC182167381E9915651267044105EE1 -- C:\Windows\winsxs\x86_microsoft-windows-s..urationengineclient_31bf3856ad364e35_6.0.6002.18005_none_39f95b67d63d3a5e\scecli.dll
 
< MD5 for: USER32.DLL  >
[2007.12.14 10:42:15 | 000,633,856 | ---- | M] (Microsoft Corporation) MD5=63B4F59D7C89B1BF5277F1FFEFD491CD -- C:\Windows\winsxs\x86_microsoft-windows-user32_31bf3856ad364e35_6.0.6000.16438_none_cb39bc5b7047127e\user32.dll
[2007.12.14 10:42:15 | 000,633,856 | ---- | M] (Microsoft Corporation) MD5=9D9F061EDA75425FC67F0365E3467C86 -- C:\Windows\winsxs\x86_microsoft-windows-user32_31bf3856ad364e35_6.0.6000.20537_none_cbc258dc896598f1\user32.dll
[2008.01.19 09:36:46 | 000,627,200 | ---- | M] (Microsoft Corporation) MD5=B974D9F06DC7D1908E825DC201681269 -- C:\Windows\winsxs\x86_microsoft-windows-user32_31bf3856ad364e35_6.0.6001.18000_none_cd386c416d5c7f32\user32.dll
[2006.11.02 11:46:13 | 000,633,856 | ---- | M] (Microsoft Corporation) MD5=E698A5437B89A285ACA3FF022356810A -- C:\Windows\winsxs\x86_microsoft-windows-user32_31bf3856ad364e35_6.0.6000.16386_none_cb01aa4570716e5e\user32.dll
[2009.04.11 08:28:25 | 000,627,712 | ---- | M] (Microsoft Corporation) Unable to obtain MD5 -- C:\Windows\System32\user32.dll
[2009.04.11 08:28:25 | 000,627,712 | ---- | M] (Microsoft Corporation) Unable to obtain MD5 -- C:\Windows\winsxs\x86_microsoft-windows-user32_31bf3856ad364e35_6.0.6002.18005_none_cf23e54d6a7e4a7e\user32.dll
 
< MD5 for: USERINIT.EXE  >
[2008.01.19 09:33:33 | 000,025,088 | ---- | M] (Microsoft Corporation) MD5=0E135526E9785D085BCD9AEDE6FBCBF9 -- C:\Windows\System32\userinit.exe
[2008.01.19 09:33:33 | 000,025,088 | ---- | M] (Microsoft Corporation) MD5=0E135526E9785D085BCD9AEDE6FBCBF9 -- C:\Windows\winsxs\x86_microsoft-windows-userinit_31bf3856ad364e35_6.0.6001.18000_none_dc28ba15d1aff80b\userinit.exe
[2006.11.02 11:45:50 | 000,024,576 | ---- | M] (Microsoft Corporation) MD5=22027835939F86C3E47AD8E3FBDE3D11 -- C:\Windows\winsxs\x86_microsoft-windows-userinit_31bf3856ad364e35_6.0.6000.16386_none_d9f1f819d4c4e737\userinit.exe
 
< MD5 for: WININIT.EXE  >
[2008.01.19 09:33:37 | 000,096,768 | ---- | M] (Microsoft Corporation) MD5=101BA3EA053480BB5D957EF37C06B5ED -- C:\Windows\System32\wininit.exe
[2008.01.19 09:33:37 | 000,096,768 | ---- | M] (Microsoft Corporation) MD5=101BA3EA053480BB5D957EF37C06B5ED -- C:\Windows\winsxs\x86_microsoft-windows-wininit_31bf3856ad364e35_6.0.6001.18000_none_30f2b8cf0450a6a2\wininit.exe
[2006.11.02 11:45:57 | 000,095,744 | ---- | M] (Microsoft Corporation) MD5=D4385B03E8CCCEE6F0EE249F827C1F3E -- C:\Windows\winsxs\x86_microsoft-windows-wininit_31bf3856ad364e35_6.0.6000.16386_none_2ebbf6d3076595ce\wininit.exe
 
< MD5 for: WINLOGON.EXE  >
[2012.09.07 17:04:42 | 000,218,696 | ---- | M] () MD5=4E0D8C9F83B7FD82393F7D8CCC27E7AE -- C:\Program Files\Malwarebytes' Anti-Malware\Chameleon\winlogon.exe
[2009.04.11 08:28:13 | 000,314,368 | ---- | M] (Microsoft Corporation) MD5=898E7C06A350D4A1A64A9EA264D55452 -- C:\Windows\System32\winlogon.exe
[2009.04.11 08:28:13 | 000,314,368 | ---- | M] (Microsoft Corporation) MD5=898E7C06A350D4A1A64A9EA264D55452 -- C:\Windows\winsxs\x86_microsoft-windows-winlogon_31bf3856ad364e35_6.0.6002.18005_none_71ae7a22d2134741\winlogon.exe
[2006.11.02 11:45:57 | 000,308,224 | ---- | M] (Microsoft Corporation) MD5=9F75392B9128A91ABAFB044EA350BAAD -- C:\Windows\winsxs\x86_microsoft-windows-winlogon_31bf3856ad364e35_6.0.6000.16386_none_6d8c3f1ad8066b21\winlogon.exe
[2008.01.19 09:33:37 | 000,314,880 | ---- | M] (Microsoft Corporation) MD5=C2610B6BDBEFC053BBDAB4F1B965CB24 -- C:\Windows\winsxs\x86_microsoft-windows-winlogon_31bf3856ad364e35_6.0.6001.18000_none_6fc30116d4f17bf5\winlogon.exe
 
< MD5 for: WS2IFSL.SYS  >
[2006.11.02 10:58:26 | 000,015,872 | ---- | M] (Microsoft Corporation) MD5=84620AECDCFD2A7A14E6263927D8C0ED -- C:\Windows\winsxs\x86_microsoft-windows-w..rastructure-ws2ifsl_31bf3856ad364e35_6.0.6000.16386_none_4d4fded8cae2956d\ws2ifsl.sys
[2008.01.19 07:56:49 | 000,015,872 | ---- | M] (Microsoft Corporation) MD5=E3A3CB253C0EC2494D4A61F5E43A389C -- C:\Windows\System32\drivers\ws2ifsl.sys
[2008.01.19 07:56:49 | 000,015,872 | ---- | M] (Microsoft Corporation) MD5=E3A3CB253C0EC2494D4A61F5E43A389C -- C:\Windows\winsxs\x86_microsoft-windows-w..rastructure-ws2ifsl_31bf3856ad364e35_6.0.6001.18000_none_4f86a0d4c7cda641\ws2ifsl.sys
 
< %systemroot%\system32\drivers\*.sys /lockedfiles >
 
< %systemroot%\System32\config\*.sav >
[2006.11.02 12:34:05 | 000,008,192 | ---- | M] () -- C:\Windows\System32\config\COMPONENTS.SAV
[2006.11.02 12:34:05 | 000,020,480 | ---- | M] () -- C:\Windows\System32\config\DEFAULT.SAV
[2006.11.02 12:34:05 | 000,008,192 | ---- | M] () -- C:\Windows\System32\config\SECURITY.SAV
[2006.11.02 12:34:08 | 010,133,504 | ---- | M] () -- C:\Windows\System32\config\SOFTWARE.SAV
[2006.11.02 12:34:08 | 001,826,816 | ---- | M] () -- C:\Windows\System32\config\SYSTEM.SAV
 
< %systemroot%\*. /mp /s >
 
< %systemroot%\system32\*.dll /lockedfiles >
[2012.09.21 12:00:33 | 000,353,792 | ---- | M] (Microsoft Corporation) Unable to obtain MD5 -- C:\Windows\system32\dxtmsft.dll
[2012.09.21 12:00:33 | 000,223,232 | ---- | M] (Microsoft Corporation) Unable to obtain MD5 -- C:\Windows\system32\dxtrans.dll
[2008.01.19 09:34:21 | 000,403,968 | ---- | M] (Microsoft Corporation) Unable to obtain MD5 -- C:\Windows\system32\FirewallAPI.dll
 
<           >
[2006.11.02 15:01:23 | 000,000,006 | -H-- | C] () -- C:\Windows\Tasks\SA.DAT
[2006.11.02 15:01:23 | 000,032,534 | ---- | C] () -- C:\Windows\Tasks\SCHEDLGU.TXT
[2008.08.22 17:16:07 | 000,000,418 | -H-- | C] () -- C:\Windows\Tasks\User_Feed_Synchronization-{CC3E9DAD-3CAE-4881-A6FF-68E7ACDA3A43}.job
[2009.11.30 22:19:22 | 000,001,092 | ---- | C] () -- C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
[2009.11.30 22:19:23 | 000,001,096 | ---- | C] () -- C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
[2010.07.15 22:06:29 | 000,001,068 | ---- | C] () -- C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-3045474442-3283016014-914664241-1006Core.job
[2010.07.15 22:06:30 | 000,001,120 | ---- | C] () -- C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-3045474442-3283016014-914664241-1006UA.job
[2012.04.12 15:45:56 | 000,000,884 | ---- | C] () -- C:\Windows\Tasks\Adobe Flash Player Updater.job

< End of report >
         


Neue Erkenntnisse? What's next?


Danke und auf Bald!

Alt 16.10.2012, 11:33   #32
cosinus
/// Winkelfunktion
/// TB-Süch-Tiger™
 
Security Shield Befall - Standard

Security Shield Befall



DU musst hier nicht bei jedem Post nachfragen wie es weitergeht! Ich poste schon etwas nachdem ich das Log gesehen habe

Mach einen OTL-Fix, beende dazu alle evtl. geöffneten Programme, auch Virenscanner deaktivieren (!), starte OTL und kopiere folgenden Text in die "Custom Scan/Fixes" Box (unten in OTL): (das ":OTL" muss mitkopiert werden!!!)

Code:
ATTFilter
:OTL
O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - No CLSID value found.
O4 - HKLM..\Run: []  File not found
:Files
C:\Users\Roman\XrxWm.ini
C:\Users\Roman\xw45cpdy.dyc
ipconfig /flushdns /c
:Commands
[purity]
[emptytemp]
[resethosts]
         
Klick dann oben links auf den Button Fix!
Das Logfile müsste geöffnet werden, wenn Du nach dem Fixen auf ok klickst, poste das bitte. Evtl. wird der Rechner neu gestartet.

Die mit diesem Script gefixten Einträge, Dateien und Ordner werden zur Sicherheit nicht vollständig gelöscht, es wird eine Sicherheitskopie auf der Systempartition im Ordner "_OTL" erstellt.

Hinweis: Das obige Script ist nur für diesen einen User in dieser Situtation erstellt worden. Es ist auf keinen anderen Rechner portierbar und darf nicht anderweitig verwandt werden, da es das System nachhaltig schädigen kann!
__________________

__________________

Alt 16.10.2012, 13:45   #33
Seprom
 
Security Shield Befall - Standard

Security Shield Befall



Meine wiederholten Äußerungen hinsichtlich des weiteren Verfahrens sind mir auch schon aufgestoßen. Ich habe dies aber schlicht als eine Geste der Höflichkeit angesehen und empfand es als deutlich besser, als eben nichts zu schreiben. In jedem Fall aber kann ich der "neuen Effizienz" Vorteile abgewinnen und will das nun so, wie von Dir vorgeschlagen handhaben. In jedem Fall guter Einwurf!

Code:
ATTFilter
All processes killed
========== OTL ==========
Registry key HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{5C255C8A-E604-49b4-9D64-90988571CECB}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{5C255C8A-E604-49b4-9D64-90988571CECB}\ not found.
Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run\\ deleted successfully.
========== FILES ==========
C:\Users\Roman\XrxWm.ini moved successfully.
C:\Users\Roman\xw45cpdy.dyc moved successfully.
< ipconfig /flushdns /c >
Windows-IP-Konfiguration
Der DNS-Aufl”sungscache wurde geleert.
C:\Users\Roman\Downloads\cmd.bat deleted successfully.
C:\Users\Roman\Downloads\cmd.txt deleted successfully.
========== COMMANDS ==========
 
[EMPTYTEMP]
 
User: All Users
 
User: Default
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 33170 bytes
 
User: Default User
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
 
User: Public
 
User: Roman
->Temp folder emptied: 328432084 bytes
->Temporary Internet Files folder emptied: 67680029 bytes
->Java cache emptied: 14223181 bytes
->FireFox cache emptied: 818733698 bytes
->Google Chrome cache emptied: 84019836 bytes
->Flash cache emptied: 18075 bytes
 
%systemdrive% .tmp files removed: 0 bytes
%systemroot% .tmp files removed: 0 bytes
%systemroot%\System32 .tmp files removed: 0 bytes
%systemroot%\System32\drivers .tmp files removed: 0 bytes
Windows Temp folder emptied: 158436990 bytes
RecycleBin emptied: 114021354 bytes
 
Total Files Cleaned = 1.512,00 mb
 
C:\Windows\System32\drivers\etc\Hosts moved successfully.
HOSTS file reset successfully
 
OTL by OldTimer - Version 3.2.69.0 log created on 10162012_141627

Files\Folders moved on Reboot...

PendingFileRenameOperations files...

Registry entries deleted on Reboot...
         
__________________

Alt 17.10.2012, 11:47   #34
cosinus
/// Winkelfunktion
/// TB-Süch-Tiger™
 
Security Shield Befall - Standard

Security Shield Befall



Ich brauch den Quarantäneordner von OTL. Bitte folgendes machen:

1.) GANZ WICHTIG!! Virenscanner deaktivieren, der darf das Packen nicht beeinflussen!
2.) Ordner MovedFiles in C:\_OTL in eine Datei zippen
3.) Die erstellte ZIP-Datei hier hochladen => http://www.trojaner-board.de/54791-a...ner-board.html

Hinweis: Die Datei bitte wie in der Anleitung zum UpChannel angegeben auch da hochladen. Bitte NICHT die ZIP-Datei hier als Anhang in den Thread posten!

4.) Wenns erfolgreich war Bescheid sagen
5.) Erst dann wieder den Virenscanner einschalten
__________________
Logfiles bitte immer in CODE-Tags posten

Alt 17.10.2012, 12:27   #35
Seprom
 
Security Shield Befall - Standard

Security Shield Befall



BESCHEID! Zip-Ordner ist hochgeladen.


Alt 17.10.2012, 15:54   #36
cosinus
/// Winkelfunktion
/// TB-Süch-Tiger™
 
Security Shield Befall - Standard

Security Shield Befall



Bitte nun (im normalen Windows-Modus) dieses Tool von Kaspersky (TDSS-Killer) ausführen und das Log posten Anleitung und Downloadlink hier => http://www.trojaner-board.de/82358-t...entfernen.html

Hinweis: Bitte den Virenscanner abstellen bevor du den TDSS-Killer ausführst, denn v.a. Avira meldet im TDSS-Tool oft einen Fehalalrm!

Das Tool so einstellen wie unten im Bild angegeben - klick auf change parameters und setze die Haken wie im folgenden Screenshot abgebildet,
Dann auf Start Scan klicken und wenn es durch ist auf den Button Report klicken um das Log anzuzeigen. Dieses bitte komplett posten.

Wenn du das Log nicht findest oder den Inhalt kopieren und in dein Posting übertragen kannst, dann schau bitte direkt auf deiner Windows-Systempartition ( meistens Laufwerk C: ) nach, da speichert der TDSS-Killer seine Logs.

Hinweis: Bitte nichts voreilig mit dem TDSS-Killer löschen! Falls Objekte vom TDSS-Killer bemängelt werden, alle mit der Aktion "skip" behandeln und hier nur das Log posten!

__________________
--> Security Shield Befall

Alt 18.10.2012, 14:02   #37
Seprom
 
Security Shield Befall - Standard

Security Shield Befall



Hat 10 Threads gefunden. Hab alle geskippt.

Code:
ATTFilter
14:57:52.0926 2600  TDSS rootkit removing tool 2.8.13.0 Oct 12 2012 17:26:47
14:57:53.0176 2600  ============================================================
14:57:53.0176 2600  Current date / time: 2012/10/18 14:57:53.0176
14:57:53.0176 2600  SystemInfo:
14:57:53.0176 2600  
14:57:53.0176 2600  OS Version: 6.0.6002 ServicePack: 2.0
14:57:53.0176 2600  Product type: Workstation
14:57:53.0176 2600  ComputerName: 6720S-RV
14:57:53.0176 2600  UserName: Roman
14:57:53.0176 2600  Windows directory: C:\Windows
14:57:53.0176 2600  System windows directory: C:\Windows
14:57:53.0176 2600  Processor architecture: Intel x86
14:57:53.0176 2600  Number of processors: 2
14:57:53.0176 2600  Page size: 0x1000
14:57:53.0176 2600  Boot type: Normal boot
14:57:53.0176 2600  ============================================================
14:57:54.0362 2600  Drive \Device\Harddisk0\DR0 - Size: 0x1BF2976000 (111.79 Gb), SectorSize: 0x200, Cylinders: 0x3901, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000050
14:57:54.0424 2600  ============================================================
14:57:54.0424 2600  \Device\Harddisk0\DR0:
14:57:54.0440 2600  MBR partitions:
14:57:54.0440 2600  \Device\Harddisk0\DR0\Partition1: MBR, Type 0x7, StartLBA 0x3F, BlocksNum 0xCC917C1
14:57:54.0440 2600  \Device\Harddisk0\DR0\Partition2: MBR, Type 0x7, StartLBA 0xCC91800, BlocksNum 0xFE6000
14:57:54.0440 2600  \Device\Harddisk0\DR0\Partition3: MBR, Type 0x7, StartLBA 0xDC79800, BlocksNum 0x31A800
14:57:54.0440 2600  ============================================================
14:57:54.0455 2600  C: <-> \Device\Harddisk0\DR0\Partition1
14:57:54.0549 2600  E: <-> \Device\Harddisk0\DR0\Partition3
14:57:54.0627 2600  F: <-> \Device\Harddisk0\DR0\Partition2
14:57:54.0689 2600  ============================================================
14:57:54.0689 2600  Initialize success
14:57:54.0689 2600  ============================================================
14:58:07.0497 4988  ============================================================
14:58:07.0497 4988  Scan started
14:58:07.0497 4988  Mode: Manual; SigCheck; TDLFS; 
14:58:07.0497 4988  ============================================================
14:58:08.0168 4988  ================ Scan system memory ========================
14:58:08.0168 4988  System memory - ok
14:58:08.0168 4988  ================ Scan services =============================
14:58:08.0402 4988  [ 82B296AE1892FE3DBEE00C9CF92F8AC7 ] ACPI            C:\Windows\system32\drivers\acpi.sys
14:58:08.0620 4988  ACPI - ok
14:58:08.0667 4988  [ FB9ECE3F7B8A03E474E611031AD4CD23 ] ADIHdAudAddService C:\Windows\system32\drivers\ADIHdAud.sys
14:58:08.0948 4988  ADIHdAudAddService - ok
14:58:09.0119 4988  [ D19C4EE2AC7C47B8F5F84FFF1A789D8A ] AdobeARMservice C:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe
14:58:09.0150 4988  AdobeARMservice - ok
14:58:09.0244 4988  [ 44C00A385CA9DBC1D5CF3781F8C26AEA ] AdobeFlashPlayerUpdateSvc C:\Windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe
14:58:09.0275 4988  AdobeFlashPlayerUpdateSvc - ok
14:58:09.0338 4988  [ 2EDC5BBAC6C651ECE337BDE8ED97C9FB ] adp94xx         C:\Windows\system32\drivers\adp94xx.sys
14:58:09.0416 4988  adp94xx - ok
14:58:09.0431 4988  [ B84088CA3CDCA97DA44A984C6CE1CCAD ] adpahci         C:\Windows\system32\drivers\adpahci.sys
14:58:09.0447 4988  adpahci - ok
14:58:09.0462 4988  [ 7880C67BCCC27C86FD05AA2AFB5EA469 ] adpu160m        C:\Windows\system32\drivers\adpu160m.sys
14:58:09.0478 4988  adpu160m - ok
14:58:09.0509 4988  [ 9AE713F8E30EFC2ABCCD84904333DF4D ] adpu320         C:\Windows\system32\drivers\adpu320.sys
14:58:09.0525 4988  adpu320 - ok
14:58:09.0572 4988  [ 12D23758621B00B8D3134095EC3325FD ] AEADIFilters    C:\Windows\system32\AEADISRV.EXE
14:58:09.0650 4988  AEADIFilters - ok
14:58:09.0681 4988  [ 9D1FDA9E086BA64E3C93C9DE32461BCF ] AeLookupSvc     C:\Windows\System32\aelupsvc.dll
14:58:09.0790 4988  AeLookupSvc - ok
14:58:09.0868 4988  [ 3911B972B55FEA0478476B2E777B29FA ] AFD             C:\Windows\system32\drivers\afd.sys
14:58:09.0930 4988  AFD - ok
14:58:09.0977 4988  [ EFBC44FBD75E4F80BD927AEBF6E7EADE ] AgereModemAudio C:\Windows\system32\agrsmsvc.exe
14:58:10.0024 4988  AgereModemAudio - ok
14:58:10.0102 4988  [ 3712986CC3ABF0DC656B43525B9D1279 ] AgereSoftModem  C:\Windows\system32\DRIVERS\AGRSM.sys
14:58:10.0289 4988  AgereSoftModem - ok
14:58:10.0367 4988  [ EF23439CDD587F64C2C1B8825CEAD7D8 ] agp440          C:\Windows\system32\drivers\agp440.sys
14:58:10.0398 4988  agp440 - ok
14:58:10.0445 4988  [ AE1FDF7BF7BB6C6A70F67699D880592A ] aic78xx         C:\Windows\system32\drivers\djsvs.sys
14:58:10.0476 4988  aic78xx - ok
14:58:10.0508 4988  [ A1545B731579895D8CC44FC0481C1192 ] ALG             C:\Windows\System32\alg.exe
14:58:10.0695 4988  ALG - ok
14:58:10.0710 4988  [ 90395B64600EBB4552E26E178C94B2E4 ] aliide          C:\Windows\system32\drivers\aliide.sys
14:58:10.0742 4988  aliide - ok
14:58:10.0788 4988  [ 2B13E304C9DFDFA5EB582F6A149FA2C7 ] amdagp          C:\Windows\system32\drivers\amdagp.sys
14:58:10.0804 4988  amdagp - ok
14:58:10.0835 4988  [ 0577DF1D323FE75A739C787893D300EA ] amdide          C:\Windows\system32\drivers\amdide.sys
14:58:10.0882 4988  amdide - ok
14:58:10.0913 4988  [ DC487885BCEF9F28EECE6FAC0E5DDFC5 ] AmdK7           C:\Windows\system32\drivers\amdk7.sys
14:58:11.0132 4988  AmdK7 - ok
14:58:11.0163 4988  [ 0CA0071DA4315B00FC1328CA86B425DA ] AmdK8           C:\Windows\system32\DRIVERS\amdk8.sys
14:58:11.0241 4988  AmdK8 - ok
14:58:11.0319 4988  [ 466A0D95960DAD3222C896D2CEA99993 ] AntiVirSchedulerService C:\Program Files\Avira\AntiVir Desktop\sched.exe
14:58:11.0350 4988  AntiVirSchedulerService - ok
14:58:11.0366 4988  [ A489BE6BB0AA1FF406B488B60542314B ] AntiVirService  C:\Program Files\Avira\AntiVir Desktop\avguard.exe
14:58:11.0381 4988  AntiVirService - ok
14:58:11.0444 4988  [ C6D704C7F0434DC791AAC37CAC4B6E14 ] Appinfo         C:\Windows\System32\appinfo.dll
14:58:11.0490 4988  Appinfo - ok
14:58:11.0537 4988  [ 0FE769CAE5855B53C90E23F85E7E89FF ] AppMgmt         C:\Windows\System32\appmgmts.dll
14:58:11.0584 4988  AppMgmt - ok
14:58:11.0631 4988  [ 5F673180268BB1FDB69C99B6619FE379 ] arc             C:\Windows\system32\drivers\arc.sys
14:58:11.0646 4988  arc - ok
14:58:11.0678 4988  [ 957F7540B5E7F602E44648C7DE5A1C05 ] arcsas          C:\Windows\system32\drivers\arcsas.sys
14:58:11.0693 4988  arcsas - ok
14:58:11.0740 4988  [ 53B202ABEE6455406254444303E87BE1 ] AsyncMac        C:\Windows\system32\DRIVERS\asyncmac.sys
14:58:11.0787 4988  AsyncMac - ok
14:58:11.0818 4988  [ 1F05B78AB91C9075565A9D8A4B880BC4 ] atapi           C:\Windows\system32\drivers\atapi.sys
14:58:11.0834 4988  atapi - ok
14:58:11.0927 4988  [ 68E2A1A0407A66CF50DA0300852424AB ] AudioEndpointBuilder C:\Windows\System32\Audiosrv.dll
14:58:11.0958 4988  AudioEndpointBuilder - ok
14:58:11.0974 4988  [ 68E2A1A0407A66CF50DA0300852424AB ] Audiosrv        C:\Windows\System32\Audiosrv.dll
14:58:12.0005 4988  Audiosrv - ok
14:58:12.0036 4988  [ D5541F0AFB767E85FC412FC609D96A74 ] avgntflt        C:\Windows\system32\DRIVERS\avgntflt.sys
14:58:12.0068 4988  avgntflt - ok
14:58:12.0083 4988  [ 7D967A682D4694DF7FA57D63A2DB01FE ] avipbb          C:\Windows\system32\DRIVERS\avipbb.sys
14:58:12.0099 4988  avipbb - ok
14:58:12.0130 4988  [ 271CFD1A989209B1964E24D969552BF7 ] avkmgr          C:\Windows\system32\DRIVERS\avkmgr.sys
14:58:12.0146 4988  avkmgr - ok
14:58:12.0224 4988  [ 0A5E8178EFF1D8F109A95235AEB7D76F ] azvusb          C:\Windows\system32\DRIVERS\azvusb.sys
14:58:12.0270 4988  azvusb - ok
14:58:12.0333 4988  [ CF6A67C90951E3E763D2135DEDE44B85 ] BCM43XV         C:\Windows\system32\DRIVERS\bcmwl6.sys
14:58:12.0395 4988  BCM43XV - ok
14:58:12.0411 4988  [ 08015D34F6FDD0B355805BAD978497C3 ] bcm4sbxp        C:\Windows\system32\DRIVERS\bcm4sbxp.sys
14:58:12.0489 4988  bcm4sbxp - ok
14:58:12.0551 4988  [ 6163664C7E9CD110AF70180C126C3FDC ] BcmSqlStartupSvc C:\Program Files\Microsoft Small Business\Business Contact Manager\BcmSqlStartupSvc.exe
14:58:12.0567 4988  BcmSqlStartupSvc - ok
14:58:12.0598 4988  [ 67E506B75BD5326A3EC7B70BD014DFB6 ] Beep            C:\Windows\system32\drivers\Beep.sys
14:58:12.0645 4988  Beep - ok
14:58:12.0692 4988  [ C789AF0F724FDA5852FB9A7D3A432381 ] BFE             C:\Windows\System32\bfe.dll
14:58:12.0738 4988  BFE - ok
14:58:12.0816 4988  [ 93952506C6D67330367F7E7934B6A02F ] BITS            C:\Windows\System32\qmgr.dll
14:58:12.0941 4988  BITS - ok
14:58:12.0957 4988  blbdrive - ok
14:58:13.0019 4988  [ 35F376253F687BDE63976CCB3F2108CA ] bowser          C:\Windows\system32\DRIVERS\bowser.sys
14:58:13.0082 4988  bowser - ok
14:58:13.0113 4988  [ 9F9ACC7F7CCDE8A15C282D3F88B43309 ] BrFiltLo        C:\Windows\system32\drivers\brfiltlo.sys
14:58:13.0160 4988  BrFiltLo - ok
14:58:13.0175 4988  [ 56801AD62213A41F6497F96DEE83755A ] BrFiltUp        C:\Windows\system32\drivers\brfiltup.sys
14:58:13.0206 4988  BrFiltUp - ok
14:58:13.0238 4988  [ A3629A0C4226F9E9C72FAAEEBC3AD33C ] Browser         C:\Windows\System32\browser.dll
14:58:13.0316 4988  Browser - ok
14:58:13.0347 4988  [ B304E75CFF293029EDDF094246747113 ] Brserid         C:\Windows\system32\drivers\brserid.sys
14:58:13.0409 4988  Brserid - ok
14:58:13.0440 4988  [ 203F0B1E73ADADBBB7B7B1FABD901F6B ] BrSerWdm        C:\Windows\system32\drivers\brserwdm.sys
14:58:13.0518 4988  BrSerWdm - ok
14:58:13.0534 4988  [ BD456606156BA17E60A04E18016AE54B ] BrUsbMdm        C:\Windows\system32\drivers\brusbmdm.sys
14:58:13.0612 4988  BrUsbMdm - ok
14:58:13.0659 4988  [ AF72ED54503F717A43268B3CC5FAEC2E ] BrUsbSer        C:\Windows\system32\drivers\brusbser.sys
14:58:13.0721 4988  BrUsbSer - ok
14:58:13.0752 4988  [ 6D39C954799B63BA866910234CF7D726 ] BthEnum         C:\Windows\system32\DRIVERS\BthEnum.sys
14:58:13.0799 4988  BthEnum - ok
14:58:13.0830 4988  [ 9A966A8E86D1771911AE34A20D11BFF3 ] BTHMODEM        C:\Windows\system32\DRIVERS\bthmodem.sys
14:58:13.0877 4988  BTHMODEM - ok
14:58:13.0893 4988  [ 5904EFA25F829BF84EA6FB045134A1D8 ] BthPan          C:\Windows\system32\DRIVERS\bthpan.sys
14:58:13.0955 4988  BthPan - ok
14:58:14.0018 4988  [ 611FF3F2F095C8D4A6D4CFD9DCC09793 ] BTHPORT         C:\Windows\system32\Drivers\BTHport.sys
14:58:14.0096 4988  BTHPORT - ok
14:58:14.0158 4988  [ A4C8377FA4A994E07075107DBE2E3DCE ] BthServ         C:\Windows\System32\bthserv.dll
14:58:14.0205 4988  BthServ - ok
14:58:14.0236 4988  [ D330803EAB2A15CAEC7F011F1D4CB30E ] BTHUSB          C:\Windows\system32\Drivers\BTHUSB.sys
14:58:14.0283 4988  BTHUSB - ok
14:58:14.0408 4988  [ 636F45A8500C1438CFA7DEE15FC5C184 ] btwaudio        C:\Windows\system32\drivers\btwaudio.sys
14:58:14.0454 4988  btwaudio - ok
14:58:14.0501 4988  [ BF9256FF01B093A5D90BB7A35EC90410 ] btwavdt         C:\Windows\system32\drivers\btwavdt.sys
14:58:14.0548 4988  btwavdt - ok
14:58:14.0579 4988  [ 0AB8C1AC177AFB27309E1072FAF34A37 ] btwrchid        C:\Windows\system32\DRIVERS\btwrchid.sys
14:58:14.0595 4988  btwrchid - ok
14:58:14.0642 4988  [ 7ADD03E75BEB9E6DD102C3081D29840A ] cdfs            C:\Windows\system32\DRIVERS\cdfs.sys
14:58:14.0688 4988  cdfs - ok
14:58:14.0751 4988  [ 6B4BFFB9BECD728097024276430DB314 ] cdrom           C:\Windows\system32\DRIVERS\cdrom.sys
14:58:14.0829 4988  cdrom - ok
14:58:14.0876 4988  [ 312EC3E37A0A1F2006534913E37B4423 ] CertPropSvc     C:\Windows\System32\certprop.dll
14:58:14.0922 4988  CertPropSvc - ok
14:58:14.0969 4988  [ DA8E0AFC7BAA226C538EF53AC2F90897 ] circlass        C:\Windows\system32\drivers\circlass.sys
14:58:15.0032 4988  circlass - ok
14:58:15.0063 4988  [ D7659D3B5B92C31E84E53C1431F35132 ] CLFS            C:\Windows\system32\CLFS.sys
14:58:15.0078 4988  CLFS - ok
14:58:15.0188 4988  [ 8EE772032E2FE80A924F3B8DD5082194 ] clr_optimization_v2.0.50727_32 C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe
14:58:15.0219 4988  clr_optimization_v2.0.50727_32 - ok
14:58:15.0266 4988  [ C5A75EB48E2344ABDC162BDA79E16841 ] clr_optimization_v4.0.30319_32 C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe
14:58:15.0281 4988  clr_optimization_v4.0.30319_32 - ok
14:58:15.0328 4988  [ 99AFC3795B58CC478FBBBCDC658FCB56 ] CmBatt          C:\Windows\system32\DRIVERS\CmBatt.sys
14:58:15.0359 4988  CmBatt - ok
14:58:15.0390 4988  [ 45201046C776FFDAF3FC8A0029C581C8 ] cmdide          C:\Windows\system32\drivers\cmdide.sys
14:58:15.0406 4988  cmdide - ok
14:58:15.0484 4988  [ C7A0E61D5714AC20DE52D4F66EC773B8 ] Com4QLBEx       C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\Com4QLBEx.exe
14:58:15.0531 4988  Com4QLBEx - ok
14:58:15.0562 4988  [ 6AFEF0B60FA25DE07C0968983EE4F60A ] Compbatt        C:\Windows\system32\DRIVERS\compbatt.sys
14:58:15.0578 4988  Compbatt - ok
14:58:15.0578 4988  COMSysApp - ok
14:58:15.0624 4988  [ 2A213AE086BBEC5E937553C7D9A2B22C ] crcdisk         C:\Windows\system32\drivers\crcdisk.sys
14:58:15.0640 4988  crcdisk - ok
14:58:15.0656 4988  [ 22A7F883508176489F559EE745B5BF5D ] Crusoe          C:\Windows\system32\drivers\crusoe.sys
14:58:15.0749 4988  Crusoe - ok
14:58:15.0812 4988  [ F1E8C34892336D33EDDCDFE44E474F64 ] CryptSvc        C:\Windows\system32\cryptsvc.dll
14:58:15.0858 4988  CryptSvc - ok
14:58:15.0905 4988  [ 9BDB2E89BE8D0EF37B1F25C3D3FC192C ] CSC             C:\Windows\system32\drivers\csc.sys
14:58:15.0952 4988  CSC - ok
14:58:16.0030 4988  [ 0A2095F92F6AE4FE6484D911B0C21E95 ] CscService      C:\Windows\System32\cscsvc.dll
14:58:16.0108 4988  CscService - ok
14:58:16.0155 4988  [ B5ECADF7708960F1818C7FA015F4C239 ] CVirtA          C:\Windows\system32\DRIVERS\CVirtA.sys
14:58:16.0202 4988  CVirtA - ok
14:58:16.0233 4988  [ 5D5984255A4BFAA4262FB750DF7CD537 ] DAMDrv          C:\Windows\system32\DRIVERS\DAMDrv.sys
14:58:16.0295 4988  DAMDrv ( UnsignedFile.Multi.Generic ) - warning
14:58:16.0295 4988  DAMDrv - detected UnsignedFile.Multi.Generic (1)
14:58:16.0373 4988  [ 3B5B4D53FEC14F7476CA29A20CC31AC9 ] DcomLaunch      C:\Windows\system32\rpcss.dll
14:58:16.0482 4988  DcomLaunch - ok
14:58:16.0576 4988  [ 3B604417EBAE4E1E66E6ABD8CC55FD76 ] DCService.exe   C:\ProgramData\DatacardService\DCService.exe
14:58:16.0592 4988  DCService.exe ( UnsignedFile.Multi.Generic ) - warning
14:58:16.0592 4988  DCService.exe - detected UnsignedFile.Multi.Generic (1)
14:58:16.0623 4988  [ 622C41A07CA7E6DD91770F50D532CB6C ] DfsC            C:\Windows\system32\Drivers\dfsc.sys
14:58:16.0670 4988  DfsC - ok
14:58:16.0810 4988  [ 2CC3DCFB533A1035B13DCAB6160AB38B ] DFSR            C:\Windows\system32\DFSR.exe
14:58:17.0044 4988  DFSR - ok
14:58:17.0106 4988  [ 9028559C132146FB75EB7ACF384B086A ] Dhcp            C:\Windows\System32\dhcpcsvc.dll
14:58:17.0169 4988  Dhcp - ok
14:58:17.0216 4988  [ 5D4AEFC3386920236A548271F8F1AF6A ] disk            C:\Windows\system32\drivers\disk.sys
14:58:17.0247 4988  disk - ok
14:58:17.0294 4988  [ 86D52C32A308F84BBC626BFF7C1FB710 ] DNE             C:\Windows\system32\DRIVERS\dne2000.sys
14:58:17.0340 4988  DNE - ok
14:58:17.0387 4988  [ 57D762F6F5974AF0DA2BE88A3349BAAA ] Dnscache        C:\Windows\System32\dnsrslvr.dll
14:58:17.0450 4988  Dnscache - ok
14:58:17.0496 4988  [ 324FD74686B1EF5E7C19A8AF49E748F6 ] dot3svc         C:\Windows\System32\dot3svc.dll
14:58:17.0590 4988  dot3svc - ok
14:58:17.0637 4988  [ 4F59C172C094E1A1D46463A8DC061CBD ] Dot4            C:\Windows\system32\DRIVERS\Dot4.sys
14:58:17.0730 4988  Dot4 - ok
14:58:17.0762 4988  [ 80BF3BA09F6F2523C8F6B7CC6DBF7BD5 ] Dot4Print       C:\Windows\system32\DRIVERS\Dot4Prt.sys
14:58:17.0824 4988  Dot4Print - ok
14:58:17.0871 4988  [ C55004CA6B419B6695970DFE849B122F ] dot4usb         C:\Windows\system32\DRIVERS\dot4usb.sys
14:58:17.0949 4988  dot4usb - ok
14:58:17.0980 4988  [ A622E888F8AA2F6B49E9BC466F0E5DEF ] DPS             C:\Windows\system32\dps.dll
14:58:18.0074 4988  DPS - ok
14:58:18.0120 4988  [ 97FEF831AB90BEE128C9AF390E243F80 ] drmkaud         C:\Windows\system32\drivers\drmkaud.sys
14:58:18.0183 4988  drmkaud - ok
14:58:18.0323 4988  [ C68AC676B0EF30CFBB1080ADCE49EB1F ] DXGKrnl         C:\Windows\System32\drivers\dxgkrnl.sys
14:58:18.0417 4988  DXGKrnl - ok
14:58:18.0464 4988  [ ABFD0739BDA1A9295B872A4B27326B9C ] e1express       C:\Windows\system32\DRIVERS\e1e6032.sys
14:58:18.0495 4988  e1express - ok
14:58:18.0557 4988  [ F88FB26547FD2CE6D0A5AF2985892C48 ] E1G60           C:\Windows\system32\DRIVERS\E1G60I32.sys
14:58:18.0682 4988  E1G60 - ok
14:58:18.0760 4988  [ C0B95E40D85CD807D614E264248A45B9 ] EapHost         C:\Windows\System32\eapsvc.dll
14:58:18.0791 4988  EapHost - ok
14:58:18.0822 4988  [ 7F64EA048DCFAC7ACF8B4D7B4E6FE371 ] Ecache          C:\Windows\system32\drivers\ecache.sys
14:58:18.0838 4988  Ecache - ok
14:58:18.0885 4988  [ E8F3F21A71720C84BCF423B80028359F ] elxstor         C:\Windows\system32\drivers\elxstor.sys
14:58:18.0900 4988  elxstor - ok
14:58:19.0056 4988  [ 4E6B23DFC917EA39306B529B773950F4 ] EMDMgmt         C:\Windows\system32\emdmgmt.dll
14:58:19.0181 4988  EMDMgmt - ok
14:58:19.0290 4988  [ 67058C46504BC12D821F38CF99B7B28F ] EventSystem     C:\Windows\system32\es.dll
14:58:19.0368 4988  EventSystem - ok
14:58:19.0415 4988  [ E1556AF3FB0284C32896B9AC8494D9C2 ] ewusbnet        C:\Windows\system32\DRIVERS\ewusbnet.sys
14:58:19.0478 4988  ewusbnet - ok
14:58:19.0524 4988  [ 57C171EA22F0A7F068FCB0CAEDD1E8E7 ] ew_hwusbdev     C:\Windows\system32\DRIVERS\ew_hwusbdev.sys
14:58:19.0571 4988  ew_hwusbdev - ok
14:58:19.0665 4988  [ 22B408651F9123527BCEE54B4F6C5CAE ] exfat           C:\Windows\system32\drivers\exfat.sys
14:58:19.0727 4988  exfat - ok
14:58:19.0758 4988  [ 1E9B9A70D332103C52995E957DC09EF8 ] fastfat         C:\Windows\system32\drivers\fastfat.sys
14:58:19.0790 4988  fastfat - ok
14:58:19.0836 4988  [ DFBA0F60FA301E5B1BFB1403A93EE23E ] Fax             C:\Windows\system32\fxssvc.exe
14:58:19.0914 4988  Fax - ok
14:58:19.0946 4988  [ 63BDADA84951B9C03E641800E176898A ] fdc             C:\Windows\system32\DRIVERS\fdc.sys
14:58:20.0008 4988  fdc - ok
14:58:20.0024 4988  [ 6629B5F0E98151F4AFDD87567EA32BA3 ] fdPHost         C:\Windows\system32\fdPHost.dll
14:58:20.0086 4988  fdPHost - ok
14:58:20.0117 4988  [ 89ED56DCE8E47AF40892778A5BD31FD2 ] FDResPub        C:\Windows\system32\fdrespub.dll
14:58:20.0195 4988  FDResPub - ok
14:58:20.0211 4988  [ A8C0139A884861E3AAE9CFE73B208A9F ] FileInfo        C:\Windows\system32\drivers\fileinfo.sys
14:58:20.0226 4988  FileInfo - ok
14:58:20.0258 4988  [ 0AE429A696AECBC5970E3CF2C62635AE ] Filetrace       C:\Windows\system32\drivers\filetrace.sys
14:58:20.0336 4988  Filetrace - ok
14:58:20.0367 4988  [ 224138E0CCDF7CE3281298473F6FD1D2 ] FLCDLOCK        C:\Windows\system32\flcdlock.exe
14:58:20.0398 4988  FLCDLOCK ( UnsignedFile.Multi.Generic ) - warning
14:58:20.0398 4988  FLCDLOCK - detected UnsignedFile.Multi.Generic (1)
14:58:20.0429 4988  [ 6603957EFF5EC62D25075EA8AC27DE68 ] flpydisk        C:\Windows\system32\DRIVERS\flpydisk.sys
14:58:20.0492 4988  flpydisk - ok
14:58:20.0538 4988  [ 01334F9EA68E6877C4EF05D3EA8ABB05 ] FltMgr          C:\Windows\system32\drivers\fltmgr.sys
14:58:20.0554 4988  FltMgr - ok
14:58:20.0679 4988  [ 8CE364388C8ECA59B14B539179276D44 ] FontCache       C:\Windows\system32\FntCache.dll
14:58:20.0726 4988  FontCache - ok
14:58:20.0866 4988  [ C7FBDD1ED42F82BFA35167A5C9803EA3 ] FontCache3.0.0.0 C:\Windows\Microsoft.Net\Framework\v3.0\WPF\PresentationFontCache.exe
14:58:20.0897 4988  FontCache3.0.0.0 - ok
14:58:20.0913 4988  [ B972A66758577E0BFD1DE0F91AAA27B5 ] Fs_Rec          C:\Windows\system32\drivers\Fs_Rec.sys
14:58:20.0960 4988  Fs_Rec - ok
14:58:20.0991 4988  [ 4E1CD0A45C50A8882616CAE5BF82F3C5 ] gagp30kx        C:\Windows\system32\drivers\gagp30kx.sys
14:58:21.0006 4988  gagp30kx - ok
14:58:21.0131 4988  [ CD5D0AEEE35DFD4E986A5AA1500A6E66 ] gpsvc           C:\Windows\System32\gpsvc.dll
14:58:21.0194 4988  gpsvc - ok
14:58:21.0256 4988  [ 8F0DE4FEF8201E306F9938B0905AC96A ] gupdate         C:\Program Files\Google\Update\GoogleUpdate.exe
14:58:21.0272 4988  gupdate - ok
14:58:21.0287 4988  [ 8F0DE4FEF8201E306F9938B0905AC96A ] gupdatem        C:\Program Files\Google\Update\GoogleUpdate.exe
14:58:21.0303 4988  gupdatem - ok
14:58:21.0365 4988  [ C1B577B2169900F4CF7190C39F085794 ] gusvc           C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
14:58:21.0381 4988  gusvc - ok
14:58:21.0412 4988  [ 93AEE3434935FC2F805FEFD8DC5ED1B4 ] HBtnKey         C:\Windows\system32\DRIVERS\cpqbttn.sys
14:58:21.0428 4988  HBtnKey - ok
14:58:21.0459 4988  [ CB04C744BE0A61B1D648FAED182C3B59 ] HdAudAddService C:\Windows\system32\drivers\HdAudio.sys
14:58:21.0537 4988  HdAudAddService - ok
14:58:21.0677 4988  [ 062452B7FFD68C8C042A6261FE8DFF4A ] HDAudBus        C:\Windows\system32\DRIVERS\HDAudBus.sys
14:58:21.0755 4988  HDAudBus - ok
14:58:21.0771 4988  [ 1338520E78D90154ED6BE8F84DE5FCEB ] HidBth          C:\Windows\system32\drivers\hidbth.sys
14:58:21.0911 4988  HidBth - ok
14:58:21.0942 4988  [ FF3160C3A2445128C5A6D9B076DA519E ] HidIr           C:\Windows\system32\drivers\hidir.sys
14:58:22.0052 4988  HidIr - ok
14:58:22.0083 4988  [ 84067081F3318162797385E11A8F0582 ] hidserv         C:\Windows\system32\hidserv.dll
14:58:22.0114 4988  hidserv - ok
14:58:22.0161 4988  [ CCA4B519B17E23A00B826C55716809CC ] HidUsb          C:\Windows\system32\DRIVERS\hidusb.sys
14:58:22.0192 4988  HidUsb - ok
14:58:22.0223 4988  [ D8AD255B37DA92434C26E4876DB7D418 ] hkmsvc          C:\Windows\system32\kmsvc.dll
14:58:22.0270 4988  hkmsvc - ok
14:58:22.0317 4988  [ A19B0BB5A7EB6DF2DD4A0711D36955EE ] HP Health Check Service c:\Program Files\Hewlett-Packard\HP Health Check\hphc_service.exe
14:58:22.0317 4988  HP Health Check Service ( UnsignedFile.Multi.Generic ) - warning
14:58:22.0317 4988  HP Health Check Service - detected UnsignedFile.Multi.Generic (1)
14:58:22.0348 4988  [ DF353B401001246853763C4B7AAA6F50 ] HpCISSs         C:\Windows\system32\drivers\hpcisss.sys
14:58:22.0364 4988  HpCISSs - ok
14:58:22.0535 4988  [ 0A3C6AA4A9FC38C20BA4EAC2C3351C05 ] hpqcxs08        C:\Program Files\HP\Digital Imaging\bin\hpqcxs08.dll
14:58:22.0582 4988  hpqcxs08 ( UnsignedFile.Multi.Generic ) - warning
14:58:22.0582 4988  hpqcxs08 - detected UnsignedFile.Multi.Generic (1)
14:58:22.0629 4988  [ 7DA3211AC63EDD90B8ECA1CA1ABFD43B ] hpqddsvc        C:\Program Files\HP\Digital Imaging\bin\hpqddsvc.dll
14:58:22.0644 4988  hpqddsvc ( UnsignedFile.Multi.Generic ) - warning
14:58:22.0644 4988  hpqddsvc - detected UnsignedFile.Multi.Generic (1)
14:58:22.0707 4988  [ 1210960FF8928950D2A786895B0C424A ] HpqKbFiltr      C:\Windows\system32\DRIVERS\HpqKbFiltr.sys
14:58:22.0754 4988  HpqKbFiltr - ok
14:58:22.0863 4988  [ FDF273A845F1FFCCEADF363AAF47582F ] hpqwmiex        C:\Program Files\Hewlett-Packard\Shared\hpqwmiex.exe
14:58:22.0910 4988  hpqwmiex - ok
14:58:22.0988 4988  [ 14229263AA19C704E0D6D2E7404A8455 ] HPSLPSVC        C:\Program Files\HP\Digital Imaging\bin\HPSLPSVC32.DLL
14:58:23.0034 4988  HPSLPSVC ( UnsignedFile.Multi.Generic ) - warning
14:58:23.0034 4988  HPSLPSVC - detected UnsignedFile.Multi.Generic (1)
14:58:23.0081 4988  [ 46D67209550973257601A533E2AC5785 ] HSFHWAZL        C:\Windows\system32\DRIVERS\VSTAZL3.SYS
14:58:23.0159 4988  HSFHWAZL - ok
14:58:23.0362 4988  [ EC36F1D542ED4252390D446BF6D4DFD0 ] HSF_DPV         C:\Windows\system32\DRIVERS\VSTDPV3.SYS
14:58:23.0502 4988  HSF_DPV - ok
14:58:23.0565 4988  [ F870AA3E254628EBEAFE754108D664DE ] HTTP            C:\Windows\system32\drivers\HTTP.sys
14:58:23.0674 4988  HTTP - ok
14:58:23.0705 4988  [ 92548543D50C9BCCDB31FFB7EC39249D ] huawei_enumerator C:\Windows\system32\DRIVERS\ew_jubusenum.sys
14:58:23.0752 4988  huawei_enumerator - ok
14:58:23.0768 4988  [ A89423D0132C8AB69BA621B6CE191714 ] hwdatacard      C:\Windows\system32\DRIVERS\ewusbmdm.sys
14:58:23.0814 4988  hwdatacard - ok
14:58:23.0861 4988  [ 324C2152FF2C61ABAE92D09F3CCA4D63 ] i2omp           C:\Windows\system32\drivers\i2omp.sys
14:58:23.0877 4988  i2omp - ok
14:58:23.0924 4988  [ 22D56C8184586B7A1F6FA60BE5F5A2BD ] i8042prt        C:\Windows\system32\DRIVERS\i8042prt.sys
14:58:23.0955 4988  i8042prt - ok
14:58:23.0986 4988  [ 997E8F5939F2D12CD9F2E6B395724C16 ] iaStor          C:\Windows\system32\drivers\iastor.sys
14:58:24.0002 4988  iaStor - ok
14:58:24.0080 4988  [ C957BF4B5D80B46C5017BF0101E6C906 ] iaStorV         C:\Windows\system32\drivers\iastorv.sys
14:58:24.0111 4988  iaStorV - ok
14:58:24.0173 4988  [ 6F95324909B502E2651442C1548AB12F ] IDriverT        C:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe
14:58:24.0220 4988  IDriverT ( UnsignedFile.Multi.Generic ) - warning
14:58:24.0220 4988  IDriverT - detected UnsignedFile.Multi.Generic (1)
14:58:24.0376 4988  [ 98477B08E61945F974ED9FDC4CB6BDAB ] idsvc           C:\Windows\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\infocard.exe
14:58:24.0516 4988  idsvc - ok
14:58:24.0641 4988  [ BBACE0293B73BF8C7CB591F2D06F26FA ] igfx            C:\Windows\system32\DRIVERS\igdkmd32.sys
14:58:24.0813 4988  igfx - ok
14:58:24.0860 4988  [ 2D077BF86E843F901D8DB709C95B49A5 ] iirsp           C:\Windows\system32\drivers\iirsp.sys
14:58:24.0891 4988  iirsp - ok
14:58:24.0938 4988  [ 9908D8A397B76CD8D31D0D383C5773C9 ] IKEEXT          C:\Windows\System32\ikeext.dll
14:58:25.0031 4988  IKEEXT - ok
14:58:25.0062 4988  [ 97469037714070E45194ED318D636401 ] intelide        C:\Windows\system32\drivers\intelide.sys
14:58:25.0062 4988  intelide - ok
14:58:25.0094 4988  [ 224191001E78C89DFA78924C3EA595FF ] intelppm        C:\Windows\system32\DRIVERS\intelppm.sys
14:58:25.0140 4988  intelppm - ok
14:58:25.0172 4988  [ 9AC218C6E6105477484C6FDBE7D409A4 ] IPBusEnum       C:\Windows\system32\ipbusenum.dll
14:58:25.0187 4988  IPBusEnum - ok
14:58:25.0218 4988  [ 62C265C38769B864CB25B4BCF62DF6C3 ] IpFilterDriver  C:\Windows\system32\DRIVERS\ipfltdrv.sys
14:58:25.0265 4988  IpFilterDriver - ok
14:58:25.0296 4988  [ 1998BD97F950680BB55F55A7244679C2 ] iphlpsvc        C:\Windows\System32\iphlpsvc.dll
14:58:25.0343 4988  iphlpsvc - ok
14:58:25.0343 4988  IpInIp - ok
14:58:25.0374 4988  [ 40F34F8ABA2A015D780E4B09138B6C17 ] IPMIDRV         C:\Windows\system32\drivers\ipmidrv.sys
14:58:25.0421 4988  IPMIDRV - ok
14:58:25.0468 4988  [ 8793643A67B42CEC66490B2A0CF92D68 ] IPNAT           C:\Windows\system32\DRIVERS\ipnat.sys
14:58:25.0499 4988  IPNAT - ok
14:58:25.0530 4988  [ 109C0DFB82C3632FBD11949B73AEEAC9 ] IRENUM          C:\Windows\system32\drivers\irenum.sys
14:58:25.0577 4988  IRENUM - ok
14:58:25.0608 4988  [ 350FCA7E73CF65BCEF43FAE1E4E91293 ] isapnp          C:\Windows\system32\drivers\isapnp.sys
14:58:25.0608 4988  isapnp - ok
14:58:25.0655 4988  [ 232FA340531D940AAC623B121A595034 ] iScsiPrt        C:\Windows\system32\DRIVERS\msiscsi.sys
14:58:25.0671 4988  iScsiPrt - ok
14:58:25.0686 4988  [ BCED60D16156E428F8DF8CF27B0DF150 ] iteatapi        C:\Windows\system32\drivers\iteatapi.sys
14:58:25.0702 4988  iteatapi - ok
14:58:25.0718 4988  [ 06FA654504A498C30ADCA8BEC4E87E7E ] iteraid         C:\Windows\system32\drivers\iteraid.sys
14:58:25.0733 4988  iteraid - ok
14:58:25.0796 4988  [ 213822072085B5BBAD9AF30AB577D817 ] IviRegMgr       C:\Program Files\Common Files\InterVideo\RegMgr\iviRegMgr.exe
14:58:25.0811 4988  IviRegMgr - ok
14:58:25.0827 4988  [ 37605E0A8CF00CBBA538E753E4344C6E ] kbdclass        C:\Windows\system32\DRIVERS\kbdclass.sys
14:58:25.0842 4988  kbdclass - ok
14:58:25.0858 4988  [ EDE59EC70E25C24581ADD1FBEC7325F7 ] kbdhid          C:\Windows\system32\DRIVERS\kbdhid.sys
14:58:25.0905 4988  kbdhid - ok
14:58:25.0936 4988  [ A3E186B4B935905B829219502557314E ] KeyIso          C:\Windows\system32\lsass.exe
14:58:25.0983 4988  KeyIso - ok
14:58:26.0014 4988  [ 566C5FD480FDBCE3BA5CF9FBCFFAEA9A ] KMWDFILTER      C:\Windows\system32\DRIVERS\KMWDFILTER.sys
14:58:26.0061 4988  KMWDFILTER - ok
14:58:26.0108 4988  [ 4A1445EFA932A3BAF5BDB02D7131EE20 ] KSecDD          C:\Windows\system32\Drivers\ksecdd.sys
14:58:26.0170 4988  KSecDD - ok
14:58:26.0201 4988  [ 8078F8F8F7A79E2E6B494523A828C585 ] KtmRm           C:\Windows\system32\msdtckrm.dll
14:58:26.0248 4988  KtmRm - ok
14:58:26.0279 4988  [ 1BF5EEBFD518DD7298434D8C862F825D ] LanmanServer    C:\Windows\system32\srvsvc.dll
14:58:26.0357 4988  LanmanServer - ok
14:58:26.0404 4988  [ 1DB69705B695B987082C8BAEC0C6B34F ] LanmanWorkstation C:\Windows\System32\wkssvc.dll
14:58:26.0451 4988  LanmanWorkstation - ok
14:58:26.0498 4988  [ 31D8B705DCD5F2366186E731F87C7A71 ] LightScribeService C:\Program Files\Common Files\LightScribe\LSSrvc.exe
14:58:26.0513 4988  LightScribeService - ok
14:58:26.0544 4988  [ D1C5883087A0C3F1344D9D55A44901F6 ] lltdio          C:\Windows\system32\DRIVERS\lltdio.sys
14:58:26.0607 4988  lltdio - ok
14:58:26.0638 4988  [ 2D5A428872F1442631D0959A34ABFF63 ] lltdsvc         C:\Windows\System32\lltdsvc.dll
14:58:26.0685 4988  lltdsvc - ok
14:58:26.0716 4988  [ 35D40113E4A5B961B6CE5C5857702518 ] lmhosts         C:\Windows\System32\lmhsvc.dll
14:58:26.0778 4988  lmhosts - ok
14:58:26.0825 4988  [ A2262FB9F28935E862B4DB46438C80D2 ] LSI_FC          C:\Windows\system32\drivers\lsi_fc.sys
14:58:26.0841 4988  LSI_FC - ok
14:58:26.0856 4988  [ 30D73327D390F72A62F32C103DAF1D6D ] LSI_SAS         C:\Windows\system32\drivers\lsi_sas.sys
14:58:26.0872 4988  LSI_SAS - ok
14:58:26.0888 4988  [ E1E36FEFD45849A95F1AB81DE0159FE3 ] LSI_SCSI        C:\Windows\system32\drivers\lsi_scsi.sys
14:58:26.0903 4988  LSI_SCSI - ok
14:58:26.0934 4988  [ 8F5C7426567798E62A3B3614965D62CC ] luafv           C:\Windows\system32\drivers\luafv.sys
14:58:26.0966 4988  luafv - ok
14:58:27.0012 4988  [ CBF0BF6AF73A704211BBB52EFACAA8A0 ] lvpopflt        C:\Windows\system32\DRIVERS\lvpopflt.sys
14:58:27.0028 4988  lvpopflt - ok
14:58:27.0106 4988  [ 6917B407DBEC11B3A078ABFC2EC2AC7C ] LVRS            C:\Windows\system32\DRIVERS\lvrs.sys
14:58:27.0122 4988  LVRS - ok
14:58:27.0153 4988  [ BE5E104BE263921D6842C555DB6A5C23 ] LVUSBSta        C:\Windows\system32\drivers\LVUSBSta.sys
14:58:27.0168 4988  LVUSBSta - ok
14:58:27.0356 4988  [ 44876E70E07E9A653BBE423DBFA35A1A ] LVUVC           C:\Windows\system32\DRIVERS\lvuvc.sys
14:58:27.0792 4988  LVUVC - ok
14:58:27.0870 4988  [ 65E794E86468B61F2BC79ABC48BC4433 ] MBAMProtector   C:\Windows\system32\drivers\mbam.sys
14:58:27.0886 4988  MBAMProtector - ok
14:58:27.0917 4988  [ 0DCF16B1449811EFA47AB52CAC84093C ] MBAMScheduler   C:\Program Files\Malwarebytes' Anti-Malware\mbamscheduler.exe
14:58:27.0933 4988  MBAMScheduler - ok
14:58:27.0964 4988  [ 9EAABA4D601004BEA4DAA6E146E19A96 ] MBAMService     C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe
14:58:28.0011 4988  MBAMService - ok
14:58:28.0073 4988  [ D153B14FC6598EAE8422A2037553ADCE ] megasas         C:\Windows\system32\drivers\megasas.sys
14:58:28.0073 4988  megasas - ok
14:58:28.0120 4988  [ 1076FFCFFAAE8385FD62DFCB25AC4708 ] MMCSS           C:\Windows\system32\mmcss.dll
14:58:28.0167 4988  MMCSS - ok
14:58:28.0198 4988  [ E13B5EA0F51BA5B1512EC671393D09BA ] Modem           C:\Windows\system32\drivers\modem.sys
14:58:28.0229 4988  Modem - ok
14:58:28.0260 4988  [ 0A9BB33B56E294F686ABB7C1E4E2D8A8 ] monitor         C:\Windows\system32\DRIVERS\monitor.sys
14:58:28.0307 4988  monitor - ok
14:58:28.0338 4988  [ 5BF6A1326A335C5298477754A506D263 ] mouclass        C:\Windows\system32\DRIVERS\mouclass.sys
14:58:28.0354 4988  mouclass - ok
14:58:28.0370 4988  [ 93B8D4869E12CFBE663915502900876F ] mouhid          C:\Windows\system32\DRIVERS\mouhid.sys
14:58:28.0432 4988  mouhid - ok
14:58:28.0463 4988  [ BDAFC88AA6B92F7842416EA6A48E1600 ] MountMgr        C:\Windows\system32\drivers\mountmgr.sys
14:58:28.0494 4988  MountMgr - ok
14:58:28.0572 4988  [ 4D7F2682D29B92A6251B17957AA0B985 ] MozillaMaintenance C:\Program Files\Mozilla Maintenance Service\maintenanceservice.exe
14:58:28.0604 4988  MozillaMaintenance - ok
14:58:28.0635 4988  [ 583A41F26278D9E0EA548163D6139397 ] mpio            C:\Windows\system32\drivers\mpio.sys
14:58:28.0666 4988  mpio - ok
14:58:28.0697 4988  [ 22241FEBA9B2DEFA669C8CB0A8DD7D2E ] mpsdrv          C:\Windows\system32\drivers\mpsdrv.sys
14:58:28.0760 4988  mpsdrv - ok
14:58:28.0791 4988  [ 5DE62C6E9108F14F6794060A9BDECAEC ] MpsSvc          C:\Windows\system32\mpssvc.dll
14:58:28.0884 4988  MpsSvc - ok
14:58:28.0916 4988  [ 4FBBB70D30FD20EC51F80061703B001E ] Mraid35x        C:\Windows\system32\drivers\mraid35x.sys
14:58:28.0931 4988  Mraid35x - ok
14:58:28.0962 4988  [ 82CEA0395524AACFEB58BA1448E8325C ] MRxDAV          C:\Windows\system32\drivers\mrxdav.sys
14:58:28.0994 4988  MRxDAV - ok
14:58:29.0025 4988  [ 1E94971C4B446AB2290DEB71D01CF0C2 ] mrxsmb          C:\Windows\system32\DRIVERS\mrxsmb.sys
14:58:29.0072 4988  mrxsmb - ok
14:58:29.0118 4988  [ 4FCCB34D793B116423209C0F8B7A3B03 ] mrxsmb10        C:\Windows\system32\DRIVERS\mrxsmb10.sys
14:58:29.0134 4988  mrxsmb10 - ok
14:58:29.0150 4988  [ C3CB1B40AD4A0124D617A1199B0B9D7C ] mrxsmb20        C:\Windows\system32\DRIVERS\mrxsmb20.sys
14:58:29.0196 4988  mrxsmb20 - ok
14:58:29.0228 4988  [ 742AED7939E734C36B7E8D6228CE26B7 ] msahci          C:\Windows\system32\drivers\msahci.sys
14:58:29.0243 4988  msahci - ok
14:58:29.0274 4988  [ 3FC82A2AE4CC149165A94699183D3028 ] msdsm           C:\Windows\system32\drivers\msdsm.sys
14:58:29.0290 4988  msdsm - ok
14:58:29.0321 4988  [ FD7520CC3A80C5FC8C48852BB24C6DED ] MSDTC           C:\Windows\System32\msdtc.exe
14:58:29.0368 4988  MSDTC - ok
14:58:29.0399 4988  [ A9927F4A46B816C92F461ACB90CF8515 ] Msfs            C:\Windows\system32\drivers\Msfs.sys
14:58:29.0446 4988  Msfs - ok
14:58:29.0477 4988  [ 0F400E306F385C56317357D6DEA56F62 ] msisadrv        C:\Windows\system32\drivers\msisadrv.sys
14:58:29.0493 4988  msisadrv - ok
14:58:29.0524 4988  [ 85466C0757A23D9A9AECDC0755203CB2 ] MSiSCSI         C:\Windows\system32\iscsiexe.dll
14:58:29.0571 4988  MSiSCSI - ok
14:58:29.0586 4988  msiserver - ok
14:58:29.0618 4988  [ D8C63D34D9C9E56C059E24EC7185CC07 ] MSKSSRV         C:\Windows\system32\drivers\MSKSSRV.sys
14:58:29.0649 4988  MSKSSRV - ok
14:58:29.0680 4988  [ 1D373C90D62DDB641D50E55B9E78D65E ] MSPCLOCK        C:\Windows\system32\drivers\MSPCLOCK.sys
14:58:29.0727 4988  MSPCLOCK - ok
14:58:29.0742 4988  [ B572DA05BF4E098D4BBA3A4734FB505B ] MSPQM           C:\Windows\system32\drivers\MSPQM.sys
14:58:29.0789 4988  MSPQM - ok
14:58:29.0820 4988  [ B49456D70555DE905C311BCDA6EC6ADB ] MsRPC           C:\Windows\system32\drivers\MsRPC.sys
14:58:29.0836 4988  MsRPC - ok
14:58:29.0867 4988  [ E384487CB84BE41D09711C30CA79646C ] mssmbios        C:\Windows\system32\DRIVERS\mssmbios.sys
14:58:29.0883 4988  mssmbios - ok
14:58:29.0945 4988  MSSQL$MSSMLBIZ - ok
14:58:29.0976 4988  [ 1D89EB4E2A99CABD4E81225F4F4C4B25 ] MSSQLServerADHelper c:\Program Files\Microsoft SQL Server\90\Shared\sqladhlp90.exe
14:58:29.0976 4988  MSSQLServerADHelper - ok
14:58:30.0008 4988  [ 7199C1EEC1E4993CAF96B8C0A26BD58A ] MSTEE           C:\Windows\system32\drivers\MSTEE.sys
14:58:30.0054 4988  MSTEE - ok
14:58:30.0086 4988  [ 6A57B5733D4CB702C8EA4542E836B96C ] Mup             C:\Windows\system32\Drivers\mup.sys
14:58:30.0101 4988  Mup - ok
14:58:30.0132 4988  [ E4EAF0C5C1B41B5C83386CF212CA9584 ] napagent        C:\Windows\system32\qagentRT.dll
14:58:30.0179 4988  napagent - ok
14:58:30.0242 4988  [ 85C44FDFF9CF7E72A40DCB7EC06A4416 ] NativeWifiP     C:\Windows\system32\DRIVERS\nwifi.sys
14:58:30.0257 4988  NativeWifiP - ok
14:58:30.0288 4988  [ 1357274D1883F68300AEADD15D7BBB42 ] NDIS            C:\Windows\system32\drivers\ndis.sys
14:58:30.0320 4988  NDIS - ok
14:58:30.0366 4988  [ 0E186E90404980569FB449BA7519AE61 ] NdisTapi        C:\Windows\system32\DRIVERS\ndistapi.sys
14:58:30.0413 4988  NdisTapi - ok
14:58:30.0444 4988  [ D6973AA34C4D5D76C0430B181C3CD389 ] Ndisuio         C:\Windows\system32\DRIVERS\ndisuio.sys
14:58:30.0476 4988  Ndisuio - ok
14:58:30.0507 4988  [ 818F648618AE34F729FDB47EC68345C3 ] NdisWan         C:\Windows\system32\DRIVERS\ndiswan.sys
14:58:30.0538 4988  NdisWan - ok
14:58:30.0554 4988  [ 71DAB552B41936358F3B541AE5997FB3 ] NDProxy         C:\Windows\system32\drivers\NDProxy.sys
14:58:30.0616 4988  NDProxy - ok
14:58:30.0647 4988  [ 2969D26EEE289BE7422AA46FC55F4E38 ] Net Driver HPZ12 C:\Windows\system32\HPZinw12.dll
14:58:30.0647 4988  Net Driver HPZ12 ( UnsignedFile.Multi.Generic ) - warning
14:58:30.0647 4988  Net Driver HPZ12 - detected UnsignedFile.Multi.Generic (1)
14:58:30.0678 4988  [ BCD093A5A6777CF626434568DC7DBA78 ] NetBIOS         C:\Windows\system32\DRIVERS\netbios.sys
14:58:30.0725 4988  NetBIOS - ok
14:58:30.0756 4988  [ ECD64230A59CBD93C85F1CD1CAB9F3F6 ] netbt           C:\Windows\system32\DRIVERS\netbt.sys
14:58:30.0803 4988  netbt - ok
14:58:30.0819 4988  [ A3E186B4B935905B829219502557314E ] Netlogon        C:\Windows\system32\lsass.exe
14:58:30.0850 4988  Netlogon - ok
14:58:30.0866 4988  [ C8052711DAECC48B982434C5116CA401 ] Netman          C:\Windows\System32\netman.dll
14:58:30.0912 4988  Netman - ok
14:58:30.0944 4988  [ 2EF3BBE22E5A5ACD1428EE387A0D0172 ] netprofm        C:\Windows\System32\netprofm.dll
14:58:31.0006 4988  netprofm - ok
14:58:31.0037 4988  [ D6C4E4A39A36029AC0813D476FBD0248 ] NetTcpPortSharing C:\Windows\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\SMSvcHost.exe
14:58:31.0053 4988  NetTcpPortSharing - ok
14:58:31.0131 4988  [ 25ACCCFC33DD448B9D3037C5E439E830 ] NETw4v32        C:\Windows\system32\DRIVERS\NETw4v32.sys
14:58:31.0334 4988  NETw4v32 - ok
14:58:31.0490 4988  [ 8DE67BD902095A13329FD82C85A1FA09 ] NETw5v32        C:\Windows\system32\DRIVERS\NETw5v32.sys
14:58:31.0755 4988  NETw5v32 - ok
14:58:31.0802 4988  [ 2E7FB731D4790A1BC6270ACCEFACB36E ] nfrd960         C:\Windows\system32\drivers\nfrd960.sys
14:58:31.0833 4988  nfrd960 - ok
14:58:31.0880 4988  [ 2997B15415F9BBE05B5A4C1C85E0C6A2 ] NlaSvc          C:\Windows\System32\nlasvc.dll
14:58:31.0942 4988  NlaSvc - ok
14:58:31.0973 4988  [ D36F239D7CCE1931598E8FB90A0DBC26 ] Npfs            C:\Windows\system32\drivers\Npfs.sys
14:58:31.0989 4988  Npfs - ok
14:58:32.0020 4988  [ 8BB86F0C7EEA2BDED6FE095D0B4CA9BD ] nsi             C:\Windows\system32\nsisvc.dll
14:58:32.0098 4988  nsi - ok
14:58:32.0129 4988  [ 609773E344A97410CE4EBF74A8914FCF ] nsiproxy        C:\Windows\system32\drivers\nsiproxy.sys
14:58:32.0160 4988  nsiproxy - ok
14:58:32.0207 4988  [ 6A4A98CEE84CF9E99564510DDA4BAA47 ] Ntfs            C:\Windows\system32\drivers\Ntfs.sys
14:58:32.0316 4988  Ntfs - ok
14:58:32.0363 4988  [ E875C093AEC0C978A90F30C9E0DFBB72 ] ntrigdigi       C:\Windows\system32\drivers\ntrigdigi.sys
14:58:32.0410 4988  ntrigdigi - ok
14:58:32.0426 4988  [ C5DBBCDA07D780BDA9B685DF333BB41E ] Null            C:\Windows\system32\drivers\Null.sys
14:58:32.0472 4988  Null - ok
14:58:32.0504 4988  [ E69E946F80C1C31C53003BFBF50CBB7C ] nvraid          C:\Windows\system32\drivers\nvraid.sys
14:58:32.0519 4988  nvraid - ok
14:58:32.0535 4988  [ 9E0BA19A28C498A6D323D065DB76DFFC ] nvstor          C:\Windows\system32\drivers\nvstor.sys
14:58:32.0550 4988  nvstor - ok
14:58:32.0582 4988  [ 07C186427EB8FCC3D8D7927187F260F7 ] nv_agp          C:\Windows\system32\drivers\nv_agp.sys
14:58:32.0597 4988  nv_agp - ok
14:58:32.0597 4988  NwlnkFlt - ok
14:58:32.0597 4988  NwlnkFwd - ok
14:58:32.0706 4988  [ 785F487A64950F3CB8E9F16253BA3B7B ] odserv          C:\Program Files\Common Files\Microsoft Shared\OFFICE12\ODSERV.EXE
14:58:32.0738 4988  odserv - ok
14:58:32.0784 4988  [ BE32DA025A0BE1878F0EE8D6D9386CD5 ] ohci1394        C:\Windows\system32\DRIVERS\ohci1394.sys
14:58:32.0862 4988  ohci1394 - ok
14:58:32.0909 4988  [ 5A432A042DAE460ABE7199B758E8606C ] ose             C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE
14:58:32.0925 4988  ose - ok
14:58:32.0987 4988  [ 0C8E8E61AD1EB0B250B846712C917506 ] p2pimsvc        C:\Windows\system32\p2psvc.dll
14:58:33.0081 4988  p2pimsvc - ok
14:58:33.0112 4988  [ 0C8E8E61AD1EB0B250B846712C917506 ] p2psvc          C:\Windows\system32\p2psvc.dll
14:58:33.0143 4988  p2psvc - ok
14:58:33.0206 4988  [ 0FA9B5055484649D63C303FE404E5F4D ] Parport         C:\Windows\system32\drivers\parport.sys
14:58:33.0268 4988  Parport - ok
14:58:33.0299 4988  [ B9C2B89F08670E159F7181891E449CD9 ] partmgr         C:\Windows\system32\drivers\partmgr.sys
14:58:33.0315 4988  partmgr - ok
14:58:33.0330 4988  [ 4F9A6A8A31413180D0FCB279AD5D8112 ] Parvdm          C:\Windows\system32\drivers\parvdm.sys
14:58:33.0377 4988  Parvdm - ok
14:58:33.0393 4988  [ C6276AD11F4BB49B58AA1ED88537F14A ] PcaSvc          C:\Windows\System32\pcasvc.dll
14:58:33.0455 4988  PcaSvc - ok
14:58:33.0471 4988  [ 941DC1D19E7E8620F40BBC206981EFDB ] pci             C:\Windows\system32\drivers\pci.sys
14:58:33.0486 4988  pci - ok
14:58:33.0518 4988  [ 1636D43F10416AEB483BC6001097B26C ] pciide          C:\Windows\system32\DRIVERS\pciide.sys
14:58:33.0533 4988  pciide - ok
14:58:33.0596 4988  [ E6F3FB1B86AA519E7698AD05E58B04E5 ] pcmcia          C:\Windows\system32\DRIVERS\pcmcia.sys
14:58:33.0611 4988  pcmcia - ok
14:58:33.0658 4988  [ 6349F6ED9C623B44B52EA3C63C831A92 ] PEAUTH          C:\Windows\system32\drivers\peauth.sys
14:58:33.0752 4988  PEAUTH - ok
14:58:33.0798 4988  [ 3551190E9CF1EB4C0971BDEF4269CA25 ] PID_0928        C:\Windows\system32\DRIVERS\LV561AV.SYS
14:58:33.0845 4988  PID_0928 - ok
14:58:33.0908 4988  [ B1689DF169143F57053F795390C99DB3 ] pla             C:\Windows\system32\pla.dll
14:58:34.0032 4988  pla - ok
14:58:34.0064 4988  [ C5E7F8A996EC0A82D508FD9064A5569E ] PlugPlay        C:\Windows\system32\umpnpmgr.dll
14:58:34.0110 4988  PlugPlay - ok
14:58:34.0188 4988  [ BAFC9706BDF425A02B66468AB2605C59 ] Pml Driver HPZ12 C:\Windows\system32\HPZipm12.dll
14:58:34.0204 4988  Pml Driver HPZ12 ( UnsignedFile.Multi.Generic ) - warning
14:58:34.0204 4988  Pml Driver HPZ12 - detected UnsignedFile.Multi.Generic (1)
14:58:34.0251 4988  [ 0C8E8E61AD1EB0B250B846712C917506 ] PNRPAutoReg     C:\Windows\system32\p2psvc.dll
14:58:34.0282 4988  PNRPAutoReg - ok
14:58:34.0329 4988  [ 0C8E8E61AD1EB0B250B846712C917506 ] PNRPsvc         C:\Windows\system32\p2psvc.dll
14:58:34.0376 4988  PNRPsvc - ok
14:58:34.0422 4988  [ D0494460421A03CD5225CCA0059AA146 ] PolicyAgent     C:\Windows\System32\ipsecsvc.dll
14:58:34.0500 4988  PolicyAgent - ok
14:58:34.0547 4988  [ ECFFFAEC0C1ECD8DBC77F39070EA1DB1 ] PptpMiniport    C:\Windows\system32\DRIVERS\raspptp.sys
14:58:34.0594 4988  PptpMiniport - ok
14:58:34.0625 4988  [ 0E3CEF5D28B40CF273281D620C50700A ] Processor       C:\Windows\system32\drivers\processr.sys
14:58:34.0703 4988  Processor - ok
14:58:34.0734 4988  [ 0508FAA222D28835310B7BFCA7A77346 ] ProfSvc         C:\Windows\system32\profsvc.dll
14:58:34.0781 4988  ProfSvc - ok
14:58:34.0812 4988  [ A3E186B4B935905B829219502557314E ] ProtectedStorage C:\Windows\system32\lsass.exe
14:58:34.0828 4988  ProtectedStorage - ok
14:58:34.0844 4988  [ 99514FAA8DF93D34B5589187DB3AA0BA ] PSched          C:\Windows\system32\DRIVERS\pacer.sys
14:58:34.0890 4988  PSched - ok
14:58:34.0922 4988  [ 153D02480A0A2F45785522E814C634B6 ] PxHelp20        C:\Windows\system32\Drivers\PxHelp20.sys
14:58:34.0937 4988  PxHelp20 - ok
14:58:35.0000 4988  [ CCDAC889326317792480C0A67156A1EC ] ql2300          C:\Windows\system32\drivers\ql2300.sys
14:58:35.0062 4988  ql2300 - ok
14:58:35.0093 4988  [ 81A7E5C076E59995D54BC1ED3A16E60B ] ql40xx          C:\Windows\system32\drivers\ql40xx.sys
14:58:35.0109 4988  ql40xx - ok
14:58:35.0156 4988  [ E9ECAE663F47E6CB43962D18AB18890F ] QWAVE           C:\Windows\system32\qwave.dll
14:58:35.0202 4988  QWAVE - ok
14:58:35.0234 4988  [ 9F5E0E1926014D17486901C88ECA2DB7 ] QWAVEdrv        C:\Windows\system32\drivers\qwavedrv.sys
14:58:35.0280 4988  QWAVEdrv - ok
14:58:35.0374 4988  [ E642B131FB74CAF4BB8A014F31113142 ] R300            C:\Windows\system32\DRIVERS\atikmdag.sys
14:58:35.0592 4988  R300 - ok
14:58:35.0639 4988  [ 147D7F9C556D259924351FEB0DE606C3 ] RasAcd          C:\Windows\system32\DRIVERS\rasacd.sys
14:58:35.0686 4988  RasAcd - ok
14:58:35.0702 4988  [ F6A452EB4CEADBB51C9E0EE6B3ECEF0F ] RasAuto         C:\Windows\System32\rasauto.dll
14:58:35.0764 4988  RasAuto - ok
14:58:35.0795 4988  [ A214ADBAF4CB47DD2728859EF31F26B0 ] Rasl2tp         C:\Windows\system32\DRIVERS\rasl2tp.sys
14:58:35.0842 4988  Rasl2tp - ok
14:58:35.0889 4988  [ 75D47445D70CA6F9F894B032FBC64FCF ] RasMan          C:\Windows\System32\rasmans.dll
14:58:35.0936 4988  RasMan - ok
14:58:35.0967 4988  [ 509A98DD18AF4375E1FC40BC175F1DEF ] RasPppoe        C:\Windows\system32\DRIVERS\raspppoe.sys
14:58:36.0029 4988  RasPppoe - ok
14:58:36.0045 4988  [ 2005F4A1E05FA09389AC85840F0A9E4D ] RasSstp         C:\Windows\system32\DRIVERS\rassstp.sys
14:58:36.0092 4988  RasSstp - ok
14:58:36.0123 4988  [ B14C9D5B9ADD2F84F70570BBBFAA7935 ] rdbss           C:\Windows\system32\DRIVERS\rdbss.sys
14:58:36.0170 4988  rdbss - ok
14:58:36.0185 4988  [ 89E59BE9A564262A3FB6C4F4F1CD9899 ] RDPCDD          C:\Windows\system32\DRIVERS\RDPCDD.sys
14:58:36.0232 4988  RDPCDD - ok
14:58:36.0263 4988  [ 943B18305EAE3935598A9B4A3D560B4C ] rdpdr           C:\Windows\system32\DRIVERS\rdpdr.sys
14:58:36.0294 4988  rdpdr - ok
14:58:36.0294 4988  [ 9D91FE5286F748862ECFFA05F8A0710C ] RDPENCDD        C:\Windows\system32\drivers\rdpencdd.sys
14:58:36.0326 4988  RDPENCDD - ok
14:58:36.0372 4988  [ C127EBD5AFAB31524662C48DFCEB773A ] RDPWD           C:\Windows\system32\drivers\RDPWD.sys
14:58:36.0419 4988  RDPWD - ok
14:58:36.0450 4988  [ BCDD6B4804D06B1F7EBF29E53A57ECE9 ] RemoteAccess    C:\Windows\System32\mprdim.dll
14:58:36.0513 4988  RemoteAccess - ok
14:58:36.0544 4988  [ 9E6894EA18DAFF37B63E1005F83AE4AB ] RemoteRegistry  C:\Windows\system32\regsvc.dll
14:58:36.0575 4988  RemoteRegistry - ok
14:58:36.0622 4988  [ 6482707F9F4DA0ECBAB43B2E0398A101 ] RFCOMM          C:\Windows\system32\DRIVERS\rfcomm.sys
14:58:36.0638 4988  RFCOMM - ok
14:58:36.0731 4988  [ 229933CE97A9421F5F1673A20473726F ] RoxMediaDB9     c:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxMediaDB9.exe
14:58:36.0840 4988  RoxMediaDB9 - ok
14:58:36.0903 4988  [ 5123F83CBC4349D065534EEB6BBDC42B ] RpcLocator      C:\Windows\system32\locator.exe
14:58:36.0965 4988  RpcLocator - ok
14:58:37.0028 4988  [ 3B5B4D53FEC14F7476CA29A20CC31AC9 ] RpcSs           C:\Windows\system32\rpcss.dll
14:58:37.0059 4988  RpcSs - ok
14:58:37.0090 4988  [ 9C508F4074A39E8B4B31D27198146FAD ] rspndr          C:\Windows\system32\DRIVERS\rspndr.sys
14:58:37.0152 4988  rspndr - ok
14:58:37.0184 4988  [ A3E186B4B935905B829219502557314E ] SamSs           C:\Windows\system32\lsass.exe
14:58:37.0199 4988  SamSs - ok
14:58:37.0230 4988  [ 3CE8F073A557E172B330109436984E30 ] sbp2port        C:\Windows\system32\drivers\sbp2port.sys
14:58:37.0246 4988  sbp2port - ok
14:58:37.0262 4988  [ 77B7A11A0C3D78D3386398FBBEA1B632 ] SCardSvr        C:\Windows\System32\SCardSvr.dll
14:58:37.0308 4988  SCardSvr - ok
14:58:37.0355 4988  [ 1A58069DB21D05EB2AB58EE5753EBE8D ] Schedule        C:\Windows\system32\schedsvc.dll
14:58:37.0449 4988  Schedule - ok
14:58:37.0480 4988  [ 312EC3E37A0A1F2006534913E37B4423 ] SCPolicySvc     C:\Windows\System32\certprop.dll
14:58:37.0511 4988  SCPolicySvc - ok
14:58:37.0527 4988  [ 716313D9F6B0529D03F726D5AAF6F191 ] SDRSVC          C:\Windows\System32\SDRSVC.dll
14:58:37.0558 4988  SDRSVC - ok
14:58:37.0589 4988  [ 90A3935D05B494A5A39D37E71F09A677 ] secdrv          C:\Windows\system32\drivers\secdrv.sys
14:58:37.0652 4988  secdrv - ok
14:58:37.0683 4988  [ FD5199D4D8A521005E4B5EE7FE00FA9B ] seclogon        C:\Windows\system32\seclogon.dll
14:58:37.0714 4988  seclogon - ok
14:58:37.0745 4988  [ A9BBAB5759771E523F55563D6CBE140F ] SENS            C:\Windows\System32\sens.dll
14:58:37.0761 4988  SENS - ok
14:58:37.0792 4988  [ 68E44E331D46F0FB38F0863A84CD1A31 ] Serenum         C:\Windows\system32\drivers\serenum.sys
14:58:37.0839 4988  Serenum - ok
14:58:37.0854 4988  [ C70D69A918B178D3C3B06339B40C2E1B ] Serial          C:\Windows\system32\drivers\serial.sys
14:58:37.0901 4988  Serial - ok
14:58:37.0932 4988  [ 8AF3D28A879BF75DB53A0EE7A4289624 ] sermouse        C:\Windows\system32\drivers\sermouse.sys
14:58:37.0948 4988  sermouse - ok
14:58:37.0995 4988  [ D2193326F729B163125610DBF3E17D57 ] SessionEnv      C:\Windows\system32\sessenv.dll
14:58:38.0026 4988  SessionEnv - ok
14:58:38.0057 4988  [ 51CF56AA8BCC241F134B420B8F850406 ] sffdisk         C:\Windows\system32\drivers\sffdisk.sys
14:58:38.0073 4988  sffdisk - ok
14:58:38.0088 4988  [ 96DED8B20C734AC41641CE275250E55D ] sffp_mmc        C:\Windows\system32\drivers\sffp_mmc.sys
14:58:38.0104 4988  sffp_mmc - ok
14:58:38.0120 4988  [ 8B08CAB1267B2C377883FC9E56981F90 ] sffp_sd         C:\Windows\system32\drivers\sffp_sd.sys
14:58:38.0135 4988  sffp_sd - ok
14:58:38.0151 4988  [ 46ED8E91793B2E6F848015445A0AC188 ] sfloppy         C:\Windows\system32\drivers\sfloppy.sys
14:58:38.0198 4988  sfloppy - ok
14:58:38.0213 4988  [ E1499BD0FF76B1B2FBBF1AF339D91165 ] SharedAccess    C:\Windows\System32\ipnathlp.dll
14:58:38.0276 4988  SharedAccess - ok
14:58:38.0322 4988  [ C7230FBEE14437716701C15BE02C27B8 ] ShellHWDetection C:\Windows\System32\shsvcs.dll
14:58:38.0354 4988  ShellHWDetection - ok
14:58:38.0369 4988  [ D2A595D6EEBEEAF4334F8E50EFBC9931 ] sisagp          C:\Windows\system32\drivers\sisagp.sys
14:58:38.0385 4988  sisagp - ok
14:58:38.0416 4988  [ CEDD6F4E7D84E9F98B34B3FE988373AA ] SiSRaid2        C:\Windows\system32\drivers\sisraid2.sys
14:58:38.0432 4988  SiSRaid2 - ok
14:58:38.0463 4988  [ DF843C528C4F69D12CE41CE462E973A7 ] SiSRaid4        C:\Windows\system32\drivers\sisraid4.sys
14:58:38.0478 4988  SiSRaid4 - ok
14:58:38.0541 4988  [ EA396139541706B4B433641D62EA53CE ] SkypeUpdate     C:\Program Files\Skype\Updater\Updater.exe
14:58:38.0556 4988  SkypeUpdate - ok
14:58:38.0650 4988  [ 862BB4CBC05D80C5B45BE430E5EF872F ] slsvc           C:\Windows\system32\SLsvc.exe
14:58:38.0884 4988  slsvc - ok
14:58:38.0931 4988  [ 6EDC422215CD78AA8A9CDE6B30ABBD35 ] SLUINotify      C:\Windows\system32\SLUINotify.dll
14:58:38.0993 4988  SLUINotify - ok
14:58:39.0024 4988  [ 7B75299A4D201D6A6533603D6914AB04 ] Smb             C:\Windows\system32\DRIVERS\smb.sys
14:58:39.0071 4988  Smb - ok
14:58:39.0118 4988  [ 2A146A055B4401C16EE62D18B8E2A032 ] SNMPTRAP        C:\Windows\System32\snmptrap.exe
14:58:39.0165 4988  SNMPTRAP - ok
14:58:39.0180 4988  [ 7AEBDEEF071FE28B0EEF2CDD69102BFF ] spldr           C:\Windows\system32\drivers\spldr.sys
14:58:39.0212 4988  spldr - ok
14:58:39.0243 4988  [ 8554097E5136C3BF9F69FE578A1B35F4 ] Spooler         C:\Windows\System32\spoolsv.exe
14:58:39.0274 4988  Spooler - ok
14:58:39.0305 4988  [ 86EBD8B1F23E743AAD21F4D5B4D40985 ] SQLBrowser      c:\Program Files\Microsoft SQL Server\90\Shared\sqlbrowser.exe
14:58:39.0321 4988  SQLBrowser - ok
14:58:39.0336 4988  [ D89083C4EB02DACA8F944B0E05E57F9D ] SQLWriter       c:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe
14:58:39.0368 4988  SQLWriter - ok
14:58:39.0399 4988  [ 41987F9FC0E61ADF54F581E15029AD91 ] srv             C:\Windows\system32\DRIVERS\srv.sys
14:58:39.0461 4988  srv - ok
14:58:39.0492 4988  [ FF33AFF99564B1AA534F58868CBE41EF ] srv2            C:\Windows\system32\DRIVERS\srv2.sys
14:58:39.0539 4988  srv2 - ok
14:58:39.0570 4988  [ 7605C0E1D01A08F3ECD743F38B834A44 ] srvnet          C:\Windows\system32\DRIVERS\srvnet.sys
14:58:39.0617 4988  srvnet - ok
14:58:39.0648 4988  [ 03D50B37234967433A5EA5BA72BC0B62 ] SSDPSRV         C:\Windows\System32\ssdpsrv.dll
14:58:39.0680 4988  SSDPSRV - ok
14:58:39.0711 4988  [ A36EE93698802CD899F98BFD553D8185 ] ssmdrv          C:\Windows\system32\DRIVERS\ssmdrv.sys
14:58:39.0726 4988  ssmdrv - ok
14:58:39.0773 4988  [ 6F1A32E7B7B30F004D9A20AFADB14944 ] SstpSvc         C:\Windows\system32\sstpsvc.dll
14:58:39.0820 4988  SstpSvc - ok
14:58:39.0851 4988  [ 5DE7D67E49B88F5F07F3E53C4B92A352 ] stisvc          C:\Windows\System32\wiaservc.dll
14:58:39.0929 4988  stisvc - ok
14:58:39.0992 4988  [ E5FF667E416DAC99BFF16B626234A379 ] stllssvr        c:\Program Files\Common Files\SureThing Shared\stllssvr.exe
14:58:40.0007 4988  stllssvr - ok
14:58:40.0054 4988  [ 7BA58ECF0C0A9A69D44B3DCA62BECF56 ] swenum          C:\Windows\system32\DRIVERS\swenum.sys
14:58:40.0070 4988  swenum - ok
14:58:40.0101 4988  [ F21FD248040681CCA1FB6C9A03AAA93D ] swprv           C:\Windows\System32\swprv.dll
14:58:40.0179 4988  swprv - ok
14:58:40.0210 4988  [ 192AA3AC01DF071B541094F251DEED10 ] Symc8xx         C:\Windows\system32\drivers\symc8xx.sys
14:58:40.0241 4988  Symc8xx - ok
14:58:40.0257 4988  [ 8C8EB8C76736EBAF3B13B633B2E64125 ] Sym_hi          C:\Windows\system32\drivers\sym_hi.sys
14:58:40.0288 4988  Sym_hi - ok
14:58:40.0288 4988  [ 8072AF52B5FD103BBBA387A1E49F62CB ] Sym_u3          C:\Windows\system32\drivers\sym_u3.sys
14:58:40.0319 4988  Sym_u3 - ok
14:58:40.0350 4988  [ F5D926807BD9BC0AF68F9376144DE425 ] SynTP           C:\Windows\system32\DRIVERS\SynTP.sys
14:58:40.0366 4988  SynTP - ok
14:58:40.0397 4988  [ 9A51B04E9886AA4EE90093586B0BA88D ] SysMain         C:\Windows\system32\sysmain.dll
14:58:40.0491 4988  SysMain - ok
14:58:40.0538 4988  [ 2DCA225EAE15F42C0933E998EE0231C3 ] TabletInputService C:\Windows\System32\TabSvc.dll
14:58:40.0569 4988  TabletInputService - ok
14:58:40.0631 4988  [ D7673E4B38CE21EE54C59EEEB65E2483 ] TapiSrv         C:\Windows\System32\tapisrv.dll
14:58:40.0678 4988  TapiSrv - ok
14:58:40.0709 4988  [ CB05822CD9CC6C688168E113C603DBE7 ] TBS             C:\Windows\System32\tbssvc.dll
14:58:40.0725 4988  TBS - ok
14:58:40.0772 4988  [ 27D470DABC77BC60D0A3B0E4DEB6CB91 ] Tcpip           C:\Windows\system32\drivers\tcpip.sys
14:58:40.0818 4988  Tcpip - ok
14:58:40.0865 4988  [ 27D470DABC77BC60D0A3B0E4DEB6CB91 ] Tcpip6          C:\Windows\system32\DRIVERS\tcpip.sys
14:58:40.0896 4988  Tcpip6 - ok
14:58:40.0974 4988  [ 608C345A255D82A6289C2D468EB41FD7 ] tcpipreg        C:\Windows\system32\drivers\tcpipreg.sys
14:58:41.0006 4988  tcpipreg - ok
14:58:41.0021 4988  [ 5DCF5E267BE67A1AE926F2DF77FBCC56 ] TDPIPE          C:\Windows\system32\drivers\tdpipe.sys
14:58:41.0052 4988  TDPIPE - ok
14:58:41.0084 4988  [ 389C63E32B3CEFED425B61ED92D3F021 ] TDTCP           C:\Windows\system32\drivers\tdtcp.sys
14:58:41.0130 4988  TDTCP - ok
14:58:41.0177 4988  [ 76B06EB8A01FC8624D699E7045303E54 ] tdx             C:\Windows\system32\DRIVERS\tdx.sys
14:58:41.0208 4988  tdx - ok
14:58:41.0349 4988  [ 2BBB318EA9F34FDC508CEA4AAB98D770 ] TeamViewer7     C:\Program Files\TeamViewer\Version7\TeamViewer_Service.exe
14:58:41.0520 4988  TeamViewer7 - ok
14:58:41.0552 4988  [ 9101FFFCFCCD1A30E870A5B8A9091B10 ] teamviewervpn   C:\Windows\system32\DRIVERS\teamviewervpn.sys
14:58:41.0598 4988  teamviewervpn - ok
14:58:41.0614 4988  [ 3CAD38910468EAB9A6479E2F01DB43C7 ] TermDD          C:\Windows\system32\DRIVERS\termdd.sys
14:58:41.0645 4988  TermDD - ok
14:58:41.0676 4988  [ BB95DA09BEF6E7A131BFF3BA5032090D ] TermService     C:\Windows\System32\termsrv.dll
14:58:41.0754 4988  TermService - ok
14:58:41.0786 4988  [ C7230FBEE14437716701C15BE02C27B8 ] Themes          C:\Windows\system32\shsvcs.dll
14:58:41.0801 4988  Themes - ok
14:58:41.0817 4988  [ 1076FFCFFAAE8385FD62DFCB25AC4708 ] THREADORDER     C:\Windows\system32\mmcss.dll
14:58:41.0848 4988  THREADORDER - ok
14:58:41.0879 4988  [ EC74E77D0EB004BD3A809B5F8FB8C2CE ] TrkWks          C:\Windows\System32\trkwks.dll
14:58:41.0926 4988  TrkWks - ok
14:58:41.0973 4988  [ 97D9D6A04E3AD9B6C626B9931DB78DBA ] TrustedInstaller C:\Windows\servicing\TrustedInstaller.exe
14:58:42.0004 4988  TrustedInstaller - ok
14:58:42.0051 4988  [ DCF0F056A2E4F52287264F5AB29CF206 ] tssecsrv        C:\Windows\system32\DRIVERS\tssecsrv.sys
14:58:42.0082 4988  tssecsrv - ok
14:58:42.0113 4988  [ CAECC0120AC49E3D2F758B9169872D38 ] tunmp           C:\Windows\system32\DRIVERS\tunmp.sys
14:58:42.0144 4988  tunmp - ok
14:58:42.0191 4988  [ 300DB877AC094FEAB0BE7688C3454A9C ] tunnel          C:\Windows\system32\DRIVERS\tunnel.sys
14:58:42.0238 4988  tunnel - ok
14:58:42.0269 4988  [ C3ADE15414120033A36C0F293D4A4121 ] uagp35          C:\Windows\system32\drivers\uagp35.sys
14:58:42.0285 4988  uagp35 - ok
14:58:42.0316 4988  [ D9728AF68C4C7693CB100B8441CBDEC6 ] udfs            C:\Windows\system32\DRIVERS\udfs.sys
14:58:42.0363 4988  udfs - ok
14:58:42.0410 4988  [ ECEF404F62863755951E09C802C94AD5 ] UI0Detect       C:\Windows\system32\UI0Detect.exe
14:58:42.0441 4988  UI0Detect - ok
14:58:42.0456 4988  [ 75E6890EBFCE0841D3291B02E7A8BDB0 ] uliagpkx        C:\Windows\system32\drivers\uliagpkx.sys
14:58:42.0472 4988  uliagpkx - ok
14:58:42.0503 4988  [ 3CD4EA35A6221B85DCC25DAA46313F8D ] uliahci         C:\Windows\system32\drivers\uliahci.sys
14:58:42.0519 4988  uliahci - ok
14:58:42.0534 4988  [ 8514D0E5CD0534467C5FC61BE94A569F ] UlSata          C:\Windows\system32\drivers\ulsata.sys
14:58:42.0550 4988  UlSata - ok
14:58:42.0566 4988  [ 38C3C6E62B157A6BC46594FADA45C62B ] ulsata2         C:\Windows\system32\drivers\ulsata2.sys
14:58:42.0581 4988  ulsata2 - ok
14:58:42.0612 4988  [ 32CFF9F809AE9AED85464492BF3E32D2 ] umbus           C:\Windows\system32\DRIVERS\umbus.sys
14:58:42.0644 4988  umbus - ok
14:58:42.0659 4988  [ 8A66360F38F81E960E2367B428CBD5D9 ] UmRdpService    C:\Windows\System32\umrdp.dll
14:58:42.0690 4988  UmRdpService - ok
14:58:42.0737 4988  [ 68308183F4AE0BE7BF8ECD07CB297999 ] upnphost        C:\Windows\System32\upnphost.dll
14:58:42.0768 4988  upnphost - ok
14:58:42.0831 4988  [ 9B01CE1EDA6AD1ACFD4F865D6CB0A790 ] USB28xxBGA      C:\Windows\system32\DRIVERS\emBDA.sys
14:58:42.0878 4988  USB28xxBGA - ok
14:58:42.0909 4988  [ C93E4F6BD1CBD163662E7C9BE021B895 ] USB28xxOEM      C:\Windows\system32\DRIVERS\emOEM.sys
14:58:42.0940 4988  USB28xxOEM - ok
14:58:42.0971 4988  [ 32DB9517628FF0D070682AAB61E688F0 ] usbaudio        C:\Windows\system32\drivers\usbaudio.sys
14:58:43.0018 4988  usbaudio - ok
14:58:43.0049 4988  [ CAF811AE4C147FFCD5B51750C7F09142 ] usbccgp         C:\Windows\system32\DRIVERS\usbccgp.sys
14:58:43.0080 4988  usbccgp - ok
14:58:43.0096 4988  [ E9476E6C486E76BC4898074768FB7131 ] usbcir          C:\Windows\system32\drivers\usbcir.sys
14:58:43.0158 4988  usbcir - ok
14:58:43.0174 4988  [ 79E96C23A97CE7B8F14D310DA2DB0C9B ] usbehci         C:\Windows\system32\DRIVERS\usbehci.sys
14:58:43.0205 4988  usbehci - ok
14:58:43.0236 4988  [ 4673BBCB006AF60E7ABDDBE7A130BA42 ] usbhub          C:\Windows\system32\DRIVERS\usbhub.sys
14:58:43.0268 4988  usbhub - ok
14:58:43.0283 4988  [ 38DBC7DD6CC5A72011F187425384388B ] usbohci         C:\Windows\system32\DRIVERS\usbohci.sys
14:58:43.0346 4988  usbohci - ok
14:58:43.0392 4988  [ E75C4B5269091D15A2E7DC0B6D35F2F5 ] usbprint        C:\Windows\system32\DRIVERS\usbprint.sys
14:58:43.0424 4988  usbprint - ok
14:58:43.0455 4988  [ A508C9BD8724980512136B039BBA65E9 ] usbscan         C:\Windows\system32\DRIVERS\usbscan.sys
14:58:43.0502 4988  usbscan - ok
14:58:43.0533 4988  [ BE3DA31C191BC222D9AD503C5224F2AD ] USBSTOR         C:\Windows\system32\DRIVERS\USBSTOR.SYS
14:58:43.0564 4988  USBSTOR - ok
14:58:43.0595 4988  [ 814D653EFC4D48BE3B04A307ECEFF56F ] usbuhci         C:\Windows\system32\DRIVERS\usbuhci.sys
14:58:43.0626 4988  usbuhci - ok
14:58:43.0673 4988  [ E67998E8F14CB0627A769F6530BCB352 ] usbvideo        C:\Windows\system32\Drivers\usbvideo.sys
14:58:43.0704 4988  usbvideo - ok
14:58:43.0736 4988  [ 1509E705F3AC1D474C92454A5C2DD81F ] UxSms           C:\Windows\System32\uxsms.dll
14:58:43.0782 4988  UxSms - ok
14:58:43.0829 4988  [ CD88D1B7776DC17A119049742EC07EB4 ] vds             C:\Windows\System32\vds.exe
14:58:43.0892 4988  vds - ok
14:58:43.0938 4988  [ 7D92BE0028ECDEDEC74617009084B5EF ] vga             C:\Windows\system32\DRIVERS\vgapnp.sys
14:58:44.0001 4988  vga - ok
14:58:44.0016 4988  [ 2E93AC0A1D8C79D019DB6C51F036636C ] VgaSave         C:\Windows\System32\drivers\vga.sys
14:58:44.0048 4988  VgaSave - ok
14:58:44.0063 4988  [ 045D9961E591CF0674A920B6BA3BA5CB ] viaagp          C:\Windows\system32\drivers\viaagp.sys
14:58:44.0079 4988  viaagp - ok
14:58:44.0094 4988  [ 56A4DE5F02F2E88182B0981119B4DD98 ] ViaC7           C:\Windows\system32\drivers\viac7.sys
14:58:44.0157 4988  ViaC7 - ok
14:58:44.0188 4988  [ FD2E3175FCADA350C7AB4521DCA187EC ] viaide          C:\Windows\system32\drivers\viaide.sys
14:58:44.0188 4988  viaide - ok
14:58:44.0219 4988  [ 69503668AC66C77C6CD7AF86FBDF8C43 ] volmgr          C:\Windows\system32\drivers\volmgr.sys
14:58:44.0235 4988  volmgr - ok
14:58:44.0266 4988  [ 23E41B834759917BFD6B9A0D625D0C28 ] volmgrx         C:\Windows\system32\drivers\volmgrx.sys
14:58:44.0282 4988  volmgrx - ok
14:58:44.0313 4988  [ 147281C01FCB1DF9252DE2A10D5E7093 ] volsnap         C:\Windows\system32\drivers\volsnap.sys
14:58:44.0344 4988  volsnap - ok
14:58:44.0360 4988  [ D984439746D42B30FC65A4C3546C6829 ] vsmraid         C:\Windows\system32\drivers\vsmraid.sys
14:58:44.0375 4988  vsmraid - ok
14:58:44.0422 4988  [ DB3D19F850C6EB32BDCB9BC0836ACDDB ] VSS             C:\Windows\system32\vssvc.exe
14:58:44.0484 4988  VSS - ok
14:58:44.0531 4988  [ 96EA68B9EB310A69C25EBB0282B2B9DE ] W32Time         C:\Windows\system32\w32time.dll
14:58:44.0578 4988  W32Time - ok
14:58:44.0609 4988  [ 48DFEE8F1AF7C8235D4E626F0C4FE031 ] WacomPen        C:\Windows\system32\drivers\wacompen.sys
14:58:44.0687 4988  WacomPen - ok
14:58:44.0734 4988  [ 55201897378CCA7AF8B5EFD874374A26 ] Wanarp          C:\Windows\system32\DRIVERS\wanarp.sys
14:58:44.0781 4988  Wanarp - ok
14:58:44.0796 4988  [ 55201897378CCA7AF8B5EFD874374A26 ] Wanarpv6        C:\Windows\system32\DRIVERS\wanarp.sys
14:58:44.0812 4988  Wanarpv6 - ok
14:58:44.0859 4988  [ 20B23332885DFB93FE0185362EE811E9 ] wbengine        C:\Windows\system32\wbengine.exe
14:58:44.0968 4988  wbengine - ok
14:58:44.0999 4988  [ A3CD60FD826381B49F03832590E069AF ] wcncsvc         C:\Windows\System32\wcncsvc.dll
14:58:45.0062 4988  wcncsvc - ok
14:58:45.0108 4988  [ 11BCB7AFCDD7AADACB5746F544D3A9C7 ] WcsPlugInService C:\Windows\System32\WcsPlugInService.dll
14:58:45.0140 4988  WcsPlugInService - ok
14:58:45.0171 4988  [ AFC5AD65B991C1E205CF25CFDBF7A6F4 ] Wd              C:\Windows\system32\drivers\wd.sys
14:58:45.0171 4988  Wd - ok
14:58:45.0218 4988  [ 9950E3D0F08141C7E89E64456AE7DC73 ] Wdf01000        C:\Windows\system32\drivers\Wdf01000.sys
14:58:45.0249 4988  Wdf01000 - ok
14:58:45.0280 4988  [ ABFC76B48BB6C96E3338D8943C5D93B5 ] WdiServiceHost  C:\Windows\system32\wdi.dll
14:58:45.0311 4988  WdiServiceHost - ok
14:58:45.0327 4988  [ ABFC76B48BB6C96E3338D8943C5D93B5 ] WdiSystemHost   C:\Windows\system32\wdi.dll
14:58:45.0358 4988  WdiSystemHost - ok
14:58:45.0374 4988  [ 04C37D8107320312FBAE09926103D5E2 ] WebClient       C:\Windows\System32\webclnt.dll
14:58:45.0405 4988  WebClient - ok
14:58:45.0452 4988  [ AE3736E7E8892241C23E4EBBB7453B60 ] Wecsvc          C:\Windows\system32\wecsvc.dll
14:58:45.0514 4988  Wecsvc - ok
14:58:45.0530 4988  [ 670FF720071ED741206D69BD995EA453 ] wercplsupport   C:\Windows\System32\wercplsupport.dll
14:58:45.0576 4988  wercplsupport - ok
14:58:45.0608 4988  [ 32B88481D3B326DA6DEB07B1D03481E7 ] WerSvc          C:\Windows\System32\WerSvc.dll
14:58:45.0639 4988  WerSvc - ok
14:58:45.0670 4988  [ F9AD3A5E3FD7E0BDB18B8202B0FDD4E4 ] WimFltr         C:\Windows\system32\DRIVERS\wimfltr.sys
14:58:45.0686 4988  WimFltr - ok
14:58:45.0732 4988  [ 5C7BDCF5864DB00323FE2D90FA26A8A2 ] winachsf        C:\Windows\system32\DRIVERS\VSTCNXT3.SYS
14:58:45.0826 4988  winachsf - ok
14:58:45.0857 4988  [ 4575AA12561C5648483403541D0D7F2B ] WinDefend       C:\Program Files\Windows Defender\mpsvc.dll
14:58:45.0888 4988  WinDefend - ok
14:58:45.0888 4988  WinHttpAutoProxySvc - ok
14:58:45.0920 4988  [ 6B2A1D0E80110E3D04E6863C6E62FD8A ] Winmgmt         C:\Windows\system32\wbem\WMIsvc.dll
14:58:45.0951 4988  Winmgmt - ok
14:58:46.0029 4988  [ 7CFE68BDC065E55AA5E8421607037511 ] WinRM           C:\Windows\system32\WsmSvc.dll
14:58:46.0107 4988  WinRM - ok
14:58:46.0154 4988  [ C008405E4FEEB069E30DA1D823910234 ] Wlansvc         C:\Windows\System32\wlansvc.dll
14:58:46.0216 4988  Wlansvc - ok
14:58:46.0310 4988  [ 5144AE67D60EC653F97DDF3FEED29E77 ] wlidsvc         C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
14:58:46.0403 4988  wlidsvc - ok
14:58:46.0450 4988  [ 2E7255D172DF0B8283CDFB7B433B864E ] WmiAcpi         C:\Windows\system32\DRIVERS\wmiacpi.sys
14:58:46.0497 4988  WmiAcpi - ok
14:58:46.0544 4988  [ 43BE3875207DCB62A85C8C49970B66CC ] wmiApSrv        C:\Windows\system32\wbem\WmiApSrv.exe
14:58:46.0590 4988  wmiApSrv - ok
14:58:46.0653 4988  [ 3978704576A121A9204F8CC49A301A9B ] WMPNetworkSvc   C:\Program Files\Windows Media Player\wmpnetwk.exe
14:58:46.0762 4988  WMPNetworkSvc - ok
14:58:46.0793 4988  [ 801FBDB89D472B3C467EB112A0FC9246 ] WPDBusEnum      C:\Windows\system32\wpdbusenum.dll
14:58:46.0840 4988  WPDBusEnum - ok
14:58:46.0949 4988  [ DCF3E3EDF5109EE8BC02FE6E1F045795 ] WPFFontCache_v0400 C:\Windows\Microsoft.NET\Framework\v4.0.30319\WPF\WPFFontCache_v0400.exe
14:58:47.0012 4988  WPFFontCache_v0400 - ok
14:58:47.0043 4988  [ E3A3CB253C0EC2494D4A61F5E43A389C ] ws2ifsl         C:\Windows\system32\drivers\ws2ifsl.sys
14:58:47.0105 4988  ws2ifsl - ok
14:58:47.0152 4988  [ 1CA6C40261DDC0425987980D0CD2AAAB ] wscsvc          C:\Windows\System32\wscsvc.dll
14:58:47.0199 4988  wscsvc - ok
14:58:47.0199 4988  WSearch - ok
14:58:47.0292 4988  [ FC3EC24FCE372C89423E015A2AC1A31E ] wuauserv        C:\Windows\system32\wuaueng.dll
14:58:47.0417 4988  wuauserv - ok
14:58:47.0464 4988  [ AC13CB789D93412106B0FB6C7EB2BCB6 ] WUDFRd          C:\Windows\system32\DRIVERS\WUDFRd.sys
14:58:47.0511 4988  WUDFRd - ok
14:58:47.0542 4988  [ 575A4190D989F64732119E4114045A4F ] wudfsvc         C:\Windows\System32\WUDFSvc.dll
14:58:47.0589 4988  wudfsvc - ok
14:58:47.0636 4988  ================ Scan global ===============================
14:58:47.0651 4988  [ F31EEBC1A1C81FD04005489CC3DCDFE7 ] C:\Windows\system32\basesrv.dll
14:58:47.0682 4988  [ D2293B069E4B63DC17B2F08D45E71124 ] C:\Windows\system32\winsrv.dll
14:58:47.0714 4988  [ D2293B069E4B63DC17B2F08D45E71124 ] C:\Windows\system32\winsrv.dll
14:58:47.0745 4988  [ D4E6D91C1349B7BFB3599A6ADA56851B ] C:\Windows\system32\services.exe
14:58:47.0745 4988  [Global] - ok
14:58:47.0760 4988  ================ Scan MBR ==================================
14:58:47.0760 4988  [ 6A34BB27D697BDD9E543BD56A6679BC9 ] \Device\Harddisk0\DR0
14:58:48.0057 4988  \Device\Harddisk0\DR0 - ok
14:58:48.0057 4988  ================ Scan VBR ==================================
14:58:48.0057 4988  [ 62DD8BEA18810D2D6745E9B9A15952E8 ] \Device\Harddisk0\DR0\Partition1
14:58:48.0057 4988  \Device\Harddisk0\DR0\Partition1 - ok
14:58:48.0072 4988  [ 894B770430D83C5C015B81C7B2162A59 ] \Device\Harddisk0\DR0\Partition2
14:58:48.0072 4988  \Device\Harddisk0\DR0\Partition2 - ok
14:58:48.0088 4988  [ C00DB3C72900936911E2CA4888596DBE ] \Device\Harddisk0\DR0\Partition3
14:58:48.0088 4988  \Device\Harddisk0\DR0\Partition3 - ok
14:58:48.0088 4988  ============================================================
14:58:48.0088 4988  Scan finished
14:58:48.0088 4988  ============================================================
14:58:48.0104 4692  Detected object count: 10
14:58:48.0104 4692  Actual detected object count: 10
15:00:42.0327 4692  DAMDrv ( UnsignedFile.Multi.Generic ) - skipped by user
15:00:42.0327 4692  DAMDrv ( UnsignedFile.Multi.Generic ) - User select action: Skip 
15:00:42.0342 4692  DCService.exe ( UnsignedFile.Multi.Generic ) - skipped by user
15:00:42.0342 4692  DCService.exe ( UnsignedFile.Multi.Generic ) - User select action: Skip 
15:00:42.0342 4692  FLCDLOCK ( UnsignedFile.Multi.Generic ) - skipped by user
15:00:42.0342 4692  FLCDLOCK ( UnsignedFile.Multi.Generic ) - User select action: Skip 
15:00:42.0342 4692  HP Health Check Service ( UnsignedFile.Multi.Generic ) - skipped by user
15:00:42.0342 4692  HP Health Check Service ( UnsignedFile.Multi.Generic ) - User select action: Skip 
15:00:42.0342 4692  hpqcxs08 ( UnsignedFile.Multi.Generic ) - skipped by user
15:00:42.0342 4692  hpqcxs08 ( UnsignedFile.Multi.Generic ) - User select action: Skip 
15:00:42.0358 4692  hpqddsvc ( UnsignedFile.Multi.Generic ) - skipped by user
15:00:42.0358 4692  hpqddsvc ( UnsignedFile.Multi.Generic ) - User select action: Skip 
15:00:42.0358 4692  HPSLPSVC ( UnsignedFile.Multi.Generic ) - skipped by user
15:00:42.0358 4692  HPSLPSVC ( UnsignedFile.Multi.Generic ) - User select action: Skip 
15:00:42.0358 4692  IDriverT ( UnsignedFile.Multi.Generic ) - skipped by user
15:00:42.0358 4692  IDriverT ( UnsignedFile.Multi.Generic ) - User select action: Skip 
15:00:42.0374 4692  Net Driver HPZ12 ( UnsignedFile.Multi.Generic ) - skipped by user
15:00:42.0374 4692  Net Driver HPZ12 ( UnsignedFile.Multi.Generic ) - User select action: Skip 
15:00:42.0374 4692  Pml Driver HPZ12 ( UnsignedFile.Multi.Generic ) - skipped by user
15:00:42.0374 4692  Pml Driver HPZ12 ( UnsignedFile.Multi.Generic ) - User select action: Skip
         

Alt 18.10.2012, 14:46   #38
cosinus
/// Winkelfunktion
/// TB-Süch-Tiger™
 
Security Shield Befall - Standard

Security Shield Befall



Dann bitte jetzt CF ausführen:

ComboFix

Ein Leitfaden und Tutorium zur Nutzung von ComboFix
  • Schliesse alle Programme, vor allem dein Antivirenprogramm und andere Hintergrundwächter sowie deinen Internetbrowser.
  • Starte combofix.exe von deinem Desktop aus, bestätige die Warnmeldungen, führe die Updates durch (falls vorgeschlagen), installiere die Wiederherstellungskonsole (falls vorgeschlagen) und lass dein System durchsuchen.
    Vermeide es auch während Combofix läuft die Maus und Tastatur zu benutzen.
  • Im Anschluss öffnet sich automatisch eine combofix.txt, diesen Inhalt bitte kopieren ([Strg]a, [Strg]c) und in deinen Beitrag einfügen ([Strg]v). Die Datei findest du außerdem unter: C:\ComboFix.txt.
Wichtiger Hinweis:
Combofix darf ausschließlich ausgeführt werden, wenn ein Kompetenzler dies ausdrücklich empfohlen hat!

Es sollte nie auf eigene Initiative hin ausgeführt werden! Eine falsche Benutzung kann ernsthafte Computerprobleme nach sich ziehen und eine Bereinigung der Infektion noch erschweren.

Solltest du nach der Ausführung von Combofix Probleme beim Starten von Anwendungen haben und Meldungen erhalten wie

Zitat:
Es wurde versucht, einen Registrierungsschlüssel einem ungültigen Vorgang zu unterziehen, der zum Löschen markiert wurde.
startest du Windows dann manuell neu und die Fehlermeldungen sollten nicht mehr auftauchen.
__________________
Logfiles bitte immer in CODE-Tags posten

Alt 19.10.2012, 12:20   #39
Seprom
 
Security Shield Befall - Standard

Security Shield Befall



Hab jetzt gerade dem unten stehenden Log entnommen, dass Windows Defender aktiv ist. Das war mir unbekannt und deshalb hab ich den nicht deaktiviert. Soll ich das ganze nochmal mit deaktiviertem Defender machen?


Code:
ATTFilter
ComboFix 12-10-18.03 - Roman 19.10.2012  12:30:27.1.2 - x86
Microsoft® Windows Vista™ Business   6.0.6002.2.1252.49.1031.18.2039.900 [GMT 2:00]
ausgeführt von:: c:\users\Roman\Downloads\ComboFix.exe
AV: Avira Desktop *Disabled/Updated* {F67B4DE5-C0B4-6C3F-0EFF-6C83BD5D0C2C}
SP: Avira Desktop *Disabled/Updated* {4D1AAC01-E68E-63B1-344F-57F1C6DA4691}
SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
.
((((((((((((((((((((((((((((((((((((   Weitere Löschungen   ))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\users\Roman\AppData\Local\Vensim
c:\users\Roman\AppData\Local\Vensim\venple.err
c:\users\Roman\AppData\Roaming\Local
c:\users\Roman\AppData\Roaming\Local\Temp\DDM\Settings\11.ddi
c:\users\Roman\AppData\Roaming\Local\Temp\DDM\Settings\12.ddi
c:\users\Roman\AppData\Roaming\Local\Temp\DDM\Settings\13.ddi
c:\users\Roman\AppData\Roaming\Local\Temp\DDM\Settings\99b5cc565c7330b63f45056bbb3d8cd21290207677.avi.ddr
c:\users\Roman\AppData\Roaming\Local\Temp\DDM\Settings\ind_fockers.avi.ddr
c:\users\Roman\AppData\Roaming\Local\Temp\DDM\Settings\settings.ddi
c:\users\Roman\AppData\Roaming\Local\Temp\DDM\Settings\Temporary Downloaded Files\99b5cc565c7330b63f45056bbb3d8cd21290207677.avi
c:\users\Roman\AppData\Roaming\Local\Temp\DDM\Settings\Temporary Downloaded Files\a198998cd3b6bf1f10baacafaba1ca0c.avi(2).ddp
c:\users\Roman\AppData\Roaming\Local\Temp\DDM\Settings\Temporary Downloaded Files\a198998cd3b6bf1f10baacafaba1ca0c.avi.ddp
c:\users\Roman\AppData\Roaming\Local\Temp\DDM\Settings\Temporary Downloaded Files\ba2559d5df99e3053db3ffd2e6eab4d9.ddp
c:\users\Roman\AppData\Roaming\Local\Temp\DDM\Settings\Temporary Downloaded Files\FILE260030D760921(2).ddp
c:\users\Roman\AppData\Roaming\Local\Temp\DDM\Settings\Temporary Downloaded Files\FILE260030D760921(3).ddp
c:\users\Roman\AppData\Roaming\Local\Temp\DDM\Settings\Temporary Downloaded Files\FILE260030D760921(4).ddp
c:\users\Roman\AppData\Roaming\Local\Temp\DDM\Settings\Temporary Downloaded Files\FILE260030D760921.ddp
c:\users\Roman\AppData\Roaming\Local\Temp\DDM\Settings\Temporary Downloaded Files\FILE72C7CE96F224F.plong(2).ddp
c:\users\Roman\AppData\Roaming\Local\Temp\DDM\Settings\Temporary Downloaded Files\FILE72C7CE96F224F.plong.ddp
c:\users\Roman\AppData\Roaming\Local\Temp\DDM\Settings\Temporary Downloaded Files\ind_fockers.avi
c:\users\Roman\AppData\Roaming\Local\Temp\DDM\Settings\Temporary Downloaded Files\intro_casinojack_dvd_2010_eng.avi.ddp
c:\users\Roman\AppData\Roaming\Local\Temp\DDM\Settings\Temporary Downloaded Files\pt_shark_s01e11.avi(2).ddp
c:\users\Roman\AppData\Roaming\Local\Temp\DDM\Settings\Temporary Downloaded Files\pt_shark_s01e11.avi(3).ddp
c:\users\Roman\AppData\Roaming\Local\Temp\DDM\Settings\Temporary Downloaded Files\pt_shark_s01e11.avi.ddp
c:\users\Roman\AppData\Roaming\Local\Temp\DDM\Settings\Temporary Downloaded Files\pt_shark_s01e12.avi(2).ddp
c:\users\Roman\AppData\Roaming\Local\Temp\DDM\Settings\Temporary Downloaded Files\pt_shark_s01e12.avi(3).ddp
c:\users\Roman\AppData\Roaming\Local\Temp\DDM\Settings\Temporary Downloaded Files\pt_shark_s01e12.avi.ddp
c:\users\Roman\AppData\Roaming\Local\Temp\DDM\Settings\the.simpsons.s21e01.hdtv.xvid_fqm.avi.ddr
c:\windows\system32\msstdfmt.dll
c:\windows\system32\URTTemp
c:\windows\system32\URTTemp\regtlib.exe
F:\Autorun.inf
.
Infizierte Kopie von c:\windows\system32\userinit.exe wurde gefunden und desinfiziert 
Kopie von - c:\combofix\HarddiskVolumeShadowCopy9_!Windows!System32!userinit.exe wurde wiederhergestellt 
.
.
(((((((((((((((((((((((   Dateien erstellt von 2012-09-19 bis 2012-10-19  ))))))))))))))))))))))))))))))
.
.
2012-10-19 10:42 . 2012-10-19 10:42	8646	----a-w-	c:\programdata\Microsoft\IdentityCRL\production\temp\wlidui_WLIDSVC\TILEBOX.JS
2012-10-19 10:42 . 2012-10-19 10:42	6429	----a-w-	c:\programdata\Microsoft\IdentityCRL\production\temp\wlidui_WLIDSVC\UICORE.JS
2012-10-19 10:42 . 2012-10-19 10:42	63115	----a-w-	c:\programdata\Microsoft\IdentityCRL\production\temp\wlidui_WLIDSVC\USERTILE.JS
2012-10-19 10:42 . 2012-10-19 10:42	4599	----a-w-	c:\programdata\Microsoft\IdentityCRL\production\temp\wlidui_WLIDSVC\UIRESOURCE.JS
2012-10-19 10:42 . 2012-10-19 10:42	9310	----a-w-	c:\programdata\Microsoft\IdentityCRL\production\temp\wlidui_WLIDSVC\TEXTBOX.JS
2012-10-19 10:42 . 2012-10-19 10:42	8613	----a-w-	c:\programdata\Microsoft\IdentityCRL\production\temp\wlidui_WLIDSVC\SAVEDUSER.JS
2012-10-19 10:42 . 2012-10-19 10:42	8288	----a-w-	c:\programdata\Microsoft\IdentityCRL\production\temp\wlidui_WLIDSVC\IMAGE.JS
2012-10-19 10:42 . 2012-10-19 10:42	6910	----a-w-	c:\programdata\Microsoft\IdentityCRL\production\temp\wlidui_WLIDSVC\NEWUSERCOMM.JS
2012-10-19 10:42 . 2012-10-19 10:42	6208	----a-w-	c:\programdata\Microsoft\IdentityCRL\production\temp\wlidui_WLIDSVC\LINK.JS
2012-10-19 10:42 . 2012-10-19 10:42	5927	----a-w-	c:\programdata\Microsoft\IdentityCRL\production\temp\wlidui_WLIDSVC\TEXT.JS
2012-10-19 10:42 . 2012-10-19 10:42	18541	----a-w-	c:\programdata\Microsoft\IdentityCRL\production\temp\wlidui_WLIDSVC\LOCALIZATION.JS
2012-10-19 10:42 . 2012-10-19 10:42	1651	----a-w-	c:\programdata\Microsoft\IdentityCRL\production\temp\wlidui_WLIDSVC\QUERYSTRING.JS
2012-10-19 10:41 . 2012-10-19 10:41	8782	----a-w-	c:\programdata\Microsoft\IdentityCRL\production\temp\wlidui_WLIDSVC\BUTTON.JS
2012-10-19 10:41 . 2012-10-19 10:41	7271	----a-w-	c:\programdata\Microsoft\IdentityCRL\production\temp\wlidui_WLIDSVC\CHECKBOX.JS
2012-10-19 10:41 . 2012-10-19 10:41	51852	----a-w-	c:\programdata\Microsoft\IdentityCRL\production\temp\wlidui_WLIDSVC\EXTERNALWRAPPER.JS
2012-10-19 10:41 . 2012-10-19 10:41	23327	----a-w-	c:\programdata\Microsoft\IdentityCRL\production\temp\wlidui_WLIDSVC\COMBOBOX.JS
2012-10-19 10:41 . 2012-10-19 10:41	20719	----a-w-	c:\programdata\Microsoft\IdentityCRL\production\temp\wlidui_WLIDSVC\DIVWRAPPER.JS
2012-10-19 10:40 . 2012-10-19 10:40	--------	d-----w-	c:\users\Default\AppData\Local\temp
2012-10-19 09:27 . 2012-10-17 00:32	6918632	------w-	c:\programdata\Microsoft\Windows Defender\Definition Updates\{C49E0101-D965-4A7F-92A5-9EEABBA3823F}\mpengine.dll
2012-10-16 12:16 . 2012-10-17 11:28	--------	d-----w-	C:\_OTL
2012-10-12 11:29 . 2012-05-05 09:54	137000	----a-w-	c:\windows\system32\MSMAPI32.OCX
2012-10-12 11:29 . 2012-07-29 11:59	81920	----a-w-	c:\windows\system32\pdfcmon.dll
2012-10-12 11:29 . 2012-05-05 09:54	23552	----a-w-	c:\windows\system32\MSMPIDE.DLL
2012-10-12 11:29 . 1998-07-06 16:56	125712	----a-w-	c:\windows\system32\VB6DE.DLL
2012-10-12 11:29 . 1998-07-06 16:55	158208	----a-w-	c:\windows\system32\MSCMCDE.DLL
2012-10-12 11:29 . 1998-07-06 16:55	64512	----a-w-	c:\windows\system32\MSCC2DE.DLL
2012-10-12 10:13 . 2012-06-02 00:02	985088	----a-w-	c:\windows\system32\crypt32.dll
2012-10-12 10:13 . 2012-06-02 00:02	98304	----a-w-	c:\windows\system32\cryptnet.dll
2012-10-12 10:13 . 2012-06-02 00:02	133120	----a-w-	c:\windows\system32\cryptsvc.dll
2012-10-12 10:13 . 2012-08-24 15:53	172544	----a-w-	c:\windows\system32\wintrust.dll
2012-10-12 10:13 . 2012-09-13 13:28	2048	----a-w-	c:\windows\system32\tzres.dll
2012-10-12 10:13 . 2012-08-29 11:27	3602816	----a-w-	c:\windows\system32\ntkrnlpa.exe
2012-10-12 10:13 . 2012-08-29 11:27	3550080	----a-w-	c:\windows\system32\ntoskrnl.exe
2012-09-21 12:19 . 2012-09-21 12:19	--------	d-----w-	c:\users\Roman\AppData\Roaming\elsterformular
2012-09-21 12:17 . 2012-09-21 12:18	--------	d-----w-	c:\programdata\elsterformular
2012-09-21 12:17 . 2012-09-21 12:17	--------	d-----w-	c:\program files\ElsterFormular
2012-09-19 19:33 . 2012-09-19 19:33	--------	d-----w-	c:\users\Default\AppData\Roaming\hpqLog
2012-09-19 19:32 . 2012-09-19 19:33	--------	d-----w-	c:\windows\QLB
.
.
.
((((((((((((((((((((((((((((((((((((   Find3M Bericht   ))))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2012-10-12 11:13 . 2012-04-12 13:45	696760	----a-w-	c:\windows\system32\FlashPlayerApp.exe
2012-10-12 11:13 . 2011-09-14 10:21	73656	----a-w-	c:\windows\system32\FlashPlayerCPLApp.cpl
2012-09-07 15:04 . 2012-08-30 22:10	22856	----a-w-	c:\windows\system32\drivers\mbam.sys
2012-09-03 13:10 . 2012-09-03 13:10	93672	----a-w-	c:\windows\system32\WindowsAccessBridge.dll
2012-09-03 13:10 . 2010-05-05 16:09	746984	----a-w-	c:\windows\system32\deployJava1.dll
2009-05-01 21:02 . 2012-10-13 13:10	1044480	----a-w-	c:\program files\mozilla firefox\plugins\libdivx.dll
2009-05-01 21:02 . 2012-10-13 13:10	200704	----a-w-	c:\program files\mozilla firefox\plugins\ssldivx.dll
2012-10-13 13:10 . 2012-10-13 13:10	261600	----a-w-	c:\program files\mozilla firefox\components\browsercomps.dll
.
.
((((((((((((((((((((((((((((   Autostartpunkte der Registrierung   ))))))))))))))))))))))))))))))))))))))))
.
.
*Hinweis* leere Einträge & legitime Standardeinträge werden nicht angezeigt. 
REGEDIT4
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt1]
@="{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}]
2011-02-18 05:12	94208	----a-w-	c:\users\Roman\AppData\Roaming\Dropbox\bin\DropboxExt.14.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt2]
@="{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}]
2011-02-18 05:12	94208	----a-w-	c:\users\Roman\AppData\Roaming\Dropbox\bin\DropboxExt.14.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt3]
@="{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}]
2011-02-18 05:12	94208	----a-w-	c:\users\Roman\AppData\Roaming\Dropbox\bin\DropboxExt.14.dll
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Sidebar"="c:\program files\Windows Sidebar\sidebar.exe" [2009-04-11 1233920]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"PTHOSTTR"="c:\program files\Hewlett-Packard\HP ProtectTools Security Manager\PTHOSTTR.EXE" [2007-01-09 145184]
"SynTPEnh"="c:\program files\Synaptics\SynTP\SynTPEnh.exe" [2008-03-28 1045800]
"hpWirelessAssistant"="c:\program files\Hewlett-Packard\HP Wireless Assistant\HPWAMain.exe" [2007-10-03 480560]
"HP Health Check Scheduler"="c:\program files\Hewlett-Packard\HP Health Check\HPHC_Scheduler.exe" [2008-10-09 75008]
"HP Software Update"="c:\program files\Hp\HP Software Update\HPWuSchd2.exe" [2011-01-12 49208]
"avgnt"="c:\program files\Avira\AntiVir Desktop\avgnt.exe" [2012-08-08 348664]
"SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2012-07-03 252848]
"Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2012-07-27 919008]
"QlbCtrl.exe"="c:\program files\Hewlett-Packard\HP Quick Launch Buttons\QlbCtrl.exe" [2009-11-11 287800]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce]
"ST Recovery Launcher"="c:\windows\SMINST\launcher.exe" [2007-06-06 44168]
.
c:\users\Roman\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
Dropbox.lnk - c:\users\Roman\AppData\Roaming\Dropbox\bin\Dropbox.exe [2012-5-24 27112840]
.
c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
BTTray.lnk - c:\program files\WIDCOMM\Bluetooth Software\BTTray.exe [2007-3-29 719664]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"EnableUIADesktopToggle"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\DeviceNP]
2007-06-08 08:04	49152	----a-r-	c:\windows\System32\DeviceNP.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"aux2"=wdmaud.drv
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys]
@="Driver"
.
[HKLM\~\startupfolder\C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^DVD Check.lnk]
path=c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\DVD Check.lnk
backup=c:\windows\pss\DVD Check.lnk.CommonStartup
backupExtension=.CommonStartup
.
[HKLM\~\startupfolder\C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^HP Digital Imaging Monitor.lnk]
path=c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\HP Digital Imaging Monitor.lnk
backup=c:\windows\pss\HP Digital Imaging Monitor.lnk.CommonStartup
backupExtension=.CommonStartup
.
[HKLM\~\startupfolder\C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^VPN Client.lnk]
path=c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\VPN Client.lnk
backup=c:\windows\pss\VPN Client.lnk.CommonStartup
backupExtension=.CommonStartup
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe ARM]
2012-07-27 20:51	919008	----a-w-	c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Google Update]
2010-03-18 10:29	136176	----atw-	c:\users\Roman\AppData\Local\Google\Update\GoogleUpdate.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HotKeysCmds]
2007-09-24 14:44	154136	----a-w-	c:\windows\System32\hkcmd.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\IgfxTray]
2007-09-24 14:44	141848	----a-w-	c:\windows\System32\igfxtray.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ISUSPM]
2007-03-29 13:41	222128	----a-w-	c:\programdata\Macrovision\FLEXnet Connect\6\ISUSPM.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\LightScribe Control Panel]
2007-04-19 12:26	484904	----a-w-	c:\program files\Common Files\LightScribe\LightScribeControlPanel.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\msnmsgr]
2010-04-16 20:12	3872080	----a-w-	c:\program files\Windows Live\Messenger\msnmsgr.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Persistence]
2007-09-24 14:44	129560	----a-w-	c:\windows\System32\igfxpers.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\PMCLoader]
2007-02-22 14:20	105544	------w-	c:\program files\Pinnacle\TVCenter Pro\PMCLoader.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\PMCRemote]
2007-02-12 18:12	253000	------w-	c:\program files\Pinnacle\Shared Files\Programs\Remote\remoterm.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Skype]
2012-07-03 11:23	17417392	----a-r-	c:\program files\Skype\Phone\Skype.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SoundMAXPnP]
2007-02-21 13:14	1183744	----a-w-	c:\program files\Analog Devices\Core\smax4pnp.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SunJavaUpdateSched]
2012-07-03 07:04	252848	----a-w-	c:\program files\Common Files\Java\Java Update\jusched.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\WatchDog]
2007-05-23 09:00	192512	----a-w-	c:\program files\InterVideo\DVD Check\DVDCheck.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring]
"DisableMonitoring"=dword:00000001
.
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus]
"DisableMonitoring"=dword:00000001
.
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecFirewall]
"DisableMonitoring"=dword:00000001
.
R3 AdobeFlashPlayerUpdateSvc;Adobe Flash Player Update Service;c:\windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [x]
S2 AdobeARMservice;Adobe Acrobat Update Service;c:\program files\Common Files\Adobe\ARM\1.0\armsvc.exe [x]
.
.
--- Andere Dienste/Treiber im Speicher ---
.
*NewlyCreated* - WS2IFSL
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
LocalServiceNoNetwork	REG_MULTI_SZ   	PLA DPS BFE mpssvc
bthsvcs	REG_MULTI_SZ   	BthServ
LocalServiceAndNoImpersonation	REG_MULTI_SZ   	FontCache
HPZ12	REG_MULTI_SZ   	Pml Driver HPZ12 Net Driver HPZ12
hpdevmgmt	REG_MULTI_SZ   	hpqcxs08 hpqddsvc
HPService	REG_MULTI_SZ   	HPSLPSVC
.
[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{10880D85-AAD9-4558-ABDC-2AB1552D831F}]
2007-04-19 12:23	452136	----a-w-	c:\program files\Common Files\LightScribe\LSRunOnce.exe
.
Inhalt des "geplante Tasks" Ordners
.
2012-10-19 c:\windows\Tasks\Adobe Flash Player Updater.job
- c:\windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [2012-04-12 11:13]
.
2012-10-19 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files\Google\Update\GoogleUpdate.exe [2009-11-30 20:19]
.
2012-10-19 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files\Google\Update\GoogleUpdate.exe [2009-11-30 20:19]
.
2012-10-17 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-3045474442-3283016014-914664241-1006Core.job
- c:\users\Roman\AppData\Local\Google\Update\GoogleUpdate.exe [2010-07-15 10:29]
.
2012-10-19 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-3045474442-3283016014-914664241-1006UA.job
- c:\users\Roman\AppData\Local\Google\Update\GoogleUpdate.exe [2010-07-15 10:29]
.
2011-11-06 c:\windows\Tasks\User_Feed_Synchronization-{CC3E9DAD-3CAE-4881-A6FF-68E7ACDA3A43}.job
- c:\windows\system32\msfeedssync.exe [2012-09-21 10:00]
.
.
------- Zusätzlicher Suchlauf -------
.
uStart Page = about:blank
mStart Page = hxxp://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=DE_DE&c=74&bd=smb&pf=laptop
IE: Add to Google Photos Screensa&ver - c:\windows\system32\GPhotos.scr/200
IE: Bild an &Bluetooth-Gerät senden... - c:\program files\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm
IE: Nach Microsoft E&xel exportieren - c:\progra~1\MICROS~1\Office12\EXCEL.EXE/3000
IE: Seite an &Bluetooth-Gerät senden... - c:\program files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
TCP: DhcpNameServer = 192.168.1.1
FF - ProfilePath - c:\users\Roman\AppData\Roaming\Mozilla\Firefox\Profiles\m4f927su.default\
FF - prefs.js: browser.startup.homepage - about:home
FF - ExtSQL: !HIDDEN! 2011-01-06 14:43; smartwebprinting@hp.com; c:\program files\HP\Digital Imaging\Smart Web Printing\MozillaAddOn2
.
- - - - Entfernte verwaiste Registrierungseinträge - - - -
.
MSConfigStartUp-Adobe Reader Speed Launcher - c:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe
MSConfigStartUp-DivXUpdate - c:\program files\DivX\DivX Update\DivXUpdate.exe
MSConfigStartUp-LogitechCommunicationsManager - c:\program files\Common Files\LogiShrd\LComMgr\Communications_Helper.exe
MSConfigStartUp-LogitechQuickCamRibbon - c:\program files\Logitech\QuickCam\Quickcam.exe
MSConfigStartUp-RemoTerm - c:\program files\Common Files\PCTV Systems\RemoTerm\RemoTerm.exe
AddRemove-Agere Systems Soft Modem - c:\windows\agrsmdel
AddRemove- FS-1300D Printer Library - c:\program files\Kyocera\FS-1100
AddRemove-{F38ADCA4-AF7C-4C73-9021-6F1EA15D15EA} - c:\users\Roman\AppData\Roaming\InstallShield Installation Information\{F38ADCA4-AF7C-4C73-9021-6F1EA15D15EA}\Setup.exeUNINSTALL
.
.
.
**************************************************************************
Scanne versteckte Prozesse... 
.
Scanne versteckte Autostarteinträge... 
.
Scanne versteckte Dateien... 
.
Scan erfolgreich abgeschlossen
versteckte Dateien: 
.
**************************************************************************
.
--------------------- Gesperrte Registrierungsschluessel ---------------------
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
"MSCurrentCountry"=dword:000000b5
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0001\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0002\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0003\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0004\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0005\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0006\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
--------------------- Durch laufende Prozesse gestartete DLLs ---------------------
.
- - - - - - - > 'Explorer.exe'(3964)
c:\users\Roman\AppData\Roaming\Dropbox\bin\DropboxExt.14.dll
c:\windows\system32\btncopy.dll
.
------------------------ Weitere laufende Prozesse ------------------------
.
c:\program files\Avira\AntiVir Desktop\sched.exe
c:\windows\system32\AEADISRV.EXE
c:\windows\system32\agrsmsvc.exe
c:\program files\Avira\AntiVir Desktop\avguard.exe
c:\program files\Microsoft Small Business\Business Contact Manager\BcmSqlStartupSvc.exe
c:\programdata\DatacardService\DCService.exe
c:\program files\Common Files\InterVideo\RegMgr\iviRegMgr.exe
c:\program files\Common Files\LightScribe\LSSrvc.exe
c:\program files\Malwarebytes' Anti-Malware\mbamscheduler.exe
c:\program files\Microsoft SQL Server\90\Shared\sqlbrowser.exe
c:\program files\Microsoft SQL Server\90\Shared\sqlwriter.exe
c:\program files\TeamViewer\Version7\TeamViewer_Service.exe
c:\program files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
c:\program files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe
c:\program files\Avira\AntiVir Desktop\avshadow.exe
c:\windows\system32\conime.exe
c:\windows\SMINST\scheduler.exe
c:\program files\Hewlett-Packard\HP Health Check\hphc_service.exe
c:\program files\Malwarebytes' Anti-Malware\mbamservice.exe
c:\program files\Malwarebytes' Anti-Malware\mbamgui.exe
c:\windows\servicing\TrustedInstaller.exe
.
**************************************************************************
.
Zeit der Fertigstellung: 2012-10-19  12:52:31 - PC wurde neu gestartet
ComboFix-quarantined-files.txt  2012-10-19 10:50
.
Vor Suchlauf: 9 Verzeichnis(se), 27.864.752.128 Bytes frei
Nach Suchlauf: 16 Verzeichnis(se), 27.710.889.984 Bytes frei
.
- - End Of File - - BC39CD497C22CCFE1ECD457F7004B6F6
         

Alt 19.10.2012, 15:00   #40
cosinus
/// Winkelfunktion
/// TB-Süch-Tiger™
 
Security Shield Befall - Standard

Security Shield Befall



ist schon ok so

Bitte nun Logs mit GMER und OSAM erstellen und posten.
GMER stürzt häufiger ab, wenn das Tool auch beim 2. Mal nicht will, lass es einfach weg und führ nur OSAM aus - die Online-Abfrage durch OSAM bitte überspringen.
Bei OSAM bitte darauf auch achten, dass Du das Log auch als *.log und nicht *.html oder so abspeicherst.

Hinweis: Zum Entpacken von OSAM bitte WinRAR oder 7zip verwenden! Stell auch unbedingt den Virenscanner ab, besonders der Scanner von McAfee meldet oft einen Fehalarm in OSAM!

Downloade dir bitte aswMBR.exe und speichere die Datei auf deinem Desktop.
  • Starte die aswMBR.exe - (aswMBR.exe Anleitung)
    Ab Windows Vista (oder höher) bitte mit Rechtsklick "als Administrator ausführen" starten".
  • Das Tool wird dich fragen, ob Du mit der aktuellen Virendefinition von AVAST! dein System scannen willst. Beantworte diese Frage bitte mit Ja. (Sollte deine Firewall fragen, bitte den Zugriff auf das Internet zulassen )
    Der Download der Definitionen kann je nach Verbindung eine Weile dauern.
  • Klicke auf Scan.
  • Warte bitte bis Scan finished successfully im DOS-Fenster steht.
  • Drücke auf Save Log und speichere diese auf dem Desktop.
Poste mir die aswMBR.txt in deiner nächsten Antwort.

Wichtig: Drücke keinesfalls einen der Fix Buttons ohne Anweisung

Hinweis: Sollte der Scan Button ausgeblendet sein, schließe das Tool und starte es erneut. Sollte der Scan abbrechen und das Programm abstürzen, dann teile mir das mit und wähle unter AV Scan die Einstellung (none).



Noch ein Hinweis: Sollte aswMBR abstürzen und es kommt eine Meldung wie "aswMBR.exe funktioniert nicht mehr, dann mach Folgendes:
Starte aswMBR neu, wähle unten links im Drop-Down-Menü (unten links im Fenster von aswMBR) bei "AV scan" (none) aus und klick nochmal auf den Scan-Button.
__________________
Logfiles bitte immer in CODE-Tags posten

Alt 22.10.2012, 19:45   #41
Seprom
 
Security Shield Befall - Standard

Security Shield Befall



GMER-Log:

Code:
ATTFilter
GMER 1.0.15.15641 - hxxp://www.gmer.net
Rootkit scan 2012-10-22 20:25:19
Windows 6.0.6002 Service Pack 2 Harddisk0\DR0 -> \Device\Ide\IAAStorageDevice-0 ST912081 rev.3.AH
Running: 4jj9fcng.exe; Driver: C:\Users\Roman\AppData\Local\Temp\kgdiapog.sys


---- System - GMER 1.0.15 ----

SSDT            8DDBF39E                                                                                                            ZwCreateSection
SSDT            8DDBF3A8                                                                                                            ZwRequestWaitReplyPort
SSDT            8DDBF3A3                                                                                                            ZwSetContextThread
SSDT            8DDBF3AD                                                                                                            ZwSetSecurityObject
SSDT            8DDBF3B2                                                                                                            ZwSystemDebugControl
SSDT            8DDBF33F                                                                                                            ZwTerminateProcess

---- Kernel code sections - GMER 1.0.15 ----

.text           ntkrnlpa.exe!KeSetEvent + 215                                                                                       828B28D8 4 Bytes  [9E, F3, DB, 8D]
.text           ntkrnlpa.exe!KeSetEvent + 539                                                                                       828B2BFC 4 Bytes  [A8, F3, DB, 8D]
.text           ntkrnlpa.exe!KeSetEvent + 56D                                                                                       828B2C30 4 Bytes  [A3, F3, DB, 8D]
.text           ntkrnlpa.exe!KeSetEvent + 5D1                                                                                       828B2C94 4 Bytes  [AD, F3, DB, 8D]
.text           ntkrnlpa.exe!KeSetEvent + 619                                                                                       828B2CDC 4 Bytes  [B2, F3, DB, 8D]
.text           ...                                                                                                                 

---- User IAT/EAT - GMER 1.0.15 ----

IAT             C:\Windows\Explorer.EXE[4008] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdiplusShutdown]                               [74AA7817] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6002.18581_none_9e591052ca1013d0\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT             C:\Windows\Explorer.EXE[4008] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipCloneImage]                                [74AEB4E9] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6002.18581_none_9e591052ca1013d0\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT             C:\Windows\Explorer.EXE[4008] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipDrawImageRectI]                            [74AABB22] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6002.18581_none_9e591052ca1013d0\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT             C:\Windows\Explorer.EXE[4008] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipSetInterpolationMode]                      [74A9F695] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6002.18581_none_9e591052ca1013d0\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT             C:\Windows\Explorer.EXE[4008] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdiplusStartup]                                [74AA75E9] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6002.18581_none_9e591052ca1013d0\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT             C:\Windows\Explorer.EXE[4008] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipCreateFromHDC]                             [74A9E7CA] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6002.18581_none_9e591052ca1013d0\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT             C:\Windows\Explorer.EXE[4008] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipCreateBitmapFromStreamICM]                 [74AD73F5] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6002.18581_none_9e591052ca1013d0\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT             C:\Windows\Explorer.EXE[4008] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipCreateBitmapFromStream]                    [74AADA60] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6002.18581_none_9e591052ca1013d0\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT             C:\Windows\Explorer.EXE[4008] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipGetImageHeight]                            [74A9FFFA] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6002.18581_none_9e591052ca1013d0\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT             C:\Windows\Explorer.EXE[4008] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipGetImageWidth]                             [74A9FF61] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6002.18581_none_9e591052ca1013d0\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT             C:\Windows\Explorer.EXE[4008] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipDisposeImage]                              [74A971CF] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6002.18581_none_9e591052ca1013d0\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT             C:\Windows\Explorer.EXE[4008] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipLoadImageFromFileICM]                      [74B2CAE2] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6002.18581_none_9e591052ca1013d0\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT             C:\Windows\Explorer.EXE[4008] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipLoadImageFromFile]                         [74ACC8D8] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6002.18581_none_9e591052ca1013d0\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT             C:\Windows\Explorer.EXE[4008] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipDeleteGraphics]                            [74A9D968] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6002.18581_none_9e591052ca1013d0\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT             C:\Windows\Explorer.EXE[4008] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipFree]                                      [74A96853] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6002.18581_none_9e591052ca1013d0\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT             C:\Windows\Explorer.EXE[4008] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipAlloc]                                     [74A9687E] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6002.18581_none_9e591052ca1013d0\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT             C:\Windows\Explorer.EXE[4008] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipSetCompositingMode]                        [74AA2AD1] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6002.18581_none_9e591052ca1013d0\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)

---- Devices - GMER 1.0.15 ----

AttachedDevice  \Driver\kbdclass \Device\KeyboardClass0                                                                             Wdf01000.sys (Kernelmodustreiber-Frameworklaufzeit/Microsoft Corporation)

---- Registry - GMER 1.0.15 ----

Reg             HKLM\SYSTEM\CurrentControlSet\Services\BTHPORT\Parameters\Keys\0016411f4768                                         
Reg             HKLM\SYSTEM\CurrentControlSet\Services\BTHPORT\Parameters\Keys\001e37624b73                                         
Reg             HKLM\SYSTEM\CurrentControlSet\Services\BTHPORT\Parameters\Keys\002186316121                                         
Reg             HKLM\SYSTEM\CurrentControlSet\Services\BTHPORT\Parameters\Keys\002186316121@0016bc31297e                            0xC6 0x96 0x87 0xE6 ...
Reg             HKLM\SYSTEM\CurrentControlSet\Services\BTHPORT\Parameters\Keys\002186316121@080046ca4898                            0x79 0x90 0x93 0x5D ...
Reg             HKLM\SYSTEM\CurrentControlSet\Services\BTHPORT\Parameters\Keys\002186316121@0021d2566fb2                            0x11 0xE6 0xD7 0xD3 ...
Reg             HKLM\SYSTEM\CurrentControlSet\Services\BTHPORT\Parameters\Keys\002186316121@00265f7f73c8                            0xB8 0x1D 0xC6 0xB2 ...
Reg             HKLM\SYSTEM\CurrentControlSet\Services\BTHPORT\Parameters\Keys\002186316121@001e7da8410f                            0x2D 0xF7 0x8E 0x2F ...
Reg             HKLM\SYSTEM\ControlSet002\Services\BTHPORT\Parameters\Keys\0016411f4768 (not active ControlSet)                     
Reg             HKLM\SYSTEM\ControlSet002\Services\BTHPORT\Parameters\Keys\001e37624b73 (not active ControlSet)                     
Reg             HKLM\SYSTEM\ControlSet002\Services\BTHPORT\Parameters\Keys\002186316121 (not active ControlSet)                     
Reg             HKLM\SYSTEM\ControlSet002\Services\BTHPORT\Parameters\Keys\002186316121@0016bc31297e                                0xC6 0x96 0x87 0xE6 ...
Reg             HKLM\SYSTEM\ControlSet002\Services\BTHPORT\Parameters\Keys\002186316121@080046ca4898                                0x79 0x90 0x93 0x5D ...
Reg             HKLM\SYSTEM\ControlSet002\Services\BTHPORT\Parameters\Keys\002186316121@0021d2566fb2                                0x11 0xE6 0xD7 0xD3 ...
Reg             HKLM\SYSTEM\ControlSet002\Services\BTHPORT\Parameters\Keys\002186316121@00265f7f73c8                                0xB8 0x1D 0xC6 0xB2 ...
Reg             HKLM\SYSTEM\ControlSet002\Services\BTHPORT\Parameters\Keys\002186316121@001e7da8410f                                0x2D 0xF7 0x8E 0x2F ...
Reg             HKLM\SOFTWARE\Classes\CLSID\{47629D4B-2AD3-4e50-B716-A66C15C63153}\InprocServer32                                   
Reg             HKLM\SOFTWARE\Classes\CLSID\{47629D4B-2AD3-4e50-B716-A66C15C63153}\InprocServer32@ThreadingModel                    Apartment
Reg             HKLM\SOFTWARE\Classes\CLSID\{47629D4B-2AD3-4e50-B716-A66C15C63153}\InprocServer32@                                  C:\Windows\system32\OLE32.DLL
Reg             HKLM\SOFTWARE\Classes\CLSID\{47629D4B-2AD3-4e50-B716-A66C15C63153}\InprocServer32@cd042efbbd7f7af1647644e76e06692b  0xC8 0x28 0x51 0xAF ...
Reg             HKLM\SOFTWARE\Classes\CLSID\{604BB98A-A94F-4a5c-A67C-D8D3582C741C}\InprocServer32                                   
Reg             HKLM\SOFTWARE\Classes\CLSID\{604BB98A-A94F-4a5c-A67C-D8D3582C741C}\InprocServer32@ThreadingModel                    Apartment
Reg             HKLM\SOFTWARE\Classes\CLSID\{604BB98A-A94F-4a5c-A67C-D8D3582C741C}\InprocServer32@                                  C:\Windows\system32\OLE32.DLL
Reg             HKLM\SOFTWARE\Classes\CLSID\{604BB98A-A94F-4a5c-A67C-D8D3582C741C}\InprocServer32@bca643cdc5c2726b20d2ecedcc62c59b  0x6A 0x9C 0xD6 0x61 ...
Reg             HKLM\SOFTWARE\Classes\CLSID\{684373FB-9CD8-4e47-B990-5A4466C16034}\InprocServer32                                   
Reg             HKLM\SOFTWARE\Classes\CLSID\{684373FB-9CD8-4e47-B990-5A4466C16034}\InprocServer32@ThreadingModel                    Apartment
Reg             HKLM\SOFTWARE\Classes\CLSID\{684373FB-9CD8-4e47-B990-5A4466C16034}\InprocServer32@                                  C:\Windows\system32\OLE32.DLL
Reg             HKLM\SOFTWARE\Classes\CLSID\{684373FB-9CD8-4e47-B990-5A4466C16034}\InprocServer32@2c81e34222e8052573023a60d06dd016  0xFF 0x7C 0x85 0xE0 ...
Reg             HKLM\SOFTWARE\Classes\CLSID\{74554CCD-F60F-4708-AD98-D0152D08C8B9}\InprocServer32                                   
Reg             HKLM\SOFTWARE\Classes\CLSID\{74554CCD-F60F-4708-AD98-D0152D08C8B9}\InprocServer32@ThreadingModel                    Apartment
Reg             HKLM\SOFTWARE\Classes\CLSID\{74554CCD-F60F-4708-AD98-D0152D08C8B9}\InprocServer32@                                  C:\Windows\system32\OLE32.DLL
Reg             HKLM\SOFTWARE\Classes\CLSID\{74554CCD-F60F-4708-AD98-D0152D08C8B9}\InprocServer32@2582ae41fb52324423be06337561aa48  0x86 0x8C 0x21 0x01 ...
Reg             HKLM\SOFTWARE\Classes\CLSID\{7EB537F9-A916-4339-B91B-DED8E83632C0}\InprocServer32                                   
Reg             HKLM\SOFTWARE\Classes\CLSID\{7EB537F9-A916-4339-B91B-DED8E83632C0}\InprocServer32@ThreadingModel                    Apartment
Reg             HKLM\SOFTWARE\Classes\CLSID\{7EB537F9-A916-4339-B91B-DED8E83632C0}\InprocServer32@                                  C:\Windows\system32\OLE32.DLL
Reg             HKLM\SOFTWARE\Classes\CLSID\{7EB537F9-A916-4339-B91B-DED8E83632C0}\InprocServer32@caaeda5fd7a9ed7697d9686d4b818472  0xF5 0x1D 0x4D 0x73 ...
Reg             HKLM\SOFTWARE\Classes\CLSID\{948395E8-7A56-4fb1-843B-3E52D94DB145}\InprocServer32                                   
Reg             HKLM\SOFTWARE\Classes\CLSID\{948395E8-7A56-4fb1-843B-3E52D94DB145}\InprocServer32@ThreadingModel                    Apartment
Reg             HKLM\SOFTWARE\Classes\CLSID\{948395E8-7A56-4fb1-843B-3E52D94DB145}\InprocServer32@                                  C:\Windows\system32\OLE32.DLL
Reg             HKLM\SOFTWARE\Classes\CLSID\{948395E8-7A56-4fb1-843B-3E52D94DB145}\InprocServer32@a4a1bcf2cc2b8bc3716b74b2b4522f5d  0xDF 0x20 0x58 0x62 ...
Reg             HKLM\SOFTWARE\Classes\CLSID\{AC3ED30B-6F1A-4bfc-A4F6-2EBDCCD34C19}\InprocServer32                                   
Reg             HKLM\SOFTWARE\Classes\CLSID\{AC3ED30B-6F1A-4bfc-A4F6-2EBDCCD34C19}\InprocServer32@ThreadingModel                    Apartment
Reg             HKLM\SOFTWARE\Classes\CLSID\{AC3ED30B-6F1A-4bfc-A4F6-2EBDCCD34C19}\InprocServer32@                                  C:\Windows\system32\OLE32.DLL
Reg             HKLM\SOFTWARE\Classes\CLSID\{AC3ED30B-6F1A-4bfc-A4F6-2EBDCCD34C19}\InprocServer32@4d370831d2c43cd13623e232fed27b7b  0x31 0x77 0xE1 0xBA ...
Reg             HKLM\SOFTWARE\Classes\CLSID\{DE5654CA-EB84-4df9-915B-37E957082D6D}\InprocServer32                                   
Reg             HKLM\SOFTWARE\Classes\CLSID\{DE5654CA-EB84-4df9-915B-37E957082D6D}\InprocServer32@ThreadingModel                    Apartment
Reg             HKLM\SOFTWARE\Classes\CLSID\{DE5654CA-EB84-4df9-915B-37E957082D6D}\InprocServer32@                                  C:\Windows\system32\OLE32.DLL
Reg             HKLM\SOFTWARE\Classes\CLSID\{DE5654CA-EB84-4df9-915B-37E957082D6D}\InprocServer32@1d68fe701cdea33e477eb204b76f993d  0x83 0x6C 0x56 0x8B ...
Reg             HKLM\SOFTWARE\Classes\CLSID\{E39C35E8-7488-4926-92B2-2F94619AC1A5}\InprocServer32                                   
Reg             HKLM\SOFTWARE\Classes\CLSID\{E39C35E8-7488-4926-92B2-2F94619AC1A5}\InprocServer32@ThreadingModel                    Apartment
Reg             HKLM\SOFTWARE\Classes\CLSID\{E39C35E8-7488-4926-92B2-2F94619AC1A5}\InprocServer32@                                  C:\Windows\system32\OLE32.DLL
Reg             HKLM\SOFTWARE\Classes\CLSID\{E39C35E8-7488-4926-92B2-2F94619AC1A5}\InprocServer32@1fac81b91d8e3c5aa4b0a51804d844a3  0xF6 0x0F 0x4E 0x58 ...
Reg             HKLM\SOFTWARE\Classes\CLSID\{EACAFCE5-B0E2-4288-8073-C02FF9619B6F}\InprocServer32                                   
Reg             HKLM\SOFTWARE\Classes\CLSID\{EACAFCE5-B0E2-4288-8073-C02FF9619B6F}\InprocServer32@ThreadingModel                    Apartment
Reg             HKLM\SOFTWARE\Classes\CLSID\{EACAFCE5-B0E2-4288-8073-C02FF9619B6F}\InprocServer32@                                  C:\Windows\system32\OLE32.DLL
Reg             HKLM\SOFTWARE\Classes\CLSID\{EACAFCE5-B0E2-4288-8073-C02FF9619B6F}\InprocServer32@f5f62a6129303efb32fbe080bb27835b  0x3D 0xCE 0xEA 0x26 ...
Reg             HKLM\SOFTWARE\Classes\CLSID\{F8F02ADD-7366-4186-9488-C21CB8B3DCEC}\InprocServer32                                   
Reg             HKLM\SOFTWARE\Classes\CLSID\{F8F02ADD-7366-4186-9488-C21CB8B3DCEC}\InprocServer32@ThreadingModel                    Apartment
Reg             HKLM\SOFTWARE\Classes\CLSID\{F8F02ADD-7366-4186-9488-C21CB8B3DCEC}\InprocServer32@                                  C:\Windows\system32\OLE32.DLL
Reg             HKLM\SOFTWARE\Classes\CLSID\{F8F02ADD-7366-4186-9488-C21CB8B3DCEC}\InprocServer32@fd4e2e1a3940b94dceb5a6a021f2e3c6  0xE3 0x0E 0x66 0xD5 ...
Reg             HKLM\SOFTWARE\Classes\CLSID\{FEE45DE2-A467-4bf9-BF2D-1411304BCD84}\InprocServer32                                   
Reg             HKLM\SOFTWARE\Classes\CLSID\{FEE45DE2-A467-4bf9-BF2D-1411304BCD84}\InprocServer32@ThreadingModel                    Apartment
Reg             HKLM\SOFTWARE\Classes\CLSID\{FEE45DE2-A467-4bf9-BF2D-1411304BCD84}\InprocServer32@                                  C:\Windows\system32\OLE32.DLL
Reg             HKLM\SOFTWARE\Classes\CLSID\{FEE45DE2-A467-4bf9-BF2D-1411304BCD84}\InprocServer32@8a8aec57dd6508a385616fbc86791ec2  0x6C 0x43 0x2D 0x1E ...

---- EOF - GMER 1.0.15 ----
         

OSAM-Log:

Code:
ATTFilter
Report of OSAM: Autorun Manager v5.0.11926.0
hxxp://www.online-solutions.ru/en/
Saved at 20:35:57 on 22.10.2012

OS: Windows Vista Business Edition Service Pack 2 (Build 6002), 32-bit
Default Browser: Mozilla Corporation Firefox 16.0.1

Scanner Settings
[x] Rootkits detection (hidden registry)
[x] Rootkits detection (hidden files)
[x] Retrieve files information
[x] Check Microsoft signatures

Filters
[ ] Trusted entries
[ ] Empty entries
[x] Hidden registry entries (rootkit activity)
[x] Exclusively opened files
[x] Not found files
[x] Files without detailed information
[x] Existing files
[ ] Non-startable services
[ ] Non-startable drivers
[x] Active entries
[x] Disabled entries


[Common]
-----( %SystemRoot%\Tasks )-----
"GoogleUpdateTaskMachineCore.job" - "Google Inc." - C:\Program Files\Google\Update\GoogleUpdate.exe
"GoogleUpdateTaskMachineUA.job" - "Google Inc." - C:\Program Files\Google\Update\GoogleUpdate.exe
"GoogleUpdateTaskUserS-1-5-21-3045474442-3283016014-914664241-1006Core.job" - "Google Inc." - C:\Users\Roman\AppData\Local\Google\Update\GoogleUpdate.exe
"GoogleUpdateTaskUserS-1-5-21-3045474442-3283016014-914664241-1006UA.job" - "Google Inc." - C:\Users\Roman\AppData\Local\Google\Update\GoogleUpdate.exe
"Adobe Flash Player Updater.job" - "Adobe Systems Incorporated" - C:\Windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe

[Control Panel Objects]
-----( %SystemRoot%\system32 )-----
"FlashPlayerCPLApp.cpl" - "Adobe Systems Incorporated" - C:\Windows\system32\FlashPlayerCPLApp.cpl
"ISUSPM.cpl" - "Macrovision Corporation" - C:\Windows\system32\ISUSPM.cpl
-----( HKLM\Software\Microsoft\Windows\CurrentVersion\Control Panel\Cpls )-----
"CinePlayer DVD Decoder Options" - "Sonic Solutions" - c:\Program Files\Roxio\CinePlayer Decoder Pack\cmdvdpak.cpl
"mlcfg32.cpl" - "Microsoft Corporation" - C:\PROGRA~1\MICROS~1\Office12\MLCFG32.CPL

[Drivers]
-----( HKLM\SYSTEM\CurrentControlSet\Services )-----
"avgntflt" (avgntflt) - "Avira GmbH" - C:\Windows\System32\DRIVERS\avgntflt.sys
"avipbb" (avipbb) - "Avira GmbH" - C:\Windows\System32\DRIVERS\avipbb.sys
"avkmgr" (avkmgr) - "Avira GmbH" - C:\Windows\System32\DRIVERS\avkmgr.sys
"catchme" (catchme) - ? - C:\ComboFix\catchme.sys  (File not found)
"DAMDrv" (DAMDrv) - "Hewlett-Packard Development Company L.P." - C:\Windows\System32\DRIVERS\DAMDrv.sys
"IP in IP Tunnel Driver" (IpInIp) - ? - C:\Windows\System32\DRIVERS\ipinip.sys  (File not found)
"IPX Traffic Filter Driver" (NwlnkFlt) - ? - C:\Windows\System32\DRIVERS\nwlnkflt.sys  (File not found)
"IPX Traffic Forwarder Driver" (NwlnkFwd) - ? - C:\Windows\System32\DRIVERS\nwlnkfwd.sys  (File not found)
"kgdiapog" (kgdiapog) - ? - C:\Users\Roman\AppData\Local\Temp\kgdiapog.sys  (Hidden registry entry, rootkit activity | File not found)
"MBAMProtector" (MBAMProtector) - "Malwarebytes Corporation" - C:\Windows\system32\drivers\mbam.sys
"PxHelp20" (PxHelp20) - "Sonic Solutions" - C:\Windows\System32\Drivers\PxHelp20.sys
"ssmdrv" (ssmdrv) - "Avira GmbH" - C:\Windows\System32\DRIVERS\ssmdrv.sys
"WimFltr" (WimFltr) - "Microsoft Corporation" - C:\Windows\System32\DRIVERS\wimfltr.sys

[Explorer]
-----( HKCU\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved )-----
{FB314ED9-A251-47B7-93E1-CDD82E34AF8B} "DropboxExt" - ? -   (File not found | COM-object registry key not found)
{FB314EDA-A251-47B7-93E1-CDD82E34AF8B} "DropboxExt" - ? -   (File not found | COM-object registry key not found)
{FB314EDB-A251-47B7-93E1-CDD82E34AF8B} "DropboxExt" - ? -   (File not found | COM-object registry key not found)
{FB314EDC-A251-47B7-93E1-CDD82E34AF8B} "DropboxExt" - ? -   (File not found | COM-object registry key not found)
-----( HKLM\SOFTWARE\Microsoft\Active Setup\Installed Components )-----
{10880D85-AAD9-4558-ABDC-2AB1552D831F} "LightScribe Control Panel" - "Hewlett-Packard Company" - "C:\Program Files\Common Files\LightScribe\LSRunOnce.exe"
-----( HKLM\Software\Classes\Folder\shellex\ColumnHandlers )-----
{F9DB5320-233E-11D1-9F84-707F02C10627} "PDF Shell Extension" - "Adobe Systems, Inc." - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\PDFShell.dll
-----( HKLM\Software\Classes\Protocols\Filter )-----
{807563E5-5146-11D5-A672-00B0D022E945} "Microsoft Office InfoPath XML Mime Filter" - "Microsoft Corporation" - C:\PROGRA~1\COMMON~1\MICROS~1\OFFICE12\MSOXMLMF.DLL
-----( HKLM\Software\Classes\Protocols\Handler )-----
{32505114-5902-49B2-880A-1F7738E5A384} "Data Page Plugable Protocal mso-offdap11 Handler" - "Microsoft Corporation" - C:\PROGRA~1\COMMON~1\MICROS~1\WEBCOM~1\11\OWC11.DLL
{314111c7-a502-11d2-bbca-00c04f8ec294} "HxProtocol Class" - "Microsoft Corporation" - C:\Program Files\Common Files\Microsoft Shared\Help\hxds.dll
{FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} "IEProtocolHandler Class" - "Skype Technologies" - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
{828030A1-22C1-4009-854F-8E305202313F} "livecall" - "Microsoft Corporation" - C:\PROGRA~1\WI1F86~1\MESSEN~1\MSGRAP~1.DLL
{828030A1-22C1-4009-854F-8E305202313F} "msnim" - "Microsoft Corporation" - C:\PROGRA~1\WI1F86~1\MESSEN~1\MSGRAP~1.DLL
-----( HKLM\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved )-----
{911051fa-c21c-4246-b470-070cd8df6dc4} ".cab or .zip files" - ? -   (File not found | COM-object registry key not found)
{23170F69-40C1-278A-1000-000100020000} "7-Zip Shell Extension" - "Igor Pavlov" - C:\Program Files\7-Zip\7-zip.dll
{1b24a030-9b20-49bc-97ac-1be4426f9e59} "ActiveDirectory Folder" - ? -   (File not found | COM-object registry key not found)
{34449847-FD14-4fc8-A75A-7432F5181EFB} "ActiveDirectory Folder" - ? -   (File not found | COM-object registry key not found)
{0F8604A5-4ECE-4DE1-BA7D-CF10F8AA4F48} "Contacts folder" - ? -   (File not found | COM-object registry key not found)
{2C2577C2-63A7-40e3-9B7F-586602617ECB} "Explorer Query Band" - ? -   (File not found | COM-object registry key not found)
{FAC3CBF6-8697-43d0-BAB9-DCD1FCE19D75} "IE User Assist" - ? -   (File not found | COM-object registry key not found)
{42042206-2D85-11D3-8CFF-005004838597} "Microsoft Office HTML Icon Handler" - "Microsoft Corporation" - C:\PROGRA~1\MICROS~1\Office12\MSOHEVI.DLL
{993BE281-6695-4BA5-8A2A-7AACBFAAB69E} "Microsoft Office Metadata Handler" - "Microsoft Corporation" - C:\PROGRA~1\COMMON~1\MICROS~1\OFFICE12\msoshext.dll
{00020d75-0000-0000-c000-000000000046} "Microsoft Office Outlook" - "Microsoft Corporation" - C:\PROGRA~1\MICROS~1\Office12\MLSHEXT.DLL
{C41662BB-1FA0-4CE0-8DC5-9B7F8279FF97} "Microsoft Office Thumbnail Handler" - "Microsoft Corporation" - C:\PROGRA~1\COMMON~1\MICROS~1\OFFICE12\msoshext.dll
{7842554E-6BED-11D2-8CDB-B05550C10000} "Monitor Class" - "Broadcom Corporation." - C:\Windows\system32\btncopy.dll
{0006F045-0000-0000-C000-000000000046} "Outlook File Icon Extension" - "Microsoft Corporation" - C:\PROGRA~1\MICROS~1\Office12\OLKFSTUB.DLL
{C8494E42-ACDD-4739-B0FB-217361E4894F} "Sam Account Folder" - ? -   (File not found | COM-object registry key not found)
{E29F9716-5C08-4FCD-955A-119FDB5A522D} "Sam Account Folder" - ? -   (File not found | COM-object registry key not found)
{7F67036B-66F1-411A-AD85-759FB9C5B0DB} "SampleView" - "XSS" - C:\Windows\System32\ShellvRTF.dll
{45AC2688-0253-4ED8-97DE-B5370FA7D48A} "Shell Extension for Malware scanning" - "Avira Operations GmbH & Co. KG" - C:\Program Files\Avira\AntiVir Desktop\shlext.dll
{0a4286ea-e355-44fb-8086-af3df7645bd9} "Windows Media Player" - ? -   (File not found | COM-object registry key not found)
{da67b8ad-e81b-4c70-9b91b417b5e33527} "Windows Search Shell Service" - ? -   (File not found | COM-object registry key not found)

[Internet Explorer]
-----( HKCU\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser )-----
ITBar7Height "ITBar7Height" - ? -   (File not found | COM-object registry key not found)
<binary data> "ITBar7Layout" - ? -   (File not found | COM-object registry key not found)
-----( HKLM\SOFTWARE\Microsoft\Code Store Database\Distribution Units )-----
{CAFEEFAC-0017-0000-0005-ABCDEFFEDCBA} "Java Plug-in 1.7.0_05" - "Oracle Corporation" - C:\Program Files\Java\jre7\bin\jp2iexp.dll / hxxp://java.sun.com/update/1.7.0/jinstall-1_7_0_05-windows-i586.cab
{8AD9C840-044E-11D1-B3E9-00805F499D93} "Java Plug-in 10.7.2" - "Oracle Corporation" - C:\Program Files\Java\jre7\bin\jp2iexp.dll / hxxp://java.sun.com/update/1.7.0/jinstall-1_7_0_05-windows-i586.cab
{CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} "Java Plug-in 10.7.2" - "Oracle Corporation" - C:\Program Files\Java\jre7\bin\jp2iexp.dll / hxxp://java.sun.com/update/1.7.0/jinstall-1_7_0_05-windows-i586.cab
-----( HKLM\SOFTWARE\Microsoft\Internet Explorer\Extensions )-----
"@btrez.dll,-4015" - ? - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
{0B4350D1-055F-47A3-B112-5F2F2B0D6F08} "ClsidExtension" - "Google Inc." - C:\Program Files\Google\Google Gears\Internet Explorer\0.5.36.0\gears.dll
{DDE87865-83C5-48c4-8357-2F5B1AA84522} "HP Intelligente Auswahl" - "Hewlett-Packard Co." - C:\Program Files\HP\Digital Imaging\Smart Web Printing\hpswp_BHO.dll
{FF059E31-CC5A-4E2E-BF3B-96E929D65503} "Research" - "Microsoft Corporation" - C:\PROGRA~1\MICROS~1\Office12\REFIEBAR.DLL
-----( HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects )-----
{18DF081C-E8AD-4283-A596-FA578C2EBDC3} "Adobe PDF Link Helper" - "Adobe Systems Incorporated" - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
{E0FEFE40-FBF9-42AE-BA58-794CA7E3FB53} "Google Gears Helper" - "Google Inc." - C:\Program Files\Google\Google Gears\Internet Explorer\0.5.36.0\gears.dll
{FFFFFFFF-CF4E-4F2B-BDC2-0E72E116A856} "HP Smart BHO Class" - "Hewlett-Packard Co." - C:\Program Files\HP\Digital Imaging\Smart Web Printing\hpswp_BHO.dll
{DBC80044-A445-435b-BC74-9C25C1C588A9} "Java(tm) Plug-In 2 SSV Helper" - "Oracle Corporation" - C:\Program Files\Java\jre7\bin\jp2ssv.dll
{761497BB-D6F0-462C-B6EB-D4DAF1D92D43} "Java(tm) Plug-In SSV Helper" - "Oracle Corporation" - C:\Program Files\Java\jre7\bin\ssv.dll
{9030D464-4C02-4ABF-8ECC-5164760863C6} "Windows Live ID-Anmelde-Hilfsprogramm" - "Microsoft Corporation" - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll

[Logon]
-----( %APPDATA%\Microsoft\Windows\Start Menu\Programs\Startup )-----
"desktop.ini" - ? - C:\Users\Roman\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\desktop.ini
"Dropbox.lnk" - "Dropbox, Inc." - C:\Users\Roman\AppData\Roaming\Dropbox\bin\Dropbox.exe  (Shortcut exists | File exists)
-----( %AllUsersProfile%\Microsoft\Windows\Start Menu\Programs\Startup )-----
"desktop.ini" - ? - C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\desktop.ini
"BTTray.lnk" - "Broadcom Corporation." - C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe  (Shortcut exists | File exists)
-----( HKLM\Software\Microsoft\Windows\CurrentVersion\Run )-----
"Adobe ARM" - "Adobe Systems Incorporated" - "C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
"avgnt" - "Avira Operations GmbH & Co. KG" - "C:\Program Files\Avira\AntiVir Desktop\avgnt.exe" /min
"HP Health Check Scheduler" - "Hewlett-Packard" - c:\Program Files\Hewlett-Packard\HP Health Check\HPHC_Scheduler.exe
"HP Software Update" - "Hewlett-Packard" - C:\Program Files\Hp\HP Software Update\HPWuSchd2.exe
"hpWirelessAssistant" - "Hewlett-Packard Development Company, L.P." - C:\Program Files\Hewlett-Packard\HP Wireless Assistant\HPWAMain.exe
"PTHOSTTR" - "Hewlett-Packard Development Company, L.P." - C:\Program Files\Hewlett-Packard\HP ProtectTools Security Manager\PTHOSTTR.EXE /Start
"QlbCtrl.exe" - " Hewlett-Packard Development Company, L.P." - C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\QlbCtrl.exe /Start
"SunJavaUpdateSched" - "Sun Microsystems, Inc." - "C:\Program Files\Common Files\Java\Java Update\jusched.exe"
-----( HKLM\Software\Microsoft\Windows\CurrentVersion\RunOnce )-----
"ST Recovery Launcher" - "soft thinks" - %WINDIR%\SMINST\launcher.exe

[Print Monitors]
-----( HKLM\SYSTEM\CurrentControlSet\Control\Print\Monitors )-----
"KM Language Monitor" - "KYOCERA MITA Corporation" - C:\Windows\system32\KMPJLMN.DLL
"PCL hpf3l082" - "Hewlett-Packard Company" - C:\Windows\system32\hpf3l082.dll
"pdfcmon" - "pdfforge GbR" - C:\Windows\system32\pdfcmon.dll
"Redirected Port" - ? - C:\Windows\system32\redmonnt.dll  (File found, but it contains no detailed information)

[Services]
-----( HKLM\SYSTEM\CurrentControlSet\Services )-----
"@c:\Windows\Microsoft.NET\Framework\v4.0.30319\WPF\WPFFontCache_v0400.exe,-100" (WPFFontCache_v0400) - "Microsoft Corporation" - C:\Windows\Microsoft.NET\Framework\v4.0.30319\WPF\WPFFontCache_v0400.exe
"Adobe Acrobat Update Service" (AdobeARMservice) - "Adobe Systems Incorporated" - C:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe
"Adobe Flash Player Update Service" (AdobeFlashPlayerUpdateSvc) - "Adobe Systems Incorporated" - C:\Windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe
"Avira Echtzeit Scanner" (AntiVirService) - "Avira Operations GmbH & Co. KG" - C:\Program Files\Avira\AntiVir Desktop\avguard.exe
"Avira Planer" (AntiVirSchedulerService) - "Avira Operations GmbH & Co. KG" - C:\Program Files\Avira\AntiVir Desktop\sched.exe
"Com4QLBEx" (Com4QLBEx) - "Hewlett-Packard Development Company, L.P." - C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\Com4QLBEx.exe
"DCService.exe" (DCService.exe) - ? - C:\ProgramData\DatacardService\DCService.exe
"Google Update Service (gupdate)" (gupdate) - "Google Inc." - C:\Program Files\Google\Update\GoogleUpdate.exe
"Google Update-Dienst (gupdatem)" (gupdatem) - "Google Inc." - C:\Program Files\Google\Update\GoogleUpdate.exe
"Google Updater Service" (gusvc) - "Google" - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
"HP CUE DeviceDiscovery Service" (hpqddsvc) - "Hewlett-Packard Co." - C:\Program Files\HP\Digital Imaging\bin\hpqddsvc.dll
"HP Health Check Service" (HP Health Check Service) - "Hewlett-Packard" - c:\Program Files\Hewlett-Packard\HP Health Check\hphc_service.exe
"HP Network Devices Support" (HPSLPSVC) - "Hewlett-Packard Co." - C:\Program Files\HP\Digital Imaging\bin\HPSLPSVC32.DLL
"HP ProtectTools Gerätesperre/Überwachung" (FLCDLOCK) - "Hewlett-Packard Ltd" - C:\Windows\system32\flcdlock.exe
"hpqcxs08" (hpqcxs08) - "Hewlett-Packard Co." - C:\Program Files\HP\Digital Imaging\bin\hpqcxs08.dll
"hpqwmiex" (hpqwmiex) - "Hewlett-Packard Development Company, L.P." - C:\Program Files\Hewlett-Packard\Shared\hpqwmiex.exe
"InstallDriver Table Manager" (IDriverT) - "Macrovision Corporation" - C:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe
"IviRegMgr" (IviRegMgr) - "InterVideo" - C:\Program Files\Common Files\InterVideo\RegMgr\iviRegMgr.exe
"LightScribeService Direct Disc Labeling Service" (LightScribeService) - "Hewlett-Packard Company" - C:\Program Files\Common Files\LightScribe\LSSrvc.exe
"MBAMScheduler" (MBAMScheduler) - "Malwarebytes Corporation" - C:\Program Files\Malwarebytes' Anti-Malware\mbamscheduler.exe
"MBAMService" (MBAMService) - "Malwarebytes Corporation" - C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe
"Microsoft .NET Framework NGEN v4.0.30319_X86" (clr_optimization_v4.0.30319_32) - "Microsoft Corporation" - C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe
"Microsoft Office Diagnostics Service" (odserv) - "Microsoft Corporation" - C:\Program Files\Common Files\Microsoft Shared\OFFICE12\ODSERV.EXE
"Mozilla Maintenance Service" (MozillaMaintenance) - "Mozilla Foundation" - C:\Program Files\Mozilla Maintenance Service\maintenanceservice.exe
"Net Driver HPZ12" (Net Driver HPZ12) - "Hewlett-Packard" - C:\Windows\system32\HPZinw12.dll
"Office Source Engine" (ose) - "Microsoft Corporation" - C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE
"Pml Driver HPZ12" (Pml Driver HPZ12) - "Hewlett-Packard" - C:\Windows\system32\HPZipm12.dll
"RoxMediaDB9" (RoxMediaDB9) - "Sonic Solutions" - c:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxMediaDB9.exe
"Skype Updater" (SkypeUpdate) - "Skype Technologies" - C:\Program Files\Skype\Updater\Updater.exe
"SQL Server (MSSMLBIZ)" (MSSQL$MSSMLBIZ) - "Microsoft Corporation" - c:\Program Files\Microsoft SQL Server\MSSQL.1\MSSQL\Binn\sqlservr.exe
"SQL Server VSS Writer" (SQLWriter) - "Microsoft Corporation" - c:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe
"SQL Server-Browser" (SQLBrowser) - "Microsoft Corporation" - c:\Program Files\Microsoft SQL Server\90\Shared\sqlbrowser.exe
"SQL Server-Startdienst für Business Contact Manager" (BcmSqlStartupSvc) - "Microsoft Corporation" - C:\Program Files\Microsoft Small Business\Business Contact Manager\BcmSqlStartupSvc.exe
"stllssvr" (stllssvr) - "MicroVision Development, Inc." - c:\Program Files\Common Files\SureThing Shared\stllssvr.exe
"TeamViewer 7" (TeamViewer7) - "TeamViewer GmbH" - C:\Program Files\TeamViewer\Version7\TeamViewer_Service.exe
"Windows Live ID Sign-in Assistant" (wlidsvc) - "Microsoft Corporation" - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE

[Winlogon]
-----( HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify )-----
"DeviceNP" - "Hewlett-Packard Limited" - C:\Windows\system32\DeviceNP.dll

===[ Logfile end ]=========================================[ Logfile end ]===

If You have questions or want to get some help, You can visit hxxp://forum.online-solutions.ru
         

aswMBR-Log:

Code:
ATTFilter
aswMBR version 0.9.9.1665 Copyright(c) 2011 AVAST Software
Run date: 2012-10-22 20:38:33
-----------------------------
20:38:33.746    OS Version: Windows 6.0.6002 Service Pack 2
20:38:33.746    Number of processors: 2 586 0xF0D
20:38:33.746    ComputerName: 6720S-RV  UserName: Roman
20:38:41.920    Initialze error 0 
20:40:43.905    AVAST engine defs: 12102200
20:40:54.013    Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\Ide\IAAStorageDevice-0
20:40:54.013    Disk 0 Vendor: ST912081 3.AH Size: 114473MB BusType: 3
20:40:55.121    Disk 0 MBR read successfully
20:40:55.261    Disk 0 MBR scan
20:40:55.308    Disk 0 unknown MBR code
20:40:55.464    Disk 0 Partition 1 80 (A) 07    HPFS/NTFS NTFS       104738 MB offset 63
20:40:55.620    Disk 0 Partition 2 00     07    HPFS/NTFS NTFS         8140 MB offset 214505472
20:40:55.792    Disk 0 Partition 3 00     07    HPFS/NTFS NTFS         1589 MB offset 231184384
20:40:56.665    Disk 0 scanning sectors +234438656
20:40:57.336    Disk 0 scanning C:\Windows\system32\drivers
20:40:57.336    Service scanning
20:40:58.600    Modules scanning
20:40:59.754    Disk 0 trace - called modules:
20:40:59.957    ntkrnlpa.exe CLASSPNP.SYS disk.sys acpi.sys hal.dll iastor.sys 
20:40:59.973    1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0x86679ac8]
20:40:59.973    3 CLASSPNP.SYS[889a88b3] -> nt!IofCallDriver -> [0x85636768]
20:40:59.973    5 acpi.sys[8068b6bc] -> nt!IofCallDriver -> \Device\Ide\IAAStorageDevice-0[0x8563b030]
20:41:00.597    AVAST engine scan C:\Windows
20:41:03.061    AVAST engine scan C:\Windows\system32
20:41:07.757    AVAST engine scan C:\Windows\system32\drivers
20:41:10.222    AVAST engine scan C:\Users\Roman
20:41:12.499    AVAST engine scan C:\ProgramData
20:41:12.515    Scan finished successfully
20:42:20.962    Disk 0 MBR has been saved successfully to "C:\Users\Roman\Downloads\MBR.dat"
20:42:20.993    The log file has been saved successfully to "C:\Users\Roman\Downloads\aswMBR.txt"
         

Alt 23.10.2012, 15:45   #42
cosinus
/// Winkelfunktion
/// TB-Süch-Tiger™
 
Security Shield Befall - Standard

Security Shield Befall



Wir sollten den MBR fixen, sichere für den Fall der Fälle ALLE wichtigen Daten, auch wenn meistens alles glatt geht.

Hinweis: Mach bitte NICHT den MBR-Fix, wenn du noch andere Betriebssysteme wie zB Ubuntu installiert hast, ein MBR-Fix mit Windows-Tools macht ein parallel installiertes (Dualboot) Linux unbootbar.
Mach den Fix auch dann nicht, wenn du zB mit TrueCrypt oder anderen Verschlüsselungsprogrammen eine Vollverschlüsselung der Windowspartition bzw. gesamten Festplatte hast


Starte nach der Datensicherung aswmbr erneut und klick auf den Button FIXMBR.

Hinweis: Bitte den Virenscanner abstellen bevor du aswMBR ausführst, denn v.a. Avira meldet darin oft einen Fehalalrm!

Anschließend Windows neu starten und ein neues Log mit aswMBR machen.
__________________
Logfiles bitte immer in CODE-Tags posten

Antwort

Themen zu Security Shield Befall
32 bit, 7-zip, antivir, aufrufe, autorun, avg, avira, bho, desktop, error, firefox, flash player, format, ftp, google, google earth, install.exe, launch, logfile, löschen?, microsoft office 2003, mozilla, office 2007, officejet, plug-in, registry, rootkit, rundll, scan, security, server, software, svchost.exe, udp, vista




Ähnliche Themen: Security Shield Befall


  1. Security Shield
    Log-Analyse und Auswertung - 07.11.2012 (23)
  2. Security Shield
    Plagegeister aller Art und deren Bekämpfung - 01.08.2012 (11)
  3. Security Shield
    Plagegeister aller Art und deren Bekämpfung - 25.07.2012 (15)
  4. My Security Shield
    Plagegeister aller Art und deren Bekämpfung - 17.07.2012 (34)
  5. My Security Shield
    Log-Analyse und Auswertung - 12.07.2012 (14)
  6. Security Shield auf dem PC
    Plagegeister aller Art und deren Bekämpfung - 08.07.2012 (7)
  7. Security Shield
    Log-Analyse und Auswertung - 04.07.2012 (1)
  8. Security Shield
    Plagegeister aller Art und deren Bekämpfung - 01.07.2012 (1)
  9. Security Shield -Was nun?-
    Log-Analyse und Auswertung - 29.06.2012 (1)
  10. my security shield
    Plagegeister aller Art und deren Bekämpfung - 28.06.2012 (1)
  11. Security Shield
    Log-Analyse und Auswertung - 28.06.2012 (5)
  12. security shield
    Plagegeister aller Art und deren Bekämpfung - 29.05.2012 (1)
  13. Nach Security Shield - Scan sind Kopien meiner Dateien da verursacht von Sec.Shield - Was tun ?
    Log-Analyse und Auswertung - 13.04.2012 (57)
  14. Security Shield ?
    Plagegeister aller Art und deren Bekämpfung - 25.03.2012 (17)
  15. Security shield
    Plagegeister aller Art und deren Bekämpfung - 19.03.2012 (15)
  16. Production Security Services- Problem nach Security Shield Attacke
    Plagegeister aller Art und deren Bekämpfung - 18.03.2012 (14)
  17. Security Shield
    Plagegeister aller Art und deren Bekämpfung - 27.05.2011 (1)

Zum Thema Security Shield Befall - Hier die OTL-Log: Code: Alles auswählen Aufklappen ATTFilter OTL logfile created on: 15.10.2012 20:14:15 - Run 3 OTL by OldTimer - Version 3.2.69.0 Folder = C:\Users\Roman\Downloads Windows Vista Business Edition - Security Shield Befall...
Archiv
Du betrachtest: Security Shield Befall auf Trojaner-Board

Search Engine Optimization by vBSEO ©2011, Crawlability, Inc.