Zurück   Trojaner-Board > Malware entfernen > Plagegeister aller Art und deren Bekämpfung

Plagegeister aller Art und deren Bekämpfung: Bundespolizei/BKA Trojaner 2.07 - nicht abzuschütteln

Windows 7 Wenn Du nicht sicher bist, ob Du dir Malware oder Trojaner eingefangen hast, erstelle hier ein Thema. Ein Experte wird sich mit weiteren Anweisungen melden und Dir helfen die Malware zu entfernen oder Unerwünschte Software zu deinstallieren bzw. zu löschen. Bitte schildere dein Problem so genau wie möglich. Sollte es ein Trojaner oder Viren Problem sein wird ein Experte Dir bei der Beseitigug der Infektion helfen.

Antwort
Alt 22.09.2012, 15:15   #16
cosinus
/// Winkelfunktion
/// TB-Süch-Tiger™
 
Bundespolizei/BKA Trojaner 2.07 - nicht abzuschütteln - Standard

Bundespolizei/BKA Trojaner 2.07 - nicht abzuschütteln



Bitte nun (im normalen Windows-Modus) dieses Tool von Kaspersky (TDSS-Killer) ausführen und das Log posten Anleitung und Downloadlink hier => http://www.trojaner-board.de/82358-t...entfernen.html

Hinweis: Bitte den Virenscanner abstellen bevor du den TDSS-Killer ausführst, denn v.a. Avira meldet im TDSS-Tool oft einen Fehalalrm!

Das Tool so einstellen wie unten im Bild angegeben - klick auf change parameters und setze die Haken wie im folgenden Screenshot abgebildet,
Dann auf Start Scan klicken und wenn es durch ist auf den Button Report klicken um das Log anzuzeigen. Dieses bitte komplett posten.

Wenn du das Log nicht findest oder den Inhalt kopieren und in dein Posting übertragen kannst, dann schau bitte direkt auf deiner Windows-Systempartition ( meistens Laufwerk C: ) nach, da speichert der TDSS-Killer seine Logs.

Hinweis: Bitte nichts voreilig mit dem TDSS-Killer löschen! Falls Objekte vom TDSS-Killer bemängelt werden, alle mit der Aktion "skip" behandeln und hier nur das Log posten!

__________________
Logfiles bitte immer in CODE-Tags posten

Alt 22.09.2012, 15:51   #17
oluehr
 
Bundespolizei/BKA Trojaner 2.07 - nicht abzuschütteln - Standard

Bundespolizei/BKA Trojaner 2.07 - nicht abzuschütteln



Code:
ATTFilter
 16:48:43.0677 6320  [ 575A4190D989F64732119E4114045A4F ] wudfsvc         C:\Windows\System32\WUDFSvc.dll
16:48:43.0704 6320  wudfsvc - ok
16:48:43.0709 6320  ================ Scan global ===============================
16:48:43.0767 6320  [ F31EEBC1A1C81FD04005489CC3DCDFE7 ] C:\Windows\system32\basesrv.dll
16:48:43.0848 6320  [ D2293B069E4B63DC17B2F08D45E71124 ] C:\Windows\system32\winsrv.dll
16:48:43.0911 6320  [ D2293B069E4B63DC17B2F08D45E71124 ] C:\Windows\system32\winsrv.dll
16:48:43.0956 6320  [ D4E6D91C1349B7BFB3599A6ADA56851B ] C:\Windows\system32\services.exe
16:48:43.0960 6320  [Global] - ok
16:48:43.0960 6320  ================ Scan MBR ==================================
16:48:43.0970 6320  [ 5C616939100B85E558DA92B899A0FC36 ] \Device\Harddisk0\DR0
16:48:44.0193 6320  \Device\Harddisk0\DR0 - ok
16:48:44.0698 6320  [ 5C616939100B85E558DA92B899A0FC36 ] \Device\Harddisk1\DR1
16:48:44.0768 6320  \Device\Harddisk1\DR1 - ok
16:48:44.0773 6320  [ 4C54042F5B2569C9DDCF173120D730F9 ] \Device\Harddisk2\DR2
16:48:45.0254 6320  \Device\Harddisk2\DR2 - ok
16:48:45.0257 6320  [ 5FB38429D5D77768867C76DCBDB35194 ] \Device\Harddisk3\DR3
16:48:45.0696 6320  \Device\Harddisk3\DR3 - ok
16:48:45.0701 6320  [ 5FB38429D5D77768867C76DCBDB35194 ] \Device\Harddisk7\DR7
16:48:46.0001 6320  \Device\Harddisk7\DR7 - ok
16:48:46.0001 6320  ================ Scan VBR ==================================
16:48:46.0015 6320  [ 00FE51FB04665998467DD841A0F91AA6 ] \Device\Harddisk0\DR0\Partition1
16:48:46.0016 6320  \Device\Harddisk0\DR0\Partition1 - ok
16:48:46.0022 6320  [ 8FFD48703247813319D7E8627F5AA7AC ] \Device\Harddisk0\DR0\Partition2
16:48:46.0023 6320  \Device\Harddisk0\DR0\Partition2 - ok
16:48:46.0025 6320  [ C2145BA030F4A2050396FE6E25E3D395 ] \Device\Harddisk1\DR1\Partition1
16:48:46.0026 6320  \Device\Harddisk1\DR1\Partition1 - ok
16:48:46.0045 6320  [ 354C6CF087204D414CB8CE98F9FDD041 ] \Device\Harddisk1\DR1\Partition2
16:48:46.0046 6320  \Device\Harddisk1\DR1\Partition2 - ok
16:48:46.0061 6320  [ 81726D43935D6F3C9450FBFA30FA015A ] \Device\Harddisk1\DR1\Partition3
16:48:46.0062 6320  \Device\Harddisk1\DR1\Partition3 - ok
16:48:46.0064 6320  [ 9F93C106FE13C4459EE092CF682D76F7 ] \Device\Harddisk2\DR2\Partition1
16:48:46.0066 6320  \Device\Harddisk2\DR2\Partition1 - ok
16:48:46.0068 6320  [ B2EBB3BA489B111223846B246BC9CCB6 ] \Device\Harddisk3\DR3\Partition1
16:48:46.0070 6320  \Device\Harddisk3\DR3\Partition1 - ok
16:48:46.0074 6320  [ 5BA2922A37A604B41C964CA63B32B008 ] \Device\Harddisk7\DR7\Partition1
16:48:46.0076 6320  \Device\Harddisk7\DR7\Partition1 - ok
16:48:46.0077 6320  ============================================================
16:48:46.0077 6320  Scan finished
16:48:46.0077 6320  ============================================================
16:48:46.0082 2152  Detected object count: 6
16:48:46.0082 2152  Actual detected object count: 6
16:49:32.0786 2152  bizVSerial ( UnsignedFile.Multi.Generic ) - skipped by user
16:49:32.0787 2152  bizVSerial ( UnsignedFile.Multi.Generic ) - User select action: Skip 
16:49:32.0787 2152  FirebirdServerMAGIXInstance ( UnsignedFile.Multi.Generic ) - skipped by user
16:49:32.0787 2152  FirebirdServerMAGIXInstance ( UnsignedFile.Multi.Generic ) - User select action: Skip 
16:49:32.0788 2152  hpqcxs08 ( UnsignedFile.Multi.Generic ) - skipped by user
16:49:32.0788 2152  hpqcxs08 ( UnsignedFile.Multi.Generic ) - User select action: Skip 
16:49:32.0788 2152  hpqddsvc ( UnsignedFile.Multi.Generic ) - skipped by user
16:49:32.0788 2152  hpqddsvc ( UnsignedFile.Multi.Generic ) - User select action: Skip 
16:49:32.0789 2152  Net Driver HPZ12 ( UnsignedFile.Multi.Generic ) - skipped by user
16:49:32.0789 2152  Net Driver HPZ12 ( UnsignedFile.Multi.Generic ) - User select action: Skip 
16:49:32.0790 2152  Pml Driver HPZ12 ( UnsignedFile.Multi.Generic ) - skipped by user
16:49:32.0790 2152  Pml Driver HPZ12 ( UnsignedFile.Multi.Generic ) - User select action: Skip
         
__________________


Alt 22.09.2012, 19:38   #18
cosinus
/// Winkelfunktion
/// TB-Süch-Tiger™
 
Bundespolizei/BKA Trojaner 2.07 - nicht abzuschütteln - Standard

Bundespolizei/BKA Trojaner 2.07 - nicht abzuschütteln



Log ist leider unvollständig
__________________
__________________

Alt 22.09.2012, 20:00   #19
oluehr
 
Bundespolizei/BKA Trojaner 2.07 - nicht abzuschütteln - Standard

Bundespolizei/BKA Trojaner 2.07 - nicht abzuschütteln



Hier das vollständige Logfile...
Code:
ATTFilter
 16:46:54.0539 8040  TDSS rootkit removing tool 2.8.10.0 Sep 17 2012 19:23:24
16:46:54.0772 8040  ============================================================
16:46:54.0772 8040  Current date / time: 2012/09/22 16:46:54.0772
16:46:54.0772 8040  SystemInfo:
16:46:54.0772 8040  
16:46:54.0772 8040  OS Version: 6.0.6002 ServicePack: 2.0
16:46:54.0772 8040  Product type: Workstation
16:46:54.0772 8040  ComputerName: MIRJAUNDOLIV-PC
16:46:54.0772 8040  UserName: Mirja und Oliver
16:46:54.0772 8040  Windows directory: C:\Windows
16:46:54.0772 8040  System windows directory: C:\Windows
16:46:54.0772 8040  Processor architecture: Intel x86
16:46:54.0772 8040  Number of processors: 2
16:46:54.0772 8040  Page size: 0x1000
16:46:54.0772 8040  Boot type: Normal boot
16:46:54.0772 8040  ============================================================
16:47:07.0229 8040  Drive \Device\Harddisk0\DR0 - Size: 0x7470C06000 (465.76 Gb), SectorSize: 0x200, Cylinders: 0xED81, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000050
16:47:07.0729 8040  Drive \Device\Harddisk1\DR1 - Size: 0x950B056000 (596.17 Gb), SectorSize: 0x200, Cylinders: 0x13001, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000050
16:47:07.0731 8040  Drive \Device\Harddisk2\DR2 - Size: 0x4A85D56000 (298.09 Gb), SectorSize: 0x400, Cylinders: 0x4C00, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'W'
16:47:08.0109 8040  Drive \Device\Harddisk3\DR3 - Size: 0x4A85D56000 (298.09 Gb), SectorSize: 0x200, Cylinders: 0x9801, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'W'
16:47:09.0795 8040  Drive \Device\Harddisk7\DR7 - Size: 0x1D9E00000 (7.40 Gb), SectorSize: 0x200, Cylinders: 0x3C6, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'W'
16:47:09.0799 8040  ============================================================
16:47:09.0799 8040  \Device\Harddisk0\DR0:
16:47:09.0819 8040  MBR partitions:
16:47:09.0819 8040  \Device\Harddisk0\DR0\Partition1: MBR, Type 0x7, StartLBA 0x1F800, BlocksNum 0x1400000
16:47:09.0819 8040  \Device\Harddisk0\DR0\Partition2: MBR, Type 0x7, StartLBA 0x141F800, BlocksNum 0x38F66000
16:47:09.0819 8040  \Device\Harddisk1\DR1:
16:47:09.0820 8040  MBR partitions:
16:47:09.0821 8040  \Device\Harddisk1\DR1\Partition1: MBR, Type 0x7, StartLBA 0x3F, BlocksNum 0x12347505
16:47:09.0821 8040  \Device\Harddisk1\DR1\Partition2: MBR, Type 0x7, StartLBA 0x12347544, BlocksNum 0x1C7C71F5
16:47:09.0821 8040  \Device\Harddisk1\DR1\Partition3: MBR, Type 0x7, StartLBA 0x2EB0E739, BlocksNum 0x1BD48788
16:47:09.0821 8040  \Device\Harddisk2\DR2:
16:47:09.0821 8040  MBR partitions:
16:47:09.0821 8040  \Device\Harddisk2\DR2\Partition1: MBR, Type 0x7, StartLBA 0x3F, BlocksNum 0x12A14BC1
16:47:09.0821 8040  \Device\Harddisk3\DR3:
16:47:09.0822 8040  MBR partitions:
16:47:09.0822 8040  \Device\Harddisk3\DR3\Partition1: MBR, Type 0x7, StartLBA 0x3F, BlocksNum 0x2542D682
16:47:09.0822 8040  \Device\Harddisk7\DR7:
16:47:09.0824 8040  MBR partitions:
16:47:09.0824 8040  \Device\Harddisk7\DR7\Partition1: MBR, Type 0xB, StartLBA 0x2000, BlocksNum 0xECD000
16:47:09.0824 8040  ============================================================
16:47:09.0846 8040  C: <-> \Device\Harddisk0\DR0\Partition2
16:47:09.0879 8040  D: <-> \Device\Harddisk0\DR0\Partition1
16:47:09.0889 8040  E: <-> \Device\Harddisk1\DR1\Partition1
16:47:09.0915 8040  F: <-> \Device\Harddisk3\DR3\Partition1
16:47:09.0978 8040  G: <-> \Device\Harddisk2\DR2\Partition1
16:47:10.0000 8040  L: <-> \Device\Harddisk1\DR1\Partition2
16:47:10.0030 8040  M: <-> \Device\Harddisk1\DR1\Partition3
16:47:10.0030 8040  ============================================================
16:47:10.0030 8040  Initialize success
16:47:10.0030 8040  ============================================================
16:48:10.0552 6320  ============================================================
16:48:10.0552 6320  Scan started
16:48:10.0552 6320  Mode: Manual; SigCheck; TDLFS; 
16:48:10.0552 6320  ============================================================
16:48:13.0764 6320  ================ Scan system memory ========================
16:48:13.0764 6320  System memory - ok
16:48:13.0765 6320  ================ Scan services =============================
16:48:14.0729 6320  [ 82B296AE1892FE3DBEE00C9CF92F8AC7 ] ACPI            C:\Windows\system32\drivers\acpi.sys
16:48:14.0830 6320  ACPI - ok
16:48:14.0962 6320  [ D19C4EE2AC7C47B8F5F84FFF1A789D8A ] AdobeARMservice C:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe
16:48:14.0996 6320  AdobeARMservice - ok
16:48:15.0043 6320  [ 2EDC5BBAC6C651ECE337BDE8ED97C9FB ] adp94xx         C:\Windows\system32\drivers\adp94xx.sys
16:48:15.0089 6320  adp94xx - ok
16:48:15.0117 6320  [ B84088CA3CDCA97DA44A984C6CE1CCAD ] adpahci         C:\Windows\system32\drivers\adpahci.sys
16:48:15.0132 6320  adpahci - ok
16:48:15.0142 6320  [ 7880C67BCCC27C86FD05AA2AFB5EA469 ] adpu160m        C:\Windows\system32\drivers\adpu160m.sys
16:48:15.0154 6320  adpu160m - ok
16:48:15.0170 6320  [ 9AE713F8E30EFC2ABCCD84904333DF4D ] adpu320         C:\Windows\system32\drivers\adpu320.sys
16:48:15.0182 6320  adpu320 - ok
16:48:15.0213 6320  [ 9D1FDA9E086BA64E3C93C9DE32461BCF ] AeLookupSvc     C:\Windows\System32\aelupsvc.dll
16:48:15.0267 6320  AeLookupSvc - ok
16:48:15.0303 6320  [ 3911B972B55FEA0478476B2E777B29FA ] AFD             C:\Windows\system32\drivers\afd.sys
16:48:15.0379 6320  AFD - ok
16:48:15.0408 6320  [ 8B10CE1C1F9F1D47E4DEB1A547A00CD4 ] agp440          C:\Windows\system32\drivers\agp440.sys
16:48:15.0418 6320  agp440 - ok
16:48:15.0449 6320  [ AE1FDF7BF7BB6C6A70F67699D880592A ] aic78xx         C:\Windows\system32\drivers\djsvs.sys
16:48:15.0471 6320  aic78xx - ok
16:48:15.0499 6320  [ A1545B731579895D8CC44FC0481C1192 ] ALG             C:\Windows\System32\alg.exe
16:48:15.0605 6320  ALG - ok
16:48:15.0634 6320  [ E32A92E1574A467F7C762922F6162D76 ] aliide          C:\Windows\system32\drivers\aliide.sys
16:48:15.0645 6320  aliide - ok
16:48:15.0664 6320  [ 848F27E5B27C1C253F6CEFDC1A5D8F21 ] amdagp          C:\Windows\system32\drivers\amdagp.sys
16:48:15.0674 6320  amdagp - ok
16:48:15.0678 6320  [ B52B576CB0099A62F87214F371031561 ] amdide          C:\Windows\system32\drivers\amdide.sys
16:48:15.0688 6320  amdide - ok
16:48:15.0713 6320  [ DC487885BCEF9F28EECE6FAC0E5DDFC5 ] AmdK7           C:\Windows\system32\drivers\amdk7.sys
16:48:15.0836 6320  AmdK7 - ok
16:48:15.0849 6320  [ 0CA0071DA4315B00FC1328CA86B425DA ] AmdK8           C:\Windows\system32\drivers\amdk8.sys
16:48:15.0897 6320  AmdK8 - ok
16:48:15.0965 6320  [ 8D3A55F7B7BE6B374479E5195F477226 ] AnyDVD          C:\Windows\system32\Drivers\AnyDVD.sys
16:48:15.0992 6320  AnyDVD - ok
16:48:16.0013 6320  [ C6D704C7F0434DC791AAC37CAC4B6E14 ] Appinfo         C:\Windows\System32\appinfo.dll
16:48:16.0071 6320  Appinfo - ok
16:48:16.0149 6320  [ A5299D04ED225D64CF07A568A3E1BF8C ] Apple Mobile Device C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
16:48:16.0158 6320  Apple Mobile Device - ok
16:48:16.0210 6320  [ 7141E281D840699D9D79B18F4062DD58 ] AR9271          C:\Windows\system32\DRIVERS\athuw.sys
16:48:16.0399 6320  AR9271 - ok
16:48:16.0410 6320  [ 5F673180268BB1FDB69C99B6619FE379 ] arc             C:\Windows\system32\drivers\arc.sys
16:48:16.0421 6320  arc - ok
16:48:16.0458 6320  [ 957F7540B5E7F602E44648C7DE5A1C05 ] arcsas          C:\Windows\system32\drivers\arcsas.sys
16:48:16.0469 6320  arcsas - ok
16:48:16.0492 6320  [ 53B202ABEE6455406254444303E87BE1 ] AsyncMac        C:\Windows\system32\DRIVERS\asyncmac.sys
16:48:16.0525 6320  AsyncMac - ok
16:48:16.0590 6320  [ 1F05B78AB91C9075565A9D8A4B880BC4 ] atapi           C:\Windows\system32\drivers\atapi.sys
16:48:16.0600 6320  atapi - ok
16:48:16.0875 6320  [ A98B419C1537457C12C5D42317550079 ] Ati External Event Utility C:\Windows\system32\Ati2evxx.exe
16:48:17.0032 6320  Ati External Event Utility - ok
16:48:17.0485 6320  [ 63FC6A312BB0FBBBF355CB5D4A1C7764 ] atikmdag        C:\Windows\system32\DRIVERS\atikmdag.sys
16:48:17.0811 6320  atikmdag - ok
16:48:17.0997 6320  [ 68E2A1A0407A66CF50DA0300852424AB ] AudioEndpointBuilder C:\Windows\System32\Audiosrv.dll
16:48:18.0094 6320  AudioEndpointBuilder - ok
16:48:18.0148 6320  [ 68E2A1A0407A66CF50DA0300852424AB ] Audiosrv        C:\Windows\System32\Audiosrv.dll
16:48:18.0166 6320  Audiosrv - ok
16:48:18.0814 6320  [ FCC4933F96883FEC83D17697B75B0FDE ] AVKProxy        C:\Program Files\Common Files\G Data\AVKProxy\AVKProxy.exe
16:48:18.0900 6320  AVKProxy - ok
16:48:19.0115 6320  [ 29DA2D5958B352022A1BB5CE6FDB427C ] AVKService      C:\Program Files\G Data\InternetSecurity\AVK\AVKService.exe
16:48:19.0141 6320  AVKService - ok
16:48:19.0198 6320  [ C9B91C1F845C44B6D2BB65DF0E98EF5E ] AVKWCtl         C:\Program Files\G Data\InternetSecurity\AVK\AVKWCtl.exe
16:48:19.0264 6320  AVKWCtl - ok
16:48:19.0318 6320  [ E3D7BC2DD538C9029E3849B129062AA2 ] BCM43XX         C:\Windows\system32\DRIVERS\bcmwl6.sys
16:48:19.0414 6320  BCM43XX - ok
16:48:19.0449 6320  [ 67E506B75BD5326A3EC7B70BD014DFB6 ] Beep            C:\Windows\system32\drivers\Beep.sys
16:48:19.0479 6320  Beep - ok
16:48:19.0549 6320  [ C789AF0F724FDA5852FB9A7D3A432381 ] BFE             C:\Windows\System32\bfe.dll
16:48:19.0619 6320  BFE - ok
16:48:19.0687 6320  [ 93952506C6D67330367F7E7934B6A02F ] BITS            C:\Windows\System32\qmgr.dll
16:48:19.0815 6320  BITS - ok
16:48:19.0874 6320  [ 66F655B08EED3230E059D197C8A1969B ] bizVSerial      C:\Windows\system32\drivers\bizVSerialNT.sys
16:48:19.0886 6320  bizVSerial ( UnsignedFile.Multi.Generic ) - warning
16:48:19.0886 6320  bizVSerial - detected UnsignedFile.Multi.Generic (1)
16:48:19.0889 6320  blbdrive - ok
16:48:19.0993 6320  [ DB5BEA73EDAF19AC68B2C0FAD0F92B1A ] Bonjour Service C:\Program Files\Bonjour\mDNSResponder.exe
16:48:20.0009 6320  Bonjour Service - ok
16:48:20.0052 6320  [ 35F376253F687BDE63976CCB3F2108CA ] bowser          C:\Windows\system32\DRIVERS\bowser.sys
16:48:20.0110 6320  bowser - ok
16:48:20.0130 6320  [ 9F9ACC7F7CCDE8A15C282D3F88B43309 ] BrFiltLo        C:\Windows\system32\drivers\brfiltlo.sys
16:48:20.0151 6320  BrFiltLo - ok
16:48:20.0190 6320  [ 56801AD62213A41F6497F96DEE83755A ] BrFiltUp        C:\Windows\system32\drivers\brfiltup.sys
16:48:20.0218 6320  BrFiltUp - ok
16:48:20.0250 6320  [ A3629A0C4226F9E9C72FAAEEBC3AD33C ] Browser         C:\Windows\System32\browser.dll
16:48:20.0269 6320  Browser - ok
16:48:20.0287 6320  [ B304E75CFF293029EDDF094246747113 ] Brserid         C:\Windows\system32\drivers\brserid.sys
16:48:20.0322 6320  Brserid - ok
16:48:20.0338 6320  [ 203F0B1E73ADADBBB7B7B1FABD901F6B ] BrSerWdm        C:\Windows\system32\drivers\brserwdm.sys
16:48:20.0386 6320  BrSerWdm - ok
16:48:20.0401 6320  [ BD456606156BA17E60A04E18016AE54B ] BrUsbMdm        C:\Windows\system32\drivers\brusbmdm.sys
16:48:20.0450 6320  BrUsbMdm - ok
16:48:20.0470 6320  [ AF72ED54503F717A43268B3CC5FAEC2E ] BrUsbSer        C:\Windows\system32\drivers\brusbser.sys
16:48:20.0517 6320  BrUsbSer - ok
16:48:20.0551 6320  [ AD07C1EC6665B8B35741AB91200C6B68 ] BTHMODEM        C:\Windows\system32\drivers\bthmodem.sys
16:48:20.0585 6320  BTHMODEM - ok
16:48:20.0627 6320  [ 7ADD03E75BEB9E6DD102C3081D29840A ] cdfs            C:\Windows\system32\DRIVERS\cdfs.sys
16:48:20.0654 6320  cdfs - ok
16:48:20.0685 6320  [ 6B4BFFB9BECD728097024276430DB314 ] cdrom           C:\Windows\system32\DRIVERS\cdrom.sys
16:48:20.0707 6320  cdrom - ok
16:48:20.0743 6320  [ 312EC3E37A0A1F2006534913E37B4423 ] CertPropSvc     C:\Windows\System32\certprop.dll
16:48:20.0772 6320  CertPropSvc - ok
16:48:20.0794 6320  [ DA8E0AFC7BAA226C538EF53AC2F90897 ] circlass        C:\Windows\system32\drivers\circlass.sys
16:48:20.0848 6320  circlass - ok
16:48:20.0887 6320  [ ED81E81752CA817AFA740C14AD05BC6C ] cjpcsc          C:\Windows\system32\cjpcsc.exe
16:48:20.0944 6320  cjpcsc - ok
16:48:20.0982 6320  [ B0DFC4ADB1FF150AC466F3DAD323196A ] cjusb           C:\Windows\system32\DRIVERS\cjusb.sys
16:48:20.0991 6320  cjusb - ok
16:48:20.0999 6320  [ D7659D3B5B92C31E84E53C1431F35132 ] CLFS            C:\Windows\system32\CLFS.sys
16:48:21.0015 6320  CLFS - ok
16:48:21.0064 6320  [ 8EE772032E2FE80A924F3B8DD5082194 ] clr_optimization_v2.0.50727_32 C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe
16:48:21.0075 6320  clr_optimization_v2.0.50727_32 - ok
16:48:21.0148 6320  [ C5A75EB48E2344ABDC162BDA79E16841 ] clr_optimization_v4.0.30319_32 C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe
16:48:21.0194 6320  clr_optimization_v4.0.30319_32 - ok
16:48:21.0236 6320  [ C177DD90B5DC1DCAA96CCECE752E6F0F ] cmdide          C:\Windows\system32\drivers\cmdide.sys
16:48:21.0246 6320  cmdide - ok
16:48:21.0278 6320  [ 722936AFB75A7F509662B69B5632F48A ] Compbatt        C:\Windows\system32\drivers\compbatt.sys
16:48:21.0289 6320  Compbatt - ok
16:48:21.0306 6320  COMSysApp - ok
16:48:21.0324 6320  [ 2A213AE086BBEC5E937553C7D9A2B22C ] crcdisk         C:\Windows\system32\drivers\crcdisk.sys
16:48:21.0333 6320  crcdisk - ok
16:48:21.0348 6320  [ 22A7F883508176489F559EE745B5BF5D ] Crusoe          C:\Windows\system32\drivers\crusoe.sys
16:48:21.0395 6320  Crusoe - ok
16:48:21.0430 6320  [ 75C6A297E364014840B48ECCD7525E30 ] CryptSvc        C:\Windows\system32\cryptsvc.dll
16:48:21.0481 6320  CryptSvc - ok
16:48:21.0512 6320  [ 3B5B4D53FEC14F7476CA29A20CC31AC9 ] DcomLaunch      C:\Windows\system32\rpcss.dll
16:48:21.0589 6320  DcomLaunch - ok
16:48:21.0619 6320  [ 622C41A07CA7E6DD91770F50D532CB6C ] DfsC            C:\Windows\system32\Drivers\dfsc.sys
16:48:21.0665 6320  DfsC - ok
16:48:21.0729 6320  [ 2CC3DCFB533A1035B13DCAB6160AB38B ] DFSR            C:\Windows\system32\DFSR.exe
16:48:21.0883 6320  DFSR - ok
16:48:21.0916 6320  [ 9028559C132146FB75EB7ACF384B086A ] Dhcp            C:\Windows\System32\dhcpcsvc.dll
16:48:21.0935 6320  Dhcp - ok
16:48:21.0948 6320  [ 5D4AEFC3386920236A548271F8F1AF6A ] disk            C:\Windows\system32\drivers\disk.sys
16:48:21.0960 6320  disk - ok
16:48:22.0002 6320  [ 57D762F6F5974AF0DA2BE88A3349BAAA ] Dnscache        C:\Windows\System32\dnsrslvr.dll
16:48:22.0037 6320  Dnscache - ok
16:48:22.0057 6320  [ 324FD74686B1EF5E7C19A8AF49E748F6 ] dot3svc         C:\Windows\System32\dot3svc.dll
16:48:22.0083 6320  dot3svc - ok
16:48:22.0124 6320  [ 4F59C172C094E1A1D46463A8DC061CBD ] Dot4            C:\Windows\system32\DRIVERS\Dot4.sys
16:48:22.0158 6320  Dot4 - ok
16:48:22.0194 6320  [ 80BF3BA09F6F2523C8F6B7CC6DBF7BD5 ] Dot4Print       C:\Windows\system32\DRIVERS\Dot4Prt.sys
16:48:22.0213 6320  Dot4Print - ok
16:48:22.0227 6320  [ C55004CA6B419B6695970DFE849B122F ] dot4usb         C:\Windows\system32\DRIVERS\dot4usb.sys
16:48:22.0265 6320  dot4usb - ok
16:48:22.0294 6320  [ A622E888F8AA2F6B49E9BC466F0E5DEF ] DPS             C:\Windows\system32\dps.dll
16:48:22.0325 6320  DPS - ok
16:48:22.0341 6320  [ 97FEF831AB90BEE128C9AF390E243F80 ] drmkaud         C:\Windows\system32\drivers\drmkaud.sys
16:48:22.0367 6320  drmkaud - ok
16:48:22.0414 6320  [ C68AC676B0EF30CFBB1080ADCE49EB1F ] DXGKrnl         C:\Windows\System32\drivers\dxgkrnl.sys
16:48:22.0487 6320  DXGKrnl - ok
16:48:22.0539 6320  [ 04944F4FC4F0477185F5D26AE0DDB90E ] e1express       C:\Windows\system32\DRIVERS\e1e6032.sys
16:48:22.0552 6320  e1express - ok
16:48:22.0579 6320  [ F88FB26547FD2CE6D0A5AF2985892C48 ] E1G60           C:\Windows\system32\DRIVERS\E1G60I32.sys
16:48:22.0624 6320  E1G60 - ok
16:48:22.0667 6320  [ C0B95E40D85CD807D614E264248A45B9 ] EapHost         C:\Windows\System32\eapsvc.dll
16:48:22.0683 6320  EapHost - ok
16:48:22.0719 6320  [ 7F64EA048DCFAC7ACF8B4D7B4E6FE371 ] Ecache          C:\Windows\system32\drivers\ecache.sys
16:48:22.0732 6320  Ecache - ok
16:48:22.0776 6320  [ 9BE3744D295A7701EB425332014F0797 ] ehRecvr         C:\Windows\ehome\ehRecvr.exe
16:48:22.0826 6320  ehRecvr - ok
16:48:22.0845 6320  [ AD1870C8E5D6DD340C829E6074BF3C3F ] ehSched         C:\Windows\ehome\ehsched.exe
16:48:22.0913 6320  ehSched - ok
16:48:22.0921 6320  [ C27C4EE8926E74AA72EFCAB24C5242C3 ] ehstart         C:\Windows\ehome\ehstart.dll
16:48:22.0938 6320  ehstart - ok
16:48:22.0976 6320  [ D71233D7CCC2E64F8715A20428D5A33B ] ElbyCDIO        C:\Windows\system32\Drivers\ElbyCDIO.sys
16:48:22.0985 6320  ElbyCDIO - ok
16:48:23.0029 6320  [ E8F3F21A71720C84BCF423B80028359F ] elxstor         C:\Windows\system32\drivers\elxstor.sys
16:48:23.0044 6320  elxstor - ok
16:48:23.0077 6320  [ 4E6B23DFC917EA39306B529B773950F4 ] EMDMgmt         C:\Windows\system32\emdmgmt.dll
16:48:23.0168 6320  EMDMgmt - ok
16:48:23.0271 6320  [ 67058C46504BC12D821F38CF99B7B28F ] EventSystem     C:\Windows\system32\es.dll
16:48:23.0303 6320  EventSystem - ok
16:48:23.0315 6320  [ 22B408651F9123527BCEE54B4F6C5CAE ] exfat           C:\Windows\system32\drivers\exfat.sys
16:48:23.0370 6320  exfat - ok
16:48:23.0461 6320  Fabs - ok
16:48:23.0490 6320  [ 1E9B9A70D332103C52995E957DC09EF8 ] fastfat         C:\Windows\system32\drivers\fastfat.sys
16:48:23.0516 6320  fastfat - ok
16:48:23.0550 6320  [ AFE1E8B9782A0DD7FB46BBD88E43F89A ] fdc             C:\Windows\system32\DRIVERS\fdc.sys
16:48:23.0572 6320  fdc - ok
16:48:23.0595 6320  [ 6629B5F0E98151F4AFDD87567EA32BA3 ] fdPHost         C:\Windows\system32\fdPHost.dll
16:48:23.0625 6320  fdPHost - ok
16:48:23.0654 6320  [ 89ED56DCE8E47AF40892778A5BD31FD2 ] FDResPub        C:\Windows\system32\fdrespub.dll
16:48:23.0698 6320  FDResPub - ok
16:48:23.0701 6320  [ A8C0139A884861E3AAE9CFE73B208A9F ] FileInfo        C:\Windows\system32\drivers\fileinfo.sys
16:48:23.0713 6320  FileInfo - ok
16:48:23.0731 6320  [ 0AE429A696AECBC5970E3CF2C62635AE ] Filetrace       C:\Windows\system32\drivers\filetrace.sys
16:48:23.0751 6320  Filetrace - ok
16:48:23.0827 6320  [ 5BD96D8C5411ACE71A7EAACAF0EF2903 ] FirebirdServerMAGIXInstance C:\Program Files\Common Files\MAGIX Services\Database\bin\fbserver.exe
16:48:23.0987 6320  FirebirdServerMAGIXInstance ( UnsignedFile.Multi.Generic ) - warning
16:48:23.0987 6320  FirebirdServerMAGIXInstance - detected UnsignedFile.Multi.Generic (1)
16:48:24.0010 6320  [ 6603957EFF5EC62D25075EA8AC27DE68 ] flpydisk        C:\Windows\system32\DRIVERS\flpydisk.sys
16:48:24.0053 6320  flpydisk - ok
16:48:24.0077 6320  [ 01334F9EA68E6877C4EF05D3EA8ABB05 ] FltMgr          C:\Windows\system32\drivers\fltmgr.sys
16:48:24.0092 6320  FltMgr - ok
16:48:24.0157 6320  [ 8CE364388C8ECA59B14B539179276D44 ] FontCache       C:\Windows\system32\FntCache.dll
16:48:24.0278 6320  FontCache - ok
16:48:24.0339 6320  [ C7FBDD1ED42F82BFA35167A5C9803EA3 ] FontCache3.0.0.0 C:\Windows\Microsoft.Net\Framework\v3.0\WPF\PresentationFontCache.exe
16:48:24.0349 6320  FontCache3.0.0.0 - ok
16:48:24.0368 6320  [ B972A66758577E0BFD1DE0F91AAA27B5 ] Fs_Rec          C:\Windows\system32\drivers\Fs_Rec.sys
16:48:24.0416 6320  Fs_Rec - ok
16:48:24.0451 6320  [ 4E1CD0A45C50A8882616CAE5BF82F3C5 ] gagp30kx        C:\Windows\system32\drivers\gagp30kx.sys
16:48:24.0461 6320  gagp30kx - ok
16:48:24.0511 6320  [ 7094E1D622491D2FD34558ADAC80321C ] GDBehave        C:\Windows\system32\drivers\GDBehave.sys
16:48:24.0520 6320  GDBehave - ok
16:48:24.0619 6320  [ EB4D63C618555024DAC54F619859AD92 ] GDFwSvc         C:\Program Files\G Data\InternetSecurity\Firewall\GDFwSvc.exe
16:48:24.0721 6320  GDFwSvc - ok
16:48:24.0756 6320  [ 08204492943D2CFAE0D9F1FDAB5D38AE ] GDMnIcpt        C:\Windows\system32\drivers\MiniIcpt.sys
16:48:24.0774 6320  GDMnIcpt - ok
16:48:24.0804 6320  [ BA3C7729FF3E55AD2DBBC7AC01A19465 ] GDPkIcpt        C:\Windows\system32\drivers\PktIcpt.sys
16:48:24.0815 6320  GDPkIcpt - ok
16:48:24.0834 6320  [ 110C6DC36EA9F5DA664A584756B1B297 ] GDScan          C:\Program Files\Common Files\G Data\GDScan\GDScan.exe
16:48:24.0852 6320  GDScan - ok
16:48:24.0865 6320  [ 0C2BC101D1D696E9ACB75C505EA23185 ] gdwfpcd         C:\Windows\system32\drivers\gdwfpcd32.sys
16:48:24.0874 6320  gdwfpcd - ok
16:48:24.0924 6320  [ 185ADA973B5020655CEE342059A86CBB ] GEARAspiWDM     C:\Windows\system32\DRIVERS\GEARAspiWDM.sys
16:48:24.0932 6320  GEARAspiWDM - ok
16:48:24.0979 6320  [ D3316F6E3C011435F36E3D6E49B3196C ] GoToAssist      C:\Program Files\Citrix\GoToAssist\514\g2aservice.exe
16:48:24.0987 6320  GoToAssist - ok
16:48:25.0026 6320  [ CD5D0AEEE35DFD4E986A5AA1500A6E66 ] gpsvc           C:\Windows\System32\gpsvc.dll
16:48:25.0103 6320  gpsvc - ok
16:48:25.0126 6320  [ 6D92D51B56A893D72786C9E260B36DA2 ] GRD             C:\Windows\system32\drivers\GRD.sys
16:48:25.0135 6320  GRD - ok
16:48:25.0189 6320  [ C1B577B2169900F4CF7190C39F085794 ] gusvc           C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
16:48:25.0200 6320  gusvc - ok
16:48:25.0255 6320  [ 062452B7FFD68C8C042A6261FE8DFF4A ] HDAudBus        C:\Windows\system32\DRIVERS\HDAudBus.sys
16:48:25.0334 6320  HDAudBus - ok
16:48:25.0398 6320  [ 1338520E78D90154ED6BE8F84DE5FCEB ] HidBth          C:\Windows\system32\drivers\hidbth.sys
16:48:25.0447 6320  HidBth - ok
16:48:25.0479 6320  [ FF3160C3A2445128C5A6D9B076DA519E ] HidIr           C:\Windows\system32\drivers\hidir.sys
16:48:25.0519 6320  HidIr - ok
16:48:25.0554 6320  [ 84067081F3318162797385E11A8F0582 ] hidserv         C:\Windows\system32\hidserv.dll
16:48:25.0592 6320  hidserv - ok
16:48:25.0624 6320  [ CCA4B519B17E23A00B826C55716809CC ] HidUsb          C:\Windows\system32\DRIVERS\hidusb.sys
16:48:25.0641 6320  HidUsb - ok
16:48:25.0681 6320  [ D8AD255B37DA92434C26E4876DB7D418 ] hkmsvc          C:\Windows\system32\kmsvc.dll
16:48:25.0707 6320  hkmsvc - ok
16:48:25.0742 6320  [ A3D1EE9B310ED1FE6136FEC4E0DEA366 ] HookCentre      C:\Windows\system32\drivers\HookCentre.sys
16:48:25.0751 6320  HookCentre - ok
16:48:25.0781 6320  [ DF353B401001246853763C4B7AAA6F50 ] HpCISSs         C:\Windows\system32\drivers\hpcisss.sys
16:48:25.0791 6320  HpCISSs - ok
16:48:26.0011 6320  [ CE0FCEC4D4D860F36D972759B11EAF0F ] hpqcxs08        C:\Program Files\HP\Digital Imaging\bin\hpqcxs08.dll
16:48:26.0037 6320  hpqcxs08 ( UnsignedFile.Multi.Generic ) - warning
16:48:26.0037 6320  hpqcxs08 - detected UnsignedFile.Multi.Generic (1)
16:48:26.0078 6320  [ 7DA3211AC63EDD90B8ECA1CA1ABFD43B ] hpqddsvc        C:\Program Files\HP\Digital Imaging\bin\hpqddsvc.dll
16:48:26.0084 6320  hpqddsvc ( UnsignedFile.Multi.Generic ) - warning
16:48:26.0084 6320  hpqddsvc - detected UnsignedFile.Multi.Generic (1)
16:48:26.0109 6320  [ F870AA3E254628EBEAFE754108D664DE ] HTTP            C:\Windows\system32\drivers\HTTP.sys
16:48:26.0222 6320  HTTP - ok
16:48:26.0252 6320  [ 324C2152FF2C61ABAE92D09F3CCA4D63 ] i2omp           C:\Windows\system32\drivers\i2omp.sys
16:48:26.0262 6320  i2omp - ok
16:48:26.0297 6320  [ 22D56C8184586B7A1F6FA60BE5F5A2BD ] i8042prt        C:\Windows\system32\DRIVERS\i8042prt.sys
16:48:26.0324 6320  i8042prt - ok
16:48:26.0367 6320  [ 997E8F5939F2D12CD9F2E6B395724C16 ] iaStor          C:\Windows\system32\drivers\iastor.sys
16:48:26.0382 6320  iaStor - ok
16:48:26.0405 6320  [ C957BF4B5D80B46C5017BF0101E6C906 ] iaStorV         C:\Windows\system32\drivers\iastorv.sys
16:48:26.0418 6320  iaStorV - ok
16:48:26.0522 6320  [ 98477B08E61945F974ED9FDC4CB6BDAB ] idsvc           C:\Windows\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\infocard.exe
16:48:26.0567 6320  idsvc - ok
16:48:26.0595 6320  [ 2D077BF86E843F901D8DB709C95B49A5 ] iirsp           C:\Windows\system32\drivers\iirsp.sys
16:48:26.0605 6320  iirsp - ok
16:48:26.0665 6320  [ 9908D8A397B76CD8D31D0D383C5773C9 ] IKEEXT          C:\Windows\System32\ikeext.dll
16:48:26.0734 6320  IKEEXT - ok
16:48:26.0795 6320  [ 4EAE74C8BCBCA309A5D7CBAD7E231427 ] IntcAzAudAddService C:\Windows\system32\drivers\RTKVHDA.sys
16:48:26.0895 6320  IntcAzAudAddService - ok
16:48:26.0941 6320  [ 59B00EFB24EAD979BECF413703BB1FAC ] intelide        C:\Windows\system32\DRIVERS\intelide.sys
16:48:26.0952 6320  intelide - ok
16:48:26.0981 6320  [ 224191001E78C89DFA78924C3EA595FF ] intelppm        C:\Windows\system32\DRIVERS\intelppm.sys
16:48:27.0012 6320  intelppm - ok
16:48:27.0044 6320  [ 9AC218C6E6105477484C6FDBE7D409A4 ] IPBusEnum       C:\Windows\system32\ipbusenum.dll
16:48:27.0076 6320  IPBusEnum - ok
16:48:27.0106 6320  [ 62C265C38769B864CB25B4BCF62DF6C3 ] IpFilterDriver  C:\Windows\system32\DRIVERS\ipfltdrv.sys
16:48:27.0126 6320  IpFilterDriver - ok
16:48:27.0146 6320  [ 1998BD97F950680BB55F55A7244679C2 ] iphlpsvc        C:\Windows\System32\iphlpsvc.dll
16:48:27.0198 6320  iphlpsvc - ok
16:48:27.0201 6320  IpInIp - ok
16:48:27.0238 6320  [ 40F34F8ABA2A015D780E4B09138B6C17 ] IPMIDRV         C:\Windows\system32\drivers\ipmidrv.sys
16:48:27.0285 6320  IPMIDRV - ok
16:48:27.0301 6320  [ 8793643A67B42CEC66490B2A0CF92D68 ] IPNAT           C:\Windows\system32\DRIVERS\ipnat.sys
16:48:27.0338 6320  IPNAT - ok
16:48:27.0380 6320  [ BC0EA61246F8D940FBC5F652D337D6BD ] iPod Service    C:\Program Files\iPod\bin\iPodService.exe
16:48:27.0412 6320  iPod Service - ok
16:48:27.0452 6320  [ 109C0DFB82C3632FBD11949B73AEEAC9 ] IRENUM          C:\Windows\system32\drivers\irenum.sys
16:48:27.0471 6320  IRENUM - ok
16:48:27.0516 6320  [ 2F8ECE2699E7E2070545E9B0960A8ED2 ] isapnp          C:\Windows\system32\drivers\isapnp.sys
16:48:27.0526 6320  isapnp - ok
16:48:27.0566 6320  [ 232FA340531D940AAC623B121A595034 ] iScsiPrt        C:\Windows\system32\DRIVERS\msiscsi.sys
16:48:27.0581 6320  iScsiPrt - ok
16:48:27.0593 6320  [ BCED60D16156E428F8DF8CF27B0DF150 ] iteatapi        C:\Windows\system32\drivers\iteatapi.sys
16:48:27.0603 6320  iteatapi - ok
16:48:27.0619 6320  [ 06FA654504A498C30ADCA8BEC4E87E7E ] iteraid         C:\Windows\system32\drivers\iteraid.sys
16:48:27.0629 6320  iteraid - ok
16:48:27.0668 6320  [ 37605E0A8CF00CBBA538E753E4344C6E ] kbdclass        C:\Windows\system32\DRIVERS\kbdclass.sys
16:48:27.0679 6320  kbdclass - ok
16:48:27.0716 6320  [ EDE59EC70E25C24581ADD1FBEC7325F7 ] kbdhid          C:\Windows\system32\DRIVERS\kbdhid.sys
16:48:27.0741 6320  kbdhid - ok
16:48:27.0788 6320  [ A3E186B4B935905B829219502557314E ] KeyIso          C:\Windows\system32\lsass.exe
16:48:27.0838 6320  KeyIso - ok
16:48:27.0870 6320  [ 4A1445EFA932A3BAF5BDB02D7131EE20 ] KSecDD          C:\Windows\system32\Drivers\ksecdd.sys
16:48:27.0890 6320  KSecDD - ok
16:48:27.0947 6320  [ 8078F8F8F7A79E2E6B494523A828C585 ] KtmRm           C:\Windows\system32\msdtckrm.dll
16:48:27.0987 6320  KtmRm - ok
16:48:28.0026 6320  [ 1BF5EEBFD518DD7298434D8C862F825D ] LanmanServer    C:\Windows\system32\srvsvc.dll
16:48:28.0068 6320  LanmanServer - ok
16:48:28.0101 6320  [ 1DB69705B695B987082C8BAEC0C6B34F ] LanmanWorkstation C:\Windows\System32\wkssvc.dll
16:48:28.0134 6320  LanmanWorkstation - ok
16:48:28.0170 6320  [ D1C5883087A0C3F1344D9D55A44901F6 ] lltdio          C:\Windows\system32\DRIVERS\lltdio.sys
16:48:28.0201 6320  lltdio - ok
16:48:28.0224 6320  [ 2D5A428872F1442631D0959A34ABFF63 ] lltdsvc         C:\Windows\System32\lltdsvc.dll
16:48:28.0247 6320  lltdsvc - ok
16:48:28.0276 6320  [ 35D40113E4A5B961B6CE5C5857702518 ] lmhosts         C:\Windows\System32\lmhsvc.dll
16:48:28.0325 6320  lmhosts - ok
16:48:28.0365 6320  [ A2262FB9F28935E862B4DB46438C80D2 ] LSI_FC          C:\Windows\system32\drivers\lsi_fc.sys
16:48:28.0414 6320  LSI_FC - ok
16:48:28.0441 6320  [ 30D73327D390F72A62F32C103DAF1D6D ] LSI_SAS         C:\Windows\system32\drivers\lsi_sas.sys
16:48:28.0452 6320  LSI_SAS - ok
16:48:28.0462 6320  [ E1E36FEFD45849A95F1AB81DE0159FE3 ] LSI_SCSI        C:\Windows\system32\drivers\lsi_scsi.sys
16:48:28.0473 6320  LSI_SCSI - ok
16:48:28.0503 6320  [ 8F5C7426567798E62A3B3614965D62CC ] luafv           C:\Windows\system32\drivers\luafv.sys
16:48:28.0535 6320  luafv - ok
16:48:28.0559 6320  [ 65E794E86468B61F2BC79ABC48BC4433 ] MBAMProtector   C:\Windows\system32\drivers\mbam.sys
16:48:28.0569 6320  MBAMProtector - ok
16:48:28.0618 6320  [ 0DCF16B1449811EFA47AB52CAC84093C ] MBAMScheduler   C:\Program Files\Malwarebytes' Anti-Malware\mbamscheduler.exe
16:48:28.0634 6320  MBAMScheduler - ok
16:48:28.0671 6320  [ 9EAABA4D601004BEA4DAA6E146E19A96 ] MBAMService     C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe
16:48:28.0692 6320  MBAMService - ok
16:48:28.0730 6320  [ AEF9BABB8A506BC4CE0451A64AADED46 ] Mcx2Svc         C:\Windows\system32\Mcx2Svc.dll
16:48:28.0758 6320  Mcx2Svc - ok
16:48:28.0820 6320  [ 11F714F85530A2BD134074DC30E99FCA ] MDM             C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
16:48:28.0835 6320  MDM - ok
16:48:28.0868 6320  [ D153B14FC6598EAE8422A2037553ADCE ] megasas         C:\Windows\system32\drivers\megasas.sys
16:48:28.0896 6320  megasas - ok
16:48:28.0927 6320  [ 1076FFCFFAAE8385FD62DFCB25AC4708 ] MMCSS           C:\Windows\system32\mmcss.dll
16:48:28.0957 6320  MMCSS - ok
16:48:28.0979 6320  [ E13B5EA0F51BA5B1512EC671393D09BA ] Modem           C:\Windows\system32\drivers\modem.sys
16:48:29.0014 6320  Modem - ok
16:48:29.0046 6320  [ 0A9BB33B56E294F686ABB7C1E4E2D8A8 ] monitor         C:\Windows\system32\DRIVERS\monitor.sys
16:48:29.0080 6320  monitor - ok
16:48:29.0111 6320  [ 5BF6A1326A335C5298477754A506D263 ] mouclass        C:\Windows\system32\DRIVERS\mouclass.sys
16:48:29.0122 6320  mouclass - ok
16:48:29.0160 6320  [ 93B8D4869E12CFBE663915502900876F ] mouhid          C:\Windows\system32\DRIVERS\mouhid.sys
16:48:29.0179 6320  mouhid - ok
16:48:29.0218 6320  [ BDAFC88AA6B92F7842416EA6A48E1600 ] MountMgr        C:\Windows\system32\drivers\mountmgr.sys
16:48:29.0230 6320  MountMgr - ok
16:48:29.0249 6320  [ 583A41F26278D9E0EA548163D6139397 ] mpio            C:\Windows\system32\drivers\mpio.sys
16:48:29.0260 6320  mpio - ok
16:48:29.0293 6320  [ 22241FEBA9B2DEFA669C8CB0A8DD7D2E ] mpsdrv          C:\Windows\system32\drivers\mpsdrv.sys
16:48:29.0310 6320  mpsdrv - ok
16:48:29.0353 6320  [ 5DE62C6E9108F14F6794060A9BDECAEC ] MpsSvc          C:\Windows\system32\mpssvc.dll
16:48:29.0389 6320  MpsSvc - ok
16:48:29.0427 6320  [ 4FBBB70D30FD20EC51F80061703B001E ] Mraid35x        C:\Windows\system32\drivers\mraid35x.sys
16:48:29.0437 6320  Mraid35x - ok
16:48:29.0444 6320  [ 82CEA0395524AACFEB58BA1448E8325C ] MRxDAV          C:\Windows\system32\drivers\mrxdav.sys
16:48:29.0466 6320  MRxDAV - ok
16:48:29.0482 6320  [ 1E94971C4B446AB2290DEB71D01CF0C2 ] mrxsmb          C:\Windows\system32\DRIVERS\mrxsmb.sys
16:48:29.0541 6320  mrxsmb - ok
16:48:29.0562 6320  [ 4FCCB34D793B116423209C0F8B7A3B03 ] mrxsmb10        C:\Windows\system32\DRIVERS\mrxsmb10.sys
16:48:29.0590 6320  mrxsmb10 - ok
16:48:29.0619 6320  [ C3CB1B40AD4A0124D617A1199B0B9D7C ] mrxsmb20        C:\Windows\system32\DRIVERS\mrxsmb20.sys
16:48:29.0641 6320  mrxsmb20 - ok
16:48:29.0666 6320  [ 2681302B63B318CBEA6C82902AC5428C ] msahci          C:\Windows\system32\drivers\msahci.sys
16:48:29.0677 6320  msahci - ok
16:48:29.0695 6320  [ 3FC82A2AE4CC149165A94699183D3028 ] msdsm           C:\Windows\system32\drivers\msdsm.sys
16:48:29.0706 6320  msdsm - ok
16:48:29.0734 6320  [ FD7520CC3A80C5FC8C48852BB24C6DED ] MSDTC           C:\Windows\System32\msdtc.exe
16:48:29.0771 6320  MSDTC - ok
16:48:29.0795 6320  [ A9927F4A46B816C92F461ACB90CF8515 ] Msfs            C:\Windows\system32\drivers\Msfs.sys
16:48:29.0827 6320  Msfs - ok
16:48:29.0856 6320  [ 0F400E306F385C56317357D6DEA56F62 ] msisadrv        C:\Windows\system32\drivers\msisadrv.sys
16:48:29.0866 6320  msisadrv - ok
16:48:29.0898 6320  [ 85466C0757A23D9A9AECDC0755203CB2 ] MSiSCSI         C:\Windows\system32\iscsiexe.dll
16:48:29.0930 6320  MSiSCSI - ok
16:48:29.0933 6320  msiserver - ok
16:48:29.0963 6320  [ D8C63D34D9C9E56C059E24EC7185CC07 ] MSKSSRV         C:\Windows\system32\drivers\MSKSSRV.sys
16:48:29.0997 6320  MSKSSRV - ok
16:48:30.0000 6320  [ 1D373C90D62DDB641D50E55B9E78D65E ] MSPCLOCK        C:\Windows\system32\drivers\MSPCLOCK.sys
16:48:30.0029 6320  MSPCLOCK - ok
16:48:30.0046 6320  [ B572DA05BF4E098D4BBA3A4734FB505B ] MSPQM           C:\Windows\system32\drivers\MSPQM.sys
16:48:30.0082 6320  MSPQM - ok
16:48:30.0118 6320  [ B49456D70555DE905C311BCDA6EC6ADB ] MsRPC           C:\Windows\system32\drivers\MsRPC.sys
16:48:30.0132 6320  MsRPC - ok
16:48:30.0139 6320  [ E384487CB84BE41D09711C30CA79646C ] mssmbios        C:\Windows\system32\DRIVERS\mssmbios.sys
16:48:30.0149 6320  mssmbios - ok
16:48:30.0169 6320  [ 7199C1EEC1E4993CAF96B8C0A26BD58A ] MSTEE           C:\Windows\system32\drivers\MSTEE.sys
16:48:30.0202 6320  MSTEE - ok
16:48:30.0232 6320  [ 6A57B5733D4CB702C8EA4542E836B96C ] Mup             C:\Windows\system32\Drivers\mup.sys
16:48:30.0244 6320  Mup - ok
16:48:30.0292 6320  [ E4EAF0C5C1B41B5C83386CF212CA9584 ] napagent        C:\Windows\system32\qagentRT.dll
16:48:30.0321 6320  napagent - ok
16:48:30.0359 6320  [ 85C44FDFF9CF7E72A40DCB7EC06A4416 ] NativeWifiP     C:\Windows\system32\DRIVERS\nwifi.sys
16:48:30.0373 6320  NativeWifiP - ok
16:48:30.0413 6320  [ 1357274D1883F68300AEADD15D7BBB42 ] NDIS            C:\Windows\system32\drivers\ndis.sys
16:48:30.0436 6320  NDIS - ok
16:48:30.0472 6320  [ 0E186E90404980569FB449BA7519AE61 ] NdisTapi        C:\Windows\system32\DRIVERS\ndistapi.sys
16:48:30.0500 6320  NdisTapi - ok
16:48:30.0535 6320  [ D6973AA34C4D5D76C0430B181C3CD389 ] Ndisuio         C:\Windows\system32\DRIVERS\ndisuio.sys
16:48:30.0567 6320  Ndisuio - ok
16:48:30.0583 6320  [ 818F648618AE34F729FDB47EC68345C3 ] NdisWan         C:\Windows\system32\DRIVERS\ndiswan.sys
16:48:30.0600 6320  NdisWan - ok
16:48:30.0603 6320  [ 71DAB552B41936358F3B541AE5997FB3 ] NDProxy         C:\Windows\system32\drivers\NDProxy.sys
16:48:30.0632 6320  NDProxy - ok
16:48:30.0650 6320  [ A081CB6FB9A12668F233EB5414BE3A0E ] Net Driver HPZ12 C:\Windows\system32\HPZinw12.dll
16:48:30.0659 6320  Net Driver HPZ12 ( UnsignedFile.Multi.Generic ) - warning
16:48:30.0659 6320  Net Driver HPZ12 - detected UnsignedFile.Multi.Generic (1)
16:48:30.0683 6320  [ BCD093A5A6777CF626434568DC7DBA78 ] NetBIOS         C:\Windows\system32\DRIVERS\netbios.sys
16:48:30.0702 6320  NetBIOS - ok
16:48:30.0731 6320  [ ECD64230A59CBD93C85F1CD1CAB9F3F6 ] netbt           C:\Windows\system32\DRIVERS\netbt.sys
16:48:30.0754 6320  netbt - ok
16:48:30.0770 6320  [ A3E186B4B935905B829219502557314E ] Netlogon        C:\Windows\system32\lsass.exe
16:48:30.0782 6320  Netlogon - ok
16:48:30.0800 6320  [ C8052711DAECC48B982434C5116CA401 ] Netman          C:\Windows\System32\netman.dll
16:48:30.0833 6320  Netman - ok
16:48:30.0849 6320  [ 2EF3BBE22E5A5ACD1428EE387A0D0172 ] netprofm        C:\Windows\System32\netprofm.dll
16:48:30.0885 6320  netprofm - ok
16:48:30.0913 6320  [ D6C4E4A39A36029AC0813D476FBD0248 ] NetTcpPortSharing C:\Windows\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\SMSvcHost.exe
16:48:30.0924 6320  NetTcpPortSharing - ok
16:48:30.0944 6320  [ 2E7FB731D4790A1BC6270ACCEFACB36E ] nfrd960         C:\Windows\system32\drivers\nfrd960.sys
16:48:30.0954 6320  nfrd960 - ok
16:48:30.0966 6320  [ 2997B15415F9BBE05B5A4C1C85E0C6A2 ] NlaSvc          C:\Windows\System32\nlasvc.dll
16:48:30.0989 6320  NlaSvc - ok
16:48:31.0013 6320  [ D36F239D7CCE1931598E8FB90A0DBC26 ] Npfs            C:\Windows\system32\drivers\Npfs.sys
16:48:31.0028 6320  Npfs - ok
16:48:31.0067 6320  [ 8BB86F0C7EEA2BDED6FE095D0B4CA9BD ] nsi             C:\Windows\system32\nsisvc.dll
16:48:31.0096 6320  nsi - ok
16:48:31.0106 6320  [ 609773E344A97410CE4EBF74A8914FCF ] nsiproxy        C:\Windows\system32\drivers\nsiproxy.sys
16:48:31.0133 6320  nsiproxy - ok
16:48:31.0164 6320  [ 6A4A98CEE84CF9E99564510DDA4BAA47 ] Ntfs            C:\Windows\system32\drivers\Ntfs.sys
16:48:31.0214 6320  Ntfs - ok
16:48:31.0229 6320  [ E875C093AEC0C978A90F30C9E0DFBB72 ] ntrigdigi       C:\Windows\system32\drivers\ntrigdigi.sys
16:48:31.0272 6320  ntrigdigi - ok
16:48:31.0284 6320  [ C5DBBCDA07D780BDA9B685DF333BB41E ] Null            C:\Windows\system32\drivers\Null.sys
16:48:31.0304 6320  Null - ok
16:48:31.0529 6320  [ AFB33A823AABC112FC7BD62AFBCDB0CD ] nvlddmkm        C:\Windows\system32\DRIVERS\nvlddmkm.sys
16:48:31.0996 6320  nvlddmkm - ok
16:48:32.0010 6320  [ E69E946F80C1C31C53003BFBF50CBB7C ] nvraid          C:\Windows\system32\drivers\nvraid.sys
16:48:32.0021 6320  nvraid - ok
16:48:32.0035 6320  [ 9E0BA19A28C498A6D323D065DB76DFFC ] nvstor          C:\Windows\system32\drivers\nvstor.sys
16:48:32.0045 6320  nvstor - ok
16:48:32.0080 6320  [ 782945716AD010AC3D41758E8E52C735 ] nvsvc           C:\Windows\system32\nvvsvc.exe
16:48:32.0113 6320  nvsvc - ok
16:48:32.0205 6320  [ A974E5C310B9B00894070CEB055D467F ] nvUpdatusService C:\Program Files\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe
16:48:32.0254 6320  nvUpdatusService - ok
16:48:32.0291 6320  [ 055081FD5076401C1EE1BCAB08D81911 ] nv_agp          C:\Windows\system32\drivers\nv_agp.sys
16:48:32.0302 6320  nv_agp - ok
16:48:32.0305 6320  NwlnkFlt - ok
16:48:32.0308 6320  NwlnkFwd - ok
16:48:32.0407 6320  [ 785F487A64950F3CB8E9F16253BA3B7B ] odserv          C:\Program Files\Common Files\Microsoft Shared\OFFICE12\ODSERV.EXE
16:48:32.0425 6320  odserv - ok
16:48:32.0465 6320  [ 6F310E890D46E246E0E261A63D9B36B4 ] ohci1394        C:\Windows\system32\DRIVERS\ohci1394.sys
16:48:32.0495 6320  ohci1394 - ok
16:48:32.0573 6320  [ 5A432A042DAE460ABE7199B758E8606C ] ose             C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE
16:48:32.0584 6320  ose - ok
16:48:32.0621 6320  [ 0C8E8E61AD1EB0B250B846712C917506 ] p2pimsvc        C:\Windows\system32\p2psvc.dll
16:48:32.0669 6320  p2pimsvc - ok
16:48:32.0721 6320  [ 0C8E8E61AD1EB0B250B846712C917506 ] p2psvc          C:\Windows\system32\p2psvc.dll
16:48:32.0740 6320  p2psvc - ok
16:48:32.0775 6320  [ 0FA9B5055484649D63C303FE404E5F4D ] Parport         C:\Windows\system32\drivers\parport.sys
16:48:32.0851 6320  Parport - ok
16:48:32.0885 6320  [ B9C2B89F08670E159F7181891E449CD9 ] partmgr         C:\Windows\system32\drivers\partmgr.sys
16:48:32.0897 6320  partmgr - ok
16:48:32.0905 6320  [ 4F9A6A8A31413180D0FCB279AD5D8112 ] Parvdm          C:\Windows\system32\drivers\parvdm.sys
16:48:32.0944 6320  Parvdm - ok
16:48:32.0977 6320  [ C6276AD11F4BB49B58AA1ED88537F14A ] PcaSvc          C:\Windows\System32\pcasvc.dll
16:48:33.0031 6320  PcaSvc - ok
16:48:33.0047 6320  [ 941DC1D19E7E8620F40BBC206981EFDB ] pci             C:\Windows\system32\drivers\pci.sys
16:48:33.0060 6320  pci - ok
16:48:33.0093 6320  [ 1636D43F10416AEB483BC6001097B26C ] pciide          C:\Windows\system32\drivers\pciide.sys
16:48:33.0104 6320  pciide - ok
16:48:33.0124 6320  [ E6F3FB1B86AA519E7698AD05E58B04E5 ] pcmcia          C:\Windows\system32\drivers\pcmcia.sys
16:48:33.0136 6320  pcmcia - ok
16:48:33.0168 6320  [ 6349F6ED9C623B44B52EA3C63C831A92 ] PEAUTH          C:\Windows\system32\drivers\peauth.sys
16:48:33.0239 6320  PEAUTH - ok
16:48:33.0299 6320  [ B1689DF169143F57053F795390C99DB3 ] pla             C:\Windows\system32\pla.dll
16:48:33.0377 6320  pla - ok
16:48:33.0439 6320  [ C5E7F8A996EC0A82D508FD9064A5569E ] PlugPlay        C:\Windows\system32\umpnpmgr.dll
16:48:33.0493 6320  PlugPlay - ok
16:48:33.0519 6320  [ 65BC271F337637731D3C71455AE1F476 ] Pml Driver HPZ12 C:\Windows\system32\HPZipm12.dll
16:48:33.0534 6320  Pml Driver HPZ12 ( UnsignedFile.Multi.Generic ) - warning
16:48:33.0534 6320  Pml Driver HPZ12 - detected UnsignedFile.Multi.Generic (1)
16:48:33.0554 6320  [ 0C8E8E61AD1EB0B250B846712C917506 ] PNRPAutoReg     C:\Windows\system32\p2psvc.dll
16:48:33.0574 6320  PNRPAutoReg - ok
16:48:33.0620 6320  [ 0C8E8E61AD1EB0B250B846712C917506 ] PNRPsvc         C:\Windows\system32\p2psvc.dll
16:48:33.0641 6320  PNRPsvc - ok
16:48:33.0688 6320  [ D0494460421A03CD5225CCA0059AA146 ] PolicyAgent     C:\Windows\System32\ipsecsvc.dll
16:48:33.0711 6320  PolicyAgent - ok
16:48:33.0750 6320  [ ECFFFAEC0C1ECD8DBC77F39070EA1DB1 ] PptpMiniport    C:\Windows\system32\DRIVERS\raspptp.sys
16:48:33.0779 6320  PptpMiniport - ok
16:48:33.0813 6320  [ 0E3CEF5D28B40CF273281D620C50700A ] Processor       C:\Windows\system32\drivers\processr.sys
16:48:33.0863 6320  Processor - ok
16:48:33.0899 6320  [ 0508FAA222D28835310B7BFCA7A77346 ] ProfSvc         C:\Windows\system32\profsvc.dll
16:48:33.0927 6320  ProfSvc - ok
16:48:33.0935 6320  [ A3E186B4B935905B829219502557314E ] ProtectedStorage C:\Windows\system32\lsass.exe
16:48:33.0946 6320  ProtectedStorage - ok
16:48:33.0985 6320  [ 99514FAA8DF93D34B5589187DB3AA0BA ] PSched          C:\Windows\system32\DRIVERS\pacer.sys
16:48:34.0013 6320  PSched - ok
16:48:34.0029 6320  [ 03E0FE281823BA64B3782F5B38950E73 ] PxHelp20        C:\Windows\system32\Drivers\PxHelp20.sys
16:48:34.0038 6320  PxHelp20 - ok
16:48:34.0071 6320  [ CCDAC889326317792480C0A67156A1EC ] ql2300          C:\Windows\system32\drivers\ql2300.sys
16:48:34.0118 6320  ql2300 - ok
16:48:34.0139 6320  [ 81A7E5C076E59995D54BC1ED3A16E60B ] ql40xx          C:\Windows\system32\drivers\ql40xx.sys
16:48:34.0150 6320  ql40xx - ok
16:48:34.0176 6320  [ E9ECAE663F47E6CB43962D18AB18890F ] QWAVE           C:\Windows\system32\qwave.dll
16:48:34.0203 6320  QWAVE - ok
16:48:34.0238 6320  [ 9F5E0E1926014D17486901C88ECA2DB7 ] QWAVEdrv        C:\Windows\system32\drivers\qwavedrv.sys
16:48:34.0257 6320  QWAVEdrv - ok
16:48:34.0334 6320  [ 63FC6A312BB0FBBBF355CB5D4A1C7764 ] R300            C:\Windows\system32\DRIVERS\atikmdag.sys
16:48:34.0391 6320  R300 - ok
16:48:34.0429 6320  [ 147D7F9C556D259924351FEB0DE606C3 ] RasAcd          C:\Windows\system32\DRIVERS\rasacd.sys
16:48:34.0449 6320  RasAcd - ok
16:48:34.0460 6320  [ F6A452EB4CEADBB51C9E0EE6B3ECEF0F ] RasAuto         C:\Windows\System32\rasauto.dll
16:48:34.0491 6320  RasAuto - ok
16:48:34.0507 6320  [ A214ADBAF4CB47DD2728859EF31F26B0 ] Rasl2tp         C:\Windows\system32\DRIVERS\rasl2tp.sys
16:48:34.0535 6320  Rasl2tp - ok
16:48:34.0578 6320  [ 75D47445D70CA6F9F894B032FBC64FCF ] RasMan          C:\Windows\System32\rasmans.dll
16:48:34.0602 6320  RasMan - ok
16:48:34.0606 6320  [ 509A98DD18AF4375E1FC40BC175F1DEF ] RasPppoe        C:\Windows\system32\DRIVERS\raspppoe.sys
16:48:34.0632 6320  RasPppoe - ok
16:48:34.0649 6320  [ 2005F4A1E05FA09389AC85840F0A9E4D ] RasSstp         C:\Windows\system32\DRIVERS\rassstp.sys
16:48:34.0672 6320  RasSstp - ok
16:48:34.0698 6320  [ B14C9D5B9ADD2F84F70570BBBFAA7935 ] rdbss           C:\Windows\system32\DRIVERS\rdbss.sys
16:48:34.0724 6320  rdbss - ok
16:48:34.0759 6320  [ 89E59BE9A564262A3FB6C4F4F1CD9899 ] RDPCDD          C:\Windows\system32\DRIVERS\RDPCDD.sys
16:48:34.0778 6320  RDPCDD - ok
16:48:34.0810 6320  [ 0245418224CFA77BF4B41C2FE0622258 ] rdpdr           C:\Windows\system32\drivers\rdpdr.sys
16:48:34.0849 6320  rdpdr - ok
16:48:34.0859 6320  [ 9D91FE5286F748862ECFFA05F8A0710C ] RDPENCDD        C:\Windows\system32\drivers\rdpencdd.sys
16:48:34.0895 6320  RDPENCDD - ok
16:48:34.0925 6320  [ C127EBD5AFAB31524662C48DFCEB773A ] RDPWD           C:\Windows\system32\drivers\RDPWD.sys
16:48:34.0974 6320  RDPWD - ok
16:48:35.0008 6320  [ BCDD6B4804D06B1F7EBF29E53A57ECE9 ] RemoteAccess    C:\Windows\System32\mprdim.dll
16:48:35.0029 6320  RemoteAccess - ok
16:48:35.0040 6320  [ 9E6894EA18DAFF37B63E1005F83AE4AB ] RemoteRegistry  C:\Windows\system32\regsvc.dll
16:48:35.0064 6320  RemoteRegistry - ok
16:48:35.0081 6320  [ 5123F83CBC4349D065534EEB6BBDC42B ] RpcLocator      C:\Windows\system32\locator.exe
16:48:35.0092 6320  RpcLocator - ok
16:48:35.0138 6320  [ 3B5B4D53FEC14F7476CA29A20CC31AC9 ] RpcSs           C:\Windows\system32\rpcss.dll
16:48:35.0174 6320  RpcSs - ok
16:48:35.0210 6320  [ 9C508F4074A39E8B4B31D27198146FAD ] rspndr          C:\Windows\system32\DRIVERS\rspndr.sys
16:48:35.0239 6320  rspndr - ok
16:48:35.0251 6320  [ A3E186B4B935905B829219502557314E ] SamSs           C:\Windows\system32\lsass.exe
16:48:35.0262 6320  SamSs - ok
16:48:35.0288 6320  [ 3CE8F073A557E172B330109436984E30 ] sbp2port        C:\Windows\system32\drivers\sbp2port.sys
16:48:35.0298 6320  sbp2port - ok
16:48:35.0328 6320  [ 77B7A11A0C3D78D3386398FBBEA1B632 ] SCardSvr        C:\Windows\System32\SCardSvr.dll
16:48:35.0357 6320  SCardSvr - ok
16:48:35.0406 6320  [ 1A58069DB21D05EB2AB58EE5753EBE8D ] Schedule        C:\Windows\system32\schedsvc.dll
16:48:35.0554 6320  Schedule - ok
16:48:35.0585 6320  [ 312EC3E37A0A1F2006534913E37B4423 ] SCPolicySvc     C:\Windows\System32\certprop.dll
16:48:35.0600 6320  SCPolicySvc - ok
16:48:35.0638 6320  [ 716313D9F6B0529D03F726D5AAF6F191 ] SDRSVC          C:\Windows\System32\SDRSVC.dll
16:48:35.0714 6320  SDRSVC - ok
16:48:35.0735 6320  [ 90A3935D05B494A5A39D37E71F09A677 ] secdrv          C:\Windows\system32\drivers\secdrv.sys
16:48:35.0768 6320  secdrv - ok
16:48:35.0778 6320  [ FD5199D4D8A521005E4B5EE7FE00FA9B ] seclogon        C:\Windows\system32\seclogon.dll
16:48:35.0800 6320  seclogon - ok
16:48:35.0833 6320  [ A9BBAB5759771E523F55563D6CBE140F ] SENS            C:\Windows\System32\sens.dll
16:48:35.0869 6320  SENS - ok
16:48:35.0888 6320  [ 68E44E331D46F0FB38F0863A84CD1A31 ] Serenum         C:\Windows\system32\drivers\serenum.sys
16:48:35.0922 6320  Serenum - ok
16:48:35.0941 6320  [ C70D69A918B178D3C3B06339B40C2E1B ] Serial          C:\Windows\system32\drivers\serial.sys
16:48:35.0977 6320  Serial - ok
16:48:35.0995 6320  [ 8AF3D28A879BF75DB53A0EE7A4289624 ] sermouse        C:\Windows\system32\drivers\sermouse.sys
16:48:36.0015 6320  sermouse - ok
16:48:36.0070 6320  [ D2193326F729B163125610DBF3E17D57 ] SessionEnv      C:\Windows\system32\sessenv.dll
16:48:36.0097 6320  SessionEnv - ok
16:48:36.0125 6320  [ 51CF56AA8BCC241F134B420B8F850406 ] sffdisk         C:\Windows\system32\drivers\sffdisk.sys
16:48:36.0175 6320  sffdisk - ok
16:48:36.0187 6320  [ 96DED8B20C734AC41641CE275250E55D ] sffp_mmc        C:\Windows\system32\drivers\sffp_mmc.sys
16:48:36.0208 6320  sffp_mmc - ok
16:48:36.0224 6320  [ 8B08CAB1267B2C377883FC9E56981F90 ] sffp_sd         C:\Windows\system32\drivers\sffp_sd.sys
16:48:36.0248 6320  sffp_sd - ok
16:48:36.0280 6320  [ 46ED8E91793B2E6F848015445A0AC188 ] sfloppy         C:\Windows\system32\drivers\sfloppy.sys
16:48:36.0335 6320  sfloppy - ok
16:48:36.0357 6320  [ E1499BD0FF76B1B2FBBF1AF339D91165 ] SharedAccess    C:\Windows\System32\ipnathlp.dll
16:48:36.0384 6320  SharedAccess - ok
16:48:36.0434 6320  [ C7230FBEE14437716701C15BE02C27B8 ] ShellHWDetection C:\Windows\System32\shsvcs.dll
16:48:36.0483 6320  ShellHWDetection - ok
16:48:36.0513 6320  [ 08072B2FB92477FC813271A84B3A8698 ] sisagp          C:\Windows\system32\drivers\sisagp.sys
16:48:36.0524 6320  sisagp - ok
16:48:36.0542 6320  [ CEDD6F4E7D84E9F98B34B3FE988373AA ] SiSRaid2        C:\Windows\system32\drivers\sisraid2.sys
16:48:36.0556 6320  SiSRaid2 - ok
16:48:36.0585 6320  [ DF843C528C4F69D12CE41CE462E973A7 ] SiSRaid4        C:\Windows\system32\drivers\sisraid4.sys
16:48:36.0596 6320  SiSRaid4 - ok
16:48:36.0698 6320  [ 862BB4CBC05D80C5B45BE430E5EF872F ] slsvc           C:\Windows\system32\SLsvc.exe
16:48:36.0897 6320  slsvc - ok
16:48:36.0934 6320  [ 6EDC422215CD78AA8A9CDE6B30ABBD35 ] SLUINotify      C:\Windows\system32\SLUINotify.dll
16:48:36.0958 6320  SLUINotify - ok
16:48:36.0973 6320  [ 7B75299A4D201D6A6533603D6914AB04 ] Smb             C:\Windows\system32\DRIVERS\smb.sys
16:48:36.0997 6320  Smb - ok
16:48:37.0023 6320  [ 2A146A055B4401C16EE62D18B8E2A032 ] SNMPTRAP        C:\Windows\System32\snmptrap.exe
16:48:37.0034 6320  SNMPTRAP - ok
16:48:37.0066 6320  [ 7AEBDEEF071FE28B0EEF2CDD69102BFF ] spldr           C:\Windows\system32\drivers\spldr.sys
16:48:37.0077 6320  spldr - ok
16:48:37.0112 6320  [ 8554097E5136C3BF9F69FE578A1B35F4 ] Spooler         C:\Windows\System32\spoolsv.exe
16:48:37.0168 6320  Spooler - ok
16:48:37.0199 6320  sprtsvc_dellsupportcenter - ok
16:48:37.0254 6320  [ 41987F9FC0E61ADF54F581E15029AD91 ] srv             C:\Windows\system32\DRIVERS\srv.sys
16:48:37.0295 6320  srv - ok
16:48:37.0308 6320  [ FF33AFF99564B1AA534F58868CBE41EF ] srv2            C:\Windows\system32\DRIVERS\srv2.sys
16:48:37.0346 6320  srv2 - ok
16:48:37.0379 6320  [ 7605C0E1D01A08F3ECD743F38B834A44 ] srvnet          C:\Windows\system32\DRIVERS\srvnet.sys
16:48:37.0400 6320  srvnet - ok
16:48:37.0447 6320  [ 03D50B37234967433A5EA5BA72BC0B62 ] SSDPSRV         C:\Windows\System32\ssdpsrv.dll
16:48:37.0479 6320  SSDPSRV - ok
16:48:37.0501 6320  [ 6F1A32E7B7B30F004D9A20AFADB14944 ] SstpSvc         C:\Windows\system32\sstpsvc.dll
16:48:37.0526 6320  SstpSvc - ok
16:48:37.0567 6320  [ C354621B6B94E10AE7F5CDBE745FEB86 ] Stereo Service  C:\Program Files\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe
16:48:37.0584 6320  Stereo Service - ok
16:48:37.0627 6320  [ 5DE7D67E49B88F5F07F3E53C4B92A352 ] stisvc          C:\Windows\System32\wiaservc.dll
16:48:37.0648 6320  stisvc - ok
16:48:37.0723 6320  [ 7489520E98A119B5A9A00857F4F87D16 ] stllssvr        C:\Program Files\Common Files\SureThing Shared\stllssvr.exe
16:48:37.0734 6320  stllssvr - ok
16:48:37.0783 6320  [ 7BA58ECF0C0A9A69D44B3DCA62BECF56 ] swenum          C:\Windows\system32\DRIVERS\swenum.sys
16:48:37.0807 6320  swenum - ok
16:48:37.0835 6320  [ F21FD248040681CCA1FB6C9A03AAA93D ] swprv           C:\Windows\System32\swprv.dll
16:48:37.0856 6320  swprv - ok
16:48:37.0888 6320  [ 192AA3AC01DF071B541094F251DEED10 ] Symc8xx         C:\Windows\system32\drivers\symc8xx.sys
16:48:37.0898 6320  Symc8xx - ok
16:48:37.0922 6320  [ 8C8EB8C76736EBAF3B13B633B2E64125 ] Sym_hi          C:\Windows\system32\drivers\sym_hi.sys
16:48:37.0943 6320  Sym_hi - ok
16:48:37.0968 6320  [ 8072AF52B5FD103BBBA387A1E49F62CB ] Sym_u3          C:\Windows\system32\drivers\sym_u3.sys
16:48:37.0984 6320  Sym_u3 - ok
16:48:38.0001 6320  [ 9A51B04E9886AA4EE90093586B0BA88D ] SysMain         C:\Windows\system32\sysmain.dll
16:48:38.0035 6320  SysMain - ok
16:48:38.0063 6320  [ 2DCA225EAE15F42C0933E998EE0231C3 ] TabletInputService C:\Windows\System32\TabSvc.dll
16:48:38.0090 6320  TabletInputService - ok
16:48:38.0128 6320  [ D7673E4B38CE21EE54C59EEEB65E2483 ] TapiSrv         C:\Windows\System32\tapisrv.dll
16:48:38.0154 6320  TapiSrv - ok
16:48:38.0185 6320  [ CB05822CD9CC6C688168E113C603DBE7 ] TBS             C:\Windows\System32\tbssvc.dll
16:48:38.0217 6320  TBS - ok
16:48:38.0278 6320  [ 27D470DABC77BC60D0A3B0E4DEB6CB91 ] Tcpip           C:\Windows\system32\drivers\tcpip.sys
16:48:38.0316 6320  Tcpip - ok
16:48:38.0378 6320  [ 27D470DABC77BC60D0A3B0E4DEB6CB91 ] Tcpip6          C:\Windows\system32\DRIVERS\tcpip.sys
16:48:38.0402 6320  Tcpip6 - ok
16:48:38.0437 6320  [ 608C345A255D82A6289C2D468EB41FD7 ] tcpipreg        C:\Windows\system32\drivers\tcpipreg.sys
16:48:38.0496 6320  tcpipreg - ok
16:48:38.0558 6320  [ 5DCF5E267BE67A1AE926F2DF77FBCC56 ] TDPIPE          C:\Windows\system32\drivers\tdpipe.sys
16:48:38.0577 6320  TDPIPE - ok
16:48:38.0613 6320  [ 389C63E32B3CEFED425B61ED92D3F021 ] TDTCP           C:\Windows\system32\drivers\tdtcp.sys
16:48:38.0745 6320  TDTCP - ok
16:48:38.0783 6320  [ 76B06EB8A01FC8624D699E7045303E54 ] tdx             C:\Windows\system32\DRIVERS\tdx.sys
16:48:38.0806 6320  tdx - ok
16:48:38.0845 6320  [ 3CAD38910468EAB9A6479E2F01DB43C7 ] TermDD          C:\Windows\system32\DRIVERS\termdd.sys
16:48:38.0857 6320  TermDD - ok
16:48:38.0869 6320  [ BB95DA09BEF6E7A131BFF3BA5032090D ] TermService     C:\Windows\System32\termsrv.dll
16:48:38.0894 6320  TermService - ok
16:48:38.0924 6320  [ C7230FBEE14437716701C15BE02C27B8 ] Themes          C:\Windows\system32\shsvcs.dll
16:48:38.0938 6320  Themes - ok
16:48:38.0947 6320  [ 1076FFCFFAAE8385FD62DFCB25AC4708 ] THREADORDER     C:\Windows\system32\mmcss.dll
16:48:38.0966 6320  THREADORDER - ok
16:48:39.0000 6320  [ EC74E77D0EB004BD3A809B5F8FB8C2CE ] TrkWks          C:\Windows\System32\trkwks.dll
16:48:39.0034 6320  TrkWks - ok
16:48:39.0086 6320  [ 97D9D6A04E3AD9B6C626B9931DB78DBA ] TrustedInstaller C:\Windows\servicing\TrustedInstaller.exe
16:48:39.0102 6320  TrustedInstaller - ok
16:48:39.0136 6320  [ DCF0F056A2E4F52287264F5AB29CF206 ] tssecsrv        C:\Windows\system32\DRIVERS\tssecsrv.sys
16:48:39.0174 6320  tssecsrv - ok
16:48:39.0275 6320  [ 876A1FE7A7CA957E84C3AF797F2E7FC5 ] TuneUp.UtilitiesSvc C:\Program Files\TuneUp Utilities 2011\TuneUpUtilitiesService32.exe
16:48:39.0336 6320  TuneUp.UtilitiesSvc - ok
16:48:39.0387 6320  [ F2107C9D85EC0DF116939CCCE06AE697 ] TuneUpUtilitiesDrv C:\Program Files\TuneUp Utilities 2011\TuneUpUtilitiesDriver32.sys
16:48:39.0395 6320  TuneUpUtilitiesDrv - ok
16:48:39.0414 6320  [ CAECC0120AC49E3D2F758B9169872D38 ] tunmp           C:\Windows\system32\DRIVERS\tunmp.sys
16:48:39.0437 6320  tunmp - ok
16:48:39.0440 6320  [ 300DB877AC094FEAB0BE7688C3454A9C ] tunnel          C:\Windows\system32\DRIVERS\tunnel.sys
16:48:39.0451 6320  tunnel - ok
16:48:39.0475 6320  [ C3ADE15414120033A36C0F293D4A4121 ] uagp35          C:\Windows\system32\drivers\uagp35.sys
16:48:39.0485 6320  uagp35 - ok
16:48:39.0516 6320  [ D9728AF68C4C7693CB100B8441CBDEC6 ] udfs            C:\Windows\system32\DRIVERS\udfs.sys
16:48:39.0551 6320  udfs - ok
16:48:39.0607 6320  [ ECEF404F62863755951E09C802C94AD5 ] UI0Detect       C:\Windows\system32\UI0Detect.exe
16:48:39.0628 6320  UI0Detect - ok
16:48:39.0654 6320  [ 6D72EF05921ABDF59FC45C7EBFE7E8DD ] uliagpkx        C:\Windows\system32\drivers\uliagpkx.sys
16:48:39.0664 6320  uliagpkx - ok
16:48:39.0691 6320  [ 3CD4EA35A6221B85DCC25DAA46313F8D ] uliahci         C:\Windows\system32\drivers\uliahci.sys
16:48:39.0705 6320  uliahci - ok
16:48:39.0729 6320  [ 8514D0E5CD0534467C5FC61BE94A569F ] UlSata          C:\Windows\system32\drivers\ulsata.sys
16:48:39.0741 6320  UlSata - ok
16:48:39.0760 6320  [ 38C3C6E62B157A6BC46594FADA45C62B ] ulsata2         C:\Windows\system32\drivers\ulsata2.sys
16:48:39.0771 6320  ulsata2 - ok
16:48:39.0794 6320  [ 32CFF9F809AE9AED85464492BF3E32D2 ] umbus           C:\Windows\system32\DRIVERS\umbus.sys
16:48:39.0814 6320  umbus - ok
16:48:39.0888 6320  [ 68308183F4AE0BE7BF8ECD07CB297999 ] upnphost        C:\Windows\System32\upnphost.dll
16:48:39.0922 6320  upnphost - ok
16:48:39.0938 6320  [ 73B41F4EAD65F355962168D766AF0F2E ] USBAAPL         C:\Windows\system32\Drivers\usbaapl.sys
16:48:39.0969 6320  USBAAPL - ok
16:48:39.0997 6320  [ CAF811AE4C147FFCD5B51750C7F09142 ] usbccgp         C:\Windows\system32\DRIVERS\usbccgp.sys
16:48:40.0026 6320  usbccgp - ok
16:48:40.0071 6320  [ E9476E6C486E76BC4898074768FB7131 ] usbcir          C:\Windows\system32\drivers\usbcir.sys
16:48:40.0116 6320  usbcir - ok
16:48:40.0134 6320  [ 79E96C23A97CE7B8F14D310DA2DB0C9B ] usbehci         C:\Windows\system32\DRIVERS\usbehci.sys
16:48:40.0151 6320  usbehci - ok
16:48:40.0173 6320  [ 4673BBCB006AF60E7ABDDBE7A130BA42 ] usbhub          C:\Windows\system32\DRIVERS\usbhub.sys
16:48:40.0192 6320  usbhub - ok
16:48:40.0209 6320  [ 38DBC7DD6CC5A72011F187425384388B ] usbohci         C:\Windows\system32\drivers\usbohci.sys
16:48:40.0255 6320  usbohci - ok
16:48:40.0288 6320  [ E75C4B5269091D15A2E7DC0B6D35F2F5 ] usbprint        C:\Windows\system32\DRIVERS\usbprint.sys
16:48:40.0318 6320  usbprint - ok
16:48:40.0357 6320  [ BE3DA31C191BC222D9AD503C5224F2AD ] USBSTOR         C:\Windows\system32\DRIVERS\USBSTOR.SYS
16:48:40.0374 6320  USBSTOR - ok
16:48:40.0408 6320  [ 814D653EFC4D48BE3B04A307ECEFF56F ] usbuhci         C:\Windows\system32\DRIVERS\usbuhci.sys
16:48:40.0423 6320  usbuhci - ok
16:48:40.0460 6320  [ 1509E705F3AC1D474C92454A5C2DD81F ] UxSms           C:\Windows\System32\uxsms.dll
16:48:40.0483 6320  UxSms - ok
16:48:40.0529 6320  [ 907C6BCE7A235B128A585040B5E7D319 ] UxTuneUp        C:\Windows\System32\uxtuneup.dll
16:48:40.0537 6320  UxTuneUp - ok
16:48:40.0570 6320  [ CD88D1B7776DC17A119049742EC07EB4 ] vds             C:\Windows\System32\vds.exe
16:48:40.0600 6320  vds - ok
16:48:40.0658 6320  [ 7D92BE0028ECDEDEC74617009084B5EF ] vga             C:\Windows\system32\DRIVERS\vgapnp.sys
16:48:40.0708 6320  vga - ok
16:48:40.0739 6320  [ 2E93AC0A1D8C79D019DB6C51F036636C ] VgaSave         C:\Windows\System32\drivers\vga.sys
16:48:40.0766 6320  VgaSave - ok
16:48:40.0814 6320  [ D5929A28BDFF4367A12CAF06AF901971 ] viaagp          C:\Windows\system32\drivers\viaagp.sys
16:48:40.0824 6320  viaagp - ok
16:48:40.0833 6320  [ 56A4DE5F02F2E88182B0981119B4DD98 ] ViaC7           C:\Windows\system32\drivers\viac7.sys
16:48:40.0866 6320  ViaC7 - ok
16:48:40.0888 6320  [ 689547CE911998D1E0DA7A5992E025FC ] viaide          C:\Windows\system32\drivers\viaide.sys
16:48:40.0899 6320  viaide - ok
16:48:40.0925 6320  [ 69503668AC66C77C6CD7AF86FBDF8C43 ] volmgr          C:\Windows\system32\drivers\volmgr.sys
16:48:40.0936 6320  volmgr - ok
16:48:40.0953 6320  [ 23E41B834759917BFD6B9A0D625D0C28 ] volmgrx         C:\Windows\system32\drivers\volmgrx.sys
16:48:40.0970 6320  volmgrx - ok
16:48:40.0991 6320  [ 147281C01FCB1DF9252DE2A10D5E7093 ] volsnap         C:\Windows\system32\drivers\volsnap.sys
16:48:41.0006 6320  volsnap - ok
16:48:41.0029 6320  [ D984439746D42B30FC65A4C3546C6829 ] vsmraid         C:\Windows\system32\drivers\vsmraid.sys
16:48:41.0041 6320  vsmraid - ok
16:48:41.0089 6320  [ DB3D19F850C6EB32BDCB9BC0836ACDDB ] VSS             C:\Windows\system32\vssvc.exe
16:48:41.0157 6320  VSS - ok
16:48:41.0205 6320  [ 96EA68B9EB310A69C25EBB0282B2B9DE ] W32Time         C:\Windows\system32\w32time.dll
16:48:41.0235 6320  W32Time - ok
16:48:41.0253 6320  [ 48DFEE8F1AF7C8235D4E626F0C4FE031 ] WacomPen        C:\Windows\system32\drivers\wacompen.sys
16:48:41.0285 6320  WacomPen - ok
16:48:41.0315 6320  [ 55201897378CCA7AF8B5EFD874374A26 ] Wanarp          C:\Windows\system32\DRIVERS\wanarp.sys
16:48:41.0343 6320  Wanarp - ok
16:48:41.0346 6320  [ 55201897378CCA7AF8B5EFD874374A26 ] Wanarpv6        C:\Windows\system32\DRIVERS\wanarp.sys
16:48:41.0362 6320  Wanarpv6 - ok
16:48:41.0379 6320  [ A3CD60FD826381B49F03832590E069AF ] wcncsvc         C:\Windows\System32\wcncsvc.dll
16:48:41.0413 6320  wcncsvc - ok
16:48:41.0459 6320  [ 11BCB7AFCDD7AADACB5746F544D3A9C7 ] WcsPlugInService C:\Windows\System32\WcsPlugInService.dll
16:48:41.0482 6320  WcsPlugInService - ok
16:48:41.0503 6320  [ AFC5AD65B991C1E205CF25CFDBF7A6F4 ] Wd              C:\Windows\system32\drivers\wd.sys
16:48:41.0513 6320  Wd - ok
16:48:41.0550 6320  [ B6F0A7AD6D4BD325FBCD8BAC96CD8D96 ] Wdf01000        C:\Windows\system32\drivers\Wdf01000.sys
16:48:41.0579 6320  Wdf01000 - ok
16:48:41.0608 6320  [ ABFC76B48BB6C96E3338D8943C5D93B5 ] WdiServiceHost  C:\Windows\system32\wdi.dll
16:48:41.0642 6320  WdiServiceHost - ok
16:48:41.0644 6320  [ ABFC76B48BB6C96E3338D8943C5D93B5 ] WdiSystemHost   C:\Windows\system32\wdi.dll
16:48:41.0665 6320  WdiSystemHost - ok
16:48:41.0703 6320  [ 04C37D8107320312FBAE09926103D5E2 ] WebClient       C:\Windows\System32\webclnt.dll
16:48:41.0725 6320  WebClient - ok
16:48:41.0751 6320  [ AE3736E7E8892241C23E4EBBB7453B60 ] Wecsvc          C:\Windows\system32\wecsvc.dll
16:48:41.0834 6320  Wecsvc - ok
16:48:41.0851 6320  [ 670FF720071ED741206D69BD995EA453 ] wercplsupport   C:\Windows\System32\wercplsupport.dll
16:48:41.0899 6320  wercplsupport - ok
16:48:41.0913 6320  [ 32B88481D3B326DA6DEB07B1D03481E7 ] WerSvc          C:\Windows\System32\WerSvc.dll
16:48:41.0945 6320  WerSvc - ok
16:48:41.0992 6320  [ 4575AA12561C5648483403541D0D7F2B ] WinDefend       C:\Program Files\Windows Defender\mpsvc.dll
16:48:42.0007 6320  WinDefend - ok
16:48:42.0019 6320  WinHttpAutoProxySvc - ok
16:48:42.0079 6320  [ 6B2A1D0E80110E3D04E6863C6E62FD8A ] Winmgmt         C:\Windows\system32\wbem\WMIsvc.dll
16:48:42.0099 6320  Winmgmt - ok
16:48:42.0147 6320  [ 7CFE68BDC065E55AA5E8421607037511 ] WinRM           C:\Windows\system32\WsmSvc.dll
16:48:42.0210 6320  WinRM - ok
16:48:42.0287 6320  [ C008405E4FEEB069E30DA1D823910234 ] Wlansvc         C:\Windows\System32\wlansvc.dll
16:48:42.0338 6320  Wlansvc - ok
16:48:42.0432 6320  [ 6067ACEF367E79914AF628FA1E9B5330 ] wlcrasvc        C:\Program Files\Windows Live\Mesh\wlcrasvc.exe
16:48:42.0443 6320  wlcrasvc - ok
16:48:42.0506 6320  [ FB01D4AE207B9EFDBABFC55DC95C7E31 ] wlidsvc         C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
16:48:42.0568 6320  wlidsvc - ok
16:48:42.0639 6320  [ 17EAC0D023A65FA9B02114CC2BAACAD5 ] WmiAcpi         C:\Windows\system32\drivers\wmiacpi.sys
16:48:42.0673 6320  WmiAcpi - ok
16:48:42.0705 6320  [ 43BE3875207DCB62A85C8C49970B66CC ] wmiApSrv        C:\Windows\system32\wbem\WmiApSrv.exe
16:48:42.0723 6320  wmiApSrv - ok
16:48:42.0825 6320  [ 3978704576A121A9204F8CC49A301A9B ] WMPNetworkSvc   C:\Program Files\Windows Media Player\wmpnetwk.exe
16:48:42.0914 6320  WMPNetworkSvc - ok
16:48:42.0949 6320  [ CFC5A04558F5070CEE3E3A7809F3FF52 ] WPCSvc          C:\Windows\System32\wpcsvc.dll
16:48:43.0000 6320  WPCSvc - ok
16:48:43.0054 6320  [ 801FBDB89D472B3C467EB112A0FC9246 ] WPDBusEnum      C:\Windows\system32\wpdbusenum.dll
16:48:43.0088 6320  WPDBusEnum - ok
16:48:43.0121 6320  [ DE9D36F91A4DF3D911626643DEBF11EA ] WpdUsb          C:\Windows\system32\DRIVERS\wpdusb.sys
16:48:43.0136 6320  WpdUsb - ok
16:48:43.0237 6320  [ DCF3E3EDF5109EE8BC02FE6E1F045795 ] WPFFontCache_v0400 C:\Windows\Microsoft.NET\Framework\v4.0.30319\WPF\WPFFontCache_v0400.exe
16:48:43.0268 6320  WPFFontCache_v0400 - ok
16:48:43.0296 6320  [ E3A3CB253C0EC2494D4A61F5E43A389C ] ws2ifsl         C:\Windows\system32\drivers\ws2ifsl.sys
16:48:43.0328 6320  ws2ifsl - ok
16:48:43.0383 6320  [ 1CA6C40261DDC0425987980D0CD2AAAB ] wscsvc          C:\Windows\System32\wscsvc.dll
16:48:43.0407 6320  wscsvc - ok
16:48:43.0409 6320  WSearch - ok
16:48:43.0475 6320  [ FC3EC24FCE372C89423E015A2AC1A31E ] wuauserv        C:\Windows\system32\wuaueng.dll
16:48:43.0557 6320  wuauserv - ok
16:48:43.0604 6320  [ AC13CB789D93412106B0FB6C7EB2BCB6 ] WUDFRd          C:\Windows\system32\DRIVERS\WUDFRd.sys
16:48:43.0635 6320  WUDFRd - ok
16:48:43.0677 6320  [ 575A4190D989F64732119E4114045A4F ] wudfsvc         C:\Windows\System32\WUDFSvc.dll
16:48:43.0704 6320  wudfsvc - ok
16:48:43.0709 6320  ================ Scan global ===============================
16:48:43.0767 6320  [ F31EEBC1A1C81FD04005489CC3DCDFE7 ] C:\Windows\system32\basesrv.dll
16:48:43.0848 6320  [ D2293B069E4B63DC17B2F08D45E71124 ] C:\Windows\system32\winsrv.dll
16:48:43.0911 6320  [ D2293B069E4B63DC17B2F08D45E71124 ] C:\Windows\system32\winsrv.dll
16:48:43.0956 6320  [ D4E6D91C1349B7BFB3599A6ADA56851B ] C:\Windows\system32\services.exe
16:48:43.0960 6320  [Global] - ok
16:48:43.0960 6320  ================ Scan MBR ==================================
16:48:43.0970 6320  [ 5C616939100B85E558DA92B899A0FC36 ] \Device\Harddisk0\DR0
16:48:44.0193 6320  \Device\Harddisk0\DR0 - ok
16:48:44.0698 6320  [ 5C616939100B85E558DA92B899A0FC36 ] \Device\Harddisk1\DR1
16:48:44.0768 6320  \Device\Harddisk1\DR1 - ok
16:48:44.0773 6320  [ 4C54042F5B2569C9DDCF173120D730F9 ] \Device\Harddisk2\DR2
16:48:45.0254 6320  \Device\Harddisk2\DR2 - ok
16:48:45.0257 6320  [ 5FB38429D5D77768867C76DCBDB35194 ] \Device\Harddisk3\DR3
16:48:45.0696 6320  \Device\Harddisk3\DR3 - ok
16:48:45.0701 6320  [ 5FB38429D5D77768867C76DCBDB35194 ] \Device\Harddisk7\DR7
16:48:46.0001 6320  \Device\Harddisk7\DR7 - ok
16:48:46.0001 6320  ================ Scan VBR ==================================
16:48:46.0015 6320  [ 00FE51FB04665998467DD841A0F91AA6 ] \Device\Harddisk0\DR0\Partition1
16:48:46.0016 6320  \Device\Harddisk0\DR0\Partition1 - ok
16:48:46.0022 6320  [ 8FFD48703247813319D7E8627F5AA7AC ] \Device\Harddisk0\DR0\Partition2
16:48:46.0023 6320  \Device\Harddisk0\DR0\Partition2 - ok
16:48:46.0025 6320  [ C2145BA030F4A2050396FE6E25E3D395 ] \Device\Harddisk1\DR1\Partition1
16:48:46.0026 6320  \Device\Harddisk1\DR1\Partition1 - ok
16:48:46.0045 6320  [ 354C6CF087204D414CB8CE98F9FDD041 ] \Device\Harddisk1\DR1\Partition2
16:48:46.0046 6320  \Device\Harddisk1\DR1\Partition2 - ok
16:48:46.0061 6320  [ 81726D43935D6F3C9450FBFA30FA015A ] \Device\Harddisk1\DR1\Partition3
16:48:46.0062 6320  \Device\Harddisk1\DR1\Partition3 - ok
16:48:46.0064 6320  [ 9F93C106FE13C4459EE092CF682D76F7 ] \Device\Harddisk2\DR2\Partition1
16:48:46.0066 6320  \Device\Harddisk2\DR2\Partition1 - ok
16:48:46.0068 6320  [ B2EBB3BA489B111223846B246BC9CCB6 ] \Device\Harddisk3\DR3\Partition1
16:48:46.0070 6320  \Device\Harddisk3\DR3\Partition1 - ok
16:48:46.0074 6320  [ 5BA2922A37A604B41C964CA63B32B008 ] \Device\Harddisk7\DR7\Partition1
16:48:46.0076 6320  \Device\Harddisk7\DR7\Partition1 - ok
16:48:46.0077 6320  ============================================================
16:48:46.0077 6320  Scan finished
16:48:46.0077 6320  ============================================================
16:48:46.0082 2152  Detected object count: 6
16:48:46.0082 2152  Actual detected object count: 6
16:49:32.0786 2152  bizVSerial ( UnsignedFile.Multi.Generic ) - skipped by user
16:49:32.0787 2152  bizVSerial ( UnsignedFile.Multi.Generic ) - User select action: Skip 
16:49:32.0787 2152  FirebirdServerMAGIXInstance ( UnsignedFile.Multi.Generic ) - skipped by user
16:49:32.0787 2152  FirebirdServerMAGIXInstance ( UnsignedFile.Multi.Generic ) - User select action: Skip 
16:49:32.0788 2152  hpqcxs08 ( UnsignedFile.Multi.Generic ) - skipped by user
16:49:32.0788 2152  hpqcxs08 ( UnsignedFile.Multi.Generic ) - User select action: Skip 
16:49:32.0788 2152  hpqddsvc ( UnsignedFile.Multi.Generic ) - skipped by user
16:49:32.0788 2152  hpqddsvc ( UnsignedFile.Multi.Generic ) - User select action: Skip 
16:49:32.0789 2152  Net Driver HPZ12 ( UnsignedFile.Multi.Generic ) - skipped by user
16:49:32.0789 2152  Net Driver HPZ12 ( UnsignedFile.Multi.Generic ) - User select action: Skip 
16:49:32.0790 2152  Pml Driver HPZ12 ( UnsignedFile.Multi.Generic ) - skipped by user
16:49:32.0790 2152  Pml Driver HPZ12 ( UnsignedFile.Multi.Generic ) - User select action: Skip 
16:51:15.0743 7216  Deinitialize success
         

Alt 23.09.2012, 15:54   #20
cosinus
/// Winkelfunktion
/// TB-Süch-Tiger™
 
Bundespolizei/BKA Trojaner 2.07 - nicht abzuschütteln - Standard

Bundespolizei/BKA Trojaner 2.07 - nicht abzuschütteln



Dann bitte jetzt CF ausführen:

ComboFix

Ein Leitfaden und Tutorium zur Nutzung von ComboFix
  • Schliesse alle Programme, vor allem dein Antivirenprogramm und andere Hintergrundwächter sowie deinen Internetbrowser.
  • Starte combofix.exe von deinem Desktop aus, bestätige die Warnmeldungen, führe die Updates durch (falls vorgeschlagen), installiere die Wiederherstellungskonsole (falls vorgeschlagen) und lass dein System durchsuchen.
    Vermeide es auch während Combofix läuft die Maus und Tastatur zu benutzen.
  • Im Anschluss öffnet sich automatisch eine combofix.txt, diesen Inhalt bitte kopieren ([Strg]a, [Strg]c) und in deinen Beitrag einfügen ([Strg]v). Die Datei findest du außerdem unter: C:\ComboFix.txt.
Wichtiger Hinweis:
Combofix darf ausschließlich ausgeführt werden, wenn ein Kompetenzler dies ausdrücklich empfohlen hat!

Es sollte nie auf eigene Initiative hin ausgeführt werden! Eine falsche Benutzung kann ernsthafte Computerprobleme nach sich ziehen und eine Bereinigung der Infektion noch erschweren.

Solltest du nach der Ausführung von Combofix Probleme beim Starten von Anwendungen haben und Meldungen erhalten wie

Zitat:
Es wurde versucht, einen Registrierungsschlüssel einem ungültigen Vorgang zu unterziehen, der zum Löschen markiert wurde.
startest du Windows dann manuell neu und die Fehlermeldungen sollten nicht mehr auftauchen.

__________________
Logfiles bitte immer in CODE-Tags posten

Alt 23.09.2012, 17:48   #21
oluehr
 
Bundespolizei/BKA Trojaner 2.07 - nicht abzuschütteln - Standard

Bundespolizei/BKA Trojaner 2.07 - nicht abzuschütteln



Combofix Logfile:
Code:
ATTFilter
ComboFix 12-09-23.02 - Mirja und Oliver 23.09.2012  17:34:50.1.2 - x86
Microsoft® Windows Vista™ Home Premium   6.0.6002.2.1252.49.1031.18.3325.1739 [GMT 2:00]
ausgeführt von:: c:\users\Mirja und Oliver\Desktop\ComboFix.exe
AV: G Data InternetSecurity 2013 *Disabled/Updated* {39B780B4-63C2-05B0-3B40-8F7A21E4F496}
FW: G Data Personal Firewall *Disabled* {018C0191-29AD-04E8-101F-264FDF37B3ED}
SP: G Data InternetSecurity 2013 *Disabled/Updated* {82D66150-45F8-0A3E-01F0-B4085A63BE2B}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
.
((((((((((((((((((((((((((((((((((((   Weitere Löschungen   ))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\programdata\0tbpw.pad
.
.
(((((((((((((((((((((((   Dateien erstellt von 2012-08-23 bis 2012-09-23  ))))))))))))))))))))))))))))))
.
.
2012-09-23 16:18 . 2012-09-23 16:18	--------	d-----w-	c:\users\Default\AppData\Local\temp
2012-09-22 14:16 . 2012-09-22 14:16	--------	d-----w-	c:\windows\Hewlett-Packard
2012-09-22 08:47 . 2012-09-22 08:47	--------	d-----w-	c:\programdata\WEBREG
2012-09-22 08:42 . 2012-09-22 08:42	--------	d-----w-	c:\programdata\HP Product Assistant
2012-09-22 08:41 . 2012-09-22 08:41	--------	d-----w-	c:\program files\Common Files\HP
2012-09-22 08:40 . 2008-10-28 10:49	321536	----a-w-	c:\windows\system32\Spool\prtprocs\w32x86\hpzpp696.dll
2012-09-22 08:38 . 2008-10-28 10:49	118272	----a-w-	c:\windows\system32\hpz3l696.dll
2012-09-22 08:37 . 2012-09-22 14:18	--------	d-----w-	c:\program files\HP
2012-09-22 08:36 . 2012-09-22 08:44	--------	d-----w-	c:\programdata\HP
2012-09-22 08:36 . 2008-10-30 22:23	271704	----a-w-	c:\windows\system32\hpzids01.dll
2012-09-22 08:36 . 2008-10-30 22:23	372736	----a-w-	c:\windows\system32\hppldcoi.dll
2012-09-22 08:36 . 2008-10-30 22:23	309760	----a-w-	c:\windows\system32\difxapi.dll
2012-09-21 20:07 . 2012-09-21 20:07	--------	d-----w-	c:\programdata\SlySoft
2012-09-21 20:07 . 2012-09-21 20:07	--------	d-----w-	c:\program files\SlySoft
2012-09-21 19:27 . 2012-09-21 19:27	--------	d-----w-	C:\_OTL
2012-09-20 18:18 . 2012-08-21 11:01	26840	----a-w-	c:\windows\system32\drivers\GEARAspiWDM.sys
2012-09-20 18:17 . 2012-09-20 18:17	--------	d-----w-	c:\program files\iPod
2012-09-20 18:17 . 2012-09-20 18:18	--------	d-----w-	c:\programdata\188F1432-103A-4ffb-80F1-36B633C5C9E1
2012-09-20 18:17 . 2012-09-20 18:18	--------	d-----w-	c:\program files\iTunes
2012-09-17 15:03 . 2012-09-17 15:03	--------	d-----w-	c:\program files\Mozilla Thunderbird
2012-09-14 20:51 . 2012-08-27 23:50	7022536	----a-w-	c:\programdata\Microsoft\Windows Defender\Definition Updates\{630259E1-B650-4F6F-830F-F6AB55059D6B}\mpengine.dll
2012-09-14 19:01 . 2012-09-14 19:01	--------	d-----w-	c:\program files\Mobipocket.com
2012-09-13 10:20 . 2012-09-13 10:20	159744	----a-w-	c:\program files\Internet Explorer\Plugins\npqtplugin7.dll
2012-09-13 10:20 . 2012-09-13 10:20	159744	----a-w-	c:\program files\Internet Explorer\Plugins\npqtplugin6.dll
2012-09-13 10:20 . 2012-09-13 10:20	159744	----a-w-	c:\program files\Internet Explorer\Plugins\npqtplugin5.dll
2012-09-13 10:20 . 2012-09-13 10:20	159744	----a-w-	c:\program files\Internet Explorer\Plugins\npqtplugin4.dll
2012-09-13 10:20 . 2012-09-13 10:20	159744	----a-w-	c:\program files\Internet Explorer\Plugins\npqtplugin3.dll
2012-09-13 10:20 . 2012-09-13 10:20	159744	----a-w-	c:\program files\Internet Explorer\Plugins\npqtplugin2.dll
2012-09-13 10:20 . 2012-09-13 10:20	159744	----a-w-	c:\program files\Internet Explorer\Plugins\npqtplugin.dll
2012-09-13 10:19 . 2012-09-13 10:20	--------	d-----w-	c:\program files\QuickTime
2012-09-12 14:17 . 2012-09-12 14:17	--------	d-----w-	c:\program files\7-Zip
2012-09-12 11:31 . 2012-09-12 11:38	--------	d-----w-	c:\program files\Common Files\Adobe
2012-09-12 10:54 . 2012-09-12 10:54	15600	----a-w-	c:\windows\system32\drivers\GdPhyMem.sys
2012-09-12 10:54 . 2012-09-12 10:54	30416	----a-w-	c:\windows\system32\drivers\GRD.sys
2012-09-12 06:50 . 2012-09-12 06:50	--------	d-----w-	c:\programdata\CyberLink
2012-09-12 06:50 . 2012-09-12 06:50	--------	d-----w-	c:\users\Public\CyberLink
2012-09-12 06:47 . 2012-09-12 06:47	--------	d-----w-	c:\program files\Common Files\Nikon
2012-09-12 06:45 . 2012-09-12 06:45	--------	d-----w-	c:\program files\CyberLink
2012-09-12 06:44 . 2012-09-12 06:44	--------	d-----w-	c:\programdata\install_clap
2012-09-11 03:15 . 2012-09-11 03:15	--------	d-----w-	c:\program files\StreamTransport
2012-09-11 03:15 . 2009-10-27 17:31	3982240	----a-w-	c:\windows\system32\Flash10d.ocx
2012-09-11 03:09 . 2012-09-11 03:10	--------	d-----w-	c:\program files\Common Files\DVDVideoSoft
2012-09-11 03:09 . 2012-09-11 03:10	--------	d-----w-	c:\program files\DVDVideoSoft
2012-09-11 02:59 . 2012-09-11 02:59	--------	d-----w-	c:\program files\Youtube Downloader HD
2012-09-11 02:51 . 2012-09-11 02:51	--------	d-----w-	c:\program files\Amazon
2012-09-07 11:40 . 2012-09-07 11:40	--------	d-----w-	c:\program files\VideoLAN
2012-09-06 20:58 . 2012-09-06 20:58	--------	d-----w-	c:\users\UpdatusUser
2012-09-06 20:56 . 2012-09-23 00:50	--------	d-----w-	c:\programdata\NVIDIA
2012-09-06 20:55 . 2012-05-15 09:28	645440	----a-w-	c:\windows\system32\nvvsvc.exe
2012-09-06 20:55 . 2012-05-15 09:28	62272	----a-w-	c:\windows\system32\nvshext.dll
2012-09-06 20:55 . 2012-05-15 09:28	2561344	----a-w-	c:\windows\system32\nvsvcr.dll
2012-09-06 20:55 . 2012-05-15 09:27	2759488	----a-w-	c:\windows\system32\nvsvc.dll
2012-09-06 20:55 . 2012-05-15 09:28	108352	----a-w-	c:\windows\system32\nvmctray.dll
2012-09-06 20:55 . 2012-05-15 09:28	3931456	----a-w-	c:\windows\system32\nvcpl.dll
2012-09-06 20:53 . 2012-05-15 10:26	61248	----a-w-	c:\windows\system32\OpenCL.dll
2012-09-06 20:44 . 2012-05-15 10:26	8105280	----a-w-	c:\windows\system32\nvwgf2um.dll
2012-09-06 20:44 . 2012-05-15 10:26	883008	----a-w-	c:\windows\system32\nvgenco32.dll
2012-09-06 20:44 . 2012-05-15 10:26	19607872	----a-w-	c:\windows\system32\nvoglv32.dll
2012-09-06 20:44 . 2012-05-15 10:26	11354944	----a-w-	c:\windows\system32\drivers\nvlddmkm.sys
2012-09-06 20:44 . 2012-05-15 10:26	2524992	----a-w-	c:\windows\system32\nvcuvid.dll
2012-09-06 20:44 . 2012-05-15 10:26	2445120	----a-w-	c:\windows\system32\nvcuvenc.dll
2012-09-06 20:44 . 2012-05-15 10:26	15322432	----a-w-	c:\windows\system32\nvd3dum.dll
2012-09-06 20:44 . 2012-05-15 10:26	1000768	----a-w-	c:\windows\system32\nvdispco32.dll
2012-09-06 20:44 . 2012-05-15 10:26	5982528	----a-w-	c:\windows\system32\nvcuda.dll
2012-09-06 20:44 . 2012-05-15 10:26	2368832	----a-w-	c:\windows\system32\nvapi.dll
2012-09-06 20:44 . 2012-05-15 10:26	17551680	----a-w-	c:\windows\system32\nvcompiler.dll
2012-09-06 20:42 . 2012-09-06 20:42	--------	d-----w-	C:\NVIDIA
2012-09-06 15:32 . 2012-09-06 15:32	--------	d-----w-	c:\program files\NewBlue
2012-09-06 15:29 . 2012-09-06 15:29	--------	d-----w-	c:\program files\proDAD
2012-09-06 12:29 . 2012-09-06 12:29	--------	d-----w-	c:\program files\MSXML 4.0
2012-09-06 10:04 . 2012-09-06 10:04	255352	----a-w-	c:\windows\system32\awrdscdc.ax
2012-09-06 10:04 . 2003-03-18 19:20	1060864	------w-	c:\windows\system32\mfc71.dll
2012-09-06 10:04 . 2003-03-18 18:14	499712	------w-	c:\windows\system32\msvcp71.dll
2012-09-06 10:04 . 2003-02-21 02:42	348160	------w-	c:\windows\system32\msvcr71.dll
2012-09-06 10:04 . 2001-08-17 20:43	24576	------w-	c:\windows\system32\msxml3a.dll
2012-09-06 10:03 . 2012-09-06 10:04	--------	d-----w-	c:\program files\Audible
2012-09-06 07:23 . 2012-09-06 12:33	--------	d-----w-	c:\program files\Common Files\MAGIX Services
2012-09-06 06:45 . 2011-12-13 08:35	31552	----a-w-	c:\windows\system32\TURegOpt.exe
2012-09-06 06:45 . 2011-12-13 08:29	21312	----a-w-	c:\windows\system32\authuitu.dll
2012-09-06 06:45 . 2011-12-13 08:29	29504	----a-w-	c:\windows\system32\uxtuneup.dll
2012-09-06 06:44 . 2012-09-06 06:48	--------	d-----w-	c:\program files\TuneUp Utilities 2011
2012-09-06 06:44 . 2012-09-06 06:48	--------	d-----w-	c:\programdata\TuneUp Software
2012-09-06 06:44 . 2012-09-06 06:44	--------	d-sh--w-	c:\programdata\{24036256-BFDB-4CD3-BE8A-A3D6160F2E16}
2012-09-06 06:13 . 2012-09-06 06:17	--------	d-----w-	c:\programdata\Buhl Data Service GmbH
2012-09-06 06:13 . 2012-09-23 09:45	--------	d-----w-	c:\program files\Buhl
2012-09-06 05:49 . 2012-09-06 05:52	--------	d-----w-	c:\programdata\Roxio
2012-09-06 05:45 . 2012-09-06 05:45	--------	d-----w-	c:\programdata\Fungusware
2012-09-06 05:40 . 2012-09-06 05:40	--------	d-----w-	c:\program files\Glorylogic
2012-09-06 05:37 . 2012-09-06 05:37	--------	d-----w-	c:\program files\XnConvert
2012-09-06 04:50 . 2012-09-06 04:50	--------	d-----w-	c:\windows\de
2012-09-06 04:46 . 2012-09-06 04:46	--------	d-----w-	c:\program files\Microsoft SQL Server Compact Edition
2012-09-06 04:42 . 2012-09-06 04:50	--------	d-----w-	c:\program files\Windows Live
2012-09-06 04:41 . 2009-09-04 15:44	69464	----a-w-	c:\windows\system32\XAPOFX1_3.dll
2012-09-06 04:41 . 2009-09-04 15:44	515416	----a-w-	c:\windows\system32\XAudio2_5.dll
2012-09-06 04:41 . 2009-09-04 15:29	453456	----a-w-	c:\windows\system32\d3dx10_42.dll
2012-09-06 04:41 . 2006-11-29 11:06	3426072	----a-w-	c:\windows\system32\d3dx9_32.dll
2012-09-06 04:40 . 2012-09-06 04:40	--------	d-----w-	c:\program files\Common Files\Windows Live
2012-09-06 04:39 . 2009-08-04 08:02	754688	----a-w-	c:\windows\system32\webservices.dll
2012-09-06 04:38 . 2012-09-06 04:38	--------	d-----w-	c:\program files\Microsoft Silverlight
2012-09-06 04:18 . 2012-09-06 04:18	--------	d-----w-	c:\program files\ipswDownloader
2012-09-06 04:12 . 2012-09-06 04:12	--------	d-----w-	c:\program files\CRIMSON COW
2012-09-05 21:21 . 2012-09-05 21:21	--------	d-----w-	c:\program files\Microsoft
2012-09-05 21:20 . 2012-09-06 08:59	--------	d-----w-	c:\program files\Common Files\MAGIX Shared
2012-09-05 21:18 . 2012-09-05 21:18	--------	d-----w-	c:\program files\Common Files\xara
2012-09-05 21:06 . 2012-09-18 15:43	--------	d-----w-	c:\programdata\MAGIX
2012-09-05 21:06 . 2012-09-06 15:38	--------	d-----w-	c:\program files\MAGIX
2012-09-05 21:06 . 2007-04-27 08:43	120200	----a-w-	c:\windows\system32\DLLDEV32i.dll
2012-09-05 21:05 . 2012-09-06 15:25	--------	d-----w-	c:\windows\system32\MAGIX
2012-09-05 21:05 . 2007-01-16 08:55	663552	----a-w-	c:\windows\system32\mgxoschk.dll
2012-09-05 20:48 . 2006-10-26 17:56	33104	----a-w-	c:\windows\system32\Spool\prtprocs\w32x86\msonpppr.dll
2012-09-05 20:48 . 2009-02-27 01:42	31640	----a-w-	c:\windows\system32\msonpmon.dll
2012-09-05 20:47 . 2012-09-05 21:15	--------	d-----w-	c:\program files\Microsoft Works
2012-09-05 20:46 . 2012-09-05 20:46	--------	d-----w-	c:\windows\PCHEALTH
2012-09-05 20:43 . 2012-09-06 15:31	--------	d-----w-	c:\programdata\Microsoft Help
2012-09-05 18:52 . 2012-09-05 18:52	--------	d-----w-	c:\program files\PhotomatixPro4
2012-09-05 18:42 . 2012-09-05 18:42	--------	d-----w-	c:\program files\Franzis
2012-09-02 04:42 . 2012-09-20 18:18	--------	dc----w-	c:\windows\system32\DRVSTORE
2012-09-02 04:42 . 2012-08-21 11:01	106928	----a-w-	c:\windows\system32\GEARAspi.dll
2012-09-02 04:41 . 2012-09-02 04:42	--------	d-----w-	c:\programdata\{429CAD59-35B1-4DBC-BB6D-1DB246563521}
2012-09-02 04:24 . 2009-11-09 07:48	61952	----a-w-	c:\windows\system32\cjtpl.cpl
2012-09-02 04:15 . 2005-04-03 21:02	753664	----a-w-	c:\program files\Common Files\InstallShield\Professional\RunTime\11\00\Intel32\iKernel.dll
2012-09-02 04:15 . 2005-04-03 21:02	69714	----a-w-	c:\program files\Common Files\InstallShield\Professional\RunTime\11\00\Intel32\ctor.dll
2012-09-02 04:15 . 2005-04-03 21:01	274432	----a-w-	c:\program files\Common Files\InstallShield\Professional\RunTime\11\00\Intel32\iscript.dll
2012-09-02 04:15 . 2005-04-03 21:00	184320	----a-w-	c:\program files\Common Files\InstallShield\Professional\RunTime\11\00\Intel32\iuser.dll
2012-09-02 04:15 . 2005-04-03 20:59	5632	----a-w-	c:\program files\Common Files\InstallShield\Professional\RunTime\11\00\Intel32\DotNetInstaller.exe
.
.
((((((((((((((((((((((((((((((((((((   Find3M Bericht   ))))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2012-09-06 04:42 . 2011-03-28 16:36	19720	----a-w-	c:\programdata\Microsoft\IdentityCRL\production\ppcrlconfig600.dll
2012-09-01 15:11 . 2012-09-01 15:11	4096	----a-w-	c:\windows\system32\drivers\de-DE\dxgkrnl.sys.mui
2012-08-31 05:15 . 2006-11-02 10:32	101888	----a-w-	c:\windows\system32\ifxcardm.dll
2012-08-31 05:15 . 2006-11-02 10:32	82432	----a-w-	c:\windows\system32\axaltocm.dll
2012-08-29 18:07 . 2012-08-29 18:07	45056	----a-w-	c:\windows\system32\drivers\de-DE\http.sys.mui
2012-08-29 05:08 . 2012-08-29 05:08	2560	----a-w-	c:\windows\apppatch\AcRes.dll
2012-07-10 09:43 . 2012-07-10 09:43	759176	----a-w-	c:\windows\system32\DLLAV32.dll
2012-07-10 09:43 . 2012-07-10 09:43	226696	----a-w-	c:\windows\system32\DLLDEV32.dll
2012-07-10 09:43 . 2012-07-10 09:43	157064	----a-w-	c:\windows\system32\DLLCPY32.dll
2012-07-10 09:43 . 2012-07-10 09:43	99720	----a-w-	c:\windows\system32\DLLIO32.dll
2012-07-10 09:43 . 2012-07-10 09:43	95624	----a-w-	c:\windows\system32\DLLPRF32.dll
2012-07-10 09:43 . 2012-07-10 09:43	83336	----a-w-	c:\windows\system32\DLLPNT32.dll
2012-07-10 09:43 . 2012-07-10 09:43	218504	----a-w-	c:\windows\system32\DLLDRV32.dll
2012-07-10 09:43 . 2012-07-10 09:43	71048	----a-w-	c:\windows\system32\STRING32.dll
2012-07-10 09:43 . 2012-07-10 09:43	304520	----a-w-	c:\windows\system32\DLLRES32.dll
2012-07-09 11:42 . 2012-07-09 11:42	4547984	----a-w-	c:\windows\system32\usbaaplrc.dll
2012-07-09 11:42 . 2012-07-09 11:42	44032	----a-w-	c:\windows\system32\drivers\usbaapl.sys
2012-06-27 02:14 . 2012-06-27 02:14	4472832	----a-w-	c:\windows\system32\GPhotos.scr
.
.
((((((((((((((((((((((((((((   Autostartpunkte der Registrierung   ))))))))))))))))))))))))))))))))))))))))
.
.
*Hinweis* leere Einträge & legitime Standardeinträge werden nicht angezeigt. 
REGEDIT4
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"DellSupportCenter"="c:\program files\Dell Support Center\bin\sprtcmd.exe" [2008-03-11 202544]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"RtHDVCpl"="RtHDVCpl.exe" [2007-05-11 4452352]
"APSDaemon"="c:\program files\Common Files\Apple\Apple Application Support\APSDaemon.exe" [2012-08-27 59280]
"G Data AntiVirus Tray Application"="c:\program files\G Data\InternetSecurity\AVKTray\AVKTray.exe" [2012-05-24 985624]
"GDFirewallTray"="c:\program files\G Data\InternetSecurity\Firewall\GDFirewallTray.exe" [2012-01-27 1470968]
"TrayServer"="c:\program files\MAGIX\Video_deluxe_17_Plus_Sonderedition\TrayServer.exe" [2008-08-07 90112]
"hpqSRMon"="c:\program files\HP\Digital Imaging\bin\hpqSRMon.exe" [2008-08-20 150016]
"HP Software Update"="c:\program files\HP\HP Software Update\HPWuSchd2.exe" [2011-05-10 49208]
.
c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
HP Digital Imaging Monitor.lnk - c:\program files\HP\Digital Imaging\bin\hpqtra08.exe [2008-10-16 214360]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"EnableUIADesktopToggle"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\GoToAssist]
2008-06-11 02:06	10536	----a-w-	c:\program files\Citrix\GoToAssist\514\g2awinlogon.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ECenter]
2008-02-29 04:18	17920	----a-w-	c:\dell\E-Center\EULALauncher.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run-]
"SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe"
"dscactivate"="c:\program files\Dell Support Center\gs_agent\custom\dsca.exe"
"iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe"
"Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
"QuickTime Task"="c:\program files\QuickTime\QTTask.exe" -atboottime
"HP Software Update"=c:\program files\HP\HP Software Update\HPWuSchd2.exe
.
S2 AdobeARMservice;Adobe Acrobat Update Service;c:\program files\Common Files\Adobe\ARM\1.0\armsvc.exe [x]
.
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
LocalServiceAndNoImpersonation	REG_MULTI_SZ   	FontCache
HPZ12	REG_MULTI_SZ   	Pml Driver HPZ12 Net Driver HPZ12
hpdevmgmt	REG_MULTI_SZ   	hpqcxs08 hpqddsvc
.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Svchost  - NetSvcs
UxTuneUp
.
.
------- Zusätzlicher Suchlauf -------
.
uStart Page = hxxp://www.google.de/ig/dell?hl=de&client=dell-row&channel=de&ibd=6080611
uInternet Settings,ProxyOverride = *.local
IE: Add to Google Photos Screensa&ver - c:\windows\system32\GPhotos.scr/200
IE: Nach Microsoft E&xel exportieren - c:\progra~1\MICROS~2\Office12\EXCEL.EXE/3000
TCP: DhcpNameServer = 192.168.178.1
.
.
**************************************************************************
.
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, hxxp://www.gmer.net
Rootkit scan 2012-09-23 18:18
Windows 6.0.6002 Service Pack 2 NTFS
.
Scanne versteckte Prozesse... 
.
Scanne versteckte Autostarteinträge... 
.
Scanne versteckte Dateien... 
.
.
c:\users\MIRJAU~1\AppData\Local\Temp\catchme.dll 53248 bytes executable
.
Scan erfolgreich abgeschlossen
versteckte Dateien: 1
.
**************************************************************************
.
--------------------- Gesperrte Registrierungsschluessel ---------------------
.
[HKEY_USERS\.Default\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.alb\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="FotoManagerDeluxe.9.alb"
.
[HKEY_USERS\S-1-5-21-2898215719-3729710147-144167696-1001\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.download\UserChoice]
@Denied: (2) (S-1-5-21-2898215719-3729710147-144167696-1001)
@Denied: (2) (LocalSystem)
"Progid"="SafariDownload"
.
[HKEY_USERS\S-1-5-21-2898215719-3729710147-144167696-1001\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.htm\UserChoice]
@Denied: (2) (S-1-5-21-2898215719-3729710147-144167696-1001)
@Denied: (2) (LocalSystem)
"Progid"="SafariHTML"
.
[HKEY_USERS\S-1-5-21-2898215719-3729710147-144167696-1001\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.html\UserChoice]
@Denied: (2) (S-1-5-21-2898215719-3729710147-144167696-1001)
@Denied: (2) (LocalSystem)
"Progid"="SafariHTML"
.
[HKEY_USERS\S-1-5-21-2898215719-3729710147-144167696-1001\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.safariextz\UserChoice]
@Denied: (2) (S-1-5-21-2898215719-3729710147-144167696-1001)
@Denied: (2) (LocalSystem)
"Progid"="SafariExtension"
.
[HKEY_USERS\S-1-5-21-2898215719-3729710147-144167696-1001\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.shtml\UserChoice]
@Denied: (2) (S-1-5-21-2898215719-3729710147-144167696-1001)
@Denied: (2) (LocalSystem)
"Progid"="SafariHTML"
.
[HKEY_USERS\S-1-5-21-2898215719-3729710147-144167696-1001\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.svg\UserChoice]
@Denied: (2) (S-1-5-21-2898215719-3729710147-144167696-1001)
@Denied: (2) (LocalSystem)
"Progid"="SafariHTML"
.
[HKEY_USERS\S-1-5-21-2898215719-3729710147-144167696-1001\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.webarchive\UserChoice]
@Denied: (2) (S-1-5-21-2898215719-3729710147-144167696-1001)
@Denied: (2) (LocalSystem)
"Progid"="SafariHTML"
.
[HKEY_USERS\S-1-5-21-2898215719-3729710147-144167696-1001\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.xht\UserChoice]
@Denied: (2) (S-1-5-21-2898215719-3729710147-144167696-1001)
@Denied: (2) (LocalSystem)
"Progid"="SafariHTML"
.
[HKEY_USERS\S-1-5-21-2898215719-3729710147-144167696-1001\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.xhtml\UserChoice]
@Denied: (2) (S-1-5-21-2898215719-3729710147-144167696-1001)
@Denied: (2) (LocalSystem)
"Progid"="SafariHTML"
.
[HKEY_USERS\S-1-5-21-2898215719-3729710147-144167696-1001\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.xml\UserChoice]
@Denied: (2) (S-1-5-21-2898215719-3729710147-144167696-1001)
@Denied: (2) (LocalSystem)
"Progid"="SafariHTML"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil32_11_4_402_278_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32]
@="c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil32_11_4_402_278_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="IFlashBroker5"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
Zeit der Fertigstellung: 2012-09-23  18:21:05
ComboFix-quarantined-files.txt  2012-09-23 16:21
.
Vor Suchlauf: 11 Verzeichnis(se), 371.154.554.880 Bytes frei
Nach Suchlauf: 16 Verzeichnis(se), 371.344.936.960 Bytes frei
.
- - End Of File - - 9028209FE3202F8C2C933AB2F816057E
         
--- --- ---

Alt 23.09.2012, 19:20   #22
cosinus
/// Winkelfunktion
/// TB-Süch-Tiger™
 
Bundespolizei/BKA Trojaner 2.07 - nicht abzuschütteln - Standard

Bundespolizei/BKA Trojaner 2.07 - nicht abzuschütteln



Bitte nun Logs mit GMER und OSAM erstellen und posten.
GMER stürzt häufiger ab, wenn das Tool auch beim 2. Mal nicht will, lass es einfach weg und führ nur OSAM aus - die Online-Abfrage durch OSAM bitte überspringen.
Bei OSAM bitte darauf auch achten, dass Du das Log auch als *.log und nicht *.html oder so abspeicherst.

Hinweis: Zum Entpacken von OSAM bitte WinRAR oder 7zip verwenden! Stell auch unbedingt den Virenscanner ab, besonders der Scanner von McAfee meldet oft einen Fehalarm in OSAM!

Downloade dir bitte aswMBR.exe und speichere die Datei auf deinem Desktop.
  • Starte die aswMBR.exe - (aswMBR.exe Anleitung)
    Ab Windows Vista (oder höher) bitte mit Rechtsklick "als Administrator ausführen" starten".
  • Das Tool wird dich fragen, ob Du mit der aktuellen Virendefinition von AVAST! dein System scannen willst. Beantworte diese Frage bitte mit Ja. (Sollte deine Firewall fragen, bitte den Zugriff auf das Internet zulassen )
    Der Download der Definitionen kann je nach Verbindung eine Weile dauern.
  • Klicke auf Scan.
  • Warte bitte bis Scan finished successfully im DOS-Fenster steht.
  • Drücke auf Save Log und speichere diese auf dem Desktop.
Poste mir die aswMBR.txt in deiner nächsten Antwort.

Wichtig: Drücke keinesfalls einen der Fix Buttons ohne Anweisung

Hinweis: Sollte der Scan Button ausgeblendet sein, schließe das Tool und starte es erneut. Sollte der Scan abbrechen und das Programm abstürzen, dann teile mir das mit und wähle unter AV Scan die Einstellung (none).



Noch ein Hinweis: Sollte aswMBR abstürzen und es kommt eine Meldung wie "aswMBR.exe funktioniert nicht mehr, dann mach Folgendes:
Starte aswMBR neu, wähle unten links im Drop-Down-Menü (unten links im Fenster von aswMBR) bei "AV scan" (none) aus und klick nochmal auf den Scan-Button.
__________________
Logfiles bitte immer in CODE-Tags posten

Alt 24.09.2012, 15:15   #23
oluehr
 
Bundespolizei/BKA Trojaner 2.07 - nicht abzuschütteln - Standard

Bundespolizei/BKA Trojaner 2.07 - nicht abzuschütteln



GMER Logfile:
Code:
ATTFilter
GMER 1.0.15.15641 - hxxp://www.gmer.net
Rootkit scan 2012-09-24 16:12:54
Windows 6.0.6002 Service Pack 2 Harddisk0\DR0 -> \Device\Ide\IdeDeviceP0T0L0-0 ST3500630AS rev.3.ADJ
Running: 0dockhvs.exe; Driver: C:\Users\MIRJAU~1\AppData\Local\Temp\aftyruow.sys


---- User IAT/EAT - GMER 1.0.15 ----

IAT             C:\Windows\Explorer.EXE[1820] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdiplusShutdown]                [745C7817] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6002.18581_none_9e591052ca1013d0\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT             C:\Windows\Explorer.EXE[1820] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipCloneImage]                 [7460B4E9] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6002.18581_none_9e591052ca1013d0\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT             C:\Windows\Explorer.EXE[1820] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipDrawImageRectI]             [745CBB22] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6002.18581_none_9e591052ca1013d0\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT             C:\Windows\Explorer.EXE[1820] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipSetInterpolationMode]       [745BF695] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6002.18581_none_9e591052ca1013d0\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT             C:\Windows\Explorer.EXE[1820] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdiplusStartup]                 [745C75E9] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6002.18581_none_9e591052ca1013d0\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT             C:\Windows\Explorer.EXE[1820] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipCreateFromHDC]              [745BE7CA] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6002.18581_none_9e591052ca1013d0\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT             C:\Windows\Explorer.EXE[1820] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipCreateBitmapFromStreamICM]  [745F73F5] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6002.18581_none_9e591052ca1013d0\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT             C:\Windows\Explorer.EXE[1820] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipCreateBitmapFromStream]     [745CDA60] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6002.18581_none_9e591052ca1013d0\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT             C:\Windows\Explorer.EXE[1820] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipGetImageHeight]             [745BFFFA] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6002.18581_none_9e591052ca1013d0\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT             C:\Windows\Explorer.EXE[1820] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipGetImageWidth]              [745BFF61] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6002.18581_none_9e591052ca1013d0\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT             C:\Windows\Explorer.EXE[1820] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipDisposeImage]               [745B71CF] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6002.18581_none_9e591052ca1013d0\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT             C:\Windows\Explorer.EXE[1820] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipLoadImageFromFileICM]       [7464CAE2] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6002.18581_none_9e591052ca1013d0\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT             C:\Windows\Explorer.EXE[1820] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipLoadImageFromFile]          [745EC8D8] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6002.18581_none_9e591052ca1013d0\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT             C:\Windows\Explorer.EXE[1820] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipDeleteGraphics]             [745BD968] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6002.18581_none_9e591052ca1013d0\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT             C:\Windows\Explorer.EXE[1820] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipFree]                       [745B6853] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6002.18581_none_9e591052ca1013d0\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT             C:\Windows\Explorer.EXE[1820] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipAlloc]                      [745B687E] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6002.18581_none_9e591052ca1013d0\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT             C:\Windows\Explorer.EXE[1820] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipSetCompositingMode]         [745C2AD1] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6002.18581_none_9e591052ca1013d0\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)

---- Devices - GMER 1.0.15 ----

AttachedDevice  \FileSystem\fastfat \Fat                                                                             fltmgr.sys (Microsoft Dateisystem-Filter-Manager/Microsoft Corporation)

---- EOF - GMER 1.0.15 ----
         
--- --- ---


OSAM Logfile:
Code:
ATTFilter
Report of OSAM: Autorun Manager v5.0.11926.0
hxxp://www.online-solutions.ru/en/
Saved at 16:19:45 on 24.09.2012

OS: Windows Vista Home Premium Edition Service Pack 2 (Build 6002), 32-bit
Default Browser: Apple Inc. Safari 5.1.7 (7534.57.2)

Scanner Settings
[x] Rootkits detection (hidden registry)
[x] Rootkits detection (hidden files)
[x] Retrieve files information
[x] Check Microsoft signatures

Filters
[ ] Trusted entries
[ ] Empty entries
[x] Hidden registry entries (rootkit activity)
[x] Exclusively opened files
[x] Not found files
[x] Files without detailed information
[x] Existing files
[ ] Non-startable services
[ ] Non-startable drivers
[x] Active entries
[x] Disabled entries


[Control Panel Objects]
-----( %SystemRoot%\system32 )-----
"cjtpl.cpl" - " REINER SCT" - C:\Windows\system32\cjtpl.cpl
"FlashPlayerCPLApp.cpl" - "Adobe Systems Incorporated" - C:\Windows\system32\FlashPlayerCPLApp.cpl
-----( HKLM\Software\Microsoft\Windows\CurrentVersion\Control Panel\Cpls )-----
"QuickTime" - "Apple Inc." - C:\Program Files\QuickTime\QTSystem\QuickTime.cpl

[Drivers]
-----( HKLM\SYSTEM\CurrentControlSet\Services )-----
"aftyruow" (aftyruow) - ? - C:\Users\MIRJAU~1\AppData\Local\Temp\aftyruow.sys  (Hidden registry entry, rootkit activity | File not found)
"AnyDVD" (AnyDVD) - "SlySoft, Inc." - C:\Windows\System32\Drivers\AnyDVD.sys
"catchme" (catchme) - ? - C:\Users\MIRJAU~1\AppData\Local\Temp\catchme.sys  (File not found)
"ElbyCDIO Driver" (ElbyCDIO) - "Elaborate Bytes AG" - C:\Windows\System32\Drivers\ElbyCDIO.sys
"Franson VSerial" (bizVSerial) - "franson.biz" - C:\Windows\System32\drivers\bizVSerialNT.sys
"G Data Rootkit Detector Driver" (GRD) - "G Data Software" - C:\Windows\system32\drivers\GRD.sys
"G Data WFP CD" (gdwfpcd) - "G Data Software AG" - C:\Windows\System32\drivers\gdwfpcd32.sys
"GDBehave" (GDBehave) - "G Data Software AG" - C:\Windows\System32\drivers\GDBehave.sys
"GDMnIcpt" (GDMnIcpt) - "G Data Software AG" - C:\Windows\system32\drivers\MiniIcpt.sys
"GDPkIcpt" (GDPkIcpt) - "G Data Software AG" - C:\Windows\system32\drivers\PktIcpt.sys
"HookCentre" (HookCentre) - "G Data Software AG" - C:\Windows\system32\drivers\HookCentre.sys
"IP in IP Tunnel Driver" (IpInIp) - ? - C:\Windows\System32\DRIVERS\ipinip.sys  (File not found)
"IPX Traffic Filter Driver" (NwlnkFlt) - ? - C:\Windows\System32\DRIVERS\nwlnkflt.sys  (File not found)
"IPX Traffic Forwarder Driver" (NwlnkFwd) - ? - C:\Windows\System32\DRIVERS\nwlnkfwd.sys  (File not found)
"MBAMProtector" (MBAMProtector) - "Malwarebytes Corporation" - C:\Windows\system32\drivers\mbam.sys
"PxHelp20" (PxHelp20) - "Sonic Solutions" - C:\Windows\System32\Drivers\PxHelp20.sys
"TuneUpUtilitiesDrv" (TuneUpUtilitiesDrv) - "TuneUp Software" - C:\Program Files\TuneUp Utilities 2011\TuneUpUtilitiesDriver32.sys

[Explorer]
-----( HKLM\Software\Classes\Folder\shellex\ColumnHandlers )-----
{16148659-720A-457d-850B-2DBD87BB129D} "AudibleShlExt Class" - "Audible, Inc." - C:\Program Files\Audible\Bin\AudibleExt.dll
{F9DB5320-233E-11D1-9F84-707F02C10627} "PDF Shell Extension" - "Adobe Systems, Inc." - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\PDFShell.dll
-----( HKLM\Software\Classes\Protocols\Filter )-----
{807563E5-5146-11D5-A672-00B0D022E945} "Microsoft Office InfoPath XML Mime Filter" - "Microsoft Corporation" - C:\PROGRA~1\COMMON~1\MICROS~1\OFFICE12\MSOXMLMF.DLL
-----( HKLM\Software\Classes\Protocols\Handler )-----
{E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} "Album Download IE Asynchronous Pluggable Protocol Interface" - "Microsoft Corporation" - C:\Program Files\Windows Live\Photo Gallery\AlbumDownloadProtocolHandler.dll
{314111c7-a502-11d2-bbca-00c04f8ec294} "HxProtocol Class" - "Microsoft Corporation" - C:\Program Files\Common Files\Microsoft Shared\Help\hxds.dll
{03C514A3-1EFB-4856-9F99-10D7BE1653C0} "Windows Live Mail HTML Asynchronous Pluggable Protocol Handler" - "Microsoft Corporation" - C:\Program Files\Windows Live\Mail\mailcomm.dll
-----( HKLM\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved )-----
{911051fa-c21c-4246-b470-070cd8df6dc4} ".cab or .zip files" - ? -   (File not found | COM-object registry key not found)
{23170F69-40C1-278A-1000-000100020000} "7-Zip Shell Extension" - "Igor Pavlov" - C:\Program Files\7-Zip\7-zip.dll
{1b24a030-9b20-49bc-97ac-1be4426f9e59} "ActiveDirectory Folder" - ? -   (File not found | COM-object registry key not found)
{34449847-FD14-4fc8-A75A-7432F5181EFB} "ActiveDirectory Folder" - ? -   (File not found | COM-object registry key not found)
{16148659-720A-457d-850B-2DBD87BB129D} "AudibleShlExt Class" - "Audible, Inc." - C:\Program Files\Audible\Bin\AudibleExt.dll
{EBDF1F20-C829-11D1-8233-0020AF3E97A9} "Auslogics Products Context Menu Shell Extension" - "Auslogics" - C:\PROGRA~1\AUSLOG~1\AUSLOG~1\AUSSHE~1.DLL
{0F8604A5-4ECE-4DE1-BA7D-CF10F8AA4F48} "Contacts folder" - ? -   (File not found | COM-object registry key not found)
{A70C977A-BF00-412C-90B7-034C51DA2439} "DesktopContext Class" - "NVIDIA Corporation" - C:\Program Files\NVIDIA Corporation\Display\nvui.dll
{2C2577C2-63A7-40e3-9B7F-586602617ECB} "Explorer Query Band" - ? -   (File not found | COM-object registry key not found)
{FAC3CBF6-8697-43d0-BAB9-DCD1FCE19D75} "IE User Assist" - ? -   (File not found | COM-object registry key not found)
{B9E1D2CB-CCFF-4AA6-9579-D7A4754030EF} "iTunes" - "Apple Inc." - C:\Program Files\iTunes\iTunesMiniPlayer.dll
{00020d75-0000-0000-c000-000000000046} "lnkfile" - ? -   (File not found | COM-object registry key not found)
{42042206-2D85-11D3-8CFF-005004838597} "Microsoft Office HTML Icon Handler" - "Microsoft Corporation" - C:\Program Files\Microsoft Office\Office12\msohevi.dll
{993BE281-6695-4BA5-8A2A-7AACBFAAB69E} "Microsoft Office Metadata Handler" - "Microsoft Corporation" - C:\PROGRA~1\COMMON~1\MICROS~1\OFFICE12\msoshext.dll
{5858A72C-C2B4-4dd7-B2BF-B76DB1BD9F6C} "Microsoft Office OneNote Namespace Extension for Windows Desktop Search" - "Microsoft Corporation" - C:\PROGRA~1\MICROS~2\Office12\ONFILTER.DLL
{C41662BB-1FA0-4CE0-8DC5-9B7F8279FF97} "Microsoft Office Thumbnail Handler" - "Microsoft Corporation" - C:\PROGRA~1\COMMON~1\MICROS~1\OFFICE12\msoshext.dll
{3D1975AF-48C6-4f8e-A182-BE0E08FA86A9} "NVIDIA CPL Context Menu Extension" - "NVIDIA Corporation" - C:\Windows\system32\nvshext.dll
{C8494E42-ACDD-4739-B0FB-217361E4894F} "Sam Account Folder" - ? -   (File not found | COM-object registry key not found)
{E29F9716-5C08-4FCD-955A-119FDB5A522D} "Sam Account Folder" - ? -   (File not found | COM-object registry key not found)
{4838CD50-7E5D-4811-9B17-C47A85539F28} "TuneUp Disk Space Explorer Shell Extension" - "TuneUp Software" - C:\Program Files\TuneUp Utilities 2011\DseShExt-x86.dll
{4858E7D9-8E12-45a3-B6A3-1CD128C9D403} "TuneUp Shredder Shell Extension" - "TuneUp Software" - C:\Program Files\TuneUp Utilities 2011\SDShelEx-win32.dll
{44440D00-FF19-4AFC-B765-9A0970567D97} "TuneUp Theme Extension" - "TuneUp Software" - C:\Windows\System32\uxtuneup.dll
{BDEADF00-C265-11D0-BCED-00A0C90AB50F} "Webordner" - "Microsoft Corporation" - C:\PROGRA~1\COMMON~1\MICROS~1\WEBFOL~1\MSONSEXT.DLL
{2BE99FD4-A181-4996-BFA9-58C5FFD11F6C} "Windows Live Photo Gallery Autoplay Drop Target" - "Microsoft Corporation" - C:\Program Files\Windows Live\Photo Gallery\WLXPhotoGallery.exe
{00F30F64-AC33-42F5-8FD1-5DC2D3FDE06C} "Windows Live Photo Gallery Editor Drop Target" - "Microsoft Corporation" - C:\Program Files\Windows Live\Photo Gallery\WLXPhotoGallery.exe
{00F3712A-CA79-45B4-9E4D-D7891E7F8B9D} "Windows Live Photo Gallery Editor Shim" - "Microsoft Corporation" - C:\Program Files\Windows Live\Photo Gallery\PhotoViewerShim.dll
{00F30F90-3E96-453B-AFCD-D71989ECC2C7} "Windows Live Photo Gallery Viewer Autoplay Shim" - "Microsoft Corporation" - C:\Program Files\Windows Live\Photo Gallery\PhotoViewerShim.dll
{00F33137-EE26-412F-8D71-F84E4C2C6625} "Windows Live Photo Gallery Viewer Autoplay Shim" - "Microsoft Corporation" - C:\Program Files\Windows Live\Photo Gallery\PhotoViewerShim.dll
{00F374B7-B390-4884-B372-2FC349F2172B} "Windows Live Photo Gallery Viewer Drop Target" - "Microsoft Corporation" - C:\Program Files\Windows Live\Photo Gallery\WLXPhotoGallery.exe
{00F346CB-35A4-465B-8B8F-65A29DBAB1F6} "Windows Live Photo Gallery Viewer Shim" - "Microsoft Corporation" - C:\Program Files\Windows Live\Photo Gallery\PhotoViewerShim.dll
{da67b8ad-e81b-4c70-9b91b417b5e33527} "Windows Search Shell Service" - ? -   (File not found | COM-object registry key not found)
{B41DB860-8EE4-11D2-9906-E49FADC173CA} "WinRAR" - "Alexander Roshal" - C:\Program Files\WinRAR\rarext.dll
{0563DB41-F538-4B37-A92D-4659049B7766} "WLMD Message Handler" - ? -   (File not found | COM-object registry key not found)
{06A2568A-CED6-4187-BB20-400B8C02BE5A} "{06A2568A-CED6-4187-BB20-400B8C02BE5A}" - "Microsoft Corporation" - C:\Program Files\Windows Live\Photo Gallery\WLXPhotoAcquireWizard.exe

[Internet Explorer]
-----( HKCU\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser )-----
ITBar7Height "ITBar7Height" - ? -   (File not found | COM-object registry key not found)
<binary data> "ITBar7Layout" - ? -   (File not found | COM-object registry key not found)
-----( HKLM\SOFTWARE\Microsoft\Code Store Database\Distribution Units )-----
{4F63D44B-6274-4D60-8AB1-CAA7116B8AF3} "A9Helper.A9" - ? - C:\Windows\Downloaded Program Files\A9.ocx / file:///C:/Users/Mirja%20und%20Oliver/Videos/Leipzig_Fotogalerie/components/A9.ocx
{22E5D91F-89E6-4405-AD9C-0AF27BA6F06B} "HidInputMonitorX Control" - "TODO: <Company name>" - C:\Windows\DOWNLO~1\HIDINP~1.OCX / file:///C:/Users/Mirja%20und%20Oliver/Videos/Leipzig_Fotogalerie/components/hidinputmonitorx.ocx
{CAFEEFAC-0016-0000-0000-ABCDEFFEDCBA} "Java Plug-in 1.6.0" - "Sun Microsystems, Inc." - C:\Program Files\Java\jre6\bin\jp2iexp.dll / hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0-windows-i586.cab
{8AD9C840-044E-11D1-B3E9-00805F499D93} "Java Plug-in 1.6.0_35" - "Sun Microsystems, Inc." - C:\Program Files\Java\jre6\bin\jp2iexp.dll / hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_35-windows-i586.cab
{CAFEEFAC-0016-0000-0035-ABCDEFFEDCBA} "Java Plug-in 1.6.0_35" - "Sun Microsystems, Inc." - C:\Program Files\Java\jre6\bin\jp2iexp.dll / hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_35-windows-i586.cab
{CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} "Java Plug-in 1.6.0_35" - "Sun Microsystems, Inc." - C:\Program Files\Java\jre6\bin\npjpi160_35.dll / hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_35-windows-i586.cab
{7030CC6C-1A88-4591-BB5A-651B9F7F0C30} "WMVHDRatingCtrl Class" - ? - C:\Windows\Downloaded Program Files\wmvhdrating.ocx / file:///C:/Users/Mirja%20und%20Oliver/Videos/Leipzig_Fotogalerie/components/wmvhdrating.ocx
{7530BFB8-7293-4D34-9923-61A11451AFC5} "{7530BFB8-7293-4D34-9923-61A11451AFC5}" - ? -   (File not found | COM-object registry key not found) / hxxp://download.eset.com/special/eos/OnlineScanner.cab
-----( HKLM\SOFTWARE\Microsoft\Internet Explorer\Extensions )-----
{5F7B1267-94A9-47F5-98DB-E99415F33AEC} "@C:\Program Files\Windows Live\Writer\WindowsLiveWriterShortcuts.dll,-1004" - "Microsoft Corporation" - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll
{48E73304-E1D6-4330-914C-F5F514E3486C} "An OneNote senden" - "Microsoft Corporation" - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
{DDE87865-83C5-48c4-8357-2F5B1AA84522} "HP Intelligente Auswahl" - "Hewlett-Packard Co." - C:\Program Files\HP\Digital Imaging\Smart Web Printing\hpswp_BHO.dll
{FF059E31-CC5A-4E2E-BF3B-96E929D65503} "Research" - "Microsoft Corporation" - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL
-----( HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects )-----
{18DF081C-E8AD-4283-A596-FA578C2EBDC3} "Adobe PDF Link Helper" - "Adobe Systems Incorporated" - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
{CA6319C0-31B7-401E-A518-A07C3DB8F777} "CBrowserHelperObject Object" - "Dell Inc." - C:\Program Files\Dell\BAE\BAE.dll
{BA3295CF-17ED-4F49-9E95-D999A0ADBFDC} "G Data BankGuard" - "G Data Software AG" - C:\Program Files\Common Files\G DATA\AVKProxy\BanksafeBHO.dll
{FFFFFFFF-CF4E-4F2B-BDC2-0E72E116A856} "HP Smart BHO Class" - "Hewlett-Packard Co." - C:\Program Files\HP\Digital Imaging\Smart Web Printing\hpswp_BHO.dll
{DBC80044-A445-435b-BC74-9C25C1C588A9} "Java(tm) Plug-In 2 SSV Helper" - "Sun Microsystems, Inc." - C:\Program Files\Java\jre6\bin\jp2ssv.dll
{761497BB-D6F0-462C-B6EB-D4DAF1D92D43} "Java(tm) Plug-In SSV Helper" - "Sun Microsystems, Inc." - C:\Program Files\Java\jre6\bin\ssv.dll
{9030D464-4C02-4ABF-8ECC-5164760863C6} "Windows Live ID Sign-in Helper" - "Microsoft Corp." - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll

[Logon]
-----( %APPDATA%\Microsoft\Windows\Start Menu\Programs\Startup )-----
"desktop.ini" - ? - C:\Users\Mirja und Oliver\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\desktop.ini
-----( %AllUsersProfile%\Microsoft\Windows\Start Menu\Programs\Startup )-----
"desktop.ini" - ? - C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\desktop.ini
"HP Digital Imaging Monitor.lnk" - "Hewlett-Packard Co." - C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe  (Shortcut exists | File exists)
-----( HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Run )-----
"DellSupportCenter" - "SupportSoft, Inc." - "C:\Program Files\Dell Support Center\bin\sprtcmd.exe" /P DellSupportCenter
-----( HKLM\SYSTEM\CurrentControlSet\Control\Terminal Server\Wds\rdpwd )-----
"StartupPrograms" - ? - rdpclip  (File not found)
-----( HKLM\Software\Microsoft\Windows\CurrentVersion\Run )-----
"APSDaemon" - "Apple Inc." - "C:\Program Files\Common Files\Apple\Apple Application Support\APSDaemon.exe"
"G Data AntiVirus Tray Application" - "G Data Software AG" - C:\Program Files\G Data\InternetSecurity\AVKTray\AVKTray.exe
"GDFirewallTray" - "G Data Software AG" - C:\Program Files\G Data\InternetSecurity\Firewall\GDFirewallTray.exe
"HP Software Update" - "Hewlett-Packard" - C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
"hpqSRMon" - "Hewlett-Packard" - C:\Program Files\HP\Digital Imaging\bin\hpqSRMon.exe
"TrayServer" - "MAGIX AG" - C:\Program Files\MAGIX\Video_deluxe_17_Plus_Sonderedition\TrayServer.exe

[Print Monitors]
-----( HKLM\SYSTEM\CurrentControlSet\Control\Print\Monitors )-----
"PCL Language Monitor" - "Hewlett-Packard Company" - C:\Windows\system32\hpz3l696.dll
"Send To Microsoft OneNote Monitor" - "Microsoft Corporation" - C:\Windows\system32\msonpmon.dll

[Services]
-----( HKLM\SYSTEM\CurrentControlSet\Services )-----
"@%SystemRoot%\System32\uxtuneup.dll,-4096" (UxTuneUp) - "TuneUp Software" - C:\Windows\System32\uxtuneup.dll
"@c:\Windows\Microsoft.NET\Framework\v4.0.30319\WPF\WPFFontCache_v0400.exe,-100" (WPFFontCache_v0400) - "Microsoft Corporation" - C:\Windows\Microsoft.NET\Framework\v4.0.30319\WPF\WPFFontCache_v0400.exe
"Adobe Acrobat Update Service" (AdobeARMservice) - "Adobe Systems Incorporated" - C:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe
"Apple Mobile Device" (Apple Mobile Device) - "Apple Inc." - C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
"cyberJack PC/SC COM Service " (cjpcsc) - "REINER SCT" - C:\Windows\system32\cjpcsc.exe
"Dienst "Bonjour"" (Bonjour Service) - "Apple Inc." - C:\Program Files\Bonjour\mDNSResponder.exe
"FABS - Helping agent for MAGIX media database" (Fabs) - "MAGIX AG" - C:\Program Files\Common Files\MAGIX Services\Database\bin\FABS.exe
"Firebird Server - MAGIX Instance" (FirebirdServerMAGIXInstance) - "MAGIX®" - C:\Program Files\Common Files\MAGIX Services\Database\bin\fbserver.exe
"G Data AntiVirus Proxy" (AVKProxy) - "G Data Software AG" - C:\Program Files\Common Files\G Data\AVKProxy\AVKProxy.exe
"G Data Dateisystem Wächter" (AVKWCtl) - "G Data Software AG" - C:\Program Files\G Data\InternetSecurity\AVK\AVKWCtl.exe
"G Data Personal Firewall" (GDFwSvc) - "G Data Software AG" - C:\Program Files\G Data\InternetSecurity\Firewall\GDFwSvc.exe
"G Data Scanner" (GDScan) - "G Data Software AG" - C:\Program Files\Common Files\G Data\GDScan\GDScan.exe
"G Data Scheduler" (AVKService) - "G Data Software AG" - C:\Program Files\G Data\InternetSecurity\AVK\AVKService.exe
"Google Updater Service" (gusvc) - "Google" - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
"GoToAssist" (GoToAssist) - "Citrix Online, a division of Citrix Systems, Inc." - C:\Program Files\Citrix\GoToAssist\514\g2aservice.exe
"HP CUE DeviceDiscovery Service" (hpqddsvc) - "Hewlett-Packard Co." - C:\Program Files\HP\Digital Imaging\bin\hpqddsvc.dll
"hpqcxs08" (hpqcxs08) - "Hewlett-Packard Co." - C:\Program Files\HP\Digital Imaging\bin\hpqcxs08.dll
"iPod-Dienst" (iPod Service) - "Apple Inc." - C:\Program Files\iPod\bin\iPodService.exe
"Machine Debug Manager" (MDM) - "Microsoft Corporation" - C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
"MBAMScheduler" (MBAMScheduler) - "Malwarebytes Corporation" - C:\Program Files\Malwarebytes' Anti-Malware\mbamscheduler.exe
"MBAMService" (MBAMService) - "Malwarebytes Corporation" - C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe
"Microsoft .NET Framework NGEN v4.0.30319_X86" (clr_optimization_v4.0.30319_32) - "Microsoft Corporation" - C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe
"Microsoft Office Diagnostics Service" (odserv) - "Microsoft Corporation" - C:\Program Files\Common Files\Microsoft Shared\OFFICE12\ODSERV.EXE
"Net Driver HPZ12" (Net Driver HPZ12) - "Hewlett-Packard" - C:\Windows\system32\HPZinw12.dll
"NVIDIA Display Driver Service" (nvsvc) - "NVIDIA Corporation" - C:\Windows\system32\nvvsvc.exe
"NVIDIA Stereoscopic 3D Driver Service" (Stereo Service) - "NVIDIA Corporation" - C:\Program Files\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe
"NVIDIA Update Service Daemon" (nvUpdatusService) - "NVIDIA Corporation" - C:\Program Files\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe
"Office Source Engine" (ose) - "Microsoft Corporation" - C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE
"Pml Driver HPZ12" (Pml Driver HPZ12) - "Hewlett-Packard" - C:\Windows\system32\HPZipm12.dll
"stllssvr" (stllssvr) - "MicroVision Development, Inc." - C:\Program Files\Common Files\SureThing Shared\stllssvr.exe
"SupportSoft Sprocket Service (dellsupportcenter)" (sprtsvc_dellsupportcenter) - "SupportSoft, Inc." - C:\Program Files\Dell Support Center\bin\sprtsvc.exe
"TuneUp Utilities Service" (TuneUp.UtilitiesSvc) - "TuneUp Software" - C:\Program Files\TuneUp Utilities 2011\TuneUpUtilitiesService32.exe
"Windows Live ID Sign-in Assistant" (wlidsvc) - "Microsoft Corp." - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE

[Winlogon]
-----( HKCU\Control Panel\Desktop )-----
"SCRNSAVE.EXE" - "G Data Software AG" - C:\Windows\system32\GdScrSv.scr
-----( HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify )-----
"GoToAssist" - "Citrix Online, a division of Citrix Systems, Inc." - C:\Program Files\Citrix\GoToAssist\514\G2AWinLogon.dll

[Winsock Providers]
-----( HKLM\SYSTEM\CurrentControlSet\Services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries )-----
"mdnsNSP" - "Apple Inc." - C:\Program Files\Bonjour\mdnsNSP.dll

===[ Logfile end ]=========================================[ Logfile end ]===
         
--- --- ---

If You have questions or want to get some help, You can visit hxxp://forum.online-solutions.ru [/code]

Code:
ATTFilter
 aswMBR version 0.9.9.1665 Copyright(c) 2011 AVAST Software
Run date: 2012-09-24 17:25:13
-----------------------------
17:25:13.431    OS Version: Windows 6.0.6002 Service Pack 2
17:25:13.431    Number of processors: 2 586 0x1706
17:25:13.433    ComputerName: MIRJAUNDOLIV-PC  UserName: 
17:25:14.916    Initialize success
17:25:24.573    AVAST engine defs: 12092400
17:25:30.589    Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\Ide\IdeDeviceP0T0L0-0
17:25:30.595    Disk 0 Vendor: ST3500630AS 3.ADJ Size: 476940MB BusType: 3
17:25:30.606    Disk 1  \Device\Harddisk1\DR1 -> \Device\Ide\IdeDeviceP3T0L0-4
17:25:30.609    Disk 1 Vendor: WDC_WD6400AACS-00G8B1 05.04C05 Size: 610480MB BusType: 3
17:25:30.708    Disk 0 MBR read successfully
17:25:30.717    Disk 0 MBR scan
17:25:30.746    Disk 0 Windows VISTA default MBR code
17:25:30.759    Disk 0 Partition 1 00     DE Dell Utility Dell 8.0       62 MB offset 63
17:25:30.781    Disk 0 Partition 2 00     07    HPFS/NTFS NTFS        10240 MB offset 129024
17:25:30.796    Disk 0 Partition 3 80 (A) 07    HPFS/NTFS NTFS       466636 MB offset 21100544
17:25:30.826    Disk 0 scanning sectors +976771072
17:25:31.040    Disk 0 scanning C:\Windows\system32\drivers
17:26:09.737    Service scanning
17:26:31.152    Modules scanning
17:26:54.987    Disk 0 trace - called modules:
17:26:55.014    ntkrnlpa.exe CLASSPNP.SYS disk.sys acpi.sys hal.dll ataport.SYS pciide.sys PCIIDEX.SYS atapi.sys 
17:26:55.020    1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0x86307828]
17:26:55.027    3 CLASSPNP.SYS[8afa78b3] -> nt!IofCallDriver -> [0x858b0e48]
17:26:55.033    5 acpi.sys[806976bc] -> nt!IofCallDriver -> \Device\Ide\IdeDeviceP0T0L0-0[0x858d68a0]
17:26:55.771    AVAST engine scan C:\Windows
17:27:06.658    AVAST engine scan C:\Windows\system32
17:33:26.147    AVAST engine scan C:\Windows\system32\drivers
17:34:29.329    AVAST engine scan C:\Users\Mirja und Oliver
18:11:44.477    AVAST engine scan C:\ProgramData
18:25:44.529    Scan finished successfully
19:44:52.862    Disk 0 MBR has been saved successfully to "C:\Users\Mirja und Oliver\Desktop\MBR.dat"
19:44:52.868    The log file has been saved successfully to "C:\Users\Mirja und Oliver\Desktop\aswMBR.txt"
         

Alt 24.09.2012, 19:37   #24
cosinus
/// Winkelfunktion
/// TB-Süch-Tiger™
 
Bundespolizei/BKA Trojaner 2.07 - nicht abzuschütteln - Standard

Bundespolizei/BKA Trojaner 2.07 - nicht abzuschütteln



Sieht ok aus. Wir sollten fast durch sein. Mach bitte zur Kontrolle Vollscans mit Malwarebytes und SUPERAntiSpyware und poste die Logs.
Denk dran beide Tools zu updaten vor dem Scan!!
__________________
Logfiles bitte immer in CODE-Tags posten

Alt 25.09.2012, 21:02   #25
oluehr
 
Bundespolizei/BKA Trojaner 2.07 - nicht abzuschütteln - Standard

Bundespolizei/BKA Trojaner 2.07 - nicht abzuschütteln



Code:
ATTFilter
 
Windows Vista Service Pack 2 x86 NTFS
Internet Explorer 9.0.8112.16421
Mirja und Oliver :: MIRJAUNDOLIV-PC [Administrator]

Schutz: Aktiviert

25.09.2012 16:06:06
mbam-log-2012-09-25 (16-06-06).txt

Art des Suchlaufs: Vollständiger Suchlauf (C:\|D:\|E:\|F:\|G:\|L:\|M:\|)
Aktivierte Suchlaufeinstellungen: Speicher | Autostart | Registrierung | Dateisystem | Heuristiks/Extra | HeuristiKs/Shuriken | PUP | PUM
Deaktivierte Suchlaufeinstellungen: P2P
Durchsuchte Objekte: 659789
Laufzeit: 3 Stunde(n), 20 Minute(n), 50 Sekunde(n)

Infizierte Speicherprozesse: 0
(Keine bösartigen Objekte gefunden)

Infizierte Speichermodule: 0
(Keine bösartigen Objekte gefunden)

Infizierte Registrierungsschlüssel: 0
(Keine bösartigen Objekte gefunden)

Infizierte Registrierungswerte: 0
(Keine bösartigen Objekte gefunden)

Infizierte Dateiobjekte der Registrierung: 0
(Keine bösartigen Objekte gefunden)

Infizierte Verzeichnisse: 0
(Keine bösartigen Objekte gefunden)

Infizierte Dateien: 0
(Keine bösartigen Objekte gefunden)

(Ende)
         
Code:
ATTFilter
 SUPERAntiSpyware Scan Log
hxxp://www.superantispyware.com

Generated 09/25/2012 at 09:18 PM

Application Version : 5.5.1022

Core Rules Database Version : 9288
Trace Rules Database Version: 7100

Scan type       : Complete Scan
Total Scan Time : 01:47:42

Operating System Information
Windows Vista Home Premium 32-bit, Service Pack 2 (Build 6.00.6002)
UAC On - Administrator

Memory items scanned      : 676
Memory threats detected   : 0
Registry items scanned    : 37945
Registry threats detected : 0
File items scanned        : 54380
File threats detected     : 41

Adware.Tracking Cookie
	C:\Users\Mirja und Oliver\AppData\Roaming\Microsoft\Windows\Cookies\1PUA5YXY.txt [ /amazon-adsystem.com ]
	C:\Users\Mirja und Oliver\AppData\Roaming\Microsoft\Windows\Cookies\JYHSC7PO.txt [ /ad.yieldmanager.com ]
	C:\Users\Mirja und Oliver\AppData\Roaming\Microsoft\Windows\Cookies\ROZCT52A.txt [ /atdmt.com ]
	C:\Users\Mirja und Oliver\AppData\Roaming\Microsoft\Windows\Cookies\7CB9UK4X.txt [ /ads.creative-serving.com ]
	C:\Users\Mirja und Oliver\AppData\Roaming\Microsoft\Windows\Cookies\1J9V1I1X.txt [ /ads.pubmatic.com ]
	C:\Users\Mirja und Oliver\AppData\Roaming\Microsoft\Windows\Cookies\CR387SNM.txt [ /zanox-affiliate.de ]
	C:\Users\Mirja und Oliver\AppData\Roaming\Microsoft\Windows\Cookies\X520SRZ0.txt [ /adtech.de ]
	C:\Users\Mirja und Oliver\AppData\Roaming\Microsoft\Windows\Cookies\XYJTQJSU.txt [ /ad1.adfarm1.adition.com ]
	C:\Users\Mirja und Oliver\AppData\Roaming\Microsoft\Windows\Cookies\BO70CK2E.txt [ /zanox.com ]
	C:\Users\Mirja und Oliver\AppData\Roaming\Microsoft\Windows\Cookies\MT1K4JU3.txt [ /mediaplex.com ]
	C:\Users\Mirja und Oliver\AppData\Roaming\Microsoft\Windows\Cookies\WG0L3N80.txt [ /tomtailor.dyntracker.com ]
	C:\Users\Mirja und Oliver\AppData\Roaming\Microsoft\Windows\Cookies\ARE2JWQA.txt [ /doubleclick.net ]
	C:\Users\Mirja und Oliver\AppData\Roaming\Microsoft\Windows\Cookies\J8GL28UH.txt [ /invitemedia.com ]
	C:\Users\Mirja und Oliver\AppData\Roaming\Microsoft\Windows\Cookies\TRQFH0B1.txt [ /accounts.google.com ]
	C:\Users\Mirja und Oliver\AppData\Roaming\Microsoft\Windows\Cookies\TF30SE8E.txt [ /apmebf.com ]
	C:\Users\Mirja und Oliver\AppData\Roaming\Microsoft\Windows\Cookies\BO1EFBFO.txt [ /ad2.adfarm1.adition.com ]
	C:\Users\Mirja und Oliver\AppData\Roaming\Microsoft\Windows\Cookies\8HGT6T26.txt [ /revsci.net ]
	C:\Users\Mirja und Oliver\AppData\Roaming\Microsoft\Windows\Cookies\TYXLEFOY.txt [ /adfarm1.adition.com ]
	C:\Users\Mirja und Oliver\AppData\Roaming\Microsoft\Windows\Cookies\YMQWX5OV.txt [ /track.effiliation.com ]
	C:\Users\Mirja und Oliver\AppData\Roaming\Microsoft\Windows\Cookies\MJ5N3APR.txt [ /imrworldwide.com ]
	C:\Users\Mirja und Oliver\AppData\Roaming\Microsoft\Windows\Cookies\WOL1LPDD.txt [ /track.effiliation.com ]
	C:\Users\Mirja und Oliver\AppData\Roaming\Microsoft\Windows\Cookies\WCLE5VYZ.txt [ /serving-sys.com ]
	C:\USERS\MIRJA UND OLIVER\Cookies\1PUA5YXY.txt [ Cookie:mirja und oliver@amazon-adsystem.com/ ]
	C:\USERS\MIRJA UND OLIVER\Cookies\JYHSC7PO.txt [ Cookie:mirja und oliver@ad.yieldmanager.com/ ]
	C:\USERS\MIRJA UND OLIVER\Cookies\ROZCT52A.txt [ Cookie:mirja und oliver@atdmt.com/ ]
	C:\USERS\MIRJA UND OLIVER\Cookies\CR387SNM.txt [ Cookie:mirja und oliver@zanox-affiliate.de/ ]
	C:\USERS\MIRJA UND OLIVER\Cookies\X520SRZ0.txt [ Cookie:mirja und oliver@adtech.de/ ]
	C:\USERS\MIRJA UND OLIVER\Cookies\BO70CK2E.txt [ Cookie:mirja und oliver@zanox.com/ ]
	C:\USERS\MIRJA UND OLIVER\Cookies\MT1K4JU3.txt [ Cookie:mirja und oliver@mediaplex.com/ ]
	C:\USERS\MIRJA UND OLIVER\Cookies\WG0L3N80.txt [ Cookie:mirja und oliver@tomtailor.dyntracker.com/ ]
	C:\USERS\MIRJA UND OLIVER\Cookies\ARE2JWQA.txt [ Cookie:mirja und oliver@doubleclick.net/ ]
	C:\USERS\MIRJA UND OLIVER\Cookies\TRQFH0B1.txt [ Cookie:mirja und oliver@accounts.google.com/ ]
	C:\USERS\MIRJA UND OLIVER\Cookies\TF30SE8E.txt [ Cookie:mirja und oliver@apmebf.com/ ]
	C:\USERS\MIRJA UND OLIVER\Cookies\8HGT6T26.txt [ Cookie:mirja und oliver@revsci.net/ ]
	C:\USERS\MIRJA UND OLIVER\Cookies\TYXLEFOY.txt [ Cookie:mirja und oliver@adfarm1.adition.com/ ]
	C:\USERS\MIRJA UND OLIVER\Cookies\YMQWX5OV.txt [ Cookie:mirja und oliver@track.effiliation.com/ ]
	C:\USERS\MIRJA UND OLIVER\Cookies\MJ5N3APR.txt [ Cookie:mirja und oliver@imrworldwide.com/cgi-bin ]
	C:\USERS\MIRJA UND OLIVER\Cookies\WOL1LPDD.txt [ Cookie:mirja und oliver@track.effiliation.com/servlet/ ]
	C:\USERS\MIRJA UND OLIVER\Cookies\WCLE5VYZ.txt [ Cookie:mirja und oliver@serving-sys.com/ ]
	C:\WINDOWS\SYSTEM32\CONFIG\SYSTEMPROFILE\APPDATA\ROAMING\MICROSOFT\WINDOWS\COOKIES\MIRJA_UND_OLIVER@ATDMT[2].TXT [ /ATDMT ]
	C:\WINDOWS\SYSTEM32\CONFIG\SYSTEMPROFILE\APPDATA\ROAMING\MICROSOFT\WINDOWS\COOKIES\MIRJA_UND_OLIVER@BS.SERVING-SYS[1].TXT [ /BS.SERVING-SYS ]
         

Alt 26.09.2012, 13:23   #26
cosinus
/// Winkelfunktion
/// TB-Süch-Tiger™
 
Bundespolizei/BKA Trojaner 2.07 - nicht abzuschütteln - Standard

Bundespolizei/BKA Trojaner 2.07 - nicht abzuschütteln



Sieht ok aus, da wurden nur Cookies gefunden.
Cookies sind keine Schädlinge direkt, aber es besteht die Gefahr der missbräuchlichen Verwendung (eindeutige Wiedererkennung zB für gezielte Werbung o.ä. => HTTP-Cookie )


Wegen Cookies und anderer Dinge im Web: Um die Pest von vornherein zu blocken (also TrackingCookies, Werbebanner etc.) müsstest du dir mal sowas wie MVPS Hosts File anschauen => Blocking Unwanted Parasites with a Hosts File - sinnvollerweise solltest du alle 4 Wochen mal bei MVPS nachsehen, ob er eine neue Hosts Datei herausgebracht hat.

Ansonsten gibt es noch gute Cookiemanager, Erweiterungen für den Firefox zB wäre da CookieCuller http://filepony.de/download-cookie_culler/
Wenn du aber damit leben kannst, dich bei jeder Browsersession überall neu einzuloggen (zB Facebook, Ebay, GMX, oder auch Trojaner-Board) dann stell den Browser einfach so ein, dass einfach alles beim Beenden des Browser inkl. Cookies gelöscht wird.

Ich halte es so, dass ich zum "wilden Surfen" den Opera-Browser oder Chromium unter meinem Linux verwende. Mein Hauptbrowser (Firefox) speichert nur die Cookies von den Sites die ich auch will, alles andere lehne ich manuell ab (der FF fragt mich immer) - die anderen Browser nehmen alles an Cookies zwar an, aber spätestens beim nächsten Start von Opera oder Chromium sind keine Cookies mehr da.

Ist dein System nun wieder in Ordnung oder gibt's noch andere Funde oder Probleme?
__________________
Logfiles bitte immer in CODE-Tags posten

Antwort

Themen zu Bundespolizei/BKA Trojaner 2.07 - nicht abzuschütteln
analyse, anderes, antimalware, beseitigen, desktop, ebenfalls, einfach, entfernt, fehler, file, gekauft, hochfahren, kaspersky, komplett, malwarebytes, malwarebytes antimalware, neu, nichts, probleme, programm, rojaner gefunden, scan, scanner, sperrbildschirm, trojaner, version, virenscanner




Ähnliche Themen: Bundespolizei/BKA Trojaner 2.07 - nicht abzuschütteln


  1. Bundespolizei Trojaner, Abgesicherter Modus funktioniert nicht
    Plagegeister aller Art und deren Bekämpfung - 06.09.2013 (5)
  2. Win7: Bundespolizei-Trojaner, abgesicherter Modus funktioniert nicht.
    Plagegeister aller Art und deren Bekämpfung - 12.08.2013 (9)
  3. GVU-/Bundespolizei-Trojaner, abgesicherter Modus funktioniert nicht
    Plagegeister aller Art und deren Bekämpfung - 28.02.2013 (16)
  4. Bundespolizei-Trojaner: Abgesicherter Modus geht nicht mehr
    Log-Analyse und Auswertung - 05.12.2012 (8)
  5. Bundespolizei Trojaner / Betriebssystem fährt nicht hoch
    Plagegeister aller Art und deren Bekämpfung - 08.08.2012 (2)
  6. Bundespolizei Trojaner - Abgesicherter Modus funktioniert nicht
    Log-Analyse und Auswertung - 18.07.2012 (2)
  7. Bundespolizei Trojaner (XP) abgesicherter Modus funktioniert nicht
    Plagegeister aller Art und deren Bekämpfung - 13.04.2012 (5)
  8. Bundespolizei Trojaner, Eset und Malewarebytes nicht gefunden
    Log-Analyse und Auswertung - 03.04.2012 (3)
  9. bundespolizei trojaner, abgesicherter modus funktioniert nicht (win xp pro)
    Plagegeister aller Art und deren Bekämpfung - 29.03.2012 (7)
  10. Bundespolizei Trojaner, abgesicherter Modus nicht möglich
    Plagegeister aller Art und deren Bekämpfung - 29.03.2012 (1)
  11. Bundespolizei-Trojaner laesst sich nicht entfernen... Anleitungen funktionieren nicht
    Log-Analyse und Auswertung - 19.03.2012 (3)
  12. Bundespolizei Trojaner - Abgesicherter Modus nicht mehr möglich
    Log-Analyse und Auswertung - 08.01.2012 (30)
  13. BundesPOLIZEI-Trojaner - RescueCD findet ihn nicht, Abgesicherter Modus funktioniert nicht...
    Plagegeister aller Art und deren Bekämpfung - 28.12.2011 (8)
  14. bundespolizei trojaner komme nicht weiter
    Log-Analyse und Auswertung - 21.12.2011 (25)
  15. Bundespolizei Trojaner - Abgesicherter Modus funktioniert nicht
    Log-Analyse und Auswertung - 16.12.2011 (7)
  16. Bundespolizei Trojaner Win XP Professional, abgesichert nicht möglich
    Log-Analyse und Auswertung - 20.10.2011 (23)
  17. Trojaner Bundespolizei-abgesicherter Modus nicht möglich
    Plagegeister aller Art und deren Bekämpfung - 30.08.2011 (5)

Zum Thema Bundespolizei/BKA Trojaner 2.07 - nicht abzuschütteln - Bitte nun (im normalen Windows-Modus) dieses Tool von Kaspersky (TDSS-Killer) ausführen und das Log posten Anleitung und Downloadlink hier => http://www.trojaner-board.de/82358-t...entfernen.html Hinweis : Bitte den Virenscanner abstellen bevor du den - Bundespolizei/BKA Trojaner 2.07 - nicht abzuschütteln...
Archiv
Du betrachtest: Bundespolizei/BKA Trojaner 2.07 - nicht abzuschütteln auf Trojaner-Board

Search Engine Optimization by vBSEO ©2011, Crawlability, Inc.