Zurück   Trojaner-Board > Malware entfernen > Plagegeister aller Art und deren Bekämpfung
Polizeivirus auf Windows Vista Home Premium

Polizeivirus auf Windows Vista Home Premium


Plagegeister aller Art und deren Bekämpfung: Polizeivirus auf Windows Vista Home Premium

Windows 7 Wenn Du nicht sicher bist, ob Du dir Malware oder Trojaner eingefangen hast, erstelle hier ein Thema. Ein Experte wird sich mit weiteren Anweisungen melden und Dir helfen die Malware zu entfernen oder Unerwünschte Software zu deinstallieren bzw. zu löschen. Bitte schildere dein Problem so genau wie möglich. Sollte es ein Trojaner oder Viren Problem sein wird ein Experte Dir bei der Beseitigug der Infektion helfen.

Antwort
Seite 2 von 3 1 2 3
Alt 02.10.2012, 20:38   #16
cosinus
/// Winkelfunktion
/// TB-Süch-Tiger™
 
Polizeivirus auf Windows Vista Home Premium - Standard

Polizeivirus auf Windows Vista Home Premium


Mach einen OTL-Fix, beende alle evtl. geöffneten Programme, auch Virenscanner deaktivieren (!), starte OTL und kopiere folgenden Text in die "Custom Scan/Fixes" Box (unten in OTL): (das ":OTL" muss mitkopiert werden!!!)

Code:
ATTFilter
:OTL
FF - user.js - File not found
O4 - HKLM..\Run: []  File not found
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2007.07.19 15:51:35 | 000,000,074 | ---- | M] () - C:\autoexec.bat -- [ NTFS ]
O33 - MountPoints2\{802e998a-89f3-11df-ab07-90e6ba03f72d}\Shell\AutoRun\command - "" = J:\
O33 - MountPoints2\{802e998a-89f3-11df-ab07-90e6ba03f72d}\Shell\open\Command - "" = rundll32.exe .\\icavpi.dll,InstallM
O33 - MountPoints2\{85e88f2b-8fa4-11dd-bf09-001bfce07dbf}\Shell - "" = AutoRun
O33 - MountPoints2\{85e88f2b-8fa4-11dd-bf09-001bfce07dbf}\Shell\AutoRun\command - "" = J:\LaunchU3.exe -a
O33 - MountPoints2\K\Shell - "" = AutoRun
O33 - MountPoints2\K\Shell\AutoRun\command - "" = K:\LaunchU3.exe -a
:Files
C:\ProgramData\*.pad
ipconfig /flushdns /c
:Commands
[purity]
[emptytemp]
[resethosts]
Klick dann oben links auf den Button Fix!
Das Logfile müsste geöffnet werden, wenn Du nach dem Fixen auf ok klickst, poste das bitte. Evtl. wird der Rechner neu gestartet.

Die mit diesem Script gefixten Einträge, Dateien und Ordner werden zur Sicherheit nicht vollständig gelöscht, es wird eine Sicherheitskopie auf der Systempartition im Ordner "_OTL" erstellt.

Hinweis: Das obige Script ist nur für diesen einen User in dieser Situtation erstellt worden. Es ist auf keinen anderen Rechner portierbar und darf nicht anderweitig verwandt werden, da es das System nachhaltig schädigen kann!
__________________
Logfiles bitte immer in CODE-Tags posten

Alt 03.10.2012, 20:07   #17
rene07
 
Polizeivirus auf Windows Vista Home Premium - Standard

Polizeivirus auf Windows Vista Home Premium


Ok, hier der Log:

Code:
ATTFilter
All processes killed
========== OTL ==========
Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run\\ deleted successfully.
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Cdrom\\AutoRun|DWORD:1 /E : value set successfully!
C:\autoexec.bat moved successfully.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{802e998a-89f3-11df-ab07-90e6ba03f72d}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{802e998a-89f3-11df-ab07-90e6ba03f72d}\ not found.
File J:\ not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{802e998a-89f3-11df-ab07-90e6ba03f72d}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{802e998a-89f3-11df-ab07-90e6ba03f72d}\ not found.
File rundll32.exe .\\icavpi.dll,InstallM not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{85e88f2b-8fa4-11dd-bf09-001bfce07dbf}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{85e88f2b-8fa4-11dd-bf09-001bfce07dbf}\ not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{85e88f2b-8fa4-11dd-bf09-001bfce07dbf}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{85e88f2b-8fa4-11dd-bf09-001bfce07dbf}\ not found.
File J:\LaunchU3.exe -a not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\K\ deleted successfully.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\K\ not found.
File K:\LaunchU3.exe -a not found.
========== FILES ==========
C:\ProgramData\nud0repor.pad moved successfully.
< ipconfig /flushdns /c >
Windows-IP-Konfiguration
Der DNS-Aufl”sungscache wurde geleert.
C:\Users\Anja\Desktop\cmd.bat deleted successfully.
C:\Users\Anja\Desktop\cmd.txt deleted successfully.
========== COMMANDS ==========
 
[EMPTYTEMP]
 
User: All Users
 
User: Anja
->Temp folder emptied: 643660444 bytes
->Temporary Internet Files folder emptied: 2936018024 bytes
->Java cache emptied: 1446920 bytes
->Google Chrome cache emptied: 66630458 bytes
->Flash cache emptied: 192270 bytes
 
User: Default
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 33170 bytes
 
User: Default User
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
 
User: Public
 
%systemdrive% .tmp files removed: 0 bytes
%systemroot% .tmp files removed: 0 bytes
%systemroot%\System32 .tmp files removed: 0 bytes
%systemroot%\System32\drivers .tmp files removed: 0 bytes
Windows Temp folder emptied: 1049349396 bytes
RecycleBin emptied: 0 bytes
 
Total Files Cleaned = 4.480,00 mb
 
C:\Windows\System32\drivers\etc\Hosts moved successfully.
HOSTS file reset successfully
 
OTL by OldTimer - Version 3.2.70.1 log created on 10032012_201227

Files\Folders moved on Reboot...

PendingFileRenameOperations files...

Registry entries deleted on Reboot...
__________________
Alt 03.10.2012, 21:09   #18
cosinus
/// Winkelfunktion
/// TB-Süch-Tiger™
 
Polizeivirus auf Windows Vista Home Premium - Standard

Polizeivirus auf Windows Vista Home Premium


Bitte nun (im normalen Windows-Modus) dieses Tool von Kaspersky (TDSS-Killer) ausführen und das Log posten Anleitung und Downloadlink hier => http://www.trojaner-board.de/82358-t...entfernen.html

Hinweis: Bitte den Virenscanner abstellen bevor du den TDSS-Killer ausführst, denn v.a. Avira meldet im TDSS-Tool oft einen Fehalalrm!

Das Tool so einstellen wie unten im Bild angegeben - klick auf change parameters und setze die Haken wie im folgenden Screenshot abgebildet,
Dann auf Start Scan klicken und wenn es durch ist auf den Button Report klicken um das Log anzuzeigen. Dieses bitte komplett posten.

Wenn du das Log nicht findest oder den Inhalt kopieren und in dein Posting übertragen kannst, dann schau bitte direkt auf deiner Windows-Systempartition ( meistens Laufwerk C: ) nach, da speichert der TDSS-Killer seine Logs.

Hinweis: Bitte nichts voreilig mit dem TDSS-Killer löschen! Falls Objekte vom TDSS-Killer bemängelt werden, alle mit der Aktion "skip" behandeln und hier nur das Log posten!

__________________
__________________
Alt 07.10.2012, 11:19   #19
rene07
 
Polizeivirus auf Windows Vista Home Premium - Standard

Polizeivirus auf Windows Vista Home Premium


Hier der Log:

Code:
ATTFilter
12:17:03.0216 4236  TDSS rootkit removing tool 2.8.10.0 Sep 17 2012 19:23:24
12:17:03.0481 4236  ============================================================
12:17:03.0481 4236  Current date / time: 2012/10/07 12:17:03.0481
12:17:03.0481 4236  SystemInfo:
12:17:03.0481 4236  
12:17:03.0481 4236  OS Version: 6.0.6002 ServicePack: 2.0
12:17:03.0481 4236  Product type: Workstation
12:17:03.0481 4236  ComputerName: ANJA-PC
12:17:03.0481 4236  UserName: Anja
12:17:03.0481 4236  Windows directory: C:\Windows
12:17:03.0481 4236  System windows directory: C:\Windows
12:17:03.0481 4236  Processor architecture: Intel x86
12:17:03.0481 4236  Number of processors: 2
12:17:03.0481 4236  Page size: 0x1000
12:17:03.0481 4236  Boot type: Normal boot
12:17:03.0481 4236  ============================================================
12:17:04.0760 4236  Drive \Device\Harddisk0\DR0 - Size: 0x4A85D56000 (298.09 Gb), SectorSize: 0x200, Cylinders: 0xA181, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xF0, Type 'K0', Flags 0x00000050
12:17:04.0792 4236  ============================================================
12:17:04.0792 4236  \Device\Harddisk0\DR0:
12:17:04.0792 4236  MBR partitions:
12:17:04.0792 4236  \Device\Harddisk0\DR0\Partition1: MBR, Type 0x7, StartLBA 0x3F, BlocksNum 0x24441DD1
12:17:04.0792 4236  \Device\Harddisk0\DR0\Partition2: MBR, Type 0x7, StartLBA 0x24441E10, BlocksNum 0xFEB500
12:17:04.0792 4236  ============================================================
12:17:04.0807 4236  C: <-> \Device\Harddisk0\DR0\Partition1
12:17:05.0010 4236  D: <-> \Device\Harddisk0\DR0\Partition2
12:17:05.0010 4236  ============================================================
12:17:05.0010 4236  Initialize success
12:17:05.0010 4236  ============================================================
12:17:17.0162 4364  ============================================================
12:17:17.0162 4364  Scan started
12:17:17.0162 4364  Mode: Manual; SigCheck; TDLFS; 
12:17:17.0162 4364  ============================================================
12:17:19.0424 4364  ================ Scan system memory ========================
12:17:19.0424 4364  System memory - ok
12:17:19.0424 4364  ================ Scan services =============================
12:17:20.0610 4364  [ 82B296AE1892FE3DBEE00C9CF92F8AC7 ] ACPI            C:\Windows\system32\drivers\acpi.sys
12:17:20.0782 4364  ACPI - ok
12:17:20.0891 4364  [ 2EDC5BBAC6C651ECE337BDE8ED97C9FB ] adp94xx         C:\Windows\system32\drivers\adp94xx.sys
12:17:21.0031 4364  adp94xx - ok
12:17:21.0047 4364  [ B84088CA3CDCA97DA44A984C6CE1CCAD ] adpahci         C:\Windows\system32\drivers\adpahci.sys
12:17:21.0078 4364  adpahci - ok
12:17:21.0140 4364  [ 7880C67BCCC27C86FD05AA2AFB5EA469 ] adpu160m        C:\Windows\system32\drivers\adpu160m.sys
12:17:21.0187 4364  adpu160m - ok
12:17:21.0218 4364  [ 9AE713F8E30EFC2ABCCD84904333DF4D ] adpu320         C:\Windows\system32\drivers\adpu320.sys
12:17:21.0234 4364  adpu320 - ok
12:17:21.0265 4364  [ 9D1FDA9E086BA64E3C93C9DE32461BCF ] AeLookupSvc     C:\Windows\System32\aelupsvc.dll
12:17:21.0374 4364  AeLookupSvc - ok
12:17:21.0437 4364  [ 3911B972B55FEA0478476B2E777B29FA ] AFD             C:\Windows\system32\drivers\afd.sys
12:17:21.0499 4364  AFD - ok
12:17:21.0562 4364  [ EF23439CDD587F64C2C1B8825CEAD7D8 ] agp440          C:\Windows\system32\drivers\agp440.sys
12:17:21.0577 4364  agp440 - ok
12:17:21.0640 4364  [ AE1FDF7BF7BB6C6A70F67699D880592A ] aic78xx         C:\Windows\system32\drivers\djsvs.sys
12:17:21.0655 4364  aic78xx - ok
12:17:21.0686 4364  [ A1545B731579895D8CC44FC0481C1192 ] ALG             C:\Windows\System32\alg.exe
12:17:21.0796 4364  ALG - ok
12:17:21.0827 4364  [ 90395B64600EBB4552E26E178C94B2E4 ] aliide          C:\Windows\system32\drivers\aliide.sys
12:17:21.0842 4364  aliide - ok
12:17:21.0920 4364  [ 3927CD2638CE67535A592417433A80B8 ] AMD External Events Utility C:\Windows\system32\atiesrxx.exe
12:17:21.0998 4364  AMD External Events Utility - ok
12:17:22.0045 4364  [ 2B13E304C9DFDFA5EB582F6A149FA2C7 ] amdagp          C:\Windows\system32\drivers\amdagp.sys
12:17:22.0061 4364  amdagp - ok
12:17:22.0108 4364  [ 0577DF1D323FE75A739C787893D300EA ] amdide          C:\Windows\system32\drivers\amdide.sys
12:17:22.0108 4364  amdide - ok
12:17:22.0139 4364  [ DC487885BCEF9F28EECE6FAC0E5DDFC5 ] AmdK7           C:\Windows\system32\drivers\amdk7.sys
12:17:22.0310 4364  AmdK7 - ok
12:17:22.0357 4364  [ 93AE7F7DD54AB986A6F1A1B37BE7442D ] AmdK8           C:\Windows\system32\DRIVERS\amdk8.sys
12:17:22.0451 4364  AmdK8 - ok
12:17:22.0498 4364  [ C6D704C7F0434DC791AAC37CAC4B6E14 ] Appinfo         C:\Windows\System32\appinfo.dll
12:17:22.0544 4364  Appinfo - ok
12:17:22.0591 4364  [ 5F673180268BB1FDB69C99B6619FE379 ] arc             C:\Windows\system32\drivers\arc.sys
12:17:22.0607 4364  arc - ok
12:17:22.0638 4364  [ 957F7540B5E7F602E44648C7DE5A1C05 ] arcsas          C:\Windows\system32\drivers\arcsas.sys
12:17:22.0654 4364  arcsas - ok
12:17:22.0700 4364  [ 53B202ABEE6455406254444303E87BE1 ] AsyncMac        C:\Windows\system32\DRIVERS\asyncmac.sys
12:17:22.0747 4364  AsyncMac - ok
12:17:22.0778 4364  [ 4F4FCB8B6EA06784FB6D475B7EC7300F ] atapi           C:\Windows\system32\drivers\atapi.sys
12:17:22.0778 4364  atapi - ok
12:17:23.0356 4364  [ 840F85A04744FF065881333295E7FA5D ] atikmdag        C:\Windows\system32\DRIVERS\atikmdag.sys
12:17:24.0338 4364  atikmdag - ok
12:17:24.0385 4364  [ 68E2A1A0407A66CF50DA0300852424AB ] AudioEndpointBuilder C:\Windows\System32\Audiosrv.dll
12:17:24.0448 4364  AudioEndpointBuilder - ok
12:17:24.0510 4364  [ 68E2A1A0407A66CF50DA0300852424AB ] Audiosrv        C:\Windows\System32\Audiosrv.dll
12:17:24.0557 4364  Audiosrv - ok
12:17:24.0713 4364  [ B5D974C1FD078A68C7536C561B031D39 ] Automatisches LiveUpdate - Scheduler C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
12:17:24.0869 4364  Automatisches LiveUpdate - Scheduler - ok
12:17:24.0916 4364  [ 67E506B75BD5326A3EC7B70BD014DFB6 ] Beep            C:\Windows\system32\drivers\Beep.sys
12:17:25.0009 4364  Beep - ok
12:17:25.0056 4364  [ C789AF0F724FDA5852FB9A7D3A432381 ] BFE             C:\Windows\System32\bfe.dll
12:17:25.0212 4364  BFE - ok
12:17:25.0337 4364  [ 93952506C6D67330367F7E7934B6A02F ] BITS            C:\Windows\System32\qmgr.dll
12:17:25.0633 4364  BITS - ok
12:17:25.0649 4364  blbdrive - ok
12:17:25.0727 4364  [ 35F376253F687BDE63976CCB3F2108CA ] bowser          C:\Windows\system32\DRIVERS\bowser.sys
12:17:25.0805 4364  bowser - ok
12:17:25.0883 4364  [ 9F9ACC7F7CCDE8A15C282D3F88B43309 ] BrFiltLo        C:\Windows\system32\drivers\brfiltlo.sys
12:17:25.0961 4364  BrFiltLo - ok
12:17:25.0992 4364  [ 56801AD62213A41F6497F96DEE83755A ] BrFiltUp        C:\Windows\system32\drivers\brfiltup.sys
12:17:26.0039 4364  BrFiltUp - ok
12:17:26.0070 4364  [ A3629A0C4226F9E9C72FAAEEBC3AD33C ] Browser         C:\Windows\System32\browser.dll
12:17:26.0148 4364  Browser - ok
12:17:26.0210 4364  [ B304E75CFF293029EDDF094246747113 ] Brserid         C:\Windows\system32\drivers\brserid.sys
12:17:26.0335 4364  Brserid - ok
12:17:26.0366 4364  [ 203F0B1E73ADADBBB7B7B1FABD901F6B ] BrSerWdm        C:\Windows\system32\drivers\brserwdm.sys
12:17:26.0460 4364  BrSerWdm - ok
12:17:26.0507 4364  [ BD456606156BA17E60A04E18016AE54B ] BrUsbMdm        C:\Windows\system32\drivers\brusbmdm.sys
12:17:26.0569 4364  BrUsbMdm - ok
12:17:26.0600 4364  [ AF72ED54503F717A43268B3CC5FAEC2E ] BrUsbSer        C:\Windows\system32\drivers\brusbser.sys
12:17:26.0678 4364  BrUsbSer - ok
12:17:26.0710 4364  [ AD07C1EC6665B8B35741AB91200C6B68 ] BTHMODEM        C:\Windows\system32\drivers\bthmodem.sys
12:17:26.0772 4364  BTHMODEM - ok
12:17:26.0819 4364  [ DA2DC84E2D14EC6DAC1132CAA286118D ] BVRPMPR5        C:\Windows\system32\drivers\BVRPMPR5.SYS
12:17:26.0834 4364  BVRPMPR5 ( UnsignedFile.Multi.Generic ) - warning
12:17:26.0834 4364  BVRPMPR5 - detected UnsignedFile.Multi.Generic (1)
12:17:26.0866 4364  [ 7ADD03E75BEB9E6DD102C3081D29840A ] cdfs            C:\Windows\system32\DRIVERS\cdfs.sys
12:17:26.0944 4364  cdfs - ok
12:17:26.0990 4364  [ 6B4BFFB9BECD728097024276430DB314 ] cdrom           C:\Windows\system32\DRIVERS\cdrom.sys
12:17:27.0022 4364  cdrom - ok
12:17:27.0053 4364  [ 312EC3E37A0A1F2006534913E37B4423 ] CertPropSvc     C:\Windows\System32\certprop.dll
12:17:27.0115 4364  CertPropSvc - ok
12:17:27.0162 4364  [ DA8E0AFC7BAA226C538EF53AC2F90897 ] circlass        C:\Windows\system32\drivers\circlass.sys
12:17:27.0240 4364  circlass - ok
12:17:27.0271 4364  [ D7659D3B5B92C31E84E53C1431F35132 ] CLFS            C:\Windows\system32\CLFS.sys
12:17:27.0287 4364  CLFS - ok
12:17:27.0505 4364  [ 8EE772032E2FE80A924F3B8DD5082194 ] clr_optimization_v2.0.50727_32 C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe
12:17:27.0536 4364  clr_optimization_v2.0.50727_32 - ok
12:17:27.0739 4364  [ C5A75EB48E2344ABDC162BDA79E16841 ] clr_optimization_v4.0.30319_32 C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe
12:17:27.0786 4364  clr_optimization_v4.0.30319_32 - ok
12:17:27.0833 4364  [ 45201046C776FFDAF3FC8A0029C581C8 ] cmdide          C:\Windows\system32\drivers\cmdide.sys
12:17:27.0848 4364  cmdide - ok
12:17:27.0880 4364  [ 82B8C91D327CFECF76CB58716F7D4997 ] Compbatt        C:\Windows\system32\drivers\compbatt.sys
12:17:27.0895 4364  Compbatt - ok
12:17:27.0895 4364  COMSysApp - ok
12:17:27.0926 4364  [ 2A213AE086BBEC5E937553C7D9A2B22C ] crcdisk         C:\Windows\system32\drivers\crcdisk.sys
12:17:27.0942 4364  crcdisk - ok
12:17:27.0989 4364  [ 22A7F883508176489F559EE745B5BF5D ] Crusoe          C:\Windows\system32\drivers\crusoe.sys
12:17:28.0082 4364  Crusoe - ok
12:17:28.0160 4364  [ 75C6A297E364014840B48ECCD7525E30 ] CryptSvc        C:\Windows\system32\cryptsvc.dll
12:17:28.0207 4364  CryptSvc - ok
12:17:28.0270 4364  [ 3B5B4D53FEC14F7476CA29A20CC31AC9 ] DcomLaunch      C:\Windows\system32\rpcss.dll
12:17:28.0441 4364  DcomLaunch - ok
12:17:28.0472 4364  [ 622C41A07CA7E6DD91770F50D532CB6C ] DfsC            C:\Windows\system32\Drivers\dfsc.sys
12:17:28.0519 4364  DfsC - ok
12:17:28.0909 4364  [ 2CC3DCFB533A1035B13DCAB6160AB38B ] DFSR            C:\Windows\system32\DFSR.exe
12:17:29.0346 4364  DFSR - ok
12:17:29.0393 4364  [ 9028559C132146FB75EB7ACF384B086A ] Dhcp            C:\Windows\System32\dhcpcsvc.dll
12:17:29.0455 4364  Dhcp - ok
12:17:29.0502 4364  [ 5D4AEFC3386920236A548271F8F1AF6A ] disk            C:\Windows\system32\drivers\disk.sys
12:17:29.0533 4364  disk - ok
12:17:29.0596 4364  [ 57D762F6F5974AF0DA2BE88A3349BAAA ] Dnscache        C:\Windows\System32\dnsrslvr.dll
12:17:29.0658 4364  Dnscache - ok
12:17:29.0736 4364  [ 324FD74686B1EF5E7C19A8AF49E748F6 ] dot3svc         C:\Windows\System32\dot3svc.dll
12:17:29.0798 4364  dot3svc - ok
12:17:29.0908 4364  [ 4F59C172C094E1A1D46463A8DC061CBD ] Dot4            C:\Windows\system32\DRIVERS\Dot4.sys
12:17:29.0986 4364  Dot4 - ok
12:17:30.0017 4364  [ 80BF3BA09F6F2523C8F6B7CC6DBF7BD5 ] Dot4Print       C:\Windows\system32\DRIVERS\Dot4Prt.sys
12:17:30.0095 4364  Dot4Print - ok
12:17:30.0126 4364  [ C55004CA6B419B6695970DFE849B122F ] dot4usb         C:\Windows\system32\DRIVERS\dot4usb.sys
12:17:30.0204 4364  dot4usb - ok
12:17:30.0251 4364  [ A622E888F8AA2F6B49E9BC466F0E5DEF ] DPS             C:\Windows\system32\dps.dll
12:17:30.0298 4364  DPS - ok
12:17:30.0329 4364  [ 97FEF831AB90BEE128C9AF390E243F80 ] drmkaud         C:\Windows\system32\drivers\drmkaud.sys
12:17:30.0376 4364  drmkaud - ok
12:17:30.0454 4364  [ C68AC676B0EF30CFBB1080ADCE49EB1F ] DXGKrnl         C:\Windows\System32\drivers\dxgkrnl.sys
12:17:30.0578 4364  DXGKrnl - ok
12:17:30.0610 4364  [ F88FB26547FD2CE6D0A5AF2985892C48 ] E1G60           C:\Windows\system32\DRIVERS\E1G60I32.sys
12:17:30.0719 4364  E1G60 - ok
12:17:30.0750 4364  [ C0B95E40D85CD807D614E264248A45B9 ] EapHost         C:\Windows\System32\eapsvc.dll
12:17:30.0781 4364  EapHost - ok
12:17:30.0812 4364  [ 7F64EA048DCFAC7ACF8B4D7B4E6FE371 ] Ecache          C:\Windows\system32\drivers\ecache.sys
12:17:30.0828 4364  Ecache - ok
12:17:30.0906 4364  [ 9BE3744D295A7701EB425332014F0797 ] ehRecvr         C:\Windows\ehome\ehRecvr.exe
12:17:30.0984 4364  ehRecvr - ok
12:17:31.0031 4364  [ AD1870C8E5D6DD340C829E6074BF3C3F ] ehSched         C:\Windows\ehome\ehsched.exe
12:17:31.0109 4364  ehSched - ok
12:17:31.0140 4364  [ C27C4EE8926E74AA72EFCAB24C5242C3 ] ehstart         C:\Windows\ehome\ehstart.dll
12:17:31.0234 4364  ehstart - ok
12:17:31.0280 4364  [ E8F3F21A71720C84BCF423B80028359F ] elxstor         C:\Windows\system32\drivers\elxstor.sys
12:17:31.0327 4364  elxstor - ok
12:17:31.0421 4364  [ 4E6B23DFC917EA39306B529B773950F4 ] EMDMgmt         C:\Windows\system32\emdmgmt.dll
12:17:31.0577 4364  EMDMgmt - ok
12:17:31.0639 4364  [ 67058C46504BC12D821F38CF99B7B28F ] EventSystem     C:\Windows\system32\es.dll
12:17:31.0686 4364  EventSystem - ok
12:17:31.0717 4364  [ 22B408651F9123527BCEE54B4F6C5CAE ] exfat           C:\Windows\system32\drivers\exfat.sys
12:17:31.0764 4364  exfat - ok
12:17:31.0842 4364  [ 1E9B9A70D332103C52995E957DC09EF8 ] fastfat         C:\Windows\system32\drivers\fastfat.sys
12:17:31.0889 4364  fastfat - ok
12:17:31.0936 4364  [ 63BDADA84951B9C03E641800E176898A ] fdc             C:\Windows\system32\DRIVERS\fdc.sys
12:17:32.0014 4364  fdc - ok
12:17:32.0045 4364  [ 6629B5F0E98151F4AFDD87567EA32BA3 ] fdPHost         C:\Windows\system32\fdPHost.dll
12:17:32.0092 4364  fdPHost - ok
12:17:32.0123 4364  [ 89ED56DCE8E47AF40892778A5BD31FD2 ] FDResPub        C:\Windows\system32\fdrespub.dll
12:17:32.0216 4364  FDResPub - ok
12:17:32.0232 4364  [ A8C0139A884861E3AAE9CFE73B208A9F ] FileInfo        C:\Windows\system32\drivers\fileinfo.sys
12:17:32.0248 4364  FileInfo - ok
12:17:32.0294 4364  [ 0AE429A696AECBC5970E3CF2C62635AE ] Filetrace       C:\Windows\system32\drivers\filetrace.sys
12:17:32.0326 4364  Filetrace - ok
12:17:32.0372 4364  [ 6603957EFF5EC62D25075EA8AC27DE68 ] flpydisk        C:\Windows\system32\DRIVERS\flpydisk.sys
12:17:32.0435 4364  flpydisk - ok
12:17:32.0482 4364  [ 01334F9EA68E6877C4EF05D3EA8ABB05 ] FltMgr          C:\Windows\system32\drivers\fltmgr.sys
12:17:32.0497 4364  FltMgr - ok
12:17:32.0622 4364  [ 8CE364388C8ECA59B14B539179276D44 ] FontCache       C:\Windows\system32\FntCache.dll
12:17:32.0856 4364  FontCache - ok
12:17:32.0965 4364  [ C7FBDD1ED42F82BFA35167A5C9803EA3 ] FontCache3.0.0.0 C:\Windows\Microsoft.Net\Framework\v3.0\WPF\PresentationFontCache.exe
12:17:32.0996 4364  FontCache3.0.0.0 - ok
12:17:33.0043 4364  [ B972A66758577E0BFD1DE0F91AAA27B5 ] Fs_Rec          C:\Windows\system32\drivers\Fs_Rec.sys
12:17:33.0090 4364  Fs_Rec - ok
12:17:33.0137 4364  [ 4E1CD0A45C50A8882616CAE5BF82F3C5 ] gagp30kx        C:\Windows\system32\drivers\gagp30kx.sys
12:17:33.0184 4364  gagp30kx - ok
12:17:33.0230 4364  [ CD5D0AEEE35DFD4E986A5AA1500A6E66 ] gpsvc           C:\Windows\System32\gpsvc.dll
12:17:33.0418 4364  gpsvc - ok
12:17:33.0496 4364  [ 8F0DE4FEF8201E306F9938B0905AC96A ] gupdate         C:\Program Files\Google\Update\GoogleUpdate.exe
12:17:33.0511 4364  gupdate - ok
12:17:33.0527 4364  [ 8F0DE4FEF8201E306F9938B0905AC96A ] gupdatem        C:\Program Files\Google\Update\GoogleUpdate.exe
12:17:33.0558 4364  gupdatem - ok
12:17:33.0620 4364  [ 5D4BC124FAAE6730AC002CDB67BF1A1C ] gusvc           C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
12:17:33.0652 4364  gusvc - ok
12:17:33.0714 4364  [ CB04C744BE0A61B1D648FAED182C3B59 ] HdAudAddService C:\Windows\system32\drivers\HdAudio.sys
12:17:33.0776 4364  HdAudAddService - ok
12:17:33.0854 4364  [ 062452B7FFD68C8C042A6261FE8DFF4A ] HDAudBus        C:\Windows\system32\DRIVERS\HDAudBus.sys
12:17:34.0057 4364  HDAudBus - ok
12:17:34.0088 4364  [ 1338520E78D90154ED6BE8F84DE5FCEB ] HidBth          C:\Windows\system32\drivers\hidbth.sys
12:17:34.0151 4364  HidBth - ok
12:17:34.0182 4364  [ FF3160C3A2445128C5A6D9B076DA519E ] HidIr           C:\Windows\system32\drivers\hidir.sys
12:17:34.0260 4364  HidIr - ok
12:17:34.0291 4364  [ 84067081F3318162797385E11A8F0582 ] hidserv         C:\Windows\system32\hidserv.dll
12:17:34.0322 4364  hidserv - ok
12:17:34.0338 4364  [ 3C64042B95E583B366BA4E5D2450235E ] HidUsb          C:\Windows\system32\drivers\hidusb.sys
12:17:34.0416 4364  HidUsb - ok
12:17:34.0478 4364  [ D8AD255B37DA92434C26E4876DB7D418 ] hkmsvc          C:\Windows\system32\kmsvc.dll
12:17:34.0556 4364  hkmsvc - ok
12:17:34.0572 4364  [ DF353B401001246853763C4B7AAA6F50 ] HpCISSs         C:\Windows\system32\drivers\hpcisss.sys
12:17:34.0588 4364  HpCISSs - ok
12:17:34.0744 4364  [ CC8A7D8A8DC9F357B57796583CF8B85F ] hpqcxs08        C:\Program Files\HP\Digital Imaging\bin\hpqcxs08.dll
12:17:34.0759 4364  hpqcxs08 ( UnsignedFile.Multi.Generic ) - warning
12:17:34.0759 4364  hpqcxs08 - detected UnsignedFile.Multi.Generic (1)
12:17:34.0806 4364  [ 4C2CA71CAAFD2CF1A673FC8DBFD219C4 ] hpqddsvc        C:\Program Files\HP\Digital Imaging\bin\hpqddsvc.dll
12:17:34.0822 4364  hpqddsvc ( UnsignedFile.Multi.Generic ) - warning
12:17:34.0822 4364  hpqddsvc - detected UnsignedFile.Multi.Generic (1)
12:17:34.0868 4364  [ F870AA3E254628EBEAFE754108D664DE ] HTTP            C:\Windows\system32\drivers\HTTP.sys
12:17:35.0024 4364  HTTP - ok
12:17:35.0087 4364  [ 324C2152FF2C61ABAE92D09F3CCA4D63 ] i2omp           C:\Windows\system32\drivers\i2omp.sys
12:17:35.0102 4364  i2omp - ok
12:17:35.0149 4364  [ 22D56C8184586B7A1F6FA60BE5F5A2BD ] i8042prt        C:\Windows\system32\DRIVERS\i8042prt.sys
12:17:35.0212 4364  i8042prt - ok
12:17:35.0258 4364  [ C957BF4B5D80B46C5017BF0101E6C906 ] iaStorV         C:\Windows\system32\drivers\iastorv.sys
12:17:35.0305 4364  iaStorV - ok
12:17:35.0383 4364  [ 6F95324909B502E2651442C1548AB12F ] IDriverT        c:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe
12:17:35.0414 4364  IDriverT ( UnsignedFile.Multi.Generic ) - warning
12:17:35.0414 4364  IDriverT - detected UnsignedFile.Multi.Generic (1)
12:17:35.0539 4364  [ 98477B08E61945F974ED9FDC4CB6BDAB ] idsvc           C:\Windows\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\infocard.exe
12:17:35.0851 4364  idsvc - ok
12:17:35.0882 4364  [ 2D077BF86E843F901D8DB709C95B49A5 ] iirsp           C:\Windows\system32\drivers\iirsp.sys
12:17:35.0898 4364  iirsp - ok
12:17:35.0992 4364  [ 9908D8A397B76CD8D31D0D383C5773C9 ] IKEEXT          C:\Windows\System32\ikeext.dll
12:17:36.0163 4364  IKEEXT - ok
12:17:36.0288 4364  [ 4A705BF2A6F7972F2F2AD8A0D8079F95 ] IntcAzAudAddService C:\Windows\system32\drivers\RTKVHDA.sys
12:17:36.0865 4364  IntcAzAudAddService - ok
12:17:36.0896 4364  [ 97469037714070E45194ED318D636401 ] intelide        C:\Windows\system32\drivers\intelide.sys
12:17:36.0912 4364  intelide - ok
12:17:36.0943 4364  [ CE44CC04262F28216DD4341E9E36A16F ] intelppm        C:\Windows\system32\DRIVERS\intelppm.sys
12:17:37.0006 4364  intelppm - ok
12:17:37.0052 4364  [ 9AC218C6E6105477484C6FDBE7D409A4 ] IPBusEnum       C:\Windows\system32\ipbusenum.dll
12:17:37.0115 4364  IPBusEnum - ok
12:17:37.0146 4364  [ 62C265C38769B864CB25B4BCF62DF6C3 ] IpFilterDriver  C:\Windows\system32\DRIVERS\ipfltdrv.sys
12:17:37.0193 4364  IpFilterDriver - ok
12:17:37.0224 4364  [ 1998BD97F950680BB55F55A7244679C2 ] iphlpsvc        C:\Windows\System32\iphlpsvc.dll
12:17:37.0255 4364  iphlpsvc - ok
12:17:37.0271 4364  IpInIp - ok
12:17:37.0318 4364  [ 40F34F8ABA2A015D780E4B09138B6C17 ] IPMIDRV         C:\Windows\system32\drivers\ipmidrv.sys
12:17:37.0380 4364  IPMIDRV - ok
12:17:37.0442 4364  [ 8793643A67B42CEC66490B2A0CF92D68 ] IPNAT           C:\Windows\system32\DRIVERS\ipnat.sys
12:17:37.0489 4364  IPNAT - ok
12:17:37.0536 4364  [ 109C0DFB82C3632FBD11949B73AEEAC9 ] IRENUM          C:\Windows\system32\drivers\irenum.sys
12:17:37.0583 4364  IRENUM - ok
12:17:37.0614 4364  [ 350FCA7E73CF65BCEF43FAE1E4E91293 ] isapnp          C:\Windows\system32\drivers\isapnp.sys
12:17:37.0630 4364  isapnp - ok
12:17:37.0676 4364  [ 232FA340531D940AAC623B121A595034 ] iScsiPrt        C:\Windows\system32\DRIVERS\msiscsi.sys
12:17:37.0692 4364  iScsiPrt - ok
12:17:37.0723 4364  [ BCED60D16156E428F8DF8CF27B0DF150 ] iteatapi        C:\Windows\system32\drivers\iteatapi.sys
12:17:37.0739 4364  iteatapi - ok
12:17:37.0754 4364  [ 06FA654504A498C30ADCA8BEC4E87E7E ] iteraid         C:\Windows\system32\drivers\iteraid.sys
12:17:37.0770 4364  iteraid - ok
12:17:37.0801 4364  [ 37605E0A8CF00CBBA538E753E4344C6E ] kbdclass        C:\Windows\system32\DRIVERS\kbdclass.sys
12:17:37.0832 4364  kbdclass - ok
12:17:37.0848 4364  [ D2600CB17B7408B4A83F231DC9A11AC3 ] kbdhid          C:\Windows\system32\drivers\kbdhid.sys
12:17:37.0926 4364  kbdhid - ok
12:17:37.0957 4364  [ A3E186B4B935905B829219502557314E ] KeyIso          C:\Windows\system32\lsass.exe
12:17:37.0988 4364  KeyIso - ok
12:17:38.0051 4364  [ 4A1445EFA932A3BAF5BDB02D7131EE20 ] KSecDD          C:\Windows\system32\Drivers\ksecdd.sys
12:17:38.0238 4364  KSecDD - ok
12:17:38.0347 4364  [ 8078F8F8F7A79E2E6B494523A828C585 ] KtmRm           C:\Windows\system32\msdtckrm.dll
12:17:38.0519 4364  KtmRm - ok
12:17:38.0597 4364  [ 1BF5EEBFD518DD7298434D8C862F825D ] LanmanServer    C:\Windows\system32\srvsvc.dll
12:17:38.0644 4364  LanmanServer - ok
12:17:38.0690 4364  [ 1DB69705B695B987082C8BAEC0C6B34F ] LanmanWorkstation C:\Windows\System32\wkssvc.dll
12:17:38.0737 4364  LanmanWorkstation - ok
12:17:38.0800 4364  [ 793FF718477345CD5D232C50BED1E452 ] LightScribeService c:\Program Files\Common Files\LightScribe\LSSrvc.exe
12:17:38.0831 4364  LightScribeService ( UnsignedFile.Multi.Generic ) - warning
12:17:38.0831 4364  LightScribeService - detected UnsignedFile.Multi.Generic (1)
12:17:39.0205 4364  [ A97EEB81F05BCE3D7AA6C81F04EF39A4 ] LiveUpdate      C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE
12:17:40.0968 4364  LiveUpdate - ok
12:17:41.0077 4364  LiveUpdate Notice Ex - ok
12:17:41.0342 4364  [ C837D17DE0B349539AA527EE750EBE2A ] LiveUpdate Notice Service C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe
12:17:41.0623 4364  LiveUpdate Notice Service - ok
12:17:41.0670 4364  [ D1C5883087A0C3F1344D9D55A44901F6 ] lltdio          C:\Windows\system32\DRIVERS\lltdio.sys
12:17:41.0795 4364  lltdio - ok
12:17:41.0888 4364  [ 2D5A428872F1442631D0959A34ABFF63 ] lltdsvc         C:\Windows\System32\lltdsvc.dll
12:17:42.0029 4364  lltdsvc - ok
12:17:42.0076 4364  [ 35D40113E4A5B961B6CE5C5857702518 ] lmhosts         C:\Windows\System32\lmhsvc.dll
12:17:42.0263 4364  lmhosts - ok
12:17:42.0341 4364  [ A2262FB9F28935E862B4DB46438C80D2 ] LSI_FC          C:\Windows\system32\drivers\lsi_fc.sys
12:17:42.0419 4364  LSI_FC - ok
12:17:42.0497 4364  [ 30D73327D390F72A62F32C103DAF1D6D ] LSI_SAS         C:\Windows\system32\drivers\lsi_sas.sys
12:17:42.0575 4364  LSI_SAS - ok
12:17:42.0622 4364  [ E1E36FEFD45849A95F1AB81DE0159FE3 ] LSI_SCSI        C:\Windows\system32\drivers\lsi_scsi.sys
12:17:42.0637 4364  LSI_SCSI - ok
12:17:42.0653 4364  [ 8F5C7426567798E62A3B3614965D62CC ] luafv           C:\Windows\system32\drivers\luafv.sys
12:17:42.0700 4364  luafv - ok
12:17:42.0715 4364  [ AEF9BABB8A506BC4CE0451A64AADED46 ] Mcx2Svc         C:\Windows\system32\Mcx2Svc.dll
12:17:42.0746 4364  Mcx2Svc - ok
12:17:42.0793 4364  [ D153B14FC6598EAE8422A2037553ADCE ] megasas         C:\Windows\system32\drivers\megasas.sys
12:17:42.0809 4364  megasas - ok
12:17:42.0840 4364  [ 1076FFCFFAAE8385FD62DFCB25AC4708 ] MMCSS           C:\Windows\system32\mmcss.dll
12:17:42.0871 4364  MMCSS - ok
12:17:42.0887 4364  [ E13B5EA0F51BA5B1512EC671393D09BA ] Modem           C:\Windows\system32\drivers\modem.sys
12:17:42.0918 4364  Modem - ok
12:17:42.0965 4364  [ 0A9BB33B56E294F686ABB7C1E4E2D8A8 ] monitor         C:\Windows\system32\DRIVERS\monitor.sys
12:17:43.0012 4364  monitor - ok
12:17:43.0027 4364  [ 5BF6A1326A335C5298477754A506D263 ] mouclass        C:\Windows\system32\DRIVERS\mouclass.sys
12:17:43.0043 4364  mouclass - ok
12:17:43.0105 4364  [ A3A6DFF7E9E757DB3DF51A833BC28885 ] mouhid          C:\Windows\system32\drivers\mouhid.sys
12:17:43.0183 4364  mouhid - ok
12:17:43.0230 4364  [ BDAFC88AA6B92F7842416EA6A48E1600 ] MountMgr        C:\Windows\system32\drivers\mountmgr.sys
12:17:43.0246 4364  MountMgr - ok
12:17:43.0277 4364  [ 583A41F26278D9E0EA548163D6139397 ] mpio            C:\Windows\system32\drivers\mpio.sys
12:17:43.0292 4364  mpio - ok
12:17:43.0324 4364  [ 22241FEBA9B2DEFA669C8CB0A8DD7D2E ] mpsdrv          C:\Windows\system32\drivers\mpsdrv.sys
12:17:43.0355 4364  mpsdrv - ok
12:17:43.0511 4364  [ 5DE62C6E9108F14F6794060A9BDECAEC ] MpsSvc          C:\Windows\system32\mpssvc.dll
12:17:43.0651 4364  MpsSvc - ok
12:17:43.0698 4364  [ 4FBBB70D30FD20EC51F80061703B001E ] Mraid35x        C:\Windows\system32\drivers\mraid35x.sys
12:17:43.0729 4364  Mraid35x - ok
12:17:43.0760 4364  [ 82CEA0395524AACFEB58BA1448E8325C ] MRxDAV          C:\Windows\system32\drivers\mrxdav.sys
12:17:43.0807 4364  MRxDAV - ok
12:17:43.0838 4364  [ 1E94971C4B446AB2290DEB71D01CF0C2 ] mrxsmb          C:\Windows\system32\DRIVERS\mrxsmb.sys
12:17:43.0901 4364  mrxsmb - ok
12:17:43.0932 4364  [ 4FCCB34D793B116423209C0F8B7A3B03 ] mrxsmb10        C:\Windows\system32\DRIVERS\mrxsmb10.sys
12:17:43.0979 4364  mrxsmb10 - ok
12:17:43.0994 4364  [ C3CB1B40AD4A0124D617A1199B0B9D7C ] mrxsmb20        C:\Windows\system32\DRIVERS\mrxsmb20.sys
12:17:44.0026 4364  mrxsmb20 - ok
12:17:44.0072 4364  [ 742AED7939E734C36B7E8D6228CE26B7 ] msahci          C:\Windows\system32\drivers\msahci.sys
12:17:44.0088 4364  msahci - ok
12:17:44.0119 4364  [ 3FC82A2AE4CC149165A94699183D3028 ] msdsm           C:\Windows\system32\drivers\msdsm.sys
12:17:44.0135 4364  msdsm - ok
12:17:44.0213 4364  [ FD7520CC3A80C5FC8C48852BB24C6DED ] MSDTC           C:\Windows\System32\msdtc.exe
12:17:44.0291 4364  MSDTC - ok
12:17:44.0384 4364  [ A9927F4A46B816C92F461ACB90CF8515 ] Msfs            C:\Windows\system32\drivers\Msfs.sys
12:17:44.0462 4364  Msfs - ok
12:17:44.0494 4364  [ 0F400E306F385C56317357D6DEA56F62 ] msisadrv        C:\Windows\system32\drivers\msisadrv.sys
12:17:44.0494 4364  msisadrv - ok
12:17:44.0540 4364  [ 85466C0757A23D9A9AECDC0755203CB2 ] MSiSCSI         C:\Windows\system32\iscsiexe.dll
12:17:44.0572 4364  MSiSCSI - ok
12:17:44.0572 4364  msiserver - ok
12:17:44.0618 4364  [ D8C63D34D9C9E56C059E24EC7185CC07 ] MSKSSRV         C:\Windows\system32\drivers\MSKSSRV.sys
12:17:44.0665 4364  MSKSSRV - ok
12:17:44.0696 4364  [ 1D373C90D62DDB641D50E55B9E78D65E ] MSPCLOCK        C:\Windows\system32\drivers\MSPCLOCK.sys
12:17:44.0743 4364  MSPCLOCK - ok
12:17:44.0790 4364  [ B572DA05BF4E098D4BBA3A4734FB505B ] MSPQM           C:\Windows\system32\drivers\MSPQM.sys
12:17:44.0821 4364  MSPQM - ok
12:17:44.0852 4364  [ B49456D70555DE905C311BCDA6EC6ADB ] MsRPC           C:\Windows\system32\drivers\MsRPC.sys
12:17:44.0899 4364  MsRPC - ok
12:17:44.0946 4364  [ E384487CB84BE41D09711C30CA79646C ] mssmbios        C:\Windows\system32\DRIVERS\mssmbios.sys
12:17:45.0008 4364  mssmbios - ok
12:17:45.0055 4364  [ 7199C1EEC1E4993CAF96B8C0A26BD58A ] MSTEE           C:\Windows\system32\drivers\MSTEE.sys
12:17:45.0118 4364  MSTEE - ok
12:17:45.0149 4364  [ 6A57B5733D4CB702C8EA4542E836B96C ] Mup             C:\Windows\system32\Drivers\mup.sys
12:17:45.0180 4364  Mup - ok
12:17:45.0227 4364  [ E4EAF0C5C1B41B5C83386CF212CA9584 ] napagent        C:\Windows\system32\qagentRT.dll
12:17:45.0289 4364  napagent - ok
12:17:45.0352 4364  [ 85C44FDFF9CF7E72A40DCB7EC06A4416 ] NativeWifiP     C:\Windows\system32\DRIVERS\nwifi.sys
12:17:45.0367 4364  NativeWifiP - ok
12:17:45.0398 4364  [ 1357274D1883F68300AEADD15D7BBB42 ] NDIS            C:\Windows\system32\drivers\ndis.sys
12:17:45.0476 4364  NDIS - ok
12:17:45.0508 4364  [ 0E186E90404980569FB449BA7519AE61 ] NdisTapi        C:\Windows\system32\DRIVERS\ndistapi.sys
12:17:45.0539 4364  NdisTapi - ok
12:17:45.0570 4364  [ D6973AA34C4D5D76C0430B181C3CD389 ] Ndisuio         C:\Windows\system32\DRIVERS\ndisuio.sys
12:17:45.0601 4364  Ndisuio - ok
12:17:45.0648 4364  [ 818F648618AE34F729FDB47EC68345C3 ] NdisWan         C:\Windows\system32\DRIVERS\ndiswan.sys
12:17:45.0710 4364  NdisWan - ok
12:17:45.0757 4364  [ 71DAB552B41936358F3B541AE5997FB3 ] NDProxy         C:\Windows\system32\drivers\NDProxy.sys
12:17:45.0788 4364  NDProxy - ok
12:17:46.0038 4364  [ 51C6D8BFBD4EA5B62A1BA7F4469250D3 ] Net Driver HPZ12 C:\Windows\system32\HPZinw12.dll
12:17:46.0147 4364  Net Driver HPZ12 ( UnsignedFile.Multi.Generic ) - warning
12:17:46.0147 4364  Net Driver HPZ12 - detected UnsignedFile.Multi.Generic (1)
12:17:46.0194 4364  [ BCD093A5A6777CF626434568DC7DBA78 ] NetBIOS         C:\Windows\system32\DRIVERS\netbios.sys
12:17:46.0303 4364  NetBIOS - ok
12:17:46.0350 4364  [ ECD64230A59CBD93C85F1CD1CAB9F3F6 ] netbt           C:\Windows\system32\DRIVERS\netbt.sys
12:17:46.0412 4364  netbt - ok
12:17:46.0444 4364  [ A3E186B4B935905B829219502557314E ] Netlogon        C:\Windows\system32\lsass.exe
12:17:46.0475 4364  Netlogon - ok
12:17:46.0584 4364  [ C8052711DAECC48B982434C5116CA401 ] Netman          C:\Windows\System32\netman.dll
12:17:46.0693 4364  Netman - ok
12:17:46.0724 4364  [ 2EF3BBE22E5A5ACD1428EE387A0D0172 ] netprofm        C:\Windows\System32\netprofm.dll
12:17:46.0802 4364  netprofm - ok
12:17:46.0849 4364  [ 271AC1312EF1DDE187793183ABBFA8D0 ] netr73          C:\Windows\system32\DRIVERS\netr73.sys
12:17:47.0005 4364  netr73 - ok
12:17:47.0052 4364  [ D6C4E4A39A36029AC0813D476FBD0248 ] NetTcpPortSharing C:\Windows\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\SMSvcHost.exe
12:17:47.0083 4364  NetTcpPortSharing - ok
12:17:47.0130 4364  [ 2E7FB731D4790A1BC6270ACCEFACB36E ] nfrd960         C:\Windows\system32\drivers\nfrd960.sys
12:17:47.0146 4364  nfrd960 - ok
12:17:47.0208 4364  [ 2997B15415F9BBE05B5A4C1C85E0C6A2 ] NlaSvc          C:\Windows\System32\nlasvc.dll
12:17:47.0270 4364  NlaSvc - ok
12:17:47.0348 4364  [ D36F239D7CCE1931598E8FB90A0DBC26 ] Npfs            C:\Windows\system32\drivers\Npfs.sys
12:17:47.0395 4364  Npfs - ok
12:17:47.0458 4364  [ 8BB86F0C7EEA2BDED6FE095D0B4CA9BD ] nsi             C:\Windows\system32\nsisvc.dll
12:17:47.0489 4364  nsi - ok
12:17:47.0536 4364  [ 609773E344A97410CE4EBF74A8914FCF ] nsiproxy        C:\Windows\system32\drivers\nsiproxy.sys
12:17:47.0582 4364  nsiproxy - ok
12:17:47.0879 4364  [ 6A4A98CEE84CF9E99564510DDA4BAA47 ] Ntfs            C:\Windows\system32\drivers\Ntfs.sys
12:17:48.0191 4364  Ntfs - ok
12:17:48.0269 4364  [ E875C093AEC0C978A90F30C9E0DFBB72 ] ntrigdigi       C:\Windows\system32\drivers\ntrigdigi.sys
12:17:48.0347 4364  ntrigdigi - ok
12:17:48.0394 4364  [ C5DBBCDA07D780BDA9B685DF333BB41E ] Null            C:\Windows\system32\drivers\Null.sys
12:17:48.0440 4364  Null - ok
12:17:48.0518 4364  [ 1657F3FBD9061526C14FF37E79306F98 ] NVENETFD        C:\Windows\system32\DRIVERS\nvm60x32.sys
12:17:48.0737 4364  NVENETFD - ok
12:17:49.0252 4364  [ 2D892BB73314ECA5549B96F783BB45E8 ] nvlddmkm        C:\Windows\system32\DRIVERS\nvlddmkm.sys
12:17:50.0188 4364  nvlddmkm - ok
12:17:50.0219 4364  [ E69E946F80C1C31C53003BFBF50CBB7C ] nvraid          C:\Windows\system32\drivers\nvraid.sys
12:17:50.0250 4364  nvraid - ok
12:17:50.0281 4364  [ 9E0BA19A28C498A6D323D065DB76DFFC ] nvstor          C:\Windows\system32\drivers\nvstor.sys
12:17:50.0297 4364  nvstor - ok
12:17:50.0344 4364  [ 019054D997F65358DCA63ECAE5103F97 ] nvstor32        C:\Windows\system32\drivers\nvstor32.sys
12:17:50.0359 4364  nvstor32 - ok
12:17:50.0390 4364  [ 07C186427EB8FCC3D8D7927187F260F7 ] nv_agp          C:\Windows\system32\drivers\nv_agp.sys
12:17:50.0406 4364  nv_agp - ok
12:17:50.0422 4364  NwlnkFlt - ok
12:17:50.0437 4364  NwlnkFwd - ok
12:17:50.0531 4364  [ 84DE1DD996B48B05ACE31AD015FA108A ] odserv          C:\Program Files\Common Files\Microsoft Shared\OFFICE12\ODSERV.EXE
12:17:50.0656 4364  odserv - ok
12:17:50.0687 4364  [ 6F310E890D46E246E0E261A63D9B36B4 ] ohci1394        C:\Windows\system32\DRIVERS\ohci1394.sys
12:17:50.0734 4364  ohci1394 - ok
12:17:50.0765 4364  [ 5A432A042DAE460ABE7199B758E8606C ] ose             C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE
12:17:50.0780 4364  ose - ok
12:17:50.0843 4364  [ 0C8E8E61AD1EB0B250B846712C917506 ] p2pimsvc        C:\Windows\system32\p2psvc.dll
12:17:51.0077 4364  p2pimsvc - ok
12:17:51.0124 4364  [ 0C8E8E61AD1EB0B250B846712C917506 ] p2psvc          C:\Windows\system32\p2psvc.dll
12:17:51.0326 4364  p2psvc - ok
12:17:51.0389 4364  [ 0FA9B5055484649D63C303FE404E5F4D ] Parport         C:\Windows\system32\drivers\parport.sys
12:17:51.0529 4364  Parport - ok
12:17:51.0592 4364  [ B9C2B89F08670E159F7181891E449CD9 ] partmgr         C:\Windows\system32\drivers\partmgr.sys
12:17:51.0623 4364  partmgr - ok
12:17:51.0638 4364  [ 4F9A6A8A31413180D0FCB279AD5D8112 ] Parvdm          C:\Windows\system32\drivers\parvdm.sys
12:17:51.0716 4364  Parvdm - ok
12:17:51.0763 4364  [ C6276AD11F4BB49B58AA1ED88537F14A ] PcaSvc          C:\Windows\System32\pcasvc.dll
12:17:51.0794 4364  PcaSvc - ok
12:17:51.0841 4364  [ 941DC1D19E7E8620F40BBC206981EFDB ] pci             C:\Windows\system32\drivers\pci.sys
12:17:51.0857 4364  pci - ok
12:17:51.0872 4364  [ 3B1901E401473E03EB8C874271E50C26 ] pciide          C:\Windows\system32\drivers\pciide.sys
12:17:51.0888 4364  pciide - ok
12:17:51.0935 4364  [ E6F3FB1B86AA519E7698AD05E58B04E5 ] pcmcia          C:\Windows\system32\drivers\pcmcia.sys
12:17:51.0950 4364  pcmcia - ok
12:17:51.0997 4364  [ 6349F6ED9C623B44B52EA3C63C831A92 ] PEAUTH          C:\Windows\system32\drivers\peauth.sys
12:17:52.0418 4364  PEAUTH - ok
12:17:52.0886 4364  [ B1689DF169143F57053F795390C99DB3 ] pla             C:\Windows\system32\pla.dll
12:17:53.0401 4364  pla - ok
12:17:53.0557 4364  [ C5E7F8A996EC0A82D508FD9064A5569E ] PlugPlay        C:\Windows\system32\umpnpmgr.dll
12:17:53.0635 4364  PlugPlay - ok
12:17:53.0713 4364  [ 79834AA2FBF9FE81EEBB229024F6F7FC ] Pml Driver HPZ12 C:\Windows\system32\HPZipm12.dll
12:17:53.0776 4364  Pml Driver HPZ12 ( UnsignedFile.Multi.Generic ) - warning
12:17:53.0776 4364  Pml Driver HPZ12 - detected UnsignedFile.Multi.Generic (1)
12:17:54.0041 4364  [ 0C8E8E61AD1EB0B250B846712C917506 ] PNRPAutoReg     C:\Windows\system32\p2psvc.dll
12:17:54.0322 4364  PNRPAutoReg - ok
12:17:54.0524 4364  [ 0C8E8E61AD1EB0B250B846712C917506 ] PNRPsvc         C:\Windows\system32\p2psvc.dll
12:17:54.0821 4364  PNRPsvc - ok
12:17:54.0930 4364  [ D0494460421A03CD5225CCA0059AA146 ] PolicyAgent     C:\Windows\System32\ipsecsvc.dll
12:17:55.0164 4364  PolicyAgent - ok
12:17:55.0211 4364  [ ECFFFAEC0C1ECD8DBC77F39070EA1DB1 ] PptpMiniport    C:\Windows\system32\DRIVERS\raspptp.sys
12:17:55.0382 4364  PptpMiniport - ok
12:17:55.0429 4364  [ 0E3CEF5D28B40CF273281D620C50700A ] Processor       C:\Windows\system32\drivers\processr.sys
12:17:55.0554 4364  Processor - ok
12:17:55.0570 4364  [ 0508FAA222D28835310B7BFCA7A77346 ] ProfSvc         C:\Windows\system32\profsvc.dll
12:17:55.0601 4364  ProfSvc - ok
12:17:55.0616 4364  [ A3E186B4B935905B829219502557314E ] ProtectedStorage C:\Windows\system32\lsass.exe
12:17:55.0632 4364  ProtectedStorage - ok
12:17:55.0679 4364  [ 390C204CED3785609AB24E9C52054A84 ] Ps2             C:\Windows\system32\DRIVERS\PS2.sys
12:17:55.0757 4364  Ps2 - ok
12:17:55.0819 4364  [ 99514FAA8DF93D34B5589187DB3AA0BA ] PSched          C:\Windows\system32\DRIVERS\pacer.sys
12:17:55.0882 4364  PSched - ok
12:17:55.0928 4364  [ D86B4A68565E444D76457F14172C875A ] PxHelp20        C:\Windows\system32\Drivers\PxHelp20.sys
12:17:55.0960 4364  PxHelp20 - ok
12:17:56.0147 4364  [ CCDAC889326317792480C0A67156A1EC ] ql2300          C:\Windows\system32\drivers\ql2300.sys
12:17:56.0615 4364  ql2300 - ok
12:17:56.0740 4364  [ 81A7E5C076E59995D54BC1ED3A16E60B ] ql40xx          C:\Windows\system32\drivers\ql40xx.sys
12:17:56.0849 4364  ql40xx - ok
12:17:57.0020 4364  [ E9ECAE663F47E6CB43962D18AB18890F ] QWAVE           C:\Windows\system32\qwave.dll
12:17:57.0130 4364  QWAVE - ok
12:17:57.0192 4364  [ 9F5E0E1926014D17486901C88ECA2DB7 ] QWAVEdrv        C:\Windows\system32\drivers\qwavedrv.sys
12:17:57.0254 4364  QWAVEdrv - ok
12:17:57.0301 4364  [ 147D7F9C556D259924351FEB0DE606C3 ] RasAcd          C:\Windows\system32\DRIVERS\rasacd.sys
12:17:57.0488 4364  RasAcd - ok
12:17:57.0676 4364  [ F6A452EB4CEADBB51C9E0EE6B3ECEF0F ] RasAuto         C:\Windows\System32\rasauto.dll
12:17:57.0878 4364  RasAuto - ok
12:17:58.0128 4364  [ A214ADBAF4CB47DD2728859EF31F26B0 ] Rasl2tp         C:\Windows\system32\DRIVERS\rasl2tp.sys
12:17:58.0378 4364  Rasl2tp - ok
12:17:58.0580 4364  [ 75D47445D70CA6F9F894B032FBC64FCF ] RasMan          C:\Windows\System32\rasmans.dll
12:17:58.0674 4364  RasMan - ok
12:17:58.0752 4364  [ 509A98DD18AF4375E1FC40BC175F1DEF ] RasPppoe        C:\Windows\system32\DRIVERS\raspppoe.sys
12:17:58.0814 4364  RasPppoe - ok
12:17:58.0892 4364  [ 2005F4A1E05FA09389AC85840F0A9E4D ] RasSstp         C:\Windows\system32\DRIVERS\rassstp.sys
12:17:58.0955 4364  RasSstp - ok
12:17:59.0111 4364  [ B14C9D5B9ADD2F84F70570BBBFAA7935 ] rdbss           C:\Windows\system32\DRIVERS\rdbss.sys
12:17:59.0360 4364  rdbss - ok
12:17:59.0454 4364  [ 89E59BE9A564262A3FB6C4F4F1CD9899 ] RDPCDD          C:\Windows\system32\DRIVERS\RDPCDD.sys
12:17:59.0548 4364  RDPCDD - ok
12:17:59.0735 4364  [ E8BD98D46F2ED77132BA927FCCB47D8B ] rdpdr           C:\Windows\system32\drivers\rdpdr.sys
12:17:59.0906 4364  rdpdr - ok
12:17:59.0969 4364  [ 9D91FE5286F748862ECFFA05F8A0710C ] RDPENCDD        C:\Windows\system32\drivers\rdpencdd.sys
12:18:00.0078 4364  RDPENCDD - ok
12:18:00.0172 4364  [ C127EBD5AFAB31524662C48DFCEB773A ] RDPWD           C:\Windows\system32\drivers\RDPWD.sys
12:18:00.0328 4364  RDPWD - ok
12:18:00.0468 4364  [ BCDD6B4804D06B1F7EBF29E53A57ECE9 ] RemoteAccess    C:\Windows\System32\mprdim.dll
12:18:00.0546 4364  RemoteAccess - ok
12:18:00.0577 4364  [ 9E6894EA18DAFF37B63E1005F83AE4AB ] RemoteRegistry  C:\Windows\system32\regsvc.dll
12:18:00.0624 4364  RemoteRegistry - ok
12:18:00.0702 4364  [ 5123F83CBC4349D065534EEB6BBDC42B ] RpcLocator      C:\Windows\system32\locator.exe
12:18:00.0842 4364  RpcLocator - ok
12:18:01.0014 4364  [ 3B5B4D53FEC14F7476CA29A20CC31AC9 ] RpcSs           C:\Windows\system32\rpcss.dll
12:18:01.0232 4364  RpcSs - ok
12:18:01.0264 4364  [ 9C508F4074A39E8B4B31D27198146FAD ] rspndr          C:\Windows\system32\DRIVERS\rspndr.sys
12:18:01.0295 4364  rspndr - ok
12:18:01.0388 4364  [ 872C4E777BEDCD7F99DC09016B5E6F39 ] RTL8187B        C:\Windows\system32\DRIVERS\wg111v3.sys
12:18:01.0498 4364  RTL8187B - ok
12:18:01.0513 4364  [ A3E186B4B935905B829219502557314E ] SamSs           C:\Windows\system32\lsass.exe
12:18:01.0529 4364  SamSs - ok
12:18:01.0607 4364  [ 3CE8F073A557E172B330109436984E30 ] sbp2port        C:\Windows\system32\drivers\sbp2port.sys
12:18:01.0622 4364  sbp2port - ok
12:18:01.0654 4364  [ 77B7A11A0C3D78D3386398FBBEA1B632 ] SCardSvr        C:\Windows\System32\SCardSvr.dll
12:18:01.0700 4364  SCardSvr - ok
12:18:01.0997 4364  [ 1A58069DB21D05EB2AB58EE5753EBE8D ] Schedule        C:\Windows\system32\schedsvc.dll
12:18:02.0262 4364  Schedule - ok
12:18:02.0278 4364  [ 312EC3E37A0A1F2006534913E37B4423 ] SCPolicySvc     C:\Windows\System32\certprop.dll
12:18:02.0324 4364  SCPolicySvc - ok
12:18:02.0387 4364  [ 716313D9F6B0529D03F726D5AAF6F191 ] SDRSVC          C:\Windows\System32\SDRSVC.dll
12:18:02.0434 4364  SDRSVC - ok
12:18:02.0605 4364  [ 331E7BDE228914574FC9AE6CD520DAFA ] SeaPort         C:\Program Files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe
12:18:02.0636 4364  SeaPort - ok
12:18:02.0652 4364  [ 90A3935D05B494A5A39D37E71F09A677 ] secdrv          C:\Windows\system32\drivers\secdrv.sys
12:18:02.0714 4364  secdrv - ok
12:18:02.0761 4364  [ FD5199D4D8A521005E4B5EE7FE00FA9B ] seclogon        C:\Windows\system32\seclogon.dll
12:18:02.0808 4364  seclogon - ok
12:18:02.0824 4364  [ A9BBAB5759771E523F55563D6CBE140F ] SENS            C:\Windows\System32\sens.dll
12:18:02.0886 4364  SENS - ok
12:18:02.0917 4364  [ 68E44E331D46F0FB38F0863A84CD1A31 ] Serenum         C:\Windows\system32\drivers\serenum.sys
12:18:02.0995 4364  Serenum - ok
12:18:03.0089 4364  [ C70D69A918B178D3C3B06339B40C2E1B ] Serial          C:\Windows\system32\drivers\serial.sys
12:18:03.0229 4364  Serial - ok
12:18:03.0260 4364  [ 8AF3D28A879BF75DB53A0EE7A4289624 ] sermouse        C:\Windows\system32\drivers\sermouse.sys
12:18:03.0292 4364  sermouse - ok
12:18:03.0354 4364  [ D2193326F729B163125610DBF3E17D57 ] SessionEnv      C:\Windows\system32\sessenv.dll
12:18:03.0416 4364  SessionEnv - ok
12:18:03.0479 4364  [ 103B79418DA647736EE95645F305F68A ] sffdisk         C:\Windows\system32\drivers\sffdisk.sys
12:18:03.0541 4364  sffdisk - ok
12:18:03.0588 4364  [ 8FD08A310645FE872EEEC6E08C6BF3EE ] sffp_mmc        C:\Windows\system32\drivers\sffp_mmc.sys
12:18:03.0650 4364  sffp_mmc - ok
12:18:03.0697 4364  [ 9CFA05FCFCB7124E69CFC812B72F9614 ] sffp_sd         C:\Windows\system32\drivers\sffp_sd.sys
12:18:03.0775 4364  sffp_sd - ok
12:18:03.0791 4364  [ 46ED8E91793B2E6F848015445A0AC188 ] sfloppy         C:\Windows\system32\drivers\sfloppy.sys
12:18:03.0838 4364  sfloppy - ok
12:18:03.0900 4364  [ E1499BD0FF76B1B2FBBF1AF339D91165 ] SharedAccess    C:\Windows\System32\ipnathlp.dll
12:18:03.0962 4364  SharedAccess - ok
12:18:04.0009 4364  [ C7230FBEE14437716701C15BE02C27B8 ] ShellHWDetection C:\Windows\System32\shsvcs.dll
12:18:04.0072 4364  ShellHWDetection - ok
12:18:04.0103 4364  [ D2A595D6EEBEEAF4334F8E50EFBC9931 ] sisagp          C:\Windows\system32\drivers\sisagp.sys
12:18:04.0118 4364  sisagp - ok
12:18:04.0134 4364  [ CEDD6F4E7D84E9F98B34B3FE988373AA ] SiSRaid2        C:\Windows\system32\drivers\sisraid2.sys
12:18:04.0150 4364  SiSRaid2 - ok
12:18:04.0181 4364  [ DF843C528C4F69D12CE41CE462E973A7 ] SiSRaid4        C:\Windows\system32\drivers\sisraid4.sys
12:18:04.0196 4364  SiSRaid4 - ok
12:18:04.0540 4364  [ 862BB4CBC05D80C5B45BE430E5EF872F ] slsvc           C:\Windows\system32\SLsvc.exe
12:18:05.0772 4364  slsvc - ok
12:18:05.0850 4364  [ 6EDC422215CD78AA8A9CDE6B30ABBD35 ] SLUINotify      C:\Windows\system32\SLUINotify.dll
12:18:05.0897 4364  SLUINotify - ok
12:18:05.0944 4364  [ 7B75299A4D201D6A6533603D6914AB04 ] Smb             C:\Windows\system32\DRIVERS\smb.sys
12:18:06.0006 4364  Smb - ok
12:18:06.0053 4364  [ 2A146A055B4401C16EE62D18B8E2A032 ] SNMPTRAP        C:\Windows\System32\snmptrap.exe
12:18:06.0084 4364  SNMPTRAP - ok
12:18:06.0115 4364  [ 7AEBDEEF071FE28B0EEF2CDD69102BFF ] spldr           C:\Windows\system32\drivers\spldr.sys
12:18:06.0146 4364  spldr - ok
12:18:06.0178 4364  [ 8554097E5136C3BF9F69FE578A1B35F4 ] Spooler         C:\Windows\System32\spoolsv.exe
12:18:06.0224 4364  Spooler - ok
12:18:06.0271 4364  [ 41987F9FC0E61ADF54F581E15029AD91 ] srv             C:\Windows\system32\DRIVERS\srv.sys
12:18:06.0318 4364  srv - ok
12:18:06.0396 4364  [ FF33AFF99564B1AA534F58868CBE41EF ] srv2            C:\Windows\system32\DRIVERS\srv2.sys
12:18:06.0458 4364  srv2 - ok
12:18:06.0505 4364  [ 7605C0E1D01A08F3ECD743F38B834A44 ] srvnet          C:\Windows\system32\DRIVERS\srvnet.sys
12:18:06.0521 4364  srvnet - ok
12:18:06.0552 4364  [ 03D50B37234967433A5EA5BA72BC0B62 ] SSDPSRV         C:\Windows\System32\ssdpsrv.dll
12:18:06.0614 4364  SSDPSRV - ok
12:18:06.0661 4364  [ 5EC550B8952882EE856B862CF648522D ] ssmdrv          C:\Windows\system32\DRIVERS\ssmdrv.sys
12:18:06.0677 4364  ssmdrv - ok
12:18:06.0708 4364  [ 6F1A32E7B7B30F004D9A20AFADB14944 ] SstpSvc         C:\Windows\system32\sstpsvc.dll
12:18:06.0739 4364  SstpSvc - ok
12:18:06.0895 4364  [ 5DE7D67E49B88F5F07F3E53C4B92A352 ] stisvc          C:\Windows\System32\wiaservc.dll
12:18:06.0989 4364  stisvc - ok
12:18:07.0067 4364  [ 4CFEB2BD9723489DA072B300940EA287 ] stllssvr        c:\Program Files\Common Files\SureThing Shared\stllssvr.exe
12:18:07.0082 4364  stllssvr - ok
12:18:07.0098 4364  [ 7BA58ECF0C0A9A69D44B3DCA62BECF56 ] swenum          C:\Windows\system32\DRIVERS\swenum.sys
12:18:07.0114 4364  swenum - ok
12:18:07.0145 4364  [ F21FD248040681CCA1FB6C9A03AAA93D ] swprv           C:\Windows\System32\swprv.dll
12:18:07.0176 4364  swprv - ok
12:18:07.0207 4364  [ 192AA3AC01DF071B541094F251DEED10 ] Symc8xx         C:\Windows\system32\drivers\symc8xx.sys
12:18:07.0223 4364  Symc8xx - ok
12:18:07.0238 4364  [ 8C8EB8C76736EBAF3B13B633B2E64125 ] Sym_hi          C:\Windows\system32\drivers\sym_hi.sys
12:18:07.0254 4364  Sym_hi - ok
12:18:07.0285 4364  [ 8072AF52B5FD103BBBA387A1E49F62CB ] Sym_u3          C:\Windows\system32\drivers\sym_u3.sys
12:18:07.0301 4364  Sym_u3 - ok
12:18:07.0348 4364  [ 9A51B04E9886AA4EE90093586B0BA88D ] SysMain         C:\Windows\system32\sysmain.dll
12:18:07.0472 4364  SysMain - ok
12:18:07.0519 4364  [ 2DCA225EAE15F42C0933E998EE0231C3 ] TabletInputService C:\Windows\System32\TabSvc.dll
12:18:07.0535 4364  TabletInputService - ok
12:18:07.0566 4364  [ D7673E4B38CE21EE54C59EEEB65E2483 ] TapiSrv         C:\Windows\System32\tapisrv.dll
12:18:07.0613 4364  TapiSrv - ok
12:18:07.0660 4364  [ CB05822CD9CC6C688168E113C603DBE7 ] TBS             C:\Windows\System32\tbssvc.dll
12:18:07.0706 4364  TBS - ok
12:18:07.0847 4364  [ 27D470DABC77BC60D0A3B0E4DEB6CB91 ] Tcpip           C:\Windows\system32\drivers\tcpip.sys
12:18:08.0174 4364  Tcpip - ok
12:18:08.0221 4364  [ 27D470DABC77BC60D0A3B0E4DEB6CB91 ] Tcpip6          C:\Windows\system32\DRIVERS\tcpip.sys
12:18:08.0455 4364  Tcpip6 - ok
12:18:08.0486 4364  [ 608C345A255D82A6289C2D468EB41FD7 ] tcpipreg        C:\Windows\system32\drivers\tcpipreg.sys
12:18:08.0564 4364  tcpipreg - ok
12:18:08.0767 4364  [ 5DCF5E267BE67A1AE926F2DF77FBCC56 ] TDPIPE          C:\Windows\system32\drivers\tdpipe.sys
12:18:08.0830 4364  TDPIPE - ok
12:18:08.0876 4364  [ 389C63E32B3CEFED425B61ED92D3F021 ] TDTCP           C:\Windows\system32\drivers\tdtcp.sys
12:18:08.0939 4364  TDTCP - ok
12:18:09.0001 4364  [ 76B06EB8A01FC8624D699E7045303E54 ] tdx             C:\Windows\system32\DRIVERS\tdx.sys
12:18:09.0032 4364  tdx - ok
12:18:09.0064 4364  [ 3CAD38910468EAB9A6479E2F01DB43C7 ] TermDD          C:\Windows\system32\DRIVERS\termdd.sys
12:18:09.0079 4364  TermDD - ok
12:18:09.0095 4364  [ BB95DA09BEF6E7A131BFF3BA5032090D ] TermService     C:\Windows\System32\termsrv.dll
12:18:09.0220 4364  TermService - ok
12:18:09.0266 4364  [ C7230FBEE14437716701C15BE02C27B8 ] Themes          C:\Windows\system32\shsvcs.dll
12:18:09.0313 4364  Themes - ok
12:18:09.0344 4364  [ 1076FFCFFAAE8385FD62DFCB25AC4708 ] THREADORDER     C:\Windows\system32\mmcss.dll
12:18:09.0376 4364  THREADORDER - ok
12:18:09.0391 4364  [ EC74E77D0EB004BD3A809B5F8FB8C2CE ] TrkWks          C:\Windows\System32\trkwks.dll
12:18:09.0438 4364  TrkWks - ok
12:18:09.0500 4364  [ 97D9D6A04E3AD9B6C626B9931DB78DBA ] TrustedInstaller C:\Windows\servicing\TrustedInstaller.exe
12:18:09.0563 4364  TrustedInstaller - ok
12:18:09.0610 4364  [ DCF0F056A2E4F52287264F5AB29CF206 ] tssecsrv        C:\Windows\system32\DRIVERS\tssecsrv.sys
12:18:09.0641 4364  tssecsrv - ok
12:18:09.0672 4364  [ CAECC0120AC49E3D2F758B9169872D38 ] tunmp           C:\Windows\system32\DRIVERS\tunmp.sys
12:18:09.0719 4364  tunmp - ok
12:18:09.0766 4364  [ 300DB877AC094FEAB0BE7688C3454A9C ] tunnel          C:\Windows\system32\DRIVERS\tunnel.sys
12:18:09.0797 4364  tunnel - ok
12:18:09.0828 4364  [ C3ADE15414120033A36C0F293D4A4121 ] uagp35          C:\Windows\system32\drivers\uagp35.sys
12:18:09.0844 4364  uagp35 - ok
12:18:09.0890 4364  [ D9728AF68C4C7693CB100B8441CBDEC6 ] udfs            C:\Windows\system32\DRIVERS\udfs.sys
12:18:09.0922 4364  udfs - ok
12:18:09.0968 4364  [ ECEF404F62863755951E09C802C94AD5 ] UI0Detect       C:\Windows\system32\UI0Detect.exe
12:18:10.0031 4364  UI0Detect - ok
12:18:10.0046 4364  [ 75E6890EBFCE0841D3291B02E7A8BDB0 ] uliagpkx        C:\Windows\system32\drivers\uliagpkx.sys
12:18:10.0093 4364  uliagpkx - ok
12:18:10.0124 4364  [ 3CD4EA35A6221B85DCC25DAA46313F8D ] uliahci         C:\Windows\system32\drivers\uliahci.sys
12:18:10.0140 4364  uliahci - ok
12:18:10.0156 4364  [ 8514D0E5CD0534467C5FC61BE94A569F ] UlSata          C:\Windows\system32\drivers\ulsata.sys
12:18:10.0171 4364  UlSata - ok
12:18:10.0202 4364  [ 38C3C6E62B157A6BC46594FADA45C62B ] ulsata2         C:\Windows\system32\drivers\ulsata2.sys
12:18:10.0218 4364  ulsata2 - ok
12:18:10.0249 4364  [ 32CFF9F809AE9AED85464492BF3E32D2 ] umbus           C:\Windows\system32\DRIVERS\umbus.sys
12:18:10.0280 4364  umbus - ok
12:18:10.0327 4364  [ 68308183F4AE0BE7BF8ECD07CB297999 ] upnphost        C:\Windows\System32\upnphost.dll
12:18:10.0374 4364  upnphost - ok
12:18:10.0436 4364  [ CAF811AE4C147FFCD5B51750C7F09142 ] usbccgp         C:\Windows\system32\DRIVERS\usbccgp.sys
12:18:10.0452 4364  usbccgp - ok
12:18:10.0514 4364  [ E9476E6C486E76BC4898074768FB7131 ] usbcir          C:\Windows\system32\drivers\usbcir.sys
12:18:10.0561 4364  usbcir - ok
12:18:10.0608 4364  [ 79E96C23A97CE7B8F14D310DA2DB0C9B ] usbehci         C:\Windows\system32\DRIVERS\usbehci.sys
12:18:10.0655 4364  usbehci - ok
12:18:10.0702 4364  [ 4673BBCB006AF60E7ABDDBE7A130BA42 ] usbhub          C:\Windows\system32\DRIVERS\usbhub.sys
12:18:10.0733 4364  usbhub - ok
12:18:10.0764 4364  [ CE697FEE0D479290D89BEC80DFE793B7 ] usbohci         C:\Windows\system32\DRIVERS\usbohci.sys
12:18:10.0795 4364  usbohci - ok
12:18:10.0826 4364  [ E75C4B5269091D15A2E7DC0B6D35F2F5 ] usbprint        C:\Windows\system32\DRIVERS\usbprint.sys
12:18:10.0889 4364  usbprint - ok
12:18:10.0920 4364  [ A508C9BD8724980512136B039BBA65E9 ] usbscan         C:\Windows\system32\DRIVERS\usbscan.sys
12:18:10.0951 4364  usbscan - ok
12:18:10.0967 4364  [ BE3DA31C191BC222D9AD503C5224F2AD ] USBSTOR         C:\Windows\system32\DRIVERS\USBSTOR.SYS
12:18:11.0014 4364  USBSTOR - ok
12:18:11.0045 4364  [ 325DBBACB8A36AF9988CCF40EAC228CC ] usbuhci         C:\Windows\system32\DRIVERS\usbuhci.sys
12:18:11.0123 4364  usbuhci - ok
12:18:11.0170 4364  [ 1509E705F3AC1D474C92454A5C2DD81F ] UxSms           C:\Windows\System32\uxsms.dll
12:18:11.0216 4364  UxSms - ok
12:18:11.0279 4364  [ CD88D1B7776DC17A119049742EC07EB4 ] vds             C:\Windows\System32\vds.exe
12:18:11.0404 4364  vds - ok
12:18:11.0466 4364  [ 87B06E1F30B749A114F74622D013F8D4 ] vga             C:\Windows\system32\DRIVERS\vgapnp.sys
12:18:11.0513 4364  vga - ok
12:18:11.0606 4364  [ 2E93AC0A1D8C79D019DB6C51F036636C ] VgaSave         C:\Windows\System32\drivers\vga.sys
12:18:11.0638 4364  VgaSave - ok
12:18:11.0700 4364  [ 045D9961E591CF0674A920B6BA3BA5CB ] viaagp          C:\Windows\system32\drivers\viaagp.sys
12:18:11.0716 4364  viaagp - ok
12:18:11.0747 4364  [ 56A4DE5F02F2E88182B0981119B4DD98 ] ViaC7           C:\Windows\system32\drivers\viac7.sys
12:18:11.0825 4364  ViaC7 - ok
12:18:11.0856 4364  [ FD2E3175FCADA350C7AB4521DCA187EC ] viaide          C:\Windows\system32\drivers\viaide.sys
12:18:11.0856 4364  viaide - ok
12:18:11.0887 4364  [ 69503668AC66C77C6CD7AF86FBDF8C43 ] volmgr          C:\Windows\system32\drivers\volmgr.sys
12:18:11.0903 4364  volmgr - ok
12:18:11.0934 4364  [ 23E41B834759917BFD6B9A0D625D0C28 ] volmgrx         C:\Windows\system32\drivers\volmgrx.sys
12:18:11.0950 4364  volmgrx - ok
12:18:11.0965 4364  [ 147281C01FCB1DF9252DE2A10D5E7093 ] volsnap         C:\Windows\system32\drivers\volsnap.sys
12:18:11.0996 4364  volsnap - ok
12:18:12.0028 4364  [ D984439746D42B30FC65A4C3546C6829 ] vsmraid         C:\Windows\system32\drivers\vsmraid.sys
12:18:12.0043 4364  vsmraid - ok
12:18:12.0090 4364  [ DB3D19F850C6EB32BDCB9BC0836ACDDB ] VSS             C:\Windows\system32\vssvc.exe
12:18:12.0464 4364  VSS - ok
12:18:12.0496 4364  [ 96EA68B9EB310A69C25EBB0282B2B9DE ] W32Time         C:\Windows\system32\w32time.dll
12:18:12.0558 4364  W32Time - ok
12:18:12.0620 4364  [ 48DFEE8F1AF7C8235D4E626F0C4FE031 ] WacomPen        C:\Windows\system32\drivers\wacompen.sys
12:18:12.0714 4364  WacomPen - ok
12:18:12.0761 4364  [ 55201897378CCA7AF8B5EFD874374A26 ] Wanarp          C:\Windows\system32\DRIVERS\wanarp.sys
12:18:12.0792 4364  Wanarp - ok
12:18:12.0808 4364  [ 55201897378CCA7AF8B5EFD874374A26 ] Wanarpv6        C:\Windows\system32\DRIVERS\wanarp.sys
12:18:12.0823 4364  Wanarpv6 - ok
12:18:12.0870 4364  [ A3CD60FD826381B49F03832590E069AF ] wcncsvc         C:\Windows\System32\wcncsvc.dll
12:18:13.0010 4364  wcncsvc - ok
12:18:13.0042 4364  [ 11BCB7AFCDD7AADACB5746F544D3A9C7 ] WcsPlugInService C:\Windows\System32\WcsPlugInService.dll
12:18:13.0073 4364  WcsPlugInService - ok
12:18:13.0104 4364  [ AFC5AD65B991C1E205CF25CFDBF7A6F4 ] Wd              C:\Windows\system32\drivers\wd.sys
12:18:13.0135 4364  Wd - ok
12:18:13.0166 4364  [ B6F0A7AD6D4BD325FBCD8BAC96CD8D96 ] Wdf01000        C:\Windows\system32\drivers\Wdf01000.sys
12:18:13.0229 4364  Wdf01000 - ok
12:18:13.0276 4364  [ ABFC76B48BB6C96E3338D8943C5D93B5 ] WdiServiceHost  C:\Windows\system32\wdi.dll
12:18:13.0322 4364  WdiServiceHost - ok
12:18:13.0322 4364  [ ABFC76B48BB6C96E3338D8943C5D93B5 ] WdiSystemHost   C:\Windows\system32\wdi.dll
12:18:13.0369 4364  WdiSystemHost - ok
12:18:13.0432 4364  [ 04C37D8107320312FBAE09926103D5E2 ] WebClient       C:\Windows\System32\webclnt.dll
12:18:13.0510 4364  WebClient - ok
12:18:13.0634 4364  [ AE3736E7E8892241C23E4EBBB7453B60 ] Wecsvc          C:\Windows\system32\wecsvc.dll
12:18:13.0697 4364  Wecsvc - ok
12:18:13.0978 4364  [ 670FF720071ED741206D69BD995EA453 ] wercplsupport   C:\Windows\System32\wercplsupport.dll
12:18:14.0056 4364  wercplsupport - ok
12:18:14.0118 4364  [ 32B88481D3B326DA6DEB07B1D03481E7 ] WerSvc          C:\Windows\System32\WerSvc.dll
12:18:14.0243 4364  WerSvc - ok
12:18:14.0305 4364  [ 4575AA12561C5648483403541D0D7F2B ] WinDefend       C:\Program Files\Windows Defender\mpsvc.dll
12:18:14.0336 4364  WinDefend - ok
12:18:14.0336 4364  WinHttpAutoProxySvc - ok
12:18:14.0399 4364  [ 6B2A1D0E80110E3D04E6863C6E62FD8A ] Winmgmt         C:\Windows\system32\wbem\WMIsvc.dll
12:18:14.0430 4364  Winmgmt - ok
12:18:14.0570 4364  [ 7CFE68BDC065E55AA5E8421607037511 ] WinRM           C:\Windows\system32\WsmSvc.dll
12:18:15.0319 4364  WinRM - ok
12:18:15.0382 4364  [ C008405E4FEEB069E30DA1D823910234 ] Wlansvc         C:\Windows\System32\wlansvc.dll
12:18:15.0569 4364  Wlansvc - ok
12:18:15.0616 4364  [ 701A9F884A294327E9141D73746EE279 ] WmiAcpi         C:\Windows\system32\drivers\wmiacpi.sys
12:18:15.0756 4364  WmiAcpi - ok
12:18:15.0834 4364  [ 43BE3875207DCB62A85C8C49970B66CC ] wmiApSrv        C:\Windows\system32\wbem\WmiApSrv.exe
12:18:15.0912 4364  wmiApSrv - ok
12:18:15.0990 4364  [ 3978704576A121A9204F8CC49A301A9B ] WMPNetworkSvc   C:\Program Files\Windows Media Player\wmpnetwk.exe
12:18:16.0224 4364  WMPNetworkSvc - ok
12:18:16.0271 4364  [ CFC5A04558F5070CEE3E3A7809F3FF52 ] WPCSvc          C:\Windows\System32\wpcsvc.dll
12:18:16.0333 4364  WPCSvc - ok
12:18:16.0364 4364  [ 801FBDB89D472B3C467EB112A0FC9246 ] WPDBusEnum      C:\Windows\system32\wpdbusenum.dll
12:18:16.0427 4364  WPDBusEnum - ok
12:18:16.0458 4364  [ DE9D36F91A4DF3D911626643DEBF11EA ] WpdUsb          C:\Windows\system32\DRIVERS\wpdusb.sys
12:18:16.0474 4364  WpdUsb - ok
12:18:16.0848 4364  [ DCF3E3EDF5109EE8BC02FE6E1F045795 ] WPFFontCache_v0400 C:\Windows\Microsoft.NET\Framework\v4.0.30319\WPF\WPFFontCache_v0400.exe
12:18:17.0035 4364  WPFFontCache_v0400 - ok
12:18:17.0098 4364  [ E3A3CB253C0EC2494D4A61F5E43A389C ] ws2ifsl         C:\Windows\system32\drivers\ws2ifsl.sys
12:18:17.0191 4364  ws2ifsl - ok
12:18:17.0269 4364  [ 1CA6C40261DDC0425987980D0CD2AAAB ] wscsvc          C:\Windows\System32\wscsvc.dll
12:18:17.0332 4364  wscsvc - ok
12:18:17.0347 4364  WSearch - ok
12:18:17.0644 4364  [ FC3EC24FCE372C89423E015A2AC1A31E ] wuauserv        C:\Windows\system32\wuaueng.dll
12:18:19.0016 4364  wuauserv - ok
12:18:19.0141 4364  [ AC13CB789D93412106B0FB6C7EB2BCB6 ] WUDFRd          C:\Windows\system32\DRIVERS\WUDFRd.sys
12:18:19.0250 4364  WUDFRd - ok
12:18:19.0484 4364  [ 575A4190D989F64732119E4114045A4F ] wudfsvc         C:\Windows\System32\WUDFSvc.dll
12:18:19.0594 4364  wudfsvc - ok
12:18:19.0640 4364  ================ Scan global ===============================
12:18:19.0796 4364  [ F31EEBC1A1C81FD04005489CC3DCDFE7 ] C:\Windows\system32\basesrv.dll
12:18:20.0062 4364  [ D2293B069E4B63DC17B2F08D45E71124 ] C:\Windows\system32\winsrv.dll
12:18:20.0140 4364  [ D2293B069E4B63DC17B2F08D45E71124 ] C:\Windows\system32\winsrv.dll
12:18:20.0280 4364  [ D4E6D91C1349B7BFB3599A6ADA56851B ] C:\Windows\system32\services.exe
12:18:20.0296 4364  [Global] - ok
12:18:20.0296 4364  ================ Scan MBR ==================================
12:18:20.0311 4364  [ 8913823FF508CCF109DB74B636C301DA ] \Device\Harddisk0\DR0
12:18:22.0916 4364  \Device\Harddisk0\DR0 - ok
12:18:22.0916 4364  ================ Scan VBR ==================================
12:18:22.0916 4364  [ FA2D48BA9BEB7EF57A8A88CB4C5CB9F0 ] \Device\Harddisk0\DR0\Partition1
12:18:22.0916 4364  \Device\Harddisk0\DR0\Partition1 - ok
12:18:22.0963 4364  [ 943643FD1569F06E850D37E8F6545C82 ] \Device\Harddisk0\DR0\Partition2
12:18:22.0994 4364  \Device\Harddisk0\DR0\Partition2 - ok
12:18:22.0994 4364  ============================================================
12:18:22.0994 4364  Scan finished
12:18:22.0994 4364  ============================================================
12:18:23.0026 4356  Detected object count: 7
12:18:23.0026 4356  Actual detected object count: 7
12:18:47.0642 4356  BVRPMPR5 ( UnsignedFile.Multi.Generic ) - skipped by user
12:18:47.0642 4356  BVRPMPR5 ( UnsignedFile.Multi.Generic ) - User select action: Skip 
12:18:47.0658 4356  hpqcxs08 ( UnsignedFile.Multi.Generic ) - skipped by user
12:18:47.0658 4356  hpqcxs08 ( UnsignedFile.Multi.Generic ) - User select action: Skip 
12:18:47.0658 4356  hpqddsvc ( UnsignedFile.Multi.Generic ) - skipped by user
12:18:47.0658 4356  hpqddsvc ( UnsignedFile.Multi.Generic ) - User select action: Skip 
12:18:47.0658 4356  IDriverT ( UnsignedFile.Multi.Generic ) - skipped by user
12:18:47.0658 4356  IDriverT ( UnsignedFile.Multi.Generic ) - User select action: Skip 
12:18:47.0674 4356  LightScribeService ( UnsignedFile.Multi.Generic ) - skipped by user
12:18:47.0674 4356  LightScribeService ( UnsignedFile.Multi.Generic ) - User select action: Skip 
12:18:47.0674 4356  Net Driver HPZ12 ( UnsignedFile.Multi.Generic ) - skipped by user
12:18:47.0674 4356  Net Driver HPZ12 ( UnsignedFile.Multi.Generic ) - User select action: Skip 
12:18:47.0674 4356  Pml Driver HPZ12 ( UnsignedFile.Multi.Generic ) - skipped by user
12:18:47.0674 4356  Pml Driver HPZ12 ( UnsignedFile.Multi.Generic ) - User select action: Skip

Alt 07.10.2012, 19:05   #20
cosinus
/// Winkelfunktion
/// TB-Süch-Tiger™
 
Polizeivirus auf Windows Vista Home Premium - Standard

Polizeivirus auf Windows Vista Home Premium


Dann bitte jetzt CF ausführen:

ComboFix

Ein Leitfaden und Tutorium zur Nutzung von ComboFix
  • Schliesse alle Programme, vor allem dein Antivirenprogramm und andere Hintergrundwächter sowie deinen Internetbrowser.
  • Starte combofix.exe von deinem Desktop aus, bestätige die Warnmeldungen, führe die Updates durch (falls vorgeschlagen), installiere die Wiederherstellungskonsole (falls vorgeschlagen) und lass dein System durchsuchen.
    Vermeide es auch während Combofix läuft die Maus und Tastatur zu benutzen.
  • Im Anschluss öffnet sich automatisch eine combofix.txt, diesen Inhalt bitte kopieren ([Strg]a, [Strg]c) und in deinen Beitrag einfügen ([Strg]v). Die Datei findest du außerdem unter: C:\ComboFix.txt.
Wichtiger Hinweis:
Combofix darf ausschließlich ausgeführt werden, wenn ein Kompetenzler dies ausdrücklich empfohlen hat!

Es sollte nie auf eigene Initiative hin ausgeführt werden! Eine falsche Benutzung kann ernsthafte Computerprobleme nach sich ziehen und eine Bereinigung der Infektion noch erschweren.

Solltest du nach der Ausführung von Combofix Probleme beim Starten von Anwendungen haben und Meldungen erhalten wie

Zitat:
Es wurde versucht, einen Registrierungsschlüssel einem ungültigen Vorgang zu unterziehen, der zum Löschen markiert wurde.
startest du Windows dann manuell neu und die Fehlermeldungen sollten nicht mehr auftauchen.

__________________
Logfiles bitte immer in CODE-Tags posten

Alt 08.10.2012, 18:29   #21
rene07
 
Polizeivirus auf Windows Vista Home Premium - Standard

Polizeivirus auf Windows Vista Home Premium


Hier der Log:
Code:
ATTFilter
Combofix Logfile:


	
Code: 

 
ATTFilter


  

	
ComboFix 12-10-08.02 - Anja 08.10.2012  18:47:59.1.2 - x86
MicrosoftÆ Windows Vistaô Home Premium   6.0.6002.2.1252.43.1031.18.1022.328 [GMT 2:00]
ausgef¸hrt von:: c:\users\Anja\Desktop\ComboFix.exe
SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
.
(((((((((((((((((((((((   Dateien erstellt von 2012-09-08 bis 2012-10-08  ))))))))))))))))))))))))))))))
.
.
2012-10-08 17:08 . 2012-10-08 17:09	--------	d-----w-	c:\users\Anja\AppData\Local\temp
2012-10-08 17:08 . 2012-10-08 17:08	--------	d-----w-	c:\users\Default\AppData\Local\temp
2012-10-08 16:51 . 2012-08-30 08:17	6980552	----a-w-	c:\programdata\Microsoft\Windows Defender\Definition Updates\{4EB76354-FF2F-4756-BCEF-32AE3288AE6B}\mpengine.dll
2012-10-03 18:12 . 2012-10-03 18:12	--------	d-----w-	C:\_OTL
2012-09-25 12:50 . 2012-09-25 12:50	--------	d-----w-	c:\program files\ESET
2012-09-25 10:58 . 2012-09-25 10:58	--------	d-----w-	c:\users\Anja\AppData\Roaming\Malwarebytes
2012-09-25 10:58 . 2012-09-25 10:58	--------	d-----w-	c:\programdata\Malwarebytes
2012-09-25 10:58 . 2012-09-25 10:58	--------	d-----w-	c:\program files\Malwarebytes' Anti-Malware
2012-09-25 10:58 . 2012-09-07 15:04	22856	----a-w-	c:\windows\system32\drivers\mbam.sys
.
.
.
((((((((((((((((((((((((((((((((((((   Find3M Bericht   ))))))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
.
((((((((((((((((((((((((((((   Autostartpunkte der Registrierung   ))))))))))))))))))))))))))))))))))))))))
.
.
*Hinweis* leere Eintr‰ge & legitime Standardeintr‰ge werden nicht angezeigt. 
REGEDIT4
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Sidebar"="c:\program files\Windows Sidebar\sidebar.exe" [2009-04-10 1233920]
"ehTray.exe"="c:\windows\ehome\ehTray.exe" [2008-01-19 125952]
"swg"="c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2009-02-06 39408]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"hpsysdrv"="c:\hp\support\hpsysdrv.exe" [2006-09-28 65536]
"KBD"="c:\hp\KBD\KbdStub.EXE" [2006-12-08 65536]
"OsdMaestro"="c:\program files\Hewlett-Packard\On-Screen OSD Indicator\OSD.exe" [2007-02-15 118784]
"RtHDVCpl"="RtHDVCpl.exe" [2007-03-01 4390912]
"HP Software Update"="c:\program files\HP\HP Software Update\HPWuSchd2.exe" [2006-12-10 49152]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2008-01-11 39792]
"NvSvc"="c:\windows\system32\nvsvc.dll" [2007-03-12 90191]
"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2007-03-12 7770112]
"NvMediaCenter"="c:\windows\system32\NvMcTray.dll" [2007-03-12 81920]
"StartCCC"="c:\program files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" [2009-11-04 98304]
"SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2010-05-14 248552]
"Microsoft Default Manager"="c:\program files\Microsoft\Search Enhancement Pack\Default Manager\DefMgr.exe" [2010-05-10 439568]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce]
"Launcher"="c:\windows\SMINST\launcher.exe" [2007-03-07 44168]
.
c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
NETGEAR WG111v3 Smart Wizard.lnk - c:\program files\NETGEAR\WG111v3\WG111v3.exe [2006-5-29 1708032]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"EnableUIADesktopToggle"= 0 (0x0)
.
[HKLM\~\startupfolder\C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^HP Digital Imaging Monitor.lnk]
path=c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\HP Digital Imaging Monitor.lnk
backup=c:\windows\pss\HP Digital Imaging Monitor.lnk.CommonStartup
backupExtension=.CommonStartup
.
[HKLM\~\startupfolder\C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^Microsoft Office.lnk]
path=c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\Microsoft Office.lnk
backup=c:\windows\pss\Microsoft Office.lnk.CommonStartup
backupExtension=.CommonStartup
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\swg]
2009-02-06 19:39	39408	----a-w-	c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Symantec PIF AlertEng]
2007-03-12 09:22	517768	----a-w-	c:\program files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring]
"DisableMonitoring"=dword:00000001
.
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus]
"DisableMonitoring"=dword:00000001
.
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecFirewall]
"DisableMonitoring"=dword:00000001
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
HPZ12	REG_MULTI_SZ   	Pml Driver HPZ12 Net Driver HPZ12
hpdevmgmt	REG_MULTI_SZ   	hpqcxs08 hpqddsvc
LocalServiceAndNoImpersonation	REG_MULTI_SZ   	FontCache
.
Inhalt des "geplante Tasks" Ordners
.
2012-10-08 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files\Google\Update\GoogleUpdate.exe [2010-01-28 20:02]
.
2012-10-08 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files\Google\Update\GoogleUpdate.exe [2010-01-28 20:02]
.
.
------- Zus‰tzlicher Suchlauf -------
.
uStart Page = hxxp://www.google.at/
mStart Page = hxxp://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=DE_AT&c=73&bd=Pavilion&pf=desktop
IE: Free YouTube Download - c:\users\Anja\AppData\Roaming\DVDVideoSoftIEHelpers\freeyoutubedownload.htm
IE: Free YouTube to MP3 Converter - c:\users\Anja\AppData\Roaming\DVDVideoSoftIEHelpers\freeyoutubetomp3converter.htm
IE: Nach Microsoft &Excel exportieren - c:\progra~1\MICROS~3\Office10\EXCEL.EXE/3000
IE: Nach Microsoft E&xel exportieren - c:\progra~1\MICROS~3\Office12\EXCEL.EXE/3000
TCP: DhcpNameServer = 10.0.0.138
.
.
**************************************************************************
.
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, hxxp://www.gmer.net
Rootkit scan 2012-10-08 19:09
Windows 6.0.6002 Service Pack 2 NTFS
.
Scanne versteckte Prozesse... 
.
Scanne versteckte Autostarteintr‰ge... 
.
Scanne versteckte Dateien... 
.
Scan erfolgreich abgeschlossen
versteckte Dateien: 0
.
**************************************************************************
.
--------------------- Gesperrte Registrierungsschluessel ---------------------
.
[HKEY_USERS\S-1-5-21-3424106836-3771431339-2525162909-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\C]
@DACL=(02 0000)
"BaseClass"="Drive"
.
[HKEY_USERS\S-1-5-21-3424106836-3771431339-2525162909-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\CPC]
@DACL=(02 0000)
.
[HKEY_USERS\S-1-5-21-3424106836-3771431339-2525162909-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\D]
@DACL=(02 0000)
"BaseClass"="Drive"
.
[HKEY_USERS\S-1-5-21-3424106836-3771431339-2525162909-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\E]
@DACL=(02 0000)
"BaseClass"="Drive"
.
[HKEY_USERS\S-1-5-21-3424106836-3771431339-2525162909-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\F]
@DACL=(02 0000)
"BaseClass"="Drive"
.
[HKEY_USERS\S-1-5-21-3424106836-3771431339-2525162909-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\G]
@DACL=(02 0000)
"BaseClass"="Drive"
.
[HKEY_USERS\S-1-5-21-3424106836-3771431339-2525162909-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\H]
@DACL=(02 0000)
"BaseClass"="Drive"
.
[HKEY_USERS\S-1-5-21-3424106836-3771431339-2525162909-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\I]
@DACL=(02 0000)
"BaseClass"="Drive"
.
[HKEY_USERS\S-1-5-21-3424106836-3771431339-2525162909-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\J]
@DACL=(02 0000)
"BaseClass"="Drive"
.
[HKEY_USERS\S-1-5-21-3424106836-3771431339-2525162909-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\L]
@DACL=(02 0000)
"BaseClass"="Drive"
.
[HKEY_USERS\S-1-5-21-3424106836-3771431339-2525162909-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{03cd3b75-ddbe-11de-8090-90e6ba03f72d}]
@DACL=(02 0000)
"BaseClass"="Drive"
.
[HKEY_USERS\S-1-5-21-3424106836-3771431339-2525162909-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{11388c60-92e7-11dd-aa68-001bfce07dbf}]
@DACL=(02 0000)
"BaseClass"="Drive"
.
[HKEY_USERS\S-1-5-21-3424106836-3771431339-2525162909-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{244b77f7-cca5-11df-b042-90e6ba03f72d}]
@DACL=(02 0000)
"BaseClass"="Drive"
.
[HKEY_USERS\S-1-5-21-3424106836-3771431339-2525162909-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{41bc3e05-0642-11e2-b771-00c0a8f64d48}]
@DACL=(02 0000)
"BaseClass"="Drive"
.
[HKEY_USERS\S-1-5-21-3424106836-3771431339-2525162909-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{41bc3e08-0642-11e2-b771-00c0a8f64d48}]
@DACL=(02 0000)
"BaseClass"="Drive"
.
[HKEY_USERS\S-1-5-21-3424106836-3771431339-2525162909-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{46519f38-3e34-11dc-a1f5-806e6f6e6963}]
@DACL=(02 0000)
"BaseClass"="Drive"
.
[HKEY_USERS\S-1-5-21-3424106836-3771431339-2525162909-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{46519f3a-3e34-11dc-a1f5-806e6f6e6963}]
@DACL=(02 0000)
"BaseClass"="Drive"
"_CommentFromDesktopINI"=""
.
[HKEY_USERS\S-1-5-21-3424106836-3771431339-2525162909-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{4651a168-3e34-11dc-a1f5-806e6f6e6963}]
@DACL=(02 0000)
"BaseClass"="Drive"
.
[HKEY_USERS\S-1-5-21-3424106836-3771431339-2525162909-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{4651a168-3e34-11dc-a1f5-806e6f6e6963}\_Autorun]
@DACL=(02 0000)
.
[HKEY_USERS\S-1-5-21-3424106836-3771431339-2525162909-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{4651a16d-3e34-11dc-a1f5-806e6f6e6963}]
@DACL=(02 0000)
"BaseClass"="Drive"
.
[HKEY_USERS\S-1-5-21-3424106836-3771431339-2525162909-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{4651a16e-3e34-11dc-a1f5-806e6f6e6963}]
@DACL=(02 0000)
"BaseClass"="Drive"
.
[HKEY_USERS\S-1-5-21-3424106836-3771431339-2525162909-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{4651a16f-3e34-11dc-a1f5-806e6f6e6963}]
@DACL=(02 0000)
"BaseClass"="Drive"
.
[HKEY_USERS\S-1-5-21-3424106836-3771431339-2525162909-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{4651a170-3e34-11dc-a1f5-806e6f6e6963}]
@DACL=(02 0000)
"BaseClass"="Drive"
.
[HKEY_USERS\S-1-5-21-3424106836-3771431339-2525162909-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{51013aa3-a968-11dc-bd8c-001bfce07dbf}]
@DACL=(02 0000)
"BaseClass"="Drive"
.
[HKEY_USERS\S-1-5-21-3424106836-3771431339-2525162909-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{5466fd77-df69-11df-aeda-90e6ba03f72d}]
@DACL=(02 0000)
"BaseClass"="Drive"
.
[HKEY_USERS\S-1-5-21-3424106836-3771431339-2525162909-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{575e3b1f-210f-11dd-8510-001bfce07dbf}]
@DACL=(02 0000)
"BaseClass"="Drive"
.
[HKEY_USERS\S-1-5-21-3424106836-3771431339-2525162909-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{77b43777-a6f2-11df-bdf3-90e6ba03f72d}]
@DACL=(02 0000)
"BaseClass"="Drive"
.
[HKEY_USERS\S-1-5-21-3424106836-3771431339-2525162909-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{77b4377d-a6f2-11df-bdf3-90e6ba03f72d}]
@DACL=(02 0000)
"BaseClass"="Drive"
.
[HKEY_USERS\S-1-5-21-3424106836-3771431339-2525162909-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{7eb7fa60-f6ae-11dc-83c7-001bfce07dbf}]
@DACL=(02 0000)
"BaseClass"="Drive"
.
[HKEY_USERS\S-1-5-21-3424106836-3771431339-2525162909-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{85e88f28-8fa4-11dd-bf09-001bfce07dbf}]
@DACL=(02 0000)
"BaseClass"="Drive"
.
[HKEY_USERS\S-1-5-21-3424106836-3771431339-2525162909-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{8c2e9342-d9ee-11de-a96e-806e6f6e6963}]
@DACL=(02 0000)
"BaseClass"="Drive"
.
[HKEY_USERS\S-1-5-21-3424106836-3771431339-2525162909-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{8c2e9343-d9ee-11de-a96e-806e6f6e6963}]
@DACL=(02 0000)
"BaseClass"="Drive"
"_CommentFromDesktopINI"=""
.
[HKEY_USERS\S-1-5-21-3424106836-3771431339-2525162909-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{8c2e9343-d9ee-11de-a96e-806e6f6e6963}\shell]
@DACL=(02 0000)
@="None"
.
[HKEY_USERS\S-1-5-21-3424106836-3771431339-2525162909-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{902033da-dda7-11de-bf1c-806e6f6e6963}]
@DACL=(02 0000)
"BaseClass"="Drive"
.
[HKEY_USERS\S-1-5-21-3424106836-3771431339-2525162909-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{902033da-dda7-11de-bf1c-806e6f6e6963}\shell]
@DACL=(02 0000)
@="None"
.
[HKEY_USERS\S-1-5-21-3424106836-3771431339-2525162909-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{98d16ee8-eae8-11e1-951e-806e6f6e6963}]
@DACL=(02 0000)
"BaseClass"="Drive"
.
[HKEY_USERS\S-1-5-21-3424106836-3771431339-2525162909-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{9fc18777-44d8-11e0-9e76-90e6ba03f72d}]
@DACL=(02 0000)
"BaseClass"="Drive"
.
[HKEY_USERS\S-1-5-21-3424106836-3771431339-2525162909-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{cb3f5880-e4a3-11dc-854b-001bfce07dbf}]
@DACL=(02 0000)
"BaseClass"="Drive"
.
[HKEY_USERS\S-1-5-21-3424106836-3771431339-2525162909-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{cb3f5884-e4a3-11dc-854b-001bfce07dbf}]
@DACL=(02 0000)
"BaseClass"="Drive"
.
[HKEY_USERS\S-1-5-21-3424106836-3771431339-2525162909-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{d61dd00b-b3c6-11e1-a11b-90e6ba03f72d}]
@DACL=(02 0000)
"BaseClass"="Drive"
.
[HKEY_USERS\S-1-5-21-3424106836-3771431339-2525162909-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{e4400d4d-e493-11dc-8ba6-001bfce07dbf}]
@DACL=(02 0000)
"BaseClass"="Drive"
.
[HKEY_USERS\S-1-5-21-3424106836-3771431339-2525162909-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{e4400d51-e493-11dc-8ba6-001bfce07dbf}]
@DACL=(02 0000)
"BaseClass"="Drive"
.
[HKEY_USERS\S-1-5-21-3424106836-3771431339-2525162909-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{e4400d57-e493-11dc-8ba6-001bfce07dbf}]
@DACL=(02 0000)
"BaseClass"="Drive"
.
[HKEY_USERS\S-1-5-21-3424106836-3771431339-2525162909-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{e4400d74-e493-11dc-8ba6-001bfce07dbf}]
@DACL=(02 0000)
"BaseClass"="Drive"
.
[HKEY_USERS\S-1-5-21-3424106836-3771431339-2525162909-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{f47b8d3e-7167-11de-ab0c-001bfce07dbf}]
@DACL=(02 0000)
"BaseClass"="Drive"
.
Zeit der Fertigstellung: 2012-10-08  19:12:11
ComboFix-quarantined-files.txt  2012-10-08 17:12
.
Vor Suchlauf: 14 Verzeichnis(se), 250.405.257.216 Bytes frei
Nach Suchlauf: 19 Verzeichnis(se), 263.099.768.832 Bytes frei
.
- - End Of File - - 47B1BA138C9525054398ABD0C760EB2F
         
 
--- --- ---
Allerdings bekomme ich jetzt, wenn ich den Internet Explorer starten möchte folgende Meldung:

Code:
ATTFilter
Es wurde versucht einen Registrierungsschlüssel einem unzulässigen Vorgang zu unterziehen, der zum Löschen markiert wurde.

Alt 08.10.2012, 21:37   #22
cosinus
/// Winkelfunktion
/// TB-Süch-Tiger™
 
Polizeivirus auf Windows Vista Home Premium - Standard

Polizeivirus auf Windows Vista Home Premium


Zitat:
Allerdings bekomme ich jetzt, wenn ich den Internet Explorer starten möchte folgende Meldung:
Anleitung komplett lesen hilft!
__________________
Logfiles bitte immer in CODE-Tags posten

Alt 09.10.2012, 17:28   #23
rene07
 
Polizeivirus auf Windows Vista Home Premium - Standard

Polizeivirus auf Windows Vista Home Premium


Alles klar - sorry da hab ich wohl die letzte Zeile übersehen.
Funtioniert alles perfekt!

Der Virus scheint soweit entfernt zu sein. Gibt es noch weitere Schritte?

VG & DANKE

Alt 09.10.2012, 18:59   #24
cosinus
/// Winkelfunktion
/// TB-Süch-Tiger™
 
Polizeivirus auf Windows Vista Home Premium - Standard

Polizeivirus auf Windows Vista Home Premium


Bitte nun Logs mit GMER und OSAM erstellen und posten.
GMER stürzt häufiger ab, wenn das Tool auch beim 2. Mal nicht will, lass es einfach weg und führ nur OSAM aus - die Online-Abfrage durch OSAM bitte überspringen.
Bei OSAM bitte darauf auch achten, dass Du das Log auch als *.log und nicht *.html oder so abspeicherst.

Hinweis: Zum Entpacken von OSAM bitte WinRAR oder 7zip verwenden! Stell auch unbedingt den Virenscanner ab, besonders der Scanner von McAfee meldet oft einen Fehalarm in OSAM!

Downloade dir bitte aswMBR.exe und speichere die Datei auf deinem Desktop.
  • Starte die aswMBR.exe - (aswMBR.exe Anleitung)
    Ab Windows Vista (oder höher) bitte mit Rechtsklick "als Administrator ausführen" starten".
  • Das Tool wird dich fragen, ob Du mit der aktuellen Virendefinition von AVAST! dein System scannen willst. Beantworte diese Frage bitte mit Ja. (Sollte deine Firewall fragen, bitte den Zugriff auf das Internet zulassen )
    Der Download der Definitionen kann je nach Verbindung eine Weile dauern.
  • Klicke auf Scan.
  • Warte bitte bis Scan finished successfully im DOS-Fenster steht.
  • Drücke auf Save Log und speichere diese auf dem Desktop.
Poste mir die aswMBR.txt in deiner nächsten Antwort.

Wichtig: Drücke keinesfalls einen der Fix Buttons ohne Anweisung

Hinweis: Sollte der Scan Button ausgeblendet sein, schließe das Tool und starte es erneut. Sollte der Scan abbrechen und das Programm abstürzen, dann teile mir das mit und wähle unter AV Scan die Einstellung (none).



Noch ein Hinweis: Sollte aswMBR abstürzen und es kommt eine Meldung wie "aswMBR.exe funktioniert nicht mehr, dann mach Folgendes:
Starte aswMBR neu, wähle unten links im Drop-Down-Menü (unten links im Fenster von aswMBR) bei "AV scan" (none) aus und klick nochmal auf den Scan-Button.
__________________
Logfiles bitte immer in CODE-Tags posten

Alt 10.10.2012, 19:52   #25
rene07
 
Polizeivirus auf Windows Vista Home Premium - Standard

Polizeivirus auf Windows Vista Home Premium


Hier der Log von GMER:
Code:
ATTFilter
GMER 1.0.15.15641 - hxxp://www.gmer.net
Rootkit scan 2012-10-10 19:56:25
Windows 6.0.6002 Service Pack 2 Harddisk0\DR0 -> \Device\0000004f Hitachi_ rev.V54O
Running: s6xffw4v.exe; Driver: C:\Users\Anja\AppData\Local\Temp\kwldrpow.sys


---- Kernel code sections - GMER 1.0.15 ----

.text  C:\Windows\system32\DRIVERS\atikmdag.sys                                                                                                     section is writeable [0x89E02000, 0x2BFAE2, 0xE8000020]

---- Registry - GMER 1.0.15 ----

Reg    HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\C@BaseClass                                                             Drive
Reg    HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\CPC\Volume                                                              
Reg    HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\D@BaseClass                                                             Drive
Reg    HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\E@BaseClass                                                             Drive
Reg    HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\F@BaseClass                                                             Drive
Reg    HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\G@BaseClass                                                             Drive
Reg    HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\H@BaseClass                                                             Drive
Reg    HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\I@BaseClass                                                             Drive
Reg    HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\J@BaseClass                                                             Drive
Reg    HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\L@BaseClass                                                             Drive
Reg    HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{03cd3b75-ddbe-11de-8090-90e6ba03f72d}@BaseClass                        Drive
Reg    HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{03cd3b75-ddbe-11de-8090-90e6ba03f72d}\shell                            
Reg    HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{03cd3b75-ddbe-11de-8090-90e6ba03f72d}\shell@                           None
Reg    HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{03cd3b75-ddbe-11de-8090-90e6ba03f72d}\shell\Autoplay                   
Reg    HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{03cd3b75-ddbe-11de-8090-90e6ba03f72d}\shell\Autoplay@MUIVerb           @shell32.dll,-8507
Reg    HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{03cd3b75-ddbe-11de-8090-90e6ba03f72d}\shell\Autoplay\DropTarget        
Reg    HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{03cd3b75-ddbe-11de-8090-90e6ba03f72d}\shell\Autoplay\DropTarget@CLSID  {F26A669A-BCBB-4E37-ABF9-7325DA15F931}
Reg    HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{11388c60-92e7-11dd-aa68-001bfce07dbf}@BaseClass                        Drive
Reg    HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{11388c60-92e7-11dd-aa68-001bfce07dbf}\shell                            
Reg    HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{11388c60-92e7-11dd-aa68-001bfce07dbf}\shell@                           None
Reg    HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{11388c60-92e7-11dd-aa68-001bfce07dbf}\shell\Autoplay                   
Reg    HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{11388c60-92e7-11dd-aa68-001bfce07dbf}\shell\Autoplay@MUIVerb           @shell32.dll,-8507
Reg    HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{11388c60-92e7-11dd-aa68-001bfce07dbf}\shell\Autoplay\DropTarget        
Reg    HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{11388c60-92e7-11dd-aa68-001bfce07dbf}\shell\Autoplay\DropTarget@CLSID  {F26A669A-BCBB-4E37-ABF9-7325DA15F931}
Reg    HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{244b77f7-cca5-11df-b042-90e6ba03f72d}@BaseClass                        Drive
Reg    HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{41bc3e05-0642-11e2-b771-00c0a8f64d48}@BaseClass                        Drive
Reg    HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{41bc3e05-0642-11e2-b771-00c0a8f64d48}\shell                            
Reg    HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{41bc3e05-0642-11e2-b771-00c0a8f64d48}\shell@                           None
Reg    HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{41bc3e05-0642-11e2-b771-00c0a8f64d48}\shell\Autoplay                   
Reg    HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{41bc3e05-0642-11e2-b771-00c0a8f64d48}\shell\Autoplay@MUIVerb           @shell32.dll,-8507
Reg    HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{41bc3e05-0642-11e2-b771-00c0a8f64d48}\shell\Autoplay\DropTarget        
Reg    HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{41bc3e05-0642-11e2-b771-00c0a8f64d48}\shell\Autoplay\DropTarget@CLSID  {F26A669A-BCBB-4E37-ABF9-7325DA15F931}
Reg    HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{41bc3e08-0642-11e2-b771-00c0a8f64d48}@BaseClass                        Drive
Reg    HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{41bc3e08-0642-11e2-b771-00c0a8f64d48}\shell                            
Reg    HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{41bc3e08-0642-11e2-b771-00c0a8f64d48}\shell@                           None
Reg    HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{41bc3e08-0642-11e2-b771-00c0a8f64d48}\shell\Autoplay                   
Reg    HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{41bc3e08-0642-11e2-b771-00c0a8f64d48}\shell\Autoplay@MUIVerb           @shell32.dll,-8507
Reg    HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{41bc3e08-0642-11e2-b771-00c0a8f64d48}\shell\Autoplay\DropTarget        
Reg    HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{41bc3e08-0642-11e2-b771-00c0a8f64d48}\shell\Autoplay\DropTarget@CLSID  {F26A669A-BCBB-4E37-ABF9-7325DA15F931}
Reg    HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{46519f38-3e34-11dc-a1f5-806e6f6e6963}@BaseClass                        Drive
Reg    HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{46519f3a-3e34-11dc-a1f5-806e6f6e6963}@BaseClass                        Drive
Reg    HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{46519f3a-3e34-11dc-a1f5-806e6f6e6963}@_CommentFromDesktopINI           
Reg    HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{4651a168-3e34-11dc-a1f5-806e6f6e6963}@BaseClass                        Drive
Reg    HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{4651a168-3e34-11dc-a1f5-806e6f6e6963}\_Autorun                         
Reg    HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{4651a168-3e34-11dc-a1f5-806e6f6e6963}\_Autorun\DefaultIcon             
Reg    HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{4651a168-3e34-11dc-a1f5-806e6f6e6963}\_Autorun\DefaultIcon@            E:\autorun.exe,0
Reg    HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{4651a16d-3e34-11dc-a1f5-806e6f6e6963}@BaseClass                        Drive
Reg    HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{4651a16e-3e34-11dc-a1f5-806e6f6e6963}@BaseClass                        Drive
Reg    HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{4651a16f-3e34-11dc-a1f5-806e6f6e6963}@BaseClass                        Drive
Reg    HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{4651a170-3e34-11dc-a1f5-806e6f6e6963}@BaseClass                        Drive
Reg    HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{51013aa3-a968-11dc-bd8c-001bfce07dbf}@BaseClass                        Drive
Reg    HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{51013aa3-a968-11dc-bd8c-001bfce07dbf}\shell                            
Reg    HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{51013aa3-a968-11dc-bd8c-001bfce07dbf}\shell@                           None
Reg    HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{51013aa3-a968-11dc-bd8c-001bfce07dbf}\shell\Autoplay                   
Reg    HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{51013aa3-a968-11dc-bd8c-001bfce07dbf}\shell\Autoplay@MUIVerb           @shell32.dll,-8507
Reg    HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{51013aa3-a968-11dc-bd8c-001bfce07dbf}\shell\Autoplay\DropTarget        
Reg    HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{51013aa3-a968-11dc-bd8c-001bfce07dbf}\shell\Autoplay\DropTarget@CLSID  {F26A669A-BCBB-4E37-ABF9-7325DA15F931}
Reg    HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{5466fd77-df69-11df-aeda-90e6ba03f72d}@BaseClass                        Drive
Reg    HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{5466fd77-df69-11df-aeda-90e6ba03f72d}\shell                            
Reg    HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{5466fd77-df69-11df-aeda-90e6ba03f72d}\shell@                           None
Reg    HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{5466fd77-df69-11df-aeda-90e6ba03f72d}\shell\Autoplay                   
Reg    HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{5466fd77-df69-11df-aeda-90e6ba03f72d}\shell\Autoplay@MUIVerb           @shell32.dll,-8507
Reg    HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{5466fd77-df69-11df-aeda-90e6ba03f72d}\shell\Autoplay\DropTarget        
Reg    HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{5466fd77-df69-11df-aeda-90e6ba03f72d}\shell\Autoplay\DropTarget@CLSID  {F26A669A-BCBB-4E37-ABF9-7325DA15F931}
Reg    HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{575e3b1f-210f-11dd-8510-001bfce07dbf}@BaseClass                        Drive
Reg    HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{575e3b1f-210f-11dd-8510-001bfce07dbf}\shell                            
Reg    HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{575e3b1f-210f-11dd-8510-001bfce07dbf}\shell@                           None
Reg    HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{575e3b1f-210f-11dd-8510-001bfce07dbf}\shell\Autoplay                   
Reg    HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{575e3b1f-210f-11dd-8510-001bfce07dbf}\shell\Autoplay@MUIVerb           @shell32.dll,-8507
Reg    HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{575e3b1f-210f-11dd-8510-001bfce07dbf}\shell\Autoplay\DropTarget        
Reg    HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{575e3b1f-210f-11dd-8510-001bfce07dbf}\shell\Autoplay\DropTarget@CLSID  {F26A669A-BCBB-4E37-ABF9-7325DA15F931}
Reg    HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{77b43777-a6f2-11df-bdf3-90e6ba03f72d}@BaseClass                        Drive
Reg    HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{77b43777-a6f2-11df-bdf3-90e6ba03f72d}\shell                            
Reg    HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{77b43777-a6f2-11df-bdf3-90e6ba03f72d}\shell@                           None
Reg    HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{77b43777-a6f2-11df-bdf3-90e6ba03f72d}\shell\Autoplay                   
Reg    HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{77b43777-a6f2-11df-bdf3-90e6ba03f72d}\shell\Autoplay@MUIVerb           @shell32.dll,-8507
Reg    HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{77b43777-a6f2-11df-bdf3-90e6ba03f72d}\shell\Autoplay\DropTarget        
Reg    HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{77b43777-a6f2-11df-bdf3-90e6ba03f72d}\shell\Autoplay\DropTarget@CLSID  {F26A669A-BCBB-4E37-ABF9-7325DA15F931}
Reg    HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{77b4377d-a6f2-11df-bdf3-90e6ba03f72d}@BaseClass                        Drive
Reg    HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{77b4377d-a6f2-11df-bdf3-90e6ba03f72d}\shell                            
Reg    HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{77b4377d-a6f2-11df-bdf3-90e6ba03f72d}\shell@                           None
Reg    HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{77b4377d-a6f2-11df-bdf3-90e6ba03f72d}\shell\Autoplay                   
Reg    HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{77b4377d-a6f2-11df-bdf3-90e6ba03f72d}\shell\Autoplay@MUIVerb           @shell32.dll,-8507
Reg    HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{77b4377d-a6f2-11df-bdf3-90e6ba03f72d}\shell\Autoplay\DropTarget        
Reg    HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{77b4377d-a6f2-11df-bdf3-90e6ba03f72d}\shell\Autoplay\DropTarget@CLSID  {F26A669A-BCBB-4E37-ABF9-7325DA15F931}
Reg    HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{7eb7fa60-f6ae-11dc-83c7-001bfce07dbf}@BaseClass                        Drive
Reg    HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{7eb7fa60-f6ae-11dc-83c7-001bfce07dbf}\shell                            
Reg    HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{7eb7fa60-f6ae-11dc-83c7-001bfce07dbf}\shell@                           None
Reg    HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{7eb7fa60-f6ae-11dc-83c7-001bfce07dbf}\shell\Autoplay                   
Reg    HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{7eb7fa60-f6ae-11dc-83c7-001bfce07dbf}\shell\Autoplay@MUIVerb           @shell32.dll,-8507
Reg    HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{7eb7fa60-f6ae-11dc-83c7-001bfce07dbf}\shell\Autoplay\DropTarget        
Reg    HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{7eb7fa60-f6ae-11dc-83c7-001bfce07dbf}\shell\Autoplay\DropTarget@CLSID  {F26A669A-BCBB-4E37-ABF9-7325DA15F931}
Reg    HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{85e88f28-8fa4-11dd-bf09-001bfce07dbf}@BaseClass                        Drive
Reg    HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{85e88f28-8fa4-11dd-bf09-001bfce07dbf}\shell                            
Reg    HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{85e88f28-8fa4-11dd-bf09-001bfce07dbf}\shell@                           None
Reg    HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{85e88f28-8fa4-11dd-bf09-001bfce07dbf}\shell\Autoplay                   
Reg    HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{85e88f28-8fa4-11dd-bf09-001bfce07dbf}\shell\Autoplay@MUIVerb           @shell32.dll,-8507
Reg    HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{85e88f28-8fa4-11dd-bf09-001bfce07dbf}\shell\Autoplay\DropTarget        
Reg    HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{85e88f28-8fa4-11dd-bf09-001bfce07dbf}\shell\Autoplay\DropTarget@CLSID  {F26A669A-BCBB-4E37-ABF9-7325DA15F931}
Reg    HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{8c2e9342-d9ee-11de-a96e-806e6f6e6963}@BaseClass                        Drive
Reg    HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{8c2e9343-d9ee-11de-a96e-806e6f6e6963}@BaseClass                        Drive
Reg    HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{8c2e9343-d9ee-11de-a96e-806e6f6e6963}@_CommentFromDesktopINI           
Reg    HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{8c2e9343-d9ee-11de-a96e-806e6f6e6963}\shell                            
Reg    HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{8c2e9343-d9ee-11de-a96e-806e6f6e6963}\shell@                           None
Reg    HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{8c2e9343-d9ee-11de-a96e-806e6f6e6963}\shell\Autoplay                   
Reg    HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{8c2e9343-d9ee-11de-a96e-806e6f6e6963}\shell\Autoplay@MUIVerb           @shell32.dll,-8507
Reg    HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{8c2e9343-d9ee-11de-a96e-806e6f6e6963}\shell\Autoplay\DropTarget        
Reg    HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{8c2e9343-d9ee-11de-a96e-806e6f6e6963}\shell\Autoplay\DropTarget@CLSID  {F26A669A-BCBB-4E37-ABF9-7325DA15F931}
Reg    HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{902033da-dda7-11de-bf1c-806e6f6e6963}@BaseClass                        Drive
Reg    HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{902033da-dda7-11de-bf1c-806e6f6e6963}\shell                            
Reg    HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{902033da-dda7-11de-bf1c-806e6f6e6963}\shell@                           None
Reg    HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{902033da-dda7-11de-bf1c-806e6f6e6963}\shell\Autoplay                   
Reg    HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{902033da-dda7-11de-bf1c-806e6f6e6963}\shell\Autoplay@MUIVerb           @shell32.dll,-8507
Reg    HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{902033da-dda7-11de-bf1c-806e6f6e6963}\shell\Autoplay\DropTarget        
Reg    HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{902033da-dda7-11de-bf1c-806e6f6e6963}\shell\Autoplay\DropTarget@CLSID  {F26A669A-BCBB-4E37-ABF9-7325DA15F931}
Reg    HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{98d16ee8-eae8-11e1-951e-806e6f6e6963}@BaseClass                        Drive
Reg    HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{9fc18777-44d8-11e0-9e76-90e6ba03f72d}@BaseClass                        Drive
Reg    HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{9fc18777-44d8-11e0-9e76-90e6ba03f72d}\shell                            
Reg    HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{9fc18777-44d8-11e0-9e76-90e6ba03f72d}\shell@                           None
Reg    HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{9fc18777-44d8-11e0-9e76-90e6ba03f72d}\shell\Autoplay                   
Reg    HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{9fc18777-44d8-11e0-9e76-90e6ba03f72d}\shell\Autoplay@MUIVerb           @shell32.dll,-8507
Reg    HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{9fc18777-44d8-11e0-9e76-90e6ba03f72d}\shell\Autoplay\DropTarget        
Reg    HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{9fc18777-44d8-11e0-9e76-90e6ba03f72d}\shell\Autoplay\DropTarget@CLSID  {F26A669A-BCBB-4E37-ABF9-7325DA15F931}
Reg    HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{cb3f5880-e4a3-11dc-854b-001bfce07dbf}@BaseClass                        Drive
Reg    HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{cb3f5884-e4a3-11dc-854b-001bfce07dbf}@BaseClass                        Drive
Reg    HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{d61dd00b-b3c6-11e1-a11b-90e6ba03f72d}@BaseClass                        Drive
Reg    HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{d61dd00b-b3c6-11e1-a11b-90e6ba03f72d}\shell                            
Reg    HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{d61dd00b-b3c6-11e1-a11b-90e6ba03f72d}\shell@                           None
Reg    HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{d61dd00b-b3c6-11e1-a11b-90e6ba03f72d}\shell\Autoplay                   
Reg    HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{d61dd00b-b3c6-11e1-a11b-90e6ba03f72d}\shell\Autoplay@MUIVerb           @shell32.dll,-8507
Reg    HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{d61dd00b-b3c6-11e1-a11b-90e6ba03f72d}\shell\Autoplay\DropTarget        
Reg    HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{d61dd00b-b3c6-11e1-a11b-90e6ba03f72d}\shell\Autoplay\DropTarget@CLSID  {F26A669A-BCBB-4E37-ABF9-7325DA15F931}
Reg    HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{e4400d4d-e493-11dc-8ba6-001bfce07dbf}@BaseClass                        Drive
Reg    HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{e4400d51-e493-11dc-8ba6-001bfce07dbf}@BaseClass                        Drive
Reg    HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{e4400d57-e493-11dc-8ba6-001bfce07dbf}@BaseClass                        Drive
Reg    HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{e4400d57-e493-11dc-8ba6-001bfce07dbf}\shell                            
Reg    HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{e4400d57-e493-11dc-8ba6-001bfce07dbf}\shell@                           None
Reg    HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{e4400d57-e493-11dc-8ba6-001bfce07dbf}\shell\Autoplay                   
Reg    HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{e4400d57-e493-11dc-8ba6-001bfce07dbf}\shell\Autoplay@MUIVerb           @shell32.dll,-8507
Reg    HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{e4400d57-e493-11dc-8ba6-001bfce07dbf}\shell\Autoplay\DropTarget        
Reg    HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{e4400d57-e493-11dc-8ba6-001bfce07dbf}\shell\Autoplay\DropTarget@CLSID  {F26A669A-BCBB-4E37-ABF9-7325DA15F931}
Reg    HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{e4400d74-e493-11dc-8ba6-001bfce07dbf}@BaseClass                        Drive
Reg    HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{e4400d74-e493-11dc-8ba6-001bfce07dbf}\shell                            
Reg    HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{e4400d74-e493-11dc-8ba6-001bfce07dbf}\shell@                           None
Reg    HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{e4400d74-e493-11dc-8ba6-001bfce07dbf}\shell\Autoplay                   
Reg    HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{e4400d74-e493-11dc-8ba6-001bfce07dbf}\shell\Autoplay@MUIVerb           @shell32.dll,-8507
Reg    HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{e4400d74-e493-11dc-8ba6-001bfce07dbf}\shell\Autoplay\DropTarget        
Reg    HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{e4400d74-e493-11dc-8ba6-001bfce07dbf}\shell\Autoplay\DropTarget@CLSID  {F26A669A-BCBB-4E37-ABF9-7325DA15F931}
Reg    HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{f47b8d3e-7167-11de-ab0c-001bfce07dbf}@BaseClass                        Drive
Reg    HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{f47b8d3e-7167-11de-ab0c-001bfce07dbf}\shell                            
Reg    HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{f47b8d3e-7167-11de-ab0c-001bfce07dbf}\shell@                           None
Reg    HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{f47b8d3e-7167-11de-ab0c-001bfce07dbf}\shell\Autoplay                   
Reg    HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{f47b8d3e-7167-11de-ab0c-001bfce07dbf}\shell\Autoplay@MUIVerb           @shell32.dll,-8507
Reg    HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{f47b8d3e-7167-11de-ab0c-001bfce07dbf}\shell\Autoplay\DropTarget        
Reg    HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{f47b8d3e-7167-11de-ab0c-001bfce07dbf}\shell\Autoplay\DropTarget@CLSID  {F26A669A-BCBB-4E37-ABF9-7325DA15F931}

---- EOF - GMER 1.0.15 ----
Hier der Log von OSAM:

Code:
ATTFilter
Report of OSAM: Autorun Manager v5.0.11926.0
hxxp://www.online-solutions.ru/en/
Saved at 20:01:34 on 10.10.2012

OS: Windows Vista Home Premium Edition Service Pack 2 (Build 6002), 32-bit
Default Browser: Microsoft Corporation Internet Explorer 9.00.8112.16421

Scanner Settings
[x] Rootkits detection (hidden registry)
[x] Rootkits detection (hidden files)
[x] Retrieve files information
[x] Check Microsoft signatures

Filters
[ ] Trusted entries
[ ] Empty entries
[x] Hidden registry entries (rootkit activity)
[x] Exclusively opened files
[x] Not found files
[x] Files without detailed information
[x] Existing files
[ ] Non-startable services
[ ] Non-startable drivers
[x] Active entries
[x] Disabled entries


[Common]
-----( %SystemRoot%\Tasks )-----
"GoogleUpdateTaskMachineCore.job" - "Google Inc." - C:\Program Files\Google\Update\GoogleUpdate.exe
"GoogleUpdateTaskMachineUA.job" - "Google Inc." - C:\Program Files\Google\Update\GoogleUpdate.exe

[Drivers]
-----( HKLM\SYSTEM\CurrentControlSet\Services )-----
"BVRPMPR5 NDIS Protocol Driver" (BVRPMPR5) - "Avanquest Software" - C:\Windows\system32\drivers\BVRPMPR5.SYS
"catchme" (catchme) - ? - C:\Users\Anja\AppData\Local\Temp\catchme.sys  (File not found)
"IP in IP Tunnel Driver" (IpInIp) - ? - C:\Windows\System32\DRIVERS\ipinip.sys  (File not found)
"IPX Traffic Filter Driver" (NwlnkFlt) - ? - C:\Windows\System32\DRIVERS\nwlnkflt.sys  (File not found)
"IPX Traffic Forwarder Driver" (NwlnkFwd) - ? - C:\Windows\System32\DRIVERS\nwlnkfwd.sys  (File not found)
"kwldrpow" (kwldrpow) - ? - C:\Users\Anja\AppData\Local\Temp\kwldrpow.sys  (Hidden registry entry, rootkit activity | File not found)
"PxHelp20" (PxHelp20) - "Sonic Solutions" - C:\Windows\System32\Drivers\PxHelp20.sys
"ssmdrv" (ssmdrv) - "Avira GmbH" - C:\Windows\System32\DRIVERS\ssmdrv.sys

[Explorer]
-----( HKLM\Software\Classes\Folder\shellex\ColumnHandlers )-----
{F9DB5320-233E-11D1-9F84-707F02C10627} "PDF Shell Extension" - "Adobe Systems, Inc." - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\PDFShell.dll
{C52AF81D-F7A0-4AAB-8E87-F80A60CCD396} "{C52AF81D-F7A0-4AAB-8E87-F80A60CCD396}" - ? - C:\Program Files\OpenOffice.org 3\Basis\program\shlxthdl\shlxthdl.dll
-----( HKLM\Software\Classes\Protocols\Filter )-----
{807563E5-5146-11D5-A672-00B0D022E945} "Microsoft Office InfoPath XML Mime Filter" - "Microsoft Corporation" - C:\PROGRA~1\COMMON~1\MICROS~1\OFFICE12\MSOXMLMF.DLL
-----( HKLM\Software\Classes\Protocols\Handler )-----
{3D9F03FA-7A94-11D3-BE81-0050048385D1} "Data Page Pluggable Protocol mso-offdap Handler" - "Microsoft Corporation" - C:\PROGRA~1\COMMON~1\MICROS~1\WEBCOM~1\10\OWC10.DLL
{314111c7-a502-11d2-bbca-00c04f8ec294} "HxProtocol Class" - "Microsoft Corporation" - C:\Program Files\Common Files\Microsoft Shared\Help\hxds.dll
{0A9007C0-4076-11D3-8789-0000F8105754} "Microsoft Infotech Storage Protocol for IE 4.0" - "Microsoft Corporation" - c:\Program Files\Common Files\Microsoft Shared\Information Retrieval\msitss.dll
{CD00020A-8B95-11D1-82DB-00C04FB1625D} "Microsoft PKM KnowledgePluggable Class" - "Microsoft Corporation" - C:\Program Files\Common Files\Microsoft Shared\Web Folders\PKMCDO.DLL
-----( HKLM\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved )-----
{911051fa-c21c-4246-b470-070cd8df6dc4} ".cab or .zip files" - ? -   (File not found | COM-object registry key not found)
{1b24a030-9b20-49bc-97ac-1be4426f9e59} "ActiveDirectory Folder" - ? -   (File not found | COM-object registry key not found)
{34449847-FD14-4fc8-A75A-7432F5181EFB} "ActiveDirectory Folder" - ? -   (File not found | COM-object registry key not found)
{0F8604A5-4ECE-4DE1-BA7D-CF10F8AA4F48} "Contacts folder" - ? -   (File not found | COM-object registry key not found)
{872A9397-E0D6-4e28-B64D-52B8D0A7EA35} "DisplayCplExt Class" - "Advanced Micro Devices, Inc." - C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\atiamaxx.dll
{2C2577C2-63A7-40e3-9B7F-586602617ECB} "Explorer Query Band" - ? -   (File not found | COM-object registry key not found)
{FAC3CBF6-8697-43d0-BAB9-DCD1FCE19D75} "IE User Assist" - ? -   (File not found | COM-object registry key not found)
{00020d75-0000-0000-c000-000000000046} "lnkfile" - ? -   (File not found | COM-object registry key not found)
{42042206-2D85-11D3-8CFF-005004838597} "Microsoft Office HTML Icon Handler" - "Microsoft Corporation" - C:\Program Files\Microsoft Office\Office10\msohev.dll
{993BE281-6695-4BA5-8A2A-7AACBFAAB69E} "Microsoft Office Metadata Handler" - "Microsoft Corporation" - C:\PROGRA~1\COMMON~1\MICROS~1\OFFICE12\msoshext.dll
{5858A72C-C2B4-4dd7-B2BF-B76DB1BD9F6C} "Microsoft Office OneNote Namespace Extension for Windows Desktop Search" - "Microsoft Corporation" - C:\PROGRA~1\MICROS~3\Office12\ONFILTER.DLL
{C41662BB-1FA0-4CE0-8DC5-9B7F8279FF97} "Microsoft Office Thumbnail Handler" - "Microsoft Corporation" - C:\PROGRA~1\COMMON~1\MICROS~1\OFFICE12\msoshext.dll
{C52AF81D-F7A0-4AAB-8E87-F80A60CCD396} "OpenOffice.org Column Handler" - ? - C:\Program Files\OpenOffice.org 3\Basis\program\shlxthdl\shlxthdl.dll
{087B3AE3-E237-4467-B8DB-5A38AB959AC9} "OpenOffice.org Infotip Handler" - ? - C:\Program Files\OpenOffice.org 3\Basis\program\shlxthdl\shlxthdl.dll
{AE424E85-F6DF-4910-A6A9-438797986431} "OpenOffice.org Property Handler" - ? - C:\Program Files\OpenOffice.org 3\Basis\program\shlxthdl\propertyhdl.dll
{63542C48-9552-494A-84F7-73AA6A7C99C1} "OpenOffice.org Property Sheet Handler" - ? - C:\Program Files\OpenOffice.org 3\Basis\program\shlxthdl\shlxthdl.dll
{3B092F0C-7696-40E3-A80F-68D74DA84210} "OpenOffice.org Thumbnail Viewer" - ? - C:\Program Files\OpenOffice.org 3\Basis\program\shlxthdl\shlxthdl.dll
{F0CB00CD-5A07-4D91-97F5-A8C92CDA93E4} "RealOne Player Context Menu Class" - "RealNetworks, Inc." - C:\Program Files\Real\RealPlayer\rpshell.dll
{C8494E42-ACDD-4739-B0FB-217361E4894F} "Sam Account Folder" - ? -   (File not found | COM-object registry key not found)
{E29F9716-5C08-4FCD-955A-119FDB5A522D} "Sam Account Folder" - ? -   (File not found | COM-object registry key not found)
{45AC2688-0253-4ED8-97DE-B5370FA7D48A} "Shell Extension for Malware scanning" - ? -   (File not found | COM-object registry key not found)
{7F67036B-66F1-411A-AD85-759FB9C5B0DB} "ShellViewRTF" - "XSS" - C:\Windows\System32\ShellvRTF.dll
{5E2121EE-0300-11D4-8D3B-444553540000} "SimpleShlExt Class" - "Advanced Micro Devices, Inc." - C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\atiacmxx.dll
{BDEADF00-C265-11D0-BCED-00A0C90AB50F} "Webordner" - "Microsoft Corporation" - C:\PROGRA~1\COMMON~1\MICROS~1\WEBFOL~1\MSONSEXT.DLL
{da67b8ad-e81b-4c70-9b91b417b5e33527} "Windows Search Shell Service" - ? -   (File not found | COM-object registry key not found)

[Internet Explorer]
-----( HKCU\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser )-----
<binary data> "Google Toolbar" - "Google Inc." - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll
ITBar7Height "ITBar7Height" - ? -   (File not found | COM-object registry key not found)
<binary data> "ITBar7Layout" - ? -   (File not found | COM-object registry key not found)
-----( HKLM\SOFTWARE\Microsoft\Code Store Database\Distribution Units )-----
{8AD9C840-044E-11D1-B3E9-00805F499D93} "Java Plug-in 1.6.0_22" - "Sun Microsystems, Inc." - C:\Program Files\Java\jre6\bin\jp2iexp.dll / hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_22-windows-i586.cab
{CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA} "Java Plug-in 1.6.0_22" - "Sun Microsystems, Inc." - C:\Program Files\Java\jre6\bin\jp2iexp.dll / hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_22-windows-i586.cab
{CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} "Java Plug-in 1.6.0_22" - "Sun Microsystems, Inc." - C:\Program Files\Java\jre6\bin\npjpi160_22.dll / hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_22-windows-i586.cab
-----( HKLM\SOFTWARE\Microsoft\Internet Explorer\Extensions )-----
{48E73304-E1D6-4330-914C-F5F514E3486C} "An OneNote senden" - "Microsoft Corporation" - C:\PROGRA~1\MICROS~3\Office12\ONBttnIE.dll
{FF059E31-CC5A-4E2E-BF3B-96E929D65503} "Research" - "Microsoft Corporation" - C:\PROGRA~1\MICROS~3\Office12\REFIEBAR.DLL
-----( HKLM\SOFTWARE\Microsoft\Internet Explorer\Toolbar )-----
<binary data> "@C:\Program Files\MSN Toolbar\Platform\6.3.2291.0\npwinext.dll,-100" - "Microsoft Corporation" - C:\Program Files\MSN Toolbar\Platform\6.3.2291.0\npwinext.dll
<binary data> "Google Toolbar" - "Google Inc." - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll
-----( HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects )-----
{06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} "Adobe PDF Reader" - "Adobe Systems Incorporated" - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
{d2ce3e00-f94a-4740-988e-03dc2f38c34f} "Bing Bar BHO" - "Microsoft Corporation" - C:\Program Files\MSN Toolbar\Platform\6.3.2291.0\npwinext.dll
{AA58ED58-01DD-4d91-8333-CF10577473F7} "Google Toolbar Helper" - "Google Inc." - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll
{DBC80044-A445-435b-BC74-9C25C1C588A9} "Java(tm) Plug-In 2 SSV Helper" - "Sun Microsystems, Inc." - C:\Program Files\Java\jre6\bin\jp2ssv.dll
{6EBF7485-159F-4bff-A14F-B9E3AAC4465B} "Search Helper" - "Microsoft Corporation" - C:\Program Files\Microsoft\Search Enhancement Pack\Search Helper\SEPsearchhelperie.dll

[Logon]
-----( %APPDATA%\Microsoft\Windows\Start Menu\Programs\Startup )-----
"desktop.ini" - ? - C:\Users\Anja\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\desktop.ini
-----( %AllUsersProfile%\Microsoft\Windows\Start Menu\Programs\Startup )-----
"desktop.ini" - ? - C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\desktop.ini
"NETGEAR WG111v3 Smart Wizard.lnk" - ? - C:\Program Files\NETGEAR\WG111v3\WG111v3.exe  (Shortcut exists | File exists)
-----( HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Run )-----
"swg" - "Google Inc." - "C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe"
-----( HKLM\SYSTEM\CurrentControlSet\Control\Terminal Server\Wds\rdpwd )-----
"StartupPrograms" - ? - rdpclip  (File not found)
-----( HKLM\Software\Microsoft\Windows\CurrentVersion\Run )-----
"Adobe Reader Speed Launcher" - "Adobe Systems Incorporated" - "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
"HP Software Update" - "Hewlett-Packard Co." - C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
"hpsysdrv" - "Hewlett-Packard Company" - c:\hp\support\hpsysdrv.exe
"KBD" - ? - C:\HP\KBD\KbdStub.EXE  (File found, but it contains no detailed information)
"Microsoft Default Manager" - "Microsoft Corporation" - "C:\Program Files\Microsoft\Search Enhancement Pack\Default Manager\DefMgr.exe" -resume
"OsdMaestro" - "OsdMaestro" - "C:\Program Files\Hewlett-Packard\On-Screen OSD Indicator\OSD.exe"
"StartCCC" - "Advanced Micro Devices, Inc." - "C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" MSRun
"SunJavaUpdateSched" - "Sun Microsystems, Inc." - "C:\Program Files\Common Files\Java\Java Update\jusched.exe"
-----( HKLM\Software\Microsoft\Windows\CurrentVersion\RunOnce )-----
"Launcher" - "soft thinks" - %WINDIR%\SMINST\launcher.exe

[Print Monitors]
-----( HKLM\SYSTEM\CurrentControlSet\Control\Print\Monitors )-----
"LIDIL hpzll4v2" - "Hewlett-Packard Company" - C:\Windows\system32\hpzll4v2.dll
"Send To Microsoft OneNote Monitor" - "Microsoft Corporation" - C:\Windows\system32\msonpmon.dll

[Services]
-----( HKLM\SYSTEM\CurrentControlSet\Services )-----
"@c:\Windows\Microsoft.NET\Framework\v4.0.30319\WPF\WPFFontCache_v0400.exe,-100" (WPFFontCache_v0400) - "Microsoft Corporation" - C:\Windows\Microsoft.NET\Framework\v4.0.30319\WPF\WPFFontCache_v0400.exe
"Automatisches LiveUpdate - Scheduler" (Automatisches LiveUpdate - Scheduler) - "Symantec Corporation" - C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
"Google Software Updater" (gusvc) - "Google" - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
"Google Update Service (gupdate)" (gupdate) - "Google Inc." - C:\Program Files\Google\Update\GoogleUpdate.exe
"Google Update-Dienst (gupdatem)" (gupdatem) - "Google Inc." - C:\Program Files\Google\Update\GoogleUpdate.exe
"HP CUE DeviceDiscovery Service" (hpqddsvc) - "Hewlett-Packard Co." - C:\Program Files\HP\Digital Imaging\bin\hpqddsvc.dll
"hpqcxs08" (hpqcxs08) - "Hewlett-Packard Co." - C:\Program Files\HP\Digital Imaging\bin\hpqcxs08.dll
"InstallDriver Table Manager" (IDriverT) - "Macrovision Corporation" - c:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe
"LightScribeService Direct Disc Labeling Service" (LightScribeService) - "Hewlett-Packard Company" - c:\Program Files\Common Files\LightScribe\LSSrvc.exe
"LiveUpdate" (LiveUpdate) - "Symantec Corporation" - C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE
"LiveUpdate Notice Service" (LiveUpdate Notice Service) - "Symantec Corporation" - C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe
"LiveUpdate Notice Service Ex" (LiveUpdate Notice Ex) - ? - "c:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe" /h ccCommon  (File not found)
"Microsoft .NET Framework NGEN v4.0.30319_X86" (clr_optimization_v4.0.30319_32) - "Microsoft Corporation" - C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe
"Microsoft Office Diagnostics Service" (odserv) - "Microsoft Corporation" - C:\Program Files\Common Files\Microsoft Shared\OFFICE12\ODSERV.EXE
"Net Driver HPZ12" (Net Driver HPZ12) - "Hewlett-Packard" - C:\Windows\system32\HPZinw12.dll
"Office Source Engine" (ose) - "Microsoft Corporation" - C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE
"Pml Driver HPZ12" (Pml Driver HPZ12) - "Hewlett-Packard" - C:\Windows\system32\HPZipm12.dll
"SeaPort" (SeaPort) - "Microsoft Corporation" - C:\Program Files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe
"stllssvr" (stllssvr) - "MicroVision Development, Inc." - c:\Program Files\Common Files\SureThing Shared\stllssvr.exe

===[ Logfile end ]=========================================[ Logfile end ]===

If You have questions or want to get some help, You can visit hxxp://forum.online-solutions.ru
Hier der Log von aswMBR:

Code:
ATTFilter
aswMBR version 0.9.9.1665 Copyright(c) 2011 AVAST Software
Run date: 2012-10-10 20:04:05
-----------------------------
20:04:05.166    OS Version: Windows 6.0.6002 Service Pack 2
20:04:05.166    Number of processors: 2 586 0x6B01
20:04:05.166    ComputerName: ANJA-PC  UserName: Anja
20:04:06.086    Initialize success
20:07:25.038    AVAST engine defs: 12101000
20:08:25.925    Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\0000004f
20:08:25.925    Disk 0 Vendor: Hitachi_ V54O Size: 305245MB BusType: 6
20:08:26.066    Disk 0 MBR read successfully
20:08:26.066    Disk 0 MBR scan
20:08:26.253    Disk 0 unknown MBR code
20:08:26.300    Disk 0 Partition 1 80 (A) 07    HPFS/NTFS NTFS       297091 MB offset 63
20:08:26.346    Disk 0 Partition 2 00     07    HPFS/NTFS NTFS         8150 MB offset 608443920
20:08:26.440    Disk 0 scanning sectors +625136400
20:08:26.752    Disk 0 scanning C:\Windows\system32\drivers
20:09:30.821    Service scanning
20:10:07.044    Modules scanning
20:11:10.131    Disk 0 trace - called modules:
20:11:10.162    ntkrnlpa.exe CLASSPNP.SYS disk.sys acpi.sys hal.dll storport.sys nvstor32.sys 
20:11:10.178    1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0x84eb3528]
20:11:10.193    3 CLASSPNP.SYS[863ab8b3] -> nt!IofCallDriver -> [0x83b63150]
20:11:10.209    5 acpi.sys[8060e6bc] -> nt!IofCallDriver -> \Device\0000004f[0x83b759c0]
20:11:11.597    AVAST engine scan C:\Windows
20:12:18.646    AVAST engine scan C:\Windows\system32
20:19:35.678    AVAST engine scan C:\Windows\system32\drivers
20:20:04.007    AVAST engine scan C:\Users\Anja
20:31:00.533    AVAST engine scan C:\ProgramData
20:33:05.739    Scan finished successfully
20:51:51.843    Disk 0 MBR has been saved successfully to "C:\Users\Anja\Desktop\MBR.dat"
20:51:51.843    The log file has been saved successfully to "C:\Users\Anja\Desktop\aswMBR.txt"

Alt 11.10.2012, 12:48   #26
cosinus
/// Winkelfunktion
/// TB-Süch-Tiger™
 
Polizeivirus auf Windows Vista Home Premium - Standard

Polizeivirus auf Windows Vista Home Premium


Wir sollten den MBR fixen, sichere für den Fall der Fälle ALLE wichtigen Daten, auch wenn meistens alles glatt geht.

Hinweis: Mach bitte NICHT den MBR-Fix, wenn du noch andere Betriebssysteme wie zB Ubuntu installiert hast, ein MBR-Fix mit Windows-Tools macht ein parallel installiertes (Dualboot) Linux unbootbar.
Mach den Fix auch dann nicht, wenn du zB mit TrueCrypt oder anderen Verschlüsselungsprogrammen eine Vollverschlüsselung der Windowspartition bzw. gesamten Festplatte hast

Starte nach der Datensicherung aswmbr erneut und klick auf den Button FIXMBR.

Hinweis: Bitte den Virenscanner abstellen bevor du aswMBR ausführst, denn v.a. Avira meldet darin oft einen Fehalalrm!

Anschließend Windows neu starten und ein neues Log mit aswMBR machen.
__________________
Logfiles bitte immer in CODE-Tags posten

Alt 11.10.2012, 19:05   #27
rene07
 
Polizeivirus auf Windows Vista Home Premium - Standard

Polizeivirus auf Windows Vista Home Premium


Hier der Log:
Code:
ATTFilter
aswMBR version 0.9.9.1665 Copyright(c) 2011 AVAST Software
Run date: 2012-10-11 18:58:08
-----------------------------
18:58:08.889    OS Version: Windows 6.0.6002 Service Pack 2
18:58:08.889    Number of processors: 2 586 0x6B01
18:58:08.905    ComputerName: ANJA-PC  UserName: Anja
18:59:12.132    Initialize success
18:59:31.944    AVAST engine defs: 12101000
18:59:48.309    Verifying
18:59:58.325    Disk 0 Windows 600 MBR fixed successfully
19:23:39.596    Verifying
19:23:49.627    Disk 0 Windows 600 MBR fixed successfully
20:03:48.049    Disk 0 MBR has been saved successfully to "C:\Users\Anja\Desktop\MBR.dat"
20:03:48.064    The log file has been saved successfully to "C:\Users\Anja\Desktop\aswMBR.txt"
Bin mir aber nicht sicher ob es funktioniert hat? hat nämlich nicht lange gedauert. Habe daraufhin nochmal neu gestartet...

Alt 12.10.2012, 10:03   #28
cosinus
/// Winkelfunktion
/// TB-Süch-Tiger™
 
Polizeivirus auf Windows Vista Home Premium - Standard

Polizeivirus auf Windows Vista Home Premium


Du soltest auch einen neuen Scan mit aswMBR nach dem Reboot machen
__________________
Logfiles bitte immer in CODE-Tags posten

Alt 12.10.2012, 16:22   #29
rene07
 
Polizeivirus auf Windows Vista Home Premium - Standard

Polizeivirus auf Windows Vista Home Premium


Hier der Log:

Code:
ATTFilter
aswMBR version 0.9.9.1665 Copyright(c) 2011 AVAST Software
Run date: 2012-10-12 16:38:43
-----------------------------
16:38:43.578    OS Version: Windows 6.0.6002 Service Pack 2
16:38:43.578    Number of processors: 2 586 0x6B01
16:38:43.578    ComputerName: ANJA-PC  UserName: Anja
16:39:24.356    Initialize success
16:42:26.320    AVAST engine defs: 12101200
16:42:41.998    Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\0000004f
16:42:41.998    Disk 0 Vendor: Hitachi_ V54O Size: 305245MB BusType: 6
16:42:42.201    Disk 0 MBR read successfully
16:42:42.295    Disk 0 MBR scan
16:42:43.121    Disk 0 Windows VISTA default MBR code
16:42:43.168    Disk 0 Partition 1 80 (A) 07    HPFS/NTFS NTFS       297091 MB offset 63
16:42:43.621    Disk 0 Partition 2 00     07    HPFS/NTFS NTFS         8150 MB offset 608443920
16:42:43.714    Disk 0 scanning sectors +625136400
16:42:45.071    Disk 0 scanning C:\Windows\system32\drivers
16:45:16.064    Service scanning
16:50:53.429    Modules scanning
16:51:39.933    Disk 0 trace - called modules:
16:51:39.964    ntkrnlpa.exe CLASSPNP.SYS disk.sys acpi.sys hal.dll storport.sys nvstor32.sys 
16:51:40.385    1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0x84eb2370]
16:51:40.385    3 CLASSPNP.SYS[8639e8b3] -> nt!IofCallDriver -> [0x83b51748]
16:51:40.401    5 acpi.sys[8060a6bc] -> nt!IofCallDriver -> \Device\0000004f[0x83b51b88]
16:51:44.207    AVAST engine scan C:\Windows
16:52:10.322    AVAST engine scan C:\Windows\system32
17:05:54.236    AVAST engine scan C:\Windows\system32\drivers
17:07:36.730    AVAST engine scan C:\Users\Anja
17:18:33.973    AVAST engine scan C:\ProgramData
17:20:52.299    Scan finished successfully
17:21:27.133    Disk 0 MBR has been saved successfully to "C:\Users\Anja\Desktop\MBR.dat"
17:21:27.211    The log file has been saved successfully to "C:\Users\Anja\Desktop\aswMBR.txt"

Alt 12.10.2012, 19:04   #30
cosinus
/// Winkelfunktion
/// TB-Süch-Tiger™
 
Polizeivirus auf Windows Vista Home Premium - Standard

Polizeivirus auf Windows Vista Home Premium


Sieht ok aus. Wir sollten fast durch sein. Mach bitte zur Kontrolle Vollscans mit Malwarebytes und SUPERAntiSpyware und poste die Logs.
Denk dran beide Tools zu updaten vor dem Scan!!
__________________
Logfiles bitte immer in CODE-Tags posten

Antwort
Seite 2 von 3 1 2 3

Themen zu Polizeivirus auf Windows Vista Home Premium
32 bit, avira, bho, branding, browser, conduit, converter, error, excel, firefox, flash player, helper, home, homepage, install.exe, limewire, logfile, mp3, plug-in, polizeivirus, realtek, registry, scan, security, senden, software, svchost.exe, symantec, usb 2.0, vista, windows


« Windows Verschlüsselungs-Trojaner, nichts geht mehr! | Weißer Bildschirm - ...kann Seite nicht Anzeigen... Trojan.Winlock »


Ähnliche Themen: Polizeivirus auf Windows Vista Home Premium


  1. Windows Vista Home Premium: AdWare Tracking Cookies gefunden
    Log-Analyse und Auswertung - 03.04.2015 (11)
  2. WIndows Vista Home Premium: Avira lässt sich nicht deinstallieren (Gruppenrichtlinie)
    Log-Analyse und Auswertung - 17.08.2014 (9)
  3. Windows Vista Home Premium SP1: Avast durch Gruppenrichtlinie blockiert
    Log-Analyse und Auswertung - 11.05.2014 (10)
  4. Windows Vista Home Premium lässt sich nicht starten.
    Alles rund um Windows - 02.01.2014 (14)
  5. Windows Vista Home Premium Service Pack 2 2007: Webseiten werden auf Werbung umgeleitet! Besonders bei Googlesuche! ihavenet Virus?
    Log-Analyse und Auswertung - 16.10.2013 (9)
  6. win32downloader.gen Befall unter Windows Vista Home Premium
    Log-Analyse und Auswertung - 26.09.2013 (15)
  7. GVU Trojaner 2.07 Windows Vista Home Premium
    Plagegeister aller Art und deren Bekämpfung - 28.06.2013 (5)
  8. 100 Tan Abfrage Commerzbank Windows Vista Home Premium 32 Bit, IE 9.0.16
    Log-Analyse und Auswertung - 18.05.2013 (7)
  9. GVU-Trojaner unter Windows VISTA 32 Bit Home Premium
    Plagegeister aller Art und deren Bekämpfung - 22.02.2013 (19)
  10. GVU Trojaner 2.07 - Windows Vista Home Premium 32 Bit
    Log-Analyse und Auswertung - 07.10.2012 (6)
  11. GVU-Trojaner unter Windows Vista Home Premium
    Plagegeister aller Art und deren Bekämpfung - 07.09.2012 (18)
  12. TR/Medisys.F.10 in C:\Windows\System32 bei MS Vista home Premium
    Log-Analyse und Auswertung - 08.07.2012 (12)
  13. Windows Vista Home Premium 32-Bit Trojaner Windows gesperrt 50€ zahlen.
    Log-Analyse und Auswertung - 23.01.2012 (1)
  14. Windows XP Pro Systemfestplatte unter Win Vista Home Premium auslesen (sichern)
    Alles rund um Windows - 01.12.2011 (5)
  15. Der eingegebene Product Key für Windows Vista Home Premium ist nicht für die Aktivierung gültig
    Alles rund um Windows - 27.09.2011 (24)
  16. VIRUSS! Windows Vista Home Premium
    Alles rund um Windows - 10.04.2010 (3)
  17. Windows Vista Home Premium 32 Bit SP 1 standig Blue Screens und eingefrorenen Bild
    Log-Analyse und Auswertung - 25.11.2008 (12)
Anleitungen und Tipps

- Für alle Hilfesuchenden! Was beachten?

- Anleitung: MyStartSearch.com entfernen

- Anleitung: WebSearches löschen

- Hilfe: iStartSurf entfernen – so gehts!

- Anleitung: Omiga Plus richtig entfernen

- Browser Viren entfernen


Zum Thema Polizeivirus auf Windows Vista Home Premium - Mach einen OTL-Fix, beende alle evtl. geöffneten Programme, auch Virenscanner deaktivieren (!), starte OTL und kopiere folgenden Text in die "Custom Scan/Fixes" Box (unten in OTL): (das ":OTL" muss mitkopiert - Polizeivirus auf Windows Vista Home Premium...
Archiv
Du betrachtest: Polizeivirus auf Windows Vista Home Premium auf Trojaner-Board

Search Engine Optimization by vBSEO ©2011, Crawlability, Inc.

1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28 29 30 31 32 33 34 35 36 37 38 39 40 41 42 43 44 45 46 47 48 49 50 51 52 53 54 55 56 57 58 59 60 61 62 63 64 65 66 67 68 69 70 71 72 73 74 75 76 77 78 79 80 81 82 83 84 85 86 87 88 89 90 91 92 93 94 95 96 97 98 99 100 101 102 103 104 105 106 107 108 109 110 111 112 113 114 115 116 117 118 119 120 121 122 123 124 125 126 127 128 129 130 131