Zurück   Trojaner-Board > Malware entfernen > Plagegeister aller Art und deren Bekämpfung

Plagegeister aller Art und deren Bekämpfung: searchnu.com/410

Windows 7 Wenn Du nicht sicher bist, ob Du dir Malware oder Trojaner eingefangen hast, erstelle hier ein Thema. Ein Experte wird sich mit weiteren Anweisungen melden und Dir helfen die Malware zu entfernen oder Unerwünschte Software zu deinstallieren bzw. zu löschen. Bitte schildere dein Problem so genau wie möglich. Sollte es ein Trojaner oder Viren Problem sein wird ein Experte Dir bei der Beseitigug der Infektion helfen.

Antwort
Alt 28.09.2012, 22:39   #16
cosinus
/// Winkelfunktion
/// TB-Süch-Tiger™
 
searchnu.com/410 - Standard

searchnu.com/410



Mach bitte ein neues OTL-Log. Bitte alles nach Möglichkeit hier in CODE-Tags posten.

Wird so gemacht:

[code] hier steht das Log [/code]

Und das ganze sieht dann so aus:

Code:
ATTFilter
 hier steht das Log
         
CustomScan mit OTL

Lade Dir bitte OTL von Oldtimer herunter und speichere es auf Deinem Desktop. Falls schon vorhanden, bitte die ältere vorhandene Datei durch die neu heruntergeladene Datei ersetzen, damit du auch wirklich mit einer aktuellen Version von OTL arbeitest.
  • Starte bitte die OTL.exe.
    Vista und Win7 User mit Rechtsklick "als Administrator starten"
  • Setze oben mittig den Haken bei Scanne alle Benutzer
  • Kopiere nun den kompletten Inhalt aus der untenstehenden Codebox in die Textbox von OTL - wenn OTL auf deutsch ist wird sie mit beschriftet
Code:
ATTFilter
netsvcs
msconfig
safebootminimal
safebootnetwork
activex
drivers32
%ALLUSERSPROFILE%\Application Data\*.
%ALLUSERSPROFILE%\Application Data\*.exe /s
%APPDATA%\*.
%APPDATA%\*.exe /s
%SYSTEMDRIVE%\*.exe
/md5start
wininit.exe
userinit.exe
eventlog.dll
scecli.dll
netlogon.dll
cngaudit.dll
ws2ifsl.sys
sceclt.dll
ntelogon.dll
winlogon.exe
logevent.dll
user32.DLL
iaStor.sys
nvstor.sys
atapi.sys
IdeChnDr.sys
viasraid.sys
AGP440.sys
vaxscsi.sys
nvatabus.sys
viamraid.sys
nvata.sys
nvgts.sys
iastorv.sys
ViPrt.sys
eNetHook.dll
ahcix86.sys
KR10N.sys
nvstor32.sys
ahcix86s.sys
/md5stop
%systemroot%\system32\drivers\*.sys /lockedfiles
%systemroot%\System32\config\*.sav
%systemroot%\*. /mp /s
%systemroot%\system32\*.dll /lockedfiles
CREATERESTOREPOINT
         
  • Schliesse bitte nun alle Programme. (Wichtig)
  • Klicke nun bitte auf den Quick Scan Button.
  • Klick auf .
  • Kopiere nun den Inhalt aus OTL.txt hier in Deinen Thread
__________________
Logfiles bitte immer in CODE-Tags posten

Alt 28.09.2012, 23:37   #17
Hina
 
searchnu.com/410 - Standard

searchnu.com/410



Hello, hier die otl-log

OTL Logfile:
Code:
ATTFilter
OTL logfile created on: 28.09.2012 23:55:42 - Run 2
OTL by OldTimer - Version 3.2.69.0     Folder = D:\Downloads
Windows Vista Business Edition Service Pack 2 (Version = 6.0.6002) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
 
1,87 Gb Total Physical Memory | 1,05 Gb Available Physical Memory | 56,18% Memory free
3,99 Gb Paging File | 2,88 Gb Available in Paging File | 72,28% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 43,40 Gb Total Space | 9,87 Gb Free Space | 22,74% Space Free | Partition Type: NTFS
Drive D: | 68,39 Gb Total Space | 9,52 Gb Free Space | 13,92% Space Free | Partition Type: NTFS
 
Computer Name: KONSTRUKT-PC | User Name: konstrukt | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users | Quick Scan
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days
 
========== Processes (SafeList) ==========
 
PRC - [2012.09.28 23:52:29 | 000,602,112 | ---- | M] (OldTimer Tools) -- D:\Downloads\OTL(1).exe
PRC - [2012.09.06 15:04:58 | 000,412,672 | ---- | M] (Sciper) -- D:\Downloads\Battery-Tool.exe
PRC - [2012.08.13 13:33:30 | 003,064,000 | ---- | M] (Skype Technologies S.A.) -- C:\ProgramData\Skype\Toolbars\Skype C2C Service\c2c_service.exe
PRC - [2012.07.27 22:51:26 | 000,063,960 | ---- | M] (Adobe Systems Incorporated) -- C:\Programme\Common Files\Adobe\ARM\1.0\armsvc.exe
PRC - [2012.07.18 18:04:42 | 000,080,336 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\Programme\Avira\AntiVir Desktop\avshadow.exe
PRC - [2012.07.18 18:04:33 | 000,086,224 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\Programme\Avira\AntiVir Desktop\sched.exe
PRC - [2012.07.18 18:04:23 | 000,110,032 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\Programme\Avira\AntiVir Desktop\avguard.exe
PRC - [2012.07.18 18:04:22 | 000,348,664 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\Programme\Avira\AntiVir Desktop\avgnt.exe
PRC - [2011.09.14 21:04:08 | 002,742,286 | ---- | M] () -- C:\Programme\Vidalia Bundle\Tor\tor.exe
PRC - [2011.09.12 11:45:30 | 000,094,112 | ---- | M] () -- C:\Programme\Allway Sync\Bin\syncappw.exe
PRC - [2011.08.28 03:43:22 | 005,402,115 | ---- | M] () -- C:\Programme\Vidalia Bundle\Vidalia\vidalia.exe
PRC - [2009.04.30 11:23:26 | 000,090,112 | ---- | M] () -- C:\Programme\Sony Ericsson\Sony Ericsson PC Suite\SupServ.exe
PRC - [2009.04.10 23:28:04 | 001,233,920 | ---- | M] (Microsoft Corporation) -- C:\Programme\Windows Sidebar\sidebar.exe
PRC - [2009.04.10 23:27:38 | 002,926,592 | ---- | M] (Microsoft Corporation) -- C:\Windows\explorer.exe
PRC - [2009.04.10 23:27:30 | 000,069,120 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\conime.exe
PRC - [2008.01.18 23:38:40 | 001,008,184 | ---- | M] (Microsoft Corporation) -- C:\Programme\Windows Defender\MSASCui.exe
PRC - [2007.08.14 16:41:54 | 000,650,752 | ---- | M] (ITE Tech Inc.) -- C:\Programme\FSC\Wireless Utility\WirelessSelector.exe
PRC - [2007.08.14 13:29:00 | 000,552,960 | ---- | M] (Silicon Integrated Systems Corporation) -- C:\Programme\SiS VGA Utilities\SiSTray.exe
PRC - [2007.08.13 13:47:38 | 000,364,544 | ---- | M] () -- C:\Programme\FSC\TouchPad HotKey Utility\TouchPad_HotKey.exe
PRC - [2007.08.09 19:26:42 | 004,702,208 | ---- | M] (Realtek Semiconductor) -- C:\Windows\RtHDVCpl.exe
PRC - [2006.11.03 11:01:16 | 000,319,488 | ---- | M] (PixArt Imaging Incorporation) -- C:\Windows\PixArt\Pac207\Monitor.exe
 
 
========== Modules (No Company Name) ==========
 
MOD - [2012.06.14 16:05:19 | 001,711,616 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\Microsoft.VisualBas#\2467a133aee73396c830b9b0a9c7ec0d\Microsoft.VisualBasic.ni.dll
MOD - [2012.06.14 14:48:18 | 012,433,920 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\f2691cfa7671cdc58179e56ba9227591\System.Windows.Forms.ni.dll
MOD - [2012.06.14 14:47:53 | 001,592,320 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Drawing\18f9789aa214c657113e676b3a9015aa\System.Drawing.ni.dll
MOD - [2012.05.12 16:20:43 | 000,771,584 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Runtime.Remo#\846b9cf2756fdd15f704c9bab9c70b6f\System.Runtime.Remoting.ni.dll
MOD - [2012.05.12 16:20:21 | 000,971,264 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Configuration\bd76aaaa03ddc15d1840207b5a480644\System.Configuration.ni.dll
MOD - [2012.05.12 16:18:38 | 005,450,752 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Xml\d2630342a066a7cb9056d9eb6157687a\System.Xml.ni.dll
MOD - [2012.05.12 16:16:07 | 007,953,408 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System\28d633338fc8d29f8af31935ef7d001b\System.ni.dll
MOD - [2012.05.12 16:15:28 | 011,492,352 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\af9c9e9d7e0523cd444f8b551baa9cbf\mscorlib.ni.dll
MOD - [2011.09.14 21:04:08 | 002,742,286 | ---- | M] () -- C:\Programme\Vidalia Bundle\Tor\tor.exe
MOD - [2011.09.12 11:45:30 | 000,094,112 | ---- | M] () -- C:\Programme\Allway Sync\Bin\syncappw.exe
MOD - [2011.09.12 10:16:56 | 007,499,264 | ---- | M] () -- C:\Programme\Allway Sync\Bin\syncapp.dll
MOD - [2011.09.12 10:16:02 | 000,043,520 | ---- | M] () -- C:\Programme\Allway Sync\Bin\SyncHook.dll
MOD - [2011.08.28 03:43:22 | 005,402,115 | ---- | M] () -- C:\Programme\Vidalia Bundle\Vidalia\vidalia.exe
MOD - [2011.02.14 23:02:58 | 002,417,664 | ---- | M] () -- C:\Programme\Vidalia Bundle\Vidalia\QtCore4.dll
MOD - [2010.03.07 05:31:36 | 000,024,110 | ---- | M] () -- C:\Programme\Vidalia Bundle\Vidalia\mingwm10.dll
MOD - [2010.02.10 18:36:20 | 009,565,184 | ---- | M] () -- C:\Programme\Vidalia Bundle\Vidalia\QtGui4.dll
MOD - [2010.02.10 18:11:00 | 001,148,416 | ---- | M] () -- C:\Programme\Vidalia Bundle\Vidalia\QtNetwork4.dll
MOD - [2010.02.10 18:08:16 | 000,398,336 | ---- | M] () -- C:\Programme\Vidalia Bundle\Vidalia\QtXml4.dll
MOD - [2009.06.22 20:42:42 | 000,043,008 | ---- | M] () -- C:\Programme\Vidalia Bundle\Vidalia\libgcc_s_dw2-1.dll
MOD - [2009.03.29 21:42:12 | 000,315,392 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\mscorlib.resources\2.0.0.0_de_b77a5c561934e089\mscorlib.resources.dll
MOD - [2007.08.13 13:47:38 | 000,364,544 | ---- | M] () -- C:\Programme\FSC\TouchPad HotKey Utility\TouchPad_HotKey.exe
 
 
========== Services (SafeList) ==========
 
SRV - [2012.09.11 11:43:04 | 000,114,144 | ---- | M] (Mozilla Foundation) [On_Demand | Stopped] -- C:\Programme\Mozilla Maintenance Service\maintenanceservice.exe -- (MozillaMaintenance)
SRV - [2012.09.05 11:42:35 | 000,250,568 | ---- | M] (Adobe Systems Incorporated) [On_Demand | Stopped] -- C:\Windows\System32\Macromed\Flash\FlashPlayerUpdateService.exe -- (AdobeFlashPlayerUpdateSvc)
SRV - [2012.08.13 13:33:30 | 003,064,000 | ---- | M] (Skype Technologies S.A.) [Auto | Running] -- C:\ProgramData\Skype\Toolbars\Skype C2C Service\c2c_service.exe -- (Skype C2C Service)
SRV - [2012.07.27 22:51:26 | 000,063,960 | ---- | M] (Adobe Systems Incorporated) [Auto | Running] -- C:\Programme\Common Files\Adobe\ARM\1.0\armsvc.exe -- (AdobeARMservice)
SRV - [2012.07.18 18:04:33 | 000,086,224 | ---- | M] (Avira Operations GmbH & Co. KG) [Auto | Running] -- C:\Programme\Avira\AntiVir Desktop\sched.exe -- (AntiVirSchedulerService)
SRV - [2012.07.18 18:04:23 | 000,110,032 | ---- | M] (Avira Operations GmbH & Co. KG) [Auto | Running] -- C:\Programme\Avira\AntiVir Desktop\avguard.exe -- (AntiVirService)
SRV - [2012.06.07 19:12:14 | 000,160,944 | R--- | M] (Skype Technologies) [Auto | Stopped] -- C:\Programme\Skype\Updater\Updater.exe -- (SkypeUpdate)
SRV - [2012.01.18 14:38:28 | 000,155,320 | ---- | M] (Avanquest Software) [On_Demand | Stopped] -- C:\Programme\Sony\Sony PC Companion\PCCService.exe -- (Sony PC Companion)
SRV - [2009.04.30 11:23:26 | 000,090,112 | ---- | M] () [Auto | Running] -- C:\Programme\Sony Ericsson\Sony Ericsson PC Suite\SupServ.exe -- (OMSI download service)
SRV - [2008.01.18 23:38:26 | 000,272,952 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Programme\Windows Defender\MpSvc.dll -- (WinDefend)
SRV - [2008.01.18 23:33:40 | 000,896,512 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Programme\Windows Media Player\wmpnetwk.exe -- (WMPNetworkSvc)
 
 
========== Driver Services (SafeList) ==========
 
DRV - File not found [Kernel | On_Demand | Stopped] -- system32\DRIVERS\nwlnkfwd.sys -- (NwlnkFwd)
DRV - File not found [Kernel | On_Demand | Stopped] -- system32\DRIVERS\nwlnkflt.sys -- (NwlnkFlt)
DRV - File not found [Kernel | On_Demand | Stopped] -- system32\DRIVERS\ipinip.sys -- (IpInIp)
DRV - File not found [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\blbdrive.sys -- (blbdrive)
DRV - [2012.07.18 18:04:42 | 000,137,928 | ---- | M] (Avira GmbH) [Kernel | System | Running] -- C:\Windows\System32\drivers\avipbb.sys -- (avipbb)
DRV - [2012.07.18 18:04:42 | 000,083,392 | ---- | M] (Avira GmbH) [File_System | Auto | Running] -- C:\Windows\System32\drivers\avgntflt.sys -- (avgntflt)
DRV - [2012.07.18 18:04:42 | 000,036,000 | ---- | M] (Avira GmbH) [Kernel | System | Running] -- C:\Windows\System32\drivers\avkmgr.sys -- (avkmgr)
DRV - [2011.10.09 15:55:17 | 000,231,376 | ---- | M] (TrueCrypt Foundation) [Kernel | System | Running] -- C:\Windows\System32\drivers\truecrypt.sys -- (truecrypt)
DRV - [2010.06.17 15:14:27 | 000,028,520 | ---- | M] (Avira GmbH) [Kernel | System | Running] -- C:\Windows\System32\drivers\ssmdrv.sys -- (ssmdrv)
DRV - [2009.09.05 14:25:36 | 001,183,744 | ---- | M] (Atheros Communications, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\athr.sys -- (athr)
DRV - [2008.12.13 12:27:50 | 000,102,784 | ---- | M] (Huawei Technologies Co., Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\ewusbmdm.sys -- (hwdatacard)
DRV - [2008.09.25 18:37:38 | 000,189,888 | ---- | M] (Stephan Schreiber) [File_System | System | Running] -- C:\Windows\System32\drivers\ext2fs.sys -- (Ext2fs)
DRV - [2008.08.28 23:48:16 | 000,060,352 | ---- | M] (Stephan Schreiber) [Kernel | System | Running] -- C:\Windows\System32\drivers\ifsmount.sys -- (IfsMount)
DRV - [2008.05.16 12:33:14 | 000,115,752 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\s0016unic.sys -- (s0016unic)
DRV - [2008.05.16 12:33:14 | 000,025,512 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\s0016nd5.sys -- (s0016nd5)
DRV - [2008.05.16 12:33:14 | 000,015,016 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\s0016mdfl.sys -- (s0016mdfl)
DRV - [2008.05.16 12:33:12 | 000,120,744 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\s0016mdm.sys -- (s0016mdm)
DRV - [2008.05.16 12:33:12 | 000,114,216 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\s0016mgmt.sys -- (s0016mgmt)
DRV - [2008.05.16 12:33:12 | 000,110,632 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\s0016obex.sys -- (s0016obex)
DRV - [2008.05.16 12:33:12 | 000,089,256 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\s0016bus.sys -- (s0016bus)
DRV - [2007.08.14 13:30:02 | 000,456,568 | ---- | M] (Silicon Integrated Systems Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\SISGRKMD.sys -- (SiS6350)
DRV - [2007.07.29 17:00:56 | 000,014,168 | ---- | M] (Zeal SoftStudio) [Kernel | Auto | Running] -- C:\Windows\System32\drivers\zntport.sys -- (zntport)
DRV - [2007.07.04 10:04:54 | 000,047,616 | ---- | M] (Silicon Integrated Systems Corp.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\SiSGB6.sys -- (SiSGbeLH)
DRV - [2007.06.13 23:47:00 | 000,048,256 | ---- | M] (JMicron Technology Corp.) [Kernel | Disabled | Stopped] -- C:\Windows\System32\drivers\jraid.sys -- (JRAID)
DRV - [2007.01.24 17:08:06 | 000,056,184 | ---- | M] (Silicon Integrated Systems Corporation) [Kernel | Boot | Running] -- C:\Windows\System32\drivers\SISAGPX.SYS -- (SISAGP)
DRV - [2006.12.05 11:34:42 | 000,507,136 | ---- | M] (PixArt Imaging Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\PFC027.SYS -- (PAC207)
DRV - [2006.11.22 10:52:08 | 000,005,120 | ---- | M] (Samsung Electronics) [Kernel | Auto | Running] -- C:\Windows\System32\drivers\SSPORT.SYS -- (SSPORT)
DRV - [2006.09.05 10:33:12 | 000,041,984 | ---- | M] (Samsung Electronics Co., Ltd.) [Kernel | Auto | Stopped] -- C:\Windows\System32\drivers\DGIVECP.SYS -- (DgiVecp)
DRV - [2006.05.15 15:35:36 | 000,061,600 | ---- | M] (MCCI) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\SE27bus.sys -- (SE27bus)
 
 
========== Standard Registry (SafeList) ==========
 
 
========== Internet Explorer ==========
 
IE - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&FORM=IE8SRC
 
 
IE - HKU\.DEFAULT\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
 
IE - HKU\S-1-5-18\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
 
IE - HKU\S-1-5-19\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
 
IE - HKU\S-1-5-20\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
 
IE - HKU\S-1-5-21-1911846312-120104458-3615671691-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.google.com
IE - HKU\S-1-5-21-1911846312-120104458-3615671691-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = hxxp://de.msn.com/?ocid=iehp
IE - HKU\S-1-5-21-1911846312-120104458-3615671691-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = de
IE - HKU\S-1-5-21-1911846312-120104458-3615671691-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = 94 B2 1C E6 31 87 CC 01  [binary data]
IE - HKU\S-1-5-21-1911846312-120104458-3615671691-1000\SOFTWARE\Microsoft\Internet Explorer\Main,StartPageCache = 1
IE - HKU\S-1-5-21-1911846312-120104458-3615671691-1000\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE - HKU\S-1-5-21-1911846312-120104458-3615671691-1000\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&src=IE-SearchBox&FORM=IE8SRC
IE - HKU\S-1-5-21-1911846312-120104458-3615671691-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
 
========== FireFox ==========
 
FF - prefs.js..browser.search.openintab: true
FF - prefs.js..browser.search.selectedEngine: "Google"
FF - prefs.js..browser.search.useDBForOrder: true
FF - prefs.js..browser.startup.homepage: "about:home"
FF - prefs.js..extensions.enabledAddons: {3d7eb24f-2740-49df-8937-200b1cc08f8a}:1.5.15.1
FF - prefs.js..extensions.enabledAddons: {a7c6cf7f-112c-4500-a7ea-39801a327e5f}:2.0.7
FF - prefs.js..extensions.enabledAddons: {d40f5e7b-d2cf-4856-b441-cc613eeffbe3}:1.68
FF - prefs.js..extensions.enabledAddons: {D4DD63FA-01E4-46a7-B6B1-EDAB7D6AD389}:0.9.10
FF - prefs.js..extensions.enabledAddons: {dc572301-7619-498c-a57d-39143191b318}:0.4.0.3
FF - prefs.js..extensions.enabledAddons: {8AA36F4F-6DC7-4c06-77AF-5035170634FE}:2012.02.14
FF - prefs.js..extensions.enabledAddons: {b9db16a4-6edc-47ec-a1f4-b86292ed211d}:4.9.10
FF - prefs.js..extensions.enabledAddons: {73a6fe31-595d-460b-a920-fcc0f8843232}:2.5.6
FF - prefs.js..extensions.enabledItems: {d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}:1.3.10
FF - prefs.js..extensions.enabledItems: beamgeraet@web.de:4.11.0.24
FF - prefs.js..extensions.enabledItems: {5C655500-E712-41e7-9349-CE462F844B19}:0.9
FF - prefs.js..extensions.enabledItems: {9AA46F4F-4DC7-4c06-97AF-5035170634FE}:4.5
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}:6.0.20
FF - prefs.js..extensions.enabledItems: jqs@sun.com:1.0
FF - prefs.js..extensions.enabledItems: {AB2CE124-6272-4b12-94A9-7303C7397BD1}:5.2.0.7165
FF - prefs.js..extensions.enabledItems: {8AA36F4F-6DC7-4c06-77AF-5035170634FE}:2011.02.18
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0026-ABCDEFFEDCBA}:6.0.26
FF - user.js - File not found
 
FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF32_11_4_402_265.dll ()
FF - HKLM\Software\MozillaPlugins\@Google.com/GoogleEarthPlugin: C:\Program Files\Google\Google Earth\plugin\npgeplugin.dll (Google)
FF - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=10.7.2: C:\Windows\system32\npDeployJava1.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin,version=10.7.2: C:\Program Files\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: C:\Program Files\Microsoft Silverlight\5.1.10411.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WPF,version=3.5: c:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files\Google\Update\1.3.21.123\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files\Google\Update\1.3.21.123\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
 
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{8AA36F4F-6DC7-4c06-77AF-5035170634FE}: C:\ProgramData\Swiss Academic Software\Citavi Picker\Firefox [2011.10.09 16:57:09 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 15.0.1\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2012.09.11 11:43:05 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 15.0.1\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2012.08.15 17:38:23 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Thunderbird 15.0.1\extensions\\Components: C:\Program Files\Mozilla Thunderbird\components [2012.06.18 10:59:33 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Thunderbird 15.0.1\extensions\\Plugins: C:\Program Files\Mozilla Thunderbird\plugins
FF - HKEY_CURRENT_USER\software\mozilla\Mozilla Firefox 15.0.1\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2012.09.11 11:43:05 | 000,000,000 | ---D | M]
FF - HKEY_CURRENT_USER\software\mozilla\Mozilla Firefox 15.0.1\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2012.08.15 17:38:23 | 000,000,000 | ---D | M]
 
[2012.09.24 18:54:57 | 000,000,000 | ---D | M] (No name found) -- C:\Users\konstrukt\AppData\Roaming\mozilla\Extensions
[2012.09.28 22:39:59 | 000,000,000 | ---D | M] (No name found) -- C:\Users\konstrukt\AppData\Roaming\mozilla\Firefox\Profiles\8n9j3n9b.default\extensions
[2012.09.19 22:45:54 | 000,000,000 | ---D | M] (DownloadHelper) -- C:\Users\konstrukt\AppData\Roaming\mozilla\Firefox\Profiles\8n9j3n9b.default\extensions\{b9db16a4-6edc-47ec-a1f4-b86292ed211d}
[2011.10.09 15:48:56 | 000,000,000 | ---D | M] (German Dictionary) -- C:\Users\konstrukt\AppData\Roaming\mozilla\Firefox\Profiles\8n9j3n9b.default\extensions\de-DE@dictionaries.addons.mozilla.org
[2012.06.24 20:48:38 | 000,073,806 | ---- | M] () (No name found) -- C:\Users\konstrukt\AppData\Roaming\mozilla\firefox\profiles\8n9j3n9b.default\extensions\CompactMenuCE@Merci.chao.xpi
[2011.10.08 12:11:30 | 000,097,169 | ---- | M] () (No name found) -- C:\Users\konstrukt\AppData\Roaming\mozilla\firefox\profiles\8n9j3n9b.default\extensions\{3d7eb24f-2740-49df-8937-200b1cc08f8a}.xpi
[2012.09.27 11:41:55 | 000,529,316 | ---- | M] () (No name found) -- C:\Users\konstrukt\AppData\Roaming\mozilla\firefox\profiles\8n9j3n9b.default\extensions\{73a6fe31-595d-460b-a920-fcc0f8843232}.xpi
[2012.08.23 11:43:25 | 000,341,143 | ---- | M] () (No name found) -- C:\Users\konstrukt\AppData\Roaming\mozilla\firefox\profiles\8n9j3n9b.default\extensions\{a7c6cf7f-112c-4500-a7ea-39801a327e5f}.xpi
[2012.07.26 17:48:29 | 000,741,958 | ---- | M] () (No name found) -- C:\Users\konstrukt\AppData\Roaming\mozilla\firefox\profiles\8n9j3n9b.default\extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}.xpi
[2012.02.05 14:12:58 | 000,138,614 | ---- | M] () (No name found) -- C:\Users\konstrukt\AppData\Roaming\mozilla\firefox\profiles\8n9j3n9b.default\extensions\{d40f5e7b-d2cf-4856-b441-cc613eeffbe3}.xpi
[2011.10.30 09:15:29 | 000,434,392 | ---- | M] () (No name found) -- C:\Users\konstrukt\AppData\Roaming\mozilla\firefox\profiles\8n9j3n9b.default\extensions\{D4DD63FA-01E4-46a7-B6B1-EDAB7D6AD389}.xpi
[2012.07.25 10:21:08 | 000,702,524 | ---- | M] () (No name found) -- C:\Users\konstrukt\AppData\Roaming\mozilla\firefox\profiles\8n9j3n9b.default\extensions\{dc572301-7619-498c-a57d-39143191b318}.xpi
[2012.05.30 12:47:01 | 000,002,314 | ---- | M] () -- C:\Users\konstrukt\AppData\Roaming\mozilla\firefox\profiles\8n9j3n9b.default\searchplugins\forestle-de.xml
[2012.09.24 18:54:57 | 000,000,000 | ---D | M] (No name found) -- C:\Programme\Mozilla Firefox\extensions
[2012.08.30 19:54:09 | 000,000,000 | ---D | M] (Skype Click to Call) -- C:\Programme\Mozilla Firefox\extensions\{82AF8DCA-6DE9-405D-BD5E-43525BDAD38A}
[2011.10.09 16:57:09 | 000,000,000 | ---D | M] (Citavi Picker) -- C:\PROGRAMDATA\SWISS ACADEMIC SOFTWARE\CITAVI PICKER\FIREFOX
[2012.09.11 11:43:05 | 000,266,720 | ---- | M] (Mozilla Foundation) -- C:\Program Files\mozilla firefox\components\browsercomps.dll
[2011.07.11 23:48:12 | 000,012,800 | ---- | M] (Nullsoft, Inc.) -- C:\Program Files\mozilla firefox\plugins\npwachk.dll
[2012.06.07 15:11:33 | 000,001,392 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\amazondotcom-de.xml
[2012.09.11 11:43:03 | 000,002,465 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\bing.xml
[2012.06.07 15:11:33 | 000,001,153 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\eBay-de.xml
[2012.06.07 15:11:33 | 000,006,805 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\leo_ende_de.xml
[2012.06.07 15:11:33 | 000,001,178 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\wikipedia-de.xml
[2012.06.07 15:11:33 | 000,001,105 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\yahoo-de.xml
 
O1 HOSTS File: ([2006.09.18 23:41:30 | 000,000,761 | ---- | M]) - C:\Windows\System32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1       localhost
O1 - Hosts: ::1             localhost
O2 - BHO: (Java(tm) Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Programme\Java\jre7\bin\ssv.dll (Oracle Corporation)
O2 - BHO: (Skype Browser Helper) - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Programme\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O2 - BHO: (Java(tm) Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Programme\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
O3 - HKLM\..\Toolbar: (no name) - 10 - No CLSID value found.
O4 - HKLM..\Run: [APSDaemon] C:\Program Files\Common Files\Apple\Apple Application Support\APSDaemon.exe (Apple Inc.)
O4 - HKLM..\Run: [avgnt] C:\Program Files\Avira\AntiVir Desktop\avgnt.exe (Avira Operations GmbH & Co. KG)
O4 - HKLM..\Run: [Monitor] C:\Windows\PixArt\Pac207\Monitor.exe (PixArt Imaging Incorporation)
O4 - HKLM..\Run: [RtHDVCpl] C:\Windows\RtHDVCpl.exe (Realtek Semiconductor)
O4 - HKLM..\Run: [SiSTray] C:\Programme\SiS VGA Utilities\SiSTray.exe (Silicon Integrated Systems Corporation)
O4 - HKLM..\Run: [TouchPadHotKey] C:\Programme\FSC\TouchPad HotKey Utility\TouchPad_HotKey.exe ()
O4 - HKLM..\Run: [Windows Defender] C:\Program Files\Windows Defender\MSASCui.exe (Microsoft Corporation)
O4 - HKU\S-1-5-19..\Run: [WindowsWelcomeCenter] C:\Windows\System32\oobefldr.dll (Microsoft Corporation)
O4 - HKU\S-1-5-20..\Run: [WindowsWelcomeCenter] C:\Windows\System32\oobefldr.dll (Microsoft Corporation)
O4 - HKU\S-1-5-21-1911846312-120104458-3615671691-1000..\Run: [Allway Sync] C:\Program Files\Allway Sync\Bin\syncappw.exe ()
O4 - HKU\S-1-5-21-1911846312-120104458-3615671691-1000..\Run: [Battery-Tool] D:\Downloads\Battery-Tool.exe (Sciper)
O4 - HKU\S-1-5-21-1911846312-120104458-3615671691-1000..\Run: [Vidalia] C:\Program Files\Vidalia Bundle\Vidalia\vidalia.exe ()
O8 - Extra context menu item: &Citavi Picker... - C:\ProgramData\Swiss Academic Software\Citavi Picker\Internet Explorer\ShowContextMenu.html ()
O9 - Extra Button: Skype Click to Call - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Programme\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O13 - gopher Prefix: missing
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_22-windows-i586.cab (Reg Error: Value error.)
O16 - DPF: {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_22-windows-i586.cab (Java Plug-in 1.6.0_22)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_22-windows-i586.cab (Java Plug-in 10.7.2)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.0.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{01685FE7-16F4-4D64-900D-66FD15290D8B}: DhcpNameServer = 192.168.0.1
O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Programme\Common Files\Skype\Skype4COM.dll (Skype Technologies)
O18 - Protocol\Handler\skype-ie-addon-data {91774881-D725-4E58-B298-07617B9B86A8} - C:\Programme\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\System32\userinit.exe (Microsoft Corporation)
O24 - Desktop WallPaper: D:\Bilder\Frankreich September 2011\Frankreich September 2011 203.JPG
O24 - Desktop BackupWallPaper: D:\Bilder\Frankreich September 2011\Frankreich September 2011 203.JPG
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2006.09.18 23:43:36 | 000,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ]
O33 - MountPoints2\{52fb2aa4-3945-11e1-b6c8-00a0d1ca3ca6}\Shell - "" = AutoRun
O33 - MountPoints2\{52fb2aa4-3945-11e1-b6c8-00a0d1ca3ca6}\Shell\AutoRun\command - "" = F:\AutoRun.exe
O33 - MountPoints2\{52fb2ab7-3945-11e1-b6c8-00a0d1ca3ca6}\Shell - "" = AutoRun
O33 - MountPoints2\{52fb2ab7-3945-11e1-b6c8-00a0d1ca3ca6}\Shell\AutoRun\command - "" = F:\AutoRun.exe
O33 - MountPoints2\{6b26a856-2a6b-11e1-807e-00a0d1ca3ca6}\Shell - "" = AutoRun
O33 - MountPoints2\{6b26a856-2a6b-11e1-807e-00a0d1ca3ca6}\Shell\AutoRun\command - "" = F:\AutoRun.exe
O33 - MountPoints2\{6b26a859-2a6b-11e1-807e-00a0d1ca3ca6}\Shell - "" = AutoRun
O33 - MountPoints2\{6b26a859-2a6b-11e1-807e-00a0d1ca3ca6}\Shell\AutoRun\command - "" = F:\AutoRun.exe
O33 - MountPoints2\{6b26a8aa-2a6b-11e1-807e-00a0d1ca3ca6}\Shell - "" = AutoRun
O33 - MountPoints2\{6b26a8aa-2a6b-11e1-807e-00a0d1ca3ca6}\Shell\AutoRun\command - "" = F:\AutoRun.exe
O33 - MountPoints2\{6b26a8ab-2a6b-11e1-807e-00a0d1ca3ca6}\Shell - "" = AutoRun
O33 - MountPoints2\{6b26a8ab-2a6b-11e1-807e-00a0d1ca3ca6}\Shell\AutoRun\command - "" = F:\AutoRun.exe
O33 - MountPoints2\{f16548ad-399e-11e1-8299-806e6f6e6963}\Shell - "" = AutoRun
O33 - MountPoints2\{f16548ad-399e-11e1-8299-806e6f6e6963}\Shell\AutoRun\command - "" = F:\AutoRun.exe
O34 - HKLM BootExecute: (autocheck autochk *)
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)
 
NetSvcs: FastUserSwitchingCompatibility -  File not found
NetSvcs: Ias - C:\Windows\System32\ias.dll (Microsoft Corporation)
NetSvcs: Nla -  File not found
NetSvcs: Ntmssvc -  File not found
NetSvcs: NWCWorkstation -  File not found
NetSvcs: Nwsapagent -  File not found
NetSvcs: SRService -  File not found
NetSvcs: WmdmPmSp -  File not found
NetSvcs: LogonHours -  File not found
NetSvcs: PCAudit -  File not found
NetSvcs: helpsvc -  File not found
NetSvcs: uploadmgr -  File not found
 
MsConfig - StartUpReg: avgnt - hkey= - key= - C:\Program Files\Avira\AntiVir Desktop\avgnt.exe (Avira Operations GmbH & Co. KG)
MsConfig - StartUpReg: KeePass 2 PreLoad - hkey= - key= - C:\Program Files\KeePass Password Safe 2\KeePass.exe (Dominik Reichl)
MsConfig - StartUpReg: Skytel - hkey= - key= - C:\Windows\SkyTel.exe (Realtek Semiconductor Corp.)
MsConfig - StartUpReg: VirtualCloneDrive - hkey= - key= - C:\Program Files\VirtualCloneDrive\VCDDaemon.exe (Elaborate Bytes AG)
 
SafeBootMin: Base - Driver Group
SafeBootMin: Boot Bus Extender - Driver Group
SafeBootMin: Boot file system - Driver Group
SafeBootMin: File system - Driver Group
SafeBootMin: Filter - Driver Group
SafeBootMin: HelpSvc - Service
SafeBootMin: NTDS -  File not found
SafeBootMin: PCI Configuration - Driver Group
SafeBootMin: PNP Filter - Driver Group
SafeBootMin: Primary disk - Driver Group
SafeBootMin: sacsvr - Service
SafeBootMin: SCSI Class - Driver Group
SafeBootMin: System Bus Extender - Driver Group
SafeBootMin: WinDefend - C:\Programme\Windows Defender\MpSvc.dll (Microsoft Corporation)
SafeBootMin: {36FC9E60-C465-11CF-8056-444553540000} - Universal Serial Bus controllers
SafeBootMin: {4D36E965-E325-11CE-BFC1-08002BE10318} - CD-ROM Drive
SafeBootMin: {4D36E967-E325-11CE-BFC1-08002BE10318} - DiskDrive
SafeBootMin: {4D36E969-E325-11CE-BFC1-08002BE10318} - Standard floppy disk controller
SafeBootMin: {4D36E96A-E325-11CE-BFC1-08002BE10318} - Hdc
SafeBootMin: {4D36E96B-E325-11CE-BFC1-08002BE10318} - Keyboard
SafeBootMin: {4D36E96F-E325-11CE-BFC1-08002BE10318} - Mouse
SafeBootMin: {4D36E977-E325-11CE-BFC1-08002BE10318} - PCMCIA Adapters
SafeBootMin: {4D36E97B-E325-11CE-BFC1-08002BE10318} - SCSIAdapter
SafeBootMin: {4D36E97D-E325-11CE-BFC1-08002BE10318} - System
SafeBootMin: {4D36E980-E325-11CE-BFC1-08002BE10318} - Floppy disk drive
SafeBootMin: {533C5B84-EC70-11D2-9505-00C04F79DEAF} - Volume shadow copy
SafeBootMin: {6BDD1FC1-810F-11D0-BEC7-08002BE2092F} - IEEE 1394 Bus host controllers
SafeBootMin: {71A27CDD-812A-11D0-BEC7-08002BE2092F} - Volume
SafeBootMin: {745A17A0-74D3-11D0-B6FE-00A0C90F57DA} - Human Interface Devices
SafeBootMin: {D48179BE-EC20-11D1-B6B8-00C04FA372A7} - SBP2 IEEE 1394 Devices
SafeBootMin: {D94EE5D8-D189-4994-83D2-F68D7D41B0E6} - SecurityDevices
 
SafeBootNet: Base - Driver Group
SafeBootNet: Boot Bus Extender - Driver Group
SafeBootNet: Boot file system - Driver Group
SafeBootNet: File system - Driver Group
SafeBootNet: Filter - Driver Group
SafeBootNet: HelpSvc - Service
SafeBootNet: Messenger - Service
SafeBootNet: NDIS Wrapper - Driver Group
SafeBootNet: NetBIOSGroup - Driver Group
SafeBootNet: NetDDEGroup - Driver Group
SafeBootNet: Network - Driver Group
SafeBootNet: NetworkProvider - Driver Group
SafeBootNet: NTDS -  File not found
SafeBootNet: PCI Configuration - Driver Group
SafeBootNet: PNP Filter - Driver Group
SafeBootNet: PNP_TDI - Driver Group
SafeBootNet: Primary disk - Driver Group
SafeBootNet: rdsessmgr - Service
SafeBootNet: sacsvr - Service
SafeBootNet: SCSI Class - Driver Group
SafeBootNet: Streams Drivers - Driver Group
SafeBootNet: System Bus Extender - Driver Group
SafeBootNet: TDI - Driver Group
SafeBootNet: WinDefend - C:\Programme\Windows Defender\MpSvc.dll (Microsoft Corporation)
SafeBootNet: WudfPf - Driver
SafeBootNet: WudfUsbccidDriver - Driver
SafeBootNet: {36FC9E60-C465-11CF-8056-444553540000} - Universal Serial Bus controllers
SafeBootNet: {4D36E965-E325-11CE-BFC1-08002BE10318} - CD-ROM Drive
SafeBootNet: {4D36E967-E325-11CE-BFC1-08002BE10318} - DiskDrive
SafeBootNet: {4D36E969-E325-11CE-BFC1-08002BE10318} - Standard floppy disk controller
SafeBootNet: {4D36E96A-E325-11CE-BFC1-08002BE10318} - Hdc
SafeBootNet: {4D36E96B-E325-11CE-BFC1-08002BE10318} - Keyboard
SafeBootNet: {4D36E96F-E325-11CE-BFC1-08002BE10318} - Mouse
SafeBootNet: {4D36E972-E325-11CE-BFC1-08002BE10318} - Net
SafeBootNet: {4D36E973-E325-11CE-BFC1-08002BE10318} - NetClient
SafeBootNet: {4D36E974-E325-11CE-BFC1-08002BE10318} - NetService
SafeBootNet: {4D36E975-E325-11CE-BFC1-08002BE10318} - NetTrans
SafeBootNet: {4D36E977-E325-11CE-BFC1-08002BE10318} - PCMCIA Adapters
SafeBootNet: {4D36E97B-E325-11CE-BFC1-08002BE10318} - SCSIAdapter
SafeBootNet: {4D36E97D-E325-11CE-BFC1-08002BE10318} - System
SafeBootNet: {4D36E980-E325-11CE-BFC1-08002BE10318} - Floppy disk drive
SafeBootNet: {50DD5230-BA8A-11D1-BF5D-0000F805F530} - Smart card readers
SafeBootNet: {533C5B84-EC70-11D2-9505-00C04F79DEAF} - Volume shadow copy
SafeBootNet: {6BDD1FC1-810F-11D0-BEC7-08002BE2092F} - IEEE 1394 Bus host controllers
SafeBootNet: {71A27CDD-812A-11D0-BEC7-08002BE2092F} - Volume
SafeBootNet: {745A17A0-74D3-11D0-B6FE-00A0C90F57DA} - Human Interface Devices
SafeBootNet: {D48179BE-EC20-11D1-B6B8-00C04FA372A7} - SBP2 IEEE 1394 Devices
SafeBootNet: {D94EE5D8-D189-4994-83D2-F68D7D41B0E6} - SecurityDevices
 
ActiveX: {08B0E5C0-4FCB-11CF-AAA5-00401C608500} - Java (Sun)
ActiveX: {2179C5D3-EBFF-11CF-B6FD-00AA00B4E220} - 
ActiveX: {22d6f312-b0f6-11d0-94ab-0080c74c7e95} - Microsoft Windows Media Player 11.0
ActiveX: {25FFAAD0-F4A3-4164-95FF-4461E9F35D51} - .NET Framework
ActiveX: {2C7339CF-2B09-4501-B3F3-F3508C9228ED} - %SystemRoot%\system32\regsvr32.exe /s /n /i:/UserInstall %SystemRoot%\system32\themeui.dll
ActiveX: {3af36230-a269-11d1-b5bf-0000f8051515} - Offline Browsing Pack
ActiveX: {3C3901C5-3455-3E0A-A214-0B093A5070A6} - .NET Framework
ActiveX: {44BBA840-CC51-11CF-AAFA-00AA00B6015C} - "%ProgramFiles%\Windows Mail\WinMail.exe" OCInstallUserConfigOE
ActiveX: {44BBA848-CC51-11CF-AAFA-00AA00B6015C} - 
ActiveX: {44BBA855-CC51-11CF-AAFA-00AA00B6015F} - DirectDrawEx
ActiveX: {45ea75a0-a269-11d1-b5bf-0000f8051515} - Internet Explorer Help
ActiveX: {4f645220-306d-11d2-995d-00c04f98bbc9} - Microsoft Windows Script 5.6
ActiveX: {5fd399c0-a70a-11d1-9948-00c04f98bbc9} - Internet Explorer Setup Tools
ActiveX: {630b1da0-b465-11d1-9948-00c04f98bbc9} - Browsing Enhancements
ActiveX: {6BF52A52-394A-11d3-B153-00C04F79FAA6} - Microsoft Windows Media Player
ActiveX: {6fab99d0-bab8-11d1-994a-00c04f98bbc9} - MSN Site Access
ActiveX: {7790769C-0471-11d2-AF11-00C04FA35D02} - Address Book 7
ActiveX: {7C028AF8-F614-47B3-82DA-BA94E41B1089} - .NET Framework
ActiveX: {89820200-ECBD-11cf-8B85-00AA005B4340} - regsvr32.exe /s /n /i:U shell32.dll
ActiveX: {89820200-ECBD-11cf-8B85-00AA005B4383} - C:\Windows\system32\ie4uinit.exe -BaseSettings
ActiveX: {89B4C1CD-B018-4511-B0A1-5476DBF70820} - C:\Windows\system32\Rundll32.exe C:\Windows\system32\mscories.dll,Install
ActiveX: {9381D8F2-0288-11D0-9501-00AA00B911A5} - Dynamic HTML Data Binding
ActiveX: {C9E9A340-D1F1-11D0-821E-444553540600} - Internet Explorer Core Fonts
ActiveX: {CDD7975E-60F8-41d5-8149-19E51D6F71D0} - Windows Movie Maker v2.1
ActiveX: {de5aed00-a4bf-11d1-9948-00c04f98bbc9} - HTML Help
ActiveX: {E92B03AB-B707-11d2-9CBD-0000F87A369E} - Active Directory Service Interface
ActiveX: >{22d6f312-b0f6-11d0-94ab-0080c74c7e95} - C:\Windows\system32\unregmp2.exe /ShowWMP
ActiveX: >{26923b43-4d38-484f-9b9e-de460746276c} - C:\Windows\system32\ie4uinit.exe -UserIconConfig
ActiveX: >{60B49E34-C7CC-11D0-8953-00A0C90347FF} - "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\iedkcs32.dll",BrandIEActiveSetup SIGNUP
 
Drivers32: msacm.l3acm - C:\Windows\System32\l3codeca.acm (Fraunhofer Institut Integrierte Schaltungen IIS)
Drivers32: MSVideo8 - C:\Windows\System32\vfwwdm32.dll (Microsoft Corporation)
Drivers32: vidc.cvid - C:\Windows\System32\iccvid.dll (Radius Inc.)
 
CREATERESTOREPOINT
Restore point Set: OTL Restore Point
 
========== Files/Folders - Created Within 30 Days ==========
 
[2012.09.28 15:20:22 | 000,000,000 | ---D | C] -- C:\Program Files\ESET
[2012.09.28 15:18:21 | 002,322,184 | ---- | C] (ESET) -- C:\Users\konstrukt\Desktop\esetsmartinstaller_enu.exe
[2012.09.27 12:22:26 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes' Anti-Malware
[2012.09.27 12:22:23 | 000,022,856 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbam.sys
[2012.09.27 12:22:23 | 000,000,000 | ---D | C] -- C:\Program Files\Malwarebytes' Anti-Malware
[2012.09.24 19:08:54 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\DVDVideoSoft
[2012.09.24 19:08:36 | 000,000,000 | ---D | C] -- C:\Program Files\DVDVideoSoft
[2012.09.24 19:08:36 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\DVDVideoSoft
[2012.09.24 19:06:47 | 000,000,000 | ---D | C] -- C:\Users\konstrukt\AppData\Roaming\DVDVideoSoft
[2012.09.24 18:54:26 | 000,479,232 | ---- | C] (NCT Company Ltd.) -- C:\Windows\System32\AudioVisu.dll
[2012.09.24 18:54:26 | 000,454,656 | ---- | C] (NCT Company Ltd.) -- C:\Windows\System32\AudioRecord.dll
[2012.09.24 18:54:26 | 000,348,160 | ---- | C] (NCT Company Ltd.) -- C:\Windows\System32\WMAFile.dll
[2012.09.24 18:54:25 | 002,084,864 | ---- | C] (NCT Company Ltd.) -- C:\Windows\System32\AudDesign.dll
[2012.09.24 18:54:25 | 001,986,560 | ---- | C] (NCT Company Ltd.) -- C:\Windows\System32\AudFile.dll
[2012.09.24 18:54:25 | 001,212,416 | ---- | C] (NCT Company Ltd.) -- C:\Windows\System32\AudioInfos.dll
[2012.09.24 18:54:25 | 000,458,752 | ---- | C] (NCT Company Ltd.) -- C:\Windows\System32\AudPlayer.dll
[2012.09.24 18:54:25 | 000,417,792 | ---- | C] (NCT Company Ltd.) -- C:\Windows\System32\AudDisplay.dll
[2012.09.24 18:54:23 | 000,000,000 | ---D | C] -- C:\Users\konstrukt\AppData\Roaming\FreeAudioPack
[2012.09.24 18:54:23 | 000,000,000 | ---D | C] -- C:\Program Files\Free mp3 Wma Converter
[2012.09.20 19:14:41 | 000,000,000 | ---D | C] -- C:\Users\konstrukt\AppData\Roaming\TrueCrypt
[2012.09.18 21:07:22 | 000,000,000 | ---D | C] -- C:\Users\konstrukt\Desktop\Hanna Aufnahmegerät
[2012.09.06 18:52:10 | 000,000,000 | ---D | C] -- C:\Users\konstrukt\AppData\Roaming\F4
[2012.09.06 18:50:23 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\f4_2012
[2012.09.06 18:50:22 | 000,000,000 | ---D | C] -- C:\Program Files\f4_2012
[2012.09.06 15:36:19 | 000,000,000 | ---D | C] -- C:\Users\konstrukt\AppData\Roaming\Avira
[2012.09.06 15:29:56 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Avira
[2012.09.06 15:29:42 | 000,028,520 | ---- | C] (Avira GmbH) -- C:\Windows\System32\drivers\ssmdrv.sys
[2012.09.06 15:29:41 | 000,137,928 | ---- | C] (Avira GmbH) -- C:\Windows\System32\drivers\avipbb.sys
[2012.09.06 15:29:41 | 000,083,392 | ---- | C] (Avira GmbH) -- C:\Windows\System32\drivers\avgntflt.sys
[2012.09.06 15:29:41 | 000,036,000 | ---- | C] (Avira GmbH) -- C:\Windows\System32\drivers\avkmgr.sys
[2012.09.06 15:29:39 | 000,000,000 | ---D | C] -- C:\ProgramData\Avira
[2012.09.06 15:29:39 | 000,000,000 | ---D | C] -- C:\Program Files\Avira
[2012.09.05 11:46:44 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Java
[1 C:\Windows\System32\*.tmp files -> C:\Windows\System32\*.tmp -> ]
[1 C:\*.tmp files -> C:\*.tmp -> ]
 
========== Files - Modified Within 30 Days ==========
 
[2012.09.28 23:24:00 | 000,001,104 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job
[2012.09.28 23:22:00 | 000,000,884 | ---- | M] () -- C:\Windows\tasks\Adobe Flash Player Updater.job
[2012.09.28 22:38:00 | 000,003,648 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0
[2012.09.28 22:38:00 | 000,003,648 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0
[2012.09.28 22:37:50 | 000,001,100 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job
[2012.09.28 22:37:40 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2012.09.28 22:37:34 | 2010,300,416 | -HS- | M] () -- C:\hiberfil.sys
[2012.09.28 21:19:22 | 000,513,501 | ---- | M] () -- C:\Users\konstrukt\Desktop\adwcleaner.exe
[2012.09.28 15:34:21 | 000,628,742 | ---- | M] () -- C:\Windows\System32\perfh007.dat
[2012.09.28 15:34:21 | 000,595,996 | ---- | M] () -- C:\Windows\System32\perfh009.dat
[2012.09.28 15:34:21 | 000,126,260 | ---- | M] () -- C:\Windows\System32\perfc007.dat
[2012.09.28 15:34:21 | 000,104,070 | ---- | M] () -- C:\Windows\System32\perfc009.dat
[2012.09.28 15:18:23 | 002,322,184 | ---- | M] (ESET) -- C:\Users\konstrukt\Desktop\esetsmartinstaller_enu.exe
[2012.09.27 16:47:24 | 000,000,000 | ---- | M] () -- C:\Users\konstrukt\defogger_reenable
[2012.09.27 12:22:26 | 000,000,906 | ---- | M] () -- C:\Users\Public\Desktop\ Malwarebytes Anti-Malware .lnk
[2012.09.24 19:08:55 | 000,002,009 | ---- | M] () -- C:\Users\konstrukt\Desktop\Free Audio Converter.lnk
[2012.09.15 20:14:09 | 000,103,424 | ---- | M] () -- C:\Users\konstrukt\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2012.09.07 17:04:46 | 000,022,856 | ---- | M] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbam.sys
[2012.09.06 18:50:23 | 000,000,759 | ---- | M] () -- C:\Users\Public\Desktop\f4_2012.lnk
[2012.09.06 12:37:08 | 000,000,436 | ---- | M] () -- C:\Users\konstrukt\Desktop\Musik.lnk
[1 C:\Windows\System32\*.tmp files -> C:\Windows\System32\*.tmp -> ]
[1 C:\*.tmp files -> C:\*.tmp -> ]
 
========== Files Created - No Company Name ==========
 
[2012.09.28 21:18:59 | 000,513,501 | ---- | C] () -- C:\Users\konstrukt\Desktop\adwcleaner.exe
[2012.09.27 16:47:24 | 000,000,000 | ---- | C] () -- C:\Users\konstrukt\defogger_reenable
[2012.09.27 12:22:26 | 000,000,906 | ---- | C] () -- C:\Users\Public\Desktop\ Malwarebytes Anti-Malware .lnk
[2012.09.24 19:08:55 | 000,002,009 | ---- | C] () -- C:\Users\konstrukt\Desktop\Free Audio Converter.lnk
[2012.09.24 18:54:26 | 000,116,296 | ---- | C] () -- C:\Windows\System32\NCTWMAProfiles.prx
[2012.09.06 18:50:23 | 000,000,759 | ---- | C] () -- C:\Users\Public\Desktop\f4_2012.lnk
[2012.09.06 12:36:39 | 000,000,436 | ---- | C] () -- C:\Users\konstrukt\Desktop\Musik.lnk
[2012.08.23 13:02:34 | 000,028,511 | ---- | C] () -- C:\Users\konstrukt\.recently-used.xbel
[2012.07.02 22:23:23 | 000,164,247 | ---- | C] () -- C:\Windows\hpoins19.dat
[2012.07.02 22:15:13 | 000,026,952 | ---- | C] () -- C:\Windows\hpomdl19.dat
[2011.10.10 01:07:37 | 000,628,742 | ---- | C] () -- C:\Windows\System32\perfh007.dat
[2011.10.10 01:07:37 | 000,290,748 | ---- | C] () -- C:\Windows\System32\perfi007.dat
[2011.10.10 01:07:37 | 000,126,260 | ---- | C] () -- C:\Windows\System32\perfc007.dat
[2011.10.10 01:07:37 | 000,036,916 | ---- | C] () -- C:\Windows\System32\perfd007.dat
[2011.10.09 19:16:41 | 000,062,976 | ---- | C] () -- C:\Windows\System32\PrintBrmUi.exe
[2011.10.09 19:16:30 | 000,117,248 | ---- | C] () -- C:\Windows\System32\EhStorAuthn.dll
[2011.10.09 19:15:39 | 000,107,612 | ---- | C] () -- C:\Windows\System32\StructuredQuerySchema.bin
[2011.10.09 19:15:39 | 000,018,904 | ---- | C] () -- C:\Windows\System32\StructuredQuerySchemaTrivial.bin
[2011.10.09 17:30:09 | 000,000,454 | ---- | C] () -- C:\Users\konstrukt\Wissenschaft.lnk
[2011.10.09 17:22:37 | 000,103,424 | ---- | C] () -- C:\Users\konstrukt\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2011.10.09 17:12:51 | 000,000,291 | ---- | C] () -- C:\Users\konstrukt\Download.lnk
[2011.10.09 16:04:39 | 000,116,224 | ---- | C] () -- C:\Windows\System32\pdfcmnnt.dll
[2011.10.09 16:03:29 | 001,060,424 | ---- | C] () -- C:\Windows\System32\WdfCoInstaller01000.dll
[2011.10.09 15:21:03 | 000,000,680 | ---- | C] () -- C:\Users\konstrukt\AppData\Local\d3d9caps.dat
[2011.10.09 14:29:19 | 000,000,022 | ---- | C] () -- C:\Program Files\cdex_151.zip
 
========== ZeroAccess Check ==========
 
[2006.11.02 14:54:18 | 000,000,227 | RHS- | M] () -- C:\Windows\assembly\Desktop.ini
 
[HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
 
[HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32]
 
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
"" = %SystemRoot%\system32\shell32.dll -- [2012.06.08 19:47:00 | 011,586,048 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment
 
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32]
"" = %systemroot%\system32\wbem\fastprox.dll -- [2009.04.10 23:28:20 | 000,614,912 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free
 
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32]
"" = %systemroot%\system32\wbem\wbemess.dll -- [2009.04.10 23:28:26 | 000,347,648 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Both
 
========== LOP Check ==========
 
[2012.08.15 13:02:01 | 000,000,000 | ---D | M] -- C:\Users\konstrukt\AppData\Roaming\Azureus
[2011.12.11 12:31:07 | 000,000,000 | ---D | M] -- C:\Users\konstrukt\AppData\Roaming\Canneverbe Limited
[2012.08.30 17:26:04 | 000,000,000 | ---D | M] -- C:\Users\konstrukt\AppData\Roaming\Dropbox
[2012.09.24 19:09:07 | 000,000,000 | ---D | M] -- C:\Users\konstrukt\AppData\Roaming\DVDVideoSoft
[2012.09.28 15:13:49 | 000,000,000 | ---D | M] -- C:\Users\konstrukt\AppData\Roaming\F4
[2012.09.24 18:55:19 | 000,000,000 | ---D | M] -- C:\Users\konstrukt\AppData\Roaming\FreeAudioPack
[2012.05.16 13:09:59 | 000,000,000 | ---D | M] -- C:\Users\konstrukt\AppData\Roaming\gnupg
[2012.08.23 13:00:17 | 000,000,000 | ---D | M] -- C:\Users\konstrukt\AppData\Roaming\gtk-2.0
[2012.08.03 14:15:02 | 000,000,000 | ---D | M] -- C:\Users\konstrukt\AppData\Roaming\Image Zone Express
[2011.11.27 13:47:45 | 000,000,000 | ---D | M] -- C:\Users\konstrukt\AppData\Roaming\KeePass
[2012.08.20 19:22:32 | 000,000,000 | ---D | M] -- C:\Users\konstrukt\AppData\Roaming\MyPhoneExplorer
[2011.10.10 17:05:03 | 000,000,000 | ---D | M] -- C:\Users\konstrukt\AppData\Roaming\OpenOffice.org
[2011.10.09 15:50:24 | 000,000,000 | ---D | M] -- C:\Users\konstrukt\AppData\Roaming\Opera
[2012.07.27 17:22:13 | 000,000,000 | ---D | M] -- C:\Users\konstrukt\AppData\Roaming\Printer Info Cache
[2012.05.24 17:05:23 | 000,000,000 | ---D | M] -- C:\Users\konstrukt\AppData\Roaming\Swiss Academic Software
[2011.10.10 17:12:59 | 000,000,000 | ---D | M] -- C:\Users\konstrukt\AppData\Roaming\Sync App Settings
[2011.10.09 16:01:38 | 000,000,000 | ---D | M] -- C:\Users\konstrukt\AppData\Roaming\Thunderbird
[2012.06.06 17:33:49 | 000,000,000 | ---D | M] -- C:\Users\konstrukt\AppData\Roaming\TIPP10
[2012.09.20 19:14:41 | 000,000,000 | ---D | M] -- C:\Users\konstrukt\AppData\Roaming\TrueCrypt
[2012.08.20 19:23:56 | 000,000,000 | ---D | M] -- C:\Users\konstrukt\AppData\Roaming\TuneUp Software
 
========== Purity Check ==========
 
 
 
========== Custom Scans ==========
 
< %ALLUSERSPROFILE%\Application Data\*. >
 
< %ALLUSERSPROFILE%\Application Data\*.exe /s >
 
< %APPDATA%\*. >
[2011.10.10 14:22:43 | 000,000,000 | ---D | M] -- C:\Users\konstrukt\AppData\Roaming\Adobe
[2012.05.10 10:33:02 | 000,000,000 | ---D | M] -- C:\Users\konstrukt\AppData\Roaming\Apple Computer
[2012.09.06 15:36:19 | 000,000,000 | ---D | M] -- C:\Users\konstrukt\AppData\Roaming\Avira
[2012.08.15 13:02:01 | 000,000,000 | ---D | M] -- C:\Users\konstrukt\AppData\Roaming\Azureus
[2011.12.11 12:31:07 | 000,000,000 | ---D | M] -- C:\Users\konstrukt\AppData\Roaming\Canneverbe Limited
[2012.08.30 17:26:04 | 000,000,000 | ---D | M] -- C:\Users\konstrukt\AppData\Roaming\Dropbox
[2011.12.20 21:58:32 | 000,000,000 | ---D | M] -- C:\Users\konstrukt\AppData\Roaming\dvdcss
[2012.09.24 19:09:07 | 000,000,000 | ---D | M] -- C:\Users\konstrukt\AppData\Roaming\DVDVideoSoft
[2012.09.28 15:13:49 | 000,000,000 | ---D | M] -- C:\Users\konstrukt\AppData\Roaming\F4
[2012.09.24 18:55:19 | 000,000,000 | ---D | M] -- C:\Users\konstrukt\AppData\Roaming\FreeAudioPack
[2012.05.16 13:09:59 | 000,000,000 | ---D | M] -- C:\Users\konstrukt\AppData\Roaming\gnupg
[2012.08.23 13:00:17 | 000,000,000 | ---D | M] -- C:\Users\konstrukt\AppData\Roaming\gtk-2.0
[2012.08.03 14:16:17 | 000,000,000 | ---D | M] -- C:\Users\konstrukt\AppData\Roaming\HP
[2011.10.09 15:21:09 | 000,000,000 | ---D | M] -- C:\Users\konstrukt\AppData\Roaming\Identities
[2012.08.03 14:15:02 | 000,000,000 | ---D | M] -- C:\Users\konstrukt\AppData\Roaming\Image Zone Express
[2011.10.09 16:09:49 | 000,000,000 | ---D | M] -- C:\Users\konstrukt\AppData\Roaming\InstallShield
[2011.11.27 13:47:45 | 000,000,000 | ---D | M] -- C:\Users\konstrukt\AppData\Roaming\KeePass
[2011.10.09 16:34:21 | 000,000,000 | ---D | M] -- C:\Users\konstrukt\AppData\Roaming\Macromedia
[2012.03.11 20:31:40 | 000,000,000 | ---D | M] -- C:\Users\konstrukt\AppData\Roaming\Malwarebytes
[2012.08.14 16:34:25 | 000,000,000 | --SD | M] -- C:\Users\konstrukt\AppData\Roaming\Microsoft
[2011.10.09 15:47:31 | 000,000,000 | ---D | M] -- C:\Users\konstrukt\AppData\Roaming\Mozilla
[2012.08.20 19:22:32 | 000,000,000 | ---D | M] -- C:\Users\konstrukt\AppData\Roaming\MyPhoneExplorer
[2011.10.10 17:05:03 | 000,000,000 | ---D | M] -- C:\Users\konstrukt\AppData\Roaming\OpenOffice.org
[2011.10.09 15:50:24 | 000,000,000 | ---D | M] -- C:\Users\konstrukt\AppData\Roaming\Opera
[2012.07.27 17:22:13 | 000,000,000 | ---D | M] -- C:\Users\konstrukt\AppData\Roaming\Printer Info Cache
[2012.09.27 17:10:18 | 000,000,000 | ---D | M] -- C:\Users\konstrukt\AppData\Roaming\Skype
[2012.05.24 17:05:23 | 000,000,000 | ---D | M] -- C:\Users\konstrukt\AppData\Roaming\Swiss Academic Software
[2011.10.10 17:12:59 | 000,000,000 | ---D | M] -- C:\Users\konstrukt\AppData\Roaming\Sync App Settings
[2011.10.09 16:01:38 | 000,000,000 | ---D | M] -- C:\Users\konstrukt\AppData\Roaming\Thunderbird
[2012.06.06 17:33:49 | 000,000,000 | ---D | M] -- C:\Users\konstrukt\AppData\Roaming\TIPP10
[2012.09.28 23:33:44 | 000,000,000 | ---D | M] -- C:\Users\konstrukt\AppData\Roaming\Tor
[2012.09.20 19:14:41 | 000,000,000 | ---D | M] -- C:\Users\konstrukt\AppData\Roaming\TrueCrypt
[2012.08.20 19:23:56 | 000,000,000 | ---D | M] -- C:\Users\konstrukt\AppData\Roaming\TuneUp Software
[2012.09.28 10:41:18 | 000,000,000 | ---D | M] -- C:\Users\konstrukt\AppData\Roaming\Vidalia
[2012.02.17 23:23:05 | 000,000,000 | ---D | M] -- C:\Users\konstrukt\AppData\Roaming\vlc
[2012.08.22 09:29:39 | 000,000,000 | ---D | M] -- C:\Users\konstrukt\AppData\Roaming\Winamp
[2012.03.11 20:43:16 | 000,000,000 | ---D | M] -- C:\Users\konstrukt\AppData\Roaming\WinRAR
 
< %APPDATA%\*.exe /s >
[2012.04.06 11:37:29 | 000,310,208 | ---- | M] (Georgia Institute of Technology) -- C:\Users\konstrukt\AppData\Roaming\Azureus\plugins\mlab\ShaperProbeC.exe
[2012.05.24 20:39:22 | 027,112,840 | ---- | M] (Dropbox, Inc.) -- C:\Users\konstrukt\AppData\Roaming\Dropbox\bin\Dropbox.exe
[2012.05.04 20:41:38 | 000,872,104 | ---- | M] (Dropbox, Inc.) -- C:\Users\konstrukt\AppData\Roaming\Dropbox\bin\DropboxUpdateHelper.exe
[2012.05.24 20:39:56 | 000,177,280 | ---- | M] (Dropbox, Inc.) -- C:\Users\konstrukt\AppData\Roaming\Dropbox\bin\Uninstall.exe
 
< %SYSTEMDRIVE%\*.exe >
 
< MD5 for: AGP440.SYS  >
[2008.01.18 23:42:26 | 000,056,376 | ---- | M] (Microsoft Corporation) MD5=13F9E33747E6B41A3FF305C37DB0D360 -- C:\Windows\System32\DriverStore\FileRepository\machine.inf_51b95d75\AGP440.sys
[2008.01.18 23:42:26 | 000,056,376 | ---- | M] (Microsoft Corporation) MD5=13F9E33747E6B41A3FF305C37DB0D360 -- C:\Windows\System32\DriverStore\FileRepository\machine.inf_f750e484\AGP440.sys
[2008.01.18 23:42:26 | 000,056,376 | ---- | M] (Microsoft Corporation) MD5=13F9E33747E6B41A3FF305C37DB0D360 -- C:\Windows\winsxs\x86_machine.inf_31bf3856ad364e35_6.0.6001.18000_none_ba12ed3bbeb0d97a\AGP440.sys
[2008.01.18 23:42:26 | 000,056,376 | ---- | M] (Microsoft Corporation) MD5=13F9E33747E6B41A3FF305C37DB0D360 -- C:\Windows\winsxs\x86_machine.inf_31bf3856ad364e35_6.0.6002.18005_none_bbfe6647bbd2a4c6\AGP440.sys
[2011.10.09 16:00:17 | 000,053,864 | ---- | M] (Microsoft Corporation) MD5=8B10CE1C1F9F1D47E4DEB1A547A00CD4 -- C:\Windows\System32\DriverStore\FileRepository\machine.inf_8ed06b47\AGP440.sys
[2011.10.09 16:00:17 | 000,053,864 | ---- | M] (Microsoft Corporation) MD5=8B10CE1C1F9F1D47E4DEB1A547A00CD4 -- C:\Windows\winsxs\x86_machine.inf_31bf3856ad364e35_6.0.6000.16400_none_b82caac9c18a4e3b\AGP440.sys
[2011.10.09 16:00:16 | 000,053,864 | ---- | M] (Microsoft Corporation) MD5=BF34B4A0E0B64440C5389AA6B902F4AD -- C:\Windows\winsxs\x86_machine.inf_31bf3856ad364e35_6.0.6000.20496_none_b85af81edaeb8461\AGP440.sys
[2006.11.02 11:49:52 | 000,053,864 | ---- | M] (Microsoft Corporation) MD5=EF23439CDD587F64C2C1B8825CEAD7D8 -- C:\Windows\System32\drivers\AGP440.sys
[2006.11.02 11:49:52 | 000,053,864 | ---- | M] (Microsoft Corporation) MD5=EF23439CDD587F64C2C1B8825CEAD7D8 -- C:\Windows\System32\DriverStore\FileRepository\machine.inf_920a2c1f\AGP440.sys
 
< MD5 for: ATAPI.SYS  >
[2009.04.10 23:32:28 | 000,019,944 | ---- | M] (Microsoft Corporation) MD5=1F05B78AB91C9075565A9D8A4B880BC4 -- C:\Windows\System32\drivers\atapi.sys
[2009.04.10 23:32:28 | 000,019,944 | ---- | M] (Microsoft Corporation) MD5=1F05B78AB91C9075565A9D8A4B880BC4 -- C:\Windows\System32\DriverStore\FileRepository\mshdc.inf_b12d8e84\atapi.sys
[2009.04.10 23:32:28 | 000,019,944 | ---- | M] (Microsoft Corporation) MD5=1F05B78AB91C9075565A9D8A4B880BC4 -- C:\Windows\winsxs\x86_mshdc.inf_31bf3856ad364e35_6.0.6002.18005_none_df23a1261eab99e8\atapi.sys
[2008.01.18 23:41:32 | 000,021,560 | ---- | M] (Microsoft Corporation) MD5=2D9C903DC76A66813D350A562DE40ED9 -- C:\Windows\System32\DriverStore\FileRepository\mshdc.inf_cc18792d\atapi.sys
[2008.01.18 23:41:32 | 000,021,560 | ---- | M] (Microsoft Corporation) MD5=2D9C903DC76A66813D350A562DE40ED9 -- C:\Windows\winsxs\x86_mshdc.inf_31bf3856ad364e35_6.0.6001.18000_none_dd38281a2189ce9c\atapi.sys
[2006.11.02 11:49:36 | 000,019,048 | ---- | M] (Microsoft Corporation) MD5=4F4FCB8B6EA06784FB6D475B7EC7300F -- C:\Windows\System32\DriverStore\FileRepository\mshdc.inf_c6c2e699\atapi.sys
[2007.08.22 10:46:11 | 000,021,688 | ---- | M] (Microsoft Corporation) MD5=78620BDA3EC87816E5D1FA86F920BC3A -- C:\Windows\System32\DriverStore\FileRepository\mshdc.inf_c2a1b5ae\atapi.sys
[2007.08.22 10:46:11 | 000,021,688 | ---- | M] (Microsoft Corporation) MD5=78620BDA3EC87816E5D1FA86F920BC3A -- C:\Windows\winsxs\x86_mshdc.inf_31bf3856ad364e35_6.0.6000.20518_none_dbd8b4d73d81c9d0\atapi.sys
 
< MD5 for: CNGAUDIT.DLL  >
[2006.11.02 11:46:03 | 000,011,776 | ---- | M] (Microsoft Corporation) MD5=7F15B4953378C8B5161D65C26D5FED4D -- C:\Windows\System32\cngaudit.dll
[2006.11.02 11:46:03 | 000,011,776 | ---- | M] (Microsoft Corporation) MD5=7F15B4953378C8B5161D65C26D5FED4D -- C:\Windows\winsxs\x86_microsoft-windows-cngaudit-dll_31bf3856ad364e35_6.0.6000.16386_none_e62d292932a96ce6\cngaudit.dll
 
< MD5 for: IASTORV.SYS  >
[2008.01.18 23:42:52 | 000,235,064 | ---- | M] (Intel Corporation) MD5=54155EA1B0DF185878E0FC9EC3AC3A14 -- C:\Windows\System32\DriverStore\FileRepository\iastorv.inf_c9df7691\iaStorV.sys
[2008.01.18 23:42:52 | 000,235,064 | ---- | M] (Intel Corporation) MD5=54155EA1B0DF185878E0FC9EC3AC3A14 -- C:\Windows\winsxs\x86_iastorv.inf_31bf3856ad364e35_6.0.6001.18000_none_af11527887c7fa8f\iaStorV.sys
[2006.11.02 11:51:25 | 000,232,040 | ---- | M] (Intel Corporation) MD5=C957BF4B5D80B46C5017BF0101E6C906 -- C:\Windows\System32\drivers\iaStorV.sys
[2006.11.02 11:51:25 | 000,232,040 | ---- | M] (Intel Corporation) MD5=C957BF4B5D80B46C5017BF0101E6C906 -- C:\Windows\System32\DriverStore\FileRepository\iastorv.inf_37cdafa4\iaStorV.sys
 
< MD5 for: NETLOGON.DLL  >
[2006.11.02 11:46:11 | 000,559,616 | ---- | M] (Microsoft Corporation) MD5=889A2C9F2AACCD8F64EF50AC0B3D553B -- C:\Windows\winsxs\x86_microsoft-windows-security-netlogon_31bf3856ad364e35_6.0.6000.16386_none_fb80f5473b0ed783\netlogon.dll
[2009.04.10 23:28:24 | 000,592,896 | ---- | M] (Microsoft Corporation) MD5=95DAECF0FB120A7B5DA679CC54E37DDE -- C:\Windows\System32\netlogon.dll
[2009.04.10 23:28:24 | 000,592,896 | ---- | M] (Microsoft Corporation) MD5=95DAECF0FB120A7B5DA679CC54E37DDE -- C:\Windows\winsxs\x86_microsoft-windows-security-netlogon_31bf3856ad364e35_6.0.6002.18005_none_ffa3304f351bb3a3\netlogon.dll
[2008.01.18 23:35:38 | 000,592,384 | ---- | M] (Microsoft Corporation) MD5=A8EFC0B6E75B789F7FD3BA5025D4E37F -- C:\Windows\winsxs\x86_microsoft-windows-security-netlogon_31bf3856ad364e35_6.0.6001.18000_none_fdb7b74337f9e857\netlogon.dll
 
< MD5 for: NVSTOR.SYS  >
[2007.01.05 22:59:42 | 000,035,920 | ---- | M] (NVIDIA Corporation) MD5=4A5FCAB82D9BF6AF8A023A66802FE9E9 -- C:\Windows\System32\drivers\nvstor.sys
[2007.01.05 22:59:42 | 000,035,920 | ---- | M] (NVIDIA Corporation) MD5=4A5FCAB82D9BF6AF8A023A66802FE9E9 -- C:\Windows\System32\DriverStore\FileRepository\nvraid.inf_45f67928\nvstor.sys
[2006.11.02 11:50:13 | 000,040,040 | ---- | M] (NVIDIA Corporation) MD5=9E0BA19A28C498A6D323D065DB76DFFC -- C:\Windows\System32\DriverStore\FileRepository\nvraid.inf_733654ff\nvstor.sys
[2008.01.18 23:42:10 | 000,045,112 | ---- | M] (NVIDIA Corporation) MD5=ABED0C09758D1D97DB0042DBB2688177 -- C:\Windows\System32\DriverStore\FileRepository\nvraid.inf_31c3d71d\nvstor.sys
[2008.01.18 23:42:10 | 000,045,112 | ---- | M] (NVIDIA Corporation) MD5=ABED0C09758D1D97DB0042DBB2688177 -- C:\Windows\winsxs\x86_nvraid.inf_31bf3856ad364e35_6.0.6001.18000_none_39dac327befea467\nvstor.sys
 
< MD5 for: SCECLI.DLL  >
[2008.01.18 23:36:20 | 000,177,152 | ---- | M] (Microsoft Corporation) MD5=28B84EB538F7E8A0FE8B9299D591E0B9 -- C:\Windows\winsxs\x86_microsoft-windows-s..urationengineclient_31bf3856ad364e35_6.0.6001.18000_none_380de25bd91b6f12\scecli.dll
[2006.11.02 11:46:12 | 000,176,640 | ---- | M] (Microsoft Corporation) MD5=80E2839D05CA5970A86D7BE2A08BFF61 -- C:\Windows\winsxs\x86_microsoft-windows-s..urationengineclient_31bf3856ad364e35_6.0.6000.16386_none_35d7205fdc305e3e\scecli.dll
[2009.04.10 23:28:26 | 000,177,152 | ---- | M] (Microsoft Corporation) MD5=8FC182167381E9915651267044105EE1 -- C:\Windows\System32\scecli.dll
[2009.04.10 23:28:26 | 000,177,152 | ---- | M] (Microsoft Corporation) MD5=8FC182167381E9915651267044105EE1 -- C:\Windows\winsxs\x86_microsoft-windows-s..urationengineclient_31bf3856ad364e35_6.0.6002.18005_none_39f95b67d63d3a5e\scecli.dll
 
< MD5 for: USER32.DLL  >
[2007.08.22 10:51:14 | 000,633,856 | ---- | M] (Microsoft Corporation) MD5=63B4F59D7C89B1BF5277F1FFEFD491CD -- C:\Windows\winsxs\x86_microsoft-windows-user32_31bf3856ad364e35_6.0.6000.16438_none_cb39bc5b7047127e\user32.dll
[2007.08.22 10:51:14 | 000,633,856 | ---- | M] (Microsoft Corporation) MD5=9D9F061EDA75425FC67F0365E3467C86 -- C:\Windows\winsxs\x86_microsoft-windows-user32_31bf3856ad364e35_6.0.6000.20537_none_cbc258dc896598f1\user32.dll
[2008.01.18 23:36:48 | 000,627,200 | ---- | M] (Microsoft Corporation) MD5=B974D9F06DC7D1908E825DC201681269 -- C:\Windows\winsxs\x86_microsoft-windows-user32_31bf3856ad364e35_6.0.6001.18000_none_cd386c416d5c7f32\user32.dll
[2006.11.02 11:46:13 | 000,633,856 | ---- | M] (Microsoft Corporation) MD5=E698A5437B89A285ACA3FF022356810A -- C:\Windows\winsxs\x86_microsoft-windows-user32_31bf3856ad364e35_6.0.6000.16386_none_cb01aa4570716e5e\user32.dll
[2009.04.10 23:28:26 | 000,627,712 | ---- | M] (Microsoft Corporation) Unable to obtain MD5 -- C:\Windows\System32\user32.dll
[2009.04.10 23:28:26 | 000,627,712 | ---- | M] (Microsoft Corporation) Unable to obtain MD5 -- C:\Windows\winsxs\x86_microsoft-windows-user32_31bf3856ad364e35_6.0.6002.18005_none_cf23e54d6a7e4a7e\user32.dll
 
< MD5 for: USERINIT.EXE  >
[2008.01.18 23:33:34 | 000,025,088 | ---- | M] (Microsoft Corporation) MD5=0E135526E9785D085BCD9AEDE6FBCBF9 -- C:\Windows\System32\userinit.exe
[2008.01.18 23:33:34 | 000,025,088 | ---- | M] (Microsoft Corporation) MD5=0E135526E9785D085BCD9AEDE6FBCBF9 -- C:\Windows\winsxs\x86_microsoft-windows-userinit_31bf3856ad364e35_6.0.6001.18000_none_dc28ba15d1aff80b\userinit.exe
[2006.11.02 11:45:50 | 000,024,576 | ---- | M] (Microsoft Corporation) MD5=22027835939F86C3E47AD8E3FBDE3D11 -- C:\Windows\winsxs\x86_microsoft-windows-userinit_31bf3856ad364e35_6.0.6000.16386_none_d9f1f819d4c4e737\userinit.exe
 
< MD5 for: WININIT.EXE  >
[2008.01.18 23:33:38 | 000,096,768 | ---- | M] (Microsoft Corporation) MD5=101BA3EA053480BB5D957EF37C06B5ED -- C:\Windows\System32\wininit.exe
[2008.01.18 23:33:38 | 000,096,768 | ---- | M] (Microsoft Corporation) MD5=101BA3EA053480BB5D957EF37C06B5ED -- C:\Windows\winsxs\x86_microsoft-windows-wininit_31bf3856ad364e35_6.0.6001.18000_none_30f2b8cf0450a6a2\wininit.exe
[2006.11.02 11:45:57 | 000,095,744 | ---- | M] (Microsoft Corporation) MD5=D4385B03E8CCCEE6F0EE249F827C1F3E -- C:\Windows\winsxs\x86_microsoft-windows-wininit_31bf3856ad364e35_6.0.6000.16386_none_2ebbf6d3076595ce\wininit.exe
 
< MD5 for: WINLOGON.EXE  >
[2012.09.07 17:04:42 | 000,218,696 | ---- | M] () MD5=4E0D8C9F83B7FD82393F7D8CCC27E7AE -- C:\Program Files\Malwarebytes' Anti-Malware\Chameleon\winlogon.exe
[2009.04.10 23:28:14 | 000,314,368 | ---- | M] (Microsoft Corporation) MD5=898E7C06A350D4A1A64A9EA264D55452 -- C:\Windows\System32\winlogon.exe
[2009.04.10 23:28:14 | 000,314,368 | ---- | M] (Microsoft Corporation) MD5=898E7C06A350D4A1A64A9EA264D55452 -- C:\Windows\winsxs\x86_microsoft-windows-winlogon_31bf3856ad364e35_6.0.6002.18005_none_71ae7a22d2134741\winlogon.exe
[2006.11.02 11:45:57 | 000,308,224 | ---- | M] (Microsoft Corporation) MD5=9F75392B9128A91ABAFB044EA350BAAD -- C:\Windows\winsxs\x86_microsoft-windows-winlogon_31bf3856ad364e35_6.0.6000.16386_none_6d8c3f1ad8066b21\winlogon.exe
[2008.01.18 23:33:38 | 000,314,880 | ---- | M] (Microsoft Corporation) MD5=C2610B6BDBEFC053BBDAB4F1B965CB24 -- C:\Windows\winsxs\x86_microsoft-windows-winlogon_31bf3856ad364e35_6.0.6001.18000_none_6fc30116d4f17bf5\winlogon.exe
 
< MD5 for: WS2IFSL.SYS  >
[2006.11.02 10:58:26 | 000,015,872 | ---- | M] (Microsoft Corporation) MD5=84620AECDCFD2A7A14E6263927D8C0ED -- C:\Windows\winsxs\x86_microsoft-windows-w..rastructure-ws2ifsl_31bf3856ad364e35_6.0.6000.16386_none_4d4fded8cae2956d\ws2ifsl.sys
[2008.01.18 21:56:50 | 000,015,872 | ---- | M] (Microsoft Corporation) MD5=E3A3CB253C0EC2494D4A61F5E43A389C -- C:\Windows\System32\drivers\ws2ifsl.sys
[2008.01.18 21:56:50 | 000,015,872 | ---- | M] (Microsoft Corporation) MD5=E3A3CB253C0EC2494D4A61F5E43A389C -- C:\Windows\winsxs\x86_microsoft-windows-w..rastructure-ws2ifsl_31bf3856ad364e35_6.0.6001.18000_none_4f86a0d4c7cda641\ws2ifsl.sys
 
< %systemroot%\system32\drivers\*.sys /lockedfiles >
 
< %systemroot%\System32\config\*.sav >
[2006.11.02 12:34:05 | 000,008,192 | ---- | M] () -- C:\Windows\System32\config\COMPONENTS.SAV
[2006.11.02 12:34:05 | 000,020,480 | ---- | M] () -- C:\Windows\System32\config\DEFAULT.SAV
[2006.11.02 12:34:05 | 000,008,192 | ---- | M] () -- C:\Windows\System32\config\SECURITY.SAV
[2006.11.02 12:34:08 | 010,133,504 | ---- | M] () -- C:\Windows\System32\config\SOFTWARE.SAV
[2006.11.02 12:34:08 | 001,826,816 | ---- | M] () -- C:\Windows\System32\config\SYSTEM.SAV
 
< %systemroot%\*. /mp /s >
 
< %systemroot%\system32\*.dll /lockedfiles >
[1 C:\Windows\system32\*.tmp files -> C:\Windows\system32\*.tmp -> ]
 
<           >
[2006.11.02 15:01:23 | 000,000,006 | -H-- | C] () -- C:\Windows\Tasks\SA.DAT
[2006.11.02 15:01:23 | 000,032,550 | ---- | C] () -- C:\Windows\Tasks\SCHEDLGU.TXT
[2012.04.28 10:53:41 | 000,000,884 | ---- | C] () -- C:\Windows\Tasks\Adobe Flash Player Updater.job
[2012.08.01 18:40:59 | 000,001,100 | ---- | C] () -- C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
[2012.08.01 18:41:01 | 000,001,104 | ---- | C] () -- C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job

< End of report >
         
--- --- ---


nächtliche Grüße Hina
__________________


Alt 29.09.2012, 00:01   #18
cosinus
/// Winkelfunktion
/// TB-Süch-Tiger™
 
searchnu.com/410 - Standard

searchnu.com/410



Mach einen OTL-Fix, beende alle evtl. geöffneten Programme, auch Virenscanner deaktivieren (!), starte OTL und kopiere folgenden Text in die "Custom Scan/Fixes" Box (unten in OTL): (das ":OTL" muss mitkopiert werden!!!)

Code:
ATTFilter
:OTL
FF - user.js - File not found
O3 - HKLM\..\Toolbar: (no name) - 10 - No CLSID value found.
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2006.09.18 23:43:36 | 000,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ]
O33 - MountPoints2\{52fb2aa4-3945-11e1-b6c8-00a0d1ca3ca6}\Shell - "" = AutoRun
O33 - MountPoints2\{52fb2aa4-3945-11e1-b6c8-00a0d1ca3ca6}\Shell\AutoRun\command - "" = F:\AutoRun.exe
O33 - MountPoints2\{52fb2ab7-3945-11e1-b6c8-00a0d1ca3ca6}\Shell - "" = AutoRun
O33 - MountPoints2\{52fb2ab7-3945-11e1-b6c8-00a0d1ca3ca6}\Shell\AutoRun\command - "" = F:\AutoRun.exe
O33 - MountPoints2\{6b26a856-2a6b-11e1-807e-00a0d1ca3ca6}\Shell - "" = AutoRun
O33 - MountPoints2\{6b26a856-2a6b-11e1-807e-00a0d1ca3ca6}\Shell\AutoRun\command - "" = F:\AutoRun.exe
O33 - MountPoints2\{6b26a859-2a6b-11e1-807e-00a0d1ca3ca6}\Shell - "" = AutoRun
O33 - MountPoints2\{6b26a859-2a6b-11e1-807e-00a0d1ca3ca6}\Shell\AutoRun\command - "" = F:\AutoRun.exe
O33 - MountPoints2\{6b26a8aa-2a6b-11e1-807e-00a0d1ca3ca6}\Shell - "" = AutoRun
O33 - MountPoints2\{6b26a8aa-2a6b-11e1-807e-00a0d1ca3ca6}\Shell\AutoRun\command - "" = F:\AutoRun.exe
O33 - MountPoints2\{6b26a8ab-2a6b-11e1-807e-00a0d1ca3ca6}\Shell - "" = AutoRun
O33 - MountPoints2\{6b26a8ab-2a6b-11e1-807e-00a0d1ca3ca6}\Shell\AutoRun\command - "" = F:\AutoRun.exe
O33 - MountPoints2\{f16548ad-399e-11e1-8299-806e6f6e6963}\Shell - "" = AutoRun
O33 - MountPoints2\{f16548ad-399e-11e1-8299-806e6f6e6963}\Shell\AutoRun\command - "" = F:\AutoRun.exe
:Files
C:\Program Files\PDFCreator\Toolbar\pdfforge Toolbar_setup.exe
C:\Program Files\Windows Searchqu Toolbar
ipconfig /flushdns /c
:Commands
[purity]
[emptytemp]
[resethosts]
         
Klick dann oben links auf den Button Fix!
Das Logfile müsste geöffnet werden, wenn Du nach dem Fixen auf ok klickst, poste das bitte. Evtl. wird der Rechner neu gestartet.

Die mit diesem Script gefixten Einträge, Dateien und Ordner werden zur Sicherheit nicht vollständig gelöscht, es wird eine Sicherheitskopie auf der Systempartition im Ordner "_OTL" erstellt.

Hinweis: Das obige Script ist nur für diesen einen User in dieser Situtation erstellt worden. Es ist auf keinen anderen Rechner portierbar und darf nicht anderweitig verwandt werden, da es das System nachhaltig schädigen kann!
__________________
__________________

Alt 29.09.2012, 00:26   #19
Hina
 
searchnu.com/410 - Standard

searchnu.com/410



So hier mal wieder eine log-file:

Code:
ATTFilter
 All processes killed
========== OTL ==========
Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Toolbar\\10 deleted successfully.
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Cdrom\\AutoRun|DWORD:1 /E : value set successfully!
C:\autoexec.bat moved successfully.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{52fb2aa4-3945-11e1-b6c8-00a0d1ca3ca6}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{52fb2aa4-3945-11e1-b6c8-00a0d1ca3ca6}\ not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{52fb2aa4-3945-11e1-b6c8-00a0d1ca3ca6}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{52fb2aa4-3945-11e1-b6c8-00a0d1ca3ca6}\ not found.
File F:\AutoRun.exe not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{52fb2ab7-3945-11e1-b6c8-00a0d1ca3ca6}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{52fb2ab7-3945-11e1-b6c8-00a0d1ca3ca6}\ not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{52fb2ab7-3945-11e1-b6c8-00a0d1ca3ca6}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{52fb2ab7-3945-11e1-b6c8-00a0d1ca3ca6}\ not found.
File F:\AutoRun.exe not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{6b26a856-2a6b-11e1-807e-00a0d1ca3ca6}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{6b26a856-2a6b-11e1-807e-00a0d1ca3ca6}\ not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{6b26a856-2a6b-11e1-807e-00a0d1ca3ca6}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{6b26a856-2a6b-11e1-807e-00a0d1ca3ca6}\ not found.
File F:\AutoRun.exe not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{6b26a859-2a6b-11e1-807e-00a0d1ca3ca6}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{6b26a859-2a6b-11e1-807e-00a0d1ca3ca6}\ not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{6b26a859-2a6b-11e1-807e-00a0d1ca3ca6}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{6b26a859-2a6b-11e1-807e-00a0d1ca3ca6}\ not found.
File F:\AutoRun.exe not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{6b26a8aa-2a6b-11e1-807e-00a0d1ca3ca6}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{6b26a8aa-2a6b-11e1-807e-00a0d1ca3ca6}\ not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{6b26a8aa-2a6b-11e1-807e-00a0d1ca3ca6}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{6b26a8aa-2a6b-11e1-807e-00a0d1ca3ca6}\ not found.
File F:\AutoRun.exe not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{6b26a8ab-2a6b-11e1-807e-00a0d1ca3ca6}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{6b26a8ab-2a6b-11e1-807e-00a0d1ca3ca6}\ not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{6b26a8ab-2a6b-11e1-807e-00a0d1ca3ca6}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{6b26a8ab-2a6b-11e1-807e-00a0d1ca3ca6}\ not found.
File F:\AutoRun.exe not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{f16548ad-399e-11e1-8299-806e6f6e6963}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{f16548ad-399e-11e1-8299-806e6f6e6963}\ not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{f16548ad-399e-11e1-8299-806e6f6e6963}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{f16548ad-399e-11e1-8299-806e6f6e6963}\ not found.
File F:\AutoRun.exe not found.
========== FILES ==========
C:\Program Files\PDFCreator\Toolbar\pdfforge Toolbar_setup.exe moved successfully.
File\Folder C:\Program Files\Windows Searchqu Toolbar not found.
< ipconfig /flushdns /c >
Windows-IP-Konfiguration
Der DNS-Aufl”sungscache wurde geleert.
C:\Users\konstrukt\Desktop\cmd.bat deleted successfully.
C:\Users\konstrukt\Desktop\cmd.txt deleted successfully.
========== COMMANDS ==========
 
[EMPTYTEMP]
 
User: All Users
 
User: Default
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
 
User: Default User
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
 
User: konstrukt
->Temp folder emptied: 26575628 bytes
->Temporary Internet Files folder emptied: 58620183 bytes
->Java cache emptied: 11584 bytes
->FireFox cache emptied: 173954865 bytes
->Opera cache emptied: 0 bytes
->Flash cache emptied: 916 bytes
 
User: Public
 
%systemdrive% .tmp files removed: 216860086 bytes
%systemroot% .tmp files removed: 0 bytes
%systemroot%\System32 .tmp files removed: 675840 bytes
%systemroot%\System32\drivers .tmp files removed: 0 bytes
Windows Temp folder emptied: 12277717 bytes
RecycleBin emptied: 493343111 bytes
 
Total Files Cleaned = 937,00 mb
 
C:\Windows\System32\drivers\etc\Hosts moved successfully.
HOSTS file reset successfully
 
OTL by OldTimer - Version 3.2.69.0 log created on 09292012_010845

Files\Folders moved on Reboot...

PendingFileRenameOperations files...

Registry entries deleted on Reboot...
         
Ich weiss leider nicht, wie lange ich mich noch wach halten kann und bin dann aber leider bis Montag morgen nicht online. Vll hast du aber auch eine grobe Ahnung wie lange wir noch brauchen würden; oder es geht dir genauso (zzzz)... schon mal vielen, vielen dank!

Alt 29.09.2012, 00:27   #20
cosinus
/// Winkelfunktion
/// TB-Süch-Tiger™
 
searchnu.com/410 - Standard

searchnu.com/410



Bitte nun (im normalen Windows-Modus) dieses Tool von Kaspersky (TDSS-Killer) ausführen und das Log posten Anleitung und Downloadlink hier => http://www.trojaner-board.de/82358-t...entfernen.html

Hinweis: Bitte den Virenscanner abstellen bevor du den TDSS-Killer ausführst, denn v.a. Avira meldet im TDSS-Tool oft einen Fehalalrm!

Das Tool so einstellen wie unten im Bild angegeben - klick auf change parameters und setze die Haken wie im folgenden Screenshot abgebildet,
Dann auf Start Scan klicken und wenn es durch ist auf den Button Report klicken um das Log anzuzeigen. Dieses bitte komplett posten.

Wenn du das Log nicht findest oder den Inhalt kopieren und in dein Posting übertragen kannst, dann schau bitte direkt auf deiner Windows-Systempartition ( meistens Laufwerk C: ) nach, da speichert der TDSS-Killer seine Logs.

Hinweis: Bitte nichts voreilig mit dem TDSS-Killer löschen! Falls Objekte vom TDSS-Killer bemängelt werden, alle mit der Aktion "skip" behandeln und hier nur das Log posten!


__________________
Logfiles bitte immer in CODE-Tags posten

Alt 29.09.2012, 00:42   #21
Hina
 
searchnu.com/410 - Standard

searchnu.com/410



tadddaa...

Code:
ATTFilter
 01:37:56.0023 0252  TDSS rootkit removing tool 2.8.10.0 Sep 17 2012 19:23:24
01:37:56.0226 0252  ============================================================
01:37:56.0226 0252  Current date / time: 2012/09/29 01:37:56.0226
01:37:56.0226 0252  SystemInfo:
01:37:56.0226 0252  
01:37:56.0226 0252  OS Version: 6.0.6002 ServicePack: 2.0
01:37:56.0226 0252  Product type: Workstation
01:37:56.0242 0252  ComputerName: KONSTRUKT-PC
01:37:56.0242 0252  UserName: konstrukt
01:37:56.0242 0252  Windows directory: C:\Windows
01:37:56.0242 0252  System windows directory: C:\Windows
01:37:56.0242 0252  Processor architecture: Intel x86
01:37:56.0242 0252  Number of processors: 2
01:37:56.0242 0252  Page size: 0x1000
01:37:56.0242 0252  Boot type: Normal boot
01:37:56.0242 0252  ============================================================
01:37:57.0724 0252  Drive \Device\Harddisk0\DR0 - Size: 0x1BF2976000 (111.79 Gb), SectorSize: 0x200, Cylinders: 0x3901, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000050
01:37:57.0724 0252  ============================================================
01:37:57.0724 0252  \Device\Harddisk0\DR0:
01:37:57.0724 0252  MBR partitions:
01:37:57.0724 0252  \Device\Harddisk0\DR0\Partition1: MBR, Type 0x7, StartLBA 0x800, BlocksNum 0x56CE000
01:37:57.0724 0252  \Device\Harddisk0\DR0\Partition2: MBR, Type 0x7, StartLBA 0x56CE800, BlocksNum 0x88C5800
01:37:57.0724 0252  ============================================================
01:37:57.0771 0252  C: <-> \Device\Harddisk0\DR0\Partition1
01:37:57.0817 0252  D: <-> \Device\Harddisk0\DR0\Partition2
01:37:57.0817 0252  ============================================================
01:37:57.0817 0252  Initialize success
01:37:57.0817 0252  ============================================================
01:38:16.0881 2416  ============================================================
01:38:16.0881 2416  Scan started
01:38:16.0881 2416  Mode: Manual; SigCheck; TDLFS; 
01:38:16.0881 2416  ============================================================
01:38:17.0661 2416  ================ Scan system memory ========================
01:38:17.0661 2416  System memory - ok
01:38:17.0661 2416  ================ Scan services =============================
01:38:17.0863 2416  [ 82B296AE1892FE3DBEE00C9CF92F8AC7 ] ACPI            C:\Windows\system32\drivers\acpi.sys
01:38:18.0113 2416  ACPI - ok
01:38:18.0207 2416  [ D19C4EE2AC7C47B8F5F84FFF1A789D8A ] AdobeARMservice C:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe
01:38:18.0238 2416  AdobeARMservice - ok
01:38:18.0316 2416  [ B2B64AF436FACCFA854DD397027C5360 ] AdobeFlashPlayerUpdateSvc C:\Windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe
01:38:18.0363 2416  AdobeFlashPlayerUpdateSvc - ok
01:38:18.0425 2416  [ 2EDC5BBAC6C651ECE337BDE8ED97C9FB ] adp94xx         C:\Windows\system32\drivers\adp94xx.sys
01:38:18.0487 2416  adp94xx - ok
01:38:18.0534 2416  [ B84088CA3CDCA97DA44A984C6CE1CCAD ] adpahci         C:\Windows\system32\drivers\adpahci.sys
01:38:18.0581 2416  adpahci - ok
01:38:18.0612 2416  [ 7880C67BCCC27C86FD05AA2AFB5EA469 ] adpu160m        C:\Windows\system32\drivers\adpu160m.sys
01:38:18.0643 2416  adpu160m - ok
01:38:18.0675 2416  [ 9AE713F8E30EFC2ABCCD84904333DF4D ] adpu320         C:\Windows\system32\drivers\adpu320.sys
01:38:18.0706 2416  adpu320 - ok
01:38:18.0753 2416  [ 9D1FDA9E086BA64E3C93C9DE32461BCF ] AeLookupSvc     C:\Windows\System32\aelupsvc.dll
01:38:18.0893 2416  AeLookupSvc - ok
01:38:18.0955 2416  [ 3911B972B55FEA0478476B2E777B29FA ] AFD             C:\Windows\system32\drivers\afd.sys
01:38:19.0033 2416  AFD - ok
01:38:19.0080 2416  [ AE1FDF7BF7BB6C6A70F67699D880592A ] aic78xx         C:\Windows\system32\drivers\djsvs.sys
01:38:19.0111 2416  aic78xx - ok
01:38:19.0158 2416  [ A1545B731579895D8CC44FC0481C1192 ] ALG             C:\Windows\System32\alg.exe
01:38:19.0314 2416  ALG - ok
01:38:19.0345 2416  [ 496EDA16A127AC9A38BB285BEF17DBB5 ] aliide          C:\Windows\system32\drivers\aliide.sys
01:38:19.0377 2416  aliide - ok
01:38:19.0408 2416  [ 2B13E304C9DFDFA5EB582F6A149FA2C7 ] amdagp          C:\Windows\system32\drivers\amdagp.sys
01:38:19.0439 2416  amdagp - ok
01:38:19.0470 2416  [ 6F65F4147C54398D7280B18CEBBED215 ] amdide          C:\Windows\system32\drivers\amdide.sys
01:38:19.0501 2416  amdide - ok
01:38:19.0533 2416  [ DC487885BCEF9F28EECE6FAC0E5DDFC5 ] AmdK7           C:\Windows\system32\drivers\amdk7.sys
01:38:19.0767 2416  AmdK7 - ok
01:38:19.0798 2416  [ 0CA0071DA4315B00FC1328CA86B425DA ] AmdK8           C:\Windows\system32\drivers\amdk8.sys
01:38:19.0938 2416  AmdK8 - ok
01:38:20.0032 2416  [ 466A0D95960DAD3222C896D2CEA99993 ] AntiVirSchedulerService C:\Program Files\Avira\AntiVir Desktop\sched.exe
01:38:20.0110 2416  AntiVirSchedulerService - ok
01:38:20.0157 2416  [ A489BE6BB0AA1FF406B488B60542314B ] AntiVirService  C:\Program Files\Avira\AntiVir Desktop\avguard.exe
01:38:20.0188 2416  AntiVirService - ok
01:38:20.0235 2416  [ C6D704C7F0434DC791AAC37CAC4B6E14 ] Appinfo         C:\Windows\System32\appinfo.dll
01:38:20.0281 2416  Appinfo - ok
01:38:20.0359 2416  [ 0FE769CAE5855B53C90E23F85E7E89FF ] AppMgmt         C:\Windows\System32\appmgmts.dll
01:38:20.0437 2416  AppMgmt - ok
01:38:20.0469 2416  [ 5F673180268BB1FDB69C99B6619FE379 ] arc             C:\Windows\system32\drivers\arc.sys
01:38:20.0500 2416  arc - ok
01:38:20.0515 2416  [ 957F7540B5E7F602E44648C7DE5A1C05 ] arcsas          C:\Windows\system32\drivers\arcsas.sys
01:38:20.0562 2416  arcsas - ok
01:38:20.0609 2416  [ 53B202ABEE6455406254444303E87BE1 ] AsyncMac        C:\Windows\system32\DRIVERS\asyncmac.sys
01:38:20.0687 2416  AsyncMac - ok
01:38:20.0734 2416  [ 1F05B78AB91C9075565A9D8A4B880BC4 ] atapi           C:\Windows\system32\drivers\atapi.sys
01:38:20.0765 2416  atapi - ok
01:38:20.0859 2416  [ 2846F5EE802889D500FCF5CC48B28381 ] athr            C:\Windows\system32\DRIVERS\athr.sys
01:38:21.0077 2416  athr - ok
01:38:21.0155 2416  [ 68E2A1A0407A66CF50DA0300852424AB ] AudioEndpointBuilder C:\Windows\System32\Audiosrv.dll
01:38:21.0233 2416  AudioEndpointBuilder - ok
01:38:21.0264 2416  [ 68E2A1A0407A66CF50DA0300852424AB ] Audiosrv        C:\Windows\System32\Audiosrv.dll
01:38:21.0311 2416  Audiosrv - ok
01:38:21.0358 2416  [ D5541F0AFB767E85FC412FC609D96A74 ] avgntflt        C:\Windows\system32\DRIVERS\avgntflt.sys
01:38:21.0405 2416  avgntflt - ok
01:38:21.0436 2416  [ 7D967A682D4694DF7FA57D63A2DB01FE ] avipbb          C:\Windows\system32\DRIVERS\avipbb.sys
01:38:21.0467 2416  avipbb - ok
01:38:21.0483 2416  [ 53E56450DA16A1A7F0D002F511113F67 ] avkmgr          C:\Windows\system32\DRIVERS\avkmgr.sys
01:38:21.0514 2416  avkmgr - ok
01:38:21.0576 2416  [ 67E506B75BD5326A3EC7B70BD014DFB6 ] Beep            C:\Windows\system32\drivers\Beep.sys
01:38:21.0654 2416  Beep - ok
01:38:21.0717 2416  [ C789AF0F724FDA5852FB9A7D3A432381 ] BFE             C:\Windows\System32\bfe.dll
01:38:21.0826 2416  BFE - ok
01:38:21.0904 2416  [ 93952506C6D67330367F7E7934B6A02F ] BITS            C:\Windows\System32\qmgr.dll
01:38:22.0044 2416  BITS - ok
01:38:22.0060 2416  blbdrive - ok
01:38:22.0138 2416  [ 35F376253F687BDE63976CCB3F2108CA ] bowser          C:\Windows\system32\DRIVERS\bowser.sys
01:38:22.0185 2416  bowser - ok
01:38:22.0231 2416  [ 9F9ACC7F7CCDE8A15C282D3F88B43309 ] BrFiltLo        C:\Windows\system32\drivers\brfiltlo.sys
01:38:22.0309 2416  BrFiltLo - ok
01:38:22.0341 2416  [ 56801AD62213A41F6497F96DEE83755A ] BrFiltUp        C:\Windows\system32\drivers\brfiltup.sys
01:38:22.0403 2416  BrFiltUp - ok
01:38:22.0450 2416  [ A3629A0C4226F9E9C72FAAEEBC3AD33C ] Browser         C:\Windows\System32\browser.dll
01:38:22.0528 2416  Browser - ok
01:38:22.0559 2416  [ B304E75CFF293029EDDF094246747113 ] Brserid         C:\Windows\system32\drivers\brserid.sys
01:38:22.0668 2416  Brserid - ok
01:38:22.0699 2416  [ 203F0B1E73ADADBBB7B7B1FABD901F6B ] BrSerWdm        C:\Windows\system32\drivers\brserwdm.sys
01:38:22.0824 2416  BrSerWdm - ok
01:38:22.0840 2416  [ BD456606156BA17E60A04E18016AE54B ] BrUsbMdm        C:\Windows\system32\drivers\brusbmdm.sys
01:38:22.0965 2416  BrUsbMdm - ok
01:38:22.0965 2416  [ AF72ED54503F717A43268B3CC5FAEC2E ] BrUsbSer        C:\Windows\system32\drivers\brusbser.sys
01:38:23.0089 2416  BrUsbSer - ok
01:38:23.0121 2416  [ AD07C1EC6665B8B35741AB91200C6B68 ] BTHMODEM        C:\Windows\system32\drivers\bthmodem.sys
01:38:23.0245 2416  BTHMODEM - ok
01:38:23.0308 2416  [ 7ADD03E75BEB9E6DD102C3081D29840A ] cdfs            C:\Windows\system32\DRIVERS\cdfs.sys
01:38:23.0401 2416  cdfs - ok
01:38:23.0433 2416  [ 6B4BFFB9BECD728097024276430DB314 ] cdrom           C:\Windows\system32\DRIVERS\cdrom.sys
01:38:23.0511 2416  cdrom - ok
01:38:23.0573 2416  [ 312EC3E37A0A1F2006534913E37B4423 ] CertPropSvc     C:\Windows\System32\certprop.dll
01:38:23.0651 2416  CertPropSvc - ok
01:38:23.0682 2416  [ DA8E0AFC7BAA226C538EF53AC2F90897 ] circlass        C:\Windows\system32\drivers\circlass.sys
01:38:23.0791 2416  circlass - ok
01:38:23.0838 2416  [ D7659D3B5B92C31E84E53C1431F35132 ] CLFS            C:\Windows\system32\CLFS.sys
01:38:23.0885 2416  CLFS - ok
01:38:23.0963 2416  [ 8EE772032E2FE80A924F3B8DD5082194 ] clr_optimization_v2.0.50727_32 C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe
01:38:23.0994 2416  clr_optimization_v2.0.50727_32 - ok
01:38:24.0088 2416  [ C5A75EB48E2344ABDC162BDA79E16841 ] clr_optimization_v4.0.30319_32 C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe
01:38:24.0119 2416  clr_optimization_v4.0.30319_32 - ok
01:38:24.0166 2416  [ 99AFC3795B58CC478FBBBCDC658FCB56 ] CmBatt          C:\Windows\system32\DRIVERS\CmBatt.sys
01:38:24.0244 2416  CmBatt - ok
01:38:24.0275 2416  [ 59172A0724F2AB769F31D61B0571D75B ] cmdide          C:\Windows\system32\drivers\cmdide.sys
01:38:24.0306 2416  cmdide - ok
01:38:24.0353 2416  [ 6AFEF0B60FA25DE07C0968983EE4F60A ] Compbatt        C:\Windows\system32\DRIVERS\compbatt.sys
01:38:24.0384 2416  Compbatt - ok
01:38:24.0400 2416  COMSysApp - ok
01:38:24.0431 2416  [ 2A213AE086BBEC5E937553C7D9A2B22C ] crcdisk         C:\Windows\system32\drivers\crcdisk.sys
01:38:24.0462 2416  crcdisk - ok
01:38:24.0478 2416  [ 22A7F883508176489F559EE745B5BF5D ] Crusoe          C:\Windows\system32\drivers\crusoe.sys
01:38:24.0603 2416  Crusoe - ok
01:38:24.0649 2416  [ 75C6A297E364014840B48ECCD7525E30 ] CryptSvc        C:\Windows\system32\cryptsvc.dll
01:38:24.0712 2416  CryptSvc - ok
01:38:24.0774 2416  [ 9BDB2E89BE8D0EF37B1F25C3D3FC192C ] CSC             C:\Windows\system32\drivers\csc.sys
01:38:24.0868 2416  CSC - ok
01:38:24.0930 2416  [ 0A2095F92F6AE4FE6484D911B0C21E95 ] CscService      C:\Windows\System32\cscsvc.dll
01:38:25.0024 2416  CscService - ok
01:38:25.0086 2416  [ 3B5B4D53FEC14F7476CA29A20CC31AC9 ] DcomLaunch      C:\Windows\system32\rpcss.dll
01:38:25.0180 2416  DcomLaunch - ok
01:38:25.0211 2416  [ 622C41A07CA7E6DD91770F50D532CB6C ] DfsC            C:\Windows\system32\Drivers\dfsc.sys
01:38:25.0273 2416  DfsC - ok
01:38:25.0398 2416  [ 2CC3DCFB533A1035B13DCAB6160AB38B ] DFSR            C:\Windows\system32\DFSR.exe
01:38:25.0601 2416  DFSR - ok
01:38:25.0648 2416  [ 770471DE2550820FEEB7E5D24BF2E273 ] DgiVecp         C:\Windows\system32\Drivers\DgiVecp.sys
01:38:25.0679 2416  DgiVecp ( UnsignedFile.Multi.Generic ) - warning
01:38:25.0679 2416  DgiVecp - detected UnsignedFile.Multi.Generic (1)
01:38:25.0741 2416  [ 9028559C132146FB75EB7ACF384B086A ] Dhcp            C:\Windows\System32\dhcpcsvc.dll
01:38:25.0819 2416  Dhcp - ok
01:38:25.0851 2416  [ 5D4AEFC3386920236A548271F8F1AF6A ] disk            C:\Windows\system32\drivers\disk.sys
01:38:25.0897 2416  disk - ok
01:38:25.0960 2416  [ 57D762F6F5974AF0DA2BE88A3349BAAA ] Dnscache        C:\Windows\System32\dnsrslvr.dll
01:38:26.0022 2416  Dnscache - ok
01:38:26.0053 2416  [ 324FD74686B1EF5E7C19A8AF49E748F6 ] dot3svc         C:\Windows\System32\dot3svc.dll
01:38:26.0131 2416  dot3svc - ok
01:38:26.0194 2416  [ 4F59C172C094E1A1D46463A8DC061CBD ] Dot4            C:\Windows\system32\DRIVERS\Dot4.sys
01:38:26.0287 2416  Dot4 - ok
01:38:26.0350 2416  [ 80BF3BA09F6F2523C8F6B7CC6DBF7BD5 ] Dot4Print       C:\Windows\system32\DRIVERS\Dot4Prt.sys
01:38:26.0428 2416  Dot4Print - ok
01:38:26.0459 2416  [ C55004CA6B419B6695970DFE849B122F ] dot4usb         C:\Windows\system32\DRIVERS\dot4usb.sys
01:38:26.0537 2416  dot4usb - ok
01:38:26.0584 2416  [ A622E888F8AA2F6B49E9BC466F0E5DEF ] DPS             C:\Windows\system32\dps.dll
01:38:26.0662 2416  DPS - ok
01:38:26.0724 2416  [ 97FEF831AB90BEE128C9AF390E243F80 ] drmkaud         C:\Windows\system32\drivers\drmkaud.sys
01:38:26.0771 2416  drmkaud - ok
01:38:26.0833 2416  [ C68AC676B0EF30CFBB1080ADCE49EB1F ] DXGKrnl         C:\Windows\System32\drivers\dxgkrnl.sys
01:38:26.0927 2416  DXGKrnl - ok
01:38:26.0974 2416  [ F88FB26547FD2CE6D0A5AF2985892C48 ] E1G60           C:\Windows\system32\DRIVERS\E1G60I32.sys
01:38:27.0083 2416  E1G60 - ok
01:38:27.0130 2416  [ C0B95E40D85CD807D614E264248A45B9 ] EapHost         C:\Windows\System32\eapsvc.dll
01:38:27.0192 2416  EapHost - ok
01:38:27.0239 2416  [ 7F64EA048DCFAC7ACF8B4D7B4E6FE371 ] Ecache          C:\Windows\system32\drivers\ecache.sys
01:38:27.0270 2416  Ecache - ok
01:38:27.0333 2416  [ D71233D7CCC2E64F8715A20428D5A33B ] ElbyCDIO        C:\Windows\system32\Drivers\ElbyCDIO.sys
01:38:27.0348 2416  ElbyCDIO - ok
01:38:27.0395 2416  [ E8F3F21A71720C84BCF423B80028359F ] elxstor         C:\Windows\system32\drivers\elxstor.sys
01:38:27.0442 2416  elxstor - ok
01:38:27.0504 2416  [ 4E6B23DFC917EA39306B529B773950F4 ] EMDMgmt         C:\Windows\system32\emdmgmt.dll
01:38:27.0629 2416  EMDMgmt - ok
01:38:27.0676 2416  [ 67058C46504BC12D821F38CF99B7B28F ] EventSystem     C:\Windows\system32\es.dll
01:38:27.0754 2416  EventSystem - ok
01:38:27.0785 2416  [ 22B408651F9123527BCEE54B4F6C5CAE ] exfat           C:\Windows\system32\drivers\exfat.sys
01:38:27.0863 2416  exfat - ok
01:38:27.0925 2416  [ 920AE11441C78C00C6CF084993C817F8 ] Ext2fs          C:\Windows\system32\DRIVERS\ext2fs.sys
01:38:27.0957 2416  Ext2fs - ok
01:38:28.0019 2416  [ 1E9B9A70D332103C52995E957DC09EF8 ] fastfat         C:\Windows\system32\drivers\fastfat.sys
01:38:28.0081 2416  fastfat - ok
01:38:28.0144 2416  [ DFBA0F60FA301E5B1BFB1403A93EE23E ] Fax             C:\Windows\system32\fxssvc.exe
01:38:28.0206 2416  Fax - ok
01:38:28.0269 2416  [ 63BDADA84951B9C03E641800E176898A ] fdc             C:\Windows\system32\DRIVERS\fdc.sys
01:38:28.0393 2416  fdc - ok
01:38:28.0425 2416  [ 6629B5F0E98151F4AFDD87567EA32BA3 ] fdPHost         C:\Windows\system32\fdPHost.dll
01:38:28.0487 2416  fdPHost - ok
01:38:28.0534 2416  [ 89ED56DCE8E47AF40892778A5BD31FD2 ] FDResPub        C:\Windows\system32\fdrespub.dll
01:38:28.0643 2416  FDResPub - ok
01:38:28.0659 2416  [ A8C0139A884861E3AAE9CFE73B208A9F ] FileInfo        C:\Windows\system32\drivers\fileinfo.sys
01:38:28.0690 2416  FileInfo - ok
01:38:28.0721 2416  [ 0AE429A696AECBC5970E3CF2C62635AE ] Filetrace       C:\Windows\system32\drivers\filetrace.sys
01:38:28.0783 2416  Filetrace - ok
01:38:28.0815 2416  [ 6603957EFF5EC62D25075EA8AC27DE68 ] flpydisk        C:\Windows\system32\DRIVERS\flpydisk.sys
01:38:28.0939 2416  flpydisk - ok
01:38:28.0986 2416  [ 01334F9EA68E6877C4EF05D3EA8ABB05 ] FltMgr          C:\Windows\system32\drivers\fltmgr.sys
01:38:29.0017 2416  FltMgr - ok
01:38:29.0111 2416  [ 8CE364388C8ECA59B14B539179276D44 ] FontCache       C:\Windows\system32\FntCache.dll
01:38:29.0236 2416  FontCache - ok
01:38:29.0314 2416  [ C7FBDD1ED42F82BFA35167A5C9803EA3 ] FontCache3.0.0.0 C:\Windows\Microsoft.Net\Framework\v3.0\WPF\PresentationFontCache.exe
01:38:29.0345 2416  FontCache3.0.0.0 - ok
01:38:29.0376 2416  [ B972A66758577E0BFD1DE0F91AAA27B5 ] Fs_Rec          C:\Windows\system32\drivers\Fs_Rec.sys
01:38:29.0439 2416  Fs_Rec - ok
01:38:29.0485 2416  [ 4E1CD0A45C50A8882616CAE5BF82F3C5 ] gagp30kx        C:\Windows\system32\drivers\gagp30kx.sys
01:38:29.0517 2416  gagp30kx - ok
01:38:29.0595 2416  [ CD5D0AEEE35DFD4E986A5AA1500A6E66 ] gpsvc           C:\Windows\System32\gpsvc.dll
01:38:29.0704 2416  gpsvc - ok
01:38:29.0829 2416  [ 506708142BC63DABA64F2D3AD1DCD5BF ] gupdate         C:\Program Files\Google\Update\GoogleUpdate.exe
01:38:29.0844 2416  gupdate - ok
01:38:29.0860 2416  [ 506708142BC63DABA64F2D3AD1DCD5BF ] gupdatem        C:\Program Files\Google\Update\GoogleUpdate.exe
01:38:29.0891 2416  gupdatem - ok
01:38:29.0938 2416  [ CB04C744BE0A61B1D648FAED182C3B59 ] HdAudAddService C:\Windows\system32\drivers\HdAudio.sys
01:38:30.0063 2416  HdAudAddService - ok
01:38:30.0125 2416  [ 062452B7FFD68C8C042A6261FE8DFF4A ] HDAudBus        C:\Windows\system32\DRIVERS\HDAudBus.sys
01:38:30.0234 2416  HDAudBus - ok
01:38:30.0281 2416  [ 1338520E78D90154ED6BE8F84DE5FCEB ] HidBth          C:\Windows\system32\drivers\hidbth.sys
01:38:30.0390 2416  HidBth - ok
01:38:30.0406 2416  [ FF3160C3A2445128C5A6D9B076DA519E ] HidIr           C:\Windows\system32\drivers\hidir.sys
01:38:30.0515 2416  HidIr - ok
01:38:30.0562 2416  [ 84067081F3318162797385E11A8F0582 ] hidserv         C:\Windows\system32\hidserv.dll
01:38:30.0609 2416  hidserv - ok
01:38:30.0640 2416  [ 3C64042B95E583B366BA4E5D2450235E ] HidUsb          C:\Windows\system32\drivers\hidusb.sys
01:38:30.0749 2416  HidUsb - ok
01:38:30.0796 2416  [ D8AD255B37DA92434C26E4876DB7D418 ] hkmsvc          C:\Windows\system32\kmsvc.dll
01:38:30.0889 2416  hkmsvc - ok
01:38:30.0921 2416  [ DF353B401001246853763C4B7AAA6F50 ] HpCISSs         C:\Windows\system32\drivers\hpcisss.sys
01:38:30.0952 2416  HpCISSs - ok
01:38:31.0108 2416  [ FCB563B0A23643E5F80B6FF1E60F610F ] hpqcxs08        C:\Program Files\HP\Digital Imaging\bin\hpqcxs08.dll
01:38:31.0123 2416  hpqcxs08 ( UnsignedFile.Multi.Generic ) - warning
01:38:31.0123 2416  hpqcxs08 - detected UnsignedFile.Multi.Generic (1)
01:38:31.0155 2416  [ 25E443E27165C652723A92D9BDFD4649 ] hpqddsvc        C:\Program Files\HP\Digital Imaging\bin\hpqddsvc.dll
01:38:31.0170 2416  hpqddsvc ( UnsignedFile.Multi.Generic ) - warning
01:38:31.0170 2416  hpqddsvc - detected UnsignedFile.Multi.Generic (1)
01:38:31.0233 2416  [ F870AA3E254628EBEAFE754108D664DE ] HTTP            C:\Windows\system32\drivers\HTTP.sys
01:38:31.0342 2416  HTTP - ok
01:38:31.0420 2416  [ 92CA47DA32009CCC00A5ADED04ABBD78 ] hwdatacard      C:\Windows\system32\DRIVERS\ewusbmdm.sys
01:38:31.0467 2416  hwdatacard - ok
01:38:31.0529 2416  [ 324C2152FF2C61ABAE92D09F3CCA4D63 ] i2omp           C:\Windows\system32\drivers\i2omp.sys
01:38:31.0560 2416  i2omp - ok
01:38:31.0623 2416  [ 22D56C8184586B7A1F6FA60BE5F5A2BD ] i8042prt        C:\Windows\system32\DRIVERS\i8042prt.sys
01:38:31.0701 2416  i8042prt - ok
01:38:31.0732 2416  [ C957BF4B5D80B46C5017BF0101E6C906 ] iaStorV         C:\Windows\system32\drivers\iastorv.sys
01:38:31.0763 2416  iaStorV - ok
01:38:31.0857 2416  [ 98477B08E61945F974ED9FDC4CB6BDAB ] idsvc           C:\Windows\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\infocard.exe
01:38:31.0966 2416  idsvc - ok
01:38:31.0997 2416  [ 45D7414BDDA6A6E4C887598EE47FDB16 ] IfsMount        C:\Windows\system32\DRIVERS\ifsmount.sys
01:38:32.0028 2416  IfsMount - ok
01:38:32.0059 2416  [ 2D077BF86E843F901D8DB709C95B49A5 ] iirsp           C:\Windows\system32\drivers\iirsp.sys
01:38:32.0091 2416  iirsp - ok
01:38:32.0137 2416  [ 9908D8A397B76CD8D31D0D383C5773C9 ] IKEEXT          C:\Windows\System32\ikeext.dll
01:38:32.0231 2416  IKEEXT - ok
01:38:32.0356 2416  [ 97CAC2A7E92FFCB30C15101AB002ED30 ] IntcAzAudAddService C:\Windows\system32\drivers\RTKVHDA.sys
01:38:32.0527 2416  IntcAzAudAddService - ok
01:38:32.0559 2416  [ E5EA1C17DA5065032E346591FF64F3AF ] intelide        C:\Windows\system32\drivers\intelide.sys
01:38:32.0590 2416  intelide - ok
01:38:32.0637 2416  [ 224191001E78C89DFA78924C3EA595FF ] intelppm        C:\Windows\system32\DRIVERS\intelppm.sys
01:38:32.0715 2416  intelppm - ok
01:38:32.0761 2416  [ 9AC218C6E6105477484C6FDBE7D409A4 ] IPBusEnum       C:\Windows\system32\ipbusenum.dll
01:38:32.0824 2416  IPBusEnum - ok
01:38:32.0855 2416  [ 62C265C38769B864CB25B4BCF62DF6C3 ] IpFilterDriver  C:\Windows\system32\DRIVERS\ipfltdrv.sys
01:38:32.0933 2416  IpFilterDriver - ok
01:38:32.0980 2416  [ 1998BD97F950680BB55F55A7244679C2 ] iphlpsvc        C:\Windows\System32\iphlpsvc.dll
01:38:33.0042 2416  iphlpsvc - ok
01:38:33.0058 2416  IpInIp - ok
01:38:33.0089 2416  [ 40F34F8ABA2A015D780E4B09138B6C17 ] IPMIDRV         C:\Windows\system32\drivers\ipmidrv.sys
01:38:33.0198 2416  IPMIDRV - ok
01:38:33.0214 2416  [ 8793643A67B42CEC66490B2A0CF92D68 ] IPNAT           C:\Windows\system32\DRIVERS\ipnat.sys
01:38:33.0323 2416  IPNAT - ok
01:38:33.0339 2416  [ 109C0DFB82C3632FBD11949B73AEEAC9 ] IRENUM          C:\Windows\system32\drivers\irenum.sys
01:38:33.0417 2416  IRENUM - ok
01:38:33.0432 2416  [ 350FCA7E73CF65BCEF43FAE1E4E91293 ] isapnp          C:\Windows\system32\drivers\isapnp.sys
01:38:33.0463 2416  isapnp - ok
01:38:33.0526 2416  [ 232FA340531D940AAC623B121A595034 ] iScsiPrt        C:\Windows\system32\DRIVERS\msiscsi.sys
01:38:33.0557 2416  iScsiPrt - ok
01:38:33.0588 2416  [ BCED60D16156E428F8DF8CF27B0DF150 ] iteatapi        C:\Windows\system32\drivers\iteatapi.sys
01:38:33.0619 2416  iteatapi - ok
01:38:33.0635 2416  [ 06FA654504A498C30ADCA8BEC4E87E7E ] iteraid         C:\Windows\system32\drivers\iteraid.sys
01:38:33.0666 2416  iteraid - ok
01:38:33.0713 2416  [ C1632FE31D1824A43DEA29725312E3FA ] JRAID           C:\Windows\system32\drivers\jraid.sys
01:38:33.0760 2416  JRAID - ok
01:38:33.0807 2416  [ 37605E0A8CF00CBBA538E753E4344C6E ] kbdclass        C:\Windows\system32\DRIVERS\kbdclass.sys
01:38:33.0838 2416  kbdclass - ok
01:38:33.0869 2416  [ D2600CB17B7408B4A83F231DC9A11AC3 ] kbdhid          C:\Windows\system32\drivers\kbdhid.sys
01:38:33.0978 2416  kbdhid - ok
01:38:34.0009 2416  [ A3E186B4B935905B829219502557314E ] KeyIso          C:\Windows\system32\lsass.exe
01:38:34.0072 2416  KeyIso - ok
01:38:34.0119 2416  [ 4A1445EFA932A3BAF5BDB02D7131EE20 ] KSecDD          C:\Windows\system32\Drivers\ksecdd.sys
01:38:34.0197 2416  KSecDD - ok
01:38:34.0243 2416  [ 8078F8F8F7A79E2E6B494523A828C585 ] KtmRm           C:\Windows\system32\msdtckrm.dll
01:38:34.0431 2416  KtmRm - ok
01:38:34.0477 2416  [ 1BF5EEBFD518DD7298434D8C862F825D ] LanmanServer    C:\Windows\system32\srvsvc.dll
01:38:34.0524 2416  LanmanServer - ok
01:38:34.0587 2416  [ 1DB69705B695B987082C8BAEC0C6B34F ] LanmanWorkstation C:\Windows\System32\wkssvc.dll
01:38:34.0618 2416  LanmanWorkstation - ok
01:38:34.0680 2416  [ D1C5883087A0C3F1344D9D55A44901F6 ] lltdio          C:\Windows\system32\DRIVERS\lltdio.sys
01:38:34.0758 2416  lltdio - ok
01:38:34.0805 2416  [ 2D5A428872F1442631D0959A34ABFF63 ] lltdsvc         C:\Windows\System32\lltdsvc.dll
01:38:34.0883 2416  lltdsvc - ok
01:38:34.0914 2416  [ 35D40113E4A5B961B6CE5C5857702518 ] lmhosts         C:\Windows\System32\lmhsvc.dll
01:38:35.0055 2416  lmhosts - ok
01:38:35.0101 2416  [ A2262FB9F28935E862B4DB46438C80D2 ] LSI_FC          C:\Windows\system32\drivers\lsi_fc.sys
01:38:35.0133 2416  LSI_FC - ok
01:38:35.0148 2416  [ 30D73327D390F72A62F32C103DAF1D6D ] LSI_SAS         C:\Windows\system32\drivers\lsi_sas.sys
01:38:35.0195 2416  LSI_SAS - ok
01:38:35.0226 2416  [ E1E36FEFD45849A95F1AB81DE0159FE3 ] LSI_SCSI        C:\Windows\system32\drivers\lsi_scsi.sys
01:38:35.0257 2416  LSI_SCSI - ok
01:38:35.0304 2416  [ 8F5C7426567798E62A3B3614965D62CC ] luafv           C:\Windows\system32\drivers\luafv.sys
01:38:35.0382 2416  luafv - ok
01:38:35.0413 2416  [ D153B14FC6598EAE8422A2037553ADCE ] megasas         C:\Windows\system32\drivers\megasas.sys
01:38:35.0460 2416  megasas - ok
01:38:35.0491 2416  [ 1076FFCFFAAE8385FD62DFCB25AC4708 ] MMCSS           C:\Windows\system32\mmcss.dll
01:38:35.0585 2416  MMCSS - ok
01:38:35.0616 2416  [ E13B5EA0F51BA5B1512EC671393D09BA ] Modem           C:\Windows\system32\drivers\modem.sys
01:38:35.0694 2416  Modem - ok
01:38:35.0741 2416  [ 0A9BB33B56E294F686ABB7C1E4E2D8A8 ] monitor         C:\Windows\system32\DRIVERS\monitor.sys
01:38:35.0803 2416  monitor - ok
01:38:35.0835 2416  [ 5BF6A1326A335C5298477754A506D263 ] mouclass        C:\Windows\system32\DRIVERS\mouclass.sys
01:38:35.0866 2416  mouclass - ok
01:38:35.0897 2416  [ A3A6DFF7E9E757DB3DF51A833BC28885 ] mouhid          C:\Windows\system32\drivers\mouhid.sys
01:38:36.0022 2416  mouhid - ok
01:38:36.0053 2416  [ BDAFC88AA6B92F7842416EA6A48E1600 ] MountMgr        C:\Windows\system32\drivers\mountmgr.sys
01:38:36.0084 2416  MountMgr - ok
01:38:36.0162 2416  [ CB8AF049AC9BE419A77ADAE288673359 ] MozillaMaintenance C:\Program Files\Mozilla Maintenance Service\maintenanceservice.exe
01:38:36.0193 2416  MozillaMaintenance - ok
01:38:36.0225 2416  [ 583A41F26278D9E0EA548163D6139397 ] mpio            C:\Windows\system32\drivers\mpio.sys
01:38:36.0256 2416  mpio - ok
01:38:36.0287 2416  [ 22241FEBA9B2DEFA669C8CB0A8DD7D2E ] mpsdrv          C:\Windows\system32\drivers\mpsdrv.sys
01:38:36.0349 2416  mpsdrv - ok
01:38:36.0412 2416  [ 5DE62C6E9108F14F6794060A9BDECAEC ] MpsSvc          C:\Windows\system32\mpssvc.dll
01:38:36.0490 2416  MpsSvc - ok
01:38:36.0521 2416  [ 4FBBB70D30FD20EC51F80061703B001E ] Mraid35x        C:\Windows\system32\drivers\mraid35x.sys
01:38:36.0552 2416  Mraid35x - ok
01:38:36.0599 2416  [ 82CEA0395524AACFEB58BA1448E8325C ] MRxDAV          C:\Windows\system32\drivers\mrxdav.sys
01:38:36.0661 2416  MRxDAV - ok
01:38:36.0708 2416  [ 1E94971C4B446AB2290DEB71D01CF0C2 ] mrxsmb          C:\Windows\system32\DRIVERS\mrxsmb.sys
01:38:36.0755 2416  mrxsmb - ok
01:38:36.0802 2416  [ 4FCCB34D793B116423209C0F8B7A3B03 ] mrxsmb10        C:\Windows\system32\DRIVERS\mrxsmb10.sys
01:38:36.0864 2416  mrxsmb10 - ok
01:38:36.0911 2416  [ C3CB1B40AD4A0124D617A1199B0B9D7C ] mrxsmb20        C:\Windows\system32\DRIVERS\mrxsmb20.sys
01:38:36.0958 2416  mrxsmb20 - ok
01:38:36.0973 2416  [ 86068B8B54A5EB092F51657F00B2222A ] msahci          C:\Windows\system32\drivers\msahci.sys
01:38:37.0020 2416  msahci - ok
01:38:37.0036 2416  [ 3FC82A2AE4CC149165A94699183D3028 ] msdsm           C:\Windows\system32\drivers\msdsm.sys
01:38:37.0083 2416  msdsm - ok
01:38:37.0129 2416  [ FD7520CC3A80C5FC8C48852BB24C6DED ] MSDTC           C:\Windows\System32\msdtc.exe
01:38:37.0192 2416  MSDTC - ok
01:38:37.0270 2416  [ A9927F4A46B816C92F461ACB90CF8515 ] Msfs            C:\Windows\system32\drivers\Msfs.sys
01:38:37.0348 2416  Msfs - ok
01:38:37.0410 2416  [ 0F400E306F385C56317357D6DEA56F62 ] msisadrv        C:\Windows\system32\drivers\msisadrv.sys
01:38:37.0441 2416  msisadrv - ok
01:38:37.0488 2416  [ 85466C0757A23D9A9AECDC0755203CB2 ] MSiSCSI         C:\Windows\system32\iscsiexe.dll
01:38:37.0566 2416  MSiSCSI - ok
01:38:37.0582 2416  msiserver - ok
01:38:37.0629 2416  [ D8C63D34D9C9E56C059E24EC7185CC07 ] MSKSSRV         C:\Windows\system32\drivers\MSKSSRV.sys
01:38:37.0707 2416  MSKSSRV - ok
01:38:37.0738 2416  [ 1D373C90D62DDB641D50E55B9E78D65E ] MSPCLOCK        C:\Windows\system32\drivers\MSPCLOCK.sys
01:38:37.0816 2416  MSPCLOCK - ok
01:38:37.0831 2416  [ B572DA05BF4E098D4BBA3A4734FB505B ] MSPQM           C:\Windows\system32\drivers\MSPQM.sys
01:38:37.0909 2416  MSPQM - ok
01:38:37.0956 2416  [ B49456D70555DE905C311BCDA6EC6ADB ] MsRPC           C:\Windows\system32\drivers\MsRPC.sys
01:38:38.0003 2416  MsRPC - ok
01:38:38.0034 2416  [ E384487CB84BE41D09711C30CA79646C ] mssmbios        C:\Windows\system32\DRIVERS\mssmbios.sys
01:38:38.0065 2416  mssmbios - ok
01:38:38.0065 2416  [ 7199C1EEC1E4993CAF96B8C0A26BD58A ] MSTEE           C:\Windows\system32\drivers\MSTEE.sys
01:38:38.0159 2416  MSTEE - ok
01:38:38.0206 2416  [ 6A57B5733D4CB702C8EA4542E836B96C ] Mup             C:\Windows\system32\Drivers\mup.sys
01:38:38.0237 2416  Mup - ok
01:38:38.0284 2416  [ E4EAF0C5C1B41B5C83386CF212CA9584 ] napagent        C:\Windows\system32\qagentRT.dll
01:38:38.0346 2416  napagent - ok
01:38:38.0409 2416  [ 85C44FDFF9CF7E72A40DCB7EC06A4416 ] NativeWifiP     C:\Windows\system32\DRIVERS\nwifi.sys
01:38:38.0455 2416  NativeWifiP - ok
01:38:38.0518 2416  [ 1357274D1883F68300AEADD15D7BBB42 ] NDIS            C:\Windows\system32\drivers\ndis.sys
01:38:38.0580 2416  NDIS - ok
01:38:38.0611 2416  [ 0E186E90404980569FB449BA7519AE61 ] NdisTapi        C:\Windows\system32\DRIVERS\ndistapi.sys
01:38:38.0674 2416  NdisTapi - ok
01:38:38.0689 2416  [ D6973AA34C4D5D76C0430B181C3CD389 ] Ndisuio         C:\Windows\system32\DRIVERS\ndisuio.sys
01:38:38.0767 2416  Ndisuio - ok
01:38:38.0783 2416  [ 818F648618AE34F729FDB47EC68345C3 ] NdisWan         C:\Windows\system32\DRIVERS\ndiswan.sys
01:38:38.0845 2416  NdisWan - ok
01:38:38.0877 2416  [ 71DAB552B41936358F3B541AE5997FB3 ] NDProxy         C:\Windows\system32\drivers\NDProxy.sys
01:38:38.0939 2416  NDProxy - ok
01:38:39.0001 2416  [ A081CB6FB9A12668F233EB5414BE3A0E ] Net Driver HPZ12 C:\Windows\system32\HPZinw12.dll
01:38:39.0017 2416  Net Driver HPZ12 ( UnsignedFile.Multi.Generic ) - warning
01:38:39.0017 2416  Net Driver HPZ12 - detected UnsignedFile.Multi.Generic (1)
01:38:39.0048 2416  [ BCD093A5A6777CF626434568DC7DBA78 ] NetBIOS         C:\Windows\system32\DRIVERS\netbios.sys
01:38:39.0111 2416  NetBIOS - ok
01:38:39.0142 2416  [ ECD64230A59CBD93C85F1CD1CAB9F3F6 ] netbt           C:\Windows\system32\DRIVERS\netbt.sys
01:38:39.0220 2416  netbt - ok
01:38:39.0251 2416  [ A3E186B4B935905B829219502557314E ] Netlogon        C:\Windows\system32\lsass.exe
01:38:39.0282 2416  Netlogon - ok
01:38:39.0313 2416  [ C8052711DAECC48B982434C5116CA401 ] Netman          C:\Windows\System32\netman.dll
01:38:39.0391 2416  Netman - ok
01:38:39.0438 2416  [ 2EF3BBE22E5A5ACD1428EE387A0D0172 ] netprofm        C:\Windows\System32\netprofm.dll
01:38:39.0516 2416  netprofm - ok
01:38:39.0563 2416  [ D6C4E4A39A36029AC0813D476FBD0248 ] NetTcpPortSharing C:\Windows\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\SMSvcHost.exe
01:38:39.0594 2416  NetTcpPortSharing - ok
01:38:39.0641 2416  [ 2E7FB731D4790A1BC6270ACCEFACB36E ] nfrd960         C:\Windows\system32\drivers\nfrd960.sys
01:38:39.0672 2416  nfrd960 - ok
01:38:39.0703 2416  [ 2997B15415F9BBE05B5A4C1C85E0C6A2 ] NlaSvc          C:\Windows\System32\nlasvc.dll
01:38:39.0797 2416  NlaSvc - ok
01:38:39.0859 2416  [ D36F239D7CCE1931598E8FB90A0DBC26 ] Npfs            C:\Windows\system32\drivers\Npfs.sys
01:38:39.0906 2416  Npfs - ok
01:38:39.0953 2416  [ 8BB86F0C7EEA2BDED6FE095D0B4CA9BD ] nsi             C:\Windows\system32\nsisvc.dll
01:38:40.0047 2416  nsi - ok
01:38:40.0062 2416  [ 609773E344A97410CE4EBF74A8914FCF ] nsiproxy        C:\Windows\system32\drivers\nsiproxy.sys
01:38:40.0140 2416  nsiproxy - ok
01:38:40.0218 2416  [ 6A4A98CEE84CF9E99564510DDA4BAA47 ] Ntfs            C:\Windows\system32\drivers\Ntfs.sys
01:38:40.0359 2416  Ntfs - ok
01:38:40.0405 2416  [ E875C093AEC0C978A90F30C9E0DFBB72 ] ntrigdigi       C:\Windows\system32\drivers\ntrigdigi.sys
01:38:40.0515 2416  ntrigdigi - ok
01:38:40.0546 2416  [ C5DBBCDA07D780BDA9B685DF333BB41E ] Null            C:\Windows\system32\drivers\Null.sys
01:38:40.0608 2416  Null - ok
01:38:40.0639 2416  [ 6F785DB62A6D8F3FAFD3E5695277E849 ] nvraid          C:\Windows\system32\drivers\nvraid.sys
01:38:40.0717 2416  nvraid - ok
01:38:40.0733 2416  [ 4A5FCAB82D9BF6AF8A023A66802FE9E9 ] nvstor          C:\Windows\system32\drivers\nvstor.sys
01:38:40.0780 2416  nvstor - ok
01:38:40.0811 2416  [ 07C186427EB8FCC3D8D7927187F260F7 ] nv_agp          C:\Windows\system32\drivers\nv_agp.sys
01:38:40.0842 2416  nv_agp - ok
01:38:40.0858 2416  NwlnkFlt - ok
01:38:40.0873 2416  NwlnkFwd - ok
01:38:40.0905 2416  [ BE32DA025A0BE1878F0EE8D6D9386CD5 ] ohci1394        C:\Windows\system32\drivers\ohci1394.sys
01:38:41.0014 2416  ohci1394 - ok
01:38:41.0107 2416  [ DA345DE3B450E9E1691E7B9956D8FFC3 ] OMSI download service C:\Program Files\Sony Ericsson\Sony Ericsson PC Suite\SupServ.exe
01:38:41.0123 2416  OMSI download service ( UnsignedFile.Multi.Generic ) - warning
01:38:41.0123 2416  OMSI download service - detected UnsignedFile.Multi.Generic (1)
01:38:41.0185 2416  [ 0C8E8E61AD1EB0B250B846712C917506 ] p2pimsvc        C:\Windows\system32\p2psvc.dll
01:38:41.0341 2416  p2pimsvc - ok
01:38:41.0357 2416  [ 0C8E8E61AD1EB0B250B846712C917506 ] p2psvc          C:\Windows\system32\p2psvc.dll
01:38:41.0419 2416  p2psvc - ok
01:38:41.0482 2416  [ DCA942C0A19A0AD2ABCD9ACF94EB4B10 ] PAC207          C:\Windows\system32\DRIVERS\PFC027.SYS
01:38:41.0560 2416  PAC207 - ok
01:38:41.0591 2416  [ 0FA9B5055484649D63C303FE404E5F4D ] Parport         C:\Windows\system32\drivers\parport.sys
01:38:41.0716 2416  Parport - ok
01:38:41.0763 2416  [ B9C2B89F08670E159F7181891E449CD9 ] partmgr         C:\Windows\system32\drivers\partmgr.sys
01:38:41.0794 2416  partmgr - ok
01:38:41.0809 2416  [ 4F9A6A8A31413180D0FCB279AD5D8112 ] Parvdm          C:\Windows\system32\drivers\parvdm.sys
01:38:41.0919 2416  Parvdm - ok
01:38:41.0965 2416  [ C6276AD11F4BB49B58AA1ED88537F14A ] PcaSvc          C:\Windows\System32\pcasvc.dll
01:38:42.0012 2416  PcaSvc - ok
01:38:42.0059 2416  [ 941DC1D19E7E8620F40BBC206981EFDB ] pci             C:\Windows\system32\drivers\pci.sys
01:38:42.0106 2416  pci - ok
01:38:42.0168 2416  [ 1636D43F10416AEB483BC6001097B26C ] pciide          C:\Windows\system32\drivers\pciide.sys
01:38:42.0199 2416  pciide - ok
01:38:42.0231 2416  [ E6F3FB1B86AA519E7698AD05E58B04E5 ] pcmcia          C:\Windows\system32\drivers\pcmcia.sys
01:38:42.0262 2416  pcmcia - ok
01:38:42.0340 2416  [ 6349F6ED9C623B44B52EA3C63C831A92 ] PEAUTH          C:\Windows\system32\drivers\peauth.sys
01:38:42.0511 2416  PEAUTH - ok
01:38:42.0699 2416  [ B1689DF169143F57053F795390C99DB3 ] pla             C:\Windows\system32\pla.dll
01:38:42.0855 2416  pla - ok
01:38:42.0917 2416  [ C5E7F8A996EC0A82D508FD9064A5569E ] PlugPlay        C:\Windows\system32\umpnpmgr.dll
01:38:42.0964 2416  PlugPlay - ok
01:38:42.0995 2416  [ 65BC271F337637731D3C71455AE1F476 ] Pml Driver HPZ12 C:\Windows\system32\HPZipm12.dll
01:38:43.0026 2416  Pml Driver HPZ12 ( UnsignedFile.Multi.Generic ) - warning
01:38:43.0026 2416  Pml Driver HPZ12 - detected UnsignedFile.Multi.Generic (1)
01:38:43.0057 2416  [ 0C8E8E61AD1EB0B250B846712C917506 ] PNRPAutoReg     C:\Windows\system32\p2psvc.dll
01:38:43.0120 2416  PNRPAutoReg - ok
01:38:43.0167 2416  [ 0C8E8E61AD1EB0B250B846712C917506 ] PNRPsvc         C:\Windows\system32\p2psvc.dll
01:38:43.0213 2416  PNRPsvc - ok
01:38:43.0291 2416  [ D0494460421A03CD5225CCA0059AA146 ] PolicyAgent     C:\Windows\System32\ipsecsvc.dll
01:38:43.0385 2416  PolicyAgent - ok
01:38:43.0447 2416  [ ECFFFAEC0C1ECD8DBC77F39070EA1DB1 ] PptpMiniport    C:\Windows\system32\DRIVERS\raspptp.sys
01:38:43.0525 2416  PptpMiniport - ok
01:38:43.0572 2416  [ 0E3CEF5D28B40CF273281D620C50700A ] Processor       C:\Windows\system32\drivers\processr.sys
01:38:43.0713 2416  Processor - ok
01:38:43.0759 2416  [ 0508FAA222D28835310B7BFCA7A77346 ] ProfSvc         C:\Windows\system32\profsvc.dll
01:38:43.0837 2416  ProfSvc - ok
01:38:43.0869 2416  [ A3E186B4B935905B829219502557314E ] ProtectedStorage C:\Windows\system32\lsass.exe
01:38:43.0915 2416  ProtectedStorage - ok
01:38:44.0040 2416  [ 99514FAA8DF93D34B5589187DB3AA0BA ] PSched          C:\Windows\system32\DRIVERS\pacer.sys
01:38:44.0134 2416  PSched - ok
01:38:44.0181 2416  [ CCDAC889326317792480C0A67156A1EC ] ql2300          C:\Windows\system32\drivers\ql2300.sys
01:38:44.0305 2416  ql2300 - ok
01:38:44.0337 2416  [ 81A7E5C076E59995D54BC1ED3A16E60B ] ql40xx          C:\Windows\system32\drivers\ql40xx.sys
01:38:44.0368 2416  ql40xx - ok
01:38:44.0415 2416  [ E9ECAE663F47E6CB43962D18AB18890F ] QWAVE           C:\Windows\system32\qwave.dll
01:38:44.0477 2416  QWAVE - ok
01:38:44.0508 2416  [ 9F5E0E1926014D17486901C88ECA2DB7 ] QWAVEdrv        C:\Windows\system32\drivers\qwavedrv.sys
01:38:44.0539 2416  QWAVEdrv - ok
01:38:44.0571 2416  [ 147D7F9C556D259924351FEB0DE606C3 ] RasAcd          C:\Windows\system32\DRIVERS\rasacd.sys
01:38:44.0649 2416  RasAcd - ok
01:38:44.0664 2416  [ F6A452EB4CEADBB51C9E0EE6B3ECEF0F ] RasAuto         C:\Windows\System32\rasauto.dll
01:38:44.0727 2416  RasAuto - ok
01:38:44.0789 2416  [ A214ADBAF4CB47DD2728859EF31F26B0 ] Rasl2tp         C:\Windows\system32\DRIVERS\rasl2tp.sys
01:38:44.0867 2416  Rasl2tp - ok
01:38:44.0914 2416  [ 75D47445D70CA6F9F894B032FBC64FCF ] RasMan          C:\Windows\System32\rasmans.dll
01:38:44.0976 2416  RasMan - ok
01:38:45.0101 2416  [ 509A98DD18AF4375E1FC40BC175F1DEF ] RasPppoe        C:\Windows\system32\DRIVERS\raspppoe.sys
01:38:45.0179 2416  RasPppoe - ok
01:38:45.0210 2416  [ 2005F4A1E05FA09389AC85840F0A9E4D ] RasSstp         C:\Windows\system32\DRIVERS\rassstp.sys
01:38:45.0257 2416  RasSstp - ok
01:38:45.0335 2416  [ B14C9D5B9ADD2F84F70570BBBFAA7935 ] rdbss           C:\Windows\system32\DRIVERS\rdbss.sys
01:38:45.0413 2416  rdbss - ok
01:38:45.0460 2416  [ 89E59BE9A564262A3FB6C4F4F1CD9899 ] RDPCDD          C:\Windows\system32\DRIVERS\RDPCDD.sys
01:38:45.0522 2416  RDPCDD - ok
01:38:45.0616 2416  [ 943B18305EAE3935598A9B4A3D560B4C ] rdpdr           C:\Windows\system32\DRIVERS\rdpdr.sys
01:38:45.0694 2416  rdpdr - ok
01:38:45.0725 2416  [ 9D91FE5286F748862ECFFA05F8A0710C ] RDPENCDD        C:\Windows\system32\drivers\rdpencdd.sys
01:38:45.0819 2416  RDPENCDD - ok
01:38:46.0006 2416  [ C127EBD5AFAB31524662C48DFCEB773A ] RDPWD           C:\Windows\system32\drivers\RDPWD.sys
01:38:46.0115 2416  RDPWD - ok
01:38:46.0177 2416  [ BCDD6B4804D06B1F7EBF29E53A57ECE9 ] RemoteAccess    C:\Windows\System32\mprdim.dll
01:38:46.0271 2416  RemoteAccess - ok
01:38:46.0318 2416  [ 9E6894EA18DAFF37B63E1005F83AE4AB ] RemoteRegistry  C:\Windows\system32\regsvc.dll
01:38:46.0380 2416  RemoteRegistry - ok
01:38:46.0443 2416  [ 5123F83CBC4349D065534EEB6BBDC42B ] RpcLocator      C:\Windows\system32\locator.exe
01:38:46.0474 2416  RpcLocator - ok
01:38:46.0661 2416  [ 3B5B4D53FEC14F7476CA29A20CC31AC9 ] RpcSs           C:\Windows\system32\rpcss.dll
01:38:46.0755 2416  RpcSs - ok
01:38:46.0817 2416  [ 9C508F4074A39E8B4B31D27198146FAD ] rspndr          C:\Windows\system32\DRIVERS\rspndr.sys
01:38:46.0879 2416  rspndr - ok
01:38:46.0942 2416  [ 59509AD6CBC28F2C73056268985B3E48 ] s0016bus        C:\Windows\system32\DRIVERS\s0016bus.sys
01:38:46.0973 2416  s0016bus - ok
01:38:47.0004 2416  [ B98C3A6F91F4FBA285AF9606A240C6B4 ] s0016mdfl       C:\Windows\system32\DRIVERS\s0016mdfl.sys
01:38:47.0035 2416  s0016mdfl - ok
01:38:47.0082 2416  [ 8A83426F4FB7B5212825D9DE76368B1A ] s0016mdm        C:\Windows\system32\DRIVERS\s0016mdm.sys
01:38:47.0113 2416  s0016mdm - ok
01:38:47.0145 2416  [ 7A78BBA97FEB5E6D24C49E93A3BF7287 ] s0016mgmt       C:\Windows\system32\DRIVERS\s0016mgmt.sys
01:38:47.0176 2416  s0016mgmt - ok
01:38:47.0191 2416  [ 34EF7B5F611957B73E7219DD5A222AD1 ] s0016nd5        C:\Windows\system32\DRIVERS\s0016nd5.sys
01:38:47.0223 2416  s0016nd5 - ok
01:38:47.0238 2416  [ 36792935847143E4A3CDA0DC87248487 ] s0016obex       C:\Windows\system32\DRIVERS\s0016obex.sys
01:38:47.0269 2416  s0016obex - ok
01:38:47.0285 2416  [ 927208754FB27FC3E7A659E77500C5D1 ] s0016unic       C:\Windows\system32\DRIVERS\s0016unic.sys
01:38:47.0316 2416  s0016unic - ok
01:38:47.0347 2416  [ A3E186B4B935905B829219502557314E ] SamSs           C:\Windows\system32\lsass.exe
01:38:47.0379 2416  SamSs - ok
01:38:47.0410 2416  [ 3CE8F073A557E172B330109436984E30 ] sbp2port        C:\Windows\system32\drivers\sbp2port.sys
01:38:47.0441 2416  sbp2port - ok
01:38:47.0488 2416  [ 77B7A11A0C3D78D3386398FBBEA1B632 ] SCardSvr        C:\Windows\System32\SCardSvr.dll
01:38:47.0550 2416  SCardSvr - ok
01:38:47.0613 2416  [ 1A58069DB21D05EB2AB58EE5753EBE8D ] Schedule        C:\Windows\system32\schedsvc.dll
01:38:47.0691 2416  Schedule - ok
01:38:47.0706 2416  [ 312EC3E37A0A1F2006534913E37B4423 ] SCPolicySvc     C:\Windows\System32\certprop.dll
01:38:47.0769 2416  SCPolicySvc - ok
01:38:47.0815 2416  [ 716313D9F6B0529D03F726D5AAF6F191 ] SDRSVC          C:\Windows\System32\SDRSVC.dll
01:38:47.0878 2416  SDRSVC - ok
01:38:47.0909 2416  [ 59A9EB4073A39895AF314780D0A032FA ] SE27bus         C:\Windows\system32\DRIVERS\SE27bus.sys
01:38:47.0940 2416  SE27bus ( UnsignedFile.Multi.Generic ) - warning
01:38:47.0940 2416  SE27bus - detected UnsignedFile.Multi.Generic (1)
01:38:47.0971 2416  [ 90A3935D05B494A5A39D37E71F09A677 ] secdrv          C:\Windows\system32\drivers\secdrv.sys
01:38:48.0081 2416  secdrv - ok
01:38:48.0096 2416  [ FD5199D4D8A521005E4B5EE7FE00FA9B ] seclogon        C:\Windows\system32\seclogon.dll
01:38:48.0174 2416  seclogon - ok
01:38:48.0221 2416  [ A9BBAB5759771E523F55563D6CBE140F ] SENS            C:\Windows\System32\sens.dll
01:38:48.0299 2416  SENS - ok
01:38:48.0330 2416  [ 68E44E331D46F0FB38F0863A84CD1A31 ] Serenum         C:\Windows\system32\drivers\serenum.sys
01:38:48.0439 2416  Serenum - ok
01:38:48.0471 2416  [ C70D69A918B178D3C3B06339B40C2E1B ] Serial          C:\Windows\system32\drivers\serial.sys
01:38:48.0595 2416  Serial - ok
01:38:48.0642 2416  [ 8AF3D28A879BF75DB53A0EE7A4289624 ] sermouse        C:\Windows\system32\drivers\sermouse.sys
01:38:48.0705 2416  sermouse - ok
01:38:48.0751 2416  [ D2193326F729B163125610DBF3E17D57 ] SessionEnv      C:\Windows\system32\sessenv.dll
01:38:48.0829 2416  SessionEnv - ok
01:38:48.0845 2416  [ 51CF56AA8BCC241F134B420B8F850406 ] sffdisk         C:\Windows\system32\drivers\sffdisk.sys
01:38:48.0892 2416  sffdisk - ok
01:38:48.0907 2416  [ 96DED8B20C734AC41641CE275250E55D ] sffp_mmc        C:\Windows\system32\drivers\sffp_mmc.sys
01:38:48.0939 2416  sffp_mmc - ok
01:38:48.0970 2416  [ 8B08CAB1267B2C377883FC9E56981F90 ] sffp_sd         C:\Windows\system32\drivers\sffp_sd.sys
01:38:49.0001 2416  sffp_sd - ok
01:38:49.0017 2416  [ 46ED8E91793B2E6F848015445A0AC188 ] sfloppy         C:\Windows\system32\drivers\sfloppy.sys
01:38:49.0157 2416  sfloppy - ok
01:38:49.0282 2416  [ E1499BD0FF76B1B2FBBF1AF339D91165 ] SharedAccess    C:\Windows\System32\ipnathlp.dll
01:38:49.0360 2416  SharedAccess - ok
01:38:49.0407 2416  [ C7230FBEE14437716701C15BE02C27B8 ] ShellHWDetection C:\Windows\System32\shsvcs.dll
01:38:49.0469 2416  ShellHWDetection - ok
01:38:49.0531 2416  [ 98506361720D79C108377CBD2904ECB8 ] SiS6350         C:\Windows\system32\DRIVERS\SISGRKMD.sys
01:38:49.0578 2416  SiS6350 - ok
01:38:49.0609 2416  [ DF1AF7F5F1EC7800B3AC398ACC06C754 ] SISAGP          C:\Windows\system32\DRIVERS\SISAGPX.sys
01:38:49.0656 2416  SISAGP - ok
01:38:49.0703 2416  [ 7A83BA25421C3254B4A133F2EC7C46AD ] SiSGbeLH        C:\Windows\system32\DRIVERS\SiSGB6.sys
01:38:49.0765 2416  SiSGbeLH - ok
01:38:49.0797 2416  [ CEDD6F4E7D84E9F98B34B3FE988373AA ] SiSRaid2        C:\Windows\system32\drivers\sisraid2.sys
01:38:49.0828 2416  SiSRaid2 - ok
01:38:49.0859 2416  [ DF843C528C4F69D12CE41CE462E973A7 ] SiSRaid4        C:\Windows\system32\drivers\sisraid4.sys
01:38:49.0890 2416  SiSRaid4 - ok
01:38:50.0109 2416  [ 753D254205E0A62100A050BD8B458D06 ] Skype C2C Service C:\ProgramData\Skype\Toolbars\Skype C2C Service\c2c_service.exe
01:38:50.0483 2416  Skype C2C Service - ok
01:38:50.0577 2416  [ DDAA5F4A6B958FC313EBD02DD925752F ] SkypeUpdate     C:\Program Files\Skype\Updater\Updater.exe
01:38:50.0608 2416  SkypeUpdate - ok
01:38:50.0811 2416  [ 862BB4CBC05D80C5B45BE430E5EF872F ] slsvc           C:\Windows\system32\SLsvc.exe
01:38:51.0107 2416  slsvc - ok
01:38:51.0154 2416  [ 6EDC422215CD78AA8A9CDE6B30ABBD35 ] SLUINotify      C:\Windows\system32\SLUINotify.dll
01:38:51.0232 2416  SLUINotify - ok
01:38:51.0263 2416  [ 7B75299A4D201D6A6533603D6914AB04 ] Smb             C:\Windows\system32\DRIVERS\smb.sys
01:38:51.0310 2416  Smb - ok
01:38:51.0372 2416  [ 2A146A055B4401C16EE62D18B8E2A032 ] SNMPTRAP        C:\Windows\System32\snmptrap.exe
01:38:51.0403 2416  SNMPTRAP - ok
01:38:51.0481 2416  [ 5177D14A78E60FD61DCFC6B388E7E971 ] Sony PC Companion C:\Program Files\Sony\Sony PC Companion\PCCService.exe
01:38:51.0513 2416  Sony PC Companion - ok
01:38:51.0544 2416  [ 7AEBDEEF071FE28B0EEF2CDD69102BFF ] spldr           C:\Windows\system32\drivers\spldr.sys
01:38:51.0591 2416  spldr - ok
01:38:51.0637 2416  [ 8554097E5136C3BF9F69FE578A1B35F4 ] Spooler         C:\Windows\System32\spoolsv.exe
01:38:51.0669 2416  Spooler - ok
01:38:51.0715 2416  [ 41987F9FC0E61ADF54F581E15029AD91 ] srv             C:\Windows\system32\DRIVERS\srv.sys
01:38:51.0793 2416  srv - ok
01:38:51.0840 2416  [ FF33AFF99564B1AA534F58868CBE41EF ] srv2            C:\Windows\system32\DRIVERS\srv2.sys
01:38:51.0887 2416  srv2 - ok
01:38:51.0934 2416  [ 7605C0E1D01A08F3ECD743F38B834A44 ] srvnet          C:\Windows\system32\DRIVERS\srvnet.sys
01:38:51.0981 2416  srvnet - ok
01:38:52.0012 2416  [ 03D50B37234967433A5EA5BA72BC0B62 ] SSDPSRV         C:\Windows\System32\ssdpsrv.dll
01:38:52.0090 2416  SSDPSRV - ok
01:38:52.0137 2416  [ A36EE93698802CD899F98BFD553D8185 ] ssmdrv          C:\Windows\system32\DRIVERS\ssmdrv.sys
01:38:52.0168 2416  ssmdrv - ok
01:38:52.0199 2416  [ 5F77725EC309DE1242D8EFC8E9259A9F ] SSPORT          C:\Windows\system32\Drivers\SSPORT.sys
01:38:52.0230 2416  SSPORT ( UnsignedFile.Multi.Generic ) - warning
01:38:52.0230 2416  SSPORT - detected UnsignedFile.Multi.Generic (1)
01:38:52.0261 2416  [ 6F1A32E7B7B30F004D9A20AFADB14944 ] SstpSvc         C:\Windows\system32\sstpsvc.dll
01:38:52.0324 2416  SstpSvc - ok
01:38:52.0371 2416  [ EF70B3D22B4BFFDA6EA851ECB063EFAA ] StillCam        C:\Windows\system32\DRIVERS\serscan.sys
01:38:52.0417 2416  StillCam - ok
01:38:52.0480 2416  [ 5DE7D67E49B88F5F07F3E53C4B92A352 ] stisvc          C:\Windows\System32\wiaservc.dll
01:38:52.0542 2416  stisvc - ok
01:38:52.0573 2416  [ 7BA58ECF0C0A9A69D44B3DCA62BECF56 ] swenum          C:\Windows\system32\DRIVERS\swenum.sys
01:38:52.0605 2416  swenum - ok
01:38:52.0651 2416  [ F21FD248040681CCA1FB6C9A03AAA93D ] swprv           C:\Windows\System32\swprv.dll
01:38:52.0745 2416  swprv - ok
01:38:52.0761 2416  [ 192AA3AC01DF071B541094F251DEED10 ] Symc8xx         C:\Windows\system32\drivers\symc8xx.sys
01:38:52.0792 2416  Symc8xx - ok
01:38:52.0823 2416  [ 8C8EB8C76736EBAF3B13B633B2E64125 ] Sym_hi          C:\Windows\system32\drivers\sym_hi.sys
01:38:52.0854 2416  Sym_hi - ok
01:38:52.0870 2416  [ 8072AF52B5FD103BBBA387A1E49F62CB ] Sym_u3          C:\Windows\system32\drivers\sym_u3.sys
01:38:52.0901 2416  Sym_u3 - ok
01:38:52.0963 2416  [ 9131B8AB722629A33649D6DEEE4FBFBE ] SynTP           C:\Windows\system32\DRIVERS\SynTP.sys
01:38:53.0010 2416  SynTP - ok
01:38:53.0041 2416  [ 9A51B04E9886AA4EE90093586B0BA88D ] SysMain         C:\Windows\system32\sysmain.dll
01:38:53.0260 2416  SysMain - ok
01:38:53.0322 2416  [ 2DCA225EAE15F42C0933E998EE0231C3 ] TabletInputService C:\Windows\System32\TabSvc.dll
01:38:53.0416 2416  TabletInputService - ok
01:38:53.0463 2416  [ D7673E4B38CE21EE54C59EEEB65E2483 ] TapiSrv         C:\Windows\System32\tapisrv.dll
01:38:53.0525 2416  TapiSrv - ok
01:38:53.0556 2416  [ CB05822CD9CC6C688168E113C603DBE7 ] TBS             C:\Windows\System32\tbssvc.dll
01:38:53.0650 2416  TBS - ok
01:38:53.0712 2416  [ 27D470DABC77BC60D0A3B0E4DEB6CB91 ] Tcpip           C:\Windows\system32\drivers\tcpip.sys
01:38:53.0821 2416  Tcpip - ok
01:38:53.0884 2416  [ 27D470DABC77BC60D0A3B0E4DEB6CB91 ] Tcpip6          C:\Windows\system32\DRIVERS\tcpip.sys
01:38:53.0977 2416  Tcpip6 - ok
01:38:54.0024 2416  [ 608C345A255D82A6289C2D468EB41FD7 ] tcpipreg        C:\Windows\system32\drivers\tcpipreg.sys
01:38:54.0055 2416  tcpipreg - ok
01:38:54.0102 2416  [ 5DCF5E267BE67A1AE926F2DF77FBCC56 ] TDPIPE          C:\Windows\system32\drivers\tdpipe.sys
01:38:54.0180 2416  TDPIPE - ok
01:38:54.0211 2416  [ 389C63E32B3CEFED425B61ED92D3F021 ] TDTCP           C:\Windows\system32\drivers\tdtcp.sys
01:38:54.0274 2416  TDTCP - ok
01:38:54.0289 2416  [ 76B06EB8A01FC8624D699E7045303E54 ] tdx             C:\Windows\system32\DRIVERS\tdx.sys
01:38:54.0367 2416  tdx - ok
01:38:54.0383 2416  [ 3CAD38910468EAB9A6479E2F01DB43C7 ] TermDD          C:\Windows\system32\DRIVERS\termdd.sys
01:38:54.0414 2416  TermDD - ok
01:38:54.0445 2416  [ BB95DA09BEF6E7A131BFF3BA5032090D ] TermService     C:\Windows\System32\termsrv.dll
01:38:54.0539 2416  TermService - ok
01:38:54.0586 2416  [ C7230FBEE14437716701C15BE02C27B8 ] Themes          C:\Windows\system32\shsvcs.dll
01:38:54.0633 2416  Themes - ok
01:38:54.0648 2416  [ 1076FFCFFAAE8385FD62DFCB25AC4708 ] THREADORDER     C:\Windows\system32\mmcss.dll
01:38:54.0711 2416  THREADORDER - ok
01:38:54.0757 2416  [ EC74E77D0EB004BD3A809B5F8FB8C2CE ] TrkWks          C:\Windows\System32\trkwks.dll
01:38:54.0820 2416  TrkWks - ok
01:38:54.0867 2416  [ 746B8CF9CEDEDDD865472544EDF626DA ] truecrypt       C:\Windows\system32\drivers\truecrypt.sys
01:38:54.0898 2416  truecrypt - ok
01:38:54.0945 2416  [ 97D9D6A04E3AD9B6C626B9931DB78DBA ] TrustedInstaller C:\Windows\servicing\TrustedInstaller.exe
01:38:54.0991 2416  TrustedInstaller - ok
01:38:55.0038 2416  [ DCF0F056A2E4F52287264F5AB29CF206 ] tssecsrv        C:\Windows\system32\DRIVERS\tssecsrv.sys
01:38:55.0116 2416  tssecsrv - ok
01:38:55.0163 2416  [ CAECC0120AC49E3D2F758B9169872D38 ] tunmp           C:\Windows\system32\DRIVERS\tunmp.sys
01:38:55.0194 2416  tunmp - ok
01:38:55.0225 2416  [ 300DB877AC094FEAB0BE7688C3454A9C ] tunnel          C:\Windows\system32\DRIVERS\tunnel.sys
01:38:55.0257 2416  tunnel - ok
01:38:55.0303 2416  [ C3ADE15414120033A36C0F293D4A4121 ] uagp35          C:\Windows\system32\DRIVERS\uagp35.sys
01:38:55.0335 2416  uagp35 - ok
01:38:55.0381 2416  [ D9728AF68C4C7693CB100B8441CBDEC6 ] udfs            C:\Windows\system32\DRIVERS\udfs.sys
01:38:55.0428 2416  udfs - ok
01:38:55.0491 2416  [ ECEF404F62863755951E09C802C94AD5 ] UI0Detect       C:\Windows\system32\UI0Detect.exe
01:38:55.0569 2416  UI0Detect - ok
01:38:55.0600 2416  [ 75E6890EBFCE0841D3291B02E7A8BDB0 ] uliagpkx        C:\Windows\system32\drivers\uliagpkx.sys
01:38:55.0631 2416  uliagpkx - ok
01:38:55.0662 2416  [ 3CD4EA35A6221B85DCC25DAA46313F8D ] uliahci         C:\Windows\system32\drivers\uliahci.sys
01:38:55.0709 2416  uliahci - ok
01:38:55.0725 2416  [ 8514D0E5CD0534467C5FC61BE94A569F ] UlSata          C:\Windows\system32\drivers\ulsata.sys
01:38:55.0771 2416  UlSata - ok
01:38:55.0787 2416  [ 38C3C6E62B157A6BC46594FADA45C62B ] ulsata2         C:\Windows\system32\drivers\ulsata2.sys
01:38:55.0834 2416  ulsata2 - ok
01:38:55.0881 2416  [ 32CFF9F809AE9AED85464492BF3E32D2 ] umbus           C:\Windows\system32\DRIVERS\umbus.sys
01:38:55.0959 2416  umbus - ok
01:38:55.0990 2416  [ 8A66360F38F81E960E2367B428CBD5D9 ] UmRdpService    C:\Windows\System32\umrdp.dll
01:38:56.0037 2416  UmRdpService - ok
01:38:56.0083 2416  [ 68308183F4AE0BE7BF8ECD07CB297999 ] upnphost        C:\Windows\System32\upnphost.dll
01:38:56.0177 2416  upnphost - ok
01:38:56.0224 2416  [ CAF811AE4C147FFCD5B51750C7F09142 ] usbccgp         C:\Windows\system32\DRIVERS\usbccgp.sys
01:38:56.0271 2416  usbccgp - ok
01:38:56.0302 2416  [ E9476E6C486E76BC4898074768FB7131 ] usbcir          C:\Windows\system32\drivers\usbcir.sys
01:38:56.0411 2416  usbcir - ok
01:38:56.0458 2416  [ 79E96C23A97CE7B8F14D310DA2DB0C9B ] usbehci         C:\Windows\system32\DRIVERS\usbehci.sys
01:38:56.0520 2416  usbehci - ok
01:38:56.0567 2416  [ 4673BBCB006AF60E7ABDDBE7A130BA42 ] usbhub          C:\Windows\system32\DRIVERS\usbhub.sys
01:38:56.0661 2416  usbhub - ok
01:38:56.0692 2416  [ CE697FEE0D479290D89BEC80DFE793B7 ] usbohci         C:\Windows\system32\DRIVERS\usbohci.sys
01:38:56.0754 2416  usbohci - ok
01:38:56.0801 2416  [ E75C4B5269091D15A2E7DC0B6D35F2F5 ] usbprint        C:\Windows\system32\DRIVERS\usbprint.sys
01:38:56.0863 2416  usbprint - ok
01:38:56.0926 2416  [ A508C9BD8724980512136B039BBA65E9 ] usbscan         C:\Windows\system32\DRIVERS\usbscan.sys
01:38:56.0988 2416  usbscan - ok
01:38:57.0004 2416  [ BE3DA31C191BC222D9AD503C5224F2AD ] USBSTOR         C:\Windows\system32\DRIVERS\USBSTOR.SYS
01:38:57.0066 2416  USBSTOR - ok
01:38:57.0097 2416  [ 325DBBACB8A36AF9988CCF40EAC228CC ] usbuhci         C:\Windows\system32\DRIVERS\usbuhci.sys
01:38:57.0207 2416  usbuhci - ok
01:38:57.0238 2416  [ E67998E8F14CB0627A769F6530BCB352 ] usbvideo        C:\Windows\system32\Drivers\usbvideo.sys
01:38:57.0316 2416  usbvideo - ok
01:38:57.0363 2416  [ 1509E705F3AC1D474C92454A5C2DD81F ] UxSms           C:\Windows\System32\uxsms.dll
01:38:57.0425 2416  UxSms - ok
01:38:57.0456 2416  [ FCE98C43B5C5DB8E0DA8EA0E2B45E044 ] VClone          C:\Windows\system32\DRIVERS\VClone.sys
01:38:57.0503 2416  VClone - ok
01:38:57.0534 2416  [ CD88D1B7776DC17A119049742EC07EB4 ] vds             C:\Windows\System32\vds.exe
01:38:57.0643 2416  vds - ok
01:38:57.0675 2416  [ 7D92BE0028ECDEDEC74617009084B5EF ] vga             C:\Windows\system32\DRIVERS\vgapnp.sys
01:38:57.0799 2416  vga - ok
01:38:57.0846 2416  [ 2E93AC0A1D8C79D019DB6C51F036636C ] VgaSave         C:\Windows\System32\drivers\vga.sys
01:38:57.0909 2416  VgaSave - ok
01:38:57.0924 2416  [ 045D9961E591CF0674A920B6BA3BA5CB ] viaagp          C:\Windows\system32\drivers\viaagp.sys
01:38:57.0955 2416  viaagp - ok
01:38:57.0987 2416  [ 56A4DE5F02F2E88182B0981119B4DD98 ] ViaC7           C:\Windows\system32\drivers\viac7.sys
01:38:58.0111 2416  ViaC7 - ok
01:38:58.0143 2416  [ 7AA7EC9A08DC2C39649C413B1A26E298 ] viaide          C:\Windows\system32\drivers\viaide.sys
01:38:58.0174 2416  viaide - ok
01:38:58.0189 2416  [ 69503668AC66C77C6CD7AF86FBDF8C43 ] volmgr          C:\Windows\system32\drivers\volmgr.sys
01:38:58.0236 2416  volmgr - ok
01:38:58.0283 2416  [ 23E41B834759917BFD6B9A0D625D0C28 ] volmgrx         C:\Windows\system32\drivers\volmgrx.sys
01:38:58.0345 2416  volmgrx - ok
01:38:58.0392 2416  [ 147281C01FCB1DF9252DE2A10D5E7093 ] volsnap         C:\Windows\system32\drivers\volsnap.sys
01:38:58.0501 2416  volsnap - ok
01:38:58.0517 2416  [ D984439746D42B30FC65A4C3546C6829 ] vsmraid         C:\Windows\system32\drivers\vsmraid.sys
01:38:58.0564 2416  vsmraid - ok
01:38:58.0642 2416  [ DB3D19F850C6EB32BDCB9BC0836ACDDB ] VSS             C:\Windows\system32\vssvc.exe
01:38:58.0751 2416  VSS - ok
01:38:58.0813 2416  [ 96EA68B9EB310A69C25EBB0282B2B9DE ] W32Time         C:\Windows\system32\w32time.dll
01:38:58.0891 2416  W32Time - ok
01:38:58.0923 2416  [ 48DFEE8F1AF7C8235D4E626F0C4FE031 ] WacomPen        C:\Windows\system32\drivers\wacompen.sys
01:38:59.0047 2416  WacomPen - ok
01:38:59.0094 2416  [ 55201897378CCA7AF8B5EFD874374A26 ] Wanarp          C:\Windows\system32\DRIVERS\wanarp.sys
01:38:59.0141 2416  Wanarp - ok
01:38:59.0157 2416  [ 55201897378CCA7AF8B5EFD874374A26 ] Wanarpv6        C:\Windows\system32\DRIVERS\wanarp.sys
01:38:59.0203 2416  Wanarpv6 - ok
01:38:59.0281 2416  [ 20B23332885DFB93FE0185362EE811E9 ] wbengine        C:\Windows\system32\wbengine.exe
01:38:59.0375 2416  wbengine - ok
01:38:59.0422 2416  [ A3CD60FD826381B49F03832590E069AF ] wcncsvc         C:\Windows\System32\wcncsvc.dll
01:38:59.0515 2416  wcncsvc - ok
01:38:59.0562 2416  [ 11BCB7AFCDD7AADACB5746F544D3A9C7 ] WcsPlugInService C:\Windows\System32\WcsPlugInService.dll
01:38:59.0640 2416  WcsPlugInService - ok
01:38:59.0687 2416  [ AFC5AD65B991C1E205CF25CFDBF7A6F4 ] Wd              C:\Windows\system32\drivers\wd.sys
01:38:59.0718 2416  Wd - ok
01:38:59.0781 2416  [ B6F0A7AD6D4BD325FBCD8BAC96CD8D96 ] Wdf01000        C:\Windows\system32\drivers\Wdf01000.sys
01:38:59.0843 2416  Wdf01000 - ok
01:38:59.0874 2416  [ ABFC76B48BB6C96E3338D8943C5D93B5 ] WdiServiceHost  C:\Windows\system32\wdi.dll
01:38:59.0952 2416  WdiServiceHost - ok
01:38:59.0968 2416  [ ABFC76B48BB6C96E3338D8943C5D93B5 ] WdiSystemHost   C:\Windows\system32\wdi.dll
01:39:00.0030 2416  WdiSystemHost - ok
01:39:00.0061 2416  [ 04C37D8107320312FBAE09926103D5E2 ] WebClient       C:\Windows\System32\webclnt.dll
01:39:00.0108 2416  WebClient - ok
01:39:00.0155 2416  [ AE3736E7E8892241C23E4EBBB7453B60 ] Wecsvc          C:\Windows\system32\wecsvc.dll
01:39:00.0217 2416  Wecsvc - ok
01:39:00.0233 2416  [ 670FF720071ED741206D69BD995EA453 ] wercplsupport   C:\Windows\System32\wercplsupport.dll
01:39:00.0311 2416  wercplsupport - ok
01:39:00.0358 2416  [ 32B88481D3B326DA6DEB07B1D03481E7 ] WerSvc          C:\Windows\System32\WerSvc.dll
01:39:00.0420 2416  WerSvc - ok
01:39:00.0498 2416  [ 4575AA12561C5648483403541D0D7F2B ] WinDefend       C:\Program Files\Windows Defender\mpsvc.dll
01:39:00.0529 2416  WinDefend - ok
01:39:00.0545 2416  WinHttpAutoProxySvc - ok
01:39:00.0623 2416  [ 6B2A1D0E80110E3D04E6863C6E62FD8A ] Winmgmt         C:\Windows\system32\wbem\WMIsvc.dll
01:39:00.0685 2416  Winmgmt - ok
01:39:00.0763 2416  [ 7CFE68BDC065E55AA5E8421607037511 ] WinRM           C:\Windows\system32\WsmSvc.dll
01:39:00.0888 2416  WinRM - ok
01:39:00.0951 2416  [ C008405E4FEEB069E30DA1D823910234 ] Wlansvc         C:\Windows\System32\wlansvc.dll
01:39:01.0013 2416  Wlansvc - ok
01:39:01.0060 2416  [ 701A9F884A294327E9141D73746EE279 ] WmiAcpi         C:\Windows\system32\drivers\wmiacpi.sys
01:39:01.0169 2416  WmiAcpi - ok
01:39:01.0216 2416  [ 43BE3875207DCB62A85C8C49970B66CC ] wmiApSrv        C:\Windows\system32\wbem\WmiApSrv.exe
01:39:01.0294 2416  wmiApSrv - ok
01:39:01.0387 2416  [ 3978704576A121A9204F8CC49A301A9B ] WMPNetworkSvc   C:\Program Files\Windows Media Player\wmpnetwk.exe
01:39:01.0512 2416  WMPNetworkSvc - ok
01:39:01.0559 2416  [ 801FBDB89D472B3C467EB112A0FC9246 ] WPDBusEnum      C:\Windows\system32\wpdbusenum.dll
01:39:01.0621 2416  WPDBusEnum - ok
01:39:01.0684 2416  [ DE9D36F91A4DF3D911626643DEBF11EA ] WpdUsb          C:\Windows\system32\DRIVERS\wpdusb.sys
01:39:01.0731 2416  WpdUsb - ok
01:39:01.0871 2416  [ DCF3E3EDF5109EE8BC02FE6E1F045795 ] WPFFontCache_v0400 C:\Windows\Microsoft.NET\Framework\v4.0.30319\WPF\WPFFontCache_v0400.exe
01:39:01.0949 2416  WPFFontCache_v0400 - ok
01:39:01.0996 2416  [ E3A3CB253C0EC2494D4A61F5E43A389C ] ws2ifsl         C:\Windows\system32\drivers\ws2ifsl.sys
01:39:02.0058 2416  ws2ifsl - ok
01:39:02.0105 2416  [ 1CA6C40261DDC0425987980D0CD2AAAB ] wscsvc          C:\Windows\System32\wscsvc.dll
01:39:02.0136 2416  wscsvc - ok
01:39:02.0152 2416  WSearch - ok
01:39:02.0277 2416  [ FC3EC24FCE372C89423E015A2AC1A31E ] wuauserv        C:\Windows\system32\wuaueng.dll
01:39:02.0448 2416  wuauserv - ok
01:39:02.0511 2416  [ AC13CB789D93412106B0FB6C7EB2BCB6 ] WUDFRd          C:\Windows\system32\DRIVERS\WUDFRd.sys
01:39:02.0573 2416  WUDFRd - ok
01:39:02.0620 2416  [ 575A4190D989F64732119E4114045A4F ] wudfsvc         C:\Windows\System32\WUDFSvc.dll
01:39:02.0713 2416  wudfsvc - ok
01:39:02.0760 2416  [ BDFA6A3A7CE1D083889B316A484A356A ] zntport         C:\Windows\system32\drivers\zntport.sys
01:39:02.0791 2416  zntport - ok
01:39:02.0823 2416  ================ Scan global ===============================
01:39:02.0885 2416  [ F31EEBC1A1C81FD04005489CC3DCDFE7 ] C:\Windows\system32\basesrv.dll
01:39:02.0916 2416  [ D2293B069E4B63DC17B2F08D45E71124 ] C:\Windows\system32\winsrv.dll
01:39:02.0963 2416  [ D2293B069E4B63DC17B2F08D45E71124 ] C:\Windows\system32\winsrv.dll
01:39:03.0010 2416  [ D4E6D91C1349B7BFB3599A6ADA56851B ] C:\Windows\system32\services.exe
01:39:03.0025 2416  [Global] - ok
01:39:03.0025 2416  ================ Scan MBR ==================================
01:39:03.0041 2416  [ 5C616939100B85E558DA92B899A0FC36 ] \Device\Harddisk0\DR0
01:39:03.0821 2416  \Device\Harddisk0\DR0 - ok
01:39:03.0821 2416  ================ Scan VBR ==================================
01:39:03.0821 2416  [ 4EF172DD7A4CD5924A084A0D200D08F7 ] \Device\Harddisk0\DR0\Partition1
01:39:03.0837 2416  \Device\Harddisk0\DR0\Partition1 - ok
01:39:03.0883 2416  [ 7DEB30EC83B59E080D7E47ECD9B29CFF ] \Device\Harddisk0\DR0\Partition2
01:39:03.0883 2416  \Device\Harddisk0\DR0\Partition2 - ok
01:39:03.0883 2416  ============================================================
01:39:03.0883 2416  Scan finished
01:39:03.0883 2416  ============================================================
01:39:03.0915 1940  Detected object count: 8
01:39:03.0915 1940  Actual detected object count: 8
01:39:29.0530 1940  DgiVecp ( UnsignedFile.Multi.Generic ) - skipped by user
01:39:29.0530 1940  DgiVecp ( UnsignedFile.Multi.Generic ) - User select action: Skip 
01:39:29.0530 1940  hpqcxs08 ( UnsignedFile.Multi.Generic ) - skipped by user
01:39:29.0530 1940  hpqcxs08 ( UnsignedFile.Multi.Generic ) - User select action: Skip 
01:39:29.0545 1940  hpqddsvc ( UnsignedFile.Multi.Generic ) - skipped by user
01:39:29.0545 1940  hpqddsvc ( UnsignedFile.Multi.Generic ) - User select action: Skip 
01:39:29.0545 1940  Net Driver HPZ12 ( UnsignedFile.Multi.Generic ) - skipped by user
01:39:29.0545 1940  Net Driver HPZ12 ( UnsignedFile.Multi.Generic ) - User select action: Skip 
01:39:29.0561 1940  OMSI download service ( UnsignedFile.Multi.Generic ) - skipped by user
01:39:29.0561 1940  OMSI download service ( UnsignedFile.Multi.Generic ) - User select action: Skip 
01:39:29.0561 1940  Pml Driver HPZ12 ( UnsignedFile.Multi.Generic ) - skipped by user
01:39:29.0561 1940  Pml Driver HPZ12 ( UnsignedFile.Multi.Generic ) - User select action: Skip 
01:39:29.0561 1940  SE27bus ( UnsignedFile.Multi.Generic ) - skipped by user
01:39:29.0561 1940  SE27bus ( UnsignedFile.Multi.Generic ) - User select action: Skip 
01:39:29.0561 1940  SSPORT ( UnsignedFile.Multi.Generic ) - skipped by user
01:39:29.0561 1940  SSPORT ( UnsignedFile.Multi.Generic ) - User select action: Skip
         

Alt 01.10.2012, 08:54   #22
cosinus
/// Winkelfunktion
/// TB-Süch-Tiger™
 
searchnu.com/410 - Standard

searchnu.com/410



Dann bitte jetzt CF ausführen:

ComboFix

Ein Leitfaden und Tutorium zur Nutzung von ComboFix
  • Schliesse alle Programme, vor allem dein Antivirenprogramm und andere Hintergrundwächter sowie deinen Internetbrowser.
  • Starte combofix.exe von deinem Desktop aus, bestätige die Warnmeldungen, führe die Updates durch (falls vorgeschlagen), installiere die Wiederherstellungskonsole (falls vorgeschlagen) und lass dein System durchsuchen.
    Vermeide es auch während Combofix läuft die Maus und Tastatur zu benutzen.
  • Im Anschluss öffnet sich automatisch eine combofix.txt, diesen Inhalt bitte kopieren ([Strg]a, [Strg]c) und in deinen Beitrag einfügen ([Strg]v). Die Datei findest du außerdem unter: C:\ComboFix.txt.
Wichtiger Hinweis:
Combofix darf ausschließlich ausgeführt werden, wenn ein Kompetenzler dies ausdrücklich empfohlen hat!

Es sollte nie auf eigene Initiative hin ausgeführt werden! Eine falsche Benutzung kann ernsthafte Computerprobleme nach sich ziehen und eine Bereinigung der Infektion noch erschweren.

Solltest du nach der Ausführung von Combofix Probleme beim Starten von Anwendungen haben und Meldungen erhalten wie

Zitat:
Es wurde versucht, einen Registrierungsschlüssel einem ungültigen Vorgang zu unterziehen, der zum Löschen markiert wurde.
startest du Windows dann manuell neu und die Fehlermeldungen sollten nicht mehr auftauchen.
__________________
Logfiles bitte immer in CODE-Tags posten

Alt 01.10.2012, 10:50   #23
Hina
 
searchnu.com/410 - Standard

searchnu.com/410



Hallo!
Hier die combofix-log...

Combofix Logfile:
Code:
ATTFilter
ComboFix 12-09-30.03 - konstrukt 01.10.2012  11:02:15.1.2 - x86
Microsoft® Windows Vista™ Business   6.0.6002.2.1252.49.1031.18.1916.1071 [GMT 2:00]
ausgeführt von:: c:\users\konstrukt\Desktop\ComboFix.exe
AV: Avira Desktop *Disabled/Updated* {F67B4DE5-C0B4-6C3F-0EFF-6C83BD5D0C2C}
SP: Avira Desktop *Disabled/Updated* {4D1AAC01-E68E-63B1-344F-57F1C6DA4691}
SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
.
((((((((((((((((((((((((((((((((((((   Weitere Löschungen   ))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\users\konstrukt\AppData\Local\assembly\tmp
.
.
(((((((((((((((((((((((   Dateien erstellt von 2012-09-01 bis 2012-10-01  ))))))))))))))))))))))))))))))
.
.
2012-10-01 09:09 . 2012-10-01 09:09	--------	d-----w-	c:\users\Default\AppData\Local\temp
2012-09-30 21:16 . 2012-09-30 21:16	56200	----a-w-	c:\programdata\Microsoft\Windows Defender\Definition Updates\{AE1DDFDF-4A6F-4C0B-944F-724178E6D951}\offreg.dll
2012-09-28 23:08 . 2012-09-28 23:08	--------	d-----w-	C:\_OTL
2012-09-28 13:20 . 2012-09-28 13:20	--------	d-----w-	c:\program files\ESET
2012-09-28 08:44 . 2012-08-30 08:17	6980552	----a-w-	c:\programdata\Microsoft\Windows Defender\Definition Updates\{AE1DDFDF-4A6F-4C0B-944F-724178E6D951}\mpengine.dll
2012-09-27 10:22 . 2012-09-27 10:22	--------	d-----w-	c:\program files\Malwarebytes' Anti-Malware
2012-09-27 10:22 . 2012-09-07 15:04	22856	----a-w-	c:\windows\system32\drivers\mbam.sys
2012-09-24 17:08 . 2012-09-24 17:08	--------	d-----w-	c:\program files\Common Files\DVDVideoSoft
2012-09-24 17:08 . 2012-09-24 17:08	--------	d-----w-	c:\program files\DVDVideoSoft
2012-09-24 17:06 . 2012-09-24 17:09	--------	d-----w-	c:\users\konstrukt\AppData\Roaming\DVDVideoSoft
2012-09-20 17:14 . 2012-09-20 17:14	--------	d-----w-	c:\users\konstrukt\AppData\Roaming\TrueCrypt
2012-09-11 09:43 . 2012-09-11 09:43	73696	----a-w-	c:\program files\Mozilla Firefox\breakpadinjector.dll
2012-09-06 16:52 . 2012-09-28 13:13	--------	d-----w-	c:\users\konstrukt\AppData\Roaming\F4
2012-09-06 16:50 . 2012-09-06 16:50	--------	d-----w-	c:\program files\f4_2012
2012-09-06 13:36 . 2012-09-06 13:36	--------	d-----w-	c:\users\konstrukt\AppData\Roaming\Avira
2012-09-06 13:29 . 2012-07-18 16:04	83392	----a-w-	c:\windows\system32\drivers\avgntflt.sys
2012-09-06 13:29 . 2012-07-18 16:04	36000	----a-w-	c:\windows\system32\drivers\avkmgr.sys
2012-09-06 13:29 . 2012-07-18 16:04	137928	----a-w-	c:\windows\system32\drivers\avipbb.sys
2012-09-06 13:29 . 2012-09-06 13:29	--------	d-----w-	c:\programdata\Avira
2012-09-06 13:29 . 2012-09-06 13:29	--------	d-----w-	c:\program files\Avira
2012-09-05 09:46 . 2012-09-05 09:46	--------	d-----w-	c:\program files\Common Files\Java
2012-09-05 09:46 . 2012-09-05 09:45	93672	----a-w-	c:\windows\system32\WindowsAccessBridge.dll
.
.
.
((((((((((((((((((((((((((((((((((((   Find3M Bericht   ))))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2012-09-05 09:45 . 2012-08-14 15:01	821736	----a-w-	c:\windows\system32\npDeployJava1.dll
2012-09-05 09:45 . 2011-10-09 13:55	746984	----a-w-	c:\windows\system32\deployJava1.dll
2012-09-05 09:42 . 2012-04-28 08:53	696520	----a-w-	c:\windows\system32\FlashPlayerApp.exe
2012-09-05 09:42 . 2011-10-09 14:33	73416	----a-w-	c:\windows\system32\FlashPlayerCPLApp.cpl
2012-07-04 14:02 . 2012-08-15 11:00	2047488	----a-w-	c:\windows\system32\win32k.sys
2012-09-11 09:43 . 2011-10-09 13:40	266720	----a-w-	c:\program files\mozilla firefox\components\browsercomps.dll
.
.
((((((((((((((((((((((((((((   Autostartpunkte der Registrierung   ))))))))))))))))))))))))))))))))))))))))
.
.
*Hinweis* leere Einträge & legitime Standardeinträge werden nicht angezeigt. 
REGEDIT4
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt1]
@="{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}]
2012-02-15 00:32	94208	----a-w-	c:\users\konstrukt\AppData\Roaming\Dropbox\bin\DropboxExt.14.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt2]
@="{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}]
2012-02-15 00:32	94208	----a-w-	c:\users\konstrukt\AppData\Roaming\Dropbox\bin\DropboxExt.14.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt3]
@="{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}]
2012-02-15 00:32	94208	----a-w-	c:\users\konstrukt\AppData\Roaming\Dropbox\bin\DropboxExt.14.dll
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Vidalia"="c:\program files\Vidalia Bundle\Vidalia\vidalia.exe" [2011-08-28 5402115]
"Allway Sync"="c:\program files\Allway Sync\Bin\syncappw.exe" [2011-09-12 94112]
"Sidebar"="c:\program files\Windows Sidebar\sidebar.exe" [2009-04-10 1233920]
"Skype"="c:\program files\Skype\Phone\Skype.exe" [2012-07-13 17418928]
"ISUSPM"="c:\program files\Common Files\InstallShield\UpdateService\ISUSPM.exe" [2006-05-16 213936]
"Battery-Tool"="d:\downloads\Battery-Tool.exe" [2012-09-06 412672]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SiSTray"="c:\program files\SiS VGA Utilities\SiSTray.exe" [2007-08-14 552960]
"RtHDVCpl"="RtHDVCpl.exe" [2007-08-09 4702208]
"SynTPEnh"="c:\program files\Synaptics\SynTP\SynTPEnh.exe" [2007-05-10 869936]
"TouchPadHotKey"="c:\program files\FSC\TouchPad HotKey Utility\TouchPad_HotKey.exe" [2007-08-13 364544]
"Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2012-07-27 919008]
"Monitor"="c:\windows\PixArt\PAC207\Monitor.exe" [2006-11-03 319488]
"APSDaemon"="c:\program files\Common Files\Apple\Apple Application Support\APSDaemon.exe" [2011-09-27 59240]
"QuickTime Task"="c:\program files\QuickTime\QTTask.exe" [2011-10-24 421888]
"HP Software Update"="c:\program files\HP\HP Software Update\HPWuSchd2.exe" [2006-12-10 49152]
"SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2012-07-03 252848]
"avgnt"="c:\program files\Avira\AntiVir Desktop\avgnt.exe" [2012-07-18 348664]
.
c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
WirelessSelector.lnk - c:\program files\FSC\Wireless Utility\WirelessSelector.exe [2011-10-9 650752]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"EnableUIADesktopToggle"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"aux"=wdmaud.drv
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\avgnt]
2012-07-18 16:04	348664	----a-w-	c:\program files\Avira\AntiVir Desktop\avgnt.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\KeePass 2 PreLoad]
2011-07-12 08:01	1764352	----a-w-	c:\program files\KeePass Password Safe 2\KeePass.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Skytel]
2007-08-03 11:22	1826816	----a-w-	c:\windows\SkyTel.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\VirtualCloneDrive]
2011-03-07 13:33	89456	----a-w-	c:\program files\VirtualCloneDrive\VCDDaemon.exe
.
R3 AdobeFlashPlayerUpdateSvc;Adobe Flash Player Update Service;c:\windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [x]
S2 AdobeARMservice;Adobe Acrobat Update Service;c:\program files\Common Files\Adobe\ARM\1.0\armsvc.exe [x]
.
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
LocalServiceNoNetwork	REG_MULTI_SZ   	PLA DPS BFE mpssvc
LocalServiceAndNoImpersonation	REG_MULTI_SZ   	FontCache
HPZ12	REG_MULTI_SZ   	Pml Driver HPZ12 Net Driver HPZ12
hpdevmgmt	REG_MULTI_SZ   	hpqcxs08 hpqddsvc
.
Inhalt des "geplante Tasks" Ordners
.
2012-10-01 c:\windows\Tasks\Adobe Flash Player Updater.job
- c:\windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [2012-04-28 09:42]
.
2012-09-30 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files\Google\Update\GoogleUpdate.exe [2012-08-01 16:40]
.
2012-10-01 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files\Google\Update\GoogleUpdate.exe [2012-08-01 16:40]
.
.
------- Zusätzlicher Suchlauf -------
.
uStart Page = hxxp://www.google.com
IE: &Citavi Picker... - file://c:\programdata\Swiss Academic Software\Citavi Picker\Internet Explorer\ShowContextMenu.html
TCP: DhcpNameServer = 192.168.0.1
FF - ProfilePath - c:\users\konstrukt\AppData\Roaming\Mozilla\Firefox\Profiles\8n9j3n9b.default\
FF - prefs.js: browser.search.selectedEngine - Google
FF - prefs.js: browser.startup.homepage - about:home
.
.
**************************************************************************
.
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, hxxp://www.gmer.net
Rootkit scan 2012-10-01 11:09
Windows 6.0.6002 Service Pack 2 NTFS
.
Scanne versteckte Prozesse... 
.
Scanne versteckte Autostarteinträge... 
.
Scanne versteckte Dateien... 
.
Scan erfolgreich abgeschlossen
versteckte Dateien: 0
.
**************************************************************************
.
--------------------- Gesperrte Registrierungsschluessel ---------------------
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\DbgagD\1*]
"value"="?\04\05\06\09$,e"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0001\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0002\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0003\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0004\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0005\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
--------------------- Durch laufende Prozesse gestartete DLLs ---------------------
.
- - - - - - - > 'Explorer.exe'(5024)
c:\users\konstrukt\AppData\Roaming\Dropbox\bin\DropboxExt.14.dll
.
Zeit der Fertigstellung: 2012-10-01  11:12:29
ComboFix-quarantined-files.txt  2012-10-01 09:12
.
Vor Suchlauf: 7 Verzeichnis(se), 11.357.327.360 Bytes frei
Nach Suchlauf: 11 Verzeichnis(se), 11.177.992.192 Bytes frei
.
- - End Of File - - 9C0FCE4342F9F0A57818720C7818702D
         
--- --- ---

Alt 01.10.2012, 13:35   #24
cosinus
/// Winkelfunktion
/// TB-Süch-Tiger™
 
searchnu.com/410 - Standard

searchnu.com/410



Bitte nun Logs mit GMER und OSAM erstellen und posten.
GMER stürzt häufiger ab, wenn das Tool auch beim 2. Mal nicht will, lass es einfach weg und führ nur OSAM aus - die Online-Abfrage durch OSAM bitte überspringen.
Bei OSAM bitte darauf auch achten, dass Du das Log auch als *.log und nicht *.html oder so abspeicherst.

Hinweis: Zum Entpacken von OSAM bitte WinRAR oder 7zip verwenden! Stell auch unbedingt den Virenscanner ab, besonders der Scanner von McAfee meldet oft einen Fehalarm in OSAM!

Downloade dir bitte aswMBR.exe und speichere die Datei auf deinem Desktop.
  • Starte die aswMBR.exe - (aswMBR.exe Anleitung)
    Ab Windows Vista (oder höher) bitte mit Rechtsklick "als Administrator ausführen" starten".
  • Das Tool wird dich fragen, ob Du mit der aktuellen Virendefinition von AVAST! dein System scannen willst. Beantworte diese Frage bitte mit Ja. (Sollte deine Firewall fragen, bitte den Zugriff auf das Internet zulassen )
    Der Download der Definitionen kann je nach Verbindung eine Weile dauern.
  • Klicke auf Scan.
  • Warte bitte bis Scan finished successfully im DOS-Fenster steht.
  • Drücke auf Save Log und speichere diese auf dem Desktop.
Poste mir die aswMBR.txt in deiner nächsten Antwort.

Wichtig: Drücke keinesfalls einen der Fix Buttons ohne Anweisung

Hinweis: Sollte der Scan Button ausgeblendet sein, schließe das Tool und starte es erneut. Sollte der Scan abbrechen und das Programm abstürzen, dann teile mir das mit und wähle unter AV Scan die Einstellung (none).



Noch ein Hinweis: Sollte aswMBR abstürzen und es kommt eine Meldung wie "aswMBR.exe funktioniert nicht mehr, dann mach Folgendes:
Starte aswMBR neu, wähle unten links im Drop-Down-Menü (unten links im Fenster von aswMBR) bei "AV scan" (none) aus und klick nochmal auf den Scan-Button.
__________________
Logfiles bitte immer in CODE-Tags posten

Alt 01.10.2012, 15:16   #25
Hina
 
searchnu.com/410 - Standard

searchnu.com/410



Hier schon mal die logs von GMER und Osam...

GMER Logfile:
Code:
ATTFilter
GMER 1.0.15.15641 - hxxp://www.gmer.net
Rootkit scan 2012-10-01 16:01:12
Windows 6.0.6002 Service Pack 2 Harddisk0\DR0 -> \Device\Ide\IdeDeviceP1T0L0-1 WDC_WD1200BEVS-22UST0 rev.01.01A01
Running: g60modso.exe; Driver: C:\Users\KONSTR~1\AppData\Local\Temp\ffldruow.sys


---- System - GMER 1.0.15 ----

SSDT            8A308506                                                                                            ZwCreateSection
SSDT            8A308510                                                                                            ZwRequestWaitReplyPort
SSDT            8A30850B                                                                                            ZwSetContextThread
SSDT            8A308515                                                                                            ZwSetSecurityObject
SSDT            8A30851A                                                                                            ZwSystemDebugControl
SSDT            8A3084A7                                                                                            ZwTerminateProcess

---- Kernel code sections - GMER 1.0.15 ----

.text           ntkrnlpa.exe!KeSetEvent + 215                                                                       820E98D8 4 Bytes  [06, 85, 30, 8A]
.text           ntkrnlpa.exe!KeSetEvent + 539                                                                       820E9BFC 4 Bytes  [10, 85, 30, 8A]
.text           ntkrnlpa.exe!KeSetEvent + 56D                                                                       820E9C30 4 Bytes  [0B, 85, 30, 8A]
.text           ntkrnlpa.exe!KeSetEvent + 5D1                                                                       820E9C94 4 Bytes  [15, 85, 30, 8A]
.text           ntkrnlpa.exe!KeSetEvent + 619                                                                       820E9CDC 4 Bytes  [1A, 85, 30, 8A]
.text           ...                                                                                                 

---- User IAT/EAT - GMER 1.0.15 ----

IAT             C:\Windows\Explorer.EXE[624] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdiplusShutdown]                [74BE7817] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6002.18581_none_9e591052ca1013d0\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT             C:\Windows\Explorer.EXE[624] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipCloneImage]                 [74C2B4E9] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6002.18581_none_9e591052ca1013d0\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT             C:\Windows\Explorer.EXE[624] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipDrawImageRectI]             [74BEBB22] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6002.18581_none_9e591052ca1013d0\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT             C:\Windows\Explorer.EXE[624] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipSetInterpolationMode]       [74BDF695] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6002.18581_none_9e591052ca1013d0\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT             C:\Windows\Explorer.EXE[624] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdiplusStartup]                 [74BE75E9] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6002.18581_none_9e591052ca1013d0\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT             C:\Windows\Explorer.EXE[624] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipCreateFromHDC]              [74BDE7CA] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6002.18581_none_9e591052ca1013d0\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT             C:\Windows\Explorer.EXE[624] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipCreateBitmapFromStreamICM]  [74C173F5] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6002.18581_none_9e591052ca1013d0\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT             C:\Windows\Explorer.EXE[624] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipCreateBitmapFromStream]     [74BEDA60] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6002.18581_none_9e591052ca1013d0\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT             C:\Windows\Explorer.EXE[624] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipGetImageHeight]             [74BDFFFA] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6002.18581_none_9e591052ca1013d0\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT             C:\Windows\Explorer.EXE[624] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipGetImageWidth]              [74BDFF61] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6002.18581_none_9e591052ca1013d0\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT             C:\Windows\Explorer.EXE[624] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipDisposeImage]               [74BD71CF] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6002.18581_none_9e591052ca1013d0\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT             C:\Windows\Explorer.EXE[624] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipLoadImageFromFileICM]       [74C6CAE2] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6002.18581_none_9e591052ca1013d0\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT             C:\Windows\Explorer.EXE[624] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipLoadImageFromFile]          [74C0C8D8] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6002.18581_none_9e591052ca1013d0\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT             C:\Windows\Explorer.EXE[624] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipDeleteGraphics]             [74BDD968] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6002.18581_none_9e591052ca1013d0\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT             C:\Windows\Explorer.EXE[624] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipFree]                       [74BD6853] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6002.18581_none_9e591052ca1013d0\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT             C:\Windows\Explorer.EXE[624] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipAlloc]                      [74BD687E] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6002.18581_none_9e591052ca1013d0\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT             C:\Windows\Explorer.EXE[624] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipSetCompositingMode]         [74BE2AD1] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6002.18581_none_9e591052ca1013d0\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)

---- Devices - GMER 1.0.15 ----

AttachedDevice  \Driver\kbdclass \Device\KeyboardClass0                                                             Wdf01000.sys (WDF Dynamic/Microsoft Corporation)
AttachedDevice  \Driver\kbdclass \Device\KeyboardClass1                                                             Wdf01000.sys (WDF Dynamic/Microsoft Corporation)

---- EOF - GMER 1.0.15 ----
         
--- --- ---


Code:
ATTFilter
 OSAM Logfile:
Code:
ATTFilter
Report of OSAM: Autorun Manager v5.0.11926.0
hxxp://www.online-solutions.ru/en/
Saved at 16:10:56 on 01.10.2012

OS: Windows Vista Business Edition Service Pack 2 (Build 6002), 32-bit
Default Browser: Mozilla Corporation Firefox 15.0.1

Scanner Settings
[x] Rootkits detection (hidden registry)
[x] Rootkits detection (hidden files)
[x] Retrieve files information
[x] Check Microsoft signatures

Filters
[ ] Trusted entries
[ ] Empty entries
[x] Hidden registry entries (rootkit activity)
[x] Exclusively opened files
[x] Not found files
[x] Files without detailed information
[x] Existing files
[ ] Non-startable services
[ ] Non-startable drivers
[x] Active entries
[x] Disabled entries


[Common]
-----( %SystemRoot%\Tasks )-----
"GoogleUpdateTaskMachineCore.job" - "Google Inc." - C:\Program Files\Google\Update\GoogleUpdate.exe
"GoogleUpdateTaskMachineUA.job" - "Google Inc." - C:\Program Files\Google\Update\GoogleUpdate.exe
"Adobe Flash Player Updater.job" - "Adobe Systems Incorporated" - C:\Windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe

[Control Panel Objects]
-----( %SystemRoot%\system32 )-----
"FlashPlayerCPLApp.cpl" - "Adobe Systems Incorporated" - C:\Windows\system32\FlashPlayerCPLApp.cpl
"ISUSPM.cpl" - "Macrovision Corporation" - C:\Windows\system32\ISUSPM.cpl
-----( HKLM\Software\Microsoft\Windows\CurrentVersion\Control Panel\Cpls )-----
"QuickTime" - "Apple Inc." - C:\Program Files\QuickTime\QTSystem\QuickTime.cpl

[Drivers]
-----( HKLM\SYSTEM\CurrentControlSet\Services )-----
"avgntflt" (avgntflt) - "Avira GmbH" - C:\Windows\System32\DRIVERS\avgntflt.sys
"avipbb" (avipbb) - "Avira GmbH" - C:\Windows\System32\DRIVERS\avipbb.sys
"avkmgr" (avkmgr) - "Avira GmbH" - C:\Windows\System32\DRIVERS\avkmgr.sys
"catchme" (catchme) - ? - C:\Users\KONSTR~1\AppData\Local\Temp\catchme.sys  (File not found)
"DgiVecp" (DgiVecp) - "Samsung Electronics Co., Ltd." - C:\Windows\system32\Drivers\DgiVecp.sys
"ElbyCDIO Driver" (ElbyCDIO) - "Elaborate Bytes AG" - C:\Windows\System32\Drivers\ElbyCDIO.sys
"Ext2fs" (Ext2fs) - "Stephan Schreiber" - C:\Windows\System32\DRIVERS\ext2fs.sys
"ffldruow" (ffldruow) - ? - C:\Users\KONSTR~1\AppData\Local\Temp\ffldruow.sys  (Hidden registry entry, rootkit activity | File not found)
"IfsMount" (IfsMount) - "Stephan Schreiber" - C:\Windows\System32\DRIVERS\ifsmount.sys
"IP in IP Tunnel Driver" (IpInIp) - ? - C:\Windows\System32\DRIVERS\ipinip.sys  (File not found)
"IPX Traffic Filter Driver" (NwlnkFlt) - ? - C:\Windows\System32\DRIVERS\nwlnkflt.sys  (File not found)
"IPX Traffic Forwarder Driver" (NwlnkFwd) - ? - C:\Windows\System32\DRIVERS\nwlnkfwd.sys  (File not found)
"NTPort Library Driver" (zntport) - "Zeal SoftStudio" - C:\Windows\system32\drivers\zntport.sys
"Sony Ericsson Device 039 Driver driver (WDM)" (SE27bus) - "MCCI" - C:\Windows\System32\DRIVERS\SE27bus.sys
"ssmdrv" (ssmdrv) - "Avira GmbH" - C:\Windows\System32\DRIVERS\ssmdrv.sys
"SSPORT" (SSPORT) - "Samsung Electronics" - C:\Windows\system32\Drivers\SSPORT.sys
"truecrypt" (truecrypt) - "TrueCrypt Foundation" - C:\Windows\System32\drivers\truecrypt.sys

[Explorer]
-----( HKCU\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved )-----
{FB314ED9-A251-47B7-93E1-CDD82E34AF8B} "DropboxExt" - ? -   (File not found | COM-object registry key not found)
{FB314EDA-A251-47B7-93E1-CDD82E34AF8B} "DropboxExt" - ? -   (File not found | COM-object registry key not found)
{FB314EDB-A251-47B7-93E1-CDD82E34AF8B} "DropboxExt" - ? -   (File not found | COM-object registry key not found)
{FB314EDC-A251-47B7-93E1-CDD82E34AF8B} "DropboxExt" - ? -   (File not found | COM-object registry key not found)
-----( HKLM\Software\Classes\Folder\shellex\ColumnHandlers )-----
{F9DB5320-233E-11D1-9F84-707F02C10627} "PDF Shell Extension" - "Adobe Systems, Inc." - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\PDFShell.dll
{C52AF81D-F7A0-4AAB-8E87-F80A60CCD396} "{C52AF81D-F7A0-4AAB-8E87-F80A60CCD396}" - ? - C:\Program Files\OpenOffice.org 3\Basis\program\shlxthdl\shlxthdl.dll
-----( HKLM\Software\Classes\Protocols\Handler )-----
{FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} "IEProtocolHandler Class" - "Skype Technologies" - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
{91774881-D725-4E58-B298-07617B9B86A8} "Skype IE add-on Pluggable Protocol" - "Skype Technologies S.A." - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
-----( HKLM\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved )-----
{911051fa-c21c-4246-b470-070cd8df6dc4} ".cab or .zip files" - ? -   (File not found | COM-object registry key not found)
{23170F69-40C1-278A-1000-000100020000} "7-Zip Shell Extension" - "Igor Pavlov" - C:\Program Files\7-Zip\7-zip.dll
{1b24a030-9b20-49bc-97ac-1be4426f9e59} "ActiveDirectory Folder" - ? -   (File not found | COM-object registry key not found)
{34449847-FD14-4fc8-A75A-7432F5181EFB} "ActiveDirectory Folder" - ? -   (File not found | COM-object registry key not found)
{0F8604A5-4ECE-4DE1-BA7D-CF10F8AA4F48} "Contacts folder" - ? -   (File not found | COM-object registry key not found)
{2C2577C2-63A7-40e3-9B7F-586602617ECB} "Explorer Query Band" - ? -   (File not found | COM-object registry key not found)
{FAC3CBF6-8697-43d0-BAB9-DCD1FCE19D75} "IE User Assist" - ? -   (File not found | COM-object registry key not found)
{00020d75-0000-0000-c000-000000000046} "lnkfile" - ? -   (File not found | COM-object registry key not found)
{C52AF81D-F7A0-4AAB-8E87-F80A60CCD396} "OpenOffice.org Column Handler" - ? - C:\Program Files\OpenOffice.org 3\Basis\program\shlxthdl\shlxthdl.dll
{087B3AE3-E237-4467-B8DB-5A38AB959AC9} "OpenOffice.org Infotip Handler" - ? - C:\Program Files\OpenOffice.org 3\Basis\program\shlxthdl\shlxthdl.dll
{AE424E85-F6DF-4910-A6A9-438797986431} "OpenOffice.org Property Handler" - ? - C:\Program Files\OpenOffice.org 3\Basis\program\shlxthdl\propertyhdl.dll
{63542C48-9552-494A-84F7-73AA6A7C99C1} "OpenOffice.org Property Sheet Handler" - ? - C:\Program Files\OpenOffice.org 3\Basis\program\shlxthdl\shlxthdl.dll
{3B092F0C-7696-40E3-A80F-68D74DA84210} "OpenOffice.org Thumbnail Viewer" - ? - C:\Program Files\OpenOffice.org 3\Basis\program\shlxthdl\shlxthdl.dll
{C8494E42-ACDD-4739-B0FB-217361E4894F} "Sam Account Folder" - ? -   (File not found | COM-object registry key not found)
{E29F9716-5C08-4FCD-955A-119FDB5A522D} "Sam Account Folder" - ? -   (File not found | COM-object registry key not found)
{45AC2688-0253-4ED8-97DE-B5370FA7D48A} "Shell Extension for Malware scanning" - "Avira Operations GmbH & Co. KG" - C:\Program Files\Avira\AntiVir Desktop\shlext.dll
{B7056B8E-4F99-44f8-8CBD-282390FE5428} "VirtualCloneDrive Shell Extension" - "Elaborate Bytes AG" - C:\Program Files\VirtualCloneDrive\ElbyVCDShell.dll
{da67b8ad-e81b-4c70-9b91b417b5e33527} "Windows Search Shell Service" - ? -   (File not found | COM-object registry key not found)
{B41DB860-8EE4-11D2-9906-E49FADC173CA} "WinRAR" - "Alexander Roshal" - C:\Program Files\WinRAR\rarext.dll
{E0D79304-84BE-11CE-9641-444553540000} "WinZip" - "WinZip Computing, S.L." - C:\Program Files\WinZip\wzshlstb.dll
{E0D79305-84BE-11CE-9641-444553540000} "WinZip" - "WinZip Computing, S.L." - C:\Program Files\WinZip\wzshlstb.dll
{E0D79306-84BE-11CE-9641-444553540000} "WinZip" - "WinZip Computing, S.L." - C:\Program Files\WinZip\wzshlstb.dll
{E0D79307-84BE-11CE-9641-444553540000} "WinZip" - "WinZip Computing, S.L." - C:\Program Files\WinZip\wzshlstb.dll

[Internet Explorer]
-----( HKCU\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser )-----
<binary data> "ITBar7Layout" - ? -   (File not found | COM-object registry key not found)
-----( HKLM\SOFTWARE\Microsoft\Code Store Database\Distribution Units )-----
{CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA} "Java Plug-in 1.6.0_22" - "Oracle Corporation" - C:\Program Files\Java\jre7\bin\jp2iexp.dll / hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_22-windows-i586.cab
{CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} "Java Plug-in 10.7.2" - "Oracle Corporation" - C:\Program Files\Java\jre7\bin\jp2iexp.dll / hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_22-windows-i586.cab
{8AD9C840-044E-11D1-B3E9-00805F499D93} "{8AD9C840-044E-11D1-B3E9-00805F499D93}" - "Oracle Corporation" - C:\Program Files\Java\jre7\bin\jp2iexp.dll / hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_22-windows-i586.cab
-----( HKLM\SOFTWARE\Microsoft\Internet Explorer\Extensions )-----
{898EA8C8-E7FF-479B-8935-AEC46303B9E5} "Skype Click to Call" - "Skype Technologies S.A." - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
-----( HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects )-----
{18DF081C-E8AD-4283-A596-FA578C2EBDC3} "Adobe PDF Link Helper" - "Adobe Systems Incorporated" - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
{DBC80044-A445-435b-BC74-9C25C1C588A9} "Java(tm) Plug-In 2 SSV Helper" - "Oracle Corporation" - C:\Program Files\Java\jre7\bin\jp2ssv.dll
{761497BB-D6F0-462C-B6EB-D4DAF1D92D43} "Java(tm) Plug-In SSV Helper" - "Oracle Corporation" - C:\Program Files\Java\jre7\bin\ssv.dll
{AE805869-2E5C-4ED4-8F7B-F1F7851A4497} "Skype Browser Helper" - "Skype Technologies S.A." - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll

[Logon]
-----( %AllUsersProfile%\Microsoft\Windows\Start Menu\Programs\Startup )-----
"desktop.ini" - ? - C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\desktop.ini
"WirelessSelector.lnk" - "ITE Tech Inc." - C:\Program Files\FSC\Wireless Utility\WirelessSelector.exe  (Shortcut exists | File exists)
-----( HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Run )-----
"Allway Sync" - ? - "C:\Program Files\Allway Sync\Bin\syncappw.exe" -m
"Battery-Tool" - "Sciper" - D:\Downloads\Battery-Tool.exe
"ISUSPM" - "Macrovision Corporation" - "C:\Program Files\Common Files\InstallShield\UpdateService\ISUSPM.exe" -scheduler
"Skype" - "Skype Technologies S.A." - "C:\Program Files\Skype\Phone\Skype.exe" /minimized /regrun
"Vidalia" - ? - "C:\Program Files\Vidalia Bundle\Vidalia\vidalia.exe"
-----( HKLM\Software\Microsoft\Windows\CurrentVersion\Run )-----
"Adobe ARM" - "Adobe Systems Incorporated" - "C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
"APSDaemon" - "Apple Inc." - "C:\Program Files\Common Files\Apple\Apple Application Support\APSDaemon.exe"
"avgnt" - "Avira Operations GmbH & Co. KG" - "C:\Program Files\Avira\AntiVir Desktop\avgnt.exe" /min
"HP Software Update" - "Hewlett-Packard Co." - C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
"QuickTime Task" - "Apple Inc." - "C:\Program Files\QuickTime\QTTask.exe" -atboottime
"SiSTray" - "Silicon Integrated Systems Corporation" - %ProgramFiles%\SiS VGA Utilities\SiSTray.exe
"SunJavaUpdateSched" - "Sun Microsystems, Inc." - "C:\Program Files\Common Files\Java\Java Update\jusched.exe"
"TouchPadHotKey" - ? - C:\Program Files\FSC\TouchPad HotKey Utility\TouchPad_HotKey.exe

[Print Monitors]
-----( HKLM\SYSTEM\CurrentControlSet\Control\Print\Monitors )-----
"HP Discovery Port Monitor (HP Officejet 6500 E710n-z)" - "Hewlett-Packard Co." - C:\Windows\system32\HPDiscoPM5412.dll
"PDFCreator" - ? - C:\Windows\system32\pdfcmnnt.dll  (File found, but it contains no detailed information)

[Services]
-----( HKLM\SYSTEM\CurrentControlSet\Services )-----
"@C:\Windows\Microsoft.NET\Framework\v4.0.30319\WPF\WPFFontCache_v0400.exe,-100" (WPFFontCache_v0400) - "Microsoft Corporation" - C:\Windows\Microsoft.NET\Framework\v4.0.30319\WPF\WPFFontCache_v0400.exe
"Adobe Acrobat Update Service" (AdobeARMservice) - "Adobe Systems Incorporated" - C:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe
"Adobe Flash Player Update Service" (AdobeFlashPlayerUpdateSvc) - "Adobe Systems Incorporated" - C:\Windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe
"Avira Echtzeit Scanner" (AntiVirService) - "Avira Operations GmbH & Co. KG" - C:\Program Files\Avira\AntiVir Desktop\avguard.exe
"Avira Planer" (AntiVirSchedulerService) - "Avira Operations GmbH & Co. KG" - C:\Program Files\Avira\AntiVir Desktop\sched.exe
"Google Update-Dienst (gupdate)" (gupdate) - "Google Inc." - C:\Program Files\Google\Update\GoogleUpdate.exe
"Google Update-Dienst (gupdatem)" (gupdatem) - "Google Inc." - C:\Program Files\Google\Update\GoogleUpdate.exe
"HP CUE DeviceDiscovery Service" (hpqddsvc) - "Hewlett-Packard Co." - C:\Program Files\HP\Digital Imaging\bin\hpqddsvc.dll
"hpqcxs08" (hpqcxs08) - "Hewlett-Packard Co." - C:\Program Files\HP\Digital Imaging\bin\hpqcxs08.dll
"Microsoft .NET Framework NGEN v4.0.30319_X86" (clr_optimization_v4.0.30319_32) - "Microsoft Corporation" - C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe
"Mozilla Maintenance Service" (MozillaMaintenance) - "Mozilla Foundation" - C:\Program Files\Mozilla Maintenance Service\maintenanceservice.exe
"Net Driver HPZ12" (Net Driver HPZ12) - "Hewlett-Packard" - C:\Windows\system32\HPZinw12.dll
"Pml Driver HPZ12" (Pml Driver HPZ12) - "Hewlett-Packard" - C:\Windows\system32\HPZipm12.dll
"Skype C2C Service" (Skype C2C Service) - "Skype Technologies S.A." - C:\ProgramData\Skype\Toolbars\Skype C2C Service\c2c_service.exe
"Skype Updater" (SkypeUpdate) - "Skype Technologies" - C:\Program Files\Skype\Updater\Updater.exe
"Sony Ericsson OMSI download service" (OMSI download service) - ? - C:\Program Files\Sony Ericsson\Sony Ericsson PC Suite\SupServ.exe  (File found, but it contains no detailed information)
"Sony PC Companion" (Sony PC Companion) - "Avanquest Software" - C:\Program Files\Sony\Sony PC Companion\PCCService.exe

===[ Logfile end ]=========================================[ Logfile end ]===
         
--- --- --- If You have questions or want to get some help, You can visit hxxp://forum.online-solutions.ru

Alt 01.10.2012, 15:25   #26
cosinus
/// Winkelfunktion
/// TB-Süch-Tiger™
 
searchnu.com/410 - Standard

searchnu.com/410



aswMBR schon fertig?
__________________
Logfiles bitte immer in CODE-Tags posten

Alt 01.10.2012, 16:11   #27
Hina
 
searchnu.com/410 - Standard

searchnu.com/410



und hier der aswMBR scan:

Code:
ATTFilter
aswMBR version 0.9.9.1665 Copyright(c) 2011 AVAST Software
Run date: 2012-10-01 16:17:19
-----------------------------
16:17:19.041    OS Version: Windows 6.0.6002 Service Pack 2
16:17:19.041    Number of processors: 2 586 0xF0D
16:17:19.041    ComputerName: KONSTRUKT-PC  UserName: konstrukt
16:17:20.211    Initialize success
16:18:24.881    AVAST engine defs: 12100100
16:27:42.487    Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\Ide\IdeDeviceP1T0L0-1
16:27:42.487    Disk 0 Vendor: WDC_WD1200BEVS-22UST0 01.01A01 Size: 114473MB BusType: 3
16:27:42.705    Disk 0 MBR read successfully
16:27:42.721    Disk 0 MBR scan
16:27:42.768    Disk 0 Windows VISTA default MBR code
16:27:42.830    Disk 0 Partition 1 80 (A) 07    HPFS/NTFS NTFS        44444 MB offset 2048
16:27:42.908    Disk 0 Partition 2 00     07    HPFS/NTFS NTFS        70027 MB offset 91023360
16:27:43.033    Disk 0 scanning sectors +234438656
16:27:43.548    Disk 0 scanning C:\Windows\system32\drivers
16:29:25.868    Service scanning
16:29:55.103    Modules scanning
16:31:40.605    Disk 0 trace - called modules:
16:31:40.683    ntkrnlpa.exe CLASSPNP.SYS disk.sys acpi.sys hal.dll ataport.SYS pciide.sys PCIIDEX.SYS atapi.sys 
16:31:40.699    1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0x853c8298]
16:31:40.715    3 CLASSPNP.SYS[87bc68b3] -> nt!IofCallDriver -> [0x84d26918]
16:31:40.730    5 acpi.sys[806976bc] -> nt!IofCallDriver -> \Device\Ide\IdeDeviceP1T0L0-1[0x84d115e0]
16:31:41.323    AVAST engine scan C:\Windows
16:32:28.513    AVAST engine scan C:\Windows\system32
16:47:03.501    AVAST engine scan C:\Windows\system32\drivers
16:47:23.391    AVAST engine scan C:\Users\konstrukt
16:51:38.997    AVAST engine scan C:\ProgramData
16:54:24.045    Scan finished successfully
17:09:16.943    Disk 0 MBR has been saved successfully to "C:\Users\konstrukt\Desktop\MBR.dat"
17:09:16.958    The log file has been saved successfully to "C:\Users\konstrukt\Desktop\aswMBR.txt"
         
danke!!!

Alt 02.10.2012, 11:19   #28
cosinus
/// Winkelfunktion
/// TB-Süch-Tiger™
 
searchnu.com/410 - Standard

searchnu.com/410



Sieht ok aus. Wir sollten fast durch sein. Mach bitte zur Kontrolle Vollscans mit Malwarebytes und SUPERAntiSpyware und poste die Logs.
Denk dran beide Tools zu updaten vor dem Scan!!
__________________
Logfiles bitte immer in CODE-Tags posten

Alt 03.10.2012, 08:40   #29
Hina
 
searchnu.com/410 - Standard

searchnu.com/410



Guten Morgen, hat etwas gedauert...
Das ist ja sehr erfreulich, dass wir uns dem Ende nähern!

Hier die SUPERAntiSpyware log
Code:
ATTFilter
SUPERAntiSpyware Scan Log
hxxp://www.superantispyware.com

Generated 10/03/2012 at 01:35 AM

Application Version : 5.5.1022

Core Rules Database Version : 9329
Trace Rules Database Version: 7141

Scan type       : Complete Scan
Total Scan Time : 01:19:07

Operating System Information
Windows Vista Business 32-bit, Service Pack 2 (Build 6.00.6002)
UAC On - Administrator

Memory items scanned      : 639
Memory threats detected   : 0
Registry items scanned    : 33755
Registry threats detected : 0
File items scanned        : 59422
File threats detected     : 43

Adware.Tracking Cookie
	C:\Users\konstrukt\AppData\Roaming\Microsoft\Windows\Cookies\BZLVGZTU.txt [ /doubleclick.net ]
	C:\Users\konstrukt\AppData\Roaming\Microsoft\Windows\Cookies\N4XLE32E.txt [ /atdmt.com ]
	C:\Users\konstrukt\AppData\Roaming\Microsoft\Windows\Cookies\FAOAUQNK.txt [ /adfarm1.adition.com ]
	C:\Users\konstrukt\AppData\Roaming\Microsoft\Windows\Cookies\SHKF72JX.txt [ /zanox.com ]
	C:\Users\konstrukt\AppData\Roaming\Microsoft\Windows\Cookies\Q2MCWAEP.txt [ /mediaplex.com ]
	C:\Users\konstrukt\AppData\Roaming\Microsoft\Windows\Cookies\VDY0MMUL.txt [ /ad.zanox.com ]
	C:\Users\konstrukt\AppData\Roaming\Microsoft\Windows\Cookies\SK4978YC.txt [ /c.atdmt.com ]
	C:\Users\konstrukt\AppData\Roaming\Microsoft\Windows\Cookies\B05KJEN0.txt [ /apmebf.com ]
	C:\Users\konstrukt\AppData\Roaming\Microsoft\Windows\Cookies\CI7J6TL5.txt [ /atdmt.com ]
	C:\Users\konstrukt\AppData\Roaming\Microsoft\Windows\Cookies\ITYKV0KJ.txt [ /imrworldwide.com ]
	C:\Users\konstrukt\AppData\Roaming\Microsoft\Windows\Cookies\EGVK3TA0.txt [ /ad1.adfarm1.adition.com ]
	C:\Users\konstrukt\AppData\Roaming\Microsoft\Windows\Cookies\4JIBRW3S.txt [ /fastclick.net ]
	C:\USERS\KONSTRUKT\Cookies\BZLVGZTU.txt [ Cookie:konstrukt@doubleclick.net/ ]
	C:\USERS\KONSTRUKT\Cookies\N4XLE32E.txt [ Cookie:konstrukt@atdmt.com/ ]
	C:\USERS\KONSTRUKT\Cookies\SHKF72JX.txt [ Cookie:konstrukt@zanox.com/ ]
	C:\USERS\KONSTRUKT\Cookies\VDY0MMUL.txt [ Cookie:konstrukt@ad.zanox.com/ ]
	C:\USERS\KONSTRUKT\Cookies\SK4978YC.txt [ Cookie:konstrukt@c.atdmt.com/ ]
	C:\USERS\KONSTRUKT\Cookies\B05KJEN0.txt [ Cookie:konstrukt@apmebf.com/ ]
	C:\USERS\KONSTRUKT\Cookies\CI7J6TL5.txt [ Cookie:konstrukt@atdmt.com/ ]
	C:\USERS\KONSTRUKT\Cookies\ITYKV0KJ.txt [ Cookie:konstrukt@imrworldwide.com/cgi-bin ]
	C:\USERS\KONSTRUKT\Cookies\4JIBRW3S.txt [ Cookie:konstrukt@fastclick.net/ ]
	.imrworldwide.com [ C:\USERS\KONSTRUKT\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\8N9J3N9B.DEFAULT\COOKIES.SQLITE ]
	.imrworldwide.com [ C:\USERS\KONSTRUKT\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\8N9J3N9B.DEFAULT\COOKIES.SQLITE ]
	.xiti.com [ C:\USERS\KONSTRUKT\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\8N9J3N9B.DEFAULT\COOKIES.SQLITE ]
	de.sitestat.com [ C:\USERS\KONSTRUKT\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\8N9J3N9B.DEFAULT\COOKIES.SQLITE ]
	de.sitestat.com [ C:\USERS\KONSTRUKT\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\8N9J3N9B.DEFAULT\COOKIES.SQLITE ]
	www.bluecounter.de [ C:\USERS\KONSTRUKT\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\8N9J3N9B.DEFAULT\COOKIES.SQLITE ]
	statse.webtrendslive.com [ C:\USERS\KONSTRUKT\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\8N9J3N9B.DEFAULT\COOKIES.SQLITE ]
	accounts.youtube.com [ C:\USERS\KONSTRUKT\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\8N9J3N9B.DEFAULT\COOKIES.SQLITE ]
	.statcounter.com [ C:\USERS\KONSTRUKT\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\8N9J3N9B.DEFAULT\COOKIES.SQLITE ]
	accounts.google.com [ C:\USERS\KONSTRUKT\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\8N9J3N9B.DEFAULT\COOKIES.SQLITE ]
	de.sitestat.com [ C:\USERS\KONSTRUKT\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\8N9J3N9B.DEFAULT\COOKIES.SQLITE ]
	www.tracker.com [ C:\USERS\KONSTRUKT\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\8N9J3N9B.DEFAULT\COOKIES.SQLITE ]
	www.tracker.com [ C:\USERS\KONSTRUKT\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\8N9J3N9B.DEFAULT\COOKIES.SQLITE ]
	www.countrymusicnews.de [ C:\USERS\KONSTRUKT\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\8N9J3N9B.DEFAULT\COOKIES.SQLITE ]
	media.video-mv.de [ C:\USERS\KONSTRUKT\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\8N9J3N9B.DEFAULT\COOKIES.SQLITE ]
	.deutschepostag.112.2o7.net [ C:\USERS\KONSTRUKT\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\8N9J3N9B.DEFAULT\COOKIES.SQLITE ]
	count.primawebtools.de [ C:\USERS\KONSTRUKT\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\8N9J3N9B.DEFAULT\COOKIES.SQLITE ]
	www.etracker.com [ C:\USERS\KONSTRUKT\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\8N9J3N9B.DEFAULT\COOKIES.SQLITE ]
	.estat.com [ C:\USERS\KONSTRUKT\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\8N9J3N9B.DEFAULT\COOKIES.SQLITE ]
	.doubleclick.net [ C:\USERS\KONSTRUKT\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\8N9J3N9B.DEFAULT\COOKIES.SQLITE ]
	.doubleclick.net [ C:\USERS\KONSTRUKT\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\8N9J3N9B.DEFAULT\COOKIES.SQLITE ]
	.apmebf.com [ C:\USERS\KONSTRUKT\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\8N9J3N9B.DEFAULT\COOKIES.SQLITE ]
         
und die Malwarebytes log
Code:
ATTFilter
 
Malwarebytes Anti-Malware 1.65.0.1400
www.malwarebytes.org

Datenbank Version: v2012.10.02.07

Windows Vista Service Pack 2 x86 NTFS
Internet Explorer 9.0.8112.16421
konstrukt :: KONSTRUKT-PC [Administrator]

02.10.2012 18:24:58
mbam-log-2012-10-02 (18-24-58).txt

Art des Suchlaufs: Vollständiger Suchlauf (C:\|D:\|E:\|J:\|)
Aktivierte Suchlaufeinstellungen: Speicher | Autostart | Registrierung | Dateisystem | Heuristiks/Extra | HeuristiKs/Shuriken | PUP | PUM
Deaktivierte Suchlaufeinstellungen: P2P
Durchsuchte Objekte: 305171
Laufzeit: 1 Stunde(n), 42 Minute(n), 47 Sekunde(n)

Infizierte Speicherprozesse: 0
(Keine bösartigen Objekte gefunden)

Infizierte Speichermodule: 0
(Keine bösartigen Objekte gefunden)

Infizierte Registrierungsschlüssel: 0
(Keine bösartigen Objekte gefunden)

Infizierte Registrierungswerte: 0
(Keine bösartigen Objekte gefunden)

Infizierte Dateiobjekte der Registrierung: 0
(Keine bösartigen Objekte gefunden)

Infizierte Verzeichnisse: 0
(Keine bösartigen Objekte gefunden)

Infizierte Dateien: 0
(Keine bösartigen Objekte gefunden)

(Ende)
         

Alt 03.10.2012, 18:42   #30
cosinus
/// Winkelfunktion
/// TB-Süch-Tiger™
 
searchnu.com/410 - Standard

searchnu.com/410



Sieht ok aus, da wurden nur Cookies gefunden.
Cookies sind keine Schädlinge direkt, aber es besteht die Gefahr der missbräuchlichen Verwendung (eindeutige Wiedererkennung zB für gezielte Werbung o.ä. => HTTP-Cookie )


Wegen Cookies und anderer Dinge im Web: Um die Pest von vornherein zu blocken (also TrackingCookies, Werbebanner etc.) müsstest du dir mal sowas wie MVPS Hosts File anschauen => Blocking Unwanted Parasites with a Hosts File - sinnvollerweise solltest du alle 4 Wochen mal bei MVPS nachsehen, ob er eine neue Hosts Datei herausgebracht hat.

Ansonsten gibt es noch gute Cookiemanager, Erweiterungen für den Firefox zB wäre da CookieCuller http://filepony.de/download-cookie_culler/
Wenn du aber damit leben kannst, dich bei jeder Browsersession überall neu einzuloggen (zB Facebook, Ebay, GMX, oder auch Trojaner-Board) dann stell den Browser einfach so ein, dass einfach alles beim Beenden des Browser inkl. Cookies gelöscht wird.

Ich halte es so, dass ich zum "wilden Surfen" den Opera-Browser oder Chromium unter meinem Linux verwende. Mein Hauptbrowser (Firefox) speichert nur die Cookies von den Sites die ich auch will, alles andere lehne ich manuell ab (der FF fragt mich immer) - die anderen Browser nehmen alles an Cookies zwar an, aber spätestens beim nächsten Start von Opera oder Chromium sind keine Cookies mehr da.

Ist dein System nun wieder in Ordnung oder gibt's noch andere Funde oder Probleme?
__________________
Logfiles bitte immer in CODE-Tags posten

Antwort

Themen zu searchnu.com/410
32 bit, 7-zip, audacity, autorun, avira, bandoo, bho, browser, canon, converter, desktop, error, flash player, format, google, home, install.exe, installation, mozilla, mp3, msiexec.exe, newtab, ntdll.dll, officejet, realtek, registry, rundll, scan, searchnu.com/410, security, software, sweetim, tcp, trojaner, vista, wma




Ähnliche Themen: searchnu.com/410


  1. Searchnu.com/410
    Plagegeister aller Art und deren Bekämpfung - 06.07.2013 (22)
  2. Searchnu.com , wie kriege ich es weg? :((
    Plagegeister aller Art und deren Bekämpfung - 21.04.2013 (12)
  3. searchnu.com/406 entfernen
    Log-Analyse und Auswertung - 03.04.2013 (17)
  4. www.searchnu.com/410
    Plagegeister aller Art und deren Bekämpfung - 29.01.2013 (11)
  5. searchnu.com/410 entfernen
    Plagegeister aller Art und deren Bekämpfung - 09.01.2013 (19)
  6. searchnu.com /413
    Plagegeister aller Art und deren Bekämpfung - 07.01.2013 (15)
  7. searchnu.com/410
    Mülltonne - 10.11.2012 (1)
  8. http://www.searchnu.com/413
    Plagegeister aller Art und deren Bekämpfung - 17.10.2012 (1)
  9. Searchnu.com/421...
    Plagegeister aller Art und deren Bekämpfung - 28.09.2012 (19)
  10. .searchnu.com/406
    Plagegeister aller Art und deren Bekämpfung - 15.09.2012 (28)
  11. trojaner searchnu 410
    Plagegeister aller Art und deren Bekämpfung - 13.09.2012 (3)
  12. Trojaner Searchnu - http://www.searchnu.com/413?tag=newtab
    Log-Analyse und Auswertung - 30.08.2012 (29)
  13. searchnu Trojaner
    Log-Analyse und Auswertung - 21.08.2012 (4)
  14. Trojaner /www.searchnu.com/406/
    Plagegeister aller Art und deren Bekämpfung - 05.07.2012 (1)
  15. Searchnu.com/410 als Startseite
    Log-Analyse und Auswertung - 01.07.2012 (7)
  16. Searchnu.com/410 als Startseite
    Plagegeister aller Art und deren Bekämpfung - 28.06.2012 (1)
  17. www.searchnu.com/413
    Log-Analyse und Auswertung - 21.05.2012 (9)

Zum Thema searchnu.com/410 - Mach bitte ein neues OTL-Log. Bitte alles nach Möglichkeit hier in CODE-Tags posten. Wird so gemacht: [code] hier steht das Log [/code] Und das ganze sieht dann so aus: Code: - searchnu.com/410...
Archiv
Du betrachtest: searchnu.com/410 auf Trojaner-Board

Search Engine Optimization by vBSEO ©2011, Crawlability, Inc.