Trojaner --> Java/Exploit.CVE-2012-1723.C

bootsie · 06.10.2012, 15:37

Hallo Trojaner-Board-Mitglieder,

Betriebssystem: Win7 32bit
AntiVirus: ESET Nod32 Antivirus mit Version 5.2.9.12, aktuelle Signaturdatenbank

heute morgen habe ich mit ESET Nod32 eine Smartprüfung bei dem Laptop meiner Freundin gemacht (Root, Arbeitsspeicher, C:/), dabei hat er 2 Infizierungen gefunden (siehe ESET Log)

Ursache und Dauer der Infizierung:
Die Ursache, woher der Virus kommen könnte, ist für mich nicht eindeutig. Ich hatte heute morgen aus Versehen eine "falsche" Amazon E-Mail über die GMX-Webseite aufgemacht, jedoch dort nichts angeklickt und gleich gelöscht. Deswegen hatte ich routinemäßig das AntiVirus angeschmissen, wo er die Infizierungen gefunden hatte.

Ob jedoch die Mail in direktem Zusammenhang zu der Infizierung steht, ist für mich unklar, weswegen die Dauer der Infizierung stark variieren kann.

Symptome:
Der Laptop zeigt keine Symptome bzw. bemerke ich nichts außergewöhnliches, aber wie ihr auch schreibt, das heißt ja nicht, dass der Laptop sauber ist.

Welche Schritte habe ich schon getätigt?:
ESET hat die 2 Infizierungen entfernt und dementsprechend sind sie noch in der Quarantäne. Das Log ist gleich unter dem Absatz.
Weitere eigenständige Schritte (außer vorsorglich wichtige Passwörter ändern) habe ich nicht unternommen.

Log ESET Nod32 Smartprüfung

Code:

ATTFilter

Log
Version der Signaturdatenbank: 7552 (20121005)
Datum: 06.10.2012  Uhrzeit: 08:25:11
Geprüfte Laufwerke, Ordner und Dateien: Arbeitsspeicher;Bootsektor;C:\Bootsektor;C:\
C:\hiberfil.sys - Fehler beim Öffnen  [4]
C:\pagefile.sys - Fehler beim Öffnen  [4]
C:\$Recycle.Bin\S-1-5-21-2411468370-942828688-1296837544-1000\$RGR4A0R.rar = RAR = sof-tbbt.s05e13.avi - Teildatei des gesplitteten Archivs nicht gefunden
C:\$Recycle.Bin\S-1-5-21-2411468370-942828688-1296837544-1000\$RJ9S4TI.rar = RAR = sof-tbbt.s05e15.avi - Teildatei des gesplitteten Archivs nicht gefunden
C:\$Recycle.Bin\S-1-5-21-2411468370-942828688-1296837544-1000\$RPZ5MRL.rar = RAR = sof-tbbt.s05e17.avi - Teildatei des gesplitteten Archivs nicht gefunden
C:\$Recycle.Bin\S-1-5-21-2411468370-942828688-1296837544-1000\$RW6PG1D.rar = RAR = sof-tbbt.s05e14.avi - Teildatei des gesplitteten Archivs nicht gefunden
C:\MSOCache\All Users\{90140000-0011-0000-0000-0000000FF1CE}-C\ProPsWW.cab = CAB = HIRING_REQUISITION_CUSTOMIZED.FDT = MIME - - OK (eingebettete Archive NICHT geprüft)
C:\MSOCache\All Users\{90140000-0011-0000-0000-0000000FF1CE}-C\ProPsWW.cab = CAB = PROCESS_LIBRARY.FDT = MIME - - OK (eingebettete Archive NICHT geprüft)
C:\MSOCache\All Users\{90140000-0011-0000-0000-0000000FF1CE}-C\ProPsWW.cab = CAB = TRACK_ISSUES.FDT = MIME - - OK (eingebettete Archive NICHT geprüft)
C:\MSOCache\All Users\{90140000-0011-0000-0000-0000000FF1CE}-C\ProPsWW2.cab = CAB = HIRING_REQUISITION.FDT = MIME - - OK (eingebettete Archive NICHT geprüft)
C:\MSOCache\All Users\{90140000-0011-0000-0000-0000000FF1CE}-C\ProPsWW2.cab = CAB = POLICIES.FDT = MIME - - OK (eingebettete Archive NICHT geprüft)
C:\Program Files\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms\FormsTemplates\POLICIES.FDT = MIME - - OK (eingebettete Archive NICHT geprüft)
C:\Users\***\AppData\Local\Mozilla\Firefox\Profiles\ag29r8e1.default\Cache.Trash29005\6\78\1E47Ed01 = GZIP = 1E47Ed01 - Fehler beim Lesen des Archivs
C:\Users\***\AppData\Local\Mozilla\Firefox\Profiles\ag29r8e1.default\Cache.Trash29005\6\7D\B116Bd01 = GZIP = B116Bd01 - Fehler beim Lesen des Archivs
C:\Users\***\AppData\Local\Mozilla\Firefox\Profiles\ag29r8e1.default\Cache.Trash29005\7\2A\D1C30d01 = GZIP = D1C30d01 - Fehler beim Lesen des Archivs
C:\Users\***\AppData\Local\Mozilla\Firefox\Profiles\ag29r8e1.default\Cache.Trash29005\7\A6\76262d01 = CWS = file.swf - Archiv beschädigt - Datei kann nicht extrahiert werden
C:\Users\***\AppData\Local\Mozilla\Firefox\Profiles\ag29r8e1.default\Cache.Trash29005\A\4C\A708Ed01 = GZIP = A708Ed01 - Fehler beim Lesen des Archivs
C:\Users\***\AppData\Local\Mozilla\Firefox\Profiles\ag29r8e1.default\Cache.Trash29005\A\FB\36925d01 = GZIP = 36925d01 - Fehler beim Lesen des Archivs
C:\Users\***\AppData\Local\Mozilla\Firefox\Profiles\ag29r8e1.default\Cache.Trash29005\C\6D\2F077d01 = GZIP = 2F077d01 - Fehler beim Lesen des Archivs
C:\Users\***\AppData\Local\Mozilla\Firefox\Profiles\ag29r8e1.default\Cache.Trash29005\D\60\D8E45d01 = GZIP = D8E45d01 - Fehler beim Lesen des Archivs
C:\Users\***\AppData\Local\Mozilla\Firefox\Profiles\ag29r8e1.default\Cache.Trash29005\E\2E\F507Cd01 = GZIP = F507Cd01 - Fehler beim Lesen des Archivs
C:\Users\***\AppData\Local\Temp\jre-6u35-windows-i586-iftw.exe = CAB = jusched - Archiv beschädigt - Datei kann nicht extrahiert werden
C:\Users\***\AppData\Local\Temp\jre-6u35-windows-i586-iftw.exe = CAB = task.xml - Archiv beschädigt - Datei kann nicht extrahiert werden
C:\Users\***\AppData\Local\Temp\jre-6u35-windows-i586-iftw.exe = CAB = task64.xml - Archiv beschädigt - Datei kann nicht extrahiert werden
C:\Users\***\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\16\78f1f6d0-26dbbe84 = ZIP = C2.class - Java/Exploit.CVE-2012-1723.C Trojaner
C:\Users\***\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\16\78f1f6d0-26dbbe84 = ZIP = C3.class - Variante von Java/Exploit.CVE-2012-1723.C Trojaner
C:\Users\***\Downloads\codeblocks-10.05mingw-setup.exe = NSIS = cb_share_config.exe - - OK
C:\Users\***\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\16\78f1f6d0-26dbbe84 = ZIP = C2.class - Java/Exploit.CVE-2012-1723.C Trojaner - war Teil des gelöschten Objekts
C:\Users\***\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\16\78f1f6d0-26dbbe84 = ZIP = C3.class - Variante von Java/Exploit.CVE-2012-1723.C Trojaner - war Teil des gelöschten Objekts
Geprüfte Objekte: 182157
Erkannte Bedrohungen: 2
Anzahl gesäuberter Objekte: 2
Abgeschlossen: 09:48:01  Benötigte Zeit: 4970 Sek. (01:22:50)

Hinweise:
[4] Objekt kann nicht geöffnet werden. Möglicherweise in Benutzung durch eine andere Anwendung oder das Betriebssystem.

Und nun noch die Logs, die ihr sicherlich benötigt

Überblick über das System:

1. Mit defogger wurde "disabled"

2. Log OTL

Code:

ATTFilter

OTL logfile created on: 06.10.2012 14:47:09 - Run 1
OTL by OldTimer - Version 3.2.69.0     Folder = C:\Users\***\Desktop
 Ultimate Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
 
1,99 Gb Total Physical Memory | 1,33 Gb Available Physical Memory | 66,60% Memory free
3,98 Gb Paging File | 3,15 Gb Available in Paging File | 79,23% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 148,10 Gb Total Space | 50,49 Gb Free Space | 34,10% Space Free | Partition Type: NTFS
Drive D: | 73,07 Gb Total Space | 17,87 Gb Free Space | 24,45% Space Free | Partition Type: NTFS
 
Computer Name: ***-PC | User Name: *** | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Quick Scan
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days
 
========== Processes (SafeList) ==========
 
PRC - [2012.10.06 14:45:28 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\***\Desktop\OTL.exe
PRC - [2012.08.31 16:02:02 | 002,754,984 | ---- | M] (TeamViewer GmbH) -- C:\Programme\TeamViewer\Version7\TeamViewer_Service.exe
PRC - [2012.03.24 22:00:34 | 003,246,040 | ---- | M] (Acronis) -- C:\Programme\Common Files\Acronis\CDP\afcdpsrv.exe
PRC - [2012.03.07 15:40:34 | 000,913,144 | ---- | M] (ESET) -- C:\Programme\ESET\ESET NOD32 Antivirus\ekrn.exe
PRC - [2012.03.07 15:40:28 | 003,117,344 | ---- | M] (ESET) -- C:\Programme\ESET\ESET NOD32 Antivirus\egui.exe
PRC - [2011.09.16 16:51:28 | 000,671,552 | ---- | M] (TuneUp Software) -- C:\Programme\TuneUp Utilities 2011\TuneUpUtilitiesApp32.exe
PRC - [2011.09.16 16:48:46 | 001,526,080 | ---- | M] (TuneUp Software) -- C:\Programme\TuneUp Utilities 2011\TuneUpUtilitiesService32.exe
PRC - [2011.08.01 15:56:42 | 001,821,576 | ---- | M] (Microsoft Corporation) -- C:\Programme\Microsoft IntelliPoint\ipoint.exe
PRC - [2011.06.29 17:22:02 | 002,468,168 | ---- | M] (O&O Software GmbH) -- C:\Programme\OO Software\Defrag\oodag.exe
PRC - [2011.05.25 00:18:08 | 000,395,344 | ---- | M] (Acronis) -- C:\Programme\Common Files\Acronis\Schedule2\schedhlp.exe
PRC - [2011.05.25 00:18:02 | 000,805,032 | ---- | M] (Acronis) -- C:\Programme\Common Files\Acronis\Schedule2\schedul2.exe
PRC - [2011.05.25 00:17:06 | 005,587,608 | ---- | M] (Acronis) -- C:\Programme\Acronis\TrueImageHome\TrueImageMonitor.exe
PRC - [2011.02.25 07:30:54 | 002,616,320 | ---- | M] (Microsoft Corporation) -- C:\Windows\explorer.exe
PRC - [2010.11.20 04:17:58 | 001,121,792 | ---- | M] (Microsoft Corporation) -- C:\Programme\Windows Media Player\wmpnetwk.exe
PRC - [2010.11.20 04:17:48 | 000,049,152 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\taskhost.exe
PRC - [2010.11.20 04:17:42 | 001,174,016 | ---- | M] (Microsoft Corporation) -- C:\Programme\Windows Sidebar\sidebar.exe
PRC - [2010.02.09 16:43:16 | 002,621,440 | R--- | M] (Brother Industries, Ltd.) -- C:\Programme\Browny02\Brother\BrStMonW.exe
PRC - [2010.01.25 08:22:56 | 000,245,760 | ---- | M] (Brother Industries, Ltd.) -- C:\Programme\Browny02\BrYNSvc.exe
PRC - [2009.10.26 14:46:54 | 001,458,176 | ---- | M] (Motorola Inc.) -- C:\Programme\Motorola\SMSERIAL\sm56hlpr.exe
 
 
========== Modules (No Company Name) ==========
 
MOD - [2011.05.28 22:04:56 | 000,140,288 | ---- | M] () -- C:\Programme\WinRAR\RarExt.dll
MOD - [2011.05.25 00:16:26 | 011,204,288 | ---- | M] () -- C:\Programme\Acronis\TrueImageHome\Common\ti_managers.dll
MOD - [2011.03.17 00:11:16 | 004,297,568 | ---- | M] () -- C:\Programme\Common Files\microsoft shared\OFFICE14\Cultures\OFFICE.ODF
MOD - [2009.02.27 16:38:20 | 000,139,264 | R--- | M] () -- C:\Programme\Brother\BrUtilities\BrLogAPI.dll
 
 
========== Services (SafeList) ==========
 
SRV - [2012.09.09 15:51:04 | 000,114,144 | ---- | M] (Mozilla Foundation) [On_Demand | Stopped] -- C:\Programme\Mozilla Maintenance Service\maintenanceservice.exe -- (MozillaMaintenance)
SRV - [2012.08.31 16:02:02 | 002,754,984 | ---- | M] (TeamViewer GmbH) [Auto | Running] -- C:\Programme\TeamViewer\Version7\TeamViewer_Service.exe -- (TeamViewer7)
SRV - [2012.03.24 22:00:34 | 003,246,040 | ---- | M] (Acronis) [Auto | Running] -- C:\Programme\Common Files\Acronis\CDP\afcdpsrv.exe -- (afcdpsrv)
SRV - [2012.03.07 15:40:34 | 000,913,144 | ---- | M] (ESET) [Auto | Running] -- C:\Programme\ESET\ESET NOD32 Antivirus\ekrn.exe -- (ekrn)
SRV - [2011.09.16 16:48:46 | 001,526,080 | ---- | M] (TuneUp Software) [Auto | Running] -- C:\Programme\TuneUp Utilities 2011\TuneUpUtilitiesService32.exe -- (TuneUp.UtilitiesSvc)
SRV - [2011.09.16 16:44:28 | 000,029,504 | ---- | M] (TuneUp Software) [Auto | Running] -- C:\Windows\System32\uxtuneup.dll -- (UxTuneUp)
SRV - [2011.06.29 17:22:02 | 002,468,168 | ---- | M] (O&O Software GmbH) [Auto | Running] -- C:\Programme\OO Software\Defrag\oodag.exe -- (OODefragAgent)
SRV - [2011.06.12 11:15:00 | 031,125,880 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Program Files\Microsoft Office\Office14\GROOVE.EXE -- (Microsoft SharePoint Workspace Audit Service)
SRV - [2011.05.25 00:18:02 | 000,805,032 | ---- | M] (Acronis) [Auto | Running] -- C:\Programme\Common Files\Acronis\Schedule2\schedul2.exe -- (AcrSch2Svc)
SRV - [2010.11.20 04:17:58 | 001,121,792 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Programme\Windows Media Player\wmpnetwk.exe -- (WMPNetworkSvc)
SRV - [2010.01.25 08:22:56 | 000,245,760 | ---- | M] (Brother Industries, Ltd.) [On_Demand | Running] -- C:\Programme\Browny02\BrYNSvc.exe -- (BrYNSvc)
SRV - [2010.01.09 21:37:50 | 004,640,000 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Programme\Common Files\microsoft shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE -- (osppsvc)
SRV - [2010.01.09 21:18:00 | 000,149,352 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Programme\Common Files\microsoft shared\Source Engine\OSE.EXE -- (ose)
SRV - [2009.07.14 03:16:13 | 000,025,088 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\sensrsvc.dll -- (SensrSvc)
SRV - [2009.07.14 03:16:12 | 001,004,544 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\PeerDistSvc.dll -- (PeerDistSvc)
SRV - [2009.07.14 03:15:41 | 000,680,960 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Programme\Windows Defender\MpSvc.dll -- (WinDefend)
SRV - [2003.04.18 19:06:26 | 000,008,192 | ---- | M] () [Auto | Stopped] -- C:\Windows\System32\srvany.exe -- (KMService)
 
 
========== Driver Services (SafeList) ==========
 
DRV - File not found [Kernel | On_Demand | Stopped] -- System32\drivers\rdvgkmd.sys -- (VGPU)
DRV - File not found [Kernel | On_Demand | Stopped] -- system32\drivers\tsusbhub.sys -- (tsusbhub)
DRV - File not found [Kernel | On_Demand | Stopped] -- System32\drivers\synth3dvsc.sys -- (Synth3dVsc)
DRV - [2012.03.24 22:00:35 | 000,167,968 | ---- | M] (Acronis) [File_System | On_Demand | Running] -- C:\Windows\System32\drivers\afcdp.sys -- (afcdp)
DRV - [2012.03.24 22:00:31 | 000,752,128 | ---- | M] (Acronis) [Kernel | Boot | Running] -- C:\Windows\System32\drivers\tdrpm273.sys -- (tdrpman273)
DRV - [2012.03.24 22:00:29 | 000,600,928 | ---- | M] (Acronis) [Kernel | Boot | Running] -- C:\Windows\System32\drivers\timntr.sys -- (timounter)
DRV - [2012.03.24 22:00:23 | 000,170,528 | ---- | M] (Acronis) [Kernel | Boot | Running] -- C:\Windows\System32\drivers\snapman.sys -- (snapman)
DRV - [2012.03.14 08:40:02 | 000,169,080 | ---- | M] (ESET) [File_System | System | Running] -- C:\Windows\System32\drivers\eamonm.sys -- (eamonm)
DRV - [2012.03.14 08:40:02 | 000,120,152 | ---- | M] (ESET) [Kernel | System | Running] -- C:\Windows\System32\drivers\ehdrv.sys -- (ehdrv)
DRV - [2012.03.14 08:40:02 | 000,103,112 | ---- | M] (ESET) [Kernel | Auto | Running] -- C:\Windows\System32\drivers\epfwwfpr.sys -- (epfwwfpr)
DRV - [2011.10.02 19:35:47 | 000,232,512 | ---- | M] (DT Soft Ltd) [Kernel | System | Running] -- C:\Windows\System32\drivers\dtsoftbus01.sys -- (dtsoftbus01)
DRV - [2011.06.06 16:03:54 | 000,010,064 | ---- | M] (TuneUp Software) [Kernel | On_Demand | Running] -- C:\Programme\TuneUp Utilities 2011\TuneUpUtilitiesDriver32.sys -- (TuneUpUtilitiesDrv)
DRV - [2010.11.20 04:30:16 | 000,175,360 | ---- | M] (Microsoft Corporation) [Kernel | Boot | Running] -- C:\Windows\System32\drivers\vmbus.sys -- (vmbus)
DRV - [2010.11.20 04:30:16 | 000,040,704 | ---- | M] (Microsoft Corporation) [Kernel | Boot | Running] -- C:\Windows\System32\drivers\vmstorfl.sys -- (storflt)
DRV - [2010.11.20 04:30:16 | 000,028,032 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\storvsc.sys -- (storvsc)
DRV - [2010.11.20 02:24:42 | 000,052,224 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\TsUsbFlt.sys -- (TsUsbFlt)
DRV - [2010.11.20 02:21:16 | 000,015,872 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\rdpvideominiport.sys -- (RdpVideoMiniport)
DRV - [2010.11.20 01:59:46 | 000,035,968 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\winusb.sys -- (WinUsb)
DRV - [2010.11.20 01:14:46 | 000,017,920 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\VMBusHID.sys -- (VMBusHID)
DRV - [2010.11.20 01:14:42 | 000,005,632 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\vms3cap.sys -- (s3cap)
DRV - [2009.10.26 15:09:06 | 001,095,936 | ---- | M] (Motorola Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\smserial.sys -- (smserial)
DRV - [2009.07.14 00:02:51 | 004,231,168 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\netw5v32.sys -- (netw5v32)
 
 
========== Standard Registry (SafeList) ==========
 
 
========== Internet Explorer ==========
 
IE - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&FORM=IE8SRC
 
IE - HKCU\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
 
========== FireFox ==========
 
FF - prefs.js..browser.search.selectedEngine: "Wikipedia (de)"
FF - prefs.js..browser.search.useDBForOrder: true
FF - prefs.js..browser.startup.homepage: "www.google.de"
FF - prefs.js..extensions.enabledAddons: exify@dev13.version:1.2
FF - prefs.js..extensions.enabledAddons: {CAFEEFAC-0016-0000-0035-ABCDEFFEDCBA}:6.0.35
FF - prefs.js..extensions.enabledAddons: {73a6fe31-595d-460b-a920-fcc0f8843232}:2.5.6
FF - user.js - File not found
 
FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF32_11_4_402_278.dll ()
FF - HKLM\Software\MozillaPlugins\@foxitsoftware.com/Foxit Reader Plugin,version=1.0,application/pdf: C:\Program Files\Foxit Software\Foxit Reader\plugins\npFoxitReaderPlugin.dll (Foxit Corporation)
FF - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=1.6.0_35: C:\Windows\system32\npdeployJava1.dll (Sun Microsystems, Inc.)
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files\Java\jre6\bin\plugin2\npjp2.dll (Sun Microsystems, Inc.)
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files\Microsoft Silverlight\5.1.10411.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeAuthz,version=14.0: C:\PROGRA~1\MICROS~2\Office14\NPAUTHZ.DLL (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/SharePoint,version=14.0: C:\PROGRA~1\MICROS~2\Office14\NPSPWRAP.DLL (Microsoft Corporation)
 
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 15.0\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2012.09.09 15:51:04 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Thunderbird\Extensions\\eplgTb@eset.com: C:\Program Files\ESET\ESET NOD32 Antivirus\Mozilla Thunderbird [2012.06.11 16:33:04 | 000,000,000 | ---D | M]
FF - HKEY_CURRENT_USER\software\mozilla\Mozilla Firefox 15.0.1\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2012.09.09 15:51:04 | 000,000,000 | ---D | M]
 
[2011.10.02 20:00:22 | 000,000,000 | ---D | M] (No name found) -- C:\Users\***\AppData\Roaming\mozilla\Extensions
[2012.09.26 19:55:31 | 000,000,000 | ---D | M] (No name found) -- C:\Users\***\AppData\Roaming\mozilla\Firefox\Profiles\ag29r8e1.default\extensions
[2012.07.19 15:26:45 | 000,010,220 | ---- | M] () (No name found) -- C:\Users\***\AppData\Roaming\mozilla\firefox\profiles\ag29r8e1.default\extensions\exify@dev13.version.xpi
[2012.09.26 19:55:31 | 000,529,316 | ---- | M] () (No name found) -- C:\Users\***\AppData\Roaming\mozilla\firefox\profiles\ag29r8e1.default\extensions\{73a6fe31-595d-460b-a920-fcc0f8843232}.xpi
[2012.07.25 20:14:16 | 000,741,958 | ---- | M] () (No name found) -- C:\Users\***\AppData\Roaming\mozilla\firefox\profiles\ag29r8e1.default\extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}.xpi
[2011.10.26 21:02:19 | 000,002,321 | ---- | M] () -- C:\Users\***\AppData\Roaming\mozilla\firefox\profiles\ag29r8e1.default\searchplugins\dictcc.xml
[2012.09.24 11:11:16 | 000,000,000 | ---D | M] (No name found) -- C:\Programme\Mozilla Firefox\extensions
[2012.09.09 15:51:01 | 000,000,000 | ---D | M] (Java Console) -- C:\Programme\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0033-ABCDEFFEDCBA}
[2012.09.24 11:11:16 | 000,000,000 | ---D | M] (Java Console) -- C:\Programme\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0035-ABCDEFFEDCBA}
[2012.09.24 11:11:16 | 000,000,000 | ---D | M] (Java Console) -- C:\PROGRAM FILES\MOZILLA FIREFOX\EXTENSIONS\{CAFEEFAC-0016-0000-0035-ABCDEFFEDCBA}
[2012.09.09 15:51:04 | 000,266,720 | ---- | M] (Mozilla Foundation) -- C:\Program Files\mozilla firefox\components\browsercomps.dll
[2011.09.29 03:24:37 | 000,001,392 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\amazondotcom-de.xml
[2012.08.31 19:36:34 | 000,002,465 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\bing.xml
[2011.09.29 03:24:37 | 000,001,153 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\eBay-de.xml
[2011.09.29 03:24:37 | 000,006,805 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\leo_ende_de.xml
[2011.09.29 03:24:37 | 000,001,178 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\wikipedia-de.xml
[2011.09.29 03:24:37 | 000,001,105 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\yahoo-de.xml
 
O1 HOSTS File: ([2009.06.10 23:39:37 | 000,000,824 | ---- | M]) - C:\Windows\System32\drivers\etc\hosts
O2 - BHO: (Groove GFS Browser Helper) - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Programme\Microsoft Office\Office14\GROOVEEX.DLL (Microsoft Corporation)
O2 - BHO: (Java(tm) Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Programme\Java\jre6\bin\ssv.dll (Sun Microsystems, Inc.)
O2 - BHO: (Office Document Cache Handler) - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\Programme\Microsoft Office\Office14\URLREDIR.DLL (Microsoft Corporation)
O4 - HKLM..\Run: [Acronis Scheduler2 Service] C:\Program Files\Common Files\Acronis\Schedule2\schedhlp.exe (Acronis)
O4 - HKLM..\Run: [BCSSync] C:\Program Files\Microsoft Office\Office14\BCSSync.exe (Microsoft Corporation)
O4 - HKLM..\Run: [BrStsMon00] C:\Program Files\Browny02\Brother\BrStMonW.exe (Brother Industries, Ltd.)
O4 - HKLM..\Run: [ControlCenter3] C:\Program Files\Brother\ControlCenter3\brctrcen.exe (Brother Industries, Ltd.)
O4 - HKLM..\Run: [egui] C:\Program Files\ESET\ESET NOD32 Antivirus\egui.exe (ESET)
O4 - HKLM..\Run: [Nikon Message Center 2] C:\Program Files\Nikon\Nikon Message Center 2\NkMC2.exe (Nikon Corporation)
O4 - HKLM..\Run: [SMSERIAL] C:\Programme\Motorola\SMSERIAL\sm56hlpr.exe (Motorola Inc.)
O4 - HKLM..\Run: [TrueImageMonitor.exe] C:\Program Files\Acronis\TrueImageHome\TrueImageMonitor.exe (Acronis)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableLinkedConnections = 1
O8 - Extra context menu item: Nach Microsoft E&xcel exportieren - C:\Programme\Microsoft Office\Office14\EXCEL.EXE (Microsoft Corporation)
O13 - gopher Prefix: missing
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_35-windows-i586.cab (Java Plug-in 1.6.0_35)
O16 - DPF: {CAFEEFAC-0016-0000-0035-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_35-windows-i586.cab (Java Plug-in 1.6.0_35)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_35-windows-i586.cab (Java Plug-in 1.6.0_35)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{5C8C8976-08FC-47A3-8DB5-8A7EE292395D}: DhcpNameServer = 192.168.1.1
O18 - Protocol\Handler\ms-help {314111c7-a502-11d2-bbca-00c04f8ec294} - C:\Programme\Common Files\microsoft shared\Help\hxds.dll (Microsoft Corporation)
O18 - Protocol\Filter\text/xml {807573E5-5146-11D5-A672-00B0D022E945} - C:\Programme\Common Files\microsoft shared\OFFICE14\MSOXMLMF.DLL (Microsoft Corporation)
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\System32\userinit.exe (Microsoft Corporation)
O20 - HKLM Winlogon: VMApplet - (SystemPropertiesPerformance.exe) - C:\Windows\System32\SystemPropertiesPerformance.exe (Microsoft Corporation)
O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O28 - HKLM ShellExecuteHooks: {B5A7F190-DDA6-4420-B3BA-52453494E6CD} - C:\Programme\Microsoft Office\Office14\GROOVEEX.DLL (Microsoft Corporation)
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2009.06.10 23:42:20 | 000,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ]
O34 - HKLM BootExecute: (autocheck autochk *)
O34 - HKLM BootExecute: (OODBS)
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)
O38 - SubSystems\\Windows: (ServerDll=sxssrv,4)
 
========== Files/Folders - Created Within 30 Days ==========
 
[2012.10.06 14:45:17 | 000,602,112 | ---- | C] (OldTimer Tools) -- C:\Users\***\Desktop\OTL.exe
[2012.10.03 14:41:05 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Foxit Reader
[2012.09.30 17:42:44 | 000,000,000 | ---D | C] -- C:\Users\***\AppData\Roaming\codeblocks
[2012.09.30 17:42:23 | 000,000,000 | ---D | C] -- C:\Users\***\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\CodeBlocks
[2012.09.30 17:42:23 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\CodeBlocks
[2012.09.30 17:42:21 | 000,000,000 | ---D | C] -- C:\Program Files\CodeBlocks
[2012.09.16 19:04:30 | 000,000,000 | ---D | C] -- C:\Users\***\Desktop\Auto
[2012.09.09 16:05:38 | 000,000,000 | ---D | C] -- C:\Users\***\Desktop\Bestellung
[2012.09.09 15:51:00 | 000,000,000 | ---D | C] -- C:\Program Files\Mozilla Firefox
 
========== Files - Modified Within 30 Days ==========
 
[2012.10.06 14:45:28 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\***\Desktop\OTL.exe
[2012.10.06 14:24:47 | 000,000,000 | ---- | M] () -- C:\Users\***\defogger_reenable
[2012.10.06 14:24:32 | 000,014,016 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
[2012.10.06 14:24:32 | 000,014,016 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
[2012.10.06 14:22:40 | 000,050,477 | ---- | M] () -- C:\Users\***\Desktop\Defogger.exe
[2012.10.06 14:19:23 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2012.10.06 14:19:21 | 1603,084,288 | -HS- | M] () -- C:\hiberfil.sys
[2012.10.06 14:19:21 | 000,576,752 | ---- | M] () -- C:\Windows\System32\oodbs.lor
[2012.10.03 15:55:57 | 386,625,535 | ---- | M] () -- C:\THE_IDES_OF_MARCH.ISO
[2012.10.03 14:41:05 | 000,001,096 | ---- | M] () -- C:\Users\Public\Desktop\Foxit Reader.lnk
[2012.09.30 12:27:51 | 000,654,166 | ---- | M] () -- C:\Windows\System32\perfh007.dat
[2012.09.30 12:27:51 | 000,616,008 | ---- | M] () -- C:\Windows\System32\perfh009.dat
[2012.09.30 12:27:51 | 000,130,006 | ---- | M] () -- C:\Windows\System32\perfc007.dat
[2012.09.30 12:27:51 | 000,106,388 | ---- | M] () -- C:\Windows\System32\perfc009.dat
[2012.09.25 17:24:56 | 000,856,104 | R--- | M] () -- C:\Users\***\Desktop\TB396A-BoardingPass.pdf
[2012.09.23 18:15:15 | 001,049,024 | ---- | M] () -- C:\Users\***\Desktop\Gliederung.jpg
[2012.09.23 18:13:55 | 003,428,646 | ---- | M] () -- C:\Users\***\Desktop\Deckblatt.jpg
[2012.09.09 19:18:18 | 000,025,214 | ---- | M] () -- C:\Users\***\Desktop\fcb_bestellung.pdf
 
========== Files Created - No Company Name ==========
 
[2012.10.06 14:24:47 | 000,000,000 | ---- | C] () -- C:\Users\***\defogger_reenable
[2012.10.06 14:22:38 | 000,050,477 | ---- | C] () -- C:\Users\***\Desktop\Defogger.exe
[2012.10.03 15:19:54 | 386,625,535 | ---- | C] () -- C:\THE_IDES_OF_MARCH.ISO
[2012.10.03 14:41:05 | 000,001,096 | ---- | C] () -- C:\Users\Public\Desktop\Foxit Reader.lnk
[2012.09.25 17:24:57 | 000,856,104 | R--- | C] () -- C:\Users\***\Desktop\TB396A-BoardingPass.pdf
[2012.09.23 18:15:15 | 001,049,024 | ---- | C] () -- C:\Users\***\Desktop\Gliederung.jpg
[2012.09.23 18:13:55 | 003,428,646 | ---- | C] () -- C:\Users\***\Desktop\Deckblatt.jpg
[2012.09.09 19:18:31 | 000,025,214 | ---- | C] () -- C:\Users\***\Desktop\fcb_bestellung.pdf
[2012.07.23 20:22:23 | 000,007,302 | ---- | C] () -- C:\Users\***\AppData\Local\recently-used.xbel
[2012.07.05 19:39:23 | 000,000,050 | ---- | C] () -- C:\Windows\System32\BRIDF10A.DAT
[2012.04.07 10:48:47 | 000,000,268 | RH-- | C] () -- C:\ProgramData\Transportation
[2012.04.07 10:48:47 | 000,000,268 | RH-- | C] () -- C:\Users\***\AppData\Roaming\Textures
[2012.04.07 10:48:47 | 000,000,020 | -H-- | C] () -- C:\ProgramData\PKP_DLck.DAT
[2012.04.07 10:48:44 | 000,000,268 | RH-- | C] () -- C:\ProgramData\Treble Reduction
[2012.04.07 10:48:44 | 000,000,268 | RH-- | C] () -- C:\Users\***\AppData\Roaming\Themes
[2012.04.07 10:17:02 | 000,000,020 | -H-- | C] () -- C:\ProgramData\PKP_DLbx.DAT
[2011.10.03 08:42:02 | 000,000,425 | ---- | C] () -- C:\Windows\BRWMARK.INI
[2011.10.03 08:42:02 | 000,000,027 | ---- | C] () -- C:\Windows\BRPP2KA.INI
[2011.10.03 07:41:04 | 000,000,050 | ---- | C] () -- C:\Windows\System32\bridf07a.dat
[2011.10.02 20:17:22 | 000,140,288 | ---- | C] () -- C:\Windows\System32\igfxtvcx.dll
[2011.10.02 19:55:27 | 000,087,552 | ---- | C] () -- C:\Windows\System32\cpwmon2k.dll
[2011.10.02 19:48:01 | 000,008,192 | ---- | C] () -- C:\Windows\System32\srvany.exe
[2011.10.02 12:22:48 | 000,066,048 | ---- | C] () -- C:\Windows\System32\PrintBrmUi.exe
[2011.10.02 12:22:42 | 000,080,896 | ---- | C] () -- C:\Windows\System32\RDVGHelper.exe
[2011.06.10 06:34:52 | 000,080,416 | ---- | C] () -- C:\Windows\System32\RtNicProp32.dll
 
========== ZeroAccess Check ==========
 
[2009.07.14 06:42:31 | 000,000,227 | RHS- | M] () -- C:\Windows\assembly\Desktop.ini
 
[HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
 
[HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32]
 
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
"" = %SystemRoot%\system32\shell32.dll -- [2012.06.09 06:41:00 | 012,873,728 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment
 
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32]
"" = %systemroot%\system32\wbem\fastprox.dll -- [2010.11.20 04:19:04 | 000,606,208 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free
 
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32]
"" = %systemroot%\system32\wbem\wbemess.dll -- [2009.07.14 03:16:17 | 000,342,528 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Both
 
========== LOP Check ==========
 
[2012.04.06 17:18:36 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\Acronis
[2012.03.24 22:00:36 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\CE4C3F7E-6E0C-4CF9-B52A-AD3311C51236
[2011.10.02 19:38:50 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\DAEMON Tools Lite
[2012.03.13 20:50:37 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\elsterformular
[2012.09.20 15:51:57 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\Foxit Software
[2012.02.21 21:59:15 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\GetRightToGo
[2012.05.24 20:09:45 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\Mp3tag
[2012.04.07 10:48:52 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\Nikon
[2011.12.19 19:45:34 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\TeamViewer
[2011.10.02 21:39:48 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\TuneUp Software
 
========== Purity Check ==========
 
 

< End of report >

Log Extras

Code:

ATTFilter

OTL Extras logfile created on: 06.10.2012 14:47:09 - Run 1
OTL by OldTimer - Version 3.2.69.0     Folder = C:\Users\***\Desktop
 Ultimate Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
 
1,99 Gb Total Physical Memory | 1,33 Gb Available Physical Memory | 66,60% Memory free
3,98 Gb Paging File | 3,15 Gb Available in Paging File | 79,23% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 148,10 Gb Total Space | 50,49 Gb Free Space | 34,10% Space Free | Partition Type: NTFS
Drive D: | 73,07 Gb Total Space | 17,87 Gb Free Space | 24,45% Space Free | Partition Type: NTFS
 
Computer Name: ***-PC | User Name: *** | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Quick Scan
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days
 
========== Extra Registry (SafeList) ==========
 
 
========== File Associations ==========
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- C:\Windows\System32\control.exe (Microsoft Corporation)
.hlp [@ = hlpfile] -- C:\Windows\winhlp32.exe (Microsoft Corporation)
 
[HKEY_CURRENT_USER\SOFTWARE\Classes\<extension>]
.html [@ = FirefoxHTML] -- C:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation)
 
========== Shell Spawning ==========
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
hlpfile [open] -- %SystemRoot%\winhlp32.exe %1 (Microsoft Corporation)
htmlfile [edit] -- "C:\Program Files\Microsoft Office\Office14\msohtmed.exe" %1 (Microsoft Corporation)
htmlfile [print] -- "C:\Program Files\Microsoft Office\Office14\msohtmed.exe" /p %1 (Microsoft Corporation)
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [AddToPlaylistVLC] -- "C:\Program Files\VideoLAN\VLC\vlc.exe" --started-from-file --playlist-enqueue "%1" ()
Directory [CEWE FOTOSCHAU] -- "C:\Program Files\dm\dm-Fotowelt\CEWE FOTOSCHAU.exe" -d "%1" ()
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [dm-Fotowelt] -- "C:\Program Files\dm\dm-Fotowelt\dm-Fotowelt.exe" "%1" ()
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [PlayWithVLC] -- "C:\Program Files\VideoLAN\VLC\vlc.exe" --started-from-file --no-playlist-enqueue "%1" ()
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
 
========== Security Center Settings ==========
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 1
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"VistaSp1" = Reg Error: Unknown registry data type -- File not found
"AntiVirusOverride" = 0
"AntiSpywareOverride" = 0
"FirewallOverride" = 0
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol]
 
========== Firewall Settings ==========
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1
 
========== Authorized Applications List ==========
 
 
========== Vista Active Open Ports Exception List ==========
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{3AC9B025-B383-488B-94CE-1D39F49211C8}" = rport=10243 | protocol=6 | dir=out | app=system | 
"{57AA19CB-CBEE-4457-9798-01E5B4BB8667}" = lport=54925 | protocol=17 | dir=in | name=brothernetwork scanner | 
"{58ABEA73-8A4A-4100-BF71-16F59BFD6CDD}" = lport=2869 | protocol=6 | dir=in | app=system | 
"{79DBEEDE-CA87-4451-8601-FD418F307CC8}" = lport=10243 | protocol=6 | dir=in | app=system | 
"{8FC19C96-53EA-4D50-9F8D-CB61DBD4905B}" = rport=2177 | protocol=17 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe | 
"{98680BD8-5426-4FD9-88A7-AE4C702F15E8}" = lport=2177 | protocol=17 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe | 
"{A0FC3055-B3CD-482E-B880-971D88E991D5}" = rport=1900 | protocol=17 | dir=out | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe | 
"{BBCE81E4-84D9-442B-8D8D-6D2BA4C83F4A}" = rport=2177 | protocol=6 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe | 
"{BBE7778E-182F-4FF4-8E5D-7AF9316C42E6}" = lport=2177 | protocol=6 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe | 
"{F8BC0797-4A6B-4823-9676-CE0AB23014EF}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe | 
 
========== Vista Active Application Exception List ==========
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{1E8D7B86-90D5-4E0F-9EBE-EB438782C9BB}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmpnetwk.exe | 
"{38A23086-DBB9-46F2-B4C1-0043C4A6A48D}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe | 
"{608BCEDE-BE9A-4725-9542-5BB3322DAF67}" = protocol=6 | dir=in | app=c:\program files\teamviewer\version7\teamviewer_service.exe | 
"{6E0FF128-F9FE-420C-8979-61585DF8122F}" = protocol=6 | dir=in | app=c:\program files\microsoft office\office14\groove.exe | 
"{713FEA0B-C924-45B5-BAC5-9AFE17A8819E}" = protocol=6 | dir=in | app=%programfiles%\windows media player\wmpnetwk.exe | 
"{79BE94F0-A224-4192-BD25-042A7805DEFD}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe | 
"{86E3C38A-7041-45A0-958E-B1BE82C6C3C6}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe | 
"{87A20072-1C0B-4D3B-83C2-DB75A6F4C7E7}" = protocol=17 | dir=in | app=c:\program files\teamviewer\version7\teamviewer.exe | 
"{93D43748-AB8C-461C-80EB-390A2A4BC420}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmpnetwk.exe | 
"{95A01875-A2FD-4C32-8647-1B877CF0F102}" = protocol=17 | dir=in | app=c:\program files\teamviewer\version7\teamviewer_service.exe | 
"{A7036870-5F76-47AA-936C-115138F90553}" = protocol=17 | dir=in | app=c:\program files\microsoft office\office14\groove.exe | 
"{AC136669-8BC4-4511-AA0E-1D6B3A5E9A39}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmpnetwk.exe | 
"{ADDAAF59-2E47-4557-8E02-1396055408EF}" = protocol=6 | dir=out | svc=upnphost | app=%systemroot%\system32\svchost.exe | 
"{B8B9CA8D-67CF-43B3-8CBC-FB5BED814C99}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe | 
"{BEE41BA9-2FF5-4A5F-81F5-2AD6BA86D448}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe | 
"{D3C6FB77-DCE3-401F-BFE1-E917DA90E1A7}" = protocol=6 | dir=in | app=c:\program files\teamviewer\version7\teamviewer.exe | 
"{EDF221EF-9AD3-4A4A-87BD-8C18879ED36E}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe | 
"{F164A5ED-313F-4ED5-AD0F-017A1D8E2A01}" = protocol=6 | dir=out | app=system | 
 
========== HKEY_LOCAL_MACHINE Uninstall List ==========
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{04A3A6B0-8E19-49BB-82FF-65C5A55F917D}" = Acronis*True*Image*Home 2011
"{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
"{24036256-BFDB-4CD3-BE8A-A3D6160F2E16}" = TuneUp Utilities 2011
"{2436F2A8-4B7E-4B6C-AE4E-604C84AA6A4F}" = Nero Core Components 10
"{26A24AE4-039D-4CA4-87B4-2F83216033FF}" = Java(TM) 6 Update 35
"{3C3901C5-3455-3E0A-A214-0B093A5070A6}" = Microsoft .NET Framework 4 Client Profile
"{486C6400-78D7-47A5-B715-6828B4A4759D}" = ESET NOD32 Antivirus
"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
"{5D4C60AA-84E6-4E1A-8A68-69970D387BE1}" = TuneUp Utilities Language Pack (de-DE)
"{6AFCA4E1-9B78-3640-8F72-A7BF33448200}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729
"{6DFB899F-17A2-48F0-A533-ED8D6866CF38}" = Nero Control Center 10
"{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}" = Microsoft Visual C++ 2005 Redistributable
"{842BEE12-CCCB-43F4-ABAF-CBA6DFE2583D}" = Nero BurnLite 10
"{87441A59-5E64-4096-A170-14EFE67200C3}" = Picture Control Utility
"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
"{90140000-0011-0000-0000-0000000FF1CE}" = Microsoft Office Professional Plus 2010
"{90140000-0011-0000-0000-0000000FF1CE}_Office14.PROPLUS_{047B0968-E622-4FAA-9B4B-121FA109EDDE}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-0015-0407-0000-0000000FF1CE}" = Microsoft Office Access MUI (German) 2010
"{90140000-0015-0407-0000-0000000FF1CE}_Office14.PROPLUS_{69E54534-4569-4639-89E9-305B60A11601}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-0016-0407-0000-0000000FF1CE}" = Microsoft Office Excel MUI (German) 2010
"{90140000-0016-0407-0000-0000000FF1CE}_Office14.PROPLUS_{69E54534-4569-4639-89E9-305B60A11601}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-0018-0407-0000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (German) 2010
"{90140000-0018-0407-0000-0000000FF1CE}_Office14.PROPLUS_{69E54534-4569-4639-89E9-305B60A11601}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-0019-0407-0000-0000000FF1CE}" = Microsoft Office Publisher MUI (German) 2010
"{90140000-0019-0407-0000-0000000FF1CE}_Office14.PROPLUS_{69E54534-4569-4639-89E9-305B60A11601}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-001A-0407-0000-0000000FF1CE}" = Microsoft Office Outlook MUI (German) 2010
"{90140000-001A-0407-0000-0000000FF1CE}_Office14.PROPLUS_{69E54534-4569-4639-89E9-305B60A11601}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-001B-0407-0000-0000000FF1CE}" = Microsoft Office Word MUI (German) 2010
"{90140000-001B-0407-0000-0000000FF1CE}_Office14.PROPLUS_{69E54534-4569-4639-89E9-305B60A11601}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-001F-0407-0000-0000000FF1CE}" = Microsoft Office Proof (German) 2010
"{90140000-001F-0407-0000-0000000FF1CE}_Office14.PROPLUS_{65A2328E-FDFB-4CA3-8582-357EA6825FEA}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-001F-0409-0000-0000000FF1CE}" = Microsoft Office Proof (English) 2010
"{90140000-001F-0409-0000-0000000FF1CE}_Office14.PROPLUS_{99ACCA38-6DD3-48A8-96AE-A283C9759279}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-001F-040C-0000-0000000FF1CE}" = Microsoft Office Proof (French) 2010
"{90140000-001F-040C-0000-0000000FF1CE}_Office14.PROPLUS_{46298F6A-1E7E-4D4A-B5F5-106A4F0E48C6}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-001F-0410-0000-0000000FF1CE}" = Microsoft Office Proof (Italian) 2010
"{90140000-001F-0410-0000-0000000FF1CE}_Office14.PROPLUS_{C0743197-FFEE-4C19-BAEB-8F7437DC4C8A}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-002C-0407-0000-0000000FF1CE}" = Microsoft Office Proofing (German) 2010
"{90140000-002C-0407-0000-0000000FF1CE}_Office14.PROPLUS_{4275FB46-ABDF-4456-876C-17CF64294D9A}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-0044-0407-0000-0000000FF1CE}" = Microsoft Office InfoPath MUI (German) 2010
"{90140000-0044-0407-0000-0000000FF1CE}_Office14.PROPLUS_{69E54534-4569-4639-89E9-305B60A11601}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-006E-0407-0000-0000000FF1CE}" = Microsoft Office Shared MUI (German) 2010
"{90140000-006E-0407-0000-0000000FF1CE}_Office14.PROPLUS_{98EDFD9F-EA76-40CC-BCE9-92C69413F65B}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-00A1-0407-0000-0000000FF1CE}" = Microsoft Office OneNote MUI (German) 2010
"{90140000-00A1-0407-0000-0000000FF1CE}_Office14.PROPLUS_{69E54534-4569-4639-89E9-305B60A11601}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-00BA-0407-0000-0000000FF1CE}" = Microsoft Office Groove MUI (German) 2010
"{90140000-00BA-0407-0000-0000000FF1CE}_Office14.PROPLUS_{69E54534-4569-4639-89E9-305B60A11601}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{942E5031-2BD6-4C1B-918C-C8A1CBAE7B8C}" = Microsoft IntelliPoint 8.2
"{95120000-00B9-0409-0000-0000000FF1CE}" = Microsoft Application Error Reporting
"{9BE518E6-ECC6-35A9-88E4-87755C07200F}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
"{A3FEC306-FBFF-4B0D-95B9-F9C67C65079E}" = Brother MFL-Pro Suite DCP-357C
"{A6BA9745-45AC-4FB1-87FF-FF4DADDC8195}" = O&O Defrag Professional
"{AB627AF2-9C7E-4DBD-816B-3B2646B81E89}" = Nero BurnLite 10
"{B014EE44-9197-4513-9613-71E6EB1B514E}" = Nikon Message Center 2
"{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}" = Microsoft Visual C++ 2010  x86 Redistributable - 10.0.40219
"{F750C986-5310-3A5A-95F8-4EC71C8AC01C}" = Microsoft .NET Framework 4 Client Profile DEU Language Pack
"{FB83EAC4-E3F6-4666-B45B-44522F2344B6}" = Brother MFL-Pro Suite DCP-J315W
"Adobe Flash Player Plugin" = Adobe Flash Player 11 Plugin
"Capture NX 2" = Capture NX 2
"CutePDF Writer Installation" = CutePDF Writer 2.8
"DAEMON Tools Lite" = DAEMON Tools Lite
"dm-Fotowelt" = dm-Fotowelt
"DVD Flick_is1" = DVD Flick 1.3.0.7
"DVD Shrink_is1" = DVD Shrink 3.2
"ElsterFormular 13.1.1.8479p" = ElsterFormular
"Foxit Reader_is1" = Foxit Reader
"GIMP-2_is1" = GIMP 2.8.0
"HDMI" = Intel(R) Graphics Media Accelerator Driver
"Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile
"Microsoft .NET Framework 4 Client Profile DEU Language Pack" = Microsoft .NET Framework 4 Client Profile DEU Language Pack
"Microsoft IntelliPoint 8.2" = Microsoft IntelliPoint 8.2
"Mozilla Firefox 15.0 (x86 de)" = Mozilla Firefox 15.0 (x86 de)
"MozillaMaintenanceService" = Mozilla Maintenance Service
"Mp3tag" = Mp3tag v2.51
"Office14.PROPLUS" = Microsoft Office Professional Plus 2010
"SMSERIAL" = Motorola SM56 Speakerphone Modem
"TeamViewer 7" = TeamViewer 7
"TuneUp Utilities 2011" = TuneUp Utilities 2011
"TVWiz" = Intel(R) TV Wizard
"VLC media player" = VLC media player 2.0.0
"WinRAR archiver" = WinRAR 4.01 (32-Bit)
 
========== HKEY_CURRENT_USER Uninstall List ==========
 
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"CodeBlocks" = CodeBlocks
"Mozilla Firefox 15.0.1 (x86 de)" = Mozilla Firefox 15.0.1 (x86 de)
 
========== Last 20 Event Log Errors ==========
 
[ Application Events ]
Error - 06.10.2012 08:49:35 | Computer Name = ***-PC | Source = Brother BrLog | ID = 1001
Description = STI BrtSTI: [2012/10/06 14:49:35.546]: [00001932]: GetDeviceIpAddress:
 GetAddressByName [BRW0022589008EB] Error  
 
Error - 06.10.2012 08:50:10 | Computer Name = ***-PC | Source = Brother BrLog | ID = 1001
Description = STI BrtSTI: [2012/10/06 14:50:10.771]: [00001932]: GetDeviceIpAddress:
 GetAddressByName [BRW0022589008EB] Error  
 
Error - 06.10.2012 08:50:45 | Computer Name = ***-PC | Source = Brother BrLog | ID = 1001
Description = STI BrtSTI: [2012/10/06 14:50:45.996]: [00001932]: GetDeviceIpAddress:
 GetAddressByName [BRW0022589008EB] Error  
 
Error - 06.10.2012 08:51:21 | Computer Name = ***-PC | Source = Brother BrLog | ID = 1001
Description = STI BrtSTI: [2012/10/06 14:51:21.221]: [00001932]: GetDeviceIpAddress:
 GetAddressByName [BRW0022589008EB] Error  
 
Error - 06.10.2012 08:51:56 | Computer Name = ***-PC | Source = Brother BrLog | ID = 1001
Description = STI BrtSTI: [2012/10/06 14:51:56.445]: [00001932]: GetDeviceIpAddress:
 GetAddressByName [BRW0022589008EB] Error  
 
Error - 06.10.2012 08:52:31 | Computer Name = ***-PC | Source = Brother BrLog | ID = 1001
Description = STI BrtSTI: [2012/10/06 14:52:31.670]: [00001932]: GetDeviceIpAddress:
 GetAddressByName [BRW0022589008EB] Error  
 
Error - 06.10.2012 08:53:06 | Computer Name = ***-PC | Source = Brother BrLog | ID = 1001
Description = STI BrtSTI: [2012/10/06 14:53:06.895]: [00001932]: GetDeviceIpAddress:
 GetAddressByName [BRW0022589008EB] Error  
 
Error - 06.10.2012 08:53:42 | Computer Name = ***-PC | Source = Brother BrLog | ID = 1001
Description = STI BrtSTI: [2012/10/06 14:53:42.120]: [00001932]: GetDeviceIpAddress:
 GetAddressByName [BRW0022589008EB] Error  
 
Error - 06.10.2012 08:54:17 | Computer Name = ***-PC | Source = Brother BrLog | ID = 1001
Description = STI BrtSTI: [2012/10/06 14:54:17.345]: [00001932]: GetDeviceIpAddress:
 GetAddressByName [BRW0022589008EB] Error  
 
Error - 06.10.2012 08:54:52 | Computer Name = ***-PC | Source = Brother BrLog | ID = 1001
Description = STI BrtSTI: [2012/10/06 14:54:52.570]: [00001932]: GetDeviceIpAddress:
 GetAddressByName [BRW0022589008EB] Error  
 
[ System Events ]
Error - 09.06.2012 08:39:00 | Computer Name = ***-PC | Source = Disk | ID = 262155
Description = Der Treiber hat einen Controllerfehler auf \Device\Harddisk2\DR2 gefunden.
 
Error - 09.06.2012 08:39:00 | Computer Name = ***-PC | Source = Disk | ID = 262155
Description = Der Treiber hat einen Controllerfehler auf \Device\Harddisk2\DR2 gefunden.
 
Error - 09.06.2012 08:39:01 | Computer Name = ***-PC | Source = Disk | ID = 262155
Description = Der Treiber hat einen Controllerfehler auf \Device\Harddisk2\DR2 gefunden.
 
Error - 11.06.2012 10:33:22 | Computer Name = ***-PC | Source = Service Control Manager | ID = 7030
Description = Der Dienst "ESET Service" ist als interaktiver Dienst gekennzeichnet.
 Das System wurde jedoch so konfiguriert, dass interaktive Dienste nicht möglich
 sind. Der Dienst wird möglicherweise nicht richtig funktionieren.
 
Error - 17.06.2012 14:33:04 | Computer Name = ***-PC | Source = Disk | ID = 262155
Description = Der Treiber hat einen Controllerfehler auf \Device\Harddisk1\DR2 gefunden.
 
Error - 17.06.2012 14:33:05 | Computer Name = ***-PC | Source = Disk | ID = 262155
Description = Der Treiber hat einen Controllerfehler auf \Device\Harddisk1\DR2 gefunden.
 
Error - 17.06.2012 14:33:06 | Computer Name = ***-PC | Source = Disk | ID = 262155
Description = Der Treiber hat einen Controllerfehler auf \Device\Harddisk1\DR2 gefunden.
 
Error - 01.07.2012 12:06:34 | Computer Name = ***-PC | Source = Disk | ID = 262155
Description = Der Treiber hat einen Controllerfehler auf \Device\Harddisk2\DR2 gefunden.
 
Error - 01.07.2012 12:06:35 | Computer Name = ***-PC | Source = Disk | ID = 262155
Description = Der Treiber hat einen Controllerfehler auf \Device\Harddisk2\DR2 gefunden.
 
Error - 01.07.2012 12:06:35 | Computer Name = ***-PC | Source = Disk | ID = 262155
Description = Der Treiber hat einen Controllerfehler auf \Device\Harddisk2\DR2 gefunden.
 
 
< End of report >

3. Log Gmer

Code:

ATTFilter

GMER 1.0.15.15641 - hxxp://www.gmer.net
Rootkit scan 2012-10-06 16:06:30
Windows 6.1.7601 Service Pack 1 Harddisk0\DR0 -> \Device\Ide\IdeDeviceP2T0L0-4 WDC_WD2500BEVS-22UST0 rev.01.01A01
Running: 4bubqbt3.exe; Driver: C:\Users\***\AppData\Local\Temp\pwdiqpob.sys


---- System - GMER 1.0.15 ----

SSDT            \SystemRoot\system32\DRIVERS\ehdrv.sys (ESET Helper driver/ESET)                                    ZwCreateThread [0x907097F0]
SSDT            \SystemRoot\system32\DRIVERS\ehdrv.sys (ESET Helper driver/ESET)                                    ZwLoadDriver [0x907098B0]
SSDT            \SystemRoot\system32\DRIVERS\ehdrv.sys (ESET Helper driver/ESET)                                    ZwSetSystemInformation [0x90709870]
SSDT            \SystemRoot\system32\DRIVERS\ehdrv.sys (ESET Helper driver/ESET)                                    ZwSystemDebugControl [0x90709830]

---- Kernel code sections - GMER 1.0.15 ----

.text           ntkrnlpa.exe!ZwRollbackEnlistment + 140D                                                            82A7A3C9 1 Byte  [06]
.text           ntkrnlpa.exe!KiDispatchInterrupt + 5A2                                                              82AB3D52 19 Bytes  [E0, 0F, BA, F0, 07, 73, 09, ...] {LOOPNZ 0x11; MOV EDX, 0x97307f0; MOV CR4, EAX; OR AL, 0x80; MOV CR4, EAX; RET ; MOV ECX, CR3}
.text           ntkrnlpa.exe!KeRemoveQueueEx + 1203                                                                 82ABAEB8 4 Bytes  [F0, 97, 70, 90]
.text           ntkrnlpa.exe!KeRemoveQueueEx + 1313                                                                 82ABAFC8 4 Bytes  [B0, 98, 70, 90] {MOV AL, 0x98; JO 0xffffffffffffff94}
.text           ntkrnlpa.exe!KeRemoveQueueEx + 161F                                                                 82ABB2D4 4 Bytes  [70, 98, 70, 90] {JO 0xffffffffffffff9a; JO 0xffffffffffffff94}
.text           ntkrnlpa.exe!KeRemoveQueueEx + 1667                                                                 82ABB31C 4 Bytes  [30, 98, 70, 90]

---- User code sections - GMER 1.0.15 ----

.text           C:\Program Files\ESET\ESET NOD32 Antivirus\ekrn.exe[1732] kernel32.dll!SetUnhandledExceptionFilter  772DF4FB 4 Bytes  [C2, 04, 00, 00]
.text           C:\Program Files\OO Software\Defrag\oodag.exe[1824] kernel32.dll!SetUnhandledExceptionFilter        772DF4FB 5 Bytes  JMP 00402FB0 C:\Program Files\OO Software\Defrag\oodag.exe (O&O Defrag Agent (Win32)/O&O Software GmbH)

---- Devices - GMER 1.0.15 ----

Device                                                                                                              Ntfs.sys (NT-Dateisystemtreiber/Microsoft Corporation)

AttachedDevice                                                                                                      tdrpm273.sys (Acronis Try&Decide Volume Filter Driver/Acronis)

Device          \Driver\ACPI_HAL \Device\00000049                                                                   halmacpi.dll (Hardware Abstraction Layer DLL/Microsoft Corporation)
Device                                                                                                              volmgr.sys (Volume Manager Driver/Microsoft Corporation)

AttachedDevice                                                                                                      fltmgr.sys (Microsoft Dateisystem-Filter-Manager/Microsoft Corporation)

---- Registry - GMER 1.0.15 ----

Reg             HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\System                                               
Reg             HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\System@OODEFRAG14.00.00.01PROFESSIONAL               AFF6D9426865C1876150D7A4396BA07DA3A8D8D42658B4E9436D968C5354B0267070FB84B13A06DAAE14834F72B2918757D62E858C9DCDD0A02302B7D8D02920C2F71F3CB0A7D716215862452CD7C1480E931549E0277C54935934BCBE5F56BF581CBD1B74226F278947953AE57F6542D8C57AFA31E58C2D0FD003BC465DBE92281AB5A38E96AC147E3E27B82340540E9187ADC9113EF0A94C8328A9B21D8B3B68EA49B1136214715B4F7F9EE8288AD852A66439198A3CAAC79BC04CCC640BEE19B2206F1D594A6BBBBE701EC33528617AA7351FE39629A5BFF84E4162EC307A79D0435F49C21CC08408AB3BC05C71FD2C3F9EA512A393FEBC9E127BECC74CFEBC9E127BECC74CFEBC9E127BECC74CFEBC9E127BECC74CFEBC9E127BECC74CFEBC9E127BECC74C5D575E7D6A3B9808A6A0AC4980AC79335D575E7D6A3B98089DB7CE019D40AA5C90994180F3D6C2113B5C3E209BE72901BAD639DD681082818E40754E983445335FA33BBA5641EA7D7DE6639263AED4D2B2D1A77511159576DF2F46BA87D6EED9737C7B9D61543C832528BDE78FB2930F075EDCBD9536C92F68695CE590A239D0031DAFB31135E4417C5BB97341AC5D6ABB1AA2F5DD5A8599FE0C7F97015096DED8C3406CB910827565FDFAEDEF5620BD63657BBCA66F23C68EF7ABF8791E6EEED473C51CFD122C8353D4D67266EF3C0629E2991A7D64F0EE9

---- EOF - GMER 1.0.15 ----

Ich danke schonmal im Voraus für die Mühe und warte auf eventuelle weitere Schritte

Grüße bootsie

cosinus · 07.10.2012, 08:04

Bitte erstmal routinemäßig einen Vollscan mit Malwarebytes machen und Log posten. =>ALLE lokalen Datenträger (außer CD/DVD) überprüfen lassen!
Denk daran, dass Malwarebytes vor jedem Scan manuell aktualisiert werden muss!

Die Funde mit Malwarebytes bitte alle entfernen, sodass sie in der Quarantäne von Malwarebytes aufgehoben werden! NICHTS voreilig aus der Quarantäne entfernen!

Falls Logs aus älteren Scans mit Malwarebytes vorhanden sind, bitte auch davon alle posten!

Bitte alles nach Möglichkeit hier in CODE-Tags posten.

Wird so gemacht:

[code] hier steht das Log [/code]

Und das ganze sieht dann so aus:

Code:

ATTFilter

 hier steht das Log

bootsie · 07.10.2012, 13:07

Danke für die Rückmeldung, hier das:

Log mbam

Code:

ATTFilter

Malwarebytes Anti-Malware 1.65.0.1400
www.malwarebytes.org

Datenbank Version: v2012.10.07.02

Windows 7 Service Pack 1 x86 NTFS
Internet Explorer 9.0.8112.16421
*** :: ***-PC [Administrator]

07.10.2012 12:08:34
mbam-log-2012-10-07 (12-08-34).txt

Art des Suchlaufs: Vollständiger Suchlauf (C:\|D:\|)
Aktivierte Suchlaufeinstellungen: Speicher | Autostart | Registrierung | Dateisystem | Heuristiks/Extra | HeuristiKs/Shuriken | PUP | PUM
Deaktivierte Suchlaufeinstellungen: P2P
Durchsuchte Objekte: 284454
Laufzeit: 42 Minute(n), 1 Sekunde(n)

Infizierte Speicherprozesse: 0
(Keine bösartigen Objekte gefunden)

Infizierte Speichermodule: 0
(Keine bösartigen Objekte gefunden)

Infizierte Registrierungsschlüssel: 0
(Keine bösartigen Objekte gefunden)

Infizierte Registrierungswerte: 0
(Keine bösartigen Objekte gefunden)

Infizierte Dateiobjekte der Registrierung: 0
(Keine bösartigen Objekte gefunden)

Infizierte Verzeichnisse: 0
(Keine bösartigen Objekte gefunden)

Infizierte Dateien: 0
(Keine bösartigen Objekte gefunden)

(Ende)

cosinus · 07.10.2012, 19:37

Malwarebytes erstellt bei jedem Scanvorgang genau ein Log. Hast du in der Vergangenheit schonmal mit Malwarebytes gescannt?
Wenn ja dann stehen auch alle Logs zu jedem Scanvorgang im Reiter Logdateien. Bitte alle posten, die dort sichtbar sind.

bootsie · 08.10.2012, 06:30

Hi cosinus,

ich hatte bisher noch nie mit Malwarebytes gescannt, demzufolge auch leider nicht mehr logs anzubieten.

(Malwarebytes wird ja automatisch gelinked .. was für Technik

, bin begeistert)

cosinus · 08.10.2012, 11:37

adwCleaner - Toolbars und ungewollte Start-/Suchseiten aufspüren

Downloade Dir bitte AdwCleaner auf deinen Desktop.

Falls der adwCleaner schon mal in der runtergeladen wurde, bitte die alte adwcleaner.exe löschen und neu runterladen!!

Starte die adwcleaner.exe mit einem Doppelklick.
Klicke auf Suche.
Nach Ende des Suchlaufs öffnet sich eine Textdatei.
Poste mir den Inhalt mit deiner nächsten Antwort.
Die Logdatei findest du auch unter C:\AdwCleaner[Rx].txt. (x=fortlaufende Nummer)

bootsie · 08.10.2012, 17:52

Der Suchlauf hat nur 5 Sekunden gedauert, hoffe das ist so normal.
Hier der Log:

Code:

ATTFilter

# AdwCleaner v2.004 - Datei am 08/10/2012 um 18:50:12 erstellt
# Aktualisiert am 06/10/2012 von Xplode
# Betriebssystem : Windows 7 Ultimate Service Pack 1 (32 bits)
# Benutzer : *** - ***-PC
# Bootmodus : Normal
# Ausgeführt unter : C:\Users\***\Desktop\adwcleaner.exe
# Option [Suche]


**** [Dienste] ****


***** [Dateien / Ordner] *****


***** [Registrierungsdatenbank] *****

Schlüssel Gefunden : HKLM\SOFTWARE\Classes\Interface\{79FB5FC8-44B9-4AF5-BADD-CCE547F953E5}
Schlüssel Gefunden : HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}

***** [Internet Browser] *****

-\\ Internet Explorer v9.0.8112.16421

[OK] Die Registrierungsdatenbank ist sauber.

-\\ Mozilla Firefox v15.0 (de)

Profilname : default 
Datei : C:\Users\***\AppData\Roaming\Mozilla\Firefox\Profiles\ag29r8e1.default\prefs.js

[OK] Die Datei ist sauber.

*************************

AdwCleaner[R1].txt - [953 octets] - [08/10/2012 18:50:12]

########## EOF - C:\AdwCleaner[R1].txt - [1012 octets] ##########

cosinus · 08.10.2012, 18:47

ja der adwCleaner geht schnell

adwCleaner - Toolbars und ungewollte Start-/Suchseiten entfernen

Schließe alle offenen Programme und Browser.
Starte die adwcleaner.exe mit einem Doppelklick.
Klicke auf Löschen.
Bestätige jeweils mit Ok.
Dein Rechner wird neu gestartet. Nach dem Neustart öffnet sich eine Textdatei.
Poste mir den Inhalt mit deiner nächsten Antwort.
Die Logdatei findest du auch unter C:\AdwCleaner[Sx].txt. (x=fortlaufende Nummer)

bootsie · 08.10.2012, 20:35

Darf man fragen, was er schlimmes in der "Registrierungsdatenbank" gefunden hat im letzten Code? Weil ohne Grund sind wir bestimmt nicht am "Löschen"

Außer ihr könnt das nicht entziffern, dann vergiss die Frage.

Hier noch der Log:

Code:

ATTFilter

# AdwCleaner v2.004 - Datei am 08/10/2012 um 21:27:33 erstellt
# Aktualisiert am 06/10/2012 von Xplode
# Betriebssystem : Windows 7 Ultimate Service Pack 1 (32 bits)
# Benutzer : *** - ***-PC
# Bootmodus : Normal
# Ausgeführt unter : C:\Users\***\Desktop\adwcleaner.exe
# Option [Löschen]


**** [Dienste] ****


***** [Dateien / Ordner] *****


***** [Registrierungsdatenbank] *****

Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{79FB5FC8-44B9-4AF5-BADD-CCE547F953E5}
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}

***** [Internet Browser] *****

-\\ Internet Explorer v9.0.8112.16421

[OK] Die Registrierungsdatenbank ist sauber.

-\\ Mozilla Firefox v15.0 (de)

Profilname : default 
Datei : C:\Users\***\AppData\Roaming\Mozilla\Firefox\Profiles\ag29r8e1.default\prefs.js

[OK] Die Datei ist sauber.

*************************

AdwCleaner[R1].txt - [1081 octets] - [08/10/2012 18:50:12]
AdwCleaner[S1].txt - [1015 octets] - [08/10/2012 21:27:33]

########## EOF - C:\AdwCleaner[S1].txt - [1075 octets] ##########

cosinus · 09.10.2012, 11:07

Hätte da mal zwei Fragen bevor es weiter geht (wir sind noch nicht fertig!)

1.) Geht der normale Modus von Windows (wieder) uneingeschränkt?
2.) Vermisst du irgendwas im Startmenü? Sind da leere Ordner unter alle Programme oder ist alles vorhanden?

bootsie · 09.10.2012, 17:38

zu 1.) Welcher normale Modus? Und wieso "wieder"? Ich hatte oben geschrieben, dass der Laptop keine Symptome zeigt. Bitte erkläre kurz, was du hören möchtest.

zu 2.) Das Startmenü sieht für mich OK aus, ich kann nichts außergewöhnliches feststellen und es existieren auch keine leeren Ordner.

cosinus · 09.10.2012, 19:00

Das sind Standardfragen, ich muss mich vergewissern wie der aktuelle Stand ist bevor es weitergeht!

Mach bitte ein neues OTL-Log. Bitte alles nach Möglichkeit hier in CODE-Tags posten.

Wird so gemacht:

[code] hier steht das Log [/code]

Und das ganze sieht dann so aus:

Code:

ATTFilter

 hier steht das Log

CustomScan mit OTL

Lade Dir bitte OTL von Oldtimer herunter und speichere es auf Deinem Desktop. Falls schon vorhanden, bitte die ältere vorhandene Datei durch die neu heruntergeladene Datei ersetzen, damit du auch wirklich mit einer aktuellen Version von OTL arbeitest.

Starte bitte die OTL.exe.
Vista und Win7 User mit Rechtsklick "als Administrator starten"
Setze oben mittig den Haken bei Scanne alle Benutzer
Kopiere nun den kompletten Inhalt aus der untenstehenden Codebox in die Textbox von OTL - wenn OTL auf deutsch ist wird sie mit beschriftet

Code:

ATTFilter

netsvcs
msconfig
safebootminimal
safebootnetwork
activex
drivers32
%ALLUSERSPROFILE%\Application Data\*.
%ALLUSERSPROFILE%\Application Data\*.exe /s
%APPDATA%\*.
%APPDATA%\*.exe /s
%SYSTEMDRIVE%\*.exe
/md5start
wininit.exe
userinit.exe
eventlog.dll
scecli.dll
netlogon.dll
cngaudit.dll
ws2ifsl.sys
sceclt.dll
ntelogon.dll
winlogon.exe
logevent.dll
user32.DLL
iaStor.sys
nvstor.sys
atapi.sys
IdeChnDr.sys
viasraid.sys
AGP440.sys
vaxscsi.sys
nvatabus.sys
viamraid.sys
nvata.sys
nvgts.sys
iastorv.sys
ViPrt.sys
eNetHook.dll
ahcix86.sys
KR10N.sys
nvstor32.sys
ahcix86s.sys
/md5stop
%systemroot%\system32\drivers\*.sys /lockedfiles
%systemroot%\System32\config\*.sav
%systemroot%\*. /mp /s
%systemroot%\system32\*.dll /lockedfiles
CREATERESTOREPOINT

Schliesse bitte nun alle Programme. (Wichtig)
Klicke nun bitte auf den Quick Scan Button.
Klick auf .
Kopiere nun den Inhalt aus OTL.txt hier in Deinen Thread

bootsie · 12.10.2012, 15:16

Hier der OTL-Log vom Custom Scan

Code:

ATTFilter

OTL logfile created on: 12.10.2012 15:35:08 - Run 2
OTL by OldTimer - Version 3.2.69.0     Folder = C:\Users\***\Desktop
 Ultimate Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
 
1,99 Gb Total Physical Memory | 1,29 Gb Available Physical Memory | 64,65% Memory free
3,98 Gb Paging File | 3,10 Gb Available in Paging File | 77,87% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 148,10 Gb Total Space | 53,83 Gb Free Space | 36,35% Space Free | Partition Type: NTFS
Drive D: | 73,07 Gb Total Space | 17,87 Gb Free Space | 24,45% Space Free | Partition Type: NTFS
 
Computer Name: ***-PC | User Name: *** | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users | Quick Scan
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days
 
========== Processes (SafeList) ==========
 
PRC - [2012.10.12 15:31:42 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\***\Desktop\OTL.exe
PRC - [2012.08.31 16:02:02 | 002,754,984 | ---- | M] (TeamViewer GmbH) -- C:\Programme\TeamViewer\Version7\TeamViewer_Service.exe
PRC - [2012.03.24 22:00:34 | 003,246,040 | ---- | M] (Acronis) -- C:\Programme\Common Files\Acronis\CDP\afcdpsrv.exe
PRC - [2012.03.07 15:40:34 | 000,913,144 | ---- | M] (ESET) -- C:\Programme\ESET\ESET NOD32 Antivirus\ekrn.exe
PRC - [2012.03.07 15:40:28 | 003,117,344 | ---- | M] (ESET) -- C:\Programme\ESET\ESET NOD32 Antivirus\egui.exe
PRC - [2011.09.16 16:51:28 | 000,671,552 | ---- | M] (TuneUp Software) -- C:\Programme\TuneUp Utilities 2011\TuneUpUtilitiesApp32.exe
PRC - [2011.09.16 16:48:46 | 001,526,080 | ---- | M] (TuneUp Software) -- C:\Programme\TuneUp Utilities 2011\TuneUpUtilitiesService32.exe
PRC - [2011.08.01 15:56:42 | 001,821,576 | ---- | M] (Microsoft Corporation) -- C:\Programme\Microsoft IntelliPoint\ipoint.exe
PRC - [2011.06.29 17:22:02 | 002,468,168 | ---- | M] (O&O Software GmbH) -- C:\Programme\OO Software\Defrag\oodag.exe
PRC - [2011.05.25 00:18:08 | 000,395,344 | ---- | M] (Acronis) -- C:\Programme\Common Files\Acronis\Schedule2\schedhlp.exe
PRC - [2011.05.25 00:18:02 | 000,805,032 | ---- | M] (Acronis) -- C:\Programme\Common Files\Acronis\Schedule2\schedul2.exe
PRC - [2011.05.25 00:17:06 | 005,587,608 | ---- | M] (Acronis) -- C:\Programme\Acronis\TrueImageHome\TrueImageMonitor.exe
PRC - [2011.02.25 07:30:54 | 002,616,320 | ---- | M] (Microsoft Corporation) -- C:\Windows\explorer.exe
PRC - [2010.11.20 04:17:58 | 001,121,792 | ---- | M] (Microsoft Corporation) -- C:\Programme\Windows Media Player\wmpnetwk.exe
PRC - [2010.11.20 04:17:48 | 000,049,152 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\taskhost.exe
PRC - [2010.11.20 04:17:42 | 001,174,016 | ---- | M] (Microsoft Corporation) -- C:\Programme\Windows Sidebar\sidebar.exe
PRC - [2010.02.09 16:43:16 | 002,621,440 | R--- | M] (Brother Industries, Ltd.) -- C:\Programme\Browny02\Brother\BrStMonW.exe
PRC - [2010.01.25 08:22:56 | 000,245,760 | ---- | M] (Brother Industries, Ltd.) -- C:\Programme\Browny02\BrYNSvc.exe
PRC - [2009.10.26 14:46:54 | 001,458,176 | ---- | M] (Motorola Inc.) -- C:\Programme\Motorola\SMSERIAL\sm56hlpr.exe
 
 
========== Modules (No Company Name) ==========
 
MOD - [2011.05.28 22:04:56 | 000,140,288 | ---- | M] () -- C:\Programme\WinRAR\RarExt.dll
MOD - [2011.05.25 00:16:26 | 011,204,288 | ---- | M] () -- C:\Programme\Acronis\TrueImageHome\Common\ti_managers.dll
MOD - [2011.03.17 00:11:16 | 004,297,568 | ---- | M] () -- C:\Programme\Common Files\microsoft shared\OFFICE14\Cultures\OFFICE.ODF
MOD - [2009.02.27 16:38:20 | 000,139,264 | R--- | M] () -- C:\Programme\Brother\BrUtilities\BrLogAPI.dll
 
 
========== Services (SafeList) ==========
 
SRV - [2012.09.09 15:51:04 | 000,114,144 | ---- | M] (Mozilla Foundation) [On_Demand | Stopped] -- C:\Programme\Mozilla Maintenance Service\maintenanceservice.exe -- (MozillaMaintenance)
SRV - [2012.08.31 16:02:02 | 002,754,984 | ---- | M] (TeamViewer GmbH) [Auto | Running] -- C:\Programme\TeamViewer\Version7\TeamViewer_Service.exe -- (TeamViewer7)
SRV - [2012.03.24 22:00:34 | 003,246,040 | ---- | M] (Acronis) [Auto | Running] -- C:\Programme\Common Files\Acronis\CDP\afcdpsrv.exe -- (afcdpsrv)
SRV - [2012.03.07 15:40:34 | 000,913,144 | ---- | M] (ESET) [Auto | Running] -- C:\Programme\ESET\ESET NOD32 Antivirus\ekrn.exe -- (ekrn)
SRV - [2011.09.16 16:48:46 | 001,526,080 | ---- | M] (TuneUp Software) [Auto | Running] -- C:\Programme\TuneUp Utilities 2011\TuneUpUtilitiesService32.exe -- (TuneUp.UtilitiesSvc)
SRV - [2011.09.16 16:44:28 | 000,029,504 | ---- | M] (TuneUp Software) [Auto | Running] -- C:\Windows\System32\uxtuneup.dll -- (UxTuneUp)
SRV - [2011.06.29 17:22:02 | 002,468,168 | ---- | M] (O&O Software GmbH) [Auto | Running] -- C:\Programme\OO Software\Defrag\oodag.exe -- (OODefragAgent)
SRV - [2011.06.12 11:15:00 | 031,125,880 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Program Files\Microsoft Office\Office14\GROOVE.EXE -- (Microsoft SharePoint Workspace Audit Service)
SRV - [2011.05.25 00:18:02 | 000,805,032 | ---- | M] (Acronis) [Auto | Running] -- C:\Programme\Common Files\Acronis\Schedule2\schedul2.exe -- (AcrSch2Svc)
SRV - [2010.11.20 04:17:58 | 001,121,792 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Programme\Windows Media Player\wmpnetwk.exe -- (WMPNetworkSvc)
SRV - [2010.01.25 08:22:56 | 000,245,760 | ---- | M] (Brother Industries, Ltd.) [On_Demand | Running] -- C:\Programme\Browny02\BrYNSvc.exe -- (BrYNSvc)
SRV - [2010.01.09 21:37:50 | 004,640,000 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Programme\Common Files\microsoft shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE -- (osppsvc)
SRV - [2010.01.09 21:18:00 | 000,149,352 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Programme\Common Files\microsoft shared\Source Engine\OSE.EXE -- (ose)
SRV - [2009.07.14 03:16:13 | 000,025,088 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\sensrsvc.dll -- (SensrSvc)
SRV - [2009.07.14 03:16:12 | 001,004,544 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\PeerDistSvc.dll -- (PeerDistSvc)
SRV - [2009.07.14 03:15:41 | 000,680,960 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Programme\Windows Defender\MpSvc.dll -- (WinDefend)
SRV - [2003.04.18 19:06:26 | 000,008,192 | ---- | M] () [Auto | Stopped] -- C:\Windows\System32\srvany.exe -- (KMService)
 
 
========== Driver Services (SafeList) ==========
 
DRV - File not found [Kernel | On_Demand | Stopped] -- System32\drivers\rdvgkmd.sys -- (VGPU)
DRV - File not found [Kernel | On_Demand | Stopped] -- system32\drivers\tsusbhub.sys -- (tsusbhub)
DRV - File not found [Kernel | On_Demand | Stopped] -- System32\drivers\synth3dvsc.sys -- (Synth3dVsc)
DRV - [2012.03.24 22:00:35 | 000,167,968 | ---- | M] (Acronis) [File_System | On_Demand | Running] -- C:\Windows\System32\drivers\afcdp.sys -- (afcdp)
DRV - [2012.03.24 22:00:31 | 000,752,128 | ---- | M] (Acronis) [Kernel | Boot | Running] -- C:\Windows\System32\drivers\tdrpm273.sys -- (tdrpman273)
DRV - [2012.03.24 22:00:29 | 000,600,928 | ---- | M] (Acronis) [Kernel | Boot | Running] -- C:\Windows\System32\drivers\timntr.sys -- (timounter)
DRV - [2012.03.24 22:00:23 | 000,170,528 | ---- | M] (Acronis) [Kernel | Boot | Running] -- C:\Windows\System32\drivers\snapman.sys -- (snapman)
DRV - [2012.03.14 08:40:02 | 000,169,080 | ---- | M] (ESET) [File_System | System | Running] -- C:\Windows\System32\drivers\eamonm.sys -- (eamonm)
DRV - [2012.03.14 08:40:02 | 000,120,152 | ---- | M] (ESET) [Kernel | System | Running] -- C:\Windows\System32\drivers\ehdrv.sys -- (ehdrv)
DRV - [2012.03.14 08:40:02 | 000,103,112 | ---- | M] (ESET) [Kernel | Auto | Running] -- C:\Windows\System32\drivers\epfwwfpr.sys -- (epfwwfpr)
DRV - [2011.10.02 19:35:47 | 000,232,512 | ---- | M] (DT Soft Ltd) [Kernel | System | Running] -- C:\Windows\System32\drivers\dtsoftbus01.sys -- (dtsoftbus01)
DRV - [2011.06.06 16:03:54 | 000,010,064 | ---- | M] (TuneUp Software) [Kernel | On_Demand | Running] -- C:\Programme\TuneUp Utilities 2011\TuneUpUtilitiesDriver32.sys -- (TuneUpUtilitiesDrv)
DRV - [2010.11.20 04:30:16 | 000,175,360 | ---- | M] (Microsoft Corporation) [Kernel | Boot | Running] -- C:\Windows\System32\drivers\vmbus.sys -- (vmbus)
DRV - [2010.11.20 04:30:16 | 000,040,704 | ---- | M] (Microsoft Corporation) [Kernel | Boot | Running] -- C:\Windows\System32\drivers\vmstorfl.sys -- (storflt)
DRV - [2010.11.20 04:30:16 | 000,028,032 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\storvsc.sys -- (storvsc)
DRV - [2010.11.20 02:24:42 | 000,052,224 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\TsUsbFlt.sys -- (TsUsbFlt)
DRV - [2010.11.20 02:21:16 | 000,015,872 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\rdpvideominiport.sys -- (RdpVideoMiniport)
DRV - [2010.11.20 01:59:46 | 000,035,968 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\winusb.sys -- (WinUsb)
DRV - [2010.11.20 01:14:46 | 000,017,920 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\VMBusHID.sys -- (VMBusHID)
DRV - [2010.11.20 01:14:42 | 000,005,632 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\vms3cap.sys -- (s3cap)
DRV - [2009.10.26 15:09:06 | 001,095,936 | ---- | M] (Motorola Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\smserial.sys -- (smserial)
DRV - [2009.07.14 00:02:51 | 004,231,168 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\netw5v32.sys -- (netw5v32)
 
 
========== Standard Registry (SafeList) ==========
 
 
========== Internet Explorer ==========
 
IE - HKLM\..\SearchScopes,DefaultScope = 
 
 
IE - HKU\.DEFAULT\..\SearchScopes,DefaultScope = 
IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
 
IE - HKU\S-1-5-18\..\SearchScopes,DefaultScope = 
IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
 
IE - HKU\S-1-5-19\..\SearchScopes,DefaultScope = 
 
IE - HKU\S-1-5-20\..\SearchScopes,DefaultScope = 
 
IE - HKU\S-1-5-21-2411468370-942828688-1296837544-1000\..\SearchScopes,DefaultScope = 
IE - HKU\S-1-5-21-2411468370-942828688-1296837544-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
 
========== FireFox ==========
 
FF - prefs.js..browser.search.selectedEngine: "Wikipedia (de)"
FF - prefs.js..browser.search.useDBForOrder: true
FF - prefs.js..browser.startup.homepage: "www.google.de"
FF - prefs.js..extensions.enabledAddons: exify@dev13.version:1.2
FF - prefs.js..extensions.enabledAddons: {CAFEEFAC-0016-0000-0035-ABCDEFFEDCBA}:6.0.35
FF - prefs.js..extensions.enabledAddons: {73a6fe31-595d-460b-a920-fcc0f8843232}:2.5.6
FF - user.js - File not found
 
FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF32_11_4_402_278.dll ()
FF - HKLM\Software\MozillaPlugins\@foxitsoftware.com/Foxit Reader Plugin,version=1.0,application/pdf: C:\Program Files\Foxit Software\Foxit Reader\plugins\npFoxitReaderPlugin.dll (Foxit Corporation)
FF - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=1.6.0_35: C:\Windows\system32\npdeployJava1.dll (Sun Microsystems, Inc.)
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files\Java\jre6\bin\plugin2\npjp2.dll (Sun Microsystems, Inc.)
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files\Microsoft Silverlight\5.1.10411.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeAuthz,version=14.0: C:\PROGRA~1\MICROS~2\Office14\NPAUTHZ.DLL (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/SharePoint,version=14.0: C:\PROGRA~1\MICROS~2\Office14\NPSPWRAP.DLL (Microsoft Corporation)
 
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 15.0\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2012.09.09 15:51:04 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Thunderbird\Extensions\\eplgTb@eset.com: C:\Program Files\ESET\ESET NOD32 Antivirus\Mozilla Thunderbird [2012.06.11 16:33:04 | 000,000,000 | ---D | M]
FF - HKEY_CURRENT_USER\software\mozilla\Mozilla Firefox 15.0.1\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2012.09.09 15:51:04 | 000,000,000 | ---D | M]
 
[2011.10.02 20:00:22 | 000,000,000 | ---D | M] (No name found) -- C:\Users\***\AppData\Roaming\mozilla\Extensions
[2012.10.12 15:26:39 | 000,000,000 | ---D | M] (No name found) -- C:\Users\***\AppData\Roaming\mozilla\Firefox\Profiles\ag29r8e1.default\extensions
[2012.10.12 15:26:39 | 000,000,000 | ---D | M] (No name found) -- C:\Users\***\AppData\Roaming\mozilla\Firefox\Profiles\ag29r8e1.default\extensions\staged
[2012.07.19 15:26:45 | 000,010,220 | ---- | M] () (No name found) -- C:\Users\***\AppData\Roaming\mozilla\firefox\profiles\ag29r8e1.default\extensions\exify@dev13.version.xpi
[2012.09.26 19:55:31 | 000,529,316 | ---- | M] () (No name found) -- C:\Users\***\AppData\Roaming\mozilla\firefox\profiles\ag29r8e1.default\extensions\{73a6fe31-595d-460b-a920-fcc0f8843232}.xpi
[2012.07.25 20:14:16 | 000,741,958 | ---- | M] () (No name found) -- C:\Users\***\AppData\Roaming\mozilla\firefox\profiles\ag29r8e1.default\extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}.xpi
[2012.10.12 15:26:39 | 000,529,404 | ---- | M] () (No name found) -- C:\Users\***\AppData\Roaming\mozilla\firefox\profiles\ag29r8e1.default\extensions\staged\{73a6fe31-595d-460b-a920-fcc0f8843232}.xpi
[2011.10.26 21:02:19 | 000,002,321 | ---- | M] () -- C:\Users\***\AppData\Roaming\mozilla\firefox\profiles\ag29r8e1.default\searchplugins\dictcc.xml
[2012.09.24 11:11:16 | 000,000,000 | ---D | M] (No name found) -- C:\Programme\Mozilla Firefox\extensions
[2012.09.09 15:51:01 | 000,000,000 | ---D | M] (Java Console) -- C:\Programme\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0033-ABCDEFFEDCBA}
[2012.09.24 11:11:16 | 000,000,000 | ---D | M] (Java Console) -- C:\Programme\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0035-ABCDEFFEDCBA}
[2012.09.24 11:11:16 | 000,000,000 | ---D | M] (Java Console) -- C:\PROGRAM FILES\MOZILLA FIREFOX\EXTENSIONS\{CAFEEFAC-0016-0000-0035-ABCDEFFEDCBA}
[2012.09.09 15:51:04 | 000,266,720 | ---- | M] (Mozilla Foundation) -- C:\Program Files\mozilla firefox\components\browsercomps.dll
[2011.09.29 03:24:37 | 000,001,392 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\amazondotcom-de.xml
[2012.08.31 19:36:34 | 000,002,465 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\bing.xml
[2011.09.29 03:24:37 | 000,001,153 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\eBay-de.xml
[2011.09.29 03:24:37 | 000,006,805 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\leo_ende_de.xml
[2011.09.29 03:24:37 | 000,001,178 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\wikipedia-de.xml
[2011.09.29 03:24:37 | 000,001,105 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\yahoo-de.xml
 
O1 HOSTS File: ([2009.06.10 23:39:37 | 000,000,824 | ---- | M]) - C:\Windows\System32\drivers\etc\hosts
O2 - BHO: (Groove GFS Browser Helper) - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Programme\Microsoft Office\Office14\GROOVEEX.DLL (Microsoft Corporation)
O2 - BHO: (Java(tm) Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Programme\Java\jre6\bin\ssv.dll (Sun Microsystems, Inc.)
O2 - BHO: (Office Document Cache Handler) - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\Programme\Microsoft Office\Office14\URLREDIR.DLL (Microsoft Corporation)
O4 - HKLM..\Run: [Acronis Scheduler2 Service] C:\Program Files\Common Files\Acronis\Schedule2\schedhlp.exe (Acronis)
O4 - HKLM..\Run: [BCSSync] C:\Program Files\Microsoft Office\Office14\BCSSync.exe (Microsoft Corporation)
O4 - HKLM..\Run: [BrStsMon00] C:\Program Files\Browny02\Brother\BrStMonW.exe (Brother Industries, Ltd.)
O4 - HKLM..\Run: [ControlCenter3] C:\Program Files\Brother\ControlCenter3\brctrcen.exe (Brother Industries, Ltd.)
O4 - HKLM..\Run: [egui] C:\Program Files\ESET\ESET NOD32 Antivirus\egui.exe (ESET)
O4 - HKLM..\Run: [Nikon Message Center 2] C:\Program Files\Nikon\Nikon Message Center 2\NkMC2.exe (Nikon Corporation)
O4 - HKLM..\Run: [SMSERIAL] C:\Programme\Motorola\SMSERIAL\sm56hlpr.exe (Motorola Inc.)
O4 - HKLM..\Run: [TrueImageMonitor.exe] C:\Program Files\Acronis\TrueImageHome\TrueImageMonitor.exe (Acronis)
O4 - HKU\S-1-5-19..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (Microsoft Corporation)
O4 - HKU\S-1-5-20..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (Microsoft Corporation)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableLinkedConnections = 1
O8 - Extra context menu item: Nach Microsoft E&xcel exportieren - C:\Programme\Microsoft Office\Office14\EXCEL.EXE (Microsoft Corporation)
O13 - gopher Prefix: missing
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_35-windows-i586.cab (Java Plug-in 1.6.0_35)
O16 - DPF: {CAFEEFAC-0016-0000-0035-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_35-windows-i586.cab (Java Plug-in 1.6.0_35)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_35-windows-i586.cab (Java Plug-in 1.6.0_35)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{5C8C8976-08FC-47A3-8DB5-8A7EE292395D}: DhcpNameServer = 192.168.1.1
O18 - Protocol\Handler\ms-help {314111c7-a502-11d2-bbca-00c04f8ec294} - C:\Programme\Common Files\microsoft shared\Help\hxds.dll (Microsoft Corporation)
O18 - Protocol\Filter\text/xml {807573E5-5146-11D5-A672-00B0D022E945} - C:\Programme\Common Files\microsoft shared\OFFICE14\MSOXMLMF.DLL (Microsoft Corporation)
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\System32\userinit.exe (Microsoft Corporation)
O20 - HKLM Winlogon: VMApplet - (SystemPropertiesPerformance.exe) - C:\Windows\System32\SystemPropertiesPerformance.exe (Microsoft Corporation)
O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O28 - HKLM ShellExecuteHooks: {B5A7F190-DDA6-4420-B3BA-52453494E6CD} - C:\Programme\Microsoft Office\Office14\GROOVEEX.DLL (Microsoft Corporation)
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2009.06.10 23:42:20 | 000,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ]
O34 - HKLM BootExecute: (autocheck autochk *)
O34 - HKLM BootExecute: (OODBS)
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)
O38 - SubSystems\\Windows: (ServerDll=sxssrv,4)
 
NetSvcs: FastUserSwitchingCompatibility -  File not found
NetSvcs: Ias - C:\Windows\System32\ias.dll (Microsoft Corporation)
NetSvcs: Nla -  File not found
NetSvcs: Ntmssvc -  File not found
NetSvcs: NWCWorkstation -  File not found
NetSvcs: Nwsapagent -  File not found
NetSvcs: SRService -  File not found
NetSvcs: UxTuneUp - C:\Windows\System32\uxtuneup.dll (TuneUp Software)
NetSvcs: WmdmPmSp -  File not found
NetSvcs: LogonHours -  File not found
NetSvcs: PCAudit -  File not found
NetSvcs: helpsvc -  File not found
NetSvcs: uploadmgr -  File not found
 
 
SafeBootMin: Base - Driver Group
SafeBootMin: Boot Bus Extender - Driver Group
SafeBootMin: Boot file system - Driver Group
SafeBootMin: File system - Driver Group
SafeBootMin: Filter - Driver Group
SafeBootMin: HelpSvc - Service
SafeBootMin: NTDS -  File not found
SafeBootMin: PCI Configuration - Driver Group
SafeBootMin: PNP Filter - Driver Group
SafeBootMin: Primary disk - Driver Group
SafeBootMin: sacsvr - Service
SafeBootMin: SCSI Class - Driver Group
SafeBootMin: System Bus Extender - Driver Group
SafeBootMin: vmms - Service
SafeBootMin: WinDefend - C:\Programme\Windows Defender\MpSvc.dll (Microsoft Corporation)
SafeBootMin: {36FC9E60-C465-11CF-8056-444553540000} - Universal Serial Bus controllers
SafeBootMin: {4D36E965-E325-11CE-BFC1-08002BE10318} - CD-ROM Drive
SafeBootMin: {4D36E967-E325-11CE-BFC1-08002BE10318} - DiskDrive
SafeBootMin: {4D36E969-E325-11CE-BFC1-08002BE10318} - Standard floppy disk controller
SafeBootMin: {4D36E96A-E325-11CE-BFC1-08002BE10318} - Hdc
SafeBootMin: {4D36E96B-E325-11CE-BFC1-08002BE10318} - Keyboard
SafeBootMin: {4D36E96F-E325-11CE-BFC1-08002BE10318} - Mouse
SafeBootMin: {4D36E977-E325-11CE-BFC1-08002BE10318} - PCMCIA Adapters
SafeBootMin: {4D36E97B-E325-11CE-BFC1-08002BE10318} - SCSIAdapter
SafeBootMin: {4D36E97D-E325-11CE-BFC1-08002BE10318} - System
SafeBootMin: {4D36E980-E325-11CE-BFC1-08002BE10318} - Floppy disk drive
SafeBootMin: {533C5B84-EC70-11D2-9505-00C04F79DEAF} - Volume shadow copy
SafeBootMin: {6BDD1FC1-810F-11D0-BEC7-08002BE2092F} - IEEE 1394 Bus host controllers
SafeBootMin: {71A27CDD-812A-11D0-BEC7-08002BE2092F} - Volume
SafeBootMin: {745A17A0-74D3-11D0-B6FE-00A0C90F57DA} - Human Interface Devices
SafeBootMin: {D48179BE-EC20-11D1-B6B8-00C04FA372A7} - SBP2 IEEE 1394 Devices
SafeBootMin: {D94EE5D8-D189-4994-83D2-F68D7D41B0E6} - SecurityDevices
 
SafeBootNet: Base - Driver Group
SafeBootNet: Boot Bus Extender - Driver Group
SafeBootNet: Boot file system - Driver Group
SafeBootNet: File system - Driver Group
SafeBootNet: Filter - Driver Group
SafeBootNet: HelpSvc - Service
SafeBootNet: Messenger - Service
SafeBootNet: NDIS Wrapper - Driver Group
SafeBootNet: NetBIOSGroup - Driver Group
SafeBootNet: NetDDEGroup - Driver Group
SafeBootNet: Network - Driver Group
SafeBootNet: NetworkProvider - Driver Group
SafeBootNet: NTDS -  File not found
SafeBootNet: PCI Configuration - Driver Group
SafeBootNet: PNP Filter - Driver Group
SafeBootNet: PNP_TDI - Driver Group
SafeBootNet: Primary disk - Driver Group
SafeBootNet: rdsessmgr - Service
SafeBootNet: sacsvr - Service
SafeBootNet: SCSI Class - Driver Group
SafeBootNet: Streams Drivers - Driver Group
SafeBootNet: System Bus Extender - Driver Group
SafeBootNet: TDI - Driver Group
SafeBootNet: vmms - Service
SafeBootNet: WinDefend - C:\Programme\Windows Defender\MpSvc.dll (Microsoft Corporation)
SafeBootNet: WudfUsbccidDriver - Driver
SafeBootNet: {36FC9E60-C465-11CF-8056-444553540000} - Universal Serial Bus controllers
SafeBootNet: {4D36E965-E325-11CE-BFC1-08002BE10318} - CD-ROM Drive
SafeBootNet: {4D36E967-E325-11CE-BFC1-08002BE10318} - DiskDrive
SafeBootNet: {4D36E969-E325-11CE-BFC1-08002BE10318} - Standard floppy disk controller
SafeBootNet: {4D36E96A-E325-11CE-BFC1-08002BE10318} - Hdc
SafeBootNet: {4D36E96B-E325-11CE-BFC1-08002BE10318} - Keyboard
SafeBootNet: {4D36E96F-E325-11CE-BFC1-08002BE10318} - Mouse
SafeBootNet: {4D36E972-E325-11CE-BFC1-08002BE10318} - Net
SafeBootNet: {4D36E973-E325-11CE-BFC1-08002BE10318} - NetClient
SafeBootNet: {4D36E974-E325-11CE-BFC1-08002BE10318} - NetService
SafeBootNet: {4D36E975-E325-11CE-BFC1-08002BE10318} - NetTrans
SafeBootNet: {4D36E977-E325-11CE-BFC1-08002BE10318} - PCMCIA Adapters
SafeBootNet: {4D36E97B-E325-11CE-BFC1-08002BE10318} - SCSIAdapter
SafeBootNet: {4D36E97D-E325-11CE-BFC1-08002BE10318} - System
SafeBootNet: {4D36E980-E325-11CE-BFC1-08002BE10318} - Floppy disk drive
SafeBootNet: {50DD5230-BA8A-11D1-BF5D-0000F805F530} - Smart card readers
SafeBootNet: {533C5B84-EC70-11D2-9505-00C04F79DEAF} - Volume shadow copy
SafeBootNet: {6BDD1FC1-810F-11D0-BEC7-08002BE2092F} - IEEE 1394 Bus host controllers
SafeBootNet: {71A27CDD-812A-11D0-BEC7-08002BE2092F} - Volume
SafeBootNet: {745A17A0-74D3-11D0-B6FE-00A0C90F57DA} - Human Interface Devices
SafeBootNet: {D48179BE-EC20-11D1-B6B8-00C04FA372A7} - SBP2 IEEE 1394 Devices
SafeBootNet: {D94EE5D8-D189-4994-83D2-F68D7D41B0E6} - SecurityDevices
 
ActiveX: {08B0E5C0-4FCB-11CF-AAA5-00401C608500} - Java (Sun)
ActiveX: {22d6f312-b0f6-11d0-94ab-0080c74c7e95} - Microsoft Windows Media Player 12.0
ActiveX: {25FFAAD0-F4A3-4164-95FF-4461E9F35D51} - .NET Framework
ActiveX: {2C7339CF-2B09-4501-B3F3-F3508C9228ED} - %SystemRoot%\system32\regsvr32.exe /s /n /i:/UserInstall %SystemRoot%\system32\themeui.dll
ActiveX: {3af36230-a269-11d1-b5bf-0000f8051515} - Offline Browsing Pack
ActiveX: {3C3901C5-3455-3E0A-A214-0B093A5070A6} - .NET Framework
ActiveX: {44BBA840-CC51-11CF-AAFA-00AA00B6015C} - "%ProgramFiles%\Windows Mail\WinMail.exe" OCInstallUserConfigOE
ActiveX: {44BBA855-CC51-11CF-AAFA-00AA00B6015F} - DirectDrawEx
ActiveX: {45ea75a0-a269-11d1-b5bf-0000f8051515} - Internet Explorer Help
ActiveX: {4f645220-306d-11d2-995d-00c04f98bbc9} - Microsoft Windows Script 5.6
ActiveX: {5fd399c0-a70a-11d1-9948-00c04f98bbc9} - Internet Explorer Setup Tools
ActiveX: {630b1da0-b465-11d1-9948-00c04f98bbc9} - Browsing Enhancements
ActiveX: {6BF52A52-394A-11d3-B153-00C04F79FAA6} - Microsoft Windows Media Player
ActiveX: {6fab99d0-bab8-11d1-994a-00c04f98bbc9} - MSN Site Access
ActiveX: {7790769C-0471-11d2-AF11-00C04FA35D02} - Address Book 7
ActiveX: {7C028AF8-F614-47B3-82DA-BA94E41B1089} - .NET Framework
ActiveX: {89820200-ECBD-11cf-8B85-00AA005B4340} - regsvr32.exe /s /n /i:U shell32.dll
ActiveX: {89820200-ECBD-11cf-8B85-00AA005B4383} - C:\Windows\System32\ie4uinit.exe -BaseSettings
ActiveX: {89B4C1CD-B018-4511-B0A1-5476DBF70820} - C:\Windows\system32\Rundll32.exe C:\Windows\system32\mscories.dll,Install
ActiveX: {9381D8F2-0288-11D0-9501-00AA00B911A5} - Dynamic HTML Data Binding
ActiveX: {C9E9A340-D1F1-11D0-821E-444553540600} - Internet Explorer Core Fonts
ActiveX: {de5aed00-a4bf-11d1-9948-00c04f98bbc9} - HTML Help
ActiveX: {E92B03AB-B707-11d2-9CBD-0000F87A369E} - Active Directory Service Interface
ActiveX: >{22d6f312-b0f6-11d0-94ab-0080c74c7e95} - %SystemRoot%\system32\unregmp2.exe /ShowWMP
ActiveX: >{26923b43-4d38-484f-9b9e-de460746276c} - C:\Windows\System32\ie4uinit.exe -UserIconConfig
ActiveX: >{60B49E34-C7CC-11D0-8953-00A0C90347FF} - "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\iedkcs32.dll",BrandIEActiveSetup SIGNUP
 
Drivers32: msacm.l3acm - C:\Windows\System32\l3codeca.acm (Fraunhofer Institut Integrierte Schaltungen IIS)
Drivers32: vidc.cvid - C:\Windows\System32\iccvid.dll (Radius Inc.)
Drivers32: wave1 - C:\Windows\System32\serwvdrv.dll (Microsoft Corporation)
 
CREATERESTOREPOINT
Restore point Set: OTL Restore Point
 
========== Files/Folders - Created Within 30 Days ==========
 
[2012.10.12 15:31:30 | 000,602,112 | ---- | C] (OldTimer Tools) -- C:\Users\***\Desktop\OTL.exe
[2012.10.07 12:01:43 | 000,000,000 | ---D | C] -- C:\Users\***\AppData\Roaming\Malwarebytes
[2012.10.07 12:01:05 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes' Anti-Malware
[2012.10.07 12:01:04 | 000,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes
[2012.10.07 12:01:02 | 000,022,856 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbam.sys
[2012.10.07 12:01:01 | 000,000,000 | ---D | C] -- C:\Program Files\Malwarebytes' Anti-Malware
[2012.10.03 14:41:05 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Foxit Reader
[2012.09.30 17:42:44 | 000,000,000 | ---D | C] -- C:\Users\***\AppData\Roaming\codeblocks
[2012.09.16 19:04:30 | 000,000,000 | ---D | C] -- C:\Users\***\Desktop\Auto
 
========== Files - Modified Within 30 Days ==========
 
[2012.10.12 15:31:42 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\***\Desktop\OTL.exe
[2012.10.12 15:26:58 | 000,014,016 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
[2012.10.12 15:26:58 | 000,014,016 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
[2012.10.12 15:21:07 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2012.10.12 15:21:05 | 1603,084,288 | -HS- | M] () -- C:\hiberfil.sys
[2012.10.12 15:21:04 | 000,588,236 | ---- | M] () -- C:\Windows\System32\oodbs.lor
[2012.10.08 18:46:42 | 000,538,327 | ---- | M] () -- C:\Users\***\Desktop\adwcleaner.exe
[2012.10.07 12:01:05 | 000,001,067 | ---- | M] () -- C:\Users\Public\Desktop\ Malwarebytes Anti-Malware .lnk
[2012.10.06 15:33:28 | 000,302,592 | ---- | M] () -- C:\Users\***\Desktop\4bubqbt3.exe
[2012.10.06 14:24:47 | 000,000,000 | ---- | M] () -- C:\Users\***\defogger_reenable
[2012.10.06 14:22:40 | 000,050,477 | ---- | M] () -- C:\Users\***\Desktop\Defogger.exe
[2012.10.03 14:41:05 | 000,001,096 | ---- | M] () -- C:\Users\Public\Desktop\Foxit Reader.lnk
[2012.09.30 12:27:51 | 000,654,166 | ---- | M] () -- C:\Windows\System32\perfh007.dat
[2012.09.30 12:27:51 | 000,616,008 | ---- | M] () -- C:\Windows\System32\perfh009.dat
[2012.09.30 12:27:51 | 000,130,006 | ---- | M] () -- C:\Windows\System32\perfc007.dat
[2012.09.30 12:27:51 | 000,106,388 | ---- | M] () -- C:\Windows\System32\perfc009.dat
[2012.09.25 17:24:56 | 000,856,104 | R--- | M] () -- C:\Users\***\Desktop\TB396A-BoardingPass.pdf
[2012.09.23 18:15:15 | 001,049,024 | ---- | M] () -- C:\Users\***\Desktop\Gliederung.jpg
[2012.09.23 18:13:55 | 003,428,646 | ---- | M] () -- C:\Users\***\Desktop\Deckblatt.jpg
 
========== Files Created - No Company Name ==========
 
[2012.10.08 18:46:40 | 000,538,327 | ---- | C] () -- C:\Users\***\Desktop\adwcleaner.exe
[2012.10.07 12:01:05 | 000,001,067 | ---- | C] () -- C:\Users\Public\Desktop\ Malwarebytes Anti-Malware .lnk
[2012.10.06 15:33:23 | 000,302,592 | ---- | C] () -- C:\Users\***\Desktop\4bubqbt3.exe
[2012.10.06 14:24:47 | 000,000,000 | ---- | C] () -- C:\Users\***\defogger_reenable
[2012.10.06 14:22:38 | 000,050,477 | ---- | C] () -- C:\Users\***\Desktop\Defogger.exe
[2012.10.03 14:41:05 | 000,001,096 | ---- | C] () -- C:\Users\Public\Desktop\Foxit Reader.lnk
[2012.09.25 17:24:57 | 000,856,104 | R--- | C] () -- C:\Users\***\Desktop\TB396A-BoardingPass.pdf
[2012.09.23 18:15:15 | 001,049,024 | ---- | C] () -- C:\Users\***\Desktop\Gliederung.jpg
[2012.09.23 18:13:55 | 003,428,646 | ---- | C] () -- C:\Users\***\Desktop\Deckblatt.jpg
[2012.07.23 20:22:23 | 000,007,302 | ---- | C] () -- C:\Users\***\AppData\Local\recently-used.xbel
[2012.07.05 19:39:23 | 000,000,050 | ---- | C] () -- C:\Windows\System32\BRIDF10A.DAT
[2012.04.07 10:48:47 | 000,000,268 | RH-- | C] () -- C:\ProgramData\Transportation
[2012.04.07 10:48:47 | 000,000,268 | RH-- | C] () -- C:\Users\***\AppData\Roaming\Textures
[2012.04.07 10:48:47 | 000,000,020 | -H-- | C] () -- C:\ProgramData\PKP_DLck.DAT
[2012.04.07 10:48:44 | 000,000,268 | RH-- | C] () -- C:\ProgramData\Treble Reduction
[2012.04.07 10:48:44 | 000,000,268 | RH-- | C] () -- C:\Users\***\AppData\Roaming\Themes
[2012.04.07 10:17:02 | 000,000,020 | -H-- | C] () -- C:\ProgramData\PKP_DLbx.DAT
[2011.10.03 08:42:02 | 000,000,425 | ---- | C] () -- C:\Windows\BRWMARK.INI
[2011.10.03 08:42:02 | 000,000,027 | ---- | C] () -- C:\Windows\BRPP2KA.INI
[2011.10.03 07:41:04 | 000,000,050 | ---- | C] () -- C:\Windows\System32\bridf07a.dat
[2011.10.02 20:17:22 | 000,140,288 | ---- | C] () -- C:\Windows\System32\igfxtvcx.dll
[2011.10.02 19:55:27 | 000,087,552 | ---- | C] () -- C:\Windows\System32\cpwmon2k.dll
[2011.10.02 19:48:01 | 000,008,192 | ---- | C] () -- C:\Windows\System32\srvany.exe
[2011.10.02 12:22:48 | 000,066,048 | ---- | C] () -- C:\Windows\System32\PrintBrmUi.exe
[2011.10.02 12:22:42 | 000,080,896 | ---- | C] () -- C:\Windows\System32\RDVGHelper.exe
[2011.06.10 06:34:52 | 000,080,416 | ---- | C] () -- C:\Windows\System32\RtNicProp32.dll
 
========== ZeroAccess Check ==========
 
[2009.07.14 06:42:31 | 000,000,227 | RHS- | M] () -- C:\Windows\assembly\Desktop.ini
 
[HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
 
[HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32]
 
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
"" = %SystemRoot%\system32\shell32.dll -- [2012.06.09 06:41:00 | 012,873,728 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment
 
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32]
"" = %systemroot%\system32\wbem\fastprox.dll -- [2010.11.20 04:19:04 | 000,606,208 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free
 
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32]
"" = %systemroot%\system32\wbem\wbemess.dll -- [2009.07.14 03:16:17 | 000,342,528 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Both
 
========== LOP Check ==========
 
[2012.04.06 17:18:36 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\Acronis
[2012.03.24 22:00:36 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\CE4C3F7E-6E0C-4CF9-B52A-AD3311C51236
[2011.10.02 19:38:50 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\DAEMON Tools Lite
[2012.03.13 20:50:37 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\elsterformular
[2012.09.20 15:51:57 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\Foxit Software
[2012.02.21 21:59:15 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\GetRightToGo
[2012.05.24 20:09:45 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\Mp3tag
[2012.04.07 10:48:52 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\Nikon
[2011.12.19 19:45:34 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\TeamViewer
[2011.10.02 21:39:48 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\TuneUp Software
 
========== Purity Check ==========
 
 
 
========== Custom Scans ==========
 
< %ALLUSERSPROFILE%\Application Data\*. >
 
< %ALLUSERSPROFILE%\Application Data\*.exe /s >
 
< %APPDATA%\*. >
[2012.04.06 17:18:36 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\Acronis
[2012.08.02 20:14:48 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\Adobe
[2011.10.03 08:50:42 | 000,000,000 | R--D | M] -- C:\Users\***\AppData\Roaming\Brother
[2012.03.24 22:00:36 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\CE4C3F7E-6E0C-4CF9-B52A-AD3311C51236
[2012.09.30 18:20:35 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\codeblocks
[2011.10.02 19:38:50 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\DAEMON Tools Lite
[2011.12.29 18:08:50 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\DVD Flick
[2012.10.09 21:42:16 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\dvdcss
[2012.03.13 20:50:37 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\elsterformular
[2012.09.20 15:51:57 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\Foxit Software
[2012.02.21 21:59:15 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\GetRightToGo
[2011.10.02 08:17:51 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\Identities
[2011.10.03 08:40:06 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\InstallShield
[2011.10.03 08:17:04 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\Macromedia
[2012.10.07 12:01:43 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\Malwarebytes
[2009.07.14 10:56:41 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\Media Center Programs
[2012.05.01 10:05:39 | 000,000,000 | --SD | M] -- C:\Users\***\AppData\Roaming\Microsoft
[2011.10.02 20:00:22 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\Mozilla
[2012.05.24 20:09:45 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\Mp3tag
[2011.10.25 20:45:35 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\Nero
[2012.04.07 10:48:52 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\Nikon
[2011.12.19 19:45:34 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\TeamViewer
[2011.10.02 21:39:48 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\TuneUp Software
[2012.10.09 21:42:23 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\vlc
[2011.10.25 20:47:11 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\WinRAR
 
< %APPDATA%\*.exe /s >
[2012.04.07 10:23:12 | 000,057,344 | R--- | M] (InstallShield Software Corp.) -- C:\Users\***\AppData\Roaming\Microsoft\Installer\{87441A59-5E64-4096-A170-14EFE67200C3}\ARPPRODUCTICON.exe
 
< %SYSTEMDRIVE%\*.exe >
 
< MD5 for: AGP440.SYS  >
[2009.07.14 03:26:15 | 000,053,312 | ---- | M] (Microsoft Corporation) MD5=507812C3054C21CEF746B6EE3D04DD6E -- C:\Windows\System32\drivers\AGP440.sys
[2009.07.14 03:26:15 | 000,053,312 | ---- | M] (Microsoft Corporation) MD5=507812C3054C21CEF746B6EE3D04DD6E -- C:\Windows\System32\DriverStore\FileRepository\machine.inf_x86_neutral_a97a2a0d0fbc6696\AGP440.sys
[2009.07.14 03:26:15 | 000,053,312 | ---- | M] (Microsoft Corporation) MD5=507812C3054C21CEF746B6EE3D04DD6E -- C:\Windows\winsxs\x86_machine.inf_31bf3856ad364e35_6.1.7601.17514_none_bc1a57271cf2f285\AGP440.sys
 
< MD5 for: ATAPI.SYS  >
[2009.07.14 03:26:15 | 000,021,584 | ---- | M] (Microsoft Corporation) MD5=338C86357871C167A96AB976519BF59E -- C:\Windows\System32\drivers\atapi.sys
[2009.07.14 03:26:15 | 000,021,584 | ---- | M] (Microsoft Corporation) MD5=338C86357871C167A96AB976519BF59E -- C:\Windows\System32\DriverStore\FileRepository\mshdc.inf_x86_neutral_fab873f3e8a3315c\atapi.sys
[2009.07.14 03:26:15 | 000,021,584 | ---- | M] (Microsoft Corporation) MD5=338C86357871C167A96AB976519BF59E -- C:\Windows\winsxs\x86_mshdc.inf_31bf3856ad364e35_6.1.7601.17514_none_df3f92057fcbe7a7\atapi.sys
 
< MD5 for: CNGAUDIT.DLL  >
[2009.07.14 03:15:06 | 000,012,288 | ---- | M] (Microsoft Corporation) MD5=50BA656134F78AF64E4DD3C8B6FEFD7E -- C:\Windows\System32\cngaudit.dll
[2009.07.14 03:15:06 | 000,012,288 | ---- | M] (Microsoft Corporation) MD5=50BA656134F78AF64E4DD3C8B6FEFD7E -- C:\Windows\winsxs\x86_microsoft-windows-cngaudit-dll_31bf3856ad364e35_6.1.7600.16385_none_e83a414890e8132b\cngaudit.dll
 
< MD5 for: IASTORV.SYS  >
[2011.03.11 07:38:51 | 000,332,160 | ---- | M] (Intel Corporation) MD5=5CD5F9A5444E6CDCB0AC89BD62D8B76E -- C:\Windows\System32\drivers\iaStorV.sys
[2011.03.11 07:38:51 | 000,332,160 | ---- | M] (Intel Corporation) MD5=5CD5F9A5444E6CDCB0AC89BD62D8B76E -- C:\Windows\System32\DriverStore\FileRepository\iastorv.inf_x86_neutral_0bcee2057afcc090\iaStorV.sys
[2011.03.11 07:38:51 | 000,332,160 | ---- | M] (Intel Corporation) MD5=5CD5F9A5444E6CDCB0AC89BD62D8B76E -- C:\Windows\winsxs\x86_iastorv.inf_31bf3856ad364e35_6.1.7601.17577_none_b0daddb9e6380745\iaStorV.sys
[2011.03.11 07:28:00 | 000,332,160 | ---- | M] (Intel Corporation) MD5=778D0E6D7D9EBA0C403BADBAAD41DB20 -- C:\Windows\winsxs\x86_iastorv.inf_31bf3856ad364e35_6.1.7601.21680_none_b152a892ff64119f\iaStorV.sys
[2010.11.20 04:29:56 | 000,332,160 | ---- | M] (Intel Corporation) MD5=A3CAE5D281DB4CFF7CFF8233507EE5AD -- C:\Windows\System32\DriverStore\FileRepository\iastorv.inf_x86_neutral_668286aa35d55928\iaStorV.sys
[2010.11.20 04:29:56 | 000,332,160 | ---- | M] (Intel Corporation) MD5=A3CAE5D281DB4CFF7CFF8233507EE5AD -- C:\Windows\winsxs\x86_iastorv.inf_31bf3856ad364e35_6.1.7601.17514_none_b118bc63e60a139a\iaStorV.sys
 
< MD5 for: NETLOGON.DLL  >
[2010.11.20 04:20:30 | 000,563,712 | ---- | M] (Microsoft Corporation) MD5=C1809B9907ADEDAF16F50C894100883B -- C:\Windows\System32\netlogon.dll
[2010.11.20 04:20:30 | 000,563,712 | ---- | M] (Microsoft Corporation) MD5=C1809B9907ADEDAF16F50C894100883B -- C:\Windows\winsxs\x86_microsoft-windows-security-netlogon_31bf3856ad364e35_6.1.7601.17514_none_ffbf212e963c0162\netlogon.dll
 
< MD5 for: NVSTOR.SYS  >
[2011.03.11 07:39:00 | 000,143,744 | ---- | M] (NVIDIA Corporation) MD5=4380E59A170D88C4F1022EFF6719A8A4 -- C:\Windows\System32\drivers\nvstor.sys
[2011.03.11 07:39:00 | 000,143,744 | ---- | M] (NVIDIA Corporation) MD5=4380E59A170D88C4F1022EFF6719A8A4 -- C:\Windows\System32\DriverStore\FileRepository\nvraid.inf_x86_neutral_0276fc3b3ea60d41\nvstor.sys
[2011.03.11 07:39:00 | 000,143,744 | ---- | M] (NVIDIA Corporation) MD5=4380E59A170D88C4F1022EFF6719A8A4 -- C:\Windows\winsxs\x86_nvraid.inf_31bf3856ad364e35_6.1.7601.17577_none_3ba44e691d6eb11d\nvstor.sys
[2011.03.11 07:28:10 | 000,143,744 | ---- | M] (NVIDIA Corporation) MD5=66D468654A58594F5F3BA63D5AD5B1AF -- C:\Windows\winsxs\x86_nvraid.inf_31bf3856ad364e35_6.1.7601.21680_none_3c1c1942369abb77\nvstor.sys
[2010.11.20 04:30:08 | 000,143,744 | ---- | M] (NVIDIA Corporation) MD5=9283C58EBAA2618F93482EB5DABCEC82 -- C:\Windows\System32\DriverStore\FileRepository\nvraid.inf_x86_neutral_dd659ed032d28a14\nvstor.sys
[2010.11.20 04:30:08 | 000,143,744 | ---- | M] (NVIDIA Corporation) MD5=9283C58EBAA2618F93482EB5DABCEC82 -- C:\Windows\winsxs\x86_nvraid.inf_31bf3856ad364e35_6.1.7601.17514_none_3be22d131d40bd72\nvstor.sys
 
< MD5 for: SCECLI.DLL  >
[2010.11.20 04:21:06 | 000,175,616 | ---- | M] (Microsoft Corporation) MD5=8124944EC89D6A1815E4E53F5B96AAF4 -- C:\Windows\System32\scecli.dll
[2010.11.20 04:21:06 | 000,175,616 | ---- | M] (Microsoft Corporation) MD5=8124944EC89D6A1815E4E53F5B96AAF4 -- C:\Windows\winsxs\x86_microsoft-windows-s..urationengineclient_31bf3856ad364e35_6.1.7601.17514_none_3a154c47375d881d\scecli.dll
 
< MD5 for: USER32.DLL  >
[2010.11.20 04:21:34 | 000,811,520 | ---- | M] (Microsoft Corporation) MD5=F1DD3ACAEE5E6B4BBC69BC6DF75CEF66 -- C:\Windows\System32\user32.dll
[2010.11.20 04:21:34 | 000,811,520 | ---- | M] (Microsoft Corporation) MD5=F1DD3ACAEE5E6B4BBC69BC6DF75CEF66 -- C:\Windows\winsxs\x86_microsoft-windows-user32_31bf3856ad364e35_6.1.7601.17514_none_cf3fd62ccb9e983d\user32.dll
 
< MD5 for: USERINIT.EXE  >
[2010.11.20 04:17:50 | 000,026,624 | ---- | M] (Microsoft Corporation) MD5=61AC3EFDFACFDD3F0F11DD4FD4044223 -- C:\Windows\System32\userinit.exe
[2010.11.20 04:17:50 | 000,026,624 | ---- | M] (Microsoft Corporation) MD5=61AC3EFDFACFDD3F0F11DD4FD4044223 -- C:\Windows\winsxs\x86_microsoft-windows-userinit_31bf3856ad364e35_6.1.7601.17514_none_de3024012ff21116\userinit.exe
 
< MD5 for: WININIT.EXE  >
[2009.07.14 03:14:45 | 000,096,256 | ---- | M] (Microsoft Corporation) MD5=B5C5DCAD3899512020D135600129D665 -- C:\Windows\System32\wininit.exe
[2009.07.14 03:14:45 | 000,096,256 | ---- | M] (Microsoft Corporation) MD5=B5C5DCAD3899512020D135600129D665 -- C:\Windows\winsxs\x86_microsoft-windows-wininit_31bf3856ad364e35_6.1.7600.16385_none_30c90ef265a43c13\wininit.exe
 
< MD5 for: WINLOGON.EXE  >
[2012.09.07 17:04:42 | 000,218,696 | ---- | M] () MD5=4E0D8C9F83B7FD82393F7D8CCC27E7AE -- C:\Program Files\Malwarebytes' Anti-Malware\Chameleon\winlogon.exe
[2010.11.20 04:17:56 | 000,286,720 | ---- | M] (Microsoft Corporation) MD5=6D13E1406F50C66E2A95D97F22C47560 -- C:\Windows\System32\winlogon.exe
[2010.11.20 04:17:56 | 000,286,720 | ---- | M] (Microsoft Corporation) MD5=6D13E1406F50C66E2A95D97F22C47560 -- C:\Windows\winsxs\x86_microsoft-windows-winlogon_31bf3856ad364e35_6.1.7601.17514_none_71ca6b0233339500\winlogon.exe
 
< MD5 for: WS2IFSL.SYS  >
[2009.07.14 01:55:02 | 000,016,384 | ---- | M] (Microsoft Corporation) MD5=6DB3276587B853BF886B69528FDB048C -- C:\Windows\System32\drivers\ws2ifsl.sys
[2009.07.14 01:55:02 | 000,016,384 | ---- | M] (Microsoft Corporation) MD5=6DB3276587B853BF886B69528FDB048C -- C:\Windows\winsxs\x86_microsoft-windows-w..rastructure-ws2ifsl_31bf3856ad364e35_6.1.7600.16385_none_4f5cf6f829213bb2\ws2ifsl.sys
 
< %systemroot%\system32\drivers\*.sys /lockedfiles >
 
< %systemroot%\System32\config\*.sav >
 
< %systemroot%\*. /mp /s >
 
< %systemroot%\system32\*.dll /lockedfiles >
[2009.07.14 03:15:36 | 000,226,816 | ---- | M] (Microsoft Corporation) Unable to obtain MD5 -- C:\Windows\system32\LocationApi.dll
[2012.08.24 08:45:46 | 000,607,744 | ---- | M] (Microsoft Corporation) Unable to obtain MD5 -- C:\Windows\system32\msfeeds.dll
 
<           >
[2009.07.14 06:53:46 | 000,032,632 | ---- | C] () -- C:\Windows\Tasks\SCHEDLGU.TXT
[2009.07.14 06:53:47 | 000,000,006 | -H-- | C] () -- C:\Windows\Tasks\SA.DAT

< End of report >

cosinus · 12.10.2012, 17:36

Ok, ist ziemlich unauffällig

Bitte nun (im normalen Windows-Modus) dieses Tool von Kaspersky (TDSS-Killer) ausführen und das Log posten Anleitung und Downloadlink hier => http://www.trojaner-board.de/82358-t...entfernen.html

Hinweis: Bitte den Virenscanner abstellen bevor du den TDSS-Killer ausführst, denn v.a. Avira meldet im TDSS-Tool oft einen Fehalalrm!

Das Tool so einstellen wie unten im Bild angegeben - klick auf change parameters und setze die Haken wie im folgenden Screenshot abgebildet,
Dann auf Start Scan klicken und wenn es durch ist auf den Button Report klicken um das Log anzuzeigen. Dieses bitte komplett posten.

Wenn du das Log nicht findest oder den Inhalt kopieren und in dein Posting übertragen kannst, dann schau bitte direkt auf deiner Windows-Systempartition ( meistens Laufwerk C: ) nach, da speichert der TDSS-Killer seine Logs.

Hinweis: Bitte nichts voreilig mit dem TDSS-Killer löschen! Falls Objekte vom TDSS-Killer bemängelt werden, alle mit der Aktion "skip" behandeln und hier nur das Log posten!

bootsie · 13.10.2012, 20:31

Hier das LOG

Die KMService kommt mir bekannt vor. Das ist ein Tool für Office, was die Aktivierung vorgaukelt. Das hatten wir vor ca. 3 Monaten benutzt (als unsere Seriennummer nicht ging). Leider hatte ich es nicht richtig deinstalliert bzw. gab es nichts zum deinstallieren.
Das andere ist glaub ich vom Brother-Treiber und das andere noch von irgendeinem anderen Treiber.

Code:

ATTFilter

21:21:02.0491 1244  TDSS rootkit removing tool 2.8.10.0 Sep 17 2012 19:23:24
21:21:02.0522 1244  ============================================================
21:21:02.0522 1244  Current date / time: 2012/10/13 21:21:02.0522
21:21:02.0522 1244  SystemInfo:
21:21:02.0522 1244  
21:21:02.0522 1244  OS Version: 6.1.7601 ServicePack: 1.0
21:21:02.0522 1244  Product type: Workstation
21:21:02.0522 1244  ComputerName: ***-PC
21:21:02.0522 1244  UserName: ***
21:21:02.0522 1244  Windows directory: C:\Windows
21:21:02.0522 1244  System windows directory: C:\Windows
21:21:02.0522 1244  Processor architecture: Intel x86
21:21:02.0522 1244  Number of processors: 2
21:21:02.0522 1244  Page size: 0x1000
21:21:02.0522 1244  Boot type: Normal boot
21:21:02.0522 1244  ============================================================
21:21:03.0863 1244  Drive \Device\Harddisk0\DR0 - Size: 0x3A38B2E000 (232.89 Gb), SectorSize: 0x200, Cylinders: 0x76C1, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000050
21:21:03.0863 1244  ============================================================
21:21:03.0863 1244  \Device\Harddisk0\DR0:
21:21:03.0863 1244  MBR partitions:
21:21:03.0863 1244  \Device\Harddisk0\DR0\Partition1: MBR, Type 0x7, StartLBA 0x1770800, BlocksNum 0x12831000
21:21:03.0863 1244  \Device\Harddisk0\DR0\Partition2: MBR, Type 0x7, StartLBA 0x13FA1800, BlocksNum 0x9223800
21:21:03.0863 1244  ============================================================
21:21:03.0926 1244  C: <-> \Device\Harddisk0\DR0\Partition1
21:21:03.0973 1244  D: <-> \Device\Harddisk0\DR0\Partition2
21:21:03.0973 1244  ============================================================
21:21:03.0973 1244  Initialize success
21:21:03.0973 1244  ============================================================
21:21:10.0415 2624  ============================================================
21:21:10.0415 2624  Scan started
21:21:10.0415 2624  Mode: Manual; SigCheck; TDLFS; 
21:21:10.0415 2624  ============================================================
21:21:11.0273 2624  ================ Scan system memory ========================
21:21:11.0273 2624  System memory - ok
21:21:11.0273 2624  ================ Scan services =============================
21:21:11.0461 2624  [ 1B133875B8AA8AC48969BD3458AFE9F5 ] 1394ohci        C:\Windows\system32\drivers\1394ohci.sys
21:21:11.0585 2624  1394ohci - ok
21:21:11.0617 2624  [ CEA80C80BED809AA0DA6FEBC04733349 ] ACPI            C:\Windows\system32\drivers\ACPI.sys
21:21:11.0632 2624  ACPI - ok
21:21:11.0663 2624  [ 1EFBC664ABFF416D1D07DB115DCB264F ] AcpiPmi         C:\Windows\system32\drivers\acpipmi.sys
21:21:11.0695 2624  AcpiPmi - ok
21:21:11.0835 2624  [ 19034EFADEA6D8C0C0053FF0720C72E2 ] AcrSch2Svc      C:\Program Files\Common Files\Acronis\Schedule2\schedul2.exe
21:21:11.0882 2624  AcrSch2Svc - ok
21:21:11.0929 2624  [ 21E785EBD7DC90A06391141AAC7892FB ] adp94xx         C:\Windows\system32\DRIVERS\adp94xx.sys
21:21:11.0975 2624  adp94xx - ok
21:21:11.0991 2624  [ 0C676BC278D5B59FF5ABD57BBE9123F2 ] adpahci         C:\Windows\system32\DRIVERS\adpahci.sys
21:21:12.0007 2624  adpahci - ok
21:21:12.0053 2624  [ 7C7B5EE4B7B822EC85321FE23A27DB33 ] adpu320         C:\Windows\system32\DRIVERS\adpu320.sys
21:21:12.0085 2624  adpu320 - ok
21:21:12.0100 2624  [ 8B5EEFEEC1E6D1A72A06C526628AD161 ] AeLookupSvc     C:\Windows\System32\aelupsvc.dll
21:21:12.0147 2624  AeLookupSvc - ok
21:21:12.0209 2624  [ 53696AD8FFC5FAC51949A525FF65A689 ] afcdp           C:\Windows\system32\DRIVERS\afcdp.sys
21:21:12.0256 2624  afcdp - ok
21:21:12.0397 2624  [ AF44F7E027037628F1FAC3C13CDE73E6 ] afcdpsrv        C:\Program Files\Common Files\Acronis\CDP\afcdpsrv.exe
21:21:12.0506 2624  afcdpsrv - ok
21:21:12.0615 2624  [ 9EBBBA55060F786F0FCAA3893BFA2806 ] AFD             C:\Windows\system32\drivers\afd.sys
21:21:12.0662 2624  AFD - ok
21:21:12.0693 2624  [ 507812C3054C21CEF746B6EE3D04DD6E ] agp440          C:\Windows\system32\drivers\agp440.sys
21:21:12.0740 2624  agp440 - ok
21:21:12.0787 2624  [ 8B30250D573A8F6B4BD23195160D8707 ] aic78xx         C:\Windows\system32\DRIVERS\djsvs.sys
21:21:12.0818 2624  aic78xx - ok
21:21:12.0865 2624  [ 18A54E132947CD98FEA9ACCC57F98F13 ] ALG             C:\Windows\System32\alg.exe
21:21:12.0896 2624  ALG - ok
21:21:12.0927 2624  [ 0D40BCF52EA90FC7DF2AEAB6503DEA44 ] aliide          C:\Windows\system32\drivers\aliide.sys
21:21:12.0958 2624  aliide - ok
21:21:12.0989 2624  [ 3C6600A0696E90A463771C7422E23AB5 ] amdagp          C:\Windows\system32\drivers\amdagp.sys
21:21:13.0005 2624  amdagp - ok
21:21:13.0036 2624  [ CD5914170297126B6266860198D1D4F0 ] amdide          C:\Windows\system32\drivers\amdide.sys
21:21:13.0052 2624  amdide - ok
21:21:13.0083 2624  [ 00DDA200D71BAC534BF56A9DB5DFD666 ] AmdK8           C:\Windows\system32\DRIVERS\amdk8.sys
21:21:13.0114 2624  AmdK8 - ok
21:21:13.0114 2624  [ 3CBF30F5370FDA40DD3E87DF38EA53B6 ] AmdPPM          C:\Windows\system32\DRIVERS\amdppm.sys
21:21:13.0145 2624  AmdPPM - ok
21:21:13.0177 2624  [ D320BF87125326F996D4904FE24300FC ] amdsata         C:\Windows\system32\drivers\amdsata.sys
21:21:13.0223 2624  amdsata - ok
21:21:13.0223 2624  [ EA43AF0C423FF267355F74E7A53BDABA ] amdsbs          C:\Windows\system32\DRIVERS\amdsbs.sys
21:21:13.0255 2624  amdsbs - ok
21:21:13.0270 2624  [ 46387FB17B086D16DEA267D5BE23A2F2 ] amdxata         C:\Windows\system32\drivers\amdxata.sys
21:21:13.0301 2624  amdxata - ok
21:21:13.0333 2624  [ AEA177F783E20150ACE5383EE368DA19 ] AppID           C:\Windows\system32\drivers\appid.sys
21:21:13.0379 2624  AppID - ok
21:21:13.0442 2624  [ 62A9C86CB6085E20DB4823E4E97826F5 ] AppIDSvc        C:\Windows\System32\appidsvc.dll
21:21:13.0489 2624  AppIDSvc - ok
21:21:13.0504 2624  [ FB1959012294D6AD43E5304DF65E3C26 ] Appinfo         C:\Windows\System32\appinfo.dll
21:21:13.0551 2624  Appinfo - ok
21:21:13.0567 2624  [ A45D184DF6A8803DA13A0B329517A64A ] AppMgmt         C:\Windows\System32\appmgmts.dll
21:21:13.0598 2624  AppMgmt - ok
21:21:13.0613 2624  [ 2932004F49677BD84DBC72EDB754FFB3 ] arc             C:\Windows\system32\DRIVERS\arc.sys
21:21:13.0629 2624  arc - ok
21:21:13.0645 2624  [ 5D6F36C46FD283AE1B57BD2E9FEB0BC7 ] arcsas          C:\Windows\system32\DRIVERS\arcsas.sys
21:21:13.0660 2624  arcsas - ok
21:21:13.0676 2624  [ ADD2ADE1C2B285AB8378D2DAAF991481 ] AsyncMac        C:\Windows\system32\DRIVERS\asyncmac.sys
21:21:13.0723 2624  AsyncMac - ok
21:21:13.0738 2624  [ 338C86357871C167A96AB976519BF59E ] atapi           C:\Windows\system32\drivers\atapi.sys
21:21:13.0770 2624  atapi - ok
21:21:13.0801 2624  [ CE3B4E731638D2EF62FCB419BE0D39F0 ] AudioEndpointBuilder C:\Windows\System32\Audiosrv.dll
21:21:13.0863 2624  AudioEndpointBuilder - ok
21:21:13.0879 2624  [ CE3B4E731638D2EF62FCB419BE0D39F0 ] Audiosrv        C:\Windows\System32\Audiosrv.dll
21:21:13.0941 2624  Audiosrv - ok
21:21:13.0972 2624  [ 6E30D02AAC9CAC84F421622E3A2F6178 ] AxInstSV        C:\Windows\System32\AxInstSV.dll
21:21:14.0019 2624  AxInstSV - ok
21:21:14.0050 2624  [ 1A231ABEC60FD316EC54C66715543CEC ] b06bdrv         C:\Windows\system32\DRIVERS\bxvbdx.sys
21:21:14.0097 2624  b06bdrv - ok
21:21:14.0128 2624  [ BD8869EB9CDE6BBE4508D869929869EE ] b57nd60x        C:\Windows\system32\DRIVERS\b57nd60x.sys
21:21:14.0175 2624  b57nd60x - ok
21:21:14.0191 2624  [ EE1E9C3BB8228AE423DD38DB69128E71 ] BDESVC          C:\Windows\System32\bdesvc.dll
21:21:14.0222 2624  BDESVC - ok
21:21:14.0238 2624  [ 505506526A9D467307B3C393DEDAF858 ] Beep            C:\Windows\system32\drivers\Beep.sys
21:21:14.0284 2624  Beep - ok
21:21:14.0347 2624  [ 1E2BAC209D184BB851E1A187D8A29136 ] BFE             C:\Windows\System32\bfe.dll
21:21:14.0425 2624  BFE - ok
21:21:14.0456 2624  [ E585445D5021971FAE10393F0F1C3961 ] BITS            C:\Windows\System32\qmgr.dll
21:21:14.0534 2624  BITS - ok
21:21:14.0565 2624  [ 2287078ED48FCFC477B05B20CF38F36F ] blbdrive        C:\Windows\system32\DRIVERS\blbdrive.sys
21:21:14.0581 2624  blbdrive - ok
21:21:14.0612 2624  [ 8F2DA3028D5FCBD1A060A3DE64CD6506 ] bowser          C:\Windows\system32\DRIVERS\bowser.sys
21:21:14.0643 2624  bowser - ok
21:21:14.0659 2624  [ 9F9ACC7F7CCDE8A15C282D3F88B43309 ] BrFiltLo        C:\Windows\system32\DRIVERS\BrFiltLo.sys
21:21:14.0690 2624  BrFiltLo - ok
21:21:14.0690 2624  [ 56801AD62213A41F6497F96DEE83755A ] BrFiltUp        C:\Windows\system32\DRIVERS\BrFiltUp.sys
21:21:14.0721 2624  BrFiltUp - ok
21:21:14.0752 2624  [ 3DAA727B5B0A45039B0E1C9A211B8400 ] Browser         C:\Windows\System32\browser.dll
21:21:14.0784 2624  Browser - ok
21:21:14.0799 2624  [ 845B8CE732E67F3B4133164868C666EA ] Brserid         C:\Windows\System32\Drivers\Brserid.sys
21:21:14.0830 2624  Brserid - ok
21:21:14.0846 2624  [ 203F0B1E73ADADBBB7B7B1FABD901F6B ] BrSerWdm        C:\Windows\System32\Drivers\BrSerWdm.sys
21:21:14.0862 2624  BrSerWdm - ok
21:21:14.0877 2624  [ BD456606156BA17E60A04E18016AE54B ] BrUsbMdm        C:\Windows\System32\Drivers\BrUsbMdm.sys
21:21:14.0908 2624  BrUsbMdm - ok
21:21:14.0908 2624  [ AF72ED54503F717A43268B3CC5FAEC2E ] BrUsbSer        C:\Windows\System32\Drivers\BrUsbSer.sys
21:21:14.0940 2624  BrUsbSer - ok
21:21:15.0002 2624  [ EA7E57F87D6FEE5FD6C5F813C04E8CD2 ] BrYNSvc         C:\Program Files\Browny02\BrYNSvc.exe
21:21:15.0033 2624  BrYNSvc ( UnsignedFile.Multi.Generic ) - warning
21:21:15.0033 2624  BrYNSvc - detected UnsignedFile.Multi.Generic (1)
21:21:15.0033 2624  [ ED3DF7C56CE0084EB2034432FC56565A ] BTHMODEM        C:\Windows\system32\DRIVERS\bthmodem.sys
21:21:15.0064 2624  BTHMODEM - ok
21:21:15.0111 2624  [ 1DF19C96EEF6C29D1C3E1A8678E07190 ] bthserv         C:\Windows\system32\bthserv.dll
21:21:15.0174 2624  bthserv - ok
21:21:15.0205 2624  [ 77EA11B065E0A8AB902D78145CA51E10 ] cdfs            C:\Windows\system32\DRIVERS\cdfs.sys
21:21:15.0252 2624  cdfs - ok
21:21:15.0314 2624  [ BE167ED0FDB9C1FA1133953C18D5A6C9 ] cdrom           C:\Windows\system32\DRIVERS\cdrom.sys
21:21:15.0345 2624  cdrom - ok
21:21:15.0392 2624  [ 319C6B309773D063541D01DF8AC6F55F ] CertPropSvc     C:\Windows\System32\certprop.dll
21:21:15.0454 2624  CertPropSvc - ok
21:21:15.0486 2624  [ 3FE3FE94A34DF6FB06E6418D0F6A0060 ] circlass        C:\Windows\system32\DRIVERS\circlass.sys
21:21:15.0517 2624  circlass - ok
21:21:15.0548 2624  [ 635181E0E9BBF16871BF5380D71DB02D ] CLFS            C:\Windows\system32\CLFS.sys
21:21:15.0579 2624  CLFS - ok
21:21:15.0642 2624  [ D88040F816FDA31C3B466F0FA0918F29 ] clr_optimization_v2.0.50727_32 C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe
21:21:15.0673 2624  clr_optimization_v2.0.50727_32 - ok
21:21:15.0735 2624  [ C5A75EB48E2344ABDC162BDA79E16841 ] clr_optimization_v4.0.30319_32 C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe
21:21:15.0766 2624  clr_optimization_v4.0.30319_32 - ok
21:21:15.0782 2624  [ DEA805815E587DAD1DD2C502220B5616 ] CmBatt          C:\Windows\system32\DRIVERS\CmBatt.sys
21:21:15.0829 2624  CmBatt - ok
21:21:15.0844 2624  [ C537B1DB64D495B9B4717B4D6D9EDBF2 ] cmdide          C:\Windows\system32\drivers\cmdide.sys
21:21:15.0876 2624  cmdide - ok
21:21:15.0922 2624  [ 247B4CE2DAB1160CD422D532D5241E1F ] CNG             C:\Windows\system32\Drivers\cng.sys
21:21:15.0985 2624  CNG - ok
21:21:16.0000 2624  [ A6023D3823C37043986713F118A89BEE ] Compbatt        C:\Windows\system32\DRIVERS\compbatt.sys
21:21:16.0016 2624  Compbatt - ok
21:21:16.0032 2624  [ CBE8C58A8579CFE5FCCF809E6F114E89 ] CompositeBus    C:\Windows\system32\drivers\CompositeBus.sys
21:21:16.0047 2624  CompositeBus - ok
21:21:16.0063 2624  COMSysApp - ok
21:21:16.0078 2624  [ 2C4EBCFC84A9B44F209DFF6C6E6C61D1 ] crcdisk         C:\Windows\system32\DRIVERS\crcdisk.sys
21:21:16.0110 2624  crcdisk - ok
21:21:16.0156 2624  [ 96C0E38905CFD788313BE8E11DAE3F2F ] CryptSvc        C:\Windows\system32\cryptsvc.dll
21:21:16.0203 2624  CryptSvc - ok
21:21:16.0250 2624  [ 3C2177A897B4CA2788C6FB0C3FD81D4B ] CSC             C:\Windows\system32\drivers\csc.sys
21:21:16.0312 2624  CSC - ok
21:21:16.0375 2624  [ 15F93B37F6801943360D9EB42485D5D3 ] CscService      C:\Windows\System32\cscsvc.dll
21:21:16.0422 2624  CscService - ok
21:21:16.0468 2624  [ 7660F01D3B38ACA1747E397D21D790AF ] DcomLaunch      C:\Windows\system32\rpcss.dll
21:21:16.0546 2624  DcomLaunch - ok
21:21:16.0578 2624  [ 8D6E10A2D9A5EED59562D9B82CF804E1 ] defragsvc       C:\Windows\System32\defragsvc.dll
21:21:16.0640 2624  defragsvc - ok
21:21:16.0671 2624  [ F024449C97EC1E464AAFFDA18593DB88 ] DfsC            C:\Windows\system32\Drivers\dfsc.sys
21:21:16.0718 2624  DfsC - ok
21:21:16.0765 2624  [ E9E01EB683C132F7FA27CD607B8A2B63 ] Dhcp            C:\Windows\system32\dhcpcore.dll
21:21:16.0843 2624  Dhcp - ok
21:21:16.0874 2624  [ 1A050B0274BFB3890703D490F330C0DA ] discache        C:\Windows\system32\drivers\discache.sys
21:21:16.0921 2624  discache - ok
21:21:16.0952 2624  [ 565003F326F99802E68CA78F2A68E9FF ] Disk            C:\Windows\system32\DRIVERS\disk.sys
21:21:16.0968 2624  Disk - ok
21:21:16.0999 2624  [ 33EF4861F19A0736B11314AAD9AE28D0 ] Dnscache        C:\Windows\System32\dnsrslvr.dll
21:21:17.0030 2624  Dnscache - ok
21:21:17.0046 2624  [ 366BA8FB4B7BB7435E3B9EACB3843F67 ] dot3svc         C:\Windows\System32\dot3svc.dll
21:21:17.0092 2624  dot3svc - ok
21:21:17.0124 2624  [ 8EC04CA86F1D68DA9E11952EB85973D6 ] DPS             C:\Windows\system32\dps.dll
21:21:17.0170 2624  DPS - ok
21:21:17.0202 2624  [ B918E7C5F9BF77202F89E1A9539F2EB4 ] drmkaud         C:\Windows\system32\drivers\drmkaud.sys
21:21:17.0233 2624  drmkaud - ok
21:21:17.0326 2624  [ C0C7CECCB6C85994C2BC92D58E52D3F2 ] dtsoftbus01     C:\Windows\system32\DRIVERS\dtsoftbus01.sys
21:21:17.0358 2624  dtsoftbus01 - ok
21:21:17.0420 2624  [ 23F5D28378A160352BA8F817BD8C71CB ] DXGKrnl         C:\Windows\System32\drivers\dxgkrnl.sys
21:21:17.0467 2624  DXGKrnl - ok
21:21:17.0498 2624  [ 8A45015E85A4DCE0086B9973F0FD9A20 ] eamonm          C:\Windows\system32\DRIVERS\eamonm.sys
21:21:17.0514 2624  eamonm - ok
21:21:17.0545 2624  [ 8600142FA91C1B96367D3300AD0F3F3A ] EapHost         C:\Windows\System32\eapsvc.dll
21:21:17.0592 2624  EapHost - ok
21:21:17.0732 2624  [ 024E1B5CAC09731E4D868E64DBFB4AB0 ] ebdrv           C:\Windows\system32\DRIVERS\evbdx.sys
21:21:17.0826 2624  ebdrv - ok
21:21:17.0841 2624  [ 81951F51E318AECC2D68559E47485CC4 ] EFS             C:\Windows\System32\lsass.exe
21:21:17.0872 2624  EFS - ok
21:21:17.0904 2624  [ 5412ED24FFFCA64E2F0168399B86C952 ] ehdrv           C:\Windows\system32\DRIVERS\ehdrv.sys
21:21:17.0935 2624  ehdrv - ok
21:21:18.0013 2624  [ A8C362018EFC87BEB013EE28F29C0863 ] ehRecvr         C:\Windows\ehome\ehRecvr.exe
21:21:18.0060 2624  ehRecvr - ok
21:21:18.0075 2624  [ D389BFF34F80CAEDE417BF9D1507996A ] ehSched         C:\Windows\ehome\ehsched.exe
21:21:18.0122 2624  ehSched - ok
21:21:18.0231 2624  [ AD4FAADE819E0DA9933BEA7C01D2C763 ] ekrn            C:\Program Files\ESET\ESET NOD32 Antivirus\ekrn.exe
21:21:18.0294 2624  ekrn - ok
21:21:18.0340 2624  [ 0ED67910C8C326796FAA00B2BF6D9D3C ] elxstor         C:\Windows\system32\DRIVERS\elxstor.sys
21:21:18.0387 2624  elxstor - ok
21:21:18.0418 2624  [ 0A587BB99A22F8DC3597471425D43314 ] epfwwfpr        C:\Windows\system32\DRIVERS\epfwwfpr.sys
21:21:18.0465 2624  epfwwfpr - ok
21:21:18.0496 2624  [ 8FC3208352DD3912C94367A206AB3F11 ] ErrDev          C:\Windows\system32\drivers\errdev.sys
21:21:18.0528 2624  ErrDev - ok
21:21:18.0590 2624  [ F6916EFC29D9953D5D0DF06882AE8E16 ] EventSystem     C:\Windows\system32\es.dll
21:21:18.0668 2624  EventSystem - ok
21:21:18.0699 2624  [ 2DC9108D74081149CC8B651D3A26207F ] exfat           C:\Windows\system32\drivers\exfat.sys
21:21:18.0762 2624  exfat - ok
21:21:18.0793 2624  [ 7E0AB74553476622FB6AE36F73D97D35 ] fastfat         C:\Windows\system32\drivers\fastfat.sys
21:21:18.0840 2624  fastfat - ok
21:21:18.0902 2624  [ 967EA5B213E9984CBE270205DF37755B ] Fax             C:\Windows\system32\fxssvc.exe
21:21:18.0949 2624  Fax - ok
21:21:18.0949 2624  [ E817A017F82DF2A1F8CFDBDA29388B29 ] fdc             C:\Windows\system32\DRIVERS\fdc.sys
21:21:18.0996 2624  fdc - ok
21:21:19.0011 2624  [ F3222C893BD2F5821A0179E5C71E88FB ] fdPHost         C:\Windows\system32\fdPHost.dll
21:21:19.0074 2624  fdPHost - ok
21:21:19.0105 2624  [ 7DBE8CBFE79EFBDEB98C9FB08D3A9A5B ] FDResPub        C:\Windows\system32\fdrespub.dll
21:21:19.0167 2624  FDResPub - ok
21:21:19.0167 2624  [ 6CF00369C97F3CF563BE99BE983D13D8 ] FileInfo        C:\Windows\system32\drivers\fileinfo.sys
21:21:19.0198 2624  FileInfo - ok
21:21:19.0214 2624  [ 42C51DC94C91DA21CB9196EB64C45DB9 ] Filetrace       C:\Windows\system32\drivers\filetrace.sys
21:21:19.0261 2624  Filetrace - ok
21:21:19.0276 2624  [ 87907AA70CB3C56600F1C2FB8841579B ] flpydisk        C:\Windows\system32\DRIVERS\flpydisk.sys
21:21:19.0292 2624  flpydisk - ok
21:21:19.0323 2624  [ 7520EC808E0C35E0EE6F841294316653 ] FltMgr          C:\Windows\system32\drivers\fltmgr.sys
21:21:19.0354 2624  FltMgr - ok
21:21:19.0401 2624  [ B3A5EC6B6B6673DB7E87C2BCDBDDC074 ] FontCache       C:\Windows\system32\FntCache.dll
21:21:19.0448 2624  FontCache - ok
21:21:19.0510 2624  [ E56F39F6B7FDA0AC77A79B0FD3DE1A2F ] FontCache3.0.0.0 C:\Windows\Microsoft.Net\Framework\v3.0\WPF\PresentationFontCache.exe
21:21:19.0542 2624  FontCache3.0.0.0 - ok
21:21:19.0557 2624  [ 1A16B57943853E598CFF37FE2B8CBF1D ] FsDepends       C:\Windows\system32\drivers\FsDepends.sys
21:21:19.0588 2624  FsDepends - ok
21:21:19.0620 2624  [ 7DAE5EBCC80E45D3253F4923DC424D05 ] Fs_Rec          C:\Windows\system32\drivers\Fs_Rec.sys
21:21:19.0651 2624  Fs_Rec - ok
21:21:19.0698 2624  [ 8A73E79089B282100B9393B644CB853B ] fvevol          C:\Windows\system32\DRIVERS\fvevol.sys
21:21:19.0729 2624  fvevol - ok
21:21:19.0760 2624  [ 65EE0C7A58B65E74AE05637418153938 ] gagp30kx        C:\Windows\system32\DRIVERS\gagp30kx.sys
21:21:19.0791 2624  gagp30kx - ok
21:21:19.0822 2624  [ E897EAF5ED6BA41E081060C9B447A673 ] gpsvc           C:\Windows\System32\gpsvc.dll
21:21:19.0885 2624  gpsvc - ok
21:21:19.0900 2624  [ C44E3C2BAB6837DB337DDEE7544736DB ] hcw85cir        C:\Windows\system32\drivers\hcw85cir.sys
21:21:19.0916 2624  hcw85cir - ok
21:21:19.0978 2624  [ A5EF29D5315111C80A5C1ABAD14C8972 ] HdAudAddService C:\Windows\system32\drivers\HdAudio.sys
21:21:20.0025 2624  HdAudAddService - ok
21:21:20.0041 2624  [ 9036377B8A6C15DC2EEC53E489D159B5 ] HDAudBus        C:\Windows\system32\drivers\HDAudBus.sys
21:21:20.0072 2624  HDAudBus - ok
21:21:20.0072 2624  [ 1D58A7F3E11A9731D0EAAAA8405ACC36 ] HidBatt         C:\Windows\system32\DRIVERS\HidBatt.sys
21:21:20.0103 2624  HidBatt - ok
21:21:20.0103 2624  [ 89448F40E6DF260C206A193A4683BA78 ] HidBth          C:\Windows\system32\DRIVERS\hidbth.sys
21:21:20.0134 2624  HidBth - ok
21:21:20.0166 2624  [ CF50B4CF4A4F229B9F3C08351F99CA5E ] HidIr           C:\Windows\system32\DRIVERS\hidir.sys
21:21:20.0197 2624  HidIr - ok
21:21:20.0228 2624  [ 2BC6F6A1992B3A77F5F41432CA6B3B6B ] hidserv         C:\Windows\system32\hidserv.dll
21:21:20.0290 2624  hidserv - ok
21:21:20.0337 2624  [ 10C19F8290891AF023EAEC0832E1EB4D ] HidUsb          C:\Windows\system32\DRIVERS\hidusb.sys
21:21:20.0368 2624  HidUsb - ok
21:21:20.0400 2624  [ 196B4E3F4CCCC24AF836CE58FACBB699 ] hkmsvc          C:\Windows\system32\kmsvc.dll
21:21:20.0462 2624  hkmsvc - ok
21:21:20.0493 2624  [ 6658F4404DE03D75FE3BA09F7ABA6A30 ] HomeGroupListener C:\Windows\system32\ListSvc.dll
21:21:20.0540 2624  HomeGroupListener - ok
21:21:20.0571 2624  [ DBC02D918FFF1CAD628ACBE0C0EAA8E8 ] HomeGroupProvider C:\Windows\system32\provsvc.dll
21:21:20.0602 2624  HomeGroupProvider - ok
21:21:20.0618 2624  [ 295FDC419039090EB8B49FFDBB374549 ] HpSAMD          C:\Windows\system32\drivers\HpSAMD.sys
21:21:20.0634 2624  HpSAMD - ok
21:21:20.0696 2624  [ 871917B07A141BFF43D76D8844D48106 ] HTTP            C:\Windows\system32\drivers\HTTP.sys
21:21:20.0774 2624  HTTP - ok
21:21:20.0790 2624  [ 0C4E035C7F105F1299258C90886C64C5 ] hwpolicy        C:\Windows\system32\drivers\hwpolicy.sys
21:21:20.0821 2624  hwpolicy - ok
21:21:20.0852 2624  [ F151F0BDC47F4A28B1B20A0818EA36D6 ] i8042prt        C:\Windows\system32\drivers\i8042prt.sys
21:21:20.0883 2624  i8042prt - ok
21:21:20.0930 2624  [ 5CD5F9A5444E6CDCB0AC89BD62D8B76E ] iaStorV         C:\Windows\system32\drivers\iaStorV.sys
21:21:20.0961 2624  iaStorV - ok
21:21:21.0024 2624  [ 1CF03C69B49ACB70C722DF92755C0C8C ] IDriverT        C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
21:21:21.0039 2624  IDriverT ( UnsignedFile.Multi.Generic ) - warning
21:21:21.0039 2624  IDriverT - detected UnsignedFile.Multi.Generic (1)
21:21:21.0102 2624  [ C521D7EB6497BB1AF6AFA89E322FB43C ] idsvc           C:\Windows\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\infocard.exe
21:21:21.0148 2624  idsvc - ok
21:21:21.0367 2624  [ 9467514EA189475A6E7FDC5D7BDE9D3F ] igfx            C:\Windows\system32\DRIVERS\igdkmd32.sys
21:21:21.0476 2624  igfx - ok
21:21:21.0570 2624  [ 4173FF5708F3236CF25195FECD742915 ] iirsp           C:\Windows\system32\DRIVERS\iirsp.sys
21:21:21.0601 2624  iirsp - ok
21:21:21.0648 2624  [ F95622F161474511B8D80D6B093AA610 ] IKEEXT          C:\Windows\System32\ikeext.dll
21:21:21.0710 2624  IKEEXT - ok
21:21:21.0741 2624  [ A0F12F2C9BA6C72F3987CE780E77C130 ] intelide        C:\Windows\system32\drivers\intelide.sys
21:21:21.0757 2624  intelide - ok
21:21:21.0772 2624  [ 3B514D27BFC4ACCB4037BC6685F766E0 ] intelppm        C:\Windows\system32\DRIVERS\intelppm.sys
21:21:21.0804 2624  intelppm - ok
21:21:21.0819 2624  [ ACB364B9075A45C0736E5C47BE5CAE19 ] IPBusEnum       C:\Windows\system32\ipbusenum.dll
21:21:21.0866 2624  IPBusEnum - ok
21:21:21.0882 2624  [ 709D1761D3B19A932FF0238EA6D50200 ] IpFilterDriver  C:\Windows\system32\DRIVERS\ipfltdrv.sys
21:21:21.0928 2624  IpFilterDriver - ok
21:21:21.0975 2624  [ 4D65A07B795D6674312F879D09AA7663 ] iphlpsvc        C:\Windows\System32\iphlpsvc.dll
21:21:22.0038 2624  iphlpsvc - ok
21:21:22.0053 2624  [ 4BD7134618C1D2A27466A099062547BF ] IPMIDRV         C:\Windows\system32\drivers\IPMIDrv.sys
21:21:22.0084 2624  IPMIDRV - ok
21:21:22.0084 2624  [ A5FA468D67ABCDAA36264E463A7BB0CD ] IPNAT           C:\Windows\system32\drivers\ipnat.sys
21:21:22.0131 2624  IPNAT - ok
21:21:22.0147 2624  [ 42996CFF20A3084A56017B7902307E9F ] IRENUM          C:\Windows\system32\drivers\irenum.sys
21:21:22.0178 2624  IRENUM - ok
21:21:22.0194 2624  [ 1F32BB6B38F62F7DF1A7AB7292638A35 ] isapnp          C:\Windows\system32\drivers\isapnp.sys
21:21:22.0225 2624  isapnp - ok
21:21:22.0272 2624  [ CB7A9ABB12B8415BCE5D74994C7BA3AE ] iScsiPrt        C:\Windows\system32\drivers\msiscsi.sys
21:21:22.0303 2624  iScsiPrt - ok
21:21:22.0318 2624  [ ADEF52CA1AEAE82B50DF86B56413107E ] kbdclass        C:\Windows\system32\drivers\kbdclass.sys
21:21:22.0350 2624  kbdclass - ok
21:21:22.0396 2624  [ 9E3CED91863E6EE98C24794D05E27A71 ] kbdhid          C:\Windows\system32\drivers\kbdhid.sys
21:21:22.0428 2624  kbdhid - ok
21:21:22.0459 2624  [ 81951F51E318AECC2D68559E47485CC4 ] KeyIso          C:\Windows\system32\lsass.exe
21:21:22.0490 2624  KeyIso - ok
21:21:22.0552 2624  [ 4635935FC972C582632BF45C26BFCB0E ] KMService       C:\Windows\system32\srvany.exe
21:21:22.0568 2624  KMService ( UnsignedFile.Multi.Generic ) - warning
21:21:22.0568 2624  KMService - detected UnsignedFile.Multi.Generic (1)
21:21:22.0599 2624  [ B7895B4182C0D16F6EFADEB8081E8D36 ] KSecDD          C:\Windows\system32\Drivers\ksecdd.sys
21:21:22.0630 2624  KSecDD - ok
21:21:22.0646 2624  [ D30159AC9237519FBC62C6EC247D2D46 ] KSecPkg         C:\Windows\system32\Drivers\ksecpkg.sys
21:21:22.0662 2624  KSecPkg - ok
21:21:22.0708 2624  [ 89A7B9CC98D0D80C6F31B91C0A310FCD ] KtmRm           C:\Windows\system32\msdtckrm.dll
21:21:22.0755 2624  KtmRm - ok
21:21:22.0818 2624  [ D64AF876D53ECA3668BB97B51B4E70AB ] LanmanServer    C:\Windows\system32\srvsvc.dll
21:21:22.0880 2624  LanmanServer - ok
21:21:22.0911 2624  [ 58405E4F68BA8E4057C6E914F326ABA2 ] LanmanWorkstation C:\Windows\System32\wkssvc.dll
21:21:22.0958 2624  LanmanWorkstation - ok
21:21:22.0989 2624  [ F7611EC07349979DA9B0AE1F18CCC7A6 ] lltdio          C:\Windows\system32\DRIVERS\lltdio.sys
21:21:23.0052 2624  lltdio - ok
21:21:23.0083 2624  [ 5700673E13A2117FA3B9020C852C01E2 ] lltdsvc         C:\Windows\System32\lltdsvc.dll
21:21:23.0145 2624  lltdsvc - ok
21:21:23.0145 2624  [ 55CA01BA19D0006C8F2639B6C045E08B ] lmhosts         C:\Windows\System32\lmhsvc.dll
21:21:23.0192 2624  lmhosts - ok
21:21:23.0223 2624  [ EB119A53CCF2ACC000AC71B065B78FEF ] LSI_FC          C:\Windows\system32\DRIVERS\lsi_fc.sys
21:21:23.0270 2624  LSI_FC - ok
21:21:23.0270 2624  [ 8ADE1C877256A22E49B75D1CC9161F9C ] LSI_SAS         C:\Windows\system32\DRIVERS\lsi_sas.sys
21:21:23.0301 2624  LSI_SAS - ok
21:21:23.0301 2624  [ DC9DC3D3DAA0E276FD2EC262E38B11E9 ] LSI_SAS2        C:\Windows\system32\DRIVERS\lsi_sas2.sys
21:21:23.0317 2624  LSI_SAS2 - ok
21:21:23.0332 2624  [ 0A036C7D7CAB643A7F07135AC47E0524 ] LSI_SCSI        C:\Windows\system32\DRIVERS\lsi_scsi.sys
21:21:23.0348 2624  LSI_SCSI - ok
21:21:23.0364 2624  [ 6703E366CC18D3B6E534F5CF7DF39CEE ] luafv           C:\Windows\system32\drivers\luafv.sys
21:21:23.0410 2624  luafv - ok
21:21:23.0442 2624  [ BFB9EE8EE977EFE85D1A3105ABEF6DD1 ] Mcx2Svc         C:\Windows\system32\Mcx2Svc.dll
21:21:23.0473 2624  Mcx2Svc - ok
21:21:23.0504 2624  [ 0FFF5B045293002AB38EB1FD1FC2FB74 ] megasas         C:\Windows\system32\DRIVERS\megasas.sys
21:21:23.0520 2624  megasas - ok
21:21:23.0535 2624  [ DCBAB2920C75F390CAF1D29F675D03D6 ] MegaSR          C:\Windows\system32\DRIVERS\MegaSR.sys
21:21:23.0551 2624  MegaSR - ok
21:21:23.0613 2624  Microsoft SharePoint Workspace Audit Service - ok
21:21:23.0644 2624  [ 146B6F43A673379A3C670E86D89BE5EA ] MMCSS           C:\Windows\system32\mmcss.dll
21:21:23.0722 2624  MMCSS - ok
21:21:23.0738 2624  [ F001861E5700EE84E2D4E52C712F4964 ] Modem           C:\Windows\system32\drivers\modem.sys
21:21:23.0785 2624  Modem - ok
21:21:23.0816 2624  [ 25483F9D590D5F00BD951E1181453EC2 ] MODEMCSA        C:\Windows\system32\drivers\MODEMCSA.sys
21:21:23.0863 2624  MODEMCSA - ok
21:21:23.0878 2624  [ 79D10964DE86B292320E9DFE02282A23 ] monitor         C:\Windows\system32\DRIVERS\monitor.sys
21:21:23.0925 2624  monitor - ok
21:21:23.0941 2624  [ FB18CC1D4C2E716B6B903B0AC0CC0609 ] mouclass        C:\Windows\system32\DRIVERS\mouclass.sys
21:21:23.0988 2624  mouclass - ok
21:21:24.0019 2624  [ 2C388D2CD01C9042596CF3C8F3C7B24D ] mouhid          C:\Windows\system32\DRIVERS\mouhid.sys
21:21:24.0050 2624  mouhid - ok
21:21:24.0097 2624  [ FC8771F45ECCCFD89684E38842539B9B ] mountmgr        C:\Windows\system32\drivers\mountmgr.sys
21:21:24.0128 2624  mountmgr - ok
21:21:24.0190 2624  [ CB8AF049AC9BE419A77ADAE288673359 ] MozillaMaintenance C:\Program Files\Mozilla Maintenance Service\maintenanceservice.exe
21:21:24.0222 2624  MozillaMaintenance - ok
21:21:24.0268 2624  [ 2D699FB6E89CE0D8DA14ECC03B3EDFE0 ] mpio            C:\Windows\system32\drivers\mpio.sys
21:21:24.0315 2624  mpio - ok
21:21:24.0331 2624  [ AD2723A7B53DD1AACAE6AD8C0BFBF4D0 ] mpsdrv          C:\Windows\system32\drivers\mpsdrv.sys
21:21:24.0378 2624  mpsdrv - ok
21:21:24.0424 2624  [ 9835584E999D25004E1EE8E5F3E3B881 ] MpsSvc          C:\Windows\system32\mpssvc.dll
21:21:24.0487 2624  MpsSvc - ok
21:21:24.0518 2624  [ CEB46AB7C01C9F825F8CC6BABC18166A ] MRxDAV          C:\Windows\system32\drivers\mrxdav.sys
21:21:24.0549 2624  MRxDAV - ok
21:21:24.0580 2624  [ 5D16C921E3671636C0EBA3BBAAC5FD25 ] mrxsmb          C:\Windows\system32\DRIVERS\mrxsmb.sys
21:21:24.0627 2624  mrxsmb - ok
21:21:24.0643 2624  [ 6D17A4791ACA19328C685D256349FEFC ] mrxsmb10        C:\Windows\system32\DRIVERS\mrxsmb10.sys
21:21:24.0690 2624  mrxsmb10 - ok
21:21:24.0690 2624  [ B81F204D146000BE76651A50670A5E9E ] mrxsmb20        C:\Windows\system32\DRIVERS\mrxsmb20.sys
21:21:24.0736 2624  mrxsmb20 - ok
21:21:24.0752 2624  [ 012C5F4E9349E711E11E0F19A8589F0A ] msahci          C:\Windows\system32\drivers\msahci.sys
21:21:24.0783 2624  msahci - ok
21:21:24.0814 2624  [ 55055F8AD8BE27A64C831322A780A228 ] msdsm           C:\Windows\system32\drivers\msdsm.sys
21:21:24.0830 2624  msdsm - ok
21:21:24.0861 2624  [ E1BCE74A3BD9902B72599C0192A07E27 ] MSDTC           C:\Windows\System32\msdtc.exe
21:21:24.0877 2624  MSDTC - ok
21:21:24.0892 2624  [ DAEFB28E3AF5A76ABCC2C3078C07327F ] Msfs            C:\Windows\system32\drivers\Msfs.sys
21:21:24.0939 2624  Msfs - ok
21:21:24.0955 2624  [ 3E1E5767043C5AF9367F0056295E9F84 ] mshidkmdf       C:\Windows\System32\drivers\mshidkmdf.sys
21:21:25.0002 2624  mshidkmdf - ok
21:21:25.0017 2624  [ 0A4E5757AE09FA9622E3158CC1AEF114 ] msisadrv        C:\Windows\system32\drivers\msisadrv.sys
21:21:25.0033 2624  msisadrv - ok
21:21:25.0064 2624  [ 90F7D9E6B6F27E1A707D4A297F077828 ] MSiSCSI         C:\Windows\system32\iscsiexe.dll
21:21:25.0111 2624  MSiSCSI - ok
21:21:25.0126 2624  msiserver - ok
21:21:25.0158 2624  [ 8C0860D6366AAFFB6C5BB9DF9448E631 ] MSKSSRV         C:\Windows\system32\drivers\MSKSSRV.sys
21:21:25.0204 2624  MSKSSRV - ok
21:21:25.0220 2624  [ 3EA8B949F963562CEDBB549EAC0C11CE ] MSPCLOCK        C:\Windows\system32\drivers\MSPCLOCK.sys
21:21:25.0267 2624  MSPCLOCK - ok
21:21:25.0267 2624  [ F456E973590D663B1073E9C463B40932 ] MSPQM           C:\Windows\system32\drivers\MSPQM.sys
21:21:25.0314 2624  MSPQM - ok
21:21:25.0345 2624  [ 0E008FC4819D238C51D7C93E7B41E560 ] MsRPC           C:\Windows\system32\drivers\MsRPC.sys
21:21:25.0360 2624  MsRPC - ok
21:21:25.0392 2624  [ FC6B9FF600CC585EA38B12589BD4E246 ] mssmbios        C:\Windows\system32\drivers\mssmbios.sys
21:21:25.0407 2624  mssmbios - ok
21:21:25.0423 2624  [ B42C6B921F61A6E55159B8BE6CD54A36 ] MSTEE           C:\Windows\system32\drivers\MSTEE.sys
21:21:25.0470 2624  MSTEE - ok
21:21:25.0470 2624  [ 33599130F44E1F34631CEA241DE8AC84 ] MTConfig        C:\Windows\system32\DRIVERS\MTConfig.sys
21:21:25.0501 2624  MTConfig - ok
21:21:25.0516 2624  [ 159FAD02F64E6381758C990F753BCC80 ] Mup             C:\Windows\system32\Drivers\mup.sys
21:21:25.0532 2624  Mup - ok
21:21:25.0579 2624  [ 61D57A5D7C6D9AFE10E77DAE6E1B445E ] napagent        C:\Windows\system32\qagentRT.dll
21:21:25.0657 2624  napagent - ok
21:21:25.0688 2624  [ 26384429FCD85D83746F63E798AB1480 ] NativeWifiP     C:\Windows\system32\DRIVERS\nwifi.sys
21:21:25.0719 2624  NativeWifiP - ok
21:21:25.0766 2624  [ 8C9C922D71F1CD4DEF73F186416B7896 ] NDIS            C:\Windows\system32\drivers\ndis.sys
21:21:25.0813 2624  NDIS - ok
21:21:25.0828 2624  [ 0E1787AA6C9191D3D319E8BAFE86F80C ] NdisCap         C:\Windows\system32\DRIVERS\ndiscap.sys
21:21:25.0875 2624  NdisCap - ok
21:21:25.0906 2624  [ E4A8AEC125A2E43A9E32AFEEA7C9C888 ] NdisTapi        C:\Windows\system32\DRIVERS\ndistapi.sys
21:21:25.0953 2624  NdisTapi - ok
21:21:25.0969 2624  [ D8A65DAFB3EB41CBB622745676FCD072 ] Ndisuio         C:\Windows\system32\DRIVERS\ndisuio.sys
21:21:26.0016 2624  Ndisuio - ok
21:21:26.0031 2624  [ 38FBE267E7E6983311179230FACB1017 ] NdisWan         C:\Windows\system32\DRIVERS\ndiswan.sys
21:21:26.0078 2624  NdisWan - ok
21:21:26.0109 2624  [ A4BDC541E69674FBFF1A8FF00BE913F2 ] NDProxy         C:\Windows\system32\drivers\NDProxy.sys
21:21:26.0156 2624  NDProxy - ok
21:21:26.0156 2624  [ 80B275B1CE3B0E79909DB7B39AF74D51 ] NetBIOS         C:\Windows\system32\DRIVERS\netbios.sys
21:21:26.0203 2624  NetBIOS - ok
21:21:26.0234 2624  [ 280122DDCF04B378EDD1AD54D71C1E54 ] NetBT           C:\Windows\system32\DRIVERS\netbt.sys
21:21:26.0281 2624  NetBT - ok
21:21:26.0296 2624  [ 81951F51E318AECC2D68559E47485CC4 ] Netlogon        C:\Windows\system32\lsass.exe
21:21:26.0312 2624  Netlogon - ok
21:21:26.0359 2624  [ 7CCCFCA7510684768DA22092D1FA4DB2 ] Netman          C:\Windows\System32\netman.dll
21:21:26.0421 2624  Netman - ok
21:21:26.0437 2624  [ 8C338238C16777A802D6A9211EB2BA50 ] netprofm        C:\Windows\System32\netprofm.dll
21:21:26.0499 2624  netprofm - ok
21:21:26.0530 2624  [ F476EC40033CDB91EFBE73EB99B8362D ] NetTcpPortSharing C:\Windows\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\SMSvcHost.exe
21:21:26.0562 2624  NetTcpPortSharing - ok
21:21:26.0718 2624  [ 58218EC6B61B1169CF54AAB0D00F5FE2 ] netw5v32        C:\Windows\system32\DRIVERS\netw5v32.sys
21:21:26.0827 2624  netw5v32 - ok
21:21:26.0842 2624  [ 1D85C4B390B0EE09C7A46B91EFB2C097 ] nfrd960         C:\Windows\system32\DRIVERS\nfrd960.sys
21:21:26.0874 2624  nfrd960 - ok
21:21:26.0905 2624  [ 912084381D30D8B89EC4E293053F4710 ] NlaSvc          C:\Windows\System32\nlasvc.dll
21:21:26.0952 2624  NlaSvc - ok
21:21:26.0967 2624  [ 1DB262A9F8C087E8153D89BEF3D2235F ] Npfs            C:\Windows\system32\drivers\Npfs.sys
21:21:27.0014 2624  Npfs - ok
21:21:27.0030 2624  [ BA387E955E890C8A88306D9B8D06BF17 ] nsi             C:\Windows\system32\nsisvc.dll
21:21:27.0076 2624  nsi - ok
21:21:27.0108 2624  [ E9A0A4D07E53D8FEA2BB8387A3293C58 ] nsiproxy        C:\Windows\system32\drivers\nsiproxy.sys
21:21:27.0154 2624  nsiproxy - ok
21:21:27.0232 2624  [ 0D87503986BB3DFED58E343FE39DDE13 ] Ntfs            C:\Windows\system32\drivers\Ntfs.sys
21:21:27.0295 2624  Ntfs - ok
21:21:27.0326 2624  [ F9756A98D69098DCA8945D62858A812C ] Null            C:\Windows\system32\drivers\Null.sys
21:21:27.0388 2624  Null - ok
21:21:27.0388 2624  [ B3E25EE28883877076E0E1FF877D02E0 ] nvraid          C:\Windows\system32\drivers\nvraid.sys
21:21:27.0420 2624  nvraid - ok
21:21:27.0435 2624  [ 4380E59A170D88C4F1022EFF6719A8A4 ] nvstor          C:\Windows\system32\drivers\nvstor.sys
21:21:27.0466 2624  nvstor - ok
21:21:27.0466 2624  [ 5A0983915F02BAE73267CC2A041F717D ] nv_agp          C:\Windows\system32\drivers\nv_agp.sys
21:21:27.0498 2624  nv_agp - ok
21:21:27.0513 2624  [ 08A70A1F2CDDE9BB49B885CB817A66EB ] ohci1394        C:\Windows\system32\drivers\ohci1394.sys
21:21:27.0544 2624  ohci1394 - ok
21:21:27.0669 2624  [ 42AB8DF92D7DA1408208744C1E9EBAF2 ] OODefragAgent   C:\Program Files\OO Software\Defrag\oodag.exe
21:21:27.0747 2624  OODefragAgent - ok
21:21:27.0810 2624  [ 9D10F99A6712E28F8ACD5641E3A7EA6B ] ose             C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE
21:21:27.0825 2624  ose - ok
21:21:28.0028 2624  [ 358A9CCA612C68EB2F07DDAD4CE1D8D7 ] osppsvc         C:\Program Files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE
21:21:28.0168 2624  osppsvc - ok
21:21:28.0215 2624  [ 82A8521DDC60710C3D3D3E7325209BEC ] p2pimsvc        C:\Windows\system32\pnrpsvc.dll
21:21:28.0246 2624  p2pimsvc - ok
21:21:28.0278 2624  [ 59C3DDD501E39E006DAC31BF55150D91 ] p2psvc          C:\Windows\system32\p2psvc.dll
21:21:28.0324 2624  p2psvc - ok
21:21:28.0371 2624  [ 2EA877ED5DD9713C5AC74E8EA7348D14 ] Parport         C:\Windows\system32\DRIVERS\parport.sys
21:21:28.0402 2624  Parport - ok
21:21:28.0449 2624  [ 3F34A1B4C5F6475F320C275E63AFCE9B ] partmgr         C:\Windows\system32\drivers\partmgr.sys
21:21:28.0480 2624  partmgr - ok
21:21:28.0496 2624  [ EB0A59F29C19B86479D36B35983DAADC ] Parvdm          C:\Windows\system32\DRIVERS\parvdm.sys
21:21:28.0512 2624  Parvdm - ok
21:21:28.0543 2624  [ 358AB7956D3160000726574083DFC8A6 ] PcaSvc          C:\Windows\System32\pcasvc.dll
21:21:28.0574 2624  PcaSvc - ok
21:21:28.0574 2624  [ 673E55C3498EB970088E812EA820AA8F ] pci             C:\Windows\system32\drivers\pci.sys
21:21:28.0605 2624  pci - ok
21:21:28.0621 2624  [ AFE86F419014DB4E5593F69FFE26CE0A ] pciide          C:\Windows\system32\drivers\pciide.sys
21:21:28.0636 2624  pciide - ok
21:21:28.0652 2624  [ F396431B31693E71E8A80687EF523506 ] pcmcia          C:\Windows\system32\DRIVERS\pcmcia.sys
21:21:28.0683 2624  pcmcia - ok
21:21:28.0683 2624  [ 250F6B43D2B613172035C6747AEEB19F ] pcw             C:\Windows\system32\drivers\pcw.sys
21:21:28.0714 2624  pcw - ok
21:21:28.0746 2624  [ 9E0104BA49F4E6973749A02BF41344ED ] PEAUTH          C:\Windows\system32\drivers\peauth.sys
21:21:28.0808 2624  PEAUTH - ok
21:21:28.0855 2624  [ AF4D64D2A57B9772CF3801950B8058A6 ] PeerDistSvc     C:\Windows\system32\peerdistsvc.dll
21:21:28.0902 2624  PeerDistSvc - ok
21:21:28.0995 2624  [ 414BBA67A3DED1D28437EB66AEB8A720 ] pla             C:\Windows\system32\pla.dll
21:21:29.0073 2624  pla - ok
21:21:29.0136 2624  [ EC7BC28D207DA09E79B3E9FAF8B232CA ] PlugPlay        C:\Windows\system32\umpnpmgr.dll
21:21:29.0182 2624  PlugPlay - ok
21:21:29.0182 2624  [ 63FF8572611249931EB16BB8EED6AFC8 ] PNRPAutoReg     C:\Windows\system32\pnrpauto.dll
21:21:29.0229 2624  PNRPAutoReg - ok
21:21:29.0260 2624  [ 82A8521DDC60710C3D3D3E7325209BEC ] PNRPsvc         C:\Windows\system32\pnrpsvc.dll
21:21:29.0292 2624  PNRPsvc - ok
21:21:29.0323 2624  [ 896D916DE06F5502D301E8C4DC442AE8 ] Point32         C:\Windows\system32\DRIVERS\point32.sys
21:21:29.0338 2624  Point32 - ok
21:21:29.0370 2624  [ 53946B69BA0836BD95B03759530C81EC ] PolicyAgent     C:\Windows\System32\ipsecsvc.dll
21:21:29.0416 2624  PolicyAgent - ok
21:21:29.0448 2624  [ F87D30E72E03D579A5199CCB3831D6EA ] Power           C:\Windows\system32\umpo.dll
21:21:29.0510 2624  Power - ok
21:21:29.0557 2624  [ 631E3E205AD6D86F2AED6A4A8E69F2DB ] PptpMiniport    C:\Windows\system32\DRIVERS\raspptp.sys
21:21:29.0604 2624  PptpMiniport - ok
21:21:29.0619 2624  [ 85B1E3A0C7585BC4AAE6899EC6FCF011 ] Processor       C:\Windows\system32\DRIVERS\processr.sys
21:21:29.0650 2624  Processor - ok
21:21:29.0682 2624  [ CADEFAC453040E370A1BDFF3973BE00D ] ProfSvc         C:\Windows\system32\profsvc.dll
21:21:29.0697 2624  ProfSvc - ok
21:21:29.0728 2624  [ 81951F51E318AECC2D68559E47485CC4 ] ProtectedStorage C:\Windows\system32\lsass.exe
21:21:29.0744 2624  ProtectedStorage - ok
21:21:29.0775 2624  [ 6270CCAE2A86DE6D146529FE55B3246A ] Psched          C:\Windows\system32\DRIVERS\pacer.sys
21:21:29.0822 2624  Psched - ok
21:21:29.0884 2624  [ AB95ECF1F6659A60DDC166D8315B0751 ] ql2300          C:\Windows\system32\DRIVERS\ql2300.sys
21:21:29.0962 2624  ql2300 - ok
21:21:29.0962 2624  [ B4DD51DD25182244B86737DC51AF2270 ] ql40xx          C:\Windows\system32\DRIVERS\ql40xx.sys
21:21:29.0994 2624  ql40xx - ok
21:21:30.0025 2624  [ 31AC809E7707EB580B2BDB760390765A ] QWAVE           C:\Windows\system32\qwave.dll
21:21:30.0056 2624  QWAVE - ok
21:21:30.0072 2624  [ 584078CA1B95CA72DF2A27C336F9719D ] QWAVEdrv        C:\Windows\system32\drivers\qwavedrv.sys
21:21:30.0087 2624  QWAVEdrv - ok
21:21:30.0118 2624  [ 30A81B53C766D0133BB86D234E5556AB ] RasAcd          C:\Windows\system32\DRIVERS\rasacd.sys
21:21:30.0165 2624  RasAcd - ok
21:21:30.0196 2624  [ 57EC4AEF73660166074D8F7F31C0D4FD ] RasAgileVpn     C:\Windows\system32\DRIVERS\AgileVpn.sys
21:21:30.0243 2624  RasAgileVpn - ok
21:21:30.0259 2624  [ A60F1839849C0C00739787FD5EC03F13 ] RasAuto         C:\Windows\System32\rasauto.dll
21:21:30.0306 2624  RasAuto - ok
21:21:30.0306 2624  [ D9F91EAFEC2815365CBE6D167E4E332A ] Rasl2tp         C:\Windows\system32\DRIVERS\rasl2tp.sys
21:21:30.0368 2624  Rasl2tp - ok
21:21:30.0399 2624  [ CB9E04DC05EACF5B9A36CA276D475006 ] RasMan          C:\Windows\System32\rasmans.dll
21:21:30.0446 2624  RasMan - ok
21:21:30.0462 2624  [ 0FE8B15916307A6AC12BFB6A63E45507 ] RasPppoe        C:\Windows\system32\DRIVERS\raspppoe.sys
21:21:30.0508 2624  RasPppoe - ok
21:21:30.0524 2624  [ 44101F495A83EA6401D886E7FD70096B ] RasSstp         C:\Windows\system32\DRIVERS\rassstp.sys
21:21:30.0571 2624  RasSstp - ok
21:21:30.0602 2624  [ D528BC58A489409BA40334EBF96A311B ] rdbss           C:\Windows\system32\DRIVERS\rdbss.sys
21:21:30.0664 2624  rdbss - ok
21:21:30.0680 2624  [ 0D8F05481CB76E70E1DA06EE9F0DA9DF ] rdpbus          C:\Windows\system32\DRIVERS\rdpbus.sys
21:21:30.0696 2624  rdpbus - ok
21:21:30.0742 2624  [ 23DAE03F29D253AE74C44F99E515F9A1 ] RDPCDD          C:\Windows\system32\DRIVERS\RDPCDD.sys
21:21:30.0805 2624  RDPCDD - ok
21:21:30.0820 2624  [ B973FCFC50DC1434E1970A146F7E3885 ] RDPDR           C:\Windows\system32\drivers\rdpdr.sys
21:21:30.0852 2624  RDPDR - ok
21:21:30.0867 2624  [ 5A53CA1598DD4156D44196D200C94B8A ] RDPENCDD        C:\Windows\system32\drivers\rdpencdd.sys
21:21:30.0914 2624  RDPENCDD - ok
21:21:30.0914 2624  [ 44B0A53CD4F27D50ED461DAE0C0B4E1F ] RDPREFMP        C:\Windows\system32\drivers\rdprefmp.sys
21:21:30.0961 2624  RDPREFMP - ok
21:21:31.0054 2624  [ 68A0387F58E226DEEE23D9715955572A ] RdpVideoMiniport C:\Windows\system32\drivers\rdpvideominiport.sys
21:21:31.0086 2624  RdpVideoMiniport - ok
21:21:31.0117 2624  [ F031683E6D1FEA157ABB2FF260B51E61 ] RDPWD           C:\Windows\system32\drivers\RDPWD.sys
21:21:31.0148 2624  RDPWD - ok
21:21:31.0179 2624  [ 518395321DC96FE2C9F0E96AC743B656 ] rdyboost        C:\Windows\system32\drivers\rdyboost.sys
21:21:31.0210 2624  rdyboost - ok
21:21:31.0226 2624  [ 7B5E1419717FAC363A31CC302895217A ] RemoteAccess    C:\Windows\System32\mprdim.dll
21:21:31.0273 2624  RemoteAccess - ok
21:21:31.0288 2624  [ CB9A8683F4EF2BF99E123D79950D7935 ] RemoteRegistry  C:\Windows\system32\regsvc.dll
21:21:31.0351 2624  RemoteRegistry - ok
21:21:31.0366 2624  [ 78D072F35BC45D9E4E1B61895C152234 ] RpcEptMapper    C:\Windows\System32\RpcEpMap.dll
21:21:31.0413 2624  RpcEptMapper - ok
21:21:31.0429 2624  [ 94D36C0E44677DD26981D2BFEEF2A29D ] RpcLocator      C:\Windows\system32\locator.exe
21:21:31.0460 2624  RpcLocator - ok
21:21:31.0491 2624  [ 7660F01D3B38ACA1747E397D21D790AF ] RpcSs           C:\Windows\system32\rpcss.dll
21:21:31.0538 2624  RpcSs - ok
21:21:31.0569 2624  [ 032B0D36AD92B582D869879F5AF5B928 ] rspndr          C:\Windows\system32\DRIVERS\rspndr.sys
21:21:31.0616 2624  rspndr - ok
21:21:31.0678 2624  [ 5283B9A27FF230F2FF70D92451FF409A ] RTL8167         C:\Windows\system32\DRIVERS\Rt86win7.sys
21:21:31.0710 2624  RTL8167 - ok
21:21:31.0741 2624  [ 7FA7F2E249A5DCBB7970630E15E1F482 ] s3cap           C:\Windows\system32\drivers\vms3cap.sys
21:21:31.0772 2624  s3cap - ok
21:21:31.0803 2624  [ 81951F51E318AECC2D68559E47485CC4 ] SamSs           C:\Windows\system32\lsass.exe
21:21:31.0819 2624  SamSs - ok
21:21:31.0866 2624  [ 05D860DA1040F111503AC416CCEF2BCA ] sbp2port        C:\Windows\system32\drivers\sbp2port.sys
21:21:31.0881 2624  sbp2port - ok
21:21:31.0912 2624  [ 8FC518FFE9519C2631D37515A68009C4 ] SCardSvr        C:\Windows\System32\SCardSvr.dll
21:21:31.0975 2624  SCardSvr - ok
21:21:31.0990 2624  [ 0693B5EC673E34DC147E195779A4DCF6 ] scfilter        C:\Windows\system32\DRIVERS\scfilter.sys
21:21:32.0037 2624  scfilter - ok
21:21:32.0068 2624  [ A04BB13F8A72F8B6E8B4071723E4E336 ] Schedule        C:\Windows\system32\schedsvc.dll
21:21:32.0146 2624  Schedule - ok
21:21:32.0162 2624  [ 319C6B309773D063541D01DF8AC6F55F ] SCPolicySvc     C:\Windows\System32\certprop.dll
21:21:32.0209 2624  SCPolicySvc - ok
21:21:32.0224 2624  [ 08236C4BCE5EDD0A0318A438AF28E0F7 ] SDRSVC          C:\Windows\System32\SDRSVC.dll
21:21:32.0256 2624  SDRSVC - ok
21:21:32.0302 2624  [ 90A3935D05B494A5A39D37E71F09A677 ] secdrv          C:\Windows\system32\drivers\secdrv.sys
21:21:32.0365 2624  secdrv - ok
21:21:32.0380 2624  [ A59B3A4442C52060CC7A85293AA3546F ] seclogon        C:\Windows\system32\seclogon.dll
21:21:32.0427 2624  seclogon - ok
21:21:32.0443 2624  [ DCB7FCDCC97F87360F75D77425B81737 ] SENS            C:\Windows\System32\sens.dll
21:21:32.0505 2624  SENS - ok
21:21:32.0505 2624  [ 50087FE1EE447009C9CC2997B90DE53F ] SensrSvc        C:\Windows\system32\sensrsvc.dll
21:21:32.0536 2624  SensrSvc - ok
21:21:32.0552 2624  [ 9AD8B8B515E3DF6ACD4212EF465DE2D1 ] Serenum         C:\Windows\system32\DRIVERS\serenum.sys
21:21:32.0583 2624  Serenum - ok
21:21:32.0599 2624  [ 5FB7FCEA0490D821F26F39CC5EA3D1E2 ] Serial          C:\Windows\system32\DRIVERS\serial.sys
21:21:32.0630 2624  Serial - ok
21:21:32.0646 2624  [ 79BFFB520327FF916A582DFEA17AA813 ] sermouse        C:\Windows\system32\DRIVERS\sermouse.sys
21:21:32.0677 2624  sermouse - ok
21:21:32.0692 2624  [ 4AE380F39A0032EAB7DD953030B26D28 ] SessionEnv      C:\Windows\system32\sessenv.dll
21:21:32.0739 2624  SessionEnv - ok
21:21:32.0770 2624  [ 9F976E1EB233DF46FCE808D9DEA3EB9C ] sffdisk         C:\Windows\system32\drivers\sffdisk.sys
21:21:32.0802 2624  sffdisk - ok
21:21:32.0833 2624  [ 932A68EE27833CFD57C1639D375F2731 ] sffp_mmc        C:\Windows\system32\drivers\sffp_mmc.sys
21:21:32.0864 2624  sffp_mmc - ok
21:21:32.0895 2624  [ 6D4CCAEDC018F1CF52866BBBAA235982 ] sffp_sd         C:\Windows\system32\drivers\sffp_sd.sys
21:21:32.0926 2624  sffp_sd - ok
21:21:32.0942 2624  [ DB96666CC8312EBC45032F30B007A547 ] sfloppy         C:\Windows\system32\DRIVERS\sfloppy.sys
21:21:32.0973 2624  sfloppy - ok
21:21:32.0989 2624  [ D1A079A0DE2EA524513B6930C24527A2 ] SharedAccess    C:\Windows\System32\ipnathlp.dll
21:21:33.0036 2624  SharedAccess - ok
21:21:33.0082 2624  [ 414DA952A35BF5D50192E28263B40577 ] ShellHWDetection C:\Windows\System32\shsvcs.dll
21:21:33.0129 2624  ShellHWDetection - ok
21:21:33.0160 2624  [ 2565CAC0DC9FE0371BDCE60832582B2E ] sisagp          C:\Windows\system32\drivers\sisagp.sys
21:21:33.0176 2624  sisagp - ok
21:21:33.0192 2624  [ A9F0486851BECB6DDA1D89D381E71055 ] SiSRaid2        C:\Windows\system32\DRIVERS\SiSRaid2.sys
21:21:33.0223 2624  SiSRaid2 - ok
21:21:33.0223 2624  [ 3727097B55738E2F554972C3BE5BC1AA ] SiSRaid4        C:\Windows\system32\DRIVERS\sisraid4.sys
21:21:33.0254 2624  SiSRaid4 - ok
21:21:33.0285 2624  [ 3E21C083B8A01CB70BA1F09303010FCE ] Smb             C:\Windows\system32\DRIVERS\smb.sys
21:21:33.0332 2624  Smb - ok
21:21:33.0410 2624  [ 859E3ADC59D1C89A66AA6492C14D379E ] smserial        C:\Windows\system32\DRIVERS\smserial.sys
21:21:33.0457 2624  smserial - ok
21:21:33.0504 2624  [ EB49860E776CE860DC3CFB9EDB1BA517 ] snapman         C:\Windows\system32\DRIVERS\snapman.sys
21:21:33.0550 2624  snapman - ok
21:21:33.0582 2624  [ 6A984831644ECA1A33FFEAE4126F4F37 ] SNMPTRAP        C:\Windows\System32\snmptrap.exe
21:21:33.0613 2624  SNMPTRAP - ok
21:21:33.0644 2624  [ 95CF1AE7527FB70F7816563CBC09D942 ] spldr           C:\Windows\system32\drivers\spldr.sys
21:21:33.0675 2624  spldr - ok
21:21:33.0722 2624  [ 9AEA093B8F9C37CF45538382CABA2475 ] Spooler         C:\Windows\System32\spoolsv.exe
21:21:33.0769 2624  Spooler - ok
21:21:33.0909 2624  [ CF87A1DE791347E75B98885214CED2B8 ] sppsvc          C:\Windows\system32\sppsvc.exe
21:21:34.0018 2624  sppsvc - ok
21:21:34.0034 2624  [ B0180B20B065D89232A78A40FE56EAA6 ] sppuinotify     C:\Windows\system32\sppuinotify.dll
21:21:34.0081 2624  sppuinotify - ok
21:21:34.0096 2624  [ E4C2764065D66EA1D2D3EBC28FE99C46 ] srv             C:\Windows\system32\DRIVERS\srv.sys
21:21:34.0128 2624  srv - ok
21:21:34.0143 2624  [ 03F0545BD8D4C77FA0AE1CEEDFCC71AB ] srv2            C:\Windows\system32\DRIVERS\srv2.sys
21:21:34.0174 2624  srv2 - ok
21:21:34.0174 2624  [ BE6BD660CAA6F291AE06A718A4FA8ABC ] srvnet          C:\Windows\system32\DRIVERS\srvnet.sys
21:21:34.0206 2624  srvnet - ok
21:21:34.0221 2624  [ D887C9FD02AC9FA880F6E5027A43E118 ] SSDPSRV         C:\Windows\System32\ssdpsrv.dll
21:21:34.0284 2624  SSDPSRV - ok
21:21:34.0315 2624  [ D318F23BE45D5E3A107469EB64815B50 ] SstpSvc         C:\Windows\system32\sstpsvc.dll
21:21:34.0362 2624  SstpSvc - ok
21:21:34.0377 2624  [ DB32D325C192B801DF274BFD12A7E72B ] stexstor        C:\Windows\system32\DRIVERS\stexstor.sys
21:21:34.0408 2624  stexstor - ok
21:21:34.0455 2624  [ EDB05BD63148796F23EA78506404A538 ] StillCam        C:\Windows\system32\DRIVERS\serscan.sys
21:21:34.0486 2624  StillCam - ok
21:21:34.0533 2624  [ E1FB3706030FB4578A0D72C2FC3689E4 ] StiSvc          C:\Windows\System32\wiaservc.dll
21:21:34.0596 2624  StiSvc - ok
21:21:34.0627 2624  [ 472AF0311073DCECEAA8FA18BA2BDF89 ] storflt         C:\Windows\system32\drivers\vmstorfl.sys
21:21:34.0642 2624  storflt - ok
21:21:34.0642 2624  [ DCAFFD62259E0BDB433DD67B5BB37619 ] storvsc         C:\Windows\system32\drivers\storvsc.sys
21:21:34.0674 2624  storvsc - ok
21:21:34.0689 2624  [ E58C78A848ADD9610A4DB6D214AF5224 ] swenum          C:\Windows\system32\drivers\swenum.sys
21:21:34.0705 2624  swenum - ok
21:21:34.0736 2624  [ A28BD92DF340E57B024BA433165D34D7 ] swprv           C:\Windows\System32\swprv.dll
21:21:34.0783 2624  swprv - ok
21:21:34.0798 2624  Synth3dVsc - ok
21:21:34.0861 2624  [ 36650D618CA34C9D357DFD3D89B2C56F ] SysMain         C:\Windows\system32\sysmain.dll
21:21:34.0923 2624  SysMain - ok
21:21:34.0939 2624  [ 763FECDC3D30C815FE72DD57936C6CD1 ] TabletInputService C:\Windows\System32\TabSvc.dll
21:21:34.0970 2624  TabletInputService - ok
21:21:35.0001 2624  [ 613BF4820361543956909043A265C6AC ] TapiSrv         C:\Windows\System32\tapisrv.dll
21:21:35.0048 2624  TapiSrv - ok
21:21:35.0064 2624  [ B799D9FDB26111737F58288D8DC172D9 ] TBS             C:\Windows\System32\tbssvc.dll
21:21:35.0110 2624  TBS - ok
21:21:35.0188 2624  [ A5EBB8F648000E88B7D9390B514976BF ] Tcpip           C:\Windows\system32\drivers\tcpip.sys
21:21:35.0266 2624  Tcpip - ok
21:21:35.0329 2624  [ A5EBB8F648000E88B7D9390B514976BF ] TCPIP6          C:\Windows\system32\DRIVERS\tcpip.sys
21:21:35.0376 2624  TCPIP6 - ok
21:21:35.0407 2624  [ CCA24162E055C3714CE5A88B100C64ED ] tcpipreg        C:\Windows\system32\drivers\tcpipreg.sys
21:21:35.0438 2624  tcpipreg - ok
21:21:35.0469 2624  [ 1CB91B2BD8F6DD367DFC2EF26FD751B2 ] TDPIPE          C:\Windows\system32\drivers\tdpipe.sys
21:21:35.0500 2624  TDPIPE - ok
21:21:35.0563 2624  [ 431801FCC97034E04A6EFF81136578D7 ] tdrpman273      C:\Windows\system32\DRIVERS\tdrpm273.sys
21:21:35.0610 2624  tdrpman273 - ok
21:21:35.0641 2624  [ 2C2C5AFE7EE4F620D69C23C0617651A8 ] TDTCP           C:\Windows\system32\drivers\tdtcp.sys
21:21:35.0672 2624  TDTCP - ok
21:21:35.0703 2624  [ B459575348C20E8121D6039DA063C704 ] tdx             C:\Windows\system32\DRIVERS\tdx.sys
21:21:35.0750 2624  tdx - ok
21:21:35.0906 2624  [ 5E53CF8AD0FD33B35000C113656AB37B ] TeamViewer7     C:\Program Files\TeamViewer\Version7\TeamViewer_Service.exe
21:21:36.0000 2624  TeamViewer7 - ok
21:21:36.0031 2624  [ 04DBF4B01EA4BF25A9A3E84AFFAC9B20 ] TermDD          C:\Windows\system32\drivers\termdd.sys
21:21:36.0046 2624  TermDD - ok
21:21:36.0093 2624  [ 382C804C92811BE57829D8E550A900E2 ] TermService     C:\Windows\System32\termsrv.dll
21:21:36.0171 2624  TermService - ok
21:21:36.0202 2624  [ 42FB6AFD6B79D9FE07381609172E7CA4 ] Themes          C:\Windows\system32\themeservice.dll
21:21:36.0234 2624  Themes - ok
21:21:36.0249 2624  [ 146B6F43A673379A3C670E86D89BE5EA ] THREADORDER     C:\Windows\system32\mmcss.dll
21:21:36.0296 2624  THREADORDER - ok
21:21:36.0358 2624  [ A34D7024BB7140EC785C86BC065D4F60 ] timounter       C:\Windows\system32\DRIVERS\timntr.sys
21:21:36.0405 2624  timounter - ok
21:21:36.0421 2624  [ 4792C0378DB99A9BC2AE2DE6CFFF0C3A ] TrkWks          C:\Windows\System32\trkwks.dll
21:21:36.0468 2624  TrkWks - ok
21:21:36.0514 2624  [ 2C49B175AEE1D4364B91B531417FE583 ] TrustedInstaller C:\Windows\servicing\TrustedInstaller.exe
21:21:36.0577 2624  TrustedInstaller - ok
21:21:36.0592 2624  [ 254BB140EEE3C59D6114C1A86B636877 ] tssecsrv        C:\Windows\system32\DRIVERS\tssecsrv.sys
21:21:36.0639 2624  tssecsrv - ok
21:21:36.0655 2624  [ FD1D6C73E6333BE727CBCC6054247654 ] TsUsbFlt        C:\Windows\system32\drivers\tsusbflt.sys
21:21:36.0670 2624  TsUsbFlt - ok
21:21:36.0670 2624  tsusbhub - ok
21:21:36.0811 2624  [ C37C2655E3A4AD8203C02E5C31ED2CFB ] TuneUp.UtilitiesSvc C:\Program Files\TuneUp Utilities 2011\TuneUpUtilitiesService32.exe
21:21:36.0858 2624  TuneUp.UtilitiesSvc - ok
21:21:36.0889 2624  [ F2107C9D85EC0DF116939CCCE06AE697 ] TuneUpUtilitiesDrv C:\Program Files\TuneUp Utilities 2011\TuneUpUtilitiesDriver32.sys
21:21:36.0920 2624  TuneUpUtilitiesDrv - ok
21:21:36.0951 2624  [ B2FA25D9B17A68BB93D58B0556E8C90D ] tunnel          C:\Windows\system32\DRIVERS\tunnel.sys
21:21:36.0998 2624  tunnel - ok
21:21:37.0029 2624  [ 750FBCB269F4D7DD2E420C56B795DB6D ] uagp35          C:\Windows\system32\DRIVERS\uagp35.sys
21:21:37.0045 2624  uagp35 - ok
21:21:37.0076 2624  [ EE43346C7E4B5E63E54F927BABBB32FF ] udfs            C:\Windows\system32\DRIVERS\udfs.sys
21:21:37.0123 2624  udfs - ok
21:21:37.0170 2624  [ 8344FD4FCE927880AA1AA7681D4927E5 ] UI0Detect       C:\Windows\system32\UI0Detect.exe
21:21:37.0201 2624  UI0Detect - ok
21:21:37.0201 2624  [ 44E8048ACE47BEFBFDC2E9BE4CBC8880 ] uliagpkx        C:\Windows\system32\drivers\uliagpkx.sys
21:21:37.0232 2624  uliagpkx - ok
21:21:37.0248 2624  [ D295BED4B898F0FD999FCFA9B32B071B ] umbus           C:\Windows\system32\drivers\umbus.sys
21:21:37.0279 2624  umbus - ok
21:21:37.0310 2624  [ 7550AD0C6998BA1CB4843E920EE0FEAC ] UmPass          C:\Windows\system32\DRIVERS\umpass.sys
21:21:37.0326 2624  UmPass - ok
21:21:37.0357 2624  [ 409994A8EACEEE4E328749C0353527A0 ] UmRdpService    C:\Windows\System32\umrdp.dll
21:21:37.0372 2624  UmRdpService - ok
21:21:37.0388 2624  [ 833FBB672460EFCE8011D262175FAD33 ] upnphost        C:\Windows\System32\upnphost.dll
21:21:37.0450 2624  upnphost - ok
21:21:37.0482 2624  [ BD9C55D7023C5DE374507ACC7A14E2AC ] usbccgp         C:\Windows\system32\DRIVERS\usbccgp.sys
21:21:37.0497 2624  usbccgp - ok
21:21:37.0513 2624  [ 04EC7CEC62EC3B6D9354EEE93327FC82 ] usbcir          C:\Windows\system32\drivers\usbcir.sys
21:21:37.0544 2624  usbcir - ok
21:21:37.0560 2624  [ F92DE757E4B7CE9C07C5E65423F3AE3B ] usbehci         C:\Windows\system32\DRIVERS\usbehci.sys
21:21:37.0591 2624  usbehci - ok
21:21:37.0591 2624  [ 8DC94AEC6A7E644A06135AE7506DC2E9 ] usbhub          C:\Windows\system32\DRIVERS\usbhub.sys
21:21:37.0622 2624  usbhub - ok
21:21:37.0638 2624  [ A6FB7957EA7AFB1165991E54CE934B74 ] usbohci         C:\Windows\system32\DRIVERS\usbohci.sys
21:21:37.0669 2624  usbohci - ok
21:21:37.0684 2624  [ 797D862FE0875E75C7CC4C1AD7B30252 ] usbprint        C:\Windows\system32\DRIVERS\usbprint.sys
21:21:37.0716 2624  usbprint - ok
21:21:37.0747 2624  [ 576096CCBC07E7C4EA4F5E6686D6888F ] usbscan         C:\Windows\system32\DRIVERS\usbscan.sys
21:21:37.0762 2624  usbscan - ok
21:21:37.0794 2624  [ F991AB9CC6B908DB552166768176896A ] USBSTOR         C:\Windows\system32\DRIVERS\USBSTOR.SYS
21:21:37.0825 2624  USBSTOR - ok
21:21:37.0840 2624  [ 68DF884CF41CDADA664BEB01DAF67E3D ] usbuhci         C:\Windows\system32\DRIVERS\usbuhci.sys
21:21:37.0856 2624  usbuhci - ok
21:21:37.0887 2624  [ 081E6E1C91AEC36758902A9F727CD23C ] UxSms           C:\Windows\System32\uxsms.dll
21:21:37.0934 2624  UxSms - ok
21:21:38.0012 2624  [ 7C33AC492BC4438CF265CBF9D423CA07 ] UxTuneUp        C:\Windows\System32\uxtuneup.dll
21:21:38.0028 2624  UxTuneUp - ok
21:21:38.0043 2624  [ 81951F51E318AECC2D68559E47485CC4 ] VaultSvc        C:\Windows\system32\lsass.exe
21:21:38.0074 2624  VaultSvc - ok
21:21:38.0090 2624  [ A059C4C3EDB09E07D21A8E5C0AABD3CB ] vdrvroot        C:\Windows\system32\drivers\vdrvroot.sys
21:21:38.0106 2624  vdrvroot - ok
21:21:38.0168 2624  [ C3CD30495687C2A2F66A65CA6FD89BE9 ] vds             C:\Windows\System32\vds.exe
21:21:38.0230 2624  vds - ok
21:21:38.0262 2624  [ 17C408214EA61696CEC9C66E388B14F3 ] vga             C:\Windows\system32\DRIVERS\vgapnp.sys
21:21:38.0293 2624  vga - ok
21:21:38.0293 2624  [ 8E38096AD5C8570A6F1570A61E251561 ] VgaSave         C:\Windows\System32\drivers\vga.sys
21:21:38.0340 2624  VgaSave - ok
21:21:38.0371 2624  VGPU - ok
21:21:38.0402 2624  [ 5461686CCA2FDA57B024547733AB42E3 ] vhdmp           C:\Windows\system32\drivers\vhdmp.sys
21:21:38.0449 2624  vhdmp - ok
21:21:38.0464 2624  [ C829317A37B4BEA8F39735D4B076E923 ] viaagp          C:\Windows\system32\drivers\viaagp.sys
21:21:38.0480 2624  viaagp - ok
21:21:38.0496 2624  [ E02F079A6AA107F06B16549C6E5C7B74 ] ViaC7           C:\Windows\system32\DRIVERS\viac7.sys
21:21:38.0511 2624  ViaC7 - ok
21:21:38.0542 2624  [ E43574F6A56A0EE11809B48C09E4FD3C ] viaide          C:\Windows\system32\drivers\viaide.sys
21:21:38.0558 2624  viaide - ok
21:21:38.0589 2624  [ C2F2911156FDC7817C52829C86DA494E ] vmbus           C:\Windows\system32\drivers\vmbus.sys
21:21:38.0620 2624  vmbus - ok
21:21:38.0620 2624  [ D4D77455211E204F370D08F4963063CE ] VMBusHID        C:\Windows\system32\drivers\VMBusHID.sys
21:21:38.0652 2624  VMBusHID - ok
21:21:38.0652 2624  [ 4C63E00F2F4B5F86AB48A58CD990F212 ] volmgr          C:\Windows\system32\drivers\volmgr.sys
21:21:38.0683 2624  volmgr - ok
21:21:38.0683 2624  [ B5BB72067DDDDBBFB04B2F89FF8C3C87 ] volmgrx         C:\Windows\system32\drivers\volmgrx.sys
21:21:38.0714 2624  volmgrx - ok
21:21:38.0730 2624  [ F497F67932C6FA693D7DE2780631CFE7 ] volsnap         C:\Windows\system32\drivers\volsnap.sys
21:21:38.0761 2624  volsnap - ok
21:21:38.0776 2624  [ 9DFA0CC2F8855A04816729651175B631 ] vsmraid         C:\Windows\system32\DRIVERS\vsmraid.sys
21:21:38.0808 2624  vsmraid - ok
21:21:38.0870 2624  [ 209A3B1901B83AEB8527ED211CCE9E4C ] VSS             C:\Windows\system32\vssvc.exe
21:21:38.0932 2624  VSS - ok
21:21:38.0948 2624  [ 90567B1E658001E79D7C8BBD3DDE5AA6 ] vwifibus        C:\Windows\System32\drivers\vwifibus.sys
21:21:38.0964 2624  vwifibus - ok
21:21:38.0995 2624  [ 55187FD710E27D5095D10A472C8BAF1C ] W32Time         C:\Windows\system32\w32time.dll
21:21:39.0042 2624  W32Time - ok
21:21:39.0057 2624  [ DE3721E89C653AA281428C8A69745D90 ] WacomPen        C:\Windows\system32\DRIVERS\wacompen.sys
21:21:39.0088 2624  WacomPen - ok
21:21:39.0135 2624  [ 3C3C78515F5AB448B022BDF5B8FFDD2E ] WANARP          C:\Windows\system32\DRIVERS\wanarp.sys
21:21:39.0213 2624  WANARP - ok
21:21:39.0213 2624  [ 3C3C78515F5AB448B022BDF5B8FFDD2E ] Wanarpv6        C:\Windows\system32\DRIVERS\wanarp.sys
21:21:39.0260 2624  Wanarpv6 - ok
21:21:39.0322 2624  [ 691E3285E53DCA558E1A84667F13E15A ] wbengine        C:\Windows\system32\wbengine.exe
21:21:39.0385 2624  wbengine - ok
21:21:39.0400 2624  [ 9614B5D29DC76AC3C29F6D2D3AA70E67 ] WbioSrvc        C:\Windows\System32\wbiosrvc.dll
21:21:39.0432 2624  WbioSrvc - ok
21:21:39.0463 2624  [ 34EEE0DFAADB4F691D6D5308A51315DC ] wcncsvc         C:\Windows\System32\wcncsvc.dll
21:21:39.0494 2624  wcncsvc - ok
21:21:39.0510 2624  [ 5D930B6357A6D2AF4D7653BDABBF352F ] WcsPlugInService C:\Windows\System32\WcsPlugInService.dll
21:21:39.0525 2624  WcsPlugInService - ok
21:21:39.0556 2624  [ 1112A9BADACB47B7C0BB0392E3158DFF ] Wd              C:\Windows\system32\DRIVERS\wd.sys
21:21:39.0572 2624  Wd - ok
21:21:39.0603 2624  [ 9950E3D0F08141C7E89E64456AE7DC73 ] Wdf01000        C:\Windows\system32\drivers\Wdf01000.sys
21:21:39.0634 2624  Wdf01000 - ok
21:21:39.0650 2624  [ 46EF9DC96265FD0B423DB72E7C38C2A5 ] WdiServiceHost  C:\Windows\system32\wdi.dll
21:21:39.0681 2624  WdiServiceHost - ok
21:21:39.0697 2624  [ 46EF9DC96265FD0B423DB72E7C38C2A5 ] WdiSystemHost   C:\Windows\system32\wdi.dll
21:21:39.0728 2624  WdiSystemHost - ok
21:21:39.0759 2624  [ A9D880F97530D5B8FEE278923349929D ] WebClient       C:\Windows\System32\webclnt.dll
21:21:39.0790 2624  WebClient - ok
21:21:39.0806 2624  [ 760F0AFE937A77CFF27153206534F275 ] Wecsvc          C:\Windows\system32\wecsvc.dll
21:21:39.0868 2624  Wecsvc - ok
21:21:39.0868 2624  [ AC804569BB2364FB6017370258A4091B ] wercplsupport   C:\Windows\System32\wercplsupport.dll
21:21:39.0915 2624  wercplsupport - ok
21:21:39.0946 2624  [ 08E420D873E4FD85241EE2421B02C4A4 ] WerSvc          C:\Windows\System32\WerSvc.dll
21:21:39.0993 2624  WerSvc - ok
21:21:40.0009 2624  [ 8B9A943F3B53861F2BFAF6C186168F79 ] WfpLwf          C:\Windows\system32\DRIVERS\wfplwf.sys
21:21:40.0056 2624  WfpLwf - ok
21:21:40.0071 2624  [ 5CF95B35E59E2A38023836FFF31BE64C ] WIMMount        C:\Windows\system32\drivers\wimmount.sys
21:21:40.0102 2624  WIMMount - ok
21:21:40.0165 2624  [ 3FAE8F94296001C32EAB62CD7D82E0FD ] WinDefend       C:\Program Files\Windows Defender\mpsvc.dll
21:21:40.0212 2624  WinDefend - ok
21:21:40.0212 2624  WinHttpAutoProxySvc - ok
21:21:40.0305 2624  [ F62E510B6AD4C21EB9FE8668ED251826 ] Winmgmt         C:\Windows\system32\wbem\WMIsvc.dll
21:21:40.0368 2624  Winmgmt - ok
21:21:40.0414 2624  [ 1B91CD34EA3A90AB6A4EF0550174F4CC ] WinRM           C:\Windows\system32\WsmSvc.dll
21:21:40.0492 2624  WinRM - ok
21:21:40.0539 2624  [ A67E5F9A400F3BD1BE3D80613B45F708 ] WinUsb          C:\Windows\system32\DRIVERS\WinUsb.sys
21:21:40.0555 2624  WinUsb - ok
21:21:40.0602 2624  [ 16935C98FF639D185086A3529B1F2067 ] Wlansvc         C:\Windows\System32\wlansvc.dll
21:21:40.0664 2624  Wlansvc - ok
21:21:40.0711 2624  [ 0217679B8FCA58714C3BF2726D2CA84E ] WmiAcpi         C:\Windows\system32\drivers\wmiacpi.sys
21:21:40.0726 2624  WmiAcpi - ok
21:21:40.0758 2624  [ 6EB6B66517B048D87DC1856DDF1F4C3F ] wmiApSrv        C:\Windows\system32\wbem\WmiApSrv.exe
21:21:40.0789 2624  wmiApSrv - ok
21:21:40.0867 2624  [ 3B40D3A61AA8C21B88AE57C58AB3122E ] WMPNetworkSvc   C:\Program Files\Windows Media Player\wmpnetwk.exe
21:21:40.0929 2624  WMPNetworkSvc - ok
21:21:40.0929 2624  [ A2F0EC770A92F2B3F9DE6D518E11409C ] WPCSvc          C:\Windows\System32\wpcsvc.dll
21:21:40.0960 2624  WPCSvc - ok
21:21:40.0976 2624  [ AA53356D60AF47EACC85BC617A4F3F66 ] WPDBusEnum      C:\Windows\system32\wpdbusenum.dll
21:21:41.0007 2624  WPDBusEnum - ok
21:21:41.0023 2624  [ 6DB3276587B853BF886B69528FDB048C ] ws2ifsl         C:\Windows\system32\drivers\ws2ifsl.sys
21:21:41.0070 2624  ws2ifsl - ok
21:21:41.0085 2624  [ 6F5D49EFE0E7164E03AE773A3FE25340 ] wscsvc          C:\Windows\System32\wscsvc.dll
21:21:41.0116 2624  wscsvc - ok
21:21:41.0116 2624  WSearch - ok
21:21:41.0210 2624  [ FC3EC24FCE372C89423E015A2AC1A31E ] wuauserv        C:\Windows\system32\wuaueng.dll
21:21:41.0288 2624  wuauserv - ok
21:21:41.0304 2624  [ E714A1C0354636837E20CCBF00888EE7 ] WudfPf          C:\Windows\system32\drivers\WudfPf.sys
21:21:41.0350 2624  WudfPf - ok
21:21:41.0382 2624  [ 1023EE888C9B47178C5293ED5336AB69 ] WUDFRd          C:\Windows\system32\DRIVERS\WUDFRd.sys
21:21:41.0428 2624  WUDFRd - ok
21:21:41.0460 2624  [ 8D1E1E529A2C9E9B6A85B55A345F7629 ] wudfsvc         C:\Windows\System32\WUDFSvc.dll
21:21:41.0506 2624  wudfsvc - ok
21:21:41.0522 2624  [ FF2D745B560F7C71B31F30F4D49F73D2 ] WwanSvc         C:\Windows\System32\wwansvc.dll
21:21:41.0553 2624  WwanSvc - ok
21:21:41.0569 2624  ================ Scan global ===============================
21:21:41.0584 2624  [ DAB748AE0439955ED2FA22357533DDDB ] C:\Windows\system32\basesrv.dll
21:21:41.0616 2624  [ 48CB4FDBCAAEAC7BCE2F5941545FF071 ] C:\Windows\system32\winsrv.dll
21:21:41.0631 2624  [ 48CB4FDBCAAEAC7BCE2F5941545FF071 ] C:\Windows\system32\winsrv.dll
21:21:41.0662 2624  [ 364455805E64882844EE9ACB72522830 ] C:\Windows\system32\sxssrv.dll
21:21:41.0694 2624  [ 5F1B6A9C35D3D5CA72D6D6FDEF9747D6 ] C:\Windows\system32\services.exe
21:21:41.0694 2624  [Global] - ok
21:21:41.0694 2624  ================ Scan MBR ==================================
21:21:41.0709 2624  [ A36C5E4F47E84449FF07ED3517B43A31 ] \Device\Harddisk0\DR0
21:21:42.0099 2624  \Device\Harddisk0\DR0 - ok
21:21:42.0099 2624  ================ Scan VBR ==================================
21:21:42.0099 2624  [ 02211F43C7172F84409647297BB0C86C ] \Device\Harddisk0\DR0\Partition1
21:21:42.0099 2624  \Device\Harddisk0\DR0\Partition1 - ok
21:21:42.0130 2624  [ 658CD57D7482E30986EDA5D34D08F8DF ] \Device\Harddisk0\DR0\Partition2
21:21:42.0130 2624  \Device\Harddisk0\DR0\Partition2 - ok
21:21:42.0130 2624  ============================================================
21:21:42.0130 2624  Scan finished
21:21:42.0130 2624  ============================================================
21:21:42.0162 2820  Detected object count: 3
21:21:42.0162 2820  Actual detected object count: 3
21:22:00.0850 2820  BrYNSvc ( UnsignedFile.Multi.Generic ) - skipped by user
21:22:00.0850 2820  BrYNSvc ( UnsignedFile.Multi.Generic ) - User select action: Skip 
21:22:00.0850 2820  IDriverT ( UnsignedFile.Multi.Generic ) - skipped by user
21:22:00.0850 2820  IDriverT ( UnsignedFile.Multi.Generic ) - User select action: Skip 
21:22:00.0850 2820  KMService ( UnsignedFile.Multi.Generic ) - skipped by user
21:22:00.0850 2820  KMService ( UnsignedFile.Multi.Generic ) - User select action: Skip

07.10.2012, 19:37	#4
cosinus /// Winkelfunktion /// TB-Süch-Tiger™	Trojaner --> Java/Exploit.CVE-2012-1723.C Malwarebytes erstellt bei jedem Scanvorgang genau ein Log. Hast du in der Vergangenheit schonmal mit Malwarebytes gescannt? Wenn ja dann stehen auch alle Logs zu jedem Scanvorgang im Reiter Logdateien. Bitte alle posten, die dort sichtbar sind. __________________ Logfiles bitte immer in CODE-Tags posten

09.10.2012, 11:07	#10
cosinus /// Winkelfunktion /// TB-Süch-Tiger™	Trojaner --> Java/Exploit.CVE-2012-1723.C Hätte da mal zwei Fragen bevor es weiter geht (wir sind noch nicht fertig!) 1.) Geht der normale Modus von Windows (wieder) uneingeschränkt? 2.) Vermisst du irgendwas im Startmenü? Sind da leere Ordner unter alle Programme oder ist alles vorhanden? __________________ Logfiles bitte immer in CODE-Tags posten

Trojaner --> Java/Exploit.CVE-2012-1723.C

Log-Analyse und Auswertung: Trojaner --> Java/Exploit.CVE-2012-1723.C