Telekombrief ZeuS/ZBot (Online-Banking-Trojaner)

cosinus · 21.10.2012, 12:26

Code:

ATTFilter

O4 - HKLM..\Run: [ZoneAlarm Client] C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe (Check Point Software Technologies LTD)

ZoneAlarm ist kontraproduktiver Müll, bitte umgehend deinstallieren und die Windows-Firewall einschalten! Mach danach wieder ein neues OTL-Log

BlackSwan · 21.10.2012, 19:29

Hier der neue Scan:

Code:

ATTFilter

OTL logfile created on: 21.10.2012 19:03:08 - Run 4
OTL by OldTimer - Version 3.2.69.0     Folder = D:\Users\***\Downloads
Windows Vista Home Premium Edition Service Pack 1 (Version = 6.0.6001) - Type = NTWorkstation
Internet Explorer (Version = 7.0.6001.18000)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
 
2,00 Gb Total Physical Memory | 1,08 Gb Available Physical Memory | 54,21% Memory free
4,23 Gb Paging File | 3,13 Gb Available in Paging File | 73,97% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 34,18 Gb Total Space | 4,65 Gb Free Space | 13,61% Space Free | Partition Type: NTFS
Drive D: | 192,84 Gb Total Space | 51,00 Gb Free Space | 26,45% Space Free | Partition Type: NTFS
 
Computer Name: *** | User Name: *** | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users | Quick Scan
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days
 
========== Processes (SafeList) ==========
 
PRC - [2012.10.20 11:38:53 | 000,602,112 | ---- | M] (OldTimer Tools) -- D:\Users\***\Downloads\OTL(1).exe
PRC - [2012.09.29 19:54:26 | 000,766,536 | ---- | M] (Malwarebytes Corporation) -- C:\Programme\Malwarebytes' Anti-Malware\mbamgui.exe
PRC - [2012.09.29 19:54:26 | 000,676,936 | ---- | M] (Malwarebytes Corporation) -- C:\Programme\Malwarebytes' Anti-Malware\mbamservice.exe
PRC - [2012.09.29 19:54:26 | 000,399,432 | ---- | M] (Malwarebytes Corporation) -- C:\Programme\Malwarebytes' Anti-Malware\mbamscheduler.exe
PRC - [2011.02.14 10:43:34 | 000,524,632 | ---- | M] (Lavasoft) -- D:\Program Files\Lavasoft\Ad-Aware\AAWTray.exe
PRC - [2011.02.14 10:43:32 | 001,029,456 | ---- | M] (Lavasoft) -- D:\Program Files\Lavasoft\Ad-Aware\AAWService.exe
PRC - [2010.11.05 13:41:52 | 000,488,952 | ---- | M] (Check Point Software Technologies) -- C:\Programme\CheckPoint\ZAForceField\ISWSVC.exe
PRC - [2010.10.16 13:42:38 | 000,792,680 | ---- | M] (NVIDIA Corporation) -- C:\Programme\NVIDIA Corporation\Display\NvXDSync.exe
PRC - [2010.10.16 12:46:40 | 000,369,256 | ---- | M] (NVIDIA Corporation) -- C:\Programme\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe
PRC - [2010.06.03 02:50:58 | 001,144,104 | ---- | M] () -- C:\Programme\DivX\DivX Update\DivXUpdate.exe
PRC - [2009.12.08 12:46:32 | 000,185,640 | ---- | M] (TeamViewer GmbH) -- C:\Programme\TeamViewer\Version5\TeamViewer_Service.exe
PRC - [2009.04.27 12:00:02 | 000,185,640 | ---- | M] (TeamViewer GmbH) -- C:\Programme\TeamViewer\Version4\TeamViewer_Service.exe
PRC - [2009.04.10 19:37:22 | 002,927,104 | ---- | M] (Microsoft Corporation) -- C:\Windows\explorer.exe
PRC - [2009.03.03 12:45:11 | 000,296,400 | ---- | M] () -- C:\Programme\Verbindungsassistent\WTGService.exe
PRC - [2008.04.17 10:08:46 | 001,528,608 | ---- | M] (Cisco Systems, Inc.) -- C:\Programme\Cisco Systems\VPN Client\cvpnd.exe
PRC - [2008.01.19 09:38:38 | 001,008,184 | ---- | M] (Microsoft Corporation) -- C:\Programme\Windows Defender\MSASCui.exe
PRC - [2008.01.19 09:33:39 | 000,896,512 | ---- | M] (Microsoft Corporation) -- C:\Programme\Windows Media Player\wmpnetwk.exe
PRC - [2008.01.19 09:33:39 | 000,202,240 | ---- | M] (Microsoft Corporation) -- C:\Programme\Windows Media Player\wmpnscfg.exe
PRC - [2008.01.19 09:33:28 | 001,169,408 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\sdclt.exe
PRC - [2007.09.07 15:38:42 | 000,561,152 | ---- | M] (MSI) -- C:\Programme\System Control Manager\MGSysCtrl.exe
PRC - [2007.08.23 14:37:18 | 000,061,440 | ---- | M] () -- C:\Programme\System Control Manager\edd.exe
PRC - [2007.08.09 13:26:00 | 004,702,208 | ---- | M] (Realtek Semiconductor) -- C:\Windows\RtHDVCpl.exe
PRC - [2007.03.07 14:01:18 | 000,274,432 | ---- | M] (TOSHIBA CORPORATION.) -- C:\Programme\Toshiba\Bluetooth Toshiba Stack\TosBtHSP.exe
PRC - [2007.02.27 20:21:10 | 000,278,528 | ---- | M] (TOSHIBA CORPORATION.) -- C:\Programme\Toshiba\Bluetooth Toshiba Stack\TosA2dp.exe
PRC - [2007.02.27 14:31:34 | 002,756,608 | ---- | M] (TOSHIBA CORPORATION.) -- C:\Programme\Toshiba\Bluetooth Toshiba Stack\TosBtMng.exe
PRC - [2007.02.25 21:55:18 | 000,125,048 | ---- | M] (TOSHIBA CORPORATION) -- C:\Programme\Toshiba\Bluetooth Toshiba Stack\TosBtSrv.exe
PRC - [2006.10.05 06:10:00 | 000,009,216 | ---- | M] (Agere Systems) -- C:\Windows\System32\agrsmsvc.exe
PRC - [2006.01.23 23:14:10 | 000,069,632 | ---- | M] (TOSHIBA CORPORATION.) -- C:\Programme\Toshiba\Bluetooth Toshiba Stack\TosBtHid.exe
 
 
========== Modules (No Company Name) ==========
 
MOD - [2011.02.14 10:44:03 | 001,640,208 | ---- | M] () -- D:\Program Files\Lavasoft\Ad-Aware\Resources.dll
MOD - [2010.06.03 02:51:08 | 000,095,528 | ---- | M] () -- C:\Programme\DivX\DivX Update\DivXUpdateCheck.dll
MOD - [2010.06.03 02:50:58 | 001,144,104 | ---- | M] () -- C:\Programme\DivX\DivX Update\DivXUpdate.exe
MOD - [2007.09.07 15:52:08 | 000,110,592 | ---- | M] () -- C:\Windows\System32\MGHwCtrl.dll
MOD - [2006.12.10 21:51:08 | 000,077,824 | R--- | M] () -- D:\Program Files\HP\Digital Imaging\bin\crm\xmltok.dll
MOD - [2006.12.10 21:51:08 | 000,065,536 | R--- | M] () -- D:\Program Files\HP\Digital Imaging\bin\crm\xmlparse.dll
MOD - [2005.08.26 11:41:14 | 000,010,752 | ---- | M] () -- C:\Programme\System Control Manager\MGKBHook.dll
MOD - [2005.07.22 21:30:20 | 000,065,536 | ---- | M] () -- C:\Windows\System32\TosCommAPI.dll
MOD - [2004.07.06 15:12:00 | 000,290,816 | ---- | M] () -- C:\Programme\System Control Manager\CmSuppX.dll
 
 
========== Services (SafeList) ==========
 
SRV - File not found [Auto | Stopped] -- C:\Windows\TEMP\AVSETUP_506db6af\avupgsvc.exe /TEMPSTART:C:\Windows\TEMP\AVSETUP_506db6af\setup.exe /NOTEMPCLEANUP /CROSSUPGRADE -- (AviraUpgradeService)
SRV - [2012.10.10 13:12:13 | 000,250,808 | ---- | M] (Adobe Systems Incorporated) [On_Demand | Stopped] -- C:\Windows\System32\Macromed\Flash\FlashPlayerUpdateService.exe -- (AdobeFlashPlayerUpdateSvc)
SRV - [2012.09.29 19:54:26 | 000,676,936 | ---- | M] (Malwarebytes Corporation) [Auto | Running] -- C:\Programme\Malwarebytes' Anti-Malware\mbamservice.exe -- (MBAMService)
SRV - [2012.09.29 19:54:26 | 000,399,432 | ---- | M] (Malwarebytes Corporation) [Auto | Running] -- C:\Programme\Malwarebytes' Anti-Malware\mbamscheduler.exe -- (MBAMScheduler)
SRV - [2011.07.13 09:14:25 | 000,411,432 | ---- | M] (Valve Corporation) [On_Demand | Stopped] -- C:\Program Files\Common Files\Steam\SteamService.exe -- (Steam Client Service)
SRV - [2011.02.14 10:43:32 | 001,029,456 | ---- | M] (Lavasoft) [Auto | Running] -- D:\Program Files\Lavasoft\Ad-Aware\AAWService.exe -- (Lavasoft Ad-Aware Service)
SRV - [2010.11.16 18:47:56 | 002,435,592 | ---- | M] (Check Point Software Technologies LTD) [Auto | Stopped] -- C:\Windows\System32\ZoneLabs\vsmon.exe -- (vsmon)
SRV - [2010.11.05 13:41:52 | 000,488,952 | ---- | M] (Check Point Software Technologies) [Auto | Running] -- C:\Programme\CheckPoint\ZAForceField\ISWSVC.exe -- (IswSvc)
SRV - [2010.10.16 12:46:40 | 000,369,256 | ---- | M] (NVIDIA Corporation) [Auto | Running] -- C:\Programme\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe -- (Stereo Service)
SRV - [2010.03.29 08:51:54 | 000,068,000 | ---- | M] (NOS Microsystems Ltd.) [On_Demand | Stopped] -- C:\Programme\NOS\bin\getPlus_Helper.dll -- (getPlusHelper)
SRV - [2009.12.08 12:46:32 | 000,185,640 | ---- | M] (TeamViewer GmbH) [Auto | Running] -- C:\Programme\TeamViewer\Version5\TeamViewer_Service.exe -- (TeamViewer5)
SRV - [2009.04.27 12:00:02 | 000,185,640 | ---- | M] (TeamViewer GmbH) [Auto | Running] -- C:\Programme\TeamViewer\Version4\TeamViewer_Service.exe -- (TeamViewer4)
SRV - [2009.03.03 12:45:11 | 000,296,400 | ---- | M] () [Auto | Running] -- C:\Programme\Verbindungsassistent\WTGService.exe -- (WTGService)
SRV - [2008.04.17 10:08:46 | 001,528,608 | ---- | M] (Cisco Systems, Inc.) [Auto | Running] -- C:\Programme\Cisco Systems\VPN Client\cvpnd.exe -- (CVPND)
SRV - [2008.01.19 09:38:24 | 000,272,952 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Programme\Windows Defender\MpSvc.dll -- (WinDefend)
SRV - [2008.01.19 09:33:39 | 000,896,512 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\Programme\Windows Media Player\wmpnetwk.exe -- (WMPNetworkSvc)
SRV - [2007.08.23 14:37:18 | 000,061,440 | ---- | M] () [Auto | Running] -- C:\Programme\System Control Manager\edd.exe -- (NishService)
SRV - [2007.02.25 21:55:18 | 000,125,048 | ---- | M] (TOSHIBA CORPORATION) [Auto | Running] -- C:\Programme\Toshiba\Bluetooth Toshiba Stack\TosBtSrv.exe -- (TOSHIBA Bluetooth Service)
SRV - [2006.10.26 19:49:34 | 000,441,136 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Programme\Common Files\microsoft shared\OFFICE12\ODSERV.EXE -- (odserv)
SRV - [2006.10.26 14:03:08 | 000,145,184 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Programme\Common Files\microsoft shared\Source Engine\OSE.EXE -- (ose)
SRV - [2006.10.05 06:10:00 | 000,009,216 | ---- | M] (Agere Systems) [Auto | Running] -- C:\Windows\System32\agrsmsvc.exe -- (AgereModemAudio)
 
 
========== Driver Services (SafeList) ==========
 
DRV - File not found [Kernel | On_Demand | Stopped] -- System32\drivers\vsdatant.win7.sys -- (vsdatant7)
DRV - File not found [Kernel | On_Demand | Stopped] -- system32\DRIVERS\nwlnkfwd.sys -- (NwlnkFwd)
DRV - File not found [Kernel | On_Demand | Stopped] -- system32\DRIVERS\nwlnkflt.sys -- (NwlnkFlt)
DRV - File not found [Kernel | On_Demand | Stopped] -- system32\DRIVERS\ipinip.sys -- (IpInIp)
DRV - File not found [Kernel | On_Demand | Stopped] -- system32\DRIVERS\ewsercd.sys -- (ewsercd)
DRV - File not found [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\blbdrive.sys -- (blbdrive)
DRV - [2012.09.29 19:54:26 | 000,022,856 | ---- | M] (Malwarebytes Corporation) [File_System | On_Demand | Running] -- C:\Windows\System32\drivers\mbam.sys -- (MBAMProtector)
DRV - [2010.11.05 13:41:44 | 000,026,872 | ---- | M] (Check Point Software Technologies) [Kernel | Auto | Running] -- C:\Programme\CheckPoint\ZAForceField\ISWKL.sys -- (ISWKL)
DRV - [2010.10.16 20:55:00 | 010,084,360 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\nvlddmkm.sys -- (nvlddmkm)
DRV - [2010.05.15 17:30:46 | 000,457,304 | ---- | M] (Check Point Software Technologies LTD) [Kernel | System | Running] -- C:\Windows\System32\drivers\vsdatant.sys -- (Vsdatant)
DRV - [2010.05.04 20:11:04 | 000,101,760 | ---- | M] (Huawei Technologies Co., Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\ewusbmdm.sys -- (hwdatacard)
DRV - [2008.04.17 10:07:52 | 000,306,299 | ---- | M] (Cisco Systems, Inc.) [Kernel | Auto | Running] -- C:\Windows\System32\drivers\CVPNDRVA.sys -- (CVPNDRVA)
DRV - [2008.03.29 18:36:28 | 000,125,328 | ---- | M] (Deterministic Networks, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\dne2000.sys -- (DNE)
DRV - [2007.06.25 07:37:00 | 000,084,480 | ---- | M] (Realtek Corporation                                            ) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\Rtlh86.sys -- (RTL8169)
DRV - [2007.04.30 00:45:18 | 002,219,520 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\NETw4v32.sys -- (NETw4v32)
DRV - [2007.03.07 10:26:50 | 000,032,256 | ---- | M] (ENE TECHNOLOGY INC.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\enecir.sys -- (enecir)
DRV - [2007.03.01 16:53:12 | 000,073,728 | ---- | M] (TOSHIBA Corporation.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\Tosrfhid.sys -- (Tosrfhid)
DRV - [2007.02.28 22:27:06 | 000,041,344 | ---- | M] (TOSHIBA CORPORATION) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\tosrfusb.sys -- (Tosrfusb)
DRV - [2007.02.24 14:42:22 | 000,039,936 | ---- | M] (REDC) [Kernel | Auto | Running] -- C:\Windows\System32\drivers\rimmptsk.sys -- (rimmptsk)
DRV - [2007.02.22 19:56:24 | 000,113,920 | ---- | M] (TOSHIBA CORPORATION) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\tosrfbd.sys -- (tosrfbd)
DRV - [2007.01.23 16:40:20 | 000,042,496 | ---- | M] (REDC) [Kernel | Auto | Running] -- C:\Windows\System32\drivers\rimsptsk.sys -- (rimsptsk)
DRV - [2007.01.22 10:43:26 | 000,053,376 | ---- | M] (TOSHIBA Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\TosRfSnd.sys -- (TosRfSnd)
DRV - [2007.01.18 18:28:02 | 000,005,275 | ---- | M] (Cisco Systems, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\CVirtA.sys -- (CVirtA)
DRV - [2006.12.22 05:21:52 | 000,019,456 | ---- | M] (Windows (R) Codename Longhorn DDK provider) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\MGHwCtrl.sys -- (MGHwCtrl)
DRV - [2006.11.28 09:11:00 | 001,161,888 | ---- | M] (Agere Systems) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\AGRSM.sys -- (AgereSoftModem)
DRV - [2006.11.20 17:55:16 | 000,036,480 | ---- | M] (TOSHIBA Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\tosrfbnp.sys -- (tosrfbnp)
DRV - [2006.11.17 10:57:00 | 000,210,224 | ---- | M] (Silicon Image, Inc) [Kernel | Boot | Running] -- C:\Windows\System32\drivers\Si3531.sys -- (Si3531)
DRV - [2006.10.18 08:20:00 | 000,005,504 | ---- | M] (Silicon Image, Inc.) [Kernel | Boot | Running] -- C:\Windows\System32\drivers\SiRemFil.sys -- (SiRemFil)
DRV - [2006.10.10 19:33:00 | 000,041,600 | ---- | M] (TOSHIBA Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\tosporte.sys -- (tosporte)
DRV - [2005.08.01 16:45:00 | 000,064,896 | ---- | M] (TOSHIBA Corporation) [Kernel | System | Running] -- C:\Windows\System32\drivers\tosrfcom.sys -- (Tosrfcom)
DRV - [2005.01.06 13:42:00 | 000,018,612 | ---- | M] (TOSHIBA Corporation.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\tosrfnds.sys -- (tosrfnds)
DRV - [2004.11.01 05:21:00 | 000,010,368 | ---- | M] (Silicon Image, Inc.) [Kernel | Boot | Running] -- C:\Windows\System32\drivers\SiWinAcc.sys -- (SiFilter)
DRV - [1996.04.03 20:33:00 | 000,005,248 | ---- | M] () [Kernel | System | Running] -- d:\Program Files\TVTool\TVTOOL.SYS -- (tvtool)
 
 
========== Standard Registry (SafeList) ==========
 
 
========== Internet Explorer ==========
 
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://www.msi.com.tw
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = %SystemRoot%\system32\blank.htm
IE - HKLM\..\SearchScopes,DefaultScope = 
 
 
IE - HKU\.DEFAULT\..\SearchScopes,DefaultScope = 
IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
 
IE - HKU\S-1-5-18\..\SearchScopes,DefaultScope = 
IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
 
IE - HKU\S-1-5-19\..\SearchScopes,DefaultScope = 
 
IE - HKU\S-1-5-20\..\SearchScopes,DefaultScope = 
 
IE - HKU\S-1-5-21-1261220303-501515183-852727618-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.google.de/
IE - HKU\S-1-5-21-1261220303-501515183-852727618-1000\SOFTWARE\Microsoft\Internet Explorer\Main,StartPageCache = 1
IE - HKU\S-1-5-21-1261220303-501515183-852727618-1000\..\URLSearchHook: {0A94B116-4504-4e26-AB05-E61E474AA38B} - SOFTWARE\Classes\CLSID\{0A94B116-4504-4e26-AB05-E61E474AA38B}\InprocServer32 File not found
IE - HKU\S-1-5-21-1261220303-501515183-852727618-1000\..\SearchScopes,DefaultScope = 
IE - HKU\S-1-5-21-1261220303-501515183-852727618-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
 
========== FireFox ==========
 
FF - prefs.js..extensions.enabledItems: {91da5e8a-3318-4f8c-b67e-5964de3ab546}:2.6.0.15
FF - prefs.js..extensions.enabledItems: {FFB96CC1-7EB3-449D-B827-DB661701C6BB}:1.5.260.0
FF - prefs.js..network.proxy.type: 4
FF - user.js - File not found
 
FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF32_11_4_402_287.dll ()
FF - HKLM\Software\MozillaPlugins\@adobe.com/ShockwavePlayer: C:\Windows\system32\Adobe\Director\np32dsw.dll (Adobe Systems, Inc.)
FF - HKLM\Software\MozillaPlugins\@checkpoint.com/FFApi: C:\Program Files\CheckPoint\ZAForceField\TrustChecker\bin\npFFApi.dll ()
FF - HKLM\Software\MozillaPlugins\@divx.com/DivX Browser Plugin,version=1.0.0: C:\Program Files\DivX\DivX Plus Web Player\npdivx32.dll (DivX,Inc.)
FF - HKLM\Software\MozillaPlugins\@divx.com/DivX Player Plugin,version=1.0.0: d:\Program Files\DivX\DivX Player\npDivxPlayerPlugin.dll (DivX, Inc)
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files\Java\jre6\bin\new_plugin\npjp2.dll (Sun Microsystems, Inc.)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WPF,version=3.5: C:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@nvidia.com/3DVision: C:\Program Files\NVIDIA Corporation\3D Vision\npnv3dv.dll (NVIDIA Corporation)
FF - HKLM\Software\MozillaPlugins\@nvidia.com/3DVisionStreaming: C:\Program Files\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll (NVIDIA Corporation)
FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files\Adobe\Reader 9.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
 
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{FFB96CC1-7EB3-449D-B827-DB661701C6BB}: C:\Program Files\CheckPoint\ZAForceField\TrustChecker [2012.07.01 19:43:13 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 3.6\extensions\\Components: d:\Program Files\Mozilla Firefox\components [2012.10.20 09:18:44 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 3.6\extensions\\Plugins: d:\Program Files\Mozilla Firefox\plugins [2012.10.20 09:18:30 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Thunderbird 5.0\extensions\\Components: D:\Program Files\Mozilla Thunderbird\components [2011.07.20 20:38:17 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Thunderbird 5.0\extensions\\Plugins: D:\Program Files\Mozilla Thunderbird\plugins [2012.10.04 20:54:37 | 000,000,000 | ---D | M]
FF - HKEY_CURRENT_USER\software\mozilla\Mozilla Firefox 16.0.1\extensions\\Components: D:\Program Files\Mozilla Firefox\components [2012.10.20 09:18:44 | 000,000,000 | ---D | M]
FF - HKEY_CURRENT_USER\software\mozilla\Mozilla Firefox 16.0.1\extensions\\Plugins: D:\Program Files\Mozilla Firefox\plugins [2012.10.20 09:18:30 | 000,000,000 | ---D | M]
 
[2010.11.17 11:31:41 | 000,000,000 | ---D | M] (No name found) -- C:\Users\***\AppData\Roaming\mozilla\Extensions
[2010.11.17 11:31:41 | 000,000,000 | ---D | M] (No name found) -- C:\Users\***\AppData\Roaming\mozilla\Extensions\{3550f703-e582-4d05-9a08-453d09bdfdc6}
[2012.10.19 12:03:01 | 000,000,000 | ---D | M] (No name found) -- C:\Users\***\AppData\Roaming\mozilla\Firefox\Profiles\aokres9j.default\extensions
[2010.08.29 09:57:46 | 000,000,000 | ---D | M] (Microsoft .NET Framework Assistant) -- C:\Users\***\AppData\Roaming\mozilla\Firefox\Profiles\aokres9j.default\extensions\{20a82645-c095-46ed-80e3-08825760534b}
[2012.07.31 06:52:02 | 000,000,000 | ---D | M] (iMacros for Firefox) -- C:\Users\***\AppData\Roaming\mozilla\Firefox\Profiles\aokres9j.default\extensions\{81BF1D23-5F17-408D-AC6B-BD6DF7CAF670}
 
O1 HOSTS File: ([2006.09.18 23:41:30 | 000,000,761 | ---- | M]) - C:\Windows\System32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1       localhost
O1 - Hosts: ::1             localhost
O2 - BHO: (Ask Search Assistant BHO) - {0A94B111-4504-4e26-AB05-E61E474AA38B} - C:\Program Files\AskPBar\SrchAstt\1.bin\A9SRCHAS.DLL File not found
O2 - BHO: (ZoneAlarm Security Engine Registrar) - {8A4A36C2-0535-4D2C-BD3D-496CB7EED6E3} - C:\Programme\CheckPoint\ZAForceField\Trustchecker\bin\TrustCheckerIEPlugin.dll (Check Point Software Technologies)
O2 - BHO: (Ask Toolbar BHO) - {F4D76F01-7896-458a-890F-E1F05C46069F} - C:\Programme\AskPBar\bar\1.bin\ASKPBAR.DLL (Ask.com)
O3 - HKLM\..\Toolbar: (ZoneAlarm Security Engine) - {EE2AC4E5-B0B0-4EC6-88A9-BCA1A32AB107} - C:\Programme\CheckPoint\ZAForceField\Trustchecker\bin\TrustCheckerIEPlugin.dll (Check Point Software Technologies)
O3 - HKLM\..\Toolbar: (Ask Toolbar) - {F4D76F09-7896-458a-890F-E1F05C46069F} - C:\Programme\AskPBar\bar\1.bin\ASKPBAR.DLL (Ask.com)
O3 - HKU\S-1-5-21-1261220303-501515183-852727618-1000\..\Toolbar\WebBrowser: (ZoneAlarm Security Engine) - {EE2AC4E5-B0B0-4EC6-88A9-BCA1A32AB107} - C:\Programme\CheckPoint\ZAForceField\Trustchecker\bin\TrustCheckerIEPlugin.dll (Check Point Software Technologies)
O3 - HKU\S-1-5-21-1261220303-501515183-852727618-1000\..\Toolbar\WebBrowser: (Ask Toolbar) - {F4D76F09-7896-458A-890F-E1F05C46069F} - C:\Programme\AskPBar\bar\1.bin\ASKPBAR.DLL (Ask.com)
O4 - HKLM..\Run: [Ad-Watch] D:\Program Files\Lavasoft\Ad-Aware\AAWTray.exe (Lavasoft)
O4 - HKLM..\Run: [DivXUpdate] C:\Program Files\DivX\DivX Update\DivXUpdate.exe ()
O4 - HKLM..\Run: [ISW] C:\Program Files\CheckPoint\ZAForceField\ForceField.exe (Check Point Software Technologies)
O4 - HKLM..\Run: [ Malwarebytes Anti-Malware  (reboot)] C:\Program Files\Malwarebytes' Anti-Malware\mbam.exe (Malwarebytes Corporation)
O4 - HKLM..\Run: [MGSysCtrl] C:\Programme\System Control Manager\MGSysCtrl.exe (MSI)
O4 - HKLM..\Run: [RtHDVCpl] C:\Windows\RtHDVCpl.exe (Realtek Semiconductor)
O4 - HKLM..\Run: [WinampAgent] "d:\Program Files\Winamp\winampa.exe" File not found
O4 - HKLM..\Run: [Windows Defender] C:\Program Files\Windows Defender\MSASCui.exe (Microsoft Corporation)
O4 - HKLM..\Run: [ZoneAlarm Client] C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe (Check Point Software Technologies LTD)
O4 - HKU\S-1-5-19..\Run: [WindowsWelcomeCenter] C:\Windows\System32\oobefldr.dll (Microsoft Corporation)
O4 - HKU\S-1-5-20..\Run: [WindowsWelcomeCenter] C:\Windows\System32\oobefldr.dll (Microsoft Corporation)
O8 - Extra context menu item: Nach Microsoft E&xel exportieren - C:\Programme\Microsoft Office\Office12\EXCEL.EXE (Microsoft Corporation)
O9 - Extra Button: An OneNote senden - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Programme\Microsoft Office\Office12\ONBttnIE.dll (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : An OneNote s&enden - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Programme\Microsoft Office\Office12\ONBttnIE.dll (Microsoft Corporation)
O9 - Extra Button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\Programme\Microsoft Office\Office12\REFIEBAR.DLL (Microsoft Corporation)
O13 - gopher Prefix: missing
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_24-windows-i586.cab (Java Plug-in 1.6.0_24)
O16 - DPF: {CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_24-windows-i586.cab (Java Plug-in 1.6.0_24)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_24-windows-i586.cab (Java Plug-in 1.6.0_24)
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} hxxp://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab (get_atlcom Class)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.2.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{DC0BBBF1-19C9-4405-A301-51514617D623}: DhcpNameServer = 192.168.2.1
O18 - Protocol\Handler\ms-help {314111c7-a502-11d2-bbca-00c04f8ec294} - C:\Programme\Common Files\microsoft shared\Help\hxds.dll (Microsoft Corporation)
O18 - Protocol\Handler\ms-itss {0A9007C0-4076-11D3-8789-0000F8105754} - C:\Programme\Common Files\microsoft shared\Information Retrieval\msitss.dll (Microsoft Corporation)
O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Programme\Common Files\Skype\Skype4COM.dll (Skype Technologies)
O18 - Protocol\Filter\text/xml {807563E5-5146-11D5-A672-00B0D022E945} - C:\Programme\Common Files\microsoft shared\OFFICE12\MSOXMLMF.DLL (Microsoft Corporation)
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\System32\userinit.exe (Microsoft Corporation)
O24 - Desktop WallPaper: C:\Users\***\AppData\Roaming\Mozilla\Firefox\Desktop-Hintergrund.bmp
O24 - Desktop BackupWallPaper: C:\Users\***\AppData\Roaming\Mozilla\Firefox\Desktop-Hintergrund.bmp
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2006.09.18 23:43:36 | 000,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ]
O33 - MountPoints2\{0a6ac4a5-65ad-11d9-bf6a-001d9250eb15}\Shell\AutoRun\command - "" = C:\Windows\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL .\WindowsEasyTransfer\x86\.\MigSetup.exe
O33 - MountPoints2\{19482fc2-5c11-11d9-b83c-001d9250eb15}\Shell\AutoRun\command - "" = H:\cahpcg.cmd
O33 - MountPoints2\{19482fc2-5c11-11d9-b83c-001d9250eb15}\Shell\open\Command - "" = H:\cahpcg.cmd
O33 - MountPoints2\{1aa91f8c-b04e-11e0-b881-001d9250eb15}\Shell\AutoRun\command - "" = C:\Windows\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL F:\.\WindowsEasyTransfer\x86\.\MigSetup.exe
O33 - MountPoints2\{568f295e-57a6-11df-8728-001d9250eb15}\Shell - "" = AutoRun
O33 - MountPoints2\{568f295e-57a6-11df-8728-001d9250eb15}\Shell\AutoRun\command - "" = F:\AutoRun.exe
O33 - MountPoints2\{568f29d1-57a6-11df-8728-001d9250eb15}\Shell - "" = AutoRun
O33 - MountPoints2\{568f29d1-57a6-11df-8728-001d9250eb15}\Shell\AutoRun\command - "" = F:\AutoRun.exe
O33 - MountPoints2\{568f29d3-57a6-11df-8728-001d9250eb15}\Shell - "" = AutoRun
O33 - MountPoints2\{568f29d3-57a6-11df-8728-001d9250eb15}\Shell\AutoRun\command - "" = F:\AutoRun.exe
O33 - MountPoints2\{568f29e5-57a6-11df-8728-001d9250eb15}\Shell - "" = AutoRun
O33 - MountPoints2\{568f29e5-57a6-11df-8728-001d9250eb15}\Shell\AutoRun\command - "" = F:\AutoRun.exe
O33 - MountPoints2\{568f29e7-57a6-11df-8728-001d9250eb15}\Shell - "" = AutoRun
O33 - MountPoints2\{568f29e7-57a6-11df-8728-001d9250eb15}\Shell\AutoRun\command - "" = F:\AutoRun.exe
O33 - MountPoints2\{dbac2d32-dd68-11dd-8c2c-001d9250eb15}\Shell\AutoRun\command - "" = C:\Windows\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL Recycled\Recycled\ctfmon.exe
O33 - MountPoints2\{dbac2d32-dd68-11dd-8c2c-001d9250eb15}\Shell\Open(0)\command - "" = Recycled\ctfmon.exe
O33 - MountPoints2\{e1cdaec4-5998-11df-b292-001d9250eb15}\Shell - "" = AutoRun
O33 - MountPoints2\{e1cdaec4-5998-11df-b292-001d9250eb15}\Shell\AutoRun\command - "" = F:\AutoRun.exe
O33 - MountPoints2\{e1cdaec5-5998-11df-b292-001d9250eb15}\Shell - "" = AutoRun
O33 - MountPoints2\{e1cdaec5-5998-11df-b292-001d9250eb15}\Shell\AutoRun\command - "" = F:\AutoRun.exe
O33 - MountPoints2\{f00bf3e0-09a1-11e0-81fa-001d9250eb15}\Shell\AutoRun\command - "" = F:\instdata\xaver\bin\xaver.exe -id intro -skin ja wk_gesetze_usb
O33 - MountPoints2\{f00bf3e0-09a1-11e0-81fa-001d9250eb15}\Shell\command - "" = F:\instdata\xaver\bin\xaver.exe -id intro -skin ja wk_gesetze_usb
O34 - HKLM BootExecute: (autocheck autochk *)
O34 - HKLM BootExecute: (lsdelete)
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O37 - HKU\S-1-5-21-1261220303-501515183-852727618-1000\...exe [@ = exefile] -- Reg Error: Key error. File not found
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)
 
NetSvcs: FastUserSwitchingCompatibility -  File not found
NetSvcs: Ias - C:\Windows\System32\ias.dll (Microsoft Corporation)
NetSvcs: Nla -  File not found
NetSvcs: Ntmssvc -  File not found
NetSvcs: NWCWorkstation -  File not found
NetSvcs: Nwsapagent -  File not found
NetSvcs: SRService -  File not found
NetSvcs: WmdmPmSp -  File not found
NetSvcs: LogonHours -  File not found
NetSvcs: PCAudit -  File not found
NetSvcs: helpsvc -  File not found
NetSvcs: uploadmgr -  File not found
 
 
SafeBootMin: AppMgmt - Service
SafeBootMin: Base - Driver Group
SafeBootMin: Boot Bus Extender - Driver Group
SafeBootMin: Boot file system - Driver Group
SafeBootMin: File system - Driver Group
SafeBootMin: Filter - Driver Group
SafeBootMin: HelpSvc - Service
SafeBootMin: Lavasoft Ad-Aware Service - D:\Program Files\Lavasoft\Ad-Aware\AAWService.exe (Lavasoft)
SafeBootMin: NTDS -  File not found
SafeBootMin: PCI Configuration - Driver Group
SafeBootMin: PNP Filter - Driver Group
SafeBootMin: Primary disk - Driver Group
SafeBootMin: sacsvr - Service
SafeBootMin: SCSI Class - Driver Group
SafeBootMin: System Bus Extender - Driver Group
SafeBootMin: WinDefend - C:\Programme\Windows Defender\MpSvc.dll (Microsoft Corporation)
SafeBootMin: {36FC9E60-C465-11CF-8056-444553540000} - Universal Serial Bus controllers
SafeBootMin: {4D36E965-E325-11CE-BFC1-08002BE10318} - CD-ROM Drive
SafeBootMin: {4D36E967-E325-11CE-BFC1-08002BE10318} - DiskDrive
SafeBootMin: {4D36E969-E325-11CE-BFC1-08002BE10318} - Standard floppy disk controller
SafeBootMin: {4D36E96A-E325-11CE-BFC1-08002BE10318} - Hdc
SafeBootMin: {4D36E96B-E325-11CE-BFC1-08002BE10318} - Keyboard
SafeBootMin: {4D36E96F-E325-11CE-BFC1-08002BE10318} - Mouse
SafeBootMin: {4D36E977-E325-11CE-BFC1-08002BE10318} - PCMCIA Adapters
SafeBootMin: {4D36E97B-E325-11CE-BFC1-08002BE10318} - SCSIAdapter
SafeBootMin: {4D36E97D-E325-11CE-BFC1-08002BE10318} - System
SafeBootMin: {4D36E980-E325-11CE-BFC1-08002BE10318} - Floppy disk drive
SafeBootMin: {533C5B84-EC70-11D2-9505-00C04F79DEAF} - Volume shadow copy
SafeBootMin: {6BDD1FC1-810F-11D0-BEC7-08002BE2092F} - IEEE 1394 Bus host controllers
SafeBootMin: {71A27CDD-812A-11D0-BEC7-08002BE2092F} - Volume
SafeBootMin: {745A17A0-74D3-11D0-B6FE-00A0C90F57DA} - Human Interface Devices
SafeBootMin: {D48179BE-EC20-11D1-B6B8-00C04FA372A7} - SBP2 IEEE 1394 Devices
SafeBootMin: {D94EE5D8-D189-4994-83D2-F68D7D41B0E6} - SecurityDevices
 
SafeBootNet: AppMgmt - Service
SafeBootNet: Base - Driver Group
SafeBootNet: Boot Bus Extender - Driver Group
SafeBootNet: Boot file system - Driver Group
SafeBootNet: File system - Driver Group
SafeBootNet: Filter - Driver Group
SafeBootNet: HelpSvc - Service
SafeBootNet: Lavasoft Ad-Aware Service - D:\Program Files\Lavasoft\Ad-Aware\AAWService.exe (Lavasoft)
SafeBootNet: Messenger - Service
SafeBootNet: NDIS Wrapper - Driver Group
SafeBootNet: NetBIOSGroup - Driver Group
SafeBootNet: NetDDEGroup - Driver Group
SafeBootNet: Network - Driver Group
SafeBootNet: NetworkProvider - Driver Group
SafeBootNet: NTDS -  File not found
SafeBootNet: PCI Configuration - Driver Group
SafeBootNet: PNP Filter - Driver Group
SafeBootNet: PNP_TDI - Driver Group
SafeBootNet: Primary disk - Driver Group
SafeBootNet: rdsessmgr - Service
SafeBootNet: sacsvr - Service
SafeBootNet: SCSI Class - Driver Group
SafeBootNet: Streams Drivers - Driver Group
SafeBootNet: System Bus Extender - Driver Group
SafeBootNet: TDI - Driver Group
SafeBootNet: vsmon - C:\Windows\System32\ZoneLabs\vsmon.exe (Check Point Software Technologies LTD)
SafeBootNet: WinDefend - C:\Programme\Windows Defender\MpSvc.dll (Microsoft Corporation)
SafeBootNet: {36FC9E60-C465-11CF-8056-444553540000} - Universal Serial Bus controllers
SafeBootNet: {4D36E965-E325-11CE-BFC1-08002BE10318} - CD-ROM Drive
SafeBootNet: {4D36E967-E325-11CE-BFC1-08002BE10318} - DiskDrive
SafeBootNet: {4D36E969-E325-11CE-BFC1-08002BE10318} - Standard floppy disk controller
SafeBootNet: {4D36E96A-E325-11CE-BFC1-08002BE10318} - Hdc
SafeBootNet: {4D36E96B-E325-11CE-BFC1-08002BE10318} - Keyboard
SafeBootNet: {4D36E96F-E325-11CE-BFC1-08002BE10318} - Mouse
SafeBootNet: {4D36E972-E325-11CE-BFC1-08002BE10318} - Net
SafeBootNet: {4D36E973-E325-11CE-BFC1-08002BE10318} - NetClient
SafeBootNet: {4D36E974-E325-11CE-BFC1-08002BE10318} - NetService
SafeBootNet: {4D36E975-E325-11CE-BFC1-08002BE10318} - NetTrans
SafeBootNet: {4D36E977-E325-11CE-BFC1-08002BE10318} - PCMCIA Adapters
SafeBootNet: {4D36E97B-E325-11CE-BFC1-08002BE10318} - SCSIAdapter
SafeBootNet: {4D36E97D-E325-11CE-BFC1-08002BE10318} - System
SafeBootNet: {4D36E980-E325-11CE-BFC1-08002BE10318} - Floppy disk drive
SafeBootNet: {50DD5230-BA8A-11D1-BF5D-0000F805F530} - Smart card readers
SafeBootNet: {533C5B84-EC70-11D2-9505-00C04F79DEAF} - Volume shadow copy
SafeBootNet: {6BDD1FC1-810F-11D0-BEC7-08002BE2092F} - IEEE 1394 Bus host controllers
SafeBootNet: {71A27CDD-812A-11D0-BEC7-08002BE2092F} - Volume
SafeBootNet: {745A17A0-74D3-11D0-B6FE-00A0C90F57DA} - Human Interface Devices
SafeBootNet: {D48179BE-EC20-11D1-B6B8-00C04FA372A7} - SBP2 IEEE 1394 Devices
SafeBootNet: {D94EE5D8-D189-4994-83D2-F68D7D41B0E6} - SecurityDevices
 
ActiveX: {08B0E5C0-4FCB-11CF-AAA5-00401C608500} - Java (Sun)
ActiveX: {2179C5D3-EBFF-11CF-B6FD-00AA00B4E220} - 
ActiveX: {22d6f312-b0f6-11d0-94ab-0080c74c7e95} - Microsoft Windows Media Player 11.0
ActiveX: {25FFAAD0-F4A3-4164-95FF-4461E9F35D51} - .NET Framework
ActiveX: {2C7339CF-2B09-4501-B3F3-F3508C9228ED} - %SystemRoot%\system32\regsvr32.exe /s /n /i:/UserInstall %SystemRoot%\system32\themeui.dll
ActiveX: {3af36230-a269-11d1-b5bf-0000f8051515} - Offline Browsing Pack
ActiveX: {44BBA840-CC51-11CF-AAFA-00AA00B6015C} - "%ProgramFiles%\Windows Mail\WinMail.exe" OCInstallUserConfigOE
ActiveX: {44BBA848-CC51-11CF-AAFA-00AA00B6015C} - 
ActiveX: {44BBA855-CC51-11CF-AAFA-00AA00B6015F} - DirectDrawEx
ActiveX: {45ea75a0-a269-11d1-b5bf-0000f8051515} - Internet Explorer Help
ActiveX: {4f645220-306d-11d2-995d-00c04f98bbc9} - Microsoft Windows Script 5.6
ActiveX: {5fd399c0-a70a-11d1-9948-00c04f98bbc9} - Internet Explorer Setup Tools
ActiveX: {630b1da0-b465-11d1-9948-00c04f98bbc9} - Browsing Enhancements
ActiveX: {6BF52A52-394A-11d3-B153-00C04F79FAA6} - Microsoft Windows Media Player
ActiveX: {6fab99d0-bab8-11d1-994a-00c04f98bbc9} - MSN Site Access
ActiveX: {7790769C-0471-11d2-AF11-00C04FA35D02} - Address Book 7
ActiveX: {7C028AF8-F614-47B3-82DA-BA94E41B1089} - .NET Framework
ActiveX: {89820200-ECBD-11cf-8B85-00AA005B4340} - regsvr32.exe /s /n /i:U shell32.dll
ActiveX: {89820200-ECBD-11cf-8B85-00AA005B4383} - C:\Windows\system32\ie4uinit.exe -BaseSettings
ActiveX: {89B4C1CD-B018-4511-B0A1-5476DBF70820} - C:\Windows\system32\Rundll32.exe C:\Windows\system32\mscories.dll,Install
ActiveX: {9381D8F2-0288-11D0-9501-00AA00B911A5} - Dynamic HTML Data Binding
ActiveX: {C9E9A340-D1F1-11D0-821E-444553540600} - Internet Explorer Core Fonts
ActiveX: {CDD7975E-60F8-41d5-8149-19E51D6F71D0} - Windows Movie Maker v2.1
ActiveX: {D27CDB6E-AE6D-11CF-96B8-444553540000} - Macromedia Shockwave Flash
ActiveX: {de5aed00-a4bf-11d1-9948-00c04f98bbc9} - HTML Help
ActiveX: {E92B03AB-B707-11d2-9CBD-0000F87A369E} - Active Directory Service Interface
ActiveX: >{22d6f312-b0f6-11d0-94ab-0080c74c7e95} - C:\Windows\system32\unregmp2.exe /ShowWMP
ActiveX: >{26923b43-4d38-484f-9b9e-de460746276c} - C:\Windows\system32\ie4uinit.exe -UserIconConfig
ActiveX: >{60B49E34-C7CC-11D0-8953-00A0C90347FF} - RunDLL32 IEDKCS32.DLL,BrandIE4 SIGNUP
 
Drivers32: msacm.clmp3enc - C:\Programme\CyberLink\Power2Go\CLMP3Enc.ACM (CyberLink Corp.)
Drivers32: msacm.l3acm - C:\Windows\System32\l3codeca.acm (Fraunhofer Institut Integrierte Schaltungen IIS)
Drivers32: msacm.lhacm - C:\Windows\System32\lhacm.acm (Microsoft Corporation)
Drivers32: MSVideo8 - C:\Windows\System32\vfwwdm32.dll (Microsoft Corporation)
Drivers32: vidc.cvid - C:\Windows\System32\iccvid.dll (Radius Inc.)
Drivers32: vidc.DIVX - C:\Windows\System32\DivX.dll (DivX, Inc.)
Drivers32: vidc.yv12 - C:\Windows\System32\DivX.dll (DivX, Inc.)
 
CREATERESTOREPOINT
Restore point Set: OTL Restore Point
 
========== Files/Folders - Created Within 30 Days ==========
 
[2012.10.18 15:38:24 | 000,000,000 | ---D | C] -- C:\Program Files\ESET
[2012.10.04 20:51:19 | 000,000,000 | R--D | C] -- C:\Users\***\Documents
[3 D:\Users\***\Desktop\*.tmp files -> D:\Users\***\Desktop\*.tmp -> ]
[2 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ]
[1 C:\Users\***\*.tmp files -> C:\Users\***\*.tmp -> ]
 
========== Files - Modified Within 30 Days ==========
 
[2012.10.21 18:53:39 | 000,003,168 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0
[2012.10.21 18:53:39 | 000,003,168 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0
[2012.10.21 18:27:04 | 000,000,884 | ---- | M] () -- C:\Windows\tasks\Adobe Flash Player Updater.job
[2012.10.21 17:45:36 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2012.10.21 17:45:33 | 2143,494,144 | -HS- | M] () -- C:\hiberfil.sys
[2012.10.21 09:29:15 | 000,000,474 | ---- | M] () -- C:\Windows\tasks\Ad-Aware Update (Weekly).job
[2012.10.17 23:36:09 | 000,000,916 | ---- | M] () -- C:\Users\Public\Desktop\ Malwarebytes Anti-Malware .lnk
[2012.10.15 13:33:02 | 000,618,430 | ---- | M] () -- C:\Windows\System32\perfh007.dat
[2012.10.15 13:33:02 | 000,587,178 | ---- | M] () -- C:\Windows\System32\perfh009.dat
[2012.10.15 13:33:02 | 000,122,648 | ---- | M] () -- C:\Windows\System32\perfc007.dat
[2012.10.15 13:33:02 | 000,101,250 | ---- | M] () -- C:\Windows\System32\perfc009.dat
[2012.10.11 21:06:28 | 000,000,000 | ---- | M] () -- C:\Users\***\defogger_reenable
[2012.10.04 20:54:37 | 000,001,897 | ---- | M] () -- C:\Users\Public\Desktop\Adobe Reader 9.lnk
[2012.09.29 19:54:26 | 000,022,856 | ---- | M] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbam.sys
[3 D:\Users\***\Desktop\*.tmp files -> D:\Users\***\Desktop\*.tmp -> ]
[2 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ]
[1 C:\Users\***\*.tmp files -> C:\Users\***\*.tmp -> ]
 
========== Files Created - No Company Name ==========
 
[2012.10.11 21:06:28 | 000,000,000 | ---- | C] () -- C:\Users\***\defogger_reenable
[2012.10.04 20:52:34 | 000,002,425 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe Reader 9.lnk
[2012.10.04 20:52:34 | 000,001,897 | ---- | C] () -- C:\Users\Public\Desktop\Adobe Reader 9.lnk
[2012.10.04 19:07:38 | 000,000,916 | ---- | C] () -- C:\Users\Public\Desktop\ Malwarebytes Anti-Malware .lnk
[2011.05.21 09:25:48 | 000,164,299 | ---- | C] () -- C:\Windows\hpoins19.dat
[2011.05.21 09:23:39 | 000,026,952 | ---- | C] () -- C:\Windows\hpomdl19.dat
[2011.02.19 16:37:26 | 000,100,043 | ---- | C] () -- C:\Windows\System32\StructuredQuerySchema.bin
[2011.02.13 14:34:31 | 000,547,232 | ---- | C] () -- C:\Windows\System32\drivers\sfi.dat
[2010.12.29 23:09:12 | 000,024,206 | ---- | C] () -- C:\Users\***\AppData\Roaming\UserTile.png
[2010.07.19 19:39:58 | 000,001,490 | ---- | C] () -- C:\Users\***\.recently-used.xbel
[2010.06.06 08:30:11 | 000,017,408 | ---- | C] () -- C:\Users\***\AppData\Local\WebpageIcons.db
[2010.04.03 21:20:58 | 000,001,782 | -HS- | C] () -- C:\Users\***\AppData\Local\7VJ5
[2010.04.03 21:20:58 | 000,001,782 | -HS- | C] () -- C:\ProgramData\7VJ5
[2010.03.19 19:09:57 | 000,072,704 | ---- | C] () -- C:\Users\***\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2010.03.19 18:31:25 | 000,008,842 | -HS- | C] () -- C:\Users\***AppData\Local\QD56251NJ16
[2010.03.19 18:31:25 | 000,008,842 | -HS- | C] () -- C:\ProgramData\QD56251NJ16
[2010.02.17 01:05:33 | 000,000,020 | ---- | C] () -- C:\Users\***\AppData\Roaming\sgcpom.dat
[2009.08.03 16:41:44 | 000,000,085 | -HS- | C] () -- C:\ProgramData\.zreglib
[2009.05.23 21:27:41 | 000,001,356 | ---- | C] () -- C:\Users\***\AppData\Local\d3d9caps.dat
[2009.03.06 20:40:59 | 000,000,056 | -H-- | C] () -- C:\ProgramData\ezsidmv.dat
[2008.09.01 18:44:25 | 000,022,328 | ---- | C] () -- C:\Users\***\AppData\Roaming\PnkBstrK.sys
[2008.08.02 14:55:26 | 000,028,190 | ---- | C] () -- C:\Users\***\AppData\Roaming\nvModes.dat
[2008.08.02 14:55:26 | 000,028,190 | ---- | C] () -- C:\Users\***\AppData\Roaming\nvModes.001
 
========== ZeroAccess Check ==========
 
[2006.11.02 14:54:22 | 000,000,227 | RHS- | M] () -- C:\Windows\assembly\Desktop.ini
 
[HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
 
[HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32]
 
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
"" = %SystemRoot%\system32\shell32.dll -- [2009.04.10 19:38:20 | 011,580,928 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment
 
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32]
"" = %systemroot%\system32\wbem\fastprox.dll -- [2009.09.26 08:53:57 | 000,615,424 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free
 
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32]
"" = %systemroot%\system32\wbem\wbemess.dll -- [2008.01.19 09:36:49 | 000,347,648 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Both
 
========== LOP Check ==========
 
[2009.09.26 08:31:35 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\Academic Software Zurich
[2011.02.13 13:50:54 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\Azureus
[2011.02.19 17:47:08 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\CheckPoint
[2008.08.12 18:15:35 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\Command & Conquer 3 Tiberium Wars
[2011.04.12 14:00:32 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\CoSoSys
[2012.10.04 20:30:41 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\Cyqo
[2011.06.19 20:42:30 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\DeepBurner
[2010.07.19 19:39:27 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\gtk-2.0
[2012.10.10 13:41:39 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\Image Zone Express
[2010.03.26 09:46:12 | 000,000,000 | -HSD | M] -- C:\Users\***\AppData\Roaming\lowsec
[2009.10.25 13:59:24 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\Meine Der Herr der Ringe™, Aufstieg des Hexenkönigs™-Dateien
[2009.10.25 12:28:08 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\Meine Die Schlacht um Mittelerde-Dateien
[2008.08.31 20:36:32 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\Meine Die Schlacht um Mittelerde™ II-Dateien
[2010.11.15 08:24:45 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\My Games
[2008.08.02 15:29:45 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\Opera
[2010.12.29 23:09:11 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\PeerNetworking
[2011.05.21 09:43:39 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\Printer Info Cache
[2010.01.13 01:32:58 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\TeamViewer
[2010.11.17 11:31:38 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\Thunderbird
[2008.08.04 20:23:04 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\Toshiba
[2010.05.05 20:36:28 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\Verbindungsassistent
 
========== Purity Check ==========
 
 
 
========== Custom Scans ==========
 
< %ALLUSERSPROFILE%\Application Data\*. >
 
< %ALLUSERSPROFILE%\Application Data\*.exe /s >
 
< %APPDATA%\*. >
[2009.09.26 08:31:35 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\Academic Software Zurich
[2008.10.23 20:38:31 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\Adobe
[2008.08.03 10:57:44 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\AdobeUM
[2010.05.23 13:28:02 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\Apple Computer
[2011.02.13 13:50:54 | 000,000,000 | ---D | M] -- C:\Users\***AppData\Roaming\Azureus
[2011.02.19 17:47:08 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\CheckPoint
[2008.08.12 18:15:35 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\Command & Conquer 3 Tiberium Wars
[2011.04.12 14:00:32 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\CoSoSys
[2009.03.29 00:35:56 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\CyberLink
[2012.10.04 20:30:41 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\Cyqo
[2011.06.19 20:42:30 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\DeepBurner
[2010.06.03 13:49:50 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\DivX
[2010.08.03 22:37:29 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\dvdcss
[2010.07.19 19:39:27 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\gtk-2.0
[2011.05.21 09:35:38 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\HP
[2008.08.02 19:29:22 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\Identities
[2012.10.10 13:41:39 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\Image Zone Express
[2010.03.26 09:46:12 | 000,000,000 | -HSD | M] -- C:\Users\***\AppData\Roaming\lowsec
[2008.08.02 15:48:32 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\Macromedia
[2010.03.19 19:22:56 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\Malwarebytes
[2006.11.02 14:37:34 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\Media Center Programs
[2009.10.25 13:59:24 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\Meine Der Herr der Ringe™, Aufstieg des Hexenkönigs™-Dateien
[2009.10.25 12:28:08 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\Meine Die Schlacht um Mittelerde-Dateien
[2008.08.31 20:36:32 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\Meine Die Schlacht um Mittelerde™ II-Dateien
[2012.07.27 16:59:31 | 000,000,000 | --SD | M] -- C:\Users\***\AppData\Roaming\Microsoft
[2009.03.09 12:06:18 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\Mozilla
[2010.03.25 17:50:30 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\MozillaControl
[2010.11.15 08:24:45 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\My Games
[2012.10.16 20:23:25 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\OpenOffice.org2
[2008.08.02 15:29:45 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\Opera
[2010.12.29 23:09:11 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\PeerNetworking
[2011.05.21 09:43:39 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\Printer Info Cache
[2008.08.12 18:15:13 | 000,000,000 | RH-D | M] -- C:\Users\***\AppData\Roaming\SecuROM
[2009.09.24 12:49:04 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\Skype
[2009.09.24 12:48:35 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\skypePM
[2009.01.21 18:36:50 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\Talkback
[2009.04.16 23:38:13 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\teamspeak2
[2010.01.13 01:32:58 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\TeamViewer
[2010.11.17 11:31:38 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\Thunderbird
[2008.08.04 20:23:04 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\Toshiba
[2010.05.05 20:36:28 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\Verbindungsassistent
[2011.06.19 20:16:15 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\vlc
[2010.02.16 21:50:31 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\Winamp
[2008.08.11 23:50:10 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\WinRAR
 
< %APPDATA%\*.exe /s >
[2008.08.03 15:04:04 | 002,363,392 | R--- | M] (OpenOffice.org) -- C:\Users\***\AppData\Roaming\Microsoft\Installer\{CCD90636-D97D-4130-A44A-3AD4E63B9220}\soffice.exe
 
< %SYSTEMDRIVE%\*.exe >
 
< MD5 for: AGP440.SYS  >
[2008.01.19 09:42:25 | 000,056,376 | ---- | M] (Microsoft Corporation) MD5=13F9E33747E6B41A3FF305C37DB0D360 -- C:\Windows\System32\DriverStore\FileRepository\machine.inf_f750e484\AGP440.sys
[2008.01.19 09:42:25 | 000,056,376 | ---- | M] (Microsoft Corporation) MD5=13F9E33747E6B41A3FF305C37DB0D360 -- C:\Windows\winsxs\x86_machine.inf_31bf3856ad364e35_6.0.6001.18000_none_ba12ed3bbeb0d97a\AGP440.sys
[2006.11.02 11:49:52 | 000,053,864 | ---- | M] (Microsoft Corporation) MD5=EF23439CDD587F64C2C1B8825CEAD7D8 -- C:\Windows\System32\drivers\AGP440.sys
[2006.11.02 11:49:52 | 000,053,864 | ---- | M] (Microsoft Corporation) MD5=EF23439CDD587F64C2C1B8825CEAD7D8 -- C:\Windows\System32\DriverStore\FileRepository\machine.inf_920a2c1f\AGP440.sys
 
< MD5 for: ATAPI.SYS  >
[2008.01.19 09:41:30 | 000,021,560 | ---- | M] (Microsoft Corporation) MD5=2D9C903DC76A66813D350A562DE40ED9 -- C:\Windows\System32\drivers\atapi.sys
[2008.01.19 09:41:30 | 000,021,560 | ---- | M] (Microsoft Corporation) MD5=2D9C903DC76A66813D350A562DE40ED9 -- C:\Windows\System32\DriverStore\FileRepository\mshdc.inf_cc18792d\atapi.sys
[2008.01.19 09:41:30 | 000,021,560 | ---- | M] (Microsoft Corporation) MD5=2D9C903DC76A66813D350A562DE40ED9 -- C:\Windows\winsxs\x86_mshdc.inf_31bf3856ad364e35_6.0.6001.18000_none_dd38281a2189ce9c\atapi.sys
[2006.11.02 11:49:36 | 000,019,048 | ---- | M] (Microsoft Corporation) MD5=4F4FCB8B6EA06784FB6D475B7EC7300F -- C:\Windows\System32\DriverStore\FileRepository\mshdc.inf_c6c2e699\atapi.sys
 
< MD5 for: CNGAUDIT.DLL  >
[2006.11.02 11:46:03 | 000,011,776 | ---- | M] (Microsoft Corporation) MD5=7F15B4953378C8B5161D65C26D5FED4D -- C:\Windows\System32\cngaudit.dll
[2006.11.02 11:46:03 | 000,011,776 | ---- | M] (Microsoft Corporation) MD5=7F15B4953378C8B5161D65C26D5FED4D -- C:\Windows\winsxs\x86_microsoft-windows-cngaudit-dll_31bf3856ad364e35_6.0.6000.16386_none_e62d292932a96ce6\cngaudit.dll
 
< MD5 for: IASTORV.SYS  >
[2008.01.19 09:42:51 | 000,235,064 | ---- | M] (Intel Corporation) MD5=54155EA1B0DF185878E0FC9EC3AC3A14 -- C:\Windows\System32\DriverStore\FileRepository\iastorv.inf_c9df7691\iaStorV.sys
[2008.01.19 09:42:51 | 000,235,064 | ---- | M] (Intel Corporation) MD5=54155EA1B0DF185878E0FC9EC3AC3A14 -- C:\Windows\winsxs\x86_iastorv.inf_31bf3856ad364e35_6.0.6001.18000_none_af11527887c7fa8f\iaStorV.sys
[2006.11.02 11:51:25 | 000,232,040 | ---- | M] (Intel Corporation) MD5=C957BF4B5D80B46C5017BF0101E6C906 -- C:\Windows\System32\drivers\iaStorV.sys
[2006.11.02 11:51:25 | 000,232,040 | ---- | M] (Intel Corporation) MD5=C957BF4B5D80B46C5017BF0101E6C906 -- C:\Windows\System32\DriverStore\FileRepository\iastorv.inf_37cdafa4\iaStorV.sys
 
< MD5 for: NETLOGON.DLL  >
[2006.11.02 11:46:11 | 000,559,616 | ---- | M] (Microsoft Corporation) MD5=889A2C9F2AACCD8F64EF50AC0B3D553B -- C:\Windows\winsxs\x86_microsoft-windows-security-netlogon_31bf3856ad364e35_6.0.6000.16386_none_fb80f5473b0ed783\netlogon.dll
[2008.01.19 09:35:36 | 000,592,384 | ---- | M] (Microsoft Corporation) MD5=A8EFC0B6E75B789F7FD3BA5025D4E37F -- C:\Windows\System32\netlogon.dll
[2008.01.19 09:35:36 | 000,592,384 | ---- | M] (Microsoft Corporation) MD5=A8EFC0B6E75B789F7FD3BA5025D4E37F -- C:\Windows\winsxs\x86_microsoft-windows-security-netlogon_31bf3856ad364e35_6.0.6001.18000_none_fdb7b74337f9e857\netlogon.dll
 
< MD5 for: NVSTOR.SYS  >
[2006.11.02 11:50:13 | 000,040,040 | ---- | M] (NVIDIA Corporation) MD5=9E0BA19A28C498A6D323D065DB76DFFC -- C:\Windows\System32\drivers\nvstor.sys
[2006.11.02 11:50:13 | 000,040,040 | ---- | M] (NVIDIA Corporation) MD5=9E0BA19A28C498A6D323D065DB76DFFC -- C:\Windows\System32\DriverStore\FileRepository\nvraid.inf_733654ff\nvstor.sys
[2008.01.19 09:42:09 | 000,045,112 | ---- | M] (NVIDIA Corporation) MD5=ABED0C09758D1D97DB0042DBB2688177 -- C:\Windows\System32\DriverStore\FileRepository\nvraid.inf_31c3d71d\nvstor.sys
[2008.01.19 09:42:09 | 000,045,112 | ---- | M] (NVIDIA Corporation) MD5=ABED0C09758D1D97DB0042DBB2688177 -- C:\Windows\winsxs\x86_nvraid.inf_31bf3856ad364e35_6.0.6001.18000_none_39dac327befea467\nvstor.sys
 
< MD5 for: SCECLI.DLL  >
[2008.01.19 09:36:19 | 000,177,152 | ---- | M] (Microsoft Corporation) MD5=28B84EB538F7E8A0FE8B9299D591E0B9 -- C:\Windows\System32\scecli.dll
[2008.01.19 09:36:19 | 000,177,152 | ---- | M] (Microsoft Corporation) MD5=28B84EB538F7E8A0FE8B9299D591E0B9 -- C:\Windows\winsxs\x86_microsoft-windows-s..urationengineclient_31bf3856ad364e35_6.0.6001.18000_none_380de25bd91b6f12\scecli.dll
[2006.11.02 11:46:12 | 000,176,640 | ---- | M] (Microsoft Corporation) MD5=80E2839D05CA5970A86D7BE2A08BFF61 -- C:\Windows\winsxs\x86_microsoft-windows-s..urationengineclient_31bf3856ad364e35_6.0.6000.16386_none_35d7205fdc305e3e\scecli.dll
 
< MD5 for: USER32.DLL  >
[2007.09.02 06:22:05 | 000,633,856 | ---- | M] (Microsoft Corporation) MD5=63B4F59D7C89B1BF5277F1FFEFD491CD -- C:\Windows\winsxs\x86_microsoft-windows-user32_31bf3856ad364e35_6.0.6000.16438_none_cb39bc5b7047127e\user32.dll
[2007.09.02 06:22:05 | 000,633,856 | ---- | M] (Microsoft Corporation) MD5=9D9F061EDA75425FC67F0365E3467C86 -- C:\Windows\winsxs\x86_microsoft-windows-user32_31bf3856ad364e35_6.0.6000.20537_none_cbc258dc896598f1\user32.dll
[2006.11.02 11:46:13 | 000,633,856 | ---- | M] (Microsoft Corporation) MD5=E698A5437B89A285ACA3FF022356810A -- C:\Windows\winsxs\x86_microsoft-windows-user32_31bf3856ad364e35_6.0.6000.16386_none_cb01aa4570716e5e\user32.dll
[2008.01.19 09:36:46 | 000,627,200 | ---- | M] (Microsoft Corporation) Unable to obtain MD5 -- C:\Windows\System32\user32.dll
[2008.01.19 09:36:46 | 000,627,200 | ---- | M] (Microsoft Corporation) Unable to obtain MD5 -- C:\Windows\winsxs\x86_microsoft-windows-user32_31bf3856ad364e35_6.0.6001.18000_none_cd386c416d5c7f32\user32.dll
 
< MD5 for: USERINIT.EXE  >
[2008.01.19 09:33:33 | 000,025,088 | ---- | M] (Microsoft Corporation) MD5=0E135526E9785D085BCD9AEDE6FBCBF9 -- C:\Windows\System32\userinit.exe
[2008.01.19 09:33:33 | 000,025,088 | ---- | M] (Microsoft Corporation) MD5=0E135526E9785D085BCD9AEDE6FBCBF9 -- C:\Windows\winsxs\x86_microsoft-windows-userinit_31bf3856ad364e35_6.0.6001.18000_none_dc28ba15d1aff80b\userinit.exe
[2006.11.02 11:45:50 | 000,024,576 | ---- | M] (Microsoft Corporation) MD5=22027835939F86C3E47AD8E3FBDE3D11 -- C:\Windows\winsxs\x86_microsoft-windows-userinit_31bf3856ad364e35_6.0.6000.16386_none_d9f1f819d4c4e737\userinit.exe
 
< MD5 for: WININIT.EXE  >
[2008.01.19 09:33:37 | 000,096,768 | ---- | M] (Microsoft Corporation) MD5=101BA3EA053480BB5D957EF37C06B5ED -- C:\Windows\System32\wininit.exe
[2008.01.19 09:33:37 | 000,096,768 | ---- | M] (Microsoft Corporation) MD5=101BA3EA053480BB5D957EF37C06B5ED -- C:\Windows\winsxs\x86_microsoft-windows-wininit_31bf3856ad364e35_6.0.6001.18000_none_30f2b8cf0450a6a2\wininit.exe
[2006.11.02 11:45:57 | 000,095,744 | ---- | M] (Microsoft Corporation) MD5=D4385B03E8CCCEE6F0EE249F827C1F3E -- C:\Windows\winsxs\x86_microsoft-windows-wininit_31bf3856ad364e35_6.0.6000.16386_none_2ebbf6d3076595ce\wininit.exe
 
< MD5 for: WINLOGON.EXE  >
[2012.09.29 19:54:26 | 000,218,184 | ---- | M] () MD5=8846E87210AD131CF71E3E2E49F647B0 -- C:\Program Files\Malwarebytes' Anti-Malware\Chameleon\winlogon.exe
[2006.11.02 11:45:57 | 000,308,224 | ---- | M] (Microsoft Corporation) MD5=9F75392B9128A91ABAFB044EA350BAAD -- C:\Windows\winsxs\x86_microsoft-windows-winlogon_31bf3856ad364e35_6.0.6000.16386_none_6d8c3f1ad8066b21\winlogon.exe
[2008.01.19 09:33:37 | 000,314,880 | ---- | M] (Microsoft Corporation) MD5=C2610B6BDBEFC053BBDAB4F1B965CB24 -- C:\Windows\System32\winlogon.exe
[2008.01.19 09:33:37 | 000,314,880 | ---- | M] (Microsoft Corporation) MD5=C2610B6BDBEFC053BBDAB4F1B965CB24 -- C:\Windows\winsxs\x86_microsoft-windows-winlogon_31bf3856ad364e35_6.0.6001.18000_none_6fc30116d4f17bf5\winlogon.exe
 
< MD5 for: WS2IFSL.SYS  >
[2006.11.02 10:58:26 | 000,015,872 | ---- | M] (Microsoft Corporation) MD5=84620AECDCFD2A7A14E6263927D8C0ED -- C:\Windows\winsxs\x86_microsoft-windows-w..rastructure-ws2ifsl_31bf3856ad364e35_6.0.6000.16386_none_4d4fded8cae2956d\ws2ifsl.sys
[2008.01.19 07:56:49 | 000,015,872 | ---- | M] (Microsoft Corporation) MD5=E3A3CB253C0EC2494D4A61F5E43A389C -- C:\Windows\System32\drivers\ws2ifsl.sys
[2008.01.19 07:56:49 | 000,015,872 | ---- | M] (Microsoft Corporation) MD5=E3A3CB253C0EC2494D4A61F5E43A389C -- C:\Windows\winsxs\x86_microsoft-windows-w..rastructure-ws2ifsl_31bf3856ad364e35_6.0.6001.18000_none_4f86a0d4c7cda641\ws2ifsl.sys
 
< %systemroot%\system32\drivers\*.sys /lockedfiles >
[2010.05.15 17:30:46 | 000,457,304 | ---- | M] (Check Point Software Technologies LTD) Unable to obtain MD5 -- C:\Windows\system32\drivers\vsdatant.sys
 
< %systemroot%\System32\config\*.sav >
[2006.11.02 12:34:05 | 000,008,192 | ---- | M] () -- C:\Windows\System32\config\COMPONENTS.SAV
[2006.11.02 12:34:05 | 000,020,480 | ---- | M] () -- C:\Windows\System32\config\DEFAULT.SAV
[2006.11.02 12:34:05 | 000,008,192 | ---- | M] () -- C:\Windows\System32\config\SECURITY.SAV
[2006.11.02 12:34:08 | 010,133,504 | ---- | M] () -- C:\Windows\System32\config\SOFTWARE.SAV
[2006.11.02 12:34:08 | 001,826,816 | ---- | M] () -- C:\Windows\System32\config\SYSTEM.SAV
 
< %systemroot%\*. /mp /s >
 
< %systemroot%\system32\*.dll /lockedfiles >
 
========== Alternate Data Streams ==========
 
@Alternate Data Stream - 48 bytes -> C:\Windows:317E1D64A6BB03D9

< End of report >

Mfg,
BlackSwan

cosinus · 22.10.2012, 09:38

Code:

ATTFilter

O4 - HKLM..\Run: [ZoneAlarm Client] C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe (Check Point Software Tec

ZoneAlarm ist da aber immer noch!

BlackSwan · 22.10.2012, 17:44

Hier der neue Scan. Zone alarm müsste jetzt gelöscht sein:

Code:

ATTFilter

OTL logfile created on: 22.10.2012 17:30:27 - Run 5
OTL by OldTimer - Version 3.2.69.0     Folder = D:\Users\***\Downloads
Windows Vista Home Premium Edition Service Pack 1 (Version = 6.0.6001) - Type = NTWorkstation
Internet Explorer (Version = 7.0.6001.18000)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
 
2,00 Gb Total Physical Memory | 1,07 Gb Available Physical Memory | 53,44% Memory free
4,23 Gb Paging File | 3,02 Gb Available in Paging File | 71,28% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 34,18 Gb Total Space | 3,86 Gb Free Space | 11,30% Space Free | Partition Type: NTFS
Drive D: | 192,84 Gb Total Space | 50,37 Gb Free Space | 26,12% Space Free | Partition Type: NTFS
 
Computer Name: *** | User Name: *** | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users | Quick Scan
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days
 
========== Processes (SafeList) ==========
 
PRC - [2012.10.20 11:38:53 | 000,602,112 | ---- | M] (OldTimer Tools) -- D:\Users\***\Downloads\OTL(1).exe
PRC - [2012.09.29 19:54:26 | 000,766,536 | ---- | M] (Malwarebytes Corporation) -- C:\Programme\Malwarebytes' Anti-Malware\mbamgui.exe
PRC - [2012.09.29 19:54:26 | 000,676,936 | ---- | M] (Malwarebytes Corporation) -- C:\Programme\Malwarebytes' Anti-Malware\mbamservice.exe
PRC - [2012.09.29 19:54:26 | 000,399,432 | ---- | M] (Malwarebytes Corporation) -- C:\Programme\Malwarebytes' Anti-Malware\mbamscheduler.exe
PRC - [2011.02.14 10:43:34 | 000,524,632 | ---- | M] (Lavasoft) -- D:\Program Files\Lavasoft\Ad-Aware\AAWTray.exe
PRC - [2011.02.14 10:43:32 | 001,029,456 | ---- | M] (Lavasoft) -- D:\Program Files\Lavasoft\Ad-Aware\AAWService.exe
PRC - [2010.10.29 15:49:28 | 000,505,064 | ---- | M] (Sun Microsystems, Inc.) -- C:\Programme\Common Files\Java\Java Update\jucheck.exe
PRC - [2010.10.16 13:42:38 | 000,792,680 | ---- | M] (NVIDIA Corporation) -- C:\Programme\NVIDIA Corporation\Display\NvXDSync.exe
PRC - [2010.10.16 12:46:40 | 000,369,256 | ---- | M] (NVIDIA Corporation) -- C:\Programme\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe
PRC - [2010.06.03 02:50:58 | 001,144,104 | ---- | M] () -- C:\Programme\DivX\DivX Update\DivXUpdate.exe
PRC - [2009.12.08 12:46:32 | 000,185,640 | ---- | M] (TeamViewer GmbH) -- C:\Programme\TeamViewer\Version5\TeamViewer_Service.exe
PRC - [2009.04.27 12:00:02 | 000,185,640 | ---- | M] (TeamViewer GmbH) -- C:\Programme\TeamViewer\Version4\TeamViewer_Service.exe
PRC - [2009.04.10 19:37:22 | 002,927,104 | ---- | M] (Microsoft Corporation) -- C:\Windows\explorer.exe
PRC - [2009.03.03 12:45:11 | 000,296,400 | ---- | M] () -- C:\Programme\Verbindungsassistent\WTGService.exe
PRC - [2008.04.17 10:08:46 | 001,528,608 | ---- | M] (Cisco Systems, Inc.) -- C:\Programme\Cisco Systems\VPN Client\cvpnd.exe
PRC - [2008.01.19 09:38:38 | 001,008,184 | ---- | M] (Microsoft Corporation) -- C:\Programme\Windows Defender\MSASCui.exe
PRC - [2008.01.19 09:33:39 | 000,896,512 | ---- | M] (Microsoft Corporation) -- C:\Programme\Windows Media Player\wmpnetwk.exe
PRC - [2008.01.19 09:33:39 | 000,202,240 | ---- | M] (Microsoft Corporation) -- C:\Programme\Windows Media Player\wmpnscfg.exe
PRC - [2007.09.07 15:38:42 | 000,561,152 | ---- | M] (MSI) -- C:\Programme\System Control Manager\MGSysCtrl.exe
PRC - [2007.08.23 14:37:18 | 000,061,440 | ---- | M] () -- C:\Programme\System Control Manager\edd.exe
PRC - [2007.08.09 13:26:00 | 004,702,208 | ---- | M] (Realtek Semiconductor) -- C:\Windows\RtHDVCpl.exe
PRC - [2007.02.27 20:21:10 | 000,278,528 | ---- | M] (TOSHIBA CORPORATION.) -- C:\Programme\Toshiba\Bluetooth Toshiba Stack\TosA2dp.exe
PRC - [2007.02.25 21:55:18 | 000,125,048 | ---- | M] (TOSHIBA CORPORATION) -- C:\Programme\Toshiba\Bluetooth Toshiba Stack\TosBtSrv.exe
PRC - [2006.10.05 06:10:00 | 000,009,216 | ---- | M] (Agere Systems) -- C:\Windows\System32\agrsmsvc.exe
 
 
========== Modules (No Company Name) ==========
 
MOD - [2011.02.14 10:44:03 | 001,640,208 | ---- | M] () -- D:\Program Files\Lavasoft\Ad-Aware\Resources.dll
MOD - [2010.06.03 02:51:08 | 000,095,528 | ---- | M] () -- C:\Programme\DivX\DivX Update\DivXUpdateCheck.dll
MOD - [2010.06.03 02:50:58 | 001,144,104 | ---- | M] () -- C:\Programme\DivX\DivX Update\DivXUpdate.exe
MOD - [2007.09.07 15:52:08 | 000,110,592 | ---- | M] () -- C:\Windows\System32\MGHwCtrl.dll
MOD - [2006.12.10 21:51:08 | 000,077,824 | R--- | M] () -- D:\Program Files\HP\Digital Imaging\bin\crm\xmltok.dll
MOD - [2006.12.10 21:51:08 | 000,065,536 | R--- | M] () -- D:\Program Files\HP\Digital Imaging\bin\crm\xmlparse.dll
MOD - [2005.08.26 11:41:14 | 000,010,752 | ---- | M] () -- C:\Programme\System Control Manager\MGKBHook.dll
MOD - [2004.07.06 15:12:00 | 000,290,816 | ---- | M] () -- C:\Programme\System Control Manager\CmSuppX.dll
 
 
========== Services (SafeList) ==========
 
SRV - File not found [Auto | Stopped] -- C:\Windows\TEMP\AVSETUP_506db6af\avupgsvc.exe /TEMPSTART:C:\Windows\TEMP\AVSETUP_506db6af\setup.exe /NOTEMPCLEANUP /CROSSUPGRADE -- (AviraUpgradeService)
SRV - [2012.10.10 13:12:13 | 000,250,808 | ---- | M] (Adobe Systems Incorporated) [On_Demand | Stopped] -- C:\Windows\System32\Macromed\Flash\FlashPlayerUpdateService.exe -- (AdobeFlashPlayerUpdateSvc)
SRV - [2012.09.29 19:54:26 | 000,676,936 | ---- | M] (Malwarebytes Corporation) [Auto | Running] -- C:\Programme\Malwarebytes' Anti-Malware\mbamservice.exe -- (MBAMService)
SRV - [2012.09.29 19:54:26 | 000,399,432 | ---- | M] (Malwarebytes Corporation) [Auto | Running] -- C:\Programme\Malwarebytes' Anti-Malware\mbamscheduler.exe -- (MBAMScheduler)
SRV - [2011.07.13 09:14:25 | 000,411,432 | ---- | M] (Valve Corporation) [On_Demand | Stopped] -- C:\Program Files\Common Files\Steam\SteamService.exe -- (Steam Client Service)
SRV - [2011.02.14 10:43:32 | 001,029,456 | ---- | M] (Lavasoft) [Auto | Running] -- D:\Program Files\Lavasoft\Ad-Aware\AAWService.exe -- (Lavasoft Ad-Aware Service)
SRV - [2010.10.16 12:46:40 | 000,369,256 | ---- | M] (NVIDIA Corporation) [Auto | Running] -- C:\Programme\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe -- (Stereo Service)
SRV - [2010.03.29 08:51:54 | 000,068,000 | ---- | M] (NOS Microsystems Ltd.) [On_Demand | Stopped] -- C:\Programme\NOS\bin\getPlus_Helper.dll -- (getPlusHelper)
SRV - [2009.12.08 12:46:32 | 000,185,640 | ---- | M] (TeamViewer GmbH) [Auto | Running] -- C:\Programme\TeamViewer\Version5\TeamViewer_Service.exe -- (TeamViewer5)
SRV - [2009.04.27 12:00:02 | 000,185,640 | ---- | M] (TeamViewer GmbH) [Auto | Running] -- C:\Programme\TeamViewer\Version4\TeamViewer_Service.exe -- (TeamViewer4)
SRV - [2009.03.03 12:45:11 | 000,296,400 | ---- | M] () [Auto | Running] -- C:\Programme\Verbindungsassistent\WTGService.exe -- (WTGService)
SRV - [2008.04.17 10:08:46 | 001,528,608 | ---- | M] (Cisco Systems, Inc.) [Auto | Running] -- C:\Programme\Cisco Systems\VPN Client\cvpnd.exe -- (CVPND)
SRV - [2008.01.19 09:38:24 | 000,272,952 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Programme\Windows Defender\MpSvc.dll -- (WinDefend)
SRV - [2008.01.19 09:33:39 | 000,896,512 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\Programme\Windows Media Player\wmpnetwk.exe -- (WMPNetworkSvc)
SRV - [2007.08.23 14:37:18 | 000,061,440 | ---- | M] () [Auto | Running] -- C:\Programme\System Control Manager\edd.exe -- (NishService)
SRV - [2007.02.25 21:55:18 | 000,125,048 | ---- | M] (TOSHIBA CORPORATION) [Auto | Running] -- C:\Programme\Toshiba\Bluetooth Toshiba Stack\TosBtSrv.exe -- (TOSHIBA Bluetooth Service)
SRV - [2006.10.26 19:49:34 | 000,441,136 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Programme\Common Files\microsoft shared\OFFICE12\ODSERV.EXE -- (odserv)
SRV - [2006.10.26 14:03:08 | 000,145,184 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Programme\Common Files\microsoft shared\Source Engine\OSE.EXE -- (ose)
SRV - [2006.10.05 06:10:00 | 000,009,216 | ---- | M] (Agere Systems) [Auto | Running] -- C:\Windows\System32\agrsmsvc.exe -- (AgereModemAudio)
 
 
========== Driver Services (SafeList) ==========
 
DRV - File not found [Kernel | On_Demand | Stopped] -- system32\DRIVERS\nwlnkfwd.sys -- (NwlnkFwd)
DRV - File not found [Kernel | On_Demand | Stopped] -- system32\DRIVERS\nwlnkflt.sys -- (NwlnkFlt)
DRV - File not found [Kernel | On_Demand | Stopped] -- system32\DRIVERS\ipinip.sys -- (IpInIp)
DRV - File not found [Kernel | On_Demand | Stopped] -- system32\DRIVERS\ewsercd.sys -- (ewsercd)
DRV - File not found [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\blbdrive.sys -- (blbdrive)
DRV - [2012.09.29 19:54:26 | 000,022,856 | ---- | M] (Malwarebytes Corporation) [File_System | On_Demand | Running] -- C:\Windows\System32\drivers\mbam.sys -- (MBAMProtector)
DRV - [2010.10.16 20:55:00 | 010,084,360 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\nvlddmkm.sys -- (nvlddmkm)
DRV - [2010.05.04 20:11:04 | 000,101,760 | ---- | M] (Huawei Technologies Co., Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\ewusbmdm.sys -- (hwdatacard)
DRV - [2008.04.17 10:07:52 | 000,306,299 | ---- | M] (Cisco Systems, Inc.) [Kernel | Auto | Running] -- C:\Windows\System32\drivers\CVPNDRVA.sys -- (CVPNDRVA)
DRV - [2008.03.29 18:36:28 | 000,125,328 | ---- | M] (Deterministic Networks, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\dne2000.sys -- (DNE)
DRV - [2007.06.25 07:37:00 | 000,084,480 | ---- | M] (Realtek Corporation                                            ) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\Rtlh86.sys -- (RTL8169)
DRV - [2007.04.30 00:45:18 | 002,219,520 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\NETw4v32.sys -- (NETw4v32)
DRV - [2007.03.07 10:26:50 | 000,032,256 | ---- | M] (ENE TECHNOLOGY INC.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\enecir.sys -- (enecir)
DRV - [2007.03.01 16:53:12 | 000,073,728 | ---- | M] (TOSHIBA Corporation.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\Tosrfhid.sys -- (Tosrfhid)
DRV - [2007.02.28 22:27:06 | 000,041,344 | ---- | M] (TOSHIBA CORPORATION) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\tosrfusb.sys -- (Tosrfusb)
DRV - [2007.02.24 14:42:22 | 000,039,936 | ---- | M] (REDC) [Kernel | Auto | Running] -- C:\Windows\System32\drivers\rimmptsk.sys -- (rimmptsk)
DRV - [2007.02.22 19:56:24 | 000,113,920 | ---- | M] (TOSHIBA CORPORATION) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\tosrfbd.sys -- (tosrfbd)
DRV - [2007.01.23 16:40:20 | 000,042,496 | ---- | M] (REDC) [Kernel | Auto | Running] -- C:\Windows\System32\drivers\rimsptsk.sys -- (rimsptsk)
DRV - [2007.01.22 10:43:26 | 000,053,376 | ---- | M] (TOSHIBA Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\TosRfSnd.sys -- (TosRfSnd)
DRV - [2007.01.18 18:28:02 | 000,005,275 | ---- | M] (Cisco Systems, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\CVirtA.sys -- (CVirtA)
DRV - [2006.12.22 05:21:52 | 000,019,456 | ---- | M] (Windows (R) Codename Longhorn DDK provider) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\MGHwCtrl.sys -- (MGHwCtrl)
DRV - [2006.11.28 09:11:00 | 001,161,888 | ---- | M] (Agere Systems) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\AGRSM.sys -- (AgereSoftModem)
DRV - [2006.11.20 17:55:16 | 000,036,480 | ---- | M] (TOSHIBA Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\tosrfbnp.sys -- (tosrfbnp)
DRV - [2006.11.17 10:57:00 | 000,210,224 | ---- | M] (Silicon Image, Inc) [Kernel | Boot | Running] -- C:\Windows\System32\drivers\Si3531.sys -- (Si3531)
DRV - [2006.10.18 08:20:00 | 000,005,504 | ---- | M] (Silicon Image, Inc.) [Kernel | Boot | Running] -- C:\Windows\System32\drivers\SiRemFil.sys -- (SiRemFil)
DRV - [2006.10.10 19:33:00 | 000,041,600 | ---- | M] (TOSHIBA Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\tosporte.sys -- (tosporte)
DRV - [2005.08.01 16:45:00 | 000,064,896 | ---- | M] (TOSHIBA Corporation) [Kernel | System | Running] -- C:\Windows\System32\drivers\tosrfcom.sys -- (Tosrfcom)
DRV - [2005.01.06 13:42:00 | 000,018,612 | ---- | M] (TOSHIBA Corporation.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\tosrfnds.sys -- (tosrfnds)
DRV - [2004.11.01 05:21:00 | 000,010,368 | ---- | M] (Silicon Image, Inc.) [Kernel | Boot | Running] -- C:\Windows\System32\drivers\SiWinAcc.sys -- (SiFilter)
DRV - [1996.04.03 20:33:00 | 000,005,248 | ---- | M] () [Kernel | System | Running] -- d:\Program Files\TVTool\TVTOOL.SYS -- (tvtool)
 
 
========== Standard Registry (SafeList) ==========
 
 
========== Internet Explorer ==========
 
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://www.msi.com.tw
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = %SystemRoot%\system32\blank.htm
IE - HKLM\..\SearchScopes,DefaultScope = 
 
 
IE - HKU\.DEFAULT\..\SearchScopes,DefaultScope = 
IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
 
IE - HKU\S-1-5-18\..\SearchScopes,DefaultScope = 
IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
 
IE - HKU\S-1-5-19\..\SearchScopes,DefaultScope = 
 
IE - HKU\S-1-5-20\..\SearchScopes,DefaultScope = 
 
IE - HKU\S-1-5-21-1261220303-501515183-852727618-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.google.de/
IE - HKU\S-1-5-21-1261220303-501515183-852727618-1000\SOFTWARE\Microsoft\Internet Explorer\Main,StartPageCache = 1
IE - HKU\S-1-5-21-1261220303-501515183-852727618-1000\..\URLSearchHook: {0A94B116-4504-4e26-AB05-E61E474AA38B} - SOFTWARE\Classes\CLSID\{0A94B116-4504-4e26-AB05-E61E474AA38B}\InprocServer32 File not found
IE - HKU\S-1-5-21-1261220303-501515183-852727618-1000\..\SearchScopes,DefaultScope = 
IE - HKU\S-1-5-21-1261220303-501515183-852727618-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
 
========== FireFox ==========
 
FF - prefs.js..extensions.enabledItems: {91da5e8a-3318-4f8c-b67e-5964de3ab546}:2.6.0.15
FF - prefs.js..extensions.enabledItems: {FFB96CC1-7EB3-449D-B827-DB661701C6BB}:1.5.260.0
FF - prefs.js..network.proxy.type: 4
FF - user.js - File not found
 
FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF32_11_4_402_287.dll ()
FF - HKLM\Software\MozillaPlugins\@adobe.com/ShockwavePlayer: C:\Windows\system32\Adobe\Director\np32dsw.dll (Adobe Systems, Inc.)
FF - HKLM\Software\MozillaPlugins\@checkpoint.com/FFApi: C:\Program Files\CheckPoint\ZAForceField\TrustChecker\bin\npFFApi.dll File not found
FF - HKLM\Software\MozillaPlugins\@divx.com/DivX Browser Plugin,version=1.0.0: C:\Program Files\DivX\DivX Plus Web Player\npdivx32.dll (DivX,Inc.)
FF - HKLM\Software\MozillaPlugins\@divx.com/DivX Player Plugin,version=1.0.0: d:\Program Files\DivX\DivX Player\npDivxPlayerPlugin.dll (DivX, Inc)
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files\Java\jre6\bin\new_plugin\npjp2.dll (Sun Microsystems, Inc.)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WPF,version=3.5: C:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@nvidia.com/3DVision: C:\Program Files\NVIDIA Corporation\3D Vision\npnv3dv.dll (NVIDIA Corporation)
FF - HKLM\Software\MozillaPlugins\@nvidia.com/3DVisionStreaming: C:\Program Files\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll (NVIDIA Corporation)
FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files\Adobe\Reader 9.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
 
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 3.6\extensions\\Components: d:\Program Files\Mozilla Firefox\components [2012.10.20 09:18:44 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 3.6\extensions\\Plugins: d:\Program Files\Mozilla Firefox\plugins [2012.10.20 09:18:30 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Thunderbird 5.0\extensions\\Components: D:\Program Files\Mozilla Thunderbird\components [2011.07.20 20:38:17 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Thunderbird 5.0\extensions\\Plugins: D:\Program Files\Mozilla Thunderbird\plugins [2012.10.04 20:54:37 | 000,000,000 | ---D | M]
FF - HKEY_CURRENT_USER\software\mozilla\Mozilla Firefox 16.0.1\extensions\\Components: D:\Program Files\Mozilla Firefox\components [2012.10.20 09:18:44 | 000,000,000 | ---D | M]
FF - HKEY_CURRENT_USER\software\mozilla\Mozilla Firefox 16.0.1\extensions\\Plugins: D:\Program Files\Mozilla Firefox\plugins [2012.10.20 09:18:30 | 000,000,000 | ---D | M]
 
[2010.11.17 11:31:41 | 000,000,000 | ---D | M] (No name found) -- C:\Users\***\AppData\Roaming\mozilla\Extensions
[2010.11.17 11:31:41 | 000,000,000 | ---D | M] (No name found) -- C:\Users\***\AppData\Roaming\mozilla\Extensions\{3550f703-e582-4d05-9a08-453d09bdfdc6}
[2012.10.19 12:03:01 | 000,000,000 | ---D | M] (No name found) -- C:\Users\***\AppData\Roaming\mozilla\Firefox\Profiles\aokres9j.default\extensions
[2010.08.29 09:57:46 | 000,000,000 | ---D | M] (Microsoft .NET Framework Assistant) -- C:\Users\***\AppData\Roaming\mozilla\Firefox\Profiles\aokres9j.default\extensions\{20a82645-c095-46ed-80e3-08825760534b}
[2012.07.31 06:52:02 | 000,000,000 | ---D | M] (iMacros for Firefox) -- C:\Users\***\AppData\Roaming\mozilla\Firefox\Profiles\aokres9j.default\extensions\{81BF1D23-5F17-408D-AC6B-BD6DF7CAF670}
 
O1 HOSTS File: ([2006.09.18 23:41:30 | 000,000,761 | ---- | M]) - C:\Windows\System32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1       localhost
O1 - Hosts: ::1             localhost
O2 - BHO: (Ask Search Assistant BHO) - {0A94B111-4504-4e26-AB05-E61E474AA38B} - C:\Program Files\AskPBar\SrchAstt\1.bin\A9SRCHAS.DLL File not found
O2 - BHO: (Ask Toolbar BHO) - {F4D76F01-7896-458a-890F-E1F05C46069F} - C:\Programme\AskPBar\bar\1.bin\ASKPBAR.DLL (Ask.com)
O3 - HKLM\..\Toolbar: (Ask Toolbar) - {F4D76F09-7896-458a-890F-E1F05C46069F} - C:\Programme\AskPBar\bar\1.bin\ASKPBAR.DLL (Ask.com)
O3 - HKU\S-1-5-21-1261220303-501515183-852727618-1000\..\Toolbar\WebBrowser: (no name) - {EE2AC4E5-B0B0-4EC6-88A9-BCA1A32AB107} - No CLSID value found.
O3 - HKU\S-1-5-21-1261220303-501515183-852727618-1000\..\Toolbar\WebBrowser: (Ask Toolbar) - {F4D76F09-7896-458A-890F-E1F05C46069F} - C:\Programme\AskPBar\bar\1.bin\ASKPBAR.DLL (Ask.com)
O4 - HKLM..\Run: [Ad-Watch] D:\Program Files\Lavasoft\Ad-Aware\AAWTray.exe (Lavasoft)
O4 - HKLM..\Run: [CheckPoint Cleanup] C:\Users\MATTHI~1\AppData\Local\Temp\cpes_clean_launcher.exe C:\Users\MATTHI~1\AppData\Local\Temp\cpes_clean.exe File not found
O4 - HKLM..\Run: [DivXUpdate] C:\Program Files\DivX\DivX Update\DivXUpdate.exe ()
O4 - HKLM..\Run: [ Malwarebytes Anti-Malware  (reboot)] C:\Program Files\Malwarebytes' Anti-Malware\mbam.exe (Malwarebytes Corporation)
O4 - HKLM..\Run: [MGSysCtrl] C:\Programme\System Control Manager\MGSysCtrl.exe (MSI)
O4 - HKLM..\Run: [RtHDVCpl] C:\Windows\RtHDVCpl.exe (Realtek Semiconductor)
O4 - HKLM..\Run: [WinampAgent] "d:\Program Files\Winamp\winampa.exe" File not found
O4 - HKLM..\Run: [Windows Defender] C:\Program Files\Windows Defender\MSASCui.exe (Microsoft Corporation)
O4 - HKU\S-1-5-19..\Run: [WindowsWelcomeCenter] C:\Windows\System32\oobefldr.dll (Microsoft Corporation)
O4 - HKU\S-1-5-20..\Run: [WindowsWelcomeCenter] C:\Windows\System32\oobefldr.dll (Microsoft Corporation)
O8 - Extra context menu item: Nach Microsoft E&xel exportieren - C:\Programme\Microsoft Office\Office12\EXCEL.EXE (Microsoft Corporation)
O9 - Extra Button: An OneNote senden - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Programme\Microsoft Office\Office12\ONBttnIE.dll (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : An OneNote s&enden - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Programme\Microsoft Office\Office12\ONBttnIE.dll (Microsoft Corporation)
O9 - Extra Button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\Programme\Microsoft Office\Office12\REFIEBAR.DLL (Microsoft Corporation)
O13 - gopher Prefix: missing
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_24-windows-i586.cab (Java Plug-in 1.6.0_24)
O16 - DPF: {CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_24-windows-i586.cab (Java Plug-in 1.6.0_24)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_24-windows-i586.cab (Java Plug-in 1.6.0_24)
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} hxxp://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab (get_atlcom Class)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.2.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{DC0BBBF1-19C9-4405-A301-51514617D623}: DhcpNameServer = 192.168.2.1
O18 - Protocol\Handler\ms-help {314111c7-a502-11d2-bbca-00c04f8ec294} - C:\Programme\Common Files\microsoft shared\Help\hxds.dll (Microsoft Corporation)
O18 - Protocol\Handler\ms-itss {0A9007C0-4076-11D3-8789-0000F8105754} - C:\Programme\Common Files\microsoft shared\Information Retrieval\msitss.dll (Microsoft Corporation)
O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Programme\Common Files\Skype\Skype4COM.dll (Skype Technologies)
O18 - Protocol\Filter\text/xml {807563E5-5146-11D5-A672-00B0D022E945} - C:\Programme\Common Files\microsoft shared\OFFICE12\MSOXMLMF.DLL (Microsoft Corporation)
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\System32\userinit.exe (Microsoft Corporation)
O24 - Desktop WallPaper: C:\Users\***\AppData\Roaming\Mozilla\Firefox\Desktop-Hintergrund.bmp
O24 - Desktop BackupWallPaper: C:\Users\***\AppData\Roaming\Mozilla\Firefox\Desktop-Hintergrund.bmp
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2006.09.18 23:43:36 | 000,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ]
O33 - MountPoints2\{0a6ac4a5-65ad-11d9-bf6a-001d9250eb15}\Shell\AutoRun\command - "" = C:\Windows\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL .\WindowsEasyTransfer\x86\.\MigSetup.exe
O33 - MountPoints2\{19482fc2-5c11-11d9-b83c-001d9250eb15}\Shell\AutoRun\command - "" = H:\cahpcg.cmd
O33 - MountPoints2\{19482fc2-5c11-11d9-b83c-001d9250eb15}\Shell\open\Command - "" = H:\cahpcg.cmd
O33 - MountPoints2\{1aa91f8c-b04e-11e0-b881-001d9250eb15}\Shell\AutoRun\command - "" = C:\Windows\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL F:\.\WindowsEasyTransfer\x86\.\MigSetup.exe
O33 - MountPoints2\{568f295e-57a6-11df-8728-001d9250eb15}\Shell - "" = AutoRun
O33 - MountPoints2\{568f295e-57a6-11df-8728-001d9250eb15}\Shell\AutoRun\command - "" = F:\AutoRun.exe
O33 - MountPoints2\{568f29d1-57a6-11df-8728-001d9250eb15}\Shell - "" = AutoRun
O33 - MountPoints2\{568f29d1-57a6-11df-8728-001d9250eb15}\Shell\AutoRun\command - "" = F:\AutoRun.exe
O33 - MountPoints2\{568f29d3-57a6-11df-8728-001d9250eb15}\Shell - "" = AutoRun
O33 - MountPoints2\{568f29d3-57a6-11df-8728-001d9250eb15}\Shell\AutoRun\command - "" = F:\AutoRun.exe
O33 - MountPoints2\{568f29e5-57a6-11df-8728-001d9250eb15}\Shell - "" = AutoRun
O33 - MountPoints2\{568f29e5-57a6-11df-8728-001d9250eb15}\Shell\AutoRun\command - "" = F:\AutoRun.exe
O33 - MountPoints2\{568f29e7-57a6-11df-8728-001d9250eb15}\Shell - "" = AutoRun
O33 - MountPoints2\{568f29e7-57a6-11df-8728-001d9250eb15}\Shell\AutoRun\command - "" = F:\AutoRun.exe
O33 - MountPoints2\{dbac2d32-dd68-11dd-8c2c-001d9250eb15}\Shell\AutoRun\command - "" = C:\Windows\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL Recycled\Recycled\ctfmon.exe
O33 - MountPoints2\{dbac2d32-dd68-11dd-8c2c-001d9250eb15}\Shell\Open(0)\command - "" = Recycled\ctfmon.exe
O33 - MountPoints2\{e1cdaec4-5998-11df-b292-001d9250eb15}\Shell - "" = AutoRun
O33 - MountPoints2\{e1cdaec4-5998-11df-b292-001d9250eb15}\Shell\AutoRun\command - "" = F:\AutoRun.exe
O33 - MountPoints2\{e1cdaec5-5998-11df-b292-001d9250eb15}\Shell - "" = AutoRun
O33 - MountPoints2\{e1cdaec5-5998-11df-b292-001d9250eb15}\Shell\AutoRun\command - "" = F:\AutoRun.exe
O33 - MountPoints2\{f00bf3e0-09a1-11e0-81fa-001d9250eb15}\Shell\AutoRun\command - "" = F:\instdata\xaver\bin\xaver.exe -id intro -skin ja wk_gesetze_usb
O33 - MountPoints2\{f00bf3e0-09a1-11e0-81fa-001d9250eb15}\Shell\command - "" = F:\instdata\xaver\bin\xaver.exe -id intro -skin ja wk_gesetze_usb
O34 - HKLM BootExecute: (autocheck autochk *)
O34 - HKLM BootExecute: (lsdelete)
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O37 - HKU\S-1-5-21-1261220303-501515183-852727618-1000\...exe [@ = exefile] -- Reg Error: Key error. File not found
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)
 
NetSvcs: FastUserSwitchingCompatibility -  File not found
NetSvcs: Ias - C:\Windows\System32\ias.dll (Microsoft Corporation)
NetSvcs: Nla -  File not found
NetSvcs: Ntmssvc -  File not found
NetSvcs: NWCWorkstation -  File not found
NetSvcs: Nwsapagent -  File not found
NetSvcs: SRService -  File not found
NetSvcs: WmdmPmSp -  File not found
NetSvcs: LogonHours -  File not found
NetSvcs: PCAudit -  File not found
NetSvcs: helpsvc -  File not found
NetSvcs: uploadmgr -  File not found
 
 
SafeBootMin: AppMgmt - Service
SafeBootMin: Base - Driver Group
SafeBootMin: Boot Bus Extender - Driver Group
SafeBootMin: Boot file system - Driver Group
SafeBootMin: File system - Driver Group
SafeBootMin: Filter - Driver Group
SafeBootMin: HelpSvc - Service
SafeBootMin: Lavasoft Ad-Aware Service - D:\Program Files\Lavasoft\Ad-Aware\AAWService.exe (Lavasoft)
SafeBootMin: NTDS -  File not found
SafeBootMin: PCI Configuration - Driver Group
SafeBootMin: PNP Filter - Driver Group
SafeBootMin: Primary disk - Driver Group
SafeBootMin: sacsvr - Service
SafeBootMin: SCSI Class - Driver Group
SafeBootMin: System Bus Extender - Driver Group
SafeBootMin: WinDefend - C:\Programme\Windows Defender\MpSvc.dll (Microsoft Corporation)
SafeBootMin: {36FC9E60-C465-11CF-8056-444553540000} - Universal Serial Bus controllers
SafeBootMin: {4D36E965-E325-11CE-BFC1-08002BE10318} - CD-ROM Drive
SafeBootMin: {4D36E967-E325-11CE-BFC1-08002BE10318} - DiskDrive
SafeBootMin: {4D36E969-E325-11CE-BFC1-08002BE10318} - Standard floppy disk controller
SafeBootMin: {4D36E96A-E325-11CE-BFC1-08002BE10318} - Hdc
SafeBootMin: {4D36E96B-E325-11CE-BFC1-08002BE10318} - Keyboard
SafeBootMin: {4D36E96F-E325-11CE-BFC1-08002BE10318} - Mouse
SafeBootMin: {4D36E977-E325-11CE-BFC1-08002BE10318} - PCMCIA Adapters
SafeBootMin: {4D36E97B-E325-11CE-BFC1-08002BE10318} - SCSIAdapter
SafeBootMin: {4D36E97D-E325-11CE-BFC1-08002BE10318} - System
SafeBootMin: {4D36E980-E325-11CE-BFC1-08002BE10318} - Floppy disk drive
SafeBootMin: {533C5B84-EC70-11D2-9505-00C04F79DEAF} - Volume shadow copy
SafeBootMin: {6BDD1FC1-810F-11D0-BEC7-08002BE2092F} - IEEE 1394 Bus host controllers
SafeBootMin: {71A27CDD-812A-11D0-BEC7-08002BE2092F} - Volume
SafeBootMin: {745A17A0-74D3-11D0-B6FE-00A0C90F57DA} - Human Interface Devices
SafeBootMin: {D48179BE-EC20-11D1-B6B8-00C04FA372A7} - SBP2 IEEE 1394 Devices
SafeBootMin: {D94EE5D8-D189-4994-83D2-F68D7D41B0E6} - SecurityDevices
 
SafeBootNet: AppMgmt - Service
SafeBootNet: Base - Driver Group
SafeBootNet: Boot Bus Extender - Driver Group
SafeBootNet: Boot file system - Driver Group
SafeBootNet: File system - Driver Group
SafeBootNet: Filter - Driver Group
SafeBootNet: HelpSvc - Service
SafeBootNet: Lavasoft Ad-Aware Service - D:\Program Files\Lavasoft\Ad-Aware\AAWService.exe (Lavasoft)
SafeBootNet: Messenger - Service
SafeBootNet: NDIS Wrapper - Driver Group
SafeBootNet: NetBIOSGroup - Driver Group
SafeBootNet: NetDDEGroup - Driver Group
SafeBootNet: Network - Driver Group
SafeBootNet: NetworkProvider - Driver Group
SafeBootNet: NTDS -  File not found
SafeBootNet: PCI Configuration - Driver Group
SafeBootNet: PNP Filter - Driver Group
SafeBootNet: PNP_TDI - Driver Group
SafeBootNet: Primary disk - Driver Group
SafeBootNet: rdsessmgr - Service
SafeBootNet: sacsvr - Service
SafeBootNet: SCSI Class - Driver Group
SafeBootNet: Streams Drivers - Driver Group
SafeBootNet: System Bus Extender - Driver Group
SafeBootNet: TDI - Driver Group
SafeBootNet: vsmon - Service
SafeBootNet: WinDefend - C:\Programme\Windows Defender\MpSvc.dll (Microsoft Corporation)
SafeBootNet: {36FC9E60-C465-11CF-8056-444553540000} - Universal Serial Bus controllers
SafeBootNet: {4D36E965-E325-11CE-BFC1-08002BE10318} - CD-ROM Drive
SafeBootNet: {4D36E967-E325-11CE-BFC1-08002BE10318} - DiskDrive
SafeBootNet: {4D36E969-E325-11CE-BFC1-08002BE10318} - Standard floppy disk controller
SafeBootNet: {4D36E96A-E325-11CE-BFC1-08002BE10318} - Hdc
SafeBootNet: {4D36E96B-E325-11CE-BFC1-08002BE10318} - Keyboard
SafeBootNet: {4D36E96F-E325-11CE-BFC1-08002BE10318} - Mouse
SafeBootNet: {4D36E972-E325-11CE-BFC1-08002BE10318} - Net
SafeBootNet: {4D36E973-E325-11CE-BFC1-08002BE10318} - NetClient
SafeBootNet: {4D36E974-E325-11CE-BFC1-08002BE10318} - NetService
SafeBootNet: {4D36E975-E325-11CE-BFC1-08002BE10318} - NetTrans
SafeBootNet: {4D36E977-E325-11CE-BFC1-08002BE10318} - PCMCIA Adapters
SafeBootNet: {4D36E97B-E325-11CE-BFC1-08002BE10318} - SCSIAdapter
SafeBootNet: {4D36E97D-E325-11CE-BFC1-08002BE10318} - System
SafeBootNet: {4D36E980-E325-11CE-BFC1-08002BE10318} - Floppy disk drive
SafeBootNet: {50DD5230-BA8A-11D1-BF5D-0000F805F530} - Smart card readers
SafeBootNet: {533C5B84-EC70-11D2-9505-00C04F79DEAF} - Volume shadow copy
SafeBootNet: {6BDD1FC1-810F-11D0-BEC7-08002BE2092F} - IEEE 1394 Bus host controllers
SafeBootNet: {71A27CDD-812A-11D0-BEC7-08002BE2092F} - Volume
SafeBootNet: {745A17A0-74D3-11D0-B6FE-00A0C90F57DA} - Human Interface Devices
SafeBootNet: {D48179BE-EC20-11D1-B6B8-00C04FA372A7} - SBP2 IEEE 1394 Devices
SafeBootNet: {D94EE5D8-D189-4994-83D2-F68D7D41B0E6} - SecurityDevices
 
ActiveX: {08B0E5C0-4FCB-11CF-AAA5-00401C608500} - Java (Sun)
ActiveX: {2179C5D3-EBFF-11CF-B6FD-00AA00B4E220} - 
ActiveX: {22d6f312-b0f6-11d0-94ab-0080c74c7e95} - Microsoft Windows Media Player 11.0
ActiveX: {25FFAAD0-F4A3-4164-95FF-4461E9F35D51} - .NET Framework
ActiveX: {2C7339CF-2B09-4501-B3F3-F3508C9228ED} - %SystemRoot%\system32\regsvr32.exe /s /n /i:/UserInstall %SystemRoot%\system32\themeui.dll
ActiveX: {3af36230-a269-11d1-b5bf-0000f8051515} - Offline Browsing Pack
ActiveX: {44BBA840-CC51-11CF-AAFA-00AA00B6015C} - "%ProgramFiles%\Windows Mail\WinMail.exe" OCInstallUserConfigOE
ActiveX: {44BBA848-CC51-11CF-AAFA-00AA00B6015C} - 
ActiveX: {44BBA855-CC51-11CF-AAFA-00AA00B6015F} - DirectDrawEx
ActiveX: {45ea75a0-a269-11d1-b5bf-0000f8051515} - Internet Explorer Help
ActiveX: {4f645220-306d-11d2-995d-00c04f98bbc9} - Microsoft Windows Script 5.6
ActiveX: {5fd399c0-a70a-11d1-9948-00c04f98bbc9} - Internet Explorer Setup Tools
ActiveX: {630b1da0-b465-11d1-9948-00c04f98bbc9} - Browsing Enhancements
ActiveX: {6BF52A52-394A-11d3-B153-00C04F79FAA6} - Microsoft Windows Media Player
ActiveX: {6fab99d0-bab8-11d1-994a-00c04f98bbc9} - MSN Site Access
ActiveX: {7790769C-0471-11d2-AF11-00C04FA35D02} - Address Book 7
ActiveX: {7C028AF8-F614-47B3-82DA-BA94E41B1089} - .NET Framework
ActiveX: {89820200-ECBD-11cf-8B85-00AA005B4340} - regsvr32.exe /s /n /i:U shell32.dll
ActiveX: {89820200-ECBD-11cf-8B85-00AA005B4383} - C:\Windows\system32\ie4uinit.exe -BaseSettings
ActiveX: {89B4C1CD-B018-4511-B0A1-5476DBF70820} - C:\Windows\system32\Rundll32.exe C:\Windows\system32\mscories.dll,Install
ActiveX: {9381D8F2-0288-11D0-9501-00AA00B911A5} - Dynamic HTML Data Binding
ActiveX: {C9E9A340-D1F1-11D0-821E-444553540600} - Internet Explorer Core Fonts
ActiveX: {CDD7975E-60F8-41d5-8149-19E51D6F71D0} - Windows Movie Maker v2.1
ActiveX: {D27CDB6E-AE6D-11CF-96B8-444553540000} - Macromedia Shockwave Flash
ActiveX: {de5aed00-a4bf-11d1-9948-00c04f98bbc9} - HTML Help
ActiveX: {E92B03AB-B707-11d2-9CBD-0000F87A369E} - Active Directory Service Interface
ActiveX: >{22d6f312-b0f6-11d0-94ab-0080c74c7e95} - C:\Windows\system32\unregmp2.exe /ShowWMP
ActiveX: >{26923b43-4d38-484f-9b9e-de460746276c} - C:\Windows\system32\ie4uinit.exe -UserIconConfig
ActiveX: >{60B49E34-C7CC-11D0-8953-00A0C90347FF} - RunDLL32 IEDKCS32.DLL,BrandIE4 SIGNUP
 
Drivers32: msacm.clmp3enc - C:\Programme\CyberLink\Power2Go\CLMP3Enc.ACM (CyberLink Corp.)
Drivers32: msacm.l3acm - C:\Windows\System32\l3codeca.acm (Fraunhofer Institut Integrierte Schaltungen IIS)
Drivers32: msacm.lhacm - C:\Windows\System32\lhacm.acm (Microsoft Corporation)
Drivers32: MSVideo8 - C:\Windows\System32\vfwwdm32.dll (Microsoft Corporation)
Drivers32: vidc.cvid - C:\Windows\System32\iccvid.dll (Radius Inc.)
Drivers32: vidc.DIVX - C:\Windows\System32\DivX.dll (DivX, Inc.)
Drivers32: vidc.yv12 - C:\Windows\System32\DivX.dll (DivX, Inc.)
 
CREATERESTOREPOINT
Restore point Set: OTL Restore Point
 
========== Files/Folders - Created Within 30 Days ==========
 
[2012.10.22 17:19:44 | 000,000,000 | ---D | C] -- C:\ProgramData\ZA_PreservedFiles
[2012.10.18 15:38:24 | 000,000,000 | ---D | C] -- C:\Program Files\ESET
[2012.10.04 20:51:19 | 000,000,000 | R--D | C] -- C:\Users\***\Documents
[3 D:\Users\***Desktop\*.tmp files -> D:\Users\***\Desktop\*.tmp -> ]
[2 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ]
[1 C:\Users\***\*.tmp files -> C:\Users\***\*.tmp -> ]
 
========== Files - Modified Within 30 Days ==========
 
[2012.10.22 17:27:09 | 000,000,884 | ---- | M] () -- C:\Windows\tasks\Adobe Flash Player Updater.job
[2012.10.22 17:23:07 | 000,003,168 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0
[2012.10.22 17:23:05 | 000,003,168 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0
[2012.10.22 17:22:40 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2012.10.22 17:22:39 | 2145,546,240 | -HS- | M] () -- C:\hiberfil.sys
[2012.10.21 09:29:15 | 000,000,474 | ---- | M] () -- C:\Windows\tasks\Ad-Aware Update (Weekly).job
[2012.10.17 23:36:09 | 000,000,916 | ---- | M] () -- C:\Users\Public\Desktop\ Malwarebytes Anti-Malware .lnk
[2012.10.15 13:33:02 | 000,618,430 | ---- | M] () -- C:\Windows\System32\perfh007.dat
[2012.10.15 13:33:02 | 000,587,178 | ---- | M] () -- C:\Windows\System32\perfh009.dat
[2012.10.15 13:33:02 | 000,122,648 | ---- | M] () -- C:\Windows\System32\perfc007.dat
[2012.10.15 13:33:02 | 000,101,250 | ---- | M] () -- C:\Windows\System32\perfc009.dat
[2012.10.11 21:06:28 | 000,000,000 | ---- | M] () -- C:\Users\***\defogger_reenable
[2012.10.04 20:54:37 | 000,001,897 | ---- | M] () -- C:\Users\Public\Desktop\Adobe Reader 9.lnk
[2012.09.29 19:54:26 | 000,022,856 | ---- | M] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbam.sys
[3 D:\Users\***\Desktop\*.tmp files -> D:\Users\***\Desktop\*.tmp -> ]
[2 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ]
[1 C:\Users\***\*.tmp files -> C:\Users\***\*.tmp -> ]
 
========== Files Created - No Company Name ==========
 
[2012.10.11 21:06:28 | 000,000,000 | ---- | C] () -- C:\Users\***\defogger_reenable
[2012.10.04 20:52:34 | 000,002,425 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe Reader 9.lnk
[2012.10.04 20:52:34 | 000,001,897 | ---- | C] () -- C:\Users\Public\Desktop\Adobe Reader 9.lnk
[2012.10.04 19:07:38 | 000,000,916 | ---- | C] () -- C:\Users\Public\Desktop\ Malwarebytes Anti-Malware .lnk
[2011.05.21 09:25:48 | 000,164,299 | ---- | C] () -- C:\Windows\hpoins19.dat
[2011.05.21 09:23:39 | 000,026,952 | ---- | C] () -- C:\Windows\hpomdl19.dat
[2011.02.19 16:37:26 | 000,100,043 | ---- | C] () -- C:\Windows\System32\StructuredQuerySchema.bin
[2011.02.13 14:34:31 | 000,547,232 | ---- | C] () -- C:\Windows\System32\drivers\sfi.dat
[2010.12.29 23:09:12 | 000,024,206 | ---- | C] () -- C:\Users\***\AppData\Roaming\UserTile.png
[2010.07.19 19:39:58 | 000,001,490 | ---- | C] () -- C:\Users\***\.recently-used.xbel
[2010.06.06 08:30:11 | 000,017,408 | ---- | C] () -- C:\Users\***\AppData\Local\WebpageIcons.db
[2010.04.03 21:20:58 | 000,001,782 | -HS- | C] () -- C:\Users\***\AppData\Local\7VJ5
[2010.04.03 21:20:58 | 000,001,782 | -HS- | C] () -- C:\ProgramData\7VJ5
[2010.03.19 19:09:57 | 000,072,704 | ---- | C] () -- C:\Users\***\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2010.03.19 18:31:25 | 000,008,842 | -HS- | C] () -- C:\Users\***\AppData\Local\QD56251NJ16
[2010.03.19 18:31:25 | 000,008,842 | -HS- | C] () -- C:\ProgramData\QD56251NJ16
[2010.02.17 01:05:33 | 000,000,020 | ---- | C] () -- C:\Users\***\AppData\Roaming\sgcpom.dat
[2009.08.03 16:41:44 | 000,000,085 | -HS- | C] () -- C:\ProgramData\.zreglib
[2009.05.23 21:27:41 | 000,001,356 | ---- | C] () -- C:\Users\***\AppData\Local\d3d9caps.dat
[2009.03.06 20:40:59 | 000,000,056 | -H-- | C] () -- C:\ProgramData\ezsidmv.dat
[2008.09.01 18:44:25 | 000,022,328 | ---- | C] () -- C:\Users\***\AppData\Roaming\PnkBstrK.sys
[2008.08.02 14:55:26 | 000,028,190 | ---- | C] () -- C:\Users\***\AppData\Roaming\nvModes.dat
[2008.08.02 14:55:26 | 000,028,190 | ---- | C] () -- C:\Users\***\AppData\Roaming\nvModes.001
 
========== ZeroAccess Check ==========
 
[2006.11.02 14:54:22 | 000,000,227 | RHS- | M] () -- C:\Windows\assembly\Desktop.ini
 
[HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
 
[HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32]
 
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
"" = %SystemRoot%\system32\shell32.dll -- [2009.04.10 19:38:20 | 011,580,928 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment
 
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32]
"" = %systemroot%\system32\wbem\fastprox.dll -- [2009.09.26 08:53:57 | 000,615,424 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free
 
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32]
"" = %systemroot%\system32\wbem\wbemess.dll -- [2008.01.19 09:36:49 | 000,347,648 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Both
 
========== LOP Check ==========
 
[2009.09.26 08:31:35 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\Academic Software Zurich
[2011.02.13 13:50:54 | 000,000,000 | ---D | M] -- C:\Users***\AppData\Roaming\Azureus
[2012.10.22 17:27:09 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\CheckPoint
[2008.08.12 18:15:35 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\Command & Conquer 3 Tiberium Wars
[2011.04.12 14:00:32 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\CoSoSys
[2012.10.04 20:30:41 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\Cyqo
[2011.06.19 20:42:30 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\DeepBurner
[2010.07.19 19:39:27 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\gtk-2.0
[2012.10.10 13:41:39 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\Image Zone Express
[2010.03.26 09:46:12 | 000,000,000 | -HSD | M] -- C:\Users\***\AppData\Roaming\lowsec
[2009.10.25 13:59:24 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\Meine Der Herr der Ringe™, Aufstieg des Hexenkönigs™-Dateien
[2009.10.25 12:28:08 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\Meine Die Schlacht um Mittelerde-Dateien
[2008.08.31 20:36:32 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\Meine Die Schlacht um Mittelerde™ II-Dateien
[2010.11.15 08:24:45 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\My Games
[2008.08.02 15:29:45 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\Opera
[2010.12.29 23:09:11 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\PeerNetworking
[2011.05.21 09:43:39 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\Printer Info Cache
[2010.01.13 01:32:58 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\TeamViewer
[2010.11.17 11:31:38 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\Thunderbird
[2008.08.04 20:23:04 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\Toshiba
[2010.05.05 20:36:28 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\Verbindungsassistent
 
========== Purity Check ==========
 
 
 
========== Custom Scans ==========
 
< %ALLUSERSPROFILE%\Application Data\*. >
 
< %ALLUSERSPROFILE%\Application Data\*.exe /s >
 
< %APPDATA%\*. >
[2009.09.26 08:31:35 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\Academic Software Zurich
[2008.10.23 20:38:31 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\Adobe
[2008.08.03 10:57:44 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\AdobeUM
[2010.05.23 13:28:02 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\Apple Computer
[2011.02.13 13:50:54 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\Azureus
[2012.10.22 17:27:09 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\CheckPoint
[2008.08.12 18:15:35 | 000,000,000 | ---D | M] -- C:\Users***\AppData\Roaming\Command & Conquer 3 Tiberium Wars
[2011.04.12 14:00:32 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\CoSoSys
[2009.03.29 00:35:56 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\CyberLink
[2012.10.04 20:30:41 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\Cyqo
[2011.06.19 20:42:30 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\DeepBurner
[2010.06.03 13:49:50 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\DivX
[2010.08.03 22:37:29 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\dvdcss
[2010.07.19 19:39:27 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\gtk-2.0
[2011.05.21 09:35:38 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\HP
[2008.08.02 19:29:22 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\Identities
[2012.10.10 13:41:39 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\Image Zone Express
[2010.03.26 09:46:12 | 000,000,000 | -HSD | M] -- C:\Users\***\AppData\Roaming\lowsec
[2008.08.02 15:48:32 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\Macromedia
[2010.03.19 19:22:56 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\Malwarebytes
[2006.11.02 14:37:34 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\Media Center Programs
[2009.10.25 13:59:24 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\Meine Der Herr der Ringe™, Aufstieg des Hexenkönigs™-Dateien
[2009.10.25 12:28:08 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\Meine Die Schlacht um Mittelerde-Dateien
[2008.08.31 20:36:32 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\Meine Die Schlacht um Mittelerde™ II-Dateien
[2012.07.27 16:59:31 | 000,000,000 | --SD | M] -- C:\Users\***\AppData\Roaming\Microsoft
[2009.03.09 12:06:18 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\Mozilla
[2010.03.25 17:50:30 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\MozillaControl
[2010.11.15 08:24:45 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\My Games
[2012.10.16 20:23:25 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\OpenOffice.org2
[2008.08.02 15:29:45 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\Opera
[2010.12.29 23:09:11 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\PeerNetworking
[2011.05.21 09:43:39 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\Printer Info Cache
[2008.08.12 18:15:13 | 000,000,000 | RH-D | M] -- C:\Users\***\AppData\Roaming\SecuROM
[2009.09.24 12:49:04 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\Skype
[2009.09.24 12:48:35 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\skypePM
[2009.01.21 18:36:50 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\Talkback
[2009.04.16 23:38:13 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\teamspeak2
[2010.01.13 01:32:58 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\TeamViewer
[2010.11.17 11:31:38 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\Thunderbird
[2008.08.04 20:23:04 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\Toshiba
[2010.05.05 20:36:28 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\Verbindungsassistent
[2011.06.19 20:16:15 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\vlc
[2010.02.16 21:50:31 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\Winamp
[2008.08.11 23:50:10 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\WinRAR
 
< %APPDATA%\*.exe /s >
[2008.08.03 15:04:04 | 002,363,392 | R--- | M] (OpenOffice.org) -- C:\Users\***\AppData\Roaming\Microsoft\Installer\{CCD90636-D97D-4130-A44A-3AD4E63B9220}\soffice.exe
 
< %SYSTEMDRIVE%\*.exe >
 
< MD5 for: AGP440.SYS  >
[2008.01.19 09:42:25 | 000,056,376 | ---- | M] (Microsoft Corporation) MD5=13F9E33747E6B41A3FF305C37DB0D360 -- C:\Windows\System32\DriverStore\FileRepository\machine.inf_f750e484\AGP440.sys
[2008.01.19 09:42:25 | 000,056,376 | ---- | M] (Microsoft Corporation) MD5=13F9E33747E6B41A3FF305C37DB0D360 -- C:\Windows\winsxs\x86_machine.inf_31bf3856ad364e35_6.0.6001.18000_none_ba12ed3bbeb0d97a\AGP440.sys
[2006.11.02 11:49:52 | 000,053,864 | ---- | M] (Microsoft Corporation) MD5=EF23439CDD587F64C2C1B8825CEAD7D8 -- C:\Windows\System32\drivers\AGP440.sys
[2006.11.02 11:49:52 | 000,053,864 | ---- | M] (Microsoft Corporation) MD5=EF23439CDD587F64C2C1B8825CEAD7D8 -- C:\Windows\System32\DriverStore\FileRepository\machine.inf_920a2c1f\AGP440.sys
 
< MD5 for: ATAPI.SYS  >
[2008.01.19 09:41:30 | 000,021,560 | ---- | M] (Microsoft Corporation) MD5=2D9C903DC76A66813D350A562DE40ED9 -- C:\Windows\System32\drivers\atapi.sys
[2008.01.19 09:41:30 | 000,021,560 | ---- | M] (Microsoft Corporation) MD5=2D9C903DC76A66813D350A562DE40ED9 -- C:\Windows\System32\DriverStore\FileRepository\mshdc.inf_cc18792d\atapi.sys
[2008.01.19 09:41:30 | 000,021,560 | ---- | M] (Microsoft Corporation) MD5=2D9C903DC76A66813D350A562DE40ED9 -- C:\Windows\winsxs\x86_mshdc.inf_31bf3856ad364e35_6.0.6001.18000_none_dd38281a2189ce9c\atapi.sys
[2006.11.02 11:49:36 | 000,019,048 | ---- | M] (Microsoft Corporation) MD5=4F4FCB8B6EA06784FB6D475B7EC7300F -- C:\Windows\System32\DriverStore\FileRepository\mshdc.inf_c6c2e699\atapi.sys
 
< MD5 for: CNGAUDIT.DLL  >
[2006.11.02 11:46:03 | 000,011,776 | ---- | M] (Microsoft Corporation) MD5=7F15B4953378C8B5161D65C26D5FED4D -- C:\Windows\System32\cngaudit.dll
[2006.11.02 11:46:03 | 000,011,776 | ---- | M] (Microsoft Corporation) MD5=7F15B4953378C8B5161D65C26D5FED4D -- C:\Windows\winsxs\x86_microsoft-windows-cngaudit-dll_31bf3856ad364e35_6.0.6000.16386_none_e62d292932a96ce6\cngaudit.dll
 
< MD5 for: IASTORV.SYS  >
[2008.01.19 09:42:51 | 000,235,064 | ---- | M] (Intel Corporation) MD5=54155EA1B0DF185878E0FC9EC3AC3A14 -- C:\Windows\System32\DriverStore\FileRepository\iastorv.inf_c9df7691\iaStorV.sys
[2008.01.19 09:42:51 | 000,235,064 | ---- | M] (Intel Corporation) MD5=54155EA1B0DF185878E0FC9EC3AC3A14 -- C:\Windows\winsxs\x86_iastorv.inf_31bf3856ad364e35_6.0.6001.18000_none_af11527887c7fa8f\iaStorV.sys
[2006.11.02 11:51:25 | 000,232,040 | ---- | M] (Intel Corporation) MD5=C957BF4B5D80B46C5017BF0101E6C906 -- C:\Windows\System32\drivers\iaStorV.sys
[2006.11.02 11:51:25 | 000,232,040 | ---- | M] (Intel Corporation) MD5=C957BF4B5D80B46C5017BF0101E6C906 -- C:\Windows\System32\DriverStore\FileRepository\iastorv.inf_37cdafa4\iaStorV.sys
 
< MD5 for: NETLOGON.DLL  >
[2006.11.02 11:46:11 | 000,559,616 | ---- | M] (Microsoft Corporation) MD5=889A2C9F2AACCD8F64EF50AC0B3D553B -- C:\Windows\winsxs\x86_microsoft-windows-security-netlogon_31bf3856ad364e35_6.0.6000.16386_none_fb80f5473b0ed783\netlogon.dll
[2008.01.19 09:35:36 | 000,592,384 | ---- | M] (Microsoft Corporation) MD5=A8EFC0B6E75B789F7FD3BA5025D4E37F -- C:\Windows\System32\netlogon.dll
[2008.01.19 09:35:36 | 000,592,384 | ---- | M] (Microsoft Corporation) MD5=A8EFC0B6E75B789F7FD3BA5025D4E37F -- C:\Windows\winsxs\x86_microsoft-windows-security-netlogon_31bf3856ad364e35_6.0.6001.18000_none_fdb7b74337f9e857\netlogon.dll
 
< MD5 for: NVSTOR.SYS  >
[2006.11.02 11:50:13 | 000,040,040 | ---- | M] (NVIDIA Corporation) MD5=9E0BA19A28C498A6D323D065DB76DFFC -- C:\Windows\System32\drivers\nvstor.sys
[2006.11.02 11:50:13 | 000,040,040 | ---- | M] (NVIDIA Corporation) MD5=9E0BA19A28C498A6D323D065DB76DFFC -- C:\Windows\System32\DriverStore\FileRepository\nvraid.inf_733654ff\nvstor.sys
[2008.01.19 09:42:09 | 000,045,112 | ---- | M] (NVIDIA Corporation) MD5=ABED0C09758D1D97DB0042DBB2688177 -- C:\Windows\System32\DriverStore\FileRepository\nvraid.inf_31c3d71d\nvstor.sys
[2008.01.19 09:42:09 | 000,045,112 | ---- | M] (NVIDIA Corporation) MD5=ABED0C09758D1D97DB0042DBB2688177 -- C:\Windows\winsxs\x86_nvraid.inf_31bf3856ad364e35_6.0.6001.18000_none_39dac327befea467\nvstor.sys
 
< MD5 for: SCECLI.DLL  >
[2008.01.19 09:36:19 | 000,177,152 | ---- | M] (Microsoft Corporation) MD5=28B84EB538F7E8A0FE8B9299D591E0B9 -- C:\Windows\System32\scecli.dll
[2008.01.19 09:36:19 | 000,177,152 | ---- | M] (Microsoft Corporation) MD5=28B84EB538F7E8A0FE8B9299D591E0B9 -- C:\Windows\winsxs\x86_microsoft-windows-s..urationengineclient_31bf3856ad364e35_6.0.6001.18000_none_380de25bd91b6f12\scecli.dll
[2006.11.02 11:46:12 | 000,176,640 | ---- | M] (Microsoft Corporation) MD5=80E2839D05CA5970A86D7BE2A08BFF61 -- C:\Windows\winsxs\x86_microsoft-windows-s..urationengineclient_31bf3856ad364e35_6.0.6000.16386_none_35d7205fdc305e3e\scecli.dll
 
< MD5 for: USER32.DLL  >
[2007.09.02 06:22:05 | 000,633,856 | ---- | M] (Microsoft Corporation) MD5=63B4F59D7C89B1BF5277F1FFEFD491CD -- C:\Windows\winsxs\x86_microsoft-windows-user32_31bf3856ad364e35_6.0.6000.16438_none_cb39bc5b7047127e\user32.dll
[2007.09.02 06:22:05 | 000,633,856 | ---- | M] (Microsoft Corporation) MD5=9D9F061EDA75425FC67F0365E3467C86 -- C:\Windows\winsxs\x86_microsoft-windows-user32_31bf3856ad364e35_6.0.6000.20537_none_cbc258dc896598f1\user32.dll
[2006.11.02 11:46:13 | 000,633,856 | ---- | M] (Microsoft Corporation) MD5=E698A5437B89A285ACA3FF022356810A -- C:\Windows\winsxs\x86_microsoft-windows-user32_31bf3856ad364e35_6.0.6000.16386_none_cb01aa4570716e5e\user32.dll
[2008.01.19 09:36:46 | 000,627,200 | ---- | M] (Microsoft Corporation) Unable to obtain MD5 -- C:\Windows\System32\user32.dll
[2008.01.19 09:36:46 | 000,627,200 | ---- | M] (Microsoft Corporation) Unable to obtain MD5 -- C:\Windows\winsxs\x86_microsoft-windows-user32_31bf3856ad364e35_6.0.6001.18000_none_cd386c416d5c7f32\user32.dll
 
< MD5 for: USERINIT.EXE  >
[2008.01.19 09:33:33 | 000,025,088 | ---- | M] (Microsoft Corporation) MD5=0E135526E9785D085BCD9AEDE6FBCBF9 -- C:\Windows\System32\userinit.exe
[2008.01.19 09:33:33 | 000,025,088 | ---- | M] (Microsoft Corporation) MD5=0E135526E9785D085BCD9AEDE6FBCBF9 -- C:\Windows\winsxs\x86_microsoft-windows-userinit_31bf3856ad364e35_6.0.6001.18000_none_dc28ba15d1aff80b\userinit.exe
[2006.11.02 11:45:50 | 000,024,576 | ---- | M] (Microsoft Corporation) MD5=22027835939F86C3E47AD8E3FBDE3D11 -- C:\Windows\winsxs\x86_microsoft-windows-userinit_31bf3856ad364e35_6.0.6000.16386_none_d9f1f819d4c4e737\userinit.exe
 
< MD5 for: WININIT.EXE  >
[2008.01.19 09:33:37 | 000,096,768 | ---- | M] (Microsoft Corporation) MD5=101BA3EA053480BB5D957EF37C06B5ED -- C:\Windows\System32\wininit.exe
[2008.01.19 09:33:37 | 000,096,768 | ---- | M] (Microsoft Corporation) MD5=101BA3EA053480BB5D957EF37C06B5ED -- C:\Windows\winsxs\x86_microsoft-windows-wininit_31bf3856ad364e35_6.0.6001.18000_none_30f2b8cf0450a6a2\wininit.exe
[2006.11.02 11:45:57 | 000,095,744 | ---- | M] (Microsoft Corporation) MD5=D4385B03E8CCCEE6F0EE249F827C1F3E -- C:\Windows\winsxs\x86_microsoft-windows-wininit_31bf3856ad364e35_6.0.6000.16386_none_2ebbf6d3076595ce\wininit.exe
 
< MD5 for: WINLOGON.EXE  >
[2012.09.29 19:54:26 | 000,218,184 | ---- | M] () MD5=8846E87210AD131CF71E3E2E49F647B0 -- C:\Program Files\Malwarebytes' Anti-Malware\Chameleon\winlogon.exe
[2006.11.02 11:45:57 | 000,308,224 | ---- | M] (Microsoft Corporation) MD5=9F75392B9128A91ABAFB044EA350BAAD -- C:\Windows\winsxs\x86_microsoft-windows-winlogon_31bf3856ad364e35_6.0.6000.16386_none_6d8c3f1ad8066b21\winlogon.exe
[2008.01.19 09:33:37 | 000,314,880 | ---- | M] (Microsoft Corporation) MD5=C2610B6BDBEFC053BBDAB4F1B965CB24 -- C:\Windows\System32\winlogon.exe
[2008.01.19 09:33:37 | 000,314,880 | ---- | M] (Microsoft Corporation) MD5=C2610B6BDBEFC053BBDAB4F1B965CB24 -- C:\Windows\winsxs\x86_microsoft-windows-winlogon_31bf3856ad364e35_6.0.6001.18000_none_6fc30116d4f17bf5\winlogon.exe
 
< MD5 for: WS2IFSL.SYS  >
[2006.11.02 10:58:26 | 000,015,872 | ---- | M] (Microsoft Corporation) MD5=84620AECDCFD2A7A14E6263927D8C0ED -- C:\Windows\winsxs\x86_microsoft-windows-w..rastructure-ws2ifsl_31bf3856ad364e35_6.0.6000.16386_none_4d4fded8cae2956d\ws2ifsl.sys
[2008.01.19 07:56:49 | 000,015,872 | ---- | M] (Microsoft Corporation) MD5=E3A3CB253C0EC2494D4A61F5E43A389C -- C:\Windows\System32\drivers\ws2ifsl.sys
[2008.01.19 07:56:49 | 000,015,872 | ---- | M] (Microsoft Corporation) MD5=E3A3CB253C0EC2494D4A61F5E43A389C -- C:\Windows\winsxs\x86_microsoft-windows-w..rastructure-ws2ifsl_31bf3856ad364e35_6.0.6001.18000_none_4f86a0d4c7cda641\ws2ifsl.sys
 
< %systemroot%\system32\drivers\*.sys /lockedfiles >
 
< %systemroot%\System32\config\*.sav >
[2006.11.02 12:34:05 | 000,008,192 | ---- | M] () -- C:\Windows\System32\config\COMPONENTS.SAV
[2006.11.02 12:34:05 | 000,020,480 | ---- | M] () -- C:\Windows\System32\config\DEFAULT.SAV
[2006.11.02 12:34:05 | 000,008,192 | ---- | M] () -- C:\Windows\System32\config\SECURITY.SAV
[2006.11.02 12:34:08 | 010,133,504 | ---- | M] () -- C:\Windows\System32\config\SOFTWARE.SAV
[2006.11.02 12:34:08 | 001,826,816 | ---- | M] () -- C:\Windows\System32\config\SYSTEM.SAV
 
< %systemroot%\*. /mp /s >
 
< %systemroot%\system32\*.dll /lockedfiles >
 
<           >
[2006.11.02 15:01:49 | 000,000,006 | -H-- | C] () -- C:\Windows\Tasks\SA.DAT
[2006.11.02 15:01:49 | 000,032,632 | ---- | C] () -- C:\Windows\Tasks\SCHEDLGU.TXT
[2009.04.19 09:29:27 | 000,000,474 | ---- | C] () -- C:\Windows\Tasks\Ad-Aware Update (Weekly).job
[2012.07.27 08:15:29 | 000,000,884 | ---- | C] () -- C:\Windows\Tasks\Adobe Flash Player Updater.job
 
========== Alternate Data Streams ==========
 
@Alternate Data Stream - 48 bytes -> C:\Windows:317E1D64A6BB03D9

< End of report >

Mfg,
BlackSwan

cosinus · 23.10.2012, 08:48

Mach einen OTL-Fix, beende alle evtl. geöffneten Programme, auch Virenscanner deaktivieren (!), starte OTL und kopiere folgenden Text in die "Custom Scan/Fixes" Box (unten in OTL): (das ":OTL" muss mitkopiert werden!!!)

Hinweis: Falls Du Deinen Benutzernamen unkenntlich gemacht hast, musst Du das Ausgesternte in Deinen richtigen Benutzernamen wieder verwandeln, sonst funktioniert das Script nicht!!

Code:

ATTFilter

:OTL
O33 - MountPoints2\{dbac2d32-dd68-11dd-8c2c-001d9250eb15}\Shell\AutoRun\command - "" = C:\Windows\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL Recycled\Recycled\ctfmon.exe
O33 - MountPoints2\{dbac2d32-dd68-11dd-8c2c-001d9250eb15}\Shell\Open(0)\command - "" = Recycled\ctfmon.exe
O33 - MountPoints2\{19482fc2-5c11-11d9-b83c-001d9250eb15}\Shell\AutoRun\command - "" = H:\cahpcg.cmd
O33 - MountPoints2\{19482fc2-5c11-11d9-b83c-001d9250eb15}\Shell\open\Command - "" = H:\cahpcg.cmd
[2010.04.03 21:20:58 | 000,001,782 | -HS- | C] () -- C:\Users\***\AppData\Local\7VJ5
[2010.04.03 21:20:58 | 000,001,782 | -HS- | C] () -- C:\ProgramData\7VJ5
[2010.03.19 18:31:25 | 000,008,842 | -HS- | C] () -- C:\Users\***\AppData\Local\QD56251NJ16
[2010.03.19 18:31:25 | 000,008,842 | -HS- | C] () -- C:\ProgramData\QD56251NJ16
@Alternate Data Stream - 48 bytes -> C:\Windows:317E1D64A6BB03D9
:Files
C:\Users\***\AppData\LocalLow\Sun\Java\Deployment\cache
ipconfig /flushdns /c
:Commands
[purity]
[emptytemp]
[resethosts]

Klick dann oben links auf den Button Fix!
Das Logfile müsste geöffnet werden, wenn Du nach dem Fixen auf ok klickst, poste das bitte. Evtl. wird der Rechner neu gestartet.

Die mit diesem Script gefixten Einträge, Dateien und Ordner werden zur Sicherheit nicht vollständig gelöscht, es wird eine Sicherheitskopie auf der Systempartition im Ordner "_OTL" erstellt.

Hinweis: Das obige Script ist nur für diesen einen User in dieser Situtation erstellt worden. Es ist auf keinen anderen Rechner portierbar und darf nicht anderweitig verwandt werden, da es das System nachhaltig schädigen kann!

BlackSwan · 23.10.2012, 13:21

Code:

ATTFilter

All processes killed
========== OTL ==========
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{dbac2d32-dd68-11dd-8c2c-001d9250eb15}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{dbac2d32-dd68-11dd-8c2c-001d9250eb15}\ not found.
File C:\Windows\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL Recycled\Recycled\ctfmon.exe not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{dbac2d32-dd68-11dd-8c2c-001d9250eb15}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{dbac2d32-dd68-11dd-8c2c-001d9250eb15}\ not found.
File C:\Recycled\ctfmon.exe not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{19482fc2-5c11-11d9-b83c-001d9250eb15}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{19482fc2-5c11-11d9-b83c-001d9250eb15}\ not found.
File H:\cahpcg.cmd not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{19482fc2-5c11-11d9-b83c-001d9250eb15}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{19482fc2-5c11-11d9-b83c-001d9250eb15}\ not found.
File H:\cahpcg.cmd not found.
C:\Users\***\AppData\Local\7VJ5 moved successfully.
C:\ProgramData\7VJ5 moved successfully.
C:\Users\***\AppData\Local\QD56251NJ16 moved successfully.
C:\ProgramData\QD56251NJ16 moved successfully.
ADS C:\Windows:317E1D64A6BB03D9 deleted successfully.
========== FILES ==========
C:\Users\***\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\tmp folder moved successfully.
C:\Users\***\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\muffin folder moved successfully.
C:\Users\***\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\host folder moved successfully.
C:\Users\***\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\9 folder moved successfully.
C:\Users\***\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\8 folder moved successfully.
C:\Users\***\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\7 folder moved successfully.
C:\Users\***\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\63 folder moved successfully.
C:\Users\***r\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\62\6bd546be-7411850c-n folder moved successfully.
C:\Users\***\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\62\6baea4fe-64ec36ad-n folder moved successfully.
C:\Users\***\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\62 folder moved successfully.
C:\Users\***\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\61 folder moved successfully.
C:\Users\***\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\60 folder moved successfully.
C:\Users\***\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\6 folder moved successfully.
C:\Users\***\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\59 folder moved successfully.
C:\Users\***\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\58 folder moved successfully.
C:\Users\***\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\57 folder moved successfully.
C:\Users\***\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\56 folder moved successfully.
C:\Users\***\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\55 folder moved successfully.
C:\Users\***\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\54\1a209876-2aaee6f5-n folder moved successfully.
C:\Users\***\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\54 folder moved successfully.
C:\Users\***\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\53 folder moved successfully.
C:\Users\***\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\52 folder moved successfully.
C:\Users\***\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\51 folder moved successfully.
C:\Users\***\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\50\5b902232-66155fbf-n folder moved successfully.
C:\Users\***\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\50\5535ab32-1897af8a-n folder moved successfully.
C:\Users\***\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\50 folder moved successfully.
C:\Users\***\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\5 folder moved successfully.
C:\Users\***\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\49 folder moved successfully.
C:\Users\***\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\48 folder moved successfully.
C:\Users\***\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\47 folder moved successfully.
C:\Users\***\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\46\f84c6ae-4a92416d-n folder moved successfully.
C:\Users\***\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\46\759e98ee-1bc19569-n folder moved successfully.
C:\Users\***\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\46 folder moved successfully.
C:\Users\***\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\45\4f710eed-2f204065-n folder moved successfully.
C:\Users\***\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\45 folder moved successfully.
C:\Users\***\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\44 folder moved successfully.
C:\Users\***\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\43 folder moved successfully.
C:\Users\***\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\42\4488892a-3179ce08-n folder moved successfully.
C:\Users\***\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\42 folder moved successfully.
C:\Users\***\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\41 folder moved successfully.
C:\Users\***\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\40 folder moved successfully.
C:\Users\***\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\4\7ec4bf04-47782054-n folder moved successfully.
C:\Users\***\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\4 folder moved successfully.
C:\Users\***\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\39 folder moved successfully.
C:\Users\***\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\38\39ba6e6-195b27dc-n folder moved successfully.
C:\Users\***\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\38 folder moved successfully.
C:\Users\***\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\37\3976f065-710303f3-n folder moved successfully.
C:\Users\***\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\37\2c4a0065-2a9aad36-n folder moved successfully.
C:\Users\***\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\37 folder moved successfully.
C:\Users\***\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\36 folder moved successfully.
C:\Users\***\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\35 folder moved successfully.
C:\Users\***\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\34 folder moved successfully.
C:\Users\***\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\33\258cea61-12c3ec92-n folder moved successfully.
C:\Users\***\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\33 folder moved successfully.
C:\Users\***\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\32 folder moved successfully.
C:\Users\***\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\31 folder moved successfully.
C:\Users\***\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\30 folder moved successfully.
C:\Users\***\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\3 folder moved successfully.
C:\Users\***\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\29 folder moved successfully.
C:\Users\***\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\28 folder moved successfully.
C:\Users\***\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\27 folder moved successfully.
C:\Users\***\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\26 folder moved successfully.
C:\Users\***\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\25 folder moved successfully.
C:\Users\***\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\24 folder moved successfully.
C:\Users\***\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\23 folder moved successfully.
C:\Users\***\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\22 folder moved successfully.
C:\Users\***\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\21\14e5d595-5b97b7f7-n folder moved successfully.
C:\Users\***\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\21 folder moved successfully.
C:\Users\***\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\20 folder moved successfully.
C:\Users\***\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\2 folder moved successfully.
C:\Users\***\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\19 folder moved successfully.
C:\Users\***\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\18 folder moved successfully.
C:\Users\***\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\17\6d0ad391-1ffc018f-n folder moved successfully.
C:\Users\***\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\17 folder moved successfully.
C:\Users\***\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\16 folder moved successfully.
C:\Users\***\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\15\58fb3e0f-4abfb249-n folder moved successfully.
C:\Users\***\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\15\4e09eacf-34b3c94a-n folder moved successfully.
C:\Users\***\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\15 folder moved successfully.
C:\Users\***\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\14 folder moved successfully.
C:\Users\***\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\13 folder moved successfully.
C:\Users\***\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\12 folder moved successfully.
C:\Users\***\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\11 folder moved successfully.
C:\Users\***\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\10 folder moved successfully.
C:\Users\***\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\1 folder moved successfully.
C:\Users\***\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\0 folder moved successfully.
C:\Users\***\AppData\LocalLow\Sun\Java\Deployment\cache\6.0 folder moved successfully.
C:\Users\***\AppData\LocalLow\Sun\Java\Deployment\cache folder moved successfully.
< ipconfig /flushdns /c >
Windows-IP-Konfiguration
Der DNS-Aufl”sungscache wurde geleert.
D:\Users\***\Downloads\cmd.bat deleted successfully.
D:\Users\***\Downloads\cmd.txt deleted successfully.
========== COMMANDS ==========
 
[EMPTYTEMP]
 
User: All Users
 
User: Default
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
 
User: Default User
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
 
User: ***
->Temp folder emptied: 2739111313 bytes
->Temporary Internet Files folder emptied: 87391525 bytes
->FireFox cache emptied: 473123615 bytes
->Opera cache emptied: 122060559 bytes
->Flash cache emptied: 5677 bytes
 
User: Public
 
%systemdrive% .tmp files removed: 0 bytes
%systemroot% .tmp files removed: 201823 bytes
%systemroot%\System32 .tmp files removed: 0 bytes
%systemroot%\System32\drivers .tmp files removed: 0 bytes
Windows Temp folder emptied: 131238541 bytes
RecycleBin emptied: 47137 bytes
 
Total Files Cleaned = 3.389,00 mb
 
C:\Windows\System32\drivers\etc\Hosts moved successfully.
HOSTS file reset successfully
 
OTL by OldTimer - Version 3.2.69.0 log created on 10232012_130946

Files\Folders moved on Reboot...

PendingFileRenameOperations files...

Registry entries deleted on Reboot...

Mfg,
BlackSwan

cosinus · 23.10.2012, 20:09

Bitte nun (im normalen Windows-Modus) dieses Tool von Kaspersky (TDSS-Killer) ausführen und das Log posten Anleitung und Downloadlink hier => http://www.trojaner-board.de/82358-t...entfernen.html

Hinweis: Bitte den Virenscanner abstellen bevor du den TDSS-Killer ausführst, denn v.a. Avira meldet im TDSS-Tool oft einen Fehalalrm!

Das Tool so einstellen wie unten im Bild angegeben - klick auf change parameters und setze die Haken wie im folgenden Screenshot abgebildet,
Dann auf Start Scan klicken und wenn es durch ist auf den Button Report klicken um das Log anzuzeigen. Dieses bitte komplett posten.

Wenn du das Log nicht findest oder den Inhalt kopieren und in dein Posting übertragen kannst, dann schau bitte direkt auf deiner Windows-Systempartition ( meistens Laufwerk C: ) nach, da speichert der TDSS-Killer seine Logs.

Hinweis: Bitte nichts voreilig mit dem TDSS-Killer löschen! Falls Objekte vom TDSS-Killer bemängelt werden, alle mit der Aktion "skip" behandeln und hier nur das Log posten!

BlackSwan · 24.10.2012, 07:47

Code:

ATTFilter

08:41:08.0065 0244  TDSS rootkit removing tool 2.8.13.0 Oct 12 2012 17:26:47
08:41:08.0455 0244  ============================================================
08:41:08.0455 0244  Current date / time: 2012/10/24 08:41:08.0455
08:41:08.0455 0244  SystemInfo:
08:41:08.0455 0244  
08:41:08.0455 0244  OS Version: 6.0.6001 ServicePack: 1.0
08:41:08.0455 0244  Product type: Workstation
08:41:08.0455 0244  ComputerName: ***
08:41:08.0455 0244  UserName: ***
08:41:08.0455 0244  Windows directory: C:\Windows
08:41:08.0455 0244  System windows directory: C:\Windows
08:41:08.0455 0244  Processor architecture: Intel x86
08:41:08.0455 0244  Number of processors: 2
08:41:08.0455 0244  Page size: 0x1000
08:41:08.0455 0244  Boot type: Normal boot
08:41:08.0455 0244  ============================================================
08:41:10.0221 0244  Drive \Device\Harddisk0\DR0 - Size: 0x3A38B2E000 (232.89 Gb), SectorSize: 0x200, Cylinders: 0x76C1, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000050
08:41:10.0229 0244  ============================================================
08:41:10.0229 0244  \Device\Harddisk0\DR0:
08:41:10.0229 0244  MBR partitions:
08:41:10.0229 0244  \Device\Harddisk0\DR0\Partition1: MBR, Type 0x7, StartLBA 0xBB86BD, BlocksNum 0x445C7EE
08:41:10.0229 0244  \Device\Harddisk0\DR0\Partition2: MBR, Type 0x7, StartLBA 0x5014EAB, BlocksNum 0x181AF6D6
08:41:10.0229 0244  ============================================================
08:41:10.0268 0244  C: <-> \Device\Harddisk0\DR0\Partition1
08:41:10.0307 0244  D: <-> \Device\Harddisk0\DR0\Partition2
08:41:10.0307 0244  ============================================================
08:41:10.0307 0244  Initialize success
08:41:10.0307 0244  ============================================================
08:42:30.0685 4064  ============================================================
08:42:30.0685 4064  Scan started
08:42:30.0685 4064  Mode: Manual; SigCheck; TDLFS; 
08:42:30.0685 4064  ============================================================
08:42:31.0255 4064  ================ Scan system memory ========================
08:42:31.0255 4064  System memory - ok
08:42:31.0255 4064  ================ Scan services =============================
08:42:31.0450 4064  [ FCB8C7210F0135E24C6580F7F649C73C ] ACPI            C:\Windows\system32\drivers\acpi.sys
08:42:31.0747 4064  ACPI - ok
08:42:31.0825 4064  [ 44C00A385CA9DBC1D5CF3781F8C26AEA ] AdobeFlashPlayerUpdateSvc C:\Windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe
08:42:31.0864 4064  AdobeFlashPlayerUpdateSvc - ok
08:42:31.0904 4064  [ 2EDC5BBAC6C651ECE337BDE8ED97C9FB ] adp94xx         C:\Windows\system32\drivers\adp94xx.sys
08:42:31.0989 4064  adp94xx - ok
08:42:32.0021 4064  [ B84088CA3CDCA97DA44A984C6CE1CCAD ] adpahci         C:\Windows\system32\drivers\adpahci.sys
08:42:32.0068 4064  adpahci - ok
08:42:32.0091 4064  [ 7880C67BCCC27C86FD05AA2AFB5EA469 ] adpu160m        C:\Windows\system32\drivers\adpu160m.sys
08:42:32.0114 4064  adpu160m - ok
08:42:32.0146 4064  [ 9AE713F8E30EFC2ABCCD84904333DF4D ] adpu320         C:\Windows\system32\drivers\adpu320.sys
08:42:32.0177 4064  adpu320 - ok
08:42:32.0224 4064  [ 9D1FDA9E086BA64E3C93C9DE32461BCF ] AeLookupSvc     C:\Windows\System32\aelupsvc.dll
08:42:32.0325 4064  AeLookupSvc - ok
08:42:32.0388 4064  [ 763E172A55177E478CB419F88FD0BA03 ] AFD             C:\Windows\system32\drivers\afd.sys
08:42:32.0505 4064  AFD - ok
08:42:32.0544 4064  [ 39E435C90C9C4F780FA0ED05CA3C3A1B ] AgereModemAudio C:\Windows\system32\agrsmsvc.exe
08:42:32.0599 4064  AgereModemAudio - ok
08:42:32.0693 4064  [ CE91B158FA490CF4C4D487A4130F4660 ] AgereSoftModem  C:\Windows\system32\DRIVERS\AGRSM.sys
08:42:32.0904 4064  AgereSoftModem - ok
08:42:32.0958 4064  [ EF23439CDD587F64C2C1B8825CEAD7D8 ] agp440          C:\Windows\system32\drivers\agp440.sys
08:42:32.0982 4064  agp440 - ok
08:42:33.0013 4064  [ AE1FDF7BF7BB6C6A70F67699D880592A ] aic78xx         C:\Windows\system32\drivers\djsvs.sys
08:42:33.0036 4064  aic78xx - ok
08:42:33.0068 4064  [ A1545B731579895D8CC44FC0481C1192 ] ALG             C:\Windows\System32\alg.exe
08:42:33.0154 4064  ALG - ok
08:42:33.0177 4064  [ 90395B64600EBB4552E26E178C94B2E4 ] aliide          C:\Windows\system32\drivers\aliide.sys
08:42:33.0208 4064  aliide - ok
08:42:33.0224 4064  [ 2B13E304C9DFDFA5EB582F6A149FA2C7 ] amdagp          C:\Windows\system32\drivers\amdagp.sys
08:42:33.0247 4064  amdagp - ok
08:42:33.0271 4064  [ 0577DF1D323FE75A739C787893D300EA ] amdide          C:\Windows\system32\drivers\amdide.sys
08:42:33.0294 4064  amdide - ok
08:42:33.0325 4064  [ DC487885BCEF9F28EECE6FAC0E5DDFC5 ] AmdK7           C:\Windows\system32\drivers\amdk7.sys
08:42:33.0458 4064  AmdK7 - ok
08:42:33.0474 4064  [ 0CA0071DA4315B00FC1328CA86B425DA ] AmdK8           C:\Windows\system32\drivers\amdk8.sys
08:42:33.0622 4064  AmdK8 - ok
08:42:33.0661 4064  [ C6D704C7F0434DC791AAC37CAC4B6E14 ] Appinfo         C:\Windows\System32\appinfo.dll
08:42:33.0763 4064  Appinfo - ok
08:42:33.0802 4064  [ 5F673180268BB1FDB69C99B6619FE379 ] arc             C:\Windows\system32\drivers\arc.sys
08:42:33.0825 4064  arc - ok
08:42:33.0849 4064  [ 957F7540B5E7F602E44648C7DE5A1C05 ] arcsas          C:\Windows\system32\drivers\arcsas.sys
08:42:33.0872 4064  arcsas - ok
08:42:33.0904 4064  [ 53B202ABEE6455406254444303E87BE1 ] AsyncMac        C:\Windows\system32\DRIVERS\asyncmac.sys
08:42:33.0997 4064  AsyncMac - ok
08:42:34.0029 4064  [ 2D9C903DC76A66813D350A562DE40ED9 ] atapi           C:\Windows\system32\drivers\atapi.sys
08:42:34.0052 4064  atapi - ok
08:42:34.0114 4064  [ 42076E29AAFA0830A2C5D4E310F58DD1 ] AudioEndpointBuilder C:\Windows\System32\Audiosrv.dll
08:42:34.0232 4064  AudioEndpointBuilder - ok
08:42:34.0279 4064  [ 42076E29AAFA0830A2C5D4E310F58DD1 ] Audiosrv        C:\Windows\System32\Audiosrv.dll
08:42:34.0364 4064  Audiosrv - ok
08:42:34.0450 4064  AviraUpgradeService - ok
08:42:34.0497 4064  [ 67E506B75BD5326A3EC7B70BD014DFB6 ] Beep            C:\Windows\system32\drivers\Beep.sys
08:42:34.0583 4064  Beep - ok
08:42:34.0646 4064  [ 6A7F9DBFF69A04A05E85119A55BE0991 ] BFE             C:\Windows\System32\bfe.dll
08:42:34.0755 4064  BFE - ok
08:42:34.0818 4064  [ 02ED7B4DBC2A3232A389106DA7515C3D ] BITS            C:\Windows\System32\qmgr.dll
08:42:35.0005 4064  BITS - ok
08:42:35.0021 4064  blbdrive - ok
08:42:35.0068 4064  [ 74B442B2BE1260B7588C136177CEAC66 ] bowser          C:\Windows\system32\DRIVERS\bowser.sys
08:42:35.0154 4064  bowser - ok
08:42:35.0193 4064  [ 9F9ACC7F7CCDE8A15C282D3F88B43309 ] BrFiltLo        C:\Windows\system32\drivers\brfiltlo.sys
08:42:35.0279 4064  BrFiltLo - ok
08:42:35.0294 4064  [ 56801AD62213A41F6497F96DEE83755A ] BrFiltUp        C:\Windows\system32\drivers\brfiltup.sys
08:42:35.0396 4064  BrFiltUp - ok
08:42:35.0435 4064  [ A3629A0C4226F9E9C72FAAEEBC3AD33C ] Browser         C:\Windows\System32\browser.dll
08:42:35.0521 4064  Browser - ok
08:42:35.0552 4064  [ B304E75CFF293029EDDF094246747113 ] Brserid         C:\Windows\system32\drivers\brserid.sys
08:42:35.0708 4064  Brserid - ok
08:42:35.0732 4064  [ 203F0B1E73ADADBBB7B7B1FABD901F6B ] BrSerWdm        C:\Windows\system32\drivers\brserwdm.sys
08:42:35.0880 4064  BrSerWdm - ok
08:42:35.0989 4064  [ BD456606156BA17E60A04E18016AE54B ] BrUsbMdm        C:\Windows\system32\drivers\brusbmdm.sys
08:42:36.0122 4064  BrUsbMdm - ok
08:42:36.0138 4064  [ AF72ED54503F717A43268B3CC5FAEC2E ] BrUsbSer        C:\Windows\system32\drivers\brusbser.sys
08:42:36.0271 4064  BrUsbSer - ok
08:42:36.0294 4064  [ AD07C1EC6665B8B35741AB91200C6B68 ] BTHMODEM        C:\Windows\system32\drivers\bthmodem.sys
08:42:36.0443 4064  BTHMODEM - ok
08:42:36.0489 4064  [ 7ADD03E75BEB9E6DD102C3081D29840A ] cdfs            C:\Windows\system32\DRIVERS\cdfs.sys
08:42:36.0575 4064  cdfs - ok
08:42:36.0607 4064  [ 1EC25CEA0DE6AC4718BF89F9E1778B57 ] cdrom           C:\Windows\system32\DRIVERS\cdrom.sys
08:42:36.0700 4064  cdrom - ok
08:42:36.0755 4064  [ 87C2D0377B23E2D8A41093C2F5FB1A5B ] CertPropSvc     C:\Windows\System32\certprop.dll
08:42:36.0841 4064  CertPropSvc - ok
08:42:36.0872 4064  [ E5D4133F37219DBCFE102BC61072589D ] circlass        C:\Windows\system32\DRIVERS\circlass.sys
08:42:36.0943 4064  circlass - ok
08:42:36.0989 4064  [ 465745561C832B29F7C48B488AAB3842 ] CLFS            C:\Windows\system32\CLFS.sys
08:42:37.0029 4064  CLFS - ok
08:42:37.0091 4064  [ D87ACAED61E417BBA546CED5E7E36D9C ] clr_optimization_v2.0.50727_32 C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe
08:42:37.0114 4064  clr_optimization_v2.0.50727_32 - ok
08:42:37.0138 4064  [ 99AFC3795B58CC478FBBBCDC658FCB56 ] CmBatt          C:\Windows\system32\DRIVERS\CmBatt.sys
08:42:37.0224 4064  CmBatt - ok
08:42:37.0247 4064  [ 45201046C776FFDAF3FC8A0029C581C8 ] cmdide          C:\Windows\system32\drivers\cmdide.sys
08:42:37.0271 4064  cmdide - ok
08:42:37.0302 4064  [ 6AFEF0B60FA25DE07C0968983EE4F60A ] Compbatt        C:\Windows\system32\DRIVERS\compbatt.sys
08:42:37.0325 4064  Compbatt - ok
08:42:37.0341 4064  COMSysApp - ok
08:42:37.0357 4064  [ 2A213AE086BBEC5E937553C7D9A2B22C ] crcdisk         C:\Windows\system32\drivers\crcdisk.sys
08:42:37.0380 4064  crcdisk - ok
08:42:37.0404 4064  [ 22A7F883508176489F559EE745B5BF5D ] Crusoe          C:\Windows\system32\drivers\crusoe.sys
08:42:37.0552 4064  Crusoe - ok
08:42:37.0599 4064  [ 6DE363F9F99334514C46AEC02D3E3678 ] CryptSvc        C:\Windows\system32\cryptsvc.dll
08:42:37.0693 4064  CryptSvc - ok
08:42:37.0724 4064  [ B5ECADF7708960F1818C7FA015F4C239 ] CVirtA          C:\Windows\system32\DRIVERS\CVirtA.sys
08:42:37.0755 4064  CVirtA - ok
08:42:37.0919 4064  [ 52CE186247CA74EE01F0742AA6609A30 ] CVPND           C:\Program Files\Cisco Systems\VPN Client\cvpnd.exe
08:42:38.0122 4064  CVPND - ok
08:42:38.0169 4064  [ 57310C245810B26E378DE9E6B22DB598 ] CVPNDRVA        C:\Windows\system32\Drivers\CVPNDRVA.sys
08:42:38.0200 4064  CVPNDRVA ( UnsignedFile.Multi.Generic ) - warning
08:42:38.0200 4064  CVPNDRVA - detected UnsignedFile.Multi.Generic (1)
08:42:38.0279 4064  [ 301AE00E12408650BADDC04DBC832830 ] DcomLaunch      C:\Windows\system32\rpcss.dll
08:42:38.0388 4064  DcomLaunch - ok
08:42:38.0427 4064  [ 9E635AE5E8AD93E2B5989E2E23679F97 ] DfsC            C:\Windows\system32\Drivers\dfsc.sys
08:42:38.0521 4064  DfsC - ok
08:42:38.0669 4064  [ FA3463F25F9CC9C3BCF1E7912FEFF099 ] DFSR            C:\Windows\system32\DFSR.exe
08:42:38.0911 4064  DFSR - ok
08:42:38.0974 4064  [ 43A988A9C10333476CB5FB667CBD629D ] Dhcp            C:\Windows\System32\dhcpcsvc.dll
08:42:39.0068 4064  Dhcp - ok
08:42:39.0130 4064  [ 64109E623ABD6955C8FB110B592E68B7 ] disk            C:\Windows\system32\drivers\disk.sys
08:42:39.0185 4064  disk - ok
08:42:39.0232 4064  [ 86D52C32A308F84BBC626BFF7C1FB710 ] DNE             C:\Windows\system32\DRIVERS\dne2000.sys
08:42:39.0294 4064  DNE - ok
08:42:39.0333 4064  [ F5A0F1DA1ED8B429597E71D27D976E31 ] Dnscache        C:\Windows\System32\dnsrslvr.dll
08:42:39.0411 4064  Dnscache - ok
08:42:39.0474 4064  [ 5AF620A08C614E24206B79E8153CF1A8 ] dot3svc         C:\Windows\System32\dot3svc.dll
08:42:39.0575 4064  dot3svc - ok
08:42:39.0646 4064  [ 4F59C172C094E1A1D46463A8DC061CBD ] Dot4            C:\Windows\system32\DRIVERS\Dot4.sys
08:42:39.0739 4064  Dot4 - ok
08:42:39.0786 4064  [ 80BF3BA09F6F2523C8F6B7CC6DBF7BD5 ] Dot4Print       C:\Windows\system32\DRIVERS\Dot4Prt.sys
08:42:39.0872 4064  Dot4Print - ok
08:42:39.0919 4064  [ C55004CA6B419B6695970DFE849B122F ] dot4usb         C:\Windows\system32\DRIVERS\dot4usb.sys
08:42:40.0005 4064  dot4usb - ok
08:42:40.0052 4064  [ A622E888F8AA2F6B49E9BC466F0E5DEF ] DPS             C:\Windows\system32\dps.dll
08:42:40.0146 4064  DPS - ok
08:42:40.0185 4064  [ 97FEF831AB90BEE128C9AF390E243F80 ] drmkaud         C:\Windows\system32\drivers\drmkaud.sys
08:42:40.0271 4064  drmkaud - ok
08:42:40.0325 4064  [ F8BF50A8D862F8CC089080BEC509BCA6 ] DXGKrnl         C:\Windows\System32\drivers\dxgkrnl.sys
08:42:40.0443 4064  DXGKrnl - ok
08:42:40.0482 4064  [ F88FB26547FD2CE6D0A5AF2985892C48 ] E1G60           C:\Windows\system32\DRIVERS\E1G60I32.sys
08:42:40.0638 4064  E1G60 - ok
08:42:40.0677 4064  [ C0B95E40D85CD807D614E264248A45B9 ] EapHost         C:\Windows\System32\eapsvc.dll
08:42:40.0771 4064  EapHost - ok
08:42:40.0818 4064  [ DD2CD259D83D8B72C02C5F2331FF9D68 ] Ecache          C:\Windows\system32\drivers\ecache.sys
08:42:40.0849 4064  Ecache - ok
08:42:40.0919 4064  [ 9BE3744D295A7701EB425332014F0797 ] ehRecvr         C:\Windows\ehome\ehRecvr.exe
08:42:40.0958 4064  ehRecvr - ok
08:42:40.0997 4064  [ AD1870C8E5D6DD340C829E6074BF3C3F ] ehSched         C:\Windows\ehome\ehsched.exe
08:42:41.0044 4064  ehSched - ok
08:42:41.0068 4064  [ C27C4EE8926E74AA72EFCAB24C5242C3 ] ehstart         C:\Windows\ehome\ehstart.dll
08:42:41.0107 4064  ehstart - ok
08:42:41.0169 4064  [ 178CC9403816C082D22A1D47FA1F9C85 ] ElbyCDIO        C:\Windows\system32\Drivers\ElbyCDIO.sys
08:42:41.0341 4064  ElbyCDIO - ok
08:42:41.0443 4064  [ E8F3F21A71720C84BCF423B80028359F ] elxstor         C:\Windows\system32\drivers\elxstor.sys
08:42:41.0489 4064  elxstor - ok
08:42:41.0552 4064  [ BA4E96D951DDAD6AC3AF3C91D4AC68BF ] EMDMgmt         C:\Windows\system32\emdmgmt.dll
08:42:41.0654 4064  EMDMgmt - ok
08:42:41.0693 4064  [ 29DCAEB81DDE6F154AA4D36B18ECBB1F ] enecir          C:\Windows\system32\DRIVERS\enecir.sys
08:42:41.0732 4064  enecir - ok
08:42:41.0786 4064  [ 3CB3343D720168B575133A0A20DC2465 ] EventSystem     C:\Windows\system32\es.dll
08:42:41.0841 4064  EventSystem - ok
08:42:41.0872 4064  ewsercd - ok
08:42:41.0919 4064  [ 0D858EB20589A34EFB25695ACAA6AA2D ] exfat           C:\Windows\system32\drivers\exfat.sys
08:42:42.0005 4064  exfat - ok
08:42:42.0044 4064  [ 3C489390C2E2064563727752AF8EAB9E ] fastfat         C:\Windows\system32\drivers\fastfat.sys
08:42:42.0138 4064  fastfat - ok
08:42:42.0177 4064  [ 63BDADA84951B9C03E641800E176898A ] fdc             C:\Windows\system32\DRIVERS\fdc.sys
08:42:42.0325 4064  fdc - ok
08:42:42.0357 4064  [ 6629B5F0E98151F4AFDD87567EA32BA3 ] fdPHost         C:\Windows\system32\fdPHost.dll
08:42:42.0435 4064  fdPHost - ok
08:42:42.0482 4064  [ 89ED56DCE8E47AF40892778A5BD31FD2 ] FDResPub        C:\Windows\system32\fdrespub.dll
08:42:42.0622 4064  FDResPub - ok
08:42:42.0654 4064  [ A8C0139A884861E3AAE9CFE73B208A9F ] FileInfo        C:\Windows\system32\drivers\fileinfo.sys
08:42:42.0685 4064  FileInfo - ok
08:42:42.0716 4064  [ 0AE429A696AECBC5970E3CF2C62635AE ] Filetrace       C:\Windows\system32\drivers\filetrace.sys
08:42:42.0794 4064  Filetrace - ok
08:42:42.0825 4064  [ 6603957EFF5EC62D25075EA8AC27DE68 ] flpydisk        C:\Windows\system32\DRIVERS\flpydisk.sys
08:42:42.0966 4064  flpydisk - ok
08:42:43.0013 4064  [ 05EA53AFE985443011E36DAB07343B46 ] FltMgr          C:\Windows\system32\drivers\fltmgr.sys
08:42:43.0044 4064  FltMgr - ok
08:42:43.0091 4064  [ C9BE08664611DDAF98E2331E9288B00B ] FontCache3.0.0.0 C:\Windows\Microsoft.Net\Framework\v3.0\WPF\PresentationFontCache.exe
08:42:43.0122 4064  FontCache3.0.0.0 - ok
08:42:43.0154 4064  [ 65EA8B77B5851854F0C55C43FA51A198 ] Fs_Rec          C:\Windows\system32\drivers\Fs_Rec.sys
08:42:43.0247 4064  Fs_Rec - ok
08:42:43.0279 4064  [ 4E1CD0A45C50A8882616CAE5BF82F3C5 ] gagp30kx        C:\Windows\system32\drivers\gagp30kx.sys
08:42:43.0294 4064  gagp30kx - ok
08:42:43.0372 4064  [ 0879DC7444A201DF84E69C5DD5083D61 ] getPlusHelper   C:\Program Files\NOS\bin\getPlus_Helper.dll
08:42:43.0404 4064  getPlusHelper - ok
08:42:43.0450 4064  [ D9F1113D9401185245573350712F92FC ] gpsvc           C:\Windows\System32\gpsvc.dll
08:42:43.0591 4064  gpsvc - ok
08:42:43.0669 4064  [ CB04C744BE0A61B1D648FAED182C3B59 ] HdAudAddService C:\Windows\system32\drivers\HdAudio.sys
08:42:43.0864 4064  HdAudAddService - ok
08:42:43.0904 4064  [ C87B1EE051C0464491C1A7B03FA0BC99 ] HDAudBus        C:\Windows\system32\DRIVERS\HDAudBus.sys
08:42:43.0989 4064  HDAudBus - ok
08:42:44.0013 4064  [ 1338520E78D90154ED6BE8F84DE5FCEB ] HidBth          C:\Windows\system32\drivers\hidbth.sys
08:42:44.0161 4064  HidBth - ok
08:42:44.0200 4064  [ D8DF3722D5E961BAA1292AA2F12827E2 ] HidIr           C:\Windows\system32\DRIVERS\hidir.sys
08:42:44.0279 4064  HidIr - ok
08:42:44.0325 4064  [ 8FA640195279ACE21BEA91396A0054FC ] hidserv         C:\Windows\system32\hidserv.dll
08:42:44.0474 4064  hidserv - ok
08:42:44.0489 4064  [ 854CA287AB7FAF949617A788306D967E ] HidUsb          C:\Windows\system32\DRIVERS\hidusb.sys
08:42:44.0583 4064  HidUsb - ok
08:42:44.0622 4064  [ D8AD255B37DA92434C26E4876DB7D418 ] hkmsvc          C:\Windows\system32\kmsvc.dll
08:42:44.0716 4064  hkmsvc - ok
08:42:44.0739 4064  [ DF353B401001246853763C4B7AAA6F50 ] HpCISSs         C:\Windows\system32\drivers\hpcisss.sys
08:42:44.0763 4064  HpCISSs - ok
08:42:44.0904 4064  [ FCB563B0A23643E5F80B6FF1E60F610F ] hpqcxs08        D:\Program Files\HP\Digital Imaging\bin\hpqcxs08.dll
08:42:44.0919 4064  hpqcxs08 ( UnsignedFile.Multi.Generic ) - warning
08:42:44.0919 4064  hpqcxs08 - detected UnsignedFile.Multi.Generic (1)
08:42:44.0966 4064  [ 25E443E27165C652723A92D9BDFD4649 ] hpqddsvc        D:\Program Files\HP\Digital Imaging\bin\hpqddsvc.dll
08:42:44.0997 4064  hpqddsvc ( UnsignedFile.Multi.Generic ) - warning
08:42:44.0997 4064  hpqddsvc - detected UnsignedFile.Multi.Generic (1)
08:42:45.0044 4064  [ 96E241624C71211A79C84F50A8E71CAB ] HTTP            C:\Windows\system32\drivers\HTTP.sys
08:42:45.0169 4064  HTTP - ok
08:42:45.0216 4064  [ 1720966D9C7EA5E2D78B6DB92D2F9171 ] hwdatacard      C:\Windows\system32\DRIVERS\ewusbmdm.sys
08:42:45.0255 4064  hwdatacard - ok
08:42:45.0286 4064  [ 324C2152FF2C61ABAE92D09F3CCA4D63 ] i2omp           C:\Windows\system32\drivers\i2omp.sys
08:42:45.0310 4064  i2omp - ok
08:42:45.0364 4064  [ 22D56C8184586B7A1F6FA60BE5F5A2BD ] i8042prt        C:\Windows\system32\DRIVERS\i8042prt.sys
08:42:45.0450 4064  i8042prt - ok
08:42:45.0482 4064  [ C957BF4B5D80B46C5017BF0101E6C906 ] iaStorV         C:\Windows\system32\drivers\iastorv.sys
08:42:45.0521 4064  iaStorV - ok
08:42:45.0599 4064  [ 7B630ACAED64FEF0C3E1CF255CB56686 ] idsvc           C:\Windows\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\infocard.exe
08:42:45.0739 4064  idsvc - ok
08:42:45.0794 4064  [ 2D077BF86E843F901D8DB709C95B49A5 ] iirsp           C:\Windows\system32\drivers\iirsp.sys
08:42:45.0825 4064  iirsp - ok
08:42:45.0872 4064  [ 32712433194CF9C5622D5A49033B8911 ] IKEEXT          C:\Windows\System32\ikeext.dll
08:42:45.0966 4064  IKEEXT - ok
08:42:46.0122 4064  [ 97CAC2A7E92FFCB30C15101AB002ED30 ] IntcAzAudAddService C:\Windows\system32\drivers\RTKVHDA.sys
08:42:46.0380 4064  IntcAzAudAddService - ok
08:42:46.0443 4064  [ 83AA759F3189E6370C30DE5DC5590718 ] intelide        C:\Windows\system32\drivers\intelide.sys
08:42:46.0474 4064  intelide - ok
08:42:46.0513 4064  [ 224191001E78C89DFA78924C3EA595FF ] intelppm        C:\Windows\system32\DRIVERS\intelppm.sys
08:42:46.0591 4064  intelppm - ok
08:42:46.0638 4064  [ 9AC218C6E6105477484C6FDBE7D409A4 ] IPBusEnum       C:\Windows\system32\ipbusenum.dll
08:42:46.0732 4064  IPBusEnum - ok
08:42:46.0771 4064  [ 62C265C38769B864CB25B4BCF62DF6C3 ] IpFilterDriver  C:\Windows\system32\DRIVERS\ipfltdrv.sys
08:42:46.0864 4064  IpFilterDriver - ok
08:42:46.0911 4064  [ 6A35D233693EDC29A12742049BC5E37F ] iphlpsvc        C:\Windows\System32\iphlpsvc.dll
08:42:46.0958 4064  iphlpsvc - ok
08:42:46.0974 4064  IpInIp - ok
08:42:47.0013 4064  [ 40F34F8ABA2A015D780E4B09138B6C17 ] IPMIDRV         C:\Windows\system32\drivers\ipmidrv.sys
08:42:47.0154 4064  IPMIDRV - ok
08:42:47.0279 4064  [ 8793643A67B42CEC66490B2A0CF92D68 ] IPNAT           C:\Windows\system32\DRIVERS\ipnat.sys
08:42:47.0372 4064  IPNAT - ok
08:42:47.0404 4064  [ 109C0DFB82C3632FBD11949B73AEEAC9 ] IRENUM          C:\Windows\system32\drivers\irenum.sys
08:42:47.0482 4064  IRENUM - ok
08:42:47.0505 4064  [ 350FCA7E73CF65BCEF43FAE1E4E91293 ] isapnp          C:\Windows\system32\drivers\isapnp.sys
08:42:47.0529 4064  isapnp - ok
08:42:47.0568 4064  [ F247EEC28317F6C739C16DE420097301 ] iScsiPrt        C:\Windows\system32\DRIVERS\msiscsi.sys
08:42:47.0599 4064  iScsiPrt - ok
08:42:47.0630 4064  [ BCED60D16156E428F8DF8CF27B0DF150 ] iteatapi        C:\Windows\system32\drivers\iteatapi.sys
08:42:47.0654 4064  iteatapi - ok
08:42:47.0677 4064  [ 06FA654504A498C30ADCA8BEC4E87E7E ] iteraid         C:\Windows\system32\drivers\iteraid.sys
08:42:47.0700 4064  iteraid - ok
08:42:47.0739 4064  [ 37605E0A8CF00CBBA538E753E4344C6E ] kbdclass        C:\Windows\system32\DRIVERS\kbdclass.sys
08:42:47.0763 4064  kbdclass - ok
08:42:47.0786 4064  [ 18247836959BA67E3511B62846B9C2E0 ] kbdhid          C:\Windows\system32\DRIVERS\kbdhid.sys
08:42:47.0872 4064  kbdhid - ok
08:42:47.0904 4064  [ A911ECAC81F94ADEAFBE8E3F7873EDB0 ] KeyIso          C:\Windows\system32\lsass.exe
08:42:47.0950 4064  KeyIso - ok
08:42:47.0982 4064  [ 7A0CF7908B6824D6A2A1D313E5AE3DCA ] KSecDD          C:\Windows\system32\Drivers\ksecdd.sys
08:42:48.0044 4064  KSecDD - ok
08:42:48.0107 4064  [ 8078F8F8F7A79E2E6B494523A828C585 ] KtmRm           C:\Windows\system32\msdtckrm.dll
08:42:48.0216 4064  KtmRm - ok
08:42:48.0247 4064  [ 05CE901A4472B3FBF9407C94AD1DB693 ] LanmanServer    C:\Windows\system32\srvsvc.dll
08:42:48.0341 4064  LanmanServer - ok
08:42:48.0372 4064  [ 2AE2E1628C5D3F1C0A46A67C9FA1DF15 ] LanmanWorkstation C:\Windows\System32\wkssvc.dll
08:42:48.0419 4064  LanmanWorkstation - ok
08:42:48.0529 4064  [ B30F37242DD1C640DD5C770FF5B378AE ] Lavasoft Ad-Aware Service D:\Program Files\Lavasoft\Ad-Aware\AAWService.exe
08:42:48.0654 4064  Lavasoft Ad-Aware Service - ok
08:42:48.0716 4064  [ D1C5883087A0C3F1344D9D55A44901F6 ] lltdio          C:\Windows\system32\DRIVERS\lltdio.sys
08:42:48.0810 4064  lltdio - ok
08:42:48.0849 4064  [ 2D5A428872F1442631D0959A34ABFF63 ] lltdsvc         C:\Windows\System32\lltdsvc.dll
08:42:48.0943 4064  lltdsvc - ok
08:42:48.0982 4064  [ 35D40113E4A5B961B6CE5C5857702518 ] lmhosts         C:\Windows\System32\lmhsvc.dll
08:42:49.0122 4064  lmhosts - ok
08:42:49.0161 4064  [ A2262FB9F28935E862B4DB46438C80D2 ] LSI_FC          C:\Windows\system32\drivers\lsi_fc.sys
08:42:49.0185 4064  LSI_FC - ok
08:42:49.0216 4064  [ 30D73327D390F72A62F32C103DAF1D6D ] LSI_SAS         C:\Windows\system32\drivers\lsi_sas.sys
08:42:49.0239 4064  LSI_SAS - ok
08:42:49.0263 4064  [ E1E36FEFD45849A95F1AB81DE0159FE3 ] LSI_SCSI        C:\Windows\system32\drivers\lsi_scsi.sys
08:42:49.0286 4064  LSI_SCSI - ok
08:42:49.0333 4064  [ 8F5C7426567798E62A3B3614965D62CC ] luafv           C:\Windows\system32\drivers\luafv.sys
08:42:49.0474 4064  luafv - ok
08:42:49.0552 4064  [ 500D089CE760D83DA2B6CBA681AA9949 ] MBAMProtector   C:\Windows\system32\drivers\mbam.sys
08:42:49.0607 4064  MBAMProtector - ok
08:42:49.0677 4064  [ 85B16A92B117A5A800032ECD904B86DB ] MBAMScheduler   C:\Program Files\Malwarebytes' Anti-Malware\mbamscheduler.exe
08:42:49.0716 4064  MBAMScheduler - ok
08:42:49.0779 4064  [ 20E2469DB709FC675E655CEAA11BE312 ] MBAMService     C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe
08:42:49.0833 4064  MBAMService - ok
08:42:49.0872 4064  [ AEF9BABB8A506BC4CE0451A64AADED46 ] Mcx2Svc         C:\Windows\system32\Mcx2Svc.dll
08:42:49.0919 4064  Mcx2Svc - ok
08:42:49.0943 4064  [ D153B14FC6598EAE8422A2037553ADCE ] megasas         C:\Windows\system32\drivers\megasas.sys
08:42:49.0966 4064  megasas - ok
08:42:49.0997 4064  [ E5292521916CEA4937FBABCB1532F676 ] MGHwCtrl        C:\Windows\system32\drivers\MGHwCtrl.sys
08:42:50.0005 4064  MGHwCtrl ( UnsignedFile.Multi.Generic ) - warning
08:42:50.0005 4064  MGHwCtrl - detected UnsignedFile.Multi.Generic (1)
08:42:50.0044 4064  [ 1076FFCFFAAE8385FD62DFCB25AC4708 ] MMCSS           C:\Windows\system32\mmcss.dll
08:42:50.0122 4064  MMCSS - ok
08:42:50.0154 4064  [ E13B5EA0F51BA5B1512EC671393D09BA ] Modem           C:\Windows\system32\drivers\modem.sys
08:42:50.0239 4064  Modem - ok
08:42:50.0286 4064  [ 0A9BB33B56E294F686ABB7C1E4E2D8A8 ] monitor         C:\Windows\system32\DRIVERS\monitor.sys
08:42:50.0364 4064  monitor - ok
08:42:50.0396 4064  [ 5BF6A1326A335C5298477754A506D263 ] mouclass        C:\Windows\system32\DRIVERS\mouclass.sys
08:42:50.0419 4064  mouclass - ok
08:42:50.0443 4064  [ 93B8D4869E12CFBE663915502900876F ] mouhid          C:\Windows\system32\DRIVERS\mouhid.sys
08:42:50.0513 4064  mouhid - ok
08:42:50.0552 4064  [ BDAFC88AA6B92F7842416EA6A48E1600 ] MountMgr        C:\Windows\system32\drivers\mountmgr.sys
08:42:50.0575 4064  MountMgr - ok
08:42:50.0614 4064  [ 583A41F26278D9E0EA548163D6139397 ] mpio            C:\Windows\system32\drivers\mpio.sys
08:42:50.0638 4064  mpio - ok
08:42:50.0685 4064  [ 22241FEBA9B2DEFA669C8CB0A8DD7D2E ] mpsdrv          C:\Windows\system32\drivers\mpsdrv.sys
08:42:50.0763 4064  mpsdrv - ok
08:42:50.0810 4064  [ D1639BA315B0D79DEC49A4B0E1FB929B ] MpsSvc          C:\Windows\system32\mpssvc.dll
08:42:50.0919 4064  MpsSvc - ok
08:42:50.0943 4064  [ 4FBBB70D30FD20EC51F80061703B001E ] Mraid35x        C:\Windows\system32\drivers\mraid35x.sys
08:42:50.0966 4064  Mraid35x - ok
08:42:51.0013 4064  [ AE3DE84536B6799D2267443CEC8EDBB9 ] MRxDAV          C:\Windows\system32\drivers\mrxdav.sys
08:42:51.0068 4064  MRxDAV - ok
08:42:51.0107 4064  [ 7AFC42E60432FD1014F5342F2B1B1F74 ] mrxsmb          C:\Windows\system32\DRIVERS\mrxsmb.sys
08:42:51.0146 4064  mrxsmb - ok
08:42:51.0177 4064  [ 8A75752AE17924F65452746674B14B78 ] mrxsmb10        C:\Windows\system32\DRIVERS\mrxsmb10.sys
08:42:51.0224 4064  mrxsmb10 - ok
08:42:51.0247 4064  [ F4D0F3252E651F02BE64984FFA738394 ] mrxsmb20        C:\Windows\system32\DRIVERS\mrxsmb20.sys
08:42:51.0286 4064  mrxsmb20 - ok
08:42:51.0310 4064  [ 742AED7939E734C36B7E8D6228CE26B7 ] msahci          C:\Windows\system32\drivers\msahci.sys
08:42:51.0333 4064  msahci - ok
08:42:51.0357 4064  [ 3FC82A2AE4CC149165A94699183D3028 ] msdsm           C:\Windows\system32\drivers\msdsm.sys
08:42:51.0388 4064  msdsm - ok
08:42:51.0419 4064  [ FD7520CC3A80C5FC8C48852BB24C6DED ] MSDTC           C:\Windows\System32\msdtc.exe
08:42:51.0513 4064  MSDTC - ok
08:42:51.0552 4064  [ A9927F4A46B816C92F461ACB90CF8515 ] Msfs            C:\Windows\system32\drivers\Msfs.sys
08:42:51.0630 4064  Msfs - ok
08:42:51.0677 4064  [ 0F400E306F385C56317357D6DEA56F62 ] msisadrv        C:\Windows\system32\drivers\msisadrv.sys
08:42:51.0700 4064  msisadrv - ok
08:42:51.0732 4064  [ 85466C0757A23D9A9AECDC0755203CB2 ] MSiSCSI         C:\Windows\system32\iscsiexe.dll
08:42:51.0825 4064  MSiSCSI - ok
08:42:51.0841 4064  msiserver - ok
08:42:51.0896 4064  [ D8C63D34D9C9E56C059E24EC7185CC07 ] MSKSSRV         C:\Windows\system32\drivers\MSKSSRV.sys
08:42:51.0966 4064  MSKSSRV - ok
08:42:52.0005 4064  [ 1D373C90D62DDB641D50E55B9E78D65E ] MSPCLOCK        C:\Windows\system32\drivers\MSPCLOCK.sys
08:42:52.0091 4064  MSPCLOCK - ok
08:42:52.0107 4064  [ B572DA05BF4E098D4BBA3A4734FB505B ] MSPQM           C:\Windows\system32\drivers\MSPQM.sys
08:42:52.0185 4064  MSPQM - ok
08:42:52.0224 4064  [ B5614AECB05A9340AA0FB55BF561CC63 ] MsRPC           C:\Windows\system32\drivers\MsRPC.sys
08:42:52.0255 4064  MsRPC - ok
08:42:52.0294 4064  [ E384487CB84BE41D09711C30CA79646C ] mssmbios        C:\Windows\system32\DRIVERS\mssmbios.sys
08:42:52.0318 4064  mssmbios - ok
08:42:52.0341 4064  [ 7199C1EEC1E4993CAF96B8C0A26BD58A ] MSTEE           C:\Windows\system32\drivers\MSTEE.sys
08:42:52.0419 4064  MSTEE - ok
08:42:52.0450 4064  [ 6DFD1D322DE55B0B7DB7D21B90BEC49C ] Mup             C:\Windows\system32\Drivers\mup.sys
08:42:52.0474 4064  Mup - ok
08:42:52.0529 4064  [ C43B25863FBD65B6D2A142AF3AE320CA ] napagent        C:\Windows\system32\qagentRT.dll
08:42:52.0614 4064  napagent - ok
08:42:52.0661 4064  [ DD721F8635191132992E7CEAA3C43C84 ] NativeWifiP     C:\Windows\system32\DRIVERS\nwifi.sys
08:42:52.0700 4064  NativeWifiP - ok
08:42:52.0747 4064  [ 9BDC71790FA08F0A0B5F10462B1BD0B1 ] NDIS            C:\Windows\system32\drivers\ndis.sys
08:42:52.0810 4064  NDIS - ok
08:42:52.0849 4064  [ 0E186E90404980569FB449BA7519AE61 ] NdisTapi        C:\Windows\system32\DRIVERS\ndistapi.sys
08:42:52.0935 4064  NdisTapi - ok
08:42:52.0974 4064  [ D6973AA34C4D5D76C0430B181C3CD389 ] Ndisuio         C:\Windows\system32\DRIVERS\ndisuio.sys
08:42:53.0044 4064  Ndisuio - ok
08:42:53.0075 4064  [ 3D14C3B3496F88890D431E8AA022A411 ] NdisWan         C:\Windows\system32\DRIVERS\ndiswan.sys
08:42:53.0154 4064  NdisWan - ok
08:42:53.0185 4064  [ 71DAB552B41936358F3B541AE5997FB3 ] NDProxy         C:\Windows\system32\drivers\NDProxy.sys
08:42:53.0271 4064  NDProxy - ok
08:42:53.0333 4064  [ 51C6D8BFBD4EA5B62A1BA7F4469250D3 ] Net Driver HPZ12 C:\Windows\system32\HPZinw12.dll
08:42:53.0364 4064  Net Driver HPZ12 ( UnsignedFile.Multi.Generic ) - warning
08:42:53.0364 4064  Net Driver HPZ12 - detected UnsignedFile.Multi.Generic (1)
08:42:53.0388 4064  [ BCD093A5A6777CF626434568DC7DBA78 ] NetBIOS         C:\Windows\system32\DRIVERS\netbios.sys
08:42:53.0482 4064  NetBIOS - ok
08:42:53.0521 4064  [ 7C5FEE5B1C5728507CD96FB4A13E7A02 ] netbt           C:\Windows\system32\DRIVERS\netbt.sys
08:42:53.0599 4064  netbt - ok
08:42:53.0630 4064  [ A911ECAC81F94ADEAFBE8E3F7873EDB0 ] Netlogon        C:\Windows\system32\lsass.exe
08:42:53.0669 4064  Netlogon - ok
08:42:53.0716 4064  [ C8052711DAECC48B982434C5116CA401 ] Netman          C:\Windows\System32\netman.dll
08:42:53.0818 4064  Netman - ok
08:42:53.0849 4064  [ 2EF3BBE22E5A5ACD1428EE387A0D0172 ] netprofm        C:\Windows\System32\netprofm.dll
08:42:53.0958 4064  netprofm - ok
08:42:54.0005 4064  [ 0AD5876EF4E9EB77C8F93EB5B2FFF386 ] NetTcpPortSharing C:\Windows\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\SMSvcHost.exe
08:42:54.0036 4064  NetTcpPortSharing - ok
08:42:54.0146 4064  [ CB3AF516A6797B27725E3F1E73F3496C ] NETw4v32        C:\Windows\system32\DRIVERS\NETw4v32.sys
08:42:54.0396 4064  NETw4v32 - ok
08:42:54.0411 4064  [ 2E7FB731D4790A1BC6270ACCEFACB36E ] nfrd960         C:\Windows\system32\drivers\nfrd960.sys
08:42:54.0443 4064  nfrd960 - ok
08:42:54.0474 4064  [ 725FF88EA218FD7FAC44FC7BE32E60ED ] NishService     C:\Program Files\System Control Manager\edd.exe
08:42:54.0489 4064  NishService ( UnsignedFile.Multi.Generic ) - warning
08:42:54.0489 4064  NishService - detected UnsignedFile.Multi.Generic (1)
08:42:54.0536 4064  [ 2997B15415F9BBE05B5A4C1C85E0C6A2 ] NlaSvc          C:\Windows\System32\nlasvc.dll
08:42:54.0630 4064  NlaSvc - ok
08:42:54.0661 4064  [ ECB5003F484F9ED6C608D6D6C7886CBB ] Npfs            C:\Windows\system32\drivers\Npfs.sys
08:42:54.0739 4064  Npfs - ok
08:42:54.0771 4064  [ 8BB86F0C7EEA2BDED6FE095D0B4CA9BD ] nsi             C:\Windows\system32\nsisvc.dll
08:42:54.0849 4064  nsi - ok
08:42:54.0880 4064  [ 609773E344A97410CE4EBF74A8914FCF ] nsiproxy        C:\Windows\system32\drivers\nsiproxy.sys
08:42:54.0974 4064  nsiproxy - ok
08:42:55.0052 4064  [ B4EFFE29EB4F15538FD8A9681108492D ] Ntfs            C:\Windows\system32\drivers\Ntfs.sys
08:42:55.0208 4064  Ntfs - ok
08:42:55.0255 4064  [ E875C093AEC0C978A90F30C9E0DFBB72 ] ntrigdigi       C:\Windows\system32\drivers\ntrigdigi.sys
08:42:55.0404 4064  ntrigdigi - ok
08:42:55.0529 4064  [ C5DBBCDA07D780BDA9B685DF333BB41E ] Null            C:\Windows\system32\drivers\Null.sys
08:42:55.0599 4064  Null - ok
08:42:56.0036 4064  [ BD409DE5681C74C1DE51D72427DC202D ] nvlddmkm        C:\Windows\system32\DRIVERS\nvlddmkm.sys
08:42:57.0622 4064  nvlddmkm - ok
08:42:57.0716 4064  [ E69E946F80C1C31C53003BFBF50CBB7C ] nvraid          C:\Windows\system32\drivers\nvraid.sys
08:42:57.0747 4064  nvraid - ok
08:42:57.0763 4064  [ 9E0BA19A28C498A6D323D065DB76DFFC ] nvstor          C:\Windows\system32\drivers\nvstor.sys
08:42:57.0786 4064  nvstor - ok
08:42:57.0849 4064  [ E55877BE77A8A31B0416B4E7C3DBE3F2 ] nvsvc           C:\Windows\system32\nvvsvc.exe
08:42:57.0935 4064  nvsvc - ok
08:42:57.0966 4064  [ 07C186427EB8FCC3D8D7927187F260F7 ] nv_agp          C:\Windows\system32\drivers\nv_agp.sys
08:42:57.0997 4064  nv_agp - ok
08:42:58.0013 4064  NwlnkFlt - ok
08:42:58.0029 4064  NwlnkFwd - ok
08:42:58.0138 4064  [ 84DE1DD996B48B05ACE31AD015FA108A ] odserv          C:\Program Files\Common Files\Microsoft Shared\OFFICE12\ODSERV.EXE
08:42:58.0193 4064  odserv - ok
08:42:58.0247 4064  [ 790E27C3DB53410B40FF9EF2FD10A1D9 ] ohci1394        C:\Windows\system32\DRIVERS\ohci1394.sys
08:42:58.0333 4064  ohci1394 - ok
08:42:58.0372 4064  [ 5A432A042DAE460ABE7199B758E8606C ] ose             C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE
08:42:58.0396 4064  ose - ok
08:42:58.0466 4064  [ 5DE1A3972FD3112C75EB17BDCF454169 ] p2pimsvc        C:\Windows\system32\p2psvc.dll
08:42:58.0591 4064  p2pimsvc - ok
08:42:58.0622 4064  [ 5DE1A3972FD3112C75EB17BDCF454169 ] p2psvc          C:\Windows\system32\p2psvc.dll
08:42:58.0732 4064  p2psvc - ok
08:42:58.0779 4064  [ 0FA9B5055484649D63C303FE404E5F4D ] Parport         C:\Windows\system32\drivers\parport.sys
08:42:58.0919 4064  Parport - ok
08:42:59.0029 4064  [ 3B38467E7C3DAED009DFE359E17F139F ] partmgr         C:\Windows\system32\drivers\partmgr.sys
08:42:59.0060 4064  partmgr - ok
08:42:59.0075 4064  [ 4F9A6A8A31413180D0FCB279AD5D8112 ] Parvdm          C:\Windows\system32\drivers\parvdm.sys
08:42:59.0200 4064  Parvdm - ok
08:42:59.0247 4064  [ C6276AD11F4BB49B58AA1ED88537F14A ] PcaSvc          C:\Windows\System32\pcasvc.dll
08:42:59.0294 4064  PcaSvc - ok
08:42:59.0325 4064  [ 01B94418DEB235DFF777CC80076354B4 ] pci             C:\Windows\system32\drivers\pci.sys
08:42:59.0372 4064  pci - ok
08:42:59.0388 4064  [ 3B1901E401473E03EB8C874271E50C26 ] pciide          C:\Windows\system32\drivers\pciide.sys
08:42:59.0404 4064  pciide - ok
08:42:59.0435 4064  [ E6F3FB1B86AA519E7698AD05E58B04E5 ] pcmcia          C:\Windows\system32\drivers\pcmcia.sys
08:42:59.0482 4064  pcmcia - ok
08:42:59.0529 4064  [ 6349F6ED9C623B44B52EA3C63C831A92 ] PEAUTH          C:\Windows\system32\drivers\peauth.sys
08:42:59.0810 4064  PEAUTH - ok
08:42:59.0919 4064  [ B1689DF169143F57053F795390C99DB3 ] pla             C:\Windows\system32\pla.dll
08:43:00.0138 4064  pla - ok
08:43:00.0169 4064  [ 78F975CB6D18265BE6F492EDB2D7BC7B ] PlugPlay        C:\Windows\system32\umpnpmgr.dll
08:43:00.0263 4064  PlugPlay - ok
08:43:00.0310 4064  [ 79834AA2FBF9FE81EEBB229024F6F7FC ] Pml Driver HPZ12 C:\Windows\system32\HPZipm12.dll
08:43:00.0341 4064  Pml Driver HPZ12 ( UnsignedFile.Multi.Generic ) - warning
08:43:00.0341 4064  Pml Driver HPZ12 - detected UnsignedFile.Multi.Generic (1)
08:43:00.0388 4064  [ 831883B107684301F48ACE752C963984 ] PnkBstrA        C:\Windows\system32\PnkBstrA.exe
08:43:00.0419 4064  PnkBstrA - ok
08:43:00.0450 4064  [ E24106A5EAECDDFF00B25497049DD65F ] PnkBstrB        C:\Windows\system32\PnkBstrB.exe
08:43:00.0482 4064  PnkBstrB - ok
08:43:00.0529 4064  [ 5DE1A3972FD3112C75EB17BDCF454169 ] PNRPAutoReg     C:\Windows\system32\p2psvc.dll
08:43:00.0622 4064  PNRPAutoReg - ok
08:43:00.0669 4064  [ 5DE1A3972FD3112C75EB17BDCF454169 ] PNRPsvc         C:\Windows\system32\p2psvc.dll
08:43:00.0779 4064  PNRPsvc - ok
08:43:00.0841 4064  [ 47B8F37AA18B74D8C2E1BC1A7A2C8F8A ] PolicyAgent     C:\Windows\System32\ipsecsvc.dll
08:43:00.0935 4064  PolicyAgent - ok
08:43:00.0982 4064  [ ECFFFAEC0C1ECD8DBC77F39070EA1DB1 ] PptpMiniport    C:\Windows\system32\DRIVERS\raspptp.sys
08:43:01.0075 4064  PptpMiniport - ok
08:43:01.0107 4064  [ 0E3CEF5D28B40CF273281D620C50700A ] Processor       C:\Windows\system32\drivers\processr.sys
08:43:01.0247 4064  Processor - ok
08:43:01.0279 4064  [ B627E4FC8585E8843C5905D4D3587A90 ] ProfSvc         C:\Windows\system32\profsvc.dll
08:43:01.0372 4064  ProfSvc - ok
08:43:01.0388 4064  [ A911ECAC81F94ADEAFBE8E3F7873EDB0 ] ProtectedStorage C:\Windows\system32\lsass.exe
08:43:01.0419 4064  ProtectedStorage - ok
08:43:01.0466 4064  [ A114CFE308C24B8235B03CFDFFE11E99 ] PSched          C:\Windows\system32\DRIVERS\pacer.sys
08:43:01.0544 4064  PSched - ok
08:43:01.0607 4064  [ CCDAC889326317792480C0A67156A1EC ] ql2300          C:\Windows\system32\drivers\ql2300.sys
08:43:01.0747 4064  ql2300 - ok
08:43:01.0763 4064  [ 81A7E5C076E59995D54BC1ED3A16E60B ] ql40xx          C:\Windows\system32\drivers\ql40xx.sys
08:43:01.0794 4064  ql40xx - ok
08:43:01.0841 4064  [ E9ECAE663F47E6CB43962D18AB18890F ] QWAVE           C:\Windows\system32\qwave.dll
08:43:01.0904 4064  QWAVE - ok
08:43:01.0950 4064  [ 9F5E0E1926014D17486901C88ECA2DB7 ] QWAVEdrv        C:\Windows\system32\drivers\qwavedrv.sys
08:43:01.0982 4064  QWAVEdrv - ok
08:43:02.0029 4064  [ 147D7F9C556D259924351FEB0DE606C3 ] RasAcd          C:\Windows\system32\DRIVERS\rasacd.sys
08:43:02.0091 4064  RasAcd - ok
08:43:02.0138 4064  [ F6A452EB4CEADBB51C9E0EE6B3ECEF0F ] RasAuto         C:\Windows\System32\rasauto.dll
08:43:02.0216 4064  RasAuto - ok
08:43:02.0263 4064  [ A214ADBAF4CB47DD2728859EF31F26B0 ] Rasl2tp         C:\Windows\system32\DRIVERS\rasl2tp.sys
08:43:02.0341 4064  Rasl2tp - ok
08:43:02.0357 4064  [ 6E7C284FC5C4EC07AD164D93810385A6 ] RasMan          C:\Windows\System32\rasmans.dll
08:43:02.0466 4064  RasMan - ok
08:43:02.0497 4064  [ 3E9D9B048107B40D87B97DF2E48E0744 ] RasPppoe        C:\Windows\system32\DRIVERS\raspppoe.sys
08:43:02.0575 4064  RasPppoe - ok
08:43:02.0607 4064  [ A7D141684E9500AC928A772ED8E6B671 ] RasSstp         C:\Windows\system32\DRIVERS\rassstp.sys
08:43:02.0685 4064  RasSstp - ok
08:43:02.0732 4064  [ 6E1C5D0457622F9EE35F683110E93D14 ] rdbss           C:\Windows\system32\DRIVERS\rdbss.sys
08:43:02.0810 4064  rdbss - ok
08:43:02.0857 4064  [ 89E59BE9A564262A3FB6C4F4F1CD9899 ] RDPCDD          C:\Windows\system32\DRIVERS\RDPCDD.sys
08:43:02.0919 4064  RDPCDD - ok
08:43:02.0966 4064  [ E8BD98D46F2ED77132BA927FCCB47D8B ] rdpdr           C:\Windows\system32\drivers\rdpdr.sys
08:43:03.0138 4064  rdpdr - ok
08:43:03.0138 4064  [ 9D91FE5286F748862ECFFA05F8A0710C ] RDPENCDD        C:\Windows\system32\drivers\rdpencdd.sys
08:43:03.0216 4064  RDPENCDD - ok
08:43:03.0263 4064  [ E1C18F4097A5ABCEC941DC4B2F99DB7E ] RDPWD           C:\Windows\system32\drivers\RDPWD.sys
08:43:03.0341 4064  RDPWD - ok
08:43:03.0388 4064  [ BCDD6B4804D06B1F7EBF29E53A57ECE9 ] RemoteAccess    C:\Windows\System32\mprdim.dll
08:43:03.0482 4064  RemoteAccess - ok
08:43:03.0513 4064  [ CC4E32400F3C7253400CF8F3F3A0B676 ] RemoteRegistry  C:\Windows\system32\regsvc.dll
08:43:03.0607 4064  RemoteRegistry - ok
08:43:03.0700 4064  [ 4D05898896EC49CF663DDA61041AB096 ] RichVideo       C:\Program Files\CyberLink\Shared Files\RichVideo.exe
08:43:03.0732 4064  RichVideo - ok
08:43:03.0794 4064  [ 355AAC141B214BEF1DBC1483AFD9BD50 ] rimmptsk        C:\Windows\system32\DRIVERS\rimmptsk.sys
08:43:03.0833 4064  rimmptsk - ok
08:43:03.0849 4064  [ A4216C71DD4F60B26418CCFD99CD0815 ] rimsptsk        C:\Windows\system32\DRIVERS\rimsptsk.sys
08:43:03.0880 4064  rimsptsk - ok
08:43:03.0935 4064  [ 75E8A6BFA7374ABA833AE92BF41AE4E6 ] ROOTMODEM       C:\Windows\system32\Drivers\RootMdm.sys
08:43:04.0021 4064  ROOTMODEM - ok
08:43:04.0068 4064  [ 5123F83CBC4349D065534EEB6BBDC42B ] RpcLocator      C:\Windows\system32\locator.exe
08:43:04.0122 4064  RpcLocator - ok
08:43:04.0169 4064  [ 301AE00E12408650BADDC04DBC832830 ] RpcSs           C:\Windows\system32\rpcss.dll
08:43:04.0279 4064  RpcSs - ok
08:43:04.0325 4064  [ 9C508F4074A39E8B4B31D27198146FAD ] rspndr          C:\Windows\system32\DRIVERS\rspndr.sys
08:43:04.0404 4064  rspndr - ok
08:43:04.0443 4064  [ B7E1C523E2F7787D700766FC78E01F77 ] RTL8169         C:\Windows\system32\DRIVERS\Rtlh86.sys
08:43:04.0497 4064  RTL8169 - ok
08:43:04.0513 4064  [ A911ECAC81F94ADEAFBE8E3F7873EDB0 ] SamSs           C:\Windows\system32\lsass.exe
08:43:04.0552 4064  SamSs - ok
08:43:04.0591 4064  [ 3CE8F073A557E172B330109436984E30 ] sbp2port        C:\Windows\system32\drivers\sbp2port.sys
08:43:04.0622 4064  sbp2port - ok
08:43:04.0677 4064  [ 11387E32642269C7E62E8B52C060B3C6 ] SCardSvr        C:\Windows\System32\SCardSvr.dll
08:43:04.0779 4064  SCardSvr - ok
08:43:04.0833 4064  [ 1D5E99DB3C10F4FA034010DC49043CA4 ] Schedule        C:\Windows\system32\schedsvc.dll
08:43:05.0005 4064  Schedule - ok
08:43:05.0036 4064  [ 87C2D0377B23E2D8A41093C2F5FB1A5B ] SCPolicySvc     C:\Windows\System32\certprop.dll
08:43:05.0107 4064  SCPolicySvc - ok
08:43:05.0154 4064  [ 126EA89BCC413EE45E3004FB0764888F ] sdbus           C:\Windows\system32\DRIVERS\sdbus.sys
08:43:05.0239 4064  sdbus - ok
08:43:05.0255 4064  [ 716313D9F6B0529D03F726D5AAF6F191 ] SDRSVC          C:\Windows\System32\SDRSVC.dll
08:43:05.0294 4064  SDRSVC - ok
08:43:05.0318 4064  [ 90A3935D05B494A5A39D37E71F09A677 ] secdrv          C:\Windows\system32\drivers\secdrv.sys
08:43:05.0466 4064  secdrv - ok
08:43:05.0505 4064  [ FD5199D4D8A521005E4B5EE7FE00FA9B ] seclogon        C:\Windows\system32\seclogon.dll
08:43:05.0583 4064  seclogon - ok
08:43:05.0607 4064  [ A9BBAB5759771E523F55563D6CBE140F ] SENS            C:\Windows\System32\sens.dll
08:43:05.0685 4064  SENS - ok
08:43:05.0708 4064  [ 68E44E331D46F0FB38F0863A84CD1A31 ] Serenum         C:\Windows\system32\drivers\serenum.sys
08:43:05.0864 4064  Serenum - ok
08:43:05.0888 4064  [ C70D69A918B178D3C3B06339B40C2E1B ] Serial          C:\Windows\system32\drivers\serial.sys
08:43:06.0029 4064  Serial - ok
08:43:06.0060 4064  [ 8AF3D28A879BF75DB53A0EE7A4289624 ] sermouse        C:\Windows\system32\drivers\sermouse.sys
08:43:06.0130 4064  sermouse - ok
08:43:06.0193 4064  [ D2193326F729B163125610DBF3E17D57 ] SessionEnv      C:\Windows\system32\sessenv.dll
08:43:06.0271 4064  SessionEnv - ok
08:43:06.0310 4064  [ 3EFA810BDCA87F6ECC24F9832243FE86 ] sffdisk         C:\Windows\system32\DRIVERS\sffdisk.sys
08:43:06.0388 4064  sffdisk - ok
08:43:06.0411 4064  [ 8FD08A310645FE872EEEC6E08C6BF3EE ] sffp_mmc        C:\Windows\system32\drivers\sffp_mmc.sys
08:43:06.0544 4064  sffp_mmc - ok
08:43:06.0560 4064  [ 3D0EA348784B7AC9EA9BD9F317980979 ] sffp_sd         C:\Windows\system32\DRIVERS\sffp_sd.sys
08:43:06.0646 4064  sffp_sd - ok
08:43:06.0669 4064  [ 46ED8E91793B2E6F848015445A0AC188 ] sfloppy         C:\Windows\system32\drivers\sfloppy.sys
08:43:06.0802 4064  sfloppy - ok
08:43:06.0841 4064  [ E1499BD0FF76B1B2FBBF1AF339D91165 ] SharedAccess    C:\Windows\System32\ipnathlp.dll
08:43:06.0943 4064  SharedAccess - ok
08:43:06.0974 4064  [ 27F10F348E508243F6254846F8370D0D ] ShellHWDetection C:\Windows\System32\shsvcs.dll
08:43:07.0068 4064  ShellHWDetection - ok
08:43:07.0099 4064  [ 7471CF7CBB4CC7D92FDB7F6527A9008C ] Si3531          C:\Windows\system32\DRIVERS\Si3531.sys
08:43:07.0130 4064  Si3531 - ok
08:43:07.0146 4064  [ 72CF151FB410E544904DBC7D7F29B796 ] SiFilter        C:\Windows\system32\DRIVERS\SiWinAcc.sys
08:43:07.0169 4064  SiFilter - ok
08:43:07.0200 4064  [ 41A59F484188BE629087BA391FF60D74 ] SiRemFil        C:\Windows\system32\DRIVERS\SiRemFil.sys
08:43:07.0224 4064  SiRemFil - ok
08:43:07.0247 4064  [ D2A595D6EEBEEAF4334F8E50EFBC9931 ] sisagp          C:\Windows\system32\drivers\sisagp.sys
08:43:07.0279 4064  sisagp - ok
08:43:07.0286 4064  [ CEDD6F4E7D84E9F98B34B3FE988373AA ] SiSRaid2        C:\Windows\system32\drivers\sisraid2.sys
08:43:07.0318 4064  SiSRaid2 - ok
08:43:07.0333 4064  [ DF843C528C4F69D12CE41CE462E973A7 ] SiSRaid4        C:\Windows\system32\drivers\sisraid4.sys
08:43:07.0357 4064  SiSRaid4 - ok
08:43:07.0489 4064  [ 0BA91E1358AD25236863039BB2609A2E ] slsvc           C:\Windows\system32\SLsvc.exe
08:43:07.0732 4064  slsvc - ok
08:43:07.0779 4064  [ 7C6DC44CA0BFA6291629AB764200D1D4 ] SLUINotify      C:\Windows\system32\SLUINotify.dll
08:43:07.0857 4064  SLUINotify - ok
08:43:07.0896 4064  [ 031E6BCD53C9B2B9ACE111EAFEC347B6 ] Smb             C:\Windows\system32\DRIVERS\smb.sys
08:43:07.0966 4064  Smb - ok
08:43:08.0005 4064  [ 2A146A055B4401C16EE62D18B8E2A032 ] SNMPTRAP        C:\Windows\System32\snmptrap.exe
08:43:08.0044 4064  SNMPTRAP - ok
08:43:08.0075 4064  [ 7AEBDEEF071FE28B0EEF2CDD69102BFF ] spldr           C:\Windows\system32\drivers\spldr.sys
08:43:08.0099 4064  spldr - ok
08:43:08.0122 4064  [ 846CDF9A3CF4DA9B306ADFB7D55EE4C2 ] Spooler         C:\Windows\System32\spoolsv.exe
08:43:08.0216 4064  Spooler - ok
08:43:08.0271 4064  [ 8E5FC19B3B38364C5F44CCECEC5248E9 ] srv             C:\Windows\system32\DRIVERS\srv.sys
08:43:08.0333 4064  srv - ok
08:43:08.0364 4064  [ 4CEEB95E0B79E48B81F2DA0A6C24C64B ] srv2            C:\Windows\system32\DRIVERS\srv2.sys
08:43:08.0411 4064  srv2 - ok
08:43:08.0435 4064  [ F9C65E1E00A6BBF7C57D9B8EA068C525 ] srvnet          C:\Windows\system32\DRIVERS\srvnet.sys
08:43:08.0474 4064  srvnet - ok
08:43:08.0497 4064  [ 03D50B37234967433A5EA5BA72BC0B62 ] SSDPSRV         C:\Windows\System32\ssdpsrv.dll
08:43:08.0591 4064  SSDPSRV - ok
08:43:08.0661 4064  [ 6F1A32E7B7B30F004D9A20AFADB14944 ] SstpSvc         C:\Windows\system32\sstpsvc.dll
08:43:08.0747 4064  SstpSvc - ok
08:43:08.0779 4064  Steam Client Service - ok
08:43:08.0864 4064  [ 8D01686AE82B466F4CD074F31F2942CA ] Stereo Service  C:\Program Files\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe
08:43:08.0919 4064  Stereo Service - ok
08:43:08.0997 4064  [ 7DD08A597BC56051F320DA0BAF69E389 ] stisvc          C:\Windows\System32\wiaservc.dll
08:43:09.0114 4064  stisvc - ok
08:43:09.0146 4064  [ 7BA58ECF0C0A9A69D44B3DCA62BECF56 ] swenum          C:\Windows\system32\DRIVERS\swenum.sys
08:43:09.0161 4064  swenum - ok
08:43:09.0208 4064  [ B36C7CDB86F7F7A8E884479219766950 ] swprv           C:\Windows\System32\swprv.dll
08:43:09.0318 4064  swprv - ok
08:43:09.0364 4064  [ 192AA3AC01DF071B541094F251DEED10 ] Symc8xx         C:\Windows\system32\drivers\symc8xx.sys
08:43:09.0380 4064  Symc8xx - ok
08:43:09.0427 4064  [ 8C8EB8C76736EBAF3B13B633B2E64125 ] Sym_hi          C:\Windows\system32\drivers\sym_hi.sys
08:43:09.0443 4064  Sym_hi - ok
08:43:09.0474 4064  [ 8072AF52B5FD103BBBA387A1E49F62CB ] Sym_u3          C:\Windows\system32\drivers\sym_u3.sys
08:43:09.0489 4064  Sym_u3 - ok
08:43:09.0552 4064  [ 8710A92D0024B03B5FB9540DF1F71F1D ] SysMain         C:\Windows\system32\sysmain.dll
08:43:09.0677 4064  SysMain - ok
08:43:09.0724 4064  [ 2DCA225EAE15F42C0933E998EE0231C3 ] TabletInputService C:\Windows\System32\TabSvc.dll
08:43:09.0771 4064  TabletInputService - ok
08:43:09.0810 4064  [ 680916BB09EE0F3A6ACA7C274B0D633F ] TapiSrv         C:\Windows\System32\tapisrv.dll
08:43:09.0896 4064  TapiSrv - ok
08:43:09.0943 4064  [ CB05822CD9CC6C688168E113C603DBE7 ] TBS             C:\Windows\System32\tbssvc.dll
08:43:10.0036 4064  TBS - ok
08:43:10.0091 4064  [ A6A02EF5B5E40FBD31A1ADC577DA54BB ] Tcpip           C:\Windows\system32\drivers\tcpip.sys
08:43:10.0224 4064  Tcpip - ok
08:43:10.0286 4064  [ A6A02EF5B5E40FBD31A1ADC577DA54BB ] Tcpip6          C:\Windows\system32\DRIVERS\tcpip.sys
08:43:10.0404 4064  Tcpip6 - ok
08:43:10.0435 4064  [ D4A2E4A4B011F3A883AF77315A5AE76B ] tcpipreg        C:\Windows\system32\drivers\tcpipreg.sys
08:43:10.0521 4064  tcpipreg - ok
08:43:10.0552 4064  [ 5DCF5E267BE67A1AE926F2DF77FBCC56 ] TDPIPE          C:\Windows\system32\drivers\tdpipe.sys
08:43:10.0638 4064  TDPIPE - ok
08:43:10.0669 4064  [ 389C63E32B3CEFED425B61ED92D3F021 ] TDTCP           C:\Windows\system32\drivers\tdtcp.sys
08:43:10.0763 4064  TDTCP - ok
08:43:10.0802 4064  [ D09276B1FAB033CE1D40DCBDF303D10F ] tdx             C:\Windows\system32\DRIVERS\tdx.sys
08:43:10.0872 4064  tdx - ok
08:43:10.0927 4064  [ 04406FD2ADE08671C117E0238F823B7E ] TeamViewer4     C:\Program Files\TeamViewer\Version4\TeamViewer_Service.exe
08:43:10.0950 4064  TeamViewer4 - ok
08:43:11.0005 4064  [ 654236EBBA5D6C7FE33F19829D226FD2 ] TeamViewer5     C:\Program Files\TeamViewer\Version5\TeamViewer_Service.exe
08:43:11.0029 4064  TeamViewer5 - ok
08:43:11.0052 4064  [ A048056F5E1A96A9BF3071B91741A5AA ] TermDD          C:\Windows\system32\DRIVERS\termdd.sys
08:43:11.0083 4064  TermDD - ok
08:43:11.0130 4064  [ D605031E225AACCBCEB5B76A4F1603A6 ] TermService     C:\Windows\System32\termsrv.dll
08:43:11.0271 4064  TermService - ok
08:43:11.0310 4064  [ 27F10F348E508243F6254846F8370D0D ] Themes          C:\Windows\system32\shsvcs.dll
08:43:11.0388 4064  Themes - ok
08:43:11.0411 4064  [ 1076FFCFFAAE8385FD62DFCB25AC4708 ] THREADORDER     C:\Windows\system32\mmcss.dll
08:43:11.0489 4064  THREADORDER - ok
08:43:11.0560 4064  [ 87843B2DA99051BC66E2D6C211E3D6A4 ] TOSHIBA Bluetooth Service C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosBtSrv.exe
08:43:11.0583 4064  TOSHIBA Bluetooth Service - ok
08:43:11.0607 4064  [ 8D624D3BD1F2D78BD1C01A2D4E954B4E ] tosporte        C:\Windows\system32\DRIVERS\tosporte.sys
08:43:11.0630 4064  tosporte - ok
08:43:11.0661 4064  [ 266DF087A8C24DA34FF40CF3DF86CCFB ] tosrfbd         C:\Windows\system32\DRIVERS\tosrfbd.sys
08:43:11.0700 4064  tosrfbd - ok
08:43:11.0732 4064  [ 90C8525BC578AAFFE87C2D0ED4379E9E ] tosrfbnp        C:\Windows\system32\Drivers\tosrfbnp.sys
08:43:11.0763 4064  tosrfbnp - ok
08:43:11.0794 4064  [ 5BA1CA3B3CDDB1DDC67DF473F05D1EC2 ] Tosrfcom        C:\Windows\system32\Drivers\tosrfcom.sys
08:43:11.0833 4064  Tosrfcom - ok
08:43:11.0857 4064  [ 7C807BA9660E2995CC0217A14A24094C ] Tosrfhid        C:\Windows\system32\DRIVERS\Tosrfhid.sys
08:43:11.0904 4064  Tosrfhid - ok
08:43:11.0919 4064  [ C52FD27B9ADF3A1F22CB90E6BCF9B0CB ] tosrfnds        C:\Windows\system32\DRIVERS\tosrfnds.sys
08:43:11.0950 4064  tosrfnds - ok
08:43:11.0982 4064  [ A4CE9572BC4AC8D329455059B43C5BEA ] TosRfSnd        C:\Windows\system32\drivers\tosrfsnd.sys
08:43:12.0013 4064  TosRfSnd - ok
08:43:12.0029 4064  [ CDDA265C7617A2745B48E0DE572012A6 ] Tosrfusb        C:\Windows\system32\DRIVERS\tosrfusb.sys
08:43:12.0060 4064  Tosrfusb - ok
08:43:12.0091 4064  [ EC74E77D0EB004BD3A809B5F8FB8C2CE ] TrkWks          C:\Windows\System32\trkwks.dll
08:43:12.0169 4064  TrkWks - ok
08:43:12.0216 4064  [ 16613A1BAD034D4ECF957AF18B7C2FF5 ] TrustedInstaller C:\Windows\servicing\TrustedInstaller.exe
08:43:12.0294 4064  TrustedInstaller - ok
08:43:12.0341 4064  [ DCF0F056A2E4F52287264F5AB29CF206 ] tssecsrv        C:\Windows\system32\DRIVERS\tssecsrv.sys
08:43:12.0419 4064  tssecsrv - ok
08:43:12.0466 4064  [ CAECC0120AC49E3D2F758B9169872D38 ] tunmp           C:\Windows\system32\DRIVERS\tunmp.sys
08:43:12.0513 4064  tunmp - ok
08:43:12.0529 4064  [ 6042505FF6FA9AC1EF7684D0E03B6940 ] tunnel          C:\Windows\system32\DRIVERS\tunnel.sys
08:43:12.0575 4064  tunnel - ok
08:43:12.0654 4064  [ 77EBF3E9386DAA51551AF429052D88D0 ] tvtool          d:\Program Files\TVTool\tvtool.sys
08:43:12.0669 4064  tvtool ( UnsignedFile.Multi.Generic ) - warning
08:43:12.0669 4064  tvtool - detected UnsignedFile.Multi.Generic (1)
08:43:12.0716 4064  [ C3ADE15414120033A36C0F293D4A4121 ] uagp35          C:\Windows\system32\drivers\uagp35.sys
08:43:12.0732 4064  uagp35 - ok
08:43:12.0779 4064  [ 8B5088058FA1D1CD897A2113CCFF6C58 ] udfs            C:\Windows\system32\DRIVERS\udfs.sys
08:43:12.0872 4064  udfs - ok
08:43:12.0919 4064  [ ECEF404F62863755951E09C802C94AD5 ] UI0Detect       C:\Windows\system32\UI0Detect.exe
08:43:12.0997 4064  UI0Detect - ok
08:43:13.0029 4064  [ 75E6890EBFCE0841D3291B02E7A8BDB0 ] uliagpkx        C:\Windows\system32\drivers\uliagpkx.sys
08:43:13.0060 4064  uliagpkx - ok
08:43:13.0091 4064  [ 3CD4EA35A6221B85DCC25DAA46313F8D ] uliahci         C:\Windows\system32\drivers\uliahci.sys
08:43:13.0122 4064  uliahci - ok
08:43:13.0138 4064  [ 8514D0E5CD0534467C5FC61BE94A569F ] UlSata          C:\Windows\system32\drivers\ulsata.sys
08:43:13.0169 4064  UlSata - ok
08:43:13.0200 4064  [ 38C3C6E62B157A6BC46594FADA45C62B ] ulsata2         C:\Windows\system32\drivers\ulsata2.sys
08:43:13.0232 4064  ulsata2 - ok
08:43:13.0263 4064  [ 32CFF9F809AE9AED85464492BF3E32D2 ] umbus           C:\Windows\system32\DRIVERS\umbus.sys
08:43:13.0325 4064  umbus - ok
08:43:13.0388 4064  [ 68308183F4AE0BE7BF8ECD07CB297999 ] upnphost        C:\Windows\System32\upnphost.dll
08:43:13.0482 4064  upnphost - ok
08:43:13.0544 4064  [ CAF811AE4C147FFCD5B51750C7F09142 ] usbccgp         C:\Windows\system32\DRIVERS\usbccgp.sys
08:43:13.0607 4064  usbccgp - ok
08:43:13.0638 4064  [ E9476E6C486E76BC4898074768FB7131 ] usbcir          C:\Windows\system32\drivers\usbcir.sys
08:43:13.0794 4064  usbcir - ok
08:43:13.0904 4064  [ CEBE90821810E76320155BEBA722FCF9 ] usbehci         C:\Windows\system32\DRIVERS\usbehci.sys
08:43:13.0966 4064  usbehci - ok
08:43:13.0997 4064  [ CC6B28E4CE39951357963119CE47B143 ] usbhub          C:\Windows\system32\DRIVERS\usbhub.sys
08:43:14.0091 4064  usbhub - ok
08:43:14.0107 4064  [ 38DBC7DD6CC5A72011F187425384388B ] usbohci         C:\Windows\system32\drivers\usbohci.sys
08:43:14.0247 4064  usbohci - ok
08:43:14.0279 4064  [ E75C4B5269091D15A2E7DC0B6D35F2F5 ] usbprint        C:\Windows\system32\DRIVERS\usbprint.sys
08:43:14.0357 4064  usbprint - ok
08:43:14.0396 4064  [ A508C9BD8724980512136B039BBA65E9 ] usbscan         C:\Windows\system32\DRIVERS\usbscan.sys
08:43:14.0489 4064  usbscan - ok
08:43:14.0521 4064  [ 87BA6B83C5D19B69160968D07D6E2982 ] USBSTOR         C:\Windows\system32\DRIVERS\USBSTOR.SYS
08:43:14.0607 4064  USBSTOR - ok
08:43:14.0630 4064  [ 814D653EFC4D48BE3B04A307ECEFF56F ] usbuhci         C:\Windows\system32\DRIVERS\usbuhci.sys
08:43:14.0724 4064  usbuhci - ok
08:43:14.0771 4064  [ E67998E8F14CB0627A769F6530BCB352 ] usbvideo        C:\Windows\system32\Drivers\usbvideo.sys
08:43:14.0849 4064  usbvideo - ok
08:43:14.0872 4064  [ 032A0ACC3909AE7215D524E29D536797 ] UxSms           C:\Windows\System32\uxsms.dll
08:43:14.0958 4064  UxSms - ok
08:43:14.0997 4064  [ B13BC395B9D6116628F5AF47E0802AC4 ] vds             C:\Windows\System32\vds.exe
08:43:15.0114 4064  vds - ok
08:43:15.0161 4064  [ 7D92BE0028ECDEDEC74617009084B5EF ] vga             C:\Windows\system32\DRIVERS\vgapnp.sys
08:43:15.0294 4064  vga - ok
08:43:15.0333 4064  [ 2E93AC0A1D8C79D019DB6C51F036636C ] VgaSave         C:\Windows\System32\drivers\vga.sys
08:43:15.0427 4064  VgaSave - ok
08:43:15.0450 4064  [ 045D9961E591CF0674A920B6BA3BA5CB ] viaagp          C:\Windows\system32\drivers\viaagp.sys
08:43:15.0482 4064  viaagp - ok
08:43:15.0497 4064  [ 56A4DE5F02F2E88182B0981119B4DD98 ] ViaC7           C:\Windows\system32\drivers\viac7.sys
08:43:15.0646 4064  ViaC7 - ok
08:43:15.0661 4064  [ FD2E3175FCADA350C7AB4521DCA187EC ] viaide          C:\Windows\system32\drivers\viaide.sys
08:43:15.0685 4064  viaide - ok
08:43:15.0724 4064  [ 69503668AC66C77C6CD7AF86FBDF8C43 ] volmgr          C:\Windows\system32\drivers\volmgr.sys
08:43:15.0747 4064  volmgr - ok
08:43:15.0786 4064  [ 98F5FFE6316BD74E9E2C97206C190196 ] volmgrx         C:\Windows\system32\drivers\volmgrx.sys
08:43:15.0825 4064  volmgrx - ok
08:43:15.0864 4064  [ D8B4A53DD2769F226B3EB374374987C9 ] volsnap         C:\Windows\system32\drivers\volsnap.sys
08:43:15.0904 4064  volsnap - ok
08:43:15.0935 4064  [ D984439746D42B30FC65A4C3546C6829 ] vsmraid         C:\Windows\system32\drivers\vsmraid.sys
08:43:15.0966 4064  vsmraid - ok
08:43:16.0029 4064  [ D5FB73D19C46ADE183F968E13F186B23 ] VSS             C:\Windows\system32\vssvc.exe
08:43:16.0232 4064  VSS - ok
08:43:16.0271 4064  [ 1CF9206966A8458CDA9A8B20DF8AB7D3 ] W32Time         C:\Windows\system32\w32time.dll
08:43:16.0372 4064  W32Time - ok
08:43:16.0404 4064  [ 48DFEE8F1AF7C8235D4E626F0C4FE031 ] WacomPen        C:\Windows\system32\drivers\wacompen.sys
08:43:16.0544 4064  WacomPen - ok
08:43:16.0583 4064  [ 55201897378CCA7AF8B5EFD874374A26 ] Wanarp          C:\Windows\system32\DRIVERS\wanarp.sys
08:43:16.0669 4064  Wanarp - ok
08:43:16.0685 4064  [ 55201897378CCA7AF8B5EFD874374A26 ] Wanarpv6        C:\Windows\system32\DRIVERS\wanarp.sys
08:43:16.0763 4064  Wanarpv6 - ok
08:43:16.0818 4064  [ F3A5C2E1A6533192B070D06ECF6BE796 ] wcncsvc         C:\Windows\System32\wcncsvc.dll
08:43:16.0911 4064  wcncsvc - ok
08:43:16.0943 4064  [ 11BCB7AFCDD7AADACB5746F544D3A9C7 ] WcsPlugInService C:\Windows\System32\WcsPlugInService.dll
08:43:17.0029 4064  WcsPlugInService - ok
08:43:17.0052 4064  [ AFC5AD65B991C1E205CF25CFDBF7A6F4 ] Wd              C:\Windows\system32\drivers\wd.sys
08:43:17.0083 4064  Wd - ok
08:43:17.0146 4064  [ B6F0A7AD6D4BD325FBCD8BAC96CD8D96 ] Wdf01000        C:\Windows\system32\drivers\Wdf01000.sys
08:43:17.0200 4064  Wdf01000 - ok
08:43:17.0255 4064  [ ABFC76B48BB6C96E3338D8943C5D93B5 ] WdiServiceHost  C:\Windows\system32\wdi.dll
08:43:17.0333 4064  WdiServiceHost - ok
08:43:17.0349 4064  [ ABFC76B48BB6C96E3338D8943C5D93B5 ] WdiSystemHost   C:\Windows\system32\wdi.dll
08:43:17.0427 4064  WdiSystemHost - ok
08:43:17.0450 4064  [ CF9A5F41789B642DB967021DE06A2713 ] WebClient       C:\Windows\System32\webclnt.dll
08:43:17.0513 4064  WebClient - ok
08:43:17.0544 4064  [ 905214925A88311FCE52F66153DE7610 ] Wecsvc          C:\Windows\system32\wecsvc.dll
08:43:17.0654 4064  Wecsvc - ok
08:43:17.0693 4064  [ 670FF720071ED741206D69BD995EA453 ] wercplsupport   C:\Windows\System32\wercplsupport.dll
08:43:17.0794 4064  wercplsupport - ok
08:43:17.0825 4064  [ 4081288554294F144E5A7D4EE20E3CE6 ] WerSvc          C:\Windows\System32\WerSvc.dll
08:43:17.0911 4064  WerSvc - ok
08:43:17.0958 4064  [ 4575AA12561C5648483403541D0D7F2B ] WinDefend       C:\Program Files\Windows Defender\mpsvc.dll
08:43:17.0997 4064  WinDefend - ok
08:43:18.0013 4064  WinHttpAutoProxySvc - ok
08:43:18.0068 4064  [ 00B79A7C984678F24CF052E5BEB3A2F5 ] Winmgmt         C:\Windows\system32\wbem\WMIsvc.dll
08:43:18.0146 4064  Winmgmt - ok
08:43:18.0193 4064  [ 20FC93FDC916843CFDFCAA7A1B0DB16F ] WinRM           C:\Windows\system32\WsmSvc.dll
08:43:18.0341 4064  WinRM - ok
08:43:18.0404 4064  [ 275F4346E569DF56CFB95243BD6F6FF0 ] Wlansvc         C:\Windows\System32\wlansvc.dll
08:43:18.0482 4064  Wlansvc - ok
08:43:18.0529 4064  [ 701A9F884A294327E9141D73746EE279 ] WmiAcpi         C:\Windows\system32\drivers\wmiacpi.sys
08:43:18.0661 4064  WmiAcpi - ok
08:43:18.0708 4064  [ ABA4CF9F856D9A3A25F4DDD7690A6E9D ] wmiApSrv        C:\Windows\system32\wbem\WmiApSrv.exe
08:43:18.0802 4064  wmiApSrv - ok
08:43:18.0872 4064  [ 3978704576A121A9204F8CC49A301A9B ] WMPNetworkSvc   C:\Program Files\Windows Media Player\wmpnetwk.exe
08:43:18.0974 4064  WMPNetworkSvc - ok
08:43:19.0036 4064  [ 5D94CD167751294962BA238D82DD1BB8 ] WPCSvc          C:\Windows\System32\wpcsvc.dll
08:43:19.0107 4064  WPCSvc - ok
08:43:19.0138 4064  [ 396D406292B0CD26E3504FFE82784702 ] WPDBusEnum      C:\Windows\system32\wpdbusenum.dll
08:43:19.0177 4064  WPDBusEnum - ok
08:43:19.0208 4064  [ E3A3CB253C0EC2494D4A61F5E43A389C ] ws2ifsl         C:\Windows\system32\drivers\ws2ifsl.sys
08:43:19.0294 4064  ws2ifsl - ok
08:43:19.0325 4064  [ 683DD16B590372F2C9661D277F35E49C ] wscsvc          C:\Windows\System32\wscsvc.dll
08:43:19.0364 4064  wscsvc - ok
08:43:19.0380 4064  WSearch - ok
08:43:19.0482 4064  [ D7E88349BE0F01E4D8D776ADB1F325BF ] WTGService      C:\Program Files\Verbindungsassistent\WTGService.exe
08:43:19.0513 4064  WTGService - ok
08:43:19.0614 4064  [ 6298277B73C77FA99106B271A7525163 ] wuauserv        C:\Windows\system32\wuaueng.dll
08:43:19.0864 4064  wuauserv - ok
08:43:19.0943 4064  [ AC13CB789D93412106B0FB6C7EB2BCB6 ] WUDFRd          C:\Windows\system32\DRIVERS\WUDFRd.sys
08:43:20.0029 4064  WUDFRd - ok
08:43:20.0060 4064  [ 575A4190D989F64732119E4114045A4F ] wudfsvc         C:\Windows\System32\WUDFSvc.dll
08:43:20.0146 4064  wudfsvc - ok
08:43:20.0185 4064  ================ Scan global ===============================
08:43:20.0208 4064  [ F31EEBC1A1C81FD04005489CC3DCDFE7 ] C:\Windows\system32\basesrv.dll
08:43:20.0255 4064  [ 8B05FAF8603E6FDE90C5B103761CC3F6 ] C:\Windows\system32\winsrv.dll
08:43:20.0302 4064  [ 8B05FAF8603E6FDE90C5B103761CC3F6 ] C:\Windows\system32\winsrv.dll
08:43:20.0372 4064  [ 2B336AB6286D6C81FA02CBAB914E3C6C ] C:\Windows\system32\services.exe
08:43:20.0388 4064  [Global] - ok
08:43:20.0388 4064  ================ Scan MBR ==================================
08:43:20.0404 4064  [ 64B1E91C5C6C2157642651010728F90F ] \Device\Harddisk0\DR0
08:43:20.0771 4064  \Device\Harddisk0\DR0 - ok
08:43:20.0779 4064  ================ Scan VBR ==================================
08:43:20.0786 4064  [ 2FD8A65B737AD1D42B2EA09ED4B61AC9 ] \Device\Harddisk0\DR0\Partition1
08:43:20.0786 4064  \Device\Harddisk0\DR0\Partition1 - ok
08:43:20.0825 4064  [ 694A18D1B6779020AD39D32487E1E3F3 ] \Device\Harddisk0\DR0\Partition2
08:43:20.0833 4064  \Device\Harddisk0\DR0\Partition2 - ok
08:43:20.0833 4064  ============================================================
08:43:20.0833 4064  Scan finished
08:43:20.0833 4064  ============================================================
08:43:20.0872 0564  Detected object count: 8
08:43:20.0872 0564  Actual detected object count: 8
08:43:32.0397 0564  CVPNDRVA ( UnsignedFile.Multi.Generic ) - skipped by user
08:43:32.0397 0564  CVPNDRVA ( UnsignedFile.Multi.Generic ) - User select action: Skip 
08:43:32.0412 0564  hpqcxs08 ( UnsignedFile.Multi.Generic ) - skipped by user
08:43:32.0412 0564  hpqcxs08 ( UnsignedFile.Multi.Generic ) - User select action: Skip 
08:43:32.0412 0564  hpqddsvc ( UnsignedFile.Multi.Generic ) - skipped by user
08:43:32.0412 0564  hpqddsvc ( UnsignedFile.Multi.Generic ) - User select action: Skip 
08:43:32.0412 0564  MGHwCtrl ( UnsignedFile.Multi.Generic ) - skipped by user
08:43:32.0412 0564  MGHwCtrl ( UnsignedFile.Multi.Generic ) - User select action: Skip 
08:43:32.0412 0564  Net Driver HPZ12 ( UnsignedFile.Multi.Generic ) - skipped by user
08:43:32.0412 0564  Net Driver HPZ12 ( UnsignedFile.Multi.Generic ) - User select action: Skip 
08:43:32.0428 0564  NishService ( UnsignedFile.Multi.Generic ) - skipped by user
08:43:32.0428 0564  NishService ( UnsignedFile.Multi.Generic ) - User select action: Skip 
08:43:32.0428 0564  Pml Driver HPZ12 ( UnsignedFile.Multi.Generic ) - skipped by user
08:43:32.0428 0564  Pml Driver HPZ12 ( UnsignedFile.Multi.Generic ) - User select action: Skip 
08:43:32.0428 0564  tvtool ( UnsignedFile.Multi.Generic ) - skipped by user
08:43:32.0444 0564  tvtool ( UnsignedFile.Multi.Generic ) - User select action: Skip

Mfg, BlackSwan

cosinus · 24.10.2012, 15:39

Bitte nun Logs mit GMER und OSAM erstellen und posten.
GMER stürzt häufiger ab, wenn das Tool auch beim 2. Mal nicht will, lass es einfach weg und führ nur OSAM aus - die Online-Abfrage durch OSAM bitte überspringen.
Bei OSAM bitte darauf auch achten, dass Du das Log auch als *.log und nicht *.html oder so abspeicherst.

Hinweis: Zum Entpacken von OSAM bitte WinRAR oder 7zip verwenden! Stell auch unbedingt den Virenscanner ab, besonders der Scanner von McAfee meldet oft einen Fehalarm in OSAM!

Downloade dir bitte

aswMBR.exe und speichere die Datei auf deinem Desktop.

Starte die aswMBR.exe - (aswMBR.exe Anleitung)
Ab Windows Vista (oder höher) bitte mit Rechtsklick "als Administrator ausführen" starten".
Das Tool wird dich fragen, ob Du mit der aktuellen Virendefinition von AVAST! dein System scannen willst. Beantworte diese Frage bitte mit Ja. (Sollte deine Firewall fragen, bitte den Zugriff auf das Internet zulassen )
Der Download der Definitionen kann je nach Verbindung eine Weile dauern.
Klicke auf Scan.
Warte bitte bis Scan finished successfully im DOS-Fenster steht.
Drücke auf Save Log und speichere diese auf dem Desktop.

Poste mir die aswMBR.txt in deiner nächsten Antwort.

Wichtig: Drücke keinesfalls einen der Fix Buttons ohne Anweisung

Hinweis: Sollte der Scan Button ausgeblendet sein, schließe das Tool und starte es erneut. Sollte der Scan abbrechen und das Programm abstürzen, dann teile mir das mit und wähle unter AV Scan die Einstellung (none).

Noch ein Hinweis: Sollte aswMBR abstürzen und es kommt eine Meldung wie "aswMBR.exe funktioniert nicht mehr, dann mach Folgendes:
Starte aswMBR neu, wähle unten links im Drop-Down-Menü (unten links im Fenster von aswMBR) bei "AV scan" (none) aus und klick nochmal auf den Scan-Button.

BlackSwan · 24.10.2012, 21:26

Osam log:

Code:

ATTFilter

Report of OSAM: Autorun Manager v5.0.11926.0
hxxp://www.online-solutions.ru/en/
Saved at 21:15:50 on 24.10.2012

OS: Windows Vista Home Premium Edition Service Pack 1 (Build 6001), 32-bit
Default Browser: Opera Software Opera Internet Browser 11.50

Scanner Settings
[x] Rootkits detection (hidden registry)
[x] Rootkits detection (hidden files)
[x] Retrieve files information
[x] Check Microsoft signatures

Filters
[ ] Trusted entries
[ ] Empty entries
[x] Hidden registry entries (rootkit activity)
[x] Exclusively opened files
[x] Not found files
[x] Files without detailed information
[x] Existing files
[ ] Non-startable services
[ ] Non-startable drivers
[x] Active entries
[x] Disabled entries


[Boot Execute]
-----( HKLM\SYSTEM\CurrentControlSet\Control\Session Manager )-----
"BootExecute" - ? - C:\Windows\system32\lsdelete.exe  (File found, but it contains no detailed information)

[Common]
-----( %SystemRoot%\Tasks )-----
"Ad-Aware Update (Weekly).job" - "Lavasoft" - D:\Program Files\Lavasoft\Ad-Aware\Ad-AwareAdmin.exe
"Adobe Flash Player Updater.job" - "Adobe Systems Incorporated" - C:\Windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe

[Control Panel Objects]
-----( %SystemRoot%\system32 )-----
"DivXControlPanelApplet.cpl" - "DivX, Inc." - C:\Windows\system32\DivXControlPanelApplet.cpl
"FlashPlayerCPLApp.cpl" - "Adobe Systems Incorporated" - C:\Windows\system32\FlashPlayerCPLApp.cpl
"LocalCOM.cpl" - "TOSHIBA CORPORATION" - C:\Windows\system32\LocalCOM.cpl
-----( HKLM\Software\Microsoft\Windows\CurrentVersion\Control Panel\Cpls )-----
"QuickTime" - "Apple Inc." - D:\Program Files\QuickTime\QTSystem\QuickTime.cpl

[Drivers]
-----( HKLM\SYSTEM\CurrentControlSet\Services )-----
"Cisco Systems Inc. IPSec Driver" (CVPNDRVA) - "Cisco Systems, Inc." - C:\Windows\system32\Drivers\CVPNDRVA.sys
"ElbyCDIO Driver" (ElbyCDIO) - "Elaborate Bytes AG" - C:\Windows\System32\Drivers\ElbyCDIO.sys
"Huawei DataCard USB Serial Port" (ewsercd) - ? - C:\Windows\System32\DRIVERS\ewsercd.sys  (File not found)
"IP in IP Tunnel Driver" (IpInIp) - ? - C:\Windows\System32\DRIVERS\ipinip.sys  (File not found)
"IPX Traffic Filter Driver" (NwlnkFlt) - ? - C:\Windows\System32\DRIVERS\nwlnkflt.sys  (File not found)
"IPX Traffic Forwarder Driver" (NwlnkFwd) - ? - C:\Windows\System32\DRIVERS\nwlnkfwd.sys  (File not found)
"kwddruog" (kwddruog) - ? - C:\Users\MATTHI~1\AppData\Local\Temp\kwddruog.sys  (Hidden registry entry, rootkit activity | File not found)
"MBAMProtector" (MBAMProtector) - "Malwarebytes Corporation" - C:\Windows\system32\drivers\mbam.sys
"MGHwCtrl" (MGHwCtrl) - "Windows (R) Codename Longhorn DDK provider" - C:\Windows\system32\drivers\MGHwCtrl.sys
"tvtool" (tvtool) - ? - d:\Program Files\TVTool\tvtool.sys  (File found, but it contains no detailed information)

[Explorer]
-----( HKCU\Software\Classes\Folder\shellex\ColumnHandlers )-----
{C52AF81D-F7A0-4AAB-8E87-F80A60CCD396} "{C52AF81D-F7A0-4AAB-8E87-F80A60CCD396}" - ? -   (File not found | COM-object registry key not found)
-----( HKLM\Software\Classes\Folder\shellex\ColumnHandlers )-----
{F9DB5320-233E-11D1-9F84-707F02C10627} "PDF Shell Extension" - "Adobe Systems, Inc." - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\PDFShell.dll
-----( HKLM\Software\Classes\Protocols\Filter )-----
{807563E5-5146-11D5-A672-00B0D022E945} "Microsoft Office InfoPath XML Mime Filter" - "Microsoft Corporation" - C:\PROGRA~1\COMMON~1\MICROS~1\OFFICE12\MSOXMLMF.DLL
-----( HKLM\Software\Classes\Protocols\Handler )-----
{314111c7-a502-11d2-bbca-00c04f8ec294} "HxProtocol Class" - "Microsoft Corporation" - C:\Program Files\Common Files\Microsoft Shared\Help\hxds.dll
{FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} "IEProtocolHandler Class" - "Skype Technologies" - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
{0A9007C0-4076-11D3-8789-0000F8105754} "Microsoft Infotech Storage Protocol for IE 4.0" - "Microsoft Corporation" - C:\Program Files\Common Files\Microsoft Shared\Information Retrieval\msitss.dll
-----( HKLM\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved )-----
{911051fa-c21c-4246-b470-070cd8df6dc4} ".cab or .zip files" - ? -   (File not found | COM-object registry key not found)
{1b24a030-9b20-49bc-97ac-1be4426f9e59} "ActiveDirectory Folder" - ? -   (File not found | COM-object registry key not found)
{34449847-FD14-4fc8-A75A-7432F5181EFB} "ActiveDirectory Folder" - ? -   (File not found | COM-object registry key not found)
{45C6AFA5-2C13-402f-BC5D-45CC8172EF6B} "Bluetooth-Informationsaustausch" - "TOSHIBA" - C:\Windows\system32\TosBtExt.dll
{0F8604A5-4ECE-4DE1-BA7D-CF10F8AA4F48} "Contacts folder" - ? -   (File not found | COM-object registry key not found)
{A70C977A-BF00-412C-90B7-034C51DA2439} "DesktopContext Class" - "NVIDIA Corporation" - C:\Program Files\NVIDIA Corporation\Display\nvui.dll
{2C2577C2-63A7-40e3-9B7F-586602617ECB} "Explorer Query Band" - ? -   (File not found | COM-object registry key not found)
{00020d75-0000-0000-c000-000000000046} "lnkfile" - ? -   (File not found | COM-object registry key not found)
{42042206-2D85-11D3-8CFF-005004838597} "Microsoft Office HTML Icon Handler" - "Microsoft Corporation" - C:\Program Files\Microsoft Office\Office12\msohevi.dll
{993BE281-6695-4BA5-8A2A-7AACBFAAB69E} "Microsoft Office Metadata Handler" - "Microsoft Corporation" - C:\PROGRA~1\COMMON~1\MICROS~1\OFFICE12\msoshext.dll
{5858A72C-C2B4-4dd7-B2BF-B76DB1BD9F6C} "Microsoft Office OneNote Namespace Extension for Windows Desktop Search" - "Microsoft Corporation" - C:\PROGRA~1\MICROS~2\Office12\ONFILTER.DLL
{C41662BB-1FA0-4CE0-8DC5-9B7F8279FF97} "Microsoft Office Thumbnail Handler" - "Microsoft Corporation" - C:\PROGRA~1\COMMON~1\MICROS~1\OFFICE12\msoshext.dll
{3D1975AF-48C6-4f8e-A182-BE0E08FA86A9} "NVIDIA CPL Context Menu Extension" - "NVIDIA Corporation" - C:\Windows\system32\nvshext.dll
{C52AF81D-F7A0-4AAB-8E87-F80A60CCD396} "OpenOffice.org Column Handler" - ? -   (File not found | COM-object registry key not found)
{087B3AE3-E237-4467-B8DB-5A38AB959AC9} "OpenOffice.org Infotip Handler" - ? -   (File not found | COM-object registry key not found)
{63542C48-9552-494A-84F7-73AA6A7C99C1} "OpenOffice.org Property Sheet Handler" - ? -   (File not found | COM-object registry key not found)
{3B092F0C-7696-40E3-A80F-68D74DA84210} "OpenOffice.org Thumbnail Viewer" - ? -   (File not found | COM-object registry key not found)
{C8494E42-ACDD-4739-B0FB-217361E4894F} "Sam Account Folder" - ? -   (File not found | COM-object registry key not found)
{E29F9716-5C08-4FCD-955A-119FDB5A522D} "Sam Account Folder" - ? -   (File not found | COM-object registry key not found)
{45AC2688-0253-4ED8-97DE-B5370FA7D48A} "Shell Extension for Malware scanning" - ? -   (File not found | COM-object registry key not found)
{da67b8ad-e81b-4c70-9b91b417b5e33527} "Windows Search Shell Service" - ? -   (File not found | COM-object registry key not found)
{B41DB860-8EE4-11D2-9906-E49FADC173CA} "WinRAR" - ? - C:\Program Files\WinRAR\rarext.dll  (File found, but it contains no detailed information)

[Internet Explorer]
-----( HKCU\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser )-----
<binary data> "Ask Toolbar" - "Ask.com" - C:\Program Files\AskPBar\bar\1.bin\ASKPBAR.DLL
<binary data> "ITBar7Layout" - ? -   (File not found | COM-object registry key not found)
<binary data> "{EE2AC4E5-B0B0-4EC6-88A9-BCA1A32AB107}" - ? -   (File not found | COM-object registry key not found)
-----( HKCU\Software\Microsoft\Internet Explorer\URLSearchHooks )-----
{0A94B116-4504-4e26-AB05-E61E474AA38B} "{0A94B116-4504-4e26-AB05-E61E474AA38B}" - ? - C:\Program Files\AskPBar\SrchAstt\1.bin\A9SRCHAS.DLL  (File not found)
-----( HKLM\SOFTWARE\Microsoft\Code Store Database\Distribution Units )-----
{E2883E8F-472F-4FB0-9522-AC9BF37916A7} "get_atlcom Class" - "NOS Microsystems Ltd." - C:\Windows\Downloaded Program Files\gp.ocx / hxxp://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
{8AD9C840-044E-11D1-B3E9-00805F499D93} "Java Plug-in 1.6.0_24" - "Sun Microsystems, Inc." - C:\Program Files\Java\jre6\bin\jp2iexp.dll / hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_24-windows-i586.cab
{CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA} "Java Plug-in 1.6.0_24" - "Sun Microsystems, Inc." - C:\Program Files\Java\jre6\bin\jp2iexp.dll / hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_24-windows-i586.cab
{CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} "Java Plug-in 1.6.0_24" - "Sun Microsystems, Inc." - C:\Program Files\Java\jre6\bin\npjpi160_24.dll / hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_24-windows-i586.cab
-----( HKLM\SOFTWARE\Microsoft\Internet Explorer\Extensions )-----
{48E73304-E1D6-4330-914C-F5F514E3486C} "An OneNote senden" - "Microsoft Corporation" - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
{FF059E31-CC5A-4E2E-BF3B-96E929D65503} "Research" - "Microsoft Corporation" - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL
-----( HKLM\SOFTWARE\Microsoft\Internet Explorer\Toolbar )-----
{F4D76F09-7896-458a-890F-E1F05C46069F} "Ask Toolbar" - "Ask.com" - C:\Program Files\AskPBar\bar\1.bin\ASKPBAR.DLL
-----( HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects )-----
{18DF081C-E8AD-4283-A596-FA578C2EBDC3} "Adobe PDF Link Helper" - "Adobe Systems Incorporated" - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
{0A94B111-4504-4e26-AB05-E61E474AA38B} "Ask Search Assistant BHO" - ? - C:\Program Files\AskPBar\SrchAstt\1.bin\A9SRCHAS.DLL  (File not found)
{F4D76F01-7896-458a-890F-E1F05C46069F} "Ask Toolbar BHO" - "Ask.com" - C:\Program Files\AskPBar\bar\1.bin\ASKPBAR.DLL
{DBC80044-A445-435b-BC74-9C25C1C588A9} "Java(tm) Plug-In 2 SSV Helper" - "Sun Microsystems, Inc." - C:\Program Files\Java\jre6\bin\jp2ssv.dll

[Logon]
-----( %APPDATA%\Microsoft\Windows\Start Menu\Programs\Startup )-----
"desktop.ini" - ? - C:\Users\***\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\desktop.ini
-----( %AllUsersProfile%\Microsoft\Windows\Start Menu\Programs\Startup )-----
"Bluetooth Manager.lnk" - "TOSHIBA CORPORATION." - C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosBtMng.exe  (Shortcut exists | File exists)
"desktop.ini" - ? - C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\desktop.ini
"HP Digital Imaging Monitor.lnk" - "Hewlett-Packard Co." - D:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe  (Shortcut exists | File exists)
"VPN Client.lnk" - "Cisco Systems, Inc." - C:\Program Files\Cisco Systems\VPN Client\vpngui.exe  (Shortcut exists | File exists)
-----( HKLM\SYSTEM\CurrentControlSet\Control\Terminal Server\Wds\rdpwd )-----
"StartupPrograms" - ? - rdpclip  (File not found)
-----( HKLM\Software\Microsoft\Windows\CurrentVersion\Run )-----
"Ad-Watch" - "Lavasoft" - D:\Program Files\Lavasoft\Ad-Aware\AAWTray.exe
"Adobe ARM" - "Adobe Systems Incorporated" - "C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
"Adobe Reader Speed Launcher" - "Adobe Systems Incorporated" - "C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe"
"CheckPoint Cleanup" - ? - C:\Users\MATTHI~1\AppData\Local\Temp\cpes_clean_launcher.exe C:\Users\MATTHI~1\AppData\Local\Temp\cpes_clean.exe  (File not found)
"DivXUpdate" - ? - "C:\Program Files\DivX\DivX Update\DivXUpdate.exe" /CHECKNOW
"HP Software Update" - "Hewlett-Packard Co." - D:\Program Files\HP\HP Software Update\HPWuSchd2.exe
" Malwarebytes Anti-Malware  (reboot)" - "Malwarebytes Corporation" - "C:\Program Files\Malwarebytes' Anti-Malware\mbam.exe" /runcleanupscript
"MGSysCtrl" - "MSI" - C:\Program Files\System Control Manager\MGSysCtrl.exe
"QuickTime Task" - "Apple Inc." - "D:\Program Files\QuickTime\QTTask.exe" -atboottime
"SunJavaUpdateSched" - "Sun Microsystems, Inc." - "C:\Program Files\Common Files\Java\Java Update\jusched.exe"
"WinampAgent" - ? - "d:\Program Files\Winamp\winampa.exe"  (File not found)

[Print Monitors]
-----( HKLM\SYSTEM\CurrentControlSet\Control\Print\Monitors )-----
"Send To Microsoft OneNote Monitor" - "Microsoft Corporation" - C:\Windows\system32\msonpmon.dll
"Toshiba Bluetooth Monitor" - "TOSHIBA CORPORATION." - C:\Windows\system32\tbtmon.dll

[Services]
-----( HKLM\SYSTEM\CurrentControlSet\Services )-----
"@C:\Program Files\NOS\bin\getPlus_Helper.dll,-101" (getPlusHelper) - "NOS Microsystems Ltd." - C:\Program Files\NOS\bin\getPlus_Helper.dll
"Adobe Flash Player Update Service" (AdobeFlashPlayerUpdateSvc) - "Adobe Systems Incorporated" - C:\Windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe
"Avira Upgrade Service" (AviraUpgradeService) - ? - "C:\Windows\TEMP\AVSETUP_506db6af\avupgsvc.exe" /TEMPSTART:""C:\Windows\TEMP\AVSETUP_506db6af\setup.exe" /NOTEMPCLEANUP /CROSSUPGRADE"  (File not found)
"Cisco Systems, Inc. VPN Service" (CVPND) - "Cisco Systems, Inc." - C:\Program Files\Cisco Systems\VPN Client\cvpnd.exe
"Cyberlink RichVideo Service(CRVS)" (RichVideo) - ? - C:\Program Files\CyberLink\Shared Files\RichVideo.exe
"HP CUE DeviceDiscovery Service" (hpqddsvc) - "Hewlett-Packard Co." - D:\Program Files\HP\Digital Imaging\bin\hpqddsvc.dll
"hpqcxs08" (hpqcxs08) - "Hewlett-Packard Co." - D:\Program Files\HP\Digital Imaging\bin\hpqcxs08.dll
"Lavasoft Ad-Aware Service" (Lavasoft Ad-Aware Service) - "Lavasoft" - D:\Program Files\Lavasoft\Ad-Aware\AAWService.exe
"MBAMScheduler" (MBAMScheduler) - "Malwarebytes Corporation" - C:\Program Files\Malwarebytes' Anti-Malware\mbamscheduler.exe
"MBAMService" (MBAMService) - "Malwarebytes Corporation" - C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe
"Microsoft Office Diagnostics Service" (odserv) - "Microsoft Corporation" - C:\Program Files\Common Files\Microsoft Shared\OFFICE12\ODSERV.EXE
"Net Driver HPZ12" (Net Driver HPZ12) - "Hewlett-Packard" - C:\Windows\system32\HPZinw12.dll
"NVIDIA Display Driver Service" (nvsvc) - "NVIDIA Corporation" - C:\Windows\system32\nvvsvc.exe
"NVIDIA Stereoscopic 3D Driver Service" (Stereo Service) - "NVIDIA Corporation" - C:\Program Files\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe
"Office Source Engine" (ose) - "Microsoft Corporation" - C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE
"Pml Driver HPZ12" (Pml Driver HPZ12) - "Hewlett-Packard" - C:\Windows\system32\HPZipm12.dll
"PnkBstrA" (PnkBstrA) - ? - C:\Windows\system32\PnkBstrA.exe  (File found, but it contains no detailed information)
"PnkBstrB" (PnkBstrB) - ? - C:\Windows\system32\PnkBstrB.exe  (File found, but it contains no detailed information)
"SCM Driver Daemon" (NishService) - ? - C:\Program Files\System Control Manager\edd.exe  (File found, but it contains no detailed information)
"Steam Client Service" (Steam Client Service) - "Valve Corporation" - C:\Program Files\Common Files\Steam\SteamService.exe
"TeamViewer 4" (TeamViewer4) - "TeamViewer GmbH" - C:\Program Files\TeamViewer\Version4\TeamViewer_Service.exe
"TeamViewer 5" (TeamViewer5) - "TeamViewer GmbH" - C:\Program Files\TeamViewer\Version5\TeamViewer_Service.exe
"TOSHIBA Bluetooth Service" (TOSHIBA Bluetooth Service) - "TOSHIBA CORPORATION" - C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosBtSrv.exe
"WTGService" (WTGService) - ? - C:\Program Files\Verbindungsassistent\WTGService.exe  (File found, but it contains no detailed information)

===[ Logfile end ]=========================================[ Logfile end ]===

If You have questions or want to get some help, You can visit hxxp://forum.online-solutions.ru

asw.MBR-log:

Code:

ATTFilter

aswMBR version 0.9.9.1665 Copyright(c) 2011 AVAST Software
Run date: 2012-10-24 21:17:54
-----------------------------
21:17:54.571    OS Version: Windows 6.0.6001 Service Pack 1
21:17:54.572    Number of processors: 2 586 0xF0D
21:17:54.578    ComputerName: ***  UserName: 
21:17:55.825    Initialize success
21:21:51.569    AVAST engine defs: 12102400
21:27:21.039    Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\Ide\IdeDeviceP0T0L0-0
21:27:21.047    Disk 0 Vendor: WDC_WD2500BEVS-22UST0 01.01A01 Size: 238475MB BusType: 3
21:27:21.687    Disk 0 MBR read successfully
21:27:21.695    Disk 0 MBR scan
21:27:21.945    Disk 0 unknown MBR code
21:27:22.031    Disk 0 Partition 1 00     27 Hidden NTFS WinRE NTFS         6000 MB offset 63
21:27:22.140    Disk 0 Partition 2 80 (A) 07    HPFS/NTFS NTFS        35000 MB offset 12289725
21:27:22.234    Disk 0 Partition 3 00     07    HPFS/NTFS NTFS       197470 MB offset 83971755
21:27:22.711    Disk 0 scanning sectors +488392065
21:27:23.515    Disk 0 scanning C:\Windows\system32\drivers
21:29:09.437    Service scanning
21:29:42.211    Modules scanning
21:32:21.238    Disk 0 trace - called modules:
21:32:21.863    
21:32:22.699    AVAST engine scan C:\Windows
21:33:09.300    AVAST engine scan C:\Windows\system32
21:41:23.611    AVAST engine scan C:\Windows\system32\drivers
21:41:52.494    AVAST engine scan C:\Users\***
21:57:29.468    AVAST engine scan C:\ProgramData
22:15:03.500    Scan finished successfully
22:21:01.250    Disk 0 MBR has been saved successfully to "D:\Users\***\Desktop\MBR.dat"
22:21:01.265    The log file has been saved successfully to "D:\Users\***\Desktop\aswMBR.txt"

gmer funktionierte nicht bzw. ich konnte den log nicht speichern oder kopieren.

Mfg,
BlackSwan

cosinus · 24.10.2012, 21:39

Wir sollten den MBR fixen, sichere für den Fall der Fälle ALLE wichtigen Daten, auch wenn meistens alles glatt geht.

Hinweis: Mach bitte NICHT den MBR-Fix, wenn du noch andere Betriebssysteme wie zB Ubuntu installiert hast, ein MBR-Fix mit Windows-Tools macht ein parallel installiertes (Dualboot) Linux unbootbar.
Mach den Fix auch dann nicht, wenn du zB mit TrueCrypt oder anderen Verschlüsselungsprogrammen eine Vollverschlüsselung der Windowspartition bzw. gesamten Festplatte hast

Starte nach der Datensicherung aswmbr erneut und klick auf den Button FIXMBR.

Hinweis: Bitte den Virenscanner abstellen bevor du aswMBR ausführst, denn v.a. Avira meldet darin oft einen Fehalalrm!

Anschließend Windows neu starten und ein neues Log mit aswMBR machen.

BlackSwan · 25.11.2012, 19:50

Hallo!
Sorry für die lange Sendepause aber durch einen Wohnungsumzug hatte ich die letzten Wochen keinen Internetzugang. Ich hoffe wir können an dem Punkt weitermachen wo wor aufgehört haben. Hier der log:

Code:

ATTFilter

aswMBR version 0.9.9.1665 Copyright(c) 2011 AVAST Software
Run date: 2012-11-25 19:37:27
-----------------------------
19:37:27.258    OS Version: Windows 6.0.6001 Service Pack 1
19:37:27.258    Number of processors: 2 586 0xF0D
19:37:27.274    ComputerName: ***-PC  UserName: 
19:38:02.086    Initialize success
19:38:32.696    AVAST engine defs: 12102400
19:38:35.758    The log file has been saved successfully to "D:\Users\***\Desktop\aswMBR neu.txt"

Mfg, BlackSwan

cosinus · 26.11.2012, 17:08

Log mit aswMBR bitte richtig erstellen!

BlackSwan · 27.11.2012, 09:44

hier der log

Code:

ATTFilter

aswMBR version 0.9.9.1665 Copyright(c) 2011 AVAST Software
Run date: 2012-11-27 09:28:19
-----------------------------
09:28:19.135    OS Version: Windows 6.0.6001 Service Pack 1
09:28:19.135    Number of processors: 2 586 0xF0D
09:28:19.135    ComputerName: ***  UserName: 
09:28:19.760    Initialize success
09:28:59.744    AVAST engine defs: 12102400
09:29:02.010    Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\Ide\IdeDeviceP0T0L0-0
09:29:02.010    Disk 0 Vendor: WDC_WD2500BEVS-22UST0 01.01A01 Size: 238475MB BusType: 3
09:29:02.026    Disk 0 MBR read successfully
09:29:02.041    Disk 0 MBR scan
09:29:02.119    Disk 0 Windows VISTA default MBR code
09:29:02.119    Disk 0 Partition 1 00     27 Hidden NTFS WinRE NTFS         6000 MB offset 63
09:29:02.151    Disk 0 Partition 2 80 (A) 07    HPFS/NTFS NTFS        35000 MB offset 12289725
09:29:02.182    Disk 0 Partition 3 00     07    HPFS/NTFS NTFS       197470 MB offset 83971755
09:29:02.198    Disk 0 scanning sectors +488392065
09:29:02.276    Disk 0 scanning C:\Windows\system32\drivers
09:29:16.979    Service scanning
09:29:49.244    Modules scanning
09:29:55.041    Disk 0 trace - called modules:
09:29:55.057    ntkrnlpa.exe CLASSPNP.SYS disk.sys ataport.SYS hal.dll intelide.sys PCIIDEX.SYS atapi.sys 
09:29:55.057    1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0x85c833a8]
09:29:55.073    3 CLASSPNP.SYS[883a9745] -> nt!IofCallDriver -> \Device\Ide\IdeDeviceP0T0L0-0[0x851e6830]
09:29:55.744    AVAST engine scan C:\Windows
09:29:59.276    AVAST engine scan C:\Windows\system32
09:35:19.682    AVAST engine scan C:\Windows\system32\drivers
09:35:39.307    AVAST engine scan C:\Users\***
09:37:45.354    Disk 0 MBR has been saved successfully to "D:\Users\***\Desktop\MBR.dat"
09:37:45.385    The log file has been saved successfully to "D:\Users\***\Desktop\aswMBR neu neu.txt"

Mfg BlackSwan

cosinus · 27.11.2012, 10:10

Bitte mal den aktuellen adwCleaner v2.009 runterladen, also die alte adwcleaner löschen und neu runterladen

adwCleaner - Toolbars und ungewollte Start-/Suchseiten aufspüren

Downloade Dir bitte AdwCleaner auf deinen Desktop.

Falls der adwCleaner schon mal in der runtergeladen wurde, bitte die alte adwcleaner.exe löschen und neu runterladen!!

Starte die adwcleaner.exe mit einem Doppelklick.
Klicke auf Suche.
Nach Ende des Suchlaufs öffnet sich eine Textdatei.
Poste mir den Inhalt mit deiner nächsten Antwort.
Die Logdatei findest du auch unter C:\AdwCleaner[Rx].txt. (x=fortlaufende Nummer)

22.10.2012, 09:38	#18
cosinus /// Winkelfunktion /// TB-Süch-Tiger™	Telekombrief ZeuS/ZBot (Online-Banking-Trojaner) Code: ATTFilter O4 - HKLM..\Run: [ZoneAlarm Client] C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe (Check Point Software Tec ZoneAlarm ist da aber immer noch! __________________ __________________

26.11.2012, 17:08	#28
cosinus /// Winkelfunktion /// TB-Süch-Tiger™	Telekombrief ZeuS/ZBot (Online-Banking-Trojaner) Log mit aswMBR bitte richtig erstellen! __________________ Logfiles bitte immer in CODE-Tags posten

Telekombrief ZeuS/ZBot (Online-Banking-Trojaner)

Log-Analyse und Auswertung: Telekombrief ZeuS/ZBot (Online-Banking-Trojaner)