System Progressive Protection (Malware) - Entfernung

jonasjosef · 23.10.2012, 09:23

Ich habe mir seit gestern Abend den "System Progressive Protection" eingefangen. Habe nun im abgesicherten Modus den umfangreichen Scan (Vollscan) mit dem aktualisierten Malwarebytes durchlaufen lassen und 17 infizierte Quellen gefunden, jedoch noch nicht gelöscht.

Musste dann heut Morgen zur Arbeit und habe auch schon mal den OTL Scan gestartet, leider kann ich den Log aber erst heut Abend liefern.

Ich wäre trotzdem dankbar, wenn Ihr mir schon vorab eine Hilfestellung geben könntet, wie ich weiter verfahren soll. Und was ich als nächste Schritte durchführen soll?

Beste Grüße aus Hessen

Nachfolgend das Script / Log:

*******************************

Malwarebytes Anti-Malware 1.65.1.1000
www.malwarebytes.org

Datenbank Version: v2012.10.22.05

Windows Vista Service Pack 1 x86 NTFS (Abgesichertenmodus/Netzwerkfähig)
Internet Explorer 7.0.6001.18000
xxxxx :: xxxxxxxx-PC [Administrator]

22.10.2012 22:31:51
mbam-log-2012-10-23 (08-05-08).txt

Art des Suchlaufs: Vollständiger Suchlauf (C:\|D:\|M:\|)
Aktivierte Suchlaufeinstellungen: Speicher | Autostart | Registrierung | Dateisystem | Heuristiks/Extra | HeuristiKs/Shuriken | PUP | PUM
Deaktivierte Suchlaufeinstellungen: P2P
Durchsuchte Objekte: 775157
Laufzeit: 1 Stunde(n), 52 Minute(n), 54 Sekunde(n)

Infizierte Speicherprozesse: 0
(Keine bösartigen Objekte gefunden)

Infizierte Speichermodule: 0
(Keine bösartigen Objekte gefunden)

Infizierte Registrierungsschlüssel: 0
(Keine bösartigen Objekte gefunden)

Infizierte Registrierungswerte: 1
HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce|1EDC110C43DB8F6100001EDBF23695A5 (Trojan.FakeAlert) -> Daten: C:\ProgramData\1EDC110C43DB8F6100001EDBF23695A5\1EDC110C43DB8F6100001EDBF23695A5.exe -> Keine Aktion durchgeführt.

Infizierte Dateiobjekte der Registrierung: 2
HKCR\CLSID\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32| (Trojan.0Access) -> Bösartig: (C:\$Recycle.Bin\S-1-5-18\$76b7121237c98ba546f10e74ef61dc99\n.) Gut: (fastprox.dll) -> Keine Aktion durchgeführt.
HKCR\CLSID\{FBEB8A05-BEEE-4442-804E-409D6C4515E9}\InProcServer32| (Trojan.0Access) -> Bösartig: (C:\$Recycle.Bin\S-1-5-21-651249750-224367086-3025743595-1000\$76b7121237c98ba546f10e74ef61dc99\n.) Gut: (shell32.dll) -> Keine Aktion durchgeführt.

Infizierte Verzeichnisse: 1
C:\Users\Jonas\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\System Progressive Protection (Rogue.SystemProgressiveProtection) -> Keine Aktion durchgeführt.

Infizierte Dateien: 13
C:\ProgramData\1EDC110C43DB8F6100001EDBF23695A5\1EDC110C43DB8F6100001EDBF23695A5.exe (Trojan.FakeAlert) -> Keine Aktion durchgeführt.
C:\$Recycle.Bin\S-1-5-18\$76b7121237c98ba546f10e74ef61dc99\n (Trojan.0Access) -> Keine Aktion durchgeführt.
C:\$Recycle.Bin\S-1-5-18\$76b7121237c98ba546f10e74ef61dc99\U\00000001.@ (Trojan.0Access) -> Keine Aktion durchgeführt.
C:\$Recycle.Bin\S-1-5-18\$76b7121237c98ba546f10e74ef61dc99\U\80000000.@ (Trojan.0Access) -> Keine Aktion durchgeführt.
C:\$Recycle.Bin\S-1-5-18\$76b7121237c98ba546f10e74ef61dc99\U\800000cb.@ (Trojan.0Access) -> Keine Aktion durchgeführt.
C:\$Recycle.Bin\S-1-5-21-651249750-224367086-3025743595-1000\$76b7121237c98ba546f10e74ef61dc99\n (Trojan.0Access) -> Keine Aktion durchgeführt.
C:\Users\Jonas\AppData\Local\Temp\msimg32.dll (Rootkit.Access) -> Keine Aktion durchgeführt.
C:\Users\Jonas\Pictures\2008\2008_01_Kanada\01-27.-HalifaxMooseheads\$IMG5757.JPG (Extension.Mismatch) -> Keine Aktion durchgeführt.
M:\Patches&Files\RemoveWGA12.exe (PUP.RemoveWGA) -> Keine Aktion durchgeführt.
M:\Programme\SUPER\SUPER.exe (Trojan.Downloader) -> Keine Aktion durchgeführt.
M:\Programme\SUPER\spk\MKV_ax.spk (Trojan.Downloader) -> Keine Aktion durchgeführt.
C:\Users\Jonas\Desktop\System Progressive Protection.lnk (Rogue.SystemProgressiveProtection) -> Keine Aktion durchgeführt.
C:\Users\Jonas\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\System Progressive Protection\System Progressive Protection.lnk (Rogue.SystemProgressiveProtection) -> Keine Aktion durchgeführt.

(Ende)

Psychotic · 23.10.2012, 11:09

Mein Name ist Marius und ich werde dir bei deinem Problem helfen.

Eines vorneweg:

Hinweis: Wir können hier nie dafür garantieren, dass wir sämtliche Reste von Schadsoftware gefunden haben. Eine Formatierung ist meist der schnellste und immer der sicherste Weg.

Solltest Du Dich für eine Bereinigung entscheiden, arbeite solange mit, bis dir jemand vom Team sagt, dass dein Rechner clean ist.

Eine Bereinigung ist mitunter mit viel Arbeit für dich verbunden.

Bitte arbeite alle Schritte der Reihe nach ab.
Lese die Anleitungen sorgfältig. Solltest du irgendwo nicht weiterkommen, stoppe an diesem Punkt und beschreibe dein Problem hier!
Nur Scans durchführen, zu denen du von einem Helfer aufgefordert wirst.
Bitte kein Crossposting (posten in mehreren Foren) - wenn du die Anweisungen mehrere Helfer ausführst, kann das schwere Probleme nach sich ziehen!.
Installiere oder Deinstalliere während der Bereinigung keine Software (ausser, du wurdest dazu aufgefordert).
Wenn etwas unklar ist: Frage, bevor du etwas "blind" machst!

...und ganz wichtig:
Poste die Logfiles mit code-tags (das #-Symbol oben im Antwortfenster) in deinen Thread! Nicht anhängen, außer, ich fordere dich dazu auf. (Erschwert mir nämlich das Auswerten).

Vista und Win7 User
Alle Tools mit Rechtsklick --> "als Administrator ausführen" starten.

Schritt 1: defogger

Downloade Dir bitte defogger von jpshortstuff auf Deinem Desktop.

Starte das Tool mit Doppelklick.
Vista und Win7 User mit Rechtsklick "als Administrator starten".
Klicke nun auf den Disable Button um die Treiber gewisser Emulatoren zu deaktivieren.
Wenn der Scan beendet wurde ( Finished ), klicke auf OK.
Defogger fordert gegebenfalls zum Neustart auf. Bestätige dies mit OK.

Sollte Defogger eine Fehlermeldung ausgeben, poste bitte die defogger_disable Log von deinem Desktop.
Klicke den Re-enable Button nicht ohne Anweisung.

Schritt 2: OTL

Lade Dir bitte OTL von Oldtimer herunter und speichere es auf Deinem Desktop ( falls noch nicht vorhanden)

Doppelklick auf die OTL.exe
Vista und Win7 User mit Rechtsklick "als Administrator starten"
Oben findest Du ein Kästchen mit Output. Wähle bitte Minimal Output
Unter Extra Registry, wähle bitte Use SafeList
Klicke nun auf Run Scan links oben
Wenn der Scan beendet wurde werden 2 Logfiles erstellt
Poste die Logfiles hier in den Thread.

Schritt 3: aswMBR

Downloade dir bitte aswMBR.exe und speichere die Datei auf deinem Desktop.

Starte die aswMBR.exe - (aswMBR.exe Anleitung) Vista und Win7 User mit Rechtsklick "als Admininstartor starten"
Das Tool wird dich fragen, ob Du mit der aktuellen Virendefinition von AVAST! dein System scannen willst. Beantworte diese Frage bitte mit Ja. ( Sollte deine Firewall fragen, bitte den Zugriff auf das Internet zulassen ) Der Download der Definitionen kann je nach Verbindung eine Weile dauern.
Klicke auf Scan.
Warte bitte bis Scan finished successfully im DOS Fenster steht.
Drücke auf Save Log und speichere diese auf dem Desktop.

Poste mir die aswMBR.txt in deiner nächsten Antwort. Wichtig: Drücke keinesfalls einen der Fix Buttons ohne Anweisung Hinweis: Sollte der Scan Button ausgeblendet sein, schließe das Tool und starte es erneut. Sollte es erneut nicht klappen teile mir das bitte mit.

Schritt 4: Scan mit TDSS-Killer

Lese bitte folgende Anweisungen genau. Wir wollen hier noch nichts "fixen" sondern nur einen Scan Report sehen. Downloade dir bitte TDSSKiller.exe und speichere diese Datei auf dem Desktop

Starte die TDSSKiller.exe.
Drücke Start Scan
Sollten infizierte Objekte gefunden werden, wähle keinesfalls Cure. Wähle Skip und speichere das Logfile. TDSSKiller wird eine Logfile auf deinem Systemlaufwerk speichern ( Meistens C:\ ) Als Beispiel: C:\TDSSKiller.<version_date_time>log.txt

Poste den Inhalt bitte hier in deinen Thread.

jonasjosef · 23.10.2012, 14:36

Vielen Dank für deine Antwort Marius. Ich werde wohl erst heut Abend dazu kommen, deine Anweisungen durchzuführen. Ich melde mich dann wieder.

Ich soll demnach auch nicht die gefundenen infizierten Quellen über Malwarebytes löschen?

Nachfolgend die einzelnen Logs.

1. Schritt - Defogger:

Code:

ATTFilter

defogger_disable by jpshortstuff (23.02.10.1)
Log created at 20:00 on 23/10/2012 (Jonas)

Checking for autostart values...
HKCU\~\Run values retrieved.
HKLM\~\Run values retrieved.

Checking for services/drivers...


-=E.O.F=-

2. Schritt - OTL: [1. Logfile]

Code:

ATTFilter

OTL logfile created on: 23.10.2012 20:12:53 - Run 2
OTL by OldTimer - Version 3.2.69.0     Folder = C:\Users\Jonas\Desktop
Windows Vista Home Premium Edition Service Pack 1 (Version = 6.0.6001) - Type = NTWorkstation
Internet Explorer (Version = 7.0.6001.18000)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
 
2,00 Gb Total Physical Memory | 0,83 Gb Available Physical Memory | 41,64% Memory free
4,25 Gb Paging File | 3,37 Gb Available in Paging File | 79,32% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 303,09 Gb Total Space | 22,90 Gb Free Space | 7,56% Space Free | Partition Type: NTFS
Drive D: | 10,00 Gb Total Space | 5,03 Gb Free Space | 50,31% Space Free | Partition Type: NTFS
Drive M: | 283,01 Gb Total Space | 172,68 Gb Free Space | 61,02% Space Free | Partition Type: NTFS
 
Computer Name: xxxxxxxx-PC | User Name: xxxxx | Logged in as Administrator.
Boot Mode: SafeMode with Networking | Scan Mode: Current user
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days
 
========== Processes (SafeList) ==========
 
PRC - C:\Users\Jonas\Desktop\OTL(1).exe (OldTimer Tools)
PRC - M:\Programme\Malwarebytes' Anti-Malware\mbam.exe (Malwarebytes Corporation)
PRC - C:\Programme\Mozilla Firefox\firefox.exe (Mozilla Corporation)
PRC - C:\Windows\explorer.exe (Microsoft Corporation)
PRC - C:\Programme\Windows Media Player\wmpnscfg.exe (Microsoft Corporation)
 
 
========== Modules (No Company Name) ==========
 
MOD - C:\Programme\Mozilla Firefox\mozjs.dll ()
MOD - C:\Windows\System32\Macromed\Flash\NPSWF32.dll ()
MOD - C:\Programme\ATI Technologies\ATI.ACE\Core-Static\atiacmxx.dll ()
 
 
========== Services (SafeList) ==========
 
SRV - (NMSAccessU) -- M:\Programme\CDBurnerXP\NMSAccessU.exe File not found
SRV - (clr_optimization_v2.0.50727_32) -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe File not found
SRV - (MozillaMaintenance) -- C:\Programme\Mozilla Maintenance Service\maintenanceservice.exe (Mozilla Foundation)
SRV - (AMD External Events Utility) -- C:\Windows\System32\atiesrxx.exe (AMD)
SRV - (Sony Ericsson PCCompanion) -- C:\Programme\Sony Ericsson\Sony Ericsson PC Companion\PCCService.exe (Avanquest Software)
SRV - (AVP) -- C:\Programme\Kaspersky Anti-Virus 2012\avp.exe (Kaspersky Lab ZAO)
SRV - (OMSI download service) -- M:\Programme\Sony Ericsson\Sony Ericsson PC Suite\SupServ.exe ()
SRV - (Macromedia Licensing Service) -- C:\Programme\Common Files\Macromedia Shared\Service\Macromedia Licensing.exe ()
SRV - (GoToAssist) -- C:\Program Files\Citrix\GoToAssist\514\g2aservice.exe (Citrix Online, a division of Citrix Systems, Inc.)
SRV - (PinnacleUpdateSvc) -- M:\Programme\KALiNKOsoft\Pinnacle Game Profiler\pinnacle_updater.exe (KALiNKOsoft)
SRV - (sprtsvc_DellSupportCenter) -- C:\Program Files\Dell Support Center\bin\sprtsvc.exe (SupportSoft, Inc.)
SRV - (DockLoginService) -- C:\Programme\Dell\DellDock\DockLogin.exe (Stardock Corporation)
SRV - (WMPNetworkSvc) -- C:\Programme\Windows Media Player\wmpnetwk.exe (Microsoft Corporation)
SRV - (NvcRpcServer) -- C:\Programme\Nortel Networks\NvcRpcSvr.exe (Nortel Networks NA, Inc.)
SRV - (odserv) -- C:\Programme\Common Files\microsoft shared\OFFICE12\ODSERV.EXE (Microsoft Corporation)
SRV - (ose) -- C:\Programme\Common Files\microsoft shared\Source Engine\OSE.EXE (Microsoft Corporation)
 
 
========== Driver Services (SafeList) ==========
 
DRV - (NwlnkFwd) -- system32\DRIVERS\nwlnkfwd.sys File not found
DRV - (NwlnkFlt) -- system32\DRIVERS\nwlnkflt.sys File not found
DRV - (IpInIp) -- system32\DRIVERS\ipinip.sys File not found
DRV - (MBAMSwissArmy) -- C:\Windows\System32\drivers\mbamswissarmy.sys (Malwarebytes Corporation)
DRV - (ctxusbm) -- C:\Windows\System32\drivers\ctxusbm.sys (Citrix Systems, Inc.)
DRV - (R300) -- C:\Windows\System32\drivers\atikmdag.sys (Advanced Micro Devices, Inc.)
DRV - (atikmdag) -- C:\Windows\System32\drivers\atikmdag.sys (Advanced Micro Devices, Inc.)
DRV - (amdkmdag) -- C:\Windows\System32\drivers\atikmdag.sys (Advanced Micro Devices, Inc.)
DRV - (amdkmdap) -- C:\Windows\System32\drivers\atikmpag.sys (Advanced Micro Devices, Inc.)
DRV - (KLIF) -- C:\Windows\System32\drivers\klif.sys (Kaspersky Lab)
DRV - (AtiHDAudioService) -- C:\Windows\System32\drivers\AtihdLH3.sys (Advanced Micro Devices)
DRV - (KLIM6) -- C:\Windows\System32\drivers\klim6.sys (Kaspersky Lab ZAO)
DRV - (kl2) -- C:\Windows\System32\drivers\kl2.sys (Kaspersky Lab ZAO)
DRV - (KL1) -- C:\Windows\System32\drivers\kl1.sys (Kaspersky Lab ZAO)
DRV - (StarOpen) -- C:\Windows\System32\drivers\StarOpen.sys ()
DRV - (klmouflt) -- C:\Windows\System32\drivers\klmouflt.sys (Kaspersky Lab)
DRV - (s0016unic) -- C:\Windows\System32\drivers\s0016unic.sys (MCCI Corporation)
DRV - (s0016nd5) -- C:\Windows\System32\drivers\s0016nd5.sys (MCCI Corporation)
DRV - (s0016mdfl) -- C:\Windows\System32\drivers\s0016mdfl.sys (MCCI Corporation)
DRV - (s0016mdm) -- C:\Windows\System32\drivers\s0016mdm.sys (MCCI Corporation)
DRV - (s0016mgmt) -- C:\Windows\System32\drivers\s0016mgmt.sys (MCCI Corporation)
DRV - (s0016obex) -- C:\Windows\System32\drivers\s0016obex.sys (MCCI Corporation)
DRV - (s0016bus) -- C:\Windows\System32\drivers\s0016bus.sys (MCCI Corporation)
DRV - (VSTHWBS2) -- C:\Windows\System32\drivers\VSTBS23.SYS (Conexant Systems, Inc.)
DRV - (seehcri) -- C:\Windows\System32\drivers\seehcri.sys (Sony Ericsson Mobile Communications)
DRV - (e1express) -- C:\Windows\System32\drivers\e1e6032.sys (Intel Corporation)
DRV - (Eacfilt) -- C:\Windows\System32\drivers\eacfilt.sys (Nortel Networks)
DRV - (IPSECSHM) -- C:\Windows\System32\drivers\ipsecw2k.sys (Nortel Networks NA, Inc.)
DRV - (IPSECEXT) -- C:\Windows\System32\drivers\ipsecw2k.sys (Nortel Networks NA, Inc.)
DRV - (EU3_USB) -- C:\Windows\System32\drivers\EU3USB.sys ( Inc.)
 
 
========== Standard Registry (SafeList) ==========
 
 
========== Internet Explorer ==========
 
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://www.google.de/ig/dell?hl=de&client=dell-row&channel=de&ibd=6081024
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = %SystemRoot%\system32\blank.htm
IE - HKLM\..\SearchScopes,DefaultScope = {6A1806CD-94D4-4689-BA73-E35EA1EA9990}
IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://search.live.com/results.aspx?q={searchTerms}&src={referrer:source?}
IE - HKLM\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = hxxp://www.google.com/search?q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&sourceid=ie7&rlz=1I7DADE
 
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://www.google.de/ig/dell?hl=de&client=dell-row&channel=de&ibd=6081024
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.google.de/
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,StartPageCache = 1
IE - HKCU\..\URLSearchHook: {00000000-6E41-4FD3-8538-502F5495E5FC} - SOFTWARE\Classes\CLSID\{00000000-6E41-4FD3-8538-502F5495E5FC}\InprocServer32 File not found
IE - HKCU\..\SearchScopes,DefaultScope = {6A1806CD-94D4-4689-BA73-E35EA1EA9990}
IE - HKCU\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://search.live.com/results.aspx?q={searchTerms}&src={referrer:source?}
IE - HKCU\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = hxxp://www.google.com/search?q={searchTerms}&rlz=1I7DADE_de&ie={inputEncoding}&oe={outputEncoding}&sourceid=ie7
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local
 
========== FireFox ==========
 
FF - prefs.js..browser.search.defaultengine: "Ask.com"
FF - prefs.js..browser.search.defaultenginename: "Ask.com"
FF - prefs.js..browser.search.order.1: "Ask.com"
FF - prefs.js..browser.search.selectedEngine: "Google"
FF - prefs.js..browser.search.update: false
FF - prefs.js..browser.search.useDBForOrder: true
FF - prefs.js..browser.startup.homepage: "hxxp://www.google.de/"
FF - prefs.js..extensions.enabledItems: {ACAA314B-EEBA-48e4-AD47-84E31C44796C}:1.0.5
FF - prefs.js..extensions.enabledItems: linkfilter@kaspersky.ru:12.0.0.477
FF - prefs.js..extensions.enabledItems: virtualKeyboard@kaspersky.ru:12.0.0.477
FF - prefs.js..keyword.URL: "hxxp://www.google.com/search?ie=UTF-8&oe=UTF-8&sourceid=navclient&gfns=1&q="
FF - user.js - File not found
 
FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF32.dll ()
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=:  File not found
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=1.0: M:\Programme\itunes\Mozilla Plugins\npitunes.dll ()
FF - HKLM\Software\MozillaPlugins\@Citrix.com/npican: C:\Program Files\Citrix\ICA Client\npicaN.dll (Citrix Systems, Inc.)
FF - HKLM\Software\MozillaPlugins\@Google.com/GoogleEarthPlugin: C:\Program Files\Google\Google Earth\plugin\npgeplugin.dll (Google)
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files\Java\jre6\bin\new_plugin\npjp2.dll (Sun Microsystems, Inc.)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WPF,version=3.5: C:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@pack.google.com/Google Updater;version=14: C:\Program Files\Google\Google Updater\2.4.2432.1652\npCIDetect14.dll (Google)
FF - HKLM\Software\MozillaPlugins\@RIM.com/WebSLLauncher,version=1.0: C:\Program Files\Common Files\Research In Motion\BBWebSLLauncher\NPWebSLLauncher.dll ()
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files\Google\Update\1.3.21.123\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files\Google\Update\1.3.21.123\npGoogleUpdate3.dll (Google Inc.)
 
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\smartwebprinting@hp.com: C:\Program Files\HP\Digital Imaging\Smart Web Printing\MozillaAddOn2 [2010.04.03 11:34:35 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\linkfilter@kaspersky.ru: C:\Program Files\Kaspersky Anti-Virus 2012\FFExt\linkfilter@kaspersky.ru [2012.09.04 21:46:29 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\virtualKeyboard@kaspersky.ru: C:\Program Files\Kaspersky Anti-Virus 2012\FFExt\virtualKeyboard@kaspersky.ru [2012.09.04 21:46:29 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 12.0\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2012.06.04 12:20:15 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 12.0\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2012.09.07 13:58:46 | 000,000,000 | ---D | M]
FF - HKEY_CURRENT_USER\software\mozilla\Firefox\Extensions\\smartwebprinting@hp.com: C:\Program Files\HP\Digital Imaging\Smart Web Printing\MozillaAddOn2 [2010.04.03 11:34:35 | 000,000,000 | ---D | M]
 
[2008.10.30 19:37:36 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Jonas\AppData\Roaming\mozilla\Extensions
[2011.12.06 23:47:46 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Jonas\AppData\Roaming\mozilla\Firefox\Profiles\uaiijvfa.default\extensions
[2009.09.05 18:27:05 | 000,000,000 | ---D | M] (Microsoft .NET Framework Assistant) -- C:\Users\Jonas\AppData\Roaming\mozilla\Firefox\Profiles\uaiijvfa.default\extensions\{20a82645-c095-46ed-80e3-08825760534b}
[2011.09.06 22:25:34 | 000,000,000 | ---D | M] ("Free YouTube Download (Free Studio) Menu") -- C:\Users\Jonas\AppData\Roaming\mozilla\Firefox\Profiles\uaiijvfa.default\extensions\{ACAA314B-EEBA-48e4-AD47-84E31C44796C}
[2010.07.27 08:03:58 | 000,002,394 | ---- | M] () -- C:\Users\Jonas\AppData\Roaming\mozilla\firefox\profiles\uaiijvfa.default\searchplugins\askcom.xml
[2012.06.04 12:20:15 | 000,000,000 | ---D | M] (No name found) -- C:\Programme\Mozilla Firefox\extensions
[2012.04.21 03:18:00 | 000,097,208 | ---- | M] (Mozilla Foundation) -- C:\Program Files\mozilla firefox\components\browsercomps.dll
[2011.05.04 04:52:23 | 000,476,904 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files\mozilla firefox\plugins\npdeployJava1.dll
[2012.04.21 03:54:08 | 000,001,392 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\amazondotcom-de.xml
[2012.04.21 03:54:08 | 000,002,252 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\bing.xml
[2012.04.21 03:54:08 | 000,001,153 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\eBay-de.xml
[2012.04.21 03:54:08 | 000,006,805 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\leo_ende_de.xml
[2012.04.21 03:54:08 | 000,001,178 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\wikipedia-de.xml
[2012.04.21 03:54:08 | 000,001,105 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\yahoo-de.xml
 
O1 HOSTS File: ([2009.06.28 12:38:45 | 000,000,761 | ---- | M]) - C:\Windows\System32\drivers\etc\HOSTS
O1 - Hosts: 127.0.0.1       localhost
O1 - Hosts: ::1             localhost
O2 - BHO: (IEVkbdBHO Class) - {59273AB4-E7D3-40F9-A1A8-6FA9CCA1862C} - C:\Programme\Kaspersky Anti-Virus 2012\ievkbd.dll (Kaspersky Lab ZAO)
O2 - BHO: (Google Toolbar Notifier BHO) - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Programme\Google\GoogleToolbarNotifier\5.2.4204.1700\swg.dll (Google Inc.)
O2 - BHO: (NTIECatcher Class) - {C56CB6B0-0D96-11D6-8C65-B2868B609932} - M:\Programme\NetTransport 2\NTIEHelper.dll (Xi)
O2 - BHO: (CBrowserHelperObject Object) - {CA6319C0-31B7-401E-A518-A07C3DB8F777} - C:\Programme\Dell\BAE\BAE.dll (Dell Inc.)
O2 - BHO: (Ask Toolbar) - {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Program Files\Ask.com\GenericAskToolbar.dll File not found
O2 - BHO: (FilterBHO Class) - {E33CF602-D945-461A-83F0-819F76A199F8} - C:\Programme\Kaspersky Anti-Virus 2012\klwtbbho.dll (Kaspersky Lab ZAO)
O3 - HKLM\..\Toolbar: (Ask Toolbar) - {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Program Files\Ask.com\GenericAskToolbar.dll File not found
O3 - HKCU\..\Toolbar\WebBrowser: (Ask Toolbar) - {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Program Files\Ask.com\GenericAskToolbar.dll File not found
O4 - HKLM..\Run: []  File not found
O4 - HKLM..\Run: [APSDaemon] C:\Program Files\Common Files\Apple\Apple Application Support\APSDaemon.exe (Apple Inc.)
O4 - HKCU..\RunOnce: [1EDC110C43DB8F6100001EDBF23695A5] C:\ProgramData\1EDC110C43DB8F6100001EDBF23695A5\1EDC110C43DB8F6100001EDBF23695A5.exe ()
O8 - Extra context menu item: Alles mit Net Transport herunterladen - M:\Programme\NetTransport 2\NTAddList.html ()
O8 - Extra context menu item: Free YouTube to MP3 Converter - C:\Users\Jonas\AppData\Roaming\DVDVideoSoftIEHelpers\freeyoutubetomp3converter.htm ()
O8 - Extra context menu item: Mit Net Transport herunterladen - M:\Programme\NetTransport 2\NTAddLink.html ()
O8 - Extra context menu item: Nach Microsoft E&xel exportieren - C:\Programme\Microsoft Office\Office12\EXCEL.EXE (Microsoft Corporation)
O9 - Extra Button: &Virtuelle Tastatur - {4248FE82-7FCB-46AC-B270-339F08212110} - C:\Programme\Kaspersky Anti-Virus 2012\ievkbd.dll (Kaspersky Lab ZAO)
O9 - Extra Button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\Programme\Microsoft Office\Office12\REFIEBAR.DLL (Microsoft Corporation)
O9 - Extra Button: Li&nks untersuchen - {CCF151D8-D089-449F-A5A4-D9909053F20F} - C:\Programme\Kaspersky Anti-Virus 2012\klwtbbho.dll (Kaspersky Lab ZAO)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000007 [] - C:\Programme\Bonjour\mdnsNSP.dll (Apple Inc.)
O13 - gopher Prefix: missing
O16 - DPF: {44990B00-3C9D-426D-81DF-AAB636FA4345} https://www-secure.symantec.com/techsupp/asa/ss/sa/sa_cabs/tgctlcm.cab (Symantec Configuration Class)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_26-windows-i586.cab (Java Plug-in 1.6.0_26)
O16 - DPF: {CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_07-windows-i586.cab (Java Plug-in 1.6.0_07)
O16 - DPF: {CAFEEFAC-0016-0000-0026-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_26-windows-i586.cab (Java Plug-in 1.6.0_26)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_26-windows-i586.cab (Java Plug-in 1.6.0_26)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 217.237.148.22 217.237.150.51
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{0BDB93D5-00D4-401C-B2D1-281596312A99}: DhcpNameServer = 217.237.148.22 217.237.150.51
O18 - Protocol\Handler\ms-help {314111c7-a502-11d2-bbca-00c04f8ec294} - C:\Programme\Common Files\microsoft shared\Help\hxds.dll (Microsoft Corporation)
O18 - Protocol\Handler\ms-itss {0A9007C0-4076-11D3-8789-0000F8105754} - C:\Programme\Common Files\microsoft shared\Information Retrieval\msitss.dll (Microsoft Corporation)
O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Programme\Common Files\Skype\Skype4COM.dll (Skype Technologies)
O18 - Protocol\Filter\application/x-ica {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Programme\Citrix\ICA Client\IcaMimeFilter.dll (Citrix Systems, Inc.)
O18 - Protocol\Filter\application/x-ica; charset=euc-jp {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Programme\Citrix\ICA Client\IcaMimeFilter.dll (Citrix Systems, Inc.)
O18 - Protocol\Filter\application/x-ica; charset=ISO-8859-1 {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Programme\Citrix\ICA Client\IcaMimeFilter.dll (Citrix Systems, Inc.)
O18 - Protocol\Filter\application/x-ica; charset=MS936 {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Programme\Citrix\ICA Client\IcaMimeFilter.dll (Citrix Systems, Inc.)
O18 - Protocol\Filter\application/x-ica; charset=MS949 {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Programme\Citrix\ICA Client\IcaMimeFilter.dll (Citrix Systems, Inc.)
O18 - Protocol\Filter\application/x-ica; charset=MS950 {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Programme\Citrix\ICA Client\IcaMimeFilter.dll (Citrix Systems, Inc.)
O18 - Protocol\Filter\application/x-ica; charset=UTF8 {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Programme\Citrix\ICA Client\IcaMimeFilter.dll (Citrix Systems, Inc.)
O18 - Protocol\Filter\application/x-ica; charset=UTF-8 {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Programme\Citrix\ICA Client\IcaMimeFilter.dll (Citrix Systems, Inc.)
O18 - Protocol\Filter\application/x-ica;charset=euc-jp {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Programme\Citrix\ICA Client\IcaMimeFilter.dll (Citrix Systems, Inc.)
O18 - Protocol\Filter\application/x-ica;charset=ISO-8859-1 {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Programme\Citrix\ICA Client\IcaMimeFilter.dll (Citrix Systems, Inc.)
O18 - Protocol\Filter\application/x-ica;charset=MS936 {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Programme\Citrix\ICA Client\IcaMimeFilter.dll (Citrix Systems, Inc.)
O18 - Protocol\Filter\application/x-ica;charset=MS949 {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Programme\Citrix\ICA Client\IcaMimeFilter.dll (Citrix Systems, Inc.)
O18 - Protocol\Filter\application/x-ica;charset=MS950 {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Programme\Citrix\ICA Client\IcaMimeFilter.dll (Citrix Systems, Inc.)
O18 - Protocol\Filter\application/x-ica;charset=UTF8 {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Programme\Citrix\ICA Client\IcaMimeFilter.dll (Citrix Systems, Inc.)
O18 - Protocol\Filter\application/x-ica;charset=UTF-8 {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Programme\Citrix\ICA Client\IcaMimeFilter.dll (Citrix Systems, Inc.)
O18 - Protocol\Filter\ica {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Programme\Citrix\ICA Client\IcaMimeFilter.dll (Citrix Systems, Inc.)
O18 - Protocol\Filter\text/xml {807563E5-5146-11D5-A672-00B0D022E945} - C:\Programme\Common Files\microsoft shared\OFFICE12\MSOXMLMF.DLL (Microsoft Corporation)
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\System32\userinit.exe (Microsoft Corporation)
O20 - Winlogon\Notify\GoToAssist: DllName - (C:\Program Files\Citrix\GoToAssist\514\G2AWinLogon.dll) - C:\Programme\Citrix\GoToAssist\514\g2awinlogon.dll (Citrix Online, a division of Citrix Systems, Inc.)
O20 - Winlogon\Notify\klogon: DllName - (C:\Windows\system32\klogon.dll) - C:\Windows\System32\klogon.dll (Kaspersky Lab ZAO)
O24 - Desktop WallPaper: C:\Windows\Web\Wallpaper\Inspiron_DT_1152x864_01.jpg
O24 - Desktop BackupWallPaper: C:\Windows\Web\Wallpaper\Inspiron_DT_1152x864_01.jpg
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2006.09.18 23:43:36 | 000,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ]
O33 - MountPoints2\{df954871-a156-11dd-8049-806e6f6e6963}\Shell - "" = AutoRun
O33 - MountPoints2\{df954871-a156-11dd-8049-806e6f6e6963}\Shell\AutoRun\command - "" = E:\autorun.exe
O34 - HKLM BootExecute: (autocheck autochk *)
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)
 
========== Files/Folders - Created Within 30 Days ==========
 
[2012.10.23 20:10:14 | 000,602,112 | ---- | C] (OldTimer Tools) -- C:\Users\Jonas\Desktop\OTL(1).exe
[2012.10.22 22:28:58 | 000,040,776 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbamswissarmy.sys
[2012.10.22 21:25:21 | 000,022,856 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbam.sys
[2012.10.22 21:25:21 | 000,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes
[2012.10.22 21:04:18 | 000,000,000 | ---D | C] -- C:\Users\Jonas\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\System Progressive Protection
[2012.10.22 21:00:27 | 000,000,000 | ---D | C] -- C:\ProgramData\1EDC110C43DB8F6100001EDBF23695A5
[2011.09.18 16:51:03 | 000,148,736 | ---- | C] (Avanquest Software) -- C:\ProgramData\hpe2C43.dll
[8 C:\Users\Jonas\Documents\*.tmp files -> C:\Users\Jonas\Documents\*.tmp -> ]
 
========== Files - Modified Within 30 Days ==========
 
[2012.10.23 19:54:55 | 000,000,000 | ---- | M] () -- C:\Users\Jonas\defogger_reenable
[2012.10.23 19:53:21 | 000,050,477 | ---- | M] () -- C:\Users\Jonas\Desktop\Defogger.exe
[2012.10.23 08:08:55 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\Jonas\Desktop\OTL(1).exe
[2012.10.22 22:29:23 | 000,040,776 | ---- | M] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbamswissarmy.sys
[2012.10.22 22:28:52 | 000,076,800 | ---- | M] () -- C:\Users\Jonas\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2012.10.22 22:11:51 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2012.10.22 22:10:27 | 000,003,616 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0
[2012.10.22 22:10:27 | 000,003,616 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0
[2012.10.22 22:06:29 | 000,001,094 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job
[2012.10.22 21:25:22 | 000,000,694 | ---- | M] () -- C:\Users\Public\Desktop\ Malwarebytes Anti-Malware .lnk
[2012.10.22 21:05:00 | 000,000,418 | -H-- | M] () -- C:\Windows\tasks\User_Feed_Synchronization-{4205D340-6485-453F-BC49-26438D2879F8}.job
[2012.10.22 21:04:18 | 000,002,014 | ---- | M] () -- C:\Users\Jonas\Desktop\System Progressive Protection.lnk
[2012.10.21 21:19:00 | 000,001,098 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job
[2012.10.20 13:57:00 | 000,001,052 | ---- | M] () -- C:\Windows\tasks\Google Software Updater.job
[2012.10.13 13:52:05 | 000,002,673 | ---- | M] () -- C:\Users\Jonas\Desktop\Microsoft Office PowerPoint 2007.lnk
[2012.10.04 09:04:28 | 000,632,014 | ---- | M] () -- C:\Windows\System32\perfh007.dat
[2012.10.04 09:04:28 | 000,127,258 | ---- | M] () -- C:\Windows\System32\perfc007.dat
[2012.10.04 09:04:28 | 000,104,716 | ---- | M] () -- C:\Windows\System32\perfc009.dat
[2012.10.04 09:04:28 | 000,046,634 | ---- | M] () -- C:\Windows\System32\perfh009.dat
[2012.09.29 19:54:26 | 000,022,856 | ---- | M] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbam.sys
[8 C:\Users\Jonas\Documents\*.tmp files -> C:\Users\Jonas\Documents\*.tmp -> ]
 
========== Files Created - No Company Name ==========
 
[2012.10.23 19:54:55 | 000,000,000 | ---- | C] () -- C:\Users\Jonas\defogger_reenable
[2012.10.23 19:53:22 | 000,050,477 | ---- | C] () -- C:\Users\Jonas\Desktop\Defogger.exe
[2012.10.22 21:25:22 | 000,000,694 | ---- | C] () -- C:\Users\Public\Desktop\ Malwarebytes Anti-Malware .lnk
[2012.10.22 21:04:18 | 000,002,014 | ---- | C] () -- C:\Users\Jonas\Desktop\System Progressive Protection.lnk
[2012.03.09 05:56:10 | 000,037,376 | ---- | C] () -- C:\Windows\System32\atitmpxx.dll
[2012.03.09 01:26:20 | 000,054,784 | ---- | C] () -- C:\Windows\System32\OVDecode.dll
[2012.01.10 23:10:08 | 000,601,728 | ---- | C] () -- C:\Windows\System32\atiicdxx.dat
[2011.12.06 23:46:08 | 000,017,408 | ---- | C] () -- C:\Users\Jonas\AppData\Local\WebpageIcons.db
[2011.12.06 23:44:45 | 000,116,189 | ---- | C] () -- C:\Windows\System32\drivers\klin.dat
[2011.12.06 23:44:45 | 000,098,168 | ---- | C] () -- C:\Windows\System32\drivers\klick.dat
[2011.09.13 00:06:16 | 000,003,917 | ---- | C] () -- C:\Windows\System32\atipblag.dat
[2011.03.11 13:43:54 | 000,029,763 | ---- | C] () -- C:\Windows\System32\drivers\klopp.dat
[2011.01.28 02:32:55 | 000,000,797 | ---- | C] () -- C:\Windows\wiso.ini
[2010.12.23 21:05:36 | 000,053,248 | ---- | C] () -- C:\Users\Jonas\lametritonus_en.dll
[2010.12.23 21:05:34 | 000,162,304 | ---- | C] () -- C:\Users\Jonas\lame_enc_en.dll
[2009.01.22 11:52:49 | 000,052,926 | ---- | C] () -- C:\Users\Jonas\AppData\Roaming\mdbu.bin
[2008.12.01 18:17:36 | 000,001,356 | ---- | C] () -- C:\Users\Jonas\AppData\Local\d3d9caps.dat
[2008.10.30 17:32:38 | 000,076,800 | ---- | C] () -- C:\Users\Jonas\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
 
========== ZeroAccess Check ==========
 
[2010.11.24 12:56:10 | 000,009,244 | ---- | M] () -- C:\$Recycle.bin\S-1-5-21-651249750-224367086-3025743595-1000\$RN395EP.zip\Informationsprogramme\Existenzgründungsberater\existenz\HTML\glossar\glossar\l.html
[2010.11.24 12:56:10 | 000,008,061 | ---- | M] () -- C:\$Recycle.bin\S-1-5-21-651249750-224367086-3025743595-1000\$RN395EP.zip\Informationsprogramme\Existenzgründungsberater\existenz\HTML\glossar\glossar\n.html
[2010.11.24 12:56:10 | 000,010,578 | ---- | M] () -- C:\$Recycle.bin\S-1-5-21-651249750-224367086-3025743595-1000\$RN395EP.zip\Informationsprogramme\Existenzgründungsberater\existenz\HTML\glossar\glossar\u.html
[2010.11.24 12:56:30 | 000,009,229 | ---- | M] () -- C:\$Recycle.bin\S-1-5-21-651249750-224367086-3025743595-1000\$RN395EP.zip\Informationsprogramme\Früherkennung Chancen Risiken\chancen\HTML\index\l.html
[2010.11.24 12:56:30 | 000,009,265 | ---- | M] () -- C:\$Recycle.bin\S-1-5-21-651249750-224367086-3025743595-1000\$RN395EP.zip\Informationsprogramme\Früherkennung Chancen Risiken\chancen\HTML\index\n.html
[2010.11.24 12:56:30 | 000,009,227 | ---- | M] () -- C:\$Recycle.bin\S-1-5-21-651249750-224367086-3025743595-1000\$RN395EP.zip\Informationsprogramme\Früherkennung Chancen Risiken\chancen\HTML\index\u.html
[2006.11.02 14:54:22 | 000,000,227 | RHS- | M] () -- C:\Windows\assembly\Desktop.ini
 
[HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
 
[HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32]
"ThreadingModel" = Both
"" = C:\$Recycle.Bin\S-1-5-21-651249750-224367086-3025743595-1000\$76b7121237c98ba546f10e74ef61dc99\n. -- File not found
 
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
"" = %SystemRoot%\system32\shell32.dll -- [2011.01.21 17:46:32 | 011,582,464 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment
 
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32]
"" = C:\$Recycle.Bin\S-1-5-18\$76b7121237c98ba546f10e74ef61dc99\n. -- File not found
"ThreadingModel" = Free
 
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32]
"" = %systemroot%\system32\wbem\wbemess.dll -- [2008.01.21 04:24:03 | 000,347,648 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Both
 
========== LOP Check ==========
 
[2011.12.30 16:57:06 | 000,000,000 | -HSD | M] -- C:\Users\Jonas\AppData\Roaming\.#
[2009.03.20 22:50:31 | 000,000,000 | ---D | M] -- C:\Users\Jonas\AppData\Roaming\Ahnenblatt
[2008.12.03 22:48:25 | 000,000,000 | ---D | M] -- C:\Users\Jonas\AppData\Roaming\Ashampoo
[2009.02.07 17:48:48 | 000,000,000 | ---D | M] -- C:\Users\Jonas\AppData\Roaming\Black Sea Studios
[2010.09.27 23:36:24 | 000,000,000 | ---D | M] -- C:\Users\Jonas\AppData\Roaming\Blackberry Desktop
[2011.01.28 02:22:59 | 000,000,000 | ---D | M] -- C:\Users\Jonas\AppData\Roaming\Buhl Data Service
[2010.09.29 23:17:38 | 000,000,000 | ---D | M] -- C:\Users\Jonas\AppData\Roaming\Canneverbe Limited
[2009.01.13 00:09:50 | 000,000,000 | ---D | M] -- C:\Users\Jonas\AppData\Roaming\Capcom
[2012.10.16 20:02:04 | 000,000,000 | ---D | M] -- C:\Users\Jonas\AppData\Roaming\DVDVideoSoft
[2011.10.03 09:24:29 | 000,000,000 | ---D | M] -- C:\Users\Jonas\AppData\Roaming\DVDVideoSoftIEHelpers
[2008.10.31 11:07:37 | 000,000,000 | ---D | M] -- C:\Users\Jonas\AppData\Roaming\eDocPrintPro
[2009.12.17 19:02:46 | 000,000,000 | ---D | M] -- C:\Users\Jonas\AppData\Roaming\FileZilla
[2012.09.04 22:18:54 | 000,000,000 | ---D | M] -- C:\Users\Jonas\AppData\Roaming\ICAClient
[2009.07.18 10:14:42 | 000,000,000 | ---D | M] -- C:\Users\Jonas\AppData\Roaming\KALiNKOsoft
[2010.02.16 21:04:50 | 000,000,000 | ---D | M] -- C:\Users\Jonas\AppData\Roaming\Leadertech
[2009.01.12 21:59:29 | 000,000,000 | ---D | M] -- C:\Users\Jonas\AppData\Roaming\ProtectDisc
[2010.09.27 23:31:58 | 000,000,000 | ---D | M] -- C:\Users\Jonas\AppData\Roaming\Research In Motion
[2011.04.10 08:19:57 | 000,000,000 | ---D | M] -- C:\Users\Jonas\AppData\Roaming\SmartTools
[2009.04.11 19:03:44 | 000,000,000 | ---D | M] -- C:\Users\Jonas\AppData\Roaming\temp
[2009.02.18 02:07:02 | 000,000,000 | ---D | M] -- C:\Users\Jonas\AppData\Roaming\uTorrent
[2009.04.21 17:36:42 | 000,000,000 | ---D | M] -- C:\Users\Jonas\AppData\Roaming\WordToPDF
[2008.11.28 16:15:24 | 000,000,000 | ---D | M] -- C:\Users\Jonas\AppData\Roaming\Xi
 
========== Purity Check ==========
 
 
 
========== Alternate Data Streams ==========
 
@Alternate Data Stream - 128 bytes -> C:\Windows\System32\zlib.dll:SummaryInformation
@Alternate Data Stream - 124 bytes -> C:\Windows\System32\zlib.dll:DocumentSummaryInformation

< End of report >

2. Schritt - OTL: [2.Logfile]

Code:

ATTFilter

OTL Extras logfile created on: 23.10.2012 20:12:53 - Run 2
OTL by OldTimer - Version 3.2.69.0     Folder = C:\Users\Jonas\Desktop
Windows Vista Home Premium Edition Service Pack 1 (Version = 6.0.6001) - Type = NTWorkstation
Internet Explorer (Version = 7.0.6001.18000)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
 
2,00 Gb Total Physical Memory | 0,83 Gb Available Physical Memory | 41,64% Memory free
4,25 Gb Paging File | 3,37 Gb Available in Paging File | 79,32% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 303,09 Gb Total Space | 22,90 Gb Free Space | 7,56% Space Free | Partition Type: NTFS
Drive D: | 10,00 Gb Total Space | 5,03 Gb Free Space | 50,31% Space Free | Partition Type: NTFS
Drive M: | 283,01 Gb Total Space | 172,68 Gb Free Space | 61,02% Space Free | Partition Type: NTFS
 
Computer Name: HOFFMANN-PC | User Name: Jonas | Logged in as Administrator.
Boot Mode: SafeMode with Networking | Scan Mode: Current user
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days
 
========== Extra Registry (SafeList) ==========
 
 
========== File Associations ==========
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- C:\Windows\System32\control.exe (Microsoft Corporation)
.hlp [@ = hlpfile] -- C:\Windows\winhlp32.exe (Microsoft Corporation)
.url [@ = InternetShortcut] -- rundll32.exe ieframe.dll,OpenURL %l
 
[HKEY_CURRENT_USER\SOFTWARE\Classes\<extension>]
.html [@ = FirefoxHTML] -- C:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation)
 
========== Shell Spawning ==========
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
hlpfile [open] -- %SystemRoot%\winhlp32.exe %1 (Microsoft Corporation)
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
InternetShortcut [open] -- rundll32.exe ieframe.dll,OpenURL %l
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [Winamp.Bookmark] -- "M:\Programme\Winamp\Winamp.exe" /BOOKMARK "%1" (Nullsoft)
Directory [Winamp.Enqueue] -- "M:\Programme\Winamp\Winamp.exe" /ADD "%1" (Nullsoft)
Directory [Winamp.Play] -- "M:\Programme\Winamp\Winamp.exe" "%1" (Nullsoft)
Folder [open] -- %SystemRoot%\Explorer.exe /separate,/idlist,%I,%L (Microsoft Corporation)
Folder [explore] -- %SystemRoot%\Explorer.exe /separate,/e,/idlist,%I,%L (Microsoft Corporation)
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
 
========== Security Center Settings ==========
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 0
"UacDisableNotify" = 1
"InternetSettingsDisableNotify" = 1
"AutoUpdateDisableNotify" = 1
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]
"DisableMonitoring" = 1
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\KasperskyAntiVirus]
"DisableMonitoring" = 1
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecAntiVirus]
"DisableMonitoring" = 1
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecFirewall]
"DisableMonitoring" = 1
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"AntiVirusOverride" = 0
"AntiSpywareOverride" = 0
"FirewallOverride" = 0
"VistaSp1" = Reg Error: Unknown registry data type -- File not found
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\S-1-5-21-651249750-224367086-3025743595-1000]
"EnableNotifications" = 1
"EnableNotificationsRef" = 2
 
========== Firewall Settings ==========
 
========== Authorized Applications List ==========
 
 
========== Vista Active Open Ports Exception List ==========
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
 
========== Vista Active Application Exception List ==========
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
 
========== HKEY_LOCAL_MACHINE Uninstall List ==========
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{0001B4FD-9EA3-4D90-A79E-FD14BA3AB01D}" = PDFCreator
"{02F0B8AE-7501-4333-AFBE-6BAABFEC7637}" = WISO Steuer-Sparbuch 2011
"{03A7C57A-B2C8-409b-92E5-524A0DFD0DD3}" = Status
"{052FDD78-A6EA-3187-8386-C82F4CA3A929}" = Microsoft .NET Framework 3.5 Language Pack SP1 - deu
"{055EE59D-217B-43A7-ABFF-507B966405D8}" = ATI Catalyst Control Center
"{056E7B58-F436-9614-6CD3-1DFDDD7DA470}" = CCC Help Turkish
"{0626167B-F30A-79EB-9B21-80B83468961A}" = CCC Help Chinese Traditional
"{087A66B8-1F0F-4a8d-A649-0CFE276AA7C0}" = WebReg
"{08D6F386-D362-805B-05D2-79E4AB4F9CB9}" = CCC Help Korean
"{0A561DC3-36F0-4EBA-961D-531F82D053C9}" = Self-Service Plug-in
"{0A590981-75A9-B968-4A29-718E5A8E1416}" = CCC Help Dutch
"{0CC1DAFB-40C8-4903-953D-471E541477C7}" = WISO Steuer-Sparbuch 2012
"{0E6B8EA7-4FDF-F730-8F28-05720874BE71}" = CCC Help Chinese Traditional
"{0EB183F5-17C6-45AA-96EC-888C615AD53C}" = Citrix Receiver (HDX Flash-Umleitung)
"{1003E625-BE5B-390B-7B60-D483D0B75A26}" = CCC Help Russian
"{122ADF8C-DDA1-480C-9936-C88F2825B265}" = Apple Application Support
"{1690611F-D4EA-A00D-DAAD-91D216869679}" = CCC Help Polish
"{196BB40D-1578-3D01-B289-BEFC77A11A1E}" = Microsoft Visual C++ 2010  x86 Redistributable - 10.0.30319
"{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
"{2315B23D-3E21-4920-837D-AE6460934ECB}" = FIFA 09
"{234AB115-C6C4-4ACB-A029-8845120E4F37}" = Online Plug-in
"{2390D4C3-8CC7-2074-ACB9-A22ED2E1D4E9}" = CCC Help Portuguese
"{2555521A-9231-2F05-AEBE-FC1E2A7F825F}" = ccc-utility
"{26A24AE4-039D-4CA4-87B4-2F83216022FF}" = Java(TM) 6 Update 26
"{26EED5E6-EC40-35A9-602A-C3CF03A9C1E6}" = CCC Help Portuguese
"{27C42F0C-9090-97F7-9338-B6BD6DC25BB1}" = CCC Help Japanese
"{2A329FB6-389D-4396-A974-29656D6864AE}" = MarketResearch
"{2BE84E12-E062-F989-BA16-25D53F343033}" = Skins
"{2C33E65D-9187-8F2E-40D8-BD9E24E341FB}" = CCC Help Italian
"{2EEA7AA4-C203-4b90-A34F-19FB7EF1C81C}" = BufferChm
"{2EFA4E4C-7B5F-48F7-A1C0-1AA882B7A9C3}" = HP Update
"{2FFE93F0-BB72-4E52-8761-354D1AAA9387}" = Sony Ericsson PC Suite
"{31CAC150-58B2-F696-D9EB-2FC16C3A8FAA}" = Catalyst Control Center Localization Portuguese
"{32343DB6-9A52-40C9-87E4-5E7C79791C87}" = MSXML 4.0 SP2 and SOAP Toolkit 3.0
"{3248F0A8-6813-11D6-A77B-00B0D0160070}" = Java(TM) 6 Update 7
"{34475C54-DA68-DA37-E014-2ADD65AF627F}" = Catalyst Control Center Localization Hungarian
"{3541D8B6-BE96-0E6B-8987-D1CE1FBF848A}" = CCC Help German
"{36B6CCCF-97C3-4BC3-8890-A2E778C0037E}" = Citrix Receiver Updater
"{36B6FF8B-38E3-E64C-F840-75F6AAEBE3EA}" = Catalyst Control Center Graphics Previews Common
"{37334614-FAB1-4C67-9973-BC6C1DF82DAE}" = Citrix Receiver (USB)
"{38DAE5F5-EC70-4aa5-801B-D11CA0A33B41}" = BPDSoftware
"{38F6C932-2274-4897-479D-03AA6BA5B567}" = CCC Help Turkish
"{39D0E034-1042-4905-BECB-5502909FCB7C}" = Microsoft Works
"{3A732171-7856-43BD-B828-39B9E2B3E195}" = Catalyst Control Center Localization Spanish
"{3AB00888-CA03-0BFD-3F3C-C877767192B0}" = CCC Help Swedish
"{3ACA2563-E786-BDD4-C87B-09909BB3F61C}" = CCC Help Thai
"{3AF144F9-849D-DEDA-BA4F-2EBA94A3CF10}" = ccc-utility
"{3BC2C64B-0DA0-974B-6311-AED4F3711DCE}" = CCC Help Danish
"{3C3901C5-3455-3E0A-A214-0B093A5070A6}" = Microsoft .NET Framework 4 Client Profile
"{3CD4C30E-BD82-4592-B64A-8AD9784ECA9F}" = BMWi-Softwarepaket 10
"{4207500E-1543-47F3-1695-6728E6520903}" = Catalyst Control Center Graphics Full Existing
"{4453BCB7-5327-F8D1-C048-851310A389EF}" = Catalyst Control Center Localization Turkish
"{45E557D6-2271-4F13-8101-C620B4285AB0}" = Kaspersky Anti-Virus 2012
"{46EE2498-853A-FF8C-12E9-06E0FE279536}" = AMD Catalyst Install Manager
"{49BF48CC-ABB6-4795-9B35-B5DE005D8612}" = Pinnacle Game Profiler
"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
"{4A2D8C96-7B4F-A66A-6773-23F7796F9BA2}" = CCC Help Spanish
"{4D304678-738E-42a0-931A-2B022F49DEB8}" = TrayApp
"{4E7C28C7-D5DA-4E9F-A1CA-60490B54AE35}" = UnloadSupport
"{525BA381-389C-4975-BDD3-C36DCF66D5BD}" = BMWi Updater
"{57F60D52-630B-43C5-BD20-176F5CD4EED6}" = bpd_scan
"{5A3C1721-F8ED-11E0-8AFB-B8AC6F97B88E}" = Google Earth
"{5BAC4DE5-4062-EE34-3337-5F92FE5D5032}" = CCC Help Spanish
"{5C82DAE5-6EB0-4374-9254-BE3319BA4E82}" = Skype™ 3.8
"{62230596-37E5-4618-A329-0D21F529A86F}" = Browser Address Error Redirector
"{676981B7-A2D9-49D0-9F4C-03018F131DA9}" = DocProc
"{6A1ACC15-7632-45ba-A3AB-0250EBD4B7DD}" = 6500_E709a
"{6AD9F5F3-5BD0-4000-BD9C-B536CF86D988}" = iTunes
"{6AFCA4E1-9B78-3640-8F72-A7BF33448200}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729
"{6B7B6D4D-8F9B-4CB3-8CA4-BCA9CC4C1A22}" = EDocs
"{6CC080F1-2E00-41D5-BE47-A3BC784E9DFB}" = BPDSoftware_Ini
"{6EED4269-588D-45b8-A80C-26A9CA62EE4E}" = HPSSupply
"{7299052b-02a4-4627-81f2-1818da5d550d}" = Microsoft Visual C++ 2005 Redistributable
"{73E8E831-160A-6E74-1AAA-AB698E1986BC}" = CCC Help Hungarian
"{76E29237-CCAB-CD1A-F8A1-6C3CFF002F26}" = Catalyst Control Center Graphics Previews Vista
"{777CA40C-0206-4EF6-A0FC-618BF06BF8D0}" = Intel(R) PRO Network Connections 12.1.11.0
"{789A5B64-9DD9-4BA5-915A-F0FC0A1B7BFE}" = Apple Software Update
"{7911C404-9AFA-4BB2-B9B7-E47423D87528}" = Knights Of Honor
"{79155F2B-9895-49D7-8612-D92580E0DE5B}" = Bonjour
"{7A33E298-5BEA-7C94-C512-1DF1C977537E}" = Catalyst Control Center Localization Italian
"{7ADCABE0-E651-6EA5-5128-26E203DAA5E1}" = CCC Help Korean
"{7E265513-8CDA-4631-B696-F40D983F3B07}_is1" = CDBurnerXP
"{800E784D-53E3-4948-B491-9E7FA5EACBDC}" = SmartWebPrinting
"{853026E0-CD36-1790-7988-194CADDDFB25}" = ccc-core-static
"{869343DC-7BCB-4E53-B637-23AE096F47D5}" = eDocPrintPro v3.11.0
"{86D4B82A-ABED-442A-BE86-96357B70F4FE}" = Ask Toolbar
"{87A9A9A9-FAB7-4224-9328-0FA2058C0FD5}" = Network
"{8D8E6D0B-5A57-9ABD-AEA2-C0052401C5F6}" = Catalyst Control Center Localization Chinese Traditional
"{8F1ADE4D-EFAC-4F5A-B346-23C2687FAF50}" = Apple Mobile Device Support
"{8F80DAA3-8A1D-09E9-57E6-DB0223CF2CE4}" = CCC Help French
"{90120000-0015-0407-0000-0000000FF1CE}" = Microsoft Office Access MUI (German) 2007
"{90120000-0016-0407-0000-0000000FF1CE}" = Microsoft Office Excel MUI (German) 2007
"{90120000-0018-0407-0000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (German) 2007
"{90120000-0019-0407-0000-0000000FF1CE}" = Microsoft Office Publisher MUI (German) 2007
"{90120000-001A-0407-0000-0000000FF1CE}" = Microsoft Office Outlook MUI (German) 2007
"{90120000-001B-0407-0000-0000000FF1CE}" = Microsoft Office Word MUI (German) 2007
"{90120000-001F-0407-0000-0000000FF1CE}" = Microsoft Office Proof (German) 2007
"{90120000-001F-0409-0000-0000000FF1CE}" = Microsoft Office Proof (English) 2007
"{90120000-001F-040C-0000-0000000FF1CE}" = Microsoft Office Proof (French) 2007
"{90120000-001F-0410-0000-0000000FF1CE}" = Microsoft Office Proof (Italian) 2007
"{90120000-0020-0407-0000-0000000FF1CE}" = Compatibility Pack für 2007 Office System
"{90120000-002C-0407-0000-0000000FF1CE}" = Microsoft Office Proofing (German) 2007
"{90120000-0030-0000-0000-0000000FF1CE}" = Microsoft Office Enterprise 2007
"{90120000-0044-0407-0000-0000000FF1CE}" = Microsoft Office InfoPath MUI (German) 2007
"{90120000-006E-0407-0000-0000000FF1CE}" = Microsoft Office Shared MUI (German) 2007
"{90120000-00A1-0407-0000-0000000FF1CE}" = Microsoft Office OneNote MUI (German) 2007
"{90120000-00BA-0407-0000-0000000FF1CE}" = Microsoft Office Groove MUI (German) 2007
"{9129B46A-51F0-431b-9838-DF7272F3204E}" = ProductContext
"{95120000-00AF-0407-0000-0000000FF1CE}" = Microsoft Office PowerPoint Viewer 2007 (German)
"{95E52415-B952-B013-A2AD-5163896D8B9C}" = Catalyst Control Center Graphics Full New
"{9603DE6D-4567-4b78-B941-849322373DE2}" = SolutionCenter
"{9CCCFD9C-248F-47FE-9496-1680E3E5C163}" = Scan
"{9D1B99B7-DAD8-440d-B4FB-1915332FBCC2}" = HPProductAssistant
"{A1E79477-B730-7E48-7EFF-0D1CB3202933}" = Catalyst Control Center Graphics Previews Common
"{A25FF1C0-80B6-4B8B-A551-DC525697A408}" = AMD APP SDK Runtime
"{A7AA93B6-6909-4073-B4EC-45CCDEFD4665}" = NHL® 08
"{A80FA752-C491-4ED9-ABF0-4278563160B2}" = 32 Bit HP CIO Components Installer
"{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}" = Google Update Helper
"{ABD43F00-91CA-4BDC-A28E-CB3271A39386}" = Citrix Receiver (DV)
"{AC13BA3A-336B-45a4-B3FE-2D3058A7B533}" = Toolbox
"{AC76BA86-7AD7-1031-7B44-A90000000001}" = Adobe Reader 9 - Deutsch
"{AFC71277-DE19-6505-8CBC-71D29163F44A}" = CCC Help German
"{B25E016C-44C2-856A-98A8-789D1E2B1C56}" = Catalyst Control Center Graphics Light
"{B3406262-5701-E9CC-D6B3-BA38C34125A9}" = CCC Help English
"{B463BAAF-A379-AAF1-8979-6ED69C25ED37}" = Catalyst Control Center Localization Japanese
"{B6CF1DB0-09E8-0A2E-A510-1F2F8BDE5ECF}" = CCC Help Italian
"{B935C985-A17F-484B-8470-09E4FC27DC26}" = Dell-eBay
"{BBC2068D-CE9C-48F5-A6EA-4B44B9DB14A5}" = Catalyst Control Center - Branding
"{BC60B681-C3A3-0363-DA09-FA9706ED9680}" = CCC Help Chinese Standard
"{BECDD3A4-FEEC-9804-4782-F31A8A842361}" = CCC Help English
"{C022906C-A509-33D1-E42B-FF92F8E7BED4}" = Catalyst Control Center Core Implementation
"{C29C1940-CB85-4F3B-906C-33FEE0E67103}" = DocMgr
"{C5B6078F-5D37-A122-2E6E-EDC623E8C787}" = CCC Help Czech
"{C5C1C0F0-D62F-4DBF-81D4-D7EF397C228B}" = NVIDIA PhysX
"{C69405BB-27AF-4940-B3DA-04910B4DFD23}_is1" = aTube Catcher 1.0
"{C7068E1F-22C6-9408-7B24-584F32F66D70}" = CCC Help Finnish
"{C87B855D-DD8F-E419-C640-34936E813EA9}" = CCC Help Greek
"{CC2BAF9A-926F-791D-772C-F582CD8A47B0}" = Catalyst Control Center InstallProxy
"{CE1CA06F-0AD8-CA2A-3A3A-872E8191C198}" = CCC Help Norwegian
"{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}" = Microsoft .NET Framework 3.5 SP1
"{CECECCED-B7F3-B1A3-3241-0C5D775F8E70}" = CCC Help Chinese Standard
"{D035A6CA-E9DD-4B40-66F8-15842888E447}" = Catalyst Control Center Localization French
"{D25F26E6-7F37-4580-9E83-2BDD9BE9E0CE}" = BlackBerry Desktop Software 6.0
"{D3CEF909-78DC-9D3D-37BD-52F5324C01DA}" = CCC Help Hungarian
"{DCA75ECE-39A9-0648-CB77-F6D759364CF9}" = Application Profiles
"{DD60885C-0CBE-40D8-AA14-11D8EDD7D97C}" = Citrix Receiver Inside
"{DD811185-0A2F-460A-B1DD-D786E6034011}" = Citrix Receiver(Aero)
"{DE13432E-F0C1-4842-A5BA-CC997DA72A70}" = 6500_E709_eDocs
"{E24242E3-A4FF-FC3C-05F2-C83A9C821971}" = BMWi-Businessplaner Gruenden
"{E3BFEE55-39E2-4BE0-B966-89FE583822C1}" = Dell Support Center (Support Software)
"{E453921D-30B6-7692-179C-6F6112F18F81}" = Catalyst Control Center Localization Chinese Standard
"{E583ED6F-BD99-4066-A420-C815BF692B69}" = Macromedia Fireworks MX 2004
"{E8FC7C4A-FE4E-4356-A1B7-4DC57620DD5C}" = Citrix Authentication Manager
"{EA853B19-A618-8D18-F4A4-6B96083DC3A3}" = Catalyst Control Center Localization Korean
"{EEEB604C-C1A7-4f8c-B03F-56F9C1C9C45F}" = Fax
"{EF964A78-078C-11D1-B7A7-0000C0134CE6}" = Nortel Networks Contivity VPN Client
"{EF9E56EE-0243-4BAD-88F4-5E7508AA7D96}" = Destination Component
"{F09EF8F2-0976-42C1-8D9D-8DF78337C6E3}" = Sony Ericsson PC Companion 2.01.231
"{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}" = Realtek High Definition Audio Driver
"{F185B35D-38E5-4D88-B275-15C8C7FC4357}" = 6500_E709_Help
"{F1EA61A2-B88F-44AD-3143-419ECB6C7E9A}" = CCC Help Japanese
"{F46B4F1C-1091-40F0-A03A-73F40A405292}" = IEEE 802.11b WPC Driver & Utility
"{F648FD09-7CEA-4257-BC68-A8389189FD51}" = GPBaseService2
"{F6CB42B9-F033-4152-8813-FF11DA8E6A78}" = Dell Dock
"{F750C986-5310-3A5A-95F8-4EC71C8AC01C}" = Microsoft .NET Framework 4 Client Profile DEU Language Pack
"{F769B78E-FF0E-4db5-95E2-9F4C8D6352FE}" = DeviceDiscovery
"{FA0F0A01-4631-4161-A6C2-948BF694382E}" = HP Officejet 6500 E709 Series
"{FD023F61-65E9-465C-B558-7C64EB2B97E6}" = Dell Handbuch zum Einstieg
"{FE23D063-934D-4829-A0D8-00634CE79B4A}" = Adobe AIR
"{FE46238E-2FB4-C9E1-323D-AD0DA64BED91}" = Catalyst Control Center Localization German
"{FE54AF33-9364-7053-670F-A15AD658214C}" = Catalyst Control Center Localization All
"{FF66E9F6-83E7-3A3E-AF14-8DE9A809A6A4}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022
"{FFC59020-35A5-4856-B0FB-23B95D6C2976}" = CCC Help French
"7-Zip" = 7-Zip 9.20
"82A44D22-9452-49FB-00FB-CEC7DCAF7E23" = EA SPORTS online 2008
"Adobe AIR" = Adobe AIR
"Adobe Flash Player ActiveX" = Adobe Flash Player 10 ActiveX
"Adobe Flash Player Plugin" = Adobe Flash Player 10 Plugin
"Adobe Shockwave Player" = Adobe Shockwave Player
"Ashampoo Burning Studio 6" = Ashampoo Burning Studio 6
"aTube Catcher" = aTube Catcher
"BlackBerry_Desktop" = BlackBerry Desktop Software 6.0
"BMWi Updater" = BMWi Updater
"BMWiBusinessplanerGruenden" = BMWi-Businessplaner Gruenden
"CitrixOnlinePluginPackWeb" = Citrix Receiver
"ClipGrab" = ClipGrab 2.0 Beta 2
"eMule" = eMule
"ENTERPRISE" = Microsoft Office Enterprise 2007
"FMCODEC" = FM Screen Capture Codec (Remove Only)
"Free Video Dub_is1" = Free Video Dub version 1.4
"Free YouTube to MP3 Converter_is1" = Free YouTube to MP3 Converter version 3.11.34.1015
"FUSSBALL MANAGER 10" = FUSSBALL MANAGER 10
"FUSSBALL MANAGER 12" = FUSSBALL MANAGER 12
"GenoPro" = GenoPro 2.0.1.6
"Google Updater" = Google Updater
"GoToAssist" = GoToAssist 8.0.0.514
"HP Document Manager" = HP Document Manager 2.0
"HP Imaging Device Functions" = HP Imaging Device Functions 12.0
"HP Smart Web Printing" = HP Smart Web Printing
"HP Solution Center & Imaging Support Tools" = HP Solution Center 12.0
"HPExtendedCapabilities" = HP Customer Participation Program 12.0
"HPOCR" = OCR Software by I.R.I.S. 12.0
"InstallWIX_{45E557D6-2271-4F13-8101-C620B4285AB0}" = Kaspersky Anti-Virus 2012
"iPhoneBackupExtractor" = iPhone Backup Extractor
"Malwarebytes' Anti-Malware_is1" = Malwarebytes Anti-Malware Version 1.65.1.1000
"Microsoft .NET Framework 3.5 Language Pack SP1 - deu" = Microsoft .NET Framework 3.5 Language Pack SP1 - DEU
"Microsoft .NET Framework 3.5 SP1" = Microsoft .NET Framework 3.5 SP1
"Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile
"Microsoft .NET Framework 4 Client Profile DEU Language Pack" = Microsoft .NET Framework 4 Client Profile DEU Language Pack
"Mozilla Firefox 12.0 (x86 de)" = Mozilla Firefox 12.0 (x86 de)
"MozillaMaintenanceService" = Mozilla Maintenance Service
"Net Transport_is1" = Net Transport 1.91.271
"OpenAL" = OpenAL
"PDF Editor 2" = PDF Editor 2
"PROSetDX" = Intel(R) PRO Network Connections 12.1.11.0
"Rossmann Fotoservice_is1" = Rossmann Fotoservice 2.6
"Shop for HP Supplies" = Shop for HP Supplies
"SmartToolsFeiertags- und Ferien-Assistentv4.00" = SmartTools Publishing • Outlook Feiertags- und Ferien-Assistent
"SUPER ©" = SUPER © Version 2008.bld.33 (Sep 2, 2008)
"Tunatic" = Tunatic
"Uninstall_is1" = Uninstall 1.0.0.1
"Update Engine" = Sony Ericsson Update Engine
"VLC media player" = VLC media player 0.9.6
"Winamp" = Winamp (nur entfernen)
"WinRAR archiver" = WinRAR Archivierer
"WordToPDF_is1" = WordToPDF 2.4
 
========== HKEY_CURRENT_USER Uninstall List ==========
 
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"BMWi-Softwarepaket 10" = BMWi-Softwarepaket 10
"Datensatz Island" = Datensatz Island
"FileZilla Client" = FileZilla Client 3.2.4.1
"Sponsoren Patch für den FM12" = Sponsoren Patch für den FM12
"uTorrent" = µTorrent
 
========== Last 20 Event Log Errors ==========
 
[ Application Events ]
Error - 23.10.2012 13:59:38 | Computer Name = Hoffmann-PC | Source = Outlook | ID = 35
Description = Fehler beim Bestimmen, ob sich der Speicher im Crawlbereich befindet
 (Fehler=0x8007043c).
 
Error - 23.10.2012 13:59:38 | Computer Name = Hoffmann-PC | Source = Outlook | ID = 35
Description = Fehler beim Bestimmen, ob sich der Speicher im Crawlbereich befindet
 (Fehler=0x8007043c).
 
Error - 23.10.2012 13:59:38 | Computer Name = Hoffmann-PC | Source = Outlook | ID = 35
Description = Fehler beim Bestimmen, ob sich der Speicher im Crawlbereich befindet
 (Fehler=0x8007043c).
 
Error - 23.10.2012 13:59:38 | Computer Name = Hoffmann-PC | Source = Outlook | ID = 35
Description = Fehler beim Bestimmen, ob sich der Speicher im Crawlbereich befindet
 (Fehler=0x8007043c).
 
Error - 23.10.2012 13:59:38 | Computer Name = Hoffmann-PC | Source = Outlook | ID = 35
Description = Fehler beim Bestimmen, ob sich der Speicher im Crawlbereich befindet
 (Fehler=0x8007043c).
 
Error - 23.10.2012 13:59:38 | Computer Name = Hoffmann-PC | Source = Outlook | ID = 35
Description = Fehler beim Bestimmen, ob sich der Speicher im Crawlbereich befindet
 (Fehler=0x8007043c).
 
Error - 23.10.2012 13:59:38 | Computer Name = Hoffmann-PC | Source = Outlook | ID = 35
Description = Fehler beim Bestimmen, ob sich der Speicher im Crawlbereich befindet
 (Fehler=0x8007043c).
 
Error - 23.10.2012 13:59:38 | Computer Name = Hoffmann-PC | Source = Outlook | ID = 35
Description = Fehler beim Bestimmen, ob sich der Speicher im Crawlbereich befindet
 (Fehler=0x8007043c).
 
Error - 23.10.2012 13:59:38 | Computer Name = Hoffmann-PC | Source = Outlook | ID = 35
Description = Fehler beim Bestimmen, ob sich der Speicher im Crawlbereich befindet
 (Fehler=0x8007043c).
 
Error - 23.10.2012 13:59:38 | Computer Name = Hoffmann-PC | Source = Outlook | ID = 35
Description = Fehler beim Bestimmen, ob sich der Speicher im Crawlbereich befindet
 (Fehler=0x8007043c).
 
[ Media Center Events ]
Error - 15.03.2009 10:48:26 | Computer Name = Hoffmann-PC | Source = Media Center Guide | ID = 0
Description = Ereignisinformationen: ERROR: SqmApiWrapper.SqmFlushSession failed;
 Win32 GetLastError returned 0D  Prozess: DefaultDomain Objektname: Media Center Guide

 
Error - 02.08.2011 10:34:34 | Computer Name = Hoffmann-PC | Source = Media Center Guide | ID = 0
Description = Ereignisinformationen: ERROR: SqmApiWrapper.TimerRecord failed; Win32
 GetLastError returned 10000105  Prozess: DefaultDomain Objektname: Media Center Guide

 
[ OSession Events ]
Error - 14.12.2011 17:32:28 | Computer Name = Hoffmann-PC | Source = Microsoft Office 12 Sessions | ID = 7001
Description = ID: 6, Application Name: Microsoft Office Outlook, Application Version:
 12.0.4518.1014, Microsoft Office Version: 12.0.4518.1014. This session lasted 63
 seconds with 60 seconds of active time.  This session ended with a crash.
 
Error - 16.01.2012 15:00:33 | Computer Name = Hoffmann-PC | Source = Microsoft Office 12 Sessions | ID = 7001
Description = ID: 6, Application Name: Microsoft Office Outlook, Application Version:
 12.0.4518.1014, Microsoft Office Version: 12.0.4518.1014. This session lasted 342
 seconds with 0 seconds of active time.  This session ended with a crash.
 
Error - 24.03.2012 07:47:40 | Computer Name = Hoffmann-PC | Source = Microsoft Office 12 Sessions | ID = 7001
Description = ID: 6, Application Name: Microsoft Office Outlook, Application Version:
 12.0.4518.1014, Microsoft Office Version: 12.0.4518.1014. This session lasted 7618
 seconds with 240 seconds of active time.  This session ended with a crash.
 
Error - 31.03.2012 02:46:35 | Computer Name = Hoffmann-PC | Source = Microsoft Office 12 Sessions | ID = 7001
Description = ID: 1, Application Name: Microsoft Office Excel, Application Version:
 12.0.4518.1014, Microsoft Office Version: 12.0.4518.1014. This session lasted 1941
 seconds with 420 seconds of active time.  This session ended with a crash.
 
Error - 16.04.2012 14:54:40 | Computer Name = Hoffmann-PC | Source = Microsoft Office 12 Sessions | ID = 7001
Description = ID: 6, Application Name: Microsoft Office Outlook, Application Version:
 12.0.4518.1014, Microsoft Office Version: 12.0.4518.1014. This session lasted 1311
 seconds with 300 seconds of active time.  This session ended with a crash.
 
Error - 08.05.2012 16:57:41 | Computer Name = Hoffmann-PC | Source = Microsoft Office 12 Sessions | ID = 7001
Description = ID: 6, Application Name: Microsoft Office Outlook, Application Version:
 12.0.4518.1014, Microsoft Office Version: 12.0.4518.1014. This session lasted 896
 seconds with 0 seconds of active time.  This session ended with a crash.
 
Error - 27.05.2012 05:54:55 | Computer Name = Hoffmann-PC | Source = Microsoft Office 12 Sessions | ID = 7001
Description = ID: 6, Application Name: Microsoft Office Outlook, Application Version:
 12.0.4518.1014, Microsoft Office Version: 12.0.4518.1014. This session lasted 6197
 seconds with 2640 seconds of active time.  This session ended with a crash.
 
Error - 23.07.2012 15:06:44 | Computer Name = Hoffmann-PC | Source = Microsoft Office 12 Sessions | ID = 7001
Description = ID: 6, Application Name: Microsoft Office Outlook, Application Version:
 12.0.4518.1014, Microsoft Office Version: 12.0.4518.1014. This session lasted 346
 seconds with 120 seconds of active time.  This session ended with a crash.
 
Error - 07.09.2012 10:45:40 | Computer Name = Hoffmann-PC | Source = Microsoft Office 12 Sessions | ID = 7001
Description = ID: 6, Application Name: Microsoft Office Outlook, Application Version:
 12.0.4518.1014, Microsoft Office Version: 12.0.4518.1014. This session lasted 7840
 seconds with 600 seconds of active time.  This session ended with a crash.
 
Error - 28.09.2012 16:44:09 | Computer Name = Hoffmann-PC | Source = Microsoft Office 12 Sessions | ID = 7001
Description = ID: 6, Application Name: Microsoft Office Outlook, Application Version:
 12.0.4518.1014, Microsoft Office Version: 12.0.4518.1014. This session lasted 587
 seconds with 240 seconds of active time.  This session ended with a crash.
 
[ System Events ]
Error - 22.10.2012 16:12:11 | Computer Name = Hoffmann-PC | Source = DCOM | ID = 10005
Description = 
 
Error - 22.10.2012 16:12:19 | Computer Name = Hoffmann-PC | Source = DCOM | ID = 10005
Description = 
 
Error - 22.10.2012 16:12:20 | Computer Name = Hoffmann-PC | Source = DCOM | ID = 10005
Description = 
 
Error - 22.10.2012 16:13:25 | Computer Name = Hoffmann-PC | Source = Service Control Manager | ID = 7001
Description = 
 
Error - 22.10.2012 16:13:25 | Computer Name = Hoffmann-PC | Source = Service Control Manager | ID = 7024
Description = 
 
Error - 22.10.2012 16:13:25 | Computer Name = Hoffmann-PC | Source = Service Control Manager | ID = 7026
Description = 
 
Error - 22.10.2012 16:15:15 | Computer Name = Hoffmann-PC | Source = DCOM | ID = 10005
Description = 
 
Error - 22.10.2012 16:18:07 | Computer Name = Hoffmann-PC | Source = disk | ID = 262151
Description = Fehlerhafter Block bei Gerät \Device\Harddisk0\DR0.
 
Error - 22.10.2012 16:18:08 | Computer Name = Hoffmann-PC | Source = disk | ID = 262151
Description = Fehlerhafter Block bei Gerät \Device\Harddisk0\DR0.
 
Error - 23.10.2012 02:05:51 | Computer Name = Hoffmann-PC | Source = DCOM | ID = 10005
Description =

3. Schritt - aswMBR

Code:

ATTFilter

swMBR version 0.9.9.1665 Copyright(c) 2011 AVAST Software
Run date: 2012-10-23 20:25:44
-----------------------------
20:25:44.204    OS Version: Windows 6.0.6001 Service Pack 1
20:25:44.204    Number of processors: 4 586 0xF0B
20:25:44.204    ComputerName: HOFFMANN-PC  UserName: Jonas
20:25:45.118    Initialize success
20:30:19.879    AVAST engine defs: 12102300
20:30:31.999    Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\Ide\IdeDeviceP0T0L0-0
20:30:32.001    Disk 0 Vendor: SAMSUNG_HD642JJ 1AA01113 Size: 610480MB BusType: 3
20:30:32.009    Disk 0 MBR read successfully
20:30:32.012    Disk 0 MBR scan
20:30:32.026    Disk 0 Windows VISTA default MBR code
20:30:32.029    Disk 0 Partition 1 00     DE Dell Utility Dell 8.0       70 MB offset 63
20:30:32.041    Disk 0 Partition 2 00     07    HPFS/NTFS NTFS        10240 MB offset 145408
20:30:32.056    Disk 0 Partition 3 80 (A) 07    HPFS/NTFS NTFS       310367 MB offset 21116928
20:30:32.061    Disk 0 Partition - 00     0F Extended LBA            289800 MB offset 656750592
20:30:32.085    Disk 0 Partition 4 00     07    HPFS/NTFS NTFS       289799 MB offset 656752640
20:30:32.095    Disk 0 scanning sectors +1250260992
20:30:32.180    Disk 0 scanning C:\Windows\system32\drivers
20:30:40.382    Service scanning
20:30:58.325    Modules scanning
20:31:00.939    Disk 0 trace - called modules:
20:31:00.958    ntkrnlpa.exe CLASSPNP.SYS disk.sys acpi.sys hal.dll ataport.SYS pciide.sys PCIIDEX.SYS atapi.sys 
20:31:00.963    1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0x85e769d0]
20:31:00.977    3 CLASSPNP.SYS[895a6745] -> nt!IofCallDriver -> [0x85289830]
20:31:00.983    5 acpi.sys[83a9f6a0] -> nt!IofCallDriver -> \Device\Ide\IdeDeviceP0T0L0-0[0x85c8aba0]
20:31:02.146    AVAST engine scan C:\Windows
20:31:05.092    AVAST engine scan C:\Windows\system32
20:33:44.782    AVAST engine scan C:\Windows\system32\drivers
20:33:59.853    AVAST engine scan C:\Users\Jonas
21:33:38.117    AVAST engine scan C:\ProgramData
21:33:38.725    File: C:\ProgramData\1EDC110C43DB8F6100001EDBF23695A5\1EDC110C43DB8F6100001EDBF23695A5.exe  **INFECTED** Win32:Trojan-gen
21:43:44.569    Scan finished successfully
21:44:48.219    Disk 0 MBR has been saved successfully to "C:\Users\Jonas\Desktop\MBR.dat"
21:44:48.224    The log file has been saved successfully to "C:\Users\Jonas\Desktop\aswMBR.txt"

jonasjosef · 23.10.2012, 21:00

4. Schritt - TDSS-Killer:

Code:

ATTFilter

21:45:38.0488 0668  TDSS rootkit removing tool 2.8.13.0 Oct 12 2012 17:26:47
21:45:38.0899 0668  ============================================================
21:45:38.0899 0668  Current date / time: 2012/10/23 21:45:38.0899
21:45:38.0899 0668  SystemInfo:
21:45:38.0899 0668  
21:45:38.0900 0668  OS Version: 6.0.6001 ServicePack: 1.0
21:45:38.0900 0668  Product type: Workstation
21:45:38.0900 0668  ComputerName: HOFFMANN-PC
21:45:38.0900 0668  UserName: Jonas
21:45:38.0900 0668  Windows directory: C:\Windows
21:45:38.0900 0668  System windows directory: C:\Windows
21:45:38.0900 0668  Processor architecture: Intel x86
21:45:38.0900 0668  Number of processors: 4
21:45:38.0900 0668  Page size: 0x1000
21:45:38.0900 0668  Boot type: Safe boot with network
21:45:38.0900 0668  ============================================================
21:45:40.0100 0668  Drive \Device\Harddisk0\DR0 - Size: 0x950B056000 (596.17 Gb), SectorSize: 0x200, Cylinders: 0x13001, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000050
21:45:40.0217 0668  ============================================================
21:45:40.0217 0668  \Device\Harddisk0\DR0:
21:45:40.0217 0668  MBR partitions:
21:45:40.0217 0668  \Device\Harddisk0\DR0\Partition1: MBR, Type 0x7, StartLBA 0x23800, BlocksNum 0x1400000
21:45:40.0217 0668  \Device\Harddisk0\DR0\Partition2: MBR, Type 0x7, StartLBA 0x1423800, BlocksNum 0x25E2FFF8
21:45:40.0240 0668  \Device\Harddisk0\DR0\Partition3: MBR, Type 0x7, StartLBA 0x27254000, BlocksNum 0x23603800
21:45:40.0240 0668  ============================================================
21:45:40.0274 0668  C: <-> \Device\Harddisk0\DR0\Partition2
21:45:40.0295 0668  D: <-> \Device\Harddisk0\DR0\Partition1
21:45:40.0379 0668  M: <-> \Device\Harddisk0\DR0\Partition3
21:45:40.0379 0668  ============================================================
21:45:40.0379 0668  Initialize success
21:45:40.0379 0668  ============================================================
21:46:04.0503 1460  ============================================================
21:46:04.0503 1460  Scan started
21:46:04.0503 1460  Mode: Manual; 
21:46:04.0503 1460  ============================================================
21:46:05.0917 1460  ================ Scan system memory ========================
21:46:05.0917 1460  System memory - ok
21:46:05.0917 1460  ================ Scan services =============================
21:46:06.0049 1460  [ FCB8C7210F0135E24C6580F7F649C73C ] ACPI            C:\Windows\system32\drivers\acpi.sys
21:46:06.0052 1460  ACPI - ok
21:46:06.0078 1460  [ 04F0FCAC69C7C71A3AC4EB97FAFC8303 ] adp94xx         C:\Windows\system32\drivers\adp94xx.sys
21:46:06.0083 1460  adp94xx - ok
21:46:06.0108 1460  [ 60505E0041F7751BDBB80F88BF45C2CE ] adpahci         C:\Windows\system32\drivers\adpahci.sys
21:46:06.0112 1460  adpahci - ok
21:46:06.0136 1460  [ 8A42779B02AEC986EAB64ECFC98F8BD7 ] adpu160m        C:\Windows\system32\drivers\adpu160m.sys
21:46:06.0138 1460  adpu160m - ok
21:46:06.0160 1460  [ 241C9E37F8CE45EF51C3DE27515CA4E5 ] adpu320         C:\Windows\system32\drivers\adpu320.sys
21:46:06.0162 1460  adpu320 - ok
21:46:06.0206 1460  [ 9D1FDA9E086BA64E3C93C9DE32461BCF ] AeLookupSvc     C:\Windows\System32\aelupsvc.dll
21:46:06.0223 1460  AeLookupSvc - ok
21:46:06.0258 1460  [ 48EB99503533C27AC6135648E5474457 ] AFD             C:\Windows\system32\drivers\afd.sys
21:46:06.0262 1460  AFD - ok
21:46:06.0293 1460  [ 13F9E33747E6B41A3FF305C37DB0D360 ] agp440          C:\Windows\system32\drivers\agp440.sys
21:46:06.0294 1460  agp440 - ok
21:46:06.0327 1460  [ AE1FDF7BF7BB6C6A70F67699D880592A ] aic78xx         C:\Windows\system32\drivers\djsvs.sys
21:46:06.0328 1460  aic78xx - ok
21:46:06.0349 1460  [ A1545B731579895D8CC44FC0481C1192 ] ALG             C:\Windows\System32\alg.exe
21:46:06.0351 1460  ALG - ok
21:46:06.0368 1460  [ 9EAEF5FC9B8E351AFA7E78A6FAE91F91 ] aliide          C:\Windows\system32\drivers\aliide.sys
21:46:06.0369 1460  aliide - ok
21:46:06.0411 1460  [ 4B9298FD6707980AB8E3A8F0E642EC9A ] AMD External Events Utility C:\Windows\system32\atiesrxx.exe
21:46:06.0413 1460  AMD External Events Utility - ok
21:46:06.0430 1460  [ C47344BC706E5F0B9DCE369516661578 ] amdagp          C:\Windows\system32\drivers\amdagp.sys
21:46:06.0431 1460  amdagp - ok
21:46:06.0446 1460  [ 9B78A39A4C173FDBC1321E0DD659B34C ] amdide          C:\Windows\system32\drivers\amdide.sys
21:46:06.0447 1460  amdide - ok
21:46:06.0469 1460  [ 18F29B49AD23ECEE3D2A826C725C8D48 ] AmdK7           C:\Windows\system32\drivers\amdk7.sys
21:46:06.0470 1460  AmdK7 - ok
21:46:06.0484 1460  [ 93AE7F7DD54AB986A6F1A1B37BE7442D ] AmdK8           C:\Windows\system32\drivers\amdk8.sys
21:46:06.0485 1460  AmdK8 - ok
21:46:06.0668 1460  [ 5C297F25A4A09D14BFE2CAB5DE2F1457 ] amdkmdag        C:\Windows\system32\DRIVERS\atikmdag.sys
21:46:06.0764 1460  amdkmdag - ok
21:46:06.0808 1460  [ FF2E35D9BD35F36A0126A0CA7556E43D ] amdkmdap        C:\Windows\system32\DRIVERS\atikmpag.sys
21:46:06.0811 1460  amdkmdap - ok
21:46:06.0838 1460  [ C6D704C7F0434DC791AAC37CAC4B6E14 ] Appinfo         C:\Windows\System32\appinfo.dll
21:46:06.0839 1460  Appinfo - ok
21:46:06.0966 1460  [ F401929EE0CC92BFE7F15161CA535383 ] Apple Mobile Device C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
21:46:06.0969 1460  Apple Mobile Device - ok
21:46:07.0000 1460  [ 5D2888182FB46632511ACEE92FDAD522 ] arc             C:\Windows\system32\drivers\arc.sys
21:46:07.0002 1460  arc - ok
21:46:07.0030 1460  [ 5E2A321BD7C8B3624E41FDEC3E244945 ] arcsas          C:\Windows\system32\drivers\arcsas.sys
21:46:07.0031 1460  arcsas - ok
21:46:07.0062 1460  [ 53B202ABEE6455406254444303E87BE1 ] AsyncMac        C:\Windows\system32\DRIVERS\asyncmac.sys
21:46:07.0063 1460  AsyncMac - ok
21:46:07.0082 1460  [ 0D83C87A801A3DFCD1BF73893FE7518C ] atapi           C:\Windows\system32\drivers\atapi.sys
21:46:07.0083 1460  atapi - ok
21:46:07.0134 1460  [ 9F7CCF1D6FAF646F71F029A30DED2DC7 ] AtiHDAudioService C:\Windows\system32\drivers\AtihdLH3.sys
21:46:07.0136 1460  AtiHDAudioService - ok
21:46:07.0299 1460  [ 5C297F25A4A09D14BFE2CAB5DE2F1457 ] atikmdag        C:\Windows\system32\DRIVERS\atikmdag.sys
21:46:07.0345 1460  atikmdag - ok
21:46:07.0387 1460  [ 42076E29AAFA0830A2C5D4E310F58DD1 ] AudioEndpointBuilder C:\Windows\System32\Audiosrv.dll
21:46:07.0391 1460  AudioEndpointBuilder - ok
21:46:07.0397 1460  [ 42076E29AAFA0830A2C5D4E310F58DD1 ] Audiosrv        C:\Windows\System32\Audiosrv.dll
21:46:07.0399 1460  Audiosrv - ok
21:46:07.0493 1460  [ 2718DC27571BD1E37813F5759D2DC118 ] AVP             C:\Program Files\Kaspersky Anti-Virus 2012\avp.exe
21:46:07.0496 1460  AVP - ok
21:46:07.0560 1460  [ E3D7BC2DD538C9029E3849B129062AA2 ] BCM43XX         C:\Windows\system32\DRIVERS\bcmwl6.sys
21:46:07.0585 1460  BCM43XX - ok
21:46:07.0619 1460  [ 67E506B75BD5326A3EC7B70BD014DFB6 ] Beep            C:\Windows\system32\drivers\Beep.sys
21:46:07.0620 1460  Beep - ok
21:46:07.0647 1460  [ 8582E233C346AEFE759833E8A30DD697 ] BFE             C:\Windows\System32\bfe.dll
21:46:07.0651 1460  BFE - ok
21:46:07.0672 1460  [ D4DF28447741FD3D953526E33A617397 ] blbdrive        C:\Windows\system32\drivers\blbdrive.sys
21:46:07.0673 1460  blbdrive - ok
21:46:07.0768 1460  [ DB5BEA73EDAF19AC68B2C0FAD0F92B1A ] Bonjour Service C:\Program Files\Bonjour\mDNSResponder.exe
21:46:07.0772 1460  Bonjour Service - ok
21:46:07.0804 1460  [ 8153396D5551276227FA146900F734E6 ] bowser          C:\Windows\system32\DRIVERS\bowser.sys
21:46:07.0805 1460  bowser - ok
21:46:07.0824 1460  [ 9F9ACC7F7CCDE8A15C282D3F88B43309 ] BrFiltLo        C:\Windows\system32\drivers\brfiltlo.sys
21:46:07.0825 1460  BrFiltLo - ok
21:46:07.0837 1460  [ 56801AD62213A41F6497F96DEE83755A ] BrFiltUp        C:\Windows\system32\drivers\brfiltup.sys
21:46:07.0838 1460  BrFiltUp - ok
21:46:07.0862 1460  [ A3629A0C4226F9E9C72FAAEEBC3AD33C ] Browser         C:\Windows\System32\browser.dll
21:46:07.0864 1460  Browser - ok
21:46:07.0894 1460  [ B304E75CFF293029EDDF094246747113 ] Brserid         C:\Windows\system32\drivers\brserid.sys
21:46:07.0895 1460  Brserid - ok
21:46:07.0911 1460  [ 203F0B1E73ADADBBB7B7B1FABD901F6B ] BrSerWdm        C:\Windows\system32\drivers\brserwdm.sys
21:46:07.0912 1460  BrSerWdm - ok
21:46:07.0928 1460  [ BD456606156BA17E60A04E18016AE54B ] BrUsbMdm        C:\Windows\system32\drivers\brusbmdm.sys
21:46:07.0929 1460  BrUsbMdm - ok
21:46:07.0950 1460  [ AF72ED54503F717A43268B3CC5FAEC2E ] BrUsbSer        C:\Windows\system32\drivers\brusbser.sys
21:46:07.0951 1460  BrUsbSer - ok
21:46:07.0983 1460  [ AD07C1EC6665B8B35741AB91200C6B68 ] BTHMODEM        C:\Windows\system32\drivers\bthmodem.sys
21:46:07.0984 1460  BTHMODEM - ok
21:46:08.0008 1460  [ 7ADD03E75BEB9E6DD102C3081D29840A ] cdfs            C:\Windows\system32\DRIVERS\cdfs.sys
21:46:08.0010 1460  cdfs - ok
21:46:08.0023 1460  [ 1EC25CEA0DE6AC4718BF89F9E1778B57 ] cdrom           C:\Windows\system32\DRIVERS\cdrom.sys
21:46:08.0024 1460  cdrom - ok
21:46:08.0046 1460  [ 87C2D0377B23E2D8A41093C2F5FB1A5B ] CertPropSvc     C:\Windows\System32\certprop.dll
21:46:08.0047 1460  CertPropSvc - ok
21:46:08.0073 1460  [ E5D4133F37219DBCFE102BC61072589D ] circlass        C:\Windows\system32\drivers\circlass.sys
21:46:08.0074 1460  circlass - ok
21:46:08.0109 1460  [ 465745561C832B29F7C48B488AAB3842 ] CLFS            C:\Windows\system32\CLFS.sys
21:46:08.0113 1460  CLFS - ok
21:46:08.0144 1460  clr_optimization_v2.0.50727_32 - ok
21:46:08.0228 1460  [ C5A75EB48E2344ABDC162BDA79E16841 ] clr_optimization_v4.0.30319_32 C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe
21:46:08.0231 1460  clr_optimization_v4.0.30319_32 - ok
21:46:08.0250 1460  [ 0CA25E686A4928484E9FDABD168AB629 ] cmdide          C:\Windows\system32\drivers\cmdide.sys
21:46:08.0251 1460  cmdide - ok
21:46:08.0269 1460  [ 6AFEF0B60FA25DE07C0968983EE4F60A ] Compbatt        C:\Windows\system32\drivers\compbatt.sys
21:46:08.0270 1460  Compbatt - ok
21:46:08.0274 1460  COMSysApp - ok
21:46:08.0289 1460  [ 741E9DFF4F42D2D8477D0FC1DC0DF871 ] crcdisk         C:\Windows\system32\drivers\crcdisk.sys
21:46:08.0289 1460  crcdisk - ok
21:46:08.0310 1460  [ 1F07BECDCA750766A96CDA811BA86410 ] Crusoe          C:\Windows\system32\drivers\crusoe.sys
21:46:08.0311 1460  Crusoe - ok
21:46:08.0348 1460  [ 6DE363F9F99334514C46AEC02D3E3678 ] CryptSvc        C:\Windows\system32\cryptsvc.dll
21:46:08.0350 1460  CryptSvc - ok
21:46:08.0399 1460  [ FFC5377AA2C1A3F5B18F359F661E76C8 ] ctxusbm         C:\Windows\system32\DRIVERS\ctxusbm.sys
21:46:08.0400 1460  ctxusbm - ok
21:46:08.0456 1460  [ 301AE00E12408650BADDC04DBC832830 ] DcomLaunch      C:\Windows\system32\rpcss.dll
21:46:08.0518 1460  DcomLaunch - ok
21:46:08.0553 1460  [ A3E9FA213F443AC77C7746119D13FEEC ] DfsC            C:\Windows\system32\Drivers\dfsc.sys
21:46:08.0554 1460  DfsC - ok
21:46:08.0628 1460  [ FA3463F25F9CC9C3BCF1E7912FEFF099 ] DFSR            C:\Windows\system32\DFSR.exe
21:46:08.0651 1460  DFSR - ok
21:46:08.0674 1460  [ 43A988A9C10333476CB5FB667CBD629D ] Dhcp            C:\Windows\System32\dhcpcsvc.dll
21:46:08.0677 1460  Dhcp - ok
21:46:08.0708 1460  [ 64109E623ABD6955C8FB110B592E68B7 ] disk            C:\Windows\system32\drivers\disk.sys
21:46:08.0709 1460  disk - ok
21:46:08.0743 1460  [ 4805D9A6D281C7A7DEFD9094DEC6AF7D ] Dnscache        C:\Windows\System32\dnsrslvr.dll
21:46:08.0745 1460  Dnscache - ok
21:46:08.0826 1460  [ 13511564CAC5A005255765E322C16967 ] DockLoginService C:\Program Files\Dell\DellDock\DockLogin.exe
21:46:08.0828 1460  DockLoginService - ok
21:46:08.0849 1460  [ 5AF620A08C614E24206B79E8153CF1A8 ] dot3svc         C:\Windows\System32\dot3svc.dll
21:46:08.0852 1460  dot3svc - ok
21:46:08.0879 1460  [ 4F59C172C094E1A1D46463A8DC061CBD ] dot4            C:\Windows\system32\DRIVERS\Dot4.sys
21:46:08.0882 1460  dot4 - ok
21:46:08.0898 1460  [ 80BF3BA09F6F2523C8F6B7CC6DBF7BD5 ] Dot4Print       C:\Windows\system32\DRIVERS\Dot4Prt.sys
21:46:08.0899 1460  Dot4Print - ok
21:46:08.0909 1460  [ A84D8A9006B1AE515CC7B6B3586C295A ] Dot4Scan        C:\Windows\system32\DRIVERS\Dot4Scan.sys
21:46:08.0910 1460  Dot4Scan - ok
21:46:08.0920 1460  [ C55004CA6B419B6695970DFE849B122F ] dot4usb         C:\Windows\system32\DRIVERS\dot4usb.sys
21:46:08.0921 1460  dot4usb - ok
21:46:08.0951 1460  [ A622E888F8AA2F6B49E9BC466F0E5DEF ] DPS             C:\Windows\system32\dps.dll
21:46:08.0953 1460  DPS - ok
21:46:08.0974 1460  [ 97FEF831AB90BEE128C9AF390E243F80 ] drmkaud         C:\Windows\system32\drivers\drmkaud.sys
21:46:08.0974 1460  drmkaud - ok
21:46:09.0012 1460  [ 85F33880B8CFB554BD3D9CCDB486845A ] DXGKrnl         C:\Windows\System32\drivers\dxgkrnl.sys
21:46:09.0020 1460  DXGKrnl - ok
21:46:09.0057 1460  [ 04944F4FC4F0477185F5D26AE0DDB90E ] e1express       C:\Windows\system32\DRIVERS\e1e6032.sys
21:46:09.0060 1460  e1express - ok
21:46:09.0076 1460  [ 5425F74AC0C1DBD96A1E04F17D63F94C ] E1G60           C:\Windows\system32\DRIVERS\E1G60I32.sys
21:46:09.0078 1460  E1G60 - ok
21:46:09.0124 1460  [ 47D1B4DC8DA75742F023AE21E0D057A2 ] Eacfilt         C:\Windows\system32\DRIVERS\eacfilt.sys
21:46:09.0126 1460  Eacfilt - ok
21:46:09.0148 1460  [ C0B95E40D85CD807D614E264248A45B9 ] EapHost         C:\Windows\System32\eapsvc.dll
21:46:09.0149 1460  EapHost - ok
21:46:09.0184 1460  [ DD2CD259D83D8B72C02C5F2331FF9D68 ] Ecache          C:\Windows\system32\drivers\ecache.sys
21:46:09.0186 1460  Ecache - ok
21:46:09.0240 1460  [ 9BE3744D295A7701EB425332014F0797 ] ehRecvr         C:\Windows\ehome\ehRecvr.exe
21:46:09.0244 1460  ehRecvr - ok
21:46:09.0248 1460  [ AD1870C8E5D6DD340C829E6074BF3C3F ] ehSched         C:\Windows\ehome\ehsched.exe
21:46:09.0250 1460  ehSched - ok
21:46:09.0264 1460  [ C27C4EE8926E74AA72EFCAB24C5242C3 ] ehstart         C:\Windows\ehome\ehstart.dll
21:46:09.0265 1460  ehstart - ok
21:46:09.0287 1460  [ 23B62471681A124889978F6295B3F4C6 ] elxstor         C:\Windows\system32\drivers\elxstor.sys
21:46:09.0291 1460  elxstor - ok
21:46:09.0323 1460  [ 70B1A86DF0C8EAD17D2BC332EDAE2C7C ] EMDMgmt         C:\Windows\system32\emdmgmt.dll
21:46:09.0330 1460  EMDMgmt - ok
21:46:09.0351 1460  [ 3DB974F3935483555D7148663F726C61 ] ErrDev          C:\Windows\system32\drivers\errdev.sys
21:46:09.0352 1460  ErrDev - ok
21:46:09.0382 1460  [ 6C08BDC02F633AD426653A7EE175C40A ] EU3_USB         C:\Windows\system32\DRIVERS\EU3USB.sys
21:46:09.0383 1460  EU3_USB - ok
21:46:09.0421 1460  [ 3CB3343D720168B575133A0A20DC2465 ] EventSystem     C:\Windows\system32\es.dll
21:46:09.0425 1460  EventSystem - ok
21:46:09.0459 1460  [ 0D858EB20589A34EFB25695ACAA6AA2D ] exfat           C:\Windows\system32\drivers\exfat.sys
21:46:09.0461 1460  exfat - ok
21:46:09.0466 1460  [ 3C489390C2E2064563727752AF8EAB9E ] fastfat         C:\Windows\system32\drivers\fastfat.sys
21:46:09.0477 1460  fastfat - ok
21:46:09.0496 1460  [ AFE1E8B9782A0DD7FB46BBD88E43F89A ] fdc             C:\Windows\system32\DRIVERS\fdc.sys
21:46:09.0497 1460  fdc - ok
21:46:09.0554 1460  [ 6629B5F0E98151F4AFDD87567EA32BA3 ] fdPHost         C:\Windows\system32\fdPHost.dll
21:46:09.0556 1460  fdPHost - ok
21:46:09.0586 1460  [ 89ED56DCE8E47AF40892778A5BD31FD2 ] FDResPub        C:\Windows\system32\fdrespub.dll
21:46:09.0587 1460  FDResPub - ok
21:46:09.0599 1460  [ A8C0139A884861E3AAE9CFE73B208A9F ] FileInfo        C:\Windows\system32\drivers\fileinfo.sys
21:46:09.0601 1460  FileInfo - ok
21:46:09.0619 1460  [ 0AE429A696AECBC5970E3CF2C62635AE ] Filetrace       C:\Windows\system32\drivers\filetrace.sys
21:46:09.0620 1460  Filetrace - ok
21:46:09.0644 1460  [ 85B7CF99D532820495D68D747FDA9EBD ] flpydisk        C:\Windows\system32\DRIVERS\flpydisk.sys
21:46:09.0645 1460  flpydisk - ok
21:46:09.0657 1460  [ 05EA53AFE985443011E36DAB07343B46 ] FltMgr          C:\Windows\system32\drivers\fltmgr.sys
21:46:09.0660 1460  FltMgr - ok
21:46:09.0720 1460  [ C9BE08664611DDAF98E2331E9288B00B ] FontCache3.0.0.0 C:\Windows\Microsoft.Net\Framework\v3.0\WPF\PresentationFontCache.exe
21:46:09.0721 1460  FontCache3.0.0.0 - ok
21:46:09.0744 1460  [ 65EA8B77B5851854F0C55C43FA51A198 ] Fs_Rec          C:\Windows\system32\drivers\Fs_Rec.sys
21:46:09.0745 1460  Fs_Rec - ok
21:46:09.0765 1460  [ 34582A6E6573D54A07ECE5FE24A126B5 ] gagp30kx        C:\Windows\system32\drivers\gagp30kx.sys
21:46:09.0766 1460  gagp30kx - ok
21:46:09.0811 1460  [ 8182FF89C65E4D38B2DE4BB0FB18564E ] GEARAspiWDM     C:\Windows\system32\DRIVERS\GEARAspiWDM.sys
21:46:09.0812 1460  GEARAspiWDM - ok
21:46:09.0863 1460  [ D3316F6E3C011435F36E3D6E49B3196C ] GoToAssist      C:\Program Files\Citrix\GoToAssist\514\g2aservice.exe
21:46:09.0865 1460  GoToAssist - ok
21:46:09.0889 1460  [ D9F1113D9401185245573350712F92FC ] gpsvc           C:\Windows\System32\gpsvc.dll
21:46:09.0897 1460  gpsvc - ok
21:46:09.0993 1460  [ 8F0DE4FEF8201E306F9938B0905AC96A ] gupdate         C:\Program Files\Google\Update\GoogleUpdate.exe
21:46:09.0996 1460  gupdate - ok
21:46:10.0000 1460  [ 8F0DE4FEF8201E306F9938B0905AC96A ] gupdatem        C:\Program Files\Google\Update\GoogleUpdate.exe
21:46:10.0001 1460  gupdatem - ok
21:46:10.0073 1460  [ 408DDD80EEDE47175F6844817B90213E ] gusvc           C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
21:46:10.0076 1460  gusvc - ok
21:46:10.0101 1460  [ CB04C744BE0A61B1D648FAED182C3B59 ] HdAudAddService C:\Windows\system32\drivers\HdAudio.sys
21:46:10.0104 1460  HdAudAddService - ok
21:46:10.0129 1460  [ C87B1EE051C0464491C1A7B03FA0BC99 ] HDAudBus        C:\Windows\system32\DRIVERS\HDAudBus.sys
21:46:10.0130 1460  HDAudBus - ok
21:46:10.0149 1460  [ 1338520E78D90154ED6BE8F84DE5FCEB ] HidBth          C:\Windows\system32\drivers\hidbth.sys
21:46:10.0150 1460  HidBth - ok
21:46:10.0163 1460  [ FF3160C3A2445128C5A6D9B076DA519E ] HidIr           C:\Windows\system32\drivers\hidir.sys
21:46:10.0164 1460  HidIr - ok
21:46:10.0193 1460  [ 53D5A2F9CE6AE47D7507727DF1DA79F8 ] hidserv         C:\Windows\system32\hidserv.dll
21:46:10.0194 1460  hidserv - ok
21:46:10.0209 1460  [ 854CA287AB7FAF949617A788306D967E ] HidUsb          C:\Windows\system32\DRIVERS\hidusb.sys
21:46:10.0210 1460  HidUsb - ok
21:46:10.0225 1460  [ D8AD255B37DA92434C26E4876DB7D418 ] hkmsvc          C:\Windows\system32\kmsvc.dll
21:46:10.0227 1460  hkmsvc - ok
21:46:10.0250 1460  [ 16EE7B23A009E00D835CDB79574A91A6 ] HpCISSs         C:\Windows\system32\drivers\hpcisss.sys
21:46:10.0252 1460  HpCISSs - ok
21:46:10.0425 1460  [ CE0FCEC4D4D860F36D972759B11EAF0F ] hpqcxs08        C:\Program Files\HP\Digital Imaging\bin\hpqcxs08.dll
21:46:10.0429 1460  hpqcxs08 - ok
21:46:10.0466 1460  [ 7DA3211AC63EDD90B8ECA1CA1ABFD43B ] hpqddsvc        C:\Program Files\HP\Digital Imaging\bin\hpqddsvc.dll
21:46:10.0469 1460  hpqddsvc - ok
21:46:10.0493 1460  [ 14229263AA19C704E0D6D2E7404A8455 ] HPSLPSVC        C:\Program Files\HP\Digital Imaging\bin\HPSLPSVC32.DLL
21:46:10.0502 1460  HPSLPSVC - ok
21:46:10.0548 1460  [ 96E241624C71211A79C84F50A8E71CAB ] HTTP            C:\Windows\system32\drivers\HTTP.sys
21:46:10.0553 1460  HTTP - ok
21:46:10.0569 1460  [ C6B032D69650985468160FC9937CF5B4 ] i2omp           C:\Windows\system32\drivers\i2omp.sys
21:46:10.0570 1460  i2omp - ok
21:46:10.0603 1460  [ 22D56C8184586B7A1F6FA60BE5F5A2BD ] i8042prt        C:\Windows\system32\DRIVERS\i8042prt.sys
21:46:10.0604 1460  i8042prt - ok
21:46:10.0649 1460  [ 997E8F5939F2D12CD9F2E6B395724C16 ] iaStor          C:\Windows\system32\drivers\iastor.sys
21:46:10.0653 1460  iaStor - ok
21:46:10.0690 1460  [ 54155EA1B0DF185878E0FC9EC3AC3A14 ] iaStorV         C:\Windows\system32\drivers\iastorv.sys
21:46:10.0693 1460  iaStorV - ok
21:46:10.0775 1460  [ 1CF03C69B49ACB70C722DF92755C0C8C ] IDriverT        C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
21:46:10.0778 1460  IDriverT - ok
21:46:10.0838 1460  [ 7B630ACAED64FEF0C3E1CF255CB56686 ] idsvc           C:\Windows\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\infocard.exe
21:46:10.0849 1460  idsvc - ok
21:46:10.0862 1460  [ 2D077BF86E843F901D8DB709C95B49A5 ] iirsp           C:\Windows\system32\drivers\iirsp.sys
21:46:10.0863 1460  iirsp - ok
21:46:10.0897 1460  [ A3BC480A2BF8AA8E4DABD2D5DCE0AFAC ] IKEEXT          C:\Windows\System32\ikeext.dll
21:46:10.0903 1460  IKEEXT - ok
21:46:10.0955 1460  [ 4EAE74C8BCBCA309A5D7CBAD7E231427 ] IntcAzAudAddService C:\Windows\system32\drivers\RTKVHDA.sys
21:46:11.0005 1460  IntcAzAudAddService - ok
21:46:11.0032 1460  [ 83AA759F3189E6370C30DE5DC5590718 ] intelide        C:\Windows\system32\DRIVERS\intelide.sys
21:46:11.0033 1460  intelide - ok
21:46:11.0052 1460  [ 224191001E78C89DFA78924C3EA595FF ] intelppm        C:\Windows\system32\DRIVERS\intelppm.sys
21:46:11.0053 1460  intelppm - ok
21:46:11.0063 1460  [ 9AC218C6E6105477484C6FDBE7D409A4 ] IPBusEnum       C:\Windows\system32\ipbusenum.dll
21:46:11.0065 1460  IPBusEnum - ok
21:46:11.0081 1460  [ 62C265C38769B864CB25B4BCF62DF6C3 ] IpFilterDriver  C:\Windows\system32\DRIVERS\ipfltdrv.sys
21:46:11.0082 1460  IpFilterDriver - ok
21:46:11.0126 1460  [ 6A35D233693EDC29A12742049BC5E37F ] iphlpsvc        C:\Windows\System32\iphlpsvc.dll
21:46:11.0129 1460  iphlpsvc - ok
21:46:11.0133 1460  IpInIp - ok
21:46:11.0153 1460  [ B25AAF203552B7B3491139D582B39AD1 ] IPMIDRV         C:\Windows\system32\drivers\ipmidrv.sys
21:46:11.0154 1460  IPMIDRV - ok
21:46:11.0167 1460  [ 8793643A67B42CEC66490B2A0CF92D68 ] IPNAT           C:\Windows\system32\DRIVERS\ipnat.sys
21:46:11.0169 1460  IPNAT - ok
21:46:11.0230 1460  [ E6BE7A41A28D8F2DB174957454D32448 ] iPod Service    C:\Program Files\iPod\bin\iPodService.exe
21:46:11.0240 1460  iPod Service - ok
21:46:11.0264 1460  [ C8F7D3FE794F5F681D3316FA0958D5E4 ] IPSECEXT        C:\Windows\system32\DRIVERS\ipsecw2k.sys
21:46:11.0266 1460  IPSECEXT - ok
21:46:11.0270 1460  [ C8F7D3FE794F5F681D3316FA0958D5E4 ] IPSECSHM        C:\Windows\system32\DRIVERS\ipsecw2k.sys
21:46:11.0271 1460  IPSECSHM - ok
21:46:11.0291 1460  [ 109C0DFB82C3632FBD11949B73AEEAC9 ] IRENUM          C:\Windows\system32\drivers\irenum.sys
21:46:11.0291 1460  IRENUM - ok
21:46:11.0310 1460  [ 6C70698A3E5C4376C6AB5C7C17FB0614 ] isapnp          C:\Windows\system32\drivers\isapnp.sys
21:46:11.0311 1460  isapnp - ok
21:46:11.0334 1460  [ F247EEC28317F6C739C16DE420097301 ] iScsiPrt        C:\Windows\system32\DRIVERS\msiscsi.sys
21:46:11.0336 1460  iScsiPrt - ok
21:46:11.0349 1460  [ BCED60D16156E428F8DF8CF27B0DF150 ] iteatapi        C:\Windows\system32\drivers\iteatapi.sys
21:46:11.0350 1460  iteatapi - ok
21:46:11.0381 1460  [ 06FA654504A498C30ADCA8BEC4E87E7E ] iteraid         C:\Windows\system32\drivers\iteraid.sys
21:46:11.0382 1460  iteraid - ok
21:46:11.0404 1460  [ 37605E0A8CF00CBBA538E753E4344C6E ] kbdclass        C:\Windows\system32\DRIVERS\kbdclass.sys
21:46:11.0405 1460  kbdclass - ok
21:46:11.0411 1460  [ 18247836959BA67E3511B62846B9C2E0 ] kbdhid          C:\Windows\system32\DRIVERS\kbdhid.sys
21:46:11.0412 1460  kbdhid - ok
21:46:11.0445 1460  [ A911ECAC81F94ADEAFBE8E3F7873EDB0 ] KeyIso          C:\Windows\system32\lsass.exe
21:46:11.0446 1460  KeyIso - ok
21:46:11.0500 1460  [ 186B54479D98E48AEE0E9ADA4B3C4D31 ] KL1             C:\Windows\system32\DRIVERS\kl1.sys
21:46:11.0503 1460  KL1 - ok
21:46:11.0511 1460  [ BF485BFBA13C0AB116701FD9C55324D0 ] kl2             C:\Windows\system32\DRIVERS\kl2.sys
21:46:11.0512 1460  kl2 - ok
21:46:11.0570 1460  [ AF04D0CE7939324E9A605B159295706C ] KLIF            C:\Windows\system32\DRIVERS\klif.sys
21:46:11.0577 1460  KLIF - ok
21:46:11.0593 1460  [ 6295A19003F935ECC6CCBE9E2376427B ] KLIM6           C:\Windows\system32\DRIVERS\klim6.sys
21:46:11.0594 1460  KLIM6 - ok
21:46:11.0624 1460  [ 3DE1771C135328420315E21DDE229BBA ] klmouflt        C:\Windows\system32\DRIVERS\klmouflt.sys
21:46:11.0625 1460  klmouflt - ok
21:46:11.0662 1460  [ 7A0CF7908B6824D6A2A1D313E5AE3DCA ] KSecDD          C:\Windows\system32\Drivers\ksecdd.sys
21:46:11.0667 1460  KSecDD - ok
21:46:11.0711 1460  [ 8078F8F8F7A79E2E6B494523A828C585 ] KtmRm           C:\Windows\system32\msdtckrm.dll
21:46:11.0716 1460  KtmRm - ok
21:46:11.0754 1460  [ 1925E63C91CF1610AE41BFD539062079 ] LanmanServer    C:\Windows\system32\srvsvc.dll
21:46:11.0764 1460  LanmanServer - ok
21:46:11.0810 1460  [ 2AE2E1628C5D3F1C0A46A67C9FA1DF15 ] LanmanWorkstation C:\Windows\System32\wkssvc.dll
21:46:11.0814 1460  LanmanWorkstation - ok
21:46:11.0830 1460  [ D1C5883087A0C3F1344D9D55A44901F6 ] lltdio          C:\Windows\system32\DRIVERS\lltdio.sys
21:46:11.0831 1460  lltdio - ok
21:46:11.0855 1460  [ 2D5A428872F1442631D0959A34ABFF63 ] lltdsvc         C:\Windows\System32\lltdsvc.dll
21:46:11.0858 1460  lltdsvc - ok
21:46:11.0887 1460  [ 35D40113E4A5B961B6CE5C5857702518 ] lmhosts         C:\Windows\System32\lmhsvc.dll
21:46:11.0889 1460  lmhosts - ok
21:46:11.0910 1460  [ C7E15E82879BF3235B559563D4185365 ] LSI_FC          C:\Windows\system32\drivers\lsi_fc.sys
21:46:11.0912 1460  LSI_FC - ok
21:46:11.0926 1460  [ EE01EBAE8C9BF0FA072E0FF68718920A ] LSI_SAS         C:\Windows\system32\drivers\lsi_sas.sys
21:46:11.0927 1460  LSI_SAS - ok
21:46:11.0944 1460  [ 912A04696E9CA30146A62AFA1463DD5C ] LSI_SCSI        C:\Windows\system32\drivers\lsi_scsi.sys
21:46:11.0946 1460  LSI_SCSI - ok
21:46:11.0965 1460  [ 8F5C7426567798E62A3B3614965D62CC ] luafv           C:\Windows\system32\drivers\luafv.sys
21:46:11.0967 1460  luafv - ok
21:46:12.0005 1460  [ D5BA9B816AFEF5292FE13C9A6267B6AB ] Macromedia Licensing Service C:\Program Files\Common Files\Macromedia Shared\Service\Macromedia Licensing.exe
21:46:12.0006 1460  Macromedia Licensing Service - ok
21:46:12.0044 1460  [ 0DB7527DB188C7D967A37BB51BBF3963 ] MBAMSwissArmy   C:\Windows\system32\drivers\mbamswissarmy.sys
21:46:12.0045 1460  MBAMSwissArmy - ok
21:46:12.0064 1460  [ AEF9BABB8A506BC4CE0451A64AADED46 ] Mcx2Svc         C:\Windows\system32\Mcx2Svc.dll
21:46:12.0066 1460  Mcx2Svc - ok
21:46:12.0090 1460  [ 0001CE609D66632FA17B84705F658879 ] megasas         C:\Windows\system32\drivers\megasas.sys
21:46:12.0091 1460  megasas - ok
21:46:12.0114 1460  [ C252F32CD9A49DBFC25ECF26EBD51A99 ] MegaSR          C:\Windows\system32\drivers\megasr.sys
21:46:12.0118 1460  MegaSR - ok
21:46:12.0137 1460  [ 1076FFCFFAAE8385FD62DFCB25AC4708 ] MMCSS           C:\Windows\system32\mmcss.dll
21:46:12.0138 1460  MMCSS - ok
21:46:12.0149 1460  [ E13B5EA0F51BA5B1512EC671393D09BA ] Modem           C:\Windows\system32\drivers\modem.sys
21:46:12.0150 1460  Modem - ok
21:46:12.0166 1460  [ 0A9BB33B56E294F686ABB7C1E4E2D8A8 ] monitor         C:\Windows\system32\DRIVERS\monitor.sys
21:46:12.0167 1460  monitor - ok
21:46:12.0184 1460  [ 5BF6A1326A335C5298477754A506D263 ] mouclass        C:\Windows\system32\DRIVERS\mouclass.sys
21:46:12.0185 1460  mouclass - ok
21:46:12.0198 1460  [ 93B8D4869E12CFBE663915502900876F ] mouhid          C:\Windows\system32\DRIVERS\mouhid.sys
21:46:12.0199 1460  mouhid - ok
21:46:12.0203 1460  [ BDAFC88AA6B92F7842416EA6A48E1600 ] MountMgr        C:\Windows\system32\drivers\mountmgr.sys
21:46:12.0204 1460  MountMgr - ok
21:46:12.0314 1460  [ 96AA8BA23142CC8E2B30F3CAE0C80254 ] MozillaMaintenance C:\Program Files\Mozilla Maintenance Service\maintenanceservice.exe
21:46:12.0317 1460  MozillaMaintenance - ok
21:46:12.0348 1460  [ 511D011289755DD9F9A7579FB0B064E6 ] mpio            C:\Windows\system32\drivers\mpio.sys
21:46:12.0350 1460  mpio - ok
21:46:12.0369 1460  [ 22241FEBA9B2DEFA669C8CB0A8DD7D2E ] mpsdrv          C:\Windows\system32\drivers\mpsdrv.sys
21:46:12.0371 1460  mpsdrv - ok
21:46:12.0387 1460  [ D1639BA315B0D79DEC49A4B0E1FB929B ] MpsSvc          C:\Windows\system32\mpssvc.dll
21:46:12.0393 1460  MpsSvc - ok
21:46:12.0414 1460  [ 4FBBB70D30FD20EC51F80061703B001E ] Mraid35x        C:\Windows\system32\drivers\mraid35x.sys
21:46:12.0416 1460  Mraid35x - ok
21:46:12.0439 1460  [ AE3DE84536B6799D2267443CEC8EDBB9 ] MRxDAV          C:\Windows\system32\drivers\mrxdav.sys
21:46:12.0441 1460  MRxDAV - ok
21:46:12.0467 1460  [ 5734A0F2BE7E495F7D3ED6EFD4B9F5A1 ] mrxsmb          C:\Windows\system32\DRIVERS\mrxsmb.sys
21:46:12.0469 1460  mrxsmb - ok
21:46:12.0495 1460  [ 6B5FA5ADFACAC9DBBE0991F4566D7D55 ] mrxsmb10        C:\Windows\system32\DRIVERS\mrxsmb10.sys
21:46:12.0498 1460  mrxsmb10 - ok
21:46:12.0511 1460  [ 5C80D8159181C7ABF1B14BA703B01E0B ] mrxsmb20        C:\Windows\system32\DRIVERS\mrxsmb20.sys
21:46:12.0513 1460  mrxsmb20 - ok
21:46:12.0544 1460  [ F70590424EEFBF5C27A40C67AFDB8383 ] msahci          C:\Windows\system32\drivers\msahci.sys
21:46:12.0545 1460  msahci - ok
21:46:12.0560 1460  [ 4468B0F385A86ECDDAF8D3CA662EC0E7 ] msdsm           C:\Windows\system32\drivers\msdsm.sys
21:46:12.0562 1460  msdsm - ok
21:46:12.0580 1460  [ FD7520CC3A80C5FC8C48852BB24C6DED ] MSDTC           C:\Windows\System32\msdtc.exe
21:46:12.0583 1460  MSDTC - ok
21:46:12.0609 1460  [ A9927F4A46B816C92F461ACB90CF8515 ] Msfs            C:\Windows\system32\drivers\Msfs.sys
21:46:12.0610 1460  Msfs - ok
21:46:12.0620 1460  [ 0F400E306F385C56317357D6DEA56F62 ] msisadrv        C:\Windows\system32\drivers\msisadrv.sys
21:46:12.0622 1460  msisadrv - ok
21:46:12.0648 1460  [ 85466C0757A23D9A9AECDC0755203CB2 ] MSiSCSI         C:\Windows\system32\iscsiexe.dll
21:46:12.0650 1460  MSiSCSI - ok
21:46:12.0654 1460  msiserver - ok
21:46:12.0691 1460  [ D8C63D34D9C9E56C059E24EC7185CC07 ] MSKSSRV         C:\Windows\system32\drivers\MSKSSRV.sys
21:46:12.0692 1460  MSKSSRV - ok
21:46:12.0706 1460  [ 1D373C90D62DDB641D50E55B9E78D65E ] MSPCLOCK        C:\Windows\system32\drivers\MSPCLOCK.sys
21:46:12.0707 1460  MSPCLOCK - ok
21:46:12.0719 1460  [ B572DA05BF4E098D4BBA3A4734FB505B ] MSPQM           C:\Windows\system32\drivers\MSPQM.sys
21:46:12.0720 1460  MSPQM - ok
21:46:12.0737 1460  [ B5614AECB05A9340AA0FB55BF561CC63 ] MsRPC           C:\Windows\system32\drivers\MsRPC.sys
21:46:12.0739 1460  MsRPC - ok
21:46:12.0752 1460  [ E384487CB84BE41D09711C30CA79646C ] mssmbios        C:\Windows\system32\DRIVERS\mssmbios.sys
21:46:12.0753 1460  mssmbios - ok
21:46:12.0771 1460  [ 7199C1EEC1E4993CAF96B8C0A26BD58A ] MSTEE           C:\Windows\system32\drivers\MSTEE.sys
21:46:12.0772 1460  MSTEE - ok
21:46:12.0776 1460  [ 6DFD1D322DE55B0B7DB7D21B90BEC49C ] Mup             C:\Windows\system32\Drivers\mup.sys
21:46:12.0777 1460  Mup - ok
21:46:12.0800 1460  [ C43B25863FBD65B6D2A142AF3AE320CA ] napagent        C:\Windows\system32\qagentRT.dll
21:46:12.0805 1460  napagent - ok
21:46:12.0830 1460  [ 3C21CE48FF529BB73DADB98770B54025 ] NativeWifiP     C:\Windows\system32\DRIVERS\nwifi.sys
21:46:12.0832 1460  NativeWifiP - ok
21:46:12.0871 1460  [ C8560010A542B5DCA94C62468DC20784 ] NDIS            C:\Windows\system32\drivers\ndis.sys
21:46:12.0878 1460  NDIS - ok
21:46:12.0899 1460  [ 0E186E90404980569FB449BA7519AE61 ] NdisTapi        C:\Windows\system32\DRIVERS\ndistapi.sys
21:46:12.0900 1460  NdisTapi - ok
21:46:12.0903 1460  [ D6973AA34C4D5D76C0430B181C3CD389 ] Ndisuio         C:\Windows\system32\DRIVERS\ndisuio.sys
21:46:12.0904 1460  Ndisuio - ok
21:46:12.0929 1460  [ 3D14C3B3496F88890D431E8AA022A411 ] NdisWan         C:\Windows\system32\DRIVERS\ndiswan.sys
21:46:12.0931 1460  NdisWan - ok
21:46:12.0940 1460  [ 71DAB552B41936358F3B541AE5997FB3 ] NDProxy         C:\Windows\system32\drivers\NDProxy.sys
21:46:12.0941 1460  NDProxy - ok
21:46:12.0972 1460  [ A081CB6FB9A12668F233EB5414BE3A0E ] Net Driver HPZ12 C:\Windows\system32\HPZinw12.dll
21:46:12.0974 1460  Net Driver HPZ12 - ok
21:46:12.0984 1460  [ BCD093A5A6777CF626434568DC7DBA78 ] NetBIOS         C:\Windows\system32\DRIVERS\netbios.sys
21:46:12.0985 1460  NetBIOS - ok
21:46:13.0001 1460  [ 7C5FEE5B1C5728507CD96FB4A13E7A02 ] netbt           C:\Windows\system32\DRIVERS\netbt.sys
21:46:13.0004 1460  netbt - ok
21:46:13.0012 1460  [ A911ECAC81F94ADEAFBE8E3F7873EDB0 ] Netlogon        C:\Windows\system32\lsass.exe
21:46:13.0013 1460  Netlogon - ok
21:46:13.0036 1460  [ C8052711DAECC48B982434C5116CA401 ] Netman          C:\Windows\System32\netman.dll
21:46:13.0040 1460  Netman - ok
21:46:13.0058 1460  [ 2EF3BBE22E5A5ACD1428EE387A0D0172 ] netprofm        C:\Windows\System32\netprofm.dll
21:46:13.0062 1460  netprofm - ok
21:46:13.0096 1460  [ 0AD5876EF4E9EB77C8F93EB5B2FFF386 ] NetTcpPortSharing C:\Windows\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\SMSvcHost.exe
21:46:13.0098 1460  NetTcpPortSharing - ok
21:46:13.0112 1460  [ 2E7FB731D4790A1BC6270ACCEFACB36E ] nfrd960         C:\Windows\system32\drivers\nfrd960.sys
21:46:13.0113 1460  nfrd960 - ok
21:46:13.0148 1460  [ 2997B15415F9BBE05B5A4C1C85E0C6A2 ] NlaSvc          C:\Windows\System32\nlasvc.dll
21:46:13.0151 1460  NlaSvc - ok
21:46:13.0259 1460  NMSAccessU - ok
21:46:13.0294 1460  [ ECB5003F484F9ED6C608D6D6C7886CBB ] Npfs            C:\Windows\system32\drivers\Npfs.sys
21:46:13.0295 1460  Npfs - ok
21:46:13.0314 1460  [ 8BB86F0C7EEA2BDED6FE095D0B4CA9BD ] nsi             C:\Windows\system32\nsisvc.dll
21:46:13.0315 1460  nsi - ok
21:46:13.0319 1460  [ 609773E344A97410CE4EBF74A8914FCF ] nsiproxy        C:\Windows\system32\drivers\nsiproxy.sys
21:46:13.0320 1460  nsiproxy - ok
21:46:13.0344 1460  [ B4EFFE29EB4F15538FD8A9681108492D ] Ntfs            C:\Windows\system32\drivers\Ntfs.sys
21:46:13.0357 1460  Ntfs - ok
21:46:13.0376 1460  [ E875C093AEC0C978A90F30C9E0DFBB72 ] ntrigdigi       C:\Windows\system32\drivers\ntrigdigi.sys
21:46:13.0378 1460  ntrigdigi - ok
21:46:13.0381 1460  [ C5DBBCDA07D780BDA9B685DF333BB41E ] Null            C:\Windows\system32\drivers\Null.sys
21:46:13.0382 1460  Null - ok
21:46:13.0427 1460  [ 0036C971EE6335E27BD4E66EDDF8727F ] NvcRpcServer    C:\Program Files\Nortel Networks\NvcRpcSvr.exe
21:46:13.0428 1460  NvcRpcServer - ok
21:46:13.0450 1460  [ 2EDF9E7751554B42CBB60116DE727101 ] nvraid          C:\Windows\system32\drivers\nvraid.sys
21:46:13.0452 1460  nvraid - ok
21:46:13.0466 1460  [ ABED0C09758D1D97DB0042DBB2688177 ] nvstor          C:\Windows\system32\drivers\nvstor.sys
21:46:13.0467 1460  nvstor - ok
21:46:13.0487 1460  [ 18BBDF913916B71BD54575BDB6EEAC0B ] nv_agp          C:\Windows\system32\drivers\nv_agp.sys
21:46:13.0489 1460  nv_agp - ok
21:46:13.0492 1460  NwlnkFlt - ok
21:46:13.0496 1460  NwlnkFwd - ok
21:46:13.0568 1460  [ 84DE1DD996B48B05ACE31AD015FA108A ] odserv          C:\Program Files\Common Files\Microsoft Shared\OFFICE12\ODSERV.EXE
21:46:13.0574 1460  odserv - ok
21:46:13.0601 1460  [ BE32DA025A0BE1878F0EE8D6D9386CD5 ] ohci1394        C:\Windows\system32\drivers\ohci1394.sys
21:46:13.0602 1460  ohci1394 - ok
21:46:13.0737 1460  [ DA345DE3B450E9E1691E7B9956D8FFC3 ] OMSI download service M:\Programme\Sony Ericsson\Sony Ericsson PC Suite\SupServ.exe
21:46:13.0740 1460  OMSI download service - ok
21:46:13.0783 1460  [ 5A432A042DAE460ABE7199B758E8606C ] ose             C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE
21:46:13.0785 1460  ose - ok
21:46:13.0840 1460  [ 5DE1A3972FD3112C75EB17BDCF454169 ] p2pimsvc        C:\Windows\system32\p2psvc.dll
21:46:13.0849 1460  p2pimsvc - ok
21:46:13.0864 1460  [ 5DE1A3972FD3112C75EB17BDCF454169 ] p2psvc          C:\Windows\system32\p2psvc.dll
21:46:13.0869 1460  p2psvc - ok
21:46:13.0887 1460  [ 0FA9B5055484649D63C303FE404E5F4D ] Parport         C:\Windows\system32\drivers\parport.sys
21:46:13.0888 1460  Parport - ok
21:46:13.0908 1460  [ 3B38467E7C3DAED009DFE359E17F139F ] partmgr         C:\Windows\system32\drivers\partmgr.sys
21:46:13.0909 1460  partmgr - ok
21:46:13.0923 1460  [ 4F9A6A8A31413180D0FCB279AD5D8112 ] Parvdm          C:\Windows\system32\drivers\parvdm.sys
21:46:13.0924 1460  Parvdm - ok
21:46:13.0935 1460  [ C6276AD11F4BB49B58AA1ED88537F14A ] PcaSvc          C:\Windows\System32\pcasvc.dll
21:46:13.0937 1460  PcaSvc - ok
21:46:13.0953 1460  [ 01B94418DEB235DFF777CC80076354B4 ] pci             C:\Windows\system32\drivers\pci.sys
21:46:13.0956 1460  pci - ok
21:46:13.0978 1460  [ FC175F5DDAB666D7F4D17449A547626F ] pciide          C:\Windows\system32\drivers\pciide.sys
21:46:13.0980 1460  pciide - ok
21:46:14.0004 1460  [ E6F3FB1B86AA519E7698AD05E58B04E5 ] pcmcia          C:\Windows\system32\drivers\pcmcia.sys
21:46:14.0007 1460  pcmcia - ok
21:46:14.0040 1460  [ 6349F6ED9C623B44B52EA3C63C831A92 ] PEAUTH          C:\Windows\system32\drivers\peauth.sys
21:46:14.0051 1460  PEAUTH - ok
21:46:14.0117 1460  [ 24EE15A05A4A3353DFDE90BA9A4A98DA ] PinnacleUpdateSvc M:\Programme\KALiNKOsoft\Pinnacle Game Profiler\pinnacle_updater.exe
21:46:14.0121 1460  PinnacleUpdateSvc - ok
21:46:14.0164 1460  [ B1689DF169143F57053F795390C99DB3 ] pla             C:\Windows\system32\pla.dll
21:46:14.0182 1460  pla - ok
21:46:14.0208 1460  [ 78F975CB6D18265BE6F492EDB2D7BC7B ] PlugPlay        C:\Windows\system32\umpnpmgr.dll
21:46:14.0212 1460  PlugPlay - ok
21:46:14.0233 1460  [ 65BC271F337637731D3C71455AE1F476 ] Pml Driver HPZ12 C:\Windows\system32\HPZipm12.dll
21:46:14.0235 1460  Pml Driver HPZ12 - ok
21:46:14.0254 1460  [ 5DE1A3972FD3112C75EB17BDCF454169 ] PNRPAutoReg     C:\Windows\system32\p2psvc.dll
21:46:14.0259 1460  PNRPAutoReg - ok
21:46:14.0268 1460  [ 5DE1A3972FD3112C75EB17BDCF454169 ] PNRPsvc         C:\Windows\system32\p2psvc.dll
21:46:14.0273 1460  PNRPsvc - ok
21:46:14.0303 1460  [ 47B8F37AA18B74D8C2E1BC1A7A2C8F8A ] PolicyAgent     C:\Windows\System32\ipsecsvc.dll
21:46:14.0308 1460  PolicyAgent - ok
21:46:14.0331 1460  [ ECFFFAEC0C1ECD8DBC77F39070EA1DB1 ] PptpMiniport    C:\Windows\system32\DRIVERS\raspptp.sys
21:46:14.0332 1460  PptpMiniport - ok
21:46:14.0351 1460  [ 2027293619DD0F047C584CF2E7DF4FFD ] Processor       C:\Windows\system32\drivers\processr.sys
21:46:14.0352 1460  Processor - ok
21:46:14.0382 1460  [ B627E4FC8585E8843C5905D4D3587A90 ] ProfSvc         C:\Windows\system32\profsvc.dll
21:46:14.0385 1460  ProfSvc - ok
21:46:14.0397 1460  [ A911ECAC81F94ADEAFBE8E3F7873EDB0 ] ProtectedStorage C:\Windows\system32\lsass.exe
21:46:14.0398 1460  ProtectedStorage - ok
21:46:14.0417 1460  [ BFEF604508A0ED1EAE2A73E872555FFB ] PSched          C:\Windows\system32\DRIVERS\pacer.sys
21:46:14.0418 1460  PSched - ok
21:46:14.0459 1460  [ 0A6DB55AFB7820C99AA1F3A1D270F4F6 ] ql2300          C:\Windows\system32\drivers\ql2300.sys
21:46:14.0472 1460  ql2300 - ok
21:46:14.0498 1460  [ 81A7E5C076E59995D54BC1ED3A16E60B ] ql40xx          C:\Windows\system32\drivers\ql40xx.sys
21:46:14.0500 1460  ql40xx - ok
21:46:14.0542 1460  [ E9ECAE663F47E6CB43962D18AB18890F ] QWAVE           C:\Windows\system32\qwave.dll
21:46:14.0546 1460  QWAVE - ok
21:46:14.0592 1460  [ 9F5E0E1926014D17486901C88ECA2DB7 ] QWAVEdrv        C:\Windows\system32\drivers\qwavedrv.sys
21:46:14.0594 1460  QWAVEdrv - ok
21:46:14.0754 1460  [ 5C297F25A4A09D14BFE2CAB5DE2F1457 ] R300            C:\Windows\system32\DRIVERS\atikmdag.sys
21:46:14.0801 1460  R300 - ok
21:46:14.0817 1460  [ 147D7F9C556D259924351FEB0DE606C3 ] RasAcd          C:\Windows\system32\DRIVERS\rasacd.sys
21:46:14.0818 1460  RasAcd - ok
21:46:14.0838 1460  [ F6A452EB4CEADBB51C9E0EE6B3ECEF0F ] RasAuto         C:\Windows\System32\rasauto.dll
21:46:14.0841 1460  RasAuto - ok
21:46:14.0851 1460  [ A214ADBAF4CB47DD2728859EF31F26B0 ] Rasl2tp         C:\Windows\system32\DRIVERS\rasl2tp.sys
21:46:14.0852 1460  Rasl2tp - ok
21:46:14.0877 1460  [ 6E7C284FC5C4EC07AD164D93810385A6 ] RasMan          C:\Windows\System32\rasmans.dll
21:46:14.0881 1460  RasMan - ok
21:46:14.0890 1460  [ 3E9D9B048107B40D87B97DF2E48E0744 ] RasPppoe        C:\Windows\system32\DRIVERS\raspppoe.sys
21:46:14.0891 1460  RasPppoe - ok
21:46:14.0915 1460  [ A7D141684E9500AC928A772ED8E6B671 ] RasSstp         C:\Windows\system32\DRIVERS\rassstp.sys
21:46:14.0917 1460  RasSstp - ok
21:46:14.0931 1460  [ 6E1C5D0457622F9EE35F683110E93D14 ] rdbss           C:\Windows\system32\DRIVERS\rdbss.sys
21:46:14.0934 1460  rdbss - ok
21:46:14.0938 1460  [ 89E59BE9A564262A3FB6C4F4F1CD9899 ] RDPCDD          C:\Windows\system32\DRIVERS\RDPCDD.sys
21:46:14.0939 1460  RDPCDD - ok
21:46:14.0965 1460  [ FBC0BACD9C3D7F6956853F64A66E252D ] rdpdr           C:\Windows\system32\drivers\rdpdr.sys
21:46:14.0969 1460  rdpdr - ok
21:46:14.0974 1460  [ 9D91FE5286F748862ECFFA05F8A0710C ] RDPENCDD        C:\Windows\system32\drivers\rdpencdd.sys
21:46:14.0975 1460  RDPENCDD - ok
21:46:15.0005 1460  [ E1C18F4097A5ABCEC941DC4B2F99DB7E ] RDPWD           C:\Windows\system32\drivers\RDPWD.sys
21:46:15.0007 1460  RDPWD - ok
21:46:15.0036 1460  [ BCDD6B4804D06B1F7EBF29E53A57ECE9 ] RemoteAccess    C:\Windows\System32\mprdim.dll
21:46:15.0039 1460  RemoteAccess - ok
21:46:15.0070 1460  [ CC4E32400F3C7253400CF8F3F3A0B676 ] RemoteRegistry  C:\Windows\system32\regsvc.dll
21:46:15.0073 1460  RemoteRegistry - ok
21:46:15.0114 1460  [ F17713D108ACA124A139FDE877EEF68A ] RimUsb          C:\Windows\system32\Drivers\RimUsb.sys
21:46:15.0115 1460  RimUsb - ok
21:46:15.0167 1460  [ 2C4FB2E9F039287767C384E46EE91030 ] RimVSerPort     C:\Windows\system32\DRIVERS\RimSerial.sys
21:46:15.0168 1460  RimVSerPort - ok
21:46:15.0186 1460  [ 75E8A6BFA7374ABA833AE92BF41AE4E6 ] ROOTMODEM       C:\Windows\system32\Drivers\RootMdm.sys
21:46:15.0187 1460  ROOTMODEM - ok
21:46:15.0201 1460  [ 5123F83CBC4349D065534EEB6BBDC42B ] RpcLocator      C:\Windows\system32\locator.exe
21:46:15.0203 1460  RpcLocator - ok
21:46:15.0222 1460  [ 301AE00E12408650BADDC04DBC832830 ] RpcSs           C:\Windows\system32\rpcss.dll
21:46:15.0227 1460  RpcSs - ok
21:46:15.0236 1460  [ 9C508F4074A39E8B4B31D27198146FAD ] rspndr          C:\Windows\system32\DRIVERS\rspndr.sys
21:46:15.0237 1460  rspndr - ok
21:46:15.0272 1460  [ 59509AD6CBC28F2C73056268985B3E48 ] s0016bus        C:\Windows\system32\DRIVERS\s0016bus.sys
21:46:15.0274 1460  s0016bus - ok
21:46:15.0321 1460  [ B98C3A6F91F4FBA285AF9606A240C6B4 ] s0016mdfl       C:\Windows\system32\DRIVERS\s0016mdfl.sys
21:46:15.0322 1460  s0016mdfl - ok
21:46:15.0344 1460  [ 8A83426F4FB7B5212825D9DE76368B1A ] s0016mdm        C:\Windows\system32\DRIVERS\s0016mdm.sys
21:46:15.0346 1460  s0016mdm - ok
21:46:15.0378 1460  [ 7A78BBA97FEB5E6D24C49E93A3BF7287 ] s0016mgmt       C:\Windows\system32\DRIVERS\s0016mgmt.sys
21:46:15.0381 1460  s0016mgmt - ok
21:46:15.0420 1460  [ 34EF7B5F611957B73E7219DD5A222AD1 ] s0016nd5        C:\Windows\system32\DRIVERS\s0016nd5.sys
21:46:15.0421 1460  s0016nd5 - ok
21:46:15.0465 1460  [ 36792935847143E4A3CDA0DC87248487 ] s0016obex       C:\Windows\system32\DRIVERS\s0016obex.sys
21:46:15.0467 1460  s0016obex - ok
21:46:15.0487 1460  [ 927208754FB27FC3E7A659E77500C5D1 ] s0016unic       C:\Windows\system32\DRIVERS\s0016unic.sys
21:46:15.0490 1460  s0016unic - ok
21:46:15.0493 1460  [ A911ECAC81F94ADEAFBE8E3F7873EDB0 ] SamSs           C:\Windows\system32\lsass.exe
21:46:15.0494 1460  SamSs - ok
21:46:15.0513 1460  [ 3CE8F073A557E172B330109436984E30 ] sbp2port        C:\Windows\system32\drivers\sbp2port.sys
21:46:15.0515 1460  sbp2port - ok
21:46:15.0547 1460  [ 11387E32642269C7E62E8B52C060B3C6 ] SCardSvr        C:\Windows\System32\SCardSvr.dll
21:46:15.0549 1460  SCardSvr - ok
21:46:15.0600 1460  [ 7B587B8A6D4A99F79D2902D0385F29BD ] Schedule        C:\Windows\system32\schedsvc.dll
21:46:15.0609 1460  Schedule - ok
21:46:15.0625 1460  [ 87C2D0377B23E2D8A41093C2F5FB1A5B ] SCPolicySvc     C:\Windows\System32\certprop.dll
21:46:15.0626 1460  SCPolicySvc - ok
21:46:15.0638 1460  [ 716313D9F6B0529D03F726D5AAF6F191 ] SDRSVC          C:\Windows\System32\SDRSVC.dll
21:46:15.0641 1460  SDRSVC - ok
21:46:15.0649 1460  [ 90A3935D05B494A5A39D37E71F09A677 ] secdrv          C:\Windows\system32\drivers\secdrv.sys
21:46:15.0650 1460  secdrv - ok
21:46:15.0662 1460  [ FD5199D4D8A521005E4B5EE7FE00FA9B ] seclogon        C:\Windows\system32\seclogon.dll
21:46:15.0664 1460  seclogon - ok
21:46:15.0716 1460  [ E5B56569A9F79B70314FEDE6C953641E ] seehcri         C:\Windows\system32\DRIVERS\seehcri.sys
21:46:15.0717 1460  seehcri - ok
21:46:15.0740 1460  [ A9BBAB5759771E523F55563D6CBE140F ] SENS            C:\Windows\System32\sens.dll
21:46:15.0742 1460  SENS - ok
21:46:15.0765 1460  [ 68E44E331D46F0FB38F0863A84CD1A31 ] Serenum         C:\Windows\system32\drivers\serenum.sys
21:46:15.0766 1460  Serenum - ok
21:46:15.0781 1460  [ C70D69A918B178D3C3B06339B40C2E1B ] Serial          C:\Windows\system32\drivers\serial.sys
21:46:15.0783 1460  Serial - ok
21:46:15.0807 1460  [ 8AF3D28A879BF75DB53A0EE7A4289624 ] sermouse        C:\Windows\system32\drivers\sermouse.sys
21:46:15.0808 1460  sermouse - ok
21:46:15.0834 1460  [ D2193326F729B163125610DBF3E17D57 ] SessionEnv      C:\Windows\system32\sessenv.dll
21:46:15.0837 1460  SessionEnv - ok
21:46:15.0853 1460  [ 3EFA810BDCA87F6ECC24F9832243FE86 ] sffdisk         C:\Windows\system32\drivers\sffdisk.sys
21:46:15.0854 1460  sffdisk - ok
21:46:15.0870 1460  [ E95D451F7EA3E583AEC75F3B3EE42DC5 ] sffp_mmc        C:\Windows\system32\drivers\sffp_mmc.sys
21:46:15.0871 1460  sffp_mmc - ok
21:46:15.0893 1460  [ 3D0EA348784B7AC9EA9BD9F317980979 ] sffp_sd         C:\Windows\system32\drivers\sffp_sd.sys
21:46:15.0893 1460  sffp_sd - ok
21:46:15.0913 1460  [ 46ED8E91793B2E6F848015445A0AC188 ] sfloppy         C:\Windows\system32\drivers\sfloppy.sys
21:46:15.0914 1460  sfloppy - ok
21:46:15.0963 1460  [ 1E3FDB80E40A3CE645F229DFBDFB7694 ] ShellHWDetection C:\Windows\System32\shsvcs.dll
21:46:15.0967 1460  ShellHWDetection - ok
21:46:15.0992 1460  [ 1D76624A09A054F682D746B924E2DBC3 ] sisagp          C:\Windows\system32\drivers\sisagp.sys
21:46:15.0993 1460  sisagp - ok
21:46:16.0012 1460  [ 43CB7AA756C7DB280D01DA9B676CFDE2 ] SiSRaid2        C:\Windows\system32\drivers\sisraid2.sys
21:46:16.0013 1460  SiSRaid2 - ok
21:46:16.0032 1460  [ A99C6C8B0BAA970D8AA59DDC50B57F94 ] SiSRaid4        C:\Windows\system32\drivers\sisraid4.sys
21:46:16.0034 1460  SiSRaid4 - ok
21:46:16.0107 1460  [ 0BA91E1358AD25236863039BB2609A2E ] slsvc           C:\Windows\system32\SLsvc.exe
21:46:16.0136 1460  slsvc - ok
21:46:16.0150 1460  [ 7C6DC44CA0BFA6291629AB764200D1D4 ] SLUINotify      C:\Windows\system32\SLUINotify.dll
21:46:16.0153 1460  SLUINotify - ok
21:46:16.0162 1460  [ 031E6BCD53C9B2B9ACE111EAFEC347B6 ] Smb             C:\Windows\system32\DRIVERS\smb.sys
21:46:16.0164 1460  Smb - ok
21:46:16.0180 1460  [ 2A146A055B4401C16EE62D18B8E2A032 ] SNMPTRAP        C:\Windows\System32\snmptrap.exe
21:46:16.0182 1460  SNMPTRAP - ok
21:46:16.0242 1460  [ 1A623F2B69E1F182F995F963C55DB935 ] Sony Ericsson PCCompanion C:\Program Files\Sony Ericsson\Sony Ericsson PC Companion\PCCService.exe
21:46:16.0245 1460  Sony Ericsson PCCompanion - ok
21:46:16.0267 1460  [ 7AEBDEEF071FE28B0EEF2CDD69102BFF ] spldr           C:\Windows\system32\drivers\spldr.sys
21:46:16.0268 1460  spldr - ok
21:46:16.0307 1460  [ 3665F79026A3F91FBCA63F2C65A09B19 ] Spooler         C:\Windows\System32\spoolsv.exe
21:46:16.0311 1460  Spooler - ok
21:46:16.0348 1460  [ 777115C9CC675BD98127660712D2F784 ] sprtsvc_DellSupportCenter C:\Program Files\Dell Support Center\bin\sprtsvc.exe
21:46:16.0351 1460  sprtsvc_DellSupportCenter - ok
21:46:16.0381 1460  [ 2252AEF839B1093D16761189F45AF885 ] srv             C:\Windows\system32\DRIVERS\srv.sys
21:46:16.0385 1460  srv - ok
21:46:16.0419 1460  [ B7FF59408034119476B00A81BB53D5D1 ] srv2            C:\Windows\system32\DRIVERS\srv2.sys
21:46:16.0422 1460  srv2 - ok
21:46:16.0432 1460  [ 2ACCC9B12AF02030F531E6CCA6F8B76E ] srvnet          C:\Windows\system32\DRIVERS\srvnet.sys
21:46:16.0433 1460  srvnet - ok
21:46:16.0446 1460  [ 03D50B37234967433A5EA5BA72BC0B62 ] SSDPSRV         C:\Windows\System32\ssdpsrv.dll
21:46:16.0450 1460  SSDPSRV - ok
21:46:16.0458 1460  [ 6F1A32E7B7B30F004D9A20AFADB14944 ] SstpSvc         C:\Windows\system32\sstpsvc.dll
21:46:16.0461 1460  SstpSvc - ok
21:46:16.0499 1460  [ F92254B0BCFCD10CAAC7BCCC7CB7F467 ] StarOpen        C:\Windows\system32\drivers\StarOpen.sys
21:46:16.0500 1460  StarOpen - ok
21:46:16.0527 1460  [ 7DD08A597BC56051F320DA0BAF69E389 ] stisvc          C:\Windows\System32\wiaservc.dll
21:46:16.0534 1460  stisvc - ok
21:46:16.0560 1460  [ 7BA58ECF0C0A9A69D44B3DCA62BECF56 ] swenum          C:\Windows\system32\DRIVERS\swenum.sys
21:46:16.0561 1460  swenum - ok
21:46:16.0594 1460  [ B36C7CDB86F7F7A8E884479219766950 ] swprv           C:\Windows\System32\swprv.dll
21:46:16.0599 1460  swprv - ok
21:46:16.0625 1460  [ 192AA3AC01DF071B541094F251DEED10 ] Symc8xx         C:\Windows\system32\drivers\symc8xx.sys
21:46:16.0626 1460  Symc8xx - ok
21:46:16.0647 1460  [ 8C8EB8C76736EBAF3B13B633B2E64125 ] Sym_hi          C:\Windows\system32\drivers\sym_hi.sys
21:46:16.0648 1460  Sym_hi - ok
21:46:16.0662 1460  [ 8072AF52B5FD103BBBA387A1E49F62CB ] Sym_u3          C:\Windows\system32\drivers\sym_u3.sys
21:46:16.0663 1460  Sym_u3 - ok
21:46:16.0687 1460  [ 8710A92D0024B03B5FB9540DF1F71F1D ] SysMain         C:\Windows\system32\sysmain.dll
21:46:16.0695 1460  SysMain - ok
21:46:16.0700 1460  [ 2DCA225EAE15F42C0933E998EE0231C3 ] TabletInputService C:\Windows\System32\TabSvc.dll
21:46:16.0702 1460  TabletInputService - ok
21:46:16.0714 1460  [ 680916BB09EE0F3A6ACA7C274B0D633F ] TapiSrv         C:\Windows\System32\tapisrv.dll
21:46:16.0719 1460  TapiSrv - ok
21:46:16.0737 1460  [ CB05822CD9CC6C688168E113C603DBE7 ] TBS             C:\Windows\System32\tbssvc.dll
21:46:16.0739 1460  TBS - ok
21:46:16.0777 1460  [ 782568AB6A43160A159B6215B70BCCE9 ] Tcpip           C:\Windows\system32\drivers\tcpip.sys
21:46:16.0788 1460  Tcpip - ok
21:46:16.0803 1460  [ 782568AB6A43160A159B6215B70BCCE9 ] Tcpip6          C:\Windows\system32\DRIVERS\tcpip.sys
21:46:16.0808 1460  Tcpip6 - ok
21:46:16.0818 1460  [ D4A2E4A4B011F3A883AF77315A5AE76B ] tcpipreg        C:\Windows\system32\drivers\tcpipreg.sys
21:46:16.0819 1460  tcpipreg - ok
21:46:16.0838 1460  [ 5DCF5E267BE67A1AE926F2DF77FBCC56 ] TDPIPE          C:\Windows\system32\drivers\tdpipe.sys
21:46:16.0839 1460  TDPIPE - ok
21:46:16.0853 1460  [ 389C63E32B3CEFED425B61ED92D3F021 ] TDTCP           C:\Windows\system32\drivers\tdtcp.sys
21:46:16.0854 1460  TDTCP - ok
21:46:16.0875 1460  [ D09276B1FAB033CE1D40DCBDF303D10F ] tdx             C:\Windows\system32\DRIVERS\tdx.sys
21:46:16.0876 1460  tdx - ok
21:46:16.0889 1460  [ A048056F5E1A96A9BF3071B91741A5AA ] TermDD          C:\Windows\system32\DRIVERS\termdd.sys
21:46:16.0891 1460  TermDD - ok
21:46:16.0910 1460  [ D605031E225AACCBCEB5B76A4F1603A6 ] TermService     C:\Windows\System32\termsrv.dll
21:46:16.0917 1460  TermService - ok
21:46:16.0933 1460  [ 1E3FDB80E40A3CE645F229DFBDFB7694 ] Themes          C:\Windows\system32\shsvcs.dll
21:46:16.0936 1460  Themes - ok
21:46:16.0946 1460  [ 1076FFCFFAAE8385FD62DFCB25AC4708 ] THREADORDER     C:\Windows\system32\mmcss.dll
21:46:16.0947 1460  THREADORDER - ok
21:46:16.0960 1460  [ EC74E77D0EB004BD3A809B5F8FB8C2CE ] TrkWks          C:\Windows\System32\trkwks.dll
21:46:16.0963 1460  TrkWks - ok
21:46:17.0000 1460  [ 16613A1BAD034D4ECF957AF18B7C2FF5 ] TrustedInstaller C:\Windows\servicing\TrustedInstaller.exe
21:46:17.0002 1460  TrustedInstaller - ok
21:46:17.0022 1460  [ DCF0F056A2E4F52287264F5AB29CF206 ] tssecsrv        C:\Windows\system32\DRIVERS\tssecsrv.sys
21:46:17.0023 1460  tssecsrv - ok
21:46:17.0049 1460  [ CAECC0120AC49E3D2F758B9169872D38 ] tunmp           C:\Windows\system32\DRIVERS\tunmp.sys
21:46:17.0051 1460  tunmp - ok
21:46:17.0058 1460  [ 6042505FF6FA9AC1EF7684D0E03B6940 ] tunnel          C:\Windows\system32\DRIVERS\tunnel.sys
21:46:17.0059 1460  tunnel - ok
21:46:17.0079 1460  [ 7D33C4DB2CE363C8518D2DFCF533941F ] uagp35          C:\Windows\system32\drivers\uagp35.sys
21:46:17.0080 1460  uagp35 - ok
21:46:17.0103 1460  [ 8B5088058FA1D1CD897A2113CCFF6C58 ] udfs            C:\Windows\system32\DRIVERS\udfs.sys
21:46:17.0106 1460  udfs - ok
21:46:17.0113 1460  [ ECEF404F62863755951E09C802C94AD5 ] UI0Detect       C:\Windows\system32\UI0Detect.exe
21:46:17.0115 1460  UI0Detect - ok
21:46:17.0140 1460  [ B0ACFDC9E4AF279E9116C03E014B2B27 ] uliagpkx        C:\Windows\system32\drivers\uliagpkx.sys
21:46:17.0141 1460  uliagpkx - ok
21:46:17.0159 1460  [ 9224BB254F591DE4CA8D572A5F0D635C ] uliahci         C:\Windows\system32\drivers\uliahci.sys
21:46:17.0162 1460  uliahci - ok
21:46:17.0183 1460  [ 8514D0E5CD0534467C5FC61BE94A569F ] UlSata          C:\Windows\system32\drivers\ulsata.sys
21:46:17.0185 1460  UlSata - ok
21:46:17.0205 1460  [ 38C3C6E62B157A6BC46594FADA45C62B ] ulsata2         C:\Windows\system32\drivers\ulsata2.sys
21:46:17.0207 1460  ulsata2 - ok
21:46:17.0227 1460  [ 32CFF9F809AE9AED85464492BF3E32D2 ] umbus           C:\Windows\system32\DRIVERS\umbus.sys
21:46:17.0228 1460  umbus - ok
21:46:17.0243 1460  [ 68308183F4AE0BE7BF8ECD07CB297999 ] upnphost        C:\Windows\System32\upnphost.dll
21:46:17.0248 1460  upnphost - ok
21:46:17.0286 1460  [ EAFE1E00739AFE6C51487A050E772E17 ] USBAAPL         C:\Windows\system32\Drivers\usbaapl.sys
21:46:17.0287 1460  USBAAPL - ok
21:46:17.0328 1460  [ A7CD5B4ADEA26765CAB06BDAB7B07B13 ] usbccgp         C:\Windows\system32\DRIVERS\usbccgp.sys
21:46:17.0330 1460  usbccgp - ok
21:46:17.0349 1460  [ E9476E6C486E76BC4898074768FB7131 ] usbcir          C:\Windows\system32\drivers\usbcir.sys
21:46:17.0351 1460  usbcir - ok
21:46:17.0383 1460  [ 686D4188AE36254C3008B71FEDACADF3 ] usbehci         C:\Windows\system32\DRIVERS\usbehci.sys
21:46:17.0384 1460  usbehci - ok
21:46:17.0400 1460  [ 4E42F665A658F08D153F7FFFE7C83806 ] usbhub          C:\Windows\system32\DRIVERS\usbhub.sys
21:46:17.0403 1460  usbhub - ok
21:46:17.0437 1460  [ 38DBC7DD6CC5A72011F187425384388B ] usbohci         C:\Windows\system32\drivers\usbohci.sys
21:46:17.0438 1460  usbohci - ok
21:46:17.0466 1460  [ E75C4B5269091D15A2E7DC0B6D35F2F5 ] usbprint        C:\Windows\system32\DRIVERS\usbprint.sys
21:46:17.0468 1460  usbprint - ok
21:46:17.0513 1460  [ A508C9BD8724980512136B039BBA65E9 ] usbscan         C:\Windows\system32\DRIVERS\usbscan.sys
21:46:17.0515 1460  usbscan - ok
21:46:17.0547 1460  [ 87BA6B83C5D19B69160968D07D6E2982 ] USBSTOR         C:\Windows\system32\DRIVERS\USBSTOR.SYS
21:46:17.0549 1460  USBSTOR - ok
21:46:17.0558 1460  [ 40F95A3D6D50D82F947F1D167C2EC39D ] usbuhci         C:\Windows\system32\DRIVERS\usbuhci.sys
21:46:17.0559 1460  usbuhci - ok
21:46:17.0570 1460  [ 032A0ACC3909AE7215D524E29D536797 ] UxSms           C:\Windows\System32\uxsms.dll
21:46:17.0573 1460  UxSms - ok
21:46:17.0585 1460  [ B13BC395B9D6116628F5AF47E0802AC4 ] vds             C:\Windows\System32\vds.exe
21:46:17.0592 1460  vds - ok
21:46:17.0616 1460  [ 87B06E1F30B749A114F74622D013F8D4 ] vga             C:\Windows\system32\DRIVERS\vgapnp.sys
21:46:17.0617 1460  vga - ok
21:46:17.0633 1460  [ 2E93AC0A1D8C79D019DB6C51F036636C ] VgaSave         C:\Windows\System32\drivers\vga.sys
21:46:17.0634 1460  VgaSave - ok
21:46:17.0655 1460  [ 5D7159DEF58A800D5781BA3A879627BC ] viaagp          C:\Windows\system32\drivers\viaagp.sys
21:46:17.0657 1460  viaagp - ok
21:46:17.0682 1460  [ C4F3A691B5BAD343E6249BD8C2D45DEE ] ViaC7           C:\Windows\system32\drivers\viac7.sys
21:46:17.0683 1460  ViaC7 - ok
21:46:17.0705 1460  [ AADF5587A4063F52C2C3FED7887426FC ] viaide          C:\Windows\system32\drivers\viaide.sys
21:46:17.0706 1460  viaide - ok
21:46:17.0710 1460  [ 69503668AC66C77C6CD7AF86FBDF8C43 ] volmgr          C:\Windows\system32\drivers\volmgr.sys
21:46:17.0711 1460  volmgr - ok
21:46:17.0722 1460  [ 98F5FFE6316BD74E9E2C97206C190196 ] volmgrx         C:\Windows\system32\drivers\volmgrx.sys
21:46:17.0726 1460  volmgrx - ok
21:46:17.0745 1460  [ D8B4A53DD2769F226B3EB374374987C9 ] volsnap         C:\Windows\system32\drivers\volsnap.sys
21:46:17.0752 1460  volsnap - ok
21:46:17.0774 1460  [ 587253E09325E6BF226B299774B728A9 ] vsmraid         C:\Windows\system32\drivers\vsmraid.sys
21:46:17.0776 1460  vsmraid - ok
21:46:17.0805 1460  [ D5FB73D19C46ADE183F968E13F186B23 ] VSS             C:\Windows\system32\vssvc.exe
21:46:17.0819 1460  VSS - ok
21:46:17.0840 1460  [ C466021D31FF6C0A6069D12299D80C0B ] VSTHWBS2        C:\Windows\system32\DRIVERS\VSTBS23.SYS
21:46:17.0844 1460  VSTHWBS2 - ok
21:46:17.0884 1460  [ EC36F1D542ED4252390D446BF6D4DFD0 ] VST_DPV         C:\Windows\system32\DRIVERS\VSTDPV3.SYS
21:46:17.0896 1460  VST_DPV - ok
21:46:17.0923 1460  [ 1CF9206966A8458CDA9A8B20DF8AB7D3 ] W32Time         C:\Windows\system32\w32time.dll
21:46:17.0929 1460  W32Time - ok
21:46:17.0953 1460  [ 48DFEE8F1AF7C8235D4E626F0C4FE031 ] WacomPen        C:\Windows\system32\drivers\wacompen.sys
21:46:17.0954 1460  WacomPen - ok
21:46:17.0977 1460  [ 55201897378CCA7AF8B5EFD874374A26 ] Wanarp          C:\Windows\system32\DRIVERS\wanarp.sys
21:46:17.0979 1460  Wanarp - ok
21:46:17.0982 1460  [ 55201897378CCA7AF8B5EFD874374A26 ] Wanarpv6        C:\Windows\system32\DRIVERS\wanarp.sys
21:46:17.0982 1460  Wanarpv6 - ok
21:46:17.0996 1460  [ F3A5C2E1A6533192B070D06ECF6BE796 ] wcncsvc         C:\Windows\System32\wcncsvc.dll
21:46:18.0003 1460  wcncsvc - ok
21:46:18.0012 1460  [ 11BCB7AFCDD7AADACB5746F544D3A9C7 ] WcsPlugInService C:\Windows\System32\WcsPlugInService.dll
21:46:18.0014 1460  WcsPlugInService - ok
21:46:18.0031 1460  [ 78FE9542363F297B18C027B2D7E7C07F ] Wd              C:\Windows\system32\drivers\wd.sys
21:46:18.0032 1460  Wd - ok
21:46:18.0067 1460  [ B6F0A7AD6D4BD325FBCD8BAC96CD8D96 ] Wdf01000        C:\Windows\system32\drivers\Wdf01000.sys
21:46:18.0074 1460  Wdf01000 - ok
21:46:18.0095 1460  [ ABFC76B48BB6C96E3338D8943C5D93B5 ] WdiServiceHost  C:\Windows\system32\wdi.dll
21:46:18.0098 1460  WdiServiceHost - ok
21:46:18.0103 1460  [ ABFC76B48BB6C96E3338D8943C5D93B5 ] WdiSystemHost   C:\Windows\system32\wdi.dll
21:46:18.0105 1460  WdiSystemHost - ok
21:46:18.0116 1460  [ CF9A5F41789B642DB967021DE06A2713 ] WebClient       C:\Windows\System32\webclnt.dll
21:46:18.0120 1460  WebClient - ok
21:46:18.0165 1460  [ AE3736E7E8892241C23E4EBBB7453B60 ] Wecsvc          C:\Windows\system32\wecsvc.dll
21:46:18.0169 1460  Wecsvc - ok
21:46:18.0176 1460  [ 670FF720071ED741206D69BD995EA453 ] wercplsupport   C:\Windows\System32\wercplsupport.dll
21:46:18.0178 1460  wercplsupport - ok
21:46:18.0206 1460  [ FD1965AAA112C6818A30AB02742D0461 ] WerSvc          C:\Windows\System32\WerSvc.dll
21:46:18.0209 1460  WerSvc - ok
21:46:18.0231 1460  [ 5C7BDCF5864DB00323FE2D90FA26A8A2 ] winachsf        C:\Windows\system32\DRIVERS\VSTCNXT3.SYS
21:46:18.0239 1460  winachsf - ok
21:46:18.0243 1460  WinHttpAutoProxySvc - ok
21:46:18.0287 1460  [ 00B79A7C984678F24CF052E5BEB3A2F5 ] Winmgmt         C:\Windows\system32\wbem\WMIsvc.dll
21:46:18.0289 1460  Winmgmt - ok
21:46:18.0346 1460  [ 7CFE68BDC065E55AA5E8421607037511 ] WinRM           C:\Windows\system32\WsmSvc.dll
21:46:18.0362 1460  WinRM - ok
21:46:18.0416 1460  [ 275F4346E569DF56CFB95243BD6F6FF0 ] Wlansvc         C:\Windows\System32\wlansvc.dll
21:46:18.0423 1460  Wlansvc - ok
21:46:18.0436 1460  [ 2E7255D172DF0B8283CDFB7B433B864E ] WmiAcpi         C:\Windows\system32\drivers\wmiacpi.sys
21:46:18.0437 1460  WmiAcpi - ok
21:46:18.0470 1460  [ ABA4CF9F856D9A3A25F4DDD7690A6E9D ] wmiApSrv        C:\Windows\system32\wbem\WmiApSrv.exe
21:46:18.0472 1460  wmiApSrv - ok
21:46:18.0531 1460  [ 3978704576A121A9204F8CC49A301A9B ] WMPNetworkSvc   C:\Program Files\Windows Media Player\wmpnetwk.exe
21:46:18.0546 1460  WMPNetworkSvc - ok
21:46:18.0568 1460  [ 5D94CD167751294962BA238D82DD1BB8 ] WPCSvc          C:\Windows\System32\wpcsvc.dll
21:46:18.0572 1460  WPCSvc - ok
21:46:18.0583 1460  [ 396D406292B0CD26E3504FFE82784702 ] WPDBusEnum      C:\Windows\system32\wpdbusenum.dll
21:46:18.0586 1460  WPDBusEnum - ok
21:46:18.0630 1460  [ 0CEC23084B51B8288099EB710224E955 ] WpdUsb          C:\Windows\system32\DRIVERS\wpdusb.sys
21:46:18.0631 1460  WpdUsb - ok
21:46:18.0757 1460  [ DCF3E3EDF5109EE8BC02FE6E1F045795 ] WPFFontCache_v0400 C:\Windows\Microsoft.NET\Framework\v4.0.30319\WPF\WPFFontCache_v0400.exe
21:46:18.0767 1460  WPFFontCache_v0400 - ok
21:46:18.0778 1460  [ E3A3CB253C0EC2494D4A61F5E43A389C ] ws2ifsl         C:\Windows\system32\drivers\ws2ifsl.sys
21:46:18.0779 1460  ws2ifsl - ok
21:46:18.0797 1460  [ 683DD16B590372F2C9661D277F35E49C ] wscsvc          C:\Windows\System32\wscsvc.dll
21:46:18.0799 1460  wscsvc - ok
21:46:18.0803 1460  WSearch - ok
21:46:18.0815 1460  [ AC13CB789D93412106B0FB6C7EB2BCB6 ] WUDFRd          C:\Windows\system32\DRIVERS\WUDFRd.sys
21:46:18.0817 1460  WUDFRd - ok
21:46:18.0842 1460  [ 575A4190D989F64732119E4114045A4F ] wudfsvc         C:\Windows\System32\WUDFSvc.dll
21:46:18.0879 1460  wudfsvc - ok
21:46:18.0902 1460  ================ Scan global ===============================
21:46:18.0921 1460  [ F31EEBC1A1C81FD04005489CC3DCDFE7 ] C:\Windows\system32\basesrv.dll
21:46:18.0955 1460  [ F42F8855CB5C22E203C6672B124F17FD ] C:\Windows\system32\winsrv.dll
21:46:18.0967 1460  [ F42F8855CB5C22E203C6672B124F17FD ] C:\Windows\system32\winsrv.dll
21:46:19.0001 1460  [ 2B336AB6286D6C81FA02CBAB914E3C6C ] C:\Windows\system32\services.exe
21:46:19.0006 1460  [Global] - ok
21:46:19.0006 1460  ================ Scan MBR ==================================
21:46:19.0016 1460  [ 5C616939100B85E558DA92B899A0FC36 ] \Device\Harddisk0\DR0
21:46:19.0270 1460  \Device\Harddisk0\DR0 - ok
21:46:19.0270 1460  ================ Scan VBR ==================================
21:46:19.0288 1460  [ 64AA418F3424FBD29074B1EFE310BF77 ] \Device\Harddisk0\DR0\Partition1
21:46:19.0290 1460  \Device\Harddisk0\DR0\Partition1 - ok
21:46:19.0292 1460  [ 4091B9F5B9999472BEA99111BDA8D92E ] \Device\Harddisk0\DR0\Partition2
21:46:19.0297 1460  \Device\Harddisk0\DR0\Partition2 - ok
21:46:19.0315 1460  [ 49A299EFA5749F2E97A581C9FC62334B ] \Device\Harddisk0\DR0\Partition3
21:46:19.0318 1460  \Device\Harddisk0\DR0\Partition3 - ok
21:46:19.0318 1460  ============================================================
21:46:19.0318 1460  Scan finished
21:46:19.0318 1460  ============================================================
21:46:19.0325 2424  Detected object count: 0

Im vierten Schritt wurden keine infizierten Quellen gefunden.
Ich bin sehr gespannt, was die Quintessenz der vier Schritte ist.

Psychotic · 24.10.2012, 10:26

Ich sehe, dass Du sogenannte Peer to Peer oder Filesharing-Programme verwendest.

In deinem Fall uTorrent.

Diese Programme erlauben es dir, Daten mit anderen Usern auszutauschen. Leider ist auch p2p oder Filesharing nicht ausgenommen, infizierte Dateien zu verteilen und dies ist auch ein Grund, warum sich Malware so schnell verbreitet.

Es ist also möglich, dass du Dir eine infizierte Datei herunterlädst. Du kannst niemals wissen, woher diese stammt. Daher sollte diese Art Software mit äußerster Vorsicht benutzt werden.

Ein ebenfalls wichtiger Punkt ist, dass das Verbreiten von Media- und Entertainment-Dateien in den meisten Ländern der Welt gegen Copyright Rechte verstößt. Natürlich gibt es auch einen legalen Weg zur Nutzung dieses Service, zum Beispiel zum Downloaden von Linux oder Open Office. Denoch würde ich Dich ersuchen, diese Art von Software nicht weiterhin zu verwenden.

Bitte gehe zu Start --> Systemsteuerung --> Software und deinstalliere die oben erwähnte Software.

Bitte gib Bescheid wenn Du eines der gelisteten Programme nicht finden kannst.

jonasjosef · 24.10.2012, 13:40

Ich wüsste gar nicht wann ich dies zum letzten Mal verwendet habe, ich glaube das "uTorrent" habe ich zwecks Bilder für ne Homepage gebraucht.

Verstehe ich es richtig, dass ich bloß dieses Programm entfernen soll und ansonsten alles wie gewohnt laufen sollte und das "System Progressive Protection" von meinem Rechner weg ist?

Ich habe immer noch Malwarebytes mit den gefundenen infizierten Quellen offen, soll ich diese Quellen nun löschen oder ist dies hinfällig?

Psychotic · 24.10.2012, 14:04

Nein, weder Malwarebytes noch die Entfernung von uTorrent werden diesen Schädling entfernen. Du hast nämlich das ZeroAccess-Rootkit am System.

Entferne uTorrent und gib mir dann Bescheid, dann gehts weiter!

jonasjosef · 24.10.2012, 17:22

uTorrent wurde entfernt.
Ich könnte jetzt weitere Anweisungen unsetzen. Vielen Dank schon mal für deine Geduld.

Achso es wäre klasse, wenn Du mich noch kurz darüber aufklären könntest, ob ich die von Malwarebytes gefundenen infizierten Quellen löschen oder einfach das Programm schließen soll?

jonasjosef · 25.10.2012, 19:01

Ich würde mich über eine heutige Rückmeldung wahnsinnig freuen.

Psychotic · 26.10.2012, 07:55

Entferne die Funde mit MBAM und poste das log hier!

Dann weiter mit Combofix!

Combofix

Combofix darf ausschließlich ausgeführt werden, wenn dies von einem Team Mitglied angewiesen wurde!
Es sollte nie auf eigene Initiative hin ausgeführt werden! Eine falsche Benutzung kann ernsthafte Computerprobleme nach sich ziehen und eine Bereinigung der Infektion noch erschweren.

Downloade dir bitte Combofix von einem dieser Downloadspiegel

Link 1
Link 2

WICHTIG - Speichere Combofix auf deinem Desktop

Deaktiviere bitte all deine Anti Viren sowie Anti Malware/Spyware Scanner. Diese können Combofix bei der Arbeit stören.

Starte die Combofix.exe und folge den Anweisungen auf dem Bildschirm.

Wenn Combofix fertig ist, wird es eine Logfile erstellen. Bitte poste die C:\Combofix.txt in deiner nächsten Antwort.

Hinweis: Solltest du nach dem Neustart folgende Fehlermeldung erhalten

Zitat:

Es wurde versucht, einen Registrierungsschlüssel einem ungültigen Vorgang zu unterziehen, der zum Löschen markiert wurde.

starte den Rechner einfach neu. Dies sollte das Problem beheben.

jonasjosef · 26.10.2012, 21:15

Zu erst der Malwarebytes Log. In dem noch mal weitere 5 infizierte Dateien gefunden wurden:

Code:

ATTFilter

Malwarebytes Anti-Malware 1.65.1.1000
www.malwarebytes.org

Datenbank Version: v2012.10.22.05

Windows Vista Service Pack 1 x86 NTFS (Abgesichertenmodus/Netzwerkfähig)
Internet Explorer 7.0.6001.18000
Jonas :: HOFFMANN-PC [Administrator]

26.10.2012 19:13:27
mbam-log-2012-10-26 (21-14-59).txt

Art des Suchlaufs: Vollständiger Suchlauf (C:\|D:\|M:\|)
Aktivierte Suchlaufeinstellungen: Speicher | Autostart | Registrierung | Dateisystem | Heuristiks/Extra | HeuristiKs/Shuriken | PUP | PUM
Deaktivierte Suchlaufeinstellungen: P2P
Durchsuchte Objekte: 776919
Laufzeit: 1 Stunde(n), 59 Minute(n), 22 Sekunde(n)

Infizierte Speicherprozesse: 0
(Keine bösartigen Objekte gefunden)

Infizierte Speichermodule: 0
(Keine bösartigen Objekte gefunden)

Infizierte Registrierungsschlüssel: 0
(Keine bösartigen Objekte gefunden)

Infizierte Registrierungswerte: 0
(Keine bösartigen Objekte gefunden)

Infizierte Dateiobjekte der Registrierung: 0
(Keine bösartigen Objekte gefunden)

Infizierte Verzeichnisse: 0
(Keine bösartigen Objekte gefunden)

Infizierte Dateien: 5
C:\$Recycle.Bin\S-1-5-18\$76b7121237c98ba546f10e74ef61dc99\n (Trojan.0Access) -> Keine Aktion durchgeführt.
C:\$Recycle.Bin\S-1-5-18\$76b7121237c98ba546f10e74ef61dc99\U\00000001.@ (Trojan.0Access) -> Keine Aktion durchgeführt.
C:\$Recycle.Bin\S-1-5-18\$76b7121237c98ba546f10e74ef61dc99\U\80000000.@ (Trojan.0Access) -> Keine Aktion durchgeführt.
C:\$Recycle.Bin\S-1-5-18\$76b7121237c98ba546f10e74ef61dc99\U\800000cb.@ (Trojan.0Access) -> Keine Aktion durchgeführt.
C:\$Recycle.Bin\S-1-5-21-651249750-224367086-3025743595-1000\$76b7121237c98ba546f10e74ef61dc99\n (Trojan.0Access) -> Keine Aktion durchgeführt.

(Ende)

Und nachfolgend der Log von Combofix:

Code:

ATTFilter

ComboFix 12-10-26.05 - Jonas 26.10.2012  21:56:54.1.4 - x86 NETWORK
Microsoft® Windows Vista™ Home Premium   6.0.6001.1.1252.49.1031.18.2045.1367 [GMT 2:00]
ausgeführt von:: c:\users\Jonas\Desktop\ComboFix.exe
AV: Kaspersky Anti-Virus *Disabled/Updated* {2EAA32A5-1EE1-1B22-95DA-337730C6E984}
SP: Kaspersky Anti-Virus *Disabled/Updated* {95CBD341-38DB-14AC-AF6A-08054B41A339}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
.
((((((((((((((((((((((((((((((((((((   Weitere Löschungen   ))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\programdata\hpe2C43.dll
c:\users\Jonas\AppData\Roaming\.#
c:\users\Jonas\Documents\~WRL0001.tmp
c:\users\Jonas\Documents\~WRL0002.tmp
c:\users\Jonas\Documents\~WRL0003.tmp
c:\users\Jonas\Documents\~WRL0004.tmp
c:\users\Jonas\Documents\~WRL0005.tmp
c:\users\Jonas\Documents\~WRL0006.tmp
c:\users\Jonas\Documents\~WRL1446.tmp
c:\users\Jonas\Documents\~WRL2456.tmp
c:\users\Jonas\lame_enc_en.dll
c:\users\Jonas\lametritonus_en.dll
C:\WinLogon
c:\winlogon\19156C796C4C8E2
M:\install.exe
.
.
(((((((((((((((((((((((   Dateien erstellt von 2012-09-26 bis 2012-10-26  ))))))))))))))))))))))))))))))
.
.
2012-10-26 20:04 . 2012-10-26 20:04	--------	d-----w-	c:\users\Marcus\AppData\Local\temp
2012-10-26 20:04 . 2012-10-26 20:04	--------	d-----w-	c:\users\Lothar\AppData\Local\temp
2012-10-26 20:04 . 2012-10-26 20:04	--------	d-----w-	c:\users\iPhone\AppData\Local\temp
2012-10-26 20:04 . 2012-10-26 20:04	--------	d-----w-	c:\users\Gerda\AppData\Local\temp
2012-10-22 19:25 . 2012-10-22 19:25	--------	d-----w-	c:\programdata\Malwarebytes
2012-10-22 19:25 . 2012-09-29 17:54	22856	----a-w-	c:\windows\system32\drivers\mbam.sys
2012-10-22 19:00 . 2012-10-26 17:11	--------	d-----w-	c:\programdata\1EDC110C43DB8F6100001EDBF23695A5
2012-10-19 15:19 . 2012-10-17 00:32	6918632	------w-	c:\programdata\Microsoft\Windows Defender\Definition Updates\{033B213F-072B-43C8-A4E1-63F31CE5F134}\mpengine.dll
.
.
.
((((((((((((((((((((((((((((((((((((   Find3M Bericht   ))))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2012-09-07 06:12 . 2009-07-18 08:09	119296	----a-w-	c:\windows\system32\zlib.dll
2012-04-21 01:18 . 2012-06-04 10:20	97208	----a-w-	c:\program files\mozilla firefox\components\browsercomps.dll
2006-05-03 09:06	163328	--sh--r-	c:\windows\System32\flvDX.dll
2007-02-21 10:47	31232	--sh--r-	c:\windows\System32\msfDX.dll
2008-03-16 12:30	216064	--sh--r-	c:\windows\System32\nbDX.dll
.
.
((((((((((((((((((((((((((((   Autostartpunkte der Registrierung   ))))))))))))))))))))))))))))))))))))))))
.
.
*Hinweis* leere Einträge & legitime Standardeinträge werden nicht angezeigt. 
REGEDIT4
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"APSDaemon"="c:\program files\Common Files\Apple\Apple Application Support\APSDaemon.exe" [2012-05-30 59280]
"iTunesHelper"="m:\programme\itunes\iTunesHelper.exe" [2012-06-07 421776]
.
c:\users\Default User\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
Dell Dock First Run.lnk - c:\program files\Dell\DellDock\DellDock.exe [2008-7-15 1226024]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"EnableUIADesktopToggle"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\GoToAssist]
2008-10-23 22:28	10536	----a-w-	c:\program files\Citrix\GoToAssist\514\g2awinlogon.dll
.
[HKLM\~\startupfolder\C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^HP Digital Imaging Monitor.lnk]
path=c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\HP Digital Imaging Monitor.lnk
backup=c:\windows\pss\HP Digital Imaging Monitor.lnk.CommonStartup
backupExtension=.CommonStartup
.
[HKLM\~\startupfolder\C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^WISO Mein Steuer-Sparbuch heute.lnk]
path=c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\WISO Mein Steuer-Sparbuch heute.lnk
backup=c:\windows\pss\WISO Mein Steuer-Sparbuch heute.lnk.CommonStartup
backupExtension=.CommonStartup
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe Reader Speed Launcher]
2008-06-12 01:38	34672	----a-w-	c:\program files\Adobe\Reader 9.0\Reader\reader_sl.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\APSDaemon]
2012-05-30 18:06	59280	----a-w-	c:\program files\Common Files\Apple\Apple Application Support\APSDaemon.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AVP]
2011-04-24 22:15	202296	----a-w-	c:\program files\Kaspersky Anti-Virus 2012\avp.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ConnectionCenter]
2012-07-27 01:05	380088	----a-w-	c:\program files\Citrix\ICA Client\concentr.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\dellsupportcenter]
2009-06-03 12:46	206064	----a-w-	c:\program files\Dell Support Center\bin\sprtcmd.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ehTray.exe]
2008-01-21 02:25	125952	----a-w-	c:\windows\ehome\ehtray.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HP Software Update]
2011-05-10 00:41	49208	----a-w-	c:\program files\HP\HP Software Update\hpwuschd2.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\RtHDVCpl]
2007-05-11 13:26	4452352	----a-w-	c:\windows\RtHDVCpl.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\StartCCC]
2008-01-21 11:17	61440	----a-w-	c:\program files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SunJavaUpdateSched]
2011-04-08 10:59	254696	----a-w-	c:\program files\Common Files\Java\Java Update\jusched.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\WinampAgent]
2003-04-17 06:54	12288	----a-w-	m:\programme\Winamp\winampa.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Windows Defender]
2008-01-21 02:23	1008184	----a-w-	c:\program files\Windows Defender\MSASCui.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\WMPNSCFG]
2008-01-21 02:25	202240	----a-w-	c:\program files\Windows Media Player\wmpnscfg.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring]
"DisableMonitoring"=dword:00000001
.
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\KasperskyAntiVirus]
"DisableMonitoring"=dword:00000001
.
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus]
"DisableMonitoring"=dword:00000001
.
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecFirewall]
"DisableMonitoring"=dword:00000001
.
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Svc\S-1-5-21-651249750-224367086-3025743595-1000]
"EnableNotifications"=dword:00000001
"EnableNotificationsRef"=dword:00000002
.
--- Andere Dienste/Treiber im Speicher ---
.
*NewlyCreated* - ECACHE
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
HPZ12	REG_MULTI_SZ   	Pml Driver HPZ12 Net Driver HPZ12
HPService	REG_MULTI_SZ   	HPSLPSVC
hpdevmgmt	REG_MULTI_SZ   	hpqcxs08 hpqddsvc
.
Inhalt des "geplante Tasks" Ordners
.
2012-10-20 c:\windows\Tasks\Google Software Updater.job
- c:\program files\Google\Common\Google Updater\GoogleUpdaterService.exe [2008-11-05 19:14]
.
2012-10-22 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files\Google\Update\GoogleUpdate.exe [2009-12-29 08:10]
.
2012-10-21 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files\Google\Update\GoogleUpdate.exe [2009-12-29 08:10]
.
2012-10-22 c:\windows\Tasks\User_Feed_Synchronization-{4205D340-6485-453F-BC49-26438D2879F8}.job
- c:\windows\system32\msfeedssync.exe [2008-01-21 02:24]
.
.
------- Zusätzlicher Suchlauf -------
.
uStart Page = hxxp://www.google.de/
uInternet Settings,ProxyOverride = *.local
IE: Alles mit Net Transport herunterladen - m:\programme\NetTransport 2\NTAddList.html
IE: Free YouTube to MP3 Converter - c:\users\Jonas\AppData\Roaming\DVDVideoSoftIEHelpers\freeyoutubetomp3converter.htm
IE: Mit Net Transport herunterladen - m:\programme\NetTransport 2\NTAddLink.html
IE: Nach Microsoft E&xel exportieren - c:\progra~1\MICROS~3\Office12\EXCEL.EXE/3000
TCP: DhcpNameServer = 217.237.148.22 217.237.150.51
FF - ProfilePath - c:\users\Jonas\AppData\Roaming\Mozilla\Firefox\Profiles\uaiijvfa.default\
FF - prefs.js: browser.search.selectedEngine - Google
FF - prefs.js: browser.startup.homepage - hxxp://www.google.de/
FF - prefs.js: keyword.URL - hxxp://www.google.com/search?ie=UTF-8&oe=UTF-8&sourceid=navclient&gfns=1&q=
FF - ExtSQL: !HIDDEN! 2009-09-05 18:05; {20a82645-c095-46ed-80e3-08825760534b}; c:\windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension
FF - ExtSQL: !HIDDEN! 2010-04-03 11:34; smartwebprinting@hp.com; c:\program files\HP\Digital Imaging\Smart Web Printing\MozillaAddOn2
.
- - - - Entfernte verwaiste Registrierungseinträge - - - -
.
URLSearchHooks-{00000000-6E41-4FD3-8538-502F5495E5FC} - c:\program files\Ask.com\GenericAskToolbar.dll
BHO-{D4027C7F-154A-4066-A1AD-4243D8127440} - c:\program files\Ask.com\GenericAskToolbar.dll
Toolbar-{D4027C7F-154A-4066-A1AD-4243D8127440} - c:\program files\Ask.com\GenericAskToolbar.dll
WebBrowser-{D4027C7F-154A-4066-A1AD-4243D8127440} - c:\program files\Ask.com\GenericAskToolbar.dll
MSConfigStartUp-AppleSyncNotifier - c:\program files\Common Files\Apple\Mobile Device Support\AppleSyncNotifier.exe
MSConfigStartUp-CitrixReceiver - c:\programdata\Microsoft\Windows\Start Menu\Programs\Citrix\Receiver Updater.lnk
MSConfigStartUp-EA Core - m:\spiele\EA SPORTS\EADM\Core.exe
MSConfigStartUp-Malwarebytes' Anti-Malware (reboot) - m:\patches&files\Malwarebytes' Anti-Malware\mbam.exe
AddRemove-Uninstall_is1 - c:\program files\Common Files\DVDVideoSoft\unins000.exe
.
.
.
**************************************************************************
.
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, hxxp://www.gmer.net
Rootkit scan 2012-10-26 22:06
Windows 6.0.6001 Service Pack 1 NTFS
.
Scanne versteckte Prozesse... 
.
Scanne versteckte Autostarteinträge... 
.
Scanne versteckte Dateien... 
.
Scan erfolgreich abgeschlossen
versteckte Dateien: 0
.
**************************************************************************
.
--------------------- Gesperrte Registrierungsschluessel ---------------------
.
[HKEY_USERS\S-1-5-21-651249750-224367086-3025743595-1000\Software\SecuROM\!CAUTION! NEVER A OR CHANGE ANY KEY*]
"??"=hex:bd,09,93,04,f7,00,a4,9e,9a,3a,a9,93,90,4d,93,82,3c,ba,62,b0,ec,48,5f,
   ba,73,df,34,b7,aa,87,13,c7,25,02,34,a6,ea,ec,81,8d,5c,31,38,dc,bc,4d,ce,13,\
"??"=hex:25,d2,a1,9d,a1,1c,c3,7b,7f,5e,b2,d0,54,a0,e5,8c
.
[HKEY_USERS\S-1-5-21-651249750-224367086-3025743595-1000\Software\SecuROM\License information*]
"datasecu"=hex:9e,b3,06,83,7b,56,19,2d,74,94,74,27,63,b8,d1,6d,95,a8,4c,e4,63,
   76,4f,d7,4b,8c,e7,21,4b,d5,57,c0,5d,a9,fd,d1,31,93,a4,54,c4,a7,16,16,04,34,\
"rkeysecu"=hex:54,81,79,84,3d,74,dc,ee,86,47,98,58,b2,c1,6e,4c
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0001\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0002\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
Zeit der Fertigstellung: 2012-10-26  22:08:06
ComboFix-quarantined-files.txt  2012-10-26 20:07
.
Vor Suchlauf: 10 Verzeichnis(se), 59.760.750.592 Bytes frei
Nach Suchlauf: 24 Verzeichnis(se), 62.827.405.312 Bytes frei
.
- - End Of File - - CDB04AC9F6889CE453057143DA6761FC

jonasjosef · 28.10.2012, 12:44

Der letzte Suchlauf über Malwarebytes hat keinerlei infizierten Quellen mehr ausgegeben.

Code:

ATTFilter

Malwarebytes Anti-Malware 1.65.1.1000
www.malwarebytes.org

Datenbank Version: v2012.10.22.05

Windows Vista Service Pack 1 x86 NTFS (Abgesichertenmodus/Netzwerkfähig)
Internet Explorer 7.0.6001.18000
Jonas :: HOFFMANN-PC [Administrator]

27.10.2012 15:13:29
mbam-log-2012-10-27 (15-13-29).txt

Art des Suchlaufs: Vollständiger Suchlauf (C:\|D:\|M:\|)
Aktivierte Suchlaufeinstellungen: Speicher | Autostart | Registrierung | Dateisystem | Heuristiks/Extra | HeuristiKs/Shuriken | PUP | PUM
Deaktivierte Suchlaufeinstellungen: P2P
Durchsuchte Objekte: 682636
Laufzeit: 1 Stunde(n), 25 Minute(n), 22 Sekunde(n)

Infizierte Speicherprozesse: 0
(Keine bösartigen Objekte gefunden)

Infizierte Speichermodule: 0
(Keine bösartigen Objekte gefunden)

Infizierte Registrierungsschlüssel: 0
(Keine bösartigen Objekte gefunden)

Infizierte Registrierungswerte: 0
(Keine bösartigen Objekte gefunden)

Infizierte Dateiobjekte der Registrierung: 0
(Keine bösartigen Objekte gefunden)

Infizierte Verzeichnisse: 0
(Keine bösartigen Objekte gefunden)

Infizierte Dateien: 0
(Keine bösartigen Objekte gefunden)

(Ende)

Psychotic · 29.10.2012, 10:26

Wie verhält sich der Rechner?

jonasjosef · 29.10.2012, 12:00

Bin bisher nur über den abgesicherten Modus rein, um die Schritte auszuführen. Da ich erst spätabends austesten kann, ob der Rechner normal läuft, wäre es ausgesprochen freundlich von dir mir heute noch zwei Wege (weitere Schritte) für die folgenden möglichen Fälle zukommen zu lassen.

Fall a):
Rechner läuft ganz normal und das System Progressive Protection taucht nicht mehr auf.

Fall b):
System Progressive Protection erscheint immer noch.

Psychotic · 29.10.2012, 14:32

a)--------------------------------------------------------------------------------------

Sieht ganz gut aus - kontrollieren wir alles nochmal!

Schritt 1: MBAM vollständig

Downloade Dir bitte Malwarebytes

Installiere das Programm in den vorgegebenen Pfad.
Vista und Win7 User mit Rechtsklick "als Administrator starten"
Starte Malwarebytes, klicke auf Aktualisierung --> Suche nach Aktualisierung
Wenn das Update beendet wurde, aktiviere Vollständigen Scan durchführen und drücke auf Scannen. (Hinweis: Alle Festplatten anhaken!)
Wenn der Scan beendet ist, klicke auf Ergebnisse anzeigen.
Versichere Dich, dass alle Funde markiert sind und drücke Entferne Auswahl.
Poste das Logfile, welches sich in Notepad öffnet, hier in den Thread.
Nachträglich kannst du den Bericht unter "Log Dateien" finden.

Schritt 2: ESET

ESET Online Scanner

Hier findest du eine bebilderte Anleitung zu ESET Online Scanner
Lade und starte Eset Online Scanner
Setze einen Haken bei Ja, ich bin mit den Nutzungsbedingungen einverstanden und klicke auf Starten.
Aktiviere die "Erkennung von eventuell unerwünschten Anwendungen" und wähle folgende Einstellungen.
Klicke auf Starten.
Die Signaturen werden heruntergeladen, der Scan beginnt automatisch.
Klicke am Ende des Suchlaufs auf Fertig stellen.
Schließe das Fenster von ESET.
Explorer öffnen.
C:\Programme\Eset\EsetOnlineScanner\log.txt (bei 64 Bit auch C:\Programme (x86)\Eset\EsetOnlineScanner\log.txt) suchen und mit Deinem Editor öffnen (bebildert).
Logfile hier posten.
Deinstallation: Systemsteuerung => Software / Programme deinstallieren => Eset Online Scanner V3 entfernen.
Manuell folgenden Ordner löschen und Papierkorb leeren => C:\Programme\Eset

b)-------------------------------------------------------------------------------------------------

Rogue Killer

Downloade dir bitte Rogue Killer von hier.

Speichere das Tool auf deinem Desktop !
Schließe alle laufenden Programme.
Starte die RogueKiller.exe
Warte bis Prescan abgeschlossen erscheint und klicke dann auf Scannen.
Wenn der Scan beendet wurde, klicke auf Bericht und poste diesen hier.
Du findest die Logdatei RKreport[1].txt auch auf deinem Desktop.

29.10.2012, 10:26	#13
Psychotic /// Malwareteam	System Progressive Protection (Malware) - Entfernung Wie verhält sich der Rechner? __________________ Kein Asylrecht für Trojaner! Proud Member of UNITE Hinweis: Ich bin nur werktags erreichbar! Anfragen über PM werden ignoriert! Du bist zufrieden mit uns? Dann unterstütze das Trojaner-Board!

System Progressive Protection (Malware) - Entfernung

Log-Analyse und Auswertung: System Progressive Protection (Malware) - Entfernung