TR/ATRAPS.Gen und TR/ATRAPS.Gen2 von Avira in $Recycle.bin gemeldet.

Ezelmaster · 27.10.2012, 10:00

Hallo Trojaner-Board.

Seit nun zwei Tagen werden mir immer wieder die beiden Funde von Avira gemeldet. Wenn ich sie entfernen lasse kommen sie direkt danach wieder. Ich habe leider keinerlei Ahnung von Viren und der daraus folgenden Problembehandlung. Normalerweise würde ich meine Festplatte formatieren, habe aber derzeit keine Sicherungsmöglichkeit für meine Daten. Nun wende ich mich hilfesuchend an euch und hoffe, dass ihr mir noch eine andere Möglichkeit aufzeigen könnt.
Ich habe defogger, OTL und GMER durchlaufen lassen und poste Euch hier die Ergebnisse.

Vielen dank im voraus und mit freundlichen Grüßen

Ezelmaster

Hier nun den Inhalt der OTL Datei (die GMER und Extras hänge ich an);

OTL logfile created on: 26.10.2012 19:16:43 - Run 1
OTL by OldTimer - Version 3.2.69.0 Folder = C:\Users\Ezelmaster\Desktop
Windows Vista Home Premium Edition Service Pack 2 (Version = 6.0.6002) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy

2,99 Gb Total Physical Memory | 2,16 Gb Available Physical Memory | 72,07% Memory free
6,20 Gb Paging File | 5,30 Gb Available in Paging File | 85,53% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 144,09 Gb Total Space | 67,43 Gb Free Space | 46,80% Space Free | Partition Type: NTFS
Drive F: | 144,00 Gb Total Space | 116,60 Gb Free Space | 80,97% Space Free | Partition Type: NTFS

Computer Name: EZEL | User Name: Ezelmaster | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Quick Scan
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - [2012.10.26 19:15:37 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\Ezelmaster\Desktop\OTL.exe
PRC - [2012.08.08 23:24:05 | 000,348,664 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\Programme\Avira\AntiVir Desktop\avgnt.exe
PRC - [2012.05.08 21:32:39 | 000,086,224 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\Programme\Avira\AntiVir Desktop\sched.exe
PRC - [2012.05.08 21:32:38 | 000,110,032 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\Programme\Avira\AntiVir Desktop\avguard.exe
PRC - [2012.05.08 21:32:38 | 000,080,336 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\Programme\Avira\AntiVir Desktop\avshadow.exe
PRC - [2010.12.10 18:30:50 | 000,086,880 | ---- | M] (Microsoft Corporation) -- C:\Programme\Microsoft SQL Server\90\Shared\sqlwriter.exe
PRC - [2010.12.10 18:29:30 | 000,238,944 | ---- | M] (Microsoft Corporation) -- C:\Programme\Microsoft SQL Server\90\Shared\sqlbrowser.exe
PRC - [2009.04.11 08:27:36 | 002,926,592 | ---- | M] (Microsoft Corporation) -- C:\Windows\explorer.exe
PRC - [2009.04.11 08:27:28 | 000,069,120 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\conime.exe
PRC - [2009.02.23 11:48:50 | 000,030,312 | ---- | M] (Microsoft Corporation) -- C:\Programme\Microsoft Small Business\Business Contact Manager\BcmSqlStartupSvc.exe
PRC - [2008.10.08 02:19:12 | 000,565,248 | ---- | M] (Samsung Electronics Co., Ltd.) -- C:\Programme\Samsung\EasySpeedUpManager\EasySpeedUpManager.exe
PRC - [2008.10.06 11:07:26 | 000,679,936 | ---- | M] (SAMSUNG Electronics) -- C:\Programme\Samsung\Easy Display Manager\dmhkcore.exe
PRC - [2008.08.26 02:59:54 | 000,045,056 | ---- | M] (Samsung Electronics Co., Ltd.) -- C:\Programme\Samsung\Samsung Magic Doctor\MagicDoctorKbdHk.exe
PRC - [2008.08.07 04:55:38 | 000,352,256 | ---- | M] (SAMSUNG Electronics co., LTD.) -- C:\Programme\Samsung\EBM\EasyBatteryMgr3.exe
PRC - [2008.07.10 13:42:14 | 000,819,200 | ---- | M] (Intel(R) Corporation) -- C:\Programme\Intel\WiFi\bin\EvtEng.exe
PRC - [2008.07.10 13:12:40 | 000,466,944 | ---- | M] (Intel(R) Corporation) -- C:\Programme\Common Files\Intel\WirelessCommon\RegSrvc.exe
PRC - [2008.04.17 04:50:00 | 006,111,232 | ---- | M] (Realtek Semiconductor) -- C:\Windows\RtHDVCpl.exe

========== Modules (No Company Name) ==========

MOD - [2012.02.17 20:55:35 | 000,166,912 | ---- | M] () -- C:\Programme\WinRAR\RarExt.dll
MOD - [2009.04.11 08:28:22 | 000,223,232 | ---- | M] () -- \\?\globalroot\systemroot\system32\mswsock.dll
MOD - [2006.08.12 05:48:40 | 000,049,152 | ---- | M] () -- C:\Programme\Samsung\Samsung Magic Doctor\HookDllPS2.dll
MOD - [2006.08.12 05:48:40 | 000,049,152 | ---- | M] () -- C:\Programme\Samsung\EasySpeedUpManager\HookDllPS2.dll
MOD - [2006.08.12 05:48:40 | 000,049,152 | ---- | M] () -- C:\Programme\Samsung\Easy Display Manager\HookDllPS2.dll

========== Services (SafeList) ==========

SRV - [2012.07.18 20:05:45 | 000,113,120 | ---- | M] (Mozilla Foundation) [On_Demand | Stopped] -- C:\Programme\Mozilla Maintenance Service\maintenanceservice.exe -- (MozillaMaintenance)
SRV - [2012.05.08 21:32:39 | 000,086,224 | ---- | M] (Avira Operations GmbH & Co. KG) [Auto | Running] -- C:\Programme\Avira\AntiVir Desktop\sched.exe -- (AntiVirSchedulerService)
SRV - [2012.05.08 21:32:38 | 000,110,032 | ---- | M] (Avira Operations GmbH & Co. KG) [Auto | Running] -- C:\Programme\Avira\AntiVir Desktop\avguard.exe -- (AntiVirService)
SRV - [2010.12.10 18:30:50 | 000,086,880 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Programme\Microsoft SQL Server\90\Shared\sqlwriter.exe -- (SQLWriter)
SRV - [2010.12.10 18:29:30 | 029,293,408 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Programme\Microsoft SQL Server\MSSQL.1\MSSQL\Binn\sqlservr.exe -- (MSSQL$MSSMLBIZ)
SRV - [2010.12.10 18:29:30 | 000,238,944 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Programme\Microsoft SQL Server\90\Shared\sqlbrowser.exe -- (SQLBrowser)
SRV - [2010.12.10 18:29:30 | 000,044,384 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Programme\Microsoft SQL Server\90\Shared\sqladhlp90.exe -- (MSSQLServerADHelper)
SRV - [2009.02.23 11:48:50 | 000,030,312 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Programme\Microsoft Small Business\Business Contact Manager\BcmSqlStartupSvc.exe -- (BcmSqlStartupSvc)
SRV - [2008.07.10 13:42:14 | 000,819,200 | ---- | M] (Intel(R) Corporation) [Auto | Running] -- C:\Programme\Intel\WiFi\bin\EvtEng.exe -- (EvtEng)
SRV - [2008.07.10 13:12:40 | 000,466,944 | ---- | M] (Intel(R) Corporation) [Auto | Running] -- C:\Programme\Common Files\Intel\WirelessCommon\RegSrvc.exe -- (RegSrvc)
SRV - [2008.05.13 01:47:20 | 000,077,480 | ---- | M] () [Auto | Stopped] -- C:\Programme\Samsung\Samsung Update Plus\SLUBackgroundService.exe -- (Samsung Update Plus)
SRV - [2008.01.21 04:25:33 | 000,896,512 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Programme\Windows Media Player\wmpnetwk.exe -- (WMPNetworkSvc)
SRV - [2006.10.26 07:03:08 | 000,145,184 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Programme\Common Files\microsoft shared\Source Engine\OSE.EXE -- (ose)

========== Driver Services (SafeList) ==========

DRV - File not found [Kernel | On_Demand | Stopped] -- C:\Windows\system32\XDva397.sys -- (XDva397)
DRV - File not found [Kernel | On_Demand | Stopped] -- System32\Drivers\VMC326.sys -- (VMC326)
DRV - File not found [Kernel | On_Demand | Stopped] -- system32\DRIVERS\nwlnkfwd.sys -- (NwlnkFwd)
DRV - File not found [Kernel | On_Demand | Stopped] -- system32\DRIVERS\nwlnkflt.sys -- (NwlnkFlt)
DRV - File not found [Kernel | On_Demand | Stopped] -- system32\DRIVERS\ipinip.sys -- (IpInIp)
DRV - [2012.05.21 19:11:36 | 000,242,240 | ---- | M] (DT Soft Ltd) [Kernel | System | Running] -- C:\Windows\System32\drivers\dtsoftbus01.sys -- (dtsoftbus01)
DRV - [2012.05.08 21:32:39 | 000,137,928 | ---- | M] (Avira GmbH) [Kernel | System | Running] -- C:\Windows\System32\drivers\avipbb.sys -- (avipbb)
DRV - [2012.05.08 21:32:39 | 000,083,392 | ---- | M] (Avira GmbH) [File_System | Auto | Running] -- C:\Windows\System32\drivers\avgntflt.sys -- (avgntflt)
DRV - [2011.09.16 16:08:07 | 000,036,000 | ---- | M] (Avira GmbH) [Kernel | System | Running] -- C:\Windows\System32\drivers\avkmgr.sys -- (avkmgr)
DRV - [2009.10.08 16:55:33 | 000,028,520 | ---- | M] (Avira GmbH) [Kernel | System | Running] -- C:\Windows\System32\drivers\ssmdrv.sys -- (ssmdrv)
DRV - [2008.08.05 20:29:26 | 000,044,576 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\nvhda32v.sys -- (NVHDA)
DRV - [2008.07.26 21:24:00 | 007,548,000 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\nvlddmkm.sys -- (nvlddmkm)
DRV - [2008.06.05 09:30:28 | 000,242,048 | ---- | M] (Vimicro Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\vmc302.sys -- (VMC302)
DRV - [2008.04.27 04:07:00 | 000,909,824 | ---- | M] (Atheros Communications, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\athr.sys -- (athr)
DRV - [2008.01.21 04:23:20 | 002,225,664 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\NETw3v32.sys -- (NETw3v32)
DRV - [2007.05.23 10:13:10 | 000,013,312 | ---- | M] (SAMSUNG ELECTRONICS CO., LTD.) [Kernel | Auto | Running] -- C:\Windows\System32\drivers\KMDFMEMIO.sys -- (KMDFMEMIO)
DRV - [2006.11.28 09:11:00 | 001,161,888 | ---- | M] (Agere Systems) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\AGRSM.sys -- (AgereSoftModem)
DRV - [2006.11.02 09:30:53 | 000,045,056 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\bcm4sbxp.sys -- (bcm4sbxp)

========== Standard Registry (SafeList) ==========

========== Internet Explorer ==========

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http:\\www.samsungcomputer.com
IE - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&FORM=IE8SRC

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http:\\www.samsungcomputer.com
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http:\\www.samsungcomputer.com
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,StartPageCache = 1
IE - HKCU\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE - HKCU\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://findgala.com/?&uid=3127&q={searchTerms}
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local

========== FireFox ==========

FF - prefs.js..browser.search.update: false
FF - prefs.js..browser.startup.homepage: "www.google.de"
FF - prefs.js..extensions.enabledAddons: {9A207F60-3F1C-4ED0-972D-0A4CDFBFF803}:1.0
FF - user.js - File not found

FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF32_11_4_402_265.dll ()
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=: File not found
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=1.0: C:\Program Files\iTunes\Mozilla Plugins\npitunes.dll ()
FF - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=10.7.2: C:\Windows\system32\npDeployJava1.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin,version=10.7.2: C:\Program Files\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WPF,version=3.5: C:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)
FF - HKCU\Software\MozillaPlugins\@unity3d.com/UnityPlayer,version=1.0: C:\Users\Ezelmaster\AppData\LocalLow\Unity\WebPlayer\loader\npUnity3D32.dll (Unity Technologies ApS)

FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 14.0.1\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2012.07.18 20:05:45 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 14.0.1\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins
FF - HKEY_CURRENT_USER\software\mozilla\Firefox\extensions\\{9A207F60-3F1C-4ED0-972D-0A4CDFBFF803}: C:\Users\Ezelmaster\AppData\Roaming\14001.003 [2012.07.23 16:53:39 | 000,000,000 | ---D | M]
FF - HKEY_CURRENT_USER\software\mozilla\Mozilla Firefox 14.0.1\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2012.07.18 20:05:45 | 000,000,000 | ---D | M]
FF - HKEY_CURRENT_USER\software\mozilla\Mozilla Firefox 14.0.1\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins

[2012.03.26 21:15:07 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Ezelmaster\AppData\Roaming\mozilla\Extensions
[2012.08.21 19:58:49 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Ezelmaster\AppData\Roaming\mozilla\Firefox\Profiles\tzttvicl.default\extensions
[2012.07.11 19:31:19 | 000,525,390 | ---- | M] () (No name found) -- C:\Users\Ezelmaster\AppData\Roaming\mozilla\firefox\profiles\tzttvicl.default\extensions\{73a6fe31-595d-460b-a920-fcc0f8843232}.xpi
[2012.05.18 15:15:46 | 000,001,210 | ---- | M] () -- C:\Users\Ezelmaster\AppData\Roaming\mozilla\firefox\profiles\tzttvicl.default\searchplugins\search.xml
[2012.03.26 21:14:43 | 000,000,000 | ---D | M] (No name found) -- C:\Programme\Mozilla Firefox\extensions
[2012.07.23 16:53:39 | 000,000,000 | ---D | M] (Java Link Helper) -- C:\USERS\EZELMASTER\APPDATA\ROAMING\14001.003
[2012.07.18 20:05:45 | 000,136,672 | ---- | M] (Mozilla Foundation) -- C:\Program Files\mozilla firefox\components\browsercomps.dll
[2012.03.13 07:23:34 | 000,001,392 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\amazondotcom-de.xml
[2012.03.13 07:06:36 | 000,002,252 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\bing.xml
[2012.03.13 07:23:34 | 000,001,153 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\eBay-de.xml
[2012.03.13 07:23:34 | 000,006,805 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\leo_ende_de.xml
[2012.03.13 07:23:34 | 000,001,178 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\wikipedia-de.xml
[2012.03.13 07:23:34 | 000,001,105 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\yahoo-de.xml

O1 HOSTS File: ([2006.09.18 23:41:30 | 000,000,761 | ---- | M]) - C:\Windows\System32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O1 - Hosts: ::1 localhost
O2 - BHO: (Adobe PDF Reader) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Programme\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll (Adobe Systems Incorporated)
O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - No CLSID value found.
O2 - BHO: (Java(tm) Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Programme\Java\jre7\bin\ssv.dll (Oracle Corporation)
O2 - BHO: (Windows Live Anmelde-Hilfsprogramm) - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Programme\Common Files\microsoft shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corporation)
O2 - BHO: (Java(tm) Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Programme\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
O4 - HKLM..\Run: [avgnt] C:\Program Files\Avira\AntiVir Desktop\avgnt.exe (Avira Operations GmbH & Co. KG)
O4 - HKLM..\Run: [NvCplDaemon] C:\Windows\System32\NvCpl.dll (NVIDIA Corporation)
O4 - HKLM..\Run: [NvMediaCenter] C:\Windows\System32\NvMcTray.dll (NVIDIA Corporation)
O4 - HKLM..\Run: [RtHDVCpl] C:\Windows\RtHDVCpl.exe (Realtek Semiconductor)
O8 - Extra context menu item: E&xport to Microsoft Excel - C:\Programme\Microsoft Office\OFFICE11\EXCEL.EXE (Microsoft Corporation)
O8 - Extra context menu item: Free YouTube Download - C:\Users\Ezelmaster\AppData\Roaming\DVDVideoSoftIEHelpers\freeytvdownloader.htm ()
O8 - Extra context menu item: Free YouTube to MP3 Converter - C:\Users\Ezelmaster\AppData\Roaming\DVDVideoSoftIEHelpers\freeyoutubetomp3converter.htm ()
O9 - Extra Button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\Programme\Microsoft Office\OFFICE11\REFIEBAR.DLL (Microsoft Corporation)
O9 - Extra Button: @btrez.dll,-4015 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Programme\WIDCOMM\Bluetooth Software\btsendto_ie.htm ()
O9 - Extra 'Tools' menuitem : @btrez.dll,-12650 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Programme\WIDCOMM\Bluetooth Software\btsendto_ie.htm ()
O10 - NameSpace_Catalog5\Catalog_Entries\000000000008 [] - C:\Programme\Bonjour\mdnsNSP.dll (Apple Inc.)
O10 - Protocol_Catalog9\Catalog_Entries\000000000001 - C:\Program Files\Bonjour\mdnsNSP.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000002 - C:\Program Files\Bonjour\mdnsNSP.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000003 - C:\Program Files\Bonjour\mdnsNSP.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000004 - C:\Program Files\Bonjour\mdnsNSP.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000005 - C:\Program Files\Bonjour\mdnsNSP.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000006 - C:\Program Files\Bonjour\mdnsNSP.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000007 - C:\Program Files\Bonjour\mdnsNSP.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000008 - C:\Program Files\Bonjour\mdnsNSP.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000009 - C:\Program Files\Bonjour\mdnsNSP.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000010 - C:\Program Files\Bonjour\mdnsNSP.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000011 - C:\Program Files\Bonjour\mdnsNSP.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000012 - C:\Program Files\Bonjour\mdnsNSP.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000013 - C:\Program Files\Bonjour\mdnsNSP.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000014 - C:\Program Files\Bonjour\mdnsNSP.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000015 - C:\Program Files\Bonjour\mdnsNSP.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000016 - C:\Program Files\Bonjour\mdnsNSP.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000017 - C:\Program Files\Bonjour\mdnsNSP.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000018 - C:\Program Files\Bonjour\mdnsNSP.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000019 - C:\Program Files\Bonjour\mdnsNSP.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000020 - C:\Program Files\Bonjour\mdnsNSP.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000021 - C:\Program Files\Bonjour\mdnsNSP.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000022 - C:\Program Files\Bonjour\mdnsNSP.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000023 - C:\Program Files\Bonjour\mdnsNSP.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000024 - C:\Program Files\Bonjour\mdnsNSP.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000025 - C:\Program Files\Bonjour\mdnsNSP.dll File not found
O13 - gopher Prefix: missing
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{7A9CDCB2-3C11-49D1-9BAB-B59851B0A2C4}: DhcpNameServer = 192.168.1.1
O18 - Protocol\Handler\livecall {828030A1-22C1-4009-854F-8E305202313F} - C:\Programme\Windows Live\Messenger\msgrapp.14.0.8117.0416.dll (Microsoft Corporation)
O18 - Protocol\Handler\msdaipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\msdaipp\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\msnim {828030A1-22C1-4009-854F-8E305202313F} - C:\Programme\Windows Live\Messenger\msgrapp.14.0.8117.0416.dll (Microsoft Corporation)
O18 - Protocol\Handler\mso-offdap {3D9F03FA-7A94-11D3-BE81-0050048385D1} - C:\Programme\Common Files\microsoft shared\Web Components\10\OWC10.DLL (Microsoft Corporation)
O18 - Protocol\Handler\mso-offdap11 {32505114-5902-49B2-880A-1F7738E5A384} - C:\Programme\Common Files\microsoft shared\Web Components\11\OWC11.DLL (Microsoft Corporation)
O18 - Protocol\Filter\text/xml {807553E5-5146-11D5-A672-00B0D022E945} - C:\Programme\Common Files\microsoft shared\OFFICE11\MSOXMLMF.DLL (Microsoft Corporation)
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\System32\userinit.exe (Microsoft Corporation)
O24 - Desktop WallPaper: C:\Users\Ezelmaster\AppData\Roaming\Microsoft\Windows Photo Gallery\Hintergrundbild der Windows-Fotogalerie.jpg
O24 - Desktop BackupWallPaper: C:\Users\Ezelmaster\AppData\Roaming\Microsoft\Windows Photo Gallery\Hintergrundbild der Windows-Fotogalerie.jpg
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2006.09.18 23:43:36 | 000,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ]
O33 - MountPoints2\{6a7321b2-7b11-11e1-8206-001377d0d477}\Shell - "" = AutoRun
O33 - MountPoints2\{6a7321b2-7b11-11e1-8206-001377d0d477}\Shell\AutoRun\command - "" = G:\SETUP.EXE /AUTORUN
O33 - MountPoints2\{6a7321b2-7b11-11e1-8206-001377d0d477}\Shell\configure\command - "" = G:\SETUP.EXE
O33 - MountPoints2\{6a7321b2-7b11-11e1-8206-001377d0d477}\Shell\install\command - "" = G:\SETUP.EXE
O33 - MountPoints2\{e8eaab2b-a33c-11e1-a718-001377d0d477}\Shell - "" = AutoRun
O33 - MountPoints2\{e8eaab2b-a33c-11e1-a718-001377d0d477}\Shell\AutoRun\command - "" = G:\Autorun.exe
O34 - HKLM BootExecute: (autocheck autochk *)
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)

========== Files/Folders - Created Within 30 Days ==========

[2012.10.26 19:15:36 | 000,602,112 | ---- | C] (OldTimer Tools) -- C:\Users\Ezelmaster\Desktop\OTL.exe
[2012.10.15 19:49:16 | 000,000,000 | ---D | C] -- C:\Users\Ezelmaster\Desktop\Wiedergabelisten
[2012.10.15 19:40:16 | 000,000,000 | ---D | C] -- C:\Users\Ezelmaster\AppData\Local\Audible
[2012.10.15 19:40:09 | 000,255,352 | ---- | C] (Audible, Inc.) -- C:\Windows\System32\awrdscdc.ax
[2012.10.15 19:39:48 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\AudibleManager
[2012.10.15 19:39:45 | 000,000,000 | ---D | C] -- C:\Users\Ezelmaster\Documents\Audible
[2012.10.15 19:39:45 | 000,000,000 | ---D | C] -- C:\Users\Ezelmaster\Desktop\Audible
[2012.10.15 19:39:45 | 000,000,000 | ---D | C] -- C:\Program Files\Audible
[2012.09.30 17:57:32 | 000,000,000 | ---D | C] -- C:\Users\Ezelmaster\Documents\Bully Scholarship Edition
[2012.09.30 17:40:22 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Rockstar Games
[2012.09.30 17:27:09 | 000,000,000 | ---D | C] -- C:\Program Files\Rockstar Games
[2007.08.13 17:46:00 | 000,102,912 | ---- | C] (Albert L Faber) -- C:\Users\Ezelmaster\AppData\Local\CDRip.dll
[2007.01.18 21:09:54 | 000,623,616 | ---- | C] (Ivan Bischof ©2003 - 2005) -- C:\Users\Ezelmaster\AppData\Local\No23 Recorder.exe
[2006.12.11 19:13:14 | 000,013,872 | ---- | C] (Un4seen Developments) -- C:\Users\Ezelmaster\AppData\Local\basscd.dll
[2006.12.11 19:13:12 | 000,097,336 | ---- | C] (Un4seen Developments) -- C:\Users\Ezelmaster\AppData\Local\bass.dll
[1 C:\Users\Ezelmaster\AppData\Roaming\*.tmp files -> C:\Users\Ezelmaster\AppData\Roaming\*.tmp -> ]

========== Files - Modified Within 30 Days ==========

[2012.10.26 19:15:37 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\Ezelmaster\Desktop\OTL.exe
[2012.10.26 19:08:27 | 000,000,000 | ---- | M] () -- C:\Users\Ezelmaster\defogger_reenable
[2012.10.26 19:07:37 | 000,050,477 | ---- | M] () -- C:\Users\Ezelmaster\Desktop\Defogger.exe
[2012.10.26 17:39:05 | 000,004,784 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0
[2012.10.26 17:39:05 | 000,004,784 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0
[2012.10.26 15:39:44 | 000,164,162 | ---- | M] () -- C:\ProgramData\nvModes.001
[2012.10.26 15:39:04 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2012.10.25 23:00:20 | 000,000,012 | ---- | M] () -- C:\Windows\bthservsdp.dat
[2012.10.23 18:05:33 | 000,675,412 | ---- | M] () -- C:\Windows\System32\perfh007.dat
[2012.10.23 18:05:33 | 000,633,886 | ---- | M] () -- C:\Windows\System32\perfh009.dat
[2012.10.23 18:05:33 | 000,146,368 | ---- | M] () -- C:\Windows\System32\perfc007.dat
[2012.10.23 18:05:33 | 000,118,772 | ---- | M] () -- C:\Windows\System32\perfc009.dat
[2012.10.23 16:58:38 | 1894,121,472 | ---- | M] () -- C:\Users\Ezelmaster\Desktop\00001.MTS
[2012.10.21 19:26:44 | 000,164,162 | ---- | M] () -- C:\ProgramData\nvModes.dat
[2012.10.21 13:34:19 | 000,209,920 | ---- | M] () -- C:\Users\Ezelmaster\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2012.10.21 06:46:45 | 083,023,306 | ---- | M] () -- C:\ProgramData\0tbpw.pad
[2012.10.18 19:57:48 | 000,000,680 | ---- | M] () -- C:\Users\Ezelmaster\AppData\Local\d3d9caps.dat
[2012.10.18 19:34:59 | 000,076,347 | ---- | M] () -- C:\ProgramData\vkdxlmpywmesona
[2012.10.15 19:40:09 | 000,255,352 | ---- | M] (Audible, Inc.) -- C:\Windows\System32\awrdscdc.ax
[2012.10.09 20:39:31 | 000,008,103 | ---- | M] () -- C:\Users\Ezelmaster\Desktop\south park playlist.xspf
[1 C:\Users\Ezelmaster\AppData\Roaming\*.tmp files -> C:\Users\Ezelmaster\AppData\Roaming\*.tmp -> ]

========== Files Created - No Company Name ==========

[2012.10.26 19:08:27 | 000,000,000 | ---- | C] () -- C:\Users\Ezelmaster\defogger_reenable
[2012.10.26 19:07:36 | 000,050,477 | ---- | C] () -- C:\Users\Ezelmaster\Desktop\Defogger.exe
[2012.10.23 16:47:24 | 1894,121,472 | ---- | C] () -- C:\Users\Ezelmaster\Desktop\00001.MTS
[2012.10.21 06:46:19 | 083,023,306 | ---- | C] () -- C:\ProgramData\0tbpw.pad
[2012.10.18 19:57:38 | 000,000,680 | ---- | C] () -- C:\Users\Ezelmaster\AppData\Local\d3d9caps.dat
[2012.10.18 19:34:55 | 000,076,347 | ---- | C] () -- C:\ProgramData\vkdxlmpywmesona
[2012.10.09 20:39:31 | 000,008,103 | ---- | C] () -- C:\Users\Ezelmaster\Desktop\south park playlist.xspf
[2012.09.14 08:43:56 | 000,000,851 | ---- | C] () -- C:\Users\Ezelmaster\AppData\Local\recently-used.xbel
[2012.07.26 16:38:00 | 000,001,472 | ---- | C] () -- C:\Users\Ezelmaster\AppData\Local\RecConfig.xml
[2012.07.23 22:21:28 | 000,000,010 | ---- | C] () -- C:\Users\Ezelmaster\AppData\Roaming\urhtps.dat
[2012.07.22 21:27:40 | 000,000,034 | ---- | C] () -- C:\Users\Ezelmaster\AppData\Roaming\blckdom.res
[2012.05.18 15:15:46 | 000,000,288 | ---- | C] () -- C:\Users\Ezelmaster\AppData\Roaming\273E70CD.reg
[2012.03.31 12:04:58 | 000,000,376 | ---- | C] () -- C:\Windows\ODBC.INI
[2012.03.31 11:35:02 | 000,117,248 | ---- | C] () -- C:\Windows\System32\EhStorAuthn.dll
[2012.03.31 11:35:02 | 000,107,612 | ---- | C] () -- C:\Windows\System32\StructuredQuerySchema.bin
[2012.03.27 18:34:34 | 000,209,920 | ---- | C] () -- C:\Users\Ezelmaster\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2008.11.01 09:51:57 | 000,164,162 | ---- | C] () -- C:\ProgramData\nvModes.001
[2008.11.01 09:51:52 | 000,164,162 | ---- | C] () -- C:\ProgramData\nvModes.dat
[2007.08.13 17:46:00 | 000,155,136 | ---- | C] () -- C:\Users\Ezelmaster\AppData\Local\lame_enc.dll
[2006.10.26 01:06:48 | 000,064,000 | ---- | C] () -- C:\Users\Ezelmaster\AppData\Local\vorbisenc.dll
[2006.10.26 01:06:48 | 000,019,456 | ---- | C] () -- C:\Users\Ezelmaster\AppData\Local\vorbisfile.dll
[2006.10.26 01:06:46 | 000,143,872 | ---- | C] () -- C:\Users\Ezelmaster\AppData\Local\vorbis.dll
[2006.10.26 01:06:36 | 000,015,872 | ---- | C] () -- C:\Users\Ezelmaster\AppData\Local\ogg.dll
[2005.08.23 22:34:06 | 000,029,184 | ---- | C] () -- C:\Users\Ezelmaster\AppData\Local\no23xwrapper.dll

========== ZeroAccess Check ==========

[2006.11.02 14:54:22 | 000,000,227 | RHS- | M] () -- C:\Windows\assembly\Desktop.ini
[2012.10.26 15:39:26 | 000,005,120 | -HS- | M] () -- C:\Windows\assembly\GAC\Desktop.ini

[HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]

[HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32]
"ThreadingModel" = Both
"" = C:\$Recycle.Bin\S-1-5-21-4030408420-658824629-2082844515-1003\$68d5fa2aa6fdf17613258da79fe586ad\n. -- File not found

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
"" = %SystemRoot%\system32\shell32.dll -- [2012.06.08 19:47:00 | 011,586,048 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32]
"" = C:\$Recycle.Bin\S-1-5-18\$68d5fa2aa6fdf17613258da79fe586ad\n. -- File not found
"ThreadingModel" = Free

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32]
"" = %systemroot%\system32\wbem\wbemess.dll -- [2009.04.11 08:28:25 | 000,347,648 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Both

========== LOP Check ==========

[2012.09.04 20:00:26 | 000,000,000 | ---D | M] -- C:\Users\Ezelmaster\AppData\Roaming\.minecraft
[2012.07.22 21:27:52 | 000,000,000 | ---D | M] -- C:\Users\Ezelmaster\AppData\Roaming\14001.002
[2012.07.23 16:53:39 | 000,000,000 | ---D | M] -- C:\Users\Ezelmaster\AppData\Roaming\14001.003
[2012.06.25 13:59:03 | 000,000,000 | ---D | M] -- C:\Users\Ezelmaster\AppData\Roaming\Canneverbe Limited
[2012.03.31 11:58:41 | 000,000,000 | ---D | M] -- C:\Users\Ezelmaster\AppData\Roaming\DAEMON Tools Lite
[2012.05.31 19:44:33 | 000,000,000 | ---D | M] -- C:\Users\Ezelmaster\AppData\Roaming\DVDVideoSoft
[2012.04.09 20:55:02 | 000,000,000 | ---D | M] -- C:\Users\Ezelmaster\AppData\Roaming\DVDVideoSoftIEHelpers
[2012.07.22 21:27:24 | 000,000,000 | ---D | M] -- C:\Users\Ezelmaster\AppData\Roaming\kock
[2012.07.02 18:07:59 | 000,000,000 | ---D | M] -- C:\Users\Ezelmaster\AppData\Roaming\ScummVM
[2012.03.27 18:33:38 | 000,000,000 | ---D | M] -- C:\Users\Ezelmaster\AppData\Roaming\systweak
[2012.10.23 01:21:33 | 000,000,000 | ---D | M] -- C:\Users\Ezelmaster\AppData\Roaming\uTorrent
[2012.07.22 21:27:29 | 000,000,000 | ---D | M] -- C:\Users\Ezelmaster\AppData\Roaming\xmldm

========== Purity Check ==========

========== Hard Links - Junction Points - Mount Points - Symbolic Links ==========
[C:\Windows\$NtUninstallKB4083$] -> Error: Cannot create file handle -> Unknown point type

< End of report >

cosinus · 27.10.2012, 20:54

1. aswMBR

Downloade dir bitte aswMBR.exe und speichere die Datei auf deinem Desktop.

Hinweis: Bitte den Virenscanner abstellen bevor du aswMBR ausführst, denn v.a. Avira meldet darin oft einen Fehlalarm!

Starte die aswMBR.exe Vista und Win7 User aswMBR per Rechtsklick "als Administrator ausführen"
Das Tool wird dich fragen, ob Du mit der aktuellen Virendefinition von AVAST! dein System scannen willst. Beantworte diese Frage bitte mit Ja. (Sollte deine Firewall fragen, bitte den Zugriff auf das Internet zulassen) Der Download der Definitionen kann je nach Verbindung eine Weile dauern.
Klicke auf Scan.
Warte bitte bis Scan finished successfully im DOS Fenster steht.
Drücke auf Save Log und speichere diese auf dem Desktop.

Poste mir die aswMBR.txt in deiner nächsten Antwort. Wichtig: Drücke keinesfalls einen der Fix Buttons ohne Anweisung Hinweis: Sollte der Scan Button ausgeblendet sein, schließe das Tool und starte es erneut. Sollte es erneut nicht klappen teile mir das bitte mit.

Noch ein Hinweis: Sollte aswMBR abstürzen und es kommt eine Meldung wie "aswMBR.exe funktioniert nicht mehr, dann mach Folgendes:
Starte aswMBR neu, wähle unten links im Drop-Down-Menü (unten links im Fenster von aswMBR) bei "AV scan" (none) aus und klick nochmal auf den Scan-Button.

2. TDSS-Killer

Download TDSS-Killer auf Desktop siehe => http://www.trojaner-board.de/82358-t...entfernen.html

Hinweis: Bitte den Virenscanner abstellen bevor du den TDSS-Killer ausführst, denn v.a. Avira meldet im TDSS-Tool oft einen Fehalalrm!

Das Tool so einstellen wie unten im Bild angegeben - klick auf change parameters und setze die Haken wie im folgenden Screenshot abgebildet,
Dann auf Start Scan klicken und wenn es durch ist auf den Button Report klicken um das Log anzuzeigen. Dieses bitte komplett posten.

Wenn du das Log nicht findest oder den Inhalt kopieren und in dein Posting übertragen kannst, dann schau bitte direkt auf deiner Windows-Systempartition ( meistens Laufwerk C: ) nach, da speichert der TDSS-Killer seine Logs.

Hinweis: Bitte nichts voreilig mit dem TDSS-Killer löschen! Falls Objekte vom TDSS-Killer bemängelt werden, alle mit der Aktion "skip" behandeln und hier nur das Log posten!

Ezelmaster · 28.10.2012, 16:12

Hallo cosinus und erst einmal ein riesen Dankeschön für die wirklich sehr schnelle Antwort!

Hier nun das Log von aswMBR:

aswMBR version 0.9.9.1665 Copyright(c) 2011 AVAST Software
Run date: 2012-10-28 15:43:26
-----------------------------
15:43:26.131 OS Version: Windows 6.0.6002 Service Pack 2
15:43:26.131 Number of processors: 2 586 0xF0D
15:43:26.132 ComputerName: EZEL UserName:
15:43:26.840 Initialize success
15:43:34.969 AVAST engine defs: 12102800
15:43:36.545 Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\Ide\IAAStorageDevice-1
15:43:36.545 Disk 0 Vendor: TOSHIBA_ LV01 Size: 305245MB BusType: 3
15:43:36.601 Disk 0 MBR read successfully
15:43:36.601 Disk 0 MBR scan
15:43:36.601 Disk 0 unknown MBR code
15:43:36.631 Disk 0 Partition 1 00 27 Hidden NTFS WinRE NTFS 10240 MB offset 2048
15:43:36.651 Disk 0 Partition 2 80 (A) 07 HPFS/NTFS NTFS 147548 MB offset 20973568
15:43:36.681 Disk 0 Partition 3 00 07 HPFS/NTFS NTFS 147455 MB offset 323151872
15:43:36.691 Disk 0 scanning sectors +625139712
15:43:36.771 Disk 0 scanning C:\Windows\system32\drivers
15:43:55.361 Service scanning
15:44:24.312 Modules scanning
15:44:31.961 Disk 0 trace - called modules:
15:44:31.987 ntoskrnl.exe CLASSPNP.SYS disk.sys iaStor.sys hal.dll
15:44:31.991 1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0x85f24330]
15:44:31.995 3 CLASSPNP.SYS[8aeaa8b3] -> nt!IofCallDriver -> \Device\Ide\IAAStorageDevice-1[0x8543d028]
15:44:32.735 AVAST engine scan C:\Windows
15:44:36.788 AVAST engine scan C:\Windows\system32
15:46:34.968 File: C:\Windows\assembly\GAC\Desktop.ini **INFECTED** Win32:Sirefef-PL [Rtk]
15:47:20.626 AVAST engine scan C:\Windows\system32\drivers
15:47:35.913 AVAST engine scan C:\Users\Ezelmaster
15:47:52.480 File: C:\Users\Ezelmaster\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\0BMJ3JS4\myfile[1].dll **INFECTED** Win32:Reveton-FX [Trj]
15:47:55.478 File: C:\Users\Ezelmaster\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\5RWSJF6T\load_51[1].exe **INFECTED** Win32:LockScreen-LL [Trj]
15:54:16.683 File: C:\Users\Ezelmaster\AppData\Local\Temp\msimg32.dll **INFECTED** Win32:LockScreen-LL [Trj]
16:05:27.261 AVAST engine scan C:\ProgramData
16:06:35.182 Scan finished successfully
16:07:45.060 Disk 0 MBR has been saved successfully to "C:\Users\Ezelmaster\Desktop\MBR.dat"
16:07:45.060 The log file has been saved successfully to "C:\Users\Ezelmaster\Desktop\aswMBR.txt"

Und hier das Log von tdsskiller:

16:07:56.0938 1504 TDSS rootkit removing tool 2.8.13.0 Oct 12 2012 17:26:47
16:07:57.0428 1504 ============================================================
16:07:57.0428 1504 Current date / time: 2012/10/28 16:07:57.0428
16:07:57.0428 1504 SystemInfo:
16:07:57.0428 1504
16:07:57.0428 1504 OS Version: 6.0.6002 ServicePack: 2.0
16:07:57.0428 1504 Product type: Workstation
16:07:57.0428 1504 ComputerName: EZEL
16:07:57.0428 1504 UserName: Ezelmaster
16:07:57.0428 1504 Windows directory: C:\Windows
16:07:57.0428 1504 System windows directory: C:\Windows
16:07:57.0428 1504 Processor architecture: Intel x86
16:07:57.0428 1504 Number of processors: 2
16:07:57.0428 1504 Page size: 0x1000
16:07:57.0428 1504 Boot type: Normal boot
16:07:57.0428 1504 ============================================================
16:07:57.0917 1504 Drive \Device\Harddisk0\DR0 - Size: 0x4A85D56000 (298.09 Gb), SectorSize: 0x200, Cylinders: 0x9801, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000050
16:07:57.0918 1504 ============================================================
16:07:57.0918 1504 \Device\Harddisk0\DR0:
16:07:57.0930 1504 MBR partitions:
16:07:57.0931 1504 \Device\Harddisk0\DR0\Partition1: MBR, Type 0x7, StartLBA 0x1400800, BlocksNum 0x1202E000
16:07:57.0931 1504 \Device\Harddisk0\DR0\Partition2: MBR, Type 0x7, StartLBA 0x1342E800, BlocksNum 0x11FFF800
16:07:57.0931 1504 ============================================================
16:07:57.0980 1504 C: <-> \Device\Harddisk0\DR0\Partition1
16:07:58.0032 1504 F: <-> \Device\Harddisk0\DR0\Partition2
16:07:58.0033 1504 ============================================================
16:07:58.0033 1504 Initialize success
16:07:58.0033 1504 ============================================================
16:08:57.0694 7956 ============================================================
16:08:57.0694 7956 Scan started
16:08:57.0694 7956 Mode: Manual; SigCheck; TDLFS;
16:08:57.0694 7956 ============================================================
16:08:58.0046 7956 ================ Scan system memory ========================
16:08:58.0046 7956 System memory - ok
16:08:58.0047 7956 ================ Scan services =============================
16:08:58.0218 7956 [ 82B296AE1892FE3DBEE00C9CF92F8AC7 ] ACPI C:\Windows\system32\drivers\acpi.sys
16:08:58.0317 7956 ACPI - ok
16:08:58.0926 7956 [ 04F0FCAC69C7C71A3AC4EB97FAFC8303 ] adp94xx C:\Windows\system32\drivers\adp94xx.sys
16:08:58.0952 7956 adp94xx - ok
16:08:58.0975 7956 [ 60505E0041F7751BDBB80F88BF45C2CE ] adpahci C:\Windows\system32\drivers\adpahci.sys
16:08:58.0998 7956 adpahci - ok
16:08:59.0017 7956 [ 8A42779B02AEC986EAB64ECFC98F8BD7 ] adpu160m C:\Windows\system32\drivers\adpu160m.sys
16:08:59.0031 7956 adpu160m - ok
16:08:59.0051 7956 [ 241C9E37F8CE45EF51C3DE27515CA4E5 ] adpu320 C:\Windows\system32\drivers\adpu320.sys
16:08:59.0066 7956 adpu320 - ok
16:08:59.0113 7956 [ 9D1FDA9E086BA64E3C93C9DE32461BCF ] AeLookupSvc C:\Windows\System32\aelupsvc.dll
16:08:59.0203 7956 AeLookupSvc - ok
16:08:59.0265 7956 [ 3911B972B55FEA0478476B2E777B29FA ] AFD C:\Windows\system32\drivers\afd.sys
16:08:59.0302 7956 AFD - ok
16:08:59.0381 7956 [ CE91B158FA490CF4C4D487A4130F4660 ] AgereSoftModem C:\Windows\system32\DRIVERS\AGRSM.sys
16:08:59.0434 7956 AgereSoftModem - ok
16:08:59.0500 7956 [ 13F9E33747E6B41A3FF305C37DB0D360 ] agp440 C:\Windows\system32\drivers\agp440.sys
16:08:59.0513 7956 agp440 - ok
16:08:59.0552 7956 [ AE1FDF7BF7BB6C6A70F67699D880592A ] aic78xx C:\Windows\system32\drivers\djsvs.sys
16:08:59.0566 7956 aic78xx - ok
16:08:59.0586 7956 [ A1545B731579895D8CC44FC0481C1192 ] ALG C:\Windows\System32\alg.exe
16:08:59.0710 7956 ALG - ok
16:08:59.0740 7956 [ 9EAEF5FC9B8E351AFA7E78A6FAE91F91 ] aliide C:\Windows\system32\drivers\aliide.sys
16:08:59.0753 7956 aliide - ok
16:08:59.0779 7956 [ C47344BC706E5F0B9DCE369516661578 ] amdagp C:\Windows\system32\drivers\amdagp.sys
16:08:59.0793 7956 amdagp - ok
16:08:59.0808 7956 [ 9B78A39A4C173FDBC1321E0DD659B34C ] amdide C:\Windows\system32\drivers\amdide.sys
16:08:59.0823 7956 amdide - ok
16:08:59.0849 7956 [ 18F29B49AD23ECEE3D2A826C725C8D48 ] AmdK7 C:\Windows\system32\drivers\amdk7.sys
16:08:59.0898 7956 AmdK7 - ok
16:08:59.0915 7956 [ 93AE7F7DD54AB986A6F1A1B37BE7442D ] AmdK8 C:\Windows\system32\drivers\amdk8.sys
16:08:59.0956 7956 AmdK8 - ok
16:09:00.0097 7956 [ 466A0D95960DAD3222C896D2CEA99993 ] AntiVirSchedulerService C:\Program Files\Avira\AntiVir Desktop\sched.exe
16:09:00.0113 7956 AntiVirSchedulerService - ok
16:09:00.0144 7956 [ A489BE6BB0AA1FF406B488B60542314B ] AntiVirService C:\Program Files\Avira\AntiVir Desktop\avguard.exe
16:09:00.0160 7956 AntiVirService - ok
16:09:00.0206 7956 [ C6D704C7F0434DC791AAC37CAC4B6E14 ] Appinfo C:\Windows\System32\appinfo.dll
16:09:00.0269 7956 Appinfo - ok
16:09:00.0334 7956 [ F401929EE0CC92BFE7F15161CA535383 ] Apple Mobile Device C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
16:09:00.0354 7956 Apple Mobile Device - ok
16:09:00.0384 7956 [ 5D2888182FB46632511ACEE92FDAD522 ] arc C:\Windows\system32\drivers\arc.sys
16:09:00.0404 7956 arc - ok
16:09:00.0434 7956 [ 5E2A321BD7C8B3624E41FDEC3E244945 ] arcsas C:\Windows\system32\drivers\arcsas.sys
16:09:00.0444 7956 arcsas - ok
16:09:00.0484 7956 [ 53B202ABEE6455406254444303E87BE1 ] AsyncMac C:\Windows\system32\DRIVERS\asyncmac.sys
16:09:00.0534 7956 AsyncMac - ok
16:09:00.0714 7956 [ 2D9C903DC76A66813D350A562DE40ED9 ] atapi C:\Windows\system32\drivers\atapi.sys
16:09:00.0724 7956 atapi - ok
16:09:00.0814 7956 [ 600EFE56F37ADBD65A0FB076B50D1B8D ] athr C:\Windows\system32\DRIVERS\athr.sys
16:09:00.0904 7956 athr - ok
16:09:00.0994 7956 [ 68E2A1A0407A66CF50DA0300852424AB ] AudioEndpointBuilder C:\Windows\System32\Audiosrv.dll
16:09:01.0014 7956 AudioEndpointBuilder - ok
16:09:01.0024 7956 [ 68E2A1A0407A66CF50DA0300852424AB ] Audiosrv C:\Windows\System32\Audiosrv.dll
16:09:01.0044 7956 Audiosrv - ok
16:09:01.0064 7956 [ D5541F0AFB767E85FC412FC609D96A74 ] avgntflt C:\Windows\system32\DRIVERS\avgntflt.sys
16:09:01.0084 7956 avgntflt - ok
16:09:01.0124 7956 [ 7D967A682D4694DF7FA57D63A2DB01FE ] avipbb C:\Windows\system32\DRIVERS\avipbb.sys
16:09:01.0134 7956 avipbb - ok
16:09:01.0174 7956 [ 271CFD1A989209B1964E24D969552BF7 ] avkmgr C:\Windows\system32\DRIVERS\avkmgr.sys
16:09:01.0184 7956 avkmgr - ok
16:09:01.0244 7956 [ 08015D34F6FDD0B355805BAD978497C3 ] bcm4sbxp C:\Windows\system32\DRIVERS\bcm4sbxp.sys
16:09:01.0394 7956 bcm4sbxp - ok
16:09:01.0464 7956 [ 6163664C7E9CD110AF70180C126C3FDC ] BcmSqlStartupSvc C:\Program Files\Microsoft Small Business\Business Contact Manager\BcmSqlStartupSvc.exe
16:09:01.0474 7956 BcmSqlStartupSvc - ok
16:09:01.0514 7956 [ 67E506B75BD5326A3EC7B70BD014DFB6 ] Beep C:\Windows\system32\drivers\Beep.sys
16:09:01.0564 7956 Beep - ok
16:09:01.0644 7956 [ 93952506C6D67330367F7E7934B6A02F ] BITS C:\Windows\System32\qmgr.dll
16:09:01.0704 7956 BITS - ok
16:09:01.0754 7956 [ D4DF28447741FD3D953526E33A617397 ] blbdrive C:\Windows\system32\drivers\blbdrive.sys
16:09:01.0794 7956 blbdrive - ok
16:09:01.0874 7956 [ DB5BEA73EDAF19AC68B2C0FAD0F92B1A ] Bonjour Service C:\Program Files\Bonjour\mDNSResponder.exe
16:09:01.0894 7956 Bonjour Service - ok
16:09:01.0914 7956 [ 35F376253F687BDE63976CCB3F2108CA ] bowser C:\Windows\system32\DRIVERS\bowser.sys
16:09:01.0974 7956 bowser - ok
16:09:02.0018 7956 [ 9F9ACC7F7CCDE8A15C282D3F88B43309 ] BrFiltLo C:\Windows\system32\drivers\brfiltlo.sys
16:09:02.0045 7956 BrFiltLo - ok
16:09:02.0065 7956 [ 56801AD62213A41F6497F96DEE83755A ] BrFiltUp C:\Windows\system32\drivers\brfiltup.sys
16:09:02.0108 7956 BrFiltUp - ok
16:09:02.0132 7956 [ A3629A0C4226F9E9C72FAAEEBC3AD33C ] Browser C:\Windows\System32\browser.dll
16:09:02.0173 7956 Browser - ok
16:09:02.0224 7956 [ B304E75CFF293029EDDF094246747113 ] Brserid C:\Windows\system32\drivers\brserid.sys
16:09:02.0290 7956 Brserid - ok
16:09:02.0319 7956 [ 203F0B1E73ADADBBB7B7B1FABD901F6B ] BrSerWdm C:\Windows\system32\drivers\brserwdm.sys
16:09:02.0396 7956 BrSerWdm - ok
16:09:02.0417 7956 [ BD456606156BA17E60A04E18016AE54B ] BrUsbMdm C:\Windows\system32\drivers\brusbmdm.sys
16:09:02.0475 7956 BrUsbMdm - ok
16:09:02.0501 7956 [ AF72ED54503F717A43268B3CC5FAEC2E ] BrUsbSer C:\Windows\system32\drivers\brusbser.sys
16:09:02.0558 7956 BrUsbSer - ok
16:09:02.0608 7956 [ DA7B195275BDA7F8FCF79B40E0F45DDE ] BthEnum C:\Windows\system32\DRIVERS\BthEnum.sys
16:09:02.0659 7956 BthEnum - ok
16:09:02.0686 7956 [ AD07C1EC6665B8B35741AB91200C6B68 ] BTHMODEM C:\Windows\system32\drivers\bthmodem.sys
16:09:02.0746 7956 BTHMODEM - ok
16:09:02.0765 7956 [ 5904EFA25F829BF84EA6FB045134A1D8 ] BthPan C:\Windows\system32\DRIVERS\bthpan.sys
16:09:02.0804 7956 BthPan - ok
16:09:02.0893 7956 [ 73D53F8E90550BA81E2CF44A0873B410 ] BTHPORT C:\Windows\system32\Drivers\BTHport.sys
16:09:02.0927 7956 BTHPORT - ok
16:09:02.0961 7956 [ A4C8377FA4A994E07075107DBE2E3DCE ] BthServ C:\Windows\System32\bthserv.dll
16:09:02.0993 7956 BthServ - ok
16:09:03.0008 7956 [ 32045A4BB143BBC5BAB1298C4E9E309A ] BTHUSB C:\Windows\system32\Drivers\BTHUSB.sys
16:09:03.0029 7956 BTHUSB - ok
16:09:03.0079 7956 [ 3EA1A20DC0CA1AD23E7AA8C37A91BCD1 ] btwaudio C:\Windows\system32\drivers\btwaudio.sys
16:09:03.0091 7956 btwaudio - ok
16:09:03.0132 7956 [ 195872E48A7FB01F8BC9B800F70F4054 ] btwavdt C:\Windows\system32\drivers\btwavdt.sys
16:09:03.0142 7956 btwavdt - ok
16:09:03.0163 7956 [ 0724E7D6C9B6A289EDDDA33FA8176E80 ] btwrchid C:\Windows\system32\DRIVERS\btwrchid.sys
16:09:03.0172 7956 btwrchid - ok
16:09:03.0220 7956 [ 7ADD03E75BEB9E6DD102C3081D29840A ] cdfs C:\Windows\system32\DRIVERS\cdfs.sys
16:09:03.0254 7956 cdfs - ok
16:09:03.0331 7956 [ 6B4BFFB9BECD728097024276430DB314 ] cdrom C:\Windows\system32\DRIVERS\cdrom.sys
16:09:03.0346 7956 cdrom - ok
16:09:03.0393 7956 [ 312EC3E37A0A1F2006534913E37B4423 ] CertPropSvc C:\Windows\System32\certprop.dll
16:09:03.0440 7956 CertPropSvc - ok
16:09:03.0455 7956 [ E5D4133F37219DBCFE102BC61072589D ] circlass C:\Windows\system32\drivers\circlass.sys
16:09:03.0487 7956 circlass - ok
16:09:03.0549 7956 [ D7659D3B5B92C31E84E53C1431F35132 ] CLFS C:\Windows\system32\CLFS.sys
16:09:03.0580 7956 CLFS - ok
16:09:03.0643 7956 [ 8EE772032E2FE80A924F3B8DD5082194 ] clr_optimization_v2.0.50727_32 C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe
16:09:03.0643 7956 clr_optimization_v2.0.50727_32 - ok
16:09:03.0705 7956 [ 99AFC3795B58CC478FBBBCDC658FCB56 ] CmBatt C:\Windows\system32\DRIVERS\CmBatt.sys
16:09:03.0736 7956 CmBatt - ok
16:09:03.0752 7956 [ 0CA25E686A4928484E9FDABD168AB629 ] cmdide C:\Windows\system32\drivers\cmdide.sys
16:09:03.0767 7956 cmdide - ok
16:09:03.0767 7956 [ 6AFEF0B60FA25DE07C0968983EE4F60A ] Compbatt C:\Windows\system32\DRIVERS\compbatt.sys
16:09:03.0783 7956 Compbatt - ok
16:09:03.0799 7956 COMSysApp - ok
16:09:03.0799 7956 [ 741E9DFF4F42D2D8477D0FC1DC0DF871 ] crcdisk C:\Windows\system32\drivers\crcdisk.sys
16:09:03.0814 7956 crcdisk - ok
16:09:03.0830 7956 [ 1F07BECDCA750766A96CDA811BA86410 ] Crusoe C:\Windows\system32\drivers\crusoe.sys
16:09:03.0877 7956 Crusoe - ok
16:09:03.0923 7956 [ F1E8C34892336D33EDDCDFE44E474F64 ] CryptSvc C:\Windows\system32\cryptsvc.dll
16:09:03.0955 7956 CryptSvc - ok
16:09:03.0983 7956 [ 3B5B4D53FEC14F7476CA29A20CC31AC9 ] DcomLaunch C:\Windows\system32\rpcss.dll
16:09:04.0070 7956 DcomLaunch - ok
16:09:04.0104 7956 [ 622C41A07CA7E6DD91770F50D532CB6C ] DfsC C:\Windows\system32\Drivers\dfsc.sys
16:09:04.0138 7956 DfsC - ok
16:09:04.0240 7956 [ 2CC3DCFB533A1035B13DCAB6160AB38B ] DFSR C:\Windows\system32\DFSR.exe
16:09:04.0348 7956 DFSR - ok
16:09:04.0437 7956 [ 9028559C132146FB75EB7ACF384B086A ] Dhcp C:\Windows\System32\dhcpcsvc.dll
16:09:04.0610 7956 Dhcp - ok
16:09:04.0674 7956 [ 5D4AEFC3386920236A548271F8F1AF6A ] disk C:\Windows\system32\drivers\disk.sys
16:09:04.0689 7956 disk - ok
16:09:04.0734 7956 [ 57D762F6F5974AF0DA2BE88A3349BAAA ] Dnscache C:\Windows\System32\dnsrslvr.dll
16:09:04.0795 7956 Dnscache - ok
16:09:04.0836 7956 [ 324FD74686B1EF5E7C19A8AF49E748F6 ] dot3svc C:\Windows\System32\dot3svc.dll
16:09:04.0866 7956 dot3svc - ok
16:09:04.0914 7956 [ A622E888F8AA2F6B49E9BC466F0E5DEF ] DPS C:\Windows\system32\dps.dll
16:09:04.0941 7956 DPS - ok
16:09:04.0967 7956 [ 97FEF831AB90BEE128C9AF390E243F80 ] drmkaud C:\Windows\system32\drivers\drmkaud.sys
16:09:05.0003 7956 drmkaud - ok
16:09:05.0048 7956 [ 687AF6BB383885FF6A64071B189A7F3E ] dtsoftbus01 C:\Windows\system32\DRIVERS\dtsoftbus01.sys
16:09:05.0064 7956 dtsoftbus01 - ok
16:09:05.0120 7956 [ C68AC676B0EF30CFBB1080ADCE49EB1F ] DXGKrnl C:\Windows\System32\drivers\dxgkrnl.sys
16:09:05.0151 7956 DXGKrnl - ok
16:09:05.0175 7956 [ 5425F74AC0C1DBD96A1E04F17D63F94C ] E1G60 C:\Windows\system32\DRIVERS\E1G60I32.sys
16:09:05.0221 7956 E1G60 - ok
16:09:05.0266 7956 [ C0B95E40D85CD807D614E264248A45B9 ] EapHost C:\Windows\System32\eapsvc.dll
16:09:05.0305 7956 EapHost - ok
16:09:05.0365 7956 [ 7F64EA048DCFAC7ACF8B4D7B4E6FE371 ] Ecache C:\Windows\system32\drivers\ecache.sys
16:09:05.0381 7956 Ecache - ok
16:09:05.0447 7956 [ 9BE3744D295A7701EB425332014F0797 ] ehRecvr C:\Windows\ehome\ehRecvr.exe
16:09:05.0477 7956 ehRecvr - ok
16:09:05.0500 7956 [ AD1870C8E5D6DD340C829E6074BF3C3F ] ehSched C:\Windows\ehome\ehsched.exe
16:09:05.0553 7956 ehSched - ok
16:09:05.0563 7956 [ C27C4EE8926E74AA72EFCAB24C5242C3 ] ehstart C:\Windows\ehome\ehstart.dll
16:09:05.0585 7956 ehstart - ok
16:09:05.0644 7956 [ 23B62471681A124889978F6295B3F4C6 ] elxstor C:\Windows\system32\drivers\elxstor.sys
16:09:05.0665 7956 elxstor - ok
16:09:05.0718 7956 [ 4E6B23DFC917EA39306B529B773950F4 ] EMDMgmt C:\Windows\system32\emdmgmt.dll
16:09:05.0782 7956 EMDMgmt - ok
16:09:06.0394 7956 [ 3DB974F3935483555D7148663F726C61 ] ErrDev C:\Windows\system32\drivers\errdev.sys
16:09:06.0414 7956 ErrDev - ok
16:09:06.0444 7956 [ 67058C46504BC12D821F38CF99B7B28F ] EventSystem C:\Windows\system32\es.dll
16:09:06.0464 7956 EventSystem - ok
16:09:06.0534 7956 [ 2D41D7250F73272946DE04FF7A19761E ] EvtEng C:\Program Files\Intel\WiFi\bin\EvtEng.exe
16:09:06.0554 7956 EvtEng ( UnsignedFile.Multi.Generic ) - warning
16:09:06.0554 7956 EvtEng - detected UnsignedFile.Multi.Generic (1)
16:09:06.0634 7956 [ 22B408651F9123527BCEE54B4F6C5CAE ] exfat C:\Windows\system32\drivers\exfat.sys
16:09:06.0684 7956 exfat - ok
16:09:06.0724 7956 [ 1E9B9A70D332103C52995E957DC09EF8 ] fastfat C:\Windows\system32\drivers\fastfat.sys
16:09:06.0754 7956 fastfat - ok
16:09:06.0784 7956 [ AFE1E8B9782A0DD7FB46BBD88E43F89A ] fdc C:\Windows\system32\DRIVERS\fdc.sys
16:09:06.0814 7956 fdc - ok
16:09:06.0844 7956 [ 6629B5F0E98151F4AFDD87567EA32BA3 ] fdPHost C:\Windows\system32\fdPHost.dll
16:09:06.0864 7956 fdPHost - ok
16:09:06.0874 7956 [ 89ED56DCE8E47AF40892778A5BD31FD2 ] FDResPub C:\Windows\system32\fdrespub.dll
16:09:06.0934 7956 FDResPub - ok
16:09:06.0964 7956 [ A8C0139A884861E3AAE9CFE73B208A9F ] FileInfo C:\Windows\system32\drivers\fileinfo.sys
16:09:06.0974 7956 FileInfo - ok
16:09:06.0994 7956 [ 0AE429A696AECBC5970E3CF2C62635AE ] Filetrace C:\Windows\system32\drivers\filetrace.sys
16:09:07.0034 7956 Filetrace - ok
16:09:07.0064 7956 [ 85B7CF99D532820495D68D747FDA9EBD ] flpydisk C:\Windows\system32\DRIVERS\flpydisk.sys
16:09:07.0104 7956 flpydisk - ok
16:09:07.0164 7956 [ 01334F9EA68E6877C4EF05D3EA8ABB05 ] FltMgr C:\Windows\system32\drivers\fltmgr.sys
16:09:07.0184 7956 FltMgr - ok
16:09:07.0284 7956 [ 452FEAAB2A8DBB42ED751754CB2594F5 ] FontCache C:\Windows\system32\FntCache.dll
16:09:07.0374 7956 FontCache - ok
16:09:07.0454 7956 [ C7FBDD1ED42F82BFA35167A5C9803EA3 ] FontCache3.0.0.0 C:\Windows\Microsoft.Net\Framework\v3.0\WPF\PresentationFontCache.exe
16:09:07.0464 7956 FontCache3.0.0.0 - ok
16:09:07.0504 7956 [ B972A66758577E0BFD1DE0F91AAA27B5 ] Fs_Rec C:\Windows\system32\drivers\Fs_Rec.sys
16:09:07.0534 7956 Fs_Rec - ok
16:09:07.0564 7956 [ 34582A6E6573D54A07ECE5FE24A126B5 ] gagp30kx C:\Windows\system32\drivers\gagp30kx.sys
16:09:07.0584 7956 gagp30kx - ok
16:09:07.0614 7956 [ 8182FF89C65E4D38B2DE4BB0FB18564E ] GEARAspiWDM C:\Windows\system32\DRIVERS\GEARAspiWDM.sys
16:09:07.0624 7956 GEARAspiWDM - ok
16:09:07.0674 7956 [ CD5D0AEEE35DFD4E986A5AA1500A6E66 ] gpsvc C:\Windows\System32\gpsvc.dll
16:09:07.0704 7956 gpsvc - ok
16:09:07.0744 7956 [ CB04C744BE0A61B1D648FAED182C3B59 ] HdAudAddService C:\Windows\system32\drivers\HdAudio.sys
16:09:07.0804 7956 HdAudAddService - ok
16:09:07.0854 7956 [ 062452B7FFD68C8C042A6261FE8DFF4A ] HDAudBus C:\Windows\system32\DRIVERS\HDAudBus.sys
16:09:07.0884 7956 HDAudBus - ok
16:09:07.0904 7956 [ 1338520E78D90154ED6BE8F84DE5FCEB ] HidBth C:\Windows\system32\drivers\hidbth.sys
16:09:07.0964 7956 HidBth - ok
16:09:07.0966 7956 [ FF3160C3A2445128C5A6D9B076DA519E ] HidIr C:\Windows\system32\drivers\hidir.sys
16:09:08.0024 7956 HidIr - ok
16:09:08.0070 7956 [ 84067081F3318162797385E11A8F0582 ] hidserv C:\Windows\system32\hidserv.dll
16:09:08.0101 7956 hidserv - ok
16:09:08.0143 7956 [ CCA4B519B17E23A00B826C55716809CC ] HidUsb C:\Windows\system32\DRIVERS\hidusb.sys
16:09:08.0163 7956 HidUsb - ok
16:09:08.0203 7956 [ D8AD255B37DA92434C26E4876DB7D418 ] hkmsvc C:\Windows\system32\kmsvc.dll
16:09:08.0236 7956 hkmsvc - ok
16:09:08.0269 7956 [ 16EE7B23A009E00D835CDB79574A91A6 ] HpCISSs C:\Windows\system32\drivers\hpcisss.sys
16:09:08.0281 7956 HpCISSs - ok
16:09:08.0323 7956 [ F870AA3E254628EBEAFE754108D664DE ] HTTP C:\Windows\system32\drivers\HTTP.sys
16:09:08.0359 7956 HTTP - ok
16:09:08.0373 7956 [ C6B032D69650985468160FC9937CF5B4 ] i2omp C:\Windows\system32\drivers\i2omp.sys
16:09:08.0386 7956 i2omp - ok
16:09:08.0421 7956 [ 22D56C8184586B7A1F6FA60BE5F5A2BD ] i8042prt C:\Windows\system32\DRIVERS\i8042prt.sys
16:09:08.0448 7956 i8042prt - ok
16:09:08.0527 7956 [ 496DB78E6A0C4C44023D9A92B4A7AC31 ] ialm C:\Windows\system32\DRIVERS\igdkmd32.sys
16:09:08.0603 7956 ialm - ok
16:09:08.0631 7956 [ ABFEBC5F846C71AFEBD7F8F6BA740C03 ] iaStor C:\Windows\system32\DRIVERS\iaStor.sys
16:09:08.0646 7956 iaStor - ok
16:09:08.0678 7956 [ 54155EA1B0DF185878E0FC9EC3AC3A14 ] iaStorV C:\Windows\system32\drivers\iastorv.sys
16:09:08.0694 7956 iaStorV - ok
16:09:08.0766 7956 [ 98477B08E61945F974ED9FDC4CB6BDAB ] idsvc C:\Windows\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\infocard.exe
16:09:08.0801 7956 idsvc - ok
16:09:08.0822 7956 [ 2D077BF86E843F901D8DB709C95B49A5 ] iirsp C:\Windows\system32\drivers\iirsp.sys
16:09:08.0834 7956 iirsp - ok
16:09:08.0890 7956 [ 9908D8A397B76CD8D31D0D383C5773C9 ] IKEEXT C:\Windows\System32\ikeext.dll
16:09:08.0941 7956 IKEEXT - ok
16:09:09.0036 7956 [ FFD2B3BC042596ABE785D3C15F51AB46 ] IntcAzAudAddService C:\Windows\system32\drivers\RTKVHDA.sys
16:09:09.0102 7956 IntcAzAudAddService - ok
16:09:09.0162 7956 [ 83AA759F3189E6370C30DE5DC5590718 ] intelide C:\Windows\system32\drivers\intelide.sys
16:09:09.0175 7956 intelide - ok
16:09:09.0360 7956 [ 224191001E78C89DFA78924C3EA595FF ] intelppm C:\Windows\system32\DRIVERS\intelppm.sys
16:09:09.0392 7956 intelppm - ok
16:09:09.0423 7956 [ 9AC218C6E6105477484C6FDBE7D409A4 ] IPBusEnum C:\Windows\system32\ipbusenum.dll
16:09:09.0470 7956 IPBusEnum - ok
16:09:09.0501 7956 [ 62C265C38769B864CB25B4BCF62DF6C3 ] IpFilterDriver C:\Windows\system32\DRIVERS\ipfltdrv.sys
16:09:09.0532 7956 IpFilterDriver - ok
16:09:09.0548 7956 IpInIp - ok
16:09:09.0579 7956 [ B25AAF203552B7B3491139D582B39AD1 ] IPMIDRV C:\Windows\system32\drivers\ipmidrv.sys
16:09:09.0626 7956 IPMIDRV - ok
16:09:09.0641 7956 [ 8793643A67B42CEC66490B2A0CF92D68 ] IPNAT C:\Windows\system32\DRIVERS\ipnat.sys
16:09:09.0672 7956 IPNAT - ok
16:09:09.0704 7956 [ E6BE7A41A28D8F2DB174957454D32448 ] iPod Service C:\Program Files\iPod\bin\iPodService.exe
16:09:09.0735 7956 iPod Service - ok
16:09:09.0766 7956 [ 109C0DFB82C3632FBD11949B73AEEAC9 ] IRENUM C:\Windows\system32\drivers\irenum.sys
16:09:09.0797 7956 IRENUM - ok
16:09:09.0813 7956 [ 6C70698A3E5C4376C6AB5C7C17FB0614 ] isapnp C:\Windows\system32\drivers\isapnp.sys
16:09:09.0828 7956 isapnp - ok
16:09:09.0874 7956 [ 232FA340531D940AAC623B121A595034 ] iScsiPrt C:\Windows\system32\DRIVERS\msiscsi.sys
16:09:09.0884 7956 iScsiPrt - ok
16:09:09.0914 7956 [ BCED60D16156E428F8DF8CF27B0DF150 ] iteatapi C:\Windows\system32\drivers\iteatapi.sys
16:09:09.0924 7956 iteatapi - ok
16:09:09.0934 7956 [ 06FA654504A498C30ADCA8BEC4E87E7E ] iteraid C:\Windows\system32\drivers\iteraid.sys
16:09:09.0954 7956 iteraid - ok
16:09:09.0974 7956 [ 37605E0A8CF00CBBA538E753E4344C6E ] kbdclass C:\Windows\system32\DRIVERS\kbdclass.sys
16:09:09.0984 7956 kbdclass - ok
16:09:10.0004 7956 [ 18247836959BA67E3511B62846B9C2E0 ] kbdhid C:\Windows\system32\drivers\kbdhid.sys
16:09:10.0034 7956 kbdhid - ok
16:09:10.0074 7956 [ A3E186B4B935905B829219502557314E ] KeyIso C:\Windows\system32\lsass.exe
16:09:10.0124 7956 KeyIso - ok
16:09:10.0164 7956 [ EBC507F129DF8F0E0CA270DCFC0CF87F ] KMDFMEMIO C:\Windows\system32\DRIVERS\kmdfmemio.sys
16:09:10.0194 7956 KMDFMEMIO - ok
16:09:10.0234 7956 [ 4A1445EFA932A3BAF5BDB02D7131EE20 ] KSecDD C:\Windows\system32\Drivers\ksecdd.sys
16:09:10.0264 7956 KSecDD - ok
16:09:10.0314 7956 [ 8078F8F8F7A79E2E6B494523A828C585 ] KtmRm C:\Windows\system32\msdtckrm.dll
16:09:10.0384 7956 KtmRm - ok
16:09:10.0414 7956 [ 1BF5EEBFD518DD7298434D8C862F825D ] LanmanServer C:\Windows\system32\srvsvc.dll
16:09:10.0454 7956 LanmanServer - ok
16:09:10.0494 7956 [ 1DB69705B695B987082C8BAEC0C6B34F ] LanmanWorkstation C:\Windows\System32\wkssvc.dll
16:09:10.0654 7956 LanmanWorkstation - ok
16:09:10.0704 7956 [ C215E09622118383B236DD56C2065183 ] LightScribeService C:\Program Files\Common Files\LightScribe\LSSrvc.exe
16:09:10.0724 7956 LightScribeService ( UnsignedFile.Multi.Generic ) - warning
16:09:10.0724 7956 LightScribeService - detected UnsignedFile.Multi.Generic (1)
16:09:10.0744 7956 [ D1C5883087A0C3F1344D9D55A44901F6 ] lltdio C:\Windows\system32\DRIVERS\lltdio.sys
16:09:10.0784 7956 lltdio - ok
16:09:10.0834 7956 [ 2D5A428872F1442631D0959A34ABFF63 ] lltdsvc C:\Windows\System32\lltdsvc.dll
16:09:10.0864 7956 lltdsvc - ok
16:09:10.0884 7956 [ 35D40113E4A5B961B6CE5C5857702518 ] lmhosts C:\Windows\System32\lmhsvc.dll
16:09:10.0924 7956 lmhosts - ok
16:09:10.0954 7956 [ C7E15E82879BF3235B559563D4185365 ] LSI_FC C:\Windows\system32\drivers\lsi_fc.sys
16:09:10.0964 7956 LSI_FC - ok
16:09:10.0972 7956 [ EE01EBAE8C9BF0FA072E0FF68718920A ] LSI_SAS C:\Windows\system32\drivers\lsi_sas.sys
16:09:10.0987 7956 LSI_SAS - ok
16:09:11.0003 7956 [ 912A04696E9CA30146A62AFA1463DD5C ] LSI_SCSI C:\Windows\system32\drivers\lsi_scsi.sys
16:09:11.0018 7956 LSI_SCSI - ok
16:09:11.0057 7956 [ 8F5C7426567798E62A3B3614965D62CC ] luafv C:\Windows\system32\drivers\luafv.sys
16:09:11.0091 7956 luafv - ok
16:09:11.0122 7956 [ AEF9BABB8A506BC4CE0451A64AADED46 ] Mcx2Svc C:\Windows\system32\Mcx2Svc.dll
16:09:11.0153 7956 Mcx2Svc - ok
16:09:11.0175 7956 [ 0001CE609D66632FA17B84705F658879 ] megasas C:\Windows\system32\drivers\megasas.sys
16:09:11.0189 7956 megasas - ok
16:09:11.0219 7956 [ C252F32CD9A49DBFC25ECF26EBD51A99 ] MegaSR C:\Windows\system32\drivers\megasr.sys
16:09:11.0241 7956 MegaSR - ok
16:09:11.0266 7956 [ 1076FFCFFAAE8385FD62DFCB25AC4708 ] MMCSS C:\Windows\system32\mmcss.dll
16:09:11.0310 7956 MMCSS - ok
16:09:11.0325 7956 [ E13B5EA0F51BA5B1512EC671393D09BA ] Modem C:\Windows\system32\drivers\modem.sys
16:09:11.0360 7956 Modem - ok
16:09:11.0410 7956 [ 0A9BB33B56E294F686ABB7C1E4E2D8A8 ] monitor C:\Windows\system32\DRIVERS\monitor.sys
16:09:11.0444 7956 monitor - ok
16:09:11.0456 7956 [ 5BF6A1326A335C5298477754A506D263 ] mouclass C:\Windows\system32\DRIVERS\mouclass.sys
16:09:11.0469 7956 mouclass - ok
16:09:11.0480 7956 [ 93B8D4869E12CFBE663915502900876F ] mouhid C:\Windows\system32\DRIVERS\mouhid.sys
16:09:11.0517 7956 mouhid - ok
16:09:11.0540 7956 [ BDAFC88AA6B92F7842416EA6A48E1600 ] MountMgr C:\Windows\system32\drivers\mountmgr.sys
16:09:11.0554 7956 MountMgr - ok
16:09:11.0619 7956 [ 46297FA8E30A6007F14118FC2B942FBC ] MozillaMaintenance C:\Program Files\Mozilla Maintenance Service\maintenanceservice.exe
16:09:11.0637 7956 MozillaMaintenance - ok
16:09:11.0694 7956 [ 511D011289755DD9F9A7579FB0B064E6 ] mpio C:\Windows\system32\drivers\mpio.sys
16:09:11.0712 7956 mpio - ok
16:09:11.0736 7956 [ 22241FEBA9B2DEFA669C8CB0A8DD7D2E ] mpsdrv C:\Windows\system32\drivers\mpsdrv.sys
16:09:11.0773 7956 mpsdrv - ok
16:09:11.0809 7956 [ 4FBBB70D30FD20EC51F80061703B001E ] Mraid35x C:\Windows\system32\drivers\mraid35x.sys
16:09:11.0822 7956 Mraid35x - ok
16:09:11.0857 7956 [ 82CEA0395524AACFEB58BA1448E8325C ] MRxDAV C:\Windows\system32\drivers\mrxdav.sys
16:09:11.0880 7956 MRxDAV - ok
16:09:11.0909 7956 [ 1E94971C4B446AB2290DEB71D01CF0C2 ] mrxsmb C:\Windows\system32\DRIVERS\mrxsmb.sys
16:09:11.0924 7956 mrxsmb - ok
16:09:11.0944 7956 [ 4FCCB34D793B116423209C0F8B7A3B03 ] mrxsmb10 C:\Windows\system32\DRIVERS\mrxsmb10.sys
16:09:11.0974 7956 mrxsmb10 - ok
16:09:11.0996 7956 [ C3CB1B40AD4A0124D617A1199B0B9D7C ] mrxsmb20 C:\Windows\system32\DRIVERS\mrxsmb20.sys
16:09:12.0017 7956 mrxsmb20 - ok
16:09:12.0041 7956 [ 28023E86F17001F7CD9B15A5BC9AE07D ] msahci C:\Windows\system32\drivers\msahci.sys
16:09:12.0054 7956 msahci - ok
16:09:12.0081 7956 [ 4468B0F385A86ECDDAF8D3CA662EC0E7 ] msdsm C:\Windows\system32\drivers\msdsm.sys
16:09:12.0096 7956 msdsm - ok
16:09:12.0116 7956 [ FD7520CC3A80C5FC8C48852BB24C6DED ] MSDTC C:\Windows\System32\msdtc.exe
16:09:12.0159 7956 MSDTC - ok
16:09:12.0175 7956 [ A9927F4A46B816C92F461ACB90CF8515 ] Msfs C:\Windows\system32\drivers\Msfs.sys
16:09:12.0211 7956 Msfs - ok
16:09:12.0236 7956 [ 0F400E306F385C56317357D6DEA56F62 ] msisadrv C:\Windows\system32\drivers\msisadrv.sys
16:09:12.0249 7956 msisadrv - ok
16:09:12.0284 7956 [ 85466C0757A23D9A9AECDC0755203CB2 ] MSiSCSI C:\Windows\system32\iscsiexe.dll
16:09:12.0330 7956 MSiSCSI - ok
16:09:12.0334 7956 msiserver - ok
16:09:12.0398 7956 [ D8C63D34D9C9E56C059E24EC7185CC07 ] MSKSSRV C:\Windows\system32\drivers\MSKSSRV.sys
16:09:12.0436 7956 MSKSSRV - ok
16:09:12.0453 7956 [ 1D373C90D62DDB641D50E55B9E78D65E ] MSPCLOCK C:\Windows\system32\drivers\MSPCLOCK.sys
16:09:12.0478 7956 MSPCLOCK - ok
16:09:12.0487 7956 [ B572DA05BF4E098D4BBA3A4734FB505B ] MSPQM C:\Windows\system32\drivers\MSPQM.sys
16:09:12.0522 7956 MSPQM - ok
16:09:12.0569 7956 [ B49456D70555DE905C311BCDA6EC6ADB ] MsRPC C:\Windows\system32\drivers\MsRPC.sys
16:09:12.0586 7956 MsRPC - ok
16:09:12.0598 7956 [ E384487CB84BE41D09711C30CA79646C ] mssmbios C:\Windows\system32\DRIVERS\mssmbios.sys
16:09:12.0611 7956 mssmbios - ok
16:09:12.0684 7956 MSSQL$MSSMLBIZ - ok
16:09:12.0731 7956 [ 1D89EB4E2A99CABD4E81225F4F4C4B25 ] MSSQLServerADHelper C:\Program Files\Microsoft SQL Server\90\Shared\sqladhlp90.exe
16:09:12.0744 7956 MSSQLServerADHelper - ok
16:09:12.0771 7956 [ 7199C1EEC1E4993CAF96B8C0A26BD58A ] MSTEE C:\Windows\system32\drivers\MSTEE.sys
16:09:12.0797 7956 MSTEE - ok
16:09:12.0844 7956 [ 6A57B5733D4CB702C8EA4542E836B96C ] Mup C:\Windows\system32\Drivers\mup.sys
16:09:12.0858 7956 Mup - ok
16:09:12.0904 7956 [ E4EAF0C5C1B41B5C83386CF212CA9584 ] napagent C:\Windows\system32\qagentRT.dll
16:09:12.0938 7956 napagent - ok
16:09:12.0992 7956 [ 85C44FDFF9CF7E72A40DCB7EC06A4416 ] NativeWifiP C:\Windows\system32\DRIVERS\nwifi.sys
16:09:13.0051 7956 NativeWifiP - ok
16:09:13.0098 7956 [ 1357274D1883F68300AEADD15D7BBB42 ] NDIS C:\Windows\system32\drivers\ndis.sys
16:09:13.0129 7956 NDIS - ok
16:09:13.0160 7956 [ 0E186E90404980569FB449BA7519AE61 ] NdisTapi C:\Windows\system32\DRIVERS\ndistapi.sys
16:09:13.0192 7956 NdisTapi - ok
16:09:13.0207 7956 [ D6973AA34C4D5D76C0430B181C3CD389 ] Ndisuio C:\Windows\system32\DRIVERS\ndisuio.sys
16:09:13.0238 7956 Ndisuio - ok
16:09:13.0295 7956 [ 818F648618AE34F729FDB47EC68345C3 ] NdisWan C:\Windows\system32\DRIVERS\ndiswan.sys
16:09:13.0305 7956 NdisWan - ok
16:09:13.0325 7956 [ 71DAB552B41936358F3B541AE5997FB3 ] NDProxy C:\Windows\system32\drivers\NDProxy.sys
16:09:13.0345 7956 NDProxy - ok
16:09:13.0355 7956 [ BCD093A5A6777CF626434568DC7DBA78 ] NetBIOS C:\Windows\system32\DRIVERS\netbios.sys
16:09:13.0395 7956 NetBIOS - ok
16:09:13.0445 7956 [ ECD64230A59CBD93C85F1CD1CAB9F3F6 ] netbt C:\Windows\system32\DRIVERS\netbt.sys
16:09:13.0475 7956 netbt - ok
16:09:13.0505 7956 [ A3E186B4B935905B829219502557314E ] Netlogon C:\Windows\system32\lsass.exe
16:09:13.0515 7956 Netlogon - ok
16:09:13.0535 7956 [ C8052711DAECC48B982434C5116CA401 ] Netman C:\Windows\System32\netman.dll
16:09:13.0585 7956 Netman - ok
16:09:13.0605 7956 [ 2EF3BBE22E5A5ACD1428EE387A0D0172 ] netprofm C:\Windows\System32\netprofm.dll
16:09:13.0645 7956 netprofm - ok
16:09:13.0685 7956 [ D6C4E4A39A36029AC0813D476FBD0248 ] NetTcpPortSharing C:\Windows\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\SMSvcHost.exe
16:09:13.0705 7956 NetTcpPortSharing - ok
16:09:13.0795 7956 [ 35D5458D9A1B26B2005ABFFBF4C1C5E7 ] NETw3v32 C:\Windows\system32\DRIVERS\NETw3v32.sys
16:09:13.0925 7956 NETw3v32 - ok
16:09:13.0945 7956 [ 2E7FB731D4790A1BC6270ACCEFACB36E ] nfrd960 C:\Windows\system32\drivers\nfrd960.sys
16:09:13.0965 7956 nfrd960 - ok
16:09:14.0005 7956 [ 2997B15415F9BBE05B5A4C1C85E0C6A2 ] NlaSvc C:\Windows\System32\nlasvc.dll
16:09:14.0025 7956 NlaSvc - ok
16:09:14.0095 7956 [ D36F239D7CCE1931598E8FB90A0DBC26 ] Npfs C:\Windows\system32\drivers\Npfs.sys
16:09:14.0125 7956 Npfs - ok
16:09:14.0145 7956 [ 8BB86F0C7EEA2BDED6FE095D0B4CA9BD ] nsi C:\Windows\system32\nsisvc.dll
16:09:14.0185 7956 nsi - ok
16:09:14.0205 7956 [ 609773E344A97410CE4EBF74A8914FCF ] nsiproxy C:\Windows\system32\drivers\nsiproxy.sys
16:09:14.0245 7956 nsiproxy - ok
16:09:14.0315 7956 [ 6A4A98CEE84CF9E99564510DDA4BAA47 ] Ntfs C:\Windows\system32\drivers\Ntfs.sys
16:09:14.0355 7956 Ntfs - ok
16:09:14.0395 7956 [ E875C093AEC0C978A90F30C9E0DFBB72 ] ntrigdigi C:\Windows\system32\drivers\ntrigdigi.sys
16:09:14.0445 7956 ntrigdigi - ok
16:09:14.0455 7956 [ C5DBBCDA07D780BDA9B685DF333BB41E ] Null C:\Windows\system32\drivers\Null.sys
16:09:14.0475 7956 Null - ok
16:09:14.0505 7956 [ A103162C62C336C2CB3C5E1E2773D17B ] NVHDA C:\Windows\system32\drivers\nvhda32v.sys
16:09:14.0515 7956 NVHDA - ok
16:09:14.0715 7956 [ C526B4A24EF951EF219C3BFA1534B152 ] nvlddmkm C:\Windows\system32\DRIVERS\nvlddmkm.sys
16:09:15.0036 7956 nvlddmkm - ok
16:09:15.0066 7956 [ 2EDF9E7751554B42CBB60116DE727101 ] nvraid C:\Windows\system32\drivers\nvraid.sys
16:09:15.0080 7956 nvraid - ok
16:09:15.0103 7956 [ ABED0C09758D1D97DB0042DBB2688177 ] nvstor C:\Windows\system32\drivers\nvstor.sys
16:09:15.0116 7956 nvstor - ok
16:09:15.0148 7956 [ DF6315CE4FF30F706ABF3802D7749E70 ] nvsvc C:\Windows\system32\nvvsvc.exe
16:09:15.0182 7956 nvsvc - ok
16:09:15.0207 7956 [ 18BBDF913916B71BD54575BDB6EEAC0B ] nv_agp C:\Windows\system32\drivers\nv_agp.sys
16:09:15.0222 7956 nv_agp - ok
16:09:15.0227 7956 NwlnkFlt - ok
16:09:15.0233 7956 NwlnkFwd - ok
16:09:15.0269 7956 [ 790E27C3DB53410B40FF9EF2FD10A1D9 ] ohci1394 C:\Windows\system32\DRIVERS\ohci1394.sys
16:09:15.0312 7956 ohci1394 - ok
16:09:15.0383 7956 [ 5A432A042DAE460ABE7199B758E8606C ] ose C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE
16:09:15.0397 7956 ose - ok
16:09:15.0477 7956 [ 0C8E8E61AD1EB0B250B846712C917506 ] p2pimsvc C:\Windows\system32\p2psvc.dll
16:09:15.0561 7956 p2pimsvc - ok
16:09:15.0573 7956 [ 0C8E8E61AD1EB0B250B846712C917506 ] p2psvc C:\Windows\system32\p2psvc.dll
16:09:15.0597 7956 p2psvc - ok
16:09:15.0721 7956 [ 0FA9B5055484649D63C303FE404E5F4D ] Parport C:\Windows\system32\drivers\parport.sys
16:09:15.0803 7956 Parport - ok
16:09:15.0839 7956 [ B9C2B89F08670E159F7181891E449CD9 ] partmgr C:\Windows\system32\drivers\partmgr.sys
16:09:15.0853 7956 partmgr - ok
16:09:15.0873 7956 [ 4F9A6A8A31413180D0FCB279AD5D8112 ] Parvdm C:\Windows\system32\drivers\parvdm.sys
16:09:15.0933 7956 Parvdm - ok
16:09:15.0961 7956 [ C6276AD11F4BB49B58AA1ED88537F14A ] PcaSvc C:\Windows\System32\pcasvc.dll
16:09:16.0006 7956 PcaSvc - ok
16:09:16.0074 7956 [ 941DC1D19E7E8620F40BBC206981EFDB ] pci C:\Windows\system32\drivers\pci.sys
16:09:16.0090 7956 pci - ok
16:09:16.0125 7956 [ FC175F5DDAB666D7F4D17449A547626F ] pciide C:\Windows\system32\drivers\pciide.sys
16:09:16.0138 7956 pciide - ok
16:09:16.0177 7956 [ B7C5A8769541900F6DFA6FE0C5E4D513 ] pcmcia C:\Windows\system32\DRIVERS\pcmcia.sys
16:09:16.0192 7956 pcmcia - ok
16:09:16.0247 7956 [ 6349F6ED9C623B44B52EA3C63C831A92 ] PEAUTH C:\Windows\system32\drivers\peauth.sys
16:09:16.0310 7956 PEAUTH - ok
16:09:16.0398 7956 [ B1689DF169143F57053F795390C99DB3 ] pla C:\Windows\system32\pla.dll
16:09:16.0481 7956 pla - ok
16:09:16.0533 7956 [ C5E7F8A996EC0A82D508FD9064A5569E ] PlugPlay C:\Windows\system32\umpnpmgr.dll
16:09:16.0567 7956 PlugPlay - ok
16:09:16.0614 7956 [ 0C8E8E61AD1EB0B250B846712C917506 ] PNRPAutoReg C:\Windows\system32\p2psvc.dll
16:09:16.0646 7956 PNRPAutoReg - ok
16:09:16.0661 7956 [ 0C8E8E61AD1EB0B250B846712C917506 ] PNRPsvc C:\Windows\system32\p2psvc.dll
16:09:16.0677 7956 PNRPsvc - ok
16:09:16.0707 7956 [ D0494460421A03CD5225CCA0059AA146 ] PolicyAgent C:\Windows\System32\ipsecsvc.dll
16:09:16.0757 7956 PolicyAgent - ok
16:09:16.0797 7956 [ ECFFFAEC0C1ECD8DBC77F39070EA1DB1 ] PptpMiniport C:\Windows\system32\DRIVERS\raspptp.sys
16:09:16.0977 7956 PptpMiniport - ok
16:09:17.0007 7956 [ 2027293619DD0F047C584CF2E7DF4FFD ] Processor C:\Windows\system32\drivers\processr.sys
16:09:17.0037 7956 Processor - ok
16:09:17.0067 7956 [ 0508FAA222D28835310B7BFCA7A77346 ] ProfSvc C:\Windows\system32\profsvc.dll
16:09:17.0097 7956 ProfSvc - ok
16:09:17.0127 7956 [ A3E186B4B935905B829219502557314E ] ProtectedStorage C:\Windows\system32\lsass.exe
16:09:17.0137 7956 ProtectedStorage - ok
16:09:17.0177 7956 [ 99514FAA8DF93D34B5589187DB3AA0BA ] PSched C:\Windows\system32\DRIVERS\pacer.sys
16:09:17.0227 7956 PSched - ok
16:09:17.0297 7956 [ 0A6DB55AFB7820C99AA1F3A1D270F4F6 ] ql2300 C:\Windows\system32\drivers\ql2300.sys
16:09:17.0337 7956 ql2300 - ok
16:09:17.0357 7956 [ 81A7E5C076E59995D54BC1ED3A16E60B ] ql40xx C:\Windows\system32\drivers\ql40xx.sys
16:09:17.0377 7956 ql40xx - ok
16:09:17.0407 7956 [ E9ECAE663F47E6CB43962D18AB18890F ] QWAVE C:\Windows\system32\qwave.dll
16:09:17.0437 7956 QWAVE - ok
16:09:17.0457 7956 [ 9F5E0E1926014D17486901C88ECA2DB7 ] QWAVEdrv C:\Windows\system32\drivers\qwavedrv.sys
16:09:17.0467 7956 QWAVEdrv - ok
16:09:17.0477 7956 [ 147D7F9C556D259924351FEB0DE606C3 ] RasAcd C:\Windows\system32\DRIVERS\rasacd.sys
16:09:17.0517 7956 RasAcd - ok
16:09:17.0537 7956 [ F6A452EB4CEADBB51C9E0EE6B3ECEF0F ] RasAuto C:\Windows\System32\rasauto.dll
16:09:17.0577 7956 RasAuto - ok
16:09:17.0587 7956 [ A214ADBAF4CB47DD2728859EF31F26B0 ] Rasl2tp C:\Windows\system32\DRIVERS\rasl2tp.sys
16:09:17.0617 7956 Rasl2tp - ok
16:09:17.0657 7956 [ 75D47445D70CA6F9F894B032FBC64FCF ] RasMan C:\Windows\System32\rasmans.dll
16:09:17.0687 7956 RasMan - ok
16:09:17.0747 7956 [ 509A98DD18AF4375E1FC40BC175F1DEF ] RasPppoe C:\Windows\system32\DRIVERS\raspppoe.sys
16:09:17.0777 7956 RasPppoe - ok
16:09:17.0827 7956 [ 2005F4A1E05FA09389AC85840F0A9E4D ] RasSstp C:\Windows\system32\DRIVERS\rassstp.sys
16:09:17.0837 7956 RasSstp - ok
16:09:17.0877 7956 [ B14C9D5B9ADD2F84F70570BBBFAA7935 ] rdbss C:\Windows\system32\DRIVERS\rdbss.sys
16:09:17.0897 7956 rdbss - ok
16:09:17.0917 7956 [ 89E59BE9A564262A3FB6C4F4F1CD9899 ] RDPCDD C:\Windows\system32\DRIVERS\RDPCDD.sys
16:09:17.0957 7956 RDPCDD - ok
16:09:17.0968 7956 [ FBC0BACD9C3D7F6956853F64A66E252D ] rdpdr C:\Windows\system32\drivers\rdpdr.sys
16:09:17.0993 7956 rdpdr - ok
16:09:17.0997 7956 [ 9D91FE5286F748862ECFFA05F8A0710C ] RDPENCDD C:\Windows\system32\drivers\rdpencdd.sys
16:09:18.0023 7956 RDPENCDD - ok
16:09:18.0052 7956 [ C127EBD5AFAB31524662C48DFCEB773A ] RDPWD C:\Windows\system32\drivers\RDPWD.sys
16:09:18.0079 7956 RDPWD - ok
16:09:18.0130 7956 [ ED8C9F16E10C1E4C4C5D16CD04966E24 ] RegSrvc C:\Program Files\Common Files\Intel\WirelessCommon\RegSrvc.exe
16:09:18.0178 7956 RegSrvc ( UnsignedFile.Multi.Generic ) - warning
16:09:18.0178 7956 RegSrvc - detected UnsignedFile.Multi.Generic (1)
16:09:18.0196 7956 [ BCDD6B4804D06B1F7EBF29E53A57ECE9 ] RemoteAccess C:\Windows\System32\mprdim.dll
16:09:18.0223 7956 RemoteAccess - ok
16:09:18.0261 7956 [ 9E6894EA18DAFF37B63E1005F83AE4AB ] RemoteRegistry C:\Windows\system32\regsvc.dll
16:09:18.0284 7956 RemoteRegistry - ok
16:09:18.0335 7956 [ 10536B0AD6F416FC7F1149977C28CCDC ] RFCOMM C:\Windows\system32\DRIVERS\rfcomm.sys
16:09:18.0369 7956 RFCOMM - ok
16:09:18.0449 7956 [ 4D05898896EC49CF663DDA61041AB096 ] RichVideo C:\Program Files\CyberLink\Shared Files\RichVideo.exe
16:09:18.0463 7956 RichVideo - ok
16:09:18.0493 7956 [ 5123F83CBC4349D065534EEB6BBDC42B ] RpcLocator C:\Windows\system32\locator.exe
16:09:18.0522 7956 RpcLocator - ok
16:09:18.0549 7956 [ 3B5B4D53FEC14F7476CA29A20CC31AC9 ] RpcSs C:\Windows\system32\rpcss.dll
16:09:18.0578 7956 RpcSs - ok
16:09:18.0613 7956 [ 9C508F4074A39E8B4B31D27198146FAD ] rspndr C:\Windows\system32\DRIVERS\rspndr.sys
16:09:18.0639 7956 rspndr - ok
16:09:18.0666 7956 [ A3E186B4B935905B829219502557314E ] SamSs C:\Windows\system32\lsass.exe
16:09:18.0680 7956 SamSs - ok
16:09:18.0762 7956 [ A9D840FA78F65857EB554229914F855C ] Samsung Update Plus C:\Program Files\Samsung\Samsung Update Plus\SLUBackgroundService.exe
16:09:18.0809 7956 Samsung Update Plus ( UnsignedFile.Multi.Generic ) - warning
16:09:18.0809 7956 Samsung Update Plus - detected UnsignedFile.Multi.Generic (1)
16:09:18.0826 7956 [ 3CE8F073A557E172B330109436984E30 ] sbp2port C:\Windows\system32\drivers\sbp2port.sys
16:09:18.0838 7956 sbp2port - ok
16:09:18.0882 7956 [ 77B7A11A0C3D78D3386398FBBEA1B632 ] SCardSvr C:\Windows\System32\SCardSvr.dll
16:09:18.0905 7956 SCardSvr - ok
16:09:18.0946 7956 [ 1A58069DB21D05EB2AB58EE5753EBE8D ] Schedule C:\Windows\system32\schedsvc.dll
16:09:18.0989 7956 Schedule - ok
16:09:19.0014 7956 [ 312EC3E37A0A1F2006534913E37B4423 ] SCPolicySvc C:\Windows\System32\certprop.dll
16:09:19.0034 7956 SCPolicySvc - ok
16:09:19.0071 7956 [ 126EA89BCC413EE45E3004FB0764888F ] sdbus C:\Windows\system32\DRIVERS\sdbus.sys
16:09:19.0097 7956 sdbus - ok
16:09:19.0127 7956 [ 716313D9F6B0529D03F726D5AAF6F191 ] SDRSVC C:\Windows\System32\SDRSVC.dll
16:09:19.0171 7956 SDRSVC - ok
16:09:19.0188 7956 [ 90A3935D05B494A5A39D37E71F09A677 ] secdrv C:\Windows\system32\drivers\secdrv.sys
16:09:19.0247 7956 secdrv - ok
16:09:19.0262 7956 [ FD5199D4D8A521005E4B5EE7FE00FA9B ] seclogon C:\Windows\system32\seclogon.dll
16:09:19.0304 7956 seclogon - ok
16:09:19.0316 7956 [ A9BBAB5759771E523F55563D6CBE140F ] SENS C:\Windows\System32\sens.dll
16:09:19.0351 7956 SENS - ok
16:09:19.0367 7956 [ 68E44E331D46F0FB38F0863A84CD1A31 ] Serenum C:\Windows\system32\drivers\serenum.sys
16:09:19.0424 7956 Serenum - ok
16:09:19.0457 7956 [ C70D69A918B178D3C3B06339B40C2E1B ] Serial C:\Windows\system32\drivers\serial.sys
16:09:19.0514 7956 Serial - ok
16:09:19.0537 7956 [ 8AF3D28A879BF75DB53A0EE7A4289624 ] sermouse C:\Windows\system32\drivers\sermouse.sys
16:09:19.0562 7956 sermouse - ok
16:09:19.0606 7956 [ D2193326F729B163125610DBF3E17D57 ] SessionEnv C:\Windows\system32\sessenv.dll
16:09:19.0641 7956 SessionEnv - ok
16:09:19.0655 7956 [ 3EFA810BDCA87F6ECC24F9832243FE86 ] sffdisk C:\Windows\system32\drivers\sffdisk.sys
16:09:19.0675 7956 sffdisk - ok
16:09:19.0694 7956 [ E95D451F7EA3E583AEC75F3B3EE42DC5 ] sffp_mmc C:\Windows\system32\drivers\sffp_mmc.sys
16:09:19.0734 7956 sffp_mmc - ok
16:09:19.0781 7956 [ 3D0EA348784B7AC9EA9BD9F317980979 ] sffp_sd C:\Windows\system32\drivers\sffp_sd.sys
16:09:19.0828 7956 sffp_sd - ok
16:09:19.0843 7956 [ 46ED8E91793B2E6F848015445A0AC188 ] sfloppy C:\Windows\system32\drivers\sfloppy.sys
16:09:19.0906 7956 sfloppy - ok
16:09:19.0937 7956 [ C7230FBEE14437716701C15BE02C27B8 ] ShellHWDetection C:\Windows\System32\shsvcs.dll
16:09:19.0999 7956 ShellHWDetection - ok
16:09:20.0015 7956 [ 1D76624A09A054F682D746B924E2DBC3 ] sisagp C:\Windows\system32\drivers\sisagp.sys
16:09:20.0031 7956 sisagp - ok
16:09:20.0046 7956 [ 43CB7AA756C7DB280D01DA9B676CFDE2 ] SiSRaid2 C:\Windows\system32\drivers\sisraid2.sys
16:09:20.0062 7956 SiSRaid2 - ok
16:09:20.0077 7956 [ A99C6C8B0BAA970D8AA59DDC50B57F94 ] SiSRaid4 C:\Windows\system32\drivers\sisraid4.sys
16:09:20.0093 7956 SiSRaid4 - ok
16:09:20.0218 7956 [ 862BB4CBC05D80C5B45BE430E5EF872F ] slsvc C:\Windows\system32\SLsvc.exe
16:09:20.0374 7956 slsvc - ok
16:09:20.0405 7956 [ 6EDC422215CD78AA8A9CDE6B30ABBD35 ] SLUINotify C:\Windows\system32\SLUINotify.dll
16:09:20.0436 7956 SLUINotify - ok
16:09:20.0467 7956 [ 7B75299A4D201D6A6533603D6914AB04 ] Smb C:\Windows\system32\DRIVERS\smb.sys
16:09:20.0499 7956 Smb - ok
16:09:20.0530 7956 [ 2A146A055B4401C16EE62D18B8E2A032 ] SNMPTRAP C:\Windows\System32\snmptrap.exe
16:09:20.0545 7956 SNMPTRAP - ok
16:09:20.0608 7956 [ 7AEBDEEF071FE28B0EEF2CDD69102BFF ] spldr C:\Windows\system32\drivers\spldr.sys
16:09:20.0623 7956 spldr - ok
16:09:20.0655 7956 [ 8554097E5136C3BF9F69FE578A1B35F4 ] Spooler C:\Windows\System32\spoolsv.exe
16:09:20.0686 7956 Spooler - ok
16:09:20.0733 7956 [ 86EBD8B1F23E743AAD21F4D5B4D40985 ] SQLBrowser C:\Program Files\Microsoft SQL Server\90\Shared\sqlbrowser.exe
16:09:20.0748 7956 SQLBrowser - ok
16:09:20.0779 7956 [ D89083C4EB02DACA8F944B0E05E57F9D ] SQLWriter C:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe
16:09:20.0795 7956 SQLWriter - ok
16:09:20.0826 7956 [ 41987F9FC0E61ADF54F581E15029AD91 ] srv C:\Windows\system32\DRIVERS\srv.sys
16:09:20.0857 7956 srv - ok
16:09:20.0873 7956 [ FF33AFF99564B1AA534F58868CBE41EF ] srv2 C:\Windows\system32\DRIVERS\srv2.sys
16:09:20.0904 7956 srv2 - ok
16:09:20.0920 7956 [ 7605C0E1D01A08F3ECD743F38B834A44 ] srvnet C:\Windows\system32\DRIVERS\srvnet.sys
16:09:20.0935 7956 srvnet - ok
16:09:20.0951 7956 [ 03D50B37234967433A5EA5BA72BC0B62 ] SSDPSRV C:\Windows\System32\ssdpsrv.dll
16:09:20.0998 7956 SSDPSRV - ok
16:09:21.0029 7956 [ A36EE93698802CD899F98BFD553D8185 ] ssmdrv C:\Windows\system32\DRIVERS\ssmdrv.sys
16:09:21.0045 7956 ssmdrv - ok
16:09:21.0060 7956 [ 6F1A32E7B7B30F004D9A20AFADB14944 ] SstpSvc C:\Windows\system32\sstpsvc.dll
16:09:21.0076 7956 SstpSvc - ok
16:09:21.0116 7956 [ 5DE7D67E49B88F5F07F3E53C4B92A352 ] stisvc C:\Windows\System32\wiaservc.dll
16:09:21.0166 7956 stisvc - ok
16:09:21.0186 7956 [ 7BA58ECF0C0A9A69D44B3DCA62BECF56 ] swenum C:\Windows\system32\DRIVERS\swenum.sys
16:09:21.0206 7956 swenum - ok
16:09:21.0246 7956 [ F21FD248040681CCA1FB6C9A03AAA93D ] swprv C:\Windows\System32\swprv.dll
16:09:21.0296 7956 swprv - ok
16:09:21.0306 7956 [ 192AA3AC01DF071B541094F251DEED10 ] Symc8xx C:\Windows\system32\drivers\symc8xx.sys
16:09:21.0316 7956 Symc8xx - ok
16:09:21.0336 7956 [ 8C8EB8C76736EBAF3B13B633B2E64125 ] Sym_hi C:\Windows\system32\drivers\sym_hi.sys
16:09:21.0346 7956 Sym_hi - ok
16:09:21.0366 7956 [ 8072AF52B5FD103BBBA387A1E49F62CB ] Sym_u3 C:\Windows\system32\drivers\sym_u3.sys
16:09:21.0376 7956 Sym_u3 - ok
16:09:21.0416 7956 [ 451E8037E2EB6DA6BDF0A66F65D1810B ] SynTP C:\Windows\system32\DRIVERS\SynTP.sys
16:09:21.0426 7956 SynTP - ok
16:09:21.0476 7956 [ 9A51B04E9886AA4EE90093586B0BA88D ] SysMain C:\Windows\system32\sysmain.dll
16:09:21.0506 7956 SysMain - ok
16:09:21.0536 7956 [ 2DCA225EAE15F42C0933E998EE0231C3 ] TabletInputService C:\Windows\System32\TabSvc.dll
16:09:21.0556 7956 TabletInputService - ok
16:09:21.0616 7956 [ D7673E4B38CE21EE54C59EEEB65E2483 ] TapiSrv C:\Windows\System32\tapisrv.dll
16:09:21.0636 7956 TapiSrv - ok
16:09:21.0656 7956 [ CB05822CD9CC6C688168E113C603DBE7 ] TBS C:\Windows\System32\tbssvc.dll
16:09:21.0696 7956 TBS - ok
16:09:21.0776 7956 [ 27D470DABC77BC60D0A3B0E4DEB6CB91 ] Tcpip C:\Windows\system32\drivers\tcpip.sys
16:09:21.0806 7956 Tcpip - ok
16:09:21.0826 7956 [ 27D470DABC77BC60D0A3B0E4DEB6CB91 ] Tcpip6 C:\Windows\system32\DRIVERS\tcpip.sys
16:09:21.0856 7956 Tcpip6 - ok
16:09:21.0956 7956 [ 608C345A255D82A6289C2D468EB41FD7 ] tcpipreg C:\Windows\system32\drivers\tcpipreg.sys
16:09:21.0976 7956 tcpipreg - ok
16:09:22.0006 7956 [ 5DCF5E267BE67A1AE926F2DF77FBCC56 ] TDPIPE C:\Windows\system32\drivers\tdpipe.sys
16:09:22.0066 7956 TDPIPE - ok
16:09:22.0106 7956 [ 389C63E32B3CEFED425B61ED92D3F021 ] TDTCP C:\Windows\system32\drivers\tdtcp.sys
16:09:22.0126 7956 TDTCP - ok
16:09:22.0166 7956 [ 76B06EB8A01FC8624D699E7045303E54 ] tdx C:\Windows\system32\DRIVERS\tdx.sys
16:09:22.0196 7956 tdx - ok
16:09:22.0216 7956 [ 3CAD38910468EAB9A6479E2F01DB43C7 ] TermDD C:\Windows\system32\DRIVERS\termdd.sys
16:09:22.0236 7956 TermDD - ok
16:09:22.0276 7956 [ BB95DA09BEF6E7A131BFF3BA5032090D ] TermService C:\Windows\System32\termsrv.dll
16:09:22.0326 7956 TermService - ok
16:09:22.0356 7956 [ C7230FBEE14437716701C15BE02C27B8 ] Themes C:\Windows\system32\shsvcs.dll
16:09:22.0376 7956 Themes - ok
16:09:22.0396 7956 [ 1076FFCFFAAE8385FD62DFCB25AC4708 ] THREADORDER C:\Windows\system32\mmcss.dll
16:09:22.0416 7956 THREADORDER - ok
16:09:22.0446 7956 [ EC74E77D0EB004BD3A809B5F8FB8C2CE ] TrkWks C:\Windows\System32\trkwks.dll
16:09:22.0476 7956 TrkWks - ok
16:09:22.0536 7956 [ 97D9D6A04E3AD9B6C626B9931DB78DBA ] TrustedInstaller C:\Windows\servicing\TrustedInstaller.exe
16:09:22.0566 7956 TrustedInstaller - ok
16:09:22.0606 7956 [ DCF0F056A2E4F52287264F5AB29CF206 ] tssecsrv C:\Windows\system32\DRIVERS\tssecsrv.sys
16:09:22.0646 7956 tssecsrv - ok
16:09:22.0676 7956 [ CAECC0120AC49E3D2F758B9169872D38 ] tunmp C:\Windows\system32\DRIVERS\tunmp.sys
16:09:22.0716 7956 tunmp - ok
16:09:22.0736 7956 [ 300DB877AC094FEAB0BE7688C3454A9C ] tunnel C:\Windows\system32\DRIVERS\tunnel.sys
16:09:22.0756 7956 tunnel - ok
16:09:22.0776 7956 [ 7D33C4DB2CE363C8518D2DFCF533941F ] uagp35 C:\Windows\system32\drivers\uagp35.sys
16:09:22.0786 7956 uagp35 - ok
16:09:22.0836 7956 [ D9728AF68C4C7693CB100B8441CBDEC6 ] udfs C:\Windows\system32\DRIVERS\udfs.sys
16:09:22.0856 7956 udfs - ok
16:09:22.0886 7956 [ ECEF404F62863755951E09C802C94AD5 ] UI0Detect C:\Windows\system32\UI0Detect.exe
16:09:22.0916 7956 UI0Detect - ok
16:09:22.0956 7956 [ B0ACFDC9E4AF279E9116C03E014B2B27 ] uliagpkx C:\Windows\system32\drivers\uliagpkx.sys
16:09:22.0966 7956 uliagpkx - ok
16:09:22.0987 7956 [ 9224BB254F591DE4CA8D572A5F0D635C ] uliahci C:\Windows\system32\drivers\uliahci.sys
16:09:22.0995 7956 uliahci - ok
16:09:23.0014 7956 [ 8514D0E5CD0534467C5FC61BE94A569F ] UlSata C:\Windows\system32\drivers\ulsata.sys
16:09:23.0027 7956 UlSata - ok
16:09:23.0054 7956 [ 38C3C6E62B157A6BC46594FADA45C62B ] ulsata2 C:\Windows\system32\drivers\ulsata2.sys
16:09:23.0067 7956 ulsata2 - ok
16:09:23.0092 7956 [ 32CFF9F809AE9AED85464492BF3E32D2 ] umbus C:\Windows\system32\DRIVERS\umbus.sys
16:09:23.0141 7956 umbus - ok
16:09:23.0178 7956 [ 68308183F4AE0BE7BF8ECD07CB297999 ] upnphost C:\Windows\System32\upnphost.dll
16:09:23.0221 7956 upnphost - ok
16:09:23.0248 7956 [ EAFE1E00739AFE6C51487A050E772E17 ] USBAAPL C:\Windows\system32\Drivers\usbaapl.sys
16:09:23.0274 7956 USBAAPL - ok
16:09:23.0315 7956 [ CAF811AE4C147FFCD5B51750C7F09142 ] usbccgp C:\Windows\system32\DRIVERS\usbccgp.sys
16:09:23.0347 7956 usbccgp - ok
16:09:23.0377 7956 [ E9476E6C486E76BC4898074768FB7131 ] usbcir C:\Windows\system32\drivers\usbcir.sys
16:09:23.0422 7956 usbcir - ok
16:09:23.0452 7956 [ 79E96C23A97CE7B8F14D310DA2DB0C9B ] usbehci C:\Windows\system32\DRIVERS\usbehci.sys
16:09:23.0484 7956 usbehci - ok
16:09:23.0522 7956 [ 4673BBCB006AF60E7ABDDBE7A130BA42 ] usbhub C:\Windows\system32\DRIVERS\usbhub.sys
16:09:23.0544 7956 usbhub - ok
16:09:23.0565 7956 [ 38DBC7DD6CC5A72011F187425384388B ] usbohci C:\Windows\system32\drivers\usbohci.sys
16:09:23.0608 7956 usbohci - ok
16:09:23.0628 7956 [ B51E52ACF758BE00EF3A58EA452FE360 ] usbprint C:\Windows\system32\drivers\usbprint.sys
16:09:23.0672 7956 usbprint - ok
16:09:23.0691 7956 [ BE3DA31C191BC222D9AD503C5224F2AD ] USBSTOR C:\Windows\system32\DRIVERS\USBSTOR.SYS
16:09:23.0728 7956 USBSTOR - ok
16:09:23.0743 7956 [ 814D653EFC4D48BE3B04A307ECEFF56F ] usbuhci C:\Windows\system32\DRIVERS\usbuhci.sys
16:09:23.0778 7956 usbuhci - ok
16:09:23.0806 7956 [ E67998E8F14CB0627A769F6530BCB352 ] usbvideo C:\Windows\system32\Drivers\usbvideo.sys
16:09:23.0841 7956 usbvideo - ok
16:09:23.0882 7956 [ 1509E705F3AC1D474C92454A5C2DD81F ] UxSms C:\Windows\System32\uxsms.dll
16:09:23.0904 7956 UxSms - ok
16:09:23.0943 7956 [ CD88D1B7776DC17A119049742EC07EB4 ] vds C:\Windows\System32\vds.exe
16:09:23.0998 7956 vds - ok
16:09:24.0049 7956 [ 87B06E1F30B749A114F74622D013F8D4 ] vga C:\Windows\system32\DRIVERS\vgapnp.sys
16:09:24.0091 7956 vga - ok
16:09:24.0112 7956 [ 2E93AC0A1D8C79D019DB6C51F036636C ] VgaSave C:\Windows\System32\drivers\vga.sys
16:09:24.0147 7956 VgaSave - ok
16:09:24.0172 7956 [ 5D7159DEF58A800D5781BA3A879627BC ] viaagp C:\Windows\system32\drivers\viaagp.sys
16:09:24.0185 7956 viaagp - ok
16:09:24.0201 7956 [ C4F3A691B5BAD343E6249BD8C2D45DEE ] ViaC7 C:\Windows\system32\drivers\viac7.sys
16:09:24.0226 7956 ViaC7 - ok
16:09:24.0240 7956 [ AADF5587A4063F52C2C3FED7887426FC ] viaide C:\Windows\system32\drivers\viaide.sys
16:09:24.0253 7956 viaide - ok
16:09:24.0289 7956 [ C30A79CFEE47F1A9633F403C5ACE872F ] VMC302 C:\Windows\system32\Drivers\VMC302.sys
16:09:24.0334 7956 VMC302 - ok
16:09:24.0349 7956 VMC326 - ok
16:09:24.0385 7956 [ 69503668AC66C77C6CD7AF86FBDF8C43 ] volmgr C:\Windows\system32\drivers\volmgr.sys
16:09:24.0398 7956 volmgr - ok
16:09:24.0451 7956 [ 23E41B834759917BFD6B9A0D625D0C28 ] volmgrx C:\Windows\system32\drivers\volmgrx.sys
16:09:24.0470 7956 volmgrx - ok
16:09:24.0516 7956 [ 147281C01FCB1DF9252DE2A10D5E7093 ] volsnap C:\Windows\system32\drivers\volsnap.sys
16:09:24.0535 7956 volsnap - ok
16:09:24.0557 7956 [ 587253E09325E6BF226B299774B728A9 ] vsmraid C:\Windows\system32\drivers\vsmraid.sys
16:09:24.0571 7956 vsmraid - ok
16:09:24.0613 7956 [ DB3D19F850C6EB32BDCB9BC0836ACDDB ] VSS C:\Windows\system32\vssvc.exe
16:09:24.0699 7956 VSS - ok
16:09:24.0742 7956 [ 96EA68B9EB310A69C25EBB0282B2B9DE ] W32Time C:\Windows\system32\w32time.dll
16:09:24.0767 7956 W32Time - ok
16:09:24.0802 7956 [ 48DFEE8F1AF7C8235D4E626F0C4FE031 ] WacomPen C:\Windows\system32\drivers\wacompen.sys
16:09:24.0860 7956 WacomPen - ok
16:09:24.0880 7956 [ 55201897378CCA7AF8B5EFD874374A26 ] Wanarp C:\Windows\system32\DRIVERS\wanarp.sys
16:09:24.0901 7956 Wanarp - ok
16:09:24.0907 7956 [ 55201897378CCA7AF8B5EFD874374A26 ] Wanarpv6 C:\Windows\system32\DRIVERS\wanarp.sys
16:09:24.0928 7956 Wanarpv6 - ok
16:09:24.0952 7956 [ A3CD60FD826381B49F03832590E069AF ] wcncsvc C:\Windows\System32\wcncsvc.dll
16:09:24.0975 7956 wcncsvc - ok
16:09:25.0047 7956 [ 11BCB7AFCDD7AADACB5746F544D3A9C7 ] WcsPlugInService C:\Windows\System32\WcsPlugInService.dll
16:09:25.0078 7956 WcsPlugInService - ok
16:09:25.0094 7956 [ 78FE9542363F297B18C027B2D7E7C07F ] Wd C:\Windows\system32\drivers\wd.sys
16:09:25.0109 7956 Wd - ok
16:09:25.0156 7956 [ B6F0A7AD6D4BD325FBCD8BAC96CD8D96 ] Wdf01000 C:\Windows\system32\drivers\Wdf01000.sys
16:09:25.0187 7956 Wdf01000 - ok
16:09:25.0203 7956 [ ABFC76B48BB6C96E3338D8943C5D93B5 ] WdiServiceHost C:\Windows\system32\wdi.dll
16:09:25.0250 7956 WdiServiceHost - ok
16:09:25.0250 7956 [ ABFC76B48BB6C96E3338D8943C5D93B5 ] WdiSystemHost C:\Windows\system32\wdi.dll
16:09:25.0281 7956 WdiSystemHost - ok
16:09:25.0301 7956 [ 04C37D8107320312FBAE09926103D5E2 ] WebClient C:\Windows\System32\webclnt.dll
16:09:25.0331 7956 WebClient - ok
16:09:25.0391 7956 [ 905214925A88311FCE52F66153DE7610 ] Wecsvc C:\Windows\system32\wecsvc.dll
16:09:25.0421 7956 Wecsvc - ok
16:09:25.0451 7956 [ 670FF720071ED741206D69BD995EA453 ] wercplsupport C:\Windows\System32\wercplsupport.dll
16:09:25.0491 7956 wercplsupport - ok
16:09:25.0541 7956 [ 32B88481D3B326DA6DEB07B1D03481E7 ] WerSvc C:\Windows\System32\WerSvc.dll
16:09:25.0561 7956 WerSvc - ok
16:09:25.0561 7956 WinHttpAutoProxySvc - ok
16:09:25.0701 7956 [ 6B2A1D0E80110E3D04E6863C6E62FD8A ] Winmgmt C:\Windows\system32\wbem\WMIsvc.dll
16:09:25.0721 7956 Winmgmt - ok
16:09:25.0841 7956 [ 01874D4689C212460FBABF0ECD7CB7F7 ] WinRM C:\Windows\system32\WsmSvc.dll
16:09:25.0891 7956 WinRM - ok
16:09:25.0941 7956 [ C008405E4FEEB069E30DA1D823910234 ] Wlansvc C:\Windows\System32\wlansvc.dll
16:09:26.0021 7956 Wlansvc - ok
16:09:26.0051 7956 [ 2E7255D172DF0B8283CDFB7B433B864E ] WmiAcpi C:\Windows\system32\drivers\wmiacpi.sys
16:09:26.0071 7956 WmiAcpi - ok
16:09:26.0111 7956 [ 43BE3875207DCB62A85C8C49970B66CC ] wmiApSrv C:\Windows\system32\wbem\WmiApSrv.exe
16:09:26.0161 7956 wmiApSrv - ok
16:09:26.0221 7956 [ 3978704576A121A9204F8CC49A301A9B ] WMPNetworkSvc C:\Program Files\Windows Media Player\wmpnetwk.exe
16:09:26.0291 7956 WMPNetworkSvc - ok
16:09:26.0371 7956 [ CFC5A04558F5070CEE3E3A7809F3FF52 ] WPCSvc C:\Windows\System32\wpcsvc.dll
16:09:26.0421 7956 WPCSvc - ok
16:09:26.0451 7956 [ 396D406292B0CD26E3504FFE82784702 ] WPDBusEnum C:\Windows\system32\wpdbusenum.dll
16:09:26.0481 7956 WPDBusEnum - ok
16:09:26.0501 7956 [ 0CEC23084B51B8288099EB710224E955 ] WpdUsb C:\Windows\system32\DRIVERS\wpdusb.sys
16:09:26.0521 7956 WpdUsb - ok
16:09:26.0571 7956 [ E3A3CB253C0EC2494D4A61F5E43A389C ] ws2ifsl C:\Windows\system32\drivers\ws2ifsl.sys
16:09:26.0601 7956 ws2ifsl - ok
16:09:26.0601 7956 WSearch - ok
16:09:26.0961 7956 [ FC3EC24FCE372C89423E015A2AC1A31E ] wuauserv C:\Windows\system32\wuaueng.dll
16:09:27.0046 7956 wuauserv - ok
16:09:27.0065 7956 [ AC13CB789D93412106B0FB6C7EB2BCB6 ] WUDFRd C:\Windows\system32\DRIVERS\WUDFRd.sys
16:09:27.0091 7956 WUDFRd - ok
16:09:27.0131 7956 [ 575A4190D989F64732119E4114045A4F ] wudfsvc C:\Windows\System32\WUDFSvc.dll
16:09:27.0176 7956 wudfsvc - ok
16:09:27.0182 7956 XDva397 - ok
16:09:27.0226 7956 [ 04E268ADFC81964C49DC0C082D520F7E ] yukonwlh C:\Windows\system32\DRIVERS\yk60x86.sys
16:09:27.0259 7956 yukonwlh - ok
16:09:27.0274 7956 ================ Scan global ===============================
16:09:27.0302 7956 [ F31EEBC1A1C81FD04005489CC3DCDFE7 ] C:\Windows\system32\basesrv.dll
16:09:27.0351 7956 [ D2293B069E4B63DC17B2F08D45E71124 ] C:\Windows\system32\winsrv.dll
16:09:27.0362 7956 [ D2293B069E4B63DC17B2F08D45E71124 ] C:\Windows\system32\winsrv.dll
16:09:27.0414 7956 [ D4E6D91C1349B7BFB3599A6ADA56851B ] C:\Windows\system32\services.exe
16:09:27.0419 7956 [Global] - ok
16:09:27.0419 7956 ================ Scan MBR ==================================
16:09:27.0433 7956 [ 61A349592C4728853F4A90FF78F7628E ] \Device\Harddisk0\DR0
16:09:28.0621 7956 \Device\Harddisk0\DR0 - ok
16:09:28.0621 7956 ================ Scan VBR ==================================
16:09:28.0668 7956 [ 8F680E9C96742F84409DE2DEFDF6E44E ] \Device\Harddisk0\DR0\Partition1
16:09:28.0668 7956 \Device\Harddisk0\DR0\Partition1 - ok
16:09:28.0683 7956 [ 9A056D696A8188AAA592F3F980369C88 ] \Device\Harddisk0\DR0\Partition2
16:09:28.0683 7956 \Device\Harddisk0\DR0\Partition2 - ok
16:09:28.0683 7956 ============================================================
16:09:28.0683 7956 Scan finished
16:09:28.0683 7956 ============================================================
16:09:28.0699 6772 Detected object count: 4
16:09:28.0699 6772 Actual detected object count: 4
16:10:06.0292 6772 EvtEng ( UnsignedFile.Multi.Generic ) - skipped by user
16:10:06.0292 6772 EvtEng ( UnsignedFile.Multi.Generic ) - User select action: Skip
16:10:06.0302 6772 LightScribeService ( UnsignedFile.Multi.Generic ) - skipped by user
16:10:06.0302 6772 LightScribeService ( UnsignedFile.Multi.Generic ) - User select action: Skip
16:10:06.0302 6772 RegSrvc ( UnsignedFile.Multi.Generic ) - skipped by user
16:10:06.0302 6772 RegSrvc ( UnsignedFile.Multi.Generic ) - User select action: Skip
16:10:06.0302 6772 Samsung Update Plus ( UnsignedFile.Multi.Generic ) - skipped by user
16:10:06.0302 6772 Samsung Update Plus ( UnsignedFile.Multi.Generic ) - User select action: Skip

Mfg

Ezelmaster

cosinus · 28.10.2012, 16:24

Dann bitte jetzt CF ausführen:

ComboFix

Ein Leitfaden und Tutorium zur Nutzung von ComboFix

Lade dir ComboFix hier herunter auf deinen Desktop.

Schliesse alle Programme, vor allem dein Antivirenprogramm und andere Hintergrundwächter sowie deinen Internetbrowser.

Starte combofix.exe von deinem Desktop aus, bestätige die Warnmeldungen, führe die Updates durch (falls vorgeschlagen), installiere die Wiederherstellungskonsole (falls vorgeschlagen) und lass dein System durchsuchen.
Vermeide es auch während Combofix läuft die Maus und Tastatur zu benutzen.

Im Anschluss öffnet sich automatisch eine combofix.txt, diesen Inhalt bitte kopieren ([Strg]a, [Strg]c) und in deinen Beitrag einfügen ([Strg]v). Die Datei findest du außerdem unter: C:\ComboFix.txt.

Wichtiger Hinweis:

Combofix darf ausschließlich ausgeführt werden, wenn ein Kompetenzler dies ausdrücklich empfohlen hat!

Es sollte nie auf eigene Initiative hin ausgeführt werden! Eine falsche Benutzung kann ernsthafte Computerprobleme nach sich ziehen und eine Bereinigung der Infektion noch erschweren.

Solltest du nach der Ausführung von Combofix Probleme beim Starten von Anwendungen haben und Meldungen erhalten wie

Zitat:

Es wurde versucht, einen Registrierungsschlüssel einem ungültigen Vorgang zu unterziehen, der zum Löschen markiert wurde.

startest du Windows dann manuell neu und die Fehlermeldungen sollten nicht mehr auftauchen.

Ezelmaster · 28.10.2012, 17:47

Hallo cosinus,

hier der Text von Combofix:
Combofix Logfile:

Code:

ATTFilter

ComboFix 12-10-26.05 - Ezelmaster 28.10.2012  17:05:26.1.2 - x86
Microsoft® Windows Vista™ Home Premium   6.0.6002.2.1252.49.1031.18.3066.2225 [GMT 1:00]
ausgeführt von:: c:\users\Ezelmaster\Desktop\ComboFix.exe
AV: Avira Desktop *Enabled/Updated* {F67B4DE5-C0B4-6C3F-0EFF-6C83BD5D0C2C}
SP: Avira Desktop *Enabled/Updated* {4D1AAC01-E68E-63B1-344F-57F1C6DA4691}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
.
((((((((((((((((((((((((((((((((((((   Weitere Löschungen   ))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\programdata\0tbpw.pad
c:\programdata\Roaming
c:\programdata\Roaming\Intel\Wireless\Settings\Settings.ini
c:\programdata\windows
c:\programdata\windows\dsdd.dat
c:\programdata\Windows\nudr.dat
c:\users\Ezelmaster\AppData\Local\lame_enc.dll
c:\users\Ezelmaster\AppData\Local\no23xwrapper.dll
c:\users\Ezelmaster\AppData\Local\ogg.dll
c:\users\Ezelmaster\AppData\Local\vorbis.dll
c:\users\Ezelmaster\AppData\Local\vorbisenc.dll
c:\users\Ezelmaster\AppData\Local\vorbisfile.dll
c:\users\Ezelmaster\AppData\Roaming\273E70CD.reg
c:\users\Ezelmaster\AppData\Roaming\AcroIEHelpe.txt
c:\users\Ezelmaster\AppData\Roaming\srvblck5.tmp
c:\windows\$NtUninstallKB4083$
c:\windows\$NtUninstallKB4083$\1160427706
c:\windows\$NtUninstallKB4083$\2477300827\Desktop.ini
c:\windows\assembly\GAC\Desktop.ini
c:\windows\system32\roboot.exe
.
.
(((((((((((((((((((((((((((((((((((((((   Treiber/Dienste   )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
-------\Service_nvsvc
.
.
(((((((((((((((((((((((   Dateien erstellt von 2012-09-28 bis 2012-10-28  ))))))))))))))))))))))))))))))
.
.
2012-10-27 08:58 . 2012-10-27 08:58	--------	d-----w-	c:\program files\7-Zip
2012-10-15 17:40 . 2012-10-19 17:05	--------	d-----w-	c:\users\Ezelmaster\AppData\Local\Audible
2012-10-15 17:40 . 2012-10-15 17:40	255352	----a-w-	c:\windows\system32\awrdscdc.ax
2012-10-15 17:39 . 2012-10-15 17:40	--------	d-----w-	c:\program files\Audible
2012-10-10 19:52 . 2012-06-02 00:02	985088	----a-w-	c:\windows\system32\crypt32.dll
2012-10-10 19:52 . 2012-06-02 00:02	98304	----a-w-	c:\windows\system32\cryptnet.dll
2012-10-10 19:52 . 2012-06-02 00:02	133120	----a-w-	c:\windows\system32\cryptsvc.dll
2012-10-10 19:52 . 2012-08-24 15:53	172544	----a-w-	c:\windows\system32\wintrust.dll
2012-10-10 19:52 . 2012-09-13 13:28	2048	----a-w-	c:\windows\system32\tzres.dll
2012-10-10 19:52 . 2012-08-29 11:27	3602816	----a-w-	c:\windows\system32\ntkrnlpa.exe
2012-10-10 19:52 . 2012-08-29 11:27	3550080	----a-w-	c:\windows\system32\ntoskrnl.exe
2012-09-30 15:27 . 2012-09-30 15:27	--------	d-----w-	c:\program files\Rockstar Games
.
.
.
((((((((((((((((((((((((((((((((((((   Find3M Bericht   ))))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2012-09-04 17:25 . 2012-09-04 17:25	93672	----a-w-	c:\windows\system32\WindowsAccessBridge.dll
2012-09-04 17:25 . 2012-09-04 17:25	821736	----a-w-	c:\windows\system32\npDeployJava1.dll
2012-09-04 17:25 . 2012-09-04 17:25	746984	----a-w-	c:\windows\system32\deployJava1.dll
2012-08-24 06:59 . 2012-09-22 16:46	1800704	----a-w-	c:\windows\system32\jscript9.dll
2012-08-24 06:51 . 2012-09-22 16:46	1129472	----a-w-	c:\windows\system32\wininet.dll
2012-08-24 06:51 . 2012-09-22 16:46	1427968	----a-w-	c:\windows\system32\inetcpl.cpl
2012-08-24 06:47 . 2012-09-22 16:46	142848	----a-w-	c:\windows\system32\ieUnatt.exe
2012-08-24 06:47 . 2012-09-22 16:46	420864	----a-w-	c:\windows\system32\vbscript.dll
2012-08-24 06:43 . 2012-09-22 16:46	2382848	----a-w-	c:\windows\system32\mshtml.tlb
2012-08-23 16:32 . 2012-08-23 16:32	696520	----a-w-	c:\windows\system32\FlashPlayerApp.exe
2012-08-23 16:32 . 2012-03-27 15:05	73416	----a-w-	c:\windows\system32\FlashPlayerCPLApp.cpl
2012-07-18 18:05 . 2012-03-26 19:14	136672	----a-w-	c:\program files\mozilla firefox\components\browsercomps.dll
.
.
((((((((((((((((((((((((((((   Autostartpunkte der Registrierung   ))))))))))))))))))))))))))))))))))))))))
.
.
*Hinweis* leere Einträge & legitime Standardeinträge werden nicht angezeigt. 
REGEDIT4
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ehTray.exe"="c:\windows\ehome\ehTray.exe" [2008-01-21 125952]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2008-07-26 13548064]
"NvMediaCenter"="c:\windows\system32\NvMcTray.dll" [2008-07-26 92704]
"RtHDVCpl"="RtHDVCpl.exe" [2008-04-17 6111232]
"SynTPEnh"="c:\program files\Synaptics\SynTP\SynTPEnh.exe" [2007-10-26 1029416]
"avgnt"="c:\program files\Avira\AntiVir Desktop\avgnt.exe" [2012-08-08 348664]
"SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2012-07-03 252848]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"EnableUIADesktopToggle"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"aux"=wdmaud.drv
.
[HKLM\~\startupfolder\C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^BTTray.lnk]
path=c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\BTTray.lnk
backup=c:\windows\pss\BTTray.lnk.CommonStartup
backupExtension=.CommonStartup
.
[HKLM\~\startupfolder\C:^Users^Ezelmaster^AppData^Roaming^Microsoft^Windows^Start Menu^Programs^Startup^ctfmon.lnk]
path=c:\users\Ezelmaster\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\ctfmon.lnk
backup=c:\windows\pss\ctfmon.lnk.Startup
backupExtension=.Startup
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe Reader Speed Launcher]
2008-01-11 13:16	39792	----a-w-	c:\program files\Adobe\Reader 8.0\Reader\reader_sl.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\APSDaemon]
2012-05-30 18:06	59280	----a-w-	c:\program files\Common Files\Apple\Apple Application Support\APSDaemon.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DAEMON Tools Lite]
2012-02-13 08:06	3481408	----a-w-	c:\program files\DAEMON Tools Lite\DTLite.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ehTray.exe]
2008-01-21 02:25	125952	----a-w-	c:\windows\ehome\ehtray.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\iTunesHelper]
2012-06-07 17:33	421776	----a-w-	c:\program files\iTunes\iTunesHelper.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\LanguageShortcut]
2007-01-08 13:17	52256	----a-w-	c:\program files\CyberLink\PowerDVD\Language\Language.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\LightScribe Control Panel]
2008-03-17 08:59	2289664	----a-w-	c:\program files\Common Files\LightScribe\LightScribeControlPanel.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\RemoteControl]
2007-03-14 12:01	71216	----a-w-	c:\program files\CyberLink\PowerDVD\PDVDServ.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\uTorrent]
2012-07-02 16:19	880496	----a-w-	c:\program files\uTorrent\uTorrent.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\McAfeeAntiSpyware]
"DisableMonitoring"=dword:00000001
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
bthsvcs	REG_MULTI_SZ   	BthServ
LocalServiceAndNoImpersonation	REG_MULTI_SZ   	FontCache
.
[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{10880D85-AAD9-4558-ABDC-2AB1552D831F}]
2008-03-17 08:56	451872	----a-w-	c:\program files\Common Files\LightScribe\LSRunOnce.exe
.
.
------- Zusätzlicher Suchlauf -------
.
uStart Page = hxxp:\\SAMSUNG NOTEBOOK PC
uInternet Settings,ProxyOverride = *.local
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
IE: Free YouTube Download - c:\users\Ezelmaster\AppData\Roaming\DVDVideoSoftIEHelpers\freeytvdownloader.htm
IE: Free YouTube to MP3 Converter - c:\users\Ezelmaster\AppData\Roaming\DVDVideoSoftIEHelpers\freeyoutubetomp3converter.htm
TCP: DhcpNameServer = 192.168.1.1
FF - ProfilePath - c:\users\Ezelmaster\AppData\Roaming\Mozilla\Firefox\Profiles\tzttvicl.default\
FF - prefs.js: browser.startup.homepage - Google
.
- - - - Entfernte verwaiste Registrierungseinträge - - - -
.
MSConfigStartUp-DATBBE3.tmp - c:\users\EZELMA~1\AppData\Local\Temp\DATBBE3.tmp.exe
MSConfigStartUp-pdneielniiuscyh - c:\programdata\pdneieln.exe
MSConfigStartUp-Userinit - c:\users\Ezelmaster\AppData\Roaming\appconf32.exe
.
.
.
**************************************************************************
.
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, GMER - Rootkit Detector and Remover
Rootkit scan 2012-10-28 17:38
Windows 6.0.6002 Service Pack 2 NTFS
.
Scanne versteckte Prozesse... 
.
Scanne versteckte Autostarteinträge... 
.
Scanne versteckte Dateien... 
.
Scan erfolgreich abgeschlossen
versteckte Dateien: 0
.
**************************************************************************
.
--------------------- Gesperrte Registrierungsschluessel ---------------------
.
[HKEY_USERS\S-1-5-21-4030408420-658824629-2082844515-1003\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.*m*k*v*œž&H\OpenWithList]
@Class="Shell"
"a"="vlc.exe"
"MRUList"="a"
.
[HKEY_USERS\S-1-5-21-4030408420-658824629-2082844515-1003\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.*m*p*3.}Y\OpenWithList]
@Class="Shell"
"a"="vlc.exe"
"MRUList"="a"
.
[HKEY_USERS\S-1-5-21-4030408420-658824629-2082844515-1003\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.*m*p*R.}Y\OpenWithList]
@Class="Shell"
"a"="vlc.exe"
"MRUList"="a"
.
--------------------- Durch laufende Prozesse gestartete DLLs ---------------------
.
- - - - - - - > 'Explorer.exe'(1972)
c:\windows\system32\btncopy.dll
.
------------------------ Weitere laufende Prozesse ------------------------
.
c:\windows\system32\WLANExt.exe
c:\program files\Avira\AntiVir Desktop\sched.exe
c:\program files\Avira\AntiVir Desktop\avguard.exe
c:\program files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
c:\program files\Microsoft Small Business\Business Contact Manager\BcmSqlStartupSvc.exe
c:\program files\Bonjour\mDNSResponder.exe
c:\program files\Intel\WiFi\bin\EvtEng.exe
c:\program files\Common Files\LightScribe\LSSrvc.exe
c:\program files\Common Files\Intel\WirelessCommon\RegSrvc.exe
c:\program files\CyberLink\Shared Files\RichVideo.exe
c:\program files\Microsoft SQL Server\90\Shared\sqlbrowser.exe
c:\program files\Microsoft SQL Server\90\Shared\sqlwriter.exe
c:\program files\Avira\AntiVir Desktop\avshadow.exe
c:\program files\Samsung\Samsung Magic Doctor\MagicDoctorKbdHk.exe
c:\windows\system32\conime.exe
c:\windows\System32\rundll32.exe
c:\windows\RtHDVCpl.exe
c:\windows\ehome\ehmsas.exe
.
**************************************************************************
.
Zeit der Fertigstellung: 2012-10-28  17:40:17 - PC wurde neu gestartet
ComboFix-quarantined-files.txt  2012-10-28 16:39
.
Vor Suchlauf: 7 Verzeichnis(se), 69.720.059.904 Bytes frei
Nach Suchlauf: 11 Verzeichnis(se), 69.576.024.064 Bytes frei
.
- - End Of File - - 5AEF35EBF6A6A03B020ACE85AD122A99

--- --- ---

cosinus · 28.10.2012, 17:51

Ok, zur Kontrolle: Systemscan mit OTL

Lade Dir bitte OTL von Oldtimer herunter und speichere es auf Deinem Desktop. Falls schon vorhanden, bitte die ältere vorhandene Datei durch die neu heruntergeladene Datei ersetzen, damit du auch wirklich mit einer aktuellen Version von OTL arbeitest.

Doppelklick auf die OTL.exe
Vista User: Rechtsklick auf die OTL.exe und "als Administrator ausführen" wählen
Setze oben mittig den Haken bei Scanne alle Benutzer
Oben findest Du ein Kästchen mit Output. Wähle bitte Minimal Output
Unter Extra Registry, wähle bitte Use SafeList
Klicke nun auf Run Scan links oben
Wenn der Scan beendet wurde werden 2 Logfiles erstellt
Poste die Logfiles hier in den Thread.

Bitte alles nach Möglichkeit hier in CODE-Tags posten.

Wird so gemacht:

[code] hier steht das Log [/code]

Und das ganze sieht dann so aus:

Code:

ATTFilter

 hier steht das Log

Ezelmaster · 28.10.2012, 19:25

Code:

ATTFilter

OTL logfile created on: 28.10.2012 18:33:53 - Run 2
OTL by OldTimer - Version 3.2.69.0     Folder = C:\Users\Ezelmaster\Desktop
Windows Vista Home Premium Edition Service Pack 2 (Version = 6.0.6002) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
 
2,99 Gb Total Physical Memory | 2,01 Gb Available Physical Memory | 67,20% Memory free
6,21 Gb Paging File | 5,23 Gb Available in Paging File | 84,19% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 144,09 Gb Total Space | 64,85 Gb Free Space | 45,01% Space Free | Partition Type: NTFS
Drive F: | 144,00 Gb Total Space | 116,60 Gb Free Space | 80,97% Space Free | Partition Type: NTFS
 
Computer Name: EZEL | User Name: Ezelmaster | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days
 
========== Processes (SafeList) ==========
 
PRC - C:\Users\Ezelmaster\Desktop\OTL.exe (OldTimer Tools)
PRC - C:\Windows\System32\Macromed\Flash\FlashPlayerPlugin_11_4_402_265.exe (Adobe Systems, Inc.)
PRC - C:\Programme\Avira\AntiVir Desktop\avgnt.exe (Avira Operations GmbH & Co. KG)
PRC - C:\Programme\Mozilla Firefox\firefox.exe (Mozilla Corporation)
PRC - C:\Programme\Avira\AntiVir Desktop\sched.exe (Avira Operations GmbH & Co. KG)
PRC - C:\Programme\Avira\AntiVir Desktop\avguard.exe (Avira Operations GmbH & Co. KG)
PRC - C:\Programme\Avira\AntiVir Desktop\avshadow.exe (Avira Operations GmbH & Co. KG)
PRC - C:\Programme\Microsoft SQL Server\90\Shared\sqlwriter.exe (Microsoft Corporation)
PRC - C:\Programme\Microsoft SQL Server\90\Shared\sqlbrowser.exe (Microsoft Corporation)
PRC - C:\Windows\explorer.exe (Microsoft Corporation)
PRC - C:\Windows\System32\conime.exe (Microsoft Corporation)
PRC - C:\Programme\Microsoft Small Business\Business Contact Manager\BcmSqlStartupSvc.exe (Microsoft Corporation)
PRC - C:\Programme\Samsung\Samsung Magic Doctor\MagicDoctorKbdHk.exe (Samsung Electronics Co., Ltd.)
PRC - C:\Programme\Intel\WiFi\bin\EvtEng.exe (Intel(R) Corporation)
PRC - C:\Programme\Common Files\Intel\WirelessCommon\RegSrvc.exe (Intel(R) Corporation)
PRC - C:\Windows\RtHDVCpl.exe (Realtek Semiconductor)
 
 
========== Modules (No Company Name) ==========
 
MOD - C:\Windows\System32\Macromed\Flash\NPSWF32_11_4_402_265.dll ()
MOD - C:\Programme\Mozilla Firefox\mozjs.dll ()
MOD - C:\Programme\WinRAR\RarExt.dll ()
MOD - C:\Programme\Samsung\Samsung Magic Doctor\HookDllPS2.dll ()
 
 
========== Services (SafeList) ==========
 
SRV - (MozillaMaintenance) -- C:\Programme\Mozilla Maintenance Service\maintenanceservice.exe (Mozilla Foundation)
SRV - (AntiVirSchedulerService) -- C:\Programme\Avira\AntiVir Desktop\sched.exe (Avira Operations GmbH & Co. KG)
SRV - (AntiVirService) -- C:\Programme\Avira\AntiVir Desktop\avguard.exe (Avira Operations GmbH & Co. KG)
SRV - (SQLWriter) -- C:\Programme\Microsoft SQL Server\90\Shared\sqlwriter.exe (Microsoft Corporation)
SRV - (MSSQL$MSSMLBIZ) -- C:\Programme\Microsoft SQL Server\MSSQL.1\MSSQL\Binn\sqlservr.exe (Microsoft Corporation)
SRV - (SQLBrowser) -- C:\Programme\Microsoft SQL Server\90\Shared\sqlbrowser.exe (Microsoft Corporation)
SRV - (MSSQLServerADHelper) -- C:\Programme\Microsoft SQL Server\90\Shared\sqladhlp90.exe (Microsoft Corporation)
SRV - (BcmSqlStartupSvc) -- C:\Programme\Microsoft Small Business\Business Contact Manager\BcmSqlStartupSvc.exe (Microsoft Corporation)
SRV - (EvtEng) -- C:\Programme\Intel\WiFi\bin\EvtEng.exe (Intel(R) Corporation)
SRV - (RegSrvc) -- C:\Programme\Common Files\Intel\WirelessCommon\RegSrvc.exe (Intel(R) Corporation)
SRV - (Samsung Update Plus) -- C:\Programme\Samsung\Samsung Update Plus\SLUBackgroundService.exe ()
SRV - (WMPNetworkSvc) -- C:\Programme\Windows Media Player\wmpnetwk.exe (Microsoft Corporation)
SRV - (WinDefend) -- C:\Programme\Windows Defender\MpSvc.dll (Microsoft Corporation)
SRV - (ose) -- C:\Programme\Common Files\microsoft shared\Source Engine\OSE.EXE (Microsoft Corporation)
 
 
========== Driver Services (SafeList) ==========
 
DRV - (XDva397) -- C:\Windows\system32\XDva397.sys File not found
DRV - (VMC326) -- System32\Drivers\VMC326.sys File not found
DRV - (NwlnkFwd) -- system32\DRIVERS\nwlnkfwd.sys File not found
DRV - (NwlnkFlt) -- system32\DRIVERS\nwlnkflt.sys File not found
DRV - (mbr) -- C:\Users\EZELMA~1\AppData\Local\Temp\mbr.sys File not found
DRV - (IpInIp) -- system32\DRIVERS\ipinip.sys File not found
DRV - (catchme) -- C:\ComboFix\catchme.sys File not found
DRV - (dtsoftbus01) -- C:\Windows\System32\drivers\dtsoftbus01.sys (DT Soft Ltd)
DRV - (avipbb) -- C:\Windows\System32\drivers\avipbb.sys (Avira GmbH)
DRV - (avgntflt) -- C:\Windows\System32\drivers\avgntflt.sys (Avira GmbH)
DRV - (avkmgr) -- C:\Windows\System32\drivers\avkmgr.sys (Avira GmbH)
DRV - (ssmdrv) -- C:\Windows\System32\drivers\ssmdrv.sys (Avira GmbH)
DRV - (NVHDA) -- C:\Windows\System32\drivers\nvhda32v.sys (NVIDIA Corporation)
DRV - (nvlddmkm) -- C:\Windows\System32\drivers\nvlddmkm.sys (NVIDIA Corporation)
DRV - (VMC302) -- C:\Windows\System32\drivers\vmc302.sys (Vimicro Corporation)
DRV - (athr) -- C:\Windows\System32\drivers\athr.sys (Atheros Communications, Inc.)
DRV - (NETw3v32) -- C:\Windows\System32\drivers\NETw3v32.sys (Intel Corporation)
DRV - (KMDFMEMIO) -- C:\Windows\System32\drivers\KMDFMEMIO.sys (SAMSUNG ELECTRONICS CO., LTD.)
DRV - (AgereSoftModem) -- C:\Windows\System32\drivers\AGRSM.sys (Agere Systems)
DRV - (bcm4sbxp) -- C:\Windows\System32\drivers\bcm4sbxp.sys (Broadcom Corporation)
 
 
========== Standard Registry (SafeList) ==========
 
 
========== Internet Explorer ==========
 
IE - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&FORM=IE8SRC
 
 
IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
 
IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
 
 
 
IE - HKU\S-1-5-21-4030408420-658824629-2082844515-1003\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http:\\www.samsungcomputer.com
IE - HKU\S-1-5-21-4030408420-658824629-2082844515-1003\SOFTWARE\Microsoft\Internet Explorer\Main,StartPageCache = 1
IE - HKU\S-1-5-21-4030408420-658824629-2082844515-1003\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE - HKU\S-1-5-21-4030408420-658824629-2082844515-1003\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://findgala.com/?&uid=3127&q={searchTerms}
IE - HKU\S-1-5-21-4030408420-658824629-2082844515-1003\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKU\S-1-5-21-4030408420-658824629-2082844515-1003\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local
 
========== FireFox ==========
 
FF - prefs.js..browser.search.update: false
FF - prefs.js..browser.startup.homepage: "www.google.de"
FF - prefs.js..extensions.enabledAddons: {9A207F60-3F1C-4ED0-972D-0A4CDFBFF803}:1.0
FF - user.js - File not found
 
FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF32_11_4_402_265.dll ()
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=:  File not found
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=1.0: C:\Program Files\iTunes\Mozilla Plugins\npitunes.dll ()
FF - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=10.7.2: C:\Windows\system32\npDeployJava1.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin,version=10.7.2: C:\Program Files\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WPF,version=3.5: C:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)
FF - HKCU\Software\MozillaPlugins\@unity3d.com/UnityPlayer,version=1.0: C:\Users\Ezelmaster\AppData\LocalLow\Unity\WebPlayer\loader\npUnity3D32.dll (Unity Technologies ApS)
 
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 14.0.1\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2012.07.18 19:05:45 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 14.0.1\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins
FF - HKEY_CURRENT_USER\software\mozilla\Firefox\extensions\\{9A207F60-3F1C-4ED0-972D-0A4CDFBFF803}: C:\Users\Ezelmaster\AppData\Roaming\14001.003 [2012.07.23 15:53:39 | 000,000,000 | ---D | M]
FF - HKEY_CURRENT_USER\software\mozilla\Mozilla Firefox 14.0.1\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2012.07.18 19:05:45 | 000,000,000 | ---D | M]
FF - HKEY_CURRENT_USER\software\mozilla\Mozilla Firefox 14.0.1\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins
 
[2012.03.26 20:15:07 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Ezelmaster\AppData\Roaming\mozilla\Extensions
[2012.08.21 18:58:49 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Ezelmaster\AppData\Roaming\mozilla\Firefox\Profiles\tzttvicl.default\extensions
[2012.07.11 18:31:19 | 000,525,390 | ---- | M] () (No name found) -- C:\Users\Ezelmaster\AppData\Roaming\mozilla\firefox\profiles\tzttvicl.default\extensions\{73a6fe31-595d-460b-a920-fcc0f8843232}.xpi
[2012.05.18 14:15:46 | 000,001,210 | ---- | M] () -- C:\Users\Ezelmaster\AppData\Roaming\mozilla\firefox\profiles\tzttvicl.default\searchplugins\search.xml
[2012.03.26 20:14:43 | 000,000,000 | ---D | M] (No name found) -- C:\Programme\Mozilla Firefox\extensions
[2012.07.23 15:53:39 | 000,000,000 | ---D | M] (Java Link Helper) -- C:\USERS\EZELMASTER\APPDATA\ROAMING\14001.003
[2012.07.18 19:05:45 | 000,136,672 | ---- | M] (Mozilla Foundation) -- C:\Program Files\mozilla firefox\components\browsercomps.dll
[2012.03.13 06:23:34 | 000,001,392 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\amazondotcom-de.xml
[2012.03.13 06:06:36 | 000,002,252 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\bing.xml
[2012.03.13 06:23:34 | 000,001,153 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\eBay-de.xml
[2012.03.13 06:23:34 | 000,006,805 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\leo_ende_de.xml
[2012.03.13 06:23:34 | 000,001,178 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\wikipedia-de.xml
[2012.03.13 06:23:34 | 000,001,105 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\yahoo-de.xml
 
O1 HOSTS File: ([2006.09.18 22:41:30 | 000,000,761 | ---- | M]) - C:\Windows\System32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1       localhost
O1 - Hosts: ::1             localhost
O2 - BHO: (Adobe PDF Reader) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Programme\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll (Adobe Systems Incorporated)
O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - No CLSID value found.
O2 - BHO: (Java(tm) Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Programme\Java\jre7\bin\ssv.dll (Oracle Corporation)
O2 - BHO: (Windows Live Anmelde-Hilfsprogramm) - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Programme\Common Files\microsoft shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corporation)
O2 - BHO: (Java(tm) Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Programme\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
O4 - HKLM..\Run: [avgnt] C:\Program Files\Avira\AntiVir Desktop\avgnt.exe (Avira Operations GmbH & Co. KG)
O4 - HKLM..\Run: [NvCplDaemon] C:\Windows\System32\NvCpl.dll (NVIDIA Corporation)
O4 - HKLM..\Run: [NvMediaCenter] C:\Windows\System32\NvMcTray.dll (NVIDIA Corporation)
O4 - HKLM..\Run: [RtHDVCpl] C:\Windows\RtHDVCpl.exe (Realtek Semiconductor)
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O7 - HKU\.DEFAULT\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-18\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-19\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-20\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-21-4030408420-658824629-2082844515-1003\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-21-4030408420-658824629-2082844515-1003\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O8 - Extra context menu item: E&xport to Microsoft Excel - C:\Programme\Microsoft Office\OFFICE11\EXCEL.EXE (Microsoft Corporation)
O8 - Extra context menu item: Free YouTube Download - C:\Users\Ezelmaster\AppData\Roaming\DVDVideoSoftIEHelpers\freeytvdownloader.htm ()
O8 - Extra context menu item: Free YouTube to MP3 Converter - C:\Users\Ezelmaster\AppData\Roaming\DVDVideoSoftIEHelpers\freeyoutubetomp3converter.htm ()
O9 - Extra Button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\Programme\Microsoft Office\OFFICE11\REFIEBAR.DLL (Microsoft Corporation)
O9 - Extra Button: @btrez.dll,-4015 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Programme\WIDCOMM\Bluetooth Software\btsendto_ie.htm ()
O9 - Extra 'Tools' menuitem : @btrez.dll,-12650 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Programme\WIDCOMM\Bluetooth Software\btsendto_ie.htm ()
O10 - NameSpace_Catalog5\Catalog_Entries\000000000008 [] - C:\Programme\Bonjour\mdnsNSP.dll (Apple Inc.)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{7A9CDCB2-3C11-49D1-9BAB-B59851B0A2C4}: DhcpNameServer = 192.168.1.1
O18 - Protocol\Handler\livecall {828030A1-22C1-4009-854F-8E305202313F} - C:\Programme\Windows Live\Messenger\msgrapp.14.0.8117.0416.dll (Microsoft Corporation)
O18 - Protocol\Handler\msdaipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\msdaipp\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\msnim {828030A1-22C1-4009-854F-8E305202313F} - C:\Programme\Windows Live\Messenger\msgrapp.14.0.8117.0416.dll (Microsoft Corporation)
O18 - Protocol\Handler\mso-offdap {3D9F03FA-7A94-11D3-BE81-0050048385D1} - C:\Programme\Common Files\microsoft shared\Web Components\10\OWC10.DLL (Microsoft Corporation)
O18 - Protocol\Handler\mso-offdap11 {32505114-5902-49B2-880A-1F7738E5A384} - C:\Programme\Common Files\microsoft shared\Web Components\11\OWC11.DLL (Microsoft Corporation)
O18 - Protocol\Filter\text/xml {807553E5-5146-11D5-A672-00B0D022E945} - C:\Programme\Common Files\microsoft shared\OFFICE11\MSOXMLMF.DLL (Microsoft Corporation)
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\System32\userinit.exe (Microsoft Corporation)
O24 - Desktop WallPaper: C:\Users\Ezelmaster\AppData\Roaming\Microsoft\Windows Photo Gallery\Hintergrundbild der Windows-Fotogalerie.jpg
O24 - Desktop BackupWallPaper: C:\Users\Ezelmaster\AppData\Roaming\Microsoft\Windows Photo Gallery\Hintergrundbild der Windows-Fotogalerie.jpg
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2006.09.18 22:43:36 | 000,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ]
O34 - HKLM BootExecute: (autocheck autochk *)
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = ComFile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)
 
========== Files/Folders - Created Within 30 Days ==========
 
[2012.10.28 17:40:19 | 000,000,000 | ---D | C] -- C:\Windows\temp
[2012.10.28 17:40:19 | 000,000,000 | ---D | C] -- C:\Users\Ezelmaster\AppData\Local\temp
[2012.10.28 17:37:31 | 000,000,000 | ---D | C] -- C:\$RECYCLE.BIN
[2012.10.28 16:35:30 | 000,518,144 | ---- | C] (SteelWerX) -- C:\Windows\SWREG.exe
[2012.10.28 16:35:30 | 000,406,528 | ---- | C] (SteelWerX) -- C:\Windows\SWSC.exe
[2012.10.28 16:35:30 | 000,060,416 | ---- | C] (NirSoft) -- C:\Windows\NIRCMD.exe
[2012.10.28 16:34:57 | 000,000,000 | ---D | C] -- C:\Qoobox
[2012.10.28 16:34:47 | 000,000,000 | ---D | C] -- C:\Windows\erdnt
[2012.10.28 16:33:35 | 004,989,309 | R--- | C] (Swearware) -- C:\Users\Ezelmaster\Desktop\ComboFix.exe
[2012.10.27 23:30:04 | 000,000,000 | ---D | C] -- C:\Users\Ezelmaster\Desktop\Viruskram
[2012.10.27 09:58:04 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\7-Zip
[2012.10.27 09:58:03 | 000,000,000 | ---D | C] -- C:\Program Files\7-Zip
[2012.10.26 18:15:36 | 000,602,112 | ---- | C] (OldTimer Tools) -- C:\Users\Ezelmaster\Desktop\OTL.exe
[2012.10.15 18:49:16 | 000,000,000 | ---D | C] -- C:\Users\Ezelmaster\Desktop\Wiedergabelisten
[2012.10.15 18:40:16 | 000,000,000 | ---D | C] -- C:\Users\Ezelmaster\AppData\Local\Audible
[2012.10.15 18:40:09 | 000,255,352 | ---- | C] (Audible, Inc.) -- C:\Windows\System32\awrdscdc.ax
[2012.10.15 18:39:48 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\AudibleManager
[2012.10.15 18:39:45 | 000,000,000 | ---D | C] -- C:\Users\Ezelmaster\Documents\Audible
[2012.10.15 18:39:45 | 000,000,000 | ---D | C] -- C:\Users\Ezelmaster\Desktop\Audible
[2012.10.15 18:39:45 | 000,000,000 | ---D | C] -- C:\Program Files\Audible
[2012.10.10 20:52:47 | 000,002,048 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\tzres.dll
[2012.10.10 20:52:43 | 003,602,816 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ntkrnlpa.exe
[2012.10.10 20:52:43 | 003,550,080 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ntoskrnl.exe
[2012.09.30 16:57:32 | 000,000,000 | ---D | C] -- C:\Users\Ezelmaster\Documents\Bully Scholarship Edition
[2012.09.30 16:40:22 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Rockstar Games
[2012.09.30 16:27:09 | 000,000,000 | ---D | C] -- C:\Program Files\Rockstar Games
[2012.09.30 16:20:32 | 000,507,400 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\XAudio2_1.dll
[2012.09.30 16:20:32 | 000,065,032 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\XAPOFX1_0.dll
[2012.09.30 16:20:31 | 003,850,760 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\D3DX9_38.dll
[2012.09.30 16:20:31 | 001,491,992 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\D3DCompiler_38.dll
[2012.09.30 16:20:31 | 000,479,752 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\XAudio2_0.dll
[2012.09.30 16:20:31 | 000,467,984 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\d3dx10_38.dll
[2012.09.30 16:20:31 | 000,238,088 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\xactengine3_1.dll
[2012.09.30 16:20:31 | 000,238,088 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\xactengine3_0.dll
[2012.09.30 16:20:31 | 000,025,608 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\X3DAudio1_4.dll
[2012.09.30 16:20:30 | 003,786,760 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\D3DX9_37.dll
[2012.09.30 16:20:30 | 003,734,536 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\d3dx9_36.dll
[2012.09.30 16:20:30 | 001,420,824 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\D3DCompiler_37.dll
[2012.09.30 16:20:30 | 001,374,232 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\D3DCompiler_36.dll
[2012.09.30 16:20:30 | 000,462,864 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\d3dx10_37.dll
[2012.09.30 16:20:30 | 000,444,776 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\d3dx10_36.dll
[2012.09.30 16:20:30 | 000,267,272 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\xactengine2_10.dll
[2012.09.30 16:20:30 | 000,025,608 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\X3DAudio1_3.dll
[2012.09.30 16:20:29 | 003,727,720 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\d3dx9_35.dll
[2012.09.30 16:20:29 | 001,358,192 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\D3DCompiler_35.dll
[2012.09.30 16:20:29 | 000,444,776 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\d3dx10_35.dll
[2012.09.30 16:20:29 | 000,443,752 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\d3dx10_34.dll
[2012.09.30 16:20:29 | 000,267,112 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\xactengine2_9.dll
[2012.09.30 16:20:29 | 000,266,088 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\xactengine2_8.dll
[2012.09.30 16:20:29 | 000,017,928 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\X3DAudio1_2.dll
[2012.09.30 16:20:28 | 001,124,720 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\D3DCompiler_34.dll
[2012.09.30 16:20:26 | 000,081,768 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\xinput1_3.dll
[2012.09.30 16:20:24 | 003,495,784 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\d3dx9_33.dll
[2012.09.30 16:20:24 | 003,426,072 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\d3dx9_32.dll
[2012.09.30 16:20:24 | 001,123,696 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\D3DCompiler_33.dll
[2012.09.30 16:20:24 | 000,443,752 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\d3dx10_33.dll
[2012.09.30 16:20:24 | 000,440,080 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\d3dx10.dll
[2012.09.30 16:20:24 | 000,261,480 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\xactengine2_7.dll
[2012.09.30 16:20:24 | 000,255,848 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\xactengine2_6.dll
[2012.09.30 16:20:24 | 000,251,672 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\xactengine2_5.dll
[2012.09.30 16:20:23 | 002,414,360 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\d3dx9_31.dll
[2012.09.30 16:20:23 | 000,237,848 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\xactengine2_4.dll
[2012.09.30 16:20:23 | 000,236,824 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\xactengine2_3.dll
[2012.09.30 16:20:23 | 000,230,168 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\xactengine2_2.dll
[2012.09.30 16:20:23 | 000,062,744 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\xinput1_2.dll
[2012.09.30 16:20:23 | 000,062,672 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\xinput1_1.dll
[2012.09.30 16:20:23 | 000,015,128 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\x3daudio1_1.dll
[2012.09.30 16:20:22 | 000,229,584 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\xactengine2_1.dll
[2012.09.30 16:20:16 | 002,388,176 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\d3dx9_30.dll
[2012.09.30 16:20:15 | 002,332,368 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\d3dx9_29.dll
[2012.09.30 16:20:15 | 002,323,664 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\d3dx9_28.dll
[2012.09.30 16:20:15 | 002,319,568 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\d3dx9_27.dll
[2012.09.30 16:20:15 | 002,297,552 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\d3dx9_26.dll
[2012.09.30 16:20:15 | 000,230,096 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\xactengine2_0.dll
[2012.09.30 16:20:15 | 000,014,032 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\x3daudio1_0.dll
[2012.09.30 16:20:14 | 002,337,488 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\d3dx9_25.dll
[2012.09.30 16:20:14 | 002,222,800 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\d3dx9_24.dll
[2007.08.13 16:46:00 | 000,102,912 | ---- | C] (Albert L Faber) -- C:\Users\Ezelmaster\AppData\Local\CDRip.dll
[2007.01.18 20:09:54 | 000,623,616 | ---- | C] (Ivan Bischof ©2003 - 2005) -- C:\Users\Ezelmaster\AppData\Local\No23 Recorder.exe
[2006.12.11 18:13:14 | 000,013,872 | ---- | C] (Un4seen Developments) -- C:\Users\Ezelmaster\AppData\Local\basscd.dll
[2006.12.11 18:13:12 | 000,097,336 | ---- | C] (Un4seen Developments) -- C:\Users\Ezelmaster\AppData\Local\bass.dll
 
========== Files - Modified Within 30 Days ==========
 
[2012.10.28 18:32:37 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\Ezelmaster\Desktop\OTL.exe
[2012.10.28 18:30:33 | 000,164,162 | ---- | M] () -- C:\ProgramData\nvModes.001
[2012.10.28 17:19:02 | 000,630,194 | ---- | M] () -- C:\Windows\System32\perfh009.dat
[2012.10.28 17:19:01 | 000,675,412 | ---- | M] () -- C:\Windows\System32\perfh007.dat
[2012.10.28 17:19:01 | 000,146,368 | ---- | M] () -- C:\Windows\System32\perfc007.dat
[2012.10.28 17:19:01 | 000,115,080 | ---- | M] () -- C:\Windows\System32\perfc009.dat
[2012.10.28 17:12:36 | 000,004,784 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0
[2012.10.28 17:12:36 | 000,004,784 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0
[2012.10.28 17:12:30 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2012.10.28 17:11:41 | 000,000,012 | ---- | M] () -- C:\Windows\bthservsdp.dat
[2012.10.28 16:33:48 | 004,989,309 | R--- | M] (Swearware) -- C:\Users\Ezelmaster\Desktop\ComboFix.exe
[2012.10.28 10:37:05 | 000,214,528 | ---- | M] () -- C:\Users\Ezelmaster\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2012.10.26 18:08:27 | 000,000,000 | ---- | M] () -- C:\Users\Ezelmaster\defogger_reenable
[2012.10.23 15:58:38 | 1894,121,472 | ---- | M] () -- C:\Users\Ezelmaster\Desktop\00001.MTS
[2012.10.21 18:26:44 | 000,164,162 | ---- | M] () -- C:\ProgramData\nvModes.dat
[2012.10.18 18:57:48 | 000,000,680 | ---- | M] () -- C:\Users\Ezelmaster\AppData\Local\d3d9caps.dat
[2012.10.18 18:34:59 | 000,076,347 | ---- | M] () -- C:\ProgramData\vkdxlmpywmesona
[2012.10.15 18:40:09 | 000,255,352 | ---- | M] (Audible, Inc.) -- C:\Windows\System32\awrdscdc.ax
[2012.10.09 19:39:31 | 000,008,103 | ---- | M] () -- C:\Users\Ezelmaster\Desktop\south park playlist.xspf
 
========== Files Created - No Company Name ==========
 
[2012.10.28 16:35:30 | 000,256,000 | ---- | C] () -- C:\Windows\PEV.exe
[2012.10.28 16:35:30 | 000,208,896 | ---- | C] () -- C:\Windows\MBR.exe
[2012.10.28 16:35:30 | 000,098,816 | ---- | C] () -- C:\Windows\sed.exe
[2012.10.28 16:35:30 | 000,080,412 | ---- | C] () -- C:\Windows\grep.exe
[2012.10.28 16:35:30 | 000,068,096 | ---- | C] () -- C:\Windows\zip.exe
[2012.10.26 18:08:27 | 000,000,000 | ---- | C] () -- C:\Users\Ezelmaster\defogger_reenable
[2012.10.23 15:47:24 | 1894,121,472 | ---- | C] () -- C:\Users\Ezelmaster\Desktop\00001.MTS
[2012.10.18 18:57:38 | 000,000,680 | ---- | C] () -- C:\Users\Ezelmaster\AppData\Local\d3d9caps.dat
[2012.10.18 18:34:55 | 000,076,347 | ---- | C] () -- C:\ProgramData\vkdxlmpywmesona
[2012.10.09 19:39:31 | 000,008,103 | ---- | C] () -- C:\Users\Ezelmaster\Desktop\south park playlist.xspf
[2012.09.14 07:43:56 | 000,000,851 | ---- | C] () -- C:\Users\Ezelmaster\AppData\Local\recently-used.xbel
[2012.07.26 15:38:00 | 000,001,472 | ---- | C] () -- C:\Users\Ezelmaster\AppData\Local\RecConfig.xml
[2012.07.23 21:21:28 | 000,000,010 | ---- | C] () -- C:\Users\Ezelmaster\AppData\Roaming\urhtps.dat
[2012.07.22 20:27:40 | 000,000,034 | ---- | C] () -- C:\Users\Ezelmaster\AppData\Roaming\blckdom.res
[2012.03.31 11:04:58 | 000,000,376 | ---- | C] () -- C:\Windows\ODBC.INI
[2012.03.31 10:35:02 | 000,117,248 | ---- | C] () -- C:\Windows\System32\EhStorAuthn.dll
[2012.03.31 10:35:02 | 000,107,612 | ---- | C] () -- C:\Windows\System32\StructuredQuerySchema.bin
[2012.03.27 17:34:34 | 000,214,528 | ---- | C] () -- C:\Users\Ezelmaster\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2008.11.01 08:51:57 | 000,164,162 | ---- | C] () -- C:\ProgramData\nvModes.001
[2008.11.01 08:51:52 | 000,164,162 | ---- | C] () -- C:\ProgramData\nvModes.dat
 
========== ZeroAccess Check ==========
 
[2006.11.02 13:54:22 | 000,000,227 | RHS- | M] () -- C:\Windows\assembly\Desktop.ini
 
[HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
 
[HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32]
 
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
"" = %SystemRoot%\system32\shell32.dll -- [2012.06.08 18:47:00 | 011,586,048 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment
 
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32]
"" = %systemroot%\system32\wbem\fastprox.dll -- [2009.04.11 07:28:19 | 000,614,912 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free
 
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32]
"" = %systemroot%\system32\wbem\wbemess.dll -- [2009.04.11 07:28:25 | 000,347,648 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Both

< End of report >

Code:

ATTFilter

OTL Extras logfile created on: 28.10.2012 18:33:53 - Run 2
OTL by OldTimer - Version 3.2.69.0     Folder = C:\Users\Ezelmaster\Desktop
Windows Vista Home Premium Edition Service Pack 2 (Version = 6.0.6002) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
 
2,99 Gb Total Physical Memory | 2,01 Gb Available Physical Memory | 67,20% Memory free
6,21 Gb Paging File | 5,23 Gb Available in Paging File | 84,19% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 144,09 Gb Total Space | 64,85 Gb Free Space | 45,01% Space Free | Partition Type: NTFS
Drive F: | 144,00 Gb Total Space | 116,60 Gb Free Space | 80,97% Space Free | Partition Type: NTFS
 
Computer Name: EZEL | User Name: Ezelmaster | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days
 
========== Extra Registry (SafeList) ==========
 
 
========== File Associations ==========
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- rundll32.exe shell32.dll,Control_RunDLL "%1",%*
.hlp [@ = hlpfile] -- C:\Windows\winhlp32.exe (Microsoft Corporation)
 
[HKEY_USERS\S-1-5-21-4030408420-658824629-2082844515-1003\SOFTWARE\Classes\<extension>]
.html [@ = FirefoxHTML] -- C:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation)
 
========== Shell Spawning ==========
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- rundll32.exe shell32.dll,Control_RunDLL "%1",%*
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
hlpfile [open] -- %SystemRoot%\winhlp32.exe %1 (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [AddToPlaylistVLC] -- "C:\Program Files\VideoLAN\VLC\vlc.exe" --started-from-file --playlist-enqueue "%1" ()
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [PlayWithVLC] -- "C:\Program Files\VideoLAN\VLC\vlc.exe" --started-from-file --no-playlist-enqueue "%1" ()
Folder [open] -- %SystemRoot%\Explorer.exe /separate,/idlist,%I,%L (Microsoft Corporation)
Folder [explore] -- %SystemRoot%\Explorer.exe /separate,/e,/idlist,%I,%L (Microsoft Corporation)
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
 
========== Security Center Settings ==========
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 1
"FirewallDisableNotify" = 0
"AntiVirusDisableNotify" = 0
"UpdatesDisableNotify" = 0
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeAntiSpyware]
"DisableMonitoring" = 1
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"AntiVirusOverride" = 0
"AntiSpywareOverride" = 0
"FirewallOverride" = 0
"VistaSp1" = Reg Error: Unknown registry data type -- File not found
"VistaSp2" = Reg Error: Unknown registry data type -- File not found
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol]
 
========== System Restore Settings ==========
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SystemRestore]
"DisableSR" = 0
 
========== Firewall Settings ==========
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\DomainProfile]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\StandardProfile]
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List]
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1
 
========== Authorized Applications List ==========
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
 
 
========== Vista Active Open Ports Exception List ==========
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{0294BB2F-6178-459D-8C46-8D1C40D6AD6B}" = rport=445 | protocol=6 | dir=out | app=system | 
"{057550CC-1C7E-4C7B-A2F8-3A8DDC978C8C}" = lport=138 | protocol=17 | dir=in | app=system | 
"{08E024BB-596A-4DFF-A430-159062EB67CE}" = lport=10243 | protocol=6 | dir=in | app=system | 
"{19A5737B-0BEE-43C8-BCD3-3CC714AA4FD3}" = lport=2177 | protocol=6 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe | 
"{25B9D31D-64EC-44F5-900B-17177C3E5D3C}" = rport=1900 | protocol=17 | dir=out | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe | 
"{295EF879-34FC-4A05-A484-51AA1443280E}" = lport=445 | protocol=6 | dir=in | app=system | 
"{2FA65B31-3A9D-4C20-AFC6-469495F0EF44}" = rport=2177 | protocol=6 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe | 
"{4084E937-EAAA-47EE-9520-7BE7CE434C09}" = lport=rpc | protocol=6 | dir=in | svc=spooler | app=%systemroot%\system32\spoolsv.exe | 
"{4BF5EB07-06A2-40E2-B5B6-244EF5C49A0F}" = lport=rpc-epmap | protocol=6 | dir=in | svc=rpcss | name=@firewallapi.dll,-28539 | 
"{5456EA1E-AF45-48BD-9C96-AB99A6CCF1D9}" = lport=139 | protocol=6 | dir=in | app=system | 
"{6364B77A-8796-4078-B3CC-5963A3E70B4F}" = rport=139 | protocol=6 | dir=out | app=system | 
"{6EFD3216-D4DB-448C-81DA-E8838C66FFD2}" = lport=5355 | protocol=17 | dir=in | svc=dnscache | app=%systemroot%\system32\svchost.exe | 
"{7C7BD74E-D59D-40F9-8481-A74C4729E9DD}" = rport=138 | protocol=17 | dir=out | app=system | 
"{86444BB3-291D-4D31-A046-BB4AA3243C28}" = rport=5355 | protocol=17 | dir=out | svc=dnscache | app=%systemroot%\system32\svchost.exe | 
"{AF8150A9-8B4A-4262-900E-D368942052B3}" = lport=2869 | protocol=6 | dir=in | app=system | 
"{BE10AB93-C4A6-464B-BE93-069E778BFF99}" = rport=10243 | protocol=6 | dir=out | app=system | 
"{C232D951-55E7-4D04-9346-F88A07FC0B22}" = lport=137 | protocol=17 | dir=in | app=system | 
"{C428A183-FD79-40B5-990D-895328F43AC8}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe | 
"{CF0676E6-E2EC-438A-9741-7029DEBD00CE}" = rport=2177 | protocol=17 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe | 
"{F534D21D-02A4-4E48-A237-A3745ED5E6D3}" = rport=137 | protocol=17 | dir=out | app=system | 
"{F9C1EEE5-72B7-40C6-BC7C-64E9DF7DEB39}" = lport=2177 | protocol=17 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe | 
 
========== Vista Active Application Exception List ==========
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{003C7A18-60D9-4C89-94D8-DE42C1AA1D76}" = protocol=58 | dir=in | name=@firewallapi.dll,-28545 | 
"{02A4D600-582A-4C14-ADFE-C125CF0CB18F}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmpnetwk.exe | 
"{1473D86F-6F04-46A3-9153-CD04272511DC}" = protocol=6 | dir=out | svc=upnphost | app=%systemroot%\system32\svchost.exe | 
"{4849799C-D8E9-4360-8F9A-6B5F2BCC7EA4}" = protocol=1 | dir=in | name=@firewallapi.dll,-28543 | 
"{56E808A1-BFD0-4B79-B567-B9FA848D697F}" = protocol=1 | dir=out | name=@firewallapi.dll,-28544 | 
"{61FB8AD2-C831-45AB-9DFB-D685C3A8300D}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe | 
"{62F27534-2769-4D2F-B42F-E96E62F64F44}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe | 
"{65901CFC-D156-4C8F-90EA-C26D256CA195}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe | 
"{68F6992D-6E9D-4F14-88EC-3E0B8BEC7EFF}" = protocol=6 | dir=in | app=%programfiles%\windows media player\wmpnetwk.exe | 
"{8642AF85-31DC-4BB3-8E9D-1E478C224084}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe | 
"{A5589677-56C4-46C1-A86B-1F0B5425786F}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe | 
"{AB3FBA72-52C3-4476-9A38-230DBE05659B}" = protocol=17 | dir=in | app=%programfiles(x86)%\windows media player\wmplayer.exe | 
"{BC7833D1-AE4B-4CAB-BDD5-6EA587E5C763}" = protocol=6 | dir=out | app=system | 
"{CE504808-152F-4073-8BB9-0F8E7C4D30C6}" = protocol=17 | dir=out | app=%programfiles(x86)%\windows media player\wmplayer.exe | 
"{D3648D1D-2BA3-4973-9B7E-EDC907B6E342}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe | 
"{E8715BB0-E132-4617-B344-62E03BFE2C1C}" = protocol=58 | dir=out | name=@firewallapi.dll,-28546 | 
"{E926E57D-011D-4F63-BCC5-FFCFDC28D091}" = protocol=6 | dir=out | app=%programfiles(x86)%\windows media player\wmplayer.exe | 
"{EFA98652-B437-42AA-B7D3-EFFD71ED4ECD}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmpnetwk.exe | 
"{F7DCF881-DB9D-4779-8D1C-CCCBAC7C73FF}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmpnetwk.exe | 
 
========== HKEY_LOCAL_MACHINE Uninstall List ==========
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{004C5DA2-2051-4D25-94BA-51CF810C91EB}" = LightScribe System Software  1.12.37.1
"{028ED9C4-25EE-4DEE-9CF4-91034BC89B18}" = Microsoft SQL Server 2005 Express Edition (MSSMLBIZ)
"{03D1988F-469F-4843-8E6E-E5FE9D17889D}" = WIDCOMM Bluetooth Software 6.0.1.6300
"{04983D37-2202-4295-94A2-8B547C66133F}" = Atheros WLAN Client
"{07629207-FAA0-4F1A-8092-BF5085BE511F}" = Unterstützungsdateien für das Microsoft SQL Server-Setup (Englisch)
"{122ADF8C-DDA1-480C-9936-C88F2825B265}" = Apple Application Support
"{145DE957-0679-4A2A-BB5C-1D3E9808FAB2}" = Samsung Recovery Solution III
"{17283B95-21A8-4996-97DA-547A48DB266F}" = Easy Display Manager
"{1FBF6C24-C1FD-4101-A42B-0C564F9E8E79}" = CyberLink DVD Suite
"{205C6BDD-7B73-42DE-8505-9A093F35A238}" = Windows Live-Uploadtool
"{22B0E143-2B0B-435B-9F56-136A3D16065F}" = No23 Recorder
"{22B775E7-6C42-4FC5-8E10-9A5E3257BD94}" = MSVCRT
"{26A24AE4-039D-4CA4-87B4-2F83217007FF}" = Java 7 Update 7
"{3175E049-F9A9-4A3D-8F19-AC9FB04514D1}" = Windows Live Communications Platform
"{32D6A58F-9659-446C-BBFC-E6F2B41F24DC}" = Samsung Magic Doctor
"{36BEAD11-8577-49AD-9250-E06A50AE87B0}" = Microsoft SOAP Toolkit 2.0 SP2
"{40BF1E83-20EB-11D8-97C5-0009C5020658}" = CyberLink Power2Go
"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
"{4cb9f93c-9edc-4be9-ae61-af128ddbecfa}" = Business Contact Manager für Outlook 2007 SP2
"{4EA8EA5D-8E46-4698-9BF7-2F2AD8E1C185}" = Easy Network Manager 3.0
"{50120000-1105-0000-0000-0000000FF1CE}" = Microsoft Office 2007 Primary Interop Assemblies
"{52B97218-98CB-4B8B-9283-D213C85E1AA4}" = Windows Live Anmelde-Assistent
"{6463EA8A-08AE-48BB-A921-A570CA34F28B}" = Magic The Gathering
"{65DA2EC9-0642-47E9-AAE2-B5267AA14D75}" = Activation Assistant for the 2007 Microsoft Office suites
"{6811CAA0-BF12-11D4-9EA1-0050BAE317E1}" = PowerDVD
"{685707A4-911C-468D-BFC4-64A50E5E3A0C}" = Samsung Update Plus
"{6AD9F5F3-5BD0-4000-BD9C-B536CF86D988}" = iTunes
"{6F730513-8688-4C3C-90A3-6B9792CE2EF3}" = Easy Battery Manager
"{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}" = Microsoft Visual C++ 2005 Redistributable
"{71A51B09-E7D3-11DB-A386-005056C00008}" = Vimicro UVC Camera
"{71A51B59-E7D3-11DB-A386-005056C00008}" = Namuga 1.3M Webcam
"{770103E9-E1C3-48C9-812B-2982C7070575}_is1" = Pazera Free MOV to AVI Converter 1.5
"{789A5B64-9DD9-4BA5-915A-F0FC0A1B7BFE}" = Apple Software Update
"{79155F2B-9895-49D7-8612-D92580E0DE5B}" = Bonjour
"{804F1285-8CBF-408D-8CDC-D4D40003B2E4}" = PlayCamera
"{8E106A57-A17E-431D-B48F-175E42EB9F74}" = imagine digital freedom - Samsung
"{8F1ADE4D-EFAC-4F5A-B346-23C2687FAF50}" = Apple Mobile Device Support
"{90110409-6000-11D3-8CFE-0150048383C9}" = Microsoft Office Professional Edition 2003
"{90120000-0020-0409-0000-0000000FF1CE}" = Compatibility Pack for the 2007 Office system
"{9068B2BE-D93A-4C0A-861C-5E35E2C0E09E}" = Intel® Matrix Storage Manager
"{90850407-6000-11D3-8CFE-0150048383C9}" = Microsoft Office Word Viewer 2003
"{90A40407-6000-11D3-8CFE-0150048383C9}" = Microsoft Office 2003 Web Components
"{95120000-00B9-0409-0000-0000000FF1CE}" = Microsoft Application Error Reporting
"{a517a98e-d5c2-41ea-a12d-47365cbd8813}.sdb" = MagicTG
"{A724605D-B399-4304-B8C7-33B3EF7D4677}" = Bully Scholarship Edition
"{A939D341-5A04-4E0A-BB55-3E65B386432D}" = Microsoft Office Small Business Connectivity Components
"{AC76BA86-7AD7-1031-7B44-A81200000003}" = Adobe Reader 8.1.2 - Deutsch
"{AED2DD42-9853-407E-A6BC-8A1D6B715909}" = Windows Live Messenger
"{AED53CDF-1046-4C6B-B5E2-C195125ECDA0}" = Intel(R) PROSet/Wireless WiFi-Software
"{B7A0CE06-068E-11D6-97FD-0050BACBF861}" = PowerProducer
"{BAE68339-B0F6-4D33-9554-5A3DB2DFF5DA}" = User Guide
"{C59C179C-668D-49A9-B6EA-0121CCFC1243}" = LabelPrint
"{CAFA57E8-8927-4912-AFCF-B0AA3837E989}" = Windows Live Essentials
"{CB099890-1D5F-11D5-9EA9-0050BAE317E1}" = PowerDirector
"{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}" = Microsoft .NET Framework 3.5 SP1
"{D2041A37-5FEC-49F0-AE5C-3F2FFDFAA4F4}" = Windows Live Call
"{EF367AA4-070B-493C-9575-85BE59D789C9}" = Easy SpeedUp Manager
"{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}" = Microsoft Visual C++ 2010  x86 Redistributable - 10.0.40219
"{F0E12BBA-AD66-4022-A453-A1C8A0C4D570}" = Microsoft Choice Guard
"{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}" = Realtek High Definition Audio Driver
"{F46E21DF-5BE1-48E2-8390-5EEA8B25E36A}" = Microsoft SQL Server Native Client
"{FDE96E86-7780-431C-92F7-679C6A7CEC51}" = Microsoft SQL Server VSS Writer
"7-Zip" = 7-Zip 9.20
"Activation Assistant for the 2007 Microsoft Office suites" = Activation Assistant for the 2007 Microsoft Office suites
"Adobe Flash Player ActiveX" = Adobe Flash Player ActiveX
"Adobe Flash Player Plugin" = Adobe Flash Player 11 Plugin
"Agere Systems Soft Modem" = Agere Systems HDA Modem
"AudibleManager" = AudibleManager
"Avira AntiVir Desktop" = Avira Free Antivirus
"Business Contact Manager" = Business Contact Manager für Outlook 2007 SP2
"DAEMON Tools Lite" = DAEMON Tools Lite
"Free Studio_is1" = Free Studio version 5.4.6
"GIMP-2_is1" = GIMP 2.8.0
"InstallShield_{4EA8EA5D-8E46-4698-9BF7-2F2AD8E1C185}" = Easy Network Manager 3.0
"InstallShield_{6463EA8A-08AE-48BB-A921-A570CA34F28B}" = Magic The Gathering
"InstallShield_{685707A4-911C-468D-BFC4-64A50E5E3A0C}" = Samsung Update Plus
"InstallShield_{A724605D-B399-4304-B8C7-33B3EF7D4677}" = Bully Scholarship Edition
"Microsoft .NET Framework 3.5 SP1" = Microsoft .NET Framework 3.5 SP1
"Microsoft SQL Server 2005" = Microsoft SQL Server 2005
"MinecraftAlpha" = MinecraftAlpha
"Mozilla Firefox 14.0.1 (x86 de)" = Mozilla Firefox 14.0.1 (x86 de)
"MozillaMaintenanceService" = Mozilla Maintenance Service
"NVIDIA Drivers" = NVIDIA Drivers
"ProInst" = Intel PROSet Wireless
"ScummVM_is1" = ScummVM 1.4.1
"SynTPDeinstKey" = Synaptics Pointing Device Driver
"uTorrent" = µTorrent
"VLC media player" = VLC media player 2.0.2
"WinLiveSuite_Wave3" = Windows Live Essentials
"WinRAR archiver" = WinRAR 4.11 (32-Bit)
 
========== HKEY_USERS Uninstall List ==========
 
[HKEY_USERS\S-1-5-21-4030408420-658824629-2082844515-1003\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"UnityWebPlayer" = Unity Web Player
 
========== Last 20 Event Log Errors ==========
 
[ Application Events ]
Error - 30.09.2012 11:52:32 | Computer Name = Ezel | Source = VSS | ID = 8194
Description = 
 
Error - 30.09.2012 12:06:11 | Computer Name = Ezel | Source = Application Error | ID = 1000
Description = Fehlerhafte Anwendung Bully.exe, Version 0.0.0.0, Zeitstempel 0x493fea7e,
 fehlerhaftes Modul Bully.exe, Version 0.0.0.0, Zeitstempel 0x493fea7e, Ausnahmecode
 0xc0000005, Fehleroffset 0x003476b6,  Prozess-ID 0xc74, Anwendungsstartzeit 01cd9f2490db245d.
 
Error - 01.10.2012 12:20:34 | Computer Name = Ezel | Source = WinMgmt | ID = 10
Description = 
 
Error - 02.10.2012 12:07:50 | Computer Name = Ezel | Source = WinMgmt | ID = 10
Description = 
 
Error - 03.10.2012 03:54:16 | Computer Name = Ezel | Source = WinMgmt | ID = 10
Description = 
 
Error - 04.10.2012 11:39:23 | Computer Name = Ezel | Source = WinMgmt | ID = 10
Description = 
 
Error - 05.10.2012 11:42:46 | Computer Name = Ezel | Source = WinMgmt | ID = 10
Description = 
 
Error - 06.10.2012 02:07:05 | Computer Name = Ezel | Source = WinMgmt | ID = 10
Description = 
 
Error - 06.10.2012 16:40:44 | Computer Name = Ezel | Source = Application Error | ID = 1000
Description = Fehlerhafte Anwendung wmplayer.exe, Version 11.0.6002.18311, Zeitstempel
 0x4c8e2d72, fehlerhaftes Modul qdvd.dll, Version 6.6.6002.18533, Zeitstempel 0x4ea6dcc3,
 Ausnahmecode 0xc0000005, Fehleroffset 0x0004916a,  Prozess-ID 0x1938, Anwendungsstartzeit
 01cda3f436478589.
 
Error - 07.10.2012 09:52:41 | Computer Name = Ezel | Source = WinMgmt | ID = 10
Description = 
 
[ System Events ]
Error - 26.05.2012 04:22:24 | Computer Name = Ezel | Source = Service Control Manager | ID = 7000
Description = 
 
Error - 26.05.2012 04:22:24 | Computer Name = Ezel | Source = Service Control Manager | ID = 7023
Description = 
 
Error - 26.05.2012 04:22:24 | Computer Name = Ezel | Source = Service Control Manager | ID = 7003
Description = 
 
Error - 26.05.2012 04:22:24 | Computer Name = Ezel | Source = Service Control Manager | ID = 7003
Description = 
 
Error - 26.05.2012 04:22:52 | Computer Name = Ezel | Source = Microsoft-Windows-LanguagePackSetup | ID = 1001
Description = 
 
Error - 27.05.2012 16:13:58 | Computer Name = Ezel | Source = EventLog | ID = 6008
Description = Das System wurde zuvor am 27.05.2012 um 22:08:05 unerwartet heruntergefahren.
 
Error - 27.05.2012 16:15:20 | Computer Name = Ezel | Source = Service Control Manager | ID = 7023
Description = 
 
Error - 27.05.2012 16:15:20 | Computer Name = Ezel | Source = Service Control Manager | ID = 7000
Description = 
 
Error - 27.05.2012 16:15:20 | Computer Name = Ezel | Source = Service Control Manager | ID = 7003
Description = 
 
Error - 27.05.2012 16:15:20 | Computer Name = Ezel | Source = Service Control Manager | ID = 7003
Description = 
 
 
< End of report >

cosinus · 29.10.2012, 10:25

Beende alle evtl. geöffneten Programme, auch Virenscanner deaktivieren (!), starte OTL und kopiere folgenden Text in die "Custom Scan/Fixes" Box (unten in OTL): (das ":Files" muss mitkopiert werden!!!)

Code:

ATTFilter

:Files
C:\ProgramData\vkdxlmpywmesona
ipconfig /flushdns /c
:Commands
[purity]
[emptytemp]
[resethosts]

Klick dann oben links auf den Button Fix!
Das Logfile müsste geöffnet werden, wenn Du nach dem Fixen auf ok klickst, poste das bitte. Evtl. wird der Rechner neu gestartet.

Die mit diesem Script gefixten Einträge, Dateien und Ordner werden zur Sicherheit nicht vollständig gelöscht, es wird eine Sicherheitskopie auf der Systempartition im Ordner "_OTL" erstellt.

Hinweis: Das obige Script ist nur für diesen einen User in dieser Situtation erstellt worden. Es ist auf keinen anderen Rechner portierbar und darf nicht anderweitig verwandt werden, da es das System nachhaltig schädigen kann!

Ezelmaster · 29.10.2012, 18:57

Code:

ATTFilter

All processes killed
========== FILES ==========
C:\ProgramData\vkdxlmpywmesona moved successfully.
< ipconfig /flushdns /c >
Windows-IP-Konfiguration
Der DNS-Aufl”sungscache wurde geleert.
C:\Users\Ezelmaster\Desktop\Viruskram\cmd.bat deleted successfully.
C:\Users\Ezelmaster\Desktop\Viruskram\cmd.txt deleted successfully.
========== COMMANDS ==========
 
[EMPTYTEMP]
 
User: All Users
 
User: Default
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 67 bytes
 
User: Default User
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
 
User: Ezelmaster
->Temp folder emptied: 972304 bytes
->Temporary Internet Files folder emptied: 25461004 bytes
->Java cache emptied: 669 bytes
->FireFox cache emptied: 1030818185 bytes
->Flash cache emptied: 72218 bytes
 
User: Public
->Temp folder emptied: 0 bytes
 
%systemdrive% .tmp files removed: 0 bytes
%systemroot% .tmp files removed: 0 bytes
%systemroot%\System32 .tmp files removed: 0 bytes
%systemroot%\System32\drivers .tmp files removed: 0 bytes
Windows Temp folder emptied: 86158 bytes
RecycleBin emptied: 0 bytes
 
Total Files Cleaned = 1.008,00 mb
 
C:\Windows\System32\drivers\etc\Hosts moved successfully.
HOSTS file reset successfully
 
OTL by OldTimer - Version 3.2.69.0 log created on 10292012_185050

Files\Folders moved on Reboot...

PendingFileRenameOperations files...

Registry entries deleted on Reboot...

cosinus · 31.10.2012, 15:15

adwCleaner - Toolbars und ungewollte Start-/Suchseiten aufspüren

Downloade Dir bitte AdwCleaner auf deinen Desktop.

Falls der adwCleaner schon mal in der runtergeladen wurde, bitte die alte adwcleaner.exe löschen und neu runterladen!!

Starte die adwcleaner.exe mit einem Doppelklick.
Klicke auf Suche.
Nach Ende des Suchlaufs öffnet sich eine Textdatei.
Poste mir den Inhalt mit deiner nächsten Antwort.
Die Logdatei findest du auch unter C:\AdwCleaner[Rx].txt. (x=fortlaufende Nummer)

Ezelmaster · 31.10.2012, 18:36

Code:

ATTFilter

# AdwCleaner v2.006 - Datei am 31/10/2012 um 18:35:46 erstellt
# Aktualisiert am 30/10/2012 von Xplode
# Betriebssystem : Windows Vista (TM) Home Premium Service Pack 2 (32 bits)
# Benutzer : Ezelmaster - EZEL
# Bootmodus : Normal
# Ausgeführt unter : C:\Users\Ezelmaster\Desktop\adwcleaner.exe
# Option [Suche]


**** [Dienste] ****


***** [Dateien / Ordner] *****

Datei Gefunden : C:\Users\Ezelmaster\AppData\Roaming\Mozilla\Firefox\Profiles\tzttvicl.default\searchplugins\search.xml

***** [Registrierungsdatenbank] *****

Schlüssel Gefunden : HKCU\Software\AppDataLow\Software
Schlüssel Gefunden : HKCU\Software\Softonic

***** [Internet Browser] *****

-\\ Internet Explorer v9.0.8112.16421

[OK] Die Registrierungsdatenbank ist sauber.

-\\ Mozilla Firefox v14.0.1 (de)

Profilname : default 
Datei : C:\Users\Ezelmaster\AppData\Roaming\Mozilla\Firefox\Profiles\tzttvicl.default\prefs.js

[OK] Die Datei ist sauber.

*************************

AdwCleaner[R1].txt - [988 octets] - [31/10/2012 18:35:46]

########## EOF - C:\AdwCleaner[R1].txt - [1047 octets] ##########

cosinus · 31.10.2012, 19:48

adwCleaner - Toolbars und ungewollte Start-/Suchseiten entfernen

Schließe alle offenen Programme und Browser.
Starte die adwcleaner.exe mit einem Doppelklick.
Klicke auf Löschen.
Bestätige jeweils mit Ok.
Dein Rechner wird neu gestartet. Nach dem Neustart öffnet sich eine Textdatei.
Poste mir den Inhalt mit deiner nächsten Antwort.
Die Logdatei findest du auch unter C:\AdwCleaner[Sx].txt. (x=fortlaufende Nummer)

Ezelmaster · 31.10.2012, 20:20

Code:

ATTFilter

# AdwCleaner v2.006 - Datei am 31/10/2012 um 20:17:49 erstellt
# Aktualisiert am 30/10/2012 von Xplode
# Betriebssystem : Windows Vista (TM) Home Premium Service Pack 2 (32 bits)
# Benutzer : Ezelmaster - EZEL
# Bootmodus : Normal
# Ausgeführt unter : C:\Users\Ezelmaster\Desktop\adwcleaner.exe
# Option [Löschen]


**** [Dienste] ****


***** [Dateien / Ordner] *****

Datei Gelöscht : C:\Users\Ezelmaster\AppData\Roaming\Mozilla\Firefox\Profiles\tzttvicl.default\searchplugins\search.xml

***** [Registrierungsdatenbank] *****

Schlüssel Gelöscht : HKCU\Software\AppDataLow\Software
Schlüssel Gelöscht : HKCU\Software\Softonic

***** [Internet Browser] *****

-\\ Internet Explorer v9.0.8112.16421

[OK] Die Registrierungsdatenbank ist sauber.

-\\ Mozilla Firefox v14.0.1 (de)

Profilname : default 
Datei : C:\Users\Ezelmaster\AppData\Roaming\Mozilla\Firefox\Profiles\tzttvicl.default\prefs.js

[OK] Die Datei ist sauber.

*************************

AdwCleaner[R1].txt - [1116 octets] - [31/10/2012 18:35:46]
AdwCleaner[S1].txt - [1050 octets] - [31/10/2012 20:17:49]

########## EOF - C:\AdwCleaner[S1].txt - [1110 octets] ##########

cosinus · 31.10.2012, 20:54

Sieht ok aus. Wir sollten fast durch sein. Mach bitte zur Kontrolle einen Quickscan mit Malwarebytes - denk bitte vorher daran, Malwarebytes über den Updatebutton zu aktualisieren

Anschließend über den OnlineScanner von ESET eine zusätzliche Meinung zu holen ist auch nicht verkehrt:

ESET Online Scanner

Hier findest du eine bebilderte Anleitung zu ESET Online Scanner
Lade und starte Eset Online Scanner
Setze einen Haken bei Ja, ich bin mit den Nutzungsbedingungen einverstanden und klicke auf Starten.
Aktiviere die "Erkennung von eventuell unerwünschten Anwendungen" und wähle folgende Einstellungen.
Klicke auf Starten.
Die Signaturen werden heruntergeladen, der Scan beginnt automatisch.
Klicke am Ende des Suchlaufs auf Fertig stellen.
Schließe das Fenster von ESET.
Explorer öffnen.
C:\Programme\Eset\EsetOnlineScanner\log.txt (bei 64 Bit auch C:\Programme (x86)\Eset\EsetOnlineScanner\log.txt) suchen und mit Deinem Editor öffnen (bebildert).
Logfile hier posten.
Deinstallation: Systemsteuerung => Software / Programme deinstallieren => Eset Online Scanner V3 entfernen.
Manuell folgenden Ordner löschen und Papierkorb leeren => C:\Programme\Eset

Bitte alles nach Möglichkeit hier in CODE-Tags posten.

Wird so gemacht:

[code] hier steht das Log [/code]

Und das ganze sieht dann so aus:

Code:

ATTFilter

 hier steht das Log

Ezelmaster · 06.11.2012, 21:22

Code:

ATTFilter

ESETSmartInstaller@High as downloader log:
all ok
ESETSmartInstaller@High as downloader log:
all ok
# version=7
# OnlineScannerApp.exe=1.0.0.1
# OnlineScanner.ocx=1.0.0.6583
# api_version=3.0.2
# EOSSerial=f7302f97a2c63e468ebb582b725e0df1
# end=finished
# remove_checked=false
# archives_checked=true
# unwanted_checked=true
# unsafe_checked=false
# antistealth_checked=true
# utc_time=2012-11-06 07:47:38
# local_time=2012-11-06 08:47:38 (+0100, Mitteleuropäische Zeit)
# country="Germany"
# lang=1033
# osver=6.0.6002 NT Service Pack 2
# compatibility_mode=1792 16777215 100 0 19366490 19366490 0 0
# compatibility_mode=5892 16776573 100 100 10301 189758753 0 0
# compatibility_mode=8192 67108863 100 0 4017 4017 0 0
# scanned=147744
# found=1
# cleaned=0
# scan_time=5233
C:\Windows\pss\ctfmon.lnk.Startup	Win32/Reveton.J trojan (unable to clean)	00000000000000000000000000000000	I