Police central e-crime unit hat mich erwischt

Ichauch33 · 15.01.2013, 21:35

Guten Abend,

heute bekam ich ganz unverhofft beim Surfen eine Meldung der "Police Central e-crime unit" in einem neuen Fenster. Dies ließ sich nicht schließen und ich wurde aufgefordert eine Geldsumme zu überweisen um diese Seite zu entfernen. Beim Neustarten tauchte nach einigen Sekunden das Fenster wieder auf.
Also habe ich im abgesicherten Modus den defogger und daraufhin OTL mit folgendem Egebnis laufen lassen:

OTL logfile created on: 15.01.2013 20:57:50 - Run 3
OTL by OldTimer - Version 3.2.69.0 Folder = C:\Users\Ich Bin\meine Datein\z- verschiedenes
Windows Vista Business Edition Service Pack 1 (Version = 6.0.6001) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18828)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy

1,99 Gb Total Physical Memory | 1,51 Gb Available Physical Memory | 75,86% Memory free
4,21 Gb Paging File | 3,91 Gb Available in Paging File | 92,88% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 149,05 Gb Total Space | 10,23 Gb Free Space | 6,86% Space Free | Partition Type: NTFS
Unable to calculate disk information.

Computer Name: LAPTOP | User Name: Ich Bin | Logged in as Administrator.
Boot Mode: SafeMode with Networking | Scan Mode: Current user | Quick Scan
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - [2012.12.02 09:53:32 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\Ich Bin\meine Datein\z- verschiedenes\OTL.exe
PRC - [2008.10.29 06:29:41 | 002,927,104 | ---- | M] (Microsoft Corporation) -- C:\Windows\explorer.exe
PRC - [2007.05.11 01:06:38 | 000,341,616 | ---- | M] (Adobe Systems Incorporated) -- C:\Program Files\Adobe\Reader 8.0\Reader\AcroRd32.exe

========== Modules (No Company Name) ==========

MOD - [2007.05.10 22:50:00 | 000,017,024 | ---- | M] () -- C:\Program Files\Adobe\Reader 8.0\Reader\ViewerPS.dll
MOD - [2007.01.12 21:31:28 | 000,475,136 | R--- | M] () -- C:\Program Files\Adobe\Reader 8.0\Reader\ccme_base.dll
MOD - [2007.01.12 21:31:28 | 000,397,312 | R--- | M] () -- C:\Program Files\Adobe\Reader 8.0\Reader\cryptocme2.dll

========== Services (SafeList) ==========

SRV - File not found [Disabled | Stopped] -- -- (Eapp0vg)
SRV - [2012.06.14 22:17:46 | 000,113,120 | ---- | M] (Mozilla Foundation) [On_Demand | Stopped] -- C:\Program Files\Mozilla Maintenance Service\maintenanceservice.exe -- (MozillaMaintenance)
SRV - [2010.07.17 21:14:30 | 000,308,136 | ---- | M] (AVG Technologies CZ, s.r.o.) [Auto | Stopped] -- C:\Program Files\AVG\AVG9\avgwdsvc.exe -- (avg9wd)
SRV - [2008.12.10 13:43:02 | 000,020,480 | ---- | M] (Carl Zeiss) [Auto | Stopped] -- C:\Program Files\Carl Zeiss\MTB 2004\MTB Server Console\MTBService.exe -- (MTBService)
SRV - [2008.01.21 02:23:59 | 000,272,952 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Program Files\Windows Defender\MpSvc.dll -- (WinDefend)
SRV - [2007.08.09 12:58:34 | 001,757,696 | ---- | M] (Aladdin Knowledge Systems Ltd.) [Auto | Stopped] -- C:\Windows\System32\hasplms.exe -- (hasplms)

========== Driver Services (SafeList) ==========

DRV - File not found [Kernel | On_Demand | Stopped] -- system32\DRIVERS\nwlnkfwd.sys -- (NwlnkFwd)
DRV - File not found [Kernel | On_Demand | Stopped] -- system32\DRIVERS\nwlnkflt.sys -- (NwlnkFlt)
DRV - File not found [Kernel | On_Demand | Stopped] -- system32\DRIVERS\ipinip.sys -- (IpInIp)
DRV - [2013.01.15 20:51:43 | 000,100,352 | ---- | M] (GMER) [Kernel | On_Demand | Running] -- C:\uwddapow.sys -- (uwddapow)
DRV - [2013.01.15 17:46:42 | 000,226,016 | ---- | M] (AVG Technologies CZ, s.r.o.) [Kernel | System | Stopped] -- C:\Windows\System32\drivers\avgldx86.sys -- (AvgLdx86)
DRV - [2012.01.18 06:44:52 | 004,332,960 | ---- | M] (Logitech Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\lvuvc.sys -- (LVUVC)
DRV - [2012.01.18 06:44:28 | 000,312,096 | ---- | M] (Logitech Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\lvrs.sys -- (LVRS)
DRV - [2011.09.13 03:35:16 | 000,029,712 | ---- | M] (AVG Technologies CZ, s.r.o.) [File_System | System | Stopped] -- C:\Windows\System32\drivers\avgmfx86.sys -- (AvgMfx86)
DRV - [2011.05.05 15:30:01 | 000,243,152 | ---- | M] (AVG Technologies CZ, s.r.o.) [Kernel | System | Running] -- C:\Windows\System32\drivers\avgtdix.sys -- (AvgTdiX)
DRV - [2009.12.09 09:37:18 | 001,653,312 | ---- | M] (Conexant Systems Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\p2usbhum.sys -- (iComp)
DRV - [2009.10.26 15:21:20 | 000,722,416 | ---- | M] (Duplex Secure Ltd.) [Kernel | Disabled | Stopped] -- C:\Windows\System32\drivers\sptd.sys -- (sptd)
DRV - [2009.07.03 07:15:12 | 010,526,464 | ---- | M] (Sonix Co. Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\snpstd3.sys -- (SNPSTD3)
DRV - [2009.03.17 17:17:06 | 000,140,288 | ---- | M] (Realtek Corporation ) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\Rtlh86.sys -- (RTL8169)
DRV - [2008.06.26 04:30:50 | 003,662,848 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\NETw5v32.sys -- (NETw5v32)
DRV - [2008.06.11 10:23:00 | 001,097,856 | ---- | M] (Motorola Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\smserial.sys -- (smserial)
DRV - [2007.11.15 13:09:04 | 000,048,128 | ---- | M] (Silicon Integrated Systems Corp.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\SiSGB6.sys -- (SiSGbeLH)
DRV - [2007.09.10 07:50:56 | 000,457,984 | ---- | M] (PixArt Imaging Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\PAC7302.SYS -- (PAC7302)
DRV - [2007.08.06 13:25:44 | 000,585,728 | ---- | M] (Aladdin Knowledge Systems Ltd.) [Kernel | Auto | Stopped] -- C:\Windows\System32\drivers\hardlock.sys -- (Hardlock)
DRV - [2007.05.28 08:02:02 | 000,352,256 | ---- | M] (Aladdin Knowledge Systems Ltd.) [Kernel | Auto | Stopped] -- C:\Windows\System32\drivers\aksfridge.sys -- (aksfridge)

========== Standard Registry (SafeList) ==========

========== Internet Explorer ==========

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://home.sweetim.com/?crg=3.1010000.00000&barid={7353287F-5BD6-11E2-BBDE-00030D8B75B9}
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant = about:blank
IE - HKLM\..\SearchScopes,DefaultScope = {EEE6C360-6118-11DC-9C72-001320C79847}
IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://search.live.com/results.aspx?q={searchTerms}&src={referrer:source?}
IE - HKLM\..\SearchScopes\{afdbddaa-5d3f-42ee-b79c-185a7020515b}: "URL" = hxxp://search.conduit.com/ResultsExt.aspx?q={searchTerms}&SearchSource=4&ctid=CT2736476
IE - HKLM\..\SearchScopes\{EEE6C360-6118-11DC-9C72-001320C79847}: "URL" = hxxp://search.sweetim.com/search.asp?src=6&q={searchTerms}&crg=3.1010000.00000&barid={7353287F-5BD6-11E2-BBDE-00030D8B75B9}

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://home.sweetim.com/?crg=3.1010000.00000&barid={7353287F-5BD6-11E2-BBDE-00030D8B75B9}
IE - HKCU\..\URLSearchHook: {EEE6C35D-6118-11DC-9C72-001320C79847} - C:\Program Files\SweetIM\Toolbars\Internet Explorer\mgHelper.dll (SweetIM Technologies Ltd.)
IE - HKCU\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE - HKCU\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://search.live.com/results.aspx?q={searchTerms}&src=IE-SearchBox&Form=IE8SRC
IE - HKCU\..\SearchScopes\{3917336C-1AD9-4F67-B413-CD0C43ADB6B8}: "URL" = hxxp://websearch.ask.com/redirect?client=ie&tb=HET&o=1581&src=crm&q={searchTerms}&locale=&apn_ptnrs=^AA7&apn_dtid=^YYYYYY^YY^DE&apn_uid=965b4d3c-7d62-41e9-8444-e9e9993a784f&apn_sauid=C0D86837-DE94-436C-AB29-BE0D7C4223DB
IE - HKCU\..\SearchScopes\{afdbddaa-5d3f-42ee-b79c-185a7020515b}: "URL" = hxxp://search.conduit.com/ResultsExt.aspx?q={searchTerms}&SearchSource=4&ctid=CT2736476
IE - HKCU\..\SearchScopes\{EEE6C360-6118-11DC-9C72-001320C79847}: "URL" = hxxp://search.sweetim.com/search.asp?src=6&q={searchTerms}&crg=3.1010000.00000&barid={7353287F-5BD6-11E2-BBDE-00030D8B75B9}
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

========== FireFox ==========

FF - prefs.js..CT2736476.browser.search.defaultthis.engineName: true
FF - prefs.js..browser.search.defaultengine: "Ask.com"
FF - prefs.js..browser.search.defaultenginename: "Ask.com"
FF - prefs.js..browser.search.order.1: "Ask.com"
FF - prefs.js..browser.search.update: false
FF - prefs.js..browser.search.useDBForOrder: true
FF - prefs.js..browser.startup.homepage: "hxxp://www.google.de/"
FF - prefs.js..extensions.enabledAddons: isreaditlater@ideashower.com:2.1.4
FF - prefs.js..extensions.enabledAddons: {0b457cAA-602d-484a-8fe7-c1d894a011ba}:0.98.9
FF - prefs.js..extensions.enabledAddons: {D4DD63FA-01E4-46a7-B6B1-EDAB7D6AD389}:0.9.10
FF - prefs.js..extensions.enabledAddons: artur.dubovoy@gmail.com:3.8.2
FF - prefs.js..extensions.enabledAddons: firefox@ghostery.com:2.8.4
FF - prefs.js..extensions.enabledAddons: {c50ca3c4-5656-43c2-a061-13e717f73fc8}:4.2.4
FF - prefs.js..extensions.enabledItems: {d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}:1.3.10
FF - prefs.js..extensions.enabledItems: {3f963a5b-e555-4543-90e2-c3908898db71}:9.0.0.911
FF - prefs.js..extensions.enabledItems: {D4DD63FA-01E4-46a7-B6B1-EDAB7D6AD389}:0.9.7.2
FF - prefs.js..extensions.enabledItems: {c0c9a2c7-2e5c-4447-bc53-97718bc91e1b}:5.9
FF - prefs.js..extensions.enabledItems: {c50ca3c4-5656-43c2-a061-13e717f73fc8}:4.1.3
FF - prefs.js..extensions.enabledItems: {0b457cAA-602d-484a-8fe7-c1d894a011ba}:0.98.9
FF - prefs.js..extensions.enabledItems: artur.dubovoy@gmail.com:3.6.2
FF - prefs.js..extensions.enabledItems: firefox@ghostery.com:2.7.2
FF - prefs.js..extensions.enabledItems: isreaditlater@ideashower.com:2.1.4
FF - prefs.js..keyword.URL: "hxxp://search.conduit.com/ResultsExt.aspx?SSPV=FFSB10&ctid=CT2736476&SearchSource=2&q="

FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF32.dll ()
FF - HKLM\Software\MozillaPlugins\@divx.com/DivX Browser Plugin,version=1.0.0: C:\Program Files\DivX\DivX Web Player\npdivx32.dll (DivX,Inc.)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=14.0.8081.0709: C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WPF,version=3.5: c:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)

FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{3f963a5b-e555-4543-90e2-c3908898db71}: C:\Program Files\AVG\AVG9\Firefox [2011.09.13 03:37:39 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 13.0.1\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2012.06.16 22:53:10 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 13.0.1\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2012.06.16 22:53:09 | 000,000,000 | ---D | M]

[2009.12.11 21:30:14 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Ich Bin\AppData\Roaming\Mozilla\Extensions
[2009.11.05 13:29:41 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Ich Bin\AppData\Roaming\Mozilla\Firefox\extensions
[2009.11.05 13:29:41 | 000,000,000 | ---D | M] ("Ask Toolbar for Firefox") -- C:\Users\Ich Bin\AppData\Roaming\Mozilla\Firefox\extensions\{E9A1DEE0-C623-4439-8932-001E7D17607D}
[2013.01.11 10:09:39 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Ich Bin\AppData\Roaming\Mozilla\Firefox\Profiles\82vw39de.default\extensions
[2012.06.16 14:58:30 | 000,000,000 | ---D | M] (FireShot) -- C:\Users\Ich Bin\AppData\Roaming\Mozilla\Firefox\Profiles\82vw39de.default\extensions\{0b457cAA-602d-484a-8fe7-c1d894a011ba}
[2013.01.11 10:09:39 | 000,000,000 | ---D | M] (Ghostery) -- C:\Users\Ich Bin\AppData\Roaming\Mozilla\Firefox\Profiles\82vw39de.default\extensions\firefox@ghostery.com
[2012.03.13 14:33:17 | 000,000,000 | ---D | M] (Read It Later) -- C:\Users\Ich Bin\AppData\Roaming\Mozilla\Firefox\Profiles\82vw39de.default\extensions\isreaditlater@ideashower.com
[2013.01.11 10:09:37 | 000,234,999 | ---- | M] () (No name found) -- C:\Users\Ich Bin\AppData\Roaming\Mozilla\Firefox\Profiles\82vw39de.default\extensions\artur.dubovoy@gmail.com.xpi
[2013.01.11 10:04:01 | 000,220,411 | ---- | M] () (No name found) -- C:\Users\Ich Bin\AppData\Roaming\Mozilla\Firefox\Profiles\82vw39de.default\extensions\{c0c9a2c7-2e5c-4447-bc53-97718bc91e1b}.xpi
[2013.01.11 10:09:39 | 000,316,317 | ---- | M] () (No name found) -- C:\Users\Ich Bin\AppData\Roaming\Mozilla\Firefox\Profiles\82vw39de.default\extensions\{c50ca3c4-5656-43c2-a061-13e717f73fc8}.xpi
[2013.01.11 10:09:39 | 000,804,627 | ---- | M] () (No name found) -- C:\Users\Ich Bin\AppData\Roaming\Mozilla\Firefox\Profiles\82vw39de.default\extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}.xpi
[2012.06.16 22:54:10 | 000,434,392 | ---- | M] () (No name found) -- C:\Users\Ich Bin\AppData\Roaming\Mozilla\Firefox\Profiles\82vw39de.default\extensions\{D4DD63FA-01E4-46a7-B6B1-EDAB7D6AD389}.xpi
[2013.01.11 10:05:50 | 000,003,915 | ---- | M] () -- C:\Users\Ich Bin\AppData\Roaming\Mozilla\Firefox\Profiles\82vw39de.default\searchplugins\sweetim.xml
[2012.06.16 22:53:10 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files\Mozilla Firefox\extensions
[2012.06.14 22:19:07 | 000,085,472 | ---- | M] (Mozilla Foundation) -- C:\Program Files\mozilla firefox\components\browsercomps.dll
[2011.06.21 20:36:37 | 000,476,904 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files\mozilla firefox\plugins\npdeployJava1.dll
[2012.06.14 22:46:57 | 000,001,392 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\amazondotcom-de.xml
[2012.06.14 22:46:56 | 000,002,252 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\bing.xml
[2012.06.14 22:46:57 | 000,001,153 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\eBay-de.xml
[2012.06.14 22:46:57 | 000,006,805 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\leo_ende_de.xml
[2012.06.14 22:46:57 | 000,001,178 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\wikipedia-de.xml
[2012.06.14 22:46:56 | 000,001,105 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\yahoo-de.xml

========== Chrome ==========

CHR - default_search_provider: ()
CHR - default_search_provider: search_url =
CHR - default_search_provider: suggest_url =
CHR - homepage: hxxp://home.sweetim.com/?crg=3.1010000.00000&barid={7353287F-5BD6-11E2-BBDE-00030D8B75B9}

O1 HOSTS File: ([2006.09.18 21:41:30 | 000,000,761 | ---- | M]) - C:\Windows\System32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O1 - Hosts: ::1 localhost
O2 - BHO: (Adobe PDF Reader) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll (Adobe Systems Incorporated)
O2 - BHO: (AVG Safe Search) - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files\AVG\AVG9\avgssie.dll (AVG Technologies CZ, s.r.o.)
O2 - BHO: (Spybot-S&D IE Protection) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll (Safer Networking Limited)
O2 - BHO: (SweetPacks Browser Helper) - {EEE6C35C-6118-11DC-9C72-001320C79847} - C:\Program Files\SweetIM\Toolbars\Internet Explorer\mgToolbarIE.dll (SweetIM Technologies Ltd.)
O3 - HKLM\..\Toolbar: (FireShot) - {6E6E744E-4D20-4ce3-9A7A-26DFFFE22F68} - C:\Users\Ich Bin\AppData\Roaming\Mozilla\Firefox\Profiles\82vw39de.default\extensions\{0b457cAA-602d-484a-8fe7-c1d894a011ba}\library\fsaddin-0.80.dll File not found
O3 - HKLM\..\Toolbar: (SweetPacks Toolbar for Internet Explorer) - {EEE6C35B-6118-11DC-9C72-001320C79847} - C:\Program Files\SweetIM\Toolbars\Internet Explorer\mgToolbarIE.dll (SweetIM Technologies Ltd.)
O3 - HKLM\..\Toolbar: (no name) - Locked - No CLSID value found.
O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - No CLSID value found.
O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {D4027C7F-154A-4066-A1AD-4243D8127440} - No CLSID value found.
O4 - HKLM..\Run: [AVG9_TRAY] C:\Program Files\AVG\AVG9\avgtray.exe (AVG Technologies CZ, s.r.o.)
O4 - HKLM..\Run: [FreePDF Assistant] C:\Program Files\FreePDF_XP\fpassist.exe (shbox.de)
O4 - HKLM..\Run: [PAC7302_Monitor] C:\Windows\PixArt\PAC7302\Monitor.exe (PixArt Imaging Incorporation)
O4 - HKLM..\Run: [SMessaging] C:\Users\Ich Bin\AppData\Local\Strongvault Online Backup\SMessaging.exe File not found
O4 - HKLM..\Run: [SMSERIAL] C:\Program Files\Motorola\SMSERIAL\sm56hlpr.exe (Motorola Inc.)
O4 - HKLM..\Run: [snpstd3] C:\Windows\vsnpstd3.exe ()
O4 - HKLM..\Run: [Windows Defender] C:\Program Files\Windows Defender\MSASCui.exe (Microsoft Corporation)
O4 - HKCU..\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe (Safer-Networking Ltd.)
O4 - Startup: C:\Users\Ich Bin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dropbox.lnk = C:\Users\Ich Bin\AppData\Roaming\Dropbox\bin\Dropbox.exe (Dropbox, Inc.)
F3 - HKCU WinNT: Load - (C:\Users\ICHBIN~1\LOCALS~1\Temp\msaoopazx.pif) - C:\Users\ICHBIN~1\LOCALS~1\Temp\msaoopazx.pif (Ucuq)
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutorun = 0
O8 - Extra context menu item: An vorhandene PDF-Datei anfügen - Reg Error: Value error. File not found
O8 - Extra context menu item: Linkziel an vorhandene PDF-Datei anhängen - Reg Error: Value error. File not found
O8 - Extra context menu item: Linkziel in Adobe PDF konvertieren - Reg Error: Value error. File not found
O9 - Extra 'Tools' menuitem : Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll (Safer Networking Limited)
O13 - gopher Prefix: missing
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.254
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{3FAF2B15-21EB-46E4-B1F7-7515B9FB5DC8}: DhcpNameServer = 80.69.100.174 80.69.100.206
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{5C70E345-B81B-4EC5-BF6F-B0DA42A32DB0}: DhcpNameServer = 192.168.1.254
O18 - Protocol\Handler\linkscanner {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files\AVG\AVG9\avgpp.dll (AVG Technologies CZ, s.r.o.)
O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files\Common Files\Skype\Skype4COM.dll (Skype Technologies)
O20 - AppInit_DLLs: (avgrsstx.dll) - C:\Windows\System32\avgrsstx.dll (AVG Technologies CZ, s.r.o.)
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\System32\userinit.exe (Microsoft Corporation)
O24 - Desktop WallPaper: C:\Users\Ich Bin\meine Datein\z- verschiedenes\Desktop- Hintergründe\Baum.jpg
O24 - Desktop BackupWallPaper: C:\Users\Ich Bin\meine Datein\z- verschiedenes\Desktop- Hintergründe\Baum.jpg
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2006.09.18 21:43:36 | 000,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ]
O33 - MountPoints2\{a41f3aa4-0418-11df-9875-00030d8b75b9}\Shell\autOplay\cOmmanD - "" = vmasb.exe
O33 - MountPoints2\{a41f3aa4-0418-11df-9875-00030d8b75b9}\Shell\AutoRun\command - "" = vmasb.exe
O33 - MountPoints2\{a41f3aa4-0418-11df-9875-00030d8b75b9}\Shell\eXplORe\CommAnd - "" = vmasb.exe
O33 - MountPoints2\{a41f3aa4-0418-11df-9875-00030d8b75b9}\Shell\Open\commaNd - "" = vmasb.exe
O34 - HKLM BootExecute: (autocheck autochk *)
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)

========== Files/Folders - Created Within 30 Days ==========

[2013.01.15 20:51:43 | 000,100,352 | ---- | C] (GMER) -- C:\uwddapow.sys
[2013.01.12 20:52:31 | 000,000,000 | R--D | C] -- C:\Users\Ich Bin\Dropbox
[2013.01.12 20:50:55 | 000,000,000 | ---D | C] -- C:\Program Files\Dropbox
[2013.01.12 20:50:30 | 000,000,000 | ---D | C] -- C:\Users\Ich Bin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Dropbox
[2013.01.12 20:49:36 | 000,000,000 | ---D | C] -- C:\Users\Ich Bin\AppData\Roaming\Dropbox
[2013.01.11 10:07:08 | 000,000,000 | ---D | C] -- C:\Users\Ich Bin\AppData\Roaming\Strongvault
[2013.01.11 10:06:42 | 000,000,000 | ---D | C] -- C:\Users\Ich Bin\AppData\Local\Stronghold_LLC
[2013.01.11 10:06:25 | 000,000,000 | -HSD | C] -- C:\Windows\System32\AI_RecycleBin
[2013.01.11 10:05:38 | 000,000,000 | ---D | C] -- C:\Program Files\SweetIM
[2013.01.11 10:05:11 | 000,000,000 | ---D | C] -- C:\Program Files\Yontoo
[2013.01.11 10:05:11 | 000,000,000 | ---D | C] -- C:\ProgramData\Tarma Installer
[2012.12.02 08:28:12 | 000,352,256 | -HS- | C] (Корпорация Майкрософт) -- C:\ProgramData\ms0001AAA0.dat
[2009.09.25 17:41:07 | 000,047,360 | ---- | C] (VSO Software) -- C:\Users\Ich Bin\AppData\Roaming\pcouffin.sys

========== Files - Modified Within 30 Days ==========

[2013.01.15 20:51:43 | 000,100,352 | ---- | M] (GMER) -- C:\uwddapow.sys
[2013.01.15 20:50:24 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2013.01.15 20:49:55 | 195,816,827 | ---- | M] () -- C:\Windows\MEMORY.DMP
[2013.01.15 20:45:18 | 000,001,356 | ---- | M] () -- C:\Users\Ich Bin\AppData\Local\d3d9caps.dat
[2013.01.15 19:15:50 | 000,003,616 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0
[2013.01.15 19:15:50 | 000,003,616 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0
[2013.01.15 19:15:32 | 000,000,012 | ---- | M] () -- C:\Windows\bthservsdp.dat
[2013.01.15 19:14:40 | 095,023,320 | ---- | M] () -- C:\ProgramData\0AAA1000sm.pad
[2013.01.15 19:13:51 | 000,000,878 | ---- | M] () -- C:\Users\Ich Bin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\runctf.lnk
[2013.01.15 17:47:17 | 106,012,007 | ---- | M] () -- C:\Windows\System32\drivers\Avg\incavi.avm
[2013.01.15 17:46:42 | 000,226,016 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Windows\System32\drivers\avgldx86.sys
[2013.01.15 17:46:00 | 000,621,952 | ---- | M] () -- C:\Windows\System32\perfh007.dat
[2013.01.15 17:46:00 | 000,590,082 | ---- | M] () -- C:\Windows\System32\perfh009.dat
[2013.01.15 17:46:00 | 000,133,720 | ---- | M] () -- C:\Windows\System32\perfc007.dat
[2013.01.15 17:46:00 | 000,102,094 | ---- | M] () -- C:\Windows\System32\perfc009.dat
[2013.01.14 20:25:03 | 000,921,632 | ---- | M] () -- C:\PA7302.DAT
[2013.01.14 16:38:15 | 000,227,819 | ---- | M] () -- C:\Users\Ich Bin\Desktop\Januar L nach DD.pdf
[2013.01.14 16:37:34 | 000,055,925 | ---- | M] () -- C:\Users\Ich Bin\Desktop\Flüge buchen - Germanwings Flug buchen.pdf
[2013.01.12 22:11:51 | 066,101,065 | ---- | M] () -- C:\Users\Ich Bin\Desktop\01 Titelnummer 1.mp3
[2013.01.12 20:51:07 | 000,000,959 | ---- | M] () -- C:\Users\Ich Bin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dropbox.lnk
[2013.01.04 19:23:43 | 010,131,328 | ---- | M] () -- C:\Users\Ich Bin\Desktop\Männerbeben.pdf
[2012.12.29 09:39:04 | 000,227,857 | ---- | M] () -- C:\Users\Ich Bin\Desktop\Boarding Pass- Januar.pdf

========== Files Created - No Company Name ==========

[2013.01.15 20:42:44 | 195,816,827 | ---- | C] () -- C:\Windows\MEMORY.DMP
[2013.01.15 19:13:51 | 000,000,878 | ---- | C] () -- C:\Users\Ich Bin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\runctf.lnk
[2013.01.14 16:38:15 | 000,227,819 | ---- | C] () -- C:\Users\Ich Bin\Desktop\Januar L nach DD.pdf
[2013.01.14 16:33:19 | 000,055,925 | ---- | C] () -- C:\Users\Ich Bin\Desktop\Flüge buchen - Germanwings Flug buchen.pdf
[2013.01.12 22:06:37 | 066,101,065 | ---- | C] () -- C:\Users\Ich Bin\Desktop\01 Titelnummer 1.mp3
[2013.01.12 20:51:07 | 000,000,959 | ---- | C] () -- C:\Users\Ich Bin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dropbox.lnk
[2013.01.09 23:30:41 | 000,212,825 | ---- | C] () -- C:\Users\Ich Bin\Desktop\Boarding Pass- Dezember.pdf
[2013.01.04 19:23:42 | 010,131,328 | ---- | C] () -- C:\Users\Ich Bin\Desktop\Männerbeben.pdf
[2012.12.29 09:39:04 | 000,227,857 | ---- | C] () -- C:\Users\Ich Bin\Desktop\Boarding Pass- Januar.pdf
[2012.12.02 09:43:03 | 000,000,020 | ---- | C] () -- C:\Users\Ich Bin\defogger_reenable
[2012.12.02 08:28:25 | 095,023,320 | ---- | C] () -- C:\ProgramData\0AAA1000sm.pad
[2012.12.01 20:53:41 | 000,000,000 | ---- | C] () -- C:\ProgramData\7lRL0ux1i.dat
[2012.12.01 20:53:34 | 095,023,320 | ---- | C] () -- C:\ProgramData\4393C220sm.pad
[2012.12.01 20:53:25 | 000,000,001 | ---- | C] () -- C:\ProgramData\doeR23dF.exe_.b
[2012.12.01 20:53:25 | 000,000,001 | ---- | C] () -- C:\ProgramData\doeR23dF.exe.b
[2012.10.06 20:31:56 | 000,069,788 | ---- | C] () -- C:\ProgramData\oegirtmlnyflhrw
[2012.08.08 22:44:26 | 212,156,928 | ---- | C] () -- C:\Users\Ich Bin\ghrt
[2012.07.02 18:08:17 | 000,338,432 | ---- | C] () -- C:\Windows\System32\sqlite36_engine.dll
[2012.05.29 18:52:22 | 000,000,769 | ---- | C] () -- C:\Windows\System32\Remover.ini
[2012.05.29 18:52:20 | 000,000,566 | ---- | C] () -- C:\Windows\System32\SP7302.ini
[2012.01.18 06:44:00 | 010,920,984 | ---- | C] () -- C:\Windows\System32\LogiDPP.dll
[2012.01.18 06:44:00 | 000,336,408 | ---- | C] () -- C:\Windows\System32\DevManagerCore.dll
[2012.01.18 06:44:00 | 000,104,472 | ---- | C] () -- C:\Windows\System32\LogiDPPApp.exe
[2012.01.03 00:26:56 | 000,000,379 | ---- | C] () -- C:\Users\Ich Bin\Documents - Verknüpfung.lnk
[2011.11.17 01:40:38 | 000,028,418 | ---- | C] () -- C:\Windows\System32\lvcoinst.ini
[2011.10.31 13:55:39 | 000,116,224 | ---- | C] () -- C:\Windows\System32\redmonnt.dll
[2011.10.31 13:55:39 | 000,045,056 | ---- | C] () -- C:\Windows\System32\unredmon.exe
[2011.06.25 20:56:11 | 000,000,275 | ---- | C] () -- C:\Users\Ich Bin\AppData\Local\HamsterVideoConverterSettings.cfg
[2009.11.26 07:35:06 | 000,000,466 | RHS- | C] () -- C:\ProgramData\ntuser.pol
[2009.10.28 18:15:11 | 000,001,576 | ---- | C] () -- C:\Users\Ich Bin\.recently-used.xbel
[2009.10.15 08:58:38 | 000,001,356 | ---- | C] () -- C:\Users\Ich Bin\AppData\Local\d3d9caps.dat
[2009.10.01 18:11:37 | 000,000,104 | ---- | C] () -- C:\Users\Ich Bin\Computer - Verknüpfung.lnk
[2009.09.25 17:41:07 | 000,087,608 | ---- | C] () -- C:\Users\Ich Bin\AppData\Roaming\inst.exe
[2009.09.25 17:41:07 | 000,007,887 | ---- | C] () -- C:\Users\Ich Bin\AppData\Roaming\pcouffin.cat
[2009.09.25 17:41:07 | 000,001,144 | ---- | C] () -- C:\Users\Ich Bin\AppData\Roaming\pcouffin.inf
[2009.09.10 17:05:31 | 000,241,152 | ---- | C] () -- C:\Users\Ich Bin\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini

========== ZeroAccess Check ==========

[2006.11.02 12:54:18 | 000,000,227 | RHS- | M] () -- C:\Windows\assembly\Desktop.ini

[HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]

[HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32]
"ThreadingModel" = Both
"" = shell32.dll -- [2008.11.06 13:14:25 | 011,580,928 | ---- | M] (Microsoft Corporation)

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
"" = %SystemRoot%\system32\shell32.dll -- [2008.11.06 13:14:25 | 011,580,928 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32]
"" = %systemroot%\system32\wbem\fastprox.dll -- [2009.03.03 04:36:24 | 000,615,424 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32]
"" = %systemroot%\system32\wbem\wbemess.dll -- [2008.01.21 02:24:29 | 000,347,648 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Both

========== LOP Check ==========

[2012.12.01 21:19:21 | 000,000,000 | -HSD | M] -- C:\Users\Ich Bin\AppData\Roaming\248252
[2010.05.27 20:49:42 | 000,000,000 | ---D | M] -- C:\Users\Ich Bin\AppData\Roaming\ACD Systems
[2011.06.26 12:32:54 | 000,000,000 | ---D | M] -- C:\Users\Ich Bin\AppData\Roaming\AnvSoft
[2011.06.25 19:36:45 | 000,000,000 | ---D | M] -- C:\Users\Ich Bin\AppData\Roaming\Any Video Converter
[2009.11.07 18:39:10 | 000,000,000 | ---D | M] -- C:\Users\Ich Bin\AppData\Roaming\avidemux
[2009.09.28 19:22:45 | 000,000,000 | ---D | M] -- C:\Users\Ich Bin\AppData\Roaming\Carl Zeiss
[2012.03.30 09:46:54 | 000,000,000 | ---D | M] -- C:\Users\Ich Bin\AppData\Roaming\DAEMON Tools Pro
[2010.12.19 20:13:43 | 000,000,000 | ---D | M] -- C:\Users\Ich Bin\AppData\Roaming\DataCast
[2012.07.02 18:24:53 | 000,000,000 | ---D | M] -- C:\Users\Ich Bin\AppData\Roaming\DesktopIconForAmazon
[2013.01.15 17:42:53 | 000,000,000 | ---D | M] -- C:\Users\Ich Bin\AppData\Roaming\Dropbox
[2011.03.15 07:35:27 | 000,000,000 | ---D | M] -- C:\Users\Ich Bin\AppData\Roaming\Ekyfed
[2010.01.19 20:53:33 | 000,000,000 | ---D | M] -- C:\Users\Ich Bin\AppData\Roaming\FileZilla
[2010.10.25 18:10:16 | 000,000,000 | ---D | M] -- C:\Users\Ich Bin\AppData\Roaming\FireShot
[2011.10.31 13:55:37 | 000,000,000 | ---D | M] -- C:\Users\Ich Bin\AppData\Roaming\FreePDF
[2011.02.24 17:07:00 | 000,000,000 | ---D | M] -- C:\Users\Ich Bin\AppData\Roaming\GetRightToGo
[2009.10.28 18:21:37 | 000,000,000 | ---D | M] -- C:\Users\Ich Bin\AppData\Roaming\gtk-2.0
[2011.05.30 12:59:21 | 000,000,000 | ---D | M] -- C:\Users\Ich Bin\AppData\Roaming\Imagenomic
[2012.03.13 08:03:35 | 000,000,000 | ---D | M] -- C:\Users\Ich Bin\AppData\Roaming\Leadertech
[2012.04.08 11:43:03 | 000,000,000 | ---D | M] -- C:\Users\Ich Bin\AppData\Roaming\MAGIX
[2010.05.30 18:02:03 | 000,000,000 | ---D | M] -- C:\Users\Ich Bin\AppData\Roaming\NCH Swift Sound
[2011.02.21 08:38:45 | 000,000,000 | ---D | M] -- C:\Users\Ich Bin\AppData\Roaming\Ofrat
[2009.11.22 11:53:10 | 000,000,000 | ---D | M] -- C:\Users\Ich Bin\AppData\Roaming\OpenOffice.org
[2012.04.14 06:39:16 | 000,000,000 | ---D | M] -- C:\Users\Ich Bin\AppData\Roaming\Pegasys Inc
[2009.11.13 12:32:54 | 000,000,000 | ---D | M] -- C:\Users\Ich Bin\AppData\Roaming\Spesoft Audio Converter
[2013.01.11 10:07:08 | 000,000,000 | ---D | M] -- C:\Users\Ich Bin\AppData\Roaming\Strongvault
[2012.04.19 20:55:50 | 000,000,000 | ---D | M] -- C:\Users\Ich Bin\AppData\Roaming\TuneUp Software
[2009.12.19 17:53:35 | 000,000,000 | ---D | M] -- C:\Users\Ich Bin\AppData\Roaming\Vso
[2011.07.23 08:25:46 | 000,000,000 | ---D | M] -- C:\Users\Ich Bin\AppData\Roaming\WordToPDF
[2012.03.31 14:33:15 | 000,000,000 | ---D | M] -- C:\Users\Ich Bin\AppData\Roaming\XMedia Recode

========== Purity Check ==========

========== Alternate Data Streams ==========

@Alternate Data Stream - 64 bytes -> C:\Users\Ich Bin\Desktop\Sonnenaufgang.mp4:TOC.WMV
@Alternate Data Stream - 64 bytes -> C:\Users\Ich Bin\Desktop\Dolby Surround Sound - (480 x 360).mp4:TOC.WMV

< End of report >

Die Extra.txt- Datei wurde leider nicht erstellt (habe es zwei Mal laufen lassen).

Der folgende Gmer- Scan hatte dieses Ergebnis:

GMER 2.0.18444 - hxxp://www.gmer.net
Rootkit scan 2013-01-15 20:56:29
Windows 6.0.6001 Service Pack 1 \Device\Harddisk0\DR0 -> \Device\Ide\IAAStorageDevice-0 TOSHIBA_ rev.LB11 149,05GB
Running: Gmer.exe; Driver: C:\Users\ICHBIN~1\AppData\Local\Temp\uwddapow.sys

---- Registry - GMER 2.0 ----

Reg HKLM\SYSTEM\ControlSet001\Services\BTHPORT\Parameters\Keys\001060d134a8 (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet001\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet001\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@u0 0x38 0x0F 0x98 0x02 ...
Reg HKLM\SYSTEM\ControlSet001\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@h0 0
Reg HKLM\SYSTEM\ControlSet001\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@hdf12 0x24 0x62 0xDF 0x9D ...
Reg HKLM\SYSTEM\CurrentControlSet\Services\BTHPORT\Parameters\Keys\001060d134a8
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@u0 0x38 0x0F 0x98 0x02 ...
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@h0 0
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@hdf12 0x24 0x62 0xDF 0x9D ...
Reg HKLM\SYSTEM\ControlSet003\Services\BTHPORT\Parameters\Keys\001060d134a8 (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@u0 0x38 0x0F 0x98 0x02 ...
Reg HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@h0 0
Reg HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@hdf12 0x24 0x62 0xDF 0x9D ...
Reg HKLM\SOFTWARE\Classes\CLSID\{47629D4B-2AD3-4e50-B716-A66C15C63153}\InprocServer32
Reg HKLM\SOFTWARE\Classes\CLSID\{47629D4B-2AD3-4e50-B716-A66C15C63153}\InprocServer32@ThreadingModel Apartment
Reg HKLM\SOFTWARE\Classes\CLSID\{47629D4B-2AD3-4e50-B716-A66C15C63153}\InprocServer32@ C:\Windows\system32\OLE32.DLL
Reg HKLM\SOFTWARE\Classes\CLSID\{47629D4B-2AD3-4e50-B716-A66C15C63153}\InprocServer32@cd042efbbd7f7af1647644e76e06692b 0xC8 0x28 0x51 0xAF ...
Reg HKLM\SOFTWARE\Classes\CLSID\{604BB98A-A94F-4a5c-A67C-D8D3582C741C}\InprocServer32
Reg HKLM\SOFTWARE\Classes\CLSID\{604BB98A-A94F-4a5c-A67C-D8D3582C741C}\InprocServer32@ThreadingModel Apartment
Reg HKLM\SOFTWARE\Classes\CLSID\{604BB98A-A94F-4a5c-A67C-D8D3582C741C}\InprocServer32@ C:\Windows\system32\OLE32.DLL
Reg HKLM\SOFTWARE\Classes\CLSID\{604BB98A-A94F-4a5c-A67C-D8D3582C741C}\InprocServer32@bca643cdc5c2726b20d2ecedcc62c59b 0x6A 0x9C 0xD6 0x61 ...
Reg HKLM\SOFTWARE\Classes\CLSID\{684373FB-9CD8-4e47-B990-5A4466C16034}\InprocServer32
Reg HKLM\SOFTWARE\Classes\CLSID\{684373FB-9CD8-4e47-B990-5A4466C16034}\InprocServer32@ThreadingModel Apartment
Reg HKLM\SOFTWARE\Classes\CLSID\{684373FB-9CD8-4e47-B990-5A4466C16034}\InprocServer32@ C:\Windows\system32\OLE32.DLL
Reg HKLM\SOFTWARE\Classes\CLSID\{684373FB-9CD8-4e47-B990-5A4466C16034}\InprocServer32@2c81e34222e8052573023a60d06dd016 0xFF 0x7C 0x85 0xE0 ...
Reg HKLM\SOFTWARE\Classes\CLSID\{74554CCD-F60F-4708-AD98-D0152D08C8B9}\InprocServer32
Reg HKLM\SOFTWARE\Classes\CLSID\{74554CCD-F60F-4708-AD98-D0152D08C8B9}\InprocServer32@ThreadingModel Apartment
Reg HKLM\SOFTWARE\Classes\CLSID\{74554CCD-F60F-4708-AD98-D0152D08C8B9}\InprocServer32@ C:\Windows\system32\OLE32.DLL
Reg HKLM\SOFTWARE\Classes\CLSID\{74554CCD-F60F-4708-AD98-D0152D08C8B9}\InprocServer32@2582ae41fb52324423be06337561aa48 0x3E 0x1E 0x9E 0xE0 ...
Reg HKLM\SOFTWARE\Classes\CLSID\{7EB537F9-A916-4339-B91B-DED8E83632C0}\InprocServer32
Reg HKLM\SOFTWARE\Classes\CLSID\{7EB537F9-A916-4339-B91B-DED8E83632C0}\InprocServer32@ThreadingModel Apartment
Reg HKLM\SOFTWARE\Classes\CLSID\{7EB537F9-A916-4339-B91B-DED8E83632C0}\InprocServer32@ C:\Windows\system32\OLE32.DLL
Reg HKLM\SOFTWARE\Classes\CLSID\{7EB537F9-A916-4339-B91B-DED8E83632C0}\InprocServer32@caaeda5fd7a9ed7697d9686d4b818472 0xCD 0x44 0xCD 0xB9 ...
Reg HKLM\SOFTWARE\Classes\CLSID\{948395E8-7A56-4fb1-843B-3E52D94DB145}\InprocServer32
Reg HKLM\SOFTWARE\Classes\CLSID\{948395E8-7A56-4fb1-843B-3E52D94DB145}\InprocServer32@ThreadingModel Apartment
Reg HKLM\SOFTWARE\Classes\CLSID\{948395E8-7A56-4fb1-843B-3E52D94DB145}\InprocServer32@ C:\Windows\system32\OLE32.DLL
Reg HKLM\SOFTWARE\Classes\CLSID\{948395E8-7A56-4fb1-843B-3E52D94DB145}\InprocServer32@a4a1bcf2cc2b8bc3716b74b2b4522f5d 0xB0 0x18 0xED 0xA7 ...
Reg HKLM\SOFTWARE\Classes\CLSID\{AC3ED30B-6F1A-4bfc-A4F6-2EBDCCD34C19}\InprocServer32
Reg HKLM\SOFTWARE\Classes\CLSID\{AC3ED30B-6F1A-4bfc-A4F6-2EBDCCD34C19}\InprocServer32@ThreadingModel Apartment
Reg HKLM\SOFTWARE\Classes\CLSID\{AC3ED30B-6F1A-4bfc-A4F6-2EBDCCD34C19}\InprocServer32@ C:\Windows\system32\OLE32.DLL
Reg HKLM\SOFTWARE\Classes\CLSID\{AC3ED30B-6F1A-4bfc-A4F6-2EBDCCD34C19}\InprocServer32@4d370831d2c43cd13623e232fed27b7b 0x31 0x77 0xE1 0xBA ...
Reg HKLM\SOFTWARE\Classes\CLSID\{DE5654CA-EB84-4df9-915B-37E957082D6D}\InprocServer32
Reg HKLM\SOFTWARE\Classes\CLSID\{DE5654CA-EB84-4df9-915B-37E957082D6D}\InprocServer32@ThreadingModel Apartment
Reg HKLM\SOFTWARE\Classes\CLSID\{DE5654CA-EB84-4df9-915B-37E957082D6D}\InprocServer32@ C:\Windows\system32\OLE32.DLL
Reg HKLM\SOFTWARE\Classes\CLSID\{DE5654CA-EB84-4df9-915B-37E957082D6D}\InprocServer32@1d68fe701cdea33e477eb204b76f993d 0xAA 0x52 0xC6 0x00 ...
Reg HKLM\SOFTWARE\Classes\CLSID\{E39C35E8-7488-4926-92B2-2F94619AC1A5}\InprocServer32
Reg HKLM\SOFTWARE\Classes\CLSID\{E39C35E8-7488-4926-92B2-2F94619AC1A5}\InprocServer32@ThreadingModel Apartment
Reg HKLM\SOFTWARE\Classes\CLSID\{E39C35E8-7488-4926-92B2-2F94619AC1A5}\InprocServer32@ C:\Windows\system32\OLE32.DLL
Reg HKLM\SOFTWARE\Classes\CLSID\{E39C35E8-7488-4926-92B2-2F94619AC1A5}\InprocServer32@1fac81b91d8e3c5aa4b0a51804d844a3 0xF6 0x0F 0x4E 0x58 ...
Reg HKLM\SOFTWARE\Classes\CLSID\{EACAFCE5-B0E2-4288-8073-C02FF9619B6F}\InprocServer32
Reg HKLM\SOFTWARE\Classes\CLSID\{EACAFCE5-B0E2-4288-8073-C02FF9619B6F}\InprocServer32@ThreadingModel Apartment
Reg HKLM\SOFTWARE\Classes\CLSID\{EACAFCE5-B0E2-4288-8073-C02FF9619B6F}\InprocServer32@ C:\Windows\system32\OLE32.DLL
Reg HKLM\SOFTWARE\Classes\CLSID\{EACAFCE5-B0E2-4288-8073-C02FF9619B6F}\InprocServer32@f5f62a6129303efb32fbe080bb27835b 0xB1 0xCD 0x45 0x5A ...
Reg HKLM\SOFTWARE\Classes\CLSID\{F8F02ADD-7366-4186-9488-C21CB8B3DCEC}\InprocServer32
Reg HKLM\SOFTWARE\Classes\CLSID\{F8F02ADD-7366-4186-9488-C21CB8B3DCEC}\InprocServer32@ThreadingModel Apartment
Reg HKLM\SOFTWARE\Classes\CLSID\{F8F02ADD-7366-4186-9488-C21CB8B3DCEC}\InprocServer32@ C:\Windows\system32\OLE32.DLL
Reg HKLM\SOFTWARE\Classes\CLSID\{F8F02ADD-7366-4186-9488-C21CB8B3DCEC}\InprocServer32@fd4e2e1a3940b94dceb5a6a021f2e3c6 0x2A 0xB7 0xCC 0xB5 ...
Reg HKLM\SOFTWARE\Classes\CLSID\{FEE45DE2-A467-4bf9-BF2D-1411304BCD84}\InprocServer32
Reg HKLM\SOFTWARE\Classes\CLSID\{FEE45DE2-A467-4bf9-BF2D-1411304BCD84}\InprocServer32@ThreadingModel Apartment
Reg HKLM\SOFTWARE\Classes\CLSID\{FEE45DE2-A467-4bf9-BF2D-1411304BCD84}\InprocServer32@ C:\Windows\system32\OLE32.DLL
Reg HKLM\SOFTWARE\Classes\CLSID\{FEE45DE2-A467-4bf9-BF2D-1411304BCD84}\InprocServer32@8a8aec57dd6508a385616fbc86791ec2 0x6C 0x43 0x2D 0x1E ...

---- EOF - GMER 2.0 ----

Der Scan mit Malwarebytes Anti-Malware zeite folgendes Ergebnis:

Malwarebytes Anti-Malware 1.70.0.1100
www.malwarebytes.org

Datenbank Version: v2012.12.14.11

Windows Vista Service Pack 1 x86 NTFS (Abgesichertenmodus/Netzwerkfähig)
Internet Explorer 8.0.6001.18828
Ich Bin :: LAPTOP [Administrator]

15.01.2013 21:12:24
mbam-log-2013-01-15 (21-12-24).txt

Art des Suchlaufs: Quick-Scan
Aktivierte Suchlaufeinstellungen: Speicher | Autostart | Registrierung | Dateisystem | Heuristiks/Extra | HeuristiKs/Shuriken | PUP | PUM
Deaktivierte Suchlaufeinstellungen: P2P
Durchsuchte Objekte: 196803
Laufzeit: 4 Minute(n), 28 Sekunde(n)

Infizierte Speicherprozesse: 0
(Keine bösartigen Objekte gefunden)

Infizierte Speichermodule: 0
(Keine bösartigen Objekte gefunden)

Infizierte Registrierungsschlüssel: 0
(Keine bösartigen Objekte gefunden)

Infizierte Registrierungswerte: 1
HKCU\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows|Load (PUM.UserWLoad) -> Daten: C:\Users\ICHBIN~1\LOCALS~1\Temp\msaoopazx.pif -> Löschen bei Neustart.

Infizierte Dateiobjekte der Registrierung: 0
(Keine bösartigen Objekte gefunden)

Infizierte Verzeichnisse: 0
(Keine bösartigen Objekte gefunden)

Infizierte Dateien: 2
C:\ProgramData\ms0001AAA0.dat (Trojan.FakeMS) -> Erfolgreich gelöscht und in Quarantäne gestellt.
C:\Users\Ich Bin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\runctf.lnk (Trojan.Ransom.SUGen) -> Erfolgreich gelöscht und in Quarantäne gestellt.

(Ende)

Ich wäre sehr froh, wenn mir jemand helfen könnte.

Mit besten Grüßen,
Ichauch33

markusg · 15.01.2013, 21:43

hi
is ja kein wunder, bei dem schlechten updatezustands deines Geräts, kein Servicepack 2 zb, für vista.

falls du deinen nutzernamen im Log verendert hast, passe ihn im Script an

dieses script sowie evtl. folgende scripts sind nur für den jeweiligen user.
wenn ihr probleme habt, eröffnet eigene topics und wartet auf, für euch angepasste scripts.

• Starte bitte die OTL.exe
• Kopiere nun das Folgende in die Textbox.

Code:

ATTFilter

:OTL
F3 - HKCU WinNT: Load - (C:\Users\ICHBIN~1\LOCALS~1\Temp\msaoopazx.pif) - C:\Users\ICHBIN~1\LOCALS~1\Temp\msaoopazx.pif (Ucuq)
 :Files
:Commands
[Reboot]

• Schliesse bitte nun alle Programme.
• Klicke nun bitte auf den Fix Button.
• OTL kann gegebenfalls einen Neustart verlangen. Bitte dies zulassen.
• Nach dem Neustart findest Du ein Textdokument, dessen inhalt in deiner nächsten antwort hier reinkopieren.
starte in den normalen modus.

falls du keine symbole hast, dann rechtsklick, ansicht, desktop symbole einblenden

Hinweis: Die Datei bitte wie in der Anleitung zum UpChannel angegeben auch da hochladen. Bitte NICHT die ZIP-Datei hier als Anhang
in den Thread posten!

Drücke bitte die

+ E Taste.

Öffne dein Systemlaufwerk ( meistens C: )
Suche nun
folgenden Ordner: _OTL und öffne diesen.
Mache einen Rechtsklick auf den Ordner Movedfiles --> Senden an --> Zip-Komprimierter Ordner
Dies wird eine Movedfiles.zip Datei in _OTL erstellen
Lade diese bitte in unseren Uploadchannel
hoch. ( Durchsuchen --> C:\_OTL\Movedfiles.zip )

Teile mir mit ob der Upload problemlos geklappt hat. Danke im voraus

für eine weitere analyse benötige ich mal folgendes.
c:\Users\name\AppData\LocalLow\Sun\Java\Deployment\cache
dort rechtsklick auf den ordner cache, diesen mit winrar oder einem anderen programm packen, und im upload channel hochladen bitte

Ichauch33 · 17.01.2013, 15:13

Hallo markusg,

vielen Dank für deine Hilfe.
Der upload beider zip- Dateien hat funktioniert.

Mit besten Grüßen,
Ichauch33

markusg · 17.01.2013, 17:20

hi
ja hat geklappt, danke.
download tdss killer:
http://www.trojaner-board.de/82358-t...entfernen.html
Klicke auf Change parameters
• Setze die Haken bei Verify driver digital signatures und Detect TDLFS file system
• Klick auf OK und anschließend auf Start scan
- bei funden erst mal immer skip wählen, log posten
c: öffnen, tdsskiller-datum-version.txt öffnen, Inhalt posten

Ichauch33 · 18.01.2013, 20:23

Guten Abend markusg,

hier ist das Ergebnis des Scans:

19:18:28.0729 4348 TDSS rootkit removing tool 2.8.15.0 Oct 31 2012 21:47:35
19:18:29.0375 4348 ============================================================
19:18:29.0375 4348 Current date / time: 2013/01/18 19:18:29.0375
19:18:29.0375 4348 SystemInfo:
19:18:29.0375 4348
19:18:29.0375 4348 OS Version: 6.0.6001 ServicePack: 1.0
19:18:29.0375 4348 Product type: Workstation
19:18:29.0375 4348 ComputerName: LAPTOP
19:18:29.0376 4348 UserName: Ich Bin
19:18:29.0376 4348 Windows directory: C:\Windows
19:18:29.0376 4348 System windows directory: C:\Windows
19:18:29.0376 4348 Processor architecture: Intel x86
19:18:29.0376 4348 Number of processors: 2
19:18:29.0376 4348 Page size: 0x1000
19:18:29.0376 4348 Boot type: Normal boot
19:18:29.0376 4348 ============================================================
19:18:29.0932 4348 Drive \Device\Harddisk0\DR0 - Size: 0x25433D6000 (149.05 Gb), SectorSize: 0x200, Cylinders: 0x4C01, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000050
19:18:29.0934 4348 ============================================================
19:18:29.0934 4348 \Device\Harddisk0\DR0:
19:18:29.0934 4348 MBR partitions:
19:18:29.0934 4348 \Device\Harddisk0\DR0\Partition1: MBR, Type 0x7, StartLBA 0x800, BlocksNum 0x12A18EB0
19:18:29.0935 4348 ============================================================
19:18:29.0963 4348 C: <-> \Device\Harddisk0\DR0\Partition1
19:18:29.0963 4348 ============================================================
19:18:29.0964 4348 Initialize success
19:18:29.0964 4348 ============================================================
19:18:48.0491 3552 ============================================================
19:18:48.0491 3552 Scan started
19:18:48.0491 3552 Mode: Manual; SigCheck; TDLFS;
19:18:48.0491 3552 ============================================================
19:18:50.0374 3552 ================ Scan system memory ========================
19:18:50.0374 3552 System memory - ok
19:18:50.0375 3552 ================ Scan services =============================
19:18:50.0627 3552 [ FCB8C7210F0135E24C6580F7F649C73C ] ACPI C:\Windows\system32\drivers\acpi.sys
19:18:50.0831 3552 ACPI - ok
19:18:50.0943 3552 [ F84C9DEE4698DF3C1D76801B7B1B55D7 ] Adobe LM Service C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
19:18:50.0970 3552 Adobe LM Service ( UnsignedFile.Multi.Generic ) - warning
19:18:50.0970 3552 Adobe LM Service - detected UnsignedFile.Multi.Generic (1)
19:18:51.0007 3552 [ 04F0FCAC69C7C71A3AC4EB97FAFC8303 ] adp94xx C:\Windows\system32\drivers\adp94xx.sys
19:18:51.0027 3552 adp94xx - ok
19:18:51.0081 3552 [ 60505E0041F7751BDBB80F88BF45C2CE ] adpahci C:\Windows\system32\drivers\adpahci.sys
19:18:51.0096 3552 adpahci - ok
19:18:51.0140 3552 [ 8A42779B02AEC986EAB64ECFC98F8BD7 ] adpu160m C:\Windows\system32\drivers\adpu160m.sys
19:18:51.0153 3552 adpu160m - ok
19:18:51.0182 3552 [ 241C9E37F8CE45EF51C3DE27515CA4E5 ] adpu320 C:\Windows\system32\drivers\adpu320.sys
19:18:51.0195 3552 adpu320 - ok
19:18:51.0225 3552 [ 9D1FDA9E086BA64E3C93C9DE32461BCF ] AeLookupSvc C:\Windows\System32\aelupsvc.dll
19:18:51.0357 3552 AeLookupSvc - ok
19:18:51.0428 3552 [ 763E172A55177E478CB419F88FD0BA03 ] AFD C:\Windows\system32\drivers\afd.sys
19:18:51.0552 3552 AFD - ok
19:18:51.0577 3552 [ AE1FDF7BF7BB6C6A70F67699D880592A ] aic78xx C:\Windows\system32\drivers\djsvs.sys
19:18:51.0592 3552 aic78xx - ok
19:18:51.0663 3552 [ A6003E95E9561147CEE4D3170A01B8CF ] aksfridge C:\Windows\system32\drivers\aksfridge.sys
19:18:51.0720 3552 aksfridge - ok
19:18:51.0798 3552 [ A1545B731579895D8CC44FC0481C1192 ] ALG C:\Windows\System32\alg.exe
19:18:51.0880 3552 ALG - ok
19:18:51.0932 3552 [ 9EAEF5FC9B8E351AFA7E78A6FAE91F91 ] aliide C:\Windows\system32\drivers\aliide.sys
19:18:51.0950 3552 aliide - ok
19:18:52.0005 3552 [ C47344BC706E5F0B9DCE369516661578 ] amdagp C:\Windows\system32\drivers\amdagp.sys
19:18:52.0025 3552 amdagp - ok
19:18:52.0060 3552 [ 9B78A39A4C173FDBC1321E0DD659B34C ] amdide C:\Windows\system32\drivers\amdide.sys
19:18:52.0077 3552 amdide - ok
19:18:52.0144 3552 [ 18F29B49AD23ECEE3D2A826C725C8D48 ] AmdK7 C:\Windows\system32\drivers\amdk7.sys
19:18:52.0218 3552 AmdK7 - ok
19:18:52.0278 3552 [ 93AE7F7DD54AB986A6F1A1B37BE7442D ] AmdK8 C:\Windows\system32\drivers\amdk8.sys
19:18:52.0364 3552 AmdK8 - ok
19:18:52.0480 3552 [ C6D704C7F0434DC791AAC37CAC4B6E14 ] Appinfo C:\Windows\System32\appinfo.dll
19:18:52.0589 3552 Appinfo - ok
19:18:52.0755 3552 [ C56DED3FE618C8BAE1AAAF4E801CCB3E ] AppMgmt C:\Windows\System32\appmgmts.dll
19:18:52.0861 3552 AppMgmt - ok
19:18:52.0893 3552 [ 5D2888182FB46632511ACEE92FDAD522 ] arc C:\Windows\system32\drivers\arc.sys
19:18:52.0913 3552 arc - ok
19:18:53.0073 3552 [ 5E2A321BD7C8B3624E41FDEC3E244945 ] arcsas C:\Windows\system32\drivers\arcsas.sys
19:18:53.0093 3552 arcsas - ok
19:18:53.0148 3552 [ 53B202ABEE6455406254444303E87BE1 ] AsyncMac C:\Windows\system32\DRIVERS\asyncmac.sys
19:18:53.0221 3552 AsyncMac - ok
19:18:53.0258 3552 [ 2D9C903DC76A66813D350A562DE40ED9 ] atapi C:\Windows\system32\drivers\atapi.sys
19:18:53.0276 3552 atapi - ok
19:18:53.0559 3552 [ 42076E29AAFA0830A2C5D4E310F58DD1 ] AudioEndpointBuilder C:\Windows\System32\Audiosrv.dll
19:18:53.0656 3552 AudioEndpointBuilder - ok
19:18:53.0671 3552 [ 42076E29AAFA0830A2C5D4E310F58DD1 ] Audiosrv C:\Windows\System32\Audiosrv.dll
19:18:53.0718 3552 Audiosrv - ok
19:18:53.0873 3552 [ C4D15594DB5BE042D3346EA58DF87D89 ] avg9wd C:\Program Files\AVG\AVG9\avgwdsvc.exe
19:18:53.0938 3552 avg9wd - ok
19:18:54.0011 3552 [ A9F4D19DE72C738759330D10D35C4398 ] AvgLdx86 C:\Windows\system32\Drivers\avgldx86.sys
19:18:54.0025 3552 AvgLdx86 - ok
19:18:54.0080 3552 [ 80FF2B1B7EEDA966394F0BAA895BBF4B ] AvgMfx86 C:\Windows\system32\Drivers\avgmfx86.sys
19:18:54.0087 3552 AvgMfx86 - ok
19:18:54.0200 3552 [ 9A7A93388F503A34E7339AE7F9997449 ] AvgTdiX C:\Windows\system32\Drivers\avgtdix.sys
19:18:54.0212 3552 AvgTdiX - ok
19:18:54.0256 3552 [ 67E506B75BD5326A3EC7B70BD014DFB6 ] Beep C:\Windows\system32\drivers\Beep.sys
19:18:54.0299 3552 Beep - ok
19:18:54.0336 3552 [ 8582E233C346AEFE759833E8A30DD697 ] BFE C:\Windows\System32\bfe.dll
19:18:54.0386 3552 BFE - ok
19:18:54.0461 3552 [ 02ED7B4DBC2A3232A389106DA7515C3D ] BITS C:\Windows\System32\qmgr.dll
19:18:54.0561 3552 BITS - ok
19:18:54.0640 3552 [ D4DF28447741FD3D953526E33A617397 ] blbdrive C:\Windows\system32\drivers\blbdrive.sys
19:18:54.0702 3552 blbdrive - ok
19:18:54.0766 3552 [ 74B442B2BE1260B7588C136177CEAC66 ] bowser C:\Windows\system32\DRIVERS\bowser.sys
19:18:54.0814 3552 bowser - ok
19:18:54.0838 3552 [ 9F9ACC7F7CCDE8A15C282D3F88B43309 ] BrFiltLo C:\Windows\system32\drivers\brfiltlo.sys
19:18:54.0883 3552 BrFiltLo - ok
19:18:54.0908 3552 [ 56801AD62213A41F6497F96DEE83755A ] BrFiltUp C:\Windows\system32\drivers\brfiltup.sys
19:18:54.0957 3552 BrFiltUp - ok
19:18:55.0005 3552 [ A3629A0C4226F9E9C72FAAEEBC3AD33C ] Browser C:\Windows\System32\browser.dll
19:18:55.0083 3552 Browser - ok
19:18:55.0110 3552 [ B304E75CFF293029EDDF094246747113 ] Brserid C:\Windows\system32\drivers\brserid.sys
19:18:55.0398 3552 Brserid - ok
19:18:55.0435 3552 [ 203F0B1E73ADADBBB7B7B1FABD901F6B ] BrSerWdm C:\Windows\system32\drivers\brserwdm.sys
19:18:55.0562 3552 BrSerWdm - ok
19:18:55.0596 3552 [ BD456606156BA17E60A04E18016AE54B ] BrUsbMdm C:\Windows\system32\drivers\brusbmdm.sys
19:18:55.0705 3552 BrUsbMdm - ok
19:18:55.0731 3552 [ AF72ED54503F717A43268B3CC5FAEC2E ] BrUsbSer C:\Windows\system32\drivers\brusbser.sys
19:18:55.0838 3552 BrUsbSer - ok
19:18:55.0886 3552 [ DA7B195275BDA7F8FCF79B40E0F45DDE ] BthEnum C:\Windows\system32\DRIVERS\BthEnum.sys
19:18:55.0934 3552 BthEnum - ok
19:18:55.0968 3552 [ AD07C1EC6665B8B35741AB91200C6B68 ] BTHMODEM C:\Windows\system32\drivers\bthmodem.sys
19:18:56.0061 3552 BTHMODEM - ok
19:18:56.0085 3552 [ 5904EFA25F829BF84EA6FB045134A1D8 ] BthPan C:\Windows\system32\DRIVERS\bthpan.sys
19:18:56.0133 3552 BthPan - ok
19:18:56.0192 3552 [ 73D53F8E90550BA81E2CF44A0873B410 ] BTHPORT C:\Windows\system32\Drivers\BTHport.sys
19:18:56.0225 3552 BTHPORT - ok
19:18:56.0255 3552 [ 58EE7F5E68310BC8D4E7CEBD8358C12E ] BthServ C:\Windows\System32\bthserv.dll
19:18:56.0285 3552 BthServ - ok
19:18:56.0312 3552 [ 32045A4BB143BBC5BAB1298C4E9E309A ] BTHUSB C:\Windows\system32\Drivers\BTHUSB.sys
19:18:56.0340 3552 BTHUSB - ok
19:18:56.0392 3552 [ 7ADD03E75BEB9E6DD102C3081D29840A ] cdfs C:\Windows\system32\DRIVERS\cdfs.sys
19:18:56.0438 3552 cdfs - ok
19:18:56.0468 3552 [ 1EC25CEA0DE6AC4718BF89F9E1778B57 ] cdrom C:\Windows\system32\DRIVERS\cdrom.sys
19:18:56.0518 3552 cdrom - ok
19:18:56.0555 3552 [ 87C2D0377B23E2D8A41093C2F5FB1A5B ] CertPropSvc C:\Windows\System32\certprop.dll
19:18:56.0605 3552 CertPropSvc - ok
19:18:56.0630 3552 [ E5D4133F37219DBCFE102BC61072589D ] circlass C:\Windows\system32\drivers\circlass.sys
19:18:56.0697 3552 circlass - ok
19:18:56.0733 3552 [ 465745561C832B29F7C48B488AAB3842 ] CLFS C:\Windows\system32\CLFS.sys
19:18:56.0748 3552 CLFS - ok
19:18:56.0857 3552 [ D87ACAED61E417BBA546CED5E7E36D9C ] clr_optimization_v2.0.50727_32 C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe
19:18:56.0870 3552 clr_optimization_v2.0.50727_32 - ok
19:18:56.0919 3552 [ 99AFC3795B58CC478FBBBCDC658FCB56 ] CmBatt C:\Windows\system32\DRIVERS\CmBatt.sys
19:18:56.0955 3552 CmBatt - ok
19:18:56.0989 3552 [ 0CA25E686A4928484E9FDABD168AB629 ] cmdide C:\Windows\system32\drivers\cmdide.sys
19:18:57.0001 3552 cmdide - ok
19:18:57.0027 3552 [ 6AFEF0B60FA25DE07C0968983EE4F60A ] Compbatt C:\Windows\system32\DRIVERS\compbatt.sys
19:18:57.0039 3552 Compbatt - ok
19:18:57.0047 3552 COMSysApp - ok
19:18:57.0104 3552 [ 741E9DFF4F42D2D8477D0FC1DC0DF871 ] crcdisk C:\Windows\system32\drivers\crcdisk.sys
19:18:57.0116 3552 crcdisk - ok
19:18:57.0248 3552 [ 1F07BECDCA750766A96CDA811BA86410 ] Crusoe C:\Windows\system32\drivers\crusoe.sys
19:18:57.0319 3552 Crusoe - ok
19:18:57.0359 3552 [ 6DE363F9F99334514C46AEC02D3E3678 ] CryptSvc C:\Windows\system32\cryptsvc.dll
19:18:57.0426 3552 CryptSvc - ok
19:18:57.0468 3552 [ 9A5434125C3DFE42393DE4BBB791BD19 ] CSC C:\Windows\system32\drivers\csc.sys
19:18:57.0536 3552 CSC - ok
19:18:57.0581 3552 [ CB1D480676229A09EEF1DD4D23C5EDF3 ] CscService C:\Windows\System32\cscsvc.dll
19:18:57.0643 3552 CscService - ok
19:18:57.0748 3552 [ 301AE00E12408650BADDC04DBC832830 ] DcomLaunch C:\Windows\system32\rpcss.dll
19:18:57.0837 3552 DcomLaunch - ok
19:18:57.0906 3552 [ 9E635AE5E8AD93E2B5989E2E23679F97 ] DfsC C:\Windows\system32\Drivers\dfsc.sys
19:18:57.0977 3552 DfsC - ok
19:18:58.0239 3552 [ FA3463F25F9CC9C3BCF1E7912FEFF099 ] DFSR C:\Windows\system32\DFSR.exe
19:18:58.0381 3552 DFSR - ok
19:18:58.0429 3552 [ 43A988A9C10333476CB5FB667CBD629D ] Dhcp C:\Windows\System32\dhcpcsvc.dll
19:18:58.0506 3552 Dhcp - ok
19:18:58.0584 3552 [ 64109E623ABD6955C8FB110B592E68B7 ] disk C:\Windows\system32\drivers\disk.sys
19:18:58.0597 3552 disk - ok
19:18:58.0636 3552 [ F5A0F1DA1ED8B429597E71D27D976E31 ] Dnscache C:\Windows\System32\dnsrslvr.dll
19:18:58.0692 3552 Dnscache - ok
19:18:58.0725 3552 [ 5AF620A08C614E24206B79E8153CF1A8 ] dot3svc C:\Windows\System32\dot3svc.dll
19:18:58.0774 3552 dot3svc - ok
19:18:58.0803 3552 [ A622E888F8AA2F6B49E9BC466F0E5DEF ] DPS C:\Windows\system32\dps.dll
19:18:58.0891 3552 DPS - ok
19:18:58.0944 3552 [ 97FEF831AB90BEE128C9AF390E243F80 ] drmkaud C:\Windows\system32\drivers\drmkaud.sys
19:18:58.0972 3552 drmkaud - ok
19:18:59.0020 3552 [ 85F33880B8CFB554BD3D9CCDB486845A ] DXGKrnl C:\Windows\System32\drivers\dxgkrnl.sys
19:18:59.0118 3552 DXGKrnl - ok
19:18:59.0171 3552 [ 5425F74AC0C1DBD96A1E04F17D63F94C ] E1G60 C:\Windows\system32\DRIVERS\E1G60I32.sys
19:18:59.0233 3552 E1G60 - ok
19:18:59.0277 3552 [ C0B95E40D85CD807D614E264248A45B9 ] EapHost C:\Windows\System32\eapsvc.dll
19:18:59.0329 3552 EapHost - ok
19:18:59.0383 3552 [ DD2CD259D83D8B72C02C5F2331FF9D68 ] Ecache C:\Windows\system32\drivers\ecache.sys
19:18:59.0404 3552 Ecache - ok
19:18:59.0446 3552 [ 23B62471681A124889978F6295B3F4C6 ] elxstor C:\Windows\system32\drivers\elxstor.sys
19:18:59.0467 3552 elxstor - ok
19:18:59.0504 3552 [ 70B1A86DF0C8EAD17D2BC332EDAE2C7C ] EMDMgmt C:\Windows\system32\emdmgmt.dll
19:18:59.0593 3552 EMDMgmt - ok
19:18:59.0617 3552 [ 3DB974F3935483555D7148663F726C61 ] ErrDev C:\Windows\system32\drivers\errdev.sys
19:18:59.0658 3552 ErrDev - ok
19:18:59.0719 3552 [ 3CB3343D720168B575133A0A20DC2465 ] EventSystem C:\Windows\system32\es.dll
19:18:59.0767 3552 EventSystem - ok
19:18:59.0797 3552 [ 0D858EB20589A34EFB25695ACAA6AA2D ] exfat C:\Windows\system32\drivers\exfat.sys
19:18:59.0846 3552 exfat - ok
19:18:59.0871 3552 [ 3C489390C2E2064563727752AF8EAB9E ] fastfat C:\Windows\system32\drivers\fastfat.sys
19:18:59.0903 3552 fastfat - ok
19:18:59.0984 3552 [ DFBA0F60FA301E5B1BFB1403A93EE23E ] Fax C:\Windows\system32\fxssvc.exe
19:19:00.0040 3552 Fax - ok
19:19:00.0087 3552 [ AFE1E8B9782A0DD7FB46BBD88E43F89A ] fdc C:\Windows\system32\DRIVERS\fdc.sys
19:19:00.0139 3552 fdc - ok
19:19:00.0167 3552 [ 6629B5F0E98151F4AFDD87567EA32BA3 ] fdPHost C:\Windows\system32\fdPHost.dll
19:19:00.0235 3552 fdPHost - ok
19:19:00.0258 3552 [ 89ED56DCE8E47AF40892778A5BD31FD2 ] FDResPub C:\Windows\system32\fdrespub.dll
19:19:00.0336 3552 FDResPub - ok
19:19:00.0387 3552 [ A8C0139A884861E3AAE9CFE73B208A9F ] FileInfo C:\Windows\system32\drivers\fileinfo.sys
19:19:00.0399 3552 FileInfo - ok
19:19:00.0422 3552 [ 0AE429A696AECBC5970E3CF2C62635AE ] Filetrace C:\Windows\system32\drivers\filetrace.sys
19:19:00.0467 3552 Filetrace - ok
19:19:00.0505 3552 [ 85B7CF99D532820495D68D747FDA9EBD ] flpydisk C:\Windows\system32\DRIVERS\flpydisk.sys
19:19:00.0542 3552 flpydisk - ok
19:19:00.0565 3552 [ 05EA53AFE985443011E36DAB07343B46 ] FltMgr C:\Windows\system32\drivers\fltmgr.sys
19:19:00.0581 3552 FltMgr - ok
19:19:00.0639 3552 [ C9BE08664611DDAF98E2331E9288B00B ] FontCache3.0.0.0 C:\Windows\Microsoft.Net\Framework\v3.0\WPF\PresentationFontCache.exe
19:19:00.0647 3552 FontCache3.0.0.0 - ok
19:19:00.0702 3552 [ B74B0578FD1D3F897E95F2A2B69EA051 ] fssfltr C:\Windows\system32\DRIVERS\fssfltr.sys
19:19:00.0712 3552 fssfltr - ok
19:19:00.0879 3552 [ 206AD9A89BF05DFA1621F1FC7B82592D ] fsssvc C:\Program Files\Windows Live\Family Safety\fsssvc.exe
19:19:00.0906 3552 fsssvc - ok
19:19:00.0957 3552 [ 65EA8B77B5851854F0C55C43FA51A198 ] Fs_Rec C:\Windows\system32\drivers\Fs_Rec.sys
19:19:00.0994 3552 Fs_Rec - ok
19:19:01.0019 3552 [ 34582A6E6573D54A07ECE5FE24A126B5 ] gagp30kx C:\Windows\system32\drivers\gagp30kx.sys
19:19:01.0029 3552 gagp30kx - ok
19:19:01.0149 3552 [ D9F1113D9401185245573350712F92FC ] gpsvc C:\Windows\System32\gpsvc.dll
19:19:01.0214 3552 gpsvc - ok
19:19:01.0295 3552 [ 63777F012FC92853ED1138BB7154DBBB ] Hardlock C:\Windows\system32\drivers\hardlock.sys
19:19:01.0347 3552 Hardlock - ok
19:19:01.0353 3552 hasplms - ok
19:19:01.0432 3552 [ CB04C744BE0A61B1D648FAED182C3B59 ] HdAudAddService C:\Windows\system32\drivers\HdAudio.sys
19:19:01.0540 3552 HdAudAddService - ok
19:19:01.0574 3552 [ C87B1EE051C0464491C1A7B03FA0BC99 ] HDAudBus C:\Windows\system32\DRIVERS\HDAudBus.sys
19:19:01.0626 3552 HDAudBus - ok
19:19:01.0643 3552 [ 1338520E78D90154ED6BE8F84DE5FCEB ] HidBth C:\Windows\system32\drivers\hidbth.sys
19:19:01.0719 3552 HidBth - ok
19:19:01.0749 3552 [ FF3160C3A2445128C5A6D9B076DA519E ] HidIr C:\Windows\system32\drivers\hidir.sys
19:19:01.0828 3552 HidIr - ok
19:19:01.0905 3552 [ 8FA640195279ACE21BEA91396A0054FC ] hidserv C:\Windows\system32\hidserv.dll
19:19:01.0965 3552 hidserv - ok
19:19:02.0005 3552 [ 854CA287AB7FAF949617A788306D967E ] HidUsb C:\Windows\system32\DRIVERS\hidusb.sys
19:19:02.0056 3552 HidUsb - ok
19:19:02.0122 3552 [ D8AD255B37DA92434C26E4876DB7D418 ] hkmsvc C:\Windows\system32\kmsvc.dll
19:19:02.0171 3552 hkmsvc - ok
19:19:02.0194 3552 [ 16EE7B23A009E00D835CDB79574A91A6 ] HpCISSs C:\Windows\system32\drivers\hpcisss.sys
19:19:02.0205 3552 HpCISSs - ok
19:19:02.0255 3552 [ 406C027C18E98A396FAA1963DAD5FF70 ] HTTP C:\Windows\system32\drivers\HTTP.sys
19:19:02.0294 3552 HTTP - ok
19:19:02.0383 3552 [ C6B032D69650985468160FC9937CF5B4 ] i2omp C:\Windows\system32\drivers\i2omp.sys
19:19:02.0393 3552 i2omp - ok
19:19:02.0417 3552 [ 22D56C8184586B7A1F6FA60BE5F5A2BD ] i8042prt C:\Windows\system32\DRIVERS\i8042prt.sys
19:19:02.0483 3552 i8042prt - ok
19:19:02.0558 3552 [ 8EF427C54497C5F8A7A645990E4278C7 ] iaStor C:\Windows\system32\drivers\iastor.sys
19:19:02.0575 3552 iaStor - ok
19:19:02.0644 3552 [ 54155EA1B0DF185878E0FC9EC3AC3A14 ] iaStorV C:\Windows\system32\drivers\iastorv.sys
19:19:02.0661 3552 iaStorV - ok
19:19:02.0831 3552 [ 7316C9EE9CCB1F97CD11DA8F79C1B55F ] iComp C:\Windows\system32\DRIVERS\p2usbhum.sys
19:19:02.0935 3552 iComp - ok
19:19:03.0077 3552 [ 7B630ACAED64FEF0C3E1CF255CB56686 ] idsvc C:\Windows\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\infocard.exe
19:19:03.0133 3552 idsvc - ok
19:19:03.0428 3552 [ 62F534791AE488A475A3E508D92AF4CC ] igfx C:\Windows\system32\DRIVERS\igdkmd32.sys
19:19:03.0573 3552 igfx - ok
19:19:03.0602 3552 [ 2D077BF86E843F901D8DB709C95B49A5 ] iirsp C:\Windows\system32\drivers\iirsp.sys
19:19:03.0611 3552 iirsp - ok
19:19:03.0643 3552 [ A3BC480A2BF8AA8E4DABD2D5DCE0AFAC ] IKEEXT C:\Windows\System32\ikeext.dll
19:19:03.0711 3552 IKEEXT - ok
19:19:04.0284 3552 [ 80919A856693B1D1D4177F11F5BDA545 ] IntcAzAudAddService C:\Windows\system32\drivers\RTKVHDA.sys
19:19:04.0378 3552 IntcAzAudAddService - ok
19:19:04.0477 3552 [ 83AA759F3189E6370C30DE5DC5590718 ] intelide C:\Windows\system32\DRIVERS\intelide.sys
19:19:04.0489 3552 intelide - ok
19:19:04.0503 3552 [ 224191001E78C89DFA78924C3EA595FF ] intelppm C:\Windows\system32\DRIVERS\intelppm.sys
19:19:04.0541 3552 intelppm - ok
19:19:05.0061 3552 [ 9AC218C6E6105477484C6FDBE7D409A4 ] IPBusEnum C:\Windows\system32\ipbusenum.dll
19:19:05.0167 3552 IPBusEnum - ok
19:19:05.0192 3552 [ 62C265C38769B864CB25B4BCF62DF6C3 ] IpFilterDriver C:\Windows\system32\DRIVERS\ipfltdrv.sys
19:19:05.0257 3552 IpFilterDriver - ok
19:19:05.0312 3552 [ CAD416B8A4309B5E1CE75425381E7D2F ] iphlpsvc C:\Windows\System32\iphlpsvc.dll
19:19:05.0372 3552 iphlpsvc - ok
19:19:05.0383 3552 IpInIp - ok
19:19:05.0444 3552 [ B25AAF203552B7B3491139D582B39AD1 ] IPMIDRV C:\Windows\system32\drivers\ipmidrv.sys
19:19:05.0506 3552 IPMIDRV - ok
19:19:05.0541 3552 [ 8793643A67B42CEC66490B2A0CF92D68 ] IPNAT C:\Windows\system32\DRIVERS\ipnat.sys
19:19:05.0593 3552 IPNAT - ok
19:19:05.0608 3552 [ 109C0DFB82C3632FBD11949B73AEEAC9 ] IRENUM C:\Windows\system32\drivers\irenum.sys
19:19:05.0638 3552 IRENUM - ok
19:19:05.0674 3552 [ 6C70698A3E5C4376C6AB5C7C17FB0614 ] isapnp C:\Windows\system32\drivers\isapnp.sys
19:19:05.0684 3552 isapnp - ok
19:19:05.0738 3552 [ F247EEC28317F6C739C16DE420097301 ] iScsiPrt C:\Windows\system32\DRIVERS\msiscsi.sys
19:19:05.0750 3552 iScsiPrt - ok
19:19:05.0771 3552 [ BCED60D16156E428F8DF8CF27B0DF150 ] iteatapi C:\Windows\system32\drivers\iteatapi.sys
19:19:05.0780 3552 iteatapi - ok
19:19:05.0838 3552 [ 06FA654504A498C30ADCA8BEC4E87E7E ] iteraid C:\Windows\system32\drivers\iteraid.sys
19:19:05.0848 3552 iteraid - ok
19:19:06.0002 3552 [ 37605E0A8CF00CBBA538E753E4344C6E ] kbdclass C:\Windows\system32\DRIVERS\kbdclass.sys
19:19:06.0012 3552 kbdclass - ok
19:19:06.0063 3552 [ 18247836959BA67E3511B62846B9C2E0 ] kbdhid C:\Windows\system32\DRIVERS\kbdhid.sys
19:19:06.0124 3552 kbdhid - ok
19:19:06.0172 3552 [ A911ECAC81F94ADEAFBE8E3F7873EDB0 ] KeyIso C:\Windows\system32\lsass.exe
19:19:06.0213 3552 KeyIso - ok
19:19:06.0259 3552 [ 7A0CF7908B6824D6A2A1D313E5AE3DCA ] KSecDD C:\Windows\system32\Drivers\ksecdd.sys
19:19:06.0286 3552 KSecDD - ok
19:19:06.0332 3552 [ 8078F8F8F7A79E2E6B494523A828C585 ] KtmRm C:\Windows\system32\msdtckrm.dll
19:19:06.0377 3552 KtmRm - ok
19:19:06.0430 3552 [ 05CE901A4472B3FBF9407C94AD1DB693 ] LanmanServer C:\Windows\system32\srvsvc.dll
19:19:06.0501 3552 LanmanServer - ok
19:19:06.0539 3552 [ 2AE2E1628C5D3F1C0A46A67C9FA1DF15 ] LanmanWorkstation C:\Windows\System32\wkssvc.dll
19:19:06.0604 3552 LanmanWorkstation - ok
19:19:06.0643 3552 [ D1C5883087A0C3F1344D9D55A44901F6 ] lltdio C:\Windows\system32\DRIVERS\lltdio.sys
19:19:06.0703 3552 lltdio - ok
19:19:06.0765 3552 [ 2D5A428872F1442631D0959A34ABFF63 ] lltdsvc C:\Windows\System32\lltdsvc.dll
19:19:06.0833 3552 lltdsvc - ok
19:19:06.0853 3552 [ 35D40113E4A5B961B6CE5C5857702518 ] lmhosts C:\Windows\System32\lmhsvc.dll
19:19:06.0925 3552 lmhosts - ok
19:19:07.0009 3552 [ C7E15E82879BF3235B559563D4185365 ] LSI_FC C:\Windows\system32\drivers\lsi_fc.sys
19:19:07.0020 3552 LSI_FC - ok
19:19:07.0067 3552 [ EE01EBAE8C9BF0FA072E0FF68718920A ] LSI_SAS C:\Windows\system32\drivers\lsi_sas.sys
19:19:07.0079 3552 LSI_SAS - ok
19:19:07.0105 3552 [ 912A04696E9CA30146A62AFA1463DD5C ] LSI_SCSI C:\Windows\system32\drivers\lsi_scsi.sys
19:19:07.0116 3552 LSI_SCSI - ok
19:19:07.0144 3552 [ 8F5C7426567798E62A3B3614965D62CC ] luafv C:\Windows\system32\drivers\luafv.sys
19:19:07.0183 3552 luafv - ok
19:19:07.0297 3552 [ ED643E777BA3F7151EF3F0FB6BE4F7F0 ] LVRS C:\Windows\system32\DRIVERS\lvrs.sys
19:19:07.0313 3552 LVRS - ok
19:19:07.0615 3552 [ 5BC80451109A8DD7F2DDD35BCE2929A3 ] LVUVC C:\Windows\system32\DRIVERS\lvuvc.sys
19:19:07.0764 3552 LVUVC - ok
19:19:08.0136 3552 [ 0001CE609D66632FA17B84705F658879 ] megasas C:\Windows\system32\drivers\megasas.sys
19:19:08.0154 3552 megasas - ok
19:19:08.0246 3552 [ C252F32CD9A49DBFC25ECF26EBD51A99 ] MegaSR C:\Windows\system32\drivers\megasr.sys
19:19:08.0279 3552 MegaSR - ok
19:19:08.0400 3552 [ 033B947AF4A997820E86FCB070B1F450 ] Microsoft Office Groove Audit Service C:\Program Files\Microsoft Office\Office12\GrooveAuditService.exe
19:19:08.0418 3552 Microsoft Office Groove Audit Service - ok
19:19:08.0473 3552 [ 1076FFCFFAAE8385FD62DFCB25AC4708 ] MMCSS C:\Windows\system32\mmcss.dll
19:19:08.0532 3552 MMCSS - ok
19:19:08.0562 3552 [ E13B5EA0F51BA5B1512EC671393D09BA ] Modem C:\Windows\system32\drivers\modem.sys
19:19:08.0649 3552 Modem - ok
19:19:08.0682 3552 [ 0A9BB33B56E294F686ABB7C1E4E2D8A8 ] monitor C:\Windows\system32\DRIVERS\monitor.sys
19:19:08.0773 3552 monitor - ok
19:19:08.0804 3552 [ 5BF6A1326A335C5298477754A506D263 ] mouclass C:\Windows\system32\DRIVERS\mouclass.sys
19:19:08.0825 3552 mouclass - ok
19:19:08.0874 3552 [ 93B8D4869E12CFBE663915502900876F ] mouhid C:\Windows\system32\DRIVERS\mouhid.sys
19:19:08.0919 3552 mouhid - ok
19:19:08.0956 3552 [ BDAFC88AA6B92F7842416EA6A48E1600 ] MountMgr C:\Windows\system32\drivers\mountmgr.sys
19:19:08.0969 3552 MountMgr - ok
19:19:09.0064 3552 [ 15D5398EED42C2504BB3D4FC875C15D1 ] MozillaMaintenance C:\Program Files\Mozilla Maintenance Service\maintenanceservice.exe
19:19:09.0077 3552 MozillaMaintenance - ok
19:19:09.0111 3552 [ 511D011289755DD9F9A7579FB0B064E6 ] mpio C:\Windows\system32\drivers\mpio.sys
19:19:09.0125 3552 mpio - ok
19:19:09.0392 3552 [ 22241FEBA9B2DEFA669C8CB0A8DD7D2E ] mpsdrv C:\Windows\system32\drivers\mpsdrv.sys
19:19:09.0460 3552 mpsdrv - ok
19:19:09.0564 3552 [ D1639BA315B0D79DEC49A4B0E1FB929B ] MpsSvc C:\Windows\system32\mpssvc.dll
19:19:09.0635 3552 MpsSvc - ok
19:19:09.0679 3552 [ 4FBBB70D30FD20EC51F80061703B001E ] Mraid35x C:\Windows\system32\drivers\mraid35x.sys
19:19:09.0696 3552 Mraid35x - ok
19:19:09.0733 3552 [ AE3DE84536B6799D2267443CEC8EDBB9 ] MRxDAV C:\Windows\system32\drivers\mrxdav.sys
19:19:09.0825 3552 MRxDAV - ok
19:19:09.0861 3552 [ C4AD205530888404E2B5FC8D9319B119 ] mrxsmb C:\Windows\system32\DRIVERS\mrxsmb.sys
19:19:09.0936 3552 mrxsmb - ok
19:19:09.0974 3552 [ 0A986B34F1678A2697574D7B1664E2DD ] mrxsmb10 C:\Windows\system32\DRIVERS\mrxsmb10.sys
19:19:10.0038 3552 mrxsmb10 - ok
19:19:10.0069 3552 [ 3268B8C3FA92BFC086355C39B45E9CC9 ] mrxsmb20 C:\Windows\system32\DRIVERS\mrxsmb20.sys
19:19:10.0126 3552 mrxsmb20 - ok
19:19:10.0314 3552 [ 28023E86F17001F7CD9B15A5BC9AE07D ] msahci C:\Windows\system32\drivers\msahci.sys
19:19:10.0333 3552 msahci - ok
19:19:10.0396 3552 [ 4468B0F385A86ECDDAF8D3CA662EC0E7 ] msdsm C:\Windows\system32\drivers\msdsm.sys
19:19:10.0416 3552 msdsm - ok
19:19:10.0458 3552 [ FD7520CC3A80C5FC8C48852BB24C6DED ] MSDTC C:\Windows\System32\msdtc.exe
19:19:10.0517 3552 MSDTC - ok
19:19:10.0607 3552 [ A9927F4A46B816C92F461ACB90CF8515 ] Msfs C:\Windows\system32\drivers\Msfs.sys
19:19:10.0688 3552 Msfs - ok
19:19:10.0713 3552 [ 0F400E306F385C56317357D6DEA56F62 ] msisadrv C:\Windows\system32\drivers\msisadrv.sys
19:19:10.0731 3552 msisadrv - ok
19:19:10.0794 3552 [ 85466C0757A23D9A9AECDC0755203CB2 ] MSiSCSI C:\Windows\system32\iscsiexe.dll
19:19:10.0885 3552 MSiSCSI - ok
19:19:10.0894 3552 msiserver - ok
19:19:10.0930 3552 [ D8C63D34D9C9E56C059E24EC7185CC07 ] MSKSSRV C:\Windows\system32\drivers\MSKSSRV.sys
19:19:11.0003 3552 MSKSSRV - ok
19:19:11.0040 3552 [ 1D373C90D62DDB641D50E55B9E78D65E ] MSPCLOCK C:\Windows\system32\drivers\MSPCLOCK.sys
19:19:11.0123 3552 MSPCLOCK - ok
19:19:11.0180 3552 [ B572DA05BF4E098D4BBA3A4734FB505B ] MSPQM C:\Windows\system32\drivers\MSPQM.sys
19:19:11.0267 3552 MSPQM - ok
19:19:11.0296 3552 [ B5614AECB05A9340AA0FB55BF561CC63 ] MsRPC C:\Windows\system32\drivers\MsRPC.sys
19:19:11.0319 3552 MsRPC - ok
19:19:11.0428 3552 [ E384487CB84BE41D09711C30CA79646C ] mssmbios C:\Windows\system32\DRIVERS\mssmbios.sys
19:19:11.0446 3552 mssmbios - ok
19:19:11.0482 3552 [ 7199C1EEC1E4993CAF96B8C0A26BD58A ] MSTEE C:\Windows\system32\drivers\MSTEE.sys
19:19:11.0537 3552 MSTEE - ok
19:19:11.0648 3552 [ 67D357F2ECFDD5812857B4A5E6E6ED5F ] MTBService C:\Program Files\Carl Zeiss\MTB 2004\MTB Server Console\MTBService.exe
19:19:11.0687 3552 MTBService ( UnsignedFile.Multi.Generic ) - warning
19:19:11.0687 3552 MTBService - detected UnsignedFile.Multi.Generic (1)
19:19:11.0707 3552 [ 6DFD1D322DE55B0B7DB7D21B90BEC49C ] Mup C:\Windows\system32\Drivers\mup.sys
19:19:11.0727 3552 Mup - ok
19:19:11.0771 3552 [ C43B25863FBD65B6D2A142AF3AE320CA ] napagent C:\Windows\system32\qagentRT.dll
19:19:11.0824 3552 napagent - ok
19:19:11.0924 3552 [ 3C21CE48FF529BB73DADB98770B54025 ] NativeWifiP C:\Windows\system32\DRIVERS\nwifi.sys
19:19:11.0951 3552 NativeWifiP - ok
19:19:11.0994 3552 [ 9BDC71790FA08F0A0B5F10462B1BD0B1 ] NDIS C:\Windows\system32\drivers\ndis.sys
19:19:12.0021 3552 NDIS - ok
19:19:12.0042 3552 [ 0E186E90404980569FB449BA7519AE61 ] NdisTapi C:\Windows\system32\DRIVERS\ndistapi.sys
19:19:12.0070 3552 NdisTapi - ok
19:19:12.0088 3552 [ D6973AA34C4D5D76C0430B181C3CD389 ] Ndisuio C:\Windows\system32\DRIVERS\ndisuio.sys
19:19:12.0156 3552 Ndisuio - ok
19:19:12.0179 3552 [ 3D14C3B3496F88890D431E8AA022A411 ] NdisWan C:\Windows\system32\DRIVERS\ndiswan.sys
19:19:12.0217 3552 NdisWan - ok
19:19:12.0265 3552 [ 71DAB552B41936358F3B541AE5997FB3 ] NDProxy C:\Windows\system32\drivers\NDProxy.sys
19:19:12.0304 3552 NDProxy - ok
19:19:12.0339 3552 [ BCD093A5A6777CF626434568DC7DBA78 ] NetBIOS C:\Windows\system32\DRIVERS\netbios.sys
19:19:12.0396 3552 NetBIOS - ok
19:19:12.0433 3552 [ 7C5FEE5B1C5728507CD96FB4A13E7A02 ] netbt C:\Windows\system32\DRIVERS\netbt.sys
19:19:12.0490 3552 netbt - ok
19:19:12.0506 3552 [ A911ECAC81F94ADEAFBE8E3F7873EDB0 ] Netlogon C:\Windows\system32\lsass.exe
19:19:12.0532 3552 Netlogon - ok
19:19:12.0625 3552 [ C8052711DAECC48B982434C5116CA401 ] Netman C:\Windows\System32\netman.dll
19:19:12.0714 3552 Netman - ok
19:19:12.0749 3552 [ 2EF3BBE22E5A5ACD1428EE387A0D0172 ] netprofm C:\Windows\System32\netprofm.dll
19:19:12.0809 3552 netprofm - ok
19:19:12.0861 3552 [ 0AD5876EF4E9EB77C8F93EB5B2FFF386 ] NetTcpPortSharing C:\Windows\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\SMSvcHost.exe
19:19:12.0873 3552 NetTcpPortSharing - ok
19:19:13.0429 3552 [ 9CA26DCCF0B84A6FF2B54FBB2A94520B ] NETw5v32 C:\Windows\system32\DRIVERS\NETw5v32.sys
19:19:13.0674 3552 NETw5v32 - ok
19:19:13.0752 3552 [ 2E7FB731D4790A1BC6270ACCEFACB36E ] nfrd960 C:\Windows\system32\drivers\nfrd960.sys
19:19:13.0764 3552 nfrd960 - ok
19:19:13.0865 3552 [ 2997B15415F9BBE05B5A4C1C85E0C6A2 ] NlaSvc C:\Windows\System32\nlasvc.dll
19:19:13.0941 3552 NlaSvc - ok
19:19:14.0072 3552 [ EBA1B4BF2E2375ABDADEDB649F283541 ] NMIndexingService C:\Program Files\Common Files\Nero\Lib\NMIndexingService.exe
19:19:14.0132 3552 NMIndexingService - ok
19:19:14.0198 3552 [ ECB5003F484F9ED6C608D6D6C7886CBB ] Npfs C:\Windows\system32\drivers\Npfs.sys
19:19:14.0252 3552 Npfs - ok
19:19:14.0293 3552 [ 8BB86F0C7EEA2BDED6FE095D0B4CA9BD ] nsi C:\Windows\system32\nsisvc.dll
19:19:14.0364 3552 nsi - ok
19:19:14.0394 3552 [ 609773E344A97410CE4EBF74A8914FCF ] nsiproxy C:\Windows\system32\drivers\nsiproxy.sys
19:19:14.0443 3552 nsiproxy - ok
19:19:14.0498 3552 [ B4EFFE29EB4F15538FD8A9681108492D ] Ntfs C:\Windows\system32\drivers\Ntfs.sys
19:19:14.0542 3552 Ntfs - ok
19:19:14.0584 3552 [ E875C093AEC0C978A90F30C9E0DFBB72 ] ntrigdigi C:\Windows\system32\drivers\ntrigdigi.sys
19:19:14.0682 3552 ntrigdigi - ok
19:19:14.0695 3552 [ C5DBBCDA07D780BDA9B685DF333BB41E ] Null C:\Windows\system32\drivers\Null.sys
19:19:14.0731 3552 Null - ok
19:19:14.0803 3552 [ 2EDF9E7751554B42CBB60116DE727101 ] nvraid C:\Windows\system32\drivers\nvraid.sys
19:19:14.0816 3552 nvraid - ok
19:19:14.0857 3552 [ ABED0C09758D1D97DB0042DBB2688177 ] nvstor C:\Windows\system32\drivers\nvstor.sys
19:19:14.0870 3552 nvstor - ok
19:19:14.0895 3552 [ 18BBDF913916B71BD54575BDB6EEAC0B ] nv_agp C:\Windows\system32\drivers\nv_agp.sys
19:19:14.0909 3552 nv_agp - ok
19:19:14.0918 3552 NwlnkFlt - ok
19:19:14.0925 3552 NwlnkFwd - ok
19:19:15.0057 3552 [ E54AA592A65F317390EEE386A8821692 ] odserv C:\Program Files\Common Files\Microsoft Shared\OFFICE12\ODSERV.EXE
19:19:15.0079 3552 odserv - ok
19:19:15.0124 3552 [ BE32DA025A0BE1878F0EE8D6D9386CD5 ] ohci1394 C:\Windows\system32\drivers\ohci1394.sys
19:19:15.0218 3552 ohci1394 - ok
19:19:15.0272 3552 [ 5A432A042DAE460ABE7199B758E8606C ] ose C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE
19:19:15.0284 3552 ose - ok
19:19:15.0385 3552 [ 5DE1A3972FD3112C75EB17BDCF454169 ] p2pimsvc C:\Windows\system32\p2psvc.dll
19:19:15.0461 3552 p2pimsvc - ok
19:19:15.0477 3552 [ 5DE1A3972FD3112C75EB17BDCF454169 ] p2psvc C:\Windows\system32\p2psvc.dll
19:19:15.0510 3552 p2psvc - ok
19:19:15.0580 3552 [ 81A0921E2A3FDCF840E43AF64BF96EA2 ] PAC7302 C:\Windows\system32\DRIVERS\PAC7302.SYS
19:19:15.0650 3552 PAC7302 - ok
19:19:15.0694 3552 [ 0FA9B5055484649D63C303FE404E5F4D ] Parport C:\Windows\system32\drivers\parport.sys
19:19:15.0794 3552 Parport - ok
19:19:15.0813 3552 [ 3B38467E7C3DAED009DFE359E17F139F ] partmgr C:\Windows\system32\drivers\partmgr.sys
19:19:15.0826 3552 partmgr - ok
19:19:15.0868 3552 [ 4F9A6A8A31413180D0FCB279AD5D8112 ] Parvdm C:\Windows\system32\drivers\parvdm.sys
19:19:15.0953 3552 Parvdm - ok
19:19:16.0002 3552 [ C6276AD11F4BB49B58AA1ED88537F14A ] PcaSvc C:\Windows\System32\pcasvc.dll
19:19:16.0021 3552 PcaSvc - ok
19:19:16.0061 3552 [ 01B94418DEB235DFF777CC80076354B4 ] pci C:\Windows\system32\drivers\pci.sys
19:19:16.0076 3552 pci - ok
19:19:16.0109 3552 [ FC175F5DDAB666D7F4D17449A547626F ] pciide C:\Windows\system32\drivers\pciide.sys
19:19:16.0121 3552 pciide - ok
19:19:16.0153 3552 [ E6F3FB1B86AA519E7698AD05E58B04E5 ] pcmcia C:\Windows\system32\drivers\pcmcia.sys
19:19:16.0168 3552 pcmcia - ok
19:19:16.0196 3552 [ 5B6C11DE7E839C05248CED8825470FEF ] pcouffin C:\Windows\system32\Drivers\pcouffin.sys
19:19:16.0259 3552 pcouffin - ok
19:19:16.0315 3552 [ 6349F6ED9C623B44B52EA3C63C831A92 ] PEAUTH C:\Windows\system32\drivers\peauth.sys
19:19:16.0444 3552 PEAUTH - ok
19:19:16.0819 3552 [ B1689DF169143F57053F795390C99DB3 ] pla C:\Windows\system32\pla.dll
19:19:16.0922 3552 pla - ok
19:19:16.0954 3552 [ 78F975CB6D18265BE6F492EDB2D7BC7B ] PlugPlay C:\Windows\system32\umpnpmgr.dll
19:19:17.0020 3552 PlugPlay - ok
19:19:17.0061 3552 [ 5DE1A3972FD3112C75EB17BDCF454169 ] PNRPAutoReg C:\Windows\system32\p2psvc.dll
19:19:17.0107 3552 PNRPAutoReg - ok
19:19:17.0159 3552 [ 5DE1A3972FD3112C75EB17BDCF454169 ] PNRPsvc C:\Windows\system32\p2psvc.dll
19:19:17.0186 3552 PNRPsvc - ok
19:19:17.0286 3552 [ 47B8F37AA18B74D8C2E1BC1A7A2C8F8A ] PolicyAgent C:\Windows\System32\ipsecsvc.dll
19:19:17.0340 3552 PolicyAgent - ok
19:19:17.0398 3552 [ ECFFFAEC0C1ECD8DBC77F39070EA1DB1 ] PptpMiniport C:\Windows\system32\DRIVERS\raspptp.sys
19:19:17.0434 3552 PptpMiniport - ok
19:19:17.0455 3552 [ 2027293619DD0F047C584CF2E7DF4FFD ] Processor C:\Windows\system32\drivers\processr.sys
19:19:17.0515 3552 Processor - ok
19:19:17.0553 3552 [ B627E4FC8585E8843C5905D4D3587A90 ] ProfSvc C:\Windows\system32\profsvc.dll
19:19:17.0593 3552 ProfSvc - ok
19:19:17.0617 3552 [ A911ECAC81F94ADEAFBE8E3F7873EDB0 ] ProtectedStorage C:\Windows\system32\lsass.exe
19:19:17.0635 3552 ProtectedStorage - ok
19:19:17.0670 3552 [ BFEF604508A0ED1EAE2A73E872555FFB ] PSched C:\Windows\system32\DRIVERS\pacer.sys
19:19:17.0709 3552 PSched - ok
19:19:17.0755 3552 [ B572ED0C3E6165643FA116AF20425A54 ] PxHelp20 C:\Windows\system32\DRIVERS\PxHelp20.sys
19:19:17.0785 3552 PxHelp20 ( UnsignedFile.Multi.Generic ) - warning
19:19:17.0786 3552 PxHelp20 - detected UnsignedFile.Multi.Generic (1)
19:19:18.0182 3552 [ 0A6DB55AFB7820C99AA1F3A1D270F4F6 ] ql2300 C:\Windows\system32\drivers\ql2300.sys
19:19:18.0250 3552 ql2300 - ok
19:19:18.0283 3552 [ 81A7E5C076E59995D54BC1ED3A16E60B ] ql40xx C:\Windows\system32\drivers\ql40xx.sys
19:19:18.0303 3552 ql40xx - ok
19:19:18.0367 3552 [ E9ECAE663F47E6CB43962D18AB18890F ] QWAVE C:\Windows\system32\qwave.dll
19:19:18.0402 3552 QWAVE - ok
19:19:18.0443 3552 [ 9F5E0E1926014D17486901C88ECA2DB7 ] QWAVEdrv C:\Windows\system32\drivers\qwavedrv.sys
19:19:18.0486 3552 QWAVEdrv - ok
19:19:18.0517 3552 [ 147D7F9C556D259924351FEB0DE606C3 ] RasAcd C:\Windows\system32\DRIVERS\rasacd.sys
19:19:18.0567 3552 RasAcd - ok
19:19:18.0593 3552 [ F6A452EB4CEADBB51C9E0EE6B3ECEF0F ] RasAuto C:\Windows\System32\rasauto.dll
19:19:18.0646 3552 RasAuto - ok
19:19:18.0674 3552 [ A214ADBAF4CB47DD2728859EF31F26B0 ] Rasl2tp C:\Windows\system32\DRIVERS\rasl2tp.sys
19:19:18.0709 3552 Rasl2tp - ok
19:19:18.0773 3552 [ 6E7C284FC5C4EC07AD164D93810385A6 ] RasMan C:\Windows\System32\rasmans.dll
19:19:18.0807 3552 RasMan - ok
19:19:18.0832 3552 [ 3E9D9B048107B40D87B97DF2E48E0744 ] RasPppoe C:\Windows\system32\DRIVERS\raspppoe.sys
19:19:18.0878 3552 RasPppoe - ok
19:19:18.0911 3552 [ A7D141684E9500AC928A772ED8E6B671 ] RasSstp C:\Windows\system32\DRIVERS\rassstp.sys
19:19:18.0940 3552 RasSstp - ok
19:19:19.0048 3552 [ 6E1C5D0457622F9EE35F683110E93D14 ] rdbss C:\Windows\system32\DRIVERS\rdbss.sys
19:19:19.0101 3552 rdbss - ok
19:19:19.0147 3552 [ 89E59BE9A564262A3FB6C4F4F1CD9899 ] RDPCDD C:\Windows\system32\DRIVERS\RDPCDD.sys
19:19:19.0189 3552 RDPCDD - ok
19:19:19.0233 3552 [ FBC0BACD9C3D7F6956853F64A66E252D ] rdpdr C:\Windows\system32\DRIVERS\rdpdr.sys
19:19:19.0267 3552 rdpdr - ok
19:19:19.0273 3552 [ 9D91FE5286F748862ECFFA05F8A0710C ] RDPENCDD C:\Windows\system32\drivers\rdpencdd.sys
19:19:19.0305 3552 RDPENCDD - ok
19:19:19.0366 3552 [ E1C18F4097A5ABCEC941DC4B2F99DB7E ] RDPWD C:\Windows\system32\drivers\RDPWD.sys
19:19:19.0420 3552 RDPWD - ok
19:19:19.0456 3552 [ BCDD6B4804D06B1F7EBF29E53A57ECE9 ] RemoteAccess C:\Windows\System32\mprdim.dll
19:19:19.0498 3552 RemoteAccess - ok
19:19:19.0523 3552 [ CC4E32400F3C7253400CF8F3F3A0B676 ] RemoteRegistry C:\Windows\system32\regsvc.dll
19:19:19.0578 3552 RemoteRegistry - ok
19:19:19.0611 3552 [ 34CC78C06587718C2AD6D3AA83B1F072 ] RFCOMM C:\Windows\system32\DRIVERS\rfcomm.sys
19:19:19.0648 3552 RFCOMM - ok
19:19:19.0714 3552 [ 5123F83CBC4349D065534EEB6BBDC42B ] RpcLocator C:\Windows\system32\locator.exe
19:19:19.0767 3552 RpcLocator - ok
19:19:19.0801 3552 [ 301AE00E12408650BADDC04DBC832830 ] RpcSs C:\Windows\system32\rpcss.dll
19:19:19.0832 3552 RpcSs - ok
19:19:19.0865 3552 [ 9C508F4074A39E8B4B31D27198146FAD ] rspndr C:\Windows\system32\DRIVERS\rspndr.sys
19:19:19.0933 3552 rspndr - ok
19:19:19.0987 3552 [ BEB0AACE3330D858BBB40FFB7AAC3627 ] RTL8169 C:\Windows\system32\DRIVERS\Rtlh86.sys
19:19:20.0059 3552 RTL8169 - ok
19:19:20.0083 3552 [ A911ECAC81F94ADEAFBE8E3F7873EDB0 ] SamSs C:\Windows\system32\lsass.exe
19:19:20.0101 3552 SamSs - ok
19:19:20.0204 3552 [ 3CE8F073A557E172B330109436984E30 ] sbp2port C:\Windows\system32\drivers\sbp2port.sys
19:19:20.0217 3552 sbp2port - ok
19:19:20.0301 3552 [ 11387E32642269C7E62E8B52C060B3C6 ] SCardSvr C:\Windows\System32\SCardSvr.dll
19:19:20.0377 3552 SCardSvr - ok
19:19:20.0531 3552 [ 1D5E99DB3C10F4FA034010DC49043CA4 ] Schedule C:\Windows\system32\schedsvc.dll
19:19:20.0583 3552 Schedule - ok
19:19:20.0600 3552 [ 87C2D0377B23E2D8A41093C2F5FB1A5B ] SCPolicySvc C:\Windows\System32\certprop.dll
19:19:20.0640 3552 SCPolicySvc - ok
19:19:20.0670 3552 [ 716313D9F6B0529D03F726D5AAF6F191 ] SDRSVC C:\Windows\System32\SDRSVC.dll
19:19:20.0740 3552 SDRSVC - ok
19:19:20.0771 3552 [ 90A3935D05B494A5A39D37E71F09A677 ] secdrv C:\Windows\system32\drivers\secdrv.sys
19:19:20.0859 3552 secdrv - ok
19:19:20.0886 3552 [ FD5199D4D8A521005E4B5EE7FE00FA9B ] seclogon C:\Windows\system32\seclogon.dll
19:19:20.0934 3552 seclogon - ok
19:19:20.0954 3552 [ A9BBAB5759771E523F55563D6CBE140F ] SENS C:\Windows\System32\sens.dll
19:19:21.0008 3552 SENS - ok
19:19:21.0035 3552 [ 68E44E331D46F0FB38F0863A84CD1A31 ] Serenum C:\Windows\system32\drivers\serenum.sys
19:19:21.0100 3552 Serenum - ok
19:19:21.0242 3552 [ C70D69A918B178D3C3B06339B40C2E1B ] Serial C:\Windows\system32\drivers\serial.sys
19:19:21.0310 3552 Serial - ok
19:19:21.0404 3552 [ 8AF3D28A879BF75DB53A0EE7A4289624 ] sermouse C:\Windows\system32\drivers\sermouse.sys
19:19:21.0442 3552 sermouse - ok
19:19:21.0496 3552 [ D2193326F729B163125610DBF3E17D57 ] SessionEnv C:\Windows\system32\sessenv.dll
19:19:21.0530 3552 SessionEnv - ok
19:19:21.0553 3552 [ 3EFA810BDCA87F6ECC24F9832243FE86 ] sffdisk C:\Windows\system32\drivers\sffdisk.sys
19:19:21.0599 3552 sffdisk - ok
19:19:21.0640 3552 [ E95D451F7EA3E583AEC75F3B3EE42DC5 ] sffp_mmc C:\Windows\system32\drivers\sffp_mmc.sys
19:19:21.0680 3552 sffp_mmc - ok
19:19:21.0699 3552 [ 3D0EA348784B7AC9EA9BD9F317980979 ] sffp_sd C:\Windows\system32\drivers\sffp_sd.sys
19:19:21.0746 3552 sffp_sd - ok
19:19:21.0769 3552 [ 46ED8E91793B2E6F848015445A0AC188 ] sfloppy C:\Windows\system32\drivers\sfloppy.sys
19:19:21.0843 3552 sfloppy - ok
19:19:21.0913 3552 [ E1499BD0FF76B1B2FBBF1AF339D91165 ] SharedAccess C:\Windows\System32\ipnathlp.dll
19:19:21.0949 3552 SharedAccess - ok
19:19:21.0988 3552 [ 27F10F348E508243F6254846F8370D0D ] ShellHWDetection C:\Windows\System32\shsvcs.dll
19:19:22.0042 3552 ShellHWDetection - ok
19:19:22.0085 3552 [ 73838461F11FC7DAEE7922C945B2D74F ] SiSGbeLH C:\Windows\system32\DRIVERS\SiSGB6.sys
19:19:22.0100 3552 SiSGbeLH ( UnsignedFile.Multi.Generic ) - warning
19:19:22.0100 3552 SiSGbeLH - detected UnsignedFile.Multi.Generic (1)
19:19:22.0119 3552 [ 43CB7AA756C7DB280D01DA9B676CFDE2 ] SiSRaid2 C:\Windows\system32\drivers\sisraid2.sys
19:19:22.0130 3552 SiSRaid2 - ok
19:19:22.0165 3552 [ A99C6C8B0BAA970D8AA59DDC50B57F94 ] SiSRaid4 C:\Windows\system32\drivers\sisraid4.sys
19:19:22.0176 3552 SiSRaid4 - ok
19:19:22.0909 3552 [ 0BA91E1358AD25236863039BB2609A2E ] slsvc C:\Windows\system32\SLsvc.exe
19:19:23.0496 3552 slsvc - ok
19:19:23.0600 3552 [ 7C6DC44CA0BFA6291629AB764200D1D4 ] SLUINotify C:\Windows\system32\SLUINotify.dll
19:19:23.0639 3552 SLUINotify - ok
19:19:23.0671 3552 [ 031E6BCD53C9B2B9ACE111EAFEC347B6 ] Smb C:\Windows\system32\DRIVERS\smb.sys
19:19:23.0725 3552 Smb - ok
19:19:23.0955 3552 [ 5E62BA073C90E6C9D4EA199D6080F919 ] smserial C:\Windows\system32\DRIVERS\smserial.sys
19:19:24.0047 3552 smserial - ok
19:19:24.0106 3552 [ 2A146A055B4401C16EE62D18B8E2A032 ] SNMPTRAP C:\Windows\System32\snmptrap.exe
19:19:24.0134 3552 SNMPTRAP - ok
19:19:24.0719 3552 [ 4B0E6DFE7905DB8CB7318C0D23ABC4EA ] SNPSTD3 C:\Windows\system32\DRIVERS\snpstd3.sys
19:19:25.0150 3552 SNPSTD3 - ok
19:19:25.0184 3552 [ 7AEBDEEF071FE28B0EEF2CDD69102BFF ] spldr C:\Windows\system32\drivers\spldr.sys
19:19:25.0194 3552 spldr - ok
19:19:25.0250 3552 [ 846CDF9A3CF4DA9B306ADFB7D55EE4C2 ] Spooler C:\Windows\System32\spoolsv.exe
19:19:25.0285 3552 Spooler - ok
19:19:25.0388 3552 [ A80CD850D69D996C832BEA37E3A6AA1E ] sptd C:\Windows\System32\Drivers\sptd.sys
19:19:25.0417 3552 sptd - ok
19:19:25.0460 3552 [ 73DDDBEEC61E78568082916A27AADAEE ] srv C:\Windows\system32\DRIVERS\srv.sys
19:19:25.0527 3552 srv - ok
19:19:25.0568 3552 [ 4CEEB95E0B79E48B81F2DA0A6C24C64B ] srv2 C:\Windows\system32\DRIVERS\srv2.sys
19:19:25.0606 3552 srv2 - ok
19:19:25.0649 3552 [ F63A0A58AAFE34D7A1A0A74ABCCDD9C0 ] srvnet C:\Windows\system32\DRIVERS\srvnet.sys
19:19:25.0707 3552 srvnet - ok
19:19:25.0760 3552 [ 03D50B37234967433A5EA5BA72BC0B62 ] SSDPSRV C:\Windows\System32\ssdpsrv.dll
19:19:25.0800 3552 SSDPSRV - ok
19:19:25.0829 3552 [ 6F1A32E7B7B30F004D9A20AFADB14944 ] SstpSvc C:\Windows\system32\sstpsvc.dll
19:19:25.0863 3552 SstpSvc - ok
19:19:25.0898 3552 [ 7DD08A597BC56051F320DA0BAF69E389 ] stisvc C:\Windows\System32\wiaservc.dll
19:19:25.0977 3552 stisvc - ok
19:19:26.0035 3552 [ 7BA58ECF0C0A9A69D44B3DCA62BECF56 ] swenum C:\Windows\system32\DRIVERS\swenum.sys
19:19:26.0047 3552 swenum - ok
19:19:26.0106 3552 [ B36C7CDB86F7F7A8E884479219766950 ] swprv C:\Windows\System32\swprv.dll
19:19:26.0166 3552 swprv - ok
19:19:26.0210 3552 [ 192AA3AC01DF071B541094F251DEED10 ] Symc8xx C:\Windows\system32\drivers\symc8xx.sys
19:19:26.0221 3552 Symc8xx - ok
19:19:26.0240 3552 [ 8C8EB8C76736EBAF3B13B633B2E64125 ] Sym_hi C:\Windows\system32\drivers\sym_hi.sys
19:19:26.0251 3552 Sym_hi - ok
19:19:26.0278 3552 [ 8072AF52B5FD103BBBA387A1E49F62CB ] Sym_u3 C:\Windows\system32\drivers\sym_u3.sys
19:19:26.0290 3552 Sym_u3 - ok
19:19:26.0323 3552 [ 8710A92D0024B03B5FB9540DF1F71F1D ] SysMain C:\Windows\system32\sysmain.dll
19:19:26.0380 3552 SysMain - ok
19:19:26.0425 3552 [ 2DCA225EAE15F42C0933E998EE0231C3 ] TabletInputService C:\Windows\System32\TabSvc.dll
19:19:26.0458 3552 TabletInputService - ok
19:19:26.0490 3552 [ 680916BB09EE0F3A6ACA7C274B0D633F ] TapiSrv C:\Windows\System32\tapisrv.dll
19:19:26.0524 3552 TapiSrv - ok
19:19:26.0550 3552 [ CB05822CD9CC6C688168E113C603DBE7 ] TBS C:\Windows\System32\tbssvc.dll
19:19:26.0599 3552 TBS - ok
19:19:26.0654 3552 [ 8A7AD2A214233F684242F289ED83EBC3 ] Tcpip C:\Windows\system32\drivers\tcpip.sys
19:19:26.0690 3552 Tcpip - ok
19:19:26.0709 3552 [ 8A7AD2A214233F684242F289ED83EBC3 ] Tcpip6 C:\Windows\system32\DRIVERS\tcpip.sys
19:19:26.0746 3552 Tcpip6 - ok
19:19:26.0806 3552 [ D4A2E4A4B011F3A883AF77315A5AE76B ] tcpipreg C:\Windows\system32\drivers\tcpipreg.sys
19:19:26.0863 3552 tcpipreg - ok
19:19:26.0890 3552 [ 5DCF5E267BE67A1AE926F2DF77FBCC56 ] TDPIPE C:\Windows\system32\drivers\tdpipe.sys
19:19:26.0961 3552 TDPIPE - ok
19:19:26.0997 3552 [ 389C63E32B3CEFED425B61ED92D3F021 ] TDTCP C:\Windows\system32\drivers\tdtcp.sys
19:19:27.0066 3552 TDTCP - ok
19:19:27.0094 3552 [ D09276B1FAB033CE1D40DCBDF303D10F ] tdx C:\Windows\system32\DRIVERS\tdx.sys
19:19:27.0143 3552 tdx - ok
19:19:27.0210 3552 [ A048056F5E1A96A9BF3071B91741A5AA ] TermDD C:\Windows\system32\DRIVERS\termdd.sys
19:19:27.0223 3552 TermDD - ok
19:19:27.0272 3552 [ D605031E225AACCBCEB5B76A4F1603A6 ] TermService C:\Windows\System32\termsrv.dll
19:19:27.0343 3552 TermService - ok
19:19:27.0377 3552 [ 27F10F348E508243F6254846F8370D0D ] Themes C:\Windows\system32\shsvcs.dll
19:19:27.0420 3552 Themes - ok
19:19:27.0461 3552 [ 1076FFCFFAAE8385FD62DFCB25AC4708 ] THREADORDER C:\Windows\system32\mmcss.dll
19:19:27.0500 3552 THREADORDER - ok
19:19:27.0533 3552 [ EC74E77D0EB004BD3A809B5F8FB8C2CE ] TrkWks C:\Windows\System32\trkwks.dll
19:19:27.0608 3552 TrkWks - ok
19:19:27.0682 3552 [ 16613A1BAD034D4ECF957AF18B7C2FF5 ] TrustedInstaller C:\Windows\servicing\TrustedInstaller.exe
19:19:27.0740 3552 TrustedInstaller - ok
19:19:27.0795 3552 [ DCF0F056A2E4F52287264F5AB29CF206 ] tssecsrv C:\Windows\system32\DRIVERS\tssecsrv.sys
19:19:27.0868 3552 tssecsrv - ok
19:19:27.0911 3552 [ CAECC0120AC49E3D2F758B9169872D38 ] tunmp C:\Windows\system32\DRIVERS\tunmp.sys
19:19:27.0939 3552 tunmp - ok
19:19:27.0986 3552 [ 119B8184E106BAEDC83FCE5DDF3950DA ] tunnel C:\Windows\system32\DRIVERS\tunnel.sys
19:19:28.0039 3552 tunnel - ok
19:19:28.0062 3552 [ 7D33C4DB2CE363C8518D2DFCF533941F ] uagp35 C:\Windows\system32\DRIVERS\uagp35.sys
19:19:28.0075 3552 uagp35 - ok
19:19:28.0098 3552 [ 8B5088058FA1D1CD897A2113CCFF6C58 ] udfs C:\Windows\system32\DRIVERS\udfs.sys
19:19:28.0138 3552 udfs - ok
19:19:28.0203 3552 [ ECEF404F62863755951E09C802C94AD5 ] UI0Detect C:\Windows\system32\UI0Detect.exe
19:19:28.0244 3552 UI0Detect - ok
19:19:28.0300 3552 [ B0ACFDC9E4AF279E9116C03E014B2B27 ] uliagpkx C:\Windows\system32\drivers\uliagpkx.sys
19:19:28.0313 3552 uliagpkx - ok
19:19:28.0368 3552 [ 9224BB254F591DE4CA8D572A5F0D635C ] uliahci C:\Windows\system32\drivers\uliahci.sys
19:19:28.0386 3552 uliahci - ok
19:19:28.0426 3552 [ 8514D0E5CD0534467C5FC61BE94A569F ] UlSata C:\Windows\system32\drivers\ulsata.sys
19:19:28.0439 3552 UlSata - ok
19:19:28.0512 3552 [ 38C3C6E62B157A6BC46594FADA45C62B ] ulsata2 C:\Windows\system32\drivers\ulsata2.sys
19:19:28.0526 3552 ulsata2 - ok
19:19:28.0654 3552 [ 32CFF9F809AE9AED85464492BF3E32D2 ] umbus C:\Windows\system32\DRIVERS\umbus.sys
19:19:28.0741 3552 umbus - ok
19:19:28.0845 3552 [ 909795B5B15047D9331F3D6B276B3993 ] UmRdpService C:\Windows\System32\umrdp.dll
19:19:28.0914 3552 UmRdpService - ok
19:19:28.0966 3552 [ 68308183F4AE0BE7BF8ECD07CB297999 ] upnphost C:\Windows\System32\upnphost.dll
19:19:29.0043 3552 upnphost - ok
19:19:29.0108 3552 [ 292A25BB75A568AE2C67169BA2C6365A ] usbaudio C:\Windows\system32\drivers\usbaudio.sys
19:19:29.0200 3552 usbaudio - ok
19:19:29.0237 3552 [ CAF811AE4C147FFCD5B51750C7F09142 ] usbccgp C:\Windows\system32\DRIVERS\usbccgp.sys
19:19:29.0280 3552 usbccgp - ok
19:19:29.0367 3552 [ E9476E6C486E76BC4898074768FB7131 ] usbcir C:\Windows\system32\drivers\usbcir.sys
19:19:29.0468 3552 usbcir - ok
19:19:29.0490 3552 [ CEBE90821810E76320155BEBA722FCF9 ] usbehci C:\Windows\system32\DRIVERS\usbehci.sys
19:19:29.0527 3552 usbehci - ok
19:19:29.0592 3552 [ CC6B28E4CE39951357963119CE47B143 ] usbhub C:\Windows\system32\DRIVERS\usbhub.sys
19:19:29.0636 3552 usbhub - ok
19:19:29.0661 3552 [ 7BDB7B0E7D45AC0402D78B90789EF47C ] usbohci C:\Windows\system32\DRIVERS\usbohci.sys
19:19:29.0705 3552 usbohci - ok
19:19:29.0739 3552 [ E75C4B5269091D15A2E7DC0B6D35F2F5 ] usbprint C:\Windows\system32\DRIVERS\usbprint.sys
19:19:29.0768 3552 usbprint - ok
19:19:29.0831 3552 [ 87BA6B83C5D19B69160968D07D6E2982 ] USBSTOR C:\Windows\system32\DRIVERS\USBSTOR.SYS
19:19:29.0875 3552 USBSTOR - ok
19:19:29.0906 3552 [ 814D653EFC4D48BE3B04A307ECEFF56F ] usbuhci C:\Windows\system32\DRIVERS\usbuhci.sys
19:19:29.0944 3552 usbuhci - ok
19:19:29.0978 3552 [ E67998E8F14CB0627A769F6530BCB352 ] usbvideo C:\Windows\system32\Drivers\usbvideo.sys
19:19:30.0011 3552 usbvideo - ok
19:19:30.0044 3552 [ 032A0ACC3909AE7215D524E29D536797 ] UxSms C:\Windows\System32\uxsms.dll
19:19:30.0077 3552 UxSms - ok
19:19:30.0109 3552 [ B13BC395B9D6116628F5AF47E0802AC4 ] vds C:\Windows\System32\vds.exe
19:19:30.0165 3552 vds - ok
19:19:30.0214 3552 [ 87B06E1F30B749A114F74622D013F8D4 ] vga C:\Windows\system32\DRIVERS\vgapnp.sys
19:19:30.0251 3552 vga - ok
19:19:30.0277 3552 [ 2E93AC0A1D8C79D019DB6C51F036636C ] VgaSave C:\Windows\System32\drivers\vga.sys
19:19:30.0313 3552 VgaSave - ok
19:19:30.0441 3552 [ 5D7159DEF58A800D5781BA3A879627BC ] viaagp C:\Windows\system32\drivers\viaagp.sys
19:19:30.0454 3552 viaagp - ok
19:19:30.0477 3552 [ C4F3A691B5BAD343E6249BD8C2D45DEE ] ViaC7 C:\Windows\system32\drivers\viac7.sys
19:19:30.0515 3552 ViaC7 - ok
19:19:30.0530 3552 [ AADF5587A4063F52C2C3FED7887426FC ] viaide C:\Windows\system32\drivers\viaide.sys
19:19:30.0543 3552 viaide - ok
19:19:30.0560 3552 [ 69503668AC66C77C6CD7AF86FBDF8C43 ] volmgr C:\Windows\system32\drivers\volmgr.sys
19:19:30.0573 3552 volmgr - ok
19:19:30.0595 3552 [ 98F5FFE6316BD74E9E2C97206C190196 ] volmgrx C:\Windows\system32\drivers\volmgrx.sys
19:19:30.0614 3552 volmgrx - ok
19:19:30.0629 3552 [ D8B4A53DD2769F226B3EB374374987C9 ] volsnap C:\Windows\system32\drivers\volsnap.sys
19:19:30.0647 3552 volsnap - ok
19:19:30.0680 3552 [ 587253E09325E6BF226B299774B728A9 ] vsmraid C:\Windows\system32\drivers\vsmraid.sys
19:19:30.0694 3552 vsmraid - ok
19:19:30.0757 3552 [ D5FB73D19C46ADE183F968E13F186B23 ] VSS C:\Windows\system32\vssvc.exe
19:19:30.0876 3552 VSS - ok
19:19:30.0913 3552 [ 1CF9206966A8458CDA9A8B20DF8AB7D3 ] W32Time C:\Windows\system32\w32time.dll
19:19:30.0995 3552 W32Time - ok
19:19:31.0026 3552 [ 48DFEE8F1AF7C8235D4E626F0C4FE031 ] WacomPen C:\Windows\system32\drivers\wacompen.sys
19:19:31.0144 3552 WacomPen - ok
19:19:31.0179 3552 [ 55201897378CCA7AF8B5EFD874374A26 ] Wanarp C:\Windows\system32\DRIVERS\wanarp.sys
19:19:31.0221 3552 Wanarp - ok
19:19:31.0229 3552 [ 55201897378CCA7AF8B5EFD874374A26 ] Wanarpv6 C:\Windows\system32\DRIVERS\wanarp.sys
19:19:31.0272 3552 Wanarpv6 - ok
19:19:31.0326 3552 [ F0E594DD07B2163DF9F5D5B6B471DDFA ] wbengine C:\Windows\system32\wbengine.exe
19:19:31.0407 3552 wbengine - ok
19:19:31.0456 3552 [ F3A5C2E1A6533192B070D06ECF6BE796 ] wcncsvc C:\Windows\System32\wcncsvc.dll
19:19:31.0512 3552 wcncsvc - ok
19:19:31.0538 3552 [ 11BCB7AFCDD7AADACB5746F544D3A9C7 ] WcsPlugInService C:\Windows\System32\WcsPlugInService.dll
19:19:31.0588 3552 WcsPlugInService - ok
19:19:31.0627 3552 [ 78FE9542363F297B18C027B2D7E7C07F ] Wd C:\Windows\system32\drivers\wd.sys
19:19:31.0639 3552 Wd - ok
19:19:31.0679 3552 [ B6F0A7AD6D4BD325FBCD8BAC96CD8D96 ] Wdf01000 C:\Windows\system32\drivers\Wdf01000.sys
19:19:31.0716 3552 Wdf01000 - ok
19:19:31.0750 3552 [ ABFC76B48BB6C96E3338D8943C5D93B5 ] WdiServiceHost C:\Windows\system32\wdi.dll
19:19:31.0798 3552 WdiServiceHost - ok
19:19:31.0804 3552 [ ABFC76B48BB6C96E3338D8943C5D93B5 ] WdiSystemHost C:\Windows\system32\wdi.dll
19:19:31.0837 3552 WdiSystemHost - ok
19:19:31.0876 3552 [ CF9A5F41789B642DB967021DE06A2713 ] WebClient C:\Windows\System32\webclnt.dll
19:19:31.0906 3552 WebClient - ok
19:19:31.0933 3552 [ 905214925A88311FCE52F66153DE7610 ] Wecsvc C:\Windows\system32\wecsvc.dll
19:19:31.0965 3552 Wecsvc - ok
19:19:31.0997 3552 [ 670FF720071ED741206D69BD995EA453 ] wercplsupport C:\Windows\System32\wercplsupport.dll
19:19:32.0022 3552 wercplsupport - ok
19:19:32.0048 3552 [ FD1965AAA112C6818A30AB02742D0461 ] WerSvc C:\Windows\System32\WerSvc.dll
19:19:32.0102 3552 WerSvc - ok
19:19:32.0164 3552 [ 4575AA12561C5648483403541D0D7F2B ] WinDefend C:\Program Files\Windows Defender\mpsvc.dll
19:19:32.0181 3552 WinDefend - ok
19:19:32.0189 3552 WinHttpAutoProxySvc - ok
19:19:32.0285 3552 [ 00B79A7C984678F24CF052E5BEB3A2F5 ] Winmgmt C:\Windows\system32\wbem\WMIsvc.dll
19:19:32.0318 3552 Winmgmt - ok
19:19:32.0365 3552 [ 20FC93FDC916843CFDFCAA7A1B0DB16F ] WinRM C:\Windows\system32\WsmSvc.dll
19:19:32.0449 3552 WinRM - ok
19:19:32.0533 3552 [ 275F4346E569DF56CFB95243BD6F6FF0 ] Wlansvc C:\Windows\System32\wlansvc.dll
19:19:32.0630 3552 Wlansvc - ok
19:19:32.0666 3552 [ 2E7255D172DF0B8283CDFB7B433B864E ] WmiAcpi C:\Windows\system32\drivers\wmiacpi.sys
19:19:32.0710 3552 WmiAcpi - ok
19:19:32.0750 3552 [ ABA4CF9F856D9A3A25F4DDD7690A6E9D ] wmiApSrv C:\Windows\system32\wbem\WmiApSrv.exe
19:19:32.0797 3552 wmiApSrv - ok
19:19:32.0884 3552 [ 3978704576A121A9204F8CC49A301A9B ] WMPNetworkSvc C:\Program Files\Windows Media Player\wmpnetwk.exe
19:19:32.0963 3552 WMPNetworkSvc - ok
19:19:33.0009 3552 [ 396D406292B0CD26E3504FFE82784702 ] WPDBusEnum C:\Windows\system32\wpdbusenum.dll
19:19:33.0046 3552 WPDBusEnum - ok
19:19:33.0090 3552 [ 0CEC23084B51B8288099EB710224E955 ] WpdUsb C:\Windows\system32\DRIVERS\wpdusb.sys
19:19:33.0138 3552 WpdUsb - ok
19:19:33.0182 3552 [ E3A3CB253C0EC2494D4A61F5E43A389C ] ws2ifsl C:\Windows\system32\drivers\ws2ifsl.sys
19:19:33.0237 3552 ws2ifsl - ok
19:19:33.0271 3552 [ 683DD16B590372F2C9661D277F35E49C ] wscsvc C:\Windows\System32\wscsvc.dll
19:19:33.0301 3552 wscsvc - ok
19:19:33.0311 3552 WSearch - ok
19:19:33.0422 3552 [ 6298277B73C77FA99106B271A7525163 ] wuauserv C:\Windows\system32\wuaueng.dll
19:19:33.0487 3552 wuauserv - ok
19:19:33.0532 3552 [ AC13CB789D93412106B0FB6C7EB2BCB6 ] WUDFRd C:\Windows\system32\DRIVERS\WUDFRd.sys
19:19:33.0588 3552 WUDFRd - ok
19:19:33.0627 3552 [ 575A4190D989F64732119E4114045A4F ] wudfsvc C:\Windows\System32\WUDFSvc.dll
19:19:33.0671 3552 wudfsvc - ok
19:19:33.0685 3552 ================ Scan global ===============================
19:19:33.0755 3552 [ F31EEBC1A1C81FD04005489CC3DCDFE7 ] C:\Windows\system32\basesrv.dll
19:19:33.0810 3552 [ 8B05FAF8603E6FDE90C5B103761CC3F6 ] C:\Windows\system32\winsrv.dll
19:19:33.0825 3552 [ 8B05FAF8603E6FDE90C5B103761CC3F6 ] C:\Windows\system32\winsrv.dll
19:19:33.0893 3552 [ 2B336AB6286D6C81FA02CBAB914E3C6C ] C:\Windows\system32\services.exe
19:19:33.0898 3552 [Global] - ok
19:19:33.0899 3552 ================ Scan MBR ==================================
19:19:33.0944 3552 [ 5C616939100B85E558DA92B899A0FC36 ] \Device\Harddisk0\DR0
19:19:35.0038 3552 \Device\Harddisk0\DR0 - ok
19:19:35.0038 3552 ================ Scan VBR ==================================
19:19:35.0074 3552 [ 51F0663EB817D9EA379A36B9516D6875 ] \Device\Harddisk0\DR0\Partition1
19:19:35.0076 3552 \Device\Harddisk0\DR0\Partition1 - ok
19:19:35.0077 3552 ============================================================
19:19:35.0077 3552 Scan finished
19:19:35.0077 3552 ============================================================
19:19:35.0090 5796 Detected object count: 4
19:19:35.0090 5796 Actual detected object count: 4
19:20:28.0033 5796 Adobe LM Service ( UnsignedFile.Multi.Generic ) - skipped by user
19:20:28.0033 5796 Adobe LM Service ( UnsignedFile.Multi.Generic ) - User select action: Skip
19:20:28.0037 5796 MTBService ( UnsignedFile.Multi.Generic ) - skipped by user
19:20:28.0037 5796 MTBService ( UnsignedFile.Multi.Generic ) - User select action: Skip
19:20:28.0041 5796 PxHelp20 ( UnsignedFile.Multi.Generic ) - skipped by user
19:20:28.0042 5796 PxHelp20 ( UnsignedFile.Multi.Generic ) - User select action: Skip
19:20:28.0047 5796 SiSGbeLH ( UnsignedFile.Multi.Generic ) - skipped by user
19:20:28.0047 5796 SiSGbeLH ( UnsignedFile.Multi.Generic ) - User select action: Skip

Mit besten Grüßen,
Ichauch33

markusg · 18.01.2013, 20:25

Hi
combofix:

Combofix darf ausschließlich ausgeführt werden, wenn dies von einem Team Mitglied angewiesen wurde!
Es sollte nie auf eigene Initiative hin ausgeführt werden! Eine falsche Benutzung kann ernsthafte Computerprobleme nach sich
ziehen und eine Bereinigung der Infektion noch erschweren.

Downloade dir bitte Combofix von einem dieser Downloadspiegel

Link 1
Link 2

WICHTIG - Speichere Combofix auf deinem Desktop

Deaktiviere bitte all deine Anti Viren sowie Anti Malware/Spyware Scanner. Diese können Combofix bei der Arbeit stören.

Starte die Combofix.exe und folge den Anweisungen auf dem Bildschirm.

Wenn Combofix fertig ist, wird es eine Logfile erstellen. Bitte poste die C:\Combofix.txt in deiner nächsten Antwort.

Hinweis: Solltest du nach dem Neustart folgende Fehlermeldung erhalten

Zitat:

Es wurde versucht, einen Registrierungsschlüssel einem ungültigen Vorgang zu unterziehen, der zum Löschen markiert wurde.

starte den Rechner einfach neu. Dies sollte das Problem beheben.

Ichauch33 · 20.01.2013, 23:36

Guten Abend markusg,

hier ist die log von Combofix:

Combofix Logfile:

Code:

ATTFilter

ComboFix 13-01-17.04 - Ich Bin 20.01.2013  22:07:40.1.2 - x86
Microsoft® Windows Vista™ Business   6.0.6001.1.1252.49.1031.18.2038.467 [GMT 0:00]
ausgeführt von:: c:\users\Ich Bin\Desktop\ComboFix.exe
AV: AVG Anti-Virus Free *Enabled/Updated* {5A2746B1-DEE9-F85A-FBCD-ADB11639C5F0}
SP: AVG Anti-Virus Free *Enabled/Updated* {E146A755-F8D3-F7D4-C17D-96C36DBE8F4D}
SP: Windows Defender *Disabled/Outdated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
.
((((((((((((((((((((((((((((((((((((   Weitere Löschungen   ))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\$recycle.bin\S-1-5-21-3509579489-2948434394-1017136975-1000\$07fab65bea1a9ad814e2bb9987383268\@
c:\$recycle.bin\S-1-5-21-3509579489-2948434394-1017136975-1000\$07fab65bea1a9ad814e2bb9987383268\U\00000001.@
c:\$recycle.bin\S-1-5-21-3509579489-2948434394-1017136975-1000\$07fab65bea1a9ad814e2bb9987383268\U\80000000.@
c:\$recycle.bin\S-1-5-21-3509579489-2948434394-1017136975-1000\$07fab65bea1a9ad814e2bb9987383268\U\800000cb.@
C:\install.exe
c:\programdata\0AAA1000sm.pad
c:\programdata\4393C220sm.pad
c:\programdata\doeR23dF.exe.b
c:\users\Ich Bin\AppData\Roaming\inst.exe
c:\windows\IsUn0407.exe
.
Infizierte Kopie von c:\windows\system32\Drivers\atapi.sys wurde gefunden und desinfiziert 
Kopie von - c:\windows\SoftwareDistribution\Download\cde11068f5b77b180111333ef9781925\x86_mshdc.inf_31bf3856ad364e35_6.0.6002.18005_none_df23a1261eab99e8\atapi.sys wurde wiederhergestellt 
.
.
(((((((((((((((((((((((   Dateien erstellt von 2012-12-20 bis 2013-01-20  ))))))))))))))))))))))))))))))
.
.
2013-01-20 22:16 . 2013-01-20 22:16	--------	d-----w-	c:\users\Default\AppData\Local\temp
2013-01-19 13:47 . 2013-01-19 13:47	74136	----a-w-	c:\program files\Mozilla Firefox\breakpadinjector.dll
2013-01-19 13:46 . 2013-01-19 13:46	96664	----a-w-	c:\program files\Mozilla Firefox\webapprt-stub.exe
2013-01-19 13:46 . 2013-01-19 13:46	157712	----a-w-	c:\program files\Mozilla Firefox\webapp-uninstaller.exe
2013-01-17 13:51 . 2013-01-17 14:06	--------	d-----w-	C:\_OTL
2013-01-15 20:51 . 2013-01-15 20:51	100352	----a-w-	C:\uwddapow.sys
2013-01-12 20:52 . 2013-01-20 18:23	--------	d-----r-	c:\users\Ich Bin\Dropbox
2013-01-12 20:50 . 2013-01-12 20:50	--------	d-----w-	c:\program files\Dropbox
2013-01-12 20:49 . 2013-01-20 20:07	--------	d-----w-	c:\users\Ich Bin\AppData\Roaming\Dropbox
2013-01-11 10:07 . 2013-01-11 10:07	--------	d-----w-	c:\users\Ich Bin\AppData\Roaming\Strongvault
2013-01-11 10:06 . 2013-01-11 10:06	--------	d-----w-	c:\users\Ich Bin\AppData\Local\Stronghold_LLC
2013-01-11 10:06 . 2013-01-12 09:06	--------	d-sh--w-	c:\windows\system32\AI_RecycleBin
2013-01-11 10:05 . 2013-01-12 09:13	--------	d-----w-	c:\program files\SweetIM
2013-01-11 10:05 . 2013-01-12 09:14	--------	d-----w-	c:\programdata\Tarma Installer
2013-01-11 10:05 . 2013-01-11 10:05	--------	d-----w-	c:\program files\Yontoo
.
.
.
((((((((((((((((((((((((((((((((((((   Find3M Bericht   ))))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2012-12-14 16:49 . 2012-12-02 09:22	21104	----a-w-	c:\windows\system32\drivers\mbam.sys
2013-01-19 13:47 . 2012-06-16 22:53	262552	----a-w-	c:\program files\mozilla firefox\components\browsercomps.dll
.
.
((((((((((((((((((((((((((((   Autostartpunkte der Registrierung   ))))))))))))))))))))))))))))))))))))))))
.
.
*Hinweis* leere Einträge & legitime Standardeinträge werden nicht angezeigt. 
REGEDIT4
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt1]
@="{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}]
2012-11-13 23:32	129272	----a-w-	c:\users\Ich Bin\AppData\Roaming\Dropbox\bin\DropboxExt.17.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt2]
@="{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}]
2012-11-13 23:32	129272	----a-w-	c:\users\Ich Bin\AppData\Roaming\Dropbox\bin\DropboxExt.17.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt3]
@="{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}]
2012-11-13 23:32	129272	----a-w-	c:\users\Ich Bin\AppData\Roaming\Dropbox\bin\DropboxExt.17.dll
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SpybotSD TeaTimer"="c:\program files\Spybot - Search & Destroy\TeaTimer.exe" [2009-03-05 2260480]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"RtHDVCpl"="c:\program files\Realtek\Audio\HDA\RtHDVCpl.exe" [2009-02-18 6793760]
"SMSERIAL"="c:\program files\Motorola\SMSERIAL\sm56hlpr.exe" [2008-06-11 1454080]
"snpstd3"="c:\windows\vsnpstd3.exe" [2007-05-10 835584]
"FreePDF Assistant"="c:\program files\FreePDF_XP\fpassist.exe" [2011-02-23 371200]
"PAC7302_Monitor"="c:\windows\PixArt\PAC7302\Monitor.exe" [2006-11-03 319488]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce]
"AvgUninstallURL"="start hxxp://www.avg.de/de.special-uninstallation-feedback-appf?lic=OQBBAFYARgBSAEUARQAtAFYAMwBaAEMAOQAtAEUASwBBAFIAUwAtADYAUgBXAEcAQQAtAEEAQQBUAEMAVQAtAFYAUAA5AEYATgA&inst=NwA3AC0ANAA0ADIAMQA2ADEAMAAxADMALQBUADUALQBCAEEAUgA5AEcAKwAxAC0ARgBMACsAOQAtAEYAOQBNADYAKwAxAC0AWABPADMANgArADEALQBGADkATQA3AEMAKwA1AC0AWABPADkAKwAxAC0ARgA5AE0AMwArADEALQBEAEQAVAArADEANAA0ADQALQBEAEQAOQAwAEYAKwAxAC0AUwBUADkAMABGAEEAUABQACsAMQAtAEYAOQAwAE0AMQAyAFIAKwAxAC0AVgBJAFAAMQAyACsAMQA&prod=90&ver=9.0.894" [?]
.
c:\users\Ich Bin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
Dropbox.lnk - c:\users\Ich Bin\AppData\Roaming\Dropbox\bin\Dropbox.exe [2013-1-4 28539232]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"EnableUIADesktopToggle"= 0 (0x0)
.
[HKLM\~\startupfolder\C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^Adobe Gamma Loader.lnk]
path=c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\Adobe Gamma Loader.lnk
backup=c:\windows\pss\Adobe Gamma Loader.lnk.CommonStartup
backupExtension=.CommonStartup
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe Reader Speed Launcher]
2008-01-11 20:16	39792	----a-w-	c:\program files\Adobe\Reader 8.0\Reader\reader_sl.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\GrooveMonitor]
2007-08-24 06:00	33648	----a-w-	c:\program files\Microsoft Office\Office12\GrooveMonitor.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\IndxStoreSvr_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}]
2008-02-28 16:07	1828136	----a-w-	c:\program files\Common Files\Nero\Lib\NMIndexStoreSvr.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]
2009-11-13 14:32	77824	----a-w-	c:\program files\QuickTime\qttask.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Sidebar]
2008-01-21 02:23	1233920	----a-w-	c:\program files\Windows Sidebar\sidebar.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\WMPNSCFG]
2008-01-21 02:25	202240	----a-w-	c:\program files\Windows Media Player\wmpnscfg.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run-]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
"IgfxTray"=c:\windows\system32\igfxtray.exe
"Persistence"=c:\windows\system32\igfxpers.exe
"HotKeysCmds"=c:\windows\system32\hkcmd.exe
"tsnpstd3"=c:\windows\tsnpstd3.exe
.
--- Andere Dienste/Treiber im Speicher ---
.
*NewlyCreated* - WS2IFSL
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
LocalServiceNoNetwork	REG_MULTI_SZ   	PLA DPS BFE mpssvc
bthsvcs	REG_MULTI_SZ   	BthServ
.
.
------- Zusätzlicher Suchlauf -------
.
uStart Page = hxxp://home.sweetim.com/?crg=3.1010000.00000&barid={7353287F-5BD6-11E2-BBDE-00030D8B75B9}
mStart Page = hxxp://home.sweetim.com/?crg=3.1010000.00000&barid={7353287F-5BD6-11E2-BBDE-00030D8B75B9}
IE: An vorhandene PDF-Datei anfügen
IE: Linkziel an vorhandene PDF-Datei anhängen
IE: Linkziel in Adobe PDF konvertieren
IE: Nach Microsoft E&xel exportieren - c:\progra~1\MICROS~1\Office12\EXCEL.EXE/3000
TCP: DhcpNameServer = 192.168.1.254
FF - ProfilePath - c:\users\Ich Bin\AppData\Roaming\Mozilla\Firefox\Profiles\82vw39de.default\
FF - prefs.js: browser.startup.homepage - hxxp://www.google.de/
FF - prefs.js: keyword.URL - hxxp://search.conduit.com/ResultsExt.aspx?SSPV=FFSB10&ctid=CT2736476&SearchSource=2&q=
FF - user.js: network.cookie.cookieBehavior - 0
FF - user.js: privacy.clearOnShutdown.cookies - false
FF - user.js: security.warn_viewing_mixed - false
FF - user.js: security.warn_viewing_mixed.show_once - false
FF - user.js: security.warn_submit_insecure - false
FF - user.js: security.warn_submit_insecure.show_once - false
FF - user.js: extentions.y2layers.installId - f0dbe485-69f0-4c82-a57c-da9204b03614
FF - user.js: extentions.y2layers.defaultEnableAppsList - BestVideoDownloader
.
- - - - Entfernte verwaiste Registrierungseinträge - - - -
.
Toolbar-Locked - (no file)
HKLM-Run-SMessaging - c:\users\Ich Bin\AppData\Local\Strongvault Online Backup\SMessaging.exe
MSConfigStartUp-AppVodBurner - c:\program files\VodBurner\vodburner.exe
MSConfigStartUp-HP Component Manager - c:\program files\HP\hpcoretech\hpcmpmgr.exe
MSConfigStartUp-HP Software Update - c:\program files\Hewlett-Packard\HP Software Update\HPWuSchd.exe
.
.
.
**************************************************************************
.
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, hxxp://www.gmer.net
Rootkit scan 2013-01-20 22:19
Windows 6.0.6001 Service Pack 1 NTFS
.
Scanne versteckte Prozesse... 
.
Scanne versteckte Autostarteinträge... 
.
Scanne versteckte Dateien... 
.
Scan erfolgreich abgeschlossen
versteckte Dateien: 0
.
**************************************************************************
.
--------------------- Gesperrte Registrierungsschluessel ---------------------
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
"MSCurrentCountry"=dword:000000b5
.
--------------------- Durch laufende Prozesse gestartete DLLs ---------------------
.
- - - - - - - > 'Explorer.exe'(3844)
c:\users\Ich Bin\AppData\Roaming\Dropbox\bin\DropboxExt.17.dll
.
------------------------ Weitere laufende Prozesse ------------------------
.
c:\windows\system32\hasplms.exe
c:\program files\Carl Zeiss\MTB 2004\MTB Server Console\MTBService.exe
c:\windows\system32\conime.exe
c:\program files\Windows Media Player\wmpnetwk.exe
.
**************************************************************************
.
Zeit der Fertigstellung: 2013-01-20  22:24:05 - PC wurde neu gestartet
ComboFix-quarantined-files.txt  2013-01-20 22:24
.
Vor Suchlauf: 9 Verzeichnis(se), 20.983.377.920 Bytes frei
Nach Suchlauf: 14 Verzeichnis(se), 20.615.651.328 Bytes frei
.
- - End Of File - - 7F33B5C26DA2847A8B1CF4BEA95B0E23

--- --- ---

markusg · 21.01.2013, 14:17

Hi,
nutzt du den PC für onlinebanking, zum einkaufen, für sonstige Zahlungsabwicklungen, oder ähnlich wichtigem, wie beruflichem?

Ichauch33 · 21.01.2013, 16:17

Hallo marcusg,

ja, ich nutze den PC fuer onlinebanking, zum einkaufen, und beruflich. Gibt es ein schwerwiegendes Problem?

Viele Gruesse,
Ichauch33

markusg · 21.01.2013, 18:42

jepp.
Bank bitte anrufen, falls sie zu hatt:
116 116
Onlinebanking wegen zero access rootkit sperren lassen.
Da man dies nicht 100 %ig sicher los wird:
der pc muss neu aufgesetzt und dann abgesichert werden
1. Datenrettung:

deaktiviere Autorun: http://www.trojaner-board.de/83238-a...sschalten.html
dann sichere Daten auf nen externen datenträger: http://www.trojaner-board.de/82533-d...ted-magic.html
Bilder, Dokumente, Musik Videos (persönliches) http://www.trojaner-board.de/71715-k...iendungen.html

2. Formatieren, Windows neu instalieren:

nutzt du eine Windows CD: http://www.trojaner-board.de/51262-a...sicherung.html
recovery cd oder recovery partition.
falls dies ein fertig pc ist, nenne hersteller + typ.
Keine Windows 7 DVD? http://www.trojaner-board.de/100776-...-download.html

3. PC absichern: http://www.trojaner-board.de/96344-a...-rechners.html
ich werde außerdem noch weitere punkte dazu posten.
4. alle Passwörter ändern!
5. nach PC Absicherung, die gesicherten Daten prüfen und falls sauber: zurückspielen.
6. werde ich dann noch was zum absichern von Onlinebanking mit Chip Card Reader + Star Money sagen.

Ichauch33 · 23.01.2013, 19:05

Hallo marcusg,

vielen Dank für deine ganze Hilfe. Onlinebanking habe ich sperren lassen.
Nun mache ich mich daran meine Daten zu sichern.
Leider habe ich keine Windows Vista DVD, aber der Hersteller des Laptops ist Belinea und ich habe das b.book 2.

Was ist noch zum Absichern von Onlinebanking mit Chip Card Reader zu beachten?

Mit besten Grüßen,
Ichauch33

Unter System und Wartung -> System habe ich als Hersteller BrunenIT, Model Vista PC gefunden.

markusg · 24.01.2013, 13:23

hi
zum onlinebanking würd ich noch n chipcard reader hohlen.
gibts denn nen handbuch zu dem gerät, evtl. steht da was über die Recovery drinn?

Police central e-crime unit hat mich erwischt

Plagegeister aller Art und deren Bekämpfung: Police central e-crime unit hat mich erwischt