Browser extrem langsam..

Alexandra64 · 11.03.2013, 14:03

Hallo,
ich habe leider ein Problem mit meinem Laptop. Vor kurzem habe ich eine neue Festplatte eingebaut und das Betriebssystem (Windows-Vista) und Programme für den Alltag neu geladen. Hat auch alles mehr oder weniger gut geklappt. Leider habe ich mir kurz danach eine Malware eingefangen (Delta-search u.a)..

nach langer Arbeit habe ich unglaublich viele Foren durchgelesen und alle erdenklichen Methoden ausprobiert um den Kram zu löschen. Soweit ich erkennen kann, hab ich auch alles erwischt. Auch das Antivir kann nichts mehr finden.
Auffällig ist aber, dass meine Browser, wie Firefox und der Inet-Explorer sehr lange brauchen um Seiten zu laden, Videos abzuspielen oder zb. Google Street View zu benutzen. Ich habe schon versucht alles neu zu installieren/zurück zu setzen und Updates zu ziehen. Leider keine Veränderung...
Außerdem habe ich auch schon mehrmals Cookies und Cache gelöscht.

Die Internetverbindung (Wlan) zeigt volle Leistung. Die Übertragungsleistung zeigt 11,0MBit/s. Zu wenig oder ok?

Meine Frage ist nun: Habe ich mir noch irgendwas eingfangen, was die Browser blockiert? Ich habe jetzt HijackThis durchlaufen lassen. Ich kann da leider nichts auffälliges erkennen und auch die Auswertung des Logfiles ergab in meinen Augen nichts wirklich auffälliges.

Es wäre toll, wenn mir jemand helfen könnte! Ich muss dazu sagen, dass ich leider nicht wirklich die große Ahnung von Computern habe und evt. nachfragen muss, was genau gemeint ist.

Hier der Bericht:

Logfile of Trend Micro HijackThis v2.0.4
Scan saved at 13:27:25, on 11.03.2013
Platform: Windows Vista SP2 (WinNT 6.00.1906)
MSIE: Internet Explorer v7.00 (7.00.6002.18005)
Boot mode: Normal

Running processes:
C:\Windows\system32\taskeng.exe
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Windows\System32\igfxtray.exe
C:\Windows\System32\hkcmd.exe
C:\Windows\System32\igfxpers.exe
C:\Windows\system32\igfxsrvc.exe
C:\Program Files\Avira\AntiVir Desktop\avgnt.exe
C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe
C:\Program Files\DellTPad\Apoint.exe
C:\Windows\System32\WLTRAY.EXE
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\Windows Sidebar\sidebar.exe
C:\Program Files\Windows Media Player\wmpnscfg.exe
C:\Program Files\DellTPad\HidFind.exe
C:\Program Files\DellTPad\Apntex.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\Mozilla Firefox\plugin-container.exe
C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_6_602_171.exe
C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_6_602_171.exe
c:\Users\Karo\Downloads\HiJackThis204.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.google.de/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = hxxp://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://go.microsoft.com/fwlink/?LinkId=69157
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
O1 - Hosts: ::1 localhost
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O4 - HKLM\..\Run: [Windows Defender] %ProgramFiles%\Windows Defender\MSASCui.exe -hide
O4 - HKLM\..\Run: [IgfxTray] C:\Windows\system32\igfxtray.exe
O4 - HKLM\..\Run: [HotKeysCmds] C:\Windows\system32\hkcmd.exe
O4 - HKLM\..\Run: [Persistence] C:\Windows\system32\igfxpers.exe
O4 - HKLM\..\Run: [avgnt] "C:\Program Files\Avira\AntiVir Desktop\avgnt.exe" /min
O4 - HKLM\..\Run: [Adobe ARM] "C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
O4 - HKLM\..\Run: [Apoint] C:\Program Files\DellTPad\Apoint.exe
O4 - HKLM\..\Run: [Broadcom Wireless Manager UI] C:\Windows\system32\WLTRAY.exe
O4 - HKLM\..\Run: [APSDaemon] "C:\Program Files\Common Files\Apple\Apple Application Support\APSDaemon.exe"
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKCU\..\Run: [Sidebar] C:\Program Files\Windows Sidebar\sidebar.exe /autoRun
O8 - Extra context menu item: Nach Microsoft E&xel exportieren - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000
O9 - Extra button: An OneNote senden - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: An OneNote s&enden - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL
O20 - AppInit_DLLs: c:\progra~2\browse~1\261095~1.52\{c16c1~1\browse~1.dll
O22 - SharedTaskScheduler: Component Categories cache daemon - {8C7461EF-2B13-11d2-BE35-3078302C2030} - C:\Windows\system32\browseui.dll
O23 - Service: Adobe Acrobat Update Service (AdobeARMservice) - Adobe Systems Incorporated - C:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe
O23 - Service: Adobe Flash Player Update Service (AdobeFlashPlayerUpdateSvc) - Adobe Systems Incorporated - C:\Windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe
O23 - Service: Avira Planer (AntiVirSchedulerService) - Avira Operations GmbH & Co. KG - C:\Program Files\Avira\AntiVir Desktop\sched.exe
O23 - Service: Avira Echtzeit-Scanner (AntiVirService) - Avira Operations GmbH & Co. KG - C:\Program Files\Avira\AntiVir Desktop\avguard.exe
O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
O23 - Service: Dienst "Bonjour" (Bonjour Service) - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: iPod-Dienst (iPod Service) - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Mozilla Maintenance Service (MozillaMaintenance) - Mozilla Foundation - C:\Program Files\Mozilla Maintenance Service\maintenanceservice.exe
O23 - Service: Dell Wireless WLAN Tray Service (wltrysvc) - Unknown owner - C:\Windows\System32\WLTRYSVC.EXE

--
End of file - 5089 bytes

Vielen dank im Voraus!

cosinus · 11.03.2013, 15:16

Hallo und

Lesestoff:
Bitte keine Hijackthis-Logfiles posten!!!

Zitat:

Zitat von Larusso

Uns ist klar, dass HijackThis wahrscheinlich eines der bekanntesten Analysetools ist.

Jedoch scannt es nur noch sehr oberflächlich und gibt uns für eine genaue Analyse eures Systems zu wenig Informationen.

Darum, bitte keine HijackThis Logfiles posten, sondern folgendes lesen und abarbeiten.

http://www.trojaner-board.de/69886-a...-beachten.html

Nur mit diesen Informationen können wir euch helfen.

Danke

Bevor wir uns an die Arbeit machen, möchte ich dich bitten, folgende Punkte vollständig und aufmerksam zu lesen.

Lies dir meine Anleitungen, die ich im Laufe dieses Strangs hier posten werde, aufmerksam durch. Frag umgehend nach, wenn dir irgendetwas unklar sein sollte, bevor du anfängst meine Anleitungen umzusetzen.
Solltest du bei einem Schritt Probleme haben, stoppe dort und beschreib mir das Problem so gut du kannst. Manchmal erfordert ein Schritt den vorhergehenden.
Bitte nur Scans durchführen zu denen du von einem Helfer aufgefordert wurdest! Installiere / Deinstalliere keine Software ohne Aufforderung!
Poste die Logfiles direkt in deinen Thread (bitte in CODE-Tags) und nicht als Anhang, ausser du wurdest dazu aufgefordert. Logs in Anhängen erschweren mir das Auswerten!
Die Logs der aufgegebenen Tools wie zB Malwarebytes sind immer zu posten - egal ob ein Fund dabei war oder nicht!
Beachte bitte auch => Löschen von Logfiles und andere Anfragen

Note:
Sollte ich drei Tage nichts von mir hören lassen, so melde dich bitte in diesem Strang => Erinnerung an meinem Thread.
Nervige "Wann geht es weiter" Nachrichten enden mit Schließung deines Themas. Auch ich habe ein Leben abseits des Trojaner-Boards.

Erstmal eine Kontrolle mit OTL bitte:

Doppelklick auf die OTL.exe
Vista User: Rechtsklick auf die OTL.exe und "als Administrator ausführen" wählen
Setze oben mittig den Haken bei Scanne alle Benutzer
Oben findest Du ein Kästchen mit Output. Wähle bitte Minimal Output
Unter Extra Registry, wähle bitte Use SafeList
Klicke nun auf Run Scan links oben
Wenn der Scan beendet wurde werden 2 Logfiles erstellt
Poste die Logfiles hier in CODE-Tags in den Thread.

Alexandra64 · 11.03.2013, 15:39

Hallo, danke für die Antwort! Ich hoffe ich habe alles richtig verstanden!

hier einmal der Bericht von OTL:

Code:

ATTFilter

OTL logfile created on: 11.03.2013 15:32:02 - Run 2
OTL by OldTimer - Version 3.2.69.0     Folder = C:\Users\Karo\Downloads
Windows Vista Home Premium Edition Service Pack 2 (Version = 6.0.6002) - Type = NTWorkstation
Internet Explorer (Version = 7.0.6002.18005)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
 
1,96 Gb Total Physical Memory | 0,83 Gb Available Physical Memory | 42,48% Memory free
4,17 Gb Paging File | 2,87 Gb Available in Paging File | 68,84% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 232,88 Gb Total Space | 209,21 Gb Free Space | 89,83% Space Free | Partition Type: NTFS
 
Computer Name: KARO-PC | User Name: Karo | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days
 
========== Processes (SafeList) ==========
 
PRC - C:\Users\Karo\Downloads\OTL.exe (OldTimer Tools)
PRC - C:\Programme\Mozilla Firefox\firefox.exe (Mozilla Corporation)
PRC - C:\Windows\System32\Macromed\Flash\FlashPlayerPlugin_11_6_602_171.exe (Adobe Systems, Inc.)
PRC - C:\Programme\Avira\AntiVir Desktop\sched.exe (Avira Operations GmbH & Co. KG)
PRC - C:\Programme\Avira\AntiVir Desktop\avshadow.exe (Avira Operations GmbH & Co. KG)
PRC - C:\Programme\Avira\AntiVir Desktop\avgnt.exe (Avira Operations GmbH & Co. KG)
PRC - C:\Programme\Avira\AntiVir Desktop\avguard.exe (Avira Operations GmbH & Co. KG)
PRC - C:\Programme\Common Files\Adobe\ARM\1.0\armsvc.exe (Adobe Systems Incorporated)
PRC - C:\Programme\Windows Sidebar\sidebar.exe (Microsoft Corporation)
PRC - C:\Windows\explorer.exe (Microsoft Corporation)
PRC - C:\Programme\DellTPad\Apoint.exe (Alps Electric Co., Ltd.)
PRC - C:\Programme\DellTPad\hidfind.exe (Alps Electric Co., Ltd.)
PRC - C:\Programme\DellTPad\ApMsgFwd.exe (Alps Electric Co., Ltd.)
PRC - C:\Programme\Windows Media Player\wmpnetwk.exe (Microsoft Corporation)
PRC - C:\Programme\Windows Media Player\wmpnscfg.exe (Microsoft Corporation)
PRC - C:\Programme\DellTPad\ApntEx.exe (Alps Electric Co., Ltd.)
 
 
========== Modules (No Company Name) ==========
 
MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Web\27b0a88bfa56a9390f516b0fa55f3dcb\System.Web.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Runtime.Remo#\e515919524c6be56f55ad12fbdd23c19\System.Runtime.Remoting.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\System\34942db56010e4225825bfae8a27559f\System.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\3aac7b97549d4ccf0c7dca3d1777f9b4\mscorlib.ni.dll ()
MOD - C:\Programme\Mozilla Firefox\mozjs.dll ()
MOD - C:\Windows\System32\Macromed\Flash\NPSWF32_11_6_602_171.dll ()
MOD - C:\Programme\Common Files\Apple\Apple Application Support\zlib1.dll ()
MOD - C:\Programme\Common Files\Apple\Apple Application Support\libxml2.dll ()
MOD - C:\Windows\System32\bcmwlrmt.dll ()
 
 
========== Services (SafeList) ==========
 
SRV - (MozillaMaintenance) -- C:\Programme\Mozilla Maintenance Service\maintenanceservice.exe (Mozilla Foundation)
SRV - (AdobeFlashPlayerUpdateSvc) -- C:\Windows\System32\Macromed\Flash\FlashPlayerUpdateService.exe (Adobe Systems Incorporated)
SRV - (AntiVirSchedulerService) -- C:\Programme\Avira\AntiVir Desktop\sched.exe (Avira Operations GmbH & Co. KG)
SRV - (AntiVirService) -- C:\Programme\Avira\AntiVir Desktop\avguard.exe (Avira Operations GmbH & Co. KG)
SRV - (AdobeARMservice) -- C:\Programme\Common Files\Adobe\ARM\1.0\armsvc.exe (Adobe Systems Incorporated)
SRV - (WMPNetworkSvc) -- C:\Programme\Windows Media Player\wmpnetwk.exe (Microsoft Corporation)
SRV - (WinDefend) -- C:\Programme\Windows Defender\MpSvc.dll (Microsoft Corporation)
SRV - (odserv) -- C:\Programme\Common Files\microsoft shared\OFFICE12\ODSERV.EXE (Microsoft Corporation)
SRV - (ose) -- C:\Programme\Common Files\microsoft shared\Source Engine\OSE.EXE (Microsoft Corporation)
 
 
========== Driver Services (SafeList) ==========
 
DRV - (NwlnkFwd) -- system32\DRIVERS\nwlnkfwd.sys File not found
DRV - (NwlnkFlt) -- system32\DRIVERS\nwlnkflt.sys File not found
DRV - (IpInIp) -- system32\DRIVERS\ipinip.sys File not found
DRV - (avkmgr) -- C:\Windows\System32\drivers\avkmgr.sys (Avira Operations GmbH & Co. KG)
DRV - (ssmdrv) -- C:\Windows\System32\drivers\ssmdrv.sys (Avira GmbH)
DRV - (avipbb) -- C:\Windows\System32\drivers\avipbb.sys (Avira Operations GmbH & Co. KG)
DRV - (avgntflt) -- C:\Windows\System32\drivers\avgntflt.sys (Avira Operations GmbH & Co. KG)
DRV - (BCM42RLY) -- C:\Windows\System32\drivers\bcm42rly.sys (Broadcom Corporation)
DRV - (ApfiltrService) -- C:\Windows\System32\drivers\Apfiltr.sys (Alps Electric Co., Ltd.)
 
 
========== Standard Registry (SafeList) ==========
 
 
========== Internet Explorer ==========
 
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = %SystemRoot%\system32\blank.htm
IE - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://search.live.com/results.aspx?q={searchTerms}&src={referrer:source?}
 
 
IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
 
IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
 
 
 
IE - HKU\S-1-5-21-1535122793-504594352-3588520643-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.google.de/
IE - HKU\S-1-5-21-1535122793-504594352-3588520643-1000\SOFTWARE\Microsoft\Internet Explorer\Main,StartPageCache = 1
IE - HKU\S-1-5-21-1535122793-504594352-3588520643-1000\..\SearchScopes,DefaultScope = {D6F24153-043C-4538-8EB3-844D68A3BD99}
IE - HKU\S-1-5-21-1535122793-504594352-3588520643-1000\..\SearchScopes\{D6F24153-043C-4538-8EB3-844D68A3BD99}: "URL" = hxxp://www.google.de/search?q={searchTerms}
IE - HKU\S-1-5-21-1535122793-504594352-3588520643-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKU\S-1-5-21-1535122793-504594352-3588520643-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local
 
========== FireFox ==========
 
FF - prefs.js..browser.startup.homepage: "hxxp://www.gmx.net/"
FF - prefs.js..extensions.enabledAddons: %7B972ce4c6-7e08-4474-a285-3208198ce6fd%7D:19.0.2
FF - user.js - File not found
 
FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF32_11_6_602_171.dll ()
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=:  File not found
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=1.0: C:\Program Files\iTunes\Mozilla Plugins\npitunes.dll ()
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WPF,version=3.5: c:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@videolan.org/vlc,version=2.0.5: C:\Program Files\VideoLAN\VLC\npvlc.dll (VideoLAN)
FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF - HKCU\Software\MozillaPlugins\amazon.com/AmazonMP3DownloaderPlugin: C:\Program Files\Amazon\MP3 Downloader\npAmazonMP3DownloaderPlugin101721.dll (Amazon.com, Inc.)
 
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 19.0.2\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2013.03.09 15:15:26 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 19.0.2\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins
 
[2013.02.19 01:48:29 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Karo\AppData\Roaming\mozilla\Extensions
[2013.03.10 19:57:57 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Karo\AppData\Roaming\mozilla\Firefox\Profiles\jchtc0cx.default-1362931242066\extensions
[2013.03.10 19:57:57 | 000,817,280 | ---- | M] () (No name found) -- C:\Users\Karo\AppData\Roaming\mozilla\firefox\profiles\jchtc0cx.default-1362931242066\extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}.xpi
[2013.02.19 01:48:14 | 000,000,000 | ---D | M] (No name found) -- C:\Programme\Mozilla Firefox\extensions
[2013.03.09 15:15:26 | 000,263,064 | ---- | M] (Mozilla Foundation) -- C:\Program Files\mozilla firefox\components\browsercomps.dll
[2013.02.01 20:33:32 | 000,001,392 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\amazondotcom-de.xml
[2013.02.12 21:51:53 | 000,006,484 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\babylon.xml
[2013.02.01 20:33:32 | 000,002,465 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\bing.xml
[2013.02.01 20:33:32 | 000,001,153 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\eBay-de.xml
[2013.02.01 20:33:32 | 000,006,805 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\leo_ende_de.xml
[2013.02.01 20:33:32 | 000,001,178 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\wikipedia-de.xml
[2013.02.01 20:33:32 | 000,001,105 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\yahoo-de.xml
 
O1 HOSTS File: ([2006.09.18 22:41:30 | 000,000,761 | ---- | M]) - C:\Windows\System32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1       localhost
O1 - Hosts: ::1             localhost
O3 - HKU\S-1-5-21-1535122793-504594352-3588520643-1000\..\Toolbar\WebBrowser: (no name) - {D4027C7F-154A-4066-A1AD-4243D8127440} - No CLSID value found.
O4 - HKLM..\Run: [Apoint] C:\Programme\DellTPad\Apoint.exe (Alps Electric Co., Ltd.)
O4 - HKLM..\Run: [APSDaemon] C:\Program Files\Common Files\Apple\Apple Application Support\APSDaemon.exe (Apple Inc.)
O4 - HKLM..\Run: [avgnt] C:\Program Files\Avira\AntiVir Desktop\avgnt.exe (Avira Operations GmbH & Co. KG)
O4 - HKLM..\Run: [Windows Defender] C:\Program Files\Windows Defender\MSASCui.exe (Microsoft Corporation)
O4 - HKU\S-1-5-19..\Run: [WindowsWelcomeCenter] C:\Windows\System32\oobefldr.dll (Microsoft Corporation)
O4 - HKU\S-1-5-20..\Run: [WindowsWelcomeCenter] C:\Windows\System32\oobefldr.dll (Microsoft Corporation)
O8 - Extra context menu item: Nach Microsoft E&xel exportieren - C:\Programme\Microsoft Office\Office12\EXCEL.EXE (Microsoft Corporation)
O9 - Extra Button: An OneNote senden - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Programme\Microsoft Office\Office12\ONBttnIE.dll (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : An OneNote s&enden - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Programme\Microsoft Office\Office12\ONBttnIE.dll (Microsoft Corporation)
O9 - Extra Button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\Programme\Microsoft Office\Office12\REFIEBAR.DLL (Microsoft Corporation)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000005 [] - C:\Programme\Bonjour\mdnsNSP.dll (Apple Inc.)
O13 - gopher Prefix: missing
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{55A08018-6F5B-49EC-A1F7-CD6D481C7CE8}: DhcpNameServer = 192.168.1.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{C3FF073B-B670-48D8-9FF6-5B3610178045}: DhcpNameServer = 192.168.1.1
O18 - Protocol\Handler\ms-help {314111c7-a502-11d2-bbca-00c04f8ec294} - C:\Programme\Common Files\microsoft shared\Help\hxds.dll (Microsoft Corporation)
O18 - Protocol\Filter\text/xml {807563E5-5146-11D5-A672-00B0D022E945} - C:\Programme\Common Files\microsoft shared\OFFICE12\MSOXMLMF.DLL (Microsoft Corporation)
O20 - AppInit_DLLs: (c:\progra~2\browse~1\261095~1.52\{c16c1~1\browse~1.dll) -  File not found
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\System32\userinit.exe (Microsoft Corporation)
O24 - Desktop WallPaper: C:\Users\Karo\AppData\Roaming\Microsoft\Windows Photo Gallery\Hintergrundbild der Windows-Fotogalerie.jpg
O24 - Desktop BackupWallPaper: C:\Users\Karo\AppData\Roaming\Microsoft\Windows Photo Gallery\Hintergrundbild der Windows-Fotogalerie.jpg
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2006.09.18 22:43:36 | 000,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ]
O34 - HKLM BootExecute: (autocheck autochk *)
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)
 
========== Files/Folders - Created Within 30 Days ==========
 
[2013.03.11 10:33:47 | 002,422,272 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\wucltux.dll
[2013.03.11 10:33:47 | 000,045,080 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\wups2.dll
[2013.03.11 10:33:25 | 000,577,048 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\wuapi.dll
[2013.03.11 10:33:25 | 000,088,576 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\wudriver.dll
[2013.03.11 10:33:25 | 000,035,864 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\wups.dll
[2013.03.11 10:33:07 | 000,171,904 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\wuwebv.dll
[2013.03.11 10:33:07 | 000,033,792 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\wuapp.exe
[2013.03.10 17:58:59 | 000,000,000 | ---D | C] -- C:\Windows\System32\eu-ES
[2013.03.10 17:58:59 | 000,000,000 | ---D | C] -- C:\Windows\System32\ca-ES
[2013.03.10 17:58:57 | 000,000,000 | ---D | C] -- C:\Windows\System32\vi-VN
[2013.03.10 17:00:46 | 000,000,000 | ---D | C] -- C:\Users\Karo\Desktop\Alte Firefox-Daten
[2013.03.10 16:47:19 | 000,000,000 | ---D | C] -- C:\Windows\System32\EventProviders
[2013.02.21 11:55:00 | 000,000,000 | ---D | C] -- C:\Users\Karo\AppData\Roaming\dvdcss
[2013.02.19 01:48:20 | 000,000,000 | ---D | C] -- C:\Users\Karo\AppData\Roaming\Mozilla
[2013.02.12 21:51:43 | 000,000,000 | ---D | C] -- C:\Users\Karo\AppData\Roaming\Babylon
[2013.02.12 21:51:43 | 000,000,000 | ---D | C] -- C:\ProgramData\Babylon
[2013.02.10 18:13:03 | 000,000,000 | ---D | C] -- C:\Users\Karo\AppData\Roaming\vlc
[2013.02.10 18:12:56 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\VideoLAN
[2013.02.10 18:12:18 | 000,000,000 | ---D | C] -- C:\Program Files\VideoLAN
 
========== Files - Modified Within 30 Days ==========
 
[2013.03.11 15:33:00 | 000,000,884 | ---- | M] () -- C:\Windows\tasks\Adobe Flash Player Updater.job
[2013.03.11 14:28:10 | 000,003,712 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0
[2013.03.11 14:28:10 | 000,003,712 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0
[2013.03.11 12:33:36 | 000,628,742 | ---- | M] () -- C:\Windows\System32\perfh007.dat
[2013.03.11 12:33:36 | 000,595,996 | ---- | M] () -- C:\Windows\System32\perfh009.dat
[2013.03.11 12:33:36 | 000,126,454 | ---- | M] () -- C:\Windows\System32\perfc007.dat
[2013.03.11 12:33:36 | 000,104,070 | ---- | M] () -- C:\Windows\System32\perfc009.dat
[2013.03.11 12:27:59 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2013.03.11 12:26:14 | 2103,857,152 | -HS- | M] () -- C:\hiberfil.sys
[2013.03.10 18:04:17 | 000,265,000 | ---- | M] () -- C:\Windows\System32\FNTCACHE.DAT
[2013.02.27 16:11:22 | 000,002,631 | ---- | M] () -- C:\Users\Karo\Desktop\Microsoft Office Word 2007.lnk
[2013.02.26 22:33:34 | 000,691,568 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\System32\FlashPlayerApp.exe
[2013.02.26 22:33:34 | 000,071,024 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\System32\FlashPlayerCPLApp.cpl
[2013.02.25 12:44:00 | 000,010,752 | ---- | M] () -- C:\Users\Karo\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2013.02.19 01:48:16 | 000,000,846 | ---- | M] () -- C:\Users\Public\Desktop\Mozilla Firefox.lnk
[2013.02.10 18:12:56 | 000,000,859 | ---- | M] () -- C:\Users\Public\Desktop\VLC media player.lnk
 
========== Files Created - No Company Name ==========
 
[2013.03.10 18:07:49 | 000,000,949 | ---- | C] () -- C:\Users\Karo\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Internet Explorer.lnk
[2013.02.19 01:48:16 | 000,000,858 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Mozilla Firefox.lnk
[2013.02.19 01:48:16 | 000,000,846 | ---- | C] () -- C:\Users\Public\Desktop\Mozilla Firefox.lnk
[2013.02.10 18:12:56 | 000,000,859 | ---- | C] () -- C:\Users\Public\Desktop\VLC media player.lnk
[2013.02.09 01:01:54 | 000,010,752 | ---- | C] () -- C:\Users\Karo\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2013.02.04 15:23:57 | 000,006,656 | ---- | C] () -- C:\Windows\System32\bcmwlrc.dll
[2013.02.04 15:23:54 | 000,054,784 | ---- | C] () -- C:\Windows\System32\bcmwlrmt.dll
[2013.02.04 15:23:52 | 000,026,112 | ---- | C] () -- C:\Windows\System32\WLTRYSVC.EXE
[2013.02.02 11:50:36 | 000,117,248 | ---- | C] () -- C:\Windows\System32\EhStorAuthn.dll
[2013.02.02 11:50:36 | 000,107,612 | ---- | C] () -- C:\Windows\System32\StructuredQuerySchema.bin
[2013.02.01 22:49:03 | 000,018,904 | ---- | C] () -- C:\Windows\System32\StructuredQuerySchemaTrivial.bin
[2013.02.01 20:38:09 | 000,628,742 | ---- | C] () -- C:\Windows\System32\perfh007.dat
[2013.02.01 20:38:09 | 000,290,748 | ---- | C] () -- C:\Windows\System32\perfi007.dat
[2013.02.01 20:38:09 | 000,126,454 | ---- | C] () -- C:\Windows\System32\perfc007.dat
[2013.02.01 20:38:09 | 000,036,916 | ---- | C] () -- C:\Windows\System32\perfd007.dat
[2013.02.01 14:04:32 | 002,192,024 | ---- | C] () -- C:\Windows\System32\igkrng500.bin
[2013.02.01 14:04:32 | 000,147,456 | ---- | C] () -- C:\Windows\System32\igfxCoIn_v1489.dll
[2013.02.01 14:04:31 | 000,146,596 | ---- | C] () -- C:\Windows\System32\igfcg550.bin
[2013.02.01 14:04:30 | 000,492,496 | ---- | C] () -- C:\Windows\System32\igcompkrng500.bin
[2013.02.01 11:47:35 | 000,000,680 | ---- | C] () -- C:\Users\Karo\AppData\Local\d3d9caps.dat
 
========== ZeroAccess Check ==========
 
[2006.11.02 13:54:22 | 000,000,227 | RHS- | M] () -- C:\Windows\assembly\Desktop.ini
 
[HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
 
[HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32]
 
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
"" = %SystemRoot%\system32\shell32.dll -- [2011.01.21 17:35:22 | 011,586,048 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment
 
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32]
"" = %systemroot%\system32\wbem\fastprox.dll -- [2009.04.11 07:28:19 | 000,614,912 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free
 
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32]
"" = %systemroot%\system32\wbem\wbemess.dll -- [2009.04.11 07:28:25 | 000,347,648 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Both
 
========== LOP Check ==========
 
[2013.02.04 17:25:43 | 000,000,000 | ---D | M] -- C:\Users\Karo\AppData\Roaming\Amazon
[2013.02.12 21:51:43 | 000,000,000 | ---D | M] -- C:\Users\Karo\AppData\Roaming\Babylon
[2013.02.01 13:47:19 | 000,000,000 | ---D | M] -- C:\Users\Karo\AppData\Roaming\TMP
 
========== Purity Check ==========
 
 

< End of report >

cosinus · 11.03.2013, 15:53

Rootkitscan mit GMER

Bitte lade dir

GMER herunter: (Dateiname zufällig)

Schließe alle anderen Programme, deaktiviere deinen Virenscanner und trenne den Rechner vom Internet bevor du GMER startest.
Sollte sich nach dem Start ein Fenster mit folgender Warnung öffnen:
WARNING !!!
GMER has found system modification, which might have been caused by ROOTKIT activity.
Do you want to fully scan your system ?

Unbedingt auf "No" klicken.
Entferne rechts den Haken bei: IAT/EAT und Show All
Setze den Haken bei Quickscan und entferne ihn bei allen anderen Laufwerken.
Starte den Scan mit "Scan".
Mache nichts am Computer während der Scan läuft.
Wenn der Scan fertig ist klicke auf Save und speichere die Logfile unter Gmer.txt auf deinem Desktop. Mit "Ok" wird GMER beendet.

Antiviren-Programm und sonstige Scanner wieder einschalten, bevor Du ins Netz gehst!

Tauchen Probleme auf?

Probiere alternativ den abgesicherten Modus.
Erhältst du einen Bluescreen, dann entferne den Haken vor Devices.

Anschließend bitte MBAR ausführen:

Malwarebytes Anti-Rootkit (MBAR)

Downloade dir bitte

Malwarebytes Anti-Rootkit und speichere es auf deinem Desktop.

Starte bitte die mbar.exe.
Folge den Anweisungen auf deinem Bildschirm gemäß Anleitung zu Malwarebytes Anti-Rootkit
Aktualisiere unbedingt die Datenbank und erlaube dem Tool, dein System zu scannen.
Klicke auf den CleanUp Button und erlaube den Neustart.
Während dem Neustart wird MBAR die gefundenen Objekte entfernen, also bleib geduldig.
Nach dem Neustart starte die mbar.exe erneut.
Sollte nochmal was gefunden werden, wiederhole den CleanUp Prozess.

Das Tool wird im erstellten Ordner eine Logfile ( mbar-log-<Jahr-Monat-Tag>.txt ) erzeugen. Bitte poste diese hier.

Starte keine andere Datei in diesem Ordner ohne Anweisung eines Helfers

Alexandra64 · 11.03.2013, 15:54

hier ist glaube ich noch der zweite Bericht, hatte ihn erst nicht gefunden..

Code:

ATTFilter

OTL Extras logfile created on: 11.03.2013 15:23:40 - Run 1
OTL by OldTimer - Version 3.2.69.0     Folder = C:\Users\Karo\Downloads
Windows Vista Home Premium Edition Service Pack 2 (Version = 6.0.6002) - Type = NTWorkstation
Internet Explorer (Version = 7.0.6002.18005)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
 
1,96 Gb Total Physical Memory | 0,91 Gb Available Physical Memory | 46,65% Memory free
4,17 Gb Paging File | 2,90 Gb Available in Paging File | 69,47% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 232,88 Gb Total Space | 209,21 Gb Free Space | 89,83% Space Free | Partition Type: NTFS
 
Computer Name: KARO-PC | User Name: Karo | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days
 
========== Extra Registry (SafeList) ==========
 
 
========== File Associations ==========
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- C:\Windows\System32\control.exe (Microsoft Corporation)
.hlp [@ = hlpfile] -- C:\Windows\winhlp32.exe (Microsoft Corporation)
.url [@ = InternetShortcut] -- rundll32.exe ieframe.dll,OpenURL %l
 
[HKEY_USERS\S-1-5-21-1535122793-504594352-3588520643-1000\SOFTWARE\Classes\<extension>]
.html [@ = FirefoxHTML] -- C:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation)
 
========== Shell Spawning ==========
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
hlpfile [open] -- %SystemRoot%\winhlp32.exe %1 (Microsoft Corporation)
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
InternetShortcut [open] -- rundll32.exe ieframe.dll,OpenURL %l
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [AddToPlaylistVLC] -- "C:\Program Files\VideoLAN\VLC\vlc.exe" --started-from-file --playlist-enqueue "%1" (VideoLAN)
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [OneNote.Open] -- C:\PROGRA~1\MICROS~2\Office12\ONENOTE.EXE "%L" (Microsoft Corporation)
Directory [PlayWithVLC] -- "C:\Program Files\VideoLAN\VLC\vlc.exe" --started-from-file --no-playlist-enqueue "%1" (VideoLAN)
Folder [open] -- %SystemRoot%\Explorer.exe /separate,/idlist,%I,%L (Microsoft Corporation)
Folder [explore] -- %SystemRoot%\Explorer.exe /separate,/e,/idlist,%I,%L (Microsoft Corporation)
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
 
========== Security Center Settings ==========
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 1
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"AntiVirusOverride" = 0
"AntiSpywareOverride" = 0
"FirewallOverride" = 0
"VistaSp1" = Reg Error: Unknown registry data type -- File not found
"VistaSp2" = Reg Error: Unknown registry data type -- File not found
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol]
 
========== Firewall Settings ==========
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"EnableFirewall" = 1
"DisableNotifications" = 0
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"EnableFirewall" = 1
"DisableNotifications" = 0
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
"EnableFirewall" = 1
"DisableNotifications" = 0
 
========== Authorized Applications List ==========
 
 
========== Vista Active Open Ports Exception List ==========
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{0086D2C4-D6C2-4751-878E-9B4B8981F3C4}" = rport=138 | protocol=17 | dir=out | app=system | 
"{1F502764-83AA-48BC-A778-B4173FCD7B40}" = rport=1900 | protocol=17 | dir=out | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe | 
"{203A7D15-DBC2-4E5E-B6D4-1F0441F63EC4}" = lport=138 | protocol=17 | dir=in | app=system | 
"{286B0F3E-8AEB-4903-BE6C-41225A276507}" = rport=445 | protocol=6 | dir=out | app=system | 
"{2E9C9859-B97E-4F58-AB67-CE1674F5F751}" = lport=3702 | protocol=17 | dir=in | svc=fdphost | app=%systemroot%\system32\svchost.exe | 
"{47AAB9F5-FCE2-4DBA-AE26-D9219F519109}" = rport=139 | protocol=6 | dir=out | app=system | 
"{510CA1F8-1F93-44DA-9A8A-71056AADB43F}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe | 
"{56429E2B-05B3-4DA5-93EC-040559088743}" = lport=137 | protocol=17 | dir=in | app=system | 
"{667DA991-DC6A-4330-AF53-F2377A8C57CA}" = rport=3702 | protocol=17 | dir=out | svc=fdrespub | app=%systemroot%\system32\svchost.exe | 
"{7B6727C9-2156-4BE7-85DD-D00C7F85E54F}" = rport=3702 | protocol=17 | dir=out | svc=fdphost | app=%systemroot%\system32\svchost.exe | 
"{86125D5E-FBC3-4F7F-B076-FCFF6244949F}" = lport=rpc-epmap | protocol=6 | dir=in | svc=rpcss | name=@firewallapi.dll,-28539 | 
"{A31802F5-A1A1-4E4D-A1F4-7C5037494AE9}" = lport=3702 | protocol=17 | dir=in | svc=fdrespub | app=%systemroot%\system32\svchost.exe | 
"{AA13B299-655A-450F-A620-50E3D994E5BE}" = rport=137 | protocol=17 | dir=out | app=system | 
"{B3F58040-8675-438D-9E2A-A409020A19F5}" = lport=445 | protocol=6 | dir=in | app=system | 
"{D2B20425-783C-47EC-8879-9026AB162D94}" = lport=rpc | protocol=6 | dir=in | svc=spooler | app=%systemroot%\system32\spoolsv.exe | 
"{E8112420-4B69-4B40-AB03-B22921237C41}" = lport=5355 | protocol=17 | dir=in | svc=dnscache | app=%systemroot%\system32\svchost.exe | 
"{E9D66E93-AE0E-4AEA-81C2-82E19486839F}" = rport=5355 | protocol=17 | dir=out | svc=dnscache | app=%systemroot%\system32\svchost.exe | 
"{F06AEBE0-CA68-4B2D-B6BB-B4EAF5CC3050}" = lport=139 | protocol=6 | dir=in | app=system | 
 
========== Vista Active Application Exception List ==========
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{0BB471B6-DD44-421D-82F6-D2B89A25DA69}" = dir=in | app=c:\program files\common files\apple\apple application support\webkit2webprocess.exe | 
"{237DA757-E68C-458F-9F02-5254985D4316}" = protocol=17 | dir=in | app=c:\program files\bonjour\mdnsresponder.exe | 
"{2783C4AE-CACE-4DEE-96F8-5E264EB613BE}" = protocol=6 | dir=in | app=c:\program files\bonjour\mdnsresponder.exe | 
"{34B6A9FC-F77C-4167-B2A9-2E6EAD0A04AE}" = protocol=58 | dir=in | name=@firewallapi.dll,-28545 | 
"{46A85009-750D-4DF5-9BFA-89C0C46295B5}" = dir=in | app=c:\program files\itunes\itunes.exe | 
"{55F2AB10-4B50-4B1E-AFBD-05C919C3DA6A}" = protocol=1 | dir=in | name=@firewallapi.dll,-28543 | 
"{C73B1DD9-88B6-4464-8712-C8AC90E23B03}" = protocol=17 | dir=in | app=c:\program files\microsoft office\office12\onenote.exe | 
"{D7A581A5-BDD0-41FA-86A2-B9D08BCD50D7}" = protocol=6 | dir=in | app=c:\program files\microsoft office\office12\onenote.exe | 
"{DC48D757-EBD1-43AB-97D4-35A92C05645A}" = protocol=58 | dir=out | name=@firewallapi.dll,-28546 | 
"{DFA54467-104A-4597-9E6D-D9DD355242AB}" = protocol=6 | dir=out | svc=upnphost | app=%systemroot%\system32\svchost.exe | 
"{F96D4945-63B8-4067-926A-8AEF1EC7A2CD}" = protocol=1 | dir=out | name=@firewallapi.dll,-28544 | 
 
========== HKEY_LOCAL_MACHINE Uninstall List ==========
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{052FDD78-A6EA-3187-8386-C82F4CA3A929}" = Microsoft .NET Framework 3.5 Language Pack SP1 - deu
"{3C3901C5-3455-3E0A-A214-0B093A5070A6}" = Microsoft .NET Framework 4 Client Profile
"{415B2719-AD3A-4944-B404-C472DB6085B3}" = Cisco EAP-FAST Module
"{42929F0F-CE14-47AF-9FC7-FF297A603021}" = Dell Resource CD
"{459699C3-9430-4381-964B-4248D87B49F9}" = Apple Mobile Device Support
"{669C7BD8-DAA2-49B6-966C-F1E2AAE6B17E}" = Cisco PEAP Module
"{7299052b-02a4-4627-81f2-1818da5d550d}" = Microsoft Visual C++ 2005 Redistributable
"{789A5B64-9DD9-4BA5-915A-F0FC0A1B7BFE}" = Apple Software Update
"{79155F2B-9895-49D7-8612-D92580E0DE5B}" = Bonjour
"{83770D14-21B9-44B3-8689-F7B523F94560}" = Cisco LEAP Module
"{90120000-0016-0407-0000-0000000FF1CE}" = Microsoft Office Excel MUI (German) 2007
"{90120000-0018-0407-0000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (German) 2007
"{90120000-001B-0407-0000-0000000FF1CE}" = Microsoft Office Word MUI (German) 2007
"{90120000-001F-0407-0000-0000000FF1CE}" = Microsoft Office Proof (German) 2007
"{90120000-001F-0409-0000-0000000FF1CE}" = Microsoft Office Proof (English) 2007
"{90120000-001F-040C-0000-0000000FF1CE}" = Microsoft Office Proof (French) 2007
"{90120000-001F-0410-0000-0000000FF1CE}" = Microsoft Office Proof (Italian) 2007
"{90120000-002C-0407-0000-0000000FF1CE}" = Microsoft Office Proofing (German) 2007
"{90120000-006E-0407-0000-0000000FF1CE}" = Microsoft Office Shared MUI (German) 2007
"{90120000-00A1-0407-0000-0000000FF1CE}" = Microsoft Office OneNote MUI (German) 2007
"{91120000-002F-0000-0000-0000000FF1CE}" = Microsoft Office Home and Student 2007
"{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
"{9F72EF8B-AEC9-4CA5-B483-143980AFD6FD}" = Dell Touchpad
"{AC76BA86-7AD7-1031-7B44-AA1000000001}" = Adobe Reader X (10.1.4) - Deutsch
"{B0261E53-B6F1-474A-864B-E7C3CBF468E0}" = iTunes
"{C950420B-4182-49EA-850A-A6A2ABF06C6B}" = Marvell Miniport Driver
"{CCE825DB-347A-4004-A186-5F4A6FDD8547}" = Apple Application Support
"{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}" = Microsoft .NET Framework 3.5 SP1
"{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}" = Microsoft Visual C++ 2010  x86 Redistributable - 10.0.40219
"{F750C986-5310-3A5A-95F8-4EC71C8AC01C}" = Microsoft .NET Framework 4 Client Profile DEU Language Pack
"Adobe Flash Player Plugin" = Adobe Flash Player 11 Plugin
"Amazon MP3-Downloader" = Amazon MP3-Downloader 1.0.17
"Avira AntiVir Desktop" = Avira Free Antivirus
"Broadcom 802.11 Application" = Dell Wireless WLAN Card Utility
"HDMI" = Intel(R) Graphics Media Accelerator Driver
"HOMESTUDENTR" = Microsoft Office Home and Student 2007
"Microsoft .NET Framework 3.5 Language Pack SP1 - deu" = Microsoft .NET Framework 3.5 Language Pack SP1 - DEU
"Microsoft .NET Framework 3.5 SP1" = Microsoft .NET Framework 3.5 SP1
"Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile
"Microsoft .NET Framework 4 Client Profile DEU Language Pack" = Microsoft .NET Framework 4 Client Profile DEU Language Pack
"Mozilla Firefox 19.0.2 (x86 de)" = Mozilla Firefox 19.0.2 (x86 de)
"MozillaMaintenanceService" = Mozilla Maintenance Service
"VLC media player" = VLC media player 2.0.5
 
========== Last 20 Event Log Errors ==========
 
[ Application Events ]
Error - 10.03.2013 09:34:31 | Computer Name = Karo-PC | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: m->NextScheduledSPRetry 679743
 
Error - 10.03.2013 09:34:33 | Computer Name = Karo-PC | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: Continuously busy for more than a second
 
Error - 10.03.2013 09:34:33 | Computer Name = Karo-PC | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: m->NextScheduledEvent 680835
 
Error - 10.03.2013 09:34:33 | Computer Name = Karo-PC | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: m->NextScheduledSPRetry 680835
 
Error - 10.03.2013 13:04:59 | Computer Name = Karo-PC | Source = WinMgmt | ID = 10
Description = 
 
Error - 10.03.2013 13:05:56 | Computer Name = Karo-PC | Source = WinMgmt | ID = 10
Description = 
 
Error - 10.03.2013 13:07:47 | Computer Name = Karo-PC | Source = ESENT | ID = 215
Description = WinMail (3268) WindowsMail0: Die Sicherung wurde abgebrochen, weil
 sie vom Client angehalten wurde, oder weil die Verbindung mit dem Client unterbrochen
 wurde.
 
Error - 10.03.2013 18:14:30 | Computer Name = Karo-PC | Source = RasClient | ID = 20227
Description = 
 
Error - 11.03.2013 05:26:46 | Computer Name = Karo-PC | Source = WinMgmt | ID = 10
Description = 
 
Error - 11.03.2013 07:28:43 | Computer Name = Karo-PC | Source = WinMgmt | ID = 10
Description = 
 
[ System Events ]
Error - 07.02.2013 14:44:32 | Computer Name = Karo-PC | Source = Service Control Manager | ID = 7000
Description = 
 
Error - 08.02.2013 18:12:14 | Computer Name = Karo-PC | Source = HTTP | ID = 15016
Description = 
 
Error - 08.02.2013 18:12:26 | Computer Name = Karo-PC | Source = Microsoft-Windows-ResourcePublication | ID = 1002
Description = 
 
Error - 08.02.2013 18:13:08 | Computer Name = Karo-PC | Source = Microsoft-Windows-LanguagePackSetup | ID = 1001
Description = 
 
Error - 08.02.2013 18:13:39 | Computer Name = Karo-PC | Source = Service Control Manager | ID = 7000
Description = 
 
Error - 08.02.2013 18:13:39 | Computer Name = Karo-PC | Source = Service Control Manager | ID = 7000
Description = 
 
Error - 10.02.2013 09:59:37 | Computer Name = Karo-PC | Source = HTTP | ID = 15016
Description = 
 
Error - 10.02.2013 10:00:29 | Computer Name = Karo-PC | Source = Microsoft-Windows-LanguagePackSetup | ID = 1001
Description = 
 
Error - 10.02.2013 10:01:14 | Computer Name = Karo-PC | Source = Service Control Manager | ID = 7000
Description = 
 
Error - 10.02.2013 10:01:14 | Computer Name = Karo-PC | Source = Service Control Manager | ID = 7000
Description = 
 
 
< End of report >

cosinus · 11.03.2013, 16:00

Mach bitte mit den anderen Tools weiter

Alexandra64 · 11.03.2013, 17:08

Ok, dauert alles nur ewig. Bin dabei!

So, hab jetzt alles durchlaufen lassen..

hier einmal Gmer

Code:

ATTFilter

GMER 2.1.19155 - hxxp://www.gmer.net
Rootkit scan 2013-03-11 16:45:33
Windows 6.0.6002 Service Pack 2 \Device\Harddisk0\DR0 -> \Device\Ide\IdeDeviceP0T0L0-0 WDC_WD2500BEKT-75PVMT0 rev.01.01A01 232,89GB
Running: gmer_2.1.19155.exe; Driver: C:\Users\Karo\AppData\Local\Temp\kxldqpog.sys


---- System - GMER 2.1 ----

SSDT   881C14FE                       ZwCreateSection
SSDT   881C1508                       ZwRequestWaitReplyPort
SSDT   881C1503                       ZwSetContextThread
SSDT   881C150D                       ZwSetSecurityObject
SSDT   881C1512                       ZwSystemDebugControl
SSDT   881C149F                       ZwTerminateProcess

---- Kernel code sections - GMER 2.1 ----

.text  ntkrnlpa.exe!KeSetEvent + 215  81AC7998 4 Bytes  [FE, 14, 1C, 88]
.text  ntkrnlpa.exe!KeSetEvent + 539  81AC7CBC 4 Bytes  [08, 15, 1C, 88]
.text  ntkrnlpa.exe!KeSetEvent + 56D  81AC7CF0 4 Bytes  [03, 15, 1C, 88]
.text  ntkrnlpa.exe!KeSetEvent + 5D1  81AC7D54 4 Bytes  [0D, 15, 1C, 88]
.text  ntkrnlpa.exe!KeSetEvent + 619  81AC7D9C 4 Bytes  [12, 15, 1C, 88]
.text  ...                            

---- EOF - GMER 2.1 ----

Das Ergebnis von dem 2ten Tool (Malwarebytes Anti-Rootkit (MBAR)) ergab keinen Fund von einer unerwünschten Datei. Es war kein Neustart erforderlich.

Code:

ATTFilter

---------------------------------------
Malwarebytes Anti-Rootkit BETA 1.01.0.1021

(c) Malwarebytes Corporation 2011-2012

OS version: 6.0.6002 Windows Vista Service Pack 2 x86

Account is Non-administrative

Internet Explorer version: 7.0.6002.18005

File system is: NTFS
Disk drives: C:\ DRIVE_FIXED
CPU speed: 1.995000 GHz
Memory total: 2105155584, free: 908328960

---------------------------------------
Malwarebytes Anti-Rootkit BETA 1.01.0.1021

(c) Malwarebytes Corporation 2011-2012

OS version: 6.0.6002 Windows Vista Service Pack 2 x86

Account is Non-administrative

Internet Explorer version: 7.0.6002.18005

File system is: NTFS
Disk drives: C:\ DRIVE_FIXED
CPU speed: 1.995000 GHz
Memory total: 2105155584, free: 910278656

------------ Kernel report ------------
     03/11/2013 17:28:10
------------ Loaded modules -----------
\SystemRoot\system32\ntkrnlpa.exe
\SystemRoot\system32\hal.dll
\SystemRoot\system32\kdcom.dll
\SystemRoot\system32\mcupdate_GenuineIntel.dll
\SystemRoot\system32\PSHED.dll
\SystemRoot\system32\BOOTVID.dll
\SystemRoot\system32\CLFS.SYS
\SystemRoot\system32\CI.dll
\SystemRoot\system32\drivers\Wdf01000.sys
\SystemRoot\system32\drivers\WDFLDR.SYS
\SystemRoot\system32\drivers\acpi.sys
\SystemRoot\system32\drivers\WMILIB.SYS
\SystemRoot\system32\drivers\msisadrv.sys
\SystemRoot\system32\drivers\pci.sys
\SystemRoot\System32\drivers\partmgr.sys
\SystemRoot\system32\DRIVERS\compbatt.sys
\SystemRoot\system32\DRIVERS\BATTC.SYS
\SystemRoot\system32\drivers\volmgr.sys
\SystemRoot\System32\drivers\volmgrx.sys
\SystemRoot\System32\drivers\mountmgr.sys
\SystemRoot\system32\drivers\atapi.sys
\SystemRoot\system32\drivers\ataport.SYS
\SystemRoot\system32\drivers\msahci.sys
\SystemRoot\system32\drivers\PCIIDEX.SYS
\SystemRoot\system32\drivers\fltmgr.sys
\SystemRoot\system32\drivers\fileinfo.sys
\SystemRoot\System32\Drivers\ksecdd.sys
\SystemRoot\system32\drivers\ndis.sys
\SystemRoot\system32\drivers\msrpc.sys
\SystemRoot\system32\drivers\NETIO.SYS
\SystemRoot\System32\drivers\tcpip.sys
\SystemRoot\System32\drivers\fwpkclnt.sys
\SystemRoot\System32\Drivers\Ntfs.sys
\SystemRoot\system32\drivers\volsnap.sys
\SystemRoot\System32\Drivers\spldr.sys
\SystemRoot\System32\Drivers\mup.sys
\SystemRoot\System32\drivers\ecache.sys
\SystemRoot\system32\drivers\disk.sys
\SystemRoot\system32\drivers\CLASSPNP.SYS
\SystemRoot\system32\drivers\crcdisk.sys
\SystemRoot\system32\DRIVERS\tunnel.sys
\SystemRoot\system32\DRIVERS\tunmp.sys
\SystemRoot\system32\DRIVERS\igdkmd32.sys
\SystemRoot\System32\drivers\dxgkrnl.sys
\SystemRoot\System32\drivers\watchdog.sys
\SystemRoot\system32\DRIVERS\usbuhci.sys
\SystemRoot\system32\DRIVERS\USBPORT.SYS
\SystemRoot\system32\DRIVERS\usbehci.sys
\SystemRoot\system32\DRIVERS\HDAudBus.sys
\SystemRoot\system32\DRIVERS\bcmwl6.sys
\SystemRoot\system32\DRIVERS\yk60x86.sys
\SystemRoot\system32\DRIVERS\i8042prt.sys
\SystemRoot\system32\DRIVERS\Apfiltr.sys
\SystemRoot\system32\DRIVERS\mouclass.sys
\SystemRoot\system32\DRIVERS\kbdclass.sys
\SystemRoot\system32\DRIVERS\cdrom.sys
\SystemRoot\system32\DRIVERS\GEARAspiWDM.sys
\SystemRoot\system32\DRIVERS\CmBatt.sys
\SystemRoot\system32\DRIVERS\wmiacpi.sys
\SystemRoot\system32\DRIVERS\intelppm.sys
\SystemRoot\system32\DRIVERS\msiscsi.sys
\SystemRoot\system32\DRIVERS\storport.sys
\SystemRoot\system32\DRIVERS\TDI.SYS
\SystemRoot\system32\DRIVERS\rasl2tp.sys
\SystemRoot\system32\DRIVERS\ndistapi.sys
\SystemRoot\system32\DRIVERS\ndiswan.sys
\SystemRoot\system32\DRIVERS\raspppoe.sys
\SystemRoot\system32\DRIVERS\raspptp.sys
\SystemRoot\system32\DRIVERS\rassstp.sys
\SystemRoot\system32\DRIVERS\termdd.sys
\SystemRoot\system32\DRIVERS\swenum.sys
\SystemRoot\system32\DRIVERS\ks.sys
\SystemRoot\system32\DRIVERS\mssmbios.sys
\SystemRoot\system32\DRIVERS\umbus.sys
\SystemRoot\system32\DRIVERS\usbhub.sys
\SystemRoot\System32\Drivers\NDProxy.SYS
\SystemRoot\system32\drivers\HdAudio.sys
\SystemRoot\system32\drivers\portcls.sys
\SystemRoot\system32\drivers\drmk.sys
\SystemRoot\System32\Drivers\Fs_Rec.SYS
\SystemRoot\System32\Drivers\Null.SYS
\SystemRoot\System32\Drivers\Beep.SYS
\SystemRoot\System32\drivers\vga.sys
\SystemRoot\System32\drivers\VIDEOPRT.SYS
\SystemRoot\System32\DRIVERS\RDPCDD.sys
\SystemRoot\system32\drivers\rdpencdd.sys
\SystemRoot\System32\Drivers\Msfs.SYS
\SystemRoot\System32\Drivers\Npfs.SYS
\SystemRoot\System32\DRIVERS\rasacd.sys
\SystemRoot\system32\DRIVERS\tdx.sys
\SystemRoot\system32\DRIVERS\smb.sys
\SystemRoot\system32\drivers\afd.sys
\SystemRoot\System32\DRIVERS\netbt.sys
\SystemRoot\system32\DRIVERS\pacer.sys
\SystemRoot\system32\DRIVERS\netbios.sys
\SystemRoot\system32\DRIVERS\wanarp.sys
\SystemRoot\system32\DRIVERS\ssmdrv.sys
\SystemRoot\system32\DRIVERS\rdbss.sys
\SystemRoot\system32\drivers\nsiproxy.sys
\SystemRoot\System32\Drivers\dfsc.sys
\SystemRoot\system32\DRIVERS\avkmgr.sys
\SystemRoot\system32\DRIVERS\avipbb.sys
\SystemRoot\System32\Drivers\crashdmp.sys
\SystemRoot\System32\Drivers\dump_dumpata.sys
\SystemRoot\System32\Drivers\dump_msahci.sys
\SystemRoot\system32\DRIVERS\USBSTOR.SYS
\SystemRoot\system32\DRIVERS\USBD.SYS
\SystemRoot\System32\win32k.sys
\SystemRoot\System32\drivers\Dxapi.sys
\SystemRoot\system32\DRIVERS\monitor.sys
\SystemRoot\System32\TSDDD.dll
\SystemRoot\System32\cdd.dll
\SystemRoot\system32\drivers\luafv.sys
\SystemRoot\system32\DRIVERS\avgntflt.sys
\SystemRoot\system32\drivers\spsys.sys
\SystemRoot\system32\DRIVERS\lltdio.sys
\SystemRoot\system32\DRIVERS\nwifi.sys
\SystemRoot\system32\DRIVERS\ndisuio.sys
\SystemRoot\system32\DRIVERS\rspndr.sys
\SystemRoot\system32\drivers\HTTP.sys
\SystemRoot\System32\DRIVERS\srvnet.sys
\SystemRoot\system32\DRIVERS\bowser.sys
\SystemRoot\System32\drivers\mpsdrv.sys
\SystemRoot\system32\drivers\mrxdav.sys
\SystemRoot\system32\DRIVERS\mrxsmb.sys
\SystemRoot\system32\DRIVERS\mrxsmb10.sys
\SystemRoot\system32\DRIVERS\mrxsmb20.sys
\SystemRoot\System32\DRIVERS\srv2.sys
\SystemRoot\System32\DRIVERS\srv.sys
\SystemRoot\system32\drivers\peauth.sys
\SystemRoot\System32\Drivers\secdrv.SYS
\SystemRoot\System32\drivers\tcpipreg.sys
\SystemRoot\system32\DRIVERS\WUDFRd.sys
\SystemRoot\system32\DRIVERS\WUDFPf.sys
\SystemRoot\system32\drivers\BCM42RLY.sys
\SystemRoot\system32\DRIVERS\cdfs.sys
\??\C:\Users\Karo\AppData\Local\Temp\kxldqpog.sys
\??\C:\Windows\system32\drivers\mbamchameleon.sys
\??\C:\Windows\system32\drivers\mbamswissarmy.sys
\Windows\System32\ntdll.dll
----------- End -----------
<<<1>>>
Upper Device Name: \Device\Harddisk1\DR1
Upper Device Object: 0xffffffff85b3d840
Upper Device Driver Name: \Driver\disk\
Lower Device Name: \Device\00000060\
Lower Device Object: 0xffffffff85b06930
Lower Device Driver Name: \Driver\USBSTOR\
Driver name found: USBSTOR
Initialization returned 0x0
Load Function returned 0x0
<<<1>>>
Upper Device Name: \Device\Harddisk0\DR0
Upper Device Object: 0xffffffff84b58618
Upper Device Driver Name: \Driver\disk\
Lower Device Name: \Device\Ide\IdeDeviceP0T0L0-0\
Lower Device Object: 0xffffffff83a208a0
Lower Device Driver Name: \Driver\atapi\
Driver name found: atapi
Initialization returned 0x0
Port sub-driver loaded: \??\C:\Windows\System32\drivers\ataport.sys (0x0)
Load Function returned 0x0
Downloaded database version: v2013.03.11.09
Initializing...
Done!
<<<2>>>
Device number: 0, partition: 1
Physical Sector Size: 512
Drive: 0, DevicePointer: 0xffffffff84b58618, DeviceName: \Device\Harddisk0\DR0\, DriverName: \Driver\disk\
--------- Disk Stack ------
DevicePointer: 0xffffffff84b58240, DeviceName: Unknown, DriverName: \Driver\partmgr\
DevicePointer: 0xffffffff84b58618, DeviceName: \Device\Harddisk0\DR0\, DriverName: \Driver\disk\
DevicePointer: 0xffffffff83a208a0, DeviceName: \Device\Ide\IdeDeviceP0T0L0-0\, DriverName: \Driver\atapi\
------------ End ----------
Alternate DeviceName: \Device\Harddisk0\DR0\, DriverName: \Driver\disk\
Upper DeviceData: 0xffffffffac6ef398, 0xffffffff84b58618, 0xffffffff815feac8
Lower DeviceData: 0xffffffffb858b1d8, 0xffffffff83a208a0, 0xffffffffb6d1f290
<<<3>>>
Volume: C:
File system type: NTFS
SectorSize = 512, ClusterSize = 4096, MFTRecordSize = 1024, MFTIndexSize = 4096 bytes
Scanning directory: C:\Windows\system32\drivers...
<<<2>>>
Device number: 0, partition: 1
<<<3>>>
Volume: C:
File system type: NTFS
SectorSize = 512, ClusterSize = 4096, MFTRecordSize = 1024, MFTIndexSize = 4096 bytes
Done!
Drive 0
Scanning MBR on drive 0...
Inspecting partition table:
MBR Signature: 55AA
Disk Signature: 1923D6F2

Partition information:

    Partition 0 type is Primary (0x7)
    Partition is ACTIVE.
    Partition starts at LBA: 2048  Numsec = 488392704
    Partition file system is NTFS
    Partition is bootable

    Partition 1 type is Empty (0x0)
    Partition is NOT ACTIVE.
    Partition starts at LBA: 0  Numsec = 0

    Partition 2 type is Empty (0x0)
    Partition is NOT ACTIVE.
    Partition starts at LBA: 0  Numsec = 0

    Partition 3 type is Empty (0x0)
    Partition is NOT ACTIVE.
    Partition starts at LBA: 0  Numsec = 0

Disk Size: 250059350016 bytes
Sector size: 512 bytes

Scanning physical sectors of unpartitioned space on drive 0 (1-2047-488377168-488397168)...
Physical Sector Size: 0
Drive: 1, DevicePointer: 0xffffffff85b3d840, DeviceName: \Device\Harddisk1\DR1\, DriverName: \Driver\disk\
--------- Disk Stack ------
DevicePointer: 0xffffffff84d5eac8, DeviceName: Unknown, DriverName: \Driver\partmgr\
DevicePointer: 0xffffffff85b3d840, DeviceName: \Device\Harddisk1\DR1\, DriverName: \Driver\disk\
DevicePointer: 0xffffffff85b06930, DeviceName: \Device\00000060\, DriverName: \Driver\USBSTOR\
------------ End ----------
Done!
Performing system, memory and registry scan...
Done!
Scan finished
=======================================

Code:

ATTFilter

Malwarebytes Anti-Rootkit BETA 1.01.0.1021
www.malwarebytes.org

Database version: v2013.03.11.09

Windows Vista Service Pack 2 x86 NTFS
Internet Explorer 7.0.6002.18005
Karo :: KARO-PC [limited]

11.03.2013 18:01:57
mbar-log-2013-03-11 (18-01-57).txt

Scan type: Quick scan
Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM | P2P
Scan options disabled: 
Objects scanned: 27325
Time elapsed: 10 minute(s), 38 second(s)

Memory Processes Detected: 0
(No malicious items detected)

Memory Modules Detected: 0
(No malicious items detected)

Registry Keys Detected: 0
(No malicious items detected)

Registry Values Detected: 0
(No malicious items detected)

Registry Data Items Detected: 0
(No malicious items detected)

Folders Detected: 0
(No malicious items detected)

Files Detected: 0
(No malicious items detected)

(end)

So, hab jetzt alles durchlaufen lassen..

hier einmal Gmer

Code:

ATTFilter

GMER 2.1.19155 - hxxp://www.gmer.net
Rootkit scan 2013-03-11 16:45:33
Windows 6.0.6002 Service Pack 2 \Device\Harddisk0\DR0 -> \Device\Ide\IdeDeviceP0T0L0-0 WDC_WD2500BEKT-75PVMT0 rev.01.01A01 232,89GB
Running: gmer_2.1.19155.exe; Driver: C:\Users\Karo\AppData\Local\Temp\kxldqpog.sys


---- System - GMER 2.1 ----

SSDT   881C14FE                       ZwCreateSection
SSDT   881C1508                       ZwRequestWaitReplyPort
SSDT   881C1503                       ZwSetContextThread
SSDT   881C150D                       ZwSetSecurityObject
SSDT   881C1512                       ZwSystemDebugControl
SSDT   881C149F                       ZwTerminateProcess

---- Kernel code sections - GMER 2.1 ----

.text  ntkrnlpa.exe!KeSetEvent + 215  81AC7998 4 Bytes  [FE, 14, 1C, 88]
.text  ntkrnlpa.exe!KeSetEvent + 539  81AC7CBC 4 Bytes  [08, 15, 1C, 88]
.text  ntkrnlpa.exe!KeSetEvent + 56D  81AC7CF0 4 Bytes  [03, 15, 1C, 88]
.text  ntkrnlpa.exe!KeSetEvent + 5D1  81AC7D54 4 Bytes  [0D, 15, 1C, 88]
.text  ntkrnlpa.exe!KeSetEvent + 619  81AC7D9C 4 Bytes  [12, 15, 1C, 88]
.text  ...                            

---- EOF - GMER 2.1 ----

Das Ergebnis von dem 2ten Tool (Malwarebytes Anti-Rootkit (MBAR)) ergab keinen Fund von einer unerwünschten Datei. Es war kein Neustart erforderlich.

Code:

ATTFilter

---------------------------------------
Malwarebytes Anti-Rootkit BETA 1.01.0.1021

(c) Malwarebytes Corporation 2011-2012

OS version: 6.0.6002 Windows Vista Service Pack 2 x86

Account is Non-administrative

Internet Explorer version: 7.0.6002.18005

File system is: NTFS
Disk drives: C:\ DRIVE_FIXED
CPU speed: 1.995000 GHz
Memory total: 2105155584, free: 908328960

---------------------------------------
Malwarebytes Anti-Rootkit BETA 1.01.0.1021

(c) Malwarebytes Corporation 2011-2012

OS version: 6.0.6002 Windows Vista Service Pack 2 x86

Account is Non-administrative

Internet Explorer version: 7.0.6002.18005

File system is: NTFS
Disk drives: C:\ DRIVE_FIXED
CPU speed: 1.995000 GHz
Memory total: 2105155584, free: 910278656

------------ Kernel report ------------
     03/11/2013 17:28:10
------------ Loaded modules -----------
\SystemRoot\system32\ntkrnlpa.exe
\SystemRoot\system32\hal.dll
\SystemRoot\system32\kdcom.dll
\SystemRoot\system32\mcupdate_GenuineIntel.dll
\SystemRoot\system32\PSHED.dll
\SystemRoot\system32\BOOTVID.dll
\SystemRoot\system32\CLFS.SYS
\SystemRoot\system32\CI.dll
\SystemRoot\system32\drivers\Wdf01000.sys
\SystemRoot\system32\drivers\WDFLDR.SYS
\SystemRoot\system32\drivers\acpi.sys
\SystemRoot\system32\drivers\WMILIB.SYS
\SystemRoot\system32\drivers\msisadrv.sys
\SystemRoot\system32\drivers\pci.sys
\SystemRoot\System32\drivers\partmgr.sys
\SystemRoot\system32\DRIVERS\compbatt.sys
\SystemRoot\system32\DRIVERS\BATTC.SYS
\SystemRoot\system32\drivers\volmgr.sys
\SystemRoot\System32\drivers\volmgrx.sys
\SystemRoot\System32\drivers\mountmgr.sys
\SystemRoot\system32\drivers\atapi.sys
\SystemRoot\system32\drivers\ataport.SYS
\SystemRoot\system32\drivers\msahci.sys
\SystemRoot\system32\drivers\PCIIDEX.SYS
\SystemRoot\system32\drivers\fltmgr.sys
\SystemRoot\system32\drivers\fileinfo.sys
\SystemRoot\System32\Drivers\ksecdd.sys
\SystemRoot\system32\drivers\ndis.sys
\SystemRoot\system32\drivers\msrpc.sys
\SystemRoot\system32\drivers\NETIO.SYS
\SystemRoot\System32\drivers\tcpip.sys
\SystemRoot\System32\drivers\fwpkclnt.sys
\SystemRoot\System32\Drivers\Ntfs.sys
\SystemRoot\system32\drivers\volsnap.sys
\SystemRoot\System32\Drivers\spldr.sys
\SystemRoot\System32\Drivers\mup.sys
\SystemRoot\System32\drivers\ecache.sys
\SystemRoot\system32\drivers\disk.sys
\SystemRoot\system32\drivers\CLASSPNP.SYS
\SystemRoot\system32\drivers\crcdisk.sys
\SystemRoot\system32\DRIVERS\tunnel.sys
\SystemRoot\system32\DRIVERS\tunmp.sys
\SystemRoot\system32\DRIVERS\igdkmd32.sys
\SystemRoot\System32\drivers\dxgkrnl.sys
\SystemRoot\System32\drivers\watchdog.sys
\SystemRoot\system32\DRIVERS\usbuhci.sys
\SystemRoot\system32\DRIVERS\USBPORT.SYS
\SystemRoot\system32\DRIVERS\usbehci.sys
\SystemRoot\system32\DRIVERS\HDAudBus.sys
\SystemRoot\system32\DRIVERS\bcmwl6.sys
\SystemRoot\system32\DRIVERS\yk60x86.sys
\SystemRoot\system32\DRIVERS\i8042prt.sys
\SystemRoot\system32\DRIVERS\Apfiltr.sys
\SystemRoot\system32\DRIVERS\mouclass.sys
\SystemRoot\system32\DRIVERS\kbdclass.sys
\SystemRoot\system32\DRIVERS\cdrom.sys
\SystemRoot\system32\DRIVERS\GEARAspiWDM.sys
\SystemRoot\system32\DRIVERS\CmBatt.sys
\SystemRoot\system32\DRIVERS\wmiacpi.sys
\SystemRoot\system32\DRIVERS\intelppm.sys
\SystemRoot\system32\DRIVERS\msiscsi.sys
\SystemRoot\system32\DRIVERS\storport.sys
\SystemRoot\system32\DRIVERS\TDI.SYS
\SystemRoot\system32\DRIVERS\rasl2tp.sys
\SystemRoot\system32\DRIVERS\ndistapi.sys
\SystemRoot\system32\DRIVERS\ndiswan.sys
\SystemRoot\system32\DRIVERS\raspppoe.sys
\SystemRoot\system32\DRIVERS\raspptp.sys
\SystemRoot\system32\DRIVERS\rassstp.sys
\SystemRoot\system32\DRIVERS\termdd.sys
\SystemRoot\system32\DRIVERS\swenum.sys
\SystemRoot\system32\DRIVERS\ks.sys
\SystemRoot\system32\DRIVERS\mssmbios.sys
\SystemRoot\system32\DRIVERS\umbus.sys
\SystemRoot\system32\DRIVERS\usbhub.sys
\SystemRoot\System32\Drivers\NDProxy.SYS
\SystemRoot\system32\drivers\HdAudio.sys
\SystemRoot\system32\drivers\portcls.sys
\SystemRoot\system32\drivers\drmk.sys
\SystemRoot\System32\Drivers\Fs_Rec.SYS
\SystemRoot\System32\Drivers\Null.SYS
\SystemRoot\System32\Drivers\Beep.SYS
\SystemRoot\System32\drivers\vga.sys
\SystemRoot\System32\drivers\VIDEOPRT.SYS
\SystemRoot\System32\DRIVERS\RDPCDD.sys
\SystemRoot\system32\drivers\rdpencdd.sys
\SystemRoot\System32\Drivers\Msfs.SYS
\SystemRoot\System32\Drivers\Npfs.SYS
\SystemRoot\System32\DRIVERS\rasacd.sys
\SystemRoot\system32\DRIVERS\tdx.sys
\SystemRoot\system32\DRIVERS\smb.sys
\SystemRoot\system32\drivers\afd.sys
\SystemRoot\System32\DRIVERS\netbt.sys
\SystemRoot\system32\DRIVERS\pacer.sys
\SystemRoot\system32\DRIVERS\netbios.sys
\SystemRoot\system32\DRIVERS\wanarp.sys
\SystemRoot\system32\DRIVERS\ssmdrv.sys
\SystemRoot\system32\DRIVERS\rdbss.sys
\SystemRoot\system32\drivers\nsiproxy.sys
\SystemRoot\System32\Drivers\dfsc.sys
\SystemRoot\system32\DRIVERS\avkmgr.sys
\SystemRoot\system32\DRIVERS\avipbb.sys
\SystemRoot\System32\Drivers\crashdmp.sys
\SystemRoot\System32\Drivers\dump_dumpata.sys
\SystemRoot\System32\Drivers\dump_msahci.sys
\SystemRoot\system32\DRIVERS\USBSTOR.SYS
\SystemRoot\system32\DRIVERS\USBD.SYS
\SystemRoot\System32\win32k.sys
\SystemRoot\System32\drivers\Dxapi.sys
\SystemRoot\system32\DRIVERS\monitor.sys
\SystemRoot\System32\TSDDD.dll
\SystemRoot\System32\cdd.dll
\SystemRoot\system32\drivers\luafv.sys
\SystemRoot\system32\DRIVERS\avgntflt.sys
\SystemRoot\system32\drivers\spsys.sys
\SystemRoot\system32\DRIVERS\lltdio.sys
\SystemRoot\system32\DRIVERS\nwifi.sys
\SystemRoot\system32\DRIVERS\ndisuio.sys
\SystemRoot\system32\DRIVERS\rspndr.sys
\SystemRoot\system32\drivers\HTTP.sys
\SystemRoot\System32\DRIVERS\srvnet.sys
\SystemRoot\system32\DRIVERS\bowser.sys
\SystemRoot\System32\drivers\mpsdrv.sys
\SystemRoot\system32\drivers\mrxdav.sys
\SystemRoot\system32\DRIVERS\mrxsmb.sys
\SystemRoot\system32\DRIVERS\mrxsmb10.sys
\SystemRoot\system32\DRIVERS\mrxsmb20.sys
\SystemRoot\System32\DRIVERS\srv2.sys
\SystemRoot\System32\DRIVERS\srv.sys
\SystemRoot\system32\drivers\peauth.sys
\SystemRoot\System32\Drivers\secdrv.SYS
\SystemRoot\System32\drivers\tcpipreg.sys
\SystemRoot\system32\DRIVERS\WUDFRd.sys
\SystemRoot\system32\DRIVERS\WUDFPf.sys
\SystemRoot\system32\drivers\BCM42RLY.sys
\SystemRoot\system32\DRIVERS\cdfs.sys
\??\C:\Users\Karo\AppData\Local\Temp\kxldqpog.sys
\??\C:\Windows\system32\drivers\mbamchameleon.sys
\??\C:\Windows\system32\drivers\mbamswissarmy.sys
\Windows\System32\ntdll.dll
----------- End -----------
<<<1>>>
Upper Device Name: \Device\Harddisk1\DR1
Upper Device Object: 0xffffffff85b3d840
Upper Device Driver Name: \Driver\disk\
Lower Device Name: \Device\00000060\
Lower Device Object: 0xffffffff85b06930
Lower Device Driver Name: \Driver\USBSTOR\
Driver name found: USBSTOR
Initialization returned 0x0
Load Function returned 0x0
<<<1>>>
Upper Device Name: \Device\Harddisk0\DR0
Upper Device Object: 0xffffffff84b58618
Upper Device Driver Name: \Driver\disk\
Lower Device Name: \Device\Ide\IdeDeviceP0T0L0-0\
Lower Device Object: 0xffffffff83a208a0
Lower Device Driver Name: \Driver\atapi\
Driver name found: atapi
Initialization returned 0x0
Port sub-driver loaded: \??\C:\Windows\System32\drivers\ataport.sys (0x0)
Load Function returned 0x0
Downloaded database version: v2013.03.11.09
Initializing...
Done!
<<<2>>>
Device number: 0, partition: 1
Physical Sector Size: 512
Drive: 0, DevicePointer: 0xffffffff84b58618, DeviceName: \Device\Harddisk0\DR0\, DriverName: \Driver\disk\
--------- Disk Stack ------
DevicePointer: 0xffffffff84b58240, DeviceName: Unknown, DriverName: \Driver\partmgr\
DevicePointer: 0xffffffff84b58618, DeviceName: \Device\Harddisk0\DR0\, DriverName: \Driver\disk\
DevicePointer: 0xffffffff83a208a0, DeviceName: \Device\Ide\IdeDeviceP0T0L0-0\, DriverName: \Driver\atapi\
------------ End ----------
Alternate DeviceName: \Device\Harddisk0\DR0\, DriverName: \Driver\disk\
Upper DeviceData: 0xffffffffac6ef398, 0xffffffff84b58618, 0xffffffff815feac8
Lower DeviceData: 0xffffffffb858b1d8, 0xffffffff83a208a0, 0xffffffffb6d1f290
<<<3>>>
Volume: C:
File system type: NTFS
SectorSize = 512, ClusterSize = 4096, MFTRecordSize = 1024, MFTIndexSize = 4096 bytes
Scanning directory: C:\Windows\system32\drivers...
<<<2>>>
Device number: 0, partition: 1
<<<3>>>
Volume: C:
File system type: NTFS
SectorSize = 512, ClusterSize = 4096, MFTRecordSize = 1024, MFTIndexSize = 4096 bytes
Done!
Drive 0
Scanning MBR on drive 0...
Inspecting partition table:
MBR Signature: 55AA
Disk Signature: 1923D6F2

Partition information:

    Partition 0 type is Primary (0x7)
    Partition is ACTIVE.
    Partition starts at LBA: 2048  Numsec = 488392704
    Partition file system is NTFS
    Partition is bootable

    Partition 1 type is Empty (0x0)
    Partition is NOT ACTIVE.
    Partition starts at LBA: 0  Numsec = 0

    Partition 2 type is Empty (0x0)
    Partition is NOT ACTIVE.
    Partition starts at LBA: 0  Numsec = 0

    Partition 3 type is Empty (0x0)
    Partition is NOT ACTIVE.
    Partition starts at LBA: 0  Numsec = 0

Disk Size: 250059350016 bytes
Sector size: 512 bytes

Scanning physical sectors of unpartitioned space on drive 0 (1-2047-488377168-488397168)...
Physical Sector Size: 0
Drive: 1, DevicePointer: 0xffffffff85b3d840, DeviceName: \Device\Harddisk1\DR1\, DriverName: \Driver\disk\
--------- Disk Stack ------
DevicePointer: 0xffffffff84d5eac8, DeviceName: Unknown, DriverName: \Driver\partmgr\
DevicePointer: 0xffffffff85b3d840, DeviceName: \Device\Harddisk1\DR1\, DriverName: \Driver\disk\
DevicePointer: 0xffffffff85b06930, DeviceName: \Device\00000060\, DriverName: \Driver\USBSTOR\
------------ End ----------
Done!
Performing system, memory and registry scan...
Done!
Scan finished
=======================================

Code:

ATTFilter

Malwarebytes Anti-Rootkit BETA 1.01.0.1021
www.malwarebytes.org

Database version: v2013.03.11.09

Windows Vista Service Pack 2 x86 NTFS
Internet Explorer 7.0.6002.18005
Karo :: KARO-PC [limited]

11.03.2013 18:01:57
mbar-log-2013-03-11 (18-01-57).txt

Scan type: Quick scan
Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM | P2P
Scan options disabled: 
Objects scanned: 27325
Time elapsed: 10 minute(s), 38 second(s)

Memory Processes Detected: 0
(No malicious items detected)

Memory Modules Detected: 0
(No malicious items detected)

Registry Keys Detected: 0
(No malicious items detected)

Registry Values Detected: 0
(No malicious items detected)

Registry Data Items Detected: 0
(No malicious items detected)

Folders Detected: 0
(No malicious items detected)

Files Detected: 0
(No malicious items detected)

(end)

hoppla doppelt gepostet, sorry!

cosinus · 11.03.2013, 20:21

aswMBR

Downloade dir bitte

aswMBR.exe und speichere die Datei auf deinem Desktop.

Starte die aswMBR.exe - (aswMBR.exe Anleitung)
Ab Windows Vista (oder höher) bitte mit Rechtsklick "als Administrator ausführen" starten".
Das Tool wird dich fragen, ob Du mit der aktuellen Virendefinition von AVAST! dein System scannen willst. Beantworte diese Frage bitte mit Ja. (Sollte deine Firewall fragen, bitte den Zugriff auf das Internet zulassen )
Der Download der Definitionen kann je nach Verbindung eine Weile dauern.
Klicke auf Scan.
Warte bitte bis Scan finished successfully im DOS-Fenster steht.
Drücke auf Save Log und speichere diese auf dem Desktop.

Poste mir die aswMBR.txt in deiner nächsten Antwort.

Wichtig: Drücke keinesfalls einen der Fix Buttons ohne Anweisung

Hinweis: Sollte der Scan Button ausgeblendet sein, schließe das Tool und starte es erneut. Sollte der Scan abbrechen und das Programm abstürzen, dann teile mir das mit und wähle unter AV Scan die Einstellung (none).

TDSS-Killer

Downloade dir bitte

TDSSKiller.exe und speichere diese Datei auf dem Desktop

Starte die TDSSKiller.exe - Einstellen wie in der Anleitung zu TDSSKiller beschrieben.
Drücke Start Scan
Sollten infizierte Objekte gefunden werden, wähle keinesfalls Cure. Wähle Skip und klicke auf Continue.
TDSSKiller wird eine Logfile auf deinem Systemlaufwerk speichern (Meistens C:\)
Als Beispiel: C:\TDSSKiller.<Version_Datum_Uhrzeit>log.txt

Poste den Inhalt bitte in jedem Fall hier in deinen Thread.

Alexandra64 · 11.03.2013, 21:52

hier einmal von aswMBR:

Code:

ATTFilter

aswMBR version 0.9.9.1707 Copyright(c) 2011 AVAST Software
Run date: 2013-03-11 21:46:34
-----------------------------
21:46:34.512    OS Version: Windows 6.0.6002 Service Pack 2
21:46:34.512    Number of processors: 2 586 0x170A
21:46:34.512    ComputerName: KARO-PC  UserName: Karo
21:46:36.914    Initialize success
21:48:37.244    Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\Ide\IdeDeviceP0T0L0-0
21:48:37.244    Disk 0 Vendor: WDC_WD2500BEKT-75PVMT0 01.01A01 Size: 238475MB BusType: 3
21:48:37.291    Disk 0 MBR read successfully
21:48:37.306    Disk 0 MBR scan
21:48:37.306    Disk 0 Windows VISTA default MBR code
21:48:37.322    Disk 0 Partition 1 80 (A) 07    HPFS/NTFS NTFS       238473 MB offset 2048
21:48:37.322    Disk 0 scanning sectors +488394752
21:48:37.556    Disk 0 scanning C:\Windows\system32\drivers
21:49:13.080    Service scanning
21:49:26.684    Modules scanning
21:50:02.537    Disk 0 trace - called modules:
21:50:02.568    ntkrnlpa.exe CLASSPNP.SYS disk.sys ataport.SYS hal.dll PCIIDEX.SYS msahci.sys dxgkrnl.sys igdkmd32.sys tcpip.sys intelppm.sys 
21:50:02.584    1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0x84b58618]
21:50:02.584    3 CLASSPNP.SYS[8779d8b3] -> nt!IofCallDriver -> \Device\Ide\IdeDeviceP0T0L0-0[0x83a208a0]
21:50:03.099    Scan finished successfully
21:50:20.494    Disk 0 MBR has been saved successfully to "C:\Users\Karo\Downloads\MBR.dat"
21:50:20.509    The log file has been saved successfully to "C:\Users\Karo\Downloads\aswMBR.txt"

und hier der scan von TDSSKiller:

Code:

ATTFilter

22:10:53.0268 4084  TDSS rootkit removing tool 2.8.16.0 Feb 11 2013 18:50:42
22:10:53.0518 4084  ============================================================
22:10:53.0518 4084  Current date / time: 2013/03/11 22:10:53.0518
22:10:53.0518 4084  SystemInfo:
22:10:53.0518 4084  
22:10:53.0518 4084  OS Version: 6.0.6002 ServicePack: 2.0
22:10:53.0518 4084  Product type: Workstation
22:10:53.0518 4084  ComputerName: KARO-PC
22:10:53.0518 4084  UserName: Karo
22:10:53.0518 4084  Windows directory: C:\Windows
22:10:53.0518 4084  System windows directory: C:\Windows
22:10:53.0518 4084  Processor architecture: Intel x86
22:10:53.0518 4084  Number of processors: 2
22:10:53.0518 4084  Page size: 0x1000
22:10:53.0518 4084  Boot type: Normal boot
22:10:53.0518 4084  ============================================================
22:10:55.0390 4084  Drive \Device\Harddisk0\DR0 - Size: 0x3A38B2E000 (232.89 Gb), SectorSize: 0x200, Cylinders: 0x76C1, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000050
22:10:55.0405 4084  ============================================================
22:10:55.0405 4084  \Device\Harddisk0\DR0:
22:10:55.0405 4084  MBR partitions:
22:10:55.0405 4084  \Device\Harddisk0\DR0\Partition1: MBR, Type 0x7, StartLBA 0x800, BlocksNum 0x1D1C4800
22:10:55.0405 4084  ============================================================
22:10:55.0437 4084  C: <-> \Device\Harddisk0\DR0\Partition1
22:10:55.0437 4084  ============================================================
22:10:55.0437 4084  Initialize success
22:10:55.0437 4084  ============================================================
22:11:30.0063 5540  ============================================================
22:11:30.0078 5540  Scan started
22:11:30.0078 5540  Mode: Manual; SigCheck; TDLFS; 
22:11:30.0078 5540  ============================================================
22:11:30.0577 5540  ================ Scan system memory ========================
22:11:30.0577 5540  System memory - ok
22:11:30.0577 5540  ================ Scan services =============================
22:11:30.0952 5540  [ 82B296AE1892FE3DBEE00C9CF92F8AC7 ] ACPI            C:\Windows\system32\drivers\acpi.sys
22:11:31.0373 5540  ACPI - ok
22:11:31.0482 5540  [ D19C4EE2AC7C47B8F5F84FFF1A789D8A ] AdobeARMservice C:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe
22:11:31.0498 5540  AdobeARMservice - ok
22:11:31.0576 5540  [ 9942DC4CC265CDA00486504444EF521D ] AdobeFlashPlayerUpdateSvc C:\Windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe
22:11:31.0591 5540  AdobeFlashPlayerUpdateSvc - ok
22:11:31.0638 5540  [ 04F0FCAC69C7C71A3AC4EB97FAFC8303 ] adp94xx         C:\Windows\system32\drivers\adp94xx.sys
22:11:31.0669 5540  adp94xx - ok
22:11:31.0701 5540  [ 60505E0041F7751BDBB80F88BF45C2CE ] adpahci         C:\Windows\system32\drivers\adpahci.sys
22:11:31.0716 5540  adpahci - ok
22:11:31.0732 5540  [ 8A42779B02AEC986EAB64ECFC98F8BD7 ] adpu160m        C:\Windows\system32\drivers\adpu160m.sys
22:11:31.0747 5540  adpu160m - ok
22:11:31.0779 5540  [ 241C9E37F8CE45EF51C3DE27515CA4E5 ] adpu320         C:\Windows\system32\drivers\adpu320.sys
22:11:31.0779 5540  adpu320 - ok
22:11:31.0825 5540  [ 9D1FDA9E086BA64E3C93C9DE32461BCF ] AeLookupSvc     C:\Windows\System32\aelupsvc.dll
22:11:31.0888 5540  AeLookupSvc - ok
22:11:31.0935 5540  [ 3911B972B55FEA0478476B2E777B29FA ] AFD             C:\Windows\system32\drivers\afd.sys
22:11:31.0966 5540  AFD - ok
22:11:32.0013 5540  [ 13F9E33747E6B41A3FF305C37DB0D360 ] agp440          C:\Windows\system32\drivers\agp440.sys
22:11:32.0028 5540  agp440 - ok
22:11:32.0075 5540  [ AE1FDF7BF7BB6C6A70F67699D880592A ] aic78xx         C:\Windows\system32\drivers\djsvs.sys
22:11:32.0075 5540  aic78xx - ok
22:11:32.0122 5540  [ A1545B731579895D8CC44FC0481C1192 ] ALG             C:\Windows\System32\alg.exe
22:11:32.0481 5540  ALG - ok
22:11:32.0512 5540  [ 9EAEF5FC9B8E351AFA7E78A6FAE91F91 ] aliide          C:\Windows\system32\drivers\aliide.sys
22:11:32.0605 5540  aliide - ok
22:11:32.0621 5540  [ C47344BC706E5F0B9DCE369516661578 ] amdagp          C:\Windows\system32\drivers\amdagp.sys
22:11:32.0637 5540  amdagp - ok
22:11:32.0668 5540  [ 9B78A39A4C173FDBC1321E0DD659B34C ] amdide          C:\Windows\system32\drivers\amdide.sys
22:11:32.0683 5540  amdide - ok
22:11:32.0715 5540  [ 18F29B49AD23ECEE3D2A826C725C8D48 ] AmdK7           C:\Windows\system32\drivers\amdk7.sys
22:11:32.0808 5540  AmdK7 - ok
22:11:32.0839 5540  [ 93AE7F7DD54AB986A6F1A1B37BE7442D ] AmdK8           C:\Windows\system32\drivers\amdk8.sys
22:11:32.0886 5540  AmdK8 - ok
22:11:33.0183 5540  [ 459465DA28E49B358ECFE0D788F328F4 ] AntiVirSchedulerService C:\Program Files\Avira\AntiVir Desktop\sched.exe
22:11:33.0229 5540  AntiVirSchedulerService - ok
22:11:33.0276 5540  [ BCDD17E8469D647A71B347C4B6F86685 ] AntiVirService  C:\Program Files\Avira\AntiVir Desktop\avguard.exe
22:11:33.0292 5540  AntiVirService - ok
22:11:33.0370 5540  [ B83F9DA84F7079451C1C6A4A2F140920 ] ApfiltrService  C:\Windows\system32\DRIVERS\Apfiltr.sys
22:11:33.0479 5540  ApfiltrService - ok
22:11:33.0541 5540  [ C6D704C7F0434DC791AAC37CAC4B6E14 ] Appinfo         C:\Windows\System32\appinfo.dll
22:11:33.0588 5540  Appinfo - ok
22:11:33.0651 5540  [ A5299D04ED225D64CF07A568A3E1BF8C ] Apple Mobile Device C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
22:11:33.0666 5540  Apple Mobile Device - ok
22:11:33.0713 5540  [ 5D2888182FB46632511ACEE92FDAD522 ] arc             C:\Windows\system32\drivers\arc.sys
22:11:33.0714 5540  arc - ok
22:11:33.0792 5540  [ 5E2A321BD7C8B3624E41FDEC3E244945 ] arcsas          C:\Windows\system32\drivers\arcsas.sys
22:11:33.0792 5540  arcsas - ok
22:11:33.0839 5540  [ 53B202ABEE6455406254444303E87BE1 ] AsyncMac        C:\Windows\system32\DRIVERS\asyncmac.sys
22:11:34.0010 5540  AsyncMac - ok
22:11:34.0073 5540  [ 1F05B78AB91C9075565A9D8A4B880BC4 ] atapi           C:\Windows\system32\drivers\atapi.sys
22:11:34.0120 5540  atapi - ok
22:11:34.0229 5540  [ 68E2A1A0407A66CF50DA0300852424AB ] AudioEndpointBuilder C:\Windows\System32\Audiosrv.dll
22:11:34.0338 5540  AudioEndpointBuilder - ok
22:11:34.0369 5540  [ 68E2A1A0407A66CF50DA0300852424AB ] Audiosrv        C:\Windows\System32\Audiosrv.dll
22:11:34.0447 5540  Audiosrv - ok
22:11:34.0494 5540  [ A5C175039B1D6D85D0E79F5855828E4D ] avgntflt        C:\Windows\system32\DRIVERS\avgntflt.sys
22:11:34.0525 5540  avgntflt - ok
22:11:34.0556 5540  [ 37B854C7D1F477E66C5B49C7700C47CC ] avipbb          C:\Windows\system32\DRIVERS\avipbb.sys
22:11:34.0588 5540  avipbb - ok
22:11:34.0619 5540  [ CC4EBA25D80DE42BBC2BF3E553219388 ] avkmgr          C:\Windows\system32\DRIVERS\avkmgr.sys
22:11:34.0634 5540  avkmgr - ok
22:11:34.0712 5540  [ 423C7B87E886AC93D22936EA82665F83 ] BCM42RLY        C:\Windows\system32\drivers\BCM42RLY.sys
22:11:34.0728 5540  BCM42RLY - ok
22:11:34.0823 5540  [ B56999BE8F22BA3071E4CEAFA9E82E26 ] BCM43XX         C:\Windows\system32\DRIVERS\bcmwl6.sys
22:11:34.0901 5540  BCM43XX - ok
22:11:34.0963 5540  [ 67E506B75BD5326A3EC7B70BD014DFB6 ] Beep            C:\Windows\system32\drivers\Beep.sys
22:11:35.0057 5540  Beep - ok
22:11:35.0213 5540  [ C789AF0F724FDA5852FB9A7D3A432381 ] BFE             C:\Windows\System32\bfe.dll
22:11:35.0244 5540  BFE - ok
22:11:35.0291 5540  [ 93952506C6D67330367F7E7934B6A02F ] BITS            C:\Windows\System32\qmgr.dll
22:11:35.0353 5540  BITS - ok
22:11:35.0400 5540  [ D4DF28447741FD3D953526E33A617397 ] blbdrive        C:\Windows\system32\drivers\blbdrive.sys
22:11:35.0431 5540  blbdrive - ok
22:11:35.0493 5540  [ DB5BEA73EDAF19AC68B2C0FAD0F92B1A ] Bonjour Service C:\Program Files\Bonjour\mDNSResponder.exe
22:11:35.0525 5540  Bonjour Service - ok
22:11:35.0603 5540  [ 35F376253F687BDE63976CCB3F2108CA ] bowser          C:\Windows\system32\DRIVERS\bowser.sys
22:11:35.0634 5540  bowser - ok
22:11:35.0665 5540  [ 9F9ACC7F7CCDE8A15C282D3F88B43309 ] BrFiltLo        C:\Windows\system32\drivers\brfiltlo.sys
22:11:35.0696 5540  BrFiltLo - ok
22:11:35.0712 5540  [ 56801AD62213A41F6497F96DEE83755A ] BrFiltUp        C:\Windows\system32\drivers\brfiltup.sys
22:11:35.0727 5540  BrFiltUp - ok
22:11:35.0790 5540  [ A3629A0C4226F9E9C72FAAEEBC3AD33C ] Browser         C:\Windows\System32\browser.dll
22:11:35.0821 5540  Browser - ok
22:11:35.0868 5540  [ B304E75CFF293029EDDF094246747113 ] Brserid         C:\Windows\system32\drivers\brserid.sys
22:11:36.0039 5540  Brserid - ok
22:11:36.0055 5540  [ 203F0B1E73ADADBBB7B7B1FABD901F6B ] BrSerWdm        C:\Windows\system32\drivers\brserwdm.sys
22:11:36.0133 5540  BrSerWdm - ok
22:11:36.0149 5540  [ BD456606156BA17E60A04E18016AE54B ] BrUsbMdm        C:\Windows\system32\drivers\brusbmdm.sys
22:11:36.0211 5540  BrUsbMdm - ok
22:11:36.0242 5540  [ AF72ED54503F717A43268B3CC5FAEC2E ] BrUsbSer        C:\Windows\system32\drivers\brusbser.sys
22:11:36.0305 5540  BrUsbSer - ok
22:11:36.0320 5540  [ AD07C1EC6665B8B35741AB91200C6B68 ] BTHMODEM        C:\Windows\system32\drivers\bthmodem.sys
22:11:36.0383 5540  BTHMODEM - ok
22:11:36.0429 5540  [ 7ADD03E75BEB9E6DD102C3081D29840A ] cdfs            C:\Windows\system32\DRIVERS\cdfs.sys
22:11:36.0445 5540  cdfs - ok
22:11:36.0492 5540  [ 6B4BFFB9BECD728097024276430DB314 ] cdrom           C:\Windows\system32\DRIVERS\cdrom.sys
22:11:36.0507 5540  cdrom - ok
22:11:36.0585 5540  [ 312EC3E37A0A1F2006534913E37B4423 ] CertPropSvc     C:\Windows\System32\certprop.dll
22:11:36.0601 5540  CertPropSvc - ok
22:11:36.0648 5540  [ E5D4133F37219DBCFE102BC61072589D ] circlass        C:\Windows\system32\drivers\circlass.sys
22:11:36.0679 5540  circlass - ok
22:11:36.0710 5540  [ D7659D3B5B92C31E84E53C1431F35132 ] CLFS            C:\Windows\system32\CLFS.sys
22:11:36.0741 5540  CLFS - ok
22:11:36.0804 5540  [ 8EE772032E2FE80A924F3B8DD5082194 ] clr_optimization_v2.0.50727_32 C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe
22:11:36.0819 5540  clr_optimization_v2.0.50727_32 - ok
22:11:36.0913 5540  [ C5A75EB48E2344ABDC162BDA79E16841 ] clr_optimization_v4.0.30319_32 C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe
22:11:36.0929 5540  clr_optimization_v4.0.30319_32 - ok
22:11:36.0975 5540  [ 99AFC3795B58CC478FBBBCDC658FCB56 ] CmBatt          C:\Windows\system32\DRIVERS\CmBatt.sys
22:11:37.0007 5540  CmBatt - ok
22:11:37.0053 5540  [ 0CA25E686A4928484E9FDABD168AB629 ] cmdide          C:\Windows\system32\drivers\cmdide.sys
22:11:37.0069 5540  cmdide - ok
22:11:37.0069 5540  [ 6AFEF0B60FA25DE07C0968983EE4F60A ] Compbatt        C:\Windows\system32\DRIVERS\compbatt.sys
22:11:37.0085 5540  Compbatt - ok
22:11:37.0085 5540  COMSysApp - ok
22:11:37.0100 5540  [ 741E9DFF4F42D2D8477D0FC1DC0DF871 ] crcdisk         C:\Windows\system32\drivers\crcdisk.sys
22:11:37.0116 5540  crcdisk - ok
22:11:37.0131 5540  [ 1F07BECDCA750766A96CDA811BA86410 ] Crusoe          C:\Windows\system32\drivers\crusoe.sys
22:11:37.0163 5540  Crusoe - ok
22:11:37.0225 5540  [ FB27772BEAF8E1D28CCD825C09DA939B ] CryptSvc        C:\Windows\system32\cryptsvc.dll
22:11:37.0241 5540  CryptSvc - ok
22:11:37.0350 5540  [ 3B5B4D53FEC14F7476CA29A20CC31AC9 ] DcomLaunch      C:\Windows\system32\rpcss.dll
22:11:37.0381 5540  DcomLaunch - ok
22:11:37.0459 5540  [ 622C41A07CA7E6DD91770F50D532CB6C ] DfsC            C:\Windows\system32\Drivers\dfsc.sys
22:11:37.0506 5540  DfsC - ok
22:11:37.0771 5540  [ 2CC3DCFB533A1035B13DCAB6160AB38B ] DFSR            C:\Windows\system32\DFSR.exe
22:11:37.0974 5540  DFSR - ok
22:11:38.0036 5540  [ 9028559C132146FB75EB7ACF384B086A ] Dhcp            C:\Windows\System32\dhcpcsvc.dll
22:11:38.0067 5540  Dhcp - ok
22:11:38.0099 5540  [ 5D4AEFC3386920236A548271F8F1AF6A ] disk            C:\Windows\system32\drivers\disk.sys
22:11:38.0114 5540  disk - ok
22:11:38.0161 5540  [ 57D762F6F5974AF0DA2BE88A3349BAAA ] Dnscache        C:\Windows\System32\dnsrslvr.dll
22:11:38.0223 5540  Dnscache - ok
22:11:38.0270 5540  [ 324FD74686B1EF5E7C19A8AF49E748F6 ] dot3svc         C:\Windows\System32\dot3svc.dll
22:11:38.0301 5540  dot3svc - ok
22:11:38.0426 5540  [ A622E888F8AA2F6B49E9BC466F0E5DEF ] DPS             C:\Windows\system32\dps.dll
22:11:38.0457 5540  DPS - ok
22:11:38.0535 5540  [ 97FEF831AB90BEE128C9AF390E243F80 ] drmkaud         C:\Windows\system32\drivers\drmkaud.sys
22:11:38.0551 5540  drmkaud - ok
22:11:38.0613 5540  [ FB85F7F69E9B109820409243F578CC4D ] DXGKrnl         C:\Windows\System32\drivers\dxgkrnl.sys
22:11:38.0676 5540  DXGKrnl - ok
22:11:38.0723 5540  [ 5425F74AC0C1DBD96A1E04F17D63F94C ] E1G60           C:\Windows\system32\DRIVERS\E1G60I32.sys
22:11:38.0769 5540  E1G60 - ok
22:11:38.0785 5540  [ C0B95E40D85CD807D614E264248A45B9 ] EapHost         C:\Windows\System32\eapsvc.dll
22:11:38.0816 5540  EapHost - ok
22:11:38.0910 5540  [ 7F64EA048DCFAC7ACF8B4D7B4E6FE371 ] Ecache          C:\Windows\system32\drivers\ecache.sys
22:11:38.0925 5540  Ecache - ok
22:11:38.0988 5540  [ 9BE3744D295A7701EB425332014F0797 ] ehRecvr         C:\Windows\ehome\ehRecvr.exe
22:11:39.0035 5540  ehRecvr - ok
22:11:39.0050 5540  [ AD1870C8E5D6DD340C829E6074BF3C3F ] ehSched         C:\Windows\ehome\ehsched.exe
22:11:39.0113 5540  ehSched - ok
22:11:39.0144 5540  [ C27C4EE8926E74AA72EFCAB24C5242C3 ] ehstart         C:\Windows\ehome\ehstart.dll
22:11:39.0159 5540  ehstart - ok
22:11:39.0222 5540  [ 23B62471681A124889978F6295B3F4C6 ] elxstor         C:\Windows\system32\drivers\elxstor.sys
22:11:39.0237 5540  elxstor - ok
22:11:39.0456 5540  [ 4E6B23DFC917EA39306B529B773950F4 ] EMDMgmt         C:\Windows\system32\emdmgmt.dll
22:11:39.0534 5540  EMDMgmt - ok
22:11:39.0534 5540  [ 3DB974F3935483555D7148663F726C61 ] ErrDev          C:\Windows\system32\drivers\errdev.sys
22:11:39.0596 5540  ErrDev - ok
22:11:39.0659 5540  [ 67058C46504BC12D821F38CF99B7B28F ] EventSystem     C:\Windows\system32\es.dll
22:11:39.0690 5540  EventSystem - ok
22:11:39.0752 5540  [ 22B408651F9123527BCEE54B4F6C5CAE ] exfat           C:\Windows\system32\drivers\exfat.sys
22:11:39.0783 5540  exfat - ok
22:11:39.0893 5540  [ 1E9B9A70D332103C52995E957DC09EF8 ] fastfat         C:\Windows\system32\drivers\fastfat.sys
22:11:39.0908 5540  fastfat - ok
22:11:39.0955 5540  [ AFE1E8B9782A0DD7FB46BBD88E43F89A ] fdc             C:\Windows\system32\DRIVERS\fdc.sys
22:11:39.0986 5540  fdc - ok
22:11:40.0017 5540  [ 6629B5F0E98151F4AFDD87567EA32BA3 ] fdPHost         C:\Windows\system32\fdPHost.dll
22:11:40.0049 5540  fdPHost - ok
22:11:40.0064 5540  [ 89ED56DCE8E47AF40892778A5BD31FD2 ] FDResPub        C:\Windows\system32\fdrespub.dll
22:11:40.0127 5540  FDResPub - ok
22:11:40.0142 5540  [ A8C0139A884861E3AAE9CFE73B208A9F ] FileInfo        C:\Windows\system32\drivers\fileinfo.sys
22:11:40.0158 5540  FileInfo - ok
22:11:40.0189 5540  [ 0AE429A696AECBC5970E3CF2C62635AE ] Filetrace       C:\Windows\system32\drivers\filetrace.sys
22:11:40.0220 5540  Filetrace - ok
22:11:40.0267 5540  [ 85B7CF99D532820495D68D747FDA9EBD ] flpydisk        C:\Windows\system32\DRIVERS\flpydisk.sys
22:11:40.0298 5540  flpydisk - ok
22:11:40.0345 5540  [ 01334F9EA68E6877C4EF05D3EA8ABB05 ] FltMgr          C:\Windows\system32\drivers\fltmgr.sys
22:11:40.0361 5540  FltMgr - ok
22:11:40.0595 5540  [ C7FBDD1ED42F82BFA35167A5C9803EA3 ] FontCache3.0.0.0 C:\Windows\Microsoft.Net\Framework\v3.0\WPF\PresentationFontCache.exe
22:11:40.0641 5540  FontCache3.0.0.0 - ok
22:11:40.0657 5540  [ 65EA8B77B5851854F0C55C43FA51A198 ] Fs_Rec          C:\Windows\system32\drivers\Fs_Rec.sys
22:11:40.0673 5540  Fs_Rec - ok
22:11:40.0688 5540  [ 34582A6E6573D54A07ECE5FE24A126B5 ] gagp30kx        C:\Windows\system32\drivers\gagp30kx.sys
22:11:40.0704 5540  gagp30kx - ok
22:11:40.0719 5540  [ 185ADA973B5020655CEE342059A86CBB ] GEARAspiWDM     C:\Windows\system32\DRIVERS\GEARAspiWDM.sys
22:11:40.0735 5540  GEARAspiWDM - ok
22:11:40.0766 5540  [ CD5D0AEEE35DFD4E986A5AA1500A6E66 ] gpsvc           C:\Windows\System32\gpsvc.dll
22:11:40.0813 5540  gpsvc - ok
22:11:40.0875 5540  [ 3F90E001369A07243763BD5A523D8722 ] HdAudAddService C:\Windows\system32\drivers\HdAudio.sys
22:11:40.0907 5540  HdAudAddService - ok
22:11:41.0063 5540  [ 062452B7FFD68C8C042A6261FE8DFF4A ] HDAudBus        C:\Windows\system32\DRIVERS\HDAudBus.sys
22:11:41.0109 5540  HDAudBus - ok
22:11:41.0125 5540  [ 1338520E78D90154ED6BE8F84DE5FCEB ] HidBth          C:\Windows\system32\drivers\hidbth.sys
22:11:41.0297 5540  HidBth - ok
22:11:41.0312 5540  [ FF3160C3A2445128C5A6D9B076DA519E ] HidIr           C:\Windows\system32\drivers\hidir.sys
22:11:41.0515 5540  HidIr - ok
22:11:41.0577 5540  [ 84067081F3318162797385E11A8F0582 ] hidserv         C:\Windows\system32\hidserv.dll
22:11:41.0624 5540  hidserv - ok
22:11:41.0655 5540  [ 3C64042B95E583B366BA4E5D2450235E ] HidUsb          C:\Windows\system32\drivers\hidusb.sys
22:11:41.0733 5540  HidUsb - ok
22:11:41.0780 5540  [ D8AD255B37DA92434C26E4876DB7D418 ] hkmsvc          C:\Windows\system32\kmsvc.dll
22:11:41.0889 5540  hkmsvc - ok
22:11:41.0936 5540  [ 16EE7B23A009E00D835CDB79574A91A6 ] HpCISSs         C:\Windows\system32\drivers\hpcisss.sys
22:11:41.0936 5540  HpCISSs - ok
22:11:41.0999 5540  [ F870AA3E254628EBEAFE754108D664DE ] HTTP            C:\Windows\system32\drivers\HTTP.sys
22:11:42.0061 5540  HTTP - ok
22:11:42.0092 5540  [ C6B032D69650985468160FC9937CF5B4 ] i2omp           C:\Windows\system32\drivers\i2omp.sys
22:11:42.0108 5540  i2omp - ok
22:11:42.0155 5540  [ 22D56C8184586B7A1F6FA60BE5F5A2BD ] i8042prt        C:\Windows\system32\DRIVERS\i8042prt.sys
22:11:42.0186 5540  i8042prt - ok
22:11:42.0264 5540  [ 54155EA1B0DF185878E0FC9EC3AC3A14 ] iaStorV         C:\Windows\system32\drivers\iastorv.sys
22:11:42.0279 5540  iaStorV - ok
22:11:42.0451 5540  [ 98477B08E61945F974ED9FDC4CB6BDAB ] idsvc           C:\Windows\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\infocard.exe
22:11:42.0498 5540  idsvc - ok
22:11:42.0576 5540  [ D97E70E4E243C9660F91C1112E36C73B ] igfx            C:\Windows\system32\DRIVERS\igdkmd32.sys
22:11:42.0888 5540  igfx - ok
22:11:42.0950 5540  [ 2D077BF86E843F901D8DB709C95B49A5 ] iirsp           C:\Windows\system32\drivers\iirsp.sys
22:11:42.0950 5540  iirsp - ok
22:11:43.0122 5540  [ 9908D8A397B76CD8D31D0D383C5773C9 ] IKEEXT          C:\Windows\System32\ikeext.dll
22:11:43.0184 5540  IKEEXT - ok
22:11:43.0247 5540  [ 83AA759F3189E6370C30DE5DC5590718 ] intelide        C:\Windows\system32\drivers\intelide.sys
22:11:43.0262 5540  intelide - ok
22:11:43.0325 5540  [ 224191001E78C89DFA78924C3EA595FF ] intelppm        C:\Windows\system32\DRIVERS\intelppm.sys
22:11:43.0434 5540  intelppm - ok
22:11:43.0481 5540  [ 9AC218C6E6105477484C6FDBE7D409A4 ] IPBusEnum       C:\Windows\system32\ipbusenum.dll
22:11:43.0512 5540  IPBusEnum - ok
22:11:43.0527 5540  [ 62C265C38769B864CB25B4BCF62DF6C3 ] IpFilterDriver  C:\Windows\system32\DRIVERS\ipfltdrv.sys
22:11:43.0590 5540  IpFilterDriver - ok
22:11:43.0637 5540  [ 1998BD97F950680BB55F55A7244679C2 ] iphlpsvc        C:\Windows\System32\iphlpsvc.dll
22:11:43.0668 5540  iphlpsvc - ok
22:11:43.0668 5540  IpInIp - ok
22:11:43.0699 5540  [ B25AAF203552B7B3491139D582B39AD1 ] IPMIDRV         C:\Windows\system32\drivers\ipmidrv.sys
22:11:43.0730 5540  IPMIDRV - ok
22:11:43.0761 5540  [ 8793643A67B42CEC66490B2A0CF92D68 ] IPNAT           C:\Windows\system32\DRIVERS\ipnat.sys
22:11:43.0808 5540  IPNAT - ok
22:11:43.0855 5540  [ E8A39D41474BE42FD8830CED32932D6C ] iPod Service    C:\Program Files\iPod\bin\iPodService.exe
22:11:43.0871 5540  iPod Service - ok
22:11:43.0917 5540  [ 109C0DFB82C3632FBD11949B73AEEAC9 ] IRENUM          C:\Windows\system32\drivers\irenum.sys
22:11:43.0933 5540  IRENUM - ok
22:11:43.0980 5540  [ 6C70698A3E5C4376C6AB5C7C17FB0614 ] isapnp          C:\Windows\system32\drivers\isapnp.sys
22:11:43.0995 5540  isapnp - ok
22:11:44.0042 5540  [ 232FA340531D940AAC623B121A595034 ] iScsiPrt        C:\Windows\system32\DRIVERS\msiscsi.sys
22:11:44.0058 5540  iScsiPrt - ok
22:11:44.0073 5540  [ BCED60D16156E428F8DF8CF27B0DF150 ] iteatapi        C:\Windows\system32\drivers\iteatapi.sys
22:11:44.0120 5540  iteatapi - ok
22:11:44.0151 5540  [ 06FA654504A498C30ADCA8BEC4E87E7E ] iteraid         C:\Windows\system32\drivers\iteraid.sys
22:11:44.0167 5540  iteraid - ok
22:11:44.0198 5540  [ 37605E0A8CF00CBBA538E753E4344C6E ] kbdclass        C:\Windows\system32\DRIVERS\kbdclass.sys
22:11:44.0214 5540  kbdclass - ok
22:11:44.0214 5540  [ 18247836959BA67E3511B62846B9C2E0 ] kbdhid          C:\Windows\system32\drivers\kbdhid.sys
22:11:44.0245 5540  kbdhid - ok
22:11:44.0307 5540  [ 3978F3540329E16C0AC3BCF677E5669F ] KeyIso          C:\Windows\system32\lsass.exe
22:11:44.0479 5540  KeyIso - ok
22:11:44.0573 5540  [ 86165728AF9BF72D6442A894FDFB4F8B ] KSecDD          C:\Windows\system32\Drivers\ksecdd.sys
22:11:44.0635 5540  KSecDD - ok
22:11:44.0697 5540  [ 8078F8F8F7A79E2E6B494523A828C585 ] KtmRm           C:\Windows\system32\msdtckrm.dll
22:11:44.0838 5540  KtmRm - ok
22:11:44.0916 5540  [ 1BF5EEBFD518DD7298434D8C862F825D ] LanmanServer    C:\Windows\system32\srvsvc.dll
22:11:44.0978 5540  LanmanServer - ok
22:11:45.0025 5540  [ 1DB69705B695B987082C8BAEC0C6B34F ] LanmanWorkstation C:\Windows\System32\wkssvc.dll
22:11:45.0072 5540  LanmanWorkstation - ok
22:11:45.0103 5540  [ D1C5883087A0C3F1344D9D55A44901F6 ] lltdio          C:\Windows\system32\DRIVERS\lltdio.sys
22:11:45.0243 5540  lltdio - ok
22:11:45.0306 5540  [ 2D5A428872F1442631D0959A34ABFF63 ] lltdsvc         C:\Windows\System32\lltdsvc.dll
22:11:45.0431 5540  lltdsvc - ok
22:11:45.0477 5540  [ 35D40113E4A5B961B6CE5C5857702518 ] lmhosts         C:\Windows\System32\lmhsvc.dll
22:11:45.0711 5540  lmhosts - ok
22:11:45.0743 5540  [ C7E15E82879BF3235B559563D4185365 ] LSI_FC          C:\Windows\system32\drivers\lsi_fc.sys
22:11:45.0758 5540  LSI_FC - ok
22:11:45.0836 5540  [ EE01EBAE8C9BF0FA072E0FF68718920A ] LSI_SAS         C:\Windows\system32\drivers\lsi_sas.sys
22:11:45.0852 5540  LSI_SAS - ok
22:11:45.0914 5540  [ 912A04696E9CA30146A62AFA1463DD5C ] LSI_SCSI        C:\Windows\system32\drivers\lsi_scsi.sys
22:11:45.0930 5540  LSI_SCSI - ok
22:11:45.0930 5540  [ 8F5C7426567798E62A3B3614965D62CC ] luafv           C:\Windows\system32\drivers\luafv.sys
22:11:46.0008 5540  luafv - ok
22:11:46.0039 5540  [ AEF9BABB8A506BC4CE0451A64AADED46 ] Mcx2Svc         C:\Windows\system32\Mcx2Svc.dll
22:11:46.0086 5540  Mcx2Svc - ok
22:11:46.0117 5540  [ 0001CE609D66632FA17B84705F658879 ] megasas         C:\Windows\system32\drivers\megasas.sys
22:11:46.0133 5540  megasas - ok
22:11:46.0164 5540  [ C252F32CD9A49DBFC25ECF26EBD51A99 ] MegaSR          C:\Windows\system32\drivers\megasr.sys
22:11:46.0179 5540  MegaSR - ok
22:11:46.0195 5540  [ 1076FFCFFAAE8385FD62DFCB25AC4708 ] MMCSS           C:\Windows\system32\mmcss.dll
22:11:46.0289 5540  MMCSS - ok
22:11:46.0289 5540  [ E13B5EA0F51BA5B1512EC671393D09BA ] Modem           C:\Windows\system32\drivers\modem.sys
22:11:46.0351 5540  Modem - ok
22:11:46.0382 5540  [ 0A9BB33B56E294F686ABB7C1E4E2D8A8 ] monitor         C:\Windows\system32\DRIVERS\monitor.sys
22:11:46.0445 5540  monitor - ok
22:11:46.0476 5540  [ 5BF6A1326A335C5298477754A506D263 ] mouclass        C:\Windows\system32\DRIVERS\mouclass.sys
22:11:46.0491 5540  mouclass - ok
22:11:46.0554 5540  [ 93B8D4869E12CFBE663915502900876F ] mouhid          C:\Windows\system32\drivers\mouhid.sys
22:11:46.0616 5540  mouhid - ok
22:11:46.0632 5540  [ BDAFC88AA6B92F7842416EA6A48E1600 ] MountMgr        C:\Windows\system32\drivers\mountmgr.sys
22:11:46.0647 5540  MountMgr - ok
22:11:46.0694 5540  [ 8A7C8F4C713E70D73946833D76B77035 ] MozillaMaintenance C:\Program Files\Mozilla Maintenance Service\maintenanceservice.exe
22:11:46.0757 5540  MozillaMaintenance - ok
22:11:46.0835 5540  [ 511D011289755DD9F9A7579FB0B064E6 ] mpio            C:\Windows\system32\drivers\mpio.sys
22:11:46.0850 5540  mpio - ok
22:11:46.0928 5540  [ 22241FEBA9B2DEFA669C8CB0A8DD7D2E ] mpsdrv          C:\Windows\system32\drivers\mpsdrv.sys
22:11:46.0959 5540  mpsdrv - ok
22:11:47.0037 5540  [ 5DE62C6E9108F14F6794060A9BDECAEC ] MpsSvc          C:\Windows\system32\mpssvc.dll
22:11:47.0069 5540  MpsSvc - ok
22:11:47.0115 5540  [ 4FBBB70D30FD20EC51F80061703B001E ] Mraid35x        C:\Windows\system32\drivers\mraid35x.sys
22:11:47.0131 5540  Mraid35x - ok
22:11:47.0193 5540  [ 82CEA0395524AACFEB58BA1448E8325C ] MRxDAV          C:\Windows\system32\drivers\mrxdav.sys
22:11:47.0225 5540  MRxDAV - ok
22:11:47.0287 5540  [ 1E94971C4B446AB2290DEB71D01CF0C2 ] mrxsmb          C:\Windows\system32\DRIVERS\mrxsmb.sys
22:11:47.0365 5540  mrxsmb - ok
22:11:47.0396 5540  [ 4FCCB34D793B116423209C0F8B7A3B03 ] mrxsmb10        C:\Windows\system32\DRIVERS\mrxsmb10.sys
22:11:47.0443 5540  mrxsmb10 - ok
22:11:47.0443 5540  [ C3CB1B40AD4A0124D617A1199B0B9D7C ] mrxsmb20        C:\Windows\system32\DRIVERS\mrxsmb20.sys
22:11:47.0474 5540  mrxsmb20 - ok
22:11:47.0568 5540  [ 5457DCFA7C0DA43522F4D9D4049C1472 ] msahci          C:\Windows\system32\drivers\msahci.sys
22:11:47.0583 5540  msahci - ok
22:11:47.0615 5540  [ 4468B0F385A86ECDDAF8D3CA662EC0E7 ] msdsm           C:\Windows\system32\drivers\msdsm.sys
22:11:47.0630 5540  msdsm - ok
22:11:47.0661 5540  [ FD7520CC3A80C5FC8C48852BB24C6DED ] MSDTC           C:\Windows\System32\msdtc.exe
22:11:47.0864 5540  MSDTC - ok
22:11:47.0911 5540  [ A9927F4A46B816C92F461ACB90CF8515 ] Msfs            C:\Windows\system32\drivers\Msfs.sys
22:11:48.0005 5540  Msfs - ok
22:11:48.0036 5540  [ 0F400E306F385C56317357D6DEA56F62 ] msisadrv        C:\Windows\system32\drivers\msisadrv.sys
22:11:48.0051 5540  msisadrv - ok
22:11:48.0129 5540  [ 85466C0757A23D9A9AECDC0755203CB2 ] MSiSCSI         C:\Windows\system32\iscsiexe.dll
22:11:48.0301 5540  MSiSCSI - ok
22:11:48.0332 5540  msiserver - ok
22:11:48.0379 5540  [ D8C63D34D9C9E56C059E24EC7185CC07 ] MSKSSRV         C:\Windows\system32\drivers\MSKSSRV.sys
22:11:48.0504 5540  MSKSSRV - ok
22:11:48.0566 5540  [ 1D373C90D62DDB641D50E55B9E78D65E ] MSPCLOCK        C:\Windows\system32\drivers\MSPCLOCK.sys
22:11:48.0597 5540  MSPCLOCK - ok
22:11:48.0644 5540  [ B572DA05BF4E098D4BBA3A4734FB505B ] MSPQM           C:\Windows\system32\drivers\MSPQM.sys
22:11:48.0722 5540  MSPQM - ok
22:11:48.0769 5540  [ B49456D70555DE905C311BCDA6EC6ADB ] MsRPC           C:\Windows\system32\drivers\MsRPC.sys
22:11:48.0785 5540  MsRPC - ok
22:11:48.0816 5540  [ E384487CB84BE41D09711C30CA79646C ] mssmbios        C:\Windows\system32\DRIVERS\mssmbios.sys
22:11:48.0831 5540  mssmbios - ok
22:11:48.0878 5540  [ 7199C1EEC1E4993CAF96B8C0A26BD58A ] MSTEE           C:\Windows\system32\drivers\MSTEE.sys
22:11:48.0942 5540  MSTEE - ok
22:11:48.0973 5540  [ 6A57B5733D4CB702C8EA4542E836B96C ] Mup             C:\Windows\system32\Drivers\mup.sys
22:11:48.0988 5540  Mup - ok
22:11:49.0098 5540  [ E4EAF0C5C1B41B5C83386CF212CA9584 ] napagent        C:\Windows\system32\qagentRT.dll
22:11:49.0144 5540  napagent - ok
22:11:49.0207 5540  [ 85C44FDFF9CF7E72A40DCB7EC06A4416 ] NativeWifiP     C:\Windows\system32\DRIVERS\nwifi.sys
22:11:49.0300 5540  NativeWifiP - ok
22:11:49.0394 5540  [ 1357274D1883F68300AEADD15D7BBB42 ] NDIS            C:\Windows\system32\drivers\ndis.sys
22:11:49.0441 5540  NDIS - ok
22:11:49.0488 5540  [ 0E186E90404980569FB449BA7519AE61 ] NdisTapi        C:\Windows\system32\DRIVERS\ndistapi.sys
22:11:49.0581 5540  NdisTapi - ok
22:11:49.0644 5540  [ D6973AA34C4D5D76C0430B181C3CD389 ] Ndisuio         C:\Windows\system32\DRIVERS\ndisuio.sys
22:11:49.0768 5540  Ndisuio - ok
22:11:49.0831 5540  [ 818F648618AE34F729FDB47EC68345C3 ] NdisWan         C:\Windows\system32\DRIVERS\ndiswan.sys
22:11:50.0112 5540  NdisWan - ok
22:11:50.0143 5540  [ 71DAB552B41936358F3B541AE5997FB3 ] NDProxy         C:\Windows\system32\drivers\NDProxy.sys
22:11:50.0190 5540  NDProxy - ok
22:11:50.0205 5540  [ BCD093A5A6777CF626434568DC7DBA78 ] NetBIOS         C:\Windows\system32\DRIVERS\netbios.sys
22:11:50.0299 5540  NetBIOS - ok
22:11:50.0346 5540  [ ECD64230A59CBD93C85F1CD1CAB9F3F6 ] netbt           C:\Windows\system32\DRIVERS\netbt.sys
22:11:50.0377 5540  netbt - ok
22:11:50.0408 5540  [ 3978F3540329E16C0AC3BCF677E5669F ] Netlogon        C:\Windows\system32\lsass.exe
22:11:50.0439 5540  Netlogon - ok
22:11:50.0502 5540  [ C8052711DAECC48B982434C5116CA401 ] Netman          C:\Windows\System32\netman.dll
22:11:50.0580 5540  Netman - ok
22:11:50.0595 5540  [ 2EF3BBE22E5A5ACD1428EE387A0D0172 ] netprofm        C:\Windows\System32\netprofm.dll
22:11:50.0626 5540  netprofm - ok
22:11:50.0720 5540  [ D6C4E4A39A36029AC0813D476FBD0248 ] NetTcpPortSharing C:\Windows\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\SMSvcHost.exe
22:11:50.0767 5540  NetTcpPortSharing - ok
22:11:50.0814 5540  [ 2E7FB731D4790A1BC6270ACCEFACB36E ] nfrd960         C:\Windows\system32\drivers\nfrd960.sys
22:11:50.0829 5540  nfrd960 - ok
22:11:50.0845 5540  [ 2997B15415F9BBE05B5A4C1C85E0C6A2 ] NlaSvc          C:\Windows\System32\nlasvc.dll
22:11:50.0923 5540  NlaSvc - ok
22:11:50.0970 5540  [ D36F239D7CCE1931598E8FB90A0DBC26 ] Npfs            C:\Windows\system32\drivers\Npfs.sys
22:11:51.0001 5540  Npfs - ok
22:11:51.0016 5540  [ 8BB86F0C7EEA2BDED6FE095D0B4CA9BD ] nsi             C:\Windows\system32\nsisvc.dll
22:11:51.0094 5540  nsi - ok
22:11:51.0110 5540  [ 609773E344A97410CE4EBF74A8914FCF ] nsiproxy        C:\Windows\system32\drivers\nsiproxy.sys
22:11:51.0141 5540  nsiproxy - ok
22:11:51.0516 5540  [ 6A4A98CEE84CF9E99564510DDA4BAA47 ] Ntfs            C:\Windows\system32\drivers\Ntfs.sys
22:11:51.0594 5540  Ntfs - ok
22:11:51.0640 5540  [ E875C093AEC0C978A90F30C9E0DFBB72 ] ntrigdigi       C:\Windows\system32\drivers\ntrigdigi.sys
22:11:51.0828 5540  ntrigdigi - ok
22:11:51.0859 5540  [ C5DBBCDA07D780BDA9B685DF333BB41E ] Null            C:\Windows\system32\drivers\Null.sys
22:11:51.0906 5540  Null - ok
22:11:51.0937 5540  [ 2EDF9E7751554B42CBB60116DE727101 ] nvraid          C:\Windows\system32\drivers\nvraid.sys
22:11:51.0968 5540  nvraid - ok
22:11:51.0984 5540  [ ABED0C09758D1D97DB0042DBB2688177 ] nvstor          C:\Windows\system32\drivers\nvstor.sys
22:11:51.0999 5540  nvstor - ok
22:11:51.0999 5540  [ 18BBDF913916B71BD54575BDB6EEAC0B ] nv_agp          C:\Windows\system32\drivers\nv_agp.sys
22:11:52.0015 5540  nv_agp - ok
22:11:52.0030 5540  NwlnkFlt - ok
22:11:52.0030 5540  NwlnkFwd - ok
22:11:52.0280 5540  [ 84DE1DD996B48B05ACE31AD015FA108A ] odserv          C:\Program Files\Common Files\Microsoft Shared\OFFICE12\ODSERV.EXE
22:11:52.0296 5540  odserv - ok
22:11:52.0327 5540  [ BE32DA025A0BE1878F0EE8D6D9386CD5 ] ohci1394        C:\Windows\system32\drivers\ohci1394.sys
22:11:52.0389 5540  ohci1394 - ok
22:11:52.0467 5540  [ 5A432A042DAE460ABE7199B758E8606C ] ose             C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE
22:11:52.0483 5540  ose - ok
22:11:52.0561 5540  [ 0C8E8E61AD1EB0B250B846712C917506 ] p2pimsvc        C:\Windows\system32\p2psvc.dll
22:11:52.0654 5540  p2pimsvc - ok
22:11:52.0670 5540  [ 0C8E8E61AD1EB0B250B846712C917506 ] p2psvc          C:\Windows\system32\p2psvc.dll
22:11:52.0717 5540  p2psvc - ok
22:11:52.0748 5540  [ 0FA9B5055484649D63C303FE404E5F4D ] Parport         C:\Windows\system32\drivers\parport.sys
22:11:52.0826 5540  Parport - ok
22:11:52.0857 5540  [ 57389FA59A36D96B3EB09D0CB91E9CDC ] partmgr         C:\Windows\system32\drivers\partmgr.sys
22:11:52.0873 5540  partmgr - ok
22:11:52.0888 5540  [ 4F9A6A8A31413180D0FCB279AD5D8112 ] Parvdm          C:\Windows\system32\drivers\parvdm.sys
22:11:53.0403 5540  Parvdm - ok
22:11:53.0466 5540  [ C6276AD11F4BB49B58AA1ED88537F14A ] PcaSvc          C:\Windows\System32\pcasvc.dll
22:11:53.0528 5540  PcaSvc - ok
22:11:53.0575 5540  [ 941DC1D19E7E8620F40BBC206981EFDB ] pci             C:\Windows\system32\drivers\pci.sys
22:11:53.0637 5540  pci - ok
22:11:53.0653 5540  [ FC175F5DDAB666D7F4D17449A547626F ] pciide          C:\Windows\system32\drivers\pciide.sys
22:11:53.0668 5540  pciide - ok
22:11:53.0684 5540  [ E6F3FB1B86AA519E7698AD05E58B04E5 ] pcmcia          C:\Windows\system32\drivers\pcmcia.sys
22:11:53.0700 5540  pcmcia - ok
22:11:53.0746 5540  [ 6349F6ED9C623B44B52EA3C63C831A92 ] PEAUTH          C:\Windows\system32\drivers\peauth.sys
22:11:53.0996 5540  PEAUTH - ok
22:11:54.0090 5540  [ B1689DF169143F57053F795390C99DB3 ] pla             C:\Windows\system32\pla.dll
22:11:54.0183 5540  pla - ok
22:11:54.0292 5540  [ C5E7F8A996EC0A82D508FD9064A5569E ] PlugPlay        C:\Windows\system32\umpnpmgr.dll
22:11:54.0324 5540  PlugPlay - ok
22:11:54.0448 5540  [ 0C8E8E61AD1EB0B250B846712C917506 ] PNRPAutoReg     C:\Windows\system32\p2psvc.dll
22:11:54.0495 5540  PNRPAutoReg - ok
22:11:54.0511 5540  [ 0C8E8E61AD1EB0B250B846712C917506 ] PNRPsvc         C:\Windows\system32\p2psvc.dll
22:11:54.0542 5540  PNRPsvc - ok
22:11:54.0604 5540  [ D0494460421A03CD5225CCA0059AA146 ] PolicyAgent     C:\Windows\System32\ipsecsvc.dll
22:11:54.0620 5540  PolicyAgent - ok
22:11:54.0651 5540  [ ECFFFAEC0C1ECD8DBC77F39070EA1DB1 ] PptpMiniport    C:\Windows\system32\DRIVERS\raspptp.sys
22:11:54.0792 5540  PptpMiniport - ok
22:11:54.0838 5540  [ 2027293619DD0F047C584CF2E7DF4FFD ] Processor       C:\Windows\system32\drivers\processr.sys
22:11:55.0026 5540  Processor - ok
22:11:55.0104 5540  [ 0508FAA222D28835310B7BFCA7A77346 ] ProfSvc         C:\Windows\system32\profsvc.dll
22:11:55.0150 5540  ProfSvc - ok
22:11:55.0182 5540  [ 3978F3540329E16C0AC3BCF677E5669F ] ProtectedStorage C:\Windows\system32\lsass.exe
22:11:55.0213 5540  ProtectedStorage - ok
22:11:55.0275 5540  [ 99514FAA8DF93D34B5589187DB3AA0BA ] PSched          C:\Windows\system32\DRIVERS\pacer.sys
22:11:55.0338 5540  PSched - ok
22:11:55.0384 5540  [ 0A6DB55AFB7820C99AA1F3A1D270F4F6 ] ql2300          C:\Windows\system32\drivers\ql2300.sys
22:11:55.0447 5540  ql2300 - ok
22:11:55.0447 5540  [ 81A7E5C076E59995D54BC1ED3A16E60B ] ql40xx          C:\Windows\system32\drivers\ql40xx.sys
22:11:55.0494 5540  ql40xx - ok
22:11:55.0556 5540  [ E9ECAE663F47E6CB43962D18AB18890F ] QWAVE           C:\Windows\system32\qwave.dll
22:11:55.0587 5540  QWAVE - ok
22:11:55.0634 5540  [ 9F5E0E1926014D17486901C88ECA2DB7 ] QWAVEdrv        C:\Windows\system32\drivers\qwavedrv.sys
22:11:55.0665 5540  QWAVEdrv - ok
22:11:55.0681 5540  [ 147D7F9C556D259924351FEB0DE606C3 ] RasAcd          C:\Windows\system32\DRIVERS\rasacd.sys
22:11:55.0728 5540  RasAcd - ok
22:11:55.0743 5540  [ F6A452EB4CEADBB51C9E0EE6B3ECEF0F ] RasAuto         C:\Windows\System32\rasauto.dll
22:11:55.0930 5540  RasAuto - ok
22:11:55.0962 5540  [ A214ADBAF4CB47DD2728859EF31F26B0 ] Rasl2tp         C:\Windows\system32\DRIVERS\rasl2tp.sys
22:11:56.0024 5540  Rasl2tp - ok
22:11:56.0118 5540  [ 75D47445D70CA6F9F894B032FBC64FCF ] RasMan          C:\Windows\System32\rasmans.dll
22:11:56.0258 5540  RasMan - ok
22:11:56.0352 5540  [ 509A98DD18AF4375E1FC40BC175F1DEF ] RasPppoe        C:\Windows\system32\DRIVERS\raspppoe.sys
22:11:56.0383 5540  RasPppoe - ok
22:11:56.0445 5540  [ 2005F4A1E05FA09389AC85840F0A9E4D ] RasSstp         C:\Windows\system32\DRIVERS\rassstp.sys
22:11:56.0554 5540  RasSstp - ok
22:11:56.0664 5540  [ B14C9D5B9ADD2F84F70570BBBFAA7935 ] rdbss           C:\Windows\system32\DRIVERS\rdbss.sys
22:11:56.0710 5540  rdbss - ok
22:11:56.0757 5540  [ 89E59BE9A564262A3FB6C4F4F1CD9899 ] RDPCDD          C:\Windows\system32\DRIVERS\RDPCDD.sys
22:11:56.0898 5540  RDPCDD - ok
22:11:56.0944 5540  [ FBC0BACD9C3D7F6956853F64A66E252D ] rdpdr           C:\Windows\system32\drivers\rdpdr.sys
22:11:56.0991 5540  rdpdr - ok
22:11:56.0991 5540  [ 9D91FE5286F748862ECFFA05F8A0710C ] RDPENCDD        C:\Windows\system32\drivers\rdpencdd.sys
22:11:57.0178 5540  RDPENCDD - ok
22:11:57.0225 5540  [ 30BFBDFB7F95559EDE971F9DDB9A00BA ] RDPWD           C:\Windows\system32\drivers\RDPWD.sys
22:11:57.0256 5540  RDPWD - ok
22:11:57.0288 5540  [ BCDD6B4804D06B1F7EBF29E53A57ECE9 ] RemoteAccess    C:\Windows\System32\mprdim.dll
22:11:57.0334 5540  RemoteAccess - ok
22:11:57.0381 5540  [ 9E6894EA18DAFF37B63E1005F83AE4AB ] RemoteRegistry  C:\Windows\system32\regsvc.dll
22:11:57.0412 5540  RemoteRegistry - ok
22:11:57.0444 5540  [ 5123F83CBC4349D065534EEB6BBDC42B ] RpcLocator      C:\Windows\system32\locator.exe
22:11:57.0490 5540  RpcLocator - ok
22:11:57.0522 5540  [ 3B5B4D53FEC14F7476CA29A20CC31AC9 ] RpcSs           C:\Windows\system32\rpcss.dll
22:11:57.0584 5540  RpcSs - ok
22:11:57.0615 5540  [ 9C508F4074A39E8B4B31D27198146FAD ] rspndr          C:\Windows\system32\DRIVERS\rspndr.sys
22:11:57.0662 5540  rspndr - ok
22:11:57.0693 5540  [ 3978F3540329E16C0AC3BCF677E5669F ] SamSs           C:\Windows\system32\lsass.exe
22:11:57.0724 5540  SamSs - ok
22:11:57.0756 5540  [ 3CE8F073A557E172B330109436984E30 ] sbp2port        C:\Windows\system32\drivers\sbp2port.sys
22:11:57.0771 5540  sbp2port - ok
22:11:57.0818 5540  [ 77B7A11A0C3D78D3386398FBBEA1B632 ] SCardSvr        C:\Windows\System32\SCardSvr.dll
22:11:57.0849 5540  SCardSvr - ok
22:11:57.0912 5540  [ 1A58069DB21D05EB2AB58EE5753EBE8D ] Schedule        C:\Windows\system32\schedsvc.dll
22:11:58.0052 5540  Schedule - ok
22:11:58.0068 5540  [ 312EC3E37A0A1F2006534913E37B4423 ] SCPolicySvc     C:\Windows\System32\certprop.dll
22:11:58.0130 5540  SCPolicySvc - ok
22:11:58.0224 5540  [ 716313D9F6B0529D03F726D5AAF6F191 ] SDRSVC          C:\Windows\System32\SDRSVC.dll
22:11:58.0582 5540  SDRSVC - ok
22:11:58.0645 5540  [ 90A3935D05B494A5A39D37E71F09A677 ] secdrv          C:\Windows\system32\drivers\secdrv.sys
22:11:58.0816 5540  secdrv - ok
22:11:58.0863 5540  [ FD5199D4D8A521005E4B5EE7FE00FA9B ] seclogon        C:\Windows\system32\seclogon.dll
22:11:58.0972 5540  seclogon - ok
22:11:59.0004 5540  [ A9BBAB5759771E523F55563D6CBE140F ] SENS            C:\Windows\System32\sens.dll
22:11:59.0050 5540  SENS - ok
22:11:59.0066 5540  [ 68E44E331D46F0FB38F0863A84CD1A31 ] Serenum         C:\Windows\system32\drivers\serenum.sys
22:11:59.0128 5540  Serenum - ok
22:11:59.0175 5540  [ C70D69A918B178D3C3B06339B40C2E1B ] Serial          C:\Windows\system32\drivers\serial.sys
22:11:59.0300 5540  Serial - ok
22:11:59.0316 5540  [ 8AF3D28A879BF75DB53A0EE7A4289624 ] sermouse        C:\Windows\system32\drivers\sermouse.sys
22:11:59.0347 5540  sermouse - ok
22:11:59.0394 5540  [ D2193326F729B163125610DBF3E17D57 ] SessionEnv      C:\Windows\system32\sessenv.dll
22:11:59.0503 5540  SessionEnv - ok
22:11:59.0550 5540  [ 3EFA810BDCA87F6ECC24F9832243FE86 ] sffdisk         C:\Windows\system32\drivers\sffdisk.sys
22:11:59.0612 5540  sffdisk - ok
22:11:59.0628 5540  [ E95D451F7EA3E583AEC75F3B3EE42DC5 ] sffp_mmc        C:\Windows\system32\drivers\sffp_mmc.sys
22:11:59.0737 5540  sffp_mmc - ok
22:11:59.0784 5540  [ 3D0EA348784B7AC9EA9BD9F317980979 ] sffp_sd         C:\Windows\system32\drivers\sffp_sd.sys
22:11:59.0862 5540  sffp_sd - ok
22:11:59.0893 5540  [ 46ED8E91793B2E6F848015445A0AC188 ] sfloppy         C:\Windows\system32\drivers\sfloppy.sys
22:12:00.0049 5540  sfloppy - ok
22:12:00.0111 5540  [ E1499BD0FF76B1B2FBBF1AF339D91165 ] SharedAccess    C:\Windows\System32\ipnathlp.dll
22:12:00.0236 5540  SharedAccess - ok
22:12:00.0345 5540  [ C7230FBEE14437716701C15BE02C27B8 ] ShellHWDetection C:\Windows\System32\shsvcs.dll
22:12:00.0423 5540  ShellHWDetection - ok
22:12:00.0454 5540  [ 1D76624A09A054F682D746B924E2DBC3 ] sisagp          C:\Windows\system32\drivers\sisagp.sys
22:12:00.0470 5540  sisagp - ok
22:12:00.0532 5540  [ 43CB7AA756C7DB280D01DA9B676CFDE2 ] SiSRaid2        C:\Windows\system32\drivers\sisraid2.sys
22:12:00.0548 5540  SiSRaid2 - ok
22:12:00.0579 5540  [ A99C6C8B0BAA970D8AA59DDC50B57F94 ] SiSRaid4        C:\Windows\system32\drivers\sisraid4.sys
22:12:00.0595 5540  SiSRaid4 - ok
22:12:00.0844 5540  [ 862BB4CBC05D80C5B45BE430E5EF872F ] slsvc           C:\Windows\system32\SLsvc.exe
22:12:01.0078 5540  slsvc - ok
22:12:01.0156 5540  [ 6EDC422215CD78AA8A9CDE6B30ABBD35 ] SLUINotify      C:\Windows\system32\SLUINotify.dll
22:12:01.0188 5540  SLUINotify - ok
22:12:01.0234 5540  [ 7B75299A4D201D6A6533603D6914AB04 ] Smb             C:\Windows\system32\DRIVERS\smb.sys
22:12:01.0297 5540  Smb - ok
22:12:01.0344 5540  [ 2A146A055B4401C16EE62D18B8E2A032 ] SNMPTRAP        C:\Windows\System32\snmptrap.exe
22:12:01.0406 5540  SNMPTRAP - ok
22:12:01.0422 5540  [ 7AEBDEEF071FE28B0EEF2CDD69102BFF ] spldr           C:\Windows\system32\drivers\spldr.sys
22:12:01.0453 5540  spldr - ok
22:12:01.0546 5540  [ 8554097E5136C3BF9F69FE578A1B35F4 ] Spooler         C:\Windows\System32\spoolsv.exe
22:12:01.0609 5540  Spooler - ok
22:12:01.0687 5540  [ 41987F9FC0E61ADF54F581E15029AD91 ] srv             C:\Windows\system32\DRIVERS\srv.sys
22:12:01.0734 5540  srv - ok
22:12:01.0843 5540  [ FF33AFF99564B1AA534F58868CBE41EF ] srv2            C:\Windows\system32\DRIVERS\srv2.sys
22:12:01.0921 5540  srv2 - ok
22:12:01.0968 5540  [ 7605C0E1D01A08F3ECD743F38B834A44 ] srvnet          C:\Windows\system32\DRIVERS\srvnet.sys
22:12:01.0983 5540  srvnet - ok
22:12:02.0046 5540  [ 03D50B37234967433A5EA5BA72BC0B62 ] SSDPSRV         C:\Windows\System32\ssdpsrv.dll
22:12:02.0264 5540  SSDPSRV - ok
22:12:02.0295 5540  [ A36EE93698802CD899F98BFD553D8185 ] ssmdrv          C:\Windows\system32\DRIVERS\ssmdrv.sys
22:12:02.0311 5540  ssmdrv - ok
22:12:02.0420 5540  [ 6F1A32E7B7B30F004D9A20AFADB14944 ] SstpSvc         C:\Windows\system32\sstpsvc.dll
22:12:02.0467 5540  SstpSvc - ok
22:12:02.0545 5540  [ 5DE7D67E49B88F5F07F3E53C4B92A352 ] stisvc          C:\Windows\System32\wiaservc.dll
22:12:02.0592 5540  stisvc - ok
22:12:02.0638 5540  [ 7BA58ECF0C0A9A69D44B3DCA62BECF56 ] swenum          C:\Windows\system32\DRIVERS\swenum.sys
22:12:02.0654 5540  swenum - ok
22:12:02.0732 5540  [ F21FD248040681CCA1FB6C9A03AAA93D ] swprv           C:\Windows\System32\swprv.dll
22:12:02.0779 5540  swprv - ok
22:12:02.0810 5540  [ 192AA3AC01DF071B541094F251DEED10 ] Symc8xx         C:\Windows\system32\drivers\symc8xx.sys
22:12:02.0826 5540  Symc8xx - ok
22:12:02.0841 5540  [ 8C8EB8C76736EBAF3B13B633B2E64125 ] Sym_hi          C:\Windows\system32\drivers\sym_hi.sys
22:12:02.0857 5540  Sym_hi - ok
22:12:02.0888 5540  [ 8072AF52B5FD103BBBA387A1E49F62CB ] Sym_u3          C:\Windows\system32\drivers\sym_u3.sys
22:12:02.0888 5540  Sym_u3 - ok
22:12:02.0966 5540  [ 9A51B04E9886AA4EE90093586B0BA88D ] SysMain         C:\Windows\system32\sysmain.dll
22:12:02.0997 5540  SysMain - ok
22:12:03.0028 5540  [ 2DCA225EAE15F42C0933E998EE0231C3 ] TabletInputService C:\Windows\System32\TabSvc.dll
22:12:03.0091 5540  TabletInputService - ok
22:12:03.0153 5540  [ D7673E4B38CE21EE54C59EEEB65E2483 ] TapiSrv         C:\Windows\System32\tapisrv.dll
22:12:03.0184 5540  TapiSrv - ok
22:12:03.0216 5540  [ CB05822CD9CC6C688168E113C603DBE7 ] TBS             C:\Windows\System32\tbssvc.dll
22:12:03.0418 5540  TBS - ok
22:12:03.0512 5540  [ A474879AFA4A596B3A531F3E69730DBF ] Tcpip           C:\Windows\system32\drivers\tcpip.sys
22:12:03.0637 5540  Tcpip - ok
22:12:03.0668 5540  [ A474879AFA4A596B3A531F3E69730DBF ] Tcpip6          C:\Windows\system32\DRIVERS\tcpip.sys
22:12:03.0777 5540  Tcpip6 - ok
22:12:03.0808 5540  [ 608C345A255D82A6289C2D468EB41FD7 ] tcpipreg        C:\Windows\system32\drivers\tcpipreg.sys
22:12:03.0871 5540  tcpipreg - ok
22:12:03.0933 5540  [ 5DCF5E267BE67A1AE926F2DF77FBCC56 ] TDPIPE          C:\Windows\system32\drivers\tdpipe.sys
22:12:04.0074 5540  TDPIPE - ok
22:12:04.0136 5540  [ 389C63E32B3CEFED425B61ED92D3F021 ] TDTCP           C:\Windows\system32\drivers\tdtcp.sys
22:12:04.0183 5540  TDTCP - ok
22:12:04.0230 5540  [ 76B06EB8A01FC8624D699E7045303E54 ] tdx             C:\Windows\system32\DRIVERS\tdx.sys
22:12:04.0261 5540  tdx - ok
22:12:04.0292 5540  [ 3CAD38910468EAB9A6479E2F01DB43C7 ] TermDD          C:\Windows\system32\DRIVERS\termdd.sys
22:12:04.0323 5540  TermDD - ok
22:12:04.0401 5540  [ BB95DA09BEF6E7A131BFF3BA5032090D ] TermService     C:\Windows\System32\termsrv.dll
22:12:04.0510 5540  TermService - ok
22:12:04.0604 5540  [ C7230FBEE14437716701C15BE02C27B8 ] Themes          C:\Windows\system32\shsvcs.dll
22:12:04.0698 5540  Themes - ok
22:12:04.0713 5540  [ 1076FFCFFAAE8385FD62DFCB25AC4708 ] THREADORDER     C:\Windows\system32\mmcss.dll
22:12:04.0900 5540  THREADORDER - ok
22:12:04.0947 5540  [ EC74E77D0EB004BD3A809B5F8FB8C2CE ] TrkWks          C:\Windows\System32\trkwks.dll
22:12:05.0041 5540  TrkWks - ok
22:12:05.0103 5540  [ 97D9D6A04E3AD9B6C626B9931DB78DBA ] TrustedInstaller C:\Windows\servicing\TrustedInstaller.exe
22:12:05.0181 5540  TrustedInstaller - ok
22:12:05.0244 5540  [ DCF0F056A2E4F52287264F5AB29CF206 ] tssecsrv        C:\Windows\system32\DRIVERS\tssecsrv.sys
22:12:05.0353 5540  tssecsrv - ok
22:12:05.0368 5540  [ CAECC0120AC49E3D2F758B9169872D38 ] tunmp           C:\Windows\system32\DRIVERS\tunmp.sys
22:12:05.0415 5540  tunmp - ok
22:12:05.0462 5540  [ 300DB877AC094FEAB0BE7688C3454A9C ] tunnel          C:\Windows\system32\DRIVERS\tunnel.sys
22:12:05.0493 5540  tunnel - ok
22:12:05.0540 5540  [ 7D33C4DB2CE363C8518D2DFCF533941F ] uagp35          C:\Windows\system32\drivers\uagp35.sys
22:12:05.0556 5540  uagp35 - ok
22:12:05.0634 5540  [ D9728AF68C4C7693CB100B8441CBDEC6 ] udfs            C:\Windows\system32\DRIVERS\udfs.sys
22:12:05.0680 5540  udfs - ok
22:12:05.0712 5540  [ ECEF404F62863755951E09C802C94AD5 ] UI0Detect       C:\Windows\system32\UI0Detect.exe
22:12:05.0821 5540  UI0Detect - ok
22:12:05.0868 5540  [ B0ACFDC9E4AF279E9116C03E014B2B27 ] uliagpkx        C:\Windows\system32\drivers\uliagpkx.sys
22:12:05.0883 5540  uliagpkx - ok
22:12:05.0946 5540  [ 9224BB254F591DE4CA8D572A5F0D635C ] uliahci         C:\Windows\system32\drivers\uliahci.sys
22:12:05.0961 5540  uliahci - ok
22:12:05.0977 5540  [ 8514D0E5CD0534467C5FC61BE94A569F ] UlSata          C:\Windows\system32\drivers\ulsata.sys
22:12:06.0008 5540  UlSata - ok
22:12:06.0024 5540  [ 38C3C6E62B157A6BC46594FADA45C62B ] ulsata2         C:\Windows\system32\drivers\ulsata2.sys
22:12:06.0039 5540  ulsata2 - ok
22:12:06.0070 5540  [ 32CFF9F809AE9AED85464492BF3E32D2 ] umbus           C:\Windows\system32\DRIVERS\umbus.sys
22:12:06.0164 5540  umbus - ok
22:12:06.0242 5540  [ 68308183F4AE0BE7BF8ECD07CB297999 ] upnphost        C:\Windows\System32\upnphost.dll
22:12:06.0320 5540  upnphost - ok
22:12:06.0367 5540  [ 8BD3AE150D97BA4E633C6C5C51B41AE1 ] usbccgp         C:\Windows\system32\drivers\usbccgp.sys
22:12:06.0570 5540  usbccgp - ok
22:12:06.0632 5540  [ E9476E6C486E76BC4898074768FB7131 ] usbcir          C:\Windows\system32\drivers\usbcir.sys
22:12:06.0694 5540  usbcir - ok
22:12:06.0757 5540  [ 79E96C23A97CE7B8F14D310DA2DB0C9B ] usbehci         C:\Windows\system32\DRIVERS\usbehci.sys
22:12:06.0788 5540  usbehci - ok
22:12:06.0804 5540  [ 4673BBCB006AF60E7ABDDBE7A130BA42 ] usbhub          C:\Windows\system32\DRIVERS\usbhub.sys
22:12:06.0835 5540  usbhub - ok
22:12:06.0866 5540  [ 38DBC7DD6CC5A72011F187425384388B ] usbohci         C:\Windows\system32\drivers\usbohci.sys
22:12:07.0365 5540  usbohci - ok
22:12:07.0428 5540  [ B51E52ACF758BE00EF3A58EA452FE360 ] usbprint        C:\Windows\system32\drivers\usbprint.sys
22:12:07.0599 5540  usbprint - ok
22:12:07.0630 5540  [ BE3DA31C191BC222D9AD503C5224F2AD ] USBSTOR         C:\Windows\system32\DRIVERS\USBSTOR.SYS
22:12:07.0677 5540  USBSTOR - ok
22:12:07.0708 5540  [ 814D653EFC4D48BE3B04A307ECEFF56F ] usbuhci         C:\Windows\system32\DRIVERS\usbuhci.sys
22:12:07.0755 5540  usbuhci - ok
22:12:07.0818 5540  [ 1509E705F3AC1D474C92454A5C2DD81F ] UxSms           C:\Windows\System32\uxsms.dll
22:12:07.0849 5540  UxSms - ok
22:12:07.0927 5540  [ CD88D1B7776DC17A119049742EC07EB4 ] vds             C:\Windows\System32\vds.exe
22:12:08.0005 5540  vds - ok
22:12:08.0052 5540  [ 87B06E1F30B749A114F74622D013F8D4 ] vga             C:\Windows\system32\DRIVERS\vgapnp.sys
22:12:08.0270 5540  vga - ok
22:12:08.0301 5540  [ 2E93AC0A1D8C79D019DB6C51F036636C ] VgaSave         C:\Windows\System32\drivers\vga.sys
22:12:08.0426 5540  VgaSave - ok
22:12:08.0442 5540  [ 5D7159DEF58A800D5781BA3A879627BC ] viaagp          C:\Windows\system32\drivers\viaagp.sys
22:12:08.0473 5540  viaagp - ok
22:12:08.0520 5540  [ C4F3A691B5BAD343E6249BD8C2D45DEE ] ViaC7           C:\Windows\system32\drivers\viac7.sys
22:12:08.0613 5540  ViaC7 - ok
22:12:08.0660 5540  [ AADF5587A4063F52C2C3FED7887426FC ] viaide          C:\Windows\system32\drivers\viaide.sys
22:12:08.0707 5540  viaide - ok
22:12:08.0722 5540  [ 69503668AC66C77C6CD7AF86FBDF8C43 ] volmgr          C:\Windows\system32\drivers\volmgr.sys
22:12:08.0754 5540  volmgr - ok
22:12:08.0847 5540  [ 23E41B834759917BFD6B9A0D625D0C28 ] volmgrx         C:\Windows\system32\drivers\volmgrx.sys
22:12:08.0894 5540  volmgrx - ok
22:12:08.0941 5540  [ 147281C01FCB1DF9252DE2A10D5E7093 ] volsnap         C:\Windows\system32\drivers\volsnap.sys
22:12:08.0988 5540  volsnap - ok
22:12:09.0019 5540  [ 587253E09325E6BF226B299774B728A9 ] vsmraid         C:\Windows\system32\drivers\vsmraid.sys
22:12:09.0050 5540  vsmraid - ok
22:12:09.0222 5540  [ DB3D19F850C6EB32BDCB9BC0836ACDDB ] VSS             C:\Windows\system32\vssvc.exe
22:12:09.0315 5540  VSS - ok
22:12:09.0346 5540  [ 96EA68B9EB310A69C25EBB0282B2B9DE ] W32Time         C:\Windows\system32\w32time.dll
22:12:09.0409 5540  W32Time - ok
22:12:09.0440 5540  [ 48DFEE8F1AF7C8235D4E626F0C4FE031 ] WacomPen        C:\Windows\system32\drivers\wacompen.sys
22:12:09.0612 5540  WacomPen - ok
22:12:09.0658 5540  [ 55201897378CCA7AF8B5EFD874374A26 ] Wanarp          C:\Windows\system32\DRIVERS\wanarp.sys
22:12:09.0783 5540  Wanarp - ok
22:12:09.0783 5540  [ 55201897378CCA7AF8B5EFD874374A26 ] Wanarpv6        C:\Windows\system32\DRIVERS\wanarp.sys
22:12:09.0814 5540  Wanarpv6 - ok
22:12:09.0861 5540  [ A3CD60FD826381B49F03832590E069AF ] wcncsvc         C:\Windows\System32\wcncsvc.dll
22:12:09.0986 5540  wcncsvc - ok
22:12:10.0033 5540  [ 11BCB7AFCDD7AADACB5746F544D3A9C7 ] WcsPlugInService C:\Windows\System32\WcsPlugInService.dll
22:12:10.0048 5540  WcsPlugInService - ok
22:12:10.0080 5540  [ 78FE9542363F297B18C027B2D7E7C07F ] Wd              C:\Windows\system32\drivers\wd.sys
22:12:10.0142 5540  Wd - ok
22:12:10.0204 5540  [ B6F0A7AD6D4BD325FBCD8BAC96CD8D96 ] Wdf01000        C:\Windows\system32\drivers\Wdf01000.sys
22:12:10.0251 5540  Wdf01000 - ok
22:12:10.0345 5540  [ ABFC76B48BB6C96E3338D8943C5D93B5 ] WdiServiceHost  C:\Windows\system32\wdi.dll
22:12:10.0672 5540  WdiServiceHost - ok
22:12:10.0672 5540  [ ABFC76B48BB6C96E3338D8943C5D93B5 ] WdiSystemHost   C:\Windows\system32\wdi.dll
22:12:10.0782 5540  WdiSystemHost - ok
22:12:10.0828 5540  [ 04C37D8107320312FBAE09926103D5E2 ] WebClient       C:\Windows\System32\webclnt.dll
22:12:10.0875 5540  WebClient - ok
22:12:10.0922 5540  [ AE3736E7E8892241C23E4EBBB7453B60 ] Wecsvc          C:\Windows\system32\wecsvc.dll
22:12:11.0031 5540  Wecsvc - ok
22:12:11.0078 5540  [ 670FF720071ED741206D69BD995EA453 ] wercplsupport   C:\Windows\System32\wercplsupport.dll
22:12:11.0125 5540  wercplsupport - ok
22:12:11.0172 5540  [ 32B88481D3B326DA6DEB07B1D03481E7 ] WerSvc          C:\Windows\System32\WerSvc.dll
22:12:11.0203 5540  WerSvc - ok
22:12:11.0265 5540  [ 4575AA12561C5648483403541D0D7F2B ] WinDefend       C:\Program Files\Windows Defender\mpsvc.dll
22:12:11.0281 5540  WinDefend - ok
22:12:11.0296 5540  WinHttpAutoProxySvc - ok
22:12:11.0359 5540  [ 6B2A1D0E80110E3D04E6863C6E62FD8A ] Winmgmt         C:\Windows\system32\wbem\WMIsvc.dll
22:12:11.0390 5540  Winmgmt - ok
22:12:11.0468 5540  [ 7CFE68BDC065E55AA5E8421607037511 ] WinRM           C:\Windows\system32\WsmSvc.dll
22:12:11.0546 5540  WinRM - ok
22:12:11.0624 5540  [ C008405E4FEEB069E30DA1D823910234 ] Wlansvc         C:\Windows\System32\wlansvc.dll
22:12:11.0718 5540  Wlansvc - ok
22:12:11.0764 5540  wltrysvc - ok
22:12:11.0796 5540  [ 2E7255D172DF0B8283CDFB7B433B864E ] WmiAcpi         C:\Windows\system32\DRIVERS\wmiacpi.sys
22:12:11.0811 5540  WmiAcpi - ok
22:12:11.0874 5540  [ 43BE3875207DCB62A85C8C49970B66CC ] wmiApSrv        C:\Windows\system32\wbem\WmiApSrv.exe
22:12:11.0905 5540  wmiApSrv - ok
22:12:11.0952 5540  [ 3978704576A121A9204F8CC49A301A9B ] WMPNetworkSvc   C:\Program Files\Windows Media Player\wmpnetwk.exe
22:12:12.0108 5540  WMPNetworkSvc - ok
22:12:12.0201 5540  [ CFC5A04558F5070CEE3E3A7809F3FF52 ] WPCSvc          C:\Windows\System32\wpcsvc.dll
22:12:12.0264 5540  WPCSvc - ok
22:12:12.0310 5540  [ 396D406292B0CD26E3504FFE82784702 ] WPDBusEnum      C:\Windows\system32\wpdbusenum.dll
22:12:12.0388 5540  WPDBusEnum - ok
22:12:12.0498 5540  [ DCF3E3EDF5109EE8BC02FE6E1F045795 ] WPFFontCache_v0400 C:\Windows\Microsoft.NET\Framework\v4.0.30319\WPF\WPFFontCache_v0400.exe
22:12:12.0607 5540  WPFFontCache_v0400 - ok
22:12:12.0669 5540  [ E3A3CB253C0EC2494D4A61F5E43A389C ] ws2ifsl         C:\Windows\system32\drivers\ws2ifsl.sys
22:12:12.0903 5540  ws2ifsl - ok
22:12:12.0966 5540  [ 1CA6C40261DDC0425987980D0CD2AAAB ] wscsvc          C:\Windows\System32\wscsvc.dll
22:12:12.0997 5540  wscsvc - ok
22:12:13.0012 5540  WSearch - ok
22:12:13.0106 5540  [ FC3EC24FCE372C89423E015A2AC1A31E ] wuauserv        C:\Windows\system32\wuaueng.dll
22:12:13.0262 5540  wuauserv - ok
22:12:13.0309 5540  [ AC13CB789D93412106B0FB6C7EB2BCB6 ] WUDFRd          C:\Windows\system32\DRIVERS\WUDFRd.sys
22:12:13.0387 5540  WUDFRd - ok
22:12:13.0418 5540  [ 575A4190D989F64732119E4114045A4F ] wudfsvc         C:\Windows\System32\WUDFSvc.dll
22:12:13.0465 5540  wudfsvc - ok
22:12:13.0465 5540  yksvc - ok
22:12:13.0512 5540  [ 1A51DF1A5C658D534ED980D18F7982DE ] yukonwlh        C:\Windows\system32\DRIVERS\yk60x86.sys
22:12:13.0558 5540  yukonwlh - ok
22:12:13.0574 5540  ================ Scan global ===============================
22:12:13.0590 5540  [ F31EEBC1A1C81FD04005489CC3DCDFE7 ] C:\Windows\system32\basesrv.dll
22:12:13.0652 5540  [ 5DF01708D214FDC0075AD197F1889557 ] C:\Windows\system32\winsrv.dll
22:12:13.0683 5540  [ 5DF01708D214FDC0075AD197F1889557 ] C:\Windows\system32\winsrv.dll
22:12:13.0777 5540  [ D4E6D91C1349B7BFB3599A6ADA56851B ] C:\Windows\system32\services.exe
22:12:13.0792 5540  [Global] - ok
22:12:13.0792 5540  ================ Scan MBR ==================================
22:12:13.0824 5540  [ 5C616939100B85E558DA92B899A0FC36 ] \Device\Harddisk0\DR0
22:12:15.0900 5540  \Device\Harddisk0\DR0 - ok
22:12:15.0916 5540  ================ Scan VBR ==================================
22:12:15.0932 5540  [ E50D58278451C6C52BDF83309B1EB461 ] \Device\Harddisk0\DR0\Partition1
22:12:15.0932 5540  \Device\Harddisk0\DR0\Partition1 - ok
22:12:15.0932 5540  ============================================================
22:12:15.0932 5540  Scan finished
22:12:15.0932 5540  ============================================================
22:12:15.0947 3964  Detected object count: 0
22:12:15.0947 3964  Actual detected object count: 0

cosinus · 12.03.2013, 15:30

Ist unauffällig

JRT - Junkware Removal Tool

Beende bitte Deine Schutzsoftware um eventuelle Konflikte zu vermeiden.
Bitte lade Junkware Removal Tool auf Deinen Desktop

Starte das Tool mit Doppelklick. Ab Windows Vista (oder höher) bitte mit Rechtsklick "als Administrator ausführen" starten.
Drücke eine beliebige Taste, um das Tool zu starten.
Je nach System kann der Scan eine Weile dauern.
Wenn das Tool fertig ist wird das Logfile (JRT.txt) auf dem Desktop gespeichert und automatisch geöffnet.
Bitte poste den Inhalt der JRT.txt in Deiner nächsten Antwort.

Im Anschluss:

adwCleaner - Toolbars und ungewollte Start-/Suchseiten entfernen

Downloade Dir bitte

AdwCleaner auf deinen Desktop.

Schließe alle offenen Programme und Browser. Bebilderte Anleitung zu AdwCleaner.
Starte die AdwCleaner.exe mit einem Doppelklick.
Stimme den Nutzungsbedingungen zu.
Klicke auf Optionen und vergewissere dich, dass die folgenden Punkte ausgewählt sind:
- "Tracing" Schlüssel löschen
- Winsock Einstellungen zurücksetzen
- Proxy Einstellungen zurücksetzen
- Internet Explorer Richtlinien zurücksetzen
- Chrome Richtlinien zurücksetzen
- Stelle sicher, dass alle 5 Optionen wie hier dargestellt, ausgewählt sind
Klicke auf Suchlauf und warte bis dieser abgeschlossen ist.
Klicke nun auf Löschen und bestätige auftretende Hinweise mit Ok.
Dein Rechner wird automatisch neu gestartet. Nach dem Neustart öffnet sich eine Textdatei. Poste mir deren Inhalt mit deiner nächsten Antwort.
Die Logdatei findest du auch unter C:\AdwCleaner\AdwCleaner[Cx].txt. (x = fortlaufende Nummer).

Danach eine Kontrolle mit OTL bitte:

Doppelklick auf die OTL.exe
Vista User: Rechtsklick auf die OTL.exe und "als Administrator ausführen" wählen
Setze oben mittig den Haken bei Scanne alle Benutzer
Oben findest Du ein Kästchen mit Output. Wähle bitte Minimal Output
Unter Extra Registry, wähle bitte Use SafeList
Klicke nun auf Run Scan links oben
Wenn der Scan beendet wurde werden 2 Logfiles erstellt
Poste die Logfiles in CODE-Tags hier in den Thread.

Alexandra64 · 12.03.2013, 15:44

Hey erstmal vielen Dank, dass du dir soviel Zeit für mich nimmst. Ich weiss, dass ihr das alle freiwillig und in Eurer Freizeit macht! Dafür einmal ein dickes Lob!
Ich habe eine Frage zwischendurch. Könnte es auch etwas anderes als ein Virus sein? Eine falsche Einstellung in meinem Browser oder etwas ähnliches?

und

kann ich die Anwendungen, die ich bisher geladen habe, auch wieder von meinem Rechner entfernen? Oder werden die noch benötigt?

Oder macht es eher Sinn den Laptop neu zu formatieren und das Betriebssystem neu zu installieren?

Vielen Dank!

cosinus · 12.03.2013, 17:50

Zitat:

Könnte es auch etwas anderes als ein Virus sein? Eine falsche Einstellung in meinem Browser oder etwas ähnliches?

Wie du llt gesehen hast versuch ich das gerade rauszufinden. Mach bitte mit den neuen Tools weiter

Alexandra64 · 12.03.2013, 20:24

ok,

jtr.txt. Bericht:

Code:

ATTFilter

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Junkware Removal Tool (JRT) by Thisisu
Version: 4.7.0 (03.11.2013:1)
OS: Windows Vista (TM) Home Premium x86
Ran by Karo on 12.03.2013 at 20:18:53,86
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~




~~~ Services



~~~ Registry Values

Successfully repaired: [Registry Value] hkey_local_machine\software\microsoft\internet explorer\searchscopes\{0633ee93-d776-472f-a0ff-e1416b8b2e3a}\\DisplayName
Successfully repaired: [Registry Value] hkey_local_machine\software\microsoft\internet explorer\searchscopes\{0633ee93-d776-472f-a0ff-e1416b8b2e3a}\\URL



~~~ Registry Keys

Successfully deleted: [Registry Key] hkey_current_user\software\1clickdownload
Successfully deleted: [Registry Key] hkey_local_machine\software\babylon
Failed to delete: [Registry Key] hkey_current_user\software\datamngr
Failed to delete: [Registry Key] hkey_local_machine\software\datamngr
Failed to delete: [Registry Key] hkey_current_user\software\datamngr_toolbar
Successfully deleted: [Registry Key] hkey_current_user\software\microsoft\windows\currentversion\ext\bprotectsettings
Successfully deleted: [Registry Key] hkey_local_machine\software\classes\prod.cap



~~~ Files



~~~ Folders

Successfully deleted: [Folder] "C:\ProgramData\babylon"
Successfully deleted: [Folder] "C:\Users\Karo\AppData\Roaming\babylon"



~~~ FireFox

Successfully deleted: [File] "C:\Program Files\Mozilla Firefox\searchplugins\babylon.xml"
Emptied folder: C:\Users\Karo\AppData\Roaming\mozilla\firefox\profiles\jchtc0cx.default-1362931242066\minidumps [5 files]



~~~ Event Viewer Logs were cleared





~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Scan was completed on 12.03.2013 at 20:22:36,87
End of JRT log
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

AdwCleaner:

Code:

ATTFilter

# AdwCleaner v2.114 - Datei am 12/03/2013 um 20:27:42 erstellt
# Aktualisiert am 05/03/2013 von Xplode
# Betriebssystem : Windows Vista (TM) Home Premium Service Pack 2 (32 bits)
# Benutzer : Karo - KARO-PC
# Bootmodus : Normal
# Ausgeführt unter : C:\Users\Karo\Downloads\adwcleaner.exe
# Option [Löschen]


**** [Dienste] ****


***** [Dateien / Ordner] *****

Ordner Gelöscht : C:\Users\Karo\AppData\Local\Temp\AskSearch

***** [Registrierungsdatenbank] *****

Schlüssel Gelöscht : HKCU\Software\5d538b8bb36dbf14
Schlüssel Gelöscht : HKCU\Software\DataMngr
Schlüssel Gelöscht : HKCU\Software\DataMngr_Toolbar
Schlüssel Gelöscht : HKCU\Software\delta LTD
Schlüssel Gelöscht : HKCU\Software\Microsoft\Windows\CurrentVersion\App Management\ARPCache\{15D2D75C-9CB2-4EFD-BAD7-B9B4CB4BC693}
Schlüssel Gelöscht : HKCU\Software\Microsoft\Windows\CurrentVersion\App Management\ARPCache\{79A765E1-C399-405B-85AF-466F52E918B0}
Schlüssel Gelöscht : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{98889811-442D-49DD-99D7-DC866BE87DBC}
Schlüssel Gelöscht : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{D4027C7F-154A-4066-A1AD-4243D8127440}
Schlüssel Gelöscht : HKLM\SOFTWARE\5d538b8bb36dbf14
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\AppID\{608D3067-77E8-463D-9084-908966806826}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\AppID\{C26644C4-2A12-4CA6-8F2E-0EDE6CF018F3}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\AppID\{EA28B360-05E0-4F93-8150-02891F1D8D3C}
Schlüssel Gelöscht : HKLM\Software\DataMngr
Schlüssel Gelöscht : HKLM\SOFTWARE\Google\Chrome\Extensions\blaofbhgbmeikidhlkmjhbkbfohpgekf
Schlüssel Gelöscht : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\063A857434EDED11A893800002C0A966
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{889DF117-14D1-44EE-9F31-C5FB5D47F68B}
Wert Gelöscht : HKCU\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser [{D4027C7F-154A-4066-A1AD-4243D8127440}]

***** [Internet Browser] *****

-\\ Internet Explorer v7.0.6002.18005

[OK] Die Registrierungsdatenbank ist sauber.

-\\ Mozilla Firefox v19.0.2 (de)

Datei : C:\Users\Karo\AppData\Roaming\Mozilla\Firefox\Profiles\jchtc0cx.default-1362931242066\prefs.js

[OK] Die Datei ist sauber.

*************************

AdwCleaner[S1].txt - [2345 octets] - [12/03/2013 20:27:42]

########## EOF - C:\AdwCleaner[S1].txt - [2405 octets] ##########

Olt.txt.

Code:

ATTFilter

OTL logfile created on: 12.03.2013 20:35:28 - Run 3
OTL by OldTimer - Version 3.2.69.0     Folder = C:\Users\Karo\Downloads
Windows Vista Home Premium Edition Service Pack 2 (Version = 6.0.6002) - Type = NTWorkstation
Internet Explorer (Version = 7.0.6002.18005)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
 
1,96 Gb Total Physical Memory | 1,04 Gb Available Physical Memory | 52,81% Memory free
4,17 Gb Paging File | 3,03 Gb Available in Paging File | 72,75% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 232,88 Gb Total Space | 206,84 Gb Free Space | 88,82% Space Free | Partition Type: NTFS
 
Computer Name: KARO-PC | User Name: Karo | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days
 
========== Processes (SafeList) ==========
 
PRC - C:\Users\Karo\Downloads\OTL.exe (OldTimer Tools)
PRC - C:\Programme\Mozilla Firefox\firefox.exe (Mozilla Corporation)
PRC - C:\Windows\System32\Macromed\Flash\FlashPlayerUpdateService.exe (Adobe Systems Incorporated)
PRC - C:\Programme\Avira\AntiVir Desktop\sched.exe (Avira Operations GmbH & Co. KG)
PRC - C:\Programme\Avira\AntiVir Desktop\avshadow.exe (Avira Operations GmbH & Co. KG)
PRC - C:\Programme\Avira\AntiVir Desktop\avgnt.exe (Avira Operations GmbH & Co. KG)
PRC - C:\Programme\Avira\AntiVir Desktop\avguard.exe (Avira Operations GmbH & Co. KG)
PRC - C:\Programme\Common Files\Adobe\ARM\1.0\armsvc.exe (Adobe Systems Incorporated)
PRC - C:\Programme\Windows Sidebar\sidebar.exe (Microsoft Corporation)
PRC - C:\Windows\explorer.exe (Microsoft Corporation)
PRC - C:\Programme\DellTPad\Apoint.exe (Alps Electric Co., Ltd.)
PRC - C:\Programme\DellTPad\hidfind.exe (Alps Electric Co., Ltd.)
PRC - C:\Programme\DellTPad\ApMsgFwd.exe (Alps Electric Co., Ltd.)
PRC - C:\Programme\Windows Media Player\wmpnetwk.exe (Microsoft Corporation)
PRC - C:\Programme\Windows Media Player\wmpnscfg.exe (Microsoft Corporation)
PRC - C:\Programme\DellTPad\ApntEx.exe (Alps Electric Co., Ltd.)
 
 
========== Modules (No Company Name) ==========
 
MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Runtime.Remo#\8dd61e72fac130c9d0c8e7f477ac0f04\System.Runtime.Remoting.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Web\b2a7c50b4ef0bbf2f031f7988c9918ce\System.Web.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\System\5808d6bdf8537a68c37952581273c880\System.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\47fea91cbec5f4bcbe7e6c4edb40d412\mscorlib.ni.dll ()
MOD - C:\Programme\Mozilla Firefox\mozjs.dll ()
MOD - C:\Programme\Common Files\Apple\Apple Application Support\zlib1.dll ()
MOD - C:\Programme\Common Files\Apple\Apple Application Support\libxml2.dll ()
MOD - C:\Windows\System32\bcmwlrmt.dll ()
 
 
========== Services (SafeList) ==========
 
SRV - (MozillaMaintenance) -- C:\Programme\Mozilla Maintenance Service\maintenanceservice.exe (Mozilla Foundation)
SRV - (AdobeFlashPlayerUpdateSvc) -- C:\Windows\System32\Macromed\Flash\FlashPlayerUpdateService.exe (Adobe Systems Incorporated)
SRV - (AntiVirSchedulerService) -- C:\Programme\Avira\AntiVir Desktop\sched.exe (Avira Operations GmbH & Co. KG)
SRV - (AntiVirService) -- C:\Programme\Avira\AntiVir Desktop\avguard.exe (Avira Operations GmbH & Co. KG)
SRV - (AdobeARMservice) -- C:\Programme\Common Files\Adobe\ARM\1.0\armsvc.exe (Adobe Systems Incorporated)
SRV - (WMPNetworkSvc) -- C:\Programme\Windows Media Player\wmpnetwk.exe (Microsoft Corporation)
SRV - (WinDefend) -- C:\Programme\Windows Defender\MpSvc.dll (Microsoft Corporation)
SRV - (odserv) -- C:\Programme\Common Files\microsoft shared\OFFICE12\ODSERV.EXE (Microsoft Corporation)
SRV - (ose) -- C:\Programme\Common Files\microsoft shared\Source Engine\OSE.EXE (Microsoft Corporation)
 
 
========== Driver Services (SafeList) ==========
 
DRV - (NwlnkFwd) -- system32\DRIVERS\nwlnkfwd.sys File not found
DRV - (NwlnkFlt) -- system32\DRIVERS\nwlnkflt.sys File not found
DRV - (IpInIp) -- system32\DRIVERS\ipinip.sys File not found
DRV - (avkmgr) -- C:\Windows\System32\drivers\avkmgr.sys (Avira Operations GmbH & Co. KG)
DRV - (ssmdrv) -- C:\Windows\System32\drivers\ssmdrv.sys (Avira GmbH)
DRV - (avipbb) -- C:\Windows\System32\drivers\avipbb.sys (Avira Operations GmbH & Co. KG)
DRV - (avgntflt) -- C:\Windows\System32\drivers\avgntflt.sys (Avira Operations GmbH & Co. KG)
DRV - (BCM42RLY) -- C:\Windows\System32\drivers\bcm42rly.sys (Broadcom Corporation)
DRV - (ApfiltrService) -- C:\Windows\System32\drivers\Apfiltr.sys (Alps Electric Co., Ltd.)
 
 
========== Standard Registry (SafeList) ==========
 
 
========== Internet Explorer ==========
 
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = %SystemRoot%\system32\blank.htm
IE - HKLM\..\SearchScopes,DefaultScope = 
IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search
 
 
IE - HKU\.DEFAULT\..\SearchScopes,DefaultScope = 
IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
 
IE - HKU\S-1-5-18\..\SearchScopes,DefaultScope = 
IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
 
IE - HKU\S-1-5-19\..\SearchScopes,DefaultScope = 
 
IE - HKU\S-1-5-20\..\SearchScopes,DefaultScope = 
 
IE - HKU\S-1-5-21-1535122793-504594352-3588520643-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.google.de/
IE - HKU\S-1-5-21-1535122793-504594352-3588520643-1000\SOFTWARE\Microsoft\Internet Explorer\Main,StartPageCache = 1
IE - HKU\S-1-5-21-1535122793-504594352-3588520643-1000\..\SearchScopes,DefaultScope = 
IE - HKU\S-1-5-21-1535122793-504594352-3588520643-1000\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&FORM=IE8SRC
IE - HKU\S-1-5-21-1535122793-504594352-3588520643-1000\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&FORM=IE8SRC
IE - HKU\S-1-5-21-1535122793-504594352-3588520643-1000\..\SearchScopes\{D6F24153-043C-4538-8EB3-844D68A3BD99}: "URL" = hxxp://www.google.de/search?q={searchTerms}
IE - HKU\S-1-5-21-1535122793-504594352-3588520643-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKU\S-1-5-21-1535122793-504594352-3588520643-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local
 
========== FireFox ==========
 
FF - prefs.js..browser.startup.homepage: "hxxp://www.gmx.net/"
FF - prefs.js..extensions.enabledAddons: %7B972ce4c6-7e08-4474-a285-3208198ce6fd%7D:19.0.2
FF - user.js - File not found
 
FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF32_11_6_602_171.dll ()
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=:  File not found
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=1.0: C:\Program Files\iTunes\Mozilla Plugins\npitunes.dll ()
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WPF,version=3.5: c:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@videolan.org/vlc,version=2.0.5: C:\Program Files\VideoLAN\VLC\npvlc.dll (VideoLAN)
FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF - HKCU\Software\MozillaPlugins\amazon.com/AmazonMP3DownloaderPlugin: C:\Program Files\Amazon\MP3 Downloader\npAmazonMP3DownloaderPlugin101721.dll (Amazon.com, Inc.)
 
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 19.0.2\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2013.03.09 15:15:26 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 19.0.2\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins
 
[2013.02.19 01:48:29 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Karo\AppData\Roaming\mozilla\Extensions
[2013.03.10 19:57:57 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Karo\AppData\Roaming\mozilla\Firefox\Profiles\jchtc0cx.default-1362931242066\extensions
[2013.03.10 19:57:57 | 000,817,280 | ---- | M] () (No name found) -- C:\Users\Karo\AppData\Roaming\mozilla\firefox\profiles\jchtc0cx.default-1362931242066\extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}.xpi
[2013.02.19 01:48:14 | 000,000,000 | ---D | M] (No name found) -- C:\Programme\Mozilla Firefox\extensions
[2013.03.09 15:15:26 | 000,263,064 | ---- | M] (Mozilla Foundation) -- C:\Program Files\mozilla firefox\components\browsercomps.dll
[2013.02.01 20:33:32 | 000,001,392 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\amazondotcom-de.xml
[2013.02.01 20:33:32 | 000,002,465 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\bing.xml
[2013.02.01 20:33:32 | 000,001,153 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\eBay-de.xml
[2013.02.01 20:33:32 | 000,006,805 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\leo_ende_de.xml
[2013.02.01 20:33:32 | 000,001,178 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\wikipedia-de.xml
[2013.02.01 20:33:32 | 000,001,105 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\yahoo-de.xml
 
O1 HOSTS File: ([2006.09.18 22:41:30 | 000,000,761 | ---- | M]) - C:\Windows\System32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1       localhost
O1 - Hosts: ::1             localhost
O4 - HKLM..\Run: [Apoint] C:\Programme\DellTPad\Apoint.exe (Alps Electric Co., Ltd.)
O4 - HKLM..\Run: [APSDaemon] C:\Program Files\Common Files\Apple\Apple Application Support\APSDaemon.exe (Apple Inc.)
O4 - HKLM..\Run: [avgnt] C:\Program Files\Avira\AntiVir Desktop\avgnt.exe (Avira Operations GmbH & Co. KG)
O4 - HKLM..\Run: [Windows Defender] C:\Program Files\Windows Defender\MSASCui.exe (Microsoft Corporation)
O4 - HKU\S-1-5-19..\Run: [WindowsWelcomeCenter] C:\Windows\System32\oobefldr.dll (Microsoft Corporation)
O4 - HKU\S-1-5-20..\Run: [WindowsWelcomeCenter] C:\Windows\System32\oobefldr.dll (Microsoft Corporation)
O8 - Extra context menu item: Nach Microsoft E&xel exportieren - C:\Programme\Microsoft Office\Office12\EXCEL.EXE (Microsoft Corporation)
O9 - Extra Button: An OneNote senden - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Programme\Microsoft Office\Office12\ONBttnIE.dll (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : An OneNote s&enden - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Programme\Microsoft Office\Office12\ONBttnIE.dll (Microsoft Corporation)
O9 - Extra Button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\Programme\Microsoft Office\Office12\REFIEBAR.DLL (Microsoft Corporation)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000005 [] - C:\Programme\Bonjour\mdnsNSP.dll (Apple Inc.)
O13 - gopher Prefix: missing
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{55A08018-6F5B-49EC-A1F7-CD6D481C7CE8}: DhcpNameServer = 192.168.1.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{C3FF073B-B670-48D8-9FF6-5B3610178045}: DhcpNameServer = 192.168.1.1
O18 - Protocol\Handler\ms-help {314111c7-a502-11d2-bbca-00c04f8ec294} - C:\Programme\Common Files\microsoft shared\Help\hxds.dll (Microsoft Corporation)
O18 - Protocol\Filter\text/xml {807563E5-5146-11D5-A672-00B0D022E945} - C:\Programme\Common Files\microsoft shared\OFFICE12\MSOXMLMF.DLL (Microsoft Corporation)
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\System32\userinit.exe (Microsoft Corporation)
O24 - Desktop WallPaper: C:\Users\Karo\AppData\Roaming\Microsoft\Windows Photo Gallery\Hintergrundbild der Windows-Fotogalerie.jpg
O24 - Desktop BackupWallPaper: C:\Users\Karo\AppData\Roaming\Microsoft\Windows Photo Gallery\Hintergrundbild der Windows-Fotogalerie.jpg
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2006.09.18 22:43:36 | 000,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ]
O34 - HKLM BootExecute: (autocheck autochk *)
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)
 
========== Files/Folders - Created Within 30 Days ==========
 
[2013.03.12 20:18:46 | 000,000,000 | ---D | C] -- C:\Windows\ERUNT
[2013.03.12 20:18:31 | 000,000,000 | ---D | C] -- C:\JRT
[2013.03.12 02:17:04 | 000,009,728 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\Wdfres.dll
[2013.03.12 02:16:59 | 000,172,032 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\WUDFPlatform.dll
[2013.03.12 02:16:59 | 000,047,720 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\drivers\WdfLdr.sys
[2013.03.12 02:16:59 | 000,016,896 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\winusb.dll
[2013.03.12 02:16:57 | 000,613,888 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\WUDFx.dll
[2013.03.12 02:16:57 | 000,038,912 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\WUDFCoinstaller.dll
[2013.03.12 02:05:12 | 000,000,000 | -HSD | C] -- C:\Config.Msi
[2013.03.12 01:55:54 | 000,293,376 | ---- | C] (Adobe Systems Incorporated) -- C:\Windows\System32\atmfd.dll
[2013.03.12 01:55:53 | 000,034,304 | ---- | C] (Adobe Systems) -- C:\Windows\System32\atmlib.dll
[2013.03.11 21:50:29 | 000,002,048 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\tzres.dll
[2013.03.11 21:50:07 | 000,049,152 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\csrsrv.dll
[2013.03.11 21:50:04 | 001,314,816 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\quartz.dll
[2013.03.11 21:50:04 | 000,497,152 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\qdvd.dll
[2013.03.11 18:11:50 | 000,555,520 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\UIAutomationCore.dll
[2013.03.11 18:11:50 | 000,004,096 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\oleaccrc.dll
[2013.03.11 18:03:36 | 003,602,808 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ntkrnlpa.exe
[2013.03.11 18:03:36 | 003,550,072 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ntoskrnl.exe
[2013.03.11 18:01:49 | 002,044,928 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\win32k.sys
[2013.03.11 17:58:34 | 000,204,288 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ncrypt.dll
[2013.03.11 17:53:24 | 000,231,424 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\msshsq.dll
[2013.03.11 17:28:10 | 000,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes
[2013.03.11 17:27:09 | 000,000,000 | ---D | C] -- C:\Users\Karo\Desktop\mbar-1.01.0.1021-1
[2013.03.11 15:47:37 | 000,613,376 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\rdpencom.dll
[2013.03.11 10:33:47 | 002,422,272 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\wucltux.dll
[2013.03.11 10:33:47 | 000,045,080 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\wups2.dll
[2013.03.11 10:33:25 | 000,577,048 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\wuapi.dll
[2013.03.11 10:33:25 | 000,088,576 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\wudriver.dll
[2013.03.11 10:33:25 | 000,035,864 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\wups.dll
[2013.03.11 10:33:07 | 000,171,904 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\wuwebv.dll
[2013.03.11 10:33:07 | 000,033,792 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\wuapp.exe
[2013.03.10 17:58:59 | 000,000,000 | ---D | C] -- C:\Windows\System32\eu-ES
[2013.03.10 17:58:59 | 000,000,000 | ---D | C] -- C:\Windows\System32\ca-ES
[2013.03.10 17:58:57 | 000,000,000 | ---D | C] -- C:\Windows\System32\vi-VN
[2013.03.10 17:00:46 | 000,000,000 | ---D | C] -- C:\Users\Karo\Desktop\Alte Firefox-Daten
[2013.03.10 16:47:19 | 000,000,000 | ---D | C] -- C:\Windows\System32\EventProviders
[2013.02.21 11:55:00 | 000,000,000 | ---D | C] -- C:\Users\Karo\AppData\Roaming\dvdcss
[2013.02.19 01:48:20 | 000,000,000 | ---D | C] -- C:\Users\Karo\AppData\Roaming\Mozilla
 
========== Files - Modified Within 30 Days ==========
 
[2013.03.12 20:34:38 | 000,628,742 | ---- | M] () -- C:\Windows\System32\perfh007.dat
[2013.03.12 20:34:38 | 000,595,996 | ---- | M] () -- C:\Windows\System32\perfh009.dat
[2013.03.12 20:34:38 | 000,126,454 | ---- | M] () -- C:\Windows\System32\perfc007.dat
[2013.03.12 20:34:38 | 000,104,070 | ---- | M] () -- C:\Windows\System32\perfc009.dat
[2013.03.12 20:33:00 | 000,000,884 | ---- | M] () -- C:\Windows\tasks\Adobe Flash Player Updater.job
[2013.03.12 20:29:25 | 000,003,712 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0
[2013.03.12 20:29:25 | 000,003,712 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0
[2013.03.12 20:29:10 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2013.03.12 20:29:04 | 2105,921,536 | -HS- | M] () -- C:\hiberfil.sys
[2013.03.12 07:46:45 | 000,265,000 | ---- | M] () -- C:\Windows\System32\FNTCACHE.DAT
[2013.03.11 17:24:52 | 013,786,977 | R--- | M] () -- C:\Users\Karo\Desktop\mbar-1.01.0.1021-1.zip
[2013.02.27 16:11:22 | 000,002,631 | ---- | M] () -- C:\Users\Karo\Desktop\Microsoft Office Word 2007.lnk
[2013.02.26 22:33:34 | 000,691,568 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\System32\FlashPlayerApp.exe
[2013.02.26 22:33:34 | 000,071,024 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\System32\FlashPlayerCPLApp.cpl
[2013.02.25 12:44:00 | 000,010,752 | ---- | M] () -- C:\Users\Karo\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2013.02.19 01:48:16 | 000,000,846 | ---- | M] () -- C:\Users\Public\Desktop\Mozilla Firefox.lnk
 
========== Files Created - No Company Name ==========
 
[2013.03.12 02:17:08 | 000,000,003 | ---- | C] () -- C:\Windows\System32\drivers\MsftWdf_User_01_11_00_Inbox_Critical.Wdf
[2013.03.12 02:17:08 | 000,000,003 | ---- | C] () -- C:\Windows\System32\drivers\MsftWdf_Kernel_01011_Inbox_Critical.Wdf
[2013.03.11 17:06:06 | 013,786,977 | R--- | C] () -- C:\Users\Karo\Desktop\mbar-1.01.0.1021-1.zip
[2013.03.10 18:07:49 | 000,000,949 | ---- | C] () -- C:\Users\Karo\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Internet Explorer.lnk
[2013.02.19 01:48:16 | 000,000,858 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Mozilla Firefox.lnk
[2013.02.19 01:48:16 | 000,000,846 | ---- | C] () -- C:\Users\Public\Desktop\Mozilla Firefox.lnk
[2013.02.09 01:01:54 | 000,010,752 | ---- | C] () -- C:\Users\Karo\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2013.02.04 15:23:57 | 000,006,656 | ---- | C] () -- C:\Windows\System32\bcmwlrc.dll
[2013.02.04 15:23:54 | 000,054,784 | ---- | C] () -- C:\Windows\System32\bcmwlrmt.dll
[2013.02.04 15:23:52 | 000,026,112 | ---- | C] () -- C:\Windows\System32\WLTRYSVC.EXE
[2013.02.02 11:50:36 | 000,117,248 | ---- | C] () -- C:\Windows\System32\EhStorAuthn.dll
[2013.02.02 11:50:36 | 000,107,612 | ---- | C] () -- C:\Windows\System32\StructuredQuerySchema.bin
[2013.02.01 22:49:03 | 000,018,904 | ---- | C] () -- C:\Windows\System32\StructuredQuerySchemaTrivial.bin
[2013.02.01 20:38:09 | 000,628,742 | ---- | C] () -- C:\Windows\System32\perfh007.dat
[2013.02.01 20:38:09 | 000,290,748 | ---- | C] () -- C:\Windows\System32\perfi007.dat
[2013.02.01 20:38:09 | 000,126,454 | ---- | C] () -- C:\Windows\System32\perfc007.dat
[2013.02.01 20:38:09 | 000,036,916 | ---- | C] () -- C:\Windows\System32\perfd007.dat
[2013.02.01 14:04:32 | 002,192,024 | ---- | C] () -- C:\Windows\System32\igkrng500.bin
[2013.02.01 14:04:32 | 000,147,456 | ---- | C] () -- C:\Windows\System32\igfxCoIn_v1489.dll
[2013.02.01 14:04:31 | 000,146,596 | ---- | C] () -- C:\Windows\System32\igfcg550.bin
[2013.02.01 14:04:30 | 000,492,496 | ---- | C] () -- C:\Windows\System32\igcompkrng500.bin
[2013.02.01 11:47:35 | 000,000,680 | ---- | C] () -- C:\Users\Karo\AppData\Local\d3d9caps.dat
 
========== ZeroAccess Check ==========
 
[2006.11.02 13:54:22 | 000,000,227 | RHS- | M] () -- C:\Windows\assembly\Desktop.ini
 
[HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
 
[HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32]
 
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
"" = %SystemRoot%\system32\shell32.dll -- [2011.01.21 17:35:22 | 011,586,048 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment
 
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32]
"" = %systemroot%\system32\wbem\fastprox.dll -- [2009.04.11 07:28:19 | 000,614,912 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free
 
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32]
"" = %systemroot%\system32\wbem\wbemess.dll -- [2009.04.11 07:28:25 | 000,347,648 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Both
 
========== LOP Check ==========
 
[2013.02.04 17:25:43 | 000,000,000 | ---D | M] -- C:\Users\Karo\AppData\Roaming\Amazon
[2013.02.01 13:47:19 | 000,000,000 | ---D | M] -- C:\Users\Karo\AppData\Roaming\TMP
 
========== Purity Check ==========
 
 

< End of report >

extras.txt.

Code:

ATTFilter

OTL Extras logfile created on: 12.03.2013 20:35:28 - Run 3
OTL by OldTimer - Version 3.2.69.0     Folder = C:\Users\Karo\Downloads
Windows Vista Home Premium Edition Service Pack 2 (Version = 6.0.6002) - Type = NTWorkstation
Internet Explorer (Version = 7.0.6002.18005)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
 
1,96 Gb Total Physical Memory | 1,04 Gb Available Physical Memory | 52,81% Memory free
4,17 Gb Paging File | 3,03 Gb Available in Paging File | 72,75% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 232,88 Gb Total Space | 206,84 Gb Free Space | 88,82% Space Free | Partition Type: NTFS
 
Computer Name: KARO-PC | User Name: Karo | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days
 
========== Extra Registry (SafeList) ==========
 
 
========== File Associations ==========
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- C:\Windows\System32\control.exe (Microsoft Corporation)
.hlp [@ = hlpfile] -- C:\Windows\winhlp32.exe (Microsoft Corporation)
.url [@ = InternetShortcut] -- rundll32.exe ieframe.dll,OpenURL %l
 
[HKEY_USERS\S-1-5-21-1535122793-504594352-3588520643-1000\SOFTWARE\Classes\<extension>]
.html [@ = FirefoxHTML] -- C:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation)
 
========== Shell Spawning ==========
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
hlpfile [open] -- %SystemRoot%\winhlp32.exe %1 (Microsoft Corporation)
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
InternetShortcut [open] -- rundll32.exe ieframe.dll,OpenURL %l
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [AddToPlaylistVLC] -- "C:\Program Files\VideoLAN\VLC\vlc.exe" --started-from-file --playlist-enqueue "%1" (VideoLAN)
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [OneNote.Open] -- C:\PROGRA~1\MICROS~2\Office12\ONENOTE.EXE "%L" (Microsoft Corporation)
Directory [PlayWithVLC] -- "C:\Program Files\VideoLAN\VLC\vlc.exe" --started-from-file --no-playlist-enqueue "%1" (VideoLAN)
Folder [open] -- %SystemRoot%\Explorer.exe /separate,/idlist,%I,%L (Microsoft Corporation)
Folder [explore] -- %SystemRoot%\Explorer.exe /separate,/e,/idlist,%I,%L (Microsoft Corporation)
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
 
========== Security Center Settings ==========
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 1
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"AntiVirusOverride" = 0
"AntiSpywareOverride" = 0
"FirewallOverride" = 0
"VistaSp1" = Reg Error: Unknown registry data type -- File not found
"VistaSp2" = Reg Error: Unknown registry data type -- File not found
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol]
 
========== Firewall Settings ==========
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"EnableFirewall" = 1
"DisableNotifications" = 0
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"EnableFirewall" = 1
"DisableNotifications" = 0
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
"EnableFirewall" = 1
"DisableNotifications" = 0
 
========== Authorized Applications List ==========
 
 
========== Vista Active Open Ports Exception List ==========
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{0086D2C4-D6C2-4751-878E-9B4B8981F3C4}" = rport=138 | protocol=17 | dir=out | app=system | 
"{1F502764-83AA-48BC-A778-B4173FCD7B40}" = rport=1900 | protocol=17 | dir=out | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe | 
"{203A7D15-DBC2-4E5E-B6D4-1F0441F63EC4}" = lport=138 | protocol=17 | dir=in | app=system | 
"{286B0F3E-8AEB-4903-BE6C-41225A276507}" = rport=445 | protocol=6 | dir=out | app=system | 
"{2E9C9859-B97E-4F58-AB67-CE1674F5F751}" = lport=3702 | protocol=17 | dir=in | svc=fdphost | app=%systemroot%\system32\svchost.exe | 
"{47AAB9F5-FCE2-4DBA-AE26-D9219F519109}" = rport=139 | protocol=6 | dir=out | app=system | 
"{510CA1F8-1F93-44DA-9A8A-71056AADB43F}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe | 
"{56429E2B-05B3-4DA5-93EC-040559088743}" = lport=137 | protocol=17 | dir=in | app=system | 
"{667DA991-DC6A-4330-AF53-F2377A8C57CA}" = rport=3702 | protocol=17 | dir=out | svc=fdrespub | app=%systemroot%\system32\svchost.exe | 
"{7B6727C9-2156-4BE7-85DD-D00C7F85E54F}" = rport=3702 | protocol=17 | dir=out | svc=fdphost | app=%systemroot%\system32\svchost.exe | 
"{86125D5E-FBC3-4F7F-B076-FCFF6244949F}" = lport=rpc-epmap | protocol=6 | dir=in | svc=rpcss | name=@firewallapi.dll,-28539 | 
"{A31802F5-A1A1-4E4D-A1F4-7C5037494AE9}" = lport=3702 | protocol=17 | dir=in | svc=fdrespub | app=%systemroot%\system32\svchost.exe | 
"{AA13B299-655A-450F-A620-50E3D994E5BE}" = rport=137 | protocol=17 | dir=out | app=system | 
"{B3F58040-8675-438D-9E2A-A409020A19F5}" = lport=445 | protocol=6 | dir=in | app=system | 
"{D2B20425-783C-47EC-8879-9026AB162D94}" = lport=rpc | protocol=6 | dir=in | svc=spooler | app=%systemroot%\system32\spoolsv.exe | 
"{E8112420-4B69-4B40-AB03-B22921237C41}" = lport=5355 | protocol=17 | dir=in | svc=dnscache | app=%systemroot%\system32\svchost.exe | 
"{E9D66E93-AE0E-4AEA-81C2-82E19486839F}" = rport=5355 | protocol=17 | dir=out | svc=dnscache | app=%systemroot%\system32\svchost.exe | 
"{F06AEBE0-CA68-4B2D-B6BB-B4EAF5CC3050}" = lport=139 | protocol=6 | dir=in | app=system | 
 
========== Vista Active Application Exception List ==========
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{0BB471B6-DD44-421D-82F6-D2B89A25DA69}" = dir=in | app=c:\program files\common files\apple\apple application support\webkit2webprocess.exe | 
"{237DA757-E68C-458F-9F02-5254985D4316}" = protocol=17 | dir=in | app=c:\program files\bonjour\mdnsresponder.exe | 
"{2783C4AE-CACE-4DEE-96F8-5E264EB613BE}" = protocol=6 | dir=in | app=c:\program files\bonjour\mdnsresponder.exe | 
"{34B6A9FC-F77C-4167-B2A9-2E6EAD0A04AE}" = protocol=58 | dir=in | name=@firewallapi.dll,-28545 | 
"{46A85009-750D-4DF5-9BFA-89C0C46295B5}" = dir=in | app=c:\program files\itunes\itunes.exe | 
"{55F2AB10-4B50-4B1E-AFBD-05C919C3DA6A}" = protocol=1 | dir=in | name=@firewallapi.dll,-28543 | 
"{C73B1DD9-88B6-4464-8712-C8AC90E23B03}" = protocol=17 | dir=in | app=c:\program files\microsoft office\office12\onenote.exe | 
"{D7A581A5-BDD0-41FA-86A2-B9D08BCD50D7}" = protocol=6 | dir=in | app=c:\program files\microsoft office\office12\onenote.exe | 
"{DC48D757-EBD1-43AB-97D4-35A92C05645A}" = protocol=58 | dir=out | name=@firewallapi.dll,-28546 | 
"{DFA54467-104A-4597-9E6D-D9DD355242AB}" = protocol=6 | dir=out | svc=upnphost | app=%systemroot%\system32\svchost.exe | 
"{F96D4945-63B8-4067-926A-8AEF1EC7A2CD}" = protocol=1 | dir=out | name=@firewallapi.dll,-28544 | 
 
========== HKEY_LOCAL_MACHINE Uninstall List ==========
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{052FDD78-A6EA-3187-8386-C82F4CA3A929}" = Microsoft .NET Framework 3.5 Language Pack SP1 - deu
"{3C3901C5-3455-3E0A-A214-0B093A5070A6}" = Microsoft .NET Framework 4 Client Profile
"{415B2719-AD3A-4944-B404-C472DB6085B3}" = Cisco EAP-FAST Module
"{42929F0F-CE14-47AF-9FC7-FF297A603021}" = Dell Resource CD
"{459699C3-9430-4381-964B-4248D87B49F9}" = Apple Mobile Device Support
"{669C7BD8-DAA2-49B6-966C-F1E2AAE6B17E}" = Cisco PEAP Module
"{7299052b-02a4-4627-81f2-1818da5d550d}" = Microsoft Visual C++ 2005 Redistributable
"{789A5B64-9DD9-4BA5-915A-F0FC0A1B7BFE}" = Apple Software Update
"{79155F2B-9895-49D7-8612-D92580E0DE5B}" = Bonjour
"{83770D14-21B9-44B3-8689-F7B523F94560}" = Cisco LEAP Module
"{90120000-0016-0407-0000-0000000FF1CE}" = Microsoft Office Excel MUI (German) 2007
"{90120000-0018-0407-0000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (German) 2007
"{90120000-001B-0407-0000-0000000FF1CE}" = Microsoft Office Word MUI (German) 2007
"{90120000-001F-0407-0000-0000000FF1CE}" = Microsoft Office Proof (German) 2007
"{90120000-001F-0409-0000-0000000FF1CE}" = Microsoft Office Proof (English) 2007
"{90120000-001F-040C-0000-0000000FF1CE}" = Microsoft Office Proof (French) 2007
"{90120000-001F-0410-0000-0000000FF1CE}" = Microsoft Office Proof (Italian) 2007
"{90120000-002C-0407-0000-0000000FF1CE}" = Microsoft Office Proofing (German) 2007
"{90120000-006E-0407-0000-0000000FF1CE}" = Microsoft Office Shared MUI (German) 2007
"{90120000-00A1-0407-0000-0000000FF1CE}" = Microsoft Office OneNote MUI (German) 2007
"{91120000-002F-0000-0000-0000000FF1CE}" = Microsoft Office Home and Student 2007
"{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
"{9F72EF8B-AEC9-4CA5-B483-143980AFD6FD}" = Dell Touchpad
"{AC76BA86-7AD7-1031-7B44-AA1000000001}" = Adobe Reader X (10.1.4) - Deutsch
"{B0261E53-B6F1-474A-864B-E7C3CBF468E0}" = iTunes
"{C950420B-4182-49EA-850A-A6A2ABF06C6B}" = Marvell Miniport Driver
"{CCE825DB-347A-4004-A186-5F4A6FDD8547}" = Apple Application Support
"{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}" = Microsoft .NET Framework 3.5 SP1
"{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}" = Microsoft Visual C++ 2010  x86 Redistributable - 10.0.40219
"{F750C986-5310-3A5A-95F8-4EC71C8AC01C}" = Microsoft .NET Framework 4 Client Profile DEU Language Pack
"Adobe Flash Player Plugin" = Adobe Flash Player 11 Plugin
"Amazon MP3-Downloader" = Amazon MP3-Downloader 1.0.17
"Avira AntiVir Desktop" = Avira Free Antivirus
"Broadcom 802.11 Application" = Dell Wireless WLAN Card Utility
"HDMI" = Intel(R) Graphics Media Accelerator Driver
"HOMESTUDENTR" = Microsoft Office Home and Student 2007
"Microsoft .NET Framework 3.5 Language Pack SP1 - deu" = Microsoft .NET Framework 3.5 Language Pack SP1 - DEU
"Microsoft .NET Framework 3.5 SP1" = Microsoft .NET Framework 3.5 SP1
"Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile
"Microsoft .NET Framework 4 Client Profile DEU Language Pack" = Microsoft .NET Framework 4 Client Profile DEU Language Pack
"Mozilla Firefox 19.0.2 (x86 de)" = Mozilla Firefox 19.0.2 (x86 de)
"MozillaMaintenanceService" = Mozilla Maintenance Service
"VLC media player" = VLC media player 2.0.5
 
========== Last 20 Event Log Errors ==========
 
[ Application Events ]
Error - 12.03.2013 15:30:54 | Computer Name = Karo-PC | Source = WinMgmt | ID = 10
Description = 
 
[ System Events ]
Error - 12.03.2013 15:30:34 | Computer Name = Karo-PC | Source = Microsoft-Windows-LanguagePackSetup | ID = 1001
Description = 
 
Error - 12.03.2013 15:30:55 | Computer Name = Karo-PC | Source = Service Control Manager | ID = 7000
Description = 
 
Error - 12.03.2013 15:30:55 | Computer Name = Karo-PC | Source = Service Control Manager | ID = 7000
Description = 
 
 
< End of report >

cosinus · 12.03.2013, 23:42

Sieht ok aus. Wir sollten fast durch sein. Mach bitte zur Kontrolle einen Quickscan mit Malwarebytes - denk bitte vorher daran, Malwarebytes über den Updatebutton zu aktualisieren

Anschließend über den OnlineScanner von ESET eine zusätzliche Meinung zu holen ist auch nicht verkehrt:

ESET Online Scanner

Hier findest du eine bebilderte Anleitung zu ESET Online Scanner
Lade und starte Eset Online Scanner
Setze einen Haken bei Ja, ich bin mit den Nutzungsbedingungen einverstanden und klicke auf Starten.
Aktiviere die "Erkennung von eventuell unerwünschten Anwendungen" und wähle folgende Einstellungen.
Klicke auf Starten.
Die Signaturen werden heruntergeladen, der Scan beginnt automatisch.
Klicke am Ende des Suchlaufs auf Fertig stellen.
Schließe das Fenster von ESET.
Explorer öffnen.
C:\Programme\Eset\EsetOnlineScanner\log.txt (bei 64 Bit auch C:\Programme (x86)\Eset\EsetOnlineScanner\log.txt) suchen und mit Deinem Editor öffnen (bebildert).
Logfile hier posten.
Deinstallation: Systemsteuerung => Software / Programme deinstallieren => Eset Online Scanner V3 entfernen.
Manuell folgenden Ordner löschen und Papierkorb leeren => C:\Programme\Eset

Alexandra64 · 13.03.2013, 20:43

Code:

ATTFilter

 Malwarebytes Anti-Malware  (Test) 1.70.0.1100
www.malwarebytes.org

Datenbank Version: v2013.03.13.11

Windows Vista Service Pack 2 x86 NTFS
Internet Explorer 9.0.8112.16421
Karo :: KARO-PC [Administrator]

Schutz: Aktiviert

13.03.2013 20:37:17
mbam-log-2013-03-13 (20-37-17).txt

Art des Suchlaufs: Quick-Scan
Aktivierte Suchlaufeinstellungen: Speicher | Autostart | Registrierung | Dateisystem | Heuristiks/Extra | HeuristiKs/Shuriken | PUP | PUM
Deaktivierte Suchlaufeinstellungen: P2P
Durchsuchte Objekte: 192164
Laufzeit: 5 Minute(n), 23 Sekunde(n)

Infizierte Speicherprozesse: 0
(Keine bösartigen Objekte gefunden)

Infizierte Speichermodule: 0
(Keine bösartigen Objekte gefunden)

Infizierte Registrierungsschlüssel: 0
(Keine bösartigen Objekte gefunden)

Infizierte Registrierungswerte: 0
(Keine bösartigen Objekte gefunden)

Infizierte Dateiobjekte der Registrierung: 0
(Keine bösartigen Objekte gefunden)

Infizierte Verzeichnisse: 0
(Keine bösartigen Objekte gefunden)

Infizierte Dateien: 0
(Keine bösartigen Objekte gefunden)

(Ende)

Ich habe ein Problem mit dem ESET Scanner... kurz vor Ende erscheint die Fehlermeldung "Unexpected Error 2002"

Hatte schon einen 2ten Versuch gestartet.. keine Veränderung

11.03.2013, 16:00	#6
cosinus /// Winkelfunktion /// TB-Süch-Tiger™	Browser extrem langsam.. Mach bitte mit den anderen Tools weiter __________________ --> Browser extrem langsam..

Browser extrem langsam..

Log-Analyse und Auswertung: Browser extrem langsam..