TR / Agent.PBI und Mevade.A.95

Plage01 · 05.10.2013, 14:28

Hallo,
jetzt benötige ich Unterstützung für meinen eigenen PC. Seit heute gekomme ich folgende Meldungen:
ESET-Scan findet einen WIN32/Agent.PBI.trojan und Avira meldet ein verstecktes Objekt und Fund des TR/Mevade.A.95
Malwarebytes Quick Scan ist unauffällig.
Symptom ist sehr lange Antwortzeit beim Internetaufruf (ist jetzt abgedockt), während anderes Gerät einwandfrei tut.
Hier die Logfiles zu Avira, ESET und Malwarebytes:

AVIRA:#

Code:

ATTFilter

Avira Free Antivirus
Erstellungsdatum der Reportdatei: Samstag, 5. Oktober 2013  09:34


Das Programm läuft als uneingeschränkte Vollversion.
Online-Dienste stehen zur Verfügung.

Lizenznehmer   : Avira Free Antivirus
Seriennummer   : 0000149996-ADJIE-0000001
Plattform      : Windows Vista (TM) Home Premium
Windowsversion : (Service Pack 2)  [6.0.6002]
Boot Modus     : Normal gebootet
Benutzername   : SYSTEM
Computername   : TIEMANN-PC

Versionsinformationen:
BUILD.DAT      : 13.0.0.4052    55009 Bytes  29.08.2013 17:56:00
AVSCAN.EXE     : 13.6.20.2100   639032 Bytes  05.09.2013 19:02:06
AVSCANRC.DLL   : 13.6.20.2174    63032 Bytes  05.09.2013 19:02:06
LUKE.DLL       : 13.6.20.2174    65080 Bytes  05.09.2013 19:03:00
AVSCPLR.DLL    : 13.6.20.2174    92216 Bytes  05.09.2013 19:02:07
AVREG.DLL      : 13.6.20.2174   250424 Bytes  05.09.2013 19:02:04
avlode.dll     : 13.6.20.2174   497720 Bytes  05.09.2013 19:02:02
avlode.rdf     : 13.0.1.42      26846 Bytes  28.08.2013 15:53:11
VBASE000.VDF   : 7.11.70.0   66736640 Bytes  04.04.2013 15:30:40
VBASE001.VDF   : 7.11.74.226  2201600 Bytes  30.04.2013 11:49:18
VBASE002.VDF   : 7.11.80.60   2751488 Bytes  28.05.2013 15:42:47
VBASE003.VDF   : 7.11.85.214  2162688 Bytes  21.06.2013 16:07:22
VBASE004.VDF   : 7.11.91.176  3903488 Bytes  23.07.2013 13:26:00
VBASE005.VDF   : 7.11.98.186  6822912 Bytes  29.08.2013 11:09:24
VBASE006.VDF   : 7.11.103.230  2293248 Bytes  24.09.2013 15:08:39
VBASE007.VDF   : 7.11.103.231     2048 Bytes  24.09.2013 15:08:39
VBASE008.VDF   : 7.11.103.232     2048 Bytes  24.09.2013 15:08:40
VBASE009.VDF   : 7.11.103.233     2048 Bytes  24.09.2013 15:08:41
VBASE010.VDF   : 7.11.103.234     2048 Bytes  24.09.2013 15:08:42
VBASE011.VDF   : 7.11.103.235     2048 Bytes  24.09.2013 15:08:43
VBASE012.VDF   : 7.11.103.236     2048 Bytes  24.09.2013 15:08:44
VBASE013.VDF   : 7.11.103.237     2048 Bytes  24.09.2013 15:08:45
VBASE014.VDF   : 7.11.104.123   282112 Bytes  26.09.2013 16:08:23
VBASE015.VDF   : 7.11.104.237   359424 Bytes  28.09.2013 08:43:52
VBASE016.VDF   : 7.11.105.103   195072 Bytes  02.10.2013 17:49:26
VBASE017.VDF   : 7.11.105.104     2048 Bytes  02.10.2013 17:49:26
VBASE018.VDF   : 7.11.105.105     2048 Bytes  02.10.2013 17:49:26
VBASE019.VDF   : 7.11.105.106     2048 Bytes  02.10.2013 17:49:26
VBASE020.VDF   : 7.11.105.107     2048 Bytes  02.10.2013 17:49:26
VBASE021.VDF   : 7.11.105.108     2048 Bytes  02.10.2013 17:49:27
VBASE022.VDF   : 7.11.105.109     2048 Bytes  02.10.2013 17:49:27
VBASE023.VDF   : 7.11.105.110     2048 Bytes  02.10.2013 17:49:27
VBASE024.VDF   : 7.11.105.111     2048 Bytes  02.10.2013 17:49:27
VBASE025.VDF   : 7.11.105.112     2048 Bytes  02.10.2013 17:49:27
VBASE026.VDF   : 7.11.105.113     2048 Bytes  02.10.2013 17:49:27
VBASE027.VDF   : 7.11.105.114     2048 Bytes  02.10.2013 17:49:27
VBASE028.VDF   : 7.11.105.115     2048 Bytes  02.10.2013 17:49:27
VBASE029.VDF   : 7.11.105.116     2048 Bytes  02.10.2013 17:49:27
VBASE030.VDF   : 7.11.105.117     2048 Bytes  02.10.2013 17:49:27
VBASE031.VDF   : 7.11.105.212   491008 Bytes  04.10.2013 07:32:30
Engineversion  : 8.2.12.126
AEVDF.DLL      : 8.1.3.4       102774 Bytes  14.06.2013 13:49:49
AESCRIPT.DLL   : 8.1.4.154     512382 Bytes  02.10.2013 17:49:37
AESCN.DLL      : 8.1.10.4      131446 Bytes  26.03.2013 15:27:07
AESBX.DLL      : 8.2.16.26    1245560 Bytes  26.08.2013 07:44:43
AERDL.DLL      : 8.2.0.128     688504 Bytes  14.06.2013 13:49:48
AEPACK.DLL     : 8.3.2.30      749945 Bytes  02.10.2013 17:49:37
AEOFFICE.DLL   : 8.1.2.76      205181 Bytes  08.08.2013 15:50:47
AEHEUR.DLL     : 8.1.4.676    6201722 Bytes  02.10.2013 17:49:35
AEHELP.DLL     : 8.1.27.6      266617 Bytes  27.08.2013 16:26:55
AEGEN.DLL      : 8.1.7.14      446839 Bytes  06.09.2013 16:43:46
AEEXP.DLL      : 8.4.1.62      328055 Bytes  13.09.2013 10:02:58
AEEMU.DLL      : 8.1.3.2       393587 Bytes  10.07.2012 18:19:04
AECORE.DLL     : 8.1.32.0      201081 Bytes  26.08.2013 07:44:27
AEBB.DLL       : 8.1.1.4        53619 Bytes  05.11.2012 14:44:04
AVWINLL.DLL    : 13.6.20.2174    23608 Bytes  05.09.2013 19:01:47
AVPREF.DLL     : 13.6.20.2174    48184 Bytes  05.09.2013 19:02:03
AVREP.DLL      : 13.6.20.2174   175672 Bytes  05.09.2013 19:02:05
AVARKT.DLL     : 13.6.20.2174   258104 Bytes  05.09.2013 19:01:54
AVEVTLOG.DLL   : 13.6.20.2174   165432 Bytes  05.09.2013 19:01:59
SQLITE3.DLL    : 3.7.0.1       397704 Bytes  01.03.2013 16:11:07
AVSMTP.DLL     : 13.6.20.2174    60472 Bytes  05.09.2013 19:02:07
NETNT.DLL      : 13.6.20.2174    13368 Bytes  05.09.2013 19:03:01
RCIMAGE.DLL    : 13.6.20.2174  4786744 Bytes  05.09.2013 19:01:47
RCTEXT.DLL     : 13.6.20.2174    68152 Bytes  05.09.2013 19:01:47

Konfiguration für den aktuellen Suchlauf:
Job Name..............................: Vollständige Systemprüfung
Konfigurationsdatei...................: C:\program files\avira\antivir desktop\sysscan.avp
Protokollierung.......................: standard
Primäre Aktion........................: Interaktiv
Sekundäre Aktion......................: Ignorieren
Durchsuche Masterbootsektoren.........: ein
Durchsuche Bootsektoren...............: ein
Bootsektoren..........................: C:, 
Durchsuche aktive Programme...........: ein
Laufende Programme erweitert..........: ein
Durchsuche Registrierung..............: ein
Suche nach Rootkits...................: ein
Integritätsprüfung von Systemdateien..: aus
Prüfe alle Dateien....................: Alle Dateien
Durchsuche Archive....................: ein
Rekursionstiefe einschränken..........: 20
Archiv Smart Extensions...............: ein
Makrovirenheuristik...................: ein
Dateiheuristik........................: erweitert

Beginn des Suchlaufs: Samstag, 5. Oktober 2013  09:34

Der Suchlauf über die Masterbootsektoren wird begonnen:
Masterbootsektor HD0
    [INFO]      Es wurde kein Virus gefunden!

Der Suchlauf über die Bootsektoren wird begonnen:
Bootsektor 'C:\'
    [INFO]      Es wurde kein Virus gefunden!

Der Suchlauf nach versteckten Objekten wird begonnen.
Versteckter Treiber
  [HINWEIS]   Eine Speicherveränderung wurde entdeckt, die möglicherweise zur versteckten Dateizugriffen missbraucht werden könnte.

Der Suchlauf über gestartete Prozesse wird begonnen:
Durchsuche Prozess 'svchost.exe' - '30' Modul(e) wurden durchsucht
Durchsuche Prozess 'vssvc.exe' - '49' Modul(e) wurden durchsucht
Durchsuche Prozess 'avscan.exe' - '106' Modul(e) wurden durchsucht
Durchsuche Prozess 'avscan.exe' - '52' Modul(e) wurden durchsucht
Durchsuche Prozess 'avcenter.exe' - '74' Modul(e) wurden durchsucht
Durchsuche Prozess 'GoogleUpdate.exe' - '45' Modul(e) wurden durchsucht
Durchsuche Prozess 'svchost.exe' - '21' Modul(e) wurden durchsucht
Durchsuche Prozess 'iPodService.exe' - '30' Modul(e) wurden durchsucht
Durchsuche Prozess 'BrYNSvc.exe' - '41' Modul(e) wurden durchsucht
Durchsuche Prozess 'svchost.exe' - '64' Modul(e) wurden durchsucht
Durchsuche Prozess 'wmpnetwk.exe' - '90' Modul(e) wurden durchsucht
Durchsuche Prozess 'avshadow.exe' - '33' Modul(e) wurden durchsucht
Durchsuche Prozess 'ehmsas.exe' - '26' Modul(e) wurden durchsucht
Durchsuche Prozess 'brccMCtl.exe' - '72' Modul(e) wurden durchsucht
Durchsuche Prozess 'wmpnscfg.exe' - '29' Modul(e) wurden durchsucht
Durchsuche Prozess 'TVESched.exe' - '41' Modul(e) wurden durchsucht
Durchsuche Prozess 'ehtray.exe' - '29' Modul(e) wurden durchsucht
Durchsuche Prozess 'nvtray.exe' - '53' Modul(e) wurden durchsucht
Durchsuche Prozess 'wmdcBase.exe' - '35' Modul(e) wurden durchsucht
Durchsuche Prozess 'jusched.exe' - '23' Modul(e) wurden durchsucht
Durchsuche Prozess 'avgnt.exe' - '74' Modul(e) wurden durchsucht
Durchsuche Prozess 'iTunesHelper.exe' - '69' Modul(e) wurden durchsucht
Durchsuche Prozess 'BrStMonW.exe' - '42' Modul(e) wurden durchsucht
Durchsuche Prozess 'sm56hlpr.exe' - '27' Modul(e) wurden durchsucht
Durchsuche Prozess 'pptd40nt.exe' - '24' Modul(e) wurden durchsucht
Durchsuche Prozess 'PDVDServ.exe' - '22' Modul(e) wurden durchsucht
Durchsuche Prozess 'ModLEDKey.exe' - '13' Modul(e) wurden durchsucht
Durchsuche Prozess 'CNYHKey.exe' - '30' Modul(e) wurden durchsucht
Durchsuche Prozess 'Explorer.EXE' - '139' Modul(e) wurden durchsucht
Durchsuche Prozess 'Dwm.exe' - '32' Modul(e) wurden durchsucht
Durchsuche Prozess 'mbamgui.exe' - '33' Modul(e) wurden durchsucht
Durchsuche Prozess 'SearchIndexer.exe' - '64' Modul(e) wurden durchsucht
Durchsuche Prozess 'TVECapSvc.exe' - '109' Modul(e) wurden durchsucht
Durchsuche Prozess 'tor.exe' - '35' Modul(e) wurden durchsucht
Durchsuche Prozess 'svchost.exe' - '68' Modul(e) wurden durchsucht
Durchsuche Prozess 'RichVideo.exe' - '22' Modul(e) wurden durchsucht
Durchsuche Prozess 'PSIService.exe' - '26' Modul(e) wurden durchsucht
Durchsuche Prozess 'svchost.exe' - '44' Modul(e) wurden durchsucht
Durchsuche Prozess 'mbamservice.exe' - '43' Modul(e) wurden durchsucht
Durchsuche Prozess 'mbamscheduler.exe' - '32' Modul(e) wurden durchsucht
Durchsuche Prozess 'MemeoService.exe' - '63' Modul(e) wurden durchsucht
Durchsuche Prozess 'avguard.exe' - '95' Modul(e) wurden durchsucht
Durchsuche Prozess 'SASCORE.EXE' - '18' Modul(e) wurden durchsucht
Durchsuche Prozess 'svchost.exe' - '63' Modul(e) wurden durchsucht
Durchsuche Prozess 'sched.exe' - '55' Modul(e) wurden durchsucht
Durchsuche Prozess 'spoolsv.exe' - '83' Modul(e) wurden durchsucht
Durchsuche Prozess 'brss01a.exe' - '13' Modul(e) wurden durchsucht
Durchsuche Prozess 'brsvc01a.exe' - '13' Modul(e) wurden durchsucht
Durchsuche Prozess 'svchost.exe' - '86' Modul(e) wurden durchsucht
Durchsuche Prozess 'nvvsvc.exe' - '47' Modul(e) wurden durchsucht
Durchsuche Prozess 'nvxdsync.exe' - '47' Modul(e) wurden durchsucht
Durchsuche Prozess 'svchost.exe' - '85' Modul(e) wurden durchsucht
Durchsuche Prozess 'SLsvc.exe' - '23' Modul(e) wurden durchsucht
Durchsuche Prozess 'svchost.exe' - '37' Modul(e) wurden durchsucht
Durchsuche Prozess 'UMVPFSrv.exe' - '22' Modul(e) wurden durchsucht
Durchsuche Prozess 'svchost.exe' - '149' Modul(e) wurden durchsucht
Durchsuche Prozess 'svchost.exe' - '108' Modul(e) wurden durchsucht
Durchsuche Prozess 'svchost.exe' - '53' Modul(e) wurden durchsucht
Durchsuche Prozess 'svchost.exe' - '43' Modul(e) wurden durchsucht
Durchsuche Prozess 'nvvsvc.exe' - '36' Modul(e) wurden durchsucht
Durchsuche Prozess 'svchost.exe' - '40' Modul(e) wurden durchsucht
Durchsuche Prozess 'winlogon.exe' - '30' Modul(e) wurden durchsucht
Durchsuche Prozess 'lsm.exe' - '22' Modul(e) wurden durchsucht
Durchsuche Prozess 'lsass.exe' - '62' Modul(e) wurden durchsucht
Durchsuche Prozess 'services.exe' - '37' Modul(e) wurden durchsucht
Durchsuche Prozess 'csrss.exe' - '14' Modul(e) wurden durchsucht
Durchsuche Prozess 'wininit.exe' - '26' Modul(e) wurden durchsucht
Durchsuche Prozess 'csrss.exe' - '14' Modul(e) wurden durchsucht
Durchsuche Prozess 'smss.exe' - '2' Modul(e) wurden durchsucht

Der Suchlauf auf Verweise zu ausführbaren Dateien (Registry) wird begonnen:
Die Registry wurde durchsucht ( '3828' Dateien ).


Der Suchlauf über die ausgewählten Dateien wird begonnen:

Beginne mit der Suche in 'C:\'
C:\Windows\System32\config\systemprofile\AppData\Local\Windows Internet Name Service\wins.exe
  [FUND]      Ist das Trojanische Pferd TR/Mevade.A.95

Beginne mit der Desinfektion:
C:\Windows\System32\config\systemprofile\AppData\Local\Windows Internet Name Service\wins.exe
  [FUND]      Ist das Trojanische Pferd TR/Mevade.A.95
  [HINWEIS]   Die Datei wurde ins Quarantäneverzeichnis unter dem Namen '56f7a77e.qua' verschoben!


Ende des Suchlaufs: Samstag, 5. Oktober 2013  14:29
Benötigte Zeit:  4:52:46 Stunde(n)

Der Suchlauf wurde vollständig durchgeführt.

  36224 Verzeichnisse wurden überprüft
 862969 Dateien wurden geprüft
      1 Viren bzw. unerwünschte Programme wurden gefunden
      0 Dateien wurden als verdächtig eingestuft
      0 Dateien wurden gelöscht
      0 Viren bzw. unerwünschte Programme wurden repariert
      1 Dateien wurden in die Quarantäne verschoben
      0 Dateien wurden umbenannt
      0 Dateien konnten nicht durchsucht werden
 862968 Dateien ohne Befall
  10214 Archive wurden durchsucht
      0 Warnungen
      2 Hinweise
 788066 Objekte wurden beim Rootkitscan durchsucht
      1 Versteckte Objekte wurden gefunden

ESET-log:

Code:

ATTFilter

ESETSmartInstaller@High as CAB hook log:
OnlineScanner.ocx - registred OK
esets_scanner_update returned -1 esets_gle=12
# version=7
# iexplore.exe=9.00.8112.16421 (WIN7_IE9_RTM.110308-0330)
# OnlineScanner.ocx=1.0.0.6583
# api_version=3.0.2
# EOSSerial=18adf8db42edce48807f397ab627db95
# end=finished
# remove_checked=true
# archives_checked=false
# unwanted_checked=true
# unsafe_checked=false
# antistealth_checked=true
# utc_time=2012-05-19 03:47:34
# local_time=2012-05-19 05:47:34 (+0100, Mitteleuropäische Sommerzeit)
# country="Germany"
# lang=1031
# osver=6.0.6002 NT Service Pack 2
# compatibility_mode=1792 16777215 100 0 17958936 17958936 0 0
# compatibility_mode=5892 16776573 100 100 159920 174967881 0 0
# compatibility_mode=8192 67108863 100 0 496252 496252 0 0
# scanned=240372
# found=0
# cleaned=0
# scan_time=7301
ESETSmartInstaller@High as downloader log:
all ok
# version=8
# OnlineScannerApp.exe=1.0.0.1
# OnlineScanner.ocx=1.0.0.6920
# api_version=3.0.2
# EOSSerial=18adf8db42edce48807f397ab627db95
# engine=15353
# end=stopped
# remove_checked=false
# archives_checked=true
# unwanted_checked=false
# unsafe_checked=false
# antistealth_checked=true
# utc_time=2013-10-04 11:50:49
# local_time=2013-10-04 01:50:49 (+0100, Mitteleuropäische Sommerzeit)
# country="Germany"
# lang=1033
# osver=6.0.6002 NT Service Pack 2
# compatibility_mode=1799 16775165 100 97 12613 61411881 5385 0
# compatibility_mode=5892 16776574 100 100 2397757 218420177 0 0
# scanned=1041
# found=0
# cleaned=0
# scan_time=643
ESETSmartInstaller@High as downloader log:
all ok
esets_scanner_update returned -1 esets_gle=36886
ESETSmartInstaller@High as downloader log:
all ok
# version=8
# OnlineScannerApp.exe=1.0.0.1
# OnlineScanner.ocx=1.0.0.6920
# api_version=3.0.2
# EOSSerial=18adf8db42edce48807f397ab627db95
# engine=15359
# end=finished
# remove_checked=false
# archives_checked=true
# unwanted_checked=false
# unsafe_checked=false
# antistealth_checked=true
# utc_time=2013-10-04 07:46:34
# local_time=2013-10-04 09:46:34 (+0100, Mitteleuropäische Sommerzeit)
# country="Germany"
# lang=1033
# osver=6.0.6002 NT Service Pack 2
# compatibility_mode=1799 16775165 100 97 19565 61440426 12330 0
# compatibility_mode=5892 16776574 100 100 21633 218448722 0 0
# scanned=226843
# found=1
# cleaned=0
# scan_time=10039
sh=60E3E4227497AD83885E859903CB98D769ED9B9C ft=1 fh=c71c0011e1c26d8e vn="Win32/Agent.PBI trojan" ac=I fn="C:\Windows\System32\config\systemprofile\AppData\Local\Windows Internet Name Service\wins.exe"
ESETSmartInstaller@High as downloader log:
all ok
esets_scanner_update returned -1 esets_gle=36886
esets_scanner_update returned -1 esets_gle=36886
ESETSmartInstaller@High as downloader log:
all ok
esets_scanner_update returned -1 esets_gle=36886

und Malwarebytes quick scan:

Code:

ATTFilter

Malwarebytes Anti-Malware 1.75.0.1300
www.malwarebytes.org

Datenbank Version: v2013.10.04.05

Windows Vista Service Pack 2 x86 NTFS
Internet Explorer 9.0.8112.16421
Frank :: xxxxxxx-PC [Administrator]

05.10.2013 14:32:09
mbam-log-2013-10-05 (14-32-09).txt

Art des Suchlaufs: Quick-Scan
Aktivierte Suchlaufeinstellungen: Speicher | Autostart | Registrierung | Dateisystem | Heuristiks/Extra | HeuristiKs/Shuriken | PUP | PUM
Deaktivierte Suchlaufeinstellungen: P2P
Durchsuchte Objekte: 309053
Laufzeit: 8 Minute(n), 49 Sekunde(n)

Infizierte Speicherprozesse: 0
(Keine bösartigen Objekte gefunden)

Infizierte Speichermodule: 0
(Keine bösartigen Objekte gefunden)

Infizierte Registrierungsschlüssel: 0
(Keine bösartigen Objekte gefunden)

Infizierte Registrierungswerte: 0
(Keine bösartigen Objekte gefunden)

Infizierte Dateiobjekte der Registrierung: 0
(Keine bösartigen Objekte gefunden)

Infizierte Verzeichnisse: 0
(Keine bösartigen Objekte gefunden)

Infizierte Dateien: 0
(Keine bösartigen Objekte gefunden)

(Ende)

Auch JRT Junkware removal habe ich ablaufen lassen:

Code:

ATTFilter

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Junkware Removal Tool (JRT) by Thisisu
Version: 6.0.3 (09.27.2013:1)
OS: Windows Vista (TM) Home Premium x86
Ran by xxxxx on 05.10.2013 at  0:06:47,64
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~




~~~ Services



~~~ Registry Values



~~~ Registry Keys

Successfully deleted: [Registry Key] HKEY_CLASSES_ROOT\protector_dll.protectorbho
Successfully deleted: [Registry Key] HKEY_CLASSES_ROOT\protector_dll.protectorbho.1
Successfully deleted: [Registry Key] HKEY_CURRENT_USER\Software\smartbar
Successfully deleted: [Registry Key] HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\InternetRegistry\REGISTRY\USER\S-1-5-21-1415130864-2451929093-3127007980-1001\Software\SweetIM



~~~ Files



~~~ Folders



~~~ Event Viewer Logs were cleared





~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Scan was completed on 05.10.2013 at  0:10:18,48
End of JRT log
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

Vielen Dank für die Hilfe vorab schon mal.
Gruß
Frank

aharonov · 05.10.2013, 14:33

Hallo Frank,

mach bitte einen FRST-Scan wie folgt:

Downloade dir bitte Farbar Recovery Scan Tool 32-Bit und speichere es auf den Desktop.

Starte die FRST.exe.
Entferne unter "Whitelist" den Haken bei "Services".
Drücke dann auf Scan.
Wenn der Scan abgeschlossen ist, werden zwei Logfiles FRST.txt und Addition.txt erstellt und auf dem Desktop gespeichert.
Poste den Inhalt dieser beiden Logfiles bitte hier in deinen Thread.

Plage01 · 05.10.2013, 14:46

Hallo Leo,

wow, das geht wieder schnell. Ich habe den FRST-Scan, allerdings habe ich in der Eile den "Service"-Haken nicht abgewählt.
Hier die logs: FRST

FRST Logfile:

Code:

ATTFilter

Scan result of Farbar Recovery Scan Tool (FRST) (x86) Version: 03-10-2013
Ran by xxxxx (administrator) on xxxxxxx-PC on 05-10-2013 15:31:32
Running from C:\Users\xxxxx\Desktop
Microsoft® Windows Vista™ Home Premium  Service Pack 2 (X86) OS Language: German Standard
Internet Explorer Version 9
Boot Mode: Normal

==================== Processes (Whitelisted) ===================

(NVIDIA Corporation) C:\Windows\system32\nvvsvc.exe
(Logitech Inc.) C:\Program Files\Common Files\logishrd\LVMVFM\UMVPFSrv.exe
(Microsoft Corporation) C:\Windows\system32\SLsvc.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe
(NVIDIA Corporation) C:\Windows\system32\nvvsvc.exe
(brother Industries Ltd) C:\Windows\system32\brsvc01a.exe
(brother Industries Ltd) C:\Windows\system32\brss01a.exe
(Avira Operations GmbH & Co. KG) C:\Program Files\Avira\AntiVir Desktop\sched.exe
(SUPERAntiSpyware.com) C:\Program Files\SUPERAntiSpyware\SASCORE.EXE
(Avira Operations GmbH & Co. KG) C:\Program Files\Avira\AntiVir Desktop\avguard.exe
(Memeo) C:\Program Files\Memeo\AutoBackup\MemeoService.exe
(Malwarebytes Corporation) C:\Program Files\Malwarebytes' Anti-Malware\mbamscheduler.exe
(Malwarebytes Corporation) C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe
() C:\Windows\system32\PSIService.exe
() C:\Program Files\CyberLink\Shared Files\RichVideo.exe
() C:\Program Files\Tor\tor.exe
() C:\Program Files\CyberLink\TV Enhance\Kernel\TV\TVECapSvc.exe
() C:\Program Files\CyberLink\TV Enhance\Kernel\TV\TVESched.exe
(Malwarebytes Corporation) C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe
(Chicony) C:\Windows\CNYHKey.exe
(Chicony) C:\Windows\ModLEDKey.exe
(Cyberlink Corp.) C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe
(ScanSoft, Inc.) C:\Program Files\ScanSoft\PaperPort\pptd40nt.exe
(Motorola Inc.) C:\Program Files\Motorola\SMSERIAL\sm56hlpr.exe
(Brother Industries, Ltd.) C:\Program Files\Browny02\Brother\BrStMonW.exe
(Apple Inc.) C:\Program Files\iTunes\iTunesHelper.exe
(Avira Operations GmbH & Co. KG) C:\Program Files\Avira\AntiVir Desktop\avgnt.exe
(Oracle Corporation) C:\Program Files\Common Files\Java\Java Update\jusched.exe
(Microsoft Corporation) C:\Windows\WindowsMobile\wmdcBase.exe
(Microsoft Corporation) C:\Windows\ehome\ehtray.exe
(Microsoft Corporation) C:\Program Files\Windows Media Player\wmpnscfg.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvtray.exe
(Avira Operations GmbH & Co. KG) C:\Program Files\Avira\AntiVir Desktop\avshadow.exe
(Brother Industries, Ltd.) C:\Program Files\Brother\ControlCenter3\brccMCtl.exe
(Microsoft Corporation) C:\Windows\ehome\ehmsas.exe
(Brother Industries, Ltd.) C:\Program Files\Browny02\BrYNSvc.exe
(Apple Inc.) C:\Program Files\iPod\bin\iPodService.exe

==================== Registry (Whitelisted) ==================

HKLM\...\Run: [JMB36X IDE Setup] - C:\Windows\JM\JMInsIDE.exe [36864 2006-10-30] ()
HKLM\...\Run: [ledpointer] - C:\Windows\CNYHKey.exe [5585408 2006-11-09] (Chicony)
HKLM\...\Run: [MoLed] - C:\Windows\ModLEDKey.exe [53248 2006-11-09] (Chicony)
HKLM\...\Run: [RemoteControl] - C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe [69216 2006-12-06] (Cyberlink Corp.)
HKLM\...\Run: [LanguageShortcut] - C:\Program Files\CyberLink\PowerDVD\Language\Language.exe [54832 2006-12-05] ()
HKLM\...\Run: [PaperPort PTD] - C:\Program Files\ScanSoft\PaperPort\pptd40nt.exe [57393 2005-03-17] (ScanSoft, Inc.)
HKLM\...\Run: [IndexSearch] - C:\Program Files\ScanSoft\PaperPort\IndexSearch.exe [40960 2005-03-17] (ScanSoft, Inc.)
HKLM\...\Run: [SMSERIAL] - C:\Program Files\Motorola\SMSERIAL\sm56hlpr.exe [1458176 2009-10-26] (Motorola Inc.)
HKLM\...\Run: [APSDaemon] - C:\Program Files\Common Files\Apple\Apple Application Support\APSDaemon.exe [59280 2012-10-11] (Apple Inc.)
HKLM\...\Run: [ControlCenter3] - C:\Program Files\Brother\ControlCenter3\brctrcen.exe [114688 2008-12-24] (Brother Industries, Ltd.)
HKLM\...\Run: [BrStsMon00] - C:\Program Files\Browny02\Brother\BrStMonW.exe [2621440 2010-02-09] (Brother Industries, Ltd.)
HKLM\...\Run: [QuickTime Task] - C:\Program Files\QuickTime\QTTask.exe [421888 2012-10-25] (Apple Inc.)
HKLM\...\Run: [iTunesHelper] - C:\Program Files\iTunes\iTunesHelper.exe [421776 2012-09-10] (Apple Inc.)
HKLM\...\Run: [avgnt] - C:\Program Files\Avira\AntiVir Desktop\avgnt.exe [347192 2013-09-05] (Avira Operations GmbH & Co. KG)
HKLM\...\Run: [SunJavaUpdateSched] - C:\Program Files\Common Files\Java\Java Update\jusched.exe [253816 2013-03-12] (Oracle Corporation)
HKLM\...\Run: [Windows Mobile-based device management] - C:\Windows\WindowsMobile\wmdcBase.exe [648072 2007-05-31] (Microsoft Corporation)
Winlogon\Notify\!SASWinLogon: C:\Program Files\SUPERAntiSpyware\SASWINLO.DLL (SUPERAntiSpyware.com)
HKCU\...\Run: [ehTray.exe] - C:\Windows\ehome\ehTray.exe [125952 2008-01-19] (Microsoft Corporation)
HKCU\...\Run: [WMPNSCFG] - C:\Program Files\Windows Media Player\WMPNSCFG.exe [202240 2008-01-19] (Microsoft Corporation)
HKCU\...\Run: [swg] - C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe [68856 2008-08-02] (Google Inc.)
HKU\xxxxxxa\...\Run: [BullGuard] - "C:\Program Files\BullGuard Software\BullGuard\BullGuard.exe"
HKU\xxxxxxa\...\Run: [QuickTime Task] - C:\Program Files\QuickTime\qttask.exe [ 2012-10-25] (Apple Inc.)
HKU\xxxxxxa\...\Run: [ehTray.exe] - C:\Windows\ehome\ehTray.exe [ 2008-01-19] (Microsoft Corporation)
HKU\xxxxxxa\...\Run: [Insofta Document Backup] - "C:\Program Files\Insofta Document Backup\DocumentBackup.exe" /logon
HKU\xxxxxxa\...\Run: [updateMgr] - "C:\Program Files\Adobe\Acrobat 7.0\Reader\AdobeUpdateManager.exe" AcRdB7_0_9
HKU\xxxxxxa\...\Run: [swg] - C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe [ 2008-08-02] (Google Inc.)
HKU\xxxxxxa\...\Run: [EA Core] - C:\Program Files\Electronic Arts\EADM\Core.exe -silent
HKU\xxxxxxa\...\Run: [WMPNSCFG] - C:\Program Files\Windows Media Player\WMPNSCFG.exe [ 2008-01-19] (Microsoft Corporation)
HKU\xxxxxxa\...\Policies\system: [LogonHoursAction] 2
HKU\xxxxxxa\...\Policies\system: [DontDisplayLogonHoursWarnings] 1
HKU\xxxxxxb\...\Run: [BullGuard] - "C:\Program Files\BullGuard Software\BullGuard\BullGuard.exe"
HKU\xxxxxxb\...\Run: [QuickTime Task] - C:\Program Files\QuickTime\qttask.exe [ 2012-10-25] (Apple Inc.)
HKU\xxxxxxb\...\Run: [ehTray.exe] - C:\Windows\ehome\ehTray.exe [ 2008-01-19] (Microsoft Corporation)
HKU\xxxxxxb\...\Run: [WMPNSCFG] - C:\Program Files\Windows Media Player\WMPNSCFG.exe [ 2008-01-19] (Microsoft Corporation)
HKU\xxxxxxb\...\Run: [Insofta Document Backup] - "C:\Program Files\Insofta Document Backup\DocumentBackup.exe" /logon
HKU\xxxxxxb\...\Run: [updateMgr] - "C:\Program Files\Adobe\Acrobat 7.0\Reader\AdobeUpdateManager.exe" AcRdB7_0_9
HKU\xxxxxxb\...\Run: [swg] - C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe [ 2008-08-02] (Google Inc.)
HKU\xxxxxxb\...\Run: [ICQ] - 榤矔
HKU\xxxxxxb\...\Policies\system: [LogonHoursAction] 2
HKU\xxxxxxb\...\Policies\system: [DontDisplayLogonHoursWarnings] 1
HKU\Default\...\Run: [WindowsWelcomeCenter] - rundll32.exe oobefldr.dll,ShowWelcomeCenter
HKU\xxxxx_User\...\Run: [QuickTime Task] - C:\Program Files\QuickTime\qttask.exe [ 2012-10-25] (Apple Inc.)
HKU\xxxxx_User\...\Run: [ehTray.exe] - C:\Windows\ehome\ehTray.exe [ 2008-01-19] (Microsoft Corporation)
HKU\xxxxx_User\...\Run: [Insofta Document Backup] - "C:\Program Files\Insofta Document Backup\DocumentBackup.exe" /logon
HKU\xxxxx_User\...\Run: [updateMgr] - "C:\Program Files\Adobe\Acrobat 7.0\Reader\AdobeUpdateManager.exe" AcRdB7_0_9
HKU\xxxxx_User\...\Run: [swg] - C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe [ 2008-08-02] (Google Inc.)
HKU\xxxxx_User\...\Run: [EA Core] - C:\Program Files\Electronic Arts\EADM\Core.exe -silent
HKU\xxxxx_User\...\Policies\system: [LogonHoursAction] 2
HKU\xxxxx_User\...\Policies\system: [DontDisplayLogonHoursWarnings] 1
HKU\UpdatusUser\...\Run: [WindowsWelcomeCenter] - rundll32.exe oobefldr.dll,ShowWelcomeCenter
Startup: C:\Users\xxxxxxa\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\DSL-Manager.lnk
ShortcutTarget: DSL-Manager.lnk ->  (No File)
Startup: C:\Users\xxxxxxb\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\DSL-Manager.lnk
ShortcutTarget: DSL-Manager.lnk -> C:\Program Files\T-Online\DSL-Manager\DslMgr.exe (T-Systems Enterprise Services GmbH)
Startup: C:\Users\Default\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\DSL-Manager.lnk
ShortcutTarget: DSL-Manager.lnk -> C:\Program Files\T-Online\DSL-Manager\DslMgr.exe (T-Systems Enterprise Services GmbH)
Startup: C:\Users\Default\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\T-Online DSL-Manager.lnk
ShortcutTarget: T-Online DSL-Manager.lnk -> C:\Program Files\T-Online\DSL-Manager\TODslMgr.exe (No File)
Startup: C:\Users\Default User\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\DSL-Manager.lnk
ShortcutTarget: DSL-Manager.lnk -> C:\Program Files\T-Online\DSL-Manager\DslMgr.exe (T-Systems Enterprise Services GmbH)
Startup: C:\Users\Default User\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\T-Online DSL-Manager.lnk
ShortcutTarget: T-Online DSL-Manager.lnk -> C:\Program Files\T-Online\DSL-Manager\TODslMgr.exe (No File)
Startup: C:\Users\xxxxx_User\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\DSL-Manager.lnk
ShortcutTarget: DSL-Manager.lnk -> C:\Program Files\T-Online\DSL-Manager\DslMgr.exe (T-Systems Enterprise Services GmbH)
Startup: C:\Users\UpdatusUser\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\DSL-Manager.lnk
ShortcutTarget: DSL-Manager.lnk -> C:\Program Files\T-Online\DSL-Manager\DslMgr.exe (T-Systems Enterprise Services GmbH)
Startup: C:\Users\UpdatusUser\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\T-Online DSL-Manager.lnk
ShortcutTarget: T-Online DSL-Manager.lnk -> C:\Program Files\T-Online\DSL-Manager\TODslMgr.exe (No File)

==================== Internet (Whitelisted) ====================

HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.focus.de/
BHO: IE7Pro BHO - {00011268-E188-40DF-A514-835FCD78B1BF} - C:\Program Files\IEPro\iepro.dll (IE7Pro.com)
BHO: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre7\bin\ssv.dll (Oracle Corporation)
BHO: Windows Live ID-Anmelde-Hilfsprogramm - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll No File
BHO: WOT Helper - {C920E44A-7F78-4E64-BDD7-A57026E7FEB7} - C:\Program Files\WOT\WOT.dll ()
BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
Toolbar: HKLM - Grab Pro - {C55BBCD6-41AD-48AD-9953-3609C48EACC7} - C:\Program Files\IEPro\IEProRecorder.dll ()
Toolbar: HKLM - WOT - {71576546-354D-41c9-AAE8-31F2EC22BF0D} - C:\Program Files\WOT\WOT.dll ()
Toolbar: HKCU -WOT - {71576546-354D-41C9-AAE8-31F2EC22BF0D} - C:\Program Files\WOT\WOT.dll ()
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.7.0/jinstall-1_7_0_09-windows-i586.cab
DPF: {CAFEEFAC-0017-0000-0009-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.7.0/jinstall-1_7_0_09-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.7.0/jinstall-1_7_0_09-windows-i586.cab
Handler: fluxhttp\0x00000007 - {8E2D00A0-82C6-4821-90BC-07F290841BB6} - C:\Program Files\Common Files\fluxDVD\Lib\XEB\xebnavigation.ax No File
Handler: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL (Skype Technologies)
Handler: wot - {C2A44D6B-CB9F-4663-88A6-DF2F26E4D952} - C:\Program Files\WOT\WOT.dll ()
ShellExecuteHooks: SABShellExecuteHook Class - {5AE067D3-9AFB-48E0-853A-EBB7F4A000DA} - C:\Program Files\SUPERAntiSpyware\SASSEH.DLL [113024 2011-07-19] (SuperAdBlocker.com)
Winsock: Catalog9 01 C:\Windows\system32\wpclsp.dll [72192] (Microsoft Corporation)
Winsock: Catalog9 02 C:\Windows\system32\wpclsp.dll [72192] (Microsoft Corporation)
Winsock: Catalog9 03 C:\Windows\system32\wpclsp.dll [72192] (Microsoft Corporation)
Winsock: Catalog9 04 C:\Windows\system32\wpclsp.dll [72192] (Microsoft Corporation)
Winsock: Catalog9 11 C:\Windows\system32\wpclsp.dll [72192] (Microsoft Corporation)
Tcpip\Parameters: [DhcpNameServer] 192.168.2.1

Chrome: 
=======
CHR Extension: (Google Drive) - C:\Users\xxxxx\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf\6.2_0
CHR Extension: (YouTube) - C:\Users\xxxxx\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo\4.2.5_0
CHR Extension: (Google Search) - C:\Users\xxxxx\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf\0.0.0.19_0
CHR Extension: (Gmail) - C:\Users\xxxxx\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia\7_0

========================== Services (Whitelisted) =================

R2 !SASCORE; C:\Program Files\SUPERAntiSpyware\SASCORE.EXE [116608 2011-08-12] (SUPERAntiSpyware.com)
R2 AntiVirSchedulerService; C:\Program Files\Avira\AntiVir Desktop\sched.exe [84024 2013-09-05] (Avira Operations GmbH & Co. KG)
R2 AntiVirService; C:\Program Files\Avira\AntiVir Desktop\avguard.exe [108088 2013-09-05] (Avira Operations GmbH & Co. KG)
S4 bgsvcgen; C:\Windows\System32\bgsvcgen.exe [145504 2007-06-15] (B.H.A Corporation)
R2 BMUService; C:\Program Files\Memeo\AutoBackup\MemeoService.exe [31768 2007-04-07] (Memeo)
R2 Brother XP spl Service; C:\Windows\system32\brsvc01a.exe [57344 2002-04-11] (brother Industries Ltd)
R3 BrYNSvc; C:\Program Files\Browny02\BrYNSvc.exe [245760 2010-01-25] (Brother Industries, Ltd.)
S2 CheckStage2_svc; C:\Windows\CheckStage2.exe [462848 2007-03-12] ()
S4 ClipInc001; C:\Program Files\Tobit ClipInc\Server\ClipInc-Server.exe [1064960 2007-12-20] ()
R2 MBAMScheduler; C:\Program Files\Malwarebytes' Anti-Malware\mbamscheduler.exe [418376 2013-04-04] (Malwarebytes Corporation)
R2 MBAMService; C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe [701512 2013-04-04] (Malwarebytes Corporation)
R2 ProtexisLicensing; C:\Windows\system32\PSIService.exe [174656 2006-11-02] ()
R2 RichVideo; C:\Program Files\CyberLink\Shared Files\RichVideo.exe [272024 2006-12-19] ()
S3 TDslMgrService; C:\Program Files\T-Online\DSL-Manager\DslMgrSvc.exe [294912 2007-11-26] (T-Systems Enterprise Services GmbH)
R2 tor; C:\Program Files\Tor\tor.exe [3233806 2013-09-09] ()
R2 TVECapSvc; C:\Program Files\CyberLink\TV Enhance\Kernel\TV\TVECapSvc.exe [299093 2007-05-08] ()
R2 TVESched; C:\Program Files\CyberLink\TV Enhance\Kernel\TV\TVESched.exe [127059 2007-05-08] ()
R2 UMVPFSrv; C:\Program Files\Common Files\logishrd\LVMVFM\UMVPFSrv.exe [450848 2012-01-18] (Logitech Inc.)
S2 ACDaemon; C:\Program Files\Common Files\ArcSoft\Connection Service\Bin\ACService.exe [x]
S3 IDriverT; "C:\Program Files\Common Files\InstallShield\Driver\1150\Intel 32\IDriverT.exe" [x]
S2 LightScribeService; "C:\Program Files\Common Files\LightScribe\LSSrvc.exe" [x]
S4 NMIndexingService; "C:\Program Files\Common Files\Ahead\Lib\NMIndexingService.exe" [x]
S2 wlidsvc; "C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE" [x]

==================== Drivers (Whitelisted) ====================

R3 3xHybrid; C:\Windows\System32\DRIVERS\3xHybrid.sys [2814080 2006-10-27] (ASUSTeK)
R3 Afc; C:\Windows\System32\drivers\Afc.sys [18688 2006-11-10] (Arcsoft, Inc.)
R2 atksgt; C:\Windows\System32\DRIVERS\atksgt.sys [281760 2009-06-27] ()
R2 avgntflt; C:\Windows\System32\DRIVERS\avgntflt.sys [88840 2013-09-05] (Avira Operations GmbH & Co. KG)
R1 avipbb; C:\Windows\System32\DRIVERS\avipbb.sys [136672 2013-09-05] (Avira Operations GmbH & Co. KG)
R1 avkmgr; C:\Windows\System32\DRIVERS\avkmgr.sys [37352 2013-03-28] (Avira Operations GmbH & Co. KG)
R1 cdrbsdrv; C:\Windows\System32\Drivers\cdrbsdrv.sys [33408 2006-02-20] (B.H.A Corporation)
R0 CLFS; C:\Windows\System32\CLFS.sys [245736 2009-04-11] (Microsoft Corporation)
R1 DslMNLwf; C:\Windows\System32\DRIVERS\dslmnlwf.sys [16448 2007-08-01] (T-Systems Enterprise Services GmbH)
S3 dsltestSp5; C:\Windows\System32\Drivers\dsltestSp5.sys [26816 2007-09-12] (Printing Communications Assoc., Inc. (PCAUSA))
R0 JGOGO; C:\Windows\System32\DRIVERS\JGOGO.sys [6912 2006-02-07] (JMicron )
R0 JRAID; C:\Windows\System32\DRIVERS\jraid.sys [43648 2006-10-30] (JMicron Technology Corp.)
R2 lirsgt; C:\Windows\System32\DRIVERS\lirsgt.sys [25888 2009-06-27] ()
S3 LVPr2Mon; C:\Windows\System32\DRIVERS\LVPr2Mon.sys [25824 2010-05-07] ()
R3 MBAMProtector; C:\Windows\system32\drivers\mbam.sys [22856 2013-04-04] (Malwarebytes Corporation)
R1 SASDIFSV; C:\Program Files\SUPERAntiSpyware\SASDIFSV.SYS [12880 2011-07-22] (SUPERAdBlocker.com and SUPERAntiSpyware.com)
R1 SASKUTIL; C:\Program Files\SUPERAntiSpyware\SASKUTIL.SYS [67664 2011-07-12] (SUPERAdBlocker.com and SUPERAntiSpyware.com)
R0 sfdrv01a; C:\Windows\System32\drivers\sfdrv01a.sys [63352 2006-07-05] (Protection Technology (StarForce))
R0 sfsync04; C:\Windows\System32\drivers\sfsync04.sys [59776 2006-08-11] (Protection Technology (StarForce))
R1 SSHDRV86; C:\Windows\system32\drivers\SSHDRV86.sys [81408 2007-06-22] ()
R1 ssmdrv; C:\Windows\System32\DRIVERS\ssmdrv.sys [28520 2013-03-01] (Avira GmbH)
S3 wanatw; C:\Windows\System32\DRIVERS\wanatw4.sys [33588 2006-11-01] (America Online, Inc.)
U5 AppMgmt; C:\Windows\system32\svchost.exe [21504 2008-01-19] (Microsoft Corporation)
S4 blbdrive; \SystemRoot\system32\drivers\blbdrive.sys [x]
S3 IpInIp; system32\DRIVERS\ipinip.sys [x]
S3 NwlnkFlt; system32\DRIVERS\nwlnkflt.sys [x]
S3 NwlnkFwd; system32\DRIVERS\nwlnkfwd.sys [x]

==================== NetSvcs (Whitelisted) ===================


==================== One Month Created Files and Folders ========

2013-10-05 15:30 - 2013-10-05 15:30 - 00000000 ____D C:\FRST
2013-10-05 15:17 - 2013-10-05 15:15 - 01087213 _____ (Farbar) C:\Users\xxxxx\Desktop\FRST.exe
2013-10-05 15:16 - 2013-10-05 15:16 - 00000000 ____D C:\Users\xxxxx\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\CyberLink PowerDVD
2013-10-05 09:32 - 2013-10-05 14:41 - 00000000 ____D C:\Users\xxxxx\Desktop\Trojaner
2013-10-05 00:06 - 2013-10-05 00:06 - 00000000 ____D C:\Windows\ERUNT
2013-10-04 18:51 - 2013-10-04 18:52 - 00000000 ____D C:\Users\xxxxx\AppData\Roaming\Foxit Software
2013-10-04 18:51 - 2013-10-04 18:51 - 00000000 ____D C:\Program Files\Foxit Software
2013-10-04 18:51 - 2013-06-09 21:59 - 00216064 _____ C:\Windows\system32\gcapi_dll.dll
2013-10-04 18:18 - 2013-10-04 18:18 - 00454373 _____ C:\Users\xxxxx\Downloads\pdf
2013-10-04 16:43 - 2013-10-04 16:43 - 00000000 ____D C:\Program Files\WOT
2013-10-04 15:47 - 2013-07-31 12:30 - 12335104 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll
2013-10-04 15:47 - 2013-07-31 12:05 - 09738752 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll
2013-10-04 15:47 - 2013-07-31 12:00 - 01800704 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll
2013-10-04 15:47 - 2013-07-31 11:53 - 01104896 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll
2013-10-04 15:47 - 2013-07-31 11:52 - 01427968 _____ (Microsoft Corporation) C:\Windows\system32\inetcpl.cpl
2013-10-04 15:47 - 2013-07-31 11:52 - 01129472 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll
2013-10-04 15:47 - 2013-07-31 11:51 - 00231936 _____ (Microsoft Corporation) C:\Windows\system32\url.dll
2013-10-04 15:47 - 2013-07-31 11:49 - 00065024 _____ (Microsoft Corporation) C:\Windows\system32\jsproxy.dll
2013-10-04 15:47 - 2013-07-31 11:48 - 00717824 _____ (Microsoft Corporation) C:\Windows\system32\jscript.dll
2013-10-04 15:47 - 2013-07-31 11:48 - 00420864 _____ (Microsoft Corporation) C:\Windows\system32\vbscript.dll
2013-10-04 15:47 - 2013-07-31 11:48 - 00142848 _____ (Microsoft Corporation) C:\Windows\system32\ieUnatt.exe
2013-10-04 15:47 - 2013-07-31 11:47 - 00607744 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll
2013-10-04 15:47 - 2013-07-31 11:46 - 01796096 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll
2013-10-04 15:47 - 2013-07-31 11:45 - 02382848 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb
2013-10-04 15:47 - 2013-07-31 11:45 - 00073216 _____ (Microsoft Corporation) C:\Windows\system32\mshtmled.dll
2013-10-04 15:47 - 2013-07-31 11:42 - 00176640 _____ (Microsoft Corporation) C:\Windows\system32\ieui.dll
2013-10-04 15:27 - 2013-08-08 03:45 - 02049536 _____ (Microsoft Corporation) C:\Windows\system32\win32k.sys
2013-10-04 15:27 - 2013-07-16 06:35 - 00615936 _____ (Microsoft Corporation) C:\Windows\system32\themeui.dll
2013-10-04 15:13 - 2013-10-04 15:13 - 00000000 _____ C:\Windows\win.ini.INI
2013-10-04 12:52 - 2013-10-04 12:52 - 00000000 ____D C:\Users\xxxxx_User\Desktop\Virensuche
2013-10-04 12:44 - 2013-10-04 12:44 - 00000000 ____D C:\Users\xxxxx_User\AppData\Roaming\Malwarebytes
2013-10-04 12:40 - 2013-10-04 12:55 - 00000000 ____D C:\Users\xxxxx_User\AppData\Roaming\MiniDm
2013-10-04 12:39 - 2013-10-04 12:39 - 00000000 ____D C:\Users\xxxxx_User\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\CyberLink PowerDVD
2013-09-17 17:38 - 2013-09-17 17:39 - 00000000 ____D C:\Users\xxxxxxa\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\CyberLink PowerDVD
2013-09-06 19:50 - 2013-10-04 15:37 - 00000000 ____D C:\Windows\system32\MRT
2013-09-06 19:25 - 2013-07-05 06:53 - 00905664 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\tcpip.sys
2013-09-06 19:25 - 2013-06-15 15:22 - 00015872 _____ (Microsoft Corporation) C:\Windows\system32\icaapi.dll
2013-09-06 19:25 - 2013-06-15 13:23 - 00024064 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\tssecsrv.sys
2013-09-06 19:24 - 2013-07-17 21:41 - 00002048 _____ (Microsoft Corporation) C:\Windows\system32\tzres.dll
2013-09-06 19:24 - 2013-07-09 14:10 - 01205168 _____ (Microsoft Corporation) C:\Windows\system32\ntdll.dll
2013-09-06 19:24 - 2013-07-08 06:55 - 03603904 _____ (Microsoft Corporation) C:\Windows\system32\ntkrnlpa.exe
2013-09-06 19:24 - 2013-07-08 06:55 - 03551680 _____ (Microsoft Corporation) C:\Windows\system32\ntoskrnl.exe
2013-09-06 19:24 - 2013-04-24 06:00 - 00041984 _____ (Microsoft Corporation) C:\Windows\system32\certenc.dll
2013-09-06 19:24 - 2013-04-24 03:46 - 00812544 _____ (Microsoft Corporation) C:\Windows\system32\certutil.exe
2013-09-06 19:24 - 2013-04-17 14:30 - 00024576 _____ (Microsoft Corporation) C:\Windows\system32\cryptdlg.dll
2013-09-06 19:24 - 2013-04-17 13:28 - 01029120 _____ (Microsoft Corporation) C:\Windows\system32\d3d10.dll
2013-09-06 19:24 - 2013-04-17 13:28 - 00219648 _____ (Microsoft Corporation) C:\Windows\system32\d3d10_1core.dll
2013-09-06 19:24 - 2013-04-17 13:28 - 00189952 _____ (Microsoft Corporation) C:\Windows\system32\d3d10core.dll
2013-09-06 19:24 - 2013-04-17 13:28 - 00160768 _____ (Microsoft Corporation) C:\Windows\system32\d3d10_1.dll
2013-09-06 19:24 - 2013-04-17 12:34 - 01172480 _____ (Microsoft Corporation) C:\Windows\system32\d3d10warp.dll
2013-09-06 19:24 - 2013-04-17 12:33 - 00486400 _____ (Microsoft Corporation) C:\Windows\system32\d3d10level9.dll
2013-09-06 19:24 - 2013-04-17 12:14 - 00683008 _____ (Microsoft Corporation) C:\Windows\system32\d2d1.dll
2013-09-06 19:24 - 2013-04-17 12:10 - 01069056 _____ (Microsoft Corporation) C:\Windows\system32\DWrite.dll
2013-09-06 19:24 - 2013-04-17 12:10 - 00798208 _____ (Microsoft Corporation) C:\Windows\system32\FntCache.dll
2013-09-06 19:23 - 2013-08-02 06:09 - 01548288 _____ (Microsoft Corporation) C:\Windows\system32\WMVDECOD.DLL
2013-09-06 19:23 - 2013-07-10 11:47 - 00783360 _____ (Microsoft Corporation) C:\Windows\system32\rpcrt4.dll
2013-09-06 19:23 - 2013-07-08 06:20 - 00172544 _____ (Microsoft Corporation) C:\Windows\system32\wintrust.dll
2013-09-06 19:23 - 2013-07-08 06:16 - 00992768 _____ (Microsoft Corporation) C:\Windows\system32\crypt32.dll
2013-09-06 19:23 - 2013-07-08 06:16 - 00133120 _____ (Microsoft Corporation) C:\Windows\system32\cryptsvc.dll
2013-09-06 19:23 - 2013-07-08 06:16 - 00098304 _____ (Microsoft Corporation) C:\Windows\system32\cryptnet.dll
2013-09-06 19:23 - 2013-06-01 06:06 - 00505344 _____ (Microsoft Corporation) C:\Windows\system32\qedit.dll
2013-09-06 19:23 - 2013-05-02 06:04 - 00443904 _____ (Microsoft Corporation) C:\Windows\system32\win32spl.dll
2013-09-06 19:23 - 2013-05-02 06:03 - 00037376 _____ (Microsoft Corporation) C:\Windows\system32\printcom.dll
2013-09-06 19:23 - 2013-04-15 16:20 - 00638328 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\dxgkrnl.sys
2013-09-06 19:23 - 2013-04-13 12:56 - 00037376 _____ (Microsoft Corporation) C:\Windows\system32\cdd.dll
2013-09-06 19:05 - 2013-10-04 13:29 - 00000000 ____D C:\AdwCleaner
2013-09-06 18:44 - 2013-09-06 18:44 - 96334488 _____ C:\Windows\system32\黸皩ᴼ

==================== One Month Modified Files and Folders =======

2013-10-05 15:31 - 2006-11-02 14:47 - 00003296 _____ C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0
2013-10-05 15:31 - 2006-11-02 14:47 - 00003296 _____ C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0
2013-10-05 15:30 - 2013-10-05 15:30 - 00000000 ____D C:\FRST
2013-10-05 15:20 - 2006-11-02 12:33 - 01483864 _____ C:\Windows\system32\PerfStringBackup.INI
2013-10-05 15:19 - 2007-04-10 11:58 - 01345386 _____ C:\Windows\WindowsUpdate.log
2013-10-05 15:16 - 2013-10-05 15:16 - 00000000 ____D C:\Users\xxxxx\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\CyberLink PowerDVD
2013-10-05 15:16 - 2007-04-30 16:05 - 00639184 _____ C:\Windows\system32\CheckStage2.log
2013-10-05 15:15 - 2013-10-05 15:17 - 01087213 _____ (Farbar) C:\Users\xxxxx\Desktop\FRST.exe
2013-10-05 14:43 - 2007-07-23 19:57 - 00002695 _____ C:\Users\xxxxx\Desktop\Microsoft Office Outlook 2007.lnk
2013-10-05 14:41 - 2013-10-05 09:32 - 00000000 ____D C:\Users\xxxxx\Desktop\Trojaner
2013-10-05 09:30 - 2007-04-30 13:53 - 00177346 _____ C:\Windows\PFRO.log
2013-10-05 00:06 - 2013-10-05 00:06 - 00000000 ____D C:\Windows\ERUNT
2013-10-04 18:52 - 2013-10-04 18:51 - 00000000 ____D C:\Users\xxxxx\AppData\Roaming\Foxit Software
2013-10-04 18:51 - 2013-10-04 18:51 - 00000000 ____D C:\Program Files\Foxit Software
2013-10-04 18:43 - 2007-06-10 14:49 - 00000000 ____D C:\Users\xxxxx\AppData\Local\Adobe
2013-10-04 18:42 - 2011-11-26 14:32 - 00000000 ____D C:\ProgramData\Adobe
2013-10-04 18:42 - 2011-11-26 14:32 - 00000000 ____D C:\Program Files\Common Files\Adobe
2013-10-04 18:18 - 2013-10-04 18:18 - 00454373 _____ C:\Users\xxxxx\Downloads\pdf
2013-10-04 17:22 - 2007-06-26 17:34 - 00000000 ____D C:\Users\xxxxx\Documents\Geld
2013-10-04 16:43 - 2013-10-04 16:43 - 00000000 ____D C:\Program Files\WOT
2013-10-04 15:53 - 2006-11-02 14:47 - 00359672 _____ C:\Windows\system32\FNTCACHE.DAT
2013-10-04 15:48 - 2007-06-29 18:57 - 00000000 ____D C:\ProgramData\Microsoft Help
2013-10-04 15:37 - 2013-09-06 19:50 - 00000000 ____D C:\Windows\system32\MRT
2013-10-04 15:34 - 2006-11-02 12:24 - 76725432 _____ (Microsoft Corporation) C:\Windows\system32\mrt.exe
2013-10-04 15:20 - 2006-11-02 17:31 - 00000000 ____D C:\Windows\WindowsMobile
2013-10-04 15:13 - 2013-10-04 15:13 - 00000000 _____ C:\Windows\win.ini.INI
2013-10-04 15:08 - 2008-08-02 11:00 - 00000000 ____D C:\ProgramData\Google
2013-10-04 15:08 - 2007-11-05 22:13 - 00000000 ____D C:\Program Files\Google
2013-10-04 15:08 - 2007-06-13 21:49 - 00000000 ____D C:\Users\xxxxx\AppData\Local\Google
2013-10-04 15:07 - 2009-07-17 21:16 - 00000974 _____ C:\Windows\Tasks\Google Software Updater.job
2013-10-04 15:07 - 2008-08-02 11:00 - 00000000 ____D C:\ProgramData\Google Updater
2013-10-04 13:29 - 2013-09-06 19:05 - 00000000 ____D C:\AdwCleaner
2013-10-04 12:55 - 2013-10-04 12:40 - 00000000 ____D C:\Users\xxxxx_User\AppData\Roaming\MiniDm
2013-10-04 12:52 - 2013-10-04 12:52 - 00000000 ____D C:\Users\xxxxx_User\Desktop\Virensuche
2013-10-04 12:44 - 2013-10-04 12:44 - 00000000 ____D C:\Users\xxxxx_User\AppData\Roaming\Malwarebytes
2013-10-04 12:43 - 2012-05-13 18:31 - 00000000 ____D C:\Program Files\Malwarebytes' Anti-Malware
2013-10-04 12:39 - 2013-10-04 12:39 - 00000000 ____D C:\Users\xxxxx_User\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\CyberLink PowerDVD
2013-09-29 17:11 - 2012-11-09 18:23 - 00000000 ____D C:\Users\xxxxx\Citrix
2013-09-27 18:39 - 2007-06-26 17:41 - 00000000 ____D C:\Users\Public\Documents\Korrespondenz
2013-09-26 18:37 - 2007-06-26 17:35 - 00000000 ____D C:\Users\xxxxx\Documents\Kredit_neu
2013-09-26 18:36 - 2012-02-29 18:41 - 00000000 ____D C:\Users\xxxxx\Documents\Hauskauf xxxxxx
2013-09-22 11:51 - 2007-06-10 15:12 - 00042496 _____ C:\Users\xxxxx\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
2013-09-17 17:39 - 2013-09-17 17:38 - 00000000 ____D C:\Users\xxxxxxa\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\CyberLink PowerDVD
2013-09-17 17:39 - 2007-08-23 16:13 - 00002695 _____ C:\Users\xxxxxxa\Desktop\Outlook.lnk
2013-09-08 14:05 - 2006-11-02 13:18 - 00000000 ____D C:\Windows\Microsoft.NET
2013-09-06 20:02 - 2009-12-11 13:21 - 00000000 ____D C:\Program Files\Microsoft Silverlight
2013-09-06 19:59 - 2006-11-02 14:37 - 00000000 ____D C:\Windows\system32\XPSViewer
2013-09-06 19:59 - 2006-11-02 14:37 - 00000000 ____D C:\Program Files\Windows Journal
2013-09-06 19:59 - 2006-11-02 13:18 - 00000000 ____D C:\Windows\system32\de-DE
2013-09-06 19:07 - 2013-06-30 13:34 - 00000857 _____ C:\Users\xxxxx\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Search.lnk
2013-09-06 18:44 - 2013-09-06 18:44 - 96334488 _____ C:\Windows\system32\黸皩ᴼ
2013-09-06 18:42 - 2011-01-08 21:14 - 00001092 _____ C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
2013-09-06 18:41 - 2006-11-02 15:01 - 00000006 ____H C:\Windows\Tasks\SA.DAT
2013-09-05 22:39 - 2006-11-02 15:01 - 00032554 _____ C:\Windows\Tasks\SCHEDLGU.TXT
2013-09-05 22:19 - 2011-01-08 21:14 - 00001096 _____ C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
2013-09-05 22:11 - 2012-05-31 11:51 - 00000884 _____ C:\Windows\Tasks\Adobe Flash Player Updater.job
2013-09-05 21:03 - 2013-03-02 11:28 - 00136672 _____ (Avira Operations GmbH & Co. KG) C:\Windows\system32\Drivers\avipbb.sys
2013-09-05 21:03 - 2013-03-02 11:28 - 00088840 _____ (Avira Operations GmbH & Co. KG) C:\Windows\system32\Drivers\avgntflt.sys

Files to move or delete:
====================
C:\Users\xxxxx\CTX.DAT


Some content of TEMP:
====================
C:\Users\xxxxxxa\AppData\Local\temp\AskSLib.dll
C:\Users\xxxxx\AppData\Local\temp\drm_dyndata_7400009.dll
C:\Users\xxxxx\AppData\Local\temp\_is254C.exe
C:\Users\xxxxx\AppData\Local\temp\_isCFA.exe


==================== Bamital & volsnap Check =================

C:\Windows\explorer.exe => MD5 is legit
C:\Windows\System32\winlogon.exe => MD5 is legit
C:\Windows\System32\wininit.exe => MD5 is legit
C:\Windows\System32\svchost.exe => MD5 is legit
C:\Windows\System32\services.exe => MD5 is legit
C:\Windows\System32\User32.dll => MD5 is legit
C:\Windows\System32\userinit.exe => MD5 is legit
C:\Windows\System32\Drivers\volsnap.sys => MD5 is legit


LastRegBack: 2013-10-05 15:22

==================== End Of Log ============================

--- --- ---

und die addition.txt:

Code:

ATTFilter

Additional scan result of Farbar Recovery Scan Tool (x86) Version: 03-10-2013
Ran by Frank at 2013-10-05 15:32:14
Running from C:\Users\xxxxx\Desktop
Boot Mode: Normal
==========================================================


==================== Security Center ========================

AV: Avira Desktop (Enabled - Up to date) {F67B4DE5-C0B4-6C3F-0EFF-6C83BD5D0C2C}
AS: Avira Desktop (Enabled - Up to date) {4D1AAC01-E68E-63B1-344F-57F1C6DA4691}
AS: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}

==================== Installed Programs ======================

 Update for Microsoft Office 2007 (KB2508958)
7-Zip 9.20
Adobe Flash Player 11 ActiveX (Version: 11.7.700.224)
Adobe Shockwave Player 11.6 (Version: 11.6.3.633)
ANNO 1404 - Venedig (Version: 2.0.5008.0)
Anno 1404 (Version: 1.00.0000)
ANNO 1404 (Version: 1.02.0000)
Anno 1701 - Der Fluch des Drachen (Version: 2.03)
Anno 1701 (Version: 1.00)
Apple Application Support (Version: 2.3)
Apple Mobile Device Support (Version: 6.0.0.59)
Apple Software Update (Version: 2.1.3.127)
ArcSoft Software Suite (Version: 1.0)
Atheros AR5007 Wireless LAN - USB
Avira Free Antivirus (Version: 13.0.0.4052)
Brother MFL-Pro Suite DCP-J315W (Version: 1.0.3.0)
CameraHelperMsi (Version: 13.25.1010.0)
CheckStage2 Version 1.0  (Version: Version 1.0)
ClipInc. 
Corel Paint Shop Pro X (Version: 10.01)
Corel Photo Album 6 (Version: 6.40)
CPUID CPU-Z 1.58
DEUTSCHLAND SPIELT GAME CENTER
DHTML Editing Component (Version: 6.02.0001)
DivX Codec
Doctris Deluxe
Documents To Go Desktop for iPhone (Version: 2.0000.006)
DSL-Manager
EA Download Manager (Version: 4.0.0.462)
ESET Online Scanner v3
Exact Audio Copy 0.99pb4 (Version: 0.99pb4)
Foxit Reader (Version: 6.0.6.722)
Free MP4 Video Converter version 5.0.25.610 (Version: 5.0.25.610)
Free Video to iPad Converter version 5.0.24.422 (Version: 5.0.24.422)
Google Chrome (Version: 30.0.1599.69)
Google Earth (Version: 5.2.0.5932)
Google Earth Plug-in (Version: 7.1.1.1888)
Google Updater (Version: 2.4.2432.1652)
Hardcopy (Version: 2012.08.01)
iCloud (Version: 2.0.2.187)
IE7Pro (Version: 2.5.0)
ifolor Designer (Version: 3.2.8.0)
ifolor Gestaltungs-Vorlagen (Version: 2.5.12.22)
IPIX ActiveX Viewer
IPIX Netscape Plugin Viewer
IPIX Viewer
iTunes (Version: 10.7.0.21)
Java 7 Update 25 (Version: 7.0.250)
Java Auto Updater (Version: 2.1.9.5)
JMB36X Raid Configurer (Version: 1.00.0000)
K-Lite Codec Pack 6.4.0 (Standard) (Version: 6.4.0)
LetsTrade Komponenten
LIDL Fotoservice
LightScribe  1.4.124.1 (Version: 1.4.124.1)
Logitech Vid (Version: 1.70.1044)
LWS Facebook (Version: 13.20.1166.0)
LWS Gallery (Version: 13.20.1166.0)
LWS Help_main (Version: 13.25.1016.0)
LWS Launcher (Version: 13.20.1166.0)
LWS Motion Detection (Version: 13.20.1176.0)
LWS Pictures And Video (Version: 13.25.1010.0)
LWS Twitter (Version: 13.20.1166.0)
LWS Video Mask Maker (Version: 13.10.1216.0)
LWS VideoEffects (Version: 13.25.1005.0)
LWS Webcam Software (Version: 13.20.1168.0)
LWS WLM Plugin (Version: 1.20.1166.0)
LWS YouTube Plugin (Version: 13.20.1166.0)
Malwarebytes Anti-Malware Version 1.75.0.1300 (Version: 1.75.0.1300)
MCE Software Encoder 1.1 (Version: 1.1.0.1207)
MediaProSoft Free Mobile Media Converter 5.2.1
Megamind
Memeo AutoBackup (HKCU Version: 2.00.1451)
Memeo AutoBackup (Version: 2.00.1451)
Microsoft .NET Framework 1.1 (Version: 1.1.4322)
Microsoft .NET Framework 1.1 German Language Pack (Version: 1.1.4322)
Microsoft .NET Framework 1.1 Security Update (KB2698023)
Microsoft .NET Framework 1.1 Security Update (KB2833941)
Microsoft .NET Framework 3.5 Language Pack SP1 - DEU
Microsoft .NET Framework 3.5 Language Pack SP1 - deu (Version: 3.5.30729)
Microsoft .NET Framework 3.5 SP1
Microsoft .NET Framework 3.5 SP1 (Version: 3.5.30729)
Microsoft .NET Framework 4 Client Profile (Version: 4.0.30319)
Microsoft .NET Framework 4 Client Profile DEU Language Pack (Version: 4.0.30319)
Microsoft Age of Empires Gold
Microsoft Application Error Reporting (Version: 12.0.6012.5000)
Microsoft Choice Guard (Version: 2.0.48.0)
Microsoft Office 2007 Service Pack 3 (SP3)
Microsoft Office Excel MUI (German) 2007 (Version: 12.0.6612.1000)
Microsoft Office File Validation Add-In (Version: 14.0.5130.5003)
Microsoft Office Live Add-in 1.5 (Version: 2.0.4024.1)
Microsoft Office Outlook Connector (Version: 12.0.6423.1000)
Microsoft Office Outlook MUI (German) 2007 (Version: 12.0.6612.1000)
Microsoft Office PowerPoint MUI (German) 2007 (Version: 12.0.6612.1000)
Microsoft Office Proof (English) 2007 (Version: 12.0.6612.1000)
Microsoft Office Proof (French) 2007 (Version: 12.0.6612.1000)
Microsoft Office Proof (German) 2007 (Version: 12.0.6612.1000)
Microsoft Office Proof (Italian) 2007 (Version: 12.0.6612.1000)
Microsoft Office Proofing (German) 2007 (Version: 12.0.4518.1014)
Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
Microsoft Office Shared MUI (German) 2007 (Version: 12.0.6612.1000)
Microsoft Office Standard 2007 (Version: 12.0.6612.1000)
Microsoft Office Word MUI (German) 2007 (Version: 12.0.6612.1000)
Microsoft Silverlight (Version: 5.1.20513.0)
Microsoft SQL Server 2005 Compact Edition [ENU] (Version: 3.1.0000)
Microsoft SQL Server Compact 3.5 SP1 English (Version: 3.5.5692.0)
Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053 (Version: 8.0.50727.4053)
Microsoft Visual C++ 2005 Redistributable (Version: 8.0.61001)
Microsoft Visual C++ 2008 ATL Update kb973924 - x86 9.0.30729.4148 (Version: 9.0.30729.4148)
Microsoft Visual C++ 2008 Redistributable - KB2467174 - x86 9.0.30729.5570 (Version: 9.0.30729.5570)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729 (Version: 9.0.30729)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (Version: 9.0.30729)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (Version: 9.0.30729.4148)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (Version: 9.0.30729.6161)
Microsoft Visual C++ 2010  x86 Redistributable - 10.0.40219 (Version: 10.0.40219)
Microsoft Visual J# .NET Redistributable Package 1.1 (Version: 1.1.4322)
MobileMe Control Panel (Version: 2.6.0.29)
Moorhuhn Remake (Version: 1.00.0000)
Motorola SM56 Speakerphone Modem (Version: 6.12.25.06)
MSVCRT (Version: 14.0.1468.721)
MSXML 4.0 SP2 (KB927978) (Version: 4.20.9841.0)
MSXML 4.0 SP2 (KB936181) (Version: 4.20.9848.0)
MSXML 4.0 SP2 (KB941833) (Version: 4.20.9849.0)
MSXML 4.0 SP2 (KB954430) (Version: 4.20.9870.0)
MSXML 4.0 SP2 (KB973688) (Version: 4.20.9876.0)
MSXML 4.0 SP2 Parser and SDK (Version: 4.20.9818.0)
MSXML4 Parser (Version: 1.0.0)
neroxml (Version: 1.0.0)
NVIDIA Display Control Panel (Version: 6.14.12.5896)
NVIDIA Drivers (Version: 1.10.62.40)
NVIDIA Grafiktreiber 311.06 (Version: 311.06)
NVIDIA Install Application (Version: 2.1002.108.688)
NVIDIA Systemsteuerung 311.06 (Version: 311.06)
NVIDIA Update 1.11.3 (Version: 1.11.3)
NVIDIA Update Components (Version: 1.11.3)
NVIDIA VISTA Kiosk (Version: 1.0.0)
Octava SD4 (Version: 5.01)
Office-Bibliothek 4.1
OGA Notifier 2.0.0048.0 (Version: 2.0.0048.0)
Opera 11.10 (Version: 11.10.2092)
PaperPort (Version: 9.02.0823)
Phonetik (Version: 1.0.0)
PHOTOfunSTUDIO 4.0 HD Edition (Version: 4.00.262)
PhotoNow! 1.0
PowerDirector
PowerDVD (Version: 7.0.2707.0)
PPMate Network TV 2.0.0.40 (Version: 2.0.0.40)
PVSonyDll (Version: 1.00.0001)
QuickTime (Version: 7.73.80.64)
Rechtschreibkorrektur für den ifolor Designer (Version: 2.4.22.582)
RTC Client API v1.2 (Version: 1.2.0000)
Safari (Version: 5.34.57.2)
Schmidt Interaktivspaß Doppelkopf
Sibelius Scorch (ActiveX Only) (Version: 6.2.0)
SILKYPIX Developer Studio 3.0 SE (Version: 3)
Skype Click to Call (Version: 5.9.9216)
Skype™ 5.10 (Version: 5.10.116)
SoundMAX (Version: 6.10.1.6140)
SPORE™ Süß & Schrecklich Ergänzungs-Pack (Version: 1.00.0000)
SUPERAntiSpyware (Version: 5.0.1150)
swMSM (Version: 12.0.0.1)
Targa VFD Display (Version: 1.0.0)
Tinypic 3.18 (Version: Tinypic 3.18)
TomTom HOME (Version: 2.9.5)
TomTom HOME Visual Studio Merge Modules (Version: 1.0.2)
TV Enhance (Version: 1.0.4108)
Ulead Drop Spot 1.0 (Version: 1.0)
Ulead Photo Explorer 8.0 (Version: 8.0)
Ulead PhotoImpact XL (Version: 8.5)
Update for 2007 Microsoft Office System (KB967642)
Update for Microsoft .NET Framework 3.5 SP1 (KB2836940) (Version: 1)
Update for Microsoft .NET Framework 3.5 SP1 (KB963707) (Version: 1)
Update for Microsoft .NET Framework 4 Client Profile (KB2468871) (Version: 1)
Update for Microsoft .NET Framework 4 Client Profile (KB2533523) (Version: 1)
Update for Microsoft .NET Framework 4 Client Profile (KB2600217) (Version: 1)
Update for Microsoft .NET Framework 4 Client Profile (KB2836939) (Version: 1)
Update for Microsoft Office 2007 suites (KB2596620) 32-Bit Edition
Update for Microsoft Office 2007 suites (KB2596660) 32-Bit Edition
Update for Microsoft Office 2007 suites (KB2596848) 32-Bit Edition
Update for Microsoft Office 2007 suites (KB2687493) 32-Bit Edition
Update for Microsoft Office 2007 suites (KB2767849) 32-Bit Edition
Update for Microsoft Office 2007 suites (KB2767916) 32-Bit Edition
Update for Microsoft Office Outlook 2007 (KB2687404) 32-Bit Edition
Update for Microsoft Office Outlook 2007 Junk Email Filter (KB2825641) 32-Bit Edition
Update für Microsoft Office Excel 2007 Help (KB963678)
Update für Microsoft Office Outlook 2007 Help (KB963677)
Update für Microsoft Office Powerpoint 2007 Help (KB963669)
Update für Microsoft Office Word 2007 Help (KB963665)
USB Wireless Keyboard Driver (Version: V1.1)
Videoload Manager 1.0.1545 (Version: 1.0.1545)
VLC media player 2.0.6 (Version: 2.0.6)
Waldmeister Sause XXL
Wildlife Park 2 (Version: 1.24)
Windows Live Communications Platform (Version: 14.0.8117.416)
Windows Live Essentials (Version: 14.0.8117.0416)
Windows Live Essentials (Version: 14.0.8117.416)
Windows Live Fotogalerie (Version: 14.0.8117.416)
Windows Live ID-Anmelde-Assistent (Version: 6.500.3165.0)
Windows Live Sync (Version: 14.0.8117.416)
Windows Live-Uploadtool (Version: 14.0.8014.1029)
WinRAR 4.11 (32-Bit) (Version: 4.11.0)
WISO Mein Geld 2013 Standard
WISO Mein Geld 2013 Standard (Version: 15.0.0.1)
WISO Steuer-Sparbuch 2011 (Version: 18.00.6928)
WISO Steuer-Sparbuch 2012 (Version: 19.00.7303)
WISO Steuer-Sparbuch 2013 (HKCU Version: 20.03.8202)
WordPerfect Office X3 (Version: 13.1)
WOT for Internet Explorer (Version: 13.9.2.0)
Yahoo Community Smartbar (Version: 1.51.66.11081)
Yahoo Community Smartbar Engine (HKCU Version: 1.51.66.11081)

==================== Restore Points  =========================

06-09-2013 17:27:38 Windows Update
06-09-2013 18:13:39 Windows Update
06-09-2013 18:19:14 Windows Update
04-10-2013 11:03:16 Removed Bonjour
04-10-2013 13:10:19 Removed Adobe Reader X (10.1.8) - Deutsch.
04-10-2013 13:15:30 Removed Yahoo Community Smartbar
04-10-2013 13:16:40 Removed Windows Mobile-Gerätecenter
04-10-2013 13:19:47 Removed Windows Mobile-Gerätecenter: Treiberupdate
04-10-2013 13:26:32 Entfernt SPORE™ Süß & Schrecklich Ergänzungs-Pack
04-10-2013 13:33:53 Windows Update
04-10-2013 14:42:42 Installed WOT for Internet Explorer

==================== Hosts content: ==========================

2012-05-26 08:51 - 2012-05-28 18:01 - 00000027 ____A C:\Windows\system32\Drivers\etc\hosts
127.0.0.1       localhost

==================== Scheduled Tasks (whitelisted) =============

Task: {00C14607-2A9F-4F75-9DE5-DC4DF0BFE5E4} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files\Google\Update\GoogleUpdate.exe [2011-01-08] (Google Inc.)
Task: {0410F10B-5388-472E-A5CB-A7B54BB24013} - System32\Tasks\hcdll2_ex_Win32 => C:\Program Files\Hardcopy\hcdll2_ex_Win32.exe [2012-07-05] ()
Task: {056639BE-6C30-402B-9C20-9760D53B9F91} - System32\Tasks\Google Software Updater => C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe [2013-10-04] (Google)
Task: {11E37A00-B888-470B-ACE5-CD4E6E987813} - System32\Tasks\Adobe Flash Player Updater => C:\Windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe
Task: {1CC81347-6204-4B83-900C-01E02F50F067} - System32\Tasks\Microsoft\Windows\MobilePC\TMM
Task: {3BCDF251-CA5C-4045-A1FC-8FCEF9FBDC93} - System32\Tasks\Microsoft\Windows\Shell\CrawlStartPages
Task: {44980BEE-7809-44A9-AC24-D6E578A3B7DF} - System32\Tasks\Microsoft\Windows\RAC\RACAgent => C:\Windows\system32\RacAgent.exe [2008-01-19] (Microsoft Corporation)
Task: {9859D8E6-32A5-4882-AE5D-F536797FAAD8} - System32\Tasks\AdobeFlashPlayerUpdate 2 => C:\Windows\system32\FlashPlayerUpdateService.exe
Task: {9BA6F872-F04E-4AE7-BF8D-C35706DF8709} - System32\Tasks\AdobeFlashPlayerUpdate => C:\Windows\system32\FlashPlayerUpdateService.exe
Task: {9FA924A3-FCFD-4F44-9749-E8AEA1EAB985} - System32\Tasks\Microsoft\Windows\NetworkAccessProtection\NAPStatus UI
Task: {AE332D70-E88E-4D53-B9F9-C6645C094432} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files\Google\Update\GoogleUpdate.exe [2011-01-08] (Google Inc.)
Task: {C3033860-FE1C-4F89-9F56-125DFBF58592} - System32\Tasks\{F254DEDD-47F8-4CA8-AD15-245A75038689} => C:\Program Files\Skype\\Phone\Skype.exe [2012-07-13] (Skype Technologies S.A.)
Task: {E0792863-C811-4CC6-A588-C7B013A7870F} - System32\Tasks\Apple\AppleSoftwareUpdate => C:\Program Files\Apple Software Update\SoftwareUpdate.exe [2011-06-01] (Apple Inc.)
Task: {E2606FEF-8FF5-4376-957E-FC68672D01B9} - System32\Tasks\CreateChoiceProcessTask => C:\Windows\System32\browserchoice.exe [2010-02-12] (Microsoft Corporation)
Task: {E5150B95-F9B4-4D5D-95A2-7EC1ACBA95F8} - System32\Tasks\Microsoft\Windows\Wireless\GatherWirelessInfo => C:\Windows\system32\gatherWirelessInfo.vbs [2008-01-05] ()
Task: C:\Windows\Tasks\Adobe Flash Player Updater.job => C:\Windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe
Task: C:\Windows\Tasks\Google Software Updater.job => C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files\Google\Update\GoogleUpdate.exe

==================== Loaded Modules (whitelisted) =============

2012-05-29 11:26 - 2012-02-17 20:55 - 00166912 _____ () C:\Program Files\WinRAR\rarext.dll
2007-04-30 10:35 - 2002-09-26 03:07 - 00005120 _____ () C:\Windows\HKCYDLL.dll
2007-04-30 10:35 - 2003-06-16 20:13 - 00049152 _____ () C:\Windows\CNYUSB.dll
2012-10-30 20:46 - 2009-02-27 17:38 - 00139264 ____R () C:\Program Files\Brother\BrUtilities\BrLogAPI.dll
2011-09-27 08:23 - 2011-09-27 08:23 - 00087912 _____ () C:\Program Files\Common Files\Apple\Apple Application Support\zlib1.dll
2011-09-27 08:22 - 2011-09-27 08:22 - 01242472 _____ () C:\Program Files\Common Files\Apple\Apple Application Support\libxml2.dll

==================== Alternate Data Streams (whitelisted) =========


==================== Safe Mode (whitelisted) ===================


==================== Faulty Device Manager Devices =============


==================== Event log errors: =========================

Application errors:
==================
Error: (10/05/2013 03:33:05 PM) (Source: Brother BrLog) (User: )
Description: STI BrtSTI: [2013/10/05 15:33:05.374]: [00002100]: GetDeviceIpAddress: GetAddressByName [BRW00809282C38C] Error

Error: (10/05/2013 03:33:05 PM) (Source: Brother BrLog) (User: )
Description: STI BrtSTI: [2013/10/05 15:33:05.131]: [00002100]: GetDeviceIpAddress: GetAddressByName [BRW00809282C38C] Error

Error: (10/05/2013 03:32:35 PM) (Source: Brother BrLog) (User: )
Description: STI BrtSTI: [2013/10/05 15:32:35.350]: [00002100]: GetDeviceIpAddress: GetAddressByName [BRW00809282C38C] Error

Error: (10/05/2013 03:32:35 PM) (Source: Brother BrLog) (User: )
Description: STI BrtSTI: [2013/10/05 15:32:35.107]: [00002100]: GetDeviceIpAddress: GetAddressByName [BRW00809282C38C] Error

Error: (10/05/2013 03:32:05 PM) (Source: Brother BrLog) (User: )
Description: STI BrtSTI: [2013/10/05 15:32:05.328]: [00002100]: GetDeviceIpAddress: GetAddressByName [BRW00809282C38C] Error

Error: (10/05/2013 03:32:05 PM) (Source: Brother BrLog) (User: )
Description: STI BrtSTI: [2013/10/05 15:32:05.085]: [00002100]: GetDeviceIpAddress: GetAddressByName [BRW00809282C38C] Error

Error: (10/05/2013 03:31:35 PM) (Source: Brother BrLog) (User: )
Description: STI BrtSTI: [2013/10/05 15:31:35.287]: [00002100]: GetDeviceIpAddress: GetAddressByName [BRW00809282C38C] Error

Error: (10/05/2013 03:31:35 PM) (Source: Brother BrLog) (User: )
Description: STI BrtSTI: [2013/10/05 15:31:35.064]: [00002100]: GetDeviceIpAddress: GetAddressByName [BRW00809282C38C] Error

Error: (10/05/2013 03:31:05 PM) (Source: Brother BrLog) (User: )
Description: STI BrtSTI: [2013/10/05 15:31:05.264]: [00002100]: GetDeviceIpAddress: GetAddressByName [BRW00809282C38C] Error

Error: (10/05/2013 03:31:05 PM) (Source: Brother BrLog) (User: )
Description: STI BrtSTI: [2013/10/05 15:31:05.040]: [00002100]: GetDeviceIpAddress: GetAddressByName [BRW00809282C38C] Error


System errors:
=============
Error: (10/05/2013 03:19:02 PM) (Source: Service Control Manager) (User: )
Description: NVIDIA Update Service Daemon%%1069

Error: (10/05/2013 03:19:02 PM) (Source: Service Control Manager) (User: )
Description: nvUpdatusService.\UpdatusUser%%1330

Error: (10/05/2013 03:17:00 PM) (Source: Service Control Manager) (User: )
Description: i8042prt

Error: (10/05/2013 03:17:00 PM) (Source: Service Control Manager) (User: )
Description: Windows Live ID Sign-in Assistant%%2

Error: (10/05/2013 03:05:57 PM) (Source: DCOM) (User: )
Description: {73C9DFA0-750D-11E1-B0C4-0800200C9A66}

Error: (10/05/2013 03:03:13 PM) (Source: Service Control Manager) (User: )
Description: NVIDIA Update Service Daemon%%1069

Error: (10/05/2013 03:03:13 PM) (Source: Service Control Manager) (User: )
Description: nvUpdatusService.\UpdatusUser%%1330

Error: (10/05/2013 03:01:16 PM) (Source: Service Control Manager) (User: )
Description: Windows Live ID Sign-in Assistant%%2

Error: (10/05/2013 02:50:32 PM) (Source: Service Control Manager) (User: )
Description: NVIDIA Update Service Daemon%%1069

Error: (10/05/2013 02:50:32 PM) (Source: Service Control Manager) (User: )
Description: nvUpdatusService.\UpdatusUser%%1330


Microsoft Office Sessions:
=========================
Error: (07/15/2013 07:22:28 PM) (Source: Microsoft Office 12 Sessions)(User: )
Description: ID: 0, Application Name: Microsoft Office Word, Application Version: 12.0.6668.5000, Microsoft Office Version: 12.0.6612.1000. This session lasted 98 seconds with 60 seconds of active time.  This session ended with a crash.

Error: (06/23/2013 00:45:01 PM) (Source: Microsoft Office 12 Sessions)(User: )
Description: ID: 0, Application Name: Microsoft Office Word, Application Version: 12.0.6668.5000, Microsoft Office Version: 12.0.6612.1000. This session lasted 115 seconds with 60 seconds of active time.  This session ended with a crash.

Error: (04/03/2013 00:42:11 PM) (Source: Microsoft Office 12 Sessions)(User: )
Description: ID: 1, Application Name: Microsoft Office Excel, Application Version: 12.0.6665.5003, Microsoft Office Version: 12.0.6612.1000. This session lasted 154 seconds with 120 seconds of active time.  This session ended with a crash.

Error: (02/14/2013 04:18:11 PM) (Source: Microsoft Office 12 Sessions)(User: )
Description: ID: 0, Application Name: Microsoft Office Word, Application Version: 12.0.6668.5000, Microsoft Office Version: 12.0.6612.1000. This session lasted 1011 seconds with 900 seconds of active time.  This session ended with a crash.

Error: (02/14/2013 03:47:46 PM) (Source: Microsoft Office 12 Sessions)(User: )
Description: ID: 0, Application Name: Microsoft Office Word, Application Version: 12.0.6668.5000, Microsoft Office Version: 12.0.6612.1000. This session lasted 23 seconds with 0 seconds of active time.  This session ended with a crash.

Error: (02/14/2013 03:47:06 PM) (Source: Microsoft Office 12 Sessions)(User: )
Description: ID: 0, Application Name: Microsoft Office Word, Application Version: 12.0.6668.5000, Microsoft Office Version: 12.0.6612.1000. This session lasted 623 seconds with 480 seconds of active time.  This session ended with a crash.

Error: (02/03/2013 09:29:15 PM) (Source: Microsoft Office 12 Sessions)(User: )
Description: ID: 0, Application Name: Microsoft Office Word, Application Version: 12.0.6668.5000, Microsoft Office Version: 12.0.6612.1000. This session lasted 336 seconds with 300 seconds of active time.  This session ended with a crash.

Error: (01/29/2013 08:54:25 PM) (Source: Microsoft Office 12 Sessions)(User: )
Description: ID: 6, Application Name: Microsoft Office Outlook, Application Version: 12.0.6665.5003, Microsoft Office Version: 12.0.6612.1000. This session lasted 774 seconds with 240 seconds of active time.  This session ended with a crash.

Error: (01/29/2013 08:49:36 PM) (Source: Microsoft Office 12 Sessions)(User: )
Description: ID: 3, Application Name: Microsoft Office PowerPoint, Application Version: 12.0.6600.1000, Microsoft Office Version: 12.0.6612.1000. This session lasted 161 seconds with 120 seconds of active time.  This session ended with a crash.

Error: (01/11/2013 08:05:30 PM) (Source: Microsoft Office 12 Sessions)(User: )
Description: ID: 0, Application Name: Microsoft Office Word, Application Version: 12.0.6668.5000, Microsoft Office Version: 12.0.6612.1000. This session lasted 97 seconds with 60 seconds of active time.  This session ended with a crash.


CodeIntegrity Errors:
===================================
  Date: 2013-07-22 21:32:27.080
  Description: Die Abbildintegrität der Datei "\Device\HarddiskVolume1\Windows\System32\msiltcfg.dll" konnte nicht überprüft werden, da der Satz seitenbezogener Abbildhashes auf dem System nicht gefunden wurde.

  Date: 2013-07-22 21:30:47.430
  Description: Die Abbildintegrität der Datei "\Device\HarddiskVolume1\Windows\System32\msiltcfg.dll" konnte nicht überprüft werden, da der Satz seitenbezogener Abbildhashes auf dem System nicht gefunden wurde.

  Date: 2013-07-03 00:01:44.427
  Description: Die Abbildintegrität der Datei "\Device\HarddiskVolume1\Windows\winsxs\x86_microsoft-windows-tcpip-binaries_31bf3856ad364e35_6.0.6001.22713_none_b39feb737f8937a0\tcpip.sys" konnte nicht überprüft werden, da der Satz seitenbezogener Abbildhashes auf dem System nicht gefunden wurde.

  Date: 2013-07-03 00:01:43.951
  Description: Die Abbildintegrität der Datei "\Device\HarddiskVolume1\Windows\winsxs\x86_microsoft-windows-tcpip-binaries_31bf3856ad364e35_6.0.6001.22713_none_b39feb737f8937a0\tcpip.sys" konnte nicht überprüft werden, da der Satz seitenbezogener Abbildhashes auf dem System nicht gefunden wurde.

  Date: 2013-07-03 00:01:43.467
  Description: Die Abbildintegrität der Datei "\Device\HarddiskVolume1\Windows\winsxs\x86_microsoft-windows-tcpip-binaries_31bf3856ad364e35_6.0.6001.22713_none_b39feb737f8937a0\tcpip.sys" konnte nicht überprüft werden, da der Satz seitenbezogener Abbildhashes auf dem System nicht gefunden wurde.

  Date: 2013-07-03 00:01:42.988
  Description: Die Abbildintegrität der Datei "\Device\HarddiskVolume1\Windows\winsxs\x86_microsoft-windows-tcpip-binaries_31bf3856ad364e35_6.0.6001.22713_none_b39feb737f8937a0\tcpip.sys" konnte nicht überprüft werden, da der Satz seitenbezogener Abbildhashes auf dem System nicht gefunden wurde.

  Date: 2013-07-03 00:01:42.510
  Description: Die Abbildintegrität der Datei "\Device\HarddiskVolume1\Windows\winsxs\x86_microsoft-windows-tcpip-binaries_31bf3856ad364e35_6.0.6001.22713_none_b39feb737f8937a0\tcpip.sys" konnte nicht überprüft werden, da der Satz seitenbezogener Abbildhashes auf dem System nicht gefunden wurde.

  Date: 2013-07-03 00:01:42.029
  Description: Die Abbildintegrität der Datei "\Device\HarddiskVolume1\Windows\winsxs\x86_microsoft-windows-tcpip-binaries_31bf3856ad364e35_6.0.6001.22713_none_b39feb737f8937a0\tcpip.sys" konnte nicht überprüft werden, da der Satz seitenbezogener Abbildhashes auf dem System nicht gefunden wurde.

  Date: 2013-07-03 00:01:41.487
  Description: Die Abbildintegrität der Datei "\Device\HarddiskVolume1\Windows\winsxs\x86_microsoft-windows-tcpip-binaries_31bf3856ad364e35_6.0.6001.22636_none_b38d4a937f96be60\tcpip.sys" konnte nicht überprüft werden, da der Satz seitenbezogener Abbildhashes auf dem System nicht gefunden wurde.

  Date: 2013-07-03 00:01:41.009
  Description: Die Abbildintegrität der Datei "\Device\HarddiskVolume1\Windows\winsxs\x86_microsoft-windows-tcpip-binaries_31bf3856ad364e35_6.0.6001.22636_none_b38d4a937f96be60\tcpip.sys" konnte nicht überprüft werden, da der Satz seitenbezogener Abbildhashes auf dem System nicht gefunden wurde.


==================== Memory info =========================== 

Percentage of memory in use: 34%
Total physical RAM: 3069.57 MB
Available physical RAM: 2023.93 MB
Total Pagefile: 6375.61 MB
Available Pagefile: 5114.7 MB
Total Virtual: 2047.88 MB
Available Virtual: 1943.02 MB

==================== Drives ================================

Drive c: () (Fixed) (Total:452.08 GB) (Free:226.07 GB) NTFS ==>[System with boot components (obtained from reading drive)]

==================== MBR & Partition Table ==================

========================================================
Disk: 0 (Size: 466 GB) (Disk ID: 2D117D68)
Partition 1: (Active) - (Size=452 GB) - (Type=07 NTFS)
Partition 2: (Not Active) - (Size=14 GB) - (Type=27)

==================== End Of Log ============================

Gruß
Frank

aharonov · 05.10.2013, 14:50

Hallo Frank,

dann so weiter:

Downloade dir bitte

TDSSKiller.exe und speichere diese Datei auf dem Desktop

Starte die TDSSKiller.exe - Einstellen wie in der Anleitung zu TDSSKiller beschrieben.
Drücke Start Scan
Sollten infizierte Objekte gefunden werden, wähle keinesfalls Cure. Wähle Skip und klicke auf Continue.
TDSSKiller wird eine Logfile auf deinem Systemlaufwerk speichern (Meistens C:\)
Als Beispiel: C:\TDSSKiller.<Version_Datum_Uhrzeit>log.txt

Poste den Inhalt bitte in jedem Fall hier in deinen Thread.

Plage01 · 05.10.2013, 15:00

Hallo Leo,

da kommt Arbeit auf mich zu, oder ?

Code:

ATTFilter

15:53:49.0126 3120  TDSS rootkit removing tool 2.8.16.0 Feb 11 2013 18:50:42
15:53:49.0174 3120  ============================================================
15:53:49.0175 3120  Current date / time: 2013/10/05 15:53:49.0174
15:53:49.0175 3120  SystemInfo:
15:53:49.0175 3120  
15:53:49.0175 3120  OS Version: 6.0.6002 ServicePack: 2.0
15:53:49.0175 3120  Product type: Workstation
15:53:49.0175 3120  ComputerName: xxxxxxx-PC
15:53:49.0175 3120  UserName: xxxxx
15:53:49.0175 3120  Windows directory: C:\Windows
15:53:49.0175 3120  System windows directory: C:\Windows
15:53:49.0175 3120  Processor architecture: Intel x86
15:53:49.0175 3120  Number of processors: 2
15:53:49.0175 3120  Page size: 0x1000
15:53:49.0175 3120  Boot type: Normal boot
15:53:49.0175 3120  ============================================================
15:53:49.0640 3120  Drive \Device\Harddisk0\DR0 - Size: 0x7470C06000 (465.76 Gb), SectorSize: 0x200, Cylinders: 0xED81, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000050
15:53:49.0658 3120  Drive \Device\Harddisk5\DR8 - Size: 0xF7300000 (3.86 Gb), SectorSize: 0x200, Cylinders: 0x1F8, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'W'
15:53:49.0659 3120  ============================================================
15:53:49.0659 3120  \Device\Harddisk0\DR0:
15:53:49.0659 3120  MBR partitions:
15:53:49.0659 3120  \Device\Harddisk0\DR0\Partition1: MBR, Type 0x7, StartLBA 0x3F, BlocksNum 0x38827D88
15:53:49.0659 3120  \Device\Harddisk5\DR8:
15:53:49.0660 3120  MBR partitions:
15:53:49.0660 3120  ============================================================
15:53:49.0707 3120  C: <-> \Device\Harddisk0\DR0\Partition1
15:53:49.0707 3120  ============================================================
15:53:49.0707 3120  Initialize success
15:53:49.0707 3120  ============================================================
15:55:24.0127 3252  ============================================================
15:55:24.0127 3252  Scan started
15:55:24.0127 3252  Mode: Manual; SigCheck; TDLFS; 
15:55:24.0127 3252  ============================================================
15:55:24.0349 3252  ================ Scan system memory ========================
15:55:24.0349 3252  System memory - ok
15:55:24.0349 3252  ================ Scan services =============================
15:55:24.0433 3252  [ C0393EB99A6C72C6BEF9BFC4A72B33A6 ] !SASCORE        C:\Program Files\SUPERAntiSpyware\SASCORE.EXE
15:55:24.0582 3252  !SASCORE ( UnsignedFile.Multi.Generic ) - warning
15:55:24.0582 3252  !SASCORE - detected UnsignedFile.Multi.Generic (1)
15:55:24.0790 3252  [ B1E652B9E5CB8E28D3686299944DBCD3 ] 3xHybrid        C:\Windows\system32\DRIVERS\3xHybrid.sys
15:55:24.0934 3252  3xHybrid - ok
15:55:24.0997 3252  ACDaemon - ok
15:55:25.0043 3252  [ 82B296AE1892FE3DBEE00C9CF92F8AC7 ] ACPI            C:\Windows\system32\drivers\acpi.sys
15:55:25.0062 3252  ACPI - ok
15:55:25.0110 3252  [ 18214C7B97AE093A6631A2FBA4129F68 ] ADIHdAudAddService C:\Windows\system32\drivers\ADIHdAud.sys
15:55:25.0152 3252  ADIHdAudAddService - ok
15:55:25.0227 3252  [ 2EDC5BBAC6C651ECE337BDE8ED97C9FB ] adp94xx         C:\Windows\system32\drivers\adp94xx.sys
15:55:25.0252 3252  adp94xx - ok
15:55:25.0302 3252  [ B84088CA3CDCA97DA44A984C6CE1CCAD ] adpahci         C:\Windows\system32\drivers\adpahci.sys
15:55:25.0321 3252  adpahci - ok
15:55:25.0334 3252  [ 7880C67BCCC27C86FD05AA2AFB5EA469 ] adpu160m        C:\Windows\system32\drivers\adpu160m.sys
15:55:25.0348 3252  adpu160m - ok
15:55:25.0363 3252  [ 9AE713F8E30EFC2ABCCD84904333DF4D ] adpu320         C:\Windows\system32\drivers\adpu320.sys
15:55:25.0378 3252  adpu320 - ok
15:55:25.0431 3252  [ 9D1FDA9E086BA64E3C93C9DE32461BCF ] AeLookupSvc     C:\Windows\System32\aelupsvc.dll
15:55:25.0525 3252  AeLookupSvc - ok
15:55:25.0564 3252  [ FE3EA6E9AFC1A78E6EDCA121E006AFB7 ] Afc             C:\Windows\system32\drivers\Afc.sys
15:55:25.0585 3252  Afc - ok
15:55:25.0645 3252  [ 3911B972B55FEA0478476B2E777B29FA ] AFD             C:\Windows\system32\drivers\afd.sys
15:55:25.0697 3252  AFD - ok
15:55:25.0731 3252  [ EF23439CDD587F64C2C1B8825CEAD7D8 ] agp440          C:\Windows\system32\drivers\agp440.sys
15:55:25.0745 3252  agp440 - ok
15:55:25.0790 3252  [ AE1FDF7BF7BB6C6A70F67699D880592A ] aic78xx         C:\Windows\system32\drivers\djsvs.sys
15:55:25.0807 3252  aic78xx - ok
15:55:25.0843 3252  [ A1545B731579895D8CC44FC0481C1192 ] ALG             C:\Windows\System32\alg.exe
15:55:25.0959 3252  ALG - ok
15:55:25.0978 3252  [ 90395B64600EBB4552E26E178C94B2E4 ] aliide          C:\Windows\system32\drivers\aliide.sys
15:55:25.0993 3252  aliide - ok
15:55:26.0011 3252  [ 2B13E304C9DFDFA5EB582F6A149FA2C7 ] amdagp          C:\Windows\system32\drivers\amdagp.sys
15:55:26.0028 3252  amdagp - ok
15:55:26.0040 3252  [ 0577DF1D323FE75A739C787893D300EA ] amdide          C:\Windows\system32\drivers\amdide.sys
15:55:26.0055 3252  amdide - ok
15:55:26.0071 3252  [ DC487885BCEF9F28EECE6FAC0E5DDFC5 ] AmdK7           C:\Windows\system32\drivers\amdk7.sys
15:55:26.0258 3252  AmdK7 - ok
15:55:26.0298 3252  [ 93AE7F7DD54AB986A6F1A1B37BE7442D ] AmdK8           C:\Windows\system32\DRIVERS\amdk8.sys
15:55:26.0362 3252  AmdK8 - ok
15:55:26.0482 3252  [ 3EC77A3849350B40D2D9002BA560E554 ] AntiVirSchedulerService C:\Program Files\Avira\AntiVir Desktop\sched.exe
15:55:26.0497 3252  AntiVirSchedulerService - ok
15:55:26.0572 3252  [ 1D6D44493488923CF6E82339E189EAD6 ] AntiVirService  C:\Program Files\Avira\AntiVir Desktop\avguard.exe
15:55:26.0596 3252  AntiVirService - ok
15:55:26.0646 3252  [ C6D704C7F0434DC791AAC37CAC4B6E14 ] Appinfo         C:\Windows\System32\appinfo.dll
15:55:26.0709 3252  Appinfo - ok
15:55:26.0802 3252  [ A5299D04ED225D64CF07A568A3E1BF8C ] Apple Mobile Device C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
15:55:26.0817 3252  Apple Mobile Device - ok
15:55:26.0867 3252  [ 5F673180268BB1FDB69C99B6619FE379 ] arc             C:\Windows\system32\drivers\arc.sys
15:55:26.0884 3252  arc - ok
15:55:26.0921 3252  [ 957F7540B5E7F602E44648C7DE5A1C05 ] arcsas          C:\Windows\system32\drivers\arcsas.sys
15:55:26.0937 3252  arcsas - ok
15:55:26.0993 3252  [ 53B202ABEE6455406254444303E87BE1 ] AsyncMac        C:\Windows\system32\DRIVERS\asyncmac.sys
15:55:27.0037 3252  AsyncMac - ok
15:55:27.0065 3252  [ 1F05B78AB91C9075565A9D8A4B880BC4 ] atapi           C:\Windows\system32\drivers\atapi.sys
15:55:27.0081 3252  atapi - ok
15:55:27.0144 3252  [ 59DB74EF3B328852A736578DFF3FCAD6 ] athrusb         C:\Windows\system32\DRIVERS\athrusb.sys
15:55:27.0216 3252  athrusb - ok
15:55:27.0261 3252  [ F0D933B42CD0594048E4D5200AE9E417 ] atksgt          C:\Windows\system32\DRIVERS\atksgt.sys
15:55:27.0285 3252  atksgt - ok
15:55:27.0342 3252  [ 68E2A1A0407A66CF50DA0300852424AB ] AudioEndpointBuilder C:\Windows\System32\Audiosrv.dll
15:55:27.0389 3252  AudioEndpointBuilder - ok
15:55:27.0417 3252  [ 68E2A1A0407A66CF50DA0300852424AB ] Audiosrv        C:\Windows\System32\Audiosrv.dll
15:55:27.0446 3252  Audiosrv - ok
15:55:27.0522 3252  [ 40A34E457431625086F7E161E59A0528 ] avgntflt        C:\Windows\system32\DRIVERS\avgntflt.sys
15:55:27.0540 3252  avgntflt - ok
15:55:27.0611 3252  [ F260F2EE3D21D00BEC0B08068E27BADB ] avipbb          C:\Windows\system32\DRIVERS\avipbb.sys
15:55:27.0647 3252  avipbb - ok
15:55:27.0689 3252  [ CB8741CD7B126499FED40C9B197F6AC5 ] avkmgr          C:\Windows\system32\DRIVERS\avkmgr.sys
15:55:27.0706 3252  avkmgr - ok
15:55:27.0751 3252  [ 67E506B75BD5326A3EC7B70BD014DFB6 ] Beep            C:\Windows\system32\drivers\Beep.sys
15:55:27.0815 3252  Beep - ok
15:55:27.0875 3252  [ C789AF0F724FDA5852FB9A7D3A432381 ] BFE             C:\Windows\System32\bfe.dll
15:55:27.0957 3252  BFE - ok
15:55:27.0988 3252  [ ACC9C8C560C567FAD6F79C977AB2EA09 ] bgsvcgen        C:\Windows\System32\bgsvcgen.exe
15:55:28.0005 3252  bgsvcgen - ok
15:55:28.0081 3252  [ 93952506C6D67330367F7E7934B6A02F ] BITS            C:\Windows\system32\qmgr.dll
15:55:28.0182 3252  BITS - ok
15:55:28.0190 3252  blbdrive - ok
15:55:28.0268 3252  [ BD32E440DCDF35D421A4B309B13AEF5A ] BMUService      C:\Program Files\Memeo\AutoBackup\MemeoService.exe
15:55:28.0306 3252  BMUService ( UnsignedFile.Multi.Generic ) - warning
15:55:28.0306 3252  BMUService - detected UnsignedFile.Multi.Generic (1)
15:55:28.0354 3252  [ 35F376253F687BDE63976CCB3F2108CA ] bowser          C:\Windows\system32\DRIVERS\bowser.sys
15:55:28.0417 3252  bowser - ok
15:55:28.0467 3252  [ 9F9ACC7F7CCDE8A15C282D3F88B43309 ] BrFiltLo        C:\Windows\system32\drivers\brfiltlo.sys
15:55:28.0498 3252  BrFiltLo - ok
15:55:28.0515 3252  [ 56801AD62213A41F6497F96DEE83755A ] BrFiltUp        C:\Windows\system32\drivers\brfiltup.sys
15:55:28.0567 3252  BrFiltUp - ok
15:55:28.0609 3252  [ D3FACB34FFF5DB91ADB70987838F8BA7 ] Brother XP spl Service C:\Windows\system32\brsvc01a.exe
15:55:28.0642 3252  Brother XP spl Service ( UnsignedFile.Multi.Generic ) - warning
15:55:28.0642 3252  Brother XP spl Service - detected UnsignedFile.Multi.Generic (1)
15:55:28.0678 3252  [ A3629A0C4226F9E9C72FAAEEBC3AD33C ] Browser         C:\Windows\System32\browser.dll
15:55:28.0737 3252  Browser - ok
15:55:28.0762 3252  [ B304E75CFF293029EDDF094246747113 ] Brserid         C:\Windows\system32\drivers\brserid.sys
15:55:28.0835 3252  Brserid - ok
15:55:28.0860 3252  [ 203F0B1E73ADADBBB7B7B1FABD901F6B ] BrSerWdm        C:\Windows\system32\drivers\brserwdm.sys
15:55:28.0938 3252  BrSerWdm - ok
15:55:28.0962 3252  [ BD456606156BA17E60A04E18016AE54B ] BrUsbMdm        C:\Windows\system32\drivers\brusbmdm.sys
15:55:29.0031 3252  BrUsbMdm - ok
15:55:29.0039 3252  [ AF72ED54503F717A43268B3CC5FAEC2E ] BrUsbSer        C:\Windows\system32\drivers\brusbser.sys
15:55:29.0096 3252  BrUsbSer - ok
15:55:29.0172 3252  [ EA7E57F87D6FEE5FD6C5F813C04E8CD2 ] BrYNSvc         C:\Program Files\Browny02\BrYNSvc.exe
15:55:29.0187 3252  BrYNSvc ( UnsignedFile.Multi.Generic ) - warning
15:55:29.0187 3252  BrYNSvc - detected UnsignedFile.Multi.Generic (1)
15:55:29.0221 3252  [ AD07C1EC6665B8B35741AB91200C6B68 ] BTHMODEM        C:\Windows\system32\drivers\bthmodem.sys
15:55:29.0290 3252  BTHMODEM - ok
15:55:29.0351 3252  [ A4C8377FA4A994E07075107DBE2E3DCE ] BthServ         C:\Windows\System32\bthserv.dll
15:55:29.0403 3252  BthServ - ok
15:55:29.0435 3252  [ 7ADD03E75BEB9E6DD102C3081D29840A ] cdfs            C:\Windows\system32\DRIVERS\cdfs.sys
15:55:29.0475 3252  cdfs - ok
15:55:29.0529 3252  [ E0042BD5BEF17A6A3EF1DF576BDE24D1 ] cdrbsdrv        C:\Windows\system32\drivers\cdrbsdrv.sys
15:55:29.0555 3252  cdrbsdrv ( UnsignedFile.Multi.Generic ) - warning
15:55:29.0555 3252  cdrbsdrv - detected UnsignedFile.Multi.Generic (1)
15:55:29.0593 3252  [ 6B4BFFB9BECD728097024276430DB314 ] cdrom           C:\Windows\system32\DRIVERS\cdrom.sys
15:55:29.0638 3252  cdrom - ok
15:55:29.0697 3252  [ 312EC3E37A0A1F2006534913E37B4423 ] CertPropSvc     C:\Windows\System32\certprop.dll
15:55:29.0742 3252  CertPropSvc - ok
15:55:29.0798 3252  [ 482408EFD62A9FDF63382AC71CC74C63 ] CheckStage2_svc C:\Windows\CheckStage2.exe
15:55:29.0826 3252  CheckStage2_svc ( UnsignedFile.Multi.Generic ) - warning
15:55:29.0826 3252  CheckStage2_svc - detected UnsignedFile.Multi.Generic (1)
15:55:29.0857 3252  [ DA8E0AFC7BAA226C538EF53AC2F90897 ] circlass        C:\Windows\system32\drivers\circlass.sys
15:55:29.0929 3252  circlass - ok
15:55:29.0970 3252  [ D7659D3B5B92C31E84E53C1431F35132 ] CLFS            C:\Windows\system32\CLFS.sys
15:55:29.0992 3252  CLFS - ok
15:55:30.0086 3252  ClipInc001 - ok
15:55:30.0153 3252  [ 8EE772032E2FE80A924F3B8DD5082194 ] clr_optimization_v2.0.50727_32 C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe
15:55:30.0182 3252  clr_optimization_v2.0.50727_32 - ok
15:55:30.0240 3252  [ C5A75EB48E2344ABDC162BDA79E16841 ] clr_optimization_v4.0.30319_32 C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe
15:55:30.0270 3252  clr_optimization_v4.0.30319_32 - ok
15:55:30.0306 3252  [ 45201046C776FFDAF3FC8A0029C581C8 ] cmdide          C:\Windows\system32\drivers\cmdide.sys
15:55:30.0334 3252  cmdide - ok
15:55:30.0371 3252  [ 82B8C91D327CFECF76CB58716F7D4997 ] Compbatt        C:\Windows\system32\drivers\compbatt.sys
15:55:30.0384 3252  Compbatt - ok
15:55:30.0390 3252  COMSysApp - ok
15:55:30.0444 3252  [ C2EB4539A4F6AB6EDD01BDC191619975 ] cpuz135         C:\Windows\system32\drivers\cpuz135_x32.sys
15:55:30.0455 3252  cpuz135 - ok
15:55:30.0497 3252  [ 2A213AE086BBEC5E937553C7D9A2B22C ] crcdisk         C:\Windows\system32\drivers\crcdisk.sys
15:55:30.0509 3252  crcdisk - ok
15:55:30.0540 3252  [ 22A7F883508176489F559EE745B5BF5D ] Crusoe          C:\Windows\system32\drivers\crusoe.sys
15:55:30.0590 3252  Crusoe - ok
15:55:30.0636 3252  [ 684C130BBC6DB681BAD4920A4C944AA5 ] CryptSvc        C:\Windows\system32\cryptsvc.dll
15:55:30.0677 3252  CryptSvc - ok
15:55:30.0745 3252  [ 3B5B4D53FEC14F7476CA29A20CC31AC9 ] DcomLaunch      C:\Windows\system32\rpcss.dll
15:55:30.0825 3252  DcomLaunch - ok
15:55:30.0862 3252  [ 622C41A07CA7E6DD91770F50D532CB6C ] DfsC            C:\Windows\system32\Drivers\dfsc.sys
15:55:30.0906 3252  DfsC - ok
15:55:31.0010 3252  [ 2CC3DCFB533A1035B13DCAB6160AB38B ] DFSR            C:\Windows\system32\DFSR.exe
15:55:31.0152 3252  DFSR - ok
15:55:31.0217 3252  [ 9028559C132146FB75EB7ACF384B086A ] Dhcp            C:\Windows\System32\dhcpcsvc.dll
15:55:31.0242 3252  Dhcp - ok
15:55:31.0273 3252  [ 5D4AEFC3386920236A548271F8F1AF6A ] disk            C:\Windows\system32\drivers\disk.sys
15:55:31.0288 3252  disk - ok
15:55:31.0325 3252  [ 57D762F6F5974AF0DA2BE88A3349BAAA ] Dnscache        C:\Windows\System32\dnsrslvr.dll
15:55:31.0378 3252  Dnscache - ok
15:55:31.0415 3252  [ 324FD74686B1EF5E7C19A8AF49E748F6 ] dot3svc         C:\Windows\System32\dot3svc.dll
15:55:31.0456 3252  dot3svc - ok
15:55:31.0520 3252  [ A622E888F8AA2F6B49E9BC466F0E5DEF ] DPS             C:\Windows\system32\dps.dll
15:55:31.0572 3252  DPS - ok
15:55:31.0606 3252  [ 97FEF831AB90BEE128C9AF390E243F80 ] drmkaud         C:\Windows\system32\drivers\drmkaud.sys
15:55:31.0650 3252  drmkaud - ok
15:55:31.0694 3252  [ E577B5C4A6BE078E5445CDCFB65BE7AB ] DslMNLwf        C:\Windows\system32\DRIVERS\dslmnlwf.sys
15:55:31.0709 3252  DslMNLwf - ok
15:55:31.0761 3252  [ C6B2E10CFE79169C72F0269087B9A603 ] dsltestSp5      C:\Windows\system32\Drivers\dsltestSp5.sys
15:55:31.0776 3252  dsltestSp5 - ok
15:55:31.0828 3252  [ 5DE0FAEC9E5D1AAE74F8568897891A01 ] DXGKrnl         C:\Windows\System32\drivers\dxgkrnl.sys
15:55:31.0872 3252  DXGKrnl - ok
15:55:31.0923 3252  [ F88FB26547FD2CE6D0A5AF2985892C48 ] E1G60           C:\Windows\system32\DRIVERS\E1G60I32.sys
15:55:31.0981 3252  E1G60 - ok
15:55:32.0004 3252  [ C0B95E40D85CD807D614E264248A45B9 ] EapHost         C:\Windows\System32\eapsvc.dll
15:55:32.0041 3252  EapHost - ok
15:55:32.0108 3252  [ 7F64EA048DCFAC7ACF8B4D7B4E6FE371 ] Ecache          C:\Windows\system32\drivers\ecache.sys
15:55:32.0128 3252  Ecache - ok
15:55:32.0168 3252  [ 9BE3744D295A7701EB425332014F0797 ] ehRecvr         C:\Windows\ehome\ehRecvr.exe
15:55:32.0198 3252  ehRecvr - ok
15:55:32.0221 3252  [ AD1870C8E5D6DD340C829E6074BF3C3F ] ehSched         C:\Windows\ehome\ehsched.exe
15:55:32.0272 3252  ehSched - ok
15:55:32.0302 3252  [ C27C4EE8926E74AA72EFCAB24C5242C3 ] ehstart         C:\Windows\ehome\ehstart.dll
15:55:32.0335 3252  ehstart - ok
15:55:32.0377 3252  [ E8F3F21A71720C84BCF423B80028359F ] elxstor         C:\Windows\system32\drivers\elxstor.sys
15:55:32.0400 3252  elxstor - ok
15:55:32.0458 3252  [ 4E6B23DFC917EA39306B529B773950F4 ] EMDMgmt         C:\Windows\system32\emdmgmt.dll
15:55:32.0538 3252  EMDMgmt - ok
15:55:32.0625 3252  [ 67058C46504BC12D821F38CF99B7B28F ] EventSystem     C:\Windows\system32\es.dll
15:55:32.0694 3252  EventSystem - ok
15:55:32.0733 3252  [ 22B408651F9123527BCEE54B4F6C5CAE ] exfat           C:\Windows\system32\drivers\exfat.sys
15:55:32.0775 3252  exfat - ok
15:55:32.0824 3252  [ 1E9B9A70D332103C52995E957DC09EF8 ] fastfat         C:\Windows\system32\drivers\fastfat.sys
15:55:32.0887 3252  fastfat - ok
15:55:32.0927 3252  [ 63BDADA84951B9C03E641800E176898A ] fdc             C:\Windows\system32\DRIVERS\fdc.sys
15:55:33.0045 3252  fdc - ok
15:55:33.0077 3252  [ 6629B5F0E98151F4AFDD87567EA32BA3 ] fdPHost         C:\Windows\system32\fdPHost.dll
15:55:33.0100 3252  fdPHost - ok
15:55:33.0123 3252  [ 89ED56DCE8E47AF40892778A5BD31FD2 ] FDResPub        C:\Windows\system32\fdrespub.dll
15:55:33.0175 3252  FDResPub - ok
15:55:33.0226 3252  [ A8C0139A884861E3AAE9CFE73B208A9F ] FileInfo        C:\Windows\system32\drivers\fileinfo.sys
15:55:33.0239 3252  FileInfo - ok
15:55:33.0258 3252  [ 0AE429A696AECBC5970E3CF2C62635AE ] Filetrace       C:\Windows\system32\drivers\filetrace.sys
15:55:33.0298 3252  Filetrace - ok
15:55:33.0324 3252  [ 6603957EFF5EC62D25075EA8AC27DE68 ] flpydisk        C:\Windows\system32\DRIVERS\flpydisk.sys
15:55:33.0381 3252  flpydisk - ok
15:55:33.0424 3252  [ 01334F9EA68E6877C4EF05D3EA8ABB05 ] FltMgr          C:\Windows\system32\drivers\fltmgr.sys
15:55:33.0440 3252  FltMgr - ok
15:55:33.0547 3252  [ 119ACA7CADCA75BEA6B38E999443BAA6 ] FontCache       C:\Windows\system32\FntCache.dll
15:55:33.0624 3252  FontCache - ok
15:55:33.0719 3252  [ C7FBDD1ED42F82BFA35167A5C9803EA3 ] FontCache3.0.0.0 C:\Windows\Microsoft.Net\Framework\v3.0\WPF\PresentationFontCache.exe
15:55:33.0732 3252  FontCache3.0.0.0 - ok
15:55:33.0754 3252  [ B972A66758577E0BFD1DE0F91AAA27B5 ] Fs_Rec          C:\Windows\system32\drivers\Fs_Rec.sys
15:55:33.0800 3252  Fs_Rec - ok
15:55:33.0822 3252  [ 4E1CD0A45C50A8882616CAE5BF82F3C5 ] gagp30kx        C:\Windows\system32\drivers\gagp30kx.sys
15:55:33.0836 3252  gagp30kx - ok
15:55:33.0871 3252  [ 185ADA973B5020655CEE342059A86CBB ] GEARAspiWDM     C:\Windows\system32\Drivers\GEARAspiWDM.sys
15:55:33.0882 3252  GEARAspiWDM - ok
15:55:33.0934 3252  [ CD5D0AEEE35DFD4E986A5AA1500A6E66 ] gpsvc           C:\Windows\System32\gpsvc.dll
15:55:33.0995 3252  gpsvc - ok
15:55:34.0089 3252  [ F02A533F517EB38333CB12A9E8963773 ] gupdate         C:\Program Files\Google\Update\GoogleUpdate.exe
15:55:34.0104 3252  gupdate - ok
15:55:34.0148 3252  [ F02A533F517EB38333CB12A9E8963773 ] gupdatem        C:\Program Files\Google\Update\GoogleUpdate.exe
15:55:34.0162 3252  gupdatem - ok
15:55:34.0250 3252  [ 5D4BC124FAAE6730AC002CDB67BF1A1C ] gusvc           C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
15:55:34.0267 3252  gusvc - ok
15:55:34.0313 3252  [ CB04C744BE0A61B1D648FAED182C3B59 ] HdAudAddService C:\Windows\system32\drivers\HdAudio.sys
15:55:34.0373 3252  HdAudAddService - ok
15:55:34.0416 3252  [ 062452B7FFD68C8C042A6261FE8DFF4A ] HDAudBus        C:\Windows\system32\DRIVERS\HDAudBus.sys
15:55:34.0476 3252  HDAudBus - ok
15:55:34.0509 3252  [ 1338520E78D90154ED6BE8F84DE5FCEB ] HidBth          C:\Windows\system32\drivers\hidbth.sys
15:55:34.0577 3252  HidBth - ok
15:55:34.0600 3252  [ FF3160C3A2445128C5A6D9B076DA519E ] HidIr           C:\Windows\system32\drivers\hidir.sys
15:55:34.0671 3252  HidIr - ok
15:55:34.0706 3252  [ 84067081F3318162797385E11A8F0582 ] hidserv         C:\Windows\System32\hidserv.dll
15:55:34.0736 3252  hidserv - ok
15:55:34.0774 3252  [ CCA4B519B17E23A00B826C55716809CC ] HidUsb          C:\Windows\system32\DRIVERS\hidusb.sys
15:55:34.0816 3252  HidUsb - ok
15:55:34.0845 3252  [ D8AD255B37DA92434C26E4876DB7D418 ] hkmsvc          C:\Windows\system32\kmsvc.dll
15:55:34.0888 3252  hkmsvc - ok
15:55:34.0905 3252  [ DF353B401001246853763C4B7AAA6F50 ] HpCISSs         C:\Windows\system32\drivers\hpcisss.sys
15:55:34.0921 3252  HpCISSs - ok
15:55:34.0979 3252  [ F870AA3E254628EBEAFE754108D664DE ] HTTP            C:\Windows\system32\drivers\HTTP.sys
15:55:35.0057 3252  HTTP - ok
15:55:35.0073 3252  [ 324C2152FF2C61ABAE92D09F3CCA4D63 ] i2omp           C:\Windows\system32\drivers\i2omp.sys
15:55:35.0089 3252  i2omp - ok
15:55:35.0147 3252  [ 22D56C8184586B7A1F6FA60BE5F5A2BD ] i8042prt        C:\Windows\system32\DRIVERS\i8042prt.sys
15:55:35.0208 3252  i8042prt - ok
15:55:35.0252 3252  [ C957BF4B5D80B46C5017BF0101E6C906 ] iaStorV         C:\Windows\system32\drivers\iastorv.sys
15:55:35.0273 3252  iaStorV - ok
15:55:35.0321 3252  IDriverT - ok
15:55:35.0405 3252  [ 98477B08E61945F974ED9FDC4CB6BDAB ] idsvc           C:\Windows\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\infocard.exe
15:55:35.0494 3252  idsvc - ok
15:55:35.0524 3252  [ 2D077BF86E843F901D8DB709C95B49A5 ] iirsp           C:\Windows\system32\drivers\iirsp.sys
15:55:35.0539 3252  iirsp - ok
15:55:35.0589 3252  [ 9908D8A397B76CD8D31D0D383C5773C9 ] IKEEXT          C:\Windows\System32\ikeext.dll
15:55:35.0646 3252  IKEEXT - ok
15:55:35.0679 3252  [ 97469037714070E45194ED318D636401 ] intelide        C:\Windows\system32\drivers\intelide.sys
15:55:35.0694 3252  intelide - ok
15:55:35.0730 3252  [ CE44CC04262F28216DD4341E9E36A16F ] intelppm        C:\Windows\system32\DRIVERS\intelppm.sys
15:55:35.0805 3252  intelppm - ok
15:55:35.0840 3252  [ 9AC218C6E6105477484C6FDBE7D409A4 ] IPBusEnum       C:\Windows\system32\ipbusenum.dll
15:55:35.0892 3252  IPBusEnum - ok
15:55:35.0928 3252  [ 62C265C38769B864CB25B4BCF62DF6C3 ] IpFilterDriver  C:\Windows\system32\DRIVERS\ipfltdrv.sys
15:55:35.0970 3252  IpFilterDriver - ok
15:55:36.0013 3252  [ 1998BD97F950680BB55F55A7244679C2 ] iphlpsvc        C:\Windows\System32\iphlpsvc.dll
15:55:36.0062 3252  iphlpsvc - ok
15:55:36.0069 3252  IpInIp - ok
15:55:36.0100 3252  [ 40F34F8ABA2A015D780E4B09138B6C17 ] IPMIDRV         C:\Windows\system32\drivers\ipmidrv.sys
15:55:36.0168 3252  IPMIDRV - ok
15:55:36.0196 3252  [ 8793643A67B42CEC66490B2A0CF92D68 ] IPNAT           C:\Windows\system32\DRIVERS\ipnat.sys
15:55:36.0250 3252  IPNAT - ok
15:55:36.0317 3252  [ BC0EA61246F8D940FBC5F652D337D6BD ] iPod Service    C:\Program Files\iPod\bin\iPodService.exe
15:55:36.0359 3252  iPod Service - ok
15:55:36.0395 3252  [ 109C0DFB82C3632FBD11949B73AEEAC9 ] IRENUM          C:\Windows\system32\drivers\irenum.sys
15:55:36.0445 3252  IRENUM - ok
15:55:36.0506 3252  [ 350FCA7E73CF65BCEF43FAE1E4E91293 ] isapnp          C:\Windows\system32\drivers\isapnp.sys
15:55:36.0521 3252  isapnp - ok
15:55:36.0556 3252  [ 232FA340531D940AAC623B121A595034 ] iScsiPrt        C:\Windows\system32\DRIVERS\msiscsi.sys
15:55:36.0592 3252  iScsiPrt - ok
15:55:36.0609 3252  [ BCED60D16156E428F8DF8CF27B0DF150 ] iteatapi        C:\Windows\system32\drivers\iteatapi.sys
15:55:36.0638 3252  iteatapi - ok
15:55:36.0670 3252  [ 06FA654504A498C30ADCA8BEC4E87E7E ] iteraid         C:\Windows\system32\drivers\iteraid.sys
15:55:36.0682 3252  iteraid - ok
15:55:36.0703 3252  [ C995C0E8B4503FAC38793BB0236AD246 ] JGOGO           C:\Windows\system32\DRIVERS\JGOGO.sys
15:55:36.0746 3252  JGOGO - ok
15:55:36.0758 3252  [ F4A31E66A61C0783F51157519B03280B ] JRAID           C:\Windows\system32\DRIVERS\jraid.sys
15:55:36.0782 3252  JRAID - ok
15:55:36.0814 3252  [ 37605E0A8CF00CBBA538E753E4344C6E ] kbdclass        C:\Windows\system32\DRIVERS\kbdclass.sys
15:55:36.0826 3252  kbdclass - ok
15:55:36.0852 3252  [ EDE59EC70E25C24581ADD1FBEC7325F7 ] kbdhid          C:\Windows\system32\DRIVERS\kbdhid.sys
15:55:36.0870 3252  kbdhid - ok
15:55:36.0888 3252  [ A3E186B4B935905B829219502557314E ] KeyIso          C:\Windows\system32\lsass.exe
15:55:36.0934 3252  KeyIso - ok
15:55:36.0980 3252  [ 4A1445EFA932A3BAF5BDB02D7131EE20 ] KSecDD          C:\Windows\system32\Drivers\ksecdd.sys
15:55:37.0004 3252  KSecDD - ok
15:55:37.0070 3252  [ 8078F8F8F7A79E2E6B494523A828C585 ] KtmRm           C:\Windows\system32\msdtckrm.dll
15:55:37.0130 3252  KtmRm - ok
15:55:37.0174 3252  [ 1BF5EEBFD518DD7298434D8C862F825D ] LanmanServer    C:\Windows\System32\srvsvc.dll
15:55:37.0207 3252  LanmanServer - ok
15:55:37.0257 3252  [ 1DB69705B695B987082C8BAEC0C6B34F ] LanmanWorkstation C:\Windows\System32\wkssvc.dll
15:55:37.0287 3252  LanmanWorkstation - ok
15:55:37.0337 3252  LightScribeService - ok
15:55:37.0394 3252  [ F8A7212D0864EF5E9185FB95E6623F4D ] lirsgt          C:\Windows\system32\DRIVERS\lirsgt.sys
15:55:37.0408 3252  lirsgt - ok
15:55:37.0437 3252  [ D1C5883087A0C3F1344D9D55A44901F6 ] lltdio          C:\Windows\system32\DRIVERS\lltdio.sys
15:55:37.0468 3252  lltdio - ok
15:55:37.0497 3252  [ 2D5A428872F1442631D0959A34ABFF63 ] lltdsvc         C:\Windows\System32\lltdsvc.dll
15:55:37.0539 3252  lltdsvc - ok
15:55:37.0564 3252  [ 35D40113E4A5B961B6CE5C5857702518 ] lmhosts         C:\Windows\System32\lmhsvc.dll
15:55:37.0617 3252  lmhosts - ok
15:55:37.0640 3252  [ A2262FB9F28935E862B4DB46438C80D2 ] LSI_FC          C:\Windows\system32\drivers\lsi_fc.sys
15:55:37.0655 3252  LSI_FC - ok
15:55:37.0674 3252  [ 30D73327D390F72A62F32C103DAF1D6D ] LSI_SAS         C:\Windows\system32\drivers\lsi_sas.sys
15:55:37.0689 3252  LSI_SAS - ok
15:55:37.0730 3252  [ E1E36FEFD45849A95F1AB81DE0159FE3 ] LSI_SCSI        C:\Windows\system32\drivers\lsi_scsi.sys
15:55:37.0745 3252  LSI_SCSI - ok
15:55:37.0766 3252  [ 8F5C7426567798E62A3B3614965D62CC ] luafv           C:\Windows\system32\drivers\luafv.sys
15:55:37.0814 3252  luafv - ok
15:55:37.0876 3252  [ AF280405C10F0D20F37670B7432E5C2F ] lvpopflt        C:\Windows\system32\DRIVERS\lvpopflt.sys
15:55:37.0893 3252  lvpopflt - ok
15:55:37.0937 3252  [ 8BE71D7EDB8C7494913722059F760DD0 ] LVPr2Mon        C:\Windows\system32\DRIVERS\LVPr2Mon.sys
15:55:37.0951 3252  LVPr2Mon - ok
15:55:37.0991 3252  [ ED643E777BA3F7151EF3F0FB6BE4F7F0 ] LVRS            C:\Windows\system32\DRIVERS\lvrs.sys
15:55:38.0015 3252  LVRS - ok
15:55:38.0149 3252  [ 5BC80451109A8DD7F2DDD35BCE2929A3 ] LVUVC           C:\Windows\system32\DRIVERS\lvuvc.sys
15:55:38.0374 3252  LVUVC - ok
15:55:38.0421 3252  [ 4470E3C1E0C3378E4CAB137893C12C3A ] MBAMProtector   C:\Windows\system32\drivers\mbam.sys
15:55:38.0439 3252  MBAMProtector - ok
15:55:38.0492 3252  [ 65085456FD9A74D7F1A999520C299ECB ] MBAMScheduler   C:\Program Files\Malwarebytes' Anti-Malware\mbamscheduler.exe
15:55:38.0516 3252  MBAMScheduler - ok
15:55:38.0604 3252  [ E0D7732F2D2E24B2DB3F67B6750295B8 ] MBAMService     C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe
15:55:38.0656 3252  MBAMService - ok
15:55:38.0688 3252  [ AEF9BABB8A506BC4CE0451A64AADED46 ] Mcx2Svc         C:\Windows\system32\Mcx2Svc.dll
15:55:38.0719 3252  Mcx2Svc - ok
15:55:38.0771 3252  [ D153B14FC6598EAE8422A2037553ADCE ] megasas         C:\Windows\system32\drivers\megasas.sys
15:55:38.0799 3252  megasas - ok
15:55:38.0820 3252  [ 1076FFCFFAAE8385FD62DFCB25AC4708 ] MMCSS           C:\Windows\system32\mmcss.dll
15:55:38.0898 3252  MMCSS - ok
15:55:38.0938 3252  [ E13B5EA0F51BA5B1512EC671393D09BA ] Modem           C:\Windows\system32\drivers\modem.sys
15:55:39.0009 3252  Modem - ok
15:55:39.0057 3252  [ CBB59C41F19EFEA1A000793E08070A62 ] MODEMCSA        C:\Windows\system32\drivers\MODEMCSA.sys
15:55:39.0130 3252  MODEMCSA - ok
15:55:39.0176 3252  [ 0A9BB33B56E294F686ABB7C1E4E2D8A8 ] monitor         C:\Windows\system32\DRIVERS\monitor.sys
15:55:39.0220 3252  monitor - ok
15:55:39.0265 3252  [ 5BF6A1326A335C5298477754A506D263 ] mouclass        C:\Windows\system32\DRIVERS\mouclass.sys
15:55:39.0282 3252  mouclass - ok
15:55:39.0299 3252  [ 93B8D4869E12CFBE663915502900876F ] mouhid          C:\Windows\system32\DRIVERS\mouhid.sys
15:55:39.0339 3252  mouhid - ok
15:55:39.0363 3252  [ BDAFC88AA6B92F7842416EA6A48E1600 ] MountMgr        C:\Windows\system32\drivers\mountmgr.sys
15:55:39.0381 3252  MountMgr - ok
15:55:39.0424 3252  [ 583A41F26278D9E0EA548163D6139397 ] mpio            C:\Windows\system32\drivers\mpio.sys
15:55:39.0440 3252  mpio - ok
15:55:39.0471 3252  [ 22241FEBA9B2DEFA669C8CB0A8DD7D2E ] mpsdrv          C:\Windows\system32\drivers\mpsdrv.sys
15:55:39.0517 3252  mpsdrv - ok
15:55:39.0597 3252  [ 5DE62C6E9108F14F6794060A9BDECAEC ] MpsSvc          C:\Windows\system32\mpssvc.dll
15:55:39.0680 3252  MpsSvc - ok
15:55:39.0708 3252  [ 4FBBB70D30FD20EC51F80061703B001E ] Mraid35x        C:\Windows\system32\drivers\mraid35x.sys
15:55:39.0735 3252  Mraid35x - ok
15:55:39.0790 3252  [ 82CEA0395524AACFEB58BA1448E8325C ] MRxDAV          C:\Windows\system32\drivers\mrxdav.sys
15:55:39.0809 3252  MRxDAV - ok
15:55:39.0826 3252  [ 1E94971C4B446AB2290DEB71D01CF0C2 ] mrxsmb          C:\Windows\system32\DRIVERS\mrxsmb.sys
15:55:39.0857 3252  mrxsmb - ok
15:55:39.0868 3252  [ 4FCCB34D793B116423209C0F8B7A3B03 ] mrxsmb10        C:\Windows\system32\DRIVERS\mrxsmb10.sys
15:55:39.0903 3252  mrxsmb10 - ok
15:55:39.0912 3252  [ C3CB1B40AD4A0124D617A1199B0B9D7C ] mrxsmb20        C:\Windows\system32\DRIVERS\mrxsmb20.sys
15:55:39.0949 3252  mrxsmb20 - ok
15:55:39.0969 3252  [ 742AED7939E734C36B7E8D6228CE26B7 ] msahci          C:\Windows\system32\drivers\msahci.sys
15:55:39.0986 3252  msahci - ok
15:55:40.0000 3252  [ 3FC82A2AE4CC149165A94699183D3028 ] msdsm           C:\Windows\system32\drivers\msdsm.sys
15:55:40.0016 3252  msdsm - ok
15:55:40.0039 3252  [ FD7520CC3A80C5FC8C48852BB24C6DED ] MSDTC           C:\Windows\System32\msdtc.exe
15:55:40.0087 3252  MSDTC - ok
15:55:40.0118 3252  [ A9927F4A46B816C92F461ACB90CF8515 ] Msfs            C:\Windows\system32\drivers\Msfs.sys
15:55:40.0164 3252  Msfs - ok
15:55:40.0216 3252  [ 0F400E306F385C56317357D6DEA56F62 ] msisadrv        C:\Windows\system32\drivers\msisadrv.sys
15:55:40.0232 3252  msisadrv - ok
15:55:40.0265 3252  [ 85466C0757A23D9A9AECDC0755203CB2 ] MSiSCSI         C:\Windows\system32\iscsiexe.dll
15:55:40.0320 3252  MSiSCSI - ok
15:55:40.0327 3252  msiserver - ok
15:55:40.0381 3252  [ D8C63D34D9C9E56C059E24EC7185CC07 ] MSKSSRV         C:\Windows\system32\drivers\MSKSSRV.sys
15:55:40.0428 3252  MSKSSRV - ok
15:55:40.0501 3252  [ 1D373C90D62DDB641D50E55B9E78D65E ] MSPCLOCK        C:\Windows\system32\drivers\MSPCLOCK.sys
15:55:40.0533 3252  MSPCLOCK - ok
15:55:40.0552 3252  [ B572DA05BF4E098D4BBA3A4734FB505B ] MSPQM           C:\Windows\system32\drivers\MSPQM.sys
15:55:40.0603 3252  MSPQM - ok
15:55:40.0651 3252  [ B49456D70555DE905C311BCDA6EC6ADB ] MsRPC           C:\Windows\system32\drivers\MsRPC.sys
15:55:40.0671 3252  MsRPC - ok
15:55:40.0686 3252  [ E384487CB84BE41D09711C30CA79646C ] mssmbios        C:\Windows\system32\DRIVERS\mssmbios.sys
15:55:40.0703 3252  mssmbios - ok
15:55:40.0711 3252  [ 7199C1EEC1E4993CAF96B8C0A26BD58A ] MSTEE           C:\Windows\system32\drivers\MSTEE.sys
15:55:40.0760 3252  MSTEE - ok
15:55:40.0794 3252  [ 6A57B5733D4CB702C8EA4542E836B96C ] Mup             C:\Windows\system32\Drivers\mup.sys
15:55:40.0812 3252  Mup - ok
15:55:40.0864 3252  [ E4EAF0C5C1B41B5C83386CF212CA9584 ] napagent        C:\Windows\system32\qagentRT.dll
15:55:40.0909 3252  napagent - ok
15:55:40.0948 3252  [ 85C44FDFF9CF7E72A40DCB7EC06A4416 ] NativeWifiP     C:\Windows\system32\DRIVERS\nwifi.sys
15:55:40.0975 3252  NativeWifiP - ok
15:55:41.0045 3252  [ 1357274D1883F68300AEADD15D7BBB42 ] NDIS            C:\Windows\system32\drivers\ndis.sys
15:55:41.0082 3252  NDIS - ok
15:55:41.0121 3252  [ 0E186E90404980569FB449BA7519AE61 ] NdisTapi        C:\Windows\system32\DRIVERS\ndistapi.sys
15:55:41.0146 3252  NdisTapi - ok
15:55:41.0175 3252  [ D6973AA34C4D5D76C0430B181C3CD389 ] Ndisuio         C:\Windows\system32\DRIVERS\ndisuio.sys
15:55:41.0223 3252  Ndisuio - ok
15:55:41.0262 3252  [ 818F648618AE34F729FDB47EC68345C3 ] NdisWan         C:\Windows\system32\DRIVERS\ndiswan.sys
15:55:41.0288 3252  NdisWan - ok
15:55:41.0312 3252  [ 71DAB552B41936358F3B541AE5997FB3 ] NDProxy         C:\Windows\system32\drivers\NDProxy.sys
15:55:41.0351 3252  NDProxy - ok
15:55:41.0374 3252  [ BCD093A5A6777CF626434568DC7DBA78 ] NetBIOS         C:\Windows\system32\DRIVERS\netbios.sys
15:55:41.0427 3252  NetBIOS - ok
15:55:41.0469 3252  [ ECD64230A59CBD93C85F1CD1CAB9F3F6 ] netbt           C:\Windows\system32\DRIVERS\netbt.sys
15:55:41.0515 3252  netbt - ok
15:55:41.0538 3252  [ A3E186B4B935905B829219502557314E ] Netlogon        C:\Windows\system32\lsass.exe
15:55:41.0556 3252  Netlogon - ok
15:55:41.0593 3252  [ C8052711DAECC48B982434C5116CA401 ] Netman          C:\Windows\System32\netman.dll
15:55:41.0647 3252  Netman - ok
15:55:41.0689 3252  [ 2EF3BBE22E5A5ACD1428EE387A0D0172 ] netprofm        C:\Windows\System32\netprofm.dll
15:55:41.0735 3252  netprofm - ok
15:55:41.0778 3252  [ D6C4E4A39A36029AC0813D476FBD0248 ] NetTcpPortSharing C:\Windows\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\SMSvcHost.exe
15:55:41.0795 3252  NetTcpPortSharing - ok
15:55:41.0817 3252  [ 2E7FB731D4790A1BC6270ACCEFACB36E ] nfrd960         C:\Windows\system32\drivers\nfrd960.sys
15:55:41.0833 3252  nfrd960 - ok
15:55:41.0852 3252  [ 2997B15415F9BBE05B5A4C1C85E0C6A2 ] NlaSvc          C:\Windows\System32\nlasvc.dll
15:55:41.0890 3252  NlaSvc - ok
15:55:41.0907 3252  NMIndexingService - ok
15:55:41.0949 3252  [ D36F239D7CCE1931598E8FB90A0DBC26 ] Npfs            C:\Windows\system32\drivers\Npfs.sys
15:55:41.0994 3252  Npfs - ok
15:55:42.0026 3252  [ 8BB86F0C7EEA2BDED6FE095D0B4CA9BD ] nsi             C:\Windows\system32\nsisvc.dll
15:55:42.0076 3252  nsi - ok
15:55:42.0107 3252  [ 609773E344A97410CE4EBF74A8914FCF ] nsiproxy        C:\Windows\system32\drivers\nsiproxy.sys
15:55:42.0159 3252  nsiproxy - ok
15:55:42.0217 3252  [ 2C1121F2B87E9A6B12485DF53CD848C7 ] Ntfs            C:\Windows\system32\drivers\Ntfs.sys
15:55:42.0301 3252  Ntfs - ok
15:55:42.0337 3252  [ E875C093AEC0C978A90F30C9E0DFBB72 ] ntrigdigi       C:\Windows\system32\drivers\ntrigdigi.sys
15:55:42.0407 3252  ntrigdigi - ok
15:55:42.0443 3252  [ C5DBBCDA07D780BDA9B685DF333BB41E ] Null            C:\Windows\system32\drivers\Null.sys
15:55:42.0476 3252  Null - ok
15:55:42.0543 3252  [ D668632606D1CEBF0B6EC64C1DF7ED6F ] NVENETFD        C:\Windows\system32\DRIVERS\nvmfdx32.sys
15:55:42.0605 3252  NVENETFD - ok
15:55:42.0898 3252  [ B69E6F70CE1151C8D62ABC9DEF64DFBE ] nvlddmkm        C:\Windows\system32\DRIVERS\nvlddmkm.sys
15:55:43.0339 3252  nvlddmkm - ok
15:55:43.0360 3252  [ E69E946F80C1C31C53003BFBF50CBB7C ] nvraid          C:\Windows\system32\drivers\nvraid.sys
15:55:43.0372 3252  nvraid - ok
15:55:43.0411 3252  [ 4A5FCAB82D9BF6AF8A023A66802FE9E9 ] nvstor          C:\Windows\system32\drivers\nvstor.sys
15:55:43.0435 3252  nvstor - ok
15:55:43.0491 3252  [ DC5F166422BEEBF195E3E4BB8AB4EE22 ] nvstor32        C:\Windows\system32\DRIVERS\nvstor32.sys
15:55:43.0504 3252  nvstor32 - ok
15:55:43.0598 3252  [ E4284FCF99FEA13A7E1836F87AE356F6 ] nvsvc           C:\Windows\system32\nvvsvc.exe
15:55:43.0624 3252  nvsvc - ok
15:55:43.0762 3252  [ 03E60E0BFA53ED15DC984FA34B44BB0F ] nvUpdatusService C:\Program Files\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe
15:55:43.0837 3252  nvUpdatusService - ok
15:55:43.0870 3252  [ 07C186427EB8FCC3D8D7927187F260F7 ] nv_agp          C:\Windows\system32\drivers\nv_agp.sys
15:55:43.0884 3252  nv_agp - ok
15:55:43.0892 3252  NwlnkFlt - ok
15:55:43.0899 3252  NwlnkFwd - ok
15:55:43.0961 3252  [ 785F487A64950F3CB8E9F16253BA3B7B ] odserv          C:\Program Files\Common Files\Microsoft Shared\OFFICE12\ODSERV.EXE
15:55:43.0984 3252  odserv - ok
15:55:44.0049 3252  [ 6F310E890D46E246E0E261A63D9B36B4 ] ohci1394        C:\Windows\system32\DRIVERS\ohci1394.sys
15:55:44.0089 3252  ohci1394 - ok
15:55:44.0126 3252  [ 5A432A042DAE460ABE7199B758E8606C ] ose             C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE
15:55:44.0140 3252  ose - ok
15:55:44.0199 3252  [ 0C8E8E61AD1EB0B250B846712C917506 ] p2pimsvc        C:\Windows\system32\p2psvc.dll
15:55:44.0294 3252  p2pimsvc - ok
15:55:44.0312 3252  [ 0C8E8E61AD1EB0B250B846712C917506 ] p2psvc          C:\Windows\system32\p2psvc.dll
15:55:44.0339 3252  p2psvc - ok
15:55:44.0405 3252  [ 8A79FDF04A73428597E2CAF9D0D67850 ] Parport         C:\Windows\system32\DRIVERS\parport.sys
15:55:44.0454 3252  Parport - ok
15:55:44.0489 3252  [ B9C2B89F08670E159F7181891E449CD9 ] partmgr         C:\Windows\system32\drivers\partmgr.sys
15:55:44.0505 3252  partmgr - ok
15:55:44.0515 3252  [ 6C580025C81CAF3AE9E3617C22CAD00E ] Parvdm          C:\Windows\system32\DRIVERS\parvdm.sys
15:55:44.0559 3252  Parvdm - ok
15:55:44.0590 3252  [ C6276AD11F4BB49B58AA1ED88537F14A ] PcaSvc          C:\Windows\System32\pcasvc.dll
15:55:44.0635 3252  PcaSvc - ok
15:55:44.0662 3252  [ 941DC1D19E7E8620F40BBC206981EFDB ] pci             C:\Windows\system32\drivers\pci.sys
15:55:44.0677 3252  pci - ok
15:55:44.0717 3252  [ 1636D43F10416AEB483BC6001097B26C ] pciide          C:\Windows\system32\drivers\pciide.sys
15:55:44.0729 3252  pciide - ok
15:55:44.0759 3252  [ E6F3FB1B86AA519E7698AD05E58B04E5 ] pcmcia          C:\Windows\system32\drivers\pcmcia.sys
15:55:44.0772 3252  pcmcia - ok
15:55:44.0801 3252  [ 6349F6ED9C623B44B52EA3C63C831A92 ] PEAUTH          C:\Windows\system32\drivers\peauth.sys
15:55:44.0901 3252  PEAUTH - ok
15:55:44.0973 3252  [ B1689DF169143F57053F795390C99DB3 ] pla             C:\Windows\system32\pla.dll
15:55:45.0081 3252  pla - ok
15:55:45.0126 3252  [ C5E7F8A996EC0A82D508FD9064A5569E ] PlugPlay        C:\Windows\system32\umpnpmgr.dll
15:55:45.0150 3252  PlugPlay - ok
15:55:45.0182 3252  [ 0C8E8E61AD1EB0B250B846712C917506 ] PNRPAutoReg     C:\Windows\system32\p2psvc.dll
15:55:45.0212 3252  PNRPAutoReg - ok
15:55:45.0249 3252  [ 0C8E8E61AD1EB0B250B846712C917506 ] PNRPsvc         C:\Windows\system32\p2psvc.dll
15:55:45.0276 3252  PNRPsvc - ok
15:55:45.0329 3252  [ D0494460421A03CD5225CCA0059AA146 ] PolicyAgent     C:\Windows\System32\ipsecsvc.dll
15:55:45.0358 3252  PolicyAgent - ok
15:55:45.0388 3252  [ ECFFFAEC0C1ECD8DBC77F39070EA1DB1 ] PptpMiniport    C:\Windows\system32\DRIVERS\raspptp.sys
15:55:45.0435 3252  PptpMiniport - ok
15:55:45.0482 3252  [ 0E3CEF5D28B40CF273281D620C50700A ] Processor       C:\Windows\system32\drivers\processr.sys
15:55:45.0549 3252  Processor - ok
15:55:45.0590 3252  [ 0508FAA222D28835310B7BFCA7A77346 ] ProfSvc         C:\Windows\system32\profsvc.dll
15:55:45.0636 3252  ProfSvc - ok
15:55:45.0663 3252  [ A3E186B4B935905B829219502557314E ] ProtectedStorage C:\Windows\system32\lsass.exe
15:55:45.0678 3252  ProtectedStorage - ok
15:55:45.0732 3252  [ 64E413BA0C529AA40C3924BBCC4153DB ] ProtexisLicensing C:\Windows\system32\PSIService.exe
15:55:45.0766 3252  ProtexisLicensing ( UnsignedFile.Multi.Generic ) - warning
15:55:45.0766 3252  ProtexisLicensing - detected UnsignedFile.Multi.Generic (1)
15:55:45.0795 3252  [ 86724469CD077901706854974CD13C3E ] PxHelp20        C:\Windows\system32\Drivers\PxHelp20.sys
15:55:45.0801 3252  PxHelp20 ( UnsignedFile.Multi.Generic ) - warning
15:55:45.0801 3252  PxHelp20 - detected UnsignedFile.Multi.Generic (1)
15:55:45.0855 3252  [ CCDAC889326317792480C0A67156A1EC ] ql2300          C:\Windows\system32\drivers\ql2300.sys
15:55:45.0918 3252  ql2300 - ok
15:55:45.0934 3252  [ 81A7E5C076E59995D54BC1ED3A16E60B ] ql40xx          C:\Windows\system32\drivers\ql40xx.sys
15:55:45.0951 3252  ql40xx - ok
15:55:45.0986 3252  [ E9ECAE663F47E6CB43962D18AB18890F ] QWAVE           C:\Windows\system32\qwave.dll
15:55:46.0028 3252  QWAVE - ok
15:55:46.0063 3252  [ 9F5E0E1926014D17486901C88ECA2DB7 ] QWAVEdrv        C:\Windows\system32\drivers\qwavedrv.sys
15:55:46.0093 3252  QWAVEdrv - ok
15:55:46.0158 3252  [ 8F97D374AD1857E1EED85A79F29A1D3D ] RapiMgr         C:\Windows\WindowsMobile\rapimgr.dll
15:55:46.0177 3252  RapiMgr - ok
15:55:46.0198 3252  [ 147D7F9C556D259924351FEB0DE606C3 ] RasAcd          C:\Windows\system32\DRIVERS\rasacd.sys
15:55:46.0249 3252  RasAcd - ok
15:55:46.0276 3252  [ F6A452EB4CEADBB51C9E0EE6B3ECEF0F ] RasAuto         C:\Windows\System32\rasauto.dll
15:55:46.0324 3252  RasAuto - ok
15:55:46.0353 3252  [ A214ADBAF4CB47DD2728859EF31F26B0 ] Rasl2tp         C:\Windows\system32\DRIVERS\rasl2tp.sys
15:55:46.0401 3252  Rasl2tp - ok
15:55:46.0443 3252  [ 75D47445D70CA6F9F894B032FBC64FCF ] RasMan          C:\Windows\System32\rasmans.dll
15:55:46.0502 3252  RasMan - ok
15:55:46.0538 3252  [ 509A98DD18AF4375E1FC40BC175F1DEF ] RasPppoe        C:\Windows\system32\DRIVERS\raspppoe.sys
15:55:46.0577 3252  RasPppoe - ok
15:55:46.0614 3252  [ 2005F4A1E05FA09389AC85840F0A9E4D ] RasSstp         C:\Windows\system32\DRIVERS\rassstp.sys
15:55:46.0643 3252  RasSstp - ok
15:55:46.0693 3252  [ B14C9D5B9ADD2F84F70570BBBFAA7935 ] rdbss           C:\Windows\system32\DRIVERS\rdbss.sys
15:55:46.0738 3252  rdbss - ok
15:55:46.0769 3252  [ 89E59BE9A564262A3FB6C4F4F1CD9899 ] RDPCDD          C:\Windows\system32\DRIVERS\RDPCDD.sys
15:55:46.0838 3252  RDPCDD - ok
15:55:46.0886 3252  [ E8BD98D46F2ED77132BA927FCCB47D8B ] rdpdr           C:\Windows\system32\drivers\rdpdr.sys
15:55:46.0946 3252  rdpdr - ok
15:55:46.0965 3252  [ 9D91FE5286F748862ECFFA05F8A0710C ] RDPENCDD        C:\Windows\system32\drivers\rdpencdd.sys
15:55:46.0998 3252  RDPENCDD - ok
15:55:47.0029 3252  [ C127EBD5AFAB31524662C48DFCEB773A ] RDPWD           C:\Windows\system32\drivers\RDPWD.sys
15:55:47.0074 3252  RDPWD - ok
15:55:47.0128 3252  [ BCDD6B4804D06B1F7EBF29E53A57ECE9 ] RemoteAccess    C:\Windows\System32\mprdim.dll
15:55:47.0201 3252  RemoteAccess - ok
15:55:47.0244 3252  [ 9E6894EA18DAFF37B63E1005F83AE4AB ] RemoteRegistry  C:\Windows\system32\regsvc.dll
15:55:47.0296 3252  RemoteRegistry - ok
15:55:47.0361 3252  [ 4D05898896EC49CF663DDA61041AB096 ] RichVideo       C:\Program Files\CyberLink\Shared Files\RichVideo.exe
15:55:47.0380 3252  RichVideo - ok
15:55:47.0436 3252  [ F17713D108ACA124A139FDE877EEF68A ] RimUsb          C:\Windows\system32\Drivers\RimUsb.sys
15:55:47.0473 3252  RimUsb - ok
15:55:47.0506 3252  [ 5123F83CBC4349D065534EEB6BBDC42B ] RpcLocator      C:\Windows\system32\locator.exe
15:55:47.0529 3252  RpcLocator - ok
15:55:47.0557 3252  [ 3B5B4D53FEC14F7476CA29A20CC31AC9 ] RpcSs           C:\Windows\system32\rpcss.dll
15:55:47.0620 3252  RpcSs - ok
15:55:47.0662 3252  [ 9C508F4074A39E8B4B31D27198146FAD ] rspndr          C:\Windows\system32\DRIVERS\rspndr.sys
15:55:47.0695 3252  rspndr - ok
15:55:47.0702 3252  [ A3E186B4B935905B829219502557314E ] SamSs           C:\Windows\system32\lsass.exe
15:55:47.0722 3252  SamSs - ok
15:55:47.0799 3252  [ 39763504067962108505BFF25F024345 ] SASDIFSV        C:\Program Files\SUPERAntiSpyware\SASDIFSV.SYS
15:55:47.0814 3252  SASDIFSV - ok
15:55:47.0839 3252  [ 77B9FC20084B48408AD3E87570EB4A85 ] SASKUTIL        C:\Program Files\SUPERAntiSpyware\SASKUTIL.SYS
15:55:47.0856 3252  SASKUTIL - ok
15:55:47.0892 3252  [ 37CA203F8CCF732CD272A27E55B268C4 ] sbp2port        C:\Windows\system32\DRIVERS\sbp2port.sys
15:55:47.0910 3252  sbp2port - ok
15:55:47.0963 3252  [ 77B7A11A0C3D78D3386398FBBEA1B632 ] SCardSvr        C:\Windows\System32\SCardSvr.dll
15:55:48.0005 3252  SCardSvr - ok
15:55:48.0074 3252  [ 1A58069DB21D05EB2AB58EE5753EBE8D ] Schedule        C:\Windows\system32\schedsvc.dll
15:55:48.0150 3252  Schedule - ok
15:55:48.0197 3252  [ 312EC3E37A0A1F2006534913E37B4423 ] SCPolicySvc     C:\Windows\System32\certprop.dll
15:55:48.0223 3252  SCPolicySvc - ok
15:55:48.0258 3252  [ 716313D9F6B0529D03F726D5AAF6F191 ] SDRSVC          C:\Windows\System32\SDRSVC.dll
15:55:48.0298 3252  SDRSVC - ok
15:55:48.0321 3252  [ FD5199D4D8A521005E4B5EE7FE00FA9B ] seclogon        C:\Windows\system32\seclogon.dll
15:55:48.0372 3252  seclogon - ok
15:55:48.0396 3252  [ A9BBAB5759771E523F55563D6CBE140F ] SENS            C:\Windows\system32\sens.dll
15:55:48.0431 3252  SENS - ok
15:55:48.0445 3252  [ CE9EC966638EF0B10B864DDEDF62A099 ] Serenum         C:\Windows\system32\DRIVERS\serenum.sys
15:55:48.0497 3252  Serenum - ok
15:55:48.0536 3252  [ 6D663022DB3E7058907784AE14B69898 ] Serial          C:\Windows\system32\DRIVERS\serial.sys
15:55:48.0606 3252  Serial - ok
15:55:48.0635 3252  [ 8AF3D28A879BF75DB53A0EE7A4289624 ] sermouse        C:\Windows\system32\drivers\sermouse.sys
15:55:48.0668 3252  sermouse - ok
15:55:48.0703 3252  [ D2193326F729B163125610DBF3E17D57 ] SessionEnv      C:\Windows\system32\sessenv.dll
15:55:48.0729 3252  SessionEnv - ok
15:55:48.0801 3252  [ 4D0CE0FADCA29E7DA68CE597AC9010BD ] sfdrv01a        C:\Windows\system32\drivers\sfdrv01a.sys
15:55:48.0813 3252  sfdrv01a - ok
15:55:48.0839 3252  [ 103B79418DA647736EE95645F305F68A ] sffdisk         C:\Windows\system32\drivers\sffdisk.sys
15:55:48.0897 3252  sffdisk - ok
15:55:48.0917 3252  [ 8FD08A310645FE872EEEC6E08C6BF3EE ] sffp_mmc        C:\Windows\system32\drivers\sffp_mmc.sys
15:55:48.0959 3252  sffp_mmc - ok
15:55:48.0968 3252  [ 9CFA05FCFCB7124E69CFC812B72F9614 ] sffp_sd         C:\Windows\system32\drivers\sffp_sd.sys
15:55:49.0014 3252  sffp_sd - ok
15:55:49.0055 3252  [ DAAD4C099EBF5094D32C373AC1AC0F3C ] sfhlp02         C:\Windows\system32\drivers\sfhlp02.sys
15:55:49.0067 3252  sfhlp02 - ok
15:55:49.0078 3252  [ 46ED8E91793B2E6F848015445A0AC188 ] sfloppy         C:\Windows\system32\drivers\sfloppy.sys
15:55:49.0123 3252  sfloppy - ok
15:55:49.0168 3252  [ C526AD307FF1900BC4C864F74553F762 ] sfsync04        C:\Windows\system32\drivers\sfsync04.sys
15:55:49.0181 3252  sfsync04 - ok
15:55:49.0200 3252  [ E1499BD0FF76B1B2FBBF1AF339D91165 ] SharedAccess    C:\Windows\System32\ipnathlp.dll
15:55:49.0231 3252  SharedAccess - ok
15:55:49.0263 3252  [ C7230FBEE14437716701C15BE02C27B8 ] ShellHWDetection C:\Windows\System32\shsvcs.dll
15:55:49.0318 3252  ShellHWDetection - ok
15:55:49.0329 3252  [ D2A595D6EEBEEAF4334F8E50EFBC9931 ] sisagp          C:\Windows\system32\drivers\sisagp.sys
15:55:49.0343 3252  sisagp - ok
15:55:49.0360 3252  [ CEDD6F4E7D84E9F98B34B3FE988373AA ] SiSRaid2        C:\Windows\system32\drivers\sisraid2.sys
15:55:49.0373 3252  SiSRaid2 - ok
15:55:49.0389 3252  [ DF843C528C4F69D12CE41CE462E973A7 ] SiSRaid4        C:\Windows\system32\drivers\sisraid4.sys
15:55:49.0403 3252  SiSRaid4 - ok
15:55:49.0445 3252  [ F07AF60B152221472FBDB2FECEC4896D ] SkypeUpdate     C:\Program Files\Skype\Updater\Updater.exe
15:55:49.0459 3252  SkypeUpdate - ok
15:55:49.0572 3252  [ 862BB4CBC05D80C5B45BE430E5EF872F ] slsvc           C:\Windows\system32\SLsvc.exe
15:55:49.0737 3252  slsvc - ok
15:55:49.0769 3252  [ 6EDC422215CD78AA8A9CDE6B30ABBD35 ] SLUINotify      C:\Windows\system32\SLUINotify.dll
15:55:49.0812 3252  SLUINotify - ok
15:55:49.0855 3252  [ 7B75299A4D201D6A6533603D6914AB04 ] Smb             C:\Windows\system32\DRIVERS\smb.sys
15:55:49.0887 3252  Smb - ok
15:55:49.0956 3252  [ 859E3ADC59D1C89A66AA6492C14D379E ] smserial        C:\Windows\system32\DRIVERS\smserial.sys
15:55:50.0042 3252  smserial - ok
15:55:50.0076 3252  [ 2A146A055B4401C16EE62D18B8E2A032 ] SNMPTRAP        C:\Windows\System32\snmptrap.exe
15:55:50.0112 3252  SNMPTRAP - ok
15:55:50.0143 3252  [ 7AEBDEEF071FE28B0EEF2CDD69102BFF ] spldr           C:\Windows\system32\drivers\spldr.sys
15:55:50.0160 3252  spldr - ok
15:55:50.0182 3252  [ 8554097E5136C3BF9F69FE578A1B35F4 ] Spooler         C:\Windows\System32\spoolsv.exe
15:55:50.0239 3252  Spooler - ok
15:55:50.0292 3252  [ 41987F9FC0E61ADF54F581E15029AD91 ] srv             C:\Windows\system32\DRIVERS\srv.sys
15:55:50.0367 3252  srv - ok
15:55:50.0404 3252  [ FF33AFF99564B1AA534F58868CBE41EF ] srv2            C:\Windows\system32\DRIVERS\srv2.sys
15:55:50.0456 3252  srv2 - ok
15:55:50.0528 3252  [ 7605C0E1D01A08F3ECD743F38B834A44 ] srvnet          C:\Windows\system32\DRIVERS\srvnet.sys
15:55:50.0560 3252  srvnet - ok
15:55:50.0593 3252  [ 03D50B37234967433A5EA5BA72BC0B62 ] SSDPSRV         C:\Windows\System32\ssdpsrv.dll
15:55:50.0630 3252  SSDPSRV - ok
15:55:50.0682 3252  [ B9E31F2A3640403B0EA3A867BB73B9F4 ] SSHDRV86        C:\Windows\system32\drivers\SSHDRV86.sys
15:55:50.0707 3252  SSHDRV86 ( UnsignedFile.Multi.Generic ) - warning
15:55:50.0708 3252  SSHDRV86 - detected UnsignedFile.Multi.Generic (1)
15:55:50.0768 3252  [ A36EE93698802CD899F98BFD553D8185 ] ssmdrv          C:\Windows\system32\DRIVERS\ssmdrv.sys
15:55:50.0793 3252  ssmdrv - ok
15:55:50.0841 3252  [ 6F1A32E7B7B30F004D9A20AFADB14944 ] SstpSvc         C:\Windows\system32\sstpsvc.dll
15:55:50.0897 3252  SstpSvc - ok
15:55:50.0940 3252  [ EF70B3D22B4BFFDA6EA851ECB063EFAA ] StillCam        C:\Windows\system32\DRIVERS\serscan.sys
15:55:50.0997 3252  StillCam - ok
15:55:51.0060 3252  [ 5DE7D67E49B88F5F07F3E53C4B92A352 ] stisvc          C:\Windows\System32\wiaservc.dll
15:55:51.0149 3252  stisvc - ok
15:55:51.0181 3252  [ 7BA58ECF0C0A9A69D44B3DCA62BECF56 ] swenum          C:\Windows\system32\DRIVERS\swenum.sys
15:55:51.0210 3252  swenum - ok
15:55:51.0270 3252  [ F21FD248040681CCA1FB6C9A03AAA93D ] swprv           C:\Windows\System32\swprv.dll
15:55:51.0323 3252  swprv - ok
15:55:51.0351 3252  [ 192AA3AC01DF071B541094F251DEED10 ] Symc8xx         C:\Windows\system32\drivers\symc8xx.sys
15:55:51.0367 3252  Symc8xx - ok
15:55:51.0380 3252  [ 8C8EB8C76736EBAF3B13B633B2E64125 ] Sym_hi          C:\Windows\system32\drivers\sym_hi.sys
15:55:51.0396 3252  Sym_hi - ok
15:55:51.0412 3252  [ 8072AF52B5FD103BBBA387A1E49F62CB ] Sym_u3          C:\Windows\system32\drivers\sym_u3.sys
15:55:51.0428 3252  Sym_u3 - ok
15:55:51.0486 3252  [ 9A51B04E9886AA4EE90093586B0BA88D ] SysMain         C:\Windows\system32\sysmain.dll
15:55:51.0556 3252  SysMain - ok
15:55:51.0596 3252  [ 2DCA225EAE15F42C0933E998EE0231C3 ] TabletInputService C:\Windows\System32\TabSvc.dll
15:55:51.0634 3252  TabletInputService - ok
15:55:51.0675 3252  [ D7673E4B38CE21EE54C59EEEB65E2483 ] TapiSrv         C:\Windows\System32\tapisrv.dll
15:55:51.0706 3252  TapiSrv - ok
15:55:51.0738 3252  [ CB05822CD9CC6C688168E113C603DBE7 ] TBS             C:\Windows\System32\tbssvc.dll
15:55:51.0788 3252  TBS - ok
15:55:51.0839 3252  [ D18D53974FD715D50FC76F9FFE1C830D ] Tcpip           C:\Windows\system32\drivers\tcpip.sys
15:55:51.0909 3252  Tcpip - ok
15:55:51.0950 3252  [ D18D53974FD715D50FC76F9FFE1C830D ] Tcpip6          C:\Windows\system32\DRIVERS\tcpip.sys
15:55:52.0021 3252  Tcpip6 - ok
15:55:52.0058 3252  [ 608C345A255D82A6289C2D468EB41FD7 ] tcpipreg        C:\Windows\system32\drivers\tcpipreg.sys
15:55:52.0093 3252  tcpipreg - ok
15:55:52.0125 3252  [ 5DCF5E267BE67A1AE926F2DF77FBCC56 ] TDPIPE          C:\Windows\system32\drivers\tdpipe.sys
15:55:52.0170 3252  TDPIPE - ok
15:55:52.0269 3252  [ 16C73F84C202C5380FB63F755BFA8BEE ] TDslMgrService  C:\Program Files\T-Online\DSL-Manager\DslMgrSvc.exe
15:55:52.0294 3252  TDslMgrService ( UnsignedFile.Multi.Generic ) - warning
15:55:52.0294 3252  TDslMgrService - detected UnsignedFile.Multi.Generic (1)
15:55:52.0316 3252  [ 389C63E32B3CEFED425B61ED92D3F021 ] TDTCP           C:\Windows\system32\drivers\tdtcp.sys
15:55:52.0350 3252  TDTCP - ok
15:55:52.0397 3252  [ 76B06EB8A01FC8624D699E7045303E54 ] tdx             C:\Windows\system32\DRIVERS\tdx.sys
15:55:52.0439 3252  tdx - ok
15:55:52.0472 3252  [ 3CAD38910468EAB9A6479E2F01DB43C7 ] TermDD          C:\Windows\system32\DRIVERS\termdd.sys
15:55:52.0490 3252  TermDD - ok
15:55:52.0517 3252  [ BB95DA09BEF6E7A131BFF3BA5032090D ] TermService     C:\Windows\System32\termsrv.dll
15:55:52.0588 3252  TermService - ok
15:55:52.0613 3252  [ C7230FBEE14437716701C15BE02C27B8 ] Themes          C:\Windows\system32\shsvcs.dll
15:55:52.0635 3252  Themes - ok
15:55:52.0653 3252  [ 1076FFCFFAAE8385FD62DFCB25AC4708 ] THREADORDER     C:\Windows\system32\mmcss.dll
15:55:52.0687 3252  THREADORDER - ok
15:55:52.0739 3252  [ 0765EE4A7A0D6609BF91CA2E4700E885 ] TomTomHOMEService C:\Program Files\TomTom HOME 2\TomTomHOMEService.exe
15:55:52.0755 3252  TomTomHOMEService - ok
15:55:52.0888 3252  [ 506B0B498216371D64ABB69145B70E4C ] tor             C:\Program Files\Tor\tor.exe
15:55:53.0058 3252  tor ( UnsignedFile.Multi.Generic ) - warning
15:55:53.0058 3252  tor - detected UnsignedFile.Multi.Generic (1)
15:55:53.0086 3252  [ EC74E77D0EB004BD3A809B5F8FB8C2CE ] TrkWks          C:\Windows\System32\trkwks.dll
15:55:53.0141 3252  TrkWks - ok
15:55:53.0195 3252  [ 97D9D6A04E3AD9B6C626B9931DB78DBA ] TrustedInstaller C:\Windows\servicing\TrustedInstaller.exe
15:55:53.0221 3252  TrustedInstaller - ok
15:55:53.0260 3252  [ F4EAA7ECBCB25DE901C9B7F2CDCDA0B3 ] tssecsrv        C:\Windows\system32\DRIVERS\tssecsrv.sys
15:55:53.0287 3252  tssecsrv - ok
15:55:53.0320 3252  [ CAECC0120AC49E3D2F758B9169872D38 ] tunmp           C:\Windows\system32\DRIVERS\tunmp.sys
15:55:53.0337 3252  tunmp - ok
15:55:53.0380 3252  [ 300DB877AC094FEAB0BE7688C3454A9C ] tunnel          C:\Windows\system32\DRIVERS\tunnel.sys
15:55:53.0396 3252  tunnel - ok
15:55:53.0453 3252  [ 7B9E06AB84D4BDCC1435DE05BD1A9E0C ] TVECapSvc       C:\Program Files\CyberLink\TV Enhance\Kernel\TV\TVECapSvc.exe
15:55:53.0481 3252  TVECapSvc ( UnsignedFile.Multi.Generic ) - warning
15:55:53.0481 3252  TVECapSvc - detected UnsignedFile.Multi.Generic (1)
15:55:53.0517 3252  [ 4938406F5F74ADDA8E75FFBD65AA5628 ] TVESched        C:\Program Files\CyberLink\TV Enhance\Kernel\TV\TVESched.exe
15:55:53.0541 3252  TVESched ( UnsignedFile.Multi.Generic ) - warning
15:55:53.0541 3252  TVESched - detected UnsignedFile.Multi.Generic (1)
15:55:53.0572 3252  [ C3ADE15414120033A36C0F293D4A4121 ] uagp35          C:\Windows\system32\drivers\uagp35.sys
15:55:53.0588 3252  uagp35 - ok
15:55:53.0637 3252  [ D9728AF68C4C7693CB100B8441CBDEC6 ] udfs            C:\Windows\system32\DRIVERS\udfs.sys
15:55:53.0692 3252  udfs - ok
15:55:53.0744 3252  [ ECEF404F62863755951E09C802C94AD5 ] UI0Detect       C:\Windows\system32\UI0Detect.exe
15:55:53.0783 3252  UI0Detect - ok
15:55:53.0796 3252  [ 75E6890EBFCE0841D3291B02E7A8BDB0 ] uliagpkx        C:\Windows\system32\drivers\uliagpkx.sys
15:55:53.0812 3252  uliagpkx - ok
15:55:53.0831 3252  [ 3CD4EA35A6221B85DCC25DAA46313F8D ] uliahci         C:\Windows\system32\drivers\uliahci.sys
15:55:53.0853 3252  uliahci - ok
15:55:53.0869 3252  [ 8514D0E5CD0534467C5FC61BE94A569F ] UlSata          C:\Windows\system32\drivers\ulsata.sys
15:55:53.0881 3252  UlSata - ok
15:55:53.0894 3252  [ 38C3C6E62B157A6BC46594FADA45C62B ] ulsata2         C:\Windows\system32\drivers\ulsata2.sys
15:55:53.0907 3252  ulsata2 - ok
15:55:53.0943 3252  [ 32CFF9F809AE9AED85464492BF3E32D2 ] umbus           C:\Windows\system32\DRIVERS\umbus.sys
15:55:53.0967 3252  umbus - ok
15:55:54.0064 3252  [ 67A95B9D129ED5399E7965CD09CF30E7 ] UMVPFSrv        C:\Program Files\Common Files\logishrd\LVMVFM\UMVPFSrv.exe
15:55:54.0084 3252  UMVPFSrv - ok
15:55:54.0129 3252  [ 68308183F4AE0BE7BF8ECD07CB297999 ] upnphost        C:\Windows\System32\upnphost.dll
15:55:54.0176 3252  upnphost - ok
15:55:54.0232 3252  [ 73B41F4EAD65F355962168D766AF0F2E ] USBAAPL         C:\Windows\system32\Drivers\usbaapl.sys
15:55:54.0269 3252  USBAAPL - ok
15:55:54.0303 3252  [ 32DB9517628FF0D070682AAB61E688F0 ] usbaudio        C:\Windows\system32\drivers\usbaudio.sys
15:55:54.0331 3252  usbaudio - ok
15:55:54.0381 3252  [ CAF811AE4C147FFCD5B51750C7F09142 ] usbccgp         C:\Windows\system32\DRIVERS\usbccgp.sys
15:55:54.0418 3252  usbccgp - ok
15:55:54.0447 3252  [ E9476E6C486E76BC4898074768FB7131 ] usbcir          C:\Windows\system32\drivers\usbcir.sys
15:55:54.0513 3252  usbcir - ok
15:55:54.0534 3252  [ 79E96C23A97CE7B8F14D310DA2DB0C9B ] usbehci         C:\Windows\system32\DRIVERS\usbehci.sys
15:55:54.0571 3252  usbehci - ok
15:55:54.0615 3252  [ 4673BBCB006AF60E7ABDDBE7A130BA42 ] usbhub          C:\Windows\system32\DRIVERS\usbhub.sys
15:55:54.0638 3252  usbhub - ok
15:55:54.0694 3252  [ F90D8F845095FCD6924E3D751C04E442 ] USBIO           C:\Windows\system32\Drivers\usbio.sys
15:55:54.0715 3252  USBIO ( UnsignedFile.Multi.Generic ) - warning
15:55:54.0715 3252  USBIO - detected UnsignedFile.Multi.Generic (1)
15:55:54.0737 3252  [ CE697FEE0D479290D89BEC80DFE793B7 ] usbohci         C:\Windows\system32\DRIVERS\usbohci.sys
15:55:54.0759 3252  usbohci - ok
15:55:54.0804 3252  [ E75C4B5269091D15A2E7DC0B6D35F2F5 ] usbprint        C:\Windows\system32\DRIVERS\usbprint.sys
15:55:54.0854 3252  usbprint - ok
15:55:54.0887 3252  [ A508C9BD8724980512136B039BBA65E9 ] usbscan         C:\Windows\system32\DRIVERS\usbscan.sys
15:55:54.0910 3252  usbscan - ok
15:55:54.0926 3252  [ BE3DA31C191BC222D9AD503C5224F2AD ] USBSTOR         C:\Windows\system32\DRIVERS\USBSTOR.SYS
15:55:54.0949 3252  USBSTOR - ok
15:55:54.0970 3252  [ 325DBBACB8A36AF9988CCF40EAC228CC ] usbuhci         C:\Windows\system32\DRIVERS\usbuhci.sys
15:55:55.0035 3252  usbuhci - ok
15:55:55.0067 3252  [ E67998E8F14CB0627A769F6530BCB352 ] usbvideo        C:\Windows\system32\Drivers\usbvideo.sys
15:55:55.0101 3252  usbvideo - ok
15:55:55.0138 3252  [ 1509E705F3AC1D474C92454A5C2DD81F ] UxSms           C:\Windows\System32\uxsms.dll
15:55:55.0175 3252  UxSms - ok
15:55:55.0222 3252  [ CD88D1B7776DC17A119049742EC07EB4 ] vds             C:\Windows\System32\vds.exe
15:55:55.0287 3252  vds - ok
15:55:55.0325 3252  [ 7D92BE0028ECDEDEC74617009084B5EF ] vga             C:\Windows\system32\DRIVERS\vgapnp.sys
15:55:55.0438 3252  vga - ok
15:55:55.0462 3252  [ 2E93AC0A1D8C79D019DB6C51F036636C ] VgaSave         C:\Windows\System32\drivers\vga.sys
15:55:55.0486 3252  VgaSave - ok
15:55:55.0500 3252  [ 045D9961E591CF0674A920B6BA3BA5CB ] viaagp          C:\Windows\system32\drivers\viaagp.sys
15:55:55.0511 3252  viaagp - ok
15:55:55.0525 3252  [ 56A4DE5F02F2E88182B0981119B4DD98 ] ViaC7           C:\Windows\system32\drivers\viac7.sys
15:55:55.0588 3252  ViaC7 - ok
15:55:55.0614 3252  [ FD2E3175FCADA350C7AB4521DCA187EC ] viaide          C:\Windows\system32\drivers\viaide.sys
15:55:55.0625 3252  viaide - ok
15:55:55.0632 3252  [ 69503668AC66C77C6CD7AF86FBDF8C43 ] volmgr          C:\Windows\system32\drivers\volmgr.sys
15:55:55.0645 3252  volmgr - ok
15:55:55.0693 3252  [ 23E41B834759917BFD6B9A0D625D0C28 ] volmgrx         C:\Windows\system32\drivers\volmgrx.sys
15:55:55.0711 3252  volmgrx - ok
15:55:55.0745 3252  [ 786DB5771F05EF300390399F626BF30A ] volsnap         C:\Windows\system32\drivers\volsnap.sys
15:55:55.0762 3252  volsnap - ok
15:55:55.0786 3252  [ D984439746D42B30FC65A4C3546C6829 ] vsmraid         C:\Windows\system32\drivers\vsmraid.sys
15:55:55.0799 3252  vsmraid - ok
15:55:55.0866 3252  [ DB3D19F850C6EB32BDCB9BC0836ACDDB ] VSS             C:\Windows\system32\vssvc.exe
15:55:55.0952 3252  VSS - ok
15:55:55.0996 3252  [ 96EA68B9EB310A69C25EBB0282B2B9DE ] W32Time         C:\Windows\system32\w32time.dll
15:55:56.0041 3252  W32Time - ok
15:55:56.0067 3252  [ 48DFEE8F1AF7C8235D4E626F0C4FE031 ] WacomPen        C:\Windows\system32\drivers\wacompen.sys
15:55:56.0128 3252  WacomPen - ok
15:55:56.0165 3252  [ 55201897378CCA7AF8B5EFD874374A26 ] Wanarp          C:\Windows\system32\DRIVERS\wanarp.sys
15:55:56.0187 3252  Wanarp - ok
15:55:56.0192 3252  [ 55201897378CCA7AF8B5EFD874374A26 ] Wanarpv6        C:\Windows\system32\DRIVERS\wanarp.sys
15:55:56.0216 3252  Wanarpv6 - ok
15:55:56.0267 3252  [ 0A716C08CB13C3A8F4F51E882DBF7416 ] wanatw          C:\Windows\system32\DRIVERS\wanatw4.sys
15:55:56.0292 3252  wanatw - ok
15:55:56.0341 3252  [ 59E19BD13C3BDB857646B9E436BA27F7 ] WcesComm        C:\Windows\WindowsMobile\wcescomm.dll
15:55:56.0365 3252  WcesComm - ok
15:55:56.0386 3252  [ A3CD60FD826381B49F03832590E069AF ] wcncsvc         C:\Windows\System32\wcncsvc.dll
15:55:56.0421 3252  wcncsvc - ok
15:55:56.0440 3252  [ 11BCB7AFCDD7AADACB5746F544D3A9C7 ] WcsPlugInService C:\Windows\System32\WcsPlugInService.dll
15:55:56.0483 3252  WcsPlugInService - ok
15:55:56.0513 3252  [ AFC5AD65B991C1E205CF25CFDBF7A6F4 ] Wd              C:\Windows\system32\drivers\wd.sys
15:55:56.0527 3252  Wd - ok
15:55:56.0557 3252  [ A840213F1ACDCC175B4D1D5AAEAC0D7A ] Wdf01000        C:\Windows\system32\drivers\Wdf01000.sys
15:55:56.0588 3252  Wdf01000 - ok
15:55:56.0619 3252  [ ABFC76B48BB6C96E3338D8943C5D93B5 ] WdiServiceHost  C:\Windows\system32\wdi.dll
15:55:56.0651 3252  WdiServiceHost - ok
15:55:56.0657 3252  [ ABFC76B48BB6C96E3338D8943C5D93B5 ] WdiSystemHost   C:\Windows\system32\wdi.dll
15:55:56.0693 3252  WdiSystemHost - ok
15:55:56.0745 3252  [ 04C37D8107320312FBAE09926103D5E2 ] WebClient       C:\Windows\System32\webclnt.dll
15:55:56.0782 3252  WebClient - ok
15:55:56.0823 3252  [ AE3736E7E8892241C23E4EBBB7453B60 ] Wecsvc          C:\Windows\system32\wecsvc.dll
15:55:56.0875 3252  Wecsvc - ok
15:55:56.0902 3252  [ 670FF720071ED741206D69BD995EA453 ] wercplsupport   C:\Windows\System32\wercplsupport.dll
15:55:56.0948 3252  wercplsupport - ok
15:55:56.0994 3252  [ 32B88481D3B326DA6DEB07B1D03481E7 ] WerSvc          C:\Windows\System32\WerSvc.dll
15:55:57.0032 3252  WerSvc - ok
15:55:57.0066 3252  [ 4575AA12561C5648483403541D0D7F2B ] WinDefend       C:\Program Files\Windows Defender\mpsvc.dll
15:55:57.0088 3252  WinDefend - ok
15:55:57.0097 3252  WinHttpAutoProxySvc - ok
15:55:57.0146 3252  [ 6B2A1D0E80110E3D04E6863C6E62FD8A ] Winmgmt         C:\Windows\system32\wbem\WMIsvc.dll
15:55:57.0174 3252  Winmgmt - ok
15:55:57.0240 3252  [ 7CFE68BDC065E55AA5E8421607037511 ] WinRM           C:\Windows\system32\WsmSvc.dll
15:55:57.0332 3252  WinRM - ok
15:55:57.0377 3252  [ 30FC6E5448D0CBAAA95280EEEF7FEDAE ] winusb          C:\Windows\system32\DRIVERS\winusb.sys
15:55:57.0414 3252  winusb - ok
15:55:57.0448 3252  [ C008405E4FEEB069E30DA1D823910234 ] Wlansvc         C:\Windows\System32\wlansvc.dll
15:55:57.0537 3252  Wlansvc - ok
15:55:57.0574 3252  wlidsvc - ok
15:55:57.0605 3252  [ 701A9F884A294327E9141D73746EE279 ] WmiAcpi         C:\Windows\system32\drivers\wmiacpi.sys
15:55:57.0691 3252  WmiAcpi - ok
15:55:57.0735 3252  [ 43BE3875207DCB62A85C8C49970B66CC ] wmiApSrv        C:\Windows\system32\wbem\WmiApSrv.exe
15:55:57.0762 3252  wmiApSrv - ok
15:55:57.0825 3252  [ 3978704576A121A9204F8CC49A301A9B ] WMPNetworkSvc   C:\Program Files\Windows Media Player\wmpnetwk.exe
15:55:57.0890 3252  WMPNetworkSvc - ok
15:55:57.0910 3252  [ CFC5A04558F5070CEE3E3A7809F3FF52 ] WPCSvc          C:\Windows\System32\wpcsvc.dll
15:55:57.0945 3252  WPCSvc - ok
15:55:57.0990 3252  [ 801FBDB89D472B3C467EB112A0FC9246 ] WPDBusEnum      C:\Windows\system32\wpdbusenum.dll
15:55:58.0043 3252  WPDBusEnum - ok
15:55:58.0109 3252  [ DE9D36F91A4DF3D911626643DEBF11EA ] WpdUsb          C:\Windows\system32\DRIVERS\wpdusb.sys
15:55:58.0126 3252  WpdUsb - ok
15:55:58.0209 3252  [ B800EEC15851597405784126C407188C ] WPFFontCache_v0400 C:\Windows\Microsoft.NET\Framework\v4.0.30319\WPF\WPFFontCache_v0400.exe
15:55:58.0276 3252  WPFFontCache_v0400 - ok
15:55:58.0297 3252  [ E3A3CB253C0EC2494D4A61F5E43A389C ] ws2ifsl         C:\Windows\system32\drivers\ws2ifsl.sys
15:55:58.0343 3252  ws2ifsl - ok
15:55:58.0375 3252  [ 1CA6C40261DDC0425987980D0CD2AAAB ] wscsvc          C:\Windows\system32\wscsvc.dll
15:55:58.0396 3252  wscsvc - ok
15:55:58.0403 3252  WSearch - ok
15:55:58.0483 3252  [ FC3EC24FCE372C89423E015A2AC1A31E ] wuauserv        C:\Windows\system32\wuaueng.dll
15:55:58.0602 3252  wuauserv - ok
15:55:58.0669 3252  [ 06E6F32C8D0A3F66D956F57B43A2E070 ] WudfPf          C:\Windows\system32\drivers\WudfPf.sys
15:55:58.0714 3252  WudfPf - ok
15:55:58.0753 3252  [ 867C301E8B790040AE9CF6486E8041DF ] WUDFRd          C:\Windows\system32\DRIVERS\WUDFRd.sys
15:55:58.0772 3252  WUDFRd - ok
15:55:58.0819 3252  [ FE47B7BC8EA320C2D9B5E5BF6E303765 ] wudfsvc         C:\Windows\System32\WUDFSvc.dll
15:55:58.0839 3252  wudfsvc - ok
15:55:58.0865 3252  ================ Scan global ===============================
15:55:58.0898 3252  [ F31EEBC1A1C81FD04005489CC3DCDFE7 ] C:\Windows\system32\basesrv.dll
15:55:58.0942 3252  [ A508314231C49AEE86987CEA3EAECAD1 ] C:\Windows\system32\winsrv.dll
15:55:58.0967 3252  [ A508314231C49AEE86987CEA3EAECAD1 ] C:\Windows\system32\winsrv.dll
15:55:59.0008 3252  [ D4E6D91C1349B7BFB3599A6ADA56851B ] C:\Windows\system32\services.exe
15:55:59.0013 3252  [Global] - ok
15:55:59.0014 3252  ================ Scan MBR ==================================
15:55:59.0023 3252  [ 239841E1AE8E4843C0676F3681A7D6BE ] \Device\Harddisk0\DR0
15:55:59.0535 3252  \Device\Harddisk0\DR0 - ok
15:55:59.0541 3252  [ ED5983060C0EFCCD6E932DF03FE12033 ] \Device\Harddisk5\DR8
15:56:01.0718 3252  \Device\Harddisk5\DR8 - ok
15:56:01.0718 3252  ================ Scan VBR ==================================
15:56:01.0731 3252  [ B8EC86D88809AB661AF7EB569B06A06B ] \Device\Harddisk0\DR0\Partition1
15:56:01.0734 3252  \Device\Harddisk0\DR0\Partition1 - ok
15:56:01.0735 3252  ============================================================
15:56:01.0735 3252  Scan finished
15:56:01.0735 3252  ============================================================
15:56:01.0762 1624  Detected object count: 14
15:56:01.0763 1624  Actual detected object count: 14
15:56:27.0469 1624  !SASCORE ( UnsignedFile.Multi.Generic ) - skipped by user
15:56:27.0469 1624  !SASCORE ( UnsignedFile.Multi.Generic ) - User select action: Skip 
15:56:27.0470 1624  BMUService ( UnsignedFile.Multi.Generic ) - skipped by user
15:56:27.0470 1624  BMUService ( UnsignedFile.Multi.Generic ) - User select action: Skip 
15:56:27.0475 1624  Brother XP spl Service ( UnsignedFile.Multi.Generic ) - skipped by user
15:56:27.0475 1624  Brother XP spl Service ( UnsignedFile.Multi.Generic ) - User select action: Skip 
15:56:27.0481 1624  BrYNSvc ( UnsignedFile.Multi.Generic ) - skipped by user
15:56:27.0481 1624  BrYNSvc ( UnsignedFile.Multi.Generic ) - User select action: Skip 
15:56:27.0486 1624  cdrbsdrv ( UnsignedFile.Multi.Generic ) - skipped by user
15:56:27.0487 1624  cdrbsdrv ( UnsignedFile.Multi.Generic ) - User select action: Skip 
15:56:27.0491 1624  CheckStage2_svc ( UnsignedFile.Multi.Generic ) - skipped by user
15:56:27.0491 1624  CheckStage2_svc ( UnsignedFile.Multi.Generic ) - User select action: Skip 
15:56:27.0497 1624  ProtexisLicensing ( UnsignedFile.Multi.Generic ) - skipped by user
15:56:27.0498 1624  ProtexisLicensing ( UnsignedFile.Multi.Generic ) - User select action: Skip 
15:56:27.0502 1624  PxHelp20 ( UnsignedFile.Multi.Generic ) - skipped by user
15:56:27.0502 1624  PxHelp20 ( UnsignedFile.Multi.Generic ) - User select action: Skip 
15:56:27.0507 1624  SSHDRV86 ( UnsignedFile.Multi.Generic ) - skipped by user
15:56:27.0507 1624  SSHDRV86 ( UnsignedFile.Multi.Generic ) - User select action: Skip 
15:56:27.0513 1624  TDslMgrService ( UnsignedFile.Multi.Generic ) - skipped by user
15:56:27.0514 1624  TDslMgrService ( UnsignedFile.Multi.Generic ) - User select action: Skip 
15:56:27.0518 1624  tor ( UnsignedFile.Multi.Generic ) - skipped by user
15:56:27.0518 1624  tor ( UnsignedFile.Multi.Generic ) - User select action: Skip 
15:56:27.0524 1624  TVECapSvc ( UnsignedFile.Multi.Generic ) - skipped by user
15:56:27.0524 1624  TVECapSvc ( UnsignedFile.Multi.Generic ) - User select action: Skip 
15:56:27.0530 1624  TVESched ( UnsignedFile.Multi.Generic ) - skipped by user
15:56:27.0530 1624  TVESched ( UnsignedFile.Multi.Generic ) - User select action: Skip 
15:56:27.0535 1624  USBIO ( UnsignedFile.Multi.Generic ) - skipped by user
15:56:27.0535 1624  USBIO ( UnsignedFile.Multi.Generic ) - User select action: Skip 
15:56:35.0945 2880  Deinitialize success

Gruß
Frank

aharonov · 05.10.2013, 15:20

Ok.

Bitte gehe zu Virustotal und lass dort folgendermassen eine Datei überprüfen:

Klicke auf Wählen Sie eine.
Kopiere dann Folgendes in das Eingabefeld für den Dateinamen
Code:
ATTFilter
```
C:\Windows\system32\FlashPlayerUpdateService.exe
         
```
und klicke auf Öffnen.
Klicke auf Scannen!.
Solltest du folgende Meldung bekommen:

Zitat:

Datei wurde bereits analysiert - Diese Datei wurde bereits von VirusTotal analysiert am ...

dann klicke auf Neu analysieren.
Warte, bis die Analyse beendet ist, und kopiere dann die URL aus deiner Adresszeile und poste sie hier.

Wiederhole das dann nochmals mit folgender Datei:

Code:

ATTFilter

C:\Windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe

Plage01 · 05.10.2013, 15:44

Hallo Leo,

muss ich das direkt mit dem potentiell infizierten PC machen oder kann ich auch hier mit Kopien arbeiten ?
Gruß

aharonov · 05.10.2013, 15:52

Was für Kopien? Diese beiden Files des infizierten Rechners sollen bei VirusTotal analysiert werden - keine anderen.

Plage01 · 05.10.2013, 16:08

Hallo,

beide Dateien gibt es auf dem Rechner nicht ?

Gruß
Frank

aharonov · 05.10.2013, 16:22

Ok, dann bitte so weiter:

Schritt 1

Drücke bitte die Windowstaste + R Taste und schreibe notepad in das Ausführen Fenster.

Kopiere nun folgenden Text aus der Code-Box in das leere Textdokument

Code:

ATTFilter

R2 tor; C:\Program Files\Tor\tor.exe [3233806 2013-09-09] ()
C:\Program Files\Tor
HKU\xxxxxxb\...\Run: [ICQ] - 榤矔
C:\Windows\System32\config\systemprofile\AppData\Local\Windows Internet Name Service
File: C:\Windows\system32\FlashPlayerUpdateService.exe
File: C:\Windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe

Speichere diese bitte als Fixlist.txt auf deinem Desktop (oder dem Verzeichnis in dem sich FRST befindet).

Starte nun FRST erneut und klicke den Entfernen Button.
Das Tool erstellt eine Fixlog.txt.
Poste mir deren Inhalt.

Schritt 2

ESET Online Scanner

Hier findest du eine bebilderte Anleitung zu ESET Online Scanner
Lade und starte Eset Online Scanner
Setze einen Haken bei Ja, ich bin mit den Nutzungsbedingungen einverstanden und klicke auf Starten.
Aktiviere die "Erkennung von eventuell unerwünschten Anwendungen" und wähle folgende Einstellungen.
Klicke auf Starten.
Die Signaturen werden heruntergeladen, der Scan beginnt automatisch.
Klicke am Ende des Suchlaufs auf Fertig stellen.
Schließe das Fenster von ESET.
Explorer öffnen.
C:\Programme\Eset\EsetOnlineScanner\log.txt (bei 64 Bit auch C:\Programme (x86)\Eset\EsetOnlineScanner\log.txt) suchen und mit Deinem Editor öffnen (bebildert).
Logfile hier posten.
Deinstallation: Systemsteuerung => Software / Programme deinstallieren => Eset Online Scanner V3 entfernen.
Manuell folgenden Ordner löschen und Papierkorb leeren => C:\Programme\Eset

Schritt 3

Starte noch einmal FRST.

Ändere keine der Voreinstellungen und drücke auf Scan.
Wenn der Scan abgeschlossen ist, werden ein neues Logfile FRST.txt erstellt und auf dem Desktop gespeichert.
Poste den Inhalt dieses Logfiles bitte hier in deinen Thread.

Plage01 · 05.10.2013, 23:29

Hallo,

hier die entsprechenden Logs:
Fixlist:

Code:

ATTFilter

R2 tor; C:\Program Files\Tor\tor.exe [3233806 2013-09-09] ()
C:\Program Files\Tor
HKU\xxxxxxb\...\Run: [ICQ] - 榤矔
C:\Windows\System32\config\systemprofile\AppData\Local\Windows Internet Name Service
File: C:\Windows\system32\FlashPlayerUpdateService.exe
File: C:\Windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe

eset-log:

Code:

ATTFilter

ESETSmartInstaller@High as downloader log:
Can not open internetESETSmartInstaller@High as downloader log:
Can not open internetCan not open internetESETSmartInstaller@High as downloader log:
Can not open internet# version=8
# OnlineScannerApp.exe=1.0.0.1
# OnlineScanner.ocx=1.0.0.6920
# api_version=3.0.2
# EOSSerial=18adf8db42edce48807f397ab627db95
# engine=15368
# end=finished
# remove_checked=false
# archives_checked=true
# unwanted_checked=false
# unsafe_checked=false
# antistealth_checked=true
# utc_time=2013-10-05 06:57:35
# local_time=2013-10-05 08:57:35 (+0100, Mitteleuropäische Sommerzeit)
# country="Germany"
# lang=1033
# osver=6.0.6002 NT Service Pack 2
# compatibility_mode=1799 16775165 100 97 41105 61523887 33881 0
# compatibility_mode=5892 16776574 100 100 105094 218532183 0 0
# scanned=226637
# found=0
# cleaned=0
# scan_time=9588

und das FRST-Ergebnis:

FRST Logfile:

Code:

ATTFilter

Scan result of Farbar Recovery Scan Tool (FRST) (x86) Version: 03-10-2013
Ran by xxxxx (administrator) on xxxxxxx-PC on 06-10-2013 00:23:56
Running from C:\Users\xxxxx\Desktop
Microsoft® Windows Vista™ Home Premium  Service Pack 2 (X86) OS Language: German Standard
Internet Explorer Version 9
Boot Mode: Normal

==================== Processes (Whitelisted) ===================

(NVIDIA Corporation) C:\Windows\system32\nvvsvc.exe
(Logitech Inc.) C:\Program Files\Common Files\logishrd\LVMVFM\UMVPFSrv.exe
(Microsoft Corporation) C:\Windows\system32\SLsvc.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe
(NVIDIA Corporation) C:\Windows\system32\nvvsvc.exe
(brother Industries Ltd) C:\Windows\system32\brsvc01a.exe
(brother Industries Ltd) C:\Windows\system32\brss01a.exe
(Avira Operations GmbH & Co. KG) C:\Program Files\Avira\AntiVir Desktop\sched.exe
(SUPERAntiSpyware.com) C:\Program Files\SUPERAntiSpyware\SASCORE.EXE
(Avira Operations GmbH & Co. KG) C:\Program Files\Avira\AntiVir Desktop\avguard.exe
(Memeo) C:\Program Files\Memeo\AutoBackup\MemeoService.exe
() C:\Windows\system32\PSIService.exe
() C:\Program Files\CyberLink\Shared Files\RichVideo.exe
() C:\Program Files\CyberLink\TV Enhance\Kernel\TV\TVECapSvc.exe
() C:\Program Files\CyberLink\TV Enhance\Kernel\TV\TVESched.exe
(Chicony) C:\Windows\CNYHKey.exe
(Chicony) C:\Windows\ModLEDKey.exe
(Cyberlink Corp.) C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe
(ScanSoft, Inc.) C:\Program Files\ScanSoft\PaperPort\pptd40nt.exe
(Motorola Inc.) C:\Program Files\Motorola\SMSERIAL\sm56hlpr.exe
(Brother Industries, Ltd.) C:\Program Files\Browny02\Brother\BrStMonW.exe
(Apple Inc.) C:\Program Files\iTunes\iTunesHelper.exe
(Avira Operations GmbH & Co. KG) C:\Program Files\Avira\AntiVir Desktop\avgnt.exe
(Oracle Corporation) C:\Program Files\Common Files\Java\Java Update\jusched.exe
(Microsoft Corporation) C:\Windows\ehome\ehtray.exe
(Microsoft Corporation) C:\Program Files\Windows Media Player\wmpnscfg.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvtray.exe
(Avira Operations GmbH & Co. KG) C:\Program Files\Avira\AntiVir Desktop\avshadow.exe
(Brother Industries, Ltd.) C:\Program Files\Brother\ControlCenter3\brccMCtl.exe
(Microsoft Corporation) C:\Windows\ehome\ehmsas.exe
(Brother Industries, Ltd.) C:\Program Files\Browny02\BrYNSvc.exe
(Apple Inc.) C:\Program Files\iPod\bin\iPodService.exe

==================== Registry (Whitelisted) ==================

HKLM\...\Run: [JMB36X IDE Setup] - C:\Windows\JM\JMInsIDE.exe [36864 2006-10-30] ()
HKLM\...\Run: [ledpointer] - C:\Windows\CNYHKey.exe [5585408 2006-11-09] (Chicony)
HKLM\...\Run: [MoLed] - C:\Windows\ModLEDKey.exe [53248 2006-11-09] (Chicony)
HKLM\...\Run: [RemoteControl] - C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe [69216 2006-12-06] (Cyberlink Corp.)
HKLM\...\Run: [LanguageShortcut] - C:\Program Files\CyberLink\PowerDVD\Language\Language.exe [54832 2006-12-05] ()
HKLM\...\Run: [PaperPort PTD] - C:\Program Files\ScanSoft\PaperPort\pptd40nt.exe [57393 2005-03-17] (ScanSoft, Inc.)
HKLM\...\Run: [IndexSearch] - C:\Program Files\ScanSoft\PaperPort\IndexSearch.exe [40960 2005-03-17] (ScanSoft, Inc.)
HKLM\...\Run: [SMSERIAL] - C:\Program Files\Motorola\SMSERIAL\sm56hlpr.exe [1458176 2009-10-26] (Motorola Inc.)
HKLM\...\Run: [APSDaemon] - C:\Program Files\Common Files\Apple\Apple Application Support\APSDaemon.exe [59280 2012-10-11] (Apple Inc.)
HKLM\...\Run: [ControlCenter3] - C:\Program Files\Brother\ControlCenter3\brctrcen.exe [114688 2008-12-24] (Brother Industries, Ltd.)
HKLM\...\Run: [BrStsMon00] - C:\Program Files\Browny02\Brother\BrStMonW.exe [2621440 2010-02-09] (Brother Industries, Ltd.)
HKLM\...\Run: [QuickTime Task] - C:\Program Files\QuickTime\QTTask.exe [421888 2012-10-25] (Apple Inc.)
HKLM\...\Run: [iTunesHelper] - C:\Program Files\iTunes\iTunesHelper.exe [421776 2012-09-10] (Apple Inc.)
HKLM\...\Run: [avgnt] - C:\Program Files\Avira\AntiVir Desktop\avgnt.exe [347192 2013-09-05] (Avira Operations GmbH & Co. KG)
HKLM\...\Run: [SunJavaUpdateSched] - C:\Program Files\Common Files\Java\Java Update\jusched.exe [253816 2013-03-12] (Oracle Corporation)
HKLM\...\Run: [Windows Mobile-based device management] - C:\Windows\WindowsMobile\wmdcBase.exe [648072 2007-05-31] (Microsoft Corporation)
Winlogon\Notify\!SASWinLogon: C:\Program Files\SUPERAntiSpyware\SASWINLO.DLL (SUPERAntiSpyware.com)
HKCU\...\Run: [ehTray.exe] - C:\Windows\ehome\ehTray.exe [125952 2008-01-19] (Microsoft Corporation)
HKCU\...\Run: [WMPNSCFG] - C:\Program Files\Windows Media Player\WMPNSCFG.exe [202240 2008-01-19] (Microsoft Corporation)
HKCU\...\Run: [swg] - C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe [68856 2008-08-02] (Google Inc.)
HKU\xxxxxxa\...\Run: [BullGuard] - "C:\Program Files\BullGuard Software\BullGuard\BullGuard.exe"
HKU\xxxxxxa\...\Run: [QuickTime Task] - C:\Program Files\QuickTime\qttask.exe [ 2012-10-25] (Apple Inc.)
HKU\xxxxxxa\...\Run: [ehTray.exe] - C:\Windows\ehome\ehTray.exe [ 2008-01-19] (Microsoft Corporation)
HKU\xxxxxxa\...\Run: [Insofta Document Backup] - "C:\Program Files\Insofta Document Backup\DocumentBackup.exe" /logon
HKU\xxxxxxa\...\Run: [updateMgr] - "C:\Program Files\Adobe\Acrobat 7.0\Reader\AdobeUpdateManager.exe" AcRdB7_0_9
HKU\xxxxxxa\...\Run: [swg] - C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe [ 2008-08-02] (Google Inc.)
HKU\xxxxxxa\...\Run: [EA Core] - C:\Program Files\Electronic Arts\EADM\Core.exe -silent
HKU\xxxxxxa\...\Run: [WMPNSCFG] - C:\Program Files\Windows Media Player\WMPNSCFG.exe [ 2008-01-19] (Microsoft Corporation)
HKU\xxxxxxa\...\Policies\system: [LogonHoursAction] 2
HKU\xxxxxxa\...\Policies\system: [DontDisplayLogonHoursWarnings] 1
HKU\xxxxxxb\...\Run: [BullGuard] - "C:\Program Files\BullGuard Software\BullGuard\BullGuard.exe"
HKU\xxxxxxb\...\Run: [QuickTime Task] - C:\Program Files\QuickTime\qttask.exe [ 2012-10-25] (Apple Inc.)
HKU\xxxxxxb\...\Run: [ehTray.exe] - C:\Windows\ehome\ehTray.exe [ 2008-01-19] (Microsoft Corporation)
HKU\xxxxxxb\...\Run: [WMPNSCFG] - C:\Program Files\Windows Media Player\WMPNSCFG.exe [ 2008-01-19] (Microsoft Corporation)
HKU\xxxxxxb\...\Run: [Insofta Document Backup] - "C:\Program Files\Insofta Document Backup\DocumentBackup.exe" /logon
HKU\xxxxxxb\...\Run: [updateMgr] - "C:\Program Files\Adobe\Acrobat 7.0\Reader\AdobeUpdateManager.exe" AcRdB7_0_9
HKU\xxxxxxb\...\Run: [swg] - C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe [ 2008-08-02] (Google Inc.)
HKU\xxxxxxb\...\Run: [ICQ] - 榤矔
HKU\xxxxxxb\...\Policies\system: [LogonHoursAction] 2
HKU\xxxxxxb\...\Policies\system: [DontDisplayLogonHoursWarnings] 1
HKU\Default\...\Run: [WindowsWelcomeCenter] - rundll32.exe oobefldr.dll,ShowWelcomeCenter
HKU\xxxxx_User\...\Run: [QuickTime Task] - C:\Program Files\QuickTime\qttask.exe [ 2012-10-25] (Apple Inc.)
HKU\xxxxx_User\...\Run: [ehTray.exe] - C:\Windows\ehome\ehTray.exe [ 2008-01-19] (Microsoft Corporation)
HKU\xxxxx_User\...\Run: [Insofta Document Backup] - "C:\Program Files\Insofta Document Backup\DocumentBackup.exe" /logon
HKU\xxxxx_User\...\Run: [updateMgr] - "C:\Program Files\Adobe\Acrobat 7.0\Reader\AdobeUpdateManager.exe" AcRdB7_0_9
HKU\xxxxx_User\...\Run: [swg] - C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe [ 2008-08-02] (Google Inc.)
HKU\xxxxx_User\...\Run: [EA Core] - C:\Program Files\Electronic Arts\EADM\Core.exe -silent
HKU\xxxxx_User\...\Policies\system: [LogonHoursAction] 2
HKU\xxxxx_User\...\Policies\system: [DontDisplayLogonHoursWarnings] 1
HKU\UpdatusUser\...\Run: [WindowsWelcomeCenter] - rundll32.exe oobefldr.dll,ShowWelcomeCenter
Startup: C:\Users\xxxxxxa\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\DSL-Manager.lnk
ShortcutTarget: DSL-Manager.lnk ->  (No File)
Startup: C:\Users\xxxxxxb\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\DSL-Manager.lnk
ShortcutTarget: DSL-Manager.lnk -> C:\Program Files\T-Online\DSL-Manager\DslMgr.exe (T-Systems Enterprise Services GmbH)
Startup: C:\Users\Default\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\DSL-Manager.lnk
ShortcutTarget: DSL-Manager.lnk -> C:\Program Files\T-Online\DSL-Manager\DslMgr.exe (T-Systems Enterprise Services GmbH)
Startup: C:\Users\Default\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\T-Online DSL-Manager.lnk
ShortcutTarget: T-Online DSL-Manager.lnk -> C:\Program Files\T-Online\DSL-Manager\TODslMgr.exe (No File)
Startup: C:\Users\Default User\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\DSL-Manager.lnk
ShortcutTarget: DSL-Manager.lnk -> C:\Program Files\T-Online\DSL-Manager\DslMgr.exe (T-Systems Enterprise Services GmbH)
Startup: C:\Users\Default User\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\T-Online DSL-Manager.lnk
ShortcutTarget: T-Online DSL-Manager.lnk -> C:\Program Files\T-Online\DSL-Manager\TODslMgr.exe (No File)
Startup: C:\Users\xxxxx_User\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\DSL-Manager.lnk
ShortcutTarget: DSL-Manager.lnk -> C:\Program Files\T-Online\DSL-Manager\DslMgr.exe (T-Systems Enterprise Services GmbH)
Startup: C:\Users\UpdatusUser\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\DSL-Manager.lnk
ShortcutTarget: DSL-Manager.lnk -> C:\Program Files\T-Online\DSL-Manager\DslMgr.exe (T-Systems Enterprise Services GmbH)
Startup: C:\Users\UpdatusUser\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\T-Online DSL-Manager.lnk
ShortcutTarget: T-Online DSL-Manager.lnk -> C:\Program Files\T-Online\DSL-Manager\TODslMgr.exe (No File)

==================== Internet (Whitelisted) ====================

HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.focus.de/
BHO: IE7Pro BHO - {00011268-E188-40DF-A514-835FCD78B1BF} - C:\Program Files\IEPro\iepro.dll (IE7Pro.com)
BHO: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre7\bin\ssv.dll (Oracle Corporation)
BHO: Windows Live ID-Anmelde-Hilfsprogramm - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll No File
BHO: WOT Helper - {C920E44A-7F78-4E64-BDD7-A57026E7FEB7} - C:\Program Files\WOT\WOT.dll ()
BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
Toolbar: HKLM - Grab Pro - {C55BBCD6-41AD-48AD-9953-3609C48EACC7} - C:\Program Files\IEPro\IEProRecorder.dll ()
Toolbar: HKLM - WOT - {71576546-354D-41c9-AAE8-31F2EC22BF0D} - C:\Program Files\WOT\WOT.dll ()
Toolbar: HKCU -WOT - {71576546-354D-41C9-AAE8-31F2EC22BF0D} - C:\Program Files\WOT\WOT.dll ()
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.7.0/jinstall-1_7_0_09-windows-i586.cab
DPF: {CAFEEFAC-0017-0000-0009-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.7.0/jinstall-1_7_0_09-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.7.0/jinstall-1_7_0_09-windows-i586.cab
Handler: fluxhttp\0x00000007 - {8E2D00A0-82C6-4821-90BC-07F290841BB6} - C:\Program Files\Common Files\fluxDVD\Lib\XEB\xebnavigation.ax No File
Handler: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL (Skype Technologies)
Handler: wot - {C2A44D6B-CB9F-4663-88A6-DF2F26E4D952} - C:\Program Files\WOT\WOT.dll ()
ShellExecuteHooks: SABShellExecuteHook Class - {5AE067D3-9AFB-48E0-853A-EBB7F4A000DA} - C:\Program Files\SUPERAntiSpyware\SASSEH.DLL [113024 2011-07-19] (SuperAdBlocker.com)
Winsock: Catalog9 01 C:\Windows\system32\wpclsp.dll [72192] (Microsoft Corporation)
Winsock: Catalog9 02 C:\Windows\system32\wpclsp.dll [72192] (Microsoft Corporation)
Winsock: Catalog9 03 C:\Windows\system32\wpclsp.dll [72192] (Microsoft Corporation)
Winsock: Catalog9 04 C:\Windows\system32\wpclsp.dll [72192] (Microsoft Corporation)
Winsock: Catalog9 11 C:\Windows\system32\wpclsp.dll [72192] (Microsoft Corporation)
Tcpip\Parameters: [DhcpNameServer] 192.168.2.1

Chrome: 
=======
CHR Extension: (Google Drive) - C:\Users\xxxxx\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf\6.2_0
CHR Extension: (YouTube) - C:\Users\xxxxx\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo\4.2.5_0
CHR Extension: (Google Search) - C:\Users\xxxxx\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf\0.0.0.19_0
CHR Extension: (Gmail) - C:\Users\xxxxx\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia\7_0

========================== Services (Whitelisted) =================

R2 !SASCORE; C:\Program Files\SUPERAntiSpyware\SASCORE.EXE [116608 2011-08-12] (SUPERAntiSpyware.com)
R2 AntiVirSchedulerService; C:\Program Files\Avira\AntiVir Desktop\sched.exe [84024 2013-09-05] (Avira Operations GmbH & Co. KG)
R2 AntiVirService; C:\Program Files\Avira\AntiVir Desktop\avguard.exe [108088 2013-09-05] (Avira Operations GmbH & Co. KG)
S4 bgsvcgen; C:\Windows\System32\bgsvcgen.exe [145504 2007-06-15] (B.H.A Corporation)
R2 BMUService; C:\Program Files\Memeo\AutoBackup\MemeoService.exe [31768 2007-04-07] (Memeo)
R2 Brother XP spl Service; C:\Windows\system32\brsvc01a.exe [57344 2002-04-11] (brother Industries Ltd)
R3 BrYNSvc; C:\Program Files\Browny02\BrYNSvc.exe [245760 2010-01-25] (Brother Industries, Ltd.)
S2 CheckStage2_svc; C:\Windows\CheckStage2.exe [462848 2007-03-12] ()
S4 ClipInc001; C:\Program Files\Tobit ClipInc\Server\ClipInc-Server.exe [1064960 2007-12-20] ()
S2 MBAMScheduler; C:\Program Files\Malwarebytes' Anti-Malware\mbamscheduler.exe [418376 2013-04-04] (Malwarebytes Corporation)
S2 MBAMService; C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe [701512 2013-04-04] (Malwarebytes Corporation)
R2 ProtexisLicensing; C:\Windows\system32\PSIService.exe [174656 2006-11-02] ()
R2 RichVideo; C:\Program Files\CyberLink\Shared Files\RichVideo.exe [272024 2006-12-19] ()
S3 TDslMgrService; C:\Program Files\T-Online\DSL-Manager\DslMgrSvc.exe [294912 2007-11-26] (T-Systems Enterprise Services GmbH)
R2 TVECapSvc; C:\Program Files\CyberLink\TV Enhance\Kernel\TV\TVECapSvc.exe [299093 2007-05-08] ()
R2 TVESched; C:\Program Files\CyberLink\TV Enhance\Kernel\TV\TVESched.exe [127059 2007-05-08] ()
R2 UMVPFSrv; C:\Program Files\Common Files\logishrd\LVMVFM\UMVPFSrv.exe [450848 2012-01-18] (Logitech Inc.)
S2 ACDaemon; C:\Program Files\Common Files\ArcSoft\Connection Service\Bin\ACService.exe [x]
S3 IDriverT; "C:\Program Files\Common Files\InstallShield\Driver\1150\Intel 32\IDriverT.exe" [x]
S2 LightScribeService; "C:\Program Files\Common Files\LightScribe\LSSrvc.exe" [x]
S4 NMIndexingService; "C:\Program Files\Common Files\Ahead\Lib\NMIndexingService.exe" [x]
S2 wlidsvc; "C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE" [x]

==================== Drivers (Whitelisted) ====================

R3 3xHybrid; C:\Windows\System32\DRIVERS\3xHybrid.sys [2814080 2006-10-27] (ASUSTeK)
R3 Afc; C:\Windows\System32\drivers\Afc.sys [18688 2006-11-10] (Arcsoft, Inc.)
R2 atksgt; C:\Windows\System32\DRIVERS\atksgt.sys [281760 2009-06-27] ()
R2 avgntflt; C:\Windows\System32\DRIVERS\avgntflt.sys [88840 2013-09-05] (Avira Operations GmbH & Co. KG)
R1 avipbb; C:\Windows\System32\DRIVERS\avipbb.sys [136672 2013-09-05] (Avira Operations GmbH & Co. KG)
R1 avkmgr; C:\Windows\System32\DRIVERS\avkmgr.sys [37352 2013-03-28] (Avira Operations GmbH & Co. KG)
R1 cdrbsdrv; C:\Windows\System32\Drivers\cdrbsdrv.sys [33408 2006-02-20] (B.H.A Corporation)
R0 CLFS; C:\Windows\System32\CLFS.sys [245736 2009-04-11] (Microsoft Corporation)
R1 DslMNLwf; C:\Windows\System32\DRIVERS\dslmnlwf.sys [16448 2007-08-01] (T-Systems Enterprise Services GmbH)
S3 dsltestSp5; C:\Windows\System32\Drivers\dsltestSp5.sys [26816 2007-09-12] (Printing Communications Assoc., Inc. (PCAUSA))
R0 JGOGO; C:\Windows\System32\DRIVERS\JGOGO.sys [6912 2006-02-07] (JMicron )
R0 JRAID; C:\Windows\System32\DRIVERS\jraid.sys [43648 2006-10-30] (JMicron Technology Corp.)
R2 lirsgt; C:\Windows\System32\DRIVERS\lirsgt.sys [25888 2009-06-27] ()
S3 LVPr2Mon; C:\Windows\System32\DRIVERS\LVPr2Mon.sys [25824 2010-05-07] ()
S3 MBAMProtector; C:\Windows\system32\drivers\mbam.sys [22856 2013-04-04] (Malwarebytes Corporation)
R1 SASDIFSV; C:\Program Files\SUPERAntiSpyware\SASDIFSV.SYS [12880 2011-07-22] (SUPERAdBlocker.com and SUPERAntiSpyware.com)
R1 SASKUTIL; C:\Program Files\SUPERAntiSpyware\SASKUTIL.SYS [67664 2011-07-12] (SUPERAdBlocker.com and SUPERAntiSpyware.com)
R0 sfdrv01a; C:\Windows\System32\drivers\sfdrv01a.sys [63352 2006-07-05] (Protection Technology (StarForce))
R0 sfsync04; C:\Windows\System32\drivers\sfsync04.sys [59776 2006-08-11] (Protection Technology (StarForce))
R1 SSHDRV86; C:\Windows\system32\drivers\SSHDRV86.sys [81408 2007-06-22] ()
R1 ssmdrv; C:\Windows\System32\DRIVERS\ssmdrv.sys [28520 2013-03-01] (Avira GmbH)
S3 wanatw; C:\Windows\System32\DRIVERS\wanatw4.sys [33588 2006-11-01] (America Online, Inc.)
U5 AppMgmt; C:\Windows\system32\svchost.exe [21504 2008-01-19] (Microsoft Corporation)
S4 blbdrive; \SystemRoot\system32\drivers\blbdrive.sys [x]
S3 IpInIp; system32\DRIVERS\ipinip.sys [x]
S3 NwlnkFlt; system32\DRIVERS\nwlnkflt.sys [x]
S3 NwlnkFwd; system32\DRIVERS\nwlnkfwd.sys [x]

==================== NetSvcs (Whitelisted) ===================


==================== One Month Created Files and Folders ========

2013-10-05 21:32 - 2013-10-05 21:32 - 99386337 _____ C:\Windows\system32\愸ᰴ—
2013-10-05 18:09 - 2013-10-05 18:10 - 00000000 ____D C:\Users\xxxxx\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\CyberLink PowerDVD
2013-10-05 15:30 - 2013-10-05 18:05 - 00000000 ____D C:\FRST
2013-10-05 15:17 - 2013-10-05 15:15 - 01087213 _____ (Farbar) C:\Users\xxxxx\Desktop\FRST.exe
2013-10-05 09:32 - 2013-10-06 00:23 - 00000000 ____D C:\Users\xxxxx\Desktop\Trojaner
2013-10-05 00:06 - 2013-10-05 00:06 - 00000000 ____D C:\Windows\ERUNT
2013-10-04 18:51 - 2013-10-04 18:52 - 00000000 ____D C:\Users\xxxxx\AppData\Roaming\Foxit Software
2013-10-04 18:51 - 2013-10-04 18:51 - 00000000 ____D C:\Program Files\Foxit Software
2013-10-04 18:51 - 2013-06-09 21:59 - 00216064 _____ C:\Windows\system32\gcapi_dll.dll
2013-10-04 18:18 - 2013-10-04 18:18 - 00454373 _____ C:\Users\xxxxx\Downloads\pdf
2013-10-04 16:43 - 2013-10-04 16:43 - 00000000 ____D C:\Program Files\WOT
2013-10-04 15:47 - 2013-07-31 12:30 - 12335104 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll
2013-10-04 15:47 - 2013-07-31 12:05 - 09738752 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll
2013-10-04 15:47 - 2013-07-31 12:00 - 01800704 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll
2013-10-04 15:47 - 2013-07-31 11:53 - 01104896 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll
2013-10-04 15:47 - 2013-07-31 11:52 - 01427968 _____ (Microsoft Corporation) C:\Windows\system32\inetcpl.cpl
2013-10-04 15:47 - 2013-07-31 11:52 - 01129472 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll
2013-10-04 15:47 - 2013-07-31 11:51 - 00231936 _____ (Microsoft Corporation) C:\Windows\system32\url.dll
2013-10-04 15:47 - 2013-07-31 11:49 - 00065024 _____ (Microsoft Corporation) C:\Windows\system32\jsproxy.dll
2013-10-04 15:47 - 2013-07-31 11:48 - 00717824 _____ (Microsoft Corporation) C:\Windows\system32\jscript.dll
2013-10-04 15:47 - 2013-07-31 11:48 - 00420864 _____ (Microsoft Corporation) C:\Windows\system32\vbscript.dll
2013-10-04 15:47 - 2013-07-31 11:48 - 00142848 _____ (Microsoft Corporation) C:\Windows\system32\ieUnatt.exe
2013-10-04 15:47 - 2013-07-31 11:47 - 00607744 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll
2013-10-04 15:47 - 2013-07-31 11:46 - 01796096 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll
2013-10-04 15:47 - 2013-07-31 11:45 - 02382848 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb
2013-10-04 15:47 - 2013-07-31 11:45 - 00073216 _____ (Microsoft Corporation) C:\Windows\system32\mshtmled.dll
2013-10-04 15:47 - 2013-07-31 11:42 - 00176640 _____ (Microsoft Corporation) C:\Windows\system32\ieui.dll
2013-10-04 15:27 - 2013-08-08 03:45 - 02049536 _____ (Microsoft Corporation) C:\Windows\system32\win32k.sys
2013-10-04 15:27 - 2013-07-16 06:35 - 00615936 _____ (Microsoft Corporation) C:\Windows\system32\themeui.dll
2013-10-04 15:13 - 2013-10-04 15:13 - 00000000 _____ C:\Windows\win.ini.INI
2013-10-04 12:52 - 2013-10-04 12:52 - 00000000 ____D C:\Users\xxxxx_User\Desktop\Virensuche
2013-10-04 12:44 - 2013-10-04 12:44 - 00000000 ____D C:\Users\xxxxx_User\AppData\Roaming\Malwarebytes
2013-10-04 12:40 - 2013-10-04 12:55 - 00000000 ____D C:\Users\xxxxx_User\AppData\Roaming\MiniDm
2013-10-04 12:39 - 2013-10-04 12:39 - 00000000 ____D C:\Users\xxxxx_User\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\CyberLink PowerDVD
2013-09-17 17:38 - 2013-09-17 17:39 - 00000000 ____D C:\Users\xxxxxxa\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\CyberLink PowerDVD
2013-09-06 19:50 - 2013-10-04 15:37 - 00000000 ____D C:\Windows\system32\MRT
2013-09-06 19:25 - 2013-07-05 06:53 - 00905664 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\tcpip.sys
2013-09-06 19:25 - 2013-06-15 15:22 - 00015872 _____ (Microsoft Corporation) C:\Windows\system32\icaapi.dll
2013-09-06 19:25 - 2013-06-15 13:23 - 00024064 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\tssecsrv.sys
2013-09-06 19:24 - 2013-07-17 21:41 - 00002048 _____ (Microsoft Corporation) C:\Windows\system32\tzres.dll
2013-09-06 19:24 - 2013-07-09 14:10 - 01205168 _____ (Microsoft Corporation) C:\Windows\system32\ntdll.dll
2013-09-06 19:24 - 2013-07-08 06:55 - 03603904 _____ (Microsoft Corporation) C:\Windows\system32\ntkrnlpa.exe
2013-09-06 19:24 - 2013-07-08 06:55 - 03551680 _____ (Microsoft Corporation) C:\Windows\system32\ntoskrnl.exe
2013-09-06 19:24 - 2013-04-24 06:00 - 00041984 _____ (Microsoft Corporation) C:\Windows\system32\certenc.dll
2013-09-06 19:24 - 2013-04-24 03:46 - 00812544 _____ (Microsoft Corporation) C:\Windows\system32\certutil.exe
2013-09-06 19:24 - 2013-04-17 14:30 - 00024576 _____ (Microsoft Corporation) C:\Windows\system32\cryptdlg.dll
2013-09-06 19:24 - 2013-04-17 13:28 - 01029120 _____ (Microsoft Corporation) C:\Windows\system32\d3d10.dll
2013-09-06 19:24 - 2013-04-17 13:28 - 00219648 _____ (Microsoft Corporation) C:\Windows\system32\d3d10_1core.dll
2013-09-06 19:24 - 2013-04-17 13:28 - 00189952 _____ (Microsoft Corporation) C:\Windows\system32\d3d10core.dll
2013-09-06 19:24 - 2013-04-17 13:28 - 00160768 _____ (Microsoft Corporation) C:\Windows\system32\d3d10_1.dll
2013-09-06 19:24 - 2013-04-17 12:34 - 01172480 _____ (Microsoft Corporation) C:\Windows\system32\d3d10warp.dll
2013-09-06 19:24 - 2013-04-17 12:33 - 00486400 _____ (Microsoft Corporation) C:\Windows\system32\d3d10level9.dll
2013-09-06 19:24 - 2013-04-17 12:14 - 00683008 _____ (Microsoft Corporation) C:\Windows\system32\d2d1.dll
2013-09-06 19:24 - 2013-04-17 12:10 - 01069056 _____ (Microsoft Corporation) C:\Windows\system32\DWrite.dll
2013-09-06 19:24 - 2013-04-17 12:10 - 00798208 _____ (Microsoft Corporation) C:\Windows\system32\FntCache.dll
2013-09-06 19:23 - 2013-08-02 06:09 - 01548288 _____ (Microsoft Corporation) C:\Windows\system32\WMVDECOD.DLL
2013-09-06 19:23 - 2013-07-10 11:47 - 00783360 _____ (Microsoft Corporation) C:\Windows\system32\rpcrt4.dll
2013-09-06 19:23 - 2013-07-08 06:20 - 00172544 _____ (Microsoft Corporation) C:\Windows\system32\wintrust.dll
2013-09-06 19:23 - 2013-07-08 06:16 - 00992768 _____ (Microsoft Corporation) C:\Windows\system32\crypt32.dll
2013-09-06 19:23 - 2013-07-08 06:16 - 00133120 _____ (Microsoft Corporation) C:\Windows\system32\cryptsvc.dll
2013-09-06 19:23 - 2013-07-08 06:16 - 00098304 _____ (Microsoft Corporation) C:\Windows\system32\cryptnet.dll
2013-09-06 19:23 - 2013-06-01 06:06 - 00505344 _____ (Microsoft Corporation) C:\Windows\system32\qedit.dll
2013-09-06 19:23 - 2013-05-02 06:04 - 00443904 _____ (Microsoft Corporation) C:\Windows\system32\win32spl.dll
2013-09-06 19:23 - 2013-05-02 06:03 - 00037376 _____ (Microsoft Corporation) C:\Windows\system32\printcom.dll
2013-09-06 19:23 - 2013-04-15 16:20 - 00638328 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\dxgkrnl.sys
2013-09-06 19:23 - 2013-04-13 12:56 - 00037376 _____ (Microsoft Corporation) C:\Windows\system32\cdd.dll
2013-09-06 19:05 - 2013-10-04 13:29 - 00000000 ____D C:\AdwCleaner
2013-09-06 18:44 - 2013-09-06 18:44 - 96334488 _____ C:\Windows\system32\黸皩ᴼ

==================== One Month Modified Files and Folders =======

2013-10-06 00:23 - 2013-10-05 09:32 - 00000000 ____D C:\Users\xxxxx\Desktop\Trojaner
2013-10-06 00:09 - 2006-11-02 14:47 - 00003296 _____ C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0
2013-10-06 00:09 - 2006-11-02 14:47 - 00003296 _____ C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0
2013-10-05 21:32 - 2013-10-05 21:32 - 99386337 _____ C:\Windows\system32\愸ᰴ—
2013-10-05 18:16 - 2007-04-10 11:58 - 01349157 _____ C:\Windows\WindowsUpdate.log
2013-10-05 18:10 - 2013-10-05 18:09 - 00000000 ____D C:\Users\xxxxx\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\CyberLink PowerDVD
2013-10-05 18:09 - 2007-04-30 16:05 - 00639492 _____ C:\Windows\system32\CheckStage2.log
2013-10-05 18:05 - 2013-10-05 15:30 - 00000000 ____D C:\FRST
2013-10-05 15:39 - 2006-11-02 12:33 - 01483864 _____ C:\Windows\system32\PerfStringBackup.INI
2013-10-05 15:15 - 2013-10-05 15:17 - 01087213 _____ (Farbar) C:\Users\xxxxx\Desktop\FRST.exe
2013-10-05 14:43 - 2007-07-23 19:57 - 00002695 _____ C:\Users\xxxxx\Desktop\Microsoft Office Outlook 2007.lnk
2013-10-05 09:30 - 2007-04-30 13:53 - 00177346 _____ C:\Windows\PFRO.log
2013-10-05 00:06 - 2013-10-05 00:06 - 00000000 ____D C:\Windows\ERUNT
2013-10-04 18:52 - 2013-10-04 18:51 - 00000000 ____D C:\Users\xxxxx\AppData\Roaming\Foxit Software
2013-10-04 18:51 - 2013-10-04 18:51 - 00000000 ____D C:\Program Files\Foxit Software
2013-10-04 18:43 - 2007-06-10 14:49 - 00000000 ____D C:\Users\xxxxx\AppData\Local\Adobe
2013-10-04 18:42 - 2011-11-26 14:32 - 00000000 ____D C:\ProgramData\Adobe
2013-10-04 18:42 - 2011-11-26 14:32 - 00000000 ____D C:\Program Files\Common Files\Adobe
2013-10-04 18:18 - 2013-10-04 18:18 - 00454373 _____ C:\Users\xxxxx\Downloads\pdf
2013-10-04 17:22 - 2007-06-26 17:34 - 00000000 ____D C:\Users\xxxxx\Documents\Geld
2013-10-04 16:43 - 2013-10-04 16:43 - 00000000 ____D C:\Program Files\WOT
2013-10-04 15:53 - 2006-11-02 14:47 - 00359672 _____ C:\Windows\system32\FNTCACHE.DAT
2013-10-04 15:48 - 2007-06-29 18:57 - 00000000 ____D C:\ProgramData\Microsoft Help
2013-10-04 15:37 - 2013-09-06 19:50 - 00000000 ____D C:\Windows\system32\MRT
2013-10-04 15:34 - 2006-11-02 12:24 - 76725432 _____ (Microsoft Corporation) C:\Windows\system32\mrt.exe
2013-10-04 15:20 - 2006-11-02 17:31 - 00000000 ____D C:\Windows\WindowsMobile
2013-10-04 15:13 - 2013-10-04 15:13 - 00000000 _____ C:\Windows\win.ini.INI
2013-10-04 15:08 - 2008-08-02 11:00 - 00000000 ____D C:\ProgramData\Google
2013-10-04 15:08 - 2007-11-05 22:13 - 00000000 ____D C:\Program Files\Google
2013-10-04 15:08 - 2007-06-13 21:49 - 00000000 ____D C:\Users\xxxxx\AppData\Local\Google
2013-10-04 15:07 - 2009-07-17 21:16 - 00000974 _____ C:\Windows\Tasks\Google Software Updater.job
2013-10-04 15:07 - 2008-08-02 11:00 - 00000000 ____D C:\ProgramData\Google Updater
2013-10-04 13:29 - 2013-09-06 19:05 - 00000000 ____D C:\AdwCleaner
2013-10-04 12:55 - 2013-10-04 12:40 - 00000000 ____D C:\Users\xxxxx_User\AppData\Roaming\MiniDm
2013-10-04 12:52 - 2013-10-04 12:52 - 00000000 ____D C:\Users\xxxxx_User\Desktop\Virensuche
2013-10-04 12:44 - 2013-10-04 12:44 - 00000000 ____D C:\Users\xxxxx_User\AppData\Roaming\Malwarebytes
2013-10-04 12:43 - 2012-05-13 18:31 - 00000000 ____D C:\Program Files\Malwarebytes' Anti-Malware
2013-10-04 12:39 - 2013-10-04 12:39 - 00000000 ____D C:\Users\xxxxx_User\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\CyberLink PowerDVD
2013-09-29 17:11 - 2012-11-09 18:23 - 00000000 ____D C:\Users\xxxxx\Citrix
2013-09-27 18:39 - 2007-06-26 17:41 - 00000000 ____D C:\Users\Public\Documents\Korrespondenz
2013-09-26 18:37 - 2007-06-26 17:35 - 00000000 ____D C:\Users\xxxxx\Documents\Kredit_neu
2013-09-26 18:36 - 2012-02-29 18:41 - 00000000 ____D C:\Users\xxxxx\Documents\Hauskauf Silke
2013-09-22 11:51 - 2007-06-10 15:12 - 00042496 _____ C:\Users\xxxxx\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
2013-09-17 17:39 - 2013-09-17 17:38 - 00000000 ____D C:\Users\xxxxxxa\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\CyberLink PowerDVD
2013-09-17 17:39 - 2007-08-23 16:13 - 00002695 _____ C:\Users\xxxxxxa\Desktop\Outlook.lnk
2013-09-08 14:05 - 2006-11-02 13:18 - 00000000 ____D C:\Windows\Microsoft.NET
2013-09-06 20:02 - 2009-12-11 13:21 - 00000000 ____D C:\Program Files\Microsoft Silverlight
2013-09-06 19:59 - 2006-11-02 14:37 - 00000000 ____D C:\Windows\system32\XPSViewer
2013-09-06 19:59 - 2006-11-02 14:37 - 00000000 ____D C:\Program Files\Windows Journal
2013-09-06 19:59 - 2006-11-02 13:18 - 00000000 ____D C:\Windows\system32\de-DE
2013-09-06 19:07 - 2013-06-30 13:34 - 00000857 _____ C:\Users\xxxxx\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Search.lnk
2013-09-06 18:44 - 2013-09-06 18:44 - 96334488 _____ C:\Windows\system32\黸皩ᴼ
2013-09-06 18:42 - 2011-01-08 21:14 - 00001092 _____ C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
2013-09-06 18:41 - 2006-11-02 15:01 - 00000006 ____H C:\Windows\Tasks\SA.DAT

Files to move or delete:
====================
C:\Users\xxxxx\CTX.DAT


Some content of TEMP:
====================
C:\Users\xxxxxxa\AppData\Local\temp\AskSLib.dll
C:\Users\xxxxx\AppData\Local\temp\drm_dyndata_7400009.dll
C:\Users\xxxxx\AppData\Local\temp\_is254C.exe
C:\Users\xxxxx\AppData\Local\temp\_isCFA.exe


==================== Bamital & volsnap Check =================

C:\Windows\explorer.exe => MD5 is legit
C:\Windows\System32\winlogon.exe => MD5 is legit
C:\Windows\System32\wininit.exe => MD5 is legit
C:\Windows\System32\svchost.exe => MD5 is legit
C:\Windows\System32\services.exe => MD5 is legit
C:\Windows\System32\User32.dll => MD5 is legit
C:\Windows\System32\userinit.exe => MD5 is legit
C:\Windows\System32\Drivers\volsnap.sys => MD5 is legit


LastRegBack: 2013-10-05 18:16

==================== End Of Log ============================

--- --- ---

Gruß
Frank

aharonov · 06.10.2013, 13:00

Hallo Frank,

du hast mir von Schritt 1 die Fixlist gepostet, die ich dir mitgegeben hab.

Ich bräuchte aber das Fixlog.txt, welches nach dem Fix erstellt wurde.
Falls du das nicht mehr findest, dann wiederhole bitte den Fix wie in der Anleitung beschrieben und füge das Fixlog hier ein.

Plage01 · 06.10.2013, 19:01

Oh, das ist suboptimal; sorry.
Hier jetzt die Fixlog

Code:

ATTFilter

Fix result of Farbar Recovery Tool (FRST written by Farbar) (x86) Version: 03-10-2013
Ran by xxxxx at 2013-10-05 18:05:57 Run:1
Running from C:\Users\xxxxx\Desktop
Boot Mode: Normal

==============================================

Content of fixlist:
*****************
R2 tor; C:\Program Files\Tor\tor.exe [3233806 2013-09-09] ()
C:\Program Files\Tor
HKU\xxxxxxb\...\Run: [ICQ] - 榤矔
C:\Windows\System32\config\systemprofile\AppData\Local\Windows Internet Name Service
File: C:\Windows\system32\FlashPlayerUpdateService.exe
File: C:\Windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe
*****************

tor => Service deleted successfully.
C:\Program Files\Tor => Moved successfully.
HKU\xxxxxxb\Software\Microsoft\Windows\CurrentVersion\Run\\ICQ => Value not found.
C:\Windows\System32\config\systemprofile\AppData\Local\Windows Internet Name Service => Moved successfully.

========================= File: C:\Windows\system32\FlashPlayerUpdateService.exe ========================

"C:\Windows\system32\FlashPlayerUpdateService.exe" not found.
====== End Of File: ======


========================= File: C:\Windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe ========================

"C:\Windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe" not found.
====== End Of File: ======



The system needs a manual reboot. 

==== End of Fixlog ====

Gruß
Frank

aharonov · 06.10.2013, 19:10

Hast du bei dieser Zeile im Fixskript

Code:

ATTFilter

HKU\xxxxxxb\...\Run: [ICQ] - 榤矔

das "xxxxxxb" durch den richtigen Benutzernamen ersetzt?
Falls nicht, dann wiederhole den Fix bitte, aber nur noch mit dieser einen Zeile. Ersetze dabei diese Anonymisierung, bevor du den Fix ausführst.

Plage01 · 06.10.2013, 19:19

Hallo,

mit ersetztem namen ablaufen lassen.
Hier das Log wieder mit editierten Namen:

Code:

ATTFilter

Fix result of Farbar Recovery Tool (FRST written by Farbar) (x86) Version: 03-10-2013
Ran by xxxxx at 2013-10-06 20:17:29 Run:3
Running from C:\Users\xxxxx\Desktop
Boot Mode: Normal

==============================================

Content of fixlist:
*****************
HKU\xxxxxxB\...\Run: [ICQ] - 榤矔

*****************

HKU\xxxxxxB\Software\Microsoft\Windows\CurrentVersion\Run\\ICQ => Value not found.

==== End of Fixlog ====

Gruß
Frank

05.10.2013, 15:52	#8
aharonov /// TB-Ausbilder	TR / Agent.PBI und Mevade.A.95 Was für Kopien? Diese beiden Files des infizierten Rechners sollen bei VirusTotal analysiert werden - keine anderen. __________________ cheers, Leo

06.10.2013, 13:00	#12
aharonov /// TB-Ausbilder	TR / Agent.PBI und Mevade.A.95 Hallo Frank, du hast mir von Schritt 1 die Fixlist gepostet, die ich dir mitgegeben hab. Ich bräuchte aber das Fixlog.txt, welches nach dem Fix erstellt wurde. Falls du das nicht mehr findest, dann wiederhole bitte den Fix wie in der Anleitung beschrieben und füge das Fixlog hier ein. __________________ cheers, Leo

06.10.2013, 19:10	#14
aharonov /// TB-Ausbilder	TR / Agent.PBI und Mevade.A.95 Hast du bei dieser Zeile im Fixskript Code: ATTFilter HKU\xxxxxxb\...\Run: [ICQ] - 榤矔 das "xxxxxxb" durch den richtigen Benutzernamen ersetzt? Falls nicht, dann wiederhole den Fix bitte, aber nur noch mit dieser einen Zeile. Ersetze dabei diese Anonymisierung, bevor du den Fix ausführst. __________________ cheers, Leo

TR / Agent.PBI und Mevade.A.95

Plagegeister aller Art und deren Bekämpfung: TR / Agent.PBI und Mevade.A.95