Trojaner-Board

Trojaner-Board (https://www.trojaner-board.de/)
-   Log-Analyse und Auswertung (https://www.trojaner-board.de/log-analyse-auswertung/)
-   -   www.searchnu.com/410?tag=newtab - problem (https://www.trojaner-board.de/112608-www-searchnu-com-410-tag-newtab-problem.html)

incebo 29.03.2012 18:44
www.searchnu.com/410?tag=newtab - problem
 
Hallo liebes Trojaner-Board Team,

ich habe seit ca. einer Woche das Problem, dass ich beim Öffnen eines neuen Tabs im Firefox immer diese Seite "hxxp://www.searchnu.com/410?tag=newtab" angezeigt bekomme...nachdem mir das etwas komisch vorkam habe ich mal gegoogelt und musste feststellen, dass es sich wohl leider um einen trojaner handelt..oder?
könnt ihr mir bitte bitte helfen den wieder von meinem pc zu bekommen?

ich habe ihn mir vermutlich beim download von einem player eingefangen (den namen weiß ich leider nicht mehr).

mein avira hat auch irgendwas angezeigt, weswegen ich den player nicht installiert habe (zumindest glaube ich das) und diese "bösartige" datei in Quarantäne verschoben wurde...aber das scheint nicht auszureichen und ich will sichergehen, dass dieser trojaner auch wirklich von meinem pc ist.

laut malwarebytes ist er wohl auch noch auf dem pc.

ich habe euch die logdateien angehängt. ich hoffe ihr könnt was damit anfangen...

vielen tausend dank schon mal...
isa

cosinus 29.03.2012 22:18
Ohne die Logs von Malwarebytes und Co wird das hier nichts. :glaskugel:
Alles von Malwarebytes (und evtl. anderen Scannern) muss hier gepostet werden.

Bitte alles nach Möglichkeit hier in CODE-Tags posten.

Wird so gemacht:

[code] hier steht das Log [/code]

Und das ganze sieht dann so aus:

Code:
hier steht das Log

incebo 30.03.2012 08:06
hallo arne,

danke für deine schnelle antwort...
ja das ist logisch, dass ihr die braucht. ich versuch das mal und hoffe es ist so richtig...

liebe grüße, isa

Code:
Malwarebytes Anti-Malware (Test) 1.60.1.1000
www.malwarebytes.org

Datenbank Version: v2012.03.29.05

Windows 7 Service Pack 1 x86 NTFS
Internet Explorer 9.0.8112.16421
Isa :: ISA-PC [Administrator]

Schutz: Aktiviert

29.03.2012 16:37:36
mbam-log-2012-03-29 (16-37-36).txt

Art des Suchlaufs: Vollständiger Suchlauf
Aktivierte Suchlaufeinstellungen: Speicher | Autostart | Registrierung | Dateisystem | Heuristiks/Extra | HeuristiKs/Shuriken | PUP | PUM
Deaktivierte Suchlaufeinstellungen: P2P
Durchsuchte Objekte: 270182
Laufzeit: 1 Stunde(n), 2 Minute(n), 24 Sekunde(n)

Infizierte Speicherprozesse: 0
(Keine bösartigen Objekte gefunden)

Infizierte Speichermodule: 0
(Keine bösartigen Objekte gefunden)

Infizierte Registrierungsschlüssel: 0
(Keine bösartigen Objekte gefunden)

Infizierte Registrierungswerte: 0
(Keine bösartigen Objekte gefunden)

Infizierte Dateiobjekte der Registrierung: 0
(Keine bösartigen Objekte gefunden)

Infizierte Verzeichnisse: 0
(Keine bösartigen Objekte gefunden)

Infizierte Dateien: 3
C:\Users\Isa\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\QGLUWXDH\37023-89613-vcd-cutter[1].exe (Adware.Relevantknowledge) -> Erfolgreich gelöscht und in Quarantäne gestellt.
C:\Users\Isa\AppData\Local\Temp\37023-89613-vcd-cutter.exe (Adware.Relevantknowledge) -> Erfolgreich gelöscht und in Quarantäne gestellt.
C:\Users\Isa\Downloads\VCDCutterSetup.exe (Adware.Relevantknowledge) -> Erfolgreich gelöscht und in Quarantäne gestellt.

(Ende)
jetzt habe ich heute nochmal einen scan gemacht (der obige war von gestern nachmittag) und es ist folgendes rausgekommen:


Code:
Malwarebytes Anti-Malware (Test) 1.60.1.1000
www.malwarebytes.org

Datenbank Version: v2012.03.29.06

Windows 7 Service Pack 1 x86 NTFS
Internet Explorer 9.0.8112.16421
Isa :: ISA-PC [Administrator]

Schutz: Aktiviert

30.03.2012 08:58:56
mbam-log-2012-03-30 (08-58-56).txt

Art des Suchlaufs: Vollständiger Suchlauf
Aktivierte Suchlaufeinstellungen: Speicher | Autostart | Registrierung | Dateisystem | Heuristiks/Extra | HeuristiKs/Shuriken | PUP | PUM
Deaktivierte Suchlaufeinstellungen: P2P
Durchsuchte Objekte: 237850
Laufzeit: 35 Minute(n), 47 Sekunde(n)

Infizierte Speicherprozesse: 0
(Keine bösartigen Objekte gefunden)

Infizierte Speichermodule: 0
(Keine bösartigen Objekte gefunden)

Infizierte Registrierungsschlüssel: 0
(Keine bösartigen Objekte gefunden)

Infizierte Registrierungswerte: 0
(Keine bösartigen Objekte gefunden)

Infizierte Dateiobjekte der Registrierung: 0
(Keine bösartigen Objekte gefunden)

Infizierte Verzeichnisse: 0
(Keine bösartigen Objekte gefunden)

Infizierte Dateien: 0
(Keine bösartigen Objekte gefunden)

(Ende)

cosinus 30.03.2012 10:48
Führ bitte auch ESET aus, danach sehen wir weiter:


ESET Online Scanner

  • Hier findest du eine bebilderte Anleitung zu ESET Online Scanner
  • Lade und starte Eset Online Scanner
  • Setze einen Haken bei Ja, ich bin mit den Nutzungsbedingungen einverstanden und klicke auf Starten.
  • Aktiviere die "Erkennung von eventuell unerwünschten Anwendungen" und wähle folgende Einstellungen.
  • Klicke auf Starten.
  • Die Signaturen werden heruntergeladen, der Scan beginnt automatisch.
  • Klicke am Ende des Suchlaufs auf Fertig stellen.
  • Schließe das Fenster von ESET.
  • Explorer öffnen.
  • C:\Programme\Eset\EsetOnlineScanner\log.txt (bei 64 Bit auch C:\Programme (x86)\Eset\EsetOnlineScanner\log.txt) suchen und mit Deinem Editor öffnen (bebildert).
  • Logfile hier posten.
  • Deinstallation: Systemsteuerung => Software / Programme deinstallieren => Eset Online Scanner V3 entfernen.
  • Manuell folgenden Ordner löschen und Papierkorb leeren => C:\Programme\Eset


incebo 30.03.2012 20:00
danke für den weiteren tip...

hier die logdatei...

Code:
ESETSmartInstaller@High as downloader log:
all ok
# version=7
# OnlineScannerApp.exe=1.0.0.1
# OnlineScanner.ocx=1.0.0.6583
# api_version=3.0.2
# EOSSerial=018c3792c20c8e4b8d7028c2c6e89ddc
# end=finished
# remove_checked=false
# archives_checked=true
# unwanted_checked=true
# unsafe_checked=false
# antistealth_checked=true
# utc_time=2012-03-30 06:20:31
# local_time=2012-03-30 08:20:31 (+0100, Mitteleuropäische Sommerzeit)
# country="Germany"
# lang=1033
# osver=6.1.7601 NT Service Pack 1
# compatibility_mode=1792 16777215 100 0 1902048 1902048 0 0
# compatibility_mode=5893 16776573 100 94 2025 84759969 0 0
# compatibility_mode=8192 67108863 100 0 144 144 0 0
# scanned=71247
# found=5
# cleaned=0
# scan_time=2853
C:\Program Files\Windows Searchqu Toolbar\Datamngr\BrowserConnection.dll        Win32/Toolbar.SearchSuite application (unable to clean)        00000000000000000000000000000000        I
C:\Program Files\Windows Searchqu Toolbar\Datamngr\datamngr.dll        Win32/Toolbar.SearchSuite application (unable to clean)        00000000000000000000000000000000        I
C:\Program Files\Windows Searchqu Toolbar\Datamngr\DnsBHO.dll        Win32/Toolbar.SearchSuite application (unable to clean)        00000000000000000000000000000000        I
C:\Users\Isa\AppData\Local\Temp\SetupDataMngr_Searchqu.exe        a variant of Win32/Toolbar.SearchSuite application (unable to clean)        00000000000000000000000000000000        I
C:\Users\Isa\Downloads\installer__1_0_Deutsch.exe        Win32/Vittalia application (unable to clean)        00000000000000000000000000000000        I

cosinus 30.03.2012 20:22
Mach bitte ein neues OTL-Log. Bitte alles nach Möglichkeit hier in CODE-Tags posten.

Wird so gemacht:

[code] hier steht das Log [/code]

Und das ganze sieht dann so aus:

Code:
hier steht das Log
CustomScan mit OTL

Falls noch nicht vorhanden, lade Dir bitte OTL von Oldtimer herunter und speichere es auf Deinem Desktop
Code:
netsvcs
msconfig
safebootminimal
safebootnetwork
activex
drivers32
%ALLUSERSPROFILE%\Application Data\*.
%ALLUSERSPROFILE%\Application Data\*.exe /s
%APPDATA%\*.
%APPDATA%\*.exe /s
%SYSTEMDRIVE%\*.exe
/md5start
wininit.exe
userinit.exe
eventlog.dll
scecli.dll
netlogon.dll
cngaudit.dll
ws2ifsl.sys
sceclt.dll
ntelogon.dll
winlogon.exe
logevent.dll
user32.DLL
iaStor.sys
nvstor.sys
atapi.sys
IdeChnDr.sys
viasraid.sys
AGP440.sys
vaxscsi.sys
nvatabus.sys
viamraid.sys
nvata.sys
nvgts.sys
iastorv.sys
ViPrt.sys
eNetHook.dll
ahcix86.sys
KR10N.sys
nvstor32.sys
ahcix86s.sys
/md5stop
%systemroot%\system32\drivers\*.sys /lockedfiles
%systemroot%\System32\config\*.sav
%systemroot%\*. /mp /s
%systemroot%\system32\*.dll /lockedfiles
CREATERESTOREPOINT

incebo 30.03.2012 21:29
OTL Logfile:
Code:
OTL logfile created on: 30.03.2012 22:10:52 - Run 2
OTL by OldTimer - Version 3.2.39.2    Folder = C:\Users\Isa\Desktop
 Home Premium Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
 
1022,05 Mb Total Physical Memory | 463,89 Mb Available Physical Memory | 45,39% Memory free
2,00 Gb Paging File | 0,97 Gb Available in Paging File | 48,66% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 465,66 Gb Total Space | 442,51 Gb Free Space | 95,03% Space Free | Partition Type: NTFS
Unable to calculate disk information.
 
Computer Name: ISA-PC | User Name: Isa | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users | Quick Scan
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days
 
========== Processes (SafeList) ==========
 
PRC - C:\Users\Isa\Desktop\OTL.exe (OldTimer Tools)
PRC - C:\Programme\Avira\AntiVir Desktop\avshadow.exe (Avira Operations GmbH & Co. KG)
PRC - C:\Programme\Avira\AntiVir Desktop\sched.exe (Avira Operations GmbH & Co. KG)
PRC - C:\Programme\Avira\AntiVir Desktop\avgnt.exe (Avira Operations GmbH & Co. KG)
PRC - C:\Programme\Avira\AntiVir Desktop\avguard.exe (Avira Operations GmbH & Co. KG)
PRC - C:\Programme\Malwarebytes' Anti-Malware\mbamservice.exe (Malwarebytes Corporation)
PRC - C:\Programme\Malwarebytes' Anti-Malware\mbamgui.exe (Malwarebytes Corporation)
PRC - C:\Programme\Common Files\Adobe\ARM\1.0\armsvc.exe (Adobe Systems Incorporated)
PRC - c:\Programme\Microsoft IntelliPoint\ipoint.exe (Microsoft Corporation)
PRC - C:\Programme\DivX\DivX Update\DivXUpdate.exe ()
PRC - C:\Windows\System32\conhost.exe (Microsoft Corporation)
PRC - C:\Windows\explorer.exe (Microsoft Corporation)
PRC - C:\Programme\Windows Media Player\wmpnetwk.exe (Microsoft Corporation)
PRC - C:\Windows\System32\taskhost.exe (Microsoft Corporation)
 
 
========== Modules (No Company Name) ==========
 
MOD - C:\Programme\DivX\DivX Update\DivXUpdateCheck.dll ()
MOD - C:\Programme\DivX\DivX Update\DivXUpdate.exe ()
 
 
========== Win32 Services (SafeList) ==========
 
SRV - (AntiVirSchedulerService) -- C:\Programme\Avira\AntiVir Desktop\sched.exe (Avira Operations GmbH & Co. KG)
SRV - (AntiVirService) -- C:\Programme\Avira\AntiVir Desktop\avguard.exe (Avira Operations GmbH & Co. KG)
SRV - (MBAMService) -- C:\Programme\Malwarebytes' Anti-Malware\mbamservice.exe (Malwarebytes Corporation)
SRV - (AdobeARMservice) -- C:\Programme\Common Files\Adobe\ARM\1.0\armsvc.exe (Adobe Systems Incorporated)
SRV - (WMPNetworkSvc) -- C:\Programme\Windows Media Player\wmpnetwk.exe (Microsoft Corporation)
SRV - (SensrSvc) -- C:\Windows\System32\sensrsvc.dll (Microsoft Corporation)
SRV - (WinDefend) -- C:\Programme\Windows Defender\MpSvc.dll (Microsoft Corporation)
 
 
========== Driver Services (SafeList) ==========
 
DRV - (uwldrpow) -- C:\Users\Isa\AppData\Local\Temp\uwldrpow.sys File not found
DRV - (mbr) -- C:\Users\Isa\AppData\Local\Temp\mbr.sys File not found
DRV - (avipbb) -- C:\Windows\System32\drivers\avipbb.sys (Avira GmbH)
DRV - (avgntflt) -- C:\Windows\System32\drivers\avgntflt.sys (Avira GmbH)
DRV - (MBAMProtector) -- C:\Windows\System32\drivers\mbam.sys (Malwarebytes Corporation)
DRV - (avkmgr) -- C:\Windows\System32\drivers\avkmgr.sys (Avira GmbH)
DRV - (TsUsbFlt) -- C:\Windows\System32\drivers\TsUsbFlt.sys (Microsoft Corporation)
DRV - (ssmdrv) -- C:\Windows\System32\drivers\ssmdrv.sys (Avira GmbH)
DRV - (Serial) -- C:\Windows\System32\drivers\serial.sys (Brother Industries Ltd.)
DRV - (AgereSoftModem) -- C:\Windows\System32\drivers\AGRSM.sys (LSI Corp)
DRV - (netw5v32) Intel(R) -- C:\Windows\System32\drivers\netw5v32.sys (Intel Corporation)
DRV - (nvlddmkm) -- C:\Windows\System32\drivers\nvlddmkm.sys (NVIDIA Corporation)
DRV - (TVALZ) -- C:\Windows\System32\drivers\TVALZ_O.SYS (TOSHIBA Corporation)
 
 
========== Standard Registry (SafeList) ==========
 
 
========== Internet Explorer ==========
 
IE - HKLM\..\SearchScopes,DefaultScope = {9BB47C17-9C68-4BB3-B188-DD9AF0FD2410}
IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&FORM=IE8SRC
IE - HKLM\..\SearchScopes\{9BB47C17-9C68-4BB3-B188-DD9AF0FD2410}: "URL" = hxxp://dts.search-results.com/sr?src=ieb&appid=0&systemid=410&sr=0&q={searchTerms}
 
 
IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
 
IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
 
 
 
IE - HKU\S-1-5-21-76316133-68959942-1097311536-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.searchnu.com/410
IE - HKU\S-1-5-21-76316133-68959942-1097311536-1000\..\SearchScopes,DefaultScope = {9BB47C17-9C68-4BB3-B188-DD9AF0FD2410}
IE - HKU\S-1-5-21-76316133-68959942-1097311536-1000\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&src=IE-SearchBox&FORM=IE8SRC
IE - HKU\S-1-5-21-76316133-68959942-1097311536-1000\..\SearchScopes\{9BB47C17-9C68-4BB3-B188-DD9AF0FD2410}: "URL" = hxxp://dts.search-results.com/sr?src=ieb&appid=0&systemid=410&sr=0&q={searchTerms}
IE - HKU\S-1-5-21-76316133-68959942-1097311536-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
 
========== FireFox ==========
 
FF - prefs.js..browser.search.defaultenginename: "Search Results"
FF - prefs.js..browser.search.order.1: "Search Results"
FF - prefs.js..browser.search.selectedEngine: "Google"
FF - prefs.js..browser.search.useDBForOrder: true
FF - prefs.js..browser.startup.homepage: "hxxp://www.google.de/"
FF - prefs.js..keyword.URL: "hxxp://dts.search-results.com/sr?src=ffb&appid=0&systemid=410&sr=0&q="
FF - prefs.js..network.proxy.type: 0
FF - user.js - File not found
 
FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF32.dll ()
FF - HKLM\Software\MozillaPlugins\@divx.com/DivX Browser Plugin,version=1.0.0: C:\Program Files\DivX\DivX Plus Web Player\npdivx32.dll (DivX, LLC)
FF - HKLM\Software\MozillaPlugins\@divx.com/DivX VOD Helper,version=1.0.0: C:\Program Files\DivX\DivX OVS Helper\npovshelper.dll (DivX, LLC.)
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files\Java\jre6\bin\plugin2\npjp2.dll (Sun Microsystems, Inc.)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files\Google\Update\1.3.21.111\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files\Google\Update\1.3.21.111\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
 
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{23fcfd51-4958-4f00-80a3-ae97e717ed8b}: C:\Program Files\DivX\DivX Plus Web Player\firefox\DivXHTML5 [2012.03.16 14:38:48 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 5.0\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2012.03.08 19:28:25 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 5.0\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2012.03.30 20:01:14 | 000,000,000 | ---D | M]
 
[2012.03.29 19:46:43 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Isa\AppData\Roaming\mozilla\Extensions
[2012.03.29 19:47:41 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Isa\AppData\Roaming\mozilla\Firefox\Profiles\gn3rs1nl.default\extensions
[2012.03.18 21:20:14 | 000,000,853 | ---- | M] () -- C:\Users\Isa\AppData\Roaming\Mozilla\Firefox\Profiles\gn3rs1nl.default\searchplugins\11-suche.xml
[2012.03.18 21:20:15 | 000,002,226 | ---- | M] () -- C:\Users\Isa\AppData\Roaming\Mozilla\Firefox\Profiles\gn3rs1nl.default\searchplugins\englische-ergebnisse.xml
[2012.03.18 21:20:14 | 000,010,506 | ---- | M] () -- C:\Users\Isa\AppData\Roaming\Mozilla\Firefox\Profiles\gn3rs1nl.default\searchplugins\gmx-suche.xml
[2012.03.18 21:20:15 | 000,002,457 | ---- | M] () -- C:\Users\Isa\AppData\Roaming\Mozilla\Firefox\Profiles\gn3rs1nl.default\searchplugins\lastminute.xml
[2012.03.10 19:58:39 | 000,002,515 | ---- | M] () -- C:\Users\Isa\AppData\Roaming\Mozilla\Firefox\Profiles\gn3rs1nl.default\searchplugins\Search_Results.xml
[2012.03.18 21:20:14 | 000,005,500 | ---- | M] () -- C:\Users\Isa\AppData\Roaming\Mozilla\Firefox\Profiles\gn3rs1nl.default\searchplugins\webde-suche.xml
[2012.03.30 20:01:24 | 000,000,000 | ---D | M] (No name found) -- C:\Programme\Mozilla Firefox\extensions
[2012.03.30 20:01:24 | 000,000,000 | ---D | M] (Java Console) -- C:\Programme\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0031-ABCDEFFEDCBA}
[2012.03.08 19:28:25 | 000,000,000 | ---D | M] (No name found) -- C:\Programme\Mozilla Firefox\distribution\extensions
[2012.03.08 19:28:25 | 000,000,000 | ---D | M] (Yahoo! Toolbar) -- C:\Programme\Mozilla Firefox\distribution\extensions\{635abd67-4fe9-1b23-4f01-e679fa7484c1}
[2012.03.16 14:38:48 | 000,000,000 | ---D | M] (DivX Plus Web Player HTML5 <video>) -- C:\PROGRAM FILES\DIVX\DIVX PLUS WEB PLAYER\FIREFOX\DIVXHTML5
[2012.03.30 20:01:24 | 000,000,000 | ---D | M] (Java Console) -- C:\PROGRAM FILES\MOZILLA FIREFOX\EXTENSIONS\{CAFEEFAC-0016-0000-0031-ABCDEFFEDCBA}
() (No name found) -- C:\USERS\ISA\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\GN3RS1NL.DEFAULT\EXTENSIONS\{DC572301-7619-498C-A57D-39143191B318}.XPI
() (No name found) -- C:\USERS\ISA\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\GN3RS1NL.DEFAULT\EXTENSIONS\TOOLBAR@WEB.DE.XPI
[2011.06.16 06:32:37 | 000,142,296 | ---- | M] (Mozilla Foundation) -- C:\Program Files\mozilla firefox\components\browsercomps.dll
[2012.03.30 20:00:33 | 000,476,904 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files\mozilla firefox\plugins\npdeployJava1.dll
[2010.01.01 10:00:00 | 000,001,392 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\amazondotcom-de.xml
[2010.01.01 10:00:00 | 000,002,252 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\bing.xml
[2010.01.01 10:00:00 | 000,001,153 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\eBay-de.xml
[2010.01.01 10:00:00 | 000,006,805 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\leo_ende_de.xml
[2012.03.10 19:58:39 | 000,002,515 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\Search_Results.xml
[2010.01.01 10:00:00 | 000,001,178 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\wikipedia-de.xml
[2010.01.01 10:00:00 | 000,001,105 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\yahoo-de.xml
 
========== Chrome  ==========
 
CHR - default_search_provider: Google (Enabled)
CHR - default_search_provider: search_url = {google:baseURL}search?{google:RLZ}{google:acceptedSuggestion}{google:originalQueryForSuggestion}{google:searchFieldtrialParameter}{google:instantFieldTrialGroupParameter}sourceid=chrome&ie={inputEncoding}&q={searchTerms}
CHR - default_search_provider: suggest_url = {google:baseSuggestURL}search?{google:searchFieldtrialParameter}{google:instantFieldTrialGroupParameter}client=chrome&hl={language}&q={searchTerms}
CHR - plugin: Remoting Viewer (Enabled) = internal-remoting-viewer
CHR - plugin: Native Client (Enabled) = C:\Program Files\Google\Chrome\Application\17.0.963.79\ppGoogleNaClPluginChrome.dll
CHR - plugin: Chrome PDF Viewer (Enabled) = C:\Program Files\Google\Chrome\Application\17.0.963.79\pdf.dll
CHR - plugin: Shockwave Flash (Enabled) = C:\Program Files\Google\Chrome\Application\17.0.963.79\gcswf32.dll
CHR - plugin: Shockwave Flash (Enabled) = C:\Windows\system32\Macromed\Flash\NPSWF32.dll
CHR - plugin: Adobe Acrobat (Enabled) = C:\Program Files\Adobe\Reader 10.0\Reader\Browser\nppdf32.dll
CHR - plugin: Google Update (Enabled) = C:\Program Files\Google\Update\1.2.183.13\npGoogleOneClick8.dll
CHR - plugin: Default Plug-in (Enabled) = default_plugin
CHR - Extension: YouTube = C:\Users\Isa\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo\4.2.5_0\
CHR - Extension: YouTube = C:\Users\Isa\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo\4.2_0\
CHR - Extension: Google-Suche = C:\Users\Isa\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf\0.0.0.14_0\
CHR - Extension: Google-Suche = C:\Users\Isa\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf\0.0.0.18_0\
CHR - Extension: Google Mail = C:\Users\Isa\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia\6.1.3_0\
CHR - Extension: Google Mail = C:\Users\Isa\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia\7_0\
 
O1 HOSTS File: ([2009.06.10 23:39:37 | 000,000,824 | ---- | M]) - C:\Windows\System32\drivers\etc\hosts
O2 - BHO: (DivX Plus Web Player HTML5 <video>) - {326E768D-4182-46FD-9C16-1449A49795F4} - C:\Programme\DivX\DivX Plus Web Player\ie\DivXHTML5\DivXHTML5.dll (DivX, LLC)
O2 - BHO: (Java(tm) Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Programme\Java\jre6\bin\ssv.dll (Sun Microsystems, Inc.)
O2 - BHO: (Searchqu Toolbar) - {99079a25-328f-4bd4-be04-00955acaa0a7} - C:\PROGRA~1\WIA6EB~1\Datamngr\ToolBar\searchqudtx.dll File not found
O3 - HKLM\..\Toolbar: (Searchqu Toolbar) - {99079a25-328f-4bd4-be04-00955acaa0a7} - C:\PROGRA~1\WIA6EB~1\Datamngr\ToolBar\searchqudtx.dll File not found
O3 - HKLM\..\Toolbar: (no name) - 10 - No CLSID value found.
O4 - HKLM..\Run: [avgnt] C:\Program Files\Avira\AntiVir Desktop\avgnt.exe (Avira Operations GmbH & Co. KG)
O4 - HKLM..\Run: [DivXUpdate] C:\Program Files\DivX\DivX Update\DivXUpdate.exe ()
O4 - HKLM..\Run: [Malwarebytes' Anti-Malware] C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe (Malwarebytes Corporation)
O4 - HKLM..\Run: [NvCplDaemon] C:\Windows\System32\NvCpl.dll (NVIDIA Corporation)
O4 - HKLM..\Run: [NvMediaCenter] C:\Windows\System32\NvMcTray.dll (NVIDIA Corporation)
O4 - HKLM..\RunOnce: [removeSearchqudatamngr] cmd.exe /c RD /S /Q "C:\Program Files\Windows Searchqu Toolbar" File not found
O4 - HKLM..\RunOnce: [removeSearchqutoolbar] cmd.exe /c RD /S /Q "C:\Program Files\Windows Searchqu Toolbar\Datamngr\ToolBar" File not found
O4 - HKU\S-1-5-19..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (Microsoft Corporation)
O4 - HKU\S-1-5-20..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (Microsoft Corporation)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
O13 - gopher Prefix: missing
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab (Java Plug-in 1.6.0_31)
O16 - DPF: {CAFEEFAC-0016-0000-0031-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab (Java Plug-in 1.6.0_31)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab (Java Plug-in 1.6.0_31)
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} hxxp://fpdownload2.macromedia.com/pub/shockwave/cabs/flash/swflash.cab (Shockwave Flash Object)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.178.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{91D0A25D-E1A1-4A70-89CB-093A6BE53531}: DhcpNameServer = 192.168.178.1
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\System32\userinit.exe (Microsoft Corporation)
O20 - HKLM Winlogon: VMApplet - (SystemPropertiesPerformance.exe) - C:\Windows\System32\SystemPropertiesPerformance.exe (Microsoft Corporation)
O20 - HKLM Winlogon: VMApplet - (/pagefile) -  File not found
O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2009.06.10 23:42:20 | 000,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ]
O34 - HKLM BootExecute: (autocheck autochk *)
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
 
NetSvcs: FastUserSwitchingCompatibility -  File not found
NetSvcs: Ias - C:\Windows\System32\ias.dll (Microsoft Corporation)
NetSvcs: Nla -  File not found
NetSvcs: Ntmssvc -  File not found
NetSvcs: NWCWorkstation -  File not found
NetSvcs: Nwsapagent -  File not found
NetSvcs: SRService -  File not found
NetSvcs: WmdmPmSp -  File not found
NetSvcs: LogonHours -  File not found
NetSvcs: PCAudit -  File not found
NetSvcs: helpsvc -  File not found
NetSvcs: uploadmgr -  File not found
 
 
SafeBootMin: AppMgmt - Service
SafeBootMin: Base - Driver Group
SafeBootMin: Boot Bus Extender - Driver Group
SafeBootMin: Boot file system - Driver Group
SafeBootMin: File system - Driver Group
SafeBootMin: Filter - Driver Group
SafeBootMin: HelpSvc - Service
SafeBootMin: NTDS -  File not found
SafeBootMin: PCI Configuration - Driver Group
SafeBootMin: PNP Filter - Driver Group
SafeBootMin: Primary disk - Driver Group
SafeBootMin: sacsvr - Service
SafeBootMin: SCSI Class - Driver Group
SafeBootMin: System Bus Extender - Driver Group
SafeBootMin: vmms - Service
SafeBootMin: WinDefend - C:\Programme\Windows Defender\MpSvc.dll (Microsoft Corporation)
SafeBootMin: {36FC9E60-C465-11CF-8056-444553540000} - Universal Serial Bus controllers
SafeBootMin: {4D36E965-E325-11CE-BFC1-08002BE10318} - CD-ROM Drive
SafeBootMin: {4D36E967-E325-11CE-BFC1-08002BE10318} - DiskDrive
SafeBootMin: {4D36E969-E325-11CE-BFC1-08002BE10318} - Standard floppy disk controller
SafeBootMin: {4D36E96A-E325-11CE-BFC1-08002BE10318} - Hdc
SafeBootMin: {4D36E96B-E325-11CE-BFC1-08002BE10318} - Keyboard
SafeBootMin: {4D36E96F-E325-11CE-BFC1-08002BE10318} - Mouse
SafeBootMin: {4D36E977-E325-11CE-BFC1-08002BE10318} - PCMCIA Adapters
SafeBootMin: {4D36E97B-E325-11CE-BFC1-08002BE10318} - SCSIAdapter
SafeBootMin: {4D36E97D-E325-11CE-BFC1-08002BE10318} - System
SafeBootMin: {4D36E980-E325-11CE-BFC1-08002BE10318} - Floppy disk drive
SafeBootMin: {533C5B84-EC70-11D2-9505-00C04F79DEAF} - Volume shadow copy
SafeBootMin: {6BDD1FC1-810F-11D0-BEC7-08002BE2092F} - IEEE 1394 Bus host controllers
SafeBootMin: {71A27CDD-812A-11D0-BEC7-08002BE2092F} - Volume
SafeBootMin: {745A17A0-74D3-11D0-B6FE-00A0C90F57DA} - Human Interface Devices
SafeBootMin: {D48179BE-EC20-11D1-B6B8-00C04FA372A7} - SBP2 IEEE 1394 Devices
SafeBootMin: {D94EE5D8-D189-4994-83D2-F68D7D41B0E6} - SecurityDevices
 
SafeBootNet: AppMgmt - Service
SafeBootNet: Base - Driver Group
SafeBootNet: Boot Bus Extender - Driver Group
SafeBootNet: Boot file system - Driver Group
SafeBootNet: File system - Driver Group
SafeBootNet: Filter - Driver Group
SafeBootNet: HelpSvc - Service
SafeBootNet: Messenger - Service
SafeBootNet: NDIS Wrapper - Driver Group
SafeBootNet: NetBIOSGroup - Driver Group
SafeBootNet: NetDDEGroup - Driver Group
SafeBootNet: Network - Driver Group
SafeBootNet: NetworkProvider - Driver Group
SafeBootNet: NTDS -  File not found
SafeBootNet: PCI Configuration - Driver Group
SafeBootNet: PNP Filter - Driver Group
SafeBootNet: PNP_TDI - Driver Group
SafeBootNet: Primary disk - Driver Group
SafeBootNet: rdsessmgr - Service
SafeBootNet: sacsvr - Service
SafeBootNet: SCSI Class - Driver Group
SafeBootNet: Streams Drivers - Driver Group
SafeBootNet: System Bus Extender - Driver Group
SafeBootNet: TDI - Driver Group
SafeBootNet: vmms - Service
SafeBootNet: WinDefend - C:\Programme\Windows Defender\MpSvc.dll (Microsoft Corporation)
SafeBootNet: WudfUsbccidDriver - Driver
SafeBootNet: {36FC9E60-C465-11CF-8056-444553540000} - Universal Serial Bus controllers
SafeBootNet: {4D36E965-E325-11CE-BFC1-08002BE10318} - CD-ROM Drive
SafeBootNet: {4D36E967-E325-11CE-BFC1-08002BE10318} - DiskDrive
SafeBootNet: {4D36E969-E325-11CE-BFC1-08002BE10318} - Standard floppy disk controller
SafeBootNet: {4D36E96A-E325-11CE-BFC1-08002BE10318} - Hdc
SafeBootNet: {4D36E96B-E325-11CE-BFC1-08002BE10318} - Keyboard
SafeBootNet: {4D36E96F-E325-11CE-BFC1-08002BE10318} - Mouse
SafeBootNet: {4D36E972-E325-11CE-BFC1-08002BE10318} - Net
SafeBootNet: {4D36E973-E325-11CE-BFC1-08002BE10318} - NetClient
SafeBootNet: {4D36E974-E325-11CE-BFC1-08002BE10318} - NetService
SafeBootNet: {4D36E975-E325-11CE-BFC1-08002BE10318} - NetTrans
SafeBootNet: {4D36E977-E325-11CE-BFC1-08002BE10318} - PCMCIA Adapters
SafeBootNet: {4D36E97B-E325-11CE-BFC1-08002BE10318} - SCSIAdapter
SafeBootNet: {4D36E97D-E325-11CE-BFC1-08002BE10318} - System
SafeBootNet: {4D36E980-E325-11CE-BFC1-08002BE10318} - Floppy disk drive
SafeBootNet: {50DD5230-BA8A-11D1-BF5D-0000F805F530} - Smart card readers
SafeBootNet: {533C5B84-EC70-11D2-9505-00C04F79DEAF} - Volume shadow copy
SafeBootNet: {6BDD1FC1-810F-11D0-BEC7-08002BE2092F} - IEEE 1394 Bus host controllers
SafeBootNet: {71A27CDD-812A-11D0-BEC7-08002BE2092F} - Volume
SafeBootNet: {745A17A0-74D3-11D0-B6FE-00A0C90F57DA} - Human Interface Devices
SafeBootNet: {D48179BE-EC20-11D1-B6B8-00C04FA372A7} - SBP2 IEEE 1394 Devices
SafeBootNet: {D94EE5D8-D189-4994-83D2-F68D7D41B0E6} - SecurityDevices
 
ActiveX: {08B0E5C0-4FCB-11CF-AAA5-00401C608500} - Java (Sun)
ActiveX: {22d6f312-b0f6-11d0-94ab-0080c74c7e95} - Microsoft Windows Media Player 12.0
ActiveX: {25FFAAD0-F4A3-4164-95FF-4461E9F35D51} - .NET Framework
ActiveX: {2C7339CF-2B09-4501-B3F3-F3508C9228ED} - %SystemRoot%\system32\regsvr32.exe /s /n /i:/UserInstall %SystemRoot%\system32\themeui.dll
ActiveX: {3af36230-a269-11d1-b5bf-0000f8051515} - Offline Browsing Pack
ActiveX: {3C3901C5-3455-3E0A-A214-0B093A5070A6} - .NET Framework
ActiveX: {44BBA840-CC51-11CF-AAFA-00AA00B6015C} - "%ProgramFiles%\Windows Mail\WinMail.exe" OCInstallUserConfigOE
ActiveX: {44BBA855-CC51-11CF-AAFA-00AA00B6015F} - DirectDrawEx
ActiveX: {45ea75a0-a269-11d1-b5bf-0000f8051515} - Internet Explorer Help
ActiveX: {4f645220-306d-11d2-995d-00c04f98bbc9} - Microsoft Windows Script 5.6
ActiveX: {5fd399c0-a70a-11d1-9948-00c04f98bbc9} - Internet Explorer Setup Tools
ActiveX: {630b1da0-b465-11d1-9948-00c04f98bbc9} - Browsing Enhancements
ActiveX: {6BF52A52-394A-11d3-B153-00C04F79FAA6} - Microsoft Windows Media Player
ActiveX: {6fab99d0-bab8-11d1-994a-00c04f98bbc9} - MSN Site Access
ActiveX: {7790769C-0471-11d2-AF11-00C04FA35D02} - Address Book 7
ActiveX: {7C028AF8-F614-47B3-82DA-BA94E41B1089} - .NET Framework
ActiveX: {89820200-ECBD-11cf-8B85-00AA005B4340} - regsvr32.exe /s /n /i:U shell32.dll
ActiveX: {89820200-ECBD-11cf-8B85-00AA005B4383} - C:\Windows\System32\ie4uinit.exe -BaseSettings
ActiveX: {89B4C1CD-B018-4511-B0A1-5476DBF70820} - C:\Windows\system32\Rundll32.exe C:\Windows\system32\mscories.dll,Install
ActiveX: {9381D8F2-0288-11D0-9501-00AA00B911A5} - Dynamic HTML Data Binding
ActiveX: {C9E9A340-D1F1-11D0-821E-444553540600} - Internet Explorer Core Fonts
ActiveX: {de5aed00-a4bf-11d1-9948-00c04f98bbc9} - HTML Help
ActiveX: {E92B03AB-B707-11d2-9CBD-0000F87A369E} - Active Directory Service Interface
ActiveX: >{22d6f312-b0f6-11d0-94ab-0080c74c7e95} - %SystemRoot%\system32\unregmp2.exe /ShowWMP
ActiveX: >{26923b43-4d38-484f-9b9e-de460746276c} - C:\Windows\System32\ie4uinit.exe -UserIconConfig
ActiveX: >{60B49E34-C7CC-11D0-8953-00A0C90347FF} - "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\iedkcs32.dll",BrandIEActiveSetup SIGNUP
 
Drivers32: msacm.ac3filter - C:\Windows\System32\ac3filter.acm ()
Drivers32: msacm.l3acm - C:\Windows\System32\l3codeca.acm (Fraunhofer Institut Integrierte Schaltungen IIS)
Drivers32: vidc.cvid - C:\Windows\System32\iccvid.dll (Radius Inc.)
Drivers32: vidc.DIVX - C:\Windows\System32\DivX.dll (DivX, Inc.)
Drivers32: vidc.yv12 - C:\Windows\System32\DivX.dll (DivX, Inc.)
 
CREATERESTOREPOINT
Restore point Set: OTL Restore Point
 
========== Files/Folders - Created Within 30 Days ==========
 
[2012.03.30 22:08:46 | 000,593,920 | ---- | C] (OldTimer Tools) -- C:\Users\Isa\Desktop\OTL.exe
[2012.03.30 20:01:42 | 000,000,000 | ---D | C] -- C:\ProgramData\Sun
[2012.03.30 20:01:40 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Java
[2012.03.30 20:00:29 | 000,000,000 | ---D | C] -- C:\Program Files\Java
[2012.03.30 19:30:34 | 000,000,000 | ---D | C] -- C:\Program Files\ESET
[2012.03.29 19:49:56 | 000,000,000 | ---D | C] -- C:\Users\Isa\Desktop\Luke Bilder
[2012.03.29 19:46:58 | 000,000,000 | ---D | C] -- C:\Users\Isa\Desktop\trojaner board
[2012.03.29 19:37:42 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\7-Zip
[2012.03.29 19:37:41 | 000,000,000 | ---D | C] -- C:\Program Files\7-Zip
[2012.03.29 18:49:55 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft-Maus
[2012.03.29 18:49:30 | 000,000,000 | ---D | C] -- C:\Program Files\Microsoft IntelliPoint
[2012.03.29 18:49:18 | 000,000,000 | ---D | C] -- C:\Windows\PCHEALTH
[2012.03.29 16:36:14 | 000,000,000 | ---D | C] -- C:\Users\Isa\AppData\Roaming\Malwarebytes
[2012.03.29 16:36:05 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes' Anti-Malware
[2012.03.29 16:36:04 | 000,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes
[2012.03.29 16:36:02 | 000,020,464 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbam.sys
[2012.03.29 16:36:02 | 000,000,000 | ---D | C] -- C:\Program Files\Malwarebytes' Anti-Malware
[2012.03.16 14:46:43 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\AC3Filter
[2012.03.16 14:46:41 | 000,000,000 | ---D | C] -- C:\Program Files\AC3Filter
[2012.03.16 14:39:39 | 000,000,000 | ---D | C] -- C:\Users\Isa\AppData\Local\DDMSettings
[2012.03.16 14:38:16 | 000,000,000 | ---D | C] -- C:\Users\Isa\AppData\Roaming\DivX
[2012.03.16 14:37:49 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\PX Storage Engine
[2012.03.16 14:37:28 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\DivX Plus
[2012.03.16 14:28:40 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome
[2012.03.16 14:26:54 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\DivX Shared
[2012.03.16 14:25:10 | 000,000,000 | ---D | C] -- C:\Users\Isa\AppData\Local\Google
[2012.03.16 14:25:04 | 000,000,000 | ---D | C] -- C:\Program Files\Google
[2012.03.16 14:24:40 | 000,000,000 | ---D | C] -- C:\Program Files\DivX
[2012.03.16 14:23:52 | 000,000,000 | ---D | C] -- C:\ProgramData\DivX
[2012.03.14 11:35:41 | 000,000,000 | ---D | C] -- C:\ProgramData\boost_interprocess
[2012.03.10 20:17:37 | 000,000,000 | ---D | C] -- C:\Windows\System32\SPReview
[2012.03.10 20:16:55 | 000,000,000 | ---D | C] -- C:\Windows\System32\EventProviders
[2012.03.10 19:58:53 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Free Audio Pack
[2012.03.10 19:58:41 | 000,348,160 | ---- | C] (NCT Company Ltd.) -- C:\Windows\System32\WMAFile.dll
[2012.03.10 19:58:40 | 000,479,232 | ---- | C] (NCT Company Ltd.) -- C:\Windows\System32\AudioVisu.dll
[2012.03.10 19:58:40 | 000,458,752 | ---- | C] (NCT Company Ltd.) -- C:\Windows\System32\AudPlayer.dll
[2012.03.10 19:58:40 | 000,454,656 | ---- | C] (NCT Company Ltd.) -- C:\Windows\System32\AudioRecord.dll
[2012.03.10 19:58:39 | 001,212,416 | ---- | C] (NCT Company Ltd.) -- C:\Windows\System32\AudioInfos.dll
[2012.03.10 19:58:38 | 000,000,000 | ---D | C] -- C:\Program Files\Windows Searchqu Toolbar
[2012.03.10 19:58:37 | 002,084,864 | ---- | C] (NCT Company Ltd.) -- C:\Windows\System32\AudDesign.dll
[2012.03.10 19:58:37 | 001,986,560 | ---- | C] (NCT Company Ltd.) -- C:\Windows\System32\AudFile.dll
[2012.03.10 19:58:37 | 000,417,792 | ---- | C] (NCT Company Ltd.) -- C:\Windows\System32\AudDisplay.dll
[2012.03.10 19:58:34 | 000,000,000 | ---D | C] -- C:\Users\Isa\AppData\Roaming\FreeAudioPack
[2012.03.10 19:58:34 | 000,000,000 | ---D | C] -- C:\Program Files\Free mp3 Wma Converter
[2012.03.10 18:45:36 | 000,093,696 | ---- | C] (Windows (R) Codename Longhorn DDK provider) -- C:\Windows\System32\fms.dll
[2012.03.10 14:13:57 | 000,000,000 | ---D | C] -- C:\Program Files\Microsoft.NET
[2012.03.09 22:32:16 | 000,000,000 | ---D | C] -- C:\Users\Isa\AppData\Roaming\Avira
[2012.03.08 20:12:26 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Avira
[2012.03.08 20:12:13 | 000,137,416 | ---- | C] (Avira GmbH) -- C:\Windows\System32\drivers\avipbb.sys
[2012.03.08 20:12:13 | 000,074,640 | ---- | C] (Avira GmbH) -- C:\Windows\System32\drivers\avgntflt.sys
[2012.03.08 20:12:13 | 000,036,000 | ---- | C] (Avira GmbH) -- C:\Windows\System32\drivers\avkmgr.sys
[2012.03.08 20:12:13 | 000,028,520 | ---- | C] (Avira GmbH) -- C:\Windows\System32\drivers\ssmdrv.sys
[2012.03.08 20:12:10 | 000,000,000 | ---D | C] -- C:\ProgramData\Avira
[2012.03.08 20:12:10 | 000,000,000 | ---D | C] -- C:\Program Files\Avira
[2012.03.08 19:38:23 | 000,000,000 | ---D | C] -- C:\Users\Isa\AppData\Local\Adobe
[2012.03.08 19:35:14 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Adobe
[2012.03.08 19:35:14 | 000,000,000 | ---D | C] -- C:\Program Files\Adobe
[2012.03.08 19:34:27 | 000,000,000 | -HSD | C] -- C:\Windows\Installer
[2012.03.08 19:34:07 | 000,000,000 | ---D | C] -- C:\ProgramData\Adobe
[2012.03.08 19:31:18 | 000,000,000 | ---D | C] -- C:\ProgramData\NVIDIA
[2012.03.08 19:28:29 | 000,000,000 | ---D | C] -- C:\Users\Isa\AppData\Roaming\Mozilla
[2012.03.08 19:28:29 | 000,000,000 | ---D | C] -- C:\Users\Isa\AppData\Local\Mozilla
[2012.03.08 19:28:24 | 000,000,000 | ---D | C] -- C:\Program Files\Mozilla Firefox
[2012.03.08 19:25:30 | 000,000,000 | ---D | C] -- C:\Users\Isa\AppData\Roaming\Macromedia
[2012.03.08 19:25:30 | 000,000,000 | ---D | C] -- C:\Users\Isa\AppData\Roaming\Adobe
[2012.03.08 19:25:21 | 000,000,000 | ---D | C] -- C:\Windows\System32\Macromed
[2012.03.02 14:24:08 | 000,000,000 | R--D | C] -- C:\Users\Isa\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup
[2012.03.02 14:24:08 | 000,000,000 | R--D | C] -- C:\Users\Isa\Searches
[2012.03.02 14:24:08 | 000,000,000 | R--D | C] -- C:\Users\Isa\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Administrative Tools
[2012.03.02 14:23:56 | 000,000,000 | ---D | C] -- C:\Users\Isa\AppData\Roaming\Identities
[2012.03.02 14:23:54 | 000,000,000 | R--D | C] -- C:\Users\Isa\Contacts
[2012.03.02 14:23:47 | 000,000,000 | ---D | C] -- C:\Users\Isa\AppData\Local\VirtualStore
[2012.03.02 14:23:43 | 000,000,000 | -HSD | C] -- C:\Users\Isa\Vorlagen
[2012.03.02 14:23:43 | 000,000,000 | -HSD | C] -- C:\Users\Isa\AppData\Local\Verlauf
[2012.03.02 14:23:43 | 000,000,000 | -HSD | C] -- C:\Users\Isa\AppData\Local\Temporary Internet Files
[2012.03.02 14:23:43 | 000,000,000 | -HSD | C] -- C:\Users\Isa\Startmenü
[2012.03.02 14:23:43 | 000,000,000 | -HSD | C] -- C:\Users\Isa\SendTo
[2012.03.02 14:23:43 | 000,000,000 | -HSD | C] -- C:\Users\Isa\Recent
[2012.03.02 14:23:43 | 000,000,000 | -HSD | C] -- C:\Users\Isa\Netzwerkumgebung
[2012.03.02 14:23:43 | 000,000,000 | -HSD | C] -- C:\Users\Isa\Lokale Einstellungen
[2012.03.02 14:23:43 | 000,000,000 | -HSD | C] -- C:\Users\Isa\Documents\Eigene Videos
[2012.03.02 14:23:43 | 000,000,000 | -HSD | C] -- C:\Users\Isa\Documents\Eigene Musik
[2012.03.02 14:23:43 | 000,000,000 | -HSD | C] -- C:\Users\Isa\Eigene Dateien
[2012.03.02 14:23:43 | 000,000,000 | -HSD | C] -- C:\Users\Isa\Documents\Eigene Bilder
[2012.03.02 14:23:43 | 000,000,000 | -HSD | C] -- C:\Users\Isa\Druckumgebung
[2012.03.02 14:23:43 | 000,000,000 | -HSD | C] -- C:\Users\Isa\Cookies
[2012.03.02 14:23:43 | 000,000,000 | -HSD | C] -- C:\Users\Isa\AppData\Local\Anwendungsdaten
[2012.03.02 14:23:43 | 000,000,000 | -HSD | C] -- C:\Users\Isa\Anwendungsdaten
[2012.03.02 14:23:42 | 000,000,000 | --SD | C] -- C:\Users\Isa\AppData\Roaming\Microsoft
[2012.03.02 14:23:42 | 000,000,000 | R--D | C] -- C:\Users\Isa\Videos
[2012.03.02 14:23:42 | 000,000,000 | R--D | C] -- C:\Users\Isa\Saved Games
[2012.03.02 14:23:42 | 000,000,000 | R--D | C] -- C:\Users\Isa\Pictures
[2012.03.02 14:23:42 | 000,000,000 | R--D | C] -- C:\Users\Isa\Music
[2012.03.02 14:23:42 | 000,000,000 | R--D | C] -- C:\Users\Isa\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Maintenance
[2012.03.02 14:23:42 | 000,000,000 | R--D | C] -- C:\Users\Isa\Links
[2012.03.02 14:23:42 | 000,000,000 | R--D | C] -- C:\Users\Isa\Favorites
[2012.03.02 14:23:42 | 000,000,000 | R--D | C] -- C:\Users\Isa\Downloads
[2012.03.02 14:23:42 | 000,000,000 | R--D | C] -- C:\Users\Isa\Documents
[2012.03.02 14:23:42 | 000,000,000 | R--D | C] -- C:\Users\Isa\Desktop
[2012.03.02 14:23:42 | 000,000,000 | R--D | C] -- C:\Users\Isa\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessories
[2012.03.02 14:23:42 | 000,000,000 | -H-D | C] -- C:\Users\Isa\AppData
[2012.03.02 14:23:42 | 000,000,000 | ---D | C] -- C:\Users\Isa\AppData\Local\Temp
[2012.03.02 14:23:42 | 000,000,000 | ---D | C] -- C:\Users\Isa\AppData\Local\Microsoft
[2012.03.02 14:23:42 | 000,000,000 | ---D | C] -- C:\Users\Isa\AppData\Roaming\Media Center Programs
[2012.03.02 14:23:30 | 000,000,000 | -HSD | C] -- C:\ProgramData\Vorlagen
[2012.03.02 14:23:30 | 000,000,000 | -HSD | C] -- C:\ProgramData\Startmenü
[2012.03.02 14:23:30 | 000,000,000 | -HSD | C] -- C:\Recovery
[2012.03.02 14:23:30 | 000,000,000 | -HSD | C] -- C:\Programme
[2012.03.02 14:23:30 | 000,000,000 | -HSD | C] -- C:\Program Files\Gemeinsame Dateien
[2012.03.02 14:23:30 | 000,000,000 | -HSD | C] -- C:\ProgramData\Favoriten
[2012.03.02 14:23:30 | 000,000,000 | -HSD | C] -- C:\Users\Public\Documents\Eigene Videos
[2012.03.02 14:23:30 | 000,000,000 | -HSD | C] -- C:\Users\Public\Documents\Eigene Musik
[2012.03.02 14:23:30 | 000,000,000 | -HSD | C] -- C:\Users\Public\Documents\Eigene Bilder
[2012.03.02 14:23:30 | 000,000,000 | -HSD | C] -- C:\Dokumente und Einstellungen
[2012.03.02 14:23:30 | 000,000,000 | -HSD | C] -- C:\ProgramData\Dokumente
[2012.03.02 14:23:30 | 000,000,000 | -HSD | C] -- C:\ProgramData\Anwendungsdaten
[2012.03.02 14:08:57 | 000,000,000 | ---D | C] -- C:\Windows\SoftwareDistribution
[2012.03.02 14:06:18 | 000,000,000 | ---D | C] -- C:\Windows\Prefetch
[2012.03.02 14:05:58 | 000,000,000 | -HSD | C] -- C:\System Volume Information
[2012.03.02 14:05:16 | 000,000,000 | ---D | C] -- C:\Windows\Panther
 
========== Files - Modified Within 30 Days ==========
 
[2012.03.30 22:08:56 | 000,593,920 | ---- | M] (OldTimer Tools) -- C:\Users\Isa\Desktop\OTL.exe
[2012.03.30 21:26:01 | 000,001,092 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job
[2012.03.30 21:12:01 | 000,300,931 | ---- | M] () -- C:\Users\Isa\Desktop\soapSkin_c_HelmutWolech.jpg
[2012.03.30 20:53:42 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2012.03.30 19:01:00 | 000,001,088 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job
[2012.03.30 18:49:11 | 000,654,166 | ---- | M] () -- C:\Windows\System32\perfh007.dat
[2012.03.30 18:49:11 | 000,616,008 | ---- | M] () -- C:\Windows\System32\perfh009.dat
[2012.03.30 18:49:11 | 000,130,006 | ---- | M] () -- C:\Windows\System32\perfc007.dat
[2012.03.30 18:49:11 | 000,106,388 | ---- | M] () -- C:\Windows\System32\perfc009.dat
[2012.03.29 18:49:55 | 000,000,000 | -H-- | M] () -- C:\Windows\System32\drivers\Msft_Kernel_point32_01009.Wdf
[2012.03.29 17:51:54 | 000,014,784 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
[2012.03.29 17:51:54 | 000,014,784 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
[2012.03.29 17:44:12 | 803,774,464 | -HS- | M] () -- C:\hiberfil.sys
[2012.03.29 16:33:10 | 000,000,000 | ---- | M] () -- C:\Users\Isa\defogger_reenable
[2012.03.16 14:33:16 | 000,265,640 | ---- | M] () -- C:\Windows\System32\FNTCACHE.DAT
[2012.03.16 14:28:42 | 000,002,197 | ---- | M] () -- C:\Users\Public\Desktop\Google Chrome.lnk
[2012.03.10 19:48:39 | 000,000,000 | -H-- | M] () -- C:\Windows\System32\drivers\Msft_User_WpdFs_01_09_00.Wdf
[2012.03.09 22:32:26 | 000,072,822 | ---- | M] () -- C:\Windows\System32\ieuinit.inf
[2012.03.08 20:12:26 | 000,002,008 | ---- | M] () -- C:\Users\Public\Desktop\Avira Control Center.lnk
[2012.03.08 19:35:49 | 000,001,989 | ---- | M] () -- C:\Users\Public\Desktop\Adobe Reader X.lnk
[2012.03.08 19:28:26 | 000,001,088 | ---- | M] () -- C:\Users\Public\Desktop\Mozilla Firefox.lnk
[2012.03.02 14:09:43 | 000,052,953 | ---- | M] () -- C:\Windows\System32\license.rtf
 
========== Files Created - No Company Name ==========
 
[2012.03.30 21:11:50 | 000,300,931 | ---- | C] () -- C:\Users\Isa\Desktop\soapSkin_c_HelmutWolech.jpg
[2012.03.29 18:49:55 | 000,000,000 | -H-- | C] () -- C:\Windows\System32\drivers\Msft_Kernel_point32_01009.Wdf
[2012.03.29 16:33:10 | 000,000,000 | ---- | C] () -- C:\Users\Isa\defogger_reenable
[2012.03.16 14:46:41 | 000,497,664 | ---- | C] () -- C:\Windows\System32\ac3filter.acm
[2012.03.16 14:28:42 | 000,002,197 | ---- | C] () -- C:\Users\Public\Desktop\Google Chrome.lnk
[2012.03.16 14:25:42 | 000,001,092 | ---- | C] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job
[2012.03.16 14:25:26 | 000,001,088 | ---- | C] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job
[2012.03.10 19:58:41 | 000,116,296 | ---- | C] () -- C:\Windows\System32\NCTWMAProfiles.prx
[2012.03.10 19:58:35 | 000,484,352 | ---- | C] () -- C:\Windows\System32\lame_enc.dll
[2012.03.10 19:48:39 | 000,000,000 | -H-- | C] () -- C:\Windows\System32\drivers\Msft_User_WpdFs_01_09_00.Wdf
[2012.03.10 18:47:13 | 000,146,852 | ---- | C] () -- C:\Windows\System32\systemsf.ebd
[2012.03.10 18:45:07 | 000,010,429 | ---- | C] () -- C:\Windows\System32\ScavengeSpace.xml
[2012.03.10 18:44:51 | 000,105,559 | ---- | C] () -- C:\Windows\System32\RacRules.xml
[2012.03.09 22:32:26 | 000,072,822 | ---- | C] () -- C:\Windows\System32\ieuinit.inf
[2012.03.08 20:12:26 | 000,002,008 | ---- | C] () -- C:\Users\Public\Desktop\Avira Control Center.lnk
[2012.03.08 19:35:49 | 000,002,441 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe Reader X.lnk
[2012.03.08 19:35:49 | 000,001,989 | ---- | C] () -- C:\Users\Public\Desktop\Adobe Reader X.lnk
[2012.03.08 19:28:26 | 000,001,100 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Mozilla Firefox.lnk
[2012.03.08 19:28:26 | 000,001,088 | ---- | C] () -- C:\Users\Public\Desktop\Mozilla Firefox.lnk
[2012.03.02 14:24:10 | 000,001,405 | ---- | C] () -- C:\Users\Isa\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Internet Explorer.lnk
[2012.03.02 14:09:33 | 000,001,345 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Media Center.lnk
[2012.03.02 14:09:21 | 000,001,326 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Windows DVD Maker.lnk
[2012.03.02 14:05:58 | 803,774,464 | -HS- | C] () -- C:\hiberfil.sys
 
========== LOP Check ==========
 
[2012.03.10 19:59:27 | 000,000,000 | ---D | M] -- C:\Users\Isa\AppData\Roaming\FreeAudioPack
[2009.07.14 06:53:46 | 000,003,904 | ---- | M] () -- C:\Windows\Tasks\SCHEDLGU.TXT
 
========== Purity Check ==========
 
 
 
========== Custom Scans ==========
 
< %ALLUSERSPROFILE%\Application Data\*. >
 
< %ALLUSERSPROFILE%\Application Data\*.exe /s >
 
< %APPDATA%\*. >
[2012.03.08 19:38:23 | 000,000,000 | ---D | M] -- C:\Users\Isa\AppData\Roaming\Adobe
[2012.03.09 22:32:16 | 000,000,000 | ---D | M] -- C:\Users\Isa\AppData\Roaming\Avira
[2012.03.16 14:39:53 | 000,000,000 | ---D | M] -- C:\Users\Isa\AppData\Roaming\DivX
[2012.03.10 19:59:27 | 000,000,000 | ---D | M] -- C:\Users\Isa\AppData\Roaming\FreeAudioPack
[2012.03.02 14:23:56 | 000,000,000 | ---D | M] -- C:\Users\Isa\AppData\Roaming\Identities
[2012.03.08 19:25:30 | 000,000,000 | ---D | M] -- C:\Users\Isa\AppData\Roaming\Macromedia
[2012.03.29 16:36:14 | 000,000,000 | ---D | M] -- C:\Users\Isa\AppData\Roaming\Malwarebytes
[2009.07.14 10:56:41 | 000,000,000 | ---D | M] -- C:\Users\Isa\AppData\Roaming\Media Center Programs
[2012.03.30 20:01:26 | 000,000,000 | --SD | M] -- C:\Users\Isa\AppData\Roaming\Microsoft
[2012.03.08 19:28:36 | 000,000,000 | ---D | M] -- C:\Users\Isa\AppData\Roaming\Mozilla
 
< %APPDATA%\*.exe /s >
 
< %SYSTEMDRIVE%\*.exe >
 
< MD5 for: AGP440.SYS  >
[2009.07.14 03:26:15 | 000,053,312 | ---- | M] (Microsoft Corporation) MD5=507812C3054C21CEF746B6EE3D04DD6E -- C:\Windows\System32\drivers\AGP440.sys
[2009.07.14 03:26:15 | 000,053,312 | ---- | M] (Microsoft Corporation) MD5=507812C3054C21CEF746B6EE3D04DD6E -- C:\Windows\System32\DriverStore\FileRepository\machine.inf_x86_neutral_a97a2a0d0fbc6696\AGP440.sys
[2009.07.14 03:26:15 | 000,053,312 | ---- | M] (Microsoft Corporation) MD5=507812C3054C21CEF746B6EE3D04DD6E -- C:\Windows\winsxs\x86_machine.inf_31bf3856ad364e35_6.1.7600.16385_none_b9e9435f20046eeb\AGP440.sys
[2009.07.14 03:26:15 | 000,053,312 | ---- | M] (Microsoft Corporation) MD5=507812C3054C21CEF746B6EE3D04DD6E -- C:\Windows\winsxs\x86_machine.inf_31bf3856ad364e35_6.1.7601.17514_none_bc1a57271cf2f285\AGP440.sys
 
< MD5 for: ATAPI.SYS  >
[2009.07.14 03:26:15 | 000,021,584 | ---- | M] (Microsoft Corporation) MD5=338C86357871C167A96AB976519BF59E -- C:\Windows\System32\drivers\atapi.sys
[2009.07.14 03:26:15 | 000,021,584 | ---- | M] (Microsoft Corporation) MD5=338C86357871C167A96AB976519BF59E -- C:\Windows\System32\DriverStore\FileRepository\mshdc.inf_x86_neutral_fab873f3e8a3315c\atapi.sys
[2009.07.14 03:26:15 | 000,021,584 | ---- | M] (Microsoft Corporation) MD5=338C86357871C167A96AB976519BF59E -- C:\Windows\winsxs\x86_mshdc.inf_31bf3856ad364e35_6.1.7600.16385_none_dd0e7e3d82dd640d\atapi.sys
[2009.07.14 03:26:15 | 000,021,584 | ---- | M] (Microsoft Corporation) MD5=338C86357871C167A96AB976519BF59E -- C:\Windows\winsxs\x86_mshdc.inf_31bf3856ad364e35_6.1.7601.17514_none_df3f92057fcbe7a7\atapi.sys
 
< MD5 for: CNGAUDIT.DLL  >
[2009.07.14 03:15:06 | 000,012,288 | ---- | M] (Microsoft Corporation) MD5=50BA656134F78AF64E4DD3C8B6FEFD7E -- C:\Windows\System32\cngaudit.dll
[2009.07.14 03:15:06 | 000,012,288 | ---- | M] (Microsoft Corporation) MD5=50BA656134F78AF64E4DD3C8B6FEFD7E -- C:\Windows\winsxs\x86_microsoft-windows-cngaudit-dll_31bf3856ad364e35_6.1.7600.16385_none_e83a414890e8132b\cngaudit.dll
 
< MD5 for: IASTORV.SYS  >
[2011.03.11 07:38:51 | 000,332,160 | ---- | M] (Intel Corporation) MD5=5CD5F9A5444E6CDCB0AC89BD62D8B76E -- C:\Windows\System32\drivers\iaStorV.sys
[2011.03.11 07:38:51 | 000,332,160 | ---- | M] (Intel Corporation) MD5=5CD5F9A5444E6CDCB0AC89BD62D8B76E -- C:\Windows\System32\DriverStore\FileRepository\iastorv.inf_x86_neutral_0bcee2057afcc090\iaStorV.sys
[2011.03.11 07:38:51 | 000,332,160 | ---- | M] (Intel Corporation) MD5=5CD5F9A5444E6CDCB0AC89BD62D8B76E -- C:\Windows\winsxs\x86_iastorv.inf_31bf3856ad364e35_6.1.7601.17577_none_b0daddb9e6380745\iaStorV.sys
[2011.03.11 07:43:55 | 000,332,160 | ---- | M] (Intel Corporation) MD5=71F1A494FEDF4B33C02C4A6A28D6D9E9 -- C:\Windows\winsxs\x86_iastorv.inf_31bf3856ad364e35_6.1.7600.16778_none_aef580fde910b4b0\iaStorV.sys
[2011.03.11 07:28:00 | 000,332,160 | ---- | M] (Intel Corporation) MD5=778D0E6D7D9EBA0C403BADBAAD41DB20 -- C:\Windows\winsxs\x86_iastorv.inf_31bf3856ad364e35_6.1.7601.21680_none_b152a892ff64119f\iaStorV.sys
[2009.07.14 03:20:36 | 000,332,352 | ---- | M] (Intel Corporation) MD5=934AF4D7C5F457B9F0743F4299B77B67 -- C:\Windows\winsxs\x86_iastorv.inf_31bf3856ad364e35_6.1.7600.16385_none_aee7a89be91b9000\iaStorV.sys
[2010.11.20 14:29:54 | 000,332,160 | ---- | M] (Intel Corporation) MD5=A3CAE5D281DB4CFF7CFF8233507EE5AD -- C:\Windows\System32\DriverStore\FileRepository\iastorv.inf_x86_neutral_668286aa35d55928\iaStorV.sys
[2010.11.20 14:29:54 | 000,332,160 | ---- | M] (Intel Corporation) MD5=A3CAE5D281DB4CFF7CFF8233507EE5AD -- C:\Windows\winsxs\x86_iastorv.inf_31bf3856ad364e35_6.1.7601.17514_none_b118bc63e60a139a\iaStorV.sys
[2011.03.11 07:52:21 | 000,332,160 | ---- | M] (Intel Corporation) MD5=B9039A34C2F8769490DCC494E2402445 -- C:\Windows\winsxs\x86_iastorv.inf_31bf3856ad364e35_6.1.7600.20921_none_afae2d45020c148b\iaStorV.sys
 
< MD5 for: NETLOGON.DLL  >
[2010.11.20 14:20:28 | 000,563,712 | ---- | M] (Microsoft Corporation) MD5=C1809B9907ADEDAF16F50C894100883B -- C:\Windows\System32\netlogon.dll
[2010.11.20 14:20:28 | 000,563,712 | ---- | M] (Microsoft Corporation) MD5=C1809B9907ADEDAF16F50C894100883B -- C:\Windows\winsxs\x86_microsoft-windows-security-netlogon_31bf3856ad364e35_6.1.7601.17514_none_ffbf212e963c0162\netlogon.dll
[2009.07.14 03:16:02 | 000,563,712 | ---- | M] (Microsoft Corporation) MD5=EAA75D9000B71F10EEC04D2AE6C60E81 -- C:\Windows\winsxs\x86_microsoft-windows-security-netlogon_31bf3856ad364e35_6.1.7600.16385_none_fd8e0d66994d7dc8\netlogon.dll
 
< MD5 for: NVSTOR.SYS  >
[2011.03.11 07:39:00 | 000,143,744 | ---- | M] (NVIDIA Corporation) MD5=4380E59A170D88C4F1022EFF6719A8A4 -- C:\Windows\System32\drivers\nvstor.sys
[2011.03.11 07:39:00 | 000,143,744 | ---- | M] (NVIDIA Corporation) MD5=4380E59A170D88C4F1022EFF6719A8A4 -- C:\Windows\System32\DriverStore\FileRepository\nvraid.inf_x86_neutral_0276fc3b3ea60d41\nvstor.sys
[2011.03.11 07:39:00 | 000,143,744 | ---- | M] (NVIDIA Corporation) MD5=4380E59A170D88C4F1022EFF6719A8A4 -- C:\Windows\winsxs\x86_nvraid.inf_31bf3856ad364e35_6.1.7601.17577_none_3ba44e691d6eb11d\nvstor.sys
[2011.03.11 07:44:01 | 000,143,744 | ---- | M] (NVIDIA Corporation) MD5=4520B63899E867F354EE012D34E11536 -- C:\Windows\winsxs\x86_nvraid.inf_31bf3856ad364e35_6.1.7600.16778_none_39bef1ad20475e88\nvstor.sys
[2011.03.11 07:28:10 | 000,143,744 | ---- | M] (NVIDIA Corporation) MD5=66D468654A58594F5F3BA63D5AD5B1AF -- C:\Windows\winsxs\x86_nvraid.inf_31bf3856ad364e35_6.1.7601.21680_none_3c1c1942369abb77\nvstor.sys
[2011.03.11 07:52:25 | 000,143,744 | ---- | M] (NVIDIA Corporation) MD5=8A7583A3B58D3EEB28BB26626526BC91 -- C:\Windows\winsxs\x86_nvraid.inf_31bf3856ad364e35_6.1.7600.20921_none_3a779df43942be63\nvstor.sys
[2010.11.20 14:30:06 | 000,143,744 | ---- | M] (NVIDIA Corporation) MD5=9283C58EBAA2618F93482EB5DABCEC82 -- C:\Windows\System32\DriverStore\FileRepository\nvraid.inf_x86_neutral_dd659ed032d28a14\nvstor.sys
[2010.11.20 14:30:06 | 000,143,744 | ---- | M] (NVIDIA Corporation) MD5=9283C58EBAA2618F93482EB5DABCEC82 -- C:\Windows\winsxs\x86_nvraid.inf_31bf3856ad364e35_6.1.7601.17514_none_3be22d131d40bd72\nvstor.sys
[2009.07.14 03:20:44 | 000,142,416 | ---- | M] (NVIDIA Corporation) MD5=C99F251A5DE63C6F129CF71933ACED0F -- C:\Windows\winsxs\x86_nvraid.inf_31bf3856ad364e35_6.1.7600.16385_none_39b1194b205239d8\nvstor.sys
 
< MD5 for: SCECLI.DLL  >
[2009.07.14 03:16:13 | 000,175,616 | ---- | M] (Microsoft Corporation) MD5=26073302DAEA83CC5B944C546D6B47D2 -- C:\Windows\winsxs\x86_microsoft-windows-s..urationengineclient_31bf3856ad364e35_6.1.7600.16385_none_37e4387f3a6f0483\scecli.dll
[2010.11.20 14:21:04 | 000,175,616 | ---- | M] (Microsoft Corporation) MD5=8124944EC89D6A1815E4E53F5B96AAF4 -- C:\Windows\System32\scecli.dll
[2010.11.20 14:21:04 | 000,175,616 | ---- | M] (Microsoft Corporation) MD5=8124944EC89D6A1815E4E53F5B96AAF4 -- C:\Windows\winsxs\x86_microsoft-windows-s..urationengineclient_31bf3856ad364e35_6.1.7601.17514_none_3a154c47375d881d\scecli.dll
 
< MD5 for: USER32.DLL  >
[2009.07.14 03:16:17 | 000,811,520 | ---- | M] (Microsoft Corporation) MD5=34B7E222E81FAFA885F0C5F2CFA56861 -- C:\Windows\winsxs\x86_microsoft-windows-user32_31bf3856ad364e35_6.1.7600.16385_none_cd0ec264ceb014a3\user32.dll
[2010.11.20 14:21:33 | 000,811,520 | ---- | M] (Microsoft Corporation) MD5=F1DD3ACAEE5E6B4BBC69BC6DF75CEF66 -- C:\Windows\System32\user32.dll
[2010.11.20 14:21:33 | 000,811,520 | ---- | M] (Microsoft Corporation) MD5=F1DD3ACAEE5E6B4BBC69BC6DF75CEF66 -- C:\Windows\winsxs\x86_microsoft-windows-user32_31bf3856ad364e35_6.1.7601.17514_none_cf3fd62ccb9e983d\user32.dll
 
< MD5 for: USERINIT.EXE  >
[2010.11.20 14:17:48 | 000,026,624 | ---- | M] (Microsoft Corporation) MD5=61AC3EFDFACFDD3F0F11DD4FD4044223 -- C:\Windows\System32\userinit.exe
[2010.11.20 14:17:48 | 000,026,624 | ---- | M] (Microsoft Corporation) MD5=61AC3EFDFACFDD3F0F11DD4FD4044223 -- C:\Windows\winsxs\x86_microsoft-windows-userinit_31bf3856ad364e35_6.1.7601.17514_none_de3024012ff21116\userinit.exe
[2009.07.14 03:14:43 | 000,026,112 | ---- | M] (Microsoft Corporation) MD5=6DE80F60D7DE9CE6B8C2DDFDF79EF175 -- C:\Windows\winsxs\x86_microsoft-windows-userinit_31bf3856ad364e35_6.1.7600.16385_none_dbff103933038d7c\userinit.exe
 
< MD5 for: WININIT.EXE  >
[2009.07.14 03:14:45 | 000,096,256 | ---- | M] (Microsoft Corporation) MD5=B5C5DCAD3899512020D135600129D665 -- C:\Windows\System32\wininit.exe
[2009.07.14 03:14:45 | 000,096,256 | ---- | M] (Microsoft Corporation) MD5=B5C5DCAD3899512020D135600129D665 -- C:\Windows\winsxs\x86_microsoft-windows-wininit_31bf3856ad364e35_6.1.7600.16385_none_30c90ef265a43c13\wininit.exe
 
< MD5 for: WINLOGON.EXE  >
[2009.10.28 08:17:59 | 000,285,696 | ---- | M] (Microsoft Corporation) MD5=37CDB7E72EB66BA85A87CBE37E7F03FD -- C:\Windows\winsxs\x86_microsoft-windows-winlogon_31bf3856ad364e35_6.1.7600.16447_none_6fc699643622d177\winlogon.exe
[2009.10.28 07:52:08 | 000,285,696 | ---- | M] (Microsoft Corporation) MD5=3BABE6767C78FBF5FB8435FEED187F30 -- C:\Windows\winsxs\x86_microsoft-windows-winlogon_31bf3856ad364e35_6.1.7600.20560_none_703394514f56f7c2\winlogon.exe
[2012.01.13 14:53:20 | 000,182,856 | ---- | M] () MD5=63EEC8A8B221AB79045E776E5F592868 -- C:\Program Files\Malwarebytes' Anti-Malware\Chameleon\winlogon.exe
[2010.11.20 14:17:54 | 000,286,720 | ---- | M] (Microsoft Corporation) MD5=6D13E1406F50C66E2A95D97F22C47560 -- C:\Windows\System32\winlogon.exe
[2010.11.20 14:17:54 | 000,286,720 | ---- | M] (Microsoft Corporation) MD5=6D13E1406F50C66E2A95D97F22C47560 -- C:\Windows\winsxs\x86_microsoft-windows-winlogon_31bf3856ad364e35_6.1.7601.17514_none_71ca6b0233339500\winlogon.exe
[2009.07.14 03:14:45 | 000,285,696 | ---- | M] (Microsoft Corporation) MD5=8EC6A4AB12B8F3759E21F8E3A388F2CF -- C:\Windows\winsxs\x86_microsoft-windows-winlogon_31bf3856ad364e35_6.1.7600.16385_none_6f99573a36451166\winlogon.exe
 
< MD5 for: WS2IFSL.SYS  >
[2009.07.14 01:55:02 | 000,016,384 | ---- | M] (Microsoft Corporation) MD5=6DB3276587B853BF886B69528FDB048C -- C:\Windows\System32\drivers\ws2ifsl.sys
[2009.07.14 01:55:02 | 000,016,384 | ---- | M] (Microsoft Corporation) MD5=6DB3276587B853BF886B69528FDB048C -- C:\Windows\winsxs\x86_microsoft-windows-w..rastructure-ws2ifsl_31bf3856ad364e35_6.1.7600.16385_none_4f5cf6f829213bb2\ws2ifsl.sys
 
< %systemroot%\system32\drivers\*.sys /lockedfiles >
 
< %systemroot%\System32\config\*.sav >
 
< %systemroot%\*. /mp /s >
 
< %systemroot%\system32\*.dll /lockedfiles >

< End of report >
--- --- ---

cosinus 30.03.2012 22:40
Zitat:
O2 - BHO: (DivX Plus Web Player HTML5 <video>)
Sagmal gehörst du auch zur der Fraktion, die sich Serien und Kinofilme über dubiose Portale anschaut?
Wenn ja: in Zukunft Finger weg, diese illegalen Portale verbreiten Malware und wenn du in Zukunft malwarefrei sein wilst, musst du auf legale Alternativen ausweichen und auf solche riskanten Streamingseiten verzichten!
Gerade solche Streamingseiten sind für die aktuelle Welle der Erpresserschädlinge verantwortlich, die Windows blockieren und 50 oder 100 EUR erpressen wollen!!

incebo 31.03.2012 09:54
Nein, überhaupt nicht!!
Ich habe mir den divx Player runtergeladen, will ich ein privates Video das ich mal mit meiner cam aufgenommen hatte nicht mehr auf dem windows media player abspielen konnte...und da habe ich erst den vcd cutter(hatte ich in einem Forum gelesen) und dann den divx Player runtergeladen...bei ersterem vermute ich war der trojaner drin

ehrlich, ich betreibe nichts unerlaubtes im Internet, außer vielleicht ohne mein wissen,.also dass ich irgendwo aus versehen draufgeklickt hab...

cosinus 02.04.2012 09:47
Ich frag aber nach weil DivX häufig für dieses Seiten verwendet wird! Und viele haben den Erpresser-Schädling oder andere Systemänderungen gerade weil sie solche Seiten besucht haben!


Mach einen OTL-Fix, beende alle evtl. geöffneten Programme, auch Virenscanner deaktivieren (!), starte OTL und kopiere folgenden Text in die "Custom Scan/Fixes" Box (unten in OTL): (das ":OTL" muss mitkopiert werden!!!)

Code:
:OTL
IE - HKLM\..\SearchScopes\{9BB47C17-9C68-4BB3-B188-DD9AF0FD2410}: "URL" = http://dts.search-results.com/sr?src=ieb&appid=0&systemid=410&sr=0&q={searchTerms}
IE - HKU\S-1-5-21-76316133-68959942-1097311536-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.searchnu.com/410
IE - HKU\S-1-5-21-76316133-68959942-1097311536-1000\..\SearchScopes,DefaultScope = {9BB47C17-9C68-4BB3-B188-DD9AF0FD2410}
IE - HKU\S-1-5-21-76316133-68959942-1097311536-1000\..\SearchScopes\{9BB47C17-9C68-4BB3-B188-DD9AF0FD2410}: "URL" = http://dts.search-results.com/sr?src=ieb&appid=0&systemid=410&sr=0&q={searchTerms}
FF - prefs.js..browser.search.defaultenginename: "Search Results"
FF - prefs.js..browser.search.order.1: "Search Results"
FF - prefs.js..keyword.URL: "http://dts.search-results.com/sr?src=ffb&appid=0&systemid=410&sr=0&q="
[2012.03.10 19:58:39 | 000,002,515 | ---- | M] () -- C:\Users\Isa\AppData\Roaming\Mozilla\Firefox\Profiles\gn3rs1nl.default\searchplugins\Search_Results.xml
[2012.03.08 19:28:25 | 000,000,000 | ---D | M] (Yahoo! Toolbar) -- C:\Programme\Mozilla Firefox\distribution\extensions\{635abd67-4fe9-1b23-4f01-e679fa7484c1}
[2012.03.10 19:58:39 | 000,002,515 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\Search_Results.xml
O2 - BHO: (Searchqu Toolbar) - {99079a25-328f-4bd4-be04-00955acaa0a7} - C:\PROGRA~1\WIA6EB~1\Datamngr\ToolBar\searchqudtx.dll File not found
O3 - HKLM\..\Toolbar: (Searchqu Toolbar) - {99079a25-328f-4bd4-be04-00955acaa0a7} - C:\PROGRA~1\WIA6EB~1\Datamngr\ToolBar\searchqudtx.dll File not found
O3 - HKLM\..\Toolbar: (no name) - 10 - No CLSID value found.
O4 - HKLM..\RunOnce: [removeSearchqudatamngr] cmd.exe /c RD /S /Q "C:\Program Files\Windows Searchqu Toolbar" File not found
O4 - HKLM..\RunOnce: [removeSearchqutoolbar] cmd.exe /c RD /S /Q "C:\Program Files\Windows Searchqu Toolbar\Datamngr\ToolBar" File not found
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2009.06.10 23:42:20 | 000,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ]
:Files
C:\Program Files\Windows Searchqu Toolbar
C:\PROGRA~1\WIA6EB~1
:Commands
[purity]
[emptytemp]
[emptyflash]
[resethosts]
Klick dann oben links auf den Button Fix!
Das Logfile müsste geöffnet werden, wenn Du nach dem Fixen auf ok klickst, poste das bitte. Evtl. wird der Rechner neu gestartet.

Die mit diesem Script gefixten Einträge, Dateien und Ordner werden zur Sicherheit nicht vollständig gelöscht, es wird eine Sicherheitskopie auf der Systempartition im Ordner "_OTL" erstellt.

Hinweis: Das obige Script ist nur für diesen einen User in dieser Situtation erstellt worden. Es ist auf keinen anderen Rechner portierbar und darf nicht anderweitig verwandt werden, da es das System nachhaltig schädigen kann!

incebo 02.04.2012 10:26
danke für deine hilfe...wirklich, das ist echt toll! :daumenhoc

Code:
All processes killed
========== OTL ==========
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{9BB47C17-9C68-4BB3-B188-DD9AF0FD2410}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{9BB47C17-9C68-4BB3-B188-DD9AF0FD2410}\ not found.
HKU\S-1-5-21-76316133-68959942-1097311536-1000\SOFTWARE\Microsoft\Internet Explorer\Main\\Start Page| /E : value set successfully!
HKEY_USERS\S-1-5-21-76316133-68959942-1097311536-1000\Software\Microsoft\Internet Explorer\SearchScopes\\DefaultScope| /E : value set successfully!
Registry key HKEY_USERS\S-1-5-21-76316133-68959942-1097311536-1000\Software\Microsoft\Internet Explorer\SearchScopes\{9BB47C17-9C68-4BB3-B188-DD9AF0FD2410}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{9BB47C17-9C68-4BB3-B188-DD9AF0FD2410}\ not found.
Prefs.js: "Search Results" removed from browser.search.defaultenginename
Prefs.js: "Search Results" removed from browser.search.order.1
Prefs.js: "hxxp://dts.search-results.com/sr?src=ffb&appid=0&systemid=410&sr=0&q=" removed from keyword.URL
C:\Users\Isa\AppData\Roaming\Mozilla\Firefox\Profiles\gn3rs1nl.default\searchplugins\Search_Results.xml moved successfully.
C:\Programme\Mozilla Firefox\distribution\extensions\{635abd67-4fe9-1b23-4f01-e679fa7484c1}\META-INF folder moved successfully.
C:\Programme\Mozilla Firefox\distribution\extensions\{635abd67-4fe9-1b23-4f01-e679fa7484c1}\defaults\preferences folder moved successfully.
C:\Programme\Mozilla Firefox\distribution\extensions\{635abd67-4fe9-1b23-4f01-e679fa7484c1}\defaults folder moved successfully.
C:\Programme\Mozilla Firefox\distribution\extensions\{635abd67-4fe9-1b23-4f01-e679fa7484c1}\components folder moved successfully.
C:\Programme\Mozilla Firefox\distribution\extensions\{635abd67-4fe9-1b23-4f01-e679fa7484c1}\chrome folder moved successfully.
C:\Programme\Mozilla Firefox\distribution\extensions\{635abd67-4fe9-1b23-4f01-e679fa7484c1} folder moved successfully.
C:\Programme\Mozilla Firefox\searchplugins\Search_Results.xml moved successfully.
Registry key HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{99079a25-328f-4bd4-be04-00955acaa0a7}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{99079a25-328f-4bd4-be04-00955acaa0a7}\ deleted successfully.
Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Toolbar\\{99079a25-328f-4bd4-be04-00955acaa0a7} deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{99079a25-328f-4bd4-be04-00955acaa0a7}\ not found.
Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Toolbar\\10 deleted successfully.
Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\RunOnce\\removeSearchqudatamngr not found.
Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\RunOnce\\removeSearchqutoolbar not found.
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Cdrom\\AutoRun|DWORD:1 /E : value set successfully!
C:\autoexec.bat moved successfully.
========== FILES ==========
File\Folder C:\Program Files\Windows Searchqu Toolbar not found.
File\Folder C:\PROGRA~1\WIA6EB~1 not found.
========== COMMANDS ==========
 
[EMPTYTEMP]
 
User: All Users
 
User: Default
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
 
User: Default User
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
 
User: Isa
->Temp folder emptied: 134873971 bytes
->Temporary Internet Files folder emptied: 87807488 bytes
->Java cache emptied: 1052109 bytes
->FireFox cache emptied: 364772607 bytes
->Google Chrome cache emptied: 100088593 bytes
->Flash cache emptied: 5092 bytes
 
User: Public
 
%systemdrive% .tmp files removed: 0 bytes
%systemroot% .tmp files removed: 0 bytes
%systemroot%\System32 .tmp files removed: 0 bytes
%systemroot%\System32\drivers .tmp files removed: 0 bytes
Windows Temp folder emptied: 16704346 bytes
RecycleBin emptied: 516776140 bytes
 
Total Files Cleaned = 1.165,00 mb
 
 
[EMPTYFLASH]
 
User: All Users
 
User: Default
 
User: Default User
 
User: Isa
->Flash cache emptied: 0 bytes
 
User: Public
 
Total Flash Files Cleaned = 0,00 mb
 
C:\Windows\System32\drivers\etc\Hosts moved successfully.
HOSTS file reset successfully
 
OTL by OldTimer - Version 3.2.39.2 log created on 04022012_111608

Files\Folders moved on Reboot...

Registry entries deleted on Reboot...

cosinus 02.04.2012 11:39
Bitte nun (im normalen Windows-Modus) dieses Tool von Kaspersky (TDSS-Killer) ausführen und das Log posten => http://www.trojaner-board.de/82358-t...entfernen.html

Hinweis: Bitte den Virenscanner abstellen bevor du den TDSS-Killer ausführst, denn v.a. Avira meldet im TDSS-Tool oft einen Fehalalrm!

Das Tool so einstellen wie unten im Bild angegeben - klick auf change parameters und setze die Haken wie im folgenden Screenshot abgebildet,
Dann auf Start Scan klicken und wenn es durch ist auf den Button Report klicken um das Log anzuzeigen. Dieses bitte komplett posten.
Wenn du das Log nicht findest oder den Inhalt kopieren und in dein Posting übertragen kannst, dann schau bitte direkt auf deiner Windows-Systempartition (meistens Laufwerk C:) nach, da speichert der TDSS-Killer seine Logs.

Hinweis: Bitte nichts voreilig mit dem TDSS-Killer löschen! Falls Objekte vom TDSS-Killer bemängelt werden, alle mit der Aktion "skip" behandeln und hier nur das Log posten!

http://saved.im/mtkwmtcxexhp/setting...8_16-25-18.jpg

incebo 02.04.2012 12:02
habe ich gemacht, aber ich kann da irgendwie nicht posten...sorry vielleicht stelle ich mich zu blöd an :stirn:

cosinus 02.04.2012 12:08
Zitat:
aber ich kann da irgendwie nicht posten
Ahja, sehr informativ. Wie soll ich dir jetzt helfen :balla:

incebo 02.04.2012 12:25
ähm, ja...also wenn ich auf deinen link gehe http://www.trojaner-board.de/82358-t...entfernen.html

steht da: Anleitungen, FAQs & Links: TDSSKiller: Google Umleitungen, TDSS, TDL3, Alureon rootkit entfernen
Hilfreiche Anleitungen, FAQs & Links zum Thema Sicherheit und mehr. Nur lesen, kein posten möglich!

heißt das ich soll ein neues thema beginnen oder wo genau soll ich mein log posten.
es tut mir wirklich leid, da bin ich nicht die hellste was das angeht...:headbang:

cosinus 02.04.2012 12:33
Wie kommst du auf die Idee das Log da rein zu posten :balla:
Wozu hast du diesen Strang eröffnert natürlich soll das Log hier gepostet werden!

Ich weiß echt nicht wie du auf diese Idee kommst, du hast alle anderen Logs doch auch hier in diesen Strang gepostet! :stirn:

incebo 02.04.2012 12:36
ok missverständnis, sorry

Zitat:
Bitte nun (im normalen Windows-Modus) dieses Tool von Kaspersky (TDSS-Killer) ausführen und das Log posten => http://www.trojaner-board.de/82358-a...entfernen.html


Code:
12:55:31.0134 1340        TDSS rootkit removing tool 2.7.23.0 Mar 26 2012 13:40:18
12:55:31.0605 1340        ============================================================
12:55:31.0605 1340        Current date / time: 2012/04/02 12:55:31.0605
12:55:31.0605 1340        SystemInfo:
12:55:31.0605 1340       
12:55:31.0605 1340        OS Version: 6.1.7601 ServicePack: 1.0
12:55:31.0605 1340        Product type: Workstation
12:55:31.0606 1340        ComputerName: ISA-PC
12:55:31.0606 1340        UserName: Isa
12:55:31.0606 1340        Windows directory: C:\Windows
12:55:31.0606 1340        System windows directory: C:\Windows
12:55:31.0606 1340        Processor architecture: Intel x86
12:55:31.0606 1340        Number of processors: 2
12:55:31.0606 1340        Page size: 0x1000
12:55:31.0606 1340        Boot type: Normal boot
12:55:31.0606 1340        ============================================================
12:55:34.0057 1340        Drive \Device\Harddisk0\DR0 - Size: 0x7470C06000 (465.76 Gb), SectorSize: 0x200, Cylinders: 0xED81, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000050
12:55:34.0140 1340        Drive \Device\Harddisk1\DR1 - Size: 0x7470C06000 (465.76 Gb), SectorSize: 0x200, Cylinders: 0xED81, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'W'
12:55:34.0141 1340        \Device\Harddisk0\DR0:
12:55:34.0141 1340        MBR used
12:55:34.0141 1340        \Device\Harddisk0\DR0\Partition0: MBR, Type 0x7, StartLBA 0x800, BlocksNum 0x32000
12:55:34.0141 1340        \Device\Harddisk0\DR0\Partition1: MBR, Type 0x7, StartLBA 0x32800, BlocksNum 0x3A353000
12:55:34.0141 1340        \Device\Harddisk1\DR1:
12:55:34.0141 1340        MBR used
12:55:34.0141 1340        \Device\Harddisk1\DR1\Partition0: MBR, Type 0xC, StartLBA 0x40, BlocksNum 0x3A384C01
12:55:34.0165 1340        Initialize success
12:55:34.0165 1340        ============================================================
12:56:34.0272 1044        ============================================================
12:56:34.0272 1044        Scan started
12:56:34.0272 1044        Mode: Manual; SigCheck; TDLFS;
12:56:34.0272 1044        ============================================================
12:56:35.0380 1044        1394ohci        (1b133875b8aa8ac48969bd3458afe9f5) C:\Windows\system32\drivers\1394ohci.sys
12:56:35.0562 1044        1394ohci - ok
12:56:35.0596 1044        ACPI            (cea80c80bed809aa0da6febc04733349) C:\Windows\system32\drivers\ACPI.sys
12:56:35.0619 1044        ACPI - ok
12:56:35.0661 1044        AcpiPmi        (1efbc664abff416d1d07db115dcb264f) C:\Windows\system32\drivers\acpipmi.sys
12:56:35.0742 1044        AcpiPmi - ok
12:56:35.0838 1044        AdobeARMservice (62b7936f9036dd6ed36e6a7efa805dc0) C:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe
12:56:35.0860 1044        AdobeARMservice - ok
12:56:35.0963 1044        adp94xx        (21e785ebd7dc90a06391141aac7892fb) C:\Windows\system32\DRIVERS\adp94xx.sys
12:56:35.0999 1044        adp94xx - ok
12:56:36.0018 1044        adpahci        (0c676bc278d5b59ff5abd57bbe9123f2) C:\Windows\system32\DRIVERS\adpahci.sys
12:56:36.0042 1044        adpahci - ok
12:56:36.0056 1044        adpu320        (7c7b5ee4b7b822ec85321fe23a27db33) C:\Windows\system32\DRIVERS\adpu320.sys
12:56:36.0075 1044        adpu320 - ok
12:56:36.0114 1044        AeLookupSvc    (8b5eefeec1e6d1a72a06c526628ad161) C:\Windows\System32\aelupsvc.dll
12:56:36.0182 1044        AeLookupSvc - ok
12:56:36.0229 1044        AFD            (9ebbba55060f786f0fcaa3893bfa2806) C:\Windows\system32\drivers\afd.sys
12:56:36.0301 1044        AFD - ok
12:56:36.0360 1044        AgereSoftModem  (7e10e3bb9b258ad8a9300f91214d67b9) C:\Windows\system32\DRIVERS\AGRSM.sys
12:56:36.0452 1044        AgereSoftModem - ok
12:56:36.0536 1044        agp440          (507812c3054c21cef746b6ee3d04dd6e) C:\Windows\system32\drivers\agp440.sys
12:56:36.0555 1044        agp440 - ok
12:56:36.0600 1044        aic78xx        (8b30250d573a8f6b4bd23195160d8707) C:\Windows\system32\DRIVERS\djsvs.sys
12:56:36.0616 1044        aic78xx - ok
12:56:36.0666 1044        ALG            (18a54e132947cd98fea9accc57f98f13) C:\Windows\System32\alg.exe
12:56:36.0721 1044        ALG - ok
12:56:36.0755 1044        aliide          (0d40bcf52ea90fc7df2aeab6503dea44) C:\Windows\system32\drivers\aliide.sys
12:56:36.0770 1044        aliide - ok
12:56:36.0795 1044        amdagp          (3c6600a0696e90a463771c7422e23ab5) C:\Windows\system32\drivers\amdagp.sys
12:56:36.0812 1044        amdagp - ok
12:56:36.0833 1044        amdide          (cd5914170297126b6266860198d1d4f0) C:\Windows\system32\drivers\amdide.sys
12:56:36.0848 1044        amdide - ok
12:56:36.0886 1044        AmdK8          (00dda200d71bac534bf56a9db5dfd666) C:\Windows\system32\DRIVERS\amdk8.sys
12:56:36.0945 1044        AmdK8 - ok
12:56:36.0966 1044        AmdPPM          (3cbf30f5370fda40dd3e87df38ea53b6) C:\Windows\system32\DRIVERS\amdppm.sys
12:56:37.0006 1044        AmdPPM - ok
12:56:37.0058 1044        amdsata        (d320bf87125326f996d4904fe24300fc) C:\Windows\system32\drivers\amdsata.sys
12:56:37.0078 1044        amdsata - ok
12:56:37.0100 1044        amdsbs          (ea43af0c423ff267355f74e7a53bdaba) C:\Windows\system32\DRIVERS\amdsbs.sys
12:56:37.0119 1044        amdsbs - ok
12:56:37.0135 1044        amdxata        (46387fb17b086d16dea267d5be23a2f2) C:\Windows\system32\drivers\amdxata.sys
12:56:37.0150 1044        amdxata - ok
12:56:37.0243 1044        AntiVirSchedulerService (a122d68ea2541453f787f341877cb40b) C:\Program Files\Avira\AntiVir Desktop\sched.exe
12:56:37.0289 1044        AntiVirSchedulerService - ok
12:56:37.0324 1044        AntiVirService  (2fe359edeb34efcf42574752f8aebd3f) C:\Program Files\Avira\AntiVir Desktop\avguard.exe
12:56:37.0340 1044        AntiVirService - ok
12:56:37.0394 1044        AppID          (aea177f783e20150ace5383ee368da19) C:\Windows\system32\drivers\appid.sys
12:56:37.0494 1044        AppID - ok
12:56:37.0578 1044        AppIDSvc        (62a9c86cb6085e20db4823e4e97826f5) C:\Windows\System32\appidsvc.dll
12:56:37.0662 1044        AppIDSvc - ok
12:56:37.0712 1044        Appinfo        (fb1959012294d6ad43e5304df65e3c26) C:\Windows\System32\appinfo.dll
12:56:37.0778 1044        Appinfo - ok
12:56:37.0853 1044        arc            (2932004f49677bd84dbc72edb754ffb3) C:\Windows\system32\DRIVERS\arc.sys
12:56:37.0885 1044        arc - ok
12:56:37.0899 1044        arcsas          (5d6f36c46fd283ae1b57bd2e9feb0bc7) C:\Windows\system32\DRIVERS\arcsas.sys
12:56:37.0918 1044        arcsas - ok
12:56:37.0938 1044        AsyncMac        (add2ade1c2b285ab8378d2daaf991481) C:\Windows\system32\DRIVERS\asyncmac.sys
12:56:38.0055 1044        AsyncMac - ok
12:56:38.0128 1044        atapi          (338c86357871c167a96ab976519bf59e) C:\Windows\system32\drivers\atapi.sys
12:56:38.0152 1044        atapi - ok
12:56:38.0209 1044        AudioEndpointBuilder (ce3b4e731638d2ef62fcb419be0d39f0) C:\Windows\System32\Audiosrv.dll
12:56:38.0272 1044        AudioEndpointBuilder - ok
12:56:38.0289 1044        Audiosrv        (ce3b4e731638d2ef62fcb419be0d39f0) C:\Windows\System32\Audiosrv.dll
12:56:38.0333 1044        Audiosrv - ok
12:56:38.0375 1044        avgntflt        (7713e4eb0276702faa08e52a6e23f2a6) C:\Windows\system32\DRIVERS\avgntflt.sys
12:56:38.0407 1044        avgntflt - ok
12:56:38.0451 1044        avipbb          (13b02b9b969dde270cd7c351203dad3c) C:\Windows\system32\DRIVERS\avipbb.sys
12:56:38.0467 1044        avipbb - ok
12:56:38.0488 1044        avkmgr          (271cfd1a989209b1964e24d969552bf7) C:\Windows\system32\DRIVERS\avkmgr.sys
12:56:38.0500 1044        avkmgr - ok
12:56:38.0543 1044        AxInstSV        (6e30d02aac9cac84f421622e3a2f6178) C:\Windows\System32\AxInstSV.dll
12:56:38.0632 1044        AxInstSV - ok
12:56:38.0696 1044        b06bdrv        (1a231abec60fd316ec54c66715543cec) C:\Windows\system32\DRIVERS\bxvbdx.sys
12:56:38.0785 1044        b06bdrv - ok
12:56:38.0819 1044        b57nd60x        (bd8869eb9cde6bbe4508d869929869ee) C:\Windows\system32\DRIVERS\b57nd60x.sys
12:56:38.0842 1044        b57nd60x - ok
12:56:38.0880 1044        BDESVC          (ee1e9c3bb8228ae423dd38db69128e71) C:\Windows\System32\bdesvc.dll
12:56:38.0946 1044        BDESVC - ok
12:56:38.0961 1044        Beep            (505506526a9d467307b3c393dedaf858) C:\Windows\system32\drivers\Beep.sys
12:56:39.0009 1044        Beep - ok
12:56:39.0063 1044        BFE            (1e2bac209d184bb851e1a187d8a29136) C:\Windows\System32\bfe.dll
12:56:39.0120 1044        BFE - ok
12:56:39.0164 1044        BITS            (e585445d5021971fae10393f0f1c3961) C:\Windows\System32\qmgr.dll
12:56:39.0234 1044        BITS - ok
12:56:39.0297 1044        blbdrive        (2287078ed48fcfc477b05b20cf38f36f) C:\Windows\system32\DRIVERS\blbdrive.sys
12:56:39.0328 1044        blbdrive - ok
12:56:39.0365 1044        bowser          (8f2da3028d5fcbd1a060a3de64cd6506) C:\Windows\system32\DRIVERS\bowser.sys
12:56:39.0387 1044        bowser - ok
12:56:39.0404 1044        BrFiltLo        (9f9acc7f7ccde8a15c282d3f88b43309) C:\Windows\system32\DRIVERS\BrFiltLo.sys
12:56:39.0468 1044        BrFiltLo - ok
12:56:39.0490 1044        BrFiltUp        (56801ad62213a41f6497f96dee83755a) C:\Windows\system32\DRIVERS\BrFiltUp.sys
12:56:39.0557 1044        BrFiltUp - ok
12:56:39.0591 1044        Browser        (6e11f33d14d020f58d5e02e4d67dfa19) C:\Windows\System32\browser.dll
12:56:39.0666 1044        Browser - ok
12:56:39.0766 1044        Brserid        (845b8ce732e67f3b4133164868c666ea) C:\Windows\System32\Drivers\Brserid.sys
12:56:39.0813 1044        Brserid - ok
12:56:39.0835 1044        BrSerWdm        (203f0b1e73adadbbb7b7b1fabd901f6b) C:\Windows\System32\Drivers\BrSerWdm.sys
12:56:39.0874 1044        BrSerWdm - ok
12:56:39.0902 1044        BrUsbMdm        (bd456606156ba17e60a04e18016ae54b) C:\Windows\System32\Drivers\BrUsbMdm.sys
12:56:39.0923 1044        BrUsbMdm - ok
12:56:39.0941 1044        BrUsbSer        (af72ed54503f717a43268b3cc5faec2e) C:\Windows\System32\Drivers\BrUsbSer.sys
12:56:39.0983 1044        BrUsbSer - ok
12:56:40.0004 1044        BTHMODEM        (ed3df7c56ce0084eb2034432fc56565a) C:\Windows\system32\DRIVERS\bthmodem.sys
12:56:40.0036 1044        BTHMODEM - ok
12:56:40.0073 1044        bthserv        (1df19c96eef6c29d1c3e1a8678e07190) C:\Windows\system32\bthserv.dll
12:56:40.0125 1044        bthserv - ok
12:56:40.0155 1044        cdfs            (77ea11b065e0a8ab902d78145ca51e10) C:\Windows\system32\DRIVERS\cdfs.sys
12:56:40.0219 1044        cdfs - ok
12:56:40.0285 1044        cdrom          (be167ed0fdb9c1fa1133953c18d5a6c9) C:\Windows\system32\drivers\cdrom.sys
12:56:40.0349 1044        cdrom - ok
12:56:40.0394 1044        CertPropSvc    (319c6b309773d063541d01df8ac6f55f) C:\Windows\System32\certprop.dll
12:56:40.0461 1044        CertPropSvc - ok
12:56:40.0498 1044        circlass        (3fe3fe94a34df6fb06e6418d0f6a0060) C:\Windows\system32\DRIVERS\circlass.sys
12:56:40.0524 1044        circlass - ok
12:56:40.0563 1044        CLFS            (635181e0e9bbf16871bf5380d71db02d) C:\Windows\system32\CLFS.sys
12:56:40.0598 1044        CLFS - ok
12:56:40.0686 1044        clr_optimization_v2.0.50727_32 (d88040f816fda31c3b466f0fa0918f29) C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe
12:56:40.0716 1044        clr_optimization_v2.0.50727_32 - ok
12:56:40.0793 1044        clr_optimization_v4.0.30319_32 (c5a75eb48e2344abdc162bda79e16841) C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe
12:56:40.0826 1044        clr_optimization_v4.0.30319_32 - ok
12:56:40.0899 1044        CmBatt          (dea805815e587dad1dd2c502220b5616) C:\Windows\system32\DRIVERS\CmBatt.sys
12:56:40.0933 1044        CmBatt - ok
12:56:40.0967 1044        cmdide          (c537b1db64d495b9b4717b4d6d9edbf2) C:\Windows\system32\drivers\cmdide.sys
12:56:40.0995 1044        cmdide - ok
12:56:41.0038 1044        CNG            (6427525d76f61d0c519b008d3680e8e7) C:\Windows\system32\Drivers\cng.sys
12:56:41.0104 1044        CNG - ok
12:56:41.0142 1044        Compbatt        (a6023d3823c37043986713f118a89bee) C:\Windows\system32\DRIVERS\compbatt.sys
12:56:41.0160 1044        Compbatt - ok
12:56:41.0210 1044        CompositeBus    (cbe8c58a8579cfe5fccf809e6f114e89) C:\Windows\system32\drivers\CompositeBus.sys
12:56:41.0263 1044        CompositeBus - ok
12:56:41.0292 1044        COMSysApp - ok
12:56:41.0309 1044        crcdisk        (2c4ebcfc84a9b44f209dff6c6e6c61d1) C:\Windows\system32\DRIVERS\crcdisk.sys
12:56:41.0337 1044        crcdisk - ok
12:56:41.0379 1044        CryptSvc        (a585bebf7d054bd9618eda0922d5484a) C:\Windows\system32\cryptsvc.dll
12:56:41.0449 1044        CryptSvc - ok
12:56:41.0472 1044        DcomLaunch      (7660f01d3b38aca1747e397d21d790af) C:\Windows\system32\rpcss.dll
12:56:41.0533 1044        DcomLaunch - ok
12:56:41.0567 1044        defragsvc      (8d6e10a2d9a5eed59562d9b82cf804e1) C:\Windows\System32\defragsvc.dll
12:56:41.0620 1044        defragsvc - ok
12:56:41.0691 1044        DfsC            (f024449c97ec1e464aaffda18593db88) C:\Windows\system32\Drivers\dfsc.sys
12:56:41.0756 1044        DfsC - ok
12:56:41.0812 1044        Dhcp            (e9e01eb683c132f7fa27cd607b8a2b63) C:\Windows\system32\dhcpcore.dll
12:56:41.0889 1044        Dhcp - ok
12:56:41.0915 1044        discache        (1a050b0274bfb3890703d490f330c0da) C:\Windows\system32\drivers\discache.sys
12:56:41.0961 1044        discache - ok
12:56:41.0997 1044        Disk            (565003f326f99802e68ca78f2a68e9ff) C:\Windows\system32\DRIVERS\disk.sys
12:56:42.0016 1044        Disk - ok
12:56:42.0047 1044        Dnscache        (33ef4861f19a0736b11314aad9ae28d0) C:\Windows\System32\dnsrslvr.dll
12:56:42.0115 1044        Dnscache - ok
12:56:42.0157 1044        dot3svc        (366ba8fb4b7bb7435e3b9eacb3843f67) C:\Windows\System32\dot3svc.dll
12:56:42.0224 1044        dot3svc - ok
12:56:42.0249 1044        DPS            (8ec04ca86f1d68da9e11952eb85973d6) C:\Windows\system32\dps.dll
12:56:42.0310 1044        DPS - ok
12:56:42.0383 1044        drmkaud        (b918e7c5f9bf77202f89e1a9539f2eb4) C:\Windows\system32\drivers\drmkaud.sys
12:56:42.0428 1044        drmkaud - ok
12:56:42.0479 1044        DXGKrnl        (23f5d28378a160352ba8f817bd8c71cb) C:\Windows\System32\drivers\dxgkrnl.sys
12:56:42.0548 1044        DXGKrnl - ok
12:56:42.0582 1044        E100B          (20de769b84960606d8dbb2aec123021a) C:\Windows\system32\DRIVERS\e100b325.sys
12:56:42.0637 1044        E100B - ok
12:56:42.0666 1044        EapHost        (8600142fa91c1b96367d3300ad0f3f3a) C:\Windows\System32\eapsvc.dll
12:56:42.0730 1044        EapHost - ok
12:56:42.0845 1044        ebdrv          (024e1b5cac09731e4d868e64dbfb4ab0) C:\Windows\system32\DRIVERS\evbdx.sys
12:56:42.0949 1044        ebdrv - ok
12:56:43.0019 1044        EFS            (81951f51e318aecc2d68559e47485cc4) C:\Windows\System32\lsass.exe
12:56:43.0070 1044        EFS - ok
12:56:43.0130 1044        ehRecvr        (a8c362018efc87beb013ee28f29c0863) C:\Windows\ehome\ehRecvr.exe
12:56:43.0219 1044        ehRecvr - ok
12:56:43.0253 1044        ehSched        (d389bff34f80caede417bf9d1507996a) C:\Windows\ehome\ehsched.exe
12:56:43.0330 1044        ehSched - ok
12:56:43.0438 1044        elxstor        (0ed67910c8c326796faa00b2bf6d9d3c) C:\Windows\system32\DRIVERS\elxstor.sys
12:56:43.0480 1044        elxstor - ok
12:56:43.0515 1044        ErrDev          (8fc3208352dd3912c94367a206ab3f11) C:\Windows\system32\drivers\errdev.sys
12:56:43.0557 1044        ErrDev - ok
12:56:43.0611 1044        EventSystem    (f6916efc29d9953d5d0df06882ae8e16) C:\Windows\system32\es.dll
12:56:43.0699 1044        EventSystem - ok
12:56:43.0719 1044        exfat          (2dc9108d74081149cc8b651d3a26207f) C:\Windows\system32\drivers\exfat.sys
12:56:43.0766 1044        exfat - ok
12:56:43.0794 1044        fastfat        (7e0ab74553476622fb6ae36f73d97d35) C:\Windows\system32\drivers\fastfat.sys
12:56:43.0847 1044        fastfat - ok
12:56:43.0891 1044        Fax            (967ea5b213e9984cbe270205df37755b) C:\Windows\system32\fxssvc.exe
12:56:43.0955 1044        Fax - ok
12:56:43.0983 1044        fdc            (e817a017f82df2a1f8cfdbda29388b29) C:\Windows\system32\DRIVERS\fdc.sys
12:56:44.0013 1044        fdc - ok
12:56:44.0051 1044        fdPHost        (f3222c893bd2f5821a0179e5c71e88fb) C:\Windows\system32\fdPHost.dll
12:56:44.0104 1044        fdPHost - ok
12:56:44.0120 1044        FDResPub        (7dbe8cbfe79efbdeb98c9fb08d3a9a5b) C:\Windows\system32\fdrespub.dll
12:56:44.0206 1044        FDResPub - ok
12:56:44.0229 1044        FileInfo        (6cf00369c97f3cf563be99be983d13d8) C:\Windows\system32\drivers\fileinfo.sys
12:56:44.0248 1044        FileInfo - ok
12:56:44.0259 1044        Filetrace      (42c51dc94c91da21cb9196eb64c45db9) C:\Windows\system32\drivers\filetrace.sys
12:56:44.0307 1044        Filetrace - ok
12:56:44.0332 1044        flpydisk        (87907aa70cb3c56600f1c2fb8841579b) C:\Windows\system32\DRIVERS\flpydisk.sys
12:56:44.0365 1044        flpydisk - ok
12:56:44.0394 1044        FltMgr          (7520ec808e0c35e0ee6f841294316653) C:\Windows\system32\drivers\fltmgr.sys
12:56:44.0414 1044        FltMgr - ok
12:56:44.0458 1044        FontCache      (fa6c66e4364d7da57aade5dcc03bb999) C:\Windows\system32\FntCache.dll
12:56:44.0529 1044        FontCache - ok
12:56:44.0611 1044        FontCache3.0.0.0 (e56f39f6b7fda0ac77a79b0fd3de1a2f) C:\Windows\Microsoft.Net\Framework\v3.0\WPF\PresentationFontCache.exe
12:56:44.0636 1044        FontCache3.0.0.0 - ok
12:56:44.0660 1044        FsDepends      (1a16b57943853e598cff37fe2b8cbf1d) C:\Windows\system32\drivers\FsDepends.sys
12:56:44.0675 1044        FsDepends - ok
12:56:44.0686 1044        Fs_Rec          (a574b4360e438977038aae4bf60d79a2) C:\Windows\system32\drivers\Fs_Rec.sys
12:56:44.0700 1044        Fs_Rec - ok
12:56:44.0737 1044        fvevol          (8a73e79089b282100b9393b644cb853b) C:\Windows\system32\DRIVERS\fvevol.sys
12:56:44.0772 1044        fvevol - ok
12:56:44.0798 1044        gagp30kx        (65ee0c7a58b65e74ae05637418153938) C:\Windows\system32\DRIVERS\gagp30kx.sys
12:56:44.0814 1044        gagp30kx - ok
12:56:44.0848 1044        gpsvc          (e897eaf5ed6ba41e081060c9b447a673) C:\Windows\System32\gpsvc.dll
12:56:44.0911 1044        gpsvc - ok
12:56:44.0987 1044        gupdate        (8f0de4fef8201e306f9938b0905ac96a) C:\Program Files\Google\Update\GoogleUpdate.exe
12:56:45.0014 1044        gupdate - ok
12:56:45.0030 1044        gupdatem        (8f0de4fef8201e306f9938b0905ac96a) C:\Program Files\Google\Update\GoogleUpdate.exe
12:56:45.0055 1044        gupdatem - ok
12:56:45.0120 1044        hcw85cir        (c44e3c2bab6837db337ddee7544736db) C:\Windows\system32\drivers\hcw85cir.sys
12:56:45.0179 1044        hcw85cir - ok
12:56:45.0226 1044        HdAudAddService (a5ef29d5315111c80a5c1abad14c8972) C:\Windows\system32\drivers\HdAudio.sys
12:56:45.0269 1044        HdAudAddService - ok
12:56:45.0301 1044        HDAudBus        (9036377b8a6c15dc2eec53e489d159b5) C:\Windows\system32\drivers\HDAudBus.sys
12:56:45.0348 1044        HDAudBus - ok
12:56:45.0486 1044        HidBatt        (1d58a7f3e11a9731d0eaaaa8405acc36) C:\Windows\system32\DRIVERS\HidBatt.sys
12:56:45.0509 1044        HidBatt - ok
12:56:45.0531 1044        HidBth          (89448f40e6df260c206a193a4683ba78) C:\Windows\system32\DRIVERS\hidbth.sys
12:56:45.0564 1044        HidBth - ok
12:56:45.0593 1044        HidIr          (cf50b4cf4a4f229b9f3c08351f99ca5e) C:\Windows\system32\DRIVERS\hidir.sys
12:56:45.0625 1044        HidIr - ok
12:56:45.0655 1044        hidserv        (2bc6f6a1992b3a77f5f41432ca6b3b6b) C:\Windows\system32\hidserv.dll
12:56:45.0708 1044        hidserv - ok
12:56:45.0755 1044        HidUsb          (10c19f8290891af023eaec0832e1eb4d) C:\Windows\system32\DRIVERS\hidusb.sys
12:56:45.0773 1044        HidUsb - ok
12:56:45.0808 1044        hkmsvc          (196b4e3f4cccc24af836ce58facbb699) C:\Windows\system32\kmsvc.dll
12:56:45.0873 1044        hkmsvc - ok
12:56:45.0891 1044        HomeGroupListener (6658f4404de03d75fe3ba09f7aba6a30) C:\Windows\system32\ListSvc.dll
12:56:45.0935 1044        HomeGroupListener - ok
12:56:45.0976 1044        HomeGroupProvider (dbc02d918fff1cad628acbe0c0eaa8e8) C:\Windows\system32\provsvc.dll
12:56:46.0010 1044        HomeGroupProvider - ok
12:56:46.0092 1044        HpSAMD          (295fdc419039090eb8b49ffdbb374549) C:\Windows\system32\drivers\HpSAMD.sys
12:56:46.0118 1044        HpSAMD - ok
12:56:46.0186 1044        HTTP            (871917b07a141bff43d76d8844d48106) C:\Windows\system32\drivers\HTTP.sys
12:56:46.0250 1044        HTTP - ok
12:56:46.0279 1044        hwpolicy        (0c4e035c7f105f1299258c90886c64c5) C:\Windows\system32\drivers\hwpolicy.sys
12:56:46.0292 1044        hwpolicy - ok
12:56:46.0315 1044        i8042prt        (f151f0bdc47f4a28b1b20a0818ea36d6) C:\Windows\system32\drivers\i8042prt.sys
12:56:46.0334 1044        i8042prt - ok
12:56:46.0393 1044        iaStorV        (5cd5f9a5444e6cdcb0ac89bd62d8b76e) C:\Windows\system32\drivers\iaStorV.sys
12:56:46.0423 1044        iaStorV - ok
12:56:46.0524 1044        idsvc          (c521d7eb6497bb1af6afa89e322fb43c) C:\Windows\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\infocard.exe
12:56:46.0570 1044        idsvc - ok
12:56:46.0617 1044        iirsp          (4173ff5708f3236cf25195fecd742915) C:\Windows\system32\DRIVERS\iirsp.sys
12:56:46.0633 1044        iirsp - ok
12:56:46.0683 1044        IKEEXT          (f95622f161474511b8d80d6b093aa610) C:\Windows\System32\ikeext.dll
12:56:46.0748 1044        IKEEXT - ok
12:56:46.0777 1044        intelide        (a0f12f2c9ba6c72f3987ce780e77c130) C:\Windows\system32\drivers\intelide.sys
12:56:46.0791 1044        intelide - ok
12:56:46.0811 1044        intelppm        (3b514d27bfc4accb4037bc6685f766e0) C:\Windows\system32\DRIVERS\intelppm.sys
12:56:46.0828 1044        intelppm - ok
12:56:46.0849 1044        IPBusEnum      (acb364b9075a45c0736e5c47be5cae19) C:\Windows\system32\ipbusenum.dll
12:56:46.0902 1044        IPBusEnum - ok
12:56:46.0932 1044        IpFilterDriver  (709d1761d3b19a932ff0238ea6d50200) C:\Windows\system32\DRIVERS\ipfltdrv.sys
12:56:46.0982 1044        IpFilterDriver - ok
12:56:47.0032 1044        iphlpsvc        (4d65a07b795d6674312f879d09aa7663) C:\Windows\System32\iphlpsvc.dll
12:56:47.0099 1044        iphlpsvc - ok
12:56:47.0138 1044        IPMIDRV        (4bd7134618c1d2a27466a099062547bf) C:\Windows\system32\drivers\IPMIDrv.sys
12:56:47.0188 1044        IPMIDRV - ok
12:56:47.0214 1044        IPNAT          (a5fa468d67abcdaa36264e463a7bb0cd) C:\Windows\system32\drivers\ipnat.sys
12:56:47.0255 1044        IPNAT - ok
12:56:47.0286 1044        IRENUM          (42996cff20a3084a56017b7902307e9f) C:\Windows\system32\drivers\irenum.sys
12:56:47.0323 1044        IRENUM - ok
12:56:47.0354 1044        isapnp          (1f32bb6b38f62f7df1a7ab7292638a35) C:\Windows\system32\drivers\isapnp.sys
12:56:47.0369 1044        isapnp - ok
12:56:47.0394 1044        iScsiPrt        (cb7a9abb12b8415bce5d74994c7ba3ae) C:\Windows\system32\drivers\msiscsi.sys
12:56:47.0415 1044        iScsiPrt - ok
12:56:47.0453 1044        kbdclass        (adef52ca1aeae82b50df86b56413107e) C:\Windows\system32\drivers\kbdclass.sys
12:56:47.0468 1044        kbdclass - ok
12:56:47.0501 1044        kbdhid          (9e3ced91863e6ee98c24794d05e27a71) C:\Windows\system32\drivers\kbdhid.sys
12:56:47.0528 1044        kbdhid - ok
12:56:47.0548 1044        KeyIso          (81951f51e318aecc2d68559e47485cc4) C:\Windows\system32\lsass.exe
12:56:47.0566 1044        KeyIso - ok
12:56:47.0583 1044        KSecDD          (f4647bb23db9038a7536cf6b68f4207f) C:\Windows\system32\Drivers\ksecdd.sys
12:56:47.0599 1044        KSecDD - ok
12:56:47.0612 1044        KSecPkg        (e73cae53bbb72ba26918492c6b4c229d) C:\Windows\system32\Drivers\ksecpkg.sys
12:56:47.0630 1044        KSecPkg - ok
12:56:47.0682 1044        KtmRm          (89a7b9cc98d0d80c6f31b91c0a310fcd) C:\Windows\system32\msdtckrm.dll
12:56:47.0756 1044        KtmRm - ok
12:56:47.0789 1044        LanmanServer    (d64af876d53eca3668bb97b51b4e70ab) C:\Windows\system32\srvsvc.dll
12:56:47.0850 1044        LanmanServer - ok
12:56:47.0895 1044        LanmanWorkstation (58405e4f68ba8e4057c6e914f326aba2) C:\Windows\System32\wkssvc.dll
12:56:47.0937 1044        LanmanWorkstation - ok
12:56:48.0010 1044        lltdio          (f7611ec07349979da9b0ae1f18ccc7a6) C:\Windows\system32\DRIVERS\lltdio.sys
12:56:48.0082 1044        lltdio - ok
12:56:48.0127 1044        lltdsvc        (5700673e13a2117fa3b9020c852c01e2) C:\Windows\System32\lltdsvc.dll
12:56:48.0171 1044        lltdsvc - ok
12:56:48.0193 1044        lmhosts        (55ca01ba19d0006c8f2639b6c045e08b) C:\Windows\System32\lmhsvc.dll
12:56:48.0234 1044        lmhosts - ok
12:56:48.0255 1044        LSI_FC          (eb119a53ccf2acc000ac71b065b78fef) C:\Windows\system32\DRIVERS\lsi_fc.sys
12:56:48.0271 1044        LSI_FC - ok
12:56:48.0295 1044        LSI_SAS        (8ade1c877256a22e49b75d1cc9161f9c) C:\Windows\system32\DRIVERS\lsi_sas.sys
12:56:48.0312 1044        LSI_SAS - ok
12:56:48.0325 1044        LSI_SAS2        (dc9dc3d3daa0e276fd2ec262e38b11e9) C:\Windows\system32\DRIVERS\lsi_sas2.sys
12:56:48.0341 1044        LSI_SAS2 - ok
12:56:48.0354 1044        LSI_SCSI        (0a036c7d7cab643a7f07135ac47e0524) C:\Windows\system32\DRIVERS\lsi_scsi.sys
12:56:48.0371 1044        LSI_SCSI - ok
12:56:48.0384 1044        luafv          (6703e366cc18d3b6e534f5cf7df39cee) C:\Windows\system32\drivers\luafv.sys
12:56:48.0425 1044        luafv - ok
12:56:48.0462 1044        MBAMProtector  (b7ca8cc3f978201856b6ab82f40953c3) C:\Windows\system32\drivers\mbam.sys
12:56:48.0474 1044        MBAMProtector - ok
12:56:48.0528 1044        MBAMService    (056b19651bd7b7ce5f89a3ac46dbdc08) C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe
12:56:48.0562 1044        MBAMService - ok
12:56:48.0586 1044        Mcx2Svc        (bfb9ee8ee977efe85d1a3105abef6dd1) C:\Windows\system32\Mcx2Svc.dll
12:56:48.0607 1044        Mcx2Svc - ok
12:56:48.0634 1044        megasas        (0fff5b045293002ab38eb1fd1fc2fb74) C:\Windows\system32\DRIVERS\megasas.sys
12:56:48.0649 1044        megasas - ok
12:56:48.0676 1044        MegaSR          (dcbab2920c75f390caf1d29f675d03d6) C:\Windows\system32\DRIVERS\MegaSR.sys
12:56:48.0697 1044        MegaSR - ok
12:56:48.0725 1044        MMCSS          (146b6f43a673379a3c670e86d89be5ea) C:\Windows\system32\mmcss.dll
12:56:48.0773 1044        MMCSS - ok
12:56:48.0785 1044        Modem          (f001861e5700ee84e2d4e52c712f4964) C:\Windows\system32\drivers\modem.sys
12:56:48.0839 1044        Modem - ok
12:56:48.0857 1044        monitor        (79d10964de86b292320e9dfe02282a23) C:\Windows\system32\DRIVERS\monitor.sys
12:56:48.0887 1044        monitor - ok
12:56:48.0923 1044        mouclass        (fb18cc1d4c2e716b6b903b0ac0cc0609) C:\Windows\system32\DRIVERS\mouclass.sys
12:56:48.0938 1044        mouclass - ok
12:56:48.0975 1044        mouhid          (2c388d2cd01c9042596cf3c8f3c7b24d) C:\Windows\system32\DRIVERS\mouhid.sys
12:56:49.0005 1044        mouhid - ok
12:56:49.0035 1044        mountmgr        (fc8771f45ecccfd89684e38842539b9b) C:\Windows\system32\drivers\mountmgr.sys
12:56:49.0051 1044        mountmgr - ok
12:56:49.0083 1044        mpio            (2d699fb6e89ce0d8da14ecc03b3edfe0) C:\Windows\system32\drivers\mpio.sys
12:56:49.0115 1044        mpio - ok
12:56:49.0131 1044        mpsdrv          (ad2723a7b53dd1aacae6ad8c0bfbf4d0) C:\Windows\system32\drivers\mpsdrv.sys
12:56:49.0178 1044        mpsdrv - ok
12:56:49.0226 1044        MpsSvc          (9835584e999d25004e1ee8e5f3e3b881) C:\Windows\system32\mpssvc.dll
12:56:49.0289 1044        MpsSvc - ok
12:56:49.0326 1044        MRxDAV          (ceb46ab7c01c9f825f8cc6babc18166a) C:\Windows\system32\drivers\mrxdav.sys
12:56:49.0384 1044        MRxDAV - ok
12:56:49.0426 1044        mrxsmb          (5d16c921e3671636c0eba3bbaac5fd25) C:\Windows\system32\DRIVERS\mrxsmb.sys
12:56:49.0487 1044        mrxsmb - ok
12:56:49.0524 1044        mrxsmb10        (6d17a4791aca19328c685d256349fefc) C:\Windows\system32\DRIVERS\mrxsmb10.sys
12:56:49.0565 1044        mrxsmb10 - ok
12:56:49.0593 1044        mrxsmb20        (b81f204d146000be76651a50670a5e9e) C:\Windows\system32\DRIVERS\mrxsmb20.sys
12:56:49.0622 1044        mrxsmb20 - ok
12:56:49.0662 1044        msahci          (012c5f4e9349e711e11e0f19a8589f0a) C:\Windows\system32\drivers\msahci.sys
12:56:49.0695 1044        msahci - ok
12:56:49.0720 1044        msdsm          (55055f8ad8be27a64c831322a780a228) C:\Windows\system32\drivers\msdsm.sys
12:56:49.0737 1044        msdsm - ok
12:56:49.0774 1044        MSDTC          (e1bce74a3bd9902b72599c0192a07e27) C:\Windows\System32\msdtc.exe
12:56:49.0824 1044        MSDTC - ok
12:56:49.0852 1044        Msfs            (daefb28e3af5a76abcc2c3078c07327f) C:\Windows\system32\drivers\Msfs.sys
12:56:49.0891 1044        Msfs - ok
12:56:49.0913 1044        mshidkmdf      (3e1e5767043c5af9367f0056295e9f84) C:\Windows\System32\drivers\mshidkmdf.sys
12:56:49.0951 1044        mshidkmdf - ok
12:56:49.0969 1044        msisadrv        (0a4e5757ae09fa9622e3158cc1aef114) C:\Windows\system32\drivers\msisadrv.sys
12:56:49.0983 1044        msisadrv - ok
12:56:50.0023 1044        MSiSCSI        (90f7d9e6b6f27e1a707d4a297f077828) C:\Windows\system32\iscsiexe.dll
12:56:50.0070 1044        MSiSCSI - ok
12:56:50.0110 1044        msiserver - ok
12:56:50.0260 1044        MSKSSRV        (8c0860d6366aaffb6c5bb9df9448e631) C:\Windows\system32\drivers\MSKSSRV.sys
12:56:50.0333 1044        MSKSSRV - ok
12:56:50.0357 1044        MSPCLOCK        (3ea8b949f963562cedbb549eac0c11ce) C:\Windows\system32\drivers\MSPCLOCK.sys
12:56:50.0405 1044        MSPCLOCK - ok
12:56:50.0430 1044        MSPQM          (f456e973590d663b1073e9c463b40932) C:\Windows\system32\drivers\MSPQM.sys
12:56:50.0491 1044        MSPQM - ok
12:56:50.0542 1044        MsRPC          (0e008fc4819d238c51d7c93e7b41e560) C:\Windows\system32\drivers\MsRPC.sys
12:56:50.0580 1044        MsRPC - ok
12:56:50.0608 1044        mssmbios        (fc6b9ff600cc585ea38b12589bd4e246) C:\Windows\system32\drivers\mssmbios.sys
12:56:50.0626 1044        mssmbios - ok
12:56:50.0638 1044        MSTEE          (b42c6b921f61a6e55159b8be6cd54a36) C:\Windows\system32\drivers\MSTEE.sys
12:56:50.0677 1044        MSTEE - ok
12:56:50.0697 1044        MTConfig        (33599130f44e1f34631cea241de8ac84) C:\Windows\system32\DRIVERS\MTConfig.sys
12:56:50.0715 1044        MTConfig - ok
12:56:50.0726 1044        Mup            (159fad02f64e6381758c990f753bcc80) C:\Windows\system32\Drivers\mup.sys
12:56:50.0741 1044        Mup - ok
12:56:50.0783 1044        napagent        (61d57a5d7c6d9afe10e77dae6e1b445e) C:\Windows\system32\qagentRT.dll
12:56:50.0842 1044        napagent - ok
12:56:50.0916 1044        NativeWifiP    (26384429fcd85d83746f63e798ab1480) C:\Windows\system32\DRIVERS\nwifi.sys
12:56:50.0955 1044        NativeWifiP - ok
12:56:50.0986 1044        NDIS            (e7c54812a2aaf43316eb6930c1ffa108) C:\Windows\system32\drivers\ndis.sys
12:56:51.0022 1044        NDIS - ok
12:56:51.0046 1044        NdisCap        (0e1787aa6c9191d3d319e8bafe86f80c) C:\Windows\system32\DRIVERS\ndiscap.sys
12:56:51.0089 1044        NdisCap - ok
12:56:51.0109 1044        NdisTapi        (e4a8aec125a2e43a9e32afeea7c9c888) C:\Windows\system32\DRIVERS\ndistapi.sys
12:56:51.0159 1044        NdisTapi - ok
12:56:51.0201 1044        Ndisuio        (d8a65dafb3eb41cbb622745676fcd072) C:\Windows\system32\DRIVERS\ndisuio.sys
12:56:51.0237 1044        Ndisuio - ok
12:56:51.0270 1044        NdisWan        (38fbe267e7e6983311179230facb1017) C:\Windows\system32\DRIVERS\ndiswan.sys
12:56:51.0329 1044        NdisWan - ok
12:56:51.0376 1044        NDProxy        (a4bdc541e69674fbff1a8ff00be913f2) C:\Windows\system32\drivers\NDProxy.sys
12:56:51.0425 1044        NDProxy - ok
12:56:51.0464 1044        NetBIOS        (80b275b1ce3b0e79909db7b39af74d51) C:\Windows\system32\DRIVERS\netbios.sys
12:56:51.0546 1044        NetBIOS - ok
12:56:51.0586 1044        NetBT          (280122ddcf04b378edd1ad54d71c1e54) C:\Windows\system32\DRIVERS\netbt.sys
12:56:51.0643 1044        NetBT - ok
12:56:51.0665 1044        Netlogon        (81951f51e318aecc2d68559e47485cc4) C:\Windows\system32\lsass.exe
12:56:51.0692 1044        Netlogon - ok
12:56:51.0733 1044        Netman          (7cccfca7510684768da22092d1fa4db2) C:\Windows\System32\netman.dll
12:56:51.0792 1044        Netman - ok
12:56:51.0828 1044        netprofm        (8c338238c16777a802d6a9211eb2ba50) C:\Windows\System32\netprofm.dll
12:56:51.0886 1044        netprofm - ok
12:56:51.0972 1044        NetTcpPortSharing (f476ec40033cdb91efbe73eb99b8362d) C:\Windows\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\SMSvcHost.exe
12:56:51.0997 1044        NetTcpPortSharing - ok
12:56:52.0155 1044        netw5v32        (58218ec6b61b1169cf54aab0d00f5fe2) C:\Windows\system32\DRIVERS\netw5v32.sys
12:56:52.0315 1044        netw5v32 - ok
12:56:52.0408 1044        nfrd960        (1d85c4b390b0ee09c7a46b91efb2c097) C:\Windows\system32\DRIVERS\nfrd960.sys
12:56:52.0438 1044        nfrd960 - ok
12:56:52.0480 1044        NlaSvc          (912084381d30d8b89ec4e293053f4710) C:\Windows\System32\nlasvc.dll
12:56:52.0564 1044        NlaSvc - ok
12:56:52.0576 1044        Npfs            (1db262a9f8c087e8153d89bef3d2235f) C:\Windows\system32\drivers\Npfs.sys
12:56:52.0639 1044        Npfs - ok
12:56:52.0669 1044        nsi            (ba387e955e890c8a88306d9b8d06bf17) C:\Windows\system32\nsisvc.dll
12:56:52.0709 1044        nsi - ok
12:56:52.0719 1044        nsiproxy        (e9a0a4d07e53d8fea2bb8387a3293c58) C:\Windows\system32\drivers\nsiproxy.sys
12:56:52.0770 1044        nsiproxy - ok
12:56:52.0817 1044        Ntfs            (81189c3d7763838e55c397759d49007a) C:\Windows\system32\drivers\Ntfs.sys
12:56:52.0869 1044        Ntfs - ok
12:56:52.0887 1044        Null            (f9756a98d69098dca8945d62858a812c) C:\Windows\system32\drivers\Null.sys
12:56:52.0935 1044        Null - ok
12:56:53.0118 1044        nvlddmkm        (05b288b25c2ebd9a4e9e5114ae790876) C:\Windows\system32\DRIVERS\nvlddmkm.sys
12:56:53.0409 1044        nvlddmkm - ok
12:56:53.0518 1044        nvraid          (b3e25ee28883877076e0e1ff877d02e0) C:\Windows\system32\drivers\nvraid.sys
12:56:53.0552 1044        nvraid - ok
12:56:53.0575 1044        nvstor          (4380e59a170d88c4f1022eff6719a8a4) C:\Windows\system32\drivers\nvstor.sys
12:56:53.0593 1044        nvstor - ok
12:56:53.0633 1044        nvsvc          (e937a615d4289e83e234c3ec26092431) C:\Windows\system32\nvvsvc.exe
12:56:53.0651 1044        nvsvc - ok
12:56:53.0672 1044        nv_agp          (5a0983915f02bae73267cc2a041f717d) C:\Windows\system32\drivers\nv_agp.sys
12:56:53.0689 1044        nv_agp - ok
12:56:53.0714 1044        ohci1394        (08a70a1f2cdde9bb49b885cb817a66eb) C:\Windows\system32\drivers\ohci1394.sys
12:56:53.0739 1044        ohci1394 - ok
12:56:53.0772 1044        p2pimsvc        (82a8521ddc60710c3d3d3e7325209bec) C:\Windows\system32\pnrpsvc.dll
12:56:53.0823 1044        p2pimsvc - ok
12:56:53.0852 1044        p2psvc          (59c3ddd501e39e006dac31bf55150d91) C:\Windows\system32\p2psvc.dll
12:56:53.0900 1044        p2psvc - ok
12:56:53.0931 1044        Parport        (2ea877ed5dd9713c5ac74e8ea7348d14) C:\Windows\system32\DRIVERS\parport.sys
12:56:53.0958 1044        Parport - ok
12:56:53.0986 1044        partmgr        (bf8f6af06da75b336f07e23aef97d93b) C:\Windows\system32\drivers\partmgr.sys
12:56:54.0001 1044        partmgr - ok
12:56:54.0024 1044        Parvdm          (eb0a59f29c19b86479d36b35983daadc) C:\Windows\system32\DRIVERS\parvdm.sys
12:56:54.0041 1044        Parvdm - ok
12:56:54.0063 1044        PcaSvc          (358ab7956d3160000726574083dfc8a6) C:\Windows\System32\pcasvc.dll
12:56:54.0087 1044        PcaSvc - ok
12:56:54.0117 1044        pci            (673e55c3498eb970088e812ea820aa8f) C:\Windows\system32\drivers\pci.sys
12:56:54.0135 1044        pci - ok
12:56:54.0151 1044        pciide          (afe86f419014db4e5593f69ffe26ce0a) C:\Windows\system32\drivers\pciide.sys
12:56:54.0166 1044        pciide - ok
12:56:54.0179 1044        pcmcia          (f396431b31693e71e8a80687ef523506) C:\Windows\system32\DRIVERS\pcmcia.sys
12:56:54.0198 1044        pcmcia - ok
12:56:54.0209 1044        pcw            (250f6b43d2b613172035c6747aeeb19f) C:\Windows\system32\drivers\pcw.sys
12:56:54.0224 1044        pcw - ok
12:56:54.0253 1044        PEAUTH          (9e0104ba49f4e6973749a02bf41344ed) C:\Windows\system32\drivers\peauth.sys
12:56:54.0315 1044        PEAUTH - ok
12:56:54.0387 1044        pla            (414bba67a3ded1d28437eb66aeb8a720) C:\Windows\system32\pla.dll
12:56:54.0485 1044        pla - ok
12:56:54.0570 1044        PlugPlay        (ec7bc28d207da09e79b3e9faf8b232ca) C:\Windows\system32\umpnpmgr.dll
12:56:54.0633 1044        PlugPlay - ok
12:56:54.0660 1044        PNRPAutoReg    (63ff8572611249931eb16bb8eed6afc8) C:\Windows\system32\pnrpauto.dll
12:56:54.0694 1044        PNRPAutoReg - ok
12:56:54.0715 1044        PNRPsvc        (82a8521ddc60710c3d3d3e7325209bec) C:\Windows\system32\pnrpsvc.dll
12:56:54.0741 1044        PNRPsvc - ok
12:56:54.0808 1044        Point32        (896d916de06f5502d301e8c4dc442ae8) C:\Windows\system32\DRIVERS\point32.sys
12:56:54.0832 1044        Point32 - ok
12:56:54.0869 1044        PolicyAgent    (53946b69ba0836bd95b03759530c81ec) C:\Windows\System32\ipsecsvc.dll
12:56:54.0921 1044        PolicyAgent - ok
12:56:54.0948 1044        Power          (f87d30e72e03d579a5199ccb3831d6ea) C:\Windows\system32\umpo.dll
12:56:54.0989 1044        Power - ok
12:56:55.0032 1044        PptpMiniport    (631e3e205ad6d86f2aed6a4a8e69f2db) C:\Windows\system32\DRIVERS\raspptp.sys
12:56:55.0109 1044        PptpMiniport - ok
12:56:55.0142 1044        Processor      (85b1e3a0c7585bc4aae6899ec6fcf011) C:\Windows\system32\DRIVERS\processr.sys
12:56:55.0175 1044        Processor - ok
12:56:55.0231 1044        ProfSvc        (43ca4ccc22d52fb58e8988f0198851d0) C:\Windows\system32\profsvc.dll
12:56:55.0287 1044        ProfSvc - ok
12:56:55.0315 1044        ProtectedStorage (81951f51e318aecc2d68559e47485cc4) C:\Windows\system32\lsass.exe
12:56:55.0332 1044        ProtectedStorage - ok
12:56:55.0362 1044        Psched          (6270ccae2a86de6d146529fe55b3246a) C:\Windows\system32\DRIVERS\pacer.sys
12:56:55.0411 1044        Psched - ok
12:56:55.0461 1044        ql2300          (ab95ecf1f6659a60ddc166d8315b0751) C:\Windows\system32\DRIVERS\ql2300.sys
12:56:55.0519 1044        ql2300 - ok
12:56:55.0538 1044        ql40xx          (b4dd51dd25182244b86737dc51af2270) C:\Windows\system32\DRIVERS\ql40xx.sys
12:56:55.0555 1044        ql40xx - ok
12:56:55.0594 1044        QWAVE          (31ac809e7707eb580b2bdb760390765a) C:\Windows\system32\qwave.dll
12:56:55.0655 1044        QWAVE - ok
12:56:55.0667 1044        QWAVEdrv        (584078ca1b95ca72df2a27c336f9719d) C:\Windows\system32\drivers\qwavedrv.sys
12:56:55.0688 1044        QWAVEdrv - ok
12:56:55.0709 1044        RasAcd          (30a81b53c766d0133bb86d234e5556ab) C:\Windows\system32\DRIVERS\rasacd.sys
12:56:55.0760 1044        RasAcd - ok
12:56:55.0810 1044        RasAgileVpn    (57ec4aef73660166074d8f7f31c0d4fd) C:\Windows\system32\DRIVERS\AgileVpn.sys
12:56:55.0885 1044        RasAgileVpn - ok
12:56:55.0907 1044        RasAuto        (a60f1839849c0c00739787fd5ec03f13) C:\Windows\System32\rasauto.dll
12:56:55.0950 1044        RasAuto - ok
12:56:55.0972 1044        Rasl2tp        (d9f91eafec2815365cbe6d167e4e332a) C:\Windows\system32\DRIVERS\rasl2tp.sys
12:56:56.0021 1044        Rasl2tp - ok
12:56:56.0081 1044        RasMan          (cb9e04dc05eacf5b9a36ca276d475006) C:\Windows\System32\rasmans.dll
12:56:56.0149 1044        RasMan - ok
12:56:56.0177 1044        RasPppoe        (0fe8b15916307a6ac12bfb6a63e45507) C:\Windows\system32\DRIVERS\raspppoe.sys
12:56:56.0216 1044        RasPppoe - ok
12:56:56.0254 1044        RasSstp        (44101f495a83ea6401d886e7fd70096b) C:\Windows\system32\DRIVERS\rassstp.sys
12:56:56.0330 1044        RasSstp - ok
12:56:56.0368 1044        rdbss          (d528bc58a489409ba40334ebf96a311b) C:\Windows\system32\DRIVERS\rdbss.sys
12:56:56.0438 1044        rdbss - ok
12:56:56.0466 1044        rdpbus          (0d8f05481cb76e70e1da06ee9f0da9df) C:\Windows\system32\DRIVERS\rdpbus.sys
12:56:56.0500 1044        rdpbus - ok
12:56:56.0533 1044        RDPCDD          (23dae03f29d253ae74c44f99e515f9a1) C:\Windows\system32\DRIVERS\RDPCDD.sys
12:56:56.0596 1044        RDPCDD - ok
12:56:56.0629 1044        RDPENCDD        (5a53ca1598dd4156d44196d200c94b8a) C:\Windows\system32\drivers\rdpencdd.sys
12:56:56.0676 1044        RDPENCDD - ok
12:56:56.0696 1044        RDPREFMP        (44b0a53cd4f27d50ed461dae0c0b4e1f) C:\Windows\system32\drivers\rdprefmp.sys
12:56:56.0743 1044        RDPREFMP - ok
12:56:56.0771 1044        RDPWD          (244c83332f44589ae98fc347f11b2693) C:\Windows\system32\drivers\RDPWD.sys
12:56:56.0815 1044        RDPWD - ok
12:56:56.0869 1044        rdyboost        (518395321dc96fe2c9f0e96ac743b656) C:\Windows\system32\drivers\rdyboost.sys
12:56:56.0896 1044        rdyboost - ok
12:56:56.0933 1044        RemoteAccess    (7b5e1419717fac363a31cc302895217a) C:\Windows\System32\mprdim.dll
12:56:56.0993 1044        RemoteAccess - ok
12:56:57.0047 1044        RemoteRegistry  (cb9a8683f4ef2bf99e123d79950d7935) C:\Windows\system32\regsvc.dll
12:56:57.0116 1044        RemoteRegistry - ok
12:56:57.0156 1044        RpcEptMapper    (78d072f35bc45d9e4e1b61895c152234) C:\Windows\System32\RpcEpMap.dll
12:56:57.0231 1044        RpcEptMapper - ok
12:56:57.0259 1044        RpcLocator      (94d36c0e44677dd26981d2bfeef2a29d) C:\Windows\system32\locator.exe
12:56:57.0282 1044        RpcLocator - ok
12:56:57.0318 1044        RpcSs          (7660f01d3b38aca1747e397d21d790af) C:\Windows\system32\rpcss.dll
12:56:57.0361 1044        RpcSs - ok
12:56:57.0426 1044        rspndr          (032b0d36ad92b582d869879f5af5b928) C:\Windows\system32\DRIVERS\rspndr.sys
12:56:57.0489 1044        rspndr - ok
12:56:57.0511 1044        SamSs          (81951f51e318aecc2d68559e47485cc4) C:\Windows\system32\lsass.exe
12:56:57.0528 1044        SamSs - ok
12:56:57.0572 1044        sbp2port        (05d860da1040f111503ac416ccef2bca) C:\Windows\system32\drivers\sbp2port.sys
12:56:57.0588 1044        sbp2port - ok
12:56:57.0622 1044        SCardSvr        (8fc518ffe9519c2631d37515a68009c4) C:\Windows\System32\SCardSvr.dll
12:56:57.0663 1044        SCardSvr - ok
12:56:57.0698 1044        scfilter        (0693b5ec673e34dc147e195779a4dcf6) C:\Windows\system32\DRIVERS\scfilter.sys
12:56:57.0766 1044        scfilter - ok
12:56:57.0814 1044        Schedule        (a04bb13f8a72f8b6e8b4071723e4e336) C:\Windows\system32\schedsvc.dll
12:56:57.0918 1044        Schedule - ok
12:56:57.0958 1044        SCPolicySvc    (319c6b309773d063541d01df8ac6f55f) C:\Windows\System32\certprop.dll
12:56:58.0010 1044        SCPolicySvc - ok
12:56:58.0090 1044        sdbus          (0328be1c7f1cba23848179f8762e391c) C:\Windows\system32\drivers\sdbus.sys
12:56:58.0143 1044        sdbus - ok
12:56:58.0177 1044        SDRSVC          (08236c4bce5edd0a0318a438af28e0f7) C:\Windows\System32\SDRSVC.dll
12:56:58.0227 1044        SDRSVC - ok
12:56:58.0282 1044        secdrv          (90a3935d05b494a5a39d37e71f09a677) C:\Windows\system32\drivers\secdrv.sys
12:56:58.0352 1044        secdrv - ok
12:56:58.0378 1044        seclogon        (a59b3a4442c52060cc7a85293aa3546f) C:\Windows\system32\seclogon.dll
12:56:58.0431 1044        seclogon - ok
12:56:58.0467 1044        SENS            (dcb7fcdcc97f87360f75d77425b81737) C:\Windows\System32\sens.dll
12:56:58.0521 1044        SENS - ok
12:56:58.0553 1044        SensrSvc        (50087fe1ee447009c9cc2997b90de53f) C:\Windows\system32\sensrsvc.dll
12:56:58.0597 1044        SensrSvc - ok
12:56:58.0650 1044        Serenum        (9ad8b8b515e3df6acd4212ef465de2d1) C:\Windows\system32\DRIVERS\serenum.sys
12:56:58.0689 1044        Serenum - ok
12:56:58.0726 1044        Serial          (5fb7fcea0490d821f26f39cc5ea3d1e2) C:\Windows\system32\DRIVERS\serial.sys
12:56:58.0761 1044        Serial - ok
12:56:58.0797 1044        sermouse        (79bffb520327ff916a582dfea17aa813) C:\Windows\system32\DRIVERS\sermouse.sys
12:56:58.0830 1044        sermouse - ok
12:56:58.0869 1044        SessionEnv      (4ae380f39a0032eab7dd953030b26d28) C:\Windows\system32\sessenv.dll
12:56:58.0950 1044        SessionEnv - ok
12:56:58.0987 1044        sffdisk        (9f976e1eb233df46fce808d9dea3eb9c) C:\Windows\system32\drivers\sffdisk.sys
12:56:59.0036 1044        sffdisk - ok
12:56:59.0049 1044        sffp_mmc        (932a68ee27833cfd57c1639d375f2731) C:\Windows\system32\drivers\sffp_mmc.sys
12:56:59.0075 1044        sffp_mmc - ok
12:56:59.0095 1044        sffp_sd        (6d4ccaedc018f1cf52866bbbaa235982) C:\Windows\system32\drivers\sffp_sd.sys
12:56:59.0115 1044        sffp_sd - ok
12:56:59.0136 1044        sfloppy        (db96666cc8312ebc45032f30b007a547) C:\Windows\system32\DRIVERS\sfloppy.sys
12:56:59.0166 1044        sfloppy - ok
12:56:59.0206 1044        SharedAccess    (d1a079a0de2ea524513b6930c24527a2) C:\Windows\System32\ipnathlp.dll
12:56:59.0265 1044        SharedAccess - ok
12:56:59.0312 1044        ShellHWDetection (414da952a35bf5d50192e28263b40577) C:\Windows\System32\shsvcs.dll
12:56:59.0382 1044        ShellHWDetection - ok
12:56:59.0444 1044        sisagp          (2565cac0dc9fe0371bdce60832582b2e) C:\Windows\system32\drivers\sisagp.sys
12:56:59.0476 1044        sisagp - ok
12:56:59.0525 1044        SiSRaid2        (a9f0486851becb6dda1d89d381e71055) C:\Windows\system32\DRIVERS\SiSRaid2.sys
12:56:59.0554 1044        SiSRaid2 - ok
12:56:59.0573 1044        SiSRaid4        (3727097b55738e2f554972c3be5bc1aa) C:\Windows\system32\DRIVERS\sisraid4.sys
12:56:59.0589 1044        SiSRaid4 - ok
12:56:59.0615 1044        Smb            (3e21c083b8a01cb70ba1f09303010fce) C:\Windows\system32\DRIVERS\smb.sys
12:56:59.0654 1044        Smb - ok
12:56:59.0701 1044        SNMPTRAP        (6a984831644eca1a33ffeae4126f4f37) C:\Windows\System32\snmptrap.exe
12:56:59.0726 1044        SNMPTRAP - ok
12:56:59.0738 1044        spldr          (95cf1ae7527fb70f7816563cbc09d942) C:\Windows\system32\drivers\spldr.sys
12:56:59.0753 1044        spldr - ok
12:56:59.0784 1044        Spooler        (866a43013535dc8587c258e43579c764) C:\Windows\System32\spoolsv.exe
12:56:59.0829 1044        Spooler - ok
12:56:59.0918 1044        sppsvc          (cf87a1de791347e75b98885214ced2b8) C:\Windows\system32\sppsvc.exe
12:57:00.0040 1044        sppsvc - ok
12:57:00.0109 1044        sppuinotify    (b0180b20b065d89232a78a40fe56eaa6) C:\Windows\system32\sppuinotify.dll
12:57:00.0182 1044        sppuinotify - ok
12:57:00.0252 1044        srv            (e4c2764065d66ea1d2d3ebc28fe99c46) C:\Windows\system32\DRIVERS\srv.sys
12:57:00.0299 1044        srv - ok
12:57:00.0315 1044        srv2            (03f0545bd8d4c77fa0ae1ceedfcc71ab) C:\Windows\system32\DRIVERS\srv2.sys
12:57:00.0353 1044        srv2 - ok
12:57:00.0378 1044        srvnet          (be6bd660caa6f291ae06a718a4fa8abc) C:\Windows\system32\DRIVERS\srvnet.sys
12:57:00.0396 1044        srvnet - ok
12:57:00.0429 1044        SSDPSRV        (d887c9fd02ac9fa880f6e5027a43e118) C:\Windows\System32\ssdpsrv.dll
12:57:00.0496 1044        SSDPSRV - ok
12:57:00.0522 1044        ssmdrv          (a36ee93698802cd899f98bfd553d8185) C:\Windows\system32\DRIVERS\ssmdrv.sys
12:57:00.0543 1044        ssmdrv - ok
12:57:00.0562 1044        SstpSvc        (d318f23be45d5e3a107469eb64815b50) C:\Windows\system32\sstpsvc.dll
12:57:00.0636 1044        SstpSvc - ok
12:57:00.0679 1044        stexstor        (db32d325c192b801df274bfd12a7e72b) C:\Windows\system32\DRIVERS\stexstor.sys
12:57:00.0694 1044        stexstor - ok
12:57:00.0746 1044        StiSvc          (e1fb3706030fb4578a0d72c2fc3689e4) C:\Windows\System32\wiaservc.dll
12:57:00.0793 1044        StiSvc - ok
12:57:00.0825 1044        swenum          (e58c78a848add9610a4db6d214af5224) C:\Windows\system32\drivers\swenum.sys
12:57:00.0839 1044        swenum - ok
12:57:00.0877 1044        swprv          (a28bd92df340e57b024ba433165d34d7) C:\Windows\System32\swprv.dll
12:57:00.0936 1044        swprv - ok
12:57:00.0988 1044        SysMain        (36650d618ca34c9d357dfd3d89b2c56f) C:\Windows\system32\sysmain.dll
12:57:01.0041 1044        SysMain - ok
12:57:01.0071 1044        TabletInputService (763fecdc3d30c815fe72dd57936c6cd1) C:\Windows\System32\TabSvc.dll
12:57:01.0096 1044        TabletInputService - ok
12:57:01.0133 1044        TapiSrv        (613bf4820361543956909043a265c6ac) C:\Windows\System32\tapisrv.dll
12:57:01.0176 1044        TapiSrv - ok
12:57:01.0211 1044        TBS            (b799d9fdb26111737f58288d8dc172d9) C:\Windows\System32\tbssvc.dll
12:57:01.0263 1044        TBS - ok
12:57:01.0362 1044        Tcpip          (65d10b191c59c5501a1263fc33f6894b) C:\Windows\system32\drivers\tcpip.sys
12:57:01.0417 1044        Tcpip - ok
12:57:01.0534 1044        TCPIP6          (65d10b191c59c5501a1263fc33f6894b) C:\Windows\system32\DRIVERS\tcpip.sys
12:57:01.0577 1044        TCPIP6 - ok
12:57:01.0623 1044        tcpipreg        (cca24162e055c3714ce5a88b100c64ed) C:\Windows\system32\drivers\tcpipreg.sys
12:57:01.0686 1044        tcpipreg - ok
12:57:01.0714 1044        TDPIPE          (1cb91b2bd8f6dd367dfc2ef26fd751b2) C:\Windows\system32\drivers\tdpipe.sys
12:57:01.0740 1044        TDPIPE - ok
12:57:01.0765 1044        TDTCP          (2c2c5afe7ee4f620d69c23c0617651a8) C:\Windows\system32\drivers\tdtcp.sys
12:57:01.0797 1044        TDTCP - ok
12:57:01.0829 1044        tdx            (b459575348c20e8121d6039da063c704) C:\Windows\system32\DRIVERS\tdx.sys
12:57:01.0905 1044        tdx - ok
12:57:01.0933 1044        TermDD          (04dbf4b01ea4bf25a9a3e84affac9b20) C:\Windows\system32\drivers\termdd.sys
12:57:01.0949 1044        TermDD - ok
12:57:01.0996 1044        TermService    (382c804c92811be57829d8e550a900e2) C:\Windows\System32\termsrv.dll
12:57:02.0086 1044        TermService - ok
12:57:02.0112 1044        Themes          (42fb6afd6b79d9fe07381609172e7ca4) C:\Windows\system32\themeservice.dll
12:57:02.0155 1044        Themes - ok
12:57:02.0191 1044        THREADORDER    (146b6f43a673379a3c670e86d89be5ea) C:\Windows\system32\mmcss.dll
12:57:02.0246 1044        THREADORDER - ok
12:57:02.0273 1044        TrkWks          (4792c0378db99a9bc2ae2de6cfff0c3a) C:\Windows\System32\trkwks.dll
12:57:02.0330 1044        TrkWks - ok
12:57:02.0370 1044        TrustedInstaller (2c49b175aee1d4364b91b531417fe583) C:\Windows\servicing\TrustedInstaller.exe
12:57:02.0428 1044        TrustedInstaller - ok
12:57:02.0480 1044        tssecsrv        (254bb140eee3c59d6114c1a86b636877) C:\Windows\system32\DRIVERS\tssecsrv.sys
12:57:02.0532 1044        tssecsrv - ok
12:57:02.0558 1044        TsUsbFlt        (fd1d6c73e6333be727cbcc6054247654) C:\Windows\system32\drivers\tsusbflt.sys
12:57:02.0600 1044        TsUsbFlt - ok
12:57:02.0654 1044        tunnel          (b2fa25d9b17a68bb93d58b0556e8c90d) C:\Windows\system32\DRIVERS\tunnel.sys
12:57:02.0719 1044        tunnel - ok
12:57:02.0774 1044        TVALZ          (792a8b80f8188aba4b2be271583f3e46) C:\Windows\system32\DRIVERS\TVALZ_O.SYS
12:57:02.0785 1044        TVALZ - ok
12:57:02.0811 1044        uagp35          (750fbcb269f4d7dd2e420c56b795db6d) C:\Windows\system32\DRIVERS\uagp35.sys
12:57:02.0826 1044        uagp35 - ok
12:57:02.0864 1044        udfs            (ee43346c7e4b5e63e54f927babbb32ff) C:\Windows\system32\DRIVERS\udfs.sys
12:57:02.0911 1044        udfs - ok
12:57:02.0949 1044        UI0Detect      (8344fd4fce927880aa1aa7681d4927e5) C:\Windows\system32\UI0Detect.exe
12:57:02.0980 1044        UI0Detect - ok
12:57:03.0029 1044        uliagpkx        (44e8048ace47befbfdc2e9be4cbc8880) C:\Windows\system32\drivers\uliagpkx.sys
12:57:03.0059 1044        uliagpkx - ok
12:57:03.0099 1044        umbus          (d295bed4b898f0fd999fcfa9b32b071b) C:\Windows\system32\drivers\umbus.sys
12:57:03.0132 1044        umbus - ok
12:57:03.0163 1044        UmPass          (7550ad0c6998ba1cb4843e920ee0feac) C:\Windows\system32\DRIVERS\umpass.sys
12:57:03.0197 1044        UmPass - ok
12:57:03.0239 1044        upnphost        (833fbb672460efce8011d262175fad33) C:\Windows\System32\upnphost.dll
12:57:03.0319 1044        upnphost - ok
12:57:03.0355 1044        usbccgp        (bd9c55d7023c5de374507acc7a14e2ac) C:\Windows\system32\drivers\usbccgp.sys
12:57:03.0405 1044        usbccgp - ok
12:57:03.0432 1044        usbcir          (04ec7cec62ec3b6d9354eee93327fc82) C:\Windows\system32\drivers\usbcir.sys
12:57:03.0471 1044        usbcir - ok
12:57:03.0498 1044        usbehci        (f92de757e4b7ce9c07c5e65423f3ae3b) C:\Windows\system32\DRIVERS\usbehci.sys
12:57:03.0515 1044        usbehci - ok
12:57:03.0550 1044        usbhub          (8dc94aec6a7e644a06135ae7506dc2e9) C:\Windows\system32\DRIVERS\usbhub.sys
12:57:03.0582 1044        usbhub - ok
12:57:03.0607 1044        usbohci        (e185d44fac515a18d9deddc23c2cdf44) C:\Windows\system32\drivers\usbohci.sys
12:57:03.0637 1044        usbohci - ok
12:57:03.0672 1044        usbprint        (797d862fe0875e75c7cc4c1ad7b30252) C:\Windows\system32\DRIVERS\usbprint.sys
12:57:03.0693 1044        usbprint - ok
12:57:03.0716 1044        USBSTOR        (f991ab9cc6b908db552166768176896a) C:\Windows\system32\drivers\USBSTOR.SYS
12:57:03.0753 1044        USBSTOR - ok
12:57:03.0775 1044        usbuhci        (68df884cf41cdada664beb01daf67e3d) C:\Windows\system32\DRIVERS\usbuhci.sys
12:57:03.0793 1044        usbuhci - ok
12:57:03.0819 1044        UxSms          (081e6e1c91aec36758902a9f727cd23c) C:\Windows\System32\uxsms.dll
12:57:03.0871 1044        UxSms - ok
12:57:03.0900 1044        VaultSvc        (81951f51e318aecc2d68559e47485cc4) C:\Windows\system32\lsass.exe
12:57:03.0942 1044        VaultSvc - ok
12:57:03.0974 1044        vdrvroot        (a059c4c3edb09e07d21a8e5c0aabd3cb) C:\Windows\system32\drivers\vdrvroot.sys
12:57:03.0988 1044        vdrvroot - ok
12:57:04.0024 1044        vds            (c3cd30495687c2a2f66a65ca6fd89be9) C:\Windows\System32\vds.exe
12:57:04.0125 1044        vds - ok
12:57:04.0156 1044        vga            (17c408214ea61696cec9c66e388b14f3) C:\Windows\system32\DRIVERS\vgapnp.sys
12:57:04.0176 1044        vga - ok
12:57:04.0196 1044        VgaSave        (8e38096ad5c8570a6f1570a61e251561) C:\Windows\System32\drivers\vga.sys
12:57:04.0235 1044        VgaSave - ok
12:57:04.0270 1044        vhdmp          (5461686cca2fda57b024547733ab42e3) C:\Windows\system32\drivers\vhdmp.sys
12:57:04.0289 1044        vhdmp - ok
12:57:04.0338 1044        viaagp          (c829317a37b4bea8f39735d4b076e923) C:\Windows\system32\drivers\viaagp.sys
12:57:04.0358 1044        viaagp - ok
12:57:04.0384 1044        ViaC7          (e02f079a6aa107f06b16549c6e5c7b74) C:\Windows\system32\DRIVERS\viac7.sys
12:57:04.0423 1044        ViaC7 - ok
12:57:04.0451 1044        viaide          (e43574f6a56a0ee11809b48c09e4fd3c) C:\Windows\system32\drivers\viaide.sys
12:57:04.0468 1044        viaide - ok
12:57:04.0493 1044        volmgr          (4c63e00f2f4b5f86ab48a58cd990f212) C:\Windows\system32\drivers\volmgr.sys
12:57:04.0508 1044        volmgr - ok
12:57:04.0553 1044        volmgrx        (b5bb72067ddddbbfb04b2f89ff8c3c87) C:\Windows\system32\drivers\volmgrx.sys
12:57:04.0576 1044        volmgrx - ok
12:57:04.0610 1044        volsnap        (f497f67932c6fa693d7de2780631cfe7) C:\Windows\system32\drivers\volsnap.sys
12:57:04.0631 1044        volsnap - ok
12:57:04.0662 1044        vsmraid        (9dfa0cc2f8855a04816729651175b631) C:\Windows\system32\DRIVERS\vsmraid.sys
12:57:04.0685 1044        vsmraid - ok
12:57:04.0750 1044        VSS            (209a3b1901b83aeb8527ed211cce9e4c) C:\Windows\system32\vssvc.exe
12:57:04.0879 1044        VSS - ok
12:57:04.0929 1044        vwifibus        (90567b1e658001e79d7c8bbd3dde5aa6) C:\Windows\System32\drivers\vwifibus.sys
12:57:04.0969 1044        vwifibus - ok
12:57:05.0020 1044        W32Time        (55187fd710e27d5095d10a472c8baf1c) C:\Windows\system32\w32time.dll
12:57:05.0096 1044        W32Time - ok
12:57:05.0119 1044        WacomPen        (de3721e89c653aa281428c8a69745d90) C:\Windows\system32\DRIVERS\wacompen.sys
12:57:05.0151 1044        WacomPen - ok
12:57:05.0201 1044        WANARP          (3c3c78515f5ab448b022bdf5b8ffdd2e) C:\Windows\system32\DRIVERS\wanarp.sys
12:57:05.0268 1044        WANARP - ok
12:57:05.0274 1044        Wanarpv6        (3c3c78515f5ab448b022bdf5b8ffdd2e) C:\Windows\system32\DRIVERS\wanarp.sys
12:57:05.0330 1044        Wanarpv6 - ok
12:57:05.0396 1044        wbengine        (691e3285e53dca558e1a84667f13e15a) C:\Windows\system32\wbengine.exe
12:57:05.0456 1044        wbengine - ok
12:57:05.0486 1044        WbioSrvc        (9614b5d29dc76ac3c29f6d2d3aa70e67) C:\Windows\System32\wbiosrvc.dll
12:57:05.0523 1044        WbioSrvc - ok
12:57:05.0565 1044        wcncsvc        (34eee0dfaadb4f691d6d5308a51315dc) C:\Windows\System32\wcncsvc.dll
12:57:05.0601 1044        wcncsvc - ok
12:57:05.0623 1044        WcsPlugInService (5d930b6357a6d2af4d7653bdabbf352f) C:\Windows\System32\WcsPlugInService.dll
12:57:05.0658 1044        WcsPlugInService - ok
12:57:05.0711 1044        Wd              (1112a9badacb47b7c0bb0392e3158dff) C:\Windows\system32\DRIVERS\wd.sys
12:57:05.0726 1044        Wd - ok
12:57:05.0752 1044        Wdf01000        (9950e3d0f08141c7e89e64456ae7dc73) C:\Windows\system32\drivers\Wdf01000.sys
12:57:05.0781 1044        Wdf01000 - ok
12:57:05.0802 1044        WdiServiceHost  (46ef9dc96265fd0b423db72e7c38c2a5) C:\Windows\system32\wdi.dll
12:57:05.0876 1044        WdiServiceHost - ok
12:57:05.0886 1044        WdiSystemHost  (46ef9dc96265fd0b423db72e7c38c2a5) C:\Windows\system32\wdi.dll
12:57:05.0910 1044        WdiSystemHost - ok
12:57:05.0938 1044        WebClient      (a9d880f97530d5b8fee278923349929d) C:\Windows\System32\webclnt.dll
12:57:05.0977 1044        WebClient - ok
12:57:05.0997 1044        Wecsvc          (760f0afe937a77cff27153206534f275) C:\Windows\system32\wecsvc.dll
12:57:06.0042 1044        Wecsvc - ok
12:57:06.0061 1044        wercplsupport  (ac804569bb2364fb6017370258a4091b) C:\Windows\System32\wercplsupport.dll
12:57:06.0110 1044        wercplsupport - ok
12:57:06.0149 1044        WerSvc          (08e420d873e4fd85241ee2421b02c4a4) C:\Windows\System32\WerSvc.dll
12:57:06.0207 1044        WerSvc - ok
12:57:06.0259 1044        WfpLwf          (8b9a943f3b53861f2bfaf6c186168f79) C:\Windows\system32\DRIVERS\wfplwf.sys
12:57:06.0298 1044        WfpLwf - ok
12:57:06.0314 1044        WIMMount        (5cf95b35e59e2a38023836fff31be64c) C:\Windows\system32\drivers\wimmount.sys
12:57:06.0328 1044        WIMMount - ok
12:57:06.0423 1044        WinDefend      (3fae8f94296001c32eab62cd7d82e0fd) C:\Program Files\Windows Defender\mpsvc.dll
12:57:06.0486 1044        WinDefend - ok
12:57:06.0491 1044        WinHttpAutoProxySvc - ok
12:57:06.0534 1044        Winmgmt        (f62e510b6ad4c21eb9fe8668ed251826) C:\Windows\system32\wbem\WMIsvc.dll
12:57:06.0575 1044        Winmgmt - ok
12:57:06.0626 1044        WinRM          (1b91cd34ea3a90ab6a4ef0550174f4cc) C:\Windows\system32\WsmSvc.dll
12:57:06.0703 1044        WinRM - ok
12:57:06.0793 1044        Wlansvc        (16935c98ff639d185086a3529b1f2067) C:\Windows\System32\wlansvc.dll
12:57:06.0847 1044        Wlansvc - ok
12:57:06.0905 1044        WmiAcpi        (0217679b8fca58714c3bf2726d2ca84e) C:\Windows\system32\drivers\wmiacpi.sys
12:57:06.0937 1044        WmiAcpi - ok
12:57:06.0989 1044        wmiApSrv        (6eb6b66517b048d87dc1856ddf1f4c3f) C:\Windows\system32\wbem\WmiApSrv.exe
12:57:07.0041 1044        wmiApSrv - ok
12:57:07.0140 1044        WMPNetworkSvc  (3b40d3a61aa8c21b88ae57c58ab3122e) C:\Program Files\Windows Media Player\wmpnetwk.exe
12:57:07.0230 1044        WMPNetworkSvc - ok
12:57:07.0297 1044        WPCSvc          (a2f0ec770a92f2b3f9de6d518e11409c) C:\Windows\System32\wpcsvc.dll
12:57:07.0346 1044        WPCSvc - ok
12:57:07.0373 1044        WPDBusEnum      (aa53356d60af47eacc85bc617a4f3f66) C:\Windows\system32\wpdbusenum.dll
12:57:07.0465 1044        WPDBusEnum - ok
12:57:07.0519 1044        ws2ifsl        (6db3276587b853bf886b69528fdb048c) C:\Windows\system32\drivers\ws2ifsl.sys
12:57:07.0587 1044        ws2ifsl - ok
12:57:07.0615 1044        wscsvc          (6f5d49efe0e7164e03ae773a3fe25340) C:\Windows\System32\wscsvc.dll
12:57:07.0650 1044        wscsvc - ok
12:57:07.0660 1044        WSearch - ok
12:57:07.0730 1044        wuauserv        (3026418a50c5b4761befa632cedb7406) C:\Windows\system32\wuaueng.dll
12:57:07.0818 1044        wuauserv - ok
12:57:07.0869 1044        WudfPf          (e714a1c0354636837e20ccbf00888ee7) C:\Windows\system32\drivers\WudfPf.sys
12:57:07.0906 1044        WudfPf - ok
12:57:07.0951 1044        WUDFRd          (1023ee888c9b47178c5293ed5336ab69) C:\Windows\system32\DRIVERS\WUDFRd.sys
12:57:07.0989 1044        WUDFRd - ok
12:57:08.0034 1044        wudfsvc        (8d1e1e529a2c9e9b6a85b55a345f7629) C:\Windows\System32\WUDFSvc.dll
12:57:08.0085 1044        wudfsvc - ok
12:57:08.0116 1044        WwanSvc        (ff2d745b560f7c71b31f30f4d49f73d2) C:\Windows\System32\wwansvc.dll
12:57:08.0151 1044        WwanSvc - ok
12:57:08.0168 1044        MBR (0x1B8)    (a36c5e4f47e84449ff07ed3517b43a31) \Device\Harddisk0\DR0
12:57:08.0299 1044        \Device\Harddisk0\DR0 - ok
12:57:08.0302 1044        MBR (0x1B8)    (180dbde3af7ea48b3db3ac27b1ddf401) \Device\Harddisk1\DR1
12:57:14.0945 1044        \Device\Harddisk1\DR1 - ok
12:57:14.0959 1044        Boot (0x1200)  (6fdcdb384eb402f5fb79a7fa17b3665d) \Device\Harddisk0\DR0\Partition0
12:57:14.0960 1044        \Device\Harddisk0\DR0\Partition0 - ok
12:57:14.0987 1044        Boot (0x1200)  (15031afd4d9f49814de92e81c9326051) \Device\Harddisk0\DR0\Partition1
12:57:14.0988 1044        \Device\Harddisk0\DR0\Partition1 - ok
12:57:14.0990 1044        Boot (0x1200)  (10d3435927362cf0cbf8b5c8d71f1609) \Device\Harddisk1\DR1\Partition0
12:57:14.0991 1044        \Device\Harddisk1\DR1\Partition0 - ok
12:57:14.0991 1044        ============================================================
12:57:14.0991 1044        Scan finished
12:57:14.0991 1044        ============================================================
12:57:14.0993 2328        Detected object count: 0
12:57:14.0993 2328        Actual detected object count: 0

cosinus 02.04.2012 12:43
Zitat:
ok missverständnis, sorry
Der Link dazu ist eine Anleitung! Wenn man das mal richtig liest ist der Artikel auch klar als Anleitung erkennbar!

Dann bitte jetzt CF ausführen:

ComboFix

Ein Leitfaden und Tutorium zur Nutzung von ComboFix
  • Schliesse alle Programme, vor allem dein Antivirenprogramm und andere Hintergrundwächter sowie deinen Internetbrowser.
  • Starte combofix.exe von deinem Desktop aus, bestätige die Warnmeldungen, führe die Updates durch (falls vorgeschlagen), installiere die Wiederherstellungskonsole (falls vorgeschlagen) und lass dein System durchsuchen.
    Vermeide es auch während Combofix läuft die Maus und Tastatur zu benutzen.
  • Im Anschluss öffnet sich automatisch eine combofix.txt, diesen Inhalt bitte kopieren ([Strg]a, [Strg]c) und in deinen Beitrag einfügen ([Strg]v). Die Datei findest du außerdem unter: C:\ComboFix.txt.
Wichtiger Hinweis:
Combofix darf ausschließlich ausgeführt werden, wenn ein Kompetenzler dies ausdrücklich empfohlen hat!

Es sollte nie auf eigene Initiative hin ausgeführt werden! Eine falsche Benutzung kann ernsthafte Computerprobleme nach sich ziehen und eine Bereinigung der Infektion noch erschweren.

Solltest du nach der Ausführung von Combofix Probleme beim Starten von Anwendungen haben und Meldungen erhalten wie

Zitat:
Es wurde versucht, einen Registrierungsschlüssel einem ungültigen Vorgang zu unterziehen, der zum Löschen markiert wurde.
startest du Windows dann manuell neu und die Fehlermeldungen sollten nicht mehr auftauchen.

incebo 02.04.2012 13:10
Code:
ComboFix 12-04-01.01 - Isa 02.04.2012  13:57:50.1.2 - x86
Microsoft Windows 7 Home Premium  6.1.7601.1.1252.49.1031.18.1022.387 [GMT 2:00]
ausgeführt von:: c:\users\Isa\Desktop\ComboFix.exe
AV: Avira Desktop *Disabled/Updated* {F67B4DE5-C0B4-6C3F-0EFF-6C83BD5D0C2C}
SP: Avira Desktop *Disabled/Updated* {4D1AAC01-E68E-63B1-344F-57F1C6DA4691}
SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
.
(((((((((((((((((((((((  Dateien erstellt von 2012-03-02 bis 2012-04-02  ))))))))))))))))))))))))))))))
.
.
2012-04-02 12:04 . 2012-04-02 12:04        --------        d-----w-        c:\users\Default\AppData\Local\temp
2012-04-02 11:58 . 2012-04-02 11:58        56200        ----a-w-        c:\programdata\Microsoft\Windows Defender\Definition Updates\{DACFB00C-1D88-4AE7-B991-93505BE666E0}\offreg.dll
2012-04-02 09:16 . 2012-04-02 09:16        --------        d-----w-        C:\_OTL
2012-04-01 12:06 . 2012-04-01 12:06        --------        d-----w-        c:\programdata\WinZip
2012-03-30 18:01 . 2012-03-30 18:01        --------        d-----w-        c:\program files\Common Files\Java
2012-03-30 18:01 . 2012-03-30 18:00        472808        ----a-w-        c:\windows\system32\deployJava1.dll
2012-03-30 18:00 . 2012-03-30 18:00        --------        d-----w-        c:\program files\Java
2012-03-30 17:30 . 2012-03-30 17:30        --------        d-----w-        c:\program files\ESET
2012-03-30 16:59 . 2012-03-14 02:15        6582328        ----a-w-        c:\programdata\Microsoft\Windows Defender\Definition Updates\{DACFB00C-1D88-4AE7-B991-93505BE666E0}\mpengine.dll
2012-03-29 17:37 . 2012-03-29 17:37        --------        d-----w-        c:\program files\7-Zip
2012-03-29 16:49 . 2012-03-29 16:49        --------        d-----w-        c:\program files\Microsoft IntelliPoint
2012-03-29 16:49 . 2012-03-29 16:49        --------        d-----w-        c:\windows\PCHEALTH
2012-03-29 14:36 . 2012-03-29 14:36        --------        d-----w-        c:\users\Isa\AppData\Roaming\Malwarebytes
2012-03-29 14:36 . 2012-03-29 14:36        --------        d-----w-        c:\programdata\Malwarebytes
2012-03-29 14:36 . 2012-03-29 14:36        --------        d-----w-        c:\program files\Malwarebytes' Anti-Malware
2012-03-29 14:36 . 2011-12-10 13:24        20464        ----a-w-        c:\windows\system32\drivers\mbam.sys
2012-03-16 12:46 . 2012-03-16 12:46        --------        d-----w-        c:\program files\AC3Filter
2012-03-16 12:46 . 2009-07-19 15:03        497664        ----a-w-        c:\windows\system32\ac3filter.acm
2012-03-16 12:38 . 2012-03-16 12:39        --------        d-----w-        c:\users\Isa\AppData\Roaming\DivX
2012-03-16 12:37 . 2012-04-01 12:03        --------        d-----w-        c:\program files\Common Files\PX Storage Engine
2012-03-16 12:25 . 2012-03-16 12:34        --------        d-----w-        c:\users\Isa\AppData\Local\Google
2012-03-16 12:25 . 2012-03-16 12:27        --------        d-----w-        c:\program files\Google
2012-03-16 12:24 . 2012-04-01 12:03        --------        d-----w-        c:\program files\DivX
2012-03-16 12:23 . 2012-04-01 12:03        --------        d-----w-        c:\programdata\DivX
2012-03-16 09:22 . 2011-11-19 14:50        3968368        ----a-w-        c:\windows\system32\ntkrnlpa.exe
2012-03-16 09:22 . 2011-11-19 14:50        3913584        ----a-w-        c:\windows\system32\ntoskrnl.exe
2012-03-14 09:46 . 2012-02-03 03:54        2343424        ----a-w-        c:\windows\system32\win32k.sys
2012-03-14 09:46 . 2012-02-10 05:38        1077248        ----a-w-        c:\windows\system32\DWrite.dll
2012-03-14 09:41 . 2012-01-25 05:32        58880        ----a-w-        c:\windows\system32\rdpwsx.dll
2012-03-14 09:41 . 2012-01-25 05:32        129536        ----a-w-        c:\windows\system32\rdpcorekmts.dll
2012-03-14 09:41 . 2012-01-25 05:27        8192        ----a-w-        c:\windows\system32\rdrmemptylst.exe
2012-03-14 09:40 . 2012-02-17 05:34        826880        ----a-w-        c:\windows\system32\rdpcore.dll
2012-03-14 09:40 . 2012-02-17 04:14        183808        ----a-w-        c:\windows\system32\drivers\rdpwd.sys
2012-03-14 09:40 . 2012-02-17 04:13        24576        ----a-w-        c:\windows\system32\drivers\tdtcp.sys
2012-03-14 09:35 . 2012-03-14 09:35        --------        d-----w-        c:\programdata\boost_interprocess
2012-03-10 18:17 . 2012-03-10 18:17        --------        d-----w-        c:\windows\system32\SPReview
2012-03-10 18:16 . 2012-03-10 18:16        --------        d-----w-        c:\windows\system32\EventProviders
2012-03-10 16:47 . 2010-11-05 01:58        1130824        ----a-w-        c:\windows\system32\dfshim.dll
2012-03-10 16:46 . 2010-11-20 12:21        1010688        ----a-w-        c:\windows\system32\WindowsCodecs.dll
2012-03-10 16:45 . 2010-11-20 12:21        1326592        ----a-w-        c:\windows\system32\wlanpref.dll
2012-03-10 16:44 . 2010-11-20 12:21        11264        ----a-w-        c:\windows\system32\wshirda.dll
2012-03-10 16:19 . 2011-03-25 02:58        284672        ----a-w-        c:\windows\system32\drivers\usbport.sys
2012-03-10 12:13 . 2012-03-10 12:13        --------        d-----w-        c:\program files\Microsoft.NET
2012-03-10 12:03 . 2012-03-10 12:03        --------        d-----w-        c:\windows\system32\wbem\en-US
2012-03-09 20:30 . 2010-02-11 07:10        293376        ----a-w-        c:\windows\system32\browserchoice.exe
2012-03-08 18:12 . 2012-01-31 07:56        74640        ----a-w-        c:\windows\system32\drivers\avgntflt.sys
2012-03-08 18:12 . 2012-01-31 07:56        137416        ----a-w-        c:\windows\system32\drivers\avipbb.sys
2012-03-08 18:12 . 2011-09-16 15:08        36000        ----a-w-        c:\windows\system32\drivers\avkmgr.sys
2012-03-08 18:12 . 2012-03-08 18:12        --------        d-----w-        c:\programdata\Avira
2012-03-08 18:12 . 2012-03-08 18:12        --------        d-----w-        c:\program files\Avira
2012-03-08 17:57 . 2011-04-29 02:46        311808        ----a-w-        c:\windows\system32\drivers\srv.sys
2012-03-08 17:57 . 2011-04-29 02:46        310272        ----a-w-        c:\windows\system32\drivers\srv2.sys
2012-03-08 17:57 . 2011-04-29 02:46        114688        ----a-w-        c:\windows\system32\drivers\srvnet.sys
2012-03-08 17:57 . 2011-04-25 02:18        338944        ----a-w-        c:\windows\system32\drivers\afd.sys
2012-03-08 17:57 . 2011-09-29 16:03        1290608        ----a-w-        c:\windows\system32\drivers\tcpip.sys
2012-03-08 17:57 . 2010-11-20 12:29        187776        ----a-w-        c:\windows\system32\drivers\FWPKCLNT.SYS
2012-03-08 17:57 . 2011-11-17 05:38        1288472        ----a-w-        c:\windows\system32\ntdll.dll
2012-03-08 17:57 . 2011-02-18 05:39        31232        ----a-w-        c:\windows\system32\prevhost.exe
2012-03-08 17:56 . 2011-03-03 05:38        132608        ----a-w-        c:\windows\system32\dnsrslvr.dll
2012-03-08 17:56 . 2011-03-03 05:36        28672        ----a-w-        c:\windows\system32\dnscacheugc.exe
2012-03-08 17:56 . 2011-02-19 06:30        34304        ----a-w-        c:\windows\system32\atmlib.dll
2012-03-08 17:56 . 2011-02-19 04:34        294912        ----a-w-        c:\windows\system32\atmfd.dll
2012-03-08 17:56 . 2010-09-30 06:47        70656        ----a-w-        c:\windows\system32\fontsub.dll
2012-03-08 17:56 . 2011-10-01 04:37        708608        ----a-w-        c:\program files\Common Files\System\wab32.dll
2012-03-08 17:56 . 2011-05-24 10:44        293376        ----a-w-        c:\windows\system32\umpnpmgr.dll
2012-03-08 17:56 . 2010-11-20 12:18        145920        ----a-w-        c:\windows\system32\cfgmgr32.dll
2012-03-08 17:54 . 2011-11-19 14:01        67072        ----a-w-        c:\windows\system32\packager.dll
2012-03-08 17:54 . 2011-05-04 04:34        1549312        ----a-w-        c:\windows\system32\tquery.dll
2012-03-08 17:54 . 2011-05-04 04:32        1401344        ----a-w-        c:\windows\system32\mssrch.dll
2012-03-08 17:54 . 2011-05-04 04:32        666624        ----a-w-        c:\windows\system32\mssvp.dll
2012-03-08 17:54 . 2011-05-04 04:32        337408        ----a-w-        c:\windows\system32\mssph.dll
2012-03-08 17:54 . 2011-05-04 04:32        197120        ----a-w-        c:\windows\system32\mssphtb.dll
2012-03-08 17:54 . 2011-05-04 04:32        59392        ----a-w-        c:\windows\system32\msscntrs.dll
2012-03-08 17:54 . 2011-05-04 04:28        86528        ----a-w-        c:\windows\system32\SearchFilterHost.exe
2012-03-08 17:54 . 2011-05-04 04:28        427520        ----a-w-        c:\windows\system32\SearchIndexer.exe
2012-03-08 17:54 . 2011-05-04 04:28        164352        ----a-w-        c:\windows\system32\SearchProtocolHost.exe
2012-03-08 17:53 . 2011-02-12 05:35        191488        ----a-w-        c:\windows\system32\FXSCOVER.exe
2012-03-08 17:53 . 2010-11-20 12:17        802304        ----a-w-        c:\windows\system32\WFS.exe
2012-03-08 17:53 . 2011-10-15 05:38        534528        ----a-w-        c:\windows\system32\EncDec.dll
2012-03-08 17:53 . 2011-03-12 11:23        870912        ----a-w-        c:\windows\system32\XpsPrint.dll
2012-03-08 17:53 . 2011-02-24 05:38        288256        ----a-w-        c:\windows\system32\XpsGdiConverter.dll
2012-03-08 17:52 . 2011-10-26 04:28        38912        ----a-w-        c:\windows\system32\csrsrv.dll
2012-03-08 17:52 . 2010-12-23 05:54        850944        ----a-w-        c:\windows\system32\sbe.dll
2012-03-08 17:52 . 2010-12-23 05:54        642048        ----a-w-        c:\windows\system32\CPFilters.dll
2012-03-08 17:52 . 2010-12-23 05:50        199680        ----a-w-        c:\windows\system32\mpg2splt.ax
2012-03-08 17:52 . 2011-10-26 04:32        1328128        ----a-w-        c:\windows\system32\quartz.dll
2012-03-08 17:52 . 2011-10-26 04:32        514560        ----a-w-        c:\windows\system32\qdvd.dll
2012-03-08 17:52 . 2011-02-25 05:30        2616320        ----a-w-        c:\windows\explorer.exe
2012-03-08 17:50 . 2011-06-15 08:55        86016        ----a-w-        c:\windows\system32\odbccu32.dll
2012-03-08 17:50 . 2011-06-15 08:55        81920        ----a-w-        c:\windows\system32\odbccr32.dll
2012-03-08 17:50 . 2011-06-15 08:55        319488        ----a-w-        c:\windows\system32\odbcjt32.dll
2012-03-08 17:50 . 2011-06-15 08:55        163840        ----a-w-        c:\windows\system32\odbctrac.dll
2012-03-08 17:50 . 2011-06-15 08:55        122880        ----a-w-        c:\windows\system32\odbccp32.dll
2012-03-08 17:50 . 2011-06-15 08:54        94208        ----a-w-        c:\program files\Common Files\System\Ole DB\msdaosp.dll
2012-03-08 17:50 . 2011-01-17 05:47        161792        ----a-w-        c:\windows\system32\d3d10_1.dll
2012-03-08 17:50 . 2010-11-20 12:18        219136        ----a-w-        c:\windows\system32\d3d10_1core.dll
2012-03-08 17:50 . 2011-12-16 07:52        690688        ----a-w-        c:\windows\system32\msvcrt.dll
2012-03-08 17:50 . 2012-01-04 08:58        442880        ----a-w-        c:\windows\system32\ntshrui.dll
2012-03-08 17:45 . 2012-02-23 07:18        237072        ------w-        c:\windows\system32\MpSigStub.exe
2012-03-08 17:38 . 2012-03-08 17:38        --------        d-----w-        c:\users\Isa\AppData\Local\Adobe
2012-03-08 17:35 . 2011-03-11 05:33        1164288        ----a-w-        c:\windows\system32\mfc42u.dll
2012-03-08 17:35 . 2011-03-11 05:33        1137664        ----a-w-        c:\windows\system32\mfc42.dll
2012-03-08 17:35 . 2012-03-08 17:35        --------        d-----w-        c:\program files\Common Files\Adobe
2012-03-08 17:35 . 2011-02-23 04:47        69632        ----a-w-        c:\windows\system32\drivers\bowser.sys
2012-03-08 17:35 . 2011-04-09 05:56        123904        ----a-w-        c:\windows\system32\poqexec.exe
2012-03-08 17:34 . 2011-04-22 19:14        27008        ----a-w-        c:\windows\system32\drivers\Diskdump.sys
2012-03-08 17:34 . 2011-02-03 05:54        219008        ----a-w-        c:\windows\system32\drivers\dxgmms1.sys
2012-03-08 17:34 . 2010-11-20 12:29        728448        ----a-w-        c:\windows\system32\drivers\dxgkrnl.sys
2012-03-08 17:34 . 2010-11-20 11:56        107520        ----a-w-        c:\windows\system32\cdd.dll
2012-03-08 17:34 . 2012-04-01 12:06        --------        d-sh--w-        c:\windows\Installer
2012-03-08 17:31 . 2012-03-08 17:31        --------        d-----w-        c:\programdata\NVIDIA
2012-03-08 17:29 . 2009-03-06 10:52        797216        ----a-w-        c:\windows\system32\nvcplui.exe
2012-03-08 17:29 . 2009-03-06 10:52        453152        ----a-w-        c:\windows\system32\nvuninst.exe
2012-03-08 17:29 . 2009-03-06 10:52        420384        ----a-w-        c:\windows\system32\nvcpl.cpl
2012-03-08 17:29 . 2009-03-06 10:52        1108512        ----a-w-        c:\windows\system32\nvcpluir.dll
2012-03-08 17:28 . 2012-03-08 17:28        --------        d-----w-        c:\users\Isa\AppData\Local\Mozilla
2012-03-08 17:25 . 2012-03-08 17:39        414368        ----a-w-        c:\windows\system32\FlashPlayerCPLApp.cpl
2012-03-08 17:25 . 2012-03-08 17:25        --------        d-----w-        c:\windows\system32\Macromed
2012-03-06 09:22 . 2012-04-02 08:18        --------        d-----w-        c:\windows\system32\wbem\Performance
.
.
.
((((((((((((((((((((((((((((((((((((  Find3M Bericht  ))))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2012-03-14 09:23 . 2009-07-14 02:05        152576        ----a-w-        c:\windows\system32\msclmd.dll
2011-06-16 04:32 . 2012-03-08 17:28        142296        ----a-w-        c:\program files\mozilla firefox\components\browsercomps.dll
.
.
((((((((((((((((((((((((((((  Autostartpunkte der Registrierung  ))))))))))))))))))))))))))))))))))))))))
.
.
*Hinweis* leere Einträge & legitime Standardeinträge werden nicht angezeigt.
REGEDIT4
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2009-03-06 13605408]
"NvMediaCenter"="c:\windows\system32\NvMcTray.dll" [2009-03-06 92704]
"Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2012-01-03 843712]
"avgnt"="c:\program files\Avira\AntiVir Desktop\avgnt.exe" [2012-01-31 258512]
"Malwarebytes' Anti-Malware"="c:\program files\Malwarebytes' Anti-Malware\mbamgui.exe" [2012-01-13 460872]
"IntelliPoint"="c:\program files\Microsoft IntelliPoint\ipoint.exe" [2011-08-01 1821576]
"SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2012-01-18 254696]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 5 (0x5)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableUIADesktopToggle"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"aux"=wdmaud.drv
.
R2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-03-18 130384]
R2 gupdate;Google Update Service (gupdate);c:\program files\Google\Update\GoogleUpdate.exe [2012-03-16 135664]
R3 gupdatem;Google Update-Dienst (gupdatem);c:\program files\Google\Update\GoogleUpdate.exe [2012-03-16 135664]
R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys [2010-11-20 52224]
S1 avkmgr;avkmgr;c:\windows\system32\DRIVERS\avkmgr.sys [2011-09-16 36000]
S2 AdobeARMservice;Adobe Acrobat Update Service;c:\program files\Common Files\Adobe\ARM\1.0\armsvc.exe [2012-01-03 63928]
S2 AntiVirSchedulerService;Avira Planer;c:\program files\Avira\AntiVir Desktop\sched.exe [2012-01-31 86224]
S2 MBAMService;MBAMService;c:\program files\Malwarebytes' Anti-Malware\mbamservice.exe [2012-01-13 652360]
S3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [2011-12-10 20464]
S3 netw5v32;Intel(R) Wireless WiFi Link 5000-Serie - Adaptertreiber für Windows Vista 32 Bit;c:\windows\system32\DRIVERS\netw5v32.sys [2009-07-13 4231168]
.
.
--- Andere Dienste/Treiber im Speicher ---
.
*NewlyCreated* - 75581297
*Deregistered* - 75581297
.
Inhalt des "geplante Tasks" Ordners
.
2012-04-02 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files\Google\Update\GoogleUpdate.exe [2012-03-16 12:25]
.
2012-04-02 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files\Google\Update\GoogleUpdate.exe [2012-03-16 12:25]
.
.
------- Zusätzlicher Suchlauf -------
.
uStart Page =
TCP: DhcpNameServer = 192.168.178.1
FF - ProfilePath - c:\users\Isa\AppData\Roaming\Mozilla\Firefox\Profiles\gn3rs1nl.default\
FF - prefs.js: browser.search.selectedEngine - Google
FF - prefs.js: browser.startup.homepage - hxxp://www.google.de/
FF - prefs.js: network.proxy.type - 0
.
.
--------------------- Gesperrte Registrierungsschluessel ---------------------
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
"MSCurrentCountry"=dword:000000b5
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
Zeit der Fertigstellung: 2012-04-02  14:07:18
ComboFix-quarantined-files.txt  2012-04-02 12:07
.
Vor Suchlauf: 6 Verzeichnis(se), 475.206.565.888 Bytes frei
Nach Suchlauf: 9 Verzeichnis(se), 474.880.020.480 Bytes frei
.
- - End Of File - - C0149E0823C101B3FDEE6A758C0D4B44

cosinus 02.04.2012 14:43
Bitte nun Logs mit GMER und OSAM erstellen und posten.
GMER stürzt häufiger ab, wenn das Tool auch beim 2. Mal nicht will, lass es einfach weg und führ nur OSAM aus - die Online-Abfrage durch OSAM bitte überspringen.
Bei OSAM bitte darauf auch achten, dass Du das Log auch als *.log und nicht *.html oder so abspeicherst.

Hinweis: Zum Entpacken von OSAM bitte WinRAR oder 7zip verwenden! Stell auch unbedingt den Virenscanner ab, besonders der Scanner von McAfee meldet oft einen Fehalarm in OSAM!

Downloade dir bitte aswMBR.exe und speichere die Datei auf deinem Desktop.
  • Starte die aswMBR.exe - (aswMBR.exe Anleitung)
    Ab Windows Vista (oder höher) bitte mit Rechtsklick "als Administrator ausführen" starten".
  • Das Tool wird dich fragen, ob Du mit der aktuellen Virendefinition von AVAST! dein System scannen willst. Beantworte diese Frage bitte mit Ja. (Sollte deine Firewall fragen, bitte den Zugriff auf das Internet zulassen )
    Der Download der Definitionen kann je nach Verbindung eine Weile dauern.
  • Klicke auf Scan.
  • Warte bitte bis Scan finished successfully im DOS-Fenster steht.
  • Drücke auf Save Log und speichere diese auf dem Desktop.
Poste mir die aswMBR.txt in deiner nächsten Antwort.

Wichtig: Drücke keinesfalls einen der Fix Buttons ohne Anweisung

Hinweis: Sollte der Scan Button ausgeblendet sein, schließe das Tool und starte es erneut. Sollte der Scan abbrechen und das Programm abstürzen, dann teile mir das mit und wähle unter AV Scan die Einstellung (none).

incebo 02.04.2012 15:42
N° 1

Code:
GMER 1.0.15.15641 - hxxp://www.gmer.net
Rootkit quick scan 2012-04-02 16:40:54
Windows 6.1.7601 Service Pack 1 Harddisk0\DR0 -> \Device\Ide\IdeDeviceP0T0L0-0 SAMSUNG_HN-M500MBB rev.2AR10001
Running: pfnie2b7.exe; Driver: C:\Users\Isa\AppData\Local\Temp\uwldrpow.sys


---- Devices - GMER 1.0.15 ----

AttachedDevice  \FileSystem\fastfat \Fat  fltmgr.sys (Microsoft Dateisystem-Filter-Manager/Microsoft Corporation)

---- EOF - GMER 1.0.15 ----
N°2

Code:
Report of OSAM: Autorun Manager v5.0.11926.0
hxxp://www.online-solutions.ru/en/
Saved at 17:16:08 on 02.04.2012

OS: Windows 7 Home Premium Edition Service Pack 1 (Build 7601), 32-bit
Default Browser: Mozilla Corporation Firefox 5.0

Scanner Settings
[x] Rootkits detection (hidden registry)
[x] Rootkits detection (hidden files)
[x] Retrieve files information
[x] Check Microsoft signatures

Filters
[ ] Trusted entries
[ ] Empty entries
[x] Hidden registry entries (rootkit activity)
[x] Exclusively opened files
[x] Not found files
[x] Files without detailed information
[x] Existing files
[ ] Non-startable services
[ ] Non-startable drivers
[x] Active entries
[x] Disabled entries


[Common]
-----( %SystemRoot%\Tasks )-----
"GoogleUpdateTaskMachineCore.job" - "Google Inc." - C:\Program Files\Google\Update\GoogleUpdate.exe
"GoogleUpdateTaskMachineUA.job" - "Google Inc." - C:\Program Files\Google\Update\GoogleUpdate.exe

[Control Panel Objects]
-----( %SystemRoot%\system32 )-----
"FlashPlayerCPLApp.cpl" - "Adobe Systems Incorporated" - C:\Windows\system32\FlashPlayerCPLApp.cpl

[Drivers]
-----( HKLM\SYSTEM\CurrentControlSet\Services )-----
"avgntflt" (avgntflt) - "Avira GmbH" - C:\Windows\System32\DRIVERS\avgntflt.sys
"avipbb" (avipbb) - "Avira GmbH" - C:\Windows\System32\DRIVERS\avipbb.sys
"avkmgr" (avkmgr) - "Avira GmbH" - C:\Windows\System32\DRIVERS\avkmgr.sys
"catchme" (catchme) - ? - C:\Users\Isa\AppData\Local\Temp\catchme.sys  (File not found)
"MBAMProtector" (MBAMProtector) - "Malwarebytes Corporation" - C:\Windows\system32\drivers\mbam.sys
"ssmdrv" (ssmdrv) - "Avira GmbH" - C:\Windows\System32\DRIVERS\ssmdrv.sys
"uwldrpow" (uwldrpow) - ? - C:\Users\Isa\AppData\Local\Temp\uwldrpow.sys  (Hidden registry entry, rootkit activity | File not found)

[Explorer]
-----( HKLM\Software\Classes\Folder\shellex\ColumnHandlers )-----
{F9DB5320-233E-11D1-9F84-707F02C10627} "PDF Shell Extension" - "Adobe Systems, Inc." - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\PDFShell.dll
{C52AF81D-F7A0-4AAB-8E87-F80A60CCD396} "{C52AF81D-F7A0-4AAB-8E87-F80A60CCD396}" - ? - C:\Program Files\OpenOffice.org 3\Basis\program\shlxthdl\shlxthdl.dll
-----( HKLM\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved )-----
{23170F69-40C1-278A-1000-000100020000} "7-Zip Shell Extension" - "Igor Pavlov" - C:\Program Files\7-Zip\7-zip.dll
{653DCCC2-13DB-45B2-A389-427885776CFE} "Activities Property Page" - "Microsoft Corporation" - c:\Program Files\Microsoft IntelliPoint\ipcplact.dll
{124597D8-850A-41AE-849C-017A4FA99CA2} "Buttons Property Page" - "Microsoft Corporation" - c:\Program Files\Microsoft IntelliPoint\ipcplbtn.dll
{3BEABCC1-BF31-42df-88D9-A2955D6B8528} "IntelliPoint Sensitivity Property Page" - "Microsoft Corporation" - c:\Program Files\Microsoft IntelliPoint\ipcplsens.dll
{C52AF81D-F7A0-4AAB-8E87-F80A60CCD396} "OpenOffice.org Column Handler" - ? - C:\Program Files\OpenOffice.org 3\Basis\program\shlxthdl\shlxthdl.dll
{087B3AE3-E237-4467-B8DB-5A38AB959AC9} "OpenOffice.org Infotip Handler" - ? - C:\Program Files\OpenOffice.org 3\Basis\program\shlxthdl\shlxthdl.dll
{AE424E85-F6DF-4910-A6A9-438797986431} "OpenOffice.org Property Handler" - ? - C:\Program Files\OpenOffice.org 3\Basis\program\shlxthdl\propertyhdl.dll
{63542C48-9552-494A-84F7-73AA6A7C99C1} "OpenOffice.org Property Sheet Handler" - ? - C:\Program Files\OpenOffice.org 3\Basis\program\shlxthdl\shlxthdl.dll
{3B092F0C-7696-40E3-A80F-68D74DA84210} "OpenOffice.org Thumbnail Viewer" - ? - C:\Program Files\OpenOffice.org 3\Basis\program\shlxthdl\shlxthdl.dll
{45AC2688-0253-4ED8-97DE-B5370FA7D48A} "Shell Extension for Malware scanning" - "Avira Operations GmbH & Co. KG" - C:\Program Files\Avira\AntiVir Desktop\shlext.dll
{C533AB49-9805-4972-8326-A084696B00F0} "Touch Mouse Property Page" - "Microsoft Corporation" - c:\Program Files\Microsoft IntelliPoint\ipcpltouchmouse.dll
{1184D0ED-DBCE-4170-8DBB-4D0C3905DA85} "Touch Property Page" - "Microsoft Corporation" - c:\Program Files\Microsoft IntelliPoint\ipcpltouch.dll
{7834E880-F0CC-4FA7-B4F3-FDB0F4E816A5} "Touch Property Page" - "Microsoft Corporation" - c:\Program Files\Microsoft IntelliPoint\ipcpltouchstrip.dll
{AF90F543-6A3A-4C1B-8B16-ECEC073E69BE} "Wheel Property Page" - "Microsoft Corporation" - c:\Program Files\Microsoft IntelliPoint\ipcplwhl.dll
{E0D79304-84BE-11CE-9641-444553540000} "WinZip" - "WinZip Computing, S.L." - C:\Program Files\WinZip\wzshlstb.dll
{E0D79305-84BE-11CE-9641-444553540000} "WinZip" - "WinZip Computing, S.L." - C:\Program Files\WinZip\wzshlstb.dll
{E0D79306-84BE-11CE-9641-444553540000} "WinZip" - "WinZip Computing, S.L." - C:\Program Files\WinZip\wzshlstb.dll
{E0D79307-84BE-11CE-9641-444553540000} "WinZip" - "WinZip Computing, S.L." - C:\Program Files\WinZip\wzshlstb.dll
{20082881-FC36-4E47-9A7A-644C95FF749F} "Wireless Property Page" - "Microsoft Corporation" - c:\Program Files\Microsoft IntelliPoint\ipcplwir.dll

[Internet Explorer]
-----( HKLM\SOFTWARE\Microsoft\Code Store Database\Distribution Units )-----
{CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA} "Java Plug-in 1.6.0_22" - "Sun Microsystems, Inc." - C:\Program Files\Java\jre6\bin\jp2iexp.dll / hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_22-windows-i586.cab
{8AD9C840-044E-11D1-B3E9-00805F499D93} "Java Plug-in 1.6.0_31" - "Sun Microsystems, Inc." - C:\Program Files\Java\jre6\bin\jp2iexp.dll / hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab
{CAFEEFAC-0016-0000-0031-ABCDEFFEDCBA} "Java Plug-in 1.6.0_31" - "Sun Microsystems, Inc." - C:\Program Files\Java\jre6\bin\jp2iexp.dll / hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab
{CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} "Java Plug-in 1.6.0_31" - "Sun Microsystems, Inc." - C:\Program Files\Java\jre6\bin\npjpi160_31.dll / hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab
{D27CDB6E-AE6D-11CF-96B8-444553540000} "Shockwave Flash Object" - "Adobe Systems, Inc." - C:\Windows\system32\Macromed\Flash\Flash11g.ocx / hxxp://fpdownload2.macromedia.com/pub/shockwave/cabs/flash/swflash.cab
-----( HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects )-----
{18DF081C-E8AD-4283-A596-FA578C2EBDC3} "Adobe PDF Link Helper" - "Adobe Systems Incorporated" - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
{DBC80044-A445-435b-BC74-9C25C1C588A9} "Java(tm) Plug-In 2 SSV Helper" - "Sun Microsystems, Inc." - C:\Program Files\Java\jre6\bin\jp2ssv.dll

[Logon]
-----( %APPDATA%\Microsoft\Windows\Start Menu\Programs\Startup )-----
"desktop.ini" - ? - C:\Users\Isa\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\desktop.ini
"OpenOffice.org 3.3.lnk" - ? - C:\Program Files\OpenOffice.org 3\program\quickstart.exe  (Shortcut exists | File found, but it contains no detailed information | File exists)
-----( %AllUsersProfile%\Microsoft\Windows\Start Menu\Programs\Startup )-----
"desktop.ini" - ? - C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\desktop.ini
-----( HKLM\SYSTEM\CurrentControlSet\Control\Terminal Server\Wds\rdpwd )-----
"StartupPrograms" - ? - rdpclip  (File not found)
-----( HKLM\Software\Microsoft\Windows\CurrentVersion\Run )-----
"Adobe ARM" - "Adobe Systems Incorporated" - "C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
"avgnt" - "Avira Operations GmbH & Co. KG" - "C:\Program Files\Avira\AntiVir Desktop\avgnt.exe" /min
"IntelliPoint" - "Microsoft Corporation" - "c:\Program Files\Microsoft IntelliPoint\ipoint.exe"
"Malwarebytes' Anti-Malware" - "Malwarebytes Corporation" - "C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe" /starttray
"SunJavaUpdateSched" - "Sun Microsystems, Inc." - "C:\Program Files\Common Files\Java\Java Update\jusched.exe"

[Services]
-----( HKLM\SYSTEM\CurrentControlSet\Services )-----
"Adobe Acrobat Update Service" (AdobeARMservice) - "Adobe Systems Incorporated" - C:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe
"Avira Echtzeit Scanner" (AntiVirService) - "Avira Operations GmbH & Co. KG" - C:\Program Files\Avira\AntiVir Desktop\avguard.exe
"Avira Planer" (AntiVirSchedulerService) - "Avira Operations GmbH & Co. KG" - C:\Program Files\Avira\AntiVir Desktop\sched.exe
"Google Update Service (gupdate)" (gupdate) - "Google Inc." - C:\Program Files\Google\Update\GoogleUpdate.exe
"Google Update-Dienst (gupdatem)" (gupdatem) - "Google Inc." - C:\Program Files\Google\Update\GoogleUpdate.exe
"MBAMService" (MBAMService) - "Malwarebytes Corporation" - C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe
"Microsoft .NET Framework NGEN v4.0.30319_X86" (clr_optimization_v4.0.30319_32) - "Microsoft Corporation" - C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe

===[ Logfile end ]=========================================[ Logfile end ]===

If You have questions or want to get some help, You can visit hxxp://forum.online-solutions.ru
N° 3

Code:
aswMBR version 0.9.9.1665 Copyright(c) 2011 AVAST Software
Run date: 2012-04-02 17:20:25
-----------------------------
17:20:25.108    OS Version: Windows 6.1.7601 Service Pack 1
17:20:25.109    Number of processors: 2 586 0xE0C
17:20:25.130    ComputerName: ISA-PC  UserName: Isa
17:20:27.118    Initialize success
17:22:48.664    AVAST engine defs: 12040200
17:24:01.947    Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\Ide\IdeDeviceP0T0L0-0
17:24:01.953    Disk 0 Vendor: SAMSUNG_HN-M500MBB 2AR10001 Size: 476940MB BusType: 3
17:24:01.975    Disk 0 MBR read successfully
17:24:01.984    Disk 0 MBR scan
17:24:02.118    Disk 0 Windows 7 default MBR code
17:24:02.149    Disk 0 Partition 1 80 (A) 07    HPFS/NTFS NTFS          100 MB offset 2048
17:24:02.193    Disk 0 Partition 2 00    07    HPFS/NTFS NTFS      476838 MB offset 206848
17:24:02.230    Disk 0 scanning sectors +976771072
17:24:02.328    Disk 0 scanning C:\Windows\system32\drivers
17:24:20.176    Service scanning
17:24:47.670    Modules scanning
17:24:57.765    Disk 0 trace - called modules:
17:24:57.786    ntoskrnl.exe CLASSPNP.SYS disk.sys ACPI.sys halmacpi.dll ataport.SYS intelide.sys PCIIDEX.SYS atapi.sys
17:24:57.809    1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0x8502f030]
17:24:57.817    3 CLASSPNP.SYS[87e7d59e] -> nt!IofCallDriver -> [0x84f68918]
17:24:57.824    5 ACPI.sys[876243d4] -> nt!IofCallDriver -> \Device\Ide\IdeDeviceP0T0L0-0[0x84f5f030]
17:24:58.424    AVAST engine scan C:\Windows
17:25:06.256    AVAST engine scan C:\Windows\system32
17:29:33.981    AVAST engine scan C:\Windows\system32\drivers
17:29:50.010    AVAST engine scan C:\Users\Isa
17:30:48.205    AVAST engine scan C:\ProgramData
17:31:03.506    Scan finished successfully
17:31:23.673    Disk 0 MBR has been saved successfully to "C:\Users\Isa\Desktop\MBR.dat"
17:31:23.685    The log file has been saved successfully to "C:\Users\Isa\Desktop\aswMBR.txt"


Alle Zeitangaben in WEZ +1. Es ist jetzt 14:11 Uhr.

Copyright ©2000-2025, Trojaner-Board


Search Engine Optimization by vBSEO ©2011, Crawlability, Inc.

1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28 29 30 31 32 33 34 35 36 37 38 39 40 41 42 43 44 45 46 47 48 49 50 51 52 53 54 55