Trojaner-Board - Trojan.Banker

Trojaner-Board (https://www.trojaner-board.de/)

- Log-Analyse und Auswertung (https://www.trojaner-board.de/log-analyse-auswertung/)

- - Trojan.Banker (https://www.trojaner-board.de/116314-trojan-banker.html)

Nein das sagt nichts aus. Du musst OTL pre Rechtsklick als Admin ausführen!

soll ich dein script nocmal ausführen?

Ja was denn sonst? :confused:

...hätte nicht ausgeschlossen, dass ich dadurch noch mehr Schaden anrichte...

Hier das OTL-Logfile nach dem Neustart:

Code:

All processes killed

========== OTL ==========

Registry key HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{02478D38-C3F9-4efb-9B51-7695ECA05670}\ not found.

Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{02478D38-C3F9-4efb-9B51-7695ECA05670}\ not found.

Registry key HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{83A2F9B1-01A2-4AA5-87D1-45B6B8505E96}\ not found.

Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{83A2F9B1-01A2-4AA5-87D1-45B6B8505E96}\ not found.

Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Toolbar\\{0BF43445-2F28-4351-9252-17FE6E806AA0} not found.

Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{0BF43445-2F28-4351-9252-17FE6E806AA0}\ not found.

Registry value HKEY_USERS\S-1-5-21-2555909198-2805718332-2460936450-1000\Software\Microsoft\Internet Explorer\Toolbar\ShellBrowser\\{5CBE3B7C-1E47-477E-A7DD-396DB0476E29} not found.

Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{5CBE3B7C-1E47-477E-A7DD-396DB0476E29}\ not found.

Registry value HKEY_USERS\S-1-5-21-2555909198-2805718332-2460936450-1000\Software\Microsoft\Windows\CurrentVersion\Run\\ not found.

Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\AWinNotifyVitaKey MC3000\ not found.

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Cdrom\\AutoRun|DWORD:1 /E : value set successfully!

File C:\autoexec.bat not found.

Unable to delete ADS C:\ProgramData\TEMP:FB1B13D8 .

========== FILES ==========

File\Folder C:\Users\Boludo\AppData\Roaming\12011 not found.

File\Folder C:\Users\Boludo\AppData\Roaming\xmldm not found.

File\Folder C:\Users\Boludo\AppData\Roaming\kock not found.

File\Folder C:\Users\Boludo\AppData\Roaming\UAs not found.

========== COMMANDS ==========

 

[EMPTYTEMP]

 

User: All Users

 

User: Boludo

->Temp folder emptied: 0 bytes

->Temporary Internet Files folder emptied: 1250898 bytes

->Java cache emptied: 0 bytes

->FireFox cache emptied: 43871398 bytes

->Flash cache emptied: 470 bytes

 

User: Catja Mobil

->Temp folder emptied: 0 bytes

->Temporary Internet Files folder emptied: 0 bytes

->Java cache emptied: 0 bytes

->Flash cache emptied: 0 bytes

 

User: Default

->Temp folder emptied: 0 bytes

->Temporary Internet Files folder emptied: 0 bytes

 

User: Default User

->Temp folder emptied: 0 bytes

->Temporary Internet Files folder emptied: 0 bytes

 

User: Public

 

%systemdrive% .tmp files removed: 0 bytes

%systemroot% .tmp files removed: 0 bytes

%systemroot%\System32 .tmp files removed: 0 bytes

%systemroot%\System32\drivers .tmp files removed: 0 bytes

Windows Temp folder emptied: 3886 bytes

RecycleBin emptied: 141312 bytes

 

Total Files Cleaned = 43,00 mb

 

 

[EMPTYFLASH]

 

User: All Users

 

User: Boludo

->Flash cache emptied: 0 bytes

 

User: Catja Mobil

->Flash cache emptied: 0 bytes

 

User: Default

 

User: Default User

 

User: Public

 

Total Flash Files Cleaned = 0,00 mb

 

C:\Windows\System32\drivers\etc\Hosts moved successfully.

HOSTS file reset successfully

 

OTL by OldTimer - Version 3.2.45.0 log created on 06082012_150720
 

Files\Folders moved on Reboot...
 

Registry entries deleted on Reboot...

Gruß
Boludo

Mach bitte zur Kontrolle ein neues OTL-Log. Bitte alles nach Möglichkeit hier in CODE-Tags posten.

Wird so gemacht:

[code] hier steht das Log [/code]

Und das ganze sieht dann so aus:

Code:

hier steht das Log

CustomScan mit OTL

Falls noch nicht vorhanden, lade Dir bitte OTL von Oldtimer herunter und speichere es auf Deinem Desktop

Starte bitte die OTL.exe.
Vista und Win7 User mit Rechtsklick "als Administrator starten"
Setze oben mittig den Haken bei Scanne alle Benutzer
Kopiere nun den kompletten Inhalt aus der untenstehenden Codebox in die http://billy-oneal.com/Canned%20Spee.../customFix.png Textbox von OTL - wenn OTL auf deutsch ist wird sie mit http://larusso.trojaner-board.de/Images/otlfix.jpg beschriftet

Code:

netsvcs

msconfig

safebootminimal

safebootnetwork

activex

drivers32

%ALLUSERSPROFILE%\Application Data\*.

%ALLUSERSPROFILE%\Application Data\*.exe /s

%APPDATA%\*.

%APPDATA%\*.exe /s

%SYSTEMDRIVE%\*.exe

/md5start

wininit.exe

userinit.exe

eventlog.dll

scecli.dll

netlogon.dll

cngaudit.dll

ws2ifsl.sys

sceclt.dll

ntelogon.dll

winlogon.exe

logevent.dll

user32.DLL

iaStor.sys

nvstor.sys

atapi.sys

IdeChnDr.sys

viasraid.sys

AGP440.sys

vaxscsi.sys

nvatabus.sys

viamraid.sys

nvata.sys

nvgts.sys

iastorv.sys

ViPrt.sys

eNetHook.dll

ahcix86.sys

KR10N.sys

nvstor32.sys

ahcix86s.sys

/md5stop

%systemroot%\system32\drivers\*.sys /lockedfiles

%systemroot%\System32\config\*.sav

%systemroot%\*. /mp /s

%systemroot%\system32\*.dll /lockedfiles

CREATERESTOREPOINT

Schliesse bitte nun alle Programme. (Wichtig)
Klicke nun bitte auf den Quick Scan Button.
Klick auf http://billy-oneal.com/Canned%20Spee.../OTL/btnOK.png.
Kopiere nun den Inhalt aus OTL.txt hier in Deinen Thread

gesagt, getan:

Code:

OTL logfile created on: 08.06.2012 20:27:48 - Run 3

OTL by OldTimer - Version 3.2.45.0     Folder = C:\Users\Boludo\Desktop

Windows Vista Home Premium Edition Service Pack 2 (Version = 6.0.6002) - Type = NTWorkstation

Internet Explorer (Version = 9.0.8112.16421)

Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy

 

3,00 Gb Total Physical Memory | 2,00 Gb Available Physical Memory | 66,57% Memory free

6,19 Gb Paging File | 5,04 Gb Available in Paging File | 81,43% Paging File free

Paging file location(s): ?:\pagefile.sys [binary data]

 

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files

Drive C: | 111,44 Gb Total Space | 5,31 Gb Free Space | 4,76% Space Free | Partition Type: NTFS

Drive D: | 107,90 Gb Total Space | 16,95 Gb Free Space | 15,71% Space Free | Partition Type: NTFS

 

Computer Name: BOLUDO-PC | User Name: Boludo | Logged in as Administrator.

Boot Mode: Normal | Scan Mode: All users | Quick Scan

Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days

 
 ========== Processes (SafeList) ==========

 

PRC - [2012.06.02 20:03:25 | 000,595,968 | ---- | M] (OldTimer Tools) -- C:\Users\Boludo\Desktop\OTL.exe

PRC - [2012.05.23 08:24:17 | 000,348,624 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\Programme\Avira\AntiVir Desktop\avgnt.exe

PRC - [2012.05.23 08:24:17 | 000,110,032 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\Programme\Avira\AntiVir Desktop\avguard.exe

PRC - [2012.05.23 08:24:17 | 000,086,224 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\Programme\Avira\AntiVir Desktop\sched.exe

PRC - [2012.05.23 08:24:17 | 000,080,336 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\Programme\Avira\AntiVir Desktop\avshadow.exe

PRC - [2012.04.04 15:56:40 | 000,654,408 | ---- | M] (Malwarebytes Corporation) -- C:\Programme\Malwarebytes' Anti-Malware\mbamservice.exe

PRC - [2011.08.24 17:30:58 | 000,651,832 | ---- | M] (Sony Corporation) -- C:\Programme\Sony\PMB\PMBVolumeWatcher.exe

PRC - [2011.08.24 17:30:58 | 000,430,136 | ---- | M] (Sony Corporation) -- C:\Programme\Sony\PMB\PMBDeviceInfoProvider.exe

PRC - [2009.11.20 09:33:01 | 000,204,800 | ---- | M] (Realtek Semiconductor Corp.) -- C:\Users\Boludo\AppData\Local\Temp\RtkBtMnt.exe

PRC - [2009.04.11 08:27:36 | 002,926,592 | ---- | M] (Microsoft Corporation) -- C:\Windows\explorer.exe

PRC - [2008.10.24 17:35:44 | 000,128,296 | ---- | M] () -- C:\Programme\Akademische Arbeitsgemeinschaft\AAVUpdateManager\aavus.exe

PRC - [2008.10.16 18:26:20 | 000,860,160 | ---- | M] (Intel(R) Corporation) -- C:\Programme\Intel\WiFi\bin\EvtEng.exe

PRC - [2008.10.16 17:54:34 | 000,466,944 | ---- | M] (Intel(R) Corporation) -- C:\Programme\Common Files\Intel\WirelessCommon\RegSrvc.exe

PRC - [2008.03.11 20:30:28 | 000,397,312 | ---- | M] (Acer Inc.) -- C:\Programme\Acer\Empowering Technology\ePower\ePower_DMC.exe

PRC - [2008.03.11 11:53:54 | 005,296,128 | ---- | M] (Realtek Semiconductor) -- C:\Windows\RtHDVCpl.exe

PRC - [2008.03.07 16:05:10 | 000,024,576 | ---- | M] () -- C:\Programme\Acer\Empowering Technology\Service\ETService.exe

PRC - [2008.03.07 04:36:12 | 000,544,768 | ---- | M] (Acer Incorporated) -- C:\Programme\Acer\Empowering Technology\eAudio\eAudio.exe

PRC - [2008.01.21 04:25:33 | 000,896,512 | ---- | M] (Microsoft Corporation) -- C:\Programme\Windows Media Player\wmpnetwk.exe

PRC - [2008.01.21 04:25:33 | 000,202,240 | ---- | M] (Microsoft Corporation) -- C:\Programme\Windows Media Player\wmpnscfg.exe

PRC - [2008.01.21 04:23:32 | 001,008,184 | ---- | M] (Microsoft Corporation) -- C:\Programme\Windows Defender\MSASCui.exe

PRC - [2008.01.10 18:03:00 | 000,233,472 | ---- | M] (Acer Incorporated) -- C:\Programme\Acer\Acer VCM\RS_Service.exe

PRC - [2007.12.11 05:15:04 | 000,012,800 | ---- | M] (Agere Systems) -- C:\Windows\System32\agrsmsvc.exe

PRC - [2007.12.06 17:15:28 | 000,110,592 | ---- | M] () -- C:\ACER\Mobility Center\MobilityService.exe

PRC - [2007.10.11 08:46:14 | 000,121,344 | ---- | M] (ArcSoft) -- C:\Programme\Common Files\ArcSoft\Connection Service\Bin\ArcCon.ac

PRC - [2007.10.11 08:45:52 | 000,031,232 | ---- | M] (ArcSoft) -- C:\Programme\Common Files\ArcSoft\Connection Service\Bin\ACDaemon.exe

PRC - [2007.10.03 15:45:02 | 000,358,936 | ---- | M] (Intel Corporation) -- C:\Programme\Intel\Intel Matrix Storage Manager\IAANTmon.exe

PRC - [2007.10.03 15:44:58 | 000,178,712 | ---- | M] (Intel Corporation) -- C:\Programme\Intel\Intel Matrix Storage Manager\IAAnotif.exe

PRC - [2007.04.24 19:50:32 | 000,723,760 | ---- | M] (Broadcom Corporation.) -- C:\Programme\WIDCOMM\Bluetooth Software\BTTray.exe

 

 
 ========== Modules (No Company Name) ==========

 

MOD - [2012.05.24 18:06:37 | 000,212,992 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.ServiceProce#\675632907c226b0c67a2407f2ddd4bf7\System.ServiceProcess.ni.dll

MOD - [2012.05.24 18:06:09 | 000,771,584 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Runtime.Remo#\846b9cf2756fdd15f704c9bab9c70b6f\System.Runtime.Remoting.ni.dll

MOD - [2012.05.24 18:01:05 | 005,450,752 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Xml\d2630342a066a7cb9056d9eb6157687a\System.Xml.ni.dll

MOD - [2012.05.24 17:59:42 | 012,430,848 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\e4d54640bacd18e047a4573cb4611bd3\System.Windows.Forms.ni.dll

MOD - [2012.05.24 17:59:21 | 001,591,808 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Drawing\5d8696f15e49aedf883dd945806a7049\System.Drawing.ni.dll

MOD - [2012.05.24 17:57:36 | 007,953,408 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System\28d633338fc8d29f8af31935ef7d001b\System.ni.dll

MOD - [2012.05.24 17:57:21 | 011,492,352 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\af9c9e9d7e0523cd444f8b551baa9cbf\mscorlib.ni.dll

MOD - [2011.06.24 22:56:36 | 000,087,328 | ---- | M] () -- C:\Programme\Common Files\Apple\Apple Application Support\zlib1.dll

MOD - [2011.06.24 22:56:14 | 001,241,888 | ---- | M] () -- C:\Programme\Common Files\Apple\Apple Application Support\libxml2.dll

MOD - [2009.09.23 15:58:24 | 000,008,960 | ---- | M] () -- C:\Programme\NewTech Infosystems\NTI Backup Now 5\BkupTrayLOC.dll

MOD - [2009.03.30 06:42:11 | 000,315,392 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\mscorlib.resources\2.0.0.0_de_b77a5c561934e089\mscorlib.resources.dll

MOD - [2008.03.29 04:48:02 | 000,061,440 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\Framework.Library\3.0.3005.0__3036420f80dd6947\Framework.Library.dll

MOD - [2008.03.29 04:48:02 | 000,036,864 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\Framework.Utility\3.0.3005.0__4df5dcab8860d239\Framework.Utility.dll

MOD - [2008.03.29 04:48:02 | 000,020,480 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\Framework.Model.ControllerInterface\3.0.3005.0__d842b71b4d6ed079\Framework.Model.ControllerInterface.dll

MOD - [2008.03.11 10:14:34 | 000,204,800 | ---- | M] () -- C:\Windows\System32\SysHook.dll

MOD - [2007.04.24 19:44:26 | 000,126,976 | ---- | M] () -- C:\Programme\WIDCOMM\Bluetooth Software\BTKeyInd.dll

MOD - [2007.04.24 19:32:56 | 000,389,120 | ---- | M] () -- C:\Windows\System32\btwhidcs.dll

 

 
 ========== Win32 Services (SafeList) ==========

 

SRV - [2012.06.07 07:34:07 | 000,113,120 | ---- | M] (Mozilla Foundation) [On_Demand | Stopped] -- C:\Programme\Mozilla Maintenance Service\maintenanceservice.exe -- (MozillaMaintenance)

SRV - [2012.05.23 08:24:17 | 000,110,032 | ---- | M] (Avira Operations GmbH & Co. KG) [Auto | Running] -- C:\Programme\Avira\AntiVir Desktop\avguard.exe -- (AntiVirService)

SRV - [2012.05.23 08:24:17 | 000,086,224 | ---- | M] (Avira Operations GmbH & Co. KG) [Auto | Running] -- C:\Programme\Avira\AntiVir Desktop\sched.exe -- (AntiVirSchedulerService)

SRV - [2012.04.04 15:56:40 | 000,654,408 | ---- | M] (Malwarebytes Corporation) [Auto | Running] -- C:\Programme\Malwarebytes' Anti-Malware\mbamservice.exe -- (MBAMService)

SRV - [2012.01.04 14:32:36 | 000,718,888 | ---- | M] (Nokia) [On_Demand | Stopped] -- C:\Programme\PC Connectivity Solution\ServiceLayer.exe -- (ServiceLayer)

SRV - [2011.08.24 17:30:58 | 000,430,136 | ---- | M] (Sony Corporation) [Auto | Running] -- C:\Programme\Sony\PMB\PMBDeviceInfoProvider.exe -- (PMBDeviceInfoProvider)

SRV - [2009.11.20 23:23:57 | 000,655,624 | ---- | M] (Acresso Software Inc.) [On_Demand | Stopped] -- C:\Programme\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe -- (FLEXnet Licensing Service)

SRV - [2009.03.30 06:42:14 | 000,066,368 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe -- (clr_optimization_v2.0.50727_32)

SRV - [2009.02.18 20:38:43 | 000,129,880 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Windows\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\SMSvcHost.exe -- (NetTcpPortSharing)

SRV - [2008.12.12 09:31:10 | 000,537,896 | ---- | M] (Nero AG) [Disabled | Stopped] -- C:\Programme\Common Files\Nero\Lib\NMIndexingService.exe -- (NMIndexingService)

SRV - [2008.10.24 17:35:44 | 000,128,296 | ---- | M] () [Auto | Running] -- C:\Programme\Akademische Arbeitsgemeinschaft\AAVUpdateManager\aavus.exe -- (AAV UpdateService)

SRV - [2008.10.16 18:26:20 | 000,860,160 | ---- | M] (Intel(R) Corporation) [Auto | Running] -- C:\Programme\Intel\WiFi\bin\EvtEng.exe -- (EvtEng)

SRV - [2008.10.16 17:54:34 | 000,466,944 | ---- | M] (Intel(R) Corporation) [Auto | Running] -- C:\Programme\Common Files\Intel\WirelessCommon\RegSrvc.exe -- (RegSrvc)

SRV - [2008.03.07 16:05:10 | 000,024,576 | ---- | M] () [Auto | Running] -- C:\Programme\Acer\Empowering Technology\Service\ETService.exe -- (ETService)

SRV - [2008.01.21 04:25:33 | 000,896,512 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\Programme\Windows Media Player\wmpnetwk.exe -- (WMPNetworkSvc)

SRV - [2008.01.21 04:25:11 | 000,053,760 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Windows\System32\Mcx2Svc.dll -- (Mcx2Svc)

SRV - [2008.01.21 04:24:20 | 000,068,608 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Windows\System32\mprdim.dll -- (RemoteAccess)

SRV - [2008.01.21 04:24:09 | 000,288,256 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Windows\System32\ipnathlp.dll -- (SharedAccess)

SRV - [2008.01.21 04:23:32 | 000,272,952 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Programme\Windows Defender\MpSvc.dll -- (WinDefend)

SRV - [2008.01.10 18:03:00 | 000,233,472 | ---- | M] (Acer Incorporated) [Auto | Running] -- C:\Programme\Acer\Acer VCM\RS_Service.exe -- (RS_Service)

SRV - [2007.12.11 05:15:04 | 000,012,800 | ---- | M] (Agere Systems) [Auto | Running] -- C:\Windows\System32\agrsmsvc.exe -- (AgereModemAudio)

SRV - [2007.12.06 17:15:28 | 000,110,592 | ---- | M] () [Auto | Running] -- C:\ACER\Mobility Center\MobilityService.exe -- (MobilityService)

SRV - [2007.10.03 15:45:02 | 000,358,936 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\Programme\Intel\Intel Matrix Storage Manager\IAANTmon.exe -- (IAANTMON) Intel(R)

 

 
 ========== Driver Services (SafeList) ==========

 

DRV - File not found [Kernel | On_Demand | Stopped] -- system32\DRIVERS\nwlnkfwd.sys -- (NwlnkFwd)

DRV - File not found [Kernel | On_Demand | Stopped] -- system32\DRIVERS\nwlnkflt.sys -- (NwlnkFlt)

DRV - File not found [Kernel | On_Demand | Stopped] -- C:\Program Files\Lavasoft\Ad-Aware\KernExplorer.sys -- (Lavasoft Kernexplorer)

DRV - File not found [Kernel | On_Demand | Stopped] -- system32\DRIVERS\ipinip.sys -- (IpInIp)

DRV - [2012.05.23 08:24:17 | 000,137,928 | ---- | M] (Avira GmbH) [Kernel | System | Running] -- C:\Windows\System32\drivers\avipbb.sys -- (avipbb)

DRV - [2012.05.23 08:24:17 | 000,083,392 | ---- | M] (Avira GmbH) [File_System | Auto | Running] -- C:\Windows\System32\drivers\avgntflt.sys -- (avgntflt)

DRV - [2012.04.04 15:56:40 | 000,022,344 | ---- | M] (Malwarebytes Corporation) [File_System | On_Demand | Running] -- C:\Windows\System32\drivers\mbam.sys -- (MBAMProtector)

DRV - [2011.11.01 11:07:26 | 000,018,176 | ---- | M] (Nokia) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\ccdcmb.sys -- (nmwcd)

DRV - [2011.11.01 11:07:26 | 000,008,192 | ---- | M] (Nokia) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\usbser_lowerfltj.sys -- (UsbserFilt)

DRV - [2011.11.01 11:07:26 | 000,008,192 | ---- | M] (Nokia) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\usbser_lowerflt.sys -- (upperdev)

DRV - [2011.11.01 11:07:24 | 000,137,600 | ---- | M] (Nokia) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\nmwcdnsu.sys -- (nmwcdnsu)

DRV - [2011.11.01 11:07:24 | 000,023,168 | ---- | M] (Nokia) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\ccdcmbo.sys -- (nmwcdc)

DRV - [2011.11.01 11:07:24 | 000,008,576 | ---- | M] (Nokia) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\nmwcdnsuc.sys -- (nmwcdnsuc)

DRV - [2011.09.16 17:08:07 | 000,036,000 | ---- | M] (Avira GmbH) [Kernel | System | Running] -- C:\Windows\System32\drivers\avkmgr.sys -- (avkmgr)

DRV - [2009.10.08 17:55:33 | 000,028,520 | ---- | M] (Avira GmbH) [Kernel | System | Running] -- C:\Windows\System32\drivers\ssmdrv.sys -- (ssmdrv)

DRV - [2009.09.08 20:42:26 | 000,100,376 | ---- | M] (VisionWorks Solutions, Inc) [File_System | System | Running] -- C:\Windows\System32\drivers\FAMv4.sys -- (FAMv4)

DRV - [2009.08.05 07:18:22 | 000,048,640 | ---- | M] (Atheros Communications, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\L1E60x86.sys -- (L1E)

DRV - [2009.04.11 06:13:59 | 000,226,816 | ---- | M] (Microsoft Corporation) [File_System | Disabled | Stopped] -- C:\Windows\System32\drivers\udfs.sys -- (udfs)

DRV - [2008.11.17 08:40:22 | 003,668,480 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\NETw5v32.sys -- (NETw5v32) Intel(R)

DRV - [2008.08.26 10:26:12 | 000,018,816 | ---- | M] (Nokia) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\pccsmcfd.sys -- (pccsmcfd)

DRV - [2008.03.13 10:23:06 | 000,080,912 | ---- | M] (JMicron Technology Corp.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\jmcr.sys -- (JMCR)

DRV - [2008.03.07 19:55:00 | 007,480,384 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\nvlddmkm.sys -- (nvlddmkm)

DRV - [2008.02.29 09:13:38 | 001,202,560 | ---- | M] (Agere Systems) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\AGRSM.sys -- (AgereSoftModem)

DRV - [2008.02.15 10:09:46 | 000,040,752 | ---- | M] (Validity Sensors, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\vfs101x.sys -- (vfs101x)

DRV - [2008.01.21 04:24:47 | 000,015,872 | ---- | M] (Microsoft Corporation) [Kernel | Disabled | Stopped] -- C:\Windows\System32\drivers\ws2ifsl.sys -- (ws2ifsl)

DRV - [2008.01.21 04:23:27 | 000,386,616 | ---- | M] (LSI Corporation, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\System32\drivers\MegaSR.sys -- (MegaSR)

DRV - [2008.01.21 04:23:27 | 000,149,560 | ---- | M] (Adaptec, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\System32\drivers\adpu320.sys -- (adpu320)

DRV - [2008.01.21 04:23:27 | 000,031,288 | ---- | M] (LSI Corporation) [Kernel | Disabled | Stopped] -- C:\Windows\System32\drivers\megasas.sys -- (megasas)

DRV - [2008.01.21 04:23:26 | 000,101,432 | ---- | M] (Adaptec, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\System32\drivers\adpu160m.sys -- (adpu160m)

DRV - [2008.01.21 04:23:26 | 000,074,808 | ---- | M] (Silicon Integrated Systems) [Kernel | Disabled | Stopped] -- C:\Windows\System32\drivers\sisraid4.sys -- (SiSRaid4)

DRV - [2008.01.21 04:23:26 | 000,041,016 | ---- | M] (Microsoft Corporation) [Kernel | Disabled | Stopped] -- C:\Windows\System32\drivers\sisraid2.sys -- (SiSRaid2)

DRV - [2008.01.21 04:23:26 | 000,040,504 | ---- | M] (Hewlett-Packard Company) [Kernel | Disabled | Stopped] -- C:\Windows\System32\drivers\HpCISSs.sys -- (HpCISSs)

DRV - [2008.01.21 04:23:25 | 000,300,600 | ---- | M] (Adaptec, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\System32\drivers\adpahci.sys -- (adpahci)

DRV - [2008.01.21 04:23:25 | 000,089,656 | ---- | M] (LSI Logic) [Kernel | Disabled | Stopped] -- C:\Windows\System32\drivers\lsi_sas.sys -- (LSI_SAS)

DRV - [2008.01.21 04:23:24 | 001,122,360 | ---- | M] (QLogic Corporation) [Kernel | Disabled | Stopped] -- C:\Windows\System32\drivers\ql2300.sys -- (ql2300)

DRV - [2008.01.21 04:23:24 | 000,079,928 | ---- | M] (Adaptec, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\System32\drivers\arcsas.sys -- (arcsas)

DRV - [2008.01.21 04:23:24 | 000,022,072 | ---- | M] (Microsoft Corporation) [Kernel | Disabled | Stopped] -- C:\Windows\System32\drivers\wd.sys -- (Wd)

DRV - [2008.01.21 04:23:23 | 000,235,064 | ---- | M] (Intel Corporation) [Kernel | Disabled | Stopped] -- C:\Windows\System32\drivers\iaStorV.sys -- (iaStorV)

DRV - [2008.01.21 04:23:23 | 000,130,616 | ---- | M] (VIA Technologies Inc.,Ltd) [Kernel | Disabled | Stopped] -- C:\Windows\System32\drivers\vsmraid.sys -- (vsmraid)

DRV - [2008.01.21 04:23:23 | 000,115,816 | ---- | M] (Promise Technology, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\System32\drivers\ulsata2.sys -- (ulsata2)

DRV - [2008.01.21 04:23:23 | 000,096,312 | ---- | M] (LSI Logic) [Kernel | Disabled | Stopped] -- C:\Windows\System32\drivers\lsi_scsi.sys -- (LSI_SCSI)

DRV - [2008.01.21 04:23:23 | 000,096,312 | ---- | M] (LSI Logic) [Kernel | Disabled | Stopped] -- C:\Windows\System32\drivers\lsi_fc.sys -- (LSI_FC)

DRV - [2008.01.21 04:23:23 | 000,079,416 | ---- | M] (Adaptec, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\System32\drivers\arc.sys -- (arc)

DRV - [2008.01.21 04:23:23 | 000,013,312 | ---- | M] (Microsoft Corporation) [Kernel | Disabled | Stopped] -- C:\Windows\System32\drivers\sffdisk.sys -- (sffdisk)

DRV - [2008.01.21 04:23:22 | 000,342,584 | ---- | M] (Emulex) [Kernel | Disabled | Stopped] -- C:\Windows\System32\drivers\elxstor.sys -- (elxstor)

DRV - [2008.01.21 04:23:22 | 000,064,512 | ---- | M] (Microsoft Corporation) [Kernel | Disabled | Stopped] -- C:\Windows\System32\drivers\IPMIDrv.sys -- (IPMIDRV)

DRV - [2008.01.21 04:23:21 | 000,422,968 | ---- | M] (Adaptec, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\System32\drivers\adp94xx.sys -- (adp94xx)

DRV - [2008.01.21 04:23:21 | 000,102,968 | ---- | M] (NVIDIA Corporation) [Kernel | Disabled | Stopped] -- C:\Windows\System32\drivers\nvraid.sys -- (nvraid)

DRV - [2008.01.21 04:23:21 | 000,094,776 | ---- | M] (Microsoft Corporation) [Kernel | Disabled | Stopped] -- C:\Windows\System32\drivers\msdsm.sys -- (msdsm)

DRV - [2008.01.21 04:23:21 | 000,045,112 | ---- | M] (NVIDIA Corporation) [Kernel | Disabled | Stopped] -- C:\Windows\System32\drivers\nvstor.sys -- (nvstor)

DRV - [2008.01.21 04:23:20 | 000,238,648 | ---- | M] (ULi Electronics Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\System32\drivers\uliahci.sys -- (uliahci)

DRV - [2008.01.21 04:23:20 | 000,105,016 | ---- | M] (Microsoft Corporation) [Kernel | Disabled | Stopped] -- C:\Windows\System32\drivers\mpio.sys -- (mpio)

DRV - [2008.01.21 04:23:20 | 000,025,088 | ---- | M] (Microsoft Corporation) [Kernel | Disabled | Stopped] -- C:\Windows\System32\drivers\fdc.sys -- (fdc)

DRV - [2008.01.21 04:23:20 | 000,020,480 | ---- | M] (Microsoft Corporation) [Kernel | Disabled | Stopped] -- C:\Windows\System32\drivers\flpydisk.sys -- (flpydisk)

DRV - [2008.01.21 04:23:20 | 000,019,968 | ---- | M] (Microsoft Corporation) [Kernel | Disabled | Stopped] -- C:\Windows\System32\drivers\sermouse.sys -- (sermouse)

DRV - [2008.01.21 04:23:02 | 000,030,264 | ---- | M] (Microsoft Corporation) [Kernel | Disabled | Stopped] -- C:\Windows\System32\drivers\i2omp.sys -- (i2omp)

DRV - [2008.01.21 04:23:01 | 000,248,832 | ---- | M] (Microsoft Corporation) [Kernel | Disabled | Stopped] -- C:\Windows\System32\drivers\rdpdr.sys -- (rdpdr)

DRV - [2008.01.21 04:23:01 | 000,049,720 | ---- | M] (Microsoft Corporation) [Kernel | Disabled | Stopped] -- C:\Windows\System32\drivers\isapnp.sys -- (isapnp)

DRV - [2008.01.21 04:23:01 | 000,045,568 | ---- | M] (Microsoft Corporation) [Kernel | Disabled | Stopped] -- C:\Windows\System32\drivers\blbdrive.sys -- (blbdrive)

DRV - [2008.01.21 04:23:00 | 000,044,032 | ---- | M] (Microsoft Corporation) [Kernel | Disabled | Stopped] -- C:\Windows\System32\drivers\amdk8.sys -- (AmdK8)

DRV - [2008.01.21 04:23:00 | 000,041,472 | ---- | M] (Microsoft Corporation) [Kernel | Disabled | Stopped] -- C:\Windows\System32\drivers\viac7.sys -- (ViaC7)

DRV - [2008.01.21 04:23:00 | 000,041,472 | ---- | M] (Microsoft Corporation) [Kernel | Disabled | Stopped] -- C:\Windows\System32\drivers\amdk7.sys -- (AmdK7)

DRV - [2008.01.21 04:23:00 | 000,040,960 | ---- | M] (Microsoft Corporation) [Kernel | Disabled | Stopped] -- C:\Windows\System32\drivers\processr.sys -- (Processor)

DRV - [2008.01.21 04:23:00 | 000,040,960 | ---- | M] (Microsoft Corporation) [Kernel | Disabled | Stopped] -- C:\Windows\System32\drivers\crusoe.sys -- (Crusoe)

DRV - [2008.01.21 04:23:00 | 000,020,024 | ---- | M] (VIA Technologies, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\System32\drivers\viaide.sys -- (viaide)

DRV - [2008.01.21 04:23:00 | 000,019,000 | ---- | M] (CMD Technology, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\System32\drivers\cmdide.sys -- (cmdide)

DRV - [2008.01.21 04:23:00 | 000,017,976 | ---- | M] (Microsoft Corporation) [Kernel | Disabled | Stopped] -- C:\Windows\System32\drivers\amdide.sys -- (amdide)

DRV - [2008.01.21 04:23:00 | 000,017,464 | ---- | M] (Acer Laboratories Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\System32\drivers\aliide.sys -- (aliide)

DRV - [2008.01.21 04:23:00 | 000,016,440 | ---- | M] (Microsoft Corporation) [Kernel | Disabled | Stopped] -- C:\Windows\System32\drivers\pciide.sys -- (pciide)

DRV - [2008.01.21 04:23:00 | 000,006,656 | ---- | M] (Microsoft Corporation) [Kernel | Disabled | Stopped] -- C:\Windows\System32\drivers\errdev.sys -- (ErrDev)

DRV - [2008.01.08 21:10:32 | 002,554,368 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\NETw4v32.sys -- (NETw4v32) Intel(R)

DRV - [2007.12.18 18:12:12 | 000,054,784 | ---- | M] (ITE Tech. Inc. ) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\itecir.sys -- (itecir)

DRV - [2007.01.26 08:32:18 | 000,069,632 | ---- | M] () [Kernel | Auto | Running] -- C:\Windows\System32\drivers\int15.sys -- (int15)

DRV - [2006.11.02 15:27:34 | 000,020,112 | ---- | M] (Dritek System Inc.) [Kernel | System | Running] -- C:\Programme\Launch Manager\DPortIO.sys -- (DritekPortIO)

DRV - [2006.11.02 11:51:12 | 000,167,528 | ---- | M] (Microsoft Corporation) [Kernel | Disabled | Stopped] -- C:\Windows\System32\drivers\pcmcia.sys -- (pcmcia)

DRV - [2006.11.02 11:50:35 | 000,106,088 | ---- | M] (QLogic Corporation) [Kernel | Disabled | Stopped] -- C:\Windows\System32\drivers\ql40xx.sys -- (ql40xx)

DRV - [2006.11.02 11:50:35 | 000,098,408 | ---- | M] (Promise Technology, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\System32\drivers\ulsata.sys -- (UlSata)

DRV - [2006.11.02 11:50:19 | 000,045,160 | ---- | M] (IBM Corporation) [Kernel | Disabled | Stopped] -- C:\Windows\System32\drivers\nfrd960.sys -- (nfrd960)

DRV - [2006.11.02 11:50:17 | 000,041,576 | ---- | M] (Intel Corp./ICP vortex GmbH) [Kernel | Disabled | Stopped] -- C:\Windows\System32\drivers\iirsp.sys -- (iirsp)

DRV - [2006.11.02 11:50:16 | 000,076,392 | ---- | M] (Microsoft Corporation) [Kernel | Disabled | Stopped] -- C:\Windows\System32\drivers\sbp2port.sys -- (sbp2port)

DRV - [2006.11.02 11:50:11 | 000,071,272 | ---- | M] (Adaptec, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\System32\drivers\djsvs.sys -- (aic78xx)

DRV - [2006.11.02 11:50:09 | 000,035,944 | ---- | M] (Integrated Technology Express, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\System32\drivers\iteraid.sys -- (iteraid)

DRV - [2006.11.02 11:50:07 | 000,035,944 | ---- | M] (Integrated Technology Express, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\System32\drivers\iteatapi.sys -- (iteatapi)

DRV - [2006.11.02 11:50:05 | 000,035,944 | ---- | M] (LSI Logic) [Kernel | Disabled | Stopped] -- C:\Windows\System32\drivers\symc8xx.sys -- (Symc8xx)

DRV - [2006.11.02 11:50:03 | 000,034,920 | ---- | M] (LSI Logic) [Kernel | Disabled | Stopped] -- C:\Windows\System32\drivers\sym_u3.sys -- (Sym_u3)

DRV - [2006.11.02 11:49:59 | 000,033,384 | ---- | M] (LSI Logic Corporation) [Kernel | Disabled | Stopped] -- C:\Windows\System32\drivers\Mraid35x.sys -- (Mraid35x)

DRV - [2006.11.02 11:49:56 | 000,031,848 | ---- | M] (LSI Logic) [Kernel | Disabled | Stopped] -- C:\Windows\System32\drivers\sym_hi.sys -- (Sym_hi)

DRV - [2006.11.02 10:55:23 | 000,039,936 | ---- | M] (Microsoft Corporation) [Kernel | Disabled | Stopped] -- C:\Windows\System32\drivers\bthmodem.sys -- (BTHMODEM)

DRV - [2006.11.02 10:55:22 | 000,029,184 | ---- | M] (Microsoft Corporation) [Kernel | Disabled | Stopped] -- C:\Windows\System32\drivers\hidbth.sys -- (HidBth)

DRV - [2006.11.02 10:55:16 | 000,062,080 | ---- | M] (Microsoft Corporation) [Kernel | Disabled | Stopped] -- C:\Windows\System32\drivers\ohci1394.sys -- (ohci1394)

DRV - [2006.11.02 10:55:09 | 000,068,608 | ---- | M] (Microsoft Corporation) [Kernel | Disabled | Stopped] -- C:\Windows\System32\drivers\usbcir.sys -- (usbcir) eHome Infrared Receiver (USBCIR)

DRV - [2006.11.02 10:55:05 | 000,019,456 | ---- | M] (Microsoft Corporation) [Kernel | Disabled | Stopped] -- C:\Windows\System32\drivers\usbohci.sys -- (usbohci)

DRV - [2006.11.02 10:52:52 | 000,020,608 | ---- | M] (Microsoft Corporation) [Kernel | Disabled | Stopped] -- C:\Windows\System32\drivers\wacompen.sys -- (WacomPen)

DRV - [2006.11.02 10:51:40 | 000,013,312 | ---- | M] (Microsoft Corporation) [Kernel | Disabled | Stopped] -- C:\Windows\System32\drivers\sfloppy.sys -- (sfloppy)

DRV - [2006.11.02 10:51:30 | 000,079,360 | ---- | M] (Microsoft Corporation) [Kernel | Disabled | Stopped] -- C:\Windows\System32\drivers\parport.sys -- (Parport)

DRV - [2006.11.02 10:25:24 | 000,071,808 | ---- | M] (Brother Industries Ltd.) [Kernel | Disabled | Stopped] -- C:\Windows\System32\drivers\BrSerId.sys -- (Brserid) Brother MFC Serial Port Interface Driver (WDM)

DRV - [2006.11.02 10:24:44 | 000,062,336 | ---- | M] (Brother Industries Ltd.) [Kernel | Disabled | Stopped] -- C:\Windows\System32\drivers\BrSerWdm.sys -- (BrSerWdm)

DRV - [2006.11.02 10:24:44 | 000,012,160 | ---- | M] (Brother Industries Ltd.) [Kernel | Disabled | Stopped] -- C:\Windows\System32\drivers\BrUsbMdm.sys -- (BrUsbMdm)

DRV - [2006.11.02 09:36:50 | 000,020,608 | ---- | M] (N-trig Innovative Technologies) [Kernel | Disabled | Stopped] -- C:\Windows\System32\drivers\ntrigdigi.sys -- (ntrigdigi)

DRV - [2005.02.23 14:58:56 | 000,011,776 | ---- | M] (Arcsoft, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\afc.sys -- (Afc)

 

 
 ========== Standard Registry (SafeList) ==========

 

 
 ========== Internet Explorer ==========

 

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://de.intl.acer.yahoo.com

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://de.intl.acer.yahoo.com

IE - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}

IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&FORM=IE8SRC

 

 

IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

 

IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

 

IE - HKU\S-1-5-19\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

 

 

IE - HKU\S-1-5-21-2555909198-2805718332-2460936450-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Secondary_Page_URL = hxxp://global.acer.com [binary data]

IE - HKU\S-1-5-21-2555909198-2805718332-2460936450-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Secondary Start Pages = hxxp://www.acer.com/worldwide/selection.html [binary data]

IE - HKU\S-1-5-21-2555909198-2805718332-2460936450-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.t-online.de/

IE - HKU\S-1-5-21-2555909198-2805718332-2460936450-1000\SOFTWARE\Microsoft\Internet Explorer\Main,StartPageCache = 1

IE - HKU\S-1-5-21-2555909198-2805718332-2460936450-1000\..\SearchScopes,DefaultScope = {DECA3892-BA8F-44b8-A993-A466AD694AE4}

IE - HKU\S-1-5-21-2555909198-2805718332-2460936450-1000\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&src=IE-SearchBox&FORM=IE8SRC

IE - HKU\S-1-5-21-2555909198-2805718332-2460936450-1000\..\SearchScopes\{DECA3892-BA8F-44b8-A993-A466AD694AE4}: "URL" = hxxp://de.search.yahoo.com/search?p={searchTerms}&fr=chr-acer

IE - HKU\S-1-5-21-2555909198-2805718332-2460936450-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-21-2555909198-2805718332-2460936450-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local

 
 ========== FireFox ==========

 

FF - prefs.js..browser.search.update: false

FF - prefs.js..browser.search.useDBForOrder: true

FF - prefs.js..browser.startup.homepage: "chrome://foxtab/content/homepage.html"

FF - prefs.js..extensions.enabledItems: {4176DFF4-4698-11DE-BEEB-45DA55D89593}:0.8.7

FF - prefs.js..extensions.enabledItems: {A27F3FEF-1113-4cfb-A032-8E12D7D8EE70}:7.3.4.51

FF - prefs.js..extensions.enabledItems: maps@ovi.com:4.0.12.12

FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}:6.0.20

FF - prefs.js..extensions.enabledItems: {ef4e370e-d9f0-4e00-b93e-a4f274cfdd5a}:1.4.1

FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA}:6.0.21

FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA}:6.0.22

FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA}:6.0.23

FF - user.js - File not found

 

FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF32_11_2_202_235.dll ()

FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=:  File not found

FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=1.0: C:\Program Files\iTunes\Mozilla Plugins\npitunes.dll ()

FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files\Java\jre6\bin\plugin2\npjp2.dll (Sun Microsystems, Inc.)

FF - HKLM\Software\MozillaPlugins\@microsoft.com/WPF,version=3.5: C:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)

 

FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\fe_10.0@nokia.com: C:\Program Files\Nokia\Nokia Suite\Connectors\Bookmarks Connector\FirefoxExtension_10.0

FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 13.0\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2012.06.07 07:34:08 | 000,000,000 | ---D | M]

FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 13.0\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2012.05.23 19:51:51 | 000,000,000 | ---D | M]

FF - HKEY_LOCAL_MACHINE\software\mozilla\Thunderbird\Extensions\\te_9.0@nokia.com: C:\Program Files\Nokia\Nokia Suite\Connectors\Thunderbird Connector\ThunderbirdExtension_9.0 [2012.02.11 21:59:35 | 000,000,000 | ---D | M]

FF - HKEY_CURRENT_USER\software\mozilla\Firefox\extensions\\{184AA5E6-741D-464a-820E-94B3ABC2F3B4}: C:\Users\Boludo\AppData\Roaming\12011

FF - HKEY_CURRENT_USER\software\mozilla\Mozilla Firefox 13.0\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2012.06.07 07:34:08 | 000,000,000 | ---D | M]

FF - HKEY_CURRENT_USER\software\mozilla\Mozilla Firefox 13.0\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2012.05.23 19:51:51 | 000,000,000 | ---D | M]

 

[2009.11.20 12:53:56 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Boludo\AppData\Roaming\mozilla\Extensions

[2012.05.26 19:21:38 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Boludo\AppData\Roaming\mozilla\Firefox\Profiles\lb90ov9f.default\extensions

[2010.04.28 19:29:00 | 000,000,000 | ---D | M] (Microsoft .NET Framework Assistant) -- C:\Users\Boludo\AppData\Roaming\mozilla\Firefox\Profiles\lb90ov9f.default\extensions\{20a82645-c095-46ed-80e3-08825760534b}

[2012.04.07 21:08:08 | 000,000,000 | ---D | M] (Nokia Maps 3D browser plugin) -- C:\Users\Boludo\AppData\Roaming\mozilla\Firefox\Profiles\lb90ov9f.default\extensions\maps@ovi.com

[2011.07.31 18:52:02 | 000,005,310 | ---- | M] () -- C:\Users\Boludo\AppData\Roaming\Mozilla\Firefox\Profiles\lb90ov9f.default\searchplugins\footiefox.xml

[2012.03.18 21:31:56 | 000,000,000 | ---D | M] (No name found) -- C:\Programme\Mozilla Firefox\extensions

[2012.05.26 19:21:38 | 000,222,562 | ---- | M] () (No name found) -- C:\USERS\BOLUDO\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\LB90OV9F.DEFAULT\EXTENSIONS\{4176DFF4-4698-11DE-BEEB-45DA55D89593}.XPI

[2012.05.23 19:03:31 | 000,355,956 | ---- | M] () (No name found) -- C:\USERS\BOLUDO\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\LB90OV9F.DEFAULT\EXTENSIONS\{9FB7D178-155A-4318-9173-1A8EAAEA7FE4}.XPI

[2012.02.07 18:29:57 | 000,246,025 | ---- | M] () (No name found) -- C:\USERS\BOLUDO\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\LB90OV9F.DEFAULT\EXTENSIONS\AMZNUWL2@AMAZON.COM.XPI

[2011.10.04 03:16:24 | 000,006,850 | ---- | M] () (No name found) -- C:\USERS\BOLUDO\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\LB90OV9F.DEFAULT\EXTENSIONS\JL@LEIMBACH-IT.DE.XPI

[2012.06.07 07:34:08 | 000,085,472 | ---- | M] (Mozilla Foundation) -- C:\Program Files\mozilla firefox\components\browsercomps.dll

[2012.02.22 17:25:21 | 000,476,904 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files\mozilla firefox\plugins\npdeployJava1.dll

[2011.10.01 22:00:50 | 000,001,392 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\amazondotcom-de.xml

[2011.10.01 22:00:50 | 000,002,252 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\bing.xml

[2011.10.01 22:00:50 | 000,001,153 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\eBay-de.xml

[2011.10.01 22:00:50 | 000,006,805 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\leo_ende_de.xml

[2011.10.01 22:00:50 | 000,001,178 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\wikipedia-de.xml

[2011.10.01 22:00:50 | 000,001,105 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\yahoo-de.xml

 

O1 HOSTS File: ([2012.06.08 15:07:27 | 000,000,098 | ---- | M]) - C:\Windows\System32\drivers\etc\Hosts

O1 - Hosts: 127.0.0.1       localhost

O1 - Hosts: ::1       localhost

O2 - BHO: (Adobe PDF Reader Link Helper) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Programme\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll (Adobe Systems Incorporated)

O2 - BHO: (Java(tm) Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Programme\Java\jre6\bin\ssv.dll (Sun Microsystems, Inc.)

O4 - HKLM..\Run: [APSDaemon] C:\Program Files\Common Files\Apple\Apple Application Support\APSDaemon.exe (Apple Inc.)

O4 - HKLM..\Run: [ArcSoft Connection Service] C:\Programme\Common Files\ArcSoft\Connection Service\Bin\ACDaemon.exe (ArcSoft)

O4 - HKLM..\Run: [avgnt] C:\Program Files\Avira\AntiVir Desktop\avgnt.exe (Avira Operations GmbH & Co. KG)

O4 - HKLM..\Run: [eAudio] C:\Program Files\Acer\Empowering Technology\eAudio\eAudio.exe (Acer Incorporated)

O4 - HKLM..\Run: [ePower_DMC] C:\Programme\Acer\Empowering Technology\ePower\ePower_DMC.exe (Acer Inc.)

O4 - HKLM..\Run: [eRecoveryService]  File not found

O4 - HKLM..\Run: [IAAnotif] C:\Programme\Intel\Intel Matrix Storage Manager\IAAnotif.exe (Intel Corporation)

O4 - HKLM..\Run: [LManager] C:\Programme\Launch Manager\LManager.exe (Dritek System Inc.)

O4 - HKLM..\Run: [Malwarebytes' Anti-Malware] C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe (Malwarebytes Corporation)

O4 - HKLM..\Run: [NvCplDaemon] C:\Windows\System32\NvCpl.dll (NVIDIA Corporation)

O4 - HKLM..\Run: [NvMediaCenter] C:\Windows\System32\NvMcTray.dll (NVIDIA Corporation)

O4 - HKLM..\Run: [PMBVolumeWatcher] C:\Programme\Sony\PMB\PMBVolumeWatcher.exe (Sony Corporation)

O4 - HKLM..\Run: [RtHDVCpl] C:\Windows\RtHDVCpl.exe (Realtek Semiconductor)

O4 - HKLM..\Run: [WarReg_PopUp] C:\Programme\Acer\WR_PopUp\WarReg_PopUp.exe (Acer Incorporated)

O4 - HKLM..\Run: [Windows Defender] C:\Program Files\Windows Defender\MSASCui.exe (Microsoft Corporation)

O4 - HKU\S-1-5-19..\Run: [WindowsWelcomeCenter] C:\Windows\System32\oobefldr.dll (Microsoft Corporation)

O4 - HKU\S-1-5-20..\Run: [WindowsWelcomeCenter] C:\Windows\System32\oobefldr.dll (Microsoft Corporation)

O4 - HKU\S-1-5-21-2555909198-2805718332-2460936450-1000..\Run: [WMPNSCFG] C:\Programme\Windows Media Player\wmpnscfg.exe (Microsoft Corporation)

O4 - Startup: C:\Users\Boludo\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\OpenOffice.org 3.3.lnk = C:\Programme\OpenOffice.org 3\program\quickstart.exe ()

O8 - Extra context menu item: Bild an &Bluetooth-Gerät senden... - C:\Programme\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm ()

O8 - Extra context menu item: Seite an &Bluetooth-Gerät senden... - C:\Programme\WIDCOMM\Bluetooth Software\btsendto_ie.htm ()

O9 - Extra Button: @btrez.dll,-4015 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Programme\WIDCOMM\Bluetooth Software\btsendto_ie.htm ()

O9 - Extra 'Tools' menuitem : @btrez.dll,-12650 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Programme\WIDCOMM\Bluetooth Software\btsendto_ie.htm ()

O10 - NameSpace_Catalog5\Catalog_Entries\000000000008 [] - C:\Programme\Bonjour\mdnsNSP.dll (Apple Inc.)

O13 - gopher Prefix: missing

O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab (Java Plug-in 1.6.0_31)

O16 - DPF: {CAFEEFAC-0016-0000-0031-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab (Java Plug-in 1.6.0_31)

O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab (Java Plug-in 1.6.0_31)

O16 - DPF: {D821DC4A-0814-435E-9820-661C543A4679} hxxp://drmlicense.one.microsoft.com/crlupdate/en/crlocx.ocx (CRLDownloadWrapper Class)

O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} hxxp://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab (Reg Error: Key error.)

O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.1

O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{8621F01D-1B82-4981-BC90-637664DB07CE}: DhcpNameServer = 192.168.1.1

O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)

O20 - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\System32\userinit.exe (Microsoft Corporation)

O24 - Desktop WallPaper: C:\Users\Boludo\AppData\Roaming\Microsoft\Windows Photo Gallery\Hintergrundbild der Windows-Fotogalerie.jpg

O24 - Desktop BackupWallPaper: C:\Users\Boludo\AppData\Roaming\Microsoft\Windows Photo Gallery\Hintergrundbild der Windows-Fotogalerie.jpg

O32 - HKLM CDRom: AutoRun - 1

O34 - HKLM BootExecute: (autocheck autochk *)

O35 - HKLM\..comfile [open] -- "%1" %*

O35 - HKLM\..exefile [open] -- "%1" %*

O37 - HKLM\...com [@ = comfile] -- "%1" %*

O37 - HKLM\...exe [@ = exefile] -- "%1" %*

O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)

O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)

 

NetSvcs: FastUserSwitchingCompatibility -  File not found

NetSvcs: Ias - C:\Windows\System32\ias.dll (Microsoft Corporation)

NetSvcs: Nla -  File not found

NetSvcs: Ntmssvc -  File not found

NetSvcs: NWCWorkstation -  File not found

NetSvcs: Nwsapagent -  File not found

NetSvcs: SRService -  File not found

NetSvcs: WmdmPmSp -  File not found

NetSvcs: LogonHours -  File not found

NetSvcs: PCAudit -  File not found

NetSvcs: helpsvc -  File not found

NetSvcs: uploadmgr -  File not found

 

MsConfig - StartUpReg: iTunesHelper - hkey= - key= - C:\Program Files\iTunes\iTunesHelper.exe (Apple Inc.)

 

SafeBootMin: AppMgmt - Service

SafeBootMin: Base - Driver Group

SafeBootMin: Boot Bus Extender - Driver Group

SafeBootMin: Boot file system - Driver Group

SafeBootMin: File system - Driver Group

SafeBootMin: Filter - Driver Group

SafeBootMin: HelpSvc - Service

SafeBootMin: NTDS -  File not found

SafeBootMin: PCI Configuration - Driver Group

SafeBootMin: PNP Filter - Driver Group

SafeBootMin: Primary disk - Driver Group

SafeBootMin: sacsvr - Service

SafeBootMin: SCSI Class - Driver Group

SafeBootMin: System Bus Extender - Driver Group

SafeBootMin: WinDefend - C:\Programme\Windows Defender\MpSvc.dll (Microsoft Corporation)

SafeBootMin: {36FC9E60-C465-11CF-8056-444553540000} - Universal Serial Bus controllers

SafeBootMin: {4D36E965-E325-11CE-BFC1-08002BE10318} - CD-ROM Drive

SafeBootMin: {4D36E967-E325-11CE-BFC1-08002BE10318} - DiskDrive

SafeBootMin: {4D36E969-E325-11CE-BFC1-08002BE10318} - Standard floppy disk controller

SafeBootMin: {4D36E96A-E325-11CE-BFC1-08002BE10318} - Hdc

SafeBootMin: {4D36E96B-E325-11CE-BFC1-08002BE10318} - Keyboard

SafeBootMin: {4D36E96F-E325-11CE-BFC1-08002BE10318} - Mouse

SafeBootMin: {4D36E977-E325-11CE-BFC1-08002BE10318} - PCMCIA Adapters

SafeBootMin: {4D36E97B-E325-11CE-BFC1-08002BE10318} - SCSIAdapter

SafeBootMin: {4D36E97D-E325-11CE-BFC1-08002BE10318} - System

SafeBootMin: {4D36E980-E325-11CE-BFC1-08002BE10318} - Floppy disk drive

SafeBootMin: {533C5B84-EC70-11D2-9505-00C04F79DEAF} - Volume shadow copy

SafeBootMin: {6BDD1FC1-810F-11D0-BEC7-08002BE2092F} - IEEE 1394 Bus host controllers

SafeBootMin: {71A27CDD-812A-11D0-BEC7-08002BE2092F} - Volume

SafeBootMin: {745A17A0-74D3-11D0-B6FE-00A0C90F57DA} - Human Interface Devices

SafeBootMin: {D48179BE-EC20-11D1-B6B8-00C04FA372A7} - SBP2 IEEE 1394 Devices

SafeBootMin: {D94EE5D8-D189-4994-83D2-F68D7D41B0E6} - SecurityDevices

 

SafeBootNet: AppMgmt - Service

SafeBootNet: Base - Driver Group

SafeBootNet: Boot Bus Extender - Driver Group

SafeBootNet: Boot file system - Driver Group

SafeBootNet: File system - Driver Group

SafeBootNet: Filter - Driver Group

SafeBootNet: HelpSvc - Service

SafeBootNet: Messenger - Service

SafeBootNet: NDIS Wrapper - Driver Group

SafeBootNet: NetBIOSGroup - Driver Group

SafeBootNet: NetDDEGroup - Driver Group

SafeBootNet: Network - Driver Group

SafeBootNet: NetworkProvider - Driver Group

SafeBootNet: NTDS -  File not found

SafeBootNet: PCI Configuration - Driver Group

SafeBootNet: PNP Filter - Driver Group

SafeBootNet: PNP_TDI - Driver Group

SafeBootNet: Primary disk - Driver Group

SafeBootNet: rdsessmgr - Service

SafeBootNet: sacsvr - Service

SafeBootNet: SCSI Class - Driver Group

SafeBootNet: Streams Drivers - Driver Group

SafeBootNet: System Bus Extender - Driver Group

SafeBootNet: TDI - Driver Group

SafeBootNet: WinDefend - C:\Programme\Windows Defender\MpSvc.dll (Microsoft Corporation)

SafeBootNet: WudfUsbccidDriver - Driver

SafeBootNet: {36FC9E60-C465-11CF-8056-444553540000} - Universal Serial Bus controllers

SafeBootNet: {4D36E965-E325-11CE-BFC1-08002BE10318} - CD-ROM Drive

SafeBootNet: {4D36E967-E325-11CE-BFC1-08002BE10318} - DiskDrive

SafeBootNet: {4D36E969-E325-11CE-BFC1-08002BE10318} - Standard floppy disk controller

SafeBootNet: {4D36E96A-E325-11CE-BFC1-08002BE10318} - Hdc

SafeBootNet: {4D36E96B-E325-11CE-BFC1-08002BE10318} - Keyboard

SafeBootNet: {4D36E96F-E325-11CE-BFC1-08002BE10318} - Mouse

SafeBootNet: {4D36E972-E325-11CE-BFC1-08002BE10318} - Net

SafeBootNet: {4D36E973-E325-11CE-BFC1-08002BE10318} - NetClient

SafeBootNet: {4D36E974-E325-11CE-BFC1-08002BE10318} - NetService

SafeBootNet: {4D36E975-E325-11CE-BFC1-08002BE10318} - NetTrans

SafeBootNet: {4D36E977-E325-11CE-BFC1-08002BE10318} - PCMCIA Adapters

SafeBootNet: {4D36E97B-E325-11CE-BFC1-08002BE10318} - SCSIAdapter

SafeBootNet: {4D36E97D-E325-11CE-BFC1-08002BE10318} - System

SafeBootNet: {4D36E980-E325-11CE-BFC1-08002BE10318} - Floppy disk drive

SafeBootNet: {50DD5230-BA8A-11D1-BF5D-0000F805F530} - Smart card readers

SafeBootNet: {533C5B84-EC70-11D2-9505-00C04F79DEAF} - Volume shadow copy

SafeBootNet: {6BDD1FC1-810F-11D0-BEC7-08002BE2092F} - IEEE 1394 Bus host controllers

SafeBootNet: {71A27CDD-812A-11D0-BEC7-08002BE2092F} - Volume

SafeBootNet: {745A17A0-74D3-11D0-B6FE-00A0C90F57DA} - Human Interface Devices

SafeBootNet: {D48179BE-EC20-11D1-B6B8-00C04FA372A7} - SBP2 IEEE 1394 Devices

SafeBootNet: {D94EE5D8-D189-4994-83D2-F68D7D41B0E6} - SecurityDevices

 

ActiveX: {08B0E5C0-4FCB-11CF-AAA5-00401C608500} - Java (Sun)

ActiveX: {2179C5D3-EBFF-11CF-B6FD-00AA00B4E220} - 

ActiveX: {22d6f312-b0f6-11d0-94ab-0080c74c7e95} - Microsoft Windows Media Player 11.0

ActiveX: {25FFAAD0-F4A3-4164-95FF-4461E9F35D51} - .NET Framework

ActiveX: {2C7339CF-2B09-4501-B3F3-F3508C9228ED} - %SystemRoot%\system32\regsvr32.exe /s /n /i:/UserInstall %SystemRoot%\system32\themeui.dll

ActiveX: {3af36230-a269-11d1-b5bf-0000f8051515} - Offline Browsing Pack

ActiveX: {3C3901C5-3455-3E0A-A214-0B093A5070A6} - .NET Framework

ActiveX: {44BBA840-CC51-11CF-AAFA-00AA00B6015C} - "%ProgramFiles%\Windows Mail\WinMail.exe" OCInstallUserConfigOE

ActiveX: {44BBA848-CC51-11CF-AAFA-00AA00B6015C} - 

ActiveX: {44BBA855-CC51-11CF-AAFA-00AA00B6015F} - DirectDrawEx

ActiveX: {45ea75a0-a269-11d1-b5bf-0000f8051515} - Internet Explorer Help

ActiveX: {4f645220-306d-11d2-995d-00c04f98bbc9} - Microsoft Windows Script 5.6

ActiveX: {5fd399c0-a70a-11d1-9948-00c04f98bbc9} - Internet Explorer Setup Tools

ActiveX: {630b1da0-b465-11d1-9948-00c04f98bbc9} - Browsing Enhancements

ActiveX: {6BF52A52-394A-11d3-B153-00C04F79FAA6} - Microsoft Windows Media Player

ActiveX: {6fab99d0-bab8-11d1-994a-00c04f98bbc9} - MSN Site Access

ActiveX: {7790769C-0471-11d2-AF11-00C04FA35D02} - Address Book 7

ActiveX: {7C028AF8-F614-47B3-82DA-BA94E41B1089} - .NET Framework

ActiveX: {89820200-ECBD-11cf-8B85-00AA005B4340} - regsvr32.exe /s /n /i:U shell32.dll

ActiveX: {89820200-ECBD-11cf-8B85-00AA005B4383} - C:\Windows\system32\ie4uinit.exe -BaseSettings

ActiveX: {89B4C1CD-B018-4511-B0A1-5476DBF70820} - C:\Windows\system32\Rundll32.exe C:\Windows\system32\mscories.dll,Install

ActiveX: {90FFD292-B369-BBA7-7F56-9E0BC1A6A21A} - 

ActiveX: {9381D8F2-0288-11D0-9501-00AA00B911A5} - Dynamic HTML Data Binding

ActiveX: {C9E9A340-D1F1-11D0-821E-444553540600} - Internet Explorer Core Fonts

ActiveX: {CDD7975E-60F8-41d5-8149-19E51D6F71D0} - Windows Movie Maker v2.1

ActiveX: {D27CDB6E-AE6D-11CF-96B8-444553540000} - Adobe Flash Player

ActiveX: {de5aed00-a4bf-11d1-9948-00c04f98bbc9} - HTML Help

ActiveX: {E92B03AB-B707-11d2-9CBD-0000F87A369E} - Active Directory Service Interface

ActiveX: {EEEDD2C9-6689-C1EB-5092-CBF54D40AE8C} - Themes Setup

ActiveX: {F1F28391-FC74-32D3-9484-A1B13F2122E1} - Internet Explorer

ActiveX: >{22d6f312-b0f6-11d0-94ab-0080c74c7e95} - C:\Windows\system32\unregmp2.exe /ShowWMP

ActiveX: >{26923b43-4d38-484f-9b9e-de460746276c} - C:\Windows\system32\ie4uinit.exe -UserIconConfig

ActiveX: >{60B49E34-C7CC-11D0-8953-00A0C90347FF} - "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\iedkcs32.dll",BrandIEActiveSetup SIGNUP

 

Drivers32: msacm.avis - C:\Windows\System32\ff_acm.acm ()

Drivers32: msacm.l3acm - C:\Windows\System32\l3codeca.acm (Fraunhofer Institut Integrierte Schaltungen IIS)

Drivers32: MSVideo8 - C:\Windows\System32\vfwwdm32.dll (Microsoft Corporation)

Drivers32: vidc.cvid - C:\Windows\System32\iccvid.dll (Radius Inc.)

Drivers32: vidc.DIVX - C:\Windows\System32\DivX.dll (DivX, Inc.)

Drivers32: VIDC.FFDS - C:\Windows\System32\ff_vfw.dll ()

Drivers32: vidc.yv12 - C:\Windows\System32\DivX.dll (DivX, Inc.)

 

CREATERESTOREPOINT

Restore point Set: OTL Restore Point

 
 ========== Files/Folders - Created Within 30 Days ==========

 

[2012.06.08 06:56:20 | 000,000,000 | ---D | C] -- C:\_OTL

[2012.06.06 07:10:12 | 000,000,000 | ---D | C] -- C:\Program Files\ESET

[2012.06.02 20:03:20 | 000,595,968 | ---- | C] (OldTimer Tools) -- C:\Users\Boludo\Desktop\OTL.exe

[2012.06.02 11:04:39 | 000,000,000 | ---D | C] -- C:\Users\Boludo\AppData\Roaming\Malwarebytes

[2012.06.02 11:04:13 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes' Anti-Malware

[2012.06.02 11:04:12 | 000,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes

[2012.06.02 11:04:09 | 000,022,344 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbam.sys

[2012.06.02 11:04:09 | 000,000,000 | ---D | C] -- C:\Program Files\Malwarebytes' Anti-Malware

[2012.05.23 19:51:25 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\QuickTime

[2012.05.23 19:50:47 | 000,000,000 | ---D | C] -- C:\Program Files\QuickTime

[1 C:\Users\Boludo\AppData\Roaming\*.tmp files -> C:\Users\Boludo\AppData\Roaming\*.tmp -> ]

 
 ========== Files - Modified Within 30 Days ==========

 

[2012.06.08 20:26:17 | 000,084,934 | ---- | M] () -- C:\ProgramData\nvModes.001

[2012.06.08 20:16:24 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat

[2012.06.08 15:10:53 | 000,000,000 | ---- | M] () -- C:\Windows\System32\LogConfigTemp.xml

[2012.06.08 15:10:39 | 000,003,216 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0

[2012.06.08 15:10:38 | 000,003,216 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0

[2012.06.08 15:10:10 | 3219,578,880 | -HS- | M] () -- C:\hiberfil.sys

[2012.06.08 15:07:41 | 000,000,012 | ---- | M] () -- C:\Windows\bthservsdp.dat

[2012.06.08 15:07:27 | 000,000,098 | ---- | M] () -- C:\Windows\System32\drivers\etc\Hosts

[2012.06.03 17:50:16 | 000,000,680 | ---- | M] () -- C:\Users\Boludo\AppData\Local\d3d9caps.dat

[2012.06.02 20:03:25 | 000,595,968 | ---- | M] (OldTimer Tools) -- C:\Users\Boludo\Desktop\OTL.exe

[2012.06.02 20:02:10 | 000,000,000 | ---- | M] () -- C:\Users\Boludo\defogger_reenable

[2012.06.02 11:04:13 | 000,000,910 | ---- | M] () -- C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk

[2012.06.01 09:31:43 | 000,000,008 | ---- | M] () -- C:\Users\Boludo\AppData\Roaming\urhtps.dat

[2012.05.25 20:57:47 | 000,628,742 | ---- | M] () -- C:\Windows\System32\perfh007.dat

[2012.05.25 20:57:47 | 000,595,996 | ---- | M] () -- C:\Windows\System32\perfh009.dat

[2012.05.25 20:57:47 | 000,126,454 | ---- | M] () -- C:\Windows\System32\perfc007.dat

[2012.05.25 20:57:47 | 000,104,070 | ---- | M] () -- C:\Windows\System32\perfc009.dat

[2012.05.24 21:14:07 | 000,873,149 | ---- | M] () -- C:\Users\Boludo\Desktop\Foto-5.jpg

[2012.05.24 21:13:10 | 000,905,479 | ---- | M] () -- C:\Users\Boludo\Desktop\Foto-4.jpg

[2012.05.24 21:09:01 | 000,785,606 | ---- | M] () -- C:\Users\Boludo\Desktop\Foto-3.jpg

[2012.05.24 21:08:22 | 000,926,920 | ---- | M] () -- C:\Users\Boludo\Desktop\Foto-2.jpg

[2012.05.24 21:07:28 | 000,807,777 | ---- | M] () -- C:\Users\Boludo\Desktop\Foto-1.jpg

[2012.05.24 17:55:39 | 000,348,080 | ---- | M] () -- C:\Windows\System32\FNTCACHE.DAT

[2012.05.23 19:51:25 | 000,001,730 | ---- | M] () -- C:\Users\Public\Desktop\QuickTime Player.lnk

[2012.05.23 08:24:17 | 000,137,928 | ---- | M] (Avira GmbH) -- C:\Windows\System32\drivers\avipbb.sys

[2012.05.23 08:24:17 | 000,083,392 | ---- | M] (Avira GmbH) -- C:\Windows\System32\drivers\avgntflt.sys

[1 C:\Users\Boludo\AppData\Roaming\*.tmp files -> C:\Users\Boludo\AppData\Roaming\*.tmp -> ]

 
 ========== Files Created - No Company Name ==========

 

[2012.06.02 20:02:10 | 000,000,000 | ---- | C] () -- C:\Users\Boludo\defogger_reenable

[2012.06.02 11:04:13 | 000,000,910 | ---- | C] () -- C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk

[2012.06.01 09:31:43 | 000,000,008 | ---- | C] () -- C:\Users\Boludo\AppData\Roaming\urhtps.dat

[2012.05.31 21:32:45 | 005,515,785 | ---- | C] () -- C:\Users\Boludo\Desktop\046.JPG

[2012.05.24 21:14:06 | 000,873,149 | ---- | C] () -- C:\Users\Boludo\Desktop\Foto-5.jpg

[2012.05.24 21:13:08 | 000,905,479 | ---- | C] () -- C:\Users\Boludo\Desktop\Foto-4.jpg

[2012.05.24 21:08:59 | 000,785,606 | ---- | C] () -- C:\Users\Boludo\Desktop\Foto-3.jpg

[2012.05.24 21:08:20 | 000,926,920 | ---- | C] () -- C:\Users\Boludo\Desktop\Foto-2.jpg

[2012.05.24 21:07:26 | 000,807,777 | ---- | C] () -- C:\Users\Boludo\Desktop\Foto-1.jpg

[2012.05.23 19:51:25 | 000,001,730 | ---- | C] () -- C:\Users\Public\Desktop\QuickTime Player.lnk

[2011.06.11 19:02:43 | 000,330,240 | ---- | C] () -- C:\Windows\PICSUninstall.exe

[2011.03.15 23:41:32 | 000,000,306 | RHS- | C] () -- C:\ProgramData\ntuser.pol

[2011.02.20 15:09:34 | 000,000,699 | ---- | C] () -- C:\Windows\wiso.ini

[2011.01.04 17:07:44 | 000,000,001 | ---- | C] () -- C:\Windows\System32\SI.bin

[2010.11.05 20:03:33 | 000,084,480 | ---- | C] () -- C:\Windows\System32\ff_vfw.dll

[2010.07.26 20:19:11 | 000,000,069 | ---- | C] () -- C:\Windows\NeroDigital.ini

 
 ========== LOP Check ==========

 

[2009.11.20 09:55:21 | 000,000,000 | ---D | M] -- C:\Users\Boludo\AppData\Roaming\Acer

[2008.03.29 05:06:10 | 000,000,000 | ---D | M] -- C:\Users\Boludo\AppData\Roaming\Acer GameZone Console

[2009.12.24 13:52:44 | 000,000,000 | ---D | M] -- C:\Users\Boludo\AppData\Roaming\AnvSoft

[2011.02.20 15:11:25 | 000,000,000 | ---D | M] -- C:\Users\Boludo\AppData\Roaming\Buhl Data Service

[2009.12.29 22:00:24 | 000,000,000 | ---D | M] -- C:\Users\Boludo\AppData\Roaming\Canon

[2009.12.01 19:49:49 | 000,000,000 | ---D | M] -- C:\Users\Boludo\AppData\Roaming\FreeFLVConverter

[2011.12.30 21:05:34 | 000,000,000 | ---D | M] -- C:\Users\Boludo\AppData\Roaming\GMX

[2010.05.26 22:18:47 | 000,000,000 | ---D | M] -- C:\Users\Boludo\AppData\Roaming\IrfanView

[2009.11.20 23:09:08 | 000,000,000 | ---D | M] -- C:\Users\Boludo\AppData\Roaming\Leadertech

[2010.08.01 13:39:02 | 000,000,000 | ---D | M] -- C:\Users\Boludo\AppData\Roaming\MusicBrainz

[2012.02.11 22:02:35 | 000,000,000 | ---D | M] -- C:\Users\Boludo\AppData\Roaming\Nokia

[2010.05.09 21:34:24 | 000,000,000 | ---D | M] -- C:\Users\Boludo\AppData\Roaming\Nokia Ovi Suite

[2012.02.12 10:06:05 | 000,000,000 | ---D | M] -- C:\Users\Boludo\AppData\Roaming\Nokia Suite

[2009.11.21 11:47:44 | 000,000,000 | ---D | M] -- C:\Users\Boludo\AppData\Roaming\OpenOffice.org

[2012.03.02 20:16:09 | 000,000,000 | ---D | M] -- C:\Users\Boludo\AppData\Roaming\PC Suite

[2011.06.11 19:03:23 | 000,000,000 | ---D | M] -- C:\Users\Boludo\AppData\Roaming\pics

[2010.02.07 19:03:53 | 000,000,000 | ---D | M] -- C:\Users\Boludo\AppData\Roaming\StreamTorrent

[2009.11.20 09:35:43 | 000,000,000 | ---D | M] -- C:\Users\Boludo\AppData\Roaming\Validity

[2012.02.11 22:03:47 | 000,000,000 | ---D | M] -- C:\Users\Catja Mobil\AppData\Roaming\Nokia

[2011.12.08 22:00:03 | 000,000,000 | ---D | M] -- C:\Users\Catja Mobil\AppData\Roaming\Nokia Ovi Suite

[2011.12.09 22:27:03 | 000,000,000 | ---D | M] -- C:\Users\Catja Mobil\AppData\Roaming\Nokia Suite

[2011.12.08 22:18:45 | 000,000,000 | ---D | M] -- C:\Users\Catja Mobil\AppData\Roaming\PC Suite

[2012.06.08 15:07:41 | 000,032,558 | ---- | M] () -- C:\Windows\Tasks\SCHEDLGU.TXT

 
 ========== Purity Check ==========

 

 

 
 ========== Custom Scans ==========

 
 < %ALLUSERSPROFILE%\Application Data\*. >

 
 < %ALLUSERSPROFILE%\Application Data\*.exe /s >

 
 < %APPDATA%\*. >

[2009.11.20 09:55:21 | 000,000,000 | ---D | M] -- C:\Users\Boludo\AppData\Roaming\Acer

[2008.03.29 05:06:10 | 000,000,000 | ---D | M] -- C:\Users\Boludo\AppData\Roaming\Acer GameZone Console

[2012.06.08 12:38:45 | 000,000,000 | ---D | M] -- C:\Users\Boludo\AppData\Roaming\Adobe

[2009.12.24 13:52:44 | 000,000,000 | ---D | M] -- C:\Users\Boludo\AppData\Roaming\AnvSoft

[2011.12.10 11:14:39 | 000,000,000 | ---D | M] -- C:\Users\Boludo\AppData\Roaming\Apple Computer

[2011.05.31 10:10:29 | 000,000,000 | ---D | M] -- C:\Users\Boludo\AppData\Roaming\ArcSoft

[2012.02.21 20:56:41 | 000,000,000 | ---D | M] -- C:\Users\Boludo\AppData\Roaming\Avira

[2009.12.13 15:35:19 | 000,000,000 | ---D | M] -- C:\Users\Boludo\AppData\Roaming\Brother

[2011.02.20 15:11:25 | 000,000,000 | ---D | M] -- C:\Users\Boludo\AppData\Roaming\Buhl Data Service

[2009.12.29 22:00:24 | 000,000,000 | ---D | M] -- C:\Users\Boludo\AppData\Roaming\Canon

[2009.11.20 14:55:50 | 000,000,000 | ---D | M] -- C:\Users\Boludo\AppData\Roaming\CyberLink

[2009.11.22 18:07:23 | 000,000,000 | ---D | M] -- C:\Users\Boludo\AppData\Roaming\DivX

[2011.05.17 12:29:14 | 000,000,000 | ---D | M] -- C:\Users\Boludo\AppData\Roaming\DVD Flick

[2012.04.01 10:23:48 | 000,000,000 | ---D | M] -- C:\Users\Boludo\AppData\Roaming\dvdcss

[2009.12.01 19:49:49 | 000,000,000 | ---D | M] -- C:\Users\Boludo\AppData\Roaming\FreeFLVConverter

[2011.12.30 21:05:34 | 000,000,000 | ---D | M] -- C:\Users\Boludo\AppData\Roaming\GMX

[2009.11.20 09:32:27 | 000,000,000 | ---D | M] -- C:\Users\Boludo\AppData\Roaming\Identities

[2009.11.20 09:33:02 | 000,000,000 | ---D | M] -- C:\Users\Boludo\AppData\Roaming\InstallShield

[2010.05.26 22:18:47 | 000,000,000 | ---D | M] -- C:\Users\Boludo\AppData\Roaming\IrfanView

[2009.11.20 23:09:08 | 000,000,000 | ---D | M] -- C:\Users\Boludo\AppData\Roaming\Leadertech

[2009.11.20 09:56:16 | 000,000,000 | ---D | M] -- C:\Users\Boludo\AppData\Roaming\Macromedia

[2012.06.02 11:04:39 | 000,000,000 | ---D | M] -- C:\Users\Boludo\AppData\Roaming\Malwarebytes

[2006.11.02 14:37:34 | 000,000,000 | ---D | M] -- C:\Users\Boludo\AppData\Roaming\Media Center Programs

[2011.01.10 23:21:00 | 000,000,000 | --SD | M] -- C:\Users\Boludo\AppData\Roaming\Microsoft

[2009.11.20 12:53:56 | 000,000,000 | ---D | M] -- C:\Users\Boludo\AppData\Roaming\Mozilla

[2010.08.01 13:39:02 | 000,000,000 | ---D | M] -- C:\Users\Boludo\AppData\Roaming\MusicBrainz

[2009.11.20 23:30:21 | 000,000,000 | ---D | M] -- C:\Users\Boludo\AppData\Roaming\Nero

[2012.02.11 22:02:35 | 000,000,000 | ---D | M] -- C:\Users\Boludo\AppData\Roaming\Nokia

[2010.05.09 21:34:24 | 000,000,000 | ---D | M] -- C:\Users\Boludo\AppData\Roaming\Nokia Ovi Suite

[2012.02.12 10:06:05 | 000,000,000 | ---D | M] -- C:\Users\Boludo\AppData\Roaming\Nokia Suite

[2009.11.21 11:47:44 | 000,000,000 | ---D | M] -- C:\Users\Boludo\AppData\Roaming\OpenOffice.org

[2012.03.02 20:16:09 | 000,000,000 | ---D | M] -- C:\Users\Boludo\AppData\Roaming\PC Suite

[2011.06.11 19:03:23 | 000,000,000 | ---D | M] -- C:\Users\Boludo\AppData\Roaming\pics

[2012.05.04 08:10:29 | 000,000,000 | ---D | M] -- C:\Users\Boludo\AppData\Roaming\Sony Corporation

[2010.02.07 19:03:53 | 000,000,000 | ---D | M] -- C:\Users\Boludo\AppData\Roaming\StreamTorrent

[2009.11.20 09:35:43 | 000,000,000 | ---D | M] -- C:\Users\Boludo\AppData\Roaming\Validity

[2012.06.08 15:03:02 | 000,000,000 | ---D | M] -- C:\Users\Boludo\AppData\Roaming\vlc

[2009.11.20 10:08:06 | 000,000,000 | ---D | M] -- C:\Users\Boludo\AppData\Roaming\Yahoo!

[2009.11.30 22:37:22 | 000,000,000 | ---D | M] -- C:\Users\Boludo\AppData\Roaming\ZoomBrowser EX

 
 < %APPDATA%\*.exe /s >

[2009.12.13 15:15:17 | 000,010,134 | R--- | M] () -- C:\Users\Boludo\AppData\Roaming\Microsoft\Installer\{2BC2781A-F7F6-452E-95EB-018A522F1B2C}\ARPPRODUCTICON.exe

[2010.02.12 21:28:00 | 000,053,248 | R--- | M] (Acresso Software Inc.) -- C:\Users\Boludo\AppData\Roaming\Microsoft\Installer\{DF6FE172-006A-4324-AF7F-ACFE4BA290FE}\ARPPRODUCTICON.exe

[2010.07.09 10:42:45 | 069,222,840 | ---- | M] () -- C:\Users\Boludo\AppData\Roaming\Nokia\Ovi Suite\Software Updater\NokiaOviSuite2Installer.exe

 
 < %SYSTEMDRIVE%\*.exe >

[2007.12.27 23:24:08 | 000,562,688 | ---- | M] (Microsoft Corporation) -- C:\install.exe

 
 < MD5 for: AGP440.SYS  >

[2008.01.21 04:23:01 | 000,056,376 | ---- | M] (Microsoft Corporation) MD5=13F9E33747E6B41A3FF305C37DB0D360 -- C:\Windows\System32\drivers\AGP440.sys

[2008.01.21 04:23:01 | 000,056,376 | ---- | M] (Microsoft Corporation) MD5=13F9E33747E6B41A3FF305C37DB0D360 -- C:\Windows\System32\DriverStore\FileRepository\machine.inf_51b95d75\AGP440.sys

[2008.01.21 04:23:01 | 000,056,376 | ---- | M] (Microsoft Corporation) MD5=13F9E33747E6B41A3FF305C37DB0D360 -- C:\Windows\System32\DriverStore\FileRepository\machine.inf_f750e484\AGP440.sys

[2008.01.21 04:23:01 | 000,056,376 | ---- | M] (Microsoft Corporation) MD5=13F9E33747E6B41A3FF305C37DB0D360 -- C:\Windows\winsxs\x86_machine.inf_31bf3856ad364e35_6.0.6001.18000_none_ba12ed3bbeb0d97a\AGP440.sys

[2008.01.21 04:23:01 | 000,056,376 | ---- | M] (Microsoft Corporation) MD5=13F9E33747E6B41A3FF305C37DB0D360 -- C:\Windows\winsxs\x86_machine.inf_31bf3856ad364e35_6.0.6002.18005_none_bbfe6647bbd2a4c6\AGP440.sys

[2006.11.02 11:49:52 | 000,053,864 | ---- | M] (Microsoft Corporation) MD5=EF23439CDD587F64C2C1B8825CEAD7D8 -- C:\Windows\System32\DriverStore\FileRepository\machine.inf_920a2c1f\AGP440.sys

 
 < MD5 for: ATAPI.SYS  >

[2009.04.11 08:32:26 | 000,019,944 | ---- | M] (Microsoft Corporation) MD5=1F05B78AB91C9075565A9D8A4B880BC4 -- C:\Windows\System32\drivers\atapi.sys

[2009.04.11 08:32:26 | 000,019,944 | ---- | M] (Microsoft Corporation) MD5=1F05B78AB91C9075565A9D8A4B880BC4 -- C:\Windows\System32\DriverStore\FileRepository\mshdc.inf_b12d8e84\atapi.sys

[2009.04.11 08:32:26 | 000,019,944 | ---- | M] (Microsoft Corporation) MD5=1F05B78AB91C9075565A9D8A4B880BC4 -- C:\Windows\winsxs\x86_mshdc.inf_31bf3856ad364e35_6.0.6002.18005_none_df23a1261eab99e8\atapi.sys

[2008.01.21 04:23:00 | 000,021,560 | ---- | M] (Microsoft Corporation) MD5=2D9C903DC76A66813D350A562DE40ED9 -- C:\Windows\System32\DriverStore\FileRepository\mshdc.inf_cc18792d\atapi.sys

[2008.01.21 04:23:00 | 000,021,560 | ---- | M] (Microsoft Corporation) MD5=2D9C903DC76A66813D350A562DE40ED9 -- C:\Windows\winsxs\x86_mshdc.inf_31bf3856ad364e35_6.0.6001.18000_none_dd38281a2189ce9c\atapi.sys

[2006.11.02 11:49:36 | 000,019,048 | ---- | M] (Microsoft Corporation) MD5=4F4FCB8B6EA06784FB6D475B7EC7300F -- C:\Windows\System32\DriverStore\FileRepository\mshdc.inf_c6c2e699\atapi.sys

 
 < MD5 for: CNGAUDIT.DLL  >

[2006.11.02 11:46:03 | 000,011,776 | ---- | M] (Microsoft Corporation) MD5=7F15B4953378C8B5161D65C26D5FED4D -- C:\Windows\System32\cngaudit.dll

[2006.11.02 11:46:03 | 000,011,776 | ---- | M] (Microsoft Corporation) MD5=7F15B4953378C8B5161D65C26D5FED4D -- C:\Windows\winsxs\x86_microsoft-windows-cngaudit-dll_31bf3856ad364e35_6.0.6000.16386_none_e62d292932a96ce6\cngaudit.dll

 
 < MD5 for: IASTOR.SYS  >

[2007.09.29 23:03:32 | 000,384,024 | ---- | M] (Intel Corporation) MD5=16A4671255CFB842225F0FDB6DBDB414 -- C:\Program Files\Intel\Intel Matrix Storage Manager\driver64\IaStor.sys

[2007.09.29 23:03:12 | 000,308,248 | ---- | M] (Intel Corporation) MD5=E5A0034847537EAEE3C00349D5C34C5F -- C:\Program Files\Intel\Intel Matrix Storage Manager\driver\IaStor.sys

[2007.09.29 23:03:12 | 000,308,248 | ---- | M] (Intel Corporation) MD5=E5A0034847537EAEE3C00349D5C34C5F -- C:\Windows\System32\drivers\iaStor.sys

[2007.09.29 23:03:12 | 000,308,248 | ---- | M] (Intel Corporation) MD5=E5A0034847537EAEE3C00349D5C34C5F -- C:\Windows\System32\DriverStore\FileRepository\iaahci.inf_7baf6192\iaStor.sys

 
 < MD5 for: IASTORV.SYS  >

[2008.01.21 04:23:23 | 000,235,064 | ---- | M] (Intel Corporation) MD5=54155EA1B0DF185878E0FC9EC3AC3A14 -- C:\Windows\System32\drivers\iaStorV.sys

[2008.01.21 04:23:23 | 000,235,064 | ---- | M] (Intel Corporation) MD5=54155EA1B0DF185878E0FC9EC3AC3A14 -- C:\Windows\System32\DriverStore\FileRepository\iastorv.inf_c9df7691\iaStorV.sys

[2008.01.21 04:23:23 | 000,235,064 | ---- | M] (Intel Corporation) MD5=54155EA1B0DF185878E0FC9EC3AC3A14 -- C:\Windows\winsxs\x86_iastorv.inf_31bf3856ad364e35_6.0.6001.18000_none_af11527887c7fa8f\iaStorV.sys

[2006.11.02 11:51:25 | 000,232,040 | ---- | M] (Intel Corporation) MD5=C957BF4B5D80B46C5017BF0101E6C906 -- C:\Windows\System32\DriverStore\FileRepository\iastorv.inf_37cdafa4\iaStorV.sys

 
 < MD5 for: NETLOGON.DLL  >

[2009.04.11 08:28:23 | 000,592,896 | ---- | M] (Microsoft Corporation) MD5=95DAECF0FB120A7B5DA679CC54E37DDE -- C:\Windows\System32\netlogon.dll

[2009.04.11 08:28:23 | 000,592,896 | ---- | M] (Microsoft Corporation) MD5=95DAECF0FB120A7B5DA679CC54E37DDE -- C:\Windows\winsxs\x86_microsoft-windows-security-netlogon_31bf3856ad364e35_6.0.6002.18005_none_ffa3304f351bb3a3\netlogon.dll

[2008.01.21 04:24:05 | 000,592,384 | ---- | M] (Microsoft Corporation) MD5=A8EFC0B6E75B789F7FD3BA5025D4E37F -- C:\Windows\winsxs\x86_microsoft-windows-security-netlogon_31bf3856ad364e35_6.0.6001.18000_none_fdb7b74337f9e857\netlogon.dll

 
 < MD5 for: NVSTOR.SYS  >

[2006.11.02 11:50:13 | 000,040,040 | ---- | M] (NVIDIA Corporation) MD5=9E0BA19A28C498A6D323D065DB76DFFC -- C:\Windows\System32\DriverStore\FileRepository\nvraid.inf_733654ff\nvstor.sys

[2008.01.21 04:23:21 | 000,045,112 | ---- | M] (NVIDIA Corporation) MD5=ABED0C09758D1D97DB0042DBB2688177 -- C:\Windows\System32\drivers\nvstor.sys

[2008.01.21 04:23:21 | 000,045,112 | ---- | M] (NVIDIA Corporation) MD5=ABED0C09758D1D97DB0042DBB2688177 -- C:\Windows\System32\DriverStore\FileRepository\nvraid.inf_31c3d71d\nvstor.sys

[2008.01.21 04:23:21 | 000,045,112 | ---- | M] (NVIDIA Corporation) MD5=ABED0C09758D1D97DB0042DBB2688177 -- C:\Windows\winsxs\x86_nvraid.inf_31bf3856ad364e35_6.0.6001.18000_none_39dac327befea467\nvstor.sys

 
 < MD5 for: SCECLI.DLL  >

[2008.01.21 04:24:50 | 000,177,152 | ---- | M] (Microsoft Corporation) MD5=28B84EB538F7E8A0FE8B9299D591E0B9 -- C:\Windows\winsxs\x86_microsoft-windows-s..urationengineclient_31bf3856ad364e35_6.0.6001.18000_none_380de25bd91b6f12\scecli.dll

[2009.04.11 08:28:24 | 000,177,152 | ---- | M] (Microsoft Corporation) MD5=8FC182167381E9915651267044105EE1 -- C:\Windows\System32\scecli.dll

[2009.04.11 08:28:24 | 000,177,152 | ---- | M] (Microsoft Corporation) MD5=8FC182167381E9915651267044105EE1 -- C:\Windows\winsxs\x86_microsoft-windows-s..urationengineclient_31bf3856ad364e35_6.0.6002.18005_none_39f95b67d63d3a5e\scecli.dll

 
 < MD5 for: USER32.DLL  >

[2009.04.11 08:28:25 | 000,627,712 | ---- | M] (Microsoft Corporation) MD5=75510147B94598407666F4802797C75A -- C:\Windows\winsxs\x86_microsoft-windows-user32_31bf3856ad364e35_6.0.6002.18005_none_cf23e54d6a7e4a7e\user32.dll

[2008.01.21 04:24:21 | 000,627,200 | ---- | M] (Microsoft Corporation) MD5=B974D9F06DC7D1908E825DC201681269 -- C:\Windows\winsxs\x86_microsoft-windows-user32_31bf3856ad364e35_6.0.6001.18000_none_cd386c416d5c7f32\user32.dll

[2009.04.11 08:28:25 | 000,627,712 | ---- | M] (Microsoft Corporation) Unable to obtain MD5 -- C:\Windows\System32\user32.dll

 
 < MD5 for: USERINIT.EXE  >

[2008.01.21 04:24:49 | 000,025,088 | ---- | M] (Microsoft Corporation) MD5=0E135526E9785D085BCD9AEDE6FBCBF9 -- C:\Windows\System32\userinit.exe

[2008.01.21 04:24:49 | 000,025,088 | ---- | M] (Microsoft Corporation) MD5=0E135526E9785D085BCD9AEDE6FBCBF9 -- C:\Windows\winsxs\x86_microsoft-windows-userinit_31bf3856ad364e35_6.0.6001.18000_none_dc28ba15d1aff80b\userinit.exe

 
 < MD5 for: WININIT.EXE  >

[2008.01.21 04:23:42 | 000,096,768 | ---- | M] (Microsoft Corporation) MD5=101BA3EA053480BB5D957EF37C06B5ED -- C:\Windows\System32\wininit.exe

[2008.01.21 04:23:42 | 000,096,768 | ---- | M] (Microsoft Corporation) MD5=101BA3EA053480BB5D957EF37C06B5ED -- C:\Windows\winsxs\x86_microsoft-windows-wininit_31bf3856ad364e35_6.0.6001.18000_none_30f2b8cf0450a6a2\wininit.exe

 
 < MD5 for: WINLOGON.EXE  >

[2012.04.04 15:56:38 | 000,199,240 | ---- | M] () MD5=097D0E812D7A9A3101CE46CB2BE0474D -- C:\Program Files\Malwarebytes' Anti-Malware\Chameleon\winlogon.exe

[2009.04.11 08:28:13 | 000,314,368 | ---- | M] (Microsoft Corporation) MD5=898E7C06A350D4A1A64A9EA264D55452 -- C:\Windows\System32\winlogon.exe

[2009.04.11 08:28:13 | 000,314,368 | ---- | M] (Microsoft Corporation) MD5=898E7C06A350D4A1A64A9EA264D55452 -- C:\Windows\winsxs\x86_microsoft-windows-winlogon_31bf3856ad364e35_6.0.6002.18005_none_71ae7a22d2134741\winlogon.exe

[2008.01.21 04:24:49 | 000,314,880 | ---- | M] (Microsoft Corporation) MD5=C2610B6BDBEFC053BBDAB4F1B965CB24 -- C:\Windows\winsxs\x86_microsoft-windows-winlogon_31bf3856ad364e35_6.0.6001.18000_none_6fc30116d4f17bf5\winlogon.exe

 
 < MD5 for: WS2IFSL.SYS  >

[2008.01.21 04:24:47 | 000,015,872 | ---- | M] (Microsoft Corporation) MD5=E3A3CB253C0EC2494D4A61F5E43A389C -- C:\Windows\System32\drivers\ws2ifsl.sys

[2008.01.21 04:24:47 | 000,015,872 | ---- | M] (Microsoft Corporation) MD5=E3A3CB253C0EC2494D4A61F5E43A389C -- C:\Windows\winsxs\x86_microsoft-windows-w..rastructure-ws2ifsl_31bf3856ad364e35_6.0.6001.18000_none_4f86a0d4c7cda641\ws2ifsl.sys

 
 < %systemroot%\system32\drivers\*.sys /lockedfiles >

 
 < %systemroot%\System32\config\*.sav >

[2008.01.21 05:14:18 | 016,846,848 | ---- | M] () -- C:\Windows\System32\config\COMPONENTS.SAV

[2008.01.21 05:14:08 | 000,106,496 | ---- | M] () -- C:\Windows\System32\config\DEFAULT.SAV

[2008.01.21 05:14:18 | 000,020,480 | ---- | M] () -- C:\Windows\System32\config\SECURITY.SAV

[2006.11.02 12:34:08 | 010,133,504 | ---- | M] () -- C:\Windows\System32\config\SOFTWARE.SAV

[2006.11.02 12:34:08 | 001,826,816 | ---- | M] () -- C:\Windows\System32\config\SYSTEM.SAV

 
 < %systemroot%\*. /mp /s >

 
 < %systemroot%\system32\*.dll /lockedfiles >

 
 <           >
 

< End of report >

Gruß
Boludo

Ist sehr unauffällig :dummguck:

Bitte nun (im normalen Windows-Modus) dieses Tool von Kaspersky (TDSS-Killer) ausführen und das Log posten Anleitung und Downloadlink hier => http://www.trojaner-board.de/82358-t...entfernen.html

Hinweis: Bitte den Virenscanner abstellen bevor du den TDSS-Killer ausführst, denn v.a. Avira meldet im TDSS-Tool oft einen Fehalalrm!

Das Tool so einstellen wie unten im Bild angegeben - klick auf change parameters und setze die Haken wie im folgenden Screenshot abgebildet,
Dann auf Start Scan klicken und wenn es durch ist auf den Button Report klicken um das Log anzuzeigen. Dieses bitte komplett posten.
Wenn du das Log nicht findest oder den Inhalt kopieren und in dein Posting übertragen kannst, dann schau bitte direkt auf deiner Windows-Systempartition (meistens Laufwerk C:) nach, da speichert der TDSS-Killer seine Logs.

Hinweis: Bitte nichts voreilig mit dem TDSS-Killer löschen! Falls Objekte vom TDSS-Killer bemängelt werden, alle mit der Aktion "skip" behandeln und hier nur das Log posten!

http://saved.im/mtkwmtcxexhp/setting...8_16-25-18.jpg

Als Admin ausgeführt, Logfile anbei:

Code:

07:56:21.0751 3744        TDSS rootkit removing tool 2.7.36.0 May 21 2012 16:40:16

07:56:22.0343 3744        ============================================================

07:56:22.0343 3744        Current date / time: 2012/06/09 07:56:22.0343

07:56:22.0343 3744        SystemInfo:

07:56:22.0343 3744        

07:56:22.0343 3744        OS Version: 6.0.6002 ServicePack: 2.0

07:56:22.0343 3744        Product type: Workstation

07:56:22.0343 3744        ComputerName: BOLUDO-PC

07:56:22.0343 3744        UserName: Boludo

07:56:22.0343 3744        Windows directory: C:\Windows

07:56:22.0343 3744        System windows directory: C:\Windows

07:56:22.0343 3744        Processor architecture: Intel x86

07:56:22.0343 3744        Number of processors: 2

07:56:22.0343 3744        Page size: 0x1000

07:56:22.0343 3744        Boot type: Normal boot

07:56:22.0343 3744        ============================================================

07:56:23.0295 3744        Drive \Device\Harddisk0\DR0 - Size: 0x3A38B2E000 (232.89 Gb), SectorSize: 0x200, Cylinders: 0x76C1, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000050

07:56:23.0295 3744        ============================================================

07:56:23.0295 3744        \Device\Harddisk0\DR0:

07:56:23.0295 3744        MBR partitions:

07:56:23.0295 3744        \Device\Harddisk0\DR0\Partition0: MBR, Type 0x7, StartLBA 0x1400800, BlocksNum 0xDEE2000

07:56:23.0295 3744        \Device\Harddisk0\DR0\Partition1: MBR, Type 0x7, StartLBA 0xF2E2800, BlocksNum 0xD7CC800

07:56:23.0295 3744        ============================================================

07:56:23.0326 3744        C: <-> \Device\Harddisk0\DR0\Partition0

07:56:23.0404 3744        D: <-> \Device\Harddisk0\DR0\Partition1

07:56:23.0404 3744        ============================================================

07:56:23.0404 3744        Initialize success

07:56:23.0404 3744        ============================================================

07:56:38.0865 4968        ============================================================

07:56:38.0865 4968        Scan started

07:56:38.0865 4968        Mode: Manual; SigCheck; TDLFS; 

07:56:38.0865 4968        ============================================================

07:56:39.0192 4968        AAV UpdateService (7eeb488346fbfa3731276c3ee8a8fd9e) C:\Program Files\Akademische Arbeitsgemeinschaft\AAVUpdateManager\aavus.exe

07:56:39.0426 4968        AAV UpdateService - ok

07:56:39.0723 4968        ACPI            (82b296ae1892fe3dbee00c9cf92f8ac7) C:\Windows\system32\drivers\acpi.sys

07:56:39.0754 4968        ACPI - ok

07:56:39.0848 4968        adp94xx         (04f0fcac69c7c71a3ac4eb97fafc8303) C:\Windows\system32\drivers\adp94xx.sys

07:56:39.0910 4968        adp94xx - ok

07:56:39.0972 4968        adpahci         (60505e0041f7751bdbb80f88bf45c2ce) C:\Windows\system32\drivers\adpahci.sys

07:56:40.0004 4968        adpahci - ok

07:56:40.0035 4968        adpu160m        (8a42779b02aec986eab64ecfc98f8bd7) C:\Windows\system32\drivers\adpu160m.sys

07:56:40.0066 4968        adpu160m - ok

07:56:40.0097 4968        adpu320         (241c9e37f8ce45ef51c3de27515ca4e5) C:\Windows\system32\drivers\adpu320.sys

07:56:40.0113 4968        adpu320 - ok

07:56:40.0175 4968        AeLookupSvc     (9d1fda9e086ba64e3c93c9de32461bcf) C:\Windows\System32\aelupsvc.dll

07:56:40.0316 4968        AeLookupSvc - ok

07:56:40.0394 4968        Afc             (a7b8a3a79d35215d798a300df49ed23f) C:\Windows\system32\drivers\Afc.sys

07:56:40.0440 4968        Afc ( UnsignedFile.Multi.Generic ) - warning

07:56:40.0440 4968        Afc - detected UnsignedFile.Multi.Generic (1)

07:56:40.0503 4968        AFD             (3911b972b55fea0478476b2e777b29fa) C:\Windows\system32\drivers\afd.sys

07:56:40.0596 4968        AFD - ok

07:56:40.0628 4968        AgereModemAudio (8ed60797908fd394eee0d6949f493224) C:\Windows\system32\agrsmsvc.exe

07:56:40.0690 4968        AgereModemAudio - ok

07:56:40.0908 4968        AgereSoftModem  (38325c6aa8eae011897d61ce48ec6435) C:\Windows\system32\DRIVERS\AGRSM.sys

07:56:41.0019 4968        AgereSoftModem - ok

07:56:41.0518 4968        agp440          (13f9e33747e6b41a3ff305c37db0d360) C:\Windows\system32\drivers\agp440.sys

07:56:41.0549 4968        agp440 - ok

07:56:41.0627 4968        aic78xx         (ae1fdf7bf7bb6c6a70f67699d880592a) C:\Windows\system32\drivers\djsvs.sys

07:56:41.0658 4968        aic78xx - ok

07:56:41.0705 4968        ALG             (a1545b731579895d8cc44fc0481c1192) C:\Windows\System32\alg.exe

07:56:41.0892 4968        ALG - ok

07:56:41.0939 4968        aliide          (9eaef5fc9b8e351afa7e78a6fae91f91) C:\Windows\system32\drivers\aliide.sys

07:56:41.0940 4968        aliide - ok

07:56:41.0987 4968        amdagp          (c47344bc706e5f0b9dce369516661578) C:\Windows\system32\drivers\amdagp.sys

07:56:42.0018 4968        amdagp - ok

07:56:42.0034 4968        amdide          (9b78a39a4c173fdbc1321e0dd659b34c) C:\Windows\system32\drivers\amdide.sys

07:56:42.0049 4968        amdide - ok

07:56:42.0127 4968        AmdK7           (18f29b49ad23ecee3d2a826c725c8d48) C:\Windows\system32\drivers\amdk7.sys

07:56:42.0205 4968        AmdK7 - ok

07:56:42.0221 4968        AmdK8           (93ae7f7dd54ab986a6f1a1b37be7442d) C:\Windows\system32\drivers\amdk8.sys

07:56:42.0330 4968        AmdK8 - ok

07:56:42.0377 4968        Appinfo         (c6d704c7f0434dc791aac37cac4b6e14) C:\Windows\System32\appinfo.dll

07:56:42.0439 4968        Appinfo - ok

07:56:42.0626 4968        Apple Mobile Device (7ef47644b74ebe721cc32211d3c35e76) C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe

07:56:42.0642 4968        Apple Mobile Device - ok

07:56:42.0689 4968        arc             (5d2888182fb46632511acee92fdad522) C:\Windows\system32\drivers\arc.sys

07:56:42.0720 4968        arc - ok

07:56:42.0751 4968        arcsas          (5e2a321bd7c8b3624e41fdec3e244945) C:\Windows\system32\drivers\arcsas.sys

07:56:42.0782 4968        arcsas - ok

07:56:42.0845 4968        AsyncMac        (53b202abee6455406254444303e87be1) C:\Windows\system32\DRIVERS\asyncmac.sys

07:56:42.0907 4968        AsyncMac - ok

07:56:42.0970 4968        atapi           (1f05b78ab91c9075565a9d8a4b880bc4) C:\Windows\system32\drivers\atapi.sys

07:56:43.0001 4968        atapi - ok

07:56:43.0110 4968        AudioEndpointBuilder (68e2a1a0407a66cf50da0300852424ab) C:\Windows\System32\Audiosrv.dll

07:56:43.0188 4968        AudioEndpointBuilder - ok

07:56:43.0188 4968        Audiosrv        (68e2a1a0407a66cf50da0300852424ab) C:\Windows\System32\Audiosrv.dll

07:56:43.0235 4968        Audiosrv - ok

07:56:43.0297 4968        Beep            (67e506b75bd5326a3ec7b70bd014dfb6) C:\Windows\system32\drivers\Beep.sys

07:56:43.0360 4968        Beep - ok

07:56:43.0438 4968        BFE             (c789af0f724fda5852fb9a7d3a432381) C:\Windows\System32\bfe.dll

07:56:43.0516 4968        BFE - ok

07:56:43.0625 4968        BITS            (93952506c6d67330367f7e7934b6a02f) C:\Windows\System32\qmgr.dll

07:56:43.0734 4968        BITS - ok

07:56:43.0765 4968        blbdrive        (d4df28447741fd3d953526e33a617397) C:\Windows\system32\drivers\blbdrive.sys

07:56:43.0843 4968        blbdrive - ok

07:56:44.0015 4968        Bonjour Service (db5bea73edaf19ac68b2c0fad0f92b1a) C:\Program Files\Bonjour\mDNSResponder.exe

07:56:44.0062 4968        Bonjour Service - ok

07:56:44.0108 4968        bowser          (35f376253f687bde63976ccb3f2108ca) C:\Windows\system32\DRIVERS\bowser.sys

07:56:44.0186 4968        bowser - ok

07:56:44.0233 4968        BrFiltLo        (9f9acc7f7ccde8a15c282d3f88b43309) C:\Windows\system32\drivers\brfiltlo.sys

07:56:44.0280 4968        BrFiltLo - ok

07:56:44.0296 4968        BrFiltUp        (56801ad62213a41f6497f96dee83755a) C:\Windows\system32\drivers\brfiltup.sys

07:56:44.0358 4968        BrFiltUp - ok

07:56:44.0405 4968        Browser         (a3629a0c4226f9e9c72faaeebc3ad33c) C:\Windows\System32\browser.dll

07:56:44.0483 4968        Browser - ok

07:56:44.0498 4968        Brserid         (b304e75cff293029eddf094246747113) C:\Windows\system32\drivers\brserid.sys

07:56:44.0779 4968        Brserid - ok

07:56:44.0826 4968        BrSerWdm        (203f0b1e73adadbbb7b7b1fabd901f6b) C:\Windows\system32\drivers\brserwdm.sys

07:56:44.0920 4968        BrSerWdm - ok

07:56:44.0935 4968        BrUsbMdm        (bd456606156ba17e60a04e18016ae54b) C:\Windows\system32\drivers\brusbmdm.sys

07:56:45.0060 4968        BrUsbMdm - ok

07:56:45.0076 4968        BrUsbSer        (af72ed54503f717a43268b3cc5faec2e) C:\Windows\system32\drivers\brusbser.sys

07:56:45.0263 4968        BrUsbSer - ok

07:56:45.0294 4968        BthEnum         (6d39c954799b63ba866910234cf7d726) C:\Windows\system32\DRIVERS\BthEnum.sys

07:56:45.0356 4968        BthEnum - ok

07:56:45.0388 4968        BTHMODEM        (ad07c1ec6665b8b35741ab91200c6b68) C:\Windows\system32\drivers\bthmodem.sys

07:56:45.0497 4968        BTHMODEM - ok

07:56:45.0575 4968        BthPan          (5904efa25f829bf84ea6fb045134a1d8) C:\Windows\system32\DRIVERS\bthpan.sys

07:56:45.0637 4968        BthPan - ok

07:56:45.0715 4968        BthPort         (611ff3f2f095c8d4a6d4cfd9dcc09793) C:\Windows\system32\Drivers\BTHport.sys

07:56:45.0793 4968        BthPort - ok

07:56:45.0856 4968        BthServ         (a4c8377fa4a994e07075107dbe2e3dce) C:\Windows\System32\bthserv.dll

07:56:45.0918 4968        BthServ - ok

07:56:45.0934 4968        BTHUSB          (d330803eab2a15caec7f011f1d4cb30e) C:\Windows\system32\Drivers\BTHUSB.sys

07:56:45.0965 4968        BTHUSB - ok

07:56:46.0027 4968        btwaudio        (636f45a8500c1438cfa7dee15fc5c184) C:\Windows\system32\drivers\btwaudio.sys

07:56:46.0121 4968        btwaudio - ok

07:56:46.0183 4968        btwavdt         (bf9256ff01b093a5d90bb7a35ec90410) C:\Windows\system32\drivers\btwavdt.sys

07:56:46.0199 4968        btwavdt - ok

07:56:46.0308 4968        BUNAgentSvc     (0569b7c9650d5caf67ffcfa8c2d75781) C:\Program Files\NewTech Infosystems\NTI Backup Now 5\Client\Agentsvc.exe

07:56:46.0324 4968        BUNAgentSvc - ok

07:56:46.0386 4968        cdfs            (7add03e75beb9e6dd102c3081d29840a) C:\Windows\system32\DRIVERS\cdfs.sys

07:56:46.0448 4968        cdfs - ok

07:56:46.0495 4968        cdrom           (6b4bffb9becd728097024276430db314) C:\Windows\system32\DRIVERS\cdrom.sys

07:56:46.0558 4968        cdrom - ok

07:56:46.0589 4968        CertPropSvc     (312ec3e37a0a1f2006534913e37b4423) C:\Windows\System32\certprop.dll

07:56:46.0651 4968        CertPropSvc - ok

07:56:46.0698 4968        circlass        (e5d4133f37219dbcfe102bc61072589d) C:\Windows\system32\DRIVERS\circlass.sys

07:56:46.0760 4968        circlass - ok

07:56:46.0823 4968        CLFS            (d7659d3b5b92c31e84e53c1431f35132) C:\Windows\system32\CLFS.sys

07:56:46.0870 4968        CLFS - ok

07:56:47.0041 4968        clr_optimization_v2.0.50727_32 (8ee772032e2fe80a924f3b8dd5082194) C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe

07:56:47.0057 4968        clr_optimization_v2.0.50727_32 - ok

07:56:47.0150 4968        clr_optimization_v4.0.30319_32 (c5a75eb48e2344abdc162bda79e16841) C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe

07:56:47.0182 4968        clr_optimization_v4.0.30319_32 - ok

07:56:47.0213 4968        CmBatt          (99afc3795b58cc478fbbbcdc658fcb56) C:\Windows\system32\DRIVERS\CmBatt.sys

07:56:47.0291 4968        CmBatt - ok

07:56:47.0322 4968        cmdide          (0ca25e686a4928484e9fdabd168ab629) C:\Windows\system32\drivers\cmdide.sys

07:56:47.0338 4968        cmdide - ok

07:56:47.0400 4968        Compbatt        (6afef0b60fa25de07c0968983ee4f60a) C:\Windows\system32\DRIVERS\compbatt.sys

07:56:47.0431 4968        Compbatt - ok

07:56:47.0431 4968        COMSysApp - ok

07:56:47.0494 4968        crcdisk         (741e9dff4f42d2d8477d0fc1dc0df871) C:\Windows\system32\drivers\crcdisk.sys

07:56:47.0509 4968        crcdisk - ok

07:56:47.0525 4968        Crusoe          (1f07becdca750766a96cda811ba86410) C:\Windows\system32\drivers\crusoe.sys

07:56:47.0603 4968        Crusoe - ok

07:56:47.0665 4968        CryptSvc        (fb27772beaf8e1d28ccd825c09da939b) C:\Windows\system32\cryptsvc.dll

07:56:47.0728 4968        CryptSvc - ok

07:56:47.0852 4968        DcomLaunch      (3b5b4d53fec14f7476ca29a20cc31ac9) C:\Windows\system32\rpcss.dll

07:56:47.0915 4968        DcomLaunch - ok

07:56:47.0946 4968        DfsC            (622c41a07ca7e6dd91770f50d532cb6c) C:\Windows\system32\Drivers\dfsc.sys

07:56:48.0008 4968        DfsC - ok

07:56:48.0274 4968        DFSR            (2cc3dcfb533a1035b13dcab6160ab38b) C:\Windows\system32\DFSR.exe

07:56:48.0430 4968        DFSR - ok

07:56:48.0664 4968        Dhcp            (9028559c132146fb75eb7acf384b086a) C:\Windows\System32\dhcpcsvc.dll

07:56:48.0742 4968        Dhcp - ok

07:56:48.0820 4968        disk            (5d4aefc3386920236a548271f8f1af6a) C:\Windows\system32\drivers\disk.sys

07:56:48.0835 4968        disk - ok

07:56:48.0866 4968        DKbFltr         (73baf270d24fe726b9cd7f80bb17a23d) C:\Windows\system32\DRIVERS\DKbFltr.sys

07:56:48.0882 4968        DKbFltr - ok

07:56:48.0960 4968        Dnscache        (57d762f6f5974af0da2be88a3349baaa) C:\Windows\System32\dnsrslvr.dll

07:56:49.0038 4968        Dnscache - ok

07:56:49.0100 4968        dot3svc         (324fd74686b1ef5e7c19a8af49e748f6) C:\Windows\System32\dot3svc.dll

07:56:49.0163 4968        dot3svc - ok

07:56:49.0194 4968        DPS             (a622e888f8aa2f6b49e9bc466f0e5def) C:\Windows\system32\dps.dll

07:56:49.0256 4968        DPS - ok

07:56:49.0319 4968        DritekPortIO    (5c918d413f5837e67a85775c9873775e) C:\PROGRA~1\LAUNCH~1\DPortIO.sys

07:56:49.0350 4968        DritekPortIO - ok

07:56:49.0381 4968        drmkaud         (97fef831ab90bee128c9af390e243f80) C:\Windows\system32\drivers\drmkaud.sys

07:56:49.0444 4968        drmkaud - ok

07:56:49.0553 4968        DXGKrnl         (c68ac676b0ef30cfbb1080adce49eb1f) C:\Windows\System32\drivers\dxgkrnl.sys

07:56:49.0600 4968        DXGKrnl - ok

07:56:49.0615 4968        E1G60           (5425f74ac0c1dbd96a1e04f17d63f94c) C:\Windows\system32\DRIVERS\E1G60I32.sys

07:56:49.0678 4968        E1G60 - ok

07:56:49.0740 4968        EapHost         (c0b95e40d85cd807d614e264248a45b9) C:\Windows\System32\eapsvc.dll

07:56:49.0802 4968        EapHost - ok

07:56:49.0880 4968        Ecache          (7f64ea048dcfac7acf8b4d7b4e6fe371) C:\Windows\system32\drivers\ecache.sys

07:56:49.0912 4968        Ecache - ok

07:56:50.0052 4968        ehRecvr         (9be3744d295a7701eb425332014f0797) C:\Windows\ehome\ehRecvr.exe

07:56:50.0130 4968        ehRecvr - ok

07:56:50.0239 4968        ehSched         (ad1870c8e5d6dd340c829e6074bf3c3f) C:\Windows\ehome\ehsched.exe

07:56:50.0286 4968        ehSched - ok

07:56:50.0302 4968        ehstart         (c27c4ee8926e74aa72efcab24c5242c3) C:\Windows\ehome\ehstart.dll

07:56:50.0333 4968        ehstart - ok

07:56:50.0411 4968        elxstor         (23b62471681a124889978f6295b3f4c6) C:\Windows\system32\drivers\elxstor.sys

07:56:50.0504 4968        elxstor - ok

07:56:50.0645 4968        EMDMgmt         (4e6b23dfc917ea39306b529b773950f4) C:\Windows\system32\emdmgmt.dll

07:56:50.0754 4968        EMDMgmt - ok

07:56:50.0785 4968        ErrDev          (3db974f3935483555d7148663f726c61) C:\Windows\system32\drivers\errdev.sys

07:56:50.0863 4968        ErrDev - ok

07:56:50.0941 4968        ETService       (58d906d84cc2e303c754ac7314595d3c) C:\Program Files\Acer\Empowering Technology\Service\ETService.exe

07:56:50.0972 4968        ETService ( UnsignedFile.Multi.Generic ) - warning

07:56:50.0972 4968        ETService - detected UnsignedFile.Multi.Generic (1)

07:56:51.0050 4968        EventSystem     (67058c46504bc12d821f38cf99b7b28f) C:\Windows\system32\es.dll

07:56:51.0113 4968        EventSystem - ok

07:56:51.0284 4968        EvtEng          (54b6e150bff4a47eb0d204119d262e46) C:\Program Files\Intel\WiFi\bin\EvtEng.exe

07:56:51.0378 4968        EvtEng ( UnsignedFile.Multi.Generic ) - warning

07:56:51.0378 4968        EvtEng - detected UnsignedFile.Multi.Generic (1)

07:56:51.0456 4968        exfat           (22b408651f9123527bcee54b4f6c5cae) C:\Windows\system32\drivers\exfat.sys

07:56:51.0550 4968        exfat - ok

07:56:51.0612 4968        FAMv4           (b557b048b17dca4d9b1bc325478dc3f7) C:\Windows\system32\DRIVERS\FAMv4.sys

07:56:51.0628 4968        FAMv4 - ok

07:56:51.0674 4968        fastfat         (1e9b9a70d332103c52995e957dc09ef8) C:\Windows\system32\drivers\fastfat.sys

07:56:51.0768 4968        fastfat - ok

07:56:51.0799 4968        fdc             (afe1e8b9782a0dd7fb46bbd88e43f89a) C:\Windows\system32\DRIVERS\fdc.sys

07:56:51.0862 4968        fdc - ok

07:56:51.0940 4968        fdPHost         (6629b5f0e98151f4afdd87567ea32ba3) C:\Windows\system32\fdPHost.dll

07:56:52.0002 4968        fdPHost - ok

07:56:52.0018 4968        FDResPub        (89ed56dce8e47af40892778a5bd31fd2) C:\Windows\system32\fdrespub.dll

07:56:52.0111 4968        FDResPub - ok

07:56:52.0189 4968        FileInfo        (a8c0139a884861e3aae9cfe73b208a9f) C:\Windows\system32\drivers\fileinfo.sys

07:56:52.0220 4968        FileInfo - ok

07:56:52.0252 4968        Filetrace       (0ae429a696aecbc5970e3cf2c62635ae) C:\Windows\system32\drivers\filetrace.sys

07:56:52.0314 4968        Filetrace - ok

07:56:52.0439 4968        FLEXnet Licensing Service (bb0667b0171b632b97ea759515476f07) C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe

07:56:52.0501 4968        FLEXnet Licensing Service - ok

07:56:52.0517 4968        flpydisk        (85b7cf99d532820495d68d747fda9ebd) C:\Windows\system32\DRIVERS\flpydisk.sys

07:56:52.0579 4968        flpydisk - ok

07:56:52.0657 4968        FltMgr          (01334f9ea68e6877c4ef05d3ea8abb05) C:\Windows\system32\drivers\fltmgr.sys

07:56:52.0688 4968        FltMgr - ok

07:56:52.0813 4968        FontCache       (8ce364388c8eca59b14b539179276d44) C:\Windows\system32\FntCache.dll

07:56:52.0891 4968        FontCache - ok

07:56:53.0000 4968        FontCache3.0.0.0 (c7fbdd1ed42f82bfa35167a5c9803ea3) C:\Windows\Microsoft.Net\Framework\v3.0\WPF\PresentationFontCache.exe

07:56:53.0032 4968        FontCache3.0.0.0 - ok

07:56:53.0375 4968        Fs_Rec          (b972a66758577e0bfd1de0f91aaa27b5) C:\Windows\system32\drivers\Fs_Rec.sys

07:56:53.0437 4968        Fs_Rec - ok

07:56:53.0468 4968        gagp30kx        (34582a6e6573d54a07ece5fe24a126b5) C:\Windows\system32\drivers\gagp30kx.sys

07:56:53.0500 4968        gagp30kx - ok

07:56:53.0546 4968        GEARAspiWDM     (8182ff89c65e4d38b2de4bb0fb18564e) C:\Windows\system32\DRIVERS\GEARAspiWDM.sys

07:56:53.0562 4968        GEARAspiWDM - ok

07:56:53.0640 4968        gpsvc           (cd5d0aeee35dfd4e986a5aa1500a6e66) C:\Windows\System32\gpsvc.dll

07:56:53.0749 4968        gpsvc - ok

07:56:53.0796 4968        HdAudAddService (cb04c744be0a61b1d648faed182c3b59) C:\Windows\system32\drivers\HdAudio.sys

07:56:53.0905 4968        HdAudAddService - ok

07:56:54.0014 4968        HDAudBus        (062452b7ffd68c8c042a6261fe8dff4a) C:\Windows\system32\DRIVERS\HDAudBus.sys

07:56:54.0108 4968        HDAudBus - ok

07:56:54.0124 4968        HidBth          (1338520e78d90154ed6be8f84de5fceb) C:\Windows\system32\drivers\hidbth.sys

07:56:54.0217 4968        HidBth - ok

07:56:54.0264 4968        HidIr           (d8df3722d5e961baa1292aa2f12827e2) C:\Windows\system32\DRIVERS\hidir.sys

07:56:54.0311 4968        HidIr - ok

07:56:54.0358 4968        hidserv         (84067081f3318162797385e11a8f0582) C:\Windows\system32\hidserv.dll

07:56:54.0404 4968        hidserv - ok

07:56:54.0451 4968        HidUsb          (cca4b519b17e23a00b826c55716809cc) C:\Windows\system32\DRIVERS\hidusb.sys

07:56:54.0482 4968        HidUsb - ok

07:56:54.0623 4968        hkmsvc          (d8ad255b37da92434c26e4876db7d418) C:\Windows\system32\kmsvc.dll

07:56:54.0685 4968        hkmsvc - ok

07:56:54.0716 4968        HpCISSs         (16ee7b23a009e00d835cdb79574a91a6) C:\Windows\system32\drivers\hpcisss.sys

07:56:54.0732 4968        HpCISSs - ok

07:56:54.0810 4968        HTTP            (f870aa3e254628ebeafe754108d664de) C:\Windows\system32\drivers\HTTP.sys

07:56:54.0888 4968        HTTP - ok

07:56:54.0904 4968        i2omp           (c6b032d69650985468160fc9937cf5b4) C:\Windows\system32\drivers\i2omp.sys

07:56:54.0935 4968        i2omp - ok

07:56:54.0982 4968        i8042prt        (22d56c8184586b7a1f6fa60be5f5a2bd) C:\Windows\system32\DRIVERS\i8042prt.sys

07:56:55.0028 4968        i8042prt - ok

07:56:55.0200 4968        IAANTMON        (72b53e9c8924949dec8f3799bcba2251) C:\Program Files\Intel\Intel Matrix Storage Manager\IAANTMon.exe

07:56:55.0231 4968        IAANTMON - ok

07:56:55.0294 4968        iaStor          (e5a0034847537eaee3c00349d5c34c5f) C:\Windows\system32\DRIVERS\iaStor.sys

07:56:55.0309 4968        iaStor - ok

07:56:55.0356 4968        iaStorV         (54155ea1b0df185878e0fc9ec3ac3a14) C:\Windows\system32\drivers\iastorv.sys

07:56:55.0418 4968        iaStorV - ok

07:56:55.0637 4968        idsvc           (98477b08e61945f974ed9fdc4cb6bdab) C:\Windows\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\infocard.exe

07:56:55.0730 4968        idsvc - ok

07:56:55.0762 4968        iirsp           (2d077bf86e843f901d8db709c95b49a5) C:\Windows\system32\drivers\iirsp.sys

07:56:55.0777 4968        iirsp - ok

07:56:55.0871 4968        IKEEXT          (9908d8a397b76cd8d31d0d383c5773c9) C:\Windows\System32\ikeext.dll

07:56:55.0964 4968        IKEEXT - ok

07:56:55.0980 4968        int15           (4d8d5b1c895ea0f2a721b98a7ce198f1) C:\Windows\system32\drivers\int15.sys

07:56:56.0011 4968        int15 ( UnsignedFile.Multi.Generic ) - warning

07:56:56.0011 4968        int15 - detected UnsignedFile.Multi.Generic (1)

07:56:56.0292 4968        IntcAzAudAddService (92bcc487f16892cda495dbd8160272d9) C:\Windows\system32\drivers\RTKVHDA.sys

07:56:56.0417 4968        IntcAzAudAddService - ok

07:56:56.0791 4968        intelide        (83aa759f3189e6370c30de5dc5590718) C:\Windows\system32\drivers\intelide.sys

07:56:56.0822 4968        intelide - ok

07:56:56.0854 4968        intelppm        (224191001e78c89dfa78924c3ea595ff) C:\Windows\system32\DRIVERS\intelppm.sys

07:56:56.0916 4968        intelppm - ok

07:56:56.0947 4968        IPBusEnum       (9ac218c6e6105477484c6fdbe7d409a4) C:\Windows\system32\ipbusenum.dll

07:56:57.0025 4968        IPBusEnum - ok

07:56:57.0041 4968        IpFilterDriver  (62c265c38769b864cb25b4bcf62df6c3) C:\Windows\system32\DRIVERS\ipfltdrv.sys

07:56:57.0166 4968        IpFilterDriver - ok

07:56:57.0212 4968        iphlpsvc        (1998bd97f950680bb55f55a7244679c2) C:\Windows\System32\iphlpsvc.dll

07:56:57.0306 4968        iphlpsvc - ok

07:56:57.0306 4968        IpInIp - ok

07:56:57.0353 4968        IPMIDRV         (b25aaf203552b7b3491139d582b39ad1) C:\Windows\system32\drivers\ipmidrv.sys

07:56:57.0400 4968        IPMIDRV - ok

07:56:57.0431 4968        IPNAT           (8793643a67b42cec66490b2a0cf92d68) C:\Windows\system32\DRIVERS\ipnat.sys

07:56:57.0509 4968        IPNAT - ok

07:56:57.0712 4968        iPod Service    (57edb35ea2feca88f8b17c0c095c9a56) C:\Program Files\iPod\bin\iPodService.exe

07:56:57.0758 4968        iPod Service - ok

07:56:57.0774 4968        IRENUM          (109c0dfb82c3632fbd11949b73aeeac9) C:\Windows\system32\drivers\irenum.sys

07:56:57.0821 4968        IRENUM - ok

07:56:57.0868 4968        isapnp          (6c70698a3e5c4376c6ab5c7c17fb0614) C:\Windows\system32\drivers\isapnp.sys

07:56:57.0883 4968        isapnp - ok

07:56:57.0977 4968        iScsiPrt        (232fa340531d940aac623b121a595034) C:\Windows\system32\DRIVERS\msiscsi.sys

07:56:58.0008 4968        iScsiPrt - ok

07:56:58.0039 4968        iteatapi        (bced60d16156e428f8df8cf27b0df150) C:\Windows\system32\drivers\iteatapi.sys

07:56:58.0055 4968        iteatapi - ok

07:56:58.0070 4968        itecir          (8bcd857c7932ad005d5f9c89329da2e1) C:\Windows\system32\DRIVERS\itecir.sys

07:56:58.0117 4968        itecir - ok

07:56:58.0133 4968        iteraid         (06fa654504a498c30adca8bec4e87e7e) C:\Windows\system32\drivers\iteraid.sys

07:56:58.0164 4968        iteraid - ok

07:56:58.0211 4968        JMCR            (8123f605779db22ffc67fa84b8381803) C:\Windows\system32\DRIVERS\jmcr.sys

07:56:58.0289 4968        JMCR - ok

07:56:58.0320 4968        kbdclass        (37605e0a8cf00cbba538e753e4344c6e) C:\Windows\system32\DRIVERS\kbdclass.sys

07:56:58.0351 4968        kbdclass - ok

07:56:58.0398 4968        kbdhid          (ede59ec70e25c24581add1fbec7325f7) C:\Windows\system32\DRIVERS\kbdhid.sys

07:56:58.0476 4968        kbdhid - ok

07:56:58.0538 4968        KeyIso          (a3e186b4b935905b829219502557314e) C:\Windows\system32\lsass.exe

07:56:58.0601 4968        KeyIso - ok

07:56:58.0663 4968        KSecDD          (2b2f1638466e8cb091400c9019cc730e) C:\Windows\system32\Drivers\ksecdd.sys

07:56:58.0710 4968        KSecDD - ok

07:56:58.0804 4968        KtmRm           (8078f8f8f7a79e2e6b494523a828c585) C:\Windows\system32\msdtckrm.dll

07:56:58.0897 4968        KtmRm - ok

07:56:58.0944 4968        L1E             (24abddeb766c8459f9d562eb083b6cb8) C:\Windows\system32\DRIVERS\L1E60x86.sys

07:56:58.0991 4968        L1E - ok

07:56:59.0053 4968        LanmanServer    (1bf5eebfd518dd7298434d8c862f825d) C:\Windows\system32\srvsvc.dll

07:56:59.0131 4968        LanmanServer - ok

07:56:59.0194 4968        LanmanWorkstation (1db69705b695b987082c8baec0c6b34f) C:\Windows\System32\wkssvc.dll

07:56:59.0272 4968        LanmanWorkstation - ok

07:56:59.0318 4968        Lavasoft Kernexplorer - ok

07:56:59.0381 4968        LightScribeService (793ff718477345cd5d232c50bed1e452) C:\Program Files\Common Files\LightScribe\LSSrvc.exe

07:56:59.0396 4968        LightScribeService ( UnsignedFile.Multi.Generic ) - warning

07:56:59.0396 4968        LightScribeService - detected UnsignedFile.Multi.Generic (1)

07:56:59.0552 4968        lltdio          (d1c5883087a0c3f1344d9d55a44901f6) C:\Windows\system32\DRIVERS\lltdio.sys

07:56:59.0615 4968        lltdio - ok

07:56:59.0646 4968        lltdsvc         (2d5a428872f1442631d0959a34abff63) C:\Windows\System32\lltdsvc.dll

07:56:59.0724 4968        lltdsvc - ok

07:56:59.0771 4968        lmhosts         (35d40113e4a5b961b6ce5c5857702518) C:\Windows\System32\lmhsvc.dll

07:56:59.0849 4968        lmhosts - ok

07:56:59.0896 4968        LSI_FC          (c7e15e82879bf3235b559563d4185365) C:\Windows\system32\drivers\lsi_fc.sys

07:56:59.0911 4968        LSI_FC - ok

07:56:59.0927 4968        LSI_SAS         (ee01ebae8c9bf0fa072e0ff68718920a) C:\Windows\system32\drivers\lsi_sas.sys

07:56:59.0958 4968        LSI_SAS - ok

07:57:00.0005 4968        LSI_SCSI        (912a04696e9ca30146a62afa1463dd5c) C:\Windows\system32\drivers\lsi_scsi.sys

07:57:00.0036 4968        LSI_SCSI - ok

07:57:00.0052 4968        luafv           (8f5c7426567798e62a3b3614965d62cc) C:\Windows\system32\drivers\luafv.sys

07:57:00.0114 4968        luafv - ok

07:57:00.0176 4968        MBAMProtector   (fb097bbc1a18f044bd17bd2fccf97865) C:\Windows\system32\drivers\mbam.sys

07:57:00.0208 4968        MBAMProtector - ok

07:57:00.0473 4968        MBAMService     (ba400ed640bca1eae5c727ae17c10207) C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe

07:57:00.0520 4968        MBAMService - ok

07:57:00.0566 4968        Mcx2Svc         (aef9babb8a506bc4ce0451a64aaded46) C:\Windows\system32\Mcx2Svc.dll

07:57:00.0598 4968        Mcx2Svc - ok

07:57:00.0629 4968        megasas         (0001ce609d66632fa17b84705f658879) C:\Windows\system32\drivers\megasas.sys

07:57:00.0660 4968        megasas - ok

07:57:00.0738 4968        MegaSR          (c252f32cd9a49dbfc25ecf26ebd51a99) C:\Windows\system32\drivers\megasr.sys

07:57:00.0785 4968        MegaSR - ok

07:57:00.0847 4968        MMCSS           (1076ffcffaae8385fd62dfcb25ac4708) C:\Windows\system32\mmcss.dll

07:57:00.0925 4968        MMCSS - ok

07:57:00.0956 4968        MobilityService - ok

07:57:00.0988 4968        Modem           (e13b5ea0f51ba5b1512ec671393d09ba) C:\Windows\system32\drivers\modem.sys

07:57:01.0050 4968        Modem - ok

07:57:01.0066 4968        monitor         (0a9bb33b56e294f686abb7c1e4e2d8a8) C:\Windows\system32\DRIVERS\monitor.sys

07:57:01.0128 4968        monitor - ok

07:57:01.0144 4968        mouclass        (5bf6a1326a335c5298477754a506d263) C:\Windows\system32\DRIVERS\mouclass.sys

07:57:01.0159 4968        mouclass - ok

07:57:01.0190 4968        mouhid          (93b8d4869e12cfbe663915502900876f) C:\Windows\system32\DRIVERS\mouhid.sys

07:57:01.0253 4968        mouhid - ok

07:57:01.0268 4968        MountMgr        (bdafc88aa6b92f7842416ea6a48e1600) C:\Windows\system32\drivers\mountmgr.sys

07:57:01.0300 4968        MountMgr - ok

07:57:01.0393 4968        MozillaMaintenance (6380ff81dd4d78b23398752d2f46ea43) C:\Program Files\Mozilla Maintenance Service\maintenanceservice.exe

07:57:01.0409 4968        MozillaMaintenance - ok

07:57:01.0471 4968        mpio            (511d011289755dd9f9a7579fb0b064e6) C:\Windows\system32\drivers\mpio.sys

07:57:01.0502 4968        mpio - ok

07:57:01.0518 4968        mpsdrv          (22241feba9b2defa669c8cb0a8dd7d2e) C:\Windows\system32\drivers\mpsdrv.sys

07:57:01.0580 4968        mpsdrv - ok

07:57:01.0705 4968        MpsSvc          (5de62c6e9108f14f6794060a9bdecaec) C:\Windows\system32\mpssvc.dll

07:57:01.0799 4968        MpsSvc - ok

07:57:01.0814 4968        Mraid35x        (4fbbb70d30fd20ec51f80061703b001e) C:\Windows\system32\drivers\mraid35x.sys

07:57:01.0846 4968        Mraid35x - ok

07:57:01.0892 4968        MRxDAV          (82cea0395524aacfeb58ba1448e8325c) C:\Windows\system32\drivers\mrxdav.sys

07:57:01.0939 4968        MRxDAV - ok

07:57:01.0970 4968        mrxsmb          (1e94971c4b446ab2290deb71d01cf0c2) C:\Windows\system32\DRIVERS\mrxsmb.sys

07:57:02.0033 4968        mrxsmb - ok

07:57:02.0095 4968        mrxsmb10        (4fccb34d793b116423209c0f8b7a3b03) C:\Windows\system32\DRIVERS\mrxsmb10.sys

07:57:02.0158 4968        mrxsmb10 - ok

07:57:02.0173 4968        mrxsmb20        (c3cb1b40ad4a0124d617a1199b0b9d7c) C:\Windows\system32\DRIVERS\mrxsmb20.sys

07:57:02.0204 4968        mrxsmb20 - ok

07:57:02.0236 4968        msahci          (28023e86f17001f7cd9b15a5bc9ae07d) C:\Windows\system32\drivers\msahci.sys

07:57:02.0251 4968        msahci - ok

07:57:02.0282 4968        msdsm           (4468b0f385a86ecddaf8d3ca662ec0e7) C:\Windows\system32\drivers\msdsm.sys

07:57:02.0314 4968        msdsm - ok

07:57:02.0360 4968        MSDTC           (fd7520cc3a80c5fc8c48852bb24c6ded) C:\Windows\System32\msdtc.exe

07:57:02.0438 4968        MSDTC - ok

07:57:02.0470 4968        Msfs            (a9927f4a46b816c92f461acb90cf8515) C:\Windows\system32\drivers\Msfs.sys

07:57:02.0532 4968        Msfs - ok

07:57:02.0579 4968        msisadrv        (0f400e306f385c56317357d6dea56f62) C:\Windows\system32\drivers\msisadrv.sys

07:57:02.0610 4968        msisadrv - ok

07:57:02.0657 4968        MSiSCSI         (85466c0757a23d9a9aecdc0755203cb2) C:\Windows\system32\iscsiexe.dll

07:57:02.0719 4968        MSiSCSI - ok

07:57:02.0735 4968        msiserver - ok

07:57:02.0766 4968        MSKSSRV         (d8c63d34d9c9e56c059e24ec7185cc07) C:\Windows\system32\drivers\MSKSSRV.sys

07:57:02.0828 4968        MSKSSRV - ok

07:57:02.0860 4968        MSPCLOCK        (1d373c90d62ddb641d50e55b9e78d65e) C:\Windows\system32\drivers\MSPCLOCK.sys

07:57:02.0922 4968        MSPCLOCK - ok

07:57:02.0938 4968        MSPQM           (b572da05bf4e098d4bba3a4734fb505b) C:\Windows\system32\drivers\MSPQM.sys

07:57:02.0984 4968        MSPQM - ok

07:57:03.0047 4968        MsRPC           (b49456d70555de905c311bcda6ec6adb) C:\Windows\system32\drivers\MsRPC.sys

07:57:03.0078 4968        MsRPC - ok

07:57:03.0094 4968        mssmbios        (e384487cb84be41d09711c30ca79646c) C:\Windows\system32\DRIVERS\mssmbios.sys

07:57:03.0125 4968        mssmbios - ok

07:57:03.0172 4968        MSTEE           (7199c1eec1e4993caf96b8c0a26bd58a) C:\Windows\system32\drivers\MSTEE.sys

07:57:03.0218 4968        MSTEE - ok

07:57:03.0296 4968        Mup             (6a57b5733d4cb702c8ea4542e836b96c) C:\Windows\system32\Drivers\mup.sys

07:57:03.0328 4968        Mup - ok

07:57:03.0437 4968        napagent        (e4eaf0c5c1b41b5c83386cf212ca9584) C:\Windows\system32\qagentRT.dll

07:57:03.0530 4968        napagent - ok

07:57:03.0608 4968        NativeWifiP     (85c44fdff9cf7e72a40dcb7ec06a4416) C:\Windows\system32\DRIVERS\nwifi.sys

07:57:03.0655 4968        NativeWifiP - ok

07:57:03.0749 4968        NDIS            (1357274d1883f68300aeadd15d7bbb42) C:\Windows\system32\drivers\ndis.sys

07:57:03.0811 4968        NDIS - ok

07:57:03.0827 4968        NdisTapi        (0e186e90404980569fb449ba7519ae61) C:\Windows\system32\DRIVERS\ndistapi.sys

07:57:03.0889 4968        NdisTapi - ok

07:57:03.0967 4968        Ndisuio         (d6973aa34c4d5d76c0430b181c3cd389) C:\Windows\system32\DRIVERS\ndisuio.sys

07:57:04.0014 4968        Ndisuio - ok

07:57:04.0092 4968        NdisWan         (818f648618ae34f729fdb47ec68345c3) C:\Windows\system32\DRIVERS\ndiswan.sys

07:57:04.0154 4968        NdisWan - ok

07:57:04.0170 4968        NDProxy         (71dab552b41936358f3b541ae5997fb3) C:\Windows\system32\drivers\NDProxy.sys

07:57:04.0217 4968        NDProxy - ok

07:57:04.0217 4968        NetBIOS         (bcd093a5a6777cf626434568dc7dba78) C:\Windows\system32\DRIVERS\netbios.sys

07:57:04.0277 4968        NetBIOS - ok

07:57:04.0339 4968        netbt           (ecd64230a59cbd93c85f1cd1cab9f3f6) C:\Windows\system32\DRIVERS\netbt.sys

07:57:04.0401 4968        netbt - ok

07:57:04.0433 4968        Netlogon        (a3e186b4b935905b829219502557314e) C:\Windows\system32\lsass.exe

07:57:04.0464 4968        Netlogon - ok

07:57:04.0511 4968        Netman          (c8052711daecc48b982434c5116ca401) C:\Windows\System32\netman.dll

07:57:04.0589 4968        Netman - ok

07:57:04.0635 4968        netprofm        (2ef3bbe22e5a5acd1428ee387a0d0172) C:\Windows\System32\netprofm.dll

07:57:04.0713 4968        netprofm - ok

07:57:04.0885 4968        NetTcpPortSharing (d6c4e4a39a36029ac0813d476fbd0248) C:\Windows\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\SMSvcHost.exe

07:57:04.0916 4968        NetTcpPortSharing - ok

07:57:05.0213 4968        NETw4v32        (caaea35dae7f4c19db05481dac22c2ba) C:\Windows\system32\DRIVERS\NETw4v32.sys

07:57:05.0353 4968        NETw4v32 - ok

07:57:05.0946 4968        NETw5v32        (8de67bd902095a13329fd82c85a1fa09) C:\Windows\system32\DRIVERS\NETw5v32.sys

07:57:06.0258 4968        NETw5v32 - ok

07:57:06.0539 4968        nfrd960         (2e7fb731d4790a1bc6270accefacb36e) C:\Windows\system32\drivers\nfrd960.sys

07:57:06.0570 4968        nfrd960 - ok

07:57:06.0601 4968        NlaSvc          (2997b15415f9bbe05b5a4c1c85e0c6a2) C:\Windows\System32\nlasvc.dll

07:57:06.0695 4968        NlaSvc - ok

07:57:06.0882 4968        NMIndexingService (62f68443d244024845b875b44d76a92f) C:\Program Files\Common Files\Nero\Lib\NMIndexingService.exe

07:57:06.0913 4968        NMIndexingService - ok

07:57:07.0007 4968        nmwcd           (f6c40e0a565ee3ce5aeeb325e10054f2) C:\Windows\system32\drivers\ccdcmb.sys

07:57:07.0100 4968        nmwcd - ok

07:57:07.0147 4968        nmwcdc          (2a394e9e1fa3565e4b2fea470ffe4d6b) C:\Windows\system32\drivers\ccdcmbo.sys

07:57:07.0241 4968        nmwcdc - ok

07:57:07.0303 4968        nmwcdnsu        (99b224f8026cb534724aa3c408561e45) C:\Windows\system32\drivers\nmwcdnsu.sys

07:57:07.0365 4968        nmwcdnsu - ok

07:57:07.0412 4968        nmwcdnsuc       (d23257682d349a5e2e4507ed33decc16) C:\Windows\system32\drivers\nmwcdnsuc.sys

07:57:07.0490 4968        nmwcdnsuc - ok

07:57:07.0646 4968        Npfs            (d36f239d7cce1931598e8fb90a0dbc26) C:\Windows\system32\drivers\Npfs.sys

07:57:07.0709 4968        Npfs - ok

07:57:07.0740 4968        nsi             (8bb86f0c7eea2bded6fe095d0b4ca9bd) C:\Windows\system32\nsisvc.dll

07:57:07.0818 4968        nsi - ok

07:57:07.0833 4968        nsiproxy        (609773e344a97410ce4ebf74a8914fcf) C:\Windows\system32\drivers\nsiproxy.sys

07:57:07.0911 4968        nsiproxy - ok

07:57:08.0067 4968        Ntfs            (6a4a98cee84cf9e99564510dda4baa47) C:\Windows\system32\drivers\Ntfs.sys

07:57:08.0177 4968        Ntfs - ok

07:57:08.0317 4968        NTIBackupSvc    (0e0e12fff7292141db6865efd8590f5d) C:\Program Files\NewTech Infosystems\NTI Backup Now 5\BackupSvc.exe

07:57:08.0348 4968        NTIBackupSvc - ok

07:57:08.0863 4968        NTIDrvr         (13e6d89060a3006f8b3acbe49110635e) C:\Windows\system32\Drivers\NTIDrvr.sys

07:57:08.0879 4968        NTIDrvr - ok

07:57:08.0910 4968        NTISchedulerSvc (b8cb534f8900e03dcd8965df78ade3c0) C:\Program Files\NewTech Infosystems\NTI Backup Now 5\SchedulerSvc.exe

07:57:08.0941 4968        NTISchedulerSvc - ok

07:57:08.0972 4968        ntrigdigi       (e875c093aec0c978a90f30c9e0dfbb72) C:\Windows\system32\drivers\ntrigdigi.sys

07:57:09.0066 4968        ntrigdigi - ok

07:57:09.0097 4968        Null            (c5dbbcda07d780bda9b685df333bb41e) C:\Windows\system32\drivers\Null.sys

07:57:09.0144 4968        Null - ok

07:57:10.0142 4968        nvlddmkm        (87a335a444551a432226720d18337ad9) C:\Windows\system32\DRIVERS\nvlddmkm.sys

07:57:10.0657 4968        nvlddmkm - ok

07:57:10.0969 4968        nvraid          (2edf9e7751554b42cbb60116de727101) C:\Windows\system32\drivers\nvraid.sys

07:57:11.0000 4968        nvraid - ok

07:57:11.0031 4968        nvstor          (abed0c09758d1d97db0042dbb2688177) C:\Windows\system32\drivers\nvstor.sys

07:57:11.0063 4968        nvstor - ok

07:57:11.0078 4968        nvsvc           (03bd4f5759e6630d521be0e123060a9b) C:\Windows\system32\nvvsvc.exe

07:57:11.0125 4968        nvsvc - ok

07:57:11.0141 4968        nv_agp          (18bbdf913916b71bd54575bdb6eeac0b) C:\Windows\system32\drivers\nv_agp.sys

07:57:11.0172 4968        nv_agp - ok

07:57:11.0172 4968        NwlnkFlt - ok

07:57:11.0187 4968        NwlnkFwd - ok

07:57:11.0234 4968        ohci1394        (be32da025a0be1878f0ee8d6d9386cd5) C:\Windows\system32\drivers\ohci1394.sys

07:57:11.0312 4968        ohci1394 - ok

07:57:11.0437 4968        p2pimsvc        (0c8e8e61ad1eb0b250b846712c917506) C:\Windows\system32\p2psvc.dll

07:57:11.0640 4968        p2pimsvc - ok

07:57:11.0655 4968        p2psvc          (0c8e8e61ad1eb0b250b846712c917506) C:\Windows\system32\p2psvc.dll

07:57:11.0702 4968        p2psvc - ok

07:57:11.0780 4968        Parport         (0fa9b5055484649d63c303fe404e5f4d) C:\Windows\system32\drivers\parport.sys

07:57:11.0874 4968        Parport - ok

07:57:11.0967 4968        partmgr         (b9c2b89f08670e159f7181891e449cd9) C:\Windows\system32\drivers\partmgr.sys

07:57:11.0999 4968        partmgr - ok

07:57:12.0030 4968        Parvdm          (4f9a6a8a31413180d0fcb279ad5d8112) C:\Windows\system32\drivers\parvdm.sys

07:57:12.0123 4968        Parvdm - ok

07:57:12.0139 4968        PcaSvc          (c6276ad11f4bb49b58aa1ed88537f14a) C:\Windows\System32\pcasvc.dll

07:57:12.0201 4968        PcaSvc - ok

07:57:12.0264 4968        pccsmcfd        (fd2041e9ba03db7764b2248f02475079) C:\Windows\system32\DRIVERS\pccsmcfd.sys

07:57:12.0326 4968        pccsmcfd - ok

07:57:12.0389 4968        pci             (941dc1d19e7e8620f40bbc206981efdb) C:\Windows\system32\drivers\pci.sys

07:57:12.0420 4968        pci - ok

07:57:12.0467 4968        pciide          (fc175f5ddab666d7f4d17449a547626f) C:\Windows\system32\drivers\pciide.sys

07:57:12.0482 4968        pciide - ok

07:57:12.0529 4968        pcmcia          (e6f3fb1b86aa519e7698ad05e58b04e5) C:\Windows\system32\drivers\pcmcia.sys

07:57:12.0545 4968        pcmcia - ok

07:57:12.0654 4968        PEAUTH          (6349f6ed9c623b44b52ea3c63c831a92) C:\Windows\system32\drivers\peauth.sys

07:57:12.0779 4968        PEAUTH - ok

07:57:12.0966 4968        pla             (b1689df169143f57053f795390c99db3) C:\Windows\system32\pla.dll

07:57:13.0091 4968        pla - ok

07:57:13.0512 4968        PlugPlay        (c5e7f8a996ec0a82d508fd9064a5569e) C:\Windows\system32\umpnpmgr.dll

07:57:13.0605 4968        PlugPlay - ok

07:57:13.0839 4968        PMBDeviceInfoProvider (ae6c778717de2f6b0c0b5335036d3363) C:\Program Files\Sony\PMB\PMBDeviceInfoProvider.exe

07:57:13.0886 4968        PMBDeviceInfoProvider - ok

07:57:13.0995 4968        PNRPAutoReg     (0c8e8e61ad1eb0b250b846712c917506) C:\Windows\system32\p2psvc.dll

07:57:14.0042 4968        PNRPAutoReg - ok

07:57:14.0058 4968        PNRPsvc         (0c8e8e61ad1eb0b250b846712c917506) C:\Windows\system32\p2psvc.dll

07:57:14.0105 4968        PNRPsvc - ok

07:57:14.0198 4968        PolicyAgent     (d0494460421a03cd5225cca0059aa146) C:\Windows\System32\ipsecsvc.dll

07:57:14.0276 4968        PolicyAgent - ok

07:57:14.0354 4968        PptpMiniport    (ecfffaec0c1ecd8dbc77f39070ea1db1) C:\Windows\system32\DRIVERS\raspptp.sys

07:57:14.0432 4968        PptpMiniport - ok

07:57:14.0463 4968        Processor       (2027293619dd0f047c584cf2e7df4ffd) C:\Windows\system32\drivers\processr.sys

07:57:14.0510 4968        Processor - ok

07:57:14.0557 4968        ProfSvc         (0508faa222d28835310b7bfca7a77346) C:\Windows\system32\profsvc.dll

07:57:14.0822 4968        ProfSvc - ok

07:57:14.0869 4968        ProtectedStorage (a3e186b4b935905b829219502557314e) C:\Windows\system32\lsass.exe

07:57:14.0900 4968        ProtectedStorage - ok

07:57:15.0306 4968        PSched          (99514faa8df93d34b5589187db3aa0ba) C:\Windows\system32\DRIVERS\pacer.sys

07:57:15.0353 4968        PSched - ok

07:57:15.0524 4968        ql2300          (0a6db55afb7820c99aa1f3a1d270f4f6) C:\Windows\system32\drivers\ql2300.sys

07:57:15.0618 4968        ql2300 - ok

07:57:15.0649 4968        ql40xx          (81a7e5c076e59995d54bc1ed3a16e60b) C:\Windows\system32\drivers\ql40xx.sys

07:57:15.0680 4968        ql40xx - ok

07:57:15.0774 4968        QWAVE           (e9ecae663f47e6cb43962d18ab18890f) C:\Windows\system32\qwave.dll

07:57:15.0836 4968        QWAVE - ok

07:57:15.0867 4968        QWAVEdrv        (9f5e0e1926014d17486901c88eca2db7) C:\Windows\system32\drivers\qwavedrv.sys

07:57:15.0883 4968        QWAVEdrv - ok

07:57:15.0930 4968        RasAcd          (147d7f9c556d259924351feb0de606c3) C:\Windows\system32\DRIVERS\rasacd.sys

07:57:15.0992 4968        RasAcd - ok

07:57:16.0008 4968        RasAuto         (f6a452eb4ceadbb51c9e0ee6b3ecef0f) C:\Windows\System32\rasauto.dll

07:57:16.0101 4968        RasAuto - ok

07:57:16.0101 4968        Rasl2tp         (a214adbaf4cb47dd2728859ef31f26b0) C:\Windows\system32\DRIVERS\rasl2tp.sys

07:57:16.0164 4968        Rasl2tp - ok

07:57:16.0226 4968        RasMan          (75d47445d70ca6f9f894b032fbc64fcf) C:\Windows\System32\rasmans.dll

07:57:16.0289 4968        RasMan - ok

07:57:16.0398 4968        RasPppoe        (509a98dd18af4375e1fc40bc175f1def) C:\Windows\system32\DRIVERS\raspppoe.sys

07:57:16.0507 4968        RasPppoe - ok

07:57:16.0554 4968        RasSstp         (2005f4a1e05fa09389ac85840f0a9e4d) C:\Windows\system32\DRIVERS\rassstp.sys

07:57:16.0585 4968        RasSstp - ok

07:57:16.0663 4968        rdbss           (b14c9d5b9add2f84f70570bbbfaa7935) C:\Windows\system32\DRIVERS\rdbss.sys

07:57:16.0725 4968        rdbss - ok

07:57:16.0757 4968        RDPCDD          (89e59be9a564262a3fb6c4f4f1cd9899) C:\Windows\system32\DRIVERS\RDPCDD.sys

07:57:16.0819 4968        RDPCDD - ok

07:57:16.0866 4968        rdpdr           (fbc0bacd9c3d7f6956853f64a66e252d) C:\Windows\system32\drivers\rdpdr.sys

07:57:16.0913 4968        rdpdr - ok

07:57:16.0928 4968        RDPENCDD        (9d91fe5286f748862ecffa05f8a0710c) C:\Windows\system32\drivers\rdpencdd.sys

07:57:17.0006 4968        RDPENCDD - ok

07:57:17.0053 4968        RDPWD           (79c6df8477250f5c54f7c5ae1d6b814e) C:\Windows\system32\drivers\RDPWD.sys

07:57:17.0162 4968        RDPWD - ok

07:57:17.0349 4968        RegSrvc         (3ff45b7f17d5837216abae652cc61540) C:\Program Files\Common Files\Intel\WirelessCommon\RegSrvc.exe

07:57:17.0396 4968        RegSrvc ( UnsignedFile.Multi.Generic ) - warning

07:57:17.0396 4968        RegSrvc - detected UnsignedFile.Multi.Generic (1)

07:57:17.0443 4968        RemoteAccess    (bcdd6b4804d06b1f7ebf29e53a57ece9) C:\Windows\System32\mprdim.dll

07:57:17.0505 4968        RemoteAccess - ok

07:57:17.0552 4968        RemoteRegistry  (9e6894ea18daff37b63e1005f83ae4ab) C:\Windows\system32\regsvc.dll

07:57:17.0599 4968        RemoteRegistry - ok

07:57:17.0677 4968        RFCOMM          (6482707f9f4da0ecbab43b2e0398a101) C:\Windows\system32\DRIVERS\rfcomm.sys

07:57:17.0724 4968        RFCOMM - ok

07:57:17.0755 4968        RpcLocator      (5123f83cbc4349d065534eeb6bbdc42b) C:\Windows\system32\locator.exe

07:57:17.0802 4968        RpcLocator - ok

07:57:17.0942 4968        RpcSs           (3b5b4d53fec14f7476ca29a20cc31ac9) C:\Windows\system32\rpcss.dll

07:57:18.0005 4968        RpcSs - ok

07:57:18.0036 4968        rspndr          (9c508f4074a39e8b4b31d27198146fad) C:\Windows\system32\DRIVERS\rspndr.sys

07:57:18.0114 4968        rspndr - ok

07:57:18.0270 4968        RS_Service      (73835c4f79adc404ef39c8a9e2d4183b) C:\Program Files\Acer\Acer VCM\RS_Service.exe

07:57:18.0301 4968        RS_Service ( UnsignedFile.Multi.Generic ) - warning

07:57:18.0301 4968        RS_Service - detected UnsignedFile.Multi.Generic (1)

07:57:18.0332 4968        SamSs           (a3e186b4b935905b829219502557314e) C:\Windows\system32\lsass.exe

07:57:18.0363 4968        SamSs - ok

07:57:18.0426 4968        sbp2port        (3ce8f073a557e172b330109436984e30) C:\Windows\system32\drivers\sbp2port.sys

07:57:18.0457 4968        sbp2port - ok

07:57:18.0582 4968        SCardSvr        (77b7a11a0c3d78d3386398fbbea1b632) C:\Windows\System32\SCardSvr.dll

07:57:18.0644 4968        SCardSvr - ok

07:57:18.0753 4968        Schedule        (1a58069db21d05eb2ab58ee5753ebe8d) C:\Windows\system32\schedsvc.dll

07:57:18.0816 4968        Schedule - ok

07:57:18.0925 4968        SCPolicySvc     (312ec3e37a0a1f2006534913e37b4423) C:\Windows\System32\certprop.dll

07:57:18.0987 4968        SCPolicySvc - ok

07:57:19.0019 4968        SDRSVC          (716313d9f6b0529d03f726d5aaf6f191) C:\Windows\System32\SDRSVC.dll

07:57:19.0065 4968        SDRSVC - ok

07:57:19.0112 4968        secdrv          (90a3935d05b494a5a39d37e71f09a677) C:\Windows\system32\drivers\secdrv.sys

07:57:19.0206 4968        secdrv - ok

07:57:19.0221 4968        seclogon        (fd5199d4d8a521005e4b5ee7fe00fa9b) C:\Windows\system32\seclogon.dll

07:57:19.0284 4968        seclogon - ok

07:57:19.0299 4968        SENS            (a9bbab5759771e523f55563d6cbe140f) C:\Windows\System32\sens.dll

07:57:19.0377 4968        SENS - ok

07:57:19.0409 4968        Serenum         (68e44e331d46f0fb38f0863a84cd1a31) C:\Windows\system32\drivers\serenum.sys

07:57:19.0502 4968        Serenum - ok

07:57:19.0519 4968        Serial          (c70d69a918b178d3c3b06339b40c2e1b) C:\Windows\system32\drivers\serial.sys

07:57:19.0612 4968        Serial - ok

07:57:19.0644 4968        sermouse        (8af3d28a879bf75db53a0ee7a4289624) C:\Windows\system32\drivers\sermouse.sys

07:57:19.0690 4968        sermouse - ok

07:57:19.0846 4968        ServiceLayer    (f31e9531af225ca25350d5e87e999b31) C:\Program Files\PC Connectivity Solution\ServiceLayer.exe

07:57:19.0893 4968        ServiceLayer - ok

07:57:19.0940 4968        SessionEnv      (d2193326f729b163125610dbf3e17d57) C:\Windows\system32\sessenv.dll

07:57:20.0002 4968        SessionEnv - ok

07:57:20.0034 4968        sffdisk         (3efa810bdca87f6ecc24f9832243fe86) C:\Windows\system32\drivers\sffdisk.sys

07:57:20.0080 4968        sffdisk - ok

07:57:20.0096 4968        sffp_mmc        (e95d451f7ea3e583aec75f3b3ee42dc5) C:\Windows\system32\drivers\sffp_mmc.sys

07:57:20.0158 4968        sffp_mmc - ok

07:57:20.0205 4968        sffp_sd         (3d0ea348784b7ac9ea9bd9f317980979) C:\Windows\system32\drivers\sffp_sd.sys

07:57:20.0268 4968        sffp_sd - ok

07:57:20.0268 4968        sfloppy         (46ed8e91793b2e6f848015445a0ac188) C:\Windows\system32\drivers\sfloppy.sys

07:57:20.0361 4968        sfloppy - ok

07:57:20.0486 4968        SharedAccess    (e1499bd0ff76b1b2fbbf1af339d91165) C:\Windows\System32\ipnathlp.dll

07:57:20.0565 4968        SharedAccess - ok

07:57:20.0674 4968        ShellHWDetection (c7230fbee14437716701c15be02c27b8) C:\Windows\System32\shsvcs.dll

07:57:20.0861 4968        ShellHWDetection - ok

07:57:20.0924 4968        sisagp          (1d76624a09a054f682d746b924e2dbc3) C:\Windows\system32\drivers\sisagp.sys

07:57:20.0955 4968        sisagp - ok

07:57:20.0986 4968        SiSRaid2        (43cb7aa756c7db280d01da9b676cfde2) C:\Windows\system32\drivers\sisraid2.sys

07:57:21.0017 4968        SiSRaid2 - ok

07:57:21.0033 4968        SiSRaid4        (a99c6c8b0baa970d8aa59ddc50b57f94) C:\Windows\system32\drivers\sisraid4.sys

07:57:21.0064 4968        SiSRaid4 - ok

07:57:21.0563 4968        slsvc           (862bb4cbc05d80c5b45be430e5ef872f) C:\Windows\system32\SLsvc.exe

07:57:21.0813 4968        slsvc - ok

07:57:22.0047 4968        SLUINotify      (6edc422215cd78aa8a9cde6b30abbd35) C:\Windows\system32\SLUINotify.dll

07:57:22.0141 4968        SLUINotify - ok

07:57:22.0187 4968        Smb             (7b75299a4d201d6a6533603d6914ab04) C:\Windows\system32\DRIVERS\smb.sys

07:57:22.0250 4968        Smb - ok

07:57:22.0312 4968        SNMPTRAP        (2a146a055b4401c16ee62d18b8e2a032) C:\Windows\System32\snmptrap.exe

07:57:22.0375 4968        SNMPTRAP - ok

07:57:22.0406 4968        spldr           (7aebdeef071fe28b0eef2cdd69102bff) C:\Windows\system32\drivers\spldr.sys

07:57:22.0437 4968        spldr - ok

07:57:22.0468 4968        Spooler         (8554097e5136c3bf9f69fe578a1b35f4) C:\Windows\System32\spoolsv.exe

07:57:22.0531 4968        Spooler - ok

07:57:22.0609 4968        srv             (41987f9fc0e61adf54f581e15029ad91) C:\Windows\system32\DRIVERS\srv.sys

07:57:22.0687 4968        srv - ok

07:57:22.0733 4968        srv2            (ff33aff99564b1aa534f58868cbe41ef) C:\Windows\system32\DRIVERS\srv2.sys

07:57:22.0796 4968        srv2 - ok

07:57:22.0843 4968        srvnet          (7605c0e1d01a08f3ecd743f38b834a44) C:\Windows\system32\DRIVERS\srvnet.sys

07:57:22.0874 4968        srvnet - ok

07:57:22.0921 4968        SSDPSRV         (03d50b37234967433a5ea5ba72bc0b62) C:\Windows\System32\ssdpsrv.dll

07:57:22.0967 4968        SSDPSRV - ok

07:57:23.0030 4968        SstpSvc         (6f1a32e7b7b30f004d9a20afadb14944) C:\Windows\system32\sstpsvc.dll

07:57:23.0061 4968        SstpSvc - ok

07:57:23.0139 4968        stisvc          (5de7d67e49b88f5f07f3e53c4b92a352) C:\Windows\System32\wiaservc.dll

07:57:23.0201 4968        stisvc - ok

07:57:23.0233 4968        swenum          (7ba58ecf0c0a9a69d44b3dca62becf56) C:\Windows\system32\DRIVERS\swenum.sys

07:57:23.0248 4968        swenum - ok

07:57:23.0342 4968        swprv           (f21fd248040681cca1fb6c9a03aaa93d) C:\Windows\System32\swprv.dll

07:57:23.0420 4968        swprv - ok

07:57:23.0482 4968        Symc8xx         (192aa3ac01df071b541094f251deed10) C:\Windows\system32\drivers\symc8xx.sys

07:57:23.0498 4968        Symc8xx - ok

07:57:23.0529 4968        Sym_hi          (8c8eb8c76736ebaf3b13b633b2e64125) C:\Windows\system32\drivers\sym_hi.sys

07:57:23.0545 4968        Sym_hi - ok

07:57:23.0560 4968        Sym_u3          (8072af52b5fd103bbba387a1e49f62cb) C:\Windows\system32\drivers\sym_u3.sys

07:57:23.0576 4968        Sym_u3 - ok

07:57:23.0638 4968        SynTP           (bf7aa84d5af0faa0978c840e63b17dbf) C:\Windows\system32\DRIVERS\SynTP.sys

07:57:23.0654 4968        SynTP - ok

07:57:23.0747 4968        SysMain         (9a51b04e9886aa4ee90093586b0ba88d) C:\Windows\system32\sysmain.dll

07:57:23.0825 4968        SysMain - ok

07:57:23.0872 4968        TabletInputService (2dca225eae15f42c0933e998ee0231c3) C:\Windows\System32\TabSvc.dll

07:57:23.0919 4968        TabletInputService - ok

07:57:23.0981 4968        TapiSrv         (d7673e4b38ce21ee54c59eeeb65e2483) C:\Windows\System32\tapisrv.dll

07:57:24.0044 4968        TapiSrv - ok

07:57:24.0059 4968        TBS             (cb05822cd9cc6c688168e113c603dbe7) C:\Windows\System32\tbssvc.dll

07:57:24.0122 4968        TBS - ok

07:57:24.0278 4968        Tcpip           (27d470dabc77bc60d0a3b0e4deb6cb91) C:\Windows\system32\drivers\tcpip.sys

07:57:24.0356 4968        Tcpip - ok

07:57:24.0371 4968        Tcpip6          (27d470dabc77bc60d0a3b0e4deb6cb91) C:\Windows\system32\DRIVERS\tcpip.sys

07:57:24.0449 4968        Tcpip6 - ok

07:57:24.0512 4968        tcpipreg        (608c345a255d82a6289c2d468eb41fd7) C:\Windows\system32\drivers\tcpipreg.sys

07:57:24.0559 4968        tcpipreg - ok

07:57:24.0590 4968        TDPIPE          (5dcf5e267be67a1ae926f2df77fbcc56) C:\Windows\system32\drivers\tdpipe.sys

07:57:24.0637 4968        TDPIPE - ok

07:57:24.0668 4968        TDTCP           (389c63e32b3cefed425b61ed92d3f021) C:\Windows\system32\drivers\tdtcp.sys

07:57:24.0715 4968        TDTCP - ok

07:57:24.0761 4968        tdx             (76b06eb8a01fc8624d699e7045303e54) C:\Windows\system32\DRIVERS\tdx.sys

07:57:24.0824 4968        tdx - ok

07:57:24.0871 4968        TermDD          (3cad38910468eab9a6479e2f01db43c7) C:\Windows\system32\DRIVERS\termdd.sys

07:57:24.0886 4968        TermDD - ok

07:57:25.0042 4968        TermService     (bb95da09bef6e7a131bff3ba5032090d) C:\Windows\System32\termsrv.dll

07:57:25.0136 4968        TermService - ok

07:57:25.0229 4968        Themes          (c7230fbee14437716701c15be02c27b8) C:\Windows\system32\shsvcs.dll

07:57:25.0261 4968        Themes - ok

07:57:25.0292 4968        THREADORDER     (1076ffcffaae8385fd62dfcb25ac4708) C:\Windows\system32\mmcss.dll

07:57:25.0354 4968        THREADORDER - ok

07:57:25.0401 4968        TrkWks          (ec74e77d0eb004bd3a809b5f8fb8c2ce) C:\Windows\System32\trkwks.dll

07:57:25.0448 4968        TrkWks - ok

07:57:25.0713 4968        TrustedInstaller (97d9d6a04e3ad9b6c626b9931db78dba) C:\Windows\servicing\TrustedInstaller.exe

07:57:25.0744 4968        TrustedInstaller - ok

07:57:25.0807 4968        tssecsrv        (dcf0f056a2e4f52287264f5ab29cf206) C:\Windows\system32\DRIVERS\tssecsrv.sys

07:57:25.0900 4968        tssecsrv - ok

07:57:25.0931 4968        tunmp           (caecc0120ac49e3d2f758b9169872d38) C:\Windows\system32\DRIVERS\tunmp.sys

07:57:25.0978 4968        tunmp - ok

07:57:26.0009 4968        tunnel          (300db877ac094feab0be7688c3454a9c) C:\Windows\system32\DRIVERS\tunnel.sys

07:57:26.0041 4968        tunnel - ok

07:57:26.0056 4968        uagp35          (7d33c4db2ce363c8518d2dfcf533941f) C:\Windows\system32\drivers\uagp35.sys

07:57:26.0087 4968        uagp35 - ok

07:57:26.0228 4968        udfs            (d9728af68c4c7693cb100b8441cbdec6) C:\Windows\system32\DRIVERS\udfs.sys

07:57:26.0290 4968        udfs - ok

07:57:26.0337 4968        UI0Detect       (ecef404f62863755951e09c802c94ad5) C:\Windows\system32\UI0Detect.exe

07:57:26.0399 4968        UI0Detect - ok

07:57:26.0415 4968        uliagpkx        (b0acfdc9e4af279e9116c03e014b2b27) C:\Windows\system32\drivers\uliagpkx.sys

07:57:26.0446 4968        uliagpkx - ok

07:57:26.0477 4968        uliahci         (9224bb254f591de4ca8d572a5f0d635c) C:\Windows\system32\drivers\uliahci.sys

07:57:26.0524 4968        uliahci - ok

07:57:26.0555 4968        UlSata          (8514d0e5cd0534467c5fc61be94a569f) C:\Windows\system32\drivers\ulsata.sys

07:57:26.0571 4968        UlSata - ok

07:57:26.0602 4968        ulsata2         (38c3c6e62b157a6bc46594fada45c62b) C:\Windows\system32\drivers\ulsata2.sys

07:57:26.0618 4968        ulsata2 - ok

07:57:26.0649 4968        umbus           (32cff9f809ae9aed85464492bf3e32d2) C:\Windows\system32\DRIVERS\umbus.sys

07:57:26.0711 4968        umbus - ok

07:57:26.0743 4968        upnphost        (68308183f4ae0be7bf8ecd07cb297999) C:\Windows\System32\upnphost.dll

07:57:26.0821 4968        upnphost - ok

07:57:26.0883 4968        upperdev        (47f5f9d837d80ffd5882a14db9da0a67) C:\Windows\system32\DRIVERS\usbser_lowerflt.sys

07:57:26.0961 4968        upperdev - ok

07:57:27.0023 4968        USBAAPL         (eafe1e00739afe6c51487a050e772e17) C:\Windows\system32\Drivers\usbaapl.sys

07:57:27.0070 4968        USBAAPL - ok

07:57:27.0117 4968        usbaudio        (32db9517628ff0d070682aab61e688f0) C:\Windows\system32\drivers\usbaudio.sys

07:57:27.0179 4968        usbaudio - ok

07:57:27.0211 4968        usbccgp         (caf811ae4c147ffcd5b51750c7f09142) C:\Windows\system32\DRIVERS\usbccgp.sys

07:57:27.0273 4968        usbccgp - ok

07:57:27.0304 4968        usbcir          (e9476e6c486e76bc4898074768fb7131) C:\Windows\system32\drivers\usbcir.sys

07:57:27.0413 4968        usbcir - ok

07:57:27.0445 4968        usbehci         (79e96c23a97ce7b8f14d310da2db0c9b) C:\Windows\system32\DRIVERS\usbehci.sys

07:57:27.0491 4968        usbehci - ok

07:57:27.0554 4968        usbhub          (4673bbcb006af60e7abddbe7a130ba42) C:\Windows\system32\DRIVERS\usbhub.sys

07:57:27.0601 4968        usbhub - ok

07:57:27.0616 4968        usbohci         (38dbc7dd6cc5a72011f187425384388b) C:\Windows\system32\drivers\usbohci.sys

07:57:27.0710 4968        usbohci - ok

07:57:27.0772 4968        usbprint        (e75c4b5269091d15a2e7dc0b6d35f2f5) C:\Windows\system32\DRIVERS\usbprint.sys

07:57:27.0819 4968        usbprint - ok

07:57:27.0866 4968        usbscan         (a508c9bd8724980512136b039bba65e9) C:\Windows\system32\DRIVERS\usbscan.sys

07:57:27.0913 4968        usbscan - ok

07:57:28.0006 4968        usbser          (d575246188f63de0accf6eac5fb59e6a) C:\Windows\system32\DRIVERS\usbser.sys

07:57:28.0053 4968        usbser - ok

07:57:28.0115 4968        UsbserFilt      (e44f0d17be0908b58dcc99ccb99c6c32) C:\Windows\system32\DRIVERS\usbser_lowerfltj.sys

07:57:28.0178 4968        UsbserFilt - ok

07:57:28.0209 4968        USBSTOR         (be3da31c191bc222d9ad503c5224f2ad) C:\Windows\system32\DRIVERS\USBSTOR.SYS

07:57:28.0271 4968        USBSTOR - ok

07:57:28.0287 4968        usbuhci         (814d653efc4d48be3b04a307eceff56f) C:\Windows\system32\DRIVERS\usbuhci.sys

07:57:28.0334 4968        usbuhci - ok

07:57:28.0365 4968        usbvideo        (e67998e8f14cb0627a769f6530bcb352) C:\Windows\system32\Drivers\usbvideo.sys

07:57:28.0443 4968        usbvideo - ok

07:57:28.0474 4968        UxSms           (1509e705f3ac1d474c92454a5c2dd81f) C:\Windows\System32\uxsms.dll

07:57:28.0537 4968        UxSms - ok

07:57:28.0615 4968        vds             (cd88d1b7776dc17a119049742ec07eb4) C:\Windows\System32\vds.exe

07:57:28.0724 4968        vds - ok

07:57:28.0755 4968        vfs101x         (4d45a93a7dd638ca2db0a86fbfbf42d1) C:\Windows\system32\drivers\vfs101x.sys

07:57:28.0786 4968        vfs101x - ok

07:57:28.0802 4968        vga             (87b06e1f30b749a114f74622d013f8d4) C:\Windows\system32\DRIVERS\vgapnp.sys

07:57:28.0864 4968        vga - ok

07:57:28.0880 4968        VgaSave         (2e93ac0a1d8c79d019db6c51f036636c) C:\Windows\System32\drivers\vga.sys

07:57:28.0927 4968        VgaSave - ok

07:57:28.0958 4968        viaagp          (5d7159def58a800d5781ba3a879627bc) C:\Windows\system32\drivers\viaagp.sys

07:57:28.0989 4968        viaagp - ok

07:57:29.0005 4968        ViaC7           (c4f3a691b5bad343e6249bd8c2d45dee) C:\Windows\system32\drivers\viac7.sys

07:57:29.0067 4968        ViaC7 - ok

07:57:29.0083 4968        viaide          (aadf5587a4063f52c2c3fed7887426fc) C:\Windows\system32\drivers\viaide.sys

07:57:29.0098 4968        viaide - ok

07:57:29.0129 4968        volmgr          (69503668ac66c77c6cd7af86fbdf8c43) C:\Windows\system32\drivers\volmgr.sys

07:57:29.0161 4968        volmgr - ok

07:57:29.0223 4968        volmgrx         (23e41b834759917bfd6b9a0d625d0c28) C:\Windows\system32\drivers\volmgrx.sys

07:57:29.0254 4968        volmgrx - ok

07:57:29.0317 4968        volsnap         (147281c01fcb1df9252de2a10d5e7093) C:\Windows\system32\drivers\volsnap.sys

07:57:29.0348 4968        volsnap - ok

07:57:29.0395 4968        vsmraid         (587253e09325e6bf226b299774b728a9) C:\Windows\system32\drivers\vsmraid.sys

07:57:29.0426 4968        vsmraid - ok

07:57:29.0551 4968        VSS             (db3d19f850c6eb32bdcb9bc0836acddb) C:\Windows\system32\vssvc.exe

07:57:29.0644 4968        VSS - ok

07:57:29.0769 4968        W32Time         (96ea68b9eb310a69c25ebb0282b2b9de) C:\Windows\system32\w32time.dll

07:57:29.0816 4968        W32Time - ok

07:57:29.0878 4968        WacomPen        (48dfee8f1af7c8235d4e626f0c4fe031) C:\Windows\system32\drivers\wacompen.sys

07:57:29.0972 4968        WacomPen - ok

07:57:29.0987 4968        Wanarp          (55201897378cca7af8b5efd874374a26) C:\Windows\system32\DRIVERS\wanarp.sys

07:57:30.0065 4968        Wanarp - ok

07:57:30.0065 4968        Wanarpv6        (55201897378cca7af8b5efd874374a26) C:\Windows\system32\DRIVERS\wanarp.sys

07:57:30.0112 4968        Wanarpv6 - ok

07:57:30.0190 4968        wcncsvc         (a3cd60fd826381b49f03832590e069af) C:\Windows\System32\wcncsvc.dll

07:57:30.0237 4968        wcncsvc - ok

07:57:30.0268 4968        WcsPlugInService (11bcb7afcdd7aadacb5746f544d3a9c7) C:\Windows\System32\WcsPlugInService.dll

07:57:30.0315 4968        WcsPlugInService - ok

07:57:30.0331 4968        Wd              (78fe9542363f297b18c027b2d7e7c07f) C:\Windows\system32\drivers\wd.sys

07:57:30.0346 4968        Wd - ok

07:57:30.0455 4968        Wdf01000        (9950e3d0f08141c7e89e64456ae7dc73) C:\Windows\system32\drivers\Wdf01000.sys

07:57:30.0502 4968        Wdf01000 - ok

07:57:30.0518 4968        WdiServiceHost  (abfc76b48bb6c96e3338d8943c5d93b5) C:\Windows\system32\wdi.dll

07:57:30.0596 4968        WdiServiceHost - ok

07:57:30.0596 4968        WdiSystemHost   (abfc76b48bb6c96e3338d8943c5d93b5) C:\Windows\system32\wdi.dll

07:57:30.0658 4968        WdiSystemHost - ok

07:57:30.0783 4968        WebClient       (04c37d8107320312fbae09926103d5e2) C:\Windows\System32\webclnt.dll

07:57:30.0845 4968        WebClient - ok

07:57:30.0939 4968        Wecsvc          (ae3736e7e8892241c23e4ebbb7453b60) C:\Windows\system32\wecsvc.dll

07:57:31.0001 4968        Wecsvc - ok

07:57:31.0048 4968        wercplsupport   (670ff720071ed741206d69bd995ea453) C:\Windows\System32\wercplsupport.dll

07:57:31.0095 4968        wercplsupport - ok

07:57:31.0173 4968        WerSvc          (32b88481d3b326da6deb07b1d03481e7) C:\Windows\System32\WerSvc.dll

07:57:31.0220 4968        WerSvc - ok

07:57:31.0313 4968        WinDefend       (4575aa12561c5648483403541d0d7f2b) C:\Program Files\Windows Defender\mpsvc.dll

07:57:31.0345 4968        WinDefend - ok

07:57:31.0360 4968        WinHttpAutoProxySvc - ok

07:57:31.0501 4968        Winmgmt         (6b2a1d0e80110e3d04e6863c6e62fd8a) C:\Windows\system32\wbem\WMIsvc.dll

07:57:31.0547 4968        Winmgmt - ok

07:57:31.0719 4968        WinRM           (7cfe68bdc065e55aa5e8421607037511) C:\Windows\system32\WsmSvc.dll

07:57:31.0844 4968        WinRM - ok

07:57:31.0953 4968        Wlansvc         (c008405e4feeb069e30da1d823910234) C:\Windows\System32\wlansvc.dll

07:57:32.0047 4968        Wlansvc - ok

07:57:32.0109 4968        WmiAcpi         (2e7255d172df0b8283cdfb7b433b864e) C:\Windows\system32\DRIVERS\wmiacpi.sys

07:57:32.0187 4968        WmiAcpi - ok

07:57:32.0343 4968        wmiApSrv        (43be3875207dcb62a85c8c49970b66cc) C:\Windows\system32\wbem\WmiApSrv.exe

07:57:32.0390 4968        wmiApSrv - ok

07:57:32.0593 4968        WMPNetworkSvc   (3978704576a121a9204f8cc49a301a9b) C:\Program Files\Windows Media Player\wmpnetwk.exe

07:57:32.0702 4968        WMPNetworkSvc - ok

07:57:32.0811 4968        WPCSvc          (cfc5a04558f5070cee3e3a7809f3ff52) C:\Windows\System32\wpcsvc.dll

07:57:32.0905 4968        WPCSvc - ok

07:57:32.0951 4968        WPDBusEnum      (801fbdb89d472b3c467eb112a0fc9246) C:\Windows\system32\wpdbusenum.dll

07:57:33.0045 4968        WPDBusEnum - ok

07:57:33.0107 4968        WpdUsb          (de9d36f91a4df3d911626643debf11ea) C:\Windows\system32\DRIVERS\wpdusb.sys

07:57:33.0139 4968        WpdUsb - ok

07:57:33.0419 4968        WPFFontCache_v0400 (dcf3e3edf5109ee8bc02fe6e1f045795) C:\Windows\Microsoft.NET\Framework\v4.0.30319\WPF\WPFFontCache_v0400.exe

07:57:33.0513 4968        WPFFontCache_v0400 - ok

07:57:33.0544 4968        ws2ifsl         (e3a3cb253c0ec2494d4a61f5e43a389c) C:\Windows\system32\drivers\ws2ifsl.sys

07:57:33.0607 4968        ws2ifsl - ok

07:57:33.0669 4968        wscsvc          (1ca6c40261ddc0425987980d0cd2aaab) C:\Windows\System32\wscsvc.dll

07:57:33.0934 4968        wscsvc - ok

07:57:33.0950 4968        WSearch - ok

07:57:34.0168 4968        wuauserv        (6298277b73c77fa99106b271a7525163) C:\Windows\system32\wuaueng.dll

07:57:34.0309 4968        wuauserv - ok

07:57:34.0589 4968        WudfPf          (6f9b6c0c93232cff47d0f72d6db1d21e) C:\Windows\system32\drivers\WudfPf.sys

07:57:34.0667 4968        WudfPf - ok

07:57:34.0714 4968        WUDFRd          (f91ff1e51fca30b3c3981db7d5924252) C:\Windows\system32\DRIVERS\WUDFRd.sys

07:57:34.0745 4968        WUDFRd - ok

07:57:34.0777 4968        wudfsvc         (2c0206ff8d2c75ac027d1096fa2fafda) C:\Windows\System32\WUDFSvc.dll

07:57:34.0870 4968        wudfsvc - ok

07:57:34.0933 4968        MBR (0x1B8)     (bb9d3a6a13c5010348da7c900bb6af50) \Device\Harddisk0\DR0

07:57:36.0399 4968        \Device\Harddisk0\DR0 - ok

07:57:36.0415 4968        Boot (0x1200)   (82e711d545f91928641b5d30ab48097a) \Device\Harddisk0\DR0\Partition0

07:57:36.0430 4968        \Device\Harddisk0\DR0\Partition0 - ok

07:57:36.0446 4968        Boot (0x1200)   (e373e4cc2d31b5777adb772015864597) \Device\Harddisk0\DR0\Partition1

07:57:36.0446 4968        \Device\Harddisk0\DR0\Partition1 - ok

07:57:36.0446 4968        ============================================================

07:57:36.0446 4968        Scan finished

07:57:36.0446 4968        ============================================================

07:57:36.0477 4960        Detected object count: 7

07:57:36.0477 4960        Actual detected object count: 7

07:57:57.0709 4960        Afc ( UnsignedFile.Multi.Generic ) - skipped by user

07:57:57.0709 4960        Afc ( UnsignedFile.Multi.Generic ) - User select action: Skip 

07:57:57.0709 4960        ETService ( UnsignedFile.Multi.Generic ) - skipped by user

07:57:57.0709 4960        ETService ( UnsignedFile.Multi.Generic ) - User select action: Skip 

07:57:57.0709 4960        EvtEng ( UnsignedFile.Multi.Generic ) - skipped by user

07:57:57.0709 4960        EvtEng ( UnsignedFile.Multi.Generic ) - User select action: Skip 

07:57:57.0724 4960        int15 ( UnsignedFile.Multi.Generic ) - skipped by user

07:57:57.0724 4960        int15 ( UnsignedFile.Multi.Generic ) - User select action: Skip 

07:57:57.0724 4960        LightScribeService ( UnsignedFile.Multi.Generic ) - skipped by user

07:57:57.0724 4960        LightScribeService ( UnsignedFile.Multi.Generic ) - User select action: Skip 

07:57:57.0724 4960        RegSrvc ( UnsignedFile.Multi.Generic ) - skipped by user

07:57:57.0724 4960        RegSrvc ( UnsignedFile.Multi.Generic ) - User select action: Skip 

07:57:57.0724 4960        RS_Service ( UnsignedFile.Multi.Generic ) - skipped by user

07:57:57.0724 4960        RS_Service ( UnsignedFile.Multi.Generic ) - User select action: Skip

Gruß, Boludo

Dann bitte jetzt CF ausführen:

ComboFix

Ein Leitfaden und Tutorium zur Nutzung von ComboFix

Lade dir ComboFix hier herunter auf deinen Desktop.

Schliesse alle Programme, vor allem dein Antivirenprogramm und andere Hintergrundwächter sowie deinen Internetbrowser.

Starte combofix.exe von deinem Desktop aus, bestätige die Warnmeldungen, führe die Updates durch (falls vorgeschlagen), installiere die Wiederherstellungskonsole (falls vorgeschlagen) und lass dein System durchsuchen.
Vermeide es auch während Combofix läuft die Maus und Tastatur zu benutzen.

Im Anschluss öffnet sich automatisch eine combofix.txt, diesen Inhalt bitte kopieren ([Strg]a, [Strg]c) und in deinen Beitrag einfügen ([Strg]v). Die Datei findest du außerdem unter: C:\ComboFix.txt.

Wichtiger Hinweis:

Combofix darf ausschließlich ausgeführt werden, wenn ein Kompetenzler dies ausdrücklich empfohlen hat!

Es sollte nie auf eigene Initiative hin ausgeführt werden! Eine falsche Benutzung kann ernsthafte Computerprobleme nach sich ziehen und eine Bereinigung der Infektion noch erschweren.

Solltest du nach der Ausführung von Combofix Probleme beim Starten von Anwendungen haben und Meldungen erhalten wie

Zitat:

Es wurde versucht, einen Registrierungsschlüssel einem ungültigen Vorgang zu unterziehen, der zum Löschen markiert wurde.

startest du Windows dann manuell neu und die Fehlermeldungen sollten nicht mehr auftauchen.

Anbei das Logfile:

Code:

ComboFix 12-06-10.01 - Boludo 10.06.2012  21:29:06.1.2 - x86

Microsoft® Windows Vista™ Home Premium   6.0.6002.2.1252.49.1031.18.3069.1825 [GMT 2:00]

ausgeführt von:: c:\users\Boludo\Desktop\ComboFix.exe

SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}

.

.

((((((((((((((((((((((((((((((((((((   Weitere Löschungen   ))))))))))))))))))))))))))))))))))))))))))))))))

.

.

C:\install.exe

c:\users\Boludo\AppData\Roaming\AcroIEHelpe.txt

c:\users\Boludo\AppData\Roaming\srvblck5.tmp

c:\windows\IsUn0407.exe

.

.

(((((((((((((((((((((((   Dateien erstellt von 2012-05-10 bis 2012-06-10  ))))))))))))))))))))))))))))))

.

.

2012-06-10 19:44 . 2012-06-10 19:44        --------        d-----w-        c:\users\Boludo\AppData\Local\temp

2012-06-10 19:44 . 2012-06-10 19:44        --------        d-----w-        c:\users\Default\AppData\Local\temp

2012-06-10 19:44 . 2012-06-10 19:44        --------        d-----w-        c:\users\Catja Mobil\AppData\Local\temp

2012-06-08 10:40 . 2012-05-08 16:40        6737808        ----a-w-        c:\programdata\Microsoft\Windows Defender\Definition Updates\{AED34D26-C047-48AD-82CB-5A48FAA5C75F}\mpengine.dll

2012-06-08 04:56 . 2012-06-08 04:56        --------        d-----w-        C:\_OTL

2012-06-07 05:34 . 2012-06-07 05:34        770384        ----a-w-        c:\program files\Mozilla Firefox\msvcr100.dll

2012-06-07 05:34 . 2012-06-07 05:34        421200        ----a-w-        c:\program files\Mozilla Firefox\msvcp100.dll

2012-06-07 05:30 . 2012-06-07 05:30        419488        ----a-w-        c:\windows\system32\FlashPlayerApp.exe

2012-06-06 05:10 . 2012-06-06 05:10        --------        d-----w-        c:\program files\ESET

2012-06-02 09:04 . 2012-06-02 09:04        --------        d-----w-        c:\users\Boludo\AppData\Roaming\Malwarebytes

2012-06-02 09:04 . 2012-06-02 09:04        --------        d-----w-        c:\programdata\Malwarebytes

2012-06-02 09:04 . 2012-06-02 09:04        --------        d-----w-        c:\program files\Malwarebytes' Anti-Malware

2012-06-02 09:04 . 2012-04-04 13:56        22344        ----a-w-        c:\windows\system32\drivers\mbam.sys

2012-05-23 06:35 . 2012-03-20 23:28        53120        ----a-w-        c:\windows\system32\drivers\partmgr.sys

.

.

.

((((((((((((((((((((((((((((((((((((   Find3M Bericht   ))))))))))))))))))))))))))))))))))))))))))))))))))))))

.

2012-06-07 05:30 . 2011-05-24 04:45        70304        ----a-w-        c:\windows\system32\FlashPlayerCPLApp.cpl

2012-04-18 18:56 . 2012-04-18 18:56        94208        ----a-w-        c:\windows\system32\QuickTimeVR.qtx

2012-04-18 18:56 . 2012-04-18 18:56        69632        ----a-w-        c:\windows\system32\QuickTime.qts

2012-06-07 05:34 . 2011-03-27 10:14        85472        ----a-w-        c:\program files\mozilla firefox\components\browsercomps.dll

.

.

((((((((((((((((((((((((((((   Autostartpunkte der Registrierung   ))))))))))))))))))))))))))))))))))))))))

.

.

*Hinweis* leere Einträge & legitime Standardeinträge werden nicht angezeigt. 

REGEDIT4

.

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"Sidebar"="c:\program files\Windows Sidebar\sidebar.exe" [2009-04-11 1233920]

"ehTray.exe"="c:\windows\ehome\ehTray.exe" [2008-01-21 125952]

"WMPNSCFG"="c:\program files\Windows Media Player\WMPNSCFG.exe" [2008-01-21 202240]

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"RtHDVCpl"="RtHDVCpl.exe" [2008-03-11 5296128]

"SynTPEnh"="c:\program files\Synaptics\SynTP\SynTPEnh.exe" [2008-01-18 1033512]

"ePower_DMC"="c:\program files\Acer\Empowering Technology\ePower\ePower_DMC.exe" [2008-03-11 397312]

"eAudio"="c:\program files\Acer\Empowering Technology\eAudio\eAudio.exe" [2008-03-07 544768]

"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2008-03-07 13527584]

"NvMediaCenter"="c:\windows\system32\NvMcTray.dll" [2008-03-07 92704]

"WarReg_PopUp"="c:\program files\Acer\WR_PopUp\WarReg_PopUp.exe" [2008-01-29 303104]

"IAAnotif"="c:\program files\Intel\Intel Matrix Storage Manager\iaanotif.exe" [2007-10-03 178712]

"LManager"="c:\progra~1\LAUNCH~1\LManager.exe" [2008-03-13 805384]

"BkupTray"="c:\program files\NewTech Infosystems\NTI Backup Now 5\BkupTray.exe" [2009-09-22 33024]

"SSBkgdUpdate"="c:\program files\Common Files\Scansoft Shared\SSBkgdUpdate\SSBkgdupdate.exe" [2006-10-25 210472]

"PPort11reminder"="c:\program files\ScanSoft\PaperPort\Ereg\Ereg.exe" [2007-08-31 328992]

"BrMfcWnd"="c:\program files\Brother\Brmfcmon\BrMfcWnd.exe" [2008-02-19 1089536]

"ArcSoft Connection Service"="c:\program files\Common Files\ArcSoft\Connection Service\Bin\ACDaemon.exe" [2007-10-11 31232]

"APSDaemon"="c:\program files\Common Files\Apple\Apple Application Support\APSDaemon.exe" [2012-02-20 59240]

"SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2012-01-18 254696]

"iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2012-03-27 421736]

"PMBVolumeWatcher"="c:\program files\Sony\PMB\PMBVolumeWatcher.exe" [2011-08-24 651832]

"QuickTime Task"="c:\program files\QuickTime\QTTask.exe" [2012-04-18 421888]

"Malwarebytes' Anti-Malware"="c:\program files\Malwarebytes' Anti-Malware\mbamgui.exe" [2012-04-04 462408]

.

c:\users\Boludo\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\

OpenOffice.org 3.3.lnk - c:\program files\OpenOffice.org 3\program\quickstart.exe [2010-12-13 1198592]

.

c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\

Acer VCM.lnk - c:\program files\Acer\Acer VCM\AcerVCM.exe [2009-11-20 1216512]

Adobe Gamma Loader.lnk - c:\program files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe [2010-8-29 110592]

BTTray.lnk - c:\program files\WIDCOMM\Bluetooth Software\BTTray.exe [2007-4-24 723760]

WISO Mein Steuer-Sparbuch heute.lnk - c:\program files\WISO\Steuersoftware 2012\mshaktuell.exe [2012-2-7 1380464]

.

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]

"EnableUIADesktopToggle"= 0 (0x0)

.

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WudfSvc]

@="Service"

.

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\iTunesHelper]

2012-03-27 03:09        421736        ----a-w-        c:\program files\iTunes\iTunesHelper.exe

.

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\McAfeeAntiSpyware]

"DisableMonitoring"=dword:00000001

.

S2 AAV UpdateService;AAV UpdateService;c:\program files\Akademische Arbeitsgemeinschaft\AAVUpdateManager\aavus.exe [2008-10-24 128296]

.

.

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]

LocalServiceAndNoImpersonation        REG_MULTI_SZ           FontCache

bthsvcs        REG_MULTI_SZ           BthServ

.

.

------- Zusätzlicher Suchlauf -------

.

uStart Page = hxxp://www.t-online.de/

mStart Page = hxxp://de.intl.acer.yahoo.com

uInternet Settings,ProxyOverride = *.local

IE: Bild an &Bluetooth-Gerät senden... - c:\program files\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm

IE: Seite an &Bluetooth-Gerät senden... - c:\program files\WIDCOMM\Bluetooth Software\btsendto_ie.htm

TCP: DhcpNameServer = 192.168.1.1

FF - ProfilePath - c:\users\Boludo\AppData\Roaming\Mozilla\Firefox\Profiles\lb90ov9f.default\

FF - prefs.js: browser.startup.homepage - chrome://foxtab/content/homepage.html

.

- - - - Entfernte verwaiste Registrierungseinträge - - - -

.

HKLM-Run-eRecoveryService - (no file)

SafeBoot-WudfPf

SafeBoot-WudfRd

AddRemove-Adobe Photoshop 7.0 - c:\windows\ISUN0407.EXE

AddRemove-Heroes III The Shadow of Death - c:\windows\IsUn0407.exe

.

.

.

**************************************************************************

.

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, hxxp://www.gmer.net

Rootkit scan 2012-06-10 21:44

Windows 6.0.6002 Service Pack 2 NTFS

.

Scanne versteckte Prozesse... 

.

Scanne versteckte Autostarteinträge... 

.

Scanne versteckte Dateien... 

.

Scan erfolgreich abgeschlossen

versteckte Dateien: 0

.

**************************************************************************

.

--------------------- Gesperrte Registrierungsschluessel ---------------------

.

[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]

@Denied: (A) (Users)

@Denied: (A) (Everyone)

@Allowed: (B 1 2 3 4 5) (S-1-5-20)

"BlindDial"=dword:00000000

"MSCurrentCountry"=dword:000000b5

.

[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0001\AllUserSettings]

@Denied: (A) (Users)

@Denied: (A) (Everyone)

@Allowed: (B 1 2 3 4 5) (S-1-5-20)

"BlindDial"=dword:00000000

.

[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0002\AllUserSettings]

@Denied: (A) (Users)

@Denied: (A) (Everyone)

@Allowed: (B 1 2 3 4 5) (S-1-5-20)

"BlindDial"=dword:00000000

.

--------------------- Durch laufende Prozesse gestartete DLLs ---------------------

.

- - - - - - - > 'Explorer.exe'(5416)

c:\windows\system32\btmmhook.dll

c:\windows\System32\SysHook.dll

.

Zeit der Fertigstellung: 2012-06-10  21:48:44

ComboFix-quarantined-files.txt  2012-06-10 19:48

.

Vor Suchlauf: 5.390.258.176 Bytes frei

Nach Suchlauf: 6.582.837.248 Bytes frei

.

- - End Of File - - D3821D9BF68DAA057F89627E64041824

Gruß
Boludo

Bitte nun Logs mit GMER und OSAM erstellen und posten.
GMER stürzt häufiger ab, wenn das Tool auch beim 2. Mal nicht will, lass es einfach weg und führ nur OSAM aus - die Online-Abfrage durch OSAM bitte überspringen.
Bei OSAM bitte darauf auch achten, dass Du das Log auch als *.log und nicht *.html oder so abspeicherst.

Hinweis: Zum Entpacken von OSAM bitte WinRAR oder 7zip verwenden! Stell auch unbedingt den Virenscanner ab, besonders der Scanner von McAfee meldet oft einen Fehalarm in OSAM!

Downloade dir bitte

aswMBR.exe und speichere die Datei auf deinem Desktop.

Starte die aswMBR.exe - (aswMBR.exe Anleitung)
Ab Windows Vista (oder höher) bitte mit Rechtsklick "als Administrator ausführen" starten".
Das Tool wird dich fragen, ob Du mit der aktuellen Virendefinition von AVAST! dein System scannen willst. Beantworte diese Frage bitte mit Ja. (Sollte deine Firewall fragen, bitte den Zugriff auf das Internet zulassen )
Der Download der Definitionen kann je nach Verbindung eine Weile dauern.
Klicke auf Scan.
Warte bitte bis Scan finished successfully im DOS-Fenster steht.
Drücke auf Save Log und speichere diese auf dem Desktop.

Poste mir die aswMBR.txt in deiner nächsten Antwort.

Wichtig: Drücke keinesfalls einen der Fix Buttons ohne Anweisung

Hinweis: Sollte der Scan Button ausgeblendet sein, schließe das Tool und starte es erneut. Sollte der Scan abbrechen und das Programm abstürzen, dann teile mir das mit und wähle unter AV Scan die Einstellung (none).

Noch ein Hinweis: Sollte aswMBR abstürzen und es kommt eine Meldung wie "aswMBR.exe funktioniert nicht mehr, dann mach Folgendes:
Starte aswMBR neu, wähle unten links im Drop-Down-Menü (unten links im Fenster von aswMBR) bei "AV scan" (none) aus und klick nochmal auf den Scan-Button.

Puh!

GMER:

Code:

GMER 1.0.15.15641 - hxxp://www.gmer.net

Rootkit scan 2012-06-11 22:21:32

Windows 6.0.6002 Service Pack 2 Harddisk0\DR0 -> \Device\Ide\IAAStorageDevice-0 WDC_WD25 rev.01.0

Running: e2lkz6t9.exe; Driver: C:\Users\Boludo\AppData\Local\Temp\pfriipog.sys
 
 

---- Kernel code sections - GMER 1.0.15 ----
 

.text           C:\Windows\system32\DRIVERS\nvlddmkm.sys                                                             section is writeable [0x8E20A340, 0x3D50E7, 0xE8000020]
 

---- User IAT/EAT - GMER 1.0.15 ----
 

IAT             C:\Windows\Explorer.EXE[4052] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdiplusShutdown]                [73FB7817] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6002.18581_none_9e591052ca1013d0\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)

IAT             C:\Windows\Explorer.EXE[4052] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipCloneImage]                 [73FFB4E9] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6002.18581_none_9e591052ca1013d0\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)

IAT             C:\Windows\Explorer.EXE[4052] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipDrawImageRectI]             [73FBBB22] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6002.18581_none_9e591052ca1013d0\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)

IAT             C:\Windows\Explorer.EXE[4052] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipSetInterpolationMode]       [73FAF695] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6002.18581_none_9e591052ca1013d0\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)

IAT             C:\Windows\Explorer.EXE[4052] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdiplusStartup]                 [73FB75E9] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6002.18581_none_9e591052ca1013d0\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)

IAT             C:\Windows\Explorer.EXE[4052] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipCreateFromHDC]              [73FAE7CA] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6002.18581_none_9e591052ca1013d0\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)

IAT             C:\Windows\Explorer.EXE[4052] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipCreateBitmapFromStreamICM]  [73FE73F5] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6002.18581_none_9e591052ca1013d0\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)

IAT             C:\Windows\Explorer.EXE[4052] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipCreateBitmapFromStream]     [73FBDA60] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6002.18581_none_9e591052ca1013d0\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)

IAT             C:\Windows\Explorer.EXE[4052] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipGetImageHeight]             [73FAFFFA] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6002.18581_none_9e591052ca1013d0\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)

IAT             C:\Windows\Explorer.EXE[4052] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipGetImageWidth]              [73FAFF61] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6002.18581_none_9e591052ca1013d0\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)

IAT             C:\Windows\Explorer.EXE[4052] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipDisposeImage]               [73FA71CF] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6002.18581_none_9e591052ca1013d0\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)

IAT             C:\Windows\Explorer.EXE[4052] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipLoadImageFromFileICM]       [7403CAE2] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6002.18581_none_9e591052ca1013d0\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)

IAT             C:\Windows\Explorer.EXE[4052] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipLoadImageFromFile]          [73FDC8D8] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6002.18581_none_9e591052ca1013d0\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)

IAT             C:\Windows\Explorer.EXE[4052] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipDeleteGraphics]             [73FAD968] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6002.18581_none_9e591052ca1013d0\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)

IAT             C:\Windows\Explorer.EXE[4052] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipFree]                       [73FA6853] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6002.18581_none_9e591052ca1013d0\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)

IAT             C:\Windows\Explorer.EXE[4052] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipAlloc]                      [73FA687E] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6002.18581_none_9e591052ca1013d0\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)

IAT             C:\Windows\Explorer.EXE[4052] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipSetCompositingMode]         [73FB2AD1] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6002.18581_none_9e591052ca1013d0\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
 

---- Devices - GMER 1.0.15 ----
 

AttachedDevice  \Driver\kbdclass \Device\KeyboardClass0                                                              Wdf01000.sys (Kernelmodustreiber-Frameworklaufzeit/Microsoft Corporation)

AttachedDevice  \Driver\kbdclass \Device\KeyboardClass1                                                              Wdf01000.sys (Kernelmodustreiber-Frameworklaufzeit/Microsoft Corporation)
 

---- Registry - GMER 1.0.15 ----
 

Reg             HKLM\SYSTEM\CurrentControlSet\Services\BthPort\Parameters\Keys\001f3aec4348                          

Reg             HKLM\SYSTEM\ControlSet002\Services\BthPort\Parameters\Keys\001f3aec4348 (not active ControlSet)      

Reg             HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\System                                                

Reg             HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\System@OOPM02.00.00.01PRO                             D4A20DAD5868B6041F04324742A5C08A4AA057E0733C7E4C1DDFA45CC1C941D4674BF258D6B8800A9109D0A2DEC8CD5CDFEC54BDF821889B189644EF887B7147759D09E7C5D7030263D371F0AB431E839090CAB02DAF89AECE10BF7BBE58BC9CC5E410B933BB7857EF7015D65A9D3B06ED769747841FF8C2A53BEF16C06A24ECB3AD7E8AFEBC9E127BECC74CFEBC9E127BECC74CFEBC9E127BECC74CFEBC9E127BECC74CFEBC9E127BECC74CFEBC9E127BECC74CA6A0AC4980AC7933C038D530D6EB3452C038D530D6EB34529DB7CE019D40AA5C80ABBC8B1D9C3EF8987473BA6BA15654E4CBE3AEE6BAB6D9675FC46044E9E6C0A7A78D5E861D47FEF8887DA770D2876F1307FC96BFE0E9027914C65B44C0D801B65E65853D6ACB60613C009E07C77824F6A3F658A2B0DACF04A8CFC0FE770B689C1D72939D8CDB8AA433B50D8329D48868B2B85A768EF32204C195140FD5C2C19E3BD7441CCA3CCF6E12CC054C60FE1A174C1E2AB7A852404D874078A7687DB9D10FAAF53C326667B9826A3FDD9A0CB6830BF875F6EB4A5186A5EC370D7E68632577F4299A16856C57B1A316C4C9C6A1848C0B92580BE0E02A4CAD3D98ADE832D5D3350565887A5B6CD10408A7A5AB0343740D77937F5260862C869B37CC1701F8885D53DCE4DA9871998AB7BB28ECE5BCE82CC175028B24408070076BF8BB0C76FE528159C6EDE834C02BE
 

---- EOF - GMER 1.0.15 ----

OSAM:

Code:

Report of OSAM: Autorun Manager v5.0.11926.0

hxxp://www.online-solutions.ru/en/

Saved at 22:39:19 on 11.06.2012
 

OS: Windows Vista Home Premium Edition Service Pack 2 (Build 6002), 32-bit

Default Browser: Mozilla Corporation Firefox 13.0
 

Scanner Settings

[x] Rootkits detection (hidden registry)

[x] Rootkits detection (hidden files)

[x] Retrieve files information

[x] Check Microsoft signatures
 

Filters

[ ] Trusted entries

[ ] Empty entries

[x] Hidden registry entries (rootkit activity)

[x] Exclusively opened files

[x] Not found files

[x] Files without detailed information

[x] Existing files

[ ] Non-startable services

[ ] Non-startable drivers

[x] Active entries

[x] Disabled entries
 
 

[Control Panel Objects]

-----( %SystemRoot%\system32 )-----

"FlashPlayerCPLApp.cpl" - "Adobe Systems Incorporated" - C:\Windows\system32\FlashPlayerCPLApp.cpl

"iproset.cpl" - "Intel(R) Corporation" - C:\Windows\system32\iproset.cpl

-----( HKLM\Software\Microsoft\Windows\CurrentVersion\Control Panel\Cpls )-----

"Nero BurnRights" - "Nero AG" - C:\Program Files\Nero\Nero8\Nero Toolkit\NeroBurnRights.cpl

"PROSet Tools" - "Intel(R) Corporation" - C:\Windows\System32\iPROSet.cpl

"QuickTime" - "Apple Inc." - C:\Program Files\QuickTime\QTSystem\QuickTime.cpl
 

[Drivers]

-----( HKLM\SYSTEM\CurrentControlSet\Services )-----

"catchme" (catchme) - ? - C:\Users\Boludo\AppData\Local\Temp\catchme.sys  (File not found)

"Dritek General Port I/O" (DritekPortIO) - "Dritek System Inc." - C:\PROGRA~1\LAUNCH~1\DPortIO.sys

"FAMv4" (FAMv4) - "VisionWorks Solutions, Inc" - C:\Windows\System32\DRIVERS\FAMv4.sys

"int15" (int15) - ? - C:\Windows\system32\drivers\int15.sys  (File found, but it contains no detailed information)

"IP in IP Tunnel Driver" (IpInIp) - ? - C:\Windows\System32\DRIVERS\ipinip.sys  (File not found)

"IPX Traffic Filter Driver" (NwlnkFlt) - ? - C:\Windows\System32\DRIVERS\nwlnkflt.sys  (File not found)

"IPX Traffic Forwarder Driver" (NwlnkFwd) - ? - C:\Windows\System32\DRIVERS\nwlnkfwd.sys  (File not found)

"Lavasoft helper driver" (Lavasoft Kernexplorer) - ? - C:\Program Files\Lavasoft\Ad-Aware\KernExplorer.sys  (File not found)

"MBAMProtector" (MBAMProtector) - "Malwarebytes Corporation" - C:\Windows\system32\drivers\mbam.sys

"PPdus ASPI Shell" (Afc) - "Arcsoft, Inc." - C:\Windows\System32\drivers\Afc.sys

"Upper Class Filter Driver" (NTIDrvr) - "NewTech Infosystems, Inc." - C:\Windows\System32\Drivers\NTIDrvr.sys
 

[Explorer]

-----( HKLM\Software\Classes\Folder\shellex\ColumnHandlers )-----

{F9DB5320-233E-11D1-9F84-707F02C10627} "PDF Shell Extension" - "Adobe Systems, Inc." - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\PDFShell.dll

{C52AF81D-F7A0-4AAB-8E87-F80A60CCD396} "{C52AF81D-F7A0-4AAB-8E87-F80A60CCD396}" - ? - C:\Program Files\OpenOffice.org 3\Basis\program\shlxthdl\shlxthdl.dll

-----( HKLM\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved )-----

{911051fa-c21c-4246-b470-070cd8df6dc4} ".cab or .zip files" - ? -   (File not found | COM-object registry key not found)

{23170F69-40C1-278A-1000-000100020000} "7-Zip Shell Extension" - "Igor Pavlov" - C:\Program Files\7-Zip\7-zip.dll

{1b24a030-9b20-49bc-97ac-1be4426f9e59} "ActiveDirectory Folder" - ? -   (File not found | COM-object registry key not found)

{34449847-FD14-4fc8-A75A-7432F5181EFB} "ActiveDirectory Folder" - ? -   (File not found | COM-object registry key not found)

{0F8604A5-4ECE-4DE1-BA7D-CF10F8AA4F48} "Contacts folder" - ? -   (File not found | COM-object registry key not found)

{94586423-855F-4EB2-9F6A-D9DA5658DBE3} "Context menu" - ? - C:\PROGRA~1\FREEM4~1\m4a_menu.dll  (File found, but it contains no detailed information)

{2b45bd21-71f8-4c8c-a87a-7eeb25a1a3e0} "EPM-PO Shell Extensions" - ? - epm-po.dll  (File not found)

{2C2577C2-63A7-40e3-9B7F-586602617ECB} "Explorer Query Band" - ? -   (File not found | COM-object registry key not found)

{FAC3CBF6-8697-43d0-BAB9-DCD1FCE19D75} "IE User Assist" - ? -   (File not found | COM-object registry key not found)

{B9E1D2CB-CCFF-4AA6-9579-D7A4754030EF} "iTunes" - "Apple Inc." - C:\Program Files\iTunes\iTunesMiniPlayer.dll

{00020d75-0000-0000-c000-000000000046} "lnkfile" - ? -   (File not found | COM-object registry key not found)

{7842554E-6BED-11D2-8CDB-B05550C10000} "Monitor Class" - "Broadcom Corporation." - C:\Windows\system32\btncopy.dll

{C52AF81D-F7A0-4AAB-8E87-F80A60CCD396} "OpenOffice.org Column Handler" - ? - C:\Program Files\OpenOffice.org 3\Basis\program\shlxthdl\shlxthdl.dll

{087B3AE3-E237-4467-B8DB-5A38AB959AC9} "OpenOffice.org Infotip Handler" - ? - C:\Program Files\OpenOffice.org 3\Basis\program\shlxthdl\shlxthdl.dll

{AE424E85-F6DF-4910-A6A9-438797986431} "OpenOffice.org Property Handler" - ? - C:\Program Files\OpenOffice.org 3\Basis\program\shlxthdl\propertyhdl.dll

{63542C48-9552-494A-84F7-73AA6A7C99C1} "OpenOffice.org Property Sheet Handler" - ? - C:\Program Files\OpenOffice.org 3\Basis\program\shlxthdl\shlxthdl.dll

{3B092F0C-7696-40E3-A80F-68D74DA84210} "OpenOffice.org Thumbnail Viewer" - ? - C:\Program Files\OpenOffice.org 3\Basis\program\shlxthdl\shlxthdl.dll

{C8494E42-ACDD-4739-B0FB-217361E4894F} "Sam Account Folder" - ? -   (File not found | COM-object registry key not found)

{E29F9716-5C08-4FCD-955A-119FDB5A522D} "Sam Account Folder" - ? -   (File not found | COM-object registry key not found)

{45AC2688-0253-4ED8-97DE-B5370FA7D48A} "Shell Extension for Malware scanning" - ? -   (File not found | COM-object registry key not found)

{da67b8ad-e81b-4c70-9b91b417b5e33527} "Windows Search Shell Service" - ? -   (File not found | COM-object registry key not found)
 

[Internet Explorer]

-----( HKCU\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser )-----

ITBar7Height "ITBar7Height" - ? -   (File not found | COM-object registry key not found)

<binary data> "ITBar7Layout" - ? -   (File not found | COM-object registry key not found)

<binary data> "ITBarLayout" - ? -   (File not found | COM-object registry key not found)

-----( HKLM\SOFTWARE\Microsoft\Code Store Database\Distribution Units )-----

{D821DC4A-0814-435E-9820-661C543A4679} "CRLDownloadWrapper Class" - "Microsoft Corporation" - C:\Windows\Downloaded Program Files\crlocx.ocx / hxxp://drmlicense.one.microsoft.com/crlupdate/en/crlocx.ocx

{8AD9C840-044E-11D1-B3E9-00805F499D93} "Java Plug-in 1.6.0_31" - "Sun Microsystems, Inc." - C:\Program Files\Java\jre6\bin\jp2iexp.dll / hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab

{CAFEEFAC-0016-0000-0031-ABCDEFFEDCBA} "Java Plug-in 1.6.0_31" - "Sun Microsystems, Inc." - C:\Program Files\Java\jre6\bin\jp2iexp.dll / hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab

{CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} "Java Plug-in 1.6.0_31" - "Sun Microsystems, Inc." - C:\Program Files\Java\jre6\bin\npjpi160_31.dll / hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab

{E2883E8F-472F-4FB0-9522-AC9BF37916A7} "{E2883E8F-472F-4FB0-9522-AC9BF37916A7}" - ? -   (File not found | COM-object registry key not found) / hxxp://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab

-----( HKLM\SOFTWARE\Microsoft\Internet Explorer\Extensions )-----

"@btrez.dll,-4015" - ? - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm

-----( HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects )-----

{06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} "Adobe PDF Reader Link Helper" - "Adobe Systems Incorporated" - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll

{DBC80044-A445-435b-BC74-9C25C1C588A9} "Java(tm) Plug-In 2 SSV Helper" - "Sun Microsystems, Inc." - C:\Program Files\Java\jre6\bin\jp2ssv.dll

{761497BB-D6F0-462C-B6EB-D4DAF1D92D43} "Java(tm) Plug-In SSV Helper" - "Sun Microsystems, Inc." - C:\Program Files\Java\jre6\bin\ssv.dll
 

[Logon]

-----( %APPDATA%\Microsoft\Windows\Start Menu\Programs\Startup )-----

"desktop.ini" - ? - C:\Users\Boludo\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\desktop.ini

"OpenOffice.org 3.3.lnk" - ? - C:\Program Files\OpenOffice.org 3\program\quickstart.exe  (Shortcut exists | File found, but it contains no detailed information | File exists)

-----( %AllUsersProfile%\Microsoft\Windows\Start Menu\Programs\Startup )-----

"Acer VCM.lnk" - "Acer Incorporated" - C:\Program Files\Acer\Acer VCM\AcerVCM.exe  (Shortcut exists | File exists)

"Adobe Gamma Loader.lnk" - "Adobe Systems, Inc." - C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe  (Shortcut exists | File exists)

"desktop.ini" - ? - C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\desktop.ini

"BTTray.lnk" - "Broadcom Corporation." - C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe  (Shortcut exists | File exists)

"WISO Mein Steuer-Sparbuch heute.lnk" - "Buhl Tax Service, Hannover" - C:\Program Files\WISO\Steuersoftware 2012\mshaktuell.exe  (Shortcut exists | File exists)

-----( HKLM\SYSTEM\CurrentControlSet\Control\Terminal Server\Wds\rdpwd )-----

"StartupPrograms" - ? - rdpclip  (File not found)

-----( HKLM\Software\Microsoft\Windows\CurrentVersion\Run )-----

"APSDaemon" - "Apple Inc." - "C:\Program Files\Common Files\Apple\Apple Application Support\APSDaemon.exe"

"ArcSoft Connection Service" - "ArcSoft" - C:\Program Files\Common Files\ArcSoft\Connection Service\Bin\ACDaemon.exe

"BkupTray" - ? - "C:\Program Files\NewTech Infosystems\NTI Backup Now 5\BkupTray.exe"

"BrMfcWnd" - "Brother Industries, Ltd." - C:\Program Files\Brother\Brmfcmon\BrMfcWnd.exe /AUTORUN

"eAudio" - "Acer Incorporated" - "C:\Program Files\Acer\Empowering Technology\eAudio\eAudio.exe"

"ePower_DMC" - "Acer Inc." - C:\Program Files\Acer\Empowering Technology\ePower\ePower_DMC.exe

"IAAnotif" - "Intel Corporation" - C:\Program Files\Intel\Intel Matrix Storage Manager\iaanotif.exe

"iTunesHelper" - "Apple Inc." - "C:\Program Files\iTunes\iTunesHelper.exe"

"LManager" - "Dritek System Inc." - C:\PROGRA~1\LAUNCH~1\LManager.exe

"Malwarebytes' Anti-Malware" - "Malwarebytes Corporation" - "C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe" /starttray

"PMBVolumeWatcher" - "Sony Corporation" - C:\Program Files\Sony\PMB\PMBVolumeWatcher.exe

"PPort11reminder" - "Nuance Communications, Inc." - "C:\Program Files\ScanSoft\PaperPort\Ereg\Ereg.exe" -r "C:\ProgramData\ScanSoft\PaperPort\11\Config\Ereg\Ereg.ini"

"QuickTime Task" - "Apple Inc." - "C:\Program Files\QuickTime\QTTask.exe" -atboottime

"SSBkgdUpdate" - "Nuance Communications, Inc." - "C:\Program Files\Common Files\Scansoft Shared\SSBkgdUpdate\SSBkgdupdate.exe" -Embedding -boot

"SunJavaUpdateSched" - "Sun Microsystems, Inc." - "C:\Program Files\Common Files\Java\Java Update\jusched.exe"

"WarReg_PopUp" - "Acer Incorporated" - C:\Program Files\Acer\WR_PopUp\WarReg_PopUp.exe
 

[Print Monitors]

-----( HKLM\SYSTEM\CurrentControlSet\Control\Print\Monitors )-----

"GMX Fax Monitor" - "GMX GmbH" - C:\Windows\system32\UIGMXMON.DLL
 

[Services]

-----( HKLM\SYSTEM\CurrentControlSet\Services )-----

"@c:\Windows\Microsoft.NET\Framework\v4.0.30319\WPF\WPFFontCache_v0400.exe,-100" (WPFFontCache_v0400) - "Microsoft Corporation" - C:\Windows\Microsoft.NET\Framework\v4.0.30319\WPF\WPFFontCache_v0400.exe

"AAV UpdateService" (AAV UpdateService) - ? - C:\Program Files\Akademische Arbeitsgemeinschaft\AAVUpdateManager\aavus.exe

"Apple Mobile Device" (Apple Mobile Device) - "Apple Inc." - C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe

"Dienst "Bonjour"" (Bonjour Service) - "Apple Inc." - C:\Program Files\Bonjour\mDNSResponder.exe

"Empowering Technology Service" (ETService) - ? - C:\Program Files\Acer\Empowering Technology\Service\ETService.exe

"FLEXnet Licensing Service" (FLEXnet Licensing Service) - "Acresso Software Inc." - C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe

"Intel(R) Matrix Storage Event Monitor" (IAANTMON) - "Intel Corporation" - C:\Program Files\Intel\Intel Matrix Storage Manager\IAANTMon.exe

"Intel® PROSet/Wireless Event Log" (EvtEng) - "Intel(R) Corporation" - C:\Program Files\Intel\WiFi\bin\EvtEng.exe

"Intel® PROSet/Wireless Registry Service" (RegSrvc) - "Intel(R) Corporation" - C:\Program Files\Common Files\Intel\WirelessCommon\RegSrvc.exe

"iPod-Dienst" (iPod Service) - "Apple Inc." - C:\Program Files\iPod\bin\iPodService.exe

"LightScribeService Direct Disc Labeling Service" (LightScribeService) - "Hewlett-Packard Company" - C:\Program Files\Common Files\LightScribe\LSSrvc.exe

"MBAMService" (MBAMService) - "Malwarebytes Corporation" - C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe

"Microsoft .NET Framework NGEN v4.0.30319_X86" (clr_optimization_v4.0.30319_32) - "Microsoft Corporation" - C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe

"MobilityService" (MobilityService) - ? - C:\Acer\Mobility Center\MobilityService.exe

"Mozilla Maintenance Service" (MozillaMaintenance) - "Mozilla Foundation" - C:\Program Files\Mozilla Maintenance Service\maintenanceservice.exe

"NTI Backup Now 5 Agent Service" (BUNAgentSvc) - "NewTech Infosystems, Inc." - C:\Program Files\NewTech Infosystems\NTI Backup Now 5\Client\Agentsvc.exe

"NTI Backup Now 5 Backup Service" (NTIBackupSvc) - "NewTech InfoSystems, Inc." - C:\Program Files\NewTech Infosystems\NTI Backup Now 5\BackupSvc.exe

"NTI Backup Now 5 Scheduler Service" (NTISchedulerSvc) - "NewTech Infosystems, Inc." - C:\Program Files\NewTech Infosystems\NTI Backup Now 5\SchedulerSvc.exe

"PMBDeviceInfoProvider" (PMBDeviceInfoProvider) - "Sony Corporation" - C:\Program Files\Sony\PMB\PMBDeviceInfoProvider.exe

"Raw Socket Service" (RS_Service) - "Acer Incorporated" - C:\Program Files\Acer\Acer VCM\RS_Service.exe

"ServiceLayer" (ServiceLayer) - "Nokia" - C:\Program Files\PC Connectivity Solution\ServiceLayer.exe
 

[Winsock Providers]

-----( HKLM\SYSTEM\CurrentControlSet\Services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries )-----

"mdnsNSP" - "Apple Inc." - C:\Program Files\Bonjour\mdnsNSP.dll
 

===[ Logfile end ]=========================================[ Logfile end ]===
 

If You have questions or want to get some help, You can visit hxxp://forum.online-solutions.ru

aswMBR:

Code:

aswMBR version 0.9.9.1665 Copyright(c) 2011 AVAST Software

Run date: 2012-06-11 22:42:35

-----------------------------

22:42:35.075    OS Version: Windows 6.0.6002 Service Pack 2

22:42:35.075    Number of processors: 2 586 0xF0D

22:42:35.091    ComputerName: BOLUDO-PC  UserName: Boludo

22:43:38.616    Initialize success

22:46:12.316    AVAST engine defs: 12061100

22:46:20.335    Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\Ide\IAAStorageDevice-0

22:46:20.335    Disk 0 Vendor: WDC_WD25 01.0 Size: 238475MB BusType: 3

22:46:20.366    Disk 0 MBR read successfully

22:46:20.382    Disk 0 MBR scan

22:46:20.382    Disk 0 unknown MBR code

22:46:20.397    Disk 0 Partition 1 00     27 Hidden NTFS WinRE NTFS        10240 MB offset 2048

22:46:20.413    Disk 0 Partition 2 80 (A) 07    HPFS/NTFS NTFS       114116 MB offset 20973568

22:46:20.444    Disk 0 Partition 3 00     07    HPFS/NTFS NTFS       110489 MB offset 254683136

22:46:20.538    Disk 0 Partition 4 00     12  Compaq diag NTFS         3628 MB offset 480964608

22:46:20.553    Disk 0 scanning sectors +488394752

22:46:20.678    Disk 0 scanning C:\Windows\system32\drivers

22:46:34.484    Service scanning

22:47:02.548    Modules scanning

22:47:08.227    Disk 0 trace - called modules:

22:47:08.320    ntkrnlpa.exe CLASSPNP.SYS disk.sys acpi.sys hal.dll iaStor.sys 

22:47:08.320    1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0x864ac2e8]

22:47:08.336    3 CLASSPNP.SYS[8a9a08b3] -> nt!IofCallDriver -> [0x85955660]

22:47:08.336    5 acpi.sys[806916bc] -> nt!IofCallDriver -> \Device\Ide\IAAStorageDevice-0[0x85959028]

22:47:10.302    AVAST engine scan C:\Windows

22:47:15.169    AVAST engine scan C:\Windows\system32

22:51:13.289    AVAST engine scan C:\Windows\system32\drivers

22:51:29.716    AVAST engine scan C:\Users\Boludo

22:54:36.651    AVAST engine scan C:\ProgramData

22:56:26.787    Scan finished successfully

23:03:53.337    Disk 0 MBR has been saved successfully to "C:\Users\Boludo\Desktop\MBR.dat"

23:03:53.352    The log file has been saved successfully to "C:\Users\Boludo\Desktop\aswMBR.txt"

:dankeschoen:
Gruß
Boludo

Wir sollten den MBR fixen, sichere für den Fall der Fälle ALLE wichtigen Daten, auch wenn meistens alles glatt geht.

Hinweis: Mach bitte NICHT den MBR-Fix, wenn du noch andere Betriebssysteme wie zB Ubuntu installiert hast, ein MBR-Fix mit Windows-Tools macht ein parallel installiertes (Dualboot) Linux unbootbar.
Mach den Fix auch dann nicht, wenn du zB mit TrueCrypt oder anderen Verschlüsselungsprogrammen eine Vollverschlüsselung der Windowspartition bzw. gesamten Festplatte hast

Starte nach der Datensicherung aswmbr erneut und klick auf den Button FIXMBR.

Hinweis: Bitte den Virenscanner abstellen bevor du aswMBR ausführst, denn v.a. Avira meldet darin oft einen Fehalalrm!

Anschließend Windows neu starten und ein neues Log mit aswMBR machen.

Alles gut gegangen.

Hier das Log zum Fix:

Code:

aswMBR version 0.9.9.1665 Copyright(c) 2011 AVAST Software

Run date: 2012-06-12 18:41:21

-----------------------------

18:41:21.331    OS Version: Windows 6.0.6002 Service Pack 2

18:41:21.331    Number of processors: 2 586 0xF0D

18:41:21.331    ComputerName: BOLUDO-PC  UserName: Boludo

18:42:03.716    Initialize success

18:42:18.473    AVAST engine defs: 12061100

18:42:54.076    Verifying

18:43:04.091    Disk 0 Windows 600 MBR fixed successfully

18:43:24.745    Disk 0 MBR has been saved successfully to "C:\Users\Boludo\Desktop\MBR.dat"

18:43:24.745    The log file has been saved successfully to "C:\Users\Boludo\Desktop\aswMBR-2.txt"

Und das das Log nach Neustart und Scan:

Code:

aswMBR version 0.9.9.1665 Copyright(c) 2011 AVAST Software

Run date: 2012-06-12 19:02:00

-----------------------------

19:02:00.206    OS Version: Windows 6.0.6002 Service Pack 2

19:02:00.206    Number of processors: 2 586 0xF0D

19:02:00.206    ComputerName: BOLUDO-PC  UserName: Boludo

19:02:23.418    Initialize success

19:02:32.825    AVAST engine defs: 12061100

19:02:47.099    Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\Ide\IAAStorageDevice-0

19:02:47.115    Disk 0 Vendor: WDC_WD25 01.0 Size: 238475MB BusType: 3

19:02:47.162    Disk 0 MBR read successfully

19:02:47.162    Disk 0 MBR scan

19:02:47.177    Disk 0 Windows VISTA default MBR code

19:02:47.193    Disk 0 Partition 1 00     27 Hidden NTFS WinRE NTFS        10240 MB offset 2048

19:02:47.208    Disk 0 Partition 2 80 (A) 07    HPFS/NTFS NTFS       114116 MB offset 20973568

19:02:47.240    Disk 0 Partition 3 00     07    HPFS/NTFS NTFS       110489 MB offset 254683136

19:02:47.271    Disk 0 Partition 4 00     12  Compaq diag NTFS         3628 MB offset 480964608

19:02:47.286    Disk 0 scanning sectors +488394752

19:02:47.349    Disk 0 scanning C:\Windows\system32\drivers

19:02:59.548    Service scanning

19:03:27.347    Modules scanning

19:03:32.230    Disk 0 trace - called modules:

19:03:32.261    ntkrnlpa.exe CLASSPNP.SYS disk.sys acpi.sys hal.dll iaStor.sys 

19:03:32.261    1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0x86909418]

19:03:32.277    3 CLASSPNP.SYS[8a9ab8b3] -> nt!IofCallDriver -> [0x8593b860]

19:03:32.292    5 acpi.sys[8068b6bc] -> nt!IofCallDriver -> \Device\Ide\IAAStorageDevice-0[0x8595c028]

19:03:33.806    AVAST engine scan C:\Windows

19:03:38.579    AVAST engine scan C:\Windows\system32

19:07:36.807    AVAST engine scan C:\Windows\system32\drivers

19:07:53.561    AVAST engine scan C:\Users\Boludo

19:11:02.540    AVAST engine scan C:\ProgramData

19:12:51.100    Scan finished successfully

20:33:21.377    Disk 0 MBR has been saved successfully to "C:\Users\Boludo\Desktop\MBR.dat"

20:33:21.377    The log file has been saved successfully to "C:\Users\Boludo\Desktop\aswMBR-3.txt"

Gruß
Boludo

Sieht ok aus. Wir sollten fast durch sein. Mach bitte zur Kontrolle Vollscans mit Malwarebytes und SASW und poste die Logs.
Denk dran beide Tools zu updaten vor dem Scan!!