Trojaner-Board
Seite 1 von 2 1 2
100 Beiträge dieses Themas auf einer Seite anzeigen

Trojaner-Board (https://www.trojaner-board.de/)
-   Plagegeister aller Art und deren Bekämpfung (https://www.trojaner-board.de/plagegeister-aller-art-deren-bekaempfung/)
-   -   Bundespolizei Trojaner?? (https://www.trojaner-board.de/106474-bundespolizei-trojaner.html)

Frank75 18.12.2011 02:35
Bundespolizei Trojaner??
 
Sehr geehrtes Trojaner-Board,
letzte Woche habe ich mir diesen Bundespolizeitrojaner eingefangen. Nach div. Forensuche habe ich einen früheren Systemzeitpunkt gewählt, Java upgedatet und ein scan mit Avira und Malwarebytes gemacht. Die Funde habe ich dann gelöscht und es kamen keine weiteren Meldungen mehr. Bin jetzt aber verunsichert ob dieser Trojaner wirklich weg ist, deshalb bitte ich euch um eure Mithilfe. Danke
Nach Anweisung habe ich
1 Defrogger ausgeführt
2 OtL scan
3 Gmer scan
und als Zip angehängt

cosinus 18.12.2011 16:18
Zitat:
und ein scan mit Avira und Malwarebytes gemacht. Die Funde habe ich dann gelöscht
Bitte alle Logs davon in CODE-Tags posten!

Wird so gemacht:

[code] hier steht das Log [/code]

Und das ganze sieht dann so aus:

Code:
hier steht das Log

Frank75 18.12.2011 20:06
Hi Arne,

zuerst Avira File
Code:


Avira AntiVir Personal
Erstellungsdatum der Reportdatei: Samstag, 17. Dezember 2011  12:45

Es wird nach 3585463 Virenstämmen gesucht.

Lizenznehmer  : Avira AntiVir Personal - Free Antivirus
Seriennummer  : 0000149996-ADJIE-0000001
Plattform      : Windows Vista
Windowsversion : (plain)  [6.0.6000]
Boot Modus    : Normal gebootet
Benutzername  : Franky
Computername  : FRANKY-PC

Versionsinformationen:
BUILD.DAT      : 9.0.0.429    21701 Bytes  06.10.2010 09:59:00
AVSCAN.EXE    : 9.0.3.10    466689 Bytes  13.10.2009 10:26:28
AVSCAN.DLL    : 9.0.3.0      49409 Bytes  13.02.2009 11:04:10
LUKE.DLL      : 9.0.3.2      209665 Bytes  20.02.2009 10:35:44
LUKERES.DLL    : 9.0.2.0      13569 Bytes  26.01.2009 09:41:59
VBASE000.VDF  : 7.10.0.0  19875328 Bytes  06.11.2009 06:35:52
VBASE001.VDF  : 7.11.0.0  13342208 Bytes  14.12.2010 06:53:45
VBASE002.VDF  : 7.11.3.0    1950720 Bytes  09.02.2011 09:11:08
VBASE003.VDF  : 7.11.5.225  1980416 Bytes  07.04.2011 09:21:29
VBASE004.VDF  : 7.11.8.178  2354176 Bytes  31.05.2011 17:16:10
VBASE005.VDF  : 7.11.10.251  1788416 Bytes  07.07.2011 09:00:09
VBASE006.VDF  : 7.11.13.60  6411776 Bytes  16.08.2011 19:09:55
VBASE007.VDF  : 7.11.15.106  2389504 Bytes  05.10.2011 07:42:30
VBASE008.VDF  : 7.11.18.32  2132992 Bytes  24.11.2011 17:23:24
VBASE009.VDF  : 7.11.18.33      2048 Bytes  24.11.2011 17:23:24
VBASE010.VDF  : 7.11.18.34      2048 Bytes  24.11.2011 17:23:24
VBASE011.VDF  : 7.11.18.35      2048 Bytes  24.11.2011 17:23:24
VBASE012.VDF  : 7.11.18.36      2048 Bytes  24.11.2011 17:23:25
VBASE013.VDF  : 7.11.18.89    204800 Bytes  28.11.2011 19:07:09
VBASE014.VDF  : 7.11.18.145    143872 Bytes  01.12.2011 20:05:46
VBASE015.VDF  : 7.11.18.180    173056 Bytes  02.12.2011 20:05:48
VBASE016.VDF  : 7.11.18.208    164864 Bytes  05.12.2011 17:10:10
VBASE017.VDF  : 7.11.18.239    177152 Bytes  06.12.2011 23:06:19
VBASE018.VDF  : 7.11.19.36    171520 Bytes  09.12.2011 23:06:19
VBASE019.VDF  : 7.11.19.77    144896 Bytes  13.12.2011 10:34:47
VBASE020.VDF  : 7.11.19.115    177664 Bytes  15.12.2011 10:34:47
VBASE021.VDF  : 7.11.19.137    139776 Bytes  16.12.2011 10:34:47
VBASE022.VDF  : 7.11.19.138      2048 Bytes  16.12.2011 10:34:47
VBASE023.VDF  : 7.11.19.139      2048 Bytes  16.12.2011 10:34:47
VBASE024.VDF  : 7.11.19.140      2048 Bytes  16.12.2011 10:34:47
VBASE025.VDF  : 7.11.19.141      2048 Bytes  16.12.2011 10:34:47
VBASE026.VDF  : 7.11.19.142      2048 Bytes  16.12.2011 10:34:47
VBASE027.VDF  : 7.11.19.143      2048 Bytes  16.12.2011 10:34:48
VBASE028.VDF  : 7.11.19.144      2048 Bytes  16.12.2011 10:34:48
VBASE029.VDF  : 7.11.19.145      2048 Bytes  16.12.2011 10:34:48
VBASE030.VDF  : 7.11.19.146      2048 Bytes  16.12.2011 10:34:48
VBASE031.VDF  : 7.11.19.153    23552 Bytes  16.12.2011 10:34:48
Engineversion  : 8.2.8.8 
AEVDF.DLL      : 8.1.2.2      106868 Bytes  25.10.2011 16:23:12
AESCRIPT.DLL  : 8.1.3.92    495996 Bytes  17.12.2011 10:34:51
AESCN.DLL      : 8.1.7.2      127349 Bytes  24.11.2010 19:30:47
AESBX.DLL      : 8.2.4.5      434549 Bytes  02.12.2011 20:06:43
AERDL.DLL      : 8.1.9.15    639348 Bytes  09.09.2011 09:08:47
AEPACK.DLL    : 8.2.15.1    770423 Bytes  17.12.2011 10:34:51
AEOFFICE.DLL  : 8.1.2.24    201084 Bytes  17.12.2011 10:34:50
AEHEUR.DLL    : 8.1.3.8    4231543 Bytes  17.12.2011 10:34:50
AEHELP.DLL    : 8.1.18.0    254327 Bytes  25.10.2011 16:23:08
AEGEN.DLL      : 8.1.5.17    405877 Bytes  09.12.2011 23:06:21
AEEMU.DLL      : 8.1.3.0      393589 Bytes  24.11.2010 19:30:44
AECORE.DLL    : 8.1.24.2    201080 Bytes  17.12.2011 10:34:48
AEBB.DLL      : 8.1.1.0      53618 Bytes  24.04.2010 10:02:25
AVWINLL.DLL    : 9.0.0.3      18177 Bytes  12.12.2008 07:47:56
AVPREF.DLL    : 9.0.3.0      44289 Bytes  26.08.2009 14:13:59
AVREP.DLL      : 10.0.0.9    174120 Bytes  06.03.2011 18:08:23
AVREG.DLL      : 9.0.0.0      36609 Bytes  07.11.2008 14:25:04
AVARKT.DLL    : 9.0.0.3      292609 Bytes  24.03.2009 14:05:37
AVEVTLOG.DLL  : 9.0.0.7      167169 Bytes  30.01.2009 09:37:04
SQLITE3.DLL    : 3.6.1.0      326401 Bytes  28.01.2009 14:03:49
SMTPLIB.DLL    : 9.2.0.25      28417 Bytes  02.02.2009 07:21:28
NETNT.DLL      : 9.0.0.0      11521 Bytes  07.11.2008 14:41:21
RCIMAGE.DLL    : 9.0.0.25    2438913 Bytes  15.05.2009 14:35:17
RCTEXT.DLL    : 9.0.73.0      87297 Bytes  13.10.2009 11:19:29

Konfiguration für den aktuellen Suchlauf:
Job Name..............................: Manuelle Auswahl
Konfigurationsdatei...................: C:\ProgramData\Avira\AntiVir Desktop\PROFILES\folder.avp
Protokollierung.......................: niedrig
Primäre Aktion........................: interaktiv
Sekundäre Aktion......................: ignorieren
Durchsuche Masterbootsektoren.........: ein
Durchsuche Bootsektoren...............: ein
Bootsektoren..........................: C:, D:,
Durchsuche aktive Programme...........: ein
Durchsuche Registrierung..............: ein
Suche nach Rootkits...................: ein
Integritätsprüfung von Systemdateien..: ein
Datei Suchmodus.......................: Intelligente Dateiauswahl
Durchsuche Archive....................: ein
Rekursionstiefe einschränken..........: 20
Archiv Smart Extensions...............: ein
Makrovirenheuristik...................: ein
Dateiheuristik........................: hoch
Abweichende Gefahrenkategorien........: +PCK,+PFS,

Beginn des Suchlaufs: Samstag, 17. Dezember 2011  12:45

Untersuchung der Systemdateien wird begonnen:
Signiert -> 'C:\Windows\system32\svchost.exe'
Signiert -> 'C:\Windows\system32\winlogon.exe'
Signiert -> 'C:\Windows\explorer.exe'
Signiert -> 'C:\Windows\system32\smss.exe'
Signiert -> 'C:\Windows\system32\wininet.DLL'
Signiert -> 'C:\Windows\system32\wsock32.DLL'
Signiert -> 'C:\Windows\system32\ws2_32.DLL'
Signiert -> 'C:\Windows\system32\services.exe'
Signiert -> 'C:\Windows\system32\lsass.exe'
Signiert -> 'C:\Windows\system32\csrss.exe'
Signiert -> 'C:\Windows\system32\drivers\kbdclass.sys'
Signiert -> 'C:\Windows\system32\spoolsv.exe'
Signiert -> 'C:\Windows\system32\alg.exe'
Signiert -> 'C:\Windows\system32\wuauclt.exe'
Signiert -> 'C:\Windows\system32\advapi32.DLL'
Signiert -> 'C:\Windows\system32\user32.DLL'
Signiert -> 'C:\Windows\system32\gdi32.DLL'
Signiert -> 'C:\Windows\system32\kernel32.DLL'
Signiert -> 'C:\Windows\system32\ntdll.DLL'
Signiert -> 'C:\Windows\system32\ntoskrnl.exe'
Signiert -> 'C:\Windows\system32\ctfmon.exe'
Die Systemdateien wurden durchsucht ('21' Dateien)

Der Suchlauf nach versteckten Objekten wird begonnen.
Es wurden '91899' Objekte überprüft, '0' versteckte Objekte wurden gefunden.

Der Suchlauf über gestartete Prozesse wird begonnen:
Durchsuche Prozess 'MpCmdRun.exe' - '1' Modul(e) wurden durchsucht
Durchsuche Prozess 'SearchFilterHost.exe' - '1' Modul(e) wurden durchsucht
Durchsuche Prozess 'firefox.exe' - '1' Modul(e) wurden durchsucht
Durchsuche Prozess 'WmiPrvSE.exe' - '1' Modul(e) wurden durchsucht
Durchsuche Prozess 'SearchProtocolHost.exe' - '1' Modul(e) wurden durchsucht
Durchsuche Prozess 'svchost.exe' - '1' Modul(e) wurden durchsucht
Durchsuche Prozess 'msiexec.exe' - '1' Modul(e) wurden durchsucht
Durchsuche Prozess 'TrustedInstaller.exe' - '1' Modul(e) wurden durchsucht
Durchsuche Prozess 'lpksetup.exe' - '1' Modul(e) wurden durchsucht
Durchsuche Prozess 'lpremove.exe' - '1' Modul(e) wurden durchsucht
Durchsuche Prozess 'taskeng.exe' - '1' Modul(e) wurden durchsucht
Durchsuche Prozess 'mcupdate.exe' - '1' Modul(e) wurden durchsucht
Durchsuche Prozess 'taskeng.exe' - '1' Modul(e) wurden durchsucht
Durchsuche Prozess 'avscan.exe' - '1' Modul(e) wurden durchsucht
Durchsuche Prozess 'avcenter.exe' - '1' Modul(e) wurden durchsucht
Durchsuche Prozess 'CCC.exe' - '1' Modul(e) wurden durchsucht
Durchsuche Prozess 'taskeng.exe' - '1' Modul(e) wurden durchsucht
Durchsuche Prozess 'sidebar.exe' - '1' Modul(e) wurden durchsucht
Durchsuche Prozess 'taskeng.exe' - '1' Modul(e) wurden durchsucht
Durchsuche Prozess 'ehmsas.exe' - '1' Modul(e) wurden durchsucht
Durchsuche Prozess 'MOM.exe' - '1' Modul(e) wurden durchsucht
Durchsuche Prozess 'taxaktuell.exe' - '1' Modul(e) wurden durchsucht
Durchsuche Prozess 'E_FATIGCE.EXE' - '1' Modul(e) wurden durchsucht
Durchsuche Prozess 'ehtray.exe' - '1' Modul(e) wurden durchsucht
Durchsuche Prozess 'sidebar.exe' - '1' Modul(e) wurden durchsucht
Durchsuche Prozess 'EEventManager.exe' - '1' Modul(e) wurden durchsucht
Durchsuche Prozess 'avgnt.exe' - '1' Modul(e) wurden durchsucht
Durchsuche Prozess 'RtHDVCpl.exe' - '1' Modul(e) wurden durchsucht
Durchsuche Prozess 'MSASCui.exe' - '1' Modul(e) wurden durchsucht
Durchsuche Prozess 'explorer.exe' - '1' Modul(e) wurden durchsucht
Durchsuche Prozess 'dwm.exe' - '1' Modul(e) wurden durchsucht
Durchsuche Prozess 'SDWinSec.exe' - '1' Modul(e) wurden durchsucht
Durchsuche Prozess 'SearchIndexer.exe' - '1' Modul(e) wurden durchsucht
Durchsuche Prozess 'svchost.exe' - '1' Modul(e) wurden durchsucht
Durchsuche Prozess 'TestHandler.exe' - '1' Modul(e) wurden durchsucht
Durchsuche Prozess 'svchost.exe' - '1' Modul(e) wurden durchsucht
Durchsuche Prozess 'svchost.exe' - '1' Modul(e) wurden durchsucht
Durchsuche Prozess 'avguard.exe' - '1' Modul(e) wurden durchsucht
Durchsuche Prozess 'NetworkLicenseServer.exe' - '1' Modul(e) wurden durchsucht
Durchsuche Prozess 'eEBSvc.exe' - '1' Modul(e) wurden durchsucht
Durchsuche Prozess 'svchost.exe' - '1' Modul(e) wurden durchsucht
Durchsuche Prozess 'sched.exe' - '1' Modul(e) wurden durchsucht
Durchsuche Prozess 'spoolsv.exe' - '1' Modul(e) wurden durchsucht
Durchsuche Prozess 'svchost.exe' - '1' Modul(e) wurden durchsucht
Durchsuche Prozess 'svchost.exe' - '1' Modul(e) wurden durchsucht
Durchsuche Prozess 'Ati2evxx.exe' - '1' Modul(e) wurden durchsucht
Durchsuche Prozess 'SLsvc.exe' - '1' Modul(e) wurden durchsucht
Durchsuche Prozess 'svchost.exe' - '1' Modul(e) wurden durchsucht
Durchsuche Prozess 'audiodg.exe' - '0' Modul(e) wurden durchsucht
Durchsuche Prozess 'svchost.exe' - '1' Modul(e) wurden durchsucht
Durchsuche Prozess 'svchost.exe' - '1' Modul(e) wurden durchsucht
Durchsuche Prozess 'svchost.exe' - '1' Modul(e) wurden durchsucht
Durchsuche Prozess 'Ati2evxx.exe' - '1' Modul(e) wurden durchsucht
Durchsuche Prozess 'svchost.exe' - '1' Modul(e) wurden durchsucht
Durchsuche Prozess 'svchost.exe' - '1' Modul(e) wurden durchsucht
Durchsuche Prozess 'svchost.exe' - '1' Modul(e) wurden durchsucht
Durchsuche Prozess 'winlogon.exe' - '1' Modul(e) wurden durchsucht
Durchsuche Prozess 'lsm.exe' - '1' Modul(e) wurden durchsucht
Durchsuche Prozess 'lsass.exe' - '1' Modul(e) wurden durchsucht
Durchsuche Prozess 'services.exe' - '1' Modul(e) wurden durchsucht
Durchsuche Prozess 'wininit.exe' - '1' Modul(e) wurden durchsucht
Durchsuche Prozess 'csrss.exe' - '1' Modul(e) wurden durchsucht
Durchsuche Prozess 'csrss.exe' - '1' Modul(e) wurden durchsucht
Durchsuche Prozess 'smss.exe' - '1' Modul(e) wurden durchsucht
Es wurden '63' Prozesse mit '63' Modulen durchsucht

Der Suchlauf über die Masterbootsektoren wird begonnen:
Masterbootsektor HD0
    [INFO]      Es wurde kein Virus gefunden!

Der Suchlauf über die Bootsektoren wird begonnen:
Bootsektor 'C:\'
    [INFO]      Es wurde kein Virus gefunden!
Bootsektor 'D:\'
    [INFO]      Es wurde kein Virus gefunden!

Der Suchlauf auf Verweise zu ausführbaren Dateien (Registry) wird begonnen:
Die Registry wurde durchsucht ( '47' Dateien ).


Der Suchlauf über die ausgewählten Dateien wird begonnen:

Beginne mit der Suche in 'C:\' <System>
C:\hiberfil.sys
    [WARNUNG]  Die Datei konnte nicht geöffnet werden!
    [HINWEIS]  Bei dieser Datei handelt es sich um eine Windows Systemdatei.
    [HINWEIS]  Es ist in Ordnung, dass diese Datei für die Suche nicht geöffnet werden kann.
C:\pagefile.sys
    [WARNUNG]  Die Datei konnte nicht geöffnet werden!
    [HINWEIS]  Bei dieser Datei handelt es sich um eine Windows Systemdatei.
    [HINWEIS]  Es ist in Ordnung, dass diese Datei für die Suche nicht geöffnet werden kann.
C:\Users\Franka-Standard\AppData\Local\Temp\A9RFD43.tmp
  [0] Archivtyp: PDF
    [FUND]      Enthält Erkennungsmuster des Exploits EXP/Pidief.aif
    --> pdf_form_0.avp
      [FUND]      Enthält Erkennungsmuster des Exploits EXP/Pidief.aif
C:\Users\Franka-Standard\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\9\26f57609-5f2292a6
  [0] Archivtyp: ZIP
    --> Market.class
      [FUND]      Enthält Erkennungsmuster des Exploits EXP/2011-3544.A.1
Beginne mit der Suche in 'D:\' <DATA>

Beginne mit der Desinfektion:
C:\Users\Franka-Standard\AppData\Local\Temp\A9RFD43.tmp
    [FUND]      Enthält Erkennungsmuster des Exploits EXP/Pidief.aif
    [WARNUNG]  Beim Versuch eine Sicherungskopie der Datei anzulegen ist ein Fehler aufgetreten und die Datei wurde nicht gelöscht. Fehlernummer: 26004
    [WARNUNG]  Die Quelldatei konnte nicht gefunden werden.
    [HINWEIS]  Es wird versucht die Aktion mit Hilfe der ARK Library durchzuführen.
    [WARNUNG]  Fehler in der ARK Library
    [HINWEIS]  Die Datei wurde zum Löschen nach einem Neustart markiert.
C:\Users\Franka-Standard\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\9\26f57609-5f2292a6
    [HINWEIS]  Die Datei wurde ins Quarantäneverzeichnis unter dem Namen '4f5308a8.qua' verschoben!


Ende des Suchlaufs: Samstag, 17. Dezember 2011  22:24
Benötigte Zeit:  1:43:38 Stunde(n)

Der Suchlauf wurde vollständig durchgeführt.

  18960 Verzeichnisse wurden überprüft
 340847 Dateien wurden geprüft
      3 Viren bzw. unerwünschte Programme wurden gefunden
      0 Dateien wurden als verdächtig eingestuft
      0 Dateien wurden gelöscht
      0 Viren bzw. unerwünschte Programme wurden repariert
      1 Dateien wurden in die Quarantäne verschoben
      0 Dateien wurden umbenannt
      2 Dateien konnten nicht durchsucht werden
 340842 Dateien ohne Befall
  3393 Archive wurden durchsucht
      3 Warnungen
      4 Hinweise
  91899 Objekte wurden beim Rootkitscan durchsucht
      0 Versteckte Objekte wurden gefunden
+ Marwarebytes File

Code:
Malwarebytes' Anti-Malware 1.51.2.1300
www.malwarebytes.org

Datenbank Version: 8384

Windows 6.0.6000
Internet Explorer 8.0.6001.18904

17.12.2011 22:28:03
mbam-log-2011-12-17 (22-27-45).txt

Art des Suchlaufs: Vollständiger Suchlauf (C:\|D:\|)
Durchsuchte Objekte: 276804
Laufzeit: 1 Stunde(n), 28 Minute(n), 42 Sekunde(n)

Infizierte Speicherprozesse: 0
Infizierte Speichermodule: 0
Infizierte Registrierungsschlüssel: 11
Infizierte Registrierungswerte: 2
Infizierte Dateiobjekte der Registrierung: 2
Infizierte Verzeichnisse: 0
Infizierte Dateien: 2

Infizierte Speicherprozesse:
(Keine bösartigen Objekte gefunden)

Infizierte Speichermodule:
(Keine bösartigen Objekte gefunden)

Infizierte Registrierungsschlüssel:
HKEY_CLASSES_ROOT\CLSID\{78F3A323-798E-4AEA-9A57-88F4B05FD5DD} (PUP.VShareRedir) -> No action taken.
HKEY_CLASSES_ROOT\TypeLib\{BB7256DD-EBA9-480B-8441-A00388C2BEC3} (PUP.VShareRedir) -> No action taken.
HKEY_CLASSES_ROOT\Interface\{3D782BB2-F2A5-11D3-BF4C-000000000000} (PUP.VShareRedir) -> No action taken.
HKEY_CLASSES_ROOT\MyNewsBarLauncher.IE5BarLauncherBHO.1 (PUP.VShareRedir) -> No action taken.
HKEY_CLASSES_ROOT\MyNewsBarLauncher.IE5BarLauncherBHO (PUP.VShareRedir) -> No action taken.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{78F3A323-798E-4AEA-9A57-88F4B05FD5DD} (PUP.VShareRedir) -> No action taken.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{78F3A323-798E-4AEA-9A57-88F4B05FD5DD} (PUP.VShareRedir) -> No action taken.
HKEY_CLASSES_ROOT\CLSID\{7AC3E13B-3BCA-4158-B330-F66DBB03C1B5} (PUP.VShareRedir) -> No action taken.
HKEY_CLASSES_ROOT\MyNewsBarLauncher.IE5BarLauncher.1 (PUP.VShareRedir) -> No action taken.
HKEY_CLASSES_ROOT\MyNewsBarLauncher.IE5BarLauncher (PUP.VShareRedir) -> No action taken.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{7AC3E13B-3BCA-4158-B330-F66DBB03C1B5} (PUP.VShareRedir) -> No action taken.

Infizierte Registrierungswerte:
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar\{7AC3E13B-3BCA-4158-B330-F66DBB03C1B5} (PUP.VShareRedir) -> Value: {7AC3E13B-3BCA-4158-B330-F66DBB03C1B5} -> No action taken.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar\{7AC3E13B-3BCA-4158-B330-F66DBB03C1B5} (PUP.VShareRedir) -> Value: {7AC3E13B-3BCA-4158-B330-F66DBB03C1B5} -> No action taken.

Infizierte Dateiobjekte der Registrierung:
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main\Start Page (Hijack.StartPage) -> Bad: (hxxp://startsear.ch/?aff=1) Good: (hxxp://www.google.com) -> No action taken.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Main\Start Page (Hijack.StartPage) -> Bad: (hxxp://startsear.ch/?aff=1) Good: (hxxp://www.google.com) -> No action taken.

Infizierte Verzeichnisse:
(Keine bösartigen Objekte gefunden)

Infizierte Dateien:
c:\program files\vshare.tv plugin\BarLcher.dll (PUP.VShareRedir) -> No action taken.
d:\desktop pc alt\umzug notebook\eigene dateien\bilder (e-mails)\Alkomat1.exe (Trojan.Agent) -> No action taken.
Danke schonmal! :-)

cosinus 19.12.2011 11:10
Zitat:
-> No action taken.
Die Funde müssen mit Malwarebytes entfernt waren! Bitte nachholen falls noch nicht getan!

Frank75 19.12.2011 20:12
Malware hat bereits einiges in Quarantäne gehabt. Nach dem Löschen habe ich im abgesicherten Modus noch einmal mbam scan gemacht.

Übrigens, beim Hochfahren kommt immer die Meldung in einem extra Fenster "RunDLL"
C:\User\Franka~1\AppData\Local\Temp\wpbt0.dll, Das angegebene Modul wurde nicht gefunden.

Malware Log
Code:
Malwarebytes' Anti-Malware 1.51.2.1300
www.malwarebytes.org

Datenbank Version: 8384

Windows 6.0.6000 (Safe Mode)
Internet Explorer 8.0.6001.18904

19.12.2011 19:23:09
mbam-log-2011-12-19 (19-23-09).txt

Art des Suchlaufs: Vollständiger Suchlauf (C:\|D:\|)
Durchsuchte Objekte: 267798
Laufzeit: 51 Minute(n), 55 Sekunde(n)

Infizierte Speicherprozesse: 0
Infizierte Speichermodule: 0
Infizierte Registrierungsschlüssel: 0
Infizierte Registrierungswerte: 0
Infizierte Dateiobjekte der Registrierung: 0
Infizierte Verzeichnisse: 0
Infizierte Dateien: 0

Infizierte Speicherprozesse:
(Keine bösartigen Objekte gefunden)

Infizierte Speichermodule:
(Keine bösartigen Objekte gefunden)

Infizierte Registrierungsschlüssel:
(Keine bösartigen Objekte gefunden)

Infizierte Registrierungswerte:
(Keine bösartigen Objekte gefunden)

Infizierte Dateiobjekte der Registrierung:
(Keine bösartigen Objekte gefunden)

Infizierte Verzeichnisse:
(Keine bösartigen Objekte gefunden)

Infizierte Dateien:
(Keine bösartigen Objekte gefunden)

cosinus 19.12.2011 20:26
Führ bitte auch ESET aus, danach sehen wir weiter:


ESET Online Scanner

  • Hier findest du eine bebilderte Anleitung zu ESET Online Scanner
  • Lade und starte Eset Online Scanner
  • Setze einen Haken bei Ja, ich bin mit den Nutzungsbedingungen einverstanden und klicke auf Starten.
  • Aktiviere die "Erkennung von eventuell unerwünschten Anwendungen" und wähle folgende Einstellungen.
  • Klicke auf Starten.
  • Die Signaturen werden heruntergeladen, der Scan beginnt automatisch.
  • Klicke am Ende des Suchlaufs auf Fertig stellen.
  • Schließe das Fenster von ESET.
  • Explorer öffnen.
  • C:\Programme\Eset\EsetOnlineScanner\log.txt (bei 64 Bit auch C:\Programme (x86)\Eset\EsetOnlineScanner\log.txt) suchen und mit Deinem Editor öffnen (bebildert).
  • Logfile hier posten.
  • Deinstallation: Systemsteuerung => Software / Programme deinstallieren => Eset Online Scanner V3 entfernen.
  • Manuell folgenden Ordner löschen und Papierkorb leeren => C:\Programme\Eset


Frank75 19.12.2011 23:01
Hi,
anbei das ESET Logfile
Code:
ESETSmartInstaller@High as downloader log:
all ok
# version=7
# OnlineScannerApp.exe=1.0.0.1
# OnlineScanner.ocx=1.0.0.6583
# api_version=3.0.2
# EOSSerial=224b9e6925094a40b67b9bcf901e609c
# end=finished
# remove_checked=false
# archives_checked=true
# unwanted_checked=true
# unsafe_checked=false
# antistealth_checked=true
# utc_time=2011-12-19 09:25:25
# local_time=2011-12-19 10:25:25 (+0100, Mitteleuropäische Zeit)
# country="Germany"
# lang=1033
# osver=6.0.6000 NT
# compatibility_mode=1792 16777191 100 0 166060 166060 0 0
# compatibility_mode=5892 16776573 100 100 5020 161857110 0 0
# compatibility_mode=8192 67108863 100 0 112 112 0 0
# scanned=102841
# found=1
# cleaned=0
# scan_time=5543
C:\Users\Franka-Standard\Downloads\vlc-1.1.11-win32.exe        Win32/StartPage.OIE trojan (unable to clean)        00000000000000000000000000000000        I

cosinus 19.12.2011 23:36
Zitat:
C:\Users\Franka-Standard\Downloads\vlc-1.1.11-win32.exe Win32/StartPage.OIE trojan
Woher hast du dieses VLC-Setup? Direkt vom Hersteller?

Frank75 19.12.2011 23:48
den Download habe ich am 14.9.11 gemacht aber ich weiß leider nicht mehr woher, sry!!
Ist das evtl. die Ursache für den Bundespolizeitrojaner ?

cosinus 20.12.2011 00:08
Nein das kann auch gut ein Fehlalarm sein. Deswegen frag ich ja nach der Quelle ;)
Zumindest seh ich im Dateinamen keinen Softonic-Müll :lach:

Mach bitte ein (neues) OTL-Log

CustomScan mit OTL

Falls noch nicht vorhanden, lade Dir bitte OTL von Oldtimer herunter und speichere es auf Deinem Desktop
Code:
netsvcs
msconfig
safebootminimal
safebootnetwork
activex
drivers32
%ALLUSERSPROFILE%\Application Data\*.
%ALLUSERSPROFILE%\Application Data\*.exe /s
%APPDATA%\*.
%APPDATA%\*.exe /s
%SYSTEMDRIVE%\*.exe
/md5start
wininit.exe
userinit.exe
eventlog.dll
scecli.dll
netlogon.dll
cngaudit.dll
ws2ifsl.sys
sceclt.dll
ntelogon.dll
winlogon.exe
logevent.dll
user32.DLL
iaStor.sys
nvstor.sys
atapi.sys
IdeChnDr.sys
viasraid.sys
AGP440.sys
vaxscsi.sys
nvatabus.sys
viamraid.sys
nvata.sys
nvgts.sys
iastorv.sys
ViPrt.sys
eNetHook.dll
ahcix86.sys
KR10N.sys
nvstor32.sys
ahcix86s.sys
/md5stop
%systemroot%\system32\drivers\*.sys /lockedfiles
%systemroot%\System32\config\*.sav
%systemroot%\*. /mp /s
%systemroot%\system32\*.dll /lockedfiles
CREATERESTOREPOINT

Frank75 20.12.2011 00:36
das ist aber viel Text :crazy:

OTL Logfile:
Code:
OTL logfile created on: 20.12.2011 00:16:38 - Run 2
OTL by OldTimer - Version 3.2.31.0    Folder = C:\Users\Franka-Standard\Desktop\Reinigung
Windows Vista Home Premium Edition  (Version = 6.0.6000) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18904)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
 
1,87 Gb Total Physical Memory | 1,24 Gb Available Physical Memory | 66,26% Memory free
3,96 Gb Paging File | 3,04 Gb Available in Paging File | 76,83% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 148,10 Gb Total Space | 94,57 Gb Free Space | 63,86% Space Free | Partition Type: NTFS
Drive D: | 73,07 Gb Total Space | 50,18 Gb Free Space | 68,67% Space Free | Partition Type: NTFS
 
Computer Name: FRANKY-PC | User Name: Franky | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Quick Scan
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days
 
========== Processes (SafeList) ==========
 
PRC - [2011.12.18 20:46:40 | 000,086,224 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\Program Files\Avira\AntiVir Desktop\sched.exe
PRC - [2011.12.18 20:44:18 | 000,463,824 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\Program Files\Avira\AntiVir Desktop\AVWEBGRD.EXE
PRC - [2011.12.18 20:44:13 | 000,080,336 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\Program Files\Avira\AntiVir Desktop\avshadow.exe
PRC - [2011.12.18 20:43:33 | 000,342,480 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\Program Files\Avira\AntiVir Desktop\avmailc.exe
PRC - [2011.12.18 20:43:28 | 000,110,032 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\Program Files\Avira\AntiVir Desktop\avguard.exe
PRC - [2011.12.18 20:43:27 | 000,258,512 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\Program Files\Avira\AntiVir Desktop\avgnt.exe
PRC - [2011.12.17 23:32:41 | 000,584,192 | ---- | M] (OldTimer Tools) -- C:\Users\Franka-Standard\Desktop\Reinigung\OTL.exe
PRC - [2009.11.06 13:45:34 | 000,554,280 | ---- | M] () -- C:\Program Files\Buhl finance\tax 2010 Professional\taxaktuell.exe
PRC - [2009.05.14 17:07:14 | 000,759,048 | ---- | M] (ABBYY) -- C:\Program Files\Common Files\ABBYY\FineReaderSprint\9.00\Licensing\NetworkLicenseServer.exe
PRC - [2008.10.29 07:20:29 | 002,923,520 | ---- | M] (Microsoft Corporation) -- C:\Windows\explorer.exe
PRC - [2007.08.21 10:00:03 | 001,006,264 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Windows Defender\MSASCui.exe
PRC - [2007.04.10 15:01:32 | 004,431,872 | ---- | M] (Realtek Semiconductor) -- C:\Windows\RtHDVCpl.exe
PRC - [2006.12.19 18:23:20 | 000,094,208 | ---- | M] (SEIKO EPSON CORPORATION) -- C:\Program Files\Common Files\EPSON\EBAPI\eEBSVC.exe
PRC - [2006.12.08 09:52:04 | 000,204,800 | ---- | M] (Fujitsu Siemens Computers) -- C:\FirstSteps\OnlineDiagnostic\TestManager\TestHandler.exe
 
 
========== Modules (No Company Name) ==========
 
MOD - [2009.11.06 14:38:52 | 009,175,040 | ---- | M] () -- C:\Program Files\Buhl finance\tax 2010 Professional\winc10.dll
MOD - [2009.11.06 13:48:36 | 010,555,392 | ---- | M] () -- C:\PROGRAM FILES\BUHL FINANCE\TAX 2010 PROFESSIONAL\wstyle510.dll
MOD - [2009.11.06 13:48:36 | 002,166,784 | ---- | M] () -- C:\PROGRAM FILES\BUHL FINANCE\TAX 2010 PROFESSIONAL\wstyle10.dll
MOD - [2009.11.06 13:48:20 | 000,786,432 | ---- | M] () -- C:\Program Files\Buhl finance\tax 2010 Professional\wform10.dll
MOD - [2009.11.06 13:48:16 | 004,145,152 | ---- | M] () -- C:\Program Files\Buhl finance\tax 2010 Professional\wauff10.dll
MOD - [2009.11.06 13:48:00 | 000,946,176 | ---- | M] () -- C:\Program Files\Buhl finance\tax 2010 Professional\wfvie10.dll
MOD - [2009.11.06 13:47:50 | 000,077,824 | ---- | M] () -- C:\Program Files\Buhl finance\tax 2010 Professional\wsons10.dll
MOD - [2009.11.06 13:47:48 | 001,343,488 | ---- | M] () -- C:\Program Files\Buhl finance\tax 2010 Professional\wwerb10.dll
MOD - [2009.11.06 13:47:44 | 001,830,912 | ---- | M] () -- C:\Program Files\Buhl finance\tax 2010 Professional\whau210.dll
MOD - [2009.11.06 13:47:40 | 000,598,016 | ---- | M] () -- C:\Program Files\Buhl finance\tax 2010 Professional\whau110.dll
MOD - [2009.11.06 13:47:38 | 001,167,360 | ---- | M] () -- C:\Program Files\Buhl finance\tax 2010 Professional\wbae410.dll
MOD - [2009.11.06 13:47:34 | 001,863,680 | ---- | M] () -- C:\Program Files\Buhl finance\tax 2010 Professional\wbae310.dll
MOD - [2009.11.06 13:47:30 | 000,679,936 | ---- | M] () -- C:\Program Files\Buhl finance\tax 2010 Professional\wbae210.dll
MOD - [2009.11.06 13:47:26 | 003,936,256 | ---- | M] () -- C:\Program Files\Buhl finance\tax 2010 Professional\wbae110.dll
MOD - [2009.11.06 13:47:18 | 001,445,888 | ---- | M] () -- C:\Program Files\Buhl finance\tax 2010 Professional\wimp10.dll
MOD - [2009.11.06 13:45:34 | 000,554,280 | ---- | M] () -- C:\Program Files\Buhl finance\tax 2010 Professional\taxaktuell.exe
MOD - [2009.11.06 13:43:04 | 001,011,712 | ---- | M] () -- C:\Program Files\Buhl finance\tax 2010 Professional\wfabu10.dll
MOD - [2009.11.06 13:42:50 | 001,155,072 | ---- | M] () -- C:\Program Files\Buhl finance\tax 2010 Professional\wreli10.dll
MOD - [2009.11.06 13:42:14 | 000,131,072 | ---- | M] () -- C:\Program Files\Buhl finance\tax 2010 Professional\wincb10.dll
MOD - [2009.11.06 13:42:14 | 000,077,824 | ---- | M] () -- C:\Program Files\Buhl finance\tax 2010 Professional\wglob10.dll
MOD - [2009.11.06 13:42:12 | 000,991,232 | ---- | M] () -- C:\Program Files\Buhl finance\tax 2010 Professional\wsteu10.dll
MOD - [2009.11.06 13:42:06 | 000,233,472 | ---- | M] () -- C:\Program Files\Buhl finance\tax 2010 Professional\rszeus4.dll
MOD - [2009.11.06 13:42:06 | 000,090,112 | ---- | M] () -- C:\Program Files\Buhl finance\tax 2010 Professional\rsdebug4.dll
MOD - [2009.11.06 13:42:04 | 000,122,880 | ---- | M] () -- C:\Program Files\Buhl finance\tax 2010 Professional\rswinapi4.dll
MOD - [2009.10.22 16:53:47 | 011,796,992 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Web\03858406f9a9514402888707e8b93abe\System.Web.ni.dll
MOD - [2009.10.22 16:53:35 | 000,771,584 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Runtime.Remo#\23281812ddf7a1fab881b5322e577ac4\System.Runtime.Remoting.ni.dll
MOD - [2009.10.22 16:53:24 | 000,971,264 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Configuration\e6001d416f7c468334934a2c6a41c631\System.Configuration.ni.dll
MOD - [2009.10.22 16:46:00 | 005,450,752 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Xml\7208ffa39630e9b923331f9df0947a12\System.Xml.ni.dll
MOD - [2009.10.22 16:45:38 | 012,430,848 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\1941d7639299344ae28fb6b23da65247\System.Windows.Forms.ni.dll
MOD - [2009.10.22 16:45:26 | 001,587,200 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Drawing\6312464f64727a2a50d5ce3fd73ad1bb\System.Drawing.ni.dll
MOD - [2009.10.22 16:44:00 | 007,868,416 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System\52e1ea3c7491e05cda766d7b3ce3d559\System.ni.dll
MOD - [2009.10.22 16:43:48 | 011,486,720 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\17f572b09facdc5fda9431558eb7a26e\mscorlib.ni.dll
MOD - [2009.09.29 16:56:08 | 009,437,184 | ---- | M] () -- C:\Program Files\Buhl finance\tax 2010 Professional\QtWebKitrs4.dll
MOD - [2009.09.29 16:25:54 | 000,274,432 | ---- | M] () -- C:\Program Files\Buhl finance\tax 2010 Professional\QtSvgrs4.dll
MOD - [2009.09.29 16:25:34 | 000,266,240 | ---- | M] () -- C:\Program Files\Buhl finance\tax 2010 Professional\phononrs4.dll
MOD - [2009.09.29 16:21:48 | 002,416,640 | ---- | M] () -- C:\Program Files\Buhl finance\tax 2010 Professional\Qt3Supportrs4.dll
MOD - [2009.09.29 16:20:22 | 000,086,016 | ---- | M] () -- C:\Program Files\Buhl finance\tax 2010 Professional\QtTestrs4.dll
MOD - [2009.09.29 16:20:08 | 000,704,512 | ---- | M] () -- C:\Program Files\Buhl finance\tax 2010 Professional\QtScriptrs4.dll
MOD - [2009.09.29 16:19:04 | 000,589,824 | ---- | M] () -- C:\Program Files\Buhl finance\tax 2010 Professional\QtSqlrs4.dll
MOD - [2009.09.29 16:18:44 | 008,028,160 | ---- | M] () -- C:\Program Files\Buhl finance\tax 2010 Professional\QtGuirs4.dll
MOD - [2009.09.29 16:11:08 | 000,897,024 | ---- | M] () -- C:\Program Files\Buhl finance\tax 2010 Professional\QtNetworkrs4.dll
MOD - [2009.09.29 16:10:18 | 000,364,544 | ---- | M] () -- C:\Program Files\Buhl finance\tax 2010 Professional\QtXmlrs4.dll
MOD - [2009.09.29 16:10:08 | 002,076,672 | ---- | M] () -- C:\Program Files\Buhl finance\tax 2010 Professional\QtCorers4.dll
MOD - [2009.09.21 13:21:58 | 000,151,552 | ---- | M] () -- C:\Program Files\Buhl finance\tax 2010 Professional\rsodbc4.dll
MOD - [2009.09.21 13:21:58 | 000,029,184 | ---- | M] () -- C:\Program Files\Buhl finance\tax 2010 Professional\rsdcom4.dll
MOD - [2008.07.27 19:00:27 | 000,372,736 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\System.Management\2.0.0.0__b03f5f7f11d50a3a\System.Management.dll
MOD - [2008.07.27 19:00:17 | 000,434,176 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\System.Windows.Forms.resources\2.0.0.0_de_b77a5c561934e089\System.Windows.Forms.resources.dll
MOD - [2008.07.27 19:00:17 | 000,315,392 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\mscorlib.resources\2.0.0.0_de_b77a5c561934e089\mscorlib.resources.dll
MOD - [2007.08.21 10:26:20 | 001,671,168 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Aspect.DisplaysManager.Graphics.Wizard\2.0.2589.34579__90ba9c70f846762e\CLI.Aspect.DisplaysManager.Graphics.Wizard.dll
MOD - [2007.08.21 10:26:20 | 000,225,280 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Caste.Graphics.Runtime\2.0.2589.34534__90ba9c70f846762e\CLI.Caste.Graphics.Runtime.dll
MOD - [2007.08.21 10:26:20 | 000,184,320 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Aspect.InfoCentre.Graphics.Wizard\2.0.2589.34592__90ba9c70f846762e\CLI.Aspect.InfoCentre.Graphics.Wizard.dll
MOD - [2007.08.21 10:26:20 | 000,098,304 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Aspect.DeviceTV.Graphics.Wizard\2.0.2589.34821__90ba9c70f846762e\CLI.Aspect.DeviceTV.Graphics.Wizard.dll
MOD - [2007.08.21 10:26:20 | 000,073,728 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Aspect.DeviceTV.Graphics.Runtime\2.0.2589.34808__90ba9c70f846762e\CLI.Aspect.DeviceTV.Graphics.Runtime.dll
MOD - [2007.08.21 10:26:20 | 000,040,960 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Caste.Graphics.Wizard\2.0.2589.34570__90ba9c70f846762e\CLI.Caste.Graphics.Wizard.dll
MOD - [2007.08.21 10:26:20 | 000,032,768 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Aspect.InfoCentre.Graphics.Runtime\2.0.2589.34591__90ba9c70f846762e\CLI.Aspect.InfoCentre.Graphics.Runtime.dll
MOD - [2007.08.21 10:26:20 | 000,020,480 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Aspect.HotkeysHandling.Graphics.Runtime\2.0.2589.34555__90ba9c70f846762e\CLI.Aspect.HotkeysHandling.Graphics.Runtime.dll
MOD - [2007.08.21 10:26:19 | 000,483,328 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Aspect.TransCode.Graphics.Wizard\2.0.2589.34851__90ba9c70f846762e\CLI.Aspect.TransCode.Graphics.Wizard.dll
MOD - [2007.08.21 10:26:19 | 000,061,440 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Aspect.DeviceCV.Graphics.Runtime\2.0.2589.34761__90ba9c70f846762e\CLI.Aspect.DeviceCV.Graphics.Runtime.dll
MOD - [2007.08.21 10:26:19 | 000,015,360 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Aspect.DeviceProperty.Graphics.Runtime\2.0.2589.34693__90ba9c70f846762e\CLI.Aspect.DeviceProperty.Graphics.Runtime.dll
MOD - [2007.08.21 10:25:59 | 000,344,064 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Aspect.Radeon3D.Graphics.Dashboard\2.0.2589.34776__90ba9c70f846762e\CLI.Aspect.Radeon3D.Graphics.Dashboard.dll
MOD - [2007.08.21 10:25:59 | 000,139,264 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Aspect.PowerPlayDPPE.Graphics.Dashboard\2.0.2589.34843__90ba9c70f846762e\CLI.Aspect.PowerPlayDPPE.Graphics.Dashboard.dll
MOD - [2007.08.21 10:25:59 | 000,135,168 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Aspect.Welcome.Graphics.Dashboard\2.0.2589.34857__90ba9c70f846762e\CLI.Aspect.Welcome.Graphics.Dashboard.dll
MOD - [2007.08.21 10:25:59 | 000,090,112 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Aspect.Radeon3D.Graphics.Wizard\2.0.2589.34781__90ba9c70f846762e\CLI.Aspect.Radeon3D.Graphics.Wizard.dll
MOD - [2007.08.21 10:25:59 | 000,073,728 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Caste.Graphics.Dashboard\2.0.2589.34549__90ba9c70f846762e\CLI.Caste.Graphics.Dashboard.dll
MOD - [2007.08.21 10:25:59 | 000,057,344 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Aspect.Radeon3D.Graphics.Runtime\2.0.2589.34773__90ba9c70f846762e\CLI.Aspect.Radeon3D.Graphics.Runtime.dll
MOD - [2007.08.21 10:25:59 | 000,040,960 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Aspect.PowerPlayDPPE.Graphics.Runtime\2.0.2589.34842__90ba9c70f846762e\CLI.Aspect.PowerPlayDPPE.Graphics.Runtime.dll
MOD - [2007.08.21 10:25:58 | 000,909,312 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Aspect.DeviceTV.Graphics.Dashboard\2.0.2589.34815__90ba9c70f846762e\CLI.Aspect.DeviceTV.Graphics.Dashboard.dll
MOD - [2007.08.21 10:25:58 | 000,667,648 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Aspect.MMVideo.Graphics.Dashboard\2.0.2589.34707__90ba9c70f846762e\CLI.Aspect.MMVideo.Graphics.Dashboard.dll
MOD - [2007.08.21 10:25:58 | 000,573,440 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Aspect.DisplaysColour2.Graphics.Dashboard\2.0.2589.34606__90ba9c70f846762e\CLI.Aspect.DisplaysColour2.Graphics.Dashboard.dll
MOD - [2007.08.21 10:25:58 | 000,475,136 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Aspect.DeviceCRT.Graphics.Dashboard\2.0.2589.34698__90ba9c70f846762e\CLI.Aspect.DeviceCRT.Graphics.Dashboard.dll
MOD - [2007.08.21 10:25:58 | 000,438,272 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Aspect.DisplaysManager.Graphics.Dashboard\2.0.2589.34557__90ba9c70f846762e\CLI.Aspect.DisplaysManager.Graphics.Dashboard.dll
MOD - [2007.08.21 10:25:58 | 000,401,408 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Aspect.MMVideo.Graphics.Wizard\2.0.2589.34795__90ba9c70f846762e\CLI.Aspect.MMVideo.Graphics.Wizard.dll
MOD - [2007.08.21 10:25:58 | 000,401,408 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Aspect.DeviceLCD.Graphics.Dashboard\2.0.2589.34748__90ba9c70f846762e\CLI.Aspect.DeviceLCD.Graphics.Dashboard.dll
MOD - [2007.08.21 10:25:58 | 000,303,104 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Aspect.DeviceLCD.Graphics.Wizard\2.0.2589.34613__90ba9c70f846762e\CLI.Aspect.DeviceLCD.Graphics.Wizard.dll
MOD - [2007.08.21 10:25:58 | 000,208,896 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Aspect.InfoCentre.Graphics.Dashboard\2.0.2589.34599__90ba9c70f846762e\CLI.Aspect.InfoCentre.Graphics.Dashboard.dll
MOD - [2007.08.21 10:25:58 | 000,118,784 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Aspect.DisplaysOptions.Graphics.Dashboard\2.0.2589.34728__90ba9c70f846762e\CLI.Aspect.DisplaysOptions.Graphics.Dashboard.dll
MOD - [2007.08.21 10:25:58 | 000,053,248 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Aspect.DeviceDFP.Graphics.Runtime\2.0.2589.34694__90ba9c70f846762e\CLI.Aspect.DeviceDFP.Graphics.Runtime.dll
MOD - [2007.08.21 10:25:58 | 000,045,056 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Aspect.MMVideo.Graphics.Runtime\2.0.2589.34703__90ba9c70f846762e\CLI.Aspect.MMVideo.Graphics.Runtime.dll
MOD - [2007.08.21 10:25:58 | 000,040,960 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Aspect.DeviceCRT.Graphics.Runtime\2.0.2589.34702__90ba9c70f846762e\CLI.Aspect.DeviceCRT.Graphics.Runtime.dll
MOD - [2007.08.21 10:25:58 | 000,036,864 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Aspect.DisplaysOptions.Graphics.Runtime\2.0.2589.34727__90ba9c70f846762e\CLI.Aspect.DisplaysOptions.Graphics.Runtime.dll
MOD - [2007.08.21 10:25:58 | 000,036,864 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Aspect.DisplaysColour2.Graphics.Runtime\2.0.2589.34612__90ba9c70f846762e\CLI.Aspect.DisplaysColour2.Graphics.Runtime.dll
MOD - [2007.08.21 10:25:58 | 000,032,768 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Aspect.DeviceLCD.Graphics.Runtime\2.0.2589.34747__90ba9c70f846762e\CLI.Aspect.DeviceLCD.Graphics.Runtime.dll
MOD - [2007.08.21 10:25:57 | 000,016,384 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\AEM.Plugin.EEU.Shared\2.0.2560.26010__90ba9c70f846762e\AEM.Plugin.EEU.Shared.dll
MOD - [2007.08.21 10:25:57 | 000,016,384 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\AEM.Plugin.DPPE.Shared\2.0.2560.26010__90ba9c70f846762e\AEM.Plugin.DPPE.Shared.dll
MOD - [2007.08.21 10:25:57 | 000,006,656 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\atixclib\1.0.0.0__90ba9c70f846762e\atixclib.dll
MOD - [2007.08.21 10:25:56 | 000,057,344 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Aspect.DeviceTV.Graphics.Shared\2.0.2560.26001__90ba9c70f846762e\CLI.Aspect.DeviceTV.Graphics.Shared.dll
MOD - [2007.08.21 10:25:56 | 000,053,248 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Aspect.InfoCentre.Graphics.Shared\2.0.2560.25988__90ba9c70f846762e\CLI.Aspect.InfoCentre.Graphics.Shared.dll
MOD - [2007.08.21 10:25:56 | 000,049,152 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Foundation\2.0.2560.25961__90ba9c70f846762e\CLI.Foundation.dll
MOD - [2007.08.21 10:25:56 | 000,049,152 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Caste.Graphics.Shared\2.0.2560.25971__90ba9c70f846762e\CLI.Caste.Graphics.Shared.dll
MOD - [2007.08.21 10:25:56 | 000,045,056 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\DEM.Graphics.I0601\2.0.2537.29860__90ba9c70f846762e\DEM.Graphics.I0601.dll
MOD - [2007.08.21 10:25:56 | 000,045,056 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Aspect.Radeon3D.Graphics.Shared\2.0.2560.26000__90ba9c70f846762e\CLI.Aspect.Radeon3D.Graphics.Shared.dll
MOD - [2007.08.21 10:25:56 | 000,040,960 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Aspect.TransCode.Graphics.Shared\2.0.2560.26012__90ba9c70f846762e\CLI.Aspect.TransCode.Graphics.Shared.dll
MOD - [2007.08.21 10:25:56 | 000,032,768 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\LOG.Foundation\2.0.2560.25959__90ba9c70f846762e\LOG.Foundation.dll
MOD - [2007.08.21 10:25:56 | 000,032,768 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Aspect.MMVideo.Graphics.Shared\2.0.2560.25999__90ba9c70f846762e\CLI.Aspect.MMVideo.Graphics.Shared.dll
MOD - [2007.08.21 10:25:56 | 000,028,672 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Foundation.XManifest\2.0.2560.26040__90ba9c70f846762e\CLI.Foundation.XManifest.dll
MOD - [2007.08.21 10:25:56 | 000,028,672 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Aspect.DisplaysColour2.Graphics.Shared\2.0.2560.25988__90ba9c70f846762e\CLI.Aspect.DisplaysColour2.Graphics.Shared.dll
MOD - [2007.08.21 10:25:56 | 000,028,672 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Aspect.DeviceLCD.Graphics.Shared\2.0.2560.25987__90ba9c70f846762e\CLI.Aspect.DeviceLCD.Graphics.Shared.dll
MOD - [2007.08.21 10:25:56 | 000,024,576 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\NEWAEM.Foundation\2.0.2560.25964__90ba9c70f846762e\NEWAEM.Foundation.dll
MOD - [2007.08.21 10:25:56 | 000,024,576 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Aspect.PowerPlayDPPE.Graphics.Shared\2.0.2560.26012__90ba9c70f846762e\CLI.Aspect.PowerPlayDPPE.Graphics.Shared.dll
MOD - [2007.08.21 10:25:56 | 000,024,576 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Aspect.DisplaysOptions.Graphics.Shared\2.0.2560.25999__90ba9c70f846762e\CLI.Aspect.DisplaysOptions.Graphics.Shared.dll
MOD - [2007.08.21 10:25:56 | 000,024,576 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Aspect.DeviceProperty.Graphics.Shared\2.0.2560.25986__90ba9c70f846762e\CLI.Aspect.DeviceProperty.Graphics.Shared.dll
MOD - [2007.08.21 10:25:56 | 000,020,480 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Component.Wizard.Shared\2.0.2560.25982__90ba9c70f846762e\CLI.Component.Wizard.Shared.dll
MOD - [2007.08.21 10:25:56 | 000,020,480 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Component.Dashboard.Shared\2.0.2560.25973__90ba9c70f846762e\CLI.Component.Dashboard.Shared.dll
MOD - [2007.08.21 10:25:56 | 000,020,480 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Component.Client.Shared\2.0.2560.25968__90ba9c70f846762e\CLI.Component.Client.Shared.dll
MOD - [2007.08.21 10:25:56 | 000,020,480 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Aspect.HotkeysHandling.Graphics.Shared\2.0.2560.25987__90ba9c70f846762e\CLI.Aspect.HotkeysHandling.Graphics.Shared.dll
MOD - [2007.08.21 10:25:56 | 000,016,384 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\MOM.Foundation\2.0.2560.25974__90ba9c70f846762e\MOM.Foundation.dll
MOD - [2007.08.21 10:25:56 | 000,016,384 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\DEM.OS.I0602\2.0.2560.26001__90ba9c70f846762e\DEM.OS.I0602.dll
MOD - [2007.08.21 10:25:56 | 000,016,384 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\DEM.OS\2.0.2560.26002__90ba9c70f846762e\DEM.OS.dll
MOD - [2007.08.21 10:25:56 | 000,016,384 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\DEM.Graphics\2.0.2560.25997__90ba9c70f846762e\DEM.Graphics.dll
MOD - [2007.08.21 10:25:56 | 000,016,384 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\DEM.Foundation\2.0.2531.19989__90ba9c70f846762e\DEM.Foundation.dll
MOD - [2007.08.21 10:25:56 | 000,016,384 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Caste.Graphics.Wizard.Shared\2.0.2560.25988__90ba9c70f846762e\CLI.Caste.Graphics.Wizard.Shared.dll
MOD - [2007.08.21 10:25:56 | 000,016,384 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Caste.Graphics.Dashboard.Shared\2.0.2560.25987__90ba9c70f846762e\CLI.Caste.Graphics.Dashboard.Shared.dll
MOD - [2007.08.21 10:25:55 | 000,053,248 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Aspect.DeviceCRT.Graphics.Shared\2.0.2560.25998__90ba9c70f846762e\CLI.Aspect.DeviceCRT.Graphics.Shared.dll
MOD - [2007.08.21 10:25:55 | 000,040,960 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Aspect.DeviceDFP.Graphics.Shared\2.0.2560.25998__90ba9c70f846762e\CLI.Aspect.DeviceDFP.Graphics.Shared.dll
MOD - [2007.08.21 10:25:55 | 000,040,960 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Aspect.DeviceCV.Graphics.Shared\2.0.2560.26000__90ba9c70f846762e\CLI.Aspect.DeviceCV.Graphics.Shared.dll
MOD - [2007.08.21 10:25:55 | 000,024,576 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Aspect.CustomFormats.Graphics.Shared\2.0.2560.25982__90ba9c70f846762e\CLI.Aspect.CustomFormats.Graphics.Shared.dll
MOD - [2007.08.21 10:25:55 | 000,024,576 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\APM.Foundation\2.0.2560.26001__90ba9c70f846762e\APM.Foundation.dll
MOD - [2007.08.21 10:25:55 | 000,024,576 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\AEM.Foundation\2.0.2560.25960__90ba9c70f846762e\AEM.Foundation.dll
MOD - [2007.08.21 10:25:55 | 000,024,576 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\ACE.Graphics.DisplaysManager.Shared\2.0.2531.19989__90ba9c70f846762e\ACE.Graphics.DisplaysManager.Shared.dll
MOD - [2007.08.21 10:25:55 | 000,016,384 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\AEM.Server.Shared\2.0.2560.25970__90ba9c70f846762e\AEM.Server.Shared.dll
MOD - [2007.08.21 10:25:50 | 000,466,944 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Component.Wizard\2.0.2589.34565__90ba9c70f846762e\CLI.Component.Wizard.dll
MOD - [2007.08.21 10:25:50 | 000,389,120 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Component.Systemtray\2.0.2589.34827__90ba9c70f846762e\CLI.Component.Systemtray.dll
MOD - [2007.08.21 10:25:50 | 000,110,592 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Component.Systemtray.resources\2.0.2589.34827_de_90ba9c70f846762e\CLI.Component.Systemtray.resources.dll
MOD - [2007.08.21 10:25:50 | 000,098,304 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\MOM.Implementation\2.0.2589.34834__90ba9c70f846762e\MOM.Implementation.dll
MOD - [2007.08.21 10:25:50 | 000,090,112 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Component.Runtime\2.0.2589.34533__90ba9c70f846762e\CLI.Component.Runtime.dll
MOD - [2007.08.21 10:25:50 | 000,057,344 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\LOG.Foundation.Implementation\2.0.2589.34833__90ba9c70f846762e\LOG.Foundation.Implementation.dll
MOD - [2007.08.21 10:25:50 | 000,036,864 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Component.Runtime.Shared.Private\2.0.2560.25980__90ba9c70f846762e\CLI.Component.Runtime.Shared.Private.dll
MOD - [2007.08.21 10:25:50 | 000,032,768 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\LOG.Foundation.Private\2.0.2560.25964__90ba9c70f846762e\LOG.Foundation.Private.dll
MOD - [2007.08.21 10:25:50 | 000,032,768 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\AEM.Plugin.Source.Kit.Server\2.0.2589.34878__90ba9c70f846762e\AEM.Plugin.Source.Kit.Server.dll
MOD - [2007.08.21 10:25:50 | 000,024,576 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Component.Wizard.Shared.Private\2.0.2560.26010__90ba9c70f846762e\CLI.Component.Wizard.Shared.Private.dll
MOD - [2007.08.21 10:25:50 | 000,020,480 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\LOG.Foundation.Implementation.Private\2.0.2560.25982__90ba9c70f846762e\LOG.Foundation.Implementation.Private.dll
MOD - [2007.08.21 10:25:50 | 000,020,480 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Foundation.Private\2.0.2560.25966__90ba9c70f846762e\CLI.Foundation.Private.dll
MOD - [2007.08.21 10:25:49 | 001,404,928 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Component.Dashboard\2.0.2589.34543__90ba9c70f846762e\CLI.Component.Dashboard.dll
MOD - [2007.08.21 10:25:49 | 000,053,248 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\ATIDEMOS\2.0.2589.34533__90ba9c70f846762e\ATIDEMOS.dll
MOD - [2007.08.21 10:25:49 | 000,040,960 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Component.Client.Shared.Private\2.0.2560.25970__90ba9c70f846762e\CLI.Component.Client.Shared.Private.dll
MOD - [2007.08.21 10:25:49 | 000,036,864 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\AEM.Server\2.0.2589.34532__90ba9c70f846762e\AEM.Server.dll
MOD - [2007.08.21 10:25:49 | 000,032,768 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\ATICCCom\2.0.0.0__90ba9c70f846762e\ATICCCom.dll
MOD - [2007.08.21 10:25:49 | 000,020,480 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Component.Dashboard.Shared.Private\2.0.2560.25981__90ba9c70f846762e\CLI.Component.Dashboard.Shared.Private.dll
MOD - [2007.08.21 10:25:49 | 000,020,480 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Caste.Graphics.Runtime.Shared.Private\2.0.2560.26004__90ba9c70f846762e\CLI.Caste.Graphics.Runtime.Shared.Private.dll
MOD - [2007.08.21 10:25:49 | 000,019,968 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CCC.Implementation\2.0.2589.34834__90ba9c70f846762e\CCC.Implementation.dll
MOD - [2007.02.02 15:01:32 | 000,159,744 | ---- | M] () -- C:\Windows\System32\atitmmxx.dll
MOD - [2007.01.19 16:23:44 | 000,016,384 | R--- | M] () -- c:\Program Files\ATI Technologies\ATI.ACE\Branding\Branding.dll
 
 
========== Win32 Services (SafeList) ==========
 
SRV - [2011.12.18 20:46:40 | 000,086,224 | ---- | M] (Avira Operations GmbH & Co. KG) [Auto | Running] -- C:\Program Files\Avira\AntiVir Desktop\sched.exe -- (AntiVirSchedulerService)
SRV - [2011.12.18 20:44:18 | 000,463,824 | ---- | M] (Avira Operations GmbH & Co. KG) [Auto | Running] -- C:\Program Files\Avira\AntiVir Desktop\AVWEBGRD.EXE -- (AntiVirWebService)
SRV - [2011.12.18 20:43:33 | 000,342,480 | ---- | M] (Avira Operations GmbH & Co. KG) [Auto | Running] -- C:\Program Files\Avira\AntiVir Desktop\avmailc.exe -- (AntiVirMailService)
SRV - [2011.12.18 20:43:28 | 000,110,032 | ---- | M] (Avira Operations GmbH & Co. KG) [Auto | Running] -- C:\Program Files\Avira\AntiVir Desktop\avguard.exe -- (AntiVirService)
SRV - [2010.06.14 14:07:14 | 000,615,936 | ---- | M] (Nokia) [On_Demand | Stopped] -- C:\Program Files\PC Connectivity Solution\ServiceLayer.exe -- (ServiceLayer)
SRV - [2009.05.14 17:07:14 | 000,759,048 | ---- | M] (ABBYY) [Auto | Running] -- C:\Program Files\Common Files\ABBYY\FineReaderSprint\9.00\Licensing\NetworkLicenseServer.exe -- (ABBYY.Licensing.FineReader.Sprint.9.0)
SRV - [2007.08.21 10:00:03 | 000,265,912 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files\Windows Defender\mpsvc.dll -- (WinDefend)
SRV - [2006.12.19 18:23:20 | 000,094,208 | ---- | M] (SEIKO EPSON CORPORATION) [Auto | Running] -- C:\Program Files\Common Files\EPSON\EBAPI\eEBSVC.exe -- (EpsonBidirectionalService)
SRV - [2006.12.08 09:52:04 | 000,204,800 | ---- | M] (Fujitsu Siemens Computers) [Auto | Running] -- C:\FirstSteps\OnlineDiagnostic\TestManager\TestHandler.exe -- (TestHandler)
 
 
========== Driver Services (SafeList) ==========
 
DRV - [2011.12.09 12:40:20 | 000,134,856 | ---- | M] (Avira GmbH) [Kernel | System | Running] -- C:\Windows\System32\drivers\avipbb.sys -- (avipbb)
DRV - [2011.12.09 12:40:20 | 000,074,640 | ---- | M] (Avira GmbH) [File_System | Auto | Running] -- C:\Windows\System32\drivers\avgntflt.sys -- (avgntflt)
DRV - [2011.12.09 12:40:20 | 000,036,000 | ---- | M] (Avira GmbH) [Kernel | System | Running] -- C:\Windows\System32\drivers\avkmgr.sys -- (avkmgr)
DRV - [2010.06.23 09:21:32 | 000,259,176 | ---- | M] (Realtek                                            ) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\Rtlh86.sys -- (RTL8169)
DRV - [2010.06.17 14:14:27 | 000,028,520 | ---- | M] (Avira GmbH) [Kernel | System | Running] -- C:\Windows\System32\drivers\ssmdrv.sys -- (ssmdrv)
DRV - [2009.09.05 14:25:36 | 001,183,744 | ---- | M] (Atheros Communications, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\athr.sys -- (athr)
DRV - [2008.08.26 09:26:12 | 000,018,816 | ---- | M] (Nokia) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\pccsmcfd.sys -- (pccsmcfd)
DRV - [2007.02.02 15:09:42 | 002,385,920 | ---- | M] (ATI Technologies Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\atikmdag.sys -- (R300)
DRV - [2006.11.02 08:41:49 | 001,010,560 | ---- | M] (Motorola Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\smserial.sys -- (smserial)
DRV - [2006.07.14 13:55:34 | 000,105,088 | ---- | M] (NVIDIA Corporation) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\nvatabus.sys -- (nvatabus)
 
 
========== Standard Registry (SafeList) ==========
 
 
========== Internet Explorer ==========
 
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.google.com
IE - HKLM\..\URLSearchHook: {872b5b88-9db5-4310-bdd0-ac189557e5f5} - C:\Program Files\DVDVideoSoftTB\prxtbDVDV.dll (Conduit Ltd.)
 
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.google.com
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = hxxp://de.msn.com/?ocid=iehp
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = de
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = 65 3A 20 39 2F AC CB 01  [binary data]
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,StartPageCache = 1
IE - HKCU\..\URLSearchHook: {872b5b88-9db5-4310-bdd0-ac189557e5f5} - C:\Program Files\DVDVideoSoftTB\prxtbDVDV.dll (Conduit Ltd.)
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
 
========== FireFox ==========
 
FF - prefs.js..CommunityToolbar.SearchFromAddressBarSavedUrl: "data:text/plain,keyword.URL=hxxp://go.web.de/br/moz_keyurl_search/?su="
FF - prefs.js..browser.search.defaultengine: "Web Search"
FF - prefs.js..browser.search.defaultenginename: "Web Search"
FF - prefs.js..browser.search.defaultthis.engineName: "DVDVideoSoftTB Customized Web Search"
FF - prefs.js..browser.search.defaulturl: "hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT2269050&SearchSource=3&q={searchTerms}"
FF - prefs.js..browser.search.order.1: "Web Search"
FF - prefs.js..browser.search.selectedEngine: "DVDVideoSoftTB Customized Web Search"
FF - prefs.js..browser.startup.homepage: "hxxp://startsear.ch/?aff=1"
FF - prefs.js..extensions.enabledItems: {A27F3FEF-1113-4cfb-A032-8E12D7D8EE70}:7.3.3.42
FF - prefs.js..extensions.enabledItems: bkmrksync@nokia.com:1.0.0.723
 
FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF32.dll ()
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files\Java\jre6\bin\new_plugin\npjp2.dll (Sun Microsystems, Inc.)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WPF,version=3.5: c:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)
 
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 8.0.1\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2011.12.18 02:57:36 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 8.0.1\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2011.12.17 13:07:16 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Thunderbird 2.0.0.24\extensions\\Components: C:\Program Files\Mozilla Thunderbird\components [2010.03.21 12:33:14 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Thunderbird 2.0.0.24\extensions\\Plugins: C:\Program Files\Mozilla Thunderbird\plugins
 
[2008.12.23 21:49:40 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Franky\AppData\Roaming\mozilla\Extensions
[2011.12.19 20:51:13 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Franky\AppData\Roaming\mozilla\Firefox\Profiles\e7m86hix.default\extensions
[2010.03.31 20:00:51 | 000,000,000 | ---D | M] (Microsoft .NET Framework Assistant) -- C:\Users\Franky\AppData\Roaming\mozilla\Firefox\Profiles\e7m86hix.default\extensions\{20a82645-c095-46ed-80e3-08825760534b}
[2011.12.19 20:51:13 | 000,000,000 | ---D | M] (DVDVideoSoftTB Community Toolbar) -- C:\Users\Franky\AppData\Roaming\mozilla\Firefox\Profiles\e7m86hix.default\extensions\{872b5b88-9db5-4310-bdd0-ac189557e5f5}
[2011.08.17 20:33:54 | 000,000,000 | ---D | M] ("Free YouTube Download (Free Studio) Menu") -- C:\Users\Franky\AppData\Roaming\mozilla\Firefox\Profiles\e7m86hix.default\extensions\{ACAA314B-EEBA-48e4-AD47-84E31C44796C}
[2008.02.10 22:09:07 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Franky\AppData\Roaming\mozilla\Sunbird\Profiles\jiu8o4wq.default\extensions
[2011.08.14 13:55:16 | 000,000,931 | ---- | M] () -- C:\Users\Franky\AppData\Roaming\Mozilla\Firefox\Profiles\e7m86hix.default\searchplugins\conduit.xml
[2011.07.11 19:04:02 | 000,000,633 | ---- | M] () -- C:\Users\Franky\AppData\Roaming\Mozilla\Firefox\Profiles\e7m86hix.default\searchplugins\startsear.xml
[2011.12.18 02:57:43 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files\mozilla firefox\extensions
[2011.12.17 13:07:24 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0030-ABCDEFFEDCBA}
[2011.07.09 10:04:17 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files\mozilla firefox\distribution\extensions
[2011.07.09 10:04:17 | 000,000,000 | ---D | M] (WEB.DE Toolbar) -- C:\Program Files\mozilla firefox\distribution\extensions\toolbar@web.de
[2011.12.18 02:57:35 | 000,134,104 | ---- | M] (Mozilla Foundation) -- C:\Program Files\mozilla firefox\components\browsercomps.dll
[2011.11.10 05:54:13 | 000,476,904 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files\mozilla firefox\plugins\npdeployJava1.dll
[2011.10.03 10:14:54 | 000,083,456 | ---- | M] (vShare.tv ) -- C:\Program Files\mozilla firefox\plugins\npvsharetvplg.dll
[2011.12.18 02:57:31 | 000,001,392 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\amazondotcom-de.xml
[2011.12.18 02:57:31 | 000,002,252 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\bing.xml
[2011.12.18 02:57:31 | 000,001,153 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\eBay-de.xml
[2011.12.18 02:57:31 | 000,006,805 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\leo_ende_de.xml
[2011.12.18 02:57:31 | 000,001,178 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\wikipedia-de.xml
[2011.12.18 02:57:31 | 000,001,105 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\yahoo-de.xml
 
O1 HOSTS File: ([2009.05.26 19:14:36 | 000,306,482 | R--- | M]) - C:\Windows\System32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1      localhost
O1 - Hosts: ::1            localhost
O1 - Hosts: 127.0.0.1        www.007guard.com
O1 - Hosts: 127.0.0.1        007guard.com
O1 - Hosts: 127.0.0.1        008i.com
O1 - Hosts: 127.0.0.1        www.008k.com
O1 - Hosts: 127.0.0.1        008k.com
O1 - Hosts: 127.0.0.1        www.00hq.com
O1 - Hosts: 127.0.0.1        00hq.com
O1 - Hosts: 127.0.0.1        010402.com
O1 - Hosts: 127.0.0.1        www.032439.com
O1 - Hosts: 127.0.0.1        032439.com
O1 - Hosts: 127.0.0.1        www.0scan.com
O1 - Hosts: 127.0.0.1        0scan.com
O1 - Hosts: 127.0.0.1        www.1000gratisproben.com
O1 - Hosts: 127.0.0.1        1000gratisproben.com
O1 - Hosts: 127.0.0.1        www.1001namen.com
O1 - Hosts: 127.0.0.1        1001namen.com
O1 - Hosts: 127.0.0.1        100888290cs.com
O1 - Hosts: 127.0.0.1        www.100888290cs.com
O1 - Hosts: 127.0.0.1        100sexlinks.com
O1 - Hosts: 127.0.0.1        www.100sexlinks.com
O1 - Hosts: 127.0.0.1        10sek.com
O1 - Hosts: 127.0.0.1        www.10sek.com
O1 - Hosts: 127.0.0.1        www.1-2005-search.com
O1 - Hosts: 10551 more lines...
O2 - BHO: (Conduit Engine) - {30F9B915-B755-4826-820B-08FBA6BD249D} - C:\Program Files\ConduitEngine\prxConduitEngine.dll (Conduit Ltd.)
O2 - BHO: (Java(tm) Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre6\bin\ssv.dll (Sun Microsystems, Inc.)
O2 - BHO: (DVDVideoSoftTB Toolbar) - {872b5b88-9db5-4310-bdd0-ac189557e5f5} - C:\Program Files\DVDVideoSoftTB\prxtbDVDV.dll (Conduit Ltd.)
O2 - BHO: (Easy Photo Print) - {9421DD08-935F-4701-A9CA-22DF90AC4EA6} - C:\Program Files\Epson Software\Easy Photo Print\EPTBL.dll (SEIKO EPSON CORPORATION / CyCom Technology Corp.)
O3 - HKLM\..\Toolbar: (Conduit Engine) - {30F9B915-B755-4826-820B-08FBA6BD249D} - C:\Program Files\ConduitEngine\prxConduitEngine.dll (Conduit Ltd.)
O3 - HKLM\..\Toolbar: (DVDVideoSoftTB Toolbar) - {872b5b88-9db5-4310-bdd0-ac189557e5f5} - C:\Program Files\DVDVideoSoftTB\prxtbDVDV.dll (Conduit Ltd.)
O3 - HKLM\..\Toolbar: (Easy Photo Print) - {9421DD08-935F-4701-A9CA-22DF90AC4EA6} - C:\Program Files\Epson Software\Easy Photo Print\EPTBL.dll (SEIKO EPSON CORPORATION / CyCom Technology Corp.)
O4 - HKLM..\Run: [avgnt] C:\Program Files\Avira\AntiVir Desktop\avgnt.exe (Avira Operations GmbH & Co. KG)
O4 - HKLM..\Run: [RtHDVCpl] C:\Windows\RtHDVCpl.exe (Realtek Semiconductor)
O4 - HKLM..\Run: [Windows Defender] C:\Program Files\Windows Defender\MSASCui.exe (Microsoft Corporation)
O4 - HKCU..\Run: [Epson Stylus SX420W(Netzwerk)] C:\Windows\System32\spool\DRIVERS\W32X86\3\E_FATIGCE.EXE (SEIKO EPSON CORPORATION)
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O8 - Extra context menu item: Free YouTube to MP3 Converter - C:\Users\Franky\AppData\Roaming\DVDVideoSoftIEHelpers\freeyoutubetomp3converter.htm ()
O8 - Extra context menu item: Nach Microsoft E&xel exportieren - res://C:\PROGRA~1\MICROS~3\Office12\EXCEL.EXE/3000 File not found
O9 - Extra Button: An OneNote senden - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~3\Office12\ONBttnIE.dll (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : An OneNote s&enden - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~3\Office12\ONBttnIE.dll (Microsoft Corporation)
O9 - Extra Button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~3\Office12\REFIEBAR.DLL (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000001 - C:\Program Files\Avira\AntiVir Desktop\avsda.dll (Avira Operations GmbH & Co. KG)
O10 - Protocol_Catalog9\Catalog_Entries\000000000002 - C:\Program Files\Avira\AntiVir Desktop\avsda.dll (Avira Operations GmbH & Co. KG)
O10 - Protocol_Catalog9\Catalog_Entries\000000000003 - C:\Program Files\Avira\AntiVir Desktop\avsda.dll (Avira Operations GmbH & Co. KG)
O10 - Protocol_Catalog9\Catalog_Entries\000000000004 - C:\Program Files\Avira\AntiVir Desktop\avsda.dll (Avira Operations GmbH & Co. KG)
O10 - Protocol_Catalog9\Catalog_Entries\000000000023 - C:\Program Files\Avira\AntiVir Desktop\avsda.dll (Avira Operations GmbH & Co. KG)
O13 - gopher Prefix: missing
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_30-windows-i586.cab (Java Plug-in 1.6.0_30)
O16 - DPF: {CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_07-windows-i586.cab (Java Plug-in 1.6.0_07)
O16 - DPF: {CAFEEFAC-0016-0000-0030-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_30-windows-i586.cab (Java Plug-in 1.6.0_30)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_30-windows-i586.cab (Java Plug-in 1.6.0_30)
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} hxxp://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab (Reg Error: Key error.)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.178.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{71E191F8-54B6-4E29-8C4D-EB0CDAE4DA4D}: DhcpNameServer = 192.168.178.1
O18 - Protocol\Filter\text/xml {807563E5-5146-11D5-A672-00B0D022E945} - C:\PROGRA~1\COMMON~1\MICROS~1\OFFICE12\MSOXMLMF.DLL (Microsoft Corporation)
O20 - HKLM Winlogon: Shell - (explorer.exe) -C:\Windows\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) -C:\Windows\System32\userinit.exe (Microsoft Corporation)
O24 - Desktop WallPaper: C:\Windows\Web\Wallpaper\img8.jpg
O24 - Desktop BackupWallPaper: C:\Windows\Web\Wallpaper\img8.jpg
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2006.09.18 22:43:36 | 000,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ]
O32 - AutoRun File - [2009.07.25 10:12:23 | 000,000,000 | ---D | M] - D:\Auto -- [ NTFS ]
O34 - HKLM BootExecute: (autocheck autochk *)
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
 
NetSvcs: FastUserSwitchingCompatibility -  File not found
NetSvcs: Ias - C:\Windows\System32\ias.dll (Microsoft Corporation)
NetSvcs: Nla -  File not found
NetSvcs: Ntmssvc -  File not found
NetSvcs: NWCWorkstation -  File not found
NetSvcs: Nwsapagent -  File not found
NetSvcs: SRService -  File not found
NetSvcs: WmdmPmSp -  File not found
NetSvcs: LogonHours -  File not found
NetSvcs: PCAudit -  File not found
NetSvcs: helpsvc -  File not found
NetSvcs: uploadmgr -  File not found
 
MsConfig - StartUpFolder: C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^Adobe Reader Synchronizer.lnk - C:\PROGRA~1\Adobe\READER~1.0\Reader\ADOBEC~1.EXE - (Adobe Systems Incorporated)
MsConfig - StartUpFolder: C:^Users^Franky^AppData^Roaming^Microsoft^Windows^Start Menu^Programs^Startup^tax aktuell.lnk - C:\PROGRA~1\BUHLFI~1\TAX200~1\TAXAKT~1.EXE - ()
MsConfig - StartUpReg: Adobe Reader Speed Launcher - hkey= - key= - C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe (Adobe Systems Incorporated)
MsConfig - StartUpReg: EEventManager - hkey= - key= - C:\Program Files\Epson Software\Event Manager\EEventManager.exe (SEIKO EPSON CORPORATION)
MsConfig - StartUpReg: Malwarebytes' Anti-Malware (reboot) - hkey= - key= - C:\Program Files\Malwarebytes' Anti-Malware\mbam.exe (Malwarebytes Corporation)
MsConfig - StartUpReg: MSConfig - hkey= - key= -  File not found
MsConfig - StartUpReg: NeroFilterCheck - hkey= - key= - C:\Program Files\Common Files\Ahead\Lib\NeroCheck.exe (Nero AG)
MsConfig - StartUpReg: SMSERIAL - hkey= - key= -  File not found
MsConfig - StartUpReg: StartCCC - hkey= - key= - c:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe ()
MsConfig - State: "startup" - 2
 
SafeBootMin: AppMgmt - Service
SafeBootMin: Base - Driver Group
SafeBootMin: Boot Bus Extender - Driver Group
SafeBootMin: Boot file system - Driver Group
SafeBootMin: File system - Driver Group
SafeBootMin: Filter - Driver Group
SafeBootMin: HelpSvc - Service
SafeBootMin: NTDS -  File not found
SafeBootMin: PCI Configuration - Driver Group
SafeBootMin: PNP Filter - Driver Group
SafeBootMin: Primary disk - Driver Group
SafeBootMin: sacsvr - Service
SafeBootMin: SCSI Class - Driver Group
SafeBootMin: System Bus Extender - Driver Group
SafeBootMin: WinDefend - C:\Program Files\Windows Defender\mpsvc.dll (Microsoft Corporation)
SafeBootMin: {36FC9E60-C465-11CF-8056-444553540000} - Universal Serial Bus controllers
SafeBootMin: {4D36E965-E325-11CE-BFC1-08002BE10318} - CD-ROM Drive
SafeBootMin: {4D36E967-E325-11CE-BFC1-08002BE10318} - DiskDrive
SafeBootMin: {4D36E969-E325-11CE-BFC1-08002BE10318} - Standard floppy disk controller
SafeBootMin: {4D36E96A-E325-11CE-BFC1-08002BE10318} - Hdc
SafeBootMin: {4D36E96B-E325-11CE-BFC1-08002BE10318} - Keyboard
SafeBootMin: {4D36E96F-E325-11CE-BFC1-08002BE10318} - Mouse
SafeBootMin: {4D36E977-E325-11CE-BFC1-08002BE10318} - PCMCIA Adapters
SafeBootMin: {4D36E97B-E325-11CE-BFC1-08002BE10318} - SCSIAdapter
SafeBootMin: {4D36E97D-E325-11CE-BFC1-08002BE10318} - System
SafeBootMin: {4D36E980-E325-11CE-BFC1-08002BE10318} - Floppy disk drive
SafeBootMin: {533C5B84-EC70-11D2-9505-00C04F79DEAF} - Volume shadow copy
SafeBootMin: {6BDD1FC1-810F-11D0-BEC7-08002BE2092F} - IEEE 1394 Bus host controllers
SafeBootMin: {71A27CDD-812A-11D0-BEC7-08002BE2092F} - Volume
SafeBootMin: {745A17A0-74D3-11D0-B6FE-00A0C90F57DA} - Human Interface Devices
SafeBootMin: {D48179BE-EC20-11D1-B6B8-00C04FA372A7} - SBP2 IEEE 1394 Devices
SafeBootMin: {D94EE5D8-D189-4994-83D2-F68D7D41B0E6} - SecurityDevices
 
SafeBootNet: AppMgmt - Service
SafeBootNet: Base - Driver Group
SafeBootNet: Boot Bus Extender - Driver Group
SafeBootNet: Boot file system - Driver Group
SafeBootNet: File system - Driver Group
SafeBootNet: Filter - Driver Group
SafeBootNet: HelpSvc - Service
SafeBootNet: Messenger - Service
SafeBootNet: NDIS Wrapper - Driver Group
SafeBootNet: NetBIOSGroup - Driver Group
SafeBootNet: NetDDEGroup - Driver Group
SafeBootNet: Network - Driver Group
SafeBootNet: NetworkProvider - Driver Group
SafeBootNet: NTDS -  File not found
SafeBootNet: PCI Configuration - Driver Group
SafeBootNet: PNP Filter - Driver Group
SafeBootNet: PNP_TDI - Driver Group
SafeBootNet: Primary disk - Driver Group
SafeBootNet: rdsessmgr - Service
SafeBootNet: sacsvr - Service
SafeBootNet: SCSI Class - Driver Group
SafeBootNet: Streams Drivers - Driver Group
SafeBootNet: System Bus Extender - Driver Group
SafeBootNet: TDI - Driver Group
SafeBootNet: WinDefend - C:\Program Files\Windows Defender\mpsvc.dll (Microsoft Corporation)
SafeBootNet: {36FC9E60-C465-11CF-8056-444553540000} - Universal Serial Bus controllers
SafeBootNet: {4D36E965-E325-11CE-BFC1-08002BE10318} - CD-ROM Drive
SafeBootNet: {4D36E967-E325-11CE-BFC1-08002BE10318} - DiskDrive
SafeBootNet: {4D36E969-E325-11CE-BFC1-08002BE10318} - Standard floppy disk controller
SafeBootNet: {4D36E96A-E325-11CE-BFC1-08002BE10318} - Hdc
SafeBootNet: {4D36E96B-E325-11CE-BFC1-08002BE10318} - Keyboard
SafeBootNet: {4D36E96F-E325-11CE-BFC1-08002BE10318} - Mouse
SafeBootNet: {4D36E972-E325-11CE-BFC1-08002BE10318} - Net
SafeBootNet: {4D36E973-E325-11CE-BFC1-08002BE10318} - NetClient
SafeBootNet: {4D36E974-E325-11CE-BFC1-08002BE10318} - NetService
SafeBootNet: {4D36E975-E325-11CE-BFC1-08002BE10318} - NetTrans
SafeBootNet: {4D36E977-E325-11CE-BFC1-08002BE10318} - PCMCIA Adapters
SafeBootNet: {4D36E97B-E325-11CE-BFC1-08002BE10318} - SCSIAdapter
SafeBootNet: {4D36E97D-E325-11CE-BFC1-08002BE10318} - System
SafeBootNet: {4D36E980-E325-11CE-BFC1-08002BE10318} - Floppy disk drive
SafeBootNet: {50DD5230-BA8A-11D1-BF5D-0000F805F530} - Smart card readers
SafeBootNet: {533C5B84-EC70-11D2-9505-00C04F79DEAF} - Volume shadow copy
SafeBootNet: {6BDD1FC1-810F-11D0-BEC7-08002BE2092F} - IEEE 1394 Bus host controllers
SafeBootNet: {71A27CDD-812A-11D0-BEC7-08002BE2092F} - Volume
SafeBootNet: {745A17A0-74D3-11D0-B6FE-00A0C90F57DA} - Human Interface Devices
SafeBootNet: {D48179BE-EC20-11D1-B6B8-00C04FA372A7} - SBP2 IEEE 1394 Devices
SafeBootNet: {D94EE5D8-D189-4994-83D2-F68D7D41B0E6} - SecurityDevices
 
ActiveX: {08B0E5C0-4FCB-11CF-AAA5-00401C608500} - Java (Sun)
ActiveX: {2179C5D3-EBFF-11CF-B6FD-00AA00B4E220} -
ActiveX: {22d6f312-b0f6-11d0-94ab-0080c74c7e95} - Microsoft Windows Media Player 11.0
ActiveX: {25FFAAD0-F4A3-4164-95FF-4461E9F35D51} - .NET Framework
ActiveX: {2C7339CF-2B09-4501-B3F3-F3508C9228ED} - %SystemRoot%\system32\regsvr32.exe /s /n /i:/UserInstall %SystemRoot%\system32\themeui.dll
ActiveX: {3af36230-a269-11d1-b5bf-0000f8051515} - Offline Browsing Pack
ActiveX: {44BBA840-CC51-11CF-AAFA-00AA00B6015C} - "%ProgramFiles%\Windows Mail\WinMail.exe" OCInstallUserConfigOE
ActiveX: {44BBA848-CC51-11CF-AAFA-00AA00B6015C} -
ActiveX: {44BBA855-CC51-11CF-AAFA-00AA00B6015F} - DirectDrawEx
ActiveX: {45ea75a0-a269-11d1-b5bf-0000f8051515} - Internet Explorer Help
ActiveX: {4f645220-306d-11d2-995d-00c04f98bbc9} - Microsoft Windows Script 5.8
ActiveX: {5fd399c0-a70a-11d1-9948-00c04f98bbc9} - Internet Explorer Setup Tools
ActiveX: {630b1da0-b465-11d1-9948-00c04f98bbc9} - Browsing Enhancements
ActiveX: {6BF52A52-394A-11d3-B153-00C04F79FAA6} - Microsoft Windows Media Player
ActiveX: {6fab99d0-bab8-11d1-994a-00c04f98bbc9} - MSN Site Access
ActiveX: {7790769C-0471-11d2-AF11-00C04FA35D02} - Address Book 7
ActiveX: {7C028AF8-F614-47B3-82DA-BA94E41B1089} - .NET Framework
ActiveX: {89820200-ECBD-11cf-8B85-00AA005B4340} - regsvr32.exe /s /n /i:U shell32.dll
ActiveX: {89820200-ECBD-11cf-8B85-00AA005B4383} - C:\Windows\system32\ie4uinit.exe -BaseSettings
ActiveX: {89B4C1CD-B018-4511-B0A1-5476DBF70820} - C:\Windows\system32\Rundll32.exe C:\Windows\system32\mscories.dll,Install
ActiveX: {9381D8F2-0288-11D0-9501-00AA00B911A5} - Dynamic HTML Data Binding
ActiveX: {C9E9A340-D1F1-11D0-821E-444553540600} - Internet Explorer Core Fonts
ActiveX: {CDD7975E-60F8-41d5-8149-19E51D6F71D0} - Windows Movie Maker v2.1
ActiveX: {D27CDB6E-AE6D-11CF-96B8-444553540000} - Macromedia Shockwave Flash
ActiveX: {de5aed00-a4bf-11d1-9948-00c04f98bbc9} - HTML Help
ActiveX: {E92B03AB-B707-11d2-9CBD-0000F87A369E} - Active Directory Service Interface
ActiveX: >{22d6f312-b0f6-11d0-94ab-0080c74c7e95} - C:\Windows\system32\unregmp2.exe /ShowWMP
ActiveX: >{26923b43-4d38-484f-9b9e-de460746276c} - C:\Windows\system32\ie4uinit.exe -UserIconConfig
ActiveX: >{60B49E34-C7CC-11D0-8953-00A0C90347FF} - "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\iedkcs32.dll",BrandIEActiveSetup SIGNUP
ActiveX: ccc-core-static - msiexec /fums {C61E8F12-31F1-C2E6-DC0C-505CBF2BEE57} /qb
 
Drivers32: msacm.l3acm - C:\Windows\System32\l3codeca.acm (Fraunhofer Institut Integrierte Schaltungen IIS)
Drivers32: vidc.cvid - C:\Windows\System32\iccvid.dll (Radius Inc.)
 
CREATERESTOREPOINT
Restore point Set: OTL Restore Point
 
========== Files/Folders - Created Within 30 Days ==========
 
[2011.12.19 20:51:10 | 000,000,000 | ---D | C] -- C:\Program Files\ESET
[2011.12.18 20:52:37 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Avira
[2011.12.18 03:02:23 | 000,000,000 | ---D | C] -- C:\Users\Franky\AppData\Roaming\vlc
[2011.12.18 02:58:53 | 000,000,000 | ---D | C] -- C:\Users\Franky\AppData\Roaming\Avira
[2011.12.18 02:29:54 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\7-Zip
[2011.12.18 02:29:53 | 000,000,000 | ---D | C] -- C:\Program Files\7-Zip
[2011.12.17 22:45:30 | 000,134,856 | ---- | C] (Avira GmbH) -- C:\Windows\System32\drivers\avipbb.sys
[2011.12.17 22:45:30 | 000,036,000 | ---- | C] (Avira GmbH) -- C:\Windows\System32\drivers\avkmgr.sys
[2011.12.17 22:45:22 | 000,000,000 | ---D | C] -- C:\ProgramData\Avira
[2011.12.17 22:45:22 | 000,000,000 | ---D | C] -- C:\Program Files\Avira
[2011.12.17 13:12:05 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\CCleaner
[2011.12.17 13:11:20 | 000,000,000 | ---D | C] -- C:\Users\Franky\AppData\Roaming\Malwarebytes
[2011.12.17 13:10:56 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes' Anti-Malware
[2011.12.17 13:10:55 | 000,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes
[2011.12.17 13:10:44 | 000,022,216 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbam.sys
[2011.12.17 13:10:44 | 000,000,000 | ---D | C] -- C:\Program Files\Malwarebytes' Anti-Malware
 
========== Files - Modified Within 30 Days ==========
 
[2011.12.20 00:20:00 | 000,000,420 | -H-- | M] () -- C:\Windows\tasks\User_Feed_Synchronization-{B0C877F5-1337-48A8-B8A4-37888470649D}.job
[2011.12.19 23:39:11 | 000,003,072 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0
[2011.12.19 23:39:11 | 000,003,072 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0
[2011.12.19 23:39:05 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2011.12.19 23:38:59 | 2011,283,456 | -HS- | M] () -- C:\hiberfil.sys
[2011.12.19 20:38:19 | 000,000,438 | -H-- | M] () -- C:\Windows\tasks\User_Feed_Synchronization-{0445CB6F-B0A1-4DD2-A2AD-83A0FBC60D5C}.job
[2011.12.17 23:30:51 | 000,000,000 | ---- | M] () -- C:\Users\Franky\defogger_reenable
[2011.12.17 13:12:05 | 000,000,810 | ---- | M] () -- C:\Users\Public\Desktop\CCleaner.lnk
[2011.12.17 13:10:57 | 000,000,912 | ---- | M] () -- C:\Users\Public\Desktop\Malwarebytes' Anti-Malware.lnk
[2011.12.09 12:40:20 | 000,134,856 | ---- | M] (Avira GmbH) -- C:\Windows\System32\drivers\avipbb.sys
[2011.12.09 12:40:20 | 000,074,640 | ---- | M] (Avira GmbH) -- C:\Windows\System32\drivers\avgntflt.sys
[2011.12.09 12:40:20 | 000,036,000 | ---- | M] (Avira GmbH) -- C:\Windows\System32\drivers\avkmgr.sys
[2011.12.05 21:42:25 | 000,641,344 | ---- | M] () -- C:\Windows\System32\perfh007.dat
[2011.12.05 21:42:25 | 000,610,142 | ---- | M] () -- C:\Windows\System32\perfh009.dat
[2011.12.05 21:42:25 | 000,116,706 | ---- | M] () -- C:\Windows\System32\perfc007.dat
[2011.12.05 21:42:25 | 000,103,924 | ---- | M] () -- C:\Windows\System32\perfc009.dat
 
========== Files Created - No Company Name ==========
 
[2011.12.19 19:53:44 | 2011,283,456 | -HS- | C] () -- C:\hiberfil.sys
[2011.12.17 23:30:51 | 000,000,000 | ---- | C] () -- C:\Users\Franky\defogger_reenable
[2011.12.17 13:12:05 | 000,000,810 | ---- | C] () -- C:\Users\Public\Desktop\CCleaner.lnk
[2011.12.17 13:10:57 | 000,000,912 | ---- | C] () -- C:\Users\Public\Desktop\Malwarebytes' Anti-Malware.lnk
[2009.12.03 09:27:30 | 000,080,416 | ---- | C] () -- C:\Windows\System32\RtNicProp32.dll
[2009.05.26 19:34:23 | 000,001,356 | ---- | C] () -- C:\Users\Franky\AppData\Local\d3d9caps.dat
[2009.05.26 19:18:36 | 000,004,608 | ---- | C] () -- C:\Users\Franky\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2009.05.04 17:44:08 | 000,000,655 | ---- | C] () -- C:\Windows\wiso.ini
[2008.08.05 12:40:27 | 000,000,069 | ---- | C] () -- C:\Windows\NeroDigital.ini
[2008.02.08 03:38:33 | 000,000,305 | ---- | C] () -- C:\ProgramData\addr_file.html
[2008.02.08 03:30:17 | 000,000,000 | ---- | C] () -- C:\Windows\nsreg.dat
[2007.08.21 19:42:39 | 000,135,168 | ---- | C] () -- C:\Windows\System32\property.dll
[2007.08.21 10:23:17 | 003,107,788 | ---- | C] () -- C:\Windows\System32\atiumdva.dat
[2007.08.21 10:23:17 | 000,159,744 | ---- | C] () -- C:\Windows\System32\atitmmxx.dll
[2007.08.21 10:23:16 | 000,128,813 | ---- | C] () -- C:\Windows\System32\atiicdxx.dat
[2006.11.02 16:33:31 | 000,641,344 | ---- | C] () -- C:\Windows\System32\perfh007.dat
[2006.11.02 16:33:31 | 000,290,748 | ---- | C] () -- C:\Windows\System32\perfi007.dat
[2006.11.02 16:33:31 | 000,116,706 | ---- | C] () -- C:\Windows\System32\perfc007.dat
[2006.11.02 16:33:31 | 000,036,916 | ---- | C] () -- C:\Windows\System32\perfd007.dat
[2006.11.02 13:57:28 | 000,067,584 | --S- | C] () -- C:\Windows\bootstat.dat
[2006.11.02 13:47:37 | 000,303,016 | ---- | C] () -- C:\Windows\System32\FNTCACHE.DAT
[2006.11.02 13:35:32 | 000,005,632 | ---- | C] () -- C:\Windows\System32\sysprepMCE.dll
[2006.11.02 11:33:01 | 000,610,142 | ---- | C] () -- C:\Windows\System32\perfh009.dat
[2006.11.02 11:33:01 | 000,287,440 | ---- | C] () -- C:\Windows\System32\perfi009.dat
[2006.11.02 11:33:01 | 000,103,924 | ---- | C] () -- C:\Windows\System32\perfc009.dat
[2006.11.02 11:33:01 | 000,030,674 | ---- | C] () -- C:\Windows\System32\perfd009.dat
[2006.11.02 11:23:21 | 000,215,943 | ---- | C] () -- C:\Windows\System32\dssec.dat
[2006.11.02 09:58:30 | 000,043,131 | ---- | C] () -- C:\Windows\mib.bin
[2006.11.02 09:19:00 | 000,000,741 | ---- | C] () -- C:\Windows\System32\NOISE.DAT
[2006.11.02 08:40:29 | 000,013,750 | ---- | C] () -- C:\Windows\System32\pacerprf.ini
[2006.11.02 08:25:31 | 000,673,088 | ---- | C] () -- C:\Windows\System32\mlang.dat
[2006.11.02 08:22:43 | 000,099,999 | ---- | C] () -- C:\Windows\System32\StructuredQuerySchema.bin
[2006.11.02 08:22:43 | 000,018,271 | ---- | C] () -- C:\Windows\System32\StructuredQuerySchemaTrivial.bin
[2006.08.11 08:52:02 | 000,012,288 | ---- | C] () -- C:\Windows\System32\EvOnlDiag.dll
 
========== LOP Check ==========
 
[2011.06.24 07:39:15 | 000,000,000 | ---D | M] -- C:\Users\Franky\AppData\Roaming\DVDVideoSoftIEHelpers
[2011.12.18 20:13:13 | 000,000,000 | ---D | M] -- C:\Users\Franky\AppData\Roaming\Epson
[2008.05.11 08:33:58 | 000,000,000 | ---D | M] -- C:\Users\Franky\AppData\Roaming\FRITZ!
[2011.03.20 21:26:25 | 000,000,000 | ---D | M] -- C:\Users\Franky\AppData\Roaming\Nokia
[2010.03.31 19:32:13 | 000,000,000 | ---D | M] -- C:\Users\Franky\AppData\Roaming\PC Suite
[2008.08.05 02:05:00 | 000,000,000 | ---D | M] -- C:\Users\Franky\AppData\Roaming\ROUTE 66 Sync
[2008.08.05 01:20:18 | 000,000,000 | ---D | M] -- C:\Users\Franky\AppData\Roaming\Thunderbird
[2010.12.27 17:43:23 | 000,000,000 | ---D | M] -- C:\Users\Franky\AppData\Roaming\TOPP Druckstudio 2
[2011.12.19 23:03:34 | 000,032,524 | ---- | M] () -- C:\Windows\Tasks\SCHEDLGU.TXT
[2011.12.19 20:38:19 | 000,000,438 | -H-- | M] () -- C:\Windows\Tasks\User_Feed_Synchronization-{0445CB6F-B0A1-4DD2-A2AD-83A0FBC60D5C}.job
[2011.12.20 00:20:00 | 000,000,420 | -H-- | M] () -- C:\Windows\Tasks\User_Feed_Synchronization-{B0C877F5-1337-48A8-B8A4-37888470649D}.job
 
========== Purity Check ==========
 
 
 
========== Custom Scans ==========
 
 
< %ALLUSERSPROFILE%\Application Data\*. >
 
< %ALLUSERSPROFILE%\Application Data\*.exe /s >
 
< %APPDATA%\*. >
[2008.04.19 15:33:17 | 000,000,000 | ---D | M] -- C:\Users\Franky\AppData\Roaming\Adobe
[2008.02.08 01:28:47 | 000,000,000 | ---D | M] -- C:\Users\Franky\AppData\Roaming\ATI
[2011.12.18 02:58:53 | 000,000,000 | ---D | M] -- C:\Users\Franky\AppData\Roaming\Avira
[2011.06.24 07:39:15 | 000,000,000 | ---D | M] -- C:\Users\Franky\AppData\Roaming\DVDVideoSoftIEHelpers
[2011.12.18 20:13:13 | 000,000,000 | ---D | M] -- C:\Users\Franky\AppData\Roaming\Epson
[2008.05.11 08:33:58 | 000,000,000 | ---D | M] -- C:\Users\Franky\AppData\Roaming\FRITZ!
[2008.02.07 21:10:38 | 000,000,000 | ---D | M] -- C:\Users\Franky\AppData\Roaming\Identities
[2008.02.08 03:13:45 | 000,000,000 | ---D | M] -- C:\Users\Franky\AppData\Roaming\InstallShield
[2009.05.04 17:42:12 | 000,000,000 | ---D | M] -- C:\Users\Franky\AppData\Roaming\InstallShield Installation Information
[2008.02.07 23:59:17 | 000,000,000 | ---D | M] -- C:\Users\Franky\AppData\Roaming\Macromedia
[2011.12.17 13:11:20 | 000,000,000 | ---D | M] -- C:\Users\Franky\AppData\Roaming\Malwarebytes
[2006.11.02 13:37:34 | 000,000,000 | ---D | M] -- C:\Users\Franky\AppData\Roaming\Media Center Programs
[2008.02.08 02:44:26 | 000,000,000 | --SD | M] -- C:\Users\Franky\AppData\Roaming\Microsoft
[2008.12.23 21:49:40 | 000,000,000 | ---D | M] -- C:\Users\Franky\AppData\Roaming\Mozilla
[2011.03.20 21:26:25 | 000,000,000 | ---D | M] -- C:\Users\Franky\AppData\Roaming\Nokia
[2010.03.31 19:32:13 | 000,000,000 | ---D | M] -- C:\Users\Franky\AppData\Roaming\PC Suite
[2008.08.05 02:05:00 | 000,000,000 | ---D | M] -- C:\Users\Franky\AppData\Roaming\ROUTE 66 Sync
[2008.02.10 22:06:25 | 000,000,000 | ---D | M] -- C:\Users\Franky\AppData\Roaming\Talkback
[2008.08.05 01:20:18 | 000,000,000 | ---D | M] -- C:\Users\Franky\AppData\Roaming\Thunderbird
[2010.12.27 17:43:23 | 000,000,000 | ---D | M] -- C:\Users\Franky\AppData\Roaming\TOPP Druckstudio 2
[2011.12.18 03:03:09 | 000,000,000 | ---D | M] -- C:\Users\Franky\AppData\Roaming\vlc
 
< %APPDATA%\*.exe /s >
[2008.11.07 16:00:00 | 000,455,600 | ---- | M] (Macrovision Corporation) -- C:\Users\Franky\AppData\Roaming\InstallShield Installation Information\{40030378-9EB9-482A-AC10-195097CA624D}\setup.exe
 
< %SYSTEMDRIVE%\*.exe >
 
 
< MD5 for: AGP440.SYS  >
[2006.11.02 10:49:52 | 000,053,864 | ---- | M] (Microsoft Corporation) MD5=EF23439CDD587F64C2C1B8825CEAD7D8 -- C:\Windows\System32\drivers\AGP440.sys
[2006.11.02 10:49:52 | 000,053,864 | ---- | M] (Microsoft Corporation) MD5=EF23439CDD587F64C2C1B8825CEAD7D8 -- C:\Windows\System32\DriverStore\FileRepository\machine.inf_920a2c1f\AGP440.sys
 
< MD5 for: ATAPI.SYS  >
[2006.11.02 10:49:36 | 000,019,048 | ---- | M] (Microsoft Corporation) MD5=4F4FCB8B6EA06784FB6D475B7EC7300F -- C:\Windows\System32\DriverStore\FileRepository\mshdc.inf_c6c2e699\atapi.sys
[2008.07.03 18:26:11 | 000,021,560 | ---- | M] (Microsoft Corporation) MD5=B35CFCEF838382AB6490B321C87EDF17 -- C:\Windows\System32\drivers\atapi.sys
[2008.07.03 18:26:11 | 000,021,560 | ---- | M] (Microsoft Corporation) MD5=B35CFCEF838382AB6490B321C87EDF17 -- C:\Windows\System32\DriverStore\FileRepository\mshdc.inf_7de13c21\atapi.sys
[2008.07.03 18:26:11 | 000,021,560 | ---- | M] (Microsoft Corporation) MD5=B35CFCEF838382AB6490B321C87EDF17 -- C:\Windows\winsxs\x86_mshdc.inf_31bf3856ad364e35_6.0.6000.16632_none_db337a442479c42c\atapi.sys
[2008.07.03 18:26:10 | 000,021,560 | ---- | M] (Microsoft Corporation) MD5=E03E8C99D15D0381E02743C36AFC7C6F -- C:\Windows\winsxs\x86_mshdc.inf_31bf3856ad364e35_6.0.6000.20757_none_dbac78a93da31a8b\atapi.sys
 
< MD5 for: CNGAUDIT.DLL  >
[2006.11.02 10:46:03 | 000,011,776 | ---- | M] (Microsoft Corporation) MD5=7F15B4953378C8B5161D65C26D5FED4D -- C:\Windows\System32\cngaudit.dll
[2006.11.02 10:46:03 | 000,011,776 | ---- | M] (Microsoft Corporation) MD5=7F15B4953378C8B5161D65C26D5FED4D -- C:\Windows\winsxs\x86_microsoft-windows-cngaudit-dll_31bf3856ad364e35_6.0.6000.16386_none_e62d292932a96ce6\cngaudit.dll
 
< MD5 for: IASTOR.SYS  >
[2006.05.11 10:30:52 | 000,247,808 | ---- | M] (Intel Corporation) MD5=294110966CEDD127629C5BE48367C8CF -- C:\Windows\System32\drivers\iaStor.sys
[2006.05.11 10:30:52 | 000,247,808 | ---- | M] (Intel Corporation) MD5=294110966CEDD127629C5BE48367C8CF -- C:\Windows\System32\DriverStore\FileRepository\iaahci.inf_6c3369af\iaStor.sys
[2006.05.11 10:30:52 | 000,247,808 | ---- | M] (Intel Corporation) MD5=294110966CEDD127629C5BE48367C8CF -- C:\Windows\System32\DriverStore\FileRepository\iastor.inf_0d20ce62\iaStor.sys
 
< MD5 for: IASTORV.SYS  >
[2006.11.02 10:51:25 | 000,232,040 | ---- | M] (Intel Corporation) MD5=C957BF4B5D80B46C5017BF0101E6C906 -- C:\Windows\System32\drivers\iaStorV.sys
[2006.11.02 10:51:25 | 000,232,040 | ---- | M] (Intel Corporation) MD5=C957BF4B5D80B46C5017BF0101E6C906 -- C:\Windows\System32\DriverStore\FileRepository\iastorv.inf_37cdafa4\iaStorV.sys
 
< MD5 for: NETLOGON.DLL  >
[2006.11.02 10:46:11 | 000,559,616 | ---- | M] (Microsoft Corporation) MD5=889A2C9F2AACCD8F64EF50AC0B3D553B -- C:\Windows\System32\netlogon.dll
[2006.11.02 10:46:11 | 000,559,616 | ---- | M] (Microsoft Corporation) MD5=889A2C9F2AACCD8F64EF50AC0B3D553B -- C:\Windows\winsxs\x86_microsoft-windows-security-netlogon_31bf3856ad364e35_6.0.6000.16386_none_fb80f5473b0ed783\netlogon.dll
 
< MD5 for: NVATABUS.SYS  >
[2006.07.14 13:55:34 | 000,105,088 | ---- | M] (NVIDIA Corporation) MD5=7D960340BE5B0E008BB94E4C3B991339 -- C:\Windows\System32\drivers\nvatabus.sys
[2006.07.14 13:55:34 | 000,105,088 | ---- | M] (NVIDIA Corporation) MD5=7D960340BE5B0E008BB94E4C3B991339 -- C:\Windows\System32\DriverStore\FileRepository\nvraid.inf_27229839\nvatabus.sys
 
< MD5 for: NVSTOR.SYS  >
[2006.11.02 10:50:13 | 000,040,040 | ---- | M] (NVIDIA Corporation) MD5=9E0BA19A28C498A6D323D065DB76DFFC -- C:\Windows\System32\drivers\nvstor.sys
[2006.11.02 10:50:13 | 000,040,040 | ---- | M] (NVIDIA Corporation) MD5=9E0BA19A28C498A6D323D065DB76DFFC -- C:\Windows\System32\DriverStore\FileRepository\nvraid.inf_733654ff\nvstor.sys
 
< MD5 for: SCECLI.DLL  >
[2006.11.02 10:46:12 | 000,176,640 | ---- | M] (Microsoft Corporation) MD5=80E2839D05CA5970A86D7BE2A08BFF61 -- C:\Windows\System32\scecli.dll
[2006.11.02 10:46:12 | 000,176,640 | ---- | M] (Microsoft Corporation) MD5=80E2839D05CA5970A86D7BE2A08BFF61 -- C:\Windows\winsxs\x86_microsoft-windows-s..urationengineclient_31bf3856ad364e35_6.0.6000.16386_none_35d7205fdc305e3e\scecli.dll
 
< MD5 for: USER32.DLL  >
[2007.08.21 09:52:36 | 000,633,856 | ---- | M] (Microsoft Corporation) MD5=9D9F061EDA75425FC67F0365E3467C86 -- C:\Windows\winsxs\x86_microsoft-windows-user32_31bf3856ad364e35_6.0.6000.20537_none_cbc258dc896598f1\user32.dll
[2006.11.02 10:46:13 | 000,633,856 | ---- | M] (Microsoft Corporation) MD5=E698A5437B89A285ACA3FF022356810A -- C:\Windows\winsxs\x86_microsoft-windows-user32_31bf3856ad364e35_6.0.6000.16386_none_cb01aa4570716e5e\user32.dll
[2007.08.21 09:52:36 | 000,633,856 | ---- | M] (Microsoft Corporation) Unable to obtain MD5 -- C:\Windows\System32\user32.dll
[2007.08.21 09:52:36 | 000,633,856 | ---- | M] (Microsoft Corporation) Unable to obtain MD5 -- C:\Windows\winsxs\x86_microsoft-windows-user32_31bf3856ad364e35_6.0.6000.16438_none_cb39bc5b7047127e\user32.dll
 
< MD5 for: USERINIT.EXE  >
[2006.11.02 10:45:50 | 000,024,576 | ---- | M] (Microsoft Corporation) MD5=22027835939F86C3E47AD8E3FBDE3D11 -- C:\Windows\System32\userinit.exe
[2006.11.02 10:45:50 | 000,024,576 | ---- | M] (Microsoft Corporation) MD5=22027835939F86C3E47AD8E3FBDE3D11 -- C:\Windows\winsxs\x86_microsoft-windows-userinit_31bf3856ad364e35_6.0.6000.16386_none_d9f1f819d4c4e737\userinit.exe
 
< MD5 for: VIAMRAID.SYS  >
[2006.03.31 01:18:30 | 000,100,992 | ---- | M] (VIA Technologies inc,.ltd) MD5=9F3F276C7300ED211129757A411B605F -- C:\Windows\System32\drivers\viamraid.sys
[2006.03.31 01:18:30 | 000,100,992 | ---- | M] (VIA Technologies inc,.ltd) MD5=9F3F276C7300ED211129757A411B605F -- C:\Windows\System32\DriverStore\FileRepository\viamraid.inf_2d6a7e3a\viamraid.sys
 
< MD5 for: WININIT.EXE  >
[2006.11.02 10:45:57 | 000,095,744 | ---- | M] (Microsoft Corporation) MD5=D4385B03E8CCCEE6F0EE249F827C1F3E -- C:\Windows\System32\wininit.exe
[2006.11.02 10:45:57 | 000,095,744 | ---- | M] (Microsoft Corporation) MD5=D4385B03E8CCCEE6F0EE249F827C1F3E -- C:\Windows\winsxs\x86_microsoft-windows-wininit_31bf3856ad364e35_6.0.6000.16386_none_2ebbf6d3076595ce\wininit.exe
 
< MD5 for: WINLOGON.EXE  >
[2006.11.02 10:45:57 | 000,308,224 | ---- | M] (Microsoft Corporation) MD5=9F75392B9128A91ABAFB044EA350BAAD -- C:\Windows\System32\winlogon.exe
[2006.11.02 10:45:57 | 000,308,224 | ---- | M] (Microsoft Corporation) MD5=9F75392B9128A91ABAFB044EA350BAAD -- C:\Windows\winsxs\x86_microsoft-windows-winlogon_31bf3856ad364e35_6.0.6000.16386_none_6d8c3f1ad8066b21\winlogon.exe
 
< MD5 for: WS2IFSL.SYS  >
[2006.11.02 09:58:26 | 000,015,872 | ---- | M] (Microsoft Corporation) MD5=84620AECDCFD2A7A14E6263927D8C0ED -- C:\Windows\System32\drivers\ws2ifsl.sys
[2006.11.02 09:58:26 | 000,015,872 | ---- | M] (Microsoft Corporation) MD5=84620AECDCFD2A7A14E6263927D8C0ED -- C:\Windows\winsxs\x86_microsoft-windows-w..rastructure-ws2ifsl_31bf3856ad364e35_6.0.6000.16386_none_4d4fded8cae2956d\ws2ifsl.sys
 
< %systemroot%\system32\drivers\*.sys /lockedfiles >
 
< %systemroot%\System32\config\*.sav >
[2007.08.21 19:42:59 | 006,664,192 | ---- | M] () -- C:\Windows\System32\config\COMPONENTS.SAV
[2007.08.21 19:42:57 | 000,102,400 | ---- | M] () -- C:\Windows\System32\config\DEFAULT.SAV
[2007.08.21 19:43:00 | 000,020,480 | ---- | M] () -- C:\Windows\System32\config\SECURITY.SAV
[2007.08.21 19:43:11 | 015,720,448 | ---- | M] () -- C:\Windows\System32\config\SOFTWARE.SAV
[2007.08.21 19:43:13 | 006,017,024 | ---- | M] () -- C:\Windows\System32\config\SYSTEM.SAV
 
< %systemroot%\*. /mp /s >
 
< %systemroot%\system32\*.dll /lockedfiles >
[2009.03.08 12:31:42 | 000,348,160 | ---- | M] (Microsoft Corporation) Unable to obtain MD5 -- C:\Windows\system32\dxtmsft.dll
[2009.03.08 12:31:37 | 000,216,064 | ---- | M] (Microsoft Corporation) Unable to obtain MD5 -- C:\Windows\system32\dxtrans.dll
 
<          >

< End of report >
--- --- ---

cosinus 20.12.2011 10:05
Mach einen OTL-Fix, beende alle evtl. geöffneten Programme, auch Virenscanner deaktivieren (!), starte OTL und kopiere folgenden Text in die "Custom Scan/Fixes" Box (unten in OTL): (das ":OTL" muss mitkopiert werden!!!)

Code:
:OTL
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.google.com
IE - HKLM\..\URLSearchHook: {872b5b88-9db5-4310-bdd0-ac189557e5f5} - C:\Program Files\DVDVideoSoftTB\prxtbDVDV.dll (Conduit Ltd.)
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.google.com
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = http://de.msn.com/?ocid=iehp
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = de
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = 65 3A 20 39 2F AC CB 01  [binary data]
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,StartPageCache = 1
IE - HKCU\..\URLSearchHook: {872b5b88-9db5-4310-bdd0-ac189557e5f5} - C:\Program Files\DVDVideoSoftTB\prxtbDVDV.dll (Conduit Ltd.)
FF - prefs.js..CommunityToolbar.SearchFromAddressBarSavedUrl: "data:text/plain,keyword.URL=http://go.web.de/br/moz_keyurl_search/?su="
FF - prefs.js..browser.search.defaultengine: "Web Search"
FF - prefs.js..browser.search.defaultenginename: "Web Search"
FF - prefs.js..browser.search.defaultthis.engineName: "DVDVideoSoftTB Customized Web Search"
FF - prefs.js..browser.search.defaulturl: "http://search.conduit.com/ResultsExt.aspx?ctid=CT2269050&SearchSource=3&q={searchTerms}"
FF - prefs.js..browser.search.order.1: "Web Search"
FF - prefs.js..browser.search.selectedEngine: "DVDVideoSoftTB Customized Web Search"
FF - prefs.js..browser.startup.homepage: "http://startsear.ch/?aff=1"
[2011.12.19 20:51:13 | 000,000,000 | ---D | M] (DVDVideoSoftTB Community Toolbar) -- C:\Users\Franky\AppData\Roaming\mozilla\Firefox\Profiles\e7m86hix.default\extensions\{872b5b88-9db5-4310-bdd0-ac189557e5f5}
[2011.08.14 13:55:16 | 000,000,931 | ---- | M] () -- C:\Users\Franky\AppData\Roaming\Mozilla\Firefox\Profiles\e7m86hix.default\searchplugins\conduit.xml
[2011.07.11 19:04:02 | 000,000,633 | ---- | M] () -- C:\Users\Franky\AppData\Roaming\Mozilla\Firefox\Profiles\e7m86hix.default\searchplugins\startsear.xml
O2 - BHO: (Conduit Engine) - {30F9B915-B755-4826-820B-08FBA6BD249D} - C:\Program Files\ConduitEngine\prxConduitEngine.dll (Conduit Ltd.)
O2 - BHO: (DVDVideoSoftTB Toolbar) - {872b5b88-9db5-4310-bdd0-ac189557e5f5} - C:\Program Files\DVDVideoSoftTB\prxtbDVDV.dll (Conduit Ltd.)
O3 - HKLM\..\Toolbar: (Conduit Engine) - {30F9B915-B755-4826-820B-08FBA6BD249D} - C:\Program Files\ConduitEngine\prxConduitEngine.dll (Conduit Ltd.)
O3 - HKLM\..\Toolbar: (DVDVideoSoftTB Toolbar) - {872b5b88-9db5-4310-bdd0-ac189557e5f5} - C:\Program Files\DVDVideoSoftTB\prxtbDVDV.dll (Conduit Ltd.)
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2006.09.18 22:43:36 | 000,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ]
O32 - AutoRun File - [2009.07.25 10:12:23 | 000,000,000 | ---D | M] - D:\Auto -- [ NTFS ]
:Commands
[emptytemp]
[resethosts]
Klick dann oben links auf den Button Fix!
Das Logfile müsste geöffnet werden, wenn Du nach dem Fixen auf ok klickst, poste das bitte. Evtl. wird der Rechner neu gestartet.

Die mit diesem Script gefixten Einträge, Dateien und Ordner werden zur Sicherheit nicht vollständig gelöscht, es wird eine Sicherheitskopie auf der Systempartition im Ordner "_OTL" erstellt.

Hinweis: Das obige Script ist nur für diesen einen User in dieser Situtation erstellt worden. Es ist auf keinen anderen Rechner portierbar und darf nicht anderweitig verwandt werden, da es das System nachhaltig schädigen kann!

Frank75 20.12.2011 19:41
Otl fix durchgeführt. Jetzt popt auch nicht mehr das Run.DLL Fenster auf :-)
Code:
All processes killed
========== OTL ==========
HKLM\SOFTWARE\Microsoft\Internet Explorer\Main\\Start Page| /E : value set successfully!
Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\URLSearchHooks\\{872b5b88-9db5-4310-bdd0-ac189557e5f5} deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{872b5b88-9db5-4310-bdd0-ac189557e5f5}\ deleted successfully.
C:\Program Files\DVDVideoSoftTB\prxtbDVDV.dll moved successfully.
HKCU\SOFTWARE\Microsoft\Internet Explorer\Main\\Start Page| /E : value set successfully!
HKCU\SOFTWARE\Microsoft\Internet Explorer\Main\\Start Page Redirect Cache| /E : value set successfully!
HKCU\SOFTWARE\Microsoft\Internet Explorer\Main\\Start Page Redirect Cache AcceptLangs| /E : value set successfully!
HKCU\SOFTWARE\Microsoft\Internet Explorer\Main\\Start Page Redirect Cache_TIMESTAMP| /E : value set successfully!
HKCU\SOFTWARE\Microsoft\Internet Explorer\Main\\StartPageCache| /E : value set successfully!
Registry value HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\URLSearchHooks\\{872b5b88-9db5-4310-bdd0-ac189557e5f5} deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{872b5b88-9db5-4310-bdd0-ac189557e5f5}\ not found.
File C:\Program Files\DVDVideoSoftTB\prxtbDVDV.dll not found.
Prefs.js: "data:text/plain,keyword.URL=hxxp://go.web.de/br/moz_keyurl_search/?su=" removed from CommunityToolbar.SearchFromAddressBarSavedUrl
Prefs.js: "Web Search" removed from browser.search.defaultengine
Prefs.js: "Web Search" removed from browser.search.defaultenginename
Prefs.js: "DVDVideoSoftTB Customized Web Search" removed from browser.search.defaultthis.engineName
Prefs.js: "hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT2269050&SearchSource=3&q={searchTerms}" removed from browser.search.defaulturl
Prefs.js: "Web Search" removed from browser.search.order.1
Prefs.js: "DVDVideoSoftTB Customized Web Search" removed from browser.search.selectedEngine
Prefs.js: "hxxp://startsear.ch/?aff=1" removed from browser.startup.homepage
C:\Users\Franky\AppData\Roaming\mozilla\Firefox\Profiles\e7m86hix.default\extensions\{872b5b88-9db5-4310-bdd0-ac189557e5f5}\searchplugin folder moved successfully.
C:\Users\Franky\AppData\Roaming\mozilla\Firefox\Profiles\e7m86hix.default\extensions\{872b5b88-9db5-4310-bdd0-ac189557e5f5}\modules folder moved successfully.
C:\Users\Franky\AppData\Roaming\mozilla\Firefox\Profiles\e7m86hix.default\extensions\{872b5b88-9db5-4310-bdd0-ac189557e5f5}\META-INF folder moved successfully.
C:\Users\Franky\AppData\Roaming\mozilla\Firefox\Profiles\e7m86hix.default\extensions\{872b5b88-9db5-4310-bdd0-ac189557e5f5}\defaults folder moved successfully.
C:\Users\Franky\AppData\Roaming\mozilla\Firefox\Profiles\e7m86hix.default\extensions\{872b5b88-9db5-4310-bdd0-ac189557e5f5}\components folder moved successfully.
C:\Users\Franky\AppData\Roaming\mozilla\Firefox\Profiles\e7m86hix.default\extensions\{872b5b88-9db5-4310-bdd0-ac189557e5f5}\chrome folder moved successfully.
C:\Users\Franky\AppData\Roaming\mozilla\Firefox\Profiles\e7m86hix.default\extensions\{872b5b88-9db5-4310-bdd0-ac189557e5f5} folder moved successfully.
C:\Users\Franky\AppData\Roaming\Mozilla\Firefox\Profiles\e7m86hix.default\searchplugins\conduit.xml moved successfully.
C:\Users\Franky\AppData\Roaming\Mozilla\Firefox\Profiles\e7m86hix.default\searchplugins\startsear.xml moved successfully.
Registry key HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{30F9B915-B755-4826-820B-08FBA6BD249D}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{30F9B915-B755-4826-820B-08FBA6BD249D}\ deleted successfully.
C:\Program Files\ConduitEngine\prxConduitEngine.dll moved successfully.
Registry key HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{872b5b88-9db5-4310-bdd0-ac189557e5f5}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{872b5b88-9db5-4310-bdd0-ac189557e5f5}\ not found.
File C:\Program Files\DVDVideoSoftTB\prxtbDVDV.dll not found.
Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Toolbar\\{30F9B915-B755-4826-820B-08FBA6BD249D} deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{30F9B915-B755-4826-820B-08FBA6BD249D}\ not found.
File C:\Program Files\ConduitEngine\prxConduitEngine.dll not found.
Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Toolbar\\{872b5b88-9db5-4310-bdd0-ac189557e5f5} deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{872b5b88-9db5-4310-bdd0-ac189557e5f5}\ not found.
File C:\Program Files\DVDVideoSoftTB\prxtbDVDV.dll not found.
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Cdrom\\AutoRun|DWORD:1 /E : value set successfully!
C:\autoexec.bat moved successfully.
File  not found.
========== COMMANDS ==========
 
[EMPTYTEMP]
 
User: All Users
 
User: Default
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 32902 bytes
 
User: Default User
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
 
User: Franka-Standard
->Temp folder emptied: 4050248 bytes
->Temporary Internet Files folder emptied: 224205 bytes
->Java cache emptied: 79774038 bytes
->FireFox cache emptied: 80485221 bytes
->Flash cache emptied: 622 bytes
 
User: Franky
->Temp folder emptied: 130816 bytes
->Temporary Internet Files folder emptied: 5292545 bytes
->Java cache emptied: 33380498 bytes
->FireFox cache emptied: 34578098 bytes
->Flash cache emptied: 470 bytes
 
User: Public
 
%systemdrive% .tmp files removed: 0 bytes
%systemroot% .tmp files removed: 0 bytes
%systemroot%\System32 .tmp files removed: 0 bytes
%systemroot%\System32\drivers .tmp files removed: 0 bytes
Windows Temp folder emptied: 247606 bytes
RecycleBin emptied: 0 bytes
 
Total Files Cleaned = 227,00 mb
 
C:\Windows\System32\drivers\etc\Hosts moved successfully.
HOSTS file reset successfully
 
OTL by OldTimer - Version 3.2.31.0 log created on 12202011_191822

Files\Folders moved on Reboot...

Registry entries deleted on Reboot...

cosinus 20.12.2011 21:46
Bitte nun (im normalen Windows-Modus) dieses Tool von Kaspersky (TDSS-Killer) ausführen und das Log posten => http://www.trojaner-board.de/82358-t...entfernen.html

Das Tool so einstellen wie unten im Bild angegeben - klick auf change parameters und setze die Haken wie im folgenden Screenshot abgebildet,
Dann auf Start Scan klicken und wenn es durch ist auf den Button Report klicken um das Log anzuzeigen. Dieses bitte komplett posten.
Wenn du das Log nicht findest oder den Inhalt kopieren und in dein Posting übertragen kannst, dann schau bitte direkt auf deiner Windows-Systempartition (meistens Laufwerk C:) nach, da speichert der TDSS-Killer seine Logs.

Hinweis: Bitte nichts voreilig mit dem TDSS-Killer löschen! Falls Objekte vom TDSS-Killer bemängelt werden, alle mit der Aktion "skip" behandeln und hier nur das Log posten!

http://saved.im/mtkwmtcxexhp/setting...8_16-25-18.jpg


Falls du durch die Infektion auf deine Dokumente/Eigenen Dateien nicht zugreifen kannst, Verknüpfungen auf dem Desktop oder im Startmenü unter "alle Programme" fehlen, bitte unhide ausführen:
Downloade dir bitte unhide.exe und speichere diese Datei auf deinem Desktop.
Starte das Tool und es sollten alle Dateien und Ordner wieder sichtbar sein. ( Könnte eine Weile dauern )
http://www.trojaner-board.de/images/icons/icon4.gif Windows-Vista und Windows-7-User müssen das Tool per Rechtsklick als Administrator ausführen! http://www.trojaner-board.de/images/icons/icon4.gif

Frank75 20.12.2011 22:16
Scan durchgeführt, alle Programme sind vorhanden...

Code:
22:03:45.0480 4380        TDSS rootkit removing tool 2.6.23.0 Dec 13 2011 10:39:31
22:03:45.0519 4380        ============================================================
22:03:45.0522 4380        Current date / time: 2011/12/20 22:03:45.0519
22:03:45.0522 4380        SystemInfo:
22:03:45.0522 4380       
22:03:45.0522 4380        OS Version: 6.0.6000 ServicePack: 0.0
22:03:45.0522 4380        Product type: Workstation
22:03:45.0522 4380        ComputerName: FRANKY-PC
22:03:45.0523 4380        UserName: Franky
22:03:45.0523 4380        Windows directory: C:\Windows
22:03:45.0523 4380        System windows directory: C:\Windows
22:03:45.0523 4380        Processor architecture: Intel x86
22:03:45.0523 4380        Number of processors: 2
22:03:45.0523 4380        Page size: 0x1000
22:03:45.0523 4380        Boot type: Normal boot
22:03:45.0523 4380        ============================================================
22:03:47.0007 4380        Initialize success
22:05:10.0953 5224        ============================================================
22:05:10.0953 5224        Scan started
22:05:10.0953 5224        Mode: Manual; SigCheck; TDLFS;
22:05:10.0953 5224        ============================================================
22:05:11.0461 5224        ACPI            (84fc6df81212d16be5c4f441682feccc) C:\Windows\system32\drivers\acpi.sys
22:05:11.0594 5224        ACPI - ok
22:05:11.0647 5224        adp94xx        (2edc5bbac6c651ece337bde8ed97c9fb) C:\Windows\system32\drivers\adp94xx.sys
22:05:11.0675 5224        adp94xx - ok
22:05:11.0705 5224        adpahci        (b84088ca3cdca97da44a984c6ce1ccad) C:\Windows\system32\drivers\adpahci.sys
22:05:11.0725 5224        adpahci - ok
22:05:11.0753 5224        adpu160m        (7880c67bccc27c86fd05aa2afb5ea469) C:\Windows\system32\drivers\adpu160m.sys
22:05:11.0766 5224        adpu160m - ok
22:05:11.0797 5224        adpu320        (9ae713f8e30efc2abccd84904333df4d) C:\Windows\system32\drivers\adpu320.sys
22:05:11.0811 5224        adpu320 - ok
22:05:11.0876 5224        AFD            (5d24caf8efd924a875698ff28384db8b) C:\Windows\system32\drivers\afd.sys
22:05:12.0121 5224        AFD - ok
22:05:12.0186 5224        agp440          (ef23439cdd587f64c2c1b8825cead7d8) C:\Windows\system32\drivers\agp440.sys
22:05:12.0198 5224        agp440 - ok
22:05:12.0221 5224        aic78xx        (ae1fdf7bf7bb6c6a70f67699d880592a) C:\Windows\system32\drivers\djsvs.sys
22:05:12.0233 5224        aic78xx - ok
22:05:12.0266 5224        aliide          (90395b64600ebb4552e26e178c94b2e4) C:\Windows\system32\drivers\aliide.sys
22:05:12.0275 5224        aliide - ok
22:05:12.0304 5224        amdagp          (2b13e304c9dfdfa5eb582f6a149fa2c7) C:\Windows\system32\drivers\amdagp.sys
22:05:12.0315 5224        amdagp - ok
22:05:12.0342 5224        amdide          (0577df1d323fe75a739c787893d300ea) C:\Windows\system32\drivers\amdide.sys
22:05:12.0353 5224        amdide - ok
22:05:12.0394 5224        AmdK7          (dc487885bcef9f28eece6fac0e5ddfc5) C:\Windows\system32\drivers\amdk7.sys
22:05:12.0464 5224        AmdK7 - ok
22:05:12.0503 5224        AmdK8          (0ca0071da4315b00fc1328ca86b425da) C:\Windows\system32\DRIVERS\amdk8.sys
22:05:12.0576 5224        AmdK8 - ok
22:05:12.0690 5224        arc            (5f673180268bb1fdb69c99b6619fe379) C:\Windows\system32\drivers\arc.sys
22:05:12.0703 5224        arc - ok
22:05:12.0746 5224        arcsas          (957f7540b5e7f602e44648c7de5a1c05) C:\Windows\system32\drivers\arcsas.sys
22:05:12.0758 5224        arcsas - ok
22:05:12.0801 5224        AsyncMac        (e86cf7ce67d5de898f27ef884dc357d8) C:\Windows\system32\DRIVERS\asyncmac.sys
22:05:12.0884 5224        AsyncMac - ok
22:05:12.0926 5224        atapi          (b35cfcef838382ab6490b321c87edf17) C:\Windows\system32\drivers\atapi.sys
22:05:12.0937 5224        atapi - ok
22:05:13.0025 5224        athr            (2846f5ee802889d500fcf5cc48b28381) C:\Windows\system32\DRIVERS\athr.sys
22:05:13.0178 5224        athr - ok
22:05:13.0360 5224        avgntflt        (7713e4eb0276702faa08e52a6e23f2a6) C:\Windows\system32\DRIVERS\avgntflt.sys
22:05:13.0423 5224        avgntflt - ok
22:05:13.0487 5224        avipbb          (475fbb85956534720858ae72010c0a43) C:\Windows\system32\DRIVERS\avipbb.sys
22:05:13.0501 5224        avipbb - ok
22:05:13.0524 5224        avkmgr          (271cfd1a989209b1964e24d969552bf7) C:\Windows\system32\DRIVERS\avkmgr.sys
22:05:13.0536 5224        avkmgr - ok
22:05:13.0599 5224        Beep            (ac3dd1708b22761ebd7cbe14dcc3b5d7) C:\Windows\system32\drivers\Beep.sys
22:05:13.0676 5224        Beep - ok
22:05:13.0721 5224        blbdrive - ok
22:05:13.0753 5224        bowser          (913cd06fbe9105ce6077e90fd4418561) C:\Windows\system32\DRIVERS\bowser.sys
22:05:13.0839 5224        bowser - ok
22:05:13.0899 5224        BrFiltLo        (9f9acc7f7ccde8a15c282d3f88b43309) C:\Windows\system32\drivers\brfiltlo.sys
22:05:13.0959 5224        BrFiltLo - ok
22:05:13.0979 5224        BrFiltUp        (56801ad62213a41f6497f96dee83755a) C:\Windows\system32\drivers\brfiltup.sys
22:05:14.0057 5224        BrFiltUp - ok
22:05:14.0105 5224        Brserid        (b304e75cff293029eddf094246747113) C:\Windows\system32\drivers\brserid.sys
22:05:14.0188 5224        Brserid - ok
22:05:14.0224 5224        BrSerWdm        (203f0b1e73adadbbb7b7b1fabd901f6b) C:\Windows\system32\drivers\brserwdm.sys
22:05:14.0305 5224        BrSerWdm - ok
22:05:14.0330 5224        BrUsbMdm        (bd456606156ba17e60a04e18016ae54b) C:\Windows\system32\drivers\brusbmdm.sys
22:05:14.0389 5224        BrUsbMdm - ok
22:05:14.0408 5224        BrUsbSer        (af72ed54503f717a43268b3cc5faec2e) C:\Windows\system32\drivers\brusbser.sys
22:05:14.0468 5224        BrUsbSer - ok
22:05:14.0507 5224        BTHMODEM        (ad07c1ec6665b8b35741ab91200c6b68) C:\Windows\system32\drivers\bthmodem.sys
22:05:14.0584 5224        BTHMODEM - ok
22:05:14.0633 5224        cdfs            (6c3a437fc873c6f6a4fc620b6888cb86) C:\Windows\system32\DRIVERS\cdfs.sys
22:05:14.0691 5224        cdfs - ok
22:05:14.0728 5224        cdrom          (8d1866e61af096ae8b582454f5e4d303) C:\Windows\system32\DRIVERS\cdrom.sys
22:05:14.0787 5224        cdrom - ok
22:05:14.0808 5224        circlass        (da8e0afc7baa226c538ef53ac2f90897) C:\Windows\system32\drivers\circlass.sys
22:05:14.0884 5224        circlass - ok
22:05:14.0927 5224        CLFS            (1b84fd0937d3b99af9ba38ddff3daf54) C:\Windows\system32\CLFS.sys
22:05:14.0943 5224        CLFS - ok
22:05:14.0985 5224        CmBatt          (ed97ad3df1b9005989eaf149bf06c821) C:\Windows\system32\DRIVERS\CmBatt.sys
22:05:15.0031 5224        CmBatt - ok
22:05:15.0080 5224        cmdide          (45201046c776ffdaf3fc8a0029c581c8) C:\Windows\system32\drivers\cmdide.sys
22:05:15.0091 5224        cmdide - ok
22:05:15.0104 5224        Compbatt        (722936afb75a7f509662b69b5632f48a) C:\Windows\system32\DRIVERS\compbatt.sys
22:05:15.0116 5224        Compbatt - ok
22:05:15.0136 5224        crcdisk        (2a213ae086bbec5e937553c7d9a2b22c) C:\Windows\system32\drivers\crcdisk.sys
22:05:15.0148 5224        crcdisk - ok
22:05:15.0171 5224        Crusoe          (22a7f883508176489f559ee745b5bf5d) C:\Windows\system32\drivers\crusoe.sys
22:05:15.0232 5224        Crusoe - ok
22:05:15.0280 5224        DfsC            (a7179de59ae269ab70345527894ccd7c) C:\Windows\system32\Drivers\dfsc.sys
22:05:15.0350 5224        DfsC - ok
22:05:15.0418 5224        disk            (841af4c4d41d3e3b2f244e976b0f7963) C:\Windows\system32\drivers\disk.sys
22:05:15.0429 5224        disk - ok
22:05:15.0477 5224        drmkaud        (ee472cd2c01f6f8e8aa1fa06ffef61b6) C:\Windows\system32\drivers\drmkaud.sys
22:05:15.0554 5224        drmkaud - ok
22:05:15.0607 5224        DXGKrnl        (a2b160c1bb13ee3303c342e551373c59) C:\Windows\System32\drivers\dxgkrnl.sys
22:05:15.0710 5224        DXGKrnl - ok
22:05:15.0767 5224        E1G60          (f88fb26547fd2ce6d0a5af2985892c48) C:\Windows\system32\DRIVERS\E1G60I32.sys
22:05:15.0905 5224        E1G60 - ok
22:05:15.0974 5224        Ecache          (0efc7531b936ee57fdb4e837664c509f) C:\Windows\system32\drivers\ecache.sys
22:05:15.0986 5224        Ecache - ok
22:05:16.0034 5224        elxstor        (e8f3f21a71720c84bcf423b80028359f) C:\Windows\system32\drivers\elxstor.sys
22:05:16.0054 5224        elxstor - ok
22:05:16.0128 5224        fastfat        (84a317cb0b3954d3768cdcd018dbf670) C:\Windows\system32\drivers\fastfat.sys
22:05:16.0198 5224        fastfat - ok
22:05:16.0228 5224        fdc            (63bdada84951b9c03e641800e176898a) C:\Windows\system32\DRIVERS\fdc.sys
22:05:16.0302 5224        fdc - ok
22:05:16.0329 5224        FileInfo        (65773d6115c037ffd7ef8280ae85eb9d) C:\Windows\system32\drivers\fileinfo.sys
22:05:16.0340 5224        FileInfo - ok
22:05:16.0368 5224        Filetrace      (c226dd0de060745f3e042f58dcf78402) C:\Windows\system32\drivers\filetrace.sys
22:05:16.0442 5224        Filetrace - ok
22:05:16.0480 5224        flpydisk        (6603957eff5ec62d25075ea8ac27de68) C:\Windows\system32\DRIVERS\flpydisk.sys
22:05:16.0561 5224        flpydisk - ok
22:05:16.0681 5224        FltMgr          (a6a8da7ae4d53394ab22ac3ab6d3f5d3) C:\Windows\system32\drivers\fltmgr.sys
22:05:16.0694 5224        FltMgr - ok
22:05:16.0727 5224        Fs_Rec          (66a078591208baa210c7634b11eb392c) C:\Windows\system32\drivers\Fs_Rec.sys
22:05:16.0779 5224        Fs_Rec - ok
22:05:16.0805 5224        gagp30kx        (4e1cd0a45c50a8882616cae5bf82f3c5) C:\Windows\system32\drivers\gagp30kx.sys
22:05:16.0818 5224        gagp30kx - ok
22:05:16.0889 5224        HdAudAddService (cb04c744be0a61b1d648faed182c3b59) C:\Windows\system32\drivers\HdAudio.sys
22:05:17.0035 5224        HdAudAddService - ok
22:05:17.0071 5224        HDAudBus        (0db613a7e427b5663563677796fd5258) C:\Windows\system32\DRIVERS\HDAudBus.sys
22:05:17.0110 5224        HDAudBus - ok
22:05:17.0131 5224        HidBth          (1338520e78d90154ed6be8f84de5fceb) C:\Windows\system32\drivers\hidbth.sys
22:05:17.0205 5224        HidBth - ok
22:05:17.0237 5224        HidIr          (ff3160c3a2445128c5a6d9b076da519e) C:\Windows\system32\drivers\hidir.sys
22:05:17.0292 5224        HidIr - ok
22:05:17.0322 5224        HidUsb          (01e7971e9f4bd6ac6a08db52d0ea0418) C:\Windows\system32\DRIVERS\hidusb.sys
22:05:17.0362 5224        HidUsb - ok
22:05:17.0393 5224        HpCISSs        (df353b401001246853763c4b7aaa6f50) C:\Windows\system32\drivers\hpcisss.sys
22:05:17.0403 5224        HpCISSs - ok
22:05:17.0453 5224        HTTP            (ea24fe637d974a8a31bc650f478e3533) C:\Windows\system32\drivers\HTTP.sys
22:05:17.0515 5224        HTTP - ok
22:05:17.0540 5224        i2omp          (324c2152ff2c61abae92d09f3cca4d63) C:\Windows\system32\drivers\i2omp.sys
22:05:17.0551 5224        i2omp - ok
22:05:17.0609 5224        i8042prt        (1c9ee072baa3abb460b91d7ee9152660) C:\Windows\system32\DRIVERS\i8042prt.sys
22:05:17.0667 5224        i8042prt - ok
22:05:17.0697 5224        iaStor          (294110966cedd127629c5be48367c8cf) C:\Windows\system32\drivers\iastor.sys
22:05:17.0759 5224        iaStor - ok
22:05:17.0792 5224        iaStorV        (c957bf4b5d80b46c5017bf0101e6c906) C:\Windows\system32\drivers\iastorv.sys
22:05:17.0810 5224        iaStorV - ok
22:05:17.0836 5224        iirsp          (2d077bf86e843f901d8db709c95b49a5) C:\Windows\system32\drivers\iirsp.sys
22:05:17.0848 5224        iirsp - ok
22:05:17.0949 5224        IntcAzAudAddService (4fa59a84069d9d0991bae34cc4aff99c) C:\Windows\system32\drivers\RTKVHDA.sys
22:05:18.0100 5224        IntcAzAudAddService - ok
22:05:18.0135 5224        intelide        (97469037714070e45194ed318d636401) C:\Windows\system32\drivers\intelide.sys
22:05:18.0145 5224        intelide - ok
22:05:18.0191 5224        intelppm        (ce44cc04262f28216dd4341e9e36a16f) C:\Windows\system32\DRIVERS\intelppm.sys
22:05:18.0273 5224        intelppm - ok
22:05:18.0333 5224        IpFilterDriver  (880c6f86cc3f551b8fea2c11141268c0) C:\Windows\system32\DRIVERS\ipfltdrv.sys
22:05:18.0415 5224        IpFilterDriver - ok
22:05:18.0434 5224        IpInIp - ok
22:05:18.0465 5224        IPMIDRV        (40f34f8aba2a015d780e4b09138b6c17) C:\Windows\system32\drivers\ipmidrv.sys
22:05:18.0526 5224        IPMIDRV - ok
22:05:18.0549 5224        IPNAT          (10077c35845101548037df04fd1a420b) C:\Windows\system32\DRIVERS\ipnat.sys
22:05:18.0622 5224        IPNAT - ok
22:05:18.0648 5224        IRENUM          (a82f328f4792304184642d6d397bb1e3) C:\Windows\system32\drivers\irenum.sys
22:05:18.0720 5224        IRENUM - ok
22:05:18.0754 5224        isapnp          (350fca7e73cf65bcef43fae1e4e91293) C:\Windows\system32\drivers\isapnp.sys
22:05:18.0765 5224        isapnp - ok
22:05:18.0794 5224        iScsiPrt        (4dca456d4d5723f8fa9c6760d240b0df) C:\Windows\system32\DRIVERS\msiscsi.sys
22:05:18.0806 5224        iScsiPrt - ok
22:05:18.0834 5224        iteatapi        (bced60d16156e428f8df8cf27b0df150) C:\Windows\system32\drivers\iteatapi.sys
22:05:18.0845 5224        iteatapi - ok
22:05:18.0872 5224        iteraid        (06fa654504a498c30adca8bec4e87e7e) C:\Windows\system32\drivers\iteraid.sys
22:05:18.0883 5224        iteraid - ok
22:05:18.0912 5224        kbdclass        (b076b2ab806b3f696dab21375389101c) C:\Windows\system32\DRIVERS\kbdclass.sys
22:05:18.0922 5224        kbdclass - ok
22:05:18.0953 5224        kbdhid          (d2600cb17b7408b4a83f231dc9a11ac3) C:\Windows\system32\drivers\kbdhid.sys
22:05:19.0038 5224        kbdhid - ok
22:05:19.0100 5224        KSecDD          (0a829977b078dea11641fc2af87ceade) C:\Windows\system32\Drivers\ksecdd.sys
22:05:19.0125 5224        KSecDD - ok
22:05:19.0180 5224        lltdio          (fd015b4f95daa2b712f0e372a116fbad) C:\Windows\system32\DRIVERS\lltdio.sys
22:05:19.0254 5224        lltdio - ok
22:05:19.0298 5224        LSI_FC          (a2262fb9f28935e862b4db46438c80d2) C:\Windows\system32\drivers\lsi_fc.sys
22:05:19.0310 5224        LSI_FC - ok
22:05:19.0348 5224        LSI_SAS        (30d73327d390f72a62f32c103daf1d6d) C:\Windows\system32\drivers\lsi_sas.sys
22:05:19.0359 5224        LSI_SAS - ok
22:05:19.0394 5224        LSI_SCSI        (e1e36fefd45849a95f1ab81de0159fe3) C:\Windows\system32\drivers\lsi_scsi.sys
22:05:19.0404 5224        LSI_SCSI - ok
22:05:19.0429 5224        luafv          (42885bb44b6e065b8575a8dd6c430c52) C:\Windows\system32\drivers\luafv.sys
22:05:19.0498 5224        luafv - ok
22:05:19.0537 5224        megasas        (d153b14fc6598eae8422a2037553adce) C:\Windows\system32\drivers\megasas.sys
22:05:19.0547 5224        megasas - ok
22:05:19.0568 5224        Modem          (21755967298a46fb6adfec9db6012211) C:\Windows\system32\drivers\modem.sys
22:05:19.0623 5224        Modem - ok
22:05:19.0660 5224        monitor        (7446e104a5fe5987ca9e4983fbac4f97) C:\Windows\system32\DRIVERS\monitor.sys
22:05:19.0707 5224        monitor - ok
22:05:19.0728 5224        mouclass        (5fba13c1a1841b0885d316ed3589489d) C:\Windows\system32\DRIVERS\mouclass.sys
22:05:19.0742 5224        mouclass - ok
22:05:19.0762 5224        mouhid          (b569b5c5d3bde545df3a6af512cccdba) C:\Windows\system32\DRIVERS\mouhid.sys
22:05:19.0794 5224        mouhid - ok
22:05:19.0837 5224        MountMgr        (01f1e5a3e4877c931cbb31613fec16a6) C:\Windows\system32\drivers\mountmgr.sys
22:05:19.0848 5224        MountMgr - ok
22:05:19.0891 5224        mpio            (583a41f26278d9e0ea548163d6139397) C:\Windows\system32\drivers\mpio.sys
22:05:19.0903 5224        mpio - ok
22:05:19.0927 5224        mpsdrv          (6e7a7f0c1193ee5648443fe2d4b789ec) C:\Windows\system32\drivers\mpsdrv.sys
22:05:19.0977 5224        mpsdrv - ok
22:05:20.0009 5224        Mraid35x        (4fbbb70d30fd20ec51f80061703b001e) C:\Windows\system32\drivers\mraid35x.sys
22:05:20.0019 5224        Mraid35x - ok
22:05:20.0056 5224        MRxDAV          (1d8828b98ee309d65e006f0829e280e5) C:\Windows\system32\drivers\mrxdav.sys
22:05:20.0096 5224        MRxDAV - ok
22:05:20.0125 5224        mrxsmb          (8af705ce1bb907932157fab821170f27) C:\Windows\system32\DRIVERS\mrxsmb.sys
22:05:20.0154 5224        mrxsmb - ok
22:05:20.0192 5224        mrxsmb10        (47e13ab23371be3279eef22bbfa2c1be) C:\Windows\system32\DRIVERS\mrxsmb10.sys
22:05:20.0229 5224        mrxsmb10 - ok
22:05:20.0258 5224        mrxsmb20        (90b3fc7bd6b3d7ee7635debba2187f66) C:\Windows\system32\DRIVERS\mrxsmb20.sys
22:05:20.0294 5224        mrxsmb20 - ok
22:05:20.0332 5224        msahci          (742aed7939e734c36b7e8d6228ce26b7) C:\Windows\system32\drivers\msahci.sys
22:05:20.0342 5224        msahci - ok
22:05:20.0364 5224        msdsm          (3fc82a2ae4cc149165a94699183d3028) C:\Windows\system32\drivers\msdsm.sys
22:05:20.0377 5224        msdsm - ok
22:05:20.0430 5224        Msfs            (729eafefd4e7417165f353a18dbe947d) C:\Windows\system32\drivers\Msfs.sys
22:05:20.0505 5224        Msfs - ok
22:05:20.0550 5224        msisadrv        (5f454a16a5146cd91a176d70f0cfa3ec) C:\Windows\system32\drivers\msisadrv.sys
22:05:20.0560 5224        msisadrv - ok
22:05:20.0597 5224        MSKSSRV        (892cedefa7e0ffe7be8da651b651d047) C:\Windows\system32\drivers\MSKSSRV.sys
22:05:20.0666 5224        MSKSSRV - ok
22:05:20.0702 5224        MSPCLOCK        (ae2cb1da69b2676b4cee2a501af5871c) C:\Windows\system32\drivers\MSPCLOCK.sys
22:05:20.0773 5224        MSPCLOCK - ok
22:05:20.0800 5224        MSPQM          (f910da84fa90c44a3addb7cd874463fd) C:\Windows\system32\drivers\MSPQM.sys
22:05:20.0858 5224        MSPQM - ok
22:05:20.0891 5224        MsRPC          (84571c0ae07647ba38d493f5f0015df7) C:\Windows\system32\drivers\MsRPC.sys
22:05:20.0904 5224        MsRPC - ok
22:05:20.0933 5224        mssmbios        (4385c80ede885e25492d408cad91bd6f) C:\Windows\system32\DRIVERS\mssmbios.sys
22:05:20.0944 5224        mssmbios - ok
22:05:20.0974 5224        MSTEE          (c826dd1373f38afd9ca46ec3c436a14e) C:\Windows\system32\drivers\MSTEE.sys
22:05:21.0049 5224        MSTEE - ok
22:05:21.0078 5224        Mup            (fa7aa70050cf5e2d15de00941e5665e5) C:\Windows\system32\Drivers\mup.sys
22:05:21.0088 5224        Mup - ok
22:05:21.0136 5224        NativeWifiP    (6da4a0fc7c0e83df0cb3cfd0a514c3bc) C:\Windows\system32\DRIVERS\nwifi.sys
22:05:21.0189 5224        NativeWifiP - ok
22:05:21.0240 5224        NDIS            (227c11e1e7cf6ef8afb2a238d209760c) C:\Windows\system32\drivers\ndis.sys
22:05:21.0267 5224        NDIS - ok
22:05:21.0317 5224        NdisTapi        (81659cdcbd0f9a9e07e6878ad8c78d3f) C:\Windows\system32\DRIVERS\ndistapi.sys
22:05:21.0347 5224        NdisTapi - ok
22:05:21.0370 5224        Ndisuio        (5de5ee546bf40838ebe0e01cb629df64) C:\Windows\system32\DRIVERS\ndisuio.sys
22:05:21.0444 5224        Ndisuio - ok
22:05:21.0479 5224        NdisWan        (397402adcbb8946223a1950101f6cd94) C:\Windows\system32\DRIVERS\ndiswan.sys
22:05:21.0542 5224        NdisWan - ok
22:05:21.0559 5224        NDProxy        (1b24fa907af283199a81b3bb37e5e526) C:\Windows\system32\drivers\NDProxy.sys
22:05:21.0595 5224        NDProxy - ok
22:05:21.0642 5224        NetBIOS        (356dbb9f98e8dc1028dd3092fceeb877) C:\Windows\system32\DRIVERS\netbios.sys
22:05:21.0716 5224        NetBIOS - ok
22:05:21.0754 5224        netbt          (e3a168912e7eefc3bd3b814720d68b41) C:\Windows\system32\DRIVERS\netbt.sys
22:05:21.0835 5224        netbt - ok
22:05:21.0890 5224        nfrd960        (2e7fb731d4790a1bc6270accefacb36e) C:\Windows\system32\drivers\nfrd960.sys
22:05:21.0902 5224        nfrd960 - ok
22:05:21.0941 5224        nmwcd - ok
22:05:21.0972 5224        Npfs            (4f9832beb9fafd8ceb0e541f1323b26e) C:\Windows\system32\drivers\Npfs.sys
22:05:22.0050 5224        Npfs - ok
22:05:22.0090 5224        nsiproxy        (b488dfec274de1fc9d653870ef2587be) C:\Windows\system32\drivers\nsiproxy.sys
22:05:22.0149 5224        nsiproxy - ok
22:05:22.0225 5224        Ntfs            (37430aa7a66d7a63407adc2c0d05e9f6) C:\Windows\system32\drivers\Ntfs.sys
22:05:22.0287 5224        Ntfs - ok
22:05:22.0320 5224        ntrigdigi      (e875c093aec0c978a90f30c9e0dfbb72) C:\Windows\system32\drivers\ntrigdigi.sys
22:05:22.0393 5224        ntrigdigi - ok
22:05:22.0421 5224        Null            (ec5efb3c60f1b624648344a328bce596) C:\Windows\system32\drivers\Null.sys
22:05:22.0497 5224        Null - ok
22:05:22.0534 5224        nvatabus        (7d960340be5b0e008bb94e4c3b991339) C:\Windows\system32\drivers\nvatabus.sys
22:05:22.0563 5224        nvatabus - ok
22:05:22.0585 5224        nvraid          (52f54c59a0ec7920c23638313e99e43c) C:\Windows\system32\drivers\nvraid.sys
22:05:22.0619 5224        nvraid - ok
22:05:22.0646 5224        nvstor          (9e0ba19a28c498a6d323d065db76dffc) C:\Windows\system32\drivers\nvstor.sys
22:05:22.0657 5224        nvstor - ok
22:05:22.0678 5224        nv_agp          (07c186427eb8fcc3d8d7927187f260f7) C:\Windows\system32\drivers\nv_agp.sys
22:05:22.0692 5224        nv_agp - ok
22:05:22.0707 5224        NwlnkFlt - ok
22:05:22.0724 5224        NwlnkFwd - ok
22:05:22.0767 5224        ohci1394        (be32da025a0be1878f0ee8d6d9386cd5) C:\Windows\system32\drivers\ohci1394.sys
22:05:22.0848 5224        ohci1394 - ok
22:05:22.0904 5224        Parport        (0fa9b5055484649d63c303fe404e5f4d) C:\Windows\system32\drivers\parport.sys
22:05:22.0966 5224        Parport - ok
22:05:22.0994 5224        partmgr        (555a5b2c8022983bc7467bc925b222ee) C:\Windows\system32\drivers\partmgr.sys
22:05:23.0005 5224        partmgr - ok
22:05:23.0033 5224        Parvdm          (4f9a6a8a31413180d0fcb279ad5d8112) C:\Windows\system32\drivers\parvdm.sys
22:05:23.0109 5224        Parvdm - ok
22:05:23.0177 5224        pccsmcfd        (fd2041e9ba03db7764b2248f02475079) C:\Windows\system32\DRIVERS\pccsmcfd.sys
22:05:23.0203 5224        pccsmcfd - ok
22:05:23.0227 5224        pci            (1085d75657807e0e8b32f9e19a1647c3) C:\Windows\system32\drivers\pci.sys
22:05:23.0240 5224        pci - ok
22:05:23.0284 5224        pciide          (caba65e9c41cd2900d4c92d4f825c5f8) C:\Windows\system32\drivers\pciide.sys
22:05:23.0297 5224        pciide - ok
22:05:23.0345 5224        pcmcia          (e6f3fb1b86aa519e7698ad05e58b04e5) C:\Windows\system32\drivers\pcmcia.sys
22:05:23.0360 5224        pcmcia - ok
22:05:23.0405 5224        PEAUTH          (6349f6ed9c623b44b52ea3c63c831a92) C:\Windows\system32\drivers\peauth.sys
22:05:23.0538 5224        PEAUTH - ok
22:05:23.0635 5224        PptpMiniport    (c04dec5ace67c5247b150c4223970bb7) C:\Windows\system32\DRIVERS\raspptp.sys
22:05:23.0662 5224        PptpMiniport - ok
22:05:23.0688 5224        Processor      (0e3cef5d28b40cf273281d620c50700a) C:\Windows\system32\drivers\processr.sys
22:05:23.0768 5224        Processor - ok
22:05:23.0839 5224        PSched          (2c8bae55247c4e09352e870292e4d1ab) C:\Windows\system32\DRIVERS\pacer.sys
22:05:23.0875 5224        PSched - ok
22:05:23.0970 5224        ql2300          (ccdac889326317792480c0a67156a1ec) C:\Windows\system32\drivers\ql2300.sys
22:05:24.0062 5224        ql2300 - ok
22:05:24.0097 5224        ql40xx          (81a7e5c076e59995d54bc1ed3a16e60b) C:\Windows\system32\drivers\ql40xx.sys
22:05:24.0125 5224        ql40xx - ok
22:05:24.0169 5224        QWAVEdrv        (d2b3e2b7426dc23e185fbc73c8936c12) C:\Windows\system32\drivers\qwavedrv.sys
22:05:24.0213 5224        QWAVEdrv - ok
22:05:24.0309 5224        R300            (252826c4bc88b01e945c2d3c6603f3b0) C:\Windows\system32\DRIVERS\atikmdag.sys
22:05:24.0450 5224        R300 - ok
22:05:24.0484 5224        RasAcd          (bd7b30f55b3649506dd8b3d38f571d2a) C:\Windows\system32\DRIVERS\rasacd.sys
22:05:24.0561 5224        RasAcd - ok
22:05:24.0602 5224        Rasl2tp        (68b0019fee429ec49d29017af937e482) C:\Windows\system32\DRIVERS\rasl2tp.sys
22:05:24.0631 5224        Rasl2tp - ok
22:05:24.0671 5224        RasPppoe        (ccf4e9c6cbbac81437f88cb2ae0b6c96) C:\Windows\system32\DRIVERS\raspppoe.sys
22:05:24.0742 5224        RasPppoe - ok
22:05:24.0778 5224        rdbss          (54129c5d9581bbec8bd1ebd3ba813f47) C:\Windows\system32\DRIVERS\rdbss.sys
22:05:24.0860 5224        rdbss - ok
22:05:24.0874 5224        RDPCDD          (794585276b5d7fca9f3fc15543f9f0b9) C:\Windows\system32\DRIVERS\RDPCDD.sys
22:05:24.0946 5224        RDPCDD - ok
22:05:24.0999 5224        rdpdr          (e8bd98d46f2ed77132ba927fccb47d8b) C:\Windows\system32\drivers\rdpdr.sys
22:05:25.0084 5224        rdpdr - ok
22:05:25.0098 5224        RDPENCDD        (980b56e2e273e19d3a9d72d5c420f008) C:\Windows\system32\drivers\rdpencdd.sys
22:05:25.0156 5224        RDPENCDD - ok
22:05:25.0189 5224        RDPWD          (8830e790a74a96605faba74f9665bb3c) C:\Windows\system32\drivers\RDPWD.sys
22:05:25.0247 5224        RDPWD - ok
22:05:25.0295 5224        rspndr          (97e939d2128fec5d5a3e6e79b290a2f4) C:\Windows\system32\DRIVERS\rspndr.sys
22:05:25.0350 5224        rspndr - ok
22:05:25.0394 5224        RTL8169        (2d19a7469ea19993d0c12e627f4530bc) C:\Windows\system32\DRIVERS\Rtlh86.sys
22:05:25.0409 5224        RTL8169 - ok
22:05:25.0453 5224        sbp2port        (3ce8f073a557e172b330109436984e30) C:\Windows\system32\drivers\sbp2port.sys
22:05:25.0465 5224        sbp2port - ok
22:05:25.0522 5224        secdrv          (90a3935d05b494a5a39d37e71f09a677) C:\Windows\system32\drivers\secdrv.sys
22:05:25.0592 5224        secdrv - ok
22:05:25.0633 5224        Serenum        (68e44e331d46f0fb38f0863a84cd1a31) C:\Windows\system32\drivers\serenum.sys
22:05:25.0708 5224        Serenum - ok
22:05:25.0741 5224        Serial          (c70d69a918b178d3c3b06339b40c2e1b) C:\Windows\system32\drivers\serial.sys
22:05:25.0820 5224        Serial - ok
22:05:25.0858 5224        sermouse        (450accd77ec5cea720c1cdb9e26b953b) C:\Windows\system32\drivers\sermouse.sys
22:05:25.0891 5224        sermouse - ok
22:05:25.0940 5224        sffdisk        (103b79418da647736ee95645f305f68a) C:\Windows\system32\drivers\sffdisk.sys
22:05:26.0017 5224        sffdisk - ok
22:05:26.0052 5224        sffp_mmc        (8fd08a310645fe872eeec6e08c6bf3ee) C:\Windows\system32\drivers\sffp_mmc.sys
22:05:26.0112 5224        sffp_mmc - ok
22:05:26.0132 5224        sffp_sd        (9cfa05fcfcb7124e69cfc812b72f9614) C:\Windows\system32\drivers\sffp_sd.sys
22:05:26.0211 5224        sffp_sd - ok
22:05:26.0238 5224        sfloppy        (46ed8e91793b2e6f848015445a0ac188) C:\Windows\system32\drivers\sfloppy.sys
22:05:26.0310 5224        sfloppy - ok
22:05:26.0352 5224        sisagp          (d2a595d6eebeeaf4334f8e50efbc9931) C:\Windows\system32\drivers\sisagp.sys
22:05:26.0363 5224        sisagp - ok
22:05:26.0390 5224        SiSRaid2        (b8a2f8dcdc75f19962d975727f393920) C:\Windows\system32\drivers\sisraid2.sys
22:05:26.0434 5224        SiSRaid2 - ok
22:05:26.0465 5224        SiSRaid4        (df843c528c4f69d12ce41ce462e973a7) C:\Windows\system32\drivers\sisraid4.sys
22:05:26.0476 5224        SiSRaid4 - ok
22:05:26.0526 5224        Smb            (ac0d90738adb51a6fd12ff00874a2162) C:\Windows\system32\DRIVERS\smb.sys
22:05:26.0600 5224        Smb - ok
22:05:26.0673 5224        smserial        (c8a58fc905c9184fa70e37f71060c64d) C:\Windows\system32\DRIVERS\smserial.sys
22:05:26.0793 5224        smserial - ok
22:05:26.0836 5224        spldr          (426f9b029aa9162ceccf65369457d046) C:\Windows\system32\drivers\spldr.sys
22:05:26.0846 5224        spldr - ok
22:05:26.0895 5224        srv            (038579c35f7cad4a4bbf735dbf83277d) C:\Windows\system32\DRIVERS\srv.sys
22:05:26.0954 5224        srv - ok
22:05:26.0997 5224        srv2            (6971a757af8cb5e2cbcbb76cc530db6c) C:\Windows\system32\DRIVERS\srv2.sys
22:05:27.0048 5224        srv2 - ok
22:05:27.0080 5224        srvnet          (9e1a4603b874eebce0298113951abefb) C:\Windows\system32\DRIVERS\srvnet.sys
22:05:27.0095 5224        srvnet - ok
22:05:27.0138 5224        ssmdrv          (a36ee93698802cd899f98bfd553d8185) C:\Windows\system32\DRIVERS\ssmdrv.sys
22:05:27.0148 5224        ssmdrv - ok
22:05:27.0192 5224        swenum          (1379bdb336f8158c176a465e30759f57) C:\Windows\system32\DRIVERS\swenum.sys
22:05:27.0202 5224        swenum - ok
22:05:27.0241 5224        Symc8xx        (192aa3ac01df071b541094f251deed10) C:\Windows\system32\drivers\symc8xx.sys
22:05:27.0252 5224        Symc8xx - ok
22:05:27.0277 5224        Sym_hi          (8c8eb8c76736ebaf3b13b633b2e64125) C:\Windows\system32\drivers\sym_hi.sys
22:05:27.0287 5224        Sym_hi - ok
22:05:27.0308 5224        Sym_u3          (8072af52b5fd103bbba387a1e49f62cb) C:\Windows\system32\drivers\sym_u3.sys
22:05:27.0319 5224        Sym_u3 - ok
22:05:27.0396 5224        Tcpip          (4a82fa8f0df67aa354580c3faaf8bde3) C:\Windows\system32\drivers\tcpip.sys
22:05:27.0462 5224        Tcpip - ok
22:05:27.0502 5224        Tcpip6          (4a82fa8f0df67aa354580c3faaf8bde3) C:\Windows\system32\DRIVERS\tcpip.sys
22:05:27.0534 5224        Tcpip6 - ok
22:05:27.0576 5224        tcpipreg        (5ce0c4a7b12d0067dad527d72b68c726) C:\Windows\system32\drivers\tcpipreg.sys
22:05:27.0635 5224        tcpipreg - ok
22:05:27.0656 5224        TDPIPE          (964248aef49c31fa6a93201a73ffaf50) C:\Windows\system32\drivers\tdpipe.sys
22:05:27.0737 5224        TDPIPE - ok
22:05:27.0771 5224        TDTCP          (7d2c1ae1648a60fce4aa0f7982e419d3) C:\Windows\system32\drivers\tdtcp.sys
22:05:27.0848 5224        TDTCP - ok
22:05:27.0882 5224        tdx            (ab4fde8af4a0270a46a001c08cbce1c2) C:\Windows\system32\DRIVERS\tdx.sys
22:05:27.0956 5224        tdx - ok
22:05:27.0984 5224        TermDD          (2c549bd9dd091fbfaa0a2a48e82ec2fb) C:\Windows\system32\DRIVERS\termdd.sys
22:05:27.0995 5224        TermDD - ok
22:05:28.0076 5224        tssecsrv        (29f0eca726f0d51f7e048bdb0b372f29) C:\Windows\system32\DRIVERS\tssecsrv.sys
22:05:28.0135 5224        tssecsrv - ok
22:05:28.0168 5224        tunmp          (65e953bc0084d44498b51f59784d2a82) C:\Windows\system32\DRIVERS\tunmp.sys
22:05:28.0181 5224        tunmp - ok
22:05:28.0202 5224        tunnel          (4a39bda5e0fd30bdf4884f9d33ae6105) C:\Windows\system32\DRIVERS\tunnel.sys
22:05:28.0216 5224        tunnel - ok
22:05:28.0255 5224        uagp35          (c3ade15414120033a36c0f293d4a4121) C:\Windows\system32\drivers\uagp35.sys
22:05:28.0266 5224        uagp35 - ok
22:05:28.0294 5224        udfs            (6348da98707ceda8a0dfb05820e17732) C:\Windows\system32\DRIVERS\udfs.sys
22:05:28.0354 5224        udfs - ok
22:05:28.0394 5224        uliagpkx        (75e6890ebfce0841d3291b02e7a8bdb0) C:\Windows\system32\drivers\uliagpkx.sys
22:05:28.0404 5224        uliagpkx - ok
22:05:28.0431 5224        uliahci        (3cd4ea35a6221b85dcc25daa46313f8d) C:\Windows\system32\drivers\uliahci.sys
22:05:28.0449 5224        uliahci - ok
22:05:28.0468 5224        UlSata          (8514d0e5cd0534467c5fc61be94a569f) C:\Windows\system32\drivers\ulsata.sys
22:05:28.0483 5224        UlSata - ok
22:05:28.0518 5224        ulsata2        (38c3c6e62b157a6bc46594fada45c62b) C:\Windows\system32\drivers\ulsata2.sys
22:05:28.0531 5224        ulsata2 - ok
22:05:28.0561 5224        umbus          (3fb78f1d1dd86d87bececd9dffa24dd9) C:\Windows\system32\DRIVERS\umbus.sys
22:05:28.0620 5224        umbus - ok
22:05:28.0653 5224        upperdev - ok
22:05:28.0688 5224        usbccgp        (8bd3ae150d97ba4e633c6c5c51b41ae1) C:\Windows\system32\drivers\usbccgp.sys
22:05:28.0757 5224        usbccgp - ok
22:05:28.0785 5224        usbcir          (e9476e6c486e76bc4898074768fb7131) C:\Windows\system32\drivers\usbcir.sys
22:05:28.0840 5224        usbcir - ok
22:05:28.0875 5224        usbehci        (2f83363f98484f8edaf49f9b41520d14) C:\Windows\system32\DRIVERS\usbehci.sys
22:05:28.0921 5224        usbehci - ok
22:05:28.0954 5224        usbhub          (14d2a4dcd92c0b3368667aed6893463d) C:\Windows\system32\DRIVERS\usbhub.sys
22:05:28.0988 5224        usbhub - ok
22:05:29.0018 5224        usbohci        (51dc36722172d45f2f935ce5cc18a812) C:\Windows\system32\DRIVERS\usbohci.sys
22:05:29.0045 5224        usbohci - ok
22:05:29.0080 5224        usbprint        (b51e52acf758be00ef3a58ea452fe360) C:\Windows\system32\DRIVERS\usbprint.sys
22:05:29.0139 5224        usbprint - ok
22:05:29.0169 5224        USBSTOR        (7887ce56934e7f104e98c975f47353c5) C:\Windows\system32\DRIVERS\USBSTOR.SYS
22:05:29.0195 5224        USBSTOR - ok
22:05:29.0233 5224        usbuhci        (325dbbacb8a36af9988ccf40eac228cc) C:\Windows\system32\DRIVERS\usbuhci.sys
22:05:29.0308 5224        usbuhci - ok
22:05:29.0354 5224        vga            (7d92be0028ecdedec74617009084b5ef) C:\Windows\system32\DRIVERS\vgapnp.sys
22:05:29.0429 5224        vga - ok
22:05:29.0473 5224        VgaSave        (17a8f877314e4067f8c8172cc6d9101c) C:\Windows\System32\drivers\vga.sys
22:05:29.0546 5224        VgaSave - ok
22:05:29.0578 5224        viaagp          (045d9961e591cf0674a920b6ba3ba5cb) C:\Windows\system32\drivers\viaagp.sys
22:05:29.0590 5224        viaagp - ok
22:05:29.0616 5224        ViaC7          (56a4de5f02f2e88182b0981119b4dd98) C:\Windows\system32\drivers\viac7.sys
22:05:29.0694 5224        ViaC7 - ok
22:05:29.0724 5224        viaide          (fd2e3175fcada350c7ab4521dca187ec) C:\Windows\system32\drivers\viaide.sys
22:05:29.0735 5224        viaide - ok
22:05:29.0777 5224        viamraid        (9f3f276c7300ed211129757a411b605f) C:\Windows\system32\drivers\viamraid.sys
22:05:29.0806 5224        viamraid - ok
22:05:29.0840 5224        volmgr          (103e84c95832d0ed93507997cc7b54e8) C:\Windows\system32\drivers\volmgr.sys
22:05:29.0851 5224        volmgr - ok
22:05:29.0880 5224        volmgrx        (294da8d3f965f6a8db934a83c7b461ff) C:\Windows\system32\drivers\volmgrx.sys
22:05:29.0898 5224        volmgrx - ok
22:05:29.0916 5224        volsnap        (80dc0c9bcb579ed9815001a4d37cbfd5) C:\Windows\system32\drivers\volsnap.sys
22:05:29.0931 5224        volsnap - ok
22:05:29.0956 5224        vsmraid        (d984439746d42b30fc65a4c3546c6829) C:\Windows\system32\drivers\vsmraid.sys
22:05:29.0968 5224        vsmraid - ok
22:05:30.0007 5224        WacomPen        (48dfee8f1af7c8235d4e626f0c4fe031) C:\Windows\system32\drivers\wacompen.sys
22:05:30.0088 5224        WacomPen - ok
22:05:30.0120 5224        Wanarp          (6798c1209a53b5a0ded8d437c45145ff) C:\Windows\system32\DRIVERS\wanarp.sys
22:05:30.0151 5224        Wanarp - ok
22:05:30.0176 5224        Wanarpv6        (6798c1209a53b5a0ded8d437c45145ff) C:\Windows\system32\DRIVERS\wanarp.sys
22:05:30.0191 5224        Wanarpv6 - ok
22:05:30.0219 5224        Wd              (afc5ad65b991c1e205cf25cfdbf7a6f4) C:\Windows\system32\drivers\wd.sys
22:05:30.0230 5224        Wd - ok
22:05:30.0279 5224        Wdf01000        (9950e3d0f08141c7e89e64456ae7dc73) C:\Windows\system32\drivers\Wdf01000.sys
22:05:30.0322 5224        Wdf01000 - ok
22:05:30.0418 5224        WmiAcpi        (701a9f884a294327e9141d73746ee279) C:\Windows\system32\drivers\wmiacpi.sys
22:05:30.0473 5224        WmiAcpi - ok
22:05:30.0536 5224        WpdUsb          (2d27171b16a577ef14c1273668753485) C:\Windows\system32\DRIVERS\wpdusb.sys
22:05:30.0613 5224        WpdUsb - ok
22:05:30.0658 5224        ws2ifsl        (84620aecdcfd2a7a14e6263927d8c0ed) C:\Windows\system32\drivers\ws2ifsl.sys
22:05:30.0710 5224        ws2ifsl - ok
22:05:30.0770 5224        WUDFRd          (a2aafcc8a204736296d937c7c545b53f) C:\Windows\system32\DRIVERS\WUDFRd.sys
22:05:30.0848 5224        WUDFRd - ok
22:05:30.0899 5224        MBR (0x1B8)    (5c616939100b85e558da92b899a0fc36) \Device\Harddisk0\DR0
22:05:31.0065 5224        \Device\Harddisk0\DR0 - ok
22:05:31.0076 5224        Boot (0x1200)  (96dda879b76f396bb89af88fd80bcdfe) \Device\Harddisk0\DR0\Partition0
22:05:31.0078 5224        \Device\Harddisk0\DR0\Partition0 - ok
22:05:31.0120 5224        Boot (0x1200)  (826c46bda0c4efdba599c7949c72bc7b) \Device\Harddisk0\DR0\Partition1
22:05:31.0122 5224        \Device\Harddisk0\DR0\Partition1 - ok
22:05:31.0123 5224        ============================================================
22:05:31.0123 5224        Scan finished
22:05:31.0123 5224        ============================================================
22:05:31.0175 2928        Detected object count: 0
22:05:31.0175 2928        Actual detected object count: 0


Alle Zeitangaben in WEZ +1. Es ist jetzt 20:49 Uhr.
Seite 1 von 2 1 2
100 Beiträge dieses Themas auf einer Seite anzeigen

Copyright ©2000-2025, Trojaner-Board


Search Engine Optimization by vBSEO ©2011, Crawlability, Inc.

1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28 29 30 31 32 33 34 35 36 37 38 39 40 41 42 43 44 45 46 47 48 49 50 51 52 53 54 55 56 57 58 59 60 61 62 63 64 65 66 67 68 69 70 71 72 73 74 75 76 77 78 79 80 81 82 83 84 85 86 87 88 89 90 91 92 93 94 95 96 97 98 99 100 101 102 103 104 105 106 107 108 109 110 111 112 113 114 115 116 117 118 119 120 121 122 123 124 125 126 127 128 129 130 131