Trojaner-Board
Seite 1 von 2 1 2
100 Beiträge dieses Themas auf einer Seite anzeigen

Trojaner-Board (https://www.trojaner-board.de/)
-   Plagegeister aller Art und deren Bekämpfung (https://www.trojaner-board.de/plagegeister-aller-art-deren-bekaempfung/)
-   -   Win32/Kryptik.ACPZ und Win32/Gataka.A gefunden (https://www.trojaner-board.de/111661-win32-kryptik-acpz-win32-gataka-a-gefunden.html)

rivkah 16.03.2012 20:53
Win32/Kryptik.ACPZ und Win32/Gataka.A gefunden
 
Hallo,
ich habe mir diverse Trojaner eingefangen. Meine Online- Bank hat mich darauf gebracht, da ließ sich die Startseite nicht mehr vollständig laden und nach dem Login kam nicht meine Kontoseite sondern nur eine weiße. Ich hab mich mit diversen Scannern mal auf die Suche gemacht und auch einige Trojaner gefunden, die hab ich schon gelöscht-Neustart-neuer Scan:sauber-manuelle Suche:sauber. Ich hatte allerdings weiter Probleme mit der Online-Bank Seite; Firefox ist extrem langsam, hängt sich oft auf.Wenn ich dann beende und versuche neu zu starten kommt immer die Meldung, dass das Programm gerade noch verwendet wird. Desweiteren funktioniert mein Drucker nicht mehr und wenn ich auf den Windows User Ordner klicke, poppt ein Installationsfenster auf und versucht etwas zu installieren.
Ich habe jetzt noch einen EsetScan gemacht, der hat folgendes entdeckt:

C:\Users\Rebekka\AppData\Roaming\Sun\{6C7F4AFA-6826-4E93-BEA6-C57F44B93611}\UpgradeHelper.exe a variant of Win32/Kryptik.ACPZ trojan
Operating memory a variant of Win32/Gataka.A trojan

Damit bin ich überfordert. Bitte um Hilfe.Vielen Dank im Voraus.


Defogger: Da kam finished, aber kein OK, nur das Anfangsfenster mit Disable/Reenable-das ist jetzt noch offen. Warnmeldung kam keine.

defogger_disable by jpshortstuff (23.02.10.1)
Log created at 20:41 on 16/03/2012 (Rebekka)

Checking for autostart values...
HKCU\~\Run values retrieved.
HKLM\~\Run values retrieved.

Checking for services/drivers...


-=E.O.F=-

DDS:

.
DDS (Ver_2011-08-26.01) - NTFSx86
Internet Explorer: 8.0.6001.19190 BrowserJavaVersion: 1.6.0_24
Run by Rebekka at 16:26:04 on 2012-03-16
Microsoft® Windows Vista™ Home Premium 6.0.6002.2.1252.49.1031.18.2012.951 [GMT 1:00]
.
AV: Rising Antivirus *Enabled/Updated* {C0AEEC5C-BBDB-2745-3E22-21BEC65323A5}
SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
SP: Rising Antivirus *Enabled/Updated* {7BCF0DB8-9DE1-28CB-0492-1ACCBDD46918}
.
============== Running Processes ===============
.
C:\Windows\system32\wininit.exe
C:\Windows\system32\lsm.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\svchost.exe -k rpcss
C:\Program Files\Rising\RSD\RsMgrSvc.exe
C:\Program Files\Rising\RAV\RavMonD.exe
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k netsvcs
C:\Windows\system32\svchost.exe -k GPSvcGroup
C:\Windows\system32\SLsvc.exe
C:\Windows\system32\svchost.exe -k LocalService
C:\Windows\system32\svchost.exe -k NetworkService
C:\Windows\System32\spoolsv.exe
C:\Windows\system32\taskeng.exe
C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files\Cisco Systems\VPN Client\cvpnd.exe
C:\Windows\system32\svchost.exe -k hpdevmgmt
C:\Program Files\System Control Manager\MSIService.exe
C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted
C:\Windows\system32\svchost.exe -k imgsvc
C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosBtSrv.exe
C:\Windows\System32\svchost.exe -k WerSvcGroup
C:\Windows\system32\SearchIndexer.exe
C:\Windows\system32\Dwm.exe
C:\Windows\system32\taskeng.exe
C:\Windows\Explorer.EXE
C:\Windows\RtHDVCpl.exe
C:\Program Files\Motorola\SMSERIAL\sm56hlpr.exe
C:\Program Files\System Control Manager\MGSysCtrl.exe
C:\Windows\System32\hkcmd.exe
C:\Windows\System32\igfxpers.exe
C:\Windows\system32\igfxsrvc.exe
C:\Program Files\Rising\Rav\RsTray.exe
C:\Program Files\Rising\RSD\popwndexe.exe
C:\Program Files\Windows Sidebar\sidebar.exe
C:\Windows\ehome\ehtray.exe
C:\Windows\system32\wbem\unsecapp.exe
C:\Windows\ehome\ehmsas.exe
C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosBtMng.exe
C:\Windows\system32\wbem\wmiprvse.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosA2dp.exe
C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosBtHid.exe
C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosBtHsp.exe
C:\Program Files\Symantec\LiveUpdate\AluSchedulerSvc.exe
C:\Windows\system32\conime.exe
C:\Windows\System32\mobsync.exe
C:\Windows\system32\WUDFHost.exe
C:\Program Files\Windows Defender\MSASCui.exe
C:\Windows\System32\svchost.exe -k secsvcs
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\Mozilla Firefox\plugin-container.exe
C:\Program Files\Mozilla Firefox\plugin-container.exe
C:\PROGRA~1\Java\jre6\bin\jp2launcher.exe
C:\Program Files\java\jre6\bin\java.exe
C:\Users\Rebekka\Desktop\Defogger.exe
C:\Windows\system32\SearchProtocolHost.exe
C:\Windows\system32\SearchFilterHost.exe
C:\Windows\system32\wbem\wmiprvse.exe
C:\Windows\system32\DllHost.exe
C:\Windows\system32\DllHost.exe
.
============== Pseudo HJT Report ===============
.
uStart Page = hxxp://global.nytimes.com/?iht
uDefault_Page_URL = hxxp://www.msi.com.tw
mDefault_Page_URL = hxxp://www.msi.com.tw
uInternet Settings,ProxyOverride = *.local
BHO: HP Print Enhancer: {0347c33e-8762-4905-bf09-768834316c61} - c:\program files\hp\digital imaging\smart web printing\hpswp_printenhancer.dll
BHO: {602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} - No File
BHO: Java(tm) Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dll
BHO: HP Smart BHO Class: {ffffffff-cf4e-4f2b-bdc2-0e72e116a856} - c:\program files\hp\digital imaging\smart web printing\hpswp_BHO.dll
TB: {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - No File
EB: HP Smart Web Printing: {555d4d79-4bd2-4094-a395-cfc534424a05} - c:\program files\hp\digital imaging\smart web printing\hpswp_bho.dll
uRun: [Sidebar] c:\program files\windows sidebar\sidebar.exe /autoRun
uRun: [ehTray.exe] c:\windows\ehome\ehTray.exe
uRun: [LicenseValidator] c:\users\rebekka\appdata\roaming\identities\{b567fb2c-f497-48b6-a9fc-8646e2e5b9b0}\LicenseValidator.exe
mRun: [Windows Defender] %ProgramFiles%\Windows Defender\MSASCui.exe -hide
mRun: [RtHDVCpl] RtHDVCpl.exe
mRun: [SMSERIAL] c:\program files\motorola\smserial\sm56hlpr.exe
mRun: [ITSecMng] %ProgramFiles%\TOSHIBA\Bluetooth Toshiba Stack\ItSecMng.exe /START
mRun: [MGSysCtrl] c:\program files\system control manager\MGSysCtrl.exe
mRun: [Skytel] Skytel.exe
mRun: [IgfxTray] c:\windows\system32\igfxtray.exe
mRun: [HotKeysCmds] c:\windows\system32\hkcmd.exe
mRun: [Persistence] c:\windows\system32\igfxpers.exe
mRun: [RavTRAY] "c:\program files\rising\rav\RSTRAY.EXE" -system
StartupFolder: c:\progra~2\micros~1\windows\startm~1\programs\startup\blueto~1.lnk - c:\program files\toshiba\bluetooth toshiba stack\TosBtMng.exe
StartupFolder: c:\progra~2\micros~1\windows\startm~1\programs\startup\hpdigi~1.lnk - c:\program files\hp\digital imaging\bin\hpqtra08.exe
StartupFolder: c:\progra~2\micros~1\windows\startm~1\programs\startup\vpncli~1.lnk - c:\windows\installer\{1ce60928-8325-49a8-8b06-633e48dd2b67}\Icon3E5562ED7.ico
mPolicies-explorer: BindDirectlyToPropertySetStorage = 0 (0x0)
mPolicies-system: EnableUIADesktopToggle = 0 (0x0)
IE: E&xport to Microsoft Excel - c:\progra~1\micros~2\office12\EXCEL.EXE/3000
IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - c:\progra~1\micros~2\office12\ONBttnIE.dll
IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - c:\progra~1\micros~2\office12\REFIEBAR.DLL
IE: {DDE87865-83C5-48c4-8357-2F5B1AA84522} - {DDE87865-83C5-48c4-8357-2F5B1AA84522} - c:\program files\hp\digital imaging\smart web printing\hpswp_BHO.dll
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_24-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_24-windows-i586.cab
TCP: DhcpNameServer = 192.168.2.1
TCP: Interfaces\{5FC69EB0-6B5A-4BB6-9711-93CAA4F8145A} : DhcpNameServer = 192.168.2.1
Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - c:\progra~1\common~1\skype\SKYPE4~1.DLL
Notify: igfxcui - igfxdev.dll
.
================= FIREFOX ===================
.
FF - ProfilePath - c:\users\rebekka\appdata\roaming\mozilla\firefox\profiles\gsyu7wrg.default\
FF - prefs.js: browser.startup.homepage - hxxp://global.nytimes.com/?iht
FF - prefs.js: keyword.URL - hxxp://toolbar.ask.com/toolbarv/askRedirect?o=101699&gct=&gc=1&q=
FF - plugin: c:\program files\divx\divx ovs helper\npovshelper.dll
FF - plugin: c:\program files\divx\divx plus web player\npdivx32.dll
FF - plugin: c:\program files\java\jre6\bin\new_plugin\npdeployJava1.dll
FF - plugin: c:\program files\mozilla firefox\plugins\npdeployJava1.dll
FF - plugin: c:\program files\mozilla firefox\plugins\npFoxitReaderPlugin.dll
.
============= SERVICES / DRIVERS ===============
.
R1 hooksys;hooksys;c:\windows\system32\drivers\Hooksys.sys [2011-4-29 173336]
R1 HookTdi;HookTdi;c:\windows\system32\drivers\HookTdi.sys [2011-4-29 23576]
R1 HyperVM;HyperVM;c:\windows\system32\drivers\hvm.sys [2011-4-29 31896]
R1 IDSvix86;Symantec Intrusion Prevention Driver;c:\progra~2\symantec\defini~1\symcdata\ipsdefs\20090625.001\IDSvix86.sys [2009-6-30 272432]
R2 Micro Star SCM;Micro Star SCM;c:\program files\system control manager\MSIService.exe [2008-9-17 159744]
R2 rsdsys;rsd protect;c:\windows\system32\drivers\protreg.sys [2011-6-2 17336]
R2 RsMgrSvc;Rsd Service;c:\program files\rising\rsd\RsMgrSvc.exe [2011-4-29 150168]
R2 RsRavMon;Rav Service;c:\program files\rising\rav\RavMonD.exe [2011-4-29 264448]
R3 enecir;ENE CIR Receiver;c:\windows\system32\drivers\enecir.sys [2008-9-17 54784]
S3 netr28;Ralink 802.11n Wireless Driver for Windows Vista;c:\windows\system32\drivers\netr28.sys [2008-9-17 380416]
S3 NETw5v32;Intel(R) Wireless WiFi Link Adapter Driver for Windows Vista 32 Bit ;c:\windows\system32\drivers\NETw5v32.sys [2008-9-17 3658752]
S3 PKWCap;PKWCap service;c:\windows\system32\drivers\PKWCap.sys [2008-9-17 995328]
.
=============== Created Last 30 ================
.
2012-03-16 14:17:17 -------- d-----w- c:\users\rebekka\appdata\roaming\f-secure
2012-03-16 14:16:43 -------- d-----w- c:\programdata\F-Secure
2012-03-16 11:37:56 -------- d-----w- c:\program files\ESET
2012-03-16 09:13:04 6552120 ----a-w- c:\programdata\microsoft\windows defender\definition updates\{f71e041a-d4f5-4f89-8740-33195d11637b}\mpengine.dll
2012-03-15 12:17:33 -------- d-----w- c:\programdata\Kaspersky Lab
2012-03-14 22:54:13 -------- d-----w- c:\windows\pss
2012-03-14 22:08:14 77312 ----a-w- c:\windows\system32\ztvunace26.dll
2012-03-14 22:08:14 598528 ----a-w- c:\windows\system32\ztv7z.dll
2012-03-14 22:08:13 75264 ----a-w- c:\windows\system32\unacev2.dll
2012-03-14 22:08:13 69632 ----a-w- c:\windows\system32\ztvcabinet.dll
2012-03-14 22:08:13 178176 ----a-w- c:\windows\system32\ztvunrar39.dll
2012-03-14 22:08:13 162304 ----a-w- c:\windows\system32\ztvunrar36.dll
2012-03-14 22:08:13 153088 ----a-w- c:\windows\system32\UNRAR3.dll
2012-03-14 22:08:08 -------- d-----w- c:\users\rebekka\appdata\roaming\Simply Super Software
2012-03-14 22:08:08 -------- d-----w- c:\programdata\Simply Super Software
2012-03-14 22:08:08 -------- d-----w- c:\program files\Trojan Remover
2012-03-14 15:26:29 2044416 ----a-w- c:\windows\system32\win32k.sys
2012-03-14 15:26:14 613376 ----a-w- c:\windows\system32\rdpencom.dll
2012-03-14 15:26:14 180736 ----a-w- c:\windows\system32\drivers\rdpwd.sys
2012-03-07 21:16:59 -------- d-----w- c:\users\rebekka\appdata\roaming\Google Inc
2012-03-03 18:32:15 -------- d-----w- c:\users\rebekka\appdata\roaming\TeamViewer
.
==================== Find3M ====================
.
2012-02-23 08:18:36 237072 ------w- c:\windows\system32\MpSigStub.exe
2011-12-24 23:17:15 255352 ----a-w- c:\windows\system32\awrdscdc.ax
2009-08-20 08:43:42 9819136 ----a-w- c:\program files\openofficeorg31.msi
2009-03-26 10:36:32 451928 ----a-w- c:\program files\setup.exe
2002-03-11 09:06:30 1822520 ----a-w- c:\program files\instmsiw.exe
2002-03-11 08:45:04 1708856 ----a-w- c:\program files\instmsia.exe
.
============= FINISH: 16:29:06,63 ===============


Gmer:
GMER 1.0.15.15641 - hxxp://www.gmer.net
Rootkit scan 2012-03-16 19:51:23
Windows 6.0.6002 Service Pack 2 Harddisk0\DR0 -> \Device\Ide\IdeDeviceP0T0L0-0 FUJITSU_MHZ2250BH_G2 rev.00000009
Running: bhllslvu.exe; Driver: C:\Users\Rebekka\AppData\Local\Temp\uxdiqfog.sys


---- System - GMER 1.0.15 ----

SSDT \??\C:\Windows\system32\drivers\HOOKHELP.sys ZwAlpcSendWaitReceivePort [0x8D3599F7]
SSDT \??\C:\Windows\system32\drivers\HOOKHELP.sys ZwAssignProcessToJobObject [0x8D359952]
SSDT \??\C:\Windows\system32\drivers\HOOKHELP.sys ZwCreateKey [0x8D359AFF]
SSDT \??\C:\Windows\system32\drivers\HOOKHELP.sys ZwCreateMutant [0x8D3599D6]
SSDT \??\C:\Windows\system32\drivers\HOOKHELP.sys ZwCreateSection [0x8D359D30]
SSDT \??\C:\Windows\system32\drivers\HOOKHELP.sys ZwCreateSymbolicLinkObject [0x8D359ADE]
SSDT \??\C:\Windows\system32\drivers\HOOKHELP.sys ZwCreateThread [0x8D359763]
SSDT \??\C:\Windows\system32\drivers\HOOKHELP.sys ZwDebugActiveProcess [0x8D3598CE]
SSDT \??\C:\Windows\system32\drivers\HOOKHELP.sys ZwDeleteKey [0x8D359B41]
SSDT \??\C:\Windows\system32\drivers\HOOKHELP.sys ZwDeleteValueKey [0x8D359B20]
SSDT \??\C:\Windows\system32\drivers\HOOKHELP.sys ZwDeviceIoControlFile [0x8D359973]
SSDT \??\C:\Windows\system32\drivers\HOOKHELP.sys ZwDuplicateObject [0x8D359A9C]
SSDT \??\C:\Windows\system32\drivers\HOOKHELP.sys ZwLoadDriver [0x8D359721]
SSDT \??\C:\Windows\system32\drivers\HOOKHELP.sys ZwLockVirtualMemory [0x8D35988C]
SSDT \??\C:\Windows\system32\drivers\HOOKHELP.sys ZwOpenKey [0x8D359BC5]
SSDT \??\C:\Windows\system32\drivers\HOOKHELP.sys ZwOpenProcess [0x8D359A39]
SSDT \??\C:\Windows\system32\drivers\HOOKHELP.sys ZwOpenSection [0x8D3597A5]
SSDT \??\C:\Windows\system32\drivers\HOOKHELP.sys ZwProtectVirtualMemory [0x8D35986B]
SSDT \??\C:\Windows\system32\drivers\HOOKHELP.sys ZwQueryDirectoryFile [0x8D3599B5]
SSDT \??\C:\Windows\system32\drivers\HOOKHELP.sys ZwQuerySystemInformation [0x8D359A7B]
SSDT \??\C:\Windows\system32\drivers\HOOKHELP.sys ZwQueryValueKey [0x8D359931]
SSDT \??\C:\Windows\system32\drivers\HOOKHELP.sys ZwQueueApcThread [0x8D35984A]
SSDT \??\C:\Windows\system32\drivers\HOOKHELP.sys ZwRenameKey [0x8D359B62]
SSDT \??\C:\Windows\system32\drivers\HOOKHELP.sys ZwRequestWaitReplyPort [0x8D359910]
SSDT \??\C:\Windows\system32\drivers\HOOKHELP.sys ZwRestoreKey [0x8D359BA4]
SSDT \??\C:\Windows\system32\drivers\HOOKHELP.sys ZwSetContextThread [0x8D359808]
SSDT \??\C:\Windows\system32\drivers\HOOKHELP.sys ZwSetInformationProcess [0x8D359A5A]
SSDT \??\C:\Windows\system32\drivers\HOOKHELP.sys ZwSetSecurityObject [0x8D359B83]
SSDT \??\C:\Windows\system32\drivers\HOOKHELP.sys ZwSetSystemInformation [0x8D3598AD]
SSDT \??\C:\Windows\system32\drivers\HOOKHELP.sys ZwSetSystemTime [0x8D359994]
SSDT \??\C:\Windows\system32\drivers\HOOKHELP.sys ZwSuspendProcess [0x8D359829]
SSDT \??\C:\Windows\system32\drivers\HOOKHELP.sys ZwSuspendThread [0x8D3597E7]
SSDT \??\C:\Windows\system32\drivers\HOOKHELP.sys ZwSystemDebugControl [0x8D3598EF]
SSDT \??\C:\Windows\system32\drivers\HOOKHELP.sys ZwTerminateProcess [0x8D359700]
SSDT \??\C:\Windows\system32\drivers\HOOKHELP.sys ZwTerminateThread [0x8D3597C6]
SSDT \??\C:\Windows\system32\drivers\HOOKHELP.sys ZwUnmapViewOfSection [0x8D359A18]
SSDT \??\C:\Windows\system32\drivers\HOOKHELP.sys ZwWriteVirtualMemory [0x8D359742]
SSDT \??\C:\Windows\system32\drivers\HOOKHELP.sys ZwCreateThreadEx [0x8D359784]
SSDT \??\C:\Windows\system32\drivers\HOOKHELP.sys ZwCreateUserProcess [0x8D359ABD]

Code \??\C:\Windows\system32\drivers\HOOKHELP.sys ZwSetValueKey [0x8D35B0A2]
Code \??\C:\Windows\system32\drivers\HOOKHELP.sys ObReferenceObjectByHandle

---- Kernel code sections - GMER 1.0.15 ----

.text ntkrnlpa.exe!KeSetEvent + 181 820B3904 4 Bytes [F7, 99, 35, 8D]
.text ntkrnlpa.exe!KeSetEvent + 191 820B3914 4 Bytes [52, 99, 35, 8D]
.text ntkrnlpa.exe!KeSetEvent + 1E9 820B396C 4 Bytes [FF, 9A, 35, 8D]
.text ntkrnlpa.exe!KeSetEvent + 1F5 820B3978 4 Bytes [D6, 99, 35, 8D]
.text ntkrnlpa.exe!KeSetEvent + 215 820B3998 4 Bytes [30, 9D, 35, 8D]
.text ...
PAGE ntkrnlpa.exe!ZwSetValueKey 821E53C2 5 Bytes JMP 8D35B0A6 \??\C:\Windows\system32\drivers\HOOKHELP.sys
PAGE ntkrnlpa.exe!ObReferenceObjectByHandle 82234F40 5 Bytes JMP 8D35B078 \??\C:\Windows\system32\drivers\HOOKHELP.sys

---- User code sections - GMER 1.0.15 ----

.text C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosBtHid.exe[2576] kernel32.dll!CreateProcessW 764A1BF3 5 Bytes JMP 008E1642
.text C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosBtHid.exe[2576] kernel32.dll!CreateProcessA 764A1C28 1 Byte [E9]
.text C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosBtHid.exe[2576] kernel32.dll!CreateProcessA 764A1C28 5 Bytes JMP 008E152C
.text C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosBtHid.exe[2576] ADVAPI32.dll!CreateProcessAsUserA 7665CEB9 5 Bytes JMP 008E1758
.text C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosBtHid.exe[2576] ADVAPI32.dll!CreateProcessAsUserW 76671EE9 5 Bytes JMP 008E1871
.text C:\Program Files\Internet Explorer\iexplore.exe[2808] kernel32.dll!CreateProcessW 764A1BF3 5 Bytes JMP 00A61642
.text C:\Program Files\Internet Explorer\iexplore.exe[2808] kernel32.dll!CreateProcessA 764A1C28 1 Byte [E9]
.text C:\Program Files\Internet Explorer\iexplore.exe[2808] kernel32.dll!CreateProcessA 764A1C28 5 Bytes JMP 00A6152C
.text C:\Program Files\Internet Explorer\iexplore.exe[2808] ADVAPI32.dll!CreateProcessAsUserA 7665CEB9 5 Bytes JMP 00A61758
.text C:\Program Files\Internet Explorer\iexplore.exe[2808] ADVAPI32.dll!CreateProcessAsUserW 76671EE9 5 Bytes JMP 00A61871
.text C:\Program Files\Internet Explorer\iexplore.exe[2808] USER32.dll!CreateDialogParamW 764072A2 5 Bytes JMP 6F02DEA0 C:\Windows\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[2808] USER32.dll!GetAsyncKeyState 7640863C 5 Bytes JMP 6EF48F27 C:\Windows\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[2808] USER32.dll!SetWindowsHookExW 764087AD 5 Bytes JMP 6F029AA5 C:\Windows\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[2808] USER32.dll!CallNextHookEx 76408E3B 5 Bytes JMP 6F01D119 C:\Windows\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[2808] USER32.dll!UnhookWindowsHookEx 764098DB 5 Bytes JMP 6EF94686 C:\Windows\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[2808] USER32.dll!EnableWindow 7640CD8B 5 Bytes JMP 6F02DD2D C:\Windows\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[2808] USER32.dll!CreateWindowExW 76411305 5 Bytes JMP 6F02DB14 C:\Windows\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[2808] USER32.dll!GetKeyState 76418CB1 5 Bytes JMP 6F02D2DB C:\Windows\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[2808] USER32.dll!IsDialogMessageW 76420745 5 Bytes JMP 6EF55A17 C:\Windows\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[2808] USER32.dll!CreateDialogParamA 764217AA 5 Bytes JMP 6F12601B C:\Windows\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[2808] USER32.dll!IsDialogMessage 76421847 5 Bytes JMP 6F1258B7 C:\Windows\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[2808] USER32.dll!CreateDialogIndirectParamA 764226F1 5 Bytes JMP 6F126052 C:\Windows\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[2808] USER32.dll!CreateDialogIndirectParamW 76429A62 5 Bytes JMP 6F126089 C:\Windows\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[2808] USER32.dll!SetKeyboardState 76430987 5 Bytes JMP 6F125C26 C:\Windows\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[2808] USER32.dll!DialogBoxParamW 764310B0 5 Bytes JMP 6EF55505 C:\Windows\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[2808] USER32.dll!DialogBoxIndirectParamW 76432EF5 5 Bytes JMP 6F1253AF C:\Windows\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[2808] USER32.dll!SendInput 76432F75 5 Bytes JMP 6F1267E3 C:\Windows\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[2808] USER32.dll!EndDialog 7643326E 5 Bytes JMP 6EF57EC2 C:\Windows\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[2808] USER32.dll!SetCursorPos 76446FB2 5 Bytes JMP 6F126837 C:\Windows\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[2808] USER32.dll!DialogBoxParamA 76448152 5 Bytes JMP 6F12534C C:\Windows\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[2808] USER32.dll!DialogBoxIndirectParamA 7644847D 5 Bytes JMP 6F125412 C:\Windows\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[2808] USER32.dll!MessageBoxIndirectA 7645D4D9 5 Bytes JMP 6F1252E1 C:\Windows\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[2808] USER32.dll!MessageBoxIndirectW 7645D5D3 5 Bytes JMP 6F125276 C:\Windows\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[2808] USER32.dll!MessageBoxExA 7645D639 5 Bytes JMP 6F125214 C:\Windows\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[2808] USER32.dll!MessageBoxExW 7645D65D 5 Bytes JMP 6F1251B2 C:\Windows\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[2808] USER32.dll!keybd_event 7645D972 5 Bytes JMP 6F126B67 C:\Windows\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[2808] SHELL32.dll!SHRestricted + D95 767A89A8 4 Bytes [4D, 30, 64, 6D]
.text C:\Program Files\Internet Explorer\iexplore.exe[2808] SHELL32.dll!SHRestricted + D9D 767A89B0 8 Bytes [57, 2F, 64, 6D, 9C, 5B, 63, ...]
.text C:\Program Files\Internet Explorer\iexplore.exe[2808] ole32.dll!OleLoadFromStream 778C1E80 5 Bytes JMP 6F125717 C:\Windows\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[2808] ole32.dll!CoCreateInstance 778F9F3E 5 Bytes JMP 6F02DB70 C:\Windows\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[2808] WS2_32.dll!closesocket 7630330C 5 Bytes JMP 033E8F70
.text C:\Program Files\Internet Explorer\iexplore.exe[2808] WS2_32.dll!connect 763040D9 5 Bytes JMP 033E8CE0
.text C:\Program Files\Internet Explorer\iexplore.exe[2808] WS2_32.dll!getpeername 7631A863 5 Bytes JMP 033E8F00
.text C:\Program Files\Internet Explorer\iexplore.exe[2820] kernel32.dll!CreateProcessW 764A1BF3 5 Bytes JMP 01F81642
.text C:\Program Files\Internet Explorer\iexplore.exe[2820] kernel32.dll!CreateProcessA 764A1C28 1 Byte [E9]
.text C:\Program Files\Internet Explorer\iexplore.exe[2820] kernel32.dll!CreateProcessA 764A1C28 5 Bytes JMP 01F8152C
.text C:\Program Files\Internet Explorer\iexplore.exe[2820] ADVAPI32.dll!CreateProcessAsUserA 7665CEB9 5 Bytes JMP 01F81758
.text C:\Program Files\Internet Explorer\iexplore.exe[2820] ADVAPI32.dll!CreateProcessAsUserW 76671EE9 5 Bytes JMP 01F81871
.text C:\Program Files\Internet Explorer\iexplore.exe[2820] USER32.dll!CreateWindowExW 76411305 5 Bytes JMP 6F02DB14 C:\Windows\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[2820] USER32.dll!DialogBoxParamW 764310B0 5 Bytes JMP 6EF55505 C:\Windows\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[2820] USER32.dll!DialogBoxIndirectParamW 76432EF5 5 Bytes JMP 6F1253AF C:\Windows\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[2820] USER32.dll!DialogBoxParamA 76448152 5 Bytes JMP 6F12534C C:\Windows\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[2820] USER32.dll!DialogBoxIndirectParamA 7644847D 5 Bytes JMP 6F125412 C:\Windows\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[2820] USER32.dll!MessageBoxIndirectA 7645D4D9 5 Bytes JMP 6F1252E1 C:\Windows\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[2820] USER32.dll!MessageBoxIndirectW 7645D5D3 5 Bytes JMP 6F125276 C:\Windows\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[2820] USER32.dll!MessageBoxExA 7645D639 5 Bytes JMP 6F125214 C:\Windows\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[2820] USER32.dll!MessageBoxExW 7645D65D 5 Bytes JMP 6F1251B2 C:\Windows\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[2820] WS2_32.dll!closesocket 7630330C 5 Bytes JMP 03538F70
.text C:\Program Files\Internet Explorer\iexplore.exe[2820] WS2_32.dll!connect 763040D9 5 Bytes JMP 03538CE0
.text C:\Program Files\Internet Explorer\iexplore.exe[2820] WS2_32.dll!getpeername 7631A863 5 Bytes JMP 03538F00
.text C:\Windows\system32\Dwm.exe[2876] kernel32.dll!CreateProcessW 764A1BF3 5 Bytes JMP 057E1642
.text C:\Windows\system32\Dwm.exe[2876] kernel32.dll!CreateProcessA 764A1C28 1 Byte [E9]
.text C:\Windows\system32\Dwm.exe[2876] kernel32.dll!CreateProcessA 764A1C28 5 Bytes JMP 057E152C
.text C:\Windows\system32\Dwm.exe[2876] ADVAPI32.dll!CreateProcessAsUserA 7665CEB9 5 Bytes JMP 057E1758
.text C:\Windows\system32\Dwm.exe[2876] ADVAPI32.dll!CreateProcessAsUserW 76671EE9 5 Bytes JMP 057E1871
.text C:\Windows\system32\taskeng.exe[2916] kernel32.dll!CreateProcessW 764A1BF3 5 Bytes JMP 02CF1642
.text C:\Windows\system32\taskeng.exe[2916] kernel32.dll!CreateProcessA 764A1C28 1 Byte [E9]
.text C:\Windows\system32\taskeng.exe[2916] kernel32.dll!CreateProcessA 764A1C28 5 Bytes JMP 02CF152C
.text C:\Windows\system32\taskeng.exe[2916] ADVAPI32.dll!CreateProcessAsUserA 7665CEB9 5 Bytes JMP 02CF1758
.text C:\Windows\system32\taskeng.exe[2916] ADVAPI32.dll!CreateProcessAsUserW 76671EE9 5 Bytes JMP 02CF1871
.text C:\Windows\Explorer.EXE[2944] kernel32.dll!CreateProcessW 764A1BF3 5 Bytes JMP 05CB1642
.text C:\Windows\Explorer.EXE[2944] kernel32.dll!CreateProcessA 764A1C28 1 Byte [E9]
.text C:\Windows\Explorer.EXE[2944] kernel32.dll!CreateProcessA 764A1C28 5 Bytes JMP 05CB152C
.text C:\Windows\Explorer.EXE[2944] ADVAPI32.dll!CreateProcessAsUserA 7665CEB9 5 Bytes JMP 05CB1758
.text C:\Windows\Explorer.EXE[2944] ADVAPI32.dll!CreateProcessAsUserW 76671EE9 5 Bytes JMP 05CB1871
.text C:\Windows\RtHDVCpl.exe[3140] kernel32.dll!CreateProcessW 764A1BF3 5 Bytes JMP 02801642
.text C:\Windows\RtHDVCpl.exe[3140] kernel32.dll!CreateProcessA 764A1C28 1 Byte [E9]
.text C:\Windows\RtHDVCpl.exe[3140] kernel32.dll!CreateProcessA 764A1C28 5 Bytes JMP 0280152C
.text C:\Windows\RtHDVCpl.exe[3140] ADVAPI32.dll!CreateProcessAsUserA 7665CEB9 5 Bytes JMP 02801758
.text C:\Windows\RtHDVCpl.exe[3140] ADVAPI32.dll!CreateProcessAsUserW 76671EE9 5 Bytes JMP 02801871
.text C:\Program Files\Motorola\SMSERIAL\sm56hlpr.exe[3156] kernel32.dll!CreateProcessW 764A1BF3 5 Bytes JMP 029E1642
.text C:\Program Files\Motorola\SMSERIAL\sm56hlpr.exe[3156] kernel32.dll!CreateProcessA 764A1C28 1 Byte [E9]
.text C:\Program Files\Motorola\SMSERIAL\sm56hlpr.exe[3156] kernel32.dll!CreateProcessA 764A1C28 5 Bytes JMP 029E152C
.text C:\Program Files\Motorola\SMSERIAL\sm56hlpr.exe[3156] ADVAPI32.dll!CreateProcessAsUserA 7665CEB9 5 Bytes JMP 029E1758
.text C:\Program Files\Motorola\SMSERIAL\sm56hlpr.exe[3156] ADVAPI32.dll!CreateProcessAsUserW 76671EE9 5 Bytes JMP 029E1871
.text C:\Program Files\System Control Manager\MGSysCtrl.exe[3280] kernel32.dll!CreateProcessW 764A1BF3 5 Bytes JMP 01CB1642
.text C:\Program Files\System Control Manager\MGSysCtrl.exe[3280] kernel32.dll!CreateProcessA 764A1C28 1 Byte [E9]
.text C:\Program Files\System Control Manager\MGSysCtrl.exe[3280] kernel32.dll!CreateProcessA 764A1C28 5 Bytes JMP 01CB152C
.text C:\Program Files\System Control Manager\MGSysCtrl.exe[3280] ADVAPI32.dll!CreateProcessAsUserA 7665CEB9 5 Bytes JMP 01CB1758
.text C:\Program Files\System Control Manager\MGSysCtrl.exe[3280] ADVAPI32.dll!CreateProcessAsUserW 76671EE9 5 Bytes JMP 01CB1871
.text C:\Windows\System32\hkcmd.exe[3352] kernel32.dll!CreateProcessW 764A1BF3 5 Bytes JMP 01D41642
.text C:\Windows\System32\hkcmd.exe[3352] kernel32.dll!CreateProcessA 764A1C28 1 Byte [E9]
.text C:\Windows\System32\hkcmd.exe[3352] kernel32.dll!CreateProcessA 764A1C28 5 Bytes JMP 01D4152C
.text C:\Windows\System32\hkcmd.exe[3352] ADVAPI32.dll!CreateProcessAsUserA 7665CEB9 5 Bytes JMP 01D41758
.text C:\Windows\System32\hkcmd.exe[3352] ADVAPI32.dll!CreateProcessAsUserW 76671EE9 5 Bytes JMP 01D41871
.text C:\Windows\System32\igfxpers.exe[3364] kernel32.dll!CreateProcessW 764A1BF3 5 Bytes JMP 01A61642
.text C:\Windows\System32\igfxpers.exe[3364] kernel32.dll!CreateProcessA 764A1C28 1 Byte [E9]
.text C:\Windows\System32\igfxpers.exe[3364] kernel32.dll!CreateProcessA 764A1C28 5 Bytes JMP 01A6152C
.text C:\Windows\System32\igfxpers.exe[3364] ADVAPI32.dll!CreateProcessAsUserA 7665CEB9 5 Bytes JMP 01A61758
.text C:\Windows\System32\igfxpers.exe[3364] ADVAPI32.dll!CreateProcessAsUserW 76671EE9 5 Bytes JMP 01A61871
.text C:\Windows\system32\igfxsrvc.exe[3396] kernel32.dll!CreateProcessW 764A1BF3 5 Bytes JMP 01B31642
.text C:\Windows\system32\igfxsrvc.exe[3396] kernel32.dll!CreateProcessA 764A1C28 1 Byte [E9]
.text C:\Windows\system32\igfxsrvc.exe[3396] kernel32.dll!CreateProcessA 764A1C28 5 Bytes JMP 01B3152C
.text C:\Windows\system32\igfxsrvc.exe[3396] ADVAPI32.dll!CreateProcessAsUserA 7665CEB9 5 Bytes JMP 01B31758
.text C:\Windows\system32\igfxsrvc.exe[3396] ADVAPI32.dll!CreateProcessAsUserW 76671EE9 5 Bytes JMP 01B31871
.text C:\Program Files\Rising\Rav\RsTray.exe[3404] kernel32.dll!CreateProcessW 764A1BF3 5 Bytes JMP 05F91642
.text C:\Program Files\Rising\Rav\RsTray.exe[3404] kernel32.dll!CreateProcessA 764A1C28 1 Byte [E9]
.text C:\Program Files\Rising\Rav\RsTray.exe[3404] kernel32.dll!CreateProcessA 764A1C28 5 Bytes JMP 05F9152C
.text C:\Program Files\Rising\Rav\RsTray.exe[3404] ADVAPI32.dll!CreateProcessAsUserA 7665CEB9 5 Bytes JMP 05F91758
.text C:\Program Files\Rising\Rav\RsTray.exe[3404] ADVAPI32.dll!CreateProcessAsUserW 76671EE9 5 Bytes JMP 05F91871
.text C:\Program Files\Rising\RSD\popwndexe.exe[3452] kernel32.dll!CreateProcessW 764A1BF3 5 Bytes JMP 01BB1642
.text C:\Program Files\Rising\RSD\popwndexe.exe[3452] kernel32.dll!CreateProcessA 764A1C28 1 Byte [E9]
.text C:\Program Files\Rising\RSD\popwndexe.exe[3452] kernel32.dll!CreateProcessA 764A1C28 5 Bytes JMP 01BB152C
.text C:\Program Files\Rising\RSD\popwndexe.exe[3452] ADVAPI32.dll!CreateProcessAsUserA 7665CEB9 5 Bytes JMP 01BB1758
.text C:\Program Files\Rising\RSD\popwndexe.exe[3452] ADVAPI32.dll!CreateProcessAsUserW 76671EE9 5 Bytes JMP 01BB1871
.text C:\Program Files\Windows Sidebar\sidebar.exe[3464] kernel32.dll!CreateProcessW 764A1BF3 5 Bytes JMP 06301642
.text C:\Program Files\Windows Sidebar\sidebar.exe[3464] kernel32.dll!CreateProcessA 764A1C28 1 Byte [E9]
.text C:\Program Files\Windows Sidebar\sidebar.exe[3464] kernel32.dll!CreateProcessA 764A1C28 5 Bytes JMP 0630152C
.text C:\Program Files\Windows Sidebar\sidebar.exe[3464] ADVAPI32.dll!CreateProcessAsUserA 7665CEB9 5 Bytes JMP 06301758
.text C:\Program Files\Windows Sidebar\sidebar.exe[3464] ADVAPI32.dll!CreateProcessAsUserW 76671EE9 5 Bytes JMP 06301871
.text C:\Windows\ehome\ehtray.exe[3492] kernel32.dll!CreateProcessW 764A1BF3 5 Bytes JMP 02AB1642
.text C:\Windows\ehome\ehtray.exe[3492] kernel32.dll!CreateProcessA 764A1C28 1 Byte [E9]
.text C:\Windows\ehome\ehtray.exe[3492] kernel32.dll!CreateProcessA 764A1C28 5 Bytes JMP 02AB152C
.text C:\Windows\ehome\ehtray.exe[3492] ADVAPI32.dll!CreateProcessAsUserA 7665CEB9 5 Bytes JMP 02AB1758
.text C:\Windows\ehome\ehtray.exe[3492] ADVAPI32.dll!CreateProcessAsUserW 76671EE9 5 Bytes JMP 02AB1871
.text C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosA2dp.exe[3588] kernel32.dll!CreateProcessW 764A1BF3 5 Bytes JMP 02BD1642
.text C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosA2dp.exe[3588] kernel32.dll!CreateProcessA 764A1C28 1 Byte [E9]
.text C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosA2dp.exe[3588] kernel32.dll!CreateProcessA 764A1C28 5 Bytes JMP 02BD152C
.text C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosA2dp.exe[3588] ADVAPI32.dll!CreateProcessAsUserA 7665CEB9 5 Bytes JMP 02BD1758
.text C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosA2dp.exe[3588] ADVAPI32.dll!CreateProcessAsUserW 76671EE9 5 Bytes JMP 02BD1871
.text C:\Windows\system32\wbem\unsecapp.exe[3616] kernel32.dll!CreateProcessW 764A1BF3 5 Bytes JMP 00A21642
.text C:\Windows\system32\wbem\unsecapp.exe[3616] kernel32.dll!CreateProcessA 764A1C28 1 Byte [E9]
.text C:\Windows\system32\wbem\unsecapp.exe[3616] kernel32.dll!CreateProcessA 764A1C28 5 Bytes JMP 00A2152C
.text C:\Windows\system32\wbem\unsecapp.exe[3616] ADVAPI32.dll!CreateProcessAsUserA 7665CEB9 5 Bytes JMP 00A21758
.text C:\Windows\system32\wbem\unsecapp.exe[3616] ADVAPI32.dll!CreateProcessAsUserW 76671EE9 5 Bytes JMP 00A21871
.text C:\Windows\ehome\ehmsas.exe[3692] kernel32.dll!CreateProcessW 764A1BF3 5 Bytes JMP 025D1642
.text C:\Windows\ehome\ehmsas.exe[3692] kernel32.dll!CreateProcessA 764A1C28 1 Byte [E9]
.text C:\Windows\ehome\ehmsas.exe[3692] kernel32.dll!CreateProcessA 764A1C28 5 Bytes JMP 025D152C
.text C:\Windows\ehome\ehmsas.exe[3692] ADVAPI32.dll!CreateProcessAsUserA 7665CEB9 5 Bytes JMP 025D1758
.text C:\Windows\ehome\ehmsas.exe[3692] ADVAPI32.dll!CreateProcessAsUserW 76671EE9 5 Bytes JMP 025D1871
.text C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosBtMng.exe[3716] kernel32.dll!CreateProcessW 764A1BF3 5 Bytes JMP 02B11642
.text C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosBtMng.exe[3716] kernel32.dll!CreateProcessA 764A1C28 1 Byte [E9]
.text C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosBtMng.exe[3716] kernel32.dll!CreateProcessA 764A1C28 5 Bytes JMP 02B1152C
.text C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosBtMng.exe[3716] ADVAPI32.dll!CreateProcessAsUserA 7665CEB9 5 Bytes JMP 02B11758
.text C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosBtMng.exe[3716] ADVAPI32.dll!CreateProcessAsUserW 76671EE9 5 Bytes JMP 02B11871
.text C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosBtHsp.exe[3956] kernel32.dll!CreateProcessW 764A1BF3 5 Bytes JMP 028F1642
.text C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosBtHsp.exe[3956] kernel32.dll!CreateProcessA 764A1C28 1 Byte [E9]
.text C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosBtHsp.exe[3956] kernel32.dll!CreateProcessA 764A1C28 5 Bytes JMP 028F152C
.text C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosBtHsp.exe[3956] ADVAPI32.dll!CreateProcessAsUserA 7665CEB9 5 Bytes JMP 028F1758
.text C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosBtHsp.exe[3956] ADVAPI32.dll!CreateProcessAsUserW 76671EE9 5 Bytes JMP 028F1871
.text C:\Windows\system32\conime.exe[5368] kernel32.dll!CreateProcessW 764A1BF3 5 Bytes JMP 00681642
.text C:\Windows\system32\conime.exe[5368] kernel32.dll!CreateProcessA 764A1C28 1 Byte [E9]
.text C:\Windows\system32\conime.exe[5368] kernel32.dll!CreateProcessA 764A1C28 5 Bytes JMP 0068152C
.text C:\Windows\system32\conime.exe[5368] ADVAPI32.dll!CreateProcessAsUserA 7665CEB9 5 Bytes JMP 00681758
.text C:\Windows\system32\conime.exe[5368] ADVAPI32.dll!CreateProcessAsUserW 76671EE9 5 Bytes JMP 00681871
.text C:\Program Files\Windows Defender\MSASCui.exe[21836] kernel32.dll!CreateProcessW 764A1BF3 5 Bytes JMP 02341642
.text C:\Program Files\Windows Defender\MSASCui.exe[21836] kernel32.dll!CreateProcessA 764A1C28 1 Byte [E9]
.text C:\Program Files\Windows Defender\MSASCui.exe[21836] kernel32.dll!CreateProcessA 764A1C28 5 Bytes JMP 0234152C
.text C:\Program Files\Windows Defender\MSASCui.exe[21836] ADVAPI32.dll!CreateProcessAsUserA 7665CEB9 5 Bytes JMP 02341758
.text C:\Program Files\Windows Defender\MSASCui.exe[21836] ADVAPI32.dll!CreateProcessAsUserW 76671EE9 5 Bytes JMP 02341871
.text C:\Windows\System32\mobsync.exe[32108] kernel32.dll!CreateProcessW 764A1BF3 5 Bytes JMP 01A01642
.text C:\Windows\System32\mobsync.exe[32108] kernel32.dll!CreateProcessA 764A1C28 1 Byte [E9]
.text C:\Windows\System32\mobsync.exe[32108] kernel32.dll!CreateProcessA 764A1C28 5 Bytes JMP 01A0152C
.text C:\Windows\System32\mobsync.exe[32108] ADVAPI32.dll!CreateProcessAsUserA 7665CEB9 5 Bytes JMP 01A01758
.text C:\Windows\System32\mobsync.exe[32108] ADVAPI32.dll!CreateProcessAsUserW 76671EE9 5 Bytes JMP 01A01871

---- Devices - GMER 1.0.15 ----

Device \FileSystem\Ntfs \Ntfs HOOKHELP.sys
Device \FileSystem\fastfat \FatCdrom HOOKHELP.sys
Device \FileSystem\RAW \Device\RawTape HOOKHELP.sys

AttachedDevice \Driver\tdx \Device\Tcp HookTdi.sys

Device \FileSystem\rdbss \Device\FsWrap HOOKHELP.sys

AttachedDevice \Driver\tdx \Device\Udp HookTdi.sys
AttachedDevice \Driver\tdx \Device\RawIp HookTdi.sys

Device \FileSystem\RAW \Device\RawDisk HOOKHELP.sys
Device \FileSystem\RAW \Device\RawCdRom HOOKHELP.sys
Device \FileSystem\fastfat \Fat HOOKHELP.sys

AttachedDevice \FileSystem\fastfat \Fat fltmgr.sys (Microsoft Dateisystem-Filter-Manager/Microsoft Corporation)

Device \FileSystem\Fs_Rec \FileSystem\ExFatRecognizer HOOKHELP.sys
Device \FileSystem\Fs_Rec \FileSystem\UdfsCdRomRecognizer HOOKHELP.sys
Device \FileSystem\Fs_Rec \FileSystem\FatCdRomRecognizer HOOKHELP.sys
Device \FileSystem\Fs_Rec \FileSystem\CdfsRecognizer HOOKHELP.sys
Device \FileSystem\Fs_Rec \FileSystem\FatDiskRecognizer HOOKHELP.sys
Device \FileSystem\Fs_Rec \FileSystem\UdfsDiskRecognizer HOOKHELP.sys
Device \FileSystem\cdfs \Cdfs HOOKHELP.sys

---- EOF - GMER 1.0.15 ----

cosinus 17.03.2012 15:58
Bitte nun routinemäßig einen Vollscan mit malwarebytes machen und Log posten. =>ALLE lokalen Datenträger (außer CD/DVD) überprüfen lassen!
Denk daran, dass Malwarebytes vor jedem Scan manuell aktualisiert werden muss! Außerdem müssen alle Funde entfernt werden.

Falls Logs aus älteren Scans mit Malwarebytes vorhanden sind, bitte auch davon alle posten!



ESET Online Scanner

  • Hier findest du eine bebilderte Anleitung zu ESET Online Scanner
  • Lade und starte Eset Online Scanner
  • Setze einen Haken bei Ja, ich bin mit den Nutzungsbedingungen einverstanden und klicke auf Starten.
  • Aktiviere die "Erkennung von eventuell unerwünschten Anwendungen" und wähle folgende Einstellungen.
  • Klicke auf Starten.
  • Die Signaturen werden heruntergeladen, der Scan beginnt automatisch.
  • Klicke am Ende des Suchlaufs auf Fertig stellen.
  • Schließe das Fenster von ESET.
  • Explorer öffnen.
  • C:\Programme\Eset\EsetOnlineScanner\log.txt (bei 64 Bit auch C:\Programme (x86)\Eset\EsetOnlineScanner\log.txt) suchen und mit Deinem Editor öffnen (bebildert).
  • Logfile hier posten.
  • Deinstallation: Systemsteuerung => Software / Programme deinstallieren => Eset Online Scanner V3 entfernen.
  • Manuell folgenden Ordner löschen und Papierkorb leeren => C:\Programme\Eset





Bitte alles nach Möglichkeit hier in CODE-Tags posten.

Wird so gemacht:

[code] hier steht das Log [/code]

Und das ganze sieht dann so aus:

Code:
hier steht das Log

rivkah 18.03.2012 19:02
Hallo,
vielen Dank für die schnelle Antwort. Die Scans dauerten leider etwas länger, Firefox hat sich geweigert Malwarebytes runterzuladen.

Hier der MalwareBytesScan:
Code:
Malwarebytes Anti-Malware 1.60.1.1000
www.malwarebytes.org

Datenbank Version: v2012.03.18.02

Windows Vista Service Pack 2 x86 NTFS
Internet Explorer 8.0.6001.19190
Rebekka :: REBEKKA-PC [Administrator]

18.03.2012 14:23:30
mbam-log-2012-03-18 (14-23-30).txt

Art des Suchlaufs: Vollständiger Suchlauf
Aktivierte Suchlaufeinstellungen: Speicher | Autostart | Registrierung | Dateisystem | Heuristiks/Extra | HeuristiKs/Shuriken | PUP | PUM
Deaktivierte Suchlaufeinstellungen: P2P
Durchsuchte Objekte: 358247
Laufzeit: 2 Stunde(n), 20 Minute(n), 26 Sekunde(n)

Infizierte Speicherprozesse: 0
(Keine bösartigen Objekte gefunden)

Infizierte Speichermodule: 0
(Keine bösartigen Objekte gefunden)

Infizierte Registrierungsschlüssel: 0
(Keine bösartigen Objekte gefunden)

Infizierte Registrierungswerte: 0
(Keine bösartigen Objekte gefunden)

Infizierte Dateiobjekte der Registrierung: 0
(Keine bösartigen Objekte gefunden)

Infizierte Verzeichnisse: 0
(Keine bösartigen Objekte gefunden)

Infizierte Dateien: 1
C:\Users\Rebekka\AppData\Roaming\Sun\{6C7F4AFA-6826-4E93-BEA6-C57F44B93611}\UpgradeHelper.exe (Trojan.Agent) -> Erfolgreich gelöscht und in Quarantäne gestellt.

(Ende)

Und hier der erneute Eset-Scan, ich erhalte nicht wie in der Anleitung ein logfile, sondern nur einen Bericht über die Ergebnisse.

Code:
Operating memory        a variant of Win32/Gataka.A trojan

cosinus 19.03.2012 16:45
Malwarebytes erstellt bei jedem Scanvorgang genau ein Log. Hast du in der Vergangenheit schonmal mit Malwarebytes gescannt?
Wenn ja dann stehen auch alle Logs zu jedem Scanvorgang im Reiter Logdateien. Bitte alle posten, die dort sichtbar sind.

rivkah 19.03.2012 19:03
Habe vorher noch nicht mit Malwarebytes gescannt. Habe noch folgende Scans:

Rising Antivirus Virus Log:
Code:
Datum                                                          Threat Name                                                    Risk Level                                                      Threat Description                                              Action Taken                                                    Path                                                           
2012-03-14 22:29:31                                            Trojan.Win32.Generic.12B3F307                                  High                                                            Trojan                                                          File deleted                                                    C:\works8.5_spanish\msworks\PSS\msicu.exe                     
2012-03-14 22:28:18                                            Trojan.Win32.Generic.12B3F307                                  High                                                            Trojan                                                          File deleted                                                    C:\works8.5_italian\msworks\PSS\msicu.exe                     
2012-03-14 22:27:41                                            Trojan.Win32.Generic.11E726FC                                  High                                                            Trojan                                                          File deleted                                                    C:\works8.5_german\msworks\Redist\IE6\setupnt.cab>>Url.dll     
2012-03-14 22:27:26                                            Trojan.Win32.Generic.11E726FC                                  High                                                            Trojan                                                          File deleted                                                    C:\works8.5_german\msworks\Redist\IE6\iew2k_4.cab>>url.dll     
2012-03-14 22:27:04                                            Trojan.Win32.Generic.12B3F307                                  High                                                            Trojan                                                          File deleted                                                    C:\works8.5_german\msworks\PSS\msicu.exe                       
2012-03-14 22:25:49                                            Trojan.Win32.Generic.12B3F307                                  High                                                            Trojan                                                          File deleted                                                    C:\works8.5_french\msworks\PSS\msicu.exe                       
2012-03-14 22:24:32                                            Trojan.Win32.Generic.12B3F307                                  High                                                            Trojan                                                          File deleted                                                    C:\works8.5_english\msworks\PSS\MSICU.EXE                     
2012-03-15 13:27:43                                            Trojan.Win32.Generic.1273D2DC                                  High                                                            Trojan                                                          File deleted                                                    C:\WINDOWS\SYSTEM32\DRIVERS\UTQYNTYX.SYS                       
2012-03-15 13:27:38                                            Trojan.Win32.Generic.1273D2DC                                  High                                                            Trojan                                                          File deleted                                                    C:\WINDOWS\SYSTEM32\DRIVERS\UTQYNTYX.SYS
Ein Rising Antivirus Trojan Defense Log:
Code:
Datum                                                          Created By                                                      Rule ID                                                        Process                                                        Related file(s)                                                Action Taken                                                   
2012-03-18 14:17:31                                            Trojan defense                                                  536870918                                                      C:\USERS\REBEKKA\DESKTOP\MBAM-SETUP-1.60.1.1000 (1).EXE;C:\USERS\REBEKKA\APPDATA\LOCAL\TEMP\IS-HTADK.TMP\MBAM-SETUP-1.60.1.1000 (1).TMP;--                                                              Allow                                                         
2012-03-16 16:41:16                                            Trojan defense                                                  268435458                                                      C:\USERS\REBEKKA\DESKTOP\BHLLSLVU.EXE;                          --                                                              Allow                                                         
2012-03-16 16:29:06                                            Trojan defense                                                  268435459                                                      C:\USERS\REBEKKA\APPDATA\LOCAL\TEMP\NST99F7.TMP\MBR.DAT;        --                                                              End process and cancel delete                                 
2012-03-16 16:28:10                                            Trojan defense                                                  268435459                                                      C:\USERS\REBEKKA\APPDATA\LOCAL\TEMP\NST99F7.TMP\MBR.DAT;        --                                                              Auto-Protect                                                   
2012-03-15 19:40:06                                            Trojan defense                                                  536870940                                                      C:\WINDOWS\SYSTEM32\CMD.EXE;                                    --                                                              Auto-Protect                                                   
2012-03-15 18:53:18                                            Trojan defense                                                  536870918                                                      C:\PROGRAM FILES\HP\DIGITAL IMAGING\BIN\HPQTRA08.EXE;          --                                                              End process and cancel delete                                 
2012-03-14 23:59:29                                            Trojan defense                                                  536870918                                                      C:\PROGRAM FILES\MOZILLA FIREFOX\FIREFOX.EXE;C:\PROGRAM FILES\MOZILLA FIREFOX\PLUGIN-CONTAINER.EXE;--                                                              End process and cancel delete                                 
2012-03-14 23:06:09                                            Trojan defense                                                  268435463                                                      C:\USERS\REBEKKA\APPDATA\ROAMING\SUN\{6C7F4AFA-6826-4E93-BEA6-C57F44B93611}\UPGRADEHELPER.EXE;--                                                              Auto-Protect                                                   
2012-03-14 21:23:36                                            Trojan defense                                                  536870918                                                      C:\PROGRAM FILES\MOZILLA FIREFOX\FIREFOX.EXE;C:\PROGRAM FILES\MOZILLA FIREFOX\PLUGIN-CONTAINER.EXE;--                                                              Auto-Protect                                                   
2012-03-12 15:38:54                                            Trojan defense                                                  536870918                                                      C:\WINDOWS\SYSTEM32\RUNDLL32.EXE;C:\PROGRAM FILES\COMMON FILES\JAVA\JAVA UPDATE\JUSCHED.EXE;--                                                              Auto-Protect                                                   
2012-03-04 22:16:15                                            Trojan defense                                                  536870918                                                      C:\WINDOWS\SYSTEM32\RUNDLL32.EXE;C:\PROGRAM FILES\HP\DIGITAL IMAGING\BIN\HPQTRA08.EXE;--                                                              Auto-Protect                                                   
2012-03-03 22:43:45                                            Trojan defense                                                  536870918                                                      C:\PROGRAM FILES\CALIBRE2\CALIBRE.EXE;C:\PROGRAM FILES\CALIBRE2\CALIBRE-PARALLEL.EXE;C:\PROGRAM FILES\CALIBRE2\CALIBRE-PARALLEL.EXE;C:\PROGRAM FILES\CALIBRE2\CALIBRE-PARALLEL.EXE;C:\PROGRAM FILES\CALIBRE2\CALIBRE-PARALLEL.EXE;--                                                              Trust                                                         
2012-03-03 22:43:14                                            Trojan defense                                                  536870918                                                      C:\PROGRAM FILES\CALIBRE2\CALIBRE.EXE;C:\PROGRAM FILES\CALIBRE2\CALIBRE-PARALLEL.EXE;C:\PROGRAM FILES\CALIBRE2\CALIBRE-PARALLEL.EXE;C:\PROGRAM FILES\CALIBRE2\CALIBRE-PARALLEL.EXE;C:\PROGRAM FILES\CALIBRE2\CALIBRE-PARALLEL.EXE;C:\PROGRAM FILES\CALIBRE2\CALIBRE-PARALLEL.EXE;C:\PROGRAM FILES\CALIBRE2\CALIBRE-PARALLEL.EXE;C:\PROGRAM FILES\CALIBRE2\CALIBRE.EXE;                          Trust                                                         
2012-03-03 22:37:23                                            Trojan defense                                                  536870918                                                      C:\PROGRAM FILES\CALIBRE2\CALIBRE.EXE;C:\PROGRAM FILES\CALIBRE2\CALIBRE-PARALLEL.EXE;C:\PROGRAM FILES\CALIBRE2\CALIBRE.EXE;                          Quarantine and delete                                         
2012-03-03 22:36:17                                            Trojan defense                                                  536870918                                                      C:\PROGRAM FILES\CALIBRE2\CALIBRE-PARALLEL.EXE;C:\PROGRAM FILES\CALIBRE2\CALIBRE.EXE;--                                                              Quarantine and delete                                         
2012-03-03 20:33:54                                            Trojan defense                                                  536870918                                                      C:\PROGRAM FILES\MOZILLA FIREFOX\FIREFOX.EXE;C:\PROGRAM FILES\MOZILLA FIREFOX\PLUGIN-CONTAINER.EXE;--                                                              Quarantine and delete                                         
2012-03-03 19:37:13                                            Trojan defense                                                  536870918                                                      C:\WINDOWS\SYSTEM32\RUNDLL32.EXE;C:\PROGRAM FILES\MOZILLA FIREFOX\FIREFOX.EXE;--                                                              Auto-Protect
TrojanRemoverScanlog und EmergencyKit 1.0 Scanlog (2x) befinden sich im Anhang.

PS: Ich hatte beim Defogger nie auf Reenable geklickt- jetzt ist das Fenster weg...muss ich da noch was tun?

cosinus 19.03.2012 19:08
Mach bitte ein neues OTL-Log. Bitte alles nach Möglichkeit hier in CODE-Tags posten.

Wird so gemacht:

[code] hier steht das Log [/code]

Und das ganze sieht dann so aus:

Code:
hier steht das Log
CustomScan mit OTL

Falls noch nicht vorhanden, lade Dir bitte OTL von Oldtimer herunter und speichere es auf Deinem Desktop
Code:
netsvcs
msconfig
safebootminimal
safebootnetwork
activex
drivers32
%ALLUSERSPROFILE%\Application Data\*.
%ALLUSERSPROFILE%\Application Data\*.exe /s
%APPDATA%\*.
%APPDATA%\*.exe /s
%SYSTEMDRIVE%\*.exe
/md5start
wininit.exe
userinit.exe
eventlog.dll
scecli.dll
netlogon.dll
cngaudit.dll
ws2ifsl.sys
sceclt.dll
ntelogon.dll
winlogon.exe
logevent.dll
user32.DLL
iaStor.sys
nvstor.sys
atapi.sys
IdeChnDr.sys
viasraid.sys
AGP440.sys
vaxscsi.sys
nvatabus.sys
viamraid.sys
nvata.sys
nvgts.sys
iastorv.sys
ViPrt.sys
eNetHook.dll
ahcix86.sys
KR10N.sys
nvstor32.sys
ahcix86s.sys
/md5stop
%systemroot%\system32\drivers\*.sys /lockedfiles
%systemroot%\System32\config\*.sav
%systemroot%\*. /mp /s
%systemroot%\system32\*.dll /lockedfiles
CREATERESTOREPOINT

rivkah 19.03.2012 21:05
Hier der OTL Scan:
Code:
OTL logfile created on: 19.03.2012 20:37:28 - Run 1
OTL by OldTimer - Version 3.2.39.1    Folder = C:\Users\Rebekka\Desktop
Windows Vista Home Premium Edition Service Pack 2 (Version = 6.0.6002) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.19190)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
 
1,97 Gb Total Physical Memory | 1,09 Gb Available Physical Memory | 55,40% Memory free
4,16 Gb Paging File | 2,95 Gb Available in Paging File | 70,91% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 43,95 Gb Total Space | 3,67 Gb Free Space | 8,34% Space Free | Partition Type: NTFS
Drive D: | 181,13 Gb Total Space | 148,88 Gb Free Space | 82,19% Space Free | Partition Type: NTFS
 
Computer Name: REBEKKA-PC | User Name: Rebekka | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users | Quick Scan
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days
 
========== Processes (SafeList) ==========
 
PRC - [2012.03.19 20:31:55 | 000,594,432 | ---- | M] (OldTimer Tools) -- C:\Users\Rebekka\Desktop\OTL.exe
PRC - [2011.11.30 18:35:32 | 000,150,168 | ---- | M] (Beijing Rising Information Technology Co., Ltd.) -- C:\Program Files\Rising\RSD\RsMgrSvc.exe
PRC - [2011.11.18 12:33:28 | 000,123,856 | ---- | M] (Beijing Rising Information Technology Co., Ltd.) -- C:\Program Files\Rising\RSD\popwndexe.exe
PRC - [2011.09.07 20:35:37 | 000,178,840 | ---- | M] (Beijing Rising Information Technology Co., Ltd.) -- C:\Program Files\Rising\Rav\RsTray.exe
PRC - [2011.04.29 18:11:16 | 000,264,448 | ---- | M] (Beijing Rising Information Technology Co., Ltd.) -- C:\Program Files\Rising\Rav\RavMonD.exe
PRC - [2010.09.27 11:58:24 | 001,528,616 | ---- | M] (Cisco Systems, Inc.) -- C:\Program Files\Cisco Systems\VPN Client\cvpnd.exe
PRC - [2009.05.06 18:57:20 | 006,806,784 | ---- | M] (Foxit Software Company) -- C:\Program Files\Foxit Software\Foxit Reader\Foxit Reader.exe
PRC - [2009.04.11 07:27:36 | 002,926,592 | ---- | M] (Microsoft Corporation) -- C:\Windows\explorer.exe
PRC - [2009.04.11 07:27:28 | 000,069,120 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\conime.exe
PRC - [2008.08.27 02:02:32 | 000,708,608 | ---- | M] (Mirco-Star International  CO., LTD.) -- C:\Program Files\System Control Manager\MGSysCtrl.exe
PRC - [2008.08.27 00:52:14 | 000,159,744 | ---- | M] () -- C:\Program Files\System Control Manager\MSIService.exe
PRC - [2008.07.23 02:03:50 | 006,253,088 | ---- | M] (Realtek Semiconductor) -- C:\Windows\RtHDVCpl.exe
PRC - [2008.02.22 18:04:42 | 002,938,184 | ---- | M] (TOSHIBA CORPORATION.) -- C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosBtMng.exe
PRC - [2008.01.23 04:13:08 | 000,288,072 | ---- | M] (TOSHIBA CORPORATION.) -- C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosBtHSP.exe
PRC - [2008.01.21 03:23:32 | 001,008,184 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Windows Defender\MSASCui.exe
PRC - [2007.10.29 22:30:14 | 000,278,528 | ---- | M] (TOSHIBA CORPORATION.) -- C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosA2dp.exe
PRC - [2007.10.05 02:39:42 | 000,077,824 | ---- | M] (TOSHIBA CORPORATION.) -- C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosBtHid.exe
PRC - [2007.09.29 00:05:16 | 000,128,360 | ---- | M] (TOSHIBA CORPORATION) -- C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosBtSrv.exe
PRC - [2007.08.31 10:49:50 | 000,243,064 | ---- | M] (Symantec Corporation) -- C:\Program Files\Symantec\LiveUpdate\AluSchedulerSvc.exe
PRC - [2007.01.17 22:34:18 | 000,634,880 | ---- | M] (Motorola Inc.) -- C:\Program Files\Motorola\SMSERIAL\sm56hlpr.exe
 
 
========== Modules (No Company Name) ==========
 
MOD - [2008.08.25 19:47:16 | 000,192,512 | ---- | M] () -- C:\Program Files\System Control Manager\MSIWmiAcpi.dll
MOD - [2008.07.18 21:39:04 | 000,053,248 | ---- | M] () -- C:\Program Files\System Control Manager\MGKBHook.dll
MOD - [2006.09.14 07:20:24 | 000,126,464 | ---- | M] () -- C:\Program Files\WinRAR 3.61 Multi\RarExt.dll
MOD - [2005.07.23 05:30:18 | 000,065,536 | ---- | M] () -- C:\Windows\System32\TosCommAPI.dll
 
 
========== Win32 Services (SafeList) ==========
 
SRV - [2011.11.30 18:35:32 | 000,150,168 | ---- | M] (Beijing Rising Information Technology Co., Ltd.) [Auto | Running] -- C:\Program Files\Rising\RSD\RsMgrSvc.exe -- (RsMgrSvc)
SRV - [2011.04.29 18:11:16 | 000,264,448 | ---- | M] (Beijing Rising Information Technology Co., Ltd.) [Auto | Running] -- C:\Program Files\Rising\Rav\RavMonD.exe -- (RsRavMon)
SRV - [2010.09.27 11:58:24 | 001,528,616 | ---- | M] (Cisco Systems, Inc.) [Auto | Running] -- C:\Program Files\Cisco Systems\VPN Client\cvpnd.exe -- (CVPND)
SRV - [2008.08.27 00:52:14 | 000,159,744 | ---- | M] () [Auto | Running] -- C:\Program Files\System Control Manager\MSIService.exe -- (Micro Star SCM)
SRV - [2008.01.21 03:23:32 | 000,272,952 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files\Windows Defender\MpSvc.dll -- (WinDefend)
SRV - [2007.09.29 00:05:16 | 000,128,360 | ---- | M] (TOSHIBA CORPORATION) [Auto | Running] -- C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosBtSrv.exe -- (TOSHIBA Bluetooth Service)
SRV - [2007.08.31 10:49:50 | 000,243,064 | ---- | M] (Symantec Corporation) [Auto | Running] -- C:\Program Files\Symantec\LiveUpdate\AluSchedulerSvc.exe -- (Automatic LiveUpdate Scheduler)
SRV - [2007.08.23 13:35:00 | 003,192,184 | ---- | M] (Symantec Corporation) [On_Demand | Stopped] -- C:\Program Files\Symantec\LiveUpdate\LuComServer_3_4.EXE -- (LiveUpdate)
 
 
========== Driver Services (SafeList) ==========
 
DRV - File not found [Kernel | On_Demand | Stopped] -- system32\DRIVERS\SymIM.sys -- (SymIMMP)
DRV - File not found [Kernel | On_Demand | Stopped] -- system32\DRIVERS\nwlnkfwd.sys -- (NwlnkFwd)
DRV - File not found [Kernel | On_Demand | Stopped] -- system32\DRIVERS\nwlnkflt.sys -- (NwlnkFlt)
DRV - File not found [Kernel | On_Demand | Stopped] -- system32\DRIVERS\ipinip.sys -- (IpInIp)
DRV - [2011.12.12 13:52:45 | 000,173,336 | ---- | M] (Beijing Rising Information Technology Co., Ltd.) [Kernel | System | Running] -- C:\Windows\System32\drivers\Hooksys.sys -- (hooksys)
DRV - [2011.09.03 15:57:40 | 000,017,336 | ---- | M] (Beijing Rising Information Technology Co., Ltd.) [Kernel | Auto | Running] -- C:\Windows\System32\drivers\protreg.sys -- (rsdsys)
DRV - [2011.04.29 18:11:19 | 000,031,896 | ---- | M] (Beijing Rising Information Technology Co., Ltd.) [Kernel | System | Running] -- C:\Windows\System32\drivers\hvm.sys -- (HyperVM)
DRV - [2011.04.29 18:11:16 | 000,023,576 | ---- | M] (Beijing Rising Information Technology Co., Ltd.) [Kernel | System | Running] -- C:\Windows\System32\drivers\HookTdi.sys -- (HookTdi)
DRV - [2010.09.27 11:56:00 | 000,308,859 | ---- | M] (Cisco Systems, Inc.) [Kernel | Auto | Running] -- C:\Windows\System32\drivers\CVPNDRVA.sys -- (CVPNDRVA)
DRV - [2009.04.27 21:46:16 | 000,272,432 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\ProgramData\Symantec\Definitions\SymcData\ipsdefs\20090625.001\IDSvix86.sys -- (IDSvix86)
DRV - [2008.11.16 18:39:44 | 000,131,984 | ---- | M] (Deterministic Networks, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\dne2000.sys -- (DNE)
DRV - [2008.04.29 09:54:58 | 000,054,784 | ---- | M] (ENE TECHNOLOGY INC.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\enecir.sys -- (enecir)
DRV - [2008.04.28 16:09:46 | 000,995,328 | ---- | M] (NXP Semiconductors Germany GmbH) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\PKWCap.sys -- (PKWCap)
DRV - [2008.04.28 11:42:54 | 000,449,024 | ---- | M] (AfaTech                  ) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\AF15BDA.sys -- (AF15BDA)
DRV - [2008.04.27 23:29:26 | 003,658,752 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\NETw5v32.sys -- (NETw5v32) Intel(R)
DRV - [2008.03.26 07:48:00 | 000,766,464 | ---- | M] (Atheros Communications, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\athr.sys -- (athr)
DRV - [2008.02.15 23:01:06 | 000,131,712 | ---- | M] (TOSHIBA CORPORATION) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\tosrfbd.sys -- (tosrfbd)
DRV - [2008.02.14 07:56:02 | 000,118,784 | ---- | M] (Realtek Corporation                                            ) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\Rtlh86.sys -- (RTL8169)
DRV - [2008.01.31 23:55:06 | 000,074,240 | ---- | M] (TOSHIBA Corporation.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\Tosrfhid.sys -- (Tosrfhid)
DRV - [2008.01.23 04:57:48 | 000,054,144 | ---- | M] (TOSHIBA Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\TosRfSnd.sys -- (TosRfSnd)
DRV - [2007.11.29 17:45:44 | 000,036,608 | ---- | M] (TOSHIBA Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\tosrfbnp.sys -- (tosrfbnp)
DRV - [2007.10.18 22:25:00 | 000,041,856 | ---- | M] (TOSHIBA CORPORATION) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\tosrfusb.sys -- (Tosrfusb)
DRV - [2007.10.02 19:43:22 | 000,064,128 | ---- | M] (TOSHIBA Corporation) [Kernel | System | Running] -- C:\Windows\System32\drivers\tosrfcom.sys -- (Tosrfcom)
DRV - [2007.01.18 20:28:02 | 000,005,275 | ---- | M] (Cisco Systems, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\CVirtA.sys -- (CVirtA)
DRV - [2007.01.17 22:38:52 | 000,983,936 | ---- | M] (Motorola Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\smserial.sys -- (smserial)
DRV - [2006.10.11 03:33:00 | 000,041,600 | ---- | M] (TOSHIBA Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\tosporte.sys -- (tosporte)
DRV - [2005.01.07 13:42:00 | 000,018,612 | ---- | M] (TOSHIBA Corporation.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\tosrfnds.sys -- (tosrfnds)
 
 
========== Standard Registry (SafeList) ==========
 
 
========== Internet Explorer ==========
 
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://www.msi.com.tw
IE - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://search.live.com/results.aspx?q={searchTerms}&src={referrer:source?}
 
 
IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
 
IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
 
 
 
IE - HKU\S-1-5-21-2882153462-3320562554-2162167854-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://www.msi.com.tw
IE - HKU\S-1-5-21-2882153462-3320562554-2162167854-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://global.nytimes.com/?iht
IE - HKU\S-1-5-21-2882153462-3320562554-2162167854-1000\SOFTWARE\Microsoft\Internet Explorer\Main,StartPageCache = 1
IE - HKU\S-1-5-21-2882153462-3320562554-2162167854-1000\..\SearchScopes,DefaultScope = {CF739809-1C6C-47C0-85B9-569DBB141420}
IE - HKU\S-1-5-21-2882153462-3320562554-2162167854-1000\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://search.live.com/results.aspx?q={searchTerms}&src=IE-SearchBox&Form=IE8SRC
IE - HKU\S-1-5-21-2882153462-3320562554-2162167854-1000\..\SearchScopes\{CF739809-1C6C-47C0-85B9-569DBB141420}: "URL" = hxxp://toolbar.ask.com/toolbarv/askRedirect?gct=&gc=1&q={searchTerms}&crm=1&toolbar=FXT
IE - HKU\S-1-5-21-2882153462-3320562554-2162167854-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKU\S-1-5-21-2882153462-3320562554-2162167854-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local
 
========== FireFox ==========
 
FF - prefs.js..browser.search.update: false
FF - prefs.js..browser.search.useDBForOrder: true
FF - prefs.js..browser.startup.homepage: "hxxp://global.nytimes.com/?iht"
FF - prefs.js..extensions.enabledItems: {44d0a1b4-9c90-4f86-ac92-8680b5d6549e}:0.6.4.3
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA}:6.0.22
FF - prefs.js..extensions.enabledItems: {B13721C7-F507-4982-B2E5-502A71474FED}:3.3.0.3971
FF - prefs.js..keyword.URL: "hxxp://toolbar.ask.com/toolbarv/askRedirect?o=101699&gct=&gc=1&q="
FF - user.js - File not found
 
FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF32.dll ()
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=:  File not found
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=1.0: C:\Program Files\iTunes\Mozilla Plugins\npitunes.dll ()
FF - HKLM\Software\MozillaPlugins\@divx.com/DivX Browser Plugin,version=1.0.0: C:\Program Files\DivX\DivX Plus Web Player\npdivx32.dll (DivX,Inc.)
FF - HKLM\Software\MozillaPlugins\@divx.com/DivX VOD Helper,version=1.0.0: C:\Program Files\DivX\DivX OVS Helper\npovshelper.dll (DivX, LLC.)
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files\Java\jre6\bin\new_plugin\npjp2.dll (Sun Microsystems, Inc.)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WPF,version=3.5: C:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)
 
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\smartwebprinting@hp.com: C:\Program Files\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3 [2010.01.13 20:06:08 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 11.0\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2012.03.14 23:49:24 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 11.0\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2011.08.18 15:43:28 | 000,000,000 | ---D | M]
FF - HKEY_CURRENT_USER\software\mozilla\Firefox\Extensions\\smartwebprinting@hp.com: C:\Program Files\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3 [2010.01.13 20:06:08 | 000,000,000 | ---D | M]
 
[2009.05.06 18:48:05 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Rebekka\AppData\Roaming\mozilla\Extensions
[2011.12.14 23:36:40 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Rebekka\AppData\Roaming\mozilla\Firefox\Profiles\gsyu7wrg.default\extensions
[2009.06.29 21:54:53 | 000,001,900 | ---- | M] () -- C:\Users\Rebekka\AppData\Roaming\Mozilla\Firefox\Profiles\gsyu7wrg.default\searchplugins\google-scholar.xml
[2009.06.29 21:56:28 | 000,001,942 | ---- | M] () -- C:\Users\Rebekka\AppData\Roaming\Mozilla\Firefox\Profiles\gsyu7wrg.default\searchplugins\mycroft-project.xml
[2012.03.14 23:49:24 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files\Mozilla Firefox\extensions
() (No name found) -- C:\USERS\REBEKKA\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\GSYU7WRG.DEFAULT\EXTENSIONS\GMAIL@BORSOSFISOFT.COM.XPI
[2012.03.13 05:38:06 | 000,097,208 | ---- | M] (Mozilla Foundation) -- C:\Program Files\mozilla firefox\components\browsercomps.dll
[2011.02.02 20:40:24 | 000,472,808 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files\mozilla firefox\plugins\npdeployJava1.dll
[2010.04.06 22:27:40 | 000,075,208 | ---- | M] (Foxit Software Company) -- C:\Program Files\mozilla firefox\plugins\npFoxitReaderPlugin.dll
[2012.03.13 06:23:34 | 000,001,392 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\amazondotcom-de.xml
[2012.03.13 06:06:36 | 000,002,252 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\bing.xml
[2012.03.13 06:23:34 | 000,001,153 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\eBay-de.xml
[2012.03.13 06:23:34 | 000,006,805 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\leo_ende_de.xml
[2012.03.13 06:23:34 | 000,001,178 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\wikipedia-de.xml
[2012.03.13 06:23:34 | 000,001,105 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\yahoo-de.xml
 
O1 HOSTS File: ([2006.09.18 22:41:30 | 000,000,761 | ---- | M]) - C:\Windows\System32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1      localhost
O1 - Hosts: ::1            localhost
O2 - BHO: (no name) - {602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} - No CLSID value found.
O3 - HKLM\..\Toolbar: (no name) - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - No CLSID value found.
O3 - HKU\S-1-5-21-2882153462-3320562554-2162167854-1000\..\Toolbar\WebBrowser: (no name) - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - No CLSID value found.
O4 - HKLM..\Run: [ITSecMng] C:\Program Files\TOSHIBA\Bluetooth Toshiba Stack\ItSecMng.exe ( TOSHIBA CORPORATION)
O4 - HKLM..\Run: [MGSysCtrl] C:\Program Files\System Control Manager\MGSysCtrl.exe (Mirco-Star International  CO., LTD.)
O4 - HKLM..\Run: [RavTRAY] C:\Program Files\Rising\RAV\RSTRAY.EXE (Beijing Rising Information Technology Co., Ltd.)
O4 - HKLM..\Run: [RtHDVCpl] C:\Windows\RtHDVCpl.exe (Realtek Semiconductor)
O4 - HKLM..\Run: [SMSERIAL] C:\Program Files\Motorola\SMSERIAL\sm56hlpr.exe (Motorola Inc.)
O4 - HKLM..\Run: [Windows Defender] C:\Program Files\Windows Defender\MSASCui.exe (Microsoft Corporation)
O4 - HKU\S-1-5-19..\Run: [WindowsWelcomeCenter] C:\Windows\System32\oobefldr.dll (Microsoft Corporation)
O4 - HKU\S-1-5-20..\Run: [WindowsWelcomeCenter] C:\Windows\System32\oobefldr.dll (Microsoft Corporation)
O4 - HKU\S-1-5-21-2882153462-3320562554-2162167854-1000..\Run: [LicenseValidator] C:\Users\Rebekka\AppData\Roaming\Identities\{B567FB2C-F497-48B6-A9FC-8646E2E5B9B0}\LicenseValidator.exe ()
O7 - HKU\S-1-5-21-2882153462-3320562554-2162167854-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O10 - NameSpace_Catalog5\Catalog_Entries\000000000007 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)
O13 - gopher Prefix: missing
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_24-windows-i586.cab (Java Plug-in 1.6.0_24)
O16 - DPF: {CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_24-windows-i586.cab (Java Plug-in 1.6.0_24)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.2.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{5FC69EB0-6B5A-4BB6-9711-93CAA4F8145A}: DhcpNameServer = 192.168.2.1
O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files\Common Files\Skype\Skype4COM.dll (Skype Technologies)
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\System32\userinit.exe (Microsoft Corporation)
O24 - Desktop WallPaper: D:\pictures\Krakau 2010-2\P1050815.JPG
O24 - Desktop BackupWallPaper: D:\pictures\Krakau 2010-2\P1050815.JPG
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2006.09.18 22:43:36 | 000,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ]
O33 - MountPoints2\{82d6eae0-25fa-11e1-a06c-002185dc2309}\Shell - "" = AutoRun
O33 - MountPoints2\{82d6eae0-25fa-11e1-a06c-002185dc2309}\Shell\AutoRun\command - "" = G:\Setup.exe
O33 - MountPoints2\{9255f386-6247-11de-9add-002185dc2309}\Shell\AutoRun\command - "" = F:\scene.exe 1
O33 - MountPoints2\{9255f386-6247-11de-9add-002185dc2309}\Shell\explore\Command - "" = F:\scene.exe 1
O33 - MountPoints2\{9255f386-6247-11de-9add-002185dc2309}\Shell\open\Command - "" = F:\scene.exe 1
O33 - MountPoints2\{9255f386-6247-11de-9add-002185dc2309}\Shell\Scan\Command - "" = F:\scene.exe 2
O34 - HKLM BootExecute: (autocheck autochk *)
O34 - HKLM BootExecute: (bsmain)
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
 
NetSvcs: FastUserSwitchingCompatibility -  File not found
NetSvcs: Ias - C:\Windows\System32\ias.dll (Microsoft Corporation)
NetSvcs: Nla -  File not found
NetSvcs: Ntmssvc -  File not found
NetSvcs: NWCWorkstation -  File not found
NetSvcs: Nwsapagent -  File not found
NetSvcs: SRService -  File not found
NetSvcs: WmdmPmSp -  File not found
NetSvcs: LogonHours -  File not found
NetSvcs: PCAudit -  File not found
NetSvcs: helpsvc -  File not found
NetSvcs: uploadmgr -  File not found
 
MsConfig - StartUpFolder: C:^Users^Rebekka^AppData^Roaming^Microsoft^Windows^Start Menu^Programs^Startup^OneNote 2007 Bildschirmausschnitt- und Startprogramm.lnk - C:\Program Files\Microsoft Office\Office12\ONENOTEM.EXE - (Microsoft Corporation)
MsConfig - StartUpFolder: C:^Users^Rebekka^AppData^Roaming^Microsoft^Windows^Start Menu^Programs^Startup^OpenOffice.org 3.1.lnk - C:\Program Files\OpenOffice.org 3\program\quickstart.exe - ()
MsConfig - StartUpReg: DivXUpdate - hkey= - key= - C:\Program Files\DivX\DivX Update\DivXUpdate.exe ()
MsConfig - StartUpReg: iTunesHelper - hkey= - key= - C:\Program Files\iTunes\iTunesHelper.exe (Apple Inc.)
MsConfig - StartUpReg: QuickTime Task - hkey= - key= - C:\Program Files\QuickTime\QTTask.exe (Apple Inc.)
MsConfig - StartUpReg: TrojanScanner - hkey= - key= - C:\Program Files\Trojan Remover\Trjscan.exe (Simply Super Software)
MsConfig - State: "startup" - 2
 
SafeBootMin: AppMgmt - Service
SafeBootMin: Base - Driver Group
SafeBootMin: Boot Bus Extender - Driver Group
SafeBootMin: Boot file system - Driver Group
SafeBootMin: File system - Driver Group
SafeBootMin: Filter - Driver Group
SafeBootMin: HelpSvc - Service
SafeBootMin: NTDS -  File not found
SafeBootMin: PCI Configuration - Driver Group
SafeBootMin: PNP Filter - Driver Group
SafeBootMin: Primary disk - Driver Group
SafeBootMin: sacsvr - Service
SafeBootMin: SCSI Class - Driver Group
SafeBootMin: System Bus Extender - Driver Group
SafeBootMin: WinDefend - C:\Program Files\Windows Defender\MpSvc.dll (Microsoft Corporation)
SafeBootMin: {36FC9E60-C465-11CF-8056-444553540000} - Universal Serial Bus controllers
SafeBootMin: {4D36E965-E325-11CE-BFC1-08002BE10318} - CD-ROM Drive
SafeBootMin: {4D36E967-E325-11CE-BFC1-08002BE10318} - DiskDrive
SafeBootMin: {4D36E969-E325-11CE-BFC1-08002BE10318} - Standard floppy disk controller
SafeBootMin: {4D36E96A-E325-11CE-BFC1-08002BE10318} - Hdc
SafeBootMin: {4D36E96B-E325-11CE-BFC1-08002BE10318} - Keyboard
SafeBootMin: {4D36E96F-E325-11CE-BFC1-08002BE10318} - Mouse
SafeBootMin: {4D36E977-E325-11CE-BFC1-08002BE10318} - PCMCIA Adapters
SafeBootMin: {4D36E97B-E325-11CE-BFC1-08002BE10318} - SCSIAdapter
SafeBootMin: {4D36E97D-E325-11CE-BFC1-08002BE10318} - System
SafeBootMin: {4D36E980-E325-11CE-BFC1-08002BE10318} - Floppy disk drive
SafeBootMin: {533C5B84-EC70-11D2-9505-00C04F79DEAF} - Volume shadow copy
SafeBootMin: {6BDD1FC1-810F-11D0-BEC7-08002BE2092F} - IEEE 1394 Bus host controllers
SafeBootMin: {71A27CDD-812A-11D0-BEC7-08002BE2092F} - Volume
SafeBootMin: {745A17A0-74D3-11D0-B6FE-00A0C90F57DA} - Human Interface Devices
SafeBootMin: {D48179BE-EC20-11D1-B6B8-00C04FA372A7} - SBP2 IEEE 1394 Devices
SafeBootMin: {D94EE5D8-D189-4994-83D2-F68D7D41B0E6} - SecurityDevices
 
SafeBootNet: AppMgmt - Service
SafeBootNet: Base - Driver Group
SafeBootNet: Boot Bus Extender - Driver Group
SafeBootNet: Boot file system - Driver Group
SafeBootNet: File system - Driver Group
SafeBootNet: Filter - Driver Group
SafeBootNet: HelpSvc - Service
SafeBootNet: Messenger - Service
SafeBootNet: NDIS Wrapper - Driver Group
SafeBootNet: NetBIOSGroup - Driver Group
SafeBootNet: NetDDEGroup - Driver Group
SafeBootNet: Network - Driver Group
SafeBootNet: NetworkProvider - Driver Group
SafeBootNet: NTDS -  File not found
SafeBootNet: PCI Configuration - Driver Group
SafeBootNet: PNP Filter - Driver Group
SafeBootNet: PNP_TDI - Driver Group
SafeBootNet: Primary disk - Driver Group
SafeBootNet: rdsessmgr - Service
SafeBootNet: sacsvr - Service
SafeBootNet: SCSI Class - Driver Group
SafeBootNet: Streams Drivers - Driver Group
SafeBootNet: System Bus Extender - Driver Group
SafeBootNet: TDI - Driver Group
SafeBootNet: WinDefend - C:\Program Files\Windows Defender\MpSvc.dll (Microsoft Corporation)
SafeBootNet: WudfPf - Driver
SafeBootNet: WudfUsbccidDriver - Driver
SafeBootNet: {36FC9E60-C465-11CF-8056-444553540000} - Universal Serial Bus controllers
SafeBootNet: {4D36E965-E325-11CE-BFC1-08002BE10318} - CD-ROM Drive
SafeBootNet: {4D36E967-E325-11CE-BFC1-08002BE10318} - DiskDrive
SafeBootNet: {4D36E969-E325-11CE-BFC1-08002BE10318} - Standard floppy disk controller
SafeBootNet: {4D36E96A-E325-11CE-BFC1-08002BE10318} - Hdc
SafeBootNet: {4D36E96B-E325-11CE-BFC1-08002BE10318} - Keyboard
SafeBootNet: {4D36E96F-E325-11CE-BFC1-08002BE10318} - Mouse
SafeBootNet: {4D36E972-E325-11CE-BFC1-08002BE10318} - Net
SafeBootNet: {4D36E973-E325-11CE-BFC1-08002BE10318} - NetClient
SafeBootNet: {4D36E974-E325-11CE-BFC1-08002BE10318} - NetService
SafeBootNet: {4D36E975-E325-11CE-BFC1-08002BE10318} - NetTrans
SafeBootNet: {4D36E977-E325-11CE-BFC1-08002BE10318} - PCMCIA Adapters
SafeBootNet: {4D36E97B-E325-11CE-BFC1-08002BE10318} - SCSIAdapter
SafeBootNet: {4D36E97D-E325-11CE-BFC1-08002BE10318} - System
SafeBootNet: {4D36E980-E325-11CE-BFC1-08002BE10318} - Floppy disk drive
SafeBootNet: {50DD5230-BA8A-11D1-BF5D-0000F805F530} - Smart card readers
SafeBootNet: {533C5B84-EC70-11D2-9505-00C04F79DEAF} - Volume shadow copy
SafeBootNet: {6BDD1FC1-810F-11D0-BEC7-08002BE2092F} - IEEE 1394 Bus host controllers
SafeBootNet: {71A27CDD-812A-11D0-BEC7-08002BE2092F} - Volume
SafeBootNet: {745A17A0-74D3-11D0-B6FE-00A0C90F57DA} - Human Interface Devices
SafeBootNet: {D48179BE-EC20-11D1-B6B8-00C04FA372A7} - SBP2 IEEE 1394 Devices
SafeBootNet: {D94EE5D8-D189-4994-83D2-F68D7D41B0E6} - SecurityDevices
 
ActiveX: {05466845-FF44-4671-92C1-A5FD0F9EEE1C} - Microsoft Reader
ActiveX: {08B0E5C0-4FCB-11CF-AAA5-00401C608500} - Java (Sun)
ActiveX: {2179C5D3-EBFF-11CF-B6FD-00AA00B4E220} -
ActiveX: {22d6f312-b0f6-11d0-94ab-0080c74c7e95} - Microsoft Windows Media Player 11.0
ActiveX: {25FFAAD0-F4A3-4164-95FF-4461E9F35D51} - .NET Framework
ActiveX: {2C7339CF-2B09-4501-B3F3-F3508C9228ED} - %SystemRoot%\system32\regsvr32.exe /s /n /i:/UserInstall %SystemRoot%\system32\themeui.dll
ActiveX: {3af36230-a269-11d1-b5bf-0000f8051515} - Offline Browsing Pack
ActiveX: {44BBA840-CC51-11CF-AAFA-00AA00B6015C} - "%ProgramFiles%\Windows Mail\WinMail.exe" OCInstallUserConfigOE
ActiveX: {44BBA848-CC51-11CF-AAFA-00AA00B6015C} -
ActiveX: {44BBA855-CC51-11CF-AAFA-00AA00B6015F} - DirectDrawEx
ActiveX: {45ea75a0-a269-11d1-b5bf-0000f8051515} - Internet Explorer Help
ActiveX: {4f645220-306d-11d2-995d-00c04f98bbc9} - Microsoft Windows Script 5.8
ActiveX: {5A604D2C-E968-429B-8327-62B5CE52126D} - .NET Framework
ActiveX: {5fd399c0-a70a-11d1-9948-00c04f98bbc9} - Internet Explorer Setup Tools
ActiveX: {630b1da0-b465-11d1-9948-00c04f98bbc9} - Browsing Enhancements
ActiveX: {6BF52A52-394A-11d3-B153-00C04F79FAA6} - Microsoft Windows Media Player
ActiveX: {6fab99d0-bab8-11d1-994a-00c04f98bbc9} - MSN Site Access
ActiveX: {7790769C-0471-11d2-AF11-00C04FA35D02} - Address Book 7
ActiveX: {7C028AF8-F614-47B3-82DA-BA94E41B1089} - .NET Framework
ActiveX: {89820200-ECBD-11cf-8B85-00AA005B4340} - regsvr32.exe /s /n /i:U shell32.dll
ActiveX: {89820200-ECBD-11cf-8B85-00AA005B4383} - C:\Windows\system32\ie4uinit.exe -BaseSettings
ActiveX: {89B4C1CD-B018-4511-B0A1-5476DBF70820} - C:\Windows\system32\Rundll32.exe C:\Windows\system32\mscories.dll,Install
ActiveX: {9381D8F2-0288-11D0-9501-00AA00B911A5} - Dynamic HTML Data Binding
ActiveX: {C6BAF60B-6E91-453F-BFF9-D3789CFEFCDD} - .NET Framework
ActiveX: {C9E9A340-D1F1-11D0-821E-444553540600} - Internet Explorer Core Fonts
ActiveX: {CDD7975E-60F8-41d5-8149-19E51D6F71D0} - Windows Movie Maker v2.1
ActiveX: {D27CDB6E-AE6D-11CF-96B8-444553540000} -
ActiveX: {de5aed00-a4bf-11d1-9948-00c04f98bbc9} - HTML Help
ActiveX: {E92B03AB-B707-11d2-9CBD-0000F87A369E} - Active Directory Service Interface
ActiveX: >{22d6f312-b0f6-11d0-94ab-0080c74c7e95} - C:\Windows\system32\unregmp2.exe /ShowWMP
ActiveX: >{26923b43-4d38-484f-9b9e-de460746276c} - C:\Windows\system32\ie4uinit.exe -UserIconConfig
ActiveX: >{60B49E34-C7CC-11D0-8953-00A0C90347FF} - "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\iedkcs32.dll",BrandIEActiveSetup SIGNUP
 
Drivers32: msacm.dvacm - C:\Program Files\Common Files\Ulead Systems\vio\DVACM.acm (Ulead Systems, Inc.)
Drivers32: msacm.l3acm - C:\Windows\System32\l3codeca.acm (Fraunhofer Institut Integrierte Schaltungen IIS)
Drivers32: MSVideo8 - C:\Windows\System32\vfwwdm32.dll (Microsoft Corporation)
Drivers32: vidc.cvid - C:\Windows\System32\iccvid.dll (Radius Inc.)
Drivers32: vidc.DIVX - C:\Windows\System32\DivX.dll (DivX, Inc.)
Drivers32: vidc.yv12 - C:\Windows\System32\DivX.dll (DivX, Inc.)
 
CREATERESTOREPOINT
Restore point Set: OTL Restore Point
 
========== Files/Folders - Created Within 30 Days ==========
 
[2012.03.19 20:31:47 | 000,594,432 | ---- | C] (OldTimer Tools) -- C:\Users\Rebekka\Desktop\OTL.exe
[2012.03.19 17:56:00 | 000,000,000 | R--D | C] -- C:\RavBin
[2012.03.19 17:50:20 | 000,000,000 | ---D | C] -- C:\Users\Rebekka\AppData\Roaming\Windows Search
[2012.03.18 16:31:57 | 000,000,000 | ---D | C] -- C:\Users\Rebekka\AppData\Roaming\Apple
[2012.03.18 14:19:06 | 000,000,000 | ---D | C] -- C:\Users\Rebekka\AppData\Roaming\Malwarebytes
[2012.03.18 14:18:53 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes' Anti-Malware
[2012.03.18 14:18:49 | 000,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes
[2012.03.18 14:18:47 | 000,020,464 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbam.sys
[2012.03.18 14:18:46 | 000,000,000 | ---D | C] -- C:\Program Files\Malwarebytes' Anti-Malware
[2012.03.18 14:05:02 | 009,502,424 | ---- | C] (Malwarebytes Corporation                                    ) -- C:\Users\Rebekka\Desktop\mbam-setup-1.60.1.1000 (1).exe
[2012.03.16 16:34:36 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\7-Zip
[2012.03.16 16:34:34 | 000,000,000 | ---D | C] -- C:\Program Files\7-Zip
[2012.03.16 16:23:40 | 000,607,260 | R--- | C] (Swearware) -- C:\Users\Rebekka\Desktop\dds.com
[2012.03.16 15:17:17 | 000,000,000 | ---D | C] -- C:\Users\Rebekka\AppData\Roaming\f-secure
[2012.03.16 15:16:43 | 000,000,000 | ---D | C] -- C:\ProgramData\F-Secure
[2012.03.16 12:51:04 | 000,779,608 | ---- | C] (Solid State Networks) -- C:\Users\Rebekka\Desktop\install_flashplayer11x32_mssa_aih.exe
[2012.03.16 12:37:56 | 000,000,000 | ---D | C] -- C:\Program Files\ESET
[2012.03.16 12:34:39 | 002,322,184 | ---- | C] (ESET) -- C:\Users\Rebekka\Desktop\esetsmartinstaller_enu.exe
[2012.03.15 13:17:33 | 000,000,000 | ---D | C] -- C:\ProgramData\Kaspersky Lab
[2012.03.14 23:54:13 | 000,000,000 | ---D | C] -- C:\Windows\pss
[2012.03.14 23:09:29 | 000,000,000 | ---D | C] -- C:\ProgramData\TEMP
[2012.03.14 23:08:19 | 000,000,000 | ---D | C] -- C:\Users\Rebekka\Documents\Simply Super Software
[2012.03.14 23:08:15 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Trojan Remover
[2012.03.14 23:08:14 | 000,598,528 | ---- | C] (Igor Pavlov) -- C:\Windows\System32\ztv7z.dll
[2012.03.14 23:08:08 | 000,000,000 | ---D | C] -- C:\Program Files\Trojan Remover
[2012.03.14 23:08:08 | 000,000,000 | ---D | C] -- C:\Users\Rebekka\AppData\Roaming\Simply Super Software
[2012.03.14 23:08:08 | 000,000,000 | ---D | C] -- C:\ProgramData\Simply Super Software
[2012.03.14 21:15:23 | 012,137,424 | ---- | C] (Simply Super Software                                      ) -- C:\Users\Rebekka\Desktop\trojan_remover_setup683.exe
[2012.03.14 01:09:14 | 000,000,000 | ---D | C] -- C:\Users\Rebekka\AppData\Roaming\Template
[2012.03.12 18:00:17 | 000,000,000 | ---D | C] -- C:\Users\Rebekka\Desktop\onkologie
[2012.03.07 22:16:59 | 000,000,000 | ---D | C] -- C:\Users\Rebekka\AppData\Roaming\Google Inc
[2012.03.06 22:39:35 | 000,000,000 | ---D | C] -- C:\Users\Rebekka\AppData\Roaming\ICQ
[2012.03.03 19:52:34 | 000,000,000 | ---D | C] -- C:\Users\Rebekka\AppData\Roaming\Help
[2012.03.03 19:32:15 | 000,000,000 | ---D | C] -- C:\Users\Rebekka\AppData\Roaming\TeamViewer
[2012.03.03 19:32:15 | 000,000,000 | ---D | C] -- C:\Users\Rebekka\AppData\Roaming\Sun
[3 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ]
 
========== Files - Modified Within 30 Days ==========
 
[2012.03.19 20:31:55 | 000,594,432 | ---- | M] (OldTimer Tools) -- C:\Users\Rebekka\Desktop\OTL.exe
[2012.03.19 20:19:39 | 000,081,801 | ---- | M] () -- C:\Users\Rebekka\Documents\Referat Onkologie.pdf
[2012.03.19 20:18:12 | 000,030,998 | ---- | M] () -- C:\Users\Rebekka\Documents\Referat Onkologie.odt
[2012.03.19 19:44:54 | 000,003,216 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0
[2012.03.19 19:44:54 | 000,003,216 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0
[2012.03.19 17:48:47 | 000,653,034 | ---- | M] () -- C:\Windows\System32\perfh010.dat
[2012.03.19 17:48:46 | 000,659,180 | ---- | M] () -- C:\Windows\System32\perfh00C.dat
[2012.03.19 17:48:46 | 000,618,442 | ---- | M] () -- C:\Windows\System32\perfh007.dat
[2012.03.19 17:48:46 | 000,587,178 | ---- | M] () -- C:\Windows\System32\perfh009.dat
[2012.03.19 17:48:46 | 000,122,976 | ---- | M] () -- C:\Windows\System32\perfc00C.dat
[2012.03.19 17:48:46 | 000,122,842 | ---- | M] () -- C:\Windows\System32\perfc007.dat
[2012.03.19 17:48:46 | 000,119,750 | ---- | M] () -- C:\Windows\System32\perfc010.dat
[2012.03.19 17:48:46 | 000,101,250 | ---- | M] () -- C:\Windows\System32\perfc009.dat
[2012.03.19 17:44:57 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2012.03.18 16:50:20 | 2110,947,328 | -HS- | M] () -- C:\hiberfil.sys
[2012.03.18 14:18:53 | 000,000,876 | ---- | M] () -- C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
[2012.03.18 14:05:10 | 009,502,424 | ---- | M] (Malwarebytes Corporation                                    ) -- C:\Users\Rebekka\Desktop\mbam-setup-1.60.1.1000 (1).exe
[2012.03.16 16:39:44 | 000,302,592 | ---- | M] () -- C:\Users\Rebekka\Desktop\bhllslvu.exe
[2012.03.16 16:37:28 | 000,002,295 | ---- | M] () -- C:\Users\Rebekka\Desktop\Attach.zip
[2012.03.16 16:34:09 | 001,110,476 | ---- | M] () -- C:\Users\Rebekka\Desktop\7z920.exe
[2012.03.16 16:23:46 | 000,607,260 | R--- | M] (Swearware) -- C:\Users\Rebekka\Desktop\dds.com
[2012.03.16 16:21:36 | 000,000,000 | ---- | M] () -- C:\Users\Rebekka\defogger_reenable
[2012.03.16 16:19:42 | 000,050,477 | ---- | M] () -- C:\Users\Rebekka\Desktop\Defogger.exe
[2012.03.16 12:51:09 | 000,779,608 | ---- | M] (Solid State Networks) -- C:\Users\Rebekka\Desktop\install_flashplayer11x32_mssa_aih.exe
[2012.03.16 12:34:40 | 002,322,184 | ---- | M] (ESET) -- C:\Users\Rebekka\Desktop\esetsmartinstaller_enu.exe
[2012.03.15 13:12:05 | 124,361,368 | ---- | M] () -- C:\Users\Rebekka\Desktop\setup_11.0.0.1245.x01_2012_03_15_15_12.exe
[2012.03.15 03:47:11 | 000,323,424 | ---- | M] () -- C:\Windows\System32\FNTCACHE.DAT
[2012.03.14 23:49:25 | 000,000,816 | ---- | M] () -- C:\Users\Public\Desktop\Mozilla Firefox.lnk
[2012.03.14 21:16:11 | 012,137,424 | ---- | M] (Simply Super Software                                      ) -- C:\Users\Rebekka\Desktop\trojan_remover_setup683.exe
[2012.03.14 01:09:15 | 000,000,128 | ---- | M] () -- C:\Users\Rebekka\AppData\Roaming\wklnhst.dat
[2012.03.03 18:41:48 | 000,152,174 | R--- | M] () -- C:\Users\Rebekka\Documents\schaub_Gutschein.pdf
[3 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ]
 
========== Files Created - No Company Name ==========
 
[2012.03.19 20:19:36 | 000,081,801 | ---- | C] () -- C:\Users\Rebekka\Documents\Referat Onkologie.pdf
[2012.03.18 14:18:53 | 000,000,876 | ---- | C] () -- C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
[2012.03.16 16:39:39 | 000,302,592 | ---- | C] () -- C:\Users\Rebekka\Desktop\bhllslvu.exe
[2012.03.16 16:37:28 | 000,002,295 | ---- | C] () -- C:\Users\Rebekka\Desktop\Attach.zip
[2012.03.16 16:34:06 | 001,110,476 | ---- | C] () -- C:\Users\Rebekka\Desktop\7z920.exe
[2012.03.16 16:21:36 | 000,000,000 | ---- | C] () -- C:\Users\Rebekka\defogger_reenable
[2012.03.16 16:19:38 | 000,050,477 | ---- | C] () -- C:\Users\Rebekka\Desktop\Defogger.exe
[2012.03.15 13:10:21 | 124,361,368 | ---- | C] () -- C:\Users\Rebekka\Desktop\setup_11.0.0.1245.x01_2012_03_15_15_12.exe
[2012.03.14 23:49:25 | 000,000,816 | ---- | C] () -- C:\Users\Public\Desktop\Mozilla Firefox.lnk
[2012.03.14 23:49:24 | 000,000,828 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Mozilla Firefox.lnk
[2012.03.14 23:08:14 | 000,077,312 | ---- | C] () -- C:\Windows\System32\ztvunace26.dll
[2012.03.14 23:08:13 | 000,178,176 | ---- | C] () -- C:\Windows\System32\ztvunrar39.dll
[2012.03.14 23:08:13 | 000,162,304 | ---- | C] () -- C:\Windows\System32\ztvunrar36.dll
[2012.03.14 23:08:13 | 000,153,088 | ---- | C] () -- C:\Windows\System32\UNRAR3.dll
[2012.03.14 23:08:13 | 000,075,264 | ---- | C] () -- C:\Windows\System32\unacev2.dll
[2012.03.14 01:09:08 | 000,000,128 | ---- | C] () -- C:\Users\Rebekka\AppData\Roaming\wklnhst.dat
[2012.03.13 22:26:32 | 000,030,998 | ---- | C] () -- C:\Users\Rebekka\Documents\Referat Onkologie.odt
[2012.03.03 18:41:52 | 000,152,174 | R--- | C] () -- C:\Users\Rebekka\Documents\schaub_Gutschein.pdf
[2011.04.29 18:13:55 | 000,000,122 | ---- | C] () -- C:\Windows\System32\BsMain.ini
[2010.09.27 12:03:08 | 000,201,512 | ---- | C] () -- C:\Windows\System32\vpnapi.dll
[2010.08.25 19:30:02 | 000,439,308 | ---- | C] () -- C:\Windows\System32\igcompkrng500.bin
[2010.08.25 19:30:00 | 000,982,240 | ---- | C] () -- C:\Windows\System32\igkrng500.bin
[2010.08.25 19:30:00 | 000,092,356 | ---- | C] () -- C:\Windows\System32\igfcg500m.bin
[2010.08.25 18:59:08 | 000,004,096 | ---- | C] ( ) -- C:\Windows\System32\IGFXDEVLib.dll
[2010.08.25 18:57:00 | 000,000,151 | ---- | C] () -- C:\Windows\System32\GfxUI.exe.config
[2010.08.25 18:52:00 | 000,208,896 | ---- | C] () -- C:\Windows\System32\iglhsip32.dll
[2010.08.25 18:52:00 | 000,143,360 | ---- | C] () -- C:\Windows\System32\iglhcp32.dll
 
========== LOP Check ==========
 
[2011.02.05 20:12:11 | 000,000,000 | ---D | M] -- C:\Users\Rebekka\AppData\Roaming\calibre
[2010.04.28 07:55:03 | 000,000,000 | ---D | M] -- C:\Users\Rebekka\AppData\Roaming\CoSoSys
[2012.03.16 15:17:17 | 000,000,000 | ---D | M] -- C:\Users\Rebekka\AppData\Roaming\f-secure
[2012.03.19 20:37:11 | 000,000,000 | ---D | M] -- C:\Users\Rebekka\AppData\Roaming\foobar2000
[2009.05.06 18:58:48 | 000,000,000 | ---D | M] -- C:\Users\Rebekka\AppData\Roaming\Foxit
[2010.12.16 23:42:23 | 000,000,000 | ---D | M] -- C:\Users\Rebekka\AppData\Roaming\FreeFLVConverter
[2012.03.06 22:39:35 | 000,000,000 | ---D | M] -- C:\Users\Rebekka\AppData\Roaming\ICQ
[2009.10.25 17:19:07 | 000,000,000 | ---D | M] -- C:\Users\Rebekka\AppData\Roaming\OpenOffice.org
[2011.08.18 23:34:41 | 000,000,000 | ---D | M] -- C:\Users\Rebekka\AppData\Roaming\SharePod
[2012.03.14 23:08:08 | 000,000,000 | ---D | M] -- C:\Users\Rebekka\AppData\Roaming\Simply Super Software
[2012.03.03 19:32:15 | 000,000,000 | ---D | M] -- C:\Users\Rebekka\AppData\Roaming\TeamViewer
[2012.03.14 01:09:14 | 000,000,000 | ---D | M] -- C:\Users\Rebekka\AppData\Roaming\Template
[2010.11.13 00:39:55 | 000,000,000 | ---D | M] -- C:\Users\Rebekka\AppData\Roaming\TheLastRipper
[2009.05.06 02:13:14 | 000,000,000 | ---D | M] -- C:\Users\Rebekka\AppData\Roaming\Ulead Systems
[2012.03.08 19:34:09 | 000,000,000 | ---D | M] -- C:\Users\Rebekka\AppData\Roaming\uTorrent
[2012.03.19 17:50:20 | 000,000,000 | ---D | M] -- C:\Users\Rebekka\AppData\Roaming\Windows Search
[2012.03.18 16:49:12 | 000,032,560 | ---- | M] () -- C:\Windows\Tasks\SCHEDLGU.TXT
 
========== Purity Check ==========
 
 
 
========== Custom Scans ==========
 
< %ALLUSERSPROFILE%\Application Data\*. >
 
< %ALLUSERSPROFILE%\Application Data\*.exe /s >
 
< %APPDATA%\*. >
[2012.03.15 18:03:33 | 000,000,000 | ---D | M] -- C:\Users\Rebekka\AppData\Roaming\Adobe
[2012.03.18 16:31:57 | 000,000,000 | ---D | M] -- C:\Users\Rebekka\AppData\Roaming\Apple
[2011.08.18 16:01:26 | 000,000,000 | ---D | M] -- C:\Users\Rebekka\AppData\Roaming\Apple Computer
[2011.02.05 20:12:11 | 000,000,000 | ---D | M] -- C:\Users\Rebekka\AppData\Roaming\calibre
[2010.04.28 07:55:03 | 000,000,000 | ---D | M] -- C:\Users\Rebekka\AppData\Roaming\CoSoSys
[2010.11.29 00:31:47 | 000,000,000 | ---D | M] -- C:\Users\Rebekka\AppData\Roaming\DivX
[2012.03.16 15:17:17 | 000,000,000 | ---D | M] -- C:\Users\Rebekka\AppData\Roaming\f-secure
[2012.03.19 20:37:11 | 000,000,000 | ---D | M] -- C:\Users\Rebekka\AppData\Roaming\foobar2000
[2009.05.06 18:58:48 | 000,000,000 | ---D | M] -- C:\Users\Rebekka\AppData\Roaming\Foxit
[2010.12.16 23:42:23 | 000,000,000 | ---D | M] -- C:\Users\Rebekka\AppData\Roaming\FreeFLVConverter
[2012.03.07 22:16:59 | 000,000,000 | ---D | M] -- C:\Users\Rebekka\AppData\Roaming\Google Inc
[2012.03.03 19:52:34 | 000,000,000 | ---D | M] -- C:\Users\Rebekka\AppData\Roaming\Help
[2009.10.21 19:42:23 | 000,000,000 | ---D | M] -- C:\Users\Rebekka\AppData\Roaming\HP
[2011.10.05 20:40:06 | 000,000,000 | ---D | M] -- C:\Users\Rebekka\AppData\Roaming\HpUpdate
[2012.03.06 22:39:35 | 000,000,000 | ---D | M] -- C:\Users\Rebekka\AppData\Roaming\ICQ
[2012.03.18 22:49:03 | 000,000,000 | ---D | M] -- C:\Users\Rebekka\AppData\Roaming\Identities
[2012.03.14 16:30:01 | 000,000,000 | ---D | M] -- C:\Users\Rebekka\AppData\Roaming\Macromedia
[2012.03.18 14:19:06 | 000,000,000 | ---D | M] -- C:\Users\Rebekka\AppData\Roaming\Malwarebytes
[2006.11.02 13:37:34 | 000,000,000 | ---D | M] -- C:\Users\Rebekka\AppData\Roaming\Media Center Programs
[2009.07.25 22:01:39 | 000,000,000 | ---D | M] -- C:\Users\Rebekka\AppData\Roaming\Media Player Classic
[2012.03.19 18:38:12 | 000,000,000 | --SD | M] -- C:\Users\Rebekka\AppData\Roaming\Microsoft
[2009.05.06 18:48:05 | 000,000,000 | ---D | M] -- C:\Users\Rebekka\AppData\Roaming\Mozilla
[2009.10.25 17:19:07 | 000,000,000 | ---D | M] -- C:\Users\Rebekka\AppData\Roaming\OpenOffice.org
[2009.05.06 18:36:43 | 000,000,000 | ---D | M] -- C:\Users\Rebekka\AppData\Roaming\Reallusion
[2011.08.18 23:34:41 | 000,000,000 | ---D | M] -- C:\Users\Rebekka\AppData\Roaming\SharePod
[2012.03.14 23:08:08 | 000,000,000 | ---D | M] -- C:\Users\Rebekka\AppData\Roaming\Simply Super Software
[2011.01.03 13:59:14 | 000,000,000 | ---D | M] -- C:\Users\Rebekka\AppData\Roaming\Skype
[2011.01.03 13:56:46 | 000,000,000 | ---D | M] -- C:\Users\Rebekka\AppData\Roaming\skypePM
[2012.03.03 19:32:15 | 000,000,000 | ---D | M] -- C:\Users\Rebekka\AppData\Roaming\Sun
[2009.05.06 01:57:26 | 000,000,000 | ---D | M] -- C:\Users\Rebekka\AppData\Roaming\Symantec
[2012.03.03 19:32:15 | 000,000,000 | ---D | M] -- C:\Users\Rebekka\AppData\Roaming\TeamViewer
[2012.03.14 01:09:14 | 000,000,000 | ---D | M] -- C:\Users\Rebekka\AppData\Roaming\Template
[2010.11.13 00:39:55 | 000,000,000 | ---D | M] -- C:\Users\Rebekka\AppData\Roaming\TheLastRipper
[2009.05.06 02:13:14 | 000,000,000 | ---D | M] -- C:\Users\Rebekka\AppData\Roaming\Ulead Systems
[2012.03.08 19:34:09 | 000,000,000 | ---D | M] -- C:\Users\Rebekka\AppData\Roaming\uTorrent
[2012.03.19 17:50:20 | 000,000,000 | ---D | M] -- C:\Users\Rebekka\AppData\Roaming\Windows Search
 
< %APPDATA%\*.exe /s >
[2012.03.19 18:38:12 | 000,287,232 | ---- | M] () -- C:\Users\Rebekka\AppData\Roaming\Identities\{B567FB2C-F497-48B6-A9FC-8646E2E5B9B0}\LicenseValidator.exe
 
< %SYSTEMDRIVE%\*.exe >
 
< MD5 for: AGP440.SYS  >
[2008.01.21 03:23:01 | 000,056,376 | ---- | M] (Microsoft Corporation) MD5=13F9E33747E6B41A3FF305C37DB0D360 -- C:\Windows\System32\drivers\AGP440.sys
[2008.01.21 03:23:01 | 000,056,376 | ---- | M] (Microsoft Corporation) MD5=13F9E33747E6B41A3FF305C37DB0D360 -- C:\Windows\System32\DriverStore\FileRepository\machine.inf_51b95d75\AGP440.sys
[2008.01.21 03:23:01 | 000,056,376 | ---- | M] (Microsoft Corporation) MD5=13F9E33747E6B41A3FF305C37DB0D360 -- C:\Windows\System32\DriverStore\FileRepository\machine.inf_f750e484\AGP440.sys
[2008.01.21 03:23:01 | 000,056,376 | ---- | M] (Microsoft Corporation) MD5=13F9E33747E6B41A3FF305C37DB0D360 -- C:\Windows\winsxs\x86_machine.inf_31bf3856ad364e35_6.0.6001.18000_none_ba12ed3bbeb0d97a\AGP440.sys
[2008.01.21 03:23:01 | 000,056,376 | ---- | M] (Microsoft Corporation) MD5=13F9E33747E6B41A3FF305C37DB0D360 -- C:\Windows\winsxs\x86_machine.inf_31bf3856ad364e35_6.0.6002.18005_none_bbfe6647bbd2a4c6\AGP440.sys
[2006.11.02 10:49:52 | 000,053,864 | ---- | M] (Microsoft Corporation) MD5=EF23439CDD587F64C2C1B8825CEAD7D8 -- C:\Windows\System32\DriverStore\FileRepository\machine.inf_920a2c1f\AGP440.sys
 
< MD5 for: ATAPI.SYS  >
[2009.04.11 07:32:26 | 000,019,944 | ---- | M] (Microsoft Corporation) MD5=1F05B78AB91C9075565A9D8A4B880BC4 -- C:\Windows\System32\drivers\atapi.sys
[2009.04.11 07:32:26 | 000,019,944 | ---- | M] (Microsoft Corporation) MD5=1F05B78AB91C9075565A9D8A4B880BC4 -- C:\Windows\System32\DriverStore\FileRepository\mshdc.inf_b12d8e84\atapi.sys
[2009.04.11 07:32:26 | 000,019,944 | ---- | M] (Microsoft Corporation) MD5=1F05B78AB91C9075565A9D8A4B880BC4 -- C:\Windows\winsxs\x86_mshdc.inf_31bf3856ad364e35_6.0.6002.18005_none_df23a1261eab99e8\atapi.sys
[2008.01.21 03:23:00 | 000,021,560 | ---- | M] (Microsoft Corporation) MD5=2D9C903DC76A66813D350A562DE40ED9 -- C:\Windows\System32\DriverStore\FileRepository\mshdc.inf_cc18792d\atapi.sys
[2008.01.21 03:23:00 | 000,021,560 | ---- | M] (Microsoft Corporation) MD5=2D9C903DC76A66813D350A562DE40ED9 -- C:\Windows\winsxs\x86_mshdc.inf_31bf3856ad364e35_6.0.6001.18000_none_dd38281a2189ce9c\atapi.sys
[2006.11.02 10:49:36 | 000,019,048 | ---- | M] (Microsoft Corporation) MD5=4F4FCB8B6EA06784FB6D475B7EC7300F -- C:\Windows\System32\DriverStore\FileRepository\mshdc.inf_c6c2e699\atapi.sys
 
< MD5 for: CNGAUDIT.DLL  >
[2006.11.02 10:46:03 | 000,011,776 | ---- | M] (Microsoft Corporation) MD5=7F15B4953378C8B5161D65C26D5FED4D -- C:\Windows\System32\cngaudit.dll
[2006.11.02 10:46:03 | 000,011,776 | ---- | M] (Microsoft Corporation) MD5=7F15B4953378C8B5161D65C26D5FED4D -- C:\Windows\winsxs\x86_microsoft-windows-cngaudit-dll_31bf3856ad364e35_6.0.6000.16386_none_e62d292932a96ce6\cngaudit.dll
 
< MD5 for: IASTORV.SYS  >
[2008.01.21 03:23:23 | 000,235,064 | ---- | M] (Intel Corporation) MD5=54155EA1B0DF185878E0FC9EC3AC3A14 -- C:\Windows\System32\drivers\iaStorV.sys
[2008.01.21 03:23:23 | 000,235,064 | ---- | M] (Intel Corporation) MD5=54155EA1B0DF185878E0FC9EC3AC3A14 -- C:\Windows\System32\DriverStore\FileRepository\iastorv.inf_c9df7691\iaStorV.sys
[2008.01.21 03:23:23 | 000,235,064 | ---- | M] (Intel Corporation) MD5=54155EA1B0DF185878E0FC9EC3AC3A14 -- C:\Windows\winsxs\x86_iastorv.inf_31bf3856ad364e35_6.0.6001.18000_none_af11527887c7fa8f\iaStorV.sys
[2006.11.02 10:51:25 | 000,232,040 | ---- | M] (Intel Corporation) MD5=C957BF4B5D80B46C5017BF0101E6C906 -- C:\Windows\System32\DriverStore\FileRepository\iastorv.inf_37cdafa4\iaStorV.sys
 
< MD5 for: NETLOGON.DLL  >
[2009.04.11 07:28:23 | 000,592,896 | ---- | M] (Microsoft Corporation) MD5=95DAECF0FB120A7B5DA679CC54E37DDE -- C:\Windows\System32\netlogon.dll
[2009.04.11 07:28:23 | 000,592,896 | ---- | M] (Microsoft Corporation) MD5=95DAECF0FB120A7B5DA679CC54E37DDE -- C:\Windows\winsxs\x86_microsoft-windows-security-netlogon_31bf3856ad364e35_6.0.6002.18005_none_ffa3304f351bb3a3\netlogon.dll
[2008.01.21 03:24:05 | 000,592,384 | ---- | M] (Microsoft Corporation) MD5=A8EFC0B6E75B789F7FD3BA5025D4E37F -- C:\Windows\winsxs\x86_microsoft-windows-security-netlogon_31bf3856ad364e35_6.0.6001.18000_none_fdb7b74337f9e857\netlogon.dll
 
< MD5 for: NVSTOR.SYS  >
[2006.11.02 10:50:13 | 000,040,040 | ---- | M] (NVIDIA Corporation) MD5=9E0BA19A28C498A6D323D065DB76DFFC -- C:\Windows\System32\DriverStore\FileRepository\nvraid.inf_733654ff\nvstor.sys
[2008.01.21 03:23:21 | 000,045,112 | ---- | M] (NVIDIA Corporation) MD5=ABED0C09758D1D97DB0042DBB2688177 -- C:\Windows\System32\drivers\nvstor.sys
[2008.01.21 03:23:21 | 000,045,112 | ---- | M] (NVIDIA Corporation) MD5=ABED0C09758D1D97DB0042DBB2688177 -- C:\Windows\System32\DriverStore\FileRepository\nvraid.inf_31c3d71d\nvstor.sys
[2008.01.21 03:23:21 | 000,045,112 | ---- | M] (NVIDIA Corporation) MD5=ABED0C09758D1D97DB0042DBB2688177 -- C:\Windows\winsxs\x86_nvraid.inf_31bf3856ad364e35_6.0.6001.18000_none_39dac327befea467\nvstor.sys
 
< MD5 for: SCECLI.DLL  >
[2008.01.21 03:24:50 | 000,177,152 | ---- | M] (Microsoft Corporation) MD5=28B84EB538F7E8A0FE8B9299D591E0B9 -- C:\Windows\winsxs\x86_microsoft-windows-s..urationengineclient_31bf3856ad364e35_6.0.6001.18000_none_380de25bd91b6f12\scecli.dll
[2009.04.11 07:28:24 | 000,177,152 | ---- | M] (Microsoft Corporation) MD5=8FC182167381E9915651267044105EE1 -- C:\Windows\System32\scecli.dll
[2009.04.11 07:28:24 | 000,177,152 | ---- | M] (Microsoft Corporation) MD5=8FC182167381E9915651267044105EE1 -- C:\Windows\winsxs\x86_microsoft-windows-s..urationengineclient_31bf3856ad364e35_6.0.6002.18005_none_39f95b67d63d3a5e\scecli.dll
 
< MD5 for: USER32.DLL  >
[2008.01.21 03:24:21 | 000,627,200 | ---- | M] (Microsoft Corporation) MD5=B974D9F06DC7D1908E825DC201681269 -- C:\Windows\winsxs\x86_microsoft-windows-user32_31bf3856ad364e35_6.0.6001.18000_none_cd386c416d5c7f32\user32.dll
[2009.04.11 07:28:25 | 000,627,712 | ---- | M] (Microsoft Corporation) Unable to obtain MD5 -- C:\Windows\System32\user32.dll
[2009.04.11 07:28:25 | 000,627,712 | ---- | M] (Microsoft Corporation) Unable to obtain MD5 -- C:\Windows\winsxs\x86_microsoft-windows-user32_31bf3856ad364e35_6.0.6002.18005_none_cf23e54d6a7e4a7e\user32.dll
 
< MD5 for: USERINIT.EXE  >
[2008.01.21 03:24:49 | 000,025,088 | ---- | M] (Microsoft Corporation) MD5=0E135526E9785D085BCD9AEDE6FBCBF9 -- C:\Windows\System32\userinit.exe
[2008.01.21 03:24:49 | 000,025,088 | ---- | M] (Microsoft Corporation) MD5=0E135526E9785D085BCD9AEDE6FBCBF9 -- C:\Windows\winsxs\x86_microsoft-windows-userinit_31bf3856ad364e35_6.0.6001.18000_none_dc28ba15d1aff80b\userinit.exe
 
< MD5 for: WININIT.EXE  >
[2008.01.21 03:23:42 | 000,096,768 | ---- | M] (Microsoft Corporation) MD5=101BA3EA053480BB5D957EF37C06B5ED -- C:\Windows\System32\wininit.exe
[2008.01.21 03:23:42 | 000,096,768 | ---- | M] (Microsoft Corporation) MD5=101BA3EA053480BB5D957EF37C06B5ED -- C:\Windows\winsxs\x86_microsoft-windows-wininit_31bf3856ad364e35_6.0.6001.18000_none_30f2b8cf0450a6a2\wininit.exe
 
< MD5 for: WINLOGON.EXE  >
[2012.01.13 14:53:20 | 000,182,856 | ---- | M] () MD5=63EEC8A8B221AB79045E776E5F592868 -- C:\Program Files\Malwarebytes' Anti-Malware\Chameleon\winlogon.exe
[2009.04.11 07:28:13 | 000,314,368 | ---- | M] (Microsoft Corporation) MD5=898E7C06A350D4A1A64A9EA264D55452 -- C:\Windows\System32\winlogon.exe
[2009.04.11 07:28:13 | 000,314,368 | ---- | M] (Microsoft Corporation) MD5=898E7C06A350D4A1A64A9EA264D55452 -- C:\Windows\winsxs\x86_microsoft-windows-winlogon_31bf3856ad364e35_6.0.6002.18005_none_71ae7a22d2134741\winlogon.exe
[2008.01.21 03:24:49 | 000,314,880 | ---- | M] (Microsoft Corporation) MD5=C2610B6BDBEFC053BBDAB4F1B965CB24 -- C:\Windows\winsxs\x86_microsoft-windows-winlogon_31bf3856ad364e35_6.0.6001.18000_none_6fc30116d4f17bf5\winlogon.exe
 
< MD5 for: WS2IFSL.SYS  >
[2008.01.21 03:24:47 | 000,015,872 | ---- | M] (Microsoft Corporation) MD5=E3A3CB253C0EC2494D4A61F5E43A389C -- C:\Windows\System32\drivers\ws2ifsl.sys
[2008.01.21 03:24:47 | 000,015,872 | ---- | M] (Microsoft Corporation) MD5=E3A3CB253C0EC2494D4A61F5E43A389C -- C:\Windows\winsxs\x86_microsoft-windows-w..rastructure-ws2ifsl_31bf3856ad364e35_6.0.6001.18000_none_4f86a0d4c7cda641\ws2ifsl.sys
 
< %systemroot%\system32\drivers\*.sys /lockedfiles >
 
< %systemroot%\System32\config\*.sav >
[2008.01.21 04:14:18 | 016,846,848 | ---- | M] () -- C:\Windows\System32\config\COMPONENTS.SAV
[2008.01.21 04:14:08 | 000,106,496 | ---- | M] () -- C:\Windows\System32\config\DEFAULT.SAV
[2008.01.21 04:14:18 | 000,020,480 | ---- | M] () -- C:\Windows\System32\config\SECURITY.SAV
[2006.11.02 11:34:08 | 010,133,504 | ---- | M] () -- C:\Windows\System32\config\SOFTWARE.SAV
[2006.11.02 11:34:08 | 001,826,816 | ---- | M] () -- C:\Windows\System32\config\SYSTEM.SAV
 
< %systemroot%\*. /mp /s >
 
< %systemroot%\system32\*.dll /lockedfiles >
 
<          >
 
========== Alternate Data Streams ==========
 
@Alternate Data Stream - 146 bytes -> C:\ProgramData\TEMP:CB0AACC9

< End of report >

cosinus 20.03.2012 16:14
Mach einen OTL-Fix, beende alle evtl. geöffneten Programme, auch Virenscanner deaktivieren (!), starte OTL und kopiere folgenden Text in die "Custom Scan/Fixes" Box (unten in OTL): (das ":OTL" muss mitkopiert werden!!!)


Code:
:OTL
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.msi.com.tw
IE - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://search.live.com/results.aspx?q={searchTerms}&src={referrer:source?}
IE - HKU\S-1-5-21-2882153462-3320562554-2162167854-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.msi.com.tw
IE - HKU\S-1-5-21-2882153462-3320562554-2162167854-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://global.nytimes.com/?iht
IE - HKU\S-1-5-21-2882153462-3320562554-2162167854-1000\SOFTWARE\Microsoft\Internet Explorer\Main,StartPageCache = 1
IE - HKU\S-1-5-21-2882153462-3320562554-2162167854-1000\..\SearchScopes,DefaultScope = {CF739809-1C6C-47C0-85B9-569DBB141420}
IE - HKU\S-1-5-21-2882153462-3320562554-2162167854-1000\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://search.live.com/results.aspx?q={searchTerms}&src=IE-SearchBox&Form=IE8SRC
IE - HKU\S-1-5-21-2882153462-3320562554-2162167854-1000\..\SearchScopes\{CF739809-1C6C-47C0-85B9-569DBB141420}: "URL" = http://toolbar.ask.com/toolbarv/askRedirect?gct=&gc=1&q={searchTerms}&crm=1&toolbar=FXT
FF - prefs.js..browser.startup.homepage: "http://global.nytimes.com/?iht"
FF - prefs.js..keyword.URL: "http://toolbar.ask.com/toolbarv/askRedirect?o=101699&gct=&gc=1&q="
FF - HKLM\Software\MozillaPlugins\@divx.com/DivX Browser Plugin,version=1.0.0: C:\Program Files\DivX\DivX Plus Web Player\npdivx32.dll (DivX,Inc.)
FF - HKLM\Software\MozillaPlugins\@divx.com/DivX VOD Helper,version=1.0.0: C:\Program Files\DivX\DivX OVS Helper\npovshelper.dll (DivX, LLC.)
O2 - BHO: (no name) - {602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} - No CLSID value found.
O3 - HKLM\..\Toolbar: (no name) - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - No CLSID value found.
O3 - HKU\S-1-5-21-2882153462-3320562554-2162167854-1000\..\Toolbar\WebBrowser: (no name) - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - No CLSID value found.
O4 - HKU\S-1-5-21-2882153462-3320562554-2162167854-1000..\Run: [LicenseValidator] C:\Users\Rebekka\AppData\Roaming\Identities\{B567FB2C-F497-48B6-A9FC-8646E2E5B9B0}\LicenseValidator.exe ()
O7 - HKU\S-1-5-21-2882153462-3320562554-2162167854-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2006.09.18 22:43:36 | 000,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ]
O33 - MountPoints2\{82d6eae0-25fa-11e1-a06c-002185dc2309}\Shell - "" = AutoRun
O33 - MountPoints2\{82d6eae0-25fa-11e1-a06c-002185dc2309}\Shell\AutoRun\command - "" = G:\Setup.exe
O33 - MountPoints2\{9255f386-6247-11de-9add-002185dc2309}\Shell\AutoRun\command - "" = F:\scene.exe 1
O33 - MountPoints2\{9255f386-6247-11de-9add-002185dc2309}\Shell\explore\Command - "" = F:\scene.exe 1
O33 - MountPoints2\{9255f386-6247-11de-9add-002185dc2309}\Shell\open\Command - "" = F:\scene.exe 1
O33 - MountPoints2\{9255f386-6247-11de-9add-002185dc2309}\Shell\Scan\Command - "" = F:\scene.exe 2
MsConfig - StartUpReg: DivXUpdate - hkey= - key= - C:\Program Files\DivX\DivX Update\DivXUpdate.exe ()
@Alternate Data Stream - 146 bytes -> C:\ProgramData\TEMP:CB0AACC9
:Files
C:\RavBin
:Commands
[emptytemp]
[resethosts]
Klick dann oben links auf den Button Fix!
Das Logfile müsste geöffnet werden, wenn Du nach dem Fixen auf ok klickst, poste das bitte. Evtl. wird der Rechner neu gestartet.

Die mit diesem Script gefixten Einträge, Dateien und Ordner werden zur Sicherheit nicht vollständig gelöscht, es wird eine Sicherheitskopie auf der Systempartition im Ordner "_OTL" erstellt.

Hinweis: Das obige Script ist nur für diesen einen User in dieser Situtation erstellt worden. Es ist auf keinen anderen Rechner portierbar und darf nicht anderweitig verwandt werden, da es das System nachhaltig schädigen kann!

rivkah 20.03.2012 16:56
Hier das OTLFix- Log:
Code:
All processes killed
========== OTL ==========
HKLM\SOFTWARE\Microsoft\Internet Explorer\Main\\Default_Page_URL| /E : value set successfully!
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\\DefaultScope| /E : value set successfully!
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}\ not found.
HKU\S-1-5-21-2882153462-3320562554-2162167854-1000\SOFTWARE\Microsoft\Internet Explorer\Main\\Default_Page_URL| /E : value set successfully!
HKU\S-1-5-21-2882153462-3320562554-2162167854-1000\SOFTWARE\Microsoft\Internet Explorer\Main\\Start Page| /E : value set successfully!
HKU\S-1-5-21-2882153462-3320562554-2162167854-1000\SOFTWARE\Microsoft\Internet Explorer\Main\\StartPageCache| /E : value set successfully!
HKEY_USERS\S-1-5-21-2882153462-3320562554-2162167854-1000\Software\Microsoft\Internet Explorer\SearchScopes\\DefaultScope| /E : value set successfully!
Registry key HKEY_USERS\S-1-5-21-2882153462-3320562554-2162167854-1000\Software\Microsoft\Internet Explorer\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}\ not found.
Registry key HKEY_USERS\S-1-5-21-2882153462-3320562554-2162167854-1000\Software\Microsoft\Internet Explorer\SearchScopes\{CF739809-1C6C-47C0-85B9-569DBB141420}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{CF739809-1C6C-47C0-85B9-569DBB141420}\ not found.
Prefs.js: "hxxp://global.nytimes.com/?iht" removed from browser.startup.homepage
Prefs.js: "hxxp://toolbar.ask.com/toolbarv/askRedirect?o=101699&gct=&gc=1&q=" removed from keyword.URL
Registry key HKEY_LOCAL_MACHINE\Software\MozillaPlugins\@divx.com/DivX Browser Plugin,version=1.0.0\ deleted successfully.
C:\Program Files\DivX\DivX Plus Web Player\npdivx32.dll moved successfully.
Registry key HKEY_LOCAL_MACHINE\Software\MozillaPlugins\@divx.com/DivX VOD Helper,version=1.0.0\ deleted successfully.
C:\Program Files\DivX\DivX OVS Helper\npovshelper.dll moved successfully.
Registry key HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{602ADB0E-4AFF-4217-8AA1-95DAC4DFA408}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{602ADB0E-4AFF-4217-8AA1-95DAC4DFA408}\ not found.
Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Toolbar\\{7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA}\ not found.
Registry value HKEY_USERS\S-1-5-21-2882153462-3320562554-2162167854-1000\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\\{7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA}\ not found.
Registry value HKEY_USERS\S-1-5-21-2882153462-3320562554-2162167854-1000\Software\Microsoft\Windows\CurrentVersion\Run\\LicenseValidator deleted successfully.
C:\Users\Rebekka\AppData\Roaming\Identities\{B567FB2C-F497-48B6-A9FC-8646E2E5B9B0}\LicenseValidator.exe moved successfully.
Registry value HKEY_USERS\S-1-5-21-2882153462-3320562554-2162167854-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\\NoDriveTypeAutoRun deleted successfully.
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Cdrom\\AutoRun|DWORD:1 /E : value set successfully!
C:\autoexec.bat moved successfully.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{82d6eae0-25fa-11e1-a06c-002185dc2309}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{82d6eae0-25fa-11e1-a06c-002185dc2309}\ not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{82d6eae0-25fa-11e1-a06c-002185dc2309}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{82d6eae0-25fa-11e1-a06c-002185dc2309}\ not found.
File G:\Setup.exe not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{9255f386-6247-11de-9add-002185dc2309}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{9255f386-6247-11de-9add-002185dc2309}\ not found.
File F:\scene.exe 1 not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{9255f386-6247-11de-9add-002185dc2309}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{9255f386-6247-11de-9add-002185dc2309}\ not found.
File F:\scene.exe 1 not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{9255f386-6247-11de-9add-002185dc2309}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{9255f386-6247-11de-9add-002185dc2309}\ not found.
File F:\scene.exe 1 not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{9255f386-6247-11de-9add-002185dc2309}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{9255f386-6247-11de-9add-002185dc2309}\ not found.
File F:\scene.exe 2 not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\StartUpReg\DivXUpdate\ deleted successfully.
ADS C:\ProgramData\TEMP:CB0AACC9 deleted successfully.
========== FILES ==========
C:\RavBin folder moved successfully.
========== COMMANDS ==========
 
[EMPTYTEMP]
 
User: All Users
 
User: Default
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 33170 bytes
 
User: Default User
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
 
User: Public
 
User: Rebekka
->Temp folder emptied: 243176443 bytes
->Temporary Internet Files folder emptied: 56418402 bytes
->Java cache emptied: 67702572 bytes
->FireFox cache emptied: 86500508 bytes
->Flash cache emptied: 308466 bytes
 
%systemdrive% .tmp files removed: 0 bytes
%systemroot% .tmp files removed: 23205 bytes
%systemroot%\System32 .tmp files removed: 0 bytes
%systemroot%\System32\drivers .tmp files removed: 0 bytes
Windows Temp folder emptied: 188713119 bytes
RecycleBin emptied: 12676 bytes
 
Total Files Cleaned = 613,00 mb
 
C:\Windows\System32\drivers\etc\Hosts moved successfully.
HOSTS file reset successfully
 
OTL by OldTimer - Version 3.2.39.1 log created on 03202012_164335

Files\Folders moved on Reboot...
File\Folder C:\Users\Rebekka\AppData\Local\Temp\~DF1A2B.tmp not found!
File\Folder C:\Users\Rebekka\AppData\Local\Temp\~DF1A49.tmp not found!
File\Folder C:\Users\Rebekka\AppData\Local\Temp\~DF3FE.tmp not found!
File\Folder C:\Users\Rebekka\AppData\Local\Temp\~DF59C.tmp not found!
File\Folder C:\Users\Rebekka\AppData\Local\Temp\~DF766.tmp not found!
File\Folder C:\Users\Rebekka\AppData\Local\Temp\~DF7BF.tmp not found!

Registry entries deleted on Reboot...

cosinus 20.03.2012 17:32
Bitte nun (im normalen Windows-Modus) dieses Tool von Kaspersky (TDSS-Killer) ausführen und das Log posten => http://www.trojaner-board.de/82358-t...entfernen.html

Hinweis: Bitte den Virenscanner abstellen bevor du den TDSS-Killer ausführst, denn v.a. Avira meldet im TDSS-Tool oft einen Fehalalrm!

Das Tool so einstellen wie unten im Bild angegeben - klick auf change parameters und setze die Haken wie im folgenden Screenshot abgebildet,
Dann auf Start Scan klicken und wenn es durch ist auf den Button Report klicken um das Log anzuzeigen. Dieses bitte komplett posten.
Wenn du das Log nicht findest oder den Inhalt kopieren und in dein Posting übertragen kannst, dann schau bitte direkt auf deiner Windows-Systempartition (meistens Laufwerk C:) nach, da speichert der TDSS-Killer seine Logs.

Hinweis: Bitte nichts voreilig mit dem TDSS-Killer löschen! Falls Objekte vom TDSS-Killer bemängelt werden, alle mit der Aktion "skip" behandeln und hier nur das Log posten!

http://saved.im/mtkwmtcxexhp/setting...8_16-25-18.jpg

rivkah 20.03.2012 18:59
Hier das TDSS-Log, ich habe noch nicht gelöscht:
Code:
18:49:46.0682 5844        TDSS rootkit removing tool 2.7.20.0 Mar  9 2012 17:10:43
18:49:46.0863 5844        ============================================================
18:49:46.0863 5844        Current date / time: 2012/03/20 18:49:46.0863
18:49:46.0863 5844        SystemInfo:
18:49:46.0863 5844       
18:49:46.0864 5844        OS Version: 6.0.6002 ServicePack: 2.0
18:49:46.0864 5844        Product type: Workstation
18:49:46.0864 5844        ComputerName: REBEKKA-PC
18:49:46.0864 5844        UserName: Rebekka
18:49:46.0864 5844        Windows directory: C:\Windows
18:49:46.0864 5844        System windows directory: C:\Windows
18:49:46.0864 5844        Processor architecture: Intel x86
18:49:46.0864 5844        Number of processors: 2
18:49:46.0864 5844        Page size: 0x1000
18:49:46.0864 5844        Boot type: Normal boot
18:49:46.0864 5844        ============================================================
18:49:48.0404 5844        Drive \Device\Harddisk0\DR0 - Size: 0x3A38B2E000 (232.89 Gb), SectorSize: 0x200, Cylinders: 0x76C1, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000050
18:49:48.0415 5844        \Device\Harddisk0\DR0:
18:49:48.0424 5844        MBR used
18:49:48.0424 5844        \Device\Harddisk0\DR0\Partition0: MBR, Type 0x7, StartLBA 0xFA0800, BlocksNum 0x57E4000
18:49:48.0424 5844        \Device\Harddisk0\DR0\Partition1: MBR, Type 0x7, StartLBA 0x6784800, BlocksNum 0x16A40800
18:49:48.0517 5844        Initialize success
18:49:48.0517 5844        ============================================================
18:54:43.0033 1308        ============================================================
18:54:43.0033 1308        Scan started
18:54:43.0033 1308        Mode: Manual; SigCheck; TDLFS;
18:54:43.0033 1308        ============================================================
18:54:44.0078 1308        ACPI            (82b296ae1892fe3dbee00c9cf92f8ac7) C:\Windows\system32\drivers\acpi.sys
18:54:44.0219 1308        ACPI - ok
18:54:44.0312 1308        adp94xx        (04f0fcac69c7c71a3ac4eb97fafc8303) C:\Windows\system32\drivers\adp94xx.sys
18:54:44.0375 1308        adp94xx - ok
18:54:44.0609 1308        adpahci        (60505e0041f7751bdbb80f88bf45c2ce) C:\Windows\system32\drivers\adpahci.sys
18:54:44.0640 1308        adpahci - ok
18:54:44.0811 1308        adpu160m        (8a42779b02aec986eab64ecfc98f8bd7) C:\Windows\system32\drivers\adpu160m.sys
18:54:44.0843 1308        adpu160m - ok
18:54:45.0045 1308        adpu320        (241c9e37f8ce45ef51c3de27515ca4e5) C:\Windows\system32\drivers\adpu320.sys
18:54:45.0077 1308        adpu320 - ok
18:54:45.0279 1308        AF15BDA        (3a906e3917a246d2b3011258e256029e) C:\Windows\system32\DRIVERS\AF15BDA.sys
18:54:45.0373 1308        AF15BDA - ok
18:54:45.0669 1308        AFD            (3911b972b55fea0478476b2e777b29fa) C:\Windows\system32\drivers\afd.sys
18:54:45.0747 1308        AFD - ok
18:54:45.0872 1308        agp440          (13f9e33747e6b41a3ff305c37db0d360) C:\Windows\system32\drivers\agp440.sys
18:54:45.0888 1308        agp440 - ok
18:54:45.0997 1308        aic78xx        (ae1fdf7bf7bb6c6a70f67699d880592a) C:\Windows\system32\drivers\djsvs.sys
18:54:46.0013 1308        aic78xx - ok
18:54:46.0153 1308        aliide          (9eaef5fc9b8e351afa7e78a6fae91f91) C:\Windows\system32\drivers\aliide.sys
18:54:46.0169 1308        aliide - ok
18:54:46.0403 1308        amdagp          (c47344bc706e5f0b9dce369516661578) C:\Windows\system32\drivers\amdagp.sys
18:54:46.0418 1308        amdagp - ok
18:54:46.0465 1308        amdide          (9b78a39a4c173fdbc1321e0dd659b34c) C:\Windows\system32\drivers\amdide.sys
18:54:46.0481 1308        amdide - ok
18:54:46.0543 1308        AmdK7          (18f29b49ad23ecee3d2a826c725c8d48) C:\Windows\system32\drivers\amdk7.sys
18:54:46.0730 1308        AmdK7 - ok
18:54:46.0886 1308        AmdK8          (93ae7f7dd54ab986a6f1a1b37be7442d) C:\Windows\system32\drivers\amdk8.sys
18:54:46.0964 1308        AmdK8 - ok
18:54:47.0073 1308        arc            (5d2888182fb46632511acee92fdad522) C:\Windows\system32\drivers\arc.sys
18:54:47.0073 1308        arc - ok
18:54:47.0151 1308        arcsas          (5e2a321bd7c8b3624e41fdec3e244945) C:\Windows\system32\drivers\arcsas.sys
18:54:47.0183 1308        arcsas - ok
18:54:47.0229 1308        AsyncMac        (53b202abee6455406254444303e87be1) C:\Windows\system32\DRIVERS\asyncmac.sys
18:54:47.0292 1308        AsyncMac - ok
18:54:47.0448 1308        atapi          (1f05b78ab91c9075565a9d8a4b880bc4) C:\Windows\system32\drivers\atapi.sys
18:54:47.0463 1308        atapi - ok
18:54:47.0682 1308        athr            (7b58b2fd287948466fc2887561d6f674) C:\Windows\system32\DRIVERS\athr.sys
18:54:47.0791 1308        athr - ok
18:54:47.0978 1308        Beep            (67e506b75bd5326a3ec7b70bd014dfb6) C:\Windows\system32\drivers\Beep.sys
18:54:48.0072 1308        Beep - ok
18:54:48.0197 1308        blbdrive        (d4df28447741fd3d953526e33a617397) C:\Windows\system32\drivers\blbdrive.sys
18:54:48.0275 1308        blbdrive - ok
18:54:48.0368 1308        bowser          (35f376253f687bde63976ccb3f2108ca) C:\Windows\system32\DRIVERS\bowser.sys
18:54:48.0399 1308        bowser - ok
18:54:48.0618 1308        BrFiltLo        (9f9acc7f7ccde8a15c282d3f88b43309) C:\Windows\system32\drivers\brfiltlo.sys
18:54:48.0711 1308        BrFiltLo - ok
18:54:48.0961 1308        BrFiltUp        (56801ad62213a41f6497f96dee83755a) C:\Windows\system32\drivers\brfiltup.sys
18:54:49.0039 1308        BrFiltUp - ok
18:54:49.0242 1308        Brserid        (b304e75cff293029eddf094246747113) C:\Windows\system32\drivers\brserid.sys
18:54:49.0429 1308        Brserid - ok
18:54:49.0679 1308        BrSerWdm        (203f0b1e73adadbbb7b7b1fabd901f6b) C:\Windows\system32\drivers\brserwdm.sys
18:54:49.0788 1308        BrSerWdm - ok
18:54:50.0006 1308        BrUsbMdm        (bd456606156ba17e60a04e18016ae54b) C:\Windows\system32\drivers\brusbmdm.sys
18:54:50.0100 1308        BrUsbMdm - ok
18:54:50.0287 1308        BrUsbSer        (af72ed54503f717a43268b3cc5faec2e) C:\Windows\system32\drivers\brusbser.sys
18:54:50.0381 1308        BrUsbSer - ok
18:54:50.0490 1308        BTHMODEM        (ad07c1ec6665b8b35741ab91200c6b68) C:\Windows\system32\drivers\bthmodem.sys
18:54:50.0552 1308        BTHMODEM - ok
18:54:50.0646 1308        cdfs            (7add03e75beb9e6dd102c3081d29840a) C:\Windows\system32\DRIVERS\cdfs.sys
18:54:50.0693 1308        cdfs - ok
18:54:50.0817 1308        cdrom          (6b4bffb9becd728097024276430db314) C:\Windows\system32\DRIVERS\cdrom.sys
18:54:50.0895 1308        cdrom - ok
18:54:50.0958 1308        circlass        (e5d4133f37219dbcfe102bc61072589d) C:\Windows\system32\DRIVERS\circlass.sys
18:54:50.0989 1308        circlass - ok
18:54:51.0067 1308        CLFS            (d7659d3b5b92c31e84e53c1431f35132) C:\Windows\system32\CLFS.sys
18:54:51.0098 1308        CLFS - ok
18:54:51.0161 1308        CmBatt          (99afc3795b58cc478fbbbcdc658fcb56) C:\Windows\system32\DRIVERS\CmBatt.sys
18:54:51.0207 1308        CmBatt - ok
18:54:51.0270 1308        cmdide          (0ca25e686a4928484e9fdabd168ab629) C:\Windows\system32\drivers\cmdide.sys
18:54:51.0301 1308        cmdide - ok
18:54:51.0379 1308        Compbatt        (6afef0b60fa25de07c0968983ee4f60a) C:\Windows\system32\DRIVERS\compbatt.sys
18:54:51.0395 1308        Compbatt - ok
18:54:51.0441 1308        crcdisk        (741e9dff4f42d2d8477d0fc1dc0df871) C:\Windows\system32\drivers\crcdisk.sys
18:54:51.0457 1308        crcdisk - ok
18:54:51.0519 1308        Crusoe          (1f07becdca750766a96cda811ba86410) C:\Windows\system32\drivers\crusoe.sys
18:54:51.0582 1308        Crusoe - ok
18:54:51.0691 1308        CVirtA          (b5ecadf7708960f1818c7fa015f4c239) C:\Windows\system32\DRIVERS\CVirtA.sys
18:54:51.0769 1308        CVirtA - ok
18:54:51.0847 1308        CVPNDRVA        (cb90b2762b1a1d0b40496400c55b6ade) C:\Windows\system32\Drivers\CVPNDRVA.sys
18:54:51.0894 1308        CVPNDRVA ( UnsignedFile.Multi.Generic ) - warning
18:54:51.0894 1308        CVPNDRVA - detected UnsignedFile.Multi.Generic (1)
18:54:52.0003 1308        DfsC            (622c41a07ca7e6dd91770f50d532cb6c) C:\Windows\system32\Drivers\dfsc.sys
18:54:52.0050 1308        DfsC - ok
18:54:52.0159 1308        disk            (5d4aefc3386920236a548271f8f1af6a) C:\Windows\system32\drivers\disk.sys
18:54:52.0175 1308        disk - ok
18:54:52.0268 1308        DNE            (b5aa5aa5ac327bd7c1aec0c58f0c1144) C:\Windows\system32\DRIVERS\dne2000.sys
18:54:52.0299 1308        DNE - ok
18:54:52.0377 1308        Dot4            (4f59c172c094e1a1d46463a8dc061cbd) C:\Windows\system32\DRIVERS\Dot4.sys
18:54:52.0455 1308        Dot4 - ok
18:54:52.0502 1308        Dot4Print      (80bf3ba09f6f2523c8f6b7cc6dbf7bd5) C:\Windows\system32\DRIVERS\Dot4Prt.sys
18:54:52.0565 1308        Dot4Print - ok
18:54:52.0643 1308        dot4usb        (c55004ca6b419b6695970dfe849b122f) C:\Windows\system32\DRIVERS\dot4usb.sys
18:54:52.0689 1308        dot4usb - ok
18:54:52.0767 1308        drmkaud        (97fef831ab90bee128c9af390e243f80) C:\Windows\system32\drivers\drmkaud.sys
18:54:52.0814 1308        drmkaud - ok
18:54:52.0923 1308        DXGKrnl        (fb85f7f69e9b109820409243f578cc4d) C:\Windows\System32\drivers\dxgkrnl.sys
18:54:53.0189 1308        DXGKrnl - ok
18:54:53.0423 1308        E1G60          (5425f74ac0c1dbd96a1e04f17d63f94c) C:\Windows\system32\DRIVERS\E1G60I32.sys
18:54:53.0516 1308        E1G60 - ok
18:54:53.0594 1308        Ecache          (7f64ea048dcfac7acf8b4d7b4e6fe371) C:\Windows\system32\drivers\ecache.sys
18:54:53.0625 1308        Ecache - ok
18:54:53.0750 1308        elxstor        (23b62471681a124889978f6295b3f4c6) C:\Windows\system32\drivers\elxstor.sys
18:54:53.0797 1308        elxstor - ok
18:54:53.0859 1308        enecir          (6c74035909b31f873d85b25e00beb984) C:\Windows\system32\DRIVERS\enecir.sys
18:54:53.0906 1308        enecir - ok
18:54:53.0969 1308        ErrDev          (3db974f3935483555d7148663f726c61) C:\Windows\system32\drivers\errdev.sys
18:54:54.0078 1308        ErrDev - ok
18:54:54.0327 1308        exfat          (22b408651f9123527bcee54b4f6c5cae) C:\Windows\system32\drivers\exfat.sys
18:54:54.0390 1308        exfat - ok
18:54:54.0624 1308        fastfat        (1e9b9a70d332103c52995e957dc09ef8) C:\Windows\system32\drivers\fastfat.sys
18:54:54.0686 1308        fastfat - ok
18:54:54.0780 1308        fdc            (afe1e8b9782a0dd7fb46bbd88e43f89a) C:\Windows\system32\DRIVERS\fdc.sys
18:54:54.0842 1308        fdc - ok
18:54:54.0920 1308        FileInfo        (a8c0139a884861e3aae9cfe73b208a9f) C:\Windows\system32\drivers\fileinfo.sys
18:54:54.0936 1308        FileInfo - ok
18:54:54.0983 1308        Filetrace      (0ae429a696aecbc5970e3cf2c62635ae) C:\Windows\system32\drivers\filetrace.sys
18:54:55.0061 1308        Filetrace - ok
18:54:55.0170 1308        flpydisk        (85b7cf99d532820495d68d747fda9ebd) C:\Windows\system32\DRIVERS\flpydisk.sys
18:54:55.0248 1308        flpydisk - ok
18:54:55.0404 1308        FltMgr          (01334f9ea68e6877c4ef05d3ea8abb05) C:\Windows\system32\drivers\fltmgr.sys
18:54:55.0419 1308        FltMgr - ok
18:54:55.0575 1308        Fs_Rec          (65ea8b77b5851854f0c55c43fa51a198) C:\Windows\system32\drivers\Fs_Rec.sys
18:54:55.0638 1308        Fs_Rec - ok
18:54:55.0763 1308        gagp30kx        (34582a6e6573d54a07ece5fe24a126b5) C:\Windows\system32\drivers\gagp30kx.sys
18:54:55.0794 1308        gagp30kx - ok
18:54:55.0965 1308        GEARAspiWDM    (8182ff89c65e4d38b2de4bb0fb18564e) C:\Windows\system32\DRIVERS\GEARAspiWDM.sys
18:54:55.0981 1308        GEARAspiWDM - ok
18:54:56.0153 1308        HdAudAddService (cb04c744be0a61b1d648faed182c3b59) C:\Windows\system32\drivers\HdAudio.sys
18:54:56.0262 1308        HdAudAddService - ok
18:54:56.0496 1308        HDAudBus        (062452b7ffd68c8c042a6261fe8dff4a) C:\Windows\system32\DRIVERS\HDAudBus.sys
18:54:56.0589 1308        HDAudBus - ok
18:54:56.0699 1308        HidBth          (1338520e78d90154ed6be8f84de5fceb) C:\Windows\system32\drivers\hidbth.sys
18:54:56.0777 1308        HidBth - ok
18:54:56.0808 1308        HidIr          (d8df3722d5e961baa1292aa2f12827e2) C:\Windows\system32\DRIVERS\hidir.sys
18:54:56.0855 1308        HidIr - ok
18:54:56.0948 1308        HidUsb          (854ca287ab7faf949617a788306d967e) C:\Windows\system32\DRIVERS\hidusb.sys
18:54:56.0995 1308        HidUsb - ok
18:54:57.0120 1308        hooksys        (aa5d6a18a09473ba9c18d3337044c453) C:\Windows\system32\drivers\Hooksys.sys
18:54:57.0713 1308        hooksys - ok
18:54:57.0837 1308        HookTdi        (5eec3dc70a688d865634ba997fa13dd4) C:\Windows\system32\drivers\HookTdi.sys
18:54:57.0853 1308        HookTdi - ok
18:54:57.0915 1308        HpCISSs        (16ee7b23a009e00d835cdb79574a91a6) C:\Windows\system32\drivers\hpcisss.sys
18:54:57.0931 1308        HpCISSs - ok
18:54:58.0087 1308        HTTP            (f870aa3e254628ebeafe754108d664de) C:\Windows\system32\drivers\HTTP.sys
18:54:58.0149 1308        HTTP - ok
18:54:58.0243 1308        HyperVM        (c413166d7a5966afff05d547bda1b828) C:\Windows\system32\drivers\hvm.sys
18:54:58.0243 1308        HyperVM - ok
18:54:58.0461 1308        i2omp          (c6b032d69650985468160fc9937cf5b4) C:\Windows\system32\drivers\i2omp.sys
18:54:58.0493 1308        i2omp - ok
18:54:58.0649 1308        i8042prt        (22d56c8184586b7a1f6fa60be5f5a2bd) C:\Windows\system32\DRIVERS\i8042prt.sys
18:54:58.0727 1308        i8042prt - ok
18:54:58.0805 1308        iaStorV        (54155ea1b0df185878e0fc9ec3ac3a14) C:\Windows\system32\drivers\iastorv.sys
18:54:58.0836 1308        iaStorV - ok
18:54:58.0914 1308        IDSvix86        (74f2b7d99b8613eac36edf22a2ab3b08) C:\PROGRA~2\Symantec\DEFINI~1\SymcData\ipsdefs\20090625.001\IDSvix86.sys
18:54:58.0929 1308        IDSvix86 - ok
18:54:59.0928 1308        igfx            (8266ae06df974e5ba047b3e9e9e70b3f) C:\Windows\system32\DRIVERS\igdkmd32.sys
18:55:02.0439 1308        igfx - ok
18:55:02.0705 1308        iirsp          (2d077bf86e843f901d8db709c95b49a5) C:\Windows\system32\drivers\iirsp.sys
18:55:02.0736 1308        iirsp - ok
18:55:02.0923 1308        IntcAzAudAddService (3c0e1c89079d48abba5fbf54626dc9e2) C:\Windows\system32\drivers\RTKVHDA.sys
18:55:03.0110 1308        IntcAzAudAddService - ok
18:55:03.0329 1308        intelide        (83aa759f3189e6370c30de5dc5590718) C:\Windows\system32\drivers\intelide.sys
18:55:03.0344 1308        intelide - ok
18:55:03.0812 1308        intelppm        (224191001e78c89dfa78924c3ea595ff) C:\Windows\system32\DRIVERS\intelppm.sys
18:55:03.0921 1308        intelppm - ok
18:55:04.0140 1308        IpFilterDriver  (62c265c38769b864cb25b4bcf62df6c3) C:\Windows\system32\DRIVERS\ipfltdrv.sys
18:55:04.0202 1308        IpFilterDriver - ok
18:55:04.0311 1308        IpInIp - ok
18:55:04.0499 1308        IPMIDRV        (b25aaf203552b7b3491139d582b39ad1) C:\Windows\system32\drivers\ipmidrv.sys
18:55:04.0561 1308        IPMIDRV - ok
18:55:04.0655 1308        IPNAT          (8793643a67b42cec66490b2a0cf92d68) C:\Windows\system32\DRIVERS\ipnat.sys
18:55:04.0686 1308        IPNAT - ok
18:55:04.0748 1308        IRENUM          (109c0dfb82c3632fbd11949b73aeeac9) C:\Windows\system32\drivers\irenum.sys
18:55:04.0795 1308        IRENUM - ok
18:55:04.0920 1308        isapnp          (6c70698a3e5c4376c6ab5c7c17fb0614) C:\Windows\system32\drivers\isapnp.sys
18:55:04.0935 1308        isapnp - ok
18:55:05.0107 1308        iScsiPrt        (232fa340531d940aac623b121a595034) C:\Windows\system32\DRIVERS\msiscsi.sys
18:55:05.0154 1308        iScsiPrt - ok
18:55:05.0388 1308        iteatapi        (bced60d16156e428f8df8cf27b0df150) C:\Windows\system32\drivers\iteatapi.sys
18:55:05.0419 1308        iteatapi - ok
18:55:05.0513 1308        iteraid        (06fa654504a498c30adca8bec4e87e7e) C:\Windows\system32\drivers\iteraid.sys
18:55:05.0528 1308        iteraid - ok
18:55:05.0591 1308        kbdclass        (37605e0a8cf00cbba538e753e4344c6e) C:\Windows\system32\DRIVERS\kbdclass.sys
18:55:05.0622 1308        kbdclass - ok
18:55:05.0669 1308        kbdhid          (ede59ec70e25c24581add1fbec7325f7) C:\Windows\system32\DRIVERS\kbdhid.sys
18:55:05.0715 1308        kbdhid - ok
18:55:05.0887 1308        KSecDD          (2b2f1638466e8cb091400c9019cc730e) C:\Windows\system32\Drivers\ksecdd.sys
18:55:05.0949 1308        KSecDD - ok
18:55:06.0105 1308        lltdio          (d1c5883087a0c3f1344d9d55a44901f6) C:\Windows\system32\DRIVERS\lltdio.sys
18:55:06.0168 1308        lltdio - ok
18:55:06.0402 1308        LSI_FC          (c7e15e82879bf3235b559563d4185365) C:\Windows\system32\drivers\lsi_fc.sys
18:55:06.0433 1308        LSI_FC - ok
18:55:06.0495 1308        LSI_SAS        (ee01ebae8c9bf0fa072e0ff68718920a) C:\Windows\system32\drivers\lsi_sas.sys
18:55:06.0527 1308        LSI_SAS - ok
18:55:06.0573 1308        LSI_SCSI        (912a04696e9ca30146a62afa1463dd5c) C:\Windows\system32\drivers\lsi_scsi.sys
18:55:06.0589 1308        LSI_SCSI - ok
18:55:06.0667 1308        luafv          (8f5c7426567798e62a3b3614965d62cc) C:\Windows\system32\drivers\luafv.sys
18:55:06.0714 1308        luafv - ok
18:55:06.0870 1308        megasas        (0001ce609d66632fa17b84705f658879) C:\Windows\system32\drivers\megasas.sys
18:55:06.0885 1308        megasas - ok
18:55:06.0979 1308        MegaSR          (c252f32cd9a49dbfc25ecf26ebd51a99) C:\Windows\system32\drivers\megasr.sys
18:55:07.0026 1308        MegaSR - ok
18:55:07.0182 1308        Modem          (e13b5ea0f51ba5b1512ec671393d09ba) C:\Windows\system32\drivers\modem.sys
18:55:07.0229 1308        Modem - ok
18:55:07.0275 1308        monitor        (0a9bb33b56e294f686abb7c1e4e2d8a8) C:\Windows\system32\DRIVERS\monitor.sys
18:55:07.0338 1308        monitor - ok
18:55:07.0416 1308        mouclass        (5bf6a1326a335c5298477754a506d263) C:\Windows\system32\DRIVERS\mouclass.sys
18:55:07.0447 1308        mouclass - ok
18:55:07.0650 1308        mouhid          (93b8d4869e12cfbe663915502900876f) C:\Windows\system32\DRIVERS\mouhid.sys
18:55:07.0712 1308        mouhid - ok
18:55:07.0790 1308        MountMgr        (bdafc88aa6b92f7842416ea6a48e1600) C:\Windows\system32\drivers\mountmgr.sys
18:55:07.0806 1308        MountMgr - ok
18:55:07.0884 1308        mpio            (511d011289755dd9f9a7579fb0b064e6) C:\Windows\system32\drivers\mpio.sys
18:55:07.0899 1308        mpio - ok
18:55:07.0962 1308        mpsdrv          (22241feba9b2defa669c8cb0a8dd7d2e) C:\Windows\system32\drivers\mpsdrv.sys
18:55:08.0009 1308        mpsdrv - ok
18:55:08.0196 1308        Mraid35x        (4fbbb70d30fd20ec51f80061703b001e) C:\Windows\system32\drivers\mraid35x.sys
18:55:08.0227 1308        Mraid35x - ok
18:55:08.0383 1308        MRxDAV          (82cea0395524aacfeb58ba1448e8325c) C:\Windows\system32\drivers\mrxdav.sys
18:55:08.0445 1308        MRxDAV - ok
18:55:08.0601 1308        mrxsmb          (1e94971c4b446ab2290deb71d01cf0c2) C:\Windows\system32\DRIVERS\mrxsmb.sys
18:55:08.0648 1308        mrxsmb - ok
18:55:08.0695 1308        mrxsmb10        (4fccb34d793b116423209c0f8b7a3b03) C:\Windows\system32\DRIVERS\mrxsmb10.sys
18:55:08.0726 1308        mrxsmb10 - ok
18:55:08.0851 1308        mrxsmb20        (c3cb1b40ad4a0124d617a1199b0b9d7c) C:\Windows\system32\DRIVERS\mrxsmb20.sys
18:55:08.0882 1308        mrxsmb20 - ok
18:55:08.0945 1308        msahci          (5457dcfa7c0da43522f4d9d4049c1472) C:\Windows\system32\drivers\msahci.sys
18:55:08.0960 1308        msahci - ok
18:55:09.0069 1308        msdsm          (4468b0f385a86ecddaf8d3ca662ec0e7) C:\Windows\system32\drivers\msdsm.sys
18:55:09.0101 1308        msdsm - ok
18:55:09.0366 1308        Msfs            (a9927f4a46b816c92f461acb90cf8515) C:\Windows\system32\drivers\Msfs.sys
18:55:09.0428 1308        Msfs - ok
18:55:09.0522 1308        msisadrv        (0f400e306f385c56317357d6dea56f62) C:\Windows\system32\drivers\msisadrv.sys
18:55:09.0553 1308        msisadrv - ok
18:55:09.0662 1308        MSKSSRV        (d8c63d34d9c9e56c059e24ec7185cc07) C:\Windows\system32\drivers\MSKSSRV.sys
18:55:09.0725 1308        MSKSSRV - ok
18:55:09.0974 1308        MSPCLOCK        (1d373c90d62ddb641d50e55b9e78d65e) C:\Windows\system32\drivers\MSPCLOCK.sys
18:55:10.0037 1308        MSPCLOCK - ok
18:55:10.0380 1308        MSPQM          (b572da05bf4e098d4bba3a4734fb505b) C:\Windows\system32\drivers\MSPQM.sys
18:55:10.0458 1308        MSPQM - ok
18:55:10.0723 1308        MsRPC          (b49456d70555de905c311bcda6ec6adb) C:\Windows\system32\drivers\MsRPC.sys
18:55:10.0739 1308        MsRPC - ok
18:55:10.0957 1308        mssmbios        (e384487cb84be41d09711c30ca79646c) C:\Windows\system32\DRIVERS\mssmbios.sys
18:55:11.0004 1308        mssmbios - ok
18:55:11.0082 1308        MSTEE          (7199c1eec1e4993caf96b8c0a26bd58a) C:\Windows\system32\drivers\MSTEE.sys
18:55:11.0144 1308        MSTEE - ok
18:55:11.0285 1308        Mup            (6a57b5733d4cb702c8ea4542e836b96c) C:\Windows\system32\Drivers\mup.sys
18:55:11.0316 1308        Mup - ok
18:55:11.0441 1308        NativeWifiP    (85c44fdff9cf7e72a40dcb7ec06a4416) C:\Windows\system32\DRIVERS\nwifi.sys
18:55:11.0487 1308        NativeWifiP - ok
18:55:11.0565 1308        NDIS            (1357274d1883f68300aeadd15d7bbb42) C:\Windows\system32\drivers\ndis.sys
18:55:11.0628 1308        NDIS - ok
18:55:11.0784 1308        NdisTapi        (0e186e90404980569fb449ba7519ae61) C:\Windows\system32\DRIVERS\ndistapi.sys
18:55:11.0831 1308        NdisTapi - ok
18:55:12.0049 1308        Ndisuio        (d6973aa34c4d5d76c0430b181c3cd389) C:\Windows\system32\DRIVERS\ndisuio.sys
18:55:12.0096 1308        Ndisuio - ok
18:55:12.0174 1308        NdisWan        (818f648618ae34f729fdb47ec68345c3) C:\Windows\system32\DRIVERS\ndiswan.sys
18:55:12.0236 1308        NdisWan - ok
18:55:12.0299 1308        NDProxy        (71dab552b41936358f3b541ae5997fb3) C:\Windows\system32\drivers\NDProxy.sys
18:55:12.0330 1308        NDProxy - ok
18:55:12.0392 1308        NetBIOS        (bcd093a5a6777cf626434568dc7dba78) C:\Windows\system32\DRIVERS\netbios.sys
18:55:12.0423 1308        NetBIOS - ok
18:55:12.0642 1308        netbt          (ecd64230a59cbd93c85f1cd1cab9f3f6) C:\Windows\system32\DRIVERS\netbt.sys
18:55:12.0689 1308        netbt - ok
18:55:12.0798 1308        netr28          (3f540b257442cc1a2220dd8f73ac1c77) C:\Windows\system32\DRIVERS\netr28.sys
18:55:12.0876 1308        netr28 - ok
18:55:13.0094 1308        NETw5v32        (e559ea9138c77b5d1fda8c558764a25f) C:\Windows\system32\DRIVERS\NETw5v32.sys
18:55:13.0328 1308        NETw5v32 - ok
18:55:13.0437 1308        nfrd960        (2e7fb731d4790a1bc6270accefacb36e) C:\Windows\system32\drivers\nfrd960.sys
18:55:13.0453 1308        nfrd960 - ok
18:55:13.0531 1308        Npfs            (d36f239d7cce1931598e8fb90a0dbc26) C:\Windows\system32\drivers\Npfs.sys
18:55:13.0578 1308        Npfs - ok
18:55:13.0687 1308        nsiproxy        (609773e344a97410ce4ebf74a8914fcf) C:\Windows\system32\drivers\nsiproxy.sys
18:55:13.0765 1308        nsiproxy - ok
18:55:13.0859 1308        Ntfs            (6a4a98cee84cf9e99564510dda4baa47) C:\Windows\system32\drivers\Ntfs.sys
18:55:13.0905 1308        Ntfs - ok
18:55:13.0983 1308        ntrigdigi      (e875c093aec0c978a90f30c9e0dfbb72) C:\Windows\system32\drivers\ntrigdigi.sys
18:55:14.0030 1308        ntrigdigi - ok
18:55:14.0093 1308        Null            (c5dbbcda07d780bda9b685df333bb41e) C:\Windows\system32\drivers\Null.sys
18:55:14.0124 1308        Null - ok
18:55:14.0264 1308        nvraid          (2edf9e7751554b42cbb60116de727101) C:\Windows\system32\drivers\nvraid.sys
18:55:14.0280 1308        nvraid - ok
18:55:14.0467 1308        nvstor          (abed0c09758d1d97db0042dbb2688177) C:\Windows\system32\drivers\nvstor.sys
18:55:14.0483 1308        nvstor - ok
18:55:14.0717 1308        nv_agp          (18bbdf913916b71bd54575bdb6eeac0b) C:\Windows\system32\drivers\nv_agp.sys
18:55:14.0732 1308        nv_agp - ok
18:55:14.0763 1308        NwlnkFlt - ok
18:55:14.0810 1308        NwlnkFwd - ok
18:55:14.0888 1308        ohci1394        (be32da025a0be1878f0ee8d6d9386cd5) C:\Windows\system32\drivers\ohci1394.sys
18:55:14.0966 1308        ohci1394 - ok
18:55:15.0075 1308        Parport        (0fa9b5055484649d63c303fe404e5f4d) C:\Windows\system32\drivers\parport.sys
18:55:15.0138 1308        Parport - ok
18:55:15.0200 1308        partmgr        (57389fa59a36d96b3eb09d0cb91e9cdc) C:\Windows\system32\drivers\partmgr.sys
18:55:15.0216 1308        partmgr - ok
18:55:15.0294 1308        Parvdm          (4f9a6a8a31413180d0fcb279ad5d8112) C:\Windows\system32\drivers\parvdm.sys
18:55:15.0356 1308        Parvdm - ok
18:55:15.0419 1308        pci            (941dc1d19e7e8620f40bbc206981efdb) C:\Windows\system32\drivers\pci.sys
18:55:15.0434 1308        pci - ok
18:55:15.0481 1308        pciide          (fc175f5ddab666d7f4d17449a547626f) C:\Windows\system32\drivers\pciide.sys
18:55:15.0497 1308        pciide - ok
18:55:15.0559 1308        pcmcia          (e6f3fb1b86aa519e7698ad05e58b04e5) C:\Windows\system32\drivers\pcmcia.sys
18:55:15.0575 1308        pcmcia - ok
18:55:15.0668 1308        PEAUTH          (6349f6ed9c623b44b52ea3c63c831a92) C:\Windows\system32\drivers\peauth.sys
18:55:15.0762 1308        PEAUTH - ok
18:55:15.0887 1308        PKWCap          (21bc7d473ed5587b10a0e44ed3df80e3) C:\Windows\system32\DRIVERS\PKWCap.sys
18:55:16.0011 1308        PKWCap - ok
18:55:16.0136 1308        PptpMiniport    (ecfffaec0c1ecd8dbc77f39070ea1db1) C:\Windows\system32\DRIVERS\raspptp.sys
18:55:16.0183 1308        PptpMiniport - ok
18:55:16.0230 1308        Processor      (2027293619dd0f047c584cf2e7df4ffd) C:\Windows\system32\drivers\processr.sys
18:55:16.0261 1308        Processor - ok
18:55:16.0323 1308        PSched          (99514faa8df93d34b5589187db3aa0ba) C:\Windows\system32\DRIVERS\pacer.sys
18:55:16.0355 1308        PSched - ok
18:55:16.0495 1308        ql2300          (0a6db55afb7820c99aa1f3a1d270f4f6) C:\Windows\system32\drivers\ql2300.sys
18:55:16.0573 1308        ql2300 - ok
18:55:16.0620 1308        ql40xx          (81a7e5c076e59995d54bc1ed3a16e60b) C:\Windows\system32\drivers\ql40xx.sys
18:55:16.0635 1308        ql40xx - ok
18:55:16.0682 1308        QWAVEdrv        (9f5e0e1926014d17486901c88eca2db7) C:\Windows\system32\drivers\qwavedrv.sys
18:55:16.0729 1308        QWAVEdrv - ok
18:55:16.0776 1308        RasAcd          (147d7f9c556d259924351feb0de606c3) C:\Windows\system32\DRIVERS\rasacd.sys
18:55:16.0838 1308        RasAcd - ok
18:55:16.0947 1308        Rasl2tp        (a214adbaf4cb47dd2728859ef31f26b0) C:\Windows\system32\DRIVERS\rasl2tp.sys
18:55:17.0010 1308        Rasl2tp - ok
18:55:17.0072 1308        RasPppoe        (509a98dd18af4375e1fc40bc175f1def) C:\Windows\system32\DRIVERS\raspppoe.sys
18:55:17.0119 1308        RasPppoe - ok
18:55:17.0197 1308        RasSstp        (2005f4a1e05fa09389ac85840f0a9e4d) C:\Windows\system32\DRIVERS\rassstp.sys
18:55:17.0228 1308        RasSstp - ok
18:55:17.0291 1308        rdbss          (b14c9d5b9add2f84f70570bbbfaa7935) C:\Windows\system32\DRIVERS\rdbss.sys
18:55:17.0353 1308        rdbss - ok
18:55:17.0400 1308        RDPCDD          (89e59be9a564262a3fb6c4f4f1cd9899) C:\Windows\system32\DRIVERS\RDPCDD.sys
18:55:17.0462 1308        RDPCDD - ok
18:55:17.0556 1308        rdpdr          (fbc0bacd9c3d7f6956853f64a66e252d) C:\Windows\system32\drivers\rdpdr.sys
18:55:17.0618 1308        rdpdr - ok
18:55:17.0649 1308        RDPENCDD        (9d91fe5286f748862ecffa05f8a0710c) C:\Windows\system32\drivers\rdpencdd.sys
18:55:17.0712 1308        RDPENCDD - ok
18:55:17.0790 1308        RDPWD          (79c6df8477250f5c54f7c5ae1d6b814e) C:\Windows\system32\drivers\RDPWD.sys
18:55:17.0852 1308        RDPWD - ok
18:55:18.0008 1308        rsdsys          (e3ea801ae48590663116742f57d0fd5d) C:\Windows\system32\drivers\protreg.sys
18:55:18.0024 1308        rsdsys - ok
18:55:18.0117 1308        rspndr          (9c508f4074a39e8b4b31d27198146fad) C:\Windows\system32\DRIVERS\rspndr.sys
18:55:18.0164 1308        rspndr - ok
18:55:18.0242 1308        RTL8169        (abbe0f54ba3a378262c9cb86cf7d91f8) C:\Windows\system32\DRIVERS\Rtlh86.sys
18:55:18.0336 1308        RTL8169 - ok
18:55:18.0414 1308        RTSTOR          (08266552b179e30bb333c70cc90084fb) C:\Windows\system32\drivers\RTSTOR.SYS
18:55:18.0476 1308        RTSTOR - ok
18:55:18.0554 1308        sbp2port        (3ce8f073a557e172b330109436984e30) C:\Windows\system32\drivers\sbp2port.sys
18:55:18.0570 1308        sbp2port - ok
18:55:18.0632 1308        secdrv          (90a3935d05b494a5a39d37e71f09a677) C:\Windows\system32\drivers\secdrv.sys
18:55:18.0695 1308        secdrv - ok
18:55:18.0741 1308        Serenum        (68e44e331d46f0fb38f0863a84cd1a31) C:\Windows\system32\drivers\serenum.sys
18:55:18.0804 1308        Serenum - ok
18:55:18.0882 1308        Serial          (c70d69a918b178d3c3b06339b40c2e1b) C:\Windows\system32\drivers\serial.sys
18:55:18.0944 1308        Serial - ok
18:55:19.0007 1308        sermouse        (8af3d28a879bf75db53a0ee7a4289624) C:\Windows\system32\drivers\sermouse.sys
18:55:19.0053 1308        sermouse - ok
18:55:19.0116 1308        sffdisk        (3efa810bdca87f6ecc24f9832243fe86) C:\Windows\system32\drivers\sffdisk.sys
18:55:19.0131 1308        sffdisk - ok
18:55:19.0194 1308        sffp_mmc        (e95d451f7ea3e583aec75f3b3ee42dc5) C:\Windows\system32\drivers\sffp_mmc.sys
18:55:19.0225 1308        sffp_mmc - ok
18:55:19.0303 1308        sffp_sd        (3d0ea348784b7ac9ea9bd9f317980979) C:\Windows\system32\drivers\sffp_sd.sys
18:55:19.0319 1308        sffp_sd - ok
18:55:19.0381 1308        sfloppy        (46ed8e91793b2e6f848015445a0ac188) C:\Windows\system32\drivers\sfloppy.sys
18:55:19.0428 1308        sfloppy - ok
18:55:19.0475 1308        sisagp          (1d76624a09a054f682d746b924e2dbc3) C:\Windows\system32\drivers\sisagp.sys
18:55:19.0490 1308        sisagp - ok
18:55:19.0537 1308        SiSRaid2        (43cb7aa756c7db280d01da9b676cfde2) C:\Windows\system32\drivers\sisraid2.sys
18:55:19.0553 1308        SiSRaid2 - ok
18:55:19.0599 1308        SiSRaid4        (a99c6c8b0baa970d8aa59ddc50b57f94) C:\Windows\system32\drivers\sisraid4.sys
18:55:19.0615 1308        SiSRaid4 - ok
18:55:19.0818 1308        Smb            (7b75299a4d201d6a6533603d6914ab04) C:\Windows\system32\DRIVERS\smb.sys
18:55:19.0849 1308        Smb - ok
18:55:19.0943 1308        smserial        (63b3b77bdb67ee674771c0e6fb96da9e) C:\Windows\system32\DRIVERS\smserial.sys
18:55:20.0052 1308        smserial - ok
18:55:20.0145 1308        spldr          (7aebdeef071fe28b0eef2cdd69102bff) C:\Windows\system32\drivers\spldr.sys
18:55:20.0161 1308        spldr - ok
18:55:20.0223 1308        srv            (41987f9fc0e61adf54f581e15029ad91) C:\Windows\system32\DRIVERS\srv.sys
18:55:20.0270 1308        srv - ok
18:55:20.0348 1308        srv2            (ff33aff99564b1aa534f58868cbe41ef) C:\Windows\system32\DRIVERS\srv2.sys
18:55:20.0395 1308        srv2 - ok
18:55:20.0489 1308        srvnet          (7605c0e1d01a08f3ecd743f38b834a44) C:\Windows\system32\DRIVERS\srvnet.sys
18:55:20.0520 1308        srvnet - ok
18:55:20.0598 1308        StillCam        (ef70b3d22b4bffda6ea851ecb063efaa) C:\Windows\system32\DRIVERS\serscan.sys
18:55:20.0645 1308        StillCam - ok
18:55:20.0754 1308        swenum          (7ba58ecf0c0a9a69d44b3dca62becf56) C:\Windows\system32\DRIVERS\swenum.sys
18:55:20.0769 1308        swenum - ok
18:55:20.0816 1308        Symc8xx        (192aa3ac01df071b541094f251deed10) C:\Windows\system32\drivers\symc8xx.sys
18:55:20.0832 1308        Symc8xx - ok
18:55:20.0863 1308        SymIMMP - ok
18:55:20.0910 1308        Sym_hi          (8c8eb8c76736ebaf3b13b633b2e64125) C:\Windows\system32\drivers\sym_hi.sys
18:55:20.0925 1308        Sym_hi - ok
18:55:21.0019 1308        Sym_u3          (8072af52b5fd103bbba387a1e49f62cb) C:\Windows\system32\drivers\sym_u3.sys
18:55:21.0035 1308        Sym_u3 - ok
18:55:21.0128 1308        Tcpip          (814a1c66fbd4e1b310a517221f1456bf) C:\Windows\system32\drivers\tcpip.sys
18:55:21.0253 1308        Tcpip - ok
18:55:21.0347 1308        Tcpip6          (814a1c66fbd4e1b310a517221f1456bf) C:\Windows\system32\DRIVERS\tcpip.sys
18:55:21.0393 1308        Tcpip6 - ok
18:55:21.0440 1308        tcpipreg        (608c345a255d82a6289c2d468eb41fd7) C:\Windows\system32\drivers\tcpipreg.sys
18:55:21.0503 1308        tcpipreg - ok
18:55:21.0581 1308        TDPIPE          (5dcf5e267be67a1ae926f2df77fbcc56) C:\Windows\system32\drivers\tdpipe.sys
18:55:21.0627 1308        TDPIPE - ok
18:55:21.0690 1308        TDTCP          (389c63e32b3cefed425b61ed92d3f021) C:\Windows\system32\drivers\tdtcp.sys
18:55:21.0752 1308        TDTCP - ok
18:55:21.0815 1308        tdx            (76b06eb8a01fc8624d699e7045303e54) C:\Windows\system32\DRIVERS\tdx.sys
18:55:21.0846 1308        tdx - ok
18:55:21.0939 1308        TermDD          (3cad38910468eab9a6479e2f01db43c7) C:\Windows\system32\DRIVERS\termdd.sys
18:55:21.0955 1308        TermDD - ok
18:55:22.0064 1308        tosporte        (8d624d3bd1f2d78bd1c01a2d4e954b4e) C:\Windows\system32\DRIVERS\tosporte.sys
18:55:22.0095 1308        tosporte - ok
18:55:22.0189 1308        tosrfbd        (399c5e4db7bdd5a83a7d26c96389b85a) C:\Windows\system32\DRIVERS\tosrfbd.sys
18:55:22.0220 1308        tosrfbd - ok
18:55:22.0267 1308        tosrfbnp        (181e217a7a326817d97946d045b3cb46) C:\Windows\system32\Drivers\tosrfbnp.sys
18:55:22.0314 1308        tosrfbnp - ok
18:55:22.0361 1308        Tosrfcom        (e90ace3b4fa7a85f992bc21eb779c407) C:\Windows\system32\Drivers\tosrfcom.sys
18:55:22.0407 1308        Tosrfcom - ok
18:55:22.0485 1308        Tosrfhid        (efc95c0dc6f96b228f58319776006548) C:\Windows\system32\DRIVERS\Tosrfhid.sys
18:55:22.0517 1308        Tosrfhid - ok
18:55:22.0563 1308        tosrfnds        (c52fd27b9adf3a1f22cb90e6bcf9b0cb) C:\Windows\system32\DRIVERS\tosrfnds.sys
18:55:22.0563 1308        tosrfnds - ok
18:55:22.0626 1308        TosRfSnd        (156d63f6898e4d95f2962f2b72862868) C:\Windows\system32\drivers\tosrfsnd.sys
18:55:22.0641 1308        TosRfSnd - ok
18:55:22.0704 1308        Tosrfusb        (98c04a6432ce9c2ad328f57b9384d348) C:\Windows\system32\DRIVERS\tosrfusb.sys
18:55:22.0766 1308        Tosrfusb - ok
18:55:22.0860 1308        tssecsrv        (dcf0f056a2e4f52287264f5ab29cf206) C:\Windows\system32\DRIVERS\tssecsrv.sys
18:55:22.0907 1308        tssecsrv - ok
18:55:22.0969 1308        tunmp          (caecc0120ac49e3d2f758b9169872d38) C:\Windows\system32\DRIVERS\tunmp.sys
18:55:23.0016 1308        tunmp - ok
18:55:23.0078 1308        tunnel          (300db877ac094feab0be7688c3454a9c) C:\Windows\system32\DRIVERS\tunnel.sys
18:55:23.0109 1308        tunnel - ok
18:55:23.0203 1308        uagp35          (7d33c4db2ce363c8518d2dfcf533941f) C:\Windows\system32\drivers\uagp35.sys
18:55:23.0219 1308        uagp35 - ok
18:55:23.0297 1308        udfs            (d9728af68c4c7693cb100b8441cbdec6) C:\Windows\system32\DRIVERS\udfs.sys
18:55:23.0328 1308        udfs - ok
18:55:23.0390 1308        uliagpkx        (b0acfdc9e4af279e9116c03e014b2b27) C:\Windows\system32\drivers\uliagpkx.sys
18:55:23.0406 1308        uliagpkx - ok
18:55:23.0468 1308        uliahci        (9224bb254f591de4ca8d572a5f0d635c) C:\Windows\system32\drivers\uliahci.sys
18:55:23.0484 1308        uliahci - ok
18:55:23.0562 1308        UlSata          (8514d0e5cd0534467c5fc61be94a569f) C:\Windows\system32\drivers\ulsata.sys
18:55:23.0577 1308        UlSata - ok
18:55:23.0640 1308        ulsata2        (38c3c6e62b157a6bc46594fada45c62b) C:\Windows\system32\drivers\ulsata2.sys
18:55:23.0655 1308        ulsata2 - ok
18:55:23.0687 1308        umbus          (32cff9f809ae9aed85464492bf3e32d2) C:\Windows\system32\DRIVERS\umbus.sys
18:55:23.0733 1308        umbus - ok
18:55:23.0811 1308        usbccgp        (caf811ae4c147ffcd5b51750c7f09142) C:\Windows\system32\DRIVERS\usbccgp.sys
18:55:23.0843 1308        usbccgp - ok
18:55:23.0936 1308        usbcir          (e9476e6c486e76bc4898074768fb7131) C:\Windows\system32\drivers\usbcir.sys
18:55:23.0999 1308        usbcir - ok
18:55:24.0061 1308        usbehci        (79e96c23a97ce7b8f14d310da2db0c9b) C:\Windows\system32\DRIVERS\usbehci.sys
18:55:24.0092 1308        usbehci - ok
18:55:24.0139 1308        usbhub          (4673bbcb006af60e7abddbe7a130ba42) C:\Windows\system32\DRIVERS\usbhub.sys
18:55:24.0186 1308        usbhub - ok
18:55:24.0264 1308        usbohci        (38dbc7dd6cc5a72011f187425384388b) C:\Windows\system32\drivers\usbohci.sys
18:55:24.0326 1308        usbohci - ok
18:55:24.0389 1308        usbprint        (e75c4b5269091d15a2e7dc0b6d35f2f5) C:\Windows\system32\DRIVERS\usbprint.sys
18:55:24.0420 1308        usbprint - ok
18:55:24.0482 1308        usbscan        (a508c9bd8724980512136b039bba65e9) C:\Windows\system32\DRIVERS\usbscan.sys
18:55:24.0498 1308        usbscan - ok
18:55:24.0560 1308        USBSTOR        (be3da31c191bc222d9ad503c5224f2ad) C:\Windows\system32\DRIVERS\USBSTOR.SYS
18:55:24.0607 1308        USBSTOR - ok
18:55:24.0669 1308        usbuhci        (814d653efc4d48be3b04a307eceff56f) C:\Windows\system32\DRIVERS\usbuhci.sys
18:55:24.0701 1308        usbuhci - ok
18:55:24.0779 1308        usbvideo        (e67998e8f14cb0627a769f6530bcb352) C:\Windows\system32\Drivers\usbvideo.sys
18:55:24.0825 1308        usbvideo - ok
18:55:25.0075 1308        vga            (87b06e1f30b749a114f74622d013f8d4) C:\Windows\system32\DRIVERS\vgapnp.sys
18:55:25.0122 1308        vga - ok
18:55:25.0325 1308        VgaSave        (2e93ac0a1d8c79d019db6c51f036636c) C:\Windows\System32\drivers\vga.sys
18:55:25.0356 1308        VgaSave - ok
18:55:25.0418 1308        viaagp          (5d7159def58a800d5781ba3a879627bc) C:\Windows\system32\drivers\viaagp.sys
18:55:25.0434 1308        viaagp - ok
18:55:25.0481 1308        ViaC7          (c4f3a691b5bad343e6249bd8c2d45dee) C:\Windows\system32\drivers\viac7.sys
18:55:25.0527 1308        ViaC7 - ok
18:55:25.0605 1308        viaide          (aadf5587a4063f52c2c3fed7887426fc) C:\Windows\system32\drivers\viaide.sys
18:55:25.0621 1308        viaide - ok
18:55:25.0668 1308        volmgr          (69503668ac66c77c6cd7af86fbdf8c43) C:\Windows\system32\drivers\volmgr.sys
18:55:25.0699 1308        volmgr - ok
18:55:25.0761 1308        volmgrx        (23e41b834759917bfd6b9a0d625d0c28) C:\Windows\system32\drivers\volmgrx.sys
18:55:25.0793 1308        volmgrx - ok
18:55:25.0855 1308        volsnap        (147281c01fcb1df9252de2a10d5e7093) C:\Windows\system32\drivers\volsnap.sys
18:55:25.0886 1308        volsnap - ok
18:55:25.0995 1308        vsmraid        (587253e09325e6bf226b299774b728a9) C:\Windows\system32\drivers\vsmraid.sys
18:55:26.0027 1308        vsmraid - ok
18:55:26.0105 1308        WacomPen        (48dfee8f1af7c8235d4e626f0c4fe031) C:\Windows\system32\drivers\wacompen.sys
18:55:26.0198 1308        WacomPen - ok
18:55:26.0245 1308        Wanarp          (55201897378cca7af8b5efd874374a26) C:\Windows\system32\DRIVERS\wanarp.sys
18:55:26.0307 1308        Wanarp - ok
18:55:26.0323 1308        Wanarpv6        (55201897378cca7af8b5efd874374a26) C:\Windows\system32\DRIVERS\wanarp.sys
18:55:26.0370 1308        Wanarpv6 - ok
18:55:26.0463 1308        Wd              (78fe9542363f297b18c027b2d7e7c07f) C:\Windows\system32\drivers\wd.sys
18:55:26.0479 1308        Wd - ok
18:55:26.0541 1308        Wdf01000        (b6f0a7ad6d4bd325fbcd8bac96cd8d96) C:\Windows\system32\drivers\Wdf01000.sys
18:55:26.0557 1308        Wdf01000 - ok
18:55:26.0666 1308        WmiAcpi        (2e7255d172df0b8283cdfb7b433b864e) C:\Windows\system32\DRIVERS\wmiacpi.sys
18:55:26.0697 1308        WmiAcpi - ok
18:55:26.0760 1308        ws2ifsl        (e3a3cb253c0ec2494d4a61f5e43a389c) C:\Windows\system32\drivers\ws2ifsl.sys
18:55:26.0807 1308        ws2ifsl - ok
18:55:26.0900 1308        WUDFRd          (ac13cb789d93412106b0fb6c7eb2bcb6) C:\Windows\system32\DRIVERS\WUDFRd.sys
18:55:26.0947 1308        WUDFRd - ok
18:55:26.0994 1308        MBR (0x1B8)    (64b1e91c5c6c2157642651010728f90f) \Device\Harddisk0\DR0
18:55:27.0197 1308        \Device\Harddisk0\DR0 - ok
18:55:27.0212 1308        Boot (0x1200)  (2adf07e6f5c89b3a220361c01ed5fd8b) \Device\Harddisk0\DR0\Partition0
18:55:27.0212 1308        \Device\Harddisk0\DR0\Partition0 - ok
18:55:27.0243 1308        Boot (0x1200)  (c220dcf6ed4c0e41b721a410a2640bee) \Device\Harddisk0\DR0\Partition1
18:55:27.0243 1308        \Device\Harddisk0\DR0\Partition1 - ok
18:55:27.0243 1308        ============================================================
18:55:27.0243 1308        Scan finished
18:55:27.0243 1308        ============================================================
18:55:27.0321 5000        Detected object count: 1
18:55:27.0321 5000        Actual detected object count: 1
18:55:44.0310 5000        CVPNDRVA ( UnsignedFile.Multi.Generic ) - skipped by user
18:55:44.0310 5000        CVPNDRVA ( UnsignedFile.Multi.Generic ) - User select action: Skip

cosinus 20.03.2012 19:02
Dann bitte jetzt CF ausführen:

ComboFix

Ein Leitfaden und Tutorium zur Nutzung von ComboFix
  • Schliesse alle Programme, vor allem dein Antivirenprogramm und andere Hintergrundwächter sowie deinen Internetbrowser.
  • Starte combofix.exe von deinem Desktop aus, bestätige die Warnmeldungen, führe die Updates durch (falls vorgeschlagen), installiere die Wiederherstellungskonsole (falls vorgeschlagen) und lass dein System durchsuchen.
    Vermeide es auch während Combofix läuft die Maus und Tastatur zu benutzen.
  • Im Anschluss öffnet sich automatisch eine combofix.txt, diesen Inhalt bitte kopieren ([Strg]a, [Strg]c) und in deinen Beitrag einfügen ([Strg]v). Die Datei findest du außerdem unter: C:\ComboFix.txt.
Wichtiger Hinweis:
Combofix darf ausschließlich ausgeführt werden, wenn ein Kompetenzler dies ausdrücklich empfohlen hat!

Es sollte nie auf eigene Initiative hin ausgeführt werden! Eine falsche Benutzung kann ernsthafte Computerprobleme nach sich ziehen und eine Bereinigung der Infektion noch erschweren.

Solltest du nach der Ausführung von Combofix Probleme beim Starten von Anwendungen haben und Meldungen erhalten wie

Zitat:
Es wurde versucht, einen Registrierungsschlüssel einem ungültigen Vorgang zu unterziehen, der zum Löschen markiert wurde.
startest du Windows dann manuell neu und die Fehlermeldungen sollten nicht mehr auftauchen.

rivkah 20.03.2012 19:53
Hier das ComboFix-log:

Code:
ComboFix 12-03-20.01 - Rebekka 20.03.2012  19:36:13.1.2 - x86
Microsoft® Windows Vista™ Home Premium  6.0.6002.2.1252.49.1031.18.2012.1165 [GMT 1:00]
ausgeführt von:: c:\users\Rebekka\Desktop\ComboFix.exe
SP: Rising Antivirus *Enabled/Updated* {7BCF0DB8-9DE1-28CB-0492-1ACCBDD46918}
SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
.
((((((((((((((((((((((((((((((((((((  Weitere Löschungen  ))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\program files\Setup.exe
c:\users\Rebekka\AppData\Roaming\Help\coredb\storage
c:\users\Rebekka\AppData\Roaming\Identities\{5F8910D1-29F9-4438-B3A5-4443112A1DF2}\LicenseValidator.exe
c:\windows\system32\AF15BDAEX.dll
c:\windows\system32\ReadMe.txt
.
.
(((((((((((((((((((((((  Dateien erstellt von 2012-02-20 bis 2012-03-20  ))))))))))))))))))))))))))))))
.
.
2012-03-20 15:55 . 2012-02-08 06:03        6552120        ----a-w-        c:\programdata\Microsoft\Windows Defender\Definition Updates\{63EF47C7-757A-446C-9661-1E6C8B7C9B55}\mpengine.dll
2012-03-20 15:48 . 2012-03-20 18:21        --------        d-----r-        C:\RavBin
2012-03-20 15:43 . 2012-03-20 15:43        --------        d-----w-        C:\_OTL
2012-03-19 16:50 . 2012-03-19 16:50        --------        d-----w-        c:\users\Rebekka\AppData\Roaming\Windows Search
2012-03-18 15:31 . 2012-03-18 15:31        --------        d-----w-        c:\users\Rebekka\AppData\Roaming\Apple
2012-03-18 13:19 . 2012-03-18 13:19        --------        d-----w-        c:\users\Rebekka\AppData\Roaming\Malwarebytes
2012-03-18 13:18 . 2012-03-18 13:18        --------        d-----w-        c:\programdata\Malwarebytes
2012-03-18 13:18 . 2011-12-10 14:24        20464        ----a-w-        c:\windows\system32\drivers\mbam.sys
2012-03-18 13:18 . 2012-03-18 13:18        --------        d-----w-        c:\program files\Malwarebytes' Anti-Malware
2012-03-16 15:34 . 2012-03-16 15:34        --------        d-----w-        c:\program files\7-Zip
2012-03-16 14:17 . 2012-03-16 14:17        --------        d-----w-        c:\users\Rebekka\AppData\Roaming\f-secure
2012-03-16 14:16 . 2012-03-16 14:16        --------        d-----w-        c:\programdata\F-Secure
2012-03-16 11:37 . 2012-03-16 11:37        --------        d-----w-        c:\program files\ESET
2012-03-15 12:17 . 2012-03-15 12:17        --------        d-----w-        c:\programdata\Kaspersky Lab
2012-03-14 22:08 . 2010-10-24 05:06        598528        ----a-w-        c:\windows\system32\ztv7z.dll
2012-03-14 22:08 . 2005-08-25 23:50        77312        ----a-w-        c:\windows\system32\ztvunace26.dll
2012-03-14 22:08 . 2010-10-24 05:06        178176        ----a-w-        c:\windows\system32\ztvunrar39.dll
2012-03-14 22:08 . 2006-06-19 11:01        69632        ----a-w-        c:\windows\system32\ztvcabinet.dll
2012-03-14 22:08 . 2006-05-25 13:52        162304        ----a-w-        c:\windows\system32\ztvunrar36.dll
2012-03-14 22:08 . 2003-02-02 18:06        153088        ----a-w-        c:\windows\system32\UNRAR3.dll
2012-03-14 22:08 . 2002-03-05 23:00        75264        ----a-w-        c:\windows\system32\unacev2.dll
2012-03-14 22:08 . 2012-03-14 22:08        --------        d-----w-        c:\program files\Trojan Remover
2012-03-14 22:08 . 2012-03-14 22:08        --------        d-----w-        c:\users\Rebekka\AppData\Roaming\Simply Super Software
2012-03-14 22:08 . 2012-03-14 22:08        --------        d-----w-        c:\programdata\Simply Super Software
2012-03-14 15:26 . 2012-02-02 15:16        2044416        ----a-w-        c:\windows\system32\win32k.sys
2012-03-14 15:26 . 2012-01-09 15:54        613376        ----a-w-        c:\windows\system32\rdpencom.dll
2012-03-14 15:26 . 2012-01-09 13:58        180736        ----a-w-        c:\windows\system32\drivers\rdpwd.sys
2012-03-14 00:09 . 2012-03-14 00:09        --------        d-----w-        c:\users\Rebekka\AppData\Roaming\Template
2012-03-07 21:16 . 2012-03-07 21:16        --------        d-----w-        c:\users\Rebekka\AppData\Roaming\Google Inc
2012-03-06 21:39 . 2012-03-06 21:39        --------        d-----w-        c:\users\Rebekka\AppData\Roaming\ICQ
2012-03-03 18:32 . 2012-03-03 18:32        --------        d-----w-        c:\users\Rebekka\AppData\Roaming\TeamViewer
.
.
.
((((((((((((((((((((((((((((((((((((  Find3M Bericht  ))))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2012-02-23 08:18 . 2009-10-25 10:54        237072        ------w-        c:\windows\system32\MpSigStub.exe
2011-12-24 23:17 . 2011-12-24 23:17        255352        ----a-w-        c:\windows\system32\awrdscdc.ax
2009-08-20 08:43 . 2009-08-20 08:43        9819136        ----a-w-        c:\program files\openofficeorg31.msi
2002-03-11 09:06 . 2002-03-11 09:06        1822520        ----a-w-        c:\program files\instmsiw.exe
2002-03-11 08:45 . 2002-03-11 08:45        1708856        ----a-w-        c:\program files\instmsia.exe
2012-03-13 04:38 . 2012-03-14 22:49        97208        ----a-w-        c:\program files\mozilla firefox\components\browsercomps.dll
.
.
((((((((((((((((((((((((((((  Autostartpunkte der Registrierung  ))))))))))))))))))))))))))))))))))))))))
.
.
*Hinweis* leere Einträge & legitime Standardeinträge werden nicht angezeigt.
REGEDIT4
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Sidebar"="c:\program files\Windows Sidebar\sidebar.exe" [2009-04-11 1233920]
"ehTray.exe"="c:\windows\ehome\ehTray.exe" [2008-01-21 125952]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"RtHDVCpl"="RtHDVCpl.exe" [2008-07-23 6253088]
"SMSERIAL"="c:\program files\Motorola\SMSERIAL\sm56hlpr.exe" [2007-01-17 634880]
"ITSecMng"="c:\program files\TOSHIBA\Bluetooth Toshiba Stack\ItSecMng.exe" [2007-09-28 75136]
"MGSysCtrl"="c:\program files\System Control Manager\MGSysCtrl.exe" [2008-08-27 708608]
"Skytel"="Skytel.exe" [2008-07-23 1833504]
"IgfxTray"="c:\windows\system32\igfxtray.exe" [2010-08-25 136216]
"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2010-08-25 171032]
"Persistence"="c:\windows\system32\igfxpers.exe" [2010-08-25 170520]
.
c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
Bluetooth Manager.lnk - c:\program files\Toshiba\Bluetooth Toshiba Stack\TosBtMng.exe [2008-2-22 2938184]
HP Digital Imaging Monitor.lnk - c:\program files\HP\Digital Imaging\bin\hpqtra08.exe [2007-10-14 214360]
VPN Client.lnk - c:\windows\Installer\{1CE60928-8325-49A8-8B06-633E48DD2B67}\Icon3E5562ED7.ico [2011-11-4 6144]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"EnableUIADesktopToggle"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"aux"=wdmaud.drv
.
[HKLM\~\startupfolder\C:^Users^Rebekka^AppData^Roaming^Microsoft^Windows^Start Menu^Programs^Startup^OneNote 2007 Bildschirmausschnitt- und Startprogramm.lnk]
path=c:\users\Rebekka\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\OneNote 2007 Bildschirmausschnitt- und Startprogramm.lnk
backup=c:\windows\pss\OneNote 2007 Bildschirmausschnitt- und Startprogramm.lnk.Startup
backupExtension=.Startup
.
[HKLM\~\startupfolder\C:^Users^Rebekka^AppData^Roaming^Microsoft^Windows^Start Menu^Programs^Startup^OpenOffice.org 3.1.lnk]
path=c:\users\Rebekka\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\OpenOffice.org 3.1.lnk
backup=c:\windows\pss\OpenOffice.org 3.1.lnk.Startup
backupExtension=.Startup
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\iTunesHelper]
2011-07-19 16:29        421736        ----a-w-        c:\program files\iTunes\iTunesHelper.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]
2010-11-29 15:38        421888        ----a-w-        c:\program files\QuickTime\QTTask.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\TrojanScanner]
2012-01-23 13:12        1238800        ----a-w-        c:\program files\Trojan Remover\Trjscan.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring]
"DisableMonitoring"=dword:00000001
.
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus]
"DisableMonitoring"=dword:00000001
.
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecFirewall]
"DisableMonitoring"=dword:00000001
.
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Svc]
"AntiVirusOverride"=dword:00000001
"AntiSpywareOverride"=dword:00000001
.
--- Andere Dienste/Treiber im Speicher ---
.
*NewlyCreated* - WS2IFSL
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
HPZ12        REG_MULTI_SZ          Pml Driver HPZ12 Net Driver HPZ12
hpdevmgmt        REG_MULTI_SZ          hpqcxs08 hpqddsvc
.
.
------- Zusätzlicher Suchlauf -------
.
uStart Page =
uInternet Settings,ProxyOverride = *.local
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~2\Office12\EXCEL.EXE/3000
TCP: DhcpNameServer = 192.168.2.1
FF - ProfilePath - c:\users\Rebekka\AppData\Roaming\Mozilla\Firefox\Profiles\gsyu7wrg.default\
.
- - - - Entfernte verwaiste Registrierungseinträge - - - -
.
HKCU-Run-LicenseValidator - c:\users\Rebekka\AppData\Roaming\Identities\{5F8910D1-29F9-4438-B3A5-4443112A1DF2}\LicenseValidator.exe
.
.
.
**************************************************************************
.
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, hxxp://www.gmer.net
Rootkit scan 2012-03-20 19:43
Windows 6.0.6002 Service Pack 2 NTFS
.
Scanne versteckte Prozesse...
.
Scanne versteckte Autostarteinträge...
.
Scanne versteckte Dateien...
.
Scan erfolgreich abgeschlossen
versteckte Dateien: 0
.
**************************************************************************
.
--------------------- Gesperrte Registrierungsschluessel ---------------------
.
[HKEY_USERS\S-1-5-21-2882153462-3320562554-2162167854-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.*(ð]
@Class="Shell"
@Allowed: (Read) (RestrictedCode)
.
[HKEY_USERS\S-1-5-21-2882153462-3320562554-2162167854-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.*(ð\OpenWithList]
@Class="Shell"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
"MSCurrentCountry"=dword:000000b5
.
Zeit der Fertigstellung: 2012-03-20  19:45:40
ComboFix-quarantined-files.txt  2012-03-20 18:45
.
Vor Suchlauf: 4.818.436.096 Bytes frei
Nach Suchlauf: 4.644.921.344 Bytes frei
.
- - End Of File - - F692A3D46DE614482EB9454C168A7002

cosinus 21.03.2012 14:34
Ok. Bitte nun Logs mit GMER und OSAM erstellen und posten.
GMER stürzt häufiger ab, wenn das Tool auch beim 2. Mal nicht will, lass es einfach weg und führ nur OSAM aus - die Online-Abfrage durch OSAM bitte überspringen.
Bei OSAM bitte darauf auch achten, dass Du das Log auch als *.log und nicht *.html oder so abspeicherst.

Hinweis: Zum Entpacken von OSAM bitte WinRAR oder 7zip verwenden! Stell auch unbedingt den Virenscanner ab, besonders der Scanner von McAfee meldet oft einen Fehalarm in OSAM!

Downloade dir bitte aswMBR.exe und speichere die Datei auf deinem Desktop.
  • Starte die aswMBR.exe - (aswMBR.exe Anleitung)
    Ab Windows Vista (oder höher) bitte mit Rechtsklick "als Administrator ausführen" starten".
  • Das Tool wird dich fragen, ob Du mit der aktuellen Virendefinition von AVAST! dein System scannen willst. Beantworte diese Frage bitte mit Ja. (Sollte deine Firewall fragen, bitte den Zugriff auf das Internet zulassen )
    Der Download der Definitionen kann je nach Verbindung eine Weile dauern.
  • Klicke auf Scan.
  • Warte bitte bis Scan finished successfully im DOS-Fenster steht.
  • Drücke auf Save Log und speichere diese auf dem Desktop.
Poste mir die aswMBR.txt in deiner nächsten Antwort.

Wichtig: Drücke keinesfalls einen der Fix Buttons ohne Anweisung

Hinweis: Sollte der Scan Button ausgeblendet sein, schließe das Tool und starte es erneut. Sollte der Scan abbrechen und das Programm abstürzen, dann teile mir das mit und wähle unter AV Scan die Einstellung (none).

rivkah 21.03.2012 22:09
Hier das Gmer- Log:

Code:
GMER 1.0.15.15641 - hxxp://www.gmer.net
Rootkit scan 2012-03-21 19:03:49
Windows 6.0.6002 Service Pack 2 Harddisk0\DR0 -> \Device\Ide\IdeDeviceP0T0L0-0 FUJITSU_MHZ2250BH_G2 rev.00000009
Running: bhllslvu.exe; Driver: C:\Users\Rebekka\AppData\Local\Temp\uxdiqfog.sys


---- System - GMER 1.0.15 ----

SSDT            \??\C:\Windows\system32\drivers\HOOKHELP.sys                                                          ZwAlpcSendWaitReceivePort [0xAA604977]
SSDT            \??\C:\Windows\system32\drivers\HOOKHELP.sys                                                          ZwAssignProcessToJobObject [0xAA6048D2]
SSDT            \??\C:\Windows\system32\drivers\HOOKHELP.sys                                                          ZwCreateKey [0xAA604A7F]
SSDT            \??\C:\Windows\system32\drivers\HOOKHELP.sys                                                          ZwCreateMutant [0xAA604956]
SSDT            \??\C:\Windows\system32\drivers\HOOKHELP.sys                                                          ZwCreateSection [0xAA604EC0]
SSDT            \??\C:\Windows\system32\drivers\HOOKHELP.sys                                                          ZwCreateSymbolicLinkObject [0xAA604A5E]
SSDT            \??\C:\Windows\system32\drivers\HOOKHELP.sys                                                          ZwCreateThread [0xAA6046E3]
SSDT            \??\C:\Windows\system32\drivers\HOOKHELP.sys                                                          ZwDebugActiveProcess [0xAA60484E]
SSDT            \??\C:\Windows\system32\drivers\HOOKHELP.sys                                                          ZwDeleteKey [0xAA604AE2]
SSDT            \??\C:\Windows\system32\drivers\HOOKHELP.sys                                                          ZwDeleteValueKey [0xAA604AC1]
SSDT            \??\C:\Windows\system32\drivers\HOOKHELP.sys                                                          ZwDeviceIoControlFile [0xAA6048F3]
SSDT            \??\C:\Windows\system32\drivers\HOOKHELP.sys                                                          ZwDuplicateObject [0xAA604A1C]
SSDT            \??\C:\Windows\system32\drivers\HOOKHELP.sys                                                          ZwLoadDriver [0xAA6046A1]
SSDT            \??\C:\Windows\system32\drivers\HOOKHELP.sys                                                          ZwLockVirtualMemory [0xAA60480C]
SSDT            \??\C:\Windows\system32\drivers\HOOKHELP.sys                                                          ZwOpenKey [0xAA604B66]
SSDT            \??\C:\Windows\system32\drivers\HOOKHELP.sys                                                          ZwOpenProcess [0xAA6049B9]
SSDT            \??\C:\Windows\system32\drivers\HOOKHELP.sys                                                          ZwOpenSection [0xAA604725]
SSDT            \??\C:\Windows\system32\drivers\HOOKHELP.sys                                                          ZwProtectVirtualMemory [0xAA6047EB]
SSDT            \??\C:\Windows\system32\drivers\HOOKHELP.sys                                                          ZwQueryDirectoryFile [0xAA604935]
SSDT            \??\C:\Windows\system32\drivers\HOOKHELP.sys                                                          ZwQuerySystemInformation [0xAA6049FB]
SSDT            \??\C:\Windows\system32\drivers\HOOKHELP.sys                                                          ZwQueryValueKey [0xAA6048B1]
SSDT            \??\C:\Windows\system32\drivers\HOOKHELP.sys                                                          ZwQueueApcThread [0xAA6047CA]
SSDT            \??\C:\Windows\system32\drivers\HOOKHELP.sys                                                          ZwRenameKey [0xAA604B03]
SSDT            \??\C:\Windows\system32\drivers\HOOKHELP.sys                                                          ZwRequestWaitReplyPort [0xAA604890]
SSDT            \??\C:\Windows\system32\drivers\HOOKHELP.sys                                                          ZwRestoreKey [0xAA604B45]
SSDT            \??\C:\Windows\system32\drivers\HOOKHELP.sys                                                          ZwSetContextThread [0xAA604788]
SSDT            \??\C:\Windows\system32\drivers\HOOKHELP.sys                                                          ZwSetInformationProcess [0xAA6049DA]
SSDT            \??\C:\Windows\system32\drivers\HOOKHELP.sys                                                          ZwSetSecurityObject [0xAA604B24]
SSDT            \??\C:\Windows\system32\drivers\HOOKHELP.sys                                                          ZwSetSystemInformation [0xAA60482D]
SSDT            \??\C:\Windows\system32\drivers\HOOKHELP.sys                                                          ZwSetSystemTime [0xAA604914]
SSDT            \??\C:\Windows\system32\drivers\HOOKHELP.sys                                                          ZwSetValueKey [0xAA604AA0]
SSDT            \??\C:\Windows\system32\drivers\HOOKHELP.sys                                                          ZwSuspendProcess [0xAA6047A9]
SSDT            \??\C:\Windows\system32\drivers\HOOKHELP.sys                                                          ZwSuspendThread [0xAA604767]
SSDT            \??\C:\Windows\system32\drivers\HOOKHELP.sys                                                          ZwSystemDebugControl [0xAA60486F]
SSDT            \??\C:\Windows\system32\drivers\HOOKHELP.sys                                                          ZwTerminateProcess [0xAA604680]
SSDT            \??\C:\Windows\system32\drivers\HOOKHELP.sys                                                          ZwTerminateThread [0xAA604746]
SSDT            \??\C:\Windows\system32\drivers\HOOKHELP.sys                                                          ZwUnmapViewOfSection [0xAA604998]
SSDT            \??\C:\Windows\system32\drivers\HOOKHELP.sys                                                          ZwWriteVirtualMemory [0xAA6046C2]
SSDT            \??\C:\Windows\system32\drivers\HOOKHELP.sys                                                          ZwCreateThreadEx [0xAA604704]
SSDT            \??\C:\Windows\system32\drivers\HOOKHELP.sys                                                          ZwCreateUserProcess [0xAA604A3D]

Code            \??\C:\Windows\system32\drivers\HOOKHELP.sys                                                          ObReferenceObjectByHandle

---- Kernel code sections - GMER 1.0.15 ----

.text          ntkrnlpa.exe!KeSetEvent + 181                                                                          820EE904 4 Bytes  [77, 49, 60, AA] {JA 0x4b; PUSHA ; STOSB }
.text          ntkrnlpa.exe!KeSetEvent + 191                                                                          820EE914 4 Bytes  [D2, 48, 60, AA] {ROR BYTE [EAX+0x60], CL; STOSB }
.text          ntkrnlpa.exe!KeSetEvent + 1E9                                                                          820EE96C 4 Bytes  [7F, 4A, 60, AA] {JG 0x4c; PUSHA ; STOSB }
.text          ntkrnlpa.exe!KeSetEvent + 1F5                                                                          820EE978 4 Bytes  [56, 49, 60, AA] {PUSH ESI; DEC ECX; PUSHA ; STOSB }
.text          ntkrnlpa.exe!KeSetEvent + 215                                                                          820EE998 4 Bytes  [C0, 4E, 60, AA] {ROR BYTE [ESI+0x60], 0xaa}
.text          ...                                                                                                   
PAGE            ntkrnlpa.exe!ObReferenceObjectByHandle                                                                8226FF40 5 Bytes  JMP AA605FF8 \??\C:\Windows\system32\drivers\HOOKHELP.sys

---- User code sections - GMER 1.0.15 ----

.text          C:\Windows\RtHDVCpl.exe[880] kernel32.dll!CreateProcessW                                              77051BF3 5 Bytes  JMP 02741642
.text          C:\Windows\RtHDVCpl.exe[880] kernel32.dll!CreateProcessA                                              77051C28 1 Byte  [E9]
.text          C:\Windows\RtHDVCpl.exe[880] kernel32.dll!CreateProcessA                                              77051C28 5 Bytes  JMP 0274152C
.text          C:\Windows\RtHDVCpl.exe[880] ADVAPI32.dll!CreateProcessAsUserA                                        7713CEB9 5 Bytes  JMP 02741758
.text          C:\Windows\RtHDVCpl.exe[880] ADVAPI32.dll!CreateProcessAsUserW                                        77151EE9 5 Bytes  JMP 02741871
.text          C:\Program Files\Windows Sidebar\sidebar.exe[1124] kernel32.dll!CreateProcessW                        77051BF3 5 Bytes  JMP 04EB1642
.text          C:\Program Files\Windows Sidebar\sidebar.exe[1124] kernel32.dll!CreateProcessA                        77051C28 1 Byte  [E9]
.text          C:\Program Files\Windows Sidebar\sidebar.exe[1124] kernel32.dll!CreateProcessA                        77051C28 5 Bytes  JMP 04EB152C
.text          C:\Program Files\Windows Sidebar\sidebar.exe[1124] ADVAPI32.dll!CreateProcessAsUserA                  7713CEB9 5 Bytes  JMP 04EB1758
.text          C:\Program Files\Windows Sidebar\sidebar.exe[1124] ADVAPI32.dll!CreateProcessAsUserW                  77151EE9 5 Bytes  JMP 04EB1871
.text          C:\Windows\Explorer.EXE[1280] kernel32.dll!CreateProcessW                                              77051BF3 5 Bytes  JMP 06291642
.text          C:\Windows\Explorer.EXE[1280] kernel32.dll!CreateProcessA                                              77051C28 1 Byte  [E9]
.text          C:\Windows\Explorer.EXE[1280] kernel32.dll!CreateProcessA                                              77051C28 5 Bytes  JMP 0629152C
.text          C:\Windows\Explorer.EXE[1280] ADVAPI32.dll!CreateProcessAsUserA                                        7713CEB9 5 Bytes  JMP 06291758
.text          C:\Windows\Explorer.EXE[1280] ADVAPI32.dll!CreateProcessAsUserW                                        77151EE9 5 Bytes  JMP 06291871
.text          C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosBtHsp.exe[1548] kernel32.dll!CreateProcessW        77051BF3 5 Bytes  JMP 02791642
.text          C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosBtHsp.exe[1548] kernel32.dll!CreateProcessA        77051C28 1 Byte  [E9]
.text          C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosBtHsp.exe[1548] kernel32.dll!CreateProcessA        77051C28 5 Bytes  JMP 0279152C
.text          C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosBtHsp.exe[1548] ADVAPI32.dll!CreateProcessAsUserA  7713CEB9 5 Bytes  JMP 02791758
.text          C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosBtHsp.exe[1548] ADVAPI32.dll!CreateProcessAsUserW  77151EE9 5 Bytes  JMP 02791871
.text          C:\Program Files\HP\Digital Imaging\bin\hpqgpc01.exe[1572] kernel32.dll!CreateProcessW                77051BF3 5 Bytes  JMP 01B31642
.text          C:\Program Files\HP\Digital Imaging\bin\hpqgpc01.exe[1572] kernel32.dll!CreateProcessA                77051C28 1 Byte  [E9]
.text          C:\Program Files\HP\Digital Imaging\bin\hpqgpc01.exe[1572] kernel32.dll!CreateProcessA                77051C28 5 Bytes  JMP 01B3152C
.text          C:\Program Files\HP\Digital Imaging\bin\hpqgpc01.exe[1572] ADVAPI32.dll!CreateProcessAsUserA          7713CEB9 5 Bytes  JMP 01B31758
.text          C:\Program Files\HP\Digital Imaging\bin\hpqgpc01.exe[1572] ADVAPI32.dll!CreateProcessAsUserW          77151EE9 5 Bytes  JMP 01B31871
.text          C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosA2dp.exe[1656] kernel32.dll!CreateProcessW        77051BF3 5 Bytes  JMP 01CA1642
.text          C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosA2dp.exe[1656] kernel32.dll!CreateProcessA        77051C28 1 Byte  [E9]
.text          C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosA2dp.exe[1656] kernel32.dll!CreateProcessA        77051C28 5 Bytes  JMP 01CA152C
.text          C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosA2dp.exe[1656] ADVAPI32.dll!CreateProcessAsUserA  7713CEB9 5 Bytes  JMP 01CA1758
.text          C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosA2dp.exe[1656] ADVAPI32.dll!CreateProcessAsUserW  77151EE9 5 Bytes  JMP 01CA1871
.text          C:\Windows\system32\Dwm.exe[2060] kernel32.dll!CreateProcessW                                          77051BF3 5 Bytes  JMP 05601642
.text          C:\Windows\system32\Dwm.exe[2060] kernel32.dll!CreateProcessA                                          77051C28 1 Byte  [E9]
.text          C:\Windows\system32\Dwm.exe[2060] kernel32.dll!CreateProcessA                                          77051C28 5 Bytes  JMP 0560152C
.text          C:\Windows\system32\Dwm.exe[2060] ADVAPI32.dll!CreateProcessAsUserA                                    7713CEB9 5 Bytes  JMP 05601758
.text          C:\Windows\system32\Dwm.exe[2060] ADVAPI32.dll!CreateProcessAsUserW                                    77151EE9 5 Bytes  JMP 05601871
.text          C:\Windows\ehome\ehtray.exe[2204] kernel32.dll!CreateProcessW                                          77051BF3 5 Bytes  JMP 01F21642
.text          C:\Windows\ehome\ehtray.exe[2204] kernel32.dll!CreateProcessA                                          77051C28 1 Byte  [E9]
.text          C:\Windows\ehome\ehtray.exe[2204] kernel32.dll!CreateProcessA                                          77051C28 5 Bytes  JMP 01F2152C
.text          C:\Windows\ehome\ehtray.exe[2204] ADVAPI32.dll!CreateProcessAsUserA                                    7713CEB9 5 Bytes  JMP 01F21758
.text          C:\Windows\ehome\ehtray.exe[2204] ADVAPI32.dll!CreateProcessAsUserW                                    77151EE9 5 Bytes  JMP 01F21871
.text          C:\Windows\System32\igfxpers.exe[2260] kernel32.dll!CreateProcessW                                    77051BF3 5 Bytes  JMP 02501642
.text          C:\Windows\System32\igfxpers.exe[2260] kernel32.dll!CreateProcessA                                    77051C28 1 Byte  [E9]
.text          C:\Windows\System32\igfxpers.exe[2260] kernel32.dll!CreateProcessA                                    77051C28 5 Bytes  JMP 0250152C
.text          C:\Windows\System32\igfxpers.exe[2260] ADVAPI32.dll!CreateProcessAsUserA                              7713CEB9 5 Bytes  JMP 02501758
.text          C:\Windows\System32\igfxpers.exe[2260] ADVAPI32.dll!CreateProcessAsUserW                              77151EE9 5 Bytes  JMP 02501871
.text          C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosBtMng.exe[2288] kernel32.dll!CreateProcessW        77051BF3 5 Bytes  JMP 02A01642
.text          C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosBtMng.exe[2288] kernel32.dll!CreateProcessA        77051C28 1 Byte  [E9]
.text          C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosBtMng.exe[2288] kernel32.dll!CreateProcessA        77051C28 5 Bytes  JMP 02A0152C
.text          C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosBtMng.exe[2288] ADVAPI32.dll!CreateProcessAsUserA  7713CEB9 5 Bytes  JMP 02A01758
.text          C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosBtMng.exe[2288] ADVAPI32.dll!CreateProcessAsUserW  77151EE9 5 Bytes  JMP 02A01871
.text          C:\Program Files\Rising\RSD\popwndexe.exe[2376] kernel32.dll!CreateProcessW                            77051BF3 5 Bytes  JMP 01E01642
.text          C:\Program Files\Rising\RSD\popwndexe.exe[2376] kernel32.dll!CreateProcessA                            77051C28 1 Byte  [E9]
.text          C:\Program Files\Rising\RSD\popwndexe.exe[2376] kernel32.dll!CreateProcessA                            77051C28 5 Bytes  JMP 01E0152C
.text          C:\Program Files\Rising\RSD\popwndexe.exe[2376] ADVAPI32.dll!CreateProcessAsUserA                      7713CEB9 5 Bytes  JMP 01E01758
.text          C:\Program Files\Rising\RSD\popwndexe.exe[2376] ADVAPI32.dll!CreateProcessAsUserW                      77151EE9 5 Bytes  JMP 01E01871
.text          C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosBtHid.exe[2556] kernel32.dll!CreateProcessW        77051BF3 5 Bytes  JMP 015F1642
.text          C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosBtHid.exe[2556] kernel32.dll!CreateProcessA        77051C28 1 Byte  [E9]
.text          C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosBtHid.exe[2556] kernel32.dll!CreateProcessA        77051C28 5 Bytes  JMP 015F152C
.text          C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosBtHid.exe[2556] ADVAPI32.dll!CreateProcessAsUserA  7713CEB9 5 Bytes  JMP 015F1758
.text          C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosBtHid.exe[2556] ADVAPI32.dll!CreateProcessAsUserW  77151EE9 5 Bytes  JMP 015F1871
.text          C:\Windows\system32\taskeng.exe[2600] kernel32.dll!CreateProcessW                                      77051BF3 5 Bytes  JMP 029B1642
.text          C:\Windows\system32\taskeng.exe[2600] kernel32.dll!CreateProcessA                                      77051C28 1 Byte  [E9]
.text          C:\Windows\system32\taskeng.exe[2600] kernel32.dll!CreateProcessA                                      77051C28 5 Bytes  JMP 029B152C
.text          C:\Windows\system32\taskeng.exe[2600] ADVAPI32.dll!CreateProcessAsUserA                                7713CEB9 5 Bytes  JMP 029B1758
.text          C:\Windows\system32\taskeng.exe[2600] ADVAPI32.dll!CreateProcessAsUserW                                77151EE9 5 Bytes  JMP 029B1871
.text          C:\PROGRAM FILES\RISING\RAV\RSTRAY.EXE[2672] kernel32.dll!CreateProcessW                              77051BF3 5 Bytes  JMP 01E21642
.text          C:\PROGRAM FILES\RISING\RAV\RSTRAY.EXE[2672] kernel32.dll!CreateProcessA                              77051C28 1 Byte  [E9]
.text          C:\PROGRAM FILES\RISING\RAV\RSTRAY.EXE[2672] kernel32.dll!CreateProcessA                              77051C28 5 Bytes  JMP 01E2152C
.text          C:\PROGRAM FILES\RISING\RAV\RSTRAY.EXE[2672] ADVAPI32.dll!CreateProcessAsUserA                        7713CEB9 5 Bytes  JMP 01E21758
.text          C:\PROGRAM FILES\RISING\RAV\RSTRAY.EXE[2672] ADVAPI32.dll!CreateProcessAsUserW                        77151EE9 5 Bytes  JMP 01E21871
.text          C:\Windows\System32\hkcmd.exe[2688] kernel32.dll!CreateProcessW                                        77051BF3 5 Bytes  JMP 01F31642
.text          C:\Windows\System32\hkcmd.exe[2688] kernel32.dll!CreateProcessA                                        77051C28 1 Byte  [E9]
.text          C:\Windows\System32\hkcmd.exe[2688] kernel32.dll!CreateProcessA                                        77051C28 5 Bytes  JMP 01F3152C
.text          C:\Windows\System32\hkcmd.exe[2688] ADVAPI32.dll!CreateProcessAsUserA                                  7713CEB9 5 Bytes  JMP 01F31758
.text          C:\Windows\System32\hkcmd.exe[2688] ADVAPI32.dll!CreateProcessAsUserW                                  77151EE9 5 Bytes  JMP 01F31871
.text          C:\Program Files\Motorola\SMSERIAL\sm56hlpr.exe[2700] kernel32.dll!CreateProcessW                      77051BF3 5 Bytes  JMP 02341642
.text          C:\Program Files\Motorola\SMSERIAL\sm56hlpr.exe[2700] kernel32.dll!CreateProcessA                      77051C28 1 Byte  [E9]
.text          C:\Program Files\Motorola\SMSERIAL\sm56hlpr.exe[2700] kernel32.dll!CreateProcessA                      77051C28 5 Bytes  JMP 0234152C
.text          C:\Program Files\Motorola\SMSERIAL\sm56hlpr.exe[2700] ADVAPI32.dll!CreateProcessAsUserA                7713CEB9 5 Bytes  JMP 02341758
.text          C:\Program Files\Motorola\SMSERIAL\sm56hlpr.exe[2700] ADVAPI32.dll!CreateProcessAsUserW                77151EE9 5 Bytes  JMP 02341871
.text          C:\Program Files\System Control Manager\MGSysCtrl.exe[2708] kernel32.dll!CreateProcessW                77051BF3 5 Bytes  JMP 01E31642
.text          C:\Program Files\System Control Manager\MGSysCtrl.exe[2708] kernel32.dll!CreateProcessA                77051C28 1 Byte  [E9]
.text          C:\Program Files\System Control Manager\MGSysCtrl.exe[2708] kernel32.dll!CreateProcessA                77051C28 5 Bytes  JMP 01E3152C
.text          C:\Program Files\System Control Manager\MGSysCtrl.exe[2708] ADVAPI32.dll!CreateProcessAsUserA          7713CEB9 5 Bytes  JMP 01E31758
.text          C:\Program Files\System Control Manager\MGSysCtrl.exe[2708] ADVAPI32.dll!CreateProcessAsUserW          77151EE9 5 Bytes  JMP 01E31871
.text          C:\Program Files\HP\Digital Imaging\bin\hpqbam08.exe[2728] kernel32.dll!CreateProcessW                77051BF3 5 Bytes  JMP 003A1642
.text          C:\Program Files\HP\Digital Imaging\bin\hpqbam08.exe[2728] kernel32.dll!CreateProcessA                77051C28 1 Byte  [E9]
.text          C:\Program Files\HP\Digital Imaging\bin\hpqbam08.exe[2728] kernel32.dll!CreateProcessA                77051C28 5 Bytes  JMP 003A152C
.text          C:\Program Files\HP\Digital Imaging\bin\hpqbam08.exe[2728] ADVAPI32.dll!CreateProcessAsUserA          7713CEB9 5 Bytes  JMP 003A1758
.text          C:\Program Files\HP\Digital Imaging\bin\hpqbam08.exe[2728] ADVAPI32.dll!CreateProcessAsUserW          77151EE9 5 Bytes  JMP 003A1871
.text          C:\Windows\system32\igfxsrvc.exe[3092] kernel32.dll!CreateProcessW                                    77051BF3 5 Bytes  JMP 02501642
.text          C:\Windows\system32\igfxsrvc.exe[3092] kernel32.dll!CreateProcessA                                    77051C28 1 Byte  [E9]
.text          C:\Windows\system32\igfxsrvc.exe[3092] kernel32.dll!CreateProcessA                                    77051C28 5 Bytes  JMP 0250152C
.text          C:\Windows\system32\igfxsrvc.exe[3092] ADVAPI32.dll!CreateProcessAsUserA                              7713CEB9 5 Bytes  JMP 02501758
.text          C:\Windows\system32\igfxsrvc.exe[3092] ADVAPI32.dll!CreateProcessAsUserW                              77151EE9 5 Bytes  JMP 02501871
.text          C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe[3144] kernel32.dll!CreateProcessW                77051BF3 5 Bytes  JMP 01731642
.text          C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe[3144] kernel32.dll!CreateProcessA                77051C28 1 Byte  [E9]
.text          C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe[3144] kernel32.dll!CreateProcessA                77051C28 5 Bytes  JMP 0173152C
.text          C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe[3144] ADVAPI32.dll!CreateProcessAsUserA          7713CEB9 5 Bytes  JMP 01731758
.text          C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe[3144] ADVAPI32.dll!CreateProcessAsUserW          77151EE9 5 Bytes  JMP 01731871
.text          C:\Windows\ehome\ehmsas.exe[3524] kernel32.dll!CreateProcessW                                          77051BF3 5 Bytes  JMP 01991642
.text          C:\Windows\ehome\ehmsas.exe[3524] kernel32.dll!CreateProcessA                                          77051C28 1 Byte  [E9]
.text          C:\Windows\ehome\ehmsas.exe[3524] kernel32.dll!CreateProcessA                                          77051C28 5 Bytes  JMP 0199152C
.text          C:\Windows\ehome\ehmsas.exe[3524] ADVAPI32.dll!CreateProcessAsUserA                                    7713CEB9 5 Bytes  JMP 01991758
.text          C:\Windows\ehome\ehmsas.exe[3524] ADVAPI32.dll!CreateProcessAsUserW                                    77151EE9 5 Bytes  JMP 01991871
.text          C:\Windows\system32\wbem\unsecapp.exe[3560] kernel32.dll!CreateProcessW                                77051BF3 5 Bytes  JMP 019D1642
.text          C:\Windows\system32\wbem\unsecapp.exe[3560] kernel32.dll!CreateProcessA                                77051C28 1 Byte  [E9]
.text          C:\Windows\system32\wbem\unsecapp.exe[3560] kernel32.dll!CreateProcessA                                77051C28 5 Bytes  JMP 019D152C
.text          C:\Windows\system32\wbem\unsecapp.exe[3560] ADVAPI32.dll!CreateProcessAsUserA                          7713CEB9 5 Bytes  JMP 019D1758
.text          C:\Windows\system32\wbem\unsecapp.exe[3560] ADVAPI32.dll!CreateProcessAsUserW                          77151EE9 5 Bytes  JMP 019D1871
.text          C:\Program Files\HP\Digital Imaging\bin\hpqSTE08.exe[3928] kernel32.dll!CreateProcessW                77051BF3 5 Bytes  JMP 03C31642
.text          C:\Program Files\HP\Digital Imaging\bin\hpqSTE08.exe[3928] kernel32.dll!CreateProcessA                77051C28 1 Byte  [E9]
.text          C:\Program Files\HP\Digital Imaging\bin\hpqSTE08.exe[3928] kernel32.dll!CreateProcessA                77051C28 5 Bytes  JMP 03C3152C
.text          C:\Program Files\HP\Digital Imaging\bin\hpqSTE08.exe[3928] ADVAPI32.dll!CreateProcessAsUserA          7713CEB9 5 Bytes  JMP 03C31758
.text          C:\Program Files\HP\Digital Imaging\bin\hpqSTE08.exe[3928] ADVAPI32.dll!CreateProcessAsUserW          77151EE9 5 Bytes  JMP 03C31871
.text          C:\Program Files\Internet Explorer\iexplore.exe[9020] kernel32.dll!CreateProcessW                      77051BF3 5 Bytes  JMP 00B41642
.text          C:\Program Files\Internet Explorer\iexplore.exe[9020] kernel32.dll!CreateProcessA                      77051C28 1 Byte  [E9]
.text          C:\Program Files\Internet Explorer\iexplore.exe[9020] kernel32.dll!CreateProcessA                      77051C28 5 Bytes  JMP 00B4152C
.text          C:\Program Files\Internet Explorer\iexplore.exe[9020] ADVAPI32.dll!CreateProcessAsUserA                7713CEB9 5 Bytes  JMP 00B41758
.text          C:\Program Files\Internet Explorer\iexplore.exe[9020] ADVAPI32.dll!CreateProcessAsUserW                77151EE9 5 Bytes  JMP 00B41871
.text          C:\Program Files\Internet Explorer\iexplore.exe[9020] USER32.dll!CreateWindowExW                      77F01305 5 Bytes  JMP 6EB4DB14 C:\Windows\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text          C:\Program Files\Internet Explorer\iexplore.exe[9020] USER32.dll!DialogBoxParamW                      77F210B0 5 Bytes  JMP 6EA75505 C:\Windows\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text          C:\Program Files\Internet Explorer\iexplore.exe[9020] USER32.dll!DialogBoxIndirectParamW              77F22EF5 5 Bytes  JMP 6EC453AF C:\Windows\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text          C:\Program Files\Internet Explorer\iexplore.exe[9020] USER32.dll!DialogBoxParamA                      77F38152 5 Bytes  JMP 6EC4534C C:\Windows\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text          C:\Program Files\Internet Explorer\iexplore.exe[9020] USER32.dll!DialogBoxIndirectParamA              77F3847D 5 Bytes  JMP 6EC45412 C:\Windows\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text          C:\Program Files\Internet Explorer\iexplore.exe[9020] USER32.dll!MessageBoxIndirectA                  77F4D4D9 5 Bytes  JMP 6EC452E1 C:\Windows\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text          C:\Program Files\Internet Explorer\iexplore.exe[9020] USER32.dll!MessageBoxIndirectW                  77F4D5D3 5 Bytes  JMP 6EC45276 C:\Windows\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text          C:\Program Files\Internet Explorer\iexplore.exe[9020] USER32.dll!MessageBoxExA                        77F4D639 5 Bytes  JMP 6EC45214 C:\Windows\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text          C:\Program Files\Internet Explorer\iexplore.exe[9020] USER32.dll!MessageBoxExW                        77F4D65D 5 Bytes  JMP 6EC451B2 C:\Windows\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text          C:\Program Files\Internet Explorer\iexplore.exe[9020] WS2_32.dll!closesocket                          778F330C 5 Bytes  JMP 03378F70
.text          C:\Program Files\Internet Explorer\iexplore.exe[9020] WS2_32.dll!connect                              778F40D9 5 Bytes  JMP 03378CE0
.text          C:\Program Files\Internet Explorer\iexplore.exe[9020] WS2_32.dll!getpeername                          7790A863 5 Bytes  JMP 03378F00
.text          C:\Program Files\Internet Explorer\iexplore.exe[11736] kernel32.dll!CreateProcessW                    77051BF3 5 Bytes  JMP 010B1642
.text          C:\Program Files\Internet Explorer\iexplore.exe[11736] kernel32.dll!CreateProcessA                    77051C28 1 Byte  [E9]
.text          C:\Program Files\Internet Explorer\iexplore.exe[11736] kernel32.dll!CreateProcessA                    77051C28 5 Bytes  JMP 010B152C
.text          C:\Program Files\Internet Explorer\iexplore.exe[11736] ADVAPI32.dll!CreateProcessAsUserA              7713CEB9 5 Bytes  JMP 010B1758
.text          C:\Program Files\Internet Explorer\iexplore.exe[11736] ADVAPI32.dll!CreateProcessAsUserW              77151EE9 5 Bytes  JMP 010B1871
.text          C:\Program Files\Internet Explorer\iexplore.exe[11736] USER32.dll!CreateDialogParamW                  77EF72A2 5 Bytes  JMP 6EB4DEA0 C:\Windows\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text          C:\Program Files\Internet Explorer\iexplore.exe[11736] USER32.dll!GetAsyncKeyState                    77EF863C 5 Bytes  JMP 6EA68F27 C:\Windows\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text          C:\Program Files\Internet Explorer\iexplore.exe[11736] USER32.dll!SetWindowsHookExW                    77EF87AD 5 Bytes  JMP 6EB49AA5 C:\Windows\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text          C:\Program Files\Internet Explorer\iexplore.exe[11736] USER32.dll!CallNextHookEx                      77EF8E3B 5 Bytes  JMP 6EB3D119 C:\Windows\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text          C:\Program Files\Internet Explorer\iexplore.exe[11736] USER32.dll!UnhookWindowsHookEx                  77EF98DB 5 Bytes  JMP 6EAB4686 C:\Windows\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text          C:\Program Files\Internet Explorer\iexplore.exe[11736] USER32.dll!EnableWindow                        77EFCD8B 5 Bytes  JMP 6EB4DD2D C:\Windows\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text          C:\Program Files\Internet Explorer\iexplore.exe[11736] USER32.dll!CreateWindowExW                      77F01305 5 Bytes  JMP 6EB4DB14 C:\Windows\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text          C:\Program Files\Internet Explorer\iexplore.exe[11736] USER32.dll!GetKeyState                          77F08CB1 5 Bytes  JMP 6EB4D2DB C:\Windows\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text          C:\Program Files\Internet Explorer\iexplore.exe[11736] USER32.dll!IsDialogMessageW                    77F10745 5 Bytes  JMP 6EA75A17 C:\Windows\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text          C:\Program Files\Internet Explorer\iexplore.exe[11736] USER32.dll!CreateDialogParamA                  77F117AA 5 Bytes  JMP 6EC4601B C:\Windows\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text          C:\Program Files\Internet Explorer\iexplore.exe[11736] USER32.dll!IsDialogMessage                      77F11847 5 Bytes  JMP 6EC458B7 C:\Windows\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text          C:\Program Files\Internet Explorer\iexplore.exe[11736] USER32.dll!CreateDialogIndirectParamA          77F126F1 5 Bytes  JMP 6EC46052 C:\Windows\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text          C:\Program Files\Internet Explorer\iexplore.exe[11736] USER32.dll!CreateDialogIndirectParamW          77F19A62 5 Bytes  JMP 6EC46089 C:\Windows\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text          C:\Program Files\Internet Explorer\iexplore.exe[11736] USER32.dll!SetKeyboardState                    77F20987 5 Bytes  JMP 6EC45C26 C:\Windows\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text          C:\Program Files\Internet Explorer\iexplore.exe[11736] USER32.dll!DialogBoxParamW                      77F210B0 5 Bytes  JMP 6EA75505 C:\Windows\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text          C:\Program Files\Internet Explorer\iexplore.exe[11736] USER32.dll!DialogBoxIndirectParamW              77F22EF5 5 Bytes  JMP 6EC453AF C:\Windows\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text          C:\Program Files\Internet Explorer\iexplore.exe[11736] USER32.dll!SendInput                            77F22F75 5 Bytes  JMP 6EC467E3 C:\Windows\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text          C:\Program Files\Internet Explorer\iexplore.exe[11736] USER32.dll!EndDialog                            77F2326E 5 Bytes  JMP 6EA77EC2 C:\Windows\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text          C:\Program Files\Internet Explorer\iexplore.exe[11736] USER32.dll!SetCursorPos                        77F36FB2 5 Bytes  JMP 6EC46837 C:\Windows\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text          C:\Program Files\Internet Explorer\iexplore.exe[11736] USER32.dll!DialogBoxParamA                      77F38152 5 Bytes  JMP 6EC4534C C:\Windows\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text          C:\Program Files\Internet Explorer\iexplore.exe[11736] USER32.dll!DialogBoxIndirectParamA              77F3847D 5 Bytes  JMP 6EC45412 C:\Windows\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text          C:\Program Files\Internet Explorer\iexplore.exe[11736] USER32.dll!MessageBoxIndirectA                  77F4D4D9 5 Bytes  JMP 6EC452E1 C:\Windows\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text          C:\Program Files\Internet Explorer\iexplore.exe[11736] USER32.dll!MessageBoxIndirectW                  77F4D5D3 5 Bytes  JMP 6EC45276 C:\Windows\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text          C:\Program Files\Internet Explorer\iexplore.exe[11736] USER32.dll!MessageBoxExA                        77F4D639 5 Bytes  JMP 6EC45214 C:\Windows\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text          C:\Program Files\Internet Explorer\iexplore.exe[11736] USER32.dll!MessageBoxExW                        77F4D65D 5 Bytes  JMP 6EC451B2 C:\Windows\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text          C:\Program Files\Internet Explorer\iexplore.exe[11736] USER32.dll!keybd_event                          77F4D972 5 Bytes  JMP 6EC46B67 C:\Windows\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text          C:\Program Files\Internet Explorer\iexplore.exe[11736] SHELL32.dll!SHRestricted + D95                  765A89A8 4 Bytes  [4D, 30, 1E, 74]
.text          C:\Program Files\Internet Explorer\iexplore.exe[11736] SHELL32.dll!SHRestricted + D9D                  765A89B0 8 Bytes  [57, 2F, 1E, 74, 9C, 5B, 1D, ...]
.text          C:\Program Files\Internet Explorer\iexplore.exe[11736] ole32.dll!OleLoadFromStream                    777C1E80 5 Bytes  JMP 6EC45717 C:\Windows\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text          C:\Program Files\Internet Explorer\iexplore.exe[11736] ole32.dll!CoCreateInstance                      777F9F3E 5 Bytes  JMP 6EB4DB70 C:\Windows\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text          C:\Program Files\Internet Explorer\iexplore.exe[11736] WS2_32.dll!closesocket                          778F330C 5 Bytes  JMP 02F18F70
.text          C:\Program Files\Internet Explorer\iexplore.exe[11736] WS2_32.dll!connect                              778F40D9 5 Bytes  JMP 02F18CE0
.text          C:\Program Files\Internet Explorer\iexplore.exe[11736] WS2_32.dll!getpeername                          7790A863 5 Bytes  JMP 02F18F00

---- Devices - GMER 1.0.15 ----

Device          \FileSystem\Ntfs \Ntfs                                                                                HOOKHELP.sys
Device          \FileSystem\RAW \Device\RawTape                                                                        HOOKHELP.sys

AttachedDevice  \Driver\tdx \Device\Tcp                                                                                HookTdi.sys

Device          \FileSystem\rdbss \Device\FsWrap                                                                      HOOKHELP.sys

AttachedDevice  \Driver\tdx \Device\Udp                                                                                HookTdi.sys
AttachedDevice  \Driver\tdx \Device\RawIp                                                                              HookTdi.sys

Device          \FileSystem\RAW \Device\RawDisk                                                                        HOOKHELP.sys
Device          \FileSystem\RAW \Device\RawCdRom                                                                      HOOKHELP.sys
Device          \FileSystem\Fs_Rec \FileSystem\ExFatRecognizer                                                        HOOKHELP.sys
Device          \FileSystem\Fs_Rec \FileSystem\UdfsCdRomRecognizer                                                    HOOKHELP.sys
Device          \FileSystem\Fs_Rec \FileSystem\FatCdRomRecognizer                                                      HOOKHELP.sys
Device          \FileSystem\Fs_Rec \FileSystem\CdfsRecognizer                                                          HOOKHELP.sys
Device          \FileSystem\Fs_Rec \FileSystem\FatDiskRecognizer                                                      HOOKHELP.sys
Device          \FileSystem\Fs_Rec \FileSystem\UdfsDiskRecognizer                                                      HOOKHELP.sys
Device          \FileSystem\cdfs \Cdfs                                                                                HOOKHELP.sys

---- EOF - GMER 1.0.15 ----
Hier das osam- Log:

Code:
Report of OSAM: Autorun Manager v5.0.11926.0
hxxp://www.online-solutions.ru/en/
Saved at 19:23:35 on 21.03.2012

OS: Windows Vista Home Premium Edition Service Pack 2 (Build 6002), 32-bit
Default Browser: Mozilla Corporation Firefox 11.0

Scanner Settings
[x] Rootkits detection (hidden registry)
[x] Rootkits detection (hidden files)
[x] Retrieve files information
[x] Check Microsoft signatures

Filters
[ ] Trusted entries
[ ] Empty entries
[x] Hidden registry entries (rootkit activity)
[x] Exclusively opened files
[x] Not found files
[x] Files without detailed information
[x] Existing files
[ ] Non-startable services
[ ] Non-startable drivers
[x] Active entries
[x] Disabled entries


[Boot Execute]
-----( HKLM\SYSTEM\CurrentControlSet\Control\Session Manager )-----
"BootExecute" - "Beijing Rising Information Technology Co., Ltd." - C:\Windows\system32\bsmain.exe

[Control Panel Objects]
-----( %SystemRoot%\system32 )-----
"DivXControlPanelApplet.cpl" - "DivX, Inc." - C:\Windows\system32\DivXControlPanelApplet.cpl
"FlashPlayerCPLApp.cpl" - "Adobe Systems Incorporated" - C:\Windows\system32\FlashPlayerCPLApp.cpl
"LocalCOM.cpl" - "TOSHIBA CORPORATION" - C:\Windows\system32\LocalCOM.cpl
-----( HKLM\Software\Microsoft\Windows\CurrentVersion\Control Panel\Cpls )-----
"QuickTime" - "Apple Inc." - C:\Program Files\QuickTime\QTSystem\QuickTime.cpl

[Drivers]
-----( HKLM\SYSTEM\CurrentControlSet\Services )-----
"catchme" (catchme) - ? - C:\Users\Rebekka\AppData\Local\Temp\catchme.sys  (File not found)
"Cisco Systems Inc. IPSec Driver" (CVPNDRVA) - "Cisco Systems, Inc." - C:\Windows\system32\Drivers\CVPNDRVA.sys
"hooksys" (hooksys) - "Beijing Rising Information Technology Co., Ltd." - C:\Windows\system32\drivers\Hooksys.sys
"HookTdi" (HookTdi) - "Beijing Rising Information Technology Co., Ltd." - C:\Windows\system32\drivers\HookTdi.sys
"HyperVM" (HyperVM) - "Beijing Rising Information Technology Co., Ltd." - C:\Windows\system32\drivers\hvm.sys
"IP in IP Tunnel Driver" (IpInIp) - ? - C:\Windows\System32\DRIVERS\ipinip.sys  (File not found)
"IPX Traffic Filter Driver" (NwlnkFlt) - ? - C:\Windows\System32\DRIVERS\nwlnkflt.sys  (File not found)
"IPX Traffic Forwarder Driver" (NwlnkFwd) - ? - C:\Windows\System32\DRIVERS\nwlnkfwd.sys  (File not found)
"rsd protect" (rsdsys) - "Beijing Rising Information Technology Co., Ltd." - C:\Windows\system32\drivers\protreg.sys
"Symantec Intrusion Prevention Driver" (IDSvix86) - "Symantec Corporation" - C:\PROGRA~2\Symantec\DEFINI~1\SymcData\ipsdefs\20090625.001\IDSvix86.sys
"SymIMMP" (SymIMMP) - ? - C:\Windows\System32\DRIVERS\SymIM.sys  (File not found)
"uxdiqfog" (uxdiqfog) - ? - C:\Users\Rebekka\AppData\Local\Temp\uxdiqfog.sys  (Hidden registry entry, rootkit activity | File not found)

[Explorer]
-----( HKLM\Software\Classes\Folder\shellex\ColumnHandlers )-----
{16148659-720A-457d-850B-2DBD87BB129D} "AudibleShlExt Class" - "Audible, Inc." - C:\Program Files\Audible\Bin\AudibleExt.dll
{C52AF81D-F7A0-4AAB-8E87-F80A60CCD396} "{C52AF81D-F7A0-4AAB-8E87-F80A60CCD396}" - ? - C:\Program Files\OpenOffice.org 3\Basis\program\shlxthdl\shlxthdl.dll
-----( HKLM\Software\Classes\Protocols\Filter )-----
{807563E5-5146-11D5-A672-00B0D022E945} "Microsoft Office InfoPath XML Mime Filter" - "Microsoft Corporation" - C:\PROGRA~1\COMMON~1\MICROS~1\OFFICE12\MSOXMLMF.DLL
-----( HKLM\Software\Classes\Protocols\Handler )-----
{314111c7-a502-11d2-bbca-00c04f8ec294} "HxProtocol Class" - "Microsoft Corporation" - C:\Program Files\Common Files\Microsoft Shared\Help\hxds.dll
{FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} "IEProtocolHandler Class" - "Skype Technologies" - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
{0A9007C0-4076-11D3-8789-0000F8105754} "Microsoft Infotech Storage Protocol for IE 4.0" - "Microsoft Corporation" - C:\Program Files\Common Files\Microsoft Shared\Information Retrieval\msitss.dll
-----( HKLM\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved )-----
{911051fa-c21c-4246-b470-070cd8df6dc4} ".cab or .zip files" - ? -  (File not found | COM-object registry key not found)
{23170F69-40C1-278A-1000-000100020000} "7-Zip Shell Extension" - "Igor Pavlov" - C:\Program Files\7-Zip\7-zip.dll
{1b24a030-9b20-49bc-97ac-1be4426f9e59} "ActiveDirectory Folder" - ? -  (File not found | COM-object registry key not found)
{34449847-FD14-4fc8-A75A-7432F5181EFB} "ActiveDirectory Folder" - ? -  (File not found | COM-object registry key not found)
{16148659-720A-457d-850B-2DBD87BB129D} "AudibleShlExt Class" - "Audible, Inc." - C:\Program Files\Audible\Bin\AudibleExt.dll
{0F8604A5-4ECE-4DE1-BA7D-CF10F8AA4F48} "Contacts folder" - ? -  (File not found | COM-object registry key not found)
{2C2577C2-63A7-40e3-9B7F-586602617ECB} "Explorer Query Band" - ? -  (File not found | COM-object registry key not found)
{FAC3CBF6-8697-43d0-BAB9-DCD1FCE19D75} "IE User Assist" - ? -  (File not found | COM-object registry key not found)
{B9E1D2CB-CCFF-4AA6-9579-D7A4754030EF} "iTunes" - "Apple Inc." - C:\Program Files\iTunes\iTunesMiniPlayer.dll
{00020d75-0000-0000-c000-000000000046} "lnkfile" - ? -  (File not found | COM-object registry key not found)
{42042206-2D85-11D3-8CFF-005004838597} "Microsoft Office HTML Icon Handler" - "Microsoft Corporation" - C:\Program Files\Microsoft Office\Office12\msohevi.dll
{993BE281-6695-4BA5-8A2A-7AACBFAAB69E} "Microsoft Office Metadata Handler" - "Microsoft Corporation" - C:\PROGRA~1\COMMON~1\MICROS~1\OFFICE12\msoshext.dll
{5858A72C-C2B4-4dd7-B2BF-B76DB1BD9F6C} "Microsoft Office OneNote Namespace Extension for Windows Desktop Search" - "Microsoft Corporation" - C:\PROGRA~1\MICROS~2\Office12\ONFILTER.DLL
{C41662BB-1FA0-4CE0-8DC5-9B7F8279FF97} "Microsoft Office Thumbnail Handler" - "Microsoft Corporation" - C:\PROGRA~1\COMMON~1\MICROS~1\OFFICE12\msoshext.dll
{C52AF81D-F7A0-4AAB-8E87-F80A60CCD396} "OpenOffice.org Column Handler" - ? - C:\Program Files\OpenOffice.org 3\Basis\program\shlxthdl\shlxthdl.dll
{087B3AE3-E237-4467-B8DB-5A38AB959AC9} "OpenOffice.org Infotip Handler" - ? - C:\Program Files\OpenOffice.org 3\Basis\program\shlxthdl\shlxthdl.dll
{63542C48-9552-494A-84F7-73AA6A7C99C1} "OpenOffice.org Property Sheet Handler" - ? - C:\Program Files\OpenOffice.org 3\Basis\program\shlxthdl\shlxthdl.dll
{3B092F0C-7696-40E3-A80F-68D74DA84210} "OpenOffice.org Thumbnail Viewer" - ? - C:\Program Files\OpenOffice.org 3\Basis\program\shlxthdl\shlxthdl.dll
{C8494E42-ACDD-4739-B0FB-217361E4894F} "Sam Account Folder" - ? -  (File not found | COM-object registry key not found)
{E29F9716-5C08-4FCD-955A-119FDB5A522D} "Sam Account Folder" - ? -  (File not found | COM-object registry key not found)
{52B87208-9CCF-42C9-B88E-069281105805} "Trojan Remover Shell Extension" - "Simply Super Software" - C:\PROGRA~1\TROJAN~1\Trshlex.dll
{da67b8ad-e81b-4c70-9b91b417b5e33527} "Windows Search Shell Service" - ? -  (File not found | COM-object registry key not found)
{B41DB860-8EE4-11D2-9906-E49FADC173CA} "WinRAR" - ? - C:\Program Files\WinRAR 3.61 Multi\rarext.dll  (File found, but it contains no detailed information)

[Internet Explorer]
-----( HKCU\SOFTWARE\Microsoft\Internet Explorer\Explorer Bars )-----
{555D4D79-4BD2-4094-A395-CFC534424A05} "HP Smart Web Printing" - "Hewlett-Packard Co." - C:\Program Files\HP\Digital Imaging\Smart Web Printing\hpswp_bho.dll
-----( HKCU\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser )-----
<binary data> "ITBar7Layout" - ? -  (File not found | COM-object registry key not found)
-----( HKLM\SOFTWARE\Microsoft\Code Store Database\Distribution Units )-----
{8AD9C840-044E-11D1-B3E9-00805F499D93} "Java Plug-in 1.6.0_24" - "Sun Microsystems, Inc." - C:\Program Files\java\jre6\bin\jp2iexp.dll / hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_24-windows-i586.cab
{CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA} "Java Plug-in 1.6.0_24" - "Sun Microsystems, Inc." - C:\Program Files\java\jre6\bin\jp2iexp.dll / hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_24-windows-i586.cab
-----( HKLM\SOFTWARE\Microsoft\Internet Explorer\Extensions )-----
{DDE87865-83C5-48c4-8357-2F5B1AA84522} "HP Smart Web Printing ein- oder ausblenden" - "Hewlett-Packard Co." - C:\Program Files\HP\Digital Imaging\Smart Web Printing\hpswp_BHO.dll
{FF059E31-CC5A-4E2E-BF3B-96E929D65503} "Research" - "Microsoft Corporation" - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL
{48E73304-E1D6-4330-914C-F5F514E3486C} "Send to OneNote" - "Microsoft Corporation" - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
-----( HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects )-----
{0347C33E-8762-4905-BF09-768834316C61} "HP Print Enhancer" - "Hewlett-Packard Co." - C:\Program Files\HP\Digital Imaging\Smart Web Printing\hpswp_printenhancer.dll
{FFFFFFFF-CF4E-4F2B-BDC2-0E72E116A856} "HP Smart BHO Class" - "Hewlett-Packard Co." - C:\Program Files\HP\Digital Imaging\Smart Web Printing\hpswp_BHO.dll
{DBC80044-A445-435b-BC74-9C25C1C588A9} "Java(tm) Plug-In 2 SSV Helper" - "Sun Microsystems, Inc." - C:\Program Files\Java\jre6\bin\jp2ssv.dll

[Logon]
-----( %APPDATA%\Microsoft\Windows\Start Menu\Programs\Startup )-----
"desktop.ini" - ? - C:\Users\Rebekka\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\desktop.ini
-----( %AllUsersProfile%\Microsoft\Windows\Start Menu\Programs\Startup )-----
"Bluetooth Manager.lnk" - "TOSHIBA CORPORATION." - C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosBtMng.exe  (Shortcut exists | File exists)
"desktop.ini" - ? - C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\desktop.ini
"HP Digital Imaging Monitor.lnk" - "Hewlett-Packard Co." - C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe  (Shortcut exists | File exists)
"VPN Client.lnk" - "Cisco Systems, Inc." - C:\Program Files\Cisco Systems\VPN Client\vpngui.exe  (Shortcut exists | File exists)
-----( HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Run )-----
"LicenseValidator" - "WestByte" - C:\Users\Rebekka\AppData\Roaming\Identities\{75AA8B7F-AF95-4CA0-858D-5DD7444AAEC1}\LicenseValidator.exe
-----( HKLM\SYSTEM\CurrentControlSet\Control\Terminal Server\Wds\rdpwd )-----
"StartupPrograms" - ? - rdpclip  (File not found)
-----( HKLM\Software\Microsoft\Windows\CurrentVersion\Run )-----
"ITSecMng" - " TOSHIBA CORPORATION" - %ProgramFiles%\TOSHIBA\Bluetooth Toshiba Stack\ItSecMng.exe /START
"MGSysCtrl" - "Mirco-Star International  CO., LTD." - C:\Program Files\System Control Manager\MGSysCtrl.exe
"RavTRAY" - "Beijing Rising Information Technology Co., Ltd." - "C:\Program Files\Rising\RAV\RSTRAY.EXE" -system

[Print Monitors]
-----( HKLM\SYSTEM\CurrentControlSet\Control\Print\Monitors )-----
"PCL hpz3l5mu" - "Hewlett-Packard Company" - C:\Windows\system32\hpz3l5mu.dll
"Send To Microsoft OneNote Monitor" - "Microsoft Corporation" - C:\Windows\system32\msonpmon.dll
"Toshiba Bluetooth Monitor" - "TOSHIBA CORPORATION." - C:\Windows\system32\tbtmon.dll

[Services]
-----( HKLM\SYSTEM\CurrentControlSet\Services )-----
"Automatisches LiveUpdate - Scheduler" (Automatic LiveUpdate Scheduler) - "Symantec Corporation" - C:\Program Files\Symantec\LiveUpdate\AluSchedulerSvc.exe
"Cisco Systems, Inc. VPN Service" (CVPND) - "Cisco Systems, Inc." - C:\Program Files\Cisco Systems\VPN Client\cvpnd.exe
"Dienst "Bonjour"" (Bonjour Service) - "Apple Inc." - C:\Program Files\Bonjour\mDNSResponder.exe
"HP CUE DeviceDiscovery Service" (hpqddsvc) - "Hewlett-Packard Co." - C:\Program Files\HP\Digital Imaging\bin\hpqddsvc.dll
"hpqcxs08" (hpqcxs08) - "Hewlett-Packard Co." - C:\Program Files\HP\Digital Imaging\bin\hpqcxs08.dll
"iPod-Dienst" (iPod Service) - "Apple Inc." - C:\Program Files\iPod\bin\iPodService.exe
"LiveUpdate" (LiveUpdate) - "Symantec Corporation" - C:\Program Files\Symantec\LiveUpdate\LuComServer_3_4.EXE
"Micro Star SCM" (Micro Star SCM) - ? - C:\Program Files\System Control Manager\MSIService.exe  (File found, but it contains no detailed information)
"Microsoft Office Diagnostics Service" (odserv) - "Microsoft Corporation" - C:\Program Files\Common Files\Microsoft Shared\OFFICE12\ODSERV.EXE
"Net Driver HPZ12" (Net Driver HPZ12) - "Hewlett-Packard" - C:\Windows\system32\HPZinw12.dll
"Office Source Engine" (ose) - "Microsoft Corporation" - C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE
"Pml Driver HPZ12" (Pml Driver HPZ12) - "Hewlett-Packard" - C:\Windows\system32\HPZipm12.dll
"Rav Service" (RsRavMon) - "Beijing Rising Information Technology Co., Ltd." - C:\Program Files\Rising\RAV\RavMonD.exe
"Rsd Service" (RsMgrSvc) - "Beijing Rising Information Technology Co., Ltd." - C:\Program Files\Rising\RSD\RsMgrSvc.exe
"TOSHIBA Bluetooth Service" (TOSHIBA Bluetooth Service) - "TOSHIBA CORPORATION" - C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosBtSrv.exe

[Winsock Providers]
-----( HKLM\SYSTEM\CurrentControlSet\Services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries )-----
"mdnsNSP" - "Apple Inc." - C:\Program Files\Bonjour\mdnsNSP.dll

===[ Logfile end ]=========================================[ Logfile end ]===

If You have questions or want to get some help, You can visit hxxp://forum.online-solutions.ru
Hier das aswMBR- Log:

Code:
aswMBR version 0.9.9.1665 Copyright(c) 2011 AVAST Software
Run date: 2012-03-21 19:47:26
-----------------------------
19:47:26.044    OS Version: Windows 6.0.6002 Service Pack 2
19:47:26.044    Number of processors: 2 586 0xF0D
19:47:26.044    ComputerName: REBEKKA-PC  UserName: Rebekka
19:47:27.354    Initialize success
19:47:35.497    AVAST engine defs: 12032000
19:48:06.791    Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\Ide\IdeDeviceP0T0L0-0
19:48:06.791    Disk 0 Vendor: FUJITSU_MHZ2250BH_G2 00000009 Size: 238475MB BusType: 3
19:48:07.009    Disk 0 MBR read successfully
19:48:07.009    Disk 0 MBR scan
19:48:07.446    Disk 0 unknown MBR code
19:48:07.509    Disk 0 Partition 1 00    27 Hidden NTFS WinRE NTFS        8000 MB offset 2048
19:48:07.555    Disk 0 Partition 2 80 (A) 07    HPFS/NTFS NTFS        45000 MB offset 16386048
19:48:07.602    Disk 0 Partition 3 00    07    HPFS/NTFS NTFS      185473 MB offset 108546048
19:48:07.649    Disk 0 scanning sectors +488394752
19:48:07.977    Disk 0 scanning C:\Windows\system32\drivers
19:50:06.583    Service scanning
19:51:10.341    Modules scanning
19:53:10.757    Disk 0 trace - called modules:
19:53:10.835    ntkrnlpa.exe CLASSPNP.SYS disk.sys acpi.sys hal.dll ataport.SYS PCIIDEX.SYS msahci.sys
19:53:10.851    1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0x84dbe700]
19:53:10.851    3 CLASSPNP.SYS[87da58b3] -> nt!IofCallDriver -> [0x84befb20]
19:53:10.851    5 acpi.sys[806946bc] -> nt!IofCallDriver -> \Device\Ide\IdeDeviceP0T0L0-0[0x84bf1b98]
19:53:11.724    AVAST engine scan C:\Windows
19:53:51.660    AVAST engine scan C:\Windows\system32
20:05:47.778    AVAST engine scan C:\Windows\system32\drivers
20:06:43.143    AVAST engine scan C:\Users\Rebekka
20:15:23.215    AVAST engine scan C:\ProgramData
20:26:51.004    Scan finished successfully
22:02:35.670    Disk 0 MBR has been saved successfully to "C:\Users\Rebekka\Desktop\MBR.dat"
22:02:35.701    The log file has been saved successfully to "C:\Users\Rebekka\Desktop\aswMBR.txt"


Alle Zeitangaben in WEZ +1. Es ist jetzt 09:19 Uhr.
Seite 1 von 2 1 2
100 Beiträge dieses Themas auf einer Seite anzeigen

Copyright ©2000-2025, Trojaner-Board


Search Engine Optimization by vBSEO ©2011, Crawlability, Inc.

1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28 29 30 31 32 33 34 35 36 37 38 39 40 41 42 43 44 45 46 47 48 49 50 51 52 53 54 55 56 57 58 59 60 61 62 63 64 65 66 67 68 69 70 71 72 73 74 75 76 77 78 79 80 81 82 83 84 85 86 87 88 89 90 91 92 93 94 95 96 97 98 99 100 101 102 103 104 105 106 107 108 109 110 111 112 113 114 115 116 117 118 119 120 121 122 123 124 125 126 127 128 129 130 131