Trojaner-Board - tr/crypt.zpack.gen Trojanermeldung bei Antivir

Trojaner-Board (https://www.trojaner-board.de/)

- Plagegeister aller Art und deren Bekämpfung (https://www.trojaner-board.de/plagegeister-aller-art-deren-bekaempfung/)

- - tr/crypt.zpack.gen Trojanermeldung bei Antivir (https://www.trojaner-board.de/113283-tr-crypt-zpack-gen-trojanermeldung-antivir.html)

tr/crypt.zpack.gen Trojanermeldung bei Antivir

Hallo zusammen,
hab leider auf dem Laptop seit kurzem immer wieder die Meldung von Antivir, das ich mir den oben benannten Trojaner eingefangen habe...
Ein entfernen durch Antivir ist nicht möglich, ich hoffe ihr könnt mir helfen.
Danke schonmal wieder im Voraus!

Gruß Sebastian

DDS-File: attach, und gmer im Anhang.

DDS (Ver_2011-08-26.01) - NTFSx86
Internet Explorer: 8.0.6001.19190 BrowserJavaVersion: 1.6.0_29
Run by Martina at 19:57:11 on 2012-04-07
.
============== Running Processes ===============
.
C:\Windows\system32\wininit.exe
C:\Windows\system32\lsm.exe
C:\Windows\system32\nvvsvc.exe
C:\Windows\system32\SLsvc.exe
C:\Windows\system32\rundll32.exe
C:\Windows\system32\taskeng.exe
C:\Windows\System32\spoolsv.exe
C:\Program Files\Avira\AntiVir Desktop\sched.exe
C:\Windows\system32\agrsmsvc.exe
C:\Program Files\Avira\AntiVir Desktop\avguard.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files\Common Files\MAGIX Services\Database\bin\FABS.exe
C:\Windows\system32\SearchIndexer.exe
C:\Program Files\Intel\Intel Matrix Storage Manager\IAANTMon.exe
C:\Program Files\Avira\AntiVir Desktop\avshadow.exe
C:\Windows\system32\Dwm.exe
C:\Windows\system32\taskeng.exe
C:\Windows\Explorer.EXE
C:\Program Files\Windows Defender\MSASCui.exe
C:\Program Files\LG Software\LG OSD\HotKey.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Windows\RtHDVCpl.exe
C:\Windows\System32\rundll32.exe
C:\Program Files\Intel\Intel Matrix Storage Manager\IAAnotif.exe
C:\Program Files\FreePDF_XP\fpassist.exe
C:\Program Files\Common Files\Java\Java Update\jusched.exe
C:\Program Files\Avira\AntiVir Desktop\avgnt.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Windows\ehome\ehtray.exe
C:\Program Files\Windows Sidebar\sidebar.exe
C:\Program Files\Common Files\Apple\Internet Services\iCloudServices.exe
C:\Users\*******\AppData\Roaming\ipqjqdog.exe
C:\Windows\ehome\ehmsas.exe
C:\Windows\system32\wbem\wmiprvse.exe
C:\Program Files\Windows Media Player\wmpnscfg.exe
C:\Users\*****\AppData\Roaming\ipqjqdog.exe
C:\Program Files\Windows Sidebar\sidebar.exe
C:\Program Files\Windows Media Player\wmpnetwk.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Windows Sidebar\Gadgets\LGSmartI.Gadget\plugins\LGSmartI.exe
C:\Windows\system32\Macromed\Flash\FlashUtil11f_ActiveX.exe
C:\Program Files\Synaptics\SynTP\SynTPHelper.exe
C:\Program Files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Windows\system32\SearchProtocolHost.exe
C:\Windows\system32\conime.exe
C:\Windows\system32\SearchFilterHost.exe
C:\Windows\system32\NOTEPAD.EXE
C:\Windows\system32\SearchProtocolHost.exe
C:\Windows\system32\taskeng.exe
C:\Windows\system32\DllHost.exe
C:\Windows\system32\DllHost.exe
C:\Users\*****\Desktop\Virus\dds.com
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\svchost.exe -k rpcss
C:\Windows\System32\svchost.exe -k secsvcs
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k netsvcs
C:\Windows\system32\svchost.exe -k GPSvcGroup
C:\Windows\system32\svchost.exe -k LocalService
C:\Windows\system32\svchost.exe -k NetworkService
C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
C:\Windows\system32\svchost.exe -k bthsvcs
C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted
C:\Windows\system32\svchost.exe -k imgsvc
C:\Windows\System32\svchost.exe -k WerSvcGroup
C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
C:\Windows\System32\svchost.exe -k swprv
.
============== Pseudo HJT Report ===============
.
uStart Page = hxxp://www.google.de/
uDefault_Page_URL = hxxp://www.lge.com
mDefault_Page_URL = hxxp://www.lge.com
uInternet Settings,ProxyOverride = *.local
uURLSearchHooks: H - No File
BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelperShim.dll
BHO: Groove GFS Browser Helper: {72853161-30c5-4d22-b7f9-0bbc1d38a37e} - c:\progra~1\micros~2\office14\GROOVEEX.DLL
BHO: Office Document Cache Handler: {b4f3a835-0e21-4959-ba22-42b3008e02ff} - c:\progra~1\micros~2\office14\URLREDIR.DLL
BHO: Java(tm) Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dll
uRun: [ehTray.exe] c:\windows\ehome\ehTray.exe
uRun: [Power2GoExpress]
uRun: [Sidebar] c:\program files\windows sidebar\sidebar.exe /autoRun
uRun: [iCloudServices] c:\program files\common files\apple\internet services\iCloudServices.exe
uRun: [ApplePhotoStreams] c:\program files\common files\apple\internet services\ApplePhotoStreams.exe
uRun: [PC Health Status] c:\users\*****\appdata\roaming\ipqjqdog.exe
mRun: [Windows Defender] %ProgramFiles%\Windows Defender\MSASCui.exe -hide
mRun: [KeybdUtility] c:\program files\lg software\lg osd\HotKey.exe
mRun: [SynTPEnh] c:\program files\synaptics\syntp\SynTPEnh.exe
mRun: [RtHDVCpl] RtHDVCpl.exe
mRun: [NvCplDaemon] RUNDLL32.EXE c:\windows\system32\NvCpl.dll,NvStartup
mRun: [NvMediaCenter] RUNDLL32.EXE c:\windows\system32\NvMcTray.dll,NvTaskbarInit
mRun: [IAAnotif] c:\program files\intel\intel matrix storage manager\iaanotif.exe
mRun: [UCam_Menu] "c:\program files\cyberlink\youcam\muitransfer\muistartmenu.exe" "c:\program files\cyberlink\youcam" update "software\cyberlink\youcam\1.0"
mRun: [FreePDF Assistant] c:\program files\freepdf_xp\fpassist.exe
mRun: [AppleSyncNotifier] c:\program files\common files\apple\mobile device support\AppleSyncNotifier.exe
mRun: [Adobe Reader Speed Launcher] "c:\program files\adobe\reader 9.0\reader\Reader_sl.exe"
mRun: [Adobe ARM] "c:\program files\common files\adobe\arm\1.0\AdobeARM.exe"
mRun: [APSDaemon] "c:\program files\common files\apple\apple application support\APSDaemon.exe"
mRun: [BCSSync] "c:\program files\microsoft office\office14\BCSSync.exe" /DelayServices
mRun: [SunJavaUpdateSched] "c:\program files\common files\java\java update\jusched.exe"
mRun: [avgnt] "c:\program files\avira\antivir desktop\avgnt.exe" /min
mRun: [QuickTime Task] "c:\program files\quicktime\QTTask.exe" -atboottime
mRun: [iTunesHelper] "c:\program files\itunes\iTunesHelper.exe"
mPolicies-explorer: BindDirectlyToPropertySetStorage = 0 (0x0)
mPolicies-system: EnableUIADesktopToggle = 0 (0x0)
IE: An OneNote s&enden - c:\progra~1\micros~2\office14\ONBttnIE.dll/105
IE: E&xport to Microsoft Excel - c:\progra~1\micros~2\office12\EXCEL.EXE/3000
IE: Free YouTube Download - c:\users\*****\appdata\roaming\dvdvideosoftiehelpers\youtubedownload.htm
IE: Free YouTube to Mp3 Converter - c:\users\*****\appdata\roaming\dvdvideosoftiehelpers\freeyoutubetomp3converter.htm
IE: Nach Microsoft E&xcel exportieren - c:\progra~1\micros~2\office14\EXCEL.EXE/3000
IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - c:\program files\microsoft office\office14\ONBttnIE.dll
IE: {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - {FFFDC614-B694-4AE6-AB38-5D6374584B52} - c:\program files\microsoft office\office14\ONBttnIELinkedNotes.dll
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_29-windows-i586.cab
DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} - hxxp://fpdownload.macromedia.com/get/flashplayer/current/polarbear/ultrashim.cab
DPF: {CAFEEFAC-0016-0000-0029-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_29-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_29-windows-i586.cab
TCP: DhcpNameServer = 192.168.1.1 193.189.244.194 193.189.244.202
TCP: Interfaces\{5445284C-14B6-466C-BC00-A6B40EC661B4} : DhcpNameServer = 192.168.1.1 193.189.244.194 193.189.244.202
Filter: text/xml - {807573E5-5146-11D5-A672-00B0D022E945} - c:\program files\common files\microsoft shared\office14\MSOXMLMF.DLL
SEH: Groove GFS Stub Execution Hook: {b5a7f190-dda6-4420-b3ba-52453494e6cd} - c:\progra~1\micros~2\office14\GROOVEEX.DLL
.
============= SERVICES / DRIVERS ===============
.
R? clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86
R? FirebirdServerMAGIXInstance;Firebird Server - MAGIX Instance
R? Microsoft SharePoint Workspace Audit Service;Microsoft SharePoint Workspace Audit Service
R? WPFFontCache_v0400;Windows Presentation Foundation Font Cache 4.0.0.0
R? WSVD;WSVD
S? AntiVirSchedulerService;Avira Planer
S? AntiVirService;Avira Echtzeit Scanner
S? avgntflt;avgntflt
S? avkmgr;avkmgr
S? Fabs;FABS - Helping agent for MAGIX media database
S? FontCache;Windows-Dienst fr Schriftartencache
S? LgBttPort;LGE Bluetooth TransPort
S? lgbusenum;LG Bluetooth Bus Enumerator
S? LGVMODEM;LGE Virtual Modem
S? netr28;Ralink 802.11n Wireless Driver for Windows Vista
S? NVHDA;Service for NVIDIA High Definition Audio Driver
S? osppsvc;Office Software Protection Platform
.
=============== Created Last 30 ================
.
2012-04-06 19:57:51 40448 ----a-w- c:\users\*****\appdata\local\hj23344.exe
2012-04-06 19:57:40 52224 ----a-w- c:\users\*****\appdata\roaming\ipqjqdog.exe
2012-04-06 18:03:50 6582328 ----a-w- c:\programdata\microsoft\windows defender\definition updates\{472decdd-3f90-40c6-a13b-9865ac703119}\mpengine.dll
2012-04-05 19:59:48 -------- d-----w- c:\users\*****\Ebooks_Calibre
2012-04-05 19:58:56 -------- d-----w- c:\users\*****\appdata\roaming\calibre
2012-04-05 19:58:28 -------- d-----w- c:\program files\Calibre2
2012-03-29 18:26:13 -------- d-----w- c:\program files\ALDI Bestellsoftware
2012-03-28 16:10:44 -------- d-----w- c:\program files\iPod
2012-03-28 16:10:42 -------- d-----w- c:\program files\iTunes
2012-03-28 09:00:50 2044416 ----a-w- c:\windows\system32\win32k.sys
2012-03-28 09:00:49 683008 ----a-w- c:\windows\system32\d2d1.dll
2012-03-28 09:00:49 2409784 ----a-w- c:\program files\windows mail\OESpamFilter.dat
2012-03-28 09:00:49 219648 ----a-w- c:\windows\system32\d3d10_1core.dll
2012-03-28 09:00:49 160768 ----a-w- c:\windows\system32\d3d10_1.dll
2012-03-28 09:00:49 1172480 ----a-w- c:\windows\system32\d3d10warp.dll
2012-03-28 09:00:49 1068544 ----a-w- c:\windows\system32\DWrite.dll
2012-03-28 09:00:31 613376 ----a-w- c:\windows\system32\rdpencom.dll
2012-03-28 09:00:31 180736 ----a-w- c:\windows\system32\drivers\rdpwd.sys
.
==================== Find3M ====================
.
2012-03-29 18:28:27 404640 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
2012-02-23 07:18:36 237072 ------w- c:\windows\system32\MpSigStub.exe
.
============= FINISH: 19:58:01,18 ===============

Zitat:

hab leider auf dem Laptop seit kurzem immer wieder die Meldung von Antivir, das ich mir den oben benannten Trojaner eingefangen habe...

Solche Angaben reichen nicht, bitte poste die vollständigen Angaben/Logs der Virenscanner.

Bitte alles nach Möglichkeit hier in CODE-Tags posten.

Wird so gemacht:

[code] hier steht das Log [/code]

Und das ganze sieht dann so aus:

Code:

hier steht das Log

Hallo,
Antivir hat es nur im Echtzeitscanner angezeigt, heute kam noch eine zweite Meldung dazu, diesmal hieß sie "tr/offend.kdv".
Mach jetzt gerade einen kompletten Suchlauf bei Antivir, und dann lad ich ihn hoch.

Hab noch einen Bericht gefunden:

Code:



Avira Free Antivirus

Erstellungsdatum der Reportdatei: Montag, 9. April 2012  20:46
 

Es wird nach 3603323 Virenstämmen gesucht.
 

Das Programm läuft als uneingeschränkte Vollversion.

Online-Dienste stehen zur Verfügung.
 

Lizenznehmer   : Avira AntiVir Personal - Free Antivirus

Seriennummer   : 0000149996-ADJIE-0000001

Plattform      : Windows Vista

Windowsversion : (Service Pack 2)  [6.0.6002]

Boot Modus     : Normal gebootet

Benutzername   : SYSTEM

Computername   : *******-PC
 

Versionsinformationen:

BUILD.DAT      : 12.0.0.898     41963 Bytes  31.01.2012 13:51:00

AVSCAN.EXE     : 12.1.0.20     492496 Bytes  17.02.2012 12:38:43

AVSCAN.DLL     : 12.1.0.18      65744 Bytes  17.02.2012 12:38:33

LUKE.DLL       : 12.1.0.19      68304 Bytes  17.02.2012 12:38:45

AVSCPLR.DLL    : 12.1.0.22     100048 Bytes  17.02.2012 12:38:56

AVREG.DLL      : 12.1.0.36     229128 Bytes  06.04.2012 19:30:12

VBASE000.VDF   : 7.10.0.0    19875328 Bytes  06.11.2009 19:18:34

VBASE001.VDF   : 7.11.0.0    13342208 Bytes  14.12.2010 10:07:39

VBASE002.VDF   : 7.11.19.170 14374912 Bytes  20.12.2011 19:53:08

VBASE003.VDF   : 7.11.21.238  4472832 Bytes  01.02.2012 17:59:18

VBASE004.VDF   : 7.11.26.44   4329472 Bytes  28.03.2012 16:15:28

VBASE005.VDF   : 7.11.26.45      2048 Bytes  28.03.2012 16:15:28

VBASE006.VDF   : 7.11.26.46      2048 Bytes  28.03.2012 16:15:28

VBASE007.VDF   : 7.11.26.47      2048 Bytes  28.03.2012 16:15:28

VBASE008.VDF   : 7.11.26.48      2048 Bytes  28.03.2012 16:15:28

VBASE009.VDF   : 7.11.26.49      2048 Bytes  28.03.2012 16:15:28

VBASE010.VDF   : 7.11.26.50      2048 Bytes  28.03.2012 16:15:28

VBASE011.VDF   : 7.11.26.51      2048 Bytes  28.03.2012 16:15:28

VBASE012.VDF   : 7.11.26.52      2048 Bytes  28.03.2012 16:15:28

VBASE013.VDF   : 7.11.26.53      2048 Bytes  28.03.2012 16:15:28

VBASE014.VDF   : 7.11.26.107   221696 Bytes  30.03.2012 16:12:25

VBASE015.VDF   : 7.11.26.179   224768 Bytes  02.04.2012 16:30:22

VBASE016.VDF   : 7.11.26.241   142336 Bytes  04.04.2012 19:30:04

VBASE017.VDF   : 7.11.27.41    247808 Bytes  08.04.2012 18:43:24

VBASE018.VDF   : 7.11.27.42      2048 Bytes  08.04.2012 18:43:24

VBASE019.VDF   : 7.11.27.43      2048 Bytes  08.04.2012 18:43:24

VBASE020.VDF   : 7.11.27.44      2048 Bytes  08.04.2012 18:43:24

VBASE021.VDF   : 7.11.27.45      2048 Bytes  08.04.2012 18:43:24

VBASE022.VDF   : 7.11.27.46      2048 Bytes  08.04.2012 18:43:24

VBASE023.VDF   : 7.11.27.47      2048 Bytes  08.04.2012 18:43:24

VBASE024.VDF   : 7.11.27.48      2048 Bytes  08.04.2012 18:43:24

VBASE025.VDF   : 7.11.27.49      2048 Bytes  08.04.2012 18:43:25

VBASE026.VDF   : 7.11.27.50      2048 Bytes  08.04.2012 18:43:25

VBASE027.VDF   : 7.11.27.51      2048 Bytes  08.04.2012 18:43:25

VBASE028.VDF   : 7.11.27.52      2048 Bytes  08.04.2012 18:43:25

VBASE029.VDF   : 7.11.27.53      2048 Bytes  08.04.2012 18:43:25

VBASE030.VDF   : 7.11.27.54      2048 Bytes  08.04.2012 18:43:25

VBASE031.VDF   : 7.11.27.72     35328 Bytes  09.04.2012 18:43:25

Engineversion  : 8.2.10.38 

AEVDF.DLL      : 8.1.2.2       106868 Bytes  27.11.2011 21:32:39

AESCRIPT.DLL   : 8.1.4.16      446842 Bytes  06.04.2012 19:30:12

AESCN.DLL      : 8.1.8.2       131444 Bytes  01.02.2012 17:59:26

AESBX.DLL      : 8.2.5.5       606579 Bytes  28.03.2012 16:15:36

AERDL.DLL      : 8.1.9.15      639348 Bytes  08.09.2011 22:16:06

AEPACK.DLL     : 8.2.16.9      807287 Bytes  30.03.2012 16:13:35

AEOFFICE.DLL   : 8.1.2.27      201082 Bytes  06.04.2012 19:30:11

AEHEUR.DLL     : 8.1.4.12     4604278 Bytes  06.04.2012 19:30:11

AEHELP.DLL     : 8.1.19.1      254327 Bytes  02.04.2012 16:30:30

AEGEN.DLL      : 8.1.5.23      409973 Bytes  28.03.2012 16:15:30

AEEXP.DLL      : 8.1.0.28       82292 Bytes  06.04.2012 19:30:12

AEEMU.DLL      : 8.1.3.0       393589 Bytes  01.09.2011 22:46:01

AECORE.DLL     : 8.1.25.6      201078 Bytes  28.03.2012 16:15:30

AEBB.DLL       : 8.1.1.0        53618 Bytes  01.09.2011 22:46:01

AVWINLL.DLL    : 12.1.0.17      27344 Bytes  19.10.2011 15:55:51

AVPREF.DLL     : 12.1.0.17      51920 Bytes  19.10.2011 15:55:48

AVREP.DLL      : 12.1.0.17     179408 Bytes  19.10.2011 15:55:49

AVARKT.DLL     : 12.1.0.23     209360 Bytes  17.02.2012 12:38:32

AVEVTLOG.DLL   : 12.1.0.17     169168 Bytes  19.10.2011 15:55:47

SQLITE3.DLL    : 3.7.0.0       398288 Bytes  19.10.2011 15:56:03

AVSMTP.DLL     : 12.1.0.17      62928 Bytes  19.10.2011 15:55:50

NETNT.DLL      : 12.1.0.17      17104 Bytes  19.10.2011 15:55:59

RCIMAGE.DLL    : 12.1.0.17    4447952 Bytes  19.10.2011 15:56:14

RCTEXT.DLL     : 12.1.0.16      98512 Bytes  19.10.2011 15:56:14
 

Konfiguration für den aktuellen Suchlauf:

Job Name..............................: AVGuardAsyncScan

Konfigurationsdatei...................: C:\ProgramData\Avira\AntiVir Desktop\TEMP\AVGUARD_4f832dc2\guard_slideup.avp

Protokollierung.......................: standard

Primäre Aktion........................: reparieren

Sekundäre Aktion......................: quarantäne

Durchsuche Masterbootsektoren.........: ein

Durchsuche Bootsektoren...............: aus

Durchsuche aktive Programme...........: ein

Durchsuche Registrierung..............: aus

Suche nach Rootkits...................: aus

Integritätsprüfung von Systemdateien..: aus

Datei Suchmodus.......................: Alle Dateien

Durchsuche Archive....................: ein

Rekursionstiefe einschränken..........: 20

Archiv Smart Extensions...............: ein

Makrovirenheuristik...................: ein

Dateiheuristik........................: vollständig
 

Beginn des Suchlaufs: Montag, 9. April 2012  20:46
 

Der Suchlauf über gestartete Prozesse wird begonnen:

Durchsuche Prozess 'iexplore.exe' - '1' Modul(e) wurden durchsucht

Durchsuche Prozess 'iexplore.exe' - '1' Modul(e) wurden durchsucht

Durchsuche Prozess 'avscan.exe' - '1' Modul(e) wurden durchsucht

Durchsuche Prozess 'LGSmartI.exe' - '1' Modul(e) wurden durchsucht

Durchsuche Prozess 'iPodService.exe' - '1' Modul(e) wurden durchsucht

Durchsuche Prozess 'sidebar.exe' - '1' Modul(e) wurden durchsucht

Durchsuche Prozess 'SearchFilterHost.exe' - '1' Modul(e) wurden durchsucht

Durchsuche Prozess 'wmiprvse.exe' - '1' Modul(e) wurden durchsucht

Durchsuche Prozess 'SearchProtocolHost.exe' - '1' Modul(e) wurden durchsucht

Durchsuche Prozess 'wmiprvse.exe' - '1' Modul(e) wurden durchsucht

Durchsuche Prozess 'wmpnetwk.exe' - '1' Modul(e) wurden durchsucht

Durchsuche Prozess 'ehmsas.exe' - '1' Modul(e) wurden durchsucht

Durchsuche Prozess 'wmpnscfg.exe' - '1' Modul(e) wurden durchsucht

Durchsuche Prozess 'iCloudServices.exe' - '1' Modul(e) wurden durchsucht

Durchsuche Prozess 'sidebar.exe' - '1' Modul(e) wurden durchsucht

Durchsuche Prozess 'ehtray.exe' - '1' Modul(e) wurden durchsucht

Durchsuche Prozess 'iTunesHelper.exe' - '1' Modul(e) wurden durchsucht

Durchsuche Prozess 'avgnt.exe' - '1' Modul(e) wurden durchsucht

Durchsuche Prozess 'jusched.exe' - '1' Modul(e) wurden durchsucht

Durchsuche Prozess 'reader_sl.exe' - '1' Modul(e) wurden durchsucht

Durchsuche Prozess 'fpassist.exe' - '1' Modul(e) wurden durchsucht

Durchsuche Prozess 'IAAnotif.exe' - '1' Modul(e) wurden durchsucht

Durchsuche Prozess 'rundll32.exe' - '1' Modul(e) wurden durchsucht

Durchsuche Prozess 'RtHDVCpl.exe' - '1' Modul(e) wurden durchsucht

Durchsuche Prozess 'SynTPEnh.exe' - '1' Modul(e) wurden durchsucht

Durchsuche Prozess 'HotKey.exe' - '1' Modul(e) wurden durchsucht

Durchsuche Prozess 'MSASCui.exe' - '1' Modul(e) wurden durchsucht

Durchsuche Prozess 'taskeng.exe' - '1' Modul(e) wurden durchsucht

Durchsuche Prozess 'Explorer.EXE' - '1' Modul(e) wurden durchsucht

Durchsuche Prozess 'Dwm.exe' - '1' Modul(e) wurden durchsucht

Durchsuche Prozess 'svchost.exe' - '1' Modul(e) wurden durchsucht

Durchsuche Prozess 'TrustedInstaller.exe' - '1' Modul(e) wurden durchsucht

Durchsuche Prozess 'avshadow.exe' - '1' Modul(e) wurden durchsucht

Durchsuche Prozess 'IAANTMon.exe' - '1' Modul(e) wurden durchsucht

Durchsuche Prozess 'SearchIndexer.exe' - '1' Modul(e) wurden durchsucht

Durchsuche Prozess 'svchost.exe' - '1' Modul(e) wurden durchsucht

Durchsuche Prozess 'svchost.exe' - '1' Modul(e) wurden durchsucht

Durchsuche Prozess 'svchost.exe' - '1' Modul(e) wurden durchsucht

Durchsuche Prozess 'FABS.exe' - '1' Modul(e) wurden durchsucht

Durchsuche Prozess 'svchost.exe' - '1' Modul(e) wurden durchsucht

Durchsuche Prozess 'mDNSResponder.exe' - '1' Modul(e) wurden durchsucht

Durchsuche Prozess 'AppleMobileDeviceService.exe' - '1' Modul(e) wurden durchsucht

Durchsuche Prozess 'avguard.exe' - '1' Modul(e) wurden durchsucht

Durchsuche Prozess 'agrsmsvc.exe' - '1' Modul(e) wurden durchsucht

Durchsuche Prozess 'svchost.exe' - '1' Modul(e) wurden durchsucht

Durchsuche Prozess 'sched.exe' - '1' Modul(e) wurden durchsucht

Durchsuche Prozess 'spoolsv.exe' - '1' Modul(e) wurden durchsucht

Durchsuche Prozess 'taskeng.exe' - '1' Modul(e) wurden durchsucht

Durchsuche Prozess 'svchost.exe' - '1' Modul(e) wurden durchsucht

Durchsuche Prozess 'rundll32.exe' - '1' Modul(e) wurden durchsucht

Durchsuche Prozess 'svchost.exe' - '1' Modul(e) wurden durchsucht

Durchsuche Prozess 'SLsvc.exe' - '1' Modul(e) wurden durchsucht

Durchsuche Prozess 'svchost.exe' - '1' Modul(e) wurden durchsucht

Durchsuche Prozess 'svchost.exe' - '1' Modul(e) wurden durchsucht

Durchsuche Prozess 'svchost.exe' - '1' Modul(e) wurden durchsucht

Durchsuche Prozess 'svchost.exe' - '1' Modul(e) wurden durchsucht

Durchsuche Prozess 'svchost.exe' - '1' Modul(e) wurden durchsucht

Durchsuche Prozess 'svchost.exe' - '1' Modul(e) wurden durchsucht

Durchsuche Prozess 'nvvsvc.exe' - '1' Modul(e) wurden durchsucht

Durchsuche Prozess 'svchost.exe' - '1' Modul(e) wurden durchsucht

Durchsuche Prozess 'lsm.exe' - '1' Modul(e) wurden durchsucht

Durchsuche Prozess 'lsass.exe' - '1' Modul(e) wurden durchsucht

Durchsuche Prozess 'winlogon.exe' - '1' Modul(e) wurden durchsucht

Durchsuche Prozess 'services.exe' - '1' Modul(e) wurden durchsucht

Durchsuche Prozess 'wininit.exe' - '1' Modul(e) wurden durchsucht

Durchsuche Prozess 'csrss.exe' - '1' Modul(e) wurden durchsucht

Durchsuche Prozess 'csrss.exe' - '1' Modul(e) wurden durchsucht

Durchsuche Prozess 'smss.exe' - '1' Modul(e) wurden durchsucht
 

Der Suchlauf über die ausgewählten Dateien wird begonnen:
 

Beginne mit der Suche in 'C:\Users\*****\AppData\Roaming\ipqjqdog.exe'

C:\Users\*****\AppData\Roaming\ipqjqdog.exe

  [FUND]      Ist das Trojanische Pferd TR/Offend.kdv.592783

  [HINWEIS]   Der Registrierungseintrag <HKEY_USERS\S-1-5-21-34358707-724617780-478042-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\PC Health Status> wurde erfolgreich repariert.

  [HINWEIS]   Die Datei wurde ins Quarantäneverzeichnis unter dem Namen '4abe8f07.qua' verschoben!
 
 

Ende des Suchlaufs: Montag, 9. April 2012  20:46

Benötigte Zeit: 00:04 Minute(n)
 

Der Suchlauf wurde vollständig durchgeführt.
 

      0 Verzeichnisse wurden überprüft

     69 Dateien wurden geprüft

      1 Viren bzw. unerwünschte Programme wurden gefunden

      0 Dateien wurden als verdächtig eingestuft

      0 Dateien wurden gelöscht

      0 Viren bzw. unerwünschte Programme wurden repariert

      1 Dateien wurden in die Quarantäne verschoben

      0 Dateien wurden umbenannt

      0 Dateien konnten nicht durchsucht werden

     68 Dateien ohne Befall

      0 Archive wurden durchsucht

      0 Warnungen

      1 Hinweise

das war die zweite Meldung,
das ist die erste:

Code:



Avira Free Antivirus

Erstellungsdatum der Reportdatei: Samstag, 7. April 2012  20:30
 

Es wird nach 3597466 Virenstämmen gesucht.
 

Das Programm läuft als uneingeschränkte Vollversion.

Online-Dienste stehen zur Verfügung.
 

Lizenznehmer   : Avira AntiVir Personal - Free Antivirus

Seriennummer   : 0000149996-ADJIE-0000001

Plattform      : Windows Vista

Windowsversion : (Service Pack 2)  [6.0.6002]

Boot Modus     : Normal gebootet

Benutzername   : SYSTEM

Computername   : *******-PC
 

Versionsinformationen:

BUILD.DAT      : 12.0.0.898     41963 Bytes  31.01.2012 13:51:00

AVSCAN.EXE     : 12.1.0.20     492496 Bytes  17.02.2012 12:38:43

AVSCAN.DLL     : 12.1.0.18      65744 Bytes  17.02.2012 12:38:33

LUKE.DLL       : 12.1.0.19      68304 Bytes  17.02.2012 12:38:45

AVSCPLR.DLL    : 12.1.0.22     100048 Bytes  17.02.2012 12:38:56

AVREG.DLL      : 12.1.0.36     229128 Bytes  06.04.2012 19:30:12

VBASE000.VDF   : 7.10.0.0    19875328 Bytes  06.11.2009 19:18:34

VBASE001.VDF   : 7.11.0.0    13342208 Bytes  14.12.2010 10:07:39

VBASE002.VDF   : 7.11.19.170 14374912 Bytes  20.12.2011 19:53:08

VBASE003.VDF   : 7.11.21.238  4472832 Bytes  01.02.2012 17:59:18

VBASE004.VDF   : 7.11.26.44   4329472 Bytes  28.03.2012 16:15:28

VBASE005.VDF   : 7.11.26.45      2048 Bytes  28.03.2012 16:15:28

VBASE006.VDF   : 7.11.26.46      2048 Bytes  28.03.2012 16:15:28

VBASE007.VDF   : 7.11.26.47      2048 Bytes  28.03.2012 16:15:28

VBASE008.VDF   : 7.11.26.48      2048 Bytes  28.03.2012 16:15:28

VBASE009.VDF   : 7.11.26.49      2048 Bytes  28.03.2012 16:15:28

VBASE010.VDF   : 7.11.26.50      2048 Bytes  28.03.2012 16:15:28

VBASE011.VDF   : 7.11.26.51      2048 Bytes  28.03.2012 16:15:28

VBASE012.VDF   : 7.11.26.52      2048 Bytes  28.03.2012 16:15:28

VBASE013.VDF   : 7.11.26.53      2048 Bytes  28.03.2012 16:15:28

VBASE014.VDF   : 7.11.26.107   221696 Bytes  30.03.2012 16:12:25

VBASE015.VDF   : 7.11.26.179   224768 Bytes  02.04.2012 16:30:22

VBASE016.VDF   : 7.11.26.241   142336 Bytes  04.04.2012 19:30:04

VBASE017.VDF   : 7.11.26.242     2048 Bytes  04.04.2012 19:30:04

VBASE018.VDF   : 7.11.26.243     2048 Bytes  04.04.2012 19:30:04

VBASE019.VDF   : 7.11.26.244     2048 Bytes  04.04.2012 19:30:04

VBASE020.VDF   : 7.11.26.245     2048 Bytes  04.04.2012 19:30:04

VBASE021.VDF   : 7.11.26.246     2048 Bytes  04.04.2012 19:30:05

VBASE022.VDF   : 7.11.26.247     2048 Bytes  04.04.2012 19:30:05

VBASE023.VDF   : 7.11.26.248     2048 Bytes  04.04.2012 19:30:05

VBASE024.VDF   : 7.11.26.249     2048 Bytes  04.04.2012 19:30:05

VBASE025.VDF   : 7.11.26.250     2048 Bytes  04.04.2012 19:30:05

VBASE026.VDF   : 7.11.26.251     2048 Bytes  04.04.2012 19:30:05

VBASE027.VDF   : 7.11.26.252     2048 Bytes  04.04.2012 19:30:05

VBASE028.VDF   : 7.11.26.253     2048 Bytes  04.04.2012 19:30:05

VBASE029.VDF   : 7.11.26.254     2048 Bytes  04.04.2012 19:30:05

VBASE030.VDF   : 7.11.26.255     2048 Bytes  04.04.2012 19:30:05

VBASE031.VDF   : 7.11.27.38    201216 Bytes  06.04.2012 19:30:06

Engineversion  : 8.2.10.38 

AEVDF.DLL      : 8.1.2.2       106868 Bytes  27.11.2011 21:32:39

AESCRIPT.DLL   : 8.1.4.16      446842 Bytes  06.04.2012 19:30:12

AESCN.DLL      : 8.1.8.2       131444 Bytes  01.02.2012 17:59:26

AESBX.DLL      : 8.2.5.5       606579 Bytes  28.03.2012 16:15:36

AERDL.DLL      : 8.1.9.15      639348 Bytes  08.09.2011 22:16:06

AEPACK.DLL     : 8.2.16.9      807287 Bytes  30.03.2012 16:13:35

AEOFFICE.DLL   : 8.1.2.27      201082 Bytes  06.04.2012 19:30:11

AEHEUR.DLL     : 8.1.4.12     4604278 Bytes  06.04.2012 19:30:11

AEHELP.DLL     : 8.1.19.1      254327 Bytes  02.04.2012 16:30:30

AEGEN.DLL      : 8.1.5.23      409973 Bytes  28.03.2012 16:15:30

AEEXP.DLL      : 8.1.0.28       82292 Bytes  06.04.2012 19:30:12

AEEMU.DLL      : 8.1.3.0       393589 Bytes  01.09.2011 22:46:01

AECORE.DLL     : 8.1.25.6      201078 Bytes  28.03.2012 16:15:30

AEBB.DLL       : 8.1.1.0        53618 Bytes  01.09.2011 22:46:01

AVWINLL.DLL    : 12.1.0.17      27344 Bytes  19.10.2011 15:55:51

AVPREF.DLL     : 12.1.0.17      51920 Bytes  19.10.2011 15:55:48

AVREP.DLL      : 12.1.0.17     179408 Bytes  19.10.2011 15:55:49

AVARKT.DLL     : 12.1.0.23     209360 Bytes  17.02.2012 12:38:32

AVEVTLOG.DLL   : 12.1.0.17     169168 Bytes  19.10.2011 15:55:47

SQLITE3.DLL    : 3.7.0.0       398288 Bytes  19.10.2011 15:56:03

AVSMTP.DLL     : 12.1.0.17      62928 Bytes  19.10.2011 15:55:50

NETNT.DLL      : 12.1.0.17      17104 Bytes  19.10.2011 15:55:59

RCIMAGE.DLL    : 12.1.0.17    4447952 Bytes  19.10.2011 15:56:14

RCTEXT.DLL     : 12.1.0.16      98512 Bytes  19.10.2011 15:56:14
 

Konfiguration für den aktuellen Suchlauf:

Job Name..............................: AVGuardAsyncScan

Konfigurationsdatei...................: C:\ProgramData\Avira\AntiVir Desktop\TEMP\AVGUARD_4f7fefbd\guard_slideup.avp

Protokollierung.......................: standard

Primäre Aktion........................: reparieren

Sekundäre Aktion......................: quarantäne

Durchsuche Masterbootsektoren.........: ein

Durchsuche Bootsektoren...............: aus

Durchsuche aktive Programme...........: ein

Durchsuche Registrierung..............: aus

Suche nach Rootkits...................: aus

Integritätsprüfung von Systemdateien..: aus

Datei Suchmodus.......................: Alle Dateien

Durchsuche Archive....................: ein

Rekursionstiefe einschränken..........: 20

Archiv Smart Extensions...............: ein

Makrovirenheuristik...................: ein

Dateiheuristik........................: vollständig
 

Beginn des Suchlaufs: Samstag, 7. April 2012  20:30
 

Der Suchlauf über gestartete Prozesse wird begonnen:

Durchsuche Prozess 'avscan.exe' - '1' Modul(e) wurden durchsucht

Durchsuche Prozess 'SearchProtocolHost.exe' - '1' Modul(e) wurden durchsucht

Durchsuche Prozess 'svchost.exe' - '1' Modul(e) wurden durchsucht

Durchsuche Prozess 'avscan.exe' - '1' Modul(e) wurden durchsucht

Durchsuche Prozess 'vssvc.exe' - '1' Modul(e) wurden durchsucht

Durchsuche Prozess 'avscan.exe' - '1' Modul(e) wurden durchsucht

Durchsuche Prozess 'SearchFilterHost.exe' - '1' Modul(e) wurden durchsucht

Durchsuche Prozess 'conime.exe' - '1' Modul(e) wurden durchsucht

Durchsuche Prozess 'iexplore.exe' - '1' Modul(e) wurden durchsucht

Durchsuche Prozess 'iexplore.exe' - '1' Modul(e) wurden durchsucht

Durchsuche Prozess 'iexplore.exe' - '1' Modul(e) wurden durchsucht

Durchsuche Prozess 'OSPPSVC.EXE' - '1' Modul(e) wurden durchsucht

Durchsuche Prozess 'SynTPHelper.exe' - '1' Modul(e) wurden durchsucht

Durchsuche Prozess 'FlashUtil11f_ActiveX.exe' - '1' Modul(e) wurden durchsucht

Durchsuche Prozess 'LGSmartI.exe' - '1' Modul(e) wurden durchsucht

Durchsuche Prozess 'iexplore.exe' - '1' Modul(e) wurden durchsucht

Durchsuche Prozess 'iexplore.exe' - '1' Modul(e) wurden durchsucht

Durchsuche Prozess 'iPodService.exe' - '1' Modul(e) wurden durchsucht

Durchsuche Prozess 'wmpnetwk.exe' - '1' Modul(e) wurden durchsucht

Durchsuche Prozess 'sidebar.exe' - '1' Modul(e) wurden durchsucht

Durchsuche Prozess 'ipqjqdog.exe' - '1' Modul(e) wurden durchsucht

Durchsuche Prozess 'wmpnscfg.exe' - '1' Modul(e) wurden durchsucht

Durchsuche Prozess 'wmiprvse.exe' - '1' Modul(e) wurden durchsucht

Durchsuche Prozess 'ehmsas.exe' - '1' Modul(e) wurden durchsucht

Durchsuche Prozess 'ipqjqdog.exe' - '1' Modul(e) wurden durchsucht

Durchsuche Prozess 'iCloudServices.exe' - '1' Modul(e) wurden durchsucht

Durchsuche Prozess 'sidebar.exe' - '1' Modul(e) wurden durchsucht

Durchsuche Prozess 'ehtray.exe' - '1' Modul(e) wurden durchsucht

Durchsuche Prozess 'iTunesHelper.exe' - '1' Modul(e) wurden durchsucht

Durchsuche Prozess 'avgnt.exe' - '1' Modul(e) wurden durchsucht

Durchsuche Prozess 'jusched.exe' - '1' Modul(e) wurden durchsucht

Durchsuche Prozess 'fpassist.exe' - '1' Modul(e) wurden durchsucht

Durchsuche Prozess 'IAAnotif.exe' - '1' Modul(e) wurden durchsucht

Durchsuche Prozess 'rundll32.exe' - '1' Modul(e) wurden durchsucht

Durchsuche Prozess 'RtHDVCpl.exe' - '1' Modul(e) wurden durchsucht

Durchsuche Prozess 'SynTPEnh.exe' - '1' Modul(e) wurden durchsucht

Durchsuche Prozess 'HotKey.exe' - '1' Modul(e) wurden durchsucht

Durchsuche Prozess 'MSASCui.exe' - '1' Modul(e) wurden durchsucht

Durchsuche Prozess 'Explorer.EXE' - '1' Modul(e) wurden durchsucht

Durchsuche Prozess 'taskeng.exe' - '1' Modul(e) wurden durchsucht

Durchsuche Prozess 'Dwm.exe' - '1' Modul(e) wurden durchsucht

Durchsuche Prozess 'svchost.exe' - '1' Modul(e) wurden durchsucht

Durchsuche Prozess 'avshadow.exe' - '1' Modul(e) wurden durchsucht

Durchsuche Prozess 'IAANTMon.exe' - '1' Modul(e) wurden durchsucht

Durchsuche Prozess 'SearchIndexer.exe' - '1' Modul(e) wurden durchsucht

Durchsuche Prozess 'svchost.exe' - '1' Modul(e) wurden durchsucht

Durchsuche Prozess 'svchost.exe' - '1' Modul(e) wurden durchsucht

Durchsuche Prozess 'svchost.exe' - '1' Modul(e) wurden durchsucht

Durchsuche Prozess 'FABS.exe' - '1' Modul(e) wurden durchsucht

Durchsuche Prozess 'svchost.exe' - '1' Modul(e) wurden durchsucht

Durchsuche Prozess 'mDNSResponder.exe' - '1' Modul(e) wurden durchsucht

Durchsuche Prozess 'AppleMobileDeviceService.exe' - '1' Modul(e) wurden durchsucht

Durchsuche Prozess 'avguard.exe' - '1' Modul(e) wurden durchsucht

Durchsuche Prozess 'agrsmsvc.exe' - '1' Modul(e) wurden durchsucht

Durchsuche Prozess 'svchost.exe' - '1' Modul(e) wurden durchsucht

Durchsuche Prozess 'sched.exe' - '1' Modul(e) wurden durchsucht

Durchsuche Prozess 'spoolsv.exe' - '1' Modul(e) wurden durchsucht

Durchsuche Prozess 'taskeng.exe' - '1' Modul(e) wurden durchsucht

Durchsuche Prozess 'svchost.exe' - '1' Modul(e) wurden durchsucht

Durchsuche Prozess 'rundll32.exe' - '1' Modul(e) wurden durchsucht

Durchsuche Prozess 'svchost.exe' - '1' Modul(e) wurden durchsucht

Durchsuche Prozess 'SLsvc.exe' - '1' Modul(e) wurden durchsucht

Durchsuche Prozess 'svchost.exe' - '1' Modul(e) wurden durchsucht

Durchsuche Prozess 'svchost.exe' - '1' Modul(e) wurden durchsucht

Durchsuche Prozess 'svchost.exe' - '1' Modul(e) wurden durchsucht

Durchsuche Prozess 'svchost.exe' - '1' Modul(e) wurden durchsucht

Durchsuche Prozess 'svchost.exe' - '1' Modul(e) wurden durchsucht

Durchsuche Prozess 'svchost.exe' - '1' Modul(e) wurden durchsucht

Durchsuche Prozess 'nvvsvc.exe' - '1' Modul(e) wurden durchsucht

Durchsuche Prozess 'svchost.exe' - '1' Modul(e) wurden durchsucht

Durchsuche Prozess 'winlogon.exe' - '1' Modul(e) wurden durchsucht

Durchsuche Prozess 'lsm.exe' - '1' Modul(e) wurden durchsucht

Durchsuche Prozess 'lsass.exe' - '1' Modul(e) wurden durchsucht

Durchsuche Prozess 'services.exe' - '1' Modul(e) wurden durchsucht

Durchsuche Prozess 'csrss.exe' - '1' Modul(e) wurden durchsucht

Durchsuche Prozess 'wininit.exe' - '1' Modul(e) wurden durchsucht

Durchsuche Prozess 'csrss.exe' - '1' Modul(e) wurden durchsucht

Durchsuche Prozess 'smss.exe' - '1' Modul(e) wurden durchsucht
 

Der Suchlauf über die ausgewählten Dateien wird begonnen:
 

Beginne mit der Suche in 'C:\Users\*****\AppData\Roaming\6F647EAD.exe'

C:\Users\*****\AppData\Roaming\6F647EAD.exe

  [FUND]      Ist das Trojanische Pferd TR/Crypt.ZPACK.Gen

  [HINWEIS]   Die Datei wurde ins Quarantäneverzeichnis unter dem Namen '4aca252c.qua' verschoben!
 
 

Ende des Suchlaufs: Samstag, 7. April 2012  20:31

Benötigte Zeit: 00:16 Minute(n)
 

Der Suchlauf wurde vollständig durchgeführt.
 

      0 Verzeichnisse wurden überprüft

     79 Dateien wurden geprüft

      1 Viren bzw. unerwünschte Programme wurden gefunden

      0 Dateien wurden als verdächtig eingestuft

      0 Dateien wurden gelöscht

      0 Viren bzw. unerwünschte Programme wurden repariert

      1 Dateien wurden in die Quarantäne verschoben

      0 Dateien wurden umbenannt

      0 Dateien konnten nicht durchsucht werden

     78 Dateien ohne Befall

      0 Archive wurden durchsucht

      0 Warnungen

      1 Hinweise

Ein kompletter neuer Suchlauf wird im Moment gemacht, den stell ich dann morgen online...

Bitte erstmal routinemäßig einen Vollscan mit malwarebytes machen und Log posten. =>ALLE lokalen Datenträger (außer CD/DVD) überprüfen lassen!
Denk daran, dass Malwarebytes vor jedem Scan manuell aktualisiert werden muss! Außerdem müssen alle Funde entfernt werden.

Falls Logs aus älteren Scans mit Malwarebytes vorhanden sind, bitte auch davon alle posten!

ESET Online Scanner

Hier findest du eine bebilderte Anleitung zu ESET Online Scanner
Lade und starte Eset Online Scanner
Setze einen Haken bei Ja, ich bin mit den Nutzungsbedingungen einverstanden und klicke auf Starten.
Aktiviere die "Erkennung von eventuell unerwünschten Anwendungen" und wähle folgende Einstellungen.
Klicke auf Starten.
Die Signaturen werden heruntergeladen, der Scan beginnt automatisch.
Klicke am Ende des Suchlaufs auf Fertig stellen.
Schließe das Fenster von ESET.
Explorer öffnen.
C:\Programme\Eset\EsetOnlineScanner\log.txt (bei 64 Bit auch C:\Programme (x86)\Eset\EsetOnlineScanner\log.txt) suchen und mit Deinem Editor öffnen (bebildert).
Logfile hier posten.
Deinstallation: Systemsteuerung => Software / Programme deinstallieren => Eset Online Scanner V3 entfernen.
Manuell folgenden Ordner löschen und Papierkorb leeren => C:\Programme\Eset

Bitte alles nach Möglichkeit hier in CODE-Tags posten.

Wird so gemacht:

[code] hier steht das Log [/code]

Und das ganze sieht dann so aus:

Code:

hier steht das Log

So, sorry das es so lange gedauert hat, aber ist der Laptop meiner Freundin, und ich bin nicht immer bei ihr...
Hab beide Programme durchgefahren, das ESET bringt aber nur ein zwei Zeilen langes Log-File.

Malwarebyte:

Code:

 Malwarebytes Anti-Malware (Test) 1.61.0.1400

www.malwarebytes.org
 

Datenbank Version: v2012.04.14.05
 

Windows Vista Service Pack 2 x86 NTFS

Internet Explorer 8.0.6001.19222

Martina :: *******-PC [Administrator]
 

Schutz: Aktiviert
 

14.04.2012 18:56:38

mbam-log-2012-04-14 (18-56-38).txt
 

Art des Suchlaufs: Vollständiger Suchlauf

Aktivierte Suchlaufeinstellungen: Speicher | Autostart | Registrierung | Dateisystem | Heuristiks/Extra | HeuristiKs/Shuriken | PUP | PUM

Deaktivierte Suchlaufeinstellungen: P2P

Durchsuchte Objekte: 440441

Laufzeit: 2 Stunde(n), 22 Minute(n), 44 Sekunde(n)
 

Infizierte Speicherprozesse: 0

(Keine bösartigen Objekte gefunden)
 

Infizierte Speichermodule: 0

(Keine bösartigen Objekte gefunden)
 

Infizierte Registrierungsschlüssel: 0

(Keine bösartigen Objekte gefunden)
 

Infizierte Registrierungswerte: 1

HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Run|PC Health Status (Trojan.LockScreen) -> Daten: C:\Users\*******\AppData\Roaming\ipqjqdog.exe -> Erfolgreich gelöscht und in Quarantäne gestellt.
 

Infizierte Dateiobjekte der Registrierung: 0

(Keine bösartigen Objekte gefunden)
 

Infizierte Verzeichnisse: 0

(Keine bösartigen Objekte gefunden)
 

Infizierte Dateien: 0

(Keine bösartigen Objekte gefunden)
 

(Ende)

ESET:

Code:

 ESETSmartInstaller@High as CAB hook log:

OnlineScanner.ocx - registred OK

Weiß nicht ob ich da nicht irgendeinen Fehler gemacht habe, bin genau nach Anleitung vorgegangen...
Fehlermeldung kommt auch nicht mehr.

Gruß und danke schonmal
Sebastian

ESET hast du wahrscheinlich falsch gemacht, da gab es extra einen dicken Hinweis zu

Anmerkung für Vista und Win7 User: Bitte den Browser unbedingt so öffnen: per Rechtsklick => als Administrator ausführen

Mea Culpa... läuft nochmal

So, hier der vollständige log von ESET:

Code:

 ESETSmartInstaller@High as CAB hook log:

OnlineScanner.ocx - registred OK

esets_scanner_update returned -1 esets_gle=53251

# version=7

# iexplore.exe=8.00.6001.18702 (longhorn_ie8_rtm(wmbla).090308-0339)

# OnlineScanner.ocx=1.0.0.6583

# api_version=3.0.2

# EOSSerial=70e118de8ece1f47b15832ef09a29e41

# end=finished

# remove_checked=false

# archives_checked=true

# unwanted_checked=true

# unsafe_checked=false

# antistealth_checked=true

# utc_time=2012-04-15 07:14:29

# local_time=2012-04-15 09:14:29 (+0100, Mitteleuropäische Sommerzeit)

# country="Germany"

# lang=1033

# osver=6.0.6002 NT Service Pack 2

# compatibility_mode=1792 16777215 100 0 12085623 12085623 0 0

# compatibility_mode=5892 16776573 100 100 71851 172044264 0 0

# compatibility_mode=8192 67108863 100 0 77773 77773 0 0

# scanned=239338

# found=0

# cleaned=0

# scan_time=5733

Hätte da mal zwei Fragen bevor es weiter geht

1.) Geht der normale Modus uneingeschränkt?
2.) Vermisst du irgendwas im Startmenü? Sind da leere Ordner unter alle Programme oder ist alles vorhanden?

Ja, normaler Modus geht und der Fehler ist bisher auch nicht mehr aufgetreten.
Im Startmenü fehlt auch gar nichts...

Mach bitte ein neues OTL-Log. Bitte alles nach Möglichkeit hier in CODE-Tags posten.

Wird so gemacht:

[code] hier steht das Log [/code]

Und das ganze sieht dann so aus:

Code:

hier steht das Log

CustomScan mit OTL

Falls noch nicht vorhanden, lade Dir bitte OTL von Oldtimer herunter und speichere es auf Deinem Desktop

Starte bitte die OTL.exe.
Vista und Win7 User mit Rechtsklick "als Administrator starten"
Setze oben mittig den Haken bei Scanne alle Benutzer
Kopiere nun den kompletten Inhalt aus der untenstehenden Codebox in die http://billy-oneal.com/Canned%20Spee.../customFix.png Textbox von OTL - wenn OTL auf deutsch ist wird sie mit http://larusso.trojaner-board.de/Images/otlfix.jpg beschriftet

Code:

netsvcs

msconfig

safebootminimal

safebootnetwork

activex

drivers32

%ALLUSERSPROFILE%\Application Data\*.

%ALLUSERSPROFILE%\Application Data\*.exe /s

%APPDATA%\*.

%APPDATA%\*.exe /s

%SYSTEMDRIVE%\*.exe

/md5start

wininit.exe

userinit.exe

eventlog.dll

scecli.dll

netlogon.dll

cngaudit.dll

ws2ifsl.sys

sceclt.dll

ntelogon.dll

winlogon.exe

logevent.dll

user32.DLL

iaStor.sys

nvstor.sys

atapi.sys

IdeChnDr.sys

viasraid.sys

AGP440.sys

vaxscsi.sys

nvatabus.sys

viamraid.sys

nvata.sys

nvgts.sys

iastorv.sys

ViPrt.sys

eNetHook.dll

ahcix86.sys

KR10N.sys

nvstor32.sys

ahcix86s.sys

/md5stop

%systemroot%\system32\drivers\*.sys /lockedfiles

%systemroot%\System32\config\*.sav

%systemroot%\*. /mp /s

%systemroot%\system32\*.dll /lockedfiles

CREATERESTOREPOINT

Schliesse bitte nun alle Programme. (Wichtig)
Klicke nun bitte auf den Quick Scan Button.
Klick auf http://billy-oneal.com/Canned%20Spee.../OTL/btnOK.png.
Kopiere nun den Inhalt aus OTL.txt hier in Deinen Thread

okay, erledigt... es haben sich aber zwei log files geöffnet, eine OTL.Txt und eine Extras.Txt, ich poste beide mal...
Die OTL.Txt:
OTL Logfile:

Code:

OTL logfile created on: 21.04.2012 11:36:09 - Run 1

OTL by OldTimer - Version 3.2.40.0     Folder = C:\Users\*******\Desktop

Windows Vista Home Premium Edition Service Pack 2 (Version = 6.0.6002) - Type = NTWorkstation

Internet Explorer (Version = 8.0.6001.19222)

Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy

 

3,00 Gb Total Physical Memory | 1,70 Gb Available Physical Memory | 56,71% Memory free

6,20 Gb Paging File | 4,72 Gb Available in Paging File | 76,11% Paging File free

Paging file location(s): ?:\pagefile.sys [binary data]

 

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files

Drive C: | 148,00 Gb Total Space | 76,05 Gb Free Space | 51,39% Space Free | Partition Type: NTFS

Drive E: | 148,59 Gb Total Space | 70,97 Gb Free Space | 47,77% Space Free | Partition Type: NTFS

Drive F: | 465,76 Gb Total Space | 386,26 Gb Free Space | 82,93% Space Free | Partition Type: NTFS

Drive G: | 15,09 Gb Total Space | 12,95 Gb Free Space | 85,81% Space Free | Partition Type: FAT32

Drive H: | 6,67 Mb Total Space | 0,00 Mb Free Space | 0,00% Space Free | Partition Type: CDFS

Drive I: | 14,92 Gb Total Space | 1,24 Gb Free Space | 8,28% Space Free | Partition Type: FAT32

 

Computer Name: *******-PC | User Name: ******* | Logged in as Administrator.

Boot Mode: Normal | Scan Mode: All users | Quick Scan

Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days

 
 ========== Processes (SafeList) ==========

 

PRC - [2012.04.21 11:30:40 | 000,595,968 | ---- | M] (OldTimer Tools) -- C:\Users\*******\Desktop\OTL.exe

PRC - [2012.04.04 15:56:40 | 000,654,408 | ---- | M] (Malwarebytes Corporation) -- C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe

PRC - [2011.11.11 19:18:24 | 000,059,240 | ---- | M] (Apple Inc.) -- C:\Program Files\Common Files\Apple\Internet Services\iCloudServices.exe

PRC - [2011.10.19 17:56:15 | 000,080,336 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\Program Files\Avira\AntiVir Desktop\avshadow.exe

PRC - [2011.10.19 17:56:01 | 000,086,224 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\Program Files\Avira\AntiVir Desktop\sched.exe

PRC - [2011.10.19 17:55:48 | 000,258,512 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\Program Files\Avira\AntiVir Desktop\avgnt.exe

PRC - [2011.10.19 17:55:48 | 000,110,032 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\Program Files\Avira\AntiVir Desktop\avguard.exe

PRC - [2009.08.27 17:09:10 | 001,253,376 | ---- | M] (MAGIX AG) -- C:\Program Files\Common Files\MAGIX Services\Database\bin\FABS.exe

PRC - [2009.04.11 08:27:36 | 002,926,592 | ---- | M] (Microsoft Corporation) -- C:\Windows\explorer.exe

PRC - [2008.07.22 22:44:06 | 000,357,376 | ---- | M] (shbox.de) -- C:\Program Files\FreePDF_XP\fpassist.exe

PRC - [2008.06.09 22:17:26 | 002,867,200 | ---- | M] (LG Electronics) -- C:\Program Files\LG Software\LG OSD\HotKey.exe

PRC - [2008.05.20 19:49:26 | 000,095,536 | ---- | M] (LG Electronics Inc.) -- C:\Program Files\Windows Sidebar\Gadgets\LGSmartI.Gadget\plugins\LGSmartI.exe

PRC - [2008.04.21 04:30:20 | 000,354,840 | ---- | M] (Intel Corporation) -- C:\Program Files\Intel\Intel Matrix Storage Manager\IAANTmon.exe

PRC - [2008.04.21 04:30:16 | 000,178,712 | ---- | M] (Intel Corporation) -- C:\Program Files\Intel\Intel Matrix Storage Manager\IAAnotif.exe

PRC - [2008.04.17 20:50:00 | 006,111,232 | ---- | M] (Realtek Semiconductor) -- C:\Windows\RtHDVCpl.exe

PRC - [2008.03.18 21:27:12 | 000,013,312 | ---- | M] (Agere Systems) -- C:\Windows\System32\agrsmsvc.exe

PRC - [2008.01.21 04:23:32 | 001,008,184 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Windows Defender\MSASCui.exe

 

 
 ========== Modules (No Company Name) ==========

 

MOD - [2011.06.24 22:56:36 | 000,087,328 | ---- | M] () -- C:\Program Files\Common Files\Apple\Apple Application Support\zlib1.dll

MOD - [2011.06.24 22:56:14 | 001,241,888 | ---- | M] () -- C:\Program Files\Common Files\Apple\Apple Application Support\libxml2.dll

MOD - [2011.03.17 00:11:16 | 004,297,568 | ---- | M] () -- C:\Program Files\Common Files\microsoft shared\OFFICE14\Cultures\OFFICE.ODF

 

 
 ========== Win32 Services (SafeList) ==========

 

SRV - [2012.04.15 16:54:32 | 000,253,088 | ---- | M] (Adobe Systems Incorporated) [On_Demand | Stopped] -- C:\Windows\System32\Macromed\Flash\FlashPlayerUpdateService.exe -- (AdobeFlashPlayerUpdateSvc)

SRV - [2012.04.04 15:56:40 | 000,654,408 | ---- | M] (Malwarebytes Corporation) [Auto | Running] -- C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe -- (MBAMService)

SRV - [2011.10.19 17:56:01 | 000,086,224 | ---- | M] (Avira Operations GmbH & Co. KG) [Auto | Running] -- C:\Program Files\Avira\AntiVir Desktop\sched.exe -- (AntiVirSchedulerService)

SRV - [2011.10.19 17:55:48 | 000,110,032 | ---- | M] (Avira Operations GmbH & Co. KG) [Auto | Running] -- C:\Program Files\Avira\AntiVir Desktop\avguard.exe -- (AntiVirService)

SRV - [2011.06.12 11:15:00 | 031,125,880 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Program Files\Microsoft Office\Office14\GROOVE.EXE -- (Microsoft SharePoint Workspace Audit Service)

SRV - [2009.08.27 17:09:10 | 001,253,376 | ---- | M] (MAGIX AG) [Auto | Running] -- C:\Program Files\Common Files\MAGIX Services\Database\bin\FABS.exe -- (Fabs)

SRV - [2008.08.07 11:10:02 | 003,276,800 | ---- | M] (MAGIX®) [On_Demand | Stopped] -- C:\Program Files\Common Files\MAGIX Services\Database\bin\fbserver.exe -- (FirebirdServerMAGIXInstance)

SRV - [2008.04.21 04:30:20 | 000,354,840 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\Program Files\Intel\Intel Matrix Storage Manager\IAANTmon.exe -- (IAANTMON) Intel(R)

SRV - [2008.03.18 21:27:12 | 000,013,312 | ---- | M] (Agere Systems) [Auto | Running] -- C:\Windows\System32\agrsmsvc.exe -- (AgereModemAudio)

SRV - [2008.01.21 04:23:32 | 000,272,952 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files\Windows Defender\MpSvc.dll -- (WinDefend)

 

 
 ========== Driver Services (SafeList) ==========

 

DRV - File not found [Kernel | On_Demand | Stopped] -- system32\DRIVERS\nwlnkfwd.sys -- (NwlnkFwd)

DRV - File not found [Kernel | On_Demand | Stopped] -- system32\DRIVERS\nwlnkflt.sys -- (NwlnkFlt)

DRV - File not found [Kernel | On_Demand | Stopped] -- system32\DRIVERS\ipinip.sys -- (IpInIp)

DRV - [2012.04.04 15:56:40 | 000,022,344 | ---- | M] (Malwarebytes Corporation) [File_System | On_Demand | Running] -- C:\Windows\System32\drivers\mbam.sys -- (MBAMProtector)

DRV - [2012.02.17 14:38:47 | 000,137,416 | ---- | M] (Avira GmbH) [Kernel | System | Running] -- C:\Windows\System32\drivers\avipbb.sys -- (avipbb)

DRV - [2011.10.19 17:56:15 | 000,074,640 | ---- | M] (Avira GmbH) [File_System | Auto | Running] -- C:\Windows\System32\drivers\avgntflt.sys -- (avgntflt)

DRV - [2011.10.19 17:56:15 | 000,036,000 | ---- | M] (Avira GmbH) [Kernel | System | Running] -- C:\Windows\System32\drivers\avkmgr.sys -- (avkmgr)

DRV - [2010.06.23 10:21:32 | 000,259,176 | ---- | M] (Realtek                                            ) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\Rtlh86.sys -- (RTL8169)

DRV - [2010.06.17 16:14:27 | 000,028,520 | ---- | M] (Avira GmbH) [Kernel | System | Running] -- C:\Windows\System32\drivers\ssmdrv.sys -- (ssmdrv)

DRV - [2009.09.29 09:11:22 | 000,012,160 | ---- | M] (LG Electronics Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\lgbtport.sys -- (LgBttPort)

DRV - [2009.09.29 09:11:20 | 000,012,928 | ---- | M] (LG Electronics Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\lgvmodem.sys -- (LGVMODEM)

DRV - [2009.09.29 09:11:20 | 000,010,496 | ---- | M] (LG Electronics Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\lgbtbus.sys -- (lgbusenum)

DRV - [2008.11.19 18:09:10 | 000,024,832 | ---- | M] (LG Electronics Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\lgusbmodem.sys -- (USBModem)

DRV - [2008.11.19 18:09:08 | 000,019,968 | ---- | M] (LG Electronics Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\lgusbdiag.sys -- (UsbDiag)

DRV - [2008.11.19 18:09:08 | 000,013,056 | ---- | M] (LG Electronics Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\lgusbbus.sys -- (usbbus)

DRV - [2008.06.10 07:23:00 | 007,522,624 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\nvlddmkm.sys -- (nvlddmkm)

DRV - [2008.06.10 07:23:00 | 000,043,040 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\nvhda32v.sys -- (NVHDA)

DRV - [2008.03.26 20:32:04 | 000,081,192 | ---- | M] (CyberLink) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\WSVD.sys -- (WSVD)

DRV - [2008.03.21 21:13:00 | 001,203,776 | ---- | M] (Agere Systems) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\AGRSM.sys -- (AgereSoftModem)

DRV - [2007.05.24 02:33:58 | 000,128,104 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Stopped] -- C:\Windows\System32\drivers\WimFltr.sys -- (WimFltr)

 

 
 ========== Standard Registry (SafeList) ==========

 

 
 ========== Internet Explorer ==========

 

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://www.lge.com

IE - HKLM\..\SearchScopes,DefaultScope = {6A1806CD-94D4-4689-BA73-E35EA1EA9990}

IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://search.live.com/results.aspx?q={searchTerms}&src={referrer:source?}

IE - HKLM\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = hxxp://www.google.com/search?q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&sourceid=ie7

 

 

IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

 

IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

 

IE - HKU\S-1-5-19\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

 

 

IE - HKU\S-1-5-21-34358707-724617780-478042-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://www.lge.com

IE - HKU\S-1-5-21-34358707-724617780-478042-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.google.de/

IE - HKU\S-1-5-21-34358707-724617780-478042-1000\SOFTWARE\Microsoft\Internet Explorer\Main,StartPageCache = 1

IE - HKU\S-1-5-21-34358707-724617780-478042-1000\..\URLSearchHook:  - No CLSID value found

IE - HKU\S-1-5-21-34358707-724617780-478042-1000\..\SearchScopes,DefaultScope = {6A1806CD-94D4-4689-BA73-E35EA1EA9990}

IE - HKU\S-1-5-21-34358707-724617780-478042-1000\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://search.live.com/results.aspx?q={searchTerms}&src=IE-SearchBox&Form=IE8SRC

IE - HKU\S-1-5-21-34358707-724617780-478042-1000\..\SearchScopes\{6552C7DD-90A4-4387-B795-F8F96747DE19}: "URL" = hxxp://search.icq.com/search/results.php?q={searchTerms}&ch_id=osd

IE - HKU\S-1-5-21-34358707-724617780-478042-1000\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = hxxp://www.google.com/search?q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&sourceid=ie7&rlz=1I7GZAZ_de

IE - HKU\S-1-5-21-34358707-724617780-478042-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-21-34358707-724617780-478042-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local

 

 
 ========== FireFox ==========

 

FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF32_11_2_202_233.dll ()

FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=:  File not found

FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=1.0: C:\Program Files\iTunes\Mozilla Plugins\npitunes.dll ()

FF - HKLM\Software\MozillaPlugins\@divx.com/DivX Browser Plugin,version=1.0.0: C:\Program Files\DivX\DivX Web Player\npdivx32.dll (DivX,Inc.)

FF - HKLM\Software\MozillaPlugins\@divx.com/DivX Player Plugin,version=1.0.0: C:\Program Files\DivX\DivX Player\npDivxPlayerPlugin.dll (DivX, Inc)

FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files\Java\jre6\bin\new_plugin\npjp2.dll (Sun Microsystems, Inc.)

FF - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeAuthz,version=14.0: C:\PROGRA~1\MICROS~2\Office14\NPAUTHZ.DLL (Microsoft Corporation)

FF - HKLM\Software\MozillaPlugins\@microsoft.com/SharePoint,version=14.0: C:\PROGRA~1\MICROS~2\Office14\NPSPWRAP.DLL (Microsoft Corporation)

FF - HKLM\Software\MozillaPlugins\@microsoft.com/WPF,version=3.5: c:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)

FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files\Adobe\Reader 9.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)

 

 

[2011.10.03 05:06:04 | 000,476,904 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files\mozilla firefox\plugins\npdeployJava1.dll

 

O1 HOSTS File: ([2006.09.18 23:41:30 | 000,000,761 | ---- | M]) - C:\Windows\System32\drivers\etc\hosts

O1 - Hosts: 127.0.0.1       localhost

O1 - Hosts: ::1             localhost

O2 - BHO: (Groove GFS Browser Helper) - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Program Files\Microsoft Office\Office14\GROOVEEX.DLL (Microsoft Corporation)

O2 - BHO: (Office Document Cache Handler) - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\Program Files\Microsoft Office\Office14\URLREDIR.DLL (Microsoft Corporation)

O4 - HKLM..\Run: [APSDaemon] C:\Program Files\Common Files\Apple\Apple Application Support\APSDaemon.exe (Apple Inc.)

O4 - HKLM..\Run: [avgnt] C:\Program Files\Avira\AntiVir Desktop\avgnt.exe (Avira Operations GmbH & Co. KG)

O4 - HKLM..\Run: [BCSSync] C:\Program Files\Microsoft Office\Office14\BCSSync.exe (Microsoft Corporation)

O4 - HKLM..\Run: [FreePDF Assistant] C:\Program Files\FreePDF_XP\fpassist.exe (shbox.de)

O4 - HKLM..\Run: [IAAnotif] C:\Program Files\Intel\Intel Matrix Storage Manager\IAAnotif.exe (Intel Corporation)

O4 - HKLM..\Run: [KeybdUtility] C:\Program Files\LG Software\LG OSD\HotKey.exe (LG Electronics)

O4 - HKLM..\Run: [Malwarebytes' Anti-Malware] C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe (Malwarebytes Corporation)

O4 - HKLM..\Run: [NvCplDaemon] C:\Windows\System32\NvCpl.dll (NVIDIA Corporation)

O4 - HKLM..\Run: [NvMediaCenter] C:\Windows\System32\NvMcTray.dll (NVIDIA Corporation)

O4 - HKLM..\Run: [RtHDVCpl] C:\Windows\RtHDVCpl.exe (Realtek Semiconductor)

O4 - HKLM..\Run: [Windows Defender] C:\Program Files\Windows Defender\MSASCui.exe (Microsoft Corporation)

O4 - HKU\S-1-5-19..\Run: [WindowsWelcomeCenter] C:\Windows\System32\oobefldr.dll (Microsoft Corporation)

O4 - HKU\S-1-5-20..\Run: [WindowsWelcomeCenter] C:\Windows\System32\oobefldr.dll (Microsoft Corporation)

O4 - HKU\S-1-5-21-34358707-724617780-478042-1000..\Run: [ApplePhotoStreams] C:\Program Files\Common Files\Apple\Internet Services\ApplePhotoStreams.exe (Apple Inc.)

O4 - HKU\S-1-5-21-34358707-724617780-478042-1000..\Run: [iCloudServices] C:\Program Files\Common Files\Apple\Internet Services\iCloudServices.exe (Apple Inc.)

O4 - HKU\S-1-5-21-34358707-724617780-478042-1000..\Run: [Power2GoExpress]  File not found

O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoControlPanel = 0

O8 - Extra context menu item: An OneNote s&enden - C:\Program Files\Microsoft Office\Office14\ONBttnIE.dll (Microsoft Corporation)

O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000 File not found

O8 - Extra context menu item: Free YouTube Download - C:\Users\*******\AppData\Roaming\DVDVideoSoftIEHelpers\youtubedownload.htm ()

O8 - Extra context menu item: Free YouTube to Mp3 Converter - C:\Users\*******\AppData\Roaming\DVDVideoSoftIEHelpers\freeyoutubetomp3converter.htm ()

O8 - Extra context menu item: Nach Microsoft E&xcel exportieren - C:\Program Files\Microsoft Office\Office14\EXCEL.EXE (Microsoft Corporation)

O9 - Extra Button: An OneNote senden - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files\Microsoft Office\Office14\ONBttnIE.dll (Microsoft Corporation)

O9 - Extra 'Tools' menuitem : An OneNote s&enden - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files\Microsoft Office\Office14\ONBttnIE.dll (Microsoft Corporation)

O9 - Extra Button: Verknüpfte &OneNote-Notizen - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Program Files\Microsoft Office\Office14\ONBttnIELinkedNotes.dll (Microsoft Corporation)

O9 - Extra 'Tools' menuitem : Verknüpfte &OneNote-Notizen - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Program Files\Microsoft Office\Office14\ONBttnIELinkedNotes.dll (Microsoft Corporation)

O10 - NameSpace_Catalog5\Catalog_Entries\000000000008 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)

O13 - gopher Prefix: missing

O16 - DPF: {7530BFB8-7293-4D34-9923-61A11451AFC5} hxxp://download.eset.com/special/eos/OnlineScanner.cab (OnlineScanner Control)

O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_29-windows-i586.cab (Java Plug-in 1.6.0_29)

O16 - DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} hxxp://fpdownload.macromedia.com/get/flashplayer/current/polarbear/ultrashim.cab (Reg Error: Key error.)

O16 - DPF: {CAFEEFAC-0016-0000-0029-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_29-windows-i586.cab (Java Plug-in 1.6.0_29)

O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_29-windows-i586.cab (Java Plug-in 1.6.0_29)

O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.1 193.189.244.194 193.189.244.202

O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{5445284C-14B6-466C-BC00-A6B40EC661B4}: DhcpNameServer = 192.168.1.1 193.189.244.194 193.189.244.202

O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)

O20 - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\System32\userinit.exe (Microsoft Corporation)

O24 - Desktop WallPaper: C:\Users\********\AppData\Roaming\Microsoft\Windows Photo Gallery\Hintergrundbild der Windows-Fotogalerie.jpg

O24 - Desktop BackupWallPaper: C:\Users\*******\AppData\Roaming\Microsoft\Windows Photo Gallery\Hintergrundbild der Windows-Fotogalerie.jpg

O28 - HKLM ShellExecuteHooks: {B5A7F190-DDA6-4420-B3BA-52453494E6CD} - C:\Program Files\Microsoft Office\Office14\GROOVEEX.DLL (Microsoft Corporation)

O32 - HKLM CDRom: AutoRun - 1

O32 - AutoRun File - [2006.09.18 23:43:36 | 000,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ]

O32 - AutoRun File - [2008.05.06 14:26:23 | 000,000,309 | R--- | M] () - H:\autorun.inf -- [ CDFS ]

O33 - MountPoints2\{0b8078cb-6431-11df-a040-00238b32531d}\Shell\AutoRun\command - "" = F:\Menu.exe

O33 - MountPoints2\{421cf451-b6bc-11df-bb7a-00238b32531d}\Shell - "" = AutoRun

O33 - MountPoints2\{421cf451-b6bc-11df-bb7a-00238b32531d}\Shell\AutoRun\command - "" = H:\LaunchU3.exe -- [2007.10.23 09:45:39 | 001,336,632 | R--- | M] ()

O33 - MountPoints2\{fd493d4c-ebb6-11de-b2f9-00238b32531d}\Shell - "" = AutoRun

O33 - MountPoints2\{fd493d4c-ebb6-11de-b2f9-00238b32531d}\Shell\AutoRun\command - "" = F:\USBAutoRun.exe

O34 - HKLM BootExecute: (autocheck autochk *)

O35 - HKLM\..comfile [open] -- "%1" %*

O35 - HKLM\..exefile [open] -- "%1" %*

O37 - HKLM\...com [@ = comfile] -- "%1" %*

O37 - HKLM\...exe [@ = exefile] -- "%1" %*

 

NetSvcs: FastUserSwitchingCompatibility -  File not found

NetSvcs: Ias - C:\Windows\System32\ias.dll (Microsoft Corporation)

NetSvcs: Nla -  File not found

NetSvcs: Ntmssvc -  File not found

NetSvcs: NWCWorkstation -  File not found

NetSvcs: Nwsapagent -  File not found

NetSvcs: SRService -  File not found

NetSvcs: WmdmPmSp -  File not found

NetSvcs: LogonHours -  File not found

NetSvcs: PCAudit -  File not found

NetSvcs: helpsvc -  File not found

NetSvcs: uploadmgr -  File not found

 

 

SafeBootMin: AppMgmt - Service

SafeBootMin: Base - Driver Group

SafeBootMin: Boot Bus Extender - Driver Group

SafeBootMin: Boot file system - Driver Group

SafeBootMin: File system - Driver Group

SafeBootMin: Filter - Driver Group

SafeBootMin: HelpSvc - Service

SafeBootMin: NTDS -  File not found

SafeBootMin: PCI Configuration - Driver Group

SafeBootMin: PNP Filter - Driver Group

SafeBootMin: Primary disk - Driver Group

SafeBootMin: sacsvr - Service

SafeBootMin: SCSI Class - Driver Group

SafeBootMin: System Bus Extender - Driver Group

SafeBootMin: WinDefend - C:\Program Files\Windows Defender\MpSvc.dll (Microsoft Corporation)

SafeBootMin: {36FC9E60-C465-11CF-8056-444553540000} - Universal Serial Bus controllers

SafeBootMin: {4D36E965-E325-11CE-BFC1-08002BE10318} - CD-ROM Drive

SafeBootMin: {4D36E967-E325-11CE-BFC1-08002BE10318} - DiskDrive

SafeBootMin: {4D36E969-E325-11CE-BFC1-08002BE10318} - Standard floppy disk controller

SafeBootMin: {4D36E96A-E325-11CE-BFC1-08002BE10318} - Hdc

SafeBootMin: {4D36E96B-E325-11CE-BFC1-08002BE10318} - Keyboard

SafeBootMin: {4D36E96F-E325-11CE-BFC1-08002BE10318} - Mouse

SafeBootMin: {4D36E977-E325-11CE-BFC1-08002BE10318} - PCMCIA Adapters

SafeBootMin: {4D36E97B-E325-11CE-BFC1-08002BE10318} - SCSIAdapter

SafeBootMin: {4D36E97D-E325-11CE-BFC1-08002BE10318} - System

SafeBootMin: {4D36E980-E325-11CE-BFC1-08002BE10318} - Floppy disk drive

SafeBootMin: {533C5B84-EC70-11D2-9505-00C04F79DEAF} - Volume shadow copy

SafeBootMin: {6BDD1FC1-810F-11D0-BEC7-08002BE2092F} - IEEE 1394 Bus host controllers

SafeBootMin: {71A27CDD-812A-11D0-BEC7-08002BE2092F} - Volume

SafeBootMin: {745A17A0-74D3-11D0-B6FE-00A0C90F57DA} - Human Interface Devices

SafeBootMin: {D48179BE-EC20-11D1-B6B8-00C04FA372A7} - SBP2 IEEE 1394 Devices

SafeBootMin: {D94EE5D8-D189-4994-83D2-F68D7D41B0E6} - SecurityDevices

 

SafeBootNet: AppMgmt - Service

SafeBootNet: Base - Driver Group

SafeBootNet: Boot Bus Extender - Driver Group

SafeBootNet: Boot file system - Driver Group

SafeBootNet: File system - Driver Group

SafeBootNet: Filter - Driver Group

SafeBootNet: HelpSvc - Service

SafeBootNet: Messenger - Service

SafeBootNet: NDIS Wrapper - Driver Group

SafeBootNet: NetBIOSGroup - Driver Group

SafeBootNet: NetDDEGroup - Driver Group

SafeBootNet: Network - Driver Group

SafeBootNet: NetworkProvider - Driver Group

SafeBootNet: NTDS -  File not found

SafeBootNet: PCI Configuration - Driver Group

SafeBootNet: PNP Filter - Driver Group

SafeBootNet: PNP_TDI - Driver Group

SafeBootNet: Primary disk - Driver Group

SafeBootNet: rdsessmgr - Service

SafeBootNet: sacsvr - Service

SafeBootNet: SCSI Class - Driver Group

SafeBootNet: Streams Drivers - Driver Group

SafeBootNet: System Bus Extender - Driver Group

SafeBootNet: TDI - Driver Group

SafeBootNet: WinDefend - C:\Program Files\Windows Defender\MpSvc.dll (Microsoft Corporation)

SafeBootNet: WudfPf - Driver

SafeBootNet: WudfUsbccidDriver - Driver

SafeBootNet: {36FC9E60-C465-11CF-8056-444553540000} - Universal Serial Bus controllers

SafeBootNet: {4D36E965-E325-11CE-BFC1-08002BE10318} - CD-ROM Drive

SafeBootNet: {4D36E967-E325-11CE-BFC1-08002BE10318} - DiskDrive

SafeBootNet: {4D36E969-E325-11CE-BFC1-08002BE10318} - Standard floppy disk controller

SafeBootNet: {4D36E96A-E325-11CE-BFC1-08002BE10318} - Hdc

SafeBootNet: {4D36E96B-E325-11CE-BFC1-08002BE10318} - Keyboard

SafeBootNet: {4D36E96F-E325-11CE-BFC1-08002BE10318} - Mouse

SafeBootNet: {4D36E972-E325-11CE-BFC1-08002BE10318} - Net

SafeBootNet: {4D36E973-E325-11CE-BFC1-08002BE10318} - NetClient

SafeBootNet: {4D36E974-E325-11CE-BFC1-08002BE10318} - NetService

SafeBootNet: {4D36E975-E325-11CE-BFC1-08002BE10318} - NetTrans

SafeBootNet: {4D36E977-E325-11CE-BFC1-08002BE10318} - PCMCIA Adapters

SafeBootNet: {4D36E97B-E325-11CE-BFC1-08002BE10318} - SCSIAdapter

SafeBootNet: {4D36E97D-E325-11CE-BFC1-08002BE10318} - System

SafeBootNet: {4D36E980-E325-11CE-BFC1-08002BE10318} - Floppy disk drive

SafeBootNet: {50DD5230-BA8A-11D1-BF5D-0000F805F530} - Smart card readers

SafeBootNet: {533C5B84-EC70-11D2-9505-00C04F79DEAF} - Volume shadow copy

SafeBootNet: {6BDD1FC1-810F-11D0-BEC7-08002BE2092F} - IEEE 1394 Bus host controllers

SafeBootNet: {71A27CDD-812A-11D0-BEC7-08002BE2092F} - Volume

SafeBootNet: {745A17A0-74D3-11D0-B6FE-00A0C90F57DA} - Human Interface Devices

SafeBootNet: {D48179BE-EC20-11D1-B6B8-00C04FA372A7} - SBP2 IEEE 1394 Devices

SafeBootNet: {D94EE5D8-D189-4994-83D2-F68D7D41B0E6} - SecurityDevices

 

ActiveX: {08B0E5C0-4FCB-11CF-AAA5-00401C608500} - Java (Sun)

ActiveX: {2179C5D3-EBFF-11CF-B6FD-00AA00B4E220} - 

ActiveX: {22d6f312-b0f6-11d0-94ab-0080c74c7e95} - Microsoft Windows Media Player 11.0

ActiveX: {25FFAAD0-F4A3-4164-95FF-4461E9F35D51} - .NET Framework

ActiveX: {2C7339CF-2B09-4501-B3F3-F3508C9228ED} - %SystemRoot%\system32\regsvr32.exe /s /n /i:/UserInstall %SystemRoot%\system32\themeui.dll

ActiveX: {3af36230-a269-11d1-b5bf-0000f8051515} - Offline Browsing Pack

ActiveX: {3C3901C5-3455-3E0A-A214-0B093A5070A6} - .NET Framework

ActiveX: {44BBA840-CC51-11CF-AAFA-00AA00B6015C} - "%ProgramFiles%\Windows Mail\WinMail.exe" OCInstallUserConfigOE

ActiveX: {44BBA848-CC51-11CF-AAFA-00AA00B6015C} - 

ActiveX: {44BBA855-CC51-11CF-AAFA-00AA00B6015F} - DirectDrawEx

ActiveX: {45ea75a0-a269-11d1-b5bf-0000f8051515} - Internet Explorer Help

ActiveX: {4f645220-306d-11d2-995d-00c04f98bbc9} - Microsoft Windows Script 5.8

ActiveX: {5fd399c0-a70a-11d1-9948-00c04f98bbc9} - Internet Explorer Setup Tools

ActiveX: {630b1da0-b465-11d1-9948-00c04f98bbc9} - Browsing Enhancements

ActiveX: {6BF52A52-394A-11d3-B153-00C04F79FAA6} - Microsoft Windows Media Player

ActiveX: {6fab99d0-bab8-11d1-994a-00c04f98bbc9} - MSN Site Access

ActiveX: {7790769C-0471-11d2-AF11-00C04FA35D02} - Address Book 7

ActiveX: {7C028AF8-F614-47B3-82DA-BA94E41B1089} - .NET Framework

ActiveX: {89820200-ECBD-11cf-8B85-00AA005B4340} - regsvr32.exe /s /n /i:U shell32.dll

ActiveX: {89820200-ECBD-11cf-8B85-00AA005B4383} - C:\Windows\system32\ie4uinit.exe -BaseSettings

ActiveX: {89B4C1CD-B018-4511-B0A1-5476DBF70820} - C:\Windows\system32\Rundll32.exe C:\Windows\system32\mscories.dll,Install

ActiveX: {9381D8F2-0288-11D0-9501-00AA00B911A5} - Dynamic HTML Data Binding

ActiveX: {C9E9A340-D1F1-11D0-821E-444553540600} - Internet Explorer Core Fonts

ActiveX: {CDD7975E-60F8-41d5-8149-19E51D6F71D0} - Windows Movie Maker v2.1

ActiveX: {D27CDB6E-AE6D-11CF-96B8-444553540000} - Adobe Flash Player

ActiveX: {de5aed00-a4bf-11d1-9948-00c04f98bbc9} - HTML Help

ActiveX: {E92B03AB-B707-11d2-9CBD-0000F87A369E} - Active Directory Service Interface

ActiveX: >{22d6f312-b0f6-11d0-94ab-0080c74c7e95} - C:\Windows\system32\unregmp2.exe /ShowWMP

ActiveX: >{26923b43-4d38-484f-9b9e-de460746276c} - C:\Windows\system32\ie4uinit.exe -UserIconConfig

ActiveX: >{60B49E34-C7CC-11D0-8953-00A0C90347FF} - "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\iedkcs32.dll",BrandIEActiveSetup SIGNUP

 

Drivers32: msacm.clmp3enc - C:\Program Files\CyberLink\Power2Go\CLMP3Enc.ACM (CyberLink Corp.)

Drivers32: msacm.l3acm - C:\Windows\System32\l3codeca.acm (Fraunhofer Institut Integrierte Schaltungen IIS)

Drivers32: MSVideo8 - C:\Windows\System32\vfwwdm32.dll (Microsoft Corporation)

Drivers32: vidc.cvid - C:\Windows\System32\iccvid.dll (Radius Inc.)

Drivers32: vidc.DIVX - C:\Windows\System32\DivX.dll (DivX, Inc.)

Drivers32: vidc.i420 - C:\Windows\System32\i420vfw.dll (www.helixcommunity.org)

Drivers32: vidc.yv12 - C:\Windows\System32\yv12vfw.dll (www.helixcommunity.org)

 

CREATERESTOREPOINT

Restore point Set: OTL Restore Point

 
 ========== Files/Folders - Created Within 30 Days ==========

 

[2012.04.21 11:30:37 | 000,595,968 | ---- | C] (OldTimer Tools) -- C:\Users\*******\Desktop\OTL.exe

[2012.04.14 22:02:43 | 000,000,000 | ---D | C] -- C:\Program Files\ESET

[2012.04.07 21:20:15 | 000,159,608 | ---- | C] (McAfee, Inc.) -- C:\Windows\System32\mfevtps.exe.6203.deleteme

[2012.04.07 20:55:39 | 000,014,664 | ---- | C] (McAfee, Inc.) -- C:\Windows\stinger.sys

[2012.04.07 20:55:19 | 000,159,608 | ---- | C] (McAfee, Inc.) -- C:\Windows\System32\mfevtps.exe.e204.deleteme

[2012.04.07 20:55:06 | 000,000,000 | ---D | C] -- C:\Program Files\stinger

[2012.04.07 20:41:43 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\7-Zip

[2012.04.07 20:41:42 | 000,000,000 | ---D | C] -- C:\Program Files\7-Zip

[2012.04.07 19:56:39 | 000,000,000 | ---D | C] -- C:\Users\*******\Desktop\Virus

[2012.04.07 19:04:48 | 000,000,000 | ---D | C] -- C:\ProgramData\WindowsSearch

[2012.04.06 22:35:41 | 000,000,000 | ---D | C] -- C:\Users\*******\Desktop\Neue Ebooks

[2012.04.05 21:59:48 | 000,000,000 | ---D | C] -- C:\Users\*******\Ebooks_Calibre

[2012.04.05 21:58:56 | 000,000,000 | ---D | C] -- C:\Users\*******\AppData\Roaming\calibre

[2012.04.05 21:58:28 | 000,000,000 | ---D | C] -- C:\Program Files\Calibre2

[2012.04.05 21:58:27 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\calibre - E-book Management

[2012.03.29 20:28:34 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\ALDI Bestellsoftware

[2012.03.29 20:26:13 | 000,000,000 | ---D | C] -- C:\Program Files\ALDI Bestellsoftware

[2012.03.29 09:10:52 | 000,000,000 | ---D | C] -- C:\Users\*******\Desktop\Thailand_Album

[2012.03.28 18:11:30 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\iTunes

[2012.03.28 18:10:44 | 000,000,000 | ---D | C] -- C:\Program Files\iPod

[2012.03.28 18:10:42 | 000,000,000 | ---D | C] -- C:\Program Files\iTunes

 
 ========== Files - Modified Within 30 Days ==========

 

[2012.04.21 11:39:39 | 000,000,422 | -H-- | M] () -- C:\Windows\tasks\User_Feed_Synchronization-{79CDFA36-96EB-4BAB-8459-53F9FFBDCA6D}.job

[2012.04.21 11:32:32 | 000,628,742 | ---- | M] () -- C:\Windows\System32\perfh007.dat

[2012.04.21 11:32:32 | 000,595,996 | ---- | M] () -- C:\Windows\System32\perfh009.dat

[2012.04.21 11:32:32 | 000,126,454 | ---- | M] () -- C:\Windows\System32\perfc007.dat

[2012.04.21 11:32:32 | 000,104,070 | ---- | M] () -- C:\Windows\System32\perfc009.dat

[2012.04.21 11:30:40 | 000,595,968 | ---- | M] (OldTimer Tools) -- C:\Users\*******\Desktop\OTL.exe

[2012.04.21 11:27:54 | 000,084,351 | ---- | M] () -- C:\ProgramData\nvModes.001

[2012.04.21 11:26:31 | 000,084,351 | ---- | M] () -- C:\ProgramData\nvModes.dat

[2012.04.21 11:26:09 | 000,003,216 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0

[2012.04.21 11:26:08 | 000,003,216 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0

[2012.04.21 11:26:03 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat

[2012.04.21 11:25:57 | 3218,288,640 | -HS- | M] () -- C:\hiberfil.sys

[2012.04.19 22:28:02 | 000,000,012 | ---- | M] () -- C:\Windows\bthservsdp.dat

[2012.04.19 21:54:00 | 000,000,884 | ---- | M] () -- C:\Windows\tasks\Adobe Flash Player Updater.job

[2012.04.15 19:04:47 | 723,357,057 | ---- | M] () -- C:\Users\*******\Desktop\Urlaub.cpr

[2012.04.07 21:57:21 | 000,014,664 | ---- | M] (McAfee, Inc.) -- C:\Windows\stinger.sys

[2012.04.07 21:20:12 | 000,159,608 | ---- | M] (McAfee, Inc.) -- C:\Windows\System32\mfevtps.exe.6203.deleteme

[2012.04.07 20:55:17 | 000,159,608 | ---- | M] (McAfee, Inc.) -- C:\Windows\System32\mfevtps.exe.e204.deleteme

[2012.04.07 19:54:49 | 000,000,000 | ---- | M] () -- C:\Users\*******\defogger_reenable

[2012.04.07 18:56:36 | 000,096,768 | ---- | M] () -- C:\Users\*******\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini

[2012.04.07 01:35:31 | 000,000,104 | ---- | M] () -- C:\Users\*******\Desktop\Papierkorb - Verknüpfung.lnk

[2012.04.06 21:57:51 | 000,000,000 | ---- | M] () -- C:\ProgramData\13317PKG.dat

[2012.04.05 21:58:51 | 000,000,801 | ---- | M] () -- C:\Users\Public\Desktop\calibre - E-book management.lnk

[2012.04.04 15:56:40 | 000,022,344 | ---- | M] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbam.sys

[2012.03.29 20:28:34 | 000,000,908 | ---- | M] () -- C:\Users\Public\Desktop\ALDI Bestellsoftware.lnk

[2012.03.29 08:33:08 | 000,411,096 | ---- | M] () -- C:\Windows\System32\FNTCACHE.DAT

[2012.03.28 18:11:30 | 000,001,624 | ---- | M] () -- C:\Users\Public\Desktop\iTunes.lnk

 
 ========== Files Created - No Company Name ==========

 

[2012.04.15 16:18:06 | 000,000,884 | ---- | C] () -- C:\Windows\tasks\Adobe Flash Player Updater.job

[2012.04.07 19:54:49 | 000,000,000 | ---- | C] () -- C:\Users\*******\defogger_reenable

[2012.04.07 01:35:31 | 000,000,104 | ---- | C] () -- C:\Users\*******\Desktop\Papierkorb - Verknüpfung.lnk

[2012.04.06 21:57:51 | 000,000,000 | ---- | C] () -- C:\ProgramData\13317PKG.dat

[2012.04.05 21:58:51 | 000,000,801 | ---- | C] () -- C:\Users\Public\Desktop\calibre - E-book management.lnk

[2012.03.29 21:06:14 | 723,357,057 | ---- | C] () -- C:\Users\*******\Desktop\Urlaub.cpr

[2012.03.29 20:28:34 | 000,000,908 | ---- | C] () -- C:\Users\Public\Desktop\ALDI Bestellsoftware.lnk

[2012.03.28 18:11:30 | 000,001,624 | ---- | C] () -- C:\Users\Public\Desktop\iTunes.lnk

[2010.08.26 12:35:09 | 000,000,680 | ---- | C] () -- C:\Users\*******\AppData\Local\d3d9caps.dat

[2010.05.20 19:11:40 | 000,000,032 | ---- | C] () -- C:\Windows\Menu.INI

[2010.05.01 00:07:25 | 000,120,200 | ---- | C] () -- C:\Windows\System32\DLLDEV32i.dll

 
 ========== LOP Check ==========

 

[2011.11.20 22:39:33 | 000,000,000 | ---D | M] -- C:\Users\Gast\AppData\Roaming\Lexware

[2011.10.10 22:29:14 | 000,000,000 | ---D | M] -- C:\Users\*******\AppData\Roaming\Amazon

[2012.04.05 22:08:13 | 000,000,000 | ---D | M] -- C:\Users\*******\AppData\Roaming\calibre

[2011.12.31 17:34:09 | 000,000,000 | ---D | M] -- C:\Users\*******\AppData\Roaming\DVDVideoSoft

[2011.12.31 17:33:47 | 000,000,000 | ---D | M] -- C:\Users\*******\AppData\Roaming\DVDVideoSoftIEHelpers

[2009.11.29 14:07:58 | 000,000,000 | ---D | M] -- C:\Users\*******\AppData\Roaming\everpixx

[2009.10.07 21:53:12 | 000,000,000 | ---D | M] -- C:\Users\*******\AppData\Roaming\gotomaxx

[2011.10.24 22:25:38 | 000,000,000 | ---D | M] -- C:\Users\*******\AppData\Roaming\gtk-2.0

[2011.07.11 18:56:02 | 000,000,000 | ---D | M] -- C:\Users\*******\AppData\Roaming\Lexware

[2009.12.18 17:48:52 | 000,000,000 | ---D | M] -- C:\Users\*******\AppData\Roaming\LG Electronics

[2010.05.01 00:09:30 | 000,000,000 | ---D | M] -- C:\Users\*******\AppData\Roaming\MAGIX

[2009.05.15 17:51:41 | 000,000,000 | ---D | M] -- C:\Users\*******\AppData\Roaming\PeerNetworking

[2012.02.25 23:46:58 | 000,000,000 | ---D | M] -- C:\Users\*******\AppData\Roaming\Rovio

[2012.02.29 20:37:47 | 000,000,000 | ---D | M] -- C:\Users\*******\AppData\Roaming\TeamViewer

[2012.04.19 22:28:02 | 000,032,580 | ---- | M] () -- C:\Windows\Tasks\SCHEDLGU.TXT

[2012.04.21 11:39:39 | 000,000,422 | -H-- | M] () -- C:\Windows\Tasks\User_Feed_Synchronization-{79CDFA36-96EB-4BAB-8459-53F9FFBDCA6D}.job

 
 ========== Purity Check ==========

 

 

 
 ========== Custom Scans ==========

 
 < %ALLUSERSPROFILE%\Application Data\*. >

 
 < %ALLUSERSPROFILE%\Application Data\*.exe /s >

 
 < %APPDATA%\*. >

[2009.05.16 13:31:40 | 000,000,000 | ---D | M] -- C:\Users\*******\AppData\Roaming\Adobe

[2011.10.10 22:29:14 | 000,000,000 | ---D | M] -- C:\Users\*******\AppData\Roaming\Amazon

[2012.01.08 22:22:15 | 000,000,000 | ---D | M] -- C:\Users\*******\AppData\Roaming\Apple Computer

[2011.11.27 23:37:22 | 000,000,000 | ---D | M] -- C:\Users\*******\AppData\Roaming\Avira

[2012.04.05 22:08:13 | 000,000,000 | ---D | M] -- C:\Users\*******\AppData\Roaming\calibre

[2009.05.15 19:55:06 | 000,000,000 | ---D | M] -- C:\Users\*******\AppData\Roaming\CyberLink

[2009.08.26 23:16:48 | 000,000,000 | ---D | M] -- C:\Users\*******\AppData\Roaming\DivX

[2011.12.31 17:34:09 | 000,000,000 | ---D | M] -- C:\Users\*******\AppData\Roaming\DVDVideoSoft

[2011.12.31 17:33:47 | 000,000,000 | ---D | M] -- C:\Users\*******\AppData\Roaming\DVDVideoSoftIEHelpers

[2009.11.29 14:07:58 | 000,000,000 | ---D | M] -- C:\Users\*******\AppData\Roaming\everpixx

[2009.05.16 16:27:10 | 000,000,000 | ---D | M] -- C:\Users\*******\AppData\Roaming\Google

[2009.10.07 21:53:12 | 000,000,000 | ---D | M] -- C:\Users\*******\AppData\Roaming\gotomaxx

[2011.10.24 22:25:38 | 000,000,000 | ---D | M] -- C:\Users\*******\AppData\Roaming\gtk-2.0

[2009.05.15 19:33:36 | 000,000,000 | ---D | M] -- C:\Users\*******\AppData\Roaming\Identities

[2011.07.11 18:56:02 | 000,000,000 | ---D | M] -- C:\Users\*******\AppData\Roaming\Lexware

[2009.12.18 17:48:52 | 000,000,000 | ---D | M] -- C:\Users\*******\AppData\Roaming\LG Electronics

[2009.05.16 13:31:41 | 000,000,000 | ---D | M] -- C:\Users\*******\AppData\Roaming\Macromedia

[2010.05.01 00:09:30 | 000,000,000 | ---D | M] -- C:\Users\*******\AppData\Roaming\MAGIX

[2011.03.09 18:43:23 | 000,000,000 | ---D | M] -- C:\Users\*******\AppData\Roaming\Malwarebytes

[2006.11.02 14:37:34 | 000,000,000 | ---D | M] -- C:\Users\*******\AppData\Roaming\Media Center Programs

[2011.12.31 16:21:43 | 000,000,000 | --SD | M] -- C:\Users\*******\AppData\Roaming\Microsoft

[2012.03.30 11:15:13 | 000,000,000 | ---D | M] -- C:\Users\*******\AppData\Roaming\Mozilla

[2011.01.21 20:07:34 | 000,000,000 | ---D | M] -- C:\Users\*******\AppData\Roaming\Mozilla-Cache

[2009.05.15 17:51:41 | 000,000,000 | ---D | M] -- C:\Users\*******\AppData\Roaming\PeerNetworking

[2012.02.25 23:46:58 | 000,000,000 | ---D | M] -- C:\Users\*******\AppData\Roaming\Rovio

[2011.10.15 01:26:01 | 000,000,000 | ---D | M] -- C:\Users\*******\AppData\Roaming\Skype

[2011.10.14 21:24:54 | 000,000,000 | ---D | M] -- C:\Users\*******\AppData\Roaming\skypePM

[2012.02.29 20:37:47 | 000,000,000 | ---D | M] -- C:\Users\*******\AppData\Roaming\TeamViewer

[2012.04.10 20:51:19 | 000,000,000 | ---D | M] -- C:\Users\*******\AppData\Roaming\U3

[2012.02.12 15:08:05 | 000,000,000 | ---D | M] -- C:\Users\********\AppData\Roaming\WinRAR

 
 < %APPDATA%\*.exe /s >

[2009.12.18 18:27:19 | 000,053,248 | R--- | M] (Acresso Software Inc.) -- C:\Users\*******\AppData\Roaming\Microsoft\Installer\{E1640DA5-89B4-4F52-B15D-5DA3D14F29D4}\ARPPRODUCTICON.exe

[2009.12.18 18:27:19 | 000,049,152 | R--- | M] (Acresso Software Inc.) -- C:\Users\*******\AppData\Roaming\Microsoft\Installer\{E1640DA5-89B4-4F52-B15D-5DA3D14F29D4}\ExeInvoker.exe_431B2BA896014E69B34114BFD8E7B136.exe

[2009.12.18 18:27:19 | 000,049,152 | R--- | M] (Acresso Software Inc.) -- C:\Users\*******\AppData\Roaming\Microsoft\Installer\{E1640DA5-89B4-4F52-B15D-5DA3D14F29D4}\ExeLauncher.exe_5933C76ED597469A944A1DFEB496348C.exe

[2009.12.18 18:27:19 | 000,049,152 | R--- | M] (Acresso Software Inc.) -- C:\Users\*******\AppData\Roaming\Microsoft\Installer\{E1640DA5-89B4-4F52-B15D-5DA3D14F29D4}\ExeRemover.exe_5C5473BE36444FA89D0788993908FE0F.exe

[2009.12.18 18:27:19 | 000,049,152 | R--- | M] (Acresso Software Inc.) -- C:\Users\*******\AppData\Roaming\Microsoft\Installer\{E1640DA5-89B4-4F52-B15D-5DA3D14F29D4}\InstallUSB.exe_0912055C2AF14064B183AEB6F12A2FCB.exe

[2009.12.18 18:27:19 | 000,049,152 | R--- | M] (Acresso Software Inc.) -- C:\Users\*******\AppData\Roaming\Microsoft\Installer\{E1640DA5-89B4-4F52-B15D-5DA3D14F29D4}\InstallUSB64.exe_9C05A9D45C0842CF949276F7724FAEC9.exe

[2009.12.18 18:27:19 | 000,049,152 | R--- | M] (Acresso Software Inc.) -- C:\Users\*******\AppData\Roaming\Microsoft\Installer\{E1640DA5-89B4-4F52-B15D-5DA3D14F29D4}\InstallUSB9x.exe_F776472D82DA4AFDAFD0AAF1CF858DF7.exe

[2009.12.18 18:27:19 | 000,049,152 | R--- | M] (Acresso Software Inc.) -- C:\Users\*******\AppData\Roaming\Microsoft\Installer\{E1640DA5-89B4-4F52-B15D-5DA3D14F29D4}\UninstallShld.exe_DC44F1F136264642BD94B64FFC464DD7.exe

[2009.12.18 18:27:19 | 000,049,152 | R--- | M] (Acresso Software Inc.) -- C:\Users\*******\AppData\Roaming\Microsoft\Installer\{E1640DA5-89B4-4F52-B15D-5DA3D14F29D4}\UninstallShld64.ex_A20ACFB15A794B1C9E6A3DFBB9D252B8.exe

[2009.12.18 18:27:19 | 000,049,152 | R--- | M] (Acresso Software Inc.) -- C:\Users\*******\AppData\Roaming\Microsoft\Installer\{E1640DA5-89B4-4F52-B15D-5DA3D14F29D4}\UninstallShld9x.ex_8E637EE98DAB4D9CB1D54202EAD617F4.exe

[2009.12.18 18:27:19 | 000,049,152 | R--- | M] (Acresso Software Inc.) -- C:\Users\*******\AppData\Roaming\Microsoft\Installer\{E1640DA5-89B4-4F52-B15D-5DA3D14F29D4}\UninstallUSB.exe_CC88D403E3234E61A79375366C5599C5.exe

[2009.12.18 18:27:19 | 000,049,152 | R--- | M] (Acresso Software Inc.) -- C:\Users\*******\AppData\Roaming\Microsoft\Installer\{E1640DA5-89B4-4F52-B15D-5DA3D14F29D4}\UninstallUSB64.exe_135957F0A3F84224B026EA24C7F4E26D.exe

[2009.12.18 18:27:19 | 000,049,152 | R--- | M] (Acresso Software Inc.) -- C:\Users\*******\AppData\Roaming\Microsoft\Installer\{E1640DA5-89B4-4F52-B15D-5DA3D14F29D4}\UninstallUSB9x.exe_001C2C6090FF48C495F16AE3FD1ED9C9.exe

[2009.06.04 13:51:24 | 001,413,256 | R--- | M] () -- C:\Users\*******\AppData\Roaming\Microsoft\Windows\Templates\F\USBAutoRun.exe

[2009.05.12 08:46:36 | 000,212,992 | R--- | M] () -- C:\Users\*******\AppData\Roaming\Microsoft\Windows\Templates\F\tools\LGSetCDROMAutoRun.exe

[2007.10.23 09:27:20 | 000,110,592 | ---- | M] () -- C:\Users\*******\AppData\Roaming\U3\1738311B2682D197\cleanup.exe

[2008.05.02 10:41:48 | 003,493,888 | ---- | M] (SanDisk Corporation) -- C:\Users\********\AppData\Roaming\U3\1738311B2682D197\Launchpad Removal.exe

[2008.05.04 16:02:26 | 004,603,904 | ---- | M] () -- C:\Users\*******\AppData\Roaming\U3\1738311B2682D197\LaunchPad.exe

[2007.10.23 09:44:48 | 000,054,584 | ---- | M] () -- C:\Users\*******\AppData\Roaming\U3\1738311B2682D197\U3AccessGrant.exe

[2007.10.23 09:27:20 | 000,110,592 | ---- | M] () -- C:\Users\*******\AppData\Roaming\U3\temp\cleanup.exe

[2008.05.02 10:41:48 | 003,493,888 | -H-- | M] (SanDisk Corporation) -- C:\Users\*******\AppData\Roaming\U3\temp\Launchpad Removal.exe

 
 < %SYSTEMDRIVE%\*.exe >

 
 < MD5 for: AGP440.SYS  >

[2008.01.21 04:23:01 | 000,056,376 | ---- | M] (Microsoft Corporation) MD5=13F9E33747E6B41A3FF305C37DB0D360 -- C:\Windows\System32\drivers\AGP440.sys

[2008.01.21 04:23:01 | 000,056,376 | ---- | M] (Microsoft Corporation) MD5=13F9E33747E6B41A3FF305C37DB0D360 -- C:\Windows\System32\DriverStore\FileRepository\machine.inf_51b95d75\AGP440.sys

[2008.01.21 04:23:01 | 000,056,376 | ---- | M] (Microsoft Corporation) MD5=13F9E33747E6B41A3FF305C37DB0D360 -- C:\Windows\System32\DriverStore\FileRepository\machine.inf_f750e484\AGP440.sys

[2008.01.21 04:23:01 | 000,056,376 | ---- | M] (Microsoft Corporation) MD5=13F9E33747E6B41A3FF305C37DB0D360 -- C:\Windows\winsxs\x86_machine.inf_31bf3856ad364e35_6.0.6001.18000_none_ba12ed3bbeb0d97a\AGP440.sys

[2008.01.21 04:23:01 | 000,056,376 | ---- | M] (Microsoft Corporation) MD5=13F9E33747E6B41A3FF305C37DB0D360 -- C:\Windows\winsxs\x86_machine.inf_31bf3856ad364e35_6.0.6002.18005_none_bbfe6647bbd2a4c6\AGP440.sys

[2006.11.02 11:49:52 | 000,053,864 | ---- | M] (Microsoft Corporation) MD5=EF23439CDD587F64C2C1B8825CEAD7D8 -- C:\Windows\System32\DriverStore\FileRepository\machine.inf_920a2c1f\AGP440.sys

 
 < MD5 for: ATAPI.SYS  >

[2009.04.11 08:32:26 | 000,019,944 | ---- | M] (Microsoft Corporation) MD5=1F05B78AB91C9075565A9D8A4B880BC4 -- C:\Windows\System32\drivers\atapi.sys

[2009.04.11 08:32:26 | 000,019,944 | ---- | M] (Microsoft Corporation) MD5=1F05B78AB91C9075565A9D8A4B880BC4 -- C:\Windows\System32\DriverStore\FileRepository\mshdc.inf_b12d8e84\atapi.sys

[2009.04.11 08:32:26 | 000,019,944 | ---- | M] (Microsoft Corporation) MD5=1F05B78AB91C9075565A9D8A4B880BC4 -- C:\Windows\winsxs\x86_mshdc.inf_31bf3856ad364e35_6.0.6002.18005_none_df23a1261eab99e8\atapi.sys

[2008.01.21 04:23:00 | 000,021,560 | ---- | M] (Microsoft Corporation) MD5=2D9C903DC76A66813D350A562DE40ED9 -- C:\Windows\System32\DriverStore\FileRepository\mshdc.inf_cc18792d\atapi.sys

[2008.01.21 04:23:00 | 000,021,560 | ---- | M] (Microsoft Corporation) MD5=2D9C903DC76A66813D350A562DE40ED9 -- C:\Windows\winsxs\x86_mshdc.inf_31bf3856ad364e35_6.0.6001.18000_none_dd38281a2189ce9c\atapi.sys

[2006.11.02 11:49:36 | 000,019,048 | ---- | M] (Microsoft Corporation) MD5=4F4FCB8B6EA06784FB6D475B7EC7300F -- C:\Windows\System32\DriverStore\FileRepository\mshdc.inf_c6c2e699\atapi.sys

 
 < MD5 for: CNGAUDIT.DLL  >

[2006.11.02 11:46:03 | 000,011,776 | ---- | M] (Microsoft Corporation) MD5=7F15B4953378C8B5161D65C26D5FED4D -- C:\Windows\System32\cngaudit.dll

[2006.11.02 11:46:03 | 000,011,776 | ---- | M] (Microsoft Corporation) MD5=7F15B4953378C8B5161D65C26D5FED4D -- C:\Windows\winsxs\x86_microsoft-windows-cngaudit-dll_31bf3856ad364e35_6.0.6000.16386_none_e62d292932a96ce6\cngaudit.dll

 
 < MD5 for: IASTOR.SYS  >

[2008.04.21 04:29:56 | 000,394,776 | ---- | M] (Intel Corporation) MD5=8BD53925C5675BC9A5EFE12E2A42BE31 -- C:\Program Files\Intel\Intel Matrix Storage Manager\driver64\IaStor.sys

[2008.04.21 04:29:38 | 000,317,464 | ---- | M] (Intel Corporation) MD5=9F1220113A3A7F4F08042C699324D073 -- C:\Program Files\Intel\Intel Matrix Storage Manager\driver\IaStor.sys

[2008.04.21 04:29:38 | 000,317,464 | ---- | M] (Intel Corporation) MD5=9F1220113A3A7F4F08042C699324D073 -- C:\Windows\System32\drivers\iaStor.sys

[2008.04.21 04:29:38 | 000,317,464 | ---- | M] (Intel Corporation) MD5=9F1220113A3A7F4F08042C699324D073 -- C:\Windows\System32\DriverStore\FileRepository\iaahci.inf_18bd4575\iaStor.sys

 
 < MD5 for: IASTORV.SYS  >

[2008.01.21 04:23:23 | 000,235,064 | ---- | M] (Intel Corporation) MD5=54155EA1B0DF185878E0FC9EC3AC3A14 -- C:\Windows\System32\drivers\iaStorV.sys

[2008.01.21 04:23:23 | 000,235,064 | ---- | M] (Intel Corporation) MD5=54155EA1B0DF185878E0FC9EC3AC3A14 -- C:\Windows\System32\DriverStore\FileRepository\iastorv.inf_c9df7691\iaStorV.sys

[2008.01.21 04:23:23 | 000,235,064 | ---- | M] (Intel Corporation) MD5=54155EA1B0DF185878E0FC9EC3AC3A14 -- C:\Windows\winsxs\x86_iastorv.inf_31bf3856ad364e35_6.0.6001.18000_none_af11527887c7fa8f\iaStorV.sys

[2006.11.02 11:51:25 | 000,232,040 | ---- | M] (Intel Corporation) MD5=C957BF4B5D80B46C5017BF0101E6C906 -- C:\Windows\System32\DriverStore\FileRepository\iastorv.inf_37cdafa4\iaStorV.sys

 
 < MD5 for: NETLOGON.DLL  >

[2009.04.11 08:28:23 | 000,592,896 | ---- | M] (Microsoft Corporation) MD5=95DAECF0FB120A7B5DA679CC54E37DDE -- C:\Windows\System32\netlogon.dll

[2009.04.11 08:28:23 | 000,592,896 | ---- | M] (Microsoft Corporation) MD5=95DAECF0FB120A7B5DA679CC54E37DDE -- C:\Windows\winsxs\x86_microsoft-windows-security-netlogon_31bf3856ad364e35_6.0.6002.18005_none_ffa3304f351bb3a3\netlogon.dll

[2008.01.21 04:24:05 | 000,592,384 | ---- | M] (Microsoft Corporation) MD5=A8EFC0B6E75B789F7FD3BA5025D4E37F -- C:\Windows\winsxs\x86_microsoft-windows-security-netlogon_31bf3856ad364e35_6.0.6001.18000_none_fdb7b74337f9e857\netlogon.dll

 
 < MD5 for: NVSTOR.SYS  >

[2006.11.02 11:50:13 | 000,040,040 | ---- | M] (NVIDIA Corporation) MD5=9E0BA19A28C498A6D323D065DB76DFFC -- C:\Windows\System32\DriverStore\FileRepository\nvraid.inf_733654ff\nvstor.sys

[2008.01.21 04:23:21 | 000,045,112 | ---- | M] (NVIDIA Corporation) MD5=ABED0C09758D1D97DB0042DBB2688177 -- C:\Windows\System32\drivers\nvstor.sys

[2008.01.21 04:23:21 | 000,045,112 | ---- | M] (NVIDIA Corporation) MD5=ABED0C09758D1D97DB0042DBB2688177 -- C:\Windows\System32\DriverStore\FileRepository\nvraid.inf_31c3d71d\nvstor.sys

[2008.01.21 04:23:21 | 000,045,112 | ---- | M] (NVIDIA Corporation) MD5=ABED0C09758D1D97DB0042DBB2688177 -- C:\Windows\winsxs\x86_nvraid.inf_31bf3856ad364e35_6.0.6001.18000_none_39dac327befea467\nvstor.sys

 
 < MD5 for: SCECLI.DLL  >

[2008.01.21 04:24:50 | 000,177,152 | ---- | M] (Microsoft Corporation) MD5=28B84EB538F7E8A0FE8B9299D591E0B9 -- C:\Windows\winsxs\x86_microsoft-windows-s..urationengineclient_31bf3856ad364e35_6.0.6001.18000_none_380de25bd91b6f12\scecli.dll

[2009.04.11 08:28:24 | 000,177,152 | ---- | M] (Microsoft Corporation) MD5=8FC182167381E9915651267044105EE1 -- C:\Windows\System32\scecli.dll

[2009.04.11 08:28:24 | 000,177,152 | ---- | M] (Microsoft Corporation) MD5=8FC182167381E9915651267044105EE1 -- C:\Windows\winsxs\x86_microsoft-windows-s..urationengineclient_31bf3856ad364e35_6.0.6002.18005_none_39f95b67d63d3a5e\scecli.dll

 
 < MD5 for: USER32.DLL  >

[2008.01.21 04:24:21 | 000,627,200 | ---- | M] (Microsoft Corporation) MD5=B974D9F06DC7D1908E825DC201681269 -- C:\Windows\winsxs\x86_microsoft-windows-user32_31bf3856ad364e35_6.0.6001.18000_none_cd386c416d5c7f32\user32.dll

[2009.04.11 08:28:25 | 000,627,712 | ---- | M] (Microsoft Corporation) Unable to obtain MD5 -- C:\Windows\System32\user32.dll

[2009.04.11 08:28:25 | 000,627,712 | ---- | M] (Microsoft Corporation) Unable to obtain MD5 -- C:\Windows\winsxs\x86_microsoft-windows-user32_31bf3856ad364e35_6.0.6002.18005_none_cf23e54d6a7e4a7e\user32.dll

 
 < MD5 for: USERINIT.EXE  >

[2008.01.21 04:24:49 | 000,025,088 | ---- | M] (Microsoft Corporation) MD5=0E135526E9785D085BCD9AEDE6FBCBF9 -- C:\Windows\System32\userinit.exe

[2008.01.21 04:24:49 | 000,025,088 | ---- | M] (Microsoft Corporation) MD5=0E135526E9785D085BCD9AEDE6FBCBF9 -- C:\Windows\winsxs\x86_microsoft-windows-userinit_31bf3856ad364e35_6.0.6001.18000_none_dc28ba15d1aff80b\userinit.exe

 
 < MD5 for: WININIT.EXE  >

[2008.01.21 04:23:42 | 000,096,768 | ---- | M] (Microsoft Corporation) MD5=101BA3EA053480BB5D957EF37C06B5ED -- C:\Windows\System32\wininit.exe

[2008.01.21 04:23:42 | 000,096,768 | ---- | M] (Microsoft Corporation) MD5=101BA3EA053480BB5D957EF37C06B5ED -- C:\Windows\winsxs\x86_microsoft-windows-wininit_31bf3856ad364e35_6.0.6001.18000_none_30f2b8cf0450a6a2\wininit.exe

 
 < MD5 for: WINLOGON.EXE  >

[2012.04.04 15:56:38 | 000,199,240 | ---- | M] () MD5=097D0E812D7A9A3101CE46CB2BE0474D -- C:\Program Files\Malwarebytes' Anti-Malware\Chameleon\winlogon.exe

[2009.04.11 08:28:13 | 000,314,368 | ---- | M] (Microsoft Corporation) MD5=898E7C06A350D4A1A64A9EA264D55452 -- C:\Windows\System32\winlogon.exe

[2009.04.11 08:28:13 | 000,314,368 | ---- | M] (Microsoft Corporation) MD5=898E7C06A350D4A1A64A9EA264D55452 -- C:\Windows\winsxs\x86_microsoft-windows-winlogon_31bf3856ad364e35_6.0.6002.18005_none_71ae7a22d2134741\winlogon.exe

[2008.01.21 04:24:49 | 000,314,880 | ---- | M] (Microsoft Corporation) MD5=C2610B6BDBEFC053BBDAB4F1B965CB24 -- C:\Windows\winsxs\x86_microsoft-windows-winlogon_31bf3856ad364e35_6.0.6001.18000_none_6fc30116d4f17bf5\winlogon.exe

 
 < MD5 for: WS2IFSL.SYS  >

[2008.01.21 04:24:47 | 000,015,872 | ---- | M] (Microsoft Corporation) MD5=E3A3CB253C0EC2494D4A61F5E43A389C -- C:\Windows\System32\drivers\ws2ifsl.sys

[2008.01.21 04:24:47 | 000,015,872 | ---- | M] (Microsoft Corporation) MD5=E3A3CB253C0EC2494D4A61F5E43A389C -- C:\Windows\winsxs\x86_microsoft-windows-w..rastructure-ws2ifsl_31bf3856ad364e35_6.0.6001.18000_none_4f86a0d4c7cda641\ws2ifsl.sys

 
 < %systemroot%\system32\drivers\*.sys /lockedfiles >

 
 < %systemroot%\System32\config\*.sav >

[2008.01.21 05:14:18 | 016,846,848 | ---- | M] () -- C:\Windows\System32\config\COMPONENTS.SAV

[2008.01.21 05:14:08 | 000,106,496 | ---- | M] () -- C:\Windows\System32\config\DEFAULT.SAV

[2008.01.21 05:14:18 | 000,020,480 | ---- | M] () -- C:\Windows\System32\config\SECURITY.SAV

[2006.11.02 12:34:08 | 010,133,504 | ---- | M] () -- C:\Windows\System32\config\SOFTWARE.SAV

[2006.11.02 12:34:08 | 001,826,816 | ---- | M] () -- C:\Windows\System32\config\SYSTEM.SAV

 
 < %systemroot%\*. /mp /s >

 
 < %systemroot%\system32\*.dll /lockedfiles >

[2009.03.08 13:31:42 | 000,348,160 | ---- | M] (Microsoft Corporation) Unable to obtain MD5 -- C:\Windows\system32\dxtmsft.dll

[2009.03.08 13:31:37 | 000,216,064 | ---- | M] (Microsoft Corporation) Unable to obtain MD5 -- C:\Windows\system32\dxtrans.dll
 

< End of report >

--- --- ---
[/code]

und die Extras.Txt:

Code:

OTL Extras logfile created on: 21.04.2012 11:36:09 - Run 1

OTL by OldTimer - Version 3.2.40.0     Folder = C:\Users\*******\Desktop

Windows Vista Home Premium Edition Service Pack 2 (Version = 6.0.6002) - Type = NTWorkstation

Internet Explorer (Version = 8.0.6001.19222)

Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy

 

3,00 Gb Total Physical Memory | 1,70 Gb Available Physical Memory | 56,71% Memory free

6,20 Gb Paging File | 4,72 Gb Available in Paging File | 76,11% Paging File free

Paging file location(s): ?:\pagefile.sys [binary data]

 

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files

Drive C: | 148,00 Gb Total Space | 76,05 Gb Free Space | 51,39% Space Free | Partition Type: NTFS

Drive E: | 148,59 Gb Total Space | 70,97 Gb Free Space | 47,77% Space Free | Partition Type: NTFS

Drive F: | 465,76 Gb Total Space | 386,26 Gb Free Space | 82,93% Space Free | Partition Type: NTFS

Drive G: | 15,09 Gb Total Space | 12,95 Gb Free Space | 85,81% Space Free | Partition Type: FAT32

Drive H: | 6,67 Mb Total Space | 0,00 Mb Free Space | 0,00% Space Free | Partition Type: CDFS

Drive I: | 14,92 Gb Total Space | 1,24 Gb Free Space | 8,28% Space Free | Partition Type: FAT32

 

Computer Name: *******-PC | User Name: ******* | Logged in as Administrator.

Boot Mode: Normal | Scan Mode: All users | Quick Scan

Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days

 
 ========== Extra Registry (SafeList) ==========

 

 
 ========== File Associations ==========

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]

.cpl [@ = cplfile] -- C:\Windows\System32\control.exe (Microsoft Corporation)

.hlp [@ = hlpfile] -- C:\Windows\winhlp32.exe (Microsoft Corporation)

 
 ========== Shell Spawning ==========

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]

batfile [open] -- "%1" %*

cmdfile [open] -- "%1" %*

comfile [open] -- "%1" %*

cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)

exefile [open] -- "%1" %*

helpfile [open] -- Reg Error: Key error.

hlpfile [open] -- %SystemRoot%\winhlp32.exe %1 (Microsoft Corporation)

htmlfile [edit] -- "C:\Program Files\Microsoft Office\Office14\msohtmed.exe" %1 (Microsoft Corporation)

htmlfile [print] -- "C:\Program Files\Microsoft Office\Office14\msohtmed.exe" /p %1 (Microsoft Corporation)

inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)

piffile [open] -- "%1" %*

regfile [merge] -- Reg Error: Key error.

scrfile [config] -- "%1"

scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l

scrfile [open] -- "%1" /S

txtfile [edit] -- Reg Error: Key error.

Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1

Directory [CEWE FOTOSCHAU] -- "C:\Program Files\dm\Foto Paradies\CEWE FOTOSCHAU.exe" -d "%1" ()

Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)

Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

Directory [Foto Paradies] -- "C:\Program Files\dm\Foto Paradies\Foto Paradies.exe" "%1" ()

Folder [open] -- %SystemRoot%\Explorer.exe /separate,/idlist,%I,%L (Microsoft Corporation)

Folder [explore] -- %SystemRoot%\Explorer.exe /separate,/e,/idlist,%I,%L (Microsoft Corporation)

Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

 
 ========== Security Center Settings ==========

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]

"cval" = 1

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]

"AntiVirusOverride" = 0

"AntiSpywareOverride" = 0

"FirewallOverride" = 0

"VistaSp1" = Reg Error: Unknown registry data type -- File not found

"VistaSp2" = Reg Error: Unknown registry data type -- File not found

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol]

 
 ========== Firewall Settings ==========

 

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]

"EnableFirewall" = 1

"DisableNotifications" = 0

 

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]

"EnableFirewall" = 1

"DisableNotifications" = 0

 

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]

"EnableFirewall" = 1

"DisableNotifications" = 0

 
 ========== Authorized Applications List ==========

 

 
 ========== Vista Active Open Ports Exception List ==========

 

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]

"{D1FA4A81-E0CB-4F5B-9426-BE06A16F704C}" = lport=6004 | protocol=17 | dir=in | app=c:\program files\microsoft office\office14\outlook.exe | 

 
 ========== Vista Active Application Exception List ==========

 

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]

"{2031F546-CEB4-4218-B61A-062B95387DEA}" = dir=in | app=c:\program files\skype\phone\skype.exe | 

"{3089056A-8367-49D4-8D20-1D89CA094DA1}" = protocol=6 | dir=in | app=c:\program files\microsoft office\office14\groove.exe | 

"{366CF28A-0AA6-4F29-91BD-6AE1EA944D83}" = protocol=17 | dir=in | app=c:\program files\microsoft office\office14\groove.exe | 

"{3DDA64D9-366B-4C24-8E7F-8A12211D7A43}" = protocol=6 | dir=in | app=c:\program files\microsoft office\office14\onenote.exe | 

"{B080B9F3-FF3B-42B7-80F7-BBBC4F046A7B}" = dir=in | app=c:\program files\itunes\itunes.exe | 

"{BE441F3D-3A8D-416C-828F-B7A53D23D7B0}" = protocol=17 | dir=in | app=c:\program files\microsoft office\office14\onenote.exe | 

"{DEEE7ACD-D594-422F-8EAC-AB4BE2ADBF19}" = dir=in | app=c:\program files\common files\apple\apple application support\webkit2webprocess.exe | 

"{E1D3C800-9668-491B-B3D2-7394FA528512}" = protocol=6 | dir=in | app=c:\program files\bonjour\mdnsresponder.exe | 

"{F6DCDD64-CB49-47F2-96E2-6E08980A4471}" = protocol=17 | dir=in | app=c:\program files\bonjour\mdnsresponder.exe | 

"TCP Query User{35C927F9-AF3C-4CB4-810E-16A39547AD23}C:\program files\skype\phone\skype.exe" = protocol=6 | dir=in | app=c:\program files\skype\phone\skype.exe | 

"UDP Query User{B93B99EF-18A0-4083-9B14-AF699928A429}C:\program files\skype\phone\skype.exe" = protocol=17 | dir=in | app=c:\program files\skype\phone\skype.exe | 

 
 ========== HKEY_LOCAL_MACHINE Uninstall List ==========

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]

"{01310914-E3B8-40E8-BCF7-9C42E0639A43}" = maxx PDFMAILER

"{01FB4998-33C4-4431-85ED-079E3EEFE75D}" = CyberLink YouCam

"{052FDD78-A6EA-3187-8386-C82F4CA3A929}" = Microsoft .NET Framework 3.5 Language Pack SP1 - deu

"{07A6B206-3F11-4D92-92A1-90E116ADD660}" = Angry Birds

"{18D10072035C4515918F7E37EAFAACFC}" = AutoUpdate

"{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148

"{26A24AE4-039D-4CA4-87B4-2F83216014FF}" = Java(TM) 6 Update 29

"{34EB6245-C8D0-4D8A-B8D8-EEBFF7A91485}" = Firebird SQL Server - MAGIX Edition

"{3C3901C5-3455-3E0A-A214-0B093A5070A6}" = Microsoft .NET Framework 4 Client Profile

"{3FC7CBBC4C1E11DCA1A752EA55D89593}" = DivX Version Checker

"{40BF1E83-20EB-11D8-97C5-0009C5020658}" = Power2Go 5.0

"{423799F1-0BD5-4B2D-8BD6-2A49BCEA583B}" = Ralink Wireless LAN Client Adapter

"{43ED5430-0652-4216-8B5D-4F82E3AB416F}" = calibre

"{44B2A0AB-412E-4F8C-B058-D1E8AECCDFF5}" = LG Smart Recovery

"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater

"{6AFCA4E1-9B78-3640-8F72-A7BF33448200}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729

"{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}" = Microsoft Visual C++ 2005 Redistributable

"{767CC44C-9BBC-438D-BAD3-FD4595DD148B}" = VC80CRTRedist - 8.0.50727.762

"{79155F2B-9895-49D7-8612-D92580E0DE5B}" = Bonjour

"{7B63B2922B174135AFC0E1377DD81EC2}" = DivX Codec

"{7BE15435-2D3E-4B58-867F-9C75BED0208C}" = QuickTime

"{8833FFB6-5B0C-4764-81AA-06DFEED9A476}" = Realtek 8169 8168 8101E 8102E Ethernet Driver

"{8ADFC4160D694100B5B8A22DE9DCABD9}" = DivX Player

"{8B92D97D-DB3D-4926-A8F7-718FE7C5EE18}" = iTunes

"{90140000-0015-0407-0000-0000000FF1CE}" = Microsoft Office Access MUI (German) 2010

"{90140000-0015-0407-0000-0000000FF1CE}_Office14.PROPLUSR_{69E54534-4569-4639-89E9-305B60A11601}" = Microsoft Office 2010 Service Pack 1 (SP1)

"{90140000-0016-0407-0000-0000000FF1CE}" = Microsoft Office Excel MUI (German) 2010

"{90140000-0016-0407-0000-0000000FF1CE}_Office14.PROPLUSR_{69E54534-4569-4639-89E9-305B60A11601}" = Microsoft Office 2010 Service Pack 1 (SP1)

"{90140000-0018-0407-0000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (German) 2010

"{90140000-0018-0407-0000-0000000FF1CE}_Office14.PROPLUSR_{69E54534-4569-4639-89E9-305B60A11601}" = Microsoft Office 2010 Service Pack 1 (SP1)

"{90140000-0019-0407-0000-0000000FF1CE}" = Microsoft Office Publisher MUI (German) 2010

"{90140000-0019-0407-0000-0000000FF1CE}_Office14.PROPLUSR_{69E54534-4569-4639-89E9-305B60A11601}" = Microsoft Office 2010 Service Pack 1 (SP1)

"{90140000-001A-0407-0000-0000000FF1CE}" = Microsoft Office Outlook MUI (German) 2010

"{90140000-001A-0407-0000-0000000FF1CE}_Office14.PROPLUSR_{69E54534-4569-4639-89E9-305B60A11601}" = Microsoft Office 2010 Service Pack 1 (SP1)

"{90140000-001B-0407-0000-0000000FF1CE}" = Microsoft Office Word MUI (German) 2010

"{90140000-001B-0407-0000-0000000FF1CE}_Office14.PROPLUSR_{69E54534-4569-4639-89E9-305B60A11601}" = Microsoft Office 2010 Service Pack 1 (SP1)

"{90140000-001F-0407-0000-0000000FF1CE}" = Microsoft Office Proof (German) 2010

"{90140000-001F-0407-0000-0000000FF1CE}_Office14.PROPLUSR_{65A2328E-FDFB-4CA3-8582-357EA6825FEA}" = Microsoft Office 2010 Service Pack 1 (SP1)

"{90140000-001F-0409-0000-0000000FF1CE}" = Microsoft Office Proof (English) 2010

"{90140000-001F-0409-0000-0000000FF1CE}_Office14.PROPLUSR_{99ACCA38-6DD3-48A8-96AE-A283C9759279}" = Microsoft Office 2010 Service Pack 1 (SP1)

"{90140000-001F-040C-0000-0000000FF1CE}" = Microsoft Office Proof (French) 2010

"{90140000-001F-040C-0000-0000000FF1CE}_Office14.PROPLUSR_{46298F6A-1E7E-4D4A-B5F5-106A4F0E48C6}" = Microsoft Office 2010 Service Pack 1 (SP1)

"{90140000-001F-0410-0000-0000000FF1CE}" = Microsoft Office Proof (Italian) 2010

"{90140000-001F-0410-0000-0000000FF1CE}_Office14.PROPLUSR_{C0743197-FFEE-4C19-BAEB-8F7437DC4C8A}" = Microsoft Office 2010 Service Pack 1 (SP1)

"{90140000-002C-0407-0000-0000000FF1CE}" = Microsoft Office Proofing (German) 2010

"{90140000-002C-0407-0000-0000000FF1CE}_Office14.PROPLUSR_{4275FB46-ABDF-4456-876C-17CF64294D9A}" = Microsoft Office 2010 Service Pack 1 (SP1)

"{90140000-0044-0407-0000-0000000FF1CE}" = Microsoft Office InfoPath MUI (German) 2010

"{90140000-0044-0407-0000-0000000FF1CE}_Office14.PROPLUSR_{69E54534-4569-4639-89E9-305B60A11601}" = Microsoft Office 2010 Service Pack 1 (SP1)

"{90140000-006E-0407-0000-0000000FF1CE}" = Microsoft Office Shared MUI (German) 2010

"{90140000-006E-0407-0000-0000000FF1CE}_Office14.PROPLUSR_{98EDFD9F-EA76-40CC-BCE9-92C69413F65B}" = Microsoft Office 2010 Service Pack 1 (SP1)

"{90140000-00A1-0407-0000-0000000FF1CE}" = Microsoft Office OneNote MUI (German) 2010

"{90140000-00A1-0407-0000-0000000FF1CE}_Office14.PROPLUSR_{69E54534-4569-4639-89E9-305B60A11601}" = Microsoft Office 2010 Service Pack 1 (SP1)

"{90140000-00BA-0407-0000-0000000FF1CE}" = Microsoft Office Groove MUI (German) 2010

"{90140000-00BA-0407-0000-0000000FF1CE}_Office14.PROPLUSR_{69E54534-4569-4639-89E9-305B60A11601}" = Microsoft Office 2010 Service Pack 1 (SP1)

"{9068B2BE-D93A-4C0A-861C-5E35E2C0E09E}" = Intel® Matrix Storage Manager

"{91140000-0011-0000-0000-0000000FF1CE}" = Microsoft Office Professional Plus 2010

"{91140000-0011-0000-0000-0000000FF1CE}_Office14.PROPLUSR_{047B0968-E622-4FAA-9B4B-121FA109EDDE}" = Microsoft Office 2010 Service Pack 1 (SP1)

"{926BD0E8-24A3-41D2-AF9B-340F1A37ED12}" = MobileMe Control Panel

"{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17

"{9BE518E6-ECC6-35A9-88E4-87755C07200F}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161

"{A96E97134CA649888820BCDE5E300BBD}" = H.264 Decoder

"{AA59DDE4-B672-4621-A016-4C248204957A}" = Skype™ 5.5

"{AAC389499AEF40428987B3D30CFC76C9}" = MKV Splitter

"{ABD7DBE3-E344-4BCA-B8AD-4360494DD1D9}" = LG MC USB U330 driver

"{AC76BA86-7AD7-1031-7B44-A94000000001}" = Adobe Reader 9.4.5 - Deutsch

"{AC7EE5F1-0DE4-4256-8E43-92B73C8E6019}" = LG Bluetooth Drivers

"{AEF9DC35ADDF4825B049ACBFD1C6EB37}" = AAC Decoder

"{B7050CBDB2504B34BC2A9CA0A692CC29}" = DivX Web Player

"{C6579A65-9CAE-4B31-8B6B-3306E0630A66}" = Apple Software Update

"{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}" = Microsoft .NET Framework 3.5 SP1

"{DABD50F7-0001-0002-0003-ABCDEFABCDEF}" = LG Smart Indicator

"{DC24971E-1946-445D-8A82-CE685433FA7D}" = Realtek USB 2.0 Card Reader

"{E1640DA5-89B4-4F52-B15D-5DA3D14F29D4}" = LG USB Modem Drivers

"{E8D2307D-F40A-4214-86D6-613A31E948FE}" = LG OSD

"{EB879750-CCBD-4013-BFD5-0294D4DA5BD0}" = Apple Application Support

"{EFC04D3F-A152-47E7-8517-EE0F6201AFEF}" = Apple Mobile Device Support

"{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}" = Microsoft Visual C++ 2010  x86 Redistributable - 10.0.40219

"{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}" = Realtek High Definition Audio Driver

"{F750C986-5310-3A5A-95F8-4EC71C8AC01C}" = Microsoft .NET Framework 4 Client Profile DEU Language Pack

"{FA54AFB1-5745-4389-B8C1-9F7509672ED1}" = iPhone-Konfigurationsprogramm

"{FDB5E0F3-86EA-4379-8A2F-1BC2436543E9}" = iCloud

"7-Zip" = 7-Zip 9.20

"Adobe Flash Player ActiveX" = Adobe Flash Player 11 ActiveX

"Adobe Flash Player Plugin" = Adobe Flash Player 11 Plugin

"Agere Systems Soft Modem" = Agere Systems HDA Modem

"ALDI Bestellsoftware" = ALDI Bestellsoftware 4.11.0

"Amazon MP3-Downloader" = Amazon MP3-Downloader 1.0.9

"Avira AntiVir Desktop" = Avira Free Antivirus

"DivX Plus DirectShow Filters" = DivX Plus DirectShow Filters

"ESET Online Scanner" = ESET Online Scanner v3

"Foto Paradies" = Foto Paradies

"Free Studio_is1" = Free Studio version 4.6

"Free YouTube to MP3 Converter_is1" = Free YouTube to MP3 Converter version 3.10.14.1206

"FreePDF_XP" = FreePDF XP (Remove only)

"InstallShield_{01FB4998-33C4-4431-85ED-079E3EEFE75D}" = CyberLink YouCam

"InstallShield_{44B2A0AB-412E-4F8C-B058-D1E8AECCDFF5}" = LG Smart Recovery

"LGFanModeTile" = LG Fan Mode Tile for Windows Mobility Center

"LGTouchPadTile" = LG TouchPad Tile for Windows Mobility Center

"Malwarebytes' Anti-Malware_is1" = Malwarebytes Anti-Malware Version 1.61.0.1400

"Microsoft .NET Framework 3.5 Language Pack SP1 - deu" = Microsoft .NET Framework 3.5 Language Pack SP1 - DEU

"Microsoft .NET Framework 3.5 SP1" = Microsoft .NET Framework 3.5 SP1

"Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile

"Microsoft .NET Framework 4 Client Profile DEU Language Pack" = Microsoft .NET Framework 4 Client Profile DEU Language Pack

"NVIDIA Drivers" = NVIDIA Drivers

"Office14.PROPLUSR" = Microsoft Office Professional Plus 2010

"Redirection Port Monitor" = RedMon - Redirection Port Monitor

"SynTPDeinstKey" = Synaptics Pointing Device Driver

"Uninstall_is1" = Uninstall 1.0.0.1

"WinRAR archiver" = WinRAR 4.10 (32-Bit)

"Xilisoft iPhone Ringtone Maker" = Xilisoft iPhone Klingelton Maker

 
 ========== Last 10 Event Log Errors ==========

 

[ Application Events ]

Error - 27.11.2011 17:16:35 | Computer Name = *******-PC | Source = Application Error | ID = 1000

Description = Fehlerhafte Anwendung ipmGui.exe, Version 12.1.0.19, Zeitstempel 0x4e9bffe2,

 fehlerhaftes Modul ccwkrlib.dll, Version 12.1.0.18, Zeitstempel 0x4e7b9aeb, Ausnahmecode

 0xc0000005, Fehleroffset 0x00023be2,  Prozess-ID 0x1124, Anwendungsstartzeit 01ccad49d3b70fa0.

 

Error - 27.11.2011 17:24:15 | Computer Name = *******-PC | Source = WinMgmt | ID = 10

Description = 

 

Error - 27.11.2011 18:01:10 | Computer Name = *******-PC | Source = Application Error | ID = 1000

Description = Fehlerhafte Anwendung iexplore.exe, Version 8.0.6001.19154, Zeitstempel

 0x4e8634f0, fehlerhaftes Modul mshtml.dll, Version 8.0.6001.19154, Zeitstempel 

0x4e864aec, Ausnahmecode 0xc0000005, Fehleroffset 0x00067a38,  Prozess-ID 0x134c, 

Anwendungsstartzeit 01ccad4e61e200b9.

 

Error - 27.11.2011 18:01:30 | Computer Name = *******-PC | Source = Application Error | ID = 1000

Description = Fehlerhafte Anwendung iexplore.exe, Version 8.0.6001.19154, Zeitstempel

 0x4e8634f0, fehlerhaftes Modul mshtml.dll, Version 8.0.6001.19154, Zeitstempel 

0x4e864aec, Ausnahmecode 0xc0000005, Fehleroffset 0x00067a38,  Prozess-ID 0x1694, 

Anwendungsstartzeit 01ccad50163b5339.

 

Error - 28.11.2011 16:05:58 | Computer Name = *******-PC | Source = WinMgmt | ID = 10

Description = 

 

Error - 30.11.2011 12:58:25 | Computer Name = *******-PC | Source = WinMgmt | ID = 10

Description = 

 

Error - 01.12.2011 17:39:37 | Computer Name = *******-PC | Source = WinMgmt | ID = 10

Description = 

 

Error - 03.12.2011 10:35:28 | Computer Name = *******-PC | Source = WinMgmt | ID = 10

Description = 

 

Error - 06.12.2011 17:38:18 | Computer Name = *******-PC | Source = WinMgmt | ID = 10

Description = 

 

Error - 09.12.2011 15:04:35 | Computer Name = *******-PC | Source = WinMgmt | ID = 10

Description = 

 

[ System Events ]

Error - 10.04.2012 21:10:16 | Computer Name = *******-PC | Source = DCOM | ID = 10005

Description =

 

Error - 10.04.2012 21:10:16 | Computer Name = *******-PC | Source = Service Control Manager | ID = 7009

Description = 

 

Error - 10.04.2012 21:10:16 | Computer Name = *******-PC | Source = Service Control Manager | ID = 7000

Description = 

 

Error - 10.04.2012 21:30:07 | Computer Name = *******-PC | Source = Microsoft-Windows-LanguagePackSetup | ID = 1001

Description = 

 

Error - 14.04.2012 12:52:42 | Computer Name = *******-PC | Source = Microsoft-Windows-LanguagePackSetup | ID = 1001

Description = 

 

Error - 15.04.2012 10:18:44 | Computer Name = *******-PC | Source = Microsoft-Windows-LanguagePackSetup | ID = 1001

Description = 

 

Error - 15.04.2012 13:38:13 | Computer Name = *******-PC | Source = Microsoft-Windows-LanguagePackSetup | ID = 1001

Description = 

 

Error - 16.04.2012 13:00:54 | Computer Name = *******-PC | Source = Microsoft-Windows-LanguagePackSetup | ID = 1001

Description = 

 

Error - 19.04.2012 14:00:13 | Computer Name = *******-PC | Source = Microsoft-Windows-LanguagePackSetup | ID = 1001

Description = 

 

Error - 21.04.2012 05:29:08 | Computer Name = *******-PC | Source = Microsoft-Windows-LanguagePackSetup | ID = 1001

Description = 

 

 

< End of report >

--- --- ---
[/code]

Mach einen OTL-Fix, beende alle evtl. geöffneten Programme, auch Virenscanner deaktivieren (!), starte OTL und kopiere folgenden Text in die "Custom Scan/Fixes" Box (unten in OTL): (das ":OTL" muss mitkopiert werden!!!)

Code:

:OTL

IE - HKU\S-1-5-21-34358707-724617780-478042-1000\..\SearchScopes\{6552C7DD-90A4-4387-B795-F8F96747DE19}: "URL" = http://search.icq.com/search/results.php?q={searchTerms}&ch_id=osd

O4 - HKU\S-1-5-21-34358707-724617780-478042-1000..\Run: [Power2GoExpress]  File not found

O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoControlPanel = 0

O32 - HKLM CDRom: AutoRun - 1

O32 - AutoRun File - [2006.09.18 23:43:36 | 000,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ]

O32 - AutoRun File - [2008.05.06 14:26:23 | 000,000,309 | R--- | M] () - H:\autorun.inf -- [ CDFS ]

O33 - MountPoints2\{0b8078cb-6431-11df-a040-00238b32531d}\Shell\AutoRun\command - "" = F:\Menu.exe

O33 - MountPoints2\{421cf451-b6bc-11df-bb7a-00238b32531d}\Shell - "" = AutoRun

O33 - MountPoints2\{421cf451-b6bc-11df-bb7a-00238b32531d}\Shell\AutoRun\command - "" = H:\LaunchU3.exe -- [2007.10.23 09:45:39 | 001,336,632 | R--- | M] ()

O33 - MountPoints2\{fd493d4c-ebb6-11de-b2f9-00238b32531d}\Shell - "" = AutoRun

O33 - MountPoints2\{fd493d4c-ebb6-11de-b2f9-00238b32531d}\Shell\AutoRun\command - "" = F:\USBAutoRun.exe

[2012.04.07 21:20:15 | 000,159,608 | ---- | C] (McAfee, Inc.) -- C:\Windows\System32\mfevtps.exe.6203.deleteme

[2012.04.07 20:55:39 | 000,014,664 | ---- | C] (McAfee, Inc.) -- C:\Windows\stinger.sys

[2012.04.07 20:55:19 | 000,159,608 | ---- | C] (McAfee, Inc.) -- C:\Windows\System32\mfevtps.exe.e204.deleteme

[2012.04.07 20:55:06 | 000,000,000 | ---D | C] -- C:\Program Files\stinger

[2012.04.07 21:57:21 | 000,014,664 | ---- | M] (McAfee, Inc.) -- C:\Windows\stinger.sys

[2012.04.07 21:20:12 | 000,159,608 | ---- | M] (McAfee, Inc.) -- C:\Windows\System32\mfevtps.exe.6203.deleteme

[2012.04.07 20:55:17 | 000,159,608 | ---- | M] (McAfee, Inc.) -- C:\Windows\System32\mfevtps.exe.e204.deleteme

[2012.04.06 21:57:51 | 000,000,000 | ---- | M] () -- C:\ProgramData\13317PKG.dat

:Commands

[purity]

[emptytemp]

[emptyflash]

[resethosts]

Klick dann oben links auf den Button Fix!
Das Logfile müsste geöffnet werden, wenn Du nach dem Fixen auf ok klickst, poste das bitte. Evtl. wird der Rechner neu gestartet.

Die mit diesem Script gefixten Einträge, Dateien und Ordner werden zur Sicherheit nicht vollständig gelöscht, es wird eine Sicherheitskopie auf der Systempartition im Ordner "_OTL" erstellt.

Hinweis: Das obige Script ist nur für diesen einen User in dieser Situtation erstellt worden. Es ist auf keinen anderen Rechner portierbar und darf nicht anderweitig verwandt werden, da es das System nachhaltig schädigen kann!

erledigt:

Code:

 All processes killed

========== OTL ==========

Registry key HKEY_USERS\S-1-5-21-34358707-724617780-478042-1000\Software\Microsoft\Internet Explorer\SearchScopes\{6552C7DD-90A4-4387-B795-F8F96747DE19}\ deleted successfully.

Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{6552C7DD-90A4-4387-B795-F8F96747DE19}\ not found.

Registry value HKEY_USERS\S-1-5-21-34358707-724617780-478042-1000\Software\Microsoft\Windows\CurrentVersion\Run\\Power2GoExpress deleted successfully.

Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\\NoControlPanel deleted successfully.

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Cdrom\\AutoRun|DWORD:1 /E : value set successfully!

C:\autoexec.bat moved successfully.

File H:\autorun.inf not found.

Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{0b8078cb-6431-11df-a040-00238b32531d}\ deleted successfully.

Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{0b8078cb-6431-11df-a040-00238b32531d}\ not found.

File F:\Menu.exe not found.

Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{421cf451-b6bc-11df-bb7a-00238b32531d}\ deleted successfully.

Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{421cf451-b6bc-11df-bb7a-00238b32531d}\ not found.

Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{421cf451-b6bc-11df-bb7a-00238b32531d}\ not found.

Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{421cf451-b6bc-11df-bb7a-00238b32531d}\ not found.

File H:\LaunchU3.exe not found.

Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{fd493d4c-ebb6-11de-b2f9-00238b32531d}\ deleted successfully.

Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{fd493d4c-ebb6-11de-b2f9-00238b32531d}\ not found.

Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{fd493d4c-ebb6-11de-b2f9-00238b32531d}\ not found.

Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{fd493d4c-ebb6-11de-b2f9-00238b32531d}\ not found.

File F:\USBAutoRun.exe not found.

C:\Windows\System32\mfevtps.exe.6203.deleteme moved successfully.

C:\Windows\stinger.sys moved successfully.

C:\Windows\System32\mfevtps.exe.e204.deleteme moved successfully.

C:\Program Files\stinger folder moved successfully.

File C:\Windows\stinger.sys not found.

File C:\Windows\System32\mfevtps.exe.6203.deleteme not found.

File C:\Windows\System32\mfevtps.exe.e204.deleteme not found.

C:\ProgramData\13317PKG.dat moved successfully.

========== COMMANDS ==========

 

[EMPTYTEMP]

 

User: All Users

 

User: Default

->Temp folder emptied: 0 bytes

->Temporary Internet Files folder emptied: 33170 bytes

 

User: Default User

 

User: Gast

->Temp folder emptied: 148280 bytes

->Temporary Internet Files folder emptied: 52450841 bytes

->Java cache emptied: 0 bytes

->FireFox cache emptied: 5764668 bytes

->Flash cache emptied: 1608 bytes

 

User: Martina

->Temp folder emptied: 2352989278 bytes

->Temporary Internet Files folder emptied: 216544932 bytes

->Java cache emptied: 13529015 bytes

->Apple Safari cache emptied: 1021952 bytes

->Flash cache emptied: 470 bytes

 

User: Public

 

%systemdrive% .tmp files removed: 0 bytes

%systemroot% .tmp files removed: 0 bytes

%systemroot%\System32 .tmp files removed: 0 bytes

%systemroot%\System32\drivers .tmp files removed: 0 bytes

Windows Temp folder emptied: 120617154 bytes

RecycleBin emptied: 38049643 bytes

 

Total Files Cleaned = 2.671,00 mb

 

 

[EMPTYFLASH]

 

User: All Users

 

User: Default

 

User: Default User

 

User: Gast

->Flash cache emptied: 0 bytes

 

User: *******

->Flash cache emptied: 0 bytes

 

User: Public

 

Total Flash Files Cleaned = 0,00 mb

 

C:\Windows\System32\drivers\etc\Hosts moved successfully.

HOSTS file reset successfully

 

OTL by OldTimer - Version 3.2.40.0 log created on 04212012_183646
 

Files\Folders moved on Reboot...
 

Registry entries deleted on Reboot...

Bitte nun (im normalen Windows-Modus) dieses Tool von Kaspersky (TDSS-Killer) ausführen und das Log posten Anleitung und Downloadlink hier => http://www.trojaner-board.de/82358-t...entfernen.html

Hinweis: Bitte den Virenscanner abstellen bevor du den TDSS-Killer ausführst, denn v.a. Avira meldet im TDSS-Tool oft einen Fehalalrm!

Das Tool so einstellen wie unten im Bild angegeben - klick auf change parameters und setze die Haken wie im folgenden Screenshot abgebildet,
Dann auf Start Scan klicken und wenn es durch ist auf den Button Report klicken um das Log anzuzeigen. Dieses bitte komplett posten.
Wenn du das Log nicht findest oder den Inhalt kopieren und in dein Posting übertragen kannst, dann schau bitte direkt auf deiner Windows-Systempartition (meistens Laufwerk C:) nach, da speichert der TDSS-Killer seine Logs.

Hinweis: Bitte nichts voreilig mit dem TDSS-Killer löschen! Falls Objekte vom TDSS-Killer bemängelt werden, alle mit der Aktion "skip" behandeln und hier nur das Log posten!

http://saved.im/mtkwmtcxexhp/setting...8_16-25-18.jpg

Das File ist zu groß, deshalb poste ich es auf zweimal...

Erster Teil:

Code:

 TDSS rootkit removing tool 2.7.31.0 Apr 20 2012 19:49:47

19:21:05.0996 5344        ============================================================

19:21:05.0996 5344        Current date / time: 2012/04/21 19:21:05.0996

19:21:05.0996 5344        SystemInfo:

19:21:05.0996 5344        

19:21:05.0996 5344        OS Version: 6.0.6002 ServicePack: 2.0

19:21:05.0996 5344        Product type: Workstation

19:21:05.0996 5344        ComputerName: *******-PC

19:21:05.0996 5344        UserName: *******

19:21:05.0996 5344        Windows directory: C:\Windows

19:21:05.0996 5344        System windows directory: C:\Windows

19:21:05.0996 5344        Processor architecture: Intel x86

19:21:05.0996 5344        Number of processors: 2

19:21:05.0996 5344        Page size: 0x1000

19:21:05.0996 5344        Boot type: Normal boot

19:21:05.0996 5344        ============================================================

19:21:06.0417 5344        Drive \Device\Harddisk0\DR0 - Size: 0x4A85D56000 (298.09 Gb), SectorSize: 0x200, Cylinders: 0x9801, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000050

19:21:06.0417 5344        \Device\Harddisk0\DR0:

19:21:06.0417 5344        MBR partitions:

19:21:06.0417 5344        \Device\Harddisk0\DR0\Partition0: MBR, Type 0x7, StartLBA 0x300800, BlocksNum 0x12800000

19:21:06.0417 5344        \Device\Harddisk0\DR0\Partition1: MBR, Type 0x7, StartLBA 0x12B00800, BlocksNum 0x1292D800

19:21:06.0448 5344        C: <-> \Device\Harddisk0\DR0\Partition0

19:21:06.0495 5344        E: <-> \Device\Harddisk0\DR0\Partition1

19:21:06.0495 5344        Initialize success

19:21:06.0495 5344        ============================================================

19:21:18.0304 5728        ============================================================

19:21:18.0304 5728        Scan started

19:21:18.0304 5728        Mode: Manual; 

19:21:18.0304 5728        ============================================================

19:21:19.0552 5728        ACPI            (82b296ae1892fe3dbee00c9cf92f8ac7) C:\Windows\system32\drivers\acpi.sys

19:21:19.0552 5728        ACPI - ok

19:21:19.0693 5728        AdobeFlashPlayerUpdateSvc (459ac130c6ab892b1cd5d7544626efc5) C:\Windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe

19:21:19.0708 5728        AdobeFlashPlayerUpdateSvc - ok

19:21:19.0849 5728        adp94xx         (04f0fcac69c7c71a3ac4eb97fafc8303) C:\Windows\system32\drivers\adp94xx.sys

19:21:19.0849 5728        adp94xx - ok

19:21:19.0911 5728        adpahci         (60505e0041f7751bdbb80f88bf45c2ce) C:\Windows\system32\drivers\adpahci.sys

19:21:19.0911 5728        adpahci - ok

19:21:20.0036 5728        adpu160m        (8a42779b02aec986eab64ecfc98f8bd7) C:\Windows\system32\drivers\adpu160m.sys

19:21:20.0036 5728        adpu160m - ok

19:21:20.0129 5728        adpu320         (241c9e37f8ce45ef51c3de27515ca4e5) C:\Windows\system32\drivers\adpu320.sys

19:21:20.0129 5728        adpu320 - ok

19:21:20.0223 5728        AeLookupSvc     (9d1fda9e086ba64e3c93c9de32461bcf) C:\Windows\System32\aelupsvc.dll

19:21:20.0223 5728        AeLookupSvc - ok

19:21:20.0332 5728        AFD             (3911b972b55fea0478476b2e777b29fa) C:\Windows\system32\drivers\afd.sys

19:21:20.0348 5728        AFD - ok

19:21:20.0519 5728        AgereModemAudio (efbc44fbd75e4f80bd927aebf6e7eade) C:\Windows\system32\agrsmsvc.exe

19:21:20.0519 5728        AgereModemAudio - ok

19:21:20.0956 5728        AgereSoftModem  (1cfeba39fc613e45b49d3eddfbcda289) C:\Windows\system32\DRIVERS\AGRSM.sys

19:21:21.0112 5728        AgereSoftModem - ok

19:21:21.0674 5728        agp440          (13f9e33747e6b41a3ff305c37db0d360) C:\Windows\system32\drivers\agp440.sys

19:21:21.0674 5728        agp440 - ok

19:21:21.0705 5728        aic78xx         (ae1fdf7bf7bb6c6a70f67699d880592a) C:\Windows\system32\drivers\djsvs.sys

19:21:21.0705 5728        aic78xx - ok

19:21:21.0892 5728        ALG             (a1545b731579895d8cc44fc0481c1192) C:\Windows\System32\alg.exe

19:21:21.0892 5728        ALG - ok

19:21:21.0955 5728        aliide          (9eaef5fc9b8e351afa7e78a6fae91f91) C:\Windows\system32\drivers\aliide.sys

19:21:21.0955 5728        aliide - ok

19:21:22.0079 5728        amdagp          (c47344bc706e5f0b9dce369516661578) C:\Windows\system32\drivers\amdagp.sys

19:21:22.0079 5728        amdagp - ok

19:21:22.0111 5728        amdide          (9b78a39a4c173fdbc1321e0dd659b34c) C:\Windows\system32\drivers\amdide.sys

19:21:22.0126 5728        amdide - ok

19:21:22.0204 5728        AmdK7           (18f29b49ad23ecee3d2a826c725c8d48) C:\Windows\system32\drivers\amdk7.sys

19:21:22.0204 5728        AmdK7 - ok

19:21:22.0376 5728        AmdK8           (93ae7f7dd54ab986a6f1a1b37be7442d) C:\Windows\system32\drivers\amdk8.sys

19:21:22.0376 5728        AmdK8 - ok

19:21:22.0501 5728        AntiVirSchedulerService (a122d68ea2541453f787f341877cb40b) C:\Program Files\Avira\AntiVir Desktop\sched.exe

19:21:22.0501 5728        AntiVirSchedulerService - ok

19:21:22.0547 5728        AntiVirService  (2fe359edeb34efcf42574752f8aebd3f) C:\Program Files\Avira\AntiVir Desktop\avguard.exe

19:21:22.0547 5728        AntiVirService - ok

19:21:22.0750 5728        Appinfo         (c6d704c7f0434dc791aac37cac4b6e14) C:\Windows\System32\appinfo.dll

19:21:22.0766 5728        Appinfo - ok

19:21:22.0875 5728        Apple Mobile Device (7ef47644b74ebe721cc32211d3c35e76) C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe

19:21:22.0875 5728        Apple Mobile Device - ok

19:21:23.0031 5728        arc             (5d2888182fb46632511acee92fdad522) C:\Windows\system32\drivers\arc.sys

19:21:23.0047 5728        arc - ok

19:21:23.0171 5728        arcsas          (5e2a321bd7c8b3624e41fdec3e244945) C:\Windows\system32\drivers\arcsas.sys

19:21:23.0171 5728        arcsas - ok

19:21:23.0390 5728        AsyncMac        (53b202abee6455406254444303e87be1) C:\Windows\system32\DRIVERS\asyncmac.sys

19:21:23.0390 5728        AsyncMac - ok

19:21:23.0499 5728        atapi           (1f05b78ab91c9075565a9d8a4b880bc4) C:\Windows\system32\drivers\atapi.sys

19:21:23.0499 5728        atapi - ok

19:21:23.0593 5728        AudioEndpointBuilder (68e2a1a0407a66cf50da0300852424ab) C:\Windows\System32\Audiosrv.dll

19:21:23.0593 5728        AudioEndpointBuilder - ok

19:21:23.0655 5728        Audiosrv        (68e2a1a0407a66cf50da0300852424ab) C:\Windows\System32\Audiosrv.dll

19:21:23.0655 5728        Audiosrv - ok

19:21:23.0873 5728        avgntflt        (7713e4eb0276702faa08e52a6e23f2a6) C:\Windows\system32\DRIVERS\avgntflt.sys

19:21:23.0889 5728        avgntflt - ok

19:21:24.0014 5728        avipbb          (13b02b9b969dde270cd7c351203dad3c) C:\Windows\system32\DRIVERS\avipbb.sys

19:21:24.0029 5728        avipbb - ok

19:21:24.0295 5728        avkmgr          (271cfd1a989209b1964e24d969552bf7) C:\Windows\system32\DRIVERS\avkmgr.sys

19:21:24.0295 5728        avkmgr - ok

19:21:24.0763 5728        Beep            (67e506b75bd5326a3ec7b70bd014dfb6) C:\Windows\system32\drivers\Beep.sys

19:21:24.0794 5728        Beep - ok

19:21:24.0872 5728        BFE             (c789af0f724fda5852fb9a7d3a432381) C:\Windows\System32\bfe.dll

19:21:24.0872 5728        BFE - ok

19:21:25.0043 5728        BITS            (93952506c6d67330367f7e7934b6a02f) C:\Windows\System32\qmgr.dll

19:21:25.0043 5728        BITS - ok

19:21:25.0168 5728        blbdrive        (d4df28447741fd3d953526e33a617397) C:\Windows\system32\drivers\blbdrive.sys

19:21:25.0168 5728        blbdrive - ok

19:21:25.0246 5728        Bonjour Service (db5bea73edaf19ac68b2c0fad0f92b1a) C:\Program Files\Bonjour\mDNSResponder.exe

19:21:25.0246 5728        Bonjour Service - ok

19:21:25.0324 5728        bowser          (35f376253f687bde63976ccb3f2108ca) C:\Windows\system32\DRIVERS\bowser.sys

19:21:25.0324 5728        bowser - ok

19:21:25.0402 5728        BrFiltLo        (9f9acc7f7ccde8a15c282d3f88b43309) C:\Windows\system32\drivers\brfiltlo.sys

19:21:25.0402 5728        BrFiltLo - ok

19:21:25.0449 5728        BrFiltUp        (56801ad62213a41f6497f96dee83755a) C:\Windows\system32\drivers\brfiltup.sys

19:21:25.0465 5728        BrFiltUp - ok

19:21:25.0543 5728        Browser         (a3629a0c4226f9e9c72faaeebc3ad33c) C:\Windows\System32\browser.dll

19:21:25.0543 5728        Browser - ok

19:21:25.0621 5728        Brserid         (b304e75cff293029eddf094246747113) C:\Windows\system32\drivers\brserid.sys

19:21:25.0621 5728        Brserid - ok

19:21:25.0652 5728        BrSerWdm        (203f0b1e73adadbbb7b7b1fabd901f6b) C:\Windows\system32\drivers\brserwdm.sys

19:21:25.0652 5728        BrSerWdm - ok

19:21:25.0730 5728        BrUsbMdm        (bd456606156ba17e60a04e18016ae54b) C:\Windows\system32\drivers\brusbmdm.sys

19:21:25.0730 5728        BrUsbMdm - ok

19:21:25.0808 5728        BrUsbSer        (af72ed54503f717a43268b3cc5faec2e) C:\Windows\system32\drivers\brusbser.sys

19:21:25.0808 5728        BrUsbSer - ok

19:21:25.0870 5728        BthEnum         (da7b195275bda7f8fcf79b40e0f45dde) C:\Windows\system32\DRIVERS\BthEnum.sys

19:21:25.0870 5728        BthEnum - ok

19:21:25.0948 5728        BTHMODEM        (ad07c1ec6665b8b35741ab91200c6b68) C:\Windows\system32\drivers\bthmodem.sys

19:21:25.0948 5728        BTHMODEM - ok

19:21:26.0057 5728        BthPan          (5904efa25f829bf84ea6fb045134a1d8) C:\Windows\system32\DRIVERS\bthpan.sys

19:21:26.0073 5728        BthPan - ok

19:21:26.0120 5728        BTHPORT         (671134053d59e23704f08db19f11e10b) C:\Windows\system32\Drivers\BTHport.sys

19:21:26.0120 5728        BTHPORT - ok

19:21:26.0229 5728        BthServ         (a4c8377fa4a994e07075107dbe2e3dce) C:\Windows\System32\bthserv.dll

19:21:26.0229 5728        BthServ - ok

19:21:26.0323 5728        BTHUSB          (93d7007e2c660dfcca6ae72622740b14) C:\Windows\system32\Drivers\BTHUSB.sys

19:21:26.0338 5728        BTHUSB - ok

19:21:26.0541 5728        cdfs            (7add03e75beb9e6dd102c3081d29840a) C:\Windows\system32\DRIVERS\cdfs.sys

19:21:26.0557 5728        cdfs - ok

19:21:26.0697 5728        cdrom           (6b4bffb9becd728097024276430db314) C:\Windows\system32\DRIVERS\cdrom.sys

19:21:26.0697 5728        cdrom - ok

19:21:26.0791 5728        CertPropSvc     (312ec3e37a0a1f2006534913e37b4423) C:\Windows\System32\certprop.dll

19:21:26.0791 5728        CertPropSvc - ok

19:21:26.0931 5728        circlass        (e5d4133f37219dbcfe102bc61072589d) C:\Windows\system32\drivers\circlass.sys

19:21:26.0931 5728        circlass - ok

19:21:27.0009 5728        CLFS            (d7659d3b5b92c31e84e53c1431f35132) C:\Windows\system32\CLFS.sys

19:21:27.0025 5728        CLFS - ok

19:21:27.0118 5728        clr_optimization_v2.0.50727_32 (8ee772032e2fe80a924f3b8dd5082194) C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe

19:21:27.0118 5728        clr_optimization_v2.0.50727_32 - ok

19:21:27.0196 5728        clr_optimization_v4.0.30319_32 (c5a75eb48e2344abdc162bda79e16841) C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe

19:21:27.0212 5728        clr_optimization_v4.0.30319_32 - ok

19:21:27.0368 5728        CmBatt          (99afc3795b58cc478fbbbcdc658fcb56) C:\Windows\system32\DRIVERS\CmBatt.sys

19:21:27.0368 5728        CmBatt - ok

19:21:27.0415 5728        cmdide          (0ca25e686a4928484e9fdabd168ab629) C:\Windows\system32\drivers\cmdide.sys

19:21:27.0415 5728        cmdide - ok

19:21:27.0586 5728        Compbatt        (6afef0b60fa25de07c0968983ee4f60a) C:\Windows\system32\DRIVERS\compbatt.sys

19:21:27.0586 5728        Compbatt - ok

19:21:27.0649 5728        COMSysApp - ok

19:21:27.0711 5728        crcdisk         (741e9dff4f42d2d8477d0fc1dc0df871) C:\Windows\system32\drivers\crcdisk.sys

19:21:27.0711 5728        crcdisk - ok

19:21:27.0789 5728        Crusoe          (1f07becdca750766a96cda811ba86410) C:\Windows\system32\drivers\crusoe.sys

19:21:27.0789 5728        Crusoe - ok

19:21:27.0883 5728        CryptSvc        (fb27772beaf8e1d28ccd825c09da939b) C:\Windows\system32\cryptsvc.dll

19:21:27.0883 5728        CryptSvc - ok

19:21:28.0023 5728        DcomLaunch      (3b5b4d53fec14f7476ca29a20cc31ac9) C:\Windows\system32\rpcss.dll

19:21:28.0039 5728        DcomLaunch - ok

19:21:28.0491 5728        DfsC            (622c41a07ca7e6dd91770f50d532cb6c) C:\Windows\system32\Drivers\dfsc.sys

19:21:28.0491 5728        DfsC - ok

19:21:28.0585 5728        DFSR            (2cc3dcfb533a1035b13dcab6160ab38b) C:\Windows\system32\DFSR.exe

19:21:28.0647 5728        DFSR - ok

19:21:28.0756 5728        Dhcp            (9028559c132146fb75eb7acf384b086a) C:\Windows\System32\dhcpcsvc.dll

19:21:28.0756 5728        Dhcp - ok

19:21:28.0865 5728        disk            (5d4aefc3386920236a548271f8f1af6a) C:\Windows\system32\drivers\disk.sys

19:21:28.0865 5728        disk - ok

19:21:28.0975 5728        Dnscache        (57d762f6f5974af0da2be88a3349baaa) C:\Windows\System32\dnsrslvr.dll

19:21:28.0975 5728        Dnscache - ok

19:21:29.0037 5728        dot3svc         (324fd74686b1ef5e7c19a8af49e748f6) C:\Windows\System32\dot3svc.dll

19:21:29.0037 5728        dot3svc - ok

19:21:29.0131 5728        DPS             (a622e888f8aa2f6b49e9bc466f0e5def) C:\Windows\system32\dps.dll

19:21:29.0131 5728        DPS - ok

19:21:29.0287 5728        drmkaud         (97fef831ab90bee128c9af390e243f80) C:\Windows\system32\drivers\drmkaud.sys

19:21:29.0287 5728        drmkaud - ok

19:21:29.0427 5728        DXGKrnl         (c68ac676b0ef30cfbb1080adce49eb1f) C:\Windows\System32\drivers\dxgkrnl.sys

19:21:29.0458 5728        DXGKrnl - ok

19:21:29.0552 5728        E1G60           (5425f74ac0c1dbd96a1e04f17d63f94c) C:\Windows\system32\DRIVERS\E1G60I32.sys

19:21:29.0552 5728        E1G60 - ok

19:21:29.0661 5728        EapHost         (c0b95e40d85cd807d614e264248a45b9) C:\Windows\System32\eapsvc.dll

19:21:29.0661 5728        EapHost - ok

19:21:29.0848 5728        Ecache          (7f64ea048dcfac7acf8b4d7b4e6fe371) C:\Windows\system32\drivers\ecache.sys

19:21:29.0848 5728        Ecache - ok

19:21:29.0942 5728        ehRecvr         (9be3744d295a7701eb425332014f0797) C:\Windows\ehome\ehRecvr.exe

19:21:29.0942 5728        ehRecvr - ok

19:21:29.0973 5728        ehSched         (ad1870c8e5d6dd340c829e6074bf3c3f) C:\Windows\ehome\ehsched.exe

19:21:29.0989 5728        ehSched - ok

19:21:30.0004 5728        ehstart         (c27c4ee8926e74aa72efcab24c5242c3) C:\Windows\ehome\ehstart.dll

19:21:30.0004 5728        ehstart - ok

19:21:30.0113 5728        elxstor         (23b62471681a124889978f6295b3f4c6) C:\Windows\system32\drivers\elxstor.sys

19:21:30.0145 5728        elxstor - ok

19:21:30.0223 5728        EMDMgmt         (4e6b23dfc917ea39306b529b773950f4) C:\Windows\system32\emdmgmt.dll

19:21:30.0238 5728        EMDMgmt - ok

19:21:30.0347 5728        ErrDev          (3db974f3935483555d7148663f726c61) C:\Windows\system32\drivers\errdev.sys

19:21:30.0347 5728        ErrDev - ok

19:21:30.0410 5728        EventSystem     (67058c46504bc12d821f38cf99b7b28f) C:\Windows\system32\es.dll

19:21:30.0410 5728        EventSystem - ok

19:21:30.0519 5728        exfat           (22b408651f9123527bcee54b4f6c5cae) C:\Windows\system32\drivers\exfat.sys

19:21:30.0519 5728        exfat - ok

19:21:30.0613 5728        Fabs - ok

19:21:30.0722 5728        fastfat         (1e9b9a70d332103c52995e957dc09ef8) C:\Windows\system32\drivers\fastfat.sys

19:21:30.0722 5728        fastfat - ok

19:21:30.0800 5728        fdc             (afe1e8b9782a0dd7fb46bbd88e43f89a) C:\Windows\system32\DRIVERS\fdc.sys

19:21:30.0800 5728        fdc - ok

19:21:30.0940 5728        fdPHost         (6629b5f0e98151f4afdd87567ea32ba3) C:\Windows\system32\fdPHost.dll

19:21:30.0940 5728        fdPHost - ok

19:21:31.0018 5728        FDResPub        (89ed56dce8e47af40892778a5bd31fd2) C:\Windows\system32\fdrespub.dll

19:21:31.0018 5728        FDResPub - ok

19:21:31.0127 5728        FileInfo        (a8c0139a884861e3aae9cfe73b208a9f) C:\Windows\system32\drivers\fileinfo.sys

19:21:31.0127 5728        FileInfo - ok

19:21:31.0190 5728        Filetrace       (0ae429a696aecbc5970e3cf2c62635ae) C:\Windows\system32\drivers\filetrace.sys

19:21:31.0190 5728        Filetrace - ok

19:21:31.0424 5728        FirebirdServerMAGIXInstance (fff1130f7c9fa01d093a1edfc5cce8fc) C:\Program Files\Common Files\MAGIX Services\Database\bin\fbserver.exe

19:21:31.0502 5728        FirebirdServerMAGIXInstance - ok

19:21:31.0705 5728        flpydisk        (85b7cf99d532820495d68d747fda9ebd) C:\Windows\system32\DRIVERS\flpydisk.sys

19:21:31.0705 5728        flpydisk - ok

19:21:31.0907 5728        FltMgr          (01334f9ea68e6877c4ef05d3ea8abb05) C:\Windows\system32\drivers\fltmgr.sys

19:21:31.0923 5728        FltMgr - ok

19:21:32.0141 5728        FontCache       (8ce364388c8eca59b14b539179276d44) C:\Windows\system32\FntCache.dll

19:21:32.0204 5728        FontCache - ok

19:21:32.0297 5728        FontCache3.0.0.0 (c7fbdd1ed42f82bfa35167a5c9803ea3) C:\Windows\Microsoft.Net\Framework\v3.0\WPF\PresentationFontCache.exe

19:21:32.0313 5728        FontCache3.0.0.0 - ok

19:21:32.0391 5728        Fs_Rec          (b972a66758577e0bfd1de0f91aaa27b5) C:\Windows\system32\drivers\Fs_Rec.sys

19:21:32.0391 5728        Fs_Rec - ok

19:21:32.0485 5728        gagp30kx        (34582a6e6573d54a07ece5fe24a126b5) C:\Windows\system32\drivers\gagp30kx.sys

19:21:32.0485 5728        gagp30kx - ok

19:21:32.0656 5728        GEARAspiWDM     (8182ff89c65e4d38b2de4bb0fb18564e) C:\Windows\system32\DRIVERS\GEARAspiWDM.sys

19:21:32.0656 5728        GEARAspiWDM - ok

19:21:33.0109 5728        gpsvc           (cd5d0aeee35dfd4e986a5aa1500a6e66) C:\Windows\System32\gpsvc.dll

19:21:33.0109 5728        gpsvc - ok

19:21:33.0249 5728        HdAudAddService (cb04c744be0a61b1d648faed182c3b59) C:\Windows\system32\drivers\HdAudio.sys

19:21:33.0280 5728        HdAudAddService - ok

19:21:33.0436 5728        HDAudBus        (062452b7ffd68c8c042a6261fe8dff4a) C:\Windows\system32\DRIVERS\HDAudBus.sys

19:21:33.0467 5728        HDAudBus - ok

19:21:33.0561 5728        HidBth          (1338520e78d90154ed6be8f84de5fceb) C:\Windows\system32\drivers\hidbth.sys

19:21:33.0561 5728        HidBth - ok

19:21:33.0608 5728        HidIr           (ff3160c3a2445128c5a6d9b076da519e) C:\Windows\system32\drivers\hidir.sys

19:21:33.0608 5728        HidIr - ok

19:21:33.0686 5728        hidserv         (84067081f3318162797385e11a8f0582) C:\Windows\system32\hidserv.dll

19:21:33.0686 5728        hidserv - ok

19:21:33.0717 5728        HidUsb          (3c64042b95e583b366ba4e5d2450235e) C:\Windows\system32\drivers\hidusb.sys

19:21:33.0717 5728        HidUsb - ok

19:21:33.0889 5728        hkmsvc          (d8ad255b37da92434c26e4876db7d418) C:\Windows\system32\kmsvc.dll

19:21:33.0889 5728        hkmsvc - ok

19:21:33.0967 5728        HpCISSs         (16ee7b23a009e00d835cdb79574a91a6) C:\Windows\system32\drivers\hpcisss.sys

19:21:33.0967 5728        HpCISSs - ok

19:21:34.0045 5728        HTTP            (f870aa3e254628ebeafe754108d664de) C:\Windows\system32\drivers\HTTP.sys

19:21:34.0060 5728        HTTP - ok

19:21:34.0091 5728        i2omp           (c6b032d69650985468160fc9937cf5b4) C:\Windows\system32\drivers\i2omp.sys

19:21:34.0091 5728        i2omp - ok

19:21:34.0185 5728        i8042prt        (22d56c8184586b7a1f6fa60be5f5a2bd) C:\Windows\system32\DRIVERS\i8042prt.sys

19:21:34.0185 5728        i8042prt - ok

19:21:34.0263 5728        IAANTMON        (e03216d695cdc2d223afc0cab4498888) C:\Program Files\Intel\Intel Matrix Storage Manager\IAANTMon.exe

19:21:34.0263 5728        IAANTMON - ok

19:21:34.0325 5728        iaStor          (9f1220113a3a7f4f08042c699324d073) C:\Windows\system32\DRIVERS\iaStor.sys

19:21:34.0325 5728        iaStor - ok

19:21:34.0419 5728        iaStorV         (54155ea1b0df185878e0fc9ec3ac3a14) C:\Windows\system32\drivers\iastorv.sys

19:21:34.0419 5728        iaStorV - ok

19:21:34.0497 5728        idsvc           (98477b08e61945f974ed9fdc4cb6bdab) C:\Windows\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\infocard.exe

19:21:34.0513 5728        idsvc - ok

19:21:34.0591 5728        iirsp           (2d077bf86e843f901d8db709c95b49a5) C:\Windows\system32\drivers\iirsp.sys

19:21:34.0591 5728        iirsp - ok

19:21:34.0669 5728        IKEEXT          (9908d8a397b76cd8d31d0d383c5773c9) C:\Windows\System32\ikeext.dll

19:21:34.0669 5728        IKEEXT - ok

19:21:34.0793 5728        IntcAzAudAddService (ffd2b3bc042596abe785d3c15f51ab46) C:\Windows\system32\drivers\RTKVHDA.sys

19:21:34.0840 5728        IntcAzAudAddService - ok

19:21:34.0934 5728        intelide        (83aa759f3189e6370c30de5dc5590718) C:\Windows\system32\drivers\intelide.sys

19:21:34.0934 5728        intelide - ok

19:21:34.0965 5728        intelppm        (224191001e78c89dfa78924c3ea595ff) C:\Windows\system32\DRIVERS\intelppm.sys

19:21:34.0965 5728        intelppm - ok

19:21:35.0043 5728        IPBusEnum       (9ac218c6e6105477484c6fdbe7d409a4) C:\Windows\system32\ipbusenum.dll

19:21:35.0043 5728        IPBusEnum - ok

19:21:35.0121 5728        IpFilterDriver  (62c265c38769b864cb25b4bcf62df6c3) C:\Windows\system32\DRIVERS\ipfltdrv.sys

19:21:35.0121 5728        IpFilterDriver - ok

19:21:35.0183 5728        iphlpsvc        (1998bd97f950680bb55f55a7244679c2) C:\Windows\System32\iphlpsvc.dll

19:21:35.0183 5728        iphlpsvc - ok

19:21:35.0246 5728        IpInIp - ok

19:21:35.0277 5728        IPMIDRV         (b25aaf203552b7b3491139d582b39ad1) C:\Windows\system32\drivers\ipmidrv.sys

19:21:35.0277 5728        IPMIDRV - ok

19:21:35.0355 5728        IPNAT           (8793643a67b42cec66490b2a0cf92d68) C:\Windows\system32\DRIVERS\ipnat.sys

19:21:35.0355 5728        IPNAT - ok

19:21:35.0433 5728        iPod Service    (ce004777b92dea56fe14ec900d20baa4) C:\Program Files\iPod\bin\iPodService.exe

19:21:35.0449 5728        iPod Service - ok

19:21:35.0511 5728        IRENUM          (109c0dfb82c3632fbd11949b73aeeac9) C:\Windows\system32\drivers\irenum.sys

19:21:35.0511 5728        IRENUM - ok

19:21:35.0589 5728        isapnp          (6c70698a3e5c4376c6ab5c7c17fb0614) C:\Windows\system32\drivers\isapnp.sys

19:21:35.0589 5728        isapnp - ok

19:21:35.0667 5728        iScsiPrt        (232fa340531d940aac623b121a595034) C:\Windows\system32\DRIVERS\msiscsi.sys

19:21:35.0667 5728        iScsiPrt - ok

19:21:35.0745 5728        iteatapi        (bced60d16156e428f8df8cf27b0df150) C:\Windows\system32\drivers\iteatapi.sys

19:21:35.0745 5728        iteatapi - ok

19:21:35.0823 5728        iteraid         (06fa654504a498c30adca8bec4e87e7e) C:\Windows\system32\drivers\iteraid.sys

19:21:35.0823 5728        iteraid - ok

19:21:35.0854 5728        kbdclass        (37605e0a8cf00cbba538e753e4344c6e) C:\Windows\system32\DRIVERS\kbdclass.sys

19:21:35.0854 5728        kbdclass - ok

19:21:35.0885 5728        kbdhid          (18247836959ba67e3511b62846b9c2e0) C:\Windows\system32\drivers\kbdhid.sys

19:21:35.0885 5728        kbdhid - ok

19:21:35.0948 5728        KeyIso          (a3e186b4b935905b829219502557314e) C:\Windows\system32\lsass.exe

19:21:35.0963 5728        KeyIso - ok

19:21:36.0041 5728        KSecDD          (2b2f1638466e8cb091400c9019cc730e) C:\Windows\system32\Drivers\ksecdd.sys

19:21:36.0041 5728        KSecDD - ok

19:21:36.0119 5728        KtmRm           (8078f8f8f7a79e2e6b494523a828c585) C:\Windows\system32\msdtckrm.dll

19:21:36.0119 5728        KtmRm - ok

19:21:36.0213 5728        LanmanServer    (1bf5eebfd518dd7298434d8c862f825d) C:\Windows\system32\srvsvc.dll

19:21:36.0213 5728        LanmanServer - ok

19:21:36.0322 5728        LanmanWorkstation (1db69705b695b987082c8baec0c6b34f) C:\Windows\System32\wkssvc.dll

19:21:36.0322 5728        LanmanWorkstation - ok

19:21:36.0400 5728        LgBttPort       (4dd47b5af0b24871ebb9efc012a7474e) C:\Windows\system32\DRIVERS\lgbtport.sys

19:21:36.0400 5728        LgBttPort - ok

19:21:36.0494 5728        lgbusenum       (1d038ca6c529203087a990e5e97887b4) C:\Windows\system32\DRIVERS\lgbtbus.sys

19:21:36.0494 5728        lgbusenum - ok

19:21:36.0556 5728        LGVMODEM        (26f1976a330195d62a6224c76968cf0d) C:\Windows\system32\DRIVERS\lgvmodem.sys

19:21:36.0556 5728        LGVMODEM - ok

19:21:36.0619 5728        lltdio          (d1c5883087a0c3f1344d9d55a44901f6) C:\Windows\system32\DRIVERS\lltdio.sys

19:21:36.0619 5728        lltdio - ok

19:21:36.0712 5728        lltdsvc         (2d5a428872f1442631d0959a34abff63) C:\Windows\System32\lltdsvc.dll

19:21:36.0712 5728        lltdsvc - ok

19:21:36.0759 5728        lmhosts         (35d40113e4a5b961b6ce5c5857702518) C:\Windows\System32\lmhsvc.dll

19:21:36.0759 5728        lmhosts - ok

19:21:36.0821 5728        LSI_FC          (c7e15e82879bf3235b559563d4185365) C:\Windows\system32\drivers\lsi_fc.sys

19:21:36.0821 5728        LSI_FC - ok

19:21:36.0915 5728        LSI_SAS         (ee01ebae8c9bf0fa072e0ff68718920a) C:\Windows\system32\drivers\lsi_sas.sys

19:21:36.0915 5728        LSI_SAS - ok

19:21:36.0977 5728        LSI_SCSI        (912a04696e9ca30146a62afa1463dd5c) C:\Windows\system32\drivers\lsi_scsi.sys

19:21:36.0977 5728        LSI_SCSI - ok

19:21:37.0040 5728        luafv           (8f5c7426567798e62a3b3614965d62cc) C:\Windows\system32\drivers\luafv.sys

19:21:37.0040 5728        luafv - ok

19:21:37.0133 5728        MBAMProtector   (fb097bbc1a18f044bd17bd2fccf97865) C:\Windows\system32\drivers\mbam.sys

19:21:37.0133 5728        MBAMProtector - ok

19:21:37.0243 5728        MBAMService     (ba400ed640bca1eae5c727ae17c10207) C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe

19:21:37.0243 5728        MBAMService - ok

19:21:37.0305 5728        Mcx2Svc         (aef9babb8a506bc4ce0451a64aaded46) C:\Windows\system32\Mcx2Svc.dll

19:21:37.0305 5728        Mcx2Svc - ok

19:21:37.0414 5728        megasas         (0001ce609d66632fa17b84705f658879) C:\Windows\system32\drivers\megasas.sys

19:21:37.0414 5728        megasas - ok

19:21:37.0508 5728        MegaSR          (c252f32cd9a49dbfc25ecf26ebd51a99) C:\Windows\system32\drivers\megasr.sys

19:21:37.0508 5728        MegaSR - ok

19:21:37.0586 5728        Microsoft SharePoint Workspace Audit Service - ok

19:21:37.0679 5728        MMCSS           (1076ffcffaae8385fd62dfcb25ac4708) C:\Windows\system32\mmcss.dll

19:21:37.0679 5728        MMCSS - ok

19:21:37.0742 5728        Modem           (e13b5ea0f51ba5b1512ec671393d09ba) C:\Windows\system32\drivers\modem.sys

19:21:37.0742 5728        Modem - ok

19:21:37.0851 5728        monitor         (0a9bb33b56e294f686abb7c1e4e2d8a8) C:\Windows\system32\DRIVERS\monitor.sys

19:21:37.0851 5728        monitor - ok

19:21:37.0898 5728        mouclass        (5bf6a1326a335c5298477754a506d263) C:\Windows\system32\DRIVERS\mouclass.sys

19:21:37.0898 5728        mouclass - ok

19:21:37.0945 5728        mouhid          (93b8d4869e12cfbe663915502900876f) C:\Windows\system32\drivers\mouhid.sys

19:21:37.0945 5728        mouhid - ok

19:21:37.0991 5728        MountMgr        (bdafc88aa6b92f7842416ea6a48e1600) C:\Windows\system32\drivers\mountmgr.sys

19:21:37.0991 5728        MountMgr - ok

19:21:38.0069 5728        mpio            (511d011289755dd9f9a7579fb0b064e6) C:\Windows\system32\drivers\mpio.sys

19:21:38.0069 5728        mpio - ok

19:21:38.0132 5728        mpsdrv          (22241feba9b2defa669c8cb0a8dd7d2e) C:\Windows\system32\drivers\mpsdrv.sys

19:21:38.0132 5728        mpsdrv - ok

19:21:38.0210 5728        MpsSvc          (5de62c6e9108f14f6794060a9bdecaec) C:\Windows\system32\mpssvc.dll

19:21:38.0225 5728        MpsSvc - ok

19:21:38.0288 5728        Mraid35x        (4fbbb70d30fd20ec51f80061703b001e) C:\Windows\system32\drivers\mraid35x.sys

19:21:38.0288 5728        Mraid35x - ok

19:21:38.0381 5728        MRxDAV          (82cea0395524aacfeb58ba1448e8325c) C:\Windows\system32\drivers\mrxdav.sys

19:21:38.0397 5728        MRxDAV - ok

19:21:38.0444 5728        mrxsmb          (1e94971c4b446ab2290deb71d01cf0c2) C:\Windows\system32\DRIVERS\mrxsmb.sys

19:21:38.0444 5728        mrxsmb - ok

19:21:38.0506 5728        mrxsmb10        (4fccb34d793b116423209c0f8b7a3b03) C:\Windows\system32\DRIVERS\mrxsmb10.sys

19:21:38.0506 5728        mrxsmb10 - ok

19:21:38.0569 5728        mrxsmb20        (c3cb1b40ad4a0124d617a1199b0b9d7c) C:\Windows\system32\DRIVERS\mrxsmb20.sys

19:21:38.0569 5728        mrxsmb20 - ok

19:21:38.0662 5728        msahci          (28023e86f17001f7cd9b15a5bc9ae07d) C:\Windows\system32\drivers\msahci.sys

19:21:38.0662 5728        msahci - ok

19:21:38.0709 5728        msdsm           (4468b0f385a86ecddaf8d3ca662ec0e7) C:\Windows\system32\drivers\msdsm.sys

19:21:38.0709 5728        msdsm - ok

19:21:38.0771 5728        MSDTC           (fd7520cc3a80c5fc8c48852bb24c6ded) C:\Windows\System32\msdtc.exe

19:21:38.0771 5728        MSDTC - ok

19:21:38.0865 5728        Msfs            (a9927f4a46b816c92f461acb90cf8515) C:\Windows\system32\drivers\Msfs.sys

19:21:38.0865 5728        Msfs - ok

19:21:38.0896 5728        msisadrv        (0f400e306f385c56317357d6dea56f62) C:\Windows\system32\drivers\msisadrv.sys

19:21:38.0896 5728        msisadrv - ok

19:21:38.0974 5728        MSiSCSI         (85466c0757a23d9a9aecdc0755203cb2) C:\Windows\system32\iscsiexe.dll

19:21:38.0974 5728        MSiSCSI - ok

19:21:39.0037 5728        msiserver - ok

19:21:39.0099 5728        MSKSSRV         (d8c63d34d9c9e56c059e24ec7185cc07) C:\Windows\system32\drivers\MSKSSRV.sys

19:21:39.0099 5728        MSKSSRV - ok

19:21:39.0193 5728        MSPCLOCK        (1d373c90d62ddb641d50e55b9e78d65e) C:\Windows\system32\drivers\MSPCLOCK.sys

19:21:39.0193 5728        MSPCLOCK - ok

19:21:39.0302 5728        MSPQM           (b572da05bf4e098d4bba3a4734fb505b) C:\Windows\system32\drivers\MSPQM.sys

19:21:39.0302 5728        MSPQM - ok

19:21:39.0380 5728        MsRPC           (b49456d70555de905c311bcda6ec6adb) C:\Windows\system32\drivers\MsRPC.sys

19:21:39.0380 5728        MsRPC - ok

19:21:39.0442 5728        mssmbios        (e384487cb84be41d09711c30ca79646c) C:\Windows\system32\DRIVERS\mssmbios.sys

19:21:39.0442 5728        mssmbios - ok

19:21:39.0489 5728        MSTEE           (7199c1eec1e4993caf96b8c0a26bd58a) C:\Windows\system32\drivers\MSTEE.sys

19:21:39.0489 5728        MSTEE - ok

19:21:39.0598 5728        Mup             (6a57b5733d4cb702c8ea4542e836b96c) C:\Windows\system32\Drivers\mup.sys

19:21:39.0614 5728        Mup - ok

19:21:39.0692 5728        napagent        (e4eaf0c5c1b41b5c83386cf212ca9584) C:\Windows\system32\qagentRT.dll

19:21:39.0707 5728        napagent - ok

19:21:39.0785 5728        NativeWifiP     (85c44fdff9cf7e72a40dcb7ec06a4416) C:\Windows\system32\DRIVERS\nwifi.sys

19:21:39.0785 5728        NativeWifiP - ok

19:21:39.0910 5728        NDIS            (1357274d1883f68300aeadd15d7bbb42) C:\Windows\system32\drivers\ndis.sys

19:21:39.0910 5728        NDIS - ok

19:21:39.0973 5728        NdisTapi        (0e186e90404980569fb449ba7519ae61) C:\Windows\system32\DRIVERS\ndistapi.sys

19:21:39.0973 5728        NdisTapi - ok

19:21:40.0035 5728        Ndisuio         (d6973aa34c4d5d76c0430b181c3cd389) C:\Windows\system32\DRIVERS\ndisuio.sys

19:21:40.0035 5728        Ndisuio - ok

19:21:40.0129 5728        NdisWan         (818f648618ae34f729fdb47ec68345c3) C:\Windows\system32\DRIVERS\ndiswan.sys

19:21:40.0144 5728        NdisWan - ok

19:21:40.0207 5728        NDProxy         (71dab552b41936358f3b541ae5997fb3) C:\Windows\system32\drivers\NDProxy.sys

19:21:40.0222 5728        NDProxy - ok

19:21:40.0285 5728        NetBIOS         (bcd093a5a6777cf626434568dc7dba78) C:\Windows\system32\DRIVERS\netbios.sys

19:21:40.0285 5728        NetBIOS - ok

19:21:40.0331 5728        netbt           (ecd64230a59cbd93c85f1cd1cab9f3f6) C:\Windows\system32\DRIVERS\netbt.sys

19:21:40.0347 5728        netbt - ok

19:21:40.0441 5728        Netlogon        (a3e186b4b935905b829219502557314e) C:\Windows\system32\lsass.exe

19:21:40.0441 5728        Netlogon - ok

19:21:40.0487 5728        Netman          (c8052711daecc48b982434c5116ca401) C:\Windows\System32\netman.dll

19:21:40.0503 5728        Netman - ok

19:21:40.0550 5728        netprofm        (2ef3bbe22e5a5acd1428ee387a0d0172) C:\Windows\System32\netprofm.dll

19:21:40.0550 5728        netprofm - ok

19:21:40.0659 5728        netr28          (b05ffe38336193a9b988b00b230c5b80) C:\Windows\system32\DRIVERS\netr28.sys

19:21:40.0659 5728        netr28 - ok

19:21:40.0721 5728        NetTcpPortSharing (d6c4e4a39a36029ac0813d476fbd0248) C:\Windows\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\SMSvcHost.exe

19:21:40.0721 5728        NetTcpPortSharing - ok

19:21:40.0815 5728        nfrd960         (2e7fb731d4790a1bc6270accefacb36e) C:\Windows\system32\drivers\nfrd960.sys

19:21:40.0815 5728        nfrd960 - ok

19:21:40.0877 5728        NlaSvc          (2997b15415f9bbe05b5a4c1c85e0c6a2) C:\Windows\System32\nlasvc.dll

19:21:40.0893 5728        NlaSvc - ok

19:21:40.0955 5728        Npfs            (d36f239d7cce1931598e8fb90a0dbc26) C:\Windows\system32\drivers\Npfs.sys

19:21:40.0955 5728        Npfs - ok

19:21:41.0018 5728        nsi             (8bb86f0c7eea2bded6fe095d0b4ca9bd) C:\Windows\system32\nsisvc.dll

19:21:41.0018 5728        nsi - ok

19:21:41.0096 5728        nsiproxy        (609773e344a97410ce4ebf74a8914fcf) C:\Windows\system32\drivers\nsiproxy.sys

19:21:41.0096 5728        nsiproxy - ok

19:21:41.0189 5728        Ntfs            (6a4a98cee84cf9e99564510dda4baa47) C:\Windows\system32\drivers\Ntfs.sys

19:21:41.0221 5728        Ntfs - ok

19:21:41.0314 5728        ntrigdigi       (e875c093aec0c978a90f30c9e0dfbb72) C:\Windows\system32\drivers\ntrigdigi.sys

19:21:41.0314 5728        ntrigdigi - ok

19:21:41.0361 5728        Null            (c5dbbcda07d780bda9b685df333bb41e) C:\Windows\system32\drivers\Null.sys

19:21:41.0361 5728        Null - ok

19:21:41.0439 5728        NVHDA           (11be4b269549173cff542591e4be2c08) C:\Windows\system32\drivers\nvhda32v.sys

19:21:41.0439 5728        NVHDA - ok

19:21:41.0689 5728        nvlddmkm        (440690da4358d9682dbcc56da7d419ab) C:\Windows\system32\DRIVERS\nvlddmkm.sys

19:21:41.0845 5728        nvlddmkm - ok

19:21:41.0938 5728        nvraid          (2edf9e7751554b42cbb60116de727101) C:\Windows\system32\drivers\nvraid.sys

19:21:41.0938 5728        nvraid - ok

19:21:42.0001 5728        nvstor          (abed0c09758d1d97db0042dbb2688177) C:\Windows\system32\drivers\nvstor.sys

19:21:42.0001 5728        nvstor - ok

19:21:42.0063 5728        nvsvc           (11e1dc466c3e384c1a697b95dc5aa785) C:\Windows\system32\nvvsvc.exe

19:21:42.0063 5728        nvsvc - ok

19:21:42.0110 5728        nv_agp          (18bbdf913916b71bd54575bdb6eeac0b) C:\Windows\system32\drivers\nv_agp.sys

19:21:42.0125 5728        nv_agp - ok

19:21:42.0188 5728        NwlnkFlt - ok

19:21:42.0235 5728        NwlnkFwd - ok

19:21:42.0297 5728        ohci1394        (be32da025a0be1878f0ee8d6d9386cd5) C:\Windows\system32\drivers\ohci1394.sys

19:21:42.0297 5728        ohci1394 - ok

19:21:42.0344 5728        ose             (9d10f99a6712e28f8acd5641e3a7ea6b) C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE

19:21:42.0359 5728        ose - ok

19:21:42.0547 5728        osppsvc         (358a9cca612c68eb2f07ddad4ce1d8d7) C:\Program Files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE

19:21:42.0562 5728        osppsvc - ok

19:21:42.0687 5728        p2pimsvc        (0c8e8e61ad1eb0b250b846712c917506) C:\Windows\system32\p2psvc.dll

19:21:42.0703 5728        p2pimsvc - ok

19:21:42.0718 5728        p2psvc          (0c8e8e61ad1eb0b250b846712c917506) C:\Windows\system32\p2psvc.dll

19:21:42.0734 5728        p2psvc - ok

19:21:42.0796 5728        Parport         (0fa9b5055484649d63c303fe404e5f4d) C:\Windows\system32\drivers\parport.sys

19:21:42.0796 5728        Parport - ok

19:21:42.0859 5728        partmgr         (57389fa59a36d96b3eb09d0cb91e9cdc) C:\Windows\system32\drivers\partmgr.sys

19:21:42.0859 5728        partmgr - ok

19:21:42.0921 5728        Parvdm          (4f9a6a8a31413180d0fcb279ad5d8112) C:\Windows\system32\drivers\parvdm.sys

19:21:42.0921 5728        Parvdm - ok

19:21:42.0968 5728        PcaSvc          (c6276ad11f4bb49b58aa1ed88537f14a) C:\Windows\System32\pcasvc.dll

19:21:42.0968 5728        PcaSvc - ok

19:21:43.0046 5728        pci             (941dc1d19e7e8620f40bbc206981efdb) C:\Windows\system32\drivers\pci.sys

19:21:43.0046 5728        pci - ok

19:21:43.0093 5728        pciide          (fc175f5ddab666d7f4d17449a547626f) C:\Windows\system32\drivers\pciide.sys

19:21:43.0093 5728        pciide - ok

19:21:43.0155 5728        pcmcia          (e6f3fb1b86aa519e7698ad05e58b04e5) C:\Windows\system32\drivers\pcmcia.sys

19:21:43.0155 5728        pcmcia - ok

19:21:43.0217 5728        PEAUTH          (6349f6ed9c623b44b52ea3c63c831a92) C:\Windows\system32\drivers\peauth.sys

19:21:43.0233 5728        PEAUTH - ok

19:21:43.0327 5728        pla             (b1689df169143f57053f795390c99db3) C:\Windows\system32\pla.dll

19:21:43.0358 5728        pla - ok

19:21:43.0436 5728        PlugPlay        (c5e7f8a996ec0a82d508fd9064a5569e) C:\Windows\system32\umpnpmgr.dll

19:21:43.0451 5728        PlugPlay - ok

19:21:43.0514 5728        PNRPAutoReg     (0c8e8e61ad1eb0b250b846712c917506) C:\Windows\system32\p2psvc.dll

19:21:43.0514 5728        PNRPAutoReg - ok

19:21:43.0545 5728        PNRPsvc         (0c8e8e61ad1eb0b250b846712c917506) C:\Windows\system32\p2psvc.dll

19:21:43.0561 5728        PNRPsvc - ok

19:21:43.0592 5728        PolicyAgent     (d0494460421a03cd5225cca0059aa146) C:\Windows\System32\ipsecsvc.dll

19:21:43.0592 5728        PolicyAgent - ok

19:21:43.0685 5728        PptpMiniport    (ecfffaec0c1ecd8dbc77f39070ea1db1) C:\Windows\system32\DRIVERS\raspptp.sys

19:21:43.0685 5728        PptpMiniport - ok

19:21:43.0732 5728        Processor       (2027293619dd0f047c584cf2e7df4ffd) C:\Windows\system32\drivers\processr.sys

19:21:43.0732 5728        Processor - ok

19:21:43.0779 5728        ProfSvc         (0508faa222d28835310b7bfca7a77346) C:\Windows\system32\profsvc.dll

19:21:43.0779 5728        ProfSvc - ok

19:21:43.0841 5728        ProtectedStorage (a3e186b4b935905b829219502557314e) C:\Windows\system32\lsass.exe

19:21:43.0841 5728        ProtectedStorage - ok

19:21:43.0935 5728        PSched          (99514faa8df93d34b5589187db3aa0ba) C:\Windows\system32\DRIVERS\pacer.sys

19:21:43.0935 5728        PSched - ok

19:21:43.0997 5728        ql2300          (0a6db55afb7820c99aa1f3a1d270f4f6) C:\Windows\system32\drivers\ql2300.sys

19:21:44.0029 5728        ql2300 - ok

19:21:44.0091 5728        ql40xx          (81a7e5c076e59995d54bc1ed3a16e60b) C:\Windows\system32\drivers\ql40xx.sys

19:21:44.0091 5728        ql40xx - ok

19:21:44.0169 5728        QWAVE           (e9ecae663f47e6cb43962d18ab18890f) C:\Windows\system32\qwave.dll

19:21:44.0169 5728        QWAVE - ok

19:21:44.0216 5728        QWAVEdrv        (9f5e0e1926014d17486901c88eca2db7) C:\Windows\system32\drivers\qwavedrv.sys

19:21:44.0216 5728        QWAVEdrv - ok

19:21:44.0247 5728        RasAcd          (147d7f9c556d259924351feb0de606c3) C:\Windows\system32\DRIVERS\rasacd.sys

19:21:44.0247 5728        RasAcd - ok

19:21:44.0294 5728        RasAuto         (f6a452eb4ceadbb51c9e0ee6b3ecef0f) C:\Windows\System32\rasauto.dll

19:21:44.0294 5728        RasAuto - ok

19:21:44.0356 5728        Rasl2tp         (a214adbaf4cb47dd2728859ef31f26b0) C:\Windows\system32\DRIVERS\rasl2tp.sys

19:21:44.0356 5728        Rasl2tp - ok

19:21:44.0450 5728        RasMan          (75d47445d70ca6f9f894b032fbc64fcf) C:\Windows\System32\rasmans.dll

19:21:44.0450 5728        RasMan - ok

19:21:44.0528 5728        RasPppoe        (509a98dd18af4375e1fc40bc175f1def) C:\Windows\system32\DRIVERS\raspppoe.sys

19:21:44.0528 5728        RasPppoe - ok

19:21:44.0606 5728        RasSstp         (2005f4a1e05fa09389ac85840f0a9e4d) C:\Windows\system32\DRIVERS\rassstp.sys

19:21:44.0606 5728        RasSstp - ok

19:21:44.0715 5728        rdbss           (b14c9d5b9add2f84f70570bbbfaa7935) C:\Windows\system32\DRIVERS\rdbss.sys

19:21:44.0715 5728        rdbss - ok

19:21:44.0777 5728        RDPCDD          (89e59be9a564262a3fb6c4f4f1cd9899) C:\Windows\system32\DRIVERS\RDPCDD.sys

19:21:44.0777 5728        RDPCDD - ok

19:21:44.0840 5728        rdpdr           (fbc0bacd9c3d7f6956853f64a66e252d) C:\Windows\system32\drivers\rdpdr.sys

19:21:44.0840 5728        rdpdr - ok

19:21:44.0902 5728        RDPENCDD        (9d91fe5286f748862ecffa05f8a0710c) C:\Windows\system32\drivers\rdpencdd.sys

19:21:44.0902 5728        RDPENCDD - ok

19:21:44.0965 5728        RDPWD           (79c6df8477250f5c54f7c5ae1d6b814e) C:\Windows\system32\drivers\RDPWD.sys

19:21:44.0965 5728        RDPWD - ok

19:21:45.0043 5728        RemoteAccess    (bcdd6b4804d06b1f7ebf29e53a57ece9) C:\Windows\System32\mprdim.dll

19:21:45.0043 5728        RemoteAccess - ok

19:21:45.0105 5728        RemoteRegistry  (9e6894ea18daff37b63e1005f83ae4ab) C:\Windows\system32\regsvc.dll

19:21:45.0105 5728        RemoteRegistry - ok

19:21:45.0199 5728        RFCOMM          (34cc78c06587718c2ad6d3aa83b1f072) C:\Windows\system32\DRIVERS\rfcomm.sys

19:21:45.0199 5728        RFCOMM - ok

19:21:45.0261 5728        RpcLocator      (5123f83cbc4349d065534eeb6bbdc42b) C:\Windows\system32\locator.exe

19:21:45.0261 5728        RpcLocator - ok

19:21:45.0651 5728        RpcSs           (3b5b4d53fec14f7476ca29a20cc31ac9) C:\Windows\system32\rpcss.dll

19:21:45.0651 5728        RpcSs - ok

19:21:45.0745 5728        rspndr          (9c508f4074a39e8b4b31d27198146fad) C:\Windows\system32\DRIVERS\rspndr.sys

19:21:45.0745 5728        rspndr - ok

19:21:45.0838 5728        RTL8169         (2d19a7469ea19993d0c12e627f4530bc) C:\Windows\system32\DRIVERS\Rtlh86.sys

19:21:45.0838 5728        RTL8169 - ok

19:21:45.0885 5728        RTSTOR          (b0538dea03e088b80482ca939f4e8740) C:\Windows\system32\drivers\RTSTOR.SYS

19:21:45.0885 5728        RTSTOR - ok

19:21:45.0947 5728        SamSs           (a3e186b4b935905b829219502557314e) C:\Windows\system32\lsass.exe

19:21:45.0947 5728        SamSs - ok

19:21:46.0010 5728        sbp2port        (3ce8f073a557e172b330109436984e30) C:\Windows\system32\drivers\sbp2port.sys

19:21:46.0010 5728        sbp2port - ok

19:21:46.0088 5728        SCardSvr        (77b7a11a0c3d78d3386398fbbea1b632) C:\Windows\System32\SCardSvr.dll

19:21:46.0088 5728        SCardSvr - ok

19:21:46.0197 5728        Schedule        (1a58069db21d05eb2ab58ee5753ebe8d) C:\Windows\system32\schedsvc.dll

19:21:46.0197 5728        Schedule - ok

19:21:46.0228 5728        SCPolicySvc     (312ec3e37a0a1f2006534913e37b4423) C:\Windows\System32\certprop.dll

19:21:46.0228 5728        SCPolicySvc - ok

19:21:46.0275 5728        SDRSVC          (716313d9f6b0529d03f726d5aaf6f191) C:\Windows\System32\SDRSVC.dll

19:21:46.0291 5728        SDRSVC - ok

19:21:46.0353 5728        secdrv          (90a3935d05b494a5a39d37e71f09a677) C:\Windows\system32\drivers\secdrv.sys

19:21:46.0353 5728        secdrv - ok

19:21:46.0415 5728        seclogon        (fd5199d4d8a521005e4b5ee7fe00fa9b) C:\Windows\system32\seclogon.dll

19:21:46.0415 5728        seclogon - ok

19:21:46.0447 5728        SENS            (a9bbab5759771e523f55563d6cbe140f) C:\Windows\System32\sens.dll

19:21:46.0462 5728        SENS - ok

19:21:46.0478 5728        Serenum         (68e44e331d46f0fb38f0863a84cd1a31) C:\Windows\system32\drivers\serenum.sys

19:21:46.0493 5728        Serenum - ok

19:21:46.0540 5728        Serial          (c70d69a918b178d3c3b06339b40c2e1b) C:\Windows\system32\drivers\serial.sys

19:21:46.0540 5728        Serial - ok

19:21:46.0603 5728        sermouse        (8af3d28a879bf75db53a0ee7a4289624) C:\Windows\system32\drivers\sermouse.sys

19:21:46.0603 5728        sermouse - ok

19:21:46.0696 5728        SessionEnv      (d2193326f729b163125610dbf3e17d57) C:\Windows\system32\sessenv.dll

19:21:46.0696 5728        SessionEnv - ok

19:21:46.0727 5728        sffdisk         (3efa810bdca87f6ecc24f9832243fe86) C:\Windows\system32\drivers\sffdisk.sys

19:21:46.0727 5728        sffdisk - ok

19:21:46.0759 5728        sffp_mmc        (e95d451f7ea3e583aec75f3b3ee42dc5) C:\Windows\system32\drivers\sffp_mmc.sys

19:21:46.0774 5728        sffp_mmc - ok

19:21:46.0837 5728        sffp_sd         (3d0ea348784b7ac9ea9bd9f317980979) C:\Windows\system32\drivers\sffp_sd.sys

19:21:46.0837 5728        sffp_sd - ok

19:21:46.0899 5728        sfloppy         (46ed8e91793b2e6f848015445a0ac188) C:\Windows\system32\drivers\sfloppy.sys

19:21:46.0899 5728        sfloppy - ok

19:21:46.0961 5728        SharedAccess    (e1499bd0ff76b1b2fbbf1af339d91165) C:\Windows\System32\ipnathlp.dll

19:21:46.0961 5728        SharedAccess - ok

19:21:47.0024 5728        ShellHWDetection (c7230fbee14437716701c15be02c27b8) C:\Windows\System32\shsvcs.dll

19:21:47.0039 5728        ShellHWDetection - ok

19:21:47.0102 5728        sisagp          (1d76624a09a054f682d746b924e2dbc3) C:\Windows\system32\drivers\sisagp.sys

19:21:47.0102 5728        sisagp - ok

19:21:47.0164 5728        SiSRaid2        (43cb7aa756c7db280d01da9b676cfde2) C:\Windows\system32\drivers\sisraid2.sys

19:21:47.0180 5728        SiSRaid2 - ok

19:21:47.0211 5728        SiSRaid4        (a99c6c8b0baa970d8aa59ddc50b57f94) C:\Windows\system32\drivers\sisraid4.sys

19:21:47.0211 5728        SiSRaid4 - ok

19:21:47.0336 5728        slsvc           (862bb4cbc05d80c5b45be430e5ef872f) C:\Windows\system32\SLsvc.exe

19:21:47.0414 5728        slsvc - ok

19:21:47.0492 5728        SLUINotify      (6edc422215cd78aa8a9cde6b30abbd35) C:\Windows\system32\SLUINotify.dll

19:21:47.0507 5728        SLUINotify - ok

19:21:47.0617 5728        Smb             (7b75299a4d201d6a6533603d6914ab04) C:\Windows\system32\DRIVERS\smb.sys

19:21:47.0617 5728        Smb - ok

19:21:47.0679 5728        SNMPTRAP        (2a146a055b4401c16ee62d18b8e2a032) C:\Windows\System32\snmptrap.exe

19:21:47.0679 5728        SNMPTRAP - ok

19:21:47.0757 5728        spldr           (7aebdeef071fe28b0eef2cdd69102bff) C:\Windows\system32\drivers\spldr.sys

19:21:47.0757 5728        spldr - ok

19:21:47.0804 5728        Spooler         (8554097e5136c3bf9f69fe578a1b35f4) C:\Windows\System32\spoolsv.exe

19:21:47.0804 5728        Spooler - ok

19:21:47.0897 5728        srv             (41987f9fc0e61adf54f581e15029ad91) C:\Windows\system32\DRIVERS\srv.sys

19:21:47.0897 5728        srv - ok

19:21:47.0975 5728        srv2            (ff33aff99564b1aa534f58868cbe41ef) C:\Windows\system32\DRIVERS\srv2.sys

19:21:47.0975 5728        srv2 - ok

19:21:48.0007 5728        srvnet          (7605c0e1d01a08f3ecd743f38b834a44) C:\Windows\system32\DRIVERS\srvnet.sys

19:21:48.0007 5728        srvnet - ok

19:21:48.0053 5728        SSDPSRV         (03d50b37234967433a5ea5ba72bc0b62) C:\Windows\System32\ssdpsrv.dll

19:21:48.0053 5728        SSDPSRV - ok

19:21:48.0131 5728        ssmdrv          (a36ee93698802cd899f98bfd553d8185) C:\Windows\system32\DRIVERS\ssmdrv.sys

19:21:48.0147 5728        ssmdrv - ok

19:21:48.0194 5728        SstpSvc         (6f1a32e7b7b30f004d9a20afadb14944) C:\Windows\system32\sstpsvc.dll

19:21:48.0209 5728        SstpSvc - ok

19:21:48.0272 5728        stisvc          (5de7d67e49b88f5f07f3e53c4b92a352) C:\Windows\System32\wiaservc.dll

19:21:48.0287 5728        stisvc - ok

19:21:48.0365 5728        swenum          (7ba58ecf0c0a9a69d44b3dca62becf56) C:\Windows\system32\DRIVERS\swenum.sys

19:21:48.0365 5728        swenum - ok

19:21:48.0443 5728        swprv           (f21fd248040681cca1fb6c9a03aaa93d) C:\Windows\System32\swprv.dll

19:21:48.0459 5728        swprv - ok

19:21:48.0490 5728        Symc8xx         (192aa3ac01df071b541094f251deed10) C:\Windows\system32\drivers\symc8xx.sys

19:21:48.0490 5728        Symc8xx - ok

19:21:48.0537 5728        Sym_hi          (8c8eb8c76736ebaf3b13b633b2e64125) C:\Windows\system32\drivers\sym_hi.sys

19:21:48.0537 5728        Sym_hi - ok

19:21:48.0599 5728        Sym_u3          (8072af52b5fd103bbba387a1e49f62cb) C:\Windows\system32\drivers\sym_u3.sys

19:21:48.0599 5728        Sym_u3 - ok

19:21:48.0693 5728        SynTP           (55f6e55cc2430ca8713387106fa79817) C:\Windows\system32\DRIVERS\SynTP.sys

19:21:48.0693 5728        SynTP - ok

19:21:48.0755 5728        SysMain         (9a51b04e9886aa4ee90093586b0ba88d) C:\Windows\system32\sysmain.dll

19:21:48.0771 5728        SysMain - ok

19:21:48.0849 5728        TabletInputService (2dca225eae15f42c0933e998ee0231c3) C:\Windows\System32\TabSvc.dll

19:21:48.0865 5728        TabletInputService - ok

19:21:48.0927 5728        TapiSrv         (d7673e4b38ce21ee54c59eeeb65e2483) C:\Windows\System32\tapisrv.dll

19:21:48.0927 5728        TapiSrv - ok

19:21:48.0974 5728        TBS             (cb05822cd9cc6c688168e113c603dbe7) C:\Windows\System32\tbssvc.dll

19:21:48.0974 5728        TBS - ok

19:21:49.0052 5728        Tcpip           (814a1c66fbd4e1b310a517221f1456bf) C:\Windows\system32\drivers\tcpip.sys

19:21:49.0052 5728        Tcpip - ok

19:21:49.0130 5728        Tcpip6          (814a1c66fbd4e1b310a517221f1456bf) C:\Windows\system32\DRIVERS\tcpip.sys

19:21:49.0130 5728        Tcpip6 - ok

19:21:49.0208 5728        tcpipreg        (608c345a255d82a6289c2d468eb41fd7) C:\Windows\system32\drivers\tcpipreg.sys

19:21:49.0208 5728        tcpipreg - ok

19:21:49.0255 5728        TDPIPE          (5dcf5e267be67a1ae926f2df77fbcc56) C:\Windows\system32\drivers\tdpipe.sys

19:21:49.0255 5728        TDPIPE - ok

19:21:49.0301 5728        TDTCP           (389c63e32b3cefed425b61ed92d3f021) C:\Windows\system32\drivers\tdtcp.sys

19:21:49.0301 5728        TDTCP - ok

19:21:49.0379 5728        tdx             (76b06eb8a01fc8624d699e7045303e54) C:\Windows\system32\DRIVERS\tdx.sys

19:21:49.0379 5728        tdx - ok

19:21:49.0457 5728        TermDD          (3cad38910468eab9a6479e2f01db43c7) C:\Windows\system32\DRIVERS\termdd.sys

19:21:49.0457 5728        TermDD - ok

19:21:49.0535 5728        TermService     (bb95da09bef6e7a131bff3ba5032090d) C:\Windows\System32\termsrv.dll

19:21:49.0535 5728        TermService - ok

19:21:49.0613 5728        Themes          (c7230fbee14437716701c15be02c27b8) C:\Windows\system32\shsvcs.dll

19:21:49.0629 5728        Themes - ok

19:21:49.0691 5728        THREADORDER     (1076ffcffaae8385fd62dfcb25ac4708) C:\Windows\system32\mmcss.dll

19:21:49.0691 5728        THREADORDER - ok

19:21:49.0723 5728        TrkWks          (ec74e77d0eb004bd3a809b5f8fb8c2ce) C:\Windows\System32\trkwks.dll

19:21:49.0738 5728        TrkWks - ok

19:21:49.0769 5728        TrustedInstaller (97d9d6a04e3ad9b6c626b9931db78dba) C:\Windows\servicing\TrustedInstaller.exe

19:21:49.0769 5728        TrustedInstaller - ok

19:21:49.0879 5728        tssecsrv        (dcf0f056a2e4f52287264f5ab29cf206) C:\Windows\system32\DRIVERS\tssecsrv.sys

19:21:49.0879 5728        tssecsrv - ok

19:21:49.0925 5728        tunmp           (caecc0120ac49e3d2f758b9169872d38) C:\Windows\system32\DRIVERS\tunmp.sys

19:21:49.0925 5728        tunmp - ok

19:21:49.0988 5728        tunnel          (300db877ac094feab0be7688c3454a9c) C:\Windows\system32\DRIVERS\tunnel.sys

19:21:49.0988 5728        tunnel - ok

19:21:50.0019 5728        uagp35          (7d33c4db2ce363c8518d2dfcf533941f) C:\Windows\system32\drivers\uagp35.sys

19:21:50.0019 5728        uagp35 - ok

19:21:50.0128 5728        udfs            (d9728af68c4c7693cb100b8441cbdec6) C:\Windows\system32\DRIVERS\udfs.sys

19:21:50.0128 5728        udfs - ok

19:21:50.0206 5728        UI0Detect       (ecef404f62863755951e09c802c94ad5) C:\Windows\system32\UI0Detect.exe

19:21:50.0206 5728        UI0Detect - ok

19:21:50.0253 5728        uliagpkx        (b0acfdc9e4af279e9116c03e014b2b27) C:\Windows\system32\drivers\uliagpkx.sys

19:21:50.0269 5728        uliagpkx - ok

19:21:50.0347 5728        uliahci         (9224bb254f591de4ca8d572a5f0d635c) C:\Windows\system32\drivers\uliahci.sys

19:21:50.0347 5728        uliahci - ok

19:21:50.0409 5728        UlSata          (8514d0e5cd0534467c5fc61be94a569f) C:\Windows\system32\drivers\ulsata.sys

19:21:50.0409 5728        UlSata - ok

19:21:50.0456 5728        ulsata2         (38c3c6e62b157a6bc46594fada45c62b) C:\Windows\system32\drivers\ulsata2.sys

19:21:50.0471 5728        ulsata2 - ok

19:21:50.0549 5728        umbus           (32cff9f809ae9aed85464492bf3e32d2) C:\Windows\system32\DRIVERS\umbus.sys

19:21:50.0549 5728        umbus - ok

19:21:50.0596 5728        upnphost        (68308183f4ae0be7bf8ecd07cb297999) C:\Windows\System32\upnphost.dll

19:21:50.0596 5728        upnphost - ok

19:21:50.0674 5728        USBAAPL         (83cafcb53201bbac04d822f32438e244) C:\Windows\system32\Drivers\usbaapl.sys

19:21:50.0674 5728        USBAAPL - ok

19:21:50.0752 5728        usbbus          (9419faac6552a51542dbba02971c841c) C:\Windows\system32\DRIVERS\lgusbbus.sys

19:21:50.0768 5728        usbbus - ok

19:21:50.0799 5728        usbccgp         (caf811ae4c147ffcd5b51750c7f09142) C:\Windows\system32\DRIVERS\usbccgp.sys

19:21:50.0799 5728        usbccgp - ok

19:21:50.0846 5728        usbcir          (e9476e6c486e76bc4898074768fb7131) C:\Windows\system32\drivers\usbcir.sys

19:21:50.0846 5728        usbcir - ok

19:21:50.0908 5728        UsbDiag         (c0a466fa4ffec464320e159bc1bbdc0c) C:\Windows\system32\DRIVERS\lgusbdiag.sys

19:21:50.0908 5728        UsbDiag - ok

19:21:51.0017 5728        usbehci         (79e96c23a97ce7b8f14d310da2db0c9b) C:\Windows\system32\DRIVERS\usbehci.sys

19:21:51.0017 5728        usbehci - ok

19:21:51.0064 5728        usbhub          (4673bbcb006af60e7abddbe7a130ba42) C:\Windows\system32\DRIVERS\usbhub.sys

19:21:51.0080 5728        usbhub - ok

19:21:51.0158 5728        USBModem        (f74a54774a9b0afeb3c40adec68aa600) C:\Windows\system32\DRIVERS\lgusbmodem.sys

19:21:51.0158 5728        USBModem - ok

19:21:51.0189 5728        usbohci         (38dbc7dd6cc5a72011f187425384388b) C:\Windows\system32\drivers\usbohci.sys

19:21:51.0189 5728        usbohci - ok

19:21:51.0283 5728        usbprint        (e75c4b5269091d15a2e7dc0b6d35f2f5) C:\Windows\system32\DRIVERS\usbprint.sys

19:21:51.0283 5728        usbprint - ok

19:21:51.0345 5728        USBSTOR         (be3da31c191bc222d9ad503c5224f2ad) C:\Windows\system32\DRIVERS\USBSTOR.SYS

19:21:51.0345 5728        USBSTOR - ok

19:21:51.0376 5728        usbuhci         (814d653efc4d48be3b04a307eceff56f) C:\Windows\system32\DRIVERS\usbuhci.sys

19:21:51.0376 5728        usbuhci - ok

19:21:51.0439 5728        usbvideo        (e67998e8f14cb0627a769f6530bcb352) C:\Windows\system32\Drivers\usbvideo.sys

19:21:51.0439 5728        usbvideo - ok

19:21:51.0532 5728        UxSms           (1509e705f3ac1d474c92454a5c2dd81f) C:\Windows\System32\uxsms.dll

19:21:51.0532 5728        UxSms - ok

19:21:51.0595 5728        vds             (cd88d1b7776dc17a119049742ec07eb4) C:\Windows\System32\vds.exe

19:21:51.0610 5728        vds - ok

19:21:51.0673 5728        vga             (87b06e1f30b749a114f74622d013f8d4) C:\Windows\system32\DRIVERS\vgapnp.sys

19:21:51.0688 5728        vga - ok

19:21:51.0751 5728        VgaSave         (2e93ac0a1d8c79d019db6c51f036636c) C:\Windows\System32\drivers\vga.sys

19:21:51.0751 5728        VgaSave - ok

19:21:51.0782 5728        viaagp          (5d7159def58a800d5781ba3a879627bc) C:\Windows\system32\drivers\viaagp.sys

19:21:51.0782 5728        viaagp - ok

19:21:51.0813 5728        ViaC7           (c4f3a691b5bad343e6249bd8c2d45dee) C:\Windows\system32\drivers\viac7.sys

19:21:51.0813 5728        ViaC7 - ok

19:21:51.0907 5728        viaide          (aadf5587a4063f52c2c3fed7887426fc) C:\Windows\system32\drivers\viaide.sys

19:21:51.0907 5728        viaide - ok

19:21:51.0969 5728        volmgr          (69503668ac66c77c6cd7af86fbdf8c43) C:\Windows\system32\drivers\volmgr.sys

19:21:51.0969 5728        volmgr - ok

19:21:52.0031 5728        volmgrx         (23e41b834759917bfd6b9a0d625d0c28) C:\Windows\system32\drivers\volmgrx.sys

19:21:52.0047 5728        volmgrx - ok

19:21:52.0125 5728        volsnap         (147281c01fcb1df9252de2a10d5e7093) C:\Windows\system32\drivers\volsnap.sys

19:21:52.0125 5728        volsnap - ok

19:21:52.0219 5728        vsmraid         (587253e09325e6bf226b299774b728a9) C:\Windows\system32\drivers\vsmraid.sys

19:21:52.0219 5728        vsmraid - ok

19:21:52.0312 5728        VSS             (db3d19f850c6eb32bdcb9bc0836acddb) C:\Windows\system32\vssvc.exe

19:21:52.0328 5728        VSS - ok

19:21:52.0390 5728        W32Time         (96ea68b9eb310a69c25ebb0282b2b9de) C:\Windows\system32\w32time.dll

19:21:52.0406 5728        W32Time - ok

19:21:52.0499 5728        WacomPen        (48dfee8f1af7c8235d4e626f0c4fe031) C:\Windows\system32\drivers\wacompen.sys

19:21:52.0499 5728        WacomPen - ok

19:21:52.0531 5728        Wanarp          (55201897378cca7af8b5efd874374a26) C:\Windows\system32\DRIVERS\wanarp.sys

19:21:52.0531 5728        Wanarp - ok

19:21:52.0531 5728        Wanarpv6        (55201897378cca7af8b5efd874374a26) C:\Windows\system32\DRIVERS\wanarp.sys

19:21:52.0531 5728        Wanarpv6 - ok

19:21:52.0577 5728        wcncsvc         (a3cd60fd826381b49f03832590e069af) C:\Windows\System32\wcncsvc.dll

19:21:52.0577 5728        wcncsvc - ok

19:21:52.0640 5728        WcsPlugInService (11bcb7afcdd7aadacb5746f544d3a9c7) C:\Windows\System32\WcsPlugInService.dll

19:21:52.0640 5728        WcsPlugInService - ok

19:21:52.0749 5728        Wd              (78fe9542363f297b18c027b2d7e7c07f) C:\Windows\system32\drivers\wd.sys

19:21:52.0749 5728        Wd - ok

19:21:52.0811 5728        Wdf01000        (b6f0a7ad6d4bd325fbcd8bac96cd8d96) C:\Windows\system32\drivers\Wdf01000.sys

19:21:52.0811 5728        Wdf01000 - ok

19:21:52.0874 5728        WdiServiceHost  (abfc76b48bb6c96e3338d8943c5d93b5) C:\Windows\system32\wdi.dll

19:21:52.0874 5728        WdiServiceHost - ok

19:21:52.0889 5728        WdiSystemHost   (abfc76b48bb6c96e3338d8943c5d93b5) C:\Windows\system32\wdi.dll

19:21:52.0889 5728        WdiSystemHost - ok

19:21:52.0967 5728        WebClient       (04c37d8107320312fbae09926103d5e2) C:\Windows\System32\webclnt.dll

19:21:52.0967 5728        WebClient - ok

19:21:53.0030 5728        Wecsvc          (ae3736e7e8892241c23e4ebbb7453b60) C:\Windows\system32\wecsvc.dll

19:21:53.0030 5728        Wecsvc - ok

19:21:53.0077 5728        wercplsupport   (670ff720071ed741206d69bd995ea453) C:\Windows\System32\wercplsupport.dll

19:21:53.0077 5728        wercplsupport - ok

19:21:53.0155 5728        WerSvc          (32b88481d3b326da6deb07b1d03481e7) C:\Windows\System32\WerSvc.dll

19:21:53.0155 5728        WerSvc - ok

19:21:53.0233 5728        WimFltr         (f9ad3a5e3fd7e0bdb18b8202b0fdd4e4) C:\Windows\system32\DRIVERS\wimfltr.sys

19:21:53.0233 5728        WimFltr - ok

19:21:53.0295 5728        WinDefend       (4575aa12561c5648483403541d0d7f2b) C:\Program Files\Windows Defender\mpsvc.dll

19:21:53.0295 5728        WinDefend - ok

19:21:53.0311 5728        WinHttpAutoProxySvc - ok

19:21:53.0404 5728        Winmgmt         (6b2a1d0e80110e3d04e6863c6e62fd8a) C:\Windows\system32\wbem\WMIsvc.dll

19:21:53.0404 5728        Winmgmt - ok

19:21:53.0529 5728        WinRM           (7cfe68bdc065e55aa5e8421607037511) C:\Windows\system32\WsmSvc.dll

19:21:53.0560 5728        WinRM - ok

19:21:53.0638 5728        Wlansvc         (c008405e4feeb069e30da1d823910234) C:\Windows\System32\wlansvc.dll

19:21:53.0654 5728        Wlansvc - ok

19:21:53.0716 5728        WmiAcpi         (2e7255d172df0b8283cdfb7b433b864e) C:\Windows\system32\DRIVERS\wmiacpi.sys

19:21:53.0716 5728        WmiAcpi - ok

19:21:53.0794 5728        wmiApSrv        (43be3875207dcb62a85c8c49970b66cc) C:\Windows\system32\wbem\WmiApSrv.exe

19:21:53.0810 5728        wmiApSrv - ok

19:21:53.0872 5728        WMPNetworkSvc   (3978704576a121a9204f8cc49a301a9b) C:\Program Files\Windows Media Player\wmpnetwk.exe

19:21:53.0888 5728        WMPNetworkSvc - ok

19:21:53.0935 5728        WPCSvc          (cfc5a04558f5070cee3e3a7809f3ff52) C:\Windows\System32\wpcsvc.dll

19:21:53.0935 5728        WPCSvc - ok

19:21:54.0028 5728        WPDBusEnum      (801fbdb89d472b3c467eb112a0fc9246) C:\Windows\system32\wpdbusenum.dll

19:21:54.0028 5728        WPDBusEnum - ok

19:21:54.0106 5728        WpdUsb          (de9d36f91a4df3d911626643debf11ea) C:\Windows\system32\DRIVERS\wpdusb.sys

19:21:54.0106 5728        WpdUsb - ok

19:21:54.0231 5728        WPFFontCache_v0400 (dcf3e3edf5109ee8bc02fe6e1f045795) C:\Windows\Microsoft.NET\Framework\v4.0.30319\WPF\WPFFontCache_v0400.exe

19:21:54.0262 5728        WPFFontCache_v0400 - ok

19:21:54.0356 5728        ws2ifsl         (e3a3cb253c0ec2494d4a61f5e43a389c) C:\Windows\system32\drivers\ws2ifsl.sys

19:21:54.0356 5728        ws2ifsl - ok

19:21:54.0418 5728        wscsvc          (1ca6c40261ddc0425987980d0cd2aaab) C:\Windows\System32\wscsvc.dll

19:21:54.0434 5728        wscsvc - ok

19:21:54.0449 5728        WSearch - ok

19:21:54.0512 5728        WSVD            (b7f30c50a2e6e46822cd388608e06bb4) C:\Windows\system32\drivers\WSVD.sys

19:21:54.0512 5728        WSVD - ok

19:21:54.0652 5728        wuauserv        (6298277b73c77fa99106b271a7525163) C:\Windows\system32\wuaueng.dll

19:21:54.0668 5728        wuauserv - ok

19:21:54.0746 5728        WUDFRd          (ac13cb789d93412106b0fb6c7eb2bcb6) C:\Windows\system32\DRIVERS\WUDFRd.sys

19:21:54.0746 5728        WUDFRd - ok

19:21:54.0808 5728        wudfsvc         (575a4190d989f64732119e4114045a4f) C:\Windows\System32\WUDFSvc.dll

19:21:54.0808 5728        wudfsvc - ok

19:21:54.0839 5728        MBR (0x1B8)     (c8c6dc722d4ef7ca320585d4bd90474e) \Device\Harddisk0\DR0

19:21:57.0819 5728        \Device\Harddisk0\DR0 - ok

19:21:57.0850 5728        Boot (0x1200)   (270b3243ae81a193ddeddfaa453c2f38) \Device\Harddisk0\DR0\Partition0

19:21:57.0850 5728        \Device\Harddisk0\DR0\Partition0 - ok

19:21:57.0881 5728        Boot (0x1200)   (56838bff36871812752f8d6c6bebc618) \Device\Harddisk0\DR0\Partition1

19:21:57.0881 5728        \Device\Harddisk0\DR0\Partition1 - ok

19:21:57.0881 5728        ============================================================

19:21:57.0881 5728        Scan finished

zweiter Teil:

Code:

 19:21:57.0881 5728        ============================================================

19:21:57.0897 5620        Detected object count: 0

19:21:57.0897 5620        Actual detected object count: 0

19:23:02.0114 3252        ============================================================

19:23:02.0114 3252        Scan started

19:23:02.0114 3252        Mode: Manual; SigCheck; TDLFS; 

19:23:02.0114 3252        ============================================================

19:23:03.0455 3252        ACPI            (82b296ae1892fe3dbee00c9cf92f8ac7) C:\Windows\system32\drivers\acpi.sys

19:23:03.0611 3252        ACPI - ok

19:23:03.0689 3252        AdobeFlashPlayerUpdateSvc (459ac130c6ab892b1cd5d7544626efc5) C:\Windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe

19:23:03.0705 3252        AdobeFlashPlayerUpdateSvc - ok

19:23:03.0830 3252        adp94xx         (04f0fcac69c7c71a3ac4eb97fafc8303) C:\Windows\system32\drivers\adp94xx.sys

19:23:03.0861 3252        adp94xx - ok

19:23:03.0923 3252        adpahci         (60505e0041f7751bdbb80f88bf45c2ce) C:\Windows\system32\drivers\adpahci.sys

19:23:03.0939 3252        adpahci - ok

19:23:04.0048 3252        adpu160m        (8a42779b02aec986eab64ecfc98f8bd7) C:\Windows\system32\drivers\adpu160m.sys

19:23:04.0064 3252        adpu160m - ok

19:23:04.0095 3252        adpu320         (241c9e37f8ce45ef51c3de27515ca4e5) C:\Windows\system32\drivers\adpu320.sys

19:23:04.0111 3252        adpu320 - ok

19:23:04.0204 3252        AeLookupSvc     (9d1fda9e086ba64e3c93c9de32461bcf) C:\Windows\System32\aelupsvc.dll

19:23:04.0267 3252        AeLookupSvc - ok

19:23:04.0345 3252        AFD             (3911b972b55fea0478476b2e777b29fa) C:\Windows\system32\drivers\afd.sys

19:23:04.0391 3252        AFD - ok

19:23:04.0501 3252        AgereModemAudio (efbc44fbd75e4f80bd927aebf6e7eade) C:\Windows\system32\agrsmsvc.exe

19:23:04.0547 3252        AgereModemAudio - ok

19:23:04.0610 3252        AgereSoftModem  (1cfeba39fc613e45b49d3eddfbcda289) C:\Windows\system32\DRIVERS\AGRSM.sys

19:23:04.0813 3252        AgereSoftModem - ok

19:23:04.0906 3252        agp440          (13f9e33747e6b41a3ff305c37db0d360) C:\Windows\system32\drivers\agp440.sys

19:23:04.0922 3252        agp440 - ok

19:23:04.0953 3252        aic78xx         (ae1fdf7bf7bb6c6a70f67699d880592a) C:\Windows\system32\drivers\djsvs.sys

19:23:04.0969 3252        aic78xx - ok

19:23:05.0078 3252        ALG             (a1545b731579895d8cc44fc0481c1192) C:\Windows\System32\alg.exe

19:23:05.0125 3252        ALG - ok

19:23:05.0234 3252        aliide          (9eaef5fc9b8e351afa7e78a6fae91f91) C:\Windows\system32\drivers\aliide.sys

19:23:05.0249 3252        aliide - ok

19:23:05.0390 3252        amdagp          (c47344bc706e5f0b9dce369516661578) C:\Windows\system32\drivers\amdagp.sys

19:23:05.0391 3252        amdagp - ok

19:23:05.0500 3252        amdide          (9b78a39a4c173fdbc1321e0dd659b34c) C:\Windows\system32\drivers\amdide.sys

19:23:05.0500 3252        amdide - ok

19:23:05.0578 3252        AmdK7           (18f29b49ad23ecee3d2a826c725c8d48) C:\Windows\system32\drivers\amdk7.sys

19:23:05.0625 3252        AmdK7 - ok

19:23:05.0718 3252        AmdK8           (93ae7f7dd54ab986a6f1a1b37be7442d) C:\Windows\system32\drivers\amdk8.sys

19:23:05.0765 3252        AmdK8 - ok

19:23:06.0202 3252        AntiVirSchedulerService (a122d68ea2541453f787f341877cb40b) C:\Program Files\Avira\AntiVir Desktop\sched.exe

19:23:06.0218 3252        AntiVirSchedulerService - ok

19:23:06.0249 3252        AntiVirService  (2fe359edeb34efcf42574752f8aebd3f) C:\Program Files\Avira\AntiVir Desktop\avguard.exe

19:23:06.0249 3252        AntiVirService - ok

19:23:06.0374 3252        Appinfo         (c6d704c7f0434dc791aac37cac4b6e14) C:\Windows\System32\appinfo.dll

19:23:06.0406 3252        Appinfo - ok

19:23:06.0499 3252        Apple Mobile Device (7ef47644b74ebe721cc32211d3c35e76) C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe

19:23:06.0499 3252        Apple Mobile Device - ok

19:23:06.0562 3252        arc             (5d2888182fb46632511acee92fdad522) C:\Windows\system32\drivers\arc.sys

19:23:06.0562 3252        arc - ok

19:23:06.0624 3252        arcsas          (5e2a321bd7c8b3624e41fdec3e244945) C:\Windows\system32\drivers\arcsas.sys

19:23:06.0640 3252        arcsas - ok

19:23:06.0671 3252        AsyncMac        (53b202abee6455406254444303e87be1) C:\Windows\system32\DRIVERS\asyncmac.sys

19:23:06.0733 3252        AsyncMac - ok

19:23:06.0780 3252        atapi           (1f05b78ab91c9075565a9d8a4b880bc4) C:\Windows\system32\drivers\atapi.sys

19:23:06.0796 3252        atapi - ok

19:23:06.0858 3252        AudioEndpointBuilder (68e2a1a0407a66cf50da0300852424ab) C:\Windows\System32\Audiosrv.dll

19:23:06.0889 3252        AudioEndpointBuilder - ok

19:23:06.0905 3252        Audiosrv        (68e2a1a0407a66cf50da0300852424ab) C:\Windows\System32\Audiosrv.dll

19:23:06.0936 3252        Audiosrv - ok

19:23:07.0014 3252        avgntflt        (7713e4eb0276702faa08e52a6e23f2a6) C:\Windows\system32\DRIVERS\avgntflt.sys

19:23:07.0045 3252        avgntflt - ok

19:23:07.0077 3252        avipbb          (13b02b9b969dde270cd7c351203dad3c) C:\Windows\system32\DRIVERS\avipbb.sys

19:23:07.0092 3252        avipbb - ok

19:23:07.0139 3252        avkmgr          (271cfd1a989209b1964e24d969552bf7) C:\Windows\system32\DRIVERS\avkmgr.sys

19:23:07.0139 3252        avkmgr - ok

19:23:07.0186 3252        Beep            (67e506b75bd5326a3ec7b70bd014dfb6) C:\Windows\system32\drivers\Beep.sys

19:23:07.0233 3252        Beep - ok

19:23:07.0326 3252        BFE             (c789af0f724fda5852fb9a7d3a432381) C:\Windows\System32\bfe.dll

19:23:07.0357 3252        BFE - ok

19:23:07.0435 3252        BITS            (93952506c6d67330367f7e7934b6a02f) C:\Windows\System32\qmgr.dll

19:23:07.0498 3252        BITS - ok

19:23:07.0560 3252        blbdrive        (d4df28447741fd3d953526e33a617397) C:\Windows\system32\drivers\blbdrive.sys

19:23:07.0607 3252        blbdrive - ok

19:23:07.0669 3252        Bonjour Service (db5bea73edaf19ac68b2c0fad0f92b1a) C:\Program Files\Bonjour\mDNSResponder.exe

19:23:07.0685 3252        Bonjour Service - ok

19:23:07.0794 3252        bowser          (35f376253f687bde63976ccb3f2108ca) C:\Windows\system32\DRIVERS\bowser.sys

19:23:07.0825 3252        bowser - ok

19:23:07.0872 3252        BrFiltLo        (9f9acc7f7ccde8a15c282d3f88b43309) C:\Windows\system32\drivers\brfiltlo.sys

19:23:07.0919 3252        BrFiltLo - ok

19:23:07.0997 3252        BrFiltUp        (56801ad62213a41f6497f96dee83755a) C:\Windows\system32\drivers\brfiltup.sys

19:23:08.0044 3252        BrFiltUp - ok

19:23:08.0106 3252        Browser         (a3629a0c4226f9e9c72faaeebc3ad33c) C:\Windows\System32\browser.dll

19:23:08.0153 3252        Browser - ok

19:23:08.0231 3252        Brserid         (b304e75cff293029eddf094246747113) C:\Windows\system32\drivers\brserid.sys

19:23:08.0325 3252        Brserid - ok

19:23:08.0371 3252        BrSerWdm        (203f0b1e73adadbbb7b7b1fabd901f6b) C:\Windows\system32\drivers\brserwdm.sys

19:23:08.0418 3252        BrSerWdm - ok

19:23:08.0512 3252        BrUsbMdm        (bd456606156ba17e60a04e18016ae54b) C:\Windows\system32\drivers\brusbmdm.sys

19:23:08.0559 3252        BrUsbMdm - ok

19:23:08.0605 3252        BrUsbSer        (af72ed54503f717a43268b3cc5faec2e) C:\Windows\system32\drivers\brusbser.sys

19:23:08.0668 3252        BrUsbSer - ok

19:23:08.0761 3252        BthEnum         (da7b195275bda7f8fcf79b40e0f45dde) C:\Windows\system32\DRIVERS\BthEnum.sys

19:23:08.0793 3252        BthEnum - ok

19:23:08.0902 3252        BTHMODEM        (ad07c1ec6665b8b35741ab91200c6b68) C:\Windows\system32\drivers\bthmodem.sys

19:23:08.0949 3252        BTHMODEM - ok

19:23:09.0151 3252        BthPan          (5904efa25f829bf84ea6fb045134a1d8) C:\Windows\system32\DRIVERS\bthpan.sys

19:23:09.0198 3252        BthPan - ok

19:23:09.0307 3252        BTHPORT         (671134053d59e23704f08db19f11e10b) C:\Windows\system32\Drivers\BTHport.sys

19:23:09.0370 3252        BTHPORT - ok

19:23:09.0417 3252        BthServ         (a4c8377fa4a994e07075107dbe2e3dce) C:\Windows\System32\bthserv.dll

19:23:09.0448 3252        BthServ - ok

19:23:09.0557 3252        BTHUSB          (93d7007e2c660dfcca6ae72622740b14) C:\Windows\system32\Drivers\BTHUSB.sys

19:23:09.0619 3252        BTHUSB - ok

19:23:09.0697 3252        cdfs            (7add03e75beb9e6dd102c3081d29840a) C:\Windows\system32\DRIVERS\cdfs.sys

19:23:09.0713 3252        cdfs - ok

19:23:09.0791 3252        cdrom           (6b4bffb9becd728097024276430db314) C:\Windows\system32\DRIVERS\cdrom.sys

19:23:09.0822 3252        cdrom - ok

19:23:09.0900 3252        CertPropSvc     (312ec3e37a0a1f2006534913e37b4423) C:\Windows\System32\certprop.dll

19:23:09.0947 3252        CertPropSvc - ok

19:23:10.0025 3252        circlass        (e5d4133f37219dbcfe102bc61072589d) C:\Windows\system32\drivers\circlass.sys

19:23:10.0072 3252        circlass - ok

19:23:10.0165 3252        CLFS            (d7659d3b5b92c31e84e53c1431f35132) C:\Windows\system32\CLFS.sys

19:23:10.0181 3252        CLFS - ok

19:23:10.0243 3252        clr_optimization_v2.0.50727_32 (8ee772032e2fe80a924f3b8dd5082194) C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe

19:23:10.0259 3252        clr_optimization_v2.0.50727_32 - ok

19:23:10.0368 3252        clr_optimization_v4.0.30319_32 (c5a75eb48e2344abdc162bda79e16841) C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe

19:23:10.0399 3252        clr_optimization_v4.0.30319_32 - ok

19:23:10.0477 3252        CmBatt          (99afc3795b58cc478fbbbcdc658fcb56) C:\Windows\system32\DRIVERS\CmBatt.sys

19:23:10.0540 3252        CmBatt - ok

19:23:10.0618 3252        cmdide          (0ca25e686a4928484e9fdabd168ab629) C:\Windows\system32\drivers\cmdide.sys

19:23:10.0618 3252        cmdide - ok

19:23:10.0680 3252        Compbatt        (6afef0b60fa25de07c0968983ee4f60a) C:\Windows\system32\DRIVERS\compbatt.sys

19:23:10.0696 3252        Compbatt - ok

19:23:10.0743 3252        COMSysApp - ok

19:23:10.0805 3252        crcdisk         (741e9dff4f42d2d8477d0fc1dc0df871) C:\Windows\system32\drivers\crcdisk.sys

19:23:10.0805 3252        crcdisk - ok

19:23:10.0867 3252        Crusoe          (1f07becdca750766a96cda811ba86410) C:\Windows\system32\drivers\crusoe.sys

19:23:10.0914 3252        Crusoe - ok

19:23:11.0008 3252        CryptSvc        (fb27772beaf8e1d28ccd825c09da939b) C:\Windows\system32\cryptsvc.dll

19:23:11.0039 3252        CryptSvc - ok

19:23:11.0133 3252        DcomLaunch      (3b5b4d53fec14f7476ca29a20cc31ac9) C:\Windows\system32\rpcss.dll

19:23:11.0179 3252        DcomLaunch - ok

19:23:11.0289 3252        DfsC            (622c41a07ca7e6dd91770f50d532cb6c) C:\Windows\system32\Drivers\dfsc.sys

19:23:11.0320 3252        DfsC - ok

19:23:11.0460 3252        DFSR            (2cc3dcfb533a1035b13dcab6160ab38b) C:\Windows\system32\DFSR.exe

19:23:11.0538 3252        DFSR - ok

19:23:11.0647 3252        Dhcp            (9028559c132146fb75eb7acf384b086a) C:\Windows\System32\dhcpcsvc.dll

19:23:11.0663 3252        Dhcp - ok

19:23:11.0772 3252        disk            (5d4aefc3386920236a548271f8f1af6a) C:\Windows\system32\drivers\disk.sys

19:23:11.0788 3252        disk - ok

19:23:11.0881 3252        Dnscache        (57d762f6f5974af0da2be88a3349baaa) C:\Windows\System32\dnsrslvr.dll

19:23:11.0913 3252        Dnscache - ok

19:23:12.0006 3252        dot3svc         (324fd74686b1ef5e7c19a8af49e748f6) C:\Windows\System32\dot3svc.dll

19:23:12.0037 3252        dot3svc - ok

19:23:12.0131 3252        DPS             (a622e888f8aa2f6b49e9bc466f0e5def) C:\Windows\system32\dps.dll

19:23:12.0178 3252        DPS - ok

19:23:12.0271 3252        drmkaud         (97fef831ab90bee128c9af390e243f80) C:\Windows\system32\drivers\drmkaud.sys

19:23:12.0318 3252        drmkaud - ok

19:23:12.0443 3252        DXGKrnl         (c68ac676b0ef30cfbb1080adce49eb1f) C:\Windows\System32\drivers\dxgkrnl.sys

19:23:12.0490 3252        DXGKrnl - ok

19:23:12.0599 3252        E1G60           (5425f74ac0c1dbd96a1e04f17d63f94c) C:\Windows\system32\DRIVERS\E1G60I32.sys

19:23:12.0646 3252        E1G60 - ok

19:23:12.0739 3252        EapHost         (c0b95e40d85cd807d614e264248a45b9) C:\Windows\System32\eapsvc.dll

19:23:12.0771 3252        EapHost - ok

19:23:12.0895 3252        Ecache          (7f64ea048dcfac7acf8b4d7b4e6fe371) C:\Windows\system32\drivers\ecache.sys

19:23:12.0911 3252        Ecache - ok

19:23:12.0973 3252        ehRecvr         (9be3744d295a7701eb425332014f0797) C:\Windows\ehome\ehRecvr.exe

19:23:12.0989 3252        ehRecvr - ok

19:23:13.0005 3252        ehSched         (ad1870c8e5d6dd340c829e6074bf3c3f) C:\Windows\ehome\ehsched.exe

19:23:13.0036 3252        ehSched - ok

19:23:13.0083 3252        ehstart         (c27c4ee8926e74aa72efcab24c5242c3) C:\Windows\ehome\ehstart.dll

19:23:13.0114 3252        ehstart - ok

19:23:13.0223 3252        elxstor         (23b62471681a124889978f6295b3f4c6) C:\Windows\system32\drivers\elxstor.sys

19:23:13.0239 3252        elxstor - ok

19:23:13.0363 3252        EMDMgmt         (4e6b23dfc917ea39306b529b773950f4) C:\Windows\system32\emdmgmt.dll

19:23:13.0395 3252        EMDMgmt - ok

19:23:13.0551 3252        ErrDev          (3db974f3935483555d7148663f726c61) C:\Windows\system32\drivers\errdev.sys

19:23:13.0582 3252        ErrDev - ok

19:23:13.0691 3252        EventSystem     (67058c46504bc12d821f38cf99b7b28f) C:\Windows\system32\es.dll

19:23:13.0738 3252        EventSystem - ok

19:23:13.0847 3252        exfat           (22b408651f9123527bcee54b4f6c5cae) C:\Windows\system32\drivers\exfat.sys

19:23:13.0894 3252        exfat - ok

19:23:13.0972 3252        Fabs - ok

19:23:14.0112 3252        fastfat         (1e9b9a70d332103c52995e957dc09ef8) C:\Windows\system32\drivers\fastfat.sys

19:23:14.0143 3252        fastfat - ok

19:23:14.0253 3252        fdc             (afe1e8b9782a0dd7fb46bbd88e43f89a) C:\Windows\system32\DRIVERS\fdc.sys

19:23:14.0299 3252        fdc - ok

19:23:14.0377 3252        fdPHost         (6629b5f0e98151f4afdd87567ea32ba3) C:\Windows\system32\fdPHost.dll

19:23:14.0409 3252        fdPHost - ok

19:23:14.0502 3252        FDResPub        (89ed56dce8e47af40892778a5bd31fd2) C:\Windows\system32\fdrespub.dll

19:23:14.0549 3252        FDResPub - ok

19:23:14.0705 3252        FileInfo        (a8c0139a884861e3aae9cfe73b208a9f) C:\Windows\system32\drivers\fileinfo.sys

19:23:14.0705 3252        FileInfo - ok

19:23:14.0783 3252        Filetrace       (0ae429a696aecbc5970e3cf2c62635ae) C:\Windows\system32\drivers\filetrace.sys

19:23:14.0830 3252        Filetrace - ok

19:23:14.0986 3252        FirebirdServerMAGIXInstance (fff1130f7c9fa01d093a1edfc5cce8fc) C:\Program Files\Common Files\MAGIX Services\Database\bin\fbserver.exe

19:23:15.0157 3252        FirebirdServerMAGIXInstance ( UnsignedFile.Multi.Generic ) - warning

19:23:15.0157 3252        FirebirdServerMAGIXInstance - detected UnsignedFile.Multi.Generic (1)

19:23:15.0267 3252        flpydisk        (85b7cf99d532820495d68d747fda9ebd) C:\Windows\system32\DRIVERS\flpydisk.sys

19:23:15.0282 3252        flpydisk - ok

19:23:15.0345 3252        FltMgr          (01334f9ea68e6877c4ef05d3ea8abb05) C:\Windows\system32\drivers\fltmgr.sys

19:23:15.0360 3252        FltMgr - ok

19:23:15.0485 3252        FontCache       (8ce364388c8eca59b14b539179276d44) C:\Windows\system32\FntCache.dll

19:23:15.0547 3252        FontCache - ok

19:23:15.0641 3252        FontCache3.0.0.0 (c7fbdd1ed42f82bfa35167a5c9803ea3) C:\Windows\Microsoft.Net\Framework\v3.0\WPF\PresentationFontCache.exe

19:23:15.0641 3252        FontCache3.0.0.0 - ok

19:23:15.0735 3252        Fs_Rec          (b972a66758577e0bfd1de0f91aaa27b5) C:\Windows\system32\drivers\Fs_Rec.sys

19:23:15.0766 3252        Fs_Rec - ok

19:23:15.0828 3252        gagp30kx        (34582a6e6573d54a07ece5fe24a126b5) C:\Windows\system32\drivers\gagp30kx.sys

19:23:15.0844 3252        gagp30kx - ok

19:23:15.0937 3252        GEARAspiWDM     (8182ff89c65e4d38b2de4bb0fb18564e) C:\Windows\system32\DRIVERS\GEARAspiWDM.sys

19:23:15.0953 3252        GEARAspiWDM - ok

19:23:16.0031 3252        gpsvc           (cd5d0aeee35dfd4e986a5aa1500a6e66) C:\Windows\System32\gpsvc.dll

19:23:16.0062 3252        gpsvc - ok

19:23:16.0171 3252        HdAudAddService (cb04c744be0a61b1d648faed182c3b59) C:\Windows\system32\drivers\HdAudio.sys

19:23:16.0234 3252        HdAudAddService - ok

19:23:16.0327 3252        HDAudBus        (062452b7ffd68c8c042a6261fe8dff4a) C:\Windows\system32\DRIVERS\HDAudBus.sys

19:23:16.0359 3252        HDAudBus - ok

19:23:16.0483 3252        HidBth          (1338520e78d90154ed6be8f84de5fceb) C:\Windows\system32\drivers\hidbth.sys

19:23:16.0530 3252        HidBth - ok

19:23:16.0577 3252        HidIr           (ff3160c3a2445128c5a6d9b076da519e) C:\Windows\system32\drivers\hidir.sys

19:23:16.0624 3252        HidIr - ok

19:23:16.0733 3252        hidserv         (84067081f3318162797385e11a8f0582) C:\Windows\system32\hidserv.dll

19:23:16.0764 3252        hidserv - ok

19:23:16.0827 3252        HidUsb          (3c64042b95e583b366ba4e5d2450235e) C:\Windows\system32\drivers\hidusb.sys

19:23:16.0858 3252        HidUsb - ok

19:23:16.0951 3252        hkmsvc          (d8ad255b37da92434c26e4876db7d418) C:\Windows\system32\kmsvc.dll

19:23:16.0983 3252        hkmsvc - ok

19:23:17.0029 3252        HpCISSs         (16ee7b23a009e00d835cdb79574a91a6) C:\Windows\system32\drivers\hpcisss.sys

19:23:17.0045 3252        HpCISSs - ok

19:23:17.0154 3252        HTTP            (f870aa3e254628ebeafe754108d664de) C:\Windows\system32\drivers\HTTP.sys

19:23:17.0185 3252        HTTP - ok

19:23:17.0263 3252        i2omp           (c6b032d69650985468160fc9937cf5b4) C:\Windows\system32\drivers\i2omp.sys

19:23:17.0263 3252        i2omp - ok

19:23:17.0341 3252        i8042prt        (22d56c8184586b7a1f6fa60be5f5a2bd) C:\Windows\system32\DRIVERS\i8042prt.sys

19:23:17.0373 3252        i8042prt - ok

19:23:17.0435 3252        IAANTMON        (e03216d695cdc2d223afc0cab4498888) C:\Program Files\Intel\Intel Matrix Storage Manager\IAANTMon.exe

19:23:17.0466 3252        IAANTMON - ok

19:23:17.0591 3252        iaStor          (9f1220113a3a7f4f08042c699324d073) C:\Windows\system32\DRIVERS\iaStor.sys

19:23:17.0607 3252        iaStor - ok

19:23:17.0653 3252        iaStorV         (54155ea1b0df185878e0fc9ec3ac3a14) C:\Windows\system32\drivers\iastorv.sys

19:23:17.0669 3252        iaStorV - ok

19:23:17.0763 3252        idsvc           (98477b08e61945f974ed9fdc4cb6bdab) C:\Windows\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\infocard.exe

19:23:17.0841 3252        idsvc - ok

19:23:17.0950 3252        iirsp           (2d077bf86e843f901d8db709c95b49a5) C:\Windows\system32\drivers\iirsp.sys

19:23:17.0965 3252        iirsp - ok

19:23:18.0075 3252        IKEEXT          (9908d8a397b76cd8d31d0d383c5773c9) C:\Windows\System32\ikeext.dll

19:23:18.0121 3252        IKEEXT - ok

19:23:18.0277 3252        IntcAzAudAddService (ffd2b3bc042596abe785d3c15f51ab46) C:\Windows\system32\drivers\RTKVHDA.sys

19:23:18.0340 3252        IntcAzAudAddService - ok

19:23:18.0605 3252        intelide        (83aa759f3189e6370c30de5dc5590718) C:\Windows\system32\drivers\intelide.sys

19:23:18.0621 3252        intelide - ok

19:23:18.0714 3252        intelppm        (224191001e78c89dfa78924c3ea595ff) C:\Windows\system32\DRIVERS\intelppm.sys

19:23:18.0761 3252        intelppm - ok

19:23:18.0870 3252        IPBusEnum       (9ac218c6e6105477484c6fdbe7d409a4) C:\Windows\system32\ipbusenum.dll

19:23:18.0901 3252        IPBusEnum - ok

19:23:18.0995 3252        IpFilterDriver  (62c265c38769b864cb25b4bcf62df6c3) C:\Windows\system32\DRIVERS\ipfltdrv.sys

19:23:19.0042 3252        IpFilterDriver - ok

19:23:19.0151 3252        iphlpsvc        (1998bd97f950680bb55f55a7244679c2) C:\Windows\System32\iphlpsvc.dll

19:23:19.0167 3252        iphlpsvc - ok

19:23:19.0260 3252        IpInIp - ok

19:23:19.0307 3252        IPMIDRV         (b25aaf203552b7b3491139d582b39ad1) C:\Windows\system32\drivers\ipmidrv.sys

19:23:19.0338 3252        IPMIDRV - ok

19:23:19.0447 3252        IPNAT           (8793643a67b42cec66490b2a0cf92d68) C:\Windows\system32\DRIVERS\ipnat.sys

19:23:19.0494 3252        IPNAT - ok

19:23:19.0557 3252        iPod Service    (ce004777b92dea56fe14ec900d20baa4) C:\Program Files\iPod\bin\iPodService.exe

19:23:19.0588 3252        iPod Service - ok

19:23:19.0666 3252        IRENUM          (109c0dfb82c3632fbd11949b73aeeac9) C:\Windows\system32\drivers\irenum.sys

19:23:19.0713 3252        IRENUM - ok

19:23:19.0806 3252        isapnp          (6c70698a3e5c4376c6ab5c7c17fb0614) C:\Windows\system32\drivers\isapnp.sys

19:23:19.0822 3252        isapnp - ok

19:23:19.0931 3252        iScsiPrt        (232fa340531d940aac623b121a595034) C:\Windows\system32\DRIVERS\msiscsi.sys

19:23:19.0947 3252        iScsiPrt - ok

19:23:20.0040 3252        iteatapi        (bced60d16156e428f8df8cf27b0df150) C:\Windows\system32\drivers\iteatapi.sys

19:23:20.0056 3252        iteatapi - ok

19:23:20.0134 3252        iteraid         (06fa654504a498c30adca8bec4e87e7e) C:\Windows\system32\drivers\iteraid.sys

19:23:20.0149 3252        iteraid - ok

19:23:20.0259 3252        kbdclass        (37605e0a8cf00cbba538e753e4344c6e) C:\Windows\system32\DRIVERS\kbdclass.sys

19:23:20.0259 3252        kbdclass - ok

19:23:20.0352 3252        kbdhid          (18247836959ba67e3511b62846b9c2e0) C:\Windows\system32\drivers\kbdhid.sys

19:23:20.0383 3252        kbdhid - ok

19:23:20.0508 3252        KeyIso          (a3e186b4b935905b829219502557314e) C:\Windows\system32\lsass.exe

19:23:20.0524 3252        KeyIso - ok

19:23:20.0664 3252        KSecDD          (2b2f1638466e8cb091400c9019cc730e) C:\Windows\system32\Drivers\ksecdd.sys

19:23:20.0680 3252        KSecDD - ok

19:23:20.0789 3252        KtmRm           (8078f8f8f7a79e2e6b494523a828c585) C:\Windows\system32\msdtckrm.dll

19:23:20.0867 3252        KtmRm - ok

19:23:20.0992 3252        LanmanServer    (1bf5eebfd518dd7298434d8c862f825d) C:\Windows\system32\srvsvc.dll

19:23:21.0007 3252        LanmanServer - ok

19:23:21.0101 3252        LanmanWorkstation (1db69705b695b987082c8baec0c6b34f) C:\Windows\System32\wkssvc.dll

19:23:21.0132 3252        LanmanWorkstation - ok

19:23:21.0257 3252        LgBttPort       (4dd47b5af0b24871ebb9efc012a7474e) C:\Windows\system32\DRIVERS\lgbtport.sys

19:23:21.0273 3252        LgBttPort - ok

19:23:21.0382 3252        lgbusenum       (1d038ca6c529203087a990e5e97887b4) C:\Windows\system32\DRIVERS\lgbtbus.sys

19:23:21.0413 3252        lgbusenum - ok

19:23:21.0522 3252        LGVMODEM        (26f1976a330195d62a6224c76968cf0d) C:\Windows\system32\DRIVERS\lgvmodem.sys

19:23:21.0538 3252        LGVMODEM - ok

19:23:21.0647 3252        lltdio          (d1c5883087a0c3f1344d9d55a44901f6) C:\Windows\system32\DRIVERS\lltdio.sys

19:23:21.0678 3252        lltdio - ok

19:23:21.0772 3252        lltdsvc         (2d5a428872f1442631d0959a34abff63) C:\Windows\System32\lltdsvc.dll

19:23:21.0819 3252        lltdsvc - ok

19:23:21.0912 3252        lmhosts         (35d40113e4a5b961b6ce5c5857702518) C:\Windows\System32\lmhsvc.dll

19:23:21.0943 3252        lmhosts - ok

19:23:22.0053 3252        LSI_FC          (c7e15e82879bf3235b559563d4185365) C:\Windows\system32\drivers\lsi_fc.sys

19:23:22.0068 3252        LSI_FC - ok

19:23:22.0177 3252        LSI_SAS         (ee01ebae8c9bf0fa072e0ff68718920a) C:\Windows\system32\drivers\lsi_sas.sys

19:23:22.0177 3252        LSI_SAS - ok

19:23:22.0287 3252        LSI_SCSI        (912a04696e9ca30146a62afa1463dd5c) C:\Windows\system32\drivers\lsi_scsi.sys

19:23:22.0302 3252        LSI_SCSI - ok

19:23:22.0396 3252        luafv           (8f5c7426567798e62a3b3614965d62cc) C:\Windows\system32\drivers\luafv.sys

19:23:22.0427 3252        luafv - ok

19:23:22.0521 3252        MBAMProtector   (fb097bbc1a18f044bd17bd2fccf97865) C:\Windows\system32\drivers\mbam.sys

19:23:22.0536 3252        MBAMProtector - ok

19:23:22.0614 3252        MBAMService     (ba400ed640bca1eae5c727ae17c10207) C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe

19:23:22.0645 3252        MBAMService - ok

19:23:22.0739 3252        Mcx2Svc         (aef9babb8a506bc4ce0451a64aaded46) C:\Windows\system32\Mcx2Svc.dll

19:23:22.0770 3252        Mcx2Svc - ok

19:23:22.0864 3252        megasas         (0001ce609d66632fa17b84705f658879) C:\Windows\system32\drivers\megasas.sys

19:23:22.0879 3252        megasas - ok

19:23:22.0989 3252        MegaSR          (c252f32cd9a49dbfc25ecf26ebd51a99) C:\Windows\system32\drivers\megasr.sys

19:23:23.0020 3252        MegaSR - ok

19:23:23.0082 3252        Microsoft SharePoint Workspace Audit Service - ok

19:23:23.0145 3252        MMCSS           (1076ffcffaae8385fd62dfcb25ac4708) C:\Windows\system32\mmcss.dll

19:23:23.0191 3252        MMCSS - ok

19:23:23.0301 3252        Modem           (e13b5ea0f51ba5b1512ec671393d09ba) C:\Windows\system32\drivers\modem.sys

19:23:23.0332 3252        Modem - ok

19:23:23.0441 3252        monitor         (0a9bb33b56e294f686abb7c1e4e2d8a8) C:\Windows\system32\DRIVERS\monitor.sys

19:23:23.0457 3252        monitor - ok

19:23:23.0566 3252        mouclass        (5bf6a1326a335c5298477754a506d263) C:\Windows\system32\DRIVERS\mouclass.sys

19:23:23.0581 3252        mouclass - ok

19:23:23.0675 3252        mouhid          (93b8d4869e12cfbe663915502900876f) C:\Windows\system32\drivers\mouhid.sys

19:23:23.0706 3252        mouhid - ok

19:23:23.0815 3252        MountMgr        (bdafc88aa6b92f7842416ea6a48e1600) C:\Windows\system32\drivers\mountmgr.sys

19:23:23.0831 3252        MountMgr - ok

19:23:23.0893 3252        mpio            (511d011289755dd9f9a7579fb0b064e6) C:\Windows\system32\drivers\mpio.sys

19:23:23.0909 3252        mpio - ok

19:23:24.0003 3252        mpsdrv          (22241feba9b2defa669c8cb0a8dd7d2e) C:\Windows\system32\drivers\mpsdrv.sys

19:23:24.0034 3252        mpsdrv - ok

19:23:24.0143 3252        MpsSvc          (5de62c6e9108f14f6794060a9bdecaec) C:\Windows\system32\mpssvc.dll

19:23:24.0174 3252        MpsSvc - ok

19:23:24.0268 3252        Mraid35x        (4fbbb70d30fd20ec51f80061703b001e) C:\Windows\system32\drivers\mraid35x.sys

19:23:24.0283 3252        Mraid35x - ok

19:23:24.0408 3252        MRxDAV          (82cea0395524aacfeb58ba1448e8325c) C:\Windows\system32\drivers\mrxdav.sys

19:23:24.0439 3252        MRxDAV - ok

19:23:24.0549 3252        mrxsmb          (1e94971c4b446ab2290deb71d01cf0c2) C:\Windows\system32\DRIVERS\mrxsmb.sys

19:23:24.0595 3252        mrxsmb - ok

19:23:24.0720 3252        mrxsmb10        (4fccb34d793b116423209c0f8b7a3b03) C:\Windows\system32\DRIVERS\mrxsmb10.sys

19:23:24.0736 3252        mrxsmb10 - ok

19:23:24.0861 3252        mrxsmb20        (c3cb1b40ad4a0124d617a1199b0b9d7c) C:\Windows\system32\DRIVERS\mrxsmb20.sys

19:23:24.0892 3252        mrxsmb20 - ok

19:23:25.0001 3252        msahci          (28023e86f17001f7cd9b15a5bc9ae07d) C:\Windows\system32\drivers\msahci.sys

19:23:25.0017 3252        msahci - ok

19:23:25.0110 3252        msdsm           (4468b0f385a86ecddaf8d3ca662ec0e7) C:\Windows\system32\drivers\msdsm.sys

19:23:25.0126 3252        msdsm - ok

19:23:25.0204 3252        MSDTC           (fd7520cc3a80c5fc8c48852bb24c6ded) C:\Windows\System32\msdtc.exe

19:23:25.0235 3252        MSDTC - ok

19:23:25.0344 3252        Msfs            (a9927f4a46b816c92f461acb90cf8515) C:\Windows\system32\drivers\Msfs.sys

19:23:25.0375 3252        Msfs - ok

19:23:25.0469 3252        msisadrv        (0f400e306f385c56317357d6dea56f62) C:\Windows\system32\drivers\msisadrv.sys

19:23:25.0485 3252        msisadrv - ok

19:23:25.0578 3252        MSiSCSI         (85466c0757a23d9a9aecdc0755203cb2) C:\Windows\system32\iscsiexe.dll

19:23:25.0625 3252        MSiSCSI - ok

19:23:25.0719 3252        msiserver - ok

19:23:25.0812 3252        MSKSSRV         (d8c63d34d9c9e56c059e24ec7185cc07) C:\Windows\system32\drivers\MSKSSRV.sys

19:23:25.0843 3252        MSKSSRV - ok

19:23:25.0937 3252        MSPCLOCK        (1d373c90d62ddb641d50e55b9e78d65e) C:\Windows\system32\drivers\MSPCLOCK.sys

19:23:25.0984 3252        MSPCLOCK - ok

19:23:26.0077 3252        MSPQM           (b572da05bf4e098d4bba3a4734fb505b) C:\Windows\system32\drivers\MSPQM.sys

19:23:26.0124 3252        MSPQM - ok

19:23:26.0249 3252        MsRPC           (b49456d70555de905c311bcda6ec6adb) C:\Windows\system32\drivers\MsRPC.sys

19:23:26.0265 3252        MsRPC - ok

19:23:26.0358 3252        mssmbios        (e384487cb84be41d09711c30ca79646c) C:\Windows\system32\DRIVERS\mssmbios.sys

19:23:26.0374 3252        mssmbios - ok

19:23:26.0467 3252        MSTEE           (7199c1eec1e4993caf96b8c0a26bd58a) C:\Windows\system32\drivers\MSTEE.sys

19:23:26.0514 3252        MSTEE - ok

19:23:26.0623 3252        Mup             (6a57b5733d4cb702c8ea4542e836b96c) C:\Windows\system32\Drivers\mup.sys

19:23:26.0639 3252        Mup - ok

19:23:26.0748 3252        napagent        (e4eaf0c5c1b41b5c83386cf212ca9584) C:\Windows\system32\qagentRT.dll

19:23:26.0779 3252        napagent - ok

19:23:26.0889 3252        NativeWifiP     (85c44fdff9cf7e72a40dcb7ec06a4416) C:\Windows\system32\DRIVERS\nwifi.sys

19:23:26.0904 3252        NativeWifiP - ok

19:23:27.0013 3252        NDIS            (1357274d1883f68300aeadd15d7bbb42) C:\Windows\system32\drivers\ndis.sys

19:23:27.0045 3252        NDIS - ok

19:23:27.0138 3252        NdisTapi        (0e186e90404980569fb449ba7519ae61) C:\Windows\system32\DRIVERS\ndistapi.sys

19:23:27.0169 3252        NdisTapi - ok

19:23:27.0263 3252        Ndisuio         (d6973aa34c4d5d76c0430b181c3cd389) C:\Windows\system32\DRIVERS\ndisuio.sys

19:23:27.0310 3252        Ndisuio - ok

19:23:27.0419 3252        NdisWan         (818f648618ae34f729fdb47ec68345c3) C:\Windows\system32\DRIVERS\ndiswan.sys

19:23:27.0450 3252        NdisWan - ok

19:23:27.0575 3252        NDProxy         (71dab552b41936358f3b541ae5997fb3) C:\Windows\system32\drivers\NDProxy.sys

19:23:27.0591 3252        NDProxy - ok

19:23:27.0700 3252        NetBIOS         (bcd093a5a6777cf626434568dc7dba78) C:\Windows\system32\DRIVERS\netbios.sys

19:23:27.0731 3252        NetBIOS - ok

19:23:27.0856 3252        netbt           (ecd64230a59cbd93c85f1cd1cab9f3f6) C:\Windows\system32\DRIVERS\netbt.sys

19:23:27.0887 3252        netbt - ok

19:23:27.0981 3252        Netlogon        (a3e186b4b935905b829219502557314e) C:\Windows\system32\lsass.exe

19:23:27.0996 3252        Netlogon - ok

19:23:28.0090 3252        Netman          (c8052711daecc48b982434c5116ca401) C:\Windows\System32\netman.dll

19:23:28.0121 3252        Netman - ok

19:23:28.0215 3252        netprofm        (2ef3bbe22e5a5acd1428ee387a0d0172) C:\Windows\System32\netprofm.dll

19:23:28.0261 3252        netprofm - ok

19:23:28.0386 3252        netr28          (b05ffe38336193a9b988b00b230c5b80) C:\Windows\system32\DRIVERS\netr28.sys

19:23:28.0402 3252        netr28 - ok

19:23:28.0480 3252        NetTcpPortSharing (d6c4e4a39a36029ac0813d476fbd0248) C:\Windows\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\SMSvcHost.exe

19:23:28.0495 3252        NetTcpPortSharing - ok

19:23:28.0605 3252        nfrd960         (2e7fb731d4790a1bc6270accefacb36e) C:\Windows\system32\drivers\nfrd960.sys

19:23:28.0620 3252        nfrd960 - ok

19:23:28.0714 3252        NlaSvc          (2997b15415f9bbe05b5a4c1c85e0c6a2) C:\Windows\System32\nlasvc.dll

19:23:28.0761 3252        NlaSvc - ok

19:23:28.0870 3252        Npfs            (d36f239d7cce1931598e8fb90a0dbc26) C:\Windows\system32\drivers\Npfs.sys

19:23:28.0885 3252        Npfs - ok

19:23:28.0979 3252        nsi             (8bb86f0c7eea2bded6fe095d0b4ca9bd) C:\Windows\system32\nsisvc.dll

19:23:29.0026 3252        nsi - ok

19:23:29.0119 3252        nsiproxy        (609773e344a97410ce4ebf74a8914fcf) C:\Windows\system32\drivers\nsiproxy.sys

19:23:29.0151 3252        nsiproxy - ok

19:23:29.0291 3252        Ntfs            (6a4a98cee84cf9e99564510dda4baa47) C:\Windows\system32\drivers\Ntfs.sys

19:23:29.0369 3252        Ntfs - ok

19:23:29.0463 3252        ntrigdigi       (e875c093aec0c978a90f30c9e0dfbb72) C:\Windows\system32\drivers\ntrigdigi.sys

19:23:29.0525 3252        ntrigdigi - ok

19:23:29.0650 3252        Null            (c5dbbcda07d780bda9b685df333bb41e) C:\Windows\system32\drivers\Null.sys

19:23:29.0681 3252        Null - ok

19:23:29.0775 3252        NVHDA           (11be4b269549173cff542591e4be2c08) C:\Windows\system32\drivers\nvhda32v.sys

19:23:29.0775 3252        NVHDA - ok

19:23:30.0040 3252        nvlddmkm        (440690da4358d9682dbcc56da7d419ab) C:\Windows\system32\DRIVERS\nvlddmkm.sys

19:23:30.0321 3252        nvlddmkm - ok

19:23:30.0430 3252        nvraid          (2edf9e7751554b42cbb60116de727101) C:\Windows\system32\drivers\nvraid.sys

19:23:30.0445 3252        nvraid - ok

19:23:30.0555 3252        nvstor          (abed0c09758d1d97db0042dbb2688177) C:\Windows\system32\drivers\nvstor.sys

19:23:30.0555 3252        nvstor - ok

19:23:30.0679 3252        nvsvc           (11e1dc466c3e384c1a697b95dc5aa785) C:\Windows\system32\nvvsvc.exe

19:23:30.0695 3252        nvsvc - ok

19:23:30.0835 3252        nv_agp          (18bbdf913916b71bd54575bdb6eeac0b) C:\Windows\system32\drivers\nv_agp.sys

19:23:30.0851 3252        nv_agp - ok

19:23:30.0929 3252        NwlnkFlt - ok

19:23:31.0054 3252        NwlnkFwd - ok

19:23:31.0163 3252        ohci1394        (be32da025a0be1878f0ee8d6d9386cd5) C:\Windows\system32\drivers\ohci1394.sys

19:23:31.0210 3252        ohci1394 - ok

19:23:31.0288 3252        ose             (9d10f99a6712e28f8acd5641e3a7ea6b) C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE

19:23:31.0303 3252        ose - ok

19:23:31.0491 3252        osppsvc         (358a9cca612c68eb2f07ddad4ce1d8d7) C:\Program Files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE

19:23:32.0052 3252        osppsvc - ok

19:23:32.0255 3252        p2pimsvc        (0c8e8e61ad1eb0b250b846712c917506) C:\Windows\system32\p2psvc.dll

19:23:32.0302 3252        p2pimsvc - ok

19:23:32.0333 3252        p2psvc          (0c8e8e61ad1eb0b250b846712c917506) C:\Windows\system32\p2psvc.dll

19:23:32.0380 3252        p2psvc - ok

19:23:32.0458 3252        Parport         (0fa9b5055484649d63c303fe404e5f4d) C:\Windows\system32\drivers\parport.sys

19:23:32.0520 3252        Parport - ok

19:23:32.0614 3252        partmgr         (57389fa59a36d96b3eb09d0cb91e9cdc) C:\Windows\system32\drivers\partmgr.sys

19:23:32.0629 3252        partmgr - ok

19:23:32.0676 3252        Parvdm          (4f9a6a8a31413180d0fcb279ad5d8112) C:\Windows\system32\drivers\parvdm.sys

19:23:32.0707 3252        Parvdm - ok

19:23:32.0754 3252        PcaSvc          (c6276ad11f4bb49b58aa1ed88537f14a) C:\Windows\System32\pcasvc.dll

19:23:32.0785 3252        PcaSvc - ok

19:23:32.0879 3252        pci             (941dc1d19e7e8620f40bbc206981efdb) C:\Windows\system32\drivers\pci.sys

19:23:32.0879 3252        pci - ok

19:23:32.0957 3252        pciide          (fc175f5ddab666d7f4d17449a547626f) C:\Windows\system32\drivers\pciide.sys

19:23:32.0973 3252        pciide - ok

19:23:33.0004 3252        pcmcia          (e6f3fb1b86aa519e7698ad05e58b04e5) C:\Windows\system32\drivers\pcmcia.sys

19:23:33.0019 3252        pcmcia - ok

19:23:33.0097 3252        PEAUTH          (6349f6ed9c623b44b52ea3c63c831a92) C:\Windows\system32\drivers\peauth.sys

19:23:33.0175 3252        PEAUTH - ok

19:23:33.0285 3252        pla             (b1689df169143f57053f795390c99db3) C:\Windows\system32\pla.dll

19:23:33.0363 3252        pla - ok

19:23:33.0425 3252        PlugPlay        (c5e7f8a996ec0a82d508fd9064a5569e) C:\Windows\system32\umpnpmgr.dll

19:23:33.0456 3252        PlugPlay - ok

19:23:33.0550 3252        PNRPAutoReg     (0c8e8e61ad1eb0b250b846712c917506) C:\Windows\system32\p2psvc.dll

19:23:33.0581 3252        PNRPAutoReg - ok

19:23:33.0612 3252        PNRPsvc         (0c8e8e61ad1eb0b250b846712c917506) C:\Windows\system32\p2psvc.dll

19:23:33.0628 3252        PNRPsvc - ok

19:23:33.0737 3252        PolicyAgent     (d0494460421a03cd5225cca0059aa146) C:\Windows\System32\ipsecsvc.dll

19:23:33.0784 3252        PolicyAgent - ok

19:23:33.0831 3252        PptpMiniport    (ecfffaec0c1ecd8dbc77f39070ea1db1) C:\Windows\system32\DRIVERS\raspptp.sys

19:23:33.0862 3252        PptpMiniport - ok

19:23:33.0924 3252        Processor       (2027293619dd0f047c584cf2e7df4ffd) C:\Windows\system32\drivers\processr.sys

19:23:33.0955 3252        Processor - ok

19:23:34.0049 3252        ProfSvc         (0508faa222d28835310b7bfca7a77346) C:\Windows\system32\profsvc.dll

19:23:34.0080 3252        ProfSvc - ok

19:23:34.0127 3252        ProtectedStorage (a3e186b4b935905b829219502557314e) C:\Windows\system32\lsass.exe

19:23:34.0143 3252        ProtectedStorage - ok

19:23:34.0221 3252        PSched          (99514faa8df93d34b5589187db3aa0ba) C:\Windows\system32\DRIVERS\pacer.sys

19:23:34.0252 3252        PSched - ok

19:23:34.0361 3252        ql2300          (0a6db55afb7820c99aa1f3a1d270f4f6) C:\Windows\system32\drivers\ql2300.sys

19:23:34.0423 3252        ql2300 - ok

19:23:34.0486 3252        ql40xx          (81a7e5c076e59995d54bc1ed3a16e60b) C:\Windows\system32\drivers\ql40xx.sys

19:23:34.0501 3252        ql40xx - ok

19:23:34.0564 3252        QWAVE           (e9ecae663f47e6cb43962d18ab18890f) C:\Windows\system32\qwave.dll

19:23:34.0579 3252        QWAVE - ok

19:23:34.0626 3252        QWAVEdrv        (9f5e0e1926014d17486901c88eca2db7) C:\Windows\system32\drivers\qwavedrv.sys

19:23:34.0626 3252        QWAVEdrv - ok

19:23:34.0689 3252        RasAcd          (147d7f9c556d259924351feb0de606c3) C:\Windows\system32\DRIVERS\rasacd.sys

19:23:34.0720 3252        RasAcd - ok

19:23:34.0782 3252        RasAuto         (f6a452eb4ceadbb51c9e0ee6b3ecef0f) C:\Windows\System32\rasauto.dll

19:23:34.0798 3252        RasAuto - ok

19:23:34.0860 3252        Rasl2tp         (a214adbaf4cb47dd2728859ef31f26b0) C:\Windows\system32\DRIVERS\rasl2tp.sys

19:23:34.0891 3252        Rasl2tp - ok

19:23:34.0969 3252        RasMan          (75d47445d70ca6f9f894b032fbc64fcf) C:\Windows\System32\rasmans.dll

19:23:35.0001 3252        RasMan - ok

19:23:35.0079 3252        RasPppoe        (509a98dd18af4375e1fc40bc175f1def) C:\Windows\system32\DRIVERS\raspppoe.sys

19:23:35.0094 3252        RasPppoe - ok

19:23:35.0157 3252        RasSstp         (2005f4a1e05fa09389ac85840f0a9e4d) C:\Windows\system32\DRIVERS\rassstp.sys

19:23:35.0172 3252        RasSstp - ok

19:23:35.0250 3252        rdbss           (b14c9d5b9add2f84f70570bbbfaa7935) C:\Windows\system32\DRIVERS\rdbss.sys

19:23:35.0281 3252        rdbss - ok

19:23:35.0344 3252        RDPCDD          (89e59be9a564262a3fb6c4f4f1cd9899) C:\Windows\system32\DRIVERS\RDPCDD.sys

19:23:35.0375 3252        RDPCDD - ok

19:23:35.0422 3252        rdpdr           (fbc0bacd9c3d7f6956853f64a66e252d) C:\Windows\system32\drivers\rdpdr.sys

19:23:35.0453 3252        rdpdr - ok

19:23:35.0484 3252        RDPENCDD        (9d91fe5286f748862ecffa05f8a0710c) C:\Windows\system32\drivers\rdpencdd.sys

19:23:35.0515 3252        RDPENCDD - ok

19:23:35.0609 3252        RDPWD           (79c6df8477250f5c54f7c5ae1d6b814e) C:\Windows\system32\drivers\RDPWD.sys

19:23:35.0625 3252        RDPWD - ok

19:23:35.0703 3252        RemoteAccess    (bcdd6b4804d06b1f7ebf29e53a57ece9) C:\Windows\System32\mprdim.dll

19:23:35.0734 3252        RemoteAccess - ok

19:23:35.0796 3252        RemoteRegistry  (9e6894ea18daff37b63e1005f83ae4ab) C:\Windows\system32\regsvc.dll

19:23:35.0827 3252        RemoteRegistry - ok

19:23:35.0890 3252        RFCOMM          (34cc78c06587718c2ad6d3aa83b1f072) C:\Windows\system32\DRIVERS\rfcomm.sys

19:23:35.0921 3252        RFCOMM - ok

19:23:35.0999 3252        RpcLocator      (5123f83cbc4349d065534eeb6bbdc42b) C:\Windows\system32\locator.exe

19:23:36.0030 3252        RpcLocator - ok

19:23:36.0124 3252        RpcSs           (3b5b4d53fec14f7476ca29a20cc31ac9) C:\Windows\system32\rpcss.dll

19:23:36.0155 3252        RpcSs - ok

19:23:36.0217 3252        rspndr          (9c508f4074a39e8b4b31d27198146fad) C:\Windows\system32\DRIVERS\rspndr.sys

19:23:36.0264 3252        rspndr - ok

19:23:36.0342 3252        RTL8169         (2d19a7469ea19993d0c12e627f4530bc) C:\Windows\system32\DRIVERS\Rtlh86.sys

19:23:36.0358 3252        RTL8169 - ok

19:23:36.0420 3252        RTSTOR          (b0538dea03e088b80482ca939f4e8740) C:\Windows\system32\drivers\RTSTOR.SYS

19:23:36.0420 3252        RTSTOR - ok

19:23:36.0483 3252        SamSs           (a3e186b4b935905b829219502557314e) C:\Windows\system32\lsass.exe

19:23:36.0498 3252        SamSs - ok

19:23:36.0561 3252        sbp2port        (3ce8f073a557e172b330109436984e30) C:\Windows\system32\drivers\sbp2port.sys

19:23:36.0561 3252        sbp2port - ok

19:23:36.0654 3252        SCardSvr        (77b7a11a0c3d78d3386398fbbea1b632) C:\Windows\System32\SCardSvr.dll

19:23:36.0685 3252        SCardSvr - ok

19:23:36.0795 3252        Schedule        (1a58069db21d05eb2ab58ee5753ebe8d) C:\Windows\system32\schedsvc.dll

19:23:36.0826 3252        Schedule - ok

19:23:36.0904 3252        SCPolicySvc     (312ec3e37a0a1f2006534913e37b4423) C:\Windows\System32\certprop.dll

19:23:36.0919 3252        SCPolicySvc - ok

19:23:36.0966 3252        SDRSVC          (716313d9f6b0529d03f726d5aaf6f191) C:\Windows\System32\SDRSVC.dll

19:23:36.0982 3252        SDRSVC - ok

19:23:37.0060 3252        secdrv          (90a3935d05b494a5a39d37e71f09a677) C:\Windows\system32\drivers\secdrv.sys

19:23:37.0107 3252        secdrv - ok

19:23:37.0153 3252        seclogon        (fd5199d4d8a521005e4b5ee7fe00fa9b) C:\Windows\system32\seclogon.dll

19:23:37.0200 3252        seclogon - ok

19:23:37.0263 3252        SENS            (a9bbab5759771e523f55563d6cbe140f) C:\Windows\System32\sens.dll

19:23:37.0309 3252        SENS - ok

19:23:37.0372 3252        Serenum         (68e44e331d46f0fb38f0863a84cd1a31) C:\Windows\system32\drivers\serenum.sys

19:23:37.0419 3252        Serenum - ok

19:23:37.0481 3252        Serial          (c70d69a918b178d3c3b06339b40c2e1b) C:\Windows\system32\drivers\serial.sys

19:23:37.0543 3252        Serial - ok

19:23:37.0590 3252        sermouse        (8af3d28a879bf75db53a0ee7a4289624) C:\Windows\system32\drivers\sermouse.sys

19:23:37.0606 3252        sermouse - ok

19:23:37.0684 3252        SessionEnv      (d2193326f729b163125610dbf3e17d57) C:\Windows\system32\sessenv.dll

19:23:37.0715 3252        SessionEnv - ok

19:23:37.0793 3252        sffdisk         (3efa810bdca87f6ecc24f9832243fe86) C:\Windows\system32\drivers\sffdisk.sys

19:23:37.0809 3252        sffdisk - ok

19:23:37.0871 3252        sffp_mmc        (e95d451f7ea3e583aec75f3b3ee42dc5) C:\Windows\system32\drivers\sffp_mmc.sys

19:23:37.0887 3252        sffp_mmc - ok

19:23:37.0949 3252        sffp_sd         (3d0ea348784b7ac9ea9bd9f317980979) C:\Windows\system32\drivers\sffp_sd.sys

19:23:37.0980 3252        sffp_sd - ok

19:23:38.0043 3252        sfloppy         (46ed8e91793b2e6f848015445a0ac188) C:\Windows\system32\drivers\sfloppy.sys

19:23:38.0089 3252        sfloppy - ok

19:23:38.0152 3252        SharedAccess    (e1499bd0ff76b1b2fbbf1af339d91165) C:\Windows\System32\ipnathlp.dll

19:23:38.0183 3252        SharedAccess - ok

19:23:38.0261 3252        ShellHWDetection (c7230fbee14437716701c15be02c27b8) C:\Windows\System32\shsvcs.dll

19:23:38.0277 3252        ShellHWDetection - ok

19:23:38.0355 3252        sisagp          (1d76624a09a054f682d746b924e2dbc3) C:\Windows\system32\drivers\sisagp.sys

19:23:38.0370 3252        sisagp - ok

19:23:38.0417 3252        SiSRaid2        (43cb7aa756c7db280d01da9b676cfde2) C:\Windows\system32\drivers\sisraid2.sys

19:23:38.0433 3252        SiSRaid2 - ok

19:23:38.0464 3252        SiSRaid4        (a99c6c8b0baa970d8aa59ddc50b57f94) C:\Windows\system32\drivers\sisraid4.sys

19:23:38.0479 3252        SiSRaid4 - ok

19:23:38.0620 3252        slsvc           (862bb4cbc05d80c5b45be430e5ef872f) C:\Windows\system32\SLsvc.exe

19:23:38.0776 3252        slsvc - ok

19:23:38.0869 3252        SLUINotify      (6edc422215cd78aa8a9cde6b30abbd35) C:\Windows\system32\SLUINotify.dll

19:23:38.0901 3252        SLUINotify - ok

19:23:38.0963 3252        Smb             (7b75299a4d201d6a6533603d6914ab04) C:\Windows\system32\DRIVERS\smb.sys

19:23:38.0994 3252        Smb - ok

19:23:39.0072 3252        SNMPTRAP        (2a146a055b4401c16ee62d18b8e2a032) C:\Windows\System32\snmptrap.exe

19:23:39.0088 3252        SNMPTRAP - ok

19:23:39.0150 3252        spldr           (7aebdeef071fe28b0eef2cdd69102bff) C:\Windows\system32\drivers\spldr.sys

19:23:39.0166 3252        spldr - ok

19:23:39.0213 3252        Spooler         (8554097e5136c3bf9f69fe578a1b35f4) C:\Windows\System32\spoolsv.exe

19:23:39.0244 3252        Spooler - ok

19:23:39.0306 3252        srv             (41987f9fc0e61adf54f581e15029ad91) C:\Windows\system32\DRIVERS\srv.sys

19:23:39.0322 3252        srv - ok

19:23:39.0400 3252        srv2            (ff33aff99564b1aa534f58868cbe41ef) C:\Windows\system32\DRIVERS\srv2.sys

19:23:39.0415 3252        srv2 - ok

19:23:39.0462 3252        srvnet          (7605c0e1d01a08f3ecd743f38b834a44) C:\Windows\system32\DRIVERS\srvnet.sys

19:23:39.0478 3252        srvnet - ok

19:23:39.0525 3252        SSDPSRV         (03d50b37234967433a5ea5ba72bc0b62) C:\Windows\System32\ssdpsrv.dll

19:23:39.0571 3252        SSDPSRV - ok

19:23:39.0634 3252        ssmdrv          (a36ee93698802cd899f98bfd553d8185) C:\Windows\system32\DRIVERS\ssmdrv.sys

19:23:39.0649 3252        ssmdrv - ok

19:23:39.0727 3252        SstpSvc         (6f1a32e7b7b30f004d9a20afadb14944) C:\Windows\system32\sstpsvc.dll

19:23:39.0743 3252        SstpSvc - ok

19:23:39.0821 3252        stisvc          (5de7d67e49b88f5f07f3e53c4b92a352) C:\Windows\System32\wiaservc.dll

19:23:39.0852 3252        stisvc - ok

19:23:39.0915 3252        swenum          (7ba58ecf0c0a9a69d44b3dca62becf56) C:\Windows\system32\DRIVERS\swenum.sys

19:23:39.0915 3252        swenum - ok

19:23:39.0977 3252        swprv           (f21fd248040681cca1fb6c9a03aaa93d) C:\Windows\System32\swprv.dll

19:23:40.0008 3252        swprv - ok

19:23:40.0086 3252        Symc8xx         (192aa3ac01df071b541094f251deed10) C:\Windows\system32\drivers\symc8xx.sys

19:23:40.0102 3252        Symc8xx - ok

19:23:40.0149 3252        Sym_hi          (8c8eb8c76736ebaf3b13b633b2e64125) C:\Windows\system32\drivers\sym_hi.sys

19:23:40.0164 3252        Sym_hi - ok

19:23:40.0211 3252        Sym_u3          (8072af52b5fd103bbba387a1e49f62cb) C:\Windows\system32\drivers\sym_u3.sys

19:23:40.0227 3252        Sym_u3 - ok

19:23:40.0273 3252        SynTP           (55f6e55cc2430ca8713387106fa79817) C:\Windows\system32\DRIVERS\SynTP.sys

19:23:40.0273 3252        SynTP - ok

19:23:40.0383 3252        SysMain         (9a51b04e9886aa4ee90093586b0ba88d) C:\Windows\system32\sysmain.dll

19:23:40.0414 3252        SysMain - ok

19:23:40.0476 3252        TabletInputService (2dca225eae15f42c0933e998ee0231c3) C:\Windows\System32\TabSvc.dll

19:23:40.0492 3252        TabletInputService - ok

19:23:40.0539 3252        TapiSrv         (d7673e4b38ce21ee54c59eeeb65e2483) C:\Windows\System32\tapisrv.dll

19:23:40.0585 3252        TapiSrv - ok

19:23:40.0617 3252        TBS             (cb05822cd9cc6c688168e113c603dbe7) C:\Windows\System32\tbssvc.dll

19:23:40.0663 3252        TBS - ok

19:23:40.0788 3252        Tcpip           (814a1c66fbd4e1b310a517221f1456bf) C:\Windows\system32\drivers\tcpip.sys

19:23:40.0851 3252        Tcpip - ok

19:23:40.0944 3252        Tcpip6          (814a1c66fbd4e1b310a517221f1456bf) C:\Windows\system32\DRIVERS\tcpip.sys

19:23:40.0991 3252        Tcpip6 - ok

19:23:41.0116 3252        tcpipreg        (608c345a255d82a6289c2d468eb41fd7) C:\Windows\system32\drivers\tcpipreg.sys

19:23:41.0131 3252        tcpipreg - ok

19:23:41.0163 3252        TDPIPE          (5dcf5e267be67a1ae926f2df77fbcc56) C:\Windows\system32\drivers\tdpipe.sys

19:23:41.0209 3252        TDPIPE - ok

19:23:41.0272 3252        TDTCP           (389c63e32b3cefed425b61ed92d3f021) C:\Windows\system32\drivers\tdtcp.sys

19:23:41.0287 3252        TDTCP - ok

19:23:41.0381 3252        tdx             (76b06eb8a01fc8624d699e7045303e54) C:\Windows\system32\DRIVERS\tdx.sys

19:23:41.0397 3252        tdx - ok

19:23:41.0459 3252        TermDD          (3cad38910468eab9a6479e2f01db43c7) C:\Windows\system32\DRIVERS\termdd.sys

19:23:41.0475 3252        TermDD - ok

19:23:41.0553 3252        TermService     (bb95da09bef6e7a131bff3ba5032090d) C:\Windows\System32\termsrv.dll

19:23:41.0599 3252        TermService - ok

19:23:41.0740 3252        Themes          (c7230fbee14437716701c15be02c27b8) C:\Windows\system32\shsvcs.dll

19:23:41.0755 3252        Themes - ok

19:23:41.0802 3252        THREADORDER     (1076ffcffaae8385fd62dfcb25ac4708) C:\Windows\system32\mmcss.dll

19:23:41.0833 3252        THREADORDER - ok

19:23:41.0880 3252        TrkWks          (ec74e77d0eb004bd3a809b5f8fb8c2ce) C:\Windows\System32\trkwks.dll

19:23:41.0911 3252        TrkWks - ok

19:23:41.0958 3252        TrustedInstaller (97d9d6a04e3ad9b6c626b9931db78dba) C:\Windows\servicing\TrustedInstaller.exe

19:23:41.0974 3252        TrustedInstaller - ok

19:23:42.0067 3252        tssecsrv        (dcf0f056a2e4f52287264f5ab29cf206) C:\Windows\system32\DRIVERS\tssecsrv.sys

19:23:42.0114 3252        tssecsrv - ok

19:23:42.0177 3252        tunmp           (caecc0120ac49e3d2f758b9169872d38) C:\Windows\system32\DRIVERS\tunmp.sys

19:23:42.0192 3252        tunmp - ok

19:23:42.0255 3252        tunnel          (300db877ac094feab0be7688c3454a9c) C:\Windows\system32\DRIVERS\tunnel.sys

19:23:42.0270 3252        tunnel - ok

19:23:42.0364 3252        uagp35          (7d33c4db2ce363c8518d2dfcf533941f) C:\Windows\system32\drivers\uagp35.sys

19:23:42.0379 3252        uagp35 - ok

19:23:42.0457 3252        udfs            (d9728af68c4c7693cb100b8441cbdec6) C:\Windows\system32\DRIVERS\udfs.sys

19:23:42.0473 3252        udfs - ok

19:23:42.0535 3252        UI0Detect       (ecef404f62863755951e09c802c94ad5) C:\Windows\system32\UI0Detect.exe

19:23:42.0582 3252        UI0Detect - ok

19:23:42.0676 3252        uliagpkx        (b0acfdc9e4af279e9116c03e014b2b27) C:\Windows\system32\drivers\uliagpkx.sys

19:23:42.0691 3252        uliagpkx - ok

19:23:42.0738 3252        uliahci         (9224bb254f591de4ca8d572a5f0d635c) C:\Windows\system32\drivers\uliahci.sys

19:23:42.0754 3252        uliahci - ok

19:23:42.0801 3252        UlSata          (8514d0e5cd0534467c5fc61be94a569f) C:\Windows\system32\drivers\ulsata.sys

19:23:42.0816 3252        UlSata - ok

19:23:42.0847 3252        ulsata2         (38c3c6e62b157a6bc46594fada45c62b) C:\Windows\system32\drivers\ulsata2.sys

19:23:42.0863 3252        ulsata2 - ok

19:23:42.0972 3252        umbus           (32cff9f809ae9aed85464492bf3e32d2) C:\Windows\system32\DRIVERS\umbus.sys

19:23:42.0988 3252        umbus - ok

19:23:43.0050 3252        upnphost        (68308183f4ae0be7bf8ecd07cb297999) C:\Windows\System32\upnphost.dll

19:23:43.0081 3252        upnphost - ok

19:23:43.0128 3252        USBAAPL         (83cafcb53201bbac04d822f32438e244) C:\Windows\system32\Drivers\usbaapl.sys

19:23:43.0144 3252        USBAAPL ( UnsignedFile.Multi.Generic ) - warning

19:23:43.0144 3252        USBAAPL - detected UnsignedFile.Multi.Generic (1)

19:23:43.0222 3252        usbbus          (9419faac6552a51542dbba02971c841c) C:\Windows\system32\DRIVERS\lgusbbus.sys

19:23:43.0253 3252        usbbus - ok

19:23:43.0315 3252        usbccgp         (caf811ae4c147ffcd5b51750c7f09142) C:\Windows\system32\DRIVERS\usbccgp.sys

19:23:43.0347 3252        usbccgp - ok

19:23:43.0393 3252        usbcir          (e9476e6c486e76bc4898074768fb7131) C:\Windows\system32\drivers\usbcir.sys

19:23:43.0440 3252        usbcir - ok

19:23:43.0487 3252        UsbDiag         (c0a466fa4ffec464320e159bc1bbdc0c) C:\Windows\system32\DRIVERS\lgusbdiag.sys

19:23:43.0518 3252        UsbDiag - ok

19:23:43.0612 3252        usbehci         (79e96c23a97ce7b8f14d310da2db0c9b) C:\Windows\system32\DRIVERS\usbehci.sys

19:23:43.0643 3252        usbehci - ok

19:23:43.0690 3252        usbhub          (4673bbcb006af60e7abddbe7a130ba42) C:\Windows\system32\DRIVERS\usbhub.sys

19:23:43.0737 3252        usbhub - ok

19:23:43.0799 3252        USBModem        (f74a54774a9b0afeb3c40adec68aa600) C:\Windows\system32\DRIVERS\lgusbmodem.sys

19:23:43.0830 3252        USBModem - ok

19:23:43.0908 3252        usbohci         (38dbc7dd6cc5a72011f187425384388b) C:\Windows\system32\drivers\usbohci.sys

19:23:43.0971 3252        usbohci - ok

19:23:44.0033 3252        usbprint        (e75c4b5269091d15a2e7dc0b6d35f2f5) C:\Windows\system32\DRIVERS\usbprint.sys

19:23:44.0064 3252        usbprint - ok

19:23:44.0111 3252        USBSTOR         (be3da31c191bc222d9ad503c5224f2ad) C:\Windows\system32\DRIVERS\USBSTOR.SYS

19:23:44.0142 3252        USBSTOR - ok

19:23:44.0236 3252        usbuhci         (814d653efc4d48be3b04a307eceff56f) C:\Windows\system32\DRIVERS\usbuhci.sys

19:23:44.0267 3252        usbuhci - ok

19:23:44.0329 3252        usbvideo        (e67998e8f14cb0627a769f6530bcb352) C:\Windows\system32\Drivers\usbvideo.sys

19:23:44.0376 3252        usbvideo - ok

19:23:44.0423 3252        UxSms           (1509e705f3ac1d474c92454a5c2dd81f) C:\Windows\System32\uxsms.dll

19:23:44.0470 3252        UxSms - ok

19:23:44.0579 3252        vds             (cd88d1b7776dc17a119049742ec07eb4) C:\Windows\System32\vds.exe

19:23:44.0626 3252        vds - ok

19:23:44.0688 3252        vga             (87b06e1f30b749a114f74622d013f8d4) C:\Windows\system32\DRIVERS\vgapnp.sys

19:23:44.0719 3252        vga - ok

19:23:44.0797 3252        VgaSave         (2e93ac0a1d8c79d019db6c51f036636c) C:\Windows\System32\drivers\vga.sys

19:23:44.0844 3252        VgaSave - ok

19:23:44.0891 3252        viaagp          (5d7159def58a800d5781ba3a879627bc) C:\Windows\system32\drivers\viaagp.sys

19:23:44.0891 3252        viaagp - ok

19:23:44.0969 3252        ViaC7           (c4f3a691b5bad343e6249bd8c2d45dee) C:\Windows\system32\drivers\viac7.sys

19:23:45.0000 3252        ViaC7 - ok

19:23:45.0031 3252        viaide          (aadf5587a4063f52c2c3fed7887426fc) C:\Windows\system32\drivers\viaide.sys

19:23:45.0047 3252        viaide - ok

19:23:45.0125 3252        volmgr          (69503668ac66c77c6cd7af86fbdf8c43) C:\Windows\system32\drivers\volmgr.sys

19:23:45.0125 3252        volmgr - ok

19:23:45.0203 3252        volmgrx         (23e41b834759917bfd6b9a0d625d0c28) C:\Windows\system32\drivers\volmgrx.sys

19:23:45.0219 3252        volmgrx - ok

19:23:45.0297 3252        volsnap         (147281c01fcb1df9252de2a10d5e7093) C:\Windows\system32\drivers\volsnap.sys

19:23:45.0312 3252        volsnap - ok

19:23:45.0390 3252        vsmraid         (587253e09325e6bf226b299774b728a9) C:\Windows\system32\drivers\vsmraid.sys

19:23:45.0406 3252        vsmraid - ok

19:23:45.0484 3252        VSS             (db3d19f850c6eb32bdcb9bc0836acddb) C:\Windows\system32\vssvc.exe

19:23:45.0546 3252        VSS - ok

19:23:45.0671 3252        W32Time         (96ea68b9eb310a69c25ebb0282b2b9de) C:\Windows\system32\w32time.dll

19:23:45.0702 3252        W32Time - ok

19:23:45.0780 3252        WacomPen        (48dfee8f1af7c8235d4e626f0c4fe031) C:\Windows\system32\drivers\wacompen.sys

19:23:45.0811 3252        WacomPen - ok

19:23:45.0889 3252        Wanarp          (55201897378cca7af8b5efd874374a26) C:\Windows\system32\DRIVERS\wanarp.sys

19:23:45.0921 3252        Wanarp - ok

19:23:45.0921 3252        Wanarpv6        (55201897378cca7af8b5efd874374a26) C:\Windows\system32\DRIVERS\wanarp.sys

19:23:45.0936 3252        Wanarpv6 - ok

19:23:46.0014 3252        wcncsvc         (a3cd60fd826381b49f03832590e069af) C:\Windows\System32\wcncsvc.dll

19:23:46.0045 3252        wcncsvc - ok

19:23:46.0108 3252        WcsPlugInService (11bcb7afcdd7aadacb5746f544d3a9c7) C:\Windows\System32\WcsPlugInService.dll

19:23:46.0139 3252        WcsPlugInService - ok

19:23:46.0248 3252        Wd              (78fe9542363f297b18c027b2d7e7c07f) C:\Windows\system32\drivers\wd.sys

19:23:46.0264 3252        Wd - ok

19:23:46.0295 3252        Wdf01000        (b6f0a7ad6d4bd325fbcd8bac96cd8d96) C:\Windows\system32\drivers\Wdf01000.sys

19:23:46.0326 3252        Wdf01000 - ok

19:23:46.0342 3252        WdiServiceHost  (abfc76b48bb6c96e3338d8943c5d93b5) C:\Windows\system32\wdi.dll

19:23:46.0373 3252        WdiServiceHost - ok

19:23:46.0373 3252        WdiSystemHost   (abfc76b48bb6c96e3338d8943c5d93b5) C:\Windows\system32\wdi.dll

19:23:46.0404 3252        WdiSystemHost - ok

19:23:46.0529 3252        WebClient       (04c37d8107320312fbae09926103d5e2) C:\Windows\System32\webclnt.dll

19:23:46.0560 3252        WebClient - ok

19:23:46.0607 3252        Wecsvc          (ae3736e7e8892241c23e4ebbb7453b60) C:\Windows\system32\wecsvc.dll

19:23:46.0638 3252        Wecsvc - ok

19:23:46.0732 3252        wercplsupport   (670ff720071ed741206d69bd995ea453) C:\Windows\System32\wercplsupport.dll

19:23:46.0747 3252        wercplsupport - ok

19:23:46.0810 3252        WerSvc          (32b88481d3b326da6deb07b1d03481e7) C:\Windows\System32\WerSvc.dll

19:23:46.0857 3252        WerSvc - ok

19:23:46.0919 3252        WimFltr         (f9ad3a5e3fd7e0bdb18b8202b0fdd4e4) C:\Windows\system32\DRIVERS\wimfltr.sys

19:23:46.0935 3252        WimFltr - ok

19:23:46.0997 3252        WinDefend       (4575aa12561c5648483403541d0d7f2b) C:\Program Files\Windows Defender\mpsvc.dll

19:23:47.0013 3252        WinDefend - ok

19:23:47.0028 3252        WinHttpAutoProxySvc - ok

19:23:47.0122 3252        Winmgmt         (6b2a1d0e80110e3d04e6863c6e62fd8a) C:\Windows\system32\wbem\WMIsvc.dll

19:23:47.0153 3252        Winmgmt - ok

19:23:47.0231 3252        WinRM           (7cfe68bdc065e55aa5e8421607037511) C:\Windows\system32\WsmSvc.dll

19:23:47.0325 3252        WinRM - ok

19:23:47.0434 3252        Wlansvc         (c008405e4feeb069e30da1d823910234) C:\Windows\System32\wlansvc.dll

19:23:47.0449 3252        Wlansvc - ok

19:23:47.0543 3252        WmiAcpi         (2e7255d172df0b8283cdfb7b433b864e) C:\Windows\system32\DRIVERS\wmiacpi.sys

19:23:47.0559 3252        WmiAcpi - ok

19:23:47.0621 3252        wmiApSrv        (43be3875207dcb62a85c8c49970b66cc) C:\Windows\system32\wbem\WmiApSrv.exe

19:23:47.0652 3252        wmiApSrv - ok

19:23:47.0730 3252        WMPNetworkSvc   (3978704576a121a9204f8cc49a301a9b) C:\Program Files\Windows Media Player\wmpnetwk.exe

19:23:47.0793 3252        WMPNetworkSvc - ok

19:23:47.0886 3252        WPCSvc          (cfc5a04558f5070cee3e3a7809f3ff52) C:\Windows\System32\wpcsvc.dll

19:23:47.0917 3252        WPCSvc - ok

19:23:47.0995 3252        WPDBusEnum      (801fbdb89d472b3c467eb112a0fc9246) C:\Windows\system32\wpdbusenum.dll

19:23:48.0011 3252        WPDBusEnum - ok

19:23:48.0105 3252        WpdUsb          (de9d36f91a4df3d911626643debf11ea) C:\Windows\system32\DRIVERS\wpdusb.sys

19:23:48.0120 3252        WpdUsb - ok

19:23:48.0276 3252        WPFFontCache_v0400 (dcf3e3edf5109ee8bc02fe6e1f045795) C:\Windows\Microsoft.NET\Framework\v4.0.30319\WPF\WPFFontCache_v0400.exe

19:23:48.0292 3252        WPFFontCache_v0400 - ok

19:23:48.0417 3252        ws2ifsl         (e3a3cb253c0ec2494d4a61f5e43a389c) C:\Windows\system32\drivers\ws2ifsl.sys

19:23:48.0432 3252        ws2ifsl - ok

19:23:48.0541 3252        wscsvc          (1ca6c40261ddc0425987980d0cd2aaab) C:\Windows\System32\wscsvc.dll

19:23:48.0557 3252        wscsvc - ok

19:23:48.0635 3252        WSearch - ok

19:23:48.0713 3252        WSVD            (b7f30c50a2e6e46822cd388608e06bb4) C:\Windows\system32\drivers\WSVD.sys

19:23:48.0713 3252        WSVD - ok

19:23:48.0853 3252        wuauserv        (6298277b73c77fa99106b271a7525163) C:\Windows\system32\wuaueng.dll

19:23:48.0947 3252        wuauserv - ok

19:23:49.0009 3252        WUDFRd          (ac13cb789d93412106b0fb6c7eb2bcb6) C:\Windows\system32\DRIVERS\WUDFRd.sys

19:23:49.0041 3252        WUDFRd - ok

19:23:49.0134 3252        wudfsvc         (575a4190d989f64732119e4114045a4f) C:\Windows\System32\WUDFSvc.dll

19:23:49.0150 3252        wudfsvc - ok

19:23:49.0181 3252        MBR (0x1B8)     (c8c6dc722d4ef7ca320585d4bd90474e) \Device\Harddisk0\DR0

19:23:52.0317 3252        \Device\Harddisk0\DR0 - ok

19:23:52.0348 3252        Boot (0x1200)   (270b3243ae81a193ddeddfaa453c2f38) \Device\Harddisk0\DR0\Partition0

19:23:52.0348 3252        \Device\Harddisk0\DR0\Partition0 - ok

19:23:52.0379 3252        Boot (0x1200)   (56838bff36871812752f8d6c6bebc618) \Device\Harddisk0\DR0\Partition1

19:23:52.0379 3252        \Device\Harddisk0\DR0\Partition1 - ok

19:23:52.0379 3252        ============================================================

19:23:52.0379 3252        Scan finished

19:23:52.0379 3252        ============================================================

19:23:52.0379 5192        Detected object count: 2

19:23:52.0379 5192        Actual detected object count: 2

19:26:05.0166 5192        FirebirdServerMAGIXInstance ( UnsignedFile.Multi.Generic ) - skipped by user

19:26:05.0166 5192        FirebirdServerMAGIXInstance ( UnsignedFile.Multi.Generic ) - User select action: Skip 

19:26:05.0166 5192        USBAAPL ( UnsignedFile.Multi.Generic ) - skipped by user

19:26:05.0166 5192        USBAAPL ( UnsignedFile.Multi.Generic ) - User select action: Skip

Dann bitte jetzt CF ausführen:

ComboFix

Ein Leitfaden und Tutorium zur Nutzung von ComboFix

Lade dir ComboFix hier herunter auf deinen Desktop.

Schliesse alle Programme, vor allem dein Antivirenprogramm und andere Hintergrundwächter sowie deinen Internetbrowser.

Starte combofix.exe von deinem Desktop aus, bestätige die Warnmeldungen, führe die Updates durch (falls vorgeschlagen), installiere die Wiederherstellungskonsole (falls vorgeschlagen) und lass dein System durchsuchen.
Vermeide es auch während Combofix läuft die Maus und Tastatur zu benutzen.

Im Anschluss öffnet sich automatisch eine combofix.txt, diesen Inhalt bitte kopieren ([Strg]a, [Strg]c) und in deinen Beitrag einfügen ([Strg]v). Die Datei findest du außerdem unter: C:\ComboFix.txt.

Wichtiger Hinweis:

Combofix darf ausschließlich ausgeführt werden, wenn ein Kompetenzler dies ausdrücklich empfohlen hat!

Es sollte nie auf eigene Initiative hin ausgeführt werden! Eine falsche Benutzung kann ernsthafte Computerprobleme nach sich ziehen und eine Bereinigung der Infektion noch erschweren.

Solltest du nach der Ausführung von Combofix Probleme beim Starten von Anwendungen haben und Meldungen erhalten wie

Zitat:

Es wurde versucht, einen Registrierungsschlüssel einem ungültigen Vorgang zu unterziehen, der zum Löschen markiert wurde.

startest du Windows dann manuell neu und die Fehlermeldungen sollten nicht mehr auftauchen.

erledigt:

Combofix Logfile:

Code:

ComboFix 12-04-22.01 - ******* 22.04.2012  16:56:32.1.2 - x86

Microsoft® Windows Vista™ Home Premium   6.0.6002.2.1252.49.1031.18.3068.1897 [GMT 2:00]

ausgeführt von:: c:\users\*******\Desktop\ComboFix.exe

AV: Avira Desktop *Disabled/Updated* {F67B4DE5-C0B4-6C3F-0EFF-6C83BD5D0C2C}

SP: Avira Desktop *Disabled/Updated* {4D1AAC01-E68E-63B1-344F-57F1C6DA4691}

SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}

.

.

((((((((((((((((((((((((((((((((((((   Weitere Löschungen   ))))))))))))))))))))))))))))))))))))))))))))))))

.

.

c:\windows\lgcenter.ini

.

.

(((((((((((((((((((((((   Dateien erstellt von 2012-03-22 bis 2012-04-22  ))))))))))))))))))))))))))))))

.

.

2012-04-22 15:02 . 2012-04-22 15:02        --------        d-----w-        c:\users\Gast\AppData\Local\temp

2012-04-22 15:02 . 2012-04-22 15:02        --------        d-----w-        c:\users\Default\AppData\Local\temp

2012-04-21 16:36 . 2012-04-21 16:36        --------        d-----w-        C:\_OTL

2012-04-21 09:33 . 2012-04-13 07:36        6734704        ----a-w-        c:\programdata\Microsoft\Windows Defender\Definition Updates\{3D078AEC-A0AC-4195-81AF-A71F7B86D66C}\mpengine.dll

2012-04-15 14:18 . 2012-04-15 14:54        418464        ----a-w-        c:\windows\system32\FlashPlayerApp.exe

2012-04-14 20:02 . 2012-04-14 20:02        --------        d-----w-        c:\program files\ESET

2012-04-11 01:10 . 2012-02-29 15:11        5120        ----a-w-        c:\windows\system32\wmi.dll

2012-04-11 01:10 . 2012-02-29 15:11        172032        ----a-w-        c:\windows\system32\wintrust.dll

2012-04-11 01:10 . 2012-02-29 15:09        157696        ----a-w-        c:\windows\system32\imagehlp.dll

2012-04-11 01:10 . 2012-02-29 13:32        12800        ----a-w-        c:\windows\system32\drivers\fs_rec.sys

2012-04-11 01:09 . 2012-03-06 06:39        3602816        ----a-w-        c:\windows\system32\ntkrnlpa.exe

2012-04-11 01:09 . 2012-03-06 06:39        3550080        ----a-w-        c:\windows\system32\ntoskrnl.exe

2012-04-11 01:02 . 2012-04-11 01:02        --------        d-----w-        c:\users\Default\AppData\Local\Microsoft Help

2012-04-07 18:41 . 2012-04-07 18:41        --------        d-----w-        c:\program files\7-Zip

2012-04-07 17:04 . 2012-04-07 17:04        --------        d-----w-        c:\programdata\WindowsSearch

2012-04-05 19:59 . 2012-04-06 23:31        --------        d-----w-        c:\users\*******\Ebooks_Calibre

2012-04-05 19:58 . 2012-04-05 20:08        --------        d-----w-        c:\users\*******\AppData\Roaming\calibre

2012-04-05 19:58 . 2012-04-05 19:58        --------        d-----w-        c:\program files\Calibre2

2012-03-29 18:26 . 2012-03-29 18:28        --------        d-----w-        c:\program files\ALDI Bestellsoftware

2012-03-28 16:10 . 2012-03-28 16:10        --------        d-----w-        c:\program files\iPod

2012-03-28 16:10 . 2012-03-28 16:11        --------        d-----w-        c:\program files\iTunes

2012-03-28 09:00 . 2012-02-02 15:16        2044416        ----a-w-        c:\windows\system32\win32k.sys

2012-03-28 09:00 . 2012-02-14 15:45        219648        ----a-w-        c:\windows\system32\d3d10_1core.dll

2012-03-28 09:00 . 2012-02-14 15:45        160768        ----a-w-        c:\windows\system32\d3d10_1.dll

2012-03-28 09:00 . 2012-02-13 14:12        1172480        ----a-w-        c:\windows\system32\d3d10warp.dll

2012-03-28 09:00 . 2012-02-13 13:47        683008        ----a-w-        c:\windows\system32\d2d1.dll

2012-03-28 09:00 . 2012-02-13 13:44        1068544        ----a-w-        c:\windows\system32\DWrite.dll

2012-03-28 09:00 . 2012-01-09 15:54        613376        ----a-w-        c:\windows\system32\rdpencom.dll

2012-03-28 09:00 . 2012-01-09 13:58        180736        ----a-w-        c:\windows\system32\drivers\rdpwd.sys

.

.

.

((((((((((((((((((((((((((((((((((((   Find3M Bericht   ))))))))))))))))))))))))))))))))))))))))))))))))))))))

.

2012-04-15 14:54 . 2012-02-26 20:07        70304        ----a-w-        c:\windows\system32\FlashPlayerCPLApp.cpl

2012-02-23 08:18 . 2009-10-03 19:41        237072        ------w-        c:\windows\system32\MpSigStub.exe

2012-02-17 12:38 . 2011-11-27 21:31        137416        ----a-w-        c:\windows\system32\drivers\avipbb.sys

2012-02-14 10:09 . 2012-02-14 10:09        1070352        ----a-w-        c:\windows\system32\MSCOMCTL.OCX

2009-05-01 21:02 . 2009-05-01 21:02        1044480        ----a-w-        c:\program files\mozilla firefox\plugins\libdivx.dll

2009-05-01 21:02 . 2009-05-01 21:02        200704        ----a-w-        c:\program files\mozilla firefox\plugins\ssldivx.dll

.

.

((((((((((((((((((((((((((((   Autostartpunkte der Registrierung   ))))))))))))))))))))))))))))))))))))))))

.

.

*Hinweis* leere Einträge & legitime Standardeinträge werden nicht angezeigt. 

REGEDIT4

.

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"ehTray.exe"="c:\windows\ehome\ehTray.exe" [2008-01-21 125952]

"Sidebar"="c:\program files\Windows Sidebar\sidebar.exe" [2009-04-11 1233920]

"iCloudServices"="c:\program files\Common Files\Apple\Internet Services\iCloudServices.exe" [2011-11-11 59240]

"ApplePhotoStreams"="c:\program files\Common Files\Apple\Internet Services\ApplePhotoStreams.exe" [2011-11-11 59240]

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"KeybdUtility"="c:\program files\LG Software\LG OSD\HotKey.exe" [2008-06-09 2867200]

"SynTPEnh"="c:\program files\Synaptics\SynTP\SynTPEnh.exe" [2007-12-07 1029416]

"RtHDVCpl"="RtHDVCpl.exe" [2008-04-17 6111232]

"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2008-06-10 13543968]

"NvMediaCenter"="c:\windows\system32\NvMcTray.dll" [2008-06-10 92704]

"IAAnotif"="c:\program files\Intel\Intel Matrix Storage Manager\iaanotif.exe" [2008-04-21 178712]

"UCam_Menu"="c:\program files\CyberLink\YouCam\MUITransfer\MUIStartMenu.exe" [2007-09-14 222504]

"FreePDF Assistant"="c:\program files\FreePDF_XP\fpassist.exe" [2008-07-22 357376]

"AppleSyncNotifier"="c:\program files\Common Files\Apple\Mobile Device Support\AppleSyncNotifier.exe" [2011-10-05 59240]

"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2011-06-08 37296]

"Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2011-03-30 937920]

"APSDaemon"="c:\program files\Common Files\Apple\Apple Application Support\APSDaemon.exe" [2012-02-20 59240]

"BCSSync"="c:\program files\Microsoft Office\Office14\BCSSync.exe" [2010-03-13 91520]

"SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2011-06-09 254696]

"avgnt"="c:\program files\Avira\AntiVir Desktop\avgnt.exe" [2011-10-19 258512]

"QuickTime Task"="c:\program files\QuickTime\QTTask.exe" [2011-10-24 421888]

"iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2012-03-06 421736]

.

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]

"EnableUIADesktopToggle"= 0 (0x0)

.

R3 AdobeFlashPlayerUpdateSvc;Adobe Flash Player Update Service;c:\windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [2012-04-15 253088]

.

.

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]

bthsvcs        REG_MULTI_SZ           BthServ

LocalServiceAndNoImpersonation        REG_MULTI_SZ           FontCache

.

Inhalt des "geplante Tasks" Ordners

.

2012-04-22 c:\windows\Tasks\Adobe Flash Player Updater.job

- c:\windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [2012-04-15 14:54]

.

2012-04-22 c:\windows\Tasks\User_Feed_Synchronization-{79CDFA36-96EB-4BAB-8459-53F9FFBDCA6D}.job

- c:\windows\system32\msfeedssync.exe [2012-04-10 08:09]

.

.

------- Zusätzlicher Suchlauf -------

.

uStart Page = hxxp://www.google.de/

uInternet Settings,ProxyOverride = *.local

IE: An OneNote s&enden - c:\progra~1\MICROS~2\Office14\ONBttnIE.dll/105

IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~2\Office12\EXCEL.EXE/3000

IE: Free YouTube Download - c:\users\*******\AppData\Roaming\DVDVideoSoftIEHelpers\youtubedownload.htm

IE: Free YouTube to Mp3 Converter - c:\users\*******\AppData\Roaming\DVDVideoSoftIEHelpers\freeyoutubetomp3converter.htm

IE: Nach Microsoft E&xcel exportieren - c:\progra~1\MICROS~2\Office14\EXCEL.EXE/3000

TCP: DhcpNameServer = 192.168.1.1 193.189.244.194 193.189.244.202

.

.

**************************************************************************

.

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, hxxp://www.gmer.net

Rootkit scan 2012-04-22 17:02

Windows 6.0.6002 Service Pack 2 NTFS

.

Scanne versteckte Prozesse... 

.

Scanne versteckte Autostarteinträge... 

.

Scanne versteckte Dateien... 

.

Scan erfolgreich abgeschlossen

versteckte Dateien: 0

.

**************************************************************************

.

--------------------- Gesperrte Registrierungsschluessel ---------------------

.

[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]

@Denied: (A) (Users)

@Denied: (A) (Everyone)

@Allowed: (B 1 2 3 4 5) (S-1-5-20)

"BlindDial"=dword:00000000

.

[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0001\AllUserSettings]

@Denied: (A) (Users)

@Denied: (A) (Everyone)

@Allowed: (B 1 2 3 4 5) (S-1-5-20)

"BlindDial"=dword:00000000

.

[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0002\AllUserSettings]

@Denied: (A) (Users)

@Denied: (A) (Everyone)

@Allowed: (B 1 2 3 4 5) (S-1-5-20)

"BlindDial"=dword:00000000

.

[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0003\AllUserSettings]

@Denied: (A) (Users)

@Denied: (A) (Everyone)

@Allowed: (B 1 2 3 4 5) (S-1-5-20)

"BlindDial"=dword:00000000

.

Zeit der Fertigstellung: 2012-04-22  17:05:20

ComboFix-quarantined-files.txt  2012-04-22 15:05

.

Vor Suchlauf: 10 Verzeichnis(se), 91.971.915.776 Bytes frei

Nach Suchlauf: 13 Verzeichnis(se), 91.905.998.848 Bytes frei

.

- - End Of File - - 85F8D72C4C9EF4CEBF00CDFD9AF5063E

--- --- ---

Bitte nun Logs mit GMER und OSAM erstellen und posten.
GMER stürzt häufiger ab, wenn das Tool auch beim 2. Mal nicht will, lass es einfach weg und führ nur OSAM aus - die Online-Abfrage durch OSAM bitte überspringen.
Bei OSAM bitte darauf auch achten, dass Du das Log auch als *.log und nicht *.html oder so abspeicherst.

Hinweis: Zum Entpacken von OSAM bitte WinRAR oder 7zip verwenden! Stell auch unbedingt den Virenscanner ab, besonders der Scanner von McAfee meldet oft einen Fehalarm in OSAM!

Downloade dir bitte

aswMBR.exe und speichere die Datei auf deinem Desktop.

Starte die aswMBR.exe - (aswMBR.exe Anleitung)
Ab Windows Vista (oder höher) bitte mit Rechtsklick "als Administrator ausführen" starten".
Das Tool wird dich fragen, ob Du mit der aktuellen Virendefinition von AVAST! dein System scannen willst. Beantworte diese Frage bitte mit Ja. (Sollte deine Firewall fragen, bitte den Zugriff auf das Internet zulassen )
Der Download der Definitionen kann je nach Verbindung eine Weile dauern.
Klicke auf Scan.
Warte bitte bis Scan finished successfully im DOS-Fenster steht.
Drücke auf Save Log und speichere diese auf dem Desktop.

Poste mir die aswMBR.txt in deiner nächsten Antwort.

Wichtig: Drücke keinesfalls einen der Fix Buttons ohne Anweisung

Hinweis: Sollte der Scan Button ausgeblendet sein, schließe das Tool und starte es erneut. Sollte der Scan abbrechen und das Programm abstürzen, dann teile mir das mit und wähle unter AV Scan die Einstellung (none).

Noch ein Hinweis: Sollte aswMBR abstürzen und es kommt eine Meldung wie "aswMBR.exe funktioniert nicht mehr, dann mach Folgendes:
Starte aswMBR neu, wähle unten links im Drop-Down-Menü (unten links im Fenster von aswMBR) bei "AV scan" (none) aus und klick nochmal auf den Scan-Button.

So, einmal das GMER:

GMER Logfile:

Code:

GMER 1.0.15.15641 - hxxp://www.gmer.net

Rootkit scan 2012-04-27 18:16:20

Windows 6.0.6002 Service Pack 2 Harddisk0\DR0 -> \Device\Ide\IAAStorageDevice-1 FUJITSU_ rev.0000

Running: 3ncid3re.exe; Driver: C:\Users\*******\AppData\Local\Temp\pxliifow.sys
 
 

---- System - GMER 1.0.15 ----
 

SSDT            8D5609F6                                                                                                ZwCreateSection

SSDT            8D560A00                                                                                                ZwRequestWaitReplyPort

SSDT            8D5609FB                                                                                                ZwSetContextThread

SSDT            8D560A05                                                                                                ZwSetSecurityObject

SSDT            8D560A0A                                                                                                ZwSystemDebugControl

SSDT            8D560997                                                                                                ZwTerminateProcess
 

---- Kernel code sections - GMER 1.0.15 ----
 

.text           ntkrnlpa.exe!KeSetEvent + 215                                                                           828F0998 4 Bytes  [F6, 09, 56, 8D]

.text           ntkrnlpa.exe!KeSetEvent + 539                                                                           828F0CBC 4 Bytes  [00, 0A, 56, 8D]

.text           ntkrnlpa.exe!KeSetEvent + 56D                                                                           828F0CF0 4 Bytes  [FB, 09, 56, 8D] {STI ; OR [ESI-0x73], EDX}

.text           ntkrnlpa.exe!KeSetEvent + 5D1                                                                           828F0D54 4 Bytes  [05, 0A, 56, 8D]

.text           ntkrnlpa.exe!KeSetEvent + 619                                                                           828F0D9C 4 Bytes  [0A, 0A, 56, 8D]

.text           ...                                                                                                     

.text           C:\Windows\system32\DRIVERS\nvlddmkm.sys                                                                section is writeable [0x8E60E340, 0x3E9407, 0xE8000020]
 

---- Devices - GMER 1.0.15 ----
 

AttachedDevice  \Driver\kbdclass \Device\KeyboardClass0                                                                 Wdf01000.sys (WDF Dynamic/Microsoft Corporation)

AttachedDevice  \Driver\kbdclass \Device\KeyboardClass1                                                                 Wdf01000.sys (WDF Dynamic/Microsoft Corporation)

AttachedDevice  \FileSystem\fastfat \Fat                                                                                fltmgr.sys (Microsoft Dateisystem-Filter-Manager/Microsoft Corporation)

---- Processes - GMER 1.0.15 ----
 

Library         C:\Users\*******\Desktop\3ncid3re.exe (*** hidden *** ) @ C:\Users\Martina\Desktop\3ncid3re.exe [5840]  0x00400000                                                               
 

---- Registry - GMER 1.0.15 ----
 

Reg             HKLM\SYSTEM\CurrentControlSet\Services\BTHPORT\Parameters\Keys\000df052969b                             

Reg             HKLM\SYSTEM\ControlSet002\Services\BTHPORT\Parameters\Keys\000df052969b (not active ControlSet)         
 

---- EOF - GMER 1.0.15 ----

--- --- ---

und einmal das OSAM:

OSAM Logfile:

Code:

Report of OSAM: Autorun Manager v5.0.11926.0

hxxp://www.online-solutions.ru/en/

Saved at 18:22:52 on 27.04.2012
 

OS: Windows Vista Home Premium Edition Service Pack 2 (Build 6002), 32-bit

Default Browser: Microsoft Corporation Internet Explorer 8.00.6001.18702
 

Scanner Settings

[x] Rootkits detection (hidden registry)

[x] Rootkits detection (hidden files)

[x] Retrieve files information

[x] Check Microsoft signatures
 

Filters

[ ] Trusted entries

[ ] Empty entries

[x] Hidden registry entries (rootkit activity)

[x] Exclusively opened files

[x] Not found files

[x] Files without detailed information

[x] Existing files

[ ] Non-startable services

[ ] Non-startable drivers

[x] Active entries

[x] Disabled entries
 
 

[Common]

-----( %SystemRoot%\Tasks )-----

"Adobe Flash Player Updater.job" - "Adobe Systems Incorporated" - C:\Windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe
 

[Control Panel Objects]

-----( %SystemRoot%\system32 )-----

"FlashPlayerCPLApp.cpl" - "Adobe Systems Incorporated" - C:\Windows\system32\FlashPlayerCPLApp.cpl

-----( HKLM\Software\Microsoft\Windows\CurrentVersion\Control Panel\Cpls )-----

"mlcfg32.cpl" - "Microsoft Corporation" - C:\PROGRA~1\MICROS~2\Office14\MLCFG32.CPL

"QuickTime" - "Apple Inc." - C:\Program Files\QuickTime\QTSystem\QuickTime.cpl
 

[Drivers]

-----( HKLM\SYSTEM\CurrentControlSet\Services )-----

"Apple Mobile USB Driver" (USBAAPL) - "Apple, Inc." - C:\Windows\System32\Drivers\usbaapl.sys

"avgntflt" (avgntflt) - "Avira GmbH" - C:\Windows\System32\DRIVERS\avgntflt.sys

"avipbb" (avipbb) - "Avira GmbH" - C:\Windows\System32\DRIVERS\avipbb.sys

"avkmgr" (avkmgr) - "Avira GmbH" - C:\Windows\System32\DRIVERS\avkmgr.sys

"catchme" (catchme) - ? - C:\Users\Martina\AppData\Local\Temp\catchme.sys  (File not found)

"IP in IP Tunnel Driver" (IpInIp) - ? - C:\Windows\System32\DRIVERS\ipinip.sys  (File not found)

"IPX Traffic Filter Driver" (NwlnkFlt) - ? - C:\Windows\System32\DRIVERS\nwlnkflt.sys  (File not found)

"IPX Traffic Forwarder Driver" (NwlnkFwd) - ? - C:\Windows\System32\DRIVERS\nwlnkfwd.sys  (File not found)

"pxliifow" (pxliifow) - "GMER" - C:\pxliifow.sys  (Hidden registry entry, rootkit activity)

"ssmdrv" (ssmdrv) - "Avira GmbH" - C:\Windows\System32\DRIVERS\ssmdrv.sys

"WimFltr" (WimFltr) - "Microsoft Corporation" - C:\Windows\System32\DRIVERS\wimfltr.sys

"WSVD" (WSVD) - "CyberLink" - C:\Windows\system32\drivers\WSVD.sys
 

[Explorer]

-----( HKLM\Software\Classes\Folder\shellex\ColumnHandlers )-----

{F9DB5320-233E-11D1-9F84-707F02C10627} "PDF Shell Extension" - "Adobe Systems, Inc." - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\PDFShell.dll

-----( HKLM\Software\Classes\Protocols\Filter )-----

{807573E5-5146-11D5-A672-00B0D022E945} "Microsoft Office InfoPath XML Mime Filter" - "Microsoft Corporation" - C:\Program Files\Common Files\Microsoft Shared\OFFICE14\MSOXMLMF.DLL

-----( HKLM\Software\Classes\Protocols\Handler )-----

{314111c7-a502-11d2-bbca-00c04f8ec294} "HxProtocol Class" - "Microsoft Corporation" - C:\Program Files\Common Files\Microsoft Shared\Help\hxds.dll

-----( HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks )-----

{B5A7F190-DDA6-4420-B3BA-52453494E6CD} "Groove GFS Stub Execution Hook" - "Microsoft Corporation" - C:\PROGRA~1\MICROS~2\Office14\GROOVEEX.DLL

-----( HKLM\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved )-----

{911051fa-c21c-4246-b470-070cd8df6dc4} ".cab or .zip files" - ? -   (File not found | COM-object registry key not found)

{23170F69-40C1-278A-1000-000100020000} "7-Zip Shell Extension" - "Igor Pavlov" - C:\Program Files\7-Zip\7-zip.dll

{1b24a030-9b20-49bc-97ac-1be4426f9e59} "ActiveDirectory Folder" - ? -   (File not found | COM-object registry key not found)

{34449847-FD14-4fc8-A75A-7432F5181EFB} "ActiveDirectory Folder" - ? -   (File not found | COM-object registry key not found)

{3D60EDA7-9AB4-4DA8-864C-D9B5F2E7281D} "Arbeitsbereiche" - "Microsoft Corporation" - C:\PROGRA~1\MICROS~2\Office14\GROOVEEX.DLL

{D66DC78C-4F61-447F-942B-3FB6980118CF} "CInfoTipShellExt Class" - "Microsoft Corporation" - C:\Program Files\Microsoft Office\Office14\VISSHE.DLL

{0F8604A5-4ECE-4DE1-BA7D-CF10F8AA4F48} "Contacts folder" - ? -   (File not found | COM-object registry key not found)

{2C2577C2-63A7-40e3-9B7F-586602617ECB} "Explorer Query Band" - ? -   (File not found | COM-object registry key not found)

{99FD978C-D287-4F50-827F-B2C658EDA8E7} "Groove Explorer Icon Overlay 1 (GFS Unread Stub)" - "Microsoft Corporation" - C:\PROGRA~1\MICROS~2\Office14\GROOVEEX.DLL

{AB5C5600-7E6E-4B06-9197-9ECEF74D31CC} "Groove Explorer Icon Overlay 2 (GFS Stub)" - "Microsoft Corporation" - C:\PROGRA~1\MICROS~2\Office14\GROOVEEX.DLL

{920E6DB1-9907-4370-B3A0-BAFC03D81399} "Groove Explorer Icon Overlay 2.5 (GFS Unread Folder)" - "Microsoft Corporation" - C:\PROGRA~1\MICROS~2\Office14\GROOVEEX.DLL

{16F3DD56-1AF5-4347-846D-7C10C4192619} "Groove Explorer Icon Overlay 3 (GFS Folder)" - "Microsoft Corporation" - C:\PROGRA~1\MICROS~2\Office14\GROOVEEX.DLL

{2916C86E-86A6-43FE-8112-43ABE6BF8DCC} "Groove Explorer Icon Overlay 4 (GFS Unread Mark)" - "Microsoft Corporation" - C:\PROGRA~1\MICROS~2\Office14\GROOVEEX.DLL

{2A541AE1-5BF6-4665-A8A3-CFA9672E4291} "Groove Folder Synchronization" - "Microsoft Corporation" - C:\PROGRA~1\MICROS~2\Office14\GROOVEEX.DLL

{72853161-30C5-4D22-B7F9-0BBC1D38A37E} "Groove GFS Browser Helper" - "Microsoft Corporation" - C:\PROGRA~1\MICROS~2\Office14\GROOVEEX.DLL

{6C467336-8281-4E60-8204-430CED96822D} "Groove GFS Context Menu Handler" - "Microsoft Corporation" - C:\PROGRA~1\MICROS~2\Office14\GROOVEEX.DLL

{B5A7F190-DDA6-4420-B3BA-52453494E6CD} "Groove GFS Stub Execution Hook" - "Microsoft Corporation" - C:\PROGRA~1\MICROS~2\Office14\GROOVEEX.DLL

{A449600E-1DC6-4232-B948-9BD794D62056} "Groove GFS Stub Icon Handler" - "Microsoft Corporation" - C:\PROGRA~1\MICROS~2\Office14\GROOVEEX.DLL

{387E725D-DC16-4D76-B310-2C93ED4752A0} "Groove XML Icon Handler" - "Microsoft Corporation" - C:\PROGRA~1\MICROS~2\Office14\GROOVEEX.DLL

{FAC3CBF6-8697-43d0-BAB9-DCD1FCE19D75} "IE User Assist" - ? -   (File not found | COM-object registry key not found)

{506F4668-F13E-4AA1-BB04-B43203AB3CC0} "ImageExtractorShellExt Class" - "Microsoft Corporation" - C:\Program Files\Microsoft Office\Office14\VISSHE.DLL

{B9E1D2CB-CCFF-4AA6-9579-D7A4754030EF} "iTunes" - "Apple Inc." - C:\Program Files\iTunes\iTunesMiniPlayer.dll

{42042206-2D85-11D3-8CFF-005004838597} "Microsoft Office HTML Icon Handler" - "Microsoft Corporation" - C:\Program Files\Microsoft Office\Office14\msohevi.dll

{993BE281-6695-4BA5-8A2A-7AACBFAAB69E} "Microsoft Office Metadata Handler" - "Microsoft Corporation" - C:\Program Files\Common Files\Microsoft Shared\OFFICE14\msoshext.dll

{C41662BB-1FA0-4CE0-8DC5-9B7F8279FF97} "Microsoft Office Thumbnail Handler" - "Microsoft Corporation" - C:\Program Files\Common Files\Microsoft Shared\OFFICE14\msoshext.dll

{0875DCB6-C686-4243-9432-ADCCF0B9F2D7} "Microsoft OneNote Namespace Extension for Windows Desktop Search" - "Microsoft Corporation" - C:\Program Files\Microsoft Office\Office14\ONFILTER.DLL

{00020D75-0000-0000-C000-000000000046} "Microsoft Outlook" - "Microsoft Corporation" - C:\PROGRA~1\MICROS~2\Office14\MLSHEXT.DLL

{0006F045-0000-0000-C000-000000000046} "Outlook File Icon Extension" - "Microsoft Corporation" - C:\Program Files\Microsoft Office\Office14\OLKFSTUB.DLL

{C8494E42-ACDD-4739-B0FB-217361E4894F} "Sam Account Folder" - ? -   (File not found | COM-object registry key not found)

{E29F9716-5C08-4FCD-955A-119FDB5A522D} "Sam Account Folder" - ? -   (File not found | COM-object registry key not found)

{45AC2688-0253-4ED8-97DE-B5370FA7D48A} "Shell Extension for Malware scanning" - "Avira Operations GmbH & Co. KG" - C:\Program Files\Avira\AntiVir Desktop\shlext.dll

{da67b8ad-e81b-4c70-9b91b417b5e33527} "Windows Search Shell Service" - ? -   (File not found | COM-object registry key not found)

{B41DB860-8EE4-11D2-9906-E49FADC173CA} "WinRAR" - "Alexander Roshal" - C:\Program Files\WinRAR\rarext.dll
 

[Internet Explorer]

-----( HKCU\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser )-----

ITBar7Height "ITBar7Height" - ? -   (File not found | COM-object registry key not found)

<binary data> "ITBar7Layout" - ? -   (File not found | COM-object registry key not found)

-----( HKLM\SOFTWARE\Microsoft\Code Store Database\Distribution Units )-----

{8AD9C840-044E-11D1-B3E9-00805F499D93} "Java Plug-in 1.6.0_29" - "Sun Microsystems, Inc." - C:\Program Files\Java\jre6\bin\jp2iexp.dll / hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_29-windows-i586.cab

{CAFEEFAC-0016-0000-0029-ABCDEFFEDCBA} "Java Plug-in 1.6.0_29" - "Sun Microsystems, Inc." - C:\Program Files\Java\jre6\bin\jp2iexp.dll / hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_29-windows-i586.cab

{CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} "Java Plug-in 1.6.0_29" - "Sun Microsystems, Inc." - C:\Program Files\Java\jre6\bin\npjpi160_29.dll / hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_29-windows-i586.cab

{7530BFB8-7293-4D34-9923-61A11451AFC5} "OnlineScanner Control" - "ESET" - C:\PROGRA~1\ESET\ESETON~1\ONLINE~1.OCX / hxxp://download.eset.com/special/eos/OnlineScanner.cab

{8FFBE65D-2C9C-4669-84BD-5829DC0B603C} "{8FFBE65D-2C9C-4669-84BD-5829DC0B603C}" - ? -   (File not found | COM-object registry key not found) / hxxp://fpdownload.macromedia.com/get/flashplayer/current/polarbear/ultrashim.cab

-----( HKLM\SOFTWARE\Microsoft\Internet Explorer\Extensions )-----

{48E73304-E1D6-4330-914C-F5F514E3486C} "An OneNote senden" - "Microsoft Corporation" - C:\Program Files\Microsoft Office\Office14\ONBttnIE.dll

{FFFDC614-B694-4AE6-AB38-5D6374584B52} "Verknüpfte &OneNote-Notizen" - "Microsoft Corporation" - C:\Program Files\Microsoft Office\Office14\ONBttnIELinkedNotes.dll

-----( HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects )-----

{18DF081C-E8AD-4283-A596-FA578C2EBDC3} "Adobe PDF Link Helper" - "Adobe Systems Incorporated" - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll

{72853161-30C5-4D22-B7F9-0BBC1D38A37E} "Groove GFS Browser Helper" - "Microsoft Corporation" - C:\PROGRA~1\MICROS~2\Office14\GROOVEEX.DLL

{DBC80044-A445-435b-BC74-9C25C1C588A9} "Java(tm) Plug-In 2 SSV Helper" - "Sun Microsystems, Inc." - C:\Program Files\Java\jre6\bin\jp2ssv.dll

{B4F3A835-0E21-4959-BA22-42B3008E02FF} "Office Document Cache Handler" - "Microsoft Corporation" - C:\PROGRA~1\MICROS~2\Office14\URLREDIR.DLL
 

[Logon]

-----( %APPDATA%\Microsoft\Windows\Start Menu\Programs\Startup )-----

"desktop.ini" - ? - C:\Users\Martina\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\desktop.ini

-----( %AllUsersProfile%\Microsoft\Windows\Start Menu\Programs\Startup )-----

"desktop.ini" - ? - C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\desktop.ini

-----( HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Run )-----

"ApplePhotoStreams" - "Apple Inc." - C:\Program Files\Common Files\Apple\Internet Services\ApplePhotoStreams.exe

"iCloudServices" - "Apple Inc." - C:\Program Files\Common Files\Apple\Internet Services\iCloudServices.exe

-----( HKLM\SYSTEM\CurrentControlSet\Control\Terminal Server\Wds\rdpwd )-----

"StartupPrograms" - ? - rdpclip  (File not found)

-----( HKLM\Software\Microsoft\Windows\CurrentVersion\Run )-----

"Adobe ARM" - "Adobe Systems Incorporated" - "C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe"

"Adobe Reader Speed Launcher" - "Adobe Systems Incorporated" - "C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe"

"AppleSyncNotifier" - "Apple Inc." - C:\Program Files\Common Files\Apple\Mobile Device Support\AppleSyncNotifier.exe

"APSDaemon" - "Apple Inc." - "C:\Program Files\Common Files\Apple\Apple Application Support\APSDaemon.exe"

"avgnt" - "Avira Operations GmbH & Co. KG" - "C:\Program Files\Avira\AntiVir Desktop\avgnt.exe" /min

"BCSSync" - "Microsoft Corporation" - "C:\Program Files\Microsoft Office\Office14\BCSSync.exe" /DelayServices

"FreePDF Assistant" - "shbox.de" - C:\Program Files\FreePDF_XP\fpassist.exe

"IAAnotif" - "Intel Corporation" - C:\Program Files\Intel\Intel Matrix Storage Manager\iaanotif.exe

"iTunesHelper" - "Apple Inc." - "C:\Program Files\iTunes\iTunesHelper.exe"

"KeybdUtility" - "LG Electronics" - C:\Program Files\LG Software\LG OSD\HotKey.exe

"QuickTime Task" - "Apple Inc." - "C:\Program Files\QuickTime\QTTask.exe" -atboottime

"SunJavaUpdateSched" - "Sun Microsystems, Inc." - "C:\Program Files\Common Files\Java\Java Update\jusched.exe"

"UCam_Menu" - "CyberLink Corp." - "C:\Program Files\CyberLink\YouCam\MUITransfer\MUIStartMenu.exe" "C:\Program Files\CyberLink\YouCam" update "Software\CyberLink\YouCam\1.0"
 

[Print Monitors]

-----( HKLM\SYSTEM\CurrentControlSet\Control\Print\Monitors )-----

"GEngine Port Monitor" - ? - C:\Windows\system32\gengpmon.dll  (File found, but it contains no detailed information)

"Redirected Port" - ? - C:\Windows\system32\redmonnt.dll  (File found, but it contains no detailed information)
 

[Services]

-----( HKLM\SYSTEM\CurrentControlSet\Services )-----

"@C:\Windows\Microsoft.NET\Framework\v4.0.30319\WPF\WPFFontCache_v0400.exe,-100" (WPFFontCache_v0400) - "Microsoft Corporation" - C:\Windows\Microsoft.NET\Framework\v4.0.30319\WPF\WPFFontCache_v0400.exe

"Adobe Flash Player Update Service" (AdobeFlashPlayerUpdateSvc) - "Adobe Systems Incorporated" - C:\Windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe

"Apple Mobile Device" (Apple Mobile Device) - "Apple Inc." - C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe

"Avira Echtzeit Scanner" (AntiVirService) - "Avira Operations GmbH & Co. KG" - C:\Program Files\Avira\AntiVir Desktop\avguard.exe

"Avira Planer" (AntiVirSchedulerService) - "Avira Operations GmbH & Co. KG" - C:\Program Files\Avira\AntiVir Desktop\sched.exe

"Dienst "Bonjour"" (Bonjour Service) - "Apple Inc." - C:\Program Files\Bonjour\mDNSResponder.exe

"FABS - Helping agent for MAGIX media database" (Fabs) - "MAGIX AG" - C:\Program Files\Common Files\MAGIX Services\Database\bin\FABS.exe

"Firebird Server - MAGIX Instance" (FirebirdServerMAGIXInstance) - "MAGIX®" - C:\Program Files\Common Files\MAGIX Services\Database\bin\fbserver.exe

"Intel(R) Matrix Storage Event Monitor" (IAANTMON) - "Intel Corporation" - C:\Program Files\Intel\Intel Matrix Storage Manager\IAANTMon.exe

"iPod-Dienst" (iPod Service) - "Apple Inc." - C:\Program Files\iPod\bin\iPodService.exe

"Microsoft .NET Framework NGEN v4.0.30319_X86" (clr_optimization_v4.0.30319_32) - "Microsoft Corporation" - C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe

"Microsoft SharePoint Workspace Audit Service" (Microsoft SharePoint Workspace Audit Service) - "Microsoft Corporation" - C:\Program Files\Microsoft Office\Office14\GROOVE.EXE

"Office  Source Engine" (ose) - "Microsoft Corporation" - C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE

"Office Software Protection Platform" (osppsvc) - "Microsoft Corporation" - C:\Program Files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE
 

[Winsock Providers]

-----( HKLM\SYSTEM\CurrentControlSet\Services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries )-----

"mdnsNSP" - "Apple Inc." - C:\Program Files\Bonjour\mdnsNSP.dll
 

===[ Logfile end ]=========================================[ Logfile end ]===

--- --- ---

If You have questions or want to get some help, You can visit hxxp://forum.online-solutions.ru [/code]

aswMBR folgt...

und hier das aswMBR:

Code:

 aswMBR version 0.9.9.1665 Copyright(c) 2011 AVAST Software

Run date: 2012-04-27 18:51:12

-----------------------------

18:51:12.102    OS Version: Windows 6.0.6002 Service Pack 2

18:51:12.102    Number of processors: 2 586 0xF0D

18:51:12.102    ComputerName: MARTINA-PC  UserName: Martina

18:51:13.132    Initialize success

18:51:17.936    AVAST engine defs: 12042700

18:51:38.934    Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\Ide\IAAStorageDevice-1

18:51:38.981    Disk 0 Vendor: FUJITSU_ 0000 Size: 305245MB BusType: 3

18:51:39.184    Disk 0 MBR read successfully

18:51:39.184    Disk 0 MBR scan

18:51:39.215    Disk 0 unknown MBR code

18:51:39.230    Disk 0 Partition 1 00     12  Compaq diag NTFS         1536 MB offset 2048

18:51:39.246    Disk 0 Partition 2 80 (A) 07    HPFS/NTFS NTFS       151552 MB offset 3147776

18:51:39.308    Disk 0 Partition 3 00     07    HPFS/NTFS NTFS       152155 MB offset 313526272

18:51:39.355    Disk 0 scanning sectors +625139712

18:51:39.527    Disk 0 scanning C:\Windows\system32\drivers

18:52:02.630    Service scanning

18:52:29.228    Modules scanning

18:52:40.747    Disk 0 trace - called modules:

18:52:41.293    ntkrnlpa.exe CLASSPNP.SYS disk.sys iaStor.sys hal.dll 

18:52:41.308    1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0x86e0cac8]

18:52:41.308    3 CLASSPNP.SYS[8afa18b3] -> nt!IofCallDriver -> \Device\Ide\IAAStorageDevice-1[0x85da4028]

18:52:41.308    Scan finished successfully

19:16:40.034    Disk 0 MBR has been saved successfully to "C:\Users\Martina\Desktop\MBR.dat"

19:16:40.049    The log file has been saved successfully to "C:\Users\Martina\Desktop\aswMBR.txt"

Wir sollten den MBR fixen, sichere für den Fall der Fälle ALLE wichtigen Daten, auch wenn meistens alles glatt geht.

Hinweis: Mach bitte NICHT den MBR-Fix, wenn du noch andere Betriebssysteme wie zB Ubuntu installiert hast, ein MBR-Fix mit Windows-Tools macht ein parallel installiertes (Dualboot) Linux unbootbar.
Mach den Fix auch dann nicht, wenn du zB mit TrueCrypt oder anderen Verschlüsselungsprogrammen eine Vollverschlüsselung der Windowspartition bzw. gesamten Festplatte hast

Starte nach der Datensicherung aswmbr erneut und klick auf den Button FIXMBR.

Hinweis: Bitte den Virenscanner abstellen bevor du aswMBR ausführst, denn v.a. Avira meldet darin oft einen Fehalalrm!

Anschließend Windows neu starten und ein neues Log mit aswMBR machen.

erledigt:
Das fixen dauert nur in paar Sekunden, kann das stimmen?

Code:

 aswMBR version 0.9.9.1665 Copyright(c) 2011 AVAST Software

Run date: 2012-04-28 14:25:34

-----------------------------

14:25:34.594    OS Version: Windows 6.0.6002 Service Pack 2

14:25:34.594    Number of processors: 2 586 0xF0D

14:25:34.594    ComputerName: *******-PC  UserName: *******

14:25:35.327    Initialize success

14:25:40.600    AVAST engine defs: 12042700

14:25:59.039    Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\Ide\IAAStorageDevice-1

14:25:59.039    Disk 0 Vendor: FUJITSU_ 0000 Size: 305245MB BusType: 3

14:25:59.054    Disk 0 MBR read successfully

14:25:59.054    Disk 0 MBR scan

14:25:59.070    Disk 0 Windows VISTA default MBR code

14:25:59.086    Disk 0 Partition 1 00     12  Compaq diag NTFS         1536 MB offset 2048

14:25:59.101    Disk 0 Partition 2 80 (A) 07    HPFS/NTFS NTFS       151552 MB offset 3147776

14:25:59.132    Disk 0 Partition 3 00     07    HPFS/NTFS NTFS       152155 MB offset 313526272

14:25:59.132    Disk 0 scanning sectors +625139712

14:25:59.226    Disk 0 scanning C:\Windows\system32\drivers

14:26:12.299    Service scanning

14:26:42.532    Modules scanning

14:26:49.130    Disk 0 trace - called modules:

14:26:49.146    ntkrnlpa.exe CLASSPNP.SYS disk.sys iaStor.sys hal.dll 

14:26:49.162    1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0x8689e1d0]

14:26:49.162    3 CLASSPNP.SYS[8afa38b3] -> nt!IofCallDriver -> \Device\Ide\IAAStorageDevice-1[0x85da4028]

14:26:49.177    Scan finished successfully

14:28:41.996    Disk 0 MBR has been saved successfully to "C:\Users\*******\Desktop\MBR.dat"

14:28:41.996    The log file has been saved successfully to "C:\Users\*******\Desktop\aswMBR.txt"

Sieht ok aus. Mach bitte zur Kontrolle Vollscans mit Malwarebytes und SASW und poste die Logs.
Denk dran beide Tools zu updaten vor dem Scan!!

Einmal Malewarebyte:

Code:

 Malwarebytes Anti-Malware (Test) 1.61.0.1400

www.malwarebytes.org
 

Datenbank Version: v2012.05.01.07
 

Windows Vista Service Pack 2 x86 NTFS

Internet Explorer 8.0.6001.19222

Martina :: *******-PC [Administrator]
 

Schutz: Deaktiviert
 

01.05.2012 16:08:40

mbam-log-2012-05-01 (16-08-40).txt
 

Art des Suchlaufs: Vollständiger Suchlauf

Aktivierte Suchlaufeinstellungen: Speicher | Autostart | Registrierung | Dateisystem | Heuristiks/Extra | HeuristiKs/Shuriken | PUP | PUM

Deaktivierte Suchlaufeinstellungen: P2P

Durchsuchte Objekte: 401271

Laufzeit: 1 Stunde(n), 52 Minute(n), 11 Sekunde(n)
 

Infizierte Speicherprozesse: 0

(Keine bösartigen Objekte gefunden)
 

Infizierte Speichermodule: 0

(Keine bösartigen Objekte gefunden)
 

Infizierte Registrierungsschlüssel: 0

(Keine bösartigen Objekte gefunden)
 

Infizierte Registrierungswerte: 0

(Keine bösartigen Objekte gefunden)
 

Infizierte Dateiobjekte der Registrierung: 0

(Keine bösartigen Objekte gefunden)
 

Infizierte Verzeichnisse: 0

(Keine bösartigen Objekte gefunden)
 

Infizierte Dateien: 0

(Keine bösartigen Objekte gefunden)
 

(Ende)

SuperAntiSpyware:

Code:

 SUPERAntiSpyware Scan Log

hxxp://www.superantispyware.com
 

Generated 05/01/2012 at 06:23 PM
 

Application Version : 5.0.1148
 

Core Rules Database Version : 8535

Trace Rules Database Version: 6347
 

Scan type       : Quick Scan

Total Scan Time : 00:10:46
 

Operating System Information

Windows Vista Home Premium 32-bit, Service Pack 2 (Build 6.00.6002)

UAC On - Limited User (Administrator User)
 

Memory items scanned      : 682

Memory threats detected   : 0

Registry items scanned    : 27195

Registry threats detected : 0

File items scanned        : 10271

File threats detected     : 96
 

Adware.Tracking Cookie

        C:\Users\*******\AppData\Roaming\Microsoft\Windows\Cookies\R69X3XT1.txt [ /zanox.com ]

        C:\Users\*******\AppData\Roaming\Microsoft\Windows\Cookies\9CGUZDL3.txt [ /fastclick.net ]

        C:\Users\*******\AppData\Roaming\Microsoft\Windows\Cookies\4MUVRVJG.txt [ /ad2.adfarm1.adition.com ]

        C:\Users\*******\AppData\Roaming\Microsoft\Windows\Cookies\1NK9D1G4.txt [ /apmebf.com ]

        C:\Users\*******\AppData\Roaming\Microsoft\Windows\Cookies\ASI6QR9L.txt [ /ww251.smartadserver.com ]

        C:\Users\*******\AppData\Roaming\Microsoft\Windows\Cookies\K2BD5RBC.txt [ /deutschepostag.112.2o7.net ]

        C:\Users\*******\AppData\Roaming\Microsoft\Windows\Cookies\BMN30Q3F.txt [ /dyntracker.com ]

        C:\Users\*******\AppData\Roaming\Microsoft\Windows\Cookies\NRWVMROJ.txt [ /invitemedia.com ]

        C:\Users\*******\AppData\Roaming\Microsoft\Windows\Cookies\EHUNMPZN.txt [ /webmasterplan.com ]

        C:\Users\*******\AppData\Roaming\Microsoft\Windows\Cookies\OWUS46WT.txt [ /amazon-adsystem.com ]

        C:\Users\*******\AppData\Roaming\Microsoft\Windows\Cookies\5GWNWHA6.txt [ /track.effiliation.com ]

        C:\Users\*******\AppData\Roaming\Microsoft\Windows\Cookies\ULVOGE4Z.txt [ /smartadserver.com ]

        C:\Users\*******\AppData\Roaming\Microsoft\Windows\Cookies\0WG3EI4S.txt [ /ad4.adfarm1.adition.com ]

        C:\Users\*******\AppData\Roaming\Microsoft\Windows\Cookies\7YO0MLIO.txt [ /doubleclick.net ]

        C:\Users\*******\AppData\Roaming\Microsoft\Windows\Cookies\7OD0LS9J.txt [ /e2.emediate.se ]

        C:\Users\*******\AppData\Roaming\Microsoft\Windows\Cookies\FPMTO6DA.txt [ /adfarm1.adition.com ]

        C:\Users\*******\AppData\Roaming\Microsoft\Windows\Cookies\SW2RCJ7V.txt [ /ad.360yield.com ]

        C:\Users\*******\AppData\Roaming\Microsoft\Windows\Cookies\JNU1HR8Z.txt [ /ad.zanox.com ]

        C:\Users\*******\AppData\Roaming\Microsoft\Windows\Cookies\1TVVTRPC.txt [ /track.effiliation.com ]

        C:\Users\*******\AppData\Roaming\Microsoft\Windows\Cookies\1U9XNZ5E.txt [ /im.banner.t-online.de ]

        C:\Users\*******\AppData\Roaming\Microsoft\Windows\Cookies\RKE88CJW.txt [ /revsci.net ]

        C:\Users\*******\AppData\Roaming\Microsoft\Windows\Cookies\MV0HG8C8.txt [ /www.googleadservices.com ]

        C:\Users\*******\AppData\Roaming\Microsoft\Windows\Cookies\5RJJ1ABW.txt [ /autoscout24.112.2o7.net ]

        C:\Users\*******\AppData\Roaming\Microsoft\Windows\Cookies\W6XG6FHR.txt [ /eas.apm.emediate.eu ]

        C:\Users\*******\AppData\Roaming\Microsoft\Windows\Cookies\29M30F2F.txt [ /statse.webtrendslive.com ]

        C:\Users\*******\AppData\Roaming\Microsoft\Windows\Cookies\69ER2NEM.txt [ /mediaplex.com ]

        C:\Users\*******\AppData\Roaming\Microsoft\Windows\Cookies\BX1G1YW0.txt [ /clickfuse.com ]

        C:\Users\*******\AppData\Roaming\Microsoft\Windows\Cookies\WPQTGHNT.txt [ /tracking.mobile.de ]

        C:\Users\*******\AppData\Roaming\Microsoft\Windows\Cookies\3X8NMM48.txt [ /adtech.de ]

        C:\Users\*******\AppData\Roaming\Microsoft\Windows\Cookies\PYYEL0FY.txt [ /ad.yieldmanager.com ]

        C:\Users\*******\AppData\Roaming\Microsoft\Windows\Cookies\9E713V9O.txt [ /atdmt.com ]

        C:\Users\*******\AppData\Roaming\Microsoft\Windows\Cookies\BCIRDUN0.txt [ /tracking.quisma.com ]

        C:\Users\*******\AppData\Roaming\Microsoft\Windows\Cookies\NP90CFIW.txt [ /tradedoubler.com ]

        C:\Users\*******\AppData\Roaming\Microsoft\Windows\Cookies\D5B1YKF5.txt [ /www.etracker.de ]

        C:\Users\*******\AppData\Roaming\Microsoft\Windows\Cookies\IR9C4XH7.txt [ /zanox-affiliate.de ]

        C:\USERS\GAST\AppData\Roaming\Microsoft\Windows\Cookies\Low\DY6GZHJF.txt [ Cookie:gast@tracking.quisma.com/ ]

        C:\USERS\GAST\AppData\Roaming\Microsoft\Windows\Cookies\Low\DMWI2LOY.txt [ Cookie:gast@statse.webtrendslive.com/ ]

        C:\USERS\GAST\AppData\Roaming\Microsoft\Windows\Cookies\Low\8DG2TD0W.txt [ Cookie:gast@www.burstnet.com/ ]

        C:\USERS\GAST\AppData\Roaming\Microsoft\Windows\Cookies\Low\HIH1LEI4.txt [ Cookie:gast@invitemedia.com/ ]

        C:\USERS\GAST\AppData\Roaming\Microsoft\Windows\Cookies\Low\ZUOO86T5.txt [ Cookie:gast@adserver.mitfahrzentrale.de/ ]

        C:\USERS\GAST\AppData\Roaming\Microsoft\Windows\Cookies\Low\67FWMQ0P.txt [ Cookie:gast@www.googleadservices.com/pagead/conversion/1071668411/ ]

        C:\USERS\GAST\AppData\Roaming\Microsoft\Windows\Cookies\Low\NPJA3YWW.txt [ Cookie:gast@stat.aldi.com/ ]

        C:\USERS\GAST\AppData\Roaming\Microsoft\Windows\Cookies\Low\6WL2AXMD.txt [ Cookie:gast@adfarm1.adition.com/ ]

        C:\USERS\GAST\AppData\Roaming\Microsoft\Windows\Cookies\Low\3SC9ON5C.txt [ Cookie:gast@ad4.adfarm1.adition.com/ ]

        C:\USERS\GAST\AppData\Roaming\Microsoft\Windows\Cookies\Low\6N4TO5NC.txt [ Cookie:gast@doubleclick.net/ ]

        C:\USERS\GAST\AppData\Roaming\Microsoft\Windows\Cookies\Low\ZJFIL740.txt [ Cookie:gast@eyewonder.com/ ]

        C:\USERS\GAST\AppData\Roaming\Microsoft\Windows\Cookies\Low\NQSINMJZ.txt [ Cookie:gast@traffictrack.de/ ]

        C:\USERS\GAST\AppData\Roaming\Microsoft\Windows\Cookies\Low\6PIUUEZL.txt [ Cookie:gast@ad.yieldmanager.com/ ]

        C:\USERS\GAST\AppData\Roaming\Microsoft\Windows\Cookies\Low\RLOBWIM6.txt [ Cookie:gast@tradedoubler.com/ ]

        C:\USERS\GAST\AppData\Roaming\Microsoft\Windows\Cookies\Low\JLZTLUAD.txt [ Cookie:gast@smartadserver.com/ ]

        C:\USERS\GAST\AppData\Roaming\Microsoft\Windows\Cookies\Low\F8O5KI87.txt [ Cookie:gast@apmebf.com/ ]

        C:\USERS\GAST\AppData\Roaming\Microsoft\Windows\Cookies\Low\XLKRN5IJ.txt [ Cookie:gast@mediaplex.com/ ]

        C:\USERS\GAST\AppData\Roaming\Microsoft\Windows\Cookies\Low\WW230KV3.txt [ Cookie:gast@germanwings.112.2o7.net/ ]

        C:\USERS\GAST\AppData\Roaming\Microsoft\Windows\Cookies\Low\BFDY1WT9.txt [ Cookie:gast@ww251.smartadserver.com/ ]

        C:\USERS\GAST\AppData\Roaming\Microsoft\Windows\Cookies\Low\WBOOR3HM.txt [ Cookie:gast@xiti.com/ ]

        C:\USERS\GAST\AppData\Roaming\Microsoft\Windows\Cookies\Low\CERW909E.txt [ Cookie:gast@specificclick.net/ ]

        C:\USERS\GAST\AppData\Roaming\Microsoft\Windows\Cookies\Low\OYK5RPU6.txt [ Cookie:gast@yieldmanager.net/ ]

        C:\USERS\GAST\AppData\Roaming\Microsoft\Windows\Cookies\Low\Z1BDQFPU.txt [ Cookie:gast@ad3.adfarm1.adition.com/ ]

        C:\USERS\GAST\AppData\Roaming\Microsoft\Windows\Cookies\Low\32Z9J8I8.txt [ Cookie:gast@www.googleadservices.com/pagead/conversion/1071459391/ ]

        C:\USERS\GAST\AppData\Roaming\Microsoft\Windows\Cookies\Low\A563EFPO.txt [ Cookie:gast@ad2.adfarm1.adition.com/ ]

        C:\USERS\GAST\AppData\Roaming\Microsoft\Windows\Cookies\Low\9NYW23I3.txt [ Cookie:gast@adtech.de/ ]

        C:\USERS\GAST\AppData\Roaming\Microsoft\Windows\Cookies\Low\QT04LYGO.txt [ Cookie:gast@imrworldwide.com/cgi-bin ]

        C:\USERS\GAST\AppData\Roaming\Microsoft\Windows\Cookies\Low\TFWIYSVX.txt [ Cookie:gast@advertising.com/ ]

        C:\USERS\GAST\AppData\Roaming\Microsoft\Windows\Cookies\Low\NS9VLTNT.txt [ Cookie:gast@zanox-affiliate.de/ ]

        C:\USERS\GAST\AppData\Roaming\Microsoft\Windows\Cookies\Low\ZNG8NRIK.txt [ Cookie:gast@serving-sys.com/ ]

        C:\USERS\GAST\AppData\Roaming\Microsoft\Windows\Cookies\Low\ZTW5VD1Z.txt [ Cookie:gast@webmasterplan.com/ ]

        C:\USERS\GAST\AppData\Roaming\Microsoft\Windows\Cookies\Low\5UEK96IF.txt [ Cookie:gast@ads.mikinimedia.de/ ]

        C:\USERS\GAST\AppData\Roaming\Microsoft\Windows\Cookies\Low\EXGQ8HYL.txt [ Cookie:gast@adviva.net/ ]

        C:\USERS\GAST\AppData\Roaming\Microsoft\Windows\Cookies\Low\EYNIGD6J.txt [ Cookie:gast@clickfuse.com/ ]

        C:\USERS\GAST\AppData\Roaming\Microsoft\Windows\Cookies\Low\JPOLOPZG.txt [ Cookie:gast@2o7.net/ ]

        C:\USERS\*******\Cookies\R69X3XT1.txt [ Cookie:*******@zanox.com/ ]

        C:\USERS\*******\Cookies\4MUVRVJG.txt [ Cookie:*******@ad2.adfarm1.adition.com/ ]

        C:\USERS\*******\Cookies\1NK9D1G4.txt [ Cookie:*******@apmebf.com/ ]

        C:\USERS\*******\Cookies\ASI6QR9L.txt [ Cookie:*******@ww251.smartadserver.com/ ]

        C:\USERS\*******\Cookies\K2BD5RBC.txt [ Cookie:*******@deutschepostag.112.2o7.net/ ]

        C:\USERS\*******\Cookies\BMN30Q3F.txt [ Cookie:*******@dyntracker.com/ ]

        C:\USERS\*******\Cookies\NRWVMROJ.txt [ Cookie:*******@invitemedia.com/ ]

        C:\USERS\*******\Cookies\EHUNMPZN.txt [ Cookie:*******@webmasterplan.com/ ]

        C:\USERS\*******\Cookies\5GWNWHA6.txt [ Cookie:*******@track.effiliation.com/servlet/ ]

        C:\USERS\*******\Cookies\ULVOGE4Z.txt [ Cookie:*******@smartadserver.com/ ]

        C:\USERS\*******\Cookies\0WG3EI4S.txt [ Cookie:*******@ad4.adfarm1.adition.com/ ]

        C:\USERS\*******\Cookies\7YO0MLIO.txt [ Cookie:*******@doubleclick.net/ ]

        C:\USERS\*******\Cookies\7OD0LS9J.txt [ Cookie:*******@e2.emediate.se/ ]

        C:\USERS\*******\Cookies\JNU1HR8Z.txt [ Cookie:*******@ad.zanox.com/ ]

        C:\USERS\*******\Cookies\1TVVTRPC.txt [ Cookie:*******@track.effiliation.com/ ]

        C:\USERS\*******\Cookies\RKE88CJW.txt [ Cookie:*******@revsci.net/ ]

        C:\USERS\*******\Cookies\5RJJ1ABW.txt [ Cookie:*******@autoscout24.112.2o7.net/ ]

        C:\USERS\*******\Cookies\W6XG6FHR.txt [ Cookie:*******@eas.apm.emediate.eu/ ]

        C:\USERS\*******\Cookies\BX1G1YW0.txt [ Cookie:*******@clickfuse.com/ ]

        C:\USERS\*******\Cookies\WPQTGHNT.txt [ Cookie:*******@tracking.mobile.de/ ]

        C:\USERS\*******\Cookies\3X8NMM48.txt [ Cookie:*******@adtech.de/ ]

        C:\USERS\*******\Cookies\9E713V9O.txt [ Cookie:*******@atdmt.com/ ]

        C:\USERS\*******\Cookies\BCIRDUN0.txt [ Cookie:*******@tracking.quisma.com/ ]

        C:\USERS\*******\Cookies\NP90CFIW.txt [ Cookie:*******@tradedoubler.com/ ]

        C:\USERS\*******\Cookies\D5B1YKF5.txt [ Cookie:*******@www.etracker.de/ ]

        C:\USERS\*******\Cookies\IR9C4XH7.txt [ Cookie:*******@zanox-affiliate.de/ ]

Zitat:

Scan type : Quick Scan

Warum nur Quickscan mit SASW?

mein Fehler, hier das neue File:

Code:

 SUPERAntiSpyware Scan Log

hxxp://www.superantispyware.com
 

Generated 05/04/2012 at 10:45 PM
 

Application Version : 5.0.1148
 

Core Rules Database Version : 8557

Trace Rules Database Version: 6369
 

Scan type       : Complete Scan

Total Scan Time : 02:11:21
 

Operating System Information

Windows Vista Home Premium 32-bit, Service Pack 2 (Build 6.00.6002)

UAC On - Limited User (Administrator User)
 

Memory items scanned      : 701

Memory threats detected   : 0

Registry items scanned    : 34164

Registry threats detected : 0

File items scanned        : 181193

File threats detected     : 41
 

Adware.Tracking Cookie

        C:\Users\*******\AppData\Roaming\Microsoft\Windows\Cookies\9QOVELOA.txt [ /zanox.com ]

        C:\Users\*******\AppData\Roaming\Microsoft\Windows\Cookies\VP963P6N.txt [ /traffictrack.de ]

        C:\Users\*******\AppData\Roaming\Microsoft\Windows\Cookies\TE2XVX0O.txt [ /fastclick.net ]

        C:\Users\*******\AppData\Roaming\Microsoft\Windows\Cookies\49NK53OJ.txt [ /apmebf.com ]

        C:\Users\*******\AppData\Roaming\Microsoft\Windows\Cookies\U605IGBB.txt [ /invitemedia.com ]

        C:\Users\*******\AppData\Roaming\Microsoft\Windows\Cookies\OS9Z7XIS.txt [ /webmasterplan.com ]

        C:\Users\*******\AppData\Roaming\Microsoft\Windows\Cookies\BIIM0CYO.txt [ /www.zanox-affiliate.de ]

        C:\Users\*******\AppData\Roaming\Microsoft\Windows\Cookies\C5AZKJ2X.txt [ /doubleclick.net ]

        C:\Users\*******\AppData\Roaming\Microsoft\Windows\Cookies\D8H9125R.txt [ /xxxlmoebelhaeuser.de ]

        C:\Users\*******\AppData\Roaming\Microsoft\Windows\Cookies\PBKXNN87.txt [ /www.xxxlmoebelhaeuser.de ]

        C:\Users\*******\AppData\Roaming\Microsoft\Windows\Cookies\4ZB5TLFD.txt [ /ad.zanox.com ]

        C:\Users\*******\AppData\Roaming\Microsoft\Windows\Cookies\90H8IM0E.txt [ /imrworldwide.com ]

        C:\Users\*******\AppData\Roaming\Microsoft\Windows\Cookies\QBBJK4I2.txt [ /mediaplex.com ]

        C:\Users\*******\AppData\Roaming\Microsoft\Windows\Cookies\AF01VUJ2.txt [ /atdmt.com ]

        C:\Users\*******\AppData\Roaming\Microsoft\Windows\Cookies\XTKUFXZL.txt [ /tradedoubler.com ]

        C:\Users\*******\AppData\Roaming\Microsoft\Windows\Cookies\AQM5Q22A.txt [ /tracking.quisma.com ]

        C:\Users\*******\AppData\Roaming\Microsoft\Windows\Cookies\7CLII0PN.txt [ /www.etracker.de ]

        C:\Users\*******\AppData\Roaming\Microsoft\Windows\Cookies\KEYW4H3C.txt [ /zanox-affiliate.de ]

        C:\USERS\*******\AppData\Roaming\Microsoft\Windows\Cookies\1O8ECS5I.txt [ Cookie:*******@zanox.com/ ]

        C:\USERS\*******\AppData\Roaming\Microsoft\Windows\Cookies\2B2Q3OFB.txt [ Cookie:*******@webmasterplan.com/ ]

        C:\USERS\*******\AppData\Roaming\Microsoft\Windows\Cookies\PM51O1VA.txt [ Cookie:*******@ad.zanox.com/ ]

        C:\USERS\*******\Cookies\1O8ECS5I.txt [ Cookie:*******@zanox.com/ ]

        C:\USERS\*******\Cookies\VP963P6N.txt [ Cookie:*******@traffictrack.de/ ]

        C:\USERS\*******\Cookies\49NK53OJ.txt [ Cookie:*******@apmebf.com/ ]

        C:\USERS\*******\Cookies\U605IGBB.txt [ Cookie:*******@invitemedia.com/ ]

        C:\USERS\*******\Cookies\2B2Q3OFB.txt [ Cookie:*******@webmasterplan.com/ ]

        C:\USERS\*******\Cookies\BIIM0CYO.txt [ Cookie:*******@www.zanox-affiliate.de/ ]

        C:\USERS\*******\Cookies\C5AZKJ2X.txt [ Cookie:*******@doubleclick.net/ ]

        C:\USERS\*******\Cookies\PM51O1VA.txt [ Cookie:*******@ad.zanox.com/ ]

        C:\USERS\*******\Cookies\90H8IM0E.txt [ Cookie:*******@imrworldwide.com/cgi-bin ]

        C:\USERS\*******\Cookies\AF01VUJ2.txt [ Cookie:*******@atdmt.com/ ]

        C:\USERS\*******\Cookies\XTKUFXZL.txt [ Cookie:*******@tradedoubler.com/ ]

        C:\USERS\*******\Cookies\AQM5Q22A.txt [ Cookie:*******@tracking.quisma.com/ ]

        C:\USERS\*******\Cookies\7CLII0PN.txt [ Cookie:*******@www.etracker.de/ ]

        C:\USERS\*******\Cookies\KEYW4H3C.txt [ Cookie:*******@zanox-affiliate.de/ ]

        earlyexperience.partyaccount.com [ C:\USERS\*******\APPDATA\ROAMING\MOZILLA-CACHE\PARTY\PARTYCASINO\COOKIES.TXT ]

        .partyaccount.com [ C:\USERS\*******\APPDATA\ROAMING\MOZILLA-CACHE\PARTY\PARTYPOKER\COOKIES.TXT ]

        secure.partyaccount.com [ C:\USERS\*******\APPDATA\ROAMING\MOZILLA-CACHE\PARTY\PARTYPOKER\COOKIES.TXT ]

        ad.yieldmanager.com [ C:\USERS\*******\APPDATA\ROAMING\MOZILLA-CACHE\PARTY\PARTYPOKER\COOKIES.TXT ]

        ad.yieldmanager.com [ C:\USERS\*******\APPDATA\ROAMING\MOZILLA-CACHE\PARTY\PARTYPOKER\COOKIES.TXT ]

        earlyexperience.partyaccount.com [ C:\USERS\*******\APPDATA\ROAMING\MOZILLA-CACHE\PARTY\PARTYPOKER\COOKIES.TXT ]

Sieht ok aus, da wurden nur Cookies gefunden.
Cookies sind keine Schädlinge direkt, aber es besteht die Gefahr der missbräuchlichen Verwendung (eindeutige Wiedererkennung zB für gezielte Werbung o.ä. => HTTP-Cookie )

Wegen Cookies und anderer Dinge im Web: Um die Pest von vornherein zu blocken (also TrackingCookies, Werbebanner etc.) müsstest du dir mal sowas wie MVPS Hosts File anschauen => Blocking Unwanted Parasites with a Hosts File - sinnvollerweise solltest du alle 4 Wochen mal bei MVPS nachsehen, ob er eine neue Hosts Datei herausgebracht hat.

Ansonsten gibt es noch gute Cookiemanager, Erweiterungen für den Firefox zB wäre da CookieCuller http://filepony.de/download-cookie_culler/
Wenn du aber damit leben kannst, dich bei jeder Browsersession überall neu einzuloggen (zB Facebook, Ebay, GMX, oder auch Trojaner-Board) dann stell den Browser einfach so ein, dass einfach alles beim Beenden des Browser inkl. Cookies gelöscht wird.

Ich halte es so, dass ich zum "wilden Surfen" den Opera-Browser oder Chromium unter meinem Linux verwende. Mein Hauptbrowser (Firefox) speichert nur die Cookies von den Sites die ich auch will, alles andere lehne ich manuell ab (der FF fragt mich immer) - die anderen Browser nehmen alles an Cookies zwar an, aber spätestens beim nächsten Start von Opera oder Chromium sind keine Cookies mehr da.

Ist dein System nun wieder in Ordnung oder gibt's noch andere Funde oder Probleme?

Super, vielen Dank! Mit dem Cookies kann sie leben, soviel ist das eh nicht, wo sie sich einloggt...
Die Probleme sind alle weg! Kam auch schon länger keine Fehlermeldung mehr von Avira...

Dann wären wir durch! :abklatsch:

Die Programme, die hier zum Einsatz kamen, können alle wieder runter. CF kann über Start, Ausführen mit combofix /uninstall entfernt werden. Melde dich falls es da Fehlermeldungen zu gibt. Mit Hilfe von OTL kannst du auch viele Tools entfernen:

Starte bitte OTL und klicke auf Bereinigung.
Dies wird die meisten Tools entfernen, die wir zur Bereinigung benötigt haben. Sollte etwas bestehen bleiben, bitte mit Rechtsklick --> Löschen entfernen.

Malwarebytes zu behalten ist zu empfehlen. Kannst ja 1x im Monat damit einen Vollscan machen, aber immer vorher ans Update denken.

Bitte abschließend die Updates prüfen, unten mein Leitfaden dazu. Um in Zukunft die Aktualität der installierten Programme besser im Überblick zu halten, kannst du zB Secunia PSI verwenden.
Für noch mehr Sicherheit solltest Du nach der beseitigten Infektion auch möglichst alle Passwörter ändern.

Microsoftupdate

Windows XP: Besuch mit dem IE die MS-Updateseite und lass Dir alle wichtigen Updates installieren.

Windows Vista/7: Anleitung Windows-Update

PDF-Reader aktualisieren
Ein veralteter AdobeReader stellt ein großes Sicherheitsrisiko dar. Du solltest daher besser alte Versionen vom AdobeReader über Systemsteuerung => Software bzw. Programme und Funktionen deinstallieren, indem Du dort auf "Adobe Reader x.0" klickst und das Programm entfernst. (falls du AdobeReader installiert hast)

Ich empfehle einen alternativen PDF-Reader wie PDF Xchange Viewer, SumatraPDF oder Foxit PDF Reader, die sind sehr viel schlanker und flotter als der AdobeReader.

Bitte überprüf bei der Gelegenheit auch die Aktualität des Flashplayers:

Adobe - Andere Version des Adobe Flash Player installieren

Notfalls kann man auch von Chip.de runterladen => http://filepony.de/?q=Flash+Player

Natürlich auch darauf achten, dass andere installierte Browser wie zB Firefox, Opera oder Chrome aktuell sind.

Java-Update
Veraltete Java-Installationen sind ein Sicherheitsrisiko, daher solltest Du die alten Versionen löschen (falls vorhanden, am besten mit JavaRa) und auf die neuste aktualisieren. Beende dazu alle Programme (v.a. die Browser), klick danach auf Start, Systemsteuerung, Software und deinstalliere darüber alle aufgelisteten Java-Versionen. Lad Dir danach von hier das aktuelle Java SE Runtime Environment (JRE) herunter und installiere es.