Trojaner-Board
Seite 1 von 2 1 2
100 Beiträge dieses Themas auf einer Seite anzeigen

Trojaner-Board (https://www.trojaner-board.de/)
-   Plagegeister aller Art und deren Bekämpfung (https://www.trojaner-board.de/plagegeister-aller-art-deren-bekaempfung/)
-   -   E-Mail verschickt Links von alleine. Immer an die gleiche Person. Malware Scan findet nichts! (https://www.trojaner-board.de/113461-e-mail-verschickt-links-alleine-immer-gleiche-person-malware-scan-findet-nichts.html)

Eustace 11.04.2012 15:42
E-Mail verschickt Links von alleine. Immer an die gleiche Person. Malware Scan findet nichts!
 
Hallo!
Von meiner Mail Adresse wurden innerhalb von 2 Tagen 3 Mal Links an immer nur die gleiche Person aus meiner Kontaktliste versendet. Mitbekommen habe ich es weil eine Meldung (in Form einer E-Mail "Delivery Status Notification") kam in der es hieß die Mail konnte nicht an den Empfänger weitergeleitet werden.

Die Links scheinen keine Viren zu sein, ich hab mal nach den Linkadressen gegoogelt und die gibt es wirklich. (Hier die Adressen, falls es wichtig ist: gwebz.com/perksavvy.com/onlinejobbest.com) auffällig ist ja, dass es immer andere Links waren und immer nur .com

Jetzt habe ich extra eine Software (Malwarebytes) heruntergeladen (Avira hatte ich ja schon) aber die findet auch nichts.

Kennwort habe ich vorhin auch geändert, aber keine Ahnung ob das etwas bringt.

Weiß jemand was es sein könnte??

Danke im Voraus

Jetzt wurde meine E-Mail Adresse blockiert!! D.h. das Ändern des Kennwortes hat nichts gebracht. Keines der Antivirusprogramme findet etwas, ich bin kurz vorm Weinen. Das war meine "Haupt-E-Mail-Adresse"... Bitte um Hilfe, ist dringend!
MfG

cosinus 12.04.2012 12:09
Zitat:
Jetzt habe ich extra eine Software (Malwarebytes) heruntergeladen (Avira hatte ich ja schon) aber die findet auch nichts.
Trotzdem alle Logs posten

Bitte alles nach Möglichkeit hier in CODE-Tags posten.

Wird so gemacht:

[code] hier steht das Log [/code]

Und das ganze sieht dann so aus:

Code:
hier steht das Log

Eustace 12.04.2012 16:45
Ich weiß nicht ob es das Richtige ist, hab ich unter "Logdateien" gefunden. :confused:

Code:
Malwarebytes Anti-Malware 1.61.0.1400
www.malwarebytes.org

Datenbank Version: v2012.04.11.02

Windows 7 Service Pack 1 x86 NTFS
Internet Explorer 8.0.7601.17514
Alina :: ALINA-PC [Administrator]

11.04.2012 23:36:40
mbam-log-2012-04-11 (23-36-40).txt

Art des Suchlaufs: Vollständiger Suchlauf
Aktivierte Suchlaufeinstellungen: Speicher | Autostart | Registrierung | Dateisystem | Heuristiks/Extra | HeuristiKs/Shuriken | PUP | PUM
Deaktivierte Suchlaufeinstellungen: P2P
Durchsuchte Objekte: 289998
Laufzeit: 2 Stunde(n), 40 Minute(n), 22 Sekunde(n)

Infizierte Speicherprozesse: 0
(Keine bösartigen Objekte gefunden)

Infizierte Speichermodule: 0
(Keine bösartigen Objekte gefunden)

Infizierte Registrierungsschlüssel: 0
(Keine bösartigen Objekte gefunden)

Infizierte Registrierungswerte: 0
(Keine bösartigen Objekte gefunden)

Infizierte Dateiobjekte der Registrierung: 0
(Keine bösartigen Objekte gefunden)

Infizierte Verzeichnisse: 0
(Keine bösartigen Objekte gefunden)

Infizierte Dateien: 0
(Keine bösartigen Objekte gefunden)

(Ende)
Ahja und hier noch von Antivir

Code:
Avira Free Antivirus
Erstellungsdatum der Reportdatei: Mittwoch, 11. April 2012  22:16

Es wird nach 3607906 Virenstämmen gesucht.

Das Programm läuft als uneingeschränkte Vollversion.
Online-Dienste stehen zur Verfügung.

Lizenznehmer  : Avira AntiVir Personal - Free Antivirus
Seriennummer  : 0000149996-ADJIE-0000001
Plattform      : Windows 7
Windowsversion : (Service Pack 1)  [6.1.7601]
Boot Modus    : Normal gebootet
Benutzername  : Alina
Computername  : ALINA-PC

Versionsinformationen:
BUILD.DAT      : 12.0.0.898          Bytes  31.01.2012 13:51:00
AVSCAN.EXE    : 12.1.0.20    492496 Bytes  15.02.2012 14:01:48
AVSCAN.DLL    : 12.1.0.18      65744 Bytes  15.02.2012 14:01:48
LUKE.DLL      : 12.1.0.19      68304 Bytes  15.02.2012 14:01:49
AVSCPLR.DLL    : 12.1.0.22    100048 Bytes  15.02.2012 14:01:50
AVREG.DLL      : 12.1.0.36    229128 Bytes  06.04.2012 07:40:17
VBASE000.VDF  : 7.10.0.0    19875328 Bytes  06.11.2009 18:18:34
VBASE001.VDF  : 7.11.0.0    13342208 Bytes  14.12.2010 09:07:39
VBASE002.VDF  : 7.11.19.170 14374912 Bytes  20.12.2011 11:41:29
VBASE003.VDF  : 7.11.21.238  4472832 Bytes  01.02.2012 17:15:18
VBASE004.VDF  : 7.11.26.44  4329472 Bytes  28.03.2012 18:20:16
VBASE005.VDF  : 7.11.26.45      2048 Bytes  28.03.2012 18:20:16
VBASE006.VDF  : 7.11.26.46      2048 Bytes  28.03.2012 18:20:16
VBASE007.VDF  : 7.11.26.47      2048 Bytes  28.03.2012 18:20:16
VBASE008.VDF  : 7.11.26.48      2048 Bytes  28.03.2012 18:20:17
VBASE009.VDF  : 7.11.26.49      2048 Bytes  28.03.2012 18:20:18
VBASE010.VDF  : 7.11.26.50      2048 Bytes  28.03.2012 18:20:18
VBASE011.VDF  : 7.11.26.51      2048 Bytes  28.03.2012 18:20:18
VBASE012.VDF  : 7.11.26.52      2048 Bytes  28.03.2012 18:20:18
VBASE013.VDF  : 7.11.26.53      2048 Bytes  28.03.2012 18:20:19
VBASE014.VDF  : 7.11.26.107  221696 Bytes  30.03.2012 18:51:28
VBASE015.VDF  : 7.11.26.179  224768 Bytes  02.04.2012 18:50:45
VBASE016.VDF  : 7.11.26.241  142336 Bytes  04.04.2012 18:50:51
VBASE017.VDF  : 7.11.27.41    247808 Bytes  08.04.2012 08:29:09
VBASE018.VDF  : 7.11.27.42      2048 Bytes  08.04.2012 08:29:09
VBASE019.VDF  : 7.11.27.43      2048 Bytes  08.04.2012 08:29:09
VBASE020.VDF  : 7.11.27.44      2048 Bytes  08.04.2012 08:29:09
VBASE021.VDF  : 7.11.27.45      2048 Bytes  08.04.2012 08:29:09
VBASE022.VDF  : 7.11.27.46      2048 Bytes  08.04.2012 08:29:09
VBASE023.VDF  : 7.11.27.47      2048 Bytes  08.04.2012 08:29:09
VBASE024.VDF  : 7.11.27.48      2048 Bytes  08.04.2012 08:29:09
VBASE025.VDF  : 7.11.27.49      2048 Bytes  08.04.2012 08:29:09
VBASE026.VDF  : 7.11.27.50      2048 Bytes  08.04.2012 08:29:10
VBASE027.VDF  : 7.11.27.51      2048 Bytes  08.04.2012 08:29:10
VBASE028.VDF  : 7.11.27.52      2048 Bytes  08.04.2012 08:29:10
VBASE029.VDF  : 7.11.27.53      2048 Bytes  08.04.2012 08:29:10
VBASE030.VDF  : 7.11.27.54      2048 Bytes  08.04.2012 08:29:10
VBASE031.VDF  : 7.11.27.88    89600 Bytes  10.04.2012 08:29:12
Engineversion  : 8.2.10.38
AEVDF.DLL      : 8.1.2.2      106868 Bytes  25.10.2011 16:59:14
AESCRIPT.DLL  : 8.1.4.16      446842 Bytes  04.04.2012 18:56:24
AESCN.DLL      : 8.1.8.2      131444 Bytes  27.01.2012 17:12:19
AESBX.DLL      : 8.2.5.5      606579 Bytes  12.03.2012 16:01:34
AERDL.DLL      : 8.1.9.15      639348 Bytes  08.09.2011 21:16:06
AEPACK.DLL    : 8.2.16.9      807287 Bytes  30.03.2012 18:52:48
AEOFFICE.DLL  : 8.1.2.27      201082 Bytes  04.04.2012 18:56:12
AEHEUR.DLL    : 8.1.4.12    4604278 Bytes  04.04.2012 18:56:07
AEHELP.DLL    : 8.1.19.1      254327 Bytes  04.04.2012 18:51:07
AEGEN.DLL      : 8.1.5.23      409973 Bytes  07.03.2012 20:18:11
AEEXP.DLL      : 8.1.0.28      82292 Bytes  04.04.2012 18:56:25
AEEMU.DLL      : 8.1.3.0      393589 Bytes  01.09.2011 21:46:01
AECORE.DLL    : 8.1.25.6      201078 Bytes  15.03.2012 17:12:13
AEBB.DLL      : 8.1.1.0        53618 Bytes  01.09.2011 21:46:01
AVWINLL.DLL    : 12.1.0.17      27344 Bytes  11.10.2011 12:59:41
AVPREF.DLL    : 12.1.0.17      51920 Bytes  11.10.2011 12:59:38
AVREP.DLL      : 12.1.0.17    179408 Bytes  11.10.2011 12:59:38
AVARKT.DLL    : 12.1.0.23    209360 Bytes  15.02.2012 14:01:48
AVEVTLOG.DLL  : 12.1.0.17    169168 Bytes  11.10.2011 12:59:37
SQLITE3.DLL    : 3.7.0.0      398288 Bytes  11.10.2011 12:59:51
AVSMTP.DLL    : 12.1.0.17      62928 Bytes  11.10.2011 12:59:39
NETNT.DLL      : 12.1.0.17      17104 Bytes  11.10.2011 12:59:47
RCIMAGE.DLL    : 12.1.0.17    4447952 Bytes  11.10.2011 13:00:00
RCTEXT.DLL    : 12.1.0.16      98512 Bytes  11.10.2011 13:00:00

Konfiguration für den aktuellen Suchlauf:
Job Name..............................: Lokale Festplatten
Konfigurationsdatei...................: C:\Program Files\Avira\AntiVir Desktop\alldiscs.avp
Protokollierung.......................: standard
Primäre Aktion........................: interaktiv
Sekundäre Aktion......................: ignorieren
Durchsuche Masterbootsektoren.........: ein
Durchsuche Bootsektoren...............: ein
Bootsektoren..........................: C:, D:, Q:,
Durchsuche aktive Programme...........: ein
Durchsuche Registrierung..............: ein
Suche nach Rootkits...................: aus
Integritätsprüfung von Systemdateien..: aus
Datei Suchmodus.......................: Intelligente Dateiauswahl
Durchsuche Archive....................: ein
Rekursionstiefe einschränken..........: 20
Archiv Smart Extensions...............: ein
Makrovirenheuristik...................: ein
Dateiheuristik........................: erweitert

Beginn des Suchlaufs: Mittwoch, 11. April 2012  22:16

Der Suchlauf über die Masterbootsektoren wird begonnen:
Masterbootsektor HD0
    [INFO]      Es wurde kein Virus gefunden!
    [INFO]      Bitte starten Sie den Suchlauf erneut mit Administratorrechten

Der Suchlauf über die Bootsektoren wird begonnen:
Bootsektor 'C:\'
    [INFO]      Es wurde kein Virus gefunden!
    [INFO]      Bitte starten Sie den Suchlauf erneut mit Administratorrechten
Bootsektor 'D:\'
    [INFO]      Es wurde kein Virus gefunden!
    [INFO]      Bitte starten Sie den Suchlauf erneut mit Administratorrechten
Bootsektor 'Q:\'
    [INFO]      Es wurde kein Virus gefunden!
    [INFO]      Bitte starten Sie den Suchlauf erneut mit Administratorrechten

Der Suchlauf über gestartete Prozesse wird begonnen:
Durchsuche Prozess 'avscan.exe' - '1' Modul(e) wurden durchsucht
Durchsuche Prozess 'FlashUtil10h_ActiveX.exe' - '1' Modul(e) wurden durchsucht
Durchsuche Prozess 'avcenter.exe' - '1' Modul(e) wurden durchsucht
Durchsuche Prozess 'plugin-container.exe' - '1' Modul(e) wurden durchsucht
Durchsuche Prozess 'BingApp.exe' - '1' Modul(e) wurden durchsucht
Durchsuche Prozess 'BingBar.exe' - '1' Modul(e) wurden durchsucht
Durchsuche Prozess 'iexplore.exe' - '1' Modul(e) wurden durchsucht
Durchsuche Prozess 'iexplore.exe' - '1' Modul(e) wurden durchsucht
Durchsuche Prozess 'wuauclt.exe' - '1' Modul(e) wurden durchsucht
Durchsuche Prozess 'firefox.exe' - '1' Modul(e) wurden durchsucht
Durchsuche Prozess 'BTTray.exe' - '1' Modul(e) wurden durchsucht
Durchsuche Prozess 'jusched.exe' - '1' Modul(e) wurden durchsucht
Durchsuche Prozess 'iTunesHelper.exe' - '1' Modul(e) wurden durchsucht
Durchsuche Prozess 'avgnt.exe' - '1' Modul(e) wurden durchsucht
Durchsuche Prozess 'SynAsusAcpi.exe' - '1' Modul(e) wurden durchsucht
Durchsuche Prozess 'Boingo Wi-Fi.exe' - '1' Modul(e) wurden durchsucht
Durchsuche Prozess 'LivCam.exe' - '1' Modul(e) wurden durchsucht
Durchsuche Prozess 'SynTPEnh.exe' - '1' Modul(e) wurden durchsucht
Durchsuche Prozess 'RtHDVCpl.exe' - '1' Modul(e) wurden durchsucht
Durchsuche Prozess 'igfxsrvc.exe' - '1' Modul(e) wurden durchsucht
Durchsuche Prozess 'igfxpers.exe' - '1' Modul(e) wurden durchsucht
Durchsuche Prozess 'hkcmd.exe' - '1' Modul(e) wurden durchsucht
Durchsuche Prozess 'igfxtray.exe' - '1' Modul(e) wurden durchsucht
Durchsuche Prozess 'Eee Docking.exe' - '1' Modul(e) wurden durchsucht
Durchsuche Prozess 'IAAnotif.exe' - '1' Modul(e) wurden durchsucht
Durchsuche Prozess 'Explorer.EXE' - '1' Modul(e) wurden durchsucht
Durchsuche Prozess 'Dwm.exe' - '1' Modul(e) wurden durchsucht
Durchsuche Prozess 'taskhost.exe' - '1' Modul(e) wurden durchsucht

Der Suchlauf auf Verweise zu ausführbaren Dateien (Registry) wird begonnen:
Die Registry wurde durchsucht ( '510' Dateien ).


Der Suchlauf über die ausgewählten Dateien wird begonnen:

Beginne mit der Suche in 'C:\'
Beginne mit der Suche in 'D:\'
Beginne mit der Suche in 'Q:\'
Der zu durchsuchende Pfad Q:\ konnte nicht geöffnet werden!
Systemfehler [5]: Zugriff verweigert


Ende des Suchlaufs: Mittwoch, 11. April 2012  23:11
Benötigte Zeit: 55:14 Minute(n)

Der Suchlauf wurde vollständig durchgeführt.

  25089 Verzeichnisse wurden überprüft
 213366 Dateien wurden geprüft
      0 Viren bzw. unerwünschte Programme wurden gefunden
      0 Dateien wurden als verdächtig eingestuft
      0 Dateien wurden gelöscht
      0 Viren bzw. unerwünschte Programme wurden repariert
      0 Dateien wurden in die Quarantäne verschoben
      0 Dateien wurden umbenannt
      0 Dateien konnten nicht durchsucht werden
 213366 Dateien ohne Befall
  2271 Archive wurden durchsucht
      0 Warnungen
      0 Hinweise

cosinus 12.04.2012 19:22
Führ bitte auch ESET aus, danach sehen wir weiter:


ESET Online Scanner

  • Hier findest du eine bebilderte Anleitung zu ESET Online Scanner
  • Lade und starte Eset Online Scanner
  • Setze einen Haken bei Ja, ich bin mit den Nutzungsbedingungen einverstanden und klicke auf Starten.
  • Aktiviere die "Erkennung von eventuell unerwünschten Anwendungen" und wähle folgende Einstellungen.
  • Klicke auf Starten.
  • Die Signaturen werden heruntergeladen, der Scan beginnt automatisch.
  • Klicke am Ende des Suchlaufs auf Fertig stellen.
  • Schließe das Fenster von ESET.
  • Explorer öffnen.
  • C:\Programme\Eset\EsetOnlineScanner\log.txt (bei 64 Bit auch C:\Programme (x86)\Eset\EsetOnlineScanner\log.txt) suchen und mit Deinem Editor öffnen (bebildert).
  • Logfile hier posten.
  • Deinstallation: Systemsteuerung => Software / Programme deinstallieren => Eset Online Scanner V3 entfernen.
  • Manuell folgenden Ordner löschen und Papierkorb leeren => C:\Programme\Eset


Eustace 12.04.2012 22:06
Also es wurde etwas gefunden

Code:
ESETSmartInstaller@High as downloader log:
all ok
# version=7
# OnlineScannerApp.exe=1.0.0.1
# OnlineScanner.ocx=1.0.0.6583
# api_version=3.0.2
# EOSSerial=5981faaafdc3d541bb825c52276d68cd
# end=stopped
# remove_checked=false
# archives_checked=true
# unwanted_checked=true
# unsafe_checked=false
# antistealth_checked=true
# utc_time=2012-04-12 06:56:54
# local_time=2012-04-12 08:56:54 (+0100, Mitteleuropäische Sommerzeit)
# country="Germany"
# lang=1033
# osver=6.1.7601 NT Service Pack 1
# compatibility_mode=512 16777215 100 0 0 0 0 0
# compatibility_mode=1792 16777215 100 0 14953990 14953990 0 0
# compatibility_mode=5893 16776573 100 94 36241 85887868 0 0
# compatibility_mode=8192 67108863 100 0 169 169 0 0
# scanned=4617
# found=0
# cleaned=0
# scan_time=359
ESETSmartInstaller@High as downloader log:
all ok
esets_scanner_update returned -1 esets_gle=53251
# version=7
# OnlineScannerApp.exe=1.0.0.1
# OnlineScanner.ocx=1.0.0.6583
# api_version=3.0.2
# EOSSerial=5981faaafdc3d541bb825c52276d68cd
# end=finished
# remove_checked=false
# archives_checked=true
# unwanted_checked=true
# unsafe_checked=false
# antistealth_checked=true
# utc_time=2012-04-12 09:02:20
# local_time=2012-04-12 11:02:20 (+0100, Mitteleuropäische Sommerzeit)
# country="Germany"
# lang=1033
# osver=6.1.7601 NT Service Pack 1
# compatibility_mode=512 16777215 100 0 0 0 0 0
# compatibility_mode=1792 16777215 100 0 14954392 14954392 0 0
# compatibility_mode=5893 16776573 100 94 36643 85888270 0 0
# compatibility_mode=8192 67108863 100 0 571 571 0 0
# scanned=115956
# found=1
# cleaned=0
# scan_time=7482
C:\Users\Alina\AppData\Local\Temp\Toolbar_Eazel.exe        Win32/Toolbar.Babylon application (unable to clean)        00000000000000000000000000000000        I

cosinus 12.04.2012 22:57
CustomScan mit OTL

Falls noch nicht vorhanden, lade Dir bitte OTL von Oldtimer herunter und speichere es auf Deinem Desktop
Code:
netsvcs
msconfig
safebootminimal
safebootnetwork
activex
drivers32
%ALLUSERSPROFILE%\Application Data\*.
%ALLUSERSPROFILE%\Application Data\*.exe /s
%APPDATA%\*.
%APPDATA%\*.exe /s
%SYSTEMDRIVE%\*.exe
/md5start
wininit.exe
userinit.exe
eventlog.dll
scecli.dll
netlogon.dll
cngaudit.dll
ws2ifsl.sys
sceclt.dll
ntelogon.dll
winlogon.exe
logevent.dll
user32.DLL
iaStor.sys
nvstor.sys
atapi.sys
IdeChnDr.sys
viasraid.sys
AGP440.sys
vaxscsi.sys
nvatabus.sys
viamraid.sys
nvata.sys
nvgts.sys
iastorv.sys
ViPrt.sys
eNetHook.dll
ahcix86.sys
KR10N.sys
nvstor32.sys
ahcix86s.sys
/md5stop
%systemroot%\system32\drivers\*.sys /lockedfiles
%systemroot%\System32\config\*.sav
%systemroot%\*. /mp /s
%systemroot%\system32\*.dll /lockedfiles
CREATERESTOREPOINT

Eustace 13.04.2012 01:09
OTL Logfile:
Code:
OTL logfile created on: 13.04.2012 00:48:46 - Run 1
OTL by OldTimer - Version 3.2.39.2    Folder = C:\Users\Alina\Desktop
 Starter Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 8.0.7601.17514)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
 
1014,18 Mb Total Physical Memory | 336,77 Mb Available Physical Memory | 33,21% Memory free
1,99 Gb Paging File | 1,08 Gb Available in Paging File | 54,36% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\windows | %ProgramFiles% = C:\Program Files
Drive C: | 100,00 Gb Total Space | 71,03 Gb Free Space | 71,03% Space Free | Partition Type: NTFS
Drive D: | 117,87 Gb Total Space | 117,77 Gb Free Space | 99,92% Space Free | Partition Type: NTFS
 
Computer Name: ALINA-PC | User Name: Alina | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users | Quick Scan
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days
 
========== Processes (SafeList) ==========
 
PRC - [2012.04.13 00:35:47 | 000,593,920 | ---- | M] (OldTimer Tools) -- C:\Users\Alina\Desktop\OTL.exe
PRC - [2011.10.11 15:00:02 | 000,080,336 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\Program Files\Avira\AntiVir Desktop\avshadow.exe
PRC - [2011.10.11 14:59:49 | 000,086,224 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\Program Files\Avira\AntiVir Desktop\sched.exe
PRC - [2011.10.11 14:59:37 | 000,258,512 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\Program Files\Avira\AntiVir Desktop\avgnt.exe
PRC - [2011.10.11 14:59:37 | 000,110,032 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\Program Files\Avira\AntiVir Desktop\avguard.exe
PRC - [2011.10.01 08:30:42 | 000,219,496 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Microsoft Application Virtualization Client\sftvsa.exe
PRC - [2011.10.01 08:30:36 | 000,508,776 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Microsoft Application Virtualization Client\sftlist.exe
PRC - [2011.06.24 06:22:20 | 000,271,360 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\conhost.exe
PRC - [2011.04.01 12:14:30 | 000,391,432 | ---- | M] (Microsoft Corporation.) -- C:\Program Files\Microsoft\BingBar\BingBar.exe
PRC - [2011.04.01 12:14:30 | 000,259,336 | ---- | M] (Microsoft Corporation.) -- C:\Program Files\Microsoft\BingBar\BingApp.exe
PRC - [2011.03.28 12:21:16 | 000,249,648 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Microsoft\BingBar\SeaPort.EXE
PRC - [2011.02.25 07:30:54 | 002,616,320 | ---- | M] (Microsoft Corporation) -- C:\Windows\explorer.exe
PRC - [2010.11.20 14:17:47 | 000,049,152 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\taskhost.exe
PRC - [2010.09.08 03:45:44 | 001,090,984 | ---- | M] (AsusTek Computer Inc.) -- C:\Program Files\Asus\LiveUpdate\LiveUpdate.exe
PRC - [2010.08.10 00:04:58 | 001,244,592 | ---- | M] (ASUSTeK Computer Inc.) -- C:\Program Files\EeePC\HotkeyService\HotkeyService.exe
PRC - [2010.06.10 22:12:06 | 000,414,384 | ---- | M] () -- C:\Program Files\ASUS\Eee Docking\Eee Docking.exe
PRC - [2010.06.09 23:26:34 | 000,412,600 | ---- | M] (ASUSTeK Computer Inc.) -- C:\Program Files\EeePC\SHE\SuperHybridEngine.exe
PRC - [2010.05.29 01:41:36 | 000,445,344 | ---- | M] (ASUS) -- C:\Program Files\EeePC\CapsHook\CapsHook.exe
PRC - [2009.11.19 15:44:14 | 000,083,240 | ---- | M] (Synaptics Incorporated) -- C:\Program Files\Synaptics\SynTP\SynAsusAcpi.exe
PRC - [2009.11.19 14:05:42 | 000,284,160 | ---- | M] (ASUSTek) -- C:\Program Files\ASUS\LivCam\LivCam.exe
PRC - [2009.09.11 20:41:02 | 000,100,328 | ---- | M] (ASUSTeK Computer Inc.) -- C:\Program Files\EeePC\HotkeyService\HotKeyMon.exe
PRC - [2009.08.19 02:35:56 | 000,219,136 | ---- | M] () -- C:\Windows\System32\AsusService.exe
PRC - [2009.08.12 12:32:56 | 000,365,936 | ---- | M] (Boingo Wireless, Inc.) -- C:\Program Files\Boingo\Boingo Wi-Fi\Boingo Wi-Fi.exe
PRC - [2009.08.03 01:05:24 | 000,795,936 | ---- | M] (Broadcom Corporation.) -- C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe
PRC - [2009.08.03 01:05:24 | 000,582,944 | ---- | M] (Broadcom Corporation.) -- C:\Program Files\WIDCOMM\Bluetooth Software\btwdins.exe
PRC - [2009.06.05 04:03:32 | 000,186,904 | ---- | M] (Intel Corporation) -- C:\Program Files\Intel\Intel Matrix Storage Manager\IAAnotif.exe
PRC - [2009.06.05 04:03:06 | 000,354,840 | ---- | M] (Intel Corporation) -- C:\Program Files\Intel\Intel Matrix Storage Manager\IAANTMon.exe
 
 
========== Modules (No Company Name) ==========
 
MOD - [2011.10.28 16:04:40 | 001,670,144 | ---- | M] () -- C:\windows\assembly\NativeImages_v2.0.50727_32\Microsoft.VisualBas#\08d608378aa405adc844f3cf36974b8c\Microsoft.VisualBasic.ni.dll
MOD - [2011.10.28 07:12:37 | 012,432,896 | ---- | M] () -- C:\windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\3afcd5168c7a6cb02eab99d7fd71e102\System.Windows.Forms.ni.dll
MOD - [2011.10.28 07:12:06 | 001,587,200 | ---- | M] () -- C:\windows\assembly\NativeImages_v2.0.50727_32\System.Drawing\dbfe8642a8ed7b2b103ad28e0c96418a\System.Drawing.ni.dll
MOD - [2011.10.28 07:10:27 | 005,453,312 | ---- | M] () -- C:\windows\assembly\NativeImages_v2.0.50727_32\System.Xml\461d3b6b3f43e6fbe6c897d5936e17e4\System.Xml.ni.dll
MOD - [2011.10.28 07:10:13 | 000,971,264 | ---- | M] () -- C:\windows\assembly\NativeImages_v2.0.50727_32\System.Configuration\bc09ad2d49d8535371845cd7532f9271\System.Configuration.ni.dll
MOD - [2011.10.28 07:10:09 | 007,963,136 | ---- | M] () -- C:\windows\assembly\NativeImages_v2.0.50727_32\System\9e0a3b9b9f457233a335d7fba8f95419\System.ni.dll
MOD - [2011.10.28 07:09:28 | 011,490,304 | ---- | M] () -- C:\windows\assembly\NativeImages_v2.0.50727_32\mscorlib\62a0b3e4b40ec0e8c5cfaa0c8848e64a\mscorlib.ni.dll
MOD - [2011.09.27 08:23:00 | 000,087,912 | ---- | M] () -- C:\Program Files\Common Files\Apple\Apple Application Support\zlib1.dll
MOD - [2011.09.27 08:22:40 | 001,242,472 | ---- | M] () -- C:\Program Files\Common Files\Apple\Apple Application Support\libxml2.dll
MOD - [2010.09.02 13:08:00 | 000,118,784 | ---- | M] () -- C:\PROGRA~1\ASUS\ASUSWE~1\30108~1.222\ASUSWS~1.DLL
MOD - [2010.06.10 22:12:06 | 000,414,384 | ---- | M] () -- C:\Program Files\ASUS\Eee Docking\Eee Docking.exe
MOD - [2009.09.15 14:30:42 | 000,376,832 | ---- | M] () -- C:\Program Files\ASUS\LivCam\SMIUtility.dll
MOD - [2009.08.03 01:05:40 | 000,132,384 | ---- | M] () -- C:\Program Files\WIDCOMM\Bluetooth Software\btkeyind.dll
 
 
========== Win32 Services (SafeList) ==========
 
SRV - [2011.10.11 14:59:49 | 000,086,224 | ---- | M] (Avira Operations GmbH & Co. KG) [Auto | Running] -- C:\Program Files\Avira\AntiVir Desktop\sched.exe -- (AntiVirSchedulerService)
SRV - [2011.10.11 14:59:37 | 000,110,032 | ---- | M] (Avira Operations GmbH & Co. KG) [Auto | Running] -- C:\Program Files\Avira\AntiVir Desktop\avguard.exe -- (AntiVirService)
SRV - [2011.10.01 08:30:42 | 000,219,496 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\Program Files\Microsoft Application Virtualization Client\sftvsa.exe -- (sftvsa)
SRV - [2011.10.01 08:30:36 | 000,508,776 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files\Microsoft Application Virtualization Client\sftlist.exe -- (sftlist)
SRV - [2011.04.01 12:14:30 | 000,183,560 | ---- | M] (Microsoft Corporation.) [On_Demand | Stopped] -- C:\Program Files\Microsoft\BingBar\BBSvc.EXE -- (BBSvc)
SRV - [2011.03.28 12:21:16 | 000,249,648 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files\Microsoft\BingBar\SeaPort.EXE -- (SeaPort)
SRV - [2009.08.19 02:35:56 | 000,219,136 | ---- | M] () [Auto | Running] -- C:\Windows\System32\AsusService.exe -- (AsusService)
SRV - [2009.08.03 01:05:24 | 000,582,944 | ---- | M] (Broadcom Corporation.) [Auto | Running] -- C:\Program Files\WIDCOMM\Bluetooth Software\btwdins.exe -- (btwdins)
SRV - [2009.07.14 03:15:41 | 000,680,960 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files\Windows Defender\mpsvc.dll -- (WinDefend)
SRV - [2009.06.05 04:03:06 | 000,354,840 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\Program Files\Intel\Intel Matrix Storage Manager\IAANTMon.exe -- (IAANTMON) Intel(R)
SRV - [2007.02.05 10:11:18 | 000,075,320 | ---- | M] (Sony Corporation) [On_Demand | Stopped] -- C:\Program Files\Common Files\Sony Shared\AVLib\SSScsiSV.exe -- (SSScsiSV)
SRV - [2007.02.05 10:11:16 | 000,112,184 | ---- | M] (Sony Corporation) [On_Demand | Stopped] -- C:\Program Files\Common Files\Sony Shared\AVLib\SsBeSvc.exe -- (SonicStage Back-End Service)
SRV - [2006.12.14 02:21:20 | 000,045,056 | ---- | M] (Sony Corporation) [On_Demand | Stopped] -- C:\Program Files\Common Files\Sony Shared\AVLib\MSCSPTISRV.exe -- (MSCSPTISRV)
SRV - [2006.12.14 02:02:08 | 000,069,632 | ---- | M] (Sony Corporation) [On_Demand | Stopped] -- C:\Program Files\Common Files\Sony Shared\AVLib\SPTISRV.exe -- (SPTISRV)
SRV - [2006.12.14 01:46:16 | 000,057,344 | ---- | M] () [On_Demand | Stopped] -- C:\Program Files\Common Files\Sony Shared\AVLib\PACSPTISVR.exe -- (PACSPTISVR)
 
 
========== Driver Services (SafeList) ==========
 
DRV - [2012.02.15 16:01:49 | 000,137,416 | ---- | M] (Avira GmbH) [Kernel | System | Running] -- C:\Windows\System32\drivers\avipbb.sys -- (avipbb)
DRV - [2011.10.11 15:00:01 | 000,074,640 | ---- | M] (Avira GmbH) [File_System | Auto | Running] -- C:\Windows\System32\drivers\avgntflt.sys -- (avgntflt)
DRV - [2011.10.11 15:00:01 | 000,036,000 | ---- | M] (Avira GmbH) [Kernel | System | Running] -- C:\Windows\System32\drivers\avkmgr.sys -- (avkmgr)
DRV - [2011.10.01 08:30:42 | 000,019,304 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\Sftvollh.sys -- (Sftvol)
DRV - [2011.10.01 08:30:40 | 000,021,864 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Running] -- C:\Windows\System32\drivers\Sftredirlh.sys -- (Sftredir)
DRV - [2011.10.01 08:30:38 | 000,194,408 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\Sftplaylh.sys -- (Sftplay)
DRV - [2011.10.01 08:30:36 | 000,579,944 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\Sftfslh.sys -- (Sftfs)
DRV - [2010.11.20 12:24:41 | 000,052,224 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\TsUsbFlt.sys -- (TsUsbFlt)
DRV - [2010.06.17 15:14:27 | 000,028,520 | ---- | M] (Avira GmbH) [Kernel | System | Running] -- C:\Windows\System32\drivers\ssmdrv.sys -- (ssmdrv)
DRV - [2010.03.31 03:40:20 | 000,011,520 | ---- | M] () [Kernel | System | Running] -- C:\Windows\System32\drivers\AsUpIO.sys -- (AsUpIO)
DRV - [2009.10.05 18:31:50 | 001,221,632 | ---- | M] (Atheros Communications, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\athr.sys -- (athr)
DRV - [2009.07.27 09:06:46 | 000,051,712 | ---- | M] (Atheros Communications, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\L1C62x86.sys -- (L1C) NDIS Miniport Driver for Atheros AR8131/AR8132 PCI-E Ethernet Controller (NDIS 6.20)
DRV - [2009.07.20 11:29:40 | 000,013,880 | ---- | M] ( ) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\kbfiltr.sys -- (kbfiltr)
DRV - [2009.07.01 06:46:20 | 000,043,944 | ---- | M] (Broadcom Corporation.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\btusbflt.sys -- (btusbflt)
 
 
========== Standard Registry (SafeList) ==========
 
 
========== Internet Explorer ==========
 
IE - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&form=ASUTDF&pc=MAAU&src=IE-SearchBox
 
 
IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
 
IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
 
 
 
IE - HKU\S-1-5-21-172706901-155862144-3271113608-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://asus.msn.com
IE - HKU\S-1-5-21-172706901-155862144-3271113608-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Secondary_Page_URL = hxxp://eeepc.asus.com [binary data]
IE - HKU\S-1-5-21-172706901-155862144-3271113608-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.google.de/
IE - HKU\S-1-5-21-172706901-155862144-3271113608-1000\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE - HKU\S-1-5-21-172706901-155862144-3271113608-1000\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&form=ASUTDF&pc=MAAU&src=IE-SearchBox
IE - HKU\S-1-5-21-172706901-155862144-3271113608-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKU\S-1-5-21-172706901-155862144-3271113608-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local
 
========== FireFox ==========
 
FF - prefs.js..browser.startup.homepage: "hxxp://www.google.de/"
FF - prefs.js..network.proxy.type: 0
FF - user.js - File not found
 
FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\windows\system32\Macromed\Flash\NPSWF32.dll ()
FF - HKLM\Software\MozillaPlugins\@adobe.com/ShockwavePlayer: C:\windows\system32\Adobe\Director\np32dsw.dll (Adobe Systems, Inc.)
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=:  File not found
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=1.0: C:\Program Files\iTunes\Mozilla Plugins\npitunes.dll ()
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files\Java\jre6\bin\plugin2\npjp2.dll (Sun Microsystems, Inc.)
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: C:\Program Files\Microsoft Silverlight\4.1.10111.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/SharePoint,version=14.0: C:\PROGRA~1\MICROS~2\Office14\NPSPWRAP.DLL (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3502.0922: C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll File not found
FF - HKCU\Software\MozillaPlugins\@Skype Limited.com/Facebook Video Calling Plugin: C:\Users\Alina\AppData\Local\Facebook\Video\Skype\npFacebookVideoCalling.dll (Skype Limited)
 
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 11.0\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2012.03.22 15:25:09 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 11.0\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins
 
[2011.10.17 17:32:05 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Alina\AppData\Roaming\mozilla\Extensions
[2012.04.12 23:32:25 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Alina\AppData\Roaming\mozilla\Firefox\Profiles\4v2rjtrr.default\extensions
[2012.01.28 11:39:06 | 000,000,000 | ---D | M] (iMacros for Firefox) -- C:\Users\Alina\AppData\Roaming\mozilla\Firefox\Profiles\4v2rjtrr.default\extensions\{81BF1D23-5F17-408D-AC6B-BD6DF7CAF670}
[2011.10.17 18:08:54 | 000,000,000 | ---D | M] ("Free YouTube Download (Free Studio) Menu") -- C:\Users\Alina\AppData\Roaming\mozilla\Firefox\Profiles\4v2rjtrr.default\extensions\{ACAA314B-EEBA-48e4-AD47-84E31C44796C}
[2012.03.28 22:26:44 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files\mozilla firefox\extensions
[2012.03.28 22:26:45 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0031-ABCDEFFEDCBA}
() (No name found) -- C:\USERS\ALINA\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\4V2RJTRR.DEFAULT\EXTENSIONS\{73A6FE31-595D-460B-A920-FCC0F8843232}.XPI
() (No name found) -- C:\USERS\ALINA\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\4V2RJTRR.DEFAULT\EXTENSIONS\{D10D0BF8-F5B5-C8B4-A8B2-2B9879E08C5D}.XPI
() (No name found) -- C:\USERS\ALINA\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\4V2RJTRR.DEFAULT\EXTENSIONS\ICH@MALTEGOETZ.DE.XPI
[2012.03.22 15:25:08 | 000,097,208 | ---- | M] (Mozilla Foundation) -- C:\Program Files\mozilla firefox\components\browsercomps.dll
[2012.03.22 15:25:01 | 000,001,392 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\amazondotcom-de.xml
[2012.03.22 15:25:01 | 000,002,252 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\bing.xml
[2012.03.22 15:25:01 | 000,001,153 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\eBay-de.xml
[2012.03.22 15:25:01 | 000,006,805 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\leo_ende_de.xml
[2012.03.22 15:25:01 | 000,001,178 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\wikipedia-de.xml
[2012.03.22 15:25:01 | 000,001,105 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\yahoo-de.xml
 
O1 HOSTS File: ([2009.06.10 23:39:37 | 000,000,824 | ---- | M]) - C:\Windows\System32\drivers\etc\hosts
O2 - BHO: (Java(tm) Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre6\bin\ssv.dll (Sun Microsystems, Inc.)
O2 - BHO: (Bing Bar Helper) - {d2ce3e00-f94a-4740-988e-03dc2f38c34f} - C:\Program Files\Microsoft\BingBar\BingExt.dll (Microsoft Corporation.)
O3 - HKLM\..\Toolbar: (Bing Bar) - {8dcb7100-df86-4384-8842-8fa844297b3f} - C:\Program Files\Microsoft\BingBar\BingExt.dll (Microsoft Corporation.)
O3 - HKLM\..\Toolbar: (no name) - Locked - No CLSID value found.
O3 - HKU\S-1-5-21-172706901-155862144-3271113608-1000\..\Toolbar\WebBrowser: (no name) - {21FA44EF-376D-4D53-9B0F-8A89D3229068} - No CLSID value found.
O4 - HKLM..\Run: [APSDaemon] C:\Program Files\Common Files\Apple\Apple Application Support\APSDaemon.exe (Apple Inc.)
O4 - HKLM..\Run: [ASUSPRP] C:\Program Files\ASUS\APRP\APRP.EXE (ASUSTek Computer Inc.)
O4 - HKLM..\Run: [ASUSWebStorage] C:\Program Files\ASUS\ASUS WebStorage\3.0.108.222\AsusWSPanel.exe (ecareme)
O4 - HKLM..\Run: [avgnt] C:\Program Files\Avira\AntiVir Desktop\avgnt.exe (Avira Operations GmbH & Co. KG)
O4 - HKLM..\Run: [Boingo Wi-Fi] C:\Program Files\Boingo\Boingo Wi-Fi\Boingo.lnk ()
O4 - HKLM..\Run: [CapsHook] C:\windows\System32\AsusSender.exe (ASUSTek Computer Inc.)
O4 - HKLM..\Run: [Eee Docking] C:\Program Files\ASUS\Eee Docking\Eee Docking.exe ()
O4 - HKLM..\Run: [EeeSplendidAgent] C:\Program Files\ASUS\EPC\EeeSplendid\AsAgent.exe File not found
O4 - HKLM..\Run: [GraphicsSwitch] C:\windows\System32\AsusSender.exe (ASUSTek Computer Inc.)
O4 - HKLM..\Run: [HotkeyMon] C:\windows\System32\AsusSender.exe (ASUSTek Computer Inc.)
O4 - HKLM..\Run: [HotkeyService] C:\windows\System32\AsusSender.exe (ASUSTek Computer Inc.)
O4 - HKLM..\Run: [IAAnotif] C:\Program Files\Intel\Intel Matrix Storage Manager\iaanotif.exe (Intel Corporation)
O4 - HKLM..\Run: [LivCam] C:\Program Files\ASUS\LivCam\LivCam.exe (ASUSTek)
O4 - HKLM..\Run: [LiveUpdate] C:\windows\System32\AsusSender.exe (ASUSTek Computer Inc.)
O4 - HKLM..\Run: [SuperHybridEngine] C:\windows\System32\AsusSender.exe (ASUSTek Computer Inc.)
O4 - HKLM..\Run: [SynAsusAcpi] C:\Program Files\Synaptics\SynTP\SynAsusAcpi.exe (Synaptics Incorporated)
O4 - HKU\S-1-5-21-172706901-155862144-3271113608-1000..\Run: [Facebook Update] C:\Users\Alina\AppData\Local\Facebook\Update\FacebookUpdate.exe (Facebook Inc.)
O4 - HKU\S-1-5-21-172706901-155862144-3271113608-1000..\Run: [msnmsgr] "C:\Program Files\Windows Live\Messenger\msnmsgr.exe" /background File not found
O4 - HKU\S-1-5-19..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (Microsoft Corporation)
O4 - HKU\S-1-5-20..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (Microsoft Corporation)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
O7 - HKU\S-1-5-21-172706901-155862144-3271113608-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O8 - Extra context menu item: Free YouTube to MP3 Converter - C:\Users\Alina\AppData\Roaming\DVDVideoSoftIEHelpers\freeyoutubetomp3converter.htm ()
O10 - NameSpace_Catalog5\Catalog_Entries\000000000008 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)
O13 - gopher Prefix: missing
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab (Java Plug-in 1.6.0_31)
O16 - DPF: {CAFEEFAC-0016-0000-0031-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab (Java Plug-in 1.6.0_31)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab (Java Plug-in 1.6.0_31)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.2.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{CA83C9A4-50BA-458D-A65D-0E72B89DE5C5}: DhcpNameServer = 192.168.2.1
O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files\Aibelive\Voice Command\Skype4COM.dll (Skype Technologies)
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\windows\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\System32\userinit.exe (Microsoft Corporation)
O20 - HKLM Winlogon: VMApplet - (SystemPropertiesPerformance.exe) - C:\windows\System32\SystemPropertiesPerformance.exe (Microsoft Corporation)
O20 - HKLM Winlogon: VMApplet - (/pagefile) -  File not found
O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2009.06.10 23:42:20 | 000,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ]
O33 - MountPoints2\{d105af45-4f64-11e1-861a-74f06db258d4}\Shell - "" = AutoRun
O33 - MountPoints2\{d105af45-4f64-11e1-861a-74f06db258d4}\Shell\AutoRun\command - "" = E:\zdata\cobi.exe
O34 - HKLM BootExecute: (autocheck autochk *)
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
 
NetSvcs: FastUserSwitchingCompatibility -  File not found
NetSvcs: Ias - C:\windows\System32\ias.dll (Microsoft Corporation)
NetSvcs: Nla -  File not found
NetSvcs: Ntmssvc -  File not found
NetSvcs: NWCWorkstation -  File not found
NetSvcs: Nwsapagent -  File not found
NetSvcs: SRService -  File not found
NetSvcs: WmdmPmSp -  File not found
NetSvcs: LogonHours -  File not found
NetSvcs: PCAudit -  File not found
NetSvcs: helpsvc -  File not found
NetSvcs: uploadmgr -  File not found
 
 
SafeBootMin: AppMgmt - Service
SafeBootMin: Base - Driver Group
SafeBootMin: Boot Bus Extender - Driver Group
SafeBootMin: Boot file system - Driver Group
SafeBootMin: File system - Driver Group
SafeBootMin: Filter - Driver Group
SafeBootMin: HelpSvc - Service
SafeBootMin: NTDS -  File not found
SafeBootMin: PCI Configuration - Driver Group
SafeBootMin: PNP Filter - Driver Group
SafeBootMin: Primary disk - Driver Group
SafeBootMin: sacsvr - Service
SafeBootMin: SCSI Class - Driver Group
SafeBootMin: System Bus Extender - Driver Group
SafeBootMin: vmms - Service
SafeBootMin: WinDefend - C:\Program Files\Windows Defender\mpsvc.dll (Microsoft Corporation)
SafeBootMin: {36FC9E60-C465-11CF-8056-444553540000} - Universal Serial Bus controllers
SafeBootMin: {4D36E965-E325-11CE-BFC1-08002BE10318} - CD-ROM Drive
SafeBootMin: {4D36E967-E325-11CE-BFC1-08002BE10318} - DiskDrive
SafeBootMin: {4D36E969-E325-11CE-BFC1-08002BE10318} - Standard floppy disk controller
SafeBootMin: {4D36E96A-E325-11CE-BFC1-08002BE10318} - Hdc
SafeBootMin: {4D36E96B-E325-11CE-BFC1-08002BE10318} - Keyboard
SafeBootMin: {4D36E96F-E325-11CE-BFC1-08002BE10318} - Mouse
SafeBootMin: {4D36E977-E325-11CE-BFC1-08002BE10318} - PCMCIA Adapters
SafeBootMin: {4D36E97B-E325-11CE-BFC1-08002BE10318} - SCSIAdapter
SafeBootMin: {4D36E97D-E325-11CE-BFC1-08002BE10318} - System
SafeBootMin: {4D36E980-E325-11CE-BFC1-08002BE10318} - Floppy disk drive
SafeBootMin: {533C5B84-EC70-11D2-9505-00C04F79DEAF} - Volume shadow copy
SafeBootMin: {6BDD1FC1-810F-11D0-BEC7-08002BE2092F} - IEEE 1394 Bus host controllers
SafeBootMin: {71A27CDD-812A-11D0-BEC7-08002BE2092F} - Volume
SafeBootMin: {745A17A0-74D3-11D0-B6FE-00A0C90F57DA} - Human Interface Devices
SafeBootMin: {D48179BE-EC20-11D1-B6B8-00C04FA372A7} - SBP2 IEEE 1394 Devices
SafeBootMin: {D94EE5D8-D189-4994-83D2-F68D7D41B0E6} - SecurityDevices
 
SafeBootNet: AppMgmt - Service
SafeBootNet: Base - Driver Group
SafeBootNet: Boot Bus Extender - Driver Group
SafeBootNet: Boot file system - Driver Group
SafeBootNet: File system - Driver Group
SafeBootNet: Filter - Driver Group
SafeBootNet: HelpSvc - Service
SafeBootNet: Messenger - Service
SafeBootNet: NDIS Wrapper - Driver Group
SafeBootNet: NetBIOSGroup - Driver Group
SafeBootNet: NetDDEGroup - Driver Group
SafeBootNet: Network - Driver Group
SafeBootNet: NetworkProvider - Driver Group
SafeBootNet: NTDS -  File not found
SafeBootNet: PCI Configuration - Driver Group
SafeBootNet: PNP Filter - Driver Group
SafeBootNet: PNP_TDI - Driver Group
SafeBootNet: Primary disk - Driver Group
SafeBootNet: rdsessmgr - Service
SafeBootNet: sacsvr - Service
SafeBootNet: SCSI Class - Driver Group
SafeBootNet: Streams Drivers - Driver Group
SafeBootNet: System Bus Extender - Driver Group
SafeBootNet: TDI - Driver Group
SafeBootNet: vmms - Service
SafeBootNet: WinDefend - C:\Program Files\Windows Defender\mpsvc.dll (Microsoft Corporation)
SafeBootNet: WudfUsbccidDriver - Driver
SafeBootNet: {36FC9E60-C465-11CF-8056-444553540000} - Universal Serial Bus controllers
SafeBootNet: {4D36E965-E325-11CE-BFC1-08002BE10318} - CD-ROM Drive
SafeBootNet: {4D36E967-E325-11CE-BFC1-08002BE10318} - DiskDrive
SafeBootNet: {4D36E969-E325-11CE-BFC1-08002BE10318} - Standard floppy disk controller
SafeBootNet: {4D36E96A-E325-11CE-BFC1-08002BE10318} - Hdc
SafeBootNet: {4D36E96B-E325-11CE-BFC1-08002BE10318} - Keyboard
SafeBootNet: {4D36E96F-E325-11CE-BFC1-08002BE10318} - Mouse
SafeBootNet: {4D36E972-E325-11CE-BFC1-08002BE10318} - Net
SafeBootNet: {4D36E973-E325-11CE-BFC1-08002BE10318} - NetClient
SafeBootNet: {4D36E974-E325-11CE-BFC1-08002BE10318} - NetService
SafeBootNet: {4D36E975-E325-11CE-BFC1-08002BE10318} - NetTrans
SafeBootNet: {4D36E977-E325-11CE-BFC1-08002BE10318} - PCMCIA Adapters
SafeBootNet: {4D36E97B-E325-11CE-BFC1-08002BE10318} - SCSIAdapter
SafeBootNet: {4D36E97D-E325-11CE-BFC1-08002BE10318} - System
SafeBootNet: {4D36E980-E325-11CE-BFC1-08002BE10318} - Floppy disk drive
SafeBootNet: {50DD5230-BA8A-11D1-BF5D-0000F805F530} - Smart card readers
SafeBootNet: {533C5B84-EC70-11D2-9505-00C04F79DEAF} - Volume shadow copy
SafeBootNet: {6BDD1FC1-810F-11D0-BEC7-08002BE2092F} - IEEE 1394 Bus host controllers
SafeBootNet: {71A27CDD-812A-11D0-BEC7-08002BE2092F} - Volume
SafeBootNet: {745A17A0-74D3-11D0-B6FE-00A0C90F57DA} - Human Interface Devices
SafeBootNet: {D48179BE-EC20-11D1-B6B8-00C04FA372A7} - SBP2 IEEE 1394 Devices
SafeBootNet: {D94EE5D8-D189-4994-83D2-F68D7D41B0E6} - SecurityDevices
 
ActiveX: {08B0E5C0-4FCB-11CF-AAA5-00401C608500} - Java (Sun)
ActiveX: {22d6f312-b0f6-11d0-94ab-0080c74c7e95} - Microsoft Windows Media Player 12.0
ActiveX: {25FFAAD0-F4A3-4164-95FF-4461E9F35D51} - .NET Framework
ActiveX: {2C7339CF-2B09-4501-B3F3-F3508C9228ED} - %SystemRoot%\system32\regsvr32.exe /s /n /i:/UserInstall %SystemRoot%\system32\themeui.dll
ActiveX: {3af36230-a269-11d1-b5bf-0000f8051515} - Offline Browsing Pack
ActiveX: {3C3901C5-3455-3E0A-A214-0B093A5070A6} - .NET Framework
ActiveX: {44BBA840-CC51-11CF-AAFA-00AA00B6015C} - "%ProgramFiles%\Windows Mail\WinMail.exe" OCInstallUserConfigOE
ActiveX: {44BBA855-CC51-11CF-AAFA-00AA00B6015F} - DirectDrawEx
ActiveX: {45ea75a0-a269-11d1-b5bf-0000f8051515} - Internet Explorer Help
ActiveX: {4f645220-306d-11d2-995d-00c04f98bbc9} - Microsoft Windows Script 5.6
ActiveX: {5fd399c0-a70a-11d1-9948-00c04f98bbc9} - Internet Explorer Setup Tools
ActiveX: {630b1da0-b465-11d1-9948-00c04f98bbc9} - Browsing Enhancements
ActiveX: {6BF52A52-394A-11d3-B153-00C04F79FAA6} - Microsoft Windows Media Player
ActiveX: {6fab99d0-bab8-11d1-994a-00c04f98bbc9} - MSN Site Access
ActiveX: {7790769C-0471-11d2-AF11-00C04FA35D02} - Address Book 7
ActiveX: {7C028AF8-F614-47B3-82DA-BA94E41B1089} - .NET Framework
ActiveX: {89820200-ECBD-11cf-8B85-00AA005B4340} - regsvr32.exe /s /n /i:U shell32.dll
ActiveX: {89820200-ECBD-11cf-8B85-00AA005B4383} - C:\Windows\System32\ie4uinit.exe -BaseSettings
ActiveX: {89B4C1CD-B018-4511-B0A1-5476DBF70820} - C:\Windows\system32\Rundll32.exe C:\Windows\system32\mscories.dll,Install
ActiveX: {9381D8F2-0288-11D0-9501-00AA00B911A5} - Dynamic HTML Data Binding
ActiveX: {C9E9A340-D1F1-11D0-821E-444553540600} - Internet Explorer Core Fonts
ActiveX: {D27CDB6E-AE6D-11CF-96B8-444553540000} - Adobe Flash Player
ActiveX: {de5aed00-a4bf-11d1-9948-00c04f98bbc9} - HTML Help
ActiveX: {E92B03AB-B707-11d2-9CBD-0000F87A369E} - Active Directory Service Interface
ActiveX: >{22d6f312-b0f6-11d0-94ab-0080c74c7e95} - %SystemRoot%\system32\unregmp2.exe /ShowWMP
ActiveX: >{26923b43-4d38-484f-9b9e-de460746276c} - C:\Windows\System32\ie4uinit.exe -UserIconConfig
ActiveX: >{60B49E34-C7CC-11D0-8953-00A0C90347FF} - "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\iedkcs32.dll",BrandIEActiveSetup SIGNUP
 
Drivers32: msacm.l3acm - C:\Windows\System32\l3codeca.acm (Fraunhofer Institut Integrierte Schaltungen IIS)
Drivers32: MSVideo8 - C:\windows\System32\vfwwdm32.dll (Microsoft Corporation)
Drivers32: vidc.cvid - C:\windows\System32\iccvid.dll (Radius Inc.)
 
CREATERESTOREPOINT
Restore point Set: OTL Restore Point
 
========== Files/Folders - Created Within 30 Days ==========
 
[2012.04.13 00:35:25 | 000,593,920 | ---- | C] (OldTimer Tools) -- C:\Users\Alina\Desktop\OTL.exe
[2012.04.12 20:48:28 | 000,000,000 | ---D | C] -- C:\Program Files\ESET
[2012.04.12 20:47:44 | 002,322,184 | ---- | C] (ESET) -- C:\Users\Alina\Desktop\esetsmartinstaller_enu.exe
[2012.04.12 16:49:11 | 000,000,000 | -HSD | C] -- C:\Config.Msi
[2012.04.11 16:02:04 | 000,000,000 | ---D | C] -- C:\Users\Alina\AppData\Roaming\Malwarebytes
[2012.04.11 16:01:50 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes' Anti-Malware
[2012.04.11 16:01:47 | 000,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes
[2012.04.11 16:01:44 | 000,022,344 | ---- | C] (Malwarebytes Corporation) -- C:\windows\System32\drivers\mbam.sys
[2012.04.11 16:01:43 | 000,000,000 | ---D | C] -- C:\Program Files\Malwarebytes' Anti-Malware
[2012.03.28 22:27:03 | 000,000,000 | ---D | C] -- C:\ProgramData\Sun
[2012.03.28 22:27:01 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Java
[2012.03.28 22:25:55 | 000,000,000 | ---D | C] -- C:\Program Files\Java
[2012.03.25 20:17:51 | 000,000,000 | ---D | C] -- C:\Users\Alina\Desktop\Ausflüge, Urlaub, etc
 
========== Files - Modified Within 30 Days ==========
 
[2012.04.13 00:35:47 | 000,593,920 | ---- | M] (OldTimer Tools) -- C:\Users\Alina\Desktop\OTL.exe
[2012.04.12 22:57:12 | 000,000,928 | ---- | M] () -- C:\windows\tasks\FacebookUpdateTaskUserS-1-5-21-172706901-155862144-3271113608-1000UA.job
[2012.04.12 22:57:12 | 000,000,906 | ---- | M] () -- C:\windows\tasks\FacebookUpdateTaskUserS-1-5-21-172706901-155862144-3271113608-1000Core.job
[2012.04.12 22:15:48 | 000,067,584 | --S- | M] () -- C:\windows\bootstat.dat
[2012.04.12 20:57:10 | 000,009,696 | -H-- | M] () -- C:\windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
[2012.04.12 20:57:10 | 000,009,696 | -H-- | M] () -- C:\windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
[2012.04.12 20:47:53 | 002,322,184 | ---- | M] (ESET) -- C:\Users\Alina\Desktop\esetsmartinstaller_enu.exe
[2012.04.12 19:09:26 | 000,654,610 | ---- | M] () -- C:\windows\System32\perfh007.dat
[2012.04.12 19:09:26 | 000,616,452 | ---- | M] () -- C:\windows\System32\perfh009.dat
[2012.04.12 19:09:26 | 000,130,192 | ---- | M] () -- C:\windows\System32\perfc007.dat
[2012.04.12 19:09:26 | 000,106,574 | ---- | M] () -- C:\windows\System32\perfc009.dat
[2012.04.12 16:59:06 | 797,581,312 | -HS- | M] () -- C:\hiberfil.sys
[2012.04.11 17:12:33 | 000,054,361 | ---- | M] () -- C:\Users\Alina\Desktop\run.jpg
[2012.04.11 16:01:51 | 000,001,067 | ---- | M] () -- C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
[2012.04.09 01:16:21 | 000,123,760 | ---- | M] () -- C:\Users\Alina\Documents\44444chan.jpg
[2012.04.09 01:16:21 | 000,007,837 | ---- | M] () -- C:\Users\Alina\.recently-used.xbel
[2012.04.09 01:15:39 | 000,108,438 | ---- | M] () -- C:\Users\Alina\Documents\4444chan.jpg
[2012.04.09 01:15:10 | 000,115,164 | ---- | M] () -- C:\Users\Alina\Documents\444chan.jpg
[2012.04.09 01:14:21 | 000,119,702 | ---- | M] () -- C:\Users\Alina\Documents\44chan.jpg
[2012.04.09 01:13:14 | 000,122,166 | ---- | M] () -- C:\Users\Alina\Documents\4chan.jpg
[2012.04.05 18:57:25 | 000,200,612 | ---- | M] () -- C:\Users\Alina\Desktop\tumblr_m1t2e5EthW1r2kjgmo1_500.jpg
[2012.04.04 15:56:40 | 000,022,344 | ---- | M] (Malwarebytes Corporation) -- C:\windows\System32\drivers\mbam.sys
[2012.03.14 07:54:26 | 000,001,191 | ---- | M] () -- C:\Users\Alina\Desktop\Führerschein Trainer.lnk
 
========== Files Created - No Company Name ==========
 
[2012.04.11 17:12:30 | 000,054,361 | ---- | C] () -- C:\Users\Alina\Desktop\run.jpg
[2012.04.11 16:01:51 | 000,001,067 | ---- | C] () -- C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
[2012.04.09 01:16:21 | 000,123,760 | ---- | C] () -- C:\Users\Alina\Documents\44444chan.jpg
[2012.04.09 01:16:21 | 000,007,837 | ---- | C] () -- C:\Users\Alina\.recently-used.xbel
[2012.04.09 01:15:39 | 000,108,438 | ---- | C] () -- C:\Users\Alina\Documents\4444chan.jpg
[2012.04.09 01:15:10 | 000,115,164 | ---- | C] () -- C:\Users\Alina\Documents\444chan.jpg
[2012.04.09 01:14:20 | 000,119,702 | ---- | C] () -- C:\Users\Alina\Documents\44chan.jpg
[2012.04.09 01:13:14 | 000,122,166 | ---- | C] () -- C:\Users\Alina\Documents\4chan.jpg
[2012.04.05 18:57:17 | 000,200,612 | ---- | C] () -- C:\Users\Alina\Desktop\tumblr_m1t2e5EthW1r2kjgmo1_500.jpg
[2011.11.05 15:28:49 | 000,015,873 | ---- | C] () -- C:\windows\System32\Inetde.dll
[2011.10.17 20:02:14 | 000,532,480 | ---- | C] () -- C:\windows\System32\CddbPlaylist2Sony.dll
[2011.10.17 16:59:34 | 000,006,144 | ---- | C] () -- C:\windows\System32\drivers\ASUSHWIO.SYS
[2011.10.17 16:44:52 | 000,004,692 | ---- | C] () -- C:\windows\System32\drivers\SamSfPa.dat
[2010.09.14 23:45:59 | 000,219,136 | ---- | C] () -- C:\windows\System32\AsusService.exe
[2010.09.14 23:45:59 | 000,025,616 | ---- | C] () -- C:\windows\AsAcpiSvrLang.ini
[2010.09.14 23:44:15 | 000,131,984 | ---- | C] () -- C:\ProgramData\FullRemove.exe
[2010.09.14 23:42:21 | 000,011,520 | ---- | C] () -- C:\windows\System32\drivers\AsUpIO.sys
[2010.09.14 23:41:27 | 000,000,702 | ---- | C] () -- C:\windows\Reboot.ini
[2010.09.14 23:27:44 | 000,013,931 | ---- | C] () -- C:\windows\System32\RaCoInst.dat
[2010.07.06 04:50:14 | 000,013,880 | ---- | C] ( ) -- C:\windows\System32\drivers\kbfiltr.sys
 
========== LOP Check ==========
 
[2011.12.08 17:05:48 | 000,000,000 | ---D | M] -- C:\Users\Alina\AppData\Roaming\Amazon
[2010.09.14 23:58:23 | 000,000,000 | ---D | M] -- C:\Users\Alina\AppData\Roaming\ASUS WebStorage
[2012.01.07 23:41:07 | 000,000,000 | ---D | M] -- C:\Users\Alina\AppData\Roaming\BOM
[2011.10.17 18:10:00 | 000,000,000 | ---D | M] -- C:\Users\Alina\AppData\Roaming\DVDVideoSoft
[2011.10.17 18:08:53 | 000,000,000 | ---D | M] -- C:\Users\Alina\AppData\Roaming\DVDVideoSoftIEHelpers
[2012.04.09 01:16:22 | 000,000,000 | ---D | M] -- C:\Users\Alina\AppData\Roaming\gtk-2.0
[2012.03.01 19:51:42 | 000,000,000 | ---D | M] -- C:\Users\Alina\AppData\Roaming\SoftGrid Client
[2011.12.15 16:37:08 | 000,000,000 | ---D | M] -- C:\Users\Alina\AppData\Roaming\TP
[2011.10.17 16:51:35 | 000,000,000 | ---D | M] -- C:\Users\Alina\AppData\Roaming\VoiceCommand
[2011.11.18 16:16:32 | 000,000,000 | ---D | M] -- C:\Users\Alina\AppData\Roaming\Windows Live Writer
[2010.09.14 23:58:23 | 000,000,000 | ---D | M] -- C:\Users\Default\AppData\Roaming\ASUS WebStorage
[2010.09.14 23:58:23 | 000,000,000 | ---D | M] -- C:\Users\Default User\AppData\Roaming\ASUS WebStorage
[2012.04.12 22:57:12 | 000,000,906 | ---- | M] () -- C:\windows\Tasks\FacebookUpdateTaskUserS-1-5-21-172706901-155862144-3271113608-1000Core.job
[2012.04.12 22:57:12 | 000,000,928 | ---- | M] () -- C:\windows\Tasks\FacebookUpdateTaskUserS-1-5-21-172706901-155862144-3271113608-1000UA.job
[2012.03.09 07:40:50 | 000,032,632 | ---- | M] () -- C:\windows\Tasks\SCHEDLGU.TXT
 
========== Purity Check ==========
 
 
 
========== Custom Scans ==========
 
< %ALLUSERSPROFILE%\Application Data\*. >
 
< %ALLUSERSPROFILE%\Application Data\*.exe /s >
 
< %APPDATA%\*. >
[2011.10.17 16:59:13 | 000,000,000 | ---D | M] -- C:\Users\Alina\AppData\Roaming\Adobe
[2011.12.08 17:05:48 | 000,000,000 | ---D | M] -- C:\Users\Alina\AppData\Roaming\Amazon
[2011.12.08 22:36:45 | 000,000,000 | ---D | M] -- C:\Users\Alina\AppData\Roaming\Apple Computer
[2010.09.14 23:58:23 | 000,000,000 | ---D | M] -- C:\Users\Alina\AppData\Roaming\ASUS WebStorage
[2011.10.22 18:58:55 | 000,000,000 | ---D | M] -- C:\Users\Alina\AppData\Roaming\Avira
[2012.01.07 23:41:07 | 000,000,000 | ---D | M] -- C:\Users\Alina\AppData\Roaming\BOM
[2011.10.17 18:10:00 | 000,000,000 | ---D | M] -- C:\Users\Alina\AppData\Roaming\DVDVideoSoft
[2011.10.17 18:08:53 | 000,000,000 | ---D | M] -- C:\Users\Alina\AppData\Roaming\DVDVideoSoftIEHelpers
[2012.04.09 01:16:22 | 000,000,000 | ---D | M] -- C:\Users\Alina\AppData\Roaming\gtk-2.0
[2009.07.14 06:54:12 | 000,000,000 | ---D | M] -- C:\Users\Alina\AppData\Roaming\Identities
[2010.09.14 23:25:29 | 000,000,000 | ---D | M] -- C:\Users\Alina\AppData\Roaming\InstallShield
[2010.09.14 23:42:05 | 000,000,000 | ---D | M] -- C:\Users\Alina\AppData\Roaming\Macromedia
[2012.04.11 16:02:04 | 000,000,000 | ---D | M] -- C:\Users\Alina\AppData\Roaming\Malwarebytes
[2012.02.04 14:30:59 | 000,000,000 | --SD | M] -- C:\Users\Alina\AppData\Roaming\Microsoft
[2011.10.17 17:32:05 | 000,000,000 | ---D | M] -- C:\Users\Alina\AppData\Roaming\Mozilla
[2012.03.28 00:49:16 | 000,000,000 | ---D | M] -- C:\Users\Alina\AppData\Roaming\Skype
[2012.03.01 19:51:42 | 000,000,000 | ---D | M] -- C:\Users\Alina\AppData\Roaming\SoftGrid Client
[2011.10.17 20:05:12 | 000,000,000 | ---D | M] -- C:\Users\Alina\AppData\Roaming\Sony Corporation
[2011.12.15 16:37:08 | 000,000,000 | ---D | M] -- C:\Users\Alina\AppData\Roaming\TP
[2011.10.17 16:51:35 | 000,000,000 | ---D | M] -- C:\Users\Alina\AppData\Roaming\VoiceCommand
[2011.11.18 16:16:32 | 000,000,000 | ---D | M] -- C:\Users\Alina\AppData\Roaming\Windows Live Writer
 
< %APPDATA%\*.exe /s >
[2010.09.14 23:42:03 | 000,038,784 | ---- | M] () -- C:\Users\Alina\AppData\Roaming\Macromedia\Flash Player\www.macromedia.com\bin\airappinstaller\airappinstaller.exe
[2011.12.31 21:45:11 | 003,763,360 | ---- | M] (Adobe Systems, Inc.) -- C:\Users\Alina\AppData\Roaming\Macromedia\Flash Player\www.macromedia.com\bin\fpupdatepl\fpupdatepl.exe
 
< %SYSTEMDRIVE%\*.exe >
 
< MD5 for: AGP440.SYS  >
[2009.07.14 03:26:15 | 000,053,312 | ---- | M] (Microsoft Corporation) MD5=507812C3054C21CEF746B6EE3D04DD6E -- C:\Windows\System32\drivers\AGP440.sys
[2009.07.14 03:26:15 | 000,053,312 | ---- | M] (Microsoft Corporation) MD5=507812C3054C21CEF746B6EE3D04DD6E -- C:\Windows\System32\DriverStore\FileRepository\machine.inf_x86_neutral_a97a2a0d0fbc6696\AGP440.sys
[2009.07.14 03:26:15 | 000,053,312 | ---- | M] (Microsoft Corporation) MD5=507812C3054C21CEF746B6EE3D04DD6E -- C:\Windows\winsxs\x86_machine.inf_31bf3856ad364e35_6.1.7600.16385_none_b9e9435f20046eeb\AGP440.sys
[2009.07.14 03:26:15 | 000,053,312 | ---- | M] (Microsoft Corporation) MD5=507812C3054C21CEF746B6EE3D04DD6E -- C:\Windows\winsxs\x86_machine.inf_31bf3856ad364e35_6.1.7601.17514_none_bc1a57271cf2f285\AGP440.sys
 
< MD5 for: ATAPI.SYS  >
[2009.07.14 03:26:15 | 000,021,584 | ---- | M] (Microsoft Corporation) MD5=338C86357871C167A96AB976519BF59E -- C:\Windows\System32\drivers\atapi.sys
[2009.07.14 03:26:15 | 000,021,584 | ---- | M] (Microsoft Corporation) MD5=338C86357871C167A96AB976519BF59E -- C:\Windows\System32\DriverStore\FileRepository\mshdc.inf_x86_neutral_fab873f3e8a3315c\atapi.sys
[2009.07.14 03:26:15 | 000,021,584 | ---- | M] (Microsoft Corporation) MD5=338C86357871C167A96AB976519BF59E -- C:\Windows\winsxs\x86_mshdc.inf_31bf3856ad364e35_6.1.7600.16385_none_dd0e7e3d82dd640d\atapi.sys
[2009.07.14 03:26:15 | 000,021,584 | ---- | M] (Microsoft Corporation) MD5=338C86357871C167A96AB976519BF59E -- C:\Windows\winsxs\x86_mshdc.inf_31bf3856ad364e35_6.1.7601.17514_none_df3f92057fcbe7a7\atapi.sys
 
< MD5 for: CNGAUDIT.DLL  >
[2009.07.14 03:15:06 | 000,012,288 | ---- | M] (Microsoft Corporation) MD5=50BA656134F78AF64E4DD3C8B6FEFD7E -- C:\Windows\System32\cngaudit.dll
[2009.07.14 03:15:06 | 000,012,288 | ---- | M] (Microsoft Corporation) MD5=50BA656134F78AF64E4DD3C8B6FEFD7E -- C:\Windows\winsxs\x86_microsoft-windows-cngaudit-dll_31bf3856ad364e35_6.1.7600.16385_none_e83a414890e8132b\cngaudit.dll
 
< MD5 for: IASTOR.SYS  >
[2009.06.05 03:54:36 | 000,408,600 | ---- | M] (Intel Corporation) MD5=1D004CB1DA6323B1F55CAEF7F94B61D9 -- C:\Program Files\Intel\Intel Matrix Storage Manager\driver64\IaStor.sys
[2009.06.05 03:43:16 | 000,330,264 | ---- | M] (Intel Corporation) MD5=D483687EACE0C065EE772481A96E05F5 -- C:\Program Files\Intel\Intel Matrix Storage Manager\driver\IaStor.sys
[2009.06.05 03:43:16 | 000,330,264 | ---- | M] (Intel Corporation) MD5=D483687EACE0C065EE772481A96E05F5 -- C:\Windows\System32\drivers\iaStor.sys
[2009.06.05 03:43:16 | 000,330,264 | ---- | M] (Intel Corporation) MD5=D483687EACE0C065EE772481A96E05F5 -- C:\Windows\System32\DriverStore\FileRepository\iaahci.inf_x86_neutral_c1f15fc3e546800a\iaStor.sys
 
< MD5 for: IASTORV.SYS  >
[2011.03.11 07:38:51 | 000,332,160 | ---- | M] (Intel Corporation) MD5=5CD5F9A5444E6CDCB0AC89BD62D8B76E -- C:\Windows\System32\drivers\iaStorV.sys
[2011.03.11 07:38:51 | 000,332,160 | ---- | M] (Intel Corporation) MD5=5CD5F9A5444E6CDCB0AC89BD62D8B76E -- C:\Windows\System32\DriverStore\FileRepository\iastorv.inf_x86_neutral_0bcee2057afcc090\iaStorV.sys
[2011.03.11 07:38:51 | 000,332,160 | ---- | M] (Intel Corporation) MD5=5CD5F9A5444E6CDCB0AC89BD62D8B76E -- C:\Windows\winsxs\x86_iastorv.inf_31bf3856ad364e35_6.1.7601.17577_none_b0daddb9e6380745\iaStorV.sys
[2011.03.11 07:43:55 | 000,332,160 | ---- | M] (Intel Corporation) MD5=71F1A494FEDF4B33C02C4A6A28D6D9E9 -- C:\Windows\winsxs\x86_iastorv.inf_31bf3856ad364e35_6.1.7600.16778_none_aef580fde910b4b0\iaStorV.sys
[2011.03.11 07:28:00 | 000,332,160 | ---- | M] (Intel Corporation) MD5=778D0E6D7D9EBA0C403BADBAAD41DB20 -- C:\Windows\winsxs\x86_iastorv.inf_31bf3856ad364e35_6.1.7601.21680_none_b152a892ff64119f\iaStorV.sys
[2009.07.14 03:20:36 | 000,332,352 | ---- | M] (Intel Corporation) MD5=934AF4D7C5F457B9F0743F4299B77B67 -- C:\Windows\winsxs\x86_iastorv.inf_31bf3856ad364e35_6.1.7600.16385_none_aee7a89be91b9000\iaStorV.sys
[2010.11.20 14:29:54 | 000,332,160 | ---- | M] (Intel Corporation) MD5=A3CAE5D281DB4CFF7CFF8233507EE5AD -- C:\Windows\System32\DriverStore\FileRepository\iastorv.inf_x86_neutral_668286aa35d55928\iaStorV.sys
[2010.11.20 14:29:54 | 000,332,160 | ---- | M] (Intel Corporation) MD5=A3CAE5D281DB4CFF7CFF8233507EE5AD -- C:\Windows\winsxs\x86_iastorv.inf_31bf3856ad364e35_6.1.7601.17514_none_b118bc63e60a139a\iaStorV.sys
[2011.03.11 07:52:21 | 000,332,160 | ---- | M] (Intel Corporation) MD5=B9039A34C2F8769490DCC494E2402445 -- C:\Windows\winsxs\x86_iastorv.inf_31bf3856ad364e35_6.1.7600.20921_none_afae2d45020c148b\iaStorV.sys
 
< MD5 for: NETLOGON.DLL  >
[2010.11.20 14:20:28 | 000,563,712 | ---- | M] (Microsoft Corporation) MD5=C1809B9907ADEDAF16F50C894100883B -- C:\Windows\System32\netlogon.dll
[2010.11.20 14:20:28 | 000,563,712 | ---- | M] (Microsoft Corporation) MD5=C1809B9907ADEDAF16F50C894100883B -- C:\Windows\winsxs\x86_microsoft-windows-security-netlogon_31bf3856ad364e35_6.1.7601.17514_none_ffbf212e963c0162\netlogon.dll
[2009.07.14 03:16:02 | 000,563,712 | ---- | M] (Microsoft Corporation) MD5=EAA75D9000B71F10EEC04D2AE6C60E81 -- C:\Windows\winsxs\x86_microsoft-windows-security-netlogon_31bf3856ad364e35_6.1.7600.16385_none_fd8e0d66994d7dc8\netlogon.dll
 
< MD5 for: NVSTOR.SYS  >
[2011.03.11 07:39:00 | 000,143,744 | ---- | M] (NVIDIA Corporation) MD5=4380E59A170D88C4F1022EFF6719A8A4 -- C:\Windows\System32\drivers\nvstor.sys
[2011.03.11 07:39:00 | 000,143,744 | ---- | M] (NVIDIA Corporation) MD5=4380E59A170D88C4F1022EFF6719A8A4 -- C:\Windows\System32\DriverStore\FileRepository\nvraid.inf_x86_neutral_0276fc3b3ea60d41\nvstor.sys
[2011.03.11 07:39:00 | 000,143,744 | ---- | M] (NVIDIA Corporation) MD5=4380E59A170D88C4F1022EFF6719A8A4 -- C:\Windows\winsxs\x86_nvraid.inf_31bf3856ad364e35_6.1.7601.17577_none_3ba44e691d6eb11d\nvstor.sys
[2011.03.11 07:44:01 | 000,143,744 | ---- | M] (NVIDIA Corporation) MD5=4520B63899E867F354EE012D34E11536 -- C:\Windows\winsxs\x86_nvraid.inf_31bf3856ad364e35_6.1.7600.16778_none_39bef1ad20475e88\nvstor.sys
[2011.03.11 07:28:10 | 000,143,744 | ---- | M] (NVIDIA Corporation) MD5=66D468654A58594F5F3BA63D5AD5B1AF -- C:\Windows\winsxs\x86_nvraid.inf_31bf3856ad364e35_6.1.7601.21680_none_3c1c1942369abb77\nvstor.sys
[2011.03.11 07:52:25 | 000,143,744 | ---- | M] (NVIDIA Corporation) MD5=8A7583A3B58D3EEB28BB26626526BC91 -- C:\Windows\winsxs\x86_nvraid.inf_31bf3856ad364e35_6.1.7600.20921_none_3a779df43942be63\nvstor.sys
[2010.11.20 14:30:06 | 000,143,744 | ---- | M] (NVIDIA Corporation) MD5=9283C58EBAA2618F93482EB5DABCEC82 -- C:\Windows\System32\DriverStore\FileRepository\nvraid.inf_x86_neutral_dd659ed032d28a14\nvstor.sys
[2010.11.20 14:30:06 | 000,143,744 | ---- | M] (NVIDIA Corporation) MD5=9283C58EBAA2618F93482EB5DABCEC82 -- C:\Windows\winsxs\x86_nvraid.inf_31bf3856ad364e35_6.1.7601.17514_none_3be22d131d40bd72\nvstor.sys
[2009.07.14 03:20:44 | 000,142,416 | ---- | M] (NVIDIA Corporation) MD5=C99F251A5DE63C6F129CF71933ACED0F -- C:\Windows\winsxs\x86_nvraid.inf_31bf3856ad364e35_6.1.7600.16385_none_39b1194b205239d8\nvstor.sys
 
< MD5 for: SCECLI.DLL  >
[2009.07.14 03:16:13 | 000,175,616 | ---- | M] (Microsoft Corporation) MD5=26073302DAEA83CC5B944C546D6B47D2 -- C:\Windows\winsxs\x86_microsoft-windows-s..urationengineclient_31bf3856ad364e35_6.1.7600.16385_none_37e4387f3a6f0483\scecli.dll
[2010.11.20 14:21:04 | 000,175,616 | ---- | M] (Microsoft Corporation) MD5=8124944EC89D6A1815E4E53F5B96AAF4 -- C:\Windows\System32\scecli.dll
[2010.11.20 14:21:04 | 000,175,616 | ---- | M] (Microsoft Corporation) MD5=8124944EC89D6A1815E4E53F5B96AAF4 -- C:\Windows\winsxs\x86_microsoft-windows-s..urationengineclient_31bf3856ad364e35_6.1.7601.17514_none_3a154c47375d881d\scecli.dll
 
< MD5 for: USER32.DLL  >
[2009.07.14 03:16:17 | 000,811,520 | ---- | M] (Microsoft Corporation) MD5=34B7E222E81FAFA885F0C5F2CFA56861 -- C:\Windows\winsxs\x86_microsoft-windows-user32_31bf3856ad364e35_6.1.7600.16385_none_cd0ec264ceb014a3\user32.dll
[2010.11.20 14:21:33 | 000,811,520 | ---- | M] (Microsoft Corporation) MD5=F1DD3ACAEE5E6B4BBC69BC6DF75CEF66 -- C:\Windows\System32\user32.dll
[2010.11.20 14:21:33 | 000,811,520 | ---- | M] (Microsoft Corporation) MD5=F1DD3ACAEE5E6B4BBC69BC6DF75CEF66 -- C:\Windows\winsxs\x86_microsoft-windows-user32_31bf3856ad364e35_6.1.7601.17514_none_cf3fd62ccb9e983d\user32.dll
 
< MD5 for: USERINIT.EXE  >
[2010.11.20 14:17:48 | 000,026,624 | ---- | M] (Microsoft Corporation) MD5=61AC3EFDFACFDD3F0F11DD4FD4044223 -- C:\Windows\System32\userinit.exe
[2010.11.20 14:17:48 | 000,026,624 | ---- | M] (Microsoft Corporation) MD5=61AC3EFDFACFDD3F0F11DD4FD4044223 -- C:\Windows\winsxs\x86_microsoft-windows-userinit_31bf3856ad364e35_6.1.7601.17514_none_de3024012ff21116\userinit.exe
[2009.07.14 03:14:43 | 000,026,112 | ---- | M] (Microsoft Corporation) MD5=6DE80F60D7DE9CE6B8C2DDFDF79EF175 -- C:\Windows\winsxs\x86_microsoft-windows-userinit_31bf3856ad364e35_6.1.7600.16385_none_dbff103933038d7c\userinit.exe
 
< MD5 for: WININIT.EXE  >
[2009.07.14 03:14:45 | 000,096,256 | ---- | M] (Microsoft Corporation) MD5=B5C5DCAD3899512020D135600129D665 -- C:\Windows\System32\wininit.exe
[2009.07.14 03:14:45 | 000,096,256 | ---- | M] (Microsoft Corporation) MD5=B5C5DCAD3899512020D135600129D665 -- C:\Windows\winsxs\x86_microsoft-windows-wininit_31bf3856ad364e35_6.1.7600.16385_none_30c90ef265a43c13\wininit.exe
 
< MD5 for: WINLOGON.EXE  >
[2012.04.04 15:56:38 | 000,199,240 | ---- | M] () MD5=097D0E812D7A9A3101CE46CB2BE0474D -- C:\Program Files\Malwarebytes' Anti-Malware\Chameleon\winlogon.exe
[2009.10.28 08:17:59 | 000,285,696 | ---- | M] (Microsoft Corporation) MD5=37CDB7E72EB66BA85A87CBE37E7F03FD -- C:\Windows\winsxs\x86_microsoft-windows-winlogon_31bf3856ad364e35_6.1.7600.16447_none_6fc699643622d177\winlogon.exe
[2009.10.28 07:52:08 | 000,285,696 | ---- | M] (Microsoft Corporation) MD5=3BABE6767C78FBF5FB8435FEED187F30 -- C:\Windows\winsxs\x86_microsoft-windows-winlogon_31bf3856ad364e35_6.1.7600.20560_none_703394514f56f7c2\winlogon.exe
[2010.11.20 14:17:54 | 000,286,720 | ---- | M] (Microsoft Corporation) MD5=6D13E1406F50C66E2A95D97F22C47560 -- C:\Windows\System32\winlogon.exe
[2010.11.20 14:17:54 | 000,286,720 | ---- | M] (Microsoft Corporation) MD5=6D13E1406F50C66E2A95D97F22C47560 -- C:\Windows\winsxs\x86_microsoft-windows-winlogon_31bf3856ad364e35_6.1.7601.17514_none_71ca6b0233339500\winlogon.exe
[2009.07.14 03:14:45 | 000,285,696 | ---- | M] (Microsoft Corporation) MD5=8EC6A4AB12B8F3759E21F8E3A388F2CF -- C:\Windows\winsxs\x86_microsoft-windows-winlogon_31bf3856ad364e35_6.1.7600.16385_none_6f99573a36451166\winlogon.exe
 
< MD5 for: WS2IFSL.SYS  >
[2009.07.14 01:55:02 | 000,016,384 | ---- | M] (Microsoft Corporation) MD5=6DB3276587B853BF886B69528FDB048C -- C:\Windows\System32\drivers\ws2ifsl.sys
[2009.07.14 01:55:02 | 000,016,384 | ---- | M] (Microsoft Corporation) MD5=6DB3276587B853BF886B69528FDB048C -- C:\Windows\winsxs\x86_microsoft-windows-w..rastructure-ws2ifsl_31bf3856ad364e35_6.1.7600.16385_none_4f5cf6f829213bb2\ws2ifsl.sys
 
< %systemroot%\system32\drivers\*.sys /lockedfiles >
 
< %systemroot%\System32\config\*.sav >
 
< %systemroot%\*. /mp /s >
 
< %systemroot%\system32\*.dll /lockedfiles >
 
========== Files - Unicode (All) ==========
[2011.10.17 16:59:26 | 000,000,059 | ---- | M] ()(C:\windows\System32\?A) -- C:\windows\System32\Ǎ
[2011.10.17 16:59:26 | 000,000,059 | ---- | C] ()(C:\windows\System32\?A) -- C:\windows\System32\Ǎ

< End of report >
--- --- ---

cosinus 13.04.2012 10:53
Mach einen OTL-Fix, beende alle evtl. geöffneten Programme, auch Virenscanner deaktivieren (!), starte OTL und kopiere folgenden Text in die "Custom Scan/Fixes" Box (unten in OTL): (das ":OTL" muss mitkopiert werden!!!)

Code:
:OTL
O2 - BHO: (Bing Bar Helper) - {d2ce3e00-f94a-4740-988e-03dc2f38c34f} - C:\Program Files\Microsoft\BingBar\BingExt.dll (Microsoft Corporation.)
O3 - HKLM\..\Toolbar: (Bing Bar) - {8dcb7100-df86-4384-8842-8fa844297b3f} - C:\Program Files\Microsoft\BingBar\BingExt.dll (Microsoft Corporation.)
O3 - HKLM\..\Toolbar: (no name) - Locked - No CLSID value found.
O3 - HKU\S-1-5-21-172706901-155862144-3271113608-1000\..\Toolbar\WebBrowser: (no name) - {21FA44EF-376D-4D53-9B0F-8A89D3229068} - No CLSID value found.
O4 - HKU\S-1-5-21-172706901-155862144-3271113608-1000..\Run: [Facebook Update] C:\Users\Alina\AppData\Local\Facebook\Update\FacebookUpdate.exe (Facebook Inc.)
O4 - HKU\S-1-5-21-172706901-155862144-3271113608-1000..\Run: [msnmsgr] "C:\Program Files\Windows Live\Messenger\msnmsgr.exe" /background File not found
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2009.06.10 23:42:20 | 000,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ]
O33 - MountPoints2\{d105af45-4f64-11e1-861a-74f06db258d4}\Shell - "" = AutoRun
O33 - MountPoints2\{d105af45-4f64-11e1-861a-74f06db258d4}\Shell\AutoRun\command - "" = E:\zdata\cobi.exe
:Commands
[purity]
[emptytemp]
[emptyflash]
[resethosts]
Klick dann oben links auf den Button Fix!
Das Logfile müsste geöffnet werden, wenn Du nach dem Fixen auf ok klickst, poste das bitte. Evtl. wird der Rechner neu gestartet.

Die mit diesem Script gefixten Einträge, Dateien und Ordner werden zur Sicherheit nicht vollständig gelöscht, es wird eine Sicherheitskopie auf der Systempartition im Ordner "_OTL" erstellt.

Hinweis: Das obige Script ist nur für diesen einen User in dieser Situtation erstellt worden. Es ist auf keinen anderen Rechner portierbar und darf nicht anderweitig verwandt werden, da es das System nachhaltig schädigen kann!

Eustace 13.04.2012 11:21
Virenscanner habe ich deaktiviert aber Firewall (wie beim ESET) muss ich nicht deaktivieren oder??
Und soll ich wieder auf "als Administrator ausführen klicken (wegen Win7)??

Dankeschön

Habs jetzt gemacht (mit Firewall, da ich denke, dass es da keinen EInfluss drauf hat und hab's so ausgeführt wie immer also mit Rechtsklick etc.)

Das kam dabei heraus
Ist alles wieder in Ordnung? Was genau hat das Programm jetzt gemacht? Kannst Du mir auch sagen wo das Problem war und wie ich es in Zukunft verhindern kann? Tausend Dank für Deine bisherige Hilfe!!!

Code:
All processes killed
========== OTL ==========
Registry key HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{d2ce3e00-f94a-4740-988e-03dc2f38c34f}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{d2ce3e00-f94a-4740-988e-03dc2f38c34f}\ deleted successfully.
C:\Program Files\Microsoft\BingBar\BingExt.dll moved successfully.
Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Toolbar\\{8dcb7100-df86-4384-8842-8fa844297b3f} deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{8dcb7100-df86-4384-8842-8fa844297b3f}\ deleted successfully.
File C:\Program Files\Microsoft\BingBar\BingExt.dll not found.
Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Toolbar\\Locked deleted successfully.
Registry value HKEY_USERS\S-1-5-21-172706901-155862144-3271113608-1000\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\\{21FA44EF-376D-4D53-9B0F-8A89D3229068} deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{21FA44EF-376D-4D53-9B0F-8A89D3229068}\ not found.
Registry value HKEY_USERS\S-1-5-21-172706901-155862144-3271113608-1000\Software\Microsoft\Windows\CurrentVersion\Run\\Facebook Update deleted successfully.
C:\Users\Alina\AppData\Local\Facebook\Update\FacebookUpdate.exe moved successfully.
Registry value HKEY_USERS\S-1-5-21-172706901-155862144-3271113608-1000\Software\Microsoft\Windows\CurrentVersion\Run\\msnmsgr deleted successfully.
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Cdrom\\AutoRun|DWORD:1 /E : value set successfully!
C:\autoexec.bat moved successfully.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{d105af45-4f64-11e1-861a-74f06db258d4}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{d105af45-4f64-11e1-861a-74f06db258d4}\ not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{d105af45-4f64-11e1-861a-74f06db258d4}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{d105af45-4f64-11e1-861a-74f06db258d4}\ not found.
File E:\zdata\cobi.exe not found.
========== COMMANDS ==========
 
[EMPTYTEMP]
 
User: Alina
->Temp folder emptied: 341675682 bytes
->Temporary Internet Files folder emptied: 237119474 bytes
->Java cache emptied: 309534 bytes
->FireFox cache emptied: 1009369267 bytes
->Flash cache emptied: 3882072 bytes
 
User: All Users
 
User: Default
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 33170 bytes
->Flash cache emptied: 321 bytes
 
User: Default User
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
->Flash cache emptied: 0 bytes
 
User: Public
 
%systemdrive% .tmp files removed: 0 bytes
%systemroot% .tmp files removed: 0 bytes
%systemroot%\System32 .tmp files removed: 0 bytes
%systemroot%\System32\drivers .tmp files removed: 0 bytes
Windows Temp folder emptied: 371999624 bytes
RecycleBin emptied: 21571817 bytes
 
Total Files Cleaned = 1.894,00 mb
 
 
[EMPTYFLASH]
 
User: Alina
->Flash cache emptied: 0 bytes
 
User: All Users
 
User: Default
->Flash cache emptied: 0 bytes
 
User: Default User
->Flash cache emptied: 0 bytes
 
User: Public
 
Total Flash Files Cleaned = 0,00 mb
 
C:\windows\System32\drivers\etc\Hosts moved successfully.
HOSTS file reset successfully
 
OTL by OldTimer - Version 3.2.39.2 log created on 04132012_125855

Files\Folders moved on Reboot...
C:\windows\temp\HS.log moved successfully.

Registry entries deleted on Reboot...

cosinus 13.04.2012 15:29
Bitte nun (im normalen Windows-Modus) dieses Tool von Kaspersky (TDSS-Killer) ausführen und das Log posten, Anleitung und Downloadlink hier => http://www.trojaner-board.de/82358-t...entfernen.html

Hinweis: Bitte den Virenscanner abstellen bevor du den TDSS-Killer ausführst, denn v.a. Avira meldet im TDSS-Tool oft einen Fehalalrm!

Das Tool so einstellen wie unten im Bild angegeben - klick auf change parameters und setze die Haken wie im folgenden Screenshot abgebildet,
Dann auf Start Scan klicken und wenn es durch ist auf den Button Report klicken um das Log anzuzeigen. Dieses bitte komplett posten.
Wenn du das Log nicht findest oder den Inhalt kopieren und in dein Posting übertragen kannst, dann schau bitte direkt auf deiner Windows-Systempartition (meistens Laufwerk C:) nach, da speichert der TDSS-Killer seine Logs.

Hinweis: Bitte nichts voreilig mit dem TDSS-Killer löschen! Falls Objekte vom TDSS-Killer bemängelt werden, alle mit der Aktion "skip" behandeln und hier nur das Log posten!

http://saved.im/mtkwmtcxexhp/setting...8_16-25-18.jpg

Eustace 13.04.2012 18:25
Also ich habe jetzt nichts gelöscht

Code:
19:17:30.0754 5592        TDSS rootkit removing tool 2.7.28.0 Apr 10 2012 16:54:05
19:17:30.0910 5592        ============================================================
19:17:30.0910 5592        Current date / time: 2012/04/13 19:17:30.0910
19:17:30.0910 5592        SystemInfo:
19:17:30.0910 5592       
19:17:30.0910 5592        OS Version: 6.1.7601 ServicePack: 1.0
19:17:30.0910 5592        Product type: Workstation
19:17:30.0910 5592        ComputerName: ALINA-PC
19:17:30.0910 5592        UserName: Alina
19:17:30.0910 5592        Windows directory: C:\windows
19:17:30.0910 5592        System windows directory: C:\windows
19:17:30.0910 5592        Processor architecture: Intel x86
19:17:30.0910 5592        Number of processors: 4
19:17:30.0910 5592        Page size: 0x1000
19:17:30.0910 5592        Boot type: Normal boot
19:17:30.0910 5592        ============================================================
19:17:31.0877 5592        Drive \Device\Harddisk0\DR0 - Size: 0x3A38B2E000 (232.89 Gb), SectorSize: 0x200, Cylinders: 0x76C1, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000050
19:17:31.0892 5592        \Device\Harddisk0\DR0:
19:17:31.0892 5592        MBR used
19:17:31.0892 5592        \Device\Harddisk0\DR0\Partition0: MBR, Type 0x7, StartLBA 0x800, BlocksNum 0xC800000
19:17:31.0892 5592        \Device\Harddisk0\DR0\Partition1: MBR, Type 0x7, StartLBA 0xE600800, BlocksNum 0xEBBB000
19:17:31.0970 5592        Initialize success
19:17:31.0970 5592        ============================================================
19:17:39.0740 5640        ============================================================
19:17:39.0740 5640        Scan started
19:17:39.0740 5640        Mode: Manual; SigCheck; TDLFS;
19:17:39.0740 5640        ============================================================
19:17:41.0612 5640        1394ohci        (1b133875b8aa8ac48969bd3458afe9f5) C:\windows\system32\drivers\1394ohci.sys
19:17:41.0924 5640        1394ohci - ok
19:17:42.0080 5640        ACPI            (cea80c80bed809aa0da6febc04733349) C:\windows\system32\drivers\ACPI.sys
19:17:42.0174 5640        ACPI - ok
19:17:42.0252 5640        AcpiPmi        (1efbc664abff416d1d07db115dcb264f) C:\windows\system32\drivers\acpipmi.sys
19:17:42.0345 5640        AcpiPmi - ok
19:17:42.0486 5640        adp94xx        (21e785ebd7dc90a06391141aac7892fb) C:\windows\system32\DRIVERS\adp94xx.sys
19:17:42.0579 5640        adp94xx - ok
19:17:42.0720 5640        adpahci        (0c676bc278d5b59ff5abd57bbe9123f2) C:\windows\system32\DRIVERS\adpahci.sys
19:17:42.0767 5640        adpahci - ok
19:17:42.0813 5640        adpu320        (7c7b5ee4b7b822ec85321fe23a27db33) C:\windows\system32\DRIVERS\adpu320.sys
19:17:42.0860 5640        adpu320 - ok
19:17:42.0923 5640        AeLookupSvc    (8b5eefeec1e6d1a72a06c526628ad161) C:\windows\System32\aelupsvc.dll
19:17:43.0001 5640        AeLookupSvc - ok
19:17:43.0079 5640        AFD            (9ebbba55060f786f0fcaa3893bfa2806) C:\windows\system32\drivers\afd.sys
19:17:43.0172 5640        AFD - ok
19:17:43.0250 5640        agp440          (507812c3054c21cef746b6ee3d04dd6e) C:\windows\system32\drivers\agp440.sys
19:17:43.0297 5640        agp440 - ok
19:17:43.0375 5640        aic78xx        (8b30250d573a8f6b4bd23195160d8707) C:\windows\system32\DRIVERS\djsvs.sys
19:17:43.0422 5640        aic78xx - ok
19:17:43.0500 5640        ALG            (18a54e132947cd98fea9accc57f98f13) C:\windows\System32\alg.exe
19:17:43.0578 5640        ALG - ok
19:17:43.0640 5640        aliide          (0d40bcf52ea90fc7df2aeab6503dea44) C:\windows\system32\drivers\aliide.sys
19:17:43.0687 5640        aliide - ok
19:17:43.0718 5640        amdagp          (3c6600a0696e90a463771c7422e23ab5) C:\windows\system32\drivers\amdagp.sys
19:17:43.0765 5640        amdagp - ok
19:17:43.0812 5640        amdide          (cd5914170297126b6266860198d1d4f0) C:\windows\system32\drivers\amdide.sys
19:17:43.0843 5640        amdide - ok
19:17:43.0937 5640        AmdK8          (00dda200d71bac534bf56a9db5dfd666) C:\windows\system32\DRIVERS\amdk8.sys
19:17:44.0030 5640        AmdK8 - ok
19:17:44.0108 5640        AmdPPM          (3cbf30f5370fda40dd3e87df38ea53b6) C:\windows\system32\DRIVERS\amdppm.sys
19:17:44.0171 5640        AmdPPM - ok
19:17:44.0249 5640        amdsata        (d320bf87125326f996d4904fe24300fc) C:\windows\system32\drivers\amdsata.sys
19:17:44.0295 5640        amdsata - ok
19:17:44.0373 5640        amdsbs          (ea43af0c423ff267355f74e7a53bdaba) C:\windows\system32\DRIVERS\amdsbs.sys
19:17:44.0420 5640        amdsbs - ok
19:17:44.0514 5640        amdxata        (46387fb17b086d16dea267d5be23a2f2) C:\windows\system32\drivers\amdxata.sys
19:17:44.0561 5640        amdxata - ok
19:17:44.0670 5640        AntiVirSchedulerService (a122d68ea2541453f787f341877cb40b) C:\Program Files\Avira\AntiVir Desktop\sched.exe
19:17:44.0701 5640        AntiVirSchedulerService - ok
19:17:44.0763 5640        AntiVirService  (2fe359edeb34efcf42574752f8aebd3f) C:\Program Files\Avira\AntiVir Desktop\avguard.exe
19:17:44.0795 5640        AntiVirService - ok
19:17:44.0919 5640        AppID          (aea177f783e20150ace5383ee368da19) C:\windows\system32\drivers\appid.sys
19:17:45.0091 5640        AppID - ok
19:17:45.0169 5640        AppIDSvc        (62a9c86cb6085e20db4823e4e97826f5) C:\windows\System32\appidsvc.dll
19:17:45.0294 5640        AppIDSvc - ok
19:17:45.0341 5640        Appinfo        (fb1959012294d6ad43e5304df65e3c26) C:\windows\System32\appinfo.dll
19:17:45.0465 5640        Appinfo - ok
19:17:45.0559 5640        Apple Mobile Device (3debbecf665dcdde3a95d9b902010817) C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
19:17:45.0590 5640        Apple Mobile Device - ok
19:17:45.0699 5640        arc            (2932004f49677bd84dbc72edb754ffb3) C:\windows\system32\DRIVERS\arc.sys
19:17:45.0731 5640        arc - ok
19:17:45.0762 5640        arcsas          (5d6f36c46fd283ae1b57bd2e9feb0bc7) C:\windows\system32\DRIVERS\arcsas.sys
19:17:45.0793 5640        arcsas - ok
19:17:45.0855 5640        AsUpIO          (561d6b76c045311691b870f6b3f19eab) C:\windows\system32\drivers\AsUpIO.sys
19:17:45.0933 5640        AsUpIO - ok
19:17:45.0980 5640        AsusService    (c4fb2613d3c75364bb159b9c23a00e7a) C:\Windows\System32\AsusService.exe
19:17:46.0011 5640        AsusService ( UnsignedFile.Multi.Generic ) - warning
19:17:46.0011 5640        AsusService - detected UnsignedFile.Multi.Generic (1)
19:17:46.0074 5640        AsyncMac        (add2ade1c2b285ab8378d2daaf991481) C:\windows\system32\DRIVERS\asyncmac.sys
19:17:46.0230 5640        AsyncMac - ok
19:17:46.0339 5640        atapi          (338c86357871c167a96ab976519bf59e) C:\windows\system32\drivers\atapi.sys
19:17:46.0386 5640        atapi - ok
19:17:46.0464 5640        athr            (b01751cc563aecac09bbe36aaa21fbef) C:\windows\system32\DRIVERS\athr.sys
19:17:46.0604 5640        athr - ok
19:17:46.0729 5640        AudioEndpointBuilder (ce3b4e731638d2ef62fcb419be0d39f0) C:\windows\System32\Audiosrv.dll
19:17:46.0916 5640        AudioEndpointBuilder - ok
19:17:46.0947 5640        Audiosrv        (ce3b4e731638d2ef62fcb419be0d39f0) C:\windows\System32\Audiosrv.dll
19:17:47.0119 5640        Audiosrv - ok
19:17:47.0228 5640        avgntflt        (7713e4eb0276702faa08e52a6e23f2a6) C:\windows\system32\DRIVERS\avgntflt.sys
19:17:47.0275 5640        avgntflt - ok
19:17:47.0322 5640        avipbb          (13b02b9b969dde270cd7c351203dad3c) C:\windows\system32\DRIVERS\avipbb.sys
19:17:47.0369 5640        avipbb - ok
19:17:47.0384 5640        avkmgr          (271cfd1a989209b1964e24d969552bf7) C:\windows\system32\DRIVERS\avkmgr.sys
19:17:47.0431 5640        avkmgr - ok
19:17:47.0478 5640        AxInstSV        (6e30d02aac9cac84f421622e3a2f6178) C:\windows\System32\AxInstSV.dll
19:17:47.0587 5640        AxInstSV - ok
19:17:47.0649 5640        b06bdrv        (1a231abec60fd316ec54c66715543cec) C:\windows\system32\DRIVERS\bxvbdx.sys
19:17:47.0712 5640        b06bdrv - ok
19:17:47.0805 5640        b57nd60x        (bd8869eb9cde6bbe4508d869929869ee) C:\windows\system32\DRIVERS\b57nd60x.sys
19:17:47.0868 5640        b57nd60x - ok
19:17:48.0008 5640        BBSvc          (0d1ea7509f394d8b705b239ee71f5118) C:\Program Files\Microsoft\BingBar\BBSvc.EXE
19:17:48.0071 5640        BBSvc - ok
19:17:48.0149 5640        BDESVC          (ee1e9c3bb8228ae423dd38db69128e71) C:\windows\System32\bdesvc.dll
19:17:48.0258 5640        BDESVC - ok
19:17:48.0367 5640        Beep            (505506526a9d467307b3c393dedaf858) C:\windows\system32\drivers\Beep.sys
19:17:48.0461 5640        Beep - ok
19:17:48.0539 5640        BFE            (1e2bac209d184bb851e1a187d8a29136) C:\windows\System32\bfe.dll
19:17:48.0679 5640        BFE - ok
19:17:48.0788 5640        BITS            (e585445d5021971fae10393f0f1c3961) C:\windows\System32\qmgr.dll
19:17:48.0960 5640        BITS - ok
19:17:49.0022 5640        blbdrive        (2287078ed48fcfc477b05b20cf38f36f) C:\windows\system32\DRIVERS\blbdrive.sys
19:17:49.0085 5640        blbdrive - ok
19:17:49.0163 5640        Bonjour Service (db5bea73edaf19ac68b2c0fad0f92b1a) C:\Program Files\Bonjour\mDNSResponder.exe
19:17:49.0225 5640        Bonjour Service - ok
19:17:49.0350 5640        bowser          (8f2da3028d5fcbd1a060a3de64cd6506) C:\windows\system32\DRIVERS\bowser.sys
19:17:49.0412 5640        bowser - ok
19:17:49.0443 5640        BrFiltLo        (9f9acc7f7ccde8a15c282d3f88b43309) C:\windows\system32\DRIVERS\BrFiltLo.sys
19:17:49.0537 5640        BrFiltLo - ok
19:17:49.0584 5640        BrFiltUp        (56801ad62213a41f6497f96dee83755a) C:\windows\system32\DRIVERS\BrFiltUp.sys
19:17:49.0677 5640        BrFiltUp - ok
19:17:49.0771 5640        Browser        (6e11f33d14d020f58d5e02e4d67dfa19) C:\windows\System32\browser.dll
19:17:49.0896 5640        Browser - ok
19:17:49.0974 5640        Brserid        (845b8ce732e67f3b4133164868c666ea) C:\windows\System32\Drivers\Brserid.sys
19:17:50.0036 5640        Brserid - ok
19:17:50.0052 5640        BrSerWdm        (203f0b1e73adadbbb7b7b1fabd901f6b) C:\windows\System32\Drivers\BrSerWdm.sys
19:17:50.0145 5640        BrSerWdm - ok
19:17:50.0161 5640        BrUsbMdm        (bd456606156ba17e60a04e18016ae54b) C:\windows\System32\Drivers\BrUsbMdm.sys
19:17:50.0208 5640        BrUsbMdm - ok
19:17:50.0239 5640        BrUsbSer        (af72ed54503f717a43268b3cc5faec2e) C:\windows\System32\Drivers\BrUsbSer.sys
19:17:50.0333 5640        BrUsbSer - ok
19:17:50.0457 5640        BthEnum        (2865a5c8e98c70c605f417908cebb3a4) C:\windows\system32\drivers\BthEnum.sys
19:17:50.0551 5640        BthEnum - ok
19:17:50.0613 5640        BTHMODEM        (ed3df7c56ce0084eb2034432fc56565a) C:\windows\system32\DRIVERS\bthmodem.sys
19:17:50.0676 5640        BTHMODEM - ok
19:17:50.0785 5640        BthPan          (ad1872e5829e8a2c3b5b4b641c3eab0e) C:\windows\system32\DRIVERS\bthpan.sys
19:17:50.0847 5640        BthPan - ok
19:17:51.0003 5640        BTHPORT        (c2fbf6d271d9a94d839c416bf186ead9) C:\windows\System32\Drivers\BTHport.sys
19:17:51.0081 5640        BTHPORT - ok
19:17:51.0206 5640        bthserv        (1df19c96eef6c29d1c3e1a8678e07190) C:\windows\system32\bthserv.dll
19:17:51.0331 5640        bthserv - ok
19:17:51.0409 5640        BTHUSB          (c81e9413a25a439f436b1d4b6a0cf9e9) C:\windows\System32\Drivers\BTHUSB.sys
19:17:51.0456 5640        BTHUSB - ok
19:17:51.0565 5640        btusbflt        (92c5b845803f3662637eb691ac0b250f) C:\windows\system32\drivers\btusbflt.sys
19:17:51.0596 5640        btusbflt - ok
19:17:51.0705 5640        btwaudio        (d57d29132efe13a83133d9bd449e0cf1) C:\windows\system32\drivers\btwaudio.sys
19:17:51.0737 5640        btwaudio - ok
19:17:51.0783 5640        btwavdt        (d282c14a69357d0e1bafaecc2ca98c3a) C:\windows\system32\drivers\btwavdt.sys
19:17:51.0815 5640        btwavdt - ok
19:17:51.0924 5640        btwdins        (13f2e3bf60fc1eb4e02912582c0b1e3e) C:\Program Files\WIDCOMM\Bluetooth Software\btwdins.exe
19:17:52.0033 5640        btwdins - ok
19:17:52.0142 5640        btwl2cap        (aafd7cb76ba61fbb08e302da208c974a) C:\windows\system32\DRIVERS\btwl2cap.sys
19:17:52.0158 5640        btwl2cap - ok
19:17:52.0220 5640        btwrchid        (02eb4d2b05967df2d32f29c84ab1fb17) C:\windows\system32\DRIVERS\btwrchid.sys
19:17:52.0251 5640        btwrchid - ok
19:17:52.0314 5640        cdfs            (77ea11b065e0a8ab902d78145ca51e10) C:\windows\system32\DRIVERS\cdfs.sys
19:17:52.0439 5640        cdfs - ok
19:17:52.0532 5640        cdrom          (be167ed0fdb9c1fa1133953c18d5a6c9) C:\windows\system32\DRIVERS\cdrom.sys
19:17:52.0626 5640        cdrom - ok
19:17:52.0704 5640        CertPropSvc    (319c6b309773d063541d01df8ac6f55f) C:\windows\System32\certprop.dll
19:17:52.0829 5640        CertPropSvc - ok
19:17:52.0891 5640        circlass        (3fe3fe94a34df6fb06e6418d0f6a0060) C:\windows\system32\DRIVERS\circlass.sys
19:17:52.0969 5640        circlass - ok
19:17:53.0000 5640        CLFS            (635181e0e9bbf16871bf5380d71db02d) C:\windows\system32\CLFS.sys
19:17:53.0078 5640        CLFS - ok
19:17:53.0156 5640        clr_optimization_v2.0.50727_32 (d88040f816fda31c3b466f0fa0918f29) C:\windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe
19:17:53.0203 5640        clr_optimization_v2.0.50727_32 - ok
19:17:53.0297 5640        clr_optimization_v4.0.30319_32 (c5a75eb48e2344abdc162bda79e16841) C:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe
19:17:53.0359 5640        clr_optimization_v4.0.30319_32 - ok
19:17:53.0453 5640        CmBatt          (dea805815e587dad1dd2c502220b5616) C:\windows\system32\DRIVERS\CmBatt.sys
19:17:53.0546 5640        CmBatt - ok
19:17:53.0577 5640        cmdide          (c537b1db64d495b9b4717b4d6d9edbf2) C:\windows\system32\drivers\cmdide.sys
19:17:53.0640 5640        cmdide - ok
19:17:53.0687 5640        CNG            (6427525d76f61d0c519b008d3680e8e7) C:\windows\system32\Drivers\cng.sys
19:17:53.0811 5640        CNG - ok
19:17:53.0858 5640        Compbatt        (a6023d3823c37043986713f118a89bee) C:\windows\system32\DRIVERS\compbatt.sys
19:17:53.0905 5640        Compbatt - ok
19:17:54.0030 5640        CompositeBus    (cbe8c58a8579cfe5fccf809e6f114e89) C:\windows\system32\drivers\CompositeBus.sys
19:17:54.0092 5640        CompositeBus - ok
19:17:54.0108 5640        COMSysApp - ok
19:17:54.0170 5640        crcdisk        (2c4ebcfc84a9b44f209dff6c6e6c61d1) C:\windows\system32\DRIVERS\crcdisk.sys
19:17:54.0217 5640        crcdisk - ok
19:17:54.0279 5640        CryptSvc        (a585bebf7d054bd9618eda0922d5484a) C:\windows\system32\cryptsvc.dll
19:17:54.0404 5640        CryptSvc - ok
19:17:54.0529 5640        cvhsvc          (72794d112cbaff3bc0c29bf7350d4741) C:\Program Files\Common Files\Microsoft Shared\Virtualization Handler\CVHSVC.EXE
19:17:54.0638 5640        cvhsvc - ok
19:17:54.0747 5640        DcomLaunch      (7660f01d3b38aca1747e397d21d790af) C:\windows\system32\rpcss.dll
19:17:54.0919 5640        DcomLaunch - ok
19:17:54.0997 5640        defragsvc      (8d6e10a2d9a5eed59562d9b82cf804e1) C:\windows\System32\defragsvc.dll
19:17:55.0122 5640        defragsvc - ok
19:17:55.0231 5640        DfsC            (f024449c97ec1e464aaffda18593db88) C:\windows\system32\Drivers\dfsc.sys
19:17:55.0325 5640        DfsC - ok
19:17:55.0387 5640        Dhcp            (e9e01eb683c132f7fa27cd607b8a2b63) C:\windows\system32\dhcpcore.dll
19:17:55.0527 5640        Dhcp - ok
19:17:55.0621 5640        discache        (1a050b0274bfb3890703d490f330c0da) C:\windows\system32\drivers\discache.sys
19:17:55.0746 5640        discache - ok
19:17:55.0793 5640        Disk            (565003f326f99802e68ca78f2a68e9ff) C:\windows\system32\DRIVERS\disk.sys
19:17:55.0855 5640        Disk - ok
19:17:55.0902 5640        Dnscache        (33ef4861f19a0736b11314aad9ae28d0) C:\windows\System32\dnsrslvr.dll
19:17:55.0995 5640        Dnscache - ok
19:17:56.0058 5640        dot3svc        (366ba8fb4b7bb7435e3b9eacb3843f67) C:\windows\System32\dot3svc.dll
19:17:56.0183 5640        dot3svc - ok
19:17:56.0229 5640        DPS            (8ec04ca86f1d68da9e11952eb85973d6) C:\windows\system32\dps.dll
19:17:56.0354 5640        DPS - ok
19:17:56.0479 5640        drmkaud        (b918e7c5f9bf77202f89e1a9539f2eb4) C:\windows\system32\drivers\drmkaud.sys
19:17:56.0557 5640        drmkaud - ok
19:17:56.0760 5640        DXGKrnl        (23f5d28378a160352ba8f817bd8c71cb) C:\windows\System32\drivers\dxgkrnl.sys
19:17:56.0885 5640        DXGKrnl - ok
19:17:56.0994 5640        EapHost        (8600142fa91c1b96367d3300ad0f3f3a) C:\windows\System32\eapsvc.dll
19:17:57.0197 5640        EapHost - ok
19:17:57.0399 5640        ebdrv          (024e1b5cac09731e4d868e64dbfb4ab0) C:\windows\system32\DRIVERS\evbdx.sys
19:17:57.0743 5640        ebdrv - ok
19:17:57.0789 5640        EFS            (81951f51e318aecc2d68559e47485cc4) C:\windows\System32\lsass.exe
19:17:57.0883 5640        EFS - ok
19:17:58.0008 5640        elxstor        (0ed67910c8c326796faa00b2bf6d9d3c) C:\windows\system32\DRIVERS\elxstor.sys
19:17:58.0070 5640        elxstor - ok
19:17:58.0101 5640        ErrDev          (8fc3208352dd3912c94367a206ab3f11) C:\windows\system32\drivers\errdev.sys
19:17:58.0195 5640        ErrDev - ok
19:17:58.0382 5640        EventSystem    (f6916efc29d9953d5d0df06882ae8e16) C:\windows\system32\es.dll
19:17:58.0554 5640        EventSystem - ok
19:17:58.0632 5640        exfat          (2dc9108d74081149cc8b651d3a26207f) C:\windows\system32\drivers\exfat.sys
19:17:58.0772 5640        exfat - ok
19:17:58.0850 5640        fastfat        (7e0ab74553476622fb6ae36f73d97d35) C:\windows\system32\drivers\fastfat.sys
19:17:58.0975 5640        fastfat - ok
19:17:59.0069 5640        Fax            (967ea5b213e9984cbe270205df37755b) C:\windows\system32\fxssvc.exe
19:17:59.0162 5640        Fax - ok
19:17:59.0334 5640        fdc            (e817a017f82df2a1f8cfdbda29388b29) C:\windows\system32\DRIVERS\fdc.sys
19:17:59.0412 5640        fdc - ok
19:17:59.0600 5640        fdPHost        (f3222c893bd2f5821a0179e5c71e88fb) C:\windows\system32\fdPHost.dll
19:17:59.0740 5640        fdPHost - ok
19:17:59.0787 5640        FDResPub        (7dbe8cbfe79efbdeb98c9fb08d3a9a5b) C:\windows\system32\fdrespub.dll
19:17:59.0943 5640        FDResPub - ok
19:18:00.0037 5640        FileInfo        (6cf00369c97f3cf563be99be983d13d8) C:\windows\system32\drivers\fileinfo.sys
19:18:00.0084 5640        FileInfo - ok
19:18:00.0115 5640        Filetrace      (42c51dc94c91da21cb9196eb64c45db9) C:\windows\system32\drivers\filetrace.sys
19:18:00.0224 5640        Filetrace - ok
19:18:00.0240 5640        flpydisk        (87907aa70cb3c56600f1c2fb8841579b) C:\windows\system32\DRIVERS\flpydisk.sys
19:18:00.0302 5640        flpydisk - ok
19:18:00.0411 5640        FltMgr          (7520ec808e0c35e0ee6f841294316653) C:\windows\system32\drivers\fltmgr.sys
19:18:00.0458 5640        FltMgr - ok
19:18:00.0552 5640        FontCache      (fa6c66e4364d7da57aade5dcc03bb999) C:\windows\system32\FntCache.dll
19:18:00.0754 5640        FontCache - ok
19:18:00.0864 5640        FontCache3.0.0.0 (e56f39f6b7fda0ac77a79b0fd3de1a2f) C:\windows\Microsoft.Net\Framework\v3.0\WPF\PresentationFontCache.exe
19:18:00.0926 5640        FontCache3.0.0.0 - ok
19:18:01.0051 5640        FsDepends      (1a16b57943853e598cff37fe2b8cbf1d) C:\windows\system32\drivers\FsDepends.sys
19:18:01.0113 5640        FsDepends - ok
19:18:01.0160 5640        Fs_Rec          (7dae5ebcc80e45d3253f4923dc424d05) C:\windows\system32\drivers\Fs_Rec.sys
19:18:01.0254 5640        Fs_Rec - ok
19:18:01.0363 5640        fvevol          (8a73e79089b282100b9393b644cb853b) C:\windows\system32\DRIVERS\fvevol.sys
19:18:01.0425 5640        fvevol - ok
19:18:01.0519 5640        gagp30kx        (65ee0c7a58b65e74ae05637418153938) C:\windows\system32\DRIVERS\gagp30kx.sys
19:18:01.0566 5640        gagp30kx - ok
19:18:01.0628 5640        GEARAspiWDM    (8182ff89c65e4d38b2de4bb0fb18564e) C:\windows\system32\DRIVERS\GEARAspiWDM.sys
19:18:01.0659 5640        GEARAspiWDM - ok
19:18:01.0737 5640        gpsvc          (e897eaf5ed6ba41e081060c9b447a673) C:\windows\System32\gpsvc.dll
19:18:01.0862 5640        gpsvc - ok
19:18:01.0924 5640        hcw85cir        (c44e3c2bab6837db337ddee7544736db) C:\windows\system32\drivers\hcw85cir.sys
19:18:01.0987 5640        hcw85cir - ok
19:18:02.0096 5640        HdAudAddService (a5ef29d5315111c80a5c1abad14c8972) C:\windows\system32\drivers\HdAudio.sys
19:18:02.0190 5640        HdAudAddService - ok
19:18:02.0299 5640        HDAudBus        (9036377b8a6c15dc2eec53e489d159b5) C:\windows\system32\drivers\HDAudBus.sys
19:18:02.0392 5640        HDAudBus - ok
19:18:02.0424 5640        HidBatt        (1d58a7f3e11a9731d0eaaaa8405acc36) C:\windows\system32\DRIVERS\HidBatt.sys
19:18:02.0470 5640        HidBatt - ok
19:18:02.0502 5640        HidBth          (89448f40e6df260c206a193a4683ba78) C:\windows\system32\DRIVERS\hidbth.sys
19:18:02.0564 5640        HidBth - ok
19:18:02.0643 5640        HidIr          (cf50b4cf4a4f229b9f3c08351f99ca5e) C:\windows\system32\DRIVERS\hidir.sys
19:18:02.0705 5640        HidIr - ok
19:18:02.0783 5640        hidserv        (2bc6f6a1992b3a77f5f41432ca6b3b6b) C:\windows\system32\hidserv.dll
19:18:02.0877 5640        hidserv - ok
19:18:03.0002 5640        HidUsb          (10c19f8290891af023eaec0832e1eb4d) C:\windows\system32\drivers\hidusb.sys
19:18:03.0064 5640        HidUsb - ok
19:18:03.0111 5640        hkmsvc          (196b4e3f4cccc24af836ce58facbb699) C:\windows\system32\kmsvc.dll
19:18:03.0205 5640        hkmsvc - ok
19:18:03.0251 5640        HomeGroupListener (6658f4404de03d75fe3ba09f7aba6a30) C:\windows\system32\ListSvc.dll
19:18:03.0329 5640        HomeGroupListener - ok
19:18:03.0376 5640        HomeGroupProvider (dbc02d918fff1cad628acbe0c0eaa8e8) C:\windows\system32\provsvc.dll
19:18:03.0439 5640        HomeGroupProvider - ok
19:18:03.0563 5640        HpSAMD          (295fdc419039090eb8b49ffdbb374549) C:\windows\system32\drivers\HpSAMD.sys
19:18:03.0610 5640        HpSAMD - ok
19:18:03.0704 5640        HTTP            (871917b07a141bff43d76d8844d48106) C:\windows\system32\drivers\HTTP.sys
19:18:03.0813 5640        HTTP - ok
19:18:03.0938 5640        hwpolicy        (0c4e035c7f105f1299258c90886c64c5) C:\windows\system32\drivers\hwpolicy.sys
19:18:03.0969 5640        hwpolicy - ok
19:18:04.0047 5640        i8042prt        (f151f0bdc47f4a28b1b20a0818ea36d6) C:\windows\system32\drivers\i8042prt.sys
19:18:04.0125 5640        i8042prt - ok
19:18:04.0219 5640        IAANTMON        (7548066df68a8a1a56b043359f915f37) C:\Program Files\Intel\Intel Matrix Storage Manager\IAANTMon.exe
19:18:04.0265 5640        IAANTMON - ok
19:18:04.0390 5640        iaStor          (d483687eace0c065ee772481a96e05f5) C:\windows\system32\DRIVERS\iaStor.sys
19:18:04.0437 5640        iaStor - ok
19:18:04.0499 5640        iaStorV        (5cd5f9a5444e6cdcb0ac89bd62d8b76e) C:\windows\system32\drivers\iaStorV.sys
19:18:04.0546 5640        iaStorV - ok
19:18:04.0640 5640        IDriverT        (daf66902f08796f9c694901660e5a64a) C:\Program Files\Common Files\InstallShield\Driver\1150\Intel 32\IDriverT.exe
19:18:04.0671 5640        IDriverT ( UnsignedFile.Multi.Generic ) - warning
19:18:04.0671 5640        IDriverT - detected UnsignedFile.Multi.Generic (1)
19:18:04.0796 5640        idsvc          (c521d7eb6497bb1af6afa89e322fb43c) C:\windows\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\infocard.exe
19:18:04.0889 5640        idsvc - ok
19:18:05.0139 5640        igfx            (d0074897c6bc132f3980ea4654bf7fb9) C:\windows\system32\DRIVERS\igdkmd32.sys
19:18:05.0420 5640        igfx - ok
19:18:05.0545 5640        iirsp          (4173ff5708f3236cf25195fecd742915) C:\windows\system32\DRIVERS\iirsp.sys
19:18:05.0591 5640        iirsp - ok
19:18:05.0669 5640        IKEEXT          (f95622f161474511b8d80d6b093aa610) C:\windows\System32\ikeext.dll
19:18:05.0825 5640        IKEEXT - ok
19:18:06.0059 5640        IntcAzAudAddService (e61611bacbe257c26a8951d6d096a248) C:\windows\system32\drivers\RTKVHDA.sys
19:18:06.0293 5640        IntcAzAudAddService - ok
19:18:06.0356 5640        intelide        (a0f12f2c9ba6c72f3987ce780e77c130) C:\windows\system32\drivers\intelide.sys
19:18:06.0403 5640        intelide - ok
19:18:06.0449 5640        intelppm        (3b514d27bfc4accb4037bc6685f766e0) C:\windows\system32\DRIVERS\intelppm.sys
19:18:06.0496 5640        intelppm - ok
19:18:06.0527 5640        IPBusEnum      (acb364b9075a45c0736e5c47be5cae19) C:\windows\system32\ipbusenum.dll
19:18:06.0683 5640        IPBusEnum - ok
19:18:06.0730 5640        IpFilterDriver  (709d1761d3b19a932ff0238ea6d50200) C:\windows\system32\DRIVERS\ipfltdrv.sys
19:18:06.0855 5640        IpFilterDriver - ok
19:18:06.0964 5640        iphlpsvc        (4d65a07b795d6674312f879d09aa7663) C:\windows\System32\iphlpsvc.dll
19:18:07.0073 5640        iphlpsvc - ok
19:18:07.0167 5640        IPMIDRV        (4bd7134618c1d2a27466a099062547bf) C:\windows\system32\drivers\IPMIDrv.sys
19:18:07.0214 5640        IPMIDRV - ok
19:18:07.0261 5640        IPNAT          (a5fa468d67abcdaa36264e463a7bb0cd) C:\windows\system32\drivers\ipnat.sys
19:18:07.0370 5640        IPNAT - ok
19:18:07.0448 5640        iPod Service    (ca1972397b845b2f53f5dc63c22fd98a) C:\Program Files\iPod\bin\iPodService.exe
19:18:07.0541 5640        iPod Service - ok
19:18:07.0651 5640        IRENUM          (42996cff20a3084a56017b7902307e9f) C:\windows\system32\drivers\irenum.sys
19:18:07.0760 5640        IRENUM - ok
19:18:07.0822 5640        isapnp          (1f32bb6b38f62f7df1a7ab7292638a35) C:\windows\system32\drivers\isapnp.sys
19:18:07.0869 5640        isapnp - ok
19:18:07.0916 5640        iScsiPrt        (cb7a9abb12b8415bce5d74994c7ba3ae) C:\windows\system32\drivers\msiscsi.sys
19:18:07.0978 5640        iScsiPrt - ok
19:18:08.0025 5640        kbdclass        (adef52ca1aeae82b50df86b56413107e) C:\windows\system32\drivers\kbdclass.sys
19:18:08.0056 5640        kbdclass - ok
19:18:08.0103 5640        kbdhid          (9e3ced91863e6ee98c24794d05e27a71) C:\windows\system32\drivers\kbdhid.sys
19:18:08.0165 5640        kbdhid - ok
19:18:08.0275 5640        kbfiltr        (3eb803312987ff44265c87cb960df6ab) C:\windows\system32\DRIVERS\kbfiltr.sys
19:18:08.0306 5640        kbfiltr - ok
19:18:08.0337 5640        KeyIso          (81951f51e318aecc2d68559e47485cc4) C:\windows\system32\lsass.exe
19:18:08.0384 5640        KeyIso - ok
19:18:08.0431 5640        KSecDD          (f4647bb23db9038a7536cf6b68f4207f) C:\windows\system32\Drivers\ksecdd.sys
19:18:08.0477 5640        KSecDD - ok
19:18:08.0524 5640        KSecPkg        (e73cae53bbb72ba26918492c6b4c229d) C:\windows\system32\Drivers\ksecpkg.sys
19:18:08.0571 5640        KSecPkg - ok
19:18:08.0618 5640        KtmRm          (89a7b9cc98d0d80c6f31b91c0a310fcd) C:\windows\system32\msdtckrm.dll
19:18:08.0743 5640        KtmRm - ok
19:18:08.0805 5640        L1C            (a158cea8644b8a5c1ec0e9a81b70f65a) C:\windows\system32\DRIVERS\L1C62x86.sys
19:18:08.0883 5640        L1C - ok
19:18:08.0977 5640        LanmanServer    (d64af876d53eca3668bb97b51b4e70ab) C:\windows\system32\srvsvc.dll
19:18:09.0101 5640        LanmanServer - ok
19:18:09.0195 5640        LanmanWorkstation (58405e4f68ba8e4057c6e914f326aba2) C:\windows\System32\wkssvc.dll
19:18:09.0304 5640        LanmanWorkstation - ok
19:18:09.0429 5640        lltdio          (f7611ec07349979da9b0ae1f18ccc7a6) C:\windows\system32\DRIVERS\lltdio.sys
19:18:09.0538 5640        lltdio - ok
19:18:09.0569 5640        lltdsvc        (5700673e13a2117fa3b9020c852c01e2) C:\windows\System32\lltdsvc.dll
19:18:09.0694 5640        lltdsvc - ok
19:18:09.0725 5640        lmhosts        (55ca01ba19d0006c8f2639b6c045e08b) C:\windows\System32\lmhsvc.dll
19:18:09.0835 5640        lmhosts - ok
19:18:09.0959 5640        LSI_FC          (eb119a53ccf2acc000ac71b065b78fef) C:\windows\system32\DRIVERS\lsi_fc.sys
19:18:10.0006 5640        LSI_FC - ok
19:18:10.0022 5640        LSI_SAS        (8ade1c877256a22e49b75d1cc9161f9c) C:\windows\system32\DRIVERS\lsi_sas.sys
19:18:10.0069 5640        LSI_SAS - ok
19:18:10.0084 5640        LSI_SAS2        (dc9dc3d3daa0e276fd2ec262e38b11e9) C:\windows\system32\DRIVERS\lsi_sas2.sys
19:18:10.0131 5640        LSI_SAS2 - ok
19:18:10.0147 5640        LSI_SCSI        (0a036c7d7cab643a7f07135ac47e0524) C:\windows\system32\DRIVERS\lsi_scsi.sys
19:18:10.0193 5640        LSI_SCSI - ok
19:18:10.0240 5640        luafv          (6703e366cc18d3b6e534f5cf7df39cee) C:\windows\system32\drivers\luafv.sys
19:18:10.0349 5640        luafv - ok
19:18:10.0459 5640        megasas        (0fff5b045293002ab38eb1fd1fc2fb74) C:\windows\system32\DRIVERS\megasas.sys
19:18:10.0490 5640        megasas - ok
19:18:10.0521 5640        MegaSR          (dcbab2920c75f390caf1d29f675d03d6) C:\windows\system32\DRIVERS\MegaSR.sys
19:18:10.0599 5640        MegaSR - ok
19:18:10.0646 5640        MMCSS          (146b6f43a673379a3c670e86d89be5ea) C:\windows\system32\mmcss.dll
19:18:10.0802 5640        MMCSS - ok
19:18:10.0927 5640        Modem          (f001861e5700ee84e2d4e52c712f4964) C:\windows\system32\drivers\modem.sys
19:18:11.0083 5640        Modem - ok
19:18:11.0129 5640        monitor        (79d10964de86b292320e9dfe02282a23) C:\windows\system32\DRIVERS\monitor.sys
19:18:11.0192 5640        monitor - ok
19:18:11.0332 5640        mouclass        (fb18cc1d4c2e716b6b903b0ac0cc0609) C:\windows\system32\drivers\mouclass.sys
19:18:11.0379 5640        mouclass - ok
19:18:11.0473 5640        mouhid          (2c388d2cd01c9042596cf3c8f3c7b24d) C:\windows\system32\DRIVERS\mouhid.sys
19:18:11.0551 5640        mouhid - ok
19:18:11.0738 5640        mountmgr        (fc8771f45ecccfd89684e38842539b9b) C:\windows\system32\drivers\mountmgr.sys
19:18:11.0800 5640        mountmgr - ok
19:18:11.0925 5640        mpio            (2d699fb6e89ce0d8da14ecc03b3edfe0) C:\windows\system32\drivers\mpio.sys
19:18:11.0972 5640        mpio - ok
19:18:12.0065 5640        mpsdrv          (ad2723a7b53dd1aacae6ad8c0bfbf4d0) C:\windows\system32\drivers\mpsdrv.sys
19:18:12.0159 5640        mpsdrv - ok
19:18:12.0331 5640        MpsSvc          (9835584e999d25004e1ee8e5f3e3b881) C:\windows\system32\mpssvc.dll
19:18:12.0487 5640        MpsSvc - ok
19:18:12.0596 5640        MRxDAV          (ceb46ab7c01c9f825f8cc6babc18166a) C:\windows\system32\drivers\mrxdav.sys
19:18:12.0705 5640        MRxDAV - ok
19:18:12.0814 5640        mrxsmb          (5d16c921e3671636c0eba3bbaac5fd25) C:\windows\system32\DRIVERS\mrxsmb.sys
19:18:12.0908 5640        mrxsmb - ok
19:18:12.0955 5640        mrxsmb10        (6d17a4791aca19328c685d256349fefc) C:\windows\system32\DRIVERS\mrxsmb10.sys
19:18:13.0033 5640        mrxsmb10 - ok
19:18:13.0079 5640        mrxsmb20        (b81f204d146000be76651a50670a5e9e) C:\windows\system32\DRIVERS\mrxsmb20.sys
19:18:13.0142 5640        mrxsmb20 - ok
19:18:13.0189 5640        msahci          (012c5f4e9349e711e11e0f19a8589f0a) C:\windows\system32\drivers\msahci.sys
19:18:13.0251 5640        msahci - ok
19:18:13.0345 5640        MSCSPTISRV      (8e46a7bac823dd82d4fb2a34c3df4c1d) C:\Program Files\Common Files\Sony Shared\AVLib\MSCSPTISRV.exe
19:18:13.0376 5640        MSCSPTISRV ( UnsignedFile.Multi.Generic ) - warning
19:18:13.0376 5640        MSCSPTISRV - detected UnsignedFile.Multi.Generic (1)
19:18:13.0485 5640        msdsm          (55055f8ad8be27a64c831322a780a228) C:\windows\system32\drivers\msdsm.sys
19:18:13.0563 5640        msdsm - ok
19:18:13.0610 5640        MSDTC          (e1bce74a3bd9902b72599c0192a07e27) C:\windows\System32\msdtc.exe
19:18:13.0688 5640        MSDTC - ok
19:18:13.0766 5640        Msfs            (daefb28e3af5a76abcc2c3078c07327f) C:\windows\system32\drivers\Msfs.sys
19:18:13.0906 5640        Msfs - ok
19:18:13.0937 5640        mshidkmdf      (3e1e5767043c5af9367f0056295e9f84) C:\windows\System32\drivers\mshidkmdf.sys
19:18:14.0078 5640        mshidkmdf - ok
19:18:14.0125 5640        msisadrv        (0a4e5757ae09fa9622e3158cc1aef114) C:\windows\system32\drivers\msisadrv.sys
19:18:14.0171 5640        msisadrv - ok
19:18:14.0234 5640        MSiSCSI        (90f7d9e6b6f27e1a707d4a297f077828) C:\windows\system32\iscsiexe.dll
19:18:14.0374 5640        MSiSCSI - ok
19:18:14.0405 5640        msiserver - ok
19:18:14.0468 5640        MSKSSRV        (8c0860d6366aaffb6c5bb9df9448e631) C:\windows\system32\drivers\MSKSSRV.sys
19:18:14.0624 5640        MSKSSRV - ok
19:18:14.0827 5640        MSPCLOCK        (3ea8b949f963562cedbb549eac0c11ce) C:\windows\system32\drivers\MSPCLOCK.sys
19:18:14.0920 5640        MSPCLOCK - ok
19:18:15.0014 5640        MSPQM          (f456e973590d663b1073e9c463b40932) C:\windows\system32\drivers\MSPQM.sys
19:18:15.0170 5640        MSPQM - ok
19:18:15.0201 5640        MsRPC          (0e008fc4819d238c51d7c93e7b41e560) C:\windows\system32\drivers\MsRPC.sys
19:18:15.0263 5640        MsRPC - ok
19:18:15.0326 5640        mssmbios        (fc6b9ff600cc585ea38b12589bd4e246) C:\windows\system32\drivers\mssmbios.sys
19:18:15.0373 5640        mssmbios - ok
19:18:15.0419 5640        MSTEE          (b42c6b921f61a6e55159b8be6cd54a36) C:\windows\system32\drivers\MSTEE.sys
19:18:15.0560 5640        MSTEE - ok
19:18:15.0575 5640        MTConfig        (33599130f44e1f34631cea241de8ac84) C:\windows\system32\DRIVERS\MTConfig.sys
19:18:15.0638 5640        MTConfig - ok
19:18:15.0669 5640        Mup            (159fad02f64e6381758c990f753bcc80) C:\windows\system32\Drivers\mup.sys
19:18:15.0731 5640        Mup - ok
19:18:15.0794 5640        napagent        (61d57a5d7c6d9afe10e77dae6e1b445e) C:\windows\system32\qagentRT.dll
19:18:15.0981 5640        napagent - ok
19:18:16.0059 5640        NativeWifiP    (26384429fcd85d83746f63e798ab1480) C:\windows\system32\DRIVERS\nwifi.sys
19:18:16.0137 5640        NativeWifiP - ok
19:18:16.0215 5640        NDIS            (e7c54812a2aaf43316eb6930c1ffa108) C:\windows\system32\drivers\ndis.sys
19:18:16.0340 5640        NDIS - ok
19:18:16.0387 5640        NdisCap        (0e1787aa6c9191d3d319e8bafe86f80c) C:\windows\system32\DRIVERS\ndiscap.sys
19:18:16.0527 5640        NdisCap - ok
19:18:16.0574 5640        NdisTapi        (e4a8aec125a2e43a9e32afeea7c9c888) C:\windows\system32\DRIVERS\ndistapi.sys
19:18:16.0699 5640        NdisTapi - ok
19:18:16.0777 5640        Ndisuio        (d8a65dafb3eb41cbb622745676fcd072) C:\windows\system32\DRIVERS\ndisuio.sys
19:18:16.0918 5640        Ndisuio - ok
19:18:16.0949 5640        NdisWan        (38fbe267e7e6983311179230facb1017) C:\windows\system32\DRIVERS\ndiswan.sys
19:18:17.0090 5640        NdisWan - ok
19:18:17.0136 5640        NDProxy        (a4bdc541e69674fbff1a8ff00be913f2) C:\windows\system32\drivers\NDProxy.sys
19:18:17.0261 5640        NDProxy - ok
19:18:17.0308 5640        Net Driver HPZ12 (69c503c004f49aee8b8e3067cc047ba7) C:\windows\system32\HPZinw12.dll
19:18:17.0339 5640        Net Driver HPZ12 ( UnsignedFile.Multi.Generic ) - warning
19:18:17.0339 5640        Net Driver HPZ12 - detected UnsignedFile.Multi.Generic (1)
19:18:17.0417 5640        NetBIOS        (80b275b1ce3b0e79909db7b39af74d51) C:\windows\system32\DRIVERS\netbios.sys
19:18:17.0558 5640        NetBIOS - ok
19:18:17.0604 5640        NetBT          (280122ddcf04b378edd1ad54d71c1e54) C:\windows\system32\DRIVERS\netbt.sys
19:18:17.0760 5640        NetBT - ok
19:18:17.0807 5640        Netlogon        (81951f51e318aecc2d68559e47485cc4) C:\windows\system32\lsass.exe
19:18:17.0870 5640        Netlogon - ok
19:18:17.0948 5640        Netman          (7cccfca7510684768da22092d1fa4db2) C:\windows\System32\netman.dll
19:18:18.0119 5640        Netman - ok
19:18:18.0150 5640        netprofm        (8c338238c16777a802d6a9211eb2ba50) C:\windows\System32\netprofm.dll
19:18:18.0306 5640        netprofm - ok
19:18:18.0431 5640        NetTcpPortSharing (f476ec40033cdb91efbe73eb99b8362d) C:\windows\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\SMSvcHost.exe
19:18:18.0494 5640        NetTcpPortSharing - ok
19:18:18.0603 5640        nfrd960        (1d85c4b390b0ee09c7a46b91efb2c097) C:\windows\system32\DRIVERS\nfrd960.sys
19:18:18.0665 5640        nfrd960 - ok
19:18:18.0712 5640        NlaSvc          (912084381d30d8b89ec4e293053f4710) C:\windows\System32\nlasvc.dll
19:18:18.0868 5640        NlaSvc - ok
19:18:18.0899 5640        Npfs            (1db262a9f8c087e8153d89bef3d2235f) C:\windows\system32\drivers\Npfs.sys
19:18:19.0055 5640        Npfs - ok
19:18:19.0086 5640        nsi            (ba387e955e890c8a88306d9b8d06bf17) C:\windows\system32\nsisvc.dll
19:18:19.0242 5640        nsi - ok
19:18:19.0305 5640        nsiproxy        (e9a0a4d07e53d8fea2bb8387a3293c58) C:\windows\system32\drivers\nsiproxy.sys
19:18:19.0461 5640        nsiproxy - ok
19:18:19.0554 5640        Ntfs            (81189c3d7763838e55c397759d49007a) C:\windows\system32\drivers\Ntfs.sys
19:18:19.0726 5640        Ntfs - ok
19:18:19.0835 5640        Null            (f9756a98d69098dca8945d62858a812c) C:\windows\system32\drivers\Null.sys
19:18:19.0977 5640        Null - ok
19:18:20.0039 5640        nvraid          (b3e25ee28883877076e0e1ff877d02e0) C:\windows\system32\drivers\nvraid.sys
19:18:20.0101 5640        nvraid - ok
19:18:20.0133 5640        nvstor          (4380e59a170d88c4f1022eff6719a8a4) C:\windows\system32\drivers\nvstor.sys
19:18:20.0211 5640        nvstor - ok
19:18:20.0273 5640        nv_agp          (5a0983915f02bae73267cc2a041f717d) C:\windows\system32\drivers\nv_agp.sys
19:18:20.0335 5640        nv_agp - ok
19:18:20.0382 5640        ohci1394        (08a70a1f2cdde9bb49b885cb817a66eb) C:\windows\system32\drivers\ohci1394.sys
19:18:20.0476 5640        ohci1394 - ok
19:18:20.0569 5640        ose            (9d10f99a6712e28f8acd5641e3a7ea6b) C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE
19:18:20.0616 5640        ose - ok
19:18:20.0835 5640        osppsvc        (358a9cca612c68eb2f07ddad4ce1d8d7) C:\Program Files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE
19:18:21.0240 5640        osppsvc - ok
19:18:21.0490 5640        p2pimsvc        (82a8521ddc60710c3d3d3e7325209bec) C:\windows\system32\pnrpsvc.dll
19:18:21.0599 5640        p2pimsvc - ok
19:18:21.0693 5640        p2psvc          (59c3ddd501e39e006dac31bf55150d91) C:\windows\system32\p2psvc.dll
19:18:21.0786 5640        p2psvc - ok
19:18:21.0880 5640        PACSPTISVR      (753a8f339f231d2b857e2ccd51a6e6ca) C:\Program Files\Common Files\Sony Shared\AVLib\PACSPTISVR.exe
19:18:21.0911 5640        PACSPTISVR ( UnsignedFile.Multi.Generic ) - warning
19:18:21.0911 5640        PACSPTISVR - detected UnsignedFile.Multi.Generic (1)
19:18:22.0020 5640        Parport        (2ea877ed5dd9713c5ac74e8ea7348d14) C:\windows\system32\DRIVERS\parport.sys
19:18:22.0098 5640        Parport - ok
19:18:22.0145 5640        partmgr        (bf8f6af06da75b336f07e23aef97d93b) C:\windows\system32\drivers\partmgr.sys
19:18:22.0207 5640        partmgr - ok
19:18:22.0239 5640        Parvdm          (eb0a59f29c19b86479d36b35983daadc) C:\windows\system32\DRIVERS\parvdm.sys
19:18:22.0317 5640        Parvdm - ok
19:18:22.0348 5640        PcaSvc          (358ab7956d3160000726574083dfc8a6) C:\windows\System32\pcasvc.dll
19:18:22.0441 5640        PcaSvc - ok
19:18:22.0519 5640        pci            (673e55c3498eb970088e812ea820aa8f) C:\windows\system32\drivers\pci.sys
19:18:22.0582 5640        pci - ok
19:18:22.0613 5640        pciide          (afe86f419014db4e5593f69ffe26ce0a) C:\windows\system32\drivers\pciide.sys
19:18:22.0675 5640        pciide - ok
19:18:22.0722 5640        pcmcia          (f396431b31693e71e8a80687ef523506) C:\windows\system32\DRIVERS\pcmcia.sys
19:18:22.0785 5640        pcmcia - ok
19:18:22.0816 5640        pcw            (250f6b43d2b613172035c6747aeeb19f) C:\windows\system32\drivers\pcw.sys
19:18:22.0878 5640        pcw - ok
19:18:22.0941 5640        PEAUTH          (9e0104ba49f4e6973749a02bf41344ed) C:\windows\system32\drivers\peauth.sys
19:18:23.0128 5640        PEAUTH - ok
19:18:23.0299 5640        pla            (414bba67a3ded1d28437eb66aeb8a720) C:\windows\system32\pla.dll
19:18:23.0533 5640        pla - ok
19:18:23.0580 5640        PlugPlay        (ec7bc28d207da09e79b3e9faf8b232ca) C:\windows\system32\umpnpmgr.dll
19:18:23.0705 5640        PlugPlay - ok
19:18:23.0814 5640        Pml Driver HPZ12 (12b4549d515cb26bb8d375038017ca65) C:\windows\system32\HPZipm12.dll
19:18:23.0861 5640        Pml Driver HPZ12 ( UnsignedFile.Multi.Generic ) - warning
19:18:23.0861 5640        Pml Driver HPZ12 - detected UnsignedFile.Multi.Generic (1)
19:18:23.0908 5640        PNRPAutoReg    (63ff8572611249931eb16bb8eed6afc8) C:\windows\system32\pnrpauto.dll
19:18:23.0987 5640        PNRPAutoReg - ok
19:18:24.0034 5640        PNRPsvc        (82a8521ddc60710c3d3d3e7325209bec) C:\windows\system32\pnrpsvc.dll
19:18:24.0112 5640        PNRPsvc - ok
19:18:24.0158 5640        PolicyAgent    (53946b69ba0836bd95b03759530c81ec) C:\windows\System32\ipsecsvc.dll
19:18:24.0314 5640        PolicyAgent - ok
19:18:24.0392 5640        Power          (f87d30e72e03d579a5199ccb3831d6ea) C:\windows\system32\umpo.dll
19:18:24.0548 5640        Power - ok
19:18:24.0658 5640        PptpMiniport    (631e3e205ad6d86f2aed6a4a8e69f2db) C:\windows\system32\DRIVERS\raspptp.sys
19:18:24.0814 5640        PptpMiniport - ok
19:18:24.0923 5640        Processor      (85b1e3a0c7585bc4aae6899ec6fcf011) C:\windows\system32\DRIVERS\processr.sys
19:18:25.0016 5640        Processor - ok
19:18:25.0141 5640        ProfSvc        (43ca4ccc22d52fb58e8988f0198851d0) C:\windows\system32\profsvc.dll
19:18:25.0282 5640        ProfSvc - ok
19:18:25.0328 5640        ProtectedStorage (81951f51e318aecc2d68559e47485cc4) C:\windows\system32\lsass.exe
19:18:25.0406 5640        ProtectedStorage - ok
19:18:25.0469 5640        Psched          (6270ccae2a86de6d146529fe55b3246a) C:\windows\system32\DRIVERS\pacer.sys
19:18:25.0625 5640        Psched - ok
19:18:25.0687 5640        PxHelp20        (1962166e0ceb740704f30fa55ad3d509) C:\windows\system32\Drivers\PxHelp20.sys
19:18:25.0718 5640        PxHelp20 ( UnsignedFile.Multi.Generic ) - warning
19:18:25.0718 5640        PxHelp20 - detected UnsignedFile.Multi.Generic (1)
19:18:25.0796 5640        ql2300          (ab95ecf1f6659a60ddc166d8315b0751) C:\windows\system32\DRIVERS\ql2300.sys
19:18:25.0984 5640        ql2300 - ok
19:18:26.0046 5640        ql40xx          (b4dd51dd25182244b86737dc51af2270) C:\windows\system32\DRIVERS\ql40xx.sys
19:18:26.0108 5640        ql40xx - ok
19:18:26.0186 5640        QWAVE          (31ac809e7707eb580b2bdb760390765a) C:\windows\system32\qwave.dll
19:18:26.0296 5640        QWAVE - ok
19:18:26.0358 5640        QWAVEdrv        (584078ca1b95ca72df2a27c336f9719d) C:\windows\system32\drivers\qwavedrv.sys
19:18:26.0452 5640        QWAVEdrv - ok
19:18:26.0530 5640        RasAcd          (30a81b53c766d0133bb86d234e5556ab) C:\windows\system32\DRIVERS\rasacd.sys
19:18:26.0654 5640        RasAcd - ok
19:18:26.0748 5640        RasAgileVpn    (57ec4aef73660166074d8f7f31c0d4fd) C:\windows\system32\DRIVERS\AgileVpn.sys
19:18:26.0888 5640        RasAgileVpn - ok
19:18:26.0935 5640        RasAuto        (a60f1839849c0c00739787fd5ec03f13) C:\windows\System32\rasauto.dll
19:18:27.0091 5640        RasAuto - ok
19:18:27.0169 5640        Rasl2tp        (d9f91eafec2815365cbe6d167e4e332a) C:\windows\system32\DRIVERS\rasl2tp.sys
19:18:27.0325 5640        Rasl2tp - ok
19:18:27.0388 5640        RasMan          (cb9e04dc05eacf5b9a36ca276d475006) C:\windows\System32\rasmans.dll
19:18:27.0559 5640        RasMan - ok
19:18:27.0653 5640        RasPppoe        (0fe8b15916307a6ac12bfb6a63e45507) C:\windows\system32\DRIVERS\raspppoe.sys
19:18:27.0793 5640        RasPppoe - ok
19:18:27.0824 5640        RasSstp        (44101f495a83ea6401d886e7fd70096b) C:\windows\system32\DRIVERS\rassstp.sys
19:18:27.0965 5640        RasSstp - ok
19:18:28.0012 5640        rdbss          (d528bc58a489409ba40334ebf96a311b) C:\windows\system32\DRIVERS\rdbss.sys
19:18:28.0152 5640        rdbss - ok
19:18:28.0183 5640        rdpbus          (0d8f05481cb76e70e1da06ee9f0da9df) C:\windows\system32\DRIVERS\rdpbus.sys
19:18:28.0277 5640        rdpbus - ok
19:18:28.0324 5640        RDPCDD          (23dae03f29d253ae74c44f99e515f9a1) C:\windows\system32\DRIVERS\RDPCDD.sys
19:18:28.0448 5640        RDPCDD - ok
19:18:28.0511 5640        RDPENCDD        (5a53ca1598dd4156d44196d200c94b8a) C:\windows\system32\drivers\rdpencdd.sys
19:18:28.0651 5640        RDPENCDD - ok
19:18:28.0698 5640        RDPREFMP        (44b0a53cd4f27d50ed461dae0c0b4e1f) C:\windows\system32\drivers\rdprefmp.sys
19:18:28.0823 5640        RDPREFMP - ok
19:18:28.0885 5640        RDPWD          (244c83332f44589ae98fc347f11b2693) C:\windows\system32\drivers\RDPWD.sys
19:18:28.0979 5640        RDPWD - ok
19:18:29.0088 5640        rdyboost        (518395321dc96fe2c9f0e96ac743b656) C:\windows\system32\drivers\rdyboost.sys
19:18:29.0166 5640        rdyboost - ok
19:18:29.0197 5640        RemoteAccess    (7b5e1419717fac363a31cc302895217a) C:\windows\System32\mprdim.dll
19:18:29.0353 5640        RemoteAccess - ok
19:18:29.0400 5640        RemoteRegistry  (cb9a8683f4ef2bf99e123d79950d7935) C:\windows\system32\regsvc.dll
19:18:29.0572 5640        RemoteRegistry - ok
19:18:29.0681 5640        RFCOMM          (cb928d9e6daf51879dd6ba8d02f01321) C:\windows\system32\DRIVERS\rfcomm.sys
19:18:29.0774 5640        RFCOMM - ok
19:18:29.0915 5640        RpcEptMapper    (78d072f35bc45d9e4e1b61895c152234) C:\windows\System32\RpcEpMap.dll
19:18:30.0071 5640        RpcEptMapper - ok
19:18:30.0133 5640        RpcLocator      (94d36c0e44677dd26981d2bfeef2a29d) C:\windows\system32\locator.exe
19:18:30.0227 5640        RpcLocator - ok
19:18:30.0274 5640        RpcSs          (7660f01d3b38aca1747e397d21d790af) C:\windows\system32\rpcss.dll
19:18:30.0430 5640        RpcSs - ok
19:18:30.0492 5640        rspndr          (032b0d36ad92b582d869879f5af5b928) C:\windows\system32\DRIVERS\rspndr.sys
19:18:30.0648 5640        rspndr - ok
19:18:30.0695 5640        SamSs          (81951f51e318aecc2d68559e47485cc4) C:\windows\system32\lsass.exe
19:18:30.0757 5640        SamSs - ok
19:18:30.0835 5640        sbp2port        (05d860da1040f111503ac416ccef2bca) C:\windows\system32\drivers\sbp2port.sys
19:18:30.0898 5640        sbp2port - ok
19:18:30.0929 5640        SCardSvr        (8fc518ffe9519c2631d37515a68009c4) C:\windows\System32\SCardSvr.dll
19:18:31.0085 5640        SCardSvr - ok
19:18:31.0132 5640        scfilter        (0693b5ec673e34dc147e195779a4dcf6) C:\windows\system32\DRIVERS\scfilter.sys
19:18:31.0272 5640        scfilter - ok
19:18:31.0334 5640        Schedule        (a04bb13f8a72f8b6e8b4071723e4e336) C:\windows\system32\schedsvc.dll
19:18:31.0537 5640        Schedule - ok
19:18:31.0615 5640        SCPolicySvc    (319c6b309773d063541d01df8ac6f55f) C:\windows\System32\certprop.dll
19:18:31.0740 5640        SCPolicySvc - ok
19:18:31.0771 5640        SDRSVC          (08236c4bce5edd0a0318a438af28e0f7) C:\windows\System32\SDRSVC.dll
19:18:31.0880 5640        SDRSVC - ok
19:18:31.0990 5640        SeaPort        (78779ee07231c658b483b1f38b5088df) C:\Program Files\Microsoft\BingBar\SeaPort.EXE
19:18:32.0068 5640        SeaPort - ok
19:18:32.0161 5640        secdrv          (90a3935d05b494a5a39d37e71f09a677) C:\windows\system32\drivers\secdrv.sys
19:18:32.0317 5640        secdrv - ok
19:18:32.0364 5640        seclogon        (a59b3a4442c52060cc7a85293aa3546f) C:\windows\system32\seclogon.dll
19:18:32.0504 5640        seclogon - ok
19:18:32.0598 5640        SENS            (dcb7fcdcc97f87360f75d77425b81737) C:\windows\System32\sens.dll
19:18:32.0770 5640        SENS - ok
19:18:32.0848 5640        Serenum        (9ad8b8b515e3df6acd4212ef465de2d1) C:\windows\system32\DRIVERS\serenum.sys
19:18:32.0926 5640        Serenum - ok
19:18:32.0988 5640        Serial          (5fb7fcea0490d821f26f39cc5ea3d1e2) C:\windows\system32\DRIVERS\serial.sys
19:18:33.0082 5640        Serial - ok
19:18:33.0160 5640        sermouse        (79bffb520327ff916a582dfea17aa813) C:\windows\system32\DRIVERS\sermouse.sys
19:18:33.0222 5640        sermouse - ok
19:18:33.0347 5640        SessionEnv      (4ae380f39a0032eab7dd953030b26d28) C:\windows\system32\sessenv.dll
19:18:33.0503 5640        SessionEnv - ok
19:18:33.0581 5640        sffdisk        (9f976e1eb233df46fce808d9dea3eb9c) C:\windows\system32\drivers\sffdisk.sys
19:18:33.0674 5640        sffdisk - ok
19:18:33.0752 5640        sffp_mmc        (932a68ee27833cfd57c1639d375f2731) C:\windows\system32\drivers\sffp_mmc.sys
19:18:33.0830 5640        sffp_mmc - ok
19:18:33.0877 5640        sffp_sd        (6d4ccaedc018f1cf52866bbbaa235982) C:\windows\system32\drivers\sffp_sd.sys
19:18:33.0971 5640        sffp_sd - ok
19:18:34.0049 5640        sfloppy        (db96666cc8312ebc45032f30b007a547) C:\windows\system32\DRIVERS\sfloppy.sys
19:18:34.0127 5640        sfloppy - ok
19:18:34.0252 5640        Sftfs          (d9b734638dd8dba9d59aad3189cd0fad) C:\windows\system32\DRIVERS\Sftfslh.sys
19:18:34.0361 5640        Sftfs - ok
19:18:34.0454 5640        sftlist        (cb73bc422c07fb611f194da18d1e7f36) C:\Program Files\Microsoft Application Virtualization Client\sftlist.exe
19:18:34.0548 5640        sftlist - ok
19:18:34.0673 5640        Sftplay        (2f61bd46c0bff4eb36e1e359ca17bfc5) C:\windows\system32\DRIVERS\Sftplaylh.sys
19:18:34.0735 5640        Sftplay - ok
19:18:34.0766 5640        Sftredir        (518bac0179f94304f422696b47c0ec12) C:\windows\system32\DRIVERS\Sftredirlh.sys
19:18:34.0813 5640        Sftredir - ok
19:18:34.0860 5640        Sftvol          (747325236d88b3f05ffd27ff9ec711c5) C:\windows\system32\DRIVERS\Sftvollh.sys
19:18:34.0907 5640        Sftvol - ok
19:18:35.0032 5640        sftvsa          (a5812f0281ca5081bf696626f9bf324d) C:\Program Files\Microsoft Application Virtualization Client\sftvsa.exe
19:18:35.0094 5640        sftvsa - ok
19:18:35.0203 5640        SharedAccess    (d1a079a0de2ea524513b6930c24527a2) C:\windows\System32\ipnathlp.dll
19:18:35.0359 5640        SharedAccess - ok
19:18:35.0422 5640        ShellHWDetection (414da952a35bf5d50192e28263b40577) C:\windows\System32\shsvcs.dll
19:18:35.0578 5640        ShellHWDetection - ok
19:18:35.0656 5640        sisagp          (2565cac0dc9fe0371bdce60832582b2e) C:\windows\system32\drivers\sisagp.sys
19:18:35.0718 5640        sisagp - ok
19:18:35.0749 5640        SiSRaid2        (a9f0486851becb6dda1d89d381e71055) C:\windows\system32\DRIVERS\SiSRaid2.sys
19:18:35.0812 5640        SiSRaid2 - ok
19:18:35.0843 5640        SiSRaid4        (3727097b55738e2f554972c3be5bc1aa) C:\windows\system32\DRIVERS\sisraid4.sys
19:18:35.0905 5640        SiSRaid4 - ok
19:18:35.0936 5640        Smb            (3e21c083b8a01cb70ba1f09303010fce) C:\windows\system32\DRIVERS\smb.sys
19:18:36.0061 5640        Smb - ok
19:18:36.0155 5640        SNMPTRAP        (6a984831644eca1a33ffeae4126f4f37) C:\windows\System32\snmptrap.exe
19:18:36.0248 5640        SNMPTRAP - ok
19:18:36.0358 5640        SonicStage Back-End Service (977aaa4398d7d6fa65d973f5b3f54e40) C:\Program Files\Common Files\Sony Shared\AVLib\SsBeSvc.exe
19:18:36.0404 5640        SonicStage Back-End Service - ok
19:18:36.0498 5640        spldr          (95cf1ae7527fb70f7816563cbc09d942) C:\windows\system32\drivers\spldr.sys
19:18:36.0560 5640        spldr - ok
19:18:36.0623 5640        Spooler        (866a43013535dc8587c258e43579c764) C:\windows\System32\spoolsv.exe
19:18:36.0794 5640        Spooler - ok
19:18:36.0950 5640        sppsvc          (cf87a1de791347e75b98885214ced2b8) C:\windows\system32\sppsvc.exe
19:18:37.0309 5640        sppsvc - ok
19:18:37.0418 5640        sppuinotify    (b0180b20b065d89232a78a40fe56eaa6) C:\windows\system32\sppuinotify.dll
19:18:37.0559 5640        sppuinotify - ok
19:18:37.0652 5640        SPTISRV        (e3e6c96b0ef4492c3c8fd0deef4e35a1) C:\Program Files\Common Files\Sony Shared\AVLib\SPTISRV.exe
19:18:37.0684 5640        SPTISRV ( UnsignedFile.Multi.Generic ) - warning
19:18:37.0684 5640        SPTISRV - detected UnsignedFile.Multi.Generic (1)
19:18:37.0793 5640        srv            (e4c2764065d66ea1d2d3ebc28fe99c46) C:\windows\system32\DRIVERS\srv.sys
19:18:37.0918 5640        srv - ok
19:18:38.0027 5640        srv2            (03f0545bd8d4c77fa0ae1ceedfcc71ab) C:\windows\system32\DRIVERS\srv2.sys
19:18:38.0136 5640        srv2 - ok
19:18:38.0167 5640        srvnet          (be6bd660caa6f291ae06a718a4fa8abc) C:\windows\system32\DRIVERS\srvnet.sys
19:18:38.0245 5640        srvnet - ok
19:18:38.0292 5640        SSDPSRV        (d887c9fd02ac9fa880f6e5027a43e118) C:\windows\System32\ssdpsrv.dll
19:18:38.0464 5640        SSDPSRV - ok
19:18:38.0510 5640        ssmdrv          (a36ee93698802cd899f98bfd553d8185) C:\windows\system32\DRIVERS\ssmdrv.sys
19:18:38.0557 5640        ssmdrv - ok
19:18:38.0682 5640        SSScsiSV        (756e371b3b86a3d3039926d32eac0e8d) C:\Program Files\Common Files\Sony Shared\AVLib\SSScsiSV.exe
19:18:38.0729 5640        SSScsiSV - ok
19:18:38.0822 5640        SstpSvc        (d318f23be45d5e3a107469eb64815b50) C:\windows\system32\sstpsvc.dll
19:18:38.0994 5640        SstpSvc - ok
19:18:39.0072 5640        stexstor        (db32d325c192b801df274bfd12a7e72b) C:\windows\system32\DRIVERS\stexstor.sys
19:18:39.0119 5640        stexstor - ok
19:18:39.0197 5640        StiSvc          (e1fb3706030fb4578a0d72c2fc3689e4) C:\windows\System32\wiaservc.dll
19:18:39.0337 5640        StiSvc - ok
19:18:39.0400 5640        swenum          (e58c78a848add9610a4db6d214af5224) C:\windows\system32\drivers\swenum.sys
19:18:39.0462 5640        swenum - ok
19:18:39.0524 5640        swprv          (a28bd92df340e57b024ba433165d34d7) C:\windows\System32\swprv.dll
19:18:39.0696 5640        swprv - ok
19:18:39.0790 5640        SynTP          (bd8e7f87de409a745a132a8812de5a96) C:\windows\system32\DRIVERS\SynTP.sys
19:18:39.0852 5640        SynTP - ok
19:18:39.0930 5640        SysMain        (36650d618ca34c9d357dfd3d89b2c56f) C:\windows\system32\sysmain.dll
19:18:40.0086 5640        SysMain - ok
19:18:40.0133 5640        TabletInputService (763fecdc3d30c815fe72dd57936c6cd1) C:\windows\System32\TabSvc.dll
19:18:40.0242 5640        TabletInputService - ok
19:18:40.0289 5640        TapiSrv        (613bf4820361543956909043a265c6ac) C:\windows\System32\tapisrv.dll
19:18:40.0460 5640        TapiSrv - ok
19:18:40.0538 5640        TBS            (b799d9fdb26111737f58288d8dc172d9) C:\windows\System32\tbssvc.dll
19:18:40.0694 5640        TBS - ok
19:18:40.0835 5640        Tcpip          (65d10b191c59c5501a1263fc33f6894b) C:\windows\system32\drivers\tcpip.sys
19:18:41.0022 5640        Tcpip - ok
19:18:41.0162 5640        TCPIP6          (65d10b191c59c5501a1263fc33f6894b) C:\windows\system32\DRIVERS\tcpip.sys
19:18:41.0303 5640        TCPIP6 - ok
19:18:41.0396 5640        tcpipreg        (cca24162e055c3714ce5a88b100c64ed) C:\windows\system32\drivers\tcpipreg.sys
19:18:41.0537 5640        tcpipreg - ok
19:18:41.0646 5640        TDPIPE          (1cb91b2bd8f6dd367dfc2ef26fd751b2) C:\windows\system32\drivers\tdpipe.sys
19:18:41.0708 5640        TDPIPE - ok
19:18:41.0755 5640        TDTCP          (2c2c5afe7ee4f620d69c23c0617651a8) C:\windows\system32\drivers\tdtcp.sys
19:18:41.0818 5640        TDTCP - ok
19:18:41.0864 5640        tdx            (b459575348c20e8121d6039da063c704) C:\windows\system32\DRIVERS\tdx.sys
19:18:41.0989 5640        tdx - ok
19:18:42.0052 5640        TermDD          (04dbf4b01ea4bf25a9a3e84affac9b20) C:\windows\system32\drivers\termdd.sys
19:18:42.0098 5640        TermDD - ok
19:18:42.0176 5640        TermService    (382c804c92811be57829d8e550a900e2) C:\windows\System32\termsrv.dll
19:18:42.0348 5640        TermService - ok
19:18:42.0410 5640        Themes          (42fb6afd6b79d9fe07381609172e7ca4) C:\windows\system32\themeservice.dll
19:18:42.0520 5640        Themes - ok
19:18:42.0566 5640        THREADORDER    (146b6f43a673379a3c670e86d89be5ea) C:\windows\system32\mmcss.dll
19:18:42.0707 5640        THREADORDER - ok
19:18:42.0754 5640        TrkWks          (4792c0378db99a9bc2ae2de6cfff0c3a) C:\windows\System32\trkwks.dll
19:18:42.0910 5640        TrkWks - ok
19:18:42.0988 5640        TrustedInstaller (2c49b175aee1d4364b91b531417fe583) C:\windows\servicing\TrustedInstaller.exe
19:18:43.0128 5640        TrustedInstaller - ok
19:18:43.0253 5640        tssecsrv        (254bb140eee3c59d6114c1a86b636877) C:\windows\system32\DRIVERS\tssecsrv.sys
19:18:43.0409 5640        tssecsrv - ok
19:18:43.0518 5640        TsUsbFlt        (fd1d6c73e6333be727cbcc6054247654) C:\windows\system32\drivers\tsusbflt.sys
19:18:43.0596 5640        TsUsbFlt - ok
19:18:43.0736 5640        tunnel          (b2fa25d9b17a68bb93d58b0556e8c90d) C:\windows\system32\DRIVERS\tunnel.sys
19:18:43.0861 5640        tunnel - ok
19:18:43.0908 5640        uagp35          (750fbcb269f4d7dd2e420c56b795db6d) C:\windows\system32\DRIVERS\uagp35.sys
19:18:43.0970 5640        uagp35 - ok
19:18:44.0017 5640        udfs            (ee43346c7e4b5e63e54f927babbb32ff) C:\windows\system32\DRIVERS\udfs.sys
19:18:44.0173 5640        udfs - ok
19:18:44.0220 5640        UI0Detect      (8344fd4fce927880aa1aa7681d4927e5) C:\windows\system32\UI0Detect.exe
19:18:44.0329 5640        UI0Detect - ok
19:18:44.0454 5640        uliagpkx        (44e8048ace47befbfdc2e9be4cbc8880) C:\windows\system32\drivers\uliagpkx.sys
19:18:44.0516 5640        uliagpkx - ok
19:18:44.0563 5640        umbus          (d295bed4b898f0fd999fcfa9b32b071b) C:\windows\system32\drivers\umbus.sys
19:18:44.0641 5640        umbus - ok
19:18:44.0735 5640        UmPass          (7550ad0c6998ba1cb4843e920ee0feac) C:\windows\system32\DRIVERS\umpass.sys
19:18:44.0797 5640        UmPass - ok
19:18:44.0844 5640        upnphost        (833fbb672460efce8011d262175fad33) C:\windows\System32\upnphost.dll
19:18:45.0016 5640        upnphost - ok
19:18:45.0094 5640        USBAAPL        (83cafcb53201bbac04d822f32438e244) C:\windows\system32\Drivers\usbaapl.sys
19:18:45.0187 5640        USBAAPL - ok
19:18:45.0234 5640        usbccgp        (bd9c55d7023c5de374507acc7a14e2ac) C:\windows\system32\DRIVERS\usbccgp.sys
19:18:45.0328 5640        usbccgp - ok
19:18:45.0452 5640        usbcir          (04ec7cec62ec3b6d9354eee93327fc82) C:\windows\system32\drivers\usbcir.sys
19:18:45.0546 5640        usbcir - ok
19:18:45.0593 5640        usbehci        (f92de757e4b7ce9c07c5e65423f3ae3b) C:\windows\system32\drivers\usbehci.sys
19:18:45.0655 5640        usbehci - ok
19:18:45.0702 5640        usbhub          (8dc94aec6a7e644a06135ae7506dc2e9) C:\windows\system32\DRIVERS\usbhub.sys
19:18:45.0780 5640        usbhub - ok
19:18:45.0827 5640        usbohci        (e185d44fac515a18d9deddc23c2cdf44) C:\windows\system32\drivers\usbohci.sys
19:18:45.0905 5640        usbohci - ok
19:18:45.0952 5640        usbprint        (797d862fe0875e75c7cc4c1ad7b30252) C:\windows\system32\DRIVERS\usbprint.sys
19:18:46.0030 5640        usbprint - ok
19:18:46.0061 5640        USBSTOR        (f991ab9cc6b908db552166768176896a) C:\windows\system32\DRIVERS\USBSTOR.SYS
19:18:46.0154 5640        USBSTOR - ok
19:18:46.0186 5640        usbuhci        (68df884cf41cdada664beb01daf67e3d) C:\windows\system32\drivers\usbuhci.sys
19:18:46.0264 5640        usbuhci - ok
19:18:46.0404 5640        usbvideo        (45f4e7bf43db40a6c6b4d92c76cbc3f2) C:\windows\System32\Drivers\usbvideo.sys
19:18:46.0498 5640        usbvideo - ok
19:18:46.0560 5640        UxSms          (081e6e1c91aec36758902a9f727cd23c) C:\windows\System32\uxsms.dll
19:18:46.0700 5640        UxSms - ok
19:18:46.0747 5640        VaultSvc        (81951f51e318aecc2d68559e47485cc4) C:\windows\system32\lsass.exe
19:18:46.0810 5640        VaultSvc - ok
19:18:46.0888 5640        vdrvroot        (a059c4c3edb09e07d21a8e5c0aabd3cb) C:\windows\system32\drivers\vdrvroot.sys
19:18:46.0950 5640        vdrvroot - ok
19:18:46.0997 5640        vds            (c3cd30495687c2a2f66a65ca6fd89be9) C:\windows\System32\vds.exe
19:18:47.0184 5640        vds - ok
19:18:47.0246 5640        vga            (17c408214ea61696cec9c66e388b14f3) C:\windows\system32\DRIVERS\vgapnp.sys
19:18:47.0324 5640        vga - ok
19:18:47.0371 5640        VgaSave        (8e38096ad5c8570a6f1570a61e251561) C:\windows\System32\drivers\vga.sys
19:18:47.0512 5640        VgaSave - ok
19:18:47.0574 5640        vhdmp          (5461686cca2fda57b024547733ab42e3) C:\windows\system32\drivers\vhdmp.sys
19:18:47.0636 5640        vhdmp - ok
19:18:47.0746 5640        viaagp          (c829317a37b4bea8f39735d4b076e923) C:\windows\system32\drivers\viaagp.sys
19:18:47.0808 5640        viaagp - ok
19:18:47.0855 5640        ViaC7          (e02f079a6aa107f06b16549c6e5c7b74) C:\windows\system32\DRIVERS\viac7.sys
19:18:47.0933 5640        ViaC7 - ok
19:18:47.0980 5640        viaide          (e43574f6a56a0ee11809b48c09e4fd3c) C:\windows\system32\drivers\viaide.sys
19:18:48.0042 5640        viaide - ok
19:18:48.0073 5640        volmgr          (4c63e00f2f4b5f86ab48a58cd990f212) C:\windows\system32\drivers\volmgr.sys
19:18:48.0136 5640        volmgr - ok
19:18:48.0182 5640        volmgrx        (b5bb72067ddddbbfb04b2f89ff8c3c87) C:\windows\system32\drivers\volmgrx.sys
19:18:48.0260 5640        volmgrx - ok
19:18:48.0292 5640        volsnap        (f497f67932c6fa693d7de2780631cfe7) C:\windows\system32\drivers\volsnap.sys
19:18:48.0370 5640        volsnap - ok
19:18:48.0432 5640        vsmraid        (9dfa0cc2f8855a04816729651175b631) C:\windows\system32\DRIVERS\vsmraid.sys
19:18:48.0494 5640        vsmraid - ok
19:18:48.0588 5640        VSS            (209a3b1901b83aeb8527ed211cce9e4c) C:\windows\system32\vssvc.exe
19:18:48.0806 5640        VSS - ok
19:18:48.0853 5640        vwifibus        (90567b1e658001e79d7c8bbd3dde5aa6) C:\windows\system32\DRIVERS\vwifibus.sys
19:18:48.0931 5640        vwifibus - ok
19:18:48.0962 5640        vwififlt        (7090d3436eeb4e7da3373090a23448f7) C:\windows\system32\DRIVERS\vwififlt.sys
19:18:49.0056 5640        vwififlt - ok
19:18:49.0118 5640        W32Time        (55187fd710e27d5095d10a472c8baf1c) C:\windows\system32\w32time.dll
19:18:49.0290 5640        W32Time - ok
19:18:49.0368 5640        WacomPen        (de3721e89c653aa281428c8a69745d90) C:\windows\system32\DRIVERS\wacompen.sys
19:18:49.0430 5640        WacomPen - ok
19:18:49.0540 5640        WANARP          (3c3c78515f5ab448b022bdf5b8ffdd2e) C:\windows\system32\DRIVERS\wanarp.sys
19:18:49.0664 5640        WANARP - ok
19:18:49.0680 5640        Wanarpv6        (3c3c78515f5ab448b022bdf5b8ffdd2e) C:\windows\system32\DRIVERS\wanarp.sys
19:18:49.0805 5640        Wanarpv6 - ok
19:18:49.0883 5640        wbengine        (691e3285e53dca558e1a84667f13e15a) C:\windows\system32\wbengine.exe
19:18:50.0054 5640        wbengine - ok
19:18:50.0117 5640        WbioSrvc        (9614b5d29dc76ac3c29f6d2d3aa70e67) C:\windows\System32\wbiosrvc.dll
19:18:50.0226 5640        WbioSrvc - ok
19:18:50.0288 5640        wcncsvc        (34eee0dfaadb4f691d6d5308a51315dc) C:\windows\System32\wcncsvc.dll
19:18:50.0413 5640        wcncsvc - ok
19:18:50.0444 5640        WcsPlugInService (5d930b6357a6d2af4d7653bdabbf352f) C:\windows\System32\WcsPlugInService.dll
19:18:50.0554 5640        WcsPlugInService - ok
19:18:50.0647 5640        Wd              (1112a9badacb47b7c0bb0392e3158dff) C:\windows\system32\DRIVERS\wd.sys
19:18:50.0710 5640        Wd - ok
19:18:50.0741 5640        Wdf01000        (9950e3d0f08141c7e89e64456ae7dc73) C:\windows\system32\drivers\Wdf01000.sys
19:18:50.0850 5640        Wdf01000 - ok
19:18:50.0881 5640        WdiServiceHost  (46ef9dc96265fd0b423db72e7c38c2a5) C:\windows\system32\wdi.dll
19:18:51.0022 5640        WdiServiceHost - ok
19:18:51.0037 5640        WdiSystemHost  (46ef9dc96265fd0b423db72e7c38c2a5) C:\windows\system32\wdi.dll
19:18:51.0131 5640        WdiSystemHost - ok
19:18:51.0240 5640        WebClient      (a9d880f97530d5b8fee278923349929d) C:\windows\System32\webclnt.dll
19:18:51.0365 5640        WebClient - ok
19:18:51.0443 5640        Wecsvc          (760f0afe937a77cff27153206534f275) C:\windows\system32\wecsvc.dll
19:18:51.0599 5640        Wecsvc - ok
19:18:51.0646 5640        wercplsupport  (ac804569bb2364fb6017370258a4091b) C:\windows\System32\wercplsupport.dll
19:18:51.0802 5640        wercplsupport - ok
19:18:51.0911 5640        WerSvc          (08e420d873e4fd85241ee2421b02c4a4) C:\windows\System32\WerSvc.dll
19:18:52.0051 5640        WerSvc - ok
19:18:52.0145 5640        WfpLwf          (8b9a943f3b53861f2bfaf6c186168f79) C:\windows\system32\DRIVERS\wfplwf.sys
19:18:52.0285 5640        WfpLwf - ok
19:18:52.0316 5640        WIMMount        (5cf95b35e59e2a38023836fff31be64c) C:\windows\system32\drivers\wimmount.sys
19:18:52.0363 5640        WIMMount - ok
19:18:52.0457 5640        WinDefend      (3fae8f94296001c32eab62cd7d82e0fd) C:\Program Files\Windows Defender\mpsvc.dll
19:18:52.0597 5640        WinDefend - ok
19:18:52.0628 5640        WinHttpAutoProxySvc - ok
19:18:52.0753 5640        Winmgmt        (f62e510b6ad4c21eb9fe8668ed251826) C:\windows\system32\wbem\WMIsvc.dll
19:18:52.0894 5640        Winmgmt - ok
19:18:53.0003 5640        WinRM          (1b91cd34ea3a90ab6a4ef0550174f4cc) C:\windows\system32\WsmSvc.dll
19:18:53.0237 5640        WinRM - ok
19:18:53.0393 5640        Wlansvc        (16935c98ff639d185086a3529b1f2067) C:\windows\System32\wlansvc.dll
19:18:53.0549 5640        Wlansvc - ok
19:18:53.0674 5640        WmiAcpi        (0217679b8fca58714c3bf2726d2ca84e) C:\windows\system32\drivers\wmiacpi.sys
19:18:53.0752 5640        WmiAcpi - ok
19:18:53.0830 5640        wmiApSrv        (6eb6b66517b048d87dc1856ddf1f4c3f) C:\windows\system32\wbem\WmiApSrv.exe
19:18:53.0908 5640        wmiApSrv - ok
19:18:54.0032 5640        WMPNetworkSvc  (3b40d3a61aa8c21b88ae57c58ab3122e) C:\Program Files\Windows Media Player\wmpnetwk.exe
19:18:54.0188 5640        WMPNetworkSvc - ok
19:18:54.0282 5640        WPCSvc          (a2f0ec770a92f2b3f9de6d518e11409c) C:\windows\System32\wpcsvc.dll
19:18:54.0391 5640        WPCSvc - ok
19:18:54.0469 5640        WPDBusEnum      (aa53356d60af47eacc85bc617a4f3f66) C:\windows\system32\wpdbusenum.dll
19:18:54.0578 5640        WPDBusEnum - ok
19:18:54.0656 5640        ws2ifsl        (6db3276587b853bf886b69528fdb048c) C:\windows\system32\drivers\ws2ifsl.sys
19:18:54.0797 5640        ws2ifsl - ok
19:18:54.0844 5640        wscsvc          (6f5d49efe0e7164e03ae773a3fe25340) C:\windows\System32\wscsvc.dll
19:18:54.0953 5640        wscsvc - ok
19:18:54.0984 5640        WSearch - ok
19:18:55.0109 5640        wuauserv        (3026418a50c5b4761befa632cedb7406) C:\windows\system32\wuaueng.dll
19:18:55.0358 5640        wuauserv - ok
19:18:55.0421 5640        WudfPf          (e714a1c0354636837e20ccbf00888ee7) C:\windows\system32\drivers\WudfPf.sys
19:18:55.0561 5640        WudfPf - ok
19:18:55.0686 5640        WUDFRd          (1023ee888c9b47178c5293ed5336ab69) C:\windows\system32\DRIVERS\WUDFRd.sys
19:18:55.0826 5640        WUDFRd - ok
19:18:55.0936 5640        wudfsvc        (8d1e1e529a2c9e9b6a85b55a345f7629) C:\windows\System32\WUDFSvc.dll
19:18:56.0092 5640        wudfsvc - ok
19:18:56.0154 5640        WwanSvc        (ff2d745b560f7c71b31f30f4d49f73d2) C:\windows\System32\wwansvc.dll
19:18:56.0263 5640        WwanSvc - ok
19:18:56.0341 5640        MBR (0x1B8)    (a36c5e4f47e84449ff07ed3517b43a31) \Device\Harddisk0\DR0
19:18:56.0482 5640        \Device\Harddisk0\DR0 - ok
19:18:56.0497 5640        Boot (0x1200)  (7f363dc86fabf1d43127dc878f00e2e9) \Device\Harddisk0\DR0\Partition0
19:18:56.0497 5640        \Device\Harddisk0\DR0\Partition0 - ok
19:18:56.0544 5640        Boot (0x1200)  (e561d3855e7409f40c075f86402524ce) \Device\Harddisk0\DR0\Partition1
19:18:56.0544 5640        \Device\Harddisk0\DR0\Partition1 - ok
19:18:56.0560 5640        ============================================================
19:18:56.0560 5640        Scan finished
19:18:56.0560 5640        ============================================================
19:18:56.0591 5636        Detected object count: 8
19:18:56.0591 5636        Actual detected object count: 8
19:19:35.0279 5636        AsusService ( UnsignedFile.Multi.Generic ) - skipped by user
19:19:35.0279 5636        AsusService ( UnsignedFile.Multi.Generic ) - User select action: Skip
19:19:35.0279 5636        IDriverT ( UnsignedFile.Multi.Generic ) - skipped by user
19:19:35.0279 5636        IDriverT ( UnsignedFile.Multi.Generic ) - User select action: Skip
19:19:35.0295 5636        MSCSPTISRV ( UnsignedFile.Multi.Generic ) - skipped by user
19:19:35.0295 5636        MSCSPTISRV ( UnsignedFile.Multi.Generic ) - User select action: Skip
19:19:35.0295 5636        Net Driver HPZ12 ( UnsignedFile.Multi.Generic ) - skipped by user
19:19:35.0295 5636        Net Driver HPZ12 ( UnsignedFile.Multi.Generic ) - User select action: Skip
19:19:35.0310 5636        PACSPTISVR ( UnsignedFile.Multi.Generic ) - skipped by user
19:19:35.0310 5636        PACSPTISVR ( UnsignedFile.Multi.Generic ) - User select action: Skip
19:19:35.0310 5636        Pml Driver HPZ12 ( UnsignedFile.Multi.Generic ) - skipped by user
19:19:35.0310 5636        Pml Driver HPZ12 ( UnsignedFile.Multi.Generic ) - User select action: Skip
19:19:35.0326 5636        PxHelp20 ( UnsignedFile.Multi.Generic ) - skipped by user
19:19:35.0326 5636        PxHelp20 ( UnsignedFile.Multi.Generic ) - User select action: Skip
19:19:35.0326 5636        SPTISRV ( UnsignedFile.Multi.Generic ) - skipped by user
19:19:35.0326 5636        SPTISRV ( UnsignedFile.Multi.Generic ) - User select action: Skip

cosinus 15.04.2012 14:58
Dann bitte jetzt CF ausführen:

ComboFix

Ein Leitfaden und Tutorium zur Nutzung von ComboFix
  • Schliesse alle Programme, vor allem dein Antivirenprogramm und andere Hintergrundwächter sowie deinen Internetbrowser.
  • Starte combofix.exe von deinem Desktop aus, bestätige die Warnmeldungen, führe die Updates durch (falls vorgeschlagen), installiere die Wiederherstellungskonsole (falls vorgeschlagen) und lass dein System durchsuchen.
    Vermeide es auch während Combofix läuft die Maus und Tastatur zu benutzen.
  • Im Anschluss öffnet sich automatisch eine combofix.txt, diesen Inhalt bitte kopieren ([Strg]a, [Strg]c) und in deinen Beitrag einfügen ([Strg]v). Die Datei findest du außerdem unter: C:\ComboFix.txt.
Wichtiger Hinweis:
Combofix darf ausschließlich ausgeführt werden, wenn ein Kompetenzler dies ausdrücklich empfohlen hat!

Es sollte nie auf eigene Initiative hin ausgeführt werden! Eine falsche Benutzung kann ernsthafte Computerprobleme nach sich ziehen und eine Bereinigung der Infektion noch erschweren.

Solltest du nach der Ausführung von Combofix Probleme beim Starten von Anwendungen haben und Meldungen erhalten wie

Zitat:
Es wurde versucht, einen Registrierungsschlüssel einem ungültigen Vorgang zu unterziehen, der zum Löschen markiert wurde.
startest du Windows dann manuell neu und die Fehlermeldungen sollten nicht mehr auftauchen.

Eustace 15.04.2012 16:00
Combofix Logfile:
Code:
ComboFix 12-04-15.01 - Alina 15.04.2012  16:40:05.1.4 - x86
Microsoft Windows 7 Starter  6.1.7601.1.1252.49.1031.18.1014.293 [GMT 2:00]
ausgeführt von:: c:\users\Alina\Desktop\ComboFix.exe
AV: Avira Desktop *Disabled/Updated* {F67B4DE5-C0B4-6C3F-0EFF-6C83BD5D0C2C}
SP: Avira Desktop *Disabled/Updated* {4D1AAC01-E68E-63B1-344F-57F1C6DA4691}
SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
.
((((((((((((((((((((((((((((((((((((  Weitere Löschungen  ))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\programdata\FullRemove.exe
c:\users\Alina\esetsmartinstaller_enu.exe
c:\users\Alina\OTL.exe
.
.
(((((((((((((((((((((((  Dateien erstellt von 2012-03-15 bis 2012-04-15  ))))))))))))))))))))))))))))))
.
.
2012-04-15 14:52 . 2012-04-15 14:53        --------        d-----w-        c:\users\Alina\AppData\Local\temp
2012-04-15 14:52 . 2012-04-15 14:52        --------        d-----w-        c:\users\Default\AppData\Local\temp
2012-04-15 14:36 . 2012-04-15 14:36        56200        ----a-w-        c:\programdata\Microsoft\Windows Defender\Definition Updates\{B4EB9669-5E78-4D02-88C2-979793E6A732}\offreg.dll
2012-04-13 10:58 . 2012-04-13 10:58        --------        d-----w-        C:\_OTL
2012-04-13 09:21 . 2012-03-20 01:53        6582328        ----a-w-        c:\programdata\Microsoft\Windows Defender\Definition Updates\{B4EB9669-5E78-4D02-88C2-979793E6A732}\mpengine.dll
2012-04-12 18:48 . 2012-04-12 18:48        --------        d-----w-        c:\program files\ESET
2012-04-12 09:06 . 2012-03-01 05:46        19824        ----a-w-        c:\windows\system32\drivers\fs_rec.sys
2012-04-12 09:06 . 2012-03-01 05:37        172544        ----a-w-        c:\windows\system32\wintrust.dll
2012-04-12 09:06 . 2012-03-01 05:33        159232        ----a-w-        c:\windows\system32\imagehlp.dll
2012-04-12 09:06 . 2012-03-01 05:29        5120        ----a-w-        c:\windows\system32\wmi.dll
2012-04-12 08:58 . 2012-02-03 03:54        2343424        ----a-w-        c:\windows\system32\win32k.sys
2012-04-12 08:58 . 2012-02-10 05:38        1077248        ----a-w-        c:\windows\system32\DWrite.dll
2012-04-12 08:57 . 2011-09-29 16:03        1290608        ----a-w-        c:\windows\system32\drivers\tcpip.sys
2012-04-12 08:57 . 2011-11-17 05:38        1288472        ----a-w-        c:\windows\system32\ntdll.dll
2012-04-12 08:57 . 2011-10-01 04:37        708608        ----a-w-        c:\program files\Common Files\System\wab32.dll
2012-04-12 08:57 . 2011-12-30 05:27        478720        ----a-w-        c:\windows\system32\timedate.cpl
2012-04-12 08:57 . 2011-11-05 04:26        2048        ----a-w-        c:\windows\system32\tzres.dll
2012-04-12 08:55 . 2011-11-19 14:01        67072        ----a-w-        c:\windows\system32\packager.dll
2012-04-12 08:55 . 2011-10-15 05:38        534528        ----a-w-        c:\windows\system32\EncDec.dll
2012-04-12 08:55 . 2011-10-26 04:28        38912        ----a-w-        c:\windows\system32\csrsrv.dll
2012-04-12 08:55 . 2011-10-26 04:32        1328128        ----a-w-        c:\windows\system32\quartz.dll
2012-04-12 08:55 . 2011-10-26 04:32        514560        ----a-w-        c:\windows\system32\qdvd.dll
2012-04-12 08:53 . 2012-03-06 05:59        3968368        ----a-w-        c:\windows\system32\ntkrnlpa.exe
2012-04-12 08:53 . 2012-03-06 05:59        3913072        ----a-w-        c:\windows\system32\ntoskrnl.exe
2012-04-12 08:44 . 2012-02-28 05:34        860672        ----a-w-        c:\program files\Internet Explorer\iedvtool.dll
2012-04-12 08:44 . 2012-02-28 05:38        981504        ----a-w-        c:\windows\system32\wininet.dll
2012-04-12 08:44 . 2012-02-28 05:34        163328        ----a-w-        c:\program files\Internet Explorer\ieproxy.dll
2012-04-12 08:44 . 2012-02-28 03:52        1638912        ----a-w-        c:\windows\system32\mshtml.tlb
2012-04-12 08:41 . 2012-01-25 05:32        58880        ----a-w-        c:\windows\system32\rdpwsx.dll
2012-04-12 08:41 . 2012-01-25 05:32        129536        ----a-w-        c:\windows\system32\rdpcorekmts.dll
2012-04-12 08:41 . 2012-01-25 05:27        8192        ----a-w-        c:\windows\system32\rdrmemptylst.exe
2012-04-12 08:41 . 2012-02-17 05:34        826880        ----a-w-        c:\windows\system32\rdpcore.dll
2012-04-12 08:41 . 2012-02-17 04:14        183808        ----a-w-        c:\windows\system32\drivers\rdpwd.sys
2012-04-12 08:41 . 2012-02-17 04:13        24576        ----a-w-        c:\windows\system32\drivers\tdtcp.sys
2012-04-11 14:02 . 2012-04-11 14:02        --------        d-----w-        c:\users\Alina\AppData\Roaming\Malwarebytes
2012-04-11 14:01 . 2012-04-11 14:01        --------        d-----w-        c:\programdata\Malwarebytes
2012-04-11 14:01 . 2012-04-04 13:56        22344        ----a-w-        c:\windows\system32\drivers\mbam.sys
2012-04-11 14:01 . 2012-04-11 14:01        --------        d-----w-        c:\program files\Malwarebytes' Anti-Malware
2012-03-28 20:27 . 2012-03-28 20:27        --------        d-----w-        c:\program files\Common Files\Java
2012-03-28 20:26 . 2012-03-28 20:26        472808        ----a-w-        c:\windows\system32\deployJava1.dll
2012-03-28 20:25 . 2012-03-28 20:25        --------        d-----w-        c:\program files\Java
2012-03-22 13:25 . 2012-03-22 13:25        592824        ----a-w-        c:\program files\Mozilla Firefox\gkmedias.dll
2012-03-22 13:25 . 2012-03-22 13:25        44472        ----a-w-        c:\program files\Mozilla Firefox\mozglue.dll
.
.
.
((((((((((((((((((((((((((((((((((((  Find3M Bericht  ))))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2012-02-23 08:18 . 2011-10-22 17:12        237072        ------w-        c:\windows\system32\MpSigStub.exe
2012-02-15 14:01 . 2011-10-22 16:58        137416        ----a-w-        c:\windows\system32\drivers\avipbb.sys
2012-03-22 13:25 . 2011-11-12 08:51        97208        ----a-w-        c:\program files\mozilla firefox\components\browsercomps.dll
.
.
((((((((((((((((((((((((((((  Autostartpunkte der Registrierung  ))))))))))))))))))))))))))))))))))))))))
.
.
*Hinweis* leere Einträge & legitime Standardeinträge werden nicht angezeigt.
REGEDIT4
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\AsusWSShellExt_B]
@="{CC5FC992-B0AA-47CD-9DC2-83445083CBB8}"
[HKEY_CLASSES_ROOT\CLSID\{CC5FC992-B0AA-47CD-9DC2-83445083CBB8}]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\AsusWSShellExt_O]
@="{618A47A2-528B-4D9A-AFC8-97D3233511E2}"
[HKEY_CLASSES_ROOT\CLSID\{618A47A2-528B-4D9A-AFC8-97D3233511E2}]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"IAAnotif"="c:\program files\Intel\Intel Matrix Storage Manager\iaanotif.exe" [2009-06-05 186904]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2009-02-28 35696]
"HotkeyMon"="AsusSender.exe" [2010-09-08 34728]
"HotkeyService"="AsusSender.exe" [2010-09-08 34728]
"SuperHybridEngine"="AsusSender.exe" [2010-09-08 34728]
"LiveUpdate"="AsusSender.exe" [2010-09-08 34728]
"CapsHook"="AsusSender.exe" [2010-09-08 34728]
"Eee Docking"="c:\program files\ASUS\Eee Docking\Eee Docking.exe" [2010-06-10 414384]
"GraphicsSwitch"="AsusSender.exe" [2010-09-08 34728]
"IgfxTray"="c:\windows\system32\igfxtray.exe" [2010-05-10 141848]
"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2010-05-10 173592]
"Persistence"="c:\windows\system32\igfxpers.exe" [2010-05-10 150552]
"RtHDVCpl"="c:\program files\Realtek\Audio\HDA\RtHDVCpl.exe" [2010-02-25 8522272]
"SynTPEnh"="c:\program files\Synaptics\SynTP\SynTPEnh.exe" [2009-11-19 1594664]
"LivCam"="c:\program files\ASUS\LivCam\LivCam.exe" [2009-11-19 284160]
"UCam_Menu"="c:\program files\CyberLink\YouCam\MUITransfer\MUIStartMenu.exe" [2009-05-19 222504]
"Boingo Wi-Fi"="c:\program files\Boingo\Boingo Wi-Fi\Boingo.lnk" [2011-10-17 2429]
"ASUSPRP"="c:\program files\ASUS\APRP\APRP.EXE" [2010-09-14 2018032]
"SynAsusAcpi"="c:\program files\Synaptics\SynTP\SynAsusAcpi.exe" [2009-11-19 83240]
"avgnt"="c:\program files\Avira\AntiVir Desktop\avgnt.exe" [2011-10-11 258512]
"ASUSWebStorage"="c:\program files\ASUS\ASUS WebStorage\3.0.108.222\AsusWSPanel.exe" [2011-07-29 737104]
"APSDaemon"="c:\program files\Common Files\Apple\Apple Application Support\APSDaemon.exe" [2011-09-27 59240]
"iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2011-11-12 421736]
"SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2012-01-18 254696]
.
c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
AsusVibeLauncher.lnk - c:\program files\ASUS\AsusVibe\AsusVibeLauncher.exe [2012-3-3 549040]
Bluetooth.lnk - c:\program files\WIDCOMM\Bluetooth Software\BTTray.exe [2009-8-3 795936]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 5 (0x5)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableUIADesktopToggle"= 0 (0x0)
.
R2 AsusService;Asus Launcher Service;c:\windows\System32\AsusService.exe [2009-08-19 219136]
R2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-03-18 130384]
R3 BBSvc;Bing Bar Update Service;c:\program files\Microsoft\BingBar\BBSvc.EXE [2011-04-01 183560]
R3 btusbflt;Bluetooth USB Filter;c:\windows\system32\drivers\btusbflt.sys [2009-07-01 43944]
R3 btwl2cap;Bluetooth L2CAP Service;c:\windows\system32\DRIVERS\btwl2cap.sys [2009-04-07 29472]
R3 osppsvc;Office Software Protection Platform;c:\program files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE [2010-01-09 4640000]
R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys [2010-11-20 52224]
S1 AsUpIO;AsUpIO;c:\windows\system32\drivers\AsUpIO.sys [2010-03-31 11520]
S1 avkmgr;avkmgr;c:\windows\system32\DRIVERS\avkmgr.sys [2011-10-11 36000]
S1 vwififlt;Virtual WiFi Filter Driver;c:\windows\system32\DRIVERS\vwififlt.sys [2009-07-13 48128]
S2 AntiVirSchedulerService;Avira Planer;c:\program files\Avira\AntiVir Desktop\sched.exe [2011-10-11 86224]
S2 cvhsvc;Client Virtualization Handler;c:\program files\Common Files\Microsoft Shared\Virtualization Handler\CVHSVC.EXE [2012-01-04 822624]
S2 sftlist;Application Virtualization Client;c:\program files\Microsoft Application Virtualization Client\sftlist.exe [2011-10-01 508776]
S3 L1C;NDIS Miniport Driver for Atheros AR8131/AR8132 PCI-E Ethernet Controller (NDIS 6.20);c:\windows\system32\DRIVERS\L1C62x86.sys [2009-07-27 51712]
S3 Sftfs;Sftfs;c:\windows\system32\DRIVERS\Sftfslh.sys [2011-10-01 579944]
S3 Sftplay;Sftplay;c:\windows\system32\DRIVERS\Sftplaylh.sys [2011-10-01 194408]
S3 Sftredir;Sftredir;c:\windows\system32\DRIVERS\Sftredirlh.sys [2011-10-01 21864]
S3 Sftvol;Sftvol;c:\windows\system32\DRIVERS\Sftvollh.sys [2011-10-01 19304]
S3 sftvsa;Application Virtualization Service Agent;c:\program files\Microsoft Application Virtualization Client\sftvsa.exe [2011-10-01 219496]
.
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
LocalServiceAndNoImpersonation        REG_MULTI_SZ          SSDPSRV upnphost SCardSvr TBS FontCache fdrespub AppIDSvc QWAVE wcncsvc
HPZ12        REG_MULTI_SZ          Pml Driver HPZ12 Net Driver HPZ12
.
Inhalt des "geplante Tasks" Ordners
.
2012-02-05 c:\windows\Tasks\Norton Security Scan for Alina.job
- c:\progra~1\NORTON~2\Engine\351~1.10\Nss.exe [2012-02-04 07:02]
.
.
------- Zusätzlicher Suchlauf -------
.
uStart Page = hxxp://www.google.de/
uInternet Settings,ProxyOverride = *.local
IE: Free YouTube to MP3 Converter - c:\users\Alina\AppData\Roaming\DVDVideoSoftIEHelpers\freeyoutubetomp3converter.htm
TCP: DhcpNameServer = 192.168.2.1
FF - ProfilePath - c:\users\Alina\AppData\Roaming\Mozilla\Firefox\Profiles\4v2rjtrr.default\
FF - prefs.js: browser.startup.homepage - hxxp://www.google.de/
FF - prefs.js: network.proxy.type - 0
.
- - - - Entfernte verwaiste Registrierungseinträge - - - -
.
HKLM-Run-EeeSplendidAgent - c:\program files\ASUS\EPC\EeeSplendid\AsAgent.exe
.
.
.
--------------------- Gesperrte Registrierungsschluessel ---------------------
.
[HKEY_USERS\S-1-5-21-172706901-155862144-3271113608-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.eml\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="WindowsLiveMail.Email.1"
.
[HKEY_USERS\S-1-5-21-172706901-155862144-3271113608-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.vcf\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="WindowsLiveMail.VCard.1"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
Zeit der Fertigstellung: 2012-04-15  16:58:17
ComboFix-quarantined-files.txt  2012-04-15 14:58
.
Vor Suchlauf: 8 Verzeichnis(se), 78.675.783.680 Bytes frei
Nach Suchlauf: 13 Verzeichnis(se), 78.316.023.808 Bytes frei
.
- - End Of File - - FA53B12FEE55F087583E267926A60463
[/CODE]
--- --- ---

cosinus 15.04.2012 16:36
Bitte nun Logs mit GMER und OSAM erstellen und posten.
GMER stürzt häufiger ab, wenn das Tool auch beim 2. Mal nicht will, lass es einfach weg und führ nur OSAM aus - die Online-Abfrage durch OSAM bitte überspringen.
Bei OSAM bitte darauf auch achten, dass Du das Log auch als *.log und nicht *.html oder so abspeicherst.

Hinweis: Zum Entpacken von OSAM bitte WinRAR oder 7zip verwenden! Stell auch unbedingt den Virenscanner ab, besonders der Scanner von McAfee meldet oft einen Fehalarm in OSAM!

Downloade dir bitte aswMBR.exe und speichere die Datei auf deinem Desktop.
  • Starte die aswMBR.exe - (aswMBR.exe Anleitung)
    Ab Windows Vista (oder höher) bitte mit Rechtsklick "als Administrator ausführen" starten".
  • Das Tool wird dich fragen, ob Du mit der aktuellen Virendefinition von AVAST! dein System scannen willst. Beantworte diese Frage bitte mit Ja. (Sollte deine Firewall fragen, bitte den Zugriff auf das Internet zulassen )
    Der Download der Definitionen kann je nach Verbindung eine Weile dauern.
  • Klicke auf Scan.
  • Warte bitte bis Scan finished successfully im DOS-Fenster steht.
  • Drücke auf Save Log und speichere diese auf dem Desktop.
Poste mir die aswMBR.txt in deiner nächsten Antwort.

Wichtig: Drücke keinesfalls einen der Fix Buttons ohne Anweisung

Hinweis: Sollte der Scan Button ausgeblendet sein, schließe das Tool und starte es erneut. Sollte der Scan abbrechen und das Programm abstürzen, dann teile mir das mit und wähle unter AV Scan die Einstellung (none).



Noch ein Hinweis: Sollte aswMBR abstürzen und es kommt eine Meldung wie "aswMBR.exe funktioniert nicht mehr, dann mach Folgendes:
Starte aswMBR neu, wähle unten links im Drop-Down-Menü (unten links im Fenster von aswMBR) bei "AV scan" (none) aus und klick nochmal auf den Scan-Button.

Eustace 15.04.2012 19:02
Hier GMER und OSAM
Und als Datei noch aswMBR
Eine Frage - Ich hab jetzt aufm Desktop eine Datei die heißt "MBR.dat" Brauche ich die noch oder was ist das?? :confused:
GMER Logfile:
Code:
GMER 1.0.15.15641 - hxxp://www.gmer.net
Rootkit scan 2012-04-15 19:03:52
Windows 6.1.7601 Service Pack 1 Harddisk0\DR0 -> \Device\Ide\IAAStorageDevice-0 ST925031 rev.0003
Running: 4l3bh4ep.exe; Driver: C:\Users\Alina\AppData\Local\Temp\uglorpog.sys


---- System - GMER 1.0.15 ----

SSDT            8ABF015E                                                                                                                                                                                                                          ZwCreateSection
SSDT            8ABF0168                                                                                                                                                                                                                          ZwRequestWaitReplyPort
SSDT            8ABF0163                                                                                                                                                                                                                          ZwSetContextThread
SSDT            8ABF016D                                                                                                                                                                                                                          ZwSetSecurityObject
SSDT            8ABF0172                                                                                                                                                                                                                          ZwSystemDebugControl
SSDT            8ABF00FF                                                                                                                                                                                                                          ZwTerminateProcess

---- Kernel code sections - GMER 1.0.15 ----

.text          ntkrnlpa.exe!ZwSaveKey + 13C1                                                                                                                                                                                                      81C8D359 1 Byte  [06]
.text          ntkrnlpa.exe!KiDispatchInterrupt + 5A2                                                                                                                                                                                            81CC6D52 19 Bytes  [E0, 0F, BA, F0, 07, 73, 09, ...] {LOOPNZ 0x11; MOV EDX, 0x97307f0; MOV CR4, EAX; OR AL, 0x80; MOV CR4, EAX; RET ; MOV ECX, CR3}
.text          ntkrnlpa.exe!KeRemoveQueueEx + 11F7                                                                                                                                                                                                81CCDECC 4 Bytes  [5E, 01, BF, 8A]
.text          ntkrnlpa.exe!KeRemoveQueueEx + 1553                                                                                                                                                                                                81CCE228 4 Bytes  [68, 01, BF, 8A]
.text          ntkrnlpa.exe!KeRemoveQueueEx + 1597                                                                                                                                                                                                81CCE26C 4 Bytes  [63, 01, BF, 8A]
.text          ntkrnlpa.exe!KeRemoveQueueEx + 1613                                                                                                                                                                                                81CCE2E8 4 Bytes  [6D, 01, BF, 8A]
.text          ntkrnlpa.exe!KeRemoveQueueEx + 1667                                                                                                                                                                                                81CCE33C 4 Bytes  [72, 01, BF, 8A]
.text          ...                                                                                                                                                                                                                               
?              C:\windows\system32\Drivers\PROCEXP113.SYS                                                                                                                                                                                        Das System kann die angegebene Datei nicht finden. !
?              C:\Users\Alina\AppData\Local\Temp\catchme.sys                                                                                                                                                                                      Das System kann die angegebene Datei nicht finden. !

---- User IAT/EAT - GMER 1.0.15 ----

IAT            C:\Program Files\Asus\LiveUpdate\LiveUpdate.exe[2424] @ C:\windows\system32\USER32.dll [KERNEL32.dll!GetProcAddress]                                                                                                              [7574FFF6] C:\windows\system32\apphelp.dll (Clientbibliothek für Anwendungskompatibilität/Microsoft Corporation)
IAT            C:\Program Files\Asus\LiveUpdate\LiveUpdate.exe[2424] @ C:\windows\system32\GDI32.dll [KERNEL32.dll!GetProcAddress]                                                                                                                [7574FFF6] C:\windows\system32\apphelp.dll (Clientbibliothek für Anwendungskompatibilität/Microsoft Corporation)
IAT            C:\Program Files\Asus\LiveUpdate\LiveUpdate.exe[2424] @ C:\windows\system32\WININET.dll [KERNEL32.dll!GetProcAddress]                                                                                                              [7574FFF6] C:\windows\system32\apphelp.dll (Clientbibliothek für Anwendungskompatibilität/Microsoft Corporation)
IAT            C:\Program Files\Asus\LiveUpdate\LiveUpdate.exe[2424] @ C:\windows\system32\SHLWAPI.dll [KERNEL32.dll!GetProcAddress]                                                                                                              [7574FFF6] C:\windows\system32\apphelp.dll (Clientbibliothek für Anwendungskompatibilität/Microsoft Corporation)
IAT            C:\Program Files\Asus\LiveUpdate\LiveUpdate.exe[2424] @ C:\windows\system32\ADVAPI32.dll [KERNEL32.dll!GetProcAddress]                                                                                                            [7574FFF6] C:\windows\system32\apphelp.dll (Clientbibliothek für Anwendungskompatibilität/Microsoft Corporation)
IAT            C:\Program Files\Asus\LiveUpdate\LiveUpdate.exe[2424] @ C:\windows\system32\CRYPT32.dll [KERNEL32.dll!GetProcAddress]                                                                                                              [7574FFF6] C:\windows\system32\apphelp.dll (Clientbibliothek für Anwendungskompatibilität/Microsoft Corporation)

---- Devices - GMER 1.0.15 ----

AttachedDevice  \Driver\kbdclass \Device\KeyboardClass0                                                                                                                                                                                            Wdf01000.sys (Kernelmodustreiber-Frameworklaufzeit/Microsoft Corporation)
AttachedDevice  \Driver\kbdclass \Device\KeyboardClass1                                                                                                                                                                                            Wdf01000.sys (Kernelmodustreiber-Frameworklaufzeit/Microsoft Corporation)

Device          \Driver\ACPI_HAL \Device\00000048                                                                                                                                                                                                  halmacpi.dll (Hardware Abstraction Layer DLL/Microsoft Corporation)

AttachedDevice  \Driver\volmgr \Device\HarddiskVolume1                                                                                                                                                                                            fvevol.sys (BitLocker Drive Encryption Driver/Microsoft Corporation)
AttachedDevice  \Driver\volmgr \Device\HarddiskVolume1                                                                                                                                                                                            rdyboost.sys (ReadyBoost Driver/Microsoft Corporation)
AttachedDevice  \Driver\volmgr \Device\HarddiskVolume2                                                                                                                                                                                            fvevol.sys (BitLocker Drive Encryption Driver/Microsoft Corporation)
AttachedDevice  \Driver\volmgr \Device\HarddiskVolume2                                                                                                                                                                                            rdyboost.sys (ReadyBoost Driver/Microsoft Corporation)
AttachedDevice  \Driver\volmgr \Device\HarddiskVolume3                                                                                                                                                                                            fvevol.sys (BitLocker Drive Encryption Driver/Microsoft Corporation)
AttachedDevice  \Driver\volmgr \Device\HarddiskVolume3                                                                                                                                                                                            rdyboost.sys (ReadyBoost Driver/Microsoft Corporation)
AttachedDevice  \Driver\volmgr \Device\HarddiskVolume4                                                                                                                                                                                            fvevol.sys (BitLocker Drive Encryption Driver/Microsoft Corporation)
AttachedDevice  \Driver\volmgr \Device\HarddiskVolume4                                                                                                                                                                                            rdyboost.sys (ReadyBoost Driver/Microsoft Corporation)
AttachedDevice  \FileSystem\fastfat \Fat                                                                                                                                                                                                          fltmgr.sys (Microsoft Dateisystem-Filter-Manager/Microsoft Corporation)

---- Registry - GMER 1.0.15 ----

Reg            HKLM\SYSTEM\CurrentControlSet\services\BTHPORT\Parameters\Keys\1c4bd617faed                                                                                                                                                       
Reg            HKLM\SYSTEM\CurrentControlSet\services\BTHPORT\Parameters\Keys\74f06db258d4                                                                                                                                                       
Reg            HKLM\SYSTEM\ControlSet002\services\BTHPORT\Parameters\Keys\1c4bd617faed (not active ControlSet)                                                                                                                                   
Reg            HKLM\SYSTEM\ControlSet002\services\BTHPORT\Parameters\Keys\74f06db258d4 (not active ControlSet)                                                                                                                                   
Reg            HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\StartPage\NewShortcuts@C:\Users\Administrator\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Intel\xae Matrix Storage Manager\Intel\xae Matrix Storage Console.lnk  1
Reg            HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\StartPage\NewShortcuts@C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Intel\xae Matrix Storage Manager\Intel\xae Matrix Storage Console.lnk                          1

---- EOF - GMER 1.0.15 ----
[/CODE]
--- --- ---


OSAM Logfile:
Code:
Report of OSAM: Autorun Manager v5.0.11926.0
hxxp://www.online-solutions.ru/en/
Saved at 19:19:06 on 15.04.2012

OS: Windows 7 Starter Edition Service Pack 1 (Build 7601), 32-bit
Default Browser: Mozilla Corporation Firefox 11.0

Scanner Settings
[x] Rootkits detection (hidden registry)
[x] Rootkits detection (hidden files)
[x] Retrieve files information
[x] Check Microsoft signatures

Filters
[ ] Trusted entries
[ ] Empty entries
[x] Hidden registry entries (rootkit activity)
[x] Exclusively opened files
[x] Not found files
[x] Files without detailed information
[x] Existing files
[ ] Non-startable services
[ ] Non-startable drivers
[x] Active entries
[x] Disabled entries


[Common]
-----( %SystemRoot%\Tasks )-----
"Norton Security Scan for Alina.job" - "Symantec Corporation" - C:\PROGRA~1\NORTON~2\Engine\351~1.10\Nss.exe

[Control Panel Objects]
-----( %SystemRoot%\system32 )-----
"FlashPlayerCPLApp.cpl" - "Adobe Systems Incorporated" - C:\windows\system32\FlashPlayerCPLApp.cpl

[Drivers]
-----( HKLM\SYSTEM\CurrentControlSet\Services )-----
"AsUpIO" (AsUpIO) - ? - C:\windows\System32\drivers\AsUpIO.sys  (File found, but it contains no detailed information)
"avgntflt" (avgntflt) - "Avira GmbH" - C:\windows\System32\DRIVERS\avgntflt.sys
"avipbb" (avipbb) - "Avira GmbH" - C:\windows\System32\DRIVERS\avipbb.sys
"avkmgr" (avkmgr) - "Avira GmbH" - C:\windows\System32\DRIVERS\avkmgr.sys
"catchme" (catchme) - ? - C:\Users\Alina\AppData\Local\Temp\catchme.sys  (File not found)
"PxHelp20" (PxHelp20) - "Sonic Solutions" - C:\windows\System32\Drivers\PxHelp20.sys
"Sftfs" (Sftfs) - "Microsoft Corporation" - C:\windows\System32\DRIVERS\Sftfslh.sys
"Sftplay" (Sftplay) - "Microsoft Corporation" - C:\windows\System32\DRIVERS\Sftplaylh.sys
"Sftredir" (Sftredir) - "Microsoft Corporation" - C:\windows\System32\DRIVERS\Sftredirlh.sys
"Sftvol" (Sftvol) - "Microsoft Corporation" - C:\windows\System32\DRIVERS\Sftvollh.sys
"ssmdrv" (ssmdrv) - "Avira GmbH" - C:\windows\System32\DRIVERS\ssmdrv.sys

[Explorer]
-----( HKLM\Software\Classes\Folder\shellex\ColumnHandlers )-----
{F9DB5320-233E-11D1-9F84-707F02C10627} "PDF Shell Extension" - "Adobe Systems, Inc." - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\PDFShell.dll
-----( HKLM\Software\Classes\Protocols\Handler )-----
{FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} "IEProtocolHandler Class" - "Skype Technologies" - C:\Program Files\Aibelive\Voice Command\Skype4COM.dll
-----( HKLM\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved )-----
{23170F69-40C1-278A-1000-000100020000} "7-Zip Shell Extension" - "Igor Pavlov" - C:\Program Files\7-Zip\7-zip.dll
{B9E1D2CB-CCFF-4AA6-9579-D7A4754030EF} "iTunes" - "Apple Inc." - C:\Program Files\iTunes\iTunesMiniPlayer.dll
{0875DCB6-C686-4243-9432-ADCCF0B9F2D7} "Microsoft OneNote Namespace Extension for Windows Desktop Search" - "Microsoft Corporation" - C:\Program Files\Microsoft Office\Office14\ONFILTER.DLL
{45AC2688-0253-4ED8-97DE-B5370FA7D48A} "Shell Extension for Malware scanning" - "Avira Operations GmbH & Co. KG" - C:\Program Files\Avira\AntiVir Desktop\shlext.dll

[Internet Explorer]
-----( HKCU\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser )-----
ITBar7Height "ITBar7Height" - ? -  (File not found | COM-object registry key not found)
<binary data> "ITBar7Layout" - ? -  (File not found | COM-object registry key not found)
-----( HKLM\SOFTWARE\Microsoft\Code Store Database\Distribution Units )-----
{8AD9C840-044E-11D1-B3E9-00805F499D93} "Java Plug-in 1.6.0_31" - "Sun Microsystems, Inc." - C:\Program Files\Java\jre6\bin\jp2iexp.dll / hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab
{CAFEEFAC-0016-0000-0031-ABCDEFFEDCBA} "Java Plug-in 1.6.0_31" - "Sun Microsystems, Inc." - C:\Program Files\Java\jre6\bin\jp2iexp.dll / hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab
{CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} "Java Plug-in 1.6.0_31" - "Sun Microsystems, Inc." - C:\Program Files\Java\jre6\bin\npjpi160_31.dll / hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab
-----( HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects )-----
{18DF081C-E8AD-4283-A596-FA578C2EBDC3} "Adobe PDF Link Helper" - "Adobe Systems Incorporated" - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
{DBC80044-A445-435b-BC74-9C25C1C588A9} "Java(tm) Plug-In 2 SSV Helper" - "Sun Microsystems, Inc." - C:\Program Files\Java\jre6\bin\jp2ssv.dll
{761497BB-D6F0-462C-B6EB-D4DAF1D92D43} "Java(tm) Plug-In SSV Helper" - "Sun Microsystems, Inc." - C:\Program Files\Java\jre6\bin\ssv.dll

[Logon]
-----( %APPDATA%\Microsoft\Windows\Start Menu\Programs\Startup )-----
"desktop.ini" - ? - C:\Users\Alina\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\desktop.ini
-----( %AllUsersProfile%\Microsoft\Windows\Start Menu\Programs\Startup )-----
"AsusVibeLauncher.lnk" - "ASUSTeK Computer Inc." - C:\Program Files\ASUS\AsusVibe\AsusVibeLauncher.exe  (Shortcut exists | File exists)
"desktop.ini" - ? - C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\desktop.ini
"Bluetooth.lnk" - "Broadcom Corporation." - C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe  (Shortcut exists | File exists)
-----( HKLM\SYSTEM\CurrentControlSet\Control\Terminal Server\Wds\rdpwd )-----
"StartupPrograms" - ? - rdpclip  (File not found)
-----( HKLM\Software\Microsoft\Windows\CurrentVersion\Run )-----
"Adobe Reader Speed Launcher" - "Adobe Systems Incorporated" - "C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe"
"APSDaemon" - "Apple Inc." - "C:\Program Files\Common Files\Apple\Apple Application Support\APSDaemon.exe"
"ASUSPRP" - "ASUSTek Computer Inc." - C:\Program Files\ASUS\APRP\APRP.EXE
"ASUSWebStorage" - "ecareme" - C:\Program Files\ASUS\ASUS WebStorage\3.0.108.222\AsusWSPanel.exe /S
"avgnt" - "Avira Operations GmbH & Co. KG" - "C:\Program Files\Avira\AntiVir Desktop\avgnt.exe" /min
"Boingo Wi-Fi" - ? - "C:\Program Files\Boingo\Boingo Wi-Fi\Boingo.lnk"
"CapsHook" - "ASUSTek Computer Inc." - AsusSender.exe C:\Program Files\EeePC\CapsHook\CapsHook.exe
"Eee Docking" - ? - C:\Program Files\ASUS\Eee Docking\Eee Docking.exe autorun
"GraphicsSwitch" - "ASUSTek Computer Inc." - AsusSender.exe C:\Program Files\Asus\GraphicsSwitch\GPUStatusMonitor.exe
"HotkeyMon" - "ASUSTek Computer Inc." - AsusSender.exe C:\Program Files\EeePC\HotkeyService\HotKeyMon.exe
"HotkeyService" - "ASUSTek Computer Inc." - AsusSender.exe C:\Program Files\EeePC\HotkeyService\HotkeyService.exe
"IAAnotif" - "Intel Corporation" - C:\Program Files\Intel\Intel Matrix Storage Manager\iaanotif.exe
"iTunesHelper" - "Apple Inc." - "C:\Program Files\iTunes\iTunesHelper.exe"
"LivCam" - "ASUSTek" - "C:\Program Files\ASUS\LivCam\LivCam.exe"
"LiveUpdate" - "ASUSTek Computer Inc." - AsusSender.exe C:\Program Files\Asus\LiveUpdate\LiveUpdate.exe auto
"SunJavaUpdateSched" - "Sun Microsystems, Inc." - "C:\Program Files\Common Files\Java\Java Update\jusched.exe"
"SuperHybridEngine" - "ASUSTek Computer Inc." - AsusSender.exe C:\Program Files\EeePC\SHE\SuperHybridEngine.exe
"UCam_Menu" - "CyberLink Corp." - "C:\Program Files\CyberLink\YouCam\MUITransfer\MUIStartMenu.exe" "C:\Program Files\CyberLink\YouCam" UpdateWithCreateOnce "Software\CyberLink\YouCam\2.0"

[Services]
-----( HKLM\SYSTEM\CurrentControlSet\Services )-----
"Apple Mobile Device" (Apple Mobile Device) - "Apple Inc." - C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
"Application Virtualization Client" (sftlist) - "Microsoft Corporation" - C:\Program Files\Microsoft Application Virtualization Client\sftlist.exe
"Application Virtualization Service Agent" (sftvsa) - "Microsoft Corporation" - C:\Program Files\Microsoft Application Virtualization Client\sftvsa.exe
"Asus Launcher Service" (AsusService) - ? - C:\Windows\System32\AsusService.exe  (File found, but it contains no detailed information)
"Avira Echtzeit Scanner" (AntiVirService) - "Avira Operations GmbH & Co. KG" - C:\Program Files\Avira\AntiVir Desktop\avguard.exe
"Avira Planer" (AntiVirSchedulerService) - "Avira Operations GmbH & Co. KG" - C:\Program Files\Avira\AntiVir Desktop\sched.exe
"Bing Bar Update Service" (BBSvc) - "Microsoft Corporation." - C:\Program Files\Microsoft\BingBar\BBSvc.EXE
"Bluetooth Service" (btwdins) - "Broadcom Corporation." - C:\Program Files\WIDCOMM\Bluetooth Software\btwdins.exe
"Client Virtualization Handler" (cvhsvc) - "Microsoft Corporation" - C:\Program Files\Common Files\Microsoft Shared\Virtualization Handler\CVHSVC.EXE
"Dienst "Bonjour"" (Bonjour Service) - "Apple Inc." - C:\Program Files\Bonjour\mDNSResponder.exe
"InstallDriver Table Manager" (IDriverT) - "Macrovision Corporation" - C:\Program Files\Common Files\InstallShield\Driver\1150\Intel 32\IDriverT.exe
"Intel(R) Matrix Storage Event Monitor" (IAANTMON) - "Intel Corporation" - C:\Program Files\Intel\Intel Matrix Storage Manager\IAANTMon.exe
"iPod-Dienst" (iPod Service) - "Apple Inc." - C:\Program Files\iPod\bin\iPodService.exe
"Microsoft .NET Framework NGEN v4.0.30319_X86" (clr_optimization_v4.0.30319_32) - "Microsoft Corporation" - C:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe
"MSCSPTISRV" (MSCSPTISRV) - "Sony Corporation" - C:\Program Files\Common Files\Sony Shared\AVLib\MSCSPTISRV.exe
"Net Driver HPZ12" (Net Driver HPZ12) - "Hewlett-Packard" - C:\windows\system32\HPZinw12.dll
"Office  Source Engine" (ose) - "Microsoft Corporation" - C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE
"Office Software Protection Platform" (osppsvc) - "Microsoft Corporation" - C:\Program Files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE
"PACSPTISVR" (PACSPTISVR) - ? - C:\Program Files\Common Files\Sony Shared\AVLib\PACSPTISVR.exe
"Pml Driver HPZ12" (Pml Driver HPZ12) - "Hewlett-Packard" - C:\windows\system32\HPZipm12.dll
"SeaPort" (SeaPort) - "Microsoft Corporation" - C:\Program Files\Microsoft\BingBar\SeaPort.EXE
"SonicStage Back-End Service" (SonicStage Back-End Service) - "Sony Corporation" - C:\Program Files\Common Files\Sony Shared\AVLib\SsBeSvc.exe
"SonicStage SCSI Service" (SSScsiSV) - "Sony Corporation" - C:\Program Files\Common Files\Sony Shared\AVLib\SSScsiSV.exe
"Sony SPTI Service" (SPTISRV) - "Sony Corporation" - C:\Program Files\Common Files\Sony Shared\AVLib\SPTISRV.exe

[Winsock Providers]
-----( HKLM\SYSTEM\CurrentControlSet\Services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries )-----
"mdnsNSP" - "Apple Inc." - C:\Program Files\Bonjour\mdnsNSP.dll

===[ Logfile end ]=========================================[ Logfile end ]===
--- --- ---

If You have questions or want to get some help, You can visit hxxp://forum.online-solutions.ru [/code]


Alle Zeitangaben in WEZ +1. Es ist jetzt 11:51 Uhr.
Seite 1 von 2 1 2
100 Beiträge dieses Themas auf einer Seite anzeigen

Copyright ©2000-2025, Trojaner-Board


Search Engine Optimization by vBSEO ©2011, Crawlability, Inc.

1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28 29 30 31 32 33 34 35 36 37 38 39 40 41 42 43 44 45 46 47 48 49 50 51 52 53 54 55 56 57 58 59 60 61 62 63 64 65 66 67 68 69 70 71 72 73 74 75 76 77 78 79 80 81 82 83 84 85 86 87 88 89 90 91 92 93 94 95 96 97 98 99 100 101 102 103 104 105 106 107 108 109 110 111 112 113 114 115 116 117 118 119 120 121 122 123 124 125 126 127 128 129 130 131