TR/ATRAPS.Gen ; TR/ATRAPS.Gen2

JohannesW · 12.06.2012, 09:05

Hallo, auch ich hoffe dass ich alle Hinweise richtig verstanden habe.
wie viele anderen auch habe ich mir die 2 Viren TR/ATRAPS.Gen ; TR/ATRAPS.Gen2
eingefangen als ich einen Adobe Flash Player runtergeladen habe.
Auch bei mir kann Antivir das Problem nicht beheben, sondern der Virus erscheint immer wieder.
Ich hoffe dass Ihr mir helfen könnt.

hier die 2 Scans

OTL logfile created on: 11.06.2012 15:40:36 - Run 1
OTL by OldTimer - Version 3.2.48.0 Folder = C:\Users\Johannes\Downloads
64bit- Home Premium Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy

8,00 Gb Total Physical Memory | 6,53 Gb Available Physical Memory | 81,63% Memory free
15,99 Gb Paging File | 14,49 Gb Available in Paging File | 90,60% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 232,79 Gb Total Space | 130,07 Gb Free Space | 55,88% Space Free | Partition Type: NTFS

Computer Name: JOHANNES-PC | User Name: Johannes | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Include 64bit Scans
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - C:\Users\Johannes\Downloads\OTL.exe (OldTimer Tools)
PRC - C:\Windows\SysWOW64\Macromed\Flash\FlashUtil32_11_2_202_235_ActiveX.exe (Adobe Systems Incorporated)
PRC - C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe (Avira Operations GmbH & Co. KG)
PRC - C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe (Avira Operations GmbH & Co. KG)
PRC - C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe (Avira Operations GmbH & Co. KG)
PRC - C:\Program Files (x86)\MOTU\Audio\MFWAKeys.exe ()
PRC - C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe (Adobe Systems Incorporated)
PRC - C:\Program Files (x86)\avmwlanstick\WLanGUI.exe (AVM Berlin)
PRC - C:\Program Files (x86)\avmwlanstick\WlanNetService.exe (AVM Berlin)
PRC - C:\Program Files (x86)\Lexmark 9500 Series\lxdomon.exe ()
PRC - C:\Program Files (x86)\Lexmark 9500 Series\lxdoamon.exe ()

========== Modules (No Company Name) ==========

MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\90555968565afd59bce4b0974e9903bd\System.Windows.Forms.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Drawing\69f6e582cb79f107c61308b468c1a215\System.Drawing.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Xml\ba3d70b651454c7d49b407b93663bfed\System.Xml.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Configuration\cfa9c506bfb9254c89dace7b83bc9f9d\System.Configuration.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\System\ce9ff6baf9053ed2ed673d948179195c\System.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\acfc1391e45fedd2a359778ea57d914c\mscorlib.ni.dll ()
MOD - C:\Program Files (x86)\MOTU\Audio\MFWAKeys.exe ()
MOD - C:\Windows\assembly\GAC_MSIL\mscorlib.resources\2.0.0.0_de_b77a5c561934e089\mscorlib.resources.dll ()
MOD - C:\Program Files (x86)\Lexmark 9500 Series\App4R.Monitor.Core.dll ()
MOD - C:\Program Files (x86)\Lexmark 9500 Series\App4R.Monitor.Common.dll ()
MOD - C:\Program Files (x86)\Lexmark 9500 Series\app4r.devmons.mcmdevmon.dll ()
MOD - C:\Program Files (x86)\Lexmark 9500 Series\lxdomon.exe ()
MOD - C:\Program Files (x86)\Lexmark 9500 Series\lxdoscw.dll ()
MOD - C:\Program Files (x86)\Lexmark 9500 Series\App4R.DevMons.MCMDevMon.AutoPlayUtil.dll ()
MOD - C:\Program Files (x86)\Lexmark 9500 Series\lxdoamon.exe ()
MOD - C:\Program Files (x86)\Lexmark 9500 Series\lxdodatr.dll ()
MOD - C:\Program Files (x86)\Lexmark 9500 Series\lxdocats.dll ()

========== Win32 Services (SafeList) ==========

SRV:64bit: - (lxdo_device) -- C:\Windows\SysNative\lxdocoms.exe ( )
SRV:64bit: - (lxdoCATSCustConnectService) -- C:\Windows\SysNative\spool\DRIVERS\x64\3\\lxdoserv.exe ()
SRV - (AdobeFlashPlayerUpdateSvc) -- C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe (Adobe Systems Incorporated)
SRV - (MozillaMaintenance) -- C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe (Mozilla Foundation)
SRV - (AntiVirService) -- C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe (Avira Operations GmbH & Co. KG)
SRV - (AntiVirSchedulerService) -- C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe (Avira Operations GmbH & Co. KG)
SRV - (SkypeUpdate) -- C:\Program Files (x86)\Skype\Updater\Updater.exe (Skype Technologies)
SRV - (AdobeARMservice) -- C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe (Adobe Systems Incorporated)
SRV - (AVM WLAN Connection Service) -- C:\Program Files (x86)\avmwlanstick\WlanNetService.exe (AVM Berlin)
SRV - (NVIDIA Performance Driver Service) -- C:\Programme\NVIDIA Corporation\Performance Drivers\nvPDsvc.exe ()
SRV - (clr_optimization_v2.0.50727_32) -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe (Microsoft Corporation)
SRV - (lxdo_device) -- C:\Windows\SysWOW64\lxdocoms.exe ( )
SRV - (lxdoCATSCustConnectService) -- C:\Windows\system32\spool\DRIVERS\x64\3\\lxdoserv.exe ()

========== Driver Services (SafeList) ==========

DRV:64bit: - (avipbb) -- C:\Windows\SysNative\drivers\avipbb.sys (Avira GmbH)
DRV:64bit: - (avgntflt) -- C:\Windows\SysNative\drivers\avgntflt.sys (Avira GmbH)
DRV:64bit: - (motubus) -- C:\Windows\SysNative\drivers\motubus64.sys (Mark of the Unicorn)
DRV:64bit: - (MFWAMIDI64) -- C:\Windows\SysNative\drivers\mfwamidi64.sys (Mark of the Unicorn)
DRV:64bit: - (MotuFWA64) -- C:\Windows\SysNative\drivers\MotuFWA64.sys (Mark of the Unicorn)
DRV:64bit: - (MFWAWAVE64) -- C:\Windows\SysNative\drivers\mfwawave64.sys (Mark of the Unicorn)
DRV:64bit: - (Fs_Rec) -- C:\Windows\SysNative\drivers\fs_rec.sys (Microsoft Corporation)
DRV:64bit: - (avkmgr) -- C:\Windows\SysNative\drivers\avkmgr.sys (Avira GmbH)
DRV:64bit: - (GEARAspiWDM) -- C:\Windows\SysNative\drivers\GEARAspiWDM.sys (GEAR Software Inc.)
DRV:64bit: - (amdsata) -- C:\Windows\SysNative\drivers\amdsata.sys (Advanced Micro Devices)
DRV:64bit: - (amdxata) -- C:\Windows\SysNative\drivers\amdxata.sys (Advanced Micro Devices)
DRV:64bit: - (TsUsbFlt) -- C:\Windows\SysNative\drivers\TsUsbFlt.sys (Microsoft Corporation)
DRV:64bit: - (HpSAMD) -- C:\Windows\SysNative\drivers\HpSAMD.sys (Hewlett-Packard Company)
DRV:64bit: - (TsUsbGD) -- C:\Windows\SysNative\drivers\TsUsbGD.sys (Microsoft Corporation)
DRV:64bit: - (FWLANUSB) -- C:\Windows\SysNative\drivers\fwlanusb.sys (AVM GmbH)
DRV:64bit: - (avmeject) -- C:\Windows\SysNative\drivers\avmeject.sys (AVM Berlin)
DRV:64bit: - (amdsbs) -- C:\Windows\SysNative\drivers\amdsbs.sys (AMD Technologies Inc.)
DRV:64bit: - (LSI_SAS2) -- C:\Windows\SysNative\drivers\lsi_sas2.sys (LSI Corporation)
DRV:64bit: - (stexstor) -- C:\Windows\SysNative\drivers\stexstor.sys (Promise Technology)
DRV:64bit: - (ebdrv) -- C:\Windows\SysNative\drivers\evbda.sys (Broadcom Corporation)
DRV:64bit: - (b06bdrv) -- C:\Windows\SysNative\drivers\bxvbda.sys (Broadcom Corporation)
DRV:64bit: - (b57nd60a) -- C:\Windows\SysNative\drivers\b57nd60a.sys (Broadcom Corporation)
DRV:64bit: - (hcw85cir) -- C:\Windows\SysNative\drivers\hcw85cir.sys (Hauppauge Computer Works, Inc.)
DRV - (WIMMount) -- C:\Windows\SysWOW64\drivers\wimmount.sys (Microsoft Corporation)

========== Standard Registry (SafeList) ==========

========== Internet Explorer ==========

IE:64bit: - HKLM\..\SearchScopes,DefaultScope = {6A1806CD-94D4-4689-BA73-E35EA1EA9990}
IE:64bit: - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&FORM=IE8SRC
IE:64bit: - HKLM\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = hxxp://www.google.com/search?q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&sourceid=ie7
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
IE - HKLM\..\SearchScopes,DefaultScope = {6A1806CD-94D4-4689-BA73-E35EA1EA9990}
IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&FORM=IE8SRC
IE - HKLM\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = hxxp://www.google.com/search?q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&sourceid=ie7

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://de.msn.com/?pc=skyp&ocid=skydhp
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = hxxp://de.msn.com/?ocid=iehp
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = de
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = 3D 81 BF EA B1 C7 CC 01 [binary data]
IE - HKCU\..\SearchScopes,DefaultScope = {6A1806CD-94D4-4689-BA73-E35EA1EA9990}
IE - HKCU\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&src=IE-SearchBox&FORM=IE8SRC
IE - HKCU\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = hxxp://www.google.com/search?q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&sourceid=ie7&rlz=1I7ADFA_deDE464
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

========== FireFox ==========

FF - prefs.js..browser.startup.homepage: "hxxp://www.google.de/"
FF - prefs.js..network.proxy.type: 0
FF - user.js - File not found

FF:64bit: - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files\Microsoft Silverlight\5.1.10411.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files (x86)\Java\jre6\bin\new_plugin\npjp2.dll (Sun Microsystems, Inc.)
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files (x86)\Microsoft Silverlight\5.1.10411.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files (x86)\Google\Update\1.3.21.111\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files (x86)\Google\Update\1.3.21.111\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files (x86)\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)

FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 12.0\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components [2012.05.27 18:42:58 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 12.0\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins

[2012.03.01 19:14:59 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Johannes\AppData\Roaming\mozilla\Extensions
[2012.05.04 14:19:21 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Johannes\AppData\Roaming\mozilla\Firefox\Profiles\5bxq7oux.default\extensions
[2012.03.01 19:14:26 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files (x86)\mozilla firefox\extensions
[2012.05.27 18:42:58 | 000,097,208 | ---- | M] (Mozilla Foundation) -- C:\Program Files (x86)\mozilla firefox\components\browsercomps.dll
[2012.02.16 13:02:53 | 000,001,392 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\amazondotcom-de.xml
[2012.02.16 12:48:01 | 000,002,252 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\bing.xml
[2012.02.16 13:02:53 | 000,001,153 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\eBay-de.xml
[2012.02.16 13:02:53 | 000,006,805 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\leo_ende_de.xml
[2012.02.16 13:02:53 | 000,001,178 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\wikipedia-de.xml
[2012.02.16 13:02:53 | 000,001,105 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\yahoo-de.xml

O1 HOSTS File: ([2009.06.10 23:00:26 | 000,000,824 | ---- | M]) - C:\Windows\SysNative\drivers\etc\hosts
O2:64bit: - BHO: (Google Toolbar Helper) - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.)
O2 - BHO: (Java(tm) Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre6\bin\ssv.dll (Sun Microsystems, Inc.)
O3:64bit: - HKLM\..\Toolbar: (Google Toolbar) - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.)
O3:64bit: - HKCU\..\Toolbar\WebBrowser: (Google Toolbar) - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.)
O4:64bit: - HKLM..\Run: [lxdoamon] C:\Program Files (x86)\Lexmark 9500 Series\lxdoamon.exe ()
O4:64bit: - HKLM..\Run: [lxdomon.exe] C:\Program Files (x86)\Lexmark 9500 Series\lxdomon.exe ()
O4:64bit: - HKLM..\Run: [nwiz] C:\Program Files\NVIDIA Corporation\nView\nwiz.exe ()
O4:64bit: - HKLM..\Run: [WrtMon.exe] C:\Windows\SysNative\spool\drivers\x64\3\WrtMon.exe ()
O4 - HKLM..\Run: [avgnt] C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe (Avira Operations GmbH & Co. KG)
O4 - HKLM..\Run: [AVMWlanClient] C:\Program Files (x86)\avmwlanstick\wlangui.exe (AVM Berlin)
O4 - HKLM..\Run: [Lexmark 9500 Series] C:\Program Files (x86)\Lexmark 9500 Series\fm3032.exe ()
O4 - HKCU..\Run: [RESTART_STICKY_NOTES] C:\Windows\System32\StikyNot.exe File not found
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktop = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktopChanges = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
O8:64bit: - Extra context menu item: Nach Microsoft &Excel exportieren - res://C:\PROGRA~2\MICROS~1\OFFICE11\EXCEL.EXE/3000 File not found
O8 - Extra context menu item: Nach Microsoft &Excel exportieren - res://C:\PROGRA~2\MICROS~1\OFFICE11\EXCEL.EXE/3000 File not found
O9 - Extra Button: Recherchieren - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~2\MICROS~1\OFFICE11\REFIEBAR.DLL (Microsoft Corporation)
O1364bit: - gopher Prefix: missing
O13 - gopher Prefix: missing
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_30-windows-i586.cab (Java Plug-in 1.6.0_30)
O16 - DPF: {CAFEEFAC-0016-0000-0030-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_30-windows-i586.cab (Java Plug-in 1.6.0_30)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_30-windows-i586.cab (Java Plug-in 1.6.0_30)
O16 - DPF: {DAF94F73-2AA6-44D8-A562-A28831820D34} hxxp://www.pixum.de/apps/EasyUploadX.cab (Pixum EasyUploadX Control)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.178.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{1A30BDF1-55ED-464B-8E08-0BB2A3E33B9F}: DhcpNameServer = 192.168.178.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{3729B330-23C1-4413-86CB-F65998AB7281}: DhcpNameServer = 192.168.178.1
O18:64bit: - Protocol\Handler\msdaipp - No CLSID value found
O18:64bit: - Protocol\Handler\msdaipp\0x00000001 - No CLSID value found
O18:64bit: - Protocol\Handler\msdaipp\oledb - No CLSID value found
O18:64bit: - Protocol\Handler\mso-offdap11 - No CLSID value found
O18:64bit: - Protocol\Handler\skype4com - No CLSID value found
O18 - Protocol\Handler\msdaipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files (x86)\Common Files\SYSTEM\OLE DB\msdaipp.dll (Microsoft Corporation)
O18 - Protocol\Handler\msdaipp\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files (x86)\Common Files\SYSTEM\OLE DB\msdaipp.dll (Microsoft Corporation)
O18 - Protocol\Handler\mso-offdap11 {32505114-5902-49B2-880A-1F7738E5A384} - C:\PROGRA~2\COMMON~1\MICROS~1\WEBCOM~1\11\OWC11.DLL (Microsoft Corporation)
O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~2\COMMON~1\Skype\SKYPE4~1.DLL (Skype Technologies)
O18:64bit: - Protocol\Filter\text/xml - No CLSID value found
O20:64bit: - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysNative\userinit.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: VMApplet - (SystemPropertiesPerformance.exe) - C:\Windows\SysNative\SystemPropertiesPerformance.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: VMApplet - (/pagefile) - File not found
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\SysWow64\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (userinit.exe) - C:\Windows\SysWow64\userinit.exe (Microsoft Corporation)
O20 - HKLM Winlogon: VMApplet - (/pagefile) - File not found
O21:64bit: - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O32 - HKLM CDRom: AutoRun - 1
O33 - MountPoints2\{35ab892d-33a4-11e1-80ed-0023ae64216c}\Shell - "" = AutoRun
O33 - MountPoints2\{35ab892d-33a4-11e1-80ed-0023ae64216c}\Shell\AutoRun\command - "" = F:\pushinst.exe
O33 - MountPoints2\{b5874a0d-8a23-11e1-a175-0023ae64216c}\Shell - "" = AutoRun
O33 - MountPoints2\{b5874a0d-8a23-11e1-a175-0023ae64216c}\Shell\AutoRun\command - "" = F:\LaunchU3.exe -a
O34 - HKLM BootExecute: (autocheck autochk *)
O35:64bit: - HKLM\..comfile [open] -- "%1" %*
O35:64bit: - HKLM\..exefile [open] -- "%1" %*
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37:64bit: - HKLM\...com [@ = comfile] -- "%1" %*
O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)
O38 - SubSystems\\Windows: (ServerDll=sxssrv,4)

========== Files/Folders - Created Within 30 Days ==========

[2012.06.06 23:00:03 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome
[2012.06.06 22:58:56 | 000,419,488 | ---- | C] (Adobe Systems Incorporated) -- C:\Windows\SysWow64\FlashPlayerApp.exe
[2012.06.06 22:58:56 | 000,070,304 | ---- | C] (Adobe Systems Incorporated) -- C:\Windows\SysWow64\FlashPlayerCPLApp.cpl
[2012.06.06 13:24:10 | 000,000,000 | ---D | C] -- C:\Users\Johannes\Desktop\Bilder
[2012.06.05 23:12:26 | 000,000,000 | ---D | C] -- C:\Users\Johannes\Desktop\Art of Live
[2012.06.05 13:27:36 | 008,744,608 | ---- | C] (Adobe Systems Incorporated) -- C:\Windows\SysWow64\FlashPlayerInstaller.exe
[2012.05.27 18:43:00 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Mozilla Maintenance Service
[2012.05.27 18:43:00 | 000,000,000 | ---D | C] -- C:\ProgramData\Mozilla
[2012.05.20 20:29:44 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\MOTU
[2012.05.20 20:29:27 | 000,000,000 | ---D | C] -- C:\Program Files\MOTU
[2012.05.20 20:29:27 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\MOTU

========== Files - Modified Within 30 Days ==========

[2012.06.11 15:17:00 | 000,000,884 | ---- | M] () -- C:\Windows\tasks\Adobe Flash Player Updater.job
[2012.06.11 15:14:00 | 000,001,114 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job
[2012.06.11 13:29:48 | 000,000,000 | ---- | M] () -- C:\Users\Johannes\defogger_reenable
[2012.06.11 13:26:36 | 000,050,477 | ---- | M] () -- C:\Users\Johannes\Desktop\Defogger.exe
[2012.06.11 12:40:10 | 000,021,856 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
[2012.06.11 12:40:10 | 000,021,856 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
[2012.06.11 12:37:14 | 000,643,628 | ---- | M] () -- C:\Windows\SysNative\perfh007.dat
[2012.06.11 12:37:14 | 000,606,992 | ---- | M] () -- C:\Windows\SysNative\perfh009.dat
[2012.06.11 12:37:14 | 000,103,370 | ---- | M] () -- C:\Windows\SysNative\perfc009.dat
[2012.06.11 12:37:13 | 001,472,002 | ---- | M] () -- C:\Windows\SysNative\PerfStringBackup.INI
[2012.06.11 12:37:13 | 000,126,188 | ---- | M] () -- C:\Windows\SysNative\perfc007.dat
[2012.06.11 12:33:02 | 000,001,110 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job
[2012.06.11 12:32:34 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2012.06.11 12:32:14 | 2145,636,351 | -HS- | M] () -- C:\hiberfil.sys
[2012.06.10 21:12:21 | 007,688,537 | ---- | M] () -- C:\Users\Johannes\Desktop\wieder neu.mp3
[2012.06.09 22:22:16 | 005,683,328 | ---- | M] () -- C:\Users\Johannes\Desktop\07 Sei still.mp3
[2012.06.09 22:22:14 | 009,924,736 | ---- | M] () -- C:\Users\Johannes\Desktop\02 Brannte nicht unser Herz.mp3
[2012.06.09 22:22:14 | 007,043,200 | ---- | M] () -- C:\Users\Johannes\Desktop\04 Gib mir ein ungeteiltes Herz.mp3
[2012.06.07 15:32:39 | 000,002,344 | ---- | M] () -- C:\Users\Public\Desktop\Google Chrome.lnk
[2012.06.06 22:58:56 | 000,419,488 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\SysWow64\FlashPlayerApp.exe
[2012.06.06 22:58:56 | 000,070,304 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\SysWow64\FlashPlayerCPLApp.cpl
[2012.06.06 13:18:10 | 000,036,630 | ---- | M] () -- C:\Users\Johannes\Desktop\Rechnung Stadtverwaltung Frankenthal 519.pdf
[2012.06.05 13:27:36 | 008,744,608 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\SysWow64\FlashPlayerInstaller.exe
[2012.05.31 09:25:34 | 000,000,349 | ---- | M] () -- C:\Users\Johannes\Desktop\Privatkunden - Sparkasse Worms-Alzey-Ried.url
[2012.05.29 16:37:00 | 002,647,781 | ---- | M] () -- C:\Users\Johannes\Desktop\IMG_2818.jpg
[2012.05.20 20:29:44 | 000,000,959 | ---- | M] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\MOTU Pedal Service.lnk

========== Files Created - No Company Name ==========

[2012.06.11 13:29:48 | 000,000,000 | ---- | C] () -- C:\Users\Johannes\defogger_reenable
[2012.06.11 13:26:26 | 000,050,477 | ---- | C] () -- C:\Users\Johannes\Desktop\Defogger.exe
[2012.06.11 12:37:21 | 000,022,016 | ---- | C] () -- C:\Windows\Installer\{e79ba9b2-0c9b-00f6-48ff-98b0d7678963}\U\800000cb.@
[2012.06.11 12:37:21 | 000,016,896 | ---- | C] () -- C:\Windows\Installer\{e79ba9b2-0c9b-00f6-48ff-98b0d7678963}\U\80000000.@
[2012.06.10 21:11:51 | 007,688,537 | ---- | C] () -- C:\Users\Johannes\Desktop\wieder neu.mp3
[2012.06.10 15:38:12 | 005,683,328 | ---- | C] () -- C:\Users\Johannes\Desktop\07 Sei still.mp3
[2012.06.10 15:38:08 | 007,043,200 | ---- | C] () -- C:\Users\Johannes\Desktop\04 Gib mir ein ungeteiltes Herz.mp3
[2012.06.10 15:37:48 | 009,924,736 | ---- | C] () -- C:\Users\Johannes\Desktop\02 Brannte nicht unser Herz.mp3
[2012.06.06 23:00:03 | 000,002,344 | ---- | C] () -- C:\Users\Public\Desktop\Google Chrome.lnk
[2012.06.06 22:58:57 | 000,000,884 | ---- | C] () -- C:\Windows\tasks\Adobe Flash Player Updater.job
[2012.06.06 13:18:08 | 000,036,630 | ---- | C] () -- C:\Users\Johannes\Desktop\Rechnung Stadtverwaltung Frankenthal 519.pdf
[2012.06.05 22:59:03 | 000,001,648 | ---- | C] () -- C:\Windows\Installer\{e79ba9b2-0c9b-00f6-48ff-98b0d7678963}\U\00000001.@
[2012.05.29 16:36:51 | 002,647,781 | ---- | C] () -- C:\Users\Johannes\Desktop\IMG_2818.jpg
[2012.05.20 20:29:44 | 000,000,959 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\MOTU Pedal Service.lnk
[2012.02.03 18:06:00 | 000,000,056 | ---- | C] () -- C:\Users\Johannes\AppData\Roaming\MOTU FireWire SMPTE Prefs.prefs
[2012.01.17 22:36:00 | 000,028,672 | ---- | C] () -- C:\Windows\hookdllX.dll
[2012.01.17 22:36:00 | 000,011,776 | ---- | C] () -- C:\Windows\SysWow64\pmsbfn32.dll
[2012.01.17 22:35:25 | 000,385,024 | ---- | C] () -- C:\Windows\SysWow64\lxdocomx.dll
[2012.01.17 22:35:25 | 000,348,160 | ---- | C] () -- C:\Windows\SysWow64\lxdoinst.dll
[2012.01.17 22:35:24 | 000,643,072 | ---- | C] ( ) -- C:\Windows\SysWow64\lxdopmui.dll
[2012.01.17 22:35:24 | 000,360,448 | ---- | C] ( ) -- C:\Windows\SysWow64\lxdoinpa.dll
[2012.01.17 22:35:24 | 000,339,968 | ---- | C] ( ) -- C:\Windows\SysWow64\lxdoiesc.dll
[2012.01.17 22:35:23 | 001,069,056 | ---- | C] ( ) -- C:\Windows\SysWow64\lxdoserv.dll
[2012.01.17 22:35:23 | 000,954,368 | ---- | C] ( ) -- C:\Windows\SysWow64\lxdousb1.dll
[2012.01.17 22:35:23 | 000,851,968 | ---- | C] ( ) -- C:\Windows\SysWow64\lxdocomc.dll
[2012.01.17 22:35:23 | 000,663,552 | ---- | C] ( ) -- C:\Windows\SysWow64\lxdohbn3.dll
[2012.01.17 22:35:23 | 000,589,824 | ---- | C] ( ) -- C:\Windows\SysWow64\lxdocoms.exe
[2012.01.17 22:35:23 | 000,569,344 | ---- | C] ( ) -- C:\Windows\SysWow64\lxdolmpm.dll
[2012.01.17 22:35:23 | 000,364,544 | ---- | C] ( ) -- C:\Windows\SysWow64\lxdocomm.dll
[2012.01.17 22:35:23 | 000,315,392 | ---- | C] ( ) -- C:\Windows\SysWow64\lxdoih.exe
[2012.01.17 22:35:23 | 000,053,248 | ---- | C] ( ) -- C:\Windows\SysWow64\lxdoprox.dll
[2012.01.17 22:35:22 | 000,360,448 | ---- | C] ( ) -- C:\Windows\SysWow64\lxdocfg.exe
[2012.01.11 21:49:22 | 000,002,048 | -HS- | C] () -- C:\Windows\Installer\{e79ba9b2-0c9b-00f6-48ff-98b0d7678963}\@
[2012.01.11 21:49:22 | 000,002,048 | -HS- | C] () -- C:\Users\Johannes\AppData\Local\{e79ba9b2-0c9b-00f6-48ff-98b0d7678963}\@
[2012.01.01 11:33:56 | 000,000,400 | ---- | C] () -- C:\Windows\ODBC.INI

========== LOP Check ==========

[2012.01.18 09:51:30 | 000,000,000 | ---D | M] -- C:\Users\Johannes\AppData\Roaming\9500 Series
[2012.06.11 14:05:41 | 000,000,000 | ---D | M] -- C:\Users\Johannes\AppData\Roaming\Celemony Software GmbH
[2012.01.17 22:46:20 | 000,000,000 | ---D | M] -- C:\Users\Johannes\AppData\Roaming\Lexmark Productivity Studio
[2012.03.15 18:02:39 | 000,000,000 | ---D | M] -- C:\Users\Johannes\AppData\Roaming\NewSoft
[2012.01.17 22:13:18 | 000,000,000 | ---D | M] -- C:\Users\Johannes\AppData\Roaming\pdfforge
[2012.04.23 13:56:39 | 000,000,000 | ---D | M] -- C:\Users\Johannes\AppData\Roaming\PreSonus
[2012.04.10 10:29:05 | 000,032,640 | ---- | M] () -- C:\Windows\Tasks\SCHEDLGU.TXT

========== Purity Check ==========

< End of report >

OTL Extras logfile created on: 11.06.2012 15:40:36 - Run 1
OTL by OldTimer - Version 3.2.48.0 Folder = C:\Users\Johannes\Downloads
64bit- Home Premium Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy

8,00 Gb Total Physical Memory | 6,53 Gb Available Physical Memory | 81,63% Memory free
15,99 Gb Paging File | 14,49 Gb Available in Paging File | 90,60% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 232,79 Gb Total Space | 130,07 Gb Free Space | 55,88% Space Free | Partition Type: NTFS

Computer Name: JOHANNES-PC | User Name: Johannes | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Include 64bit Scans
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

========== Extra Registry (SafeList) ==========

========== File Associations ==========

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.url[@ = InternetShortcut] -- C:\Windows\SysNative\rundll32.exe (Microsoft Corporation)

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- C:\Windows\SysWow64\control.exe (Microsoft Corporation)

[HKEY_CURRENT_USER\SOFTWARE\Classes\<extension>]
.html [@ = FirefoxHTML] -- C:\Program Files (x86)\Mozilla Firefox\firefox.exe (Mozilla Corporation)

========== Shell Spawning ==========

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
InternetShortcut [open] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\ieframe.dll",OpenURL %l (Microsoft Corporation)
InternetShortcut [print] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\mshtml.dll",PrintHTML "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

========== Security Center Settings ==========

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 0

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"VistaSp1" = 28 4D B2 76 41 04 CA 01 [binary data]
"AntiVirusOverride" = 0
"AntiSpywareOverride" = 0
"FirewallOverride" = 0

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]

========== Firewall Settings ==========

========== Authorized Applications List ==========

========== HKEY_LOCAL_MACHINE Uninstall List ==========

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{0B8565BA-BAD5-4732-B122-5FD78EFC50A9}" = Native Instruments Service Center
"{3D3E663D-4E7E-4577-A560-7ECDDD45548A}" = PVSonyDll
"{3FC438ED-5C92-4281-8D05-FDD14608BC2F}" = MOTU Hardware
"{43E7798A-248E-4A3D-9969-FEA63543A462}" = Native Instruments Kontakt 4
"{47AFED4E-1B50-497E-92BF-3D9314D68EED}" = Native Instruments Komplete Elements
"{4C0A8D65-4286-4B58-87FE-18AD24289285}" = NVIDIA Performance Drivers
"{53EE2829-E9DB-4913-B3EA-96F10F84E98B}" = Melodyne Runtime 4.1 (x64)
"{59E4B5CE-8453-4F63-A098-44AE2EB0EC78}" = Melodyne Runtime 4.1 (x64)
"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
"{8C04CE01-F7B8-4961-884B-6CE7EFFADCD4}" = Native Instruments Reaktor Spark R2
"{C7FAFC98-5ECC-40FC-B440-A5D5FE3A6A6E}" = Native Instruments Guitar Rig 4
"{CD8466BC-C2FE-4177-8CBD-4A7170C81D88}" = EZdrummer Lite Plus 64 bit
"{D94FCA8D-A8B6-4F03-B0AE-416BFB7AF06A}" = Native Instruments Reaktor Elements Selection
"{E206701F-713C-4799-B01C-AF24C17C826E}" = Native Instruments Kontakt Elements Selection R2
"{E236DA46-2EDD-4097-8CF4-444B4FC9E226}" = Native Instruments Abbey Road 60s Drums Vintage
"{E9EA5F38-6299-45A1-9D23-F21729A19357}" = Native Instruments Reaktor 5
"Adobe Flash Player ActiveX" = Adobe Flash Player 11 ActiveX 64-bit
"Lexmark 9500 Series" = Lexmark 9500 Series
"NVIDIA Display Control Panel" = NVIDIA Display Control Panel
"NVIDIA Drivers" = NVIDIA Drivers
"NVIDIA nView Desktop Manager" = NVIDIA nView Desktop Manager
"PreSonus Studio One 2" = PreSonus Studio One 2 x64
"WinRAR archiver" = WinRAR 4.01 (64-Bit)

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{0001B4FD-9EA3-4D90-A79E-FD14BA3AB01D}" = PDFCreator
"{16DF894D-FC3F-4B87-908D-671E201CD7A8}" = Melodyne singletrack
"{18455581-E099-4BA8-BC6B-F34B2F06600C}" = Google Toolbar for Internet Explorer
"{2318C2B1-4965-11d4-9B18-009027A5CD4F}" = Google Toolbar for Internet Explorer
"{26A24AE4-039D-4CA4-87B4-2F83216030FF}" = Java(TM) 6 Update 30
"{33286B63-B749-4D54-AA04-5631319B168D}" = GEAR driver installer for x86 Win2K
"{3E5CBADD-2E51-47C1-BBE2-B802DB6DA56A}" = GFT MT4 Powered by BT 4.00
"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
"{72CD4C5F-AB0B-4814-8780-9A4F26A2086B}" = Presto! PageManager 7.12.20
"{90120000-0020-0409-0000-0000000FF1CE}" = Compatibility Pack for the 2007 Office system
"{90140000-2005-0000-0000-0000000FF1CE}" = Microsoft Office File Validation Add-In
"{91120407-6000-11D3-8CFE-0150048383C9}" = Microsoft Office Standard Edition 2003
"{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}" = Google Update Helper
"{AC76BA86-7AD7-1031-7B44-AA1000000001}" = Adobe Reader X (10.1.3) - Deutsch
"{ACF60000-22B9-4CE9-98D6-2CCF359BAC07}" = ABBYY FineReader 6.0 Sprint
"{B79920F8-AB6E-45B2-B257-900BBA969FF7}" = Presto! Forms 3.60.10
"{EE7257A2-39A2-4D2F-9DAC-F9F25B8AE1D8}" = Skype™ 5.8
"{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}" = Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219
"Avira AntiVir Desktop" = Avira Free Antivirus
"AVMWLANCLI" = AVM FRITZ!WLAN
"Google Chrome" = Google Chrome
"Mozilla Firefox 12.0 (x86 de)" = Mozilla Firefox 12.0 (x86 de)
"MozillaMaintenanceService" = Mozilla Maintenance Service
"Native Instruments Abbey Road 60s Drums Vintage" = Native Instruments Abbey Road 60s Drums Vintage
"Native Instruments Guitar Rig 4" = Native Instruments Guitar Rig 4
"Native Instruments Komplete Elements" = Native Instruments Komplete Elements
"Native Instruments Kontakt 4" = Native Instruments Kontakt 4
"Native Instruments Kontakt Elements Selection R2" = Native Instruments Kontakt Elements Selection R2
"Native Instruments Reaktor 5" = Native Instruments Reaktor 5
"Native Instruments Reaktor Elements Selection" = Native Instruments Reaktor Elements Selection
"Native Instruments Reaktor Spark R2" = Native Instruments Reaktor Spark R2
"Native Instruments Service Center" = Native Instruments Service Center
"PreSonus Studio One" = PreSonus Studio One
"RoomEQWizardV5" = Room EQ Wizard V5
"SpeedFan" = SpeedFan (remove only)

========== HKEY_CURRENT_USER Uninstall List ==========

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"JForex Client" = JForex Client

========== Last 20 Event Log Errors ==========

[ Application Events ]
Error - 05.06.2012 15:00:38 | Computer Name = Johannes-PC | Source = WinMgmt | ID = 10
Description =

Error - 06.06.2012 02:02:58 | Computer Name = Johannes-PC | Source = WinMgmt | ID = 10
Description =

Error - 07.06.2012 09:01:39 | Computer Name = Johannes-PC | Source = WinMgmt | ID = 10
Description =

Error - 08.06.2012 01:59:31 | Computer Name = Johannes-PC | Source = WinMgmt | ID = 10
Description =

Error - 08.06.2012 07:59:26 | Computer Name = Johannes-PC | Source = WinMgmt | ID = 10
Description =

Error - 08.06.2012 16:28:50 | Computer Name = Johannes-PC | Source = WinMgmt | ID = 10
Description =

Error - 09.06.2012 04:42:23 | Computer Name = Johannes-PC | Source = WinMgmt | ID = 10
Description =

Error - 10.06.2012 08:44:05 | Computer Name = Johannes-PC | Source = WinMgmt | ID = 10
Description =

Error - 11.06.2012 02:48:23 | Computer Name = Johannes-PC | Source = WinMgmt | ID = 10
Description =

Error - 11.06.2012 06:33:48 | Computer Name = Johannes-PC | Source = WinMgmt | ID = 10
Description =

[ Media Center Events ]
Error - 30.12.2011 09:40:48 | Computer Name = Johannes-PC | Source = MCUpdate | ID = 0
Description = 14:40:48 - Fehler beim Herstellen der Internetverbindung. 14:40:48
- Serververbindung konnte nicht hergestellt werden..

Error - 30.12.2011 12:12:52 | Computer Name = Johannes-PC | Source = MCUpdate | ID = 0
Description = 17:12:51 - Fehler beim Herstellen der Internetverbindung. 17:12:52
- Serververbindung konnte nicht hergestellt werden..

Error - 30.12.2011 18:41:53 | Computer Name = Johannes-PC | Source = MCUpdate | ID = 0
Description = 23:41:53 - Fehler beim Herstellen der Internetverbindung. 23:41:53
- Serververbindung konnte nicht hergestellt werden..

Error - 07.01.2012 18:04:12 | Computer Name = Johannes-PC | Source = MCUpdate | ID = 0
Description = 23:04:12 - Fehler beim Herstellen der Internetverbindung. 23:04:12
- Serververbindung konnte nicht hergestellt werden..

Error - 07.01.2012 18:04:23 | Computer Name = Johannes-PC | Source = MCUpdate | ID = 0
Description = 23:04:17 - Fehler beim Herstellen der Internetverbindung. 23:04:17
- Serververbindung konnte nicht hergestellt werden..

Error - 07.01.2012 19:04:28 | Computer Name = Johannes-PC | Source = MCUpdate | ID = 0
Description = 00:04:28 - Fehler beim Herstellen der Internetverbindung. 00:04:28
- Serververbindung konnte nicht hergestellt werden..

Error - 07.01.2012 19:04:34 | Computer Name = Johannes-PC | Source = MCUpdate | ID = 0
Description = 00:04:33 - Fehler beim Herstellen der Internetverbindung. 00:04:33
- Serververbindung konnte nicht hergestellt werden..

[ System Events ]
Error - 22.05.2012 18:22:55 | Computer Name = Johannes-PC | Source = Service Control Manager | ID = 7009
Description = Das Zeitlimit (30000 ms) wurde beim Verbindungsversuch mit dem Dienst
lxdoCATSCustConnectService erreicht.

Error - 22.05.2012 18:22:55 | Computer Name = Johannes-PC | Source = Service Control Manager | ID = 7000
Description = Der Dienst "lxdoCATSCustConnectService" wurde aufgrund folgenden Fehlers
nicht gestartet: %%1053

Error - 23.05.2012 02:39:21 | Computer Name = Johannes-PC | Source = Service Control Manager | ID = 7009
Description = Das Zeitlimit (30000 ms) wurde beim Verbindungsversuch mit dem Dienst
lxdoCATSCustConnectService erreicht.

Error - 23.05.2012 02:39:21 | Computer Name = Johannes-PC | Source = Service Control Manager | ID = 7000
Description = Der Dienst "lxdoCATSCustConnectService" wurde aufgrund folgenden Fehlers
nicht gestartet: %%1053

Error - 23.05.2012 11:55:08 | Computer Name = Johannes-PC | Source = Service Control Manager | ID = 7009
Description = Das Zeitlimit (30000 ms) wurde beim Verbindungsversuch mit dem Dienst
lxdoCATSCustConnectService erreicht.

Error - 23.05.2012 11:55:08 | Computer Name = Johannes-PC | Source = Service Control Manager | ID = 7000
Description = Der Dienst "lxdoCATSCustConnectService" wurde aufgrund folgenden Fehlers
nicht gestartet: %%1053

Error - 24.05.2012 03:55:38 | Computer Name = Johannes-PC | Source = Service Control Manager | ID = 7009
Description = Das Zeitlimit (30000 ms) wurde beim Verbindungsversuch mit dem Dienst
lxdoCATSCustConnectService erreicht.

Error - 24.05.2012 03:55:38 | Computer Name = Johannes-PC | Source = Service Control Manager | ID = 7000
Description = Der Dienst "lxdoCATSCustConnectService" wurde aufgrund folgenden Fehlers
nicht gestartet: %%1053

Error - 25.05.2012 03:26:32 | Computer Name = Johannes-PC | Source = Service Control Manager | ID = 7009
Description = Das Zeitlimit (30000 ms) wurde beim Verbindungsversuch mit dem Dienst
lxdoCATSCustConnectService erreicht.

Error - 25.05.2012 03:26:32 | Computer Name = Johannes-PC | Source = Service Control Manager | ID = 7000
Description = Der Dienst "lxdoCATSCustConnectService" wurde aufgrund folgenden Fehlers
nicht gestartet: %%1053

< End of report >

Danke und Liebe Grüße

Psychotic · 12.06.2012, 10:25

Mein Name ist Marius und ich werde dir bei deinem Problem helfen.

Eines vorneweg:

Hinweis: Wir können hier nie dafür garantieren, dass wir sämtliche Reste von Schadsoftware gefunden haben. Eine Formatierung ist meist der schnellste und immer der sicherste Weg.

Solltest Du Dich für eine Bereinigung entscheiden, arbeite solange mit, bis dir jemand vom Team sagt, dass dein Rechner clean ist.

Eine Bereinigung ist mitunter mit viel Arbeit für dich verbunden.

Bitte arbeite alle Schritte der Reihe nach ab.
Lese die Anleitungen sorgfältig. Solltest du irgendwo nicht weiterkommen, stoppe an diesem Punkt und beschreibe dein Problem hier!
Nur Scans durchführen, zu denen du von einem Helfer aufgefordert wirst.
Bitte kein Crossposting (posten in mehreren Foren) - wenn du die Anweisungen mehrere Helfer ausführst, kann das schwere Probleme nach sich ziehen!.
Installiere oder Deinstalliere während der Bereinigung keine Software (ausser, du wurdest dazu aufgefordert).
Wenn etwas unklar ist: Frage, bevor du etwas "blind" machst!

...und ganz wichtig:
Poste die Logfiles mit code-tags (das #-Symbol oben im Antwortfenster) in deinen Thread! Nicht anhängen, außer, ich fordere dich dazu auf. (Erschwert mir nämlich das Auswerten).

Vista und Win7 User
Alle Tools mit Rechtsklick --> "als Administrator ausführen" starten.

Schritt 1: aswMBR

Downloade dir bitte aswMBR.exe und speichere die Datei auf deinem Desktop.

Starte die aswMBR.exe - (aswMBR.exe Anleitung) Vista und Win7 User mit Rechtsklick "als Admininstartor starten"
Das Tool wird dich fragen, ob Du mit der aktuellen Virendefinition von AVAST! dein System scannen willst. Beantworte diese Frage bitte mit Ja. ( Sollte deine Firewall fragen, bitte den Zugriff auf das Internet zulassen ) Der Download der Definitionen kann je nach Verbindung eine Weile dauern.
Klicke auf Scan.
Warte bitte bis Scan finished successfully im DOS Fenster steht.
Drücke auf Save Log und speichere diese auf dem Desktop.

Poste mir die aswMBR.txt in deiner nächsten Antwort. Wichtig: Drücke keinesfalls einen der Fix Buttons ohne Anweisung Hinweis: Sollte der Scan Button ausgeblendet sein, schließe das Tool und starte es erneut. Sollte es erneut nicht klappen teile mir das bitte mit.

Schritt 2: Scan mit TDSS-Killer

Lese bitte folgende Anweisungen genau. Wir wollen hier noch nichts "fixen" sondern nur einen Scan Report sehen. Downloade dir bitte TDSSKiller.exe und speichere diese Datei auf dem Desktop

Starte die TDSSKiller.exe
Klicke Change parameters, wähle Detect TDLFS file system, klicke OK.
Drücke Start Scan
Sollten infizierte Objekte gefunden werden, wähle keinesfalls Cure. Wähle Skip und speichere das Logfile. TDSSKiller wird eine Logfile auf deinem Systemlaufwerk speichern ( Meistens C:\ ) Als Beispiel: C:\TDSSKiller.<version_date_time>log.txt

Poste den Inhalt bitte hier in deinen Thread.

JohannesW · 12.06.2012, 10:57

hier der scan

aswMBR version 0.9.9.1665 Copyright(c) 2011 AVAST Software
Run date: 2012-06-12 11:31:12
-----------------------------
11:31:12.894 OS Version: Windows x64 6.1.7601 Service Pack 1
11:31:12.894 Number of processors: 4 586 0x170A
11:31:12.894 ComputerName: JOHANNES-PC UserName: Johannes
11:31:13.904 Initialize success
11:35:14.609 AVAST engine defs: 12061200
11:39:29.704 Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\00000057
11:39:29.704 Disk 0 Vendor: ATA_____ 2E23 Size: 238475MB BusType: 10
11:39:29.714 Disk 0 MBR read successfully
11:39:29.724 Disk 0 MBR scan
11:39:29.724 Disk 0 Windows 7 default MBR code
11:39:29.734 Disk 0 Partition 1 80 (A) 07 HPFS/NTFS NTFS 100 MB offset 2048
11:39:29.744 Disk 0 Partition 2 00 07 HPFS/NTFS NTFS 238373 MB offset 206848
11:39:29.764 Disk 0 scanning C:\Windows\system32\drivers
11:39:36.674 Service scanning
11:39:51.305 Modules scanning
11:39:51.305 Disk 0 trace - called modules:
11:39:51.325 ntoskrnl.exe CLASSPNP.SYS disk.sys storport.sys hal.dll lsi_sas.sys
11:39:51.335 1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0xfffffa8007abb060]
11:39:51.655 3 CLASSPNP.SYS[fffff8800199a43f] -> nt!IofCallDriver -> \Device\00000057[0xfffffa8006a269c0]
11:39:53.245 AVAST engine scan C:\Windows
11:39:54.985 AVAST engine scan C:\Windows\system32
11:42:04.755 AVAST engine scan C:\Windows\system32\drivers
11:42:13.075 AVAST engine scan C:\Users\Johannes
11:51:11.365 AVAST engine scan C:\ProgramData
11:51:34.525 Scan finished successfully
11:52:54.596 Disk 0 MBR has been saved successfully to "C:\Users\Johannes\Desktop\MBR.dat"
11:52:54.596 The log file has been saved successfully to "C:\Users\Johannes\Desktop\aswMBR.txt"

Habe jetzt den weiteren scan durchgeführt mit tdsskiller.
es wurde nichts gefunden.

Psychotic · 12.06.2012, 11:46

Poste mir dennoch die Logdatei!

JohannesW · 12.06.2012, 11:51

Hier die Datei

12:00:45.0312 2844 TDSS rootkit removing tool 2.7.36.0 May 21 2012 16:40:16
12:00:45.0412 2844 ============================================================
12:00:45.0412 2844 Current date / time: 2012/06/12 12:00:45.0412
12:00:45.0412 2844 SystemInfo:
12:00:45.0412 2844
12:00:45.0412 2844 OS Version: 6.1.7601 ServicePack: 1.0
12:00:45.0412 2844 Product type: Workstation
12:00:45.0412 2844 ComputerName: JOHANNES-PC
12:00:45.0412 2844 UserName: Johannes
12:00:45.0412 2844 Windows directory: C:\Windows
12:00:45.0412 2844 System windows directory: C:\Windows
12:00:45.0412 2844 Running under WOW64
12:00:45.0412 2844 Processor architecture: Intel x64
12:00:45.0412 2844 Number of processors: 4
12:00:45.0412 2844 Page size: 0x1000
12:00:45.0412 2844 Boot type: Normal boot
12:00:45.0412 2844 ============================================================
12:00:46.0572 2844 Drive \Device\Harddisk0\DR0 - Size: 0x3A38B2E000 (232.89 Gb), SectorSize: 0x200, Cylinders: 0x76C1, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000040
12:00:46.0582 2844 ============================================================
12:00:46.0582 2844 \Device\Harddisk0\DR0:
12:00:46.0582 2844 MBR partitions:
12:00:46.0582 2844 \Device\Harddisk0\DR0\Partition0: MBR, Type 0x7, StartLBA 0x800, BlocksNum 0x32000
12:00:46.0582 2844 \Device\Harddisk0\DR0\Partition1: MBR, Type 0x7, StartLBA 0x32800, BlocksNum 0x1D192800
12:00:46.0582 2844 ============================================================
12:00:46.0612 2844 C: <-> \Device\Harddisk0\DR0\Partition1
12:00:46.0612 2844 ============================================================
12:00:46.0612 2844 Initialize success
12:00:46.0612 2844 ============================================================
12:01:47.0849 4820 ============================================================
12:01:47.0849 4820 Scan started
12:01:47.0849 4820 Mode: Manual; TDLFS;
12:01:47.0849 4820 ============================================================
12:01:49.0019 4820 1394ohci (a87d604aea360176311474c87a63bb88) C:\Windows\system32\DRIVERS\1394ohci.sys
12:01:49.0019 4820 1394ohci - ok
12:01:49.0049 4820 ACPI (d81d9e70b8a6dd14d42d7b4efa65d5f2) C:\Windows\system32\drivers\ACPI.sys
12:01:49.0049 4820 ACPI - ok
12:01:49.0059 4820 AcpiPmi (99f8e788246d495ce3794d7e7821d2ca) C:\Windows\system32\drivers\acpipmi.sys
12:01:49.0059 4820 AcpiPmi - ok
12:01:49.0129 4820 AdobeARMservice (62b7936f9036dd6ed36e6a7efa805dc0) C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
12:01:49.0129 4820 AdobeARMservice - ok
12:01:49.0249 4820 AdobeFlashPlayerUpdateSvc (76d5a3d2a50402a0b9b6ed13c4371e79) C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
12:01:49.0249 4820 AdobeFlashPlayerUpdateSvc - ok
12:01:49.0309 4820 adp94xx (2f6b34b83843f0c5118b63ac634f5bf4) C:\Windows\system32\drivers\adp94xx.sys
12:01:49.0319 4820 adp94xx - ok
12:01:49.0349 4820 adpahci (597f78224ee9224ea1a13d6350ced962) C:\Windows\system32\drivers\adpahci.sys
12:01:49.0349 4820 adpahci - ok
12:01:49.0369 4820 adpu320 (e109549c90f62fb570b9540c4b148e54) C:\Windows\system32\drivers\adpu320.sys
12:01:49.0369 4820 adpu320 - ok
12:01:49.0389 4820 AeLookupSvc (4b78b431f225fd8624c5655cb1de7b61) C:\Windows\System32\aelupsvc.dll
12:01:49.0389 4820 AeLookupSvc - ok
12:01:49.0449 4820 AFD (1c7857b62de5994a75b054a9fd4c3825) C:\Windows\system32\drivers\afd.sys
12:01:49.0449 4820 AFD - ok
12:01:49.0469 4820 agp440 (608c14dba7299d8cb6ed035a68a15799) C:\Windows\system32\drivers\agp440.sys
12:01:49.0469 4820 agp440 - ok
12:01:49.0479 4820 ALG (3290d6946b5e30e70414990574883ddb) C:\Windows\System32\alg.exe
12:01:49.0479 4820 ALG - ok
12:01:49.0479 4820 aliide (5812713a477a3ad7363c7438ca2ee038) C:\Windows\system32\drivers\aliide.sys
12:01:49.0479 4820 aliide - ok
12:01:49.0489 4820 amdide (1ff8b4431c353ce385c875f194924c0c) C:\Windows\system32\drivers\amdide.sys
12:01:49.0489 4820 amdide - ok
12:01:49.0499 4820 AmdK8 (7024f087cff1833a806193ef9d22cda9) C:\Windows\system32\drivers\amdk8.sys
12:01:49.0499 4820 AmdK8 - ok
12:01:49.0509 4820 AmdPPM (1e56388b3fe0d031c44144eb8c4d6217) C:\Windows\system32\drivers\amdppm.sys
12:01:49.0509 4820 AmdPPM - ok
12:01:49.0539 4820 amdsata (d4121ae6d0c0e7e13aa221aa57ef2d49) C:\Windows\system32\drivers\amdsata.sys
12:01:49.0539 4820 amdsata - ok
12:01:49.0559 4820 amdsbs (f67f933e79241ed32ff46a4f29b5120b) C:\Windows\system32\drivers\amdsbs.sys
12:01:49.0559 4820 amdsbs - ok
12:01:49.0569 4820 amdxata (540daf1cea6094886d72126fd7c33048) C:\Windows\system32\drivers\amdxata.sys
12:01:49.0569 4820 amdxata - ok
12:01:49.0629 4820 AntiVirSchedulerService (466a0d95960dad3222c896d2cea99993) C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe
12:01:49.0629 4820 AntiVirSchedulerService - ok
12:01:49.0649 4820 AntiVirService (a489be6bb0aa1ff406b488b60542314b) C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe
12:01:49.0649 4820 AntiVirService - ok
12:01:49.0659 4820 AppID (89a69c3f2f319b43379399547526d952) C:\Windows\system32\drivers\appid.sys
12:01:49.0659 4820 AppID - ok
12:01:49.0669 4820 AppIDSvc (0bc381a15355a3982216f7172f545de1) C:\Windows\System32\appidsvc.dll
12:01:49.0669 4820 AppIDSvc - ok
12:01:49.0699 4820 Appinfo (3977d4a871ca0d4f2ed1e7db46829731) C:\Windows\System32\appinfo.dll
12:01:49.0699 4820 Appinfo - ok
12:01:49.0709 4820 arc (c484f8ceb1717c540242531db7845c4e) C:\Windows\system32\drivers\arc.sys
12:01:49.0709 4820 arc - ok
12:01:49.0729 4820 arcsas (019af6924aefe7839f61c830227fe79c) C:\Windows\system32\drivers\arcsas.sys
12:01:49.0729 4820 arcsas - ok
12:01:49.0739 4820 AsyncMac (769765ce2cc62867468cea93969b2242) C:\Windows\system32\DRIVERS\asyncmac.sys
12:01:49.0739 4820 AsyncMac - ok
12:01:49.0759 4820 atapi (02062c0b390b7729edc9e69c680a6f3c) C:\Windows\system32\drivers\atapi.sys
12:01:49.0759 4820 atapi - ok
12:01:49.0809 4820 AudioEndpointBuilder (f23fef6d569fce88671949894a8becf1) C:\Windows\System32\Audiosrv.dll
12:01:49.0809 4820 AudioEndpointBuilder - ok
12:01:49.0819 4820 AudioSrv (f23fef6d569fce88671949894a8becf1) C:\Windows\System32\Audiosrv.dll
12:01:49.0819 4820 AudioSrv - ok
12:01:49.0839 4820 avgntflt (26e38b5a58c6c55fafbc563eeddb0867) C:\Windows\system32\DRIVERS\avgntflt.sys
12:01:49.0839 4820 avgntflt - ok
12:01:49.0859 4820 avipbb (9d1f00beff84cbbf46d7f052bc7e0565) C:\Windows\system32\DRIVERS\avipbb.sys
12:01:49.0859 4820 avipbb - ok
12:01:49.0869 4820 avkmgr (248db59fc86de44d2779f4c7fb1a567d) C:\Windows\system32\DRIVERS\avkmgr.sys
12:01:49.0869 4820 avkmgr - ok
12:01:49.0929 4820 AVM WLAN Connection Service (c6f4c466b654c1be98af31418bb5ac30) C:\Program Files (x86)\avmwlanstick\WlanNetService.exe
12:01:49.0939 4820 AVM WLAN Connection Service - ok
12:01:49.0939 4820 avmeject (1dc2f715792cf33428ad7993acbd224d) C:\Windows\system32\drivers\avmeject.sys
12:01:49.0939 4820 avmeject - ok
12:01:49.0969 4820 AxInstSV (a6bf31a71b409dfa8cac83159e1e2aff) C:\Windows\System32\AxInstSV.dll
12:01:49.0969 4820 AxInstSV - ok
12:01:50.0019 4820 b06bdrv (3e5b191307609f7514148c6832bb0842) C:\Windows\system32\drivers\bxvbda.sys
12:01:50.0019 4820 b06bdrv - ok
12:01:50.0049 4820 b57nd60a (b5ace6968304a3900eeb1ebfd9622df2) C:\Windows\system32\DRIVERS\b57nd60a.sys
12:01:50.0049 4820 b57nd60a - ok
12:01:50.0069 4820 BDESVC (fde360167101b4e45a96f939f388aeb0) C:\Windows\System32\bdesvc.dll
12:01:50.0069 4820 BDESVC - ok
12:01:50.0089 4820 Beep (16a47ce2decc9b099349a5f840654746) C:\Windows\system32\drivers\Beep.sys
12:01:50.0089 4820 Beep - ok
12:01:50.0159 4820 BITS (1ea7969e3271cbc59e1730697dc74682) C:\Windows\System32\qmgr.dll
12:01:50.0169 4820 BITS - ok
12:01:50.0189 4820 blbdrive (61583ee3c3a17003c4acd0475646b4d3) C:\Windows\system32\DRIVERS\blbdrive.sys
12:01:50.0189 4820 blbdrive - ok
12:01:50.0229 4820 bowser (6c02a83164f5cc0a262f4199f0871cf5) C:\Windows\system32\DRIVERS\bowser.sys
12:01:50.0229 4820 bowser - ok
12:01:50.0239 4820 BrFiltLo (f09eee9edc320b5e1501f749fde686c8) C:\Windows\system32\drivers\BrFiltLo.sys
12:01:50.0239 4820 BrFiltLo - ok
12:01:50.0249 4820 BrFiltUp (b114d3098e9bdb8bea8b053685831be6) C:\Windows\system32\drivers\BrFiltUp.sys
12:01:50.0249 4820 BrFiltUp - ok
12:01:50.0259 4820 Browser (8ef0d5c41ec907751b8429162b1239ed) C:\Windows\System32\browser.dll
12:01:50.0259 4820 Browser - ok
12:01:50.0289 4820 Brserid (43bea8d483bf1870f018e2d02e06a5bd) C:\Windows\System32\Drivers\Brserid.sys
12:01:50.0289 4820 Brserid - ok
12:01:50.0299 4820 BrSerWdm (a6eca2151b08a09caceca35c07f05b42) C:\Windows\System32\Drivers\BrSerWdm.sys
12:01:50.0299 4820 BrSerWdm - ok
12:01:50.0309 4820 BrUsbMdm (b79968002c277e869cf38bd22cd61524) C:\Windows\System32\Drivers\BrUsbMdm.sys
12:01:50.0309 4820 BrUsbMdm - ok
12:01:50.0319 4820 BrUsbSer (a87528880231c54e75ea7a44943b38bf) C:\Windows\System32\Drivers\BrUsbSer.sys
12:01:50.0319 4820 BrUsbSer - ok
12:01:50.0329 4820 BTHMODEM (9da669f11d1f894ab4eb69bf546a42e8) C:\Windows\system32\drivers\bthmodem.sys
12:01:50.0329 4820 BTHMODEM - ok
12:01:50.0349 4820 bthserv (95f9c2976059462cbbf227f7aab10de9) C:\Windows\system32\bthserv.dll
12:01:50.0349 4820 bthserv - ok
12:01:50.0359 4820 cdfs (b8bd2bb284668c84865658c77574381a) C:\Windows\system32\DRIVERS\cdfs.sys
12:01:50.0359 4820 cdfs - ok
12:01:50.0389 4820 cdrom (f036ce71586e93d94dab220d7bdf4416) C:\Windows\system32\DRIVERS\cdrom.sys
12:01:50.0389 4820 cdrom - ok
12:01:50.0419 4820 CertPropSvc (f17d1d393bbc69c5322fbfafaca28c7f) C:\Windows\System32\certprop.dll
12:01:50.0419 4820 CertPropSvc - ok
12:01:50.0429 4820 circlass (d7cd5c4e1b71fa62050515314cfb52cf) C:\Windows\system32\drivers\circlass.sys
12:01:50.0429 4820 circlass - ok
12:01:50.0459 4820 CLFS (fe1ec06f2253f691fe36217c592a0206) C:\Windows\system32\CLFS.sys
12:01:50.0469 4820 CLFS - ok
12:01:50.0519 4820 clr_optimization_v2.0.50727_32 (d88040f816fda31c3b466f0fa0918f29) C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe
12:01:50.0519 4820 clr_optimization_v2.0.50727_32 - ok
12:01:50.0559 4820 clr_optimization_v2.0.50727_64 (d1ceea2b47cb998321c579651ce3e4f8) C:\Windows\Microsoft.NET\Framework64\v2.0.50727\mscorsvw.exe
12:01:50.0559 4820 clr_optimization_v2.0.50727_64 - ok
12:01:50.0569 4820 CmBatt (0840155d0bddf1190f84a663c284bd33) C:\Windows\system32\drivers\CmBatt.sys
12:01:50.0569 4820 CmBatt - ok
12:01:50.0579 4820 cmdide (e19d3f095812725d88f9001985b94edd) C:\Windows\system32\drivers\cmdide.sys
12:01:50.0579 4820 cmdide - ok
12:01:50.0619 4820 CNG (c4943b6c962e4b82197542447ad599f4) C:\Windows\system32\Drivers\cng.sys
12:01:50.0619 4820 CNG - ok
12:01:50.0629 4820 Compbatt (102de219c3f61415f964c88e9085ad14) C:\Windows\system32\drivers\compbatt.sys
12:01:50.0629 4820 Compbatt - ok
12:01:50.0649 4820 CompositeBus (03edb043586cceba243d689bdda370a8) C:\Windows\system32\DRIVERS\CompositeBus.sys
12:01:50.0649 4820 CompositeBus - ok
12:01:50.0649 4820 COMSysApp - ok
12:01:50.0659 4820 crcdisk (1c827878a998c18847245fe1f34ee597) C:\Windows\system32\drivers\crcdisk.sys
12:01:50.0659 4820 crcdisk - ok
12:01:50.0699 4820 CryptSvc (15597883fbe9b056f276ada3ad87d9af) C:\Windows\system32\cryptsvc.dll
12:01:50.0709 4820 CryptSvc - ok
12:01:50.0749 4820 DcomLaunch (5c627d1b1138676c0a7ab2c2c190d123) C:\Windows\system32\rpcss.dll
12:01:50.0749 4820 DcomLaunch - ok
12:01:50.0789 4820 defragsvc (3cec7631a84943677aa8fa8ee5b6b43d) C:\Windows\System32\defragsvc.dll
12:01:50.0789 4820 defragsvc - ok
12:01:50.0809 4820 DfsC (9bb2ef44eaa163b29c4a4587887a0fe4) C:\Windows\system32\Drivers\dfsc.sys
12:01:50.0809 4820 DfsC - ok
12:01:50.0849 4820 Dhcp (43d808f5d9e1a18e5eeb5ebc83969e4e) C:\Windows\system32\dhcpcore.dll
12:01:50.0849 4820 Dhcp - ok
12:01:50.0859 4820 discache (13096b05847ec78f0977f2c0f79e9ab3) C:\Windows\system32\drivers\discache.sys
12:01:50.0859 4820 discache - ok
12:01:50.0879 4820 Disk (9819eee8b5ea3784ec4af3b137a5244c) C:\Windows\system32\drivers\disk.sys
12:01:50.0879 4820 Disk - ok
12:01:50.0919 4820 Dnscache (16835866aaa693c7d7fceba8fff706e4) C:\Windows\System32\dnsrslvr.dll
12:01:50.0919 4820 Dnscache - ok
12:01:50.0939 4820 dot3svc (b1fb3ddca0fdf408750d5843591afbc6) C:\Windows\System32\dot3svc.dll
12:01:50.0939 4820 dot3svc - ok
12:01:50.0959 4820 DPS (b26f4f737e8f9df4f31af6cf31d05820) C:\Windows\system32\dps.dll
12:01:50.0959 4820 DPS - ok
12:01:50.0989 4820 drmkaud (9b19f34400d24df84c858a421c205754) C:\Windows\system32\drivers\drmkaud.sys
12:01:50.0989 4820 drmkaud - ok
12:01:51.0049 4820 DXGKrnl (f5bee30450e18e6b83a5012c100616fd) C:\Windows\System32\drivers\dxgkrnl.sys
12:01:51.0059 4820 DXGKrnl - ok
12:01:51.0079 4820 EapHost (e2dda8726da9cb5b2c4000c9018a9633) C:\Windows\System32\eapsvc.dll
12:01:51.0079 4820 EapHost - ok
12:01:51.0249 4820 ebdrv (dc5d737f51be844d8c82c695eb17372f) C:\Windows\system32\drivers\evbda.sys
12:01:51.0299 4820 ebdrv - ok
12:01:51.0399 4820 EFS (c118a82cd78818c29ab228366ebf81c3) C:\Windows\System32\lsass.exe
12:01:51.0399 4820 EFS - ok
12:01:51.0479 4820 ehRecvr (c4002b6b41975f057d98c439030cea07) C:\Windows\ehome\ehRecvr.exe
12:01:51.0479 4820 ehRecvr - ok
12:01:51.0509 4820 ehSched (4705e8ef9934482c5bb488ce28afc681) C:\Windows\ehome\ehsched.exe
12:01:51.0509 4820 ehSched - ok
12:01:51.0569 4820 elxstor (0e5da5369a0fcaea12456dd852545184) C:\Windows\system32\drivers\elxstor.sys
12:01:51.0569 4820 elxstor - ok
12:01:51.0589 4820 ErrDev (34a3c54752046e79a126e15c51db409b) C:\Windows\system32\drivers\errdev.sys
12:01:51.0589 4820 ErrDev - ok
12:01:51.0619 4820 EventSystem (4166f82be4d24938977dd1746be9b8a0) C:\Windows\system32\es.dll
12:01:51.0619 4820 EventSystem - ok
12:01:51.0639 4820 exfat (a510c654ec00c1e9bdd91eeb3a59823b) C:\Windows\system32\drivers\exfat.sys
12:01:51.0639 4820 exfat - ok
12:01:51.0669 4820 fastfat (0adc83218b66a6db380c330836f3e36d) C:\Windows\system32\drivers\fastfat.sys
12:01:51.0669 4820 fastfat - ok
12:01:51.0719 4820 Fax (dbefd454f8318a0ef691fdd2eaab44eb) C:\Windows\system32\fxssvc.exe
12:01:51.0719 4820 Fax - ok
12:01:51.0739 4820 fdc (d765d19cd8ef61f650c384f62fac00ab) C:\Windows\system32\DRIVERS\fdc.sys
12:01:51.0739 4820 fdc - ok
12:01:51.0759 4820 fdPHost (0438cab2e03f4fb61455a7956026fe86) C:\Windows\system32\fdPHost.dll
12:01:51.0759 4820 fdPHost - ok
12:01:51.0769 4820 FDResPub (802496cb59a30349f9a6dd22d6947644) C:\Windows\system32\fdrespub.dll
12:01:51.0769 4820 FDResPub - ok
12:01:51.0779 4820 FileInfo (655661be46b5f5f3fd454e2c3095b930) C:\Windows\system32\drivers\fileinfo.sys
12:01:51.0779 4820 FileInfo - ok
12:01:51.0789 4820 Filetrace (5f671ab5bc87eea04ec38a6cd5962a47) C:\Windows\system32\drivers\filetrace.sys
12:01:51.0789 4820 Filetrace - ok
12:01:51.0799 4820 flpydisk (c172a0f53008eaeb8ea33fe10e177af5) C:\Windows\system32\DRIVERS\flpydisk.sys
12:01:51.0799 4820 flpydisk - ok
12:01:51.0829 4820 FltMgr (da6b67270fd9db3697b20fce94950741) C:\Windows\system32\drivers\fltmgr.sys
12:01:51.0829 4820 FltMgr - ok
12:01:51.0919 4820 FontCache (5c4cb4086fb83115b153e47add961a0c) C:\Windows\system32\FntCache.dll
12:01:51.0939 4820 FontCache - ok
12:01:52.0009 4820 FontCache3.0.0.0 (a8b7f3818ab65695e3a0bb3279f6dce6) C:\Windows\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe
12:01:52.0009 4820 FontCache3.0.0.0 - ok
12:01:52.0019 4820 FsDepends (d43703496149971890703b4b1b723eac) C:\Windows\system32\drivers\FsDepends.sys
12:01:52.0019 4820 FsDepends - ok
12:01:52.0049 4820 Fs_Rec (6bd9295cc032dd3077c671fccf579a7b) C:\Windows\system32\drivers\Fs_Rec.sys
12:01:52.0049 4820 Fs_Rec - ok
12:01:52.0089 4820 fvevol (1f7b25b858fa27015169fe95e54108ed) C:\Windows\system32\DRIVERS\fvevol.sys
12:01:52.0089 4820 fvevol - ok
12:01:52.0139 4820 FWLANUSB (444534cba693dd23c1cc589681e01656) C:\Windows\system32\DRIVERS\fwlanusb.sys
12:01:52.0139 4820 FWLANUSB - ok
12:01:52.0159 4820 gagp30kx (8c778d335c9d272cfd3298ab02abe3b6) C:\Windows\system32\drivers\gagp30kx.sys
12:01:52.0159 4820 gagp30kx - ok
12:01:52.0179 4820 GEARAspiWDM (e403aacf8c7bb11375122d2464560311) C:\Windows\system32\DRIVERS\GEARAspiWDM.sys
12:01:52.0179 4820 GEARAspiWDM - ok
12:01:52.0239 4820 gpsvc (277bbc7e1aa1ee957f573a10eca7ef3a) C:\Windows\System32\gpsvc.dll
12:01:52.0239 4820 gpsvc - ok
12:01:52.0319 4820 gupdate (f02a533f517eb38333cb12a9e8963773) C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
12:01:52.0319 4820 gupdate - ok
12:01:52.0319 4820 gupdatem (f02a533f517eb38333cb12a9e8963773) C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
12:01:52.0319 4820 gupdatem - ok
12:01:52.0359 4820 gusvc (cc839e8d766cc31a7710c9f38cf3e375) C:\Program Files (x86)\Google\Common\Google Updater\GoogleUpdaterService.exe
12:01:52.0359 4820 gusvc - ok
12:01:52.0379 4820 hcw85cir (f2523ef6460fc42405b12248338ab2f0) C:\Windows\system32\drivers\hcw85cir.sys
12:01:52.0379 4820 hcw85cir - ok
12:01:52.0419 4820 HdAudAddService (975761c778e33cd22498059b91e7373a) C:\Windows\system32\drivers\HdAudio.sys
12:01:52.0419 4820 HdAudAddService - ok
12:01:52.0449 4820 HDAudBus (97bfed39b6b79eb12cddbfeed51f56bb) C:\Windows\system32\DRIVERS\HDAudBus.sys
12:01:52.0449 4820 HDAudBus - ok
12:01:52.0459 4820 HidBatt (78e86380454a7b10a5eb255dc44a355f) C:\Windows\system32\drivers\HidBatt.sys
12:01:52.0459 4820 HidBatt - ok
12:01:52.0479 4820 HidBth (7fd2a313f7afe5c4dab14798c48dd104) C:\Windows\system32\drivers\hidbth.sys
12:01:52.0479 4820 HidBth - ok
12:01:52.0489 4820 HidIr (0a77d29f311b88cfae3b13f9c1a73825) C:\Windows\system32\drivers\hidir.sys
12:01:52.0499 4820 HidIr - ok
12:01:52.0509 4820 hidserv (bd9eb3958f213f96b97b1d897dee006d) C:\Windows\system32\hidserv.dll
12:01:52.0509 4820 hidserv - ok
12:01:52.0529 4820 HidUsb (9592090a7e2b61cd582b612b6df70536) C:\Windows\system32\DRIVERS\hidusb.sys
12:01:52.0529 4820 HidUsb - ok
12:01:52.0559 4820 hkmsvc (387e72e739e15e3d37907a86d9ff98e2) C:\Windows\system32\kmsvc.dll
12:01:52.0559 4820 hkmsvc - ok
12:01:52.0579 4820 HomeGroupListener (efdfb3dd38a4376f93e7985173813abd) C:\Windows\system32\ListSvc.dll
12:01:52.0579 4820 HomeGroupListener - ok
12:01:52.0609 4820 HomeGroupProvider (908acb1f594274965a53926b10c81e89) C:\Windows\system32\provsvc.dll
12:01:52.0609 4820 HomeGroupProvider - ok
12:01:52.0629 4820 HpSAMD (39d2abcd392f3d8a6dce7b60ae7b8efc) C:\Windows\system32\drivers\HpSAMD.sys
12:01:52.0629 4820 HpSAMD - ok
12:01:52.0689 4820 HTTP (0ea7de1acb728dd5a369fd742d6eee28) C:\Windows\system32\drivers\HTTP.sys
12:01:52.0699 4820 HTTP - ok
12:01:52.0709 4820 hwpolicy (a5462bd6884960c9dc85ed49d34ff392) C:\Windows\system32\drivers\hwpolicy.sys
12:01:52.0709 4820 hwpolicy - ok
12:01:52.0729 4820 i8042prt (fa55c73d4affa7ee23ac4be53b4592d3) C:\Windows\system32\drivers\i8042prt.sys
12:01:52.0729 4820 i8042prt - ok
12:01:52.0779 4820 iaStorV (aaaf44db3bd0b9d1fb6969b23ecc8366) C:\Windows\system32\drivers\iaStorV.sys
12:01:52.0789 4820 iaStorV - ok
12:01:52.0909 4820 idsvc (5988fc40f8db5b0739cd1e3a5d0d78bd) C:\Windows\Microsoft.NET\Framework64\v3.0\Windows Communication Foundation\infocard.exe
12:01:52.0909 4820 idsvc - ok
12:01:52.0919 4820 iirsp (5c18831c61933628f5bb0ea2675b9d21) C:\Windows\system32\drivers\iirsp.sys
12:01:52.0929 4820 iirsp - ok
12:01:52.0999 4820 IKEEXT (fcd84c381e0140af901e58d48882d26b) C:\Windows\System32\ikeext.dll
12:01:53.0009 4820 IKEEXT - ok
12:01:53.0029 4820 intelide (f00f20e70c6ec3aa366910083a0518aa) C:\Windows\system32\drivers\intelide.sys
12:01:53.0029 4820 intelide - ok
12:01:53.0049 4820 intelppm (ada036632c664caa754079041cf1f8c1) C:\Windows\system32\DRIVERS\intelppm.sys
12:01:53.0049 4820 intelppm - ok
12:01:53.0069 4820 IPBusEnum (098a91c54546a3b878dad6a7e90a455b) C:\Windows\system32\ipbusenum.dll
12:01:53.0069 4820 IPBusEnum - ok
12:01:53.0079 4820 IpFilterDriver (c9f0e1bd74365a8771590e9008d22ab6) C:\Windows\system32\DRIVERS\ipfltdrv.sys
12:01:53.0079 4820 IpFilterDriver - ok
12:01:53.0089 4820 IPMIDRV (0fc1aea580957aa8817b8f305d18ca3a) C:\Windows\system32\drivers\IPMIDrv.sys
12:01:53.0099 4820 IPMIDRV - ok
12:01:53.0109 4820 IPNAT (af9b39a7e7b6caa203b3862582e9f2d0) C:\Windows\system32\drivers\ipnat.sys
12:01:53.0109 4820 IPNAT - ok
12:01:53.0129 4820 IRENUM (3abf5e7213eb28966d55d58b515d5ce9) C:\Windows\system32\drivers\irenum.sys
12:01:53.0129 4820 IRENUM - ok
12:01:53.0139 4820 isapnp (2f7b28dc3e1183e5eb418df55c204f38) C:\Windows\system32\drivers\isapnp.sys
12:01:53.0139 4820 isapnp - ok
12:01:53.0159 4820 iScsiPrt (d931d7309deb2317035b07c9f9e6b0bd) C:\Windows\system32\drivers\msiscsi.sys
12:01:53.0159 4820 iScsiPrt - ok
12:01:53.0189 4820 kbdclass (bc02336f1cba7dcc7d1213bb588a68a5) C:\Windows\system32\DRIVERS\kbdclass.sys
12:01:53.0189 4820 kbdclass - ok
12:01:53.0199 4820 kbdhid (0705eff5b42a9db58548eec3b26bb484) C:\Windows\system32\DRIVERS\kbdhid.sys
12:01:53.0199 4820 kbdhid - ok
12:01:53.0209 4820 KeyIso (c118a82cd78818c29ab228366ebf81c3) C:\Windows\system32\lsass.exe
12:01:53.0219 4820 KeyIso - ok
12:01:53.0229 4820 KSecDD (da1e991a61cfdd755a589e206b97644b) C:\Windows\system32\Drivers\ksecdd.sys
12:01:53.0229 4820 KSecDD - ok
12:01:53.0319 4820 KSecPkg (7e33198d956943a4f11a5474c1e9106f) C:\Windows\system32\Drivers\ksecpkg.sys
12:01:53.0319 4820 KSecPkg - ok
12:01:53.0329 4820 ksthunk (6869281e78cb31a43e969f06b57347c4) C:\Windows\system32\drivers\ksthunk.sys
12:01:53.0329 4820 ksthunk - ok
12:01:53.0359 4820 KtmRm (6ab66e16aa859232f64deb66887a8c9c) C:\Windows\system32\msdtckrm.dll
12:01:53.0369 4820 KtmRm - ok
12:01:53.0399 4820 LanmanServer (d9f42719019740baa6d1c6d536cbdaa6) C:\Windows\system32\srvsvc.dll
12:01:53.0399 4820 LanmanServer - ok
12:01:53.0429 4820 LanmanWorkstation (851a1382eed3e3a7476db004f4ee3e1a) C:\Windows\System32\wkssvc.dll
12:01:53.0429 4820 LanmanWorkstation - ok
12:01:53.0459 4820 lltdio (1538831cf8ad2979a04c423779465827) C:\Windows\system32\DRIVERS\lltdio.sys
12:01:53.0459 4820 lltdio - ok
12:01:53.0489 4820 lltdsvc (c1185803384ab3feed115f79f109427f) C:\Windows\System32\lltdsvc.dll
12:01:53.0499 4820 lltdsvc - ok
12:01:53.0509 4820 lmhosts (f993a32249b66c9d622ea5592a8b76b8) C:\Windows\System32\lmhsvc.dll
12:01:53.0509 4820 lmhosts - ok
12:01:53.0529 4820 LSI_FC (1a93e54eb0ece102495a51266dcdb6a6) C:\Windows\system32\drivers\lsi_fc.sys
12:01:53.0529 4820 LSI_FC - ok
12:01:53.0549 4820 LSI_SAS (1047184a9fdc8bdbff857175875ee810) C:\Windows\system32\drivers\lsi_sas.sys
12:01:53.0549 4820 LSI_SAS - ok
12:01:53.0569 4820 LSI_SAS2 (30f5c0de1ee8b5bc9306c1f0e4a75f93) C:\Windows\system32\drivers\lsi_sas2.sys
12:01:53.0569 4820 LSI_SAS2 - ok
12:01:53.0589 4820 LSI_SCSI (0504eacaff0d3c8aed161c4b0d369d4a) C:\Windows\system32\drivers\lsi_scsi.sys
12:01:53.0589 4820 LSI_SCSI - ok
12:01:53.0609 4820 luafv (43d0f98e1d56ccddb0d5254cff7b356e) C:\Windows\system32\drivers\luafv.sys
12:01:53.0609 4820 luafv - ok
12:01:53.0679 4820 lxdoCATSCustConnectService (741083526ba1c6217d7e664bb86cfa62) C:\Windows\system32\spool\DRIVERS\x64\3\\lxdoserv.exe
12:01:53.0679 4820 lxdoCATSCustConnectService - ok
12:01:53.0679 4820 lxdo_device - ok
12:01:53.0699 4820 Mcx2Svc (0be09cd858abf9df6ed259d57a1a1663) C:\Windows\system32\Mcx2Svc.dll
12:01:53.0699 4820 Mcx2Svc - ok
12:01:53.0709 4820 megasas (a55805f747c6edb6a9080d7c633bd0f4) C:\Windows\system32\drivers\megasas.sys
12:01:53.0709 4820 megasas - ok
12:01:53.0739 4820 MegaSR (baf74ce0072480c3b6b7c13b2a94d6b3) C:\Windows\system32\drivers\MegaSR.sys
12:01:53.0739 4820 MegaSR - ok
12:01:53.0759 4820 MFWAMIDI64 (b992a0d38b61d257171ac4078dc409ae) C:\Windows\system32\drivers\MFWAMIDI64.sys
12:01:53.0759 4820 MFWAMIDI64 - ok
12:01:53.0779 4820 MFWAWAVE64 (5d74d2f72587a0dbc3fca1e51c83e8b0) C:\Windows\system32\drivers\MFWAWAVE64.sys
12:01:53.0779 4820 MFWAWAVE64 - ok
12:01:53.0799 4820 MMCSS (e40e80d0304a73e8d269f7141d77250b) C:\Windows\system32\mmcss.dll
12:01:53.0799 4820 MMCSS - ok
12:01:53.0809 4820 Modem (800ba92f7010378b09f9ed9270f07137) C:\Windows\system32\drivers\modem.sys
12:01:53.0819 4820 Modem - ok
12:01:53.0829 4820 monitor (b03d591dc7da45ece20b3b467e6aadaa) C:\Windows\system32\DRIVERS\monitor.sys
12:01:53.0829 4820 monitor - ok
12:01:53.0849 4820 motubus (b530bc8de36aa7416d2b9321893aee3f) C:\Windows\system32\drivers\MotuBus64.sys
12:01:53.0849 4820 motubus - ok
12:01:53.0899 4820 MotuFWA64 (4e150afc2b936fec445ea46c27ee4daf) C:\Windows\system32\drivers\Motufwa64.sys
12:01:53.0899 4820 MotuFWA64 - ok
12:01:53.0919 4820 mouclass (7d27ea49f3c1f687d357e77a470aea99) C:\Windows\system32\DRIVERS\mouclass.sys
12:01:53.0919 4820 mouclass - ok
12:01:53.0939 4820 mouhid (d3bf052c40b0c4166d9fd86a4288c1e6) C:\Windows\system32\DRIVERS\mouhid.sys
12:01:53.0939 4820 mouhid - ok
12:01:53.0949 4820 mountmgr (32e7a3d591d671a6df2db515a5cbe0fa) C:\Windows\system32\drivers\mountmgr.sys
12:01:53.0949 4820 mountmgr - ok
12:01:54.0009 4820 MozillaMaintenance (96aa8ba23142cc8e2b30f3cae0c80254) C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe
12:01:54.0019 4820 MozillaMaintenance - ok
12:01:54.0039 4820 mpio (a44b420d30bd56e145d6a2bc8768ec58) C:\Windows\system32\drivers\mpio.sys
12:01:54.0039 4820 mpio - ok
12:01:54.0049 4820 mpsdrv (6c38c9e45ae0ea2fa5e551f2ed5e978f) C:\Windows\system32\drivers\mpsdrv.sys
12:01:54.0049 4820 mpsdrv - ok
12:01:54.0069 4820 MRxDAV (dc722758b8261e1abafd31a3c0a66380) C:\Windows\system32\drivers\mrxdav.sys
12:01:54.0069 4820 MRxDAV - ok
12:01:54.0089 4820 mrxsmb (a5d9106a73dc88564c825d317cac68ac) C:\Windows\system32\DRIVERS\mrxsmb.sys
12:01:54.0099 4820 mrxsmb - ok
12:01:54.0119 4820 mrxsmb10 (d711b3c1d5f42c0c2415687be09fc163) C:\Windows\system32\DRIVERS\mrxsmb10.sys
12:01:54.0119 4820 mrxsmb10 - ok
12:01:54.0139 4820 mrxsmb20 (9423e9d355c8d303e76b8cfbd8a5c30c) C:\Windows\system32\DRIVERS\mrxsmb20.sys
12:01:54.0139 4820 mrxsmb20 - ok
12:01:54.0149 4820 msahci (c25f0bafa182cbca2dd3c851c2e75796) C:\Windows\system32\drivers\msahci.sys
12:01:54.0149 4820 msahci - ok
12:01:54.0169 4820 msdsm (db801a638d011b9633829eb6f663c900) C:\Windows\system32\drivers\msdsm.sys
12:01:54.0169 4820 msdsm - ok
12:01:54.0189 4820 MSDTC (de0ece52236cfa3ed2dbfc03f28253a8) C:\Windows\System32\msdtc.exe
12:01:54.0189 4820 MSDTC - ok
12:01:54.0209 4820 Msfs (aa3fb40e17ce1388fa1bedab50ea8f96) C:\Windows\system32\drivers\Msfs.sys
12:01:54.0209 4820 Msfs - ok
12:01:54.0219 4820 mshidkmdf (f9d215a46a8b9753f61767fa72a20326) C:\Windows\System32\drivers\mshidkmdf.sys
12:01:54.0219 4820 mshidkmdf - ok
12:01:54.0229 4820 msisadrv (d916874bbd4f8b07bfb7fa9b3ccae29d) C:\Windows\system32\drivers\msisadrv.sys
12:01:54.0229 4820 msisadrv - ok
12:01:54.0269 4820 MSiSCSI (808e98ff49b155c522e6400953177b08) C:\Windows\system32\iscsiexe.dll
12:01:54.0269 4820 MSiSCSI - ok
12:01:54.0269 4820 msiserver - ok
12:01:54.0289 4820 MSKSSRV (49ccf2c4fea34ffad8b1b59d49439366) C:\Windows\system32\drivers\MSKSSRV.sys
12:01:54.0289 4820 MSKSSRV - ok
12:01:54.0289 4820 MSPCLOCK (bdd71ace35a232104ddd349ee70e1ab3) C:\Windows\system32\drivers\MSPCLOCK.sys
12:01:54.0299 4820 MSPCLOCK - ok
12:01:54.0299 4820 MSPQM (4ed981241db27c3383d72092b618a1d0) C:\Windows\system32\drivers\MSPQM.sys
12:01:54.0299 4820 MSPQM - ok
12:01:54.0329 4820 MsRPC (759a9eeb0fa9ed79da1fb7d4ef78866d) C:\Windows\system32\drivers\MsRPC.sys
12:01:54.0329 4820 MsRPC - ok
12:01:54.0349 4820 mssmbios (0eed230e37515a0eaee3c2e1bc97b288) C:\Windows\system32\DRIVERS\mssmbios.sys
12:01:54.0349 4820 mssmbios - ok
12:01:54.0359 4820 MSTEE (2e66f9ecb30b4221a318c92ac2250779) C:\Windows\system32\drivers\MSTEE.sys
12:01:54.0359 4820 MSTEE - ok
12:01:54.0369 4820 MTConfig (7ea404308934e675bffde8edf0757bcd) C:\Windows\system32\drivers\MTConfig.sys
12:01:54.0369 4820 MTConfig - ok
12:01:54.0379 4820 Mup (f9a18612fd3526fe473c1bda678d61c8) C:\Windows\system32\Drivers\mup.sys
12:01:54.0379 4820 Mup - ok
12:01:54.0419 4820 napagent (582ac6d9873e31dfa28a4547270862dd) C:\Windows\system32\qagentRT.dll
12:01:54.0429 4820 napagent - ok
12:01:54.0469 4820 NativeWifiP (1ea3749c4114db3e3161156ffffa6b33) C:\Windows\system32\DRIVERS\nwifi.sys
12:01:54.0469 4820 NativeWifiP - ok
12:01:54.0539 4820 NDIS (79b47fd40d9a817e932f9d26fac0a81c) C:\Windows\system32\drivers\ndis.sys
12:01:54.0549 4820 NDIS - ok
12:01:54.0559 4820 NdisCap (9f9a1f53aad7da4d6fef5bb73ab811ac) C:\Windows\system32\DRIVERS\ndiscap.sys
12:01:54.0559 4820 NdisCap - ok
12:01:54.0579 4820 NdisTapi (30639c932d9fef22b31268fe25a1b6e5) C:\Windows\system32\DRIVERS\ndistapi.sys
12:01:54.0579 4820 NdisTapi - ok
12:01:54.0589 4820 Ndisuio (136185f9fb2cc61e573e676aa5402356) C:\Windows\system32\DRIVERS\ndisuio.sys
12:01:54.0589 4820 Ndisuio - ok
12:01:54.0609 4820 NdisWan (53f7305169863f0a2bddc49e116c2e11) C:\Windows\system32\DRIVERS\ndiswan.sys
12:01:54.0609 4820 NdisWan - ok
12:01:54.0619 4820 NDProxy (015c0d8e0e0421b4cfd48cffe2825879) C:\Windows\system32\drivers\NDProxy.sys
12:01:54.0619 4820 NDProxy - ok
12:01:54.0629 4820 NetBIOS (86743d9f5d2b1048062b14b1d84501c4) C:\Windows\system32\DRIVERS\netbios.sys
12:01:54.0629 4820 NetBIOS - ok
12:01:54.0649 4820 NetBT (09594d1089c523423b32a4229263f068) C:\Windows\system32\DRIVERS\netbt.sys
12:01:54.0649 4820 NetBT - ok
12:01:54.0669 4820 Netlogon (c118a82cd78818c29ab228366ebf81c3) C:\Windows\system32\lsass.exe
12:01:54.0669 4820 Netlogon - ok
12:01:54.0719 4820 Netman (847d3ae376c0817161a14a82c8922a9e) C:\Windows\System32\netman.dll
12:01:54.0719 4820 Netman - ok
12:01:54.0749 4820 netprofm (5f28111c648f1e24f7dbc87cdeb091b8) C:\Windows\System32\netprofm.dll
12:01:54.0749 4820 netprofm - ok
12:01:54.0819 4820 NetTcpPortSharing (3e5a36127e201ddf663176b66828fafe) C:\Windows\Microsoft.NET\Framework64\v3.0\Windows Communication Foundation\SMSvcHost.exe
12:01:54.0819 4820 NetTcpPortSharing - ok
12:01:54.0839 4820 nfrd960 (77889813be4d166cdab78ddba990da92) C:\Windows\system32\drivers\nfrd960.sys
12:01:54.0839 4820 nfrd960 - ok
12:01:54.0859 4820 NlaSvc (1ee99a89cc788ada662441d1e9830529) C:\Windows\System32\nlasvc.dll
12:01:54.0869 4820 NlaSvc - ok
12:01:54.0879 4820 Npfs (1e4c4ab5c9b8dd13179bbdc75a2a01f7) C:\Windows\system32\drivers\Npfs.sys
12:01:54.0879 4820 Npfs - ok
12:01:54.0889 4820 nsi (d54bfdf3e0c953f823b3d0bfe4732528) C:\Windows\system32\nsisvc.dll
12:01:54.0889 4820 nsi - ok
12:01:54.0899 4820 nsiproxy (e7f5ae18af4168178a642a9247c63001) C:\Windows\system32\drivers\nsiproxy.sys
12:01:54.0899 4820 nsiproxy - ok
12:01:55.0019 4820 Ntfs (a2f74975097f52a00745f9637451fdd8) C:\Windows\system32\drivers\Ntfs.sys
12:01:55.0049 4820 Ntfs - ok
12:01:55.0119 4820 Null (9899284589f75fa8724ff3d16aed75c1) C:\Windows\system32\drivers\Null.sys
12:01:55.0119 4820 Null - ok
12:01:55.0509 4820 NVIDIA Performance Driver Service (74f76af4695e7b183ea43ab41d620f82) C:\Program Files\NVIDIA Corporation\Performance Drivers\nvPDsvc.exe
12:01:55.0549 4820 NVIDIA Performance Driver Service - ok
12:01:56.0269 4820 nvlddmkm (e55cab397f77d5208db18a78b1b7c0d5) C:\Windows\system32\DRIVERS\nvlddmkm.sys
12:01:56.0439 4820 nvlddmkm - ok
12:01:56.0559 4820 nvraid (0a92cb65770442ed0dc44834632f66ad) C:\Windows\system32\drivers\nvraid.sys
12:01:56.0559 4820 nvraid - ok
12:01:56.0579 4820 nvstor (dab0e87525c10052bf65f06152f37e4a) C:\Windows\system32\drivers\nvstor.sys
12:01:56.0579 4820 nvstor - ok
12:01:56.0619 4820 nvsvc (43bc8151893ae6afe42e149d663c2221) C:\Windows\system32\nvvsvc.exe
12:01:56.0629 4820 nvsvc - ok
12:01:56.0649 4820 nv_agp (270d7cd42d6e3979f6dd0146650f0e05) C:\Windows\system32\drivers\nv_agp.sys
12:01:56.0649 4820 nv_agp - ok
12:01:56.0659 4820 ohci1394 (3589478e4b22ce21b41fa1bfc0b8b8a0) C:\Windows\system32\drivers\ohci1394.sys
12:01:56.0659 4820 ohci1394 - ok
12:01:56.0709 4820 ose (7a56cf3e3f12e8af599963b16f50fb6a) C:\Program Files (x86)\Common Files\Microsoft Shared\Source Engine\OSE.EXE
12:01:56.0709 4820 ose - ok
12:01:56.0749 4820 p2pimsvc (3eac4455472cc2c97107b5291e0dcafe) C:\Windows\system32\pnrpsvc.dll
12:01:56.0749 4820 p2pimsvc - ok
12:01:56.0789 4820 p2psvc (927463ecb02179f88e4b9a17568c63c3) C:\Windows\system32\p2psvc.dll
12:01:56.0789 4820 p2psvc - ok
12:01:56.0819 4820 Parport (0086431c29c35be1dbc43f52cc273887) C:\Windows\system32\DRIVERS\parport.sys
12:01:56.0819 4820 Parport - ok
12:01:56.0849 4820 partmgr (e9766131eeade40a27dc27d2d68fba9c) C:\Windows\system32\drivers\partmgr.sys
12:01:56.0849 4820 partmgr - ok
12:01:56.0869 4820 PcaSvc (3aeaa8b561e63452c655dc0584922257) C:\Windows\System32\pcasvc.dll
12:01:56.0869 4820 PcaSvc - ok
12:01:56.0889 4820 pci (94575c0571d1462a0f70bde6bd6ee6b3) C:\Windows\system32\drivers\pci.sys
12:01:56.0889 4820 pci - ok
12:01:56.0899 4820 pciide (b5b8b5ef2e5cb34df8dcf8831e3534fa) C:\Windows\system32\drivers\pciide.sys
12:01:56.0899 4820 pciide - ok
12:01:56.0919 4820 pcmcia (b2e81d4e87ce48589f98cb8c05b01f2f) C:\Windows\system32\drivers\pcmcia.sys
12:01:56.0919 4820 pcmcia - ok
12:01:56.0939 4820 pcw (d6b9c2e1a11a3a4b26a182ffef18f603) C:\Windows\system32\drivers\pcw.sys
12:01:56.0939 4820 pcw - ok
12:01:56.0979 4820 PEAUTH (68769c3356b3be5d1c732c97b9a80d6e) C:\Windows\system32\drivers\peauth.sys
12:01:56.0979 4820 PEAUTH - ok
12:01:57.0049 4820 PerfHost (e495e408c93141e8fc72dc0c6046ddfa) C:\Windows\SysWow64\perfhost.exe
12:01:57.0049 4820 PerfHost - ok
12:01:57.0139 4820 pla (c7cf6a6e137463219e1259e3f0f0dd6c) C:\Windows\system32\pla.dll
12:01:57.0169 4820 pla - ok
12:01:57.0209 4820 PlugPlay (25fbdef06c4d92815b353f6e792c8129) C:\Windows\system32\umpnpmgr.dll
12:01:57.0219 4820 PlugPlay - ok
12:01:57.0219 4820 PNRPAutoReg (7195581cec9bb7d12abe54036acc2e38) C:\Windows\system32\pnrpauto.dll
12:01:57.0219 4820 PNRPAutoReg - ok
12:01:57.0299 4820 PNRPsvc (3eac4455472cc2c97107b5291e0dcafe) C:\Windows\system32\pnrpsvc.dll
12:01:57.0299 4820 PNRPsvc - ok
12:01:57.0339 4820 PolicyAgent (4f15d75adf6156bf56eced6d4a55c389) C:\Windows\System32\ipsecsvc.dll
12:01:57.0339 4820 PolicyAgent - ok
12:01:57.0379 4820 Power (6ba9d927dded70bd1a9caded45f8b184) C:\Windows\system32\umpo.dll
12:01:57.0379 4820 Power - ok
12:01:57.0429 4820 PptpMiniport (f92a2c41117a11a00be01ca01a7fcde9) C:\Windows\system32\DRIVERS\raspptp.sys
12:01:57.0429 4820 PptpMiniport - ok
12:01:57.0439 4820 Processor (0d922e23c041efb1c3fac2a6f943c9bf) C:\Windows\system32\drivers\processr.sys
12:01:57.0439 4820 Processor - ok
12:01:57.0469 4820 ProfSvc (5c78838b4d166d1a27db3a8a820c799a) C:\Windows\system32\profsvc.dll
12:01:57.0469 4820 ProfSvc - ok
12:01:57.0489 4820 ProtectedStorage (c118a82cd78818c29ab228366ebf81c3) C:\Windows\system32\lsass.exe
12:01:57.0489 4820 ProtectedStorage - ok
12:01:57.0519 4820 Psched (0557cf5a2556bd58e26384169d72438d) C:\Windows\system32\DRIVERS\pacer.sys
12:01:57.0519 4820 Psched - ok
12:01:57.0609 4820 ql2300 (a53a15a11ebfd21077463ee2c7afeef0) C:\Windows\system32\drivers\ql2300.sys
12:01:57.0629 4820 ql2300 - ok
12:01:57.0709 4820 ql40xx (4f6d12b51de1aaeff7dc58c4d75423c8) C:\Windows\system32\drivers\ql40xx.sys
12:01:57.0709 4820 ql40xx - ok
12:01:57.0729 4820 QWAVE (906191634e99aea92c4816150bda3732) C:\Windows\system32\qwave.dll
12:01:57.0729 4820 QWAVE - ok
12:01:57.0739 4820 QWAVEdrv (76707bb36430888d9ce9d705398adb6c) C:\Windows\system32\drivers\qwavedrv.sys
12:01:57.0739 4820 QWAVEdrv - ok
12:01:57.0749 4820 RasAcd (5a0da8ad5762fa2d91678a8a01311704) C:\Windows\system32\DRIVERS\rasacd.sys
12:01:57.0749 4820 RasAcd - ok
12:01:57.0769 4820 RasAgileVpn (7ecff9b22276b73f43a99a15a6094e90) C:\Windows\system32\DRIVERS\AgileVpn.sys
12:01:57.0769 4820 RasAgileVpn - ok
12:01:57.0779 4820 RasAuto (8f26510c5383b8dbe976de1cd00fc8c7) C:\Windows\System32\rasauto.dll
12:01:57.0779 4820 RasAuto - ok
12:01:57.0799 4820 Rasl2tp (471815800ae33e6f1c32fb1b97c490ca) C:\Windows\system32\DRIVERS\rasl2tp.sys
12:01:57.0799 4820 Rasl2tp - ok
12:01:57.0829 4820 RasMan (ee867a0870fc9e4972ba9eaad35651e2) C:\Windows\System32\rasmans.dll
12:01:57.0829 4820 RasMan - ok
12:01:57.0839 4820 RasPppoe (855c9b1cd4756c5e9a2aa58a15f58c25) C:\Windows\system32\DRIVERS\raspppoe.sys
12:01:57.0839 4820 RasPppoe - ok
12:01:57.0859 4820 RasSstp (e8b1e447b008d07ff47d016c2b0eeecb) C:\Windows\system32\DRIVERS\rassstp.sys
12:01:57.0859 4820 RasSstp - ok
12:01:57.0889 4820 rdbss (77f665941019a1594d887a74f301fa2f) C:\Windows\system32\DRIVERS\rdbss.sys
12:01:57.0889 4820 rdbss - ok
12:01:57.0899 4820 rdpbus (302da2a0539f2cf54d7c6cc30c1f2d8d) C:\Windows\system32\drivers\rdpbus.sys
12:01:57.0899 4820 rdpbus - ok
12:01:57.0909 4820 RDPCDD (cea6cc257fc9b7715f1c2b4849286d24) C:\Windows\system32\DRIVERS\RDPCDD.sys
12:01:57.0909 4820 RDPCDD - ok
12:01:57.0919 4820 RDPENCDD (bb5971a4f00659529a5c44831af22365) C:\Windows\system32\drivers\rdpencdd.sys
12:01:57.0919 4820 RDPENCDD - ok
12:01:57.0939 4820 RDPREFMP (216f3fa57533d98e1f74ded70113177a) C:\Windows\system32\drivers\rdprefmp.sys
12:01:57.0939 4820 RDPREFMP - ok
12:01:57.0979 4820 RDPWD (6d76e6433574b058adcb0c50df834492) C:\Windows\system32\drivers\RDPWD.sys
12:01:57.0979 4820 RDPWD - ok
12:01:58.0009 4820 rdyboost (34ed295fa0121c241bfef24764fc4520) C:\Windows\system32\drivers\rdyboost.sys
12:01:58.0009 4820 rdyboost - ok
12:01:58.0029 4820 RemoteAccess (254fb7a22d74e5511c73a3f6d802f192) C:\Windows\System32\mprdim.dll
12:01:58.0039 4820 RemoteAccess - ok
12:01:58.0059 4820 RemoteRegistry (e4d94f24081440b5fc5aa556c7c62702) C:\Windows\system32\regsvc.dll
12:01:58.0059 4820 RemoteRegistry - ok
12:01:58.0069 4820 RpcEptMapper (e4dc58cf7b3ea515ae917ff0d402a7bb) C:\Windows\System32\RpcEpMap.dll
12:01:58.0079 4820 RpcEptMapper - ok
12:01:58.0099 4820 RpcLocator (d5ba242d4cf8e384db90e6a8ed850b8c) C:\Windows\system32\locator.exe
12:01:58.0099 4820 RpcLocator - ok
12:01:58.0129 4820 RpcSs (5c627d1b1138676c0a7ab2c2c190d123) C:\Windows\system32\rpcss.dll
12:01:58.0139 4820 RpcSs - ok
12:01:58.0149 4820 rspndr (ddc86e4f8e7456261e637e3552e804ff) C:\Windows\system32\DRIVERS\rspndr.sys
12:01:58.0149 4820 rspndr - ok
12:01:58.0169 4820 SamSs (c118a82cd78818c29ab228366ebf81c3) C:\Windows\system32\lsass.exe
12:01:58.0169 4820 SamSs - ok
12:01:58.0189 4820 sbp2port (ac03af3329579fffb455aa2daabbe22b) C:\Windows\system32\drivers\sbp2port.sys
12:01:58.0189 4820 sbp2port - ok
12:01:58.0209 4820 SCardSvr (9b7395789e3791a3b6d000fe6f8b131e) C:\Windows\System32\SCardSvr.dll
12:01:58.0209 4820 SCardSvr - ok
12:01:58.0219 4820 scfilter (253f38d0d7074c02ff8deb9836c97d2b) C:\Windows\system32\DRIVERS\scfilter.sys
12:01:58.0219 4820 scfilter - ok
12:01:58.0289 4820 Schedule (262f6592c3299c005fd6bec90fc4463a) C:\Windows\system32\schedsvc.dll
12:01:58.0299 4820 Schedule - ok
12:01:58.0319 4820 SCPolicySvc (f17d1d393bbc69c5322fbfafaca28c7f) C:\Windows\System32\certprop.dll
12:01:58.0319 4820 SCPolicySvc - ok
12:01:58.0369 4820 SDRSVC (6ea4234dc55346e0709560fe7c2c1972) C:\Windows\System32\SDRSVC.dll
12:01:58.0369 4820 SDRSVC - ok
12:01:58.0409 4820 secdrv (3ea8a16169c26afbeb544e0e48421186) C:\Windows\system32\drivers\secdrv.sys
12:01:58.0409 4820 secdrv - ok
12:01:58.0419 4820 seclogon (bc617a4e1b4fa8df523a061739a0bd87) C:\Windows\system32\seclogon.dll
12:01:58.0419 4820 seclogon - ok
12:01:58.0439 4820 SENS (c32ab8fa018ef34c0f113bd501436d21) C:\Windows\System32\sens.dll
12:01:58.0439 4820 SENS - ok
12:01:58.0449 4820 SensrSvc (0336cffafaab87a11541f1cf1594b2b2) C:\Windows\system32\sensrsvc.dll
12:01:58.0449 4820 SensrSvc - ok
12:01:58.0469 4820 Serenum (cb624c0035412af0debec78c41f5ca1b) C:\Windows\system32\DRIVERS\serenum.sys
12:01:58.0469 4820 Serenum - ok
12:01:58.0499 4820 Serial (c1d8e28b2c2adfaec4ba89e9fda69bd6) C:\Windows\system32\DRIVERS\serial.sys
12:01:58.0499 4820 Serial - ok
12:01:58.0509 4820 sermouse (1c545a7d0691cc4a027396535691c3e3) C:\Windows\system32\drivers\sermouse.sys
12:01:58.0509 4820 sermouse - ok
12:01:58.0529 4820 SessionEnv (0b6231bf38174a1628c4ac812cc75804) C:\Windows\system32\sessenv.dll
12:01:58.0529 4820 SessionEnv - ok
12:01:58.0539 4820 sffdisk (a554811bcd09279536440c964ae35bbf) C:\Windows\system32\drivers\sffdisk.sys
12:01:58.0539 4820 sffdisk - ok
12:01:58.0539 4820 sffp_mmc (ff414f0baefeba59bc6c04b3db0b87bf) C:\Windows\system32\drivers\sffp_mmc.sys
12:01:58.0539 4820 sffp_mmc - ok
12:01:58.0549 4820 sffp_sd (dd85b78243a19b59f0637dcf284da63c) C:\Windows\system32\drivers\sffp_sd.sys
12:01:58.0549 4820 sffp_sd - ok
12:01:58.0549 4820 sfloppy (a9d601643a1647211a1ee2ec4e433ff4) C:\Windows\system32\drivers\sfloppy.sys
12:01:58.0549 4820 sfloppy - ok
12:01:58.0579 4820 ShellHWDetection (aaf932b4011d14052955d4b212a4da8d) C:\Windows\System32\shsvcs.dll
12:01:58.0579 4820 ShellHWDetection - ok
12:01:58.0599 4820 SiSRaid2 (843caf1e5fde1ffd5ff768f23a51e2e1) C:\Windows\system32\drivers\SiSRaid2.sys
12:01:58.0599 4820 SiSRaid2 - ok
12:01:58.0619 4820 SiSRaid4 (6a6c106d42e9ffff8b9fcb4f754f6da4) C:\Windows\system32\drivers\sisraid4.sys
12:01:58.0619 4820 SiSRaid4 - ok
12:01:58.0689 4820 SkypeUpdate (6128e98eaaed364ed1a32708d2fd22cb) C:\Program Files (x86)\Skype\Updater\Updater.exe
12:01:58.0689 4820 SkypeUpdate - ok
12:01:58.0709 4820 Smb (548260a7b8654e024dc30bf8a7c5baa4) C:\Windows\system32\DRIVERS\smb.sys
12:01:58.0709 4820 Smb - ok
12:01:58.0729 4820 SNMPTRAP (6313f223e817cc09aa41811daa7f541d) C:\Windows\System32\snmptrap.exe
12:01:58.0729 4820 SNMPTRAP - ok
12:01:58.0779 4820 speedfan (12583af6cbe0050651eaf2723b3ad7b3) C:\Windows\syswow64\speedfan.sys
12:01:58.0779 4820 speedfan - ok
12:01:58.0789 4820 spldr (b9e31e5cacdfe584f34f730a677803f9) C:\Windows\system32\drivers\spldr.sys
12:01:58.0789 4820 spldr - ok
12:01:58.0819 4820 Spooler (b96c17b5dc1424d56eea3a99e97428cd) C:\Windows\System32\spoolsv.exe
12:01:58.0829 4820 Spooler - ok
12:01:59.0019 4820 sppsvc (e17e0188bb90fae42d83e98707efa59c) C:\Windows\system32\sppsvc.exe
12:01:59.0049 4820 sppsvc - ok
12:01:59.0129 4820 sppuinotify (93d7d61317f3d4bc4f4e9f8a96a7de45) C:\Windows\system32\sppuinotify.dll
12:01:59.0129 4820 sppuinotify - ok
12:01:59.0169 4820 srv (441fba48bff01fdb9d5969ebc1838f0b) C:\Windows\system32\DRIVERS\srv.sys
12:01:59.0179 4820 srv - ok
12:01:59.0209 4820 srv2 (b4adebbf5e3677cce9651e0f01f7cc28) C:\Windows\system32\DRIVERS\srv2.sys
12:01:59.0209 4820 srv2 - ok
12:01:59.0239 4820 srvnet (27e461f0be5bff5fc737328f749538c3) C:\Windows\system32\DRIVERS\srvnet.sys
12:01:59.0239 4820 srvnet - ok
12:01:59.0279 4820 SSDPSRV (51b52fbd583cde8aa9ba62b8b4298f33) C:\Windows\System32\ssdpsrv.dll
12:01:59.0279 4820 SSDPSRV - ok
12:01:59.0289 4820 SstpSvc (ab7aebf58dad8daab7a6c45e6a8885cb) C:\Windows\system32\sstpsvc.dll
12:01:59.0289 4820 SstpSvc - ok
12:01:59.0309 4820 stexstor (f3817967ed533d08327dc73bc4d5542a) C:\Windows\system32\drivers\stexstor.sys
12:01:59.0309 4820 stexstor - ok
12:01:59.0349 4820 stisvc (8dd52e8e6128f4b2da92ce27402871c1) C:\Windows\System32\wiaservc.dll
12:01:59.0359 4820 stisvc - ok
12:01:59.0369 4820 swenum (d01ec09b6711a5f8e7e6564a4d0fbc90) C:\Windows\system32\DRIVERS\swenum.sys
12:01:59.0369 4820 swenum - ok
12:01:59.0409 4820 swprv (e08e46fdd841b7184194011ca1955a0b) C:\Windows\System32\swprv.dll
12:01:59.0409 4820 swprv - ok
12:01:59.0509 4820 SysMain (bf9ccc0bf39b418c8d0ae8b05cf95b7d) C:\Windows\system32\sysmain.dll
12:01:59.0539 4820 SysMain - ok
12:01:59.0579 4820 TabletInputService (e3c61fd7b7c2557e1f1b0b4cec713585) C:\Windows\System32\TabSvc.dll
12:01:59.0589 4820 TabletInputService - ok
12:01:59.0609 4820 TapiSrv (40f0849f65d13ee87b9a9ae3c1dd6823) C:\Windows\System32\tapisrv.dll
12:01:59.0619 4820 TapiSrv - ok
12:01:59.0629 4820 TBS (1be03ac720f4d302ea01d40f588162f6) C:\Windows\System32\tbssvc.dll
12:01:59.0639 4820 TBS - ok
12:01:59.0769 4820 Tcpip (acb82bda8f46c84f465c1afa517dc4b9) C:\Windows\system32\drivers\tcpip.sys
12:01:59.0799 4820 Tcpip - ok
12:01:59.0929 4820 TCPIP6 (acb82bda8f46c84f465c1afa517dc4b9) C:\Windows\system32\DRIVERS\tcpip.sys
12:01:59.0939 4820 TCPIP6 - ok
12:01:59.0979 4820 tcpipreg (df687e3d8836bfb04fcc0615bf15a519) C:\Windows\system32\drivers\tcpipreg.sys
12:01:59.0979 4820 tcpipreg - ok
12:01:59.0989 4820 TDPIPE (3371d21011695b16333a3934340c4e7c) C:\Windows\system32\drivers\tdpipe.sys
12:01:59.0989 4820 TDPIPE - ok
12:02:00.0019 4820 TDTCP (51c5eceb1cdee2468a1748be550cfbc8) C:\Windows\system32\drivers\tdtcp.sys
12:02:00.0019 4820 TDTCP - ok
12:02:00.0039 4820 tdx (ddad5a7ab24d8b65f8d724f5c20fd806) C:\Windows\system32\DRIVERS\tdx.sys
12:02:00.0039 4820 tdx - ok
12:02:00.0049 4820 TermDD (561e7e1f06895d78de991e01dd0fb6e5) C:\Windows\system32\DRIVERS\termdd.sys
12:02:00.0049 4820 TermDD - ok
12:02:00.0099 4820 TermService (2e648163254233755035b46dd7b89123) C:\Windows\System32\termsrv.dll
12:02:00.0109 4820 TermService - ok
12:02:00.0119 4820 Themes (f0344071948d1a1fa732231785a0664c) C:\Windows\system32\themeservice.dll
12:02:00.0119 4820 Themes - ok
12:02:00.0139 4820 THREADORDER (e40e80d0304a73e8d269f7141d77250b) C:\Windows\system32\mmcss.dll
12:02:00.0139 4820 THREADORDER - ok
12:02:00.0149 4820 TrkWks (7e7afd841694f6ac397e99d75cead49d) C:\Windows\System32\trkwks.dll
12:02:00.0149 4820 TrkWks - ok
12:02:00.0189 4820 TrustedInstaller (773212b2aaa24c1e31f10246b15b276c) C:\Windows\servicing\TrustedInstaller.exe
12:02:00.0189 4820 TrustedInstaller - ok
12:02:00.0199 4820 tssecsrv (ce18b2cdfc837c99e5fae9ca6cba5d30) C:\Windows\system32\DRIVERS\tssecsrv.sys
12:02:00.0209 4820 tssecsrv - ok
12:02:00.0229 4820 TsUsbFlt (d11c783e3ef9a3c52c0ebe83cc5000e9) C:\Windows\system32\drivers\tsusbflt.sys
12:02:00.0229 4820 TsUsbFlt - ok
12:02:00.0239 4820 TsUsbGD (9cc2ccae8a84820eaecb886d477cbcb8) C:\Windows\system32\drivers\TsUsbGD.sys
12:02:00.0239 4820 TsUsbGD - ok
12:02:00.0269 4820 tunnel (3566a8daafa27af944f5d705eaa64894) C:\Windows\system32\DRIVERS\tunnel.sys
12:02:00.0269 4820 tunnel - ok
12:02:00.0279 4820 uagp35 (b4dd609bd7e282bfc683cec7eaaaad67) C:\Windows\system32\drivers\uagp35.sys
12:02:00.0279 4820 uagp35 - ok
12:02:00.0309 4820 udfs (ff4232a1a64012baa1fd97c7b67df593) C:\Windows\system32\DRIVERS\udfs.sys
12:02:00.0309 4820 udfs - ok
12:02:00.0319 4820 UI0Detect (3cbdec8d06b9968aba702eba076364a1) C:\Windows\system32\UI0Detect.exe
12:02:00.0319 4820 UI0Detect - ok
12:02:00.0329 4820 uliagpkx (4bfe1bc28391222894cbf1e7d0e42320) C:\Windows\system32\drivers\uliagpkx.sys
12:02:00.0329 4820 uliagpkx - ok
12:02:00.0349 4820 umbus (dc54a574663a895c8763af0fa1ff7561) C:\Windows\system32\DRIVERS\umbus.sys
12:02:00.0349 4820 umbus - ok
12:02:00.0359 4820 UmPass (b2e8e8cb557b156da5493bbddcc1474d) C:\Windows\system32\drivers\umpass.sys
12:02:00.0359 4820 UmPass - ok
12:02:00.0379 4820 upnphost (d47ec6a8e81633dd18d2436b19baf6de) C:\Windows\System32\upnphost.dll
12:02:00.0389 4820 upnphost - ok
12:02:00.0419 4820 usbccgp (6f1a3157a1c89435352ceb543cdb359c) C:\Windows\system32\DRIVERS\usbccgp.sys
12:02:00.0419 4820 usbccgp - ok
12:02:00.0439 4820 usbcir (af0892a803fdda7492f595368e3b68e7) C:\Windows\system32\drivers\usbcir.sys
12:02:00.0439 4820 usbcir - ok
12:02:00.0479 4820 usbehci (c025055fe7b87701eb042095df1a2d7b) C:\Windows\system32\DRIVERS\usbehci.sys
12:02:00.0479 4820 usbehci - ok
12:02:00.0509 4820 usbhub (287c6c9410b111b68b52ca298f7b8c24) C:\Windows\system32\DRIVERS\usbhub.sys
12:02:00.0509 4820 usbhub - ok
12:02:00.0519 4820 usbohci (9840fc418b4cbd632d3d0a667a725c31) C:\Windows\system32\drivers\usbohci.sys
12:02:00.0519 4820 usbohci - ok
12:02:00.0539 4820 usbprint (73188f58fb384e75c4063d29413cee3d) C:\Windows\system32\DRIVERS\usbprint.sys
12:02:00.0539 4820 usbprint - ok
12:02:00.0579 4820 usbscan (aaa2513c8aed8b54b189fd0c6b1634c0) C:\Windows\system32\DRIVERS\usbscan.sys
12:02:00.0579 4820 usbscan - ok
12:02:00.0609 4820 USBSTOR (fed648b01349a3c8395a5169db5fb7d6) C:\Windows\system32\DRIVERS\USBSTOR.SYS
12:02:00.0609 4820 USBSTOR - ok
12:02:00.0619 4820 usbuhci (62069a34518bcf9c1fd9e74b3f6db7cd) C:\Windows\system32\DRIVERS\usbuhci.sys
12:02:00.0629 4820 usbuhci - ok
12:02:00.0629 4820 UxSms (edbb23cbcf2cdf727d64ff9b51a6070e) C:\Windows\System32\uxsms.dll
12:02:00.0629 4820 UxSms - ok
12:02:00.0649 4820 VaultSvc (c118a82cd78818c29ab228366ebf81c3) C:\Windows\system32\lsass.exe
12:02:00.0649 4820 VaultSvc - ok
12:02:00.0659 4820 vdrvroot (c5c876ccfc083ff3b128f933823e87bd) C:\Windows\system32\drivers\vdrvroot.sys
12:02:00.0659 4820 vdrvroot - ok
12:02:00.0699 4820 vds (8d6b481601d01a456e75c3210f1830be) C:\Windows\System32\vds.exe
12:02:00.0709 4820 vds - ok
12:02:00.0719 4820 vga (da4da3f5e02943c2dc8c6ed875de68dd) C:\Windows\system32\DRIVERS\vgapnp.sys
12:02:00.0729 4820 vga - ok
12:02:00.0739 4820 VgaSave (53e92a310193cb3c03bea963de7d9cfc) C:\Windows\System32\drivers\vga.sys
12:02:00.0739 4820 VgaSave - ok
12:02:00.0749 4820 vhdmp (2ce2df28c83aeaf30084e1b1eb253cbb) C:\Windows\system32\drivers\vhdmp.sys
12:02:00.0759 4820 vhdmp - ok
12:02:00.0769 4820 viaide (e5689d93ffe4e5d66c0178761240dd54) C:\Windows\system32\drivers\viaide.sys
12:02:00.0769 4820 viaide - ok
12:02:00.0789 4820 volmgr (d2aafd421940f640b407aefaaebd91b0) C:\Windows\system32\drivers\volmgr.sys
12:02:00.0789 4820 volmgr - ok
12:02:00.0809 4820 volmgrx (a255814907c89be58b79ef2f189b843b) C:\Windows\system32\drivers\volmgrx.sys
12:02:00.0819 4820 volmgrx - ok
12:02:00.0839 4820 volsnap (0d08d2f3b3ff84e433346669b5e0f639) C:\Windows\system32\drivers\volsnap.sys
12:02:00.0839 4820 volsnap - ok
12:02:00.0869 4820 vsmraid (5e2016ea6ebaca03c04feac5f330d997) C:\Windows\system32\drivers\vsmraid.sys
12:02:00.0869 4820 vsmraid - ok
12:02:00.0969 4820 VSS (b60ba0bc31b0cb414593e169f6f21cc2) C:\Windows\system32\vssvc.exe
12:02:00.0989 4820 VSS - ok
12:02:01.0089 4820 vwifibus (36d4720b72b5c5d9cb2b9c29e9df67a1) C:\Windows\System32\drivers\vwifibus.sys
12:02:01.0089 4820 vwifibus - ok
12:02:01.0119 4820 W32Time (1c9d80cc3849b3788048078c26486e1a) C:\Windows\system32\w32time.dll
12:02:01.0119 4820 W32Time - ok
12:02:01.0139 4820 WacomPen (4e9440f4f152a7b944cb1663d3935a3e) C:\Windows\system32\drivers\wacompen.sys
12:02:01.0139 4820 WacomPen - ok
12:02:01.0159 4820 WANARP (356afd78a6ed4457169241ac3965230c) C:\Windows\system32\DRIVERS\wanarp.sys
12:02:01.0159 4820 WANARP - ok
12:02:01.0159 4820 Wanarpv6 (356afd78a6ed4457169241ac3965230c) C:\Windows\system32\DRIVERS\wanarp.sys
12:02:01.0159 4820 Wanarpv6 - ok
12:02:01.0259 4820 wbengine (78f4e7f5c56cb9716238eb57da4b6a75) C:\Windows\system32\wbengine.exe
12:02:01.0309 4820 wbengine - ok
12:02:01.0369 4820 WbioSrvc (3aa101e8edab2db4131333f4325c76a3) C:\Windows\System32\wbiosrvc.dll
12:02:01.0369 4820 WbioSrvc - ok
12:02:01.0399 4820 wcncsvc (7368a2afd46e5a4481d1de9d14848edd) C:\Windows\System32\wcncsvc.dll
12:02:01.0399 4820 wcncsvc - ok
12:02:01.0409 4820 WcsPlugInService (20f7441334b18cee52027661df4a6129) C:\Windows\System32\WcsPlugInService.dll
12:02:01.0409 4820 WcsPlugInService - ok
12:02:01.0429 4820 Wd (72889e16ff12ba0f235467d6091b17dc) C:\Windows\system32\drivers\wd.sys
12:02:01.0429 4820 Wd - ok
12:02:01.0469 4820 Wdf01000 (441bd2d7b4f98134c3a4f9fa570fd250) C:\Windows\system32\drivers\Wdf01000.sys
12:02:01.0469 4820 Wdf01000 - ok
12:02:01.0489 4820 WdiServiceHost (bf1fc3f79b863c914687a737c2f3d681) C:\Windows\system32\wdi.dll
12:02:01.0489 4820 WdiServiceHost - ok
12:02:01.0499 4820 WdiSystemHost (bf1fc3f79b863c914687a737c2f3d681) C:\Windows\system32\wdi.dll
12:02:01.0499 4820 WdiSystemHost - ok
12:02:01.0519 4820 WebClient (3db6d04e1c64272f8b14eb8bc4616280) C:\Windows\System32\webclnt.dll
12:02:01.0519 4820 WebClient - ok
12:02:01.0549 4820 Wecsvc (c749025a679c5103e575e3b48e092c43) C:\Windows\system32\wecsvc.dll
12:02:01.0549 4820 Wecsvc - ok
12:02:01.0559 4820 wercplsupport (7e591867422dc788b9e5bd337a669a08) C:\Windows\System32\wercplsupport.dll
12:02:01.0559 4820 wercplsupport - ok
12:02:01.0589 4820 WerSvc (6d137963730144698cbd10f202e9f251) C:\Windows\System32\WerSvc.dll
12:02:01.0589 4820 WerSvc - ok
12:02:01.0609 4820 WfpLwf (611b23304bf067451a9fdee01fbdd725) C:\Windows\system32\DRIVERS\wfplwf.sys
12:02:01.0609 4820 WfpLwf - ok
12:02:01.0609 4820 WIMMount (05ecaec3e4529a7153b3136ceb49f0ec) C:\Windows\system32\drivers\wimmount.sys
12:02:01.0609 4820 WIMMount - ok
12:02:01.0619 4820 WinHttpAutoProxySvc - ok
12:02:01.0669 4820 Winmgmt (19b07e7e8915d701225da41cb3877306) C:\Windows\system32\wbem\WMIsvc.dll
12:02:01.0679 4820 Winmgmt - ok
12:02:01.0779 4820 WinRM (bcb1310604aa415c4508708975b3931e) C:\Windows\system32\WsmSvc.dll
12:02:01.0819 4820 WinRM - ok
12:02:01.0939 4820 Wlansvc (4fada86e62f18a1b2f42ba18ae24e6aa) C:\Windows\System32\wlansvc.dll
12:02:01.0949 4820 Wlansvc - ok
12:02:01.0969 4820 WmiAcpi (f6ff8944478594d0e414d3f048f0d778) C:\Windows\system32\drivers\wmiacpi.sys
12:02:01.0969 4820 WmiAcpi - ok
12:02:01.0989 4820 wmiApSrv (38b84c94c5a8af291adfea478ae54f93) C:\Windows\system32\wbem\WmiApSrv.exe
12:02:01.0989 4820 wmiApSrv - ok
12:02:02.0009 4820 WMPNetworkSvc - ok
12:02:02.0029 4820 WPCSvc (96c6e7100d724c69fcf9e7bf590d1dca) C:\Windows\System32\wpcsvc.dll
12:02:02.0029 4820 WPCSvc - ok
12:02:02.0049 4820 WPDBusEnum (93221146d4ebbf314c29b23cd6cc391d) C:\Windows\system32\wpdbusenum.dll
12:02:02.0049 4820 WPDBusEnum - ok
12:02:02.0059 4820 ws2ifsl (6bcc1d7d2fd2453957c5479a32364e52) C:\Windows\system32\drivers\ws2ifsl.sys
12:02:02.0059 4820 ws2ifsl - ok
12:02:02.0059 4820 WSearch - ok
12:02:02.0189 4820 wuauserv (9df12edbc698b0bc353b3ef84861e430) C:\Windows\system32\wuaueng.dll
12:02:02.0229 4820 wuauserv - ok
12:02:02.0269 4820 WudfPf (d3381dc54c34d79b22cee0d65ba91b7c) C:\Windows\system32\drivers\WudfPf.sys
12:02:02.0279 4820 WudfPf - ok
12:02:02.0299 4820 WUDFRd (cf8d590be3373029d57af80914190682) C:\Windows\system32\DRIVERS\WUDFRd.sys
12:02:02.0299 4820 WUDFRd - ok
12:02:02.0309 4820 wudfsvc (7a95c95b6c4cf292d689106bcae49543) C:\Windows\System32\WUDFSvc.dll
12:02:02.0319 4820 wudfsvc - ok
12:02:02.0339 4820 WwanSvc (9a3452b3c2a46c073166c5cf49fad1ae) C:\Windows\System32\wwansvc.dll
12:02:02.0339 4820 WwanSvc - ok
12:02:02.0359 4820 ============================================================
12:02:02.0359 4820 Scan finished
12:02:02.0359 4820 ============================================================
12:02:02.0369 4864 Detected object count: 0
12:02:02.0369 4864 Actual detected object count: 0
12:15:17.0899 4372 Deinitialize success

Psychotic · 12.06.2012, 13:21

Combofix

Combofix darf ausschließlich ausgeführt werden, wenn dies von einem Team Mitglied angewiesen wurde!
Es sollte nie auf eigene Initiative hin ausgeführt werden! Eine falsche Benutzung kann ernsthafte Computerprobleme nach sich ziehen und eine Bereinigung der Infektion noch erschweren.

Downloade dir bitte Combofix von einem dieser Downloadspiegel

Link 1
Link 2

WICHTIG - Speichere Combofix auf deinem Desktop

Deaktiviere bitte all deine Anti Viren sowie Anti Malware/Spyware Scanner. Diese können Combofix bei der Arbeit stören.

Starte die Combofix.exe und folge den Anweisungen auf dem Bildschirm.

Wenn Combofix fertig ist, wird es eine Logfile erstellen. Bitte poste die C:\Combofix.txt in deiner nächsten Antwort.

Hinweis: Solltest du nach dem Neustart folgende Fehlermeldung erhalten

Zitat:

Es wurde versucht, einen Registrierungsschlüssel einem ungültigen Vorgang zu unterziehen, der zum Löschen markiert wurde.

starte den Rechner einfach neu. Dies sollte das Problem beheben.

JohannesW · 12.06.2012, 13:52

hm.... wie deaktiviere ich anti vir, habe mich im netz etwas umgeschaut, aber nichts passendes gefunden.

Psychotic · 12.06.2012, 13:55

Ich würde dir sowieso zu einem anderen freien Antivirenprogramm raten, du kansnt es also auch gleich deinstallieren.

Wenn du daran festhalten willst, mach einen Rechtsklick auf den Schirm in der Taskleiste und wähle dein Eintrag "Guard", der mit einem Häkchen versehen ist

Daraufhin wird der Schirm zugeklappt erscheinen.

sollte Combofix dennoch meckern, ignoriere dies!

JohannesW · 12.06.2012, 15:28

Ich habe Antivir deinstalliert.

Ich habe Combofix ausgeführt, auf desktop gespeichert usw.
Problem, den Anweisungen kann ich nicht folgen, da die Fenster nur kurz aufblitzen und zu schnell wieder verschwinden.

Habe dennoch nachgeschaut ob ein txt erstellt wurde, es ist nichts vorhanden.

Psychotic · 12.06.2012, 15:31

Auweia...das scheint eine neuere Variante zu sein.

Starte den Rechner im abgesicherten Modus mit Netzwerktreibern und versuche es dort erneut!

Abgesicherter Modus zur Bereinigung

Windows mit F8-Taste beim Start in den abgesicherten Modus bringen.
Starte den Rechner in den abgesicherten Modus mit Netzwerktreibern:

JohannesW · 12.06.2012, 16:02

so hat es jetzt funktioniert, combofix sagte zwar das antivir da ist, aber ich hatte es ja deinstalliert.

Combofix Logfile:

Code:

ATTFilter

ComboFix 12-06-12.01 - Johannes 12.06.2012  16:46:02.1.4 - x64
Microsoft Windows 7 Home Premium   6.1.7601.1.1252.49.1031.18.8190.7128 [GMT 2:00]
ausgeführt von:: c:\users\Johannes\Desktop\ComboFix.exe
SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
 * Neuer Wiederherstellungspunkt wurde erstellt
.
.
((((((((((((((((((((((((((((((((((((   Weitere Löschungen   ))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\windows\Installer\{e79ba9b2-0c9b-00f6-48ff-98b0d7678963}\@
c:\windows\Installer\{e79ba9b2-0c9b-00f6-48ff-98b0d7678963}\U\00000001.@
c:\windows\Installer\{e79ba9b2-0c9b-00f6-48ff-98b0d7678963}\U\80000000.@
c:\windows\Installer\{e79ba9b2-0c9b-00f6-48ff-98b0d7678963}\U\800000cb.@
.
Infizierte Kopie von c:\windows\system32\services.exe wurde gefunden und desinfiziert 
Kopie von - c:\windows\winsxs\amd64_microsoft-windows-s..s-servicecontroller_31bf3856ad364e35_6.1.7600.16385_none_2b54b20ee6fa07b1\services.exe wurde wiederhergestellt 
.
.
(((((((((((((((((((((((   Dateien erstellt von 2012-05-12 bis 2012-06-12  ))))))))))))))))))))))))))))))
.
.
2012-06-12 14:02 . 2012-06-12 14:02	--------	d-sh--w-	c:\windows\system32\%APPDATA%
2012-06-06 20:58 . 2012-06-06 20:58	70304	----a-w-	c:\windows\SysWow64\FlashPlayerCPLApp.cpl
2012-06-06 20:58 . 2012-06-06 20:58	419488	----a-w-	c:\windows\SysWow64\FlashPlayerApp.exe
2012-06-05 11:27 . 2012-06-05 11:27	8744608	----a-w-	c:\windows\SysWow64\FlashPlayerInstaller.exe
2012-06-05 06:54 . 2012-05-08 17:02	8955792	----a-w-	c:\programdata\Microsoft\Windows Defender\Definition Updates\{FBE83FDB-C5D3-4AAE-B8F5-E1BA5D1786D4}\mpengine.dll
2012-05-27 16:43 . 2012-05-27 16:43	--------	d-----w-	c:\program files (x86)\Mozilla Maintenance Service
2012-05-27 16:42 . 2012-05-27 16:42	157352	----a-w-	c:\program files (x86)\Mozilla Firefox\maintenanceservice_installer.exe
2012-05-27 16:42 . 2012-05-27 16:42	129976	----a-w-	c:\program files (x86)\Mozilla Firefox\maintenanceservice.exe
2012-05-20 18:29 . 2012-05-20 18:29	--------	d-----w-	c:\program files\MOTU
2012-05-20 18:29 . 2012-05-20 18:29	--------	d-----w-	c:\program files (x86)\MOTU
.
.
.
((((((((((((((((((((((((((((((((((((   Find3M Bericht   ))))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2012-04-26 14:50 . 2012-04-26 14:50	29808	----a-w-	c:\windows\system32\drivers\motubus64.sys
2012-04-26 14:50 . 2012-04-26 14:50	32368	----a-w-	c:\windows\system32\drivers\mfwamidi64.sys
2012-04-26 14:50 . 2012-04-26 14:50	608368	----a-w-	c:\windows\system32\drivers\MotuFWA64.sys
2012-04-26 14:50 . 2012-04-26 14:50	82544	----a-w-	c:\windows\system32\drivers\mfwawave64.sys
2012-03-31 06:05 . 2012-05-10 12:09	5559664	----a-w-	c:\windows\system32\ntoskrnl.exe
2012-03-31 04:39 . 2012-05-10 12:09	3968368	----a-w-	c:\windows\SysWow64\ntkrnlpa.exe
2012-03-31 04:39 . 2012-05-10 12:09	3913072	----a-w-	c:\windows\SysWow64\ntoskrnl.exe
2012-03-31 03:10 . 2012-05-10 12:09	3146240	----a-w-	c:\windows\system32\win32k.sys
2012-03-30 11:35 . 2012-05-10 12:08	1918320	----a-w-	c:\windows\system32\drivers\tcpip.sys
2012-03-17 07:58 . 2012-05-10 12:08	75120	----a-w-	c:\windows\system32\drivers\partmgr.sys
.
.
((((((((((((((((((((((((((((   Autostartpunkte der Registrierung   ))))))))))))))))))))))))))))))))))))))))
.
.
*Hinweis* leere Einträge & legitime Standardeinträge werden nicht angezeigt. 
REGEDIT4
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Skype"="c:\program files (x86)\Skype\Phone\Skype.exe" [2012-02-29 17148552]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
"AVMWlanClient"="c:\program files (x86)\avmwlanstick\wlangui.exe" [2010-10-22 2105344]
"SunJavaUpdateSched"="c:\program files (x86)\Common Files\Java\Java Update\jusched.exe" [2011-06-09 254696]
"Adobe ARM"="c:\program files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2012-01-03 843712]
"Lexmark 9500 Series"="c:\program files (x86)\Lexmark 9500 Series\fm3032.exe" [2007-09-18 307200]
.
c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
MOTU Pedal Service.lnk - c:\program files (x86)\MOTU\Audio\MFWAKeys.exe [2012-4-26 1457520]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 5 (0x5)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableUIADesktopToggle"= 0 (0x0)
.
R2 gupdate;Google Update Service (gupdate);c:\program files (x86)\Google\Update\GoogleUpdate.exe [2012-01-20 136176]
R2 lxdoCATSCustConnectService;lxdoCATSCustConnectService;c:\windows\system32\spool\DRIVERS\x64\3\\lxdoserv.exe [2007-07-17 28672]
R2 SkypeUpdate;Skype Updater;c:\program files (x86)\Skype\Updater\Updater.exe [2012-02-29 158856]
R3 AdobeFlashPlayerUpdateSvc;Adobe Flash Player Update Service;c:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2012-06-06 257696]
R3 avmeject;AVM Eject;c:\windows\system32\drivers\avmeject.sys [x]
R3 FWLANUSB;AVM FRITZ!WLAN;c:\windows\system32\DRIVERS\fwlanusb.sys [x]
R3 gupdatem;Google Update-Dienst (gupdatem);c:\program files (x86)\Google\Update\GoogleUpdate.exe [2012-01-20 136176]
R3 MFWAMIDI64;MOTU Audio MIDI for 64 bit;c:\windows\system32\drivers\MFWAMIDI64.sys [x]
R3 MFWAWAVE64;MOTU Audio Wave for 64 bit;c:\windows\system32\drivers\MFWAWAVE64.sys [x]
R3 MotuFWA64;MotuFWA64;c:\windows\system32\drivers\Motufwa64.sys [x]
R3 MozillaMaintenance;Mozilla Maintenance Service;c:\program files (x86)\Mozilla Maintenance Service\maintenanceservice.exe [2012-05-27 129976]
R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys [x]
R3 TsUsbGD;Remote Desktop Generic USB Device;c:\windows\system32\drivers\TsUsbGD.sys [x]
S2 AdobeARMservice;Adobe Acrobat Update Service;c:\program files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe [2012-01-03 63928]
S2 lxdo_device;lxdo_device;c:\windows\system32\lxdocoms.exe [2007-09-20 1039360]
S2 NVIDIA Performance Driver Service;NVIDIA Performance Driver Service;c:\program files\NVIDIA Corporation\Performance Drivers\nvPDsvc.exe [2010-04-30 6237800]
S3 motubus;MOTU Audio MIDI Extension;c:\windows\system32\drivers\MotuBus64.sys [x]
.
.
Inhalt des "geplante Tasks" Ordners
.
2012-06-12 c:\windows\Tasks\Adobe Flash Player Updater.job
- c:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2012-06-06 20:58]
.
2012-06-12 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2012-01-20 22:52]
.
2012-06-12 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2012-01-20 22:52]
.
.
--------- X64 Entries -----------
.
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"WrtMon.exe"="c:\windows\system32\spool\drivers\x64\3\WrtMon.exe" [2007-04-11 26704]
"lxdomon.exe"="c:\program files (x86)\Lexmark 9500 Series\lxdomon.exe" [2007-09-06 450560]
"lxdoamon"="c:\program files (x86)\Lexmark 9500 Series\lxdoamon.exe" [2007-08-10 20480]
"nwiz"="c:\program files\NVIDIA Corporation\nView\nwiz.exe" [2010-07-07 1875048]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows]
"LoadAppInit_DLLs"=0x0
.
------- Zusätzlicher Suchlauf -------
.
uLocal Page = c:\windows\system32\blank.htm
mLocal Page = c:\windows\SysWOW64\blank.htm
IE: Nach Microsoft &Excel exportieren - c:\progra~2\MICROS~1\OFFICE11\EXCEL.EXE/3000
TCP: DhcpNameServer = 192.168.178.1
DPF: {DAF94F73-2AA6-44D8-A562-A28831820D34} - hxxp://www.pixum.de/apps/EasyUploadX.cab
FF - ProfilePath - c:\users\Johannes\AppData\Roaming\Mozilla\Firefox\Profiles\5bxq7oux.default\
FF - prefs.js: browser.startup.homepage - hxxp://www.google.de/
FF - prefs.js: network.proxy.type - 0
.
- - - - Entfernte verwaiste Registrierungseinträge - - - -
.
Wow6432Node-HKCU-Run-RESTART_STICKY_NOTES - c:\windows\System32\StikyNot.exe
AddRemove-JForex Client - c:\windows\system32\javaws.exe
.
.
.
--------------------- Gesperrte Registrierungsschluessel ---------------------
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_2_202_235_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\LocalServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_2_202_235_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Shockwave Flash Object"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_2_202_235.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]
@="0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]
@="ShockwaveFlash.ShockwaveFlash.11"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_2_202_235.ocx, 1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="ShockwaveFlash.ShockwaveFlash"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Macromedia Flash Factory Object"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_2_202_235.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]
@="FlashFactory.FlashFactory.1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_2_202_235.ocx, 1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="FlashFactory.FlashFactory"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}]
@Denied: (A 2) (Everyone)
@="IFlashBroker4"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\LocalSystem\Components\°÷*]
"7040211900063D11C8EF10054038389C"="C?\\Windows\\SysWOW64\\FM20ENU.DLL"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
------------------------ Weitere laufende Prozesse ------------------------
.
c:\program files (x86)\avmwlanstick\WlanNetService.exe
.
**************************************************************************
.
Zeit der Fertigstellung: 2012-06-12  16:54:14 - PC wurde neu gestartet
ComboFix-quarantined-files.txt  2012-06-12 14:54
.
Vor Suchlauf: 8 Verzeichnis(se), 139.014.762.496 Bytes frei
Nach Suchlauf: 14 Verzeichnis(se), 139.832.729.600 Bytes frei
.
- - End Of File - - 9B5FB378CF642494C027C136FEAA190C

--- --- ---

Psychotic · 13.06.2012, 06:40

CF-Script

Hinweis für Mitleser:
Folgendes ComboFix Skript ist ausschließlich für diesen User in dieser Situtation erstellt worden.
Auf keinen Fall auf anderen Rechnern anwenden, das kann andere Systeme nachhaltig schädigen!

Lösche die vorhandene Combofix.exe von deinem Desktop und lade das Programm von einem der folgenden Download-Spiegel neu herunter:

BleepingComputer.com - ForoSpyware.com

und speichere es erneut auf dem Desktop (nicht woanders hin, das ist wichtig)!

Drücke die Windows + R Taste --> Notepad (hinein schreiben) --> OK

Kopiere nun den Text aus der folgenden Codebox komplett in das leere Textdokument.

Code:

ATTFilter

DIRLOOK::
c:\users\Johannes\AppData\local\{e79ba9b2-0c9b-00f6-48ff-98b0d7678963}

Speichere dies als CFScript.txt auf Deinem Desktop.

Wichtig:

Stelle deine Anti Viren Software temprär ab. Dies kann ComboFix nämlich bei der Arbeit behindern.
Danach wieder anstellen nicht vergessen!
Bewege nicht die Maus über das ComboFix-Fenster oder klicke in dieses hinein.
Dies kann dazu führen, dass ComboFix sich aufhängt.
Schließe alle laufenden Programme. Gehe sicher das ComboFix ungehindert arbeiten kann.
Mache nichts am PC solange ComboFix läuft.

In Bezug auf obiges Bild, ziehe CFScript.txt in die ComboFix.exe
Wenn ComboFix fertig ist, wird es ein Log erstellen, C:\ComboFix.txt. Bitte füge es hier als Antwort ein.

Falls im Skript die Anweisung Suspect:: oder Collect:: enthalten ist, wird eine Message-Box erscheinen, nachdem Combofix fertig ist. Klicke OK und folge den Aufforderungen/Anweisungen, um die Dateien hochzuladen.

JohannesW · 13.06.2012, 13:25

Hier die Datei.

Combofix Logfile:

Code:

ATTFilter

ComboFix 12-06-13.01 - Johannes 13.06.2012  14:11:54.3.4 - x64
Microsoft Windows 7 Home Premium   6.1.7601.1.1252.49.1031.18.8190.6960 [GMT 2:00]
ausgeführt von:: c:\users\Johannes\Desktop\ComboFix.exe
Benutzte Befehlsschalter :: c:\users\Johannes\Desktop\CFScript.txt
SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
.
(((((((((((((((((((((((   Dateien erstellt von 2012-05-13 bis 2012-06-13  ))))))))))))))))))))))))))))))
.
.
2012-06-13 12:14 . 2012-06-13 12:14	--------	d-----w-	c:\users\Default\AppData\Local\temp
2012-06-12 14:02 . 2012-06-12 14:02	--------	d-sh--w-	c:\windows\system32\%APPDATA%
2012-06-06 20:58 . 2012-06-06 20:58	70304	----a-w-	c:\windows\SysWow64\FlashPlayerCPLApp.cpl
2012-06-06 20:58 . 2012-06-06 20:58	419488	----a-w-	c:\windows\SysWow64\FlashPlayerApp.exe
2012-06-05 11:27 . 2012-06-05 11:27	8744608	----a-w-	c:\windows\SysWow64\FlashPlayerInstaller.exe
2012-06-05 06:54 . 2012-05-08 17:02	8955792	----a-w-	c:\programdata\Microsoft\Windows Defender\Definition Updates\{FBE83FDB-C5D3-4AAE-B8F5-E1BA5D1786D4}\mpengine.dll
2012-05-27 16:43 . 2012-05-27 16:43	--------	d-----w-	c:\program files (x86)\Mozilla Maintenance Service
2012-05-27 16:42 . 2012-05-27 16:42	157352	----a-w-	c:\program files (x86)\Mozilla Firefox\maintenanceservice_installer.exe
2012-05-27 16:42 . 2012-05-27 16:42	129976	----a-w-	c:\program files (x86)\Mozilla Firefox\maintenanceservice.exe
2012-05-20 18:29 . 2012-05-20 18:29	--------	d-----w-	c:\program files\MOTU
2012-05-20 18:29 . 2012-05-20 18:29	--------	d-----w-	c:\program files (x86)\MOTU
.
.
.
((((((((((((((((((((((((((((((((((((   Find3M Bericht   ))))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2012-04-26 14:50 . 2012-04-26 14:50	29808	----a-w-	c:\windows\system32\drivers\motubus64.sys
2012-04-26 14:50 . 2012-04-26 14:50	32368	----a-w-	c:\windows\system32\drivers\mfwamidi64.sys
2012-04-26 14:50 . 2012-04-26 14:50	608368	----a-w-	c:\windows\system32\drivers\MotuFWA64.sys
2012-04-26 14:50 . 2012-04-26 14:50	82544	----a-w-	c:\windows\system32\drivers\mfwawave64.sys
2012-03-31 06:05 . 2012-05-10 12:09	5559664	----a-w-	c:\windows\system32\ntoskrnl.exe
2012-03-31 04:39 . 2012-05-10 12:09	3968368	----a-w-	c:\windows\SysWow64\ntkrnlpa.exe
2012-03-31 04:39 . 2012-05-10 12:09	3913072	----a-w-	c:\windows\SysWow64\ntoskrnl.exe
2012-03-31 03:10 . 2012-05-10 12:09	3146240	----a-w-	c:\windows\system32\win32k.sys
2012-03-30 11:35 . 2012-05-10 12:08	1918320	----a-w-	c:\windows\system32\drivers\tcpip.sys
2012-03-17 07:58 . 2012-05-10 12:08	75120	----a-w-	c:\windows\system32\drivers\partmgr.sys
.
.
((((((((((((((((((((((((((((((((((((((((((((   Look   )))))))))))))))))))))))))))))))))))))))))))))))))))))))))
.
---- Directory of c:\users\Johannes\AppData\local\{e79ba9b2-0c9b-00f6-48ff-98b0d7678963} ----
.
2012-01-11 19:49 . 2012-06-05 14:22	2048	--sha-w-	c:\users\Johannes\AppData\local\{e79ba9b2-0c9b-00f6-48ff-98b0d7678963}\@
.
.
(((((((((((((((((((((((((((((   SnapShot@2012-06-12_14.51.31   )))))))))))))))))))))))))))))))))))))))))
.
+ 2010-11-21 03:09 . 2012-06-13 12:01	34806              c:\windows\system32\wdi\ShutdownPerformanceDiagnostics_SystemData.bin
+ 2009-07-14 05:10 . 2012-06-13 12:01	35578              c:\windows\system32\wdi\BootPerformanceDiagnostics_SystemData.bin
- 2011-12-30 11:49 . 2012-06-12 14:32	81920              c:\windows\system32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
+ 2011-12-30 11:49 . 2012-06-13 06:28	81920              c:\windows\system32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
- 2011-12-30 11:02 . 2012-06-12 13:57	3268              c:\windows\system32\wdi\ERCQueuedResolutions.dat
+ 2011-12-30 11:02 . 2012-06-13 12:14	3268              c:\windows\system32\wdi\ERCQueuedResolutions.dat
+ 2011-12-30 11:05 . 2012-06-13 12:01	6772              c:\windows\system32\wdi\{86432a0b-3c7d-4ddf-a89c-172faa90485d}\S-1-5-21-3228444709-2545533906-2848915045-1000_UserData.bin
+ 2012-06-13 12:16 . 2012-06-13 12:16	2048              c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive1.dat
- 2012-06-12 14:51 . 2012-06-12 14:51	2048              c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive1.dat
- 2012-06-12 14:51 . 2012-06-12 14:51	2048              c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive0.dat
+ 2012-06-13 12:16 . 2012-06-13 12:16	2048              c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive0.dat
+ 2012-01-05 22:01 . 2012-06-13 07:24	261730              c:\windows\system32\wdi\SuspendPerformanceDiagnostics_SystemData_FastS4.bin
- 2009-07-14 02:36 . 2012-06-12 14:45	606992              c:\windows\system32\perfh009.dat
+ 2009-07-14 02:36 . 2012-06-13 12:04	606992              c:\windows\system32\perfh009.dat
- 2011-04-12 07:43 . 2012-06-12 14:45	643628              c:\windows\system32\perfh007.dat
+ 2011-04-12 07:43 . 2012-06-13 12:04	643628              c:\windows\system32\perfh007.dat
- 2009-07-14 02:36 . 2012-06-12 14:45	103370              c:\windows\system32\perfc009.dat
+ 2009-07-14 02:36 . 2012-06-13 12:04	103370              c:\windows\system32\perfc009.dat
+ 2011-04-12 07:43 . 2012-06-13 12:04	126188              c:\windows\system32\perfc007.dat
- 2011-04-12 07:43 . 2012-06-12 14:45	126188              c:\windows\system32\perfc007.dat
+ 2009-07-14 04:54 . 2012-06-13 06:28	262144              c:\windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
- 2009-07-14 04:54 . 2012-06-12 14:32	262144              c:\windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
+ 2009-07-14 05:01 . 2012-06-13 12:14	252844              c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache-System.dat
- 2009-07-14 05:01 . 2012-06-12 14:49	252844              c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache-System.dat
+ 2011-12-30 11:49 . 2012-06-13 06:28	1441792              c:\windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat
- 2011-12-30 11:49 . 2012-06-12 14:32	1441792              c:\windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat
+ 2012-01-04 22:12 . 2012-06-13 12:14	11509979              c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache-S-1-5-21-3228444709-2545533906-2848915045-1000-8192.dat
.
((((((((((((((((((((((((((((   Autostartpunkte der Registrierung   ))))))))))))))))))))))))))))))))))))))))
.
.
*Hinweis* leere Einträge & legitime Standardeinträge werden nicht angezeigt. 
REGEDIT4
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Skype"="c:\program files (x86)\Skype\Phone\Skype.exe" [2012-02-29 17148552]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
"AVMWlanClient"="c:\program files (x86)\avmwlanstick\wlangui.exe" [2010-10-22 2105344]
"SunJavaUpdateSched"="c:\program files (x86)\Common Files\Java\Java Update\jusched.exe" [2011-06-09 254696]
"Adobe ARM"="c:\program files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2012-01-03 843712]
"Lexmark 9500 Series"="c:\program files (x86)\Lexmark 9500 Series\fm3032.exe" [2007-09-18 307200]
.
c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
MOTU Pedal Service.lnk - c:\program files (x86)\MOTU\Audio\MFWAKeys.exe [2012-4-26 1457520]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 5 (0x5)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableUIADesktopToggle"= 0 (0x0)
.
R2 gupdate;Google Update Service (gupdate);c:\program files (x86)\Google\Update\GoogleUpdate.exe [2012-01-20 136176]
R2 lxdoCATSCustConnectService;lxdoCATSCustConnectService;c:\windows\system32\spool\DRIVERS\x64\3\\lxdoserv.exe [2007-07-17 28672]
R3 AdobeFlashPlayerUpdateSvc;Adobe Flash Player Update Service;c:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2012-06-06 257696]
R3 avmeject;AVM Eject;c:\windows\system32\drivers\avmeject.sys [x]
R3 FWLANUSB;AVM FRITZ!WLAN;c:\windows\system32\DRIVERS\fwlanusb.sys [x]
R3 gupdatem;Google Update-Dienst (gupdatem);c:\program files (x86)\Google\Update\GoogleUpdate.exe [2012-01-20 136176]
R3 MozillaMaintenance;Mozilla Maintenance Service;c:\program files (x86)\Mozilla Maintenance Service\maintenanceservice.exe [2012-05-27 129976]
R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys [x]
R3 TsUsbGD;Remote Desktop Generic USB Device;c:\windows\system32\drivers\TsUsbGD.sys [x]
S2 AdobeARMservice;Adobe Acrobat Update Service;c:\program files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe [2012-01-03 63928]
S2 lxdo_device;lxdo_device;c:\windows\system32\lxdocoms.exe [2007-09-20 1039360]
S2 NVIDIA Performance Driver Service;NVIDIA Performance Driver Service;c:\program files\NVIDIA Corporation\Performance Drivers\nvPDsvc.exe [2010-04-30 6237800]
S2 SkypeUpdate;Skype Updater;c:\program files (x86)\Skype\Updater\Updater.exe [2012-02-29 158856]
S3 MFWAMIDI64;MOTU Audio MIDI for 64 bit;c:\windows\system32\drivers\MFWAMIDI64.sys [x]
S3 MFWAWAVE64;MOTU Audio Wave for 64 bit;c:\windows\system32\drivers\MFWAWAVE64.sys [x]
S3 motubus;MOTU Audio MIDI Extension;c:\windows\system32\drivers\MotuBus64.sys [x]
S3 MotuFWA64;MotuFWA64;c:\windows\system32\drivers\Motufwa64.sys [x]
.
.
Inhalt des "geplante Tasks" Ordners
.
2012-06-13 c:\windows\Tasks\Adobe Flash Player Updater.job
- c:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2012-06-06 20:58]
.
2012-06-13 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2012-01-20 22:52]
.
2012-06-13 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2012-01-20 22:52]
.
.
--------- X64 Entries -----------
.
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"WrtMon.exe"="c:\windows\system32\spool\drivers\x64\3\WrtMon.exe" [2007-04-11 26704]
"lxdomon.exe"="c:\program files (x86)\Lexmark 9500 Series\lxdomon.exe" [2007-09-06 450560]
"lxdoamon"="c:\program files (x86)\Lexmark 9500 Series\lxdoamon.exe" [2007-08-10 20480]
"nwiz"="c:\program files\NVIDIA Corporation\nView\nwiz.exe" [2010-07-07 1875048]
.
------- Zusätzlicher Suchlauf -------
.
uLocal Page = c:\windows\system32\blank.htm
mLocal Page = c:\windows\SysWOW64\blank.htm
IE: Nach Microsoft &Excel exportieren - c:\progra~2\MICROS~1\OFFICE11\EXCEL.EXE/3000
TCP: DhcpNameServer = 192.168.178.1
DPF: {DAF94F73-2AA6-44D8-A562-A28831820D34} - hxxp://www.pixum.de/apps/EasyUploadX.cab
FF - ProfilePath - c:\users\Johannes\AppData\Roaming\Mozilla\Firefox\Profiles\5bxq7oux.default\
FF - prefs.js: browser.startup.homepage - hxxp://www.google.de/
FF - prefs.js: network.proxy.type - 0
.
.
--------------------- Gesperrte Registrierungsschluessel ---------------------
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_2_202_235_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\LocalServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_2_202_235_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Shockwave Flash Object"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_2_202_235.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]
@="0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]
@="ShockwaveFlash.ShockwaveFlash.11"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_2_202_235.ocx, 1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="ShockwaveFlash.ShockwaveFlash"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Macromedia Flash Factory Object"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_2_202_235.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]
@="FlashFactory.FlashFactory.1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_2_202_235.ocx, 1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="FlashFactory.FlashFactory"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}]
@Denied: (A 2) (Everyone)
@="IFlashBroker4"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\LocalSystem\Components\°÷*]
"7040211900063D11C8EF10054038389C"="C?\\Windows\\SysWOW64\\FM20ENU.DLL"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
------------------------ Weitere laufende Prozesse ------------------------
.
c:\program files (x86)\avmwlanstick\WlanNetService.exe
.
**************************************************************************
.
Zeit der Fertigstellung: 2012-06-13  14:18:42 - PC wurde neu gestartet
ComboFix-quarantined-files.txt  2012-06-13 12:18
ComboFix2.txt  2012-06-13 11:43
ComboFix3.txt  2012-06-12 14:54
.
Vor Suchlauf: 13 Verzeichnis(se), 138.365.923.328 Bytes frei
Nach Suchlauf: 14 Verzeichnis(se), 138.286.370.816 Bytes frei
.
- - End Of File - - 9F49B13908D51A08AECB2CF752043226

--- --- ---

Psychotic · 14.06.2012, 07:19

Schritt 1: CF-Script

Hinweis für Mitleser:
Folgendes ComboFix Skript ist ausschließlich für diesen User in dieser Situtation erstellt worden.
Auf keinen Fall auf anderen Rechnern anwenden, das kann andere Systeme nachhaltig schädigen!

Lösche die vorhandene Combofix.exe von deinem Desktop und lade das Programm von einem der folgenden Download-Spiegel neu herunter:

BleepingComputer.com - ForoSpyware.com

und speichere es erneut auf dem Desktop (nicht woanders hin, das ist wichtig)!

Drücke die Windows + R Taste --> Notepad (hinein schreiben) --> OK

Kopiere nun den Text aus der folgenden Codebox komplett in das leere Textdokument.

Code:

ATTFilter

FOLDER::
c:\users\Johannes\AppData\local\{e79ba9b2-0c9b-00f6-48ff-98b0d7678963}\@
CLEARJAVACACHE::

Speichere dies als CFScript.txt auf Deinem Desktop.

Wichtig:

Stelle deine Anti Viren Software temprär ab. Dies kann ComboFix nämlich bei der Arbeit behindern.
Danach wieder anstellen nicht vergessen!
Bewege nicht die Maus über das ComboFix-Fenster oder klicke in dieses hinein.
Dies kann dazu führen, dass ComboFix sich aufhängt.
Schließe alle laufenden Programme. Gehe sicher das ComboFix ungehindert arbeiten kann.
Mache nichts am PC solange ComboFix läuft.

In Bezug auf obiges Bild, ziehe CFScript.txt in die ComboFix.exe
Wenn ComboFix fertig ist, wird es ein Log erstellen, C:\ComboFix.txt. Bitte füge es hier als Antwort ein.

Falls im Skript die Anweisung Suspect:: oder Collect:: enthalten ist, wird eine Message-Box erscheinen, nachdem Combofix fertig ist. Klicke OK und folge den Aufforderungen/Anweisungen, um die Dateien hochzuladen.

Schritt 2: MBAM

Downloade Dir bitte Malwarebytes

Installiere das Programm in den vorgegebenen Pfad.
Vista und Win7 User mit Rechtsklick "als Administrator starten"
Starte Malwarebytes, klicke auf Aktualisierung --> Suche nach Aktualisierung
Wenn das Update beendet wurde, aktiviere Vollständigen Scan durchführen und drücke auf Scannen.(Hinweis: Alle Festplatten anhaken!
Wenn der Scan beendet ist, klicke auf Ergebnisse anzeigen.
Versichere Dich, dass alle Funde markiert sind und drücke Entferne Auswahl.
Poste das Logfile, welches sich in Notepad öffnet, hier in den Thread.
Nachträglich kannst du den Bericht unter "Log Dateien" finden.

JohannesW · 14.06.2012, 14:31

ich kann den kompierten text leider nicht abspeichern. auch nach einem neustart hat es nicht funktioniert.

welches anti virus programm würdest du jetzt empfehlen, da zurzeit nichts auf dem pc ist.

12.06.2012, 11:46	#4
Psychotic /// Malwareteam	TR/ATRAPS.Gen ; TR/ATRAPS.Gen2 Poste mir dennoch die Logdatei! __________________ Kein Asylrecht für Trojaner! Proud Member of UNITE Hinweis: Ich bin nur werktags erreichbar! Anfragen über PM werden ignoriert! Du bist zufrieden mit uns? Dann unterstütze das Trojaner-Board!

TR/ATRAPS.Gen ; TR/ATRAPS.Gen2

Plagegeister aller Art und deren Bekämpfung: TR/ATRAPS.Gen ; TR/ATRAPS.Gen2