Zurück   Trojaner-Board > Malware entfernen > Log-Analyse und Auswertung

Log-Analyse und Auswertung: Meldung: "Achtung! Aus Sicherheitsgründen wurde ihr Windowssystem gesperrt"

Windows 7 Wenn Du Dir einen Trojaner eingefangen hast oder ständig Viren Warnungen bekommst, kannst Du hier die Logs unserer Diagnose Tools zwecks Auswertung durch unsere Experten posten. Um Viren und Trojaner entfernen zu können, muss das infizierte System zuerst untersucht werden: Erste Schritte zur Hilfe. Beachte dass ein infiziertes System nicht vertrauenswürdig ist und bis zur vollständigen Entfernung der Malware nicht verwendet werden sollte.

Antwort
Alt 17.01.2012, 18:33   #1
GutenTag
 
Meldung: "Achtung! Aus Sicherheitsgründen wurde ihr Windowssystem gesperrt" - Standard

Meldung: "Achtung! Aus Sicherheitsgründen wurde ihr Windowssystem gesperrt"



Hallo miteinander, vielen dank schonmal im vorraus für jegliche hilfe!

Seit ein paar wochen ließ sich firefox nichtmehr updaten (laden dauerte einfach immer ewig und nichts geschah), ich hatte aber auch schon version 9.0 und fand es deshalb nicht so wichtig.
Am sonntag zeigte mein laptop die nachricht "Achtung! Aus Sicherheitsgründen wurde ihr System blockiert." Ich glaube mein Bild war folgende version:
hxxp://blog.teesupport.com/wp-content/uploads/2011/12/Achtung-Aus-Sicherheitsgr%C3%BCnden-wurde-Ihr-Windowssystem-blockiert-scam.bmp
Ich bin mir aber nicht mehr 100prozentig sicher ob es genau das bild war.

Ich habe dann zunächst die allerwichtigsten dateien gerettet, mit einer ubuntu live-cd. Als antivirenprogramm habe ich avira, das hatte nichts gemeldet. Ein scan mit Malwarebytes zeigte 2 treffer und folgendes log:
Code:
ATTFilter
Malwarebytes Anti-Malware 1.60.0.1800
www.malwarebytes.org

Datenbank Version: v2012.01.15.01

Windows 7 x64 NTFS
Internet Explorer 8.0.7600.16385
Stefan :: STEFAN-MSI [Administrator]

15.01.2012 16:52:27
mbam-log-2012-01-15 (18-17-31).txt

Art des Suchlaufs: Vollständiger Suchlauf
Aktivierte Suchlaufeinstellungen: Speicher | Autostart | Registrierung | Dateisystem | Heuristiks/Extra | HeuristiKs/Shuriken | PUP | PUM
Deaktivierte Suchlaufeinstellungen: P2P
Durchsuchte Objekte: 481837
Laufzeit: 1 Stunde(n), 23 Minute(n), 39 Sekunde(n)

Infizierte Speicherprozesse: 0
(Keine bösartigen Objekte gefunden)

Infizierte Speichermodule: 0
(Keine bösartigen Objekte gefunden)

Infizierte Registrierungsschlüssel: 0
(Keine bösartigen Objekte gefunden)

Infizierte Registrierungswerte: 0
(Keine bösartigen Objekte gefunden)

Infizierte Dateiobjekte der Registrierung: 0
(Keine bösartigen Objekte gefunden)

Infizierte Verzeichnisse: 1
C:\Program Files (x86)\RelevantKnowledge (Spyware.MarketScore) -> Keine Aktion durchgeführt.

Infizierte Dateien: 1
C:\Program Files (x86)\mozjs.dll (Spyware.OnlineGames) -> Keine Aktion durchgeführt.

(Ende)
         
(was angezeigt wurde habe ich eigentlich gelöscht (obwohl da steht keine aktion durchgeführt :-S) ).
Ich habe die namen der viren nicht in den titel aufgenommen, da ich fürchtete das das noch ganz andere waren.

Danach probierte ich die systemwiederherstellung, diese misslang. Firefox musste ich neu installieren, es ließ sich nicht mehr starten. Sonntag und montag habe ich dann erstmal nichts weiter unternommen, musste aber dennoch am laptop arbeiten, während dieser Zeit traten bis heute keine Symptome auf. Heute hab ich dann nochmal eine systemwiederherstellung aus dem abgesicherten modus probiert, das hat geklappt, habe dort auf den 13.01., also 2 tage vor dem ereignis zurückgesetzt.

Mein System ist windows 7- 64 Bit. Ich benutze avira (die freie version) und firefox, bis auf firefox (siehe oben) müsste alles ziemlich up to date gewesen sein, (jetzt sowieso), allerdings war der acrobat-reader wahrscheinlich schon etwas älter.

Ich habe jetzt den "defogger" ausgeführt und auch dieses "OTL". Hier die logfiles:
Code:
ATTFilter
defogger_disable by jpshortstuff (23.02.10.1)
Log created at 11:57 on 17/01/2012 (Stefan)

Checking for autostart values...
HKCU\~\Run values retrieved.
HKLM\~\Run values retrieved.

Checking for services/drivers...


-=E.O.F=-
         
Extras: (diese datei erschien bei mir nicht nach dem "quickscan", nur beim "scan", habe erstmal diese gepostet)
OTL Logfile:
Code:
ATTFilter
OTL Extras logfile created on: 1/17/2012 6:26:07 PM - Run 5
OTL by OldTimer - Version 3.2.31.0     Folder = C:\Users\Stefan\Desktop\virus
64bit- Home Premium Edition  (Version = 6.1.7600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.7600.16385)
Locale: 00000409 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
 
3.79 Gb Total Physical Memory | 2.41 Gb Available Physical Memory | 63.41% Memory free
7.59 Gb Paging File | 5.95 Gb Available in Paging File | 78.44% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 273.40 Gb Total Space | 179.11 Gb Free Space | 65.51% Space Free | Partition Type: NTFS
Drive D: | 180.26 Gb Total Space | 156.23 Gb Free Space | 86.66% Space Free | Partition Type: NTFS
Drive F: | 14.63 Gb Total Space | 14.56 Gb Free Space | 99.48% Space Free | Partition Type: FAT32
 
Computer Name: STEFAN-MSI | User Name: Stefan | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Include 64bit Scans
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days
 
========== Extra Registry (SafeList) ==========
 
 
========== File Associations ==========
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.url[@ = InternetShortcut] -- C:\windows\SysNative\rundll32.exe (Microsoft Corporation)
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- C:\windows\SysWow64\control.exe (Microsoft Corporation)
 
[HKEY_CURRENT_USER\SOFTWARE\Classes\<extension>]
.html [@ = FirefoxHTML] -- C:\Program Files (x86)\firefox.exe (Mozilla Corporation)
 
========== Shell Spawning ==========
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
InternetShortcut [open] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\ieframe.dll",OpenURL %l (Microsoft Corporation)
InternetShortcut [print] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\mshtml.dll",PrintHTML "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [AddToPlaylistVLC] -- "C:\Program Files (x86)\VideoLAN\VLC\vlc.exe" --started-from-file --playlist-enqueue "%1" ()
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [PlayWithVLC] -- "C:\Program Files (x86)\VideoLAN\VLC\vlc.exe" --started-from-file --no-playlist-enqueue "%1" ()
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [AddToPlaylistVLC] -- "C:\Program Files (x86)\VideoLAN\VLC\vlc.exe" --started-from-file --playlist-enqueue "%1" ()
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [PlayWithVLC] -- "C:\Program Files (x86)\VideoLAN\VLC\vlc.exe" --started-from-file --no-playlist-enqueue "%1" ()
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
 
========== Security Center Settings ==========
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 1
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"VistaSp1" = 28 4D B2 76 41 04 CA 01  [binary data]
"AntiVirusOverride" = 0
"AntiSpywareOverride" = 0
"FirewallOverride" = 0
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
 
========== Firewall Settings ==========
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1
 
========== Authorized Applications List ==========
 
 
========== HKEY_LOCAL_MACHINE Uninstall List ==========
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{071c9b48-7c32-4621-a0ac-3f809523288f}" = Microsoft Visual C++ 2005 Redistributable (x64)
"{0E3DAF3D-FF69-345A-A99E-1FED304CA083}" = Microsoft .NET Framework 4 Client Profile DEU Language Pack
"{1199FAD5-9546-44f3-81CF-FFDB8040B7BF}_Canon_iP4800_series" = Canon iP4800 series Printer Driver
"{350AA351-21FA-3270-8B7A-835434E766AD}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.21022
"{39F4C6F9-618A-4E5B-8FB2-6BD661174E32}" = Intel(R) Turbo Boost Technology Monitor
"{4B6C7001-C7D6-3710-913E-5BC23FCE91E6}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4148
"{563F041C-DFDB-437B-A1E8-E141E0906076}" = Microsoft IntelliPoint 8.0
"{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161
"{64798798-D0C8-4246-56FB-5C5D8A61615C}" = ATI Catalyst Install Manager
"{8338783A-0968-3B85-AFC7-BAAE0A63DC50}" = Microsoft Visual C++ 2008 Redistributable - KB2467174 - x64 9.0.30729.5570
"{90120000-002A-0000-1000-0000000FF1CE}" = Microsoft Office Office 64-bit Components 2007
"{90120000-002A-0407-1000-0000000FF1CE}" = Microsoft Office Shared 64-bit MUI (German) 2007
"{90120000-002A-0409-1000-0000000FF1CE}" = Microsoft Office Shared 64-bit MUI (English) 2007
"{90120000-002A-040C-1000-0000000FF1CE}" = Microsoft Office Shared 64-bit MUI (French) 2007
"{90120000-002A-0410-1000-0000000FF1CE}" = Microsoft Office Shared 64-bit MUI (Italian) 2007
"{90120000-002A-0C0A-1000-0000000FF1CE}" = Microsoft Office Shared 64-bit MUI (Spanish) 2007
"{90120000-0116-0409-1000-0000000FF1CE}" = Microsoft Office Shared 64-bit Setup Metadata MUI (English) 2007
"{9068B2BE-D93A-4C0A-861C-5E35E2C0E09E}" = Intel® Matrix Storage Manager
"{95120000-00B9-0409-1000-0000000FF1CE}" = Microsoft Application Error Reporting
"{A8725474-37EF-7FCE-DB35-D2CCE7A4C462}" = ccc-utility64
"{aac9fcc4-dd9e-4add-901c-b5496a07ab2e}" = Microsoft Visual C++ 2005 Redistributable (x64) - KB2467175
"{ad8a2fa1-06e7-4b0d-927d-6e54b3d31028}" = Microsoft Visual C++ 2005 Redistributable (x64)
"{B6E3757B-5E77-3915-866A-CCFC4B8D194C}" = Microsoft Visual C++ 2005 ATL Update kb973923 - x64 8.0.50727.4053
"{E5CF6B9C-3ABE-43C9-9413-AD5FFC98F049}" = SRS Premium Sound Control Panel
"{F5B09CFD-F0B2-36AF-8DF4-1DF6B63FC7B4}" = Microsoft .NET Framework 4 Client Profile
"Elantech" = ETDWare PS/2-x64 7.0.5.10_WHQL
"LSI Soft Modem" = LSI HDA Modem
"Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile
"Microsoft .NET Framework 4 Client Profile DEU Language Pack" = Microsoft .NET Framework 4 Client Profile DEU Language Pack
"Motorola Bluetooth_is1" = Motorola Bluetooth
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{007B37D9-0C45-4202-834B-DD5FAAE99D63}" = ArcSoft Print Creations - Slimline Card
"{01501EBA-EC35-4F9F-8889-3BE346E5DA13}" = MSXML4 Parser
"{01A1A019-E1D8-482A-BE17-5E118D17C0A0}" = ArcSoft Print Creations - Brochures & Flyers
"{07690F1C-04B1-4060-9691-6748ED1826B9}" = msi Software Install
"{08DE5112-C279-F317-EB93-4D30708A3AE4}" = CCC Help Czech
"{11742D23-0668-5AA8-19FA-8F88FADC1ABE}" = Catalyst Control Center Graphics Light
"{1AFF250C-F408-DBBA-ECBE-33467D3F76BC}" = CCC Help Chinese Standard
"{1B33B869-A7B8-3F7B-CB3D-54D1A2A16B37}" = Catalyst Control Center Graphics Previews Vista
"{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
"{24762012-C6C8-4AAD-A02D-71A009FA1683}" = Adobe Flash Player 10 ActiveX
"{25478065-4CB1-448C-80E4-8C4529017EE3}" = ArcSoft WebCam Companion 3
"{26A24AE4-039D-4CA4-87B4-2F83216020FF}" = Java(TM) 6 Update 26
"{27BA485D-529E-F94D-C8C5-499547E6493A}" = CCC Help Danish
"{2D2E4682-3B5C-5A3C-1379-F497BCC8B55C}" = CCC Help Chinese Traditional
"{32BB5A09-D930-EB57-737D-7B0BAD29D5D2}" = CCC Help Japanese
"{359E7E50-5ED2-466A-88A6-C36F8AB59018}" = MATLAB(R) Compiler Runtime 7.8
"{39D0E034-1042-4905-BECB-5502909FCB7C}" = Microsoft Works
"{3CE47E6B-AE27-4E40-AC54-329EED96B933}" = ArcSoft Print Creations - Funhouse II
"{3D735073-A39C-F5B4-5A9F-CC8B5177251D}" = CCC Help Hungarian
"{46B65150-F8AA-42F2-94FB-2729A8AE5F7E}" = SPSS Statistics 17.0
"{488CC14B-15FC-AFFB-F8E4-72B97F7A7C00}" = CCC Help Polish
"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
"{52EC4C05-0290-D8DB-948E-4BE0C8FE5F4D}" = CCC Help Norwegian
"{53128B2F-8A2B-5FC7-B735-3826B294BE7D}" = Catalyst Control Center Graphics Full New
"{5449FB4F-1802-4D5B-A6D8-087DB1142147}" = Realtek HDMI Audio Driver for ATI
"{55A41219-9B22-4098-BAE7-AE289B3C569A}_is1" = Panda USB Vaccine 1.0.1.4
"{56589DFE-0C29-4DFE-8E42-887B771ECD23}" = ArcSoft Print Creations - Photo Book
"{5833B2D1-B2C1-2819-1EA5-EE23C772DF01}" = CCC Help English
"{5D1C82E7-7EC0-4404-A8AD-36C3B444BC34}" = ArcSoft Print Creations - Poster Creator
"{5EE7D259-D137-4438-9A5F-42F432EC0421}" = VC80CRTRedist - 8.0.50727.4053
"{63C48CA5-C5D3-2E46-06A4-1A06791A20AB}" = CCC Help Korean
"{65153EA5-8B6E-43B6-857B-C6E4FC25798A}" = Intel(R) Management Engine Components
"{679A64E7-14CD-FF36-1470-9DED77603F7B}" = CCC Help Russian
"{6BC27278-28F6-D98A-587C-591FD8DDDC4C}" = PowerXpressHybrid
"{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}" = Microsoft Visual C++ 2005 Redistributable
"{74B5512F-E710-8F87-4597-B126F54BD6D1}" = CCC Help Thai
"{7703D8FE-8C98-8CD9-A946-475DC6BBA04C}" = CCC Help Spanish
"{770657D0-A123-3C07-8E44-1C83EC895118}" = Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
"{7B034E4B-A41A-7B9F-9820-C58C4CC99716}" = Catalyst Control Center Core Implementation
"{7D73203D-5854-3B87-25A7-9025829EB076}" = CCC Help Finnish
"{86CE85E6-DBAC-3FFD-B977-E4B79F83C909}" = Microsoft Visual C++ 2008 Redistributable - KB2467174 - x86 9.0.30729.5570
"{8833FFB6-5B0C-4764-81AA-06DFEED9A476}" = Realtek Ethernet Controller Driver For Windows Vista and Later
"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
"{8BCD960B-2ECC-595C-F934-543061F10F2B}" = CCC Help Italian
"{8E90189A-A5D4-4C0E-A908-06C4236F98EE}" = ArcSoft Magic-i Visual Effects 2
"{90120000-0015-0407-0000-0000000FF1CE}" = Microsoft Office Access MUI (German) 2007
"{90120000-0015-0407-0000-0000000FF1CE}_ENTERPRISE_{9BD40163-B95D-4B07-8991-0AB775B6D88B}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0016-0407-0000-0000000FF1CE}" = Microsoft Office Excel MUI (German) 2007
"{90120000-0016-0407-0000-0000000FF1CE}_HOMESTUDENTR_{9BD40163-B95D-4B07-8991-0AB775B6D88B}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0016-0409-0000-0000000FF1CE}" = Microsoft Office Excel MUI (English) 2007
"{90120000-0016-0409-0000-0000000FF1CE}_HOMESTUDENTR_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0016-040C-0000-0000000FF1CE}" = Microsoft Office Excel MUI (French) 2007
"{90120000-0016-040C-0000-0000000FF1CE}_HOMESTUDENTR_{AE187E0D-EBA5-4EE1-A397-BF1A577CB24C}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0016-0410-0000-0000000FF1CE}" = Microsoft Office Excel MUI (Italian) 2007
"{90120000-0016-0410-0000-0000000FF1CE}_HOMESTUDENTR_{71CCE0F1-A3B4-49C9-A328-1DABE845E0C4}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0016-0C0A-0000-0000000FF1CE}" = Microsoft Office Excel MUI (Spanish) 2007
"{90120000-0016-0C0A-0000-0000000FF1CE}_HOMESTUDENTR_{91A7F72A-3273-4C1E-8BE0-BC9DD0D9345C}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0018-0407-0000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (German) 2007
"{90120000-0018-0407-0000-0000000FF1CE}_HOMESTUDENTR_{9BD40163-B95D-4B07-8991-0AB775B6D88B}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0018-0409-0000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (English) 2007
"{90120000-0018-0409-0000-0000000FF1CE}_HOMESTUDENTR_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0018-040C-0000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (French) 2007
"{90120000-0018-040C-0000-0000000FF1CE}_HOMESTUDENTR_{AE187E0D-EBA5-4EE1-A397-BF1A577CB24C}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0018-0410-0000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (Italian) 2007
"{90120000-0018-0410-0000-0000000FF1CE}_HOMESTUDENTR_{71CCE0F1-A3B4-49C9-A328-1DABE845E0C4}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0018-0C0A-0000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (Spanish) 2007
"{90120000-0018-0C0A-0000-0000000FF1CE}_HOMESTUDENTR_{91A7F72A-3273-4C1E-8BE0-BC9DD0D9345C}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0019-0407-0000-0000000FF1CE}" = Microsoft Office Publisher MUI (German) 2007
"{90120000-0019-0407-0000-0000000FF1CE}_ENTERPRISE_{9BD40163-B95D-4B07-8991-0AB775B6D88B}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-001A-0407-0000-0000000FF1CE}" = Microsoft Office Outlook MUI (German) 2007
"{90120000-001A-0407-0000-0000000FF1CE}_ENTERPRISE_{9BD40163-B95D-4B07-8991-0AB775B6D88B}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-001B-0407-0000-0000000FF1CE}" = Microsoft Office Word MUI (German) 2007
"{90120000-001B-0407-0000-0000000FF1CE}_HOMESTUDENTR_{9BD40163-B95D-4B07-8991-0AB775B6D88B}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-001B-0409-0000-0000000FF1CE}" = Microsoft Office Word MUI (English) 2007
"{90120000-001B-0409-0000-0000000FF1CE}_HOMESTUDENTR_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-001B-040C-0000-0000000FF1CE}" = Microsoft Office Word MUI (French) 2007
"{90120000-001B-040C-0000-0000000FF1CE}_HOMESTUDENTR_{AE187E0D-EBA5-4EE1-A397-BF1A577CB24C}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-001B-0410-0000-0000000FF1CE}" = Microsoft Office Word MUI (Italian) 2007
"{90120000-001B-0410-0000-0000000FF1CE}_HOMESTUDENTR_{71CCE0F1-A3B4-49C9-A328-1DABE845E0C4}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-001B-0C0A-0000-0000000FF1CE}" = Microsoft Office Word MUI (Spanish) 2007
"{90120000-001B-0C0A-0000-0000000FF1CE}_HOMESTUDENTR_{91A7F72A-3273-4C1E-8BE0-BC9DD0D9345C}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-001F-0401-0000-0000000FF1CE}" = Microsoft Office Proof (Arabic) 2007
"{90120000-001F-0401-0000-0000000FF1CE}_HOMESTUDENTR_{14809F99-C601-4D4A-9391-F1E8FAA964C5}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
"{90120000-001F-0403-0000-0000000FF1CE}" = Microsoft Office Proof (Catalan) 2007
"{90120000-001F-0403-0000-0000000FF1CE}_HOMESTUDENTR_{4B47C31E-46B0-462B-BEE4-DC383B6A1F2A}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
"{90120000-001F-0407-0000-0000000FF1CE}" = Microsoft Office Proof (German) 2007
"{90120000-001F-0407-0000-0000000FF1CE}_HOMESTUDENTR_{A0516415-ED61-419A-981D-93596DA74165}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
"{90120000-001F-0409-0000-0000000FF1CE}" = Microsoft Office Proof (English) 2007
"{90120000-001F-0409-0000-0000000FF1CE}_HOMESTUDENTR_{ABDDE972-355B-4AF1-89A8-DA50B7B5C045}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
"{90120000-001F-040C-0000-0000000FF1CE}" = Microsoft Office Proof (French) 2007
"{90120000-001F-040C-0000-0000000FF1CE}_HOMESTUDENTR_{F580DDD5-8D37-4998-968E-EBB76BB86787}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
"{90120000-001F-0410-0000-0000000FF1CE}" = Microsoft Office Proof (Italian) 2007
"{90120000-001F-0410-0000-0000000FF1CE}_HOMESTUDENTR_{322296D4-1EAE-4030-9FBC-D2787EB25FA2}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
"{90120000-001F-0413-0000-0000000FF1CE}" = Microsoft Office Proof (Dutch) 2007
"{90120000-001F-0413-0000-0000000FF1CE}_HOMESTUDENTR_{D66D5A44-E480-4BA4-B4F2-C554F6B30EBB}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
"{90120000-001F-0416-0000-0000000FF1CE}" = Microsoft Office Proof (Portuguese (Brazil)) 2007
"{90120000-001F-0416-0000-0000000FF1CE}_HOMESTUDENTR_{75EBE365-7FC5-4720-A7D3-804BF550D1BC}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
"{90120000-001F-042D-0000-0000000FF1CE}" = Microsoft Office Proof (Basque) 2007
"{90120000-001F-0456-0000-0000000FF1CE}" = Microsoft Office Proof (Galician) 2007
"{90120000-001F-0C0A-0000-0000000FF1CE}" = Microsoft Office Proof (Spanish) 2007
"{90120000-001F-0C0A-0000-0000000FF1CE}_HOMESTUDENTR_{187308AB-5FA7-4F14-9AB9-D290383A10D9}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
"{90120000-0020-0407-0000-0000000FF1CE}" = Compatibility Pack für 2007 Office System
"{90120000-002A-0000-1000-0000000FF1CE}_HOMESTUDENTR_{E64BA721-2310-4B55-BE5A-2925F9706192}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-002A-0407-1000-0000000FF1CE}_HOMESTUDENTR_{26454C26-D259-4543-AA60-3189E09C5F76}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-002A-0409-1000-0000000FF1CE}_HOMESTUDENTR_{DE5A002D-8122-4278-A7EE-3121E7EA254E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-002A-040C-1000-0000000FF1CE}_HOMESTUDENTR_{B165D3C2-40AE-4D39-86F7-E5C87C4264C0}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-002A-0410-1000-0000000FF1CE}_HOMESTUDENTR_{0A75DA12-55CB-4DE5-8B6A-74D97847204E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-002A-0C0A-1000-0000000FF1CE}_HOMESTUDENTR_{6113C11D-BACA-4D8E-8002-03C8D06FD5E6}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-002C-0407-0000-0000000FF1CE}" = Microsoft Office Proofing (German) 2007
"{90120000-002C-0409-0000-0000000FF1CE}" = Microsoft Office Proofing (English) 2007
"{90120000-002C-040C-0000-0000000FF1CE}" = Microsoft Office Proofing (French) 2007
"{90120000-002C-0410-0000-0000000FF1CE}" = Microsoft Office Proofing (Italian) 2007
"{90120000-002C-0C0A-0000-0000000FF1CE}" = Microsoft Office Proofing (Spanish) 2007
"{90120000-0030-0000-0000-0000000FF1CE}" = Microsoft Office Enterprise 2007
"{90120000-0030-0000-0000-0000000FF1CE}_ENTERPRISE_{0B36C6D6-F5D8-4EAF-BF94-4376A230AD5B}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0030-0000-0000-0000000FF1CE}_ENTERPRISE_{3D019598-7B59-447A-80AE-815B703B84FF}" = Security Update for Microsoft Office system 2007 (972581)
"{90120000-0044-0407-0000-0000000FF1CE}" = Microsoft Office InfoPath MUI (German) 2007
"{90120000-0044-0407-0000-0000000FF1CE}_ENTERPRISE_{9BD40163-B95D-4B07-8991-0AB775B6D88B}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-006E-0407-0000-0000000FF1CE}" = Microsoft Office Shared MUI (German) 2007
"{90120000-006E-0407-0000-0000000FF1CE}_HOMESTUDENTR_{26454C26-D259-4543-AA60-3189E09C5F76}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-006E-0409-0000-0000000FF1CE}" = Microsoft Office Shared MUI (English) 2007
"{90120000-006E-0409-0000-0000000FF1CE}_HOMESTUDENTR_{DE5A002D-8122-4278-A7EE-3121E7EA254E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-006E-040C-0000-0000000FF1CE}" = Microsoft Office Shared MUI (French) 2007
"{90120000-006E-040C-0000-0000000FF1CE}_HOMESTUDENTR_{B165D3C2-40AE-4D39-86F7-E5C87C4264C0}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-006E-0410-0000-0000000FF1CE}" = Microsoft Office Shared MUI (Italian) 2007
"{90120000-006E-0410-0000-0000000FF1CE}_HOMESTUDENTR_{0A75DA12-55CB-4DE5-8B6A-74D97847204E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-006E-0C0A-0000-0000000FF1CE}" = Microsoft Office Shared MUI (Spanish) 2007
"{90120000-006E-0C0A-0000-0000000FF1CE}_HOMESTUDENTR_{6113C11D-BACA-4D8E-8002-03C8D06FD5E6}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-00A1-0407-0000-0000000FF1CE}" = Microsoft Office OneNote MUI (German) 2007
"{90120000-00A1-0407-0000-0000000FF1CE}_HOMESTUDENTR_{9BD40163-B95D-4B07-8991-0AB775B6D88B}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-00A1-0409-0000-0000000FF1CE}" = Microsoft Office OneNote MUI (English) 2007
"{90120000-00A1-0409-0000-0000000FF1CE}_HOMESTUDENTR_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-00A1-040C-0000-0000000FF1CE}" = Microsoft Office OneNote MUI (French) 2007
"{90120000-00A1-040C-0000-0000000FF1CE}_HOMESTUDENTR_{AE187E0D-EBA5-4EE1-A397-BF1A577CB24C}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-00A1-0410-0000-0000000FF1CE}" = Microsoft Office OneNote MUI (Italian) 2007
"{90120000-00A1-0410-0000-0000000FF1CE}_HOMESTUDENTR_{71CCE0F1-A3B4-49C9-A328-1DABE845E0C4}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-00A1-0C0A-0000-0000000FF1CE}" = Microsoft Office OneNote MUI (Spanish) 2007
"{90120000-00A1-0C0A-0000-0000000FF1CE}_HOMESTUDENTR_{91A7F72A-3273-4C1E-8BE0-BC9DD0D9345C}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-00BA-0407-0000-0000000FF1CE}" = Microsoft Office Groove MUI (German) 2007
"{90120000-00BA-0407-0000-0000000FF1CE}_ENTERPRISE_{9BD40163-B95D-4B07-8991-0AB775B6D88B}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0115-0409-0000-0000000FF1CE}" = Microsoft Office Shared Setup Metadata MUI (English) 2007
"{90120000-0115-0409-0000-0000000FF1CE}_HOMESTUDENTR_{DE5A002D-8122-4278-A7EE-3121E7EA254E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0116-0409-1000-0000000FF1CE}_HOMESTUDENTR_{DE5A002D-8122-4278-A7EE-3121E7EA254E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90140000-2005-0000-0000-0000000FF1CE}" = Microsoft Office File Validation Add-In
"{91120000-002F-0000-0000-0000000FF1CE}" = Microsoft Office Home and Student 2007
"{91120000-002F-0000-0000-0000000FF1CE}_HOMESTUDENTR_{0B36C6D6-F5D8-4EAF-BF94-4376A230AD5B}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{91120000-002F-0000-0000-0000000FF1CE}_HOMESTUDENTR_{3D019598-7B59-447A-80AE-815B703B84FF}" = Security Update for Microsoft Office system 2007 (972581)
"{92683FBF-ADB3-F0BF-E652-35D11FE190DE}" = PX Profile Update
"{92942F31-C642-7839-BA61-CC5E1DD9397D}" = CCC Help Swedish
"{95120000-00AF-0407-0000-0000000FF1CE}" = Microsoft Office PowerPoint Viewer 2007 (German)
"{9591C049-5CAE-4E89-A8D9-191F1899628B}" = ArcSoft Print Creations - Funhouse
"{95F875CC-1B85-43E6-B3E0-13EA04F3D995}" = ArcSoft Print Creations - Photo Prints
"{96AE7E41-E34E-47D0-AC07-1091A8127911}" = Realtek USB 2.0 Card Reader
"{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
"{9BE518E6-ECC6-35A9-88E4-87755C07200F}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
"{A5F481DE-A5D2-725F-A0F3-1E663272D198}" = PX Profile Update
"{AA59DDE4-B672-4621-A016-4C248204957A}" = Skype™ 5.5
"{AC76BA86-7AD7-1031-7B44-AA1000000001}" = Adobe Reader X (10.1.1) - Deutsch
"{AC76BA86-7AD7-5760-0000-A00000000003}" = Japanese Fonts Support For Adobe Reader X
"{B0D83FCD-9D42-43ED-8315-250326AADA02}" = ArcSoft Print Creations - Scrapbook
"{BA659DC5-F577-4364-903D-20C16DD4BDB3}" = Catalyst Control Center - Branding
"{C5D7039E-0803-4FE8-976D-156DE1147E4F}" = ArcSoft Print Creations
"{C85F4BE3-0725-1D9C-50D7-27A5F8CBE6EF}" = CCC Help Greek
"{CA659543-232D-9B74-7058-A8C2DDA16405}" = ccc-core-static
"{CA9ED5E4-1548-485B-A293-417840060158}" = ArcSoft Print Creations - Photo Calendar
"{CD0A677F-D3BB-1187-1669-AE2960659370}" = Catalyst Control Center Localization All
"{CF83661A-F6FC-39A7-9552-B86E1239CC40}" = CCC Help Turkish
"{D6C630BF-8DBB-4042-8562-DC9A52CB6E7E}" = Intel(R) Turbo Boost Technology Driver
"{D850DA0F-468D-9BCE-D601-A41D294F1BD8}" = Catalyst Control Center InstallProxy
"{E50AE784-FABE-46DA-A1F8-7B6B56DCB22E}" = Microsoft Office Suite Activation Assistant
"{E6B4117F-AC59-4B13-9274-EB136E8897EE}" = ArcSoft Print Creations - Album Page
"{E81E7CD7-74D6-E355-F19A-427F1B2EE3BF}" = Catalyst Control Center Graphics Full Existing
"{EBC48194-90E6-EBA1-0DD6-9466095E1CAF}" = CCC Help French
"{ED9C5D25-55DF-48D8-9328-2AC0D75DE5D8}" = System Control Manager
"{EF5B8746-E00C-6306-879E-05444A6839C9}" = CCC Help Portuguese
"{F04F9557-81A9-4293-BC49-2C216FA325A7}" = ArcSoft Print Creations - Greeting Card
"{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}" = Microsoft Visual C++ 2010  x86 Redistributable - 10.0.40219
"{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}" = Realtek High Definition Audio Driver
"{F1C60A5C-7666-FF75-630F-A136B5FAD451}" = Catalyst Control Center InstallProxy
"{FC09D493-A649-E880-A505-DEAA304E1A8D}" = CCC Help German
"{FC8CF7E1-5722-9952-2A56-8C28E2D17A42}" = CCC Help Dutch
"Adobe Flash Player Plugin" = Adobe Flash Player 11 Plugin
"AutocompletePro3_is1" = AutocompletePro
"Avira AntiVir Desktop" = Avira Free Antivirus
"DivX Setup.divx.com" = DivX-Setup
"ENTERPRISE" = Microsoft Office Enterprise 2007
"Free Studio_is1" = Free Studio version 5.0.9
"HOMESTUDENTR" = Microsoft Office Home and Student 2007
"MediaProSoft Free Video to AVI MPEG Converter_is1" = MediaProSoft Free Video to AVI MPEG Converter 6.5.2
"Mozilla Firefox 9.0.1 (x86 de)" = Mozilla Firefox 9.0.1 (x86 de)
"SecureW2 EAP Suite" = SecureW2 EAP Suite 1.1.3 for Windows
"SopCast" = SopCast 3.4.0
"Starcraft" = Starcraft
"StarCraft II" = StarCraft II
"TeamSpeak 3 Client" = TeamSpeak 3 Client
"Uninstall_is1" = Uninstall 1.0.0.1
"Veetle TV" = Veetle TV
"VLC media player" = VLC media player 1.1.7
"WinRAR archiver" = WinRAR archiver
 
========== HKEY_CURRENT_USER Uninstall List ==========
 
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"Dropbox" = Dropbox
 
========== Last 10 Event Log Errors ==========
 
[ Application Events ]
Error - 1/17/2012 6:44:23 AM | Computer Name = Stefan-msi | Source = Microsoft-Windows-CAPI2 | ID = 4107
Description = Fehler beim Extrahieren der Drittanbieterstammliste aus der automatischen
 Aktualisierungs-CAB-Datei bei <hxxp://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootstl.cab>.
 Fehler: Ein erforderliches Zertifikat befindet sich nicht im Gültigkeitszeitraum
 gemessen an der aktuellen Systemzeit oder dem Zeitstempel in der signierten Datei.
.
 
Error - 1/17/2012 6:45:36 AM | Computer Name = Stefan-msi | Source = Microsoft-Windows-CAPI2 | ID = 4107
Description = Fehler beim Extrahieren der Drittanbieterstammliste aus der automatischen
 Aktualisierungs-CAB-Datei bei <hxxp://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootstl.cab>.
 Fehler: Ein erforderliches Zertifikat befindet sich nicht im Gültigkeitszeitraum
 gemessen an der aktuellen Systemzeit oder dem Zeitstempel in der signierten Datei.
.
 
Error - 1/17/2012 6:45:36 AM | Computer Name = Stefan-msi | Source = Microsoft-Windows-CAPI2 | ID = 4107
Description = Fehler beim Extrahieren der Drittanbieterstammliste aus der automatischen
 Aktualisierungs-CAB-Datei bei <hxxp://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootstl.cab>.
 Fehler: Ein erforderliches Zertifikat befindet sich nicht im Gültigkeitszeitraum
 gemessen an der aktuellen Systemzeit oder dem Zeitstempel in der signierten Datei.
.
 
Error - 1/17/2012 6:59:16 AM | Computer Name = Stefan-msi | Source = Application Error | ID = 1000
Description = Name der fehlerhaften Anwendung: wmpnetwk.exe, Version: 12.0.7600.16385,
 Zeitstempel: 0x4a5bd03d  Name des fehlerhaften Moduls: WMNetMgr.dll_unloaded, Version:
 0.0.0.0, Zeitstempel: 0x4a5be106  Ausnahmecode: 0xc0000005  Fehleroffset: 0x000007feebb40917
ID
 des fehlerhaften Prozesses: 0x9a8  Startzeit der fehlerhaften Anwendung: 0x01ccd504f2bb8217
Pfad
 der fehlerhaften Anwendung: C:\Program Files\Windows Media Player\wmpnetwk.exe  Pfad
 des fehlerhaften Moduls: WMNetMgr.dll  Berichtskennung: 4b7dcfdd-40fa-11e1-a05e-8773b4fb38b3
 
Error - 1/17/2012 7:14:46 AM | Computer Name = Stefan-msi | Source = Application Error | ID = 1000
Description = Name der fehlerhaften Anwendung: wmpnetwk.exe, Version: 12.0.7600.16385,
 Zeitstempel: 0x4a5bd03d  Name des fehlerhaften Moduls: WMNetMgr.dll_unloaded, Version:
 0.0.0.0, Zeitstempel: 0x4a5be106  Ausnahmecode: 0xc0000005  Fehleroffset: 0x000007feef660917
ID
 des fehlerhaften Prozesses: 0x164  Startzeit der fehlerhaften Anwendung: 0x01ccd5071fb899b0
Pfad
 der fehlerhaften Anwendung: C:\Program Files\Windows Media Player\wmpnetwk.exe  Pfad
 des fehlerhaften Moduls: WMNetMgr.dll  Berichtskennung: 76519c6f-40fc-11e1-a05e-8773b4fb38b3
 
Error - 1/17/2012 7:30:18 AM | Computer Name = Stefan-msi | Source = Application Error | ID = 1000
Description = Name der fehlerhaften Anwendung: wmpnetwk.exe, Version: 12.0.7600.16385,
 Zeitstempel: 0x4a5bd03d  Name des fehlerhaften Moduls: WMNetMgr.dll_unloaded, Version:
 0.0.0.0, Zeitstempel: 0x4a5be106  Ausnahmecode: 0xc0000005  Fehleroffset: 0x000007feefb20917
ID
 des fehlerhaften Prozesses: 0x490  Startzeit der fehlerhaften Anwendung: 0x01ccd5094a954004
Pfad
 der fehlerhaften Anwendung: C:\Program Files\Windows Media Player\wmpnetwk.exe  Pfad
 des fehlerhaften Moduls: WMNetMgr.dll  Berichtskennung: a1d51d3f-40fe-11e1-a05e-8773b4fb38b3
 
Error - 1/17/2012 11:08:08 AM | Computer Name = Stefan-msi | Source = Application Error | ID = 1000
Description = Name der fehlerhaften Anwendung: wmpnetwk.exe, Version: 12.0.7600.16385,
 Zeitstempel: 0x4a5bd03d  Name des fehlerhaften Moduls: WMNetMgr.dll_unloaded, Version:
 0.0.0.0, Zeitstempel: 0x4a5be106  Ausnahmecode: 0xc0000005  Fehleroffset: 0x000007feecd80917
ID
 des fehlerhaften Prozesses: 0x538  Startzeit der fehlerhaften Anwendung: 0x01ccd526d1df3d11
Pfad
 der fehlerhaften Anwendung: C:\Program Files\Windows Media Player\wmpnetwk.exe  Pfad
 des fehlerhaften Moduls: WMNetMgr.dll  Berichtskennung: 0fd38975-411d-11e1-a22b-bd4bd947b9b3
 
Error - 1/17/2012 11:23:38 AM | Computer Name = Stefan-msi | Source = Application Error | ID = 1000
Description = Name der fehlerhaften Anwendung: wmpnetwk.exe, Version: 12.0.7600.16385,
 Zeitstempel: 0x4a5bd03d  Name des fehlerhaften Moduls: WMNetMgr.dll_unloaded, Version:
 0.0.0.0, Zeitstempel: 0x4a5be106  Ausnahmecode: 0xc0000005  Fehleroffset: 0x000007feecc20917
ID
 des fehlerhaften Prozesses: 0xcf0  Startzeit der fehlerhaften Anwendung: 0x01ccd529e410f0a0
Pfad
 der fehlerhaften Anwendung: C:\Program Files\Windows Media Player\wmpnetwk.exe  Pfad
 des fehlerhaften Moduls: WMNetMgr.dll  Berichtskennung: 3a7c8dc7-411f-11e1-a22b-829409eac0a0
 
Error - 1/17/2012 11:39:10 AM | Computer Name = Stefan-msi | Source = Application Error | ID = 1000
Description = Name der fehlerhaften Anwendung: wmpnetwk.exe, Version: 12.0.7600.16385,
 Zeitstempel: 0x4a5bd03d  Name des fehlerhaften Moduls: WMNetMgr.dll_unloaded, Version:
 0.0.0.0, Zeitstempel: 0x4a5be106  Ausnahmecode: 0xc0000005  Fehleroffset: 0x000007feecf40917
ID
 des fehlerhaften Prozesses: 0x1024  Startzeit der fehlerhaften Anwendung: 0x01ccd52c0ebd5ff7
Pfad
 der fehlerhaften Anwendung: C:\Program Files\Windows Media Player\wmpnetwk.exe  Pfad
 des fehlerhaften Moduls: WMNetMgr.dll  Berichtskennung: 660226f6-4121-11e1-a22b-829409eac0a0
 
Error - 1/17/2012 12:05:48 PM | Computer Name = Stefan-msi | Source = Application Error | ID = 1000
Description = Name der fehlerhaften Anwendung: wmpnetwk.exe, Version: 12.0.7600.16385,
 Zeitstempel: 0x4a5bd03d  Name des fehlerhaften Moduls: WMNetMgr.dll_unloaded, Version:
 0.0.0.0, Zeitstempel: 0x4a5be106  Ausnahmecode: 0xc0000005  Fehleroffset: 0x000007feed0e0917
ID
 des fehlerhaften Prozesses: 0xe30  Startzeit der fehlerhaften Anwendung: 0x01ccd52fc7815db0
Pfad
 der fehlerhaften Anwendung: C:\Program Files\Windows Media Player\wmpnetwk.exe  Pfad
 des fehlerhaften Moduls: WMNetMgr.dll  Berichtskennung: 1e7c9892-4125-11e1-a22b-829409eac0a0
 
[ OSession Events ]
Error - 4/2/2011 9:21:24 AM | Computer Name = Stefan-msi | Source = Microsoft Office 12 Sessions | ID = 7001
Description = ID: 3, Application Name: Microsoft Office PowerPoint, Application 
Version: 12.0.6500.5000, Microsoft Office Version: 12.0.6425.1000. This session 
lasted 36 seconds with 0 seconds of active time.  This session ended with a crash.
 
Error - 4/2/2011 10:09:54 AM | Computer Name = Stefan-msi | Source = Microsoft Office 12 Sessions | ID = 7001
Description = ID: 3, Application Name: Microsoft Office PowerPoint, Application 
Version: 12.0.6500.5000, Microsoft Office Version: 12.0.6425.1000. This session 
lasted 2905 seconds with 1860 seconds of active time.  This session ended with a
 crash.
 
Error - 4/2/2011 10:27:01 AM | Computer Name = Stefan-msi | Source = Microsoft Office 12 Sessions | ID = 7001
Description = ID: 3, Application Name: Microsoft Office PowerPoint, Application 
Version: 12.0.6500.5000, Microsoft Office Version: 12.0.6425.1000. This session 
lasted 1015 seconds with 780 seconds of active time.  This session ended with a 
crash.
 
Error - 4/12/2011 3:29:47 AM | Computer Name = Stefan-msi | Source = Microsoft Office 12 Sessions | ID = 7001
Description = ID: 3, Application Name: Microsoft Office PowerPoint, Application 
Version: 12.0.6500.5000, Microsoft Office Version: 12.0.6425.1000. This session 
lasted 588 seconds with 540 seconds of active time.  This session ended with a crash.
 
Error - 10/14/2011 12:54:13 PM | Computer Name = Stefan-msi | Source = Microsoft Office 12 Sessions | ID = 7001
Description = ID: 1, Application Name: Microsoft Office Excel, Application Version:
 12.0.6565.5003, Microsoft Office Version: 12.0.6425.1000. This session lasted 960
 seconds with 360 seconds of active time.  This session ended with a crash.
 
Error - 10/14/2011 3:29:26 PM | Computer Name = Stefan-msi | Source = Microsoft Office 12 Sessions | ID = 7001
Description = ID: 1, Application Name: Microsoft Office Excel, Application Version:
 12.0.6565.5003, Microsoft Office Version: 12.0.6425.1000. This session lasted 32
 seconds with 0 seconds of active time.  This session ended with a crash.
 
Error - 10/14/2011 3:40:03 PM | Computer Name = Stefan-msi | Source = Microsoft Office 12 Sessions | ID = 7001
Description = ID: 1, Application Name: Microsoft Office Excel, Application Version:
 12.0.6565.5003, Microsoft Office Version: 12.0.6425.1000. This session lasted 507
 seconds with 240 seconds of active time.  This session ended with a crash.
 
Error - 1/15/2012 3:58:59 PM | Computer Name = Stefan-msi | Source = Microsoft Office 12 Sessions | ID = 7001
Description = ID: 3, Application Name: Microsoft Office PowerPoint, Application 
Version: 12.0.6600.1000, Microsoft Office Version: 12.0.6425.1000. This session 
lasted 2065 seconds with 1020 seconds of active time.  This session ended with a
 crash.
 
Error - 1/15/2012 4:03:09 PM | Computer Name = Stefan-msi | Source = Microsoft Office 12 Sessions | ID = 7001
Description = ID: 3, Application Name: Microsoft Office PowerPoint, Application 
Version: 12.0.6600.1000, Microsoft Office Version: 12.0.6425.1000. This session 
lasted 241 seconds with 120 seconds of active time.  This session ended with a crash.
 
Error - 1/15/2012 4:09:55 PM | Computer Name = Stefan-msi | Source = Microsoft Office 12 Sessions | ID = 7001
Description = ID: 3, Application Name: Microsoft Office PowerPoint, Application 
Version: 12.0.6600.1000, Microsoft Office Version: 12.0.6425.1000. This session 
lasted 21 seconds with 0 seconds of active time.  This session ended with a crash.
 
[ System Events ]
Error - 1/17/2012 5:53:27 AM | Computer Name = Stefan-msi | Source = Service Control Manager | ID = 7005
Description = Der Aufruf "LoadUserProfile" ist aufgrund folgenden Fehlers fehlgeschlagen:
   %%183
 
Error - 1/17/2012 5:53:27 AM | Computer Name = Stefan-msi | Source = Service Control Manager | ID = 7005
Description = Der Aufruf "LoadUserProfile" ist aufgrund folgenden Fehlers fehlgeschlagen:
   %%183
 
Error - 1/17/2012 6:28:56 AM | Computer Name = Stefan-msi | Source = Service Control Manager | ID = 7031
Description = Der Dienst "Windows Media Player-Netzwerkfreigabedienst" wurde unerwartet
 beendet. Dies ist bereits 1 Mal vorgekommen. Folgende Korrekturmaßnahmen werden
 in 30000 Millisekunden durchgeführt: Neustart des Diensts.
 
Error - 1/17/2012 6:59:16 AM | Computer Name = Stefan-msi | Source = Service Control Manager | ID = 7031
Description = Der Dienst "Windows Media Player-Netzwerkfreigabedienst" wurde unerwartet
 beendet. Dies ist bereits 1 Mal vorgekommen. Folgende Korrekturmaßnahmen werden
 in 30000 Millisekunden durchgeführt: Neustart des Diensts.
 
Error - 1/17/2012 7:14:46 AM | Computer Name = Stefan-msi | Source = Service Control Manager | ID = 7031
Description = Der Dienst "Windows Media Player-Netzwerkfreigabedienst" wurde unerwartet
 beendet. Dies ist bereits 2 Mal vorgekommen. Folgende Korrekturmaßnahmen werden
 in 30000 Millisekunden durchgeführt: Neustart des Diensts.
 
Error - 1/17/2012 7:30:18 AM | Computer Name = Stefan-msi | Source = Service Control Manager | ID = 7034
Description = Dienst "Windows Media Player-Netzwerkfreigabedienst" wurde unerwartet
 beendet. Dies ist bereits 3 Mal passiert.
 
Error - 1/17/2012 11:08:08 AM | Computer Name = Stefan-msi | Source = Service Control Manager | ID = 7031
Description = Der Dienst "Windows Media Player-Netzwerkfreigabedienst" wurde unerwartet
 beendet. Dies ist bereits 1 Mal vorgekommen. Folgende Korrekturmaßnahmen werden
 in 30000 Millisekunden durchgeführt: Neustart des Diensts.
 
Error - 1/17/2012 11:23:38 AM | Computer Name = Stefan-msi | Source = Service Control Manager | ID = 7031
Description = Der Dienst "Windows Media Player-Netzwerkfreigabedienst" wurde unerwartet
 beendet. Dies ist bereits 2 Mal vorgekommen. Folgende Korrekturmaßnahmen werden
 in 30000 Millisekunden durchgeführt: Neustart des Diensts.
 
Error - 1/17/2012 11:39:10 AM | Computer Name = Stefan-msi | Source = Service Control Manager | ID = 7034
Description = Dienst "Windows Media Player-Netzwerkfreigabedienst" wurde unerwartet
 beendet. Dies ist bereits 3 Mal passiert.
 
Error - 1/17/2012 12:05:48 PM | Computer Name = Stefan-msi | Source = Service Control Manager | ID = 7034
Description = Dienst "Windows Media Player-Netzwerkfreigabedienst" wurde unerwartet
 beendet. Dies ist bereits 4 Mal passiert.
 
 
< End of report >
         
--- --- ---


OTL: (diese erschien bei mir nach dem "quickscan" wie in der anleitung gefordert)

OTL Logfile:
Code:
ATTFilter
OTL logfile created on: 1/17/2012 6:10:00 PM - Run 4
OTL by OldTimer - Version 3.2.31.0     Folder = C:\Users\Stefan\Desktop\virus
64bit- Home Premium Edition  (Version = 6.1.7600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.7600.16385)
Locale: 00000409 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
 
3.79 Gb Total Physical Memory | 2.58 Gb Available Physical Memory | 68.01% Memory free
7.59 Gb Paging File | 6.07 Gb Available in Paging File | 80.01% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 273.40 Gb Total Space | 179.16 Gb Free Space | 65.53% Space Free | Partition Type: NTFS
Drive D: | 180.26 Gb Total Space | 156.23 Gb Free Space | 86.66% Space Free | Partition Type: NTFS
 
Computer Name: STEFAN-MSI | User Name: Stefan | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Quick Scan | Include 64bit Scans
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days
 
========== Processes (SafeList) ==========
 
PRC - C:\Users\Stefan\Desktop\virus\OTL.exe (OldTimer Tools)
PRC - C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe (Avira Operations GmbH & Co. KG)
PRC - C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe (Avira Operations GmbH & Co. KG)
PRC - C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe (Avira Operations GmbH & Co. KG)
PRC - C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe (Adobe Systems Incorporated)
PRC - C:\Program Files (x86)\Common Files\ArcSoft\Connection Service\Bin\ACService.exe (ArcSoft Inc.)
PRC - C:\Program Files (x86)\System Control Manager\MGSysCtrl.exe (Micro-Star International Co., Ltd.)
PRC - C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe (Intel Corporation)
PRC - C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe (Intel Corporation)
PRC - C:\Program Files (x86)\Intel\Intel Matrix Storage Manager\IAAnotif.exe (Intel Corporation)
PRC - C:\Program Files (x86)\Intel\Intel Matrix Storage Manager\IAANTmon.exe (Intel Corporation)
PRC - C:\Program Files (x86)\Panda USB Vaccine\USBVaccine.exe (Panda Security)
PRC - C:\Program Files (x86)\System Control Manager\MSIService.exe (Micro-Star International Co., Ltd.)
 
 
========== Modules (No Company Name) ==========
 
 
========== Win32 Services (SafeList) ==========
 
SRV:64bit: - (AMD External Events Utility) -- C:\Windows\SysNative\atiesrxx.exe (AMD)
SRV:64bit: - (FLEXnet Licensing Service 64) -- C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService64.exe (Macrovision Europe Ltd.)
SRV:64bit: - (Bluetooth Media Service) -- C:\Program Files\Motorola\Bluetooth\audiosrv.exe (Motorola, Inc.)
SRV:64bit: - (Bluetooth Device Manager) -- C:\Program Files\Motorola\Bluetooth\devmgrsrv.exe (Motorola, Inc.)
SRV:64bit: - (Bluetooth OBEX Service) -- C:\Program Files\Motorola\Bluetooth\obexsrv.exe (Motorola, Inc.)
SRV:64bit: - (TurboBoost) -- C:\Program Files\Intel\TurboBoost\TurboBoost.exe (Intel(R) Corporation)
SRV:64bit: - (WinDefend) -- C:\Program Files\Windows Defender\mpsvc.dll (Microsoft Corporation)
SRV:64bit: - (AgereModemAudio) -- C:\Program Files\LSI SoftModem\agr64svc.exe (LSI Corporation)
SRV - (AntiVirSchedulerService) -- C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe (Avira Operations GmbH & Co. KG)
SRV - (AntiVirService) -- C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe (Avira Operations GmbH & Co. KG)
SRV - (AdobeARMservice) -- C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe (Adobe Systems Incorporated)
SRV - (clr_optimization_v4.0.30319_32) -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe (Microsoft Corporation)
SRV - (ACDaemon) -- C:\Program Files (x86)\Common Files\ArcSoft\Connection Service\Bin\ACService.exe (ArcSoft Inc.)
SRV - (FLEXnet Licensing Service) -- C:\Program Files (x86)\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe (Macrovision Europe Ltd.)
SRV - (UNS) Intel(R) -- C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe (Intel Corporation)
SRV - (LMS) Intel(R) -- C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe (Intel Corporation)
SRV - (IAANTMON) Intel(R) -- C:\Program Files (x86)\Intel\Intel Matrix Storage Manager\IAANTmon.exe (Intel Corporation)
SRV - (Micro Star SCM) -- C:\Program Files (x86)\System Control Manager\MSIService.exe (Micro-Star International Co., Ltd.)
SRV - (clr_optimization_v2.0.50727_32) -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe (Microsoft Corporation)
 
 
========== Driver Services (SafeList) ==========
 
DRV:64bit: - (avkmgr) -- C:\Windows\SysNative\drivers\avkmgr.sys (Avira GmbH)
DRV:64bit: - (avipbb) -- C:\Windows\SysNative\drivers\avipbb.sys (Avira GmbH)
DRV:64bit: - (avgntflt) -- C:\Windows\SysNative\drivers\avgntflt.sys (Avira GmbH)
DRV:64bit: - (amdsata) -- C:\Windows\SysNative\drivers\amdsata.sys (Advanced Micro Devices)
DRV:64bit: - (amdxata) -- C:\Windows\SysNative\drivers\amdxata.sys (Advanced Micro Devices)
DRV:64bit: - (Point64) -- C:\Windows\SysNative\drivers\point64.sys (Microsoft Corporation)
DRV:64bit: - (amdkmdag) -- C:\Windows\SysNative\drivers\atikmdag.sys (ATI Technologies Inc.)
DRV:64bit: - (amdkmdap) -- C:\Windows\SysNative\drivers\atikmpag.sys (Advanced Micro Devices, Inc.)
DRV:64bit: - (intelkmd) -- C:\Windows\SysNative\drivers\igdpmd64.sys (Intel Corporation)
DRV:64bit: - (Impcd) -- C:\Windows\SysNative\drivers\Impcd.sys (Intel Corporation)
DRV:64bit: - (hamachi) -- C:\Windows\SysNative\drivers\hamachi.sys (LogMeIn, Inc.)
DRV:64bit: - (BTMUSB) -- C:\Windows\SysNative\drivers\btmusb.sys (Motorola, Inc.)
DRV:64bit: - (ETD) -- C:\Windows\SysNative\drivers\ETD.sys (ELAN Microelectronic Corp.)
DRV:64bit: - (BTMHID) -- C:\Windows\SysNative\drivers\btmhid.sys (Motorola, Inc.)
DRV:64bit: - (NETw5s64) Intel(R) -- C:\Windows\SysNative\drivers\NETw5s64.sys (Intel Corporation)
DRV:64bit: - (IntcDAud) Intel(R) -- C:\Windows\SysNative\drivers\IntcDAud.sys (Intel(R) Corporation)
DRV:64bit: - (BTMCOM) -- C:\Windows\SysNative\drivers\btmcom.sys (Motorola, Inc.)
DRV:64bit: - (RTHDMIAzAudService) -- C:\Windows\SysNative\drivers\RtHDMIVX.sys (Realtek Semiconductor Corp.)
DRV:64bit: - (iaStor) -- C:\Windows\SysNative\drivers\iaStor.sys (Intel Corporation)
DRV:64bit: - (HECIx64) Intel(R) -- C:\Windows\SysNative\drivers\HECIx64.sys (Intel Corporation)
DRV:64bit: - (RSUSBSTOR) -- C:\Windows\SysNative\drivers\RtsUStor.sys (Realtek Semiconductor Corp.)
DRV:64bit: - (RTL8167) -- C:\Windows\SysNative\drivers\Rt64win7.sys (Realtek                                            )
DRV:64bit: - (TurboB) -- C:\Windows\SysNative\drivers\TurboB.sys ()
DRV:64bit: - (amdsbs) -- C:\Windows\SysNative\drivers\amdsbs.sys (AMD Technologies Inc.)
DRV:64bit: - (LSI_SAS2) -- C:\Windows\SysNative\drivers\lsi_sas2.sys (LSI Corporation)
DRV:64bit: - (HpSAMD) -- C:\Windows\SysNative\drivers\HpSAMD.sys (Hewlett-Packard Company)
DRV:64bit: - (stexstor) -- C:\Windows\SysNative\drivers\stexstor.sys (Promise Technology)
DRV:64bit: - (sdbus) -- C:\Windows\SysNative\drivers\sdbus.sys (Microsoft Corporation)
DRV:64bit: - (smserial) -- C:\Windows\SysNative\drivers\SmSerl64.sys (Motorola Inc.)
DRV:64bit: - (ebdrv) -- C:\Windows\SysNative\drivers\evbda.sys (Broadcom Corporation)
DRV:64bit: - (b06bdrv) -- C:\Windows\SysNative\drivers\bxvbda.sys (Broadcom Corporation)
DRV:64bit: - (b57nd60a) -- C:\Windows\SysNative\drivers\b57nd60a.sys (Broadcom Corporation)
DRV:64bit: - (hcw85cir) -- C:\Windows\SysNative\drivers\hcw85cir.sys (Hauppauge Computer Works, Inc.)
DRV:64bit: - (AgereSoftModem) -- C:\Windows\SysNative\drivers\agrsm64.sys (LSI Corporation)
DRV:64bit: - (ArcSoftKsUFilter) -- C:\Windows\SysNative\drivers\ArcSoftKsUFilter.sys (ArcSoft, Inc.)
DRV - (RSUSBSTOR) -- C:\Windows\SysWOW64\drivers\RtsUStor.sys (Realtek Semiconductor Corp.)
DRV - (WIMMount) -- C:\Windows\SysWOW64\drivers\wimmount.sys (Microsoft Corporation)
 
 
========== Standard Registry (SafeList) ==========
 
 
========== Internet Explorer ==========
 
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
 
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://msi.msn.com
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://msi.msn.com
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
 
========== FireFox ==========
 
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}:6.0.20
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA}:6.0.21
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA}:6.0.22
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA}:6.0.23
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA}:6.0.24
FF - prefs.js..extensions.enabledItems: support@predictad.com:1.11
FF - prefs.js..extensions.enabledItems: {23fcfd51-4958-4f00-80a3-ae97e717ed8b}:2.1.1.94
FF - prefs.js..extensions.enabledItems: {6904342A-8307-11DF-A508-4AE2DFD72085}:2.1.1.94
 
 
FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\windows\SysWOW64\Macromed\Flash\NPSWF32.dll ()
FF - HKLM\Software\MozillaPlugins\@divx.com/DivX Browser Plugin,version=1.0.0: D:\Programme\DivX\DivX Plus Web Player\npdivx32.dll (DivX, LLC)
FF - HKLM\Software\MozillaPlugins\@divx.com/DivX VOD Helper,version=1.0.0: D:\Programme\DivX\DivX OVS Helper\npovshelper.dll (DivX, LLC.)
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files (x86)\Java\jre6\bin\new_plugin\npjp2.dll (Sun Microsystems, Inc.)
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files (x86)\Microsoft Silverlight\4.0.60831.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@veetle.com/veetleCorePlugin,version=0.9.18: C:\Program Files (x86)\Veetle\plugins\npVeetle.dll (Veetle Inc)
FF - HKLM\Software\MozillaPlugins\@veetle.com/veetlePlayerPlugin,version=0.9.18: C:\Program Files (x86)\Veetle\Player\npvlc.dll (Veetle Inc)
FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files (x86)\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
 
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{23fcfd51-4958-4f00-80a3-ae97e717ed8b}: D:\Programme\DivX\DivX Plus Web Player\firefox\html5video
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{6904342A-8307-11DF-A508-4AE2DFD72085}: D:\Programme\DivX\DivX Plus Web Player\firefox\wpa
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 9.0.1\extensions\\Components: C:\Program Files (x86)\components [2012/01/17 11:26:13 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 9.0.1\extensions\\Plugins: C:\Program Files (x86)\plugins [2011/09/20 17:13:50 | 000,000,000 | ---D | M]
 
[2010/08/26 16:07:09 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Stefan\AppData\Roaming\mozilla\Extensions
[2011/09/13 20:33:01 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Stefan\AppData\Roaming\mozilla\Firefox\Profiles\otw7mp5f.default\extensions
[2011/06/01 18:24:12 | 000,000,000 | ---D | M] ("DVDVideoSoft Menu") -- C:\Users\Stefan\AppData\Roaming\mozilla\Firefox\Profiles\otw7mp5f.default\extensions\{ACAA314B-EEBA-48e4-AD47-84E31C44796C}
[2011/04/06 18:00:55 | 000,000,000 | ---D | M] ("AutocompletePro - Your handy search suggestions tool") -- C:\Users\Stefan\AppData\Roaming\mozilla\Firefox\Profiles\otw7mp5f.default\extensions\support@predictad.com
() (No name found) -- C:\USERS\STEFAN\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\OTW7MP5F.DEFAULT\EXTENSIONS\{D10D0BF8-F5B5-C8B4-A8B2-2B9879E08C5D}.XPI
() (No name found) -- C:\USERS\STEFAN\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\OTW7MP5F.DEFAULT\EXTENSIONS\ELEMHIDEHELPER@ADBLOCKPLUS.ORG.XPI
() (No name found) -- C:\USERS\STEFAN\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\OTW7MP5F.DEFAULT\EXTENSIONS\GMAILADSREMOVER@FLORIAN.BERSIER.XPI
 
O1 HOSTS File: ([2009/06/10 22:00:26 | 000,000,824 | ---- | M]) - C:\Windows\SysNative\drivers\etc\hosts
O2 - BHO: (AC-Pro) - {0FB6A909-6086-458F-BD92-1F8EE10042A0} - C:\Program Files (x86)\AutocompletePro\AutocompletePro.dll (SimplyGen)
O2 - BHO: (DivX Plus Web Player HTML5 <video>) - {326E768D-4182-46FD-9C16-1449A49795F4} - D:\Programme\DivX\DivX Plus Web Player\npdivx32.dll (DivX, LLC)
O2 - BHO: (DivX HiQ) - {593DDEC6-7468-4cdd-90E1-42DADAA222E9} - D:\Programme\DivX\DivX Plus Web Player\npdivx32.dll (DivX, LLC)
O3:64bit: - HKLM\..\Toolbar: (no name) - Locked - No CLSID value found.
O3 - HKLM\..\Toolbar: (no name) - Locked - No CLSID value found.
O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {21FA44EF-376D-4D53-9B0F-8A89D3229068} - No CLSID value found.
O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {D4027C7F-154A-4066-A1AD-4243D8127440} - No CLSID value found.
O4:64bit: - HKLM..\Run: [ETDWare] C:\Program Files\Elantech\ETDCtrl.exe (ELAN Microelectronic Corp.)
O4:64bit: - HKLM..\Run: [HotKeysCmds] C:\Windows\SysNative\hkcmd.exe (Intel Corporation)
O4:64bit: - HKLM..\Run: [IAAnotif] C:\Program Files (x86)\Intel\Intel Matrix Storage Manager\IAAnotif.exe (Intel Corporation)
O4:64bit: - HKLM..\Run: [IgfxTray] C:\Windows\SysNative\igfxtray.exe (Intel Corporation)
O4:64bit: - HKLM..\Run: [IntelliPoint] c:\Program Files\Microsoft IntelliPoint\ipoint.exe (Microsoft Corporation)
O4:64bit: - HKLM..\Run: [Persistence] C:\Windows\SysNative\igfxpers.exe (Intel Corporation)
O4:64bit: - HKLM..\Run: [RtHDVCpl] C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe (Realtek Semiconductor)
O4 - HKLM..\Run: [avgnt] C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe (Avira Operations GmbH & Co. KG)
O4 - HKLM..\Run: [MGSysCtrl] C:\Program Files (x86)\System Control Manager\MGSysCtrl.exe (Micro-Star International Co., Ltd.)
O4 - HKLM..\Run: [StartCCC] C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe (Advanced Micro Devices, Inc.)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktop = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktopChanges = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
O8:64bit: - Extra context menu item: Free YouTube Download - C:\Users\Stefan\AppData\Roaming\DVDVideoSoftIEHelpers\freeyoutubedownload.htm ()
O8:64bit: - Extra context menu item: Free YouTube to MP3 Converter - C:\Users\Stefan\AppData\Roaming\DVDVideoSoftIEHelpers\freeyoutubetomp3converter.htm ()
O8 - Extra context menu item: Free YouTube Download - C:\Users\Stefan\AppData\Roaming\DVDVideoSoftIEHelpers\freeyoutubedownload.htm ()
O8 - Extra context menu item: Free YouTube to MP3 Converter - C:\Users\Stefan\AppData\Roaming\DVDVideoSoftIEHelpers\freeyoutubetomp3converter.htm ()
O1364bit: - gopher Prefix: missing
O13 - gopher Prefix: missing
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_26-windows-i586.cab (Java Plug-in 1.6.0_26)
O16 - DPF: {C345E174-3E87-4F41-A01C-B066A90A49B4} hxxp://trial.trymicrosoftoffice.com/trialoaa/buymsoffice_assets/framework/microsoft/wrc32.ocx (WRC Class)
O16 - DPF: {CAFEEFAC-0016-0000-0026-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_26-windows-i586.cab (Java Plug-in 1.6.0_26)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_26-windows-i586.cab (Java Plug-in 1.6.0_26)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{D96F9474-9768-4EC4-B81B-89ECBBC610DE}: DhcpNameServer = 192.168.0.1
O18:64bit: - Protocol\Handler\grooveLocalGWS - No CLSID value found
O18:64bit: - Protocol\Handler\ms-help - No CLSID value found
O18:64bit: - Protocol\Handler\ms-itss - No CLSID value found
O18:64bit: - Protocol\Filter\text/xml {807563E5-5146-11D5-A672-00B0D022E945} - C:\PROGRA~1\COMMON~1\MICROS~1\OFFICE12\MSOXMLMF.DLL (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: Shell - (explorer.exe) - C:\windows\explorer.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysNative\userinit.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: VMApplet - (SystemPropertiesPerformance.exe) - C:\windows\SysNative\SystemPropertiesPerformance.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: VMApplet - (/pagefile) -  File not found
O20 - HKLM Winlogon: Shell - (explorer.exe) -C:\windows\SysWow64\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (userinit.exe) -C:\windows\SysWow64\userinit.exe (Microsoft Corporation)
O20 - HKLM Winlogon: VMApplet - (/pagefile) - File not found
O20:64bit: - Winlogon\Notify\igfxcui: DllName - (igfxdev.dll) - C:\windows\SysNative\igfxdev.dll (Intel Corporation)
O21:64bit: - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O32 - HKLM CDRom: AutoRun - 1
O33 - MountPoints2\{d7eb6a15-2365-11e1-848f-93f71d7ce6ba}\Shell - "" = AutoRun
O33 - MountPoints2\{d7eb6a15-2365-11e1-848f-93f71d7ce6ba}\Shell\AutoRun\command - "" = F:\LaunchU3.exe
O34 - HKLM BootExecute: (autocheck autochk *)
O35:64bit: - HKLM\..comfile [open] -- "%1" %*
O35:64bit: - HKLM\..exefile [open] -- "%1" %*
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37:64bit: - HKLM\...com [@ = comfile] -- "%1" %*
O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
 
ActiveX:64bit: {22d6f312-b0f6-11d0-94ab-0080c74c7e95} - Microsoft Windows Media Player 12.0
ActiveX:64bit: {2C7339CF-2B09-4501-B3F3-F3508C9228ED} - %SystemRoot%\system32\regsvr32.exe /s /n /i:/UserInstall %SystemRoot%\system32\themeui.dll
ActiveX:64bit: {3af36230-a269-11d1-b5bf-0000f8051515} - Offline Browsing Pack
ActiveX:64bit: {44BBA840-CC51-11CF-AAFA-00AA00B6015C} - "%ProgramFiles%\Windows Mail\WinMail.exe" OCInstallUserConfigOE
ActiveX:64bit: {44BBA855-CC51-11CF-AAFA-00AA00B6015F} - DirectDrawEx
ActiveX:64bit: {45ea75a0-a269-11d1-b5bf-0000f8051515} - Internet Explorer Help
ActiveX:64bit: {4f645220-306d-11d2-995d-00c04f98bbc9} - Microsoft Windows Script 5.6
ActiveX:64bit: {5fd399c0-a70a-11d1-9948-00c04f98bbc9} - Internet Explorer Setup Tools
ActiveX:64bit: {630b1da0-b465-11d1-9948-00c04f98bbc9} - Browsing Enhancements
ActiveX:64bit: {6BF52A52-394A-11d3-B153-00C04F79FAA6} - Microsoft Windows Media Player
ActiveX:64bit: {6fab99d0-bab8-11d1-994a-00c04f98bbc9} - MSN Site Access
ActiveX:64bit: {7790769C-0471-11d2-AF11-00C04FA35D02} - Address Book 7
ActiveX:64bit: {89820200-ECBD-11cf-8B85-00AA005B4340} - regsvr32.exe /s /n /i:U shell32.dll
ActiveX:64bit: {89820200-ECBD-11cf-8B85-00AA005B4383} - C:\Windows\System32\ie4uinit.exe -BaseSettings
ActiveX:64bit: {89B4C1CD-B018-4511-B0A1-5476DBF70820} - C:\Windows\system32\Rundll32.exe C:\Windows\system32\mscories.dll,Install
ActiveX:64bit: {9381D8F2-0288-11D0-9501-00AA00B911A5} - Dynamic HTML Data Binding
ActiveX:64bit: {C9E9A340-D1F1-11D0-821E-444553540600} - Internet Explorer Core Fonts
ActiveX:64bit: {de5aed00-a4bf-11d1-9948-00c04f98bbc9} - HTML Help
ActiveX:64bit: {E92B03AB-B707-11d2-9CBD-0000F87A369E} - Active Directory Service Interface
ActiveX:64bit: {F5B09CFD-F0B2-36AF-8DF4-1DF6B63FC7B4} - .NET Framework
ActiveX:64bit: {FEBEF00C-046D-438D-8A88-BF94A6C9E703} - .NET Framework
ActiveX:64bit: >{22d6f312-b0f6-11d0-94ab-0080c74c7e95} - %SystemRoot%\system32\unregmp2.exe /ShowWMP
ActiveX:64bit: >{26923b43-4d38-484f-9b9e-de460746276c} - C:\Windows\System32\ie4uinit.exe -UserIconConfig
ActiveX:64bit: >{60B49E34-C7CC-11D0-8953-00A0C90347FF} - "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\iedkcs32.dll",BrandIEActiveSetup SIGNUP
ActiveX: {08B0E5C0-4FCB-11CF-AAA5-00401C608500} - Java (Sun)
ActiveX: {22d6f312-b0f6-11d0-94ab-0080c74c7e95} - Microsoft Windows Media Player 12.0
ActiveX: {25FFAAD0-F4A3-4164-95FF-4461E9F35D51} - .NET Framework
ActiveX: {2C7339CF-2B09-4501-B3F3-F3508C9228ED} - %SystemRoot%\system32\regsvr32.exe /s /n /i:/UserInstall %SystemRoot%\system32\themeui.dll
ActiveX: {3af36230-a269-11d1-b5bf-0000f8051515} - Offline Browsing Pack
ActiveX: {44BBA840-CC51-11CF-AAFA-00AA00B6015C} - "%ProgramFiles(x86)%\Windows Mail\WinMail.exe" OCInstallUserConfigOE
ActiveX: {44BBA855-CC51-11CF-AAFA-00AA00B6015F} - DirectDrawEx
ActiveX: {45ea75a0-a269-11d1-b5bf-0000f8051515} - Internet Explorer Help
ActiveX: {4f645220-306d-11d2-995d-00c04f98bbc9} - Microsoft Windows Script 5.6
ActiveX: {5fd399c0-a70a-11d1-9948-00c04f98bbc9} - Internet Explorer Setup Tools
ActiveX: {630b1da0-b465-11d1-9948-00c04f98bbc9} - Browsing Enhancements
ActiveX: {6BF52A52-394A-11d3-B153-00C04F79FAA6} - Microsoft Windows Media Player
ActiveX: {6fab99d0-bab8-11d1-994a-00c04f98bbc9} - MSN Site Access
ActiveX: {7790769C-0471-11d2-AF11-00C04FA35D02} - Address Book 7
ActiveX: {7C028AF8-F614-47B3-82DA-BA94E41B1089} - .NET Framework
ActiveX: {89820200-ECBD-11cf-8B85-00AA005B4340} - regsvr32.exe /s /n /i:U shell32.dll
ActiveX: {89820200-ECBD-11cf-8B85-00AA005B4383} - C:\Windows\SysWOW64\ie4uinit.exe -BaseSettings
ActiveX: {89B4C1CD-B018-4511-B0A1-5476DBF70820} - C:\Windows\SysWOW64\Rundll32.exe C:\Windows\SysWOW64\mscories.dll,Install
ActiveX: {9381D8F2-0288-11D0-9501-00AA00B911A5} - Dynamic HTML Data Binding
ActiveX: {C9E9A340-D1F1-11D0-821E-444553540600} - Internet Explorer Core Fonts
ActiveX: {D27CDB6E-AE6D-11CF-96B8-444553540000} - Adobe Flash Player
ActiveX: {de5aed00-a4bf-11d1-9948-00c04f98bbc9} - HTML Help
ActiveX: {E92B03AB-B707-11d2-9CBD-0000F87A369E} - Active Directory Service Interface
ActiveX: {F5B09CFD-F0B2-36AF-8DF4-1DF6B63FC7B4} - .NET Framework
ActiveX: >{22d6f312-b0f6-11d0-94ab-0080c74c7e95} - %SystemRoot%\system32\unregmp2.exe /ShowWMP
ActiveX: >{26923b43-4d38-484f-9b9e-de460746276c} - C:\Windows\SysWOW64\ie4uinit.exe -UserIconConfig
ActiveX: >{60B49E34-C7CC-11D0-8953-00A0C90347FF} - "C:\Windows\SysWOW64\rundll32.exe" "C:\Windows\SysWOW64\iedkcs32.dll",BrandIEActiveSetup SIGNUP
 
 
MsConfig:64bit - StartUpFolder: C:^Users^Stefan^AppData^Roaming^Microsoft^Windows^Start Menu^Programs^Startup^Dropbox.lnk - C:\Users\Stefan\AppData\Roaming\Dropbox\bin\Dropbox.exe - (Dropbox, Inc.)
MsConfig:64bit - StartUpReg: Adobe ARM - hkey= - key= - C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe (Adobe Systems Incorporated)
MsConfig:64bit - StartUpReg: ArcSoft Connection Service - hkey= - key= - C:\Program Files (x86)\Common Files\ArcSoft\Connection Service\Bin\ACDaemon.exe (ArcSoft Inc.)
MsConfig:64bit - StartUpReg: BTMTrayAgent - hkey= - key= - C:\windows\SysNative\rundll32.exe (Microsoft Corporation)
MsConfig:64bit - StartUpReg: DivXUpdate - hkey= - key= - C:\Program Files (x86)\DivX\DivX Update\DivXUpdate.exe ()
MsConfig:64bit - StartUpReg: GrooveMonitor - hkey= - key= - C:\Program Files (x86)\Microsoft Office\Office12\GrooveMonitor.exe (Microsoft Corporation)
MsConfig:64bit - StartUpReg: SunJavaUpdateSched - hkey= - key= - C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe (Sun Microsystems, Inc.)
MsConfig:64bit - State: "startup" - Reg Error: Key error.
 
CREATERESTOREPOINT
Restore point Set: OTL Restore Point
 
========== Files/Folders - Created Within 30 Days ==========
 
[2012/01/17 11:54:30 | 000,000,000 | ---D | C] -- C:\Users\Stefan\Desktop\virus
[2012/01/17 11:50:22 | 000,000,000 | ---D | C] -- C:\Users\Stefan\AppData\Roaming\Avira
[2012/01/17 11:45:07 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Avira
[2012/01/17 11:44:46 | 000,130,760 | ---- | C] (Avira GmbH) -- C:\windows\SysNative\drivers\avipbb.sys
[2012/01/17 11:44:46 | 000,097,312 | ---- | C] (Avira GmbH) -- C:\windows\SysNative\drivers\avgntflt.sys
[2012/01/17 11:44:46 | 000,027,760 | ---- | C] (Avira GmbH) -- C:\windows\SysNative\drivers\avkmgr.sys
[2012/01/17 11:44:41 | 000,000,000 | ---D | C] -- C:\ProgramData\Avira
[2012/01/17 11:44:41 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Avira
[2012/01/17 11:30:05 | 000,000,000 | ---D | C] -- C:\ProgramData\Panda Security
[2012/01/17 11:30:01 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Panda USB Vaccine
[2012/01/17 11:30:01 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Panda Security
[2012/01/17 11:26:12 | 000,626,688 | ---- | C] (Microsoft Corporation) -- C:\Program Files (x86)\msvcr80.dll
[2012/01/17 11:26:12 | 000,548,864 | ---- | C] (Microsoft Corporation) -- C:\Program Files (x86)\msvcp80.dll
[2012/01/17 11:26:12 | 000,479,232 | ---- | C] (Microsoft Corporation) -- C:\Program Files (x86)\msvcm80.dll
[2012/01/17 11:26:12 | 000,043,992 | ---- | C] (Mozilla Foundation) -- C:\Program Files (x86)\mozutils.dll
[2012/01/17 11:26:12 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\searchplugins
[2012/01/17 11:26:12 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\hyphenation
[2012/01/17 11:26:12 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\extensions
[2012/01/17 11:26:12 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\defaults
[2012/01/17 11:26:12 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\components
[2012/01/15 15:17:51 | 000,000,000 | ---D | C] -- C:\Users\Stefan\AppData\Roaming\Malwarebytes
[2012/01/15 15:17:35 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes' Anti-Malware
[2012/01/15 15:17:31 | 000,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes
[2012/01/11 22:10:32 | 000,000,000 | ---D | C] -- C:\Users\Stefan\Desktop\graphpad
[2012/01/11 20:28:12 | 000,000,000 | ---D | C] -- C:\Users\Stefan\AppData\Roaming\GraphPad Software
[2012/01/11 20:28:12 | 000,000,000 | ---D | C] -- C:\ProgramData\GraphPad Software
[2012/01/09 11:08:46 | 000,000,000 | ---D | C] -- C:\Users\Stefan\Desktop\alte prüfungen
[2012/01/01 12:36:09 | 000,000,000 | -H-D | C] -- C:\windows\SysNative\CanonIJ Uninstaller Information
[2012/01/01 12:36:09 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Canon iP4800 series
[2011/07/14 14:08:31 | 002,106,216 | ---- | C] (Microsoft Corporation) -- C:\Program Files (x86)\D3DCompiler_43.dll
[2011/07/14 14:08:31 | 001,998,168 | ---- | C] (Microsoft Corporation) -- C:\Program Files (x86)\d3dx9_43.dll
[2011/05/15 12:59:56 | 000,814,040 | ---- | C] (sqlite.org) -- C:\Program Files (x86)\mozsqlite3.dll
[2011/05/15 12:59:56 | 000,486,360 | ---- | C] (Mozilla Foundation) -- C:\Program Files (x86)\libGLESv2.dll
[2011/05/15 12:59:56 | 000,097,240 | ---- | C] (Mozilla Foundation) -- C:\Program Files (x86)\libEGL.dll
[2011/05/15 12:59:56 | 000,015,832 | ---- | C] (Mozilla Foundation) -- C:\Program Files (x86)\mozalloc.dll
[2010/08/26 16:06:57 | 016,096,216 | ---- | C] (Mozilla Foundation) -- C:\Program Files (x86)\xul.dll
[2010/08/26 16:06:57 | 000,269,272 | ---- | C] (Mozilla Foundation) -- C:\Program Files (x86)\updater.exe
[2010/08/26 16:06:57 | 000,170,968 | ---- | C] (Mozilla Foundation) -- C:\Program Files (x86)\softokn3.dll
[2010/08/26 16:06:57 | 000,154,584 | ---- | C] (Mozilla Foundation) -- C:\Program Files (x86)\ssl3.dll
[2010/08/26 16:06:57 | 000,019,928 | ---- | C] (Mozilla Foundation) -- C:\Program Files (x86)\xpcom.dll
[2010/08/26 16:06:56 | 000,924,632 | ---- | C] (Mozilla Corporation) -- C:\Program Files (x86)\firefox.exe
[2010/08/26 16:06:56 | 000,719,832 | ---- | C] (Mozilla Foundation) -- C:\Program Files (x86)\mozcrt19.dll
[2010/08/26 16:06:56 | 000,719,832 | ---- | C] (Mozilla Foundation) -- C:\Program Files (x86)\mozcpp19.dll
[2010/08/26 16:06:56 | 000,646,104 | ---- | C] (Mozilla Foundation) -- C:\Program Files (x86)\nss3.dll
[2010/08/26 16:06:56 | 000,371,672 | ---- | C] (Mozilla Foundation) -- C:\Program Files (x86)\nssckbi.dll
[2010/08/26 16:06:56 | 000,269,272 | ---- | C] (Mozilla Foundation) -- C:\Program Files (x86)\freebl3.dll
[2010/08/26 16:06:56 | 000,187,352 | ---- | C] (Mozilla Foundation) -- C:\Program Files (x86)\nspr4.dll
[2010/08/26 16:06:56 | 000,125,912 | ---- | C] (Mozilla Foundation) -- C:\Program Files (x86)\crashreporter.exe
[2010/08/26 16:06:56 | 000,109,528 | ---- | C] (Mozilla Foundation) -- C:\Program Files (x86)\nssdbm3.dll
[2010/08/26 16:06:56 | 000,105,432 | ---- | C] (Mozilla Foundation) -- C:\Program Files (x86)\smime3.dll
[2010/08/26 16:06:56 | 000,105,432 | ---- | C] (Mozilla Foundation) -- C:\Program Files (x86)\nssutil3.dll
[2010/08/26 16:06:56 | 000,021,976 | ---- | C] (Mozilla Foundation) -- C:\Program Files (x86)\plc4.dll
[2010/08/26 16:06:56 | 000,020,440 | ---- | C] (Mozilla Foundation) -- C:\Program Files (x86)\plds4.dll
[2010/08/26 16:06:56 | 000,019,416 | ---- | C] (Mozilla Foundation) -- C:\Program Files (x86)\AccessibleMarshal.dll
[2010/08/26 16:06:56 | 000,016,856 | ---- | C] (Mozilla Corporation) -- C:\Program Files (x86)\plugin-container.exe
[2 C:\windows\*.tmp files -> C:\windows\*.tmp -> ]
[1 C:\Users\Stefan\Desktop\*.tmp files -> C:\Users\Stefan\Desktop\*.tmp -> ]
 
========== Files - Modified Within 30 Days ==========
 
[2012/01/17 17:58:14 | 001,521,018 | ---- | M] () -- C:\windows\SysNative\PerfStringBackup.INI
[2012/01/17 17:58:14 | 000,662,748 | ---- | M] () -- C:\windows\SysNative\perfh007.dat
[2012/01/17 17:58:14 | 000,623,288 | ---- | M] () -- C:\windows\SysNative\perfh009.dat
[2012/01/17 17:58:14 | 000,133,786 | ---- | M] () -- C:\windows\SysNative\perfc007.dat
[2012/01/17 17:58:14 | 000,109,410 | ---- | M] () -- C:\windows\SysNative\perfc009.dat
[2012/01/17 17:50:58 | 000,017,376 | -H-- | M] () -- C:\windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
[2012/01/17 17:50:58 | 000,017,376 | -H-- | M] () -- C:\windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
[2012/01/17 17:42:41 | 000,067,584 | --S- | M] () -- C:\windows\bootstat.dat
[2012/01/17 17:42:34 | 3055,693,824 | -HS- | M] () -- C:\hiberfil.sys
[2012/01/17 11:57:41 | 000,000,000 | ---- | M] () -- C:\Users\Stefan\defogger_reenable
[2012/01/17 11:45:07 | 000,001,964 | ---- | M] () -- C:\Users\Public\Desktop\Avira Control Center.lnk
[2012/01/17 11:26:49 | 000,000,928 | ---- | M] () -- C:\Users\Public\Desktop\Mozilla Firefox.lnk
[2011/12/21 08:42:29 | 000,000,478 | ---- | M] () -- C:\Program Files (x86)\softokn3.chk
[2011/12/21 08:42:29 | 000,000,478 | ---- | M] () -- C:\Program Files (x86)\nssdbm3.chk
[2011/12/21 08:42:28 | 002,124,760 | ---- | M] () -- C:\Program Files (x86)\mozjs.dll
[2011/12/21 08:42:28 | 000,814,040 | ---- | M] (sqlite.org) -- C:\Program Files (x86)\mozsqlite3.dll
[2011/12/21 08:42:28 | 000,000,478 | ---- | M] () -- C:\Program Files (x86)\freebl3.chk
[2011/12/21 06:09:19 | 005,642,801 | ---- | M] () -- C:\Program Files (x86)\omni.jar
[2011/12/21 06:09:19 | 000,002,723 | ---- | M] () -- C:\Program Files (x86)\precomplete
[2011/12/21 06:09:15 | 000,000,701 | ---- | M] () -- C:\Program Files (x86)\updater.ini
[2011/12/21 06:09:14 | 000,000,003 | ---- | M] () -- C:\Program Files (x86)\update.locale
[2011/12/21 06:08:51 | 000,004,284 | ---- | M] () -- C:\Program Files (x86)\crashreporter.ini
[2011/12/21 06:08:50 | 000,000,706 | ---- | M] () -- C:\Program Files (x86)\crashreporter-override.ini
[2011/12/21 05:29:43 | 000,011,263 | ---- | M] () -- C:\Program Files (x86)\blocklist.xml
[2011/12/21 05:29:42 | 000,002,153 | ---- | M] () -- C:\Program Files (x86)\application.ini
[2011/12/21 05:29:42 | 000,000,141 | ---- | M] () -- C:\Program Files (x86)\platform.ini
[2011/12/21 05:29:40 | 000,000,130 | ---- | M] () -- C:\Program Files (x86)\dependentlibs.list
[2011/12/21 03:54:19 | 000,034,427 | ---- | M] () -- C:\Program Files (x86)\removed-files
[2 C:\windows\*.tmp files -> C:\windows\*.tmp -> ]
[1 C:\Users\Stefan\Desktop\*.tmp files -> C:\Users\Stefan\Desktop\*.tmp -> ]
 
========== Files Created - No Company Name ==========
 
[2012/01/17 11:57:41 | 000,000,000 | ---- | C] () -- C:\Users\Stefan\defogger_reenable
[2012/01/17 11:45:06 | 000,001,964 | ---- | C] () -- C:\Users\Public\Desktop\Avira Control Center.lnk
[2012/01/15 18:40:55 | 002,124,760 | ---- | C] () -- C:\Program Files (x86)\mozjs.dll
[2011/07/14 14:08:31 | 000,002,723 | ---- | C] () -- C:\Program Files (x86)\precomplete
[2011/05/15 12:59:56 | 005,642,801 | ---- | C] () -- C:\Program Files (x86)\omni.jar
[2011/05/15 12:59:56 | 000,034,427 | ---- | C] () -- C:\Program Files (x86)\removed-files
[2011/04/15 08:27:58 | 000,870,560 | ---- | C] () -- C:\windows\SysWow64\igkrng575.bin
[2011/04/15 08:27:57 | 000,127,868 | ---- | C] () -- C:\windows\SysWow64\igcompkrng575.bin
[2011/04/15 08:27:57 | 000,104,636 | ---- | C] () -- C:\windows\SysWow64\igfcg575m.bin
[2011/04/15 08:27:55 | 000,002,110 | ---- | C] () -- C:\windows\SysWow64\atipblag.dat
[2011/03/31 18:28:25 | 001,540,624 | ---- | C] () -- C:\windows\SysWow64\PerfStringBackup.INI
[2011/03/31 18:26:48 | 000,001,024 | ---- | C] () -- C:\windows\SysWow64\grcauth2.dll
[2011/03/31 18:26:48 | 000,001,024 | ---- | C] () -- C:\windows\SysWow64\grcauth1.dll
[2011/03/31 18:26:48 | 000,000,100 | ---- | C] () -- C:\windows\SysWow64\prsgrc.dll
[2011/03/31 18:25:03 | 000,001,025 | ---- | C] () -- C:\windows\SysWow64\sysprs7.dll
[2011/03/31 18:25:03 | 000,000,205 | ---- | C] () -- C:\windows\SysWow64\lsprst7.dll
[2011/02/23 12:12:38 | 000,010,752 | ---- | C] () -- C:\Users\Stefan\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2010/11/20 01:35:52 | 000,007,603 | ---- | C] () -- C:\Users\Stefan\AppData\Local\Resmon.ResmonCfg
[2010/09/25 16:43:19 | 000,005,140 | ---- | C] () -- C:\Program Files (x86)\folders.cache
[2010/09/03 10:49:52 | 000,029,104 | ---- | C] () -- C:\windows\scunin.dat
[2010/08/26 16:06:58 | 000,000,701 | ---- | C] () -- C:\Program Files (x86)\updater.ini
[2010/08/26 16:06:58 | 000,000,003 | ---- | C] () -- C:\Program Files (x86)\update.locale
[2010/08/26 16:06:57 | 000,000,478 | ---- | C] () -- C:\Program Files (x86)\softokn3.chk
[2010/08/26 16:06:56 | 000,011,263 | ---- | C] () -- C:\Program Files (x86)\blocklist.xml
[2010/08/26 16:06:56 | 000,004,284 | ---- | C] () -- C:\Program Files (x86)\crashreporter.ini
[2010/08/26 16:06:56 | 000,002,153 | ---- | C] () -- C:\Program Files (x86)\application.ini
[2010/08/26 16:06:56 | 000,000,706 | ---- | C] () -- C:\Program Files (x86)\crashreporter-override.ini
[2010/08/26 16:06:56 | 000,000,478 | ---- | C] () -- C:\Program Files (x86)\nssdbm3.chk
[2010/08/26 16:06:56 | 000,000,478 | ---- | C] () -- C:\Program Files (x86)\freebl3.chk
[2010/08/26 16:06:56 | 000,000,141 | ---- | C] () -- C:\Program Files (x86)\platform.ini
[2010/08/26 16:06:56 | 000,000,130 | ---- | C] () -- C:\Program Files (x86)\dependentlibs.list
[2010/03/17 20:41:22 | 000,000,000 | ---- | C] () -- C:\windows\ativpsrm.bin
[2010/03/17 20:38:40 | 000,001,018 | ---- | C] () -- C:\windows\SysWow64\atipblup.dat
[2010/03/17 19:18:17 | 000,208,896 | ---- | C] () -- C:\windows\SysWow64\iglhsip32.dll
[2010/03/17 19:18:17 | 000,143,360 | ---- | C] () -- C:\windows\SysWow64\iglhcp32.dll
[2009/07/14 06:38:36 | 000,067,584 | --S- | C] () -- C:\windows\bootstat.dat
[2009/07/14 03:35:51 | 000,000,741 | ---- | C] () -- C:\windows\SysWow64\NOISE.DAT
[2009/07/14 03:34:42 | 000,215,943 | ---- | C] () -- C:\windows\SysWow64\dssec.dat
[2009/07/14 01:10:29 | 000,043,131 | ---- | C] () -- C:\windows\mib.bin
[2009/07/14 00:42:10 | 000,064,000 | ---- | C] () -- C:\windows\SysWow64\BWContextHandler.dll
[2009/07/13 22:03:59 | 000,364,544 | ---- | C] () -- C:\windows\SysWow64\msjetoledb40.dll
[2009/06/10 22:26:10 | 000,673,088 | ---- | C] () -- C:\windows\SysWow64\mlang.dat
 
========== LOP Check ==========
 
[2011/09/13 20:27:55 | 000,000,000 | ---D | M] -- C:\Users\Stefan\AppData\Roaming\Bandoo
[2011/07/19 11:42:31 | 000,000,000 | ---D | M] -- C:\Users\Stefan\AppData\Roaming\Dropbox
[2011/06/01 18:24:01 | 000,000,000 | ---D | M] -- C:\Users\Stefan\AppData\Roaming\DVDVideoSoft
[2011/06/01 18:24:12 | 000,000,000 | ---D | M] -- C:\Users\Stefan\AppData\Roaming\DVDVideoSoftIEHelpers
[2012/01/11 20:28:12 | 000,000,000 | ---D | M] -- C:\Users\Stefan\AppData\Roaming\GraphPad Software
[2011/04/06 18:00:51 | 000,000,000 | ---D | M] -- C:\Users\Stefan\AppData\Roaming\MediaProSoft Free Video to AVI MPEG Converter
[2011/08/01 13:55:21 | 000,000,000 | ---D | M] -- C:\Users\Stefan\AppData\Roaming\My Games
[2010/09/14 09:46:42 | 000,000,000 | ---D | M] -- C:\Users\Stefan\AppData\Roaming\OpenOffice.org
[2012/01/12 10:57:59 | 000,000,000 | ---D | M] -- C:\Users\Stefan\AppData\Roaming\Segment
[2011/06/30 13:54:35 | 000,000,000 | ---D | M] -- C:\Users\Stefan\AppData\Roaming\TS3Client
[2012/01/06 09:12:59 | 000,032,640 | ---- | M] () -- C:\windows\Tasks\SCHEDLGU.TXT
 
========== Purity Check ==========
 
 
 
========== Custom Scans ==========
 
 
< %SYSTEMDRIVE%\*. >
[2010/08/26 13:27:34 | 000,000,000 | -HSD | M] -- C:\$Recycle.Bin
[2010/02/03 14:52:40 | 000,000,000 | -HSD | M] -- C:\Boot
[2009/07/14 06:08:56 | 000,000,000 | -HSD | M] -- C:\Documents and Settings
[2010/09/15 21:29:45 | 000,000,000 | ---D | M] -- C:\fb850b3bbd8e18aa237f9d25
[2010/03/17 20:41:40 | 000,000,000 | ---D | M] -- C:\Intel
[2010/03/17 20:44:55 | 000,000,000 | RH-D | M] -- C:\MSOCache
[2009/07/14 04:20:08 | 000,000,000 | ---D | M] -- C:\PerfLogs
[2011/01/16 14:51:56 | 000,000,000 | R--D | M] -- C:\Program Files
[2012/01/17 11:44:41 | 000,000,000 | ---D | M] -- C:\Program Files (x86)
[2012/01/17 11:44:41 | 000,000,000 | -H-D | M] -- C:\ProgramData
[2012/01/17 18:11:40 | 000,000,000 | -HSD | M] -- C:\System Volume Information
[2010/10/18 19:31:54 | 000,000,000 | R--D | M] -- C:\Users
[2012/01/17 10:53:21 | 000,000,000 | ---D | M] -- C:\Windows
 
< %PROGRAMFILES%\*.exe >
[2011/12/21 08:42:28 | 000,125,912 | ---- | M] (Mozilla Foundation) -- C:\Program Files (x86)\crashreporter.exe
[2011/12/21 08:42:28 | 000,924,632 | ---- | M] (Mozilla Corporation) -- C:\Program Files (x86)\firefox.exe
[2011/12/21 08:42:29 | 000,016,856 | ---- | M] (Mozilla Corporation) -- C:\Program Files (x86)\plugin-container.exe
[2011/12/21 08:42:29 | 000,269,272 | ---- | M] (Mozilla Foundation) -- C:\Program Files (x86)\updater.exe
 
< %LOCALAPPDATA%\*.exe >
 
< %systemroot%\*. /mp /s >
 
< %systemroot%\system32\*.manifest /3 >
 
 
< MD5 for: AFD.SYS  >
[2011/04/25 03:44:02 | 000,499,712 | ---- | M] (Microsoft Corporation) MD5=6EF20DDF3172E97D69F596FB90602F29 -- C:\windows\SysNative\drivers\afd.sys
[2011/04/25 03:44:02 | 000,499,712 | ---- | M] (Microsoft Corporation) MD5=6EF20DDF3172E97D69F596FB90602F29 -- C:\Windows\winsxs\amd64_microsoft-windows-winsock-core_31bf3856ad364e35_6.1.7600.16802_none_3430bc3977dfec2d\afd.sys
[2009/07/14 00:21:42 | 000,500,224 | ---- | M] (Microsoft Corporation) MD5=B9384E03479D2506BC924C16A3DB87BC -- C:\Windows\winsxs\amd64_microsoft-windows-winsock-core_31bf3856ad364e35_6.1.7600.16385_none_33dd3439781e25f7\afd.sys
[2011/04/25 03:34:03 | 000,499,200 | ---- | M] (Microsoft Corporation) MD5=D5B031C308A409A0A576BFF4CF083D30 -- C:\Windows\winsxs\amd64_microsoft-windows-winsock-core_31bf3856ad364e35_6.1.7601.17603_none_3618198975057170\afd.sys
[2011/04/25 04:09:35 | 000,499,200 | ---- | M] (Microsoft Corporation) MD5=F4AD06143EAC303F55D0E86C40802976 -- C:\Windows\winsxs\amd64_microsoft-windows-winsock-core_31bf3856ad364e35_6.1.7601.21712_none_3695e61e8e2c13d4\afd.sys
[2011/04/25 03:44:27 | 000,499,712 | ---- | M] (Microsoft Corporation) MD5=FBFF8B7C9D116229E9208A0D1CAEB49B -- C:\Windows\winsxs\amd64_microsoft-windows-winsock-core_31bf3856ad364e35_6.1.7600.20951_none_3483491e9126fe55\afd.sys
 
< MD5 for: EXPLORER.EXE  >
[2010/03/18 00:49:16 | 002,613,248 | ---- | M] (Microsoft Corporation) MD5=00B0358734CAA32C39D181FE6916B178 -- C:\Windows\winsxs\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.20542_none_b8b0208ee0ce1889\explorer.exe
[2011/02/26 07:23:14 | 002,870,272 | ---- | M] (Microsoft Corporation) MD5=0862495E0C825893DB75EF44FAEA8E93 -- C:\Windows\explorer.exe
[2011/02/26 07:23:14 | 002,870,272 | ---- | M] (Microsoft Corporation) MD5=0862495E0C825893DB75EF44FAEA8E93 -- C:\Windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.16768_none_adc24107935a7e25\explorer.exe
[2011/02/26 06:19:21 | 002,616,320 | ---- | M] (Microsoft Corporation) MD5=0FB9C74046656D1579A64660AD67B746 -- C:\Windows\winsxs\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7601.21669_none_ba87e574ddfe652d\explorer.exe
[2009/07/14 02:14:20 | 002,613,248 | ---- | M] (Microsoft Corporation) MD5=15BC38A7492BEFE831966ADB477CF76F -- C:\Windows\winsxs\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.16385_none_b7fe430bc7ce3761\explorer.exe
[2011/02/26 06:51:13 | 002,614,784 | ---- | M] (Microsoft Corporation) MD5=255CF508D7CFB10E0794D6AC93280BD8 -- C:\Windows\winsxs\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.20910_none_b8ce9756e0b786a4\explorer.exe
[2009/10/31 06:45:39 | 002,614,272 | ---- | M] (Microsoft Corporation) MD5=2626FC9755BE22F805D3CFA0CE3EE727 -- C:\Windows\winsxs\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.16450_none_b819b343c7ba6202\explorer.exe
[2011/02/26 06:33:07 | 002,614,784 | ---- | M] (Microsoft Corporation) MD5=2AF58D15EDC06EC6FDACCE1F19482BBF -- C:\Windows\SysWOW64\explorer.exe
[2011/02/26 06:33:07 | 002,614,784 | ---- | M] (Microsoft Corporation) MD5=2AF58D15EDC06EC6FDACCE1F19482BBF -- C:\Windows\winsxs\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.16768_none_b816eb59c7bb4020\explorer.exe
[2011/02/25 07:19:30 | 002,871,808 | ---- | M] (Microsoft Corporation) MD5=332FEAB1435662FC6C672E25BEB37BE3 -- C:\Windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7601.17567_none_afa79dc39081d0ba\explorer.exe
[2011/02/26 07:14:34 | 002,871,808 | ---- | M] (Microsoft Corporation) MD5=3B69712041F3D63605529BD66DC00C48 -- C:\Windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7601.21669_none_b0333b22a99da332\explorer.exe
[2010/03/18 00:49:16 | 002,868,736 | ---- | M] (Microsoft Corporation) MD5=6D4F9E4B640B413C6F73414327484C80 -- C:\Windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.16434_none_addea9f19345cd81\explorer.exe
[2010/03/17 19:12:55 | 002,868,224 | ---- | M] (Microsoft Corporation) MD5=700073016DAC1C3D2E7E2CE4223334B6 -- C:\Windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.20500_none_ae84b558ac4eb41c\explorer.exe
[2011/02/25 06:30:54 | 002,616,320 | ---- | M] (Microsoft Corporation) MD5=8B88EBBB05A0E56B7DCC708498C02B3E -- C:\Windows\winsxs\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7601.17567_none_b9fc4815c4e292b5\explorer.exe
[2009/10/31 07:34:59 | 002,870,272 | ---- | M] (Microsoft Corporation) MD5=9AAAEC8DAC27AA17B053E6352AD233AE -- C:\Windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.16450_none_adc508f19359a007\explorer.exe
[2010/03/17 19:12:55 | 002,613,248 | ---- | M] (Microsoft Corporation) MD5=9FF6C4C91A3711C0A3B18F87B08B518D -- C:\Windows\winsxs\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.20500_none_b8d95faae0af7617\explorer.exe
[2009/10/31 07:38:38 | 002,870,272 | ---- | M] (Microsoft Corporation) MD5=B8EC4BD49CE8F6FC457721BFC210B67F -- C:\Windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.20563_none_ae46d6aeac7ca7c7\explorer.exe
[2010/03/17 19:12:55 | 002,613,248 | ---- | M] (Microsoft Corporation) MD5=B95EEB0F4E5EFBF1038A35B3351CF047 -- C:\Windows\winsxs\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.16404_none_b853c407c78e3ba9\explorer.exe
[2009/07/14 02:39:10 | 002,868,224 | ---- | M] (Microsoft Corporation) MD5=C235A51CB740E45FFA0EBFB9BAFCDA64 -- C:\Windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.16385_none_ada998b9936d7566\explorer.exe
[2009/10/31 07:00:51 | 002,614,272 | ---- | M] (Microsoft Corporation) MD5=C76153C7ECA00FA852BB0C193378F917 -- C:\Windows\winsxs\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.20563_none_b89b8100e0dd69c2\explorer.exe
[2010/03/18 00:49:16 | 002,868,736 | ---- | M] (Microsoft Corporation) MD5=CA17F8620815267DC838E30B68CB5052 -- C:\Windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.20542_none_ae5b763cac6d568e\explorer.exe
[2011/02/26 07:26:45 | 002,870,784 | ---- | M] (Microsoft Corporation) MD5=E38899074D4951D31B4040E994DD7C8D -- C:\Windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.20910_none_ae79ed04ac56c4a9\explorer.exe
[2010/03/17 19:12:55 | 002,868,224 | ---- | M] (Microsoft Corporation) MD5=F170B4A061C9E026437B193B4D571799 -- C:\Windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.16404_none_adff19b5932d79ae\explorer.exe
[2010/03/18 00:49:16 | 002,613,248 | ---- | M] (Microsoft Corporation) MD5=FC89FACA0473641CB625EDA9277D0885 -- C:\Windows\winsxs\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.16434_none_b8335443c7a68f7c\explorer.exe
 
< MD5 for: REGEDIT.EXE  >
[2009/07/14 02:39:29 | 000,427,008 | ---- | M] (Microsoft Corporation) MD5=2E2C937846A0B8789E5E91739284D17A -- C:\Windows\winsxs\amd64_microsoft-windows-registry-editor_31bf3856ad364e35_6.1.7600.16385_none_5023a70bf589ad3e\regedit.exe
[2009/07/14 02:39:29 | 000,427,008 | ---- | M] (Microsoft Corporation) MD5=8A4883F5E7AC37444F23279239553878 -- C:\Windows\regedit.exe
[2009/07/14 02:14:30 | 000,398,336 | ---- | M] (Microsoft Corporation) MD5=8A4883F5E7AC37444F23279239553878 -- C:\Windows\SysWOW64\regedit.exe
[2009/07/14 02:14:30 | 000,398,336 | ---- | M] (Microsoft Corporation) MD5=8A4883F5E7AC37444F23279239553878 -- C:\Windows\winsxs\wow64_microsoft-windows-registry-editor_31bf3856ad364e35_6.1.7600.16385_none_5a78515e29ea6f39\regedit.exe
 
< MD5 for: USERINIT.EXE  >
[2009/07/14 02:14:43 | 000,026,112 | ---- | M] (Microsoft Corporation) MD5=6DE80F60D7DE9CE6B8C2DDFDF79EF175 -- C:\Windows\SysWOW64\userinit.exe
[2009/07/14 02:14:43 | 000,026,112 | ---- | M] (Microsoft Corporation) MD5=6DE80F60D7DE9CE6B8C2DDFDF79EF175 -- C:\Windows\winsxs\x86_microsoft-windows-userinit_31bf3856ad364e35_6.1.7600.16385_none_dbff103933038d7c\userinit.exe
[2009/07/14 02:39:48 | 000,030,208 | ---- | M] (Microsoft Corporation) MD5=6F8F1376A13114CC10C0E69274F5A4DE -- C:\windows\SysNative\userinit.exe
[2009/07/14 02:39:48 | 000,030,208 | ---- | M] (Microsoft Corporation) MD5=6F8F1376A13114CC10C0E69274F5A4DE -- C:\Windows\winsxs\amd64_microsoft-windows-userinit_31bf3856ad364e35_6.1.7600.16385_none_381dabbceb60feb2\userinit.exe
 
< MD5 for: WININIT.EXE  >
[2009/07/14 02:39:52 | 000,129,024 | ---- | M] (Microsoft Corporation) MD5=94355C28C1970635A31B3FE52EB7CEBA -- C:\windows\SysNative\wininit.exe
[2009/07/14 02:39:52 | 000,129,024 | ---- | M] (Microsoft Corporation) MD5=94355C28C1970635A31B3FE52EB7CEBA -- C:\Windows\winsxs\amd64_microsoft-windows-wininit_31bf3856ad364e35_6.1.7600.16385_none_8ce7aa761e01ad49\wininit.exe
[2009/07/14 02:14:45 | 000,096,256 | ---- | M] (Microsoft Corporation) MD5=B5C5DCAD3899512020D135600129D665 -- C:\Windows\SysWOW64\wininit.exe
[2009/07/14 02:14:45 | 000,096,256 | ---- | M] (Microsoft Corporation) MD5=B5C5DCAD3899512020D135600129D665 -- C:\Windows\winsxs\x86_microsoft-windows-wininit_31bf3856ad364e35_6.1.7600.16385_none_30c90ef265a43c13\wininit.exe
 
< MD5 for: WINLOGON.EXE  >
[2009/07/14 02:39:52 | 000,389,120 | ---- | M] (Microsoft Corporation) MD5=132328DF455B0028F13BF0ABEE51A63A -- C:\Windows\winsxs\amd64_microsoft-windows-winlogon_31bf3856ad364e35_6.1.7600.16385_none_cbb7f2bdeea2829c\winlogon.exe
[2009/10/28 08:01:57 | 000,389,632 | ---- | M] (Microsoft Corporation) MD5=A93D41A4D4B0D91C072D11DD8AF266DE -- C:\Windows\winsxs\amd64_microsoft-windows-winlogon_31bf3856ad364e35_6.1.7600.20560_none_cc522fd507b468f8\winlogon.exe
[2009/10/28 07:24:40 | 000,389,632 | ---- | M] (Microsoft Corporation) MD5=DA3E2A6FA9660CC75B471530CE88453A -- C:\windows\SysNative\winlogon.exe
[2009/10/28 07:24:40 | 000,389,632 | ---- | M] (Microsoft Corporation) MD5=DA3E2A6FA9660CC75B471530CE88453A -- C:\Windows\winsxs\amd64_microsoft-windows-winlogon_31bf3856ad364e35_6.1.7600.16447_none_cbe534e7ee8042ad\winlogon.exe
 
< HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Session Manager\SubSystems|Windows /rs >
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Session Manager\SubSystems\\Required: DebugWindows [binary data]
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Session Manager\SubSystems\\Windows: %SystemRoot%\system32\csrss.exe ObjectDirectory=\Windows SharedSection=1024,20480,768 Windows=On SubSystemType=Windows ServerDll=basesrv,1 ServerDll=winsrv:UserServerDllInitialization,3 ServerDll=winsrv:ConServerDllInitialization,2 ServerDll=sxssrv,4 ProfileControl=Off MaxRequestThreads=16
 
< HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\WindowsUpdate\AU >
 
< HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\WindowsUpdate\Auto Update\Results\Install|LastSuccessTime /rs >

< End of report >
         
--- --- ---


Über jedwede hilfe würde ich mich sehr freuen, vielen dank im vorraus!

P.S.:Ich schreibe hier von einem mac aus und benutze zum transfer der logs immer meinen usb-stick, auf diesem hält sich auch nach dem löschen eine "autorun.inf", erstellt die ein (der) virus immer wieder neu, oder ist das normal? hab sie hier mal durchgecheckt: https://www.virustotal.com/file/e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855/analysis/ ... demnach war nichts auffällig, aber es wundert mich dass die datei immer wieder auftaucht. Avira blockt die datei regelmäßig, also nicht nur beim einstecken, so alle 5 min.

Nochmal vielen dank für jeden der hier seine zeit opfert!

Geändert von GutenTag (17.01.2012 um 19:05 Uhr)

Alt 18.01.2012, 20:39   #2
cosinus
/// Winkelfunktion
/// TB-Süch-Tiger™
 
Meldung: "Achtung! Aus Sicherheitsgründen wurde ihr Windowssystem gesperrt" - Standard

Meldung: "Achtung! Aus Sicherheitsgründen wurde ihr Windowssystem gesperrt"



Malwarebytes erstellt bei jedem Scanvorgang genau ein Log. Hast du in der Vergangenheit schonmal mit Malwarebytes gescannt?
Wenn ja dann stehen auch alle Logs zu jedem Scanvorgang im Reiter Logdateien. Bitte alle posten, die dort sichtbar sind.
__________________

__________________

Alt 18.01.2012, 21:04   #3
GutenTag
 
Meldung: "Achtung! Aus Sicherheitsgründen wurde ihr Windowssystem gesperrt" - Standard

Meldung: "Achtung! Aus Sicherheitsgründen wurde ihr Windowssystem gesperrt"



Hey, vielen Dank für deine Antwort, habe leider kein älteres log, habe das programm erst nach dem Auftreten meines Problems installiert. Aber folgendes ist zwischendurch passiert, was vielleicht weiterhilft:

Wie oben beschrieben musste ich ja auch firefox neu installieren, da ihm die von Malwarebytes gelöschte datei fehlte: C:\Program Files (x86)\mozjs.dll
Daraufhin habe ich firefox neu installiert (vom desktop pc über usb-stick), außerdem musste ich avira neu installieren (sowohl guard als auch update waren abgeschaltet), danach fuhr ich den rechner herunter, windows-updates wurden installiert. Beim windows-startbildschirm ging der rechner dann unvermittelt aus. Ein neuerlicher start führte zu einem ausführen von chkdsk, wo irgendwelche indexeinträge repariert wurden (sry, ich hab keine ahnung was da passiert ist). Danach folgte wiederum ein absturz. Auf ein Zurücksetzen des Systems folgte dann wieder ein scan mit malwarebyte, dem dann wieder das löschen der [C:\Program Files (x86)\mozjs.dll] folgte.

Soweit bin ich jetzt... hier das logfile von dem beschriebenen 2. scan:
Code:
ATTFilter
Malwarebytes Anti-Malware 1.60.0.1800
www.malwarebytes.org

Datenbank Version: v2012.01.18.04

Windows 7 x64 NTFS
Internet Explorer 8.0.7600.16385
Stefan :: STEFAN-MSI [Administrator]

18.01.2012 18:36:25
mbam-log-2012-01-18 (18-36-25).txt

Art des Suchlaufs: Vollständiger Suchlauf
Aktivierte Suchlaufeinstellungen: Speicher | Autostart | Registrierung | Dateisystem | Heuristiks/Extra | HeuristiKs/Shuriken | PUP | PUM
Deaktivierte Suchlaufeinstellungen: P2P
Durchsuchte Objekte: 482030
Laufzeit: 1 Stunde(n), 9 Minute(n), 31 Sekunde(n)

Infizierte Speicherprozesse: 0
(Keine bösartigen Objekte gefunden)

Infizierte Speichermodule: 0
(Keine bösartigen Objekte gefunden)

Infizierte Registrierungsschlüssel: 0
(Keine bösartigen Objekte gefunden)

Infizierte Registrierungswerte: 0
(Keine bösartigen Objekte gefunden)

Infizierte Dateiobjekte der Registrierung: 0
(Keine bösartigen Objekte gefunden)

Infizierte Verzeichnisse: 0
(Keine bösartigen Objekte gefunden)

Infizierte Dateien: 1
C:\Program Files (x86)\mozjs.dll (Spyware.OnlineGames) -> Erfolgreich gelöscht und in Quarantäne gestellt.

(Ende)
         
__________________

Alt 18.01.2012, 21:43   #4
cosinus
/// Winkelfunktion
/// TB-Süch-Tiger™
 
Meldung: "Achtung! Aus Sicherheitsgründen wurde ihr Windowssystem gesperrt" - Standard

Meldung: "Achtung! Aus Sicherheitsgründen wurde ihr Windowssystem gesperrt"



Führ bitte auch ESET aus, danach sehen wir weiter:


ESET Online Scanner

  • Hier findest du eine bebilderte Anleitung zu ESET Online Scanner
  • Lade und starte Eset Online Scanner
  • Setze einen Haken bei Ja, ich bin mit den Nutzungsbedingungen einverstanden und klicke auf Starten.
  • Aktiviere die "Erkennung von eventuell unerwünschten Anwendungen" und wähle folgende Einstellungen.
  • Klicke auf Starten.
  • Die Signaturen werden heruntergeladen, der Scan beginnt automatisch.
  • Klicke am Ende des Suchlaufs auf Fertig stellen.
  • Schließe das Fenster von ESET.
  • Explorer öffnen.
  • C:\Programme\Eset\EsetOnlineScanner\log.txt (bei 64 Bit auch C:\Programme (x86)\Eset\EsetOnlineScanner\log.txt) suchen und mit Deinem Editor öffnen (bebildert).
  • Logfile hier posten.
  • Deinstallation: Systemsteuerung => Software / Programme deinstallieren => Eset Online Scanner V3 entfernen.
  • Manuell folgenden Ordner löschen und Papierkorb leeren => C:\Programme\Eset

__________________
"Die Wahrheit ist normalerweise nur eine Entschuldigung für einen Mangel an Fantasie." (Elim Garak)

Das Trojaner-Board unterstützen
Warum Linux besser als Windows ist!

Alt 19.01.2012, 07:22   #5
GutenTag
 
Meldung: "Achtung! Aus Sicherheitsgründen wurde ihr Windowssystem gesperrt" - Standard

Meldung: "Achtung! Aus Sicherheitsgründen wurde ihr Windowssystem gesperrt"



Hallo, es hat knapp über 7 stunden gedauert, hier die log.txt

Code:
ATTFilter
ESETSmartInstaller@High as downloader log:
all ok
# version=7
# OnlineScannerApp.exe=1.0.0.1
# OnlineScanner.ocx=1.0.0.6583
# api_version=3.0.2
# EOSSerial=518da335e8713441aeae8aed4521da84
# end=finished
# remove_checked=false
# archives_checked=true
# unwanted_checked=true
# unsafe_checked=false
# antistealth_checked=true
# utc_time=2012-01-19 05:11:22
# local_time=2012-01-19 06:11:22 (+0100, Mitteleuropäische Zeit)
# country="Germany"
# lang=1033
# osver=6.1.7600 NT 
# compatibility_mode=1797 16775166 100 94 0 63460437 288476 0
# compatibility_mode=5893 16776573 100 94 5724 78553433 0 0
# compatibility_mode=8192 67108863 100 0 5938 5938 0 0
# scanned=379978
# found=1
# cleaned=0
# scan_time=26300
C:\Users\Stefan\AppData\Local\Temp\SetupDataMngr_Searchqu.exe	multiple threats (unable to clean)	00000000000000000000000000000000	I
         
Firewall ist wieder an. Avira inkl. guard lässt sich ja leider nicht wieder einschalten.


Alt 19.01.2012, 10:50   #6
cosinus
/// Winkelfunktion
/// TB-Süch-Tiger™
 
Meldung: "Achtung! Aus Sicherheitsgründen wurde ihr Windowssystem gesperrt" - Standard

Meldung: "Achtung! Aus Sicherheitsgründen wurde ihr Windowssystem gesperrt"



Mach bitte ein neues OTL-Log. Bitte alles nach Möglichkeit hier in CODE-Tags posten.

Wird so gemacht:

[code] hier steht das Log [/code]

Und das ganze sieht dann so aus:

Code:
ATTFilter
 hier steht das Log
         
CustomScan mit OTL

Falls noch nicht vorhanden, lade Dir bitte OTL von Oldtimer herunter und speichere es auf Deinem Desktop
  • Starte bitte die OTL.exe.
    Vista und Win7 User mit Rechtsklick "als Administrator starten"
  • Kopiere nun den kompletten Inhalt aus der untenstehenden Codebox in die Textbox von OTL - wenn OTL auf deutsch ist wird sie mit beschriftet
Code:
ATTFilter
netsvcs
msconfig
safebootminimal
safebootnetwork
activex
drivers32
%ALLUSERSPROFILE%\Application Data\*.
%ALLUSERSPROFILE%\Application Data\*.exe /s
%APPDATA%\*.
%APPDATA%\*.exe /s
%SYSTEMDRIVE%\*.exe
/md5start
wininit.exe
userinit.exe
eventlog.dll
scecli.dll
netlogon.dll
cngaudit.dll
ws2ifsl.sys
sceclt.dll
ntelogon.dll
winlogon.exe
logevent.dll
user32.DLL
iaStor.sys
nvstor.sys
atapi.sys
IdeChnDr.sys
viasraid.sys
AGP440.sys
vaxscsi.sys
nvatabus.sys
viamraid.sys
nvata.sys
nvgts.sys
iastorv.sys
ViPrt.sys
eNetHook.dll
ahcix86.sys
KR10N.sys
nvstor32.sys
ahcix86s.sys
/md5stop
%systemroot%\system32\drivers\*.sys /lockedfiles
%systemroot%\System32\config\*.sav
%systemroot%\*. /mp /s
%systemroot%\system32\*.dll /lockedfiles
CREATERESTOREPOINT
         
  • Schliesse bitte nun alle Programme. (Wichtig)
  • Klicke nun bitte auf den Quick Scan Button.
  • Klick auf .
  • Kopiere nun den Inhalt aus OTL.txt hier in Deinen Thread
__________________
--> Meldung: "Achtung! Aus Sicherheitsgründen wurde ihr Windowssystem gesperrt"

Alt 19.01.2012, 11:15   #7
GutenTag
 
Meldung: "Achtung! Aus Sicherheitsgründen wurde ihr Windowssystem gesperrt" - Standard

Meldung: "Achtung! Aus Sicherheitsgründen wurde ihr Windowssystem gesperrt"



Ich bin echt dankbar für deine Hilfe! Und da soll mal noch einer sagen die Menschen wären heute alle kalt und egoistisch^^.

Hier ist der Inhalt der OTL.txt:

Code:
ATTFilter
OTL logfile created on: 1/19/2012 10:57:26 AM - Run 1
OTL by OldTimer - Version 3.2.31.0     Folder = C:\Users\Stefan\Desktop
64bit- Home Premium Edition  (Version = 6.1.7600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.7600.16385)
Locale: 00000409 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
 
3.79 Gb Total Physical Memory | 2.18 Gb Available Physical Memory | 57.34% Memory free
7.59 Gb Paging File | 6.00 Gb Available in Paging File | 79.12% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 273.40 Gb Total Space | 175.49 Gb Free Space | 64.19% Space Free | Partition Type: NTFS
Drive D: | 180.26 Gb Total Space | 156.24 Gb Free Space | 86.67% Space Free | Partition Type: NTFS
Drive F: | 14.63 Gb Total Space | 10.91 Gb Free Space | 74.58% Space Free | Partition Type: FAT32
Drive G: | 931.28 Gb Total Space | 806.64 Gb Free Space | 86.62% Space Free | Partition Type: FAT32
 
Computer Name: STEFAN-MSI | User Name: Stefan | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Quick Scan | Include 64bit Scans
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days
 
========== Processes (SafeList) ==========
 
PRC - [2012/01/19 10:55:04 | 000,584,192 | ---- | M] (OldTimer Tools) -- C:\Users\Stefan\Desktop\OTL.exe
PRC - [2011/07/29 00:08:12 | 001,259,376 | ---- | M] () -- C:\Program Files (x86)\DivX\DivX Update\DivXUpdate.exe
PRC - [2011/06/06 11:55:28 | 000,064,952 | ---- | M] (Adobe Systems Incorporated) -- C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
PRC - [2011/04/28 20:10:07 | 000,136,360 | ---- | M] (Avira GmbH) -- C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe
PRC - [2010/11/04 09:23:43 | 000,281,768 | ---- | M] (Avira GmbH) -- c:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe
PRC - [2010/03/18 10:19:26 | 000,113,152 | ---- | M] (ArcSoft Inc.) -- C:\Program Files (x86)\Common Files\ArcSoft\Connection Service\Bin\ACService.exe
PRC - [2009/12/19 00:15:28 | 002,396,160 | ---- | M] (Micro-Star International Co., Ltd.) -- C:\Program Files (x86)\System Control Manager\MGSysCtrl.exe
PRC - [2009/11/04 06:45:46 | 002,320,920 | ---- | M] (Intel Corporation) -- C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe
PRC - [2009/11/04 06:45:44 | 000,268,824 | ---- | M] (Intel Corporation) -- C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe
PRC - [2009/10/13 10:25:54 | 000,186,904 | ---- | M] (Intel Corporation) -- C:\Program Files (x86)\Intel\Intel Matrix Storage Manager\IAAnotif.exe
PRC - [2009/10/13 10:25:30 | 000,354,840 | ---- | M] (Intel Corporation) -- C:\Program Files (x86)\Intel\Intel Matrix Storage Manager\IAANTmon.exe
PRC - [2009/07/09 23:54:42 | 000,160,768 | ---- | M] (Micro-Star International Co., Ltd.) -- C:\Program Files (x86)\System Control Manager\MSIService.exe
 
 
========== Modules (No Company Name) ==========
 
MOD - [2011/07/29 00:09:42 | 000,096,112 | ---- | M] () -- C:\Program Files (x86)\DivX\DivX Update\DivXUpdateCheck.dll
MOD - [2011/07/29 00:08:12 | 001,259,376 | ---- | M] () -- C:\Program Files (x86)\DivX\DivX Update\DivXUpdate.exe
 
 
========== Win32 Services (SafeList) ==========
 
SRV:64bit: - [2010/06/08 21:52:16 | 000,203,264 | ---- | M] (AMD) [Auto | Running] -- C:\Windows\SysNative\atiesrxx.exe -- (AMD External Events Utility)
SRV:64bit: - [2010/03/17 20:43:38 | 001,028,096 | ---- | M] (Macrovision Europe Ltd.) [On_Demand | Running] -- C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService64.exe -- (FLEXnet Licensing Service 64)
SRV:64bit: - [2010/01/26 01:19:54 | 001,029,896 | ---- | M] (Motorola, Inc.) [On_Demand | Stopped] -- C:\Program Files\Motorola\Bluetooth\audiosrv.exe -- (Bluetooth Media Service)
SRV:64bit: - [2010/01/25 21:08:50 | 004,154,120 | ---- | M] (Motorola, Inc.) [On_Demand | Running] -- C:\Program Files\Motorola\Bluetooth\devmgrsrv.exe -- (Bluetooth Device Manager)
SRV:64bit: - [2009/12/21 22:41:38 | 000,637,192 | ---- | M] (Motorola, Inc.) [Auto | Running] -- C:\Program Files\Motorola\Bluetooth\obexsrv.exe -- (Bluetooth OBEX Service)
SRV:64bit: - [2009/08/06 22:17:46 | 000,118,672 | ---- | M] (Intel(R) Corporation) [On_Demand | Stopped] -- C:\Program Files\Intel\TurboBoost\TurboBoost.exe -- (TurboBoost)
SRV:64bit: - [2009/07/14 02:41:27 | 001,011,712 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files\Windows Defender\mpsvc.dll -- (WinDefend)
SRV:64bit: - [2009/03/27 11:10:16 | 000,016,896 | ---- | M] (LSI Corporation) [Auto | Running] -- C:\Program Files\LSI SoftModem\agr64svc.exe -- (AgereModemAudio)
SRV - [2011/06/29 07:06:07 | 000,269,480 | ---- | M] (Avira GmbH) [Auto | Stopped] -- C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe -- (AntiVirService)
SRV - [2011/06/06 11:55:28 | 000,064,952 | ---- | M] (Adobe Systems Incorporated) [Auto | Running] -- C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe -- (AdobeARMservice)
SRV - [2011/04/28 20:10:07 | 000,136,360 | ---- | M] (Avira GmbH) [Auto | Running] -- C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe -- (AntiVirSchedulerService)
SRV - [2010/03/18 13:16:28 | 000,130,384 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe -- (clr_optimization_v4.0.30319_32)
SRV - [2010/03/18 10:19:26 | 000,113,152 | ---- | M] (ArcSoft Inc.) [Auto | Running] -- C:\Program Files (x86)\Common Files\ArcSoft\Connection Service\Bin\ACService.exe -- (ACDaemon)
SRV - [2010/03/17 20:43:36 | 000,647,680 | ---- | M] (Macrovision Europe Ltd.) [On_Demand | Stopped] -- C:\Program Files (x86)\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe -- (FLEXnet Licensing Service)
SRV - [2009/11/04 06:45:46 | 002,320,920 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe -- (UNS) Intel(R)
SRV - [2009/11/04 06:45:44 | 000,268,824 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe -- (LMS) Intel(R)
SRV - [2009/10/13 10:25:30 | 000,354,840 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\Program Files (x86)\Intel\Intel Matrix Storage Manager\IAANTmon.exe -- (IAANTMON) Intel(R)
SRV - [2009/07/09 23:54:42 | 000,160,768 | ---- | M] (Micro-Star International Co., Ltd.) [Auto | Running] -- C:\Program Files (x86)\System Control Manager\MSIService.exe -- (Micro Star SCM)
SRV - [2009/06/10 22:23:09 | 000,066,384 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe -- (clr_optimization_v2.0.50727_32)
 
 
========== Driver Services (SafeList) ==========
 
DRV:64bit: - [2011/06/29 07:06:07 | 000,123,784 | ---- | M] (Avira GmbH) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\avipbb.sys -- (avipbb)
DRV:64bit: - [2011/06/29 07:06:07 | 000,088,288 | ---- | M] (Avira GmbH) [File_System | Auto | Running] -- C:\Windows\SysNative\drivers\avgntflt.sys -- (avgntflt)
DRV:64bit: - [2011/03/11 07:22:41 | 000,107,904 | ---- | M] (Advanced Micro Devices) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsata.sys -- (amdsata)
DRV:64bit: - [2011/03/11 07:22:40 | 000,027,008 | ---- | M] (Advanced Micro Devices) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\amdxata.sys -- (amdxata)
DRV:64bit: - [2010/07/21 16:58:50 | 000,045,456 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\point64.sys -- (Point64)
DRV:64bit: - [2010/06/09 00:54:18 | 006,790,656 | ---- | M] (ATI Technologies Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\atikmdag.sys -- (amdkmdag)
DRV:64bit: - [2010/06/08 21:19:36 | 000,221,184 | ---- | M] (Advanced Micro Devices, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\atikmpag.sys -- (amdkmdap)
DRV:64bit: - [2010/06/08 21:10:46 | 010,322,848 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\igdpmd64.sys -- (intelkmd)
DRV:64bit: - [2010/02/10 08:01:58 | 000,158,720 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\Impcd.sys -- (Impcd)
DRV:64bit: - [2010/02/03 14:56:56 | 000,033,856 | -H-- | M] (LogMeIn, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\hamachi.sys -- (hamachi)
DRV:64bit: - [2010/01/27 00:53:48 | 000,461,312 | ---- | M] (Motorola, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\btmusb.sys -- (BTMUSB)
DRV:64bit: - [2010/01/18 13:37:56 | 000,128,512 | ---- | M] (ELAN Microelectronic Corp.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\ETD.sys -- (ETD)
DRV:64bit: - [2010/01/14 00:44:58 | 000,034,048 | ---- | M] (Motorola, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\btmhid.sys -- (BTMHID)
DRV:64bit: - [2010/01/13 01:37:18 | 007,675,392 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\NETw5s64.sys -- (NETw5s64) Intel(R)
DRV:64bit: - [2010/01/07 20:51:38 | 000,271,872 | ---- | M] (Intel(R) Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\IntcDAud.sys -- (IntcDAud) Intel(R)
DRV:64bit: - [2009/12/14 20:08:00 | 000,051,200 | ---- | M] (Motorola, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\btmcom.sys -- (BTMCOM)
DRV:64bit: - [2009/12/02 08:01:24 | 000,213,280 | ---- | M] (Realtek Semiconductor Corp.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\RtHDMIVX.sys -- (RTHDMIAzAudService)
DRV:64bit: - [2009/10/13 10:16:40 | 000,409,624 | ---- | M] (Intel Corporation) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\iaStor.sys -- (iaStor)
DRV:64bit: - [2009/09/17 05:54:54 | 000,056,344 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\HECIx64.sys -- (HECIx64) Intel(R)
DRV:64bit: - [2009/09/02 02:58:08 | 000,225,280 | ---- | M] (Realtek Semiconductor Corp.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\RtsUStor.sys -- (RSUSBSTOR)
DRV:64bit: - [2009/08/20 17:05:06 | 000,239,616 | ---- | M] (Realtek                                            ) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\Rt64win7.sys -- (RTL8167)
DRV:64bit: - [2009/08/06 22:17:34 | 000,013,784 | ---- | M] () [Kernel | Auto | Running] -- C:\Windows\SysNative\drivers\TurboB.sys -- (TurboB)
DRV:64bit: - [2009/07/14 02:52:20 | 000,194,128 | ---- | M] (AMD Technologies Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsbs.sys -- (amdsbs)
DRV:64bit: - [2009/07/14 02:48:04 | 000,065,600 | ---- | M] (LSI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\lsi_sas2.sys -- (LSI_SAS2)
DRV:64bit: - [2009/07/14 02:47:48 | 000,077,888 | ---- | M] (Hewlett-Packard Company) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\HpSAMD.sys -- (HpSAMD)
DRV:64bit: - [2009/07/14 02:45:55 | 000,024,656 | ---- | M] (Promise Technology) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\stexstor.sys -- (stexstor)
DRV:64bit: - [2009/07/14 00:31:10 | 000,109,056 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\sdbus.sys -- (sdbus)
DRV:64bit: - [2009/06/10 22:01:14 | 001,227,776 | ---- | M] (Motorola Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\SmSerl64.sys -- (smserial)
DRV:64bit: - [2009/06/10 21:34:33 | 003,286,016 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\evbda.sys -- (ebdrv)
DRV:64bit: - [2009/06/10 21:34:28 | 000,468,480 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\bxvbda.sys -- (b06bdrv)
DRV:64bit: - [2009/06/10 21:34:23 | 000,270,848 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\b57nd60a.sys -- (b57nd60a)
DRV:64bit: - [2009/06/10 21:31:59 | 000,031,232 | ---- | M] (Hauppauge Computer Works, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\hcw85cir.sys -- (hcw85cir)
DRV:64bit: - [2009/06/09 04:34:08 | 001,208,320 | ---- | M] (LSI Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\agrsm64.sys -- (AgereSoftModem)
DRV:64bit: - [2009/05/26 22:32:04 | 000,019,968 | ---- | M] (ArcSoft, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\ArcSoftKsUFilter.sys -- (ArcSoftKsUFilter)
DRV - [2009/09/02 02:58:08 | 000,225,280 | ---- | M] (Realtek Semiconductor Corp.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysWOW64\drivers\RtsUStor.sys -- (RSUSBSTOR)
DRV - [2009/07/14 02:19:10 | 000,019,008 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Stopped] -- C:\Windows\SysWOW64\drivers\wimmount.sys -- (WIMMount)
 
 
========== Standard Registry (SafeList) ==========
 
 
========== Internet Explorer ==========
 
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
 
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://msi.msn.com
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://msi.msn.com
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
 
========== FireFox ==========
 
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}:6.0.20
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA}:6.0.21
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA}:6.0.22
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA}:6.0.23
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA}:6.0.24
FF - prefs.js..extensions.enabledItems: support@predictad.com:1.11
FF - prefs.js..extensions.enabledItems: {23fcfd51-4958-4f00-80a3-ae97e717ed8b}:2.1.1.94
FF - prefs.js..extensions.enabledItems: {6904342A-8307-11DF-A508-4AE2DFD72085}:2.1.1.94
 
 
FF:64bit: - HKLM\Software\MozillaPlugins\@divx.com/DivX VOD Helper,version=1.0.0: C:\Program Files\DivX\DivX OVS Helper\npovshelper.dll (DivX, LLC.)
FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\windows\SysWOW64\Macromed\Flash\NPSWF32.dll ()
FF - HKLM\Software\MozillaPlugins\@divx.com/DivX Browser Plugin,version=1.0.0: D:\Programme\DivX\DivX Plus Web Player\npdivx32.dll (DivX, LLC)
FF - HKLM\Software\MozillaPlugins\@divx.com/DivX VOD Helper,version=1.0.0: D:\Programme\DivX\DivX OVS Helper\npovshelper.dll (DivX, LLC.)
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files (x86)\Java\jre6\bin\new_plugin\npjp2.dll (Sun Microsystems, Inc.)
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files (x86)\Microsoft Silverlight\4.0.60831.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@veetle.com/veetleCorePlugin,version=0.9.18: C:\Program Files (x86)\Veetle\plugins\npVeetle.dll (Veetle Inc)
FF - HKLM\Software\MozillaPlugins\@veetle.com/veetlePlayerPlugin,version=0.9.18: C:\Program Files (x86)\Veetle\Player\npvlc.dll (Veetle Inc)
FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files (x86)\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
 
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{23fcfd51-4958-4f00-80a3-ae97e717ed8b}: D:\Programme\DivX\DivX Plus Web Player\firefox\DivXHTML5 [2012/01/15 21:09:06 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 9.0.1\extensions\\Components: C:\Program Files (x86)\components [2012/01/18 22:12:01 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 9.0.1\extensions\\Plugins: C:\Program Files (x86)\plugins [2011/09/20 17:13:50 | 000,000,000 | ---D | M]
 
[2010/08/26 16:07:09 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Stefan\AppData\Roaming\mozilla\Extensions
[2012/01/15 18:53:27 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Stefan\AppData\Roaming\mozilla\Firefox\Profiles\otw7mp5f.default\extensions
[2011/06/01 18:24:12 | 000,000,000 | ---D | M] ("DVDVideoSoft Menu") -- C:\Users\Stefan\AppData\Roaming\mozilla\Firefox\Profiles\otw7mp5f.default\extensions\{ACAA314B-EEBA-48e4-AD47-84E31C44796C}
[2011/04/06 18:00:55 | 000,000,000 | ---D | M] ("AutocompletePro - Your handy search suggestions tool") -- C:\Users\Stefan\AppData\Roaming\mozilla\Firefox\Profiles\otw7mp5f.default\extensions\support@predictad.com
() (No name found) -- C:\USERS\STEFAN\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\OTW7MP5F.DEFAULT\EXTENSIONS\{D10D0BF8-F5B5-C8B4-A8B2-2B9879E08C5D}.XPI
() (No name found) -- C:\USERS\STEFAN\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\OTW7MP5F.DEFAULT\EXTENSIONS\ELEMHIDEHELPER@ADBLOCKPLUS.ORG.XPI
() (No name found) -- C:\USERS\STEFAN\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\OTW7MP5F.DEFAULT\EXTENSIONS\GMAILADSREMOVER@FLORIAN.BERSIER.XPI
 
O1 HOSTS File: ([2009/06/10 22:00:26 | 000,000,824 | ---- | M]) - C:\Windows\SysNative\drivers\etc\hosts
O2 - BHO: (AC-Pro) - {0FB6A909-6086-458F-BD92-1F8EE10042A0} - C:\Program Files (x86)\AutocompletePro\AutocompletePro.dll (SimplyGen)
O2 - BHO: (DivX Plus Web Player HTML5 <video>) - {326E768D-4182-46FD-9C16-1449A49795F4} - D:\Programme\DivX\DivX Plus Web Player\ie\DivXHTML5\DivXHTML5.dll (DivX, LLC)
O3:64bit: - HKLM\..\Toolbar: (no name) - Locked - No CLSID value found.
O3 - HKLM\..\Toolbar: (no name) - Locked - No CLSID value found.
O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {21FA44EF-376D-4D53-9B0F-8A89D3229068} - No CLSID value found.
O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {D4027C7F-154A-4066-A1AD-4243D8127440} - No CLSID value found.
O4:64bit: - HKLM..\Run: [ETDWare] C:\Program Files\Elantech\ETDCtrl.exe (ELAN Microelectronic Corp.)
O4:64bit: - HKLM..\Run: [HotKeysCmds] C:\Windows\SysNative\hkcmd.exe (Intel Corporation)
O4:64bit: - HKLM..\Run: [IAAnotif] C:\Program Files (x86)\Intel\Intel Matrix Storage Manager\IAAnotif.exe (Intel Corporation)
O4:64bit: - HKLM..\Run: [IgfxTray] C:\Windows\SysNative\igfxtray.exe (Intel Corporation)
O4:64bit: - HKLM..\Run: [IntelliPoint] c:\Program Files\Microsoft IntelliPoint\ipoint.exe (Microsoft Corporation)
O4:64bit: - HKLM..\Run: [Persistence] C:\Windows\SysNative\igfxpers.exe (Intel Corporation)
O4:64bit: - HKLM..\Run: [RtHDVCpl] C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe (Realtek Semiconductor)
O4 - HKLM..\Run: [avgnt] C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe (Avira GmbH)
O4 - HKLM..\Run: [DivXUpdate] C:\Program Files (x86)\DivX\DivX Update\DivXUpdate.exe ()
O4 - HKLM..\Run: [MGSysCtrl] C:\Program Files (x86)\System Control Manager\MGSysCtrl.exe (Micro-Star International Co., Ltd.)
O4 - HKLM..\Run: [StartCCC] C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe (Advanced Micro Devices, Inc.)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktop = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktopChanges = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
O8:64bit: - Extra context menu item: Free YouTube Download - C:\Users\Stefan\AppData\Roaming\DVDVideoSoftIEHelpers\freeyoutubedownload.htm ()
O8:64bit: - Extra context menu item: Free YouTube to MP3 Converter - C:\Users\Stefan\AppData\Roaming\DVDVideoSoftIEHelpers\freeyoutubetomp3converter.htm ()
O8 - Extra context menu item: Free YouTube Download - C:\Users\Stefan\AppData\Roaming\DVDVideoSoftIEHelpers\freeyoutubedownload.htm ()
O8 - Extra context menu item: Free YouTube to MP3 Converter - C:\Users\Stefan\AppData\Roaming\DVDVideoSoftIEHelpers\freeyoutubetomp3converter.htm ()
O1364bit: - gopher Prefix: missing
O13 - gopher Prefix: missing
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_26-windows-i586.cab (Java Plug-in 1.6.0_26)
O16 - DPF: {C345E174-3E87-4F41-A01C-B066A90A49B4} hxxp://trial.trymicrosoftoffice.com/trialoaa/buymsoffice_assets/framework/microsoft/wrc32.ocx (WRC Class)
O16 - DPF: {CAFEEFAC-0016-0000-0026-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_26-windows-i586.cab (Java Plug-in 1.6.0_26)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_26-windows-i586.cab (Java Plug-in 1.6.0_26)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.0.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{D96F9474-9768-4EC4-B81B-89ECBBC610DE}: DhcpNameServer = 192.168.0.1
O18:64bit: - Protocol\Handler\grooveLocalGWS - No CLSID value found
O18:64bit: - Protocol\Handler\ms-help - No CLSID value found
O18:64bit: - Protocol\Handler\ms-itss - No CLSID value found
O18:64bit: - Protocol\Filter\text/xml {807563E5-5146-11D5-A672-00B0D022E945} - C:\PROGRA~1\COMMON~1\MICROS~1\OFFICE12\MSOXMLMF.DLL (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: Shell - (explorer.exe) - C:\windows\explorer.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysNative\userinit.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: VMApplet - (SystemPropertiesPerformance.exe) - C:\windows\SysNative\SystemPropertiesPerformance.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: VMApplet - (/pagefile) -  File not found
O20 - HKLM Winlogon: Shell - (explorer.exe) -C:\windows\SysWow64\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (userinit.exe) -C:\windows\SysWow64\userinit.exe (Microsoft Corporation)
O20 - HKLM Winlogon: VMApplet - (/pagefile) - File not found
O20:64bit: - Winlogon\Notify\igfxcui: DllName - (igfxdev.dll) - C:\windows\SysNative\igfxdev.dll (Intel Corporation)
O21:64bit: - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2012/01/18 21:01:52 | 000,000,000 | ---- | M] () - F:\AUTORUN.INF -- [ FAT32 ]
O32 - AutoRun File - [2012/01/18 17:51:46 | 000,000,000 | ---- | M] () - G:\AUTORUN.INF -- [ FAT32 ]
O33 - MountPoints2\{d7eb6a15-2365-11e1-848f-93f71d7ce6ba}\Shell - "" = AutoRun
O33 - MountPoints2\{d7eb6a15-2365-11e1-848f-93f71d7ce6ba}\Shell\AutoRun\command - "" = F:\LaunchU3.exe
O34 - HKLM BootExecute: (autocheck autochk *)
O35:64bit: - HKLM\..comfile [open] -- "%1" %*
O35:64bit: - HKLM\..exefile [open] -- "%1" %*
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37:64bit: - HKLM\...com [@ = comfile] -- "%1" %*
O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
 
 
MsConfig:64bit - StartUpFolder: C:^Users^Stefan^AppData^Roaming^Microsoft^Windows^Start Menu^Programs^Startup^Dropbox.lnk - C:\Users\Stefan\AppData\Roaming\Dropbox\bin\Dropbox.exe - (Dropbox, Inc.)
MsConfig:64bit - StartUpReg: Adobe ARM - hkey= - key= - C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe (Adobe Systems Incorporated)
MsConfig:64bit - StartUpReg: ArcSoft Connection Service - hkey= - key= - C:\Program Files (x86)\Common Files\ArcSoft\Connection Service\Bin\ACDaemon.exe (ArcSoft Inc.)
MsConfig:64bit - StartUpReg: BTMTrayAgent - hkey= - key= - C:\windows\SysNative\rundll32.exe (Microsoft Corporation)
MsConfig:64bit - StartUpReg: DivXUpdate - hkey= - key= - C:\Program Files (x86)\DivX\DivX Update\DivXUpdate.exe ()
MsConfig:64bit - StartUpReg: GrooveMonitor - hkey= - key= - C:\Program Files (x86)\Microsoft Office\Office12\GrooveMonitor.exe (Microsoft Corporation)
MsConfig:64bit - StartUpReg: SunJavaUpdateSched - hkey= - key= - C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe (Sun Microsystems, Inc.)
MsConfig:64bit - State: "startup" - Reg Error: Key error.
 
SafeBootMin:64bit: AppMgmt - Service
SafeBootMin:64bit: Base - Driver Group
SafeBootMin:64bit: Boot Bus Extender - Driver Group
SafeBootMin:64bit: Boot file system - Driver Group
SafeBootMin:64bit: File system - Driver Group
SafeBootMin:64bit: Filter - Driver Group
SafeBootMin:64bit: HelpSvc - Service
SafeBootMin:64bit: PCI Configuration - Driver Group
SafeBootMin:64bit: PNP Filter - Driver Group
SafeBootMin:64bit: Primary disk - Driver Group
SafeBootMin:64bit: sacsvr - Service
SafeBootMin:64bit: SCSI Class - Driver Group
SafeBootMin:64bit: System Bus Extender - Driver Group
SafeBootMin:64bit: vmms - Service
SafeBootMin:64bit: WinDefend - C:\Program Files\Windows Defender\mpsvc.dll (Microsoft Corporation)
SafeBootMin:64bit: {36FC9E60-C465-11CF-8056-444553540000} - Universal Serial Bus controllers
SafeBootMin:64bit: {4D36E965-E325-11CE-BFC1-08002BE10318} - CD-ROM Drive
SafeBootMin:64bit: {4D36E967-E325-11CE-BFC1-08002BE10318} - DiskDrive
SafeBootMin:64bit: {4D36E969-E325-11CE-BFC1-08002BE10318} - Standard floppy disk controller
SafeBootMin:64bit: {4D36E96A-E325-11CE-BFC1-08002BE10318} - Hdc
SafeBootMin:64bit: {4D36E96B-E325-11CE-BFC1-08002BE10318} - Keyboard
SafeBootMin:64bit: {4D36E96F-E325-11CE-BFC1-08002BE10318} - Mouse
SafeBootMin:64bit: {4D36E977-E325-11CE-BFC1-08002BE10318} - PCMCIA Adapters
SafeBootMin:64bit: {4D36E97B-E325-11CE-BFC1-08002BE10318} - SCSIAdapter
SafeBootMin:64bit: {4D36E97D-E325-11CE-BFC1-08002BE10318} - System
SafeBootMin:64bit: {4D36E980-E325-11CE-BFC1-08002BE10318} - Floppy disk drive
SafeBootMin:64bit: {533C5B84-EC70-11D2-9505-00C04F79DEAF} - Volume shadow copy
SafeBootMin:64bit: {6BDD1FC1-810F-11D0-BEC7-08002BE2092F} - IEEE 1394 Bus host controllers
SafeBootMin:64bit: {71A27CDD-812A-11D0-BEC7-08002BE2092F} - Volume
SafeBootMin:64bit: {745A17A0-74D3-11D0-B6FE-00A0C90F57DA} - Human Interface Devices
SafeBootMin:64bit: {D48179BE-EC20-11D1-B6B8-00C04FA372A7} - SBP2 IEEE 1394 Devices
SafeBootMin:64bit: {D94EE5D8-D189-4994-83D2-F68D7D41B0E6} - SecurityDevices
SafeBootMin: AppMgmt - Service
SafeBootMin: Base - Driver Group
SafeBootMin: Boot Bus Extender - Driver Group
SafeBootMin: Boot file system - Driver Group
SafeBootMin: File system - Driver Group
SafeBootMin: Filter - Driver Group
SafeBootMin: HelpSvc - Service
SafeBootMin: PCI Configuration - Driver Group
SafeBootMin: PNP Filter - Driver Group
SafeBootMin: Primary disk - Driver Group
SafeBootMin: sacsvr - Service
SafeBootMin: SCSI Class - Driver Group
SafeBootMin: System Bus Extender - Driver Group
SafeBootMin: vmms - Service
SafeBootMin: {36FC9E60-C465-11CF-8056-444553540000} - Universal Serial Bus controllers
SafeBootMin: {4D36E965-E325-11CE-BFC1-08002BE10318} - CD-ROM Drive
SafeBootMin: {4D36E967-E325-11CE-BFC1-08002BE10318} - DiskDrive
SafeBootMin: {4D36E969-E325-11CE-BFC1-08002BE10318} - Standard floppy disk controller
SafeBootMin: {4D36E96A-E325-11CE-BFC1-08002BE10318} - Hdc
SafeBootMin: {4D36E96B-E325-11CE-BFC1-08002BE10318} - Keyboard
SafeBootMin: {4D36E96F-E325-11CE-BFC1-08002BE10318} - Mouse
SafeBootMin: {4D36E977-E325-11CE-BFC1-08002BE10318} - PCMCIA Adapters
SafeBootMin: {4D36E97B-E325-11CE-BFC1-08002BE10318} - SCSIAdapter
SafeBootMin: {4D36E97D-E325-11CE-BFC1-08002BE10318} - System
SafeBootMin: {4D36E980-E325-11CE-BFC1-08002BE10318} - Floppy disk drive
SafeBootMin: {533C5B84-EC70-11D2-9505-00C04F79DEAF} - Volume shadow copy
SafeBootMin: {6BDD1FC1-810F-11D0-BEC7-08002BE2092F} - IEEE 1394 Bus host controllers
SafeBootMin: {71A27CDD-812A-11D0-BEC7-08002BE2092F} - Volume
SafeBootMin: {745A17A0-74D3-11D0-B6FE-00A0C90F57DA} - Human Interface Devices
SafeBootMin: {D48179BE-EC20-11D1-B6B8-00C04FA372A7} - SBP2 IEEE 1394 Devices
SafeBootMin: {D94EE5D8-D189-4994-83D2-F68D7D41B0E6} - SecurityDevices
 
SafeBootNet:64bit: AppMgmt - Service
SafeBootNet:64bit: Base - Driver Group
SafeBootNet:64bit: Boot Bus Extender - Driver Group
SafeBootNet:64bit: Boot file system - Driver Group
SafeBootNet:64bit: File system - Driver Group
SafeBootNet:64bit: Filter - Driver Group
SafeBootNet:64bit: HelpSvc - Service
SafeBootNet:64bit: Messenger - Service
SafeBootNet:64bit: NDIS Wrapper - Driver Group
SafeBootNet:64bit: NetBIOSGroup - Driver Group
SafeBootNet:64bit: NetDDEGroup - Driver Group
SafeBootNet:64bit: Network - Driver Group
SafeBootNet:64bit: NetworkProvider - Driver Group
SafeBootNet:64bit: PCI Configuration - Driver Group
SafeBootNet:64bit: PNP Filter - Driver Group
SafeBootNet:64bit: PNP_TDI - Driver Group
SafeBootNet:64bit: Primary disk - Driver Group
SafeBootNet:64bit: rdsessmgr - Service
SafeBootNet:64bit: sacsvr - Service
SafeBootNet:64bit: SCSI Class - Driver Group
SafeBootNet:64bit: Streams Drivers - Driver Group
SafeBootNet:64bit: System Bus Extender - Driver Group
SafeBootNet:64bit: TDI - Driver Group
SafeBootNet:64bit: vmms - Service
SafeBootNet:64bit: WinDefend - C:\Program Files\Windows Defender\mpsvc.dll (Microsoft Corporation)
SafeBootNet:64bit: WudfUsbccidDriver - Driver
SafeBootNet:64bit: {36FC9E60-C465-11CF-8056-444553540000} - Universal Serial Bus controllers
SafeBootNet:64bit: {4D36E965-E325-11CE-BFC1-08002BE10318} - CD-ROM Drive
SafeBootNet:64bit: {4D36E967-E325-11CE-BFC1-08002BE10318} - DiskDrive
SafeBootNet:64bit: {4D36E969-E325-11CE-BFC1-08002BE10318} - Standard floppy disk controller
SafeBootNet:64bit: {4D36E96A-E325-11CE-BFC1-08002BE10318} - Hdc
SafeBootNet:64bit: {4D36E96B-E325-11CE-BFC1-08002BE10318} - Keyboard
SafeBootNet:64bit: {4D36E96F-E325-11CE-BFC1-08002BE10318} - Mouse
SafeBootNet:64bit: {4D36E972-E325-11CE-BFC1-08002BE10318} - Net
SafeBootNet:64bit: {4D36E973-E325-11CE-BFC1-08002BE10318} - NetClient
SafeBootNet:64bit: {4D36E974-E325-11CE-BFC1-08002BE10318} - NetService
SafeBootNet:64bit: {4D36E975-E325-11CE-BFC1-08002BE10318} - NetTrans
SafeBootNet:64bit: {4D36E977-E325-11CE-BFC1-08002BE10318} - PCMCIA Adapters
SafeBootNet:64bit: {4D36E97B-E325-11CE-BFC1-08002BE10318} - SCSIAdapter
SafeBootNet:64bit: {4D36E97D-E325-11CE-BFC1-08002BE10318} - System
SafeBootNet:64bit: {4D36E980-E325-11CE-BFC1-08002BE10318} - Floppy disk drive
SafeBootNet:64bit: {50DD5230-BA8A-11D1-BF5D-0000F805F530} - Smart card readers
SafeBootNet:64bit: {533C5B84-EC70-11D2-9505-00C04F79DEAF} - Volume shadow copy
SafeBootNet:64bit: {6BDD1FC1-810F-11D0-BEC7-08002BE2092F} - IEEE 1394 Bus host controllers
SafeBootNet:64bit: {71A27CDD-812A-11D0-BEC7-08002BE2092F} - Volume
SafeBootNet:64bit: {745A17A0-74D3-11D0-B6FE-00A0C90F57DA} - Human Interface Devices
SafeBootNet:64bit: {D48179BE-EC20-11D1-B6B8-00C04FA372A7} - SBP2 IEEE 1394 Devices
SafeBootNet:64bit: {D94EE5D8-D189-4994-83D2-F68D7D41B0E6} - SecurityDevices
SafeBootNet: AppMgmt - Service
SafeBootNet: Base - Driver Group
SafeBootNet: Boot Bus Extender - Driver Group
SafeBootNet: Boot file system - Driver Group
SafeBootNet: File system - Driver Group
SafeBootNet: Filter - Driver Group
SafeBootNet: HelpSvc - Service
SafeBootNet: Messenger - Service
SafeBootNet: NDIS Wrapper - Driver Group
SafeBootNet: NetBIOSGroup - Driver Group
SafeBootNet: NetDDEGroup - Driver Group
SafeBootNet: Network - Driver Group
SafeBootNet: NetworkProvider - Driver Group
SafeBootNet: PCI Configuration - Driver Group
SafeBootNet: PNP Filter - Driver Group
SafeBootNet: PNP_TDI - Driver Group
SafeBootNet: Primary disk - Driver Group
SafeBootNet: rdsessmgr - Service
SafeBootNet: sacsvr - Service
SafeBootNet: SCSI Class - Driver Group
SafeBootNet: Streams Drivers - Driver Group
SafeBootNet: System Bus Extender - Driver Group
SafeBootNet: TDI - Driver Group
SafeBootNet: vmms - Service
SafeBootNet: WudfUsbccidDriver - Driver
SafeBootNet: {36FC9E60-C465-11CF-8056-444553540000} - Universal Serial Bus controllers
SafeBootNet: {4D36E965-E325-11CE-BFC1-08002BE10318} - CD-ROM Drive
SafeBootNet: {4D36E967-E325-11CE-BFC1-08002BE10318} - DiskDrive
SafeBootNet: {4D36E969-E325-11CE-BFC1-08002BE10318} - Standard floppy disk controller
SafeBootNet: {4D36E96A-E325-11CE-BFC1-08002BE10318} - Hdc
SafeBootNet: {4D36E96B-E325-11CE-BFC1-08002BE10318} - Keyboard
SafeBootNet: {4D36E96F-E325-11CE-BFC1-08002BE10318} - Mouse
SafeBootNet: {4D36E972-E325-11CE-BFC1-08002BE10318} - Net
SafeBootNet: {4D36E973-E325-11CE-BFC1-08002BE10318} - NetClient
SafeBootNet: {4D36E974-E325-11CE-BFC1-08002BE10318} - NetService
SafeBootNet: {4D36E975-E325-11CE-BFC1-08002BE10318} - NetTrans
SafeBootNet: {4D36E977-E325-11CE-BFC1-08002BE10318} - PCMCIA Adapters
SafeBootNet: {4D36E97B-E325-11CE-BFC1-08002BE10318} - SCSIAdapter
SafeBootNet: {4D36E97D-E325-11CE-BFC1-08002BE10318} - System
SafeBootNet: {4D36E980-E325-11CE-BFC1-08002BE10318} - Floppy disk drive
SafeBootNet: {50DD5230-BA8A-11D1-BF5D-0000F805F530} - Smart card readers
SafeBootNet: {533C5B84-EC70-11D2-9505-00C04F79DEAF} - Volume shadow copy
SafeBootNet: {6BDD1FC1-810F-11D0-BEC7-08002BE2092F} - IEEE 1394 Bus host controllers
SafeBootNet: {71A27CDD-812A-11D0-BEC7-08002BE2092F} - Volume
SafeBootNet: {745A17A0-74D3-11D0-B6FE-00A0C90F57DA} - Human Interface Devices
SafeBootNet: {D48179BE-EC20-11D1-B6B8-00C04FA372A7} - SBP2 IEEE 1394 Devices
SafeBootNet: {D94EE5D8-D189-4994-83D2-F68D7D41B0E6} - SecurityDevices
 
ActiveX:64bit: {22d6f312-b0f6-11d0-94ab-0080c74c7e95} - Microsoft Windows Media Player 12.0
ActiveX:64bit: {2C7339CF-2B09-4501-B3F3-F3508C9228ED} - %SystemRoot%\system32\regsvr32.exe /s /n /i:/UserInstall %SystemRoot%\system32\themeui.dll
ActiveX:64bit: {3af36230-a269-11d1-b5bf-0000f8051515} - Offline Browsing Pack
ActiveX:64bit: {44BBA840-CC51-11CF-AAFA-00AA00B6015C} - "%ProgramFiles%\Windows Mail\WinMail.exe" OCInstallUserConfigOE
ActiveX:64bit: {44BBA855-CC51-11CF-AAFA-00AA00B6015F} - DirectDrawEx
ActiveX:64bit: {45ea75a0-a269-11d1-b5bf-0000f8051515} - Internet Explorer Help
ActiveX:64bit: {4f645220-306d-11d2-995d-00c04f98bbc9} - Microsoft Windows Script 5.6
ActiveX:64bit: {5fd399c0-a70a-11d1-9948-00c04f98bbc9} - Internet Explorer Setup Tools
ActiveX:64bit: {630b1da0-b465-11d1-9948-00c04f98bbc9} - Browsing Enhancements
ActiveX:64bit: {6BF52A52-394A-11d3-B153-00C04F79FAA6} - Microsoft Windows Media Player
ActiveX:64bit: {6fab99d0-bab8-11d1-994a-00c04f98bbc9} - MSN Site Access
ActiveX:64bit: {7790769C-0471-11d2-AF11-00C04FA35D02} - Address Book 7
ActiveX:64bit: {89820200-ECBD-11cf-8B85-00AA005B4340} - regsvr32.exe /s /n /i:U shell32.dll
ActiveX:64bit: {89820200-ECBD-11cf-8B85-00AA005B4383} - C:\Windows\System32\ie4uinit.exe -BaseSettings
ActiveX:64bit: {89B4C1CD-B018-4511-B0A1-5476DBF70820} - C:\Windows\system32\Rundll32.exe C:\Windows\system32\mscories.dll,Install
ActiveX:64bit: {9381D8F2-0288-11D0-9501-00AA00B911A5} - Dynamic HTML Data Binding
ActiveX:64bit: {C9E9A340-D1F1-11D0-821E-444553540600} - Internet Explorer Core Fonts
ActiveX:64bit: {de5aed00-a4bf-11d1-9948-00c04f98bbc9} - HTML Help
ActiveX:64bit: {E92B03AB-B707-11d2-9CBD-0000F87A369E} - Active Directory Service Interface
ActiveX:64bit: {F5B09CFD-F0B2-36AF-8DF4-1DF6B63FC7B4} - .NET Framework
ActiveX:64bit: {FEBEF00C-046D-438D-8A88-BF94A6C9E703} - .NET Framework
ActiveX:64bit: >{22d6f312-b0f6-11d0-94ab-0080c74c7e95} - %SystemRoot%\system32\unregmp2.exe /ShowWMP
ActiveX:64bit: >{26923b43-4d38-484f-9b9e-de460746276c} - C:\Windows\System32\ie4uinit.exe -UserIconConfig
ActiveX:64bit: >{60B49E34-C7CC-11D0-8953-00A0C90347FF} - "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\iedkcs32.dll",BrandIEActiveSetup SIGNUP
ActiveX: {08B0E5C0-4FCB-11CF-AAA5-00401C608500} - Java (Sun)
ActiveX: {22d6f312-b0f6-11d0-94ab-0080c74c7e95} - Microsoft Windows Media Player 12.0
ActiveX: {25FFAAD0-F4A3-4164-95FF-4461E9F35D51} - .NET Framework
ActiveX: {2C7339CF-2B09-4501-B3F3-F3508C9228ED} - %SystemRoot%\system32\regsvr32.exe /s /n /i:/UserInstall %SystemRoot%\system32\themeui.dll
ActiveX: {3af36230-a269-11d1-b5bf-0000f8051515} - Offline Browsing Pack
ActiveX: {44BBA840-CC51-11CF-AAFA-00AA00B6015C} - "%ProgramFiles(x86)%\Windows Mail\WinMail.exe" OCInstallUserConfigOE
ActiveX: {44BBA855-CC51-11CF-AAFA-00AA00B6015F} - DirectDrawEx
ActiveX: {45ea75a0-a269-11d1-b5bf-0000f8051515} - Internet Explorer Help
ActiveX: {4f645220-306d-11d2-995d-00c04f98bbc9} - Microsoft Windows Script 5.6
ActiveX: {5fd399c0-a70a-11d1-9948-00c04f98bbc9} - Internet Explorer Setup Tools
ActiveX: {630b1da0-b465-11d1-9948-00c04f98bbc9} - Browsing Enhancements
ActiveX: {6BF52A52-394A-11d3-B153-00C04F79FAA6} - Microsoft Windows Media Player
ActiveX: {6fab99d0-bab8-11d1-994a-00c04f98bbc9} - MSN Site Access
ActiveX: {7790769C-0471-11d2-AF11-00C04FA35D02} - Address Book 7
ActiveX: {7C028AF8-F614-47B3-82DA-BA94E41B1089} - .NET Framework
ActiveX: {89820200-ECBD-11cf-8B85-00AA005B4340} - regsvr32.exe /s /n /i:U shell32.dll
ActiveX: {89820200-ECBD-11cf-8B85-00AA005B4383} - C:\Windows\SysWOW64\ie4uinit.exe -BaseSettings
ActiveX: {89B4C1CD-B018-4511-B0A1-5476DBF70820} - C:\Windows\SysWOW64\Rundll32.exe C:\Windows\SysWOW64\mscories.dll,Install
ActiveX: {9381D8F2-0288-11D0-9501-00AA00B911A5} - Dynamic HTML Data Binding
ActiveX: {C9E9A340-D1F1-11D0-821E-444553540600} - Internet Explorer Core Fonts
ActiveX: {D27CDB6E-AE6D-11CF-96B8-444553540000} - Adobe Flash Player
ActiveX: {de5aed00-a4bf-11d1-9948-00c04f98bbc9} - HTML Help
ActiveX: {E92B03AB-B707-11d2-9CBD-0000F87A369E} - Active Directory Service Interface
ActiveX: {F5B09CFD-F0B2-36AF-8DF4-1DF6B63FC7B4} - .NET Framework
ActiveX: >{22d6f312-b0f6-11d0-94ab-0080c74c7e95} - %SystemRoot%\system32\unregmp2.exe /ShowWMP
ActiveX: >{26923b43-4d38-484f-9b9e-de460746276c} - C:\Windows\SysWOW64\ie4uinit.exe -UserIconConfig
ActiveX: >{60B49E34-C7CC-11D0-8953-00A0C90347FF} - "C:\Windows\SysWOW64\rundll32.exe" "C:\Windows\SysWOW64\iedkcs32.dll",BrandIEActiveSetup SIGNUP
 
Drivers32:64bit: msacm.l3acm - C:\Windows\System32\l3codeca.acm (Fraunhofer Institut Integrierte Schaltungen IIS)
Drivers32: msacm.l3acm - C:\Windows\SysWOW64\l3codeca.acm (Fraunhofer Institut Integrierte Schaltungen IIS)
Drivers32: vidc.cvid - C:\windows\SysWow64\iccvid.dll (Radius Inc.)
Drivers32: vidc.DIVX - C:\windows\SysWow64\DivX.dll (DivX, Inc.)
Drivers32: vidc.yv12 - C:\windows\SysWow64\DivX.dll (DivX, Inc.)
 
CREATERESTOREPOINT
Restore point Set: OTL Restore Point
 
========== Files/Folders - Created Within 30 Days ==========
 
[2012/01/19 10:54:50 | 000,584,192 | ---- | C] (OldTimer Tools) -- C:\Users\Stefan\Desktop\OTL.exe
[2012/01/18 22:14:05 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\ESET
[2012/01/18 22:13:12 | 002,322,184 | ---- | C] (ESET) -- C:\Users\Stefan\Desktop\esetsmartinstaller_enu.exe
[2012/01/18 22:12:01 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\searchplugins
[2012/01/18 22:12:01 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\hyphenation
[2012/01/18 22:12:01 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\extensions
[2012/01/18 22:12:01 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\defaults
[2012/01/18 22:12:01 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\components
[2012/01/18 16:15:29 | 000,000,000 | ---D | C] -- C:\.Trash-999
[2012/01/18 14:12:42 | 000,000,000 | -HSD | C] -- C:\Config.Msi
[2012/01/17 11:54:30 | 000,000,000 | ---D | C] -- C:\Users\Stefan\Desktop\virus
[2012/01/17 11:50:22 | 000,000,000 | ---D | C] -- C:\Users\Stefan\AppData\Roaming\Avira
[2012/01/17 11:30:05 | 000,000,000 | ---D | C] -- C:\ProgramData\Panda Security
[2012/01/17 11:30:01 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Panda USB Vaccine
[2012/01/17 11:30:01 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Panda Security
[2012/01/15 18:40:56 | 000,626,688 | ---- | C] (Microsoft Corporation) -- C:\Program Files (x86)\msvcr80.dll
[2012/01/15 18:40:56 | 000,548,864 | ---- | C] (Microsoft Corporation) -- C:\Program Files (x86)\msvcp80.dll
[2012/01/15 18:40:56 | 000,479,232 | ---- | C] (Microsoft Corporation) -- C:\Program Files (x86)\msvcm80.dll
[2012/01/15 18:40:55 | 000,043,992 | ---- | C] (Mozilla Foundation) -- C:\Program Files (x86)\mozutils.dll
[2012/01/15 15:17:51 | 000,000,000 | ---D | C] -- C:\Users\Stefan\AppData\Roaming\Malwarebytes
[2012/01/15 15:17:31 | 000,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes
[2012/01/11 22:10:32 | 000,000,000 | ---D | C] -- C:\Users\Stefan\Desktop\graphpad
[2012/01/11 20:28:12 | 000,000,000 | ---D | C] -- C:\Users\Stefan\AppData\Roaming\GraphPad Software
[2012/01/11 20:28:12 | 000,000,000 | ---D | C] -- C:\ProgramData\GraphPad Software
[2012/01/09 11:08:46 | 000,000,000 | ---D | C] -- C:\Users\Stefan\Desktop\alte prüfungen
[2012/01/04 01:48:42 | 000,354,176 | ---- | C] (DivX, Inc.) -- C:\windows\SysWow64\DivXControlPanelApplet.cpl
[2012/01/01 12:36:09 | 000,000,000 | -H-D | C] -- C:\windows\SysNative\CanonIJ Uninstaller Information
[2012/01/01 12:36:09 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Canon iP4800 series
[2011/07/14 14:08:31 | 002,106,216 | ---- | C] (Microsoft Corporation) -- C:\Program Files (x86)\D3DCompiler_43.dll
[2011/07/14 14:08:31 | 001,998,168 | ---- | C] (Microsoft Corporation) -- C:\Program Files (x86)\d3dx9_43.dll
[2011/05/15 12:59:56 | 000,814,040 | ---- | C] (sqlite.org) -- C:\Program Files (x86)\mozsqlite3.dll
[2011/05/15 12:59:56 | 000,486,360 | ---- | C] (Mozilla Foundation) -- C:\Program Files (x86)\libGLESv2.dll
[2011/05/15 12:59:56 | 000,097,240 | ---- | C] (Mozilla Foundation) -- C:\Program Files (x86)\libEGL.dll
[2011/05/15 12:59:56 | 000,015,832 | ---- | C] (Mozilla Foundation) -- C:\Program Files (x86)\mozalloc.dll
[2010/08/26 16:06:57 | 016,096,216 | ---- | C] (Mozilla Foundation) -- C:\Program Files (x86)\xul.dll
[2010/08/26 16:06:57 | 000,269,272 | ---- | C] (Mozilla Foundation) -- C:\Program Files (x86)\updater.exe
[2010/08/26 16:06:57 | 000,170,968 | ---- | C] (Mozilla Foundation) -- C:\Program Files (x86)\softokn3.dll
[2010/08/26 16:06:57 | 000,154,584 | ---- | C] (Mozilla Foundation) -- C:\Program Files (x86)\ssl3.dll
[2010/08/26 16:06:57 | 000,019,928 | ---- | C] (Mozilla Foundation) -- C:\Program Files (x86)\xpcom.dll
[2010/08/26 16:06:56 | 000,924,632 | ---- | C] (Mozilla Corporation) -- C:\Program Files (x86)\firefox.exe
[2010/08/26 16:06:56 | 000,646,104 | ---- | C] (Mozilla Foundation) -- C:\Program Files (x86)\nss3.dll
[2010/08/26 16:06:56 | 000,371,672 | ---- | C] (Mozilla Foundation) -- C:\Program Files (x86)\nssckbi.dll
[2010/08/26 16:06:56 | 000,269,272 | ---- | C] (Mozilla Foundation) -- C:\Program Files (x86)\freebl3.dll
[2010/08/26 16:06:56 | 000,187,352 | ---- | C] (Mozilla Foundation) -- C:\Program Files (x86)\nspr4.dll
[2010/08/26 16:06:56 | 000,125,912 | ---- | C] (Mozilla Foundation) -- C:\Program Files (x86)\crashreporter.exe
[2010/08/26 16:06:56 | 000,109,528 | ---- | C] (Mozilla Foundation) -- C:\Program Files (x86)\nssdbm3.dll
[2010/08/26 16:06:56 | 000,105,432 | ---- | C] (Mozilla Foundation) -- C:\Program Files (x86)\smime3.dll
[2010/08/26 16:06:56 | 000,105,432 | ---- | C] (Mozilla Foundation) -- C:\Program Files (x86)\nssutil3.dll
[2010/08/26 16:06:56 | 000,021,976 | ---- | C] (Mozilla Foundation) -- C:\Program Files (x86)\plc4.dll
[2010/08/26 16:06:56 | 000,020,440 | ---- | C] (Mozilla Foundation) -- C:\Program Files (x86)\plds4.dll
[2010/08/26 16:06:56 | 000,019,416 | ---- | C] (Mozilla Foundation) -- C:\Program Files (x86)\AccessibleMarshal.dll
[2010/08/26 16:06:56 | 000,016,856 | ---- | C] (Mozilla Corporation) -- C:\Program Files (x86)\plugin-container.exe
[2 C:\windows\*.tmp files -> C:\windows\*.tmp -> ]
[1 C:\Users\Stefan\Desktop\*.tmp files -> C:\Users\Stefan\Desktop\*.tmp -> ]
 
========== Files - Modified Within 30 Days ==========
 
[2012/01/19 10:55:04 | 000,584,192 | ---- | M] (OldTimer Tools) -- C:\Users\Stefan\Desktop\OTL.exe
[2012/01/19 10:53:23 | 001,521,018 | ---- | M] () -- C:\windows\SysNative\PerfStringBackup.INI
[2012/01/19 10:53:23 | 000,662,748 | ---- | M] () -- C:\windows\SysNative\perfh007.dat
[2012/01/19 10:53:23 | 000,623,288 | ---- | M] () -- C:\windows\SysNative\perfh009.dat
[2012/01/19 10:53:23 | 000,133,786 | ---- | M] () -- C:\windows\SysNative\perfc007.dat
[2012/01/19 10:53:23 | 000,109,410 | ---- | M] () -- C:\windows\SysNative\perfc009.dat
[2012/01/19 10:51:52 | 000,067,584 | --S- | M] () -- C:\windows\bootstat.dat
[2012/01/18 22:18:58 | 000,017,376 | -H-- | M] () -- C:\windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
[2012/01/18 22:18:58 | 000,017,376 | -H-- | M] () -- C:\windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
[2012/01/18 22:12:26 | 000,000,928 | ---- | M] () -- C:\Users\Public\Desktop\Mozilla Firefox.lnk
[2012/01/18 22:02:34 | 002,322,184 | ---- | M] (ESET) -- C:\Users\Stefan\Desktop\esetsmartinstaller_enu.exe
[2012/01/18 22:01:21 | 3055,693,824 | -HS- | M] () -- C:\hiberfil.sys
[2012/01/18 18:11:34 | 280,054,807 | ---- | M] () -- C:\windows\MEMORY.DMP
[2012/01/17 11:57:41 | 000,000,000 | ---- | M] () -- C:\Users\Stefan\defogger_reenable
[2012/01/16 17:08:15 | 000,011,776 | ---- | M] () -- C:\Users\Stefan\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2012/01/04 01:48:42 | 000,354,176 | ---- | M] (DivX, Inc.) -- C:\windows\SysWow64\DivXControlPanelApplet.cpl
[2011/12/21 08:42:29 | 000,000,478 | ---- | M] () -- C:\Program Files (x86)\softokn3.chk
[2011/12/21 08:42:29 | 000,000,478 | ---- | M] () -- C:\Program Files (x86)\nssdbm3.chk
[2011/12/21 08:42:28 | 002,124,760 | ---- | M] () -- C:\Program Files (x86)\mozjs.dll
[2011/12/21 08:42:28 | 000,814,040 | ---- | M] (sqlite.org) -- C:\Program Files (x86)\mozsqlite3.dll
[2011/12/21 08:42:28 | 000,000,478 | ---- | M] () -- C:\Program Files (x86)\freebl3.chk
[2011/12/21 06:09:19 | 005,642,801 | ---- | M] () -- C:\Program Files (x86)\omni.jar
[2011/12/21 06:09:19 | 000,002,723 | ---- | M] () -- C:\Program Files (x86)\precomplete
[2011/12/21 06:09:15 | 000,000,701 | ---- | M] () -- C:\Program Files (x86)\updater.ini
[2011/12/21 06:09:14 | 000,000,003 | ---- | M] () -- C:\Program Files (x86)\update.locale
[2011/12/21 06:08:51 | 000,004,284 | ---- | M] () -- C:\Program Files (x86)\crashreporter.ini
[2011/12/21 06:08:50 | 000,000,706 | ---- | M] () -- C:\Program Files (x86)\crashreporter-override.ini
[2011/12/21 05:29:43 | 000,011,263 | ---- | M] () -- C:\Program Files (x86)\blocklist.xml
[2011/12/21 05:29:42 | 000,002,153 | ---- | M] () -- C:\Program Files (x86)\application.ini
[2011/12/21 05:29:42 | 000,000,141 | ---- | M] () -- C:\Program Files (x86)\platform.ini
[2011/12/21 05:29:40 | 000,000,130 | ---- | M] () -- C:\Program Files (x86)\dependentlibs.list
[2011/12/21 03:54:19 | 000,034,427 | ---- | M] () -- C:\Program Files (x86)\removed-files
[2 C:\windows\*.tmp files -> C:\windows\*.tmp -> ]
[1 C:\Users\Stefan\Desktop\*.tmp files -> C:\Users\Stefan\Desktop\*.tmp -> ]
 
========== Files Created - No Company Name ==========
 
[2012/01/18 22:12:01 | 002,124,760 | ---- | C] () -- C:\Program Files (x86)\mozjs.dll
[2012/01/17 11:57:41 | 000,000,000 | ---- | C] () -- C:\Users\Stefan\defogger_reenable
[2011/07/14 14:08:31 | 000,002,723 | ---- | C] () -- C:\Program Files (x86)\precomplete
[2011/05/15 12:59:56 | 005,642,801 | ---- | C] () -- C:\Program Files (x86)\omni.jar
[2011/05/15 12:59:56 | 000,034,427 | ---- | C] () -- C:\Program Files (x86)\removed-files
[2011/04/15 08:27:58 | 000,870,560 | ---- | C] () -- C:\windows\SysWow64\igkrng575.bin
[2011/04/15 08:27:57 | 000,127,868 | ---- | C] () -- C:\windows\SysWow64\igcompkrng575.bin
[2011/04/15 08:27:57 | 000,104,636 | ---- | C] () -- C:\windows\SysWow64\igfcg575m.bin
[2011/04/15 08:27:55 | 000,002,110 | ---- | C] () -- C:\windows\SysWow64\atipblag.dat
[2011/03/31 18:28:25 | 001,540,624 | ---- | C] () -- C:\windows\SysWow64\PerfStringBackup.INI
[2011/03/31 18:26:48 | 000,001,024 | ---- | C] () -- C:\windows\SysWow64\grcauth2.dll
[2011/03/31 18:26:48 | 000,001,024 | ---- | C] () -- C:\windows\SysWow64\grcauth1.dll
[2011/03/31 18:26:48 | 000,000,100 | ---- | C] () -- C:\windows\SysWow64\prsgrc.dll
[2011/03/31 18:25:03 | 000,001,025 | ---- | C] () -- C:\windows\SysWow64\sysprs7.dll
[2011/03/31 18:25:03 | 000,000,205 | ---- | C] () -- C:\windows\SysWow64\lsprst7.dll
[2011/02/23 12:12:38 | 000,011,776 | ---- | C] () -- C:\Users\Stefan\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2010/11/20 01:35:52 | 000,007,603 | ---- | C] () -- C:\Users\Stefan\AppData\Local\Resmon.ResmonCfg
[2010/09/25 16:43:19 | 000,005,140 | ---- | C] () -- C:\Program Files (x86)\folders.cache
[2010/09/03 10:49:52 | 000,029,104 | ---- | C] () -- C:\windows\scunin.dat
[2010/08/26 16:06:58 | 000,000,701 | ---- | C] () -- C:\Program Files (x86)\updater.ini
[2010/08/26 16:06:58 | 000,000,003 | ---- | C] () -- C:\Program Files (x86)\update.locale
[2010/08/26 16:06:57 | 000,000,478 | ---- | C] () -- C:\Program Files (x86)\softokn3.chk
[2010/08/26 16:06:56 | 000,011,263 | ---- | C] () -- C:\Program Files (x86)\blocklist.xml
[2010/08/26 16:06:56 | 000,004,284 | ---- | C] () -- C:\Program Files (x86)\crashreporter.ini
[2010/08/26 16:06:56 | 000,002,153 | ---- | C] () -- C:\Program Files (x86)\application.ini
[2010/08/26 16:06:56 | 000,000,706 | ---- | C] () -- C:\Program Files (x86)\crashreporter-override.ini
[2010/08/26 16:06:56 | 000,000,478 | ---- | C] () -- C:\Program Files (x86)\nssdbm3.chk
[2010/08/26 16:06:56 | 000,000,478 | ---- | C] () -- C:\Program Files (x86)\freebl3.chk
[2010/08/26 16:06:56 | 000,000,141 | ---- | C] () -- C:\Program Files (x86)\platform.ini
[2010/08/26 16:06:56 | 000,000,130 | ---- | C] () -- C:\Program Files (x86)\dependentlibs.list
[2010/03/17 20:41:22 | 000,000,000 | ---- | C] () -- C:\windows\ativpsrm.bin
[2010/03/17 20:38:40 | 000,001,018 | ---- | C] () -- C:\windows\SysWow64\atipblup.dat
[2010/03/17 19:18:17 | 000,208,896 | ---- | C] () -- C:\windows\SysWow64\iglhsip32.dll
[2010/03/17 19:18:17 | 000,143,360 | ---- | C] () -- C:\windows\SysWow64\iglhcp32.dll
[2009/07/14 06:38:36 | 000,067,584 | --S- | C] () -- C:\windows\bootstat.dat
[2009/07/14 03:35:51 | 000,000,741 | ---- | C] () -- C:\windows\SysWow64\NOISE.DAT
[2009/07/14 03:34:42 | 000,215,943 | ---- | C] () -- C:\windows\SysWow64\dssec.dat
[2009/07/14 01:10:29 | 000,043,131 | ---- | C] () -- C:\windows\mib.bin
[2009/07/14 00:42:10 | 000,064,000 | ---- | C] () -- C:\windows\SysWow64\BWContextHandler.dll
[2009/07/13 22:03:59 | 000,364,544 | ---- | C] () -- C:\windows\SysWow64\msjetoledb40.dll
[2009/06/10 22:26:10 | 000,673,088 | ---- | C] () -- C:\windows\SysWow64\mlang.dat
 
========== LOP Check ==========
 
[2011/09/13 20:27:55 | 000,000,000 | ---D | M] -- C:\Users\Stefan\AppData\Roaming\Bandoo
[2011/07/19 11:42:31 | 000,000,000 | ---D | M] -- C:\Users\Stefan\AppData\Roaming\Dropbox
[2011/06/01 18:24:01 | 000,000,000 | ---D | M] -- C:\Users\Stefan\AppData\Roaming\DVDVideoSoft
[2011/06/01 18:24:12 | 000,000,000 | ---D | M] -- C:\Users\Stefan\AppData\Roaming\DVDVideoSoftIEHelpers
[2012/01/11 20:28:12 | 000,000,000 | ---D | M] -- C:\Users\Stefan\AppData\Roaming\GraphPad Software
[2011/04/06 18:00:51 | 000,000,000 | ---D | M] -- C:\Users\Stefan\AppData\Roaming\MediaProSoft Free Video to AVI MPEG Converter
[2011/08/01 13:55:21 | 000,000,000 | ---D | M] -- C:\Users\Stefan\AppData\Roaming\My Games
[2010/09/14 09:46:42 | 000,000,000 | ---D | M] -- C:\Users\Stefan\AppData\Roaming\OpenOffice.org
[2012/01/18 10:52:54 | 000,000,000 | ---D | M] -- C:\Users\Stefan\AppData\Roaming\Segment
[2011/06/30 13:54:35 | 000,000,000 | ---D | M] -- C:\Users\Stefan\AppData\Roaming\TS3Client
[2012/01/06 09:12:59 | 000,032,640 | ---- | M] () -- C:\windows\Tasks\SCHEDLGU.TXT
 
========== Purity Check ==========
 
 
 
========== Custom Scans ==========
 
 
< %ALLUSERSPROFILE%\Application Data\*. >
 
< %ALLUSERSPROFILE%\Application Data\*.exe /s >
 
< %APPDATA%\*. >
[2011/03/25 10:20:30 | 000,000,000 | ---D | M] -- C:\Users\Stefan\AppData\Roaming\Adobe
[2010/08/27 18:50:05 | 000,000,000 | ---D | M] -- C:\Users\Stefan\AppData\Roaming\ArcSoft
[2010/08/26 13:28:14 | 000,000,000 | ---D | M] -- C:\Users\Stefan\AppData\Roaming\ATI
[2012/01/17 11:50:22 | 000,000,000 | ---D | M] -- C:\Users\Stefan\AppData\Roaming\Avira
[2011/09/13 20:27:55 | 000,000,000 | ---D | M] -- C:\Users\Stefan\AppData\Roaming\Bandoo
[2011/02/23 12:05:54 | 000,000,000 | ---D | M] -- C:\Users\Stefan\AppData\Roaming\DivX
[2011/07/19 11:42:31 | 000,000,000 | ---D | M] -- C:\Users\Stefan\AppData\Roaming\Dropbox
[2011/06/01 18:24:01 | 000,000,000 | ---D | M] -- C:\Users\Stefan\AppData\Roaming\DVDVideoSoft
[2011/06/01 18:24:12 | 000,000,000 | ---D | M] -- C:\Users\Stefan\AppData\Roaming\DVDVideoSoftIEHelpers
[2012/01/11 20:28:12 | 000,000,000 | ---D | M] -- C:\Users\Stefan\AppData\Roaming\GraphPad Software
[2010/08/26 13:27:37 | 000,000,000 | ---D | M] -- C:\Users\Stefan\AppData\Roaming\Identities
[2010/08/26 13:21:05 | 000,000,000 | ---D | M] -- C:\Users\Stefan\AppData\Roaming\InstallShield
[2010/08/26 15:50:28 | 000,000,000 | ---D | M] -- C:\Users\Stefan\AppData\Roaming\Macromedia
[2012/01/19 03:09:21 | 000,000,000 | ---D | M] -- C:\Users\Stefan\AppData\Roaming\Malwarebytes
[2010/08/27 11:06:49 | 000,000,000 | ---D | M] -- C:\Users\Stefan\AppData\Roaming\MathWorks
[2010/03/17 18:41:05 | 000,000,000 | ---D | M] -- C:\Users\Stefan\AppData\Roaming\Media Center Programs
[2011/04/06 18:00:51 | 000,000,000 | ---D | M] -- C:\Users\Stefan\AppData\Roaming\MediaProSoft Free Video to AVI MPEG Converter
[2012/01/08 09:53:20 | 000,000,000 | --SD | M] -- C:\Users\Stefan\AppData\Roaming\Microsoft
[2010/08/26 16:07:09 | 000,000,000 | ---D | M] -- C:\Users\Stefan\AppData\Roaming\Mozilla
[2011/08/01 13:55:21 | 000,000,000 | ---D | M] -- C:\Users\Stefan\AppData\Roaming\My Games
[2010/09/14 09:46:42 | 000,000,000 | ---D | M] -- C:\Users\Stefan\AppData\Roaming\OpenOffice.org
[2012/01/18 10:52:54 | 000,000,000 | ---D | M] -- C:\Users\Stefan\AppData\Roaming\Segment
[2011/12/01 00:56:33 | 000,000,000 | ---D | M] -- C:\Users\Stefan\AppData\Roaming\Skype
[2011/06/30 13:54:35 | 000,000,000 | ---D | M] -- C:\Users\Stefan\AppData\Roaming\TS3Client
[2012/01/19 03:10:08 | 000,000,000 | ---D | M] -- C:\Users\Stefan\AppData\Roaming\vlc
 
< %APPDATA%\*.exe /s >
[2011/05/25 21:07:14 | 024,176,560 | ---- | M] (Dropbox, Inc.) -- C:\Users\Stefan\AppData\Roaming\Dropbox\bin\Dropbox.exe
[2011/05/25 21:07:18 | 000,174,784 | ---- | M] (Dropbox, Inc.) -- C:\Users\Stefan\AppData\Roaming\Dropbox\bin\Uninstall.exe
[2011/04/15 08:31:08 | 000,010,134 | R--- | M] () -- C:\Users\Stefan\AppData\Roaming\Microsoft\Installer\{A5F481DE-A5D2-725F-A0F3-1E663272D198}\ARPPRODUCTICON.exe
 
< %SYSTEMDRIVE%\*.exe >
[2007/11/07 07:44:20 | 000,855,040 | ---- | M] (Microsoft Corporation) -- C:\install.exe
 
 
< MD5 for: AGP440.SYS  >
[2009/07/14 02:52:21 | 000,061,008 | ---- | M] (Microsoft Corporation) MD5=608C14DBA7299D8CB6ED035A68A15799 -- C:\windows\SysNative\drivers\AGP440.sys
[2009/07/14 02:52:21 | 000,061,008 | ---- | M] (Microsoft Corporation) MD5=608C14DBA7299D8CB6ED035A68A15799 -- C:\windows\SysNative\DriverStore\FileRepository\machine.inf_amd64_neutral_9e6bb86c3b39a3e9\AGP440.sys
[2009/07/14 02:52:21 | 000,061,008 | ---- | M] (Microsoft Corporation) MD5=608C14DBA7299D8CB6ED035A68A15799 -- C:\Windows\winsxs\amd64_machine.inf_31bf3856ad364e35_6.1.7600.16385_none_1607dee2d861e021\AGP440.sys
 
< MD5 for: ATAPI.SYS  >
[2009/07/14 02:52:21 | 000,024,128 | ---- | M] (Microsoft Corporation) MD5=02062C0B390B7729EDC9E69C680A6F3C -- C:\windows\SysNative\drivers\atapi.sys
[2009/07/14 02:52:21 | 000,024,128 | ---- | M] (Microsoft Corporation) MD5=02062C0B390B7729EDC9E69C680A6F3C -- C:\windows\SysNative\DriverStore\FileRepository\mshdc.inf_amd64_neutral_a69a58a4286f0b22\atapi.sys
[2009/07/14 02:52:21 | 000,024,128 | ---- | M] (Microsoft Corporation) MD5=02062C0B390B7729EDC9E69C680A6F3C -- C:\Windows\winsxs\amd64_mshdc.inf_31bf3856ad364e35_6.1.7600.16385_none_392d19c13b3ad543\atapi.sys
 
< MD5 for: CNGAUDIT.DLL  >
[2009/07/14 02:15:06 | 000,012,288 | ---- | M] (Microsoft Corporation) MD5=50BA656134F78AF64E4DD3C8B6FEFD7E -- C:\Windows\SysWOW64\cngaudit.dll
[2009/07/14 02:15:06 | 000,012,288 | ---- | M] (Microsoft Corporation) MD5=50BA656134F78AF64E4DD3C8B6FEFD7E -- C:\Windows\winsxs\x86_microsoft-windows-cngaudit-dll_31bf3856ad364e35_6.1.7600.16385_none_e83a414890e8132b\cngaudit.dll
[2009/07/14 02:40:20 | 000,018,944 | ---- | M] (Microsoft Corporation) MD5=86FE1B1F8FD42CD0DB641AB1CDB13093 -- C:\windows\SysNative\cngaudit.dll
[2009/07/14 02:40:20 | 000,018,944 | ---- | M] (Microsoft Corporation) MD5=86FE1B1F8FD42CD0DB641AB1CDB13093 -- C:\Windows\winsxs\amd64_microsoft-windows-cngaudit-dll_31bf3856ad364e35_6.1.7600.16385_none_4458dccc49458461\cngaudit.dll
 
< MD5 for: IASTOR.SYS  >
[2009/10/13 10:09:36 | 000,331,288 | ---- | M] (Intel Corporation) MD5=0BAA4115DFFFD6A6D809A89D65E1281A -- C:\Program Files (x86)\Intel\Intel Matrix Storage Manager\driver\IaStor.sys
[2009/10/13 10:16:40 | 000,409,624 | ---- | M] (Intel Corporation) MD5=BE7D72FCF442C26975942007E0831241 -- C:\Program Files (x86)\Intel\Intel Matrix Storage Manager\driver64\IaStor.sys
[2009/10/13 10:16:40 | 000,409,624 | ---- | M] (Intel Corporation) MD5=BE7D72FCF442C26975942007E0831241 -- C:\windows\SysNative\drivers\iaStor.sys
[2009/10/13 10:16:40 | 000,409,624 | ---- | M] (Intel Corporation) MD5=BE7D72FCF442C26975942007E0831241 -- C:\windows\SysNative\DriverStore\FileRepository\iaahci.inf_amd64_neutral_6fca727099cdabf1\iaStor.sys
 
< MD5 for: IASTORV.SYS  >
[2011/03/11 07:19:16 | 000,410,496 | ---- | M] (Intel Corporation) MD5=5B3DE7208E5000D5B451B9D290D2579C -- C:\Windows\winsxs\amd64_iastorv.inf_31bf3856ad364e35_6.1.7601.21680_none_0d714416b7c182d5\iaStorV.sys
[2011/03/11 07:41:26 | 000,410,496 | ---- | M] (Intel Corporation) MD5=AAAF44DB3BD0B9D1FB6969B23ECC8366 -- C:\Windows\winsxs\amd64_iastorv.inf_31bf3856ad364e35_6.1.7601.17577_none_0cf9793d9e95787b\iaStorV.sys
[2011/03/11 07:23:00 | 000,410,496 | ---- | M] (Intel Corporation) MD5=B75E45C564E944A2657167D197AB29DA -- C:\windows\SysNative\drivers\iaStorV.sys
[2011/03/11 07:23:00 | 000,410,496 | ---- | M] (Intel Corporation) MD5=B75E45C564E944A2657167D197AB29DA -- C:\windows\SysNative\DriverStore\FileRepository\iastorv.inf_amd64_neutral_0033117673c16921\iaStorV.sys
[2011/03/11 07:23:00 | 000,410,496 | ---- | M] (Intel Corporation) MD5=B75E45C564E944A2657167D197AB29DA -- C:\Windows\winsxs\amd64_iastorv.inf_31bf3856ad364e35_6.1.7600.16778_none_0b141c81a16e25e6\iaStorV.sys
[2011/03/11 07:25:49 | 000,410,496 | ---- | M] (Intel Corporation) MD5=BFDC9D75698800CFE4D1698BF2750EA2 -- C:\Windows\winsxs\amd64_iastorv.inf_31bf3856ad364e35_6.1.7600.20921_none_0bccc8c8ba6985c1\iaStorV.sys
[2009/07/14 02:48:04 | 000,410,688 | ---- | M] (Intel Corporation) MD5=D83EFB6FD45DF9D55E9A1AFC63640D50 -- C:\windows\SysNative\DriverStore\FileRepository\iastorv.inf_amd64_neutral_18cccb83b34e1453\iaStorV.sys
[2009/07/14 02:48:04 | 000,410,688 | ---- | M] (Intel Corporation) MD5=D83EFB6FD45DF9D55E9A1AFC63640D50 -- C:\Windows\winsxs\amd64_iastorv.inf_31bf3856ad364e35_6.1.7600.16385_none_0b06441fa1790136\iaStorV.sys
 
< MD5 for: NETLOGON.DLL  >
[2009/07/14 02:41:52 | 000,692,736 | ---- | M] (Microsoft Corporation) MD5=956D030D375F207B22FB111E06EF9C35 -- C:\windows\SysNative\netlogon.dll
[2009/07/14 02:41:52 | 000,692,736 | ---- | M] (Microsoft Corporation) MD5=956D030D375F207B22FB111E06EF9C35 -- C:\Windows\winsxs\amd64_microsoft-windows-security-netlogon_31bf3856ad364e35_6.1.7600.16385_none_59aca8ea51aaeefe\netlogon.dll
[2009/07/14 02:16:02 | 000,563,712 | ---- | M] (Microsoft Corporation) MD5=EAA75D9000B71F10EEC04D2AE6C60E81 -- C:\Windows\SysWOW64\netlogon.dll
[2009/07/14 02:16:02 | 000,563,712 | ---- | M] (Microsoft Corporation) MD5=EAA75D9000B71F10EEC04D2AE6C60E81 -- C:\Windows\winsxs\wow64_microsoft-windows-security-netlogon_31bf3856ad364e35_6.1.7600.16385_none_6401533c860bb0f9\netlogon.dll
 
< MD5 for: NVSTOR.SYS  >
[2009/07/14 02:45:45 | 000,167,488 | ---- | M] (NVIDIA Corporation) MD5=477DC4D6DEB99BE37084C9AC6D013DA1 -- C:\windows\SysNative\DriverStore\FileRepository\nvraid.inf_amd64_neutral_5bde3fe2945bce9e\nvstor.sys
[2009/07/14 02:45:45 | 000,167,488 | ---- | M] (NVIDIA Corporation) MD5=477DC4D6DEB99BE37084C9AC6D013DA1 -- C:\Windows\winsxs\amd64_nvraid.inf_31bf3856ad364e35_6.1.7600.16385_none_95cfb4ced8afab0e\nvstor.sys
[2011/03/11 07:23:06 | 000,166,272 | ---- | M] (NVIDIA Corporation) MD5=6C1D5F70E7A6A3FD1C90D840EDC048B9 -- C:\windows\SysNative\drivers\nvstor.sys
[2011/03/11 07:23:06 | 000,166,272 | ---- | M] (NVIDIA Corporation) MD5=6C1D5F70E7A6A3FD1C90D840EDC048B9 -- C:\windows\SysNative\DriverStore\FileRepository\nvraid.inf_amd64_neutral_38e464dbe521cc7f\nvstor.sys
[2011/03/11 07:23:06 | 000,166,272 | ---- | M] (NVIDIA Corporation) MD5=6C1D5F70E7A6A3FD1C90D840EDC048B9 -- C:\Windows\winsxs\amd64_nvraid.inf_31bf3856ad364e35_6.1.7600.16778_none_95dd8d30d8a4cfbe\nvstor.sys
[2011/03/11 07:25:53 | 000,166,272 | ---- | M] (NVIDIA Corporation) MD5=AE274836BA56518E279087363A781214 -- C:\Windows\winsxs\amd64_nvraid.inf_31bf3856ad364e35_6.1.7600.20921_none_96963977f1a02f99\nvstor.sys
[2011/03/11 07:19:21 | 000,166,272 | ---- | M] (NVIDIA Corporation) MD5=D23C7E8566DA2B8A7C0DBBB761D54888 -- C:\Windows\winsxs\amd64_nvraid.inf_31bf3856ad364e35_6.1.7601.21680_none_983ab4c5eef82cad\nvstor.sys
[2011/03/11 07:41:34 | 000,166,272 | ---- | M] (NVIDIA Corporation) MD5=DAB0E87525C10052BF65F06152F37E4A -- C:\Windows\winsxs\amd64_nvraid.inf_31bf3856ad364e35_6.1.7601.17577_none_97c2e9ecd5cc2253\nvstor.sys
 
< MD5 for: SCECLI.DLL  >
[2009/07/14 02:16:13 | 000,175,616 | ---- | M] (Microsoft Corporation) MD5=26073302DAEA83CC5B944C546D6B47D2 -- C:\Windows\SysWOW64\scecli.dll
[2009/07/14 02:16:13 | 000,175,616 | ---- | M] (Microsoft Corporation) MD5=26073302DAEA83CC5B944C546D6B47D2 -- C:\Windows\winsxs\wow64_microsoft-windows-s..urationengineclient_31bf3856ad364e35_6.1.7600.16385_none_9e577e55272d37b4\scecli.dll
[2009/07/14 02:41:53 | 000,232,448 | ---- | M] (Microsoft Corporation) MD5=398712DDDAEFB85EDF61DF6A07B65C79 -- C:\windows\SysNative\scecli.dll
[2009/07/14 02:41:53 | 000,232,448 | ---- | M] (Microsoft Corporation) MD5=398712DDDAEFB85EDF61DF6A07B65C79 -- C:\Windows\winsxs\amd64_microsoft-windows-s..urationengineclient_31bf3856ad364e35_6.1.7600.16385_none_9402d402f2cc75b9\scecli.dll
 
< MD5 for: USER32.DLL  >
[2009/07/14 02:41:56 | 001,008,640 | ---- | M] (Microsoft Corporation) MD5=72D7B3EA16946E8F0CF7458150031CC6 -- C:\windows\SysNative\user32.dll
[2009/07/14 02:41:56 | 001,008,640 | ---- | M] (Microsoft Corporation) MD5=72D7B3EA16946E8F0CF7458150031CC6 -- C:\Windows\winsxs\amd64_microsoft-windows-user32_31bf3856ad364e35_6.1.7600.16385_none_292d5de8870d85d9\user32.dll
[2009/07/14 02:11:24 | 000,833,024 | ---- | M] (Microsoft Corporation) MD5=E8B0FFC209E504CB7E79FC24E6C085F0 -- C:\Windows\SysWOW64\user32.dll
[2009/07/14 02:11:24 | 000,833,024 | ---- | M] (Microsoft Corporation) MD5=E8B0FFC209E504CB7E79FC24E6C085F0 -- C:\Windows\winsxs\wow64_microsoft-windows-user32_31bf3856ad364e35_6.1.7600.16385_none_3382083abb6e47d4\user32.dll
 
< MD5 for: USERINIT.EXE  >
[2009/07/14 02:14:43 | 000,026,112 | ---- | M] (Microsoft Corporation) MD5=6DE80F60D7DE9CE6B8C2DDFDF79EF175 -- C:\Windows\SysWOW64\userinit.exe
[2009/07/14 02:14:43 | 000,026,112 | ---- | M] (Microsoft Corporation) MD5=6DE80F60D7DE9CE6B8C2DDFDF79EF175 -- C:\Windows\winsxs\x86_microsoft-windows-userinit_31bf3856ad364e35_6.1.7600.16385_none_dbff103933038d7c\userinit.exe
[2009/07/14 02:39:48 | 000,030,208 | ---- | M] (Microsoft Corporation) MD5=6F8F1376A13114CC10C0E69274F5A4DE -- C:\windows\SysNative\userinit.exe
[2009/07/14 02:39:48 | 000,030,208 | ---- | M] (Microsoft Corporation) MD5=6F8F1376A13114CC10C0E69274F5A4DE -- C:\Windows\winsxs\amd64_microsoft-windows-userinit_31bf3856ad364e35_6.1.7600.16385_none_381dabbceb60feb2\userinit.exe
 
< MD5 for: WININIT.EXE  >
[2009/07/14 02:39:52 | 000,129,024 | ---- | M] (Microsoft Corporation) MD5=94355C28C1970635A31B3FE52EB7CEBA -- C:\windows\SysNative\wininit.exe
[2009/07/14 02:39:52 | 000,129,024 | ---- | M] (Microsoft Corporation) MD5=94355C28C1970635A31B3FE52EB7CEBA -- C:\Windows\winsxs\amd64_microsoft-windows-wininit_31bf3856ad364e35_6.1.7600.16385_none_8ce7aa761e01ad49\wininit.exe
[2009/07/14 02:14:45 | 000,096,256 | ---- | M] (Microsoft Corporation) MD5=B5C5DCAD3899512020D135600129D665 -- C:\Windows\SysWOW64\wininit.exe
[2009/07/14 02:14:45 | 000,096,256 | ---- | M] (Microsoft Corporation) MD5=B5C5DCAD3899512020D135600129D665 -- C:\Windows\winsxs\x86_microsoft-windows-wininit_31bf3856ad364e35_6.1.7600.16385_none_30c90ef265a43c13\wininit.exe
 
< MD5 for: WINLOGON.EXE  >
[2009/07/14 02:39:52 | 000,389,120 | ---- | M] (Microsoft Corporation) MD5=132328DF455B0028F13BF0ABEE51A63A -- C:\Windows\winsxs\amd64_microsoft-windows-winlogon_31bf3856ad364e35_6.1.7600.16385_none_cbb7f2bdeea2829c\winlogon.exe
[2009/10/28 08:01:57 | 000,389,632 | ---- | M] (Microsoft Corporation) MD5=A93D41A4D4B0D91C072D11DD8AF266DE -- C:\Windows\winsxs\amd64_microsoft-windows-winlogon_31bf3856ad364e35_6.1.7600.20560_none_cc522fd507b468f8\winlogon.exe
[2009/10/28 07:24:40 | 000,389,632 | ---- | M] (Microsoft Corporation) MD5=DA3E2A6FA9660CC75B471530CE88453A -- C:\windows\SysNative\winlogon.exe
[2009/10/28 07:24:40 | 000,389,632 | ---- | M] (Microsoft Corporation) MD5=DA3E2A6FA9660CC75B471530CE88453A -- C:\Windows\winsxs\amd64_microsoft-windows-winlogon_31bf3856ad364e35_6.1.7600.16447_none_cbe534e7ee8042ad\winlogon.exe
 
< MD5 for: WS2IFSL.SYS  >
[2009/07/14 01:10:33 | 000,021,504 | ---- | M] (Microsoft Corporation) MD5=6BCC1D7D2FD2453957C5479A32364E52 -- C:\windows\SysNative\drivers\ws2ifsl.sys
[2009/07/14 01:10:33 | 000,021,504 | ---- | M] (Microsoft Corporation) MD5=6BCC1D7D2FD2453957C5479A32364E52 -- C:\Windows\winsxs\amd64_microsoft-windows-w..rastructure-ws2ifsl_31bf3856ad364e35_6.1.7600.16385_none_ab7b927be17eace8\ws2ifsl.sys
 
< %systemroot%\system32\drivers\*.sys /lockedfiles >
 
< %systemroot%\System32\config\*.sav >
 
< %systemroot%\*. /mp /s >
 
< %systemroot%\system32\*.dll /lockedfiles >
 
<           >

< End of report >
         

Alt 19.01.2012, 11:39   #8
cosinus
/// Winkelfunktion
/// TB-Süch-Tiger™
 
Meldung: "Achtung! Aus Sicherheitsgründen wurde ihr Windowssystem gesperrt" - Standard

Meldung: "Achtung! Aus Sicherheitsgründen wurde ihr Windowssystem gesperrt"



Mach einen OTL-Fix, beende alle evtl. geöffneten Programme, auch Virenscanner deaktivieren (!), starte OTL und kopiere folgenden Text in die "Custom Scan/Fixes" Box (unten in OTL): (das ":OTL" muss mitkopiert werden!!!)


Code:
ATTFilter
:OTL
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2012/01/18 21:01:52 | 000,000,000 | ---- | M] () - F:\AUTORUN.INF -- [ FAT32 ]
O32 - AutoRun File - [2012/01/18 17:51:46 | 000,000,000 | ---- | M] () - G:\AUTORUN.INF -- [ FAT32 ]
O33 - MountPoints2\{d7eb6a15-2365-11e1-848f-93f71d7ce6ba}\Shell - "" = AutoRun
O33 - MountPoints2\{d7eb6a15-2365-11e1-848f-93f71d7ce6ba}\Shell\AutoRun\command - "" = F:\LaunchU3.exe
:Commands
[emptytemp]
[resethosts]
         
Klick dann oben links auf den Button Fix!
Das Logfile müsste geöffnet werden, wenn Du nach dem Fixen auf ok klickst, poste das bitte. Evtl. wird der Rechner neu gestartet.

Die mit diesem Script gefixten Einträge, Dateien und Ordner werden zur Sicherheit nicht vollständig gelöscht, es wird eine Sicherheitskopie auf der Systempartition im Ordner "_OTL" erstellt.

Hinweis: Das obige Script ist nur für diesen einen User in dieser Situtation erstellt worden. Es ist auf keinen anderen Rechner portierbar und darf nicht anderweitig verwandt werden, da es das System nachhaltig schädigen kann!
__________________
"Die Wahrheit ist normalerweise nur eine Entschuldigung für einen Mangel an Fantasie." (Elim Garak)

Das Trojaner-Board unterstützen
Warum Linux besser als Windows ist!

Alt 19.01.2012, 12:03   #9
GutenTag
 
Meldung: "Achtung! Aus Sicherheitsgründen wurde ihr Windowssystem gesperrt" - Standard

Meldung: "Achtung! Aus Sicherheitsgründen wurde ihr Windowssystem gesperrt"



Heyho,

der rechner wollte neu gestartet werden, nach dem neustart sollte ich das ausführen von OTL zulassen, was ich auch getan habe.

Hier das log:

Code:
ATTFilter
All processes killed
========== OTL ==========
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Cdrom\\AutoRun|DWORD:1 /E : value set successfully!
F:\AUTORUN.INF moved successfully.
G:\AUTORUN.INF moved successfully.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{d7eb6a15-2365-11e1-848f-93f71d7ce6ba}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{d7eb6a15-2365-11e1-848f-93f71d7ce6ba}\ not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{d7eb6a15-2365-11e1-848f-93f71d7ce6ba}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{d7eb6a15-2365-11e1-848f-93f71d7ce6ba}\ not found.
File F:\LaunchU3.exe not found.
========== COMMANDS ==========
 
[EMPTYTEMP]
 
User: All Users
 
User: Default
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 33170 bytes
 
User: Default User
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
 
User: Public
 
User: Stefan
->Temp folder emptied: 676567625 bytes
->Temporary Internet Files folder emptied: 336310534 bytes
->Java cache emptied: 117850 bytes
->FireFox cache emptied: 1092445228 bytes
->Flash cache emptied: 25684 bytes
 
%systemdrive% .tmp files removed: 0 bytes
%systemroot% .tmp files removed: 6 bytes
%systemroot%\System32 .tmp files removed: 0 bytes
%systemroot%\System32 (64bit) .tmp files removed: 0 bytes
%systemroot%\System32\drivers .tmp files removed: 0 bytes
Windows Temp folder emptied: 159241419 bytes
%systemroot%\sysnative\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files folder emptied: 67832 bytes
RecycleBin emptied: 9317533120 bytes
 
Total Files Cleaned = 11,046.00 mb
 
C:\windows\System32\drivers\etc\Hosts moved successfully.
HOSTS file reset successfully
 
OTL by OldTimer - Version 3.2.31.0 log created on 01192012_114414

Files\Folders moved on Reboot...
C:\Users\Stefan\AppData\Local\Temp\FXSAPIDebugLogFile.txt moved successfully.

Registry entries deleted on Reboot...
         

Alt 19.01.2012, 12:17   #10
cosinus
/// Winkelfunktion
/// TB-Süch-Tiger™
 
Meldung: "Achtung! Aus Sicherheitsgründen wurde ihr Windowssystem gesperrt" - Standard

Meldung: "Achtung! Aus Sicherheitsgründen wurde ihr Windowssystem gesperrt"



Bitte nun (im normalen Windows-Modus) dieses Tool von Kaspersky (TDSS-Killer) ausführen und das Log posten => http://www.trojaner-board.de/82358-t...entfernen.html

Das Tool so einstellen wie unten im Bild angegeben - klick auf change parameters und setze die Haken wie im folgenden Screenshot abgebildet,
Dann auf Start Scan klicken und wenn es durch ist auf den Button Report klicken um das Log anzuzeigen. Dieses bitte komplett posten.
Wenn du das Log nicht findest oder den Inhalt kopieren und in dein Posting übertragen kannst, dann schau bitte direkt auf deiner Windows-Systempartition (meistens Laufwerk C nach, da speichert der TDSS-Killer seine Logs.

Hinweis: Bitte nichts voreilig mit dem TDSS-Killer löschen! Falls Objekte vom TDSS-Killer bemängelt werden, alle mit der Aktion "skip" behandeln und hier nur das Log posten!




Falls du durch die Infektion auf deine Dokumente/Eigenen Dateien nicht zugreifen kannst, Verknüpfungen auf dem Desktop oder im Startmenü unter "alle Programme" fehlen, bitte unhide ausführen:
Downloade dir bitte unhide.exe und speichere diese Datei auf deinem Desktop.
Starte das Tool und es sollten alle Dateien und Ordner wieder sichtbar sein. ( Könnte eine Weile dauern )
Windows-Vista und Windows-7-User müssen das Tool per Rechtsklick als Administrator ausführen!
__________________
"Die Wahrheit ist normalerweise nur eine Entschuldigung für einen Mangel an Fantasie." (Elim Garak)

Das Trojaner-Board unterstützen
Warum Linux besser als Windows ist!

Alt 19.01.2012, 12:43   #11
GutenTag
 
Meldung: "Achtung! Aus Sicherheitsgründen wurde ihr Windowssystem gesperrt" - Standard

Meldung: "Achtung! Aus Sicherheitsgründen wurde ihr Windowssystem gesperrt"



Hier ist das log von TDSSKiller:

Code:
ATTFilter
12:22:31.0373 5040	TDSS rootkit removing tool 2.7.5.0 Jan 18 2012 09:26:24
12:22:31.0638 5040	============================================================
12:22:31.0638 5040	Current date / time: 2012/01/19 12:22:31.0638
12:22:31.0638 5040	SystemInfo:
12:22:31.0638 5040	
12:22:31.0638 5040	OS Version: 6.1.7600 ServicePack: 0.0
12:22:31.0638 5040	Product type: Workstation
12:22:31.0638 5040	ComputerName: STEFAN-MSI
12:22:31.0638 5040	UserName: Stefan
12:22:31.0638 5040	Windows directory: C:\windows
12:22:31.0638 5040	System windows directory: C:\windows
12:22:31.0638 5040	Running under WOW64
12:22:31.0638 5040	Processor architecture: Intel x64
12:22:31.0638 5040	Number of processors: 4
12:22:31.0638 5040	Page size: 0x1000
12:22:31.0638 5040	Boot type: Normal boot
12:22:31.0638 5040	============================================================
12:22:32.0122 5040	Drive \Device\Harddisk0\DR0 - Size: 0x7470C06000 (465.76 Gb), SectorSize: 0x200, Cylinders: 0xED81, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000040
12:22:32.0122 5040	Drive \Device\Harddisk1\DR1 - Size: 0xE8E0DB6000 (931.51 Gb), SectorSize: 0x200, Cylinders: 0x1DB01, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'W'
12:22:37.0816 5040	Drive \Device\Harddisk2\DR2 - Size: 0x3A9800000 (14.65 Gb), SectorSize: 0x200, Cylinders: 0x778, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'W'
12:22:37.0910 5040	Initialize success
12:23:36.0628 4908	============================================================
12:23:36.0628 4908	Scan started
12:23:36.0628 4908	Mode: Manual; SigCheck; TDLFS; 
12:23:36.0628 4908	============================================================
12:23:37.0003 4908	1394ohci        (1b00662092f9f9568b995902f0cc40d5) C:\windows\system32\DRIVERS\1394ohci.sys
12:23:37.0112 4908	1394ohci - ok
12:23:37.0252 4908	ACPI            (6f11e88748cdefd2f76aa215f97ddfe5) C:\windows\system32\DRIVERS\ACPI.sys
12:23:37.0268 4908	ACPI - ok
12:23:37.0346 4908	AcpiPmi         (63b05a0420ce4bf0e4af6dcc7cada254) C:\windows\system32\DRIVERS\acpipmi.sys
12:23:37.0393 4908	AcpiPmi - ok
12:23:37.0580 4908	adp94xx         (2f6b34b83843f0c5118b63ac634f5bf4) C:\windows\system32\DRIVERS\adp94xx.sys
12:23:37.0595 4908	adp94xx - ok
12:23:37.0736 4908	adpahci         (597f78224ee9224ea1a13d6350ced962) C:\windows\system32\DRIVERS\adpahci.sys
12:23:37.0767 4908	adpahci - ok
12:23:37.0845 4908	adpu320         (e109549c90f62fb570b9540c4b148e54) C:\windows\system32\DRIVERS\adpu320.sys
12:23:37.0876 4908	adpu320 - ok
12:23:38.0001 4908	AFD             (6ef20ddf3172e97d69f596fb90602f29) C:\windows\system32\drivers\afd.sys
12:23:38.0063 4908	AFD - ok
12:23:38.0204 4908	AgereSoftModem  (d2914e53e8f299654d400f96eb466054) C:\windows\system32\DRIVERS\agrsm64.sys
12:23:38.0282 4908	AgereSoftModem - ok
12:23:38.0407 4908	agp440          (608c14dba7299d8cb6ed035a68a15799) C:\windows\system32\DRIVERS\agp440.sys
12:23:38.0422 4908	agp440 - ok
12:23:38.0563 4908	aliide          (5812713a477a3ad7363c7438ca2ee038) C:\windows\system32\DRIVERS\aliide.sys
12:23:38.0578 4908	aliide - ok
12:23:38.0719 4908	amdide          (1ff8b4431c353ce385c875f194924c0c) C:\windows\system32\DRIVERS\amdide.sys
12:23:38.0734 4908	amdide - ok
12:23:38.0781 4908	AmdK8           (7024f087cff1833a806193ef9d22cda9) C:\windows\system32\DRIVERS\amdk8.sys
12:23:38.0828 4908	AmdK8 - ok
12:23:39.0077 4908	amdkmdag        (0d0af6574e723334f8bde3e631145d18) C:\windows\system32\DRIVERS\atikmdag.sys
12:23:39.0311 4908	amdkmdag - ok
12:23:39.0436 4908	amdkmdap        (693d7a53bca6433fdc660cea0ad20153) C:\windows\system32\DRIVERS\atikmpag.sys
12:23:39.0483 4908	amdkmdap - ok
12:23:39.0577 4908	AmdPPM          (1e56388b3fe0d031c44144eb8c4d6217) C:\windows\system32\DRIVERS\amdppm.sys
12:23:39.0639 4908	AmdPPM - ok
12:23:39.0733 4908	amdsata         (ec7ebab00a4d8448bab68d1e49b4beb9) C:\windows\system32\drivers\amdsata.sys
12:23:39.0764 4908	amdsata - ok
12:23:39.0795 4908	amdsbs          (f67f933e79241ed32ff46a4f29b5120b) C:\windows\system32\DRIVERS\amdsbs.sys
12:23:39.0811 4908	amdsbs - ok
12:23:39.0920 4908	amdxata         (db27766102c7bf7e95140a2aa81d042e) C:\windows\system32\drivers\amdxata.sys
12:23:39.0935 4908	amdxata - ok
12:23:40.0076 4908	AppID           (42fd751b27fa0e9c69bb39f39e409594) C:\windows\system32\drivers\appid.sys
12:23:40.0123 4908	AppID - ok
12:23:40.0201 4908	arc             (c484f8ceb1717c540242531db7845c4e) C:\windows\system32\DRIVERS\arc.sys
12:23:40.0216 4908	arc - ok
12:23:40.0279 4908	arcsas          (019af6924aefe7839f61c830227fe79c) C:\windows\system32\DRIVERS\arcsas.sys
12:23:40.0294 4908	arcsas - ok
12:23:40.0388 4908	ArcSoftKsUFilter (c130bc4a51b1382b2be8e44579ec4c0a) C:\windows\system32\DRIVERS\ArcSoftKsUFilter.sys
12:23:40.0419 4908	ArcSoftKsUFilter - ok
12:23:40.0513 4908	AsyncMac        (769765ce2cc62867468cea93969b2242) C:\windows\system32\DRIVERS\asyncmac.sys
12:23:40.0606 4908	AsyncMac - ok
12:23:40.0715 4908	atapi           (02062c0b390b7729edc9e69c680a6f3c) C:\windows\system32\DRIVERS\atapi.sys
12:23:40.0731 4908	atapi - ok
12:23:40.0871 4908	avgntflt        (b1224e6b086cd6548315b04ab575a23e) C:\windows\system32\DRIVERS\avgntflt.sys
12:23:40.0887 4908	avgntflt - ok
12:23:41.0043 4908	avipbb          (ed45f12cfa62b83765c9c1496758cc87) C:\windows\system32\DRIVERS\avipbb.sys
12:23:41.0043 4908	avipbb - ok
12:23:41.0183 4908	b06bdrv         (3e5b191307609f7514148c6832bb0842) C:\windows\system32\DRIVERS\bxvbda.sys
12:23:41.0246 4908	b06bdrv - ok
12:23:41.0355 4908	b57nd60a        (b5ace6968304a3900eeb1ebfd9622df2) C:\windows\system32\DRIVERS\b57nd60a.sys
12:23:41.0402 4908	b57nd60a - ok
12:23:41.0511 4908	Beep            (16a47ce2decc9b099349a5f840654746) C:\windows\system32\drivers\Beep.sys
12:23:41.0573 4908	Beep - ok
12:23:41.0714 4908	blbdrive        (61583ee3c3a17003c4acd0475646b4d3) C:\windows\system32\DRIVERS\blbdrive.sys
12:23:41.0761 4908	blbdrive - ok
12:23:41.0885 4908	bowser          (19d20159708e152267e53b66677a4995) C:\windows\system32\DRIVERS\bowser.sys
12:23:41.0932 4908	bowser - ok
12:23:42.0041 4908	BrFiltLo        (f09eee9edc320b5e1501f749fde686c8) C:\windows\system32\DRIVERS\BrFiltLo.sys
12:23:42.0104 4908	BrFiltLo - ok
12:23:42.0135 4908	BrFiltUp        (b114d3098e9bdb8bea8b053685831be6) C:\windows\system32\DRIVERS\BrFiltUp.sys
12:23:42.0151 4908	BrFiltUp - ok
12:23:42.0275 4908	Brserid         (43bea8d483bf1870f018e2d02e06a5bd) C:\windows\System32\Drivers\Brserid.sys
12:23:42.0322 4908	Brserid - ok
12:23:42.0353 4908	BrSerWdm        (a6eca2151b08a09caceca35c07f05b42) C:\windows\System32\Drivers\BrSerWdm.sys
12:23:42.0400 4908	BrSerWdm - ok
12:23:42.0509 4908	BrUsbMdm        (b79968002c277e869cf38bd22cd61524) C:\windows\System32\Drivers\BrUsbMdm.sys
12:23:42.0572 4908	BrUsbMdm - ok
12:23:42.0650 4908	BrUsbSer        (a87528880231c54e75ea7a44943b38bf) C:\windows\System32\Drivers\BrUsbSer.sys
12:23:42.0697 4908	BrUsbSer - ok
12:23:42.0790 4908	BthEnum         (cf98190a94f62e405c8cb255018b2315) C:\windows\system32\drivers\BthEnum.sys
12:23:42.0821 4908	BthEnum - ok
12:23:42.0899 4908	BTHMODEM        (9da669f11d1f894ab4eb69bf546a42e8) C:\windows\system32\DRIVERS\bthmodem.sys
12:23:42.0946 4908	BTHMODEM - ok
12:23:43.0024 4908	BthPan          (02dd601b708dd0667e1331fa8518e9ff) C:\windows\system32\DRIVERS\bthpan.sys
12:23:43.0087 4908	BthPan - ok
12:23:43.0180 4908	BTHPORT         (21084ceb85280468c9aca3c805c0f8cf) C:\windows\System32\Drivers\BTHport.sys
12:23:43.0227 4908	BTHPORT - ok
12:23:43.0367 4908	BTHUSB          (8504842634dd144c075b6b0c982ccec4) C:\windows\System32\Drivers\BTHUSB.sys
12:23:43.0414 4908	BTHUSB - ok
12:23:43.0477 4908	BTMCOM          (bb95f4f2c1ada589e97c8598e14e1c74) C:\windows\System32\Drivers\btmcom.sys
12:23:43.0523 4908	BTMCOM - ok
12:23:43.0601 4908	BTMHID          (a505e3d17b12113d947a85baa3070691) C:\windows\system32\DRIVERS\btmhid.sys
12:23:43.0633 4908	BTMHID - ok
12:23:43.0695 4908	BTMUSB          (09b5a74916fa3417186c8f494ae6c9fe) C:\windows\system32\Drivers\btmusb.sys
12:23:43.0742 4908	BTMUSB - ok
12:23:43.0835 4908	cdfs            (b8bd2bb284668c84865658c77574381a) C:\windows\system32\DRIVERS\cdfs.sys
12:23:43.0913 4908	cdfs - ok
12:23:44.0023 4908	cdrom           (83d2d75e1efb81b3450c18131443f7db) C:\windows\system32\DRIVERS\cdrom.sys
12:23:44.0069 4908	cdrom - ok
12:23:44.0179 4908	circlass        (d7cd5c4e1b71fa62050515314cfb52cf) C:\windows\system32\DRIVERS\circlass.sys
12:23:44.0241 4908	circlass - ok
12:23:44.0319 4908	CLFS            (fe1ec06f2253f691fe36217c592a0206) C:\windows\system32\CLFS.sys
12:23:44.0350 4908	CLFS - ok
12:23:44.0475 4908	CmBatt          (0840155d0bddf1190f84a663c284bd33) C:\windows\system32\DRIVERS\CmBatt.sys
12:23:44.0522 4908	CmBatt - ok
12:23:44.0569 4908	cmdide          (e19d3f095812725d88f9001985b94edd) C:\windows\system32\DRIVERS\cmdide.sys
12:23:44.0584 4908	cmdide - ok
12:23:44.0693 4908	CNG             (937beb186a735aca91d717044a49d17e) C:\windows\system32\Drivers\cng.sys
12:23:44.0740 4908	CNG - ok
12:23:44.0865 4908	Compbatt        (102de219c3f61415f964c88e9085ad14) C:\windows\system32\DRIVERS\compbatt.sys
12:23:44.0881 4908	Compbatt - ok
12:23:44.0927 4908	CompositeBus    (f26b3a86f6fa87ca360b879581ab4123) C:\windows\system32\DRIVERS\CompositeBus.sys
12:23:44.0959 4908	CompositeBus - ok
12:23:45.0068 4908	crcdisk         (1c827878a998c18847245fe1f34ee597) C:\windows\system32\DRIVERS\crcdisk.sys
12:23:45.0083 4908	crcdisk - ok
12:23:45.0239 4908	DfsC            (9c253ce7311ca60fc11c774692a13208) C:\windows\system32\Drivers\dfsc.sys
12:23:45.0286 4908	DfsC - ok
12:23:45.0364 4908	discache        (13096b05847ec78f0977f2c0f79e9ab3) C:\windows\system32\drivers\discache.sys
12:23:45.0442 4908	discache - ok
12:23:45.0536 4908	Disk            (9819eee8b5ea3784ec4af3b137a5244c) C:\windows\system32\DRIVERS\disk.sys
12:23:45.0551 4908	Disk - ok
12:23:45.0629 4908	drmkaud         (9b19f34400d24df84c858a421c205754) C:\windows\system32\drivers\drmkaud.sys
12:23:45.0661 4908	drmkaud - ok
12:23:45.0785 4908	DXGKrnl         (1633b9abf52784a1331476397a48cbef) C:\windows\System32\drivers\dxgkrnl.sys
12:23:45.0832 4908	DXGKrnl - ok
12:23:45.0988 4908	ebdrv           (dc5d737f51be844d8c82c695eb17372f) C:\windows\system32\DRIVERS\evbda.sys
12:23:46.0113 4908	ebdrv - ok
12:23:46.0253 4908	elxstor         (0e5da5369a0fcaea12456dd852545184) C:\windows\system32\DRIVERS\elxstor.sys
12:23:46.0269 4908	elxstor - ok
12:23:46.0347 4908	ErrDev          (34a3c54752046e79a126e15c51db409b) C:\windows\system32\DRIVERS\errdev.sys
12:23:46.0409 4908	ErrDev - ok
12:23:46.0534 4908	ETD             (06c94be9d9e1e6411429433a64a76936) C:\windows\system32\DRIVERS\ETD.sys
12:23:46.0565 4908	ETD - ok
12:23:46.0721 4908	exfat           (a510c654ec00c1e9bdd91eeb3a59823b) C:\windows\system32\drivers\exfat.sys
12:23:46.0815 4908	exfat - ok
12:23:46.0846 4908	fastfat         (0adc83218b66a6db380c330836f3e36d) C:\windows\system32\drivers\fastfat.sys
12:23:46.0924 4908	fastfat - ok
12:23:47.0033 4908	fdc             (d765d19cd8ef61f650c384f62fac00ab) C:\windows\system32\DRIVERS\fdc.sys
12:23:47.0080 4908	fdc - ok
12:23:47.0205 4908	FileInfo        (655661be46b5f5f3fd454e2c3095b930) C:\windows\system32\drivers\fileinfo.sys
12:23:47.0221 4908	FileInfo - ok
12:23:47.0236 4908	Filetrace       (5f671ab5bc87eea04ec38a6cd5962a47) C:\windows\system32\drivers\filetrace.sys
12:23:47.0330 4908	Filetrace - ok
12:23:47.0439 4908	flpydisk        (c172a0f53008eaeb8ea33fe10e177af5) C:\windows\system32\DRIVERS\flpydisk.sys
12:23:47.0486 4908	flpydisk - ok
12:23:47.0517 4908	FltMgr          (f7866af72abbaf84b1fa5aa195378c59) C:\windows\system32\drivers\fltmgr.sys
12:23:47.0533 4908	FltMgr - ok
12:23:47.0626 4908	FsDepends       (d43703496149971890703b4b1b723eac) C:\windows\system32\drivers\FsDepends.sys
12:23:47.0642 4908	FsDepends - ok
12:23:47.0689 4908	Fs_Rec          (e95ef8547de20cf0603557c0cf7a9462) C:\windows\system32\drivers\Fs_Rec.sys
12:23:47.0704 4908	Fs_Rec - ok
12:23:47.0829 4908	fvevol          (ae87ba80d0ec3b57126ed2cdc15b24ed) C:\windows\system32\DRIVERS\fvevol.sys
12:23:47.0860 4908	fvevol - ok
12:23:47.0923 4908	gagp30kx        (8c778d335c9d272cfd3298ab02abe3b6) C:\windows\system32\DRIVERS\gagp30kx.sys
12:23:47.0954 4908	gagp30kx - ok
12:23:48.0079 4908	hamachi         (1e6438d4ea6e1174a3b3b1edc4de660b) C:\windows\system32\DRIVERS\hamachi.sys
12:23:48.0094 4908	hamachi - ok
12:23:48.0219 4908	hcw85cir        (f2523ef6460fc42405b12248338ab2f0) C:\windows\system32\drivers\hcw85cir.sys
12:23:48.0250 4908	hcw85cir - ok
12:23:48.0359 4908	HdAudAddService (6410f6f415b2a5a9037224c41da8bf12) C:\windows\system32\drivers\HdAudio.sys
12:23:48.0422 4908	HdAudAddService - ok
12:23:48.0531 4908	HDAudBus        (0a49913402747a0b67de940fb42cbdbb) C:\windows\system32\DRIVERS\HDAudBus.sys
12:23:48.0578 4908	HDAudBus - ok
12:23:48.0687 4908	HECIx64         (b6ac71aaa2b10848f57fc49d55a651af) C:\windows\system32\DRIVERS\HECIx64.sys
12:23:48.0703 4908	HECIx64 - ok
12:23:48.0718 4908	HidBatt         (78e86380454a7b10a5eb255dc44a355f) C:\windows\system32\DRIVERS\HidBatt.sys
12:23:48.0765 4908	HidBatt - ok
12:23:48.0859 4908	HidBth          (7fd2a313f7afe5c4dab14798c48dd104) C:\windows\system32\DRIVERS\hidbth.sys
12:23:48.0905 4908	HidBth - ok
12:23:49.0015 4908	HidIr           (0a77d29f311b88cfae3b13f9c1a73825) C:\windows\system32\DRIVERS\hidir.sys
12:23:49.0061 4908	HidIr - ok
12:23:49.0217 4908	HidUsb          (b3bf6b5b50006def50b66306d99fcf6f) C:\windows\system32\DRIVERS\hidusb.sys
12:23:49.0264 4908	HidUsb - ok
12:23:49.0405 4908	HpSAMD          (0886d440058f203eba0e1825e4355914) C:\windows\system32\DRIVERS\HpSAMD.sys
12:23:49.0420 4908	HpSAMD - ok
12:23:49.0483 4908	HTTP            (cee049cac4efa7f4e1e4ad014414a5d4) C:\windows\system32\drivers\HTTP.sys
12:23:49.0561 4908	HTTP - ok
12:23:49.0670 4908	hwpolicy        (f17766a19145f111856378df337a5d79) C:\windows\system32\drivers\hwpolicy.sys
12:23:49.0685 4908	hwpolicy - ok
12:23:49.0748 4908	i8042prt        (fa55c73d4affa7ee23ac4be53b4592d3) C:\windows\system32\DRIVERS\i8042prt.sys
12:23:49.0779 4908	i8042prt - ok
12:23:49.0857 4908	iaStor          (be7d72fcf442c26975942007e0831241) C:\windows\system32\DRIVERS\iaStor.sys
12:23:49.0873 4908	iaStor - ok
12:23:49.0966 4908	iaStorV         (b75e45c564e944a2657167d197ab29da) C:\windows\system32\drivers\iaStorV.sys
12:23:49.0997 4908	iaStorV - ok
12:23:50.0091 4908	iirsp           (5c18831c61933628f5bb0ea2675b9d21) C:\windows\system32\DRIVERS\iirsp.sys
12:23:50.0122 4908	iirsp - ok
12:23:50.0263 4908	Impcd           (4b6363cd4610bb848531bb260b15dfcc) C:\windows\system32\DRIVERS\Impcd.sys
12:23:50.0309 4908	Impcd - ok
12:23:50.0465 4908	IntcAzAudAddService (a4baf427952099d5874bac8783890df8) C:\windows\system32\drivers\RTKVHD64.sys
12:23:50.0512 4908	IntcAzAudAddService - ok
12:23:50.0637 4908	IntcDAud        (da24c1f66ee1b5a92e045376d7a44b58) C:\windows\system32\DRIVERS\IntcDAud.sys
12:23:50.0684 4908	IntcDAud - ok
12:23:50.0793 4908	intelide        (f00f20e70c6ec3aa366910083a0518aa) C:\windows\system32\DRIVERS\intelide.sys
12:23:50.0809 4908	intelide - ok
12:23:51.0058 4908	intelkmd        (09ce164afa8483e41808784d7fca154e) C:\windows\system32\DRIVERS\igdpmd64.sys
12:23:51.0370 4908	intelkmd - ok
12:23:51.0495 4908	intelppm        (ada036632c664caa754079041cf1f8c1) C:\windows\system32\DRIVERS\intelppm.sys
12:23:51.0526 4908	intelppm - ok
12:23:51.0651 4908	IpFilterDriver  (722dd294df62483cecaae6e094b4d695) C:\windows\system32\DRIVERS\ipfltdrv.sys
12:23:51.0729 4908	IpFilterDriver - ok
12:23:51.0854 4908	IPMIDRV         (e2b4a4494db7cb9b89b55ca268c337c5) C:\windows\system32\DRIVERS\IPMIDrv.sys
12:23:51.0901 4908	IPMIDRV - ok
12:23:51.0932 4908	IPNAT           (af9b39a7e7b6caa203b3862582e9f2d0) C:\windows\system32\drivers\ipnat.sys
12:23:52.0010 4908	IPNAT - ok
12:23:52.0119 4908	IRENUM          (3abf5e7213eb28966d55d58b515d5ce9) C:\windows\system32\drivers\irenum.sys
12:23:52.0150 4908	IRENUM - ok
12:23:52.0291 4908	isapnp          (2f7b28dc3e1183e5eb418df55c204f38) C:\windows\system32\DRIVERS\isapnp.sys
12:23:52.0306 4908	isapnp - ok
12:23:52.0337 4908	iScsiPrt        (fa4d2557de56d45b0a346f93564be6e1) C:\windows\system32\DRIVERS\msiscsi.sys
12:23:52.0353 4908	iScsiPrt - ok
12:23:52.0478 4908	kbdclass        (bc02336f1cba7dcc7d1213bb588a68a5) C:\windows\system32\DRIVERS\kbdclass.sys
12:23:52.0493 4908	kbdclass - ok
12:23:52.0540 4908	kbdhid          (6def98f8541e1b5dceb2c822a11f7323) C:\windows\system32\DRIVERS\kbdhid.sys
12:23:52.0587 4908	kbdhid - ok
12:23:52.0743 4908	KSecDD          (16c1b906fc5ead84769f90b736b6bf0e) C:\windows\system32\Drivers\ksecdd.sys
12:23:52.0759 4908	KSecDD - ok
12:23:52.0805 4908	KSecPkg         (0b711550c56444879d71c7daabda6c83) C:\windows\system32\Drivers\ksecpkg.sys
12:23:52.0821 4908	KSecPkg - ok
12:23:52.0946 4908	ksthunk         (6869281e78cb31a43e969f06b57347c4) C:\windows\system32\drivers\ksthunk.sys
12:23:53.0024 4908	ksthunk - ok
12:23:53.0164 4908	lltdio          (1538831cf8ad2979a04c423779465827) C:\windows\system32\DRIVERS\lltdio.sys
12:23:53.0242 4908	lltdio - ok
12:23:53.0367 4908	LSI_FC          (1a93e54eb0ece102495a51266dcdb6a6) C:\windows\system32\DRIVERS\lsi_fc.sys
12:23:53.0398 4908	LSI_FC - ok
12:23:53.0414 4908	LSI_SAS         (1047184a9fdc8bdbff857175875ee810) C:\windows\system32\DRIVERS\lsi_sas.sys
12:23:53.0429 4908	LSI_SAS - ok
12:23:53.0539 4908	LSI_SAS2        (30f5c0de1ee8b5bc9306c1f0e4a75f93) C:\windows\system32\DRIVERS\lsi_sas2.sys
12:23:53.0570 4908	LSI_SAS2 - ok
12:23:53.0585 4908	LSI_SCSI        (0504eacaff0d3c8aed161c4b0d369d4a) C:\windows\system32\DRIVERS\lsi_scsi.sys
12:23:53.0601 4908	LSI_SCSI - ok
12:23:53.0679 4908	luafv           (43d0f98e1d56ccddb0d5254cff7b356e) C:\windows\system32\drivers\luafv.sys
12:23:53.0757 4908	luafv - ok
12:23:53.0835 4908	megasas         (a55805f747c6edb6a9080d7c633bd0f4) C:\windows\system32\DRIVERS\megasas.sys
12:23:53.0851 4908	megasas - ok
12:23:53.0897 4908	MegaSR          (baf74ce0072480c3b6b7c13b2a94d6b3) C:\windows\system32\DRIVERS\MegaSR.sys
12:23:53.0913 4908	MegaSR - ok
12:23:54.0022 4908	Modem           (800ba92f7010378b09f9ed9270f07137) C:\windows\system32\drivers\modem.sys
12:23:54.0085 4908	Modem - ok
12:23:54.0147 4908	monitor         (b03d591dc7da45ece20b3b467e6aadaa) C:\windows\system32\DRIVERS\monitor.sys
12:23:54.0194 4908	monitor - ok
12:23:54.0272 4908	mouclass        (7d27ea49f3c1f687d357e77a470aea99) C:\windows\system32\DRIVERS\mouclass.sys
12:23:54.0287 4908	mouclass - ok
12:23:54.0350 4908	mouhid          (d3bf052c40b0c4166d9fd86a4288c1e6) C:\windows\system32\DRIVERS\mouhid.sys
12:23:54.0397 4908	mouhid - ok
12:23:54.0490 4908	mountmgr        (791af66c4d0e7c90a3646066386fb571) C:\windows\system32\drivers\mountmgr.sys
12:23:54.0506 4908	mountmgr - ok
12:23:54.0553 4908	mpio            (609d1d87649ecc19796f4d76d4c15cea) C:\windows\system32\DRIVERS\mpio.sys
12:23:54.0584 4908	mpio - ok
12:23:54.0646 4908	mpsdrv          (6c38c9e45ae0ea2fa5e551f2ed5e978f) C:\windows\system32\drivers\mpsdrv.sys
12:23:54.0740 4908	mpsdrv - ok
12:23:54.0787 4908	MRxDAV          (30524261bb51d96d6fcbac20c810183c) C:\windows\system32\drivers\mrxdav.sys
12:23:54.0833 4908	MRxDAV - ok
12:23:54.0927 4908	mrxsmb          (040d62a9d8ad28922632137acdd984f2) C:\windows\system32\DRIVERS\mrxsmb.sys
12:23:54.0943 4908	mrxsmb - ok
12:23:55.0021 4908	mrxsmb10        (f0067552f8f9b33d7c59403ab808a3cb) C:\windows\system32\DRIVERS\mrxsmb10.sys
12:23:55.0067 4908	mrxsmb10 - ok
12:23:55.0145 4908	mrxsmb20        (3c142d31de9f2f193218a53fe2632051) C:\windows\system32\DRIVERS\mrxsmb20.sys
12:23:55.0192 4908	mrxsmb20 - ok
12:23:55.0255 4908	msahci          (5c37497276e3b3a5488b23a326a754b7) C:\windows\system32\DRIVERS\msahci.sys
12:23:55.0270 4908	msahci - ok
12:23:55.0333 4908	msdsm           (8d27b597229aed79430fb9db3bcbfbd0) C:\windows\system32\DRIVERS\msdsm.sys
12:23:55.0348 4908	msdsm - ok
12:23:55.0442 4908	Msfs            (aa3fb40e17ce1388fa1bedab50ea8f96) C:\windows\system32\drivers\Msfs.sys
12:23:55.0504 4908	Msfs - ok
12:23:55.0582 4908	mshidkmdf       (f9d215a46a8b9753f61767fa72a20326) C:\windows\System32\drivers\mshidkmdf.sys
12:23:55.0660 4908	mshidkmdf - ok
12:23:55.0707 4908	msisadrv        (d916874bbd4f8b07bfb7fa9b3ccae29d) C:\windows\system32\DRIVERS\msisadrv.sys
12:23:55.0723 4908	msisadrv - ok
12:23:55.0832 4908	MSKSSRV         (49ccf2c4fea34ffad8b1b59d49439366) C:\windows\system32\drivers\MSKSSRV.sys
12:23:55.0910 4908	MSKSSRV - ok
12:23:55.0972 4908	MSPCLOCK        (bdd71ace35a232104ddd349ee70e1ab3) C:\windows\system32\drivers\MSPCLOCK.sys
12:23:56.0035 4908	MSPCLOCK - ok
12:23:56.0128 4908	MSPQM           (4ed981241db27c3383d72092b618a1d0) C:\windows\system32\drivers\MSPQM.sys
12:23:56.0191 4908	MSPQM - ok
12:23:56.0237 4908	MsRPC           (89cb141aa8616d8c6a4610fa26c60964) C:\windows\system32\drivers\MsRPC.sys
12:23:56.0269 4908	MsRPC - ok
12:23:56.0331 4908	mssmbios        (0eed230e37515a0eaee3c2e1bc97b288) C:\windows\system32\DRIVERS\mssmbios.sys
12:23:56.0347 4908	mssmbios - ok
12:23:56.0409 4908	MSTEE           (2e66f9ecb30b4221a318c92ac2250779) C:\windows\system32\drivers\MSTEE.sys
12:23:56.0503 4908	MSTEE - ok
12:23:56.0565 4908	MTConfig        (7ea404308934e675bffde8edf0757bcd) C:\windows\system32\DRIVERS\MTConfig.sys
12:23:56.0612 4908	MTConfig - ok
12:23:56.0674 4908	Mup             (f9a18612fd3526fe473c1bda678d61c8) C:\windows\system32\Drivers\mup.sys
12:23:56.0690 4908	Mup - ok
12:23:56.0799 4908	NativeWifiP     (1ea3749c4114db3e3161156ffffa6b33) C:\windows\system32\DRIVERS\nwifi.sys
12:23:56.0846 4908	NativeWifiP - ok
12:23:56.0924 4908	NDIS            (cad515dbd07d082bb317d9928ce8962c) C:\windows\system32\drivers\ndis.sys
12:23:56.0971 4908	NDIS - ok
12:23:57.0095 4908	NdisCap         (9f9a1f53aad7da4d6fef5bb73ab811ac) C:\windows\system32\DRIVERS\ndiscap.sys
12:23:57.0173 4908	NdisCap - ok
12:23:57.0298 4908	NdisTapi        (30639c932d9fef22b31268fe25a1b6e5) C:\windows\system32\DRIVERS\ndistapi.sys
12:23:57.0361 4908	NdisTapi - ok
12:23:57.0485 4908	Ndisuio         (f105ba1e22bf1f2ee8f005d4305e4bec) C:\windows\system32\DRIVERS\ndisuio.sys
12:23:57.0563 4908	Ndisuio - ok
12:23:57.0595 4908	NdisWan         (557dfab9ca1fcb036ac77564c010dad3) C:\windows\system32\DRIVERS\ndiswan.sys
12:23:57.0657 4908	NdisWan - ok
12:23:57.0751 4908	NDProxy         (659b74fb74b86228d6338d643cd3e3cf) C:\windows\system32\drivers\NDProxy.sys
12:23:57.0829 4908	NDProxy - ok
12:23:57.0938 4908	NetBIOS         (86743d9f5d2b1048062b14b1d84501c4) C:\windows\system32\DRIVERS\netbios.sys
12:23:58.0016 4908	NetBIOS - ok
12:23:58.0047 4908	NetBT           (9162b273a44ab9dce5b44362731d062a) C:\windows\system32\DRIVERS\netbt.sys
12:23:58.0109 4908	NetBT - ok
12:23:58.0406 4908	NETw5s64        (39ede676d17f37af4573c2b33ec28aca) C:\windows\system32\DRIVERS\NETw5s64.sys
12:23:58.0671 4908	NETw5s64 - ok
12:23:58.0780 4908	nfrd960         (77889813be4d166cdab78ddba990da92) C:\windows\system32\DRIVERS\nfrd960.sys
12:23:58.0796 4908	nfrd960 - ok
12:23:58.0874 4908	Npfs            (1e4c4ab5c9b8dd13179bbdc75a2a01f7) C:\windows\system32\drivers\Npfs.sys
12:23:58.0952 4908	Npfs - ok
12:23:59.0014 4908	nsiproxy        (e7f5ae18af4168178a642a9247c63001) C:\windows\system32\drivers\nsiproxy.sys
12:23:59.0077 4908	nsiproxy - ok
12:23:59.0186 4908	Ntfs            (378e0e0dfea67d98ae6ea53adbbd76bc) C:\windows\system32\drivers\Ntfs.sys
12:23:59.0233 4908	Ntfs - ok
12:23:59.0326 4908	Null            (9899284589f75fa8724ff3d16aed75c1) C:\windows\system32\drivers\Null.sys
12:23:59.0404 4908	Null - ok
12:23:59.0513 4908	nvraid          (a4d9c9a608a97f59307c2f2600edc6a4) C:\windows\system32\drivers\nvraid.sys
12:23:59.0529 4908	nvraid - ok
12:23:59.0560 4908	nvstor          (6c1d5f70e7a6a3fd1c90d840edc048b9) C:\windows\system32\drivers\nvstor.sys
12:23:59.0591 4908	nvstor - ok
12:23:59.0701 4908	nv_agp          (270d7cd42d6e3979f6dd0146650f0e05) C:\windows\system32\DRIVERS\nv_agp.sys
12:23:59.0732 4908	nv_agp - ok
12:23:59.0779 4908	ohci1394        (3589478e4b22ce21b41fa1bfc0b8b8a0) C:\windows\system32\DRIVERS\ohci1394.sys
12:23:59.0825 4908	ohci1394 - ok
12:23:59.0935 4908	Parport         (0086431c29c35be1dbc43f52cc273887) C:\windows\system32\DRIVERS\parport.sys
12:23:59.0966 4908	Parport - ok
12:23:59.0981 4908	partmgr         (7daa117143316c4a1537e074a5a9eaf0) C:\windows\system32\drivers\partmgr.sys
12:23:59.0997 4908	partmgr - ok
12:24:00.0091 4908	pci             (f36f6504009f2fb0dfd1b17a116ad74b) C:\windows\system32\DRIVERS\pci.sys
12:24:00.0122 4908	pci - ok
12:24:00.0247 4908	pciide          (b5b8b5ef2e5cb34df8dcf8831e3534fa) C:\windows\system32\DRIVERS\pciide.sys
12:24:00.0262 4908	pciide - ok
12:24:00.0293 4908	pcmcia          (b2e81d4e87ce48589f98cb8c05b01f2f) C:\windows\system32\DRIVERS\pcmcia.sys
12:24:00.0309 4908	pcmcia - ok
12:24:00.0387 4908	pcw             (d6b9c2e1a11a3a4b26a182ffef18f603) C:\windows\system32\drivers\pcw.sys
12:24:00.0403 4908	pcw - ok
12:24:00.0434 4908	PEAUTH          (68769c3356b3be5d1c732c97b9a80d6e) C:\windows\system32\drivers\peauth.sys
12:24:00.0512 4908	PEAUTH - ok
12:24:00.0668 4908	Point64         (b8d8ec78b0f9ed8e220506181274f3d3) C:\windows\system32\DRIVERS\point64.sys
12:24:00.0683 4908	Point64 - ok
12:24:00.0824 4908	PptpMiniport    (27cc19e81ba5e3403c48302127bda717) C:\windows\system32\DRIVERS\raspptp.sys
12:24:00.0902 4908	PptpMiniport - ok
12:24:01.0011 4908	Processor       (0d922e23c041efb1c3fac2a6f943c9bf) C:\windows\system32\DRIVERS\processr.sys
12:24:01.0058 4908	Processor - ok
12:24:01.0183 4908	Psched          (ee992183bd8eaefd9973f352e587a299) C:\windows\system32\DRIVERS\pacer.sys
12:24:01.0245 4908	Psched - ok
12:24:01.0323 4908	ql2300          (a53a15a11ebfd21077463ee2c7afeef0) C:\windows\system32\DRIVERS\ql2300.sys
12:24:01.0370 4908	ql2300 - ok
12:24:01.0479 4908	ql40xx          (4f6d12b51de1aaeff7dc58c4d75423c8) C:\windows\system32\DRIVERS\ql40xx.sys
12:24:01.0510 4908	ql40xx - ok
12:24:01.0526 4908	QWAVEdrv        (76707bb36430888d9ce9d705398adb6c) C:\windows\system32\drivers\qwavedrv.sys
12:24:01.0588 4908	QWAVEdrv - ok
12:24:01.0697 4908	RasAcd          (5a0da8ad5762fa2d91678a8a01311704) C:\windows\system32\DRIVERS\rasacd.sys
12:24:01.0744 4908	RasAcd - ok
12:24:01.0838 4908	RasAgileVpn     (7ecff9b22276b73f43a99a15a6094e90) C:\windows\system32\DRIVERS\AgileVpn.sys
12:24:01.0916 4908	RasAgileVpn - ok
12:24:01.0994 4908	Rasl2tp         (87a6e852a22991580d6d39adc4790463) C:\windows\system32\DRIVERS\rasl2tp.sys
12:24:02.0072 4908	Rasl2tp - ok
12:24:02.0212 4908	RasPppoe        (855c9b1cd4756c5e9a2aa58a15f58c25) C:\windows\system32\DRIVERS\raspppoe.sys
12:24:02.0275 4908	RasPppoe - ok
12:24:02.0384 4908	RasSstp         (e8b1e447b008d07ff47d016c2b0eeecb) C:\windows\system32\DRIVERS\rassstp.sys
12:24:02.0462 4908	RasSstp - ok
12:24:02.0493 4908	rdbss           (3bac8142102c15d59a87757c1d41dce5) C:\windows\system32\DRIVERS\rdbss.sys
12:24:02.0555 4908	rdbss - ok
12:24:02.0649 4908	rdpbus          (302da2a0539f2cf54d7c6cc30c1f2d8d) C:\windows\system32\DRIVERS\rdpbus.sys
12:24:02.0696 4908	rdpbus - ok
12:24:02.0743 4908	RDPCDD          (cea6cc257fc9b7715f1c2b4849286d24) C:\windows\system32\DRIVERS\RDPCDD.sys
12:24:02.0821 4908	RDPCDD - ok
12:24:02.0899 4908	RDPENCDD        (bb5971a4f00659529a5c44831af22365) C:\windows\system32\drivers\rdpencdd.sys
12:24:02.0977 4908	RDPENCDD - ok
12:24:03.0023 4908	RDPREFMP        (216f3fa57533d98e1f74ded70113177a) C:\windows\system32\drivers\rdprefmp.sys
12:24:03.0086 4908	RDPREFMP - ok
12:24:03.0148 4908	RDPWD           (8a3e6bea1c53ea6177fe2b6eba2c80d7) C:\windows\system32\drivers\RDPWD.sys
12:24:03.0211 4908	RDPWD - ok
12:24:03.0335 4908	rdyboost        (634b9a2181d98f15941236886164ec8b) C:\windows\system32\drivers\rdyboost.sys
12:24:03.0351 4908	rdyboost - ok
12:24:03.0491 4908	RFCOMM          (3dd798846e2c28102b922c56e71b7932) C:\windows\system32\DRIVERS\rfcomm.sys
12:24:03.0538 4908	RFCOMM - ok
12:24:03.0663 4908	rspndr          (ddc86e4f8e7456261e637e3552e804ff) C:\windows\system32\DRIVERS\rspndr.sys
12:24:03.0741 4908	rspndr - ok
12:24:03.0881 4908	RSUSBSTOR       (db30aa4daa0d492fa5d7717d8181ffa1) C:\windows\system32\Drivers\RtsUStor.sys
12:24:03.0944 4908	RSUSBSTOR - ok
12:24:04.0069 4908	RTHDMIAzAudService (4e821c740a675f6d040be41d59a62b1d) C:\windows\system32\drivers\RtHDMIVX.sys
12:24:04.0084 4908	RTHDMIAzAudService - ok
12:24:04.0131 4908	RTL8167         (3b01789ee4eaee97f5eb46b711387d5e) C:\windows\system32\DRIVERS\Rt64win7.sys
12:24:04.0178 4908	RTL8167 - ok
12:24:04.0287 4908	sbp2port        (e3bbb89983daf5622c1d50cf49f28227) C:\windows\system32\DRIVERS\sbp2port.sys
12:24:04.0303 4908	sbp2port - ok
12:24:04.0334 4908	scfilter        (c94da20c7e3ba1dca269bc8460d98387) C:\windows\system32\DRIVERS\scfilter.sys
12:24:04.0365 4908	scfilter - ok
12:24:04.0505 4908	sdbus           (54e47ad086782d3ae9417c155cdceb9b) C:\windows\system32\DRIVERS\sdbus.sys
12:24:04.0552 4908	sdbus - ok
12:24:04.0646 4908	secdrv          (3ea8a16169c26afbeb544e0e48421186) C:\windows\system32\drivers\secdrv.sys
12:24:04.0724 4908	secdrv - ok
12:24:04.0849 4908	Serenum         (cb624c0035412af0debec78c41f5ca1b) C:\windows\system32\DRIVERS\serenum.sys
12:24:04.0895 4908	Serenum - ok
12:24:05.0020 4908	Serial          (c1d8e28b2c2adfaec4ba89e9fda69bd6) C:\windows\system32\DRIVERS\serial.sys
12:24:05.0067 4908	Serial - ok
12:24:05.0161 4908	sermouse        (1c545a7d0691cc4a027396535691c3e3) C:\windows\system32\DRIVERS\sermouse.sys
12:24:05.0207 4908	sermouse - ok
12:24:05.0254 4908	sffdisk         (a554811bcd09279536440c964ae35bbf) C:\windows\system32\DRIVERS\sffdisk.sys
12:24:05.0301 4908	sffdisk - ok
12:24:05.0395 4908	sffp_mmc        (ff414f0baefeba59bc6c04b3db0b87bf) C:\windows\system32\DRIVERS\sffp_mmc.sys
12:24:05.0441 4908	sffp_mmc - ok
12:24:05.0473 4908	sffp_sd         (5588b8c6193eb1522490c122eb94dffa) C:\windows\system32\DRIVERS\sffp_sd.sys
12:24:05.0519 4908	sffp_sd - ok
12:24:05.0629 4908	sfloppy         (a9d601643a1647211a1ee2ec4e433ff4) C:\windows\system32\DRIVERS\sfloppy.sys
12:24:05.0675 4908	sfloppy - ok
12:24:05.0785 4908	SiSRaid2        (843caf1e5fde1ffd5ff768f23a51e2e1) C:\windows\system32\DRIVERS\SiSRaid2.sys
12:24:05.0800 4908	SiSRaid2 - ok
12:24:05.0831 4908	SiSRaid4        (6a6c106d42e9ffff8b9fcb4f754f6da4) C:\windows\system32\DRIVERS\sisraid4.sys
12:24:05.0847 4908	SiSRaid4 - ok
12:24:05.0956 4908	Smb             (548260a7b8654e024dc30bf8a7c5baa4) C:\windows\system32\DRIVERS\smb.sys
12:24:06.0050 4908	Smb - ok
12:24:06.0175 4908	smserial        (7ae8bca90539ecbde87ac45ba1436be3) C:\windows\system32\DRIVERS\SmSerl64.sys
12:24:06.0237 4908	smserial - ok
12:24:06.0346 4908	spldr           (b9e31e5cacdfe584f34f730a677803f9) C:\windows\system32\drivers\spldr.sys
12:24:06.0362 4908	spldr - ok
12:24:06.0424 4908	srv             (2408c0366d96bcdf63e8f1c78e4a29c5) C:\windows\system32\DRIVERS\srv.sys
12:24:06.0471 4908	srv - ok
12:24:06.0580 4908	srv2            (76548f7b818881b47d8d1ae1be9c11f8) C:\windows\system32\DRIVERS\srv2.sys
12:24:06.0643 4908	srv2 - ok
12:24:06.0783 4908	srvnet          (0af6e19d39c70844c5caa8fb0183c36e) C:\windows\system32\DRIVERS\srvnet.sys
12:24:06.0830 4908	srvnet - ok
12:24:06.0955 4908	stexstor        (f3817967ed533d08327dc73bc4d5542a) C:\windows\system32\DRIVERS\stexstor.sys
12:24:06.0970 4908	stexstor - ok
12:24:07.0017 4908	swenum          (d01ec09b6711a5f8e7e6564a4d0fbc90) C:\windows\system32\DRIVERS\swenum.sys
12:24:07.0033 4908	swenum - ok
12:24:07.0173 4908	Tcpip           (f18f56efc0bfb9c87ba01c37b27f4da5) C:\windows\system32\drivers\tcpip.sys
12:24:07.0235 4908	Tcpip - ok
12:24:07.0391 4908	TCPIP6          (f18f56efc0bfb9c87ba01c37b27f4da5) C:\windows\system32\DRIVERS\tcpip.sys
12:24:07.0438 4908	TCPIP6 - ok
12:24:07.0532 4908	tcpipreg        (76d078af6f587b162d50210f761eb9ed) C:\windows\system32\drivers\tcpipreg.sys
12:24:07.0579 4908	tcpipreg - ok
12:24:07.0672 4908	TDPIPE          (3371d21011695b16333a3934340c4e7c) C:\windows\system32\drivers\tdpipe.sys
12:24:07.0735 4908	TDPIPE - ok
12:24:07.0813 4908	TDTCP           (e4245bda3190a582d55ed09e137401a9) C:\windows\system32\drivers\tdtcp.sys
12:24:07.0875 4908	TDTCP - ok
12:24:07.0953 4908	tdx             (079125c4b17b01fcaeebce0bcb290c0f) C:\windows\system32\DRIVERS\tdx.sys
12:24:08.0031 4908	tdx - ok
12:24:08.0109 4908	TermDD          (c448651339196c0e869a355171875522) C:\windows\system32\DRIVERS\termdd.sys
12:24:08.0125 4908	TermDD - ok
12:24:08.0265 4908	tssecsrv        (61b96c26131e37b24e93327a0bd1fb95) C:\windows\system32\DRIVERS\tssecsrv.sys
12:24:08.0343 4908	tssecsrv - ok
12:24:08.0452 4908	tunnel          (3836171a2cdf3af8ef10856db9835a70) C:\windows\system32\DRIVERS\tunnel.sys
12:24:08.0499 4908	tunnel - ok
12:24:08.0515 4908	TurboB          (c45a3e051c65106a28982caed125f855) C:\windows\system32\DRIVERS\TurboB.sys
12:24:08.0530 4908	TurboB - ok
12:24:08.0624 4908	uagp35          (b4dd609bd7e282bfc683cec7eaaaad67) C:\windows\system32\DRIVERS\uagp35.sys
12:24:08.0639 4908	uagp35 - ok
12:24:08.0655 4908	udfs            (d47baead86c65d4f4069d7ce0a4edceb) C:\windows\system32\DRIVERS\udfs.sys
12:24:08.0702 4908	udfs - ok
12:24:08.0858 4908	uliagpkx        (4bfe1bc28391222894cbf1e7d0e42320) C:\windows\system32\DRIVERS\uliagpkx.sys
12:24:08.0873 4908	uliagpkx - ok
12:24:08.0998 4908	umbus           (eab6c35e62b1b0db0d1b48b671d3a117) C:\windows\system32\DRIVERS\umbus.sys
12:24:09.0045 4908	umbus - ok
12:24:09.0185 4908	UmPass          (b2e8e8cb557b156da5493bbddcc1474d) C:\windows\system32\DRIVERS\umpass.sys
12:24:09.0248 4908	UmPass - ok
12:24:09.0373 4908	usbccgp         (7b6a127c93ee590e4d79a5f2a76fe46f) C:\windows\system32\DRIVERS\usbccgp.sys
12:24:09.0404 4908	usbccgp - ok
12:24:09.0529 4908	usbcir          (af0892a803fdda7492f595368e3b68e7) C:\windows\system32\DRIVERS\usbcir.sys
12:24:09.0544 4908	usbcir - ok
12:24:09.0685 4908	usbehci         (92969ba5ac44e229c55a332864f79677) C:\windows\system32\drivers\usbehci.sys
12:24:09.0700 4908	usbehci - ok
12:24:09.0763 4908	usbhub          (e7df1cfd28ca86b35ef5add0735ceef3) C:\windows\system32\DRIVERS\usbhub.sys
12:24:09.0825 4908	usbhub - ok
12:24:09.0934 4908	usbohci         (f1bb1e55f1e7a65c5839ccc7b36d773e) C:\windows\system32\drivers\usbohci.sys
12:24:09.0965 4908	usbohci - ok
12:24:10.0075 4908	usbprint        (73188f58fb384e75c4063d29413cee3d) C:\windows\system32\DRIVERS\usbprint.sys
12:24:10.0121 4908	usbprint - ok
12:24:10.0231 4908	usbscan         (aaa2513c8aed8b54b189fd0c6b1634c0) C:\windows\system32\DRIVERS\usbscan.sys
12:24:10.0262 4908	usbscan - ok
12:24:10.0309 4908	USBSTOR         (f39983647bc1f3e6100778ddfe9dce29) C:\windows\system32\DRIVERS\USBSTOR.SYS
12:24:10.0340 4908	USBSTOR - ok
12:24:10.0480 4908	usbuhci         (bc3070350a491d84b518d7cca9abd36f) C:\windows\system32\drivers\usbuhci.sys
12:24:10.0496 4908	usbuhci - ok
12:24:10.0589 4908	usbvideo        (7cb8c573c6e4a2714402cc0a36eab4fe) C:\windows\System32\Drivers\usbvideo.sys
12:24:10.0605 4908	usbvideo - ok
12:24:10.0714 4908	vdrvroot        (c5c876ccfc083ff3b128f933823e87bd) C:\windows\system32\DRIVERS\vdrvroot.sys
12:24:10.0730 4908	vdrvroot - ok
12:24:10.0808 4908	vga             (da4da3f5e02943c2dc8c6ed875de68dd) C:\windows\system32\DRIVERS\vgapnp.sys
12:24:10.0823 4908	vga - ok
12:24:10.0901 4908	VgaSave         (53e92a310193cb3c03bea963de7d9cfc) C:\windows\System32\drivers\vga.sys
12:24:10.0979 4908	VgaSave - ok
12:24:11.0089 4908	vhdmp           (c82e748660f62a242b2dfac1442f22a4) C:\windows\system32\DRIVERS\vhdmp.sys
12:24:11.0104 4908	vhdmp - ok
12:24:11.0120 4908	viaide          (e5689d93ffe4e5d66c0178761240dd54) C:\windows\system32\DRIVERS\viaide.sys
12:24:11.0135 4908	viaide - ok
12:24:11.0260 4908	volmgr          (2b1a3dae2b4e70dbba822b7a03fbd4a3) C:\windows\system32\DRIVERS\volmgr.sys
12:24:11.0291 4908	volmgr - ok
12:24:11.0307 4908	volmgrx         (99b0cbb569ca79acaed8c91461d765fb) C:\windows\system32\drivers\volmgrx.sys
12:24:11.0338 4908	volmgrx - ok
12:24:11.0416 4908	volsnap         (58f82eed8ca24b461441f9c3e4f0bf5c) C:\windows\system32\DRIVERS\volsnap.sys
12:24:11.0447 4908	volsnap - ok
12:24:11.0494 4908	vsmraid         (5e2016ea6ebaca03c04feac5f330d997) C:\windows\system32\DRIVERS\vsmraid.sys
12:24:11.0525 4908	vsmraid - ok
12:24:11.0603 4908	vwifibus        (36d4720b72b5c5d9cb2b9c29e9df67a1) C:\windows\system32\DRIVERS\vwifibus.sys
12:24:11.0635 4908	vwifibus - ok
12:24:11.0759 4908	vwififlt        (6a3d66263414ff0d6fa754c646612f3f) C:\windows\system32\DRIVERS\vwififlt.sys
12:24:11.0806 4908	vwififlt - ok
12:24:11.0915 4908	vwifimp         (6a638fc4bfddc4d9b186c28c91bd1a01) C:\windows\system32\DRIVERS\vwifimp.sys
12:24:11.0947 4908	vwifimp - ok
12:24:12.0009 4908	WacomPen        (4e9440f4f152a7b944cb1663d3935a3e) C:\windows\system32\DRIVERS\wacompen.sys
12:24:12.0040 4908	WacomPen - ok
12:24:12.0165 4908	WANARP          (47ca49400643effd3f1c9a27e1d69324) C:\windows\system32\DRIVERS\wanarp.sys
12:24:12.0243 4908	WANARP - ok
12:24:12.0259 4908	Wanarpv6        (47ca49400643effd3f1c9a27e1d69324) C:\windows\system32\DRIVERS\wanarp.sys
12:24:12.0305 4908	Wanarpv6 - ok
12:24:12.0399 4908	Wd              (72889e16ff12ba0f235467d6091b17dc) C:\windows\system32\DRIVERS\wd.sys
12:24:12.0415 4908	Wd - ok
12:24:12.0461 4908	Wdf01000        (441bd2d7b4f98134c3a4f9fa570fd250) C:\windows\system32\drivers\Wdf01000.sys
12:24:12.0493 4908	Wdf01000 - ok
12:24:12.0649 4908	WfpLwf          (611b23304bf067451a9fdee01fbdd725) C:\windows\system32\DRIVERS\wfplwf.sys
12:24:12.0695 4908	WfpLwf - ok
12:24:12.0758 4908	WIMMount        (05ecaec3e4529a7153b3136ceb49f0ec) C:\windows\system32\drivers\wimmount.sys
12:24:12.0773 4908	WIMMount - ok
12:24:12.0929 4908	WinUsb          (817eaff5d38674edd7713b9dfb8e9791) C:\windows\system32\DRIVERS\WinUsb.sys
12:24:12.0992 4908	WinUsb - ok
12:24:13.0085 4908	WmiAcpi         (f6ff8944478594d0e414d3f048f0d778) C:\windows\system32\DRIVERS\wmiacpi.sys
12:24:13.0132 4908	WmiAcpi - ok
12:24:13.0273 4908	ws2ifsl         (6bcc1d7d2fd2453957c5479a32364e52) C:\windows\system32\drivers\ws2ifsl.sys
12:24:13.0335 4908	ws2ifsl - ok
12:24:13.0382 4908	WudfPf          (7cadc74271dd6461c452c271b30bd378) C:\windows\system32\drivers\WudfPf.sys
12:24:13.0460 4908	WudfPf - ok
12:24:13.0569 4908	WUDFRd          (3b197af0fff08aa66b6b2241ca538d64) C:\windows\system32\DRIVERS\WUDFRd.sys
12:24:13.0647 4908	WUDFRd - ok
12:24:13.0709 4908	MBR (0x1B8)     (a36c5e4f47e84449ff07ed3517b43a31) \Device\Harddisk0\DR0
12:24:13.0865 4908	\Device\Harddisk0\DR0 - ok
12:24:13.0865 4908	MBR (0x1B8)     (5fb38429d5d77768867c76dcbdb35194) \Device\Harddisk1\DR1
12:24:14.0053 4908	\Device\Harddisk1\DR1 - ok
12:24:14.0053 4908	MBR (0x1B8)     (5553cd643b9e5e7430afa8537c5e9d58) \Device\Harddisk2\DR2
12:24:20.0917 4908	\Device\Harddisk2\DR2 - ok
12:24:20.0948 4908	Boot (0x1200)   (cc053717143e58f81f724b1082df01d8) \Device\Harddisk0\DR0\Partition0
12:24:20.0948 4908	\Device\Harddisk0\DR0\Partition0 - ok
12:24:20.0979 4908	Boot (0x1200)   (908ac6da23d348d28fcb92d03d4129ad) \Device\Harddisk0\DR0\Partition1
12:24:20.0979 4908	\Device\Harddisk0\DR0\Partition1 - ok
12:24:20.0979 4908	Boot (0x1200)   (30603b3bcee732b91e85cee036b95197) \Device\Harddisk1\DR1\Partition0
12:24:20.0979 4908	\Device\Harddisk1\DR1\Partition0 - ok
12:24:20.0979 4908	============================================================
12:24:20.0979 4908	Scan finished
12:24:20.0979 4908	============================================================
12:24:20.0995 2572	Detected object count: 0
12:24:20.0995 2572	Actual detected object count: 0
         
Mir ist nicht aufgefallen, dass irgendwas nicht sichtbar wäre auf dem desktop, werde es trotzdem erstmal ausführen, wenn das quatsch ist einfach bescheid sagen, dann stopp ichs.

Alt 19.01.2012, 13:40   #12
cosinus
/// Winkelfunktion
/// TB-Süch-Tiger™
 
Meldung: "Achtung! Aus Sicherheitsgründen wurde ihr Windowssystem gesperrt" - Standard

Meldung: "Achtung! Aus Sicherheitsgründen wurde ihr Windowssystem gesperrt"



Dann bitte jetzt CF ausführen:

ComboFix

Ein Leitfaden und Tutorium zur Nutzung von ComboFix
  • Schliesse alle Programme, vor allem dein Antivirenprogramm und andere Hintergrundwächter sowie deinen Internetbrowser.
  • Starte cofi.exe von deinem Desktop aus, bestätige die Warnmeldungen, führe die Updates durch (falls vorgeschlagen), installiere die Wiederherstellungskonsole (falls vorgeschlagen) und lass dein System durchsuchen.
    Vermeide es auch während Combofix läuft die Maus und Tastatur zu benutzen.
  • Im Anschluss öffnet sich automatisch eine combofix.txt, diesen Inhalt bitte kopieren ([Strg]a, [Strg]c) und in deinen Beitrag einfügen ([Strg]v). Die Datei findest du außerdem unter: C:\ComboFix.txt.
Wichtiger Hinweis:
Combofix darf ausschließlich ausgeführt werden, wenn ein Kompetenzler dies ausdrücklich empfohlen hat!

Es sollte nie auf eigene Initiative hin ausgeführt werden! Eine falsche Benutzung kann ernsthafte Computerprobleme nach sich ziehen und eine Bereinigung der Infektion noch erschweren.

Solltest du nach der Ausführung von Combofix Probleme beim Starten von Anwendungen haben und Meldungen erhalten wie

Zitat:
Es wurde versucht, einen Registrierungsschlüssel einem ungültigen Vorgang zu unterziehen, der zum Löschen markiert wurde.
startest du Windows dann manuell neu und die Fehlermeldungen sollten nicht mehr auftauchen.
__________________
"Die Wahrheit ist normalerweise nur eine Entschuldigung für einen Mangel an Fantasie." (Elim Garak)

Das Trojaner-Board unterstützen
Warum Linux besser als Windows ist!

Alt 19.01.2012, 13:59   #13
GutenTag
 
Meldung: "Achtung! Aus Sicherheitsgründen wurde ihr Windowssystem gesperrt" - Standard

Meldung: "Achtung! Aus Sicherheitsgründen wurde ihr Windowssystem gesperrt"



Hier ist das von ComboFix erstellte log:

Code:
ATTFilter
ComboFix 12-01-18.04 - Stefan 19.01.2012  13:50:00.1.4 - x64
Microsoft Windows 7 Home Premium   6.1.7600.0.1252.49.1031.18.3886.2372 [GMT 1:00]
ausgeführt von:: c:\users\Stefan\Desktop\ComboFix.exe
AV: AntiVir Desktop *Disabled/Outdated* {090F9C29-64CE-6C6F-379C-5901B49A85B7}
SP: AntiVir Desktop *Disabled/Outdated* {B26E7DCD-42F4-63E1-0D2C-6273CF1DCF0A}
SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
.
((((((((((((((((((((((((((((((((((((   Weitere Löschungen   ))))))))))))))))))))))))))))))))))))))))))))))))
.
.
C:\install.exe
c:\program files (x86)\AutocompletePro
c:\program files (x86)\AutocompletePro\AutocompletePro.dll
c:\program files (x86)\AutocompletePro\chrome\autocompleteprochrome.crx
c:\program files (x86)\AutocompletePro\FireFoxExtension.exe
c:\program files (x86)\AutocompletePro\InstTracker.exe
c:\program files (x86)\AutocompletePro\support@predictad.com\chrome.manifest
c:\program files (x86)\AutocompletePro\support@predictad.com\chrome\content\browserOverlay.xul
c:\program files (x86)\AutocompletePro\support@predictad.com\chrome\content\options.js
c:\program files (x86)\AutocompletePro\support@predictad.com\chrome\content\options.xul
c:\program files (x86)\AutocompletePro\support@predictad.com\chrome\content\utils.js
c:\program files (x86)\AutocompletePro\support@predictad.com\defaults\preferences\predictad.js
c:\program files (x86)\AutocompletePro\support@predictad.com\install.rdf
c:\program files (x86)\AutocompletePro\unins000.dat
c:\program files (x86)\AutocompletePro\unins000.exe
c:\program files (x86)\INSTALL.LOG
c:\windows\system32\drivers\etc\hosts.ics
.
.
(((((((((((((((((((((((   Dateien erstellt von 2011-12-19 bis 2012-01-19  ))))))))))))))))))))))))))))))
.
.
2012-01-19 12:53 . 2012-01-19 12:53	--------	d-----w-	c:\users\Default\AppData\Local\temp
2012-01-19 10:59 . 2012-01-19 10:59	69000	----a-w-	c:\programdata\Microsoft\Windows Defender\Definition Updates\{3FB29BA2-E915-4783-85BC-39887E6EE9E4}\offreg.dll
2012-01-19 10:44 . 2012-01-19 10:44	--------	d-----w-	C:\_OTL
2012-01-18 21:14 . 2012-01-18 21:14	--------	d-----w-	c:\program files (x86)\ESET
2012-01-18 21:12 . 2012-01-18 21:12	--------	d-----w-	c:\program files (x86)\searchplugins
2012-01-18 21:12 . 2012-01-18 21:12	--------	d-----w-	c:\program files (x86)\hyphenation
2012-01-18 21:12 . 2012-01-18 21:12	--------	d-----w-	c:\program files (x86)\extensions
2012-01-18 21:12 . 2012-01-18 21:12	--------	d-----w-	c:\program files (x86)\defaults
2012-01-18 21:12 . 2012-01-18 21:12	--------	d-----w-	c:\program files (x86)\components
2012-01-18 21:12 . 2011-12-21 07:42	2124760	----a-w-	c:\program files (x86)\mozjs.dll
2012-01-18 17:26 . 2011-11-21 11:40	8822856	----a-w-	c:\programdata\Microsoft\Windows Defender\Definition Updates\{3FB29BA2-E915-4783-85BC-39887E6EE9E4}\mpengine.dll
2012-01-18 15:15 . 2012-01-18 15:15	--------	d---a-w-	C:\.Trash-999
2012-01-17 10:50 . 2012-01-17 10:50	--------	d-----w-	c:\users\Stefan\AppData\Roaming\Avira
2012-01-17 10:30 . 2012-01-19 02:10	--------	d-----w-	c:\programdata\Panda Security
2012-01-17 10:30 . 2012-01-19 02:10	--------	d-----w-	c:\program files (x86)\Panda USB Vaccine
2012-01-15 17:40 . 2011-12-21 04:29	626688	----a-w-	c:\program files (x86)\msvcr80.dll
2012-01-15 17:40 . 2011-12-21 04:29	548864	----a-w-	c:\program files (x86)\msvcp80.dll
2012-01-15 17:40 . 2011-12-21 04:29	479232	----a-w-	c:\program files (x86)\msvcm80.dll
2012-01-15 17:40 . 2011-12-21 07:42	43992	----a-w-	c:\program files (x86)\mozutils.dll
2012-01-15 14:17 . 2012-01-19 02:09	--------	d-----w-	c:\users\Stefan\AppData\Roaming\Malwarebytes
2012-01-15 14:17 . 2012-01-15 14:17	--------	d-----w-	c:\programdata\Malwarebytes
2012-01-11 19:28 . 2012-01-11 19:28	--------	d-----w-	c:\users\Stefan\AppData\Roaming\GraphPad Software
2012-01-11 19:28 . 2012-01-11 19:28	--------	d-----w-	c:\programdata\GraphPad Software
2012-01-11 14:11 . 2011-10-26 05:22	366592	----a-w-	c:\windows\system32\qdvd.dll
2012-01-11 14:11 . 2011-10-26 05:22	1572864	----a-w-	c:\windows\system32\quartz.dll
2012-01-11 14:11 . 2011-10-26 04:28	1328640	----a-w-	c:\windows\SysWow64\quartz.dll
2012-01-11 14:11 . 2011-10-26 04:28	514560	----a-w-	c:\windows\SysWow64\qdvd.dll
2012-01-11 14:11 . 2011-11-17 07:14	1739160	----a-w-	c:\windows\system32\ntdll.dll
2012-01-11 14:11 . 2011-11-17 05:41	1292592	----a-w-	c:\windows\SysWow64\ntdll.dll
2012-01-11 14:11 . 2011-11-19 15:07	77312	----a-w-	c:\windows\system32\packager.dll
2012-01-11 14:11 . 2011-11-19 14:06	67072	----a-w-	c:\windows\SysWow64\packager.dll
2012-01-04 00:48 . 2012-01-04 00:48	354176	----a-w-	c:\windows\SysWow64\DivXControlPanelApplet.cpl
2012-01-01 11:36 . 2012-01-01 11:36	--------	d--h--w-	c:\windows\system32\CanonIJ Uninstaller Information
2012-01-01 11:35 . 2010-08-25 04:00	87040	----a-w-	c:\windows\system32\Spool\prtprocs\x64\CNMPPAF.DLL
2012-01-01 11:35 . 2010-08-25 04:00	28672	----a-w-	c:\windows\system32\Spool\prtprocs\x64\CNMPDAF.DLL
2012-01-01 11:35 . 2010-08-25 04:00	361472	----a-w-	c:\windows\system32\CNMLMAF.DLL
.
.
.
((((((((((((((((((((((((((((((((((((   Find3M Bericht   ))))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2011-12-21 07:42 . 2010-08-26 15:06	269272	----a-w-	c:\program files (x86)\updater.exe
2011-12-21 07:42 . 2010-08-26 15:06	19928	----a-w-	c:\program files (x86)\xpcom.dll
2011-12-21 07:42 . 2010-08-26 15:06	170968	----a-w-	c:\program files (x86)\softokn3.dll
2011-12-21 07:42 . 2010-08-26 15:06	16096216	----a-w-	c:\program files (x86)\xul.dll
2011-12-21 07:42 . 2010-08-26 15:06	154584	----a-w-	c:\program files (x86)\ssl3.dll
2011-12-21 07:42 . 2010-08-26 15:06	646104	----a-w-	c:\program files (x86)\nss3.dll
2011-12-21 07:42 . 2010-08-26 15:06	371672	----a-w-	c:\program files (x86)\nssckbi.dll
2011-12-21 07:42 . 2010-08-26 15:06	21976	----a-w-	c:\program files (x86)\plc4.dll
2011-12-21 07:42 . 2010-08-26 15:06	20440	----a-w-	c:\program files (x86)\plds4.dll
2011-12-21 07:42 . 2010-08-26 15:06	16856	----a-w-	c:\program files (x86)\plugin-container.exe
2011-12-21 07:42 . 2010-08-26 15:06	109528	----a-w-	c:\program files (x86)\nssdbm3.dll
2011-12-21 07:42 . 2010-08-26 15:06	105432	----a-w-	c:\program files (x86)\smime3.dll
2011-12-21 07:42 . 2010-08-26 15:06	105432	----a-w-	c:\program files (x86)\nssutil3.dll
2011-12-21 07:42 . 2011-05-15 11:59	97240	----a-w-	c:\program files (x86)\libEGL.dll
2011-12-21 07:42 . 2011-05-15 11:59	814040	----a-w-	c:\program files (x86)\mozsqlite3.dll
2011-12-21 07:42 . 2011-05-15 11:59	486360	----a-w-	c:\program files (x86)\libGLESv2.dll
2011-12-21 07:42 . 2011-05-15 11:59	15832	----a-w-	c:\program files (x86)\mozalloc.dll
2011-12-21 07:42 . 2010-08-26 15:06	924632	----a-w-	c:\program files (x86)\firefox.exe
2011-12-21 07:42 . 2010-08-26 15:06	269272	----a-w-	c:\program files (x86)\freebl3.dll
2011-12-21 07:42 . 2010-08-26 15:06	19416	----a-w-	c:\program files (x86)\AccessibleMarshal.dll
2011-12-21 07:42 . 2010-08-26 15:06	187352	----a-w-	c:\program files (x86)\nspr4.dll
2011-12-21 07:42 . 2010-08-26 15:06	125912	----a-w-	c:\program files (x86)\crashreporter.exe
2011-12-21 04:29 . 2011-07-14 13:08	2106216	----a-w-	c:\program files (x86)\D3DCompiler_43.dll
2011-12-21 04:29 . 2011-07-14 13:08	1998168	----a-w-	c:\program files (x86)\d3dx9_43.dll
2011-11-24 05:00 . 2011-12-14 18:16	3141632	----a-w-	c:\windows\system32\win32k.sys
2011-11-05 05:26 . 2011-12-14 18:31	1197568	----a-w-	c:\windows\system32\wininet.dll
2011-11-05 05:23 . 2011-12-14 18:31	57856	----a-w-	c:\windows\system32\licmgr10.dll
2011-11-05 05:17 . 2011-12-14 18:25	2048	----a-w-	c:\windows\system32\tzres.dll
2011-11-05 04:35 . 2011-12-14 18:31	981504	----a-w-	c:\windows\SysWow64\wininet.dll
2011-11-05 04:34 . 2011-12-14 18:31	44544	----a-w-	c:\windows\SysWow64\licmgr10.dll
2011-11-05 04:30 . 2011-12-14 18:25	2048	----a-w-	c:\windows\SysWow64\tzres.dll
2011-11-05 04:07 . 2011-12-14 18:31	482816	----a-w-	c:\windows\system32\html.iec
2011-11-05 03:28 . 2011-12-14 18:31	386048	----a-w-	c:\windows\SysWow64\html.iec
2011-11-05 03:25 . 2011-12-14 18:31	1638912	----a-w-	c:\windows\system32\mshtml.tlb
2011-11-05 02:55 . 2011-12-14 18:31	1638912	----a-w-	c:\windows\SysWow64\mshtml.tlb
2011-10-26 05:19 . 2011-12-14 18:30	43520	----a-w-	c:\windows\system32\csrsrv.dll
.
.
((((((((((((((((((((((((((((   Autostartpunkte der Registrierung   ))))))))))))))))))))))))))))))))))))))))
.
.
*Hinweis* leere Einträge & legitime Standardeinträge werden nicht angezeigt. 
REGEDIT4
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt1]
@="{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}]
2011-02-18 05:12	94208	----a-w-	c:\users\Stefan\AppData\Roaming\Dropbox\bin\DropboxExt.14.dll
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt2]
@="{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}]
2011-02-18 05:12	94208	----a-w-	c:\users\Stefan\AppData\Roaming\Dropbox\bin\DropboxExt.14.dll
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt3]
@="{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}]
2011-02-18 05:12	94208	----a-w-	c:\users\Stefan\AppData\Roaming\Dropbox\bin\DropboxExt.14.dll
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
"MGSysCtrl"="c:\program files (x86)\System Control Manager\MGSysCtrl.exe" [2009-12-18 2396160]
"avgnt"="c:\program files (x86)\Avira\AntiVir Desktop\avgnt.exe" [2010-11-04 281768]
"StartCCC"="c:\program files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" [2010-06-08 102400]
"GrooveMonitor"="c:\program files (x86)\Microsoft Office\Office12\GrooveMonitor.exe" [2008-10-25 31072]
"DivXUpdate"="c:\program files (x86)\DivX\DivX Update\DivXUpdate.exe" [2011-07-28 1259376]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 5 (0x5)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableUIADesktopToggle"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\drivers32]
"aux2"=wdmaud.drv
.
R2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-03-18 130384]
R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-03-18 138576]
R3 ArcSoftKsUFilter;ArcSoft Magic-I Visual Effect;c:\windows\system32\DRIVERS\ArcSoftKsUFilter.sys [x]
R3 Bluetooth Media Service;Bluetooth Media Service;c:\program files\Motorola\Bluetooth\audiosrv.exe [2010-01-26 1029896]
R3 BTMCOM;Bluetooth Serial Port;c:\windows\System32\Drivers\btmcom.sys [x]
R3 BTMHID;BTMHID;c:\windows\system32\DRIVERS\btmhid.sys [x]
R3 BTMUSB;Motorola Bluetooth Radio Service;c:\windows\system32\Drivers\btmusb.sys [x]
R3 Point64;Microsoft IntelliPoint Filter Driver;c:\windows\system32\DRIVERS\point64.sys [x]
R3 RSUSBSTOR;RtsUStor.Sys Realtek USB Card Reader;c:\windows\system32\Drivers\RtsUStor.sys [2009-09-02 225280]
R3 TurboBoost;TurboBoost;c:\program files\Intel\TurboBoost\TurboBoost.exe [2009-08-06 118672]
S1 vwififlt;Virtual WiFi Filter Driver;c:\windows\system32\DRIVERS\vwififlt.sys [x]
S2 AdobeARMservice;Adobe Acrobat Update Service;c:\program files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe [2011-06-06 64952]
S2 AMD External Events Utility;AMD External Events Utility;c:\windows\system32\atiesrxx.exe [x]
S2 AntiVirSchedulerService;Avira AntiVir Planer;c:\program files (x86)\Avira\AntiVir Desktop\sched.exe [2011-04-28 136360]
S2 Bluetooth OBEX Service;Bluetooth OBEX Service;c:\program files\Motorola\Bluetooth\obexsrv.exe [2009-12-21 637192]
S2 Micro Star SCM;Micro Star SCM;c:\program files (x86)\System Control Manager\MSIService.exe [2009-07-09 160768]
S2 TurboB;Turbo Boost UI Monitor driver;c:\windows\system32\DRIVERS\TurboB.sys [x]
S2 UNS;Intel(R) Management & Security Application User Notification Service;c:\program files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe [2009-11-04 2320920]
S3 amdkmdag;amdkmdag;c:\windows\system32\DRIVERS\atikmdag.sys [x]
S3 amdkmdap;amdkmdap;c:\windows\system32\DRIVERS\atikmpag.sys [x]
S3 Bluetooth Device Manager;Bluetooth Device Manager;c:\program files\Motorola\Bluetooth\devmgrsrv.exe [2010-01-25 4154120]
S3 ETD;ELAN PS/2 Port Input Device;c:\windows\system32\DRIVERS\ETD.sys [x]
S3 FLEXnet Licensing Service 64;FLEXnet Licensing Service 64;c:\program files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService64.exe [2010-03-17 1028096]
S3 HECIx64;Intel(R) Management Engine Interface;c:\windows\system32\DRIVERS\HECIx64.sys [x]
S3 Impcd;Impcd;c:\windows\system32\DRIVERS\Impcd.sys [x]
S3 IntcDAud;Intel(R) Display Audio;c:\windows\system32\DRIVERS\IntcDAud.sys [x]
S3 intelkmd;intelkmd;c:\windows\system32\DRIVERS\igdpmd64.sys [x]
S3 NETw5s64;Intel(R) Wireless WiFi Link 5000 Series Adapter Driver for Windows 7 - 64 Bit;c:\windows\system32\DRIVERS\NETw5s64.sys [x]
S3 RTL8167;Realtek 8167 NT Driver;c:\windows\system32\DRIVERS\Rt64win7.sys [x]
S3 vwifimp;Microsoft Virtual WiFi Miniport Service;c:\windows\system32\DRIVERS\vwifimp.sys [x]
.
.
--- Andere Dienste/Treiber im Speicher ---
.
*NewlyCreated* - 23004002
*Deregistered* - 23004002
.
.
--------- x86-64 -----------
.
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt1]
@="{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}]
2011-02-18 05:12	97792	----a-w-	c:\users\Stefan\AppData\Roaming\Dropbox\bin\DropboxExt64.14.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt2]
@="{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}]
2011-02-18 05:12	97792	----a-w-	c:\users\Stefan\AppData\Roaming\Dropbox\bin\DropboxExt64.14.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt3]
@="{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}]
2011-02-18 05:12	97792	----a-w-	c:\users\Stefan\AppData\Roaming\Dropbox\bin\DropboxExt64.14.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt4]
@="{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}]
2011-02-18 05:12	97792	----a-w-	c:\users\Stefan\AppData\Roaming\Dropbox\bin\DropboxExt64.14.dll
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"RtHDVCpl"="c:\program files\Realtek\Audio\HDA\RAVCpl64.exe" [2009-12-16 9645088]
"IAAnotif"="c:\program files (x86)\Intel\Intel Matrix Storage Manager\iaanotif.exe" [2009-10-13 186904]
"IntelliPoint"="c:\program files\Microsoft IntelliPoint\ipoint.exe" [2010-07-21 2327952]
"IgfxTray"="c:\windows\system32\igfxtray.exe" [2010-06-08 166424]
"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2010-06-08 391192]
"Persistence"="c:\windows\system32\igfxpers.exe" [2010-06-08 413720]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows]
"LoadAppInit_DLLs"=0x0
.
------- Zusätzlicher Suchlauf -------
.
uLocal Page = c:\windows\system32\blank.htm
uStart Page = hxxp://msi.msn.com
mLocal Page = c:\windows\SysWOW64\blank.htm
IE: E&xport to Microsoft Excel - c:\progra~2\MICROS~1\Office12\EXCEL.EXE/3000
IE: Free YouTube Download - c:\users\Stefan\AppData\Roaming\DVDVideoSoftIEHelpers\freeyoutubedownload.htm
IE: Free YouTube to MP3 Converter - c:\users\Stefan\AppData\Roaming\DVDVideoSoftIEHelpers\freeyoutubetomp3converter.htm
TCP: DhcpNameServer = 141.53.9.12
FF - ProfilePath - c:\users\Stefan\AppData\Roaming\Mozilla\Firefox\Profiles\otw7mp5f.default\
FF - user.js: yahoo.homepage.dontask - true
.
- - - - Entfernte verwaiste Registrierungseinträge - - - -
.
Toolbar-Locked - (no file)
Toolbar-Locked - (no file)
WebBrowser-{D4027C7F-154A-4066-A1AD-4243D8127440} - (no file)
HKLM-Run-ETDWare - c:\program files (x86)\Elantech\ETDCtrl.exe
AddRemove-AutocompletePro3_is1 - c:\program files (x86)\AutocompletePro\unins000.exe
.
.
.
--------------------- Gesperrte Registrierungsschluessel ---------------------
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{19114156-8E9A-4D4E-9EE9-17A0E48D3BBB}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\windows\\system32\\Macromed\\Flash\\FlashUtil10d.exe,-101"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{19114156-8E9A-4D4E-9EE9-17A0E48D3BBB}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{19114156-8E9A-4D4E-9EE9-17A0E48D3BBB}\LocalServer32]
@="c:\\windows\\SysWow64\\Macromed\\Flash\\FlashUtil10d.exe"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{19114156-8E9A-4D4E-9EE9-17A0E48D3BBB}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Shockwave Flash Object"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\windows\\SysWow64\\Macromed\\Flash\\Flash10d.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]
@="0"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]
@="ShockwaveFlash.ShockwaveFlash.10"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\windows\\SysWow64\\Macromed\\Flash\\Flash10d.ocx, 1"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="ShockwaveFlash.ShockwaveFlash"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Macromedia Flash Factory Object"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\windows\\SysWow64\\Macromed\\Flash\\Flash10d.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]
@="FlashFactory.FlashFactory.1"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\windows\\SysWow64\\Macromed\\Flash\\Flash10d.ocx, 1"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="FlashFactory.FlashFactory"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{1D4C8A81-B7AC-460A-8C23-98713C41D6B3}]
@Denied: (A 2) (Everyone)
@="IFlashBroker3"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{1D4C8A81-B7AC-460A-8C23-98713C41D6B3}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{1D4C8A81-B7AC-460A-8C23-98713C41D6B3}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
"MSCurrentCountry"=dword:000000b5
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
Zeit der Fertigstellung: 2012-01-19  13:55:18
ComboFix-quarantined-files.txt  2012-01-19 12:55
.
Vor Suchlauf: 12 Verzeichnis(se), 194.699.354.112 Bytes frei
Nach Suchlauf: 15 Verzeichnis(se), 194.574.802.944 Bytes frei
.
- - End Of File - - C10F8BD067D3DF0B3D4BC54FFF9F9E44
         

Alt 19.01.2012, 16:33   #14
cosinus
/// Winkelfunktion
/// TB-Süch-Tiger™
 
Meldung: "Achtung! Aus Sicherheitsgründen wurde ihr Windowssystem gesperrt" - Standard

Meldung: "Achtung! Aus Sicherheitsgründen wurde ihr Windowssystem gesperrt"



Downloade dir bitte aswMBR.exe und speichere die Datei auf deinem Desktop.
  • Starte die aswMBR.exe Vista und Win7 User aswMBR per Rechtsklick "als Administrator ausführen"
  • Das Tool wird dich fragen, ob Du mit der aktuellen Virendefinition von AVAST! dein System scannen willst. Beantworte diese Frage bitte mit Ja. (Sollte deine Firewall fragen, bitte den Zugriff auf das Internet zulassen) Der Download der Definitionen kann je nach Verbindung eine Weile dauern.
  • Klicke auf Scan.
  • Warte bitte bis Scan finished successfully im DOS Fenster steht.
  • Drücke auf Save Log und speichere diese auf dem Desktop.
Poste mir die aswMBR.txt in deiner nächsten Antwort. Wichtig: Drücke keinesfalls einen der Fix Buttons ohne Anweisung Hinweis: Sollte der Scan Button ausgeblendet sein, schließe das Tool und starte es erneut. Sollte es erneut nicht klappen teile mir das bitte mit.
__________________
"Die Wahrheit ist normalerweise nur eine Entschuldigung für einen Mangel an Fantasie." (Elim Garak)

Das Trojaner-Board unterstützen
Warum Linux besser als Windows ist!

Alt 19.01.2012, 17:01   #15
GutenTag
 
Meldung: "Achtung! Aus Sicherheitsgründen wurde ihr Windowssystem gesperrt" - Standard

Meldung: "Achtung! Aus Sicherheitsgründen wurde ihr Windowssystem gesperrt"



Hier ist der log

Code:
ATTFilter
aswMBR version 0.9.9.1297 Copyright(c) 2011 AVAST Software
Run date: 2012-01-19 16:55:25
-----------------------------
16:55:25.796    OS Version: Windows x64 6.1.7600 
16:55:25.796    Number of processors: 4 586 0x2502
16:55:25.796    ComputerName: STEFAN-MSI  UserName: Stefan
16:55:26.794    Initialize success
16:57:10.019    Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\Ide\IAAStorageDevice-1
16:57:10.019    Disk 0 Vendor: Hitachi_ PB4O Size: 476940MB BusType: 3
16:57:10.035    Disk 0 MBR read successfully
16:57:10.050    Disk 0 MBR scan
16:57:10.050    Disk 0 Windows 7 default MBR code
16:57:10.066    Disk 0 Partition 1 00     27 Hidden NTFS WinRE NTFS        12288 MB offset 2048
16:57:10.081    Disk 0 Partition 2 80 (A) 27 Hidden NTFS WinRE NTFS          100 MB offset 25167872
16:57:10.097    Disk 0 Partition 3 00     07    HPFS/NTFS NTFS       279959 MB offset 25372672
16:57:10.128    Disk 0 Partition 4 00     07    HPFS/NTFS NTFS       184591 MB offset 598728704
16:57:10.144    Service scanning
16:57:11.283    Modules scanning
16:57:11.283    Disk 0 trace - called modules:
16:57:11.314    ntoskrnl.exe CLASSPNP.SYS disk.sys iaStor.sys hal.dll 
16:57:11.329    1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0xfffffa8004c83060]
16:57:11.329    3 CLASSPNP.SYS[fffff8800120143f] -> nt!IofCallDriver -> \Device\Ide\IAAStorageDevice-1[0xfffffa8004982050]
16:57:11.345    Scan finished successfully
16:57:24.449    Disk 0 MBR has been saved successfully to "C:\Users\Stefan\Desktop\MBR.dat"
16:57:24.449    The log file has been saved successfully to "C:\Users\Stefan\Desktop\aswMBR.txt"
         
Wie sieht es denn aus bisher? Haben wir schon was erreicht, besteht Hoffnung?

Übrigens hatte sich vor dem scan das "system control center" (oder so ähnlich) gemeldet das es nicht richtig funktioniert und beendet werden muss....

EDIT: Avira lässt sich ja wie beschrieben nicht mehr einschalten, daher bin ich momentan ohne virenprogramm unterwegs (allerdings nutze ich nur eure seite (+die links)), soll ich mir avira neu runterladen?

Geändert von GutenTag (19.01.2012 um 17:11 Uhr)

Antwort

Themen zu Meldung: "Achtung! Aus Sicherheitsgründen wurde ihr Windowssystem gesperrt"
2.0.7, 64-bit, achtung!, autorun, avira, bho, browser, converter, dateisystem, desktop, error, excel, fehler, firefox, flash player, helper, heuristiks/extra, heuristiks/shuriken, home, igdpmd64.sys, install.exe, microsoft office word, mozilla, mp3, office 2007, panda usb vaccine, programm, realtek, registry, required, scan, security, security update, software, spyware.marketscore, spyware.onlinegames, studio, system, teamspeak, usb, usb 2.0, webcheck, windowssystem gesperrt, wurde ihr



Ähnliche Themen: Meldung: "Achtung! Aus Sicherheitsgründen wurde ihr Windowssystem gesperrt"


  1. Trojaner "Achtung aus Sicherheitsgründen wurde ihr Windowssystem blockiert"
    Plagegeister aller Art und deren Bekämpfung - 22.04.2012 (11)
  2. Virus: "Achtung! Aus Sicherheitsgründen wurde Ihr Windowssystem blockiert", OTL ausgeführt, was nun?
    Log-Analyse und Auswertung - 08.04.2012 (5)
  3. Auch bei mir: "Achtung. Aus Sicherheitsgründen wurde ihr Windowssystem blockiert."
    Plagegeister aller Art und deren Bekämpfung - 18.03.2012 (2)
  4. Blackscreen und Meldung "Ihr Windowssystem wurde aus Sicherheitsgründen gesperrt. Bezahlen & Her..."
    Plagegeister aller Art und deren Bekämpfung - 07.03.2012 (6)
  5. Meldung: "Achtung aus Sicherheitsgründen wurde ihr Windowssystem blockiert", wie bei anderen.
    Plagegeister aller Art und deren Bekämpfung - 04.03.2012 (2)
  6. BKA-Trojaner: "Achtung! Aus Sicherheitsgründen wurde Ihr Windowssystem blockiert"
    Log-Analyse und Auswertung - 04.03.2012 (6)
  7. Meldung: "Achtung aus Sicherheitsgründen wurde ihr Windowssystem blockiert"
    Plagegeister aller Art und deren Bekämpfung - 03.03.2012 (54)
  8. "Achtung: Aus Sicherheitsgründen wurde ihr Windowssystem gesperrt."
    Log-Analyse und Auswertung - 09.02.2012 (2)
  9. "Achtung aus Sicherheitsgründen wurde ihr Windowssystem blockiert!" OTLogfile im Anhang
    Log-Analyse und Auswertung - 26.01.2012 (1)
  10. Achtung! Aus Sicherheitsgründen wurde Ihr Windowssystem Blockiert, "Bezahlen nd Downloaden"
    Log-Analyse und Auswertung - 23.01.2012 (3)
  11. "Achtung! Aus Sicherheitsgründen wurde ihr Windowssystem gesperrt"-Meldung blockiert Benutzerkonto
    Log-Analyse und Auswertung - 16.01.2012 (9)
  12. TROJANER - "Achtung! Aus Sicherheitsgründen wurde ihr Windowssystem blockiert"
    Log-Analyse und Auswertung - 06.01.2012 (11)
  13. Achtung! Aus Sicherheitsgründen wurde Ihr Windowssystem blockiert ... "bezahlen und runterladen"
    Log-Analyse und Auswertung - 05.01.2012 (9)
  14. "Achtung! Aus Sicherheitsgründen wurde ihr Windowssystem gesperrt!"
    Log-Analyse und Auswertung - 05.01.2012 (22)
  15. "Achtung! Aus Sicherheitsgründen wurde ihr Windowssystem gesperrt!"
    Log-Analyse und Auswertung - 28.12.2011 (11)
  16. "Achtung! Aus Sicherheitsgründen wurde ihr Windowssystem gesperrt!" OTL-Analyse
    Log-Analyse und Auswertung - 28.12.2011 (1)
  17. "Achtung! Aus Sicherheitsgründen wurde ihr Windowssystem gesperrt"-Meldung blockiert Benutzerkonto
    Plagegeister aller Art und deren Bekämpfung - 18.12.2011 (9)

Zum Thema Meldung: "Achtung! Aus Sicherheitsgründen wurde ihr Windowssystem gesperrt" - Hallo miteinander, vielen dank schonmal im vorraus für jegliche hilfe! Seit ein paar wochen ließ sich firefox nichtmehr updaten (laden dauerte einfach immer ewig und nichts geschah), ich hatte aber - Meldung: "Achtung! Aus Sicherheitsgründen wurde ihr Windowssystem gesperrt"...
Archiv
Du betrachtest: Meldung: "Achtung! Aus Sicherheitsgründen wurde ihr Windowssystem gesperrt" auf Trojaner-Board

Search Engine Optimization by vBSEO ©2011, Crawlability, Inc.