Trojaner-Board - AntiVir hat Trojaner TR/ATRAPS.Gen2 entdeckt

Trojaner-Board (https://www.trojaner-board.de/)

- Log-Analyse und Auswertung (https://www.trojaner-board.de/log-analyse-auswertung/)

- - AntiVir hat Trojaner TR/ATRAPS.Gen2 entdeckt (https://www.trojaner-board.de/107001-antivir-hat-trojaner-tr-atraps-gen2-entdeckt.html)

AntiVir hat Trojaner TR/ATRAPS.Gen2 entdeckt

Hallo leute,

ich bin auf euer Forum gestoßen und sehe das ihr sehr hilfsbereit seit. Ich würde mich freuen, wenn ihr auch mal nen Blick auf mein Problem bitte werfen könntet. Dankeschön schonmal im voraus.

Mein Antivir hat vor ein paar Tagen den Trojaner TR/ATRAPS.Gen2 entdeckt. Als Auswahl wird bei Antivir angeboten es zu entfernen oder in Quarantäne zu setzen. Da es nach dem entfernen wieder und öffter aufgetaucht ist, habe ich es immer wieder in Quarantäne gesetzt.

Als fundstelle wird von Antivir angegeben:

C:\Users\***\AppData\Local\7b30d2dc\U\800000cb.@

Eigene Rechersche

Ich habe im Pc Welt Forum

unter (hxxp://www.pcwelt.de/forum/sicherheit/407098-tr-atraps-gen2.html)

gelesen, das es sich um einen Fehlalarm seitens Antivir handle, deshalb habe ich Antivir eine Anfrage geschickt.

Als Antwort bekam ich:

"Die Datei '4a8c18e0.vir' wurde als 'FALSE POSITIVE' eingestuft.Dies bedeutet, dass diese Datei nicht gefährlich und eine Fehlmeldung unsererseits ist.

Unsere Analytiker haben dieser Bedrohung den Namen gegeben.Das Erkennungsmuster wird mit einem der nächsten Updates der Virendefinitionsdatei (VDF) entfernt werden.

Alternativ können Sie die Ergebnisse der Analyse hier einsehen:

hxxp://analysis.avira.com/samples/details.php?uniqueid=8pPX4kA6B2NJmg0kIXNWhMt6j5v2MV7T&incidentid=930684"

Symptome

Diese Symptome bringe ich mit dem Trojaner in Verbindung, da diese vorher nicht aufgetaucht waren:

1. Plötzlich erscheint ein Fenster. Da geht es um irgendein Javaskript. Mir steht zur Auswahl Öffnen, Speichern oder Abbrechen.

Ich habe immer Abbrechen gewählt bis auf einmal wo ich Öffnen gewählt habe. Aber es hat sich nichts geöffnet.

Leider kann ich es grade nicht näher beschreiben, weil ich mich nicht mehr gut daran erinnern kann.

2. Firefox versucht beim Start die folgende Seite zu öffnen: mediashifting.com/?search=what+are+the+order+of+degrees&subid=193&key=5e2e3c92c060abcb6729&p=1

aber ohne Erfolg. Es erscheint der Fehler: Server nicht gefunden

Zum Thema "kompletten Überblick von meinem System"

Ich habe Defogger gestartet und die Anweisungen befolgt, aber es hat weder zum Neustart aufgefordert noch eine Fehlermeldung ausgegeben.

Hier ist die Defogger Disable Log

defogger_disable by jpshortstuff (23.02.10.1)
Log created at 16:34 on 27/12/2011 (Kenan)

Checking for autostart values...
HKCU\~\Run values retrieved.
HKLM\~\Run values retrieved.

Checking for services/drivers...

-=E.O.F

Schluss

So ich habe nun alle Schritte befolgt und die Logfiles als Anhang zugefügt.

Ich möchte euch noch mal danken, das ihr hier auf dieser Seite sowas gutes zustande gebracht habt um uns zu helfen.

Schöne Tage noch.

PS:
vielleicht ist die logfile von Antivir auch relevant. Hier ist sie:

Avira Free Antivirus
Erstellungsdatum der Reportdatei: Montag, 26. Dezember 2011 00:22

Es wird nach 2964932 Virenstämmen gesucht.

Das Programm läuft als uneingeschränkte Vollversion.
Online-Dienste stehen zur Verfügung.

Lizenznehmer : Avira AntiVir Personal - Free Antivirus
Seriennummer : 0000149996-ADJIE-0000001
Plattform : Windows 7 x64
Windowsversion : (Service Pack 1) [6.1.7601]
Boot Modus : Normal gebootet
Benutzername : SYSTEM
Computername : KENAN-VAIO

Versionsinformationen:
BUILD.DAT : 12.0.0.872 41826 Bytes 15.12.2011 16:24:00
AVSCAN.EXE : 12.1.0.18 490448 Bytes 25.10.2011 17:24:43
AVSCAN.DLL : 12.1.0.17 65744 Bytes 11.10.2011 12:59:58
LUKE.DLL : 12.1.0.17 68304 Bytes 11.10.2011 12:59:47
AVSCPLR.DLL : 12.1.0.21 99536 Bytes 08.12.2011 19:42:32
AVREG.DLL : 12.1.0.27 227536 Bytes 09.12.2011 19:38:16
VBASE000.VDF : 7.10.0.0 19875328 Bytes 06.11.2009 18:18:34
VBASE001.VDF : 7.11.0.0 13342208 Bytes 14.12.2010 09:07:39
VBASE002.VDF : 7.11.19.170 14374912 Bytes 20.12.2011 21:36:36
VBASE003.VDF : 7.11.19.171 2048 Bytes 20.12.2011 21:36:36
VBASE004.VDF : 7.11.19.172 2048 Bytes 20.12.2011 21:36:36
VBASE005.VDF : 7.11.19.173 2048 Bytes 20.12.2011 21:36:36
VBASE006.VDF : 7.11.19.174 2048 Bytes 20.12.2011 21:36:36
VBASE007.VDF : 7.11.19.175 2048 Bytes 20.12.2011 21:36:36
VBASE008.VDF : 7.11.19.176 2048 Bytes 20.12.2011 21:36:36
VBASE009.VDF : 7.11.19.177 2048 Bytes 20.12.2011 21:36:36
VBASE010.VDF : 7.11.19.178 2048 Bytes 20.12.2011 21:36:36
VBASE011.VDF : 7.11.19.179 2048 Bytes 20.12.2011 21:36:36
VBASE012.VDF : 7.11.19.180 2048 Bytes 20.12.2011 21:36:36
VBASE013.VDF : 7.11.19.217 182784 Bytes 22.12.2011 21:35:10
VBASE014.VDF : 7.11.19.255 148480 Bytes 24.12.2011 05:35:20
VBASE015.VDF : 7.11.20.0 2048 Bytes 24.12.2011 05:35:20
VBASE016.VDF : 7.11.20.1 2048 Bytes 24.12.2011 05:35:20
VBASE017.VDF : 7.11.20.2 2048 Bytes 24.12.2011 05:35:20
VBASE018.VDF : 7.11.20.3 2048 Bytes 24.12.2011 05:35:20
VBASE019.VDF : 7.11.20.4 2048 Bytes 24.12.2011 05:35:20
VBASE020.VDF : 7.11.20.5 2048 Bytes 24.12.2011 05:35:20
VBASE021.VDF : 7.11.20.6 2048 Bytes 24.12.2011 05:35:20
VBASE022.VDF : 7.11.20.7 2048 Bytes 24.12.2011 05:35:20
VBASE023.VDF : 7.11.20.8 2048 Bytes 24.12.2011 05:35:20
VBASE024.VDF : 7.11.20.9 2048 Bytes 24.12.2011 05:35:20
VBASE025.VDF : 7.11.20.10 2048 Bytes 24.12.2011 05:35:20
VBASE026.VDF : 7.11.20.11 2048 Bytes 24.12.2011 05:35:20
VBASE027.VDF : 7.11.20.12 2048 Bytes 24.12.2011 05:35:21
VBASE028.VDF : 7.11.20.13 2048 Bytes 24.12.2011 05:35:21
VBASE029.VDF : 7.11.20.14 2048 Bytes 24.12.2011 05:35:21
VBASE030.VDF : 7.11.20.15 2048 Bytes 24.12.2011 05:35:21
VBASE031.VDF : 7.11.20.16 2048 Bytes 24.12.2011 05:35:21
Engineversion : 8.2.8.8
AEVDF.DLL : 8.1.2.2 106868 Bytes 25.10.2011 17:24:42
AESCRIPT.DLL : 8.1.3.92 495996 Bytes 16.12.2011 20:21:58
AESCN.DLL : 8.1.7.2 127349 Bytes 01.09.2011 21:46:02
AESBX.DLL : 8.2.4.5 434549 Bytes 01.12.2011 18:57:42
AERDL.DLL : 8.1.9.15 639348 Bytes 08.09.2011 21:16:06
AEPACK.DLL : 8.2.15.1 770423 Bytes 13.12.2011 20:21:39
AEOFFICE.DLL : 8.1.2.24 201084 Bytes 16.12.2011 20:21:56
AEHEUR.DLL : 8.1.3.8 4231543 Bytes 16.12.2011 20:21:55
AEHELP.DLL : 8.1.18.0 254327 Bytes 25.10.2011 17:24:31
AEGEN.DLL : 8.1.5.17 405877 Bytes 08.12.2011 19:42:10
AEEMU.DLL : 8.1.3.0 393589 Bytes 01.09.2011 21:46:01
AECORE.DLL : 8.1.24.2 201080 Bytes 16.12.2011 20:21:26
AEBB.DLL : 8.1.1.0 53618 Bytes 01.09.2011 21:46:01
AVWINLL.DLL : 12.1.0.17 27344 Bytes 11.10.2011 12:59:41
AVPREF.DLL : 12.1.0.17 51920 Bytes 11.10.2011 12:59:38
AVREP.DLL : 12.1.0.17 179408 Bytes 11.10.2011 12:59:38
AVARKT.DLL : 12.1.0.19 208848 Bytes 08.12.2011 19:42:21
AVEVTLOG.DLL : 12.1.0.17 169168 Bytes 11.10.2011 12:59:37
SQLITE3.DLL : 3.7.0.0 398288 Bytes 11.10.2011 12:59:51
AVSMTP.DLL : 12.1.0.17 62928 Bytes 11.10.2011 12:59:39
NETNT.DLL : 12.1.0.17 17104 Bytes 11.10.2011 12:59:47
RCIMAGE.DLL : 12.1.0.17 4447952 Bytes 11.10.2011 13:00:00
RCTEXT.DLL : 12.1.0.16 98512 Bytes 11.10.2011 13:00:00

Konfiguration für den aktuellen Suchlauf:
Job Name..............................: AVGuardAsyncScan
Konfigurationsdatei...................: C:\ProgramData\Avira\AntiVir Desktop\TEMP\AVGUARD_4ef79a58\guard_slideup.avp
Protokollierung.......................: standard
Primäre Aktion........................: reparieren
Sekundäre Aktion......................: quarantäne
Durchsuche Masterbootsektoren.........: ein
Durchsuche Bootsektoren...............: aus
Durchsuche aktive Programme...........: ein
Durchsuche Registrierung..............: aus
Suche nach Rootkits...................: aus
Integritätsprüfung von Systemdateien..: aus
Datei Suchmodus.......................: Alle Dateien
Durchsuche Archive....................: ein
Rekursionstiefe einschränken..........: 20
Archiv Smart Extensions...............: ein
Makrovirenheuristik...................: ein
Dateiheuristik........................: vollständig

Beginn des Suchlaufs: Montag, 26. Dezember 2011 00:22

Der Suchlauf über gestartete Prozesse wird begonnen:
Durchsuche Prozess 'avscan.exe' - '1' Modul(e) wurden durchsucht
Durchsuche Prozess 'C112.tmp' - '1' Modul(e) wurden durchsucht
Durchsuche Prozess 'plugin-container.exe' - '1' Modul(e) wurden durchsucht
Durchsuche Prozess 'firefox.exe' - '1' Modul(e) wurden durchsucht
Durchsuche Prozess 'VCService.exe' - '1' Modul(e) wurden durchsucht
Durchsuche Prozess 'UNS.exe' - '1' Modul(e) wurden durchsucht
Durchsuche Prozess 'uCamMonitor.exe' - '1' Modul(e) wurden durchsucht
Durchsuche Prozess 'listener.exe' - '1' Modul(e) wurden durchsucht
Durchsuche Prozess 'LMS.exe' - '1' Modul(e) wurden durchsucht
Durchsuche Prozess 'IAStorDataMgrSvc.exe' - '1' Modul(e) wurden durchsucht
Durchsuche Prozess 'avgnt.exe' - '1' Modul(e) wurden durchsucht
Durchsuche Prozess 'brs.exe' - '1' Modul(e) wurden durchsucht
Durchsuche Prozess 'ISBMgr.exe' - '1' Modul(e) wurden durchsucht
Durchsuche Prozess 'IAStorIcon.exe' - '1' Modul(e) wurden durchsucht
Durchsuche Prozess 'DllHost.exe' - '1' Modul(e) wurden durchsucht
Durchsuche Prozess 'DllHost.exe' - '1' Modul(e) wurden durchsucht
Durchsuche Prozess 'VESMgrSub.exe' - '1' Modul(e) wurden durchsucht
Durchsuche Prozess 'VESMgrSub.exe' - '1' Modul(e) wurden durchsucht
Durchsuche Prozess 'VESMgr.exe' - '1' Modul(e) wurden durchsucht
Durchsuche Prozess 'FABS.exe' - '1' Modul(e) wurden durchsucht
Durchsuche Prozess 'cvpnd.exe' - '1' Modul(e) wurden durchsucht
Durchsuche Prozess 'Ath_CoexAgent.exe' - '1' Modul(e) wurden durchsucht
Durchsuche Prozess 'avguard.exe' - '1' Modul(e) wurden durchsucht
Durchsuche Prozess 'armsvc.exe' - '1' Modul(e) wurden durchsucht
Durchsuche Prozess 'sched.exe' - '1' Modul(e) wurden durchsucht

Der Suchlauf über die ausgewählten Dateien wird begonnen:

Beginne mit der Suche in 'C:\Users\Kenan\AppData\Local\7b30d2dc\U\800000cb.@'
C:\Users\Kenan\AppData\Local\7b30d2dc\U\800000cb.@
[FUND] Ist das Trojanische Pferd TR/ATRAPS.Gen2
[HINWEIS] Die Datei wurde ins Quarantäneverzeichnis unter dem Namen '4a411951.qua' verschoben!

Ende des Suchlaufs: Montag, 26. Dezember 2011 00:22
Benötigte Zeit: 00:01 Minute(n)

Der Suchlauf wurde vollständig durchgeführt.

0 Verzeichnisse wurden überprüft
26 Dateien wurden geprüft
1 Viren bzw. unerwünschte Programme wurden gefunden
0 Dateien wurden als verdächtig eingestuft
0 Dateien wurden gelöscht
0 Viren bzw. unerwünschte Programme wurden repariert
1 Dateien wurden in die Quarantäne verschoben
0 Dateien wurden umbenannt
0 Dateien konnten nicht durchsucht werden
25 Dateien ohne Befall
0 Archive wurden durchsucht
0 Warnungen
1 Hinweise

Bitte nun routinemäßig einen Vollscan mit malwarebytes machen und Log posten.
Denk daran, dass Malwarebytes vor jedem Scan manuell aktualisiert werden muss! Außerdem müssen alle Funde entfernt werden.

Falls Logs aus älteren Scans mit Malwarebytes vorhanden sind, bitte auch davon alle posten!

ESET Online Scanner

Hier findest du eine bebilderte Anleitung zu ESET Online Scanner
Lade und starte Eset Online Scanner
Setze einen Haken bei Ja, ich bin mit den Nutzungsbedingungen einverstanden und klicke auf Starten.
Aktiviere die "Erkennung von eventuell unerwünschten Anwendungen" und wähle folgende Einstellungen.
Klicke auf Starten.
Die Signaturen werden heruntergeladen, der Scan beginnt automatisch.
Klicke am Ende des Suchlaufs auf Fertig stellen.
Schließe das Fenster von ESET.
Explorer öffnen.
C:\Programme\Eset\EsetOnlineScanner\log.txt (bei 64 Bit auch C:\Programme (x86)\Eset\EsetOnlineScanner\log.txt) suchen und mit Deinem Editor öffnen (bebildert).
Logfile hier posten.
Deinstallation: Systemsteuerung => Software / Programme deinstallieren => Eset Online Scanner V3 entfernen.
Manuell folgenden Ordner löschen und Papierkorb leeren => C:\Programme\Eset

Bitte alles nach Möglichkeit hier in CODE-Tags posten.

Wird so gemacht:

[code] hier steht das Log [/code]

Und das ganze sieht dann so aus:

Code:

hier steht das Log

So hier ist der Log von malwarebytes. Gehe jetzt nun über zu ESET Online Scanner

Malwarebytes' Anti-Malware 1.51.2.1300
www.malwarebytes.org

Datenbank Version: 911122703

Windows 6.1.7601 Service Pack 1
Internet Explorer 9.0.8112.16421

27.12.2011 18:17:56
mbam-log-2011-12-27 (18-17-56).txt

Art des Suchlaufs: Quick-Scan
Durchsuchte Objekte: 176790
Laufzeit: 2 Minute(n), 1 Sekunde(n)

Infizierte Speicherprozesse: 1
Infizierte Speichermodule: 0
Infizierte Registrierungsschlüssel: 0
Infizierte Registrierungswerte: 3
Infizierte Dateiobjekte der Registrierung: 0
Infizierte Verzeichnisse: 0
Infizierte Dateien: 4

Infizierte Speicherprozesse:
c:\programdata\enrollchar.exe (Trojan.Agent) -> 3824 -> Unloaded process successfully.

Infizierte Speichermodule:
(Keine bösartigen Objekte gefunden)

Infizierte Registrierungsschlüssel:
(Keine bösartigen Objekte gefunden)

Infizierte Registrierungswerte:
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Shell (Backdoor.Agent) -> Value: Shell -> Delete on reboot.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\diagUI (Trojan.Agent) -> Value: diagUI -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\enrollchar (Trojan.Agent) -> Value: enrollchar -> Quarantined and deleted successfully.

Infizierte Dateiobjekte der Registrierung:
(Keine bösartigen Objekte gefunden)

Infizierte Verzeichnisse:
(Keine bösartigen Objekte gefunden)

Infizierte Dateien:
c:\programdata\enrollchar.exe (Trojan.Agent) -> Quarantined and deleted successfully.
c:\Users\Kenan\AppData\Local\Temp\C112.tmp (Trojan.Agent) -> Quarantined and deleted successfully.
c:\Users\Kenan\AppData\Local\Temp\defragcred.exe (Trojan.Agent) -> Quarantined and deleted successfully.
c:\Users\Kenan\AppData\Roaming\diagUI.exe (Trojan.Agent) -> Quarantined and deleted successfully.

So hier ist jetzt die logdatei von ESET Online Scanner

Code:

ESETSmartInstaller@High as downloader log:

all ok

# version=7

# OnlineScannerApp.exe=1.0.0.1

# OnlineScanner.ocx=1.0.0.6583

# api_version=3.0.2

# EOSSerial=2b8273ec1020ed42b14ed7b92008af61

# end=stopped

# remove_checked=true

# archives_checked=false

# unwanted_checked=true

# unsafe_checked=false

# antistealth_checked=true

# utc_time=2011-12-27 05:50:39

# local_time=2011-12-27 06:50:39 (+0100, Mitteleuropäische Zeit)

# country="Germany"

# lang=1033

# osver=6.1.7601 NT Service Pack 1

# compatibility_mode=512 16777215 100 0 153211 153211 0 0

# compatibility_mode=1792 16777215 100 0 6390755 6390755 0 0

# compatibility_mode=5893 16776574 66 94 161257 76637414 0 0

# compatibility_mode=8192 67108863 100 0 4084 4084 0 0

# scanned=51564

# found=0

# cleaned=0

# scan_time=674

ESETSmartInstaller@High as downloader log:

all ok

esets_scanner_update returned -1 esets_gle=53251

# version=7

# OnlineScannerApp.exe=1.0.0.1

# OnlineScanner.ocx=1.0.0.6583

# api_version=3.0.2

# EOSSerial=2b8273ec1020ed42b14ed7b92008af61

# end=finished

# remove_checked=false

# archives_checked=true

# unwanted_checked=true

# unsafe_checked=false

# antistealth_checked=true

# utc_time=2011-12-27 08:32:16

# local_time=2011-12-27 09:32:16 (+0100, Mitteleuropäische Zeit)

# country="Germany"

# lang=1033

# osver=5.1.2600 NT Service Pack 2

# compatibility_mode=512 16777215 100 0 153963 153963 0 0

# compatibility_mode=1792 16777215 100 0 6391507 6391507 0 0

# compatibility_mode=5893 16776574 66 94 162009 76638166 0 0

# compatibility_mode=8192 67108863 100 0 4836 4836 0 0

# scanned=242513

# found=4

# cleaned=0

# scan_time=9640

C:\Users\Kenan\AppData\Local\7b30d2dc\X        Win64/Sirefef.N trojan (unable to clean)        00000000000000000000000000000000        I

C:\Users\Kenan\AppData\Local\7b30d2dc\U\80000000.@        Win64/Sirefef.P trojan (unable to clean)        00000000000000000000000000000000        I

C:\Users\Kenan\AppData\Local\7b30d2dc\U\800000cb.@        Win64/Sirefef.M trojan (unable to clean)        00000000000000000000000000000000        I

C:\Users\Kenan\AppData\Local\7b30d2dc\U\800000cf.@        Win64/Sirefef.O trojan (unable to clean)        00000000000000000000000000000000        I

Zitat:

Art des Suchlaufs: Quick-Scan

Sry aber ich wollte einen Vollscan sehen...bitte nachholen und Log posten!
Denk dran vorher die Signaturen von Malwarebytes zu aktualisieren, da gibt es sehr häufig neue Updates!

Sry habe ich übersehen. Hier ist jetzt der Log vom vollständigen malwarebytes scann.

Malwarebytes Anti-Malware (Test) 1.60.0.1800
www.malwarebytes.org

Datenbank Version: v2011.12.24.05

Windows 7 Service Pack 1 x64 NTFS
Internet Explorer 9.0.8112.16421
Kenan :: KENAN-VAIO [Administrator]

Schutz: Aktiviert

28.12.2011 03:49:58
mbam-log-2011-12-28 (03-49-58).txt

Art des Suchlaufs: Vollständiger Suchlauf
Aktivierte Suchlaufeinstellungen: Speicher | Autostart | Registrierung | Dateisystem | Heuristiks/Extra | HeuristiKs/Shuriken | PUP | PUM
Deaktivierte Suchlaufeinstellungen: P2P
Durchsuchte Objekte: 400027
Laufzeit: 1 Stunde(n), 20 Minute(n), 10 Sekunde(n)

Infizierte Speicherprozesse: 0
(Keine bösartigen Objekte gefunden)

Infizierte Speichermodule: 0
(Keine bösartigen Objekte gefunden)

Infizierte Registrierungsschlüssel: 0
(Keine bösartigen Objekte gefunden)

Infizierte Registrierungswerte: 1
HKCU\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon|Shell (Backdoor.Agent) -> Daten: C:\Users\Kenan\AppData\Local\7b30d2dc\X -> Erfolgreich gelöscht und in Quarantäne gestellt.

Infizierte Dateiobjekte der Registrierung: 0
(Keine bösartigen Objekte gefunden)

Infizierte Verzeichnisse: 0
(Keine bösartigen Objekte gefunden)

Infizierte Dateien: 0
(Keine bösartigen Objekte gefunden)

(Ende)

Mach bitte ein neues OTL-Log. Bitte alles nach Möglichkeit hier in CODE-Tags posten.

Wird so gemacht:

[code] hier steht das Log [/code]

Und das ganze sieht dann so aus:

Code:

hier steht das Log

CustomScan mit OTL

Falls noch nicht vorhanden, lade Dir bitte OTL von Oldtimer herunter und speichere es auf Deinem Desktop

Starte bitte die OTL.exe.
Vista und Win7 User mit Rechtsklick "als Administrator starten"
Kopiere nun den kompletten Inhalt aus der untenstehenden Codebox in die http://billy-oneal.com/Canned%20Spee.../customFix.png Textbox von OTL - wenn OTL auf deutsch ist wird sie mit http://larusso.trojaner-board.de/Images/otlfix.jpg beschriftet

Code:

netsvcs

msconfig

safebootminimal

safebootnetwork

activex

drivers32

%ALLUSERSPROFILE%\Application Data\*.

%ALLUSERSPROFILE%\Application Data\*.exe /s

%APPDATA%\*.

%APPDATA%\*.exe /s

%SYSTEMDRIVE%\*.exe

/md5start

wininit.exe

userinit.exe

eventlog.dll

scecli.dll

netlogon.dll

cngaudit.dll

ws2ifsl.sys

sceclt.dll

ntelogon.dll

winlogon.exe

logevent.dll

user32.DLL

iaStor.sys

nvstor.sys

atapi.sys

IdeChnDr.sys

viasraid.sys

AGP440.sys

vaxscsi.sys

nvatabus.sys

viamraid.sys

nvata.sys

nvgts.sys

iastorv.sys

ViPrt.sys

eNetHook.dll

ahcix86.sys

KR10N.sys

nvstor32.sys

ahcix86s.sys

/md5stop

%systemroot%\system32\drivers\*.sys /lockedfiles

%systemroot%\System32\config\*.sav

%systemroot%\*. /mp /s

%systemroot%\system32\*.dll /lockedfiles

CREATERESTOREPOINT

Schliesse bitte nun alle Programme. (Wichtig)
Klicke nun bitte auf den Quick Scan Button.
Klick auf http://billy-oneal.com/Canned%20Spee.../OTL/btnOK.png.
Kopiere nun den Inhalt aus OTL.txt hier in Deinen Thread

So hier ist jetzt die neue OTL Log

Code:

OTL logfile created on: 28.12.2011 11:36:11 - Run 2

OTL by OldTimer - Version 3.2.31.0     Folder = C:\Users\Kenan\Desktop\TojanerProblem

64bit- Home Premium Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation

Internet Explorer (Version = 9.0.8112.16421)

Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy

 

5,91 Gb Total Physical Memory | 4,21 Gb Available Physical Memory | 71,18% Memory free

11,82 Gb Paging File | 9,79 Gb Available in Paging File | 82,80% Paging File free

Paging file location(s): ?:\pagefile.sys [binary data]

 

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)

Drive C: | 449,51 Gb Total Space | 328,54 Gb Free Space | 73,09% Space Free | Partition Type: NTFS

Drive E: | 6,31 Gb Total Space | 0,00 Gb Free Space | 0,00% Space Free | Partition Type: UDF

 

Computer Name: KENAN-VAIO | User Name: Kenan | Logged in as Administrator.

Boot Mode: Normal | Scan Mode: Current user | Quick Scan | Include 64bit Scans

Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days

 
 ========== Processes (SafeList) ==========

 

PRC - [2011.12.27 16:37:38 | 000,584,192 | ---- | M] (OldTimer Tools) -- C:\Users\Kenan\Desktop\TojanerProblem\OTL.exe

PRC - [2011.12.24 17:50:18 | 000,652,872 | ---- | M] (Malwarebytes Corporation) -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe

PRC - [2011.10.11 13:59:49 | 000,086,224 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe

PRC - [2011.10.11 13:59:37 | 000,258,512 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe

PRC - [2011.10.11 13:59:37 | 000,110,032 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe

PRC - [2011.06.24 15:05:48 | 000,075,048 | ---- | M] (cyberlink) -- C:\Program Files (x86)\CyberLink\Shared files\brs.exe

PRC - [2011.06.06 11:55:28 | 000,064,952 | ---- | M] (Adobe Systems Incorporated) -- C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe

PRC - [2011.04.29 16:20:18 | 000,146,592 | ---- | M] (Atheros) -- C:\Program Files (x86)\Bluetooth Suite\Ath_CoexAgent.exe

PRC - [2011.03.05 15:42:36 | 000,180,928 | ---- | M] (Sony Corporation) -- C:\Program Files (x86)\Sony\VAIO Event Service\VESMgrSub.exe

PRC - [2011.03.05 15:42:36 | 000,064,704 | ---- | M] (Sony Corporation) -- C:\Program Files (x86)\Sony\VAIO Event Service\VESMgr.exe

PRC - [2011.02.24 21:02:40 | 002,656,280 | ---- | M] (Intel Corporation) -- C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe

PRC - [2011.02.24 21:02:27 | 000,326,168 | ---- | M] (Intel Corporation) -- C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe

PRC - [2011.02.23 13:05:04 | 000,105,024 | ---- | M] (ArcSoft, Inc.) -- C:\Program Files (x86)\ArcSoft\Magic-i Visual Effects 2\uCamMonitor.exe

PRC - [2011.02.15 10:47:02 | 002,757,312 | ---- | M] (Sony Corporation) -- C:\Program Files (x86)\Sony\ISB Utility\ISBMgr.exe

PRC - [2011.01.29 04:36:18 | 000,081,016 | ---- | M] (Sony of America Corporation) -- C:\Programme\Sony\VAIO Care\listener.exe

PRC - [2011.01.12 17:00:42 | 000,013,336 | ---- | M] (Intel Corporation) -- C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe

PRC - [2011.01.12 17:00:38 | 000,283,160 | ---- | M] (Intel Corporation) -- C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe

PRC - [2010.03.23 12:19:32 | 001,528,616 | ---- | M] (Cisco Systems, Inc.) -- C:\Program Files (x86)\Cisco Systems\VPN Client\cvpnd.exe

PRC - [2009.08.27 16:09:10 | 001,253,376 | ---- | M] (MAGIX AG) -- C:\Program Files (x86)\Common Files\MAGIX Services\Database\bin\FABS.exe

 

 
 ========== Modules (No Company Name) ==========

 

MOD - [2011.10.14 19:33:26 | 000,014,336 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\IAStorCommon\b40ad47b1338dd50c41d2c5571819a09\IAStorCommon.ni.dll

MOD - [2011.10.14 19:33:25 | 000,475,648 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\IAStorUtil\356136d6f23fe3cde33dc96fbda2df0a\IAStorUtil.ni.dll

MOD - [2011.10.14 19:29:46 | 011,819,520 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Web\8e7909ef6b5f953d49244c6b9f5f5100\System.Web.ni.dll

MOD - [2011.10.14 19:29:42 | 000,771,584 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Runtime.Remo#\b2622080e047040fa044dd21a04ff10d\System.Runtime.Remoting.ni.dll

MOD - [2011.10.14 19:29:25 | 012,433,408 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\6e592e424a204aafeadbe22b6b31b9db\System.Windows.Forms.ni.dll

MOD - [2011.10.14 19:29:21 | 001,587,200 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Drawing\3b2cfd85528a27eb71dc41d8067359a1\System.Drawing.ni.dll

MOD - [2011.10.14 19:29:12 | 003,347,968 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\WindowsBase\d7a64c28cf0c90e6c48af4f7d6f9ed41\WindowsBase.ni.dll

MOD - [2011.10.14 19:29:08 | 005,453,312 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Xml\130ad4d9719e566ca933ac7158a04203\System.Xml.ni.dll

MOD - [2011.10.14 19:29:06 | 000,971,264 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Configuration\2d5bcbeb9475ef62189f605bcca1cec6\System.Configuration.ni.dll

MOD - [2011.10.14 19:29:04 | 007,963,648 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System\abab08afa60a6f06bdde0fcc9649c379\System.ni.dll

MOD - [2011.10.14 19:29:00 | 011,490,304 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\a1a82db68b3badc7c27ea1f6579d22c5\mscorlib.ni.dll

MOD - [2011.06.29 23:49:19 | 000,032,768 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\System.Runtime.Remoting.resources\2.0.0.0_de_b77a5c561934e089\System.Runtime.Remoting.resources.dll

MOD - [2010.11.13 01:08:41 | 000,315,392 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\mscorlib.resources\2.0.0.0_de_b77a5c561934e089\mscorlib.resources.dll

 

 
 ========== Win32 Services (SafeList) ==========

 

SRV:64bit: - [2011.09.23 14:37:08 | 001,429,608 | ---- | M] (Sony Corporation) [On_Demand | Running] -- C:\Program Files\Sony\VAIO Update Common\VUAgent.exe -- (VUAgent)

SRV:64bit: - [2011.08.12 15:35:30 | 000,971,704 | ---- | M] (Sony Corporation) [Auto | Running] -- C:\Program Files\Sony\VAIO Smart Network\VSNService.exe -- (VSNService)

SRV:64bit: - [2011.07.19 03:45:52 | 000,104,096 | ---- | M] (Atheros Communication Inc.) [On_Demand | Stopped] -- C:\Program Files\Sony\VAIO Smart Network\WFDA\DCDhcpService.exe -- (DCDhcpService)

SRV:64bit: - [2011.06.29 23:55:22 | 000,203,776 | ---- | M] (AMD) [Auto | Running] -- C:\Windows\SysNative\atiesrxx.exe -- (AMD External Events Utility)

SRV:64bit: - [2011.02.18 21:15:06 | 000,099,104 | ---- | M] (Sony Corporation) [On_Demand | Stopped] -- C:\Program Files\Common Files\Sony Shared\VcmXml\VcmXmlIfHelper64.exe -- (VcmXmlIfHelper)

SRV:64bit: - [2011.02.18 21:10:06 | 000,546,608 | ---- | M] (Sony Corporation) [On_Demand | Stopped] -- C:\Program Files\Sony\VCM Intelligent Analyzing Manager\VcmIAlzMgr.exe -- (VcmIAlzMgr)

SRV:64bit: - [2011.02.18 21:02:08 | 000,385,336 | ---- | M] (Sony Corporation) [On_Demand | Stopped] -- C:\Program Files\Sony\VCM Intelligent Network Service Manager\VcmINSMgr.exe -- (VcmINSMgr)

SRV:64bit: - [2011.02.14 16:54:50 | 000,550,080 | ---- | M] (Sony Corporation) [Auto | Running] -- C:\Program Files\Sony\VAIO Power Management\SPMService.exe -- (VAIO Power Management)

SRV:64bit: - [2011.02.14 12:23:50 | 000,044,736 | ---- | M] (Sony Corporation) [On_Demand | Stopped] -- C:\Program Files\Sony\VAIO Care\VCService.exe -- (VCService)

SRV:64bit: - [2011.01.29 04:36:18 | 000,259,192 | ---- | M] (Sony Corporation) [Auto | Running] -- C:\Program Files\Sony\VAIO Care\VCPerfService.exe -- (SampleCollector)

SRV:64bit: - [2011.01.20 11:27:18 | 000,286,936 | ---- | M] (Sony Corporation) [On_Demand | Stopped] -- C:\Program Files\Common Files\Sony Shared\VAIO Entertainment Platform\SPF\SpfService64.exe -- (SpfService)

SRV:64bit: - [2010.09.22 17:10:10 | 000,057,184 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Program Files\Windows Live\Mesh\wlcrasvc.exe -- (wlcrasvc)

SRV - [2011.12.24 17:50:18 | 000,652,872 | ---- | M] (Malwarebytes Corporation) [Auto | Running] -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe -- (MBAMService)

SRV - [2011.10.11 13:59:49 | 000,086,224 | ---- | M] (Avira Operations GmbH & Co. KG) [Auto | Running] -- C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe -- (AntiVirSchedulerService)

SRV - [2011.10.11 13:59:37 | 000,110,032 | ---- | M] (Avira Operations GmbH & Co. KG) [Auto | Running] -- C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe -- (AntiVirService)

SRV - [2011.08.15 16:18:12 | 002,329,480 | ---- | M] (LogMeIn Inc.) [Auto | Running] -- C:\Program Files (x86)\LogMeIn Hamachi\hamachi-2.exe -- (Hamachi2Svc)

SRV - [2011.06.24 15:05:46 | 000,248,304 | ---- | M] (CyberLink) [Auto | Stopped] -- C:\Program Files (x86)\CyberLink\PowerDVD9\NavFilter\kmsvc.exe -- (CLKMSVC10_9EC60124)

SRV - [2011.06.06 11:55:28 | 000,064,952 | ---- | M] (Adobe Systems Incorporated) [Auto | Running] -- C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe -- (AdobeARMservice)

SRV - [2011.04.29 16:20:18 | 000,146,592 | ---- | M] (Atheros) [Auto | Running] -- C:\Program Files (x86)\Bluetooth Suite\Ath_CoexAgent.exe -- (Atheros Bt&Wlan Coex Agent)

SRV - [2011.04.29 16:19:22 | 000,091,296 | ---- | M] (Atheros Commnucations) [Auto | Running] -- C:\Program Files (x86)\Bluetooth Suite\adminservice.exe -- (AtherosSvc)

SRV - [2011.03.05 15:42:36 | 000,064,704 | ---- | M] (Sony Corporation) [Auto | Running] -- C:\Program Files (x86)\Sony\VAIO Event Service\VESMgr.exe -- (VAIO Event Service)

SRV - [2011.02.24 21:02:40 | 002,656,280 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe -- (UNS) Intel(R)

SRV - [2011.02.24 21:02:27 | 000,326,168 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe -- (LMS) Intel(R)

SRV - [2011.02.23 13:05:04 | 000,105,024 | ---- | M] (ArcSoft, Inc.) [Auto | Running] -- C:\Program Files (x86)\ArcSoft\Magic-i Visual Effects 2\uCamMonitor.exe -- (uCamMonitor)

SRV - [2011.02.21 11:55:08 | 000,113,824 | ---- | M] (Sony Corporation) [On_Demand | Stopped] -- C:\Program Files (x86)\Common Files\Sony Shared\SOHLib\SOHCImp.exe -- (SOHCImp)

SRV - [2011.02.21 11:55:08 | 000,067,232 | ---- | M] (Sony Corporation) [On_Demand | Stopped] -- C:\Program Files (x86)\Common Files\Sony Shared\SOHLib\SOHDs.exe -- (SOHDs)

SRV - [2011.01.20 11:16:26 | 000,887,000 | ---- | M] (Sony Corporation) [On_Demand | Stopped] -- C:\Program Files (x86)\Common Files\Sony Shared\VAIO Content Folder Watcher\VCFw.exe -- (VCFw)

SRV - [2011.01.12 17:00:42 | 000,013,336 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe -- (IAStorDataMgrSvc) Intel(R)

SRV - [2010.03.23 12:19:32 | 001,528,616 | ---- | M] (Cisco Systems, Inc.) [Auto | Running] -- C:\Program Files (x86)\Cisco Systems\VPN Client\cvpnd.exe -- (CVPND)

SRV - [2010.03.18 22:16:28 | 000,130,384 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe -- (clr_optimization_v4.0.30319_32)

SRV - [2010.03.18 10:19:26 | 000,113,152 | ---- | M] (ArcSoft Inc.) [On_Demand | Stopped] -- C:\Program Files (x86)\Common Files\ArcSoft\Connection Service\Bin\ACService.exe -- (ACDaemon)

SRV - [2009.08.27 16:09:10 | 001,253,376 | ---- | M] (MAGIX AG) [Unknown | Running] -- C:\Program Files (x86)\Common Files\MAGIX Services\Database\bin\FABS.exe -- (Fabs)

SRV - [2009.06.10 22:23:09 | 000,066,384 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe -- (clr_optimization_v2.0.50727_32)

SRV - [2008.08.07 10:10:02 | 003,276,800 | ---- | M] (MAGIX®) [On_Demand | Stopped] -- C:\Program Files (x86)\Common Files\MAGIX Services\Database\bin\fbserver.exe -- (FirebirdServerMAGIXInstance)

 

 
 ========== Driver Services (SafeList) ==========

 

DRV:64bit: - [2011.12.10 15:24:08 | 000,023,152 | ---- | M] (Malwarebytes Corporation) [File_System | On_Demand | Running] -- C:\Windows\SysNative\drivers\mbam.sys -- (MBAMProtector)

DRV:64bit: - [2011.12.08 20:42:31 | 000,130,760 | ---- | M] (Avira GmbH) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\avipbb.sys -- (avipbb)

DRV:64bit: - [2011.10.11 14:00:01 | 000,097,312 | ---- | M] (Avira GmbH) [File_System | Auto | Running] -- C:\Windows\SysNative\drivers\avgntflt.sys -- (avgntflt)

DRV:64bit: - [2011.10.11 14:00:01 | 000,027,760 | ---- | M] (Avira GmbH) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\avkmgr.sys -- (avkmgr)

DRV:64bit: - [2011.08.15 13:32:10 | 000,146,736 | ---- | M] (Oracle Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\VBoxNetAdp.sys -- (VBoxNetAdp)

DRV:64bit: - [2011.08.15 03:38:33 | 000,125,440 | ---- | M] () [Kernel | System | Stopped] -- C:\Windows\SysNative\drivers\acedrv07.sys -- (acedrv07)

DRV:64bit: - [2011.08.09 00:32:02 | 012,289,472 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\igdpmd64.sys -- (intelkmd)

DRV:64bit: - [2011.06.30 00:39:02 | 009,319,936 | ---- | M] (ATI Technologies Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\atikmdag.sys -- (amdkmdag)

DRV:64bit: - [2011.06.29 23:18:16 | 000,306,688 | ---- | M] (Advanced Micro Devices, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\atikmpag.sys -- (amdkmdap)

DRV:64bit: - [2011.06.21 00:03:42 | 002,753,536 | ---- | M] (Atheros Communications, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\athrx.sys -- (athr)

DRV:64bit: - [2011.06.01 19:04:37 | 000,439,320 | ---- | M] (Intel Corporation) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\iaStor.sys -- (iaStor)

DRV:64bit: - [2011.04.29 16:19:36 | 000,288,416 | ---- | M] (Atheros) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\btfilter.sys -- (BtFilter)

DRV:64bit: - [2011.04.29 16:19:36 | 000,283,296 | ---- | M] (Atheros) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\btath_rcp.sys -- (BTATH_RCP)

DRV:64bit: - [2011.04.29 16:19:36 | 000,166,048 | ---- | M] (Atheros) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\btath_hcrp.sys -- (BTATH_HCRP)

DRV:64bit: - [2011.04.29 16:19:36 | 000,109,216 | ---- | M] (Atheros) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\btath_avdt.sys -- (btath_avdt)

DRV:64bit: - [2011.04.29 16:19:36 | 000,059,040 | ---- | M] (Atheros) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\btath_lwflt.sys -- (BTATH_LWFLT)

DRV:64bit: - [2011.04.29 16:19:36 | 000,036,000 | ---- | M] (Atheros) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\btath_flt.sys -- (AthBTPort)

DRV:64bit: - [2011.04.29 16:19:36 | 000,029,344 | ---- | M] (Atheros) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\btath_bus.sys -- (BTATH_BUS)

DRV:64bit: - [2011.04.29 16:19:34 | 000,259,232 | ---- | M] (Atheros) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\btath_a2dp.sys -- (BTATH_A2DP)

DRV:64bit: - [2011.04.01 09:15:27 | 000,317,440 | ---- | M] (Intel(R) Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\IntcDAud.sys -- (IntcDAud) Intel(R)

DRV:64bit: - [2011.03.11 07:41:12 | 000,107,904 | ---- | M] (Advanced Micro Devices) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsata.sys -- (amdsata)

DRV:64bit: - [2011.03.11 07:41:12 | 000,027,008 | ---- | M] (Advanced Micro Devices) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\amdxata.sys -- (amdxata)

DRV:64bit: - [2011.03.07 21:58:44 | 000,102,400 | ---- | M] (REDC) [Kernel | Auto | Running] -- C:\Windows\SysNative\drivers\rimssne64.sys -- (rimspci)

DRV:64bit: - [2011.03.07 03:30:45 | 000,098,816 | ---- | M] (REDC) [Kernel | Auto | Running] -- C:\Windows\SysNative\drivers\risdsnxc64.sys -- (risdsnpe)

DRV:64bit: - [2011.03.04 10:21:46 | 001,404,464 | ---- | M] (Synaptics Incorporated) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\SynTP.sys -- (SynTP)

DRV:64bit: - [2011.03.04 10:01:05 | 000,076,912 | ---- | M] (Atheros Communications, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\L1C62x64.sys -- (L1C)

DRV:64bit: - [2011.02.24 21:02:26 | 000,056,344 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\HECIx64.sys -- (MEIx64) Intel(R)

DRV:64bit: - [2010.12.10 12:50:36 | 000,181,248 | ---- | M] (Renesas Electronics Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\nusb3xhc.sys -- (nusb3xhc)

DRV:64bit: - [2010.12.10 12:50:36 | 000,080,384 | ---- | M] (Renesas Electronics Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\nusb3hub.sys -- (nusb3hub)

DRV:64bit: - [2010.11.21 04:24:33 | 000,059,392 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\TsUsbFlt.sys -- (TsUsbFlt)

DRV:64bit: - [2010.11.21 04:23:47 | 000,109,056 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\sdbus.sys -- (sdbus)

DRV:64bit: - [2010.11.21 04:23:47 | 000,078,720 | ---- | M] (Hewlett-Packard Company) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\HpSAMD.sys -- (HpSAMD)

DRV:64bit: - [2010.11.21 04:23:47 | 000,031,232 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\TsUsbGD.sys -- (TsUsbGD)

DRV:64bit: - [2010.11.20 14:34:04 | 000,360,832 | ---- | M] (Microsoft Corporation) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\vpcvmm.sys -- (vpcvmm)

DRV:64bit: - [2010.11.20 14:34:04 | 000,194,944 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\vpchbus.sys -- (vpcbus)

DRV:64bit: - [2010.11.20 12:35:34 | 000,095,232 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\vpcusb.sys -- (vpcusb)

DRV:64bit: - [2010.11.20 12:35:22 | 000,059,392 | ---- | M] (Microsoft Corporation) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\vpcnfltr.sys -- (vpcnfltr)

DRV:64bit: - [2010.04.28 00:57:20 | 000,016,200 | ---- | M] (Logitech Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\WmVirHid.sys -- (WmVirHid)

DRV:64bit: - [2010.04.28 00:57:12 | 000,026,440 | ---- | M] (Logitech Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\WmBEnum.sys -- (WmBEnum)

DRV:64bit: - [2010.04.27 22:03:12 | 000,077,512 | ---- | M] (Logitech Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\WmXlCore.sys -- (WmXlCore)

DRV:64bit: - [2010.04.27 22:02:42 | 000,043,976 | ---- | M] (Logitech Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\WmFilter.sys -- (WmFilter)

DRV:64bit: - [2010.04.26 21:20:29 | 000,012,032 | ---- | M] (Sony Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\SFEP.sys -- (SFEP)

DRV:64bit: - [2010.03.23 12:29:46 | 000,304,784 | ---- | M] () [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\CVPNDRVA.sys -- (CVPNDRVA)

DRV:64bit: - [2010.02.08 07:32:00 | 000,014,992 | ---- | M] (Cisco Systems, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\CVirtA64.sys -- (CVirtA)

DRV:64bit: - [2009.07.14 02:52:20 | 000,194,128 | ---- | M] (AMD Technologies Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsbs.sys -- (amdsbs)

DRV:64bit: - [2009.07.14 02:48:04 | 000,065,600 | ---- | M] (LSI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\lsi_sas2.sys -- (LSI_SAS2)

DRV:64bit: - [2009.07.14 02:45:55 | 000,024,656 | ---- | M] (Promise Technology) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\stexstor.sys -- (stexstor)

DRV:64bit: - [2009.06.10 21:35:02 | 000,281,088 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\e1y60x64.sys -- (e1yexpress) Intel(R)

DRV:64bit: - [2009.06.10 21:34:33 | 003,286,016 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\evbda.sys -- (ebdrv)

DRV:64bit: - [2009.06.10 21:34:28 | 000,468,480 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\bxvbda.sys -- (b06bdrv)

DRV:64bit: - [2009.06.10 21:34:23 | 000,270,848 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\b57nd60a.sys -- (b57nd60a)

DRV:64bit: - [2009.06.10 21:31:59 | 000,031,232 | ---- | M] (Hauppauge Computer Works, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\hcw85cir.sys -- (hcw85cir)

DRV:64bit: - [2009.05.26 13:32:04 | 000,019,968 | ---- | M] (ArcSoft, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\ArcSoftKsUFilter.sys -- (ArcSoftKsUFilter)

DRV:64bit: - [2009.04.08 14:28:46 | 000,068,992 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\xusb21.sys -- (xusb21)

DRV:64bit: - [2009.03.18 16:35:42 | 000,033,856 | -H-- | M] (LogMeIn, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\hamachi.sys -- (hamachi)

DRV:64bit: - [2008.11.16 17:39:44 | 000,157,968 | ---- | M] (Deterministic Networks, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\dne64x.sys -- (DNE)

DRV - [2009.07.14 02:19:10 | 000,019,008 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Stopped] -- C:\Windows\SysWOW64\drivers\wimmount.sys -- (WIMMount)

 

 
 ========== Standard Registry (SafeList) ==========

 

 
 ========== Internet Explorer ==========

 

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm

 

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://www.sony.eu/vaioportal

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.google.de/

IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = <local>

 
 ========== FireFox ==========

 

FF - prefs.js..browser.startup.homepage: "google.de"

 

 

FF:64bit: - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF64_11_1_102.dll File not found

FF:64bit: - HKLM\Software\MozillaPlugins\@divx.com/DivX VOD Helper,version=1.0.0: C:\Program Files\DivX\DivX OVS Helper\npovshelper.dll (DivX, LLC.)

FF:64bit: - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files\Java\jre6\bin\new_plugin\npjp2.dll (Sun Microsystems, Inc.)

FF:64bit: - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: C:\Windows\system32\Wat\npWatWeb.dll (Microsoft Corporation)

FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32.dll ()

FF - HKLM\Software\MozillaPlugins\@divx.com/DivX Browser Plugin,version=1.0.0: C:\Program Files (x86)\DivX\DivX Plus Web Player\npdivx32.dll (DivX, LLC)

FF - HKLM\Software\MozillaPlugins\@divx.com/DivX VOD Helper,version=1.0.0: C:\Program Files (x86)\DivX\DivX OVS Helper\npovshelper.dll (DivX, LLC.)

FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files (x86)\Java\jre6\bin\new_plugin\npjp2.dll (Sun Microsystems, Inc.)

FF - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: C:\Windows\system32\Wat\npWatWeb.dll (Microsoft Corporation)

FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files (x86)\Microsoft Silverlight\4.0.60831.0\npctrl.dll ( Microsoft Corporation)

FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3502.0922: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)

FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3508.1109: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)

FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3538.0513: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)

FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files (x86)\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)

 

FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{23fcfd51-4958-4f00-80a3-ae97e717ed8b}: C:\Program Files (x86)\DivX\DivX Plus Web Player\firefox\DivXHTML5 [2011.10.23 15:35:45 | 000,000,000 | ---D | M]

FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 8.0\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components [2011.11.10 08:03:59 | 000,000,000 | ---D | M]

FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 8.0\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins [2011.11.21 17:53:37 | 000,000,000 | ---D | M]

 

[2011.07.11 01:17:12 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Kenan\AppData\Roaming\mozilla\Extensions

[2011.12.27 15:18:52 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Kenan\AppData\Roaming\mozilla\Firefox\Profiles\s97wfbcw.default\extensions

[2011.11.21 17:53:37 | 000,000,000 | ---D | M] (Winamp Toolbar) -- C:\Users\Kenan\AppData\Roaming\mozilla\Firefox\Profiles\s97wfbcw.default\extensions\{0b38152b-1b20-484d-a11f-5e04a9b0661f}

[2011.07.19 10:00:58 | 000,002,227 | ---- | M] () -- C:\Users\Kenan\AppData\Roaming\Mozilla\Firefox\Profiles\s97wfbcw.default\searchplugins\s-amazon-de.xml

[2011.07.11 01:16:38 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files (x86)\mozilla firefox\extensions

() (No name found) -- C:\USERS\KENAN\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\S97WFBCW.DEFAULT\EXTENSIONS\{9AA46F4F-4DC7-4C06-97AF-5035170634FE}.XPI

() (No name found) -- C:\USERS\KENAN\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\S97WFBCW.DEFAULT\EXTENSIONS\{D10D0BF8-F5B5-C8B4-A8B2-2B9879E08C5D}.XPI

[2011.11.10 08:03:59 | 000,134,104 | ---- | M] (Mozilla Foundation) -- C:\Program Files (x86)\mozilla firefox\components\browsercomps.dll

[2011.10.26 19:49:56 | 000,012,800 | ---- | M] (Nullsoft, Inc.) -- C:\Program Files (x86)\mozilla firefox\plugins\npwachk.dll

[2011.10.09 23:11:27 | 000,001,392 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\amazondotcom-de.xml

[2011.10.09 23:11:27 | 000,002,252 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\bing.xml

[2011.10.09 23:11:27 | 000,001,153 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\eBay-de.xml

[2011.10.09 23:11:27 | 000,006,805 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\leo_ende_de.xml

[2011.10.09 23:11:27 | 000,001,178 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\wikipedia-de.xml

[2011.10.09 23:11:27 | 000,001,105 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\yahoo-de.xml

 

O1 HOSTS File: ([2009.06.10 22:00:26 | 000,000,824 | ---- | M]) - C:\Windows\SysNative\drivers\etc\hosts

O2:64bit: - BHO: (Windows Live ID Sign-in Helper) - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Programme\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.)

O2 - BHO: (Winamp Toolbar Loader) - {25CEE8EC-5730-41bc-8B58-22DDC8AB8C20} - C:\Program Files (x86)\Winamp Toolbar\winamptb.dll (AOL Inc.)

O2 - BHO: (DivX Plus Web Player HTML5 <video>) - {326E768D-4182-46FD-9C16-1449A49795F4} - C:\Program Files (x86)\DivX\DivX Plus Web Player\ie\DivXHTML5\DivXHTML5.dll (DivX, LLC)

O2 - BHO: (CIESpeechBHO Class) - {8D10F6C4-0E01-4BD4-8601-11AC1FDF8126} - C:\Program Files (x86)\Bluetooth Suite\IEPlugIn.dll (Atheros Commnucations)

O3 - HKLM\..\Toolbar: (Winamp Toolbar) - {EBF2BA02-9094-4c5a-858B-BB198F3D8DE2} - C:\Program Files (x86)\Winamp Toolbar\winamptb.dll (AOL Inc.)

O4:64bit: - HKLM..\Run: [AthBtTray] C:\Program Files (x86)\Bluetooth Suite\AthBtTray.exe (Atheros Commnucations)

O4:64bit: - HKLM..\Run: [AtherosBtStack] C:\Program Files (x86)\Bluetooth Suite\BtvStack.exe (Atheros Communications)

O4:64bit: - HKLM..\Run: [HotKeysCmds] C:\Windows\SysNative\hkcmd.exe (Intel Corporation)

O4:64bit: - HKLM..\Run: [IgfxTray] C:\Windows\SysNative\igfxtray.exe (Intel Corporation)

O4:64bit: - HKLM..\Run: [Persistence] C:\Windows\SysNative\igfxpers.exe (Intel Corporation)

O4:64bit: - HKLM..\Run: [RtHDVBg] C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe (Realtek Semiconductor)

O4:64bit: - HKLM..\Run: [RtHDVCpl] C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe (Realtek Semiconductor)

O4 - HKLM..\Run: [avgnt] C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe (Avira Operations GmbH & Co. KG)

O4 - HKLM..\Run: [BDRegion] C:\Program Files (x86)\Cyberlink\Shared files\brs.exe (cyberlink)

O4 - HKLM..\Run: [IAStorIcon] C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe (Intel Corporation)

O4 - HKLM..\Run: [ISBMgr.exe] C:\Program Files (x86)\Sony\ISB Utility\ISBMgr.exe (Sony Corporation)

O4 - HKLM..\Run: [Malwarebytes' Anti-Malware] C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe (Malwarebytes Corporation)

O4 - HKLM..\Run: [StartCCC] C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe (Advanced Micro Devices, Inc.)

O4 - HKCU..\Run: [EA Core] "C:\Program Files (x86)\Electronic Arts\EADM\Core.exe" -silent File not found

O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktop = 1

O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktopChanges = 1

O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5

O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3

O8:64bit: - Extra context menu item: Nach Microsoft E&xel exportieren - res://C:\PROGRA~2\MICROS~4\Office12\EXCEL.EXE/3000 File not found

O8 - Extra context menu item: Nach Microsoft E&xel exportieren - res://C:\PROGRA~2\MICROS~4\Office12\EXCEL.EXE/3000 File not found

O9 - Extra Button: An OneNote senden - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~2\MICROS~4\Office12\ONBttnIE.dll (Microsoft Corporation)

O9 - Extra 'Tools' menuitem : An OneNote s&enden - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~2\MICROS~4\Office12\ONBttnIE.dll (Microsoft Corporation)

O9 - Extra 'Tools' menuitem : Send by Bluetooth to - {7815BE26-237D-41A8-A98F-F7BD75F71086} - C:\Program Files (x86)\Bluetooth Suite\IEPlugIn.dll (Atheros Commnucations)

O9 - Extra Button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~2\MICROS~4\Office12\REFIEBAR.DLL (Microsoft Corporation)

O10:64bit: - NameSpace_Catalog5\Catalog_Entries64\000000000008 [] - C:\Programme\Common Files\Microsoft Shared\Windows Live\WLIDNSP.DLL (Microsoft Corp.)

O10:64bit: - NameSpace_Catalog5\Catalog_Entries64\000000000009 [] - C:\Programme\Common Files\Microsoft Shared\Windows Live\WLIDNSP.DLL (Microsoft Corp.)

O1364bit: - gopher Prefix: missing

O13 - gopher Prefix: missing

O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_22-windows-i586.cab (Java Plug-in 1.6.0_22)

O16 - DPF: {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_22-windows-i586.cab (Java Plug-in 1.6.0_22)

O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_22-windows-i586.cab (Java Plug-in 1.6.0_22)

O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} hxxp://download.microsoft.com/download/E/5/6/E5611B10-0D6D-4117-8430-A67417AA88CD/LegitCheckControl.cab (Windows Genuine Advantage Validation Tool)

O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_22-windows-i586.cab (Java Plug-in 1.6.0_22)

O16 - DPF: {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_22-windows-i586.cab (Java Plug-in 1.6.0_22)

O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_22-windows-i586.cab (Java Plug-in 1.6.0_22)

O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.2.1

O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{608B6E71-8776-4514-B01D-F03F35818556}: DhcpNameServer = 192.168.2.1

O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{CFEDBEE4-FC9D-4307-8C73-F884627DEE53}: DhcpNameServer = 192.168.2.1

O18:64bit: - Protocol\Handler\livecall - No CLSID value found

O18:64bit: - Protocol\Handler\ms-help - No CLSID value found

O18:64bit: - Protocol\Handler\msnim - No CLSID value found

O18:64bit: - Protocol\Handler\wlmailhtml - No CLSID value found

O18:64bit: - Protocol\Handler\wlpg - No CLSID value found

O18:64bit: - Protocol\Filter\text/xml {807563E5-5146-11D5-A672-00B0D022E945} - C:\Programme\Common Files\Microsoft Shared\OFFICE12\MSOXMLMF.DLL (Microsoft Corporation)

O18 - Protocol\Filter\text/xml {807563E5-5146-11D5-A672-00B0D022E945} - C:\PROGRA~2\COMMON~1\MICROS~1\OFFICE12\MSOXMLMF.DLL (Microsoft Corporation)

O20:64bit: - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)

O20:64bit: - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysNative\userinit.exe (Microsoft Corporation)

O20:64bit: - HKLM Winlogon: VMApplet - (SystemPropertiesPerformance.exe) - C:\Windows\SysNative\SystemPropertiesPerformance.exe (Microsoft Corporation)

O20:64bit: - HKLM Winlogon: VMApplet - (/pagefile) -  File not found

O20 - HKLM Winlogon: Shell - (explorer.exe) -C:\Windows\SysWow64\explorer.exe (Microsoft Corporation)

O20 - HKLM Winlogon: UserInit - (userinit.exe) -C:\Windows\SysWow64\userinit.exe (Microsoft Corporation)

O20 - HKLM Winlogon: VMApplet - (/pagefile) - File not found

O20 - HKCU Winlogon: Shell - (C:\Users\Kenan\AppData\Local\7b30d2dc\X) -C:\Users\Kenan\AppData\Local\7b30d2dc\X ()

O20:64bit: - Winlogon\Notify\igfxcui: DllName - (igfxdev.dll) - C:\Windows\SysNative\igfxdev.dll (Intel Corporation)

O21:64bit: - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.

O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.

O32 - HKLM CDRom: AutoRun - 1

O32 - AutoRun File - [2010.09.10 22:33:59 | 000,000,000 | R--D | M] - E:\AutoRun -- [ UDF ]

O32 - AutoRun File - [2010.09.10 22:34:03 | 000,439,056 | R--- | M] (Electronic Arts) - E:\AutoRun.exe -- [ UDF ]

O32 - AutoRun File - [2010.09.10 22:34:02 | 007,864,832 | R--- | M] () - E:\autorun.dat -- [ UDF ]

O32 - AutoRun File - [2010.09.10 22:33:38 | 000,000,141 | R--- | M] () - E:\autorun.inf -- [ UDF ]

O33 - MountPoints2\{910e57fe-a24e-11e0-b61a-806e6f6e6963}\Shell - "" = AutoRun

O33 - MountPoints2\{910e57fe-a24e-11e0-b61a-806e6f6e6963}\Shell\AutoRun\command - "" = E:\AutoRun.exe -- [2010.09.10 22:34:03 | 000,439,056 | R--- | M] (Electronic Arts)

O34 - HKLM BootExecute: (autocheck autochk *)

O35:64bit: - HKLM\..comfile [open] -- "%1" %*

O35:64bit: - HKLM\..exefile [open] -- "%1" %*

O35 - HKLM\..comfile [open] -- "%1" %*

O35 - HKLM\..exefile [open] -- "%1" %*

O37:64bit: - HKLM\...com [@ = comfile] -- "%1" %*

O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %*

O37 - HKLM\...com [@ = comfile] -- "%1" %*

O37 - HKLM\...exe [@ = exefile] -- "%1" %*

 

 

MsConfig:64bit - StartUpReg: Adobe ARM - hkey= - key= - C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe (Adobe Systems Incorporated)

MsConfig:64bit - StartUpReg: Adobe Reader Speed Launcher - hkey= - key= - C:\Program Files (x86)\Adobe\Reader 10.0\Reader\Reader_sl.exe (Adobe Systems Incorporated)

MsConfig:64bit - StartUpReg: BvtUtility - hkey= - key= - C:\Program Files (x86)\BvT Grup\BvT Live Tv\BvtUtility.exe (CanliTv.com)

MsConfig:64bit - StartUpReg: DivXUpdate - hkey= - key= - C:\Program Files (x86)\DivX\DivX Update\DivXUpdate.exe ()

MsConfig:64bit - StartUpReg: LogMeIn Hamachi Ui - hkey= - key= - C:\Program Files (x86)\LogMeIn Hamachi\hamachi-2-ui.exe (LogMeIn Inc.)

MsConfig:64bit - StartUpReg: Start WingMan Profiler - hkey= - key= - C:\Program Files\Logitech\Gaming Software\LWEMon.exe (Logitech Inc.)

MsConfig:64bit - StartUpReg: Ulead AutoDetector v2 - hkey= - key= - C:\Program Files (x86)\Common Files\Ulead Systems\AutoDetector\monitor.exe (Ulead Systems, Inc.)

MsConfig:64bit - State: "startup" - Reg Error: Key error.

 

SafeBootMin:64bit: AppMgmt - Service

SafeBootMin:64bit: Base - Driver Group

SafeBootMin:64bit: Boot Bus Extender - Driver Group

SafeBootMin:64bit: Boot file system - Driver Group

SafeBootMin:64bit: File system - Driver Group

SafeBootMin:64bit: Filter - Driver Group

SafeBootMin:64bit: HelpSvc - Service

SafeBootMin:64bit: MCODS - Reg Error: Value error.

SafeBootMin:64bit: PCI Configuration - Driver Group

SafeBootMin:64bit: PNP Filter - Driver Group

SafeBootMin:64bit: Primary disk - Driver Group

SafeBootMin:64bit: sacsvr - Service

SafeBootMin:64bit: SCSI Class - Driver Group

SafeBootMin:64bit: System Bus Extender - Driver Group

SafeBootMin:64bit: vmms - Service

SafeBootMin:64bit: WinDefend - Service

SafeBootMin:64bit: {36FC9E60-C465-11CF-8056-444553540000} - Universal Serial Bus controllers

SafeBootMin:64bit: {4D36E965-E325-11CE-BFC1-08002BE10318} - CD-ROM Drive

SafeBootMin:64bit: {4D36E967-E325-11CE-BFC1-08002BE10318} - DiskDrive

SafeBootMin:64bit: {4D36E969-E325-11CE-BFC1-08002BE10318} - Standard floppy disk controller

SafeBootMin:64bit: {4D36E96A-E325-11CE-BFC1-08002BE10318} - Hdc

SafeBootMin:64bit: {4D36E96B-E325-11CE-BFC1-08002BE10318} - Keyboard

SafeBootMin:64bit: {4D36E96F-E325-11CE-BFC1-08002BE10318} - Mouse

SafeBootMin:64bit: {4D36E977-E325-11CE-BFC1-08002BE10318} - PCMCIA Adapters

SafeBootMin:64bit: {4D36E97B-E325-11CE-BFC1-08002BE10318} - SCSIAdapter

SafeBootMin:64bit: {4D36E97D-E325-11CE-BFC1-08002BE10318} - System

SafeBootMin:64bit: {4D36E980-E325-11CE-BFC1-08002BE10318} - Floppy disk drive

SafeBootMin:64bit: {533C5B84-EC70-11D2-9505-00C04F79DEAF} - Volume shadow copy

SafeBootMin:64bit: {6BDD1FC1-810F-11D0-BEC7-08002BE2092F} - IEEE 1394 Bus host controllers

SafeBootMin:64bit: {71A27CDD-812A-11D0-BEC7-08002BE2092F} - Volume

SafeBootMin:64bit: {745A17A0-74D3-11D0-B6FE-00A0C90F57DA} - Human Interface Devices

SafeBootMin:64bit: {D48179BE-EC20-11D1-B6B8-00C04FA372A7} - SBP2 IEEE 1394 Devices

SafeBootMin:64bit: {D94EE5D8-D189-4994-83D2-F68D7D41B0E6} - SecurityDevices

SafeBootMin: AppMgmt - Service

SafeBootMin: Base - Driver Group

SafeBootMin: Boot Bus Extender - Driver Group

SafeBootMin: Boot file system - Driver Group

SafeBootMin: File system - Driver Group

SafeBootMin: Filter - Driver Group

SafeBootMin: HelpSvc - Service

SafeBootMin: MCODS - Reg Error: Value error.

SafeBootMin: PCI Configuration - Driver Group

SafeBootMin: PNP Filter - Driver Group

SafeBootMin: Primary disk - Driver Group

SafeBootMin: sacsvr - Service

SafeBootMin: SCSI Class - Driver Group

SafeBootMin: System Bus Extender - Driver Group

SafeBootMin: vmms - Service

SafeBootMin: WinDefend - Service

SafeBootMin: {36FC9E60-C465-11CF-8056-444553540000} - Universal Serial Bus controllers

SafeBootMin: {4D36E965-E325-11CE-BFC1-08002BE10318} - CD-ROM Drive

SafeBootMin: {4D36E967-E325-11CE-BFC1-08002BE10318} - DiskDrive

SafeBootMin: {4D36E969-E325-11CE-BFC1-08002BE10318} - Standard floppy disk controller

SafeBootMin: {4D36E96A-E325-11CE-BFC1-08002BE10318} - Hdc

SafeBootMin: {4D36E96B-E325-11CE-BFC1-08002BE10318} - Keyboard

SafeBootMin: {4D36E96F-E325-11CE-BFC1-08002BE10318} - Mouse

SafeBootMin: {4D36E977-E325-11CE-BFC1-08002BE10318} - PCMCIA Adapters

SafeBootMin: {4D36E97B-E325-11CE-BFC1-08002BE10318} - SCSIAdapter

SafeBootMin: {4D36E97D-E325-11CE-BFC1-08002BE10318} - System

SafeBootMin: {4D36E980-E325-11CE-BFC1-08002BE10318} - Floppy disk drive

SafeBootMin: {533C5B84-EC70-11D2-9505-00C04F79DEAF} - Volume shadow copy

SafeBootMin: {6BDD1FC1-810F-11D0-BEC7-08002BE2092F} - IEEE 1394 Bus host controllers

SafeBootMin: {71A27CDD-812A-11D0-BEC7-08002BE2092F} - Volume

SafeBootMin: {745A17A0-74D3-11D0-B6FE-00A0C90F57DA} - Human Interface Devices

SafeBootMin: {D48179BE-EC20-11D1-B6B8-00C04FA372A7} - SBP2 IEEE 1394 Devices

SafeBootMin: {D94EE5D8-D189-4994-83D2-F68D7D41B0E6} - SecurityDevices

 

SafeBootNet:64bit: AppMgmt - Service

SafeBootNet:64bit: Base - Driver Group

SafeBootNet:64bit: BFE - Service

SafeBootNet:64bit: Boot Bus Extender - Driver Group

SafeBootNet:64bit: Boot file system - Driver Group

SafeBootNet:64bit: File system - Driver Group

SafeBootNet:64bit: Filter - Driver Group

SafeBootNet:64bit: HelpSvc - Service

SafeBootNet:64bit: MCODS - Reg Error: Value error.

SafeBootNet:64bit: Messenger - Service

SafeBootNet:64bit: MPSSvc - Service

SafeBootNet:64bit: NDIS Wrapper - Driver Group

SafeBootNet:64bit: NetBIOSGroup - Driver Group

SafeBootNet:64bit: NetDDEGroup - Driver Group

SafeBootNet:64bit: Network - Driver Group

SafeBootNet:64bit: NetworkProvider - Driver Group

SafeBootNet:64bit: PCI Configuration - Driver Group

SafeBootNet:64bit: PNP Filter - Driver Group

SafeBootNet:64bit: PNP_TDI - Driver Group

SafeBootNet:64bit: Primary disk - Driver Group

SafeBootNet:64bit: rdsessmgr - Service

SafeBootNet:64bit: sacsvr - Service

SafeBootNet:64bit: SCSI Class - Driver Group

SafeBootNet:64bit: Streams Drivers - Driver Group

SafeBootNet:64bit: System Bus Extender - Driver Group

SafeBootNet:64bit: TDI - Driver Group

SafeBootNet:64bit: vmms - Service

SafeBootNet:64bit: WinDefend - Service

SafeBootNet:64bit: WudfUsbccidDriver - Driver

SafeBootNet:64bit: {36FC9E60-C465-11CF-8056-444553540000} - Universal Serial Bus controllers

SafeBootNet:64bit: {4D36E965-E325-11CE-BFC1-08002BE10318} - CD-ROM Drive

SafeBootNet:64bit: {4D36E967-E325-11CE-BFC1-08002BE10318} - DiskDrive

SafeBootNet:64bit: {4D36E969-E325-11CE-BFC1-08002BE10318} - Standard floppy disk controller

SafeBootNet:64bit: {4D36E96A-E325-11CE-BFC1-08002BE10318} - Hdc

SafeBootNet:64bit: {4D36E96B-E325-11CE-BFC1-08002BE10318} - Keyboard

SafeBootNet:64bit: {4D36E96F-E325-11CE-BFC1-08002BE10318} - Mouse

SafeBootNet:64bit: {4D36E972-E325-11CE-BFC1-08002BE10318} - Net

SafeBootNet:64bit: {4D36E973-E325-11CE-BFC1-08002BE10318} - NetClient

SafeBootNet:64bit: {4D36E974-E325-11CE-BFC1-08002BE10318} - NetService

SafeBootNet:64bit: {4D36E975-E325-11CE-BFC1-08002BE10318} - NetTrans

SafeBootNet:64bit: {4D36E977-E325-11CE-BFC1-08002BE10318} - PCMCIA Adapters

SafeBootNet:64bit: {4D36E97B-E325-11CE-BFC1-08002BE10318} - SCSIAdapter

SafeBootNet:64bit: {4D36E97D-E325-11CE-BFC1-08002BE10318} - System

SafeBootNet:64bit: {4D36E980-E325-11CE-BFC1-08002BE10318} - Floppy disk drive

SafeBootNet:64bit: {50DD5230-BA8A-11D1-BF5D-0000F805F530} - Smart card readers

SafeBootNet:64bit: {533C5B84-EC70-11D2-9505-00C04F79DEAF} - Volume shadow copy

SafeBootNet:64bit: {6BDD1FC1-810F-11D0-BEC7-08002BE2092F} - IEEE 1394 Bus host controllers

SafeBootNet:64bit: {71A27CDD-812A-11D0-BEC7-08002BE2092F} - Volume

SafeBootNet:64bit: {745A17A0-74D3-11D0-B6FE-00A0C90F57DA} - Human Interface Devices

SafeBootNet:64bit: {D48179BE-EC20-11D1-B6B8-00C04FA372A7} - SBP2 IEEE 1394 Devices

SafeBootNet:64bit: {D94EE5D8-D189-4994-83D2-F68D7D41B0E6} - SecurityDevices

SafeBootNet: AppMgmt - Service

SafeBootNet: Base - Driver Group

SafeBootNet: BFE - Service

SafeBootNet: Boot Bus Extender - Driver Group

SafeBootNet: Boot file system - Driver Group

SafeBootNet: File system - Driver Group

SafeBootNet: Filter - Driver Group

SafeBootNet: Hamachi2Svc - C:\Program Files (x86)\LogMeIn Hamachi\hamachi-2.exe (LogMeIn Inc.)

SafeBootNet: HelpSvc - Service

SafeBootNet: MCODS - Reg Error: Value error.

SafeBootNet: Messenger - Service

SafeBootNet: MPSSvc - Service

SafeBootNet: NDIS Wrapper - Driver Group

SafeBootNet: NetBIOSGroup - Driver Group

SafeBootNet: NetDDEGroup - Driver Group

SafeBootNet: Network - Driver Group

SafeBootNet: NetworkProvider - Driver Group

SafeBootNet: PCI Configuration - Driver Group

SafeBootNet: PNP Filter - Driver Group

SafeBootNet: PNP_TDI - Driver Group

SafeBootNet: Primary disk - Driver Group

SafeBootNet: rdsessmgr - Service

SafeBootNet: sacsvr - Service

SafeBootNet: SCSI Class - Driver Group

SafeBootNet: Streams Drivers - Driver Group

SafeBootNet: System Bus Extender - Driver Group

SafeBootNet: TDI - Driver Group

SafeBootNet: vmms - Service

SafeBootNet: WinDefend - Service

SafeBootNet: WudfUsbccidDriver - Driver

SafeBootNet: {36FC9E60-C465-11CF-8056-444553540000} - Universal Serial Bus controllers

SafeBootNet: {4D36E965-E325-11CE-BFC1-08002BE10318} - CD-ROM Drive

SafeBootNet: {4D36E967-E325-11CE-BFC1-08002BE10318} - DiskDrive

SafeBootNet: {4D36E969-E325-11CE-BFC1-08002BE10318} - Standard floppy disk controller

SafeBootNet: {4D36E96A-E325-11CE-BFC1-08002BE10318} - Hdc

SafeBootNet: {4D36E96B-E325-11CE-BFC1-08002BE10318} - Keyboard

SafeBootNet: {4D36E96F-E325-11CE-BFC1-08002BE10318} - Mouse

SafeBootNet: {4D36E972-E325-11CE-BFC1-08002BE10318} - Net

SafeBootNet: {4D36E973-E325-11CE-BFC1-08002BE10318} - NetClient

SafeBootNet: {4D36E974-E325-11CE-BFC1-08002BE10318} - NetService

SafeBootNet: {4D36E975-E325-11CE-BFC1-08002BE10318} - NetTrans

SafeBootNet: {4D36E977-E325-11CE-BFC1-08002BE10318} - PCMCIA Adapters

SafeBootNet: {4D36E97B-E325-11CE-BFC1-08002BE10318} - SCSIAdapter

SafeBootNet: {4D36E97D-E325-11CE-BFC1-08002BE10318} - System

SafeBootNet: {4D36E980-E325-11CE-BFC1-08002BE10318} - Floppy disk drive

SafeBootNet: {50DD5230-BA8A-11D1-BF5D-0000F805F530} - Smart card readers

SafeBootNet: {533C5B84-EC70-11D2-9505-00C04F79DEAF} - Volume shadow copy

SafeBootNet: {6BDD1FC1-810F-11D0-BEC7-08002BE2092F} - IEEE 1394 Bus host controllers

SafeBootNet: {71A27CDD-812A-11D0-BEC7-08002BE2092F} - Volume

SafeBootNet: {745A17A0-74D3-11D0-B6FE-00A0C90F57DA} - Human Interface Devices

SafeBootNet: {D48179BE-EC20-11D1-B6B8-00C04FA372A7} - SBP2 IEEE 1394 Devices

SafeBootNet: {D94EE5D8-D189-4994-83D2-F68D7D41B0E6} - SecurityDevices

 

ActiveX:64bit: {08B0E5C0-4FCB-11CF-AAA5-00401C608500} - Java (Sun)

ActiveX:64bit: {22d6f312-b0f6-11d0-94ab-0080c74c7e95} - Microsoft Windows Media Player 12.0

ActiveX:64bit: {2C7339CF-2B09-4501-B3F3-F3508C9228ED} - %SystemRoot%\system32\regsvr32.exe /s /n /i:/UserInstall %SystemRoot%\system32\themeui.dll

ActiveX:64bit: {3af36230-a269-11d1-b5bf-0000f8051515} - Offline Browsing Pack

ActiveX:64bit: {44BBA840-CC51-11CF-AAFA-00AA00B6015C} - "%ProgramFiles%\Windows Mail\WinMail.exe" OCInstallUserConfigOE

ActiveX:64bit: {44BBA855-CC51-11CF-AAFA-00AA00B6015F} - DirectDrawEx

ActiveX:64bit: {45ea75a0-a269-11d1-b5bf-0000f8051515} - Internet Explorer Help

ActiveX:64bit: {4f645220-306d-11d2-995d-00c04f98bbc9} - Microsoft Windows Script 5.6

ActiveX:64bit: {5fd399c0-a70a-11d1-9948-00c04f98bbc9} - Internet Explorer Setup Tools

ActiveX:64bit: {630b1da0-b465-11d1-9948-00c04f98bbc9} - Browsing Enhancements

ActiveX:64bit: {6BF52A52-394A-11d3-B153-00C04F79FAA6} - Microsoft Windows Media Player

ActiveX:64bit: {6fab99d0-bab8-11d1-994a-00c04f98bbc9} - MSN Site Access

ActiveX:64bit: {7790769C-0471-11d2-AF11-00C04FA35D02} - Address Book 7

ActiveX:64bit: {89820200-ECBD-11cf-8B85-00AA005B4340} - regsvr32.exe /s /n /i:U shell32.dll

ActiveX:64bit: {89820200-ECBD-11cf-8B85-00AA005B4383} - C:\Windows\System32\ie4uinit.exe -BaseSettings

ActiveX:64bit: {89B4C1CD-B018-4511-B0A1-5476DBF70820} - C:\Windows\system32\Rundll32.exe C:\Windows\system32\mscories.dll,Install

ActiveX:64bit: {9381D8F2-0288-11D0-9501-00AA00B911A5} - Dynamic HTML Data Binding

ActiveX:64bit: {C9E9A340-D1F1-11D0-821E-444553540600} - Internet Explorer Core Fonts

ActiveX:64bit: {de5aed00-a4bf-11d1-9948-00c04f98bbc9} - HTML Help

ActiveX:64bit: {E92B03AB-B707-11d2-9CBD-0000F87A369E} - Active Directory Service Interface

ActiveX:64bit: {F5B09CFD-F0B2-36AF-8DF4-1DF6B63FC7B4} - .NET Framework

ActiveX:64bit: {FEBEF00C-046D-438D-8A88-BF94A6C9E703} - .NET Framework

ActiveX:64bit: >{22d6f312-b0f6-11d0-94ab-0080c74c7e95} - %SystemRoot%\system32\unregmp2.exe /ShowWMP

ActiveX:64bit: >{26923b43-4d38-484f-9b9e-de460746276c} - C:\Windows\System32\ie4uinit.exe -UserIconConfig

ActiveX:64bit: >{60B49E34-C7CC-11D0-8953-00A0C90347FF} - 

ActiveX:64bit: >{7B284195-B3C3-4FF2-AF60-24DAC8F5E766} - RunDLL32 IEDKCS32.DLL,BrandIE4 CUSTOM

ActiveX: {08B0E5C0-4FCB-11CF-AAA5-00401C608500} - Java (Sun)

ActiveX: {2179C5D3-EBFF-11CF-B6FD-00AA00B4E220} - NetShow

ActiveX: {22d6f312-b0f6-11d0-94ab-0080c74c7e95} - Windows Media Player 5.2

ActiveX: {25FFAAD0-F4A3-4164-95FF-4461E9F35D51} - .NET Framework

ActiveX: {2C7339CF-2B09-4501-B3F3-F3508C9228ED} - %SystemRoot%\system32\regsvr32.exe /s /n /i:/UserInstall %SystemRoot%\system32\themeui.dll

ActiveX: {3af36230-a269-11d1-b5bf-0000f8051515} - Offline Browsing Pack

ActiveX: {44BBA840-CC51-11CF-AAFA-00AA00B6015C} - "%ProgramFiles(x86)%\Windows Mail\WinMail.exe" OCInstallUserConfigOE

ActiveX: {44BBA848-CC51-11CF-AAFA-00AA00B6015C} - DirectShow

ActiveX: {44BBA855-CC51-11CF-AAFA-00AA00B6015F} - DirectDrawEx

ActiveX: {45ea75a0-a269-11d1-b5bf-0000f8051515} - Internet Explorer Help

ActiveX: {4f645220-306d-11d2-995d-00c04f98bbc9} - Microsoft Windows Script 5.6

ActiveX: {5fd399c0-a70a-11d1-9948-00c04f98bbc9} - Internet Explorer Setup Tools

ActiveX: {630b1da0-b465-11d1-9948-00c04f98bbc9} - Browsing Enhancements

ActiveX: {6BF52A52-394A-11d3-B153-00C04F79FAA6} - Microsoft Windows Media Player

ActiveX: {6fab99d0-bab8-11d1-994a-00c04f98bbc9} - MSN Site Access

ActiveX: {7790769C-0471-11d2-AF11-00C04FA35D02} - Address Book 7

ActiveX: {7C028AF8-F614-47B3-82DA-BA94E41B1089} - .NET Framework

ActiveX: {89820200-ECBD-11cf-8B85-00AA005B4340} - regsvr32.exe /s /n /i:U shell32.dll

ActiveX: {89820200-ECBD-11cf-8B85-00AA005B4383} - C:\Windows\SysWOW64\ie4uinit.exe -BaseSettings

ActiveX: {89B4C1CD-B018-4511-B0A1-5476DBF70820} - C:\Windows\SysWOW64\Rundll32.exe C:\Windows\SysWOW64\mscories.dll,Install

ActiveX: {9381D8F2-0288-11D0-9501-00AA00B911A5} - Dynamic HTML Data Binding

ActiveX: {C9E9A340-D1F1-11D0-821E-444553540600} - Internet Explorer Core Fonts

ActiveX: {de5aed00-a4bf-11d1-9948-00c04f98bbc9} - HTML Help

ActiveX: {E92B03AB-B707-11d2-9CBD-0000F87A369E} - Active Directory Service Interface

ActiveX: {F5B09CFD-F0B2-36AF-8DF4-1DF6B63FC7B4} - .NET Framework

ActiveX: >{22d6f312-b0f6-11d0-94ab-0080c74c7e95} - %SystemRoot%\system32\unregmp2.exe /ShowWMP

ActiveX: >{26923b43-4d38-484f-9b9e-de460746276c} - C:\Windows\SysWOW64\ie4uinit.exe -UserIconConfig

ActiveX: >{60B49E34-C7CC-11D0-8953-00A0C90347FF} - "C:\Windows\SysWOW64\rundll32.exe" "C:\Windows\SysWOW64\iedkcs32.dll",BrandIEActiveSetup SIGNUP

 

Drivers32:64bit: msacm.l3acm - C:\Windows\System32\l3codeca.acm (Fraunhofer Institut Integrierte Schaltungen IIS)

Drivers32: msacm.l3acm - C:\Windows\SysWOW64\l3codeca.acm (Fraunhofer Institut Integrierte Schaltungen IIS)

Drivers32: vidc.cvid - C:\Windows\SysWow64\iccvid.dll (Radius Inc.)

Drivers32: vidc.DIVX - C:\Windows\SysWow64\DivX.dll (DivX, Inc.)

Drivers32: vidc.yv12 - C:\Windows\SysWow64\DivX.dll (DivX, Inc.)

 

CREATERESTOREPOINT

Restore point Set: OTL Restore Point

 
 ========== Files/Folders - Created Within 30 Days ==========

 

[2011.12.28 11:31:37 | 000,000,000 | R--D | C] -- C:\Users\Kenan\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\BT Devices

[2011.12.28 03:28:06 | 000,000,000 | ---D | C] -- C:\Users\Kenan\AppData\Local\{01FAB632-2A94-4B50-822E-C52A82940E4B}

[2011.12.28 03:27:32 | 000,000,000 | ---D | C] -- C:\Users\Kenan\AppData\Local\{F09702F9-0ED7-45FA-9A1A-71B367749883}

[2011.12.28 02:00:33 | 000,000,000 | ---D | C] -- C:\Users\Kenan\Documents\MAGIX Downloads

[2011.12.28 02:00:33 | 000,000,000 | ---D | C] -- C:\Users\Kenan\Documents\MAGIX

[2011.12.28 00:48:14 | 000,000,000 | ---D | C] -- C:\Users\Kenan\Desktop\LVG

[2011.12.28 00:28:56 | 000,000,000 | ---D | C] -- C:\Users\Kenan\AppData\Local\AA3DeployClient

[2011.12.28 00:28:56 | 000,000,000 | ---D | C] -- C:\ProgramData\AA3DeployClient

[2011.12.28 00:28:48 | 000,000,000 | ---D | C] -- C:\Users\Kenan\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Army Game

[2011.12.28 00:26:41 | 000,000,000 | ---D | C] -- C:\Users\Kenan\AppData\Local\Deployment

[2011.12.28 00:26:41 | 000,000,000 | ---D | C] -- C:\Users\Kenan\AppData\Local\Apps

[2011.12.27 18:31:20 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\ESET

[2011.12.27 18:11:49 | 000,000,000 | ---D | C] -- C:\Users\Kenan\AppData\Roaming\Malwarebytes

[2011.12.27 18:11:42 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes' Anti-Malware

[2011.12.27 18:11:42 | 000,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes

[2011.12.27 18:11:39 | 000,023,152 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\SysNative\drivers\mbam.sys

[2011.12.27 18:11:39 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Malwarebytes' Anti-Malware

[2011.12.27 17:37:13 | 000,000,000 | ---D | C] -- C:\Users\Kenan\Desktop\TojanerProblem

[2011.12.27 17:00:19 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\7-Zip

[2011.12.27 17:00:19 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\7-Zip

[2011.12.27 15:26:52 | 000,000,000 | ---D | C] -- C:\Users\Kenan\AppData\Local\{AFC89C23-78B5-475F-B339-A43938CEA293}

[2011.12.27 15:26:32 | 000,000,000 | ---D | C] -- C:\Users\Kenan\AppData\Local\{7D0D9999-9D1F-4BD4-B662-9F95DC5F7CF2}

[2011.12.27 01:08:15 | 000,000,000 | ---D | C] -- C:\Users\Kenan\AppData\Local\{3B6266D0-7444-4AE2-8D4E-114A8301484E}

[2011.12.27 01:07:48 | 000,000,000 | ---D | C] -- C:\Users\Kenan\AppData\Local\{14851934-D13D-4DB3-B2A6-40DECEBA9D92}

[2011.12.26 23:52:49 | 000,000,000 | ---D | C] -- C:\Users\Kenan\AppData\Local\{85453B69-0E2A-4872-8A8D-1AE65EF81138}

[2011.12.26 13:31:53 | 000,000,000 | ---D | C] -- C:\Users\Kenan\AppData\Local\{16FDBAEA-DA7F-4B4D-962D-D2B8EA1CA857}

[2011.12.26 01:05:53 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Trend Micro

[2011.12.26 01:05:53 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\HijackThis

[2011.12.25 23:41:20 | 000,000,000 | -HSD | C] -- C:\Users\Kenan\AppData\Local\7b30d2dc

[2011.12.25 16:14:20 | 000,000,000 | ---D | C] -- C:\Users\Kenan\AppData\Local\{4097FA4C-9D70-4AA5-B2B9-D4804BDFCDE5}

[2011.12.25 16:14:09 | 000,000,000 | ---D | C] -- C:\Users\Kenan\AppData\Local\{F2DFA48B-E564-4C34-A091-E4B1A76E57C0}

[2011.12.24 04:36:40 | 000,000,000 | ---D | C] -- C:\Users\Kenan\AppData\Local\{356B2BD4-C637-453A-A928-C95E35A79404}

[2011.12.24 04:36:29 | 000,000,000 | ---D | C] -- C:\Users\Kenan\AppData\Local\{95794BDC-4537-44F3-812E-C60025A45557}

[2011.12.22 13:22:27 | 000,000,000 | ---D | C] -- C:\Users\Kenan\AppData\Local\{9E016A2C-20B2-4F21-9089-703853DB0E9F}

[2011.12.22 13:22:08 | 000,000,000 | ---D | C] -- C:\Users\Kenan\AppData\Local\{5DED2D16-B78E-4774-BADE-D17C533EC8C9}

[2011.12.22 13:19:59 | 000,033,856 | -H-- | C] (LogMeIn, Inc.) -- C:\Windows\SysNative\hamachi.sys

[2011.12.22 13:19:56 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\LogMeIn Hamachi

[2011.12.22 13:19:54 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\LogMeIn Hamachi

[2011.12.21 17:32:50 | 000,000,000 | ---D | C] -- C:\Users\Kenan\AppData\Local\{89F44C35-72F8-40FC-B496-16C1C967306E}

[2011.12.21 17:32:27 | 000,000,000 | ---D | C] -- C:\Users\Kenan\AppData\Local\{98151295-4EA8-4948-BC61-EB567DAB216E}

[2011.12.20 22:29:46 | 000,000,000 | ---D | C] -- C:\Users\Kenan\AppData\Local\{912FD41C-3F90-4C9F-A2B7-135BB80D6A77}

[2011.12.20 22:29:24 | 000,000,000 | ---D | C] -- C:\Users\Kenan\AppData\Local\{F48B745D-C36A-4250-9764-DA63AD418595}

[2011.12.20 07:43:46 | 000,000,000 | ---D | C] -- C:\Users\Kenan\AppData\Local\{BFB836D3-9B1E-43AD-B045-98370C24772A}

[2011.12.20 07:43:23 | 000,000,000 | ---D | C] -- C:\Users\Kenan\AppData\Local\{363DE245-CD4B-4E36-B97B-1433F9973606}

[2011.12.19 15:04:16 | 000,000,000 | ---D | C] -- C:\Users\Kenan\AppData\Local\{712E116B-11CB-41A4-91AE-1C1F4DB7A6EF}

[2011.12.19 15:03:54 | 000,000,000 | ---D | C] -- C:\Users\Kenan\AppData\Local\{3969DDF9-D401-4CDB-A06B-9F579DD8992B}

[2011.12.19 02:58:14 | 000,000,000 | ---D | C] -- C:\Users\Kenan\AppData\Local\{36E9085F-4514-4CA7-9893-117652816E07}

[2011.12.19 02:57:47 | 000,000,000 | ---D | C] -- C:\Users\Kenan\AppData\Local\{A212D5B5-5501-4096-9382-4D7826D72FD2}

[2011.12.18 03:07:17 | 000,000,000 | ---D | C] -- C:\Users\Kenan\AppData\Local\{5EDBC034-3C75-4641-B36C-E7DF2F32995B}

[2011.12.18 03:06:51 | 000,000,000 | ---D | C] -- C:\Users\Kenan\AppData\Local\{9E28DEC3-F719-403F-B6C6-FC1BEDC04639}

[2011.12.17 18:57:56 | 000,000,000 | ---D | C] -- C:\Users\Public\Documents\Alte Eigene Dateien

[2011.12.17 13:13:38 | 000,000,000 | ---D | C] -- C:\Users\Kenan\AppData\Local\{9B14F8F8-1CA4-4BC8-A7A5-2DA8F8186B7E}

[2011.12.17 13:13:16 | 000,000,000 | ---D | C] -- C:\Users\Kenan\AppData\Local\{34C35E28-59B8-44F9-850A-B8355ECCB123}

[2011.12.17 12:52:06 | 000,000,000 | ---D | C] -- C:\Users\Public\Documents\C

[2011.12.16 16:55:07 | 000,000,000 | ---D | C] -- C:\Users\Kenan\AppData\Local\{18E5DD89-2AA5-46F1-A29A-A842CEB85186}

[2011.12.16 16:54:56 | 000,000,000 | ---D | C] -- C:\Users\Kenan\AppData\Local\{DBFF224F-3230-4514-9BDA-BE899133CDA2}

[2011.12.15 16:34:12 | 000,000,000 | ---D | C] -- C:\Users\Kenan\AppData\Roaming\Canon

[2011.12.15 15:38:50 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Canon Utilities

[2011.12.15 15:38:34 | 000,000,000 | -H-D | C] -- C:\Windows\SysNative\CanonIJ Uninstaller Information

[2011.12.15 15:38:34 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Canon MP830

[2011.12.15 15:38:15 | 000,000,000 | -H-D | C] -- C:\Program Files\CanonBJ

[2011.12.15 15:37:16 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Canon

[2011.12.15 13:40:52 | 000,000,000 | ---D | C] -- C:\Users\Kenan\AppData\Local\{8EE8681F-60F3-42D4-9FAB-B59590C2EF0A}

[2011.12.15 13:40:18 | 000,000,000 | ---D | C] -- C:\Users\Kenan\AppData\Local\{C365A675-4E27-4D0C-8891-39FBDD124F06}

[2011.12.15 01:23:27 | 000,000,000 | ---D | C] -- C:\Users\Public\Documents\Kontoauszug

[2011.12.15 01:18:11 | 000,000,000 | ---D | C] -- C:\Users\Kenan\AppData\Local\{FF6FAB9C-08CF-4A9A-94BD-0DDBB7EACDA8}

[2011.12.15 01:17:45 | 000,000,000 | ---D | C] -- C:\Users\Kenan\AppData\Local\{3E4A7DA7-FB50-41B5-B031-0918B6C0D84B}

[2011.12.14 11:54:33 | 000,000,000 | ---D | C] -- C:\Users\Kenan\AppData\Local\{7E9CC605-4313-4F4F-98FD-B380AF3ACD72}

[2011.12.14 11:54:12 | 000,000,000 | ---D | C] -- C:\Users\Kenan\AppData\Local\{1AE83126-F6AE-47D7-8D32-D3A199495F14}

[2011.12.13 16:11:10 | 000,000,000 | ---D | C] -- C:\Users\Kenan\AppData\Local\{F7FB9F2C-7FDD-4F81-8ADE-7935BB9F10E7}

[2011.12.13 16:10:59 | 000,000,000 | ---D | C] -- C:\Users\Kenan\AppData\Local\{66AC74EF-0B74-4663-8859-8349E2FF29B6}

[2011.12.13 16:10:43 | 000,000,000 | ---D | C] -- C:\Users\Kenan\AppData\Local\{26E554F7-C435-46C8-837A-DCE38FA3ED94}

[2011.12.13 16:10:08 | 000,000,000 | ---D | C] -- C:\Users\Kenan\AppData\Local\{4983CC8D-A5E7-46E1-B6E4-5E55E4604865}

[2011.12.12 16:20:24 | 000,000,000 | ---D | C] -- C:\Users\Kenan\AppData\Local\{20C7DC7C-1F22-445C-8871-A34ABD314460}

[2011.12.12 16:19:57 | 000,000,000 | ---D | C] -- C:\Users\Kenan\AppData\Local\{ED66214D-49C4-4865-8F77-590A97613D8F}

[2011.12.12 15:31:50 | 000,000,000 | ---D | C] -- C:\Users\Kenan\AppData\Local\Logitech

[2011.12.12 15:31:04 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Logitech

[2011.12.12 15:30:41 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Logitech

[2011.12.12 15:30:28 | 000,000,000 | ---D | C] -- C:\Program Files\Logitech

[2011.12.12 01:36:08 | 000,000,000 | ---D | C] -- C:\Users\Kenan\AppData\Local\{6365C5F8-BB88-4184-B5CA-A7BC81B1E389}

[2011.12.12 01:35:48 | 000,000,000 | ---D | C] -- C:\Users\Kenan\AppData\Local\{EB1BDBDC-A6AB-4A6B-893A-C0A80F872CDC}

[2011.12.12 01:35:21 | 000,000,000 | ---D | C] -- C:\Users\Kenan\AppData\Local\{B0A8DE83-EFC6-4518-8753-1F28948DF2A3}

[2011.12.11 10:25:15 | 000,000,000 | ---D | C] -- C:\Users\Kenan\AppData\Local\{08DB0319-EF89-4A9D-AA25-4DD8322FC108}

[2011.12.11 10:25:04 | 000,000,000 | ---D | C] -- C:\Users\Kenan\AppData\Local\{B5A9D93C-35EF-4AC0-8E48-F31C3F76A94D}

[2011.12.10 10:21:35 | 000,000,000 | ---D | C] -- C:\Users\Kenan\AppData\Local\{9FB750D1-FFA9-4A7F-91CA-E15E69AF43F5}

[2011.12.10 10:21:25 | 000,000,000 | ---D | C] -- C:\Users\Kenan\AppData\Local\{64FB4C92-503C-4D46-8BBD-D7814401BF1E}

[2011.12.10 10:21:14 | 000,000,000 | ---D | C] -- C:\Users\Kenan\AppData\Local\{DE49E76C-9F84-43B9-ACDA-B1D376E1464F}

[2011.12.10 10:20:39 | 000,000,000 | ---D | C] -- C:\Users\Kenan\AppData\Local\{9FE3D653-96FF-433F-9ADE-05A78ED90381}

[2011.12.09 18:57:21 | 000,000,000 | ---D | C] -- C:\Users\Kenan\AppData\Local\{3F6E10BE-4A0B-4271-B3CF-CFB4B68B2830}

[2011.12.09 18:56:40 | 000,000,000 | ---D | C] -- C:\Users\Kenan\AppData\Local\{618D3C4C-16AB-4684-BABA-0168DA8E3787}

[2011.12.08 20:20:12 | 000,000,000 | ---D | C] -- C:\Users\Kenan\AppData\Local\{8E3D0343-BCDC-46AE-8224-C080EDC94074}

[2011.12.08 20:19:26 | 000,000,000 | ---D | C] -- C:\Users\Kenan\AppData\Local\{68A665AB-C347-4E76-B39A-19ACB0080D1D}

[2011.12.08 08:18:40 | 000,000,000 | ---D | C] -- C:\Users\Kenan\AppData\Local\{213521B6-371D-45A2-AD0F-3DAD7934C93C}

[2011.12.08 08:17:50 | 000,000,000 | ---D | C] -- C:\Users\Kenan\AppData\Local\{E8BB6C7F-18AE-49BE-BC66-932D36FD3459}

[2011.12.07 16:11:08 | 000,000,000 | ---D | C] -- C:\Users\Kenan\AppData\Local\{067D6B16-E092-4087-A173-05BDE4A7DB9B}

[2011.12.07 16:10:25 | 000,000,000 | ---D | C] -- C:\Users\Kenan\AppData\Local\{0D2EBEE2-F039-4446-9D07-D9D610C281D8}

[2011.12.06 19:55:33 | 000,000,000 | ---D | C] -- C:\Users\Kenan\AppData\Local\{440767DB-EA3B-450F-93A4-5E5E5B7D8807}

[2011.12.06 19:54:48 | 000,000,000 | ---D | C] -- C:\Users\Kenan\AppData\Local\{920B6E0C-369B-42DB-8BCD-4F9DD2033398}

[2011.12.06 07:54:09 | 000,000,000 | ---D | C] -- C:\Users\Kenan\AppData\Local\{9AD451E7-959B-4792-B1D1-FA4342872C1C}

[2011.12.06 07:53:23 | 000,000,000 | ---D | C] -- C:\Users\Kenan\AppData\Local\{6D5A00AD-1CF7-4E50-8BE4-EAB4115A4A55}

[2011.12.05 10:33:50 | 000,000,000 | ---D | C] -- C:\Users\Kenan\AppData\Local\{52FECB12-8E06-4CBC-ABF5-0FFB04122285}

[2011.12.05 10:33:09 | 000,000,000 | ---D | C] -- C:\Users\Kenan\AppData\Local\{FF1F798A-C78C-4E19-A493-212B2F1D7546}

[2011.12.04 21:30:29 | 000,000,000 | ---D | C] -- C:\Users\Kenan\AppData\Local\{8523CB02-F205-497F-852D-4E4040E6D89C}

[2011.12.04 21:30:04 | 000,000,000 | ---D | C] -- C:\Users\Kenan\AppData\Local\{B6A5DA82-D435-4961-859B-5BE2EC5B3BDD}

[2011.12.03 20:26:40 | 000,000,000 | ---D | C] -- C:\Users\Kenan\AppData\Local\{B9959A64-663F-47D2-A8B2-9BFA4C323732}

[2011.12.03 20:25:51 | 000,000,000 | ---D | C] -- C:\Users\Kenan\AppData\Local\{EA3ED08A-0BD4-4856-A71F-DB86CC8749DC}

[2011.12.03 14:35:36 | 000,000,000 | R--D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\TriDef 3D

[2011.12.03 14:35:35 | 000,000,000 | ---D | C] -- C:\ProgramData\DDD

[2011.12.03 14:35:32 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\TriDef 3D

[2011.12.02 08:09:13 | 000,000,000 | ---D | C] -- C:\Users\Kenan\AppData\Local\{C947CCEE-A8E6-4BFF-A9A5-FA94C6A2A4C6}

[2011.12.02 08:08:39 | 000,000,000 | ---D | C] -- C:\Users\Kenan\AppData\Local\{7B3F4C86-EE62-4ED3-AD72-885053AF60C1}

[2011.12.01 20:08:12 | 000,000,000 | ---D | C] -- C:\Users\Kenan\AppData\Local\{D120E7D6-FAC5-4BEB-9D39-4D837C5898FE}

[2011.12.01 20:07:38 | 000,000,000 | ---D | C] -- C:\Users\Kenan\AppData\Local\{8D396F78-758E-44C4-994B-0085236D45E3}

[2011.12.01 08:06:59 | 000,000,000 | ---D | C] -- C:\Users\Kenan\AppData\Local\{1DEBD5DA-032C-4E0C-BB58-444A5CBC8B24}

[2011.12.01 08:06:33 | 000,000,000 | ---D | C] -- C:\Users\Kenan\AppData\Local\{C1E42293-DDB9-44DC-A92E-8B1701D4B7E2}

[2011.11.30 16:23:47 | 000,000,000 | ---D | C] -- C:\Users\Kenan\AppData\Local\{28641252-25C2-4FC3-B559-F9C70A87513F}

[2011.11.30 16:23:20 | 000,000,000 | ---D | C] -- C:\Users\Kenan\AppData\Local\{B3244799-1403-4A7D-B066-E65668B6E95E}

[2011.11.29 20:10:46 | 000,000,000 | ---D | C] -- C:\Users\Kenan\AppData\Local\{12A55EBD-0793-4FA7-9DF7-FB29E29127CE}

[2011.11.29 20:10:12 | 000,000,000 | ---D | C] -- C:\Users\Kenan\AppData\Local\{90E15804-6FB5-4184-83A9-AE403E28BC4C}

[2011.11.29 07:10:23 | 000,000,000 | ---D | C] -- C:\Users\Kenan\AppData\Local\{B537DE02-4EB0-4EDD-B285-95BF18309038}

[2011.11.29 07:09:56 | 000,000,000 | ---D | C] -- C:\Users\Kenan\AppData\Local\{FB3CC972-285A-4EF6-963C-2C54584B9093}

[2011.11.28 18:45:45 | 000,000,000 | ---D | C] -- C:\Users\Kenan\AppData\Local\{87B0ED36-08F3-41D4-BAD3-CE6F947C9446}

[2011.11.28 18:45:15 | 000,000,000 | ---D | C] -- C:\Users\Kenan\AppData\Local\{50F48384-5140-49E0-A640-8F5EC53072B0}

[2011.11.28 18:40:52 | 000,000,000 | R--D | C] -- C:\Users\Kenan\Dropbox

[2011.11.28 18:39:10 | 000,000,000 | ---D | C] -- C:\Users\Kenan\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Dropbox

[2011.11.28 18:38:45 | 000,000,000 | ---D | C] -- C:\Users\Kenan\AppData\Roaming\Dropbox

[1 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ]

[1 C:\Users\Kenan\Desktop\*.tmp files -> C:\Users\Kenan\Desktop\*.tmp -> ]

 
 ========== Files - Modified Within 30 Days ==========

 

[2011.12.28 11:37:13 | 000,021,200 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0

[2011.12.28 11:37:13 | 000,021,200 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0

[2011.12.28 11:34:07 | 001,613,340 | ---- | M] () -- C:\Windows\SysNative\PerfStringBackup.INI

[2011.12.28 11:34:07 | 000,698,976 | ---- | M] () -- C:\Windows\SysNative\perfh007.dat

[2011.12.28 11:34:07 | 000,652,918 | ---- | M] () -- C:\Windows\SysNative\perfh009.dat

[2011.12.28 11:34:07 | 000,149,000 | ---- | M] () -- C:\Windows\SysNative\perfc007.dat

[2011.12.28 11:34:07 | 000,121,850 | ---- | M] () -- C:\Windows\SysNative\perfc009.dat

[2011.12.28 11:29:41 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat

[2011.12.28 11:29:36 | 466,984,959 | -HS- | M] () -- C:\hiberfil.sys

[2011.12.28 03:45:20 | 000,001,113 | ---- | M] () -- C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk

[2011.12.28 00:28:48 | 000,000,316 | ---- | M] () -- C:\Users\Kenan\Desktop\AA3Deploy.appref-ms

[2011.12.27 15:49:13 | 000,000,000 | ---- | M] () -- C:\Users\Kenan\defogger_reenable

[2011.12.21 23:51:03 | 002,903,606 | ---- | M] () -- C:\Users\Kenan\Desktop\htc_sensation.pdf

[2011.12.15 21:18:20 | 000,439,848 | ---- | M] () -- C:\Windows\SysNative\FNTCACHE.DAT

[2011.12.12 15:28:45 | 000,000,000 | -H-- | M] () -- C:\Windows\SysNative\drivers\Msft_Kernel_xusb21_01007.Wdf

[2011.12.10 15:24:08 | 000,023,152 | ---- | M] (Malwarebytes Corporation) -- C:\Windows\SysNative\drivers\mbam.sys

[2011.12.09 19:49:12 | 000,464,353 | ---- | M] () -- C:\test.xml

[2011.12.08 20:42:31 | 000,130,760 | ---- | M] (Avira GmbH) -- C:\Windows\SysNative\drivers\avipbb.sys

[1 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ]

[1 C:\Users\Kenan\Desktop\*.tmp files -> C:\Users\Kenan\Desktop\*.tmp -> ]

 
 ========== Files Created - No Company Name ==========

 

[2011.12.28 03:45:20 | 000,001,113 | ---- | C] () -- C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk

[2011.12.28 00:28:48 | 000,000,316 | ---- | C] () -- C:\Users\Kenan\Desktop\AA3Deploy.appref-ms

[2011.12.27 15:49:13 | 000,000,000 | ---- | C] () -- C:\Users\Kenan\defogger_reenable

[2011.12.21 23:50:48 | 002,903,606 | ---- | C] () -- C:\Users\Kenan\Desktop\htc_sensation.pdf

[2011.12.15 15:38:19 | 000,003,072 | ---- | C] () -- C:\Windows\SysNative\CNCFLbNL.DLL

[2011.12.12 15:28:45 | 000,000,000 | -H-- | C] () -- C:\Windows\SysNative\drivers\Msft_Kernel_xusb21_01007.Wdf

[2011.12.03 14:35:22 | 000,001,400 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\VAIO3DPortal.lnk

[2011.11.08 23:17:05 | 013,903,872 | ---- | C] () -- C:\Windows\SysWow64\ig4icd32.dll

[2011.11.08 23:17:05 | 000,216,000 | ---- | C] () -- C:\Windows\SysWow64\igfcg600m.bin

[2011.11.08 23:17:05 | 000,056,832 | ---- | C] () -- C:\Windows\SysWow64\igdde32.dll

[2011.11.08 23:17:05 | 000,028,732 | ---- | C] () -- C:\Windows\SysWow64\ativvsny.dat

[2011.11.08 23:17:05 | 000,026,936 | ---- | C] () -- C:\Windows\SysWow64\ativvsnl.dat

[2011.11.08 23:17:05 | 000,003,929 | ---- | C] () -- C:\Windows\SysWow64\atipblag.dat

[2011.09.13 22:14:11 | 000,000,056 | -H-- | C] () -- C:\ProgramData\ezsidmv.dat

[2011.09.12 03:21:52 | 000,005,120 | ---- | C] () -- C:\Users\Kenan\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini

[2011.08.10 22:02:06 | 000,001,024 | ---- | C] () -- C:\Windows\SysWow64\AV32UID.DAT

[2011.08.10 03:57:25 | 000,081,920 | ---- | C] () -- C:\Windows\SysWow64\acedrv07.dll

[2011.08.10 03:11:58 | 000,000,000 | ---- | C] () -- C:\Windows\MusicMaker.INI

[2011.08.10 03:07:11 | 000,010,240 | ---- | C] () -- C:\Windows\SysWow64\vidx16.dll

[2011.08.10 03:05:50 | 000,049,152 | ---- | C] () -- C:\Windows\SysWow64\mgxasio2.dll

[2011.08.10 02:59:45 | 000,006,537 | ---- | C] () -- C:\Windows\mgxoschk.ini

[2011.08.10 02:52:26 | 000,000,196 | ---- | C] () -- C:\Windows\ulead32.ini

[2011.07.12 23:25:14 | 000,007,648 | ---- | C] () -- C:\Users\Kenan\AppData\Local\Resmon.ResmonCfg

[2011.06.30 08:01:52 | 000,059,904 | ---- | C] () -- C:\Windows\SysWow64\OVDecode.dll

[2011.06.29 14:08:14 | 000,000,000 | ---- | C] () -- C:\Windows\ativpsrm.bin

[2011.06.29 14:06:23 | 000,002,975 | ---- | C] () -- C:\Windows\SysWow64\atipblup.dat

[2011.04.14 04:56:29 | 000,963,116 | ---- | C] () -- C:\Windows\SysWow64\igkrng600.bin

[2011.04.14 04:56:28 | 000,145,804 | ---- | C] () -- C:\Windows\SysWow64\igcompkrng600.bin

[2011.04.09 17:55:28 | 000,179,261 | ---- | C] () -- C:\Windows\SysWow64\xlive.dll.cat

[2011.03.04 11:00:37 | 000,066,856 | ---- | C] () -- C:\Windows\SysWow64\SynTPEnhPS.dll

[2011.02.11 00:03:27 | 001,594,978 | ---- | C] () -- C:\Windows\SysWow64\PerfStringBackup.INI

[2009.07.14 06:38:36 | 000,067,584 | --S- | C] () -- C:\Windows\bootstat.dat

[2009.07.14 03:35:51 | 000,000,741 | ---- | C] () -- C:\Windows\SysWow64\NOISE.DAT

[2009.07.14 03:34:42 | 000,215,943 | ---- | C] () -- C:\Windows\SysWow64\dssec.dat

[2009.07.14 01:10:29 | 000,043,131 | ---- | C] () -- C:\Windows\mib.bin

[2009.07.14 00:42:10 | 000,064,000 | ---- | C] () -- C:\Windows\SysWow64\BWContextHandler.dll

[2009.07.13 22:03:59 | 000,364,544 | ---- | C] () -- C:\Windows\SysWow64\msjetoledb40.dll

[2009.06.10 22:26:10 | 000,673,088 | ---- | C] () -- C:\Windows\SysWow64\mlang.dat

[2007.04.27 09:43:58 | 000,120,200 | ---- | C] () -- C:\Windows\SysWow64\DLLDEV32i.dll

 
 ========== LOP Check ==========

 

[2011.12.22 15:33:17 | 000,000,000 | ---D | M] -- C:\Users\Kenan\AppData\Roaming\Canon

[2011.12.23 00:22:21 | 000,000,000 | ---D | M] -- C:\Users\Kenan\AppData\Roaming\Dropbox

[2011.08.29 15:22:52 | 000,000,000 | ---D | M] -- C:\Users\Kenan\AppData\Roaming\Leadertech

[2011.09.10 23:02:38 | 000,000,000 | ---D | M] -- C:\Users\Kenan\AppData\Roaming\MAGIX

[2011.09.12 03:21:52 | 000,000,000 | ---D | M] -- C:\Users\Kenan\AppData\Roaming\Solveig Multimedia

[2011.11.21 17:44:39 | 000,000,000 | ---D | M] -- C:\Users\Kenan\AppData\Roaming\streamripper

[2011.12.10 10:21:52 | 000,000,000 | ---D | M] -- C:\Users\Kenan\AppData\Roaming\Windows Live Writer

[2011.12.03 02:47:44 | 000,000,000 | ---D | M] -- C:\Users\Kenan\AppData\Roaming\XBMC

[2011.08.16 10:23:36 | 000,000,000 | ---D | M] -- C:\Users\Kenan\AppData\Roaming\XP Modus

[2011.11.27 13:04:46 | 000,032,640 | ---- | M] () -- C:\Windows\Tasks\SCHEDLGU.TXT

 
 ========== Purity Check ==========

 

 

 
 ========== Custom Scans ==========

 

 
 < %ALLUSERSPROFILE%\Application Data\*. >

 
 < %ALLUSERSPROFILE%\Application Data\*.exe /s >

 
 < %APPDATA%\*. >

[2011.07.12 19:36:25 | 000,000,000 | ---D | M] -- C:\Users\Kenan\AppData\Roaming\Adobe

[2011.07.11 00:36:40 | 000,000,000 | ---D | M] -- C:\Users\Kenan\AppData\Roaming\ArcSoft

[2011.07.10 23:20:05 | 000,000,000 | ---D | M] -- C:\Users\Kenan\AppData\Roaming\Atheros

[2011.07.10 23:21:07 | 000,000,000 | ---D | M] -- C:\Users\Kenan\AppData\Roaming\ATI

[2011.10.14 19:27:16 | 000,000,000 | ---D | M] -- C:\Users\Kenan\AppData\Roaming\Avira

[2011.12.22 15:33:17 | 000,000,000 | ---D | M] -- C:\Users\Kenan\AppData\Roaming\Canon

[2011.07.11 00:16:24 | 000,000,000 | ---D | M] -- C:\Users\Kenan\AppData\Roaming\CyberLink

[2011.08.05 04:29:19 | 000,000,000 | ---D | M] -- C:\Users\Kenan\AppData\Roaming\DivX

[2011.12.23 00:22:21 | 000,000,000 | ---D | M] -- C:\Users\Kenan\AppData\Roaming\Dropbox

[2011.07.10 23:19:35 | 000,000,000 | ---D | M] -- C:\Users\Kenan\AppData\Roaming\Identities

[2011.07.10 23:20:09 | 000,000,000 | ---D | M] -- C:\Users\Kenan\AppData\Roaming\Intel Corporation

[2011.08.29 15:22:52 | 000,000,000 | ---D | M] -- C:\Users\Kenan\AppData\Roaming\Leadertech

[2011.06.29 14:25:23 | 000,000,000 | ---D | M] -- C:\Users\Kenan\AppData\Roaming\Macromedia

[2011.09.10 23:02:38 | 000,000,000 | ---D | M] -- C:\Users\Kenan\AppData\Roaming\MAGIX

[2011.12.27 18:11:49 | 000,000,000 | ---D | M] -- C:\Users\Kenan\AppData\Roaming\Malwarebytes

[2011.03.15 03:36:01 | 000,000,000 | ---D | M] -- C:\Users\Kenan\AppData\Roaming\Media Center Programs

[2011.11.08 23:18:31 | 000,000,000 | --SD | M] -- C:\Users\Kenan\AppData\Roaming\Microsoft

[2011.07.11 01:17:12 | 000,000,000 | ---D | M] -- C:\Users\Kenan\AppData\Roaming\Mozilla

[2011.07.12 14:58:09 | 000,000,000 | ---D | M] -- C:\Users\Kenan\AppData\Roaming\NCH Software

[2011.12.15 17:10:24 | 000,000,000 | ---D | M] -- C:\Users\Kenan\AppData\Roaming\Skype

[2011.11.17 21:15:08 | 000,000,000 | ---D | M] -- C:\Users\Kenan\AppData\Roaming\skypePM

[2011.09.12 03:21:52 | 000,000,000 | ---D | M] -- C:\Users\Kenan\AppData\Roaming\Solveig Multimedia

[2011.07.12 00:27:44 | 000,000,000 | ---D | M] -- C:\Users\Kenan\AppData\Roaming\Sony Corporation

[2011.11.21 17:44:39 | 000,000,000 | ---D | M] -- C:\Users\Kenan\AppData\Roaming\streamripper

[2011.11.27 00:09:36 | 000,000,000 | ---D | M] -- C:\Users\Kenan\AppData\Roaming\Winamp

[2011.12.10 10:21:52 | 000,000,000 | ---D | M] -- C:\Users\Kenan\AppData\Roaming\Windows Live Writer

[2011.08.09 10:40:05 | 000,000,000 | ---D | M] -- C:\Users\Kenan\AppData\Roaming\WinRAR

[2011.12.03 02:47:44 | 000,000,000 | ---D | M] -- C:\Users\Kenan\AppData\Roaming\XBMC

[2011.08.16 10:23:36 | 000,000,000 | ---D | M] -- C:\Users\Kenan\AppData\Roaming\XP Modus

 
 < %APPDATA%\*.exe /s >

[2011.12.05 20:17:44 | 024,242,056 | ---- | M] (Dropbox, Inc.) -- C:\Users\Kenan\AppData\Roaming\Dropbox\bin\Dropbox.exe

[2011.12.05 20:18:12 | 000,174,752 | ---- | M] (Dropbox, Inc.) -- C:\Users\Kenan\AppData\Roaming\Dropbox\bin\Uninstall.exe

[2011.06.29 14:25:02 | 000,053,632 | ---- | M] (Adobe Systems Inc.) -- C:\Users\Kenan\AppData\Roaming\Macromedia\Flash Player\www.macromedia.com\bin\airappinstaller\airappinstaller.exe

[2011.11.08 23:18:31 | 000,010,134 | R--- | M] () -- C:\Users\Kenan\AppData\Roaming\Microsoft\Installer\{15CDC9CF-D347-1F6D-2EDB-D0F41B136758}\ARPPRODUCTICON.exe

[2007.11.27 07:41:32 | 000,405,504 | ---- | M] () -- C:\Users\Kenan\AppData\Roaming\NCH Software\Components\mp3el2\lame.exe

[2011.05.18 09:49:08 | 002,486,784 | ---- | M] () -- C:\Users\Kenan\AppData\Roaming\NCH Software\Components\soxdec\soxdec.exe

 
 < %SYSTEMDRIVE%\*.exe >

 

 
 < MD5 for: AGP440.SYS  >

[2009.07.14 02:52:21 | 000,061,008 | ---- | M] (Microsoft Corporation) MD5=608C14DBA7299D8CB6ED035A68A15799 -- C:\Windows\SysNative\drivers\AGP440.sys

[2009.07.14 02:52:21 | 000,061,008 | ---- | M] (Microsoft Corporation) MD5=608C14DBA7299D8CB6ED035A68A15799 -- C:\Windows\SysNative\DriverStore\FileRepository\machine.inf_amd64_neutral_a2f120466549d68b\AGP440.sys

[2009.07.14 02:52:21 | 000,061,008 | ---- | M] (Microsoft Corporation) MD5=608C14DBA7299D8CB6ED035A68A15799 -- C:\Windows\winsxs\amd64_machine.inf_31bf3856ad364e35_6.1.7601.17514_none_1838f2aad55063bb\AGP440.sys

 
 < MD5 for: ATAPI.SYS  >

[2009.07.14 02:52:21 | 000,024,128 | ---- | M] (Microsoft Corporation) MD5=02062C0B390B7729EDC9E69C680A6F3C -- C:\Windows\SysNative\drivers\atapi.sys

[2009.07.14 02:52:21 | 000,024,128 | ---- | M] (Microsoft Corporation) MD5=02062C0B390B7729EDC9E69C680A6F3C -- C:\Windows\SysNative\DriverStore\FileRepository\mshdc.inf_amd64_neutral_aad30bdeec04ea5e\atapi.sys

[2009.07.14 02:52:21 | 000,024,128 | ---- | M] (Microsoft Corporation) MD5=02062C0B390B7729EDC9E69C680A6F3C -- C:\Windows\winsxs\amd64_mshdc.inf_31bf3856ad364e35_6.1.7601.17514_none_3b5e2d89382958dd\atapi.sys

 
 < MD5 for: CNGAUDIT.DLL  >

[2009.07.14 02:15:06 | 000,012,288 | ---- | M] (Microsoft Corporation) MD5=50BA656134F78AF64E4DD3C8B6FEFD7E -- C:\Windows\SysWOW64\cngaudit.dll

[2009.07.14 02:15:06 | 000,012,288 | ---- | M] (Microsoft Corporation) MD5=50BA656134F78AF64E4DD3C8B6FEFD7E -- C:\Windows\winsxs\x86_microsoft-windows-cngaudit-dll_31bf3856ad364e35_6.1.7600.16385_none_e83a414890e8132b\cngaudit.dll

[2009.07.14 02:40:20 | 000,018,944 | ---- | M] (Microsoft Corporation) MD5=86FE1B1F8FD42CD0DB641AB1CDB13093 -- C:\Windows\SysNative\cngaudit.dll

[2009.07.14 02:40:20 | 000,018,944 | ---- | M] (Microsoft Corporation) MD5=86FE1B1F8FD42CD0DB641AB1CDB13093 -- C:\Windows\winsxs\amd64_microsoft-windows-cngaudit-dll_31bf3856ad364e35_6.1.7600.16385_none_4458dccc49458461\cngaudit.dll

 
 < MD5 for: IASTOR.SYS  >

[2011.06.01 19:04:37 | 000,439,320 | ---- | M] (Intel Corporation) MD5=D469B77687E12FE43E344806740B624D -- C:\Windows\SysNative\drivers\iaStor.sys

[2011.06.01 19:04:37 | 000,439,320 | ---- | M] (Intel Corporation) MD5=D469B77687E12FE43E344806740B624D -- C:\Windows\SysNative\DriverStore\FileRepository\iaahci.inf_amd64_neutral_a36325196df56f7d\iaStor.sys

[2011.06.01 19:04:37 | 000,439,320 | ---- | M] (Intel Corporation) MD5=D469B77687E12FE43E344806740B624D -- C:\Windows\SysNative\DriverStore\FileRepository\iastor.inf_amd64_neutral_e3082ac13af8d3bf\iaStor.sys

 
 < MD5 for: IASTORV.SYS  >

[2010.11.21 04:23:47 | 000,410,496 | ---- | M] (Intel Corporation) MD5=3DF4395A7CF8B7A72A5F4606366B8C2D -- C:\Windows\SysNative\DriverStore\FileRepository\iastorv.inf_amd64_neutral_668286aa35d55928\iaStorV.sys

[2010.11.21 04:23:47 | 000,410,496 | ---- | M] (Intel Corporation) MD5=3DF4395A7CF8B7A72A5F4606366B8C2D -- C:\Windows\winsxs\amd64_iastorv.inf_31bf3856ad364e35_6.1.7601.17514_none_0d3757e79e6784d0\iaStorV.sys

[2011.03.11 07:19:16 | 000,410,496 | ---- | M] (Intel Corporation) MD5=5B3DE7208E5000D5B451B9D290D2579C -- C:\Windows\winsxs\amd64_iastorv.inf_31bf3856ad364e35_6.1.7601.21680_none_0d714416b7c182d5\iaStorV.sys

[2011.03.11 07:41:26 | 000,410,496 | ---- | M] (Intel Corporation) MD5=AAAF44DB3BD0B9D1FB6969B23ECC8366 -- C:\Windows\SysNative\drivers\iaStorV.sys

[2011.03.11 07:41:26 | 000,410,496 | ---- | M] (Intel Corporation) MD5=AAAF44DB3BD0B9D1FB6969B23ECC8366 -- C:\Windows\SysNative\DriverStore\FileRepository\iastorv.inf_amd64_neutral_0bcee2057afcc090\iaStorV.sys

[2011.03.11 07:41:26 | 000,410,496 | ---- | M] (Intel Corporation) MD5=AAAF44DB3BD0B9D1FB6969B23ECC8366 -- C:\Windows\winsxs\amd64_iastorv.inf_31bf3856ad364e35_6.1.7601.17577_none_0cf9793d9e95787b\iaStorV.sys

 
 < MD5 for: NETLOGON.DLL  >

[2010.11.21 04:24:01 | 000,695,808 | ---- | M] (Microsoft Corporation) MD5=AA339DD8BB128EF66660DFBBB59043D3 -- C:\Windows\SysNative\netlogon.dll

[2010.11.21 04:24:01 | 000,695,808 | ---- | M] (Microsoft Corporation) MD5=AA339DD8BB128EF66660DFBBB59043D3 -- C:\Windows\winsxs\amd64_microsoft-windows-security-netlogon_31bf3856ad364e35_6.1.7601.17514_none_5bddbcb24e997298\netlogon.dll

[2010.11.21 04:24:09 | 000,563,712 | ---- | M] (Microsoft Corporation) MD5=C1809B9907ADEDAF16F50C894100883B -- C:\Windows\SysWOW64\netlogon.dll

[2010.11.21 04:24:09 | 000,563,712 | ---- | M] (Microsoft Corporation) MD5=C1809B9907ADEDAF16F50C894100883B -- C:\Windows\winsxs\wow64_microsoft-windows-security-netlogon_31bf3856ad364e35_6.1.7601.17514_none_6632670482fa3493\netlogon.dll

 
 < MD5 for: NVSTOR.SYS  >

[2011.03.11 07:19:21 | 000,166,272 | ---- | M] (NVIDIA Corporation) MD5=D23C7E8566DA2B8A7C0DBBB761D54888 -- C:\Windows\winsxs\amd64_nvraid.inf_31bf3856ad364e35_6.1.7601.21680_none_983ab4c5eef82cad\nvstor.sys

[2011.03.11 07:41:34 | 000,166,272 | ---- | M] (NVIDIA Corporation) MD5=DAB0E87525C10052BF65F06152F37E4A -- C:\Windows\SysNative\drivers\nvstor.sys

[2011.03.11 07:41:34 | 000,166,272 | ---- | M] (NVIDIA Corporation) MD5=DAB0E87525C10052BF65F06152F37E4A -- C:\Windows\SysNative\DriverStore\FileRepository\nvraid.inf_amd64_neutral_0276fc3b3ea60d41\nvstor.sys

[2011.03.11 07:41:34 | 000,166,272 | ---- | M] (NVIDIA Corporation) MD5=DAB0E87525C10052BF65F06152F37E4A -- C:\Windows\winsxs\amd64_nvraid.inf_31bf3856ad364e35_6.1.7601.17577_none_97c2e9ecd5cc2253\nvstor.sys

[2010.11.21 04:23:47 | 000,166,272 | ---- | M] (NVIDIA Corporation) MD5=F7CD50FE7139F07E77DA8AC8033D1832 -- C:\Windows\SysNative\DriverStore\FileRepository\nvraid.inf_amd64_neutral_dd659ed032d28a14\nvstor.sys

[2010.11.21 04:23:47 | 000,166,272 | ---- | M] (NVIDIA Corporation) MD5=F7CD50FE7139F07E77DA8AC8033D1832 -- C:\Windows\winsxs\amd64_nvraid.inf_31bf3856ad364e35_6.1.7601.17514_none_9800c896d59e2ea8\nvstor.sys

 
 < MD5 for: SCECLI.DLL  >

[2010.11.21 04:23:54 | 000,175,616 | ---- | M] (Microsoft Corporation) MD5=8124944EC89D6A1815E4E53F5B96AAF4 -- C:\Windows\SysWOW64\scecli.dll

[2010.11.21 04:23:54 | 000,175,616 | ---- | M] (Microsoft Corporation) MD5=8124944EC89D6A1815E4E53F5B96AAF4 -- C:\Windows\winsxs\wow64_microsoft-windows-s..urationengineclient_31bf3856ad364e35_6.1.7601.17514_none_a088921d241bbb4e\scecli.dll

[2010.11.21 04:24:32 | 000,232,960 | ---- | M] (Microsoft Corporation) MD5=ED78427259134C63ED69804D2132B86C -- C:\Windows\SysNative\scecli.dll

[2010.11.21 04:24:32 | 000,232,960 | ---- | M] (Microsoft Corporation) MD5=ED78427259134C63ED69804D2132B86C -- C:\Windows\winsxs\amd64_microsoft-windows-s..urationengineclient_31bf3856ad364e35_6.1.7601.17514_none_9633e7caefbaf953\scecli.dll

 
 < MD5 for: USER32.DLL  >

[2010.11.21 04:24:20 | 000,833,024 | ---- | M] (Microsoft Corporation) MD5=5E0DB2D8B2750543CD2EBB9EA8E6CDD3 -- C:\Windows\SysWOW64\user32.dll

[2010.11.21 04:24:20 | 000,833,024 | ---- | M] (Microsoft Corporation) MD5=5E0DB2D8B2750543CD2EBB9EA8E6CDD3 -- C:\Windows\winsxs\wow64_microsoft-windows-user32_31bf3856ad364e35_6.1.7601.17514_none_35b31c02b85ccb6e\user32.dll

[2010.11.21 04:24:09 | 001,008,128 | ---- | M] (Microsoft Corporation) MD5=FE70103391A64039A921DBFFF9C7AB1B -- C:\Windows\SysNative\user32.dll

[2010.11.21 04:24:09 | 001,008,128 | ---- | M] (Microsoft Corporation) MD5=FE70103391A64039A921DBFFF9C7AB1B -- C:\Windows\winsxs\amd64_microsoft-windows-user32_31bf3856ad364e35_6.1.7601.17514_none_2b5e71b083fc0973\user32.dll

 
 < MD5 for: USERINIT.EXE  >

[2010.11.21 04:23:55 | 000,026,624 | ---- | M] (Microsoft Corporation) MD5=61AC3EFDFACFDD3F0F11DD4FD4044223 -- C:\Windows\SysWOW64\userinit.exe

[2010.11.21 04:23:55 | 000,026,624 | ---- | M] (Microsoft Corporation) MD5=61AC3EFDFACFDD3F0F11DD4FD4044223 -- C:\Windows\winsxs\x86_microsoft-windows-userinit_31bf3856ad364e35_6.1.7601.17514_none_de3024012ff21116\userinit.exe

[2010.11.21 04:24:28 | 000,030,720 | ---- | M] (Microsoft Corporation) MD5=BAFE84E637BF7388C96EF48D4D3FDD53 -- C:\Windows\SysNative\userinit.exe

[2010.11.21 04:24:28 | 000,030,720 | ---- | M] (Microsoft Corporation) MD5=BAFE84E637BF7388C96EF48D4D3FDD53 -- C:\Windows\winsxs\amd64_microsoft-windows-userinit_31bf3856ad364e35_6.1.7601.17514_none_3a4ebf84e84f824c\userinit.exe

 
 < MD5 for: WININIT.EXE  >

[2009.07.14 02:39:52 | 000,129,024 | ---- | M] (Microsoft Corporation) MD5=94355C28C1970635A31B3FE52EB7CEBA -- C:\Windows\SysNative\wininit.exe

[2009.07.14 02:39:52 | 000,129,024 | ---- | M] (Microsoft Corporation) MD5=94355C28C1970635A31B3FE52EB7CEBA -- C:\Windows\winsxs\amd64_microsoft-windows-wininit_31bf3856ad364e35_6.1.7600.16385_none_8ce7aa761e01ad49\wininit.exe

[2009.07.14 02:14:45 | 000,096,256 | ---- | M] (Microsoft Corporation) MD5=B5C5DCAD3899512020D135600129D665 -- C:\Windows\SysWOW64\wininit.exe

[2009.07.14 02:14:45 | 000,096,256 | ---- | M] (Microsoft Corporation) MD5=B5C5DCAD3899512020D135600129D665 -- C:\Windows\winsxs\x86_microsoft-windows-wininit_31bf3856ad364e35_6.1.7600.16385_none_30c90ef265a43c13\wininit.exe

 
 < MD5 for: WINLOGON.EXE  >

[2010.11.21 04:24:29 | 000,390,656 | ---- | M] (Microsoft Corporation) MD5=1151B1BAA6F350B1DB6598E0FEA7C457 -- C:\Windows\SysNative\winlogon.exe

[2010.11.21 04:24:29 | 000,390,656 | ---- | M] (Microsoft Corporation) MD5=1151B1BAA6F350B1DB6598E0FEA7C457 -- C:\Windows\winsxs\amd64_microsoft-windows-winlogon_31bf3856ad364e35_6.1.7601.17514_none_cde90685eb910636\winlogon.exe

[2011.12.24 17:50:20 | 000,182,856 | ---- | M] () MD5=B382935AB01B27D0E14F267DBF288896 -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\Chameleon\winlogon.exe

 
 < MD5 for: WS2IFSL.SYS  >

[2009.07.14 01:10:33 | 000,021,504 | ---- | M] (Microsoft Corporation) MD5=6BCC1D7D2FD2453957C5479A32364E52 -- C:\Windows\SysNative\drivers\ws2ifsl.sys

[2009.07.14 01:10:33 | 000,021,504 | ---- | M] (Microsoft Corporation) MD5=6BCC1D7D2FD2453957C5479A32364E52 -- C:\Windows\winsxs\amd64_microsoft-windows-w..rastructure-ws2ifsl_31bf3856ad364e35_6.1.7600.16385_none_ab7b927be17eace8\ws2ifsl.sys

 
 < %systemroot%\system32\drivers\*.sys /lockedfiles >

 
 < %systemroot%\System32\config\*.sav >

 
 < %systemroot%\*. /mp /s >

 
 < %systemroot%\system32\*.dll /lockedfiles >

 
 <           >
 

< End of report >

Mach einen OTL-Fix, beende alle evtl. geöffneten Programme, auch Virenscanner deaktivieren (!), starte OTL und kopiere folgenden Text in die "Custom Scan/Fixes" Box (unten in OTL): (das ":OTL" muss mitkopiert werden!!!)

Code:

:OTL

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.sony.eu/vaioportal

[2011.11.21 17:53:37 | 000,000,000 | ---D | M] (Winamp Toolbar) -- C:\Users\Kenan\AppData\Roaming\mozilla\Firefox\Profiles\s97wfbcw.default\extensions\{0b38152b-1b20-484d-a11f-5e04a9b0661f}

[2011.07.19 10:00:58 | 000,002,227 | ---- | M] () -- C:\Users\Kenan\AppData\Roaming\Mozilla\Firefox\Profiles\s97wfbcw.default\searchplugins\s-amazon-de.xml

O2 - BHO: (Winamp Toolbar Loader) - {25CEE8EC-5730-41bc-8B58-22DDC8AB8C20} - C:\Program Files (x86)\Winamp Toolbar\winamptb.dll (AOL Inc.)

O3 - HKLM\..\Toolbar: (Winamp Toolbar) - {EBF2BA02-9094-4c5a-858B-BB198F3D8DE2} - C:\Program Files (x86)\Winamp Toolbar\winamptb.dll (AOL Inc.)

O32 - HKLM CDRom: AutoRun - 1

O32 - AutoRun File - [2010.09.10 22:33:59 | 000,000,000 | R--D | M] - E:\AutoRun -- [ UDF ]

O32 - AutoRun File - [2010.09.10 22:34:03 | 000,439,056 | R--- | M] (Electronic Arts) - E:\AutoRun.exe -- [ UDF ]

O32 - AutoRun File - [2010.09.10 22:34:02 | 007,864,832 | R--- | M] () - E:\autorun.dat -- [ UDF ]

O32 - AutoRun File - [2010.09.10 22:33:38 | 000,000,141 | R--- | M] () - E:\autorun.inf -- [ UDF ]

O33 - MountPoints2\{910e57fe-a24e-11e0-b61a-806e6f6e6963}\Shell - "" = AutoRun

O33 - MountPoints2\{910e57fe-a24e-11e0-b61a-806e6f6e6963}\Shell\AutoRun\command - "" = E:\AutoRun.exe -- [2010.09.10 22:34:03 | 000,439,056 | R--- | M] (Electronic Arts)

[2011.12.25 23:41:20 | 000,000,000 | -HSD | C] -- C:\Users\Kenan\AppData\Local\7b30d2dc

[2011.12.15 15:38:19 | 000,003,072 | ---- | C] () -- C:\Windows\SysNative\CNCFLbNL.DLL

:Commands

[emptytemp]

[resethosts]

Klick dann oben links auf den Button Fix!
Das Logfile müsste geöffnet werden, wenn Du nach dem Fixen auf ok klickst, poste das bitte. Evtl. wird der Rechner neu gestartet.

Die mit diesem Script gefixten Einträge, Dateien und Ordner werden zur Sicherheit nicht vollständig gelöscht, es wird eine Sicherheitskopie auf der Systempartition im Ordner "_OTL" erstellt.

Hinweis: Das obige Script ist nur für diesen einen User in dieser Situtation erstellt worden. Es ist auf keinen anderen Rechner portierbar und darf nicht anderweitig verwandt werden, da es das System nachhaltig schädigen kann!

So hier ist der OTL Fix Log:

Code:

All processes killed

========== OTL ==========

HKLM\SOFTWARE\Microsoft\Internet Explorer\Main\\Local Page| /E : value set successfully!

HKCU\SOFTWARE\Microsoft\Internet Explorer\Main\\Default_Page_URL| /E : value set successfully!

C:\Users\Kenan\AppData\Roaming\mozilla\Firefox\Profiles\s97wfbcw.default\extensions\{0b38152b-1b20-484d-a11f-5e04a9b0661f}\META-INF folder moved successfully.

C:\Users\Kenan\AppData\Roaming\mozilla\Firefox\Profiles\s97wfbcw.default\extensions\{0b38152b-1b20-484d-a11f-5e04a9b0661f}\components folder moved successfully.

C:\Users\Kenan\AppData\Roaming\mozilla\Firefox\Profiles\s97wfbcw.default\extensions\{0b38152b-1b20-484d-a11f-5e04a9b0661f}\chrome folder moved successfully.

C:\Users\Kenan\AppData\Roaming\mozilla\Firefox\Profiles\s97wfbcw.default\extensions\{0b38152b-1b20-484d-a11f-5e04a9b0661f} folder moved successfully.

C:\Users\Kenan\AppData\Roaming\Mozilla\Firefox\Profiles\s97wfbcw.default\searchplugins\s-amazon-de.xml moved successfully.

Registry key HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{25CEE8EC-5730-41bc-8B58-22DDC8AB8C20}\ deleted successfully.

Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{25CEE8EC-5730-41bc-8B58-22DDC8AB8C20}\ deleted successfully.

C:\Program Files (x86)\Winamp Toolbar\winamptb.dll moved successfully.

Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Toolbar\\{EBF2BA02-9094-4c5a-858B-BB198F3D8DE2} deleted successfully.

Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{EBF2BA02-9094-4c5a-858B-BB198F3D8DE2}\ deleted successfully.

File C:\Program Files (x86)\Winamp Toolbar\winamptb.dll not found.

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Cdrom\\AutoRun|DWORD:1 /E : value set successfully!

File  not found.

File move failed. E:\AutoRun.exe scheduled to be moved on reboot.

File move failed. E:\autorun.dat scheduled to be moved on reboot.

File move failed. E:\autorun.inf scheduled to be moved on reboot.

Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{910e57fe-a24e-11e0-b61a-806e6f6e6963}\ deleted successfully.

Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{910e57fe-a24e-11e0-b61a-806e6f6e6963}\ not found.

Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{910e57fe-a24e-11e0-b61a-806e6f6e6963}\ not found.

Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{910e57fe-a24e-11e0-b61a-806e6f6e6963}\ not found.

File move failed. E:\AutoRun.exe scheduled to be moved on reboot.

C:\Users\Kenan\AppData\Local\7b30d2dc\U folder moved successfully.

Folder move failed. C:\Users\Kenan\AppData\Local\7b30d2dc scheduled to be moved on reboot.

C:\Windows\SysNative\CNCFLbNL.DLL moved successfully.

========== COMMANDS ==========

 

[EMPTYTEMP]

 

User: All Users

 

User: Default

->Temp folder emptied: 0 bytes

->Temporary Internet Files folder emptied: 33170 bytes

->Flash cache emptied: 56502 bytes

 

User: Default User

->Temp folder emptied: 0 bytes

->Temporary Internet Files folder emptied: 0 bytes

->Flash cache emptied: 0 bytes

 

User: Kenan

->Temp folder emptied: 868724518 bytes

->Temporary Internet Files folder emptied: 296434303 bytes

->Java cache emptied: 3732855 bytes

->FireFox cache emptied: 871853030 bytes

->Flash cache emptied: 87655 bytes

 

User: Public

 

%systemdrive% .tmp files removed: 0 bytes

%systemroot% .tmp files removed: 0 bytes

%systemroot%\System32 .tmp files removed: 0 bytes

%systemroot%\System32 (64bit) .tmp files removed: 0 bytes

%systemroot%\System32\drivers .tmp files removed: 0 bytes

Windows Temp folder emptied: 138210983 bytes

%systemroot%\sysnative\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files folder emptied: 254786 bytes

RecycleBin emptied: 0 bytes

 

Total Files Cleaned = 2.078,00 mb

 

C:\Windows\System32\drivers\etc\Hosts moved successfully.

HOSTS file reset successfully

 

OTL by OldTimer - Version 3.2.31.0 log created on 12282011_222332
 

Files\Folders moved on Reboot...

File move failed. E:\AutoRun.exe scheduled to be moved on reboot.

File move failed. E:\autorun.dat scheduled to be moved on reboot.

File move failed. E:\autorun.inf scheduled to be moved on reboot.

C:\Users\Kenan\AppData\Local\7b30d2dc folder moved successfully.

C:\Users\Kenan\AppData\Local\Temp\FXSAPIDebugLogFile.txt moved successfully.
 

Registry entries deleted on Reboot...

Bitte nun (im normalen Windows-Modus) dieses Tool von Kaspersky (TDSS-Killer) ausführen und das Log posten => http://www.trojaner-board.de/82358-t...entfernen.html

Das Tool so einstellen wie unten im Bild angegeben - klick auf change parameters und setze die Haken wie im folgenden Screenshot abgebildet,
Dann auf Start Scan klicken und wenn es durch ist auf den Button Report klicken um das Log anzuzeigen. Dieses bitte komplett posten.
Wenn du das Log nicht findest oder den Inhalt kopieren und in dein Posting übertragen kannst, dann schau bitte direkt auf deiner Windows-Systempartition (meistens Laufwerk C:) nach, da speichert der TDSS-Killer seine Logs.

Hinweis: Bitte nichts voreilig mit dem TDSS-Killer löschen! Falls Objekte vom TDSS-Killer bemängelt werden, alle mit der Aktion "skip" behandeln und hier nur das Log posten!

http://saved.im/mtkwmtcxexhp/setting...8_16-25-18.jpg

Falls du durch die Infektion auf deine Dokumente/Eigenen Dateien nicht zugreifen kannst, Verknüpfungen auf dem Desktop oder im Startmenü unter "alle Programme" fehlen, bitte unhide ausführen:
Downloade dir bitte unhide.exe und speichere diese Datei auf deinem Desktop.
Starte das Tool und es sollten alle Dateien und Ordner wieder sichtbar sein. ( Könnte eine Weile dauern )
http://www.trojaner-board.de/images/icons/icon4.gif Windows-Vista und Windows-7-User müssen das Tool per Rechtsklick als Administrator ausführen! http://www.trojaner-board.de/images/icons/icon4.gif

Hier ist die Log:

Code:

00:04:44.0603 5656        TDSS rootkit removing tool 2.6.25.0 Dec 23 2011 14:51:16

00:04:44.0713 5656        ============================================================

00:04:44.0713 5656        Current date / time: 2011/12/29 00:04:44.0713

00:04:44.0713 5656        SystemInfo:

00:04:44.0713 5656        

00:04:44.0713 5656        OS Version: 6.1.7601 ServicePack: 1.0

00:04:44.0713 5656        Product type: Workstation

00:04:44.0713 5656        ComputerName: KENAN-VAIO

00:04:44.0713 5656        UserName: Kenan

00:04:44.0713 5656        Windows directory: C:\Windows

00:04:44.0713 5656        System windows directory: C:\Windows

00:04:44.0713 5656        Running under WOW64

00:04:44.0713 5656        Processor architecture: Intel x64

00:04:44.0713 5656        Number of processors: 4

00:04:44.0713 5656        Page size: 0x1000

00:04:44.0713 5656        Boot type: Normal boot

00:04:44.0713 5656        ============================================================

00:04:45.0149 5656        Initialize success

00:05:50.0693 5324        ============================================================

00:05:50.0693 5324        Scan started

00:05:50.0693 5324        Mode: Manual; SigCheck; TDLFS; 

00:05:50.0693 5324        ============================================================

00:05:50.0989 5324        1394ohci        (a87d604aea360176311474c87a63bb88) C:\Windows\system32\drivers\1394ohci.sys

00:05:51.0052 5324        1394ohci - ok

00:05:51.0177 5324        acedrv07        (6e9c8b324980afe454c6f7762e2b4478) C:\Windows\system32\drivers\acedrv07.sys

00:05:51.0192 5324        acedrv07 ( UnsignedFile.Multi.Generic ) - warning

00:05:51.0192 5324        acedrv07 - detected UnsignedFile.Multi.Generic (1)

00:05:51.0239 5324        ACPI            (d81d9e70b8a6dd14d42d7b4efa65d5f2) C:\Windows\system32\drivers\ACPI.sys

00:05:51.0255 5324        ACPI - ok

00:05:51.0286 5324        AcpiPmi         (99f8e788246d495ce3794d7e7821d2ca) C:\Windows\system32\drivers\acpipmi.sys

00:05:51.0333 5324        AcpiPmi - ok

00:05:51.0395 5324        adp94xx         (2f6b34b83843f0c5118b63ac634f5bf4) C:\Windows\system32\drivers\adp94xx.sys

00:05:51.0411 5324        adp94xx - ok

00:05:51.0473 5324        adpahci         (597f78224ee9224ea1a13d6350ced962) C:\Windows\system32\drivers\adpahci.sys

00:05:51.0473 5324        adpahci - ok

00:05:51.0520 5324        adpu320         (e109549c90f62fb570b9540c4b148e54) C:\Windows\system32\drivers\adpu320.sys

00:05:51.0535 5324        adpu320 - ok

00:05:51.0598 5324        AFD             (d5b031c308a409a0a576bff4cf083d30) C:\Windows\system32\drivers\afd.sys

00:05:51.0645 5324        AFD - ok

00:05:51.0707 5324        agp440          (608c14dba7299d8cb6ed035a68a15799) C:\Windows\system32\drivers\agp440.sys

00:05:51.0707 5324        agp440 - ok

00:05:51.0738 5324        aliide          (5812713a477a3ad7363c7438ca2ee038) C:\Windows\system32\drivers\aliide.sys

00:05:51.0738 5324        aliide - ok

00:05:51.0785 5324        amdide          (1ff8b4431c353ce385c875f194924c0c) C:\Windows\system32\drivers\amdide.sys

00:05:51.0785 5324        amdide - ok

00:05:51.0816 5324        AmdK8           (7024f087cff1833a806193ef9d22cda9) C:\Windows\system32\drivers\amdk8.sys

00:05:51.0847 5324        AmdK8 - ok

00:05:52.0035 5324        amdkmdag        (2d969426b5d901fb91a3f4f94b2eb5b8) C:\Windows\system32\DRIVERS\atikmdag.sys

00:05:52.0315 5324        amdkmdag - ok

00:05:52.0378 5324        amdkmdap        (a88d7aaed436780dcf420234873f719d) C:\Windows\system32\DRIVERS\atikmpag.sys

00:05:52.0393 5324        amdkmdap - ok

00:05:52.0440 5324        AmdPPM          (1e56388b3fe0d031c44144eb8c4d6217) C:\Windows\system32\drivers\amdppm.sys

00:05:52.0471 5324        AmdPPM - ok

00:05:52.0518 5324        amdsata         (d4121ae6d0c0e7e13aa221aa57ef2d49) C:\Windows\system32\drivers\amdsata.sys

00:05:52.0534 5324        amdsata - ok

00:05:52.0565 5324        amdsbs          (f67f933e79241ed32ff46a4f29b5120b) C:\Windows\system32\drivers\amdsbs.sys

00:05:52.0581 5324        amdsbs - ok

00:05:52.0612 5324        amdxata         (540daf1cea6094886d72126fd7c33048) C:\Windows\system32\drivers\amdxata.sys

00:05:52.0612 5324        amdxata - ok

00:05:52.0690 5324        AppID           (89a69c3f2f319b43379399547526d952) C:\Windows\system32\drivers\appid.sys

00:05:52.0846 5324        AppID - ok

00:05:52.0877 5324        arc             (c484f8ceb1717c540242531db7845c4e) C:\Windows\system32\drivers\arc.sys

00:05:52.0893 5324        arc - ok

00:05:52.0924 5324        arcsas          (019af6924aefe7839f61c830227fe79c) C:\Windows\system32\drivers\arcsas.sys

00:05:52.0939 5324        arcsas - ok

00:05:53.0002 5324        ArcSoftKsUFilter (c130bc4a51b1382b2be8e44579ec4c0a) C:\Windows\system32\DRIVERS\ArcSoftKsUFilter.sys

00:05:53.0080 5324        ArcSoftKsUFilter - ok

00:05:53.0142 5324        AsyncMac        (769765ce2cc62867468cea93969b2242) C:\Windows\system32\DRIVERS\asyncmac.sys

00:05:53.0283 5324        AsyncMac - ok

00:05:53.0329 5324        atapi           (02062c0b390b7729edc9e69c680a6f3c) C:\Windows\system32\drivers\atapi.sys

00:05:53.0329 5324        atapi - ok

00:05:53.0376 5324        AthBTPort       (50f257e19554421b6891e3f998edca90) C:\Windows\system32\DRIVERS\btath_flt.sys

00:05:53.0376 5324        AthBTPort - ok

00:05:53.0485 5324        athr            (a5e770426d18f8ef332a593f3289da91) C:\Windows\system32\DRIVERS\athrx.sys

00:05:53.0595 5324        athr - ok

00:05:53.0657 5324        avgntflt        (aa8f79a1bdfc03b3bc70c44ab00589b4) C:\Windows\system32\DRIVERS\avgntflt.sys

00:05:53.0657 5324        avgntflt - ok

00:05:53.0688 5324        avipbb          (f1c9db5f7b2a56a0b29667d22ba540fc) C:\Windows\system32\DRIVERS\avipbb.sys

00:05:53.0688 5324        avipbb - ok

00:05:53.0719 5324        avkmgr          (248db59fc86de44d2779f4c7fb1a567d) C:\Windows\system32\DRIVERS\avkmgr.sys

00:05:53.0735 5324        avkmgr - ok

00:05:53.0797 5324        b06bdrv         (3e5b191307609f7514148c6832bb0842) C:\Windows\system32\drivers\bxvbda.sys

00:05:53.0829 5324        b06bdrv - ok

00:05:53.0875 5324        b57nd60a        (b5ace6968304a3900eeb1ebfd9622df2) C:\Windows\system32\DRIVERS\b57nd60a.sys

00:05:53.0907 5324        b57nd60a - ok

00:05:53.0938 5324        Beep            (16a47ce2decc9b099349a5f840654746) C:\Windows\system32\drivers\Beep.sys

00:05:53.0985 5324        Beep - ok

00:05:54.0016 5324        blbdrive        (61583ee3c3a17003c4acd0475646b4d3) C:\Windows\system32\DRIVERS\blbdrive.sys

00:05:54.0031 5324        blbdrive - ok

00:05:54.0094 5324        bowser          (6c02a83164f5cc0a262f4199f0871cf5) C:\Windows\system32\DRIVERS\bowser.sys

00:05:54.0141 5324        bowser - ok

00:05:54.0172 5324        BrFiltLo        (f09eee9edc320b5e1501f749fde686c8) C:\Windows\system32\drivers\BrFiltLo.sys

00:05:54.0203 5324        BrFiltLo - ok

00:05:54.0234 5324        BrFiltUp        (b114d3098e9bdb8bea8b053685831be6) C:\Windows\system32\drivers\BrFiltUp.sys

00:05:54.0250 5324        BrFiltUp - ok

00:05:54.0297 5324        Brserid         (43bea8d483bf1870f018e2d02e06a5bd) C:\Windows\System32\Drivers\Brserid.sys

00:05:54.0343 5324        Brserid - ok

00:05:54.0375 5324        BrSerWdm        (a6eca2151b08a09caceca35c07f05b42) C:\Windows\System32\Drivers\BrSerWdm.sys

00:05:54.0390 5324        BrSerWdm - ok

00:05:54.0421 5324        BrUsbMdm        (b79968002c277e869cf38bd22cd61524) C:\Windows\System32\Drivers\BrUsbMdm.sys

00:05:54.0437 5324        BrUsbMdm - ok

00:05:54.0468 5324        BrUsbSer        (a87528880231c54e75ea7a44943b38bf) C:\Windows\System32\Drivers\BrUsbSer.sys

00:05:54.0484 5324        BrUsbSer - ok

00:05:54.0546 5324        BTATH_A2DP      (b3bcd755fa9a359d10208cc9f09847cc) C:\Windows\system32\drivers\btath_a2dp.sys

00:05:54.0546 5324        BTATH_A2DP - ok

00:05:54.0577 5324        btath_avdt      (9bbba9d6dbdefc8a6542bc7a6ebaf710) C:\Windows\system32\drivers\btath_avdt.sys

00:05:54.0593 5324        btath_avdt - ok

00:05:54.0640 5324        BTATH_BUS       (d838dd1bcb328efcfad7a52de9e3cafd) C:\Windows\system32\DRIVERS\btath_bus.sys

00:05:54.0640 5324        BTATH_BUS - ok

00:05:54.0671 5324        BTATH_HCRP      (a441b800e04cf8443faf519207563abb) C:\Windows\system32\DRIVERS\btath_hcrp.sys

00:05:54.0687 5324        BTATH_HCRP - ok

00:05:54.0718 5324        BTATH_LWFLT     (b16f8429a35bba2a8ef9db2e08675b97) C:\Windows\system32\DRIVERS\btath_lwflt.sys

00:05:54.0718 5324        BTATH_LWFLT - ok

00:05:54.0749 5324        BTATH_RCP       (c24231c6bdfe21735930084a22089aab) C:\Windows\system32\DRIVERS\btath_rcp.sys

00:05:54.0749 5324        BTATH_RCP - ok

00:05:54.0827 5324        BtFilter        (3632fa4c6b3ce9ec827690deac266d8c) C:\Windows\system32\DRIVERS\btfilter.sys

00:05:54.0843 5324        BtFilter - ok

00:05:54.0889 5324        BthEnum         (cf98190a94f62e405c8cb255018b2315) C:\Windows\system32\drivers\BthEnum.sys

00:05:54.0921 5324        BthEnum - ok

00:05:54.0983 5324        BTHMODEM        (9da669f11d1f894ab4eb69bf546a42e8) C:\Windows\system32\drivers\bthmodem.sys

00:05:54.0999 5324        BTHMODEM - ok

00:05:55.0045 5324        BthPan          (02dd601b708dd0667e1331fa8518e9ff) C:\Windows\system32\DRIVERS\bthpan.sys

00:05:55.0061 5324        BthPan - ok

00:05:55.0108 5324        BTHPORT         (64c198198501f7560ee41d8d1efa7952) C:\Windows\System32\Drivers\BTHport.sys

00:05:55.0139 5324        BTHPORT - ok

00:05:55.0186 5324        BTHUSB          (f188b7394d81010767b6df3178519a37) C:\Windows\System32\Drivers\BTHUSB.sys

00:05:55.0201 5324        BTHUSB - ok

00:05:55.0248 5324        cdfs            (b8bd2bb284668c84865658c77574381a) C:\Windows\system32\DRIVERS\cdfs.sys

00:05:55.0279 5324        cdfs - ok

00:05:55.0326 5324        cdrom           (f036ce71586e93d94dab220d7bdf4416) C:\Windows\system32\DRIVERS\cdrom.sys

00:05:55.0342 5324        cdrom - ok

00:05:55.0389 5324        circlass        (d7cd5c4e1b71fa62050515314cfb52cf) C:\Windows\system32\drivers\circlass.sys

00:05:55.0404 5324        circlass - ok

00:05:55.0451 5324        CLFS            (fe1ec06f2253f691fe36217c592a0206) C:\Windows\system32\CLFS.sys

00:05:55.0467 5324        CLFS - ok

00:05:55.0513 5324        CmBatt          (0840155d0bddf1190f84a663c284bd33) C:\Windows\system32\DRIVERS\CmBatt.sys

00:05:55.0529 5324        CmBatt - ok

00:05:55.0545 5324        cmdide          (e19d3f095812725d88f9001985b94edd) C:\Windows\system32\drivers\cmdide.sys

00:05:55.0560 5324        cmdide - ok

00:05:55.0591 5324        CNG             (d5fea92400f12412b3922087c09da6a5) C:\Windows\system32\Drivers\cng.sys

00:05:55.0607 5324        CNG - ok

00:05:55.0623 5324        Compbatt        (102de219c3f61415f964c88e9085ad14) C:\Windows\system32\DRIVERS\compbatt.sys

00:05:55.0638 5324        Compbatt - ok

00:05:55.0685 5324        CompositeBus    (03edb043586cceba243d689bdda370a8) C:\Windows\system32\DRIVERS\CompositeBus.sys

00:05:55.0701 5324        CompositeBus - ok

00:05:55.0716 5324        crcdisk         (1c827878a998c18847245fe1f34ee597) C:\Windows\system32\drivers\crcdisk.sys

00:05:55.0716 5324        crcdisk - ok

00:05:55.0763 5324        CVirtA          (44bddeb03c84a1c993c992ffb5700357) C:\Windows\system32\DRIVERS\CVirtA64.sys

00:05:55.0763 5324        CVirtA - ok

00:05:55.0825 5324        CVPNDRVA        (cc8e52daa9826064ba464dbe531f2bb5) C:\Windows\system32\Drivers\CVPNDRVA.sys

00:05:55.0841 5324        CVPNDRVA - ok

00:05:55.0872 5324        DfsC            (9bb2ef44eaa163b29c4a4587887a0fe4) C:\Windows\system32\Drivers\dfsc.sys

00:05:55.0903 5324        DfsC - ok

00:05:55.0935 5324        discache        (13096b05847ec78f0977f2c0f79e9ab3) C:\Windows\system32\drivers\discache.sys

00:05:55.0966 5324        discache - ok

00:05:56.0013 5324        Disk            (9819eee8b5ea3784ec4af3b137a5244c) C:\Windows\system32\drivers\disk.sys

00:05:56.0013 5324        Disk - ok

00:05:56.0059 5324        DNE             (05cb5910b3ca6019fc3cca815ee06ffb) C:\Windows\system32\DRIVERS\dne64x.sys

00:05:56.0059 5324        DNE - ok

00:05:56.0106 5324        drmkaud         (9b19f34400d24df84c858a421c205754) C:\Windows\system32\drivers\drmkaud.sys

00:05:56.0122 5324        drmkaud - ok

00:05:56.0153 5324        DXGKrnl         (f5bee30450e18e6b83a5012c100616fd) C:\Windows\System32\drivers\dxgkrnl.sys

00:05:56.0169 5324        DXGKrnl - ok

00:05:56.0215 5324        e1yexpress      (50ad8fc1dc800ff36087994c8f7fdff2) C:\Windows\system32\DRIVERS\e1y60x64.sys

00:05:56.0247 5324        e1yexpress - ok

00:05:56.0309 5324        ebdrv           (dc5d737f51be844d8c82c695eb17372f) C:\Windows\system32\drivers\evbda.sys

00:05:56.0387 5324        ebdrv - ok

00:05:56.0434 5324        elxstor         (0e5da5369a0fcaea12456dd852545184) C:\Windows\system32\drivers\elxstor.sys

00:05:56.0449 5324        elxstor - ok

00:05:56.0481 5324        ErrDev          (34a3c54752046e79a126e15c51db409b) C:\Windows\system32\drivers\errdev.sys

00:05:56.0496 5324        ErrDev - ok

00:05:56.0543 5324        exfat           (a510c654ec00c1e9bdd91eeb3a59823b) C:\Windows\system32\drivers\exfat.sys

00:05:56.0574 5324        exfat - ok

00:05:56.0621 5324        fastfat         (0adc83218b66a6db380c330836f3e36d) C:\Windows\system32\drivers\fastfat.sys

00:05:56.0652 5324        fastfat - ok

00:05:56.0683 5324        fdc             (d765d19cd8ef61f650c384f62fac00ab) C:\Windows\system32\drivers\fdc.sys

00:05:56.0699 5324        fdc - ok

00:05:56.0730 5324        FileInfo        (655661be46b5f5f3fd454e2c3095b930) C:\Windows\system32\drivers\fileinfo.sys

00:05:56.0730 5324        FileInfo - ok

00:05:56.0761 5324        Filetrace       (5f671ab5bc87eea04ec38a6cd5962a47) C:\Windows\system32\drivers\filetrace.sys

00:05:56.0793 5324        Filetrace - ok

00:05:56.0824 5324        flpydisk        (c172a0f53008eaeb8ea33fe10e177af5) C:\Windows\system32\drivers\flpydisk.sys

00:05:56.0839 5324        flpydisk - ok

00:05:56.0855 5324        FltMgr          (da6b67270fd9db3697b20fce94950741) C:\Windows\system32\drivers\fltmgr.sys

00:05:56.0871 5324        FltMgr - ok

00:05:56.0902 5324        FsDepends       (d43703496149971890703b4b1b723eac) C:\Windows\system32\drivers\FsDepends.sys

00:05:56.0917 5324        FsDepends - ok

00:05:56.0933 5324        Fs_Rec          (e95ef8547de20cf0603557c0cf7a9462) C:\Windows\system32\drivers\Fs_Rec.sys

00:05:56.0933 5324        Fs_Rec - ok

00:05:56.0964 5324        fvevol          (1f7b25b858fa27015169fe95e54108ed) C:\Windows\system32\DRIVERS\fvevol.sys

00:05:56.0964 5324        fvevol - ok

00:05:56.0995 5324        gagp30kx        (8c778d335c9d272cfd3298ab02abe3b6) C:\Windows\system32\drivers\gagp30kx.sys

00:05:56.0995 5324        gagp30kx - ok

00:05:57.0042 5324        hamachi         (1e6438d4ea6e1174a3b3b1edc4de660b) C:\Windows\system32\DRIVERS\hamachi.sys

00:05:57.0042 5324        hamachi - ok

00:05:57.0089 5324        hcw85cir        (f2523ef6460fc42405b12248338ab2f0) C:\Windows\system32\drivers\hcw85cir.sys

00:05:57.0105 5324        hcw85cir - ok

00:05:57.0151 5324        HdAudAddService (975761c778e33cd22498059b91e7373a) C:\Windows\system32\drivers\HdAudio.sys

00:05:57.0183 5324        HdAudAddService - ok

00:05:57.0214 5324        HDAudBus        (97bfed39b6b79eb12cddbfeed51f56bb) C:\Windows\system32\DRIVERS\HDAudBus.sys

00:05:57.0229 5324        HDAudBus - ok

00:05:57.0245 5324        HidBatt         (78e86380454a7b10a5eb255dc44a355f) C:\Windows\system32\drivers\HidBatt.sys

00:05:57.0276 5324        HidBatt - ok

00:05:57.0307 5324        HidBth          (7fd2a313f7afe5c4dab14798c48dd104) C:\Windows\system32\DRIVERS\hidbth.sys

00:05:57.0323 5324        HidBth - ok

00:05:57.0354 5324        HidIr           (0a77d29f311b88cfae3b13f9c1a73825) C:\Windows\system32\drivers\hidir.sys

00:05:57.0370 5324        HidIr - ok

00:05:57.0417 5324        HidUsb          (9592090a7e2b61cd582b612b6df70536) C:\Windows\system32\DRIVERS\hidusb.sys

00:05:57.0432 5324        HidUsb - ok

00:05:57.0463 5324        HpSAMD          (39d2abcd392f3d8a6dce7b60ae7b8efc) C:\Windows\system32\drivers\HpSAMD.sys

00:05:57.0479 5324        HpSAMD - ok

00:05:57.0510 5324        HTTP            (0ea7de1acb728dd5a369fd742d6eee28) C:\Windows\system32\drivers\HTTP.sys

00:05:57.0557 5324        HTTP - ok

00:05:57.0573 5324        hwpolicy        (a5462bd6884960c9dc85ed49d34ff392) C:\Windows\system32\drivers\hwpolicy.sys

00:05:57.0588 5324        hwpolicy - ok

00:05:57.0619 5324        i8042prt        (fa55c73d4affa7ee23ac4be53b4592d3) C:\Windows\system32\DRIVERS\i8042prt.sys

00:05:57.0635 5324        i8042prt - ok

00:05:57.0666 5324        iaStor          (d469b77687e12fe43e344806740b624d) C:\Windows\system32\drivers\iaStor.sys

00:05:57.0682 5324        iaStor - ok

00:05:57.0729 5324        iaStorV         (aaaf44db3bd0b9d1fb6969b23ecc8366) C:\Windows\system32\drivers\iaStorV.sys

00:05:57.0744 5324        iaStorV - ok

00:05:57.0775 5324        iirsp           (5c18831c61933628f5bb0ea2675b9d21) C:\Windows\system32\drivers\iirsp.sys

00:05:57.0775 5324        iirsp - ok

00:05:57.0869 5324        IntcAzAudAddService (3e3926f4fa7c9162c5c3ec6bf1e4f349) C:\Windows\system32\drivers\RTKVHD64.sys

00:05:57.0900 5324        IntcAzAudAddService - ok

00:05:57.0931 5324        IntcDAud        (fc727061c0f47c8059e88e05d5c8e381) C:\Windows\system32\DRIVERS\IntcDAud.sys

00:05:57.0963 5324        IntcDAud - ok

00:05:57.0994 5324        intelide        (f00f20e70c6ec3aa366910083a0518aa) C:\Windows\system32\drivers\intelide.sys

00:05:57.0994 5324        intelide - ok

00:05:58.0212 5324        intelkmd        (33faa40b288002c89529dbd14f3ab72c) C:\Windows\system32\DRIVERS\igdpmd64.sys

00:05:58.0446 5324        intelkmd - ok

00:05:58.0477 5324        intelppm        (ada036632c664caa754079041cf1f8c1) C:\Windows\system32\DRIVERS\intelppm.sys

00:05:58.0509 5324        intelppm - ok

00:05:58.0540 5324        IpFilterDriver  (c9f0e1bd74365a8771590e9008d22ab6) C:\Windows\system32\DRIVERS\ipfltdrv.sys

00:05:58.0571 5324        IpFilterDriver - ok

00:05:58.0587 5324        IPMIDRV         (0fc1aea580957aa8817b8f305d18ca3a) C:\Windows\system32\drivers\IPMIDrv.sys

00:05:58.0602 5324        IPMIDRV - ok

00:05:58.0633 5324        IPNAT           (af9b39a7e7b6caa203b3862582e9f2d0) C:\Windows\system32\drivers\ipnat.sys

00:05:58.0665 5324        IPNAT - ok

00:05:58.0696 5324        IRENUM          (3abf5e7213eb28966d55d58b515d5ce9) C:\Windows\system32\drivers\irenum.sys

00:05:58.0758 5324        IRENUM - ok

00:05:58.0789 5324        isapnp          (2f7b28dc3e1183e5eb418df55c204f38) C:\Windows\system32\drivers\isapnp.sys

00:05:58.0805 5324        isapnp - ok

00:05:58.0821 5324        iScsiPrt        (d931d7309deb2317035b07c9f9e6b0bd) C:\Windows\system32\drivers\msiscsi.sys

00:05:58.0836 5324        iScsiPrt - ok

00:05:58.0867 5324        kbdclass        (bc02336f1cba7dcc7d1213bb588a68a5) C:\Windows\system32\DRIVERS\kbdclass.sys

00:05:58.0883 5324        kbdclass - ok

00:05:58.0899 5324        kbdhid          (0705eff5b42a9db58548eec3b26bb484) C:\Windows\system32\DRIVERS\kbdhid.sys

00:05:58.0914 5324        kbdhid - ok

00:05:58.0945 5324        KSecDD          (ccd53b5bd33ce0c889e830d839c8b66e) C:\Windows\system32\Drivers\ksecdd.sys

00:05:58.0945 5324        KSecDD - ok

00:05:58.0977 5324        KSecPkg         (9ff918a261752c12639e8ad4208d2c2f) C:\Windows\system32\Drivers\ksecpkg.sys

00:05:58.0977 5324        KSecPkg - ok

00:05:59.0008 5324        ksthunk         (6869281e78cb31a43e969f06b57347c4) C:\Windows\system32\drivers\ksthunk.sys

00:05:59.0039 5324        ksthunk - ok

00:05:59.0086 5324        L1C             (0e154da6ca9105354a07d0c576804037) C:\Windows\system32\DRIVERS\L1C62x64.sys

00:05:59.0086 5324        L1C - ok

00:05:59.0117 5324        lltdio          (1538831cf8ad2979a04c423779465827) C:\Windows\system32\DRIVERS\lltdio.sys

00:05:59.0164 5324        lltdio - ok

00:05:59.0195 5324        LSI_FC          (1a93e54eb0ece102495a51266dcdb6a6) C:\Windows\system32\drivers\lsi_fc.sys

00:05:59.0211 5324        LSI_FC - ok

00:05:59.0226 5324        LSI_SAS         (1047184a9fdc8bdbff857175875ee810) C:\Windows\system32\drivers\lsi_sas.sys

00:05:59.0242 5324        LSI_SAS - ok

00:05:59.0257 5324        LSI_SAS2        (30f5c0de1ee8b5bc9306c1f0e4a75f93) C:\Windows\system32\drivers\lsi_sas2.sys

00:05:59.0257 5324        LSI_SAS2 - ok

00:05:59.0289 5324        LSI_SCSI        (0504eacaff0d3c8aed161c4b0d369d4a) C:\Windows\system32\drivers\lsi_scsi.sys

00:05:59.0289 5324        LSI_SCSI - ok

00:05:59.0320 5324        luafv           (43d0f98e1d56ccddb0d5254cff7b356e) C:\Windows\system32\drivers\luafv.sys

00:05:59.0335 5324        luafv - ok

00:05:59.0429 5324        MBAMProtector   (79da94b35371b9e7104460c7693dcb2c) C:\Windows\system32\drivers\mbam.sys

00:05:59.0429 5324        MBAMProtector - ok

00:05:59.0476 5324        megasas         (a55805f747c6edb6a9080d7c633bd0f4) C:\Windows\system32\drivers\megasas.sys

00:05:59.0476 5324        megasas - ok

00:05:59.0507 5324        MegaSR          (baf74ce0072480c3b6b7c13b2a94d6b3) C:\Windows\system32\drivers\MegaSR.sys

00:05:59.0523 5324        MegaSR - ok

00:05:59.0569 5324        MEIx64          (a6518dcc42f7a6e999bb3bea8fd87567) C:\Windows\system32\DRIVERS\HECIx64.sys

00:05:59.0569 5324        MEIx64 - ok

00:05:59.0601 5324        Modem           (800ba92f7010378b09f9ed9270f07137) C:\Windows\system32\drivers\modem.sys

00:05:59.0632 5324        Modem - ok

00:05:59.0663 5324        monitor         (b03d591dc7da45ece20b3b467e6aadaa) C:\Windows\system32\DRIVERS\monitor.sys

00:05:59.0679 5324        monitor - ok

00:05:59.0710 5324        mouclass        (7d27ea49f3c1f687d357e77a470aea99) C:\Windows\system32\DRIVERS\mouclass.sys

00:05:59.0725 5324        mouclass - ok

00:05:59.0757 5324        mouhid          (d3bf052c40b0c4166d9fd86a4288c1e6) C:\Windows\system32\DRIVERS\mouhid.sys

00:05:59.0772 5324        mouhid - ok

00:05:59.0803 5324        mountmgr        (32e7a3d591d671a6df2db515a5cbe0fa) C:\Windows\system32\drivers\mountmgr.sys

00:05:59.0819 5324        mountmgr - ok

00:05:59.0850 5324        mpio            (a44b420d30bd56e145d6a2bc8768ec58) C:\Windows\system32\drivers\mpio.sys

00:05:59.0850 5324        mpio - ok

00:05:59.0881 5324        mpsdrv          (6c38c9e45ae0ea2fa5e551f2ed5e978f) C:\Windows\system32\drivers\mpsdrv.sys

00:05:59.0913 5324        mpsdrv - ok

00:05:59.0928 5324        MRxDAV          (dc722758b8261e1abafd31a3c0a66380) C:\Windows\system32\drivers\mrxdav.sys

00:05:59.0959 5324        MRxDAV - ok

00:05:59.0991 5324        mrxsmb          (a5d9106a73dc88564c825d317cac68ac) C:\Windows\system32\DRIVERS\mrxsmb.sys

00:06:00.0022 5324        mrxsmb - ok

00:06:00.0053 5324        mrxsmb10        (d711b3c1d5f42c0c2415687be09fc163) C:\Windows\system32\DRIVERS\mrxsmb10.sys

00:06:00.0069 5324        mrxsmb10 - ok

00:06:00.0100 5324        mrxsmb20        (9423e9d355c8d303e76b8cfbd8a5c30c) C:\Windows\system32\DRIVERS\mrxsmb20.sys

00:06:00.0100 5324        mrxsmb20 - ok

00:06:00.0131 5324        msahci          (c25f0bafa182cbca2dd3c851c2e75796) C:\Windows\system32\drivers\msahci.sys

00:06:00.0131 5324        msahci - ok

00:06:00.0162 5324        msdsm           (db801a638d011b9633829eb6f663c900) C:\Windows\system32\drivers\msdsm.sys

00:06:00.0178 5324        msdsm - ok

00:06:00.0209 5324        Msfs            (aa3fb40e17ce1388fa1bedab50ea8f96) C:\Windows\system32\drivers\Msfs.sys

00:06:00.0240 5324        Msfs - ok

00:06:00.0256 5324        mshidkmdf       (f9d215a46a8b9753f61767fa72a20326) C:\Windows\System32\drivers\mshidkmdf.sys

00:06:00.0287 5324        mshidkmdf - ok

00:06:00.0318 5324        msisadrv        (d916874bbd4f8b07bfb7fa9b3ccae29d) C:\Windows\system32\drivers\msisadrv.sys

00:06:00.0318 5324        msisadrv - ok

00:06:00.0349 5324        MSKSSRV         (49ccf2c4fea34ffad8b1b59d49439366) C:\Windows\system32\drivers\MSKSSRV.sys

00:06:00.0381 5324        MSKSSRV - ok

00:06:00.0412 5324        MSPCLOCK        (bdd71ace35a232104ddd349ee70e1ab3) C:\Windows\system32\drivers\MSPCLOCK.sys

00:06:00.0443 5324        MSPCLOCK - ok

00:06:00.0459 5324        MSPQM           (4ed981241db27c3383d72092b618a1d0) C:\Windows\system32\drivers\MSPQM.sys

00:06:00.0490 5324        MSPQM - ok

00:06:00.0521 5324        MsRPC           (759a9eeb0fa9ed79da1fb7d4ef78866d) C:\Windows\system32\drivers\MsRPC.sys

00:06:00.0521 5324        MsRPC - ok

00:06:00.0552 5324        mssmbios        (0eed230e37515a0eaee3c2e1bc97b288) C:\Windows\system32\DRIVERS\mssmbios.sys

00:06:00.0552 5324        mssmbios - ok

00:06:00.0583 5324        MSTEE           (2e66f9ecb30b4221a318c92ac2250779) C:\Windows\system32\drivers\MSTEE.sys

00:06:00.0599 5324        MSTEE - ok

00:06:00.0630 5324        MTConfig        (7ea404308934e675bffde8edf0757bcd) C:\Windows\system32\drivers\MTConfig.sys

00:06:00.0646 5324        MTConfig - ok

00:06:00.0661 5324        Mup             (f9a18612fd3526fe473c1bda678d61c8) C:\Windows\system32\Drivers\mup.sys

00:06:00.0677 5324        Mup - ok

00:06:00.0724 5324        NativeWifiP     (1ea3749c4114db3e3161156ffffa6b33) C:\Windows\system32\DRIVERS\nwifi.sys

00:06:00.0739 5324        NativeWifiP - ok

00:06:00.0802 5324        NDIS            (79b47fd40d9a817e932f9d26fac0a81c) C:\Windows\system32\drivers\ndis.sys

00:06:00.0833 5324        NDIS - ok

00:06:00.0864 5324        NdisCap         (9f9a1f53aad7da4d6fef5bb73ab811ac) C:\Windows\system32\DRIVERS\ndiscap.sys

00:06:00.0880 5324        NdisCap - ok

00:06:00.0927 5324        NdisTapi        (30639c932d9fef22b31268fe25a1b6e5) C:\Windows\system32\DRIVERS\ndistapi.sys

00:06:00.0958 5324        NdisTapi - ok

00:06:00.0989 5324        Ndisuio         (136185f9fb2cc61e573e676aa5402356) C:\Windows\system32\DRIVERS\ndisuio.sys

00:06:01.0020 5324        Ndisuio - ok

00:06:01.0051 5324        NdisWan         (53f7305169863f0a2bddc49e116c2e11) C:\Windows\system32\DRIVERS\ndiswan.sys

00:06:01.0083 5324        NdisWan - ok

00:06:01.0114 5324        NDProxy         (015c0d8e0e0421b4cfd48cffe2825879) C:\Windows\system32\drivers\NDProxy.sys

00:06:01.0145 5324        NDProxy - ok

00:06:01.0176 5324        NetBIOS         (86743d9f5d2b1048062b14b1d84501c4) C:\Windows\system32\DRIVERS\netbios.sys

00:06:01.0207 5324        NetBIOS - ok

00:06:01.0239 5324        NetBT           (09594d1089c523423b32a4229263f068) C:\Windows\system32\DRIVERS\netbt.sys

00:06:01.0270 5324        NetBT - ok

00:06:01.0317 5324        nfrd960         (77889813be4d166cdab78ddba990da92) C:\Windows\system32\drivers\nfrd960.sys

00:06:01.0332 5324        nfrd960 - ok

00:06:01.0363 5324        Npfs            (1e4c4ab5c9b8dd13179bbdc75a2a01f7) C:\Windows\system32\drivers\Npfs.sys

00:06:01.0395 5324        Npfs - ok

00:06:01.0410 5324        nsiproxy        (e7f5ae18af4168178a642a9247c63001) C:\Windows\system32\drivers\nsiproxy.sys

00:06:01.0457 5324        nsiproxy - ok

00:06:01.0504 5324        Ntfs            (a2f74975097f52a00745f9637451fdd8) C:\Windows\system32\drivers\Ntfs.sys

00:06:01.0551 5324        Ntfs - ok

00:06:01.0566 5324        Null            (9899284589f75fa8724ff3d16aed75c1) C:\Windows\system32\drivers\Null.sys

00:06:01.0597 5324        Null - ok

00:06:01.0629 5324        nusb3hub        (158ad24745bd85ba9be3c51c38f48c32) C:\Windows\system32\DRIVERS\nusb3hub.sys

00:06:01.0660 5324        nusb3hub - ok

00:06:01.0691 5324        nusb3xhc        (d40a13b2c0891e218f9523b376955db6) C:\Windows\system32\DRIVERS\nusb3xhc.sys

00:06:01.0722 5324        nusb3xhc - ok

00:06:01.0925 5324        nvlddmkm        (dd81fbc57ab9134cddc5ce90880bfd80) C:\Windows\system32\DRIVERS\nvlddmkm.sys

00:06:02.0175 5324        nvlddmkm - ok

00:06:02.0206 5324        nvraid          (0a92cb65770442ed0dc44834632f66ad) C:\Windows\system32\drivers\nvraid.sys

00:06:02.0221 5324        nvraid - ok

00:06:02.0284 5324        nvstor          (dab0e87525c10052bf65f06152f37e4a) C:\Windows\system32\drivers\nvstor.sys

00:06:02.0299 5324        nvstor - ok

00:06:02.0331 5324        nv_agp          (270d7cd42d6e3979f6dd0146650f0e05) C:\Windows\system32\drivers\nv_agp.sys

00:06:02.0346 5324        nv_agp - ok

00:06:02.0393 5324        ohci1394        (3589478e4b22ce21b41fa1bfc0b8b8a0) C:\Windows\system32\drivers\ohci1394.sys

00:06:02.0409 5324        ohci1394 - ok

00:06:02.0455 5324        Parport         (0086431c29c35be1dbc43f52cc273887) C:\Windows\system32\drivers\parport.sys

00:06:02.0471 5324        Parport - ok

00:06:02.0502 5324        partmgr         (871eadac56b0a4c6512bbe32753ccf79) C:\Windows\system32\drivers\partmgr.sys

00:06:02.0502 5324        partmgr - ok

00:06:02.0533 5324        pci             (94575c0571d1462a0f70bde6bd6ee6b3) C:\Windows\system32\drivers\pci.sys

00:06:02.0533 5324        pci - ok

00:06:02.0565 5324        pciide          (b5b8b5ef2e5cb34df8dcf8831e3534fa) C:\Windows\system32\drivers\pciide.sys

00:06:02.0565 5324        pciide - ok

00:06:02.0596 5324        pcmcia          (b2e81d4e87ce48589f98cb8c05b01f2f) C:\Windows\system32\drivers\pcmcia.sys

00:06:02.0611 5324        pcmcia - ok

00:06:02.0627 5324        pcw             (d6b9c2e1a11a3a4b26a182ffef18f603) C:\Windows\system32\drivers\pcw.sys

00:06:02.0643 5324        pcw - ok

00:06:02.0674 5324        PEAUTH          (68769c3356b3be5d1c732c97b9a80d6e) C:\Windows\system32\drivers\peauth.sys

00:06:02.0721 5324        PEAUTH - ok

00:06:02.0752 5324        PptpMiniport    (f92a2c41117a11a00be01ca01a7fcde9) C:\Windows\system32\DRIVERS\raspptp.sys

00:06:02.0799 5324        PptpMiniport - ok

00:06:02.0814 5324        Processor       (0d922e23c041efb1c3fac2a6f943c9bf) C:\Windows\system32\drivers\processr.sys

00:06:02.0830 5324        Processor - ok

00:06:02.0861 5324        Psched          (0557cf5a2556bd58e26384169d72438d) C:\Windows\system32\DRIVERS\pacer.sys

00:06:02.0892 5324        Psched - ok

00:06:02.0939 5324        ql2300          (a53a15a11ebfd21077463ee2c7afeef0) C:\Windows\system32\drivers\ql2300.sys

00:06:02.0986 5324        ql2300 - ok

00:06:03.0017 5324        ql40xx          (4f6d12b51de1aaeff7dc58c4d75423c8) C:\Windows\system32\drivers\ql40xx.sys

00:06:03.0017 5324        ql40xx - ok

00:06:03.0048 5324        QWAVEdrv        (76707bb36430888d9ce9d705398adb6c) C:\Windows\system32\drivers\qwavedrv.sys

00:06:03.0064 5324        QWAVEdrv - ok

00:06:03.0079 5324        RasAcd          (5a0da8ad5762fa2d91678a8a01311704) C:\Windows\system32\DRIVERS\rasacd.sys

00:06:03.0111 5324        RasAcd - ok

00:06:03.0142 5324        RasAgileVpn     (7ecff9b22276b73f43a99a15a6094e90) C:\Windows\system32\DRIVERS\AgileVpn.sys

00:06:03.0173 5324        RasAgileVpn - ok

00:06:03.0189 5324        Rasl2tp         (471815800ae33e6f1c32fb1b97c490ca) C:\Windows\system32\DRIVERS\rasl2tp.sys

00:06:03.0235 5324        Rasl2tp - ok

00:06:03.0251 5324        RasPppoe        (855c9b1cd4756c5e9a2aa58a15f58c25) C:\Windows\system32\DRIVERS\raspppoe.sys

00:06:03.0298 5324        RasPppoe - ok

00:06:03.0329 5324        RasSstp         (e8b1e447b008d07ff47d016c2b0eeecb) C:\Windows\system32\DRIVERS\rassstp.sys

00:06:03.0360 5324        RasSstp - ok

00:06:03.0391 5324        rdbss           (77f665941019a1594d887a74f301fa2f) C:\Windows\system32\DRIVERS\rdbss.sys

00:06:03.0423 5324        rdbss - ok

00:06:03.0438 5324        rdpbus          (302da2a0539f2cf54d7c6cc30c1f2d8d) C:\Windows\system32\drivers\rdpbus.sys

00:06:03.0454 5324        rdpbus - ok

00:06:03.0469 5324        RDPCDD          (cea6cc257fc9b7715f1c2b4849286d24) C:\Windows\system32\DRIVERS\RDPCDD.sys

00:06:03.0485 5324        RDPCDD - ok

00:06:03.0516 5324        RDPENCDD        (bb5971a4f00659529a5c44831af22365) C:\Windows\system32\drivers\rdpencdd.sys

00:06:03.0547 5324        RDPENCDD - ok

00:06:03.0563 5324        RDPREFMP        (216f3fa57533d98e1f74ded70113177a) C:\Windows\system32\drivers\rdprefmp.sys

00:06:03.0594 5324        RDPREFMP - ok

00:06:03.0610 5324        RDPWD           (15b66c206b5cb095bab980553f38ed23) C:\Windows\system32\drivers\RDPWD.sys

00:06:03.0641 5324        RDPWD - ok

00:06:03.0672 5324        rdyboost        (34ed295fa0121c241bfef24764fc4520) C:\Windows\system32\drivers\rdyboost.sys

00:06:03.0672 5324        rdyboost - ok

00:06:03.0735 5324        RFCOMM          (3dd798846e2c28102b922c56e71b7932) C:\Windows\system32\DRIVERS\rfcomm.sys

00:06:03.0750 5324        RFCOMM - ok

00:06:03.0797 5324        rimspci         (ff71ecb1b121c6273ec4c45eddbc4fe4) C:\Windows\system32\DRIVERS\rimssne64.sys

00:06:03.0828 5324        rimspci - ok

00:06:03.0859 5324        risdsnpe        (e33075c22c14c57095f037253f936bb8) C:\Windows\system32\DRIVERS\risdsnxc64.sys

00:06:03.0875 5324        risdsnpe - ok

00:06:03.0906 5324        rspndr          (ddc86e4f8e7456261e637e3552e804ff) C:\Windows\system32\DRIVERS\rspndr.sys

00:06:03.0937 5324        rspndr - ok

00:06:03.0984 5324        sbp2port        (ac03af3329579fffb455aa2daabbe22b) C:\Windows\system32\drivers\sbp2port.sys

00:06:03.0984 5324        sbp2port - ok

00:06:04.0015 5324        scfilter        (253f38d0d7074c02ff8deb9836c97d2b) C:\Windows\system32\DRIVERS\scfilter.sys

00:06:04.0047 5324        scfilter - ok

00:06:04.0093 5324        sdbus           (111e0ebc0ad79cb0fa014b907b231cf0) C:\Windows\system32\DRIVERS\sdbus.sys

00:06:04.0109 5324        sdbus - ok

00:06:04.0140 5324        secdrv          (3ea8a16169c26afbeb544e0e48421186) C:\Windows\system32\drivers\secdrv.sys

00:06:04.0171 5324        secdrv - ok

00:06:04.0203 5324        Serenum         (cb624c0035412af0debec78c41f5ca1b) C:\Windows\system32\drivers\serenum.sys

00:06:04.0218 5324        Serenum - ok

00:06:04.0249 5324        Serial          (c1d8e28b2c2adfaec4ba89e9fda69bd6) C:\Windows\system32\drivers\serial.sys

00:06:04.0265 5324        Serial - ok

00:06:04.0296 5324        sermouse        (1c545a7d0691cc4a027396535691c3e3) C:\Windows\system32\drivers\sermouse.sys

00:06:04.0327 5324        sermouse - ok

00:06:04.0359 5324        SFEP            (286d3889e6ab5589646ff8a63cb928ae) C:\Windows\system32\DRIVERS\SFEP.sys

00:06:04.0390 5324        SFEP - ok

00:06:04.0405 5324        sffdisk         (a554811bcd09279536440c964ae35bbf) C:\Windows\system32\drivers\sffdisk.sys

00:06:04.0421 5324        sffdisk - ok

00:06:04.0437 5324        sffp_mmc        (ff414f0baefeba59bc6c04b3db0b87bf) C:\Windows\system32\drivers\sffp_mmc.sys

00:06:04.0452 5324        sffp_mmc - ok

00:06:04.0468 5324        sffp_sd         (dd85b78243a19b59f0637dcf284da63c) C:\Windows\system32\drivers\sffp_sd.sys

00:06:04.0483 5324        sffp_sd - ok

00:06:04.0499 5324        sfloppy         (a9d601643a1647211a1ee2ec4e433ff4) C:\Windows\system32\drivers\sfloppy.sys

00:06:04.0515 5324        sfloppy - ok

00:06:04.0561 5324        SiSRaid2        (843caf1e5fde1ffd5ff768f23a51e2e1) C:\Windows\system32\drivers\SiSRaid2.sys

00:06:04.0577 5324        SiSRaid2 - ok

00:06:04.0608 5324        SiSRaid4        (6a6c106d42e9ffff8b9fcb4f754f6da4) C:\Windows\system32\drivers\sisraid4.sys

00:06:04.0608 5324        SiSRaid4 - ok

00:06:04.0639 5324        Smb             (548260a7b8654e024dc30bf8a7c5baa4) C:\Windows\system32\DRIVERS\smb.sys

00:06:04.0671 5324        Smb - ok

00:06:04.0717 5324        spldr           (b9e31e5cacdfe584f34f730a677803f9) C:\Windows\system32\drivers\spldr.sys

00:06:04.0717 5324        spldr - ok

00:06:04.0764 5324        srv             (441fba48bff01fdb9d5969ebc1838f0b) C:\Windows\system32\DRIVERS\srv.sys

00:06:04.0795 5324        srv - ok

00:06:04.0827 5324        srv2            (b4adebbf5e3677cce9651e0f01f7cc28) C:\Windows\system32\DRIVERS\srv2.sys

00:06:04.0858 5324        srv2 - ok

00:06:04.0873 5324        srvnet          (27e461f0be5bff5fc737328f749538c3) C:\Windows\system32\DRIVERS\srvnet.sys

00:06:04.0905 5324        srvnet - ok

00:06:04.0936 5324        stexstor        (f3817967ed533d08327dc73bc4d5542a) C:\Windows\system32\drivers\stexstor.sys

00:06:04.0951 5324        stexstor - ok

00:06:04.0983 5324        swenum          (d01ec09b6711a5f8e7e6564a4d0fbc90) C:\Windows\system32\DRIVERS\swenum.sys

00:06:04.0983 5324        swenum - ok

00:06:05.0045 5324        SynTP           (b0c7d4dcf4800df2f2145b500d0161e8) C:\Windows\system32\DRIVERS\SynTP.sys

00:06:05.0061 5324        SynTP - ok

00:06:05.0139 5324        Tcpip           (fc62769e7bff2896035aeed399108162) C:\Windows\system32\drivers\tcpip.sys

00:06:05.0185 5324        Tcpip - ok

00:06:05.0232 5324        TCPIP6          (fc62769e7bff2896035aeed399108162) C:\Windows\system32\DRIVERS\tcpip.sys

00:06:05.0263 5324        TCPIP6 - ok

00:06:05.0279 5324        tcpipreg        (df687e3d8836bfb04fcc0615bf15a519) C:\Windows\system32\drivers\tcpipreg.sys

00:06:05.0310 5324        tcpipreg - ok

00:06:05.0341 5324        TDPIPE          (3371d21011695b16333a3934340c4e7c) C:\Windows\system32\drivers\tdpipe.sys

00:06:05.0373 5324        TDPIPE - ok

00:06:05.0388 5324        TDTCP           (e4245bda3190a582d55ed09e137401a9) C:\Windows\system32\drivers\tdtcp.sys

00:06:05.0404 5324        TDTCP - ok

00:06:05.0435 5324        tdx             (ddad5a7ab24d8b65f8d724f5c20fd806) C:\Windows\system32\DRIVERS\tdx.sys

00:06:05.0466 5324        tdx - ok

00:06:05.0497 5324        TermDD          (561e7e1f06895d78de991e01dd0fb6e5) C:\Windows\system32\DRIVERS\termdd.sys

00:06:05.0497 5324        TermDD - ok

00:06:05.0544 5324        tssecsrv        (ce18b2cdfc837c99e5fae9ca6cba5d30) C:\Windows\system32\DRIVERS\tssecsrv.sys

00:06:05.0591 5324        tssecsrv - ok

00:06:05.0622 5324        TsUsbFlt        (d11c783e3ef9a3c52c0ebe83cc5000e9) C:\Windows\system32\drivers\tsusbflt.sys

00:06:05.0638 5324        TsUsbFlt - ok

00:06:05.0653 5324        TsUsbGD         (9cc2ccae8a84820eaecb886d477cbcb8) C:\Windows\system32\drivers\TsUsbGD.sys

00:06:05.0669 5324        TsUsbGD - ok

00:06:05.0700 5324        tunnel          (3566a8daafa27af944f5d705eaa64894) C:\Windows\system32\DRIVERS\tunnel.sys

00:06:05.0731 5324        tunnel - ok

00:06:05.0763 5324        uagp35          (b4dd609bd7e282bfc683cec7eaaaad67) C:\Windows\system32\drivers\uagp35.sys

00:06:05.0778 5324        uagp35 - ok

00:06:05.0794 5324        udfs            (ff4232a1a64012baa1fd97c7b67df593) C:\Windows\system32\DRIVERS\udfs.sys

00:06:05.0841 5324        udfs - ok

00:06:05.0872 5324        uliagpkx        (4bfe1bc28391222894cbf1e7d0e42320) C:\Windows\system32\drivers\uliagpkx.sys

00:06:05.0872 5324        uliagpkx - ok

00:06:05.0903 5324        umbus           (dc54a574663a895c8763af0fa1ff7561) C:\Windows\system32\DRIVERS\umbus.sys

00:06:05.0919 5324        umbus - ok

00:06:05.0950 5324        UmPass          (b2e8e8cb557b156da5493bbddcc1474d) C:\Windows\system32\drivers\umpass.sys

00:06:05.0965 5324        UmPass - ok

00:06:05.0997 5324        usbccgp         (6f1a3157a1c89435352ceb543cdb359c) C:\Windows\system32\DRIVERS\usbccgp.sys

00:06:06.0012 5324        usbccgp - ok

00:06:06.0028 5324        usbcir          (af0892a803fdda7492f595368e3b68e7) C:\Windows\system32\drivers\usbcir.sys

00:06:06.0043 5324        usbcir - ok

00:06:06.0075 5324        usbehci         (c025055fe7b87701eb042095df1a2d7b) C:\Windows\system32\drivers\usbehci.sys

00:06:06.0090 5324        usbehci - ok

00:06:06.0137 5324        usbhub          (287c6c9410b111b68b52ca298f7b8c24) C:\Windows\system32\DRIVERS\usbhub.sys

00:06:06.0153 5324        usbhub - ok

00:06:06.0184 5324        usbohci         (9840fc418b4cbd632d3d0a667a725c31) C:\Windows\system32\drivers\usbohci.sys

00:06:06.0199 5324        usbohci - ok

00:06:06.0231 5324        usbprint        (73188f58fb384e75c4063d29413cee3d) C:\Windows\system32\DRIVERS\usbprint.sys

00:06:06.0246 5324        usbprint - ok

00:06:06.0293 5324        usbscan         (aaa2513c8aed8b54b189fd0c6b1634c0) C:\Windows\system32\DRIVERS\usbscan.sys

00:06:06.0309 5324        usbscan - ok

00:06:06.0340 5324        USBSTOR         (fed648b01349a3c8395a5169db5fb7d6) C:\Windows\system32\DRIVERS\USBSTOR.SYS

00:06:06.0355 5324        USBSTOR - ok

00:06:06.0371 5324        usbuhci         (62069a34518bcf9c1fd9e74b3f6db7cd) C:\Windows\system32\drivers\usbuhci.sys

00:06:06.0387 5324        usbuhci - ok

00:06:06.0418 5324        usbvideo        (454800c2bc7f3927ce030141ee4f4c50) C:\Windows\system32\Drivers\usbvideo.sys

00:06:06.0433 5324        usbvideo - ok

00:06:06.0511 5324        VBoxDrv         (c40fecb0bd5da4e40690ef9ae4558a8c) C:\Windows\system32\DRIVERS\VBoxDrv.sys

00:06:06.0527 5324        VBoxDrv - ok

00:06:06.0558 5324        VBoxNetAdp      (b3fc2d5f35e05e12c28f786c140d1cbd) C:\Windows\system32\DRIVERS\VBoxNetAdp.sys

00:06:06.0574 5324        VBoxNetAdp - ok

00:06:06.0605 5324        VBoxNetFlt      (91ef7f61587323cb1658fe919d091ec3) C:\Windows\system32\DRIVERS\VBoxNetFlt.sys

00:06:06.0605 5324        VBoxNetFlt - ok

00:06:06.0652 5324        VBoxUSBMon      (cf8b6507670127041ca78ef82c56ee45) C:\Windows\system32\DRIVERS\VBoxUSBMon.sys

00:06:06.0652 5324        VBoxUSBMon - ok

00:06:06.0699 5324        vdrvroot        (c5c876ccfc083ff3b128f933823e87bd) C:\Windows\system32\drivers\vdrvroot.sys

00:06:06.0714 5324        vdrvroot - ok

00:06:06.0730 5324        vga             (da4da3f5e02943c2dc8c6ed875de68dd) C:\Windows\system32\DRIVERS\vgapnp.sys

00:06:06.0745 5324        vga - ok

00:06:06.0777 5324        VgaSave         (53e92a310193cb3c03bea963de7d9cfc) C:\Windows\System32\drivers\vga.sys

00:06:06.0808 5324        VgaSave - ok

00:06:06.0823 5324        vhdmp           (2ce2df28c83aeaf30084e1b1eb253cbb) C:\Windows\system32\drivers\vhdmp.sys

00:06:06.0839 5324        vhdmp - ok

00:06:06.0855 5324        viaide          (e5689d93ffe4e5d66c0178761240dd54) C:\Windows\system32\drivers\viaide.sys

00:06:06.0870 5324        viaide - ok

00:06:06.0901 5324        volmgr          (d2aafd421940f640b407aefaaebd91b0) C:\Windows\system32\drivers\volmgr.sys

00:06:06.0917 5324        volmgr - ok

00:06:06.0933 5324        volmgrx         (a255814907c89be58b79ef2f189b843b) C:\Windows\system32\drivers\volmgrx.sys

00:06:06.0948 5324        volmgrx - ok

00:06:06.0979 5324        volsnap         (0d08d2f3b3ff84e433346669b5e0f639) C:\Windows\system32\drivers\volsnap.sys

00:06:06.0979 5324        volsnap - ok

00:06:07.0011 5324        vpcbus          (b4a73ca4ef9a02b9738cea9ad5fe5917) C:\Windows\system32\DRIVERS\vpchbus.sys

00:06:07.0011 5324        vpcbus - ok

00:06:07.0073 5324        vpcnfltr        (e675fb2b48c54f09895482e2253b289c) C:\Windows\system32\DRIVERS\vpcnfltr.sys

00:06:07.0104 5324        vpcnfltr - ok

00:06:07.0120 5324        vpcusb          (5fb42082b0d19a0268705f1dd343df20) C:\Windows\system32\DRIVERS\vpcusb.sys

00:06:07.0135 5324        vpcusb - ok

00:06:07.0182 5324        vpcvmm          (207b6539799cc1c112661a9b620dd233) C:\Windows\system32\drivers\vpcvmm.sys

00:06:07.0198 5324        vpcvmm - ok

00:06:07.0245 5324        vsmraid         (5e2016ea6ebaca03c04feac5f330d997) C:\Windows\system32\drivers\vsmraid.sys

00:06:07.0245 5324        vsmraid - ok

00:06:07.0291 5324        vwifibus        (36d4720b72b5c5d9cb2b9c29e9df67a1) C:\Windows\system32\DRIVERS\vwifibus.sys

00:06:07.0323 5324        vwifibus - ok

00:06:07.0338 5324        vwififlt        (6a3d66263414ff0d6fa754c646612f3f) C:\Windows\system32\DRIVERS\vwififlt.sys

00:06:07.0354 5324        vwififlt - ok

00:06:07.0401 5324        vwifimp         (6a638fc4bfddc4d9b186c28c91bd1a01) C:\Windows\system32\DRIVERS\vwifimp.sys

00:06:07.0416 5324        vwifimp - ok

00:06:07.0447 5324        WacomPen        (4e9440f4f152a7b944cb1663d3935a3e) C:\Windows\system32\drivers\wacompen.sys

00:06:07.0463 5324        WacomPen - ok

00:06:07.0494 5324        WANARP          (356afd78a6ed4457169241ac3965230c) C:\Windows\system32\DRIVERS\wanarp.sys

00:06:07.0525 5324        WANARP - ok

00:06:07.0541 5324        Wanarpv6        (356afd78a6ed4457169241ac3965230c) C:\Windows\system32\DRIVERS\wanarp.sys

00:06:07.0572 5324        Wanarpv6 - ok

00:06:07.0635 5324        Wd              (72889e16ff12ba0f235467d6091b17dc) C:\Windows\system32\drivers\wd.sys

00:06:07.0635 5324        Wd - ok

00:06:07.0666 5324        Wdf01000        (441bd2d7b4f98134c3a4f9fa570fd250) C:\Windows\system32\drivers\Wdf01000.sys

00:06:07.0697 5324        Wdf01000 - ok

00:06:07.0728 5324        WfpLwf          (611b23304bf067451a9fdee01fbdd725) C:\Windows\system32\DRIVERS\wfplwf.sys

00:06:07.0744 5324        WfpLwf - ok

00:06:07.0791 5324        WIMMount        (05ecaec3e4529a7153b3136ceb49f0ec) C:\Windows\system32\drivers\wimmount.sys

00:06:07.0791 5324        WIMMount - ok

00:06:07.0853 5324        WinUsb          (fe88b288356e7b47b74b13372add906d) C:\Windows\system32\DRIVERS\WinUsb.sys

00:06:07.0869 5324        WinUsb - ok

00:06:07.0931 5324        WmBEnum         (680a7846370000d20d7e74917d5b7936) C:\Windows\system32\drivers\WmBEnum.sys

00:06:07.0931 5324        WmBEnum - ok

00:06:07.0962 5324        WmFilter        (14c35ba8189c6f65d839163aa285e954) C:\Windows\system32\drivers\WmFilter.sys

00:06:07.0962 5324        WmFilter - ok

00:06:08.0009 5324        WmiAcpi         (f6ff8944478594d0e414d3f048f0d778) C:\Windows\system32\drivers\wmiacpi.sys

00:06:08.0009 5324        WmiAcpi - ok

00:06:08.0040 5324        WmVirHid        (8488dd91a3ee54a8e29f02ad7bb8201e) C:\Windows\system32\drivers\WmVirHid.sys

00:06:08.0040 5324        WmVirHid - ok

00:06:08.0071 5324        WmXlCore        (14802b3a30aa849c97cb968ccc813bf3) C:\Windows\system32\drivers\WmXlCore.sys

00:06:08.0071 5324        WmXlCore - ok

00:06:08.0103 5324        ws2ifsl         (6bcc1d7d2fd2453957c5479a32364e52) C:\Windows\system32\drivers\ws2ifsl.sys

00:06:08.0134 5324        ws2ifsl - ok

00:06:08.0149 5324        WudfPf          (d3381dc54c34d79b22cee0d65ba91b7c) C:\Windows\system32\drivers\WudfPf.sys

00:06:08.0181 5324        WudfPf - ok

00:06:08.0212 5324        WUDFRd          (cf8d590be3373029d57af80914190682) C:\Windows\system32\DRIVERS\WUDFRd.sys

00:06:08.0243 5324        WUDFRd - ok

00:06:08.0337 5324        X6va005 - ok

00:06:08.0415 5324        xusb21          (38f55d07b1d3391065c40ec065f984e2) C:\Windows\system32\DRIVERS\xusb21.sys

00:06:08.0430 5324        xusb21 - ok

00:06:08.0477 5324        MBR (0x1B8)     (a36c5e4f47e84449ff07ed3517b43a31) \Device\Harddisk0\DR0

00:06:08.0727 5324        \Device\Harddisk0\DR0 - ok

00:06:08.0742 5324        Boot (0x1200)   (07fa0f7b29dc2ac220428cd4ee4b1de7) \Device\Harddisk0\DR0\Partition0

00:06:08.0742 5324        \Device\Harddisk0\DR0\Partition0 - ok

00:06:08.0773 5324        Boot (0x1200)   (f60e8f2668641c4546f5695ea2fc72f5) \Device\Harddisk0\DR0\Partition1

00:06:08.0773 5324        \Device\Harddisk0\DR0\Partition1 - ok

00:06:08.0773 5324        ============================================================

00:06:08.0773 5324        Scan finished

00:06:08.0773 5324        ============================================================

00:06:08.0773 5260        Detected object count: 1

00:06:08.0773 5260        Actual detected object count: 1

00:06:50.0550 5260        acedrv07 ( UnsignedFile.Multi.Generic ) - skipped by user

00:06:50.0550 5260        acedrv07 ( UnsignedFile.Multi.Generic ) - User select action: Skip

Dann bitte jetzt CF ausführen:

ComboFix

Ein Leitfaden und Tutorium zur Nutzung von ComboFix

Lade dir ComboFix hier herunter auf deinen Desktop.

Schliesse alle Programme, vor allem dein Antivirenprogramm und andere Hintergrundwächter sowie deinen Internetbrowser.

Starte cofi.exe von deinem Desktop aus, bestätige die Warnmeldungen, führe die Updates durch (falls vorgeschlagen), installiere die Wiederherstellungskonsole (falls vorgeschlagen) und lass dein System durchsuchen.
Vermeide es auch während Combofix läuft die Maus und Tastatur zu benutzen.

Im Anschluss öffnet sich automatisch eine combofix.txt, diesen Inhalt bitte kopieren ([Strg]a, [Strg]c) und in deinen Beitrag einfügen ([Strg]v). Die Datei findest du außerdem unter: C:\ComboFix.txt.

Wichtiger Hinweis:

Combofix darf ausschließlich ausgeführt werden, wenn ein Kompetenzler dies ausdrücklich empfohlen hat!

Es sollte nie auf eigene Initiative hin ausgeführt werden! Eine falsche Benutzung kann ernsthafte Computerprobleme nach sich ziehen und eine Bereinigung der Infektion noch erschweren.

Solltest du nach der Ausführung von Combofix Probleme beim Starten von Anwendungen haben und Meldungen erhalten wie

Zitat:

Es wurde versucht, einen Registrierungsschlüssel einem ungültigen Vorgang zu unterziehen, der zum Löschen markiert wurde.

startest du Windows dann manuell neu und die Fehlermeldungen sollten nicht mehr auftauchen.

Hier ist es.

Dazu muss ich aber noch erwähnen, das combofix meinte das irgendetwas von avira noch laufen würde, obwohl ich den echtzeit Scanner geschlossen hatte.

Code:

ComboFix 11-12-28.03 - Kenan 29.12.2011   1:05.1.4 - x64

Microsoft Windows 7 Home Premium   6.1.7601.1.1252.49.1031.18.6055.4461 [GMT 1:00]

ausgeführt von:: c:\users\Kenan\Desktop\ComboFix.exe

AV: Avira Desktop *Enabled/Updated* {F67B4DE5-C0B4-6C3F-0EFF-6C83BD5D0C2C}

SP: Avira Desktop *Enabled/Updated* {4D1AAC01-E68E-63B1-344F-57F1C6DA4691}

SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}

.

.

((((((((((((((((((((((((((((((((((((   Weitere Löschungen   ))))))))))))))))))))))))))))))))))))))))))))))))

.

.

c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\vpngui.exe.lnk

c:\windows\assembly\tmp\U

c:\windows\system32\java.exe

.

.

(((((((((((((((((((((((   Dateien erstellt von 2011-11-28 bis 2011-12-29  ))))))))))))))))))))))))))))))

.

.

2011-12-29 00:08 . 2011-12-29 00:08        --------        d-----w-        c:\users\Default\AppData\Local\temp

2011-12-28 21:23 . 2011-12-28 21:23        --------        d-----w-        C:\_OTL

2011-12-27 23:28 . 2011-12-27 23:29        --------        d-----w-        c:\users\Kenan\AppData\Local\AA3DeployClient

2011-12-27 23:28 . 2011-12-27 23:28        --------        d-----w-        c:\programdata\AA3DeployClient

2011-12-27 23:26 . 2011-12-27 23:29        --------        d-----w-        c:\users\Kenan\AppData\Local\Deployment

2011-12-27 23:26 . 2011-12-27 23:26        --------        d-----w-        c:\users\Kenan\AppData\Local\Apps

2011-12-27 17:31 . 2011-12-27 17:31        --------        d-----w-        c:\program files (x86)\ESET

2011-12-27 17:11 . 2011-12-27 17:11        --------        d-----w-        c:\users\Kenan\AppData\Roaming\Malwarebytes

2011-12-27 17:11 . 2011-12-27 17:11        --------        d-----w-        c:\programdata\Malwarebytes

2011-12-27 17:11 . 2011-12-28 02:46        --------        d-----w-        c:\program files (x86)\Malwarebytes' Anti-Malware

2011-12-27 17:11 . 2011-12-10 14:24        23152        ----a-w-        c:\windows\system32\drivers\mbam.sys

2011-12-27 16:00 . 2011-12-27 16:00        --------        d-----w-        c:\program files (x86)\7-Zip

2011-12-26 00:05 . 2011-12-26 00:05        --------        d-----w-        c:\program files (x86)\Trend Micro

2011-12-23 11:03 . 2011-11-21 11:40        8822856        ----a-w-        c:\programdata\Microsoft\Windows Defender\Definition Updates\{871BF9DD-9CF3-4426-936A-795079160033}\mpengine.dll

2011-12-22 12:19 . 2009-03-18 16:35        33856        ---ha-w-        c:\windows\system32\hamachi.sys

2011-12-22 12:19 . 2011-12-22 12:19        --------        d-----w-        c:\program files (x86)\LogMeIn Hamachi

2011-12-15 19:00 . 2011-11-04 01:53        2309120        ----a-w-        c:\windows\system32\jscript9.dll

2011-12-15 19:00 . 2011-11-04 01:48        887296        ----a-w-        c:\program files\Internet Explorer\iedvtool.dll

2011-12-15 19:00 . 2011-11-04 01:44        1493504        ----a-w-        c:\windows\system32\inetcpl.cpl

2011-12-15 19:00 . 2011-11-03 22:47        1798144        ----a-w-        c:\windows\SysWow64\jscript9.dll

2011-12-15 19:00 . 2011-11-03 22:42        678912        ----a-w-        c:\program files (x86)\Internet Explorer\iedvtool.dll

2011-12-15 15:34 . 2011-12-22 14:33        --------        d-----w-        c:\users\Kenan\AppData\Roaming\Canon

2011-12-15 14:47 . 2006-09-12 20:00        80896        ----a-w-        c:\windows\system32\Spool\prtprocs\x64\CNMPP7Q.DLL

2011-12-15 14:47 . 2006-09-12 20:00        27136        ----a-w-        c:\windows\system32\Spool\prtprocs\x64\CNMPD7Q.DLL

2011-12-15 13:43 . 2011-11-24 04:52        3145216        ----a-w-        c:\windows\system32\win32k.sys

2011-12-15 13:43 . 2011-10-26 05:21        43520        ----a-w-        c:\windows\system32\csrsrv.dll

2011-12-15 13:43 . 2011-10-15 06:31        723456        ----a-w-        c:\windows\system32\EncDec.dll

2011-12-15 13:43 . 2011-10-15 05:38        534528        ----a-w-        c:\windows\SysWow64\EncDec.dll

2011-12-15 13:43 . 2011-11-05 05:32        2048        ----a-w-        c:\windows\system32\tzres.dll

2011-12-15 13:43 . 2011-11-05 04:26        2048        ----a-w-        c:\windows\SysWow64\tzres.dll

2011-12-12 14:31 . 2011-12-12 14:31        --------        d-----w-        c:\users\Kenan\AppData\Local\Logitech

2011-12-12 14:30 . 2011-12-12 14:30        --------        d-----w-        c:\program files\Common Files\Logitech

2011-12-12 14:30 . 2011-12-12 14:30        --------        d-----w-        c:\program files\Logitech

2011-12-03 13:35 . 2009-09-04 16:29        453456        ----a-w-        c:\windows\SysWow64\d3dx10_42.dll

2011-12-03 13:35 . 2009-09-04 16:29        235344        ----a-w-        c:\windows\SysWow64\d3dx11_42.dll

2011-12-03 13:35 . 2009-09-04 16:29        1974616        ----a-w-        c:\windows\SysWow64\D3DCompiler_42.dll

2011-12-03 13:35 . 2011-12-03 13:35        --------        d-----w-        c:\programdata\DDD

2011-12-03 13:35 . 2011-12-03 13:35        --------        d-----w-        c:\program files (x86)\TriDef 3D

.

.

.

((((((((((((((((((((((((((((((((((((   Find3M Bericht   ))))))))))))))))))))))))))))))))))))))))))))))))))))))

.

2011-12-25 22:41 . 2011-08-04 22:35        414368        ----a-w-        c:\windows\SysWow64\FlashPlayerCPLApp.cpl

2011-12-08 19:42 . 2011-10-14 18:26        130760        ----a-w-        c:\windows\system32\drivers\avipbb.sys

2011-10-18 21:21 . 2011-06-29 13:39        505128        ----a-w-        c:\windows\SysWow64\msvcp71.dll

2011-10-18 21:21 . 2011-06-29 13:39        29480        ----a-w-        c:\windows\SysWow64\msxml3a.dll

2011-10-11 13:00 . 2011-10-14 18:26        97312        ----a-w-        c:\windows\system32\drivers\avgntflt.sys

2011-10-11 13:00 . 2011-10-14 18:26        27760        ----a-w-        c:\windows\system32\drivers\avkmgr.sys

.

.

((((((((((((((((((((((((((((   Autostartpunkte der Registrierung   ))))))))))))))))))))))))))))))))))))))))

.

.

*Hinweis* leere Einträge & legitime Standardeinträge werden nicht angezeigt. 

REGEDIT4

.

[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt1]

@="{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}"

[HKEY_CLASSES_ROOT\CLSID\{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}]

2011-10-31 21:02        94208        ----a-w-        c:\users\Kenan\AppData\Roaming\Dropbox\bin\DropboxExt.14.dll

.

[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt2]

@="{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}"

[HKEY_CLASSES_ROOT\CLSID\{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}]

2011-10-31 21:02        94208        ----a-w-        c:\users\Kenan\AppData\Roaming\Dropbox\bin\DropboxExt.14.dll

.

[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt3]

@="{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}"

[HKEY_CLASSES_ROOT\CLSID\{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}]

2011-10-31 21:02        94208        ----a-w-        c:\users\Kenan\AppData\Roaming\Dropbox\bin\DropboxExt.14.dll

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]

"IAStorIcon"="c:\program files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe" [2011-01-12 283160]

"ISBMgr.exe"="c:\program files (x86)\Sony\ISB Utility\ISBMgr.exe" [2011-02-15 2757312]

"BDRegion"="c:\program files (x86)\Cyberlink\Shared files\brs.exe" [2011-06-24 75048]

"avgnt"="c:\program files (x86)\Avira\AntiVir Desktop\avgnt.exe" [2011-10-11 258512]

"StartCCC"="c:\program files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" [2011-06-30 336384]

"Malwarebytes' Anti-Malware"="c:\program files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe" [2011-12-24 460872]

.

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]

"ConsentPromptBehaviorAdmin"= 5 (0x5)

"ConsentPromptBehaviorUser"= 3 (0x3)

"EnableUIADesktopToggle"= 0 (0x0)

.

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]

Security Packages        REG_MULTI_SZ           kerberos msv1_0 schannel wdigest tspkg pku2u livessp

.

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MCODS]

@=""

.

R2 CLKMSVC10_9EC60124;CyberLink Product - 2011/10/18 23:22;c:\program files (x86)\CyberLink\PowerDVD9\NavFilter\kmsvc.exe [2011-06-24 248304]

R2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-03-18 130384]

R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-03-18 138576]

R3 DCDhcpService;DCDhcpService;c:\program files\Sony\VAIO Smart Network\WFDA\DCDhcpService.exe [2011-07-19 104096]

R3 e1yexpress;Intel(R) Gigabit Network Connections Driver;c:\windows\system32\DRIVERS\e1y60x64.sys [x]

R3 FirebirdServerMAGIXInstance;Firebird Server - MAGIX Instance;c:\program files (x86)\Common Files\MAGIX Services\Database\bin\fbserver.exe [2008-08-07 3276800]

R3 SOHCImp;VAIO Content Importer;c:\program files (x86)\Common Files\Sony Shared\SOHLib\SOHCImp.exe [2011-02-21 113824]

R3 SOHDs;VAIO Device Searcher;c:\program files (x86)\Common Files\Sony Shared\SOHLib\SOHDs.exe [2011-02-21 67232]

R3 SpfService;VAIO Entertainment Common Service;c:\program files\Common Files\Sony Shared\VAIO Entertainment Platform\SPF\SpfService64.exe [2011-01-20 286936]

R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys [x]

R3 TsUsbGD;Remote Desktop Generic USB Device;c:\windows\system32\drivers\TsUsbGD.sys [x]

R3 VCFw;VAIO Content Folder Watcher;c:\program files (x86)\Common Files\Sony Shared\VAIO Content Folder Watcher\VCFw.exe [2011-01-20 887000]

R3 VcmIAlzMgr;VAIO Content Metadata Intelligent Analyzing Manager;c:\program files\Sony\VCM Intelligent Analyzing Manager\VcmIAlzMgr.exe [2011-02-18 546608]

R3 VcmINSMgr;VAIO Content Metadata Intelligent Network Service Manager;c:\program files\Sony\VCM Intelligent Network Service Manager\VcmINSMgr.exe [2011-02-18 385336]

R3 VcmXmlIfHelper;VAIO Content Metadata XML Interface;c:\program files\Common Files\Sony Shared\VcmXml\VcmXmlIfHelper64.exe [2011-02-18 99104]

R3 WatAdminSvc;Windows-Aktivierungstechnologieservice;c:\windows\system32\Wat\WatAdminSvc.exe [x]

R3 X6va005;X6va005;c:\users\Kenan\AppData\Local\Temp\0059961.tmp [x]

R4 wlcrasvc;Windows Live Mesh remote connections service;c:\program files\Windows Live\Mesh\wlcrasvc.exe [2010-09-22 57184]

S1 avkmgr;avkmgr;c:\windows\system32\DRIVERS\avkmgr.sys [x]

S1 VBoxDrv;VirtualBox Service;c:\windows\system32\DRIVERS\VBoxDrv.sys [x]

S1 VBoxUSBMon;VirtualBox USB Monitor Driver;c:\windows\system32\DRIVERS\VBoxUSBMon.sys [x]

S1 vwififlt;Virtual WiFi Filter Driver;c:\windows\system32\DRIVERS\vwififlt.sys [x]

S2 AdobeARMservice;Adobe Acrobat Update Service;c:\program files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe [2011-06-06 64952]

S2 AMD External Events Utility;AMD External Events Utility;c:\windows\system32\atiesrxx.exe [x]

S2 AntiVirSchedulerService;Avira Planer;c:\program files (x86)\Avira\AntiVir Desktop\sched.exe [2011-10-11 86224]

S2 Atheros Bt&Wlan Coex Agent;Atheros Bt&Wlan Coex Agent;c:\program files (x86)\Bluetooth Suite\Ath_CoexAgent.exe [2011-04-29 146592]

S2 AtherosSvc;AtherosSvc;c:\program files (x86)\Bluetooth Suite\adminservice.exe [2011-04-29 91296]

S2 Fabs;FABS - Helping agent for MAGIX media database;c:\program files (x86)\Common Files\MAGIX Services\Database\bin\FABS.exe [2009-08-27 1253376]

S2 Hamachi2Svc;LogMeIn Hamachi Tunneling Engine;c:\program files (x86)\LogMeIn Hamachi\hamachi-2.exe [2011-08-15 2329480]

S2 IAStorDataMgrSvc;Intel(R) Rapid Storage Technology;c:\program files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe [2011-01-12 13336]

S2 MBAMService;MBAMService;c:\program files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe [2011-12-24 652872]

S2 rimspci;rimspci;c:\windows\system32\DRIVERS\rimssne64.sys [x]

S2 risdsnpe;risdsnpe;c:\windows\system32\DRIVERS\risdsnxc64.sys [x]

S2 SampleCollector;VAIO Care Performance Service;c:\program files\Sony\VAIO Care\VCPerfService.exe [2011-01-29 259192]

S2 uCamMonitor;CamMonitor;c:\program files (x86)\ArcSoft\Magic-i Visual Effects 2\uCamMonitor.exe [2011-02-23 105024]

S2 UNS;Intel(R) Management and Security Application User Notification Service;c:\program files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe [2011-02-24 2656280]

S2 VAIO Power Management;VAIO Power Management;c:\program files\Sony\VAIO Power Management\SPMService.exe [2011-02-14 550080]

S2 VSNService;VSNService;c:\program files\Sony\VAIO Smart Network\VSNService.exe [2011-08-12 971704]

S3 amdkmdag;amdkmdag;c:\windows\system32\DRIVERS\atikmdag.sys [x]

S3 amdkmdap;amdkmdap;c:\windows\system32\DRIVERS\atikmpag.sys [x]

S3 ArcSoftKsUFilter;ArcSoft Magic-I Visual Effect;c:\windows\system32\DRIVERS\ArcSoftKsUFilter.sys [x]

S3 AthBTPort;Atheros Virtual Bluetooth Class;c:\windows\system32\DRIVERS\btath_flt.sys [x]

S3 BTATH_A2DP;Bluetooth A2DP Audio Driver;c:\windows\system32\drivers\btath_a2dp.sys [x]

S3 btath_avdt;Atheros Bluetooth AVDT Service;c:\windows\system32\drivers\btath_avdt.sys [x]

S3 BTATH_BUS;Atheros Bluetooth Bus;c:\windows\system32\DRIVERS\btath_bus.sys [x]

S3 BTATH_HCRP;Bluetooth HCRP Server driver;c:\windows\system32\DRIVERS\btath_hcrp.sys [x]

S3 BTATH_LWFLT;Bluetooth LWFLT Device;c:\windows\system32\DRIVERS\btath_lwflt.sys [x]

S3 BTATH_RCP;Bluetooth AVRCP Device;c:\windows\system32\DRIVERS\btath_rcp.sys [x]

S3 BtFilter;BtFilter;c:\windows\system32\DRIVERS\btfilter.sys [x]

S3 IntcDAud;Intel(R) Display-Audio;c:\windows\system32\DRIVERS\IntcDAud.sys [x]

S3 intelkmd;intelkmd;c:\windows\system32\DRIVERS\igdpmd64.sys [x]

S3 L1C;NDIS Miniport Driver for Atheros AR813x/AR815x PCI-E Ethernet Controller;c:\windows\system32\DRIVERS\L1C62x64.sys [x]

S3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [x]

S3 MEIx64;Intel(R) Management Engine Interface;c:\windows\system32\DRIVERS\HECIx64.sys [x]

S3 nusb3hub;Renesas Electronics USB 3.0 Hub Driver;c:\windows\system32\DRIVERS\nusb3hub.sys [x]

S3 nusb3xhc;Renesas Electronics USB 3.0 Host Controller Driver;c:\windows\system32\DRIVERS\nusb3xhc.sys [x]

S3 SFEP;Sony Firmware Extension Parser;c:\windows\system32\DRIVERS\SFEP.sys [x]

S3 VBoxNetAdp;VirtualBox Host-Only Ethernet Adapter;c:\windows\system32\DRIVERS\VBoxNetAdp.sys [x]

S3 VBoxNetFlt;VirtualBox Bridged Networking Service;c:\windows\system32\DRIVERS\VBoxNetFlt.sys [x]

S3 VCService;VCService;c:\program files\Sony\VAIO Care\VCService.exe [2011-02-14 44736]

S3 VUAgent;VUAgent;c:\program files\Sony\VAIO Update Common\VUAgent.exe [2011-09-23 1429608]

S3 vwifimp;Microsoft Virtual WiFi Miniport Service;c:\windows\system32\DRIVERS\vwifimp.sys [x]

.

.

--- Andere Dienste/Treiber im Speicher ---

.

*NewlyCreated* - 98389337

*Deregistered* - 98389337

*Deregistered* - CLKMDRV10_9EC60124

.

.

--------- x86-64 -----------

.

.

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt1]

@="{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}"

[HKEY_CLASSES_ROOT\CLSID\{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}]

2011-10-31 21:02        97792        ----a-w-        c:\users\Kenan\AppData\Roaming\Dropbox\bin\DropboxExt64.14.dll

.

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt2]

@="{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}"

[HKEY_CLASSES_ROOT\CLSID\{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}]

2011-10-31 21:02        97792        ----a-w-        c:\users\Kenan\AppData\Roaming\Dropbox\bin\DropboxExt64.14.dll

.

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt3]

@="{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}"

[HKEY_CLASSES_ROOT\CLSID\{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}]

2011-10-31 21:02        97792        ----a-w-        c:\users\Kenan\AppData\Roaming\Dropbox\bin\DropboxExt64.14.dll

.

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt4]

@="{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}"

[HKEY_CLASSES_ROOT\CLSID\{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}]

2011-10-31 21:02        97792        ----a-w-        c:\users\Kenan\AppData\Roaming\Dropbox\bin\DropboxExt64.14.dll

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"RtHDVCpl"="c:\program files\Realtek\Audio\HDA\RAVCpl64.exe" [2011-03-04 11775592]

"RtHDVBg"="c:\program files\Realtek\Audio\HDA\RAVBg64.exe" [2011-03-04 2188904]

"AtherosBtStack"="c:\program files (x86)\Bluetooth Suite\BtvStack.exe" [2011-04-29 790688]

"AthBtTray"="c:\program files (x86)\Bluetooth Suite\AthBtTray.exe" [2011-04-29 657568]

"IgfxTray"="c:\windows\system32\igfxtray.exe" [2011-08-09 167704]

"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2011-08-09 392472]

"Persistence"="c:\windows\system32\igfxpers.exe" [2011-08-09 416024]

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows]

"LoadAppInit_DLLs"=0x0

.

------- Zusätzlicher Suchlauf -------

.

uLocal Page = c:\windows\system32\blank.htm

uStart Page = hxxp://www.google.de/

mLocal Page = 

uInternet Settings,ProxyOverride = <local>

IE: Nach Microsoft E&xel exportieren - c:\progra~2\MICROS~4\Office12\EXCEL.EXE/3000

FF - ProfilePath - c:\users\Kenan\AppData\Roaming\Mozilla\Firefox\Profiles\s97wfbcw.default\

FF - prefs.js: browser.startup.homepage - google.de

.

- - - - Entfernte verwaiste Registrierungseinträge - - - -

.

Wow6432Node-HKCU-Run-EA Core - c:\program files (x86)\Electronic Arts\EADM\Core.exe

HKLM-Run-SynTPEnh - c:\program files (x86)\Synaptics\SynTP\SynTPEnh.exe

.

.

.

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\SampleCollector]

"ImagePath"="\"c:\program files\Sony\VAIO Care\VCPerfService.exe\" \"/service\" \"/sstates\" \"/sampleinterval=5000\" \"/procinterval=5\" \"/dllinterval=120\" \"/counter=\Processor(_Total)\% Processor Time:1/counter=\PhysicalDisk(_Total)\Disk Bytes/sec:1\" \"/counter=\Network Interface(*)\Bytes Total/sec:1\" \"/expandcounter=\Processor Information(*)\Processor Frequency:1\" \"/expandcounter=\Processor(*)\% Idle Time:1\" \"/expandcounter=\Processor(*)\% C1 Time:1\" \"/expandcounter=\Processor(*)\% C2 Time:1\" \"/expandcounter=\Processor(*)\% C3 Time:1\" \"/expandcounter=\Processor(*)\% Processor Time:1\" \"/directory=c:\programdata\Sony Corporation\VAIO Care\inteldata\""

.

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\X6va005]

"ImagePath"="\??\c:\users\Kenan\AppData\Local\Temp\0059961.tmp"

.

--------------------- Gesperrte Registrierungsschluessel ---------------------

.

[HKEY_USERS\S-1-5-21-2480412338-4109954872-1758289751-1001\System\CurrentControlSet\Control\MediaProperties\PrivateProperties\DirectInput\VID_0079&PID_0006\Calibration\0\Type\Axes]

@DACL=(02 0000)

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}]

@Denied: (A 2) (Everyone)

@="FlashBroker"

"LocalizedString"="@c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil11e_ActiveX.exe,-101"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\Elevation]

"Enabled"=dword:00000001

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\LocalServer32]

@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil11e_ActiveX.exe"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\TypeLib]

@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]

@Denied: (A 2) (Everyone)

@="Shockwave Flash Object"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]

@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash11e.ocx"

"ThreadingModel"="Apartment"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]

@="0"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]

@="ShockwaveFlash.ShockwaveFlash.10"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]

@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash11e.ocx, 1"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]

@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]

@="1.0"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]

@="ShockwaveFlash.ShockwaveFlash"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]

@Denied: (A 2) (Everyone)

@="Macromedia Flash Factory Object"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]

@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash11e.ocx"

"ThreadingModel"="Apartment"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]

@="FlashFactory.FlashFactory.1"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]

@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash11e.ocx, 1"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]

@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]

@="1.0"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]

@="FlashFactory.FlashFactory"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}]

@Denied: (A 2) (Everyone)

@="IFlashBroker4"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\ProxyStubClsid32]

@="{00020424-0000-0000-C000-000000000046}"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\TypeLib]

@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"

"Version"="1.0"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\McAfee]

"SymbolicLinkValue"=hex(6):5c,00,72,00,65,00,67,00,69,00,73,00,74,00,72,00,79,

   00,5c,00,6d,00,61,00,63,00,68,00,69,00,6e,00,65,00,5c,00,53,00,6f,00,66,00,\

.

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]

@Denied: (Full) (Everyone)

.

Zeit der Fertigstellung: 2011-12-29  01:10:21

ComboFix-quarantined-files.txt  2011-12-29 00:10

.

Vor Suchlauf: 15 Verzeichnis(se), 353.961.250.816 Bytes frei

Nach Suchlauf: 20 Verzeichnis(se), 355.661.479.936 Bytes frei

.

- - End Of File - - 56D50A04EFCE8287C4DE344B631C5826

Downloade dir bitte aswMBR.exe und speichere die Datei auf deinem Desktop.

Starte die aswMBR.exe Vista und Win7 User aswMBR per Rechtsklick "als Administrator ausführen"
Das Tool wird dich fragen, ob Du mit der aktuellen Virendefinition von AVAST! dein System scannen willst. Beantworte diese Frage bitte mit Ja. (Sollte deine Firewall fragen, bitte den Zugriff auf das Internet zulassen) Der Download der Definitionen kann je nach Verbindung eine Weile dauern.
Klicke auf Scan.
Warte bitte bis Scan finished successfully im DOS Fenster steht.
Drücke auf Save Log und speichere diese auf dem Desktop.

Poste mir die aswMBR.txt in deiner nächsten Antwort. Wichtig: Drücke keinesfalls einen der Fix Buttons ohne Anweisung Hinweis: Sollte der Scan Button ausgeblendet sein, schließe das Tool und starte es erneut. Sollte es erneut nicht klappen teile mir das bitte mit.